From 65f305d107f8e0a8d6e288b251268ea0eec3c7e7 Mon Sep 17 00:00:00 2001 From: ByeonJungHun Date: Thu, 19 Oct 2023 16:35:47 +0900 Subject: [PATCH] terraform script add --- .DS_Store | Bin 0 -> 6148 bytes packer/ansible/ansible.cfg | 2 + packer/ansible/bastion_roles.yaml | 6 + packer/ansible/docker_roles.yaml | 8 + packer/ansible/node_roles.yaml | 9 + packer/ansible/roles.yaml | 7 + packer/ansible/roles/bastion/tasks/main.yml | 3 + packer/ansible/roles/docker/handlers/main.yml | 10 + .../roles/docker/tasks/00-amazon-os-main.yml | 86 + .../roles/docker/tasks/00-ubuntu-os-main.yml | 66 + .../docker/tasks/01-amazon-os-docker.yml | 53 + .../docker/tasks/01-ubuntu-os-docker.yml | 19 + packer/ansible/roles/docker/tasks/main.yml | 19 + packer/ansible/roles/docker/tasks/sysctl.yml | 8 + .../roles/docker/templates/common-auth.j2 | 27 + .../roles/docker/templates/daemon.json.j2 | 9 + .../roles/docker/templates/pwquality.conf.j2 | 50 + .../ansible/roles/docker/templates/sysctl.j2 | 82 + .../roles/helm_install/defaults/main.yml | 5 + .../roles/helm_install/files/druid/Chart.lock | 12 + .../roles/helm_install/files/druid/Chart.yaml | 41 + .../roles/helm_install/files/druid/README.md | 212 +++ .../druid/charts-archive/mysql-1.6.4.tgz | Bin 0 -> 11121 bytes .../druid/charts-archive/postgresql-8.6.4.tgz | Bin 0 -> 32017 bytes .../druid/charts-archive/zookeeper-2.1.4.tgz | Bin 0 -> 10795 bytes .../files/druid/charts/mysql/.helmignore | 2 + .../files/druid/charts/mysql/Chart.yaml | 21 + .../files/druid/charts/mysql/README.md | 242 +++ .../druid/charts/mysql/templates/NOTES.txt | 43 + .../druid/charts/mysql/templates/_helpers.tpl | 43 + .../configurationFiles-configmap.yaml | 12 + .../charts/mysql/templates/deployment.yaml | 252 +++ .../initializationFiles-configmap.yaml | 12 + .../druid/charts/mysql/templates/pvc.yaml | 29 + .../druid/charts/mysql/templates/secrets.yaml | 51 + .../mysql/templates/serviceaccount.yaml | 11 + .../mysql/templates/servicemonitor.yaml | 26 + .../druid/charts/mysql/templates/svc.yaml | 36 + .../mysql/templates/tests/test-configmap.yaml | 23 + .../charts/mysql/templates/tests/test.yaml | 54 + .../files/druid/charts/mysql/values.yaml | 231 +++ .../files/druid/charts/postgresql/.helmignore | 2 + .../files/druid/charts/postgresql/Chart.yaml | 19 + .../files/druid/charts/postgresql/README.md | 587 +++++++ .../charts/postgresql/ci/default-values.yaml | 1 + .../ci/shmvolume-disabled-values.yaml | 2 + .../druid/charts/postgresql/files/README.md | 1 + .../charts/postgresql/files/conf.d/README.md | 4 + .../docker-entrypoint-initdb.d/README.md | 3 + .../charts/postgresql/templates/NOTES.txt | 81 + .../charts/postgresql/templates/_helpers.tpl | 420 +++++ .../postgresql/templates/configmap.yaml | 26 + .../templates/extended-config-configmap.yaml | 21 + .../templates/initialization-configmap.yaml | 24 + .../templates/metrics-configmap.yaml | 13 + .../postgresql/templates/metrics-svc.yaml | 26 + .../postgresql/templates/networkpolicy.yaml | 38 + .../postgresql/templates/prometheusrule.yaml | 23 + .../charts/postgresql/templates/secrets.yaml | 23 + .../postgresql/templates/serviceaccount.yaml | 11 + .../postgresql/templates/servicemonitor.yaml | 33 + .../templates/statefulset-slaves.yaml | 299 ++++ .../postgresql/templates/statefulset.yaml | 458 +++++ .../postgresql/templates/svc-headless.yaml | 19 + .../charts/postgresql/templates/svc-read.yaml | 31 + .../charts/postgresql/templates/svc.yaml | 38 + .../charts/postgresql/values-production.yaml | 520 ++++++ .../charts/postgresql/values.schema.json | 103 ++ .../files/druid/charts/postgresql/values.yaml | 526 ++++++ .../files/druid/charts/zookeeper/.helmignore | 21 + .../files/druid/charts/zookeeper/Chart.yaml | 17 + .../files/druid/charts/zookeeper/OWNERS | 6 + .../files/druid/charts/zookeeper/README.md | 145 ++ .../charts/zookeeper/templates/NOTES.txt | 7 + .../charts/zookeeper/templates/_helpers.tpl | 46 + .../templates/config-jmx-exporter.yaml | 19 + .../zookeeper/templates/config-script.yaml | 110 ++ .../zookeeper/templates/job-chroots.yaml | 65 + .../templates/poddisruptionbudget.yaml | 17 + .../zookeeper/templates/service-headless.yaml | 28 + .../charts/zookeeper/templates/service.yaml | 41 + .../zookeeper/templates/servicemonitors.yaml | 56 + .../zookeeper/templates/statefulset.yaml | 226 +++ .../files/druid/charts/zookeeper/values.yaml | 300 ++++ .../helm_install/files/druid/install.txt | 3 + .../files/druid/override-values.yaml | 225 +++ .../files/druid/override-values.yaml_221206 | 175 ++ .../files/druid/override-values.yaml_221207 | 194 +++ .../files/druid/override-values.yaml_old | 171 ++ .../files/druid/templates/NOTES.txt | 38 + .../files/druid/templates/_helpers.tpl | 100 ++ .../druid/templates/broker/deployment.yaml | 99 ++ .../files/druid/templates/broker/ingress.yaml | 58 + .../files/druid/templates/broker/service.yaml | 48 + .../files/druid/templates/configmap.yaml | 52 + .../templates/coordinator/deployment.yaml | 110 ++ .../druid/templates/coordinator/ingress.yaml | 58 + .../druid/templates/coordinator/service.yaml | 48 + .../druid/templates/historical/ingress.yaml | 58 + .../files/druid/templates/historical/pdb.yaml | 43 + .../druid/templates/historical/service.yaml | 48 + .../templates/historical/statefulset.yaml | 164 ++ .../druid/templates/middleManager/hpa.yaml | 40 + .../templates/middleManager/ingress.yaml | 58 + .../druid/templates/middleManager/pdb.yaml | 43 + .../templates/middleManager/service.yaml | 48 + .../templates/middleManager/statefulset.yaml | 164 ++ .../druid/templates/overlord/deployment.yaml | 105 ++ .../druid/templates/overlord/ingress.yaml | 58 + .../druid/templates/overlord/service.yaml | 42 + .../druid/templates/router/deployment.yaml | 99 ++ .../files/druid/templates/router/ingress.yaml | 58 + .../files/druid/templates/router/service.yaml | 49 + .../files/druid/templates/secrets.yaml | 28 + .../helm_install/files/druid/values.yaml | 419 +++++ .../files/elasticsearch/.helmignore | 2 + .../files/elasticsearch/Chart.yaml | 12 + .../helm_install/files/elasticsearch/Makefile | 1 + .../files/elasticsearch/README.md | 465 +++++ .../elasticsearch/examples/config/Makefile | 21 + .../elasticsearch/examples/config/README.md | 27 + .../examples/config/test/goss.yaml | 31 + .../elasticsearch/examples/config/values.yaml | 29 + .../examples/config/watcher_encryption_key | 1 + .../elasticsearch/examples/default/Makefile | 14 + .../elasticsearch/examples/default/README.md | 25 + .../examples/default/rolling_upgrade.sh | 19 + .../examples/default/test/goss.yaml | 44 + .../examples/docker-for-mac/Makefile | 13 + .../examples/docker-for-mac/README.md | 23 + .../examples/docker-for-mac/values.yaml | 23 + .../examples/kubernetes-kind/Makefile | 17 + .../examples/kubernetes-kind/README.md | 36 + .../kubernetes-kind/values-local-path.yaml | 23 + .../examples/kubernetes-kind/values.yaml | 23 + .../elasticsearch/examples/microk8s/Makefile | 13 + .../elasticsearch/examples/microk8s/README.md | 32 + .../examples/microk8s/values.yaml | 32 + .../elasticsearch/examples/migration/Makefile | 10 + .../examples/migration/README.md | 167 ++ .../examples/migration/client.yaml | 19 + .../examples/migration/data.yaml | 14 + .../examples/migration/master.yaml | 23 + .../elasticsearch/examples/minikube/Makefile | 13 + .../elasticsearch/examples/minikube/README.md | 38 + .../examples/minikube/values.yaml | 23 + .../elasticsearch/examples/multi/Makefile | 19 + .../elasticsearch/examples/multi/README.md | 29 + .../elasticsearch/examples/multi/client.yaml | 50 + .../elasticsearch/examples/multi/data.yaml | 48 + .../elasticsearch/examples/multi/master.yaml | 6 + .../examples/multi/test/goss.yaml | 12 + .../examples/networkpolicy/Makefile | 14 + .../examples/networkpolicy/values.yaml | 37 + .../elasticsearch/examples/openshift/Makefile | 13 + .../examples/openshift/README.md | 24 + .../examples/openshift/test/goss.yaml | 20 + .../examples/openshift/values.yaml | 11 + .../elasticsearch/examples/security/Makefile | 36 + .../elasticsearch/examples/security/README.md | 29 + .../examples/security/test/goss.yaml | 44 + .../examples/security/values.yaml | 28 + .../elasticsearch/examples/upgrade/Makefile | 19 + .../elasticsearch/examples/upgrade/README.md | 17 + .../examples/upgrade/test/goss.yaml | 22 + .../examples/upgrade/values.yaml | 6 + .../files/elasticsearch/override-values.yaml | 26 + .../files/elasticsearch/schema/es-ddl.sh | 310 ++++ .../files/elasticsearch/templates/NOTES.txt | 8 + .../elasticsearch/templates/_helpers.tpl | 97 ++ .../elasticsearch/templates/configmap.yaml | 34 + .../elasticsearch/templates/ingress.yaml | 64 + .../templates/networkpolicy.yaml | 61 + .../templates/poddisruptionbudget.yaml | 15 + .../templates/podsecuritypolicy.yaml | 18 + .../files/elasticsearch/templates/role.yaml | 25 + .../elasticsearch/templates/rolebinding.yaml | 20 + .../elasticsearch/templates/secret-cert.yaml | 14 + .../files/elasticsearch/templates/secret.yaml | 23 + .../elasticsearch/templates/service.yaml | 78 + .../templates/serviceaccount.yaml | 16 + .../elasticsearch/templates/statefulset.yaml | 427 +++++ .../test/test-elasticsearch-health.yaml | 50 + .../elasticsearch/tests/elasticsearch_test.py | 1504 ++++++++++++++++ .../files/elasticsearch/values.yaml | 356 ++++ .../files/ingress-nginx/.helmignore | 22 + .../files/ingress-nginx/CHANGELOG.md | 445 +++++ .../files/ingress-nginx/Chart.yaml | 23 + .../helm_install/files/ingress-nginx/OWNERS | 10 + .../files/ingress-nginx/README.md | 494 ++++++ .../files/ingress-nginx/README.md.gotmpl | 235 +++ .../controller-custom-ingressclass-flags.yaml | 7 + .../ci/daemonset-customconfig-values.yaml | 14 + .../ci/daemonset-customnodeport-values.yaml | 22 + .../ci/daemonset-extra-modules.yaml | 10 + .../ci/daemonset-headers-values.yaml | 14 + .../ci/daemonset-internal-lb-values.yaml | 14 + .../ci/daemonset-nodeport-values.yaml | 10 + .../ci/daemonset-podannotations-values.yaml | 17 + ...set-tcp-udp-configMapNamespace-values.yaml | 20 + ...emonset-tcp-udp-portNamePrefix-values.yaml | 18 + .../ci/daemonset-tcp-udp-values.yaml | 16 + .../ci/daemonset-tcp-values.yaml | 14 + .../ci/deamonset-default-values.yaml | 10 + .../ci/deamonset-metrics-values.yaml | 12 + .../ci/deamonset-psp-values.yaml | 13 + .../ci/deamonset-webhook-and-psp-values.yaml | 13 + .../ci/deamonset-webhook-values.yaml | 10 + ...eployment-autoscaling-behavior-values.yaml | 14 + .../ci/deployment-autoscaling-values.yaml | 11 + .../ci/deployment-customconfig-values.yaml | 12 + .../ci/deployment-customnodeport-values.yaml | 20 + .../ci/deployment-default-values.yaml | 8 + .../ci/deployment-extra-modules.yaml | 10 + .../ci/deployment-headers-values.yaml | 13 + .../ci/deployment-internal-lb-values.yaml | 13 + .../ci/deployment-metrics-values.yaml | 11 + .../ci/deployment-nodeport-values.yaml | 9 + .../ci/deployment-podannotations-values.yaml | 16 + .../ci/deployment-psp-values.yaml | 10 + ...ent-tcp-udp-configMapNamespace-values.yaml | 19 + ...loyment-tcp-udp-portNamePrefix-values.yaml | 17 + .../ci/deployment-tcp-udp-values.yaml | 15 + .../ci/deployment-tcp-values.yaml | 11 + .../ci/deployment-webhook-and-psp-values.yaml | 12 + .../deployment-webhook-extraEnvs-values.yaml | 12 + .../deployment-webhook-resources-values.yaml | 23 + .../ci/deployment-webhook-values.yaml | 9 + .../files/ingress-nginx/override-values.yaml | 10 + .../files/ingress-nginx/temp.yaml | 724 ++++++++ .../files/ingress-nginx/temp2.yaml | 725 ++++++++ .../files/ingress-nginx/templates/NOTES.txt | 80 + .../ingress-nginx/templates/_helpers.tpl | 185 ++ .../files/ingress-nginx/templates/_params.tpl | 62 + .../job-patch/clusterrole.yaml | 34 + .../job-patch/clusterrolebinding.yaml | 23 + .../job-patch/job-createSecret.yaml | 79 + .../job-patch/job-patchWebhook.yaml | 81 + .../admission-webhooks/job-patch/psp.yaml | 39 + .../admission-webhooks/job-patch/role.yaml | 24 + .../job-patch/rolebinding.yaml | 24 + .../job-patch/serviceaccount.yaml | 16 + .../validating-webhook.yaml | 48 + .../ingress-nginx/templates/clusterrole.yaml | 94 + .../templates/clusterrolebinding.yaml | 19 + .../controller-configmap-addheaders.yaml | 14 + .../controller-configmap-proxyheaders.yaml | 19 + .../templates/controller-configmap-tcp.yaml | 17 + .../templates/controller-configmap-udp.yaml | 17 + .../templates/controller-configmap.yaml | 29 + .../templates/controller-daemonset.yaml | 223 +++ .../templates/controller-deployment.yaml | 228 +++ .../templates/controller-hpa.yaml | 52 + .../templates/controller-ingressclass.yaml | 21 + .../templates/controller-keda.yaml | 42 + .../controller-poddisruptionbudget.yaml | 19 + .../templates/controller-prometheusrules.yaml | 21 + .../templates/controller-psp.yaml | 94 + .../templates/controller-role.yaml | 113 ++ .../templates/controller-rolebinding.yaml | 21 + .../controller-service-internal.yaml | 79 + .../templates/controller-service-metrics.yaml | 45 + .../templates/controller-service-webhook.yaml | 40 + .../templates/controller-service.yaml | 101 ++ .../templates/controller-serviceaccount.yaml | 18 + .../templates/controller-servicemonitor.yaml | 48 + .../controller-wehbooks-networkpolicy.yaml | 19 + .../templates/default-backend-deployment.yaml | 118 ++ .../templates/default-backend-hpa.yaml | 33 + .../default-backend-poddisruptionbudget.yaml | 21 + .../templates/default-backend-psp.yaml | 38 + .../templates/default-backend-role.yaml | 22 + .../default-backend-rolebinding.yaml | 21 + .../templates/default-backend-service.yaml | 41 + .../default-backend-serviceaccount.yaml | 14 + .../templates/dh-param-secret.yaml | 10 + .../files/ingress-nginx/values.yaml | 944 ++++++++++ .../helm_install/files/kafka/.helmignore | 22 + .../roles/helm_install/files/kafka/Chart.yaml | 5 + .../roles/helm_install/files/kafka/README.txt | 3 + .../files/kafka/charts/akhq/Chart.yaml | 19 + .../files/kafka/charts/akhq/LICENSE | 201 +++ .../files/kafka/charts/akhq/README.md | 124 ++ .../kafka/charts/akhq/templates/NOTES.txt | 21 + .../kafka/charts/akhq/templates/_helpers.tpl | 56 + .../charts/akhq/templates/configmap.yaml | 14 + .../charts/akhq/templates/deployment.yaml | 129 ++ .../kafka/charts/akhq/templates/ingress.yaml | 53 + .../kafka/charts/akhq/templates/secret.yaml | 19 + .../kafka/charts/akhq/templates/service.yaml | 31 + .../charts/akhq/templates/serviceaccount.yaml | 15 + .../files/kafka/charts/akhq/values.yaml | 145 ++ .../files/kafka/charts/kafka-ui/.helmignore | 25 + .../files/kafka/charts/kafka-ui/Chart.yaml | 7 + .../files/kafka/charts/kafka-ui/index.yaml | 3 + .../kafka/charts/kafka-ui/templates/NOTES.txt | 21 + .../charts/kafka-ui/templates/_helpers.tpl | 79 + .../charts/kafka-ui/templates/configmap.yaml | 10 + .../templates/configmap_fromValues.yaml | 11 + .../charts/kafka-ui/templates/deployment.yaml | 139 ++ .../kafka/charts/kafka-ui/templates/hpa.yaml | 28 + .../charts/kafka-ui/templates/ingress.yaml | 87 + .../templates/networkpolicy-egress.yaml | 18 + .../templates/networkpolicy-ingress.yaml | 18 + .../charts/kafka-ui/templates/secret.yaml | 9 + .../charts/kafka-ui/templates/service.yaml | 22 + .../kafka-ui/templates/serviceaccount.yaml | 12 + .../files/kafka/charts/kafka-ui/values.yaml | 151 ++ .../files/kafka/charts/kafka/.helmignore | 22 + .../kafka/charts/kafka/1.broker-config.yaml | 171 ++ .../files/kafka/charts/kafka/Chart.yaml | 5 + .../kafka/charts/kafka/templates/2.dns.yaml | 14 + .../kafka/templates/3.bootstrap-service.yaml | 11 + .../kafka/charts/kafka/templates/5.kafka.yaml | 124 ++ .../charts/kafka/templates/6.outside.yaml | 127 ++ .../files/kafka/charts/kafka/values.yaml | 73 + .../files/kafka/charts/zookeeper/.helmignore | 22 + .../files/kafka/charts/zookeeper/Chart.yaml | 5 + .../charts/zookeeper/templates/0.config.yaml | 35 + .../templates/1.service-leader-election.yaml | 16 + .../zookeeper/templates/2.service-client.yaml | 12 + .../zookeeper/templates/4.statefulset.yaml | 97 ++ .../files/kafka/charts/zookeeper/values.yaml | 68 + .../roles/helm_install/files/kafka/index.yaml | 3 + .../files/kafka/templates/role.yaml | 16 + .../roles/helm_install/files/kafka/test | 637 +++++++ .../helm_install/files/kafka/values.yaml | 199 +++ .../helm_install/files/keycloak/Chart.lock | 9 + .../helm_install/files/keycloak/Chart.yaml | 30 + .../helm_install/files/keycloak/README.md | 443 +++++ .../files/keycloak/charts/common/.helmignore | 22 + .../files/keycloak/charts/common/Chart.yaml | 23 + .../files/keycloak/charts/common/README.md | 347 ++++ .../charts/common/templates/_affinities.tpl | 102 ++ .../charts/common/templates/_capabilities.tpl | 139 ++ .../charts/common/templates/_errors.tpl | 23 + .../charts/common/templates/_images.tpl | 75 + .../charts/common/templates/_ingress.tpl | 68 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 63 + .../charts/common/templates/_secrets.tpl | 140 ++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 + .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 + .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 129 ++ .../common/templates/validations/_redis.tpl | 76 + .../templates/validations/_validations.tpl | 46 + .../files/keycloak/charts/common/values.yaml | 5 + .../keycloak/charts/postgresql/.helmignore | 21 + .../keycloak/charts/postgresql/Chart.lock | 6 + .../keycloak/charts/postgresql/Chart.yaml | 30 + .../keycloak/charts/postgresql/README.md | 662 +++++++ .../postgresql/charts/common/.helmignore | 22 + .../postgresql/charts/common/Chart.yaml | 23 + .../charts/postgresql/charts/common/README.md | 347 ++++ .../charts/common/templates/_affinities.tpl | 102 ++ .../charts/common/templates/_capabilities.tpl | 139 ++ .../charts/common/templates/_errors.tpl | 23 + .../charts/common/templates/_images.tpl | 75 + .../charts/common/templates/_ingress.tpl | 68 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 63 + .../charts/common/templates/_secrets.tpl | 140 ++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 + .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 + .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 129 ++ .../common/templates/validations/_redis.tpl | 76 + .../templates/validations/_validations.tpl | 46 + .../postgresql/charts/common/values.yaml | 5 + .../charts/postgresql/ci/extended-config.yaml | 4 + .../charts/postgresql/ci/init-scripts.yaml | 8 + .../charts/postgresql/ci/metrics.yaml | 24 + .../keycloak/charts/postgresql/ci/rbac.yaml | 16 + .../charts/postgresql/ci/replication.yaml | 5 + .../keycloak/charts/postgresql/ci/tls.yaml | 6 + .../charts/postgresql/templates/NOTES.txt | 89 + .../charts/postgresql/templates/_helpers.tpl | 320 ++++ .../postgresql/templates/extra-list.yaml | 4 + .../templates/networkpolicy-egress.yaml | 32 + .../templates/primary/configmap.yaml | 24 + .../templates/primary/extended-configmap.yaml | 18 + .../primary/initialization-configmap.yaml | 15 + .../templates/primary/metrics-configmap.yaml | 16 + .../templates/primary/metrics-svc.yaml | 31 + .../templates/primary/networkpolicy.yaml | 57 + .../templates/primary/prometheusrule.yaml | 22 + .../templates/primary/servicemonitor.yaml | 48 + .../templates/primary/statefulset.yaml | 639 +++++++ .../templates/primary/svc-headless.yaml | 31 + .../postgresql/templates/primary/svc.yaml | 43 + .../charts/postgresql/templates/psp.yaml | 41 + .../templates/read/networkpolicy.yaml | 36 + .../templates/read/statefulset.yaml | 433 +++++ .../templates/read/svc-headless.yaml | 33 + .../charts/postgresql/templates/read/svc.yaml | 45 + .../charts/postgresql/templates/role.yaml | 31 + .../postgresql/templates/rolebinding.yaml | 22 + .../charts/postgresql/templates/secrets.yaml | 29 + .../postgresql/templates/serviceaccount.yaml | 19 + .../postgresql/templates/tls-secrets.yaml | 27 + .../charts/postgresql/values.schema.json | 156 ++ .../keycloak/charts/postgresql/values.yaml | 1329 ++++++++++++++ .../files/keycloak/ci/ct-values.yaml | 2 + .../files/keycloak/ci/values-ha.yaml | 8 + .../files/keycloak/ci/values-hpa-pdb.yaml | 4 + .../keycloak/ci/values-init-scripts.yaml | 4 + .../ci/values-metrics-and-ingress.yaml | 9 + .../files/keycloak/override-values.yaml | 60 + .../files/keycloak/templates/NOTES.txt | 76 + .../files/keycloak/templates/_helpers.tpl | 273 +++ .../templates/configmap-env-vars.yaml | 37 + .../files/keycloak/templates/configmap.yaml | 18 + .../files/keycloak/templates/extra-list.yaml | 4 + .../keycloak/templates/headless-service.yaml | 30 + .../files/keycloak/templates/hpa.yaml | 35 + .../files/keycloak/templates/ingress.yaml | 58 + .../templates/init-scripts-configmap.yaml | 17 + .../keycloak-config-cli-configmap.yaml | 21 + .../templates/keycloak-config-cli-job.yaml | 120 ++ .../keycloak/templates/metrics-service.yaml | 30 + .../keycloak/templates/networkpolicy.yaml | 39 + .../files/keycloak/templates/pdb.yaml | 25 + .../files/keycloak/templates/role.yaml | 26 + .../files/keycloak/templates/rolebinding.yaml | 23 + .../files/keycloak/templates/secrets.yaml | 31 + .../files/keycloak/templates/service.yaml | 59 + .../keycloak/templates/serviceaccount.yaml | 22 + .../keycloak/templates/servicemonitor.yaml | 48 + .../files/keycloak/templates/statefulset.yaml | 361 ++++ .../files/keycloak/templates/tls-secret.yaml | 76 + .../helm_install/files/keycloak/values.yaml | 951 ++++++++++ .../roles/helm_install/files/kubeconfig | 20 + .../helm_install/files/mongo-dsk/.helmignore | 21 + .../helm_install/files/mongo-dsk/Chart.lock | 6 + .../helm_install/files/mongo-dsk/Chart.yaml | 30 + .../helm_install/files/mongo-dsk/README.md | 548 ++++++ .../files/mongo-dsk/charts/common/.helmignore | 22 + .../files/mongo-dsk/charts/common/Chart.yaml | 23 + .../files/mongo-dsk/charts/common/README.md | 345 ++++ .../charts/common/templates/_affinities.tpl | 102 ++ .../charts/common/templates/_capabilities.tpl | 128 ++ .../charts/common/templates/_errors.tpl | 23 + .../charts/common/templates/_images.tpl | 75 + .../charts/common/templates/_ingress.tpl | 68 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 52 + .../charts/common/templates/_secrets.tpl | 140 ++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 + .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 + .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 129 ++ .../common/templates/validations/_redis.tpl | 76 + .../templates/validations/_validations.tpl | 46 + .../files/mongo-dsk/charts/common/values.yaml | 5 + .../files/mongo-dsk/override-values.yaml | 49 + .../files/mongo-dsk/templates/NOTES.txt | 74 + .../files/mongo-dsk/templates/_helpers.tpl | 266 +++ .../config-server-configmap.yaml | 11 + .../config-server-poddisruptionbudget.yaml | 18 + .../config-server-podmonitor.yaml | 32 + .../config-server-statefulset.yaml | 376 ++++ .../files/mongo-dsk/templates/extra-list.yaml | 4 + .../mongo-dsk/templates/headless-service.yaml | 16 + .../templates/mongos/mongos-configmap.yaml | 11 + .../templates/mongos/mongos-dep-sts.yaml | 319 ++++ .../mongos/mongos-poddisruptionbudget.yaml | 18 + .../templates/mongos/mongos-podmonitor.yaml | 32 + .../mongos/mongos-service-per-replica.yaml | 48 + .../templates/mongos/mongos-service.yaml | 41 + .../replicaset-entrypoint-configmap.yaml | 30 + .../files/mongo-dsk/templates/secrets.yaml | 30 + .../mongo-dsk/templates/serviceaccount.yaml | 5 + .../shard/shard-arbiter-configmap.yaml | 11 + .../shard/shard-arbiter-statefulset.yaml | 337 ++++ .../templates/shard/shard-data-configmap.yaml | 11 + .../shard/shard-data-poddisruptionbudget.yaml | 23 + .../shard/shard-data-podmonitor.yaml | 35 + .../shard/shard-data-statefulset.yaml | 387 +++++ .../helm_install/files/mongo-dsk/values.yaml | 1217 +++++++++++++ .../files/mongo-manifest/.helmignore | 21 + .../files/mongo-manifest/Chart.lock | 6 + .../files/mongo-manifest/Chart.yaml | 30 + .../files/mongo-manifest/README.md | 548 ++++++ .../mongo-manifest/charts/common/.helmignore | 22 + .../mongo-manifest/charts/common/Chart.yaml | 23 + .../mongo-manifest/charts/common/README.md | 345 ++++ .../charts/common/templates/_affinities.tpl | 102 ++ .../charts/common/templates/_capabilities.tpl | 128 ++ .../charts/common/templates/_errors.tpl | 23 + .../charts/common/templates/_images.tpl | 75 + .../charts/common/templates/_ingress.tpl | 68 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 52 + .../charts/common/templates/_secrets.tpl | 140 ++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 + .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 + .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 129 ++ .../common/templates/validations/_redis.tpl | 76 + .../templates/validations/_validations.tpl | 46 + .../mongo-manifest/charts/common/values.yaml | 5 + .../files/mongo-manifest/override-values.yaml | 52 + .../files/mongo-manifest/templates/NOTES.txt | 74 + .../mongo-manifest/templates/_helpers.tpl | 266 +++ .../config-server-configmap.yaml | 11 + .../config-server-poddisruptionbudget.yaml | 18 + .../config-server-podmonitor.yaml | 32 + .../config-server-statefulset.yaml | 376 ++++ .../mongo-manifest/templates/extra-list.yaml | 4 + .../templates/headless-service.yaml | 16 + .../templates/mongos/mongos-configmap.yaml | 11 + .../templates/mongos/mongos-dep-sts.yaml | 319 ++++ .../mongos/mongos-poddisruptionbudget.yaml | 18 + .../templates/mongos/mongos-podmonitor.yaml | 32 + .../mongos/mongos-service-per-replica.yaml | 48 + .../templates/mongos/mongos-service.yaml | 41 + .../replicaset-entrypoint-configmap.yaml | 30 + .../mongo-manifest/templates/secrets.yaml | 30 + .../templates/serviceaccount.yaml | 5 + .../shard/shard-arbiter-configmap.yaml | 11 + .../shard/shard-arbiter-statefulset.yaml | 337 ++++ .../templates/shard/shard-data-configmap.yaml | 11 + .../shard/shard-data-poddisruptionbudget.yaml | 23 + .../shard/shard-data-podmonitor.yaml | 35 + .../shard/shard-data-statefulset.yaml | 387 +++++ .../files/mongo-manifest/values.yaml | 1217 +++++++++++++ .../helm_install/files/postgresql/.helmignore | 21 + .../helm_install/files/postgresql/Chart.lock | 6 + .../helm_install/files/postgresql/Chart.yaml | 30 + .../helm_install/files/postgresql/README.md | 662 +++++++ .../files/postgresql/charts/common-1.17.1.tgz | Bin 0 -> 14611 bytes .../postgresql/charts/common/.helmignore | 22 + .../files/postgresql/charts/common/Chart.yaml | 23 + .../files/postgresql/charts/common/README.md | 347 ++++ .../charts/common/templates/_affinities.tpl | 102 ++ .../charts/common/templates/_capabilities.tpl | 139 ++ .../charts/common/templates/_errors.tpl | 23 + .../charts/common/templates/_images.tpl | 75 + .../charts/common/templates/_ingress.tpl | 68 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 63 + .../charts/common/templates/_secrets.tpl | 140 ++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 + .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 + .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 129 ++ .../common/templates/validations/_redis.tpl | 76 + .../templates/validations/_validations.tpl | 46 + .../postgresql/charts/common/values.yaml | 5 + .../files/postgresql/ci/extended-config.yaml | 4 + .../files/postgresql/ci/init-scripts.yaml | 8 + .../files/postgresql/ci/metrics.yaml | 24 + .../files/postgresql/ci/rbac.yaml | 16 + .../files/postgresql/ci/replication.yaml | 5 + .../helm_install/files/postgresql/ci/tls.yaml | 6 + .../files/postgresql/override-values.yaml | 29 + .../files/postgresql/templates/NOTES.txt | 89 + .../files/postgresql/templates/_helpers.tpl | 320 ++++ .../postgresql/templates/extra-list.yaml | 4 + .../templates/networkpolicy-egress.yaml | 32 + .../templates/primary/configmap.yaml | 24 + .../templates/primary/extended-configmap.yaml | 18 + .../primary/initialization-configmap.yaml | 15 + .../templates/primary/metrics-configmap.yaml | 16 + .../templates/primary/metrics-svc.yaml | 31 + .../templates/primary/networkpolicy.yaml | 57 + .../templates/primary/prometheusrule.yaml | 22 + .../templates/primary/servicemonitor.yaml | 48 + .../templates/primary/statefulset.yaml | 639 +++++++ .../templates/primary/svc-headless.yaml | 31 + .../postgresql/templates/primary/svc.yaml | 43 + .../files/postgresql/templates/psp.yaml | 41 + .../templates/read/networkpolicy.yaml | 36 + .../templates/read/statefulset.yaml | 433 +++++ .../templates/read/svc-headless.yaml | 33 + .../files/postgresql/templates/read/svc.yaml | 45 + .../files/postgresql/templates/role.yaml | 31 + .../postgresql/templates/rolebinding.yaml | 22 + .../files/postgresql/templates/secrets.yaml | 29 + .../postgresql/templates/serviceaccount.yaml | 19 + .../postgresql/templates/tls-secrets.yaml | 27 + .../files/postgresql/values.schema.json | 156 ++ .../helm_install/files/postgresql/values.yaml | 1335 ++++++++++++++ .../helm_install/files/rabbitmq/.helmignore | 21 + .../helm_install/files/rabbitmq/Chart.lock | 6 + .../helm_install/files/rabbitmq/Chart.yaml | 26 + .../helm_install/files/rabbitmq/README.md | 604 +++++++ .../files/rabbitmq/charts/common-1.17.1.tgz | Bin 0 -> 14611 bytes .../files/rabbitmq/charts/common/.helmignore | 22 + .../files/rabbitmq/charts/common/Chart.yaml | 23 + .../files/rabbitmq/charts/common/README.md | 347 ++++ .../charts/common/templates/_affinities.tpl | 102 ++ .../charts/common/templates/_capabilities.tpl | 139 ++ .../charts/common/templates/_errors.tpl | 23 + .../charts/common/templates/_images.tpl | 75 + .../charts/common/templates/_ingress.tpl | 68 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 63 + .../charts/common/templates/_secrets.tpl | 140 ++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 + .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 + .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 129 ++ .../common/templates/validations/_redis.tpl | 76 + .../templates/validations/_validations.tpl | 46 + .../files/rabbitmq/charts/common/values.yaml | 5 + .../files/rabbitmq/ci/default-values.yaml | 1 + .../files/rabbitmq/ci/tolerations-values.yaml | 4 + .../files/rabbitmq/override-values.yaml | 31 + .../files/rabbitmq/templates/NOTES.txt | 172 ++ .../files/rabbitmq/templates/_helpers.tpl | 247 +++ .../rabbitmq/templates/configuration.yaml | 16 + .../files/rabbitmq/templates/extra-list.yaml | 4 + .../files/rabbitmq/templates/ingress.yaml | 60 + .../rabbitmq/templates/networkpolicy.yaml | 37 + .../files/rabbitmq/templates/pdb.yaml | 20 + .../rabbitmq/templates/prometheusrule.yaml | 24 + .../files/rabbitmq/templates/role.yaml | 18 + .../files/rabbitmq/templates/rolebinding.yaml | 18 + .../files/rabbitmq/templates/secrets.yaml | 46 + .../rabbitmq/templates/serviceaccount.yaml | 15 + .../rabbitmq/templates/servicemonitor.yaml | 54 + .../files/rabbitmq/templates/statefulset.yaml | 375 ++++ .../rabbitmq/templates/svc-headless.yaml | 41 + .../files/rabbitmq/templates/svc.yaml | 99 ++ .../files/rabbitmq/templates/tls-secrets.yaml | 74 + .../files/rabbitmq/values.schema.json | 100 ++ .../helm_install/files/rabbitmq/values.yaml | 1215 +++++++++++++ .../helm_install/files/redis/.helmignore | 21 + .../roles/helm_install/files/redis/Chart.lock | 6 + .../roles/helm_install/files/redis/Chart.yaml | 28 + .../roles/helm_install/files/redis/README.md | 866 ++++++++++ .../files/redis/charts/common-1.17.1.tgz | Bin 0 -> 14611 bytes .../files/redis/charts/common/.helmignore | 22 + .../files/redis/charts/common/Chart.yaml | 23 + .../files/redis/charts/common/README.md | 345 ++++ .../charts/common/templates/_affinities.tpl | 102 ++ .../charts/common/templates/_capabilities.tpl | 128 ++ .../redis/charts/common/templates/_errors.tpl | 23 + .../redis/charts/common/templates/_images.tpl | 75 + .../charts/common/templates/_ingress.tpl | 68 + .../redis/charts/common/templates/_labels.tpl | 18 + .../redis/charts/common/templates/_names.tpl | 52 + .../charts/common/templates/_secrets.tpl | 140 ++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../redis/charts/common/templates/_utils.tpl | 62 + .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 + .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 129 ++ .../common/templates/validations/_redis.tpl | 76 + .../templates/validations/_validations.tpl | 46 + .../files/redis/charts/common/values.yaml | 5 + .../files/redis/ci/extra-flags-values.yaml | 12 + .../files/redis/ci/sentinel-values.yaml | 6 + .../files/redis/ci/standalone-values.yaml | 1 + .../redis/img/redis-cluster-topology.png | Bin 0 -> 11448 bytes .../files/redis/img/redis-topology.png | Bin 0 -> 9709 bytes .../files/redis/override-values.yaml | 21 + .../files/redis/templates/NOTES.txt | 191 ++ .../files/redis/templates/_helpers.tpl | 291 ++++ .../files/redis/templates/configmap.yaml | 60 + .../files/redis/templates/extra-list.yaml | 4 + .../files/redis/templates/headless-svc.yaml | 30 + .../redis/templates/health-configmap.yaml | 192 +++ .../redis/templates/master/application.yaml | 467 +++++ .../files/redis/templates/master/psp.yaml | 46 + .../files/redis/templates/master/pvc.yaml | 26 + .../files/redis/templates/master/service.yaml | 49 + .../files/redis/templates/metrics-svc.yaml | 38 + .../files/redis/templates/networkpolicy.yaml | 78 + .../files/redis/templates/pdb.yaml | 23 + .../files/redis/templates/prometheusrule.yaml | 27 + .../files/redis/templates/replicas/hpa.yaml | 35 + .../redis/templates/replicas/service.yaml | 49 + .../redis/templates/replicas/statefulset.yaml | 455 +++++ .../files/redis/templates/role.yaml | 28 + .../files/redis/templates/rolebinding.yaml | 21 + .../redis/templates/scripts-configmap.yaml | 625 +++++++ .../files/redis/templates/secret.yaml | 17 + .../files/redis/templates/sentinel/hpa.yaml | 35 + .../templates/sentinel/node-services.yaml | 71 + .../templates/sentinel/ports-configmap.yaml | 100 ++ .../redis/templates/sentinel/service.yaml | 96 ++ .../redis/templates/sentinel/statefulset.yaml | 670 +++++++ .../files/redis/templates/serviceaccount.yaml | 21 + .../files/redis/templates/servicemonitor.yaml | 45 + .../files/redis/templates/tls-secret.yaml | 26 + .../files/redis/values.schema.json | 156 ++ .../helm_install/files/redis/values.yaml | 1536 +++++++++++++++++ .../roles/helm_install/files/vault/.gitignore | 1 + .../helm_install/files/vault/.helmignore | 28 + .../vault/00.old/override-values.yaml_221117 | 58 + .../vault/00.old/override-values.yaml_bak | 14 + .../helm_install/files/vault/CHANGELOG.md | 433 +++++ .../helm_install/files/vault/CONTRIBUTING.md | 247 +++ .../roles/helm_install/files/vault/Chart.yaml | 21 + .../roles/helm_install/files/vault/LICENSE | 355 ++++ .../roles/helm_install/files/vault/Makefile | 101 ++ .../roles/helm_install/files/vault/README.MD | 127 ++ .../files/vault/override-values.yaml | 82 + .../files/vault/override-values.yaml_bak | 82 + .../files/vault/templates/NOTES.txt | 14 + .../files/vault/templates/_helpers.tpl | 953 ++++++++++ .../vault/templates/csi-clusterrole.yaml | 18 + .../templates/csi-clusterrolebinding.yaml | 19 + .../files/vault/templates/csi-daemonset.yaml | 100 ++ .../vault/templates/csi-serviceaccount.yaml | 16 + .../templates/injector-certs-secret.yaml | 14 + .../vault/templates/injector-clusterrole.yaml | 19 + .../injector-clusterrolebinding.yaml | 19 + .../vault/templates/injector-deployment.yaml | 156 ++ .../templates/injector-disruptionbudget.yaml | 20 + .../templates/injector-mutating-webhook.yaml | 39 + .../templates/injector-network-policy.yaml | 24 + .../vault/templates/injector-psp-role.yaml | 20 + .../templates/injector-psp-rolebinding.yaml | 21 + .../files/vault/templates/injector-psp.yaml | 46 + .../files/vault/templates/injector-role.yaml | 29 + .../vault/templates/injector-rolebinding.yaml | 22 + .../vault/templates/injector-service.yaml | 22 + .../templates/injector-serviceaccount.yaml | 13 + .../templates/prometheus-prometheusrules.yaml | 26 + .../templates/prometheus-servicemonitor.yaml | 44 + .../templates/server-clusterrolebinding.yaml | 24 + .../templates/server-config-configmap.yaml | 40 + .../templates/server-discovery-role.yaml | 21 + .../server-discovery-rolebinding.yaml | 29 + .../templates/server-disruptionbudget.yaml | 26 + .../templates/server-ha-active-service.yaml | 46 + .../templates/server-ha-standby-service.yaml | 45 + .../templates/server-headless-service.yaml | 34 + .../files/vault/templates/server-ingress.yaml | 77 + .../templates/server-network-policy.yaml | 26 + .../vault/templates/server-psp-role.yaml | 20 + .../templates/server-psp-rolebinding.yaml | 21 + .../files/vault/templates/server-psp.yaml | 49 + .../files/vault/templates/server-route.yaml | 34 + .../files/vault/templates/server-service.yaml | 44 + .../templates/server-serviceaccount.yaml | 14 + .../vault/templates/server-statefulset.yaml | 210 +++ .../vault/templates/tests/server-test.yaml | 51 + .../files/vault/templates/ui-service.yaml | 37 + .../roles/helm_install/files/vault/test | 600 +++++++ .../helm_install/files/vault/tls/ca-cert.pem | 32 + .../helm_install/files/vault/tls/ca-cert.srl | 1 + .../helm_install/files/vault/tls/ca-key.pem | 52 + .../files/vault/tls/client-cert.pem | 33 + .../files/vault/tls/client-key.pem | 52 + .../files/vault/tls/client-req.pem | 27 + .../helm_install/files/vault/tls/ext.conf | 1 + .../helm_install/files/vault/tls/generator.sh | 94 + .../files/vault/tls/server-cert.pem | 33 + .../files/vault/tls/server-key.pem | 52 + .../files/vault/tls/server-req.pem | 27 + .../files/vault/values.openshift.yaml | 18 + .../files/vault/values.schema.json | 1030 +++++++++++ .../helm_install/files/vault/values.yaml | 1121 ++++++++++++ .../files/vault_agent/configmap.yaml | 52 + .../files/vault_agent/deployment.yaml | 42 + .../helm_install/files/vault_agent/pvc.yaml | 11 + .../files/vault_agent/test/configmap.yaml | 52 + .../files/vault_agent/test/deployment.yaml | 42 + .../files/vault_agent/test/pvc.yaml | 11 + .../helm_install/tasks/helm-chart-install.yml | 37 + .../tasks/helm-chart-install.yml_bak | 23 + .../helm_install/tasks/helm-chart-nginx.yml | 23 + .../roles/helm_install/tasks/helm-install.yml | 60 + .../ansible/roles/helm_install/tasks/main.yml | 6 + .../roles/kubernetes_install/README.md | 38 + .../kubernetes_install/defaults/main.yml | 131 ++ .../files/ingress-nginx/.helmignore | 22 + .../files/ingress-nginx/CHANGELOG.md | 445 +++++ .../files/ingress-nginx/Chart.yaml | 23 + .../files/ingress-nginx/OWNERS | 10 + .../files/ingress-nginx/README.md | 494 ++++++ .../files/ingress-nginx/README.md.gotmpl | 235 +++ .../controller-custom-ingressclass-flags.yaml | 7 + .../ci/daemonset-customconfig-values.yaml | 14 + .../ci/daemonset-customnodeport-values.yaml | 22 + .../ci/daemonset-extra-modules.yaml | 10 + .../ci/daemonset-headers-values.yaml | 14 + .../ci/daemonset-internal-lb-values.yaml | 14 + .../ci/daemonset-nodeport-values.yaml | 10 + .../ci/daemonset-podannotations-values.yaml | 17 + ...set-tcp-udp-configMapNamespace-values.yaml | 20 + ...emonset-tcp-udp-portNamePrefix-values.yaml | 18 + .../ci/daemonset-tcp-udp-values.yaml | 16 + .../ci/daemonset-tcp-values.yaml | 14 + .../ci/deamonset-default-values.yaml | 10 + .../ci/deamonset-metrics-values.yaml | 12 + .../ci/deamonset-psp-values.yaml | 13 + .../ci/deamonset-webhook-and-psp-values.yaml | 13 + .../ci/deamonset-webhook-values.yaml | 10 + ...eployment-autoscaling-behavior-values.yaml | 14 + .../ci/deployment-autoscaling-values.yaml | 11 + .../ci/deployment-customconfig-values.yaml | 12 + .../ci/deployment-customnodeport-values.yaml | 20 + .../ci/deployment-default-values.yaml | 8 + .../ci/deployment-extra-modules.yaml | 10 + .../ci/deployment-headers-values.yaml | 13 + .../ci/deployment-internal-lb-values.yaml | 13 + .../ci/deployment-metrics-values.yaml | 11 + .../ci/deployment-nodeport-values.yaml | 9 + .../ci/deployment-podannotations-values.yaml | 16 + .../ci/deployment-psp-values.yaml | 10 + ...ent-tcp-udp-configMapNamespace-values.yaml | 19 + ...loyment-tcp-udp-portNamePrefix-values.yaml | 17 + .../ci/deployment-tcp-udp-values.yaml | 15 + .../ci/deployment-tcp-values.yaml | 11 + .../ci/deployment-webhook-and-psp-values.yaml | 12 + .../deployment-webhook-extraEnvs-values.yaml | 12 + .../deployment-webhook-resources-values.yaml | 23 + .../ci/deployment-webhook-values.yaml | 9 + .../files/ingress-nginx/override-values.yaml | 10 + .../files/ingress-nginx/temp.yaml | 724 ++++++++ .../files/ingress-nginx/temp2.yaml | 725 ++++++++ .../files/ingress-nginx/templates/NOTES.txt | 80 + .../ingress-nginx/templates/_helpers.tpl | 185 ++ .../files/ingress-nginx/templates/_params.tpl | 62 + .../job-patch/clusterrole.yaml | 34 + .../job-patch/clusterrolebinding.yaml | 23 + .../job-patch/job-createSecret.yaml | 79 + .../job-patch/job-patchWebhook.yaml | 81 + .../admission-webhooks/job-patch/psp.yaml | 39 + .../admission-webhooks/job-patch/role.yaml | 24 + .../job-patch/rolebinding.yaml | 24 + .../job-patch/serviceaccount.yaml | 16 + .../validating-webhook.yaml | 48 + .../ingress-nginx/templates/clusterrole.yaml | 94 + .../templates/clusterrolebinding.yaml | 19 + .../controller-configmap-addheaders.yaml | 14 + .../controller-configmap-proxyheaders.yaml | 19 + .../templates/controller-configmap-tcp.yaml | 17 + .../templates/controller-configmap-udp.yaml | 17 + .../templates/controller-configmap.yaml | 29 + .../templates/controller-daemonset.yaml | 223 +++ .../templates/controller-deployment.yaml | 228 +++ .../templates/controller-hpa.yaml | 52 + .../templates/controller-ingressclass.yaml | 21 + .../templates/controller-keda.yaml | 42 + .../controller-poddisruptionbudget.yaml | 19 + .../templates/controller-prometheusrules.yaml | 21 + .../templates/controller-psp.yaml | 94 + .../templates/controller-role.yaml | 113 ++ .../templates/controller-rolebinding.yaml | 21 + .../controller-service-internal.yaml | 79 + .../templates/controller-service-metrics.yaml | 45 + .../templates/controller-service-webhook.yaml | 40 + .../templates/controller-service.yaml | 101 ++ .../templates/controller-serviceaccount.yaml | 18 + .../templates/controller-servicemonitor.yaml | 48 + .../controller-wehbooks-networkpolicy.yaml | 19 + .../templates/default-backend-deployment.yaml | 118 ++ .../templates/default-backend-hpa.yaml | 33 + .../default-backend-poddisruptionbudget.yaml | 21 + .../templates/default-backend-psp.yaml | 38 + .../templates/default-backend-role.yaml | 22 + .../default-backend-rolebinding.yaml | 21 + .../templates/default-backend-service.yaml | 41 + .../default-backend-serviceaccount.yaml | 14 + .../templates/dh-param-secret.yaml | 10 + .../files/ingress-nginx/values.yaml | 944 ++++++++++ .../roles/kubernetes_install/files/kubeconfig | 20 + .../kubernetes_install/handlers/main.yml | 10 + .../roles/kubernetes_install/meta/main.yml | 52 + .../tasks/helm-chart-nginx.yml | 13 + .../kubernetes_install/tasks/helm-install.yml | 60 + .../tasks/k8s-helm-chart.yml | 7 + .../kubernetes_install/tasks/k8s-main.yml | 68 + .../kubernetes_install/tasks/k8s-master.yml | 34 + .../kubernetes_install/tasks/k8s-node.yml | 6 + .../roles/kubernetes_install/tasks/main.yml | 10 + .../kubernetes_install/tasks/os-main.yml | 70 + .../kubernetes_install/tasks/os-runtime.yml | 45 + .../templates/config.toml.j2 | 5 + .../kubernetes_install/templates/hosts.j2 | 6 + .../templates/yaml2toml_macro.j2 | 58 + .../roles/kubernetes_install/tests/inventory | 17 + .../roles/kubernetes_install/tests/test.yml | 6 + .../roles/kubernetes_install/vars/main.yml | 2 + packer/ansible/roles/node/tasks/main.yml | 20 + packer/ansible/roles/node/tasks/sysctl.yml | 8 + .../roles/node/templates/common-auth.j2 | 27 + .../roles/node/templates/pwquality.conf.j2 | 50 + packer/ansible/roles/node/templates/sysctl.j2 | 82 + .../roles/security-settings/defaults/main.yml | 43 + .../security-settings/files/allow_users.conf | 2 + .../security-settings/files/login_banner | 20 + .../roles/security-settings/handlers/main.yml | 6 + .../security-settings/tasks/admin_set.yml | 16 + .../roles/security-settings/tasks/banner.yml | 29 + .../roles/security-settings/tasks/crictl.yml | 19 + .../security-settings/tasks/login_defs.yml | 48 + .../roles/security-settings/tasks/main.yml | 24 + .../roles/security-settings/tasks/pam.yml | 50 + .../roles/security-settings/tasks/profile.yml | 24 + .../roles/security-settings/tasks/python.yml | 25 + .../security-settings/tasks/sshd_config.yml | 31 + .../templates/common-auth.j2 | 27 + .../templates/pwquality.conf.j2 | 50 + .../security-settings/templates/sysctl.j2 | 79 + packer/ansible/test.yaml | 30 + packer/test.pkr.hcl | 35 + terraform/.DS_Store | Bin 0 -> 6148 bytes terraform/.terraform.lock.hcl | 42 + .../terraform-provider-local_v2.4.0_x5 | Bin 0 -> 13938434 bytes .../ncloud/2.3.18/darwin_arm64/CHANGELOG.md | 28 + .../ncloud/2.3.18/darwin_arm64/LICENSE | 373 ++++ .../ncloud/2.3.18/darwin_arm64/README.md | 64 + .../terraform-provider-ncloud_v2.3.18 | Bin 0 -> 20759106 bytes terraform/lb.tf | 37 + terraform/ncloud.tf | 17 + terraform/public_ip.tf | 3 + terraform/route.tf | 39 + terraform/server.tf | 50 + terraform/terraform.tfstate | 428 +++++ terraform/terraform.tfstate.backup | 9 + terraform/variables.tf | 11 + terraform/vpc.tf | 85 + 947 files changed, 81629 insertions(+) create mode 100644 .DS_Store create mode 100644 packer/ansible/ansible.cfg create mode 100755 packer/ansible/bastion_roles.yaml create mode 100755 packer/ansible/docker_roles.yaml create mode 100755 packer/ansible/node_roles.yaml create mode 100755 packer/ansible/roles.yaml create mode 100644 packer/ansible/roles/bastion/tasks/main.yml create mode 100644 packer/ansible/roles/docker/handlers/main.yml create mode 100644 packer/ansible/roles/docker/tasks/00-amazon-os-main.yml create mode 100644 packer/ansible/roles/docker/tasks/00-ubuntu-os-main.yml create mode 100644 packer/ansible/roles/docker/tasks/01-amazon-os-docker.yml create mode 100644 packer/ansible/roles/docker/tasks/01-ubuntu-os-docker.yml create mode 100644 packer/ansible/roles/docker/tasks/main.yml create mode 100755 packer/ansible/roles/docker/tasks/sysctl.yml create mode 100755 packer/ansible/roles/docker/templates/common-auth.j2 create mode 100755 packer/ansible/roles/docker/templates/daemon.json.j2 create mode 100755 packer/ansible/roles/docker/templates/pwquality.conf.j2 create mode 100755 packer/ansible/roles/docker/templates/sysctl.j2 create mode 100644 packer/ansible/roles/helm_install/defaults/main.yml create mode 100644 packer/ansible/roles/helm_install/files/druid/Chart.lock create mode 100644 packer/ansible/roles/helm_install/files/druid/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/README.md create mode 100644 packer/ansible/roles/helm_install/files/druid/charts-archive/mysql-1.6.4.tgz create mode 100644 packer/ansible/roles/helm_install/files/druid/charts-archive/postgresql-8.6.4.tgz create mode 100644 packer/ansible/roles/helm_install/files/druid/charts-archive/zookeeper-2.1.4.tgz create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/.helmignore create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/Chart.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/README.md create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/NOTES.txt create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/_helpers.tpl create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/configurationFiles-configmap.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/deployment.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/initializationFiles-configmap.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/pvc.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/secrets.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/serviceaccount.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/servicemonitor.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/svc.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/tests/test-configmap.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/tests/test.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/mysql/values.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/.helmignore create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/Chart.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/README.md create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/ci/default-values.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/ci/shmvolume-disabled-values.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/README.md create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/conf.d/README.md create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/docker-entrypoint-initdb.d/README.md create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/NOTES.txt create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/_helpers.tpl create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/configmap.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/extended-config-configmap.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/initialization-configmap.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/metrics-configmap.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/metrics-svc.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/networkpolicy.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/prometheusrule.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/secrets.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/serviceaccount.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/servicemonitor.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/statefulset-slaves.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/statefulset.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc-headless.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc-read.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/values-production.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/values.schema.json create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/postgresql/values.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/.helmignore create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/Chart.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/OWNERS create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/README.md create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/NOTES.txt create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/_helpers.tpl create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/config-jmx-exporter.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/config-script.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/job-chroots.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/poddisruptionbudget.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/service-headless.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/service.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/servicemonitors.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/statefulset.yaml create mode 100755 packer/ansible/roles/helm_install/files/druid/charts/zookeeper/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/install.txt create mode 100644 packer/ansible/roles/helm_install/files/druid/override-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/override-values.yaml_221206 create mode 100644 packer/ansible/roles/helm_install/files/druid/override-values.yaml_221207 create mode 100644 packer/ansible/roles/helm_install/files/druid/override-values.yaml_old create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/broker/deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/broker/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/broker/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/coordinator/deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/coordinator/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/coordinator/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/historical/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/historical/pdb.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/historical/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/historical/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/middleManager/hpa.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/middleManager/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/middleManager/pdb.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/middleManager/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/middleManager/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/overlord/deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/overlord/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/overlord/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/router/deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/router/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/router/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/templates/secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/druid/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/config/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/config/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/config/test/goss.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/config/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/config/watcher_encryption_key create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/default/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/default/README.md create mode 100755 packer/ansible/roles/helm_install/files/elasticsearch/examples/default/rolling_upgrade.sh create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/default/test/goss.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/values-local-path.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/client.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/data.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/master.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/client.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/data.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/master.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/test/goss.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/networkpolicy/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/networkpolicy/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/test/goss.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/security/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/security/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/security/test/goss.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/security/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/Makefile create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/README.md create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/test/goss.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/override-values.yaml create mode 100755 packer/ansible/roles/helm_install/files/elasticsearch/schema/es-ddl.sh create mode 100755 packer/ansible/roles/helm_install/files/elasticsearch/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/networkpolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/podsecuritypolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/role.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/secret-cert.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/secret.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/templates/test/test-elasticsearch-health.yaml create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/tests/elasticsearch_test.py create mode 100644 packer/ansible/roles/helm_install/files/elasticsearch/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/CHANGELOG.md create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/OWNERS create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/README.md create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/README.md.gotmpl create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-customconfig-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-customnodeport-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-extra-modules.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-headers-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-internal-lb-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-nodeport-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-podannotations-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-default-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-metrics-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-psp-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-webhook-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-autoscaling-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-customconfig-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-customnodeport-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-default-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-extra-modules.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-headers-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-internal-lb-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-metrics-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-nodeport-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-podannotations-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-psp-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-resources-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/override-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/temp.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/temp2.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/_params.tpl create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/clusterrole.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/clusterrolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-addheaders.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-proxyheaders.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-tcp.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-udp.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-daemonset.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-hpa.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-ingressclass.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-keda.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-prometheusrules.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-psp.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-role.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-internal.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-metrics.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-webhook.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-servicemonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-hpa.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-psp.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-role.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/templates/dh-param-secret.yaml create mode 100644 packer/ansible/roles/helm_install/files/ingress-nginx/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/kafka/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/README.txt create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/LICENSE create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/README.md create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/secret.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/akhq/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/index.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/configmap_fromValues.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/hpa.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/networkpolicy-egress.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/networkpolicy-ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/secret.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka/1.broker-config.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/2.dns.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/3.bootstrap-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/5.kafka.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/6.outside.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/kafka/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/0.config.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/1.service-leader-election.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/2.service-client.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/4.statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/index.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/templates/role.yaml create mode 100644 packer/ansible/roles/helm_install/files/kafka/test create mode 100644 packer/ansible/roles/helm_install/files/kafka/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/Chart.lock create mode 100644 packer/ansible/roles/helm_install/files/keycloak/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/README.md create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/README.md create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_affinities.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_capabilities.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_errors.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_images.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_ingress.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_labels.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_names.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_secrets.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_storage.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_tplvalues.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_utils.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_warnings.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_cassandra.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_mariadb.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_mongodb.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_postgresql.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_redis.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_validations.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/common/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/Chart.lock create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/README.md create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/README.md create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_affinities.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_capabilities.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_errors.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_images.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_ingress.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_labels.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_names.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_secrets.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_storage.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_tplvalues.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_utils.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_warnings.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_cassandra.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_mariadb.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_mongodb.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_postgresql.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_redis.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_validations.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/extended-config.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/init-scripts.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/metrics.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/rbac.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/replication.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/tls.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/extra-list.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/networkpolicy-egress.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/extended-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/initialization-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/metrics-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/metrics-svc.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/networkpolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/prometheusrule.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/servicemonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/svc-headless.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/svc.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/psp.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/networkpolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/svc-headless.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/svc.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/role.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/tls-secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/values.schema.json create mode 100644 packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/ci/ct-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/ci/values-ha.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/ci/values-hpa-pdb.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/ci/values-init-scripts.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/ci/values-metrics-and-ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/override-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/configmap-env-vars.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/extra-list.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/headless-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/hpa.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/init-scripts-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/keycloak-config-cli-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/keycloak-config-cli-job.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/metrics-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/networkpolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/pdb.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/role.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/servicemonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/templates/tls-secret.yaml create mode 100644 packer/ansible/roles/helm_install/files/keycloak/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/kubeconfig create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/Chart.lock create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/README.md create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/README.md create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_affinities.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_capabilities.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_errors.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_images.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_ingress.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_labels.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_names.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_secrets.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_storage.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_tplvalues.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_utils.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_warnings.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_cassandra.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_mariadb.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_mongodb.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_postgresql.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_redis.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_validations.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/override-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-podmonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/extra-list.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/headless-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-dep-sts.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-podmonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-service-per-replica.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/replicaset-entrypoint-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-arbiter-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-arbiter-statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-podmonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-dsk/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/Chart.lock create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/README.md create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/README.md create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_affinities.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_capabilities.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_errors.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_images.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_ingress.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_labels.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_names.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_secrets.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_storage.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_tplvalues.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_utils.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_warnings.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_cassandra.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_mariadb.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_mongodb.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_postgresql.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_redis.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_validations.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/override-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-podmonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/extra-list.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/headless-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-dep-sts.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-podmonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-service-per-replica.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/replicaset-entrypoint-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-arbiter-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-arbiter-statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-podmonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/mongo-manifest/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/postgresql/Chart.lock create mode 100644 packer/ansible/roles/helm_install/files/postgresql/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/README.md create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common-1.17.1.tgz create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/README.md create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_affinities.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_capabilities.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_errors.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_images.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_ingress.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_labels.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_names.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_secrets.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_storage.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_tplvalues.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_utils.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_warnings.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_cassandra.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_mariadb.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_mongodb.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_postgresql.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_redis.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_validations.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/charts/common/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/ci/extended-config.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/ci/init-scripts.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/ci/metrics.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/ci/rbac.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/ci/replication.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/ci/tls.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/override-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/extra-list.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/networkpolicy-egress.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/extended-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/initialization-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/metrics-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/metrics-svc.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/networkpolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/prometheusrule.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/servicemonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/svc-headless.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/primary/svc.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/psp.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/read/networkpolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/read/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/read/svc-headless.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/read/svc.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/role.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/templates/tls-secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/postgresql/values.schema.json create mode 100644 packer/ansible/roles/helm_install/files/postgresql/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/Chart.lock create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/README.md create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common-1.17.1.tgz create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/README.md create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_affinities.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_capabilities.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_errors.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_images.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_ingress.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_labels.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_names.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_secrets.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_storage.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_tplvalues.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_utils.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_warnings.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_cassandra.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_mariadb.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_mongodb.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_postgresql.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_redis.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_validations.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/charts/common/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/ci/default-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/ci/tolerations-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/override-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/configuration.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/extra-list.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/networkpolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/pdb.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/prometheusrule.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/role.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/servicemonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/svc-headless.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/svc.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/templates/tls-secrets.yaml create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/values.schema.json create mode 100644 packer/ansible/roles/helm_install/files/rabbitmq/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/redis/Chart.lock create mode 100644 packer/ansible/roles/helm_install/files/redis/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/README.md create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common-1.17.1.tgz create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/README.md create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_affinities.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_capabilities.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_errors.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_images.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_ingress.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_labels.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_names.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_secrets.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_storage.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_tplvalues.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_utils.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/_warnings.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_cassandra.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_mariadb.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_mongodb.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_postgresql.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_redis.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_validations.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/charts/common/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/ci/extra-flags-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/ci/sentinel-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/ci/standalone-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/img/redis-cluster-topology.png create mode 100644 packer/ansible/roles/helm_install/files/redis/img/redis-topology.png create mode 100644 packer/ansible/roles/helm_install/files/redis/override-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/extra-list.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/headless-svc.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/health-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/master/application.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/master/psp.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/master/pvc.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/master/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/metrics-svc.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/networkpolicy.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/pdb.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/prometheusrule.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/replicas/hpa.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/replicas/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/replicas/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/role.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/scripts-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/secret.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/sentinel/hpa.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/sentinel/node-services.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/sentinel/ports-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/sentinel/service.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/sentinel/statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/servicemonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/templates/tls-secret.yaml create mode 100644 packer/ansible/roles/helm_install/files/redis/values.schema.json create mode 100644 packer/ansible/roles/helm_install/files/redis/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/.gitignore create mode 100644 packer/ansible/roles/helm_install/files/vault/.helmignore create mode 100644 packer/ansible/roles/helm_install/files/vault/00.old/override-values.yaml_221117 create mode 100644 packer/ansible/roles/helm_install/files/vault/00.old/override-values.yaml_bak create mode 100644 packer/ansible/roles/helm_install/files/vault/CHANGELOG.md create mode 100644 packer/ansible/roles/helm_install/files/vault/CONTRIBUTING.md create mode 100644 packer/ansible/roles/helm_install/files/vault/Chart.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/LICENSE create mode 100644 packer/ansible/roles/helm_install/files/vault/Makefile create mode 100644 packer/ansible/roles/helm_install/files/vault/README.MD create mode 100644 packer/ansible/roles/helm_install/files/vault/override-values.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/override-values.yaml_bak create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/NOTES.txt create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/_helpers.tpl create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/csi-clusterrole.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/csi-clusterrolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/csi-daemonset.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/csi-serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-certs-secret.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-clusterrole.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-clusterrolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-disruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-mutating-webhook.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-network-policy.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-psp-role.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-psp-rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-psp.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-role.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/injector-serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/prometheus-prometheusrules.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/prometheus-servicemonitor.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-clusterrolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-config-configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-discovery-role.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-discovery-rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-disruptionbudget.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-ha-active-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-ha-standby-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-headless-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-ingress.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-network-policy.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-psp-role.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-psp-rolebinding.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-psp.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-route.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-serviceaccount.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/server-statefulset.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/tests/server-test.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/templates/ui-service.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/test create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/ca-cert.pem create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/ca-cert.srl create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/ca-key.pem create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/client-cert.pem create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/client-key.pem create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/client-req.pem create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/ext.conf create mode 100755 packer/ansible/roles/helm_install/files/vault/tls/generator.sh create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/server-cert.pem create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/server-key.pem create mode 100644 packer/ansible/roles/helm_install/files/vault/tls/server-req.pem create mode 100644 packer/ansible/roles/helm_install/files/vault/values.openshift.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault/values.schema.json create mode 100644 packer/ansible/roles/helm_install/files/vault/values.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault_agent/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault_agent/deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault_agent/pvc.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault_agent/test/configmap.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault_agent/test/deployment.yaml create mode 100644 packer/ansible/roles/helm_install/files/vault_agent/test/pvc.yaml create mode 100644 packer/ansible/roles/helm_install/tasks/helm-chart-install.yml create mode 100644 packer/ansible/roles/helm_install/tasks/helm-chart-install.yml_bak create mode 100644 packer/ansible/roles/helm_install/tasks/helm-chart-nginx.yml create mode 100644 packer/ansible/roles/helm_install/tasks/helm-install.yml create mode 100644 packer/ansible/roles/helm_install/tasks/main.yml create mode 100644 packer/ansible/roles/kubernetes_install/README.md create mode 100644 packer/ansible/roles/kubernetes_install/defaults/main.yml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/.helmignore create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/CHANGELOG.md create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/Chart.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/OWNERS create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/README.md create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/README.md.gotmpl create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-customconfig-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-customnodeport-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-extra-modules.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-headers-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-internal-lb-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-nodeport-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-podannotations-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-default-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-metrics-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-psp-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-webhook-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-autoscaling-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-customconfig-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-customnodeport-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-default-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-extra-modules.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-headers-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-internal-lb-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-metrics-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-nodeport-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-podannotations-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-psp-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-resources-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/override-values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/temp.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/temp2.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/NOTES.txt create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/_helpers.tpl create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/_params.tpl create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/clusterrole.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/clusterrolebinding.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-addheaders.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-proxyheaders.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-tcp.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-udp.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-daemonset.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-deployment.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-hpa.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-ingressclass.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-keda.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-prometheusrules.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-psp.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-role.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-rolebinding.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-internal.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-metrics.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-webhook.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-serviceaccount.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-servicemonitor.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-deployment.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-hpa.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-psp.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-role.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-rolebinding.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-service.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-serviceaccount.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/dh-param-secret.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/ingress-nginx/values.yaml create mode 100644 packer/ansible/roles/kubernetes_install/files/kubeconfig create mode 100644 packer/ansible/roles/kubernetes_install/handlers/main.yml create mode 100644 packer/ansible/roles/kubernetes_install/meta/main.yml create mode 100644 packer/ansible/roles/kubernetes_install/tasks/helm-chart-nginx.yml create mode 100644 packer/ansible/roles/kubernetes_install/tasks/helm-install.yml create mode 100644 packer/ansible/roles/kubernetes_install/tasks/k8s-helm-chart.yml create mode 100644 packer/ansible/roles/kubernetes_install/tasks/k8s-main.yml create mode 100644 packer/ansible/roles/kubernetes_install/tasks/k8s-master.yml create mode 100644 packer/ansible/roles/kubernetes_install/tasks/k8s-node.yml create mode 100644 packer/ansible/roles/kubernetes_install/tasks/main.yml create mode 100644 packer/ansible/roles/kubernetes_install/tasks/os-main.yml create mode 100644 packer/ansible/roles/kubernetes_install/tasks/os-runtime.yml create mode 100644 packer/ansible/roles/kubernetes_install/templates/config.toml.j2 create mode 100644 packer/ansible/roles/kubernetes_install/templates/hosts.j2 create mode 100644 packer/ansible/roles/kubernetes_install/templates/yaml2toml_macro.j2 create mode 100644 packer/ansible/roles/kubernetes_install/tests/inventory create mode 100644 packer/ansible/roles/kubernetes_install/tests/test.yml create mode 100644 packer/ansible/roles/kubernetes_install/vars/main.yml create mode 100644 packer/ansible/roles/node/tasks/main.yml create mode 100755 packer/ansible/roles/node/tasks/sysctl.yml create mode 100755 packer/ansible/roles/node/templates/common-auth.j2 create mode 100755 packer/ansible/roles/node/templates/pwquality.conf.j2 create mode 100644 packer/ansible/roles/node/templates/sysctl.j2 create mode 100755 packer/ansible/roles/security-settings/defaults/main.yml create mode 100644 packer/ansible/roles/security-settings/files/allow_users.conf create mode 100755 packer/ansible/roles/security-settings/files/login_banner create mode 100755 packer/ansible/roles/security-settings/handlers/main.yml create mode 100755 packer/ansible/roles/security-settings/tasks/admin_set.yml create mode 100755 packer/ansible/roles/security-settings/tasks/banner.yml create mode 100755 packer/ansible/roles/security-settings/tasks/crictl.yml create mode 100755 packer/ansible/roles/security-settings/tasks/login_defs.yml create mode 100755 packer/ansible/roles/security-settings/tasks/main.yml create mode 100755 packer/ansible/roles/security-settings/tasks/pam.yml create mode 100755 packer/ansible/roles/security-settings/tasks/profile.yml create mode 100644 packer/ansible/roles/security-settings/tasks/python.yml create mode 100755 packer/ansible/roles/security-settings/tasks/sshd_config.yml create mode 100755 packer/ansible/roles/security-settings/templates/common-auth.j2 create mode 100755 packer/ansible/roles/security-settings/templates/pwquality.conf.j2 create mode 100644 packer/ansible/roles/security-settings/templates/sysctl.j2 create mode 100755 packer/ansible/test.yaml create mode 100644 packer/test.pkr.hcl create mode 100644 terraform/.DS_Store create mode 100644 terraform/.terraform.lock.hcl create mode 100755 terraform/.terraform/providers/registry.terraform.io/hashicorp/local/2.4.0/darwin_arm64/terraform-provider-local_v2.4.0_x5 create mode 100644 terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/CHANGELOG.md create mode 100644 terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/LICENSE create mode 100644 terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/README.md create mode 100755 terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/terraform-provider-ncloud_v2.3.18 create mode 100644 terraform/lb.tf create mode 100644 terraform/ncloud.tf create mode 100644 terraform/public_ip.tf create mode 100644 terraform/route.tf create mode 100644 terraform/server.tf create mode 100644 terraform/terraform.tfstate create mode 100644 terraform/terraform.tfstate.backup create mode 100644 terraform/variables.tf create mode 100644 terraform/vpc.tf diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..e28d18fec914a7ae51954810eb84a6e9f44791ca GIT binary patch literal 6148 zcmeHK%}N6?5T3MEcPT;-3WAq_*Me=eQt+}=eF0bWpi*~f)y3_mY`6AM3i|^3LcWL3 z<4lr@rS;%N#LmFvOXg=ozATvp07QG#tpij5z(FM}xY#Ta@{=w|!CDA~{zd@zpdf{Q zI9`Zm!(U{8_RfV2dbn#TeA&O@AdFRr-nVcNN5iaEdl!XbX>EPO*>K9vt^cUTeime- zVLM2#X>_4f9M1Ydcp3G^oyyjUO0pnIdZ|u`x;+fJxr&mm8n@Lb=?-1 bitmask of sysrq functions +# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html +# for what other values do +#kernel.sysrq=438 + +vm.dirty_background_ratio = 5 +vm.dirty_ratio = 80 + +net.core.default_qdisc = fq +net.core.rmem_max = 268435456 +net.core.wmem_max = 268435456 +net.ipv4.conf.all.arp_announce = 2 +net.ipv4.conf.all.arp_filter = 1 +net.ipv4.conf.all.arp_ignore = 1 +net.ipv4.conf.default.arp_filter = 1 +net.ipv4.tcp_congestion_control = htcp +net.ipv4.tcp_no_metrics_save = 1 +net.ipv4.tcp_rmem = 4096 87380 134217728 +net.ipv4.tcp_wmem = 4096 65536 134217728 diff --git a/packer/ansible/roles/helm_install/defaults/main.yml b/packer/ansible/roles/helm_install/defaults/main.yml new file mode 100644 index 0000000..2bfebf8 --- /dev/null +++ b/packer/ansible/roles/helm_install/defaults/main.yml @@ -0,0 +1,5 @@ +helm_checksum: sha256:3156e4fe5f034e5b127cf165d61a8a1c48eb7a73b14689b273de5e6117df6fe2 +helm_version: v3.2.3 + +kubernetes_version: 1.25.2 +kubernetes_middleware_namespace: dsk-middle diff --git a/packer/ansible/roles/helm_install/files/druid/Chart.lock b/packer/ansible/roles/helm_install/files/druid/Chart.lock new file mode 100644 index 0000000..c3bb822 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: zookeeper + repository: https://charts.helm.sh/incubator + version: 2.1.4 +- name: mysql + repository: https://charts.helm.sh/stable + version: 1.6.4 +- name: postgresql + repository: https://charts.helm.sh/stable + version: 8.6.4 +digest: sha256:fb2ab5eed4b4fc00eee5f23764209d7cb494a07161439ea28d85ed3741eaf7f7 +generated: "2022-07-29T12:12:44.428393074+09:00" diff --git a/packer/ansible/roles/helm_install/files/druid/Chart.yaml b/packer/ansible/roles/helm_install/files/druid/Chart.yaml new file mode 100644 index 0000000..c52a420 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/Chart.yaml @@ -0,0 +1,41 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v2 +appVersion: 0.23.0 +description: Apache Druid is a high performance real-time analytics database. +name: druid +dependencies: + - name: zookeeper + version: 2.1.4 + repository: https://charts.helm.sh/incubator + condition: zookeeper.enabled + - name: mysql + version: 1.6.4 + repository: https://charts.helm.sh/stable + condition: mysql.enabled + - name: postgresql + version: 8.6.4 + repository: https://charts.helm.sh/stable + condition: postgresql.enabled +version: 0.3.1 +home: https://druid.apache.org/ +icon: https://druid.apache.org/img/favicon.png +sources: + - https://github.com/apache/druid +keywords: + - olap + - database + - analytics diff --git a/packer/ansible/roles/helm_install/files/druid/README.md b/packer/ansible/roles/helm_install/files/druid/README.md new file mode 100644 index 0000000..34428a3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/README.md @@ -0,0 +1,212 @@ + + +# Apache Druid + +[Apache Druid](https://druid.apache.org/) is a high performance real-time analytics database. + +## Dependency Update + +Before you install the Druid Chart, update the dependencies : +```bash +helm dependency update helm/druid +``` + +## Install Chart + +To install the Druid Chart into your Kubernetes cluster : + +```bash +helm install druid helm/druid --namespace dev --create-namespace +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status druid -n dev +``` + +If you want to delete your Chart, use this command: + +```bash +helm uninstall druid -n dev +``` + +### Helm ingresses + +The Chart provides ingress configuration to allow customization the installation by adapting +the `values.yaml` depending on your setup. +Please read the comments in the `values.yaml` file for more details on how to configure your reverse +proxy or load balancer. + +### Chart Prefix + +This Helm automatically prefixes all names using the release name to avoid collisions. + +### URL prefix + +This chart exposes 6 endpoints: + +- Druid Overlord +- Druid Broker +- Druid Coordinator +- Druid Historical +- Druid Middle Manager +- Druid Router + +### Druid configuration + +Druid configuration can be changed by using environment variables from Docker image. + +See the +[Druid Docker entry point](https://github.com/apache/druid/blob/master/distribution/docker/druid.sh) +for more informations + +### Middle Manager and Historical Statefulset + +Middle Managers and Historicals uses StatefulSet. Persistence is enabled by default. + +## Helm chart Configuration + +The following table lists the configurable parameters of the Druid chart and their default values. + +| Parameter | Description | Default | +|------------------------------------------|---------------------------------------------------------|--------------------------------------------| +| `image.repository` | container image name | `apache/druid` | +| `image.tag` | container image tag | `0.19.0` | +| `image.pullPolicy` | container pull policy | `IfNotPresent` | +| `image.pullSecrets` | image pull secrest for private repositoty | `[]` | +| `configMap.enabled` | enable druid configuration as configmap | `true` | +| `configVars` | druid configuration variables for all components | `` | +| `gCloudStorage.enabled` | look for secret to set google cloud credentials | `false` | +| `gCloudStorage.secretName` | secretName to be mounted as google cloud credentials | `false` | +| `broker.enabled` | enable broker | `true` | +| `broker.name` | broker component name | `broker` | +| `broker.replicaCount` | broker node replicas (deployment) | `1` | +| `broker.port` | port of broker component | `8082` | +| `broker.serviceType` | service type for service | `ClusterIP` | +| `broker.resources` | broker node resources requests & limits | `{}` | +| `broker.podAnnotations` | broker deployment annotations | `{}` | +| `broker.nodeSelector` | Node labels for broker pod assignment | `{}` | +| `broker.tolerations` | broker tolerations | `[]` | +| `broker.config` | broker private config such as `JAVA_OPTS` | | +| `broker.affinity` | broker affinity policy | `{}` | +| `broker.ingress.enabled` | enable ingress | `false` | +| `broker.ingress.hosts` | hosts for the broker api | `[ "chart-example.local" ]` | +| `broker.ingress.path` | path of the broker api | `/` | +| `broker.ingress.annotations` | annotations for the broker api ingress | `{}` | +| `broker.ingress.tls` | TLS configuration for the ingress | `[]` | +| `coordinator.enabled` | enable coordinator | `true` | +| `coordinator.name` | coordinator component name | `coordinator` | +| `coordinator.replicaCount` | coordinator node replicas (deployment) | `1` | +| `coordinator.port` | port of coordinator component | `8081` | +| `coordinator.serviceType` | service type for service | `ClusterIP` | +| `coordinator.resources` | coordinator node resources requests & limits | `{}` | +| `coordinator.podAnnotations` | coordinator Deployment annotations | `{}` | +| `coordinator.nodeSelector` | node labels for coordinator pod assignment | `{}` | +| `coordinator.tolerations` | coordinator tolerations | `[]` | +| `coordinator.config` | coordinator private config such as `JAVA_OPTS` | | +| `coordinator.affinity` | coordinator affinity policy | `{}` | +| `coordinator.ingress.enabled` | enable ingress | `false` | +| `coordinator.ingress.hosts` | hosts for the coordinator api | `[ "chart-example.local" ]` | +| `coordinator.ingress.path` | path of the coordinator api | `/` | +| `coordinator.ingress.annotations` | annotations for the coordinator api ingress | `{}` | +| `coordinator.ingress.tls` | TLS configuration for the ingress | `[]` | +| `overlord.enabled` | enable overlord | `false` | +| `overlord.name` | overlord component name | `overlord` | +| `overlord.replicaCount` | overlord node replicas (deployment) | `1` | +| `overlord.port` | port of overlord component | `8081` | +| `overlord.serviceType` | service type for service | `ClusterIP` | +| `overlord.resources` | overlord node resources requests & limits | `{}` | +| `overlord.podAnnotations` | overlord Deployment annotations | `{}` | +| `overlord.nodeSelector` | node labels for overlord pod assignment | `{}` | +| `overlord.tolerations` | overlord tolerations | `[]` | +| `overlord.config` | overlord private config such as `JAVA_OPTS` | | +| `overlord.affinity` | overlord affinity policy | `{}` | +| `overlord.ingress.enabled` | enable ingress | `false` | +| `overlord.ingress.hosts` | hosts for the overlord api | `[ "chart-example.local" ]` | +| `overlord.ingress.path` | path of the overlord api | `/` | +| `overlord.ingress.annotations` | annotations for the overlord api ingress | `{}` | +| `overlord.ingress.tls` | TLS configuration for the ingress | `[]` | +| `historical.enabled` | enable historical | `true` | +| `historical.name` | historical component name | `historical` | +| `historical.replicaCount` | historical node replicas (statefulset) | `1` | +| `historical.port` | port of historical component | `8083` | +| `historical.serviceType` | service type for service | `ClusterIP` | +| `historical.resources` | historical node resources requests & limits | `{}` | +| `historical.podAnnotations` | historical Deployment annotations | `{}` | +| `historical.nodeSelector` | node labels for historical pod assignment | `{}` | +| `historical.securityContext` | custom security context for historical containers | `{ fsGroup: 1000 }` | +| `historical.tolerations` | historical tolerations | `[]` | +| `historical.config` | historical node private config such as `JAVA_OPTS` | | +| `historical.persistence.enabled` | historical persistent enabled/disabled | `true` | +| `historical.persistence.size` | historical persistent volume size | `4Gi` | +| `historical.persistence.storageClass` | historical persistent volume Class | `nil` | +| `historical.persistence.accessMode` | historical persistent Access Mode | `ReadWriteOnce` | +| `historical.antiAffinity` | historical anti-affinity policy | `soft` | +| `historical.nodeAffinity` | historical node affinity policy | `{}` | +| `historical.ingress.enabled` | enable ingress | `false` | +| `historical.ingress.hosts` | hosts for the historical api | `[ "chart-example.local" ]` | +| `historical.ingress.path` | path of the historical api | `/` | +| `historical.ingress.annotations` | annotations for the historical api ingress | `{}` | +| `historical.ingress.tls` | TLS configuration for the ingress | `[]` | +| `middleManager.enabled` | enable middleManager | `true` | +| `middleManager.name` | middleManager component name | `middleManager` | +| `middleManager.replicaCount` | middleManager node replicas (statefulset) | `1` | +| `middleManager.port` | port of middleManager component | `8091` | +| `middleManager.serviceType` | service type for service | `ClusterIP` | +| `middleManager.resources` | middleManager node resources requests & limits | `{}` | +| `middleManager.podAnnotations` | middleManager Deployment annotations | `{}` | +| `middleManager.nodeSelector` | Node labels for middleManager pod assignment | `{}` | +| `middleManager.securityContext` | custom security context for middleManager containers | `{ fsGroup: 1000 }` | +| `middleManager.tolerations` | middleManager tolerations | `[]` | +| `middleManager.config` | middleManager private config such as `JAVA_OPTS` | | +| `middleManager.persistence.enabled` | middleManager persistent enabled/disabled | `true` | +| `middleManager.persistence.size` | middleManager persistent volume size | `4Gi` | +| `middleManager.persistence.storageClass` | middleManager persistent volume Class | `nil` | +| `middleManager.persistence.accessMode` | middleManager persistent Access Mode | `ReadWriteOnce` | +| `middleManager.antiAffinity` | middleManager anti-affinity policy | `soft` | +| `middleManager.nodeAffinity` | middleManager node affinity policy | `{}` | +| `middleManager.autoscaling.enabled` | enable horizontal pod autoscaling | `false` | +| `middleManager.autoscaling.minReplicas` | middleManager autoscaling min replicas | `2` | +| `middleManager.autoscaling.maxReplicas` | middleManager autoscaling max replicas | `5` | +| `middleManager.autoscaling.metrics` | middleManager autoscaling metrics | `{}` | +| `middleManager.ingress.enabled` | enable ingress | `false` | +| `middleManager.ingress.hosts` | hosts for the middleManager api | `[ "chart-example.local" ]` | +| `middleManager.ingress.path` | path of the middleManager api | `/` | +| `middleManager.ingress.annotations` | annotations for the middleManager api ingress | `{}` | +| `middleManager.ingress.tls` | TLS configuration for the ingress | `[]` | +| `router.enabled` | enable router | `false` | +| `router.name` | router component name | `router` | +| `router.replicaCount` | router node replicas (deployment) | `1` | +| `router.port` | port of router component | `8888` | +| `router.serviceType` | service type for service | `ClusterIP` | +| `router.resources` | router node resources requests & limits | `{}` | +| `router.podAnnotations` | router Deployment annotations | `{}` | +| `router.nodeSelector` | node labels for router pod assignment | `{}` | +| `router.tolerations` | router tolerations | `[]` | +| `router.config` | router private config such as `JAVA_OPTS` | | +| `router.affinity` | router affinity policy | `{}` | +| `router.ingress.enabled` | enable ingress | `false` | +| `router.ingress.hosts` | hosts for the router api | `[ "chart-example.local" ]` | +| `router.ingress.path` | path of the router api | `/` | +| `router.ingress.annotations` | annotations for the router api ingress | `{}` | +| `router.ingress.tls` | TLS configuration for the ingress | `[]` | + +Full and up-to-date documentation can be found in the comments of the `values.yaml` file. diff --git a/packer/ansible/roles/helm_install/files/druid/charts-archive/mysql-1.6.4.tgz b/packer/ansible/roles/helm_install/files/druid/charts-archive/mysql-1.6.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..89202e2bbaac436b6b16d44986c024714b56c1f1 GIT binary patch literal 11121 zcmV-%D~{A3iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYOciXm-IKFR}pJI-jUE8@PCE0P(>i)Cms*aNSG_k#w(r#~V zjs=mBguh9G0YEuwobUcSc;GYjWZ6l(YraS<5*T2BnZaN%GYIDVlixg#s zk7 z9NL`5%*C=ilJ$`f9ujDTIJN-zoC_Q{77iyQ#2uJW5&71X2Dk%LAtK&sHg9fj97Upz zOM|9GT-k~Gk1h=Y8a918pf8`9{RfXI6AXEX$tEp;5Xs(B9|wqC$2_YrBNHEUg7`lslumqH zD4%|Gv8CVW&gkJ%?It)*h?vGBh2V8O!YsrB^QJ5LmDd;ZsC$i>?UNBhY~Iw6XUU|t zo#)OoE1Q4K|1;#rm_L*NSkC|Lqr-NE|DQd7@ti5 zwyaUi=Og-Aeo7#jR}EQO0ctx(ZKvI^EP=Ur%}{`ED7%(ba41EQ*8#y|oCD!`vE*Ci zH%CbD3{uN^=ExrH>_9)lE*Z}uLYzwp0b|O5Q7WV?V-mBS9e9PuDE37M7z#ZaK)VH! z5s@n}11=Z|Czct`OG?Fsfz<)oQ~6N>IZ>zrO65-0g0A|WW7gTQxwI+OMA!G}4a6ae z#T18vxJY0Rkn3X34%JV$+P>#1zA~>mh4Dn8o`s9p z_b;eV+&S!B;!iPQ*xQ!{PsJ_=hIN-b?8#2KQxr}xh$-Rn=Wf@(L36$fWDH`84W$Y+ z0m5O|M{;y`3l!UF=7gm~sFaDkDaYBK#Kgl*1%fws;>bgCW^DZ;rQoc)9XK7IQE|aA z$Dz=}>v=@3W^y@0Y!b_{m6kzE>d^^<^c)SfN8kL=ge2K%JSHI#^ZRTS8JIQ-JsX9B*vT6!`6F$AKz*#?a3%F4>VXC* z8C#aPyj!p2Bns67kv5?g$?T`$LZ8fVh&jJtbcEI77ZO2`{|fs^&J+zj-hrc*1rT9I zsF%KL%XfkVn8qS~c`TLdSc&_=lwm%lzSn`a1u#a$j~ULrJ+dsxdt`O<$7{CU-mLYV z9k`H62N!Bp(IP9-Z{#91Q&PrC-?+GLso&Yj)>8%MB7>mi6!ZmUa^X1f5$C$f=@>jb zCL#6?fa}ld>zU%0|1baQztS2UE4kXR8+DZ$jRUxu5_bw7;j)h$ym^QM;zGpej7aUu z2rLCH4oweWPf8545bOhGNkd`m`v(xxN@Ge~0Wr9MEPnv*lu}N@3FM$`kIW zpdoaB>q`t!=pp6-4HGzTe(4>^kMN&x9^tSrkbAwaJ}PmN??y)sg9S#nct<^@%^~kM zMg%?&UA4_4f8Y-M@P^28VMs+n`G)`AbF2ieFE9(GdcoZ(_F^Bi1HjJ2frf1Hy5X!N zAOzyqyotPkgmU(o?fS9&KV?m92eB_m(ivEN)($ z=-&le93x+CY*`$3xl-fc#~*)`gwNkF8b|u4QlygJ0K@4X`BRL!;A$i7lYj`mnNH)< zAc_UH6NnnC^q1^u(uVvSAix1-^9~#yKYvHm8#jt2Q?~-SE}q0((7@~t3X%=RMACJH z#MCN$crD+Xg&qsnYz|}*$7`+yGd8Ldongj^myxip!m*I*8n0`2c$VbJ`#Dbsc!sd)W|$-9M$ zK0wAfa=@#yOX9qv8pL9XW5tu)Wk~L58**7{)E1F_>OkYicI%leP+9sHtiJ7I^{sBH zudd%qR`B}udh8>!BaqX}X2iwsXh@`*rs`CN8vvPI5c1!m5%x2Ap2;>z$p+eHqRdp{ zP0Re%sU83PJ~L@ZnH2Q5wUx=FIXlGShO%oCPLg-cohTmpgv;%MotCqcKW*6>PYoF- zda*gZkgAfJ=cA+6bG2$pz4SuAI&8IC>YY!K_Y?Bvo{XJd=mqD3dK~%&m#*u|t<(Ao zU$)9gT{zuH&{J=dB97w}O83rQEhsBnc`)GDc)kGkWxop-m#4osqIrm2JrAKXZiQ2+hlkgps;!D zylCREDWTaCoXz7%a-uU8fnPS`g~W$Fy)54l-&eL6wJPlLRPRXoB{gsss7?O+!HF_m z^|T461H0Xr3x<4xn*F&K;`y$%lU9^$4X<$I)49T_n~5>YOJ8>@iZKkRWG>`+nK3Ed z;%Fs9ZdLdAz7a4Gq;W48D+z>G( zA~2Y$d_7iW{_3Nfs*v8{oE|~mXtwKp>lY~jgpvIZ0; zSm@DK2UIBt7Ka)ec=vn%zu#V6o}Uk{F1r2xZ|9elaXY9rTmqflfMUzCrX!6-m4xwSEz+w`j zJ*MmiNjW=no2!RuRloA`L1~c*nLqiGq5T!?i{!V&_AA)27Ls<9ye~*aJ#PP()y}g1 zcQwU+gc)~4bZ@ReEA+p^XYIq1{`c&8``M%Z_br|;Uz$&0MuLvAxJdOwN|cv@92R$q zJMgsm^{XXIS-sDZk^m)Rj`BrwEK|-lCu#|sYZkY&Z)#WVXopjEij}avEP0-o{cl0A zICSCpk@}Ma{dhbkpP^xAz@#{kf9u|5zA2^+DPZRCDMmgS6YK$sBGqrl`VDL7s=SbG zNE|qfu#2Sbz-fTtm(<2)R9%97k1G!kbvl#m$_a=i?OCLAxr-9P=4{rYlZMSp7|d}C~qW`2#9EgM-h zjXd?kNZLvVbdQ9tAA5Bx=Khkc&_dQIGj3urM+GzN;*RERwr7hduUO168>+itR)VB@ zUY+0+X2bkZQITo^)Xd=bmc-xZDX;(4gH>C<3Q%-c|KL^r|IeO1E3W^Ctry3S>;E@- zO6*&me#tVWAc1QVdL47l_YOr?fCZA9#!l+szEa<}3k{iiYFE`+xY@FF8?whtIfy>F z#`6PsGDE&xhnAxtcMz%qeEq6UIpj}S^AtkB(kE^8dGZ@~n-bh&NOI&d#jv!r*JNG=Q&6` zJimUmvo{7Y`1-YBPNGx~Os#?T)jlIG2cpHAobui4qiyO)3>?t-Dre!<5e?U7Njr| zZ?cR=^ zQ*=JmL^|%vP$hD!s~URaUBpXHnvQYx z$PISYi&HE|9E`u|!T6X~p5;Sa(zj^@3KA%N zSqyV2z|NH^vq$FD?(lddE9d(TU|tpmaAl=c>`@b3lgQ1;Us@_B^`5UU1oB}YS)oEO zNXomGKFp)0!F-*y+H@B(^!m$c4SVZwx*}gE z{<8PM)K;D>3rj9y6Q1v!3QH>#*ZVxDNZz(;xK3_VhOGA0Qt7f%p5Sm+>|>4$7DQ0y zt0z;Y52Lzo-=6<=)q8g__&q(7%3-R)vJ2kCORyx`adHoZUN*vMU-AK|uqO)^I-UQ# zzrVP{h10WgPhT?{baF2fm{1T6gUzThn@+Q&J)I;K?SmRw#Dz^F5=!cqcz%;a| z40JVtZ9N<7%*3B&5|)oYWhL6n0<7Q!eNEGx0)XwZdV%0-KSssW@60hNmu6@Y5M%p+xP zMVZAR-G($vknTpCB_MYu&Jvt0sIvrV8F~IM*>qOgU34&$6~4={PH}V!rFi`~efa`U z7DF|dWv4|82B!Qqf0VrbnAF5~)}a-U$x@V(q)#{$Y#vb(3R^<5^g3T4Wc*M;qsrL>M7tzwuCvM#V}ubjZB+cOuwZL)VRR9tQt z+kD}vtY0?l^675=r|lMgO5OFUfBydRq<3}Jeb;;0kc-DZ_LM9BlycFLTHb!M0nHH! zO|b1%5^TF$oR88HR@glM^>&u`HJF_zH8|gKgsU88r06&=Jrf#JfxboNma=TTrZr{J zuAsy@m3_gF?bfr^`+}(u(Hks^(-~>WQhcX?R$E=Ar6i-Up&q?N(Wr;GSl?KzdVVwH zH&xZvzpc%3U2?YP-IPHn2n&*s7z& zM%V0Vt*Wq8QAonAvJPg_xOi&D6G6RX&TF*cC0cHcQj=vE(#pk&k4RyOapj9j=L%4b z>!qp+x9fQ~7EvlMkNG5PMa=D`hdCyL+j9MBjpLi|?TzyIeCwy||5YP`wsrtr?f?0r zUXRWGY^zFJdomNo+uPL&q z_r)$X>Q;>6pWmCumpx_qZ?X#C>l&~^{vW<*9aZ9gkJ^v&|64pcUzOz{h1!>+unyGw zv+ToO+3BO;?o#jRvQW#^y?6{k$V+maZSXuopJHq!qw?iTVqy4Ye?rRSD77Tqk2Rjs_ zUpK5=4kj*~3?{}S9D2&XEHxd~xg(HJU^YX32aZ}iKT-W^e6pIYETC!0M6Mm&yozpM zo%rIvxLjZNsmT9tZ~s4RAC~3+(TiutkMjRpJj?XDN25zoESF9R>J;a~*+Q)}t}D3k zlp(h|?=4uK_p4uWp!b(A32SvC5&e2cT$89X%R!o$=T(RCr}~nOx4C;S8vEL&SPBA5 zDip8C*iQoDN;hZJb*fk->t1S4Nqrfsu}ykSTauDg77~a}u+aXES=9w(ktBLeDreV$ z)U;AATXUd?rWnNiUZv(WprSfQojdb=i%es6j9_-yu+*MEVz(Eo0q_bqu=?f;%X zFX#V%ad`ZA{_{9`y4#q4uTo@{$cxp=uowsKpp6AQD1XHKq-qodaI zhOV;oiahiE8qZ%=ugA-UCN4dLGMMLOD&Snhj-PrzmSQrq~Z0K5b4Zy>4_sDOe_)INe~?W$j8-c~xPY z%uHfut41gmC$J`ESFu1baaSq6&4$JZ@o6LbX}j5v+gxae02_Z!fA4@xqdAO_Q1|x> zN_`FcIt=}9rvNYO`;3S;*SXtA});>$d4KxG~a_G zefSysK{gadci)Eyxz|z&3{Z$BnCYHgFwF3$m~bMs1k29f9MpE&t-t9&l%KFb(7ib2 z$;H!_4Hv)ayZq!H1T!#q6(?gDhaP7BTy~0tV}`h3u`6PR%>bz@1d}eS{fxTKkL0c; z)I+A)mp==45erLu250f}x3Mc;x4Sy|v}N==fX;czHt2dDSL>G9`g zHq6bTxe-YQ+u)d3Nea>Oj=C`XL*d=Wy`94EeW`uPKfotk==-E2B=w!ZHPV&**TxqUMda`H!*!|ak&|MhT+#gy4 z!#0Mr^{xc{@bu%?#&F-V{tKQy9gyhh(+<2PT!5rKLvh@2=1>u)obI9GfcGI;!~=2i zsp(-Ko4b$l1fP==RoXXoY&(kCBv1QQa@U!(IV231r*s-bG{m9cfH9ZtC6z zh)v=^5u%_LTHT)bC5f@R2QGy*iiYYxG!ls){DKh$<5DS{~{g0lJgL%tUH&8nqn z4A5kqx@9y3n%qnOGw{dG3#a{TGdvU;g*ysX)X$1P$b96%Z&EFfhFD`ls%YHneB8pY z?HvB-9Nl3yYEKasz%j)$+x8In4H542eo&F%S-dWzX4R@_EGMlRH13nOZei$ovD_UX zU)hq^L#PIg<)pO`jr*akTNt*SXHM(Rk}6A&xD>=KoT^?&vF}5q(<$ELa|^@M@fj5t z409ZcwHIZHMlrf}dDUBZ&oT5&jYR2|`;YXr*uw%5|85K5Eeu1l>8g>Uk>!^+^UOVC?bCd<2ZCzDU`RHB2bTpK6hEl8x=H6O4575WotBw zceN~$R5>)HdX+mPy9Z3RL8G!MUOF2o4T(yN-AC31Mvo%;tu{cYvb@Lq9ecN>(A|c`3qjE5(U}))Vg_3)3MELtjt+D%(tUHzzC12y02VUl|wzka?Evgv3$^% zpmEf?OSLK*h3xK?ak+(`=?&1az@gf?Vm78M(560x$#&1Jq^5g8qnPltjK?kfHpOAC z+p;(Z8gFRJSct~)ovKyQD5tj{mfCqoLK4J*TrW6wV?ky(NuQ5-%J&9GYD}-3cvv#O zDL9UOKx2U!OwmjVf-xdK_8d7I_k>0{xBfb4m^v%5(7i2UpfJOpL_+b#ozYmGnRl2& zqrl>6)qCRcZHQ{w4GvY__|vlZ(xk@2ayt*q;&16N!~^yK)Hq{%GX9vKO2-Wm!u>8-<{dD|EZ(7QTGF zOErl`{xaOv=C(8HVdFNhR=bFLfH)_UP&vkI_iTeka>?#`r%m1DN?sQG_`WgO294a+ zy=xrPTu=`LBB99N2&}NlIV;`u*#?bL?C=VUdS57q0g!r1Zk$reHW-X`P+VG&JipGlL znhF~CdtS56F-_$%nx&@b6paNA3frP_cN^}yHy#ZuCIwUV-mHhW(7uaJVF?=bTk=1# zxo!O`n1+jHr6p-UF|`&h+SWGNd$c{YrmoA>yQIrf0l zGCqkbuSd8`XUfYUC{2^wG9g1ZHLFt3+`>p{M!^7 z)mzh+RL~x~bZl6mP#4DP`jsu7ZI-|K>s=R_6x7wP4~Rw+3sh8n1|Yo0=G8%E=30UGKXoW4p0 zZR)0Q518D-k3ar+hiY|busH1U1;_pRc>kfW*bt*54%y=0YnVSrrM6Gbg!6sovSk;a}Be9Cy8wLja7HBX+)wU_QVsEKMy^n=D?5ot;s{bkYyQ7hv+2v{L-~T-Y zT|-C3v%Y`VPrfU;H(II-sqjtKJSTl0c~aCRmF_p-MRrhUer{Z1t;aUj7`t1`>eEbv z$weWf5uITOP?S(54ree!j7U9|gNMf?#9ophK&PdESJb`6?B{r-**=$>As#uN`l#-g zxH9&YeaEu&?qUuYxznrzIVE~%+Z+qI0KQaF&mRubKR*uBs99wx&F4fII`En@z@JeN z`S@Ui)CvEx0Cby`NQakN$4lbk57HQdm%-eQIc5h1cYOJ_ST^x+mtRu9^?&KCRkax# z^gJYi>>QimaXsE9l)_vCmE{_cV^Qqs(8(EN{W%a}b~`$f1ce@AUgk-!q8sG6cq$%W z{u~};QSoU*!yJOLz?8xiadUU65^EXE3|#VR=vY?Q7np@ekQw&p2Y}%B?mNBCYFjZ+ zH=kMBh0HfFqgP{7PQw&#rV>Oc^?-_|zcXFf<9ynOn)%9QM@TY4$URyN#+Nmr@x%AJc7zj@{|4PGU!kBX$X{g`W(h1TvN z26B~i4n*nR7=>v@IW?;od5)T-MmP7x_&>?E3F9Kg;bw|Mi7WNwH|@=$Bdn0}+&NI~ zD2Ff=kmb{GBL7#Ynp#Q150zjA36%lI(MN45WSyJBgE6B4Ae|&f(l-j{z%b%8JkS&* zXVQq<3@vW*QmB9)Jj2XsJhiN+PtT|zE>0*hKywJO?mY=5hCDZ#a=zCITu~#U3>5_r zI2XfcZsc`6Whm6jpR_cYAvV_=0UF8u5#|o`iG)c6htu=K*Br@LQnZjDLas*hZms0N3$IQiDE1GdT>4=B@!H54ZQ9E$VfLO%&O-(!z2?B z+#szuC~08;l0UFl*W&|7rI9uhsvJKkTfS<0GMcN!GR^uU7bSJl6AGRXaqTf45`vLY zEU-$?WfnuZ&@<0OeddHbb(IdJ8>XQ@H?5m(nBugdNADo?E{j+y@esy|w^{PAQrN7mW-sR=_<<;x+%d1zXzn=C_&(E%Y`dxjO z<+|?&=T|3}z3!lQ^}gS`l<#_HZ%)s8SN-=t^#`Ye_k+{(vjmkZJ;C)DsRew;hO z75*Hklp|8aW%h^?KC%bIgnLT#a=EB-Ib5Xl;Eq+pD2#{T`gYhO_el^#13xKj@p~|5fjG_x;-eoc!Fq z?4AsIm(cGGAQs~vvQOu4-%2?0<&{o2=3lww@9HuZDeyOISJ&C9;e>em{kMfId?r;L zPeoIfT;I&(2OPR=9!UivcX*JIw})qrkpnc4gxO?x9H6jy?7V2=u$fl3bJd-x2>g95 zb_Q?z&58*;)zU|EokLFrAghiOwR@mJo16UgV95>0@?ta=oOnuQQ-zhtS_i6iYSKEYWh-AcuUJ+L)x#u#Ut!mzld)Nx z`}(p$b#~POb#!E<`IpOwFcuW3pmM2Gp(KEdQU(H@kL#!2o6|Em>0J&^U!R_I2R-%H zlyDp;U$%Gls=lOb;6VUi<9R*Y%YGLwE>C}ztouvv_Z6^fOQ+jQsS8N0KFbwYKc7>S zB$;D!(*;T!7DA_0ENrDolFM@ws%tyY3w5f(X3^NAew<}%?L$2xS3vs>|S zwgw~#3ulaubyP^1IK>RB1u>)`S5AVt&dnKOwW?Mq+fg|P0~E%}B4XC81&ymMjLL#< zma$~1!=JGm3*1ptl;mDCuuNSgsfk-Tlhk%53E7q~U+QbiUpnf3mRuifl*l)A8B4iZ z=_VIb-@MiGFTKcRL0$8?R8`Bw}op9V1(PoJjF ze}+h<)K!;EXxbz^9Wo<(twaft^Q-qDs4z>K2`XAF$oA5Nwz4TPWf%kJKKLX|C?wMY z6_Q0QS56nwcjjn>v)79*(@9HQ<9VS#eki|pO5w-n@p*jyBG3N|00960p%}?w0PX+) D0elb* literal 0 HcmV?d00001 diff --git a/packer/ansible/roles/helm_install/files/druid/charts-archive/postgresql-8.6.4.tgz b/packer/ansible/roles/helm_install/files/druid/charts-archive/postgresql-8.6.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..314c4285fc8db9b4e326e860773974541953b097 GIT binary patch literal 32017 zcmV*8KykkxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcciXnID1QFdrjz!`z7!2lx!62brj2PyBgx&oyVxlua zQTQLLeYUo?wqCt_ss7#C+A9CMy|uk#|JLufpYOcf`43nz7}Zb81!DiPwRPKe%7gn# z9+Z$@Fyn;AJ-FI#p(M$EZf|#9b+%doP8jx)z(EfLOK~f}+-D>as?fpV>Dl4_-o@bo zDEfgRWpJvA>imD-ZUTyd4*rdO;V~Q{SqX&@Ab|#mV~9|UMmWN;XaVpE7dV3TcV`E$ zkIy&YnuxKikE3LaIN?BJz@G$;IT?_UhzX!LkT1DFae!FBJ)cHNNKowKP7B8)65}3> zs7S)rm`1nvpfNuRA&EcPJZmTf~z4d8(`&B22N3D-|a!pyldo2(0g3gbYmm#C&f&RvD5)xnGs^x(nrd(jw zijf?E(+H<2^Ra5$0zD#PoDLMs27ddm7f}BrW}Z|3%1-q6o!!oh)i`f*6Xhz>K%n*5EY6 zh~rI&slXt{NPrj<4%Z|MfnH(8NFd+ismhx`Vn0j+5|1Fj3629C`vmh%@M%0Gqmho^OG4n<#32;|+z`JV+!(NhxA&Ezxey3WJ6p(@11Gg*P)4N2gEa3#W9bycKF*E@> zoT7w|!G`_?QOX4jl$w*OHhhMqCIuu`^e$yOPmt7BisRzd0~3gUbfK=}03Qjs%F5#T;Jmo&T&B=E>gi5d?UUjz*F{kQgEolK>AKT+GsJ zOlePb%)4u{d5^~40P(Sxwc7&SM-PT5f%%inWY&B~e0D%p)$f<>02;j=w0 z!ETmkICsx-vJp?Qoq3E$^Na$8%R#10ntl5;7Wk9l&?i*jo*JA#rq{8hX=zo#kcNR& z6F3AkHk?YgVVdYLOWnFL$(Ld(R0{(f((CDE)S1)7uVWlT_D=R~XiH6~)o!4TQbF5N zK`M+<@fWGO2nzoAnyP8j4Z9-}6lDECF87GUIFKq7`>&B)pPP_!$!vTYMJNt<5Bekk zFYWi#zi;3M{8WG!w4n{&aHp@E*8oX)v4J$4$X17GsEqn|369UlWGLWzO#Cs75eM%3 z+DZ>5a^?C83KDQwmx$bwjY({xFr?Qw*f3J=Uo?dXP2d`74x_a{!WY5yj~3imj&nd_ zEpj9It>>-f9m|!} zYboeXX)wKhZoT|1X4EVENhkm+(3MFB3lB5UQTU*<$0y5Q`9Ab7wd<=WOFJ;p0 z0nXoZ-L!{v)7_SNVY;f6XOi1U0ZoT`rWr=T1n?)qgcp%_!1>aILUrpGa~ew3aO963VpW1 z=cZ=tht6)7rLiCp_VoOC*C_0aMHH^RdB5-dy7$(5d-%)YTje6mfZJEF^`K3M!?y13 zCq^SJ=F(`O)ti1{pnVANP_auipjUWPv*tntF{a!Yxr!H$(G@P>#P!Z;l6ZG<*pvFL zk7CK~1{nTP#BU2^2j_VsIpVi;8)tc=u& zl+xj}qSygMlS}8FS!$WVsaQ@%H?W>^9Kf{{Y5jcehk~1ZBQ;`v#R$(00Dm6n{*uK)bV$Xh&pNp$NeNVLhnwLP;nTWP8?{ks53e7_ULqBq-10Pm}@vgrX$GJw5w^p~Lt}{gC#9 zru?7Yz0)s1i`gEu2Z*&blJYv)U-02~1x+T+rAjm;qhpj>{F7~elO z*1a*+tP6yQU;v1X_#GkLo%kcw+a4S7A}k2}lnWXuajb-b6dO|3Im96tiaGMt=a7!> z4cuQ*C`qMEt5!SHlF1p2Q4fj*9EXQq;sNnRX8fQChx^KFEtPNC*ylDMBZh<5>2Qb{ zZ}*`6a%=1Ob^D7VOry7xD=f8|2~DLuha?s9Z{|8`BovUw$_^W2#aVb)t}*Nj$|h4- ztW$h^?cMHjA$7o#4y5#-GWPb}@lT;o?TrRFn8xECw+hc76(HrmDtM{9dSk2{S{1eC zpyb(bZLE2JqW1Ml(avlTxu@y z<;7%Src@xBa?qH z+F-D?b6tS3408$jTIp-lC#*}BCh0ZzuW{fw=0qag-Kf|o!6zr-nzE08LaH_<9Dsnb z8VJjv8wIr>luP0_Gb;ZI#g2qeD-A&@}0M zcq98e#f;G4TtnA`=h~b0_F(UHiea?EKvF`L>w|?oXt$NKj$L79ek7C$`zOOg^2ruT zhxrf5)DBMU4-yB3ADPpnry57hA73INSk|3-GbC~?+jssLORZG>5FvMshk|vYeLlre znzude7dWL{@L_27iYI77h87teQE#eG`k^q>JgrA!#t zl+_R4QWU&KA&Py>^hTX6=Yqf+ZdqnTVk&bl#zGPdiAVNbcTKkFNq8i{`Cg@kuxFq@ zW%Nq&3=~hK^*{`nE5D0EA2-hF2u&1Mz<;EK;lRLpF~(-Bgaej;sl5@UJlajSP2hA> z;lkJ*n+hqqn&b>Rjsa*4oinrbM;UZf^jiyDSX4wozJXdst&2^$4oR%UK?pRK3vh+l zwJj^%$r~5|ax{kySVyN8*%DaDq1Dl5`qO;RweMrjJ;%{h;lcJpng(8?=afm?7GI+< z?5;7)1tY%jOfy5u6zCRm>%6TV!MTF;48K~xiLmpM2nzSwm;L$7g9gpv@vo(V@j|TtH0F#H6V!bHHat~+Knaojp2x1 z8DG9~%jeVEvE)?Vt;i!F@;>@%zX)EvdIkA>NexvA-qn|eiAEQgh$GM;M{8?vG_(%!%|dvR_7wlO z`|2O2yxGibd+n+!?e?ab{cNMdZVjq+E=Ne>k!edRw%Q%PuC{FTLfVl0)N~W4VYmq~ zo$5;MrUK#G?ZdIy1b<8^*V`>wTY0aTbpX~!$&Q?*y6HK*QB;D=`2M^9L3Vvlo;CHbSWSsnod+_}mQlUdg z@=TKe34AUX5_mKzh1pAKCggx5pHe}Of@^`s-A~j0$Yxr-hZDpyQcGu+pa~vv?TW!mBtR9L3 z558lp`D8#pWv@*PP7gjj3+S^=c$U?C_PgO)d$}Dmy&isXBJ#3`RRyK~qPDy&W|}ot z)l9Jk;3U94V%)li6B=Y9ptL8W-q`ZyXTC2pp(!)rVR07K1v$F%@1;+tRS|NgfHV>F zuE6O|ekt|?Y7Wd?DoYZ!cb>mc{MNv1_JT_M=v*?-5<5~1^@$rjaihN^H=4me^kP^I zFLK*@Vnvm#2<+|#28OlYMR~F?7hFeJNt?B(%*~BV_Gy%)Dm>SCa#XBd_DdfO(S2wY zRXaI)u=8^Fn5Z{?lFFZ3QLAOVOa?D{kcY}F%0kzq_I=_O%Lcz1*iciM$dfFy8uGCE7H*H5Wz@Z8%NRn{U(NVa@h*VWJm0L~H57+w#Dq@&2 zX)EZ~%%-1O(N64_8LH9Yb2?;&P!r`zkk+1FhHGm;V*`b>5;xtls%_a^qIM=?>}&7R zkkLrFHZ_`bGwWqwA;8iEvw>brY-C7M`=y7Uw6o8822?9#2>4SH5}&B>Y83*`Ew7Wn zEAK-*a!l{fUku6&UQVgnJU{{v!&yAJJHgL*9$%hYQL0LWgg>_4FKP8Kg0uljV{DpL z*jA^&C=K*9Y%0@~VdQHR9K1FTmDj1zdr~CAd=sv*2_{x$%$AUzFd}JEP%{dHWDQ6L ztU9Nr-9f$z8MxLqu?lcMk_ z-qijD$)ap)zkez5Djofzyvz%UAk`js#`z>RFtrop_nBQNX3)17qJ zoXYCWM#~mHmA|X}Ia1;i6dvFZP27DcfTXxrwJqOC5~QifUcPJr3=s)ahA+kp^DzyB z9_%Vtfucy~?RKk`LA)3^FYgAL!h}XxFyeDbe3S{ylu54NRfk9C9NuU)&SqBCj#W`( zGGv%ArIg@QkpcG^lGWN08STmQbB36A=ql+ z^&rx%3&7TI?dIRrouWClPmrog{ zyqja%v+Q6^$CcTs)`7@s23zjT$Z;)>Xa~*hwmD}JW;&rcvUH&su9QOmPPwpS=ep=7 zBzmAIK#5|&kwmWws8CzpoxGuA^brG>q%H*njk#cm7%`$6v(nx~YB_N!mZUlk^F$$* zl=yQx!cIK*TQthbNKH3kJxE5EPPq1Eh(@1Hdq1{6f6k8^wkwVYwxI)GzIbLKw!c6Z zp6_mL!9P?GzwKuz`Sy0?ya`LP0hHhT3NvNiNTE!0+`j!>u{L$BLIMys>|9b}Gw{o* z6Vhiu2NPLeqTm}%#9zL&W$7_Z**f3o6oF5p2uTgqY0HIXv38d{t7u2)WlSiycl2G z#pGQP;Y;n$xJPhH#VsT4odLE^jaTcQDFp`=A~P%?73K^yU}U2E}WinJx(@nkMZhE zMY)>vb2`xM>DojyNUliY6ziChz($&I9YGP`*jJ)M?|}17;AtW?jZMJ9HwQ}bvnvb( zjAQtSaUxq#@>YA0CKxf^fuooU6oxi#mkX8}|Dd#Zt}vSbClLt|+tl`t)?*YbmuBRb zYK#hc9cV!W1Szw{h}*?_-=gck6~6w_caO=LY0tiGv|9ase}MS7^$o}wHa!J_otRA6 zXzX{~M0)0LTh+h;(ZsV^R7$Wof_hDp#q)AyPxPfh*l83&bg zQ775bDKgZe5*&xaEJlZ69WtYf^^2>g4{wP0IUP8|lr)-?{xzCxO3K!4jZu>5!+kNo z#thVsf}-96B+BDFvgf!MRjzgGgH`c_^H_?FI^5a%VfTlP%*Ijv5uZkpY&S%{4r>kw z_fzHV?6g|nerpn%Nq7?^lz01jOhW9Uh{FJzv}GZk-~hh;w$*YEv!FP4GUEWQ2-2GZ zbq28fXpCQ-)dPk!4C%G(v}V@v9~EWo5$YWN_QrE8MIukX$de*9)#s^7i{Rg>myvgTeI4|Uk7MKRB8WkXmVg@1DzCrFHc zY=4$^AaaJ8orud0X@6Kz&;J|MghmQ2&jX}o@vn#%|g#(Ld;BjNF*2% z%v_0?amdp0Vz#^NdenAkvRuQZVm917k44~lLQKFT@)wq>s`&BQ3BJPYSu+fI+A~wz zwfbt2l^ceac%F7rHgC`ki} zB6;DROo~pfbxx#iTinbi+*-X;JL`G}eVHk=8VRzSw)v`4nnB@+u9g;MZdJQb^~P^1 zxJ_1SS|}X0n_9)Zm&uvz5MkRMh-znew7UW7ERTf5VR$F+4h}DmPD^Y~1!^^1!$syr z1djNJt=~IbAd&J83IZl|5cSUd_|o2(0^#)C*+mJ6WxD4H_7&-={_F{@FYPQey5Y=k zSnYufVci&CMe;UGSr*>_`0~YJOzmpUWC+1s@!uHqgXbw!e3Rkg5v_7fW9oZ>(A@K4 zGl?zBK@_102=oyHf+4B(uv7i}c@GHODkUHjL zwATRX|8*|}vAy%Ev(?$^Y(Jt&ZmzHoy0;=Kv$GlmmkX^ zQLYsP38R7bCAtTmI<47+`&91#T#j*=V8%NlS;bWlv-f|V?`%KcE$#oj+}+)J+W)za=kw?8w{S(Go(lUN zk`PM)`(q^0;*W6;zU_Yb(vqcGho2I2U|jnu%{IC6mv&mFoM)og3S3(YQ!g)|j^^qx zG$odEd(=sEE_pCZV;^>(t3OF}uF`fu+shl19L9)%?zgQxHJ|B2XIuXxMIjjy8~{oZ zolCRzE7q;6@RVO+T?X<>r> zjoFyVRSi2JM;Mngzh`A?3pB!*6x8;|H)>eDADd5#17{{_bt?r$D~Gl4c3}V$Mq)99 z_J4BkKc&1cw5I!AgiPxH{u-%ApO38|qUERco9q?>r}p~%S=g9QwR5%;YGynKsI7T)!Kc}EhUX{Gaq2n(2OuWc?;qcQJZZ4av07F?DY%Upj0h=WQ;Y}Se{rJRkkF{=u; zYgvlBH1ywg95*VSR9cMf@7mD5Y)E=_bRww)v+3)7)H$(P129hdY>hJKLL#|N%eIBN z{m3bAt&O@GnKhEtktWDg!IEW^aZbIt-r3%^K@TRsd3MNECt208x6)3@vb<&qxs`>I z<%0n3(*$p}2B|PR_njXUE$no*w;-UH$IpcA42akSPT?A>2yc~3DM~_ht)SUa9(szd zLpmaUr?nSyY7hB56Y7``0%#D_ZcUg-AR$C=C|suVYi1{wcd#3y6K|L8qq1d zvpm~FWS`f=l)y2?URk04wRq$0}y0+k*;o8P3%*1aV z(6AuoI-b^rC^xHDJN6k~-I-`;LUWC9;!f3q_;ISL`;iu zrdw=c=otk**V^?hUD>62Cec`uC-a+$$LZ96O%?r`nhUA^^=-^G2I{IlnFmki!GoIz z)t0tB%ihr9HpS;I$jn97&W?)a6H;hop|x4AS-T>$?)7b!b$vfA%%_FTfvU>rAuK%`4Ut)i9W{*RgjT#JD8H*h@7>HCY2hA` za9+J{Hs6@AJ}j!LuRvJ{XYOSw^Ke&rvC4eZRaa|(Ia~2AQD~0(l0P--?7bw5 zps;wONHyxJZylMByPA3pkSA+;W;pkPGQ$QI#8;UwHN%AI>ziq?i=bM?agpgXb=-+` z&}uWcEP>HFMfX7825_X5+f2nULsW5(^Y@pWlp^g1)ex1kwh9$dHFQTx;tU1RL8L5M ze%EUm_vHvTsh+2l{QOx5N`B4*>s*;iS!uJ*$+l8s7F3m}v+a|`M^#yI?s$rA)C0VD zTMdUcALC^m`U(3Fh5bsFUCJk7kMhj%XuDZG_H_--2R*p4%e|6g=kCysImm`TVIPvw zCE+@?fR4qks_UMXyn#PbD)PYW2EDme#%}O;qloLzdD!+!fL;=Ud}<440Om(;Yq&pv zH-s)tMAf~sB1*cQOxwT#{0=uarbLxQ9R4bwJ54@jpX|$%f{oHiMSb@PaOcs8POOycWhdw z-)X&9iPu^+VnigN0=Et8>h4r%U+JIOD3BO;1nr11)~}##Qlqt{-S*|nOb(kjUz&U| zN$?SuC}boawV`8ELKZNi3`hN?V|s=1BCe>iZtC2Cp#MTqxKUkuTAf)Ws?@oIXO0uq zDcCHc^uM<|+bNzLlva)4=#BcF0dvD(#p2IJDZ;uZ4E{@)v^nQz# z>)%$nQP^xSQ@@zenq1*hRXNRY0UjI;L1LhjvQV1aDwbD_vC4D<0gaytqjik2$*koV+oV!FuN>5@OzY6Vd^+^=42-^ zJ^tDEsk{73`Dv>6%oJbE^_d=AZMQy>IOyeG`c{Mm3Xnj(7UcePwqLDOquo)UP*{vcPe%sDfk6h)@ZQ-IC|#GHIu<9=)|*8qKU?-_6Q) z_RMAy+yIFK91GZ~+vcq!gD?6@tU}8@<89Nz&d!bSDD(8Z125x}I z=p*)Z0OF5sGWaSVW3D93r}r6nbIUD+v#F(F(3Ll+Q8lYZ*3FBlkv*Nwe|qZVe`(j; zyQMxbNB(c`yx1wq|DElfou~8v_wqP)P@MuGXTKA4zpWSUhfa7#Nq|>IZfxA4_^yul z_-n{p4DQ`lruKsPyaMm50H9OrHzq&usTyiWq^9-d16UkuN=E&HF#|6jb? zn&SUkub%k-eLM~Lzm9D8a4gs)p(GZb4x~~X=QAH~@;^fPUuX2^7e_o4qOD3&p*kk* zPR%+unC)wp2D9YA%$d?Nq@=@u#E4A}GPz>dc!I=u6TVS*-8g*w^JkS3S$~HwUlfSn z*zU0~A8uf<`vS*)8Q5u#K3||UA-OLL2|BMR=?VmB+R+;}DyCsZGk-CuRLTGCbyzF% z1J2?9Tf4i@Oa8xCyU(BefA{iK?1R{#FS`{|eqXo_ZKW*RiJLXN=c{GYcEB20Hs)8Y zBMp{eHZyTs%}G}}|1;M=zw%eH129+r+ubSq|6ja((*N$|DFwuo*M8mVHWa_SI+oww z_|-1)(haHgi`t&fcZ!!hvpm7R#DKmc+41R?o3PoBp>Pd@bE!#Xg<>A@joQM+i<1op zE?%ZQ3%IK44&MTmP{GW!4e}iekvPO4AAO(m58L0rGA{&TBP>qU>r#1MxCMO?@~Ni> zTR`2Nu5-@)6*WKoRPz5~*1B6ufI0ks=lP3r{?}LA&!0c>|ND4K{J-+f5J~l#?H8^9 zDM*IeRacwUP_4ve<;T}7H!QPHXmDO&Ul9`i_-)~u?nMUH7*=z2fxUuxFAV85ka$4T zIB@RT;)YQ>TswbJ50w+%Ux=S=cg)ipG&V#sa% z^7xd5#3v%VSb$sjijlk7bp$#1)5=2QrZdf9d#BhJVaNx zRXGMroC%{57Gs=p;66hMo{ULM@;^s6OGA8X1z?{2_x#1HviyI(_3}yn z-^a6r|0k!8Gf5pareZ{6A}AyAsN++HDOYz%WCrAEp^@eFfGN*z4V1BS`Af@T$(6?p zzhdR0DLzmT5GmwQsAWK{54;>Xq_vl(-AMjnj&+V0O_P%KHyf+pIGT-YN0(1RShrwq zz&CIMu>tk_zrMSEtL6Ml7%F-xKlGFr zo>}YPm~eN!{&#kE%KG1{o!zJPe=pAx_P?QyV?!Ow+5hK-MygfEIqA_Vm5CZ4XPf^E z)%|Pu2`Zf1HN&6dDOj*_(XUW)`P!Wk90w}uFY^{8ReQh9hd^S1*_FGuVBa*E|LNLO zp7v&7XxH@xi7-t?Ub*nP2|zXN6rifubI82@YE!{F&Ar+?lBc%U?{I(W$y@V4PqqBd z(}s9zcjk7kpxN^O`PQqKrSsoATU)zN@t^ndG_%E1Lvm5d8M(yD6WrwAH@oCi{X!yYPoh?yG+C{;A)wdPcHHQLkKnChd#mYGhw>;S%7 zt6gf8#5BOu;U@0eswk6+xvz}*x+2eU_WI#4eYpTGX1VcwL5&JrWA!fX| z0Wh7pILi{|H0I`9EMyVOdK*W-sFtQYEBP0H9MK^2xZ1rQP!_8TV2OP_4rq&!XIe(8 zW0$I&Ck3bz0H(NKy+EtI9IX_3mN8KsIai?MSt+M=@#@&LDW#axl=+w!OJ%QnI{Rah zS&@&;L|;%eailhsQ^#!oOXDO5^NdR8j@2P*^zzz7R0551lfKevnxgSbw zYhivf-KwTL?+jkOdIjA8Uv>F7Y68;T&vvZDG?rYAXc@ zFU(P_ET~xN*=p`JS?{IFJRQueYQC2%)=*_xiJ79ux=~FNnKPRkmyv-3pk55vpj*W}wc?Pkkz?m-DJm_3uxqJ@X?7D{XL?uXZ$4GF%IAN~g$; zzzXc$uQIWyp#aOVp4%`Q9AA}n9X++Lk1kI3j*l)64qv~2Q(9pveUO<&79%z>M>n87 zL?OrJJ0k)-NJn+&5Nv;^@6IpYoE@J3@7v2?-o1T)e0X_qbXMJOy8*Lm&+Fv$-Py(E z$@}BihckMabHt`Si-k2}qZwdt4)!kgYSBC$n|6Q%Iv}hLt2JDI+V0p*rQ*#`FC|!nq_?0QGe5{QTEYI&xz{Z|5-y>deQ)6zbXwTQb7oOG?&*m*B@hh0S z##2^0Wa$oA_=%UdS+>Wm-hR5+fnk`YhLBw0>~^+lwY5;B2rd4UZ}{ZERk+!p*3|~a z-8S`d)&Yv?o8ih0ekC`>RSmk%@wAFTtq8(tCSx*N9^ep7sy1YbbXHNi++b3>w^M8? zsovSqkI4x#;3nY4PsG>eXE= zbAQX*0}ofP`AQq2@)F68Yqjq#N|Gh)+=?bkZ7oZbrDkqHm8F($MV6(umY~a7KF?*8 zlX=p%=qa3|oIG|PW+en)qjz}5uvU^GeRgj22DDU4aXw?>D#%IJu>dbHp^xHnnCw&a zwJ;4(w=Bk%S$w%4{uhU@RMn~sR++9@@B5t&H!8!yNq~K1Hw>!9*W3#kOHDbqF~Y`- zbNCuU&0HP6+MK60ImPZ)zd6cNq_`C7YqqJnrK8$<>D+Ba#C>?uLwTFI&VUI zR>jO6z-Snfc=TQs=|P-^VGCyR^V$i}40b<6B)YIiIqU(dasV?-Pt#QBt=rL5P`Q2z z@wYB!=Ufb83+n4ZY)bjcdw6GWO}nAI07zL6$22I584XV5!15|Z;PknuDvx&s+2*^q z1(WrU6!WqrVXkAYS4+vCmEqPk9+cue@>Q4W&puN%@BGi*=YM|j>cv$4uif3Pr~9Ao z<++!WJ+=AXRdU_GP&Sw;9%@E-+mk(}na6mvXZx{>&xb!#WO7J99V%*isK`mWU9}8W zaI7eA>FHci2`9@PEUK!!%n=*Q=@vR#RIYT3j+Z%HR8jTmbP@a|PZ!Mx(>Y^f=;G;o z(bM^&Is2ba=Zl`s7d@RXdOBb9biU~6e9_dX?%{mV3{7SFfYFS?D>`9ht+Qp17|pN$ zbjIlEjL`$1Fh4LcV9ww#k4}y*4qjjGoxM4)#rez*7CUn^ z2jpK-ctBWFpnu(aTZ_#ZV4F^E1-QPnc$(xZXI_GPzJGRfdU37}Lp3_bQs2WO5N0Pm z7K3tD%zUq=i)E(&5uS>h;@>qH(d%*9^cA2t1aleMt(u9x~7BqJ+T%OJp-r1SL?YNs1CNnXZ*zF*TPN z79jfy1V-VGtXt6O`QhH#{?C_t7Z;702V(yC5(&|mgP1;kI(mE2oJFZ#h9nftIo12K zx6N8lSy&?vX8C8Wkog5MzJEOBC!Hn?FFz7dNfvS0{XVOQN`dv1V8DKPN-*G%$y0)X zrvw8}2?m}L4E&7}4AdNq45c=`e|~Y!P3l7D zJ|l_X`N_!2&vn{~pK?JX)t|?8(Gs~9q7mu=UBbRD0H}kR7XZ`K`si}dR@9vh^WQf$ zz=Gbjr=%EvwUDN-;WT^$YP`qX5N-(7g2^Fjt1g!v!Zf#%^bqB?n&yWngH*bI)ESGN zwc;g^FhAtVwz+tWccJFI$nKhv+*L?aUHg@xQOyFQWT|hgVF$e*)hTAeZ~*P27$^%c z13^KLz|I3qXbLgLf&9c1?33XH5M<4)SI0@HZ_b&4QAh_U>=f*;a`}z+@;e3xdl!3` z=kMO1?H^vgKRc>*vLuYeVhHWbMC|=%(EU&TKb(gV4e*Zv;d1l}l9~f0#&F!&aFDsu zJt}uBr+eq;54uHF2Idhv9GA%pT%em-yOfncx-N*j^FWP-NZypQ-vA_9a+TlKU8k#` zc?P3pJ1g{MR5!V-`B>fBEv(4u25)6dRyXUQPbi|i0LT> zVx0=6{R78FUzzPhs3PSeoKtGQUQ_SlaMA<8QrDx0*ogPwL)$aPdFPK5vxz4cRC^QJ z#_BHgtdg#@f1f|x85<|Hi*jn)_4|&;%t$<WW|TOo6@W+&GQ; zP%|c9=2V}A(1C9%e0$1uu=+HTZqxJdw_e+~J3!+(dP=1Dlt>X8Wl#M2pX&UNSALf4 zZ3PJ+XXk(1+TMD;UC#gb^40cJ{>S@x-29JM+cuk{PJFaLCdc|rfnRMdN6Qg)BE$VK zm73JiX-mpI^LGzUXe@1g#}1zvxR@*!rzj8`VWF+`srHIl4HrReBV0W+VLm|ND5FojkuADIrPhYnBjGioQu0xXL`eQ)zTK7A?E0T;*m6S#U9Mb^H zT6s(MP38Eei+`?9EWC0N3|T^4b*;gj*dulPe?_ccJ#+Z~&huAg{r~0G_7nfVm*-A6 z``?tQCn2m`&b|TP{N7~NA5T;MEv|5&$n!ecm8dN2y} znEwdHXoMrFVDSkTID++eX9us3&o{K%hGM``GDe(mpfRYx9Zm)$Bx0hJEgAzCC=L({ zxaZR-35nF{I<3}El)=w?n~*3`4;*9oAjX6P!wJpd9uYB42OXbASxliaA9zoE#~k2;=wzm0*kMHH1_F2S~t&;-H)0Wuwz-T{yi; zd~zZvo2dB?^=W&vdl~@IqyIS_a5ZDs7_Lbes`x?@rx+4OuSh`Rkt)ZfO6H>g$36x+ zG`B|aP2g!FmC{YX!Ur)%0Uf z>TB~1F$`CjO@Nb#gotgzzf&#%1sN=tX5^P@j0*ac%a24rkTP40xLvIGExP_&;p-oL z^&O)?j>eEc_HCop>i7Et#K)~~K+d-5DG0zc19n0*_B-aaJ2AGZfdit6XS7`?!QyO; zuW7n?Uasuvn+ayOVJh!P;9IQ=YGz3-*H45KAyIRw$9gHrJ){%0$n~N&)HtSGaiVho?=b7r)QFPglgpos$e#&N^l$wHB}EVFdPtu zeN(JoTs?hwL&VSNz!|2b(VXTl4K&AK{3C^3{;4NqTT`|ghNC|CeSot z)W@7lylRF=H0CtKGicH*0mpz;m|k0hqgXH+==CXi4B-aD14;!K3?&kpO7T;{uFSul ziEzyO+i)q8#9no_NqhZhBe3y15o^2u7Ml^Iou8(Z$N_lk7#6N z8|$=MmQ!j>E0P{yNI4Glf>7O~Byrg9NApIFXhS1C2U?P&BRc6&ug87eK8Y=~yaNsv z$B1igDKIyrb4}St4a3Qsqm%y!N3lc^-vl2s;h7O^!Z1v6ECRg@7>%$P<5WpxK@-`% z!pG}>o}Lv)kT4o_2vs6uZ4FKtRtE(+5tz4H9^`0;?aubjcP-B_md^I}cOV70;!&L~ zZ-51QF2A4tq6LN|KFq9CuuLS41I)sS;?ePtA(t_MOB5EZaLc+KAa+kA}pu>_w}_T z`>_EWtEB}Y;exAX@~>K?8q&0_;=sx|SH^W(t$)C`-(Ha9+i!dDmPnx)h89)aERnv# zi0n!)?)NdNLcfw8_ER^&Ar?x47m)4HekI;bwY^(iDzlEnueFZDxA)&kgir64nl7etic!Gmn|~^B$dbn;&SW zSC}ypU=IC?${VX1?}DSdYwXy3-PPE!2c2uMlU4p}VaEoL>mwcgVvlMUf)2qJGABi( zewK2ra61UJ$B1|VgQX7c2zz%0ZEa8$sK z_1VpAr~*4m<9UqFP41w~nd$;)a0U|njFzH*gc z+YRf?yZiBbX_45}jD6+*?GMclvz!B}_{lY8AE&8pB`a$hJ2Ujd8#pSWMc4KUn0O>g z;!3o^dhAr_ht09`@Jgbi4Mrp;0Uj)dqnX&L)DN3u=i!w^i5;~Gx8%~AiJeOQusL=f zUP-)x{$6;ECNmYdS@o;2Q=7H64>zE)*B%`xvs_2w6tJ~^J;pH%k*{_zbtDIg;Q@m@ ze8XLW0ua3ff+s6X*u|TgyuLp>|e2JKB*jhea9Lw|qv76y1k;#dbrsHHZfEYi(=;J^2}-7)3jLr)Ud z@7)37IEX*|&j%y~BZE}n-#`4%2kz5E{h{yw`u+Fcf4>c*n1Xdx*wGg$HnBpFPNk{K zFz1rN#)gt4cJyLX4Rw|VX@$?~u#;5m&Q$lPPB+DAG{DS;`8a5i3(Ti+jD5A%9`sou z?WoHv8+kA^k5Scl-?AHtpz}vTG5NDP?1-?L&Xi+kJHyPy+jGFN&n9;gg|qy#!j+{i z3~fX^xqrv{W^|aY+WJ#`NGpVtMK%cS;6xT0kT_Tx)Fqx3t}J!g>0;PH$)iTjN@Z4d zf9D+U*Pa#0a>Nl5{us~*k(ifoWW>B~cxec4^Q;^@TJMx@!i*NW5!T?(<5siGkA&F)3NS&5DA zVkhNujIE03rbqjjv0cs`R9*ctcIK|FS+QS_?XlQtz%Z)om$9P~L7DManie;3Vhqrs z&Kkw-8hdox=n^~IxAvSCurrDMF{3d}`96&zQV~@t?JTF5Iz&PQL^Qx1*b75?jRUh8 z*MmNd`!Uf#9jl&5QxCi?xDH04YjMOnhwUHXnqTwZN|CM;%U8v;jn!is_l}F>o z=70sKs4^Wo@Sfvg8Y)STf-4mJI4FoVj)frc=-!s#4fLbQr32@Js8ZNz>QXj6E*b0I zF(!yAJ4W2N$pkXm_D4J^1c7I#J-wW%UXO`C24WAsIeJ&s`2%g*5PhDX42PJRla^Uw zxu`3y_plwQ)sO{IR0XIP>pPS%udQlHs5pz$pwvXGTT*dAO1pFnH4HRX+U7&}*;b-l zIw&@OO&uq2dz^8wKp)MO1W-vDM8|XGlyJwv;x}-~P#n+*wzt%=K;$b96DDI6rx9kv zHxW3OO|Ua{K&Pt5DeOF24bvIhQUp|{oknI`E$uwEXT`KLb@Z*O$Ew3{kMmhE-;vlk zATv#zDeOQ%7z}9`Jig_11O1B3H+@)FnJRRk1maM6tN2E)AP9yIRxcbuYM_*VYXj5G9uoo5;mwgu1zP zb7?^CsucZZ!5%31N$6iY^`#2M2_gZgNq^j z&Ysn;tfjbeX?aa^;o{<5ip4H7x|L&Re)zMw{#T)j`OebBQ^1bBxnWMwLIv$)cRoC>XQeC4xdvty-`R7nk16einU-|M=lj$8>S6u- z=ZANsg+r!yJpDHB1N+w!lCb8B=b<>eATp5cUMj65bmBibD;zjVi=GKR8SjP z{K}UIa`Cf@fi5>X`0)F!>MQK{V;rO*X4M<<)8T8QB1Bhsoo~P?4c7U+VeAI_f~Cu= z>Lu*>YTGAJd>NFF7+cf?Q7e=30fFgh~m`$w&uWtmo3fsLKy#O{@|-XgHMm z@0`q_H?U{QJ$?+W5<7y1n9XzVzztkv7+82Mwxo*xN*Zfi*t(4&GQk76SBZN{`J zGE$CZVlM71CRlrPl(b5rrLd#jGsn`>t}{a&>==_l8Rm};H+P1e*&AAA>^wreSXftw z9Zmx5qsrw}+xuP+sJllEwu+0)U}|~jZu{Hj5#eLhLj%v6iv19t=M#VL66&8ktxN+F1NS(X>L^X=Y+Ix3L};F$UI^VW*ji zwUmwZP)lpI*lA#5Eox&usMJ~|b{d&ji`!TaE3;N$V`=m>GqG-EV?6*{UX{>lW@6pK z#=3thx*P1wb}BD!V?7{SUKMtpOf0vm#EZZzBC(RoZy56NDQ1KQ=h&xlFoh-+;x0dA zrm6;Eemr3;!Mbwt)*5H{`4p!QA*Eh!Uap%8S*!b zrZs14Za{r>ucgRuqTI8$>J1U5K&-bOqGAEwW zSy?)+9qDTJM3Fr)VOleJq2h1?0}Ln?G(v*->S8l}v{whCmS89(G2(d1Xy=t=yv!kU zL96YtB70a7PmktVO)gn-g=5V5DWikAp}05jt4i)Mp{Y*rfuK-drzZx}%F=+XD@*qHGra~n6j-HMN-$G51Sz9SA?Oi3H?X~G>?mM4Ukp2@ z(tPxog2OZ{qR60awa*P~->$y)V4#3BRR?cOsy9a)EY^QS>flNwdI>wTg;q&sWpy8; z&{_%KDPd=}(E8iStP*x+3$4GM%qn4Lw$S?9$*dA~W(%#qoy>}`V8ow!x4PToxj;++ zlH-rC7~_;nyZ<=6+Et;P4*g&fN-B)Dd9etxQM%p zXEjG_sbP>wjIYO-O%qHO^2En>kIKdq-1Bpz zL+??99iR~hCzx?|{TbL{a;z2JuMg_O@9SeB65i`}i|S@TeeS&KhDcy8x`hPYT@+#_ zNIbe!O?5Y{Ew7Qd3H})SAI%Md`a-xE@Fx@{;bQrnR&!|0poc_gggXq62p6pG6jC9- z>5;4fw#M>c+|hFb{eb!(G3yYzv>95)PC~hqTGjZez>c~${4qW^&@U&n@~jQmC`fV| zI|7Yn8|hQn5$G{oI8yOQwtTVo=JI6k_;4BaT!Eb=4MQDq(3Ey$4M-kgsLBoWkA^2y zoHERDJU=V)RQ+n~=(O84M?XmqT9)rU7Z3XiUlIWHdDvtm=CLEv(Iz_RQAdK}M+T^J2Qb7zI* zJ~sTUBqY~jr%{;G-!8nV8ap*R#(%r5;%e;F>=^&;wu-B+6zPE95(k!kqrLGOJOT)8AHRH41b3+sdp)VNQQLnUy9168Ky& zB=Bf{-lq4eIB-+`QF?ata|8X)VxnR$&S)5tc%)%(H*|&Fv|83(qtkoXdt%Mi5RwY| zp2x9(k9hKMknpWWH4f)2(wjDW;kpfK!r;3vwgw|ukJ>i7GSh-ipg-+)^Z zqKU_Fh!Mx|TMIz4`VOT1POG&S zsxx15A%>GpK=7}<Jmt-I<^$tV8ZU;M;F6Nb>EsJ@^+*6-+7DcU{^I;15nSzppz#Hd?Ke62}Bw;)kT1b5SJkfAAdg&CKlFqd4Y>!Y)Bo50B^CPU(**h0-WfimzJQE_4RCEwdGUQ!x(97K9Jb3n zRuzle(*v|4(_B;${uoJR#{sJWj^i{s&uipE-73LVS8h8)NqywB+jl7*JD=OB5Ba=a zP-m5d6SYnZ!Kp>EnUTF^#(mGT`02wiL?eA&O(4|)`903i7*n~pNUWKZBO!Bs)q%Z` z)9F5DE=S7T{+va~$MibZ656nbea!{kn?E!&QX_X-nJ%H@NJ#7;BZHG0^#>`DMC|sD zK%-oGjMG8KY*0(t!745o>Plwc-Eh?=XR9?ESW)OYWq#b=>1=hj`g*K+yZVOuZsERq zefc`#h9w=N#PC8Twe|3joC}^NlC;$RmELS3f9hGe9@7w4TvjeMks#2sY__Mg4nm== zy6u)gYiC4pP1#2|_UtAkBi=OIH32&+9hkl;D+AtgPef42FP&EFD9%z{8ANalR7GR*9C|&SSm^i@ogSckHMCUK3?8elpeJ1F2my^T z3?{NIkqxp?!@2I*A=?uwj3%nqkWOe~Zk$$)h-)b=@fD#ea!tW+R_&h?J2KMcRcc7|lLOVV1gY0={4XxuPD$V`mHo-r<5#++SrPK}?q60{B+ z#XwnrO$rR`r$Ud?)K@XO6NpkS^tAgrACYqR#y!vT(EeQEb(&JA9nD^}jjpAW;hR7{2xwFuRHs_KU0eut0yoARGO z!oK3X>d(&T&%Rk)=O#^L#@u6!1E|je$tm+5WnczbJOwv0)OFK}bg< zIa5{x-^hm@P)WvD1nI%&Su8a}a_8@yL`gW2?2yEEg=T>n$oDA=6gg;K?i>!xOG%3F zC>M;>jazF^#Fsop)sJUsbAdBD_9_f!7%G>dfW!CrWc zCR}|}N@Gv`X&aWWvKDj5Pt}>O?VaZ@s)4rVMN658j}U5QIY|OEfm@o4HOHe#=E_rS z$(U|a=kTOv`XM*yY66lsB&Wc6?Kn_;6V_!b@Wb}^uQqJ1H`%gOd5s!ORA1OvJ_*ey z@^<9%@@W|A&q`W5to!5l+@7>F{F5t?)L$ebAyPb3i*w032G&r*@WGfVZd|=Nw^5MF zl`_r=ymtN^gmlo=6f7l(avbYGY}1!p+WVL-mChszHw=r(&~Bt-ew?BdPp5FmYGaqyj2c)qJHbyMDLsI2}S zfSw1v)$?6tyEn7it?Z*vC~Gk9a!!pIFCTl2tEw6mFRxnPRiNd&XA>?X4cwGo?U;(o^;jlVm?q!C7&Fq#Hj2bpE)E3?hXIz>tX?KSW9zuW z+U3oJCFKtMOt0~ka*L+}Q+ZqQk{z`Om4+j^m(JNI|8y{eI9%f}EUNEHE2(PFw)HWl z*JT;(=y;n_sgY``7Hx{NXb+z9Ti7#1`c<|jl@?s&7P*bw(@es#0V_7{1m;5i*Rqgr zcNVO$)3icmv21@Z7;Mjjp|WgE_l2^GT#kk%&#C37Le83Jrj5i>WO2+lE4St}#;11m zd>Ua}m8k8ffDDJkPeajxJ!#Bj=9CG$(!2K@Yq8}j`&t<&%MM9(dXnwD>Jm+nKdbaK zu9V?)jV7B@&{?Mlxaf*n|w!>I2V-RsqNta31pRnTp!|K zRJ7`g=o2Kyb{v^T+G(}2K?u;73BZ1cNTfA9ps5s8V^uR1NO34J)t= zTuqaEfpuoep^#w|7_CDAPGTTtKSE9Q5Rp((>Lm8nzXHX982*6^^66<2V_es z79XY~WeFf5VFY9#>^d>a*26#l`4Nbk0qt)dV&XQkrS}kdjI>26ScV5DO$$xe=@hPX5@&SpI#ZsCV z$5Zm=9B7Z{0gfl`Dc3Adi}vO896t_@hm`r)#r!1-!%KbDhcUFWrh26)42eKrWSL;x zqqWxg+K#d446s0*BDRZo{PFW|ZIjjZw{}nd;8cfF{MPRM)^^7ATl>owvyJ+z6hcLO z7$k3Isc|i%RyQqZ>i)OHsUq2zFP`t1Nl^Ak!mv-cMaE{;EEe(~|ELex7@n5rP*;UC z1~b)Ugk#K<$es+0vcyVxf{r>XcqFY?vw-1AMYPsAkEJY_s3V`o*1(#H&II&M5y{}Y&x`w5m!^AxLY@{gN{m_$b*dn zD8Vb2XEjIiW_$vSOOi)6*9%VXYT^b`pc2@J)554^8Kk6cWyylmFOdQ}BJHisZFSQV zWARC?#6(4E7G(5MkXA7+X`ya{*05w)c;`(NEcHZAGYr**yHyIy9L__&QPb+k<-vZC zW=Sx~Nm9c0Eo9=CT>jE5kpXNr=rV8?tLSnO%rc-fFcW*Di)R@)OQ`^DQ>=r3CMIkvyji%LE zpXcvX8h|{;_8GG)M(WOdTzK6h)iXIaEg&g|O|{Kn4U`P6l@tqblZXjam-fUvnGyu9 zyRHC`3xWGhXeKycbMf$PkcovfwoYL06URV{8(;|oX;?9%O6`xZs@0eSZy)nIqCN(_ z*Uj&g4^I0*^0p8C>&J8KX7e|W^o_kfm)U~9tA4Qty4mT7_whWDzG}6OvW-+k3bs87 z>qJ}29NA|%w}&+vG1!zHHQWYGAZ5R3+$Q5D^k5k&&;L;mXF3F|tAtcQwX%=M07#xRk zsupPCO~rL%8?H(AzHYARy5J;+@Dto^3Zq1pes-vTyT(Y4drQ`f1br!OntJM;^}4o;Z+67^uW_7gsmZ?xpYpA6bd(C&px) z>V()n2ebpmp9axXi3y17Fv)ODEM+#ODa;1hqewL96JV+LN&nQ3^DyiWcemdRiOa}1 zU~=AAWmS=n*amD$#hokw+i+xsaqQm?Z*Xnokt&vxjDrnS@+4|XQHc_j<{{yx<&|1mXe}l{B z!$Jv;iC>);Y|%U%4!UAUdhOvh%sNx*cJEbB9MQIo;|4uPkD~?!wQI&2wOYa>Rx!zE z?%&=Nu6{{%M1RedPWkySNRU^wJR1q};ss;RjW*RG$#Cf6yWIza7cUA#IO5MOklwdP zN$fqG`9Wr5AiZIlMIXZ;`jn2uM>9q5?(SUGt4`*9InjC6kJMe-AHMl+r(Ya4AMx@Q zomU_HVy0x4!;vaWf?pp~Mfrm*qa(nn%KK(ordyZy3r6Um2$W_zf%6riTF@;cCq4;# z0TK;9BiuRfn98PszE{=>ZnfgYi;2UeBq)!t*Ls7%!_{>Fp}Q8X=*uefTOvC`C^klGI7=FqN+>Xza&-xo@p) zRR(H=cOP3^{%X&`J-h0fLP&L9KGr0smf>^d0@1sKN?Ynoxp~8!w=Ods$K|$`i+S;) zKA1)){dXAFhiAZx7cC(^4*wy37+;N#N1||)W0-q_HZR`fLf#h%?ag2AA6$)(;L|H( z7%5JXu+0|eND32K_YZ(QhjV|i%T=X5m-~z1u=lculC{|vrU>>1e!_tmm%%(?d68O# zauJGhq0d{XBjix{bHi+8BxD>XT22=hq=PTZtc=q6h?TQ>=3c&w%J*rWBr3}K_9)X^ zWXrJg{`~M_ynl3h=zTaEd*_Gy?@!Lh$H!Yvn~hGOgmx(%#TkO*_&NF@YZyhU>2y~t z^(}30i9(|q>IWj15)5zIp{@7IRaLO;QE1WDY33Ygotbmk8#9DA!$EJiH}I0zZ;XD~ zJc0(MO@Pl(&x0uy6KP-dej)9FOcz{2gM%D3+$#A>(9oJ<^TrT@y|Ner(1qI;0uU!U zR!O+3nBs06mPDZR9)^oz7?g#Nx`K1jKv-nbzYW;RXpXVLa;f}4W-45PFnn@;c5yX6 zy&4G%z{ka65cu|}Z_72*$lwHBoTuPhiz{_TqDDPy9u;TVLM3;BS!OsD<|eW(?%Sla z0T$43cx}}4BCu{5XDc}LaKz#s$Lm$iUyP5B&wjo>I61%iA6xd@6(@2>vqY)gtX{%7 zXynvMD5FoVBEwj0U0+gEs}nloR)so-Ruovpm(J3#@)D9a$V$3CqZcV$L1E^aoQPc^ zXTYs9*4F7zC2qa}#OaZ}4JIU7Tzah|wwTe;Tt*~tu&UZ&JM?*PmWLr_i(RNN29l^{ z9HKExXF^XDZieQqGsZm=59o+@aGb%-jD+A;%M&-)>TGpWoCFd@Ue$1r;(ATjSjj`l z=x{<2ChI>ov7u|$`;_ZL}y(JwNOSH-02ZUovGZpgz=?wKXte&Gh3K$c0^XBs4;=|G20mj(8p;Li%gWtS4 zJKir?*p^wlg?iADgvsx`cKRvlhBD2XBSuznJ$!w7c6D&s%YNn1;-!YNzk$^|O;#ew zqX>P4MWbOAI7oUs#iuZ}j#%5fNjga+@s{12tiNI1RX$O%(GlI_J-VbS`Y?P+5 zSo>nroKPHsU{8yli5s^sutIOP)|rvjuWBm1AQLc-xN({K&*01%>iHby3U@b$O&ld$ zJJIY`Vt0Bv{lX3euitc8Z6z~tXCqTj%RRJ(RA)!E?Odqv7Q&r{!h2t+t>kGANm z0vw=5a2Sg9)cvn!>edBe6e-YT?l?b$dMZO_%)9I>RFJM13RgDXEII6x#ArFeR-xK8 zl87NdiHefBO+nV_LM>%sEk~AR3|1w($1F(F%w?X)HXUIcN!fdVlop%#wj=yR$3;s@ zH2y#Cd%O}K|7M=5M7+N|xTwE@_&|~9P!%s2s3DVoGxg4TJA-k&r}K?# ze3hBlJA#cc6_Y#&{Zz=g1Yt$2cO(uXH|$UEc@_Sf{>tk=T`UPe;W0ede+pLc(E1;| z+^MYp-PgN==k@Ynq+pBLEZ1odjsOxq|4Yf%$|R^8XRq;*Oira%A>GvnI&UmvFDt9imh>wjmkU0(m& z!@=v}^ZNf5zyE1opo|15N8!;)5rl_$fQj2A6J-KL`NA)v?U5FAqIG7BJSMR07p#h} zTn>SQ?(rl>%rFtIwj8&E-k&`Jf9}s&|IJ}HpP-KW*Z%s8bi_FtBfAK=zc=n!_2VwXd8_!^Zh=K{{F_w~T_DUA2K6TVk>k}r zzqhd?x^rRDmXbF#2Y})fgso18qYjK(!a4Aa#BZNl9TPFi6fqLZmHGQrE>-b{Q{)Km z3gI~~|D;y*)PBY2)4fopDHMC@TqAUNtv{eKBX>F?QL~Zw;wZDwX9|zi5;m#pNZ1sr zc-L^mk*F8b5+alHkr)mUdc(f#!-1E4*Ak-Bu_+v7HQ*LKW`AK6s5U49*MxOH;1BVu>n!j1dpt?5o?bCCyZH$|f>8HY9Ep(*;N8#0g( za71Wvl%dCbD&CDRf5e4(IzBlPzMA9|QZI-w#DuRV4lV8jAM@KDR-E=bP`sxjZz9u$ zXUlB~s>3KXVG&(s37eQ>nShWGt_nWpi0}quR3MNxk>@RC5LtMIfoi~uTd>eN!o?+x zDm6lxkF1Rfs{);{z!parbz>a55q3JAx-06)1jI&bK3YpzC}SXT$$65za560}jKk`P zU1Fj7df|2Tv5ClserU~1ra$vCW9OHG1cR4t7F6F8~0UQ7FFZZ5jceY6o(Ut>^ zp-N)y*9N=fJWnvyd)@1K`c{fzhGyBK7?2Y*7HLCj5m?C2LzQq)_cjQCpW3~e822Sn zZ;FMu%)=~*L*?0eNY3jN6~juR{pVc!_2u)sSHB^Q$4Qs5{swB5Q%?vJTVW)IgTb&> zq9xubT1;5YF=bNv{S7YeGYr(@Bu)Jm-{7hmw=-Zius`b=4K&55vanTyEaf5*7tYvy znA^DO*{n`rK%1VY`YCa3^!Non8PPD7l8)4gnj`(-rR$uSk-=#3U2_RDx|)8)ih1jj zuLvD=g`Um2?EiBu<2YQ|D^kBAUQkbE*dWcWb20g@_qw0tQ5GzfiD7ytL-I2@e81=Y zJU;f04?Y|mL$lZ9aKYMsFmTf%lHN_JpEn%r!zVmv*G9Q3J|Lgs$0dH@32}CHFaqJW zh#>KOnY=9_*5`P^GABWfC9hl9&m6@ztW$#LGj}gio^91u=$FS-<5<5|*W97CfI2*b{PR%a zLM3;SW?qsR6}-$1!MNdM@* zvfaVU77C;PcxEh0oo&?zV^ly!EB&*p{?BVJZc6pI6}6$T6OZHof;QQa zXisF)CL$Hz*uTWbe^Bs4vzI&R8(37J>Bo&j$Ki5mA7qm5o$%4#WW!|rN09jwA(MIf z2NB&J_#>=soS=Vs>1fOb9L&vO;`Ua8A7zP*QaLrAir=icKg$rNN_DQ5%$IIwSUOmr zeCeTdN>JGPj7m5$o70NKdDaYz!OV|r;R;pSFWiS~RD8&_HqAf+tcXA;{#2<~N+(q# zpEar1=r~S|z%$7+0sB9`cx_xPOiISeR}YZnMKdKBK2j#gSK06I(C8UUyq9TjqCB$1 zd$U9@(ZZd2Xo>f-g^X|;G6?pfAZSsQlm|}6pZY|kaF8<37Ane&RJC?`;@Kynm^}_o zs#PeWM#k-x9WE+wJvjLs@YQ`2PsH;dC$cnQDwx}<137IPwOn1p-D@hmmo7%)Uu?S)oxk@dLDWwd=7yRsv}o_^A^}LRUD{Wj8si^ z#G^D+QyooJoTYteJ+S4pA8Y!*e#ev==*ZJE4<68*bRHZ+edj6(w0}vh8;O^sN~?!H zgRes$hNeL;lPBRwwA-kuOKw%d7cu7Sp+7M$oOvmq6&JwN_D{`45c#DGt24noL`o*p z#kI_`#8!uQW&x~ab8os(AeG`p7N+jup^|(um{x=uql6lfUf^7(zz5yevsDZ|rUdS+ zD>ynwEz#6mjl`*rlqJBcotN9KvXK^*9@}fuW#q$SE&X>gl+lzO`A^MzZWGc+ z+AHlO;g3_V2p4Yd^*d0a2kn6d7lumH!V$OroKcA~TDeJjieTC)Yo?cSh0By;X!zXL zD-&lBRow8Gw5UR3aqD8TjG3Eo)rKdeBwscXVDEzMemW67%zM!iZd(veP*_i^q;;uD z`S>_cm5yKmJ|T5Y$tXK{6K+63=Fn-@(YYZuG*%R?r4V%V=wY=rI`MjrqNzcBJq>m4 zdyF(q;B2ezWEl24iAu91m}VXqGt&t+-L%}OZku~>i7mar&<|wZ_QY_|qyK@Z!sb|+ zWVLV=o9PxXNB9T0zRoj>QqGf0MV}V88HUklM8~m^5C)S(CM$au z=cru$o#E>({^Mwdz6>))V)?uhZ z+ymh(w@~snpe?9X@=fA}bW>Pt>hb$2Qg9B!J34}A%Xnt2O626d)VHk3N2Po*ygf6W zs%rHD{!r9$gT^AUySpoj@d61|l!9hk#uJz%j2PEAn(IXQK#iNa!OM0kNW~3Bvo|fn zO3C_q%0SvoU0{e*B1Cq#0S*#$)T!rZ=;k(?{Pf&8%C zFg**KwjJW1f7r8zdt!&$S=+KSpHREnZEQvbL$jfVzr>lwn)!t@w-bj4h z@byMlY}hY1?&Tk}7@md~xn(`GqDEF^11T#TiQfs1jq%ZzK}EKD5G6d-%Q#1;BeDJJ^+|wtrg09JgJr8#%7?}TIG{9s21f?Ma5*oVt*j@`qHraS zDA$`!(?-#NGR)jC!(gX(^&>KCHm&^4WiPc)iPR7y)+0nLpXn&85jhT*^RaQt1uCtS zlC6MZnY4r?QWx_uDIq`bU=N2cT85pD&=I!+4sG3XAnh>3;^NE=Y0as?qZO;ZsF=-a zV}-BaL}YMRNw#H)RLV5L;lUj}Nvn~gMgst!>>T+bQk@#pz`^V=BuOcuCDV<2r34>b|sWjzC z+R_j3Do*r7J?d!qSY)lK$g`DrR7t<%e2jOtTIS_*xNcIfuov&X3gyZ*6A2NQO-Dnx z2UAeznZ5a{B`{NLo~WxuqSA#9{gHT$CwH8Y&fQ_FWn27Z&3X05w5Bwmoa`SapH4EB z;0c-THEN{_2G4?xV_IsmAC(0ro`rFOGKtD@7NpZe!e?!$quuxlo7}z|zS*T0s>TJ| zjuRaPcE!{zdcraAlw>vohoV=?%P?8?g3v-b)t0IFDUI9ZqOl=mlwpV=tv%RIY%7AotIsLov0Z+ zrFstUl%ax|_+vg-4!ZhS&h0xO=*G!N#Pe$hJbfL?`EOj_+xBn26`p_X22Z`V=!wst zJzj_H&!R70z8(z3_lWE^^~`{650}oJu(CB^c0F~g5 z>7i$Nq;()1^xl-cmbc&39Pui?zt8S?HFvyy%9ZNa-Wg@e3*de>c9-Z}rI8BlKwX=G z>Ohgv9Ak8FS>A0RJ!w2bWFL4V)y9^%s(kD; z3p^&4vsGm#6TRJ?n4XUsrcdI>}1X70{t!$bYsL;M;b#|Z*G_sJ=o|9dohFy zL)MM0wxz7eLQ}5aNMpuEOD8(!A-l7vD>8zpm*1kRi@H))f|rB zA0FIa%_WeiQVoy*%WWH*QG;9C6Re}UW7~bMfDOB9)uZhR+VqtYHi$n~$s`Rqc_R{@CMZQX~iZJjUvQm@q-boO(M`GCY zME=^w-K^o+`zXku+{2)4AAWAR{~G#PwZvnnXM26YP)>1SKesPAQUkntkG{TfbRQfl z`}LaPsx%(JPCguq?KwMD2>Mxci!eHHFoDJK9oi}SF;%m#vY{~vuv7Xx3iRrWBIcwg#ix*S+mN|QH+90-K6`5fL}1^HEihb*>ApP0M`+wI1y@Dc zVQyr3R8em|NM&qo0PMYMTO2o&Fub4pSJVz<0}kDD0Bqa|zIJYyI3%2220I7ed9kKj zGb7V2btE+~w%OnQTsrh|dN|m`Np|TEHX~J)N+qePB$cH1jGbegVBX%DA}+ldilhH{ z;IGr^be?T)>i;{PPW}IG=UJX-(!1-Or|bU#56ws8mkNpae{?#ZOQ&ABf5?Xt@)~nN z81>!2jbf3AC*-lh{`5pa@7owS3gtQ3ld-$GY&B#R3btNoj}0om`qZR z6bcYJW<1t^uK`6dp_4TSAmQwSgbF+)LUJ-nr6M__!IU#f-dhAj!xHF(voy)d6`nI? zG4^39Wg`4`JMYOJN>DJx9^;d?LjuM3jW8re6D*3nGZCXG@+M^LoTnq4%j5s=dfkrK zaXU^{UCf2=xPW6sA|E0YOd~`+e1WN8^uJ>ga3$Yjy;y55HKS9jjW@3X%`|6iae#p2H}05|LZ-uilHqpttg zd!0x9|0TYqCFl#d#AGs68u*Wt@iZ2II0nijh%`wUmpEJlB7q1Xae|d0*I<1O zHrIf0c;-1vONt`LWB3SX zC_FfwlAL)IU80##by(@Ht*=?$R~;u|;Vuz8)n@cxX*j{scK~8^^@^ekL?Sebun%2T z=st;w6fk9%5FMfJc!Xu(N7CB2vZD_!3B#_DiNP4lWL0+p5sW&V?wn-eaTUP zk1;1K9O8h{Q25Z@>U4Bn3yTfHWCE%b4iw{1sG>5G7$%D1IE|v2=QwE+B8i8RBZ((7 zRY5sRun#9JiU^&&(%Ft}M&YYJ9?&-3gW4!!qnoL<570RtlL#;EcOC5@sOoT>FhL~a zvywRm^)0~;vn~N>@Di-{kP7f11N4-D(8M}gQ2XX7N;J8NRFX!~F^fnr^I>m%$mB7{ z0#m6-?P&rE0s>AX<^(M!lgN0V zslaeaVkmS+mJ?UGfx>;yC@yCZI&m>oBRKS-C3%WlpF%v7cZr75*uvMuf{0)$ z&EF=&hhBF}E1IDdkV?%ovJ$7k(aD}gl!#BTJl5zoyF|d`8afLIB%DbWu*iqgo#VN} zv)p-XHL8EWD2%WWML$?ta;7%XpYLOiqMxLrh=}PSlP4I3vwj$IECd#75aKaPBMD;^ z3DbW@C^)}FJcNM736f+)A|hvwX$q+o9ydCc;|WoH0d^0EpyomZ3)2NDSH)-@y#|+4 z5=>!=qeLim$`Qw!8VdrX{AU4|Q%tiVqs(fmJAx`g*-Va+Ho2;lK+PBEL;+znmkMxb zXjy}xEH$B!D9>C-CAokjF@=b+L~Dg+Irygj$~4)|Qtm3bHaM>InB!VcX;2^YjX&4) z$K}?(0|^}AKuT4jGNdgc3Q+%HPS{m(k3sS>>5l7$S5WrI-d7L@>o+s(jBz;@VEIuumoF zXT=!#ThX=!YF6B~& znjXkty07v@HAC?islH!c6>@Y{KHu9a$%eBS%PCGZ^CI9#IfJ>IQ3ptnochpe$5?U_ zh(-{t7F*A|8{L*>*w)VS`V*d+We7+R;lj=^IR+#pQf;96SQDobqu7U5h%a!&lqqaE zB}dAKR*uwC?ro6j-p;7RSK8u@#Y@i8L=TaUa`aQ$7q0~7HbuE1uY{T=tN}6FAyW;? z`9u^@q}?!yjkE4KN;@DLD(Wt@M})RVNKExF_X-Cl*{qeiW`$L>c}hz~sghEmT1rg= zgH%Ws14`wTaq?a{>Pt&-jD*nH0tXyRGdr7NI7j1iWM`-YrN&J@T#_hKE=Gccz@gT< zRM9CZOSnLsXm4bct8S%taYiH1)fL)RiPdb`vxRX{{G$_Qy|n_Tnw9^rHyUM4K)o@T#+v zNy&HAT+#UX@$4rhtD(+u)EGO*GYw(JvobphGEY#VyJS4n2}?!-$GYpcSt8q7@@Fer7)r*~+)%52 zgR?hQ%}%KDK!wRJ8HVr5NiT8?>nOL}RufXIl{v*B5sFCx;f$hKbrjAnh;oXp@zm5( zYB_)v)thZETvbl5Er_O3v<8&T6{fo&5L*}Jp2;=kN-#Z=O4N#ym0tlXlccBIhW^h( zRRcsrH6vg&qx15o!J3|V{udl2m<}Zh&R2D&Q8gttd?f}oFA0>vKVTvDL3!UlE8BHM z1JyQyyvIIlz9f3Ut2s57m<#wL#e4=RNsK+Ty43h)=v=uAOyD9pUj!O6y#jKat6S~1 zXqD|bI3w>n4#2zk%6O}Je=$=5m6R`a7$Z|GcL)(6WdPgn;w!gM>TX6lpD0dz=y>a1 zC!6>!Se3}!CmEiLxw zHSes>X@o__kr|FsX?7o4j8C#{qkIw2PGi4QgS@kSVwMmk4u{$mKO^DFzyBS6v-;w@ z7c2k%_vJUMEvK;IMllqo>1?^zdgy}no*V9N+r>@qUhJ%wv!mP(DSIKB>R#wW>x(gO zQhVE`26wE=#-~z!VE{%-JZ{U`kWG z#Im5-zyjn8W4e5sre*^KMUAxtNNQ{7o0<9}F=naEGoEG$V??5qhpkMQ zskRcOoURog3d#Sb3R!3TfKg&+I)*KY`2~s;FB$vBY@M2-s~JQFf1c*lomL*r}tYp6`SPCU%!8zs{legb75i%)Qft%aDb{+Zh^3qfOR>&sPKQ#U* zVv}}ks!r&{)n1~TV6LMhXn1qXGM|$ZDkO>`y}sW#;Fp&4 zG+a-G6BJ;$oMLWP5UYi)h}8vDmkMkj3Vl>2FYH>BrdyJOCPV`aM1a7En{5d-@36>k zcJ0KfL3laU-(jUeF;8(6x6SgcaoNY4=-Fm>+cWm)O~iZ+ zus89brRIF+EpIL^p}Oc7vOu&Y66d0g!kAFKf#lk~pLW(6u^Xq6BuRwbyd2TiQ4dAI zdP?LxcpQYIRJ3D^nAs!{z;T4^!p@HezvP|Ob8ei5)nm^p^RE%1?f2)#_w~edX@C8x z1B!b8)#(pDv~)*rnWWvlVgFzIgIenG(aEU~-Olsp=J#;8UqCo{57v8%jM^0ksr$6v z8PQ`x&B_y*Z8Bx+x79UYySB6{7eZi!$Ku5wC(bCE~BU@CB|X5Yq92E8?*rmDm6?!QQD4n~qI9-P`%;>~!y7;6qQZKIV+X=!(Q?Tw*9- zG)Otu`+lZI0i)CuVi+~pD3bx9S|T~?C7EPQ9rS-W+u7e69G;%-9R6}R)Czr(G>V0I zWOqR@*HJ1Fn!pH82@NX+3M&s?*iUD}Uk`UO0d$*7xkOO}LBxV{h^_1c#yJ*=4pNZ} zkl`fTDawm7)bfY~Wu|Pg4I)-G@4q@dI(~KXa&V^q-8(!ToV@Pu`_P#K7#{YIPX?#` zy~CZOSBIxQtXq)bY5#DyzkhT%I2#I0dUOO zgrhjdTzFF%M@zx1u?|5} z9nv^kaS~y>r_gQi2hDc14{v_Y-3#Rmo0ZUNQfgsab>3>BI3fwsk@6D z>&a*4sUG4B%pb#0KjSM@bzv?Kk4^_ePhQCfD&w~J|L$g|7XP`ix%uod{_{(Gr&C1F zwezdAr*#&UV^_pEGOF@9{FM6^S>%cd>nz9kJ7~mGSwapFRbJ?rr8ER2Z;r%QI?r0O zw&VP&3N5S|2&r7vEY>n&>>MI;uBSd9K0wxeOABD$IE^B`-wGaFU%MUeZg6>Q(T5M< zy*6RdS?rOXoO;I8>K|}@y>>UU-9M{%&-1jjik-Ps*uVng5@expcPjs`#VW&VTSwbq zTH1{$+TVB`-lLBGn|@9D|7?n*M7bC;d61(3x9I=g)85mX{@>hq+I`gjU*h}lq5T9d zNbKv4)iH^%oF#ZWR$>XJ*oPuX0rIfJVNS!Z5p3+0+?9iz_;Iu_2gd&gz{VswjJ zAL=t#KUwvCRfmM3u2gt`ftPGj`lW~39R-?#VAvB26aFKhm`k)oClVy0vMz_dc!!@#==RGLr zUrzrw*?$|A_Ab84_l-X5Sm5pRzh2G$KYP}DJpcVgzM8?vBZa(o@s*ctRa{>?wR7U< zgoZxs=#FxL5+{o#_4BjKY8FvZwb$2`9_3WS5m1u&i{>ZA+{COtDIK>E*ec5$I**iX zU`PW@F((pDY7p7^li2&<-F)__|G&uRy6z|G_S@Hy{y7Rh+vQ*sQ|a3! zt6c2^uyY?iW-+M$srNB;B)^VNDK<2f(v+!i^6-q=Vl*5~8Ss>y!$+V&VLf2^L)UkE z-L3AmrIXS*D*7Nn7VLl}xY;ht$wi4tVq#{*?wka7# zJ7SYE*3Qx4_XS4wOF=7jRe>~Hm&)o|;36TDZ4NvfoV*^Klz>YKzT4Z{+A0AL_6Iws zdq;;Q@Jf>Ju2&KAZAJrJ>^i!=PN!1>EcSs7WNBa6?Un(H{Zh+rv484rmf(IE^pDSm zd%xL|^Pj%kdszajZ}l4JxeZ|VX_<$Ey~DHNU^rCOR<${LWtnNn@LgD5St-~3NpE$v z#z8Z&`HUuFoeH(#VgLBdY|EbMeOW7|db01Xm$1x^ZnoQNP^xLZn+srX_w4(<{lRu? zxzx|w@r;D6YH!_pSpv*DZ2LW9UND|yu=__ZH-0=jJ~=uboSg0rhBfGjO*Yq6Y_qrXCQTvI%{K24J`<3x} z?dPP)7~Z^rWmOZ{{vTNJo~*hnZ#wSt-@jR1hTnhxR?XIFzJCmG*w^FeU;W_^XD5S$ z{^`ySZ@Rx8+;*3GAoLk=`5}5@)d?h&w zBrqNliXs?u7DFy#U4wGmG`=DdvVg=f$?6-QhlGQhK)K&6%(L3CY%Z2H_weEcEZaWl zl(SoAdqz!1wwJ3~uceWy-LitJ6z(qJ+hx}7gtX5l6+FxKt+4Z@Z>K-}7RWc>Kt9$(HaF7k9_2FGURFBBU0zus zZg+LnTQ>UCU#|HD%XPzlL!ClKamFQ&!5zbLUFTPaapCE5#-taq$po7bmb+hTuyb@c zJleMdW{zGnxqwl@BJ9a5=C(@oUbG@Mc`!QRLIrXUB4ZNa?Ml+UNyO+%Q4!=l-tKKa zJ^0tBP#B@$JWU7<@zr*>b1w?Y$lwPNNKUCLl{1}wN7)$9Lv_J@(*ys#{GqXHUf-D* zN)k*%%stzCw@YWH48)GNE9rl=^PzkF-(T(P#P}<^ zfRmCl1}=rxauIynf-In~=7?z@vsCXwzE+c(Tjad|Pycs}F+V_rHv3wdR?FQDSnP?E zdNHDCf@4gj_b$HTIA#*V&DlC2WqUbWXuSm(rK&bkAH>s0{a2?y+=e7Xq+y4{eQ=Y^&RI%^FGz8SX8h)||_zC-+yG;I420@6ZJTH%OqhoV(sFSk9b#SXT0!vqU$n z|1_=tyYXrBkSLIK>gwvgEbwvzvB`uX^WB zIo)NogoGq`j7U_6!)c&Hi(OdOA+IGxcT-$!jm(S6ZvYWtoIrQ;+giHWQw1~4+`e^( z#VBJV+GShvx0YRw=mcj2O7G2@BN}z)tOxq__Vx=cZMeSvdX6m%p!AF>IoWR$?Z&xJz zx>o+jj}OIy6=23it97HCl+byc2}%n`{0*dYBhT}^&gliPCw59dOWo}p&(>hsT;Jty zo9>6{#r%lKO}#>akM@eDQmmS1V%6q)tEO!*O)($gkCfH>btBuwNg_u{*+fBP+SXo5 zmU z?xpI z^nb6{?arP5+k8C#_eH*k(f|KcKd+`;vyOk8`ghHJ^0%Ose6+=Szrh5UH&+@?VXKUa z&c12>-MCbBgZeH_i?hjf^^8D`>AM^nY2dGJRjRmu7aKEITTH{7>Rt5FPpy4H;cqU3 zN1OY<>bt@I+w0*ze-HQ;`@jCIvpzTf+k8C#@kKtX(hv=AQRl@TQhtG6^$NsArv-~! z2EBlB%!IxvuI_7CBF!$x%|~ksWmVZETf}B@eWJ!I-G^A&DZ3+jWj2y|Jq@cf3+d(8 zEmmEG%o)HmOc;+@&YPIP7CPbCeFnewHjt91(Dj-op+{G!7Gz9 z7k=J@jzVZ?z&o$(HT1~)F6`wUX*ge~g38Nu=LqEeuf)9Tx{h<>Xr6ac{?=os!S8~UGR{~P_k;+EJi5dYVG*6Gfj|6PB& z@#z13iLb2HQId#~61Tlz__*O`b;#kpwm`C%tt+Od{K)h@_0FHSnFvsSxq05kRUvBj z>~9uRrjH|Q@s+vSjT9Hkequ$aDKql zK#CEw^;d^<&c$>V7r{gR{q=#JbIa^D&a*lAQ&Ba2*_#U-GhWo4qs1Bn$UbS8v@Yo8 z<#tV?2tKRt5ENt@A2Kl?zADC2T{N|1#ZE0K)+E+nqh#k5pvI>`dYuYP?SYW>YHt0R zkj+Z&{97TtO8%l3L(JFw9Lk?39DTpXKS(~cxXq$ZmQKnp47Y6bUKS3gn@!5!CM2}P zs(skBvTJ6ZQ>_(Pt)32ZHIUvpp4~L;SM-&EIkdhwKvhVQSEq+7B zg5*pBMw#BwmQ`)*IQQ6cu9j50axnWE+?y)NTb!LH;QP5gO%xWLa9O_#b@7dIA9_6p|iQU*|1K0!{q6<$xXwo#!#tpZ_#NL*iZOj|Cqg7X&31uJ zwcWYB9GGXOypRw2ElD9%H>%iww-SL-;-r9Y(oQ8cRM5&E?W}bj$#}lU*HDlk?;DD^ zK}MFKURrNx!4>?6e!Sr})YUR>Im52zx2la7349B}qWV?YZ7uGEbDiYziuV7jUlIS| zO>q>H31u8Va2dD6|8_R#;y>1VPap4p`Xb*F*n8#lL%OE<;c|*8j8YPXgiatq!8w{> z;Wtc%qYCx8A3?7aJ&hTZT+ud-|0eiax z;dlvW?{FX;kAxVt4IF3h{)zgt82?8<9}Z52e?}R%jsMQG`u%S`mGn6Nzrcr*gtH4B z7vMsKf+@jU>y8WO>~ft7hvN%^FBfM2)!aXRpZgW#|76hLJs5a#_~2#S692irIrsi^ zZ=?G-{=dk#1cV0Z2ua3^H<=wr+j->>+D8hNk{}@#fGChSiSz}j#*o`*^@=Bd-;^Rp ze_ye0+@I%9X?ldULl)>~h60>O(MBVoFW4uH>Qu>D6k%QoL>BE;`-n85<##!E6gU~d zo8R(h{pN}ne!D#(a+>N321~4%!pNvCImYc635j{N&|D;|p5rVn!7;~b@<{}d%2_CL z()GHXZ=5G^oK4B(Ydx*b+$CUC3o4}{=Fv=fR)mf@5|XEZOgVO*Kp(;xMKKACzy)Cx zbA7qF!mLvk8e@!N5)s6SoEcZ@O<&(STWXPYZ_~RfWU=t=ZLR<}+pD^&`YB1}Bbl&D zVfuvW4*IdukZG>QEQ;7Ap%dS6o?SO9^Y#8(dT~>hYp%*_uYzEps0K2EkRw8kyf_w#ek^;6!QA|7 z#A63gCYvhjKV*+=+F<1y`Oc+e1D1tLvAksboX|;@)?T#_cPq*1fo`BvR6Eb5^$|wF6tYD`Jjb`zAbaKlUNzE{u(U$S->J8^ z^OhdM)yhl#tUQ{g+T+WPwc{&H(_iN zVU!S2vjeVXK)5+(Ml)m5bu}-=)3HrP^X=QWj%-4Dgnq)I+lB5kzw_MR*n(cC zyQMLQ$NimwpY1I;!_)rhtD&D`JI={qc=YOIXE5}g?d=y}@1AQn-8!e}*%i%$y+i1~ z?(gmQ|Fu5=IOzWZuMSHI{r&x;p9j0JyEi;}b$q&abT|a)zZ^J43<$UtT@#LhYMN zP+u>0ET8S{l9Uo#`FHy3ahA5T|7v(TIC1xm_0PdCr-PHj{=WWwd~|ZUGF)vcsLE}A z6&t`#c0m;A3!+LG-%&>Ki;U6kR=0h+bG){`wY8=H=-EGXB}#J0zY^tc$9ulzb)P-= zx=%M3P`+6_rWwm;h)QzW9SrwQ2D<<|uTD+|ho^IGvz`%LuTx%h^0Zw$bK2A@4T5c| z!F*UoDN_&ft_N?M-Nd&*gdTyVnp>4xefHbaL=sk@y5Ds^c0cxByw&f^Yk!Z0qK;gm z>%l-NVPzVp`oVbRQ$@H?!oX8Xjh|H*D*FO~sl!Fkp6_FM9qPV^dAz*lJy;Lp4qn7u ziMpV|rI1r3wTjDL!5_`6YanVq2BM8FMx|<%J1pkPTx{Ho`81IhMhxYRJ+M(G`O)1Q z3(L_yq11+6I9IlI)5|VSZY46qqs?@JIEt~NVBBs+{;lf@Ea4o_wsmB{o3;GU-&GHs zq-utzg#ET`3Ez5-(~l(PRIl+yvo%2QYyV(hFQ1wwG-VT84^2|!bC{eLku|lQT82sn zQEs|2KFwf(@0H7Oh1AS*t;zV;40SwnGbh3wTNd)Q3<~S~7;v5qi zYV(*1%-!6pRNYTtDG8m3HN`IBnW+=nwF_9RC(3*VXv9+O`zvPQO^K)9S4uzZJaZT0 z1a`>5<$49Rj?hEOga$*MC{ zSke2=GIRezun*r@qTeGDu?x)eKCXesHdQH$b5iu12%`{lPx(@qD?jTT&-`k~$y^`( zuu3u9I^eo6BD9^~&uv}e_LwmkA^z=R+}<3n@~af$x2Bip& zy3o@}`u6Yl=kD?cat-!@M`hH6d6M=!JxxL}exV_}@3J;_v+H4Xrmx(A?4I!h7UI=! zvn%eu)o-7ff4~0Lao(T1Juu-VX3YR|mDXuU>)JHaijA0BoV)sM4r3_Qc)LVI=BlP* zg7cLE)$c~!c9U3d{y>^6XaV!~2PACXFRr@I3c|fqjq5TR&1&w)$)LactNzP4z$R^Y z+CMoR&bfLW0O+(c@AJf(aDYxhZ+%nL5V|)aY<9}<-AVz+n1*%uhXdcqd=b5Xa1X?$ zYIL91;cu??MumRwe)ae)@OxCdch73~Zm)J%n9;E_#lg9;x*T5+mWpVmEG6d3p}ey~ z>@HMl4q=ppunnE7_05f~t!G=CTX?I}S>Id(iYH7G?Yi1?ZLkgNold9YI6wDKcYYY0 z_`X$$I2>FkZ$tak{%}Tv9pmgNZV9AVMS--s4W$ **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete --purge my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release completely. + +## Configuration + +The following table lists the configurable parameters of the MySQL chart and their default values. + +| Parameter | Description | Default | +| -------------------------------------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------------------- | +| `args` | Additional arguments to pass to the MySQL container. | `[]` | +| `initContainer.resources` | initContainer resource requests/limits | Memory: `10Mi`, CPU: `10m` | +| `image` | `mysql` image repository. | `mysql` | +| `imageTag` | `mysql` image tag. | `5.7.14` | +| `busybox.image` | `busybox` image repository. | `busybox` | +| `busybox.tag` | `busybox` image tag. | `1.29.3` | +| `testFramework.enabled` | `test-framework` switch. | `true` | +| `testFramework.image` | `test-framework` image repository. | `dduportal/bats` | +| `testFramework.tag` | `test-framework` image tag. | `0.4.0` | +| `imagePullPolicy` | Image pull policy | `IfNotPresent` | +| `existingSecret` | Use Existing secret for Password details | `nil` | +| `extraVolumes` | Additional volumes as a string to be passed to the `tpl` function | | +| `extraVolumeMounts` | Additional volumeMounts as a string to be passed to the `tpl` function | | +| `extraInitContainers` | Additional init containers as a string to be passed to the `tpl` function | | +| `mysqlRootPassword` | Password for the `root` user. Ignored if existing secret is provided | Random 10 characters | +| `mysqlUser` | Username of new user to create. | `nil` | +| `mysqlPassword` | Password for the new user. Ignored if existing secret is provided | Random 10 characters | +| `mysqlDatabase` | Name for new database to create. | `nil` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 1 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `persistence.enabled` | Create a volume to store data | true | +| `persistence.size` | Size of persistent volume claim | 8Gi RW | +| `persistence.storageClass` | Type of persistent volume claim | nil | +| `persistence.accessMode` | ReadWriteOnce or ReadOnly | ReadWriteOnce | +| `persistence.existingClaim` | Name of existing persistent volume | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount | `nil` | +| `persistence.annotations` | Persistent Volume annotations | {} | +| `nodeSelector` | Node labels for pod assignment | {} | +| `affinity` | Affinity rules for pod assignment | {} | +| `tolerations` | Pod taint tolerations for deployment | {} | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image` | Exporter image | `prom/mysqld-exporter` | +| `metrics.imageTag` | Exporter image | `v0.10.0` | +| `metrics.imagePullPolicy` | Exporter image pull policy | `IfNotPresent` | +| `metrics.resources` | Exporter resource requests/limit | `nil` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before metrics liveness probe is initiated | 15 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before metrics readiness probe is initiated | 5 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 1 | +| `metrics.flags` | Additional flags for the mysql exporter to use | `[]` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `100m` | +| `configurationFiles` | List of mysql configuration files | `nil` | +| `configurationFilesPath` | Path of mysql configuration files | `/etc/mysql/conf.d/` | +| `securityContext.enabled` | Enable security context (mysql pod) | `false` | +| `securityContext.fsGroup` | Group ID for the container (mysql pod) | 999 | +| `securityContext.runAsUser` | User ID for the container (mysql pod) | 999 | +| `service.annotations` | Kubernetes annotations for mysql | {} | +| `service.type` | Kubernetes service type | ClusterIP | +| `service.loadBalancerIP` | LoadBalancer service IP | `""` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` | +| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the mysql.fullname template | +| `ssl.enabled` | Setup and use SSL for MySQL connections | `false` | +| `ssl.secret` | Name of the secret containing the SSL certificates | mysql-ssl-certs | +| `ssl.certificates[0].name` | Name of the secret containing the SSL certificates | `nil` | +| `ssl.certificates[0].ca` | CA certificate | `nil` | +| `ssl.certificates[0].cert` | Server certificate (public key) | `nil` | +| `ssl.certificates[0].key` | Server key (private key) | `nil` | +| `imagePullSecrets` | Name of Secret resource containing private registry credentials | `nil` | +| `initializationFiles` | List of SQL files which are run after the container started | `nil` | +| `timezone` | Container and mysqld timezone (TZ env) | `nil` (UTC depending on image) | +| `podAnnotations` | Map of annotations to add to the pods | `{}` | +| `podLabels` | Map of labels to add to the pods | `{}` | +| `priorityClassName` | Set pod priorityClassName | `{}` | +| `deploymentAnnotations` | Map of annotations for deployment | `{}` | +| `strategy` | Update strategy policy | `{type: "Recreate"}` | + +Some of the parameters above map to the env variables defined in the [MySQL DockerHub image](https://hub.docker.com/_/mysql/). + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install --name my-release \ + --set mysqlRootPassword=secretpassword,mysqlUser=my-user,mysqlPassword=my-password,mysqlDatabase=my-database \ + stable/mysql +``` + +The above command sets the MySQL `root` account password to `secretpassword`. Additionally it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install --name my-release -f values.yaml stable/mysql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Persistence + +The [MySQL](https://hub.docker.com/_/mysql/) image stores the MySQL data and configurations at the `/var/lib/mysql` path of the container. + +By default a PersistentVolumeClaim is created and mounted into that directory. In order to disable this functionality +you can change the values.yaml to disable persistence and use an emptyDir instead. + +> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* + +**Notice**: You may need to increase the value of `livenessProbe.initialDelaySeconds` when enabling persistence by using PersistentVolumeClaim from PersistentVolume with varying properties. Since its IO performance has impact on the database initialization performance. The default limit for database initialization is `60` seconds (`livenessProbe.initialDelaySeconds` + `livenessProbe.periodSeconds` * `livenessProbe.failureThreshold`). Once such initialization process takes more time than this limit, kubelet will restart the database container, which will interrupt database initialization then causing persisent data in an unusable state. + +## Custom MySQL configuration files + +The [MySQL](https://hub.docker.com/_/mysql/) image accepts custom configuration files at the path `/etc/mysql/conf.d`. If you want to use a customized MySQL configuration, you can create your alternative configuration files by passing the file contents on the `configurationFiles` attribute. Note that according to the MySQL documentation only files ending with `.cnf` are loaded. + +```yaml +configurationFiles: + mysql.cnf: |- + [mysqld] + skip-host-cache + skip-name-resolve + sql-mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + mysql_custom.cnf: |- + [mysqld] +``` + +## MySQL initialization files + +The [MySQL](https://hub.docker.com/_/mysql/) image accepts *.sh, *.sql and *.sql.gz files at the path `/docker-entrypoint-initdb.d`. +These files are being run exactly once for container initialization and ignored on following container restarts. +If you want to use initialization scripts, you can create initialization files by passing the file contents on the `initializationFiles` attribute. + + +```yaml +initializationFiles: + first-db.sql: |- + CREATE DATABASE IF NOT EXISTS first DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; + second-db.sql: |- + CREATE DATABASE IF NOT EXISTS second DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; +``` + +## SSL + +This chart supports configuring MySQL to use [encrypted connections](https://dev.mysql.com/doc/refman/5.7/en/encrypted-connections.html) with TLS/SSL certificates provided by the user. This is accomplished by storing the required Certificate Authority file, the server public key certificate, and the server private key as a Kubernetes secret. The SSL options for this chart support the following use cases: + +* Manage certificate secrets with helm +* Manage certificate secrets outside of helm + +## Manage certificate secrets with helm + +Include your certificate data in the `ssl.certificates` section. For example: + +``` +ssl: + enabled: false + secret: mysql-ssl-certs + certificates: + - name: mysql-ssl-certs + ca: |- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + cert: |- + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + key: |- + -----BEGIN RSA PRIVATE KEY----- + ... + -----END RSA PRIVATE KEY----- +``` + +> **Note**: Make sure your certificate data has the correct formatting in the values file. + +## Manage certificate secrets outside of helm + +1. Ensure the certificate secret exist before installation of this chart. +2. Set the name of the certificate secret in `ssl.secret`. +3. Make sure there are no entries underneath `ssl.certificates`. + +To manually create the certificate secret from local files you can execute: +``` +kubectl create secret generic mysql-ssl-certs \ + --from-file=ca.pem=./ssl/certificate-authority.pem \ + --from-file=server-cert.pem=./ssl/server-public-key.pem \ + --from-file=server-key.pem=./ssl/server-private-key.pem +``` +> **Note**: `ca.pem`, `server-cert.pem`, and `server-key.pem` **must** be used as the key names in this generic secret. + +If you are using a certificate your configurationFiles must include the three ssl lines under [mysqld] + +``` +[mysqld] + ssl-ca=/ssl/ca.pem + ssl-cert=/ssl/server-cert.pem + ssl-key=/ssl/server-key.pem +``` diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/NOTES.txt new file mode 100755 index 0000000..d33753a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/NOTES.txt @@ -0,0 +1,43 @@ +MySQL can be accessed via port 3306 on the following DNS name from within your cluster: +{{ template "mysql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +{{- if .Values.existingSecret }} +If you have not already created the mysql password secret: + + kubectl create secret generic {{ .Values.existingSecret }} --namespace {{ .Release.Namespace }} --from-file=./mysql-root-password --from-file=./mysql-password +{{ else }} + +To get your root password run: + + MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mysql.fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo) +{{- end }} + +To connect to your database: + +1. Run an Ubuntu pod that you can use as a client: + + kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il + +2. Install the mysql client: + + $ apt-get update && apt-get install mysql-client -y + +3. Connect using the mysql cli, then provide your password: + $ mysql -h {{ template "mysql.fullname" . }} -p + +To connect to your database directly from outside the K8s cluster: + {{- if contains "NodePort" .Values.service.type }} + MYSQL_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}') + MYSQL_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mysql.fullname" . }} -o jsonpath='{.spec.ports[0].nodePort}') + + {{- else if contains "ClusterIP" .Values.service.type }} + MYSQL_HOST=127.0.0.1 + MYSQL_PORT={{ .Values.service.port }} + + # Execute the following command to route the connection: + kubectl port-forward svc/{{ template "mysql.fullname" . }} {{ .Values.service.port }} + + {{- end }} + + mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD} + diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/_helpers.tpl new file mode 100755 index 0000000..f108425 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mysql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mysql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Generate chart secret name +*/}} +{{- define "mysql.secretName" -}} +{{ default (include "mysql.fullname" .) .Values.existingSecret }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mysql.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "mysql.fullname" .) .Values.serviceAccount.name }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/configurationFiles-configmap.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/configurationFiles-configmap.yaml new file mode 100755 index 0000000..ebed8cc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/configurationFiles-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.configurationFiles }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mysql.fullname" . }}-configuration + namespace: {{ .Release.Namespace }} +data: +{{- range $key, $val := .Values.configurationFiles }} + {{ $key }}: |- +{{ $val | indent 4}} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/deployment.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/deployment.yaml new file mode 100755 index 0000000..cd1452d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/deployment.yaml @@ -0,0 +1,252 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "mysql.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "mysql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- with .Values.deploymentAnnotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + +spec: + strategy: +{{ toYaml .Values.strategy | indent 4 }} + selector: + matchLabels: + app: {{ template "mysql.fullname" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "mysql.fullname" . }} + release: {{ .Release.Name }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + serviceAccountName: {{ template "mysql.serviceAccountName" . }} + initContainers: + - name: "remove-lost-found" + image: "{{ .Values.busybox.image}}:{{ .Values.busybox.tag }}" + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + resources: +{{ toYaml .Values.initContainer.resources | indent 10 }} + command: ["rm", "-fr", "/var/lib/mysql/lost+found"] + volumeMounts: + - name: data + mountPath: /var/lib/mysql + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.extraInitContainers }} +{{ tpl .Values.extraInitContainers . | indent 6 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + containers: + - name: {{ template "mysql.fullname" . }} + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + + {{- with .Values.args }} + args: + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + env: + {{- if .Values.mysqlAllowEmptyPassword }} + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + {{- end }} + {{- if not (and .Values.allowEmptyRootPassword (not .Values.mysqlRootPassword)) }} + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password + {{- if .Values.mysqlAllowEmptyPassword }} + optional: true + {{- end }} + {{- end }} + {{- if not (and .Values.allowEmptyRootPassword (not .Values.mysqlPassword)) }} + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-password + {{- if or .Values.mysqlAllowEmptyPassword (empty .Values.mysqlUser) }} + optional: true + {{- end }} + {{- end }} + - name: MYSQL_USER + value: {{ default "" .Values.mysqlUser | quote }} + - name: MYSQL_DATABASE + value: {{ default "" .Values.mysqlDatabase | quote }} + {{- if .Values.timezone }} + - name: TZ + value: {{ .Values.timezone }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + livenessProbe: + exec: + command: + {{- if .Values.mysqlAllowEmptyPassword }} + - mysqladmin + - ping + {{- else }} + - sh + - -c + - "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}" + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + readinessProbe: + exec: + command: + {{- if .Values.mysqlAllowEmptyPassword }} + - mysqladmin + - ping + {{- else }} + - sh + - -c + - "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}" + {{- end }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + volumeMounts: + - name: data + mountPath: /var/lib/mysql + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.configurationFiles }} + {{- range $key, $val := .Values.configurationFiles }} + - name: configurations + mountPath: {{ $.Values.configurationFilesPath }}{{ $key }} + subPath: {{ $key }} + {{- end -}} + {{- end }} + {{- if .Values.initializationFiles }} + - name: migrations + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if .Values.ssl.enabled }} + - name: certificates + mountPath: /ssl + {{- end }} + {{- if .Values.extraVolumeMounts }} +{{ tpl .Values.extraVolumeMounts . | indent 8 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}" + imagePullPolicy: {{ .Values.metrics.imagePullPolicy | quote }} + {{- if .Values.mysqlAllowEmptyPassword }} + command: + - 'sh' + - '-c' + - 'DATA_SOURCE_NAME="root@(localhost:3306)/" /bin/mysqld_exporter' + {{- else }} + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password + command: + - 'sh' + - '-c' + - 'DATA_SOURCE_NAME="root:$MYSQL_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter' + {{- end }} + {{- range $f := .Values.metrics.flags }} + - {{ $f | quote }} + {{- end }} + ports: + - name: metrics + containerPort: 9104 + livenessProbe: + httpGet: + path: / + port: metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + readinessProbe: + httpGet: + path: / + port: metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + resources: +{{ toYaml .Values.metrics.resources | indent 10 }} + {{- end }} + volumes: + {{- if .Values.configurationFiles }} + - name: configurations + configMap: + name: {{ template "mysql.fullname" . }}-configuration + {{- end }} + {{- if .Values.initializationFiles }} + - name: migrations + configMap: + name: {{ template "mysql.fullname" . }}-initialization + {{- end }} + {{- if .Values.ssl.enabled }} + - name: certificates + secret: + secretName: {{ .Values.ssl.secret }} + {{- end }} + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "mysql.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end -}} + {{- if .Values.extraVolumes }} +{{ tpl .Values.extraVolumes . | indent 6 }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/initializationFiles-configmap.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/initializationFiles-configmap.yaml new file mode 100755 index 0000000..38c3795 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/initializationFiles-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.initializationFiles }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mysql.fullname" . }}-initialization + namespace: {{ .Release.Namespace }} +data: +{{- range $key, $val := .Values.initializationFiles }} + {{ $key }}: |- +{{ $val | indent 4}} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/pvc.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/pvc.yaml new file mode 100755 index 0000000..39e9bf8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/pvc.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "mysql.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + app: {{ template "mysql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/secrets.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/secrets.yaml new file mode 100755 index 0000000..d9dfd12 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/secrets.yaml @@ -0,0 +1,51 @@ +{{- if not .Values.existingSecret }} +{{- if or (not .Values.allowEmptyRootPassword) (or .Values.mysqlRootPassword .Values.mysqlPassword) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mysql.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "mysql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + {{ if .Values.mysqlRootPassword }} + mysql-root-password: {{ .Values.mysqlRootPassword | b64enc | quote }} + {{ else }} + {{ if not .Values.allowEmptyRootPassword }} + mysql-root-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ end }} + {{ end }} + {{ if .Values.mysqlPassword }} + mysql-password: {{ .Values.mysqlPassword | b64enc | quote }} + {{ else }} + {{ if not .Values.allowEmptyRootPassword }} + mysql-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ end }} + {{ end }} +{{ end }} +{{- if .Values.ssl.enabled }} +{{ if .Values.ssl.certificates }} +{{- range .Values.ssl.certificates }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + labels: + app: {{ template "mysql.fullname" $ }} + chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}" + release: "{{ $.Release.Name }}" + heritage: "{{ $.Release.Service }}" +type: Opaque +data: + ca.pem: {{ .ca | b64enc }} + server-cert.pem: {{ .cert | b64enc }} + server-key.pem: {{ .key | b64enc }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/serviceaccount.yaml new file mode 100755 index 0000000..36ce6b3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "mysql.serviceAccountName" . }} + labels: + app: {{ template "mysql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/servicemonitor.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/servicemonitor.yaml new file mode 100755 index 0000000..bd830be --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/servicemonitor.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "mysql.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "mysql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- if .Values.metrics.serviceMonitor.additionalLabels }} +{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + interval: 30s + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ include "mysql.fullname" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/svc.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/svc.yaml new file mode 100755 index 0000000..b9687f2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/svc.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mysql.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "mysql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: +{{- if .Values.service.annotations }} +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} +{{- if and (.Values.metrics.enabled) (.Values.metrics.annotations) }} +{{ toYaml .Values.metrics.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: mysql + port: {{ .Values.service.port }} + targetPort: mysql + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: 9104 + targetPort: metrics + {{- end }} + selector: + app: {{ template "mysql.fullname" . }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/tests/test-configmap.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/tests/test-configmap.yaml new file mode 100755 index 0000000..ece5a47 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/tests/test-configmap.yaml @@ -0,0 +1,23 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mysql.fullname" . }}-test + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "mysql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" +data: + run.sh: |- + {{- if .Values.ssl.enabled | and .Values.mysqlRootPassword }} + @test "Testing SSL MySQL Connection" { + mysql --host={{ template "mysql.fullname" . }} --port={{ .Values.service.port | default "3306" }} --ssl-cert=/ssl/server-cert.pem --ssl-key=ssl/server-key.pem -u root -p{{ .Values.mysqlRootPassword }} + } + {{- else if .Values.mysqlRootPassword }} + @test "Testing MySQL Connection" { + mysql --host={{ template "mysql.fullname" . }} --port={{ .Values.service.port | default "3306" }} -u root -p{{ .Values.mysqlRootPassword }} + } + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/tests/test.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/tests/test.yaml new file mode 100755 index 0000000..30392a9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/templates/tests/test.yaml @@ -0,0 +1,54 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "mysql.fullname" . }}-test + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "mysql.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + annotations: + "helm.sh/hook": test-success +spec: + initContainers: + - name: test-framework + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + command: + - "bash" + - "-c" + - | + set -ex + # copy bats to tools dir + cp -R /usr/local/libexec/ /tools/bats/ + volumeMounts: + - mountPath: /tools + name: tools + containers: + - name: {{ .Release.Name }}-test + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + command: ["/tools/bats/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + - mountPath: /tools + name: tools + {{- if .Values.ssl.enabled }} + - name: certificates + mountPath: /ssl + {{- end }} + volumes: + - name: tests + configMap: + name: {{ template "mysql.fullname" . }}-test + - name: tools + emptyDir: {} + {{- if .Values.ssl.enabled }} + - name: certificates + secret: + secretName: {{ .Values.ssl.secret }} + {{- end }} + restartPolicy: Never +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/mysql/values.yaml b/packer/ansible/roles/helm_install/files/druid/charts/mysql/values.yaml new file mode 100755 index 0000000..cac823b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/mysql/values.yaml @@ -0,0 +1,231 @@ +## mysql image version +## ref: https://hub.docker.com/r/library/mysql/tags/ +## +image: "mysql" +imageTag: "5.7.30" + +strategy: + type: Recreate + +busybox: + image: "busybox" + tag: "1.31.1" + +testFramework: + enabled: true + image: "dduportal/bats" + tag: "0.4.0" + +## Specify password for root user +## +## Default: random 10 character string +# mysqlRootPassword: testing + +## Create a database user +## +# mysqlUser: +## Default: random 10 character string +# mysqlPassword: + +## Allow unauthenticated access, uncomment to enable +## +# mysqlAllowEmptyPassword: true + +## Create a database +## +# mysqlDatabase: + +## Specify an imagePullPolicy (Required) +## It's recommended to change this to 'Always' if the image tag is 'latest' +## ref: http://kubernetes.io/docs/user-guide/images/#updating-images +## +imagePullPolicy: IfNotPresent + +## Additionnal arguments that are passed to the MySQL container. +## For example use --default-authentication-plugin=mysql_native_password if older clients need to +## connect to a MySQL 8 instance. +args: [] + +extraVolumes: | + # - name: extras + # emptyDir: {} + +extraVolumeMounts: | + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + +extraInitContainers: | + # - name: do-something + # image: busybox + # command: ['do', 'something'] + +# Optionally specify an array of imagePullSecrets. +# Secrets must be manually created in the namespace. +# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod +# imagePullSecrets: + # - name: myRegistryKeySecretName + +## Node selector +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +## Affinity +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + +readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + +## Persist data to a persistent volume +persistence: + enabled: true + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 8Gi + annotations: {} + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Security context +securityContext: + enabled: false + runAsUser: 999 + fsGroup: 999 + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 100m + +# Custom mysql configuration files path +configurationFilesPath: /etc/mysql/conf.d/ + +# Custom mysql configuration files used to override default mysql settings +configurationFiles: {} +# mysql.cnf: |- +# [mysqld] +# skip-name-resolve +# ssl-ca=/ssl/ca.pem +# ssl-cert=/ssl/server-cert.pem +# ssl-key=/ssl/server-key.pem + +# Custom mysql init SQL files used to initialize the database +initializationFiles: {} +# first-db.sql: |- +# CREATE DATABASE IF NOT EXISTS first DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; +# second-db.sql: |- +# CREATE DATABASE IF NOT EXISTS second DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; + +metrics: + enabled: false + image: prom/mysqld-exporter + imageTag: v0.10.0 + imagePullPolicy: IfNotPresent + resources: {} + annotations: {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "9104" + livenessProbe: + initialDelaySeconds: 15 + timeoutSeconds: 5 + readinessProbe: + initialDelaySeconds: 5 + timeoutSeconds: 1 + flags: [] + serviceMonitor: + enabled: false + additionalLabels: {} + +## Configure the service +## ref: http://kubernetes.io/docs/user-guide/services/ +service: + annotations: {} + ## Specify a service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types + type: ClusterIP + port: 3306 + # nodePort: 32000 + # loadBalancerIP: + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + ## Specifies whether a ServiceAccount should be created + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the mariadb.fullname template + # name: + +ssl: + enabled: false + secret: mysql-ssl-certs + certificates: +# - name: mysql-ssl-certs +# ca: |- +# -----BEGIN CERTIFICATE----- +# ... +# -----END CERTIFICATE----- +# cert: |- +# -----BEGIN CERTIFICATE----- +# ... +# -----END CERTIFICATE----- +# key: |- +# -----BEGIN RSA PRIVATE KEY----- +# ... +# -----END RSA PRIVATE KEY----- + +## Populates the 'TZ' system timezone environment variable +## ref: https://dev.mysql.com/doc/refman/5.7/en/time-zone-support.html +## +## Default: nil (mysql will use image's default timezone, normally UTC) +## Example: 'Australia/Sydney' +# timezone: + +# Deployment Annotations +deploymentAnnotations: {} + +# To be added to the database server pod(s) +podAnnotations: {} +podLabels: {} + +## Set pod priorityClassName +# priorityClassName: {} + + +## Init container resources defaults +initContainer: + resources: + requests: + memory: 10Mi + cpu: 10m diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/.helmignore b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/.helmignore new file mode 100755 index 0000000..a1c17ae --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/.helmignore @@ -0,0 +1,2 @@ +.git +OWNERS \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/Chart.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/Chart.yaml new file mode 100755 index 0000000..7a4910a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +appVersion: 11.7.0 +deprecated: true +description: DEPRECATED Chart for PostgreSQL, an object-relational database management + system (ORDBMS) with an emphasis on extensibility and on standards-compliance. +engine: gotpl +home: https://www.postgresql.org/ +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +version: 8.6.4 diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/README.md b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/README.md new file mode 100755 index 0000000..c0e610b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/README.md @@ -0,0 +1,587 @@ +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +## This Helm chart is deprecated + +Given the [`stable` deprecation timeline](https://github.com/helm/charts#deprecation-timeline), the Bitnami maintained PostgreSQL Helm chart is now located at [bitnami/charts](https://github.com/bitnami/charts/). + +The Bitnami repository is already included in the Hubs and we will continue providing the same cadence of updates, support, etc that we've been keeping here these years. Installation instructions are very similar, just adding the _bitnami_ repo and using it during the installation (`bitnami/` instead of `stable/`) + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/ # Helm 3 +$ helm install --name my-release bitnami/ # Helm 2 +``` + +To update an exisiting _stable_ deployment with a chart hosted in the bitnami repository you can execute + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm upgrade my-release bitnami/ +``` + +Issues and PRs related to the chart itself will be redirected to `bitnami/charts` GitHub repository. In the same way, we'll be happy to answer questions related to this migration process in [this issue](https://github.com/helm/charts/issues/20969) created as a common place for discussion. + +## TL;DR; + +```console +$ helm install my-release stable/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.11+ or Helm 3.0-beta3+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart +To install the chart with the release name `my-release`: + +```console +$ helm install my-release stable/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | +| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | +| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | +| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | +| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | +| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | +| `ldap.server` | IP address or name of the LDAP server. | `nil` | +| `ldap.port` | Port number on the LDAP server to connect to | `nil` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | +| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | +| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | +| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | +| `replication.enabled` | Enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. | `nil` | +| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) | _random 10 character alphanumeric string_ | +| `postgresqlUsername` | PostgreSQL admin user | `postgres` | +| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | +| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. | `nil` | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbUsername` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | +| `initdbPassword` | Password for the user specified in `initdbUsername` | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service, the value is evaluated as a template. | {} | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | [] | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` | +| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` | +| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | +| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | +| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` | +| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` | +| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` | +| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` | +| `master.sidecars` | Add additional containers to the pod | `[]` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` | +| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` | +| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | +| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | +| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` | +| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` | +| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` | +| `slave.sidecars` | Add additional containers to the pod | `[]` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | +| `serviceAcccount.name` | Name of existing service account | `nil` | +| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `nil` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | +| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | +| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Image name | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `metrics.customMetrics` | Additional custom metrics | `nil` | +| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | +| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + stable/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml stable/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Production configuration and horizontal scaling + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. + +- Enable replication: +```diff +- replication.enabled: false ++ replication.enabled: true +``` + +- Number of slaves replicas: +```diff +- replication.slaveReplicas: 1 ++ replication.slaveReplicas: 2 +``` + +- Set synchronous commit mode: +```diff +- replication.synchronousCommit: "off" ++ replication.synchronousCommit: "on" +``` + +- Number of replicas that will have synchronous replication: +```diff +- replication.numSynchronousReplicas: 0 ++ replication.numSynchronousReplicas: 1 +``` + +- Start a prometheus exporter: +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above. + +### Change PostgreSQL version + +To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0` + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL master +master: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +slave: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.postgresqlPassword=testtest +subchart1.postgresql.postgresqlPassword=testtest +subchart2.postgresql.postgresqlPassword=testtest +postgresql.postgresqlDatabase=db1 +subchart1.postgresql.postgresqlDatabase=db1 +subchart2.postgresql.postgresqlDatabase=db1 +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.postgresqlPassword=testtest +global.postgresql.postgresqlDatabase=db1 +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false + +### Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +helm install postgres \ + --set image.repository=postgres \ + --set image.tag=10.6 \ + --set postgresqlDataDir=/data/pgdata \ + --set persistence.mountPath=/data/ \ + stable/postgresql +``` + +## Upgrade + +It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release stable/postgresql \ + --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ + --set replication.password=[REPLICATION_PASSWORD] +``` + +> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. + +## 8.0.0 + +Prefixes the port names with their protocols to comply with Istio conventions. + +If you depend on the port names in your setup, make sure to update them to reflect this change. + +## 7.1.0 + +Adds support for LDAP configuration. + +## 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +## 6.5.7 + +In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: + + - protobuf + - protobuf-c + - json-c + - geos + - proj + +## 5.0.0 + +In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). + +For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: + +```bash +Welcome to the Bitnami postgresql container +Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql +Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues +Send us your feedback at containers@bitnami.com + +INFO ==> ** Starting PostgreSQL setup ** +NFO ==> Validating settings in POSTGRESQL_* env vars.. +INFO ==> Initializing PostgreSQL database... +INFO ==> postgresql.conf file not detected. Generating it... +INFO ==> pg_hba.conf file not detected. Generating it... +INFO ==> Deploying PostgreSQL with persisted data... +INFO ==> Configuring replication parameters +INFO ==> Loading custom scripts... +INFO ==> Enabling remote connections +INFO ==> Stopping PostgreSQL... +INFO ==> ** PostgreSQL setup finished! ** + +INFO ==> ** Starting PostgreSQL ** + [1] FATAL: database files are incompatible with server + [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. +``` +In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. + +### 4.0.0 + +This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. + +IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error + +``` +The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development +``` + +### 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + + - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + + ```console +$ kubectl get svc + ``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install my-release stable/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/ci/default-values.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/ci/default-values.yaml new file mode 100755 index 0000000..fc2ba60 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/ci/shmvolume-disabled-values.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/ci/shmvolume-disabled-values.yaml new file mode 100755 index 0000000..347d3b4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/ci/shmvolume-disabled-values.yaml @@ -0,0 +1,2 @@ +shmVolume: + enabled: false diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/README.md b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/README.md new file mode 100755 index 0000000..1813a2f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/README.md @@ -0,0 +1 @@ +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/conf.d/README.md b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/conf.d/README.md new file mode 100755 index 0000000..184c187 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/conf.d/README.md @@ -0,0 +1,4 @@ +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/docker-entrypoint-initdb.d/README.md new file mode 100755 index 0000000..cba3809 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/NOTES.txt new file mode 100755 index 0000000..64d7353 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,81 @@ +This Helm chart is deprecated + +Given the `stable` deprecation timeline (https://github.com/helm/charts#deprecation-timeline), the Bitnami maintained Helm chart is now located at bitnami/charts (https://github.com/bitnami/charts/). + +The Bitnami repository is already included in the Hubs and we will continue providing the same cadence of updates, support, etc that we've been keeping here these years. Installation instructions are very similar, just adding the _bitnami_ repo and using it during the installation (`bitnami/` instead of `stable/`) + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/ # Helm 3 +$ helm install --name my-release bitnami/ # Helm 2 +``` + +To update an exisiting _stable_ deployment with a chart hosted in the bitnami repository you can execute + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm upgrade my-release bitnami/ +``` + +Issues and PRs related to the chart itself will be redirected to `bitnami/charts` GitHub repository. In the same way, we'll be happy to answer questions related to this migration process in this issue (https://github.com/helm/charts/issues/20969) created as a common place for discussion. + +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: + + {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} + +{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) +{{- end }} + +To get the password for "{{ template "postgresql.username" . }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + +To connect to your database run the following command: + + kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{- end }} + +{{- include "postgresql.validateValues" . -}} + +{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} + +WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ + +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/_helpers.tpl new file mode 100755 index 0000000..3ee5572 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,420 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.master.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"extensions/v1beta1" +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "postgresql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL postgres user password +*/}} +{{- define "postgresql.postgres.password" -}} +{{- if .Values.global.postgresql.postgresqlPostgresPassword }} + {{- .Values.global.postgresql.postgresqlPostgresPassword -}} +{{- else if .Values.postgresqlPostgresPassword -}} + {{- .Values.postgresqlPostgresPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL password +*/}} +{{- define "postgresql.password" -}} +{{- if .Values.global.postgresql.postgresqlPassword }} + {{- .Values.global.postgresql.postgresqlPassword -}} +{{- else if .Values.postgresqlPassword -}} + {{- .Values.postgresqlPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication password +*/}} +{{- define "postgresql.replication.password" -}} +{{- if .Values.global.postgresql.replicationPassword }} + {{- .Values.global.postgresql.replicationPassword -}} +{{- else if .Values.replication.password -}} + {{- .Values.replication.password -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL username +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.postgresqlUsername }} + {{- .Values.global.postgresql.postgresqlUsername -}} +{{- else -}} + {{- .Values.postgresqlUsername -}} +{{- end -}} +{{- end -}} + + +{{/* +Return PostgreSQL replication username +*/}} +{{- define "postgresql.replication.username" -}} +{{- if .Values.global.postgresql.replicationUser }} + {{- .Values.global.postgresql.replicationUser -}} +{{- else -}} + {{- .Values.replication.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL port +*/}} +{{- define "postgresql.port" -}} +{{- if .Values.global.postgresql.servicePort }} + {{- .Values.global.postgresql.servicePort -}} +{{- else -}} + {{- .Values.service.port -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL created database +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.postgresqlDatabase }} + {{- .Values.global.postgresql.postgresqlDatabase -}} +{{- else if .Values.postgresqlDatabase -}} + {{- .Values.postgresqlDatabase -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name to change the volume permissions +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.existingSecret }} + {{- printf "%s" .Values.global.postgresql.existingSecret -}} +{{- else if .Values.existingSecret -}} + {{- printf "%s" .Values.existingSecret -}} +{{- else -}} + {{- printf "%s" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if .Values.global.postgresql.existingSecret }} +{{- else if .Values.existingSecret -}} +{{- else -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql.initdbScriptsSecret" -}} +{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- end -}} + +{{/* +Get the metrics ConfigMap name. +*/}} +{{- define "postgresql.metricsCM" -}} +{{- printf "%s-metrics" (include "postgresql.fullname" .) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- else }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class +*/}} +{{- define "postgresql.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.storageClass -}} + {{- if (eq "-" .Values.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "postgresql.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "postgresql.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/configmap.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/configmap.yaml new file mode 100755 index 0000000..d2178c0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/configmap.yaml @@ -0,0 +1,26 @@ +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-configuration + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- else if .Values.postgresqlConfiguration }} + postgresql.conf: | +{{- range $key, $value := default dict .Values.postgresqlConfiguration }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- else if .Values.pgHbaConfiguration }} + pg_hba.conf: | +{{ .Values.pgHbaConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/extended-config-configmap.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/extended-config-configmap.yaml new file mode 100755 index 0000000..8a41195 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/extended-config-configmap.yaml @@ -0,0 +1,21 @@ +{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-extended-configuration + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{- with .Files.Glob "files/conf.d/*.conf" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{ with .Values.postgresqlExtendedConf }} + override.conf: | +{{- range $key, $value := . }} + {{ $key | snakecase }}={{ $value }} +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/initialization-configmap.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/initialization-configmap.yaml new file mode 100755 index 0000000..8eb5e05 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/initialization-configmap.yaml @@ -0,0 +1,24 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-init-scripts + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/metrics-configmap.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/metrics-configmap.yaml new file mode 100755 index 0000000..524aa2f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/metrics-configmap.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.metricsCM" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/metrics-svc.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/metrics-svc.yaml new file mode 100755 index 0000000..c610f09 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-metrics + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + annotations: +{{ toYaml .Values.metrics.service.annotations | indent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name }} + role: master +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/networkpolicy.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/networkpolicy.yaml new file mode 100755 index 0000000..ea1fc9b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,38 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + podSelector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + ingress: + # Allow inbound connections + - ports: + - port: {{ template "postgresql.port" . }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "postgresql.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.explicitNamespacesSelector }} + namespaceSelector: +{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} + {{- end }} + - podSelector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave + {{- end }} + # Allow prometheus scrapes + - ports: + - port: 9187 +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/prometheusrule.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/prometheusrule.yaml new file mode 100755 index 0000000..44f1242 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "postgresql.fullname" . }} +{{- with .Values.metrics.prometheusRule.namespace }} + namespace: {{ . }} +{{- end }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.metrics.prometheusRule.additionalLabels }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "postgresql.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/secrets.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/secrets.yaml new file mode 100755 index 0000000..094d18b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,23 @@ +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} + {{- end }} + postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} + {{- if .Values.replication.enabled }} + postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} + {{- end }} + {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} + postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/serviceaccount.yaml new file mode 100755 index 0000000..27e5b51 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + name: {{ template "postgresql.fullname" . }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/servicemonitor.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/servicemonitor.yaml new file mode 100755 index 0000000..f3a529a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} +{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} +spec: + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/statefulset-slaves.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/statefulset-slaves.yaml new file mode 100755 index 0000000..3290ff7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/statefulset-slaves.yaml @@ -0,0 +1,299 @@ +{{- if .Values.replication.enabled }} +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: "{{ template "postgresql.fullname" . }}-slave" + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.slave.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.slave.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: {{ .Values.replication.slaveReplicas }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: slave +{{- with .Values.slave.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.slave.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.slave.nodeSelector }} + nodeSelector: +{{ toYaml .Values.slave.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.slave.affinity }} + affinity: +{{ toYaml .Values.slave.affinity | indent 8 }} + {{- end }} + {{- if .Values.slave.tolerations }} + tolerations: +{{ toYaml .Values.slave.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} + {{- end }} + {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{ if .Values.persistence.enabled }} + mkdir -p {{ .Values.persistence.mountPath }}/data + chmod 700 {{ .Values.persistence.mountPath }}/data + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{ if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- end }} + {{- if .Values.slave.extraInitContainers }} +{{ tpl .Values.slave.extraInitContainers . | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.slave.priorityClassName }} + priorityClassName: {{ .Values.slave.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ template "postgresql.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.port" . | quote }} + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{ end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.slave.extraVolumeMounts }} + {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.slave.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }} +{{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.slave.extraVolumes }} + {{- toYaml .Values.slave.extraVolumes | nindent 8 }} + {{- end }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/statefulset.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/statefulset.yaml new file mode 100755 index 0000000..3390be2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/statefulset.yaml @@ -0,0 +1,458 @@ +apiVersion: {{ template "postgresql.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "postgresql.master.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.master.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.master.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master + template: + metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: master +{{- with .Values.master.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.master.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.master.nodeSelector }} + nodeSelector: +{{ toYaml .Values.master.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: +{{ toYaml .Values.master.affinity | indent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: +{{ toYaml .Values.master.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} + {{- end }} + {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{ if .Values.persistence.enabled }} + mkdir -p {{ .Values.persistence.mountPath }}/data + chmod 700 {{ .Values.persistence.mountPath }}/data + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} + securityContext: + runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} + volumeMounts: + {{ if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- end }} + {{- if .Values.master.extraInitContainers }} +{{ tpl .Values.master.extraInitContainers . | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.master.priorityClassName }} + priorityClassName: {{ .Values.master.priorityClassName }} + {{- end }} + containers: + - name: {{ template "postgresql.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.postgresqlInitdbWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.postgresqlInitdbWalDir | quote }} + {{- end }} + {{- if .Values.initdbUser }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.initdbUser }} + {{- end }} + {{- if .Values.initdbPassword }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: .Values.initdbPassword + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + {{- if .Values.replication.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: "master" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + - name: POSTGRES_USER + value: {{ include "postgresql.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + {{- if .Values.extraEnv }} + {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} + {{- end }} + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end}} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote}} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if (not (empty .Values.ldap.bind_password)) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-ldap-password + {{- end}} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end}} + {{- if .Values.extraEnvVarsCM }} + envFrom: + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.master.extraVolumeMounts }} + {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.master.sidecars }} +{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }} +{{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.metrics.securityContext.runAsUser }} + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: DATA_SOURCE_USER + value: {{ template "postgresql.username" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + ports: + - name: http-metrics + containerPort: 9187 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.initdbScriptsCM" . }} + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql.initdbScriptsSecret" . }} + {{- end }} + {{- if .Values.master.extraVolumes }} + {{- toYaml .Values.master.extraVolumes | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ template "postgresql.metricsCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: +{{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "postgresql.storageClass" . }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc-headless.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc-headless.yaml new file mode 100755 index 0000000..5c71f46 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc-headless.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-headless + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc-read.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc-read.yaml new file mode 100755 index 0000000..d9492e2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc-read.yaml @@ -0,0 +1,31 @@ +{{- if .Values.replication.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-read + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc.yaml new file mode 100755 index 0000000..0baea4a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/templates/svc.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }} + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.service.annotations }} + annotations: +{{ tpl (toYaml .) $ | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ with .Values.service.loadBalancerSourceRanges }} +{{ toYaml . | indent 4 }} +{{- end }} + {{- end }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/values-production.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/values-production.yaml new file mode 100755 index 0000000..8da0b3d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/values-production.yaml @@ -0,0 +1,520 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.7.0-debian-10-r9 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +replication: + enabled: true + user: repl_user + password: repl_password + slaveReplicas: 2 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "on" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 1 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: "" + server: "" + port: "" + prefix: "" + suffix: "" + baseDN: "" + bindDN: "" + bind_password: + search_attr: "" + search_filter: "" + scheme: "" + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + extraInitContainers: | + # - name: do-something + # image: busybox + # command: ['do', 'something'] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + # explicitNamespacesSelector: + # matchLabels: + # role: frontend + # matchExpressions: + # - {key: role, operator: In, values: [frontend]} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: true + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + rules: [] + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + # - alert: HugeReplicationLag + # expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + # for: 1m + # labels: + # severity: critical + # annotations: + # description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + # summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r28 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/values.schema.json b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/values.schema.json new file mode 100755 index 0000000..ac2de6e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/values.schema.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "postgresqlUsername": { + "type": "string", + "title": "Admin user", + "form": true + }, + "postgresqlPassword": { + "type": "string", + "title": "Password", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "slaveReplicas": { + "type": "integer", + "title": "Slave Replicas", + "form": true, + "hidden": { + "condition": false, + "value": "replication.enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/postgresql/values.yaml b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/values.yaml new file mode 100755 index 0000000..d336ea0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/postgresql/values.yaml @@ -0,0 +1,526 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.7.0-debian-10-r9 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override postgresql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override postgresql.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +replication: + enabled: false + user: repl_user + password: repl_password + slaveReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "off" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: "" + server: "" + port: "" + prefix: "" + suffix: "" + baseDN: "" + bindDN: "" + bind_password: + search_attr: "" + search_filter: "" + scheme: "" + tls: false + +## PostgreSQL service configuration +service: + ## PosgresSQL service type + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start master and slave(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: "" + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Master parameters +## +master: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + extraInitContainers: | + # - name: do-something + # image: busybox + # command: ['do', 'something'] + + ## Additional PostgreSQL Master Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Master Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + +## +## PostgreSQL Slave parameters +## +slave: + ## Node, affinity, tolerations, and priorityclass settings for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption + nodeSelector: {} + affinity: {} + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: "" + extraInitContainers: | + # - name: do-something + # image: busybox + # command: ['do', 'something'] + ## Additional PostgreSQL Slave Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL Slave Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + sidecars: [] + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + # explicitNamespacesSelector: + # matchLabels: + # role: frontend + # matchExpressions: + # - {key: role, operator: In, values: [frontend]} + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + rules: [] + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + # - alert: HugeReplicationLag + # expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 + # for: 1m + # labels: + # severity: critical + # annotations: + # description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + # summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.8.0-debian-10-r28 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/.helmignore b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/.helmignore new file mode 100755 index 0000000..f0c1319 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/Chart.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/Chart.yaml new file mode 100755 index 0000000..dcb59e8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: 3.5.5 +description: Centralized service for maintaining configuration information, naming, + providing distributed synchronization, and providing group services. +home: https://zookeeper.apache.org/ +icon: https://zookeeper.apache.org/images/zookeeper_small.gif +kubeVersion: ^1.10.0-0 +maintainers: +- email: lachlan.evenson@microsoft.com + name: lachie83 +- email: owensk@google.com + name: kow3ns +name: zookeeper +sources: +- https://github.com/apache/zookeeper +- https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper +version: 2.1.4 diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/OWNERS b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/OWNERS new file mode 100755 index 0000000..dd9facd --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/OWNERS @@ -0,0 +1,6 @@ +approvers: +- lachie83 +- kow3ns +reviewers: +- lachie83 +- kow3ns diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/README.md b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/README.md new file mode 100755 index 0000000..c0f060e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/README.md @@ -0,0 +1,145 @@ +# incubator/zookeeper + +This helm chart provides an implementation of the ZooKeeper [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/) found in Kubernetes Contrib [Zookeeper StatefulSet](https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper). + +## Prerequisites +* Kubernetes 1.10+ +* PersistentVolume support on the underlying infrastructure +* A dynamic provisioner for the PersistentVolumes +* A familiarity with [Apache ZooKeeper 3.5.x](https://zookeeper.apache.org/doc/r3.5.5/) + +## Chart Components +This chart will do the following: + +* Create a fixed size ZooKeeper ensemble using a [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/). +* Create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-disruption-budget/) so kubectl drain will respect the Quorum size of the ensemble. +* Create a [Headless Service](https://kubernetes.io/docs/concepts/services-networking/service/) to control the domain of the ZooKeeper ensemble. +* Create a Service configured to connect to the available ZooKeeper instance on the configured client port. +* Optionally apply a [Pod Anti-Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature) to spread the ZooKeeper ensemble across nodes. +* Optionally start JMX Exporter and Zookeeper Exporter containers inside Zookeeper pods. +* Optionally create a job which creates Zookeeper chroots (e.g. `/kafka1`). +* Optionally create a Prometheus ServiceMonitor for each enabled exporter container + +## Installing the Chart +You can install the chart with the release name `zookeeper` as below. + +```console +$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator +$ helm install --name zookeeper incubator/zookeeper +``` + +If you do not specify a name, helm will select a name for you. + +### Installed Components +You can use `kubectl get` to view all of the installed components. + +```console{%raw} +$ kubectl get all -l app=zookeeper +NAME: zookeeper +LAST DEPLOYED: Wed Apr 11 17:09:48 2018 +NAMESPACE: default +STATUS: DEPLOYED + +RESOURCES: +==> v1beta1/PodDisruptionBudget +NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE +zookeeper N/A 1 1 2m + +==> v1/Service +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +zookeeper-headless ClusterIP None 2181/TCP,3888/TCP,2888/TCP 2m +zookeeper ClusterIP 10.98.179.165 2181/TCP 2m + +==> v1beta1/StatefulSet +NAME DESIRED CURRENT AGE +zookeeper 3 3 2m + +==> monitoring.coreos.com/v1/ServiceMonitor +NAME AGE +zookeeper 2m +zookeeper-exporter 2m +``` + +1. `statefulsets/zookeeper` is the StatefulSet created by the chart. +1. `po/zookeeper-<0|1|2>` are the Pods created by the StatefulSet. Each Pod has a single container running a ZooKeeper server. +1. `svc/zookeeper-headless` is the Headless Service used to control the network domain of the ZooKeeper ensemble. +1. `svc/zookeeper` is a Service that can be used by clients to connect to an available ZooKeeper server. +1. `servicemonitor/zookeeper` is a Prometheus ServiceMonitor which scrapes the jmx-exporter metrics endpoint +1. `servicemonitor/zookeeper-exporter` is a Prometheus ServiceMonitor which scrapes the zookeeper-exporter metrics endpoint + +## Configuration +You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install --name my-release -f values.yaml incubator/zookeeper +``` + +## Default Values + +- You can find all user-configurable settings, their defaults and commentary about them in [values.yaml](values.yaml). + +## Deep Dive + +## Image Details +The image used for this chart is based on Alpine 3.9.0. + +## JVM Details +The Java Virtual Machine used for this chart is the OpenJDK JVM 8u192 JRE (headless). + +## ZooKeeper Details +The chart defaults to ZooKeeper 3.5 (latest released version). + +## Failover +You can test failover by killing the leader. Insert a key: +```console +$ kubectl exec zookeeper-0 -- bin/zkCli.sh create /foo bar; +$ kubectl exec zookeeper-2 -- bin/zkCli.sh get /foo; +``` + +Watch existing members: +```console +$ kubectl run --attach bbox --image=busybox --restart=Never -- sh -c 'while true; do for i in 0 1 2; do echo zk-${i} $(echo stats | nc -${i}.:2181 | grep Mode); sleep 1; done; done'; + +zk-2 Mode: follower +zk-0 Mode: follower +zk-1 Mode: leader +zk-2 Mode: follower +``` + +Delete Pods and wait for the StatefulSet controller to bring them back up: +```console +$ kubectl delete po -l app=zookeeper +$ kubectl get po --watch-only +NAME READY STATUS RESTARTS AGE +zookeeper-0 0/1 Running 0 35s +zookeeper-0 1/1 Running 0 50s +zookeeper-1 0/1 Pending 0 0s +zookeeper-1 0/1 Pending 0 0s +zookeeper-1 0/1 ContainerCreating 0 0s +zookeeper-1 0/1 Running 0 19s +zookeeper-1 1/1 Running 0 40s +zookeeper-2 0/1 Pending 0 0s +zookeeper-2 0/1 Pending 0 0s +zookeeper-2 0/1 ContainerCreating 0 0s +zookeeper-2 0/1 Running 0 19s +zookeeper-2 1/1 Running 0 41s +``` + +Check the previously inserted key: +```console +$ kubectl exec zookeeper-1 -- bin/zkCli.sh get /foo +ionid = 0x354887858e80035, negotiated timeout = 30000 + +WATCHER:: + +WatchedEvent state:SyncConnected type:None path:null +bar +``` + +## Scaling +ZooKeeper can not be safely scaled in versions prior to 3.5.x + +## Limitations +* Only supports storage options that have backends for persistent volume claims. diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/NOTES.txt new file mode 100755 index 0000000..6c5da85 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/NOTES.txt @@ -0,0 +1,7 @@ +Thank you for installing ZooKeeper on your Kubernetes cluster. More information +about ZooKeeper can be found at https://zookeeper.apache.org/doc/current/ + +Your connection string should look like: + {{ template "zookeeper.fullname" . }}-0.{{ template "zookeeper.fullname" . }}-headless:{{ .Values.service.ports.client.port }},{{ template "zookeeper.fullname" . }}-1.{{ template "zookeeper.fullname" . }}-headless:{{ .Values.service.ports.client.port }},... + +You can also use the client service {{ template "zookeeper.fullname" . }}:{{ .Values.service.ports.client.port }} to connect to an available ZooKeeper server. diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/_helpers.tpl new file mode 100755 index 0000000..0e15107 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/_helpers.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "zookeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "zookeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "zookeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +The name of the zookeeper headless service. +*/}} +{{- define "zookeeper.headless" -}} +{{- printf "%s-headless" (include "zookeeper.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +The name of the zookeeper chroots job. +*/}} +{{- define "zookeeper.chroots" -}} +{{- printf "%s-chroots" (include "zookeeper.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/config-jmx-exporter.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/config-jmx-exporter.yaml new file mode 100755 index 0000000..79905e5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/config-jmx-exporter.yaml @@ -0,0 +1,19 @@ +{{- if .Values.exporters.jmx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-jmx-exporter + labels: + app: {{ template "zookeeper.name" . }} + chart: {{ template "zookeeper.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + config.yml: |- + hostPort: 127.0.0.1:{{ .Values.env.JMXPORT }} + lowercaseOutputName: {{ .Values.exporters.jmx.config.lowercaseOutputName }} + rules: +{{ .Values.exporters.jmx.config.rules | toYaml | indent 6 }} + ssl: false + startDelaySeconds: {{ .Values.exporters.jmx.config.startDelaySeconds }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/config-script.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/config-script.yaml new file mode 100755 index 0000000..2b4b44d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/config-script.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "zookeeper.fullname" . }} + labels: + app: {{ template "zookeeper.name" . }} + chart: {{ template "zookeeper.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: server +data: + ok: | + #!/bin/sh + zkServer.sh status + + ready: | + #!/bin/sh + echo ruok | nc 127.0.0.1 ${1:-2181} + + run: | + #!/bin/bash + + set -a + ROOT=$(echo /apache-zookeeper-*) + + ZK_USER=${ZK_USER:-"zookeeper"} + ZK_LOG_LEVEL=${ZK_LOG_LEVEL:-"INFO"} + ZK_DATA_DIR=${ZK_DATA_DIR:-"/data"} + ZK_DATA_LOG_DIR=${ZK_DATA_LOG_DIR:-"/data/log"} + ZK_CONF_DIR=${ZK_CONF_DIR:-"/conf"} + ZK_CLIENT_PORT=${ZK_CLIENT_PORT:-2181} + ZK_SERVER_PORT=${ZK_SERVER_PORT:-2888} + ZK_ELECTION_PORT=${ZK_ELECTION_PORT:-3888} + ZK_TICK_TIME=${ZK_TICK_TIME:-2000} + ZK_INIT_LIMIT=${ZK_INIT_LIMIT:-10} + ZK_SYNC_LIMIT=${ZK_SYNC_LIMIT:-5} + ZK_HEAP_SIZE=${ZK_HEAP_SIZE:-2G} + ZK_MAX_CLIENT_CNXNS=${ZK_MAX_CLIENT_CNXNS:-60} + ZK_MIN_SESSION_TIMEOUT=${ZK_MIN_SESSION_TIMEOUT:- $((ZK_TICK_TIME*2))} + ZK_MAX_SESSION_TIMEOUT=${ZK_MAX_SESSION_TIMEOUT:- $((ZK_TICK_TIME*20))} + ZK_SNAP_RETAIN_COUNT=${ZK_SNAP_RETAIN_COUNT:-3} + ZK_PURGE_INTERVAL=${ZK_PURGE_INTERVAL:-0} + ID_FILE="$ZK_DATA_DIR/myid" + ZK_CONFIG_FILE="$ZK_CONF_DIR/zoo.cfg" + LOG4J_PROPERTIES="$ZK_CONF_DIR/log4j.properties" + HOST=$(hostname) + DOMAIN=`hostname -d` + JVMFLAGS="-Xmx$ZK_HEAP_SIZE -Xms$ZK_HEAP_SIZE" + + APPJAR=$(echo $ROOT/*jar) + CLASSPATH="${ROOT}/lib/*:${APPJAR}:${ZK_CONF_DIR}:" + + if [[ $HOST =~ (.*)-([0-9]+)$ ]]; then + NAME=${BASH_REMATCH[1]} + ORD=${BASH_REMATCH[2]} + MY_ID=$((ORD+1)) + else + echo "Failed to extract ordinal from hostname $HOST" + exit 1 + fi + + mkdir -p $ZK_DATA_DIR + mkdir -p $ZK_DATA_LOG_DIR + echo $MY_ID >> $ID_FILE + + echo "clientPort=$ZK_CLIENT_PORT" >> $ZK_CONFIG_FILE + echo "dataDir=$ZK_DATA_DIR" >> $ZK_CONFIG_FILE + echo "dataLogDir=$ZK_DATA_LOG_DIR" >> $ZK_CONFIG_FILE + echo "tickTime=$ZK_TICK_TIME" >> $ZK_CONFIG_FILE + echo "initLimit=$ZK_INIT_LIMIT" >> $ZK_CONFIG_FILE + echo "syncLimit=$ZK_SYNC_LIMIT" >> $ZK_CONFIG_FILE + echo "maxClientCnxns=$ZK_MAX_CLIENT_CNXNS" >> $ZK_CONFIG_FILE + echo "minSessionTimeout=$ZK_MIN_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE + echo "maxSessionTimeout=$ZK_MAX_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE + echo "autopurge.snapRetainCount=$ZK_SNAP_RETAIN_COUNT" >> $ZK_CONFIG_FILE + echo "autopurge.purgeInterval=$ZK_PURGE_INTERVAL" >> $ZK_CONFIG_FILE + echo "4lw.commands.whitelist=*" >> $ZK_CONFIG_FILE + + for (( i=1; i<=$ZK_REPLICAS; i++ )) + do + echo "server.$i=$NAME-$((i-1)).$DOMAIN:$ZK_SERVER_PORT:$ZK_ELECTION_PORT" >> $ZK_CONFIG_FILE + done + + rm -f $LOG4J_PROPERTIES + + echo "zookeeper.root.logger=$ZK_LOG_LEVEL, CONSOLE" >> $LOG4J_PROPERTIES + echo "zookeeper.console.threshold=$ZK_LOG_LEVEL" >> $LOG4J_PROPERTIES + echo "zookeeper.log.threshold=$ZK_LOG_LEVEL" >> $LOG4J_PROPERTIES + echo "zookeeper.log.dir=$ZK_DATA_LOG_DIR" >> $LOG4J_PROPERTIES + echo "zookeeper.log.file=zookeeper.log" >> $LOG4J_PROPERTIES + echo "zookeeper.log.maxfilesize=256MB" >> $LOG4J_PROPERTIES + echo "zookeeper.log.maxbackupindex=10" >> $LOG4J_PROPERTIES + echo "zookeeper.tracelog.dir=$ZK_DATA_LOG_DIR" >> $LOG4J_PROPERTIES + echo "zookeeper.tracelog.file=zookeeper_trace.log" >> $LOG4J_PROPERTIES + echo "log4j.rootLogger=\${zookeeper.root.logger}" >> $LOG4J_PROPERTIES + echo "log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender" >> $LOG4J_PROPERTIES + echo "log4j.appender.CONSOLE.Threshold=\${zookeeper.console.threshold}" >> $LOG4J_PROPERTIES + echo "log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout" >> $LOG4J_PROPERTIES + echo "log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n" >> $LOG4J_PROPERTIES + + if [ -n "$JMXDISABLE" ] + then + MAIN=org.apache.zookeeper.server.quorum.QuorumPeerMain + else + MAIN="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=$JMXPORT -Dcom.sun.management.jmxremote.authenticate=$JMXAUTH -Dcom.sun.management.jmxremote.ssl=$JMXSSL -Dzookeeper.jmx.log4j.disable=$JMXLOG4J org.apache.zookeeper.server.quorum.QuorumPeerMain" + fi + + set -x + exec java -cp "$CLASSPATH" $JVMFLAGS $MAIN $ZK_CONFIG_FILE diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/job-chroots.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/job-chroots.yaml new file mode 100755 index 0000000..3aa08c9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/job-chroots.yaml @@ -0,0 +1,65 @@ +{{- if .Values.jobs.chroots.enabled }} +{{- $root := . }} +{{- $job := .Values.jobs.chroots }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "zookeeper.chroots" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded + labels: + app: {{ template "zookeeper.name" . }} + chart: {{ template "zookeeper.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: jobs + job: chroots +spec: + activeDeadlineSeconds: {{ $job.activeDeadlineSeconds }} + backoffLimit: {{ $job.backoffLimit }} + completions: {{ $job.completions }} + parallelism: {{ $job.parallelism }} + template: + metadata: + labels: + app: {{ template "zookeeper.name" . }} + release: {{ .Release.Name }} + component: jobs + job: chroots + spec: + restartPolicy: {{ $job.restartPolicy }} +{{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" +{{- end }} + containers: + - name: main + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /bin/bash + - -o + - pipefail + - -euc + {{- $port := .Values.service.ports.client.port }} + - > + sleep 15; + export SERVER={{ template "zookeeper.fullname" $root }}:{{ $port }}; + {{- range $job.config.create }} + echo '==> {{ . }}'; + echo '====> Create chroot if does not exist.'; + zkCli.sh -server {{ template "zookeeper.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid' + || zkCli.sh -server {{ template "zookeeper.fullname" $root }}:{{ $port }} create {{ . }} ""; + echo '====> Confirm chroot exists.'; + zkCli.sh -server {{ template "zookeeper.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid'; + echo '====> Chroot exists.'; + {{- end }} + env: + {{- range $key, $value := $job.env }} + - name: {{ $key | upper | replace "." "_" }} + value: {{ $value | quote }} + {{- end }} + resources: +{{ toYaml $job.resources | indent 12 }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/poddisruptionbudget.yaml new file mode 100755 index 0000000..d26aad3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/poddisruptionbudget.yaml @@ -0,0 +1,17 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ template "zookeeper.fullname" . }} + labels: + app: {{ template "zookeeper.name" . }} + chart: {{ template "zookeeper.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: server +spec: + selector: + matchLabels: + app: {{ template "zookeeper.name" . }} + release: {{ .Release.Name }} + component: server +{{ toYaml .Values.podDisruptionBudget | indent 2 }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/service-headless.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/service-headless.yaml new file mode 100755 index 0000000..3193a1b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/service-headless.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "zookeeper.headless" . }} + labels: + app: {{ template "zookeeper.name" . }} + chart: {{ template "zookeeper.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.headless.annotations }} + annotations: +{{ .Values.headless.annotations | toYaml | trimSuffix "\n" | indent 4 }} +{{- end }} +spec: + clusterIP: None +{{- if .Values.headless.publishNotReadyAddresses }} + publishNotReadyAddresses: true +{{- end }} + ports: +{{- range $key, $port := .Values.ports }} + - name: {{ $key }} + port: {{ $port.containerPort }} + targetPort: {{ $key }} + protocol: {{ $port.protocol }} +{{- end }} + selector: + app: {{ template "zookeeper.name" . }} + release: {{ .Release.Name }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/service.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/service.yaml new file mode 100755 index 0000000..09fc1dc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/service.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "zookeeper.fullname" . }} + labels: + app: {{ template "zookeeper.name" . }} + chart: {{ template "zookeeper.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.service.annotations }} + annotations: +{{- with .Values.service.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- end }} +spec: + type: {{ .Values.service.type }} + ports: + {{- range $key, $value := .Values.service.ports }} + - name: {{ $key }} +{{ toYaml $value | indent 6 }} + {{- end }} +{{- if .Values.exporters.jmx.enabled }} + {{- range $key, $port := .Values.exporters.jmx.ports }} + - name: {{ $key }} + port: {{ $port.containerPort }} + targetPort: {{ $key }} + protocol: {{ $port.protocol }} + {{- end }} +{{- end}} +{{- if .Values.exporters.zookeeper.enabled }} + {{- range $key, $port := .Values.exporters.zookeeper.ports }} + - name: {{ $key }} + port: {{ $port.containerPort }} + targetPort: {{ $key }} + protocol: {{ $port.protocol }} + {{- end }} +{{- end}} + selector: + app: {{ template "zookeeper.name" . }} + release: {{ .Release.Name }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/servicemonitors.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/servicemonitors.yaml new file mode 100755 index 0000000..0a230a2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/servicemonitors.yaml @@ -0,0 +1,56 @@ +{{- if and .Values.exporters.jmx.enabled .Values.prometheus.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "zookeeper.fullname" . }} + {{- if .Values.prometheus.serviceMonitor.namespace }} + namespace: {{ .Values.prometheus.serviceMonitor.namespace }} + {{- end }} + labels: +{{ toYaml .Values.prometheus.serviceMonitor.selector | indent 4 }} +spec: + endpoints: + {{- range $key, $port := .Values.exporters.jmx.ports }} + - port: {{ $key }} + path: {{ $.Values.exporters.jmx.path }} + interval: {{ $.Values.exporters.jmx.serviceMonitor.interval }} + scrapeTimeout: {{ $.Values.exporters.jmx.serviceMonitor.scrapeTimeout }} + scheme: {{ $.Values.exporters.jmx.serviceMonitor.scheme }} + {{- end }} + selector: + matchLabels: + app: {{ include "zookeeper.name" . }} + release: {{ .Release.Name }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} +--- + +{{- if and .Values.exporters.zookeeper.enabled .Values.prometheus.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "zookeeper.fullname" . }}-exporter + {{- if .Values.prometheus.serviceMonitor.namespace }} + namespace: {{ .Values.prometheus.serviceMonitor.namespace }} + {{- end }} + labels: +{{ toYaml .Values.prometheus.serviceMonitor.selector | indent 4 }} +spec: + endpoints: + {{- range $key, $port := .Values.exporters.zookeeper.ports }} + - port: {{ $key }} + path: {{ $.Values.exporters.zookeeper.path }} + interval: {{ $.Values.exporters.zookeeper.serviceMonitor.interval }} + scrapeTimeout: {{ $.Values.exporters.zookeeper.serviceMonitor.scrapeTimeout }} + scheme: {{ $.Values.exporters.zookeeper.serviceMonitor.scheme }} + {{- end }} + selector: + matchLabels: + app: {{ include "zookeeper.name" . }} + release: {{ .Release.Name }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/statefulset.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/statefulset.yaml new file mode 100755 index 0000000..6d508a6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/templates/statefulset.yaml @@ -0,0 +1,226 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "zookeeper.fullname" . }} + labels: + app: {{ template "zookeeper.name" . }} + chart: {{ template "zookeeper.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: server +spec: + serviceName: {{ template "zookeeper.headless" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "zookeeper.name" . }} + release: {{ .Release.Name }} + component: server + updateStrategy: +{{ toYaml .Values.updateStrategy | indent 4 }} + template: + metadata: + labels: + app: {{ template "zookeeper.name" . }} + release: {{ .Release.Name }} + component: server + {{- if .Values.podLabels }} + ## Custom pod labels + {{- range $key, $value := .Values.podLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- if .Values.podAnnotations }} + annotations: + ## Custom pod annotations + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + spec: + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} +{{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" +{{- end }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} +{{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" +{{- end }} + containers: + + - name: zookeeper + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.command }} + command: {{ range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + ports: +{{- range $key, $port := .Values.ports }} + - name: {{ $key }} +{{ toYaml $port | indent 14 }} +{{- end }} + livenessProbe: + exec: + command: + - sh + - /config-scripts/ok + initialDelaySeconds: 20 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + readinessProbe: + exec: + command: + - sh + - /config-scripts/ready + initialDelaySeconds: 20 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + env: + - name: ZK_REPLICAS + value: {{ .Values.replicaCount | quote }} + {{- range $key, $value := .Values.env }} + - name: {{ $key | upper | replace "." "_" }} + value: {{ $value | quote }} + {{- end }} + {{- range $secret := .Values.secrets }} + {{- range $key := $secret.keys }} + - name: {{ (print $secret.name "_" $key) | upper }} + valueFrom: + secretKeyRef: + name: {{ $secret.name }} + key: {{ $key }} + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumeMounts: + - name: data + mountPath: /data + {{- range $secret := .Values.secrets }} + {{- if $secret.mountPath }} + {{- range $key := $secret.keys }} + - name: {{ $.Release.Name }}-{{ $secret.name }} + mountPath: {{ $secret.mountPath }}/{{ $key }} + subPath: {{ $key }} + readOnly: true + {{- end }} + {{- end }} + {{- end }} + - name: config + mountPath: /config-scripts + + +{{- if .Values.exporters.jmx.enabled }} + - name: jmx-exporter + image: "{{ .Values.exporters.jmx.image.repository }}:{{ .Values.exporters.jmx.image.tag }}" + imagePullPolicy: {{ .Values.exporters.jmx.image.pullPolicy }} + ports: + {{- range $key, $port := .Values.exporters.jmx.ports }} + - name: {{ $key }} +{{ toYaml $port | indent 14 }} + {{- end }} + livenessProbe: +{{ toYaml .Values.exporters.jmx.livenessProbe | indent 12 }} + readinessProbe: +{{ toYaml .Values.exporters.jmx.readinessProbe | indent 12 }} + env: + - name: SERVICE_PORT + value: {{ .Values.exporters.jmx.ports.jmxxp.containerPort | quote }} + {{- with .Values.exporters.jmx.env }} + {{- range $key, $value := . }} + - name: {{ $key | upper | replace "." "_" }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.exporters.jmx.resources | indent 12 }} + volumeMounts: + - name: config-jmx-exporter + mountPath: /opt/jmx_exporter/config.yml + subPath: config.yml +{{- end }} + +{{- if .Values.exporters.zookeeper.enabled }} + - name: zookeeper-exporter + image: "{{ .Values.exporters.zookeeper.image.repository }}:{{ .Values.exporters.zookeeper.image.tag }}" + imagePullPolicy: {{ .Values.exporters.zookeeper.image.pullPolicy }} + args: + - -bind-addr=:{{ .Values.exporters.zookeeper.ports.zookeeperxp.containerPort }} + - -metrics-path={{ .Values.exporters.zookeeper.path }} + - -zookeeper=localhost:{{ .Values.ports.client.containerPort }} + - -log-level={{ .Values.exporters.zookeeper.config.logLevel }} + - -reset-on-scrape={{ .Values.exporters.zookeeper.config.resetOnScrape }} + ports: + {{- range $key, $port := .Values.exporters.zookeeper.ports }} + - name: {{ $key }} +{{ toYaml $port | indent 14 }} + {{- end }} + livenessProbe: +{{ toYaml .Values.exporters.zookeeper.livenessProbe | indent 12 }} + readinessProbe: +{{ toYaml .Values.exporters.zookeeper.readinessProbe | indent 12 }} + env: + {{- range $key, $value := .Values.exporters.zookeeper.env }} + - name: {{ $key | upper | replace "." "_" }} + value: {{ $value | quote }} + {{- end }} + resources: +{{ toYaml .Values.exporters.zookeeper.resources | indent 12 }} +{{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "zookeeper.fullname" . }} + defaultMode: 0555 + {{- range .Values.secrets }} + - name: {{ $.Release.Name }}-{{ .name }} + secret: + secretName: {{ .name }} + {{- end }} + {{- if .Values.exporters.jmx.enabled }} + - name: config-jmx-exporter + configMap: + name: {{ .Release.Name }}-jmx-exporter + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/values.yaml b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/values.yaml new file mode 100755 index 0000000..19830ea --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/charts/zookeeper/values.yaml @@ -0,0 +1,300 @@ +## As weighted quorums are not supported, it is imperative that an odd number of replicas +## be chosen. Moreover, the number of replicas should be either 1, 3, 5, or 7. +## +## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper#stateful-set +replicaCount: 3 # Desired quantity of ZooKeeper pods. This should always be (1,3,5, or 7) + +podDisruptionBudget: + maxUnavailable: 1 # Limits how many Zokeeper pods may be unavailable due to voluntary disruptions. + +terminationGracePeriodSeconds: 1800 # Duration in seconds a Zokeeper pod needs to terminate gracefully. + +updateStrategy: + type: RollingUpdate + +## refs: +## - https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper +## - https://github.com/kubernetes/contrib/blob/master/statefulsets/zookeeper/Makefile#L1 +image: + repository: zookeeper # Container image repository for zookeeper container. + tag: 3.5.5 # Container image tag for zookeeper container. + pullPolicy: IfNotPresent # Image pull criteria for zookeeper container. + +service: + type: ClusterIP # Exposes zookeeper on a cluster-internal IP. + annotations: {} # Arbitrary non-identifying metadata for zookeeper service. + ## AWS example for use with LoadBalancer service type. + # external-dns.alpha.kubernetes.io/hostname: zookeeper.cluster.local + # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + ports: + client: + port: 2181 # Service port number for client port. + targetPort: client # Service target port for client port. + protocol: TCP # Service port protocol for client port. + +## Headless service. +## +headless: + annotations: {} + # publishNotReadyAddresses, default false for backward compatibility + # set to true to register DNS entries for unready pods, which helps in rare + # occasions when cluster is unable to be created, DNS caching is enforced + # or pods are in persistent crash loop + publishNotReadyAddresses: false + +ports: + client: + containerPort: 2181 # Port number for zookeeper container client port. + protocol: TCP # Protocol for zookeeper container client port. + election: + containerPort: 3888 # Port number for zookeeper container election port. + protocol: TCP # Protocol for zookeeper container election port. + server: + containerPort: 2888 # Port number for zookeeper container server port. + protocol: TCP # Protocol for zookeeper container server port. + +resources: {} # Optionally specify how much CPU and memory (RAM) each zookeeper container needs. + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +priorityClassName: "" + +nodeSelector: {} # Node label-values required to run zookeeper pods. + +tolerations: [] # Node taint overrides for zookeeper pods. + +affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods. + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - topologyKey: "kubernetes.io/hostname" + # labelSelector: + # matchLabels: + # release: zookeeper + +podAnnotations: {} # Arbitrary non-identifying metadata for zookeeper pods. + # prometheus.io/scrape: "true" + # prometheus.io/path: "/metrics" + # prometheus.io/port: "9141" + +podLabels: {} # Key/value pairs that are attached to zookeeper pods. + # team: "developers" + # service: "zookeeper" + +securityContext: + fsGroup: 1000 + runAsUser: 1000 + +## Useful, if you want to use an alternate image. +command: + - /bin/bash + - -xec + - /config-scripts/run + +## Useful if using any custom authorizer. +## Pass any secrets to the kafka pods. Each secret will be passed as an +## environment variable by default. The secret can also be mounted to a +## specific path (in addition to environment variable) if required. Environment +## variable names are generated as: `_` (All upper case) +# secrets: +# - name: myKafkaSecret +# keys: +# - username +# - password +# # mountPath: /opt/kafka/secret +# - name: myZkSecret +# keys: +# - user +# - pass +# mountPath: /opt/zookeeper/secret + +persistence: + enabled: true + ## zookeeper data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 5Gi + +## Exporters query apps for metrics and make those metrics available for +## Prometheus to scrape. +exporters: + + jmx: + enabled: false + image: + repository: sscaling/jmx-prometheus-exporter + tag: 0.3.0 + pullPolicy: IfNotPresent + config: + lowercaseOutputName: false + ## ref: https://github.com/prometheus/jmx_exporter/blob/master/example_configs/zookeeper.yaml + rules: + - pattern: "org.apache.ZooKeeperService<>(\\w+)" + name: "zookeeper_$2" + - pattern: "org.apache.ZooKeeperService<>(\\w+)" + name: "zookeeper_$3" + labels: + replicaId: "$2" + - pattern: "org.apache.ZooKeeperService<>(\\w+)" + name: "zookeeper_$4" + labels: + replicaId: "$2" + memberType: "$3" + - pattern: "org.apache.ZooKeeperService<>(\\w+)" + name: "zookeeper_$4_$5" + labels: + replicaId: "$2" + memberType: "$3" + startDelaySeconds: 30 + env: {} + resources: {} + path: /metrics + ports: + jmxxp: + containerPort: 9404 + protocol: TCP + livenessProbe: + httpGet: + path: /metrics + port: jmxxp + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 60 + failureThreshold: 8 + successThreshold: 1 + readinessProbe: + httpGet: + path: /metrics + port: jmxxp + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 60 + failureThreshold: 8 + successThreshold: 1 + serviceMonitor: + interval: 30s + scrapeTimeout: 30s + scheme: http + + zookeeper: + ## refs: + ## - https://github.com/carlpett/zookeeper_exporter + ## - https://hub.docker.com/r/josdotso/zookeeper-exporter/ + ## - https://www.datadoghq.com/blog/monitoring-kafka-performance-metrics/#zookeeper-metrics + enabled: false + image: + repository: josdotso/zookeeper-exporter + tag: v1.1.2 + pullPolicy: IfNotPresent + config: + logLevel: info + resetOnScrape: "true" + env: {} + resources: {} + path: /metrics + ports: + zookeeperxp: + containerPort: 9141 + protocol: TCP + livenessProbe: + httpGet: + path: /metrics + port: zookeeperxp + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 60 + failureThreshold: 8 + successThreshold: 1 + readinessProbe: + httpGet: + path: /metrics + port: zookeeperxp + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 60 + failureThreshold: 8 + successThreshold: 1 + serviceMonitor: + interval: 30s + scrapeTimeout: 30s + scheme: http + +## ServiceMonitor configuration in case you are using Prometheus Operator +prometheus: + serviceMonitor: + ## If true a ServiceMonitor for each enabled exporter will be installed + enabled: false + ## The namespace where the ServiceMonitor(s) will be installed + # namespace: monitoring + ## The selector the Prometheus instance is searching for + ## [Default Prometheus Operator selector] (https://github.com/helm/charts/blob/f5a751f174263971fafd21eee4e35416d6612a3d/stable/prometheus-operator/templates/prometheus/prometheus.yaml#L74) + selector: {} + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper +env: + + ## Options related to JMX exporter. + ## ref: https://github.com/apache/zookeeper/blob/master/bin/zkServer.sh#L36 + JMXAUTH: "false" + JMXDISABLE: "false" + JMXPORT: 1099 + JMXSSL: "false" + + ## The port on which the server will accept client requests. + ZOO_PORT: 2181 + + ## The number of Ticks that an ensemble member is allowed to perform leader + ## election. + ZOO_INIT_LIMIT: 5 + + ZOO_TICK_TIME: 2000 + + ## The maximum number of concurrent client connections that + ## a server in the ensemble will accept. + ZOO_MAX_CLIENT_CNXNS: 60 + + ## The number of Tick by which a follower may lag behind the ensembles leader. + ZK_SYNC_LIMIT: 10 + + ## The number of wall clock ms that corresponds to a Tick for the ensembles + ## internal time. + ZK_TICK_TIME: 2000 + + ZOO_AUTOPURGE_PURGEINTERVAL: 0 + ZOO_AUTOPURGE_SNAPRETAINCOUNT: 3 + ZOO_STANDALONE_ENABLED: false + +jobs: + ## ref: http://zookeeper.apache.org/doc/r3.4.10/zookeeperProgrammers.html#ch_zkSessions + chroots: + enabled: false + activeDeadlineSeconds: 300 + backoffLimit: 5 + completions: 1 + config: + create: [] + # - /kafka + # - /ureplicator + env: [] + parallelism: 1 + resources: {} + restartPolicy: Never diff --git a/packer/ansible/roles/helm_install/files/druid/install.txt b/packer/ansible/roles/helm_install/files/druid/install.txt new file mode 100644 index 0000000..5f3f942 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/install.txt @@ -0,0 +1,3 @@ +helm uninstall druid -n dsk-middle +helm install druid . -n dsk-middle -f override-values.yaml --create-namespace +helm upgrade druid . -n dsk-middle -f override-values.yaml diff --git a/packer/ansible/roles/helm_install/files/druid/override-values.yaml b/packer/ansible/roles/helm_install/files/druid/override-values.yaml new file mode 100644 index 0000000..4b14021 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/override-values.yaml @@ -0,0 +1,225 @@ +configVars: + druid_extensions_loadList: '["druid-histogram", "druid-datasketches", "druid-lookups-cached-global", "postgresql-metadata-storage", "druid-kafka-extraction-namespace", "druid-kafka-indexing-service", "prometheus-emitter","druid-s3-extensions"]' + druid_metadata_storage_connector_connectURI: jdbc:postgresql://druid-postgresql:5432/druid + # integration druid exporter configuration + druid_emitter: prometheus + druid_emitter_prometheus_strategy: exporter + druid_emitter_prometheus_port: "9000" + druid_monitoring_monitors: '["org.apache.druid.java.util.metrics.JvmMonitor", "org.apache.druid.java.util.metrics.JvmThreadsMonitor"]' + + # 폴더 생성이 이상함. 옵션 추후 다시 확인 필요 + druid_storage_type: s3 + druid_storage_bucket: druid.dev.datasaker.io + druid_storage_baseKey: druid-data/segments + druid_s3_accessKey: + druid_s3_secretKey: + AWS_REGION: "ap-northeast-2" + druid_s3_forceGlobalBucketAccessEnabled: "false" + druid_storage_disableAcl: "true" + druid_indexer_logs_type: s3 + druid_indexer_logs_s3Bucket: druid.dev.datasaker.io + druid_indexer_logs_s3Prefix: druid-data/logs + druid_indexer_logs_disableAcl: "true" + druid_s3_endpoint_signingRegion: "ap-northeast-2" + druid_s3_endpoint_url: "https://s3.ap-northeast-2.amazonaws.com/druid.dev.datasaker.io/druid-data" + druid_s3_protocol: "https" + druid_s3_enablePathStyleAccess: "true" + +broker: + config: + DRUID_XMX: 8g + DRUID_XMS: 8g + DRUID_MAXDIRECTMEMORYSIZE: 12g + JAVA_OPTS: "-XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/logs/druid/historical.hprof" + druid_server_http_maxSubqueryRows: "1000000" + druid_server_http_numThreads: 60 + druid_broker_http_numConnections: 50 + druid_broker_http_maxQueuedBytes: '10MiB' + druid_processing_numMergeBuffers: 6 + druid_processing_buffer_sizeBytes: '500MiB' + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/druid-size + operator: In + values: + - middle + +coordinator: + config: + DRUID_XMX: 8g + DRUID_XMS: 8g + JAVA_OPTS: "-XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/logs/druid/historical.hprof" + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/druid-size + operator: In + values: + - middle + +overlord: + javaOpts: "-Xms4G -Xmx4G" + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/druid-size + operator: In + values: + - middle + +historical: + config: + DRUID_XMX: 8g + DRUID_XMS: 8g + DRUID_MAXDIRECTMEMORYSIZE: 12g + JAVA_OPTS: "-XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/logs/druid/historical.hprof" + druid_server_http_numThreads: 60 + druid_processing_numThreads: 16 + druid_processing_numMergeBuffers: 4 + druid_processing_buffer_sizeBytes: '500MiB' + druid_segmentCache_locations: '[{"path":"/opt/druid/var/druid/segment-cache","maxSize":"300g"}]' + druid_server_maxSize: '800g' + druid_historical_cache_useCache: true + druid_historical_cache_populateCache: true + druid_cache_type: 'caffeine' + druid_cache_sizeInBytes: '256MiB' + + persistence: + enabled: false + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/druid-size + operator: In + values: + - large + +middleManager: + config: + DRUID_XMX: 128m + DRUID_XMS: 128m + JAVA_OPTS: "-XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/logs/druid/historical.hprof" + druid_indexer_runner_javaOptsArray: '["-server", "-Xms1g", "-Xmx1g", "-XX:MaxDirectMemorySize=4g", "-XX:+UseG1GC", "-Duser. timezone=UTC", "-Dfile.encoding=UTF-8", "-XX:+ExitOnOutOfMemoryError", "-Djava.util.logging.manager=org.apache.logging.log4j.jul. LogManager"]' + druid_indexer_task_baseTaskDir: var/druid/task + druid_worker_capacity: 20 + druid_indexer_fork_property_druid_processing_buffer_sizeBytes: '500MiB' + druid_indexer_fork_property_druid_processing_numThreads: 4 + druid_indexer_fork_property_druid_processing_numMergeBuffers: 2 + + persistence: + enabled: false + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/druid-size + operator: In + values: + - large + +router: + config: + DRUID_XMX: 1g + DRUID_XMS: 1g + DRUID_MAXDIRECTMEMORYSIZE: 3g + JAVA_OPTS: "-XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/logs/druid/historical.hprof" + + serviceType: NodePort + # templates/router/service.yaml에서 nodePort 속성 추가 + nodePort: 30888 + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/druid-size + operator: In + values: + - small + +# ------------------------------------------------------------------------------ +# Zookeeper: +# ------------------------------------------------------------------------------ +zookeeper: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + +# ------------------------------------------------------------------------------ +# postgres: +# ------------------------------------------------------------------------------ +postgresql: + master: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + slave: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + diff --git a/packer/ansible/roles/helm_install/files/druid/override-values.yaml_221206 b/packer/ansible/roles/helm_install/files/druid/override-values.yaml_221206 new file mode 100644 index 0000000..8a0272f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/override-values.yaml_221206 @@ -0,0 +1,175 @@ +configVars: + druid_extensions_loadList: '["druid-histogram", "druid-datasketches", "druid-lookups-cached-global", "postgresql-metadata-storage", "druid-kafka-extraction-namespace", "druid-kafka-indexing-service"]' + druid_metadata_storage_connector_connectURI: jdbc:postgresql://druid-postgresql:5432/druid + # integration druid exporter configuration + druid_emitter: http + druid_emitter_http_recipientBaseUrl: http://prometheus-druid-exporter:8080/druid + +broker: + config: + DRUID_XMX: 4g + DRUID_XMS: 4g + DRUID_MAXDIRECTMEMORYSIZE: 1g + druid_server_http_maxSubqueryRows: "1000000" + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +coordinator: + config: + DRUID_XMX: 4g + DRUID_XMS: 4g + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +overlord: + javaOpts: "-Xms4G -Xmx4G" + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +historical: + config: + DRUID_XMX: 10g + DRUID_XMS: 10g + druid_processing_numThreads: 3 + druid_segmentCache_locations: '[{"path":"/opt/druid/var/druid/segment-cache","maxSize":"500g"}]' + druid_server_maxSize: '500g' + persistence: + size: "500Gi" + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +middleManager: + config: + DRUID_XMX: 1g + DRUID_XMS: 1g + druid_indexer_runner_javaOptsArray: '["-server", "-Xms4g", "-Xmx4g", "-XX:MaxDirectMemorySize=6g", "-XX:+UseStringDeduplication", "-Duser.timezone=UTC", "-Dfile.encoding=UTF-8", "-XX:+ExitOnOutOfMemoryError", "-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager"]' + druid_worker.capacity: 8 + druid_indexer_fork_property_druid_processing_buffer_sizeBytes: '330MiB' + druid_indexer_fork_property_druid_processing_numThreads: 1 + druid_indexer_fork_property_druid_processing_numMergeBuffers: 2 + persistence: + size: "500Gi" + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + +router: + serviceType: NodePort + # templates/router/service.yaml에서 nodePort 속성 추가 + nodePort: 30888 + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + +# ------------------------------------------------------------------------------ +# Zookeeper: +# ------------------------------------------------------------------------------ +zookeeper: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + +# ------------------------------------------------------------------------------ +# postgres: +# ------------------------------------------------------------------------------ +postgresql: + master: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + slave: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid diff --git a/packer/ansible/roles/helm_install/files/druid/override-values.yaml_221207 b/packer/ansible/roles/helm_install/files/druid/override-values.yaml_221207 new file mode 100644 index 0000000..20f4f45 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/override-values.yaml_221207 @@ -0,0 +1,194 @@ +configVars: + druid_extensions_loadList: '["druid-histogram", "druid-datasketches", "druid-lookups-cached-global", "postgresql-metadata-storage", "druid-kafka-extraction-namespace", "druid-kafka-indexing-service", "druid-s3-extensions"]' + druid_metadata_storage_connector_connectURI: jdbc:postgresql://druid-postgresql:5432/druid + # integration druid exporter configuration + druid_emitter: http + druid_emitter_http_recipientBaseUrl: http://prometheus-druid-exporter:8080/druid + + # 폴더 생성이 이상함. 옵션 추후 다시 확인 필요 + druid_storage_type: s3 + druid_storage_bucket: druid.dev.datasaker.io + druid_storage_baseKey: druid-data/segments + druid_s3_accessKey: + druid_s3_secretKey: + AWS_REGION: "ap-northeast-2" + druid_s3_forceGlobalBucketAccessEnabled: "false" + druid_storage_disableAcl: "true" + druid_indexer_logs_type: s3 + druid_indexer_logs_s3Bucket: druid.dev.datasaker.io + druid_indexer_logs_s3Prefix: druid-data/logs + druid_indexer_logs_disableAcl: "true" + druid_s3_endpoint_signingRegion: "ap-northeast-2" + druid_s3_endpoint_url: "https://s3.ap-northeast-2.amazonaws.com/druid.dev.datasaker.io/druid-data" + druid_s3_protocol: "https" + druid_s3_enablePathStyleAccess: "true" + +broker: + config: + DRUID_XMX: 4g + DRUID_XMS: 4g + DRUID_MAXDIRECTMEMORYSIZE: 1g + druid_server_http_maxSubqueryRows: "1000000" + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kops.k8s.io/instancegroup + operator: In + values: + - dev-data-druid-b + +coordinator: + config: + DRUID_XMX: 4g + DRUID_XMS: 4g + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kops.k8s.io/instancegroup + operator: In + values: + - dev-data-druid-b + +overlord: + javaOpts: "-Xms4G -Xmx4G" + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kops.k8s.io/instancegroup + operator: In + values: + - dev-data-druid-b + +historical: + config: + DRUID_XMX: 10g + DRUID_XMS: 10g + druid_processing_numThreads: 3 + druid_segmentCache_locations: '[{"path":"/opt/druid/var/druid/segment-cache","maxSize":"500g"}]' + druid_server_maxSize: '500g' + persistence: + enabled: false + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kops.k8s.io/instancegroup + operator: In + values: + - dev-data-druid-c + +middleManager: + config: + DRUID_XMX: 1g + DRUID_XMS: 1g + druid_indexer_runner_javaOptsArray: '["-server", "-Xms4g", "-Xmx4g", "-XX:MaxDirectMemorySize=6g", "-XX:+UseStringDeduplication", "-Duser.timezone=UTC", "-Dfile.encoding=UTF-8", "-XX:+ExitOnOutOfMemoryError", "-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager"]' + druid_worker.capacity: 8 + druid_indexer_fork_property_druid_processing_buffer_sizeBytes: '330MiB' + druid_indexer_fork_property_druid_processing_numThreads: 1 + druid_indexer_fork_property_druid_processing_numMergeBuffers: 2 + persistence: + enabled: false + + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kops.k8s.io/instancegroup + operator: In + values: + - dev-data-druid-c + +router: + serviceType: NodePort + # templates/router/service.yaml에서 nodePort 속성 추가 + nodePort: 30888 + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kops.k8s.io/instancegroup + operator: In + values: + - dev-data-druid-b + +# ------------------------------------------------------------------------------ +# Zookeeper: +# ------------------------------------------------------------------------------ +zookeeper: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + +# ------------------------------------------------------------------------------ +# postgres: +# ------------------------------------------------------------------------------ +postgresql: + master: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + slave: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + diff --git a/packer/ansible/roles/helm_install/files/druid/override-values.yaml_old b/packer/ansible/roles/helm_install/files/druid/override-values.yaml_old new file mode 100644 index 0000000..299dea3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/override-values.yaml_old @@ -0,0 +1,171 @@ +configVars: + druid_extensions_loadList: '["druid-histogram", "druid-datasketches", "druid-lookups-cached-global", "postgresql-metadata-storage", "druid-kafka-extraction-namespace", "druid-kafka-indexing-service"]' + druid_metadata_storage_connector_connectURI: jdbc:postgresql://druid-postgresql:5432/druid + +broker: + config: + DRUID_XMX: 4g + DRUID_XMS: 4g + DRUID_MAXDIRECTMEMORYSIZE: 1g + druid_server_http_maxSubqueryRows: "1000000" + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +coordinator: + config: + DRUID_XMX: 4g + DRUID_XMS: 4g + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +overlord: + javaOpts: "-Xms4G -Xmx4G" + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +historical: + config: + DRUID_XMX: 2g + DRUID_XMS: 2g + druid_processing_numThreads: 3 + druid_segmentCache_locations: '[{"path":"/opt/druid/var/druid/segment-cache","maxSize":"500g"}]' + druid_server_maxSize: '500g' + persistence: + size: "500Gi" + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +middleManager: + config: + DRUID_XMX: 9g + DRUID_XMS: 9g + druid_indexer_runner_javaOptsArray: '["-server", "-Xms1g", "-Xmx1g", "-XX:MaxDirectMemorySize=3g", "-Duser.timezone=UTC", "-Dfile.encoding=UTF-8", "-XX:+ExitOnOutOfMemoryError", "-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager"]' + druid_worker.capacity: 8 + druid_indexer_fork_property_druid_processing_buffer_sizeBytes: '330MiB' + druid_indexer_fork_property_druid_processing_numThreads: 1 + druid_indexer_fork_property_druid_processing_numMergeBuffers: 2 + persistence: + size: "500Gi" + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +router: + serviceType: NodePort + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +# ------------------------------------------------------------------------------ +# Zookeeper: +# ------------------------------------------------------------------------------ +# zookeeper: +zookeeper: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + +# ------------------------------------------------------------------------------ +# postgres: +# ------------------------------------------------------------------------------ +# postgresql: +postgresql: + master: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + slave: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + + + + +# Secrets diff --git a/packer/ansible/roles/helm_install/files/druid/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/druid/templates/NOTES.txt new file mode 100644 index 0000000..be1c96f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/NOTES.txt @@ -0,0 +1,38 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +1. Get the router URL by running these commands: +{{- if .Values.router.ingress.enabled }} +{{- range .Values.router.ingress.hosts }} + http{{ if $.Values.router.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.router.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.router.serviceType }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "druid.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.router.serviceType }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "druid.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "druid.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.router.port }} +{{- else if contains "ClusterIP" .Values.router.serviceType }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ include "druid.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.router.port }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/druid/templates/_helpers.tpl new file mode 100644 index 0000000..bb47149 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/_helpers.tpl @@ -0,0 +1,100 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "druid.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "druid.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "druid.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified historical name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "druid.historical.fullname" -}} +{{ template "druid.fullname" . }}-{{ .Values.historical.name }} +{{- end -}} + +{{/* +Create a default fully qualified middleManager name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "druid.middleManager.fullname" -}} +{{ template "druid.fullname" . }}-{{ .Values.middleManager.name }} +{{- end -}} + + +{{/* +Create a default fully qualified broker name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "druid.broker.fullname" -}} +{{ template "druid.fullname" . }}-{{ .Values.broker.name }} +{{- end -}} + +{{/* +Create a default fully qualified overlord name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "druid.overlord.fullname" -}} +{{ template "druid.fullname" . }}-{{ .Values.overlord.name }} +{{- end -}} + +{{/* +Create a default fully qualified coordinator name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "druid.coordinator.fullname" -}} +{{ template "druid.fullname" . }}-{{ .Values.coordinator.name }} +{{- end -}} + +{{/* +Create a default fully qualified router name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "druid.router.fullname" -}} +{{ template "druid.fullname" . }}-{{ .Values.router.name }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/broker/deployment.yaml b/packer/ansible/roles/helm_install/files/druid/templates/broker/deployment.yaml new file mode 100644 index 0000000..ab049dd --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/broker/deployment.yaml @@ -0,0 +1,99 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.broker.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "druid.broker.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.broker.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.broker.replicaCount }} + selector: + matchLabels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.broker.name }} + template: + metadata: + labels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.broker.name }} + {{- with .Values.broker.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: [ "broker" ] + env: + {{- range $key, $val := .Values.broker.config }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + envFrom: + - configMapRef: + name: {{ template "druid.name" . }} + ports: + - name: http + containerPort: {{ .Values.broker.port }} + protocol: TCP + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - name: metric + containerPort: {{ .Values.configVars.druid_emitter_prometheus_port }} + protocol: TCP + {{ end }} + livenessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.broker.port }} + readinessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.broker.port }} + resources: +{{ toYaml .Values.broker.resources | indent 12 }} + {{- with .Values.broker.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.broker.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.broker.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.image.pullSecrets }} + imagePullSecrets: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/broker/ingress.yaml b/packer/ansible/roles/helm_install/files/druid/templates/broker/ingress.yaml new file mode 100644 index 0000000..df27d7e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/broker/ingress.yaml @@ -0,0 +1,58 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.broker.ingress.enabled -}} +{{- $fullName := include "druid.broker.fullname" . -}} +{{- $ingressPath := .Values.broker.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.broker.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.broker.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.broker.ingress.tls }} + tls: + {{- range .Values.broker.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.broker.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/broker/service.yaml b/packer/ansible/roles/helm_install/files/druid/templates/broker/service.yaml new file mode 100644 index 0000000..d409aa1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/broker/service.yaml @@ -0,0 +1,48 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.broker.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "druid.broker.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.broker.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.broker.serviceType }} + ports: + - port: {{ .Values.broker.port }} + targetPort: http + protocol: TCP + name: http + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - port: {{ .Values.configVars.druid_emitter_prometheus_port }} + targetPort: metric + protocol: TCP + name: metric + {{ end }} + selector: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.broker.name }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/configmap.yaml b/packer/ansible/roles/helm_install/files/druid/templates/configmap.yaml new file mode 100644 index 0000000..85e6203 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/configmap.yaml @@ -0,0 +1,52 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.configMap.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "druid.name" . }} + labels: + app: {{ template "druid.name" . }} + chart: {{ template "druid.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ toYaml .Values.configVars | indent 2 }} +{{- if .Values.zookeeper.enabled }} + druid_zk_service_host: {{ .Release.Name }}-zookeeper-headless:2181 +{{- else }} + druid_zk_service_host: {{ .Values.zkHosts }} +{{- end }} +{{- if .Values.mysql.enabled }} + druid_metadata_storage_type: mysql + druid_metadata_storage_connector_connectURI: jdbc:mysql://{{ .Release.Name }}-mysql:3306/{{ .Values.mysql.mysqlDatabase}} + druid_metadata_storage_connector_user: {{ .Values.mysql.mysqlUser }} + druid_metadata_storage_connector_password: {{ .Values.mysql.mysqlPassword }} +{{- end }} +{{- if .Values.postgresql.enabled }} + druid_metadata_storage_type: postgresql + druid_metadata_storage_connector_connectURI: jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port}}/{{ .Values.postgresql.postgresqlDatabase }} + druid_metadata_storage_connector_user: {{ .Values.postgresql.postgresqlUsername }} + druid_metadata_storage_connector_password: {{ .Values.postgresql.postgresqlPassword }} +{{- end }} +{{- if .Values.gCloudStorage.enabled }} + GOOGLE_APPLICATION_CREDENTIALS: /var/secrets/google/key.json +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/templates/coordinator/deployment.yaml b/packer/ansible/roles/helm_install/files/druid/templates/coordinator/deployment.yaml new file mode 100644 index 0000000..876a3a0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/coordinator/deployment.yaml @@ -0,0 +1,110 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.coordinator.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "druid.coordinator.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.coordinator.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.coordinator.replicaCount }} + selector: + matchLabels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.coordinator.name }} + template: + metadata: + labels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.coordinator.name }} + {{- with .Values.coordinator.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: [ "coordinator" ] + env: + {{- range $key, $val := .Values.coordinator.config }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + envFrom: + - configMapRef: + name: {{ template "druid.name" . }} + ports: + - name: http + containerPort: {{ .Values.coordinator.port }} + protocol: TCP + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - name: metric + containerPort: {{ .Values.configVars.druid_emitter_prometheus_port }} + protocol: TCP + {{ end }} + livenessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.coordinator.port }} + readinessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.coordinator.port }} + resources: +{{ toYaml .Values.coordinator.resources | indent 12 }} + volumeMounts: + {{- if .Values.gCloudStorage.enabled }} + - name: google-cloud-key + mountPath: /var/secrets/google + {{- end }} + volumes: + {{- if .Values.gCloudStorage.enabled }} + - name: google-cloud-key + secret: + secretName: {{ .Values.gCloudStorage.secretName }} + {{- end }} + {{- with .Values.coordinator.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.coordinator.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.coordinator.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.image.pullSecrets }} + imagePullSecrets: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/coordinator/ingress.yaml b/packer/ansible/roles/helm_install/files/druid/templates/coordinator/ingress.yaml new file mode 100644 index 0000000..8d64ea7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/coordinator/ingress.yaml @@ -0,0 +1,58 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.coordinator.ingress.enabled -}} +{{- $fullName := include "druid.coordinator.fullname" . -}} +{{- $ingressPath := .Values.coordinator.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.coordinator.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.coordinator.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.coordinator.ingress.tls }} + tls: + {{- range .Values.coordinator.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.coordinator.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/coordinator/service.yaml b/packer/ansible/roles/helm_install/files/druid/templates/coordinator/service.yaml new file mode 100644 index 0000000..2d72a42 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/coordinator/service.yaml @@ -0,0 +1,48 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.coordinator.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "druid.coordinator.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.coordinator.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.coordinator.serviceType }} + ports: + - port: {{ .Values.coordinator.port }} + targetPort: http + protocol: TCP + name: http + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - port: {{ .Values.configVars.druid_emitter_prometheus_port }} + targetPort: metric + protocol: TCP + name: metric + {{ end }} + selector: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.coordinator.name }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/historical/ingress.yaml b/packer/ansible/roles/helm_install/files/druid/templates/historical/ingress.yaml new file mode 100644 index 0000000..466e3c5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/historical/ingress.yaml @@ -0,0 +1,58 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.historical.ingress.enabled -}} +{{- $fullName := include "druid.historical.fullname" . -}} +{{- $ingressPath := .Values.historical.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.historical.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.historical.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.historical.ingress.tls }} + tls: + {{- range .Values.historical.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.historical.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/historical/pdb.yaml b/packer/ansible/roles/helm_install/files/druid/templates/historical/pdb.yaml new file mode 100644 index 0000000..13b0000 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/historical/pdb.yaml @@ -0,0 +1,43 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.historical.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: {{ template "druid.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: {{ .Values.historical.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "druid.historical.fullname" . }} +spec: +{{- if .Values.historical.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.historical.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.historical.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.historical.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + app: {{ template "druid.name" . }} + component: {{ .Values.historical.name }} + release: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/templates/historical/service.yaml b/packer/ansible/roles/helm_install/files/druid/templates/historical/service.yaml new file mode 100644 index 0000000..c34fb90 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/historical/service.yaml @@ -0,0 +1,48 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.historical.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "druid.historical.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.historical.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.historical.serviceType }} + ports: + - port: {{ .Values.historical.port }} + targetPort: http + protocol: TCP + name: http + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - port: {{ .Values.configVars.druid_emitter_prometheus_port }} + targetPort: metric + protocol: TCP + name: metric + {{ end }} + selector: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.historical.name }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/historical/statefulset.yaml b/packer/ansible/roles/helm_install/files/druid/templates/historical/statefulset.yaml new file mode 100644 index 0000000..7b29903 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/historical/statefulset.yaml @@ -0,0 +1,164 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.historical.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: {{ template "druid.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: {{ .Values.historical.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "druid.historical.fullname" . }} +spec: + serviceName: {{ template "druid.historical.fullname" . }} + replicas: {{ .Values.historical.replicaCount }} + selector: + matchLabels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.historical.name }} + template: + metadata: + labels: + app: {{ template "druid.name" . }} + component: {{ .Values.historical.name }} + release: {{ .Release.Name }} + {{- with .Values.historical.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} + {{- end }} + spec: + {{- if or .Values.historical.antiAffinity .Values.historical.nodeAffinity }} + affinity: + {{- end }} + {{- if eq .Values.historical.antiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: "{{ template "druid.name" . }}" + release: "{{ .Release.Name }}" + component: "{{ .Values.historical.name }}" + {{- else if eq .Values.historical.antiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app: "{{ template "druid.name" . }}" + release: "{{ .Release.Name }}" + component: "{{ .Values.historical.name }}" + {{- end }} + {{- with .Values.historical.nodeAffinity }} + nodeAffinity: +{{ toYaml . | indent 10 }} + {{- end }} +{{- if .Values.historical.nodeSelector }} + nodeSelector: +{{ toYaml .Values.historical.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.historical.securityContext }} + securityContext: +{{ toYaml .Values.historical.securityContext | indent 8 }} +{{- end }} +{{- if .Values.historical.tolerations }} + tolerations: +{{ toYaml .Values.historical.tolerations | indent 8 }} +{{- end }} +{{- if .Values.image.pullSecrets }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- end }} + containers: + - name: druid + args: [ "historical" ] + env: + {{- range $key, $val := .Values.historical.config }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + envFrom: + - configMapRef: + name: {{ template "druid.name" . }} + resources: +{{ toYaml .Values.historical.resources | indent 12 }} + livenessProbe: + initialDelaySeconds: {{ .Values.historical.livenessProbeInitialDelaySeconds }} + httpGet: + path: /status/health + port: {{ .Values.historical.port }} + readinessProbe: + initialDelaySeconds: {{ .Values.historical.readinessProbeInitialDelaySeconds }} + httpGet: + path: /status/health + port: {{ .Values.historical.port }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + ports: + - containerPort: {{ .Values.historical.port }} + name: http + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - name: metric + containerPort: {{ .Values.configVars.druid_emitter_prometheus_port }} + protocol: TCP + {{ end }} + volumeMounts: + - mountPath: /opt/druid/var/druid/ + name: data + {{- if .Values.gCloudStorage.enabled }} + - name: google-cloud-key + mountPath: /var/secrets/google + {{- end }} + volumes: + {{- if not .Values.historical.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.gCloudStorage.enabled }} + - name: google-cloud-key + secret: + secretName: {{ .Values.gCloudStorage.secretName }} + {{- end }} + updateStrategy: + type: {{ .Values.historical.updateStrategy.type }} + {{- if .Values.historical.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - {{ .Values.historical.persistence.accessMode | quote }} + {{- if .Values.historical.persistence.storageClass }} + {{- if (eq "-" .Values.historical.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.historical.persistence.storageClass }}" + {{- end }} + {{- end }} + resources: + requests: + storage: "{{ .Values.historical.persistence.size }}" + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/middleManager/hpa.yaml b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/hpa.yaml new file mode 100644 index 0000000..fcda2f2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/hpa.yaml @@ -0,0 +1,40 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.middleManager.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "druid.middleManager.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: "{{ .Values.name }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "druid.middleManager.fullname" . }} + minReplicas: {{ .Values.middleManager.autoscaling.minReplicas }} + maxReplicas: {{ .Values.middleManager.autoscaling.maxReplicas }} + metrics: +{{ toYaml .Values.middleManager.autoscaling.metrics | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/templates/middleManager/ingress.yaml b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/ingress.yaml new file mode 100644 index 0000000..672580a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/ingress.yaml @@ -0,0 +1,58 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.middleManager.ingress.enabled -}} +{{- $fullName := include "druid.middleManager.fullname" . -}} +{{- $ingressPath := .Values.middleManager.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.middleManager.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.middleManager.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.middleManager.ingress.tls }} + tls: + {{- range .Values.middleManager.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.middleManager.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/middleManager/pdb.yaml b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/pdb.yaml new file mode 100644 index 0000000..5e3bccf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/pdb.yaml @@ -0,0 +1,43 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.middleManager.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: {{ template "druid.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: {{ .Values.middleManager.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "druid.middleManager.fullname" . }} +spec: +{{- if .Values.middleManager.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.middleManager.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.middleManager.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.middleManager.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + app: {{ template "druid.name" . }} + component: {{ .Values.middleManager.name }} + release: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/druid/templates/middleManager/service.yaml b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/service.yaml new file mode 100644 index 0000000..2d70ead --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/service.yaml @@ -0,0 +1,48 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.middleManager.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "druid.middleManager.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.middleManager.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.middleManager.serviceType }} + ports: + - port: {{ .Values.middleManager.port }} + targetPort: http + protocol: TCP + name: http + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - port: {{ .Values.configVars.druid_emitter_prometheus_port }} + targetPort: metric + protocol: TCP + name: metric + {{ end }} + selector: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.middleManager.name }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/middleManager/statefulset.yaml b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/statefulset.yaml new file mode 100644 index 0000000..05a8ac6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/middleManager/statefulset.yaml @@ -0,0 +1,164 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.middleManager.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: {{ template "druid.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: {{ .Values.middleManager.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "druid.middleManager.fullname" . }} +spec: + serviceName: {{ template "druid.middleManager.fullname" . }} + replicas: {{ .Values.middleManager.replicaCount }} + selector: + matchLabels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.middleManager.name }} + template: + metadata: + labels: + app: {{ template "druid.name" . }} + component: {{ .Values.middleManager.name }} + release: {{ .Release.Name }} + {{- if .Values.middleManager.podAnnotations }} + annotations: +{{ toYaml .Values.middleManager.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if or .Values.middleManager.antiAffinity .Values.middleManager.nodeAffinity }} + affinity: + {{- end }} + {{- if eq .Values.middleManager.antiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: "{{ template "druid.name" . }}" + release: "{{ .Release.Name }}" + component: "{{ .Values.middleManager.name }}" + {{- else if eq .Values.middleManager.antiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app: "{{ template "druid.name" . }}" + release: "{{ .Release.Name }}" + component: "{{ .Values.middleManager.name }}" + {{- end }} + {{- with .Values.middleManager.nodeAffinity }} + nodeAffinity: +{{ toYaml . | indent 10 }} + {{- end }} +{{- if .Values.middleManager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.middleManager.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.middleManager.securityContext }} + securityContext: +{{ toYaml .Values.middleManager.securityContext | indent 8 }} +{{- end }} +{{- if .Values.middleManager.tolerations }} + tolerations: +{{ toYaml .Values.middleManager.tolerations | indent 8 }} +{{- end }} +{{- if .Values.image.pullSecrets }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- end }} + containers: + - name: druid + args: [ "middleManager" ] + env: + {{- range $key, $val := .Values.middleManager.config }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + envFrom: + - configMapRef: + name: {{ template "druid.name" . }} + resources: +{{ toYaml .Values.middleManager.resources | indent 12 }} + livenessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.middleManager.port }} + readinessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.middleManager.port }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + ports: + - containerPort: {{ .Values.middleManager.port }} + name: http + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - name: metric + containerPort: {{ .Values.configVars.druid_emitter_prometheus_port }} + protocol: TCP + {{ end }} + volumeMounts: + - mountPath: /opt/druid/var/druid/ + name: data + {{- if .Values.gCloudStorage.enabled }} + - name: google-cloud-key + mountPath: /var/secrets/google + {{- end }} + volumes: + {{- if not .Values.middleManager.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.gCloudStorage.enabled }} + - name: google-cloud-key + secret: + secretName: {{ .Values.gCloudStorage.secretName }} + {{- end }} + updateStrategy: + type: {{ .Values.middleManager.updateStrategy.type }} + {{- if .Values.middleManager.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - {{ .Values.middleManager.persistence.accessMode | quote }} + {{- if .Values.middleManager.persistence.storageClass }} + {{- if (eq "-" .Values.middleManager.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.middleManager.persistence.storageClass }}" + {{- end }} + {{- end }} + resources: + requests: + storage: "{{ .Values.middleManager.persistence.size }}" + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/overlord/deployment.yaml b/packer/ansible/roles/helm_install/files/druid/templates/overlord/deployment.yaml new file mode 100644 index 0000000..2484beb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/overlord/deployment.yaml @@ -0,0 +1,105 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.overlord.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "druid.overlord.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.overlord.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.overlord.replicaCount }} + selector: + matchLabels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.overlord.name }} + template: + metadata: + labels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.overlord.name }} + {{- with .Values.overlord.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: [ "overlord" ] + env: + {{- range $key, $val := .Values.overlord.config }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + envFrom: + - configMapRef: + name: {{ template "druid.name" . }} + ports: + - name: http + containerPort: {{ .Values.overlord.port }} + protocol: TCP + livenessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.overlord.port }} + readinessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.overlord.port }} + resources: +{{ toYaml .Values.overlord.resources | indent 12 }} + volumeMounts: + {{- if .Values.gCloudStorage.enabled }} + - name: google-cloud-key + mountPath: /var/secrets/google + {{- end }} + volumes: + {{- if .Values.gCloudStorage.enabled }} + - name: google-cloud-key + secret: + secretName: {{ .Values.gCloudStorage.secretName }} + {{- end }} + {{- with .Values.overlord.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.overlord.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.overlord.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.image.pullSecrets }} + imagePullSecrets: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/overlord/ingress.yaml b/packer/ansible/roles/helm_install/files/druid/templates/overlord/ingress.yaml new file mode 100644 index 0000000..f1f3051 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/overlord/ingress.yaml @@ -0,0 +1,58 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.overlord.ingress.enabled -}} +{{- $fullName := include "druid.overlord.fullname" . -}} +{{- $ingressPath := .Values.overlord.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.overlord.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.overlord.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.overlord.ingress.tls }} + tls: + {{- range .Values.overlord.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.overlord.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/overlord/service.yaml b/packer/ansible/roles/helm_install/files/druid/templates/overlord/service.yaml new file mode 100644 index 0000000..6a9b856 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/overlord/service.yaml @@ -0,0 +1,42 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.overlord.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "druid.overlord.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.overlord.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.overlord.serviceType }} + ports: + - port: {{ .Values.overlord.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.overlord.name }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/router/deployment.yaml b/packer/ansible/roles/helm_install/files/druid/templates/router/deployment.yaml new file mode 100644 index 0000000..4a759d6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/router/deployment.yaml @@ -0,0 +1,99 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.router.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "druid.router.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.router.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.router.replicaCount }} + selector: + matchLabels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.router.name }} + template: + metadata: + labels: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.router.name }} + {{- with .Values.router.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: [ "router" ] + env: + {{- range $key, $val := .Values.router.config }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + envFrom: + - configMapRef: + name: {{ template "druid.name" . }} + ports: + - name: http + containerPort: {{ .Values.router.port }} + protocol: TCP + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - name: metric + containerPort: {{ .Values.configVars.druid_emitter_prometheus_port }} + protocol: TCP + {{ end }} + livenessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.router.port }} + readinessProbe: + initialDelaySeconds: 60 + httpGet: + path: /status/health + port: {{ .Values.router.port }} + resources: +{{ toYaml .Values.router.resources | indent 12 }} + {{- with .Values.router.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.router.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.router.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.image.pullSecrets }} + imagePullSecrets: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/router/ingress.yaml b/packer/ansible/roles/helm_install/files/druid/templates/router/ingress.yaml new file mode 100644 index 0000000..aab27fc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/router/ingress.yaml @@ -0,0 +1,58 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.router.ingress.enabled -}} +{{- $fullName := include "druid.router.fullname" . -}} +{{- $ingressPath := .Values.router.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.router.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.router.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.router.ingress.tls }} + tls: + {{- range .Values.router.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.router.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/router/service.yaml b/packer/ansible/roles/helm_install/files/druid/templates/router/service.yaml new file mode 100644 index 0000000..21bea3f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/router/service.yaml @@ -0,0 +1,49 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.router.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "druid.router.fullname" . }} + labels: + app: {{ include "druid.name" . }} + chart: {{ include "druid.chart" . }} + component: {{ .Values.router.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.router.serviceType }} + ports: + - port: {{ .Values.router.port }} + nodePort: {{ .Values.router.nodePort }} + targetPort: http + protocol: TCP + name: http + {{ if .Values.configVars.druid_emitter_prometheus_port }} + - port: {{ .Values.configVars.druid_emitter_prometheus_port }} + targetPort: metric + protocol: TCP + name: metric + {{ end }} + selector: + app: {{ include "druid.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.router.name }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/templates/secrets.yaml b/packer/ansible/roles/helm_install/files/druid/templates/secrets.yaml new file mode 100644 index 0000000..5245180 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/templates/secrets.yaml @@ -0,0 +1,28 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.gCloudStorage.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: google-cloud-key +type: Opaque +data: + key.json: {{ .Values.google.gcsAPIKey }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/druid/values.yaml b/packer/ansible/roles/helm_install/files/druid/values.yaml new file mode 100644 index 0000000..000cfbf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/druid/values.yaml @@ -0,0 +1,419 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for druid. + +image: + repository: apache/druid + tag: 0.23.0 + pullPolicy: IfNotPresent + pullSecrets: [] + +configMap: + ## If false, configMap will not be applied + ## + enabled: true + +## Define the key value pairs in the configmap +configVars: + ## DRUID env vars. ref: https://github.com/apache/druid/blob/master/distribution/docker/druid.sh#L29 + # DRUID_LOG_LEVEL: "warn" + # DRUID_LOG4J: + DRUID_USE_CONTAINER_IP: "true" + + ## Druid Common Configurations. ref: https://druid.apache.org/docs/latest/configuration/index.html#common-configurations + druid_extensions_loadList: '["druid-histogram", "druid-datasketches", "druid-lookups-cached-global", "postgresql-metadata-storage"]' + druid_metadata_storage_type: postgresql + druid_metadata_storage_connector_connectURI: jdbc:postgresql://postgres:5432/druid + druid_metadata_storage_connector_user: druid + druid_metadata_storage_connector_password: druid + druid_storage_type: local + druid_indexer_logs_type: file + druid_indexer_logs_directory: /opt/data/indexing-logs + + ## Druid Emitting Metrics. ref: https://druid.apache.org/docs/latest/configuration/index.html#emitting-metrics + druid_emitter: noop + druid_emitter_logging_logLevel: debug + druid_emitter_http_recipientBaseUrl: http://druid_exporter_url:druid_exporter_port/druid + +gCloudStorage: + enabled: false + secretName: google-cloud-key + +broker: + ## If false, broker will not be installed + ## + enabled: true + name: broker + replicaCount: 1 + port: 8082 + serviceType: ClusterIP + + config: + DRUID_XMX: 512m + DRUID_XMS: 512m + DRUID_MAXDIRECTMEMORYSIZE: 400m + druid_processing_buffer_sizeBytes: '50000000' + druid_processing_numMergeBuffers: 2 + druid_processing_numThreads: 1 + # druid_monitoring_monitors: '["org.apache.druid.client.cache.CacheMonitor", "org.apache.druid.server.metrics.QueryCountStatsMonitor"]' + + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + resources: {} + # limits: + # cpu: 1 + # memory: 1Gi + # requests: + # cpu: 250m + # memory: 512Mi + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + podAnnotations: {} + +coordinator: + ## If false, coordinator will not be installed + ## + enabled: true + name: coordinator + replicaCount: 1 + port: 8081 + serviceType: ClusterIP + + config: + DRUID_XMX: 256m + DRUID_XMS: 256m + # druid_monitoring_monitors: '["org.apache.druid.server.metrics.TaskCountStatsMonitor"]' + + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + resources: {} + # limits: + # cpu: 500m + # memory: 1Gi + # requests: + # cpu: 250m + # memory: 512Mi + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + podAnnotations: {} + +overlord: + ## If true, the separate overlord will be installed + ## + enabled: false + name: overlord + replicaCount: 1 + port: 8081 + serviceType: ClusterIP + + javaOpts: "-Xms1G -Xmx1G" + + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + resources: {} + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + podAnnotations: {} + +historical: + ## If false, historical will not be installed + ## + enabled: true + name: historical + replicaCount: 1 + port: 8083 + serviceType: ClusterIP + + config: + DRUID_XMX: 512m + DRUID_XMS: 512m + DRUID_MAXDIRECTMEMORYSIZE: 400m + druid_processing_buffer_sizeBytes: '50000000' + druid_processing_numMergeBuffers: 2 + druid_processing_numThreads: 1 + # druid_monitoring_monitors: '["org.apache.druid.client.cache.CacheMonitor", "org.apache.druid.server.metrics.HistoricalMetricsMonitor", "org.apache.druid.server.metrics.QueryCountStatsMonitor"]' + # druid_segmentCache_locations: '[{"path":"/var/druid/segment-cache","maxSize":300000000000}]' + + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + persistence: + enabled: true + accessMode: ReadWriteOnce + size: "4Gi" + # storageClass: "ssd" + + antiAffinity: "soft" + + nodeAffinity: {} + + nodeSelector: {} + + securityContext: + fsGroup: 1000 + + tolerations: [] + + resources: {} + # limits: + # cpu: 2 + # memory: 2Gi + # requests: + # cpu: 500m + # memory: 512Mi + + livenessProbeInitialDelaySeconds: 60 + readinessProbeInitialDelaySeconds: 60 + + ## (dict) If specified, apply these annotations to each master Pod + podAnnotations: {} + + podDisruptionBudget: + enabled: false + # minAvailable: 2 + maxUnavailable: 1 + + updateStrategy: + type: RollingUpdate + +middleManager: + ## If false, middleManager will not be installed + ## + enabled: true + name: middle-manager + replicaCount: 1 + port: 8091 + serviceType: ClusterIP + + config: + DRUID_XMX: 64m + DRUID_XMS: 64m + druid_indexer_runner_javaOptsArray: '["-server", "-Xms256m", "-Xmx256m", "-XX:MaxDirectMemorySize=300m", "-Duser.timezone=UTC", "-Dfile.encoding=UTF-8", "-XX:+ExitOnOutOfMemoryError", "-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager"]' + druid_indexer_fork_property_druid_processing_buffer_sizeBytes: '25000000' + + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 60 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 60 + + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + persistence: + enabled: true + accessMode: ReadWriteOnce + size: "4Gi" + # storageClass: "ssd" + + antiAffinity: "soft" + + nodeAffinity: {} + + nodeSelector: {} + + securityContext: + fsGroup: 1000 + + tolerations: [] + + resources: {} + # limits: + # cpu: 500m + # memory: 1Gi + # requests: + # cpu: 250m + # memory: 256Mi + + ## (dict) If specified, apply these annotations to each master Pod + podAnnotations: {} + + podDisruptionBudget: + enabled: false + # minAvailable: 2 + maxUnavailable: 1 + + updateStrategy: + type: RollingUpdate + +router: + ## If false, router will not be installed + ## + enabled: true + name: router + replicaCount: 1 + port: 8888 + serviceType: ClusterIP + + config: + DRUID_XMX: 128m + DRUID_XMS: 128m + DRUID_MAXDIRECTMEMORYSIZE: 128m + + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + podAnnotations: {} + +# ------------------------------------------------------------------------------ +# Zookeeper: +# ------------------------------------------------------------------------------ + +# zkHosts: druid-zookeeper-headless:2181 + +zookeeper: + enabled: true + ## Environmental variables to set in Zookeeper + ## + env: + ## The JVM heap size to allocate to Zookeeper + ZK_HEAP_SIZE: "512M" + ## Configure Zookeeper headless + headless: + publishNotReadyAddresses: true + + +# ------------------------------------------------------------------------------ +# MySQL: +# ------------------------------------------------------------------------------ +mysql: + enabled: false + mysqlRootPassword: druidroot + mysqlUser: druid + mysqlPassword: druid + mysqlDatabase: druid + configurationFiles: + mysql_collate.cnf: |- + [mysqld] + character-set-server=utf8 + collation-server=utf8_unicode_ci + +# ------------------------------------------------------------------------------ +# postgres: +# ------------------------------------------------------------------------------ +postgresql: + enabled: true + postgresqlUsername: druid + postgresqlPassword: druid + postgresqlDatabase: druid + service: + port: 5432 + +# Secrets diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/.helmignore b/packer/ansible/roles/helm_install/files/elasticsearch/.helmignore new file mode 100644 index 0000000..e12c0b4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/.helmignore @@ -0,0 +1,2 @@ +tests/ +.pytest_cache/ diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/Chart.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/Chart.yaml new file mode 100644 index 0000000..0d10900 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +description: Official Elastic helm chart for Elasticsearch +home: https://github.com/elastic/helm-charts +maintainers: + - email: helm-charts@elastic.co + name: Elastic +name: elasticsearch +version: 8.4.1 +appVersion: 8.4.1 +sources: + - https://github.com/elastic/elasticsearch +icon: https://helm.elastic.co/icons/elasticsearch.png diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/Makefile new file mode 100644 index 0000000..22218a1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/Makefile @@ -0,0 +1 @@ +include ../helpers/common.mk diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/README.md new file mode 100644 index 0000000..6136087 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/README.md @@ -0,0 +1,465 @@ +# Elasticsearch Helm Chart + +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+main.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+main/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) + +This Helm chart is a lightweight way to configure and run our official +[Elasticsearch Docker image][]. + + +**Warning**: This branch is used for development, please use the latest [7.x][] release for released version. + + + + + +- [Requirements](#requirements) +- [Installing](#installing) + - [Install a released version using the Helm repository](#install-a-released-version-using-the-helm-repository) + - [Install a development version using the main branch](#install-a-development-version-using-the-main-branch) +- [Upgrading](#upgrading) +- [Usage notes](#usage-notes) +- [Configuration](#configuration) +- [FAQ](#faq) + - [How to deploy this chart on a specific K8S distribution?](#how-to-deploy-this-chart-on-a-specific-k8s-distribution) + - [How to deploy dedicated nodes types?](#how-to-deploy-dedicated-nodes-types) + - [Coordinating nodes](#coordinating-nodes) + - [Clustering and Node Discovery](#clustering-and-node-discovery) + - [How to deploy clusters with security (authentication and TLS) enabled?](#how-to-deploy-clusters-with-security-authentication-and-tls-enabled) + - [How to migrate from helm/charts stable chart?](#how-to-migrate-from-helmcharts-stable-chart) + - [How to install plugins?](#how-to-install-plugins) + - [How to use the keystore?](#how-to-use-the-keystore) + - [Basic example](#basic-example) + - [Multiple keys](#multiple-keys) + - [Custom paths and keys](#custom-paths-and-keys) + - [How to enable snapshotting?](#how-to-enable-snapshotting) + - [How to configure templates post-deployment?](#how-to-configure-templates-post-deployment) +- [Contributing](#contributing) + + + + + + +## Requirements + +* Minimum cluster requirements include the following to run this chart with +default settings. All of these settings are configurable. + * Three Kubernetes nodes to respect the default "hard" affinity settings + * 1GB of RAM for the JVM heap + +See [supported configurations][] for more details. + + +## Installing + +### Install a released version using the Helm repository + +* Add the Elastic Helm charts repo: +`helm repo add elastic https://helm.elastic.co` + +* Install it: `helm install elasticsearch elastic/elasticsearch` + +### Install a development version using the main branch + +* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git` + +* Install it: `helm install elasticsearch ./helm-charts/elasticsearch --set imageTag=8.4.1` + +## Upgrading + +Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before +upgrading to a new chart version. + + +## Usage notes + +* This repo includes several [examples][] of configurations that can be used +as a reference. They are also used in the automated testing of this chart. +* Automated testing of this chart is currently only run against GKE (Google +Kubernetes Engine). +* The chart deploys a StatefulSet and by default will do an automated rolling +update of your cluster. It does this by waiting for the cluster health to become +green after each instance is updated. If you prefer to update manually you can +set `OnDelete` [updateStrategy][]. +* It is important to verify that the JVM heap size in `esJavaOpts` and to set +the CPU/Memory `resources` to something suitable for your cluster. +* To simplify chart and maintenance each set of node groups is deployed as a +separate Helm release. Take a look at the [multi][] example to get an idea for +how this works. Without doing this it isn't possible to resize persistent +volumes in a StatefulSet. By setting it up this way it makes it possible to add +more nodes with a new storage size then drain the old ones. It also solves the +problem of allowing the user to determine which node groups to update first when +doing upgrades or changes. +* We have designed this chart to be very un-opinionated about how to configure +Elasticsearch. It exposes ways to set environment variables and mount secrets +inside of the container. Doing this makes it much easier for this chart to +support multiple versions with minimal changes. + + +## Configuration + +| Parameter | Description | Default | +|------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------| +| `antiAffinityTopologyKey` | The [anti-affinity][] topology key. By default this will prevent multiple Elasticsearch nodes from running on the same Kubernetes node | `kubernetes.io/hostname` | +| `antiAffinity` | Setting this to hard enforces the [anti-affinity][] rules. If it is set to soft it will be done "best effort". Other values will be ignored | `hard` | +| `clusterHealthCheckParams` | The [Elasticsearch cluster health status params][] that will be used by readiness [probe][] command | `wait_for_status=green&timeout=1s` | +| `clusterName` | This will be used as the Elasticsearch [cluster.name][] and should be unique per cluster in the namespace | `elasticsearch` | +| `createCert` | This will automatically create the SSL certificates | `true` | +| `enableServiceLinks` | Set to false to disabling service links, which can cause slow pod startup times when there are many services in the current namespace. | `true` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | +| `esConfig` | Allows you to add any config files in `/usr/share/elasticsearch/config/` such as `elasticsearch.yml` and `log4j2.properties`. See [values.yaml][] for an example of the formatting | `{}` | +| `esJavaOpts` | [Java options][] for Elasticsearch. This is where you could configure the [jvm heap size][] | `""` | +| `esJvmOptions` | [Java options][] for Elasticsearch. Override the default JVM options by adding custom options files . See [values.yaml][] for an example of the formatting | `{}` | +| `esMajorVersion` | Deprecated. Instead, use the version of the chart corresponding to your ES minor version. Used to set major version specific configuration. If you are using a custom image and not running the default Elasticsearch version you will need to set this to the version you are running (e.g. `esMajorVersion: 6`) | `""` | +| `extraContainers` | Templatable string of additional `containers` to be passed to the `tpl` function | `""` | +| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` | +| `extraInitContainers` | Templatable string of additional `initContainers` to be passed to the `tpl` function | `""` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function | `""` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the `clusterName` and `nodeGroup` when used in the naming of resources. This should only be used when using a single `nodeGroup`, otherwise you will have name conflicts | `""` | +| `healthNameOverride` | Overrides `test-elasticsearch-health` pod name | `""` | +| `hostAliases` | Configurable [hostAliases][] | `[]` | +| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. If you change this you will also need to set [http.port][] in `extraEnvs` | `9200` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The Elasticsearch Docker image tag | `8.4.1` | +| `image` | The Elasticsearch Docker image | `docker.elastic.co/elasticsearch/elasticsearch` | +| `ingress` | Configurable [ingress][] to expose the Elasticsearch service. See [values.yaml][] for an example | see [values.yaml][] | +| `initResources` | Allows you to set the [resources][] for the `initContainer` in the StatefulSet | `{}` | +| `keystore` | Allows you map Kubernetes secrets into the keystore. See the [config example][] and [how to use the keystore][] | `[]` | +| `labels` | Configurable [labels][] applied to all Elasticsearch pods | `{}` | +| `lifecycle` | Allows you to add [lifecycle hooks][]. See [values.yaml][] for an example of the formatting | `{}` | +| `masterService` | The service name used to connect to the masters. You only need to set this if your master `nodeGroup` is set to something other than `master`. See [Clustering and Node Discovery][] for more information | `""` | +| `maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | +| `minimumMasterNodes` | The value for [discovery.zen.minimum_master_nodes][]. Should be set to `(master_eligible_nodes / 2) + 1`. Ignored in Elasticsearch versions >= 7 | `2` | +| `nameOverride` | Overrides the `clusterName` when used in the naming of resources | `""` | +| `networkHost` | Value for the [network.host Elasticsearch setting][] | `0.0.0.0` | +| `networkPolicy` | The [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to set. See [`values.yaml`](./values.yaml) for an example | `{http.enabled: false,transport.enabled: false}` | +| `nodeAffinity` | Value for the [node affinity settings][] | `{}` | +| `nodeGroup` | This is the name that will be used for each group of nodes in the cluster. The name will be `clusterName-nodeGroup-X` , `nameOverride-nodeGroup-X` if a `nameOverride` is specified, and `fullnameOverride-X` if a `fullnameOverride` is specified | `master` | +| `nodeSelector` | Configurable [nodeSelector][] so that you can target specific nodes for your Elasticsearch cluster | `{}` | +| `persistence` | Enables a persistent volume for Elasticsearch data. Can be disabled for nodes that only have [roles][] which don't require persistent data | see [values.yaml][] | +| `podAnnotations` | Configurable [annotations][] applied to all Elasticsearch pods | `{}` | +| `podManagementPolicy` | By default Kubernetes [deploys StatefulSets serially][]. This deploys them in parallel so that they can discover each other | `Parallel` | +| `podSecurityContext` | Allows you to set the [securityContext][] for the pod | see [values.yaml][] | +| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true`. Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | see [values.yaml][] | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `protocol` | The protocol that will be used for the readiness [probe][]. Change this to `https` if you have `xpack.security.http.ssl.enabled` set | `http` | +| `rbac` | Configuration for creating a role, role binding and ServiceAccount as part of this Helm chart with `create: true`. Also can be used to reference an external ServiceAccount with `serviceAccountName: "externalServiceAccountName"`, or automount the service account token | see [values.yaml][] | +| `readinessProbe` | Configuration fields for the readiness [probe][] | see [values.yaml][] | +| `replicas` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | `3` | +| `resources` | Allows you to set the [resources][] for the StatefulSet | see [values.yaml][] | +| `roles` | A list with the specific [roles][] for the `nodeGroup` | see [values.yaml][] | +| `schedulerName` | Name of the [alternate scheduler][] | `""` | +| `secret.enabled` | Enable Secret creation for Elasticsearch credentials | `true` | +| `secret.password` | Initial password for the elastic user | `""` (generated randomly) | +| `secretMounts` | Allows you easily mount a secret as a file inside the StatefulSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `securityContext` | Allows you to set the [securityContext][] for the container | see [values.yaml][] | +| `service.annotations` | [LoadBalancer annotations][] that Kubernetes will use for the service. This will configure load balancer if `service.type` is `LoadBalancer` | `{}` | +| `service.enabled` | Enable non-headless service | `true` | +| `service.externalTrafficPolicy` | Some cloud providers allow you to specify the [LoadBalancer externalTrafficPolicy][]. Kubernetes will use this to preserve the client source IP. This will configure load balancer if `service.type` is `LoadBalancer` | `""` | +| `service.httpPortName` | The name of the http port within the service | `http` | +| `service.labelsHeadless` | Labels to be added to headless service | `{}` | +| `service.labels` | Labels to be added to non-headless service | `{}` | +| `service.loadBalancerIP` | Some cloud providers allow you to specify the [loadBalancer][] IP. If the `loadBalancerIP` field is not specified, the IP is dynamically assigned. If you specify a `loadBalancerIP` but your cloud provider does not support the feature, it is ignored. | `""` | +| `service.loadBalancerSourceRanges` | The IP ranges that are allowed to access | `[]` | +| `service.nodePort` | Custom [nodePort][] port that can be set if you are using `service.type: nodePort` | `""` | +| `service.transportPortName` | The name of the transport port within the service | `transport` | +| `service.publishNotReadyAddresses` | Consider that all endpoints are considered "ready" even if the Pods themselves are not | `false` | +| `service.type` | Elasticsearch [Service Types][] | `ClusterIP` | +| `sysctlInitContainer` | Allows you to disable the `sysctlInitContainer` if you are setting [sysctl vm.max_map_count][] with another method | `enabled: true` | +| `sysctlVmMaxMapCount` | Sets the [sysctl vm.max_map_count][] needed for Elasticsearch | `262144` | +| `terminationGracePeriod` | The [terminationGracePeriod][] in seconds used when trying to stop the pod | `120` | +| `tests.enabled` | Enable creating test related resources when running `helm template` or `helm test` | `true` | +| `tolerations` | Configurable [tolerations][] | `[]` | +| `transportPort` | The transport port that Kubernetes will use for the service. If you change this you will also need to set [transport port configuration][] in `extraEnvs` | `9300` | +| `updateStrategy` | The [updateStrategy][] for the StatefulSet. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` | +| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for StatefulSets][]. You will want to adjust the storage (default `30Gi` ) and the `storageClassName` if you are using a different storage class | see [values.yaml][] | + + +## FAQ + +### How to deploy this chart on a specific K8S distribution? + +This chart is designed to run on production scale Kubernetes clusters with +multiple nodes, lots of memory and persistent storage. For that reason it can be +a bit tricky to run them against local Kubernetes environments such as +[Minikube][]. + +This chart is highly tested with [GKE][], but some K8S distribution also +requires specific configurations. + +We provide examples of configuration for the following K8S providers: + +- [Docker for Mac][] +- [KIND][] +- [Minikube][] +- [MicroK8S][] +- [OpenShift][] + +### How to deploy dedicated nodes types? + +All the Elasticsearch pods deployed share the same configuration. If you need to +deploy dedicated [nodes types][] (for example dedicated master and data nodes), +you can deploy multiple releases of this chart with different configurations +while they share the same `clusterName` value. + +For each Helm release, the nodes types can then be defined using `roles` value. + +An example of Elasticsearch cluster using 2 different Helm releases for master, +data and coordinating nodes can be found in [examples/multi][]. + +#### Coordinating nodes + +Every node is implicitly a coordinating node. This means that a node that has an +explicit empty list of roles will only act as a coordinating node. + +When deploying coordinating-only node with Elasticsearch chart, it is required +to define the empty list of roles in both `roles` value and `node.roles` +settings: + +```yaml +roles: [] + +esConfig: + elasticsearch.yml: | + node.roles: [] +``` + +More details in [#1186 (comment)][] + +#### Clustering and Node Discovery + +This chart facilitates Elasticsearch node discovery and services by creating two +`Service` definitions in Kubernetes, one with the name `$clusterName-$nodeGroup` +and another named `$clusterName-$nodeGroup-headless`. +Only `Ready` pods are a part of the `$clusterName-$nodeGroup` service, while all +pods ( `Ready` or not) are a part of `$clusterName-$nodeGroup-headless`. + +If your group of master nodes has the default `nodeGroup: master` then you can +just add new groups of nodes with a different `nodeGroup` and they will +automatically discover the correct master. If your master nodes have a different +`nodeGroup` name then you will need to set `masterService` to +`$clusterName-$masterNodeGroup`. + +The chart value for `masterService` is used to populate +`discovery.zen.ping.unicast.hosts` , which Elasticsearch nodes will use to +contact master nodes and form a cluster. +Therefore, to add a group of nodes to an existing cluster, setting +`masterService` to the desired `Service` name of the related cluster is +sufficient. + +### How to deploy clusters with security (authentication and TLS) enabled? + +This Helm chart can generate a [Kubernetes Secret][] or use an existing one to +setup Elastic credentials. + +This Helm chart can use existing [Kubernetes Secret][] to setup Elastic +certificates for example. These secrets should be created outside of this chart +and accessed using [environment variables][] and volumes. + +This chart is setting TLS and creating a certificate by default, but you can also provide your own certs as a K8S secret. An example of configuration for providing existing certificates can be found in [examples/security][]. + +### How to migrate from helm/charts stable chart? + +If you currently have a cluster deployed with the [helm/charts stable][] chart +you can follow the [migration guide][]. + +### How to install plugins? + +The recommended way to install plugins into our Docker images is to create a +[custom Docker image][]. + +The Dockerfile would look something like: + +``` +ARG elasticsearch_version +FROM docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_version} + +RUN bin/elasticsearch-plugin install --batch repository-gcs +``` + +And then updating the `image` in values to point to your custom image. + +There are a couple reasons we recommend this. + +1. Tying the availability of Elasticsearch to the download service to install +plugins is not a great idea or something that we recommend. Especially in +Kubernetes where it is normal and expected for a container to be moved to +another host at random times. +2. Mutating the state of a running Docker image (by installing plugins) goes +against best practices of containers and immutable infrastructure. + +### How to use the keystore? + +#### Basic example + +Create the secret, the key name needs to be the keystore key path. In this +example we will create a secret from a file and from a literal string. + +``` +kubectl create secret generic encryption-key --from-file=xpack.watcher.encryption_key=./watcher_encryption_key +kubectl create secret generic slack-hook --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' +``` + +To add these secrets to the keystore: + +``` +keystore: + - secretName: encryption-key + - secretName: slack-hook +``` + +#### Multiple keys + +All keys in the secret will be added to the keystore. To create the previous +example in one secret you could also do: + +``` +kubectl create secret generic keystore-secrets --from-file=xpack.watcher.encryption_key=./watcher_encryption_key --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' +``` + +``` +keystore: + - secretName: keystore-secrets +``` + +#### Custom paths and keys + +If you are using these secrets for other applications (besides the Elasticsearch +keystore) then it is also possible to specify the keystore path and which keys +you want to add. Everything specified under each `keystore` item will be passed +through to the `volumeMounts` section for mounting the [secret][]. In this +example we will only add the `slack_hook` key from a secret that also has other +keys. Our secret looks like this: + +``` +kubectl create secret generic slack-secrets --from-literal=slack_channel='#general' --from-literal=slack_hook='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' +``` + +We only want to add the `slack_hook` key to the keystore at path +`xpack.notification.slack.account.monitoring.secure_url`: + +``` +keystore: + - secretName: slack-secrets + items: + - key: slack_hook + path: xpack.notification.slack.account.monitoring.secure_url +``` + +You can also take a look at the [config example][] which is used as part of the +automated testing pipeline. + +### How to enable snapshotting? + +1. Install your [snapshot plugin][] into a custom Docker image following the +[how to install plugins guide][]. +2. Add any required secrets or credentials into an Elasticsearch keystore +following the [how to use the keystore][] guide. +3. Configure the [snapshot repository][] as you normally would. +4. To automate snapshots you can use [Snapshot Lifecycle Management][] or a tool +like [curator][]. + +### How to configure templates post-deployment? + +You can use `postStart` [lifecycle hooks][] to run code triggered after a +container is created. + +Here is an example of `postStart` hook to configure templates: + +```yaml +lifecycle: + postStart: + exec: + command: + - bash + - -c + - | + #!/bin/bash + # Add a template to adjust number of shards/replicas + TEMPLATE_NAME=my_template + INDEX_PATTERN="logstash-*" + SHARD_COUNT=8 + REPLICA_COUNT=1 + ES_URL=http://localhost:9200 + while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done + curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}' +``` + + +## Contributing + +Please check [CONTRIBUTING.md][] before any contribution or for any questions +about our development and testing process. + +[7.x]: https://github.com/elastic/helm-charts/releases +[#1186 (comment)]: https://github.com/elastic/helm-charts/pull/1186#discussion_r631166442 +[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/main/BREAKING_CHANGES.md +[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/main/CHANGELOG.md +[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/main/CONTRIBUTING.md +[alternate scheduler]: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods +[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[anti-affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[cluster.name]: https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster.name.html +[clustering and node discovery]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/README.md#clustering-and-node-discovery +[config example]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/config/values.yaml +[curator]: https://www.elastic.co/guide/en/elasticsearch/client/curator/current/snapshot.html +[custom docker image]: https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image +[deploys statefulsets serially]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +[discovery.zen.minimum_master_nodes]: https://www.elastic.co/guide/en/elasticsearch/reference/current/discovery-settings.html#minimum_master_nodes +[docker for mac]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/docker-for-mac +[elasticsearch cluster health status params]: https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params +[elasticsearch docker image]: https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html +[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config +[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +[examples]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/ +[examples/multi]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi +[examples/security]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/security +[gke]: https://cloud.google.com/kubernetes-engine +[helm]: https://helm.sh +[helm/charts stable]: https://github.com/helm/charts/tree/master/stable/elasticsearch/ +[how to install plugins guide]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/README.md#how-to-install-plugins +[how to use the keystore]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/README.md#how-to-use-the-keystore +[http.port]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#_settings +[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images +[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +[ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ +[java options]: https://www.elastic.co/guide/en/elasticsearch/reference/current/jvm-options.html +[jvm heap size]: https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html +[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +[kind]: https://github.com/elastic/helm-charts/tree/main//elasticsearch/examples/kubernetes-kind +[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[lifecycle hooks]: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ +[loadBalancer annotations]: https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws +[loadBalancer externalTrafficPolicy]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip +[loadBalancer]: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer +[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget +[migration guide]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/migration/README.md +[minikube]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/minikube +[microk8s]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/microk8s +[multi]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/ +[network.host elasticsearch setting]: https://www.elastic.co/guide/en/elasticsearch/reference/current/network.host.html +[node affinity settings]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature +[nodePort]: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport +[nodes types]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[openshift]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/openshift +[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +[roles]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html +[secret]: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets +[securityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +[service types]: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types +[snapshot lifecycle management]: https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-lifecycle-management.html +[snapshot plugin]: https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository.html +[snapshot repository]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html +[supported configurations]: https://github.com/elastic/helm-charts/blob/main/README.md#supported-configurations +[sysctl vm.max_map_count]: https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html#vm-max-map-count +[terminationGracePeriod]: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[transport port configuration]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html#_transport_settings +[updateStrategy]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ +[values.yaml]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/values.yaml +[volumeClaimTemplate for statefulsets]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/Makefile new file mode 100644 index 0000000..9ae9c37 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/Makefile @@ -0,0 +1,21 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-es-config +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +secrets: + kubectl delete secret elastic-config-credentials elastic-config-secret elastic-config-slack elastic-config-custom-path || true + kubectl create secret generic elastic-config-credentials --from-literal=password=changeme --from-literal=username=elastic + kubectl create secret generic elastic-config-slack --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' + kubectl create secret generic elastic-config-secret --from-file=xpack.watcher.encryption_key=./watcher_encryption_key + kubectl create secret generic elastic-config-custom-path --from-literal=slack_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' --from-literal=thing_i_don_tcare_about=test + +test: secrets install goss + +purge: + helm del $(RELEASE) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/README.md new file mode 100644 index 0000000..e2ce8b1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/README.md @@ -0,0 +1,27 @@ +# Config + +This example deploy a single node Elasticsearch 8.4.1 with authentication and +custom [values][]. + + +## Usage + +* Create the required secrets: `make secrets` + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/config-master 9200 + curl -u elastic:changeme http://localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/config/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/config/values.yaml diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/test/goss.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/test/goss.yaml new file mode 100644 index 0000000..b71ee37 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/test/goss.yaml @@ -0,0 +1,31 @@ +http: + https://localhost:9200/_cluster/health: + status: 200 + timeout: 2000 + allow-insecure: true + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - "green" + - '"number_of_nodes":1' + - '"number_of_data_nodes":1' + + https://localhost:9200: + status: 200 + timeout: 2000 + username: elastic + allow-insecure: true + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - '"cluster_name" : "config"' + - "You Know, for Search" + +command: + "elasticsearch-keystore list": + exit-status: 0 + stdout: + - keystore.seed + - bootstrap.password + - xpack.notification.slack.account.monitoring.secure_url + - xpack.notification.slack.account.otheraccount.secure_url + - xpack.watcher.encryption_key diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/values.yaml new file mode 100644 index 0000000..d90e0c8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/values.yaml @@ -0,0 +1,29 @@ +--- +clusterName: "config" +replicas: 1 + +extraEnvs: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: elastic-config-credentials + key: password + +# This is just a dummy file to make sure that +# the keystore can be mounted at the same time +# as a custom elasticsearch.yml +esConfig: + elasticsearch.yml: | + xpack.security.enabled: true + path.data: /usr/share/elasticsearch/data + +keystore: + - secretName: elastic-config-secret + - secretName: elastic-config-slack + - secretName: elastic-config-custom-path + items: + - key: slack_url + path: xpack.notification.slack.account.otheraccount.secure_url + +secret: + enabled: false diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/watcher_encryption_key b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/watcher_encryption_key new file mode 100644 index 0000000..b5f9078 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/config/watcher_encryption_key @@ -0,0 +1 @@ +supersecret diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/Makefile new file mode 100644 index 0000000..389bf99 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/Makefile @@ -0,0 +1,14 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-es-default +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/README.md new file mode 100644 index 0000000..23824c1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/README.md @@ -0,0 +1,25 @@ +# Default + +This example deploy a 3 nodes Elasticsearch 8.4.1 cluster using +[default values][]. + + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/default/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/values.yaml diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/rolling_upgrade.sh b/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/rolling_upgrade.sh new file mode 100755 index 0000000..c5a2a88 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/rolling_upgrade.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash -x + +kubectl proxy || true & + +make & +PROC_ID=$! + +while kill -0 "$PROC_ID" >/dev/null 2>&1; do + echo "PROCESS IS RUNNING" + if curl --fail 'http://localhost:8001/api/v1/proxy/namespaces/default/services/elasticsearch-master:9200/_search' ; then + echo "cluster is healthy" + else + echo "cluster not healthy!" + exit 1 + fi + sleep 1 +done +echo "PROCESS TERMINATED" +exit 0 diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/test/goss.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/test/goss.yaml new file mode 100644 index 0000000..c6ff486 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/default/test/goss.yaml @@ -0,0 +1,44 @@ +kernel-param: + vm.max_map_count: + value: "262144" + +http: + https://elasticsearch-master:9200/_cluster/health: + status: 200 + timeout: 2000 + username: elastic + allow-insecure: true + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - "green" + - '"number_of_nodes":3' + - '"number_of_data_nodes":3' + + https://localhost:9200: + status: 200 + timeout: 2000 + allow-insecure: true + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - '"number" : "8.4.1"' + - '"cluster_name" : "elasticsearch"' + - "You Know, for Search" + +file: + /usr/share/elasticsearch/data: + exists: true + mode: "2775" + owner: root + group: elasticsearch + filetype: directory + +mount: + /usr/share/elasticsearch/data: + exists: true + +user: + elasticsearch: + exists: true + uid: 1000 + gid: 1000 diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/Makefile new file mode 100644 index 0000000..18fd053 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/Makefile @@ -0,0 +1,13 @@ +default: test + +RELEASE := helm-es-docker-for-mac +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install + helm test $(RELEASE) + +purge: + helm del $(RELEASE) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/README.md new file mode 100644 index 0000000..ddf07ad --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/README.md @@ -0,0 +1,23 @@ +# Docker for Mac + +This example deploy a 3 nodes Elasticsearch 8.4.1 cluster on [Docker for Mac][] +using [custom values][]. + +Note that this configuration should be used for test only and isn't recommended +for production. + + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +[custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/docker-for-mac/values.yaml +[docker for mac]: https://docs.docker.com/docker-for-mac/kubernetes/ diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/values.yaml new file mode 100644 index 0000000..f7deba6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/docker-for-mac/values.yaml @@ -0,0 +1,23 @@ +--- +# Permit co-located instances for solitary minikube virtual machines. +antiAffinity: "soft" + +# Shrink default JVM heap. +esJavaOpts: "-Xmx128m -Xms128m" + +# Allocate smaller chunks of memory per pod. +resources: + requests: + cpu: "100m" + memory: "512M" + limits: + cpu: "1000m" + memory: "512M" + +# Request smaller persistent volumes. +volumeClaimTemplate: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "hostpath" + resources: + requests: + storage: 100M diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/Makefile new file mode 100644 index 0000000..9e5602d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/Makefile @@ -0,0 +1,17 @@ +default: test + +RELEASE := helm-es-kind +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +install-local-path: + kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values-local-path.yaml $(RELEASE) ../../ + +test: install + helm test $(RELEASE) + +purge: + helm del $(RELEASE) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/README.md new file mode 100644 index 0000000..4a9bdc6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/README.md @@ -0,0 +1,36 @@ +# KIND + +This example deploy a 3 nodes Elasticsearch 8.4.1 cluster on [Kind][] +using [custom values][]. + +Note that this configuration should be used for test only and isn't recommended +for production. + +Note that Kind < 0.7.0 are affected by a [kind issue][] with mount points +created from PVCs not writable by non-root users. [kubernetes-sigs/kind#1157][] +fix it in Kind 0.7.0. + +The workaround for Kind < 0.7.0 is to install manually +[Rancher Local Path Provisioner][] and use `local-path` storage class for +Elasticsearch volumes (see [Makefile][] instructions). + + +## Usage + +* For Kind >= 0.7.0: Deploy Elasticsearch chart with the default values: `make install` +* For Kind < 0.7.0: Deploy Elasticsearch chart with `local-path` storage class: `make install-local-path` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +[custom values]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/kubernetes-kind/values.yaml +[kind]: https://kind.sigs.k8s.io/ +[kind issue]: https://github.com/kubernetes-sigs/kind/issues/830 +[kubernetes-sigs/kind#1157]: https://github.com/kubernetes-sigs/kind/pull/1157 +[rancher local path provisioner]: https://github.com/rancher/local-path-provisioner +[Makefile]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/kubernetes-kind/Makefile diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/values-local-path.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/values-local-path.yaml new file mode 100644 index 0000000..500ad4b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/values-local-path.yaml @@ -0,0 +1,23 @@ +--- +# Permit co-located instances for solitary minikube virtual machines. +antiAffinity: "soft" + +# Shrink default JVM heap. +esJavaOpts: "-Xmx128m -Xms128m" + +# Allocate smaller chunks of memory per pod. +resources: + requests: + cpu: "100m" + memory: "512M" + limits: + cpu: "1000m" + memory: "512M" + +# Request smaller persistent volumes. +volumeClaimTemplate: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "local-path" + resources: + requests: + storage: 100M diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/values.yaml new file mode 100644 index 0000000..500ad4b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/kubernetes-kind/values.yaml @@ -0,0 +1,23 @@ +--- +# Permit co-located instances for solitary minikube virtual machines. +antiAffinity: "soft" + +# Shrink default JVM heap. +esJavaOpts: "-Xmx128m -Xms128m" + +# Allocate smaller chunks of memory per pod. +resources: + requests: + cpu: "100m" + memory: "512M" + limits: + cpu: "1000m" + memory: "512M" + +# Request smaller persistent volumes. +volumeClaimTemplate: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "local-path" + resources: + requests: + storage: 100M diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/Makefile new file mode 100644 index 0000000..2d0012d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/Makefile @@ -0,0 +1,13 @@ +default: test + +RELEASE := helm-es-microk8s +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install + helm test $(RELEASE) + +purge: + helm del $(RELEASE) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/README.md new file mode 100644 index 0000000..a717ba9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/README.md @@ -0,0 +1,32 @@ +# MicroK8S + +This example deploy a 3 nodes Elasticsearch 8.4.1 cluster on [MicroK8S][] +using [custom values][]. + +Note that this configuration should be used for test only and isn't recommended +for production. + + +## Requirements + +The following MicroK8S [addons][] need to be enabled: +- `dns` +- `helm` +- `storage` + + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +[addons]: https://microk8s.io/docs/addons +[custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/microk8s/values.yaml +[MicroK8S]: https://microk8s.io diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/values.yaml new file mode 100644 index 0000000..2627ecb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/microk8s/values.yaml @@ -0,0 +1,32 @@ +--- +# Disable privileged init Container creation. +sysctlInitContainer: + enabled: false + +# Restrict the use of the memory-mapping when sysctlInitContainer is disabled. +esConfig: + elasticsearch.yml: | + node.store.allow_mmap: false + +# Permit co-located instances for solitary minikube virtual machines. +antiAffinity: "soft" + +# Shrink default JVM heap. +esJavaOpts: "-Xmx128m -Xms128m" + +# Allocate smaller chunks of memory per pod. +resources: + requests: + cpu: "100m" + memory: "512M" + limits: + cpu: "1000m" + memory: "512M" + +# Request smaller persistent volumes. +volumeClaimTemplate: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "microk8s-hostpath" + resources: + requests: + storage: 100M diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/Makefile new file mode 100644 index 0000000..020906f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/Makefile @@ -0,0 +1,10 @@ +PREFIX := helm-es-migration + +data: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values data.yaml $(PREFIX)-data ../../ + +master: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values master.yaml $(PREFIX)-master ../../ + +client: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values client.yaml $(PREFIX)-client ../../ diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/README.md new file mode 100644 index 0000000..8124dca --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/README.md @@ -0,0 +1,167 @@ +# Migration Guide from helm/charts + +There are two viable options for migrating from the community Elasticsearch Helm +chart from the [helm/charts][] repo. + +1. Restoring from Snapshot to a fresh cluster +2. Live migration by joining a new cluster to the existing cluster. + +## Restoring from Snapshot + +This is the recommended and preferred option. The downside is that it will +involve a period of write downtime during the migration. If you have a way to +temporarily stop writes to your cluster then this is the way to go. This is also +a lot simpler as it just involves launching a fresh cluster and restoring a +snapshot following the [restoring to a different cluster guide][]. + +## Live migration + +If restoring from a snapshot is not possible due to the write downtime then a +live migration is also possible. It is very important to first test this in a +testing environment to make sure you are comfortable with the process and fully +understand what is happening. + +This process will involve joining a new set of master, data and client nodes to +an existing cluster that has been deployed using the [helm/charts][] community +chart. Nodes will then be replaced one by one in a controlled fashion to +decommission the old cluster. + +This example will be using the default values for the existing helm/charts +release and for the Elastic helm-charts release. If you have changed any of the +default values then you will need to first make sure that your values are +configured in a compatible way before starting the migration. + +The process will involve a re-sync and a rolling restart of all of your data +nodes. Therefore it is important to disable shard allocation and perform a synced +flush like you normally would during any other rolling upgrade. See the +[rolling upgrades guide][] for more information. + +* The default image for this chart is +`docker.elastic.co/elasticsearch/elasticsearch` which contains the default +distribution of Elasticsearch with a [basic license][]. Make sure to update the +`image` and `imageTag` values to the correct Docker image and Elasticsearch +version that you currently have deployed. + +* Convert your current helm/charts configuration into something that is +compatible with this chart. + +* Take a fresh snapshot of your cluster. If something goes wrong you want to be +able to restore your data no matter what. + +* Check that your clusters health is green. If not abort and make sure your +cluster is healthy before continuing: + + ``` + curl localhost:9200/_cluster/health + ``` + +* Deploy new data nodes which will join the existing cluster. Take a look at the +configuration in [data.yaml][]: + + ``` + make data + ``` + +* Check that the new nodes have joined the cluster (run this and any other curl +commands from within one of your pods): + + ``` + curl localhost:9200/_cat/nodes + ``` + +* Check that your cluster is still green. If so we can now start to scale down +the existing data nodes. Assuming you have the default amount of data nodes (2) +we now want to scale it down to 1: + + ``` + kubectl scale statefulsets my-release-elasticsearch-data --replicas=1 + ``` + +* Wait for your cluster to become green again: + + ``` + watch 'curl -s localhost:9200/_cluster/health' + ``` + +* Once the cluster is green we can scale down again: + + ``` + kubectl scale statefulsets my-release-elasticsearch-data --replicas=0 + ``` + +* Wait for the cluster to be green again. +* OK. We now have all data nodes running in the new cluster. Time to replace the +masters by firstly scaling down the masters from 3 to 2. Between each step make +sure to wait for the cluster to become green again, and check with +`curl localhost:9200/_cat/nodes` that you see the correct amount of master +nodes. During this process we will always make sure to keep at least 2 master +nodes as to not lose quorum: + + ``` + kubectl scale statefulsets my-release-elasticsearch-master --replicas=2 + ``` + +* Now deploy a single new master so that we have 3 masters again. See +[master.yaml][] for the configuration: + + ``` + make master + ``` + +* Scale down old masters to 1: + + ``` + kubectl scale statefulsets my-release-elasticsearch-master --replicas=1 + ``` + +* Edit the masters in [masters.yaml][] to 2 and redeploy: + + ``` + make master + ``` + +* Scale down the old masters to 0: + + ``` + kubectl scale statefulsets my-release-elasticsearch-master --replicas=0 + ``` + +* Edit the [masters.yaml][] to have 3 replicas and remove the +`discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then redeploy the +masters. This will make sure all 3 masters are running in the new cluster and +are pointing at each other for discovery: + + ``` + make master + ``` + +* Remove the `discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then +redeploy the data nodes to make sure they are pointing at the new masters: + + ``` + make data + ``` + +* Deploy the client nodes: + + ``` + make client + ``` + +* Update any processes that are talking to the existing client nodes and point +them to the new client nodes. Once this is done you can scale down the old +client nodes: + + ``` + kubectl scale deployment my-release-elasticsearch-client --replicas=0 + ``` + +* The migration should now be complete. After verifying that everything is +working correctly you can cleanup leftover resources from your old cluster. + +[basic license]: https://www.elastic.co/subscriptions +[data.yaml]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/migration/data.yaml +[helm/charts]: https://github.com/helm/charts/tree/master/stable/elasticsearch +[master.yaml]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/migration/master.yaml +[restoring to a different cluster guide]: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/modules-snapshots.html#_restoring_to_a_different_cluster +[rolling upgrades guide]: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/rolling-upgrades.html diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/client.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/client.yaml new file mode 100644 index 0000000..8ac0641 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/client.yaml @@ -0,0 +1,19 @@ +--- +replicas: 2 + +clusterName: "elasticsearch" +nodeGroup: "client" + +esMajorVersion: 6 + +roles: [] + +volumeClaimTemplate: + accessModes: ["ReadWriteOnce"] + storageClassName: "standard" + resources: + requests: + storage: 1Gi # Currently needed till pvcs are made optional + +persistence: + enabled: false diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/data.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/data.yaml new file mode 100644 index 0000000..012569d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/data.yaml @@ -0,0 +1,14 @@ +--- +replicas: 2 + +esMajorVersion: 6 + +extraEnvs: + - name: discovery.zen.ping.unicast.hosts + value: "my-release-elasticsearch-discovery" + +clusterName: "elasticsearch" +nodeGroup: "data" + +roles: + - data diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/master.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/master.yaml new file mode 100644 index 0000000..9f2f609 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/migration/master.yaml @@ -0,0 +1,23 @@ +--- +# Temporarily set to 3 so we can scale up/down the old a new cluster +# one at a time whilst always keeping 3 masters running +replicas: 1 + +esMajorVersion: 6 + +extraEnvs: + - name: discovery.zen.ping.unicast.hosts + value: "my-release-elasticsearch-discovery" + +clusterName: "elasticsearch" +nodeGroup: "master" + +roles: + - master + +volumeClaimTemplate: + accessModes: ["ReadWriteOnce"] + storageClassName: "standard" + resources: + requests: + storage: 4Gi diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/Makefile new file mode 100644 index 0000000..1021d98 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/Makefile @@ -0,0 +1,13 @@ +default: test + +RELEASE := helm-es-minikube +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install + helm test $(RELEASE) + +purge: + helm del $(RELEASE) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/README.md new file mode 100644 index 0000000..6c84728 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/README.md @@ -0,0 +1,38 @@ +# Minikube + +This example deploy a 3 nodes Elasticsearch 8.4.1 cluster on [Minikube][] +using [custom values][]. + +If helm or kubectl timeouts occur, you may consider creating a minikube VM with +more CPU cores or memory allocated. + +Note that this configuration should be used for test only and isn't recommended +for production. + + +## Requirements + +In order to properly support the required persistent volume claims for the +Elasticsearch StatefulSet, the `default-storageclass` and `storage-provisioner` +minikube addons must be enabled. + +``` +minikube addons enable default-storageclass +minikube addons enable storage-provisioner +``` + + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +[custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/minikube/values.yaml +[minikube]: https://minikube.sigs.k8s.io/docs/ diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/values.yaml new file mode 100644 index 0000000..ccceb3a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/minikube/values.yaml @@ -0,0 +1,23 @@ +--- +# Permit co-located instances for solitary minikube virtual machines. +antiAffinity: "soft" + +# Shrink default JVM heap. +esJavaOpts: "-Xmx128m -Xms128m" + +# Allocate smaller chunks of memory per pod. +resources: + requests: + cpu: "100m" + memory: "512M" + limits: + cpu: "1000m" + memory: "512M" + +# Request smaller persistent volumes. +volumeClaimTemplate: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 100M diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/Makefile new file mode 100644 index 0000000..243e504 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/Makefile @@ -0,0 +1,19 @@ +default: test + +include ../../../helpers/examples.mk + +PREFIX := helm-es-multi +RELEASE := helm-es-multi-master +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values master.yaml $(PREFIX)-master ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values data.yaml $(PREFIX)-data ../../ + helm upgrade --wait --timeout=$(TIMEOUT) --install --values client.yaml $(PREFIX)-client ../../ + +test: install goss + +purge: + helm del $(PREFIX)-master + helm del $(PREFIX)-data + helm del $(PREFIX)-client diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/README.md new file mode 100644 index 0000000..2347c70 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/README.md @@ -0,0 +1,29 @@ +# Multi + +This example deploy an Elasticsearch 8.4.1 cluster composed of 3 different Helm +releases: + +- `helm-es-multi-master` for the 3 master nodes using [master values][] +- `helm-es-multi-data` for the 3 data nodes using [data values][] +- `helm-es-multi-client` for the 3 client nodes using [client values][] + +## Usage + +* Deploy the 3 Elasticsearch releases: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/multi-master 9200 + curl -u elastic:changeme http://localhost:9200/_cat/indices + ``` + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[client values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/client.yaml +[data values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/data.yaml +[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/test/goss.yaml +[master values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/master.yaml diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/client.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/client.yaml new file mode 100644 index 0000000..2c05d1e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/client.yaml @@ -0,0 +1,50 @@ +--- +clusterName: "multi" +nodeGroup: "client" + +extraEnvs: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: multi-master-credentials + key: password + - name: xpack.security.enabled + value: "true" + - name: xpack.security.transport.ssl.enabled + value: "true" + - name: xpack.security.http.ssl.enabled + value: "true" + - name: xpack.security.transport.ssl.verification_mode + value: "certificate" + - name: xpack.security.transport.ssl.key + value: "/usr/share/elasticsearch/config/certs/tls.key" + - name: xpack.security.transport.ssl.certificate + value: "/usr/share/elasticsearch/config/certs/tls.crt" + - name: xpack.security.transport.ssl.certificate_authorities + value: "/usr/share/elasticsearch/config/certs/ca.crt" + - name: xpack.security.http.ssl.key + value: "/usr/share/elasticsearch/config/certs/tls.key" + - name: xpack.security.http.ssl.certificate + value: "/usr/share/elasticsearch/config/certs/tls.crt" + - name: xpack.security.http.ssl.certificate_authorities + value: "/usr/share/elasticsearch/config/certs/ca.crt" + +roles: [] + +persistence: + enabled: false + +# For client nodes, we also need to add an empty node.roles in elasticsearch.yml +# This is due to https://github.com/elastic/helm-charts/pull/1186#discussion_r631225687 +esConfig: + elasticsearch.yml: | + node.roles: [] + +secret: + enabled: false + +createCert: false +secretMounts: + - name: elastic-certificates + secretName: multi-master-certs + path: /usr/share/elasticsearch/config/certs diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/data.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/data.yaml new file mode 100644 index 0000000..cd453d3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/data.yaml @@ -0,0 +1,48 @@ +--- +clusterName: "multi" +nodeGroup: "data" + +extraEnvs: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: multi-master-credentials + key: password + - name: xpack.security.enabled + value: "true" + - name: xpack.security.transport.ssl.enabled + value: "true" + - name: xpack.security.http.ssl.enabled + value: "true" + - name: xpack.security.transport.ssl.verification_mode + value: "certificate" + - name: xpack.security.transport.ssl.key + value: "/usr/share/elasticsearch/config/certs/tls.key" + - name: xpack.security.transport.ssl.certificate + value: "/usr/share/elasticsearch/config/certs/tls.crt" + - name: xpack.security.transport.ssl.certificate_authorities + value: "/usr/share/elasticsearch/config/certs/ca.crt" + - name: xpack.security.http.ssl.key + value: "/usr/share/elasticsearch/config/certs/tls.key" + - name: xpack.security.http.ssl.certificate + value: "/usr/share/elasticsearch/config/certs/tls.crt" + - name: xpack.security.http.ssl.certificate_authorities + value: "/usr/share/elasticsearch/config/certs/ca.crt" + +roles: + - data + - data_content + - data_hot + - data_warm + - data_cold + - data_frozen + - ingest + +secret: + enabled: false + +createCert: false +secretMounts: + - name: elastic-certificates + secretName: multi-master-certs + path: /usr/share/elasticsearch/config/certs diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/master.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/master.yaml new file mode 100644 index 0000000..bb4ea30 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/master.yaml @@ -0,0 +1,6 @@ +--- +clusterName: "multi" +nodeGroup: "master" + +roles: + - master diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/test/goss.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/test/goss.yaml new file mode 100644 index 0000000..c365388 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/multi/test/goss.yaml @@ -0,0 +1,12 @@ +http: + https://localhost:9200/_cluster/health: + status: 200 + timeout: 2000 + allow-insecure: true + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - "green" + - '"cluster_name":"multi"' + - '"number_of_nodes":9' + - '"number_of_data_nodes":3' diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/networkpolicy/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/networkpolicy/Makefile new file mode 100644 index 0000000..e7b20c5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/networkpolicy/Makefile @@ -0,0 +1,14 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-es-networkpolicy +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/networkpolicy/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/networkpolicy/values.yaml new file mode 100644 index 0000000..1963d20 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/networkpolicy/values.yaml @@ -0,0 +1,37 @@ +networkPolicy: + http: + enabled: true + explicitNamespacesSelector: + # Accept from namespaces with all those different rules (from whitelisted Pods) + matchLabels: + role: frontend-http + matchExpressions: + - {key: role, operator: In, values: [frontend-http]} + additionalRules: + - podSelector: + matchLabels: + role: frontend-http + - podSelector: + matchExpressions: + - key: role + operator: In + values: + - frontend-http + transport: + enabled: true + allowExternal: true + explicitNamespacesSelector: + matchLabels: + role: frontend-transport + matchExpressions: + - {key: role, operator: In, values: [frontend-transport]} + additionalRules: + - podSelector: + matchLabels: + role: frontend-transport + - podSelector: + matchExpressions: + - key: role + operator: In + values: + - frontend-transport diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/Makefile new file mode 100644 index 0000000..078c33c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/Makefile @@ -0,0 +1,13 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := elasticsearch + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/README.md new file mode 100644 index 0000000..d71093d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/README.md @@ -0,0 +1,24 @@ +# OpenShift + +This example deploy a 3 nodes Elasticsearch 8.4.1 cluster on [OpenShift][] +using [custom values][]. + +## Usage + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/openshift/values.yaml +[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/openshift/test/goss.yaml +[openshift]: https://www.openshift.com/ diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/test/goss.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/test/goss.yaml new file mode 100644 index 0000000..0948fb5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/test/goss.yaml @@ -0,0 +1,20 @@ +http: + https://localhost:9200/_cluster/health: + status: 200 + timeout: 2000 + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - "green" + - '"number_of_nodes":3' + - '"number_of_data_nodes":3' + + https://localhost:9200: + status: 200 + timeout: 2000 + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - '"number" : "8.4.1"' + - '"cluster_name" : "elasticsearch"' + - "You Know, for Search" diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/values.yaml new file mode 100644 index 0000000..8a21126 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/openshift/values.yaml @@ -0,0 +1,11 @@ +--- + +securityContext: + runAsUser: null + +podSecurityContext: + fsGroup: null + runAsUser: null + +sysctlInitContainer: + enabled: false diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/Makefile new file mode 100644 index 0000000..78726e6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/Makefile @@ -0,0 +1,36 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-es-security +ELASTICSEARCH_IMAGE := docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION) +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: secrets install goss + +purge: + kubectl delete secrets elastic-certificates elastic-certificate-pem elastic-certificate-crt|| true + helm del $(RELEASE) + +pull-elasticsearch-image: + docker pull $(ELASTICSEARCH_IMAGE) + +secrets: + docker rm -f elastic-helm-charts-certs || true + rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12 || true + docker run --name elastic-helm-charts-certs -i -w /tmp \ + $(ELASTICSEARCH_IMAGE) \ + /bin/sh -c " \ + elasticsearch-certutil ca --out /tmp/elastic-stack-ca.p12 --pass '' && \ + elasticsearch-certutil cert --name security-master --dns security-master --ca /tmp/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /tmp/elastic-certificates.p12" && \ + docker cp elastic-helm-charts-certs:/tmp/elastic-certificates.p12 ./ && \ + docker rm -f elastic-helm-charts-certs && \ + openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem && \ + openssl x509 -outform der -in elastic-certificate.pem -out elastic-certificate.crt && \ + kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 && \ + kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem && \ + kubectl create secret generic elastic-certificate-crt --from-file=elastic-certificate.crt && \ + rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12 diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/README.md new file mode 100644 index 0000000..012356f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/README.md @@ -0,0 +1,29 @@ +# Security + +This example deploy a 3 nodes Elasticsearch 8.4.1 with authentication and +autogenerated certificates for TLS (see [values][]). + +Note that this configuration should be used for test only. For a production +deployment you should generate SSL certificates following the [official docs][]. + +## Usage + +* Create the required secrets: `make secrets` + +* Deploy Elasticsearch chart with the default values: `make install` + +* You can now setup a port forward to query Elasticsearch API: + + ``` + kubectl port-forward svc/security-master 9200 + curl -u elastic:changeme https://localhost:9200/_cat/indices + ``` + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/security/test/goss.yaml +[official docs]: https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html#node-certificates +[values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/security/values.yaml diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/test/goss.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/test/goss.yaml new file mode 100644 index 0000000..e35393f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/test/goss.yaml @@ -0,0 +1,44 @@ +http: + https://security-master:9200/_cluster/health: + status: 200 + timeout: 2000 + allow-insecure: true + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - "green" + - '"number_of_nodes":3' + - '"number_of_data_nodes":3' + + https://localhost:9200/: + status: 200 + timeout: 2000 + allow-insecure: true + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - '"cluster_name" : "security"' + - "You Know, for Search" + + https://localhost:9200/_license: + status: 200 + timeout: 2000 + allow-insecure: true + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + body: + - "active" + - "basic" + +file: + /usr/share/elasticsearch/config/elasticsearch.yml: + exists: true + contains: + - "xpack.security.enabled: true" + - "xpack.security.transport.ssl.enabled: true" + - "xpack.security.transport.ssl.verification_mode: certificate" + - "xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12" + - "xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12" + - "xpack.security.http.ssl.enabled: true" + - "xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12" + - "xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12" diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/values.yaml new file mode 100644 index 0000000..e2b1c18 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/security/values.yaml @@ -0,0 +1,28 @@ +--- +clusterName: "security" +nodeGroup: "master" + +createCert: false + +roles: + - master + - ingest + - data + +protocol: https + +esConfig: + elasticsearch.yml: | + xpack.security.enabled: true + xpack.security.transport.ssl.enabled: true + xpack.security.transport.ssl.verification_mode: certificate + xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12 + xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12 + xpack.security.http.ssl.enabled: true + xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12 + xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12 + +secretMounts: + - name: elastic-certificates + secretName: elastic-certificates + path: /usr/share/elasticsearch/config/certs diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/Makefile b/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/Makefile new file mode 100644 index 0000000..0bfddab --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/Makefile @@ -0,0 +1,19 @@ +default: test + +include ../../../helpers/examples.mk + +CHART := elasticsearch +RELEASE := helm-es-upgrade +FROM := 7.17.1 # upgrade from versions before 7.17.1 isn't compatible with 8.x + +install: + ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) + # Rolling upgrade doesn't work when upgrading from clusters with security disabled. + # This is because nodes with security enabled can't join a cluster with security disabled. + # Every nodes need to be recreated at the same time so they can recreate a cluster with security enabled + kubectl delete pod --selector=app=upgrade-master + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/README.md b/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/README.md new file mode 100644 index 0000000..ab19df7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/README.md @@ -0,0 +1,17 @@ +# Upgrade + +This example will deploy a 3 node Elasticsearch cluster chart using an old chart +version, then upgrade it. + + +## Usage + +* Deploy and upgrade Elasticsearch chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test`. + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/upgrade/test/goss.yaml diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/test/goss.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/test/goss.yaml new file mode 100644 index 0000000..8a3c0ef --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/test/goss.yaml @@ -0,0 +1,22 @@ +http: + https://localhost:9200/_cluster/health: + status: 200 + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + allow-insecure: true + timeout: 2000 + body: + - "green" + - '"number_of_nodes":3' + - '"number_of_data_nodes":3' + + https://localhost:9200: + status: 200 + username: elastic + password: "{{ .Env.ELASTIC_PASSWORD }}" + allow-insecure: true + timeout: 2000 + body: + - '"number" : "8.4.1"' + - '"cluster_name" : "upgrade"' + - "You Know, for Search" diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/values.yaml new file mode 100644 index 0000000..461b100 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/examples/upgrade/values.yaml @@ -0,0 +1,6 @@ +--- +clusterName: upgrade +# Rolling upgrade doesn't work when upgrading from clusters with security disabled. +# This is because nodes with security enabled can't join a cluster with security disabled. +# Every nodes need to be recreated at the same time so they can recreate a cluster with security enabled +updateStrategy: OnDelete diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/override-values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/override-values.yaml new file mode 100644 index 0000000..f45a49b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/override-values.yaml @@ -0,0 +1,26 @@ +createCert: false +esConfig: + elasticsearch.yml: | + xpack.security.enabled: false +volumeClaimTemplate: + resources: + requests: + storage: 50Gi +protocol: http +service: + type: NodePort + # nodePort: "" +tolerations: +- key: "dev/data-es" + operator: "Exists" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-es + diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/schema/es-ddl.sh b/packer/ansible/roles/helm_install/files/elasticsearch/schema/es-ddl.sh new file mode 100755 index 0000000..9df354b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/schema/es-ddl.sh @@ -0,0 +1,310 @@ +#!/bin/bash + +#temp=$(kubectl get svc -n dsk-middle -o wide | grep elasticsearch | grep NodePort | awk {'print $5'}) +#export ES_NODEPORT=${temp:5:(-4)} +ES_NODEPORT=`kubectl get svc -n dsk-middle |grep elasticsearch | grep NodePort | awk -F '9200:' {'print $2'} | awk -F '/' '{print $1}'` +echo $ES_NODEPORT + +export MASTER_IP=$(kubectl get nodes -o wide | grep control-plane | awk {'print $6'} | head -1) +echo $MASTER_IP + +export NUM_SHARDS=2 +export NUM_REPLICAS=1 + +SECURE=true +SECURE=false + +if [ $SECURE = true ] +then +PARAM="-u elastic:elastic --insecure" +PROTO="https" +else +PARAM="" +PROTO="http" +fi + +echo Secure=$SECURE +echo Param=$PARAM +echo Proto=$PROTO + +echo 'cat indices' +echo "curl ${PARAM} -X GET ${PROTO}://${MASTER_IP}:${ES_NODEPORT}/_cat/indices" +curl ${PARAM} -X GET ${PROTO}://${MASTER_IP}:${ES_NODEPORT}/_cat/indices + + +######### Elasticsearch template 정의 ######### +echo 'ilm policy trace_span' +curl $PARAM -X PUT $PROTO'://'"${MASTER_IP}"':'"${ES_NODEPORT}"'/_ilm/policy/trace_span' -H 'Content-Type: application/json' -d '{ + "policy": { + "phases": { + "delete": { + "min_age": "3d", + "actions": { + "delete": {} + } + } + } + } +}' +echo '\n' + +echo 'template trace_span' +curl $PARAM -X PUT $PROTO'://'"${MASTER_IP}"':'"${ES_NODEPORT}"'/_template/trace_span' -H 'Content-Type: application/json' -d '{ + "order": 0, + "index_patterns": [ + "trace_span-*" + ], + "settings": { + "index": { + "number_of_shards": "2", + "number_of_replicas": "1", + "refresh_interval": "1s", + "lifecycle": { + "name": "trace_span" + } + } + }, + "mappings": { + "properties": { + "tenantId": { + "type": "keyword" + }, + "userId": { + "type": "keyword" + }, + "hostKey": { + "type": "keyword" + }, + "agentKey": { + "type": "keyword" + }, + "agentKind": { + "type": "keyword" + }, + "agentVersion": { + "type": "keyword" + }, + "traceStreamID": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "traceID": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "spanID": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "operationName": { + "type": "keyword" + }, + "processID": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "processStreamID": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "references": { + "properties": { + "trace_id": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "span_id": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + } + } + }, + "startTime": { + "type": "long" + }, + "duration": { + "type": "long" + }, + "tags": { + "properties": { + "type": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "value": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "key": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "v_type": { + "type": "long" + } + } + }, + "logs": { + "properties": { + "fields": { + "properties": { + "v_str": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "key": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + } + } + }, + "timestamp": { + "type": "date" + } + } + } + } + } +}' +echo '\n' + +## log-message +echo 'ilm policy log-message' +curl $PARAM -X PUT $PROTO'://'"${MASTER_IP}"':'"${ES_NODEPORT}"'/_ilm/policy/log-message' -H 'Content-Type: application/json' -d '{ + "policy": { + "phases": { + "delete": { + "min_age": "3d", + "actions": { + "delete": {} + } + } + } + } +}' +echo '\n' + +echo 'template log-message' +curl $PARAM -X PUT $PROTO'://'"${MASTER_IP}"':'"${ES_NODEPORT}"'/_template/log-message' -H 'Content-Type: application/json' -d '{ + "order": 0, + "index_patterns": [ + "log-message-*" + ], + "settings": { + "index": { + "lifecycle": { + "name": "log-message" + }, + "refresh_interval": "1s", + "number_of_shards": "2", + "number_of_replicas": "1" + } + }, + "mappings": { + "properties": { + "usr_app_kind": { + "type": "keyword" + }, + "dsk_usr_id": { + "type": "keyword" + }, + "dsk_agent_name": { + "type": "keyword" + }, + "dsk_agent_key": { + "type": "keyword" + }, + "usr_tag": { + "type": "keyword" + }, + "dsk_host_key": { + "type": "keyword" + }, + "usr_app_name": { + "type": "keyword" + }, + "dsk_cluster_id": { + "type": "keyword" + }, + "message": { + "type": "text" + }, + "dsk_usr_tenant": { + "type": "keyword" + }, + "dsk_log_path": { + "type": "text", + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + } + }, + "dsk_timestamp": { + "type": "long" + } + } + } +}' +echo '\n' diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/elasticsearch/templates/NOTES.txt new file mode 100755 index 0000000..752526f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/NOTES.txt @@ -0,0 +1,8 @@ +1. Watch all cluster members come up. + $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "elasticsearch.uname" . }} -w +2. Retrieve elastic user's password. + $ kubectl get secrets --namespace={{ .Release.Namespace }} {{ template "elasticsearch.uname" . }}-credentials -ojsonpath='{.data.password}' | base64 -d +{{- if .Values.tests.enabled }} +3. Test cluster health using Helm test. + $ helm --namespace={{ .Release.Namespace }} test {{ .Release.Name }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/elasticsearch/templates/_helpers.tpl new file mode 100644 index 0000000..b47e2fe --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/_helpers.tpl @@ -0,0 +1,97 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "elasticsearch.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "elasticsearch.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "elasticsearch.uname" -}} +{{- if empty .Values.fullnameOverride -}} +{{- if empty .Values.nameOverride -}} +{{ .Values.clusterName }}-{{ .Values.nodeGroup }} +{{- else -}} +{{ .Values.nameOverride }}-{{ .Values.nodeGroup }} +{{- end -}} +{{- else -}} +{{ .Values.fullnameOverride }} +{{- end -}} +{{- end -}} + +{{/* +Generate certificates when the secret doesn't exist +*/}} +{{- define "elasticsearch.gen-certs" -}} +{{- $certs := lookup "v1" "Secret" .Release.Namespace ( printf "%s-certs" (include "elasticsearch.uname" . ) ) -}} +{{- if $certs -}} +tls.crt: {{ index $certs.data "tls.crt" }} +tls.key: {{ index $certs.data "tls.key" }} +ca.crt: {{ index $certs.data "ca.crt" }} +{{- else -}} +{{- $altNames := list ( include "elasticsearch.masterService" . ) ( printf "%s.%s" (include "elasticsearch.masterService" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "elasticsearch.masterService" .) .Release.Namespace ) -}} +{{- $ca := genCA "elasticsearch-ca" 365 -}} +{{- $cert := genSignedCert ( include "elasticsearch.masterService" . ) nil $altNames 365 $ca -}} +tls.crt: {{ $cert.Cert | toString | b64enc }} +tls.key: {{ $cert.Key | toString | b64enc }} +ca.crt: {{ $ca.Cert | toString | b64enc }} +{{- end -}} +{{- end -}} + +{{- define "elasticsearch.masterService" -}} +{{- if empty .Values.masterService -}} +{{- if empty .Values.fullnameOverride -}} +{{- if empty .Values.nameOverride -}} +{{ .Values.clusterName }}-master +{{- else -}} +{{ .Values.nameOverride }}-master +{{- end -}} +{{- else -}} +{{ .Values.fullnameOverride }} +{{- end -}} +{{- else -}} +{{ .Values.masterService }} +{{- end -}} +{{- end -}} + +{{- define "elasticsearch.endpoints" -}} +{{- $replicas := int (toString (.Values.replicas)) }} +{{- $uname := (include "elasticsearch.uname" .) }} + {{- range $i, $e := untilStep 0 $replicas 1 -}} +{{ $uname }}-{{ $i }}, + {{- end -}} +{{- end -}} + +{{- define "elasticsearch.roles" -}} +{{- range $.Values.roles -}} +{{ . }}, +{{- end -}} +{{- end -}} + +{{- define "elasticsearch.esMajorVersion" -}} +{{- if .Values.esMajorVersion -}} +{{ .Values.esMajorVersion }} +{{- else -}} +{{- $version := int (index (.Values.imageTag | splitList ".") 0) -}} + {{- if and (contains "docker.elastic.co/elasticsearch/elasticsearch" .Values.image) (not (eq $version 0)) -}} +{{ $version }} + {{- else -}} +8 + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Use the fullname if the serviceAccount value is not set +*/}} +{{- define "elasticsearch.serviceAccount" -}} +{{- .Values.rbac.serviceAccountName | default (include "elasticsearch.uname" .) -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/configmap.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/configmap.yaml new file mode 100644 index 0000000..fd1ad30 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/configmap.yaml @@ -0,0 +1,34 @@ +{{- if .Values.esConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "elasticsearch.uname" . }}-config + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" +data: +{{- range $path, $config := .Values.esConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} +{{- if .Values.esJvmOptions }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "elasticsearch.uname" . }}-jvm-options + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" +data: +{{- range $path, $config := .Values.esJvmOptions }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/ingress.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/ingress.yaml new file mode 100644 index 0000000..e60cebf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/ingress.yaml @@ -0,0 +1,64 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "elasticsearch.uname" . -}} +{{- $httpPort := .Values.httpPort -}} +{{- $pathtype := .Values.ingress.pathtype -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ .Chart.Name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | quote }} + {{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- if .ingressPath }} + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- else }} +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end }} +{{- end}} + rules: + {{- range .Values.ingress.hosts }} + {{- if $ingressPath }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ $httpPort }} + {{- else }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ .servicePort | default $httpPort }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/networkpolicy.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/networkpolicy.yaml new file mode 100644 index 0000000..62bb1bd --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/networkpolicy.yaml @@ -0,0 +1,61 @@ +{{- if (or .Values.networkPolicy.http.enabled .Values.networkPolicy.transport.enabled) }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "elasticsearch.uname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" +spec: + podSelector: + matchLabels: + app: "{{ template "elasticsearch.uname" . }}" + ingress: # Allow inbound connections + +{{- if .Values.networkPolicy.http.enabled }} + # For HTTP access + - ports: + - port: {{ .Values.httpPort }} + from: + # From authorized Pods (having the correct label) + - podSelector: + matchLabels: + {{ template "elasticsearch.uname" . }}-http-client: "true" +{{- with .Values.networkPolicy.http.explicitNamespacesSelector }} + # From authorized namespaces + namespaceSelector: +{{ toYaml . | indent 12 }} +{{- end }} +{{- with .Values.networkPolicy.http.additionalRules }} + # Or from custom additional rules +{{ toYaml . | indent 8 }} +{{- end }} +{{- end }} + +{{- if .Values.networkPolicy.transport.enabled }} + # For transport access + - ports: + - port: {{ .Values.transportPort }} + from: + # From authorized Pods (having the correct label) + - podSelector: + matchLabels: + {{ template "elasticsearch.uname" . }}-transport-client: "true" +{{- with .Values.networkPolicy.transport.explicitNamespacesSelector }} + # From authorized namespaces + namespaceSelector: +{{ toYaml . | indent 12 }} +{{- end }} +{{- with .Values.networkPolicy.transport.additionalRules }} + # Or from custom additional rules +{{ toYaml . | indent 8 }} +{{- end }} + # Or from other ElasticSearch Pods + - podSelector: + matchLabels: + app: "{{ template "elasticsearch.uname" . }}" +{{- end }} + +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000..6d0bdf3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/poddisruptionbudget.yaml @@ -0,0 +1,15 @@ +{{- if .Values.maxUnavailable }} +{{- if .Capabilities.APIVersions.Has "policy/v1" -}} +apiVersion: policy/v1 +{{- else}} +apiVersion: policy/v1beta1 +{{- end }} +kind: PodDisruptionBudget +metadata: + name: "{{ template "elasticsearch.uname" . }}-pdb" +spec: + maxUnavailable: {{ .Values.maxUnavailable }} + selector: + matchLabels: + app: "{{ template "elasticsearch.uname" . }}" +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/podsecuritypolicy.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/podsecuritypolicy.yaml new file mode 100644 index 0000000..e22e75c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/podsecuritypolicy.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podSecurityPolicy.create -}} +{{- $fullName := include "elasticsearch.uname" . -}} +{{- if .Capabilities.APIVersions.Has "policy/v1" -}} +apiVersion: policy/v1 +{{- else}} +apiVersion: policy/v1beta1 +{{- end }} +kind: PodSecurityPolicy +metadata: + name: {{ default $fullName .Values.podSecurityPolicy.name | quote }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: {{ $fullName | quote }} +spec: +{{ toYaml .Values.podSecurityPolicy.spec | indent 2 }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/role.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/role.yaml new file mode 100644 index 0000000..d3a7ee3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/role.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +{{- $fullName := include "elasticsearch.uname" . -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $fullName | quote }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: {{ $fullName | quote }} +rules: + - apiGroups: + - extensions + resources: + - podsecuritypolicies + resourceNames: + {{- if eq .Values.podSecurityPolicy.name "" }} + - {{ $fullName | quote }} + {{- else }} + - {{ .Values.podSecurityPolicy.name | quote }} + {{- end }} + verbs: + - use +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/rolebinding.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/rolebinding.yaml new file mode 100644 index 0000000..e0ecced --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +{{- $fullName := include "elasticsearch.uname" . -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $fullName | quote }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: {{ $fullName | quote }} +subjects: + - kind: ServiceAccount + name: "{{ template "elasticsearch.serviceAccount" . }}" + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: Role + name: {{ $fullName | quote }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/secret-cert.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/secret-cert.yaml new file mode 100644 index 0000000..97d8dec --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/secret-cert.yaml @@ -0,0 +1,14 @@ +{{- if .Values.createCert }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ template "elasticsearch.uname" . }}-certs + labels: + app: {{ template "elasticsearch.uname" . }} + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: +{{ ( include "elasticsearch.gen-certs" . ) | indent 2 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/secret.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/secret.yaml new file mode 100644 index 0000000..cbdcbba --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/secret.yaml @@ -0,0 +1,23 @@ +{{- if .Values.secret.enabled -}} +{{- $passwordValue := (randAlphaNum 16) | b64enc | quote }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "elasticsearch.uname" . }}-credentials + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +type: Opaque +data: + username: {{ "elastic" | b64enc }} + {{- if .Values.secret.password }} + password: {{ .Values.secret.password | b64enc }} + {{- else }} + password: {{ $passwordValue }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/service.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/service.yaml new file mode 100644 index 0000000..5fe52eb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/service.yaml @@ -0,0 +1,78 @@ +{{- if .Values.service.enabled -}} +--- +kind: Service +apiVersion: v1 +metadata: +{{- if eq .Values.nodeGroup "master" }} + name: {{ template "elasticsearch.masterService" . }} +{{- else }} + name: {{ template "elasticsearch.uname" . }} +{{- end }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4}} +{{- end }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +spec: + type: {{ .Values.service.type }} + selector: + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" + publishNotReadyAddresses: {{ .Values.service.publishNotReadyAddresses }} + ports: + - name: {{ .Values.service.httpPortName | default "http" }} + protocol: TCP + port: {{ .Values.httpPort }} +{{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} +{{- end }} + - name: {{ .Values.service.transportPortName | default "transport" }} + protocol: TCP + port: {{ .Values.transportPort }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} +{{- end }} +{{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml . | indent 4 }} +{{- end }} +{{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} +{{- end }} +{{- end }} +--- +kind: Service +apiVersion: v1 +metadata: +{{- if eq .Values.nodeGroup "master" }} + name: {{ template "elasticsearch.masterService" . }}-headless +{{- else }} + name: {{ template "elasticsearch.uname" . }}-headless +{{- end }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" +{{- if .Values.service.labelsHeadless }} +{{ toYaml .Values.service.labelsHeadless | indent 4 }} +{{- end }} + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve + # Create endpoints also if the related pod isn't ready + publishNotReadyAddresses: true + selector: + app: "{{ template "elasticsearch.uname" . }}" + ports: + - name: {{ .Values.service.httpPortName | default "http" }} + port: {{ .Values.httpPort }} + - name: {{ .Values.service.transportPortName | default "transport" }} + port: {{ .Values.transportPort }} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/serviceaccount.yaml new file mode 100644 index 0000000..a7ef847 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create -}} +{{- $fullName := include "elasticsearch.uname" . -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ template "elasticsearch.serviceAccount" . }}" + annotations: + {{- with .Values.rbac.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: {{ $fullName | quote }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/statefulset.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/statefulset.yaml new file mode 100644 index 0000000..64fd423 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/statefulset.yaml @@ -0,0 +1,427 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "elasticsearch.uname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + annotations: + esMajorVersion: "{{ include "elasticsearch.esMajorVersion" . }}" +spec: + serviceName: {{ template "elasticsearch.uname" . }}-headless + selector: + matchLabels: + app: "{{ template "elasticsearch.uname" . }}" + replicas: {{ .Values.replicas }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + updateStrategy: + type: {{ .Values.updateStrategy }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ template "elasticsearch.uname" . }} + {{- if .Values.persistence.labels.enabled }} + labels: + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 8 }} + {{- end }} + spec: +{{ toYaml .Values.volumeClaimTemplate | indent 6 }} + {{- end }} + template: + metadata: + name: "{{ template "elasticsearch.uname" . }}" + labels: + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}" + app: "{{ template "elasticsearch.uname" . }}" + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{/* This forces a restart if the configmap has changed */}} + {{- if or .Values.esConfig .Values.esJvmOptions }} + configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + securityContext: +{{ toYaml .Values.podSecurityContext | indent 8 }} + {{- if .Values.fsGroup }} + fsGroup: {{ .Values.fsGroup }} # Deprecated value, please use .Values.podSecurityContext.fsGroup + {{- end }} + {{- if or .Values.rbac.create .Values.rbac.serviceAccountName }} + serviceAccountName: "{{ template "elasticsearch.serviceAccount" . }}" + {{- end }} + automountServiceAccountToken: {{ .Values.rbac.automountToken }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if or (eq .Values.antiAffinity "hard") (eq .Values.antiAffinity "soft") .Values.nodeAffinity }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + affinity: + {{- end }} + {{- if eq .Values.antiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - "{{ template "elasticsearch.uname" .}}" + topologyKey: {{ .Values.antiAffinityTopologyKey }} + {{- else if eq .Values.antiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: {{ .Values.antiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - "{{ template "elasticsearch.uname" . }}" + {{- end }} + {{- with .Values.nodeAffinity }} + nodeAffinity: +{{ toYaml . | indent 10 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + volumes: + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- if .defaultMode }} + defaultMode: {{ .defaultMode }} + {{- end }} + {{- end }} + {{- if .Values.esConfig }} + - name: esconfig + configMap: + name: {{ template "elasticsearch.uname" . }}-config + {{- end }} + {{- if .Values.esJvmOptions }} + - name: esjvmoptions + configMap: + name: {{ template "elasticsearch.uname" . }}-jvm-options + {{- end }} + {{- if .Values.createCert }} + - name: elasticsearch-certs + secret: + secretName: {{ template "elasticsearch.uname" . }}-certs + {{- end }} +{{- if .Values.keystore }} + - name: keystore + emptyDir: {} + {{- range .Values.keystore }} + - name: keystore-{{ .secretName }} + secret: {{ toYaml . | nindent 12 }} + {{- end }} +{{ end }} + {{- if .Values.extraVolumes }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. + {{- if eq "string" (printf "%T" .Values.extraVolumes) }} +{{ tpl .Values.extraVolumes . | indent 8 }} + {{- else }} +{{ toYaml .Values.extraVolumes | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + enableServiceLinks: {{ .Values.enableServiceLinks }} + {{- if .Values.hostAliases }} + hostAliases: {{ toYaml .Values.hostAliases | nindent 8 }} + {{- end }} + {{- if or (.Values.extraInitContainers) (.Values.sysctlInitContainer.enabled) (.Values.keystore) }} + initContainers: + {{- if .Values.sysctlInitContainer.enabled }} + - name: configure-sysctl + securityContext: + runAsUser: 0 + privileged: true + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + command: ["sysctl", "-w", "vm.max_map_count={{ .Values.sysctlVmMaxMapCount}}"] + resources: +{{ toYaml .Values.initResources | indent 10 }} + {{- end }} +{{ if .Values.keystore }} + - name: keystore + securityContext: +{{ toYaml .Values.securityContext | indent 10 }} + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + command: + - bash + - -c + - | + set -euo pipefail + + elasticsearch-keystore create + + for i in /tmp/keystoreSecrets/*/*; do + key=$(basename $i) + echo "Adding file $i to keystore key $key" + elasticsearch-keystore add-file "$key" "$i" + done + + # Add the bootstrap password since otherwise the Elasticsearch entrypoint tries to do this on startup + if [ ! -z ${ELASTIC_PASSWORD+x} ]; then + echo 'Adding env $ELASTIC_PASSWORD to keystore as key bootstrap.password' + echo "$ELASTIC_PASSWORD" | elasticsearch-keystore add -x bootstrap.password + fi + + cp -a /usr/share/elasticsearch/config/elasticsearch.keystore /tmp/keystore/ + env: {{ toYaml .Values.extraEnvs | nindent 10 }} + envFrom: {{ toYaml .Values.envFrom | nindent 10 }} + resources: {{ toYaml .Values.initResources | nindent 10 }} + volumeMounts: + - name: keystore + mountPath: /tmp/keystore + {{- range .Values.keystore }} + - name: keystore-{{ .secretName }} + mountPath: /tmp/keystoreSecrets/{{ .secretName }} + {{- end }} +{{ end }} + {{- if .Values.extraInitContainers }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} +{{ tpl .Values.extraInitContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 6 }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: "{{ template "elasticsearch.name" . }}" + securityContext: +{{ toYaml .Values.securityContext | indent 10 }} + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + readinessProbe: + exec: + command: + - bash + - -c + - | + set -e + + # Exit if ELASTIC_PASSWORD in unset + if [ -z "${ELASTIC_PASSWORD}" ]; then + echo "ELASTIC_PASSWORD variable is missing, exiting" + exit 1 + fi + + # If the node is starting up wait for the cluster to be ready (request params: "{{ .Values.clusterHealthCheckParams }}" ) + # Once it has started only check that the node itself is responding + START_FILE=/tmp/.es_start_file + + # Disable nss cache to avoid filling dentry cache when calling curl + # This is required with Elasticsearch Docker using nss < 3.52 + export NSS_SDB_USE_CACHE=no + + http () { + local path="${1}" + local args="${2}" + set -- -XGET -s + + if [ "$args" != "" ]; then + set -- "$@" $args + fi + + set -- "$@" -u "elastic:${ELASTIC_PASSWORD}" + + curl --output /dev/null -k "$@" "{{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}${path}" + } + + if [ -f "${START_FILE}" ]; then + echo 'Elasticsearch is already running, lets check the node is healthy' + HTTP_CODE=$(http "/" "-w %{http_code}") + RC=$? + if [[ ${RC} -ne 0 ]]; then + echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with RC ${RC}" + exit ${RC} + fi + # ready if HTTP code 200, 503 is tolerable if ES version is 6.x + if [[ ${HTTP_CODE} == "200" ]]; then + exit 0 + elif [[ ${HTTP_CODE} == "503" && "{{ include "elasticsearch.esMajorVersion" . }}" == "6" ]]; then + exit 0 + else + echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with HTTP code ${HTTP_CODE}" + exit 1 + fi + + else + echo 'Waiting for elasticsearch cluster to become ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' + if http "/_cluster/health?{{ .Values.clusterHealthCheckParams }}" "--fail" ; then + touch ${START_FILE} + exit 0 + else + echo 'Cluster is not yet ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' + exit 1 + fi + fi +{{ toYaml .Values.readinessProbe | indent 10 }} + ports: + - name: http + containerPort: {{ .Values.httpPort }} + - name: transport + containerPort: {{ .Values.transportPort }} + resources: +{{ toYaml .Values.resources | indent 10 }} + env: + - name: node.name + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- if has "master" .Values.roles }} + - name: cluster.initial_master_nodes + value: "{{ template "elasticsearch.endpoints" . }}" + {{- end }} + {{- if gt (len (include "elasticsearch.roles" .)) 0 }} + - name: node.roles + value: "{{ template "elasticsearch.roles" . }}" + {{- end }} + {{- if lt (int (include "elasticsearch.esMajorVersion" .)) 7 }} + - name: discovery.zen.ping.unicast.hosts + value: "{{ template "elasticsearch.masterService" . }}-headless" + {{- else }} + - name: discovery.seed_hosts + value: "{{ template "elasticsearch.masterService" . }}-headless" + {{- end }} + - name: cluster.name + value: "{{ .Values.clusterName }}" + - name: network.host + value: "{{ .Values.networkHost }}" + {{- if .Values.secret.enabled }} + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "elasticsearch.uname" . }}-credentials + key: password + {{- end }} + {{- if .Values.esJavaOpts }} + - name: ES_JAVA_OPTS + value: "{{ .Values.esJavaOpts }}" + {{- end }} + {{- if .Values.createCert }} + - name: xpack.security.enabled + value: "true" + - name: xpack.security.transport.ssl.enabled + value: "true" + - name: xpack.security.http.ssl.enabled + value: "true" + - name: xpack.security.transport.ssl.verification_mode + value: "certificate" + - name: xpack.security.transport.ssl.key + value: "/usr/share/elasticsearch/config/certs/tls.key" + - name: xpack.security.transport.ssl.certificate + value: "/usr/share/elasticsearch/config/certs/tls.crt" + - name: xpack.security.transport.ssl.certificate_authorities + value: "/usr/share/elasticsearch/config/certs/ca.crt" + - name: xpack.security.http.ssl.key + value: "/usr/share/elasticsearch/config/certs/tls.key" + - name: xpack.security.http.ssl.certificate + value: "/usr/share/elasticsearch/config/certs/tls.crt" + - name: xpack.security.http.ssl.certificate_authorities + value: "/usr/share/elasticsearch/config/certs/ca.crt" + {{- end }} +{{- if .Values.extraEnvs }} +{{ toYaml .Values.extraEnvs | indent 10 }} +{{- end }} +{{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} +{{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: "{{ template "elasticsearch.uname" . }}" + mountPath: /usr/share/elasticsearch/data + {{- end }} + {{- if .Values.createCert }} + - name: elasticsearch-certs + mountPath: /usr/share/elasticsearch/config/certs + readOnly: true + {{- end }} +{{ if .Values.keystore }} + - name: keystore + mountPath: /usr/share/elasticsearch/config/elasticsearch.keystore + subPath: elasticsearch.keystore +{{ end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.esConfig }} + - name: esconfig + mountPath: /usr/share/elasticsearch/config/{{ $path }} + subPath: {{ $path }} + {{- end -}} + {{- range $path, $config := .Values.esJvmOptions }} + - name: esjvmoptions + mountPath: /usr/share/elasticsearch/config/jvm.options.d/{{ $path }} + subPath: {{ $path }} + {{- end -}} + {{- if .Values.extraVolumeMounts }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. + {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }} +{{ tpl .Values.extraVolumeMounts . | indent 10 }} + {{- else }} +{{ toYaml .Values.extraVolumeMounts | indent 10 }} + {{- end }} + {{- end }} +{{- if .Values.lifecycle }} + lifecycle: +{{ toYaml .Values.lifecycle | indent 10 }} +{{- end }} + {{- if .Values.extraContainers }} + # Currently some extra blocks accept strings + # to continue with backwards compatibility this is being kept + # whilst also allowing for yaml to be specified too. + {{- if eq "string" (printf "%T" .Values.extraContainers) }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraContainers | indent 6 }} + {{- end }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/templates/test/test-elasticsearch-health.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/templates/test/test-elasticsearch-health.yaml new file mode 100644 index 0000000..d0890fb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/templates/test/test-elasticsearch-health.yaml @@ -0,0 +1,50 @@ +{{- if .Values.tests.enabled -}} +--- +apiVersion: v1 +kind: Pod +metadata: +{{- if .Values.healthNameOverride }} + name: {{ .Values.healthNameOverride | quote }} +{{- else }} + name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test" +{{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + securityContext: +{{ toYaml .Values.podSecurityContext | indent 4 }} + containers: +{{- if .Values.healthNameOverride }} + - name: {{ .Values.healthNameOverride | quote }} +{{- else }} + - name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test" +{{- end }} + env: + - name: ELASTIC_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "elasticsearch.uname" . }}-credentials + key: password + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + command: + - "sh" + - "-c" + - | + #!/usr/bin/env bash -e + curl -XGET --fail --cacert /usr/share/elasticsearch/config/certs/tls.crt -u "elastic:${ELASTIC_PASSWORD}" https://'{{ template "elasticsearch.uname" . }}:{{ .Values.httpPort }}/_cluster/health?{{ .Values.clusterHealthCheckParams }}' + volumeMounts: + - name: elasticsearch-certs + mountPath: /usr/share/elasticsearch/config/certs + readOnly: true + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 4 }} + {{- end }} + restartPolicy: Never + volumes: + - name: elasticsearch-certs + secret: + secretName: {{ template "elasticsearch.uname" . }}-certs +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/tests/elasticsearch_test.py b/packer/ansible/roles/helm_install/files/elasticsearch/tests/elasticsearch_test.py new file mode 100644 index 0000000..00e9abd --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/tests/elasticsearch_test.py @@ -0,0 +1,1504 @@ +import os +import sys + +sys.path.insert(1, os.path.join(sys.path[0], "../../helpers")) +from helpers import helm_template +import yaml + +clusterName = "elasticsearch" +nodeGroup = "master" +uname = clusterName + "-" + nodeGroup + + +def test_defaults(): + config = """ + """ + + r = helm_template(config) + + # Statefulset + assert r["statefulset"][uname]["spec"]["replicas"] == 3 + assert r["statefulset"][uname]["spec"]["updateStrategy"] == { + "type": "RollingUpdate" + } + assert r["statefulset"][uname]["spec"]["podManagementPolicy"] == "Parallel" + assert r["statefulset"][uname]["spec"]["serviceName"] == uname + "-headless" + assert r["statefulset"][uname]["spec"]["template"]["spec"]["affinity"][ + "podAntiAffinity" + ]["requiredDuringSchedulingIgnoredDuringExecution"][0] == { + "labelSelector": { + "matchExpressions": [{"key": "app", "operator": "In", "values": [uname]}] + }, + "topologyKey": "kubernetes.io/hostname", + } + + # Default environment variables + env_vars = [ + { + "name": "node.name", + "valueFrom": {"fieldRef": {"fieldPath": "metadata.name"}}, + }, + { + "name": "cluster.initial_master_nodes", + "value": uname + "-0," + uname + "-1," + uname + "-2,", + }, + {"name": "discovery.seed_hosts", "value": uname + "-headless"}, + {"name": "network.host", "value": "0.0.0.0"}, + {"name": "cluster.name", "value": clusterName}, + { + "name": "node.roles", + "value": "master,data,data_content,data_hot,data_warm,data_cold,ingest,ml,remote_cluster_client,transform,", + }, + ] + + c = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0] + for env in env_vars: + assert env in c["env"] + + # Image + assert c["image"].startswith("docker.elastic.co/elasticsearch/elasticsearch:") + assert c["imagePullPolicy"] == "IfNotPresent" + assert c["name"] == "elasticsearch" + + # Ports + assert c["ports"][0] == {"name": "http", "containerPort": 9200} + assert c["ports"][1] == {"name": "transport", "containerPort": 9300} + + # Health checks + assert c["readinessProbe"]["failureThreshold"] == 3 + assert c["readinessProbe"]["initialDelaySeconds"] == 10 + assert c["readinessProbe"]["periodSeconds"] == 10 + assert c["readinessProbe"]["successThreshold"] == 3 + assert c["readinessProbe"]["timeoutSeconds"] == 5 + + assert "curl" in c["readinessProbe"]["exec"]["command"][-1] + assert "https://127.0.0.1:9200" in c["readinessProbe"]["exec"]["command"][-1] + + # Resources + assert c["resources"] == { + "requests": {"cpu": "1000m", "memory": "2Gi"}, + "limits": {"cpu": "1000m", "memory": "2Gi"}, + } + + # Mounts + assert c["volumeMounts"][0]["mountPath"] == "/usr/share/elasticsearch/data" + assert c["volumeMounts"][0]["name"] == uname + + # volumeClaimTemplates + v = r["statefulset"][uname]["spec"]["volumeClaimTemplates"][0] + assert v["metadata"]["name"] == uname + assert "labels" not in v["metadata"] + assert v["spec"]["accessModes"] == ["ReadWriteOnce"] + assert v["spec"]["resources"]["requests"]["storage"] == "30Gi" + + # Init container + i = r["statefulset"][uname]["spec"]["template"]["spec"]["initContainers"][0] + assert i["name"] == "configure-sysctl" + assert i["command"] == ["sysctl", "-w", "vm.max_map_count=262144"] + assert i["image"].startswith("docker.elastic.co/elasticsearch/elasticsearch:") + assert i["securityContext"] == {"privileged": True, "runAsUser": 0} + + # Other + assert r["statefulset"][uname]["spec"]["template"]["spec"]["securityContext"] == { + "fsGroup": 1000, + "runAsUser": 1000, + } + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"][ + "terminationGracePeriodSeconds" + ] + == 120 + ) + + # Pod disruption budget + assert r["poddisruptionbudget"][uname + "-pdb"]["spec"]["maxUnavailable"] == 1 + + # Service + s = r["service"][uname] + assert s["metadata"]["name"] == uname + assert s["metadata"]["annotations"] == {} + assert s["spec"]["type"] == "ClusterIP" + assert s["spec"]["publishNotReadyAddresses"] == False + assert len(s["spec"]["ports"]) == 2 + assert s["spec"]["ports"][0] == {"name": "http", "port": 9200, "protocol": "TCP"} + assert s["spec"]["ports"][1] == { + "name": "transport", + "port": 9300, + "protocol": "TCP", + } + assert "loadBalancerSourceRanges" not in s["spec"] + + # Headless Service + h = r["service"][uname + "-headless"] + assert h["spec"]["clusterIP"] == "None" + assert h["spec"]["publishNotReadyAddresses"] == True + assert h["spec"]["ports"][0]["name"] == "http" + assert h["spec"]["ports"][0]["port"] == 9200 + assert h["spec"]["ports"][1]["name"] == "transport" + assert h["spec"]["ports"][1]["port"] == 9300 + + # Empty customizable defaults + assert "imagePullSecrets" not in r["statefulset"][uname]["spec"]["template"]["spec"] + assert "tolerations" not in r["statefulset"][uname]["spec"]["template"]["spec"] + assert "nodeSelector" not in r["statefulset"][uname]["spec"]["template"]["spec"] + assert "ingress" not in r + assert "hostAliases" not in r["statefulset"][uname]["spec"]["template"]["spec"] + + +def test_increasing_the_replicas(): + config = """ +replicas: 5 +""" + r = helm_template(config) + assert r["statefulset"][uname]["spec"]["replicas"] == 5 + + +def test_disabling_pod_disruption_budget(): + config = """ +maxUnavailable: false +""" + r = helm_template(config) + assert "poddisruptionbudget" not in r + + +def test_overriding_the_image_and_tag(): + config = """ +image: customImage +imageTag: 6.2.4 +""" + r = helm_template(config) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0]["image"] + == "customImage:6.2.4" + ) + + +def test_set_initial_master_nodes(): + config = """ +roles: + - master +""" + r = helm_template(config) + env = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0]["env"] + assert { + "name": "cluster.initial_master_nodes", + "value": "elasticsearch-master-0," + + "elasticsearch-master-1," + + "elasticsearch-master-2,", + } in env + + for e in env: + assert e["name"] != "discovery.zen.minimum_master_nodes" + + +def test_dont_set_initial_master_nodes_if_not_master(): + config = """ +roles: + - data +""" + r = helm_template(config) + env = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0]["env"] + for e in env: + assert e["name"] != "cluster.initial_master_nodes" + + +def test_set_discovery_seed_host(): + config = """ +roles: + - master +""" + r = helm_template(config) + env = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0]["env"] + assert { + "name": "discovery.seed_hosts", + "value": "elasticsearch-master-headless", + } in env + + for e in env: + assert e["name"] != "discovery.zen.ping.unicast.hosts" + + +def test_adding_extra_env_vars(): + config = """ +extraEnvs: + - name: hello + value: world +""" + r = helm_template(config) + env = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0]["env"] + assert {"name": "hello", "value": "world"} in env + + +def test_adding_env_from(): + config = """ +envFrom: +- secretRef: + name: secret-name +""" + r = helm_template(config) + secretRef = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0][ + "envFrom" + ][0]["secretRef"] + assert secretRef == {"name": "secret-name"} + + +def test_adding_a_extra_volume_with_volume_mount(): + config = """ +extraVolumes: | + - name: extras + emptyDir: {} +extraVolumeMounts: | + - name: extras + mountPath: /usr/share/extras + readOnly: true +""" + r = helm_template(config) + extraVolume = r["statefulset"][uname]["spec"]["template"]["spec"]["volumes"] + assert {"name": "extras", "emptyDir": {}} in extraVolume + extraVolumeMounts = r["statefulset"][uname]["spec"]["template"]["spec"][ + "containers" + ][0]["volumeMounts"] + assert { + "name": "extras", + "mountPath": "/usr/share/extras", + "readOnly": True, + } in extraVolumeMounts + + +def test_adding_a_extra_volume_with_volume_mount_as_yaml(): + config = """ +extraVolumes: + - name: extras + emptyDir: {} +extraVolumeMounts: + - name: extras + mountPath: /usr/share/extras + readOnly: true +""" + r = helm_template(config) + extraVolume = r["statefulset"][uname]["spec"]["template"]["spec"]["volumes"] + assert {"name": "extras", "emptyDir": {}} in extraVolume + extraVolumeMounts = r["statefulset"][uname]["spec"]["template"]["spec"][ + "containers" + ][0]["volumeMounts"] + assert { + "name": "extras", + "mountPath": "/usr/share/extras", + "readOnly": True, + } in extraVolumeMounts + + +def test_adding_a_extra_container(): + config = """ +extraContainers: | + - name: do-something + image: busybox + command: ['do', 'something'] +""" + r = helm_template(config) + extraContainer = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraContainer + + +def test_adding_a_extra_container_as_yaml(): + config = """ +extraContainers: + - name: do-something + image: busybox + command: ['do', 'something'] +""" + r = helm_template(config) + extraContainer = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraContainer + + +def test_adding_a_extra_init_container(): + config = """ +extraInitContainers: | + - name: do-something + image: busybox + command: ['do', 'something'] +""" + r = helm_template(config) + extraInitContainer = r["statefulset"][uname]["spec"]["template"]["spec"][ + "initContainers" + ] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraInitContainer + + +def test_adding_a_extra_init_container_as_yaml(): + config = """ +extraInitContainers: + - name: do-something + image: busybox + command: ['do', 'something'] +""" + r = helm_template(config) + extraInitContainer = r["statefulset"][uname]["spec"]["template"]["spec"][ + "initContainers" + ] + assert { + "name": "do-something", + "image": "busybox", + "command": ["do", "something"], + } in extraInitContainer + + +def test_sysctl_init_container_disabled(): + config = """ +sysctlInitContainer: + enabled: false +""" + r = helm_template(config) + assert "initContainers" not in r["statefulset"][uname]["spec"]["template"]["spec"] + + +def test_sysctl_init_container_enabled(): + config = """ +sysctlInitContainer: + enabled: true +""" + r = helm_template(config) + initContainers = r["statefulset"][uname]["spec"]["template"]["spec"][ + "initContainers" + ] + assert initContainers[0]["name"] == "configure-sysctl" + + +def test_sysctl_init_container_image(): + config = """ +image: customImage +imageTag: 6.2.4 +imagePullPolicy: Never +sysctlInitContainer: + enabled: true +""" + r = helm_template(config) + initContainers = r["statefulset"][uname]["spec"]["template"]["spec"][ + "initContainers" + ] + assert initContainers[0]["image"] == "customImage:6.2.4" + assert initContainers[0]["imagePullPolicy"] == "Never" + + +def test_adding_storageclass_annotation_to_volumeclaimtemplate(): + config = """ +persistence: + annotations: + volume.beta.kubernetes.io/storage-class: id +""" + r = helm_template(config) + annotations = r["statefulset"][uname]["spec"]["volumeClaimTemplates"][0][ + "metadata" + ]["annotations"] + assert annotations["volume.beta.kubernetes.io/storage-class"] == "id" + + +def test_adding_multiple_persistence_annotations(): + config = """ + persistence: + annotations: + hello: world + world: hello + """ + r = helm_template(config) + annotations = r["statefulset"][uname]["spec"]["volumeClaimTemplates"][0][ + "metadata" + ]["annotations"] + + assert annotations["hello"] == "world" + assert annotations["world"] == "hello" + + +def test_enabling_persistence_label_in_volumeclaimtemplate(): + config = """ +persistence: + labels: + enabled: true +""" + r = helm_template(config) + volume_claim_template_labels = r["statefulset"][uname]["spec"][ + "volumeClaimTemplates" + ][0]["metadata"]["labels"] + statefulset_labels = r["statefulset"][uname]["metadata"]["labels"] + expected_labels = statefulset_labels + # heritage label shouldn't be present in volumeClaimTemplates labels + expected_labels.pop("heritage") + assert volume_claim_template_labels == expected_labels + + +def test_adding_a_secret_mount(): + config = """ +secretMounts: + - name: elastic-certificates + secretName: elastic-certs + path: /usr/share/elasticsearch/config/certs +""" + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + assert s["containers"][0]["volumeMounts"][-1] == { + "mountPath": "/usr/share/elasticsearch/config/certs", + "name": "elastic-certificates", + } + assert { + "name": "elastic-certificates", + "secret": {"secretName": "elastic-certs"}, + } in s["volumes"] + + +def test_adding_a_secret_mount_with_subpath(): + config = """ +secretMounts: + - name: elastic-certificates + secretName: elastic-certs + path: /usr/share/elasticsearch/config/certs + subPath: cert.crt +""" + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + assert s["containers"][0]["volumeMounts"][-1] == { + "mountPath": "/usr/share/elasticsearch/config/certs", + "subPath": "cert.crt", + "name": "elastic-certificates", + } + + +def test_adding_a_secret_mount_with_default_mode(): + config = """ +secretMounts: + - name: elastic-certificates + secretName: elastic-certs + path: /usr/share/elasticsearch/config/certs + subPath: cert.crt + defaultMode: 0755 +""" + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + assert s["containers"][0]["volumeMounts"][-1] == { + "mountPath": "/usr/share/elasticsearch/config/certs", + "subPath": "cert.crt", + "name": "elastic-certificates", + } + + +def test_adding_image_pull_secrets(): + config = """ +imagePullSecrets: + - name: test-registry +""" + r = helm_template(config) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["imagePullSecrets"][0][ + "name" + ] + == "test-registry" + ) + + +def test_adding_tolerations(): + config = """ +tolerations: +- key: "key1" + operator: "Equal" + value: "value1" + effect: "NoExecute" + tolerationSeconds: 3600 +""" + r = helm_template(config) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["tolerations"][0]["key"] + == "key1" + ) + + +def test_adding_pod_annotations(): + config = """ +podAnnotations: + iam.amazonaws.com/role: es-role +""" + r = helm_template(config) + assert ( + r["statefulset"][uname]["spec"]["template"]["metadata"]["annotations"][ + "iam.amazonaws.com/role" + ] + == "es-role" + ) + + +def test_adding_serviceaccount_annotations(): + config = """ +rbac: + create: true + serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount +""" + r = helm_template(config) + assert ( + r["serviceaccount"][uname]["metadata"]["annotations"][ + "eks.amazonaws.com/role-arn" + ] + == "arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount" + ) + + +def test_adding_a_node_selector(): + config = """ +nodeSelector: + disktype: ssd +""" + r = helm_template(config) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["nodeSelector"]["disktype"] + == "ssd" + ) + + +def test_adding_resources_to_initcontainer(): + config = """ +initResources: + limits: + cpu: "25m" + memory: "128Mi" + requests: + cpu: "25m" + memory: "128Mi" +""" + r = helm_template(config) + i = r["statefulset"][uname]["spec"]["template"]["spec"]["initContainers"][0] + + assert i["resources"] == { + "requests": {"cpu": "25m", "memory": "128Mi"}, + "limits": {"cpu": "25m", "memory": "128Mi"}, + } + + +def test_adding_a_node_affinity(): + config = """ +nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: mylabel + operator: In + values: + - myvalue +""" + r = helm_template(config) + assert r["statefulset"][uname]["spec"]["template"]["spec"]["affinity"][ + "nodeAffinity" + ] == { + "preferredDuringSchedulingIgnoredDuringExecution": [ + { + "weight": 100, + "preference": { + "matchExpressions": [ + {"key": "mylabel", "operator": "In", "values": ["myvalue"]} + ] + }, + } + ] + } + + +def test_adding_an_ingress_rule(): + config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - host: elasticsearch.elastic.co + paths: + - path: / + - host: '' + paths: + - path: / + - path: /mypath + servicePort: 8888 + - host: elasticsearch.hello.there + paths: + - path: / + servicePort: 9999 + tls: + - secretName: elastic-co-wildcard + hosts: + - elasticsearch.elastic.co +""" + + r = helm_template(config) + assert uname in r["ingress"] + i = r["ingress"][uname]["spec"] + assert i["tls"][0]["hosts"][0] == "elasticsearch.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "elasticsearch.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == uname + assert ( + i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 9200 + ) + assert i["rules"][1]["host"] == None + assert i["rules"][1]["http"]["paths"][0]["path"] == "/" + assert i["rules"][1]["http"]["paths"][0]["backend"]["service"]["name"] == uname + assert ( + i["rules"][1]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 9200 + ) + assert i["rules"][1]["http"]["paths"][1]["path"] == "/mypath" + assert i["rules"][1]["http"]["paths"][1]["backend"]["service"]["name"] == uname + assert ( + i["rules"][1]["http"]["paths"][1]["backend"]["service"]["port"]["number"] + == 8888 + ) + assert i["rules"][2]["host"] == "elasticsearch.hello.there" + assert i["rules"][2]["http"]["paths"][0]["path"] == "/" + assert i["rules"][2]["http"]["paths"][0]["backend"]["service"]["name"] == uname + assert ( + i["rules"][2]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 9999 + ) + + +def test_adding_a_deprecated_ingress_rule(): + config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + path: / + hosts: + - elasticsearch.elastic.co + tls: + - secretName: elastic-co-wildcard + hosts: + - elasticsearch.elastic.co +""" + + r = helm_template(config) + assert uname in r["ingress"] + i = r["ingress"][uname]["spec"] + assert i["tls"][0]["hosts"][0] == "elasticsearch.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "elasticsearch.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] == uname + assert ( + i["rules"][0]["http"]["paths"][0]["backend"]["service"]["port"]["number"] + == 9200 + ) + + +def test_changing_the_protocol(): + config = """ +protocol: https +""" + r = helm_template(config) + c = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0] + assert "https://127.0.0.1:9200" in c["readinessProbe"]["exec"]["command"][-1] + + +def test_changing_the_cluster_health_status(): + config = """ +clusterHealthCheckParams: 'wait_for_no_initializing_shards=true&timeout=60s' +""" + r = helm_template(config) + c = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0] + assert ( + "/_cluster/health?wait_for_no_initializing_shards=true&timeout=60s" + in c["readinessProbe"]["exec"]["command"][-1] + ) + + +def test_adding_in_es_config(): + config = """ +esConfig: + elasticsearch.yml: | + key: + nestedkey: value + dot.notation: test + + log4j2.properties: | + appender.rolling.name = rolling +""" + r = helm_template(config) + c = r["configmap"][uname + "-config"]["data"] + + assert "elasticsearch.yml" in c + assert "log4j2.properties" in c + + assert "nestedkey: value" in c["elasticsearch.yml"] + assert "dot.notation: test" in c["elasticsearch.yml"] + + assert "appender.rolling.name = rolling" in c["log4j2.properties"] + + s = r["statefulset"][uname]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": "elasticsearch-master-config"}, + "name": "esconfig", + } in s["volumes"] + assert { + "mountPath": "/usr/share/elasticsearch/config/elasticsearch.yml", + "name": "esconfig", + "subPath": "elasticsearch.yml", + } in s["containers"][0]["volumeMounts"] + assert { + "mountPath": "/usr/share/elasticsearch/config/log4j2.properties", + "name": "esconfig", + "subPath": "log4j2.properties", + } in s["containers"][0]["volumeMounts"] + + assert ( + "configchecksum" + in r["statefulset"][uname]["spec"]["template"]["metadata"]["annotations"] + ) + + +def test_adding_in_jvm_options(): + config = """ +esJvmOptions: + processors.options: | + -XX:ActiveProcessorCount=3 +""" + r = helm_template(config) + c = r["configmap"][uname + "-jvm-options"]["data"] + + assert "processors.options" in c + + assert "-XX:ActiveProcessorCount=3" in c["processors.options"] + + s = r["statefulset"][uname]["spec"]["template"]["spec"] + + assert { + "configMap": {"name": "elasticsearch-master-jvm-options"}, + "name": "esjvmoptions", + } in s["volumes"] + assert { + "mountPath": "/usr/share/elasticsearch/config/jvm.options.d/processors.options", + "name": "esjvmoptions", + "subPath": "processors.options", + } in s["containers"][0]["volumeMounts"] + + assert ( + "configchecksum" + in r["statefulset"][uname]["spec"]["template"]["metadata"]["annotations"] + ) + + +def test_dont_add_data_volume_when_persistance_is_disabled(): + config = """ +persistence: + enabled: false +""" + r = helm_template(config) + assert "volumeClaimTemplates" not in r["statefulset"][uname]["spec"] + assert { + "name": "elasticsearch-master", + "mountPath": "/usr/share/elasticsearch/data", + } not in r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0][ + "volumeMounts" + ] + + +def test_priority_class_name(): + config = """ +priorityClassName: "" +""" + r = helm_template(config) + spec = r["statefulset"][uname]["spec"]["template"]["spec"] + assert "priorityClassName" not in spec + + config = """ +priorityClassName: "highest" +""" + r = helm_template(config) + priority_class_name = r["statefulset"][uname]["spec"]["template"]["spec"][ + "priorityClassName" + ] + assert priority_class_name == "highest" + + +def test_scheduler_name(): + r = helm_template("") + spec = r["statefulset"][uname]["spec"]["template"]["spec"] + assert "schedulerName" not in spec + + config = """ +schedulerName: "stork" +""" + r = helm_template(config) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["schedulerName"] == "stork" + ) + + +def test_disabling_non_headless_service(): + config = "" + + r = helm_template(config) + + assert uname in r["service"] + + config = """ +service: + enabled: false +""" + + r = helm_template(config) + + assert uname not in r["service"] + + +def test_enabling_service_publishNotReadyAddresses(): + config = """ + service: + publishNotReadyAddresses: true + """ + + r = helm_template(config) + + assert r["service"][uname]["spec"]["publishNotReadyAddresses"] == True + + +def test_adding_a_nodePort(): + config = "" + + r = helm_template(config) + + assert "nodePort" not in r["service"][uname]["spec"]["ports"][0] + + config = """ + service: + nodePort: 30001 + """ + + r = helm_template(config) + + assert r["service"][uname]["spec"]["ports"][0]["nodePort"] == 30001 + + +def test_adding_a_loadBalancerIP(): + config = "" + + r = helm_template(config) + + assert "loadBalancerIP" not in r["service"][uname]["spec"] + + config = """ + service: + loadBalancerIP: 12.4.19.81 + """ + + r = helm_template(config) + + assert r["service"][uname]["spec"]["loadBalancerIP"] == "12.4.19.81" + + +def test_adding_an_externalTrafficPolicy(): + config = "" + + r = helm_template(config) + + assert "externalTrafficPolicy" not in r["service"][uname]["spec"] + + config = """ + service: + externalTrafficPolicy: Local + """ + + r = helm_template(config) + + assert r["service"][uname]["spec"]["externalTrafficPolicy"] == "Local" + + +def test_adding_a_label_on_non_headless_service(): + config = "" + + r = helm_template(config) + + assert "label1" not in r["service"][uname]["metadata"]["labels"] + + config = """ + service: + labels: + label1: value1 + """ + + r = helm_template(config) + + assert r["service"][uname]["metadata"]["labels"]["label1"] == "value1" + + +def test_adding_a_label_on_headless_service(): + config = "" + + r = helm_template(config) + + assert "label1" not in r["service"][uname + "-headless"]["metadata"]["labels"] + + config = """ + service: + labelsHeadless: + label1: value1 + """ + + r = helm_template(config) + + assert r["service"][uname + "-headless"]["metadata"]["labels"]["label1"] == "value1" + + +def test_adding_load_balancer_source_ranges(): + config = """ +service: + loadBalancerSourceRanges: + - 0.0.0.0/0 + """ + r = helm_template(config) + assert r["service"][uname]["spec"]["loadBalancerSourceRanges"][0] == "0.0.0.0/0" + + config = """ +service: + loadBalancerSourceRanges: + - 192.168.0.0/24 + - 192.168.1.0/24 + """ + r = helm_template(config) + ranges = r["service"][uname]["spec"]["loadBalancerSourceRanges"] + assert ranges[0] == "192.168.0.0/24" + assert ranges[1] == "192.168.1.0/24" + + +def test_lifecycle_hooks(): + config = "" + r = helm_template(config) + c = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0] + assert "lifecycle" not in c + + config = """ + lifecycle: + preStop: + exec: + command: ["/bin/bash","/preStop"] + """ + r = helm_template(config) + c = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0] + + assert c["lifecycle"]["preStop"]["exec"]["command"] == ["/bin/bash", "/preStop"] + + +def test_esMajorVersion_detect_default_version(): + config = "" + + r = helm_template(config) + assert r["statefulset"][uname]["metadata"]["annotations"]["esMajorVersion"] == "8" + + +def test_esMajorVersion_default_to_8_if_not_elastic_image(): + config = """ + image: notElastic + imageTag: 1.0.0 + """ + + r = helm_template(config) + assert r["statefulset"][uname]["metadata"]["annotations"]["esMajorVersion"] == "8" + + +def test_esMajorVersion_default_to_8_if_no_version_is_found(): + config = """ + imageTag: not_a_number + """ + + r = helm_template(config) + assert r["statefulset"][uname]["metadata"]["annotations"]["esMajorVersion"] == "8" + + +def test_esMajorVersion_always_wins(): + config = """ + esMajorVersion: 7 + imageTag: 8.0.0 + """ + + r = helm_template(config) + assert r["statefulset"][uname]["metadata"]["annotations"]["esMajorVersion"] == "7" + + +def test_set_pod_security_context(): + config = "" + r = helm_template(config) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["securityContext"][ + "fsGroup" + ] + == 1000 + ) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["securityContext"][ + "runAsUser" + ] + == 1000 + ) + + config = """ + podSecurityContext: + fsGroup: 1001 + other: test + """ + + r = helm_template(config) + + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["securityContext"][ + "fsGroup" + ] + == 1001 + ) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["securityContext"]["other"] + == "test" + ) + + +def test_fsGroup_backwards_compatability(): + config = """ + fsGroup: 1001 + """ + + r = helm_template(config) + + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["securityContext"][ + "fsGroup" + ] + == 1001 + ) + + +def test_set_container_security_context(): + config = "" + + r = helm_template(config) + c = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0] + assert c["securityContext"]["capabilities"]["drop"] == ["ALL"] + assert c["securityContext"]["runAsNonRoot"] == True + assert c["securityContext"]["runAsUser"] == 1000 + + config = """ + securityContext: + runAsUser: 1001 + other: test + """ + + r = helm_template(config) + c = r["statefulset"][uname]["spec"]["template"]["spec"]["containers"][0] + assert c["securityContext"]["capabilities"]["drop"] == ["ALL"] + assert c["securityContext"]["runAsNonRoot"] == True + assert c["securityContext"]["runAsUser"] == 1001 + assert c["securityContext"]["other"] == "test" + + +def test_adding_pod_labels(): + config = """ +labels: + app.kubernetes.io/name: elasticsearch +""" + r = helm_template(config) + assert ( + r["statefulset"][uname]["metadata"]["labels"]["app.kubernetes.io/name"] + == "elasticsearch" + ) + assert ( + r["statefulset"][uname]["spec"]["template"]["metadata"]["labels"][ + "app.kubernetes.io/name" + ] + == "elasticsearch" + ) + + +def test_keystore_enable(): + config = """ +keystore: + - secretName: test + """ + + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + + assert {"name": "keystore", "emptyDir": {}} in s["volumes"] + + +def test_keystore_init_container(): + config = "" + + r = helm_template(config) + i = r["statefulset"][uname]["spec"]["template"]["spec"]["initContainers"][-1] + + assert i["name"] != "keystore" + + config = """ +keystore: + - secretName: test + """ + + r = helm_template(config) + i = r["statefulset"][uname]["spec"]["template"]["spec"]["initContainers"][-1] + + assert i["name"] == "keystore" + + +def test_keystore_init_container_image(): + config = """ +image: customImage +imageTag: 6.2.4 +imagePullPolicy: Never +keystore: + - secretName: test +""" + r = helm_template(config) + i = r["statefulset"][uname]["spec"]["template"]["spec"]["initContainers"][-1] + assert i["image"] == "customImage:6.2.4" + assert i["imagePullPolicy"] == "Never" + + +def test_keystore_mount(): + config = """ +keystore: + - secretName: test +""" + + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + assert s["containers"][0]["volumeMounts"][-1] == { + "mountPath": "/usr/share/elasticsearch/config/elasticsearch.keystore", + "subPath": "elasticsearch.keystore", + "name": "keystore", + } + + +def test_keystore_init_volume_mounts(): + config = """ +keystore: + - secretName: test + - secretName: test-with-custom-path + items: + - key: slack_url + path: xpack.notification.slack.account.otheraccount.secure_url +""" + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + assert s["initContainers"][-1]["volumeMounts"] == [ + {"mountPath": "/tmp/keystore", "name": "keystore"}, + {"mountPath": "/tmp/keystoreSecrets/test", "name": "keystore-test"}, + { + "mountPath": "/tmp/keystoreSecrets/test-with-custom-path", + "name": "keystore-test-with-custom-path", + }, + ] + + +def test_keystore_volumes(): + config = """ +keystore: + - secretName: test + - secretName: test-with-custom-path + items: + - key: slack_url + path: xpack.notification.slack.account.otheraccount.secure_url +""" + r = helm_template(config) + s = r["statefulset"][uname]["spec"]["template"]["spec"] + + assert {"name": "keystore-test", "secret": {"secretName": "test"}} in s["volumes"] + + assert { + "name": "keystore-test-with-custom-path", + "secret": { + "secretName": "test-with-custom-path", + "items": [ + { + "key": "slack_url", + "path": "xpack.notification.slack.account.otheraccount.secure_url", + } + ], + }, + } in s["volumes"] + + +def test_pod_security_policy(): + ## Make sure the default config is not creating any resources + config = "" + resources = ("role", "rolebinding", "serviceaccount", "podsecuritypolicy") + r = helm_template(config) + for resource in resources: + assert resource not in r + assert ( + "serviceAccountName" not in r["statefulset"][uname]["spec"]["template"]["spec"] + ) + + ## Make sure all the resources are created with default values + config = """ +rbac: + create: true + serviceAccountName: "" + +podSecurityPolicy: + create: true + name: "" +""" + r = helm_template(config) + for resource in resources: + assert resource in r + assert r["role"][uname]["rules"][0] == { + "apiGroups": ["extensions"], + "verbs": ["use"], + "resources": ["podsecuritypolicies"], + "resourceNames": [uname], + } + assert r["rolebinding"][uname]["subjects"] == [ + {"kind": "ServiceAccount", "namespace": "default", "name": uname} + ] + assert r["rolebinding"][uname]["roleRef"] == { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Role", + "name": uname, + } + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["serviceAccountName"] + == uname + ) + psp_spec = r["podsecuritypolicy"][uname]["spec"] + assert psp_spec["privileged"] is True + + +def test_external_pod_security_policy(): + ## Make sure we can use an externally defined pod security policy + config = """ +rbac: + create: true + serviceAccountName: "" + +podSecurityPolicy: + create: false + name: "customPodSecurityPolicy" +""" + resources = ("role", "rolebinding") + r = helm_template(config) + for resource in resources: + assert resource in r + + assert r["role"][uname]["rules"][0] == { + "apiGroups": ["extensions"], + "verbs": ["use"], + "resources": ["podsecuritypolicies"], + "resourceNames": ["customPodSecurityPolicy"], + } + + +def test_external_service_account(): + ## Make sure we can use an externally defined service account + config = """ +rbac: + create: false + serviceAccountName: "customServiceAccountName" + +podSecurityPolicy: + create: false + name: "" +""" + resources = ("role", "rolebinding", "serviceaccount") + r = helm_template(config) + + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"]["serviceAccountName"] + == "customServiceAccountName" + ) + # When referencing an external service account we do not want any resources to be created. + for resource in resources: + assert resource not in r + + +def test_name_override(): + ## Make sure we can use a name override + config = """ +nameOverride: "customName" +""" + r = helm_template(config) + + assert "customName-master" in r["statefulset"] + assert "customName-master" in r["service"] + + +def test_full_name_override(): + ## Make sure we can use a full name override + config = """ +fullnameOverride: "customfullName" +""" + r = helm_template(config) + + assert "customfullName" in r["statefulset"] + assert "customfullName" in r["service"] + + +def test_initial_master_nodes_when_using_full_name_override(): + config = """ +fullnameOverride: "customfullName" +""" + r = helm_template(config) + env = r["statefulset"]["customfullName"]["spec"]["template"]["spec"]["containers"][ + 0 + ]["env"] + assert { + "name": "cluster.initial_master_nodes", + "value": "customfullName-0," + "customfullName-1," + "customfullName-2,", + } in env + + +def test_hostaliases(): + config = """ +hostAliases: +- ip: "127.0.0.1" + hostnames: + - "foo.local" + - "bar.local" +""" + r = helm_template(config) + hostAliases = r["statefulset"][uname]["spec"]["template"]["spec"]["hostAliases"] + assert {"ip": "127.0.0.1", "hostnames": ["foo.local", "bar.local"]} in hostAliases + + +def test_network_policy(): + config = """ +networkPolicy: + http: + enabled: true + explicitNamespacesSelector: + # Accept from namespaces with all those different rules (from whitelisted Pods) + matchLabels: + role: frontend-http + matchExpressions: + - {key: role, operator: In, values: [frontend-http]} + additionalRules: + - podSelector: + matchLabels: + role: frontend-http + - podSelector: + matchExpressions: + - key: role + operator: In + values: + - frontend-http + transport: + enabled: true + allowExternal: true + explicitNamespacesSelector: + matchLabels: + role: frontend-transport + matchExpressions: + - {key: role, operator: In, values: [frontend-transport]} + additionalRules: + - podSelector: + matchLabels: + role: frontend-transport + - podSelector: + matchExpressions: + - key: role + operator: In + values: + - frontend-transport + +""" + r = helm_template(config) + ingress = r["networkpolicy"][uname]["spec"]["ingress"] + pod_selector = r["networkpolicy"][uname]["spec"]["podSelector"] + http = ingress[0] + transport = ingress[1] + assert http["from"] == [ + { + "podSelector": { + "matchLabels": {"elasticsearch-master-http-client": "true"} + }, + "namespaceSelector": { + "matchExpressions": [ + {"key": "role", "operator": "In", "values": ["frontend-http"]} + ], + "matchLabels": {"role": "frontend-http"}, + }, + }, + {"podSelector": {"matchLabels": {"role": "frontend-http"}}}, + { + "podSelector": { + "matchExpressions": [ + {"key": "role", "operator": "In", "values": ["frontend-http"]} + ] + } + }, + ] + assert http["ports"][0]["port"] == 9200 + assert transport["from"] == [ + { + "podSelector": { + "matchLabels": {"elasticsearch-master-transport-client": "true"} + }, + "namespaceSelector": { + "matchExpressions": [ + {"key": "role", "operator": "In", "values": ["frontend-transport"]} + ], + "matchLabels": {"role": "frontend-transport"}, + }, + }, + {"podSelector": {"matchLabels": {"role": "frontend-transport"}}}, + { + "podSelector": { + "matchExpressions": [ + {"key": "role", "operator": "In", "values": ["frontend-transport"]} + ] + } + }, + {"podSelector": {"matchLabels": {"app": "elasticsearch-master"}}}, + ] + assert transport["ports"][0]["port"] == 9300 + assert pod_selector == { + "matchLabels": { + "app": "elasticsearch-master", + } + } + + +def test_default_automount_sa_token(): + config = """ +""" + r = helm_template(config) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"][ + "automountServiceAccountToken" + ] + == True + ) + + +def test_disable_automount_sa_token(): + config = """ +rbac: + automountToken: false +""" + r = helm_template(config) + assert ( + r["statefulset"][uname]["spec"]["template"]["spec"][ + "automountServiceAccountToken" + ] + == False + ) diff --git a/packer/ansible/roles/helm_install/files/elasticsearch/values.yaml b/packer/ansible/roles/helm_install/files/elasticsearch/values.yaml new file mode 100644 index 0000000..04e509f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/elasticsearch/values.yaml @@ -0,0 +1,356 @@ +--- +clusterName: "elasticsearch" +nodeGroup: "master" + +# The service that non master groups will try to connect to when joining the cluster +# This should be set to clusterName + "-" + nodeGroup for your master group +masterService: "" + +# Elasticsearch roles that will be applied to this nodeGroup +# These will be set as environment variables. E.g. node.roles=master +# https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html#node-roles +roles: + - master + - data + - data_content + - data_hot + - data_warm + - data_cold + - ingest + - ml + - remote_cluster_client + - transform + +replicas: 3 +minimumMasterNodes: 2 + +esMajorVersion: "" + +# Allows you to add any config files in /usr/share/elasticsearch/config/ +# such as elasticsearch.yml and log4j2.properties +esConfig: {} +# elasticsearch.yml: | +# key: +# nestedkey: value +# log4j2.properties: | +# key = value + +createCert: true + +esJvmOptions: {} +# processors.options: | +# -XX:ActiveProcessorCount=3 + +# Extra environment variables to append to this nodeGroup +# This will be appended to the current 'env:' key. You can use any of the kubernetes env +# syntax here +extraEnvs: [] +# - name: MY_ENVIRONMENT_VAR +# value: the_value_goes_here + +# Allows you to load environment variables from kubernetes secret or config map +envFrom: [] +# - secretRef: +# name: env-secret +# - configMapRef: +# name: config-map + +# Disable it to use your own elastic-credential Secret. +secret: + enabled: true + password: "" # generated randomly if not defined + +# A list of secrets and their paths to mount inside the pod +# This is useful for mounting certificates for security and for mounting +# the X-Pack license +secretMounts: [] +# - name: elastic-certificates +# secretName: elastic-certificates +# path: /usr/share/elasticsearch/config/certs +# defaultMode: 0755 + +hostAliases: [] +#- ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" + +image: "docker.elastic.co/elasticsearch/elasticsearch" +imageTag: "8.4.1" +imagePullPolicy: "IfNotPresent" + +podAnnotations: {} +# iam.amazonaws.com/role: es-cluster + +# additionals labels +labels: {} + +esJavaOpts: "" # example: "-Xmx1g -Xms1g" + +resources: + requests: + cpu: "1000m" + memory: "2Gi" + limits: + cpu: "1000m" + memory: "2Gi" + +initResources: {} +# limits: +# cpu: "25m" +# # memory: "128Mi" +# requests: +# cpu: "25m" +# memory: "128Mi" + +networkHost: "0.0.0.0" + +volumeClaimTemplate: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 30Gi + +rbac: + create: false + serviceAccountAnnotations: {} + serviceAccountName: "" + automountToken: true + +podSecurityPolicy: + create: false + name: "" + spec: + privileged: true + fsGroup: + rule: RunAsAny + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - persistentVolumeClaim + - emptyDir + +persistence: + enabled: true + labels: + # Add default labels for the volumeClaimTemplate of the StatefulSet + enabled: false + annotations: {} + +extraVolumes: [] +# - name: extras +# emptyDir: {} + +extraVolumeMounts: [] +# - name: extras +# mountPath: /usr/share/extras +# readOnly: true + +extraContainers: [] +# - name: do-something +# image: busybox +# command: ['do', 'something'] + +extraInitContainers: [] +# - name: do-something +# image: busybox +# command: ['do', 'something'] + +# This is the PriorityClass settings as defined in +# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +priorityClassName: "" + +# By default this will make sure two pods don't end up on the same node +# Changing this to a region would allow you to spread pods across regions +antiAffinityTopologyKey: "kubernetes.io/hostname" + +# Hard means that by default pods will only be scheduled if there are enough nodes for them +# and that they will never end up on the same node. Setting this to soft will do this "best effort" +antiAffinity: "hard" + +# This is the node affinity settings as defined in +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature +nodeAffinity: {} + +# The default is to deploy all pods serially. By setting this to parallel all pods are started at +# the same time when bootstrapping the cluster +podManagementPolicy: "Parallel" + +# The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when +# there are many services in the current namespace. +# If you experience slow pod startups you probably want to set this to `false`. +enableServiceLinks: true + +protocol: https +httpPort: 9200 +transportPort: 9300 + +service: + enabled: true + labels: {} + labelsHeadless: {} + type: ClusterIP + # Consider that all endpoints are considered "ready" even if the Pods themselves are not + # https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec + publishNotReadyAddresses: false + nodePort: "" + annotations: {} + httpPortName: http + transportPortName: transport + loadBalancerIP: "" + loadBalancerSourceRanges: [] + externalTrafficPolicy: "" + +updateStrategy: RollingUpdate + +# This is the max unavailable setting for the pod disruption budget +# The default value of 1 will make sure that kubernetes won't allow more than 1 +# of your pods to be unavailable during maintenance +maxUnavailable: 1 + +podSecurityContext: + fsGroup: 1000 + runAsUser: 1000 + +securityContext: + capabilities: + drop: + - ALL + # readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + +# How long to wait for elasticsearch to stop gracefully +terminationGracePeriod: 120 + +sysctlVmMaxMapCount: 262144 + +readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 3 + timeoutSeconds: 5 + +# https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params wait_for_status +clusterHealthCheckParams: "wait_for_status=green&timeout=1s" + +## Use an alternate scheduler. +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" + +imagePullSecrets: [] +nodeSelector: {} +tolerations: [] + +# Enabling this will publicly expose your Elasticsearch instance. +# Only enable this if you have security enabled on your cluster +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + className: "nginx" + pathtype: ImplementationSpecific + hosts: + - host: chart-example.local + paths: + - path: / + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +nameOverride: "" +fullnameOverride: "" +healthNameOverride: "" + +lifecycle: {} +# preStop: +# exec: +# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] +# postStart: +# exec: +# command: +# - bash +# - -c +# - | +# #!/bin/bash +# # Add a template to adjust number of shards/replicas +# TEMPLATE_NAME=my_template +# INDEX_PATTERN="logstash-*" +# SHARD_COUNT=8 +# REPLICA_COUNT=1 +# ES_URL=http://localhost:9200 +# while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done +# curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}' + +sysctlInitContainer: + enabled: true + +keystore: [] + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## In order for a Pod to access Elasticsearch, it needs to have the following label: + ## {{ template "uname" . }}-client: "true" + ## Example for default configuration to access HTTP port: + ## elasticsearch-master-http-client: "true" + ## Example for default configuration to access transport port: + ## elasticsearch-master-transport-client: "true" + + http: + enabled: false + ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace + ## and matching all criteria can reach the DB. + ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this + ## parameter to select these namespaces + ## + # explicitNamespacesSelector: + # # Accept from namespaces with all those different rules (only from whitelisted Pods) + # matchLabels: + # role: frontend + # matchExpressions: + # - {key: role, operator: In, values: [frontend]} + + ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. + ## + # additionalRules: + # - podSelector: + # matchLabels: + # role: frontend + # - podSelector: + # matchExpressions: + # - key: role + # operator: In + # values: + # - frontend + + transport: + ## Note that all Elasticsearch Pods can talk to themselves using transport port even if enabled. + enabled: false + # explicitNamespacesSelector: + # matchLabels: + # role: frontend + # matchExpressions: + # - {key: role, operator: In, values: [frontend]} + # additionalRules: + # - podSelector: + # matchLabels: + # role: frontend + # - podSelector: + # matchExpressions: + # - key: role + # operator: In + # values: + # - frontend + +tests: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/.helmignore b/packer/ansible/roles/helm_install/files/ingress-nginx/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/CHANGELOG.md b/packer/ansible/roles/helm_install/files/ingress-nginx/CHANGELOG.md new file mode 100644 index 0000000..27a52e8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/CHANGELOG.md @@ -0,0 +1,445 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.2.1 + +- The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1 +- "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" + +### 4.2.0 + +- Support for Kubernetes v1.19.0 was removed +- "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0" +- "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name" +- "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1" +- "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16" +- "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process" +- "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix" +- "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check" +- "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16" +- "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0" +- "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process" +- "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable" +- "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15" +- "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2" +- "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format" +- "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API" +- "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide" +- "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs" +- "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14" +- "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0" +- "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5" +- "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement" +- "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver" +- "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step" +- "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha" +- "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path" +- "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases" +- "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds" +- "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps" +- "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)" +- "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard" +- "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0" +- "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2" +- "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos" +- "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it" +- "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0" +- "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0" +- "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3" +- "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1" + +### 4.1.2 + +- "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed" +- "[8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter" +- "[8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart" + +### 4.1.0 + +- "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script" +- "[8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6" +- "[8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod" +- "[8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty" +- "[8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector" +- "[8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies" +- "[8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md" +- "[8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing" +- "[8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist" +- "[8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one" +- "[8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement" +- "[8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation" +- "[8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0" + +### 4.0.18 + +- "[8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build" +- "[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build" +- "[8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge" +- "[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241" +- "[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts" +- "[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error" +- "[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation" +- "[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric" +- "[8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code." +- "[8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image" +- "[8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests" +- "[8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint" +- "[8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1" +- "[8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0" +- "[8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint" +- "[8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial" +- "[8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera" +- "[8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment" +- "[8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation" +- "[8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell" +- "[8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor" +- "[8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations" +- "[8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0" +- "[8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account" +- "[8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description" +- "[8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests" +- "[8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values" +- "[8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1" +- "[8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs" +- "[8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits" +- "[8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations" +- "[8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT" + + +### 4.0.15 + +- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1 +- [8119] https://github.com/kubernetes/ingress-nginx/pull/8119 Update to go v1.17.6 +- [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs +- [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors +- [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release +- [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparision of P… +- [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch +- [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable +- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart +- [8058] https://github.com/kubernetes/ingress-nginx/pull/8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 +- [8054] https://github.com/kubernetes/ingress-nginx/pull/8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0 +- [8051] https://github.com/kubernetes/ingress-nginx/pull/8051 align bug report with feature request regarding kind documentation +- [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045) +- [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues +- [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543 +- [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executible name +- [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners +- [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option +- [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags +- [8021] https://github.com/kubernetes/ingress-nginx/pull/8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified +- [8019] https://github.com/kubernetes/ingress-nginx/pull/8019 Revise main documentation page +- [8018] https://github.com/kubernetes/ingress-nginx/pull/8018 Preserve order of plugin invocation +- [8015] https://github.com/kubernetes/ingress-nginx/pull/8015 Add newline indenting to admission webhook annotations +- [8014] https://github.com/kubernetes/ingress-nginx/pull/8014 Add link to example error page manifest in docs +- [8009] https://github.com/kubernetes/ingress-nginx/pull/8009 Fix spelling in documentation and top-level files +- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml +- [8003] https://github.com/kubernetes/ingress-nginx/pull/8003 Minor improvements (formatting, consistency) in install guide +- [8001] https://github.com/kubernetes/ingress-nginx/pull/8001 fix: go-grpc Dockerfile +- [7999] https://github.com/kubernetes/ingress-nginx/pull/7999 images: use k8s-staging-test-infra/gcb-docker-gcloud +- [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement +- [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation. +- [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs +- [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to defaul server +- [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog +- [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition + +### 4.0.14 + +- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md + +### 4.0.13 + +- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml + +### 4.0.12 + +- [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs + +### 4.0.11 + +- [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional. + +### 4.0.10 + +- [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0 + +### 4.0.9 + +- [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources + +### 4.0.7 + +- [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx +- [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service + +### 4.0.6 + +- [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx +- [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart +- [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode +- [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1 + +### 4.0.5 + +- [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx + +### 4.0.3 + +- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx + +### 4.0.2 + +- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx + +### 4.0.1 + +- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx + +### 3.34.0 + +- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates + +### 3.33.0 + +- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1 + +### 3.32.0 + +- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA + +### 3.31.0 + +- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes + +### 3.30.0 + +- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints + +### 3.29.0 + +- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor + +### 3.28.0 + +- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs + +### 3.27.0 + +- Update ingress-nginx v0.45.0 + +### 3.26.0 + +- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics + +### 3.25.0 + +- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken + +### 3.24.0 + +- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment + +### 3.23.0 + +- Update ingress-nginx v0.44.0 + +### 3.22.0 + +- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file +- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart + +### 3.21.0 + +- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject +- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values +- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled +- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1 + +### 3.20.1 + +- Do not create KEDA in case of DaemonSets. +- Fix KEDA v2 definition + +### 3.20.0 + +- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled. + +### 3.19.0 + +- Update ingress-nginx v0.43.0 + +### 3.18.0 + +- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy +- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters + +### 3.17.0 + +- Update ingress-nginx v0.42.0 + +### 3.16.1 + +- Fix chart-releaser action + +### 3.16.0 + +- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service + +### 3.15.1 + +- Fix chart-releaser action + +### 3.15.0 + +- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml + +### 3.14.0 + +- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend + +### 3.13.0 + +- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable + +### 3.12.0 + +- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs + +### 3.11.1 + +- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling + +### 3.11.0 + +- Support Keda Autoscaling + +### 3.10.1 + +- Fix regression introduced in 0.41.0 with external authentication + +### 3.10.0 + +- Fix routing regression introduced in 0.41.0 with PathType Exact + +### 3.9.0 + +- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling + +### 3.8.0 + +- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image +- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs +- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend +- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations +- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog + +### 3.7.1 + +- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart + +### 3.7.0 + +- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315) + +### 3.6.0 + +- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector + +### 3.5.1 + +- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release + +### 3.5.0 + +- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations + +### 3.4.0 + +- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288 + +### 3.3.1 + +- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart +- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link +- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0 + +### 3.3.1 + +- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test + +### 3.3.0 + +- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values +- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort +- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression +- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules + +### 3.0.0 + +- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements + +### 2.16.0 + +- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller + +### 2.15.0 + +- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec + +### 2.14.0 + +- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration + +### 2.13.0 + +- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 + +### 2.13.0 + +- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 +- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip + +### 2.12.1 + +- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples + +### 2.12.0 + +- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels +- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting + +### 2.11.3 + +- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH + +### 2.11.2 + +- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version + +### 2.11.1 + +- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1 + +### 2.11.0 + +- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0 +- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe + +### 2.10.0 + +- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image + +### 2.9.1 + +- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823) + +### 2.9.0 + +- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues + + +### TODO + +Keep building the changelog using *git log charts* checking the tag diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/Chart.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/Chart.yaml new file mode 100644 index 0000000..55c0b54 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + artifacthub.io/changes: | + - "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" + - "fix permissions about configmap" + artifacthub.io/prerelease: "false" +apiVersion: v2 +appVersion: 1.3.1 +description: Ingress controller for Kubernetes using NGINX as a reverse proxy and + load balancer +home: https://github.com/kubernetes/ingress-nginx +icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png +keywords: +- ingress +- nginx +kubeVersion: '>=1.20.0-0' +maintainers: +- name: rikatz +- name: strongjz +- name: tao12345666333 +name: ingress-nginx +sources: +- https://github.com/kubernetes/ingress-nginx +version: 4.2.5 diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/OWNERS b/packer/ansible/roles/helm_install/files/ingress-nginx/OWNERS new file mode 100644 index 0000000..6b7e049 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/OWNERS @@ -0,0 +1,10 @@ +# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md + +approvers: +- ingress-nginx-helm-maintainers + +reviewers: +- ingress-nginx-helm-reviewers + +labels: +- area/helm diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/README.md b/packer/ansible/roles/helm_install/files/ingress-nginx/README.md new file mode 100644 index 0000000..4e6a696 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/README.md @@ -0,0 +1,494 @@ +# ingress-nginx + +[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer + +![Version: 4.2.5](https://img.shields.io/badge/Version-4.2.5-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) + +To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. + +This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Chart version 3.x.x: Kubernetes v1.16+ +- Chart version 4.x.x and above: Kubernetes v1.19+ + +## Get Repo Info + +```console +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update +``` + +## Install Chart + +**Important:** only helm3 is supported + +```console +helm install [RELEASE_NAME] ingress-nginx/ingress-nginx +``` + +The command deploys ingress-nginx on the Kubernetes cluster in the default configuration. + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading With Zero Downtime in Production + +By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8). + +### Migrating from stable/nginx-ingress + +There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: + +1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one +1. For critical services in production that require zero-downtime, you will want to: + 1. [Install](#install-chart) a second Ingress controller + 1. Redirect your DNS traffic from the old controller to the new controller + 1. Log traffic from both controllers during this changeover + 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it + 1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production) + +Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +helm show values ingress-nginx/ingress-nginx +``` + +### PodDisruptionBudget + +Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one, +else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info. + +### Prometheus Metrics + +The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. + +You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. +Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) + +### ingress-nginx nginx\_status page/stats server + +Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: + +- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed +- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. + You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server + +### ExternalDNS Service Configuration + +Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service: + +```yaml +controller: + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com. +``` + +### AWS L7 ELB with SSL Termination + +Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml): + +```yaml +controller: + service: + targetPorts: + http: http + https: http + annotations: + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' +``` + +### AWS route53-mapper + +To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label: + +```yaml +controller: + service: + labels: + dns: "route53" + annotations: + domainName: "kubernetes-example.com" +``` + +### Additional Internal Load Balancer + +This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. + +By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL. + +You'll need to set both the following values: + +`controller.service.internal.enabled` +`controller.service.internal.annotations` + +If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken. + +`controller.service.internal.annotations` varies with the cloud service you're using. + +Example for AWS: + +```yaml +controller: + service: + internal: + enabled: true + annotations: + # Create internal ELB + service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +Example for GCE: + +```yaml +controller: + service: + internal: + enabled: true + annotations: + # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing + # For GKE versions 1.17 and later + networking.gke.io/load-balancer-type: "Internal" + # For earlier versions + # cloud.google.com/load-balancer-type: "Internal" + + # Any other annotation can be declared here. +``` + +Example for Azure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +Example for Oracle Cloud Infrastructure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/oci-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object. + +Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`. + +### Ingress Admission Webhooks + +With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. +**This feature is enabled by default since 0.31.0.** + +With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) + +### Helm Error When Upgrading: spec.clusterIP: Invalid value: "" + +If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this: + +```console +Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable +``` + +Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error. + +As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. + +## Requirements + +Kubernetes: `>=1.20.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commonLabels | object | `{}` | | +| controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers | +| controller.admissionWebhooks.annotations | object | `{}` | | +| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | +| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | +| controller.admissionWebhooks.enabled | bool | `true` | | +| controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one | +| controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set | +| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use | +| controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | | +| controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks | +| controller.admissionWebhooks.namespaceSelector | object | `{}` | | +| controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | +| controller.admissionWebhooks.objectSelector | object | `{}` | | +| controller.admissionWebhooks.patch.enabled | bool | `true` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47"` | | +| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | +| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | +| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v1.3.0"` | | +| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | +| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | +| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | +| controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` | | +| controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` | | +| controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | +| controller.admissionWebhooks.patch.tolerations | list | `[]` | | +| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | +| controller.admissionWebhooks.port | int | `8443` | | +| controller.admissionWebhooks.service.annotations | object | `{}` | | +| controller.admissionWebhooks.service.externalIPs | list | `[]` | | +| controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | | +| controller.admissionWebhooks.service.servicePort | int | `443` | | +| controller.admissionWebhooks.service.type | string | `"ClusterIP"` | | +| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | +| controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected | +| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # | +| controller.autoscaling.behavior | object | `{}` | | +| controller.autoscaling.enabled | bool | `false` | | +| controller.autoscaling.maxReplicas | int | `11` | | +| controller.autoscaling.minReplicas | int | `1` | | +| controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | | +| controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | +| controller.autoscalingTemplate | list | `[]` | | +| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ | +| controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. | +| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) | +| controller.containerName | string | `"controller"` | Configures the controller container name | +| controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on | +| controller.customTemplate.configMapKey | string | `""` | | +| controller.customTemplate.configMapName | string | `""` | | +| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | +| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | +| controller.electionID | string | `"ingress-controller-leader"` | Election ID to use for status update | +| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | +| controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | +| controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | +| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | +| controller.extraEnvs | list | `[]` | Additional environment variables to set | +| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. | +| controller.extraModules | list | `[]` | | +| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. | +| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. | +| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the ingress nginx controller is running in the `hostNetwork: true` mode. | +| controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. | +| controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged | +| controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not | +| controller.hostPort.ports.http | int | `80` | 'hostPort' http port | +| controller.hostPort.ports.https | int | `443` | 'hostPort' https port | +| controller.hostname | object | `{}` | Optionally customize the pod hostname. | +| controller.image.allowPrivilegeEscalation | bool | `true` | | +| controller.image.chroot | bool | `false` | | +| controller.image.digest | string | `"sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974"` | | +| controller.image.digestChroot | string | `"sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1"` | | +| controller.image.image | string | `"ingress-nginx/controller"` | | +| controller.image.pullPolicy | string | `"IfNotPresent"` | | +| controller.image.registry | string | `"registry.k8s.io"` | | +| controller.image.runAsUser | int | `101` | | +| controller.image.tag | string | `"v1.3.1"` | | +| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | +| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | +| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | +| controller.ingressClassResource.default | bool | `false` | Is this the default ingressClass for the cluster | +| controller.ingressClassResource.enabled | bool | `true` | Is this ingressClass enabled or not | +| controller.ingressClassResource.name | string | `"nginx"` | Name of the ingressClass | +| controller.ingressClassResource.parameters | object | `{}` | Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters. | +| controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` | | +| controller.keda.behavior | object | `{}` | | +| controller.keda.cooldownPeriod | int | `300` | | +| controller.keda.enabled | bool | `false` | | +| controller.keda.maxReplicas | int | `11` | | +| controller.keda.minReplicas | int | `1` | | +| controller.keda.pollingInterval | int | `30` | | +| controller.keda.restoreToOriginalReplicaCount | bool | `false` | | +| controller.keda.scaledObject.annotations | object | `{}` | | +| controller.keda.triggers | list | `[]` | | +| controller.kind | string | `"Deployment"` | Use a `DaemonSet` or `Deployment` | +| controller.labels | object | `{}` | Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels # | +| controller.lifecycle | object | `{"preStop":{"exec":{"command":["/wait-shutdown"]}}}` | Improve connection draining when ingress controller pod is deleted using a lifecycle hook: With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds to 300, allowing the draining of connections up to five minutes. If the active connections end before that, the pod will terminate gracefully at that time. To effectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is 240s instead of 10s. # | +| controller.livenessProbe.failureThreshold | int | `5` | | +| controller.livenessProbe.httpGet.path | string | `"/healthz"` | | +| controller.livenessProbe.httpGet.port | int | `10254` | | +| controller.livenessProbe.httpGet.scheme | string | `"HTTP"` | | +| controller.livenessProbe.initialDelaySeconds | int | `10` | | +| controller.livenessProbe.periodSeconds | int | `10` | | +| controller.livenessProbe.successThreshold | int | `1` | | +| controller.livenessProbe.timeoutSeconds | int | `1` | | +| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | +| controller.metrics.enabled | bool | `false` | | +| controller.metrics.port | int | `10254` | | +| controller.metrics.prometheusRule.additionalLabels | object | `{}` | | +| controller.metrics.prometheusRule.enabled | bool | `false` | | +| controller.metrics.prometheusRule.rules | list | `[]` | | +| controller.metrics.service.annotations | object | `{}` | | +| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | +| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | | +| controller.metrics.service.servicePort | int | `10254` | | +| controller.metrics.service.type | string | `"ClusterIP"` | | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | +| controller.metrics.serviceMonitor.enabled | bool | `false` | | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | | +| controller.metrics.serviceMonitor.namespace | string | `""` | | +| controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | | +| controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | +| controller.metrics.serviceMonitor.targetLabels | list | `[]` | | +| controller.minAvailable | int | `1` | | +| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | +| controller.name | string | `"controller"` | | +| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | +| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | +| controller.podLabels | object | `{}` | Labels to add to the pod container metadata | +| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | +| controller.priorityClassName | string | `""` | | +| controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers | +| controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. | +| controller.publishService.enabled | bool | `true` | Enable 'publishService' or not | +| controller.publishService.pathOverride | string | `""` | Allows overriding of the publish service to bind to Must be / | +| controller.readinessProbe.failureThreshold | int | `3` | | +| controller.readinessProbe.httpGet.path | string | `"/healthz"` | | +| controller.readinessProbe.httpGet.port | int | `10254` | | +| controller.readinessProbe.httpGet.scheme | string | `"HTTP"` | | +| controller.readinessProbe.initialDelaySeconds | int | `10` | | +| controller.readinessProbe.periodSeconds | int | `10` | | +| controller.readinessProbe.successThreshold | int | `1` | | +| controller.readinessProbe.timeoutSeconds | int | `1` | | +| controller.replicaCount | int | `1` | | +| controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply | +| controller.resources.requests.cpu | string | `"100m"` | | +| controller.resources.requests.memory | string | `"90Mi"` | | +| controller.scope.enabled | bool | `false` | Enable 'scope' or not | +| controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | +| controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | +| controller.service.annotations | object | `{}` | | +| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # | +| controller.service.enableHttp | bool | `true` | | +| controller.service.enableHttps | bool | `true` | | +| controller.service.enabled | bool | `true` | | +| controller.service.external.enabled | bool | `true` | | +| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | +| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. | +| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | +| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | +| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | +| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | +| controller.service.labels | object | `{}` | | +| controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | +| controller.service.loadBalancerSourceRanges | list | `[]` | | +| controller.service.nodePorts.http | string | `""` | | +| controller.service.nodePorts.https | string | `""` | | +| controller.service.nodePorts.tcp | object | `{}` | | +| controller.service.nodePorts.udp | object | `{}` | | +| controller.service.ports.http | int | `80` | | +| controller.service.ports.https | int | `443` | | +| controller.service.targetPorts.http | string | `"http"` | | +| controller.service.targetPorts.https | string | `"https"` | | +| controller.service.type | string | `"LoadBalancer"` | | +| controller.shareProcessNamespace | bool | `false` | | +| controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | +| controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | +| controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) | +| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # | +| controller.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # | +| controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap | +| controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) | +| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | +| controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false | +| defaultBackend.affinity | object | `{}` | | +| defaultBackend.autoscaling.annotations | object | `{}` | | +| defaultBackend.autoscaling.enabled | bool | `false` | | +| defaultBackend.autoscaling.maxReplicas | int | `2` | | +| defaultBackend.autoscaling.minReplicas | int | `1` | | +| defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | | +| defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | +| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | +| defaultBackend.enabled | bool | `false` | | +| defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one | +| defaultBackend.extraArgs | object | `{}` | | +| defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods | +| defaultBackend.extraVolumeMounts | list | `[]` | | +| defaultBackend.extraVolumes | list | `[]` | | +| defaultBackend.image.allowPrivilegeEscalation | bool | `false` | | +| defaultBackend.image.image | string | `"defaultbackend-amd64"` | | +| defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | | +| defaultBackend.image.readOnlyRootFilesystem | bool | `true` | | +| defaultBackend.image.registry | string | `"registry.k8s.io"` | | +| defaultBackend.image.runAsNonRoot | bool | `true` | | +| defaultBackend.image.runAsUser | int | `65534` | | +| defaultBackend.image.tag | string | `"1.5"` | | +| defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources | +| defaultBackend.livenessProbe.failureThreshold | int | `3` | | +| defaultBackend.livenessProbe.initialDelaySeconds | int | `30` | | +| defaultBackend.livenessProbe.periodSeconds | int | `10` | | +| defaultBackend.livenessProbe.successThreshold | int | `1` | | +| defaultBackend.livenessProbe.timeoutSeconds | int | `5` | | +| defaultBackend.minAvailable | int | `1` | | +| defaultBackend.name | string | `"defaultbackend"` | | +| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | +| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # | +| defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata | +| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | +| defaultBackend.port | int | `8080` | | +| defaultBackend.priorityClassName | string | `""` | | +| defaultBackend.readinessProbe.failureThreshold | int | `6` | | +| defaultBackend.readinessProbe.initialDelaySeconds | int | `0` | | +| defaultBackend.readinessProbe.periodSeconds | int | `5` | | +| defaultBackend.readinessProbe.successThreshold | int | `1` | | +| defaultBackend.readinessProbe.timeoutSeconds | int | `5` | | +| defaultBackend.replicaCount | int | `1` | | +| defaultBackend.resources | object | `{}` | | +| defaultBackend.service.annotations | object | `{}` | | +| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | +| defaultBackend.service.loadBalancerSourceRanges | list | `[]` | | +| defaultBackend.service.servicePort | int | `80` | | +| defaultBackend.service.type | string | `"ClusterIP"` | | +| defaultBackend.serviceAccount.automountServiceAccountToken | bool | `true` | | +| defaultBackend.serviceAccount.create | bool | `true` | | +| defaultBackend.serviceAccount.name | string | `""` | | +| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | +| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | +| podSecurityPolicy.enabled | bool | `false` | | +| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | +| rbac.create | bool | `true` | | +| rbac.scope | bool | `false` | | +| revisionHistoryLimit | int | `10` | Rollback limit # | +| serviceAccount.annotations | object | `{}` | Annotations for the controller service account | +| serviceAccount.automountServiceAccountToken | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | +| udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | + diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/README.md.gotmpl b/packer/ansible/roles/helm_install/files/ingress-nginx/README.md.gotmpl new file mode 100644 index 0000000..8959961 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/README.md.gotmpl @@ -0,0 +1,235 @@ +{{ template "chart.header" . }} +[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. + +This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Chart version 3.x.x: Kubernetes v1.16+ +- Chart version 4.x.x and above: Kubernetes v1.19+ + +## Get Repo Info + +```console +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update +``` + +## Install Chart + +**Important:** only helm3 is supported + +```console +helm install [RELEASE_NAME] ingress-nginx/ingress-nginx +``` + +The command deploys ingress-nginx on the Kubernetes cluster in the default configuration. + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading With Zero Downtime in Production + +By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8). + +### Migrating from stable/nginx-ingress + +There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: + +1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one +1. For critical services in production that require zero-downtime, you will want to: + 1. [Install](#install-chart) a second Ingress controller + 1. Redirect your DNS traffic from the old controller to the new controller + 1. Log traffic from both controllers during this changeover + 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it + 1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production) + +Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +helm show values ingress-nginx/ingress-nginx +``` + +### PodDisruptionBudget + +Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one, +else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info. + +### Prometheus Metrics + +The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. + +You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. +Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) + +### ingress-nginx nginx\_status page/stats server + +Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: + +- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed +- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. + You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server + +### ExternalDNS Service Configuration + +Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service: + +```yaml +controller: + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com. +``` + +### AWS L7 ELB with SSL Termination + +Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml): + +```yaml +controller: + service: + targetPorts: + http: http + https: http + annotations: + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' +``` + +### AWS route53-mapper + +To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label: + +```yaml +controller: + service: + labels: + dns: "route53" + annotations: + domainName: "kubernetes-example.com" +``` + +### Additional Internal Load Balancer + +This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. + +By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL. + +You'll need to set both the following values: + +`controller.service.internal.enabled` +`controller.service.internal.annotations` + +If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken. + +`controller.service.internal.annotations` varies with the cloud service you're using. + +Example for AWS: + +```yaml +controller: + service: + internal: + enabled: true + annotations: + # Create internal ELB + service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +Example for GCE: + +```yaml +controller: + service: + internal: + enabled: true + annotations: + # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing + # For GKE versions 1.17 and later + networking.gke.io/load-balancer-type: "Internal" + # For earlier versions + # cloud.google.com/load-balancer-type: "Internal" + + # Any other annotation can be declared here. +``` + +Example for Azure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +Example for Oracle Cloud Infrastructure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/oci-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object. + +Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`. + +### Ingress Admission Webhooks + +With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. +**This feature is enabled by default since 0.31.0.** + +With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) + +### Helm Error When Upgrading: spec.clusterIP: Invalid value: "" + +If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this: + +```console +Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable +``` + +Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error. + +As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml new file mode 100644 index 0000000..b28a232 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml @@ -0,0 +1,7 @@ +controller: + watchIngressWithoutClass: true + ingressClassResource: + name: custom-nginx + enabled: true + default: true + controllerValue: "k8s.io/custom-nginx" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-customconfig-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-customconfig-values.yaml new file mode 100644 index 0000000..4393a5b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-customconfig-values.yaml @@ -0,0 +1,14 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + kind: DaemonSet + allowSnippetAnnotations: false + admissionWebhooks: + enabled: false + service: + type: ClusterIP + + config: + use-proxy-protocol: "true" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-customnodeport-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-customnodeport-values.yaml new file mode 100644 index 0000000..1d94be2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-customnodeport-values.yaml @@ -0,0 +1,22 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + + service: + type: NodePort + nodePorts: + tcp: + 9000: 30090 + udp: + 9001: 30091 + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-extra-modules.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-extra-modules.yaml new file mode 100644 index 0000000..f299dbf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-extra-modules.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + service: + type: ClusterIP + extraModules: + - name: opentelemetry + image: busybox diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-headers-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-headers-values.yaml new file mode 100644 index 0000000..ab7d47b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-headers-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + addHeaders: + X-Frame-Options: deny + proxySetHeaders: + X-Forwarded-Proto: https + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-internal-lb-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-internal-lb-values.yaml new file mode 100644 index 0000000..0a200a7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-internal-lb-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + internal: + enabled: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-nodeport-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-nodeport-values.yaml new file mode 100644 index 0000000..3b7aa2f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-nodeport-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-podannotations-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-podannotations-values.yaml new file mode 100644 index 0000000..0b55306 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-podannotations-values.yaml @@ -0,0 +1,17 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP + podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scheme: http + prometheus.io/scrape: "true" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 0000000..acd86a7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,20 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml new file mode 100644 index 0000000..90b0f57 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml @@ -0,0 +1,18 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" + +portNamePrefix: "port" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-values.yaml new file mode 100644 index 0000000..25ee64d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-udp-values.yaml @@ -0,0 +1,16 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-values.yaml new file mode 100644 index 0000000..380c8b4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/daemonset-tcp-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + 9001: "default/test:8080" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-default-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-default-values.yaml new file mode 100644 index 0000000..82fa23e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-default-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-metrics-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-metrics-values.yaml new file mode 100644 index 0000000..cb3cb54 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-metrics-values.yaml @@ -0,0 +1,12 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-psp-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-psp-values.yaml new file mode 100644 index 0000000..8026a63 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-psp-values.yaml @@ -0,0 +1,13 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml new file mode 100644 index 0000000..fccdb13 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml @@ -0,0 +1,13 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-webhook-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-webhook-values.yaml new file mode 100644 index 0000000..54d364d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deamonset-webhook-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml new file mode 100644 index 0000000..dca3f35 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml @@ -0,0 +1,14 @@ +controller: + autoscaling: + enabled: true + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Pods + value: 1 + periodSeconds: 180 + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-autoscaling-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-autoscaling-values.yaml new file mode 100644 index 0000000..b8b3ac6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-autoscaling-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + autoscaling: + enabled: true + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-customconfig-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-customconfig-values.yaml new file mode 100644 index 0000000..1749418 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-customconfig-values.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + config: + use-proxy-protocol: "true" + allowSnippetAnnotations: false + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-customnodeport-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-customnodeport-values.yaml new file mode 100644 index 0000000..a564eaf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-customnodeport-values.yaml @@ -0,0 +1,20 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort + nodePorts: + tcp: + 9000: 30090 + udp: + 9001: 30091 + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-default-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-default-values.yaml new file mode 100644 index 0000000..9f46b4e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-default-values.yaml @@ -0,0 +1,8 @@ +# Left blank to test default values +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-extra-modules.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-extra-modules.yaml new file mode 100644 index 0000000..ec59235 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-extra-modules.yaml @@ -0,0 +1,10 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + extraModules: + - name: opentelemetry + image: busybox diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-headers-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-headers-values.yaml new file mode 100644 index 0000000..17a11ac --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-headers-values.yaml @@ -0,0 +1,13 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + addHeaders: + X-Frame-Options: deny + proxySetHeaders: + X-Forwarded-Proto: https + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-internal-lb-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-internal-lb-values.yaml new file mode 100644 index 0000000..fd8df8d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-internal-lb-values.yaml @@ -0,0 +1,13 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + internal: + enabled: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-metrics-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-metrics-values.yaml new file mode 100644 index 0000000..9209ad5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-metrics-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-nodeport-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-nodeport-values.yaml new file mode 100644 index 0000000..cd9b323 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-nodeport-values.yaml @@ -0,0 +1,9 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-podannotations-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-podannotations-values.yaml new file mode 100644 index 0000000..b48d93c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-podannotations-values.yaml @@ -0,0 +1,16 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP + podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scheme: http + prometheus.io/scrape: "true" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-psp-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-psp-values.yaml new file mode 100644 index 0000000..2f332a7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-psp-values.yaml @@ -0,0 +1,10 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 0000000..c51a4e9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,19 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml new file mode 100644 index 0000000..56323c5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml @@ -0,0 +1,17 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" + +portNamePrefix: "port" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-values.yaml new file mode 100644 index 0000000..5b45b69 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-udp-values.yaml @@ -0,0 +1,15 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-values.yaml new file mode 100644 index 0000000..ac0b6e6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-tcp-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + 9001: "default/test:8080" diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml new file mode 100644 index 0000000..6195bb3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml new file mode 100644 index 0000000..95487b0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml @@ -0,0 +1,12 @@ +controller: + service: + type: ClusterIP + admissionWebhooks: + enabled: true + extraEnvs: + - name: FOO + value: foo + - name: TEST + value: test + patch: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-resources-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-resources-values.yaml new file mode 100644 index 0000000..49ebbb0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-resources-values.yaml @@ -0,0 +1,23 @@ +controller: + service: + type: ClusterIP + admissionWebhooks: + enabled: true + createSecretJob: + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + patchWebhookJob: + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + patch: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-values.yaml new file mode 100644 index 0000000..76669a5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/ci/deployment-webhook-values.yaml @@ -0,0 +1,9 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/override-values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/override-values.yaml new file mode 100644 index 0000000..e190f03 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/override-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + + service: + type: LoadBalancer + nodePorts: + http: "30000" + https: "30001" + tcp: {} + udp: {} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/temp.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/temp.yaml new file mode 100644 index 0000000..2b28787 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/temp.yaml @@ -0,0 +1,724 @@ +--- +# Source: ingress-nginx/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +automountServiceAccountToken: true +--- +# Source: ingress-nginx/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +data: + allow-snippet-annotations: "true" +--- +# Source: ingress-nginx/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + name: release-name-ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +# Source: ingress-nginx/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + name: release-name-ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: release-name-ingress-nginx +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx + namespace: "default" +--- +# Source: ingress-nginx/templates/controller-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + # TODO(Jintao Zhang) + # Once we release a new version of the controller, + # we will be able to remove the configmap related permissions + # We have used the Lease API for selection + # ref: https://github.com/kubernetes/ingress-nginx/pull/8921 + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - ingress-controller-leader + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - ingress-controller-leader + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: ingress-nginx/templates/controller-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-ingress-nginx +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx + namespace: "default" +--- +# Source: ingress-nginx/templates/controller-service-webhook.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller-admission + namespace: default +spec: + type: ClusterIP + ports: + - name: https-webhook + port: 443 + targetPort: webhook + appProtocol: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +spec: + type: LoadBalancer + ipFamilyPolicy: SingleStack + ipFamilies: + - IPv4 + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + appProtocol: http + - name: https + port: 443 + protocol: TCP + targetPort: https + appProtocol: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +spec: + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller + replicas: 1 + revisionHistoryLimit: 10 + minReadySeconds: 0 + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller + spec: + dnsPolicy: ClusterFirst + containers: + - name: controller + image: "registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974" + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/release-name-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/release-name-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsUser: 101 + allowPrivilegeEscalation: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: webhook + containerPort: 8443 + protocol: TCP + volumeMounts: + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + resources: + requests: + cpu: 100m + memory: 90Mi + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: release-name-ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: release-name-ingress-nginx-admission +--- +# Source: ingress-nginx/templates/controller-ingressclass.yaml +# We don't support namespaced ingressClass yet +# So a ClusterRole and a ClusterRoleBinding is required +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +# before changing this value, check the required kubernetes version +# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + name: release-name-ingress-nginx-admission +webhooks: + - name: validate.nginx.ingress.kubernetes.io + matchPolicy: Equivalent + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: + - v1 + clientConfig: + service: + namespace: "default" + name: release-name-ingress-nginx-controller-admission + path: /networking/v1/ingresses +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: release-name-ingress-nginx-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: release-name-ingress-nginx-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: release-name-ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx-admission + namespace: "default" +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx-admission + namespace: "default" +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-ingress-nginx-admission-create + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: release-name-ingress-nginx-admission-create + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: create + image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47" + imagePullPolicy: IfNotPresent + args: + - create + - --host=release-name-ingress-nginx-controller-admission,release-name-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=release-name-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: release-name-ingress-nginx-admission + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-ingress-nginx-admission-patch + namespace: default + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: release-name-ingress-nginx-admission-patch + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: patch + image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47" + imagePullPolicy: IfNotPresent + args: + - patch + - --webhook-name=release-name-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=release-name-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: release-name-ingress-nginx-admission + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/temp2.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/temp2.yaml new file mode 100644 index 0000000..9ef52fc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/temp2.yaml @@ -0,0 +1,725 @@ +--- +# Source: ingress-nginx/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +automountServiceAccountToken: true +--- +# Source: ingress-nginx/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +data: + allow-snippet-annotations: "true" +--- +# Source: ingress-nginx/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + name: release-name-ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +# Source: ingress-nginx/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + name: release-name-ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: release-name-ingress-nginx +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx + namespace: "default" +--- +# Source: ingress-nginx/templates/controller-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + # TODO(Jintao Zhang) + # Once we release a new version of the controller, + # we will be able to remove the configmap related permissions + # We have used the Lease API for selection + # ref: https://github.com/kubernetes/ingress-nginx/pull/8921 + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - ingress-controller-leader + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - ingress-controller-leader + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: ingress-nginx/templates/controller-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-ingress-nginx +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx + namespace: "default" +--- +# Source: ingress-nginx/templates/controller-service-webhook.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller-admission + namespace: default +spec: + type: ClusterIP + ports: + - name: https-webhook + port: 443 + targetPort: webhook + appProtocol: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +spec: + type: LoadBalancer + ipFamilyPolicy: SingleStack + ipFamilies: + - IPv4 + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + appProtocol: http + nodePort: 30000 + - name: https + port: 443 + protocol: TCP + targetPort: https + appProtocol: https + nodePort: 30001 + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +spec: + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller + revisionHistoryLimit: 10 + minReadySeconds: 0 + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller + spec: + dnsPolicy: ClusterFirst + containers: + - name: controller + image: "registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974" + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/release-name-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/release-name-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsUser: 101 + allowPrivilegeEscalation: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: webhook + containerPort: 8443 + protocol: TCP + volumeMounts: + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + resources: + requests: + cpu: 100m + memory: 90Mi + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: release-name-ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: release-name-ingress-nginx-admission +--- +# Source: ingress-nginx/templates/controller-ingressclass.yaml +# We don't support namespaced ingressClass yet +# So a ClusterRole and a ClusterRoleBinding is required +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +# before changing this value, check the required kubernetes version +# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + name: release-name-ingress-nginx-admission +webhooks: + - name: validate.nginx.ingress.kubernetes.io + matchPolicy: Equivalent + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: + - v1 + clientConfig: + service: + namespace: "default" + name: release-name-ingress-nginx-controller-admission + path: /networking/v1/ingresses +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: release-name-ingress-nginx-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: release-name-ingress-nginx-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: release-name-ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx-admission + namespace: "default" +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx-admission + namespace: "default" +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-ingress-nginx-admission-create + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: release-name-ingress-nginx-admission-create + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: create + image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47" + imagePullPolicy: IfNotPresent + args: + - create + - --host=release-name-ingress-nginx-controller-admission,release-name-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=release-name-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: release-name-ingress-nginx-admission + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-ingress-nginx-admission-patch + namespace: default + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: release-name-ingress-nginx-admission-patch + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: patch + image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47" + imagePullPolicy: IfNotPresent + args: + - patch + - --webhook-name=release-name-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=release-name-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: release-name-ingress-nginx-admission + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/NOTES.txt new file mode 100644 index 0000000..8985c56 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/NOTES.txt @@ -0,0 +1,80 @@ +The ingress-nginx controller has been installed. + +{{- if contains "NodePort" .Values.controller.service.type }} +Get the application URL by running these commands: + +{{- if (not (empty .Values.controller.service.nodePorts.http)) }} + export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }} +{{- else }} + export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) +{{- end }} +{{- if (not (empty .Values.controller.service.nodePorts.https)) }} + export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }} +{{- else }} + export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) +{{- end }} + export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}") + + echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP." + echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS." +{{- else if contains "LoadBalancer" .Values.controller.service.type }} +It may take a few minutes for the LoadBalancer IP to be available. +You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}' +{{- else if contains "ClusterIP" .Values.controller.service.type }} +Get the application URL by running these commands: + export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 + echo "Visit http://127.0.0.1:8080 to access your application." +{{- end }} + +An example Ingress that makes use of the controller: + +{{- $isV1 := semverCompare ">=1" .Chart.AppVersion}} + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: example + namespace: foo + {{- if eq $isV1 false }} + annotations: + kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }} + {{- end }} + spec: + {{- if $isV1 }} + ingressClassName: {{ .Values.controller.ingressClassResource.name }} + {{- end }} + rules: + - host: www.example.com + http: + paths: + - pathType: Prefix + backend: + service: + name: exampleService + port: + number: 80 + path: / + # This section is only required if TLS is to be enabled for the Ingress + tls: + - hosts: + - www.example.com + secretName: example-tls + +If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: + + apiVersion: v1 + kind: Secret + metadata: + name: example-tls + namespace: foo + data: + tls.crt: + tls.key: + type: kubernetes.io/tls + +{{- if .Values.controller.headers }} +################################################################################# +###### WARNING: `controller.headers` has been deprecated! ##### +###### It has been renamed to `controller.proxySetHeaders`. ##### +################################################################################# +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/_helpers.tpl new file mode 100644 index 0000000..e69de0c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/_helpers.tpl @@ -0,0 +1,185 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "ingress-nginx.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ingress-nginx.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Container SecurityContext. +*/}} +{{- define "controller.containerSecurityContext" -}} +{{- if .Values.controller.containerSecurityContext -}} +{{- toYaml .Values.controller.containerSecurityContext -}} +{{- else -}} +capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + {{- if .Values.controller.image.chroot }} + - SYS_CHROOT + {{- end }} +runAsUser: {{ .Values.controller.image.runAsUser }} +allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} +{{- end }} +{{- end -}} + +{{/* +Get specific image +*/}} +{{- define "ingress-nginx.image" -}} +{{- if .chroot -}} +{{- printf "%s-chroot" .image -}} +{{- else -}} +{{- printf "%s" .image -}} +{{- end }} +{{- end -}} + +{{/* +Get specific image digest +*/}} +{{- define "ingress-nginx.imageDigest" -}} +{{- if .chroot -}} +{{- if .digestChroot -}} +{{- printf "@%s" .digestChroot -}} +{{- end }} +{{- else -}} +{{ if .digest -}} +{{- printf "@%s" .digest -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified controller name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.controller.fullname" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct the path for the publish-service. + +By convention this will simply use the / to match the name of the +service generated. + +Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride` + +*/}} +{{- define "ingress-nginx.controller.publishServicePath" -}} +{{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}} +{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }} +{{- print $servicePath | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified default backend name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.defaultBackend.fullname" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "ingress-nginx.labels" -}} +helm.sh/chart: {{ include "ingress-nginx.chart" . }} +{{ include "ingress-nginx.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/part-of: {{ template "ingress-nginx.name" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "ingress-nginx.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "ingress-nginx.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "ingress-nginx.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled +*/}} +{{- define "ingress-nginx.defaultBackend.serviceAccountName" -}} +{{- if .Values.defaultBackend.serviceAccount.create -}} + {{ default (printf "%s-backend" (include "ingress-nginx.fullname" .)) .Values.defaultBackend.serviceAccount.name }} +{{- else -}} + {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiGroup for PodSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiGroup" -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy" -}} +{{- else -}} +{{- print "extensions" -}} +{{- end -}} +{{- end -}} + +{{/* +Check the ingress controller version tag is at most three versions behind the last release +*/}} +{{- define "isControllerTagValid" -}} +{{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}} +{{- fail "Controller container image tag should be 0.27.0 or higher" -}} +{{- end -}} +{{- end -}} + +{{/* +IngressClass parameters. +*/}} +{{- define "ingressClass.parameters" -}} + {{- if .Values.controller.ingressClassResource.parameters -}} + parameters: +{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}} + {{ end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/_params.tpl b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/_params.tpl new file mode 100644 index 0000000..305ce0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/_params.tpl @@ -0,0 +1,62 @@ +{{- define "ingress-nginx.params" -}} +- /nginx-ingress-controller +{{- if .Values.defaultBackend.enabled }} +- --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }} +{{- end }} +{{- if and .Values.controller.publishService.enabled .Values.controller.service.enabled }} +{{- if .Values.controller.service.external.enabled }} +- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} +{{- else if .Values.controller.service.internal.enabled }} +- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}-internal +{{- end }} +{{- end }} +- --election-id={{ .Values.controller.electionID }} +- --controller-class={{ .Values.controller.ingressClassResource.controllerValue }} +{{- if .Values.controller.ingressClass }} +- --ingress-class={{ .Values.controller.ingressClass }} +{{- end }} +- --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} +{{- if .Values.tcp }} +- --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp +{{- end }} +{{- if .Values.udp }} +- --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp +{{- end }} +{{- if .Values.controller.scope.enabled }} +- --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} +{{- end }} +{{- if and (not .Values.controller.scope.enabled) .Values.controller.scope.namespaceSelector }} +- --watch-namespace-selector={{ default "" .Values.controller.scope.namespaceSelector }} +{{- end }} +{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} +- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.enabled }} +- --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }} +- --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }} +- --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }} +{{- end }} +{{- if .Values.controller.maxmindLicenseKey }} +- --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} +{{- end }} +{{- if .Values.controller.healthCheckHost }} +- --healthz-host={{ .Values.controller.healthCheckHost }} +{{- end }} +{{- if not (eq .Values.controller.healthCheckPath "/healthz") }} +- --health-check-path={{ .Values.controller.healthCheckPath }} +{{- end }} +{{- if .Values.controller.ingressClassByName }} +- --ingress-class-by-name=true +{{- end }} +{{- if .Values.controller.watchIngressWithoutClass }} +- --watch-ingress-without-class=true +{{- end }} +{{- range $key, $value := .Values.controller.extraArgs }} +{{- /* Accept keys without values or with false as value */}} +{{- if eq ($value | quote | len) 2 }} +- --{{ $key }} +{{- else }} +- --{{ $key }}={{ $value }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml new file mode 100644 index 0000000..5659a1f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + {{- with .Values.controller.admissionWebhooks.existingPsp }} + - {{ . }} + {{- else }} + - {{ include "ingress-nginx.fullname" . }}-admission + {{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml new file mode 100644 index 0000000..abf17fb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ingress-nginx.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml new file mode 100644 index 0000000..7558e0b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -0,0 +1,79 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission-create + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- with .Values.controller.admissionWebhooks.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 +{{- end }} + template: + metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission-create + {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 8 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + containers: + - name: create + {{- with .Values.controller.admissionWebhooks.patch.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + {{- end }} + imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} + args: + - create + - --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name={{ include "ingress-nginx.fullname" . }}-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.controller.admissionWebhooks.extraEnvs }} + {{- toYaml .Values.controller.admissionWebhooks.extraEnvs | nindent 12 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + {{- if .Values.controller.admissionWebhooks.createSecretJob.resources }} + resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }} + {{- end }} + restartPolicy: OnFailure + serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission + {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.tolerations }} + tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} + securityContext: + {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml new file mode 100644 index 0000000..0528215 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -0,0 +1,81 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission-patch + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- with .Values.controller.admissionWebhooks.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 +{{- end }} + template: + metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission-patch + {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 8 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + containers: + - name: patch + {{- with .Values.controller.admissionWebhooks.patch.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + {{- end }} + imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} + args: + - patch + - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name={{ include "ingress-nginx.fullname" . }}-admission + - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.controller.admissionWebhooks.extraEnvs }} + {{- toYaml .Values.controller.admissionWebhooks.extraEnvs | nindent 12 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + {{- if .Values.controller.admissionWebhooks.patchWebhookJob.resources }} + resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} + {{- end }} + restartPolicy: OnFailure + serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission + {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.tolerations }} + tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} + securityContext: + {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml new file mode 100644 index 0000000..70edde3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml @@ -0,0 +1,39 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml new file mode 100644 index 0000000..795bac6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml new file mode 100644 index 0000000..698c5c8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ingress-nginx.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml new file mode 100644 index 0000000..eae4751 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml new file mode 100644 index 0000000..8caffcb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -0,0 +1,48 @@ +{{- if .Values.controller.admissionWebhooks.enabled -}} +# before changing this value, check the required kubernetes version +# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + {{- if .Values.controller.admissionWebhooks.annotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-admission +webhooks: + - name: validate.nginx.ingress.kubernetes.io + matchPolicy: Equivalent + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: {{ .Values.controller.admissionWebhooks.failurePolicy | default "Fail" }} + sideEffects: None + admissionReviewVersions: + - v1 + clientConfig: + service: + namespace: {{ .Release.Namespace | quote }} + name: {{ include "ingress-nginx.controller.fullname" . }}-admission + path: /networking/v1/ingresses + {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} + timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.namespaceSelector }} + namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.objectSelector }} + objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/clusterrole.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/clusterrole.yaml new file mode 100644 index 0000000..0e725ec --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/clusterrole.yaml @@ -0,0 +1,94 @@ +{{- if .Values.rbac.create }} + +{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}} + {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }} +{{- end }} + +{{- if not .Values.rbac.scope -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }} +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets +{{- if not .Values.controller.scope.enabled }} + - namespaces +{{- end}} + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }} + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - "{{ .Values.controller.scope.namespace }}" + verbs: + - get +{{- end }} + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +{{- end }} + +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/clusterrolebinding.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..acbbd8b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.rbac.create (not .Values.rbac.scope) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ingress-nginx.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "ingress-nginx.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-addheaders.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-addheaders.yaml new file mode 100644 index 0000000..dfd49a1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-addheaders.yaml @@ -0,0 +1,14 @@ +{{- if .Values.controller.addHeaders -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers + namespace: {{ .Release.Namespace }} +data: {{ toYaml .Values.controller.addHeaders | nindent 2 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-proxyheaders.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-proxyheaders.yaml new file mode 100644 index 0000000..f8d15fa --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-proxyheaders.yaml @@ -0,0 +1,19 @@ +{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers + namespace: {{ .Release.Namespace }} +data: +{{- if .Values.controller.proxySetHeaders }} +{{ toYaml .Values.controller.proxySetHeaders | indent 2 }} +{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }} +{{ toYaml .Values.controller.headers | indent 2 }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-tcp.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-tcp.yaml new file mode 100644 index 0000000..0f6088e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-tcp.yaml @@ -0,0 +1,17 @@ +{{- if .Values.tcp -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.controller.tcp.annotations }} + annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} +{{- end }} + name: {{ include "ingress-nginx.fullname" . }}-tcp + namespace: {{ .Release.Namespace }} +data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-udp.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-udp.yaml new file mode 100644 index 0000000..3772ec5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap-udp.yaml @@ -0,0 +1,17 @@ +{{- if .Values.udp -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.controller.udp.annotations }} + annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }} +{{- end }} + name: {{ include "ingress-nginx.fullname" . }}-udp + namespace: {{ .Release.Namespace }} +data: {{ tpl (toYaml .Values.udp) . | nindent 2 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap.yaml new file mode 100644 index 0000000..f28b26e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.controller.configAnnotations }} + annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }} +{{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} +data: + allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}" +{{- if .Values.controller.addHeaders }} + add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers +{{- end }} +{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }} + proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers +{{- end }} +{{- if .Values.dhParam }} + ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }} +{{- end }} +{{- range $key, $value := .Values.controller.config }} + {{- $key | nindent 2 }}: {{ $value | quote }} +{{- end }} + diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-daemonset.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-daemonset.yaml new file mode 100644 index 0000000..80c268f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-daemonset.yaml @@ -0,0 +1,223 @@ +{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}} +{{- include "isControllerTagValid" . -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} + {{- if .Values.controller.annotations }} + annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: controller + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if .Values.controller.updateStrategy }} + updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} + {{- end }} + minReadySeconds: {{ .Values.controller.minReadySeconds }} + template: + metadata: + {{- if .Values.controller.podAnnotations }} + annotations: + {{- range $key, $value := .Values.controller.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.controller.podLabels }} + {{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} + spec: + {{- if .Values.controller.dnsConfig }} + dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostname }} + hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} + {{- end }} + {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} + securityContext: + {{- end }} + {{- if .Values.controller.podSecurityContext }} + {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} + {{- end }} + {{- if .Values.controller.sysctls }} + sysctls: + {{- range $sysctl, $value := .Values.controller.sysctls }} + - name: {{ $sysctl | quote }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.controller.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} + {{- end }} + containers: + - name: {{ .Values.controller.containerName }} + {{- with .Values.controller.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" + {{- end }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + {{- if .Values.controller.lifecycle }} + lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} + {{- end }} + args: + {{- include "ingress-nginx.params" . | nindent 12 }} + securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.controller.enableMimalloc }} + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + {{- end }} + {{- if .Values.controller.extraEnvs }} + {{- toYaml .Values.controller.extraEnvs | nindent 12 }} + {{- end }} + {{- if .Values.controller.startupProbe }} + startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} + {{- end }} + livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} + {{- end }} + {{- end }} + {{- if .Values.controller.metrics.enabled }} + - name: http-metrics + containerPort: {{ .Values.controller.metrics.port }} + protocol: TCP + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook + containerPort: {{ .Values.controller.admissionWebhooks.port }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + containerPort: {{ $key }} + protocol: TCP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ $key }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + containerPort: {{ $key }} + protocol: UDP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ $key }} + {{- end }} + {{- end }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }} + volumeMounts: + {{- if .Values.controller.extraModules }} + - name: modules + mountPath: /modules_mount + {{- end }} + {{- if .Values.controller.customTemplate.configMapName }} + - mountPath: /etc/nginx/template + name: nginx-template-volume + readOnly: true + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{ toYaml .Values.controller.resources | nindent 12 }} + {{- end }} + {{- if .Values.controller.extraContainers }} + {{ toYaml .Values.controller.extraContainers | nindent 8 }} + {{- end }} + + + {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }} + initContainers: + {{- if .Values.controller.extraInitContainers }} + {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} + {{- end }} + {{- if .Values.controller.extraModules }} + {{- range .Values.controller.extraModules }} + - name: {{ .Name }} + image: {{ .Image }} + command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.affinity }} + affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} + {{- end }} + {{- if .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} + volumes: + {{- if .Values.controller.extraModules }} + - name: modules + emptyDir: {} + {{- end }} + {{- if .Values.controller.customTemplate.configMapName }} + - name: nginx-template-volume + configMap: + name: {{ .Values.controller.customTemplate.configMapName }} + items: + - key: {{ .Values.controller.customTemplate.configMapKey }} + path: nginx.tmpl + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook-cert + secret: + secretName: {{ include "ingress-nginx.fullname" . }}-admission + {{- end }} + {{- if .Values.controller.extraVolumes }} + {{ toYaml .Values.controller.extraVolumes | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-deployment.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-deployment.yaml new file mode 100644 index 0000000..5ad1867 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-deployment.yaml @@ -0,0 +1,228 @@ +{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}} +{{- include "isControllerTagValid" . -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} + {{- if .Values.controller.annotations }} + annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: controller + {{- if not .Values.controller.autoscaling.enabled }} + replicas: {{ .Values.controller.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if .Values.controller.updateStrategy }} + strategy: + {{ toYaml .Values.controller.updateStrategy | nindent 4 }} + {{- end }} + minReadySeconds: {{ .Values.controller.minReadySeconds }} + template: + metadata: + {{- if .Values.controller.podAnnotations }} + annotations: + {{- range $key, $value := .Values.controller.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.controller.podLabels }} + {{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} + spec: + {{- if .Values.controller.dnsConfig }} + dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostname }} + hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName | quote }} + {{- end }} + {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} + securityContext: + {{- end }} + {{- if .Values.controller.podSecurityContext }} + {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} + {{- end }} + {{- if .Values.controller.sysctls }} + sysctls: + {{- range $sysctl, $value := .Values.controller.sysctls }} + - name: {{ $sysctl | quote }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.controller.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} + {{- end }} + containers: + - name: {{ .Values.controller.containerName }} + {{- with .Values.controller.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" + {{- end }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + {{- if .Values.controller.lifecycle }} + lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} + {{- end }} + args: + {{- include "ingress-nginx.params" . | nindent 12 }} + securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.controller.enableMimalloc }} + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + {{- end }} + {{- if .Values.controller.extraEnvs }} + {{- toYaml .Values.controller.extraEnvs | nindent 12 }} + {{- end }} + {{- if .Values.controller.startupProbe }} + startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} + {{- end }} + livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} + {{- end }} + {{- end }} + {{- if .Values.controller.metrics.enabled }} + - name: http-metrics + containerPort: {{ .Values.controller.metrics.port }} + protocol: TCP + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook + containerPort: {{ .Values.controller.admissionWebhooks.port }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + containerPort: {{ $key }} + protocol: TCP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ $key }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + containerPort: {{ $key }} + protocol: UDP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ $key }} + {{- end }} + {{- end }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }} + volumeMounts: + {{- if .Values.controller.extraModules }} + - name: modules + mountPath: /modules_mount + {{- end }} + {{- if .Values.controller.customTemplate.configMapName }} + - mountPath: /etc/nginx/template + name: nginx-template-volume + readOnly: true + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{ toYaml .Values.controller.resources | nindent 12 }} + {{- end }} + {{- if .Values.controller.extraContainers }} + {{ toYaml .Values.controller.extraContainers | nindent 8 }} + {{- end }} + {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }} + initContainers: + {{- if .Values.controller.extraInitContainers }} + {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} + {{- end }} + {{- if .Values.controller.extraModules }} + {{- range .Values.controller.extraModules }} + - name: {{ .name }} + image: {{ .image }} + command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + volumeMounts: + - name: modules + mountPath: /modules_mount + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.affinity }} + affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} + {{- end }} + {{- if .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} + volumes: + {{- if .Values.controller.extraModules }} + - name: modules + emptyDir: {} + {{- end }} + {{- if .Values.controller.customTemplate.configMapName }} + - name: nginx-template-volume + configMap: + name: {{ .Values.controller.customTemplate.configMapName }} + items: + - key: {{ .Values.controller.customTemplate.configMapKey }} + path: nginx.tmpl + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook-cert + secret: + secretName: {{ include "ingress-nginx.fullname" . }}-admission + {{- end }} + {{- if .Values.controller.extraVolumes }} + {{ toYaml .Values.controller.extraVolumes | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-hpa.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-hpa.yaml new file mode 100644 index 0000000..e0979f1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-hpa.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} +{{- if not .Values.controller.keda.enabled }} + +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + annotations: + {{- with .Values.controller.autoscaling.annotations }} + {{- toYaml . | trimSuffix "\n" | nindent 4 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ingress-nginx.controller.fullname" . }} + minReplicas: {{ .Values.controller.autoscaling.minReplicas }} + maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} + metrics: + {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.controller.autoscalingTemplate }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.controller.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} + diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-ingressclass.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-ingressclass.yaml new file mode 100644 index 0000000..9492784 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-ingressclass.yaml @@ -0,0 +1,21 @@ +{{- if .Values.controller.ingressClassResource.enabled -}} +# We don't support namespaced ingressClass yet +# So a ClusterRole and a ClusterRoleBinding is required +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ .Values.controller.ingressClassResource.name }} +{{- if .Values.controller.ingressClassResource.default }} + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +{{- end }} +spec: + controller: {{ .Values.controller.ingressClassResource.controllerValue }} + {{ template "ingressClass.parameters" . }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-keda.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-keda.yaml new file mode 100644 index 0000000..875157e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-keda.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} +# https://keda.sh/docs/ + +apiVersion: {{ .Values.controller.keda.apiVersion }} +kind: ScaledObject +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + {{- if .Values.controller.keda.scaledObject.annotations }} + annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: +{{- if eq .Values.controller.keda.apiVersion "keda.k8s.io/v1alpha1" }} + deploymentName: {{ include "ingress-nginx.controller.fullname" . }} +{{- else if eq .Values.controller.keda.apiVersion "keda.sh/v1alpha1" }} + name: {{ include "ingress-nginx.controller.fullname" . }} +{{- end }} + pollingInterval: {{ .Values.controller.keda.pollingInterval }} + cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }} + minReplicaCount: {{ .Values.controller.keda.minReplicas }} + maxReplicaCount: {{ .Values.controller.keda.maxReplicas }} + triggers: +{{- with .Values.controller.keda.triggers }} +{{ toYaml . | indent 2 }} +{{ end }} + advanced: + restoreToOriginalReplicaCount: {{ .Values.controller.keda.restoreToOriginalReplicaCount }} +{{- if .Values.controller.keda.behavior }} + horizontalPodAutoscalerConfig: + behavior: +{{ with .Values.controller.keda.behavior -}} +{{ toYaml . | indent 8 }} +{{ end }} + +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-poddisruptionbudget.yaml new file mode 100644 index 0000000..8dfbe98 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -0,0 +1,19 @@ +{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: controller + minAvailable: {{ .Values.controller.minAvailable }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-prometheusrules.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-prometheusrules.yaml new file mode 100644 index 0000000..78b5362 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-prometheusrules.yaml @@ -0,0 +1,21 @@ +{{- if and ( .Values.controller.metrics.enabled ) ( .Values.controller.metrics.prometheusRule.enabled ) ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) -}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "ingress-nginx.controller.fullname" . }} +{{- if .Values.controller.metrics.prometheusRule.namespace }} + namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.metrics.prometheusRule.additionalLabels }} + {{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }} + {{- end }} +spec: +{{- if .Values.controller.metrics.prometheusRule.rules }} + groups: + - name: {{ template "ingress-nginx.name" . }} + rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-psp.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-psp.yaml new file mode 100644 index 0000000..2e0499c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-psp.yaml @@ -0,0 +1,94 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} +{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + allowedCapabilities: + - NET_BIND_SERVICE + {{- if .Values.controller.image.chroot }} + - SYS_CHROOT + {{- end }} +{{- if .Values.controller.sysctls }} + allowedUnsafeSysctls: + {{- range $sysctl, $value := .Values.controller.sysctls }} + - {{ $sysctl }} + {{- end }} +{{- end }} + privileged: false + allowPrivilegeEscalation: true + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + #- 'projected' + - 'secret' + #- 'downwardAPI' +{{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} +{{- end }} +{{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }} + hostPorts: +{{- if .Values.controller.hostNetwork }} +{{- range $key, $value := .Values.controller.containerPort }} + # {{ $key }} + - min: {{ $value }} + max: {{ $value }} +{{- end }} +{{- else if .Values.controller.hostPort.enabled }} +{{- range $key, $value := .Values.controller.hostPort.ports }} + # {{ $key }} + - min: {{ $value }} + max: {{ $value }} +{{- end }} +{{- end }} +{{- if .Values.controller.metrics.enabled }} + # metrics + - min: {{ .Values.controller.metrics.port }} + max: {{ .Values.controller.metrics.port }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.enabled }} + # admission webhooks + - min: {{ .Values.controller.admissionWebhooks.port }} + max: {{ .Values.controller.admissionWebhooks.port }} +{{- end }} +{{- range $key, $value := .Values.tcp }} + # {{ $key }}-tcp + - min: {{ $key }} + max: {{ $key }} +{{- end }} +{{- range $key, $value := .Values.udp }} + # {{ $key }}-udp + - min: {{ $key }} + max: {{ $key }} +{{- end }} +{{- end }} + hostIPC: false + hostPID: false + runAsUser: + # Require the container to run without root privileges. + rule: 'MustRunAsNonRoot' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + seLinux: + rule: 'RunAsAny' +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-role.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-role.yaml new file mode 100644 index 0000000..330be8c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-role.yaml @@ -0,0 +1,113 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + # TODO(Jintao Zhang) + # Once we release a new version of the controller, + # we will be able to remove the configmap related permissions + # We have used the Lease API for selection + # ref: https://github.com/kubernetes/ingress-nginx/pull/8921 + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - {{ .Values.controller.electionID }} + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - {{ .Values.controller.electionID }} + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] + resources: ['podsecuritypolicies'] + verbs: ['use'] + {{- with .Values.controller.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} + resourceNames: [{{ include "ingress-nginx.fullname" . }}] + {{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-rolebinding.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-rolebinding.yaml new file mode 100644 index 0000000..e846a11 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ingress-nginx.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "ingress-nginx.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-internal.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-internal.yaml new file mode 100644 index 0000000..aae3e15 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-internal.yaml @@ -0,0 +1,79 @@ +{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}} +apiVersion: v1 +kind: Service +metadata: + annotations: + {{- range $key, $value := .Values.controller.service.internal.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.service.labels }} + {{- toYaml .Values.controller.service.labels | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }}-internal + namespace: {{ .Release.Namespace }} +spec: + type: "{{ .Values.controller.service.type }}" +{{- if .Values.controller.service.internal.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }} +{{- end }} +{{- if .Values.controller.service.internal.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }} +{{- end }} +{{- if .Values.controller.service.internal.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }} +{{- end }} + ports: + {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} + {{- if .Values.controller.service.enableHttp }} + - name: http + port: {{ .Values.controller.service.ports.http }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} + nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enableHttps }} + - name: https + port: {{ .Values.controller.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} + nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + port: {{ $key }} + protocol: TCP + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + {{- if $.Values.controller.service.nodePorts.tcp }} + {{- if index $.Values.controller.service.nodePorts.tcp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} + {{- end }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + port: {{ $key }} + protocol: UDP + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + {{- if $.Values.controller.service.nodePorts.udp }} + {{- if index $.Values.controller.service.nodePorts.udp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} + {{- end }} + {{- end }} + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-metrics.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-metrics.yaml new file mode 100644 index 0000000..1c1d5bd --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-metrics.yaml @@ -0,0 +1,45 @@ +{{- if .Values.controller.metrics.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.metrics.service.annotations }} + annotations: {{ toYaml .Values.controller.metrics.service.annotations | nindent 4 }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.metrics.service.labels }} + {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.controller.metrics.service.type }} +{{- if .Values.controller.metrics.service.clusterIP }} + clusterIP: {{ .Values.controller.metrics.service.clusterIP }} +{{- end }} +{{- if .Values.controller.metrics.service.externalIPs }} + externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | nindent 4 }} +{{- end }} +{{- if .Values.controller.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.metrics.service.loadBalancerIP }} +{{- end }} +{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | nindent 4 }} +{{- end }} +{{- if .Values.controller.metrics.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }} +{{- end }} + ports: + - name: http-metrics + port: {{ .Values.controller.metrics.service.servicePort }} + protocol: TCP + targetPort: http-metrics + {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} + {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} + nodePort: {{ .Values.controller.metrics.service.nodePort }} + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-webhook.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-webhook.yaml new file mode 100644 index 0000000..2aae24f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service-webhook.yaml @@ -0,0 +1,40 @@ +{{- if .Values.controller.admissionWebhooks.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.admissionWebhooks.service.annotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }}-admission + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.controller.admissionWebhooks.service.type }} +{{- if .Values.controller.admissionWebhooks.service.clusterIP }} + clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.service.externalIPs }} + externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }} +{{- end }} + ports: + - name: https-webhook + port: 443 + targetPort: webhook + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service.yaml new file mode 100644 index 0000000..2b28196 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-service.yaml @@ -0,0 +1,101 @@ +{{- if and .Values.controller.service.enabled .Values.controller.service.external.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + {{- range $key, $value := .Values.controller.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.service.labels }} + {{- toYaml .Values.controller.service.labels | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.controller.service.type }} +{{- if .Values.controller.service.clusterIP }} + clusterIP: {{ .Values.controller.service.clusterIP }} +{{- end }} +{{- if .Values.controller.service.externalIPs }} + externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }} +{{- end }} +{{- if .Values.controller.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }} +{{- end }} +{{- if .Values.controller.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }} +{{- end }} +{{- if .Values.controller.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} +{{- end }} +{{- if .Values.controller.service.sessionAffinity }} + sessionAffinity: {{ .Values.controller.service.sessionAffinity }} +{{- end }} +{{- if .Values.controller.service.healthCheckNodePort }} + healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} +{{- end }} +{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} +{{- end }} +{{- end }} +{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.ipFamilies }} + ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }} +{{- end }} +{{- end }} + ports: + {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} + {{- if .Values.controller.service.enableHttp }} + - name: http + port: {{ .Values.controller.service.ports.http }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }} + appProtocol: http + {{- end }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} + nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enableHttps }} + - name: https + port: {{ .Values.controller.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }} + appProtocol: https + {{- end }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} + nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + port: {{ $key }} + protocol: TCP + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + {{- if $.Values.controller.service.nodePorts.tcp }} + {{- if index $.Values.controller.service.nodePorts.tcp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} + {{- end }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + port: {{ $key }} + protocol: UDP + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + {{- if $.Values.controller.service.nodePorts.udp }} + {{- if index $.Values.controller.service.nodePorts.udp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} + {{- end }} + {{- end }} + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-serviceaccount.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-serviceaccount.yaml new file mode 100644 index 0000000..824b2a1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if or .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "ingress-nginx.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + {{- if .Values.serviceAccount.annotations }} + annotations: + {{ toYaml .Values.serviceAccount.annotations | indent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-servicemonitor.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-servicemonitor.yaml new file mode 100644 index 0000000..973d36b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "ingress-nginx.controller.fullname" . }} +{{- if .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: http-metrics + interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} + {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} + honorLabels: true + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} +{{- if .Values.controller.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }} +{{- end }} +{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} + namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }} +{{- else }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} +{{- if .Values.controller.metrics.serviceMonitor.targetLabels }} + targetLabels: + {{- range .Values.controller.metrics.serviceMonitor.targetLabels }} + - {{ . }} + {{- end }} +{{- end }} + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml new file mode 100644 index 0000000..f74c2fb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml @@ -0,0 +1,19 @@ +{{- if .Values.controller.admissionWebhooks.enabled }} +{{- if .Values.controller.admissionWebhooks.networkPolicyEnabled }} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-webhooks-allow + namespace: {{ .Release.Namespace }} +spec: + ingress: + - {} + podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} + policyTypes: + - Ingress + +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-deployment.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-deployment.yaml new file mode 100644 index 0000000..fd3e96e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-deployment.yaml @@ -0,0 +1,118 @@ +{{- if .Values.defaultBackend.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: default-backend +{{- if not .Values.defaultBackend.autoscaling.enabled }} + replicas: {{ .Values.defaultBackend.replicaCount }} +{{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + template: + metadata: + {{- if .Values.defaultBackend.podAnnotations }} + annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.podLabels }} + {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.priorityClassName }} + priorityClassName: {{ .Values.defaultBackend.priorityClassName }} + {{- end }} + {{- if .Values.defaultBackend.podSecurityContext }} + securityContext: {{ toYaml .Values.defaultBackend.podSecurityContext | nindent 8 }} + {{- end }} + containers: + - name: {{ template "ingress-nginx.name" . }}-default-backend + {{- with .Values.defaultBackend.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + {{- end }} + imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} + {{- if .Values.defaultBackend.extraArgs }} + args: + {{- range $key, $value := .Values.defaultBackend.extraArgs }} + {{- /* Accept keys without values or with false as value */}} + {{- if eq ($value | quote | len) 2 }} + - --{{ $key }} + {{- else }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- end }} + {{- end }} + securityContext: + capabilities: + drop: + - ALL + runAsUser: {{ .Values.defaultBackend.image.runAsUser }} + runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }} + readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}} + {{- if .Values.defaultBackend.extraEnvs }} + env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }} + {{- end }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.defaultBackend.port }} + scheme: HTTP + initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.defaultBackend.port }} + scheme: HTTP + initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }} + ports: + - name: http + containerPort: {{ .Values.defaultBackend.port }} + protocol: TCP + {{- if .Values.defaultBackend.extraVolumeMounts }} + volumeMounts: {{- toYaml .Values.defaultBackend.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.defaultBackend.resources }} + resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }} + {{- end }} + {{- if .Values.defaultBackend.nodeSelector }} + nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + {{- if .Values.defaultBackend.tolerations }} + tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.affinity }} + affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: 60 + {{- if .Values.defaultBackend.extraVolumes }} + volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-hpa.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-hpa.yaml new file mode 100644 index 0000000..594d265 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-hpa.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "ingress-nginx.defaultBackend.fullname" . }} + minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }} + metrics: +{{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ . }} +{{- end }} +{{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ . }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml new file mode 100644 index 0000000..00891ce --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml @@ -0,0 +1,21 @@ +{{- if .Values.defaultBackend.enabled -}} +{{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: default-backend + minAvailable: {{ .Values.defaultBackend.minAvailable }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-psp.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-psp.yaml new file mode 100644 index 0000000..c144c8f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-psp.yaml @@ -0,0 +1,38 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} +{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-backend + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-role.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-role.yaml new file mode 100644 index 0000000..a2b457c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-role.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-backend + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] + resources: ['podsecuritypolicies'] + verbs: ['use'] + {{- with .Values.defaultBackend.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} + resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend] + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-rolebinding.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-rolebinding.yaml new file mode 100644 index 0000000..dbaa516 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-backend + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ingress-nginx.fullname" . }}-backend +subjects: + - kind: ServiceAccount + name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-service.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-service.yaml new file mode 100644 index 0000000..5f1d09a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-service.yaml @@ -0,0 +1,41 @@ +{{- if .Values.defaultBackend.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.defaultBackend.service.annotations }} + annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.defaultBackend.service.type }} +{{- if .Values.defaultBackend.service.clusterIP }} + clusterIP: {{ .Values.defaultBackend.service.clusterIP }} +{{- end }} +{{- if .Values.defaultBackend.service.externalIPs }} + externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }} +{{- end }} +{{- if .Values.defaultBackend.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }} +{{- end }} +{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }} +{{- end }} + ports: + - name: http + port: {{ .Values.defaultBackend.service.servicePort }} + protocol: TCP + targetPort: http + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: default-backend +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-serviceaccount.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-serviceaccount.yaml new file mode 100644 index 0000000..b45a95a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/default-backend-serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/templates/dh-param-secret.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/dh-param-secret.yaml new file mode 100644 index 0000000..12e7a4f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/templates/dh-param-secret.yaml @@ -0,0 +1,10 @@ +{{- with .Values.dhParam -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ingress-nginx.controller.fullname" $ }} + labels: + {{- include "ingress-nginx.labels" $ | nindent 4 }} +data: + dhparam.pem: {{ . }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/ingress-nginx/values.yaml b/packer/ansible/roles/helm_install/files/ingress-nginx/values.yaml new file mode 100644 index 0000000..9ec174f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/ingress-nginx/values.yaml @@ -0,0 +1,944 @@ +## nginx configuration +## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md +## + +## Overrides for generated resource names +# See templates/_helpers.tpl +# nameOverride: +# fullnameOverride: + +## Labels to apply to all resources +## +commonLabels: {} +# scmhash: abc123 +# myLabel: aakkmd + +controller: + name: controller + image: + ## Keep false as default for now! + chroot: false + registry: registry.k8s.io + image: ingress-nginx/controller + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "v1.3.1" + digest: sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + digestChroot: sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1 + pullPolicy: IfNotPresent + # www-data -> uid 101 + runAsUser: 101 + allowPrivilegeEscalation: true + + # -- Use an existing PSP instead of creating one + existingPsp: "" + + # -- Configures the controller container name + containerName: controller + + # -- Configures the ports that the nginx-controller listens on + containerPort: + http: 80 + https: 443 + + # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ + config: {} + + # -- Annotations to be added to the controller config configuration configmap. + configAnnotations: {} + + # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers + proxySetHeaders: {} + + # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers + addHeaders: {} + + # -- Optionally customize the pod dnsConfig. + dnsConfig: {} + + # -- Optionally customize the pod hostname. + hostname: {} + + # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. + # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller + # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. + dnsPolicy: ClusterFirst + + # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network + # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply + reportNodeInternalIp: false + + # -- Process Ingress objects without ingressClass annotation/ingressClassName field + # Overrides value for --watch-ingress-without-class flag of the controller binary + # Defaults to false + watchIngressWithoutClass: false + + # -- Process IngressClass per name (additionally as per spec.controller). + ingressClassByName: false + + # -- This configuration defines if Ingress Controller should allow users to set + # their own *-snippet annotations, otherwise this is forbidden / dropped + # when users add those annotations. + # Global snippets in ConfigMap are still respected + allowSnippetAnnotations: true + + # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), + # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 + # is merged + hostNetwork: false + + ## Use host ports 80 and 443 + ## Disabled by default + hostPort: + # -- Enable 'hostPort' or not + enabled: false + ports: + # -- 'hostPort' http port + http: 80 + # -- 'hostPort' https port + https: 443 + + # -- Election ID to use for status update + electionID: ingress-controller-leader + + ## This section refers to the creation of the IngressClass resource + ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 + ingressClassResource: + # -- Name of the ingressClass + name: nginx + # -- Is this ingressClass enabled or not + enabled: true + # -- Is this the default ingressClass for the cluster + default: false + # -- Controller-value of the controller that is processing this ingressClass + controllerValue: "k8s.io/ingress-nginx" + + # -- Parameters is a link to a custom resource containing additional + # configuration for the controller. This is optional if the controller + # does not require extra parameters. + parameters: {} + + # -- For backwards compatibility with ingress.class annotation, use ingressClass. + # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation + ingressClass: nginx + + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + + # -- Security Context policies for controller pods + podSecurityContext: {} + + # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls + sysctls: {} + # sysctls: + # "net.core.somaxconn": "8192" + + # -- Allows customization of the source of the IP address or FQDN to report + # in the ingress status field. By default, it reads the information provided + # by the service. If disable, the status field reports the IP address of the + # node or nodes where an ingress controller pod is running. + publishService: + # -- Enable 'publishService' or not + enabled: true + # -- Allows overriding of the publish service to bind to + # Must be / + pathOverride: "" + + # Limit the scope of the controller to a specific namespace + scope: + # -- Enable 'scope' or not + enabled: false + # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) + namespace: "" + # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels + # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. + namespaceSelector: "" + + # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + + tcp: + # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the tcp config configmap + annotations: {} + + udp: + # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the udp config configmap + annotations: {} + + # -- Maxmind license key to download GeoLite2 Databases. + ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + maxmindLicenseKey: "" + + # -- Additional command line arguments to pass to nginx-ingress-controller + # E.g. to specify the default SSL certificate you can use + extraArgs: {} + ## extraArgs: + ## default-ssl-certificate: "/" + + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + + # -- Use a `DaemonSet` or `Deployment` + kind: Deployment + + # -- Annotations to be added to the controller Deployment or DaemonSet + ## + annotations: {} + # keel.sh/pollSchedule: "@every 60m" + + # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels + ## + labels: {} + # keel.sh/policy: patch + # keel.sh/trigger: poll + + + # -- The update strategy to apply to the Deployment or DaemonSet + ## + updateStrategy: {} + # rollingUpdate: + # maxUnavailable: 1 + # type: RollingUpdate + + # -- `minReadySeconds` to avoid killing pods before we are ready + ## + minReadySeconds: 0 + + + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + # -- Affinity and anti-affinity rules for server scheduling to nodes + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + # # An example of preferred pod anti-affinity, weight is in the range 1-100 + # podAntiAffinity: + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # podAffinityTerm: + # labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/name + # operator: In + # values: + # - ingress-nginx + # - key: app.kubernetes.io/instance + # operator: In + # values: + # - ingress-nginx + # - key: app.kubernetes.io/component + # operator: In + # values: + # - controller + # topologyKey: kubernetes.io/hostname + + # # An example of required pod anti-affinity + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/name + # operator: In + # values: + # - ingress-nginx + # - key: app.kubernetes.io/instance + # operator: In + # values: + # - ingress-nginx + # - key: app.kubernetes.io/component + # operator: In + # values: + # - controller + # topologyKey: "kubernetes.io/hostname" + + # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app.kubernetes.io/instance: ingress-nginx-internal + + # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready + ## wait up to five minutes for the drain of connections + ## + terminationGracePeriodSeconds: 300 + + # -- Node labels for controller pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux + + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + ## startupProbe: + ## httpGet: + ## # should match container.healthCheckPath + ## path: "/healthz" + ## port: 10254 + ## scheme: HTTP + ## initialDelaySeconds: 5 + ## periodSeconds: 5 + ## timeoutSeconds: 2 + ## successThreshold: 1 + ## failureThreshold: 5 + livenessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + + # -- Path of the health check endpoint. All requests received on the port defined by + # the healthz-port parameter are forwarded internally to this path. + healthCheckPath: "/healthz" + + # -- Address to bind the health check endpoint. + # It is better to set this option to the internal node address + # if the ingress nginx controller is running in the `hostNetwork: true` mode. + healthCheckHost: "" + + # -- Annotations to be added to controller pods + ## + podAnnotations: {} + + replicaCount: 1 + + minAvailable: 1 + + ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes + ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 + ## Ideally, there should be no limits. + ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ + resources: + ## limits: + ## cpu: 100m + ## memory: 90Mi + requests: + cpu: 100m + memory: 90Mi + + # Mutually exclusive with keda autoscaling + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 11 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + autoscalingTemplate: [] + # Custom or additional autoscaling metrics + # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics + # - type: Pods + # pods: + # metric: + # name: nginx_ingress_controller_nginx_process_requests_total + # target: + # type: AverageValue + # averageValue: 10000m + + # Mutually exclusive with hpa autoscaling + keda: + apiVersion: "keda.sh/v1alpha1" + ## apiVersion changes with keda 1.x vs 2.x + ## 2.x = keda.sh/v1alpha1 + ## 1.x = keda.k8s.io/v1alpha1 + enabled: false + minReplicas: 1 + maxReplicas: 11 + pollingInterval: 30 + cooldownPeriod: 300 + restoreToOriginalReplicaCount: false + scaledObject: + annotations: {} + # Custom annotations for ScaledObject resource + # annotations: + # key: value + triggers: [] + # - type: prometheus + # metadata: + # serverAddress: http://:9090 + # metricName: http_requests_total + # threshold: '100' + # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) + + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + # -- Enable mimalloc as a drop-in replacement for malloc. + ## ref: https://github.com/microsoft/mimalloc + ## + enableMimalloc: true + + ## Override NGINX template + customTemplate: + configMapName: "" + configMapKey: "" + + service: + enabled: true + + # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were + # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http + # It allows choosing the protocol for each backend specified in the Kubernetes service. + # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 + # Will be ignored for Kubernetes versions older than 1.20 + ## + appProtocol: true + + annotations: {} + labels: {} + # clusterIP: "" + + # -- List of IP addresses at which the controller services are available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + enableHttp: true + enableHttps: true + + ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + + ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + # sessionAffinity: "" + + ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, + ## the service controller allocates a port from your cluster’s NodePort range. + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # healthCheckNodePort: 0 + + # -- Represents the dual-stack-ness requested or required by this Service. Possible values are + # SingleStack, PreferDualStack or RequireDualStack. + # The ipFamilies and clusterIPs fields depend on the value of this field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilyPolicy: "SingleStack" + + # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically + # based on cluster configuration and the ipFamilyPolicy field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilies: + - IPv4 + + ports: + http: 80 + https: 443 + + targetPorts: + http: http + https: https + + type: LoadBalancer + + ## type: NodePort + ## nodePorts: + ## http: 32080 + ## https: 32443 + ## tcp: + ## 8080: 32808 + nodePorts: + http: "" + https: "" + tcp: {} + udp: {} + + external: + enabled: true + + internal: + # -- Enables an additional internal load balancer (besides the external one). + enabled: false + # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. + annotations: {} + + # loadBalancerIP: "" + + # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. + loadBalancerSourceRanges: [] + + ## Set external traffic policy to: "Local" to preserve source IP on + ## providers supporting it + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + + # shareProcessNamespace enables process namespace sharing within the pod. + # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. + shareProcessNamespace: false + + # -- Additional containers to be added to the controller pod. + # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + extraContainers: [] + # - name: my-sidecar + # image: nginx:latest + # - name: lemonldap-ng-controller + # image: lemonldapng/lemonldap-ng-controller:0.2.0 + # args: + # - /lemonldap-ng-controller + # - --alsologtostderr + # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration + # env: + # - name: POD_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.name + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: + # fieldPath: metadata.namespace + # volumeMounts: + # - name: copy-portal-skins + # mountPath: /srv/var/lib/lemonldap-ng/portal/skins + + # -- Additional volumeMounts to the controller main container. + extraVolumeMounts: [] + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + # -- Additional volumes to the controller pod. + extraVolumes: [] + # - name: copy-portal-skins + # emptyDir: {} + + # -- Containers, which are run before the app containers are started. + extraInitContainers: [] + # - name: init-myservice + # image: busybox + # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + + extraModules: [] + ## Modules, which are mounted into the core nginx image + # - name: opentelemetry + # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220801-g00ee51f09@sha256:482562feba02ad178411efc284f8eb803a185e3ea5588b6111ccbc20b816b427 + # + # The image must contain a `/usr/local/bin/init_module.sh` executable, which + # will be executed as initContainers, to move its config files within the + # mounted volume. + + admissionWebhooks: + annotations: {} + # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". + + ## Additional annotations to the admission webhooks. + ## These annotations will be added to the ValidatingWebhookConfiguration and + ## the Jobs Spec of the admission webhooks. + enabled: true + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + # -- Admission Webhook failure policy to use + failurePolicy: Fail + # timeoutSeconds: 10 + port: 8443 + certificate: "/usr/local/certificates/cert" + key: "/usr/local/certificates/key" + namespaceSelector: {} + objectSelector: {} + # -- Labels to be added to admission webhooks + labels: {} + + # -- Use an existing PSP instead of creating one + existingPsp: "" + networkPolicyEnabled: false + + service: + annotations: {} + # clusterIP: "" + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 443 + type: ClusterIP + + createSecretJob: + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + patchWebhookJob: + resources: {} + + patch: + enabled: true + image: + registry: registry.k8s.io + image: ingress-nginx/kube-webhook-certgen + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: v1.3.0 + digest: sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + pullPolicy: IfNotPresent + # -- Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + podAnnotations: {} + nodeSelector: + kubernetes.io/os: linux + tolerations: [] + # -- Labels to be added to patch job resources + labels: {} + securityContext: + runAsNonRoot: true + runAsUser: 2000 + fsGroup: 2000 + + + metrics: + port: 10254 + # if this port is changed, change healthz-port: in extraArgs: accordingly + enabled: false + + service: + annotations: {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "10254" + + # clusterIP: "" + + # -- List of IP addresses at which the stats-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 10254 + type: ClusterIP + # externalTrafficPolicy: "" + # nodePort: "" + + serviceMonitor: + enabled: false + additionalLabels: {} + ## The label to use to retrieve the job name from. + ## jobLabel: "app.kubernetes.io/name" + namespace: "" + namespaceSelector: {} + ## Default: scrape .Release.Namespace only + ## To scrape all, use the following: + ## namespaceSelector: + ## any: true + scrapeInterval: 30s + # honorLabels: true + targetLabels: [] + relabelings: [] + metricRelabelings: [] + + prometheusRule: + enabled: false + additionalLabels: {} + # namespace: "" + rules: [] + # # These are just examples rules, please adapt them to your needs + # - alert: NGINXConfigFailed + # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: bad ingress config - nginx config test failed + # summary: uninstall the latest ingress changes to allow config reloads to resume + # - alert: NGINXCertificateExpiry + # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: ssl certificate(s) will expire in less then a week + # summary: renew expiring certificates to avoid downtime + # - alert: NGINXTooMany500s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 5XXs + # summary: More than 5% of all requests returned 5XX, this requires your attention + # - alert: NGINXTooMany400s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 4XXs + # summary: More than 5% of all requests returned 4XX, this requires your attention + + # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: + # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds + # to 300, allowing the draining of connections up to five minutes. + # If the active connections end before that, the pod will terminate gracefully at that time. + # To effectively take advantage of this feature, the Configmap feature + # worker-shutdown-timeout new value is 240s instead of 10s. + ## + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + + priorityClassName: "" + +# -- Rollback limit +## +revisionHistoryLimit: 10 + +## Default 404 backend +## +defaultBackend: + ## + enabled: false + + name: defaultbackend + image: + registry: registry.k8s.io + image: defaultbackend-amd64 + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "1.5" + pullPolicy: IfNotPresent + # nobody user -> uid 65534 + runAsUser: 65534 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + + # -- Use an existing PSP instead of creating one + existingPsp: "" + + extraArgs: {} + + serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + # -- Additional environment variables to set for defaultBackend pods + extraEnvs: [] + + port: 8080 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 0 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + affinity: {} + + # -- Security Context policies for controller pods + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + podSecurityContext: {} + + # -- Security Context policies for controller main container. + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + containerSecurityContext: {} + + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + + # -- Node labels for default backend pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux + + # -- Annotations to be added to default backend pods + ## + podAnnotations: {} + + replicaCount: 1 + + minAvailable: 1 + + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + extraVolumeMounts: [] + ## Additional volumeMounts to the default backend container. + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + extraVolumes: [] + ## Additional volumes to the default backend pod. + # - name: copy-portal-skins + # emptyDir: {} + + autoscaling: + annotations: {} + enabled: false + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + + service: + annotations: {} + + # clusterIP: "" + + # -- List of IP addresses at which the default backend service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + type: ClusterIP + + priorityClassName: "" + # -- Labels to be added to the default backend resources + labels: {} + +## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 +rbac: + create: true + scope: false + +## If true, create & use Pod Security Policy resources +## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + +serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + # -- Annotations for the controller service account + annotations: {} + +# -- Optional array of imagePullSecrets containing private registry credentials +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# - name: secretName + +# -- TCP service key-value pairs +## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md +## +tcp: {} +# 8080: "default/example-tcp-svc:9000" + +# -- UDP service key-value pairs +## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md +## +udp: {} +# 53: "kube-system/kube-dns:53" + +# -- Prefix for TCP and UDP ports names in ingress controller service +## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration +portNamePrefix: "" + +# -- (string) A base64-encoded Diffie-Hellman parameter. +# This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` +## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param +dhParam: diff --git a/packer/ansible/roles/helm_install/files/kafka/.helmignore b/packer/ansible/roles/helm_install/files/kafka/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/kafka/Chart.yaml b/packer/ansible/roles/helm_install/files/kafka/Chart.yaml new file mode 100644 index 0000000..1d1c065 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/Chart.yaml @@ -0,0 +1,5 @@ +aiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: kafkaset +version: 0.1.0 diff --git a/packer/ansible/roles/helm_install/files/kafka/README.txt b/packer/ansible/roles/helm_install/files/kafka/README.txt new file mode 100644 index 0000000..eeba075 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/README.txt @@ -0,0 +1,3 @@ + +포트 바꾸려면 values.yaml 수정과 +broker-config yaml 수정이 동시에 이루어져야 합니다 diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/Chart.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/Chart.yaml new file mode 100644 index 0000000..e5427b9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +appVersion: 0.20.0 +description: Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, + schema registry, connect and more... +home: https://akhq.io +icon: https://raw.githubusercontent.com/tchiotludo/akhq/master/client/src/images/logo_black.png +keywords: +- kafka +- confluent +- gui +- schema-registry +- kafka-connect +maintainers: +- email: tchiot.ludo@gmail.com + name: tchiotludo +name: akhq +sources: +- https://github.com/tchiotludo/akhq +version: 0.2.7 diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/LICENSE b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/LICENSE new file mode 100644 index 0000000..9c8f3ea --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/README.md b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/README.md new file mode 100644 index 0000000..80b2c3b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/README.md @@ -0,0 +1,124 @@ +# AKHQ (previously known as KafkaHQ) + +![Last Version](https://img.shields.io/github/tag-pre/tchiotludo/akhq.svg) +![License](https://img.shields.io/github/license/tchiotludo/akhq) +![Docker Pull](https://img.shields.io/docker/pulls/tchiotludo/akhq.svg) +![Github Downloads](https://img.shields.io/github/downloads/tchiotludo/akhq/total) +![Github Start](https://img.shields.io/github/stars/tchiotludo/akhq.svg) +![Main](https://github.com/tchiotludo/akhq/workflows/Main/badge.svg) +[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/akhq)](https://artifacthub.io/packages/search?repo=akhq) + +> Kafka GUI for [Apache Kafka](http://kafka.apache.org/) to manage topics, topics data, consumers group, schema registry, connect and more... + +

+ AKHQ for Kafka logo

+ AKHQ for Kafka preview +

+ +## Documentation +* The official AKHQ documentation can be found under: [akhq.io](https://akhq.io/docs) + + +## Sponsors + + + + +
+ + + Upstash + + +

Upstash: Serverless Kafka

+ +
    +
  • True Serverless Kafka with per-request-pricing
    • +
  • Managed Apache Kafka, works with all Kafka clients
    • +
  • Built-in REST API designed for serverless and edge functions
    • +
+ +[Start for free in 30 seconds!](https://upstash.com/?utm_source=AKHQ) +
+ + + + +
+ + + + Upstash + + +

Redpanda

+ +
    +
  • Redpanda is a streaming data platform for developers.
    • +
  • Kafka API compatible.
    • +
  • 10x faster. No ZooKeeper. No JVM!
    • +
+ +[redpanda.com](https://redpanda.com/?utm_source=AKHQ) +
+ +## From AKHQ project creator + + + + +
+ + + Upstash + + +

Kestra: Open source data orchestration and scheduling platform

+ +

+Kestra is an infinitely scalable orchestration and scheduling platform, creating, running, scheduling, and monitoring millions of complex pipelines. +

+ +[Discover the project!](https://github.com/kestra-io/kestra?utm_source=AKHQ) +
+ + + +## Who's using AKHQ +* [Adeo](https://www.adeo.com/) +* [Avlino](https://avlino.com/) +* [Auchan Retail](https://www.auchan-retail.com/) +* [BARMER](https://www.barmer.de/) +* [Bell](https://www.bell.ca) +* [Best buy](https://www.bestbuy.com) +* [BMW Group](https://www.bmwgroup.com) +* [Boulanger](https://www.boulanger.com/) +* [BPCE-IT](https://www.bpce-it.fr/) +* [Decathlon](https://www.decathlon.fr/) +* [Depop](https://www.depop.com) +* [Galeries Lafayette](https://www.galerieslafayette.com/) +* [GetYourGuide](https://www.getyourguide.com) +* [Kitopi](https://kitopi.com) +* [Klarna](https://www.klarna.com) +* [La Redoute](https://laredoute.io/) +* [Leroy Merlin](https://www.leroymerlin.fr/) +* [NEXT Technologies](https://www.nextapp.co/) +* [Nuxeo](https://www.nuxeo.com/) +* [Pipedrive](https://www.pipedrive.com) +* [TVG](https://www.tvg.com) +* [Vodeno](https://www.vodeno.com/) + + + +## Credits + +Many thanks to: + +* [JetBrains](https://www.jetbrains.com/?from=AKHQ) for their free OpenSource license. +* Apache, Apache Kafka, Kafka, and associated open source project names are trademarks of the Apache Software Foundation. AKHQ is not affiliated with, endorsed by, or otherwise associated with the Apache Software. + +[![Jetbrains](https://user-images.githubusercontent.com/2064609/55432917-6df7fc00-5594-11e9-90c4-5133fbb6d4da.png)](https://www.jetbrains.com/?from=AKHQ) + + +## License +Apache 2.0 © [tchiotludo](https://github.com/tchiotludo) diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/NOTES.txt new file mode 100644 index 0000000..ecaa0e6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range $.Values.ingress.paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "akhq.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "akhq.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "akhq.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "akhq.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.port }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/_helpers.tpl new file mode 100644 index 0000000..f7bce89 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "akhq.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "akhq.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "akhq.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "akhq.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "akhq.fullname" .) .Values.serviceAccountName }} +{{- else }} +{{- default "default" .Values.serviceAccountName }} +{{- end }} +{{- end }} + +{{/* +Return the appropriate apiVersion for Ingress +*/}} +{{- define "akhq.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/configmap.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/configmap.yaml new file mode 100644 index 0000000..6b8a4f3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.configuration }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "akhq.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "akhq.name" . }} + helm.sh/chart: {{ include "akhq.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + application.yml: | +{{ toYaml .Values.configuration | indent 4}} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/deployment.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/deployment.yaml new file mode 100644 index 0000000..b6acb36 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/deployment.yaml @@ -0,0 +1,129 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "akhq.fullname" . }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "akhq.name" . }} + helm.sh/chart: {{ include "akhq.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount | default 1 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "akhq.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + annotations: + {{- if .Values.configuration }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if and (not .Values.existingSecret) (.Values.secrets) }} + checksum/secrets: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "akhq.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: + {{ toYaml .Values.securityContext | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "akhq.serviceAccountName" . }} + {{- if .Values.initContainers }} + initContainers: + {{- range $key, $value := .Values.initContainers }} + - name: {{ $key }} +{{ toYaml $value | indent 10 }} + {{- end }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }} + {{- if .Values.containerSecurityContext }} + securityContext: + {{ toYaml .Values.containerSecurityContext | nindent 12 }} + {{- end }} + env: + {{- if .Values.extraEnv }}{{ toYaml .Values.extraEnv | trim | nindent 12 }}{{ end }} + {{- if or (.Values.existingSecrets) (.Values.secrets) }} + - name: MICRONAUT_ENVIRONMENTS + value: secrets + - name: MICRONAUT_CONFIG_FILES + value: /app/application.yml,/app/application-secrets.yml + {{- end }} + volumeMounts: + {{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 12 }}{{ end }} + {{- if .Values.configuration }} + - name: config + mountPath: /app/application.yml + subPath: application.yml + {{- end }} + {{- if or (.Values.existingSecrets) (.Values.secrets) }} + - name: secrets + mountPath: /app/application-secrets.yml + subPath: application-secrets.yml + {{- end }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + - name: management + containerPort: 28081 + protocol: TCP + livenessProbe: + tcpSocket: + port: management + readinessProbe: + httpGet: + path: {{ .Values.readinessProbe.prefix | default "" }}/health + port: management + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 6 }}{{ end }} + {{- if .Values.configuration }} + - name: config + configMap: + name: {{ template "akhq.fullname" . }} + {{- end }} + {{- if or (.Values.existingSecrets) (.Values.secrets) }} + - name: secrets + secret: + {{- if .Values.existingSecrets }} + secretName: {{ .Values.existingSecrets }} + {{- else }} + secretName: {{ template "akhq.fullname" . }}-secrets + {{- end }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/ingress.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/ingress.yaml new file mode 100644 index 0000000..47ff6c6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/ingress.yaml @@ -0,0 +1,53 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "akhq.fullname" . -}} +{{- $ingressPaths := .Values.ingress.paths -}} +apiVersion: {{ include "akhq.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app.kubernetes.io/name: {{ include "akhq.name" . }} + helm.sh/chart: {{ include "akhq.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: +{{- if and .Values.ingress.ingressClassName (eq (include "akhq.ingress.apiVersion" $) "networking.k8s.io/v1") }} + ingressClassName: {{ .Values.ingress.ingressClassName }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + {{- range $ingressPaths }} + - path: {{ . }} + {{- if eq (include "akhq.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: "ImplementationSpecific" + {{- end }} + backend: + {{- if eq (include "akhq.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $fullName }} + port: + name: http + {{ else }} + serviceName: {{ $fullName }} + servicePort: http + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/secret.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/secret.yaml new file mode 100644 index 0000000..77ac50c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/secret.yaml @@ -0,0 +1,19 @@ +{{- if and ( not .Values.existingSecrets) (.Values.secrets) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "akhq.fullname" . }}-secrets + labels: + app.kubernetes.io/name: {{ include "akhq.name" . }} + helm.sh/chart: {{ include "akhq.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + application-secrets.yml: {{ toYaml .Values.secrets | b64enc | quote }} + {{- if .Values.kafkaSecrets }} + {{- range $key, $value := .Values.kafkaSecrets }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/service.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/service.yaml new file mode 100644 index 0000000..2877ba8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "akhq.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "akhq.name" . }} + helm.sh/chart: {{ include "akhq.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- range $key, $value := .Values.service.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + annotations: + {{- range $key, $value := .Values.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if and (eq "NodePort" .Values.service.type) .Values.service.httpNodePort }} + nodePort: {{ .Values.service.httpNodePort }} + {{- end }} + selector: + app.kubernetes.io/name: {{ include "akhq.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/serviceaccount.yaml new file mode 100644 index 0000000..9acd47f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ include "akhq.name" . }} + helm.sh/chart: {{ include "akhq.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ include "akhq.serviceAccountName" . }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/akhq/values.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/values.yaml new file mode 100644 index 0000000..ee23561 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/akhq/values.yaml @@ -0,0 +1,145 @@ +# imagePullSecrets: +# - name: my-repository-secret +image: + repository: tchiotludo/akhq + tag: "" # uses Chart.AppVersion by default + +# custom annotations (example: for prometheus) +annotations: {} + #prometheus.io/scrape: 'true' + #prometheus.io/port: '8080' + #prometheus.io/path: '/prometheus' + +podAnnotations: {} + +# custom labels +labels: {} + # custom.label: 'true' + +podLabels: {} + +## You can put directly your configuration here... or add java opts or any other env vars +extraEnv: [] +# - name: AKHQ_CONFIGURATION +# value: | +# akhq: +# secrets: +# docker-kafka-server: +# properties: +# bootstrap.servers: "kafka:9092" +# - name: JAVA_OPTS +# value: "-Djavax.net.ssl.trustStore=/usr/local/openjdk-11/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=password" +# - name: CLASSPATH +# value: "/any/additional/jars/desired.jar:/go/here.jar" + +## Or you can also use configmap for the configuration... +configuration: + akhq: + server: + access-log: + enabled: false + name: org.akhq.log.access + +##... and secret for connection information +existingSecrets: "" +# name of the existingSecret +secrets: + akhq: + connections: + my-cluster-plain-text: + properties: + bootstrap.servers: "kafka:9092" +# schema-registry: +# url: "http://schema-registry:8085" +# type: "confluent" +# basic-auth-username: basic-auth-user +# basic-auth-password: basic-auth-pass +# connect: +# - name: "my-connect" +# url: "http://connect:8083" +# basic-auth-username: basic-auth-user +# basic-auth-password: basic-auth-pass + +kafkaSecrets: [] +#Provide extra base64 encoded kubernetes secrets (keystore/truststore) + +# Any extra volumes to define for the pod (like keystore/truststore) +extraVolumes: [] + +# Any extra volume mounts to define for the akhq container +extraVolumeMounts: [] + +# Specify ServiceAccount for pod +serviceAccountName: null +serviceAccount: + create: false + #annotations: + # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + +# Add your own init container or uncomment and modify the example. +initContainers: {} +# create-keystore: +# image: "openjdk:11-slim" +# command: ['sh', '-c', 'keytool'] +# volumeMounts: +# - mountPath: /tmp +# name: certs + +# Configure the Pod Security Context +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +securityContext: {} + # runAsNonRoot: true + # runAsUser: 1000 + +# Configure the Container Security Context +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +containerSecurityContext: {} + # allowPrivilegeEscalation: false + # privileged: false + # capabilities: + # drop: + # - ALL + # runAsNonRoot: true + # runAsUser: 1001 + # readOnlyRootFilesystem: true + +service: + enabled: true + type: NodePort + port: 80 + nodePort: 32551 + labels: {} + annotations: + # cloud.google.com/load-balancer-type: "Internal" + +ingress: + enabled: false + ingressClassName: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + paths: + - / + hosts: + - akhq.demo.com + tls: [] + # - secretName: akhq-tls + # hosts: + # - akhq.demo.com + +readinessProbe: + prefix: "" # set same as `micronaut.server.context-path` + +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/.helmignore b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/.helmignore new file mode 100644 index 0000000..7a93969 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +example/ +README.md diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/Chart.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/Chart.yaml new file mode 100644 index 0000000..5656f52 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +appVersion: v0.4.0 +description: A Helm chart for kafka-UI +icon: https://github.com/provectus/kafka-ui/raw/master/documentation/images/kafka-ui-logo.png +name: kafka-ui +type: application +version: v0.4.1 diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/index.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/index.yaml new file mode 100644 index 0000000..8728071 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/index.yaml @@ -0,0 +1,3 @@ +apiVersion: v1 +entries: {} +generated: "2021-11-11T12:26:08.479581+03:00" diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/NOTES.txt new file mode 100644 index 0000000..94e8d39 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kafka-ui.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kafka-ui.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kafka-ui.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kafka-ui.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:8080 +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/_helpers.tpl new file mode 100644 index 0000000..510452d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kafka-ui.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kafka-ui.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kafka-ui.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kafka-ui.labels" -}} +helm.sh/chart: {{ include "kafka-ui.chart" . }} +{{ include "kafka-ui.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kafka-ui.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kafka-ui.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kafka-ui.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kafka-ui.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + + +{{/* +This allows us to check if the registry of the image is specified or not. +*/}} +{{- define "kafka-ui.imageName" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repository := .Values.image.repository -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repository $tag -}} +{{- else }} +{{- printf "%s:%s" $repository $tag -}} +{{- end }} +{{- end -}} + diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/configmap.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/configmap.yaml new file mode 100644 index 0000000..22d2a69 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- if .Values.envs.config -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kafka-ui.fullname" . }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +data: + {{- toYaml .Values.envs.config | nindent 2 }} +{{- end -}} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/configmap_fromValues.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/configmap_fromValues.yaml new file mode 100644 index 0000000..ae8b769 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/configmap_fromValues.yaml @@ -0,0 +1,11 @@ +{{- if .Values.yamlApplicationConfig -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kafka-ui.fullname" . }}-fromvalues + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +data: + config.yml: |- + {{- toYaml .Values.yamlApplicationConfig | nindent 4}} +{{ end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/deployment.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/deployment.yaml new file mode 100644 index 0000000..1f7f6c9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/deployment.yaml @@ -0,0 +1,139 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kafka-ui.fullname" . }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +spec: +{{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- include "kafka-ui.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + labels: + {{- include "kafka-ui.selectorLabels" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kafka-ui.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "kafka-ui.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if or .Values.env .Values.yamlApplicationConfig .Values.yamlApplicationConfigConfigMap}} + env: + {{- with .Values.env }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if or .Values.yamlApplicationConfig .Values.yamlApplicationConfigConfigMap}} + - name: SPRING_CONFIG_LOCATION + {{- if .Values.yamlApplicationConfig }} + value: /kafka-ui/config.yml + {{- else if .Values.yamlApplicationConfigConfigMap }} + value: /kafka-ui/{{ .Values.yamlApplicationConfigConfigMap.keyName | default "config.yml" }} + {{- end }} + {{- end }} + {{- end }} + envFrom: + {{- if .Values.existingConfigMap }} + - configMapRef: + name: {{ .Values.existingConfigMap }} + {{- end }} + {{- if .Values.envs.config }} + - configMapRef: + name: {{ include "kafka-ui.fullname" . }} + {{- end }} + {{- if .Values.existingSecret }} + - secretRef: + name: {{ .Values.existingSecret }} + {{- end }} + {{- if .Values.envs.secret}} + - secretRef: + name: {{ include "kafka-ui.fullname" . }} + {{- end}} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + {{- $contextPath := .Values.envs.config.SERVER_SERVLET_CONTEXT_PATH | default "" | printf "%s/actuator/health" | urlParse }} + path: {{ get $contextPath "path" }} + port: http + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + readinessProbe: + httpGet: + {{- $contextPath := .Values.envs.config.SERVER_SERVLET_CONTEXT_PATH | default "" | printf "%s/actuator/health" | urlParse }} + path: {{ get $contextPath "path" }} + port: http + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- if or .Values.yamlApplicationConfig .Values.volumeMounts .Values.yamlApplicationConfigConfigMap}} + volumeMounts: + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.yamlApplicationConfig }} + - name: kafka-ui-yaml-conf + mountPath: /kafka-ui/ + {{- end }} + {{- if .Values.yamlApplicationConfigConfigMap}} + - name: kafka-ui-yaml-conf-configmap + mountPath: /kafka-ui/ + {{- end }} + {{- end }} + {{- if or .Values.yamlApplicationConfig .Values.volumes .Values.yamlApplicationConfigConfigMap}} + volumes: + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.yamlApplicationConfig }} + - name: kafka-ui-yaml-conf + configMap: + name: {{ include "kafka-ui.fullname" . }}-fromvalues + {{- end }} + {{- if .Values.yamlApplicationConfigConfigMap}} + - name: kafka-ui-yaml-conf-configmap + configMap: + name: {{ .Values.yamlApplicationConfigConfigMap.name }} + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/hpa.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/hpa.yaml new file mode 100644 index 0000000..1509ef3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kafka-ui.fullname" . }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kafka-ui.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/ingress.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/ingress.yaml new file mode 100644 index 0000000..7659867 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/ingress.yaml @@ -0,0 +1,87 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "kafka-ui.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") (trimPrefix "v" .Capabilities.KubeVersion.Version | semverCompare ">= 1.19" ) -}} +apiVersion: networking.k8s.io/v1 +{{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ tpl .Values.ingress.host . }} + secretName: {{ .Values.ingress.tls.secretName }} + {{- end }} + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + - http: + paths: +{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") (trimPrefix "v" .Capabilities.KubeVersion.Version | semverCompare ">= 1.19" ) -}} + {{- range .Values.ingress.precedingPaths }} + - path: {{ .path }} + pathType: Prefix + backend: + service: + name: {{ .serviceName }} + port: + number: {{ .servicePort }} + {{- end }} + - backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + pathType: Prefix +{{- if .Values.ingress.path }} + path: {{ .Values.ingress.path }} +{{- end }} + {{- range .Values.ingress.succeedingPaths }} + - path: {{ .path }} + pathType: Prefix + backend: + service: + name: {{ .serviceName }} + port: + number: {{ .servicePort }} + {{- end }} +{{- if tpl .Values.ingress.host . }} + host: {{tpl .Values.ingress.host . }} +{{- end }} +{{- else -}} + {{- range .Values.ingress.precedingPaths }} + - path: {{ .path }} + backend: + serviceName: {{ .serviceName }} + servicePort: {{ .servicePort }} + {{- end }} + - backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} +{{- if .Values.ingress.path }} + path: {{ .Values.ingress.path }} +{{- end }} + {{- range .Values.ingress.succeedingPaths }} + - path: {{ .path }} + backend: + serviceName: {{ .serviceName }} + servicePort: {{ .servicePort }} + {{- end }} +{{- if tpl .Values.ingress.host . }} + host: {{ tpl .Values.ingress.host . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/networkpolicy-egress.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/networkpolicy-egress.yaml new file mode 100644 index 0000000..4f58280 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/networkpolicy-egress.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.egressRules.customRules }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ printf "%s-egress" (include "kafka-ui.fullname" .) }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "kafka-ui.selectorLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + {{- if .Values.networkPolicy.egressRules.customRules }} + {{- toYaml .Values.networkPolicy.egressRules.customRules | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/networkpolicy-ingress.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/networkpolicy-ingress.yaml new file mode 100644 index 0000000..7498867 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/networkpolicy-ingress.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.customRules }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "kafka-ui.fullname" .) }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "kafka-ui.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + ingress: + {{- if .Values.networkPolicy.ingressRules.customRules }} + {{- toYaml .Values.networkPolicy.ingressRules.customRules | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/secret.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/secret.yaml new file mode 100644 index 0000000..a2ebf0f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "kafka-ui.fullname" . }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +type: Opaque +data: + {{- toYaml .Values.envs.secret | nindent 2 }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/service.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/service.yaml new file mode 100644 index 0000000..5801135 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kafka-ui.fullname" . }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | nindent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if (and (eq .Values.service.type "NodePort") .Values.service.nodePort) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + {{- include "kafka-ui.selectorLabels" . | nindent 4 }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/serviceaccount.yaml new file mode 100644 index 0000000..b89551c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kafka-ui.serviceAccountName" . }} + labels: + {{- include "kafka-ui.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/values.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/values.yaml new file mode 100644 index 0000000..d453453 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka-ui/values.yaml @@ -0,0 +1,151 @@ +replicaCount: 1 + +image: + registry: docker.io + repository: provectuslabs/kafka-ui + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +existingConfigMap: "" +yamlApplicationConfig: + {} + # kafka: + # clusters: + # - name: yaml + # bootstrapServers: kafka-service:9092 + # spring: + # security: + # oauth2: + # auth: + # type: disabled + # management: + # health: + # ldap: + # enabled: false +yamlApplicationConfigConfigMap: + {} + # keyName: config.yml + # name: configMapName +existingSecret: "" +envs: + secret: {} + config: + KAFKA_CLUSTERS_0_NAME: local + KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: kafka:9092 + +networkPolicy: + enabled: false + egressRules: + ## Additional custom egress rules + ## e.g: + ## customRules: + ## - to: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: [] + ingressRules: + ## Additional custom ingress rules + ## e.g: + ## customRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: [] + +podAnnotations: {} +podLabels: {} + +podSecurityContext: + {} + # fsGroup: 2000 + +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: NodePort + port: 80 + # if you want to force a specific nodePort. Must be use with service.type=NodePort + # nodePort: + +# Ingress configuration +ingress: + # Enable ingress resource + enabled: false + + # Annotations for the Ingress + annotations: {} + + # ingressClassName for the Ingress + ingressClassName: "" + + # The path for the Ingress + path: "" + + # The hostname for the Ingress + host: "" + + # configs for Ingress TLS + tls: + # Enable TLS termination for the Ingress + enabled: false + # the name of a pre-created Secret containing a TLS private key and certificate + secretName: "" + + # HTTP paths to add to the Ingress before the default path + precedingPaths: [] + + # Http paths to add to the Ingress after the default path + succeedingPaths: [] + +resources: + {} + # limits: + # cpu: 200m + # memory: 512Mi + # requests: + # cpu: 200m + # memory: 256Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +env: {} + +initContainers: {} + +volumeMounts: {} + +volumes: {} diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka/.helmignore b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka/1.broker-config.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/1.broker-config.yaml new file mode 100644 index 0000000..0b5a0c4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/1.broker-config.yaml @@ -0,0 +1,171 @@ +kind: ConfigMap +metadata: + name: broker-config +apiVersion: v1 +data: + init.sh: |- + #!/bin/bash + set -e + set -x + cp /etc/kafka-configmap/log4j.properties /etc/kafka/ + KAFKA_BROKER_ID=${HOSTNAME##*-} + SEDS=("s/#init#broker.id=#init#/broker.id=$KAFKA_BROKER_ID/") + LABELS="kafka-broker-id=$KAFKA_BROKER_ID" + ANNOTATIONS="" + hash kubectl 2>/dev/null || { + SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# kubectl not found in path/") + } && { + ZONE=$(kubectl get node "$NODE_NAME" -o=go-template='{{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}') + if [ $? -ne 0 ]; then + SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# zone lookup failed, see -c init-config logs/") + elif [ "x$ZONE" == "x" ]; then + SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# zone label not found for node $NODE_NAME/") + else + SEDS+=("s/#init#broker.rack=#init#/broker.rack=$ZONE/") + LABELS="$LABELS kafka-broker-rack=$ZONE" + fi + OUTSIDE_HOST=$(kubectl get node "$NODE_NAME" -o jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}') + if [ $? -ne 0 ]; then + echo "Outside (i.e. cluster-external access) host lookup command failed" + else + OUTSIDE_PORT=3240${KAFKA_BROKER_ID} + GLOBAL_PORT=3250${KAFKA_BROKER_ID} + SEDS+=("s|#init#advertised.listeners=OUTSIDE://#init#|advertised.listeners=OUTSIDE://${OUTSIDE_HOST}:${OUTSIDE_PORT},GLOBAL://${OUTSIDE_HOST}:${GLOBAL_PORT}|") + ANNOTATIONS="$ANNOTATIONS kafka-listener-outside-host=$OUTSIDE_HOST kafka-listener-outside-port=$OUTSIDE_PORT" + fi + if [ ! -z "$LABELS" ]; then + kubectl -n $POD_NAMESPACE label pod $POD_NAME $LABELS || echo "Failed to label $POD_NAMESPACE.$POD_NAME - RBAC issue?" + fi + if [ ! -z "$ANNOTATIONS" ]; then + kubectl -n $POD_NAMESPACE annotate pod $POD_NAME $ANNOTATIONS || echo "Failed to annotate $POD_NAMESPACE.$POD_NAME - RBAC issue?" + fi + } + printf '%s\n' "${SEDS[@]}" | sed -f - /etc/kafka-configmap/server.properties > /etc/kafka/server.properties.tmp + [ $? -eq 0 ] && mv /etc/kafka/server.properties.tmp /etc/kafka/server.properties + server.properties: |- + # init부 수정 금지 ( init.sh에 디펜던시) + #init#broker.id=#init# + #init#broker.rack=#init# + #init#advertised.listeners=OUTSIDE://#init#,PLAINTEXT://:9092 + ######################################################################## + ##### Broker, Zookeeper + log.dirs=/var/lib/kafka/data/topics + zookeeper.connect=zookeeper:2181 + zookeeper.session.timeout.ms=18000 + controller.quorum.election.backoff.max.ms=1000 + controller.quorum.election.timeout.ms=1000 + ######################################################################## + ##### Listener + listeners=OUTSIDE://:9094,PLAINTEXT://:9092,GLOBAL://:9095 + listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL,OUTSIDE:PLAINTEXT,GLOBAL:PLAINTEXT + inter.broker.listener.name=PLAINTEXT + ######################################################################## + ###### Thread + background.threads=10 + num.recovery.threads.per.data.dir=1 + num.io.threads=10 + num.network.threads=4 + num.replica.fetchers=4 + log.cleaner.threads=1 + ######################################################################## + ###### Topic, Partition + replica.fetch.min.bytes=1 + replica.lag.time.max.ms=30000 + auto.create.topics.enable=true + default.replication.factor=1 + min.insync.replicas=1 + delete.topic.enable=true + num.partitions=12 + auto.leader.rebalance.enable=true + leader.imbalance.check.interval.seconds=120 + ######################################################################## + ##### Log, Message + log.cleaner.enable=true + log.cleanup.policy=delete + log.segment.delete.delay.ms=60000 + log.flush.interval.messages=1000000 + log.flush.interval.ms=60000 + log.flush.scheduler.interval.ms=2000 + log.flush.offset.checkpoint.interval.ms=60000 + ######################################################################## + ##### Offset, Commit + offsets.retention.minutes=1440 + offsets.topic.replication.factor=1 + ######################################################################## + ##### MessageSize, Socket + message.max.bytes=1048576 + max.message.bytes=1048576 + replica.fetch.max.bytes=1048576 + socket.receive.buffer.bytes=1048576 + socket.send.buffer.bytes=1048576 + replica.socket.receive.buffer.bytes=65536 + socket.request.max.bytes=104857600 + ######################################################################## + ##### Retention + log.retention.minutes=5 + log.retention.bytes=1073741824 + log.retention.check.interval.ms=60000 + log.segment.bytes=536870912 + log4j.properties: |- + # Unspecified loggers and loggers with additivity=true output to server.log and stdout + # Note that INFO only applies to unspecified loggers, the log level of the child logger is used otherwise + log4j.rootLogger=INFO, stdout + log4j.appender.stdout=org.apache.log4j.ConsoleAppender + log4j.appender.stdout.layout=org.apache.log4j.PatternLayout + log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n + log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender + log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH + log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log + log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout + log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender + log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH + log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log + log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout + log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender + log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH + log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log + log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout + log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender + log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH + log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log + log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout + log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender + log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH + log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log + log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout + log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender + log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH + log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log + log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout + log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n + # Change the two lines below to adjust ZK client logging + log4j.logger.org.I0Itec.zkclient.ZkClient=INFO + log4j.logger.org.apache.zookeeper=INFO + # Change the two lines below to adjust the general broker logging level (output to server.log and stdout) + log4j.logger.kafka=INFO + log4j.logger.org.apache.kafka=INFO + # Change to DEBUG or TRACE to enable request logging + log4j.logger.kafka.request.logger=WARN, requestAppender + log4j.additivity.kafka.request.logger=false + # Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output + # related to the handling of requests + #log4j.logger.kafka.network.Processor=TRACE, requestAppender + #log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender + #log4j.additivity.kafka.server.KafkaApis=false + log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender + log4j.additivity.kafka.network.RequestChannel$=false + log4j.logger.kafka.controller=TRACE, controllerAppender + log4j.additivity.kafka.controller=false + log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender + log4j.additivity.kafka.log.LogCleaner=false + log4j.logger.state.change.logger=TRACE, stateChangeAppender + log4j.additivity.state.change.logger=false + # Change to DEBUG to enable audit log for the authorizer + log4j.logger.kafka.authorizer.logger=WARN, authorizerAppender + log4j.additivity.kafka.authorizer.logger=false + diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka/Chart.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/Chart.yaml new file mode 100644 index 0000000..9565567 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: kafka +version: 0.1.0 diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/2.dns.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/2.dns.yaml new file mode 100644 index 0000000..73c9ee1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/2.dns.yaml @@ -0,0 +1,14 @@ +# A headless service to create DNS records +--- +apiVersion: v1 +kind: Service +metadata: + name: kafka-headless + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 9092 + clusterIP: None + selector: + app: kafka +--- diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/3.bootstrap-service.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/3.bootstrap-service.yaml new file mode 100644 index 0000000..d96c323 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/3.bootstrap-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: +# name: bootstrap + name: kafka + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 9092 + selector: + app: kafka diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/5.kafka.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/5.kafka.yaml new file mode 100644 index 0000000..3dc02ce --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/5.kafka.yaml @@ -0,0 +1,124 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kafka + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: kafka + serviceName: "kafka-headless" + replicas: 3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + template: + metadata: + labels: + app: kafka + spec: + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + + terminationGracePeriodSeconds: 30 + initContainers: + - name: init-config + image: {{ .Values.initContainers.image.repository }}:{{ .Values.initContainers.image.tag }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: ['/bin/bash', '/etc/kafka-configmap/init.sh'] + volumeMounts: + - name: configmap + mountPath: /etc/kafka-configmap + - name: config + mountPath: /etc/kafka + - name: extensions + mountPath: /opt/kafka/libs/extensions + containers: + - name: broker + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + env: + - name: CLASSPATH + value: /opt/kafka/libs/extensions/* + - name: KAFKA_LOG4J_OPTS + value: -Dlog4j.configuration=file:/etc/kafka/log4j.properties + - name: JMX_PORT + value: "5555" + - name: KAFKA_OPTS + value: -javaagent:/opt/kafka/jmx_prometheus_javaagent-0.15.0.jar=9010:/opt/kafka/config.yaml + ports: + - name: inside + containerPort: 9092 + - name: outside + containerPort: 9094 + - name: global + containerPort: 9095 + - name: jmx + containerPort: 9010 + command: + - ./bin/kafka-server-start.sh + - /etc/kafka/server.properties + lifecycle: + preStop: + exec: + command: ["sh", "-ce", "kill -s TERM 1; while $(kill -0 1 2>/dev/null); do sleep 1; done"] + resources: + requests: + cpu: 500m + memory: 6000Mi + limits: + # This limit was intentionally set low as a reminder that + # the entire Yolean/kubernetes-kafka is meant to be tweaked + # before you run production workloads + cpu: 1000m + memory: 10000Mi + readinessProbe: + tcpSocket: + port: 9092 + timeoutSeconds: 1 + volumeMounts: + - name: config + mountPath: /etc/kafka + - name: data + mountPath: /var/lib/kafka/data + - name: extensions + mountPath: /opt/kafka/libs/extensions + volumes: + - name: configmap + configMap: + name: broker-config + - name: config + emptyDir: {} + - name: extensions + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.global.StorageClassName }} + resources: + requests: + storage: 50Gi + diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/6.outside.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/6.outside.yaml new file mode 100644 index 0000000..ddaac45 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/templates/6.outside.yaml @@ -0,0 +1,127 @@ +kind: Service +apiVersion: v1 +metadata: + name: kafka-outside-0 + namespace: {{ .Release.Namespace }} +spec: + selector: + app: kafka + kafka-broker-id: "0" + ports: + - protocol: TCP + targetPort: 9094 + port: 32400 + nodePort: {{ .Values.service.kafka_outside_0 }} + type: NodePort +--- +kind: Service +apiVersion: v1 +metadata: + name: kafka-outside-1 + namespace: {{ .Release.Namespace }} +spec: + selector: + app: kafka + kafka-broker-id: "1" + ports: + - protocol: TCP + targetPort: 9094 + port: 32401 + nodePort: {{ .Values.service.kafka_outside_1 }} + type: NodePort +--- +kind: Service +apiVersion: v1 +metadata: + name: kafka-outside-2 + namespace: {{ .Release.Namespace }} +spec: + selector: + app: kafka + kafka-broker-id: "2" + ports: + - protocol: TCP + targetPort: 9094 + port: 32402 + nodePort: {{ .Values.service.kafka_outside_2 }} + type: NodePort +--- +kind: Service +apiVersion: v1 +metadata: + name: kafka-global-0 + namespace: {{ .Release.Namespace }} +spec: + selector: + app: kafka + kafka-broker-id: "0" + ports: + - protocol: TCP + targetPort: 9095 + port: 32500 + nodePort: {{ .Values.service.kafka_global_0 }} + type: NodePort +--- +kind: Service +apiVersion: v1 +metadata: + name: kafka-global-1 + namespace: {{ .Release.Namespace }} +spec: + selector: + app: kafka + kafka-broker-id: "1" + ports: + - protocol: TCP + targetPort: 9095 + port: 32501 + nodePort: {{ .Values.service.kafka_global_1 }} + type: NodePort +--- +kind: Service +apiVersion: v1 +metadata: + name: kafka-global-2 + namespace: {{ .Release.Namespace }} +spec: + selector: + app: kafka + kafka-broker-id: "2" + ports: + - protocol: TCP + targetPort: 9095 + port: 32502 + nodePort: {{ .Values.service.kafka_global_2 }} + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + name: kafka-broker + namespace: {{ .Release.Namespace }} +spec: + type: NodePort + ports: + - port: 9094 + name: kafka + protocol: TCP + targetPort: 9094 + nodePort: {{ .Values.service.kafka_broker }} + selector: + app: kafka +--- +apiVersion: v1 +kind: Service +metadata: + name: kafka-broker-global + namespace: {{ .Release.Namespace }} +spec: + type: NodePort + ports: + - port: 9095 + name: kafka + protocol: TCP + targetPort: 9095 + nodePort: {{ .Values.service.kafka_broker_global }} + selector: + app: kafka diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/kafka/values.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/values.yaml new file mode 100644 index 0000000..8e74b79 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/kafka/values.yaml @@ -0,0 +1,73 @@ +# Default values for kafka. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + tag: stable + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +service: + kafka_outside_0: "32400" + kafka_outside_1: "32401" + kafka_global_0: "32500" + kafka_global_1: "32501" + kafka_broker: "9094" + kafka_broker_global: "9095" diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/.helmignore b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/Chart.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/Chart.yaml new file mode 100644 index 0000000..c9a2bfb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: zookeeper +version: 0.1.0 diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/0.config.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/0.config.yaml new file mode 100644 index 0000000..7d26875 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/0.config.yaml @@ -0,0 +1,35 @@ +kind: ConfigMap +metadata: + name: zookeeper-config + namespace: {{ .Release.Namespace }} +apiVersion: v1 +data: + init.sh: |- + #!/bin/bash + set -e + set -x + [ -d /var/lib/zookeeper/data ] || mkdir /var/lib/zookeeper/data + [ -z "$ID_OFFSET" ] && ID_OFFSET=1 + export ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-} + $ID_OFFSET)) + echo "${ZOOKEEPER_SERVER_ID:-1}" | tee /var/lib/zookeeper/data/myid + cp -Lur /etc/kafka-configmap/* /etc/kafka/ + sed -i "s/server\.$ZOOKEEPER_SERVER_ID\=[a-z0-9.-]*/server.$ZOOKEEPER_SERVER_ID=0.0.0.0/" /etc/kafka/zookeeper.properties + zookeeper.properties: |- + tickTime=2000 + dataDir=/var/lib/zookeeper/data + dataLogDir=/var/lib/zookeeper/log + clientPort=2181 + maxClientCnxns=0 + initLimit=5 + syncLimit=2 + server.1=zookeeper-0.zookeeper-headless.{{ .Release.Namespace }}.svc.cluster.local:2888:3888:participant + server.2=zookeeper-1.zookeeper-headless.{{ .Release.Namespace }}.svc.cluster.local:2888:3888:participant + server.3=zookeeper-2.zookeeper-headless.{{ .Release.Namespace }}.svc.cluster.local:2888:3888:participant + log4j.properties: |- + log4j.rootLogger=INFO, stdout + log4j.appender.stdout=org.apache.log4j.ConsoleAppender + log4j.appender.stdout.layout=org.apache.log4j.PatternLayout + log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n + # Suppress connection log messages, three lines per livenessProbe execution + log4j.logger.org.apache.zookeeper.server.NIOServerCnxnFactory=WARN + log4j.logger.org.apache.zookeeper.server.NIOServerCnxn=WARN diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/1.service-leader-election.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/1.service-leader-election.yaml new file mode 100644 index 0000000..7ceca4c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/1.service-leader-election.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: zookeeper-headless + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 2888 + name: peer + - port: 3888 + name: leader-election + clusterIP: None + selector: + app: zookeeper + storage: persistent + diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/2.service-client.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/2.service-client.yaml new file mode 100644 index 0000000..d9137e5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/2.service-client.yaml @@ -0,0 +1,12 @@ +# the headless service is for PetSet DNS, this one is for clients +apiVersion: v1 +kind: Service +metadata: + name: zookeeper + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 2181 + name: client + selector: + app: zookeeper diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/4.statefulset.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/4.statefulset.yaml new file mode 100644 index 0000000..48fad18 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/templates/4.statefulset.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: zookeeper + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: zookeeper + storage: persistent + serviceName: "zookeeper-headless" + replicas: 3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + template: + metadata: + labels: + app: zookeeper + storage: persistent + annotations: + spec: + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + + terminationGracePeriodSeconds: 10 + initContainers: + - name: init-config + image: {{ .Values.initContainers.image.repository }}:{{ .Values.initContainers.image.tag }} + command: ['/bin/bash', '/etc/kafka-configmap/init.sh'] + volumeMounts: + - name: configmap + mountPath: /etc/kafka-configmap + - name: config + mountPath: /etc/kafka + - name: data + mountPath: /var/lib/zookeeper + containers: + - name: zookeeper + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + env: + - name: KAFKA_LOG4J_OPTS + value: -Dlog4j.configuration=file:/etc/kafka/log4j.properties + command: + - ./bin/zookeeper-server-start.sh + - /etc/kafka/zookeeper.properties + lifecycle: + preStop: + exec: + command: ["sh", "-ce", "kill -s TERM 1; while $(kill -0 1 2>/dev/null); do sleep 1; done"] + ports: + - containerPort: 2181 + name: client + - containerPort: 2888 + name: peer + - containerPort: 3888 + name: leader-election + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 200m + memory: 1000Mi + readinessProbe: + exec: + command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 localhost 2181 | grep imok'] + volumeMounts: + - name: config + mountPath: /etc/kafka + - name: data + mountPath: /var/lib/zookeeper + volumes: + - name: configmap + configMap: + name: zookeeper-config + - name: config + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.global.StorageClassName }} + resources: + requests: + storage: 30Gi diff --git a/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/values.yaml b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/values.yaml new file mode 100644 index 0000000..386a195 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/charts/zookeeper/values.yaml @@ -0,0 +1,68 @@ +# Default values for zookeeper. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + tag: stable + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/packer/ansible/roles/helm_install/files/kafka/index.yaml b/packer/ansible/roles/helm_install/files/kafka/index.yaml new file mode 100644 index 0000000..62a41a3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/index.yaml @@ -0,0 +1,3 @@ +apiVersion: v1 +entries: {} +generated: "2019-11-05T09:47:03.285264152+09:00" diff --git a/packer/ansible/roles/helm_install/files/kafka/templates/role.yaml b/packer/ansible/roles/helm_install/files/kafka/templates/role.yaml new file mode 100644 index 0000000..0fe24af --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/templates/role.yaml @@ -0,0 +1,16 @@ +kind: ClusterRoleBinding +{{- if semverCompare ">=1.17-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- end }} +metadata: + name: {{ .Release.Name }}-cluster-admin-clusterrolebinding +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin diff --git a/packer/ansible/roles/helm_install/files/kafka/test b/packer/ansible/roles/helm_install/files/kafka/test new file mode 100644 index 0000000..d1fbcf1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/test @@ -0,0 +1,637 @@ +--- +# Source: kafkaset/charts/akhq/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: test-akhq-secrets + labels: + app.kubernetes.io/name: akhq + helm.sh/chart: akhq-0.2.7 + app.kubernetes.io/instance: test + app.kubernetes.io/managed-by: Helm +type: Opaque +data: + application-secrets.yml: "YWtocToKICBjb25uZWN0aW9uczoKICAgIG15LWNsdXN0ZXItcGxhaW4tdGV4dDoKICAgICAgcHJvcGVydGllczoKICAgICAgICBib290c3RyYXAuc2VydmVyczoga2Fma2E6OTA5Mg==" +--- +# Source: kafkaset/charts/akhq/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-akhq + labels: + app.kubernetes.io/name: akhq + helm.sh/chart: akhq-0.2.7 + app.kubernetes.io/instance: test + app.kubernetes.io/managed-by: Helm +data: + application.yml: | + akhq: + server: + access-log: + enabled: false + name: org.akhq.log.access +--- +# Source: kafkaset/charts/zookeeper/templates/0.config.yaml +kind: ConfigMap +metadata: + name: zookeeper-config + namespace: dsk-middle +apiVersion: v1 +data: + init.sh: |- + #!/bin/bash + set -e + set -x + [ -d /var/lib/zookeeper/data ] || mkdir /var/lib/zookeeper/data + [ -z "$ID_OFFSET" ] && ID_OFFSET=1 + export ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-} + $ID_OFFSET)) + echo "${ZOOKEEPER_SERVER_ID:-1}" | tee /var/lib/zookeeper/data/myid + cp -Lur /etc/kafka-configmap/* /etc/kafka/ + sed -i "s/server\.$ZOOKEEPER_SERVER_ID\=[a-z0-9.-]*/server.$ZOOKEEPER_SERVER_ID=0.0.0.0/" /etc/kafka/zookeeper.properties + zookeeper.properties: |- + tickTime=2000 + dataDir=/var/lib/zookeeper/data + dataLogDir=/var/lib/zookeeper/log + clientPort=2181 + maxClientCnxns=0 + initLimit=5 + syncLimit=2 + server.1=zookeeper-0.zookeeper-headless.dsk-middle.svc.cluster.local:2888:3888:participant + server.2=zookeeper-1.zookeeper-headless.dsk-middle.svc.cluster.local:2888:3888:participant + server.3=zookeeper-2.zookeeper-headless.dsk-middle.svc.cluster.local:2888:3888:participant + log4j.properties: |- + log4j.rootLogger=INFO, stdout + log4j.appender.stdout=org.apache.log4j.ConsoleAppender + log4j.appender.stdout.layout=org.apache.log4j.PatternLayout + log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n + # Suppress connection log messages, three lines per livenessProbe execution + log4j.logger.org.apache.zookeeper.server.NIOServerCnxnFactory=WARN + log4j.logger.org.apache.zookeeper.server.NIOServerCnxn=WARN +--- +# Source: kafkaset/templates/role.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: test-cluster-admin-clusterrolebinding +subjects: +- kind: ServiceAccount + name: default + namespace: dsk-middle +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +--- +# Source: kafkaset/charts/akhq/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: test-akhq + labels: + app.kubernetes.io/name: akhq + helm.sh/chart: akhq-0.2.7 + app.kubernetes.io/instance: test + app.kubernetes.io/managed-by: Helm + annotations: +spec: + type: NodePort + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: akhq + app.kubernetes.io/instance: test +--- +# Source: kafkaset/charts/kafka/templates/2.dns.yaml +apiVersion: v1 +kind: Service +metadata: + name: kafka-headless + namespace: dsk-middle +spec: + ports: + - port: 9092 + clusterIP: None + selector: + app: kafka +--- +# Source: kafkaset/charts/kafka/templates/3.bootstrap-service.yaml +apiVersion: v1 +kind: Service +metadata: +# name: bootstrap + name: kafka + namespace: dsk-middle +spec: + ports: + - port: 9092 + selector: + app: kafka +--- +# Source: kafkaset/charts/kafka/templates/6.outside.yaml +kind: Service +apiVersion: v1 +metadata: + name: kafka-outside-0 + namespace: dsk-middle +spec: + selector: + app: kafka + kafka-broker-id: "0" + ports: + - protocol: TCP + targetPort: 9094 + port: 32400 + nodePort: 32400 + type: NodePort +--- +# Source: kafkaset/charts/kafka/templates/6.outside.yaml +kind: Service +apiVersion: v1 +metadata: + name: kafka-outside-1 + namespace: dsk-middle +spec: + selector: + app: kafka + kafka-broker-id: "1" + ports: + - protocol: TCP + targetPort: 9094 + port: 32401 + nodePort: 32401 + type: NodePort +--- +# Source: kafkaset/charts/kafka/templates/6.outside.yaml +kind: Service +apiVersion: v1 +metadata: + name: kafka-outside-2 + namespace: dsk-middle +spec: + selector: + app: kafka + kafka-broker-id: "2" + ports: + - protocol: TCP + targetPort: 9094 + port: 32402 + nodePort: 32402 + type: NodePort +--- +# Source: kafkaset/charts/kafka/templates/6.outside.yaml +kind: Service +apiVersion: v1 +metadata: + name: kafka-global-0 + namespace: dsk-middle +spec: + selector: + app: kafka + kafka-broker-id: "0" + ports: + - protocol: TCP + targetPort: 9095 + port: 32500 + nodePort: 32500 + type: NodePort +--- +# Source: kafkaset/charts/kafka/templates/6.outside.yaml +kind: Service +apiVersion: v1 +metadata: + name: kafka-global-1 + namespace: dsk-middle +spec: + selector: + app: kafka + kafka-broker-id: "1" + ports: + - protocol: TCP + targetPort: 9095 + port: 32501 + nodePort: 32501 + type: NodePort +--- +# Source: kafkaset/charts/kafka/templates/6.outside.yaml +kind: Service +apiVersion: v1 +metadata: + name: kafka-global-2 + namespace: dsk-middle +spec: + selector: + app: kafka + kafka-broker-id: "2" + ports: + - protocol: TCP + targetPort: 9095 + port: 32502 + nodePort: 32502 + type: NodePort +--- +# Source: kafkaset/charts/kafka/templates/6.outside.yaml +apiVersion: v1 +kind: Service +metadata: + name: kafka-broker + namespace: dsk-middle +spec: + type: NodePort + ports: + - port: 9094 + name: kafka + protocol: TCP + targetPort: 9094 + nodePort: 30094 + selector: + app: kafka +--- +# Source: kafkaset/charts/kafka/templates/6.outside.yaml +apiVersion: v1 +kind: Service +metadata: + name: kafka-broker-global + namespace: dsk-middle +spec: + type: NodePort + ports: + - port: 9095 + name: kafka + protocol: TCP + targetPort: 9095 + nodePort: 30095 + selector: + app: kafka +--- +# Source: kafkaset/charts/zookeeper/templates/1.service-leader-election.yaml +apiVersion: v1 +kind: Service +metadata: + name: zookeeper-headless + namespace: dsk-middle +spec: + ports: + - port: 2888 + name: peer + - port: 3888 + name: leader-election + clusterIP: None + selector: + app: zookeeper + storage: persistent +--- +# Source: kafkaset/charts/zookeeper/templates/2.service-client.yaml +# the headless service is for PetSet DNS, this one is for clients +apiVersion: v1 +kind: Service +metadata: + name: zookeeper + namespace: dsk-middle +spec: + ports: + - port: 2181 + name: client + selector: + app: zookeeper +--- +# Source: kafkaset/charts/akhq/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test-akhq + labels: + app.kubernetes.io/name: akhq + helm.sh/chart: akhq-0.2.7 + app.kubernetes.io/instance: test + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: akhq + app.kubernetes.io/instance: test + template: + metadata: + annotations: + checksum/config: 00490bc3c20c1a8c6ab1b49540d63065ad39aae5b19766fc0a884db2c0b5ecbf + checksum/secrets: 235bfd9fa6c8713d840dc969c1c05fd1b82c200a02bd4187955d14a983effe58 + labels: + app.kubernetes.io/name: akhq + app.kubernetes.io/instance: test + spec: + serviceAccountName: default + containers: + - name: akhq + image: "tchiotludo/akhq:0.20.0" + imagePullPolicy: Always + env: + - name: MICRONAUT_ENVIRONMENTS + value: secrets + - name: MICRONAUT_CONFIG_FILES + value: /app/application.yml,/app/application-secrets.yml + volumeMounts: + - name: config + mountPath: /app/application.yml + subPath: application.yml + - name: secrets + mountPath: /app/application-secrets.yml + subPath: application-secrets.yml + ports: + - name: http + containerPort: 8080 + protocol: TCP + - name: management + containerPort: 28081 + protocol: TCP + livenessProbe: + tcpSocket: + port: management + readinessProbe: + httpGet: + path: /health + port: management + resources: + {} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka + tolerations: + - key: dev/data-kafka + operator: Exists + volumes: + - name: config + configMap: + name: test-akhq + - name: secrets + secret: + secretName: test-akhq-secrets +--- +# Source: kafkaset/charts/kafka/templates/5.kafka.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kafka + namespace: dsk-middle +spec: + selector: + matchLabels: + app: kafka + serviceName: "kafka-headless" + replicas: 3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + template: + metadata: + labels: + app: kafka + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka + weight: 100 + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - zookeeper + topologyKey: kubernetes.io/hostname + weight: 50 + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - kafka + topologyKey: kubernetes.io/hostname + weight: 50 + tolerations: + - key: dev/data-kafka + operator: Exists + + terminationGracePeriodSeconds: 30 + initContainers: + - name: init-config + image: datasaker/kafka-initutils:v1.0.0 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: ['/bin/bash', '/etc/kafka-configmap/init.sh'] + volumeMounts: + - name: configmap + mountPath: /etc/kafka-configmap + - name: config + mountPath: /etc/kafka + - name: extensions + mountPath: /opt/kafka/libs/extensions + containers: + - name: broker + image: datasaker/kafka:v1.0.1 + env: + - name: CLASSPATH + value: /opt/kafka/libs/extensions/* + - name: KAFKA_LOG4J_OPTS + value: -Dlog4j.configuration=file:/etc/kafka/log4j.properties + - name: JMX_PORT + value: "5555" + - name: KAFKA_OPTS + value: -javaagent:/opt/kafka/jmx_prometheus_javaagent-0.15.0.jar=9010:/opt/kafka/config.yaml + ports: + - name: inside + containerPort: 9092 + - name: outside + containerPort: 9094 + - name: global + containerPort: 9095 + - name: jmx + containerPort: 9010 + command: + - ./bin/kafka-server-start.sh + - /etc/kafka/server.properties + lifecycle: + preStop: + exec: + command: ["sh", "-ce", "kill -s TERM 1; while $(kill -0 1 2>/dev/null); do sleep 1; done"] + resources: + requests: + cpu: 500m + memory: 6000Mi + limits: + # This limit was intentionally set low as a reminder that + # the entire Yolean/kubernetes-kafka is meant to be tweaked + # before you run production workloads + cpu: 1000m + memory: 10000Mi + readinessProbe: + tcpSocket: + port: 9092 + timeoutSeconds: 1 + volumeMounts: + - name: config + mountPath: /etc/kafka + - name: data + mountPath: /var/lib/kafka/data + - name: extensions + mountPath: /opt/kafka/libs/extensions + volumes: + - name: configmap + configMap: + name: broker-config + - name: config + emptyDir: {} + - name: extensions + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: + resources: + requests: + storage: 50Gi +--- +# Source: kafkaset/charts/zookeeper/templates/4.statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: zookeeper + namespace: dsk-middle +spec: + selector: + matchLabels: + app: zookeeper + storage: persistent + serviceName: "zookeeper-headless" + replicas: 3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + template: + metadata: + labels: + app: zookeeper + storage: persistent + annotations: + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - zookeeper + topologyKey: kubernetes.io/hostname + weight: 50 + tolerations: + - key: dev/data-kafka + operator: Exists + + terminationGracePeriodSeconds: 10 + initContainers: + - name: init-config + image: datasaker/kafka-initutils:v1.0.0 + command: ['/bin/bash', '/etc/kafka-configmap/init.sh'] + volumeMounts: + - name: configmap + mountPath: /etc/kafka-configmap + - name: config + mountPath: /etc/kafka + - name: data + mountPath: /var/lib/zookeeper + containers: + - name: zookeeper + image: datasaker/kafka:v1.0.0 + env: + - name: KAFKA_LOG4J_OPTS + value: -Dlog4j.configuration=file:/etc/kafka/log4j.properties + command: + - ./bin/zookeeper-server-start.sh + - /etc/kafka/zookeeper.properties + lifecycle: + preStop: + exec: + command: ["sh", "-ce", "kill -s TERM 1; while $(kill -0 1 2>/dev/null); do sleep 1; done"] + ports: + - containerPort: 2181 + name: client + - containerPort: 2888 + name: peer + - containerPort: 3888 + name: leader-election + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 200m + memory: 1000Mi + readinessProbe: + exec: + command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 localhost 2181 | grep imok'] + volumeMounts: + - name: config + mountPath: /etc/kafka + - name: data + mountPath: /var/lib/zookeeper + volumes: + - name: configmap + configMap: + name: zookeeper-config + - name: config + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: + resources: + requests: + storage: 30Gi +--- +# Source: kafkaset/charts/kafka/templates/2.dns.yaml +# A headless service to create DNS records diff --git a/packer/ansible/roles/helm_install/files/kafka/values.yaml b/packer/ansible/roles/helm_install/files/kafka/values.yaml new file mode 100644 index 0000000..4856d73 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kafka/values.yaml @@ -0,0 +1,199 @@ +# Default values for sample. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + tag: stable + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +#service: +# type: ClusterIP +# port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {"datasaker/group": "data"} + +tolerations: [] + +affinity: {} + +global: + KAFKA_BROKER_CONFIG: "{{index .metadata.labels \"failure-domain.beta.kubernetes.io/zone\"}}" + + # KAFK_INITUTILS_VERSION: v1.0.0 + # KAFKA_VERSION: v1.0.1 + + # 레지스트리 변수화 (Public Cloud 대비 / 아래 값 적절히 수정해서 사용할 것) + # IMXC_REGISTRY: icn.ocir.io/cntxl7bbdp4p + # StorageClassName: openebs-hostpath + + +# kafka의 노드 포트들을 명-시 +kafka: + image: + repository: datasaker/kafka + tag: v1.0.1 + initContainers: + image: + repository: datasaker/kafka-initutils + tag: v1.0.0 + service: + kafka_outside_0: "32400" + kafka_outside_1: "32401" + kafka_outside_2: "32402" + kafka_global_0: "32500" + kafka_global_1: "32501" + kafka_global_2: "32502" + kafka_broker: "30094" + kafka_broker_global: "30095" + + tolerations: + - key: "dev/data-kafka" + operator: "Exists" + + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: "datasaker/group" + operator: In + values: + - "data-kafka" + weight: 100 + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - kafka + topologyKey: "kubernetes.io/hostname" + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - zookeeper + topologyKey: "kubernetes.io/hostname" + +zookeeper: + image: + repository: datasaker/kafka + tag: v1.0.0 + initContainers: + image: + repository: datasaker/kafka-initutils + tag: v1.0.0 + + tolerations: + - key: "dev/data-kafka" + operator: "Exists" + + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - zookeeper + topologyKey: "kubernetes.io/hostname" + + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka + +akhq: + service: + enabled: true + type: NodePort + port: 80 + nodePort: 32551 + + secrets: + akhq: + connections: + my-cluster-plain-text: + properties: + bootstrap.servers: "kafka:9092" + tolerations: + - key: "dev/data-kafka" + operator: "Exists" + + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka + +# nodeSelector: {"datasaker/group": "data-kafka"} diff --git a/packer/ansible/roles/helm_install/files/keycloak/Chart.lock b/packer/ansible/roles/helm_install/files/keycloak/Chart.lock new file mode 100644 index 0000000..388323e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 11.1.22 +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.13.0 +digest: sha256:b60a9ec850facc2ea59c40c0a160050f7720192fd683ad84bfa75442e151e2d6 +generated: "2022-04-21T13:59:00.123662927Z" diff --git a/packer/ansible/roles/helm_install/files/keycloak/Chart.yaml b/packer/ansible/roles/helm_install/files/keycloak/Chart.yaml new file mode 100644 index 0000000..2888b93 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + category: DeveloperTools +apiVersion: v2 +appVersion: 16.1.1 +dependencies: +- condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 11.x.x +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: Keycloak is a high performance Java-based identity and access management + solution. It lets developers add an authentication layer to their applications with + minimum effort. +home: https://www.keycloak.org +icon: https://bitnami.com/assets/stacks/keycloak/img/keycloak-stack-220x234.png +keywords: +- keycloak +- access-management +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: keycloak +sources: +- https://github.com/bitnami/bitnami-docker-keycloak +- https://github.com/keycloak/keycloak +version: 7.1.17 diff --git a/packer/ansible/roles/helm_install/files/keycloak/README.md b/packer/ansible/roles/helm_install/files/keycloak/README.md new file mode 100644 index 0000000..4b520e6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/README.md @@ -0,0 +1,443 @@ + + +# Keycloak packaged by Bitnami + +Keycloak is a high performance Java-based identity and access management solution. It lets developers add an authentication layer to their applications with minimum effort. + +[Overview of Keycloak](https://www.keycloak.org/) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console + helm repo add bitnami https://charts.bitnami.com/bitnami + helm install my-release bitnami/keycloak +``` + +## Introduction + +Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. + +This chart bootstraps a [Keycloak](https://github.com/bitnami/bitnami-docker-keycloak) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/keycloak +``` + +These commands deploy a Keycloak application on the Kubernetes cluster in the default configuration. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override keycloak.fullname | `""` | +| `fullnameOverride` | String to fully override keycloak.fullname | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the the statefulset | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the the statefulset | `["infinity"]` | + + +### Keycloak parameters + +| Name | Description | Value | +| --------------------------------- | --------------------------------------------------------------------------------------------- | ---------------------- | +| `image.registry` | Keycloak image registry | `docker.io` | +| `image.repository` | Keycloak image repository | `bitnami/keycloak` | +| `image.tag` | Keycloak image tag (immutable tags are recommended) | `16.1.1-debian-10-r36` | +| `image.pullPolicy` | Keycloak image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `auth.createAdminUser` | Create administrator user on boot | `true` | +| `auth.adminUser` | Keycloak administrator user | `user` | +| `auth.adminPassword` | Keycloak administrator password for the new user | `""` | +| `auth.managementUser` | Wildfly management user | `manager` | +| `auth.managementPassword` | Wildfly management password | `""` | +| `auth.existingSecret` | An already existing secret containing auth info | `""` | +| `auth.existingSecretPerPassword` | Override `existingSecret` and other secret values | `{}` | +| `auth.tls.enabled` | Enable TLS encryption | `false` | +| `auth.tls.autoGenerated` | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates | `false` | +| `auth.tls.existingSecret` | Existing secret containing the TLS certificates per Keycloak replica | `""` | +| `auth.tls.usePem` | Use PEM certificates as input instead of PKS12/JKS stores | `false` | +| `auth.tls.truststoreFilename` | Truststore specific filename inside the existing secret | `""` | +| `auth.tls.keystoreFilename` | Keystore specific filename inside the existing secret | `""` | +| `auth.tls.jksSecret` | DEPRECATED. Use `auth.tls.existingSecret` instead | `""` | +| `auth.tls.keystorePassword` | Password to access the keystore when it's password-protected | `""` | +| `auth.tls.truststorePassword` | Password to access the truststore when it's password-protected | `""` | +| `auth.tls.resources.limits` | The resources limits for the TLS init container | `{}` | +| `auth.tls.resources.requests` | The requested resources for the TLS init container | `{}` | +| `proxyAddressForwarding` | Enable Proxy Address Forwarding | `false` | +| `serviceDiscovery.enabled` | Enable Service Discovery for Keycloak (required if `replicaCount` > `1`) | `false` | +| `serviceDiscovery.protocol` | Sets the protocol that Keycloak nodes would use to discover new peers | `kubernetes.KUBE_PING` | +| `serviceDiscovery.properties` | Properties for the discovery protocol set in `serviceDiscovery.protocol` parameter | `[]` | +| `serviceDiscovery.transportStack` | Transport stack for the discovery protocol set in `serviceDiscovery.protocol` parameter | `tcp` | +| `cache.ownersCount` | Number of nodes that will replicate cached data | `1` | +| `cache.authOwnersCount` | Number of nodes that will replicate cached authentication data | `1` | +| `configuration` | Keycloak Configuration. Auto-generated based on other parameters when not specified | `""` | +| `existingConfigmap` | Name of existing ConfigMap with Keycloak configuration | `""` | +| `extraStartupArgs` | Extra default startup args | `""` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraEnvVars` | Extra environment variables to be set on Keycloak container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | + + +### Keycloak statefulset parameters + +| Name | Description | Value | +| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- | +| `replicaCount` | Number of Keycloak replicas to deploy | `1` | +| `containerPorts.http` | Keycloak HTTP container port | `8080` | +| `containerPorts.https` | Keycloak HTTPS container port | `8443` | +| `containerPorts.management` | Keycloak management HTTP container port | `9990` | +| `podSecurityContext.enabled` | Enabled Keycloak pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set Keycloak pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled Keycloak containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set Keycloak container's Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set Keycloak container's Security Context runAsNonRoot | `true` | +| `resources.limits` | The resources limits for the Keycloak containers | `{}` | +| `resources.requests` | The requested resources for the Keycloak containers | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe on Keycloak containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `300` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `1` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on Keycloak containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on Keycloak containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom Liveness probes for Keycloak | `{}` | +| `customReadinessProbe` | Custom Rediness probes Keycloak | `{}` | +| `customStartupProbe` | Custom Startup probes for Keycloak | `{}` | +| `lifecycleHooks` | LifecycleHooks to set additional configuration at startup | `{}` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `podLabels` | Extra labels for Keycloak pods | `{}` | +| `podAnnotations` | Annotations for Keycloak pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `{}` | +| `podManagementPolicy` | Pod management policy for the Keycloak statefulset | `Parallel` | +| `priorityClassName` | Keycloak pods' Priority Class Name | `""` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `terminationGracePeriodSeconds` | Seconds Keycloak pod needs to terminate gracefully | `""` | +| `updateStrategy.type` | Keycloak statefulset strategy type | `RollingUpdate` | +| `updateStrategy.rollingUpdate` | Keycloak statefulset rolling update configuration parameters | `{}` | +| `extraVolumes` | Optionally specify extra list of additional volumes for Keycloak pods | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Keycloak container(s) | `[]` | +| `initContainers` | Add additional init containers to the Keycloak pods | `[]` | +| `sidecars` | Add additional sidecar containers to the Keycloak pods | `[]` | + + +### Exposure parameters + +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | Kubernetes service type | `LoadBalancer` | +| `service.ports.http` | Keycloak service HTTP port | `80` | +| `service.ports.https` | Keycloak service HTTPS port | `443` | +| `service.nodePorts` | Specify the nodePort values for the LoadBalancer and NodePort service types. | `{}` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.clusterIP` | Keycloak service clusterIP IP | `""` | +| `service.loadBalancerIP` | loadBalancerIP for the SuiteCRM Service (optional, cloud specific) | `""` | +| `service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.annotations` | Additional custom annotations for Keycloak service | `{}` | +| `service.extraPorts` | Extra port to expose on Keycloak service | `[]` | +| `ingress.enabled` | Enable ingress record generation for Keycloak | `false` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.hostname` | Default host for the ingress record | `keycloak.local` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.servicePort` | Backend service port to use | `http` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `networkPolicy.enabled` | Enable the default NetworkPolicy policy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.additionalRules` | Additional NetworkPolicy rules | `{}` | + + +### RBAC parameter + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable the creation of a ServiceAccount for Keycloak pods | `true` | +| `serviceAccount.name` | Name of the created ServiceAccount | `""` | +| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `rbac.create` | Whether to create and use RBAC resources or not | `false` | +| `rbac.rules` | Custom RBAC rules | `[]` | + + +### Other parameters + +| Name | Description | Value | +| -------------------------- | -------------------------------------------------------------- | ------- | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `autoscaling.enabled` | Enable autoscaling for Keycloak | `false` | +| `autoscaling.minReplicas` | Minimum number of Keycloak replicas | `1` | +| `autoscaling.maxReplicas` | Maximum number of Keycloak replicas | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | + + +### Metrics parameters + +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------- | ------- | +| `metrics.enabled` | Enable exposing Keycloak statistics | `false` | +| `metrics.service.ports.http` | Metrics service HTTP port | `9990` | +| `metrics.service.annotations` | Annotations for enabling prometheus to access the metrics endpoints | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | + + +### keycloak-config-cli parameters + +| Name | Description | Value | +| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | ----------------------------- | +| `keycloakConfigCli.enabled` | Whether to enable keycloak-config-cli job | `false` | +| `keycloakConfigCli.image.registry` | keycloak-config-cli container image registry | `docker.io` | +| `keycloakConfigCli.image.repository` | keycloak-config-cli container image repository | `bitnami/keycloak-config-cli` | +| `keycloakConfigCli.image.tag` | keycloak-config-cli container image tag | `4.7.0-debian-10-r14` | +| `keycloakConfigCli.image.pullPolicy` | keycloak-config-cli container image pull policy | `IfNotPresent` | +| `keycloakConfigCli.image.pullSecrets` | keycloak-config-cli container image pull secrets | `[]` | +| `keycloakConfigCli.annotations` | Annotations for keycloak-config-cli job | `{}` | +| `keycloakConfigCli.command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `keycloakConfigCli.args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `keycloakConfigCli.hostAliases` | Job pod host aliases | `[]` | +| `keycloakConfigCli.resources.limits` | The resources limits for the keycloak-config-cli container | `{}` | +| `keycloakConfigCli.resources.requests` | The requested resources for the keycloak-config-cli container | `{}` | +| `keycloakConfigCli.containerSecurityContext.enabled` | Enabled keycloak-config-cli containers' Security Context | `true` | +| `keycloakConfigCli.containerSecurityContext.runAsUser` | Set keycloak-config-cli container's Security Context runAsUser | `1001` | +| `keycloakConfigCli.containerSecurityContext.runAsNonRoot` | Set keycloak-config-cli container's Security Context runAsNonRoot | `true` | +| `keycloakConfigCli.podSecurityContext.enabled` | Enabled keycloak-config-cli pods' Security Context | `true` | +| `keycloakConfigCli.podSecurityContext.fsGroup` | Set keycloak-config-cli pod's Security Context fsGroup | `1001` | +| `keycloakConfigCli.backoffLimit` | Number of retries before considering a Job as failed | `1` | +| `keycloakConfigCli.podLabels` | Pod extra labels | `{}` | +| `keycloakConfigCli.podAnnotations` | Annotations for job pod | `{}` | +| `keycloakConfigCli.extraEnvVars` | Additional environment variables to set | `[]` | +| `keycloakConfigCli.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `keycloakConfigCli.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `keycloakConfigCli.extraVolumes` | Extra volumes to add to the job | `[]` | +| `keycloakConfigCli.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | +| `keycloakConfigCli.configuration` | keycloak-config-cli realms configuration | `{}` | +| `keycloakConfigCli.existingConfigmap` | ConfigMap with keycloak-config-cli configuration. This will override `keycloakConfigCli.config` | `""` | + + +### Database parameters + +| Name | Description | Value | +| -------------------------------------------- | ----------------------------------------------------------------------- | ------------------ | +| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` | +| `postgresql.auth.username` | Name for a custom user to create | `bn_keycloak` | +| `postgresql.auth.password` | Password for the custom user to create | `""` | +| `postgresql.auth.database` | Name for a custom database to create | `bitnami_keycloak` | +| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` | +| `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | +| `externalDatabase.host` | Database host | `""` | +| `externalDatabase.port` | Database port number | `5432` | +| `externalDatabase.user` | Non-root username for Keycloak | `bn_keycloak` | +| `externalDatabase.password` | Password for the non-root username for Keycloak | `""` | +| `externalDatabase.database` | Keycloak database name | `bitnami_keycloak` | +| `externalDatabase.existingSecret` | Name of an existing secret resource containing the database credentials | `""` | +| `externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the database credentials | `""` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +helm install my-release --set auth.adminPassword=secretpassword bitnami/keycloak +``` + +The above command sets the Keycloak administrator password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml bitnami/keycloak +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +Keycloak realms, users and clients can be created from the Keycloak administration panel. Refer to the [tutorial on adding user authentication to applications with Keycloak](https://docs.bitnami.com/tutorials/integrate-keycloak-authentication-kubernetes) for more details on these operations. + +## Configuration and installation details + +### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Use an external database + +Sometimes, you may want to have Keycloak connect to an external database rather than a database within your cluster - for example, when using a managed database service, or when running a single database server for all your applications. To do this, set the `postgresql.enabled` parameter to `false` and specify the credentials for the external database using the `externalDatabase.*` parameters. + +Refer to the [chart documentation on using an external database](https://docs.bitnami.com/kubernetes/apps/keycloak/configuration/use-external-database) for more details and an example. + +### Add extra environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: KEYCLOAK_LOG_LEVEL + value: DEBUG +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Use Sidecars and Init Containers + +If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. + +Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.bitnami.com/kubernetes/apps/keycloak/configuration/configure-sidecar-init-containers/). + +### Initialize a fresh instance + +The [Bitnami Keycloak](https://github.com/bitnami/bitnami-docker-keycloak) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to this option, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option. + +The allowed extensions is `.sh`. + +### Deploy extra resources + +There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. + +### Set Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +### Configure Ingress + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/master/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/master/bitnami/contour) you can utilize the ingress controller to serve your application. + +To enable Ingress integration, set `ingress.enabled` to `true`. The `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. It is also possible to have more than one host, with a separate TLS configuration for each host. [Learn more about configuring and using Ingress](https://docs.bitnami.com/kubernetes/apps/keycloak/configuration/configure-ingress/). + +### Configure TLS Secrets for use with Ingress + +The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.bitnami.com/kubernetes/apps/keycloak/administration/enable-tls-ingress/). + +### Use with ingress offloading SSL + +If your ingress controller has the SSL Termination, you should set `proxyAddressForwarding` to `true` or you should add the following env vars in `extraEnvVars` + +```yaml +- name: KEYCLOAK_PROXY_ADDRESS_FORWARDING + value: "true" +- name: KEYCLOAK_FRONTEND_URL + value: "https://keycloak.xxx" +``` + +### Manage secrets and passwords + +This chart provides several ways to manage passwords: + +* Values passed to the chart +* An existing secret with all the passwords (via the `existingSecret` parameter) +* Multiple existing secrets with all the passwords (via the `existingSecretPerPassword` parameter) + +Refer to the [chart documentation on managing passwords](https://docs.bitnami.com/kubernetes/apps/keycloak/configuration/manage-passwords/) for examples of each method. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +Refer to the [chart documentation for more information about how to upgrade from previous releases](https://docs.bitnami.com/kubernetes/apps/keycloak/administration/upgrade/). + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/.helmignore b/packer/ansible/roles/helm_install/files/keycloak/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/Chart.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/common/Chart.yaml new file mode 100644 index 0000000..2c93878 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.13.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 1.13.0 diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/README.md b/packer/ansible/roles/helm_install/files/keycloak/charts/common/README.md new file mode 100644 index 0000000..c090f74 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/README.md @@ -0,0 +1,347 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 1.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|--------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_affinities.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..189ea40 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_capabilities.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..4ec8321 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_capabilities.tpl @@ -0,0 +1,139 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_errors.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_images.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_images.tpl new file mode 100644 index 0000000..42ffbc7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_ingress.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..8caf73a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_labels.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_names.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_names.tpl new file mode 100644 index 0000000..c8574d1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_names.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_secrets.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..a53fb44 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_secrets.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_storage.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_tplvalues.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_utils.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_warnings.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_cassandra.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..ded1ae3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_mariadb.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..b6906ff --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_mongodb.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..a071ea4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_postgresql.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..164ec0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_redis.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..5d72959 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_validations.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/common/values.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/common/values.yaml new file mode 100644 index 0000000..f2df68e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/.helmignore b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/Chart.lock b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/Chart.lock new file mode 100644 index 0000000..7163491 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.13.0 +digest: sha256:b6a17da2d82c85b2f3ad6550d93780de4de63eba4a528ae2d5bc9934c122a856 +generated: "2022-03-26T06:13:30.244559427Z" diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/Chart.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/Chart.yaml new file mode 100644 index 0000000..5301c7d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 14.2.0 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.x.x +description: PostgreSQL (Postgres) is an open source object-relational database known + for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, + views, triggers and stored procedures. +home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +- https://www.postgresql.org/ +version: 11.1.22 diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/README.md b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/README.md new file mode 100644 index 0000000..9548481 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/README.md @@ -0,0 +1,662 @@ + + +# PostgreSQL packaged by Bitnami + +PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. + +[Overview of PostgreSQL](http://www.postgresql.org) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```bash +helm repo add bitnami https://charts.bitnami.com/bitnami +helm install my-release bitnami/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +helm install my-release bitnami/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. + +To delete the PVC's associated with `my-release`: + +```bash +kubectl delete pvc -l release=my-release +``` + +> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.postgresql.auth.postgresPassword` | Password for the "postgres" admin user (overrides `auth.postgresPassword`) | `""` | +| `global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `""` | +| `global.postgresql.auth.password` | Password for the custom user to create (overrides `auth.password`) | `""` | +| `global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `""` | +| `global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`) | `""` | +| `global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | +| `commonLabels` | Add labels to all the deployed resources | `{}` | +| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the statefulset | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the statefulset | `["infinity"]` | + + +### PostgreSQL common parameters + +| Name | Description | Value | +| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `image.registry` | PostgreSQL image registry | `docker.io` | +| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `14.2.0-debian-10-r58` | +| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify image pull secrets | `[]` | +| `image.debug` | Specify if debug values should be set | `false` | +| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` | +| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided | `""` | +| `auth.username` | Name for a custom user to create | `""` | +| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided | `""` | +| `auth.database` | Name for a custom database to create | `""` | +| `auth.replicationUsername` | Name of the replication user | `repl_user` | +| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` with key `replication-password` is provided | `""` | +| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set) and `replication-password` (which is the password for replication user). `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` | +| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` | +| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `containerPorts.postgresql` | PostgreSQL container port | `5432` | +| `audit.logHostname` | Log client hostnames | `false` | +| `audit.logConnections` | Add client log-in operations to the log file | `false` | +| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` | +| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` | +| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` | +| `audit.clientMinMessages` | Message log level to share with the user | `error` | +| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` | +| `audit.logTimezone` | Timezone for the log timestamps | `""` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn` | `""` | +| `ldap.server` | IP address or name of the LDAP server. | `""` | +| `ldap.port` | Port number on the LDAP server to connect to | `""` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `""` | +| `ldap.bindDN` | DN of user to bind to LDAP | `""` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `""` | +| `ldap.search_attr` | Attribute to match against the user name in the search | `""` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `""` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` | +| `ldap.tls` | Set to `1` to use TLS encryption | `""` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` | +| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` | +| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | +| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename | `""` | +| `tls.crlFilename` | File containing a Certificate Revocation List | `""` | + + +### PostgreSQL Primary parameters + +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | +| `primary.configuration` | PostgreSQL Primary main configuration to be injected as ConfigMap | `""` | +| `primary.pgHbaConfiguration` | PostgreSQL Primary client authentication configuration | `""` | +| `primary.existingConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary configuration | `""` | +| `primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `""` | +| `primary.existingExtendedConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary extended configuration | `""` | +| `primary.initdb.args` | PostgreSQL initdb extra arguments | `""` | +| `primary.initdb.postgresqlWalDir` | Specify a custom location for the PostgreSQL transaction log | `""` | +| `primary.initdb.scripts` | Dictionary of initdb scripts | `{}` | +| `primary.initdb.scriptsConfigMap` | ConfigMap with scripts to be run at first boot | `""` | +| `primary.initdb.scriptsSecret` | Secret with scripts to be run at first boot (in case it contains sensitive information) | `""` | +| `primary.initdb.user` | Specify the PostgreSQL username to execute the initdb scripts | `""` | +| `primary.initdb.password` | Specify the PostgreSQL password to execute the initdb scripts | `""` | +| `primary.standby.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not | `false` | +| `primary.standby.primaryHost` | The Host of replication primary in the other cluster | `""` | +| `primary.standby.primaryPort` | The Port of replication primary in the other cluster | `""` | +| `primary.extraEnvVars` | Array with extra environment variables to add to PostgreSQL Primary nodes | `[]` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes | `""` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL Primary nodes | `""` | +| `primary.command` | Override default container command (useful when using custom images) | `[]` | +| `primary.args` | Override default container args (useful when using custom images) | `[]` | +| `primary.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Primary containers | `true` | +| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `primary.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Primary containers | `true` | +| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `primary.startupProbe.enabled` | Enable startupProbe on PostgreSQL Primary containers | `false` | +| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `primary.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `primary.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `primary.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `primary.lifecycleHooks` | for the PostgreSQL Primary container to automate configuration before or after startup | `{}` | +| `primary.resources.limits` | The resources limits for the PostgreSQL Primary containers | `{}` | +| `primary.resources.requests.memory` | The requested memory for the PostgreSQL Primary containers | `256Mi` | +| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` | +| `primary.podSecurityContext.enabled` | Enable security context | `true` | +| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | +| `primary.containerSecurityContext.enabled` | Enable container security context | `true` | +| `primary.containerSecurityContext.runAsUser` | User ID for the container | `1001` | +| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` | +| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` | +| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | +| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` | +| `primary.annotations` | Annotations for PostgreSQL primary pods | `{}` | +| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` | +| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` | +| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` | +| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` | +| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` | +| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `{}` | +| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `""` | +| `primary.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `primary.terminationGracePeriodSeconds` | Seconds PostgreSQL primary pod needs to terminate gracefully | `""` | +| `primary.updateStrategy.type` | PostgreSQL Primary statefulset strategy type | `RollingUpdate` | +| `primary.updateStrategy.rollingUpdate` | PostgreSQL Primary statefulset rolling update configuration parameters | `{}` | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s) | `[]` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s) | `[]` | +| `primary.sidecars` | Add additional sidecar containers to the PostgreSQL Primary pod(s) | `[]` | +| `primary.initContainers` | Add additional init containers to the PostgreSQL Primary pod(s) | `[]` | +| `primary.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) | `{}` | +| `primary.service.type` | Kubernetes Service type | `ClusterIP` | +| `primary.service.ports.postgresql` | PostgreSQL service port | `5432` | +| `primary.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | +| `primary.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `primary.service.annotations` | Annotations for PostgreSQL primary service | `{}` | +| `primary.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `primary.service.extraPorts` | Extra ports to expose in the PostgreSQL primary service | `[]` | +| `primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC | `true` | +| `primary.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `primary.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` | +| `primary.persistence.subPath` | The subdirectory of the volume to mount to | `""` | +| `primary.persistence.storageClass` | PVC Storage Class for PostgreSQL Primary data volume | `""` | +| `primary.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` | +| `primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `primary.persistence.annotations` | Annotations for the PVC | `{}` | +| `primary.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `primary.persistence.dataSource` | Custom PVC data source | `{}` | + + +### PostgreSQL read only replica parameters + +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | +| `readReplicas.replicaCount` | Number of PostgreSQL read only replicas | `1` | +| `readReplicas.extraEnvVars` | Array with extra environment variables to add to PostgreSQL read only nodes | `[]` | +| `readReplicas.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes | `""` | +| `readReplicas.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL read only nodes | `""` | +| `readReplicas.command` | Override default container command (useful when using custom images) | `[]` | +| `readReplicas.args` | Override default container args (useful when using custom images) | `[]` | +| `readReplicas.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL read only containers | `true` | +| `readReplicas.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `readReplicas.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `readReplicas.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `readReplicas.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `readReplicas.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readReplicas.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL read only containers | `true` | +| `readReplicas.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readReplicas.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readReplicas.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readReplicas.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readReplicas.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `readReplicas.startupProbe.enabled` | Enable startupProbe on PostgreSQL read only containers | `false` | +| `readReplicas.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `readReplicas.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `readReplicas.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `readReplicas.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `readReplicas.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `readReplicas.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `readReplicas.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `readReplicas.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `readReplicas.lifecycleHooks` | for the PostgreSQL read only container to automate configuration before or after startup | `{}` | +| `readReplicas.resources.limits` | The resources limits for the PostgreSQL read only containers | `{}` | +| `readReplicas.resources.requests.memory` | The requested memory for the PostgreSQL read only containers | `256Mi` | +| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` | +| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` | +| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | +| `readReplicas.containerSecurityContext.enabled` | Enable container security context | `true` | +| `readReplicas.containerSecurityContext.runAsUser` | User ID for the container | `1001` | +| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` | +| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` | +| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | +| `readReplicas.labels` | Map of labels to add to the statefulset (PostgreSQL read only) | `{}` | +| `readReplicas.annotations` | Annotations for PostgreSQL read only pods | `{}` | +| `readReplicas.podLabels` | Map of labels to add to the pods (PostgreSQL read only) | `{}` | +| `readReplicas.podAnnotations` | Map of annotations to add to the pods (PostgreSQL read only) | `{}` | +| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` | +| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` | +| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` | +| `readReplicas.tolerations` | Tolerations for PostgreSQL read only pods assignment | `[]` | +| `readReplicas.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `{}` | +| `readReplicas.priorityClassName` | Priority Class to use for each pod (PostgreSQL read only) | `""` | +| `readReplicas.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `readReplicas.terminationGracePeriodSeconds` | Seconds PostgreSQL read only pod needs to terminate gracefully | `""` | +| `readReplicas.updateStrategy.type` | PostgreSQL read only statefulset strategy type | `RollingUpdate` | +| `readReplicas.updateStrategy.rollingUpdate` | PostgreSQL read only statefulset rolling update configuration parameters | `{}` | +| `readReplicas.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s) | `[]` | +| `readReplicas.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s) | `[]` | +| `readReplicas.sidecars` | Add additional sidecar containers to the PostgreSQL read only pod(s) | `[]` | +| `readReplicas.initContainers` | Add additional init containers to the PostgreSQL read only pod(s) | `[]` | +| `readReplicas.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL read only pod(s) | `{}` | +| `readReplicas.service.type` | Kubernetes Service type | `ClusterIP` | +| `readReplicas.service.ports.postgresql` | PostgreSQL service port | `5432` | +| `readReplicas.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | +| `readReplicas.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `readReplicas.service.annotations` | Annotations for PostgreSQL read only service | `{}` | +| `readReplicas.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `readReplicas.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `readReplicas.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `readReplicas.service.extraPorts` | Extra ports to expose in the PostgreSQL read only service | `[]` | +| `readReplicas.persistence.enabled` | Enable PostgreSQL read only data persistence using PVC | `true` | +| `readReplicas.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` | +| `readReplicas.persistence.subPath` | The subdirectory of the volume to mount to | `""` | +| `readReplicas.persistence.storageClass` | PVC Storage Class for PostgreSQL read only data volume | `""` | +| `readReplicas.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` | +| `readReplicas.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `readReplicas.persistence.annotations` | Annotations for the PVC | `{}` | +| `readReplicas.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `readReplicas.persistence.dataSource` | Custom PVC data source | `{}` | + + +### NetworkPolicy parameters + +| Name | Description | Value | +| ------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `networkPolicy.enabled` | Enable network policies | `false` | +| `networkPolicy.metrics.enabled` | Enable network policies for metrics (prometheus) | `false` | +| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` | +| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin. | `false` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s). | `{}` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s). | `{}` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL primary node. | `{}` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin. | `false` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s). | `{}` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s). | `{}` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL read-only nodes. | `{}` | +| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` | +| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | + + +### Volume Permissions parameters + +| Name | Description | Value | +| ------------------------------------------------------ | ------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r388` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | + + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `false` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | +| `rbac.rules` | Custom RBAC rules to set | `[]` | +| `psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | + + +### Metrics Parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------- | --------------------------- | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r76` | +| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | +| `metrics.customMetrics` | Define additional custom metrics | `{}` | +| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` | +| `metrics.containerSecurityContext.enabled` | Enable PostgreSQL Prometheus exporter containers' Security Context | `true` | +| `metrics.containerSecurityContext.runAsUser` | Set PostgreSQL Prometheus exporter containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot | `true` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` | +| `metrics.resources.limits` | The resources limits for the PostgreSQL Prometheus exporter container | `{}` | +| `metrics.resources.requests` | The requested resources for the PostgreSQL Prometheus exporter container | `{}` | +| `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` | +| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` | +| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | +| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.postgresPassword=secretpassword + bitnami/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +helm install my-release -f values.yaml bitnami/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customizing primary and read replica services in a replicated configuration + +At the top level, there is a service object which defines the services for both primary and readReplicas. For deeper customization, there are service objects for both the primary and read types individually. This allows you to override the values in the top level service object so that the primary and read can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the primary and read to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the primary.service or readReplicas.service objects will take precedence over the top level service object. + +### Use a different PostgreSQL version + +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/configuration/change-image-version/). + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the PostgreSQL configuration file. You can add additional PostgreSQL configuration parameters using the `primary.extendedConfiguration` parameter as a string. Alternatively, to replace the entire default configuration use `primary.configuration`. + +You can also add a custom pg_hba.conf using the `primary.pgHbaConfiguration` parameter. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `primary.existingConfigmap` parameter. Note that this will override the two previous options. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, you can specify custom scripts using the `primary.initdb.scripts` parameter as a string. + +In addition, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `primary.initdb.scriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `primary.initdb.scriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. + +For example: + +- First, create the secret with the cetificates files: + + ```console + kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt + ``` + +- Then, use the following parameters: + + ```console + volumePermissions.enabled=true + tls.enabled=true + tls.certificatesSecret="certificates-tls-secret" + tls.certFilename="cert.crt" + tls.certKeyFilename="cert.key" + ``` + + > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `containerSecurityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL primary +primary: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +readReplicas: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.auth.password=testuser +subchart1.postgresql.auth.username=testuser +subchart2.postgresql.auth.username=testuser +postgresql.auth.password=testpass +subchart1.postgresql.auth.password=testpass +subchart2.postgresql.auth.password=testpass +postgresql.auth.database=testdb +subchart1.postgresql.auth.database=testdb +subchart2.postgresql.auth.database=testdb +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.auth.username=testuser +global.postgresql.auth.password=testpass +global.postgresql.auth.database=testdb +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```bash +kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,containerSecurityContext.enabled=false,shmVolume.chmod.enabled=false + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +Refer to the [chart documentation for more information about how to upgrade from previous releases](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/). + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/.helmignore b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/Chart.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/Chart.yaml new file mode 100644 index 0000000..2c93878 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.13.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 1.13.0 diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/README.md b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/README.md new file mode 100644 index 0000000..c090f74 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/README.md @@ -0,0 +1,347 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 1.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|--------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_affinities.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..189ea40 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_capabilities.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..4ec8321 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_capabilities.tpl @@ -0,0 +1,139 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_errors.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_images.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_images.tpl new file mode 100644 index 0000000..42ffbc7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_ingress.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..8caf73a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_labels.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_names.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_names.tpl new file mode 100644 index 0000000..c8574d1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_names.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_secrets.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..a53fb44 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_secrets.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_storage.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_tplvalues.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_utils.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_warnings.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_cassandra.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..ded1ae3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_mariadb.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..b6906ff --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_mongodb.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..a071ea4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_postgresql.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..164ec0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_redis.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..5d72959 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_validations.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/values.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/values.yaml new file mode 100644 index 0000000..f2df68e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/extended-config.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/extended-config.yaml new file mode 100644 index 0000000..224168e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/extended-config.yaml @@ -0,0 +1,4 @@ +primary: + extendedConfiguration: | + pg_stat_statements.max = 10000 + pg_stat_statements.track = all diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/init-scripts.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/init-scripts.yaml new file mode 100644 index 0000000..66ac9bb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/init-scripts.yaml @@ -0,0 +1,8 @@ +primary: + initdb: + args: --data-checksums + postgresqlWalDir: /bitnami/wal-dir/ + scripts: + my_init_script.sh: | + #!/bin/sh + echo "Success" diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/metrics.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/metrics.yaml new file mode 100644 index 0000000..df26bb2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/metrics.yaml @@ -0,0 +1,24 @@ +auth: + postgresPassword: adminpassword + username: foo + password: foopassword + database: bar +metrics: + enabled: true + serviceMonitor: + enabled: true + namespace: monitoring + prometheusRule: + enabled: true + namespace: monitoring +networkPolicy: + enabled: true + metrics: + enabled: true + namespaceSelector: + label: monitoring + ingressRules: + primaryAccessOnlyFrom: + enabled: true + podSelector: + "{{ template \"common.names.fullname\" . }}-client": "true" diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/rbac.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/rbac.yaml new file mode 100644 index 0000000..ef92a1b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/rbac.yaml @@ -0,0 +1,16 @@ +serviceAccount: + create: true + name: custom-sa + automountServiceAccountToken: true +rbac: + create: true + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +psp: + create: true diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/replication.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/replication.yaml new file mode 100644 index 0000000..1ce6cf8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/replication.yaml @@ -0,0 +1,5 @@ +# Test values file for generating all of the yaml and check that +# the rendering is correct +architecture: replication +readReplicas: + replicaCount: 3 diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/tls.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/tls.yaml new file mode 100644 index 0000000..24131f3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/ci/tls.yaml @@ -0,0 +1,6 @@ +architecture: replication +tls: + enabled: true + autoGenerated: true +volumePermissions: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/NOTES.txt new file mode 100644 index 0000000..710c733 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,89 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- /opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/postgresql/entrypoint.sh /opt/bitnami/scripts/postgresql/run.sh + +{{- else }} + +PostgreSQL can be accessed via port {{ include "postgresql.service.port" . }} on the following DNS names from within your cluster: + + {{ include "postgresql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection + +{{- if eq .Values.architecture "replication" }} + + {{ include "postgresql.readReplica.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read only connection + +{{- end }} + +{{- $customUser := include "postgresql.username" . }} +{{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.postgres-password}" | base64 --decode) + +To get the password for "{{ $customUser }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.password}" | base64 --decode) + +{{- else }} + +To get the password for "{{ default "postgres" $customUser }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }}}" | base64 --decode) + +{{- end }} + +To connect to your database run the following command: + + kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ include "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" \ + --command -- psql --host {{ include "postgresql.primary.fullname" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }} + + > NOTE: If you access the container using bash, make sure that you execute "/opt/bitnami/scripts/entrypoint.sh /bin/bash" in order to avoid the error "psql: local user with ID {{ .Values.primary.containerSecurityContext.runAsUser }}} does not exist" + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.primary.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "postgresql.primary.fullname" . }}) + PGPASSWORD="$POSTGRES_PASSWORD" psql --host $NODE_IP --port $NODE_PORT -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.primary.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "postgresql.primary.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "postgresql.primary.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + PGPASSWORD="$POSTGRES_PASSWORD" psql --host $SERVICE_IP --port {{ include "postgresql.service.port" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.primary.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "postgresql.primary.fullname" . }} {{ include "postgresql.service.port" . }}:{{ include "postgresql.service.port" . }} & + PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }} + +{{- end }} +{{- end }} + +{{- include "postgresql.validateValues" . -}} +{{- include "common.warnings.rollingTag" .Values.image -}} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/_helpers.tpl new file mode 100644 index 0000000..98eb56e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,320 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name for PostgreSQL Primary objects +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.primary.fullname" -}} +{{- if eq .Values.architecture "replication" }} + {{- printf "%s-primary" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- include "common.names.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name for PostgreSQL read-only replicas objects +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.readReplica.fullname" -}} +{{- printf "%s-read" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the default FQDN for PostgreSQL primary headless service +We truncate at 63 chars because of the DNS naming spec. +*/}} +{{- define "postgresql.primary.svc.headless" -}} +{{- printf "%s-hl" (include "postgresql.primary.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- end -}} + +{{/* +Create the default FQDN for PostgreSQL read-only replicas headless service +We truncate at 63 chars because of the DNS naming spec. +*/}} +{{- define "postgresql.readReplica.svc.headless" -}} +{{- printf "%s-hl" (include "postgresql.readReplica.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return the name for a custom user to create +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.auth.username }} + {{- .Values.global.postgresql.auth.username -}} +{{- else -}} + {{- .Values.auth.username -}} +{{- end -}} +{{- end -}} + +{{/* +Return the name for a custom database to create +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.auth.database }} + {{- .Values.global.postgresql.auth.database -}} +{{- else if .Values.auth.database -}} + {{- .Values.auth.database -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.auth.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}} +{{- else if .Values.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL service port +*/}} +{{- define "postgresql.service.port" -}} +{{- if .Values.global.postgresql.service.ports.postgresql }} + {{- .Values.global.postgresql.service.ports.postgresql -}} +{{- else -}} + {{- .Values.primary.service.ports.postgresql -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL service port +*/}} +{{- define "postgresql.readReplica.service.port" -}} +{{- if .Values.global.postgresql.service.ports.postgresql }} + {{- .Values.global.postgresql.service.ports.postgresql -}} +{{- else -}} + {{- .Values.readReplicas.service.ports.postgresql -}} +{{- end -}} +{{- end -}} + +{{/* +Get the PostgreSQL primary configuration ConfigMap name. +*/}} +{{- define "postgresql.primary.configmapName" -}} +{{- if .Values.primary.existingConfigmap -}} + {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-configuration" (include "postgresql.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for PostgreSQL primary with the configuration +*/}} +{{- define "postgresql.primary.createConfigmap" -}} +{{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Get the PostgreSQL primary extended configuration ConfigMap name. +*/}} +{{- define "postgresql.primary.extendedConfigmapName" -}} +{{- if .Values.primary.existingExtendedConfigmap -}} + {{- printf "%s" (tpl .Values.primary.existingExtendedConfigmap $) -}} +{{- else -}} + {{- printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for PostgreSQL primary with the extended configuration +*/}} +{{- define "postgresql.primary.createExtendedConfigmap" -}} +{{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "postgresql.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap should be mounted with PostgreSQL configuration +*/}} +{{- define "postgresql.mountConfigurationCM" -}} +{{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdb.scriptsCM" -}} +{{- if .Values.primary.initdb.scriptsConfigMap -}} + {{- printf "%s" (tpl .Values.primary.initdb.scriptsConfigMap $) -}} +{{- else -}} + {{- printf "%s-init-scripts" (include "postgresql.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +{{- $customUser := include "postgresql.username" . }} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} +{{- else }} + exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If PSP is enabled RBAC should be enabled too +*/}} +{{- define "postgresql.validateValues.psp" -}} +{{- if and .Values.psp.create (not .Values.rbac.create) }} +postgresql: psp.create, rbac.create + RBAC should be enabled if PSP is enabled in order for PSP to work. + More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "postgresql.tlsCert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}} +{{- else -}} + {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "postgresql.tlsCertKey" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}} +{{- else -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsCACert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}} +{{- else -}} + {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CRL file. +*/}} +{{- define "postgresql.tlsCRL" -}} +{{- if .Values.tls.crlFilename -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "postgresql.createTlsSecret" -}} +{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsSecretName" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "%s-crt" (include "common.names.fullname" .) -}} +{{- else -}} + {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/extra-list.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/networkpolicy-egress.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/networkpolicy-egress.yaml new file mode 100644 index 0000000..e862147 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/networkpolicy-egress.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-egress" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }} + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + - to: + - namespaceSelector: {} + {{- end }} + {{- if .Values.networkPolicy.egressRules.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/configmap.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/configmap.yaml new file mode 100644 index 0000000..d654a22 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/configmap.yaml @@ -0,0 +1,24 @@ +{{- if (include "postgresql.primary.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- if .Values.primary.configuration }} + postgresql.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.pgHbaConfiguration }} + pg_hba.conf: | + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.pgHbaConfiguration "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/extended-configmap.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/extended-configmap.yaml new file mode 100644 index 0000000..d129bd3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/extended-configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "postgresql.primary.createExtendedConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + override.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extendedConfiguration "context" $ ) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/initialization-configmap.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/initialization-configmap.yaml new file mode 100644 index 0000000..d3d26cb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/initialization-configmap.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.primary.initdb.scripts (not .Values.primary.initdb.scriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: {{- include "common.tplvalues.render" (dict "value" .Values.primary.initdb.scripts "context" .) | nindent 2 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/metrics-configmap.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/metrics-configmap.yaml new file mode 100644 index 0000000..39c4805 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/metrics-configmap.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom-metrics.yaml: {{- toYaml .Values.metrics.customMetrics | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/metrics-svc.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/metrics-svc.yaml new file mode 100644 index 0000000..75a1b81 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/metrics-svc.yaml @@ -0,0 +1,31 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/networkpolicy.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/networkpolicy.yaml new file mode 100644 index 0000000..ce0052d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/networkpolicy.yaml @@ -0,0 +1,57 @@ +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary + ingress: + {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} + - from: + {{- if .Values.networkPolicy.metrics.namespaceSelector }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.metrics.podSelector }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} + {{- end }} + ports: + - port: {{ .Values.metrics.containerPorts.metrics }} + {{- end }} + {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector "context" $) | nindent 14 }} + {{- end }} + ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (eq .Values.architecture "replication") }} + - from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} + app.kubernetes.io/component: read + ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/prometheusrule.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/prometheusrule.yaml new file mode 100644 index 0000000..cb2f1f2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/prometheusrule.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "postgresql.primary.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/servicemonitor.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/servicemonitor.yaml new file mode 100644 index 0000000..c4a19fe --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/statefulset.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/statefulset.yaml new file mode 100644 index 0000000..ec6cdbb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/statefulset.yaml @@ -0,0 +1,639 @@ +{{- $customUser := include "postgresql.username" . }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.labels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + serviceName: {{ include "postgresql.primary.svc.headless" . }} + {{- if .Values.primary.updateStrategy }} + updateStrategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary + template: + metadata: + name: {{ include "postgresql.primary.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.primary.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "postgresql.primary.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if (include "postgresql.primary.createExtendedConfigmap" .) }} + checksum/extended-configuration: {{ include (print $.Template.BasePath "/primary/extended-configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.primary.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- if .Values.primary.extraPodSpec }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPodSpec "context" $) | nindent 6 }} + {{- end }} + serviceAccountName: {{ include "postgresql.serviceAccountName" . }} + {{- include "postgresql.imagePullSecrets" . | nindent 6 }} + {{- if .Values.primary.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.primary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.primary.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.primary.priorityClassName }} + priorityClassName: {{ .Values.primary.priorityClassName }} + {{- end }} + {{- if .Values.primary.schedulerName }} + schedulerName: {{ .Values.primary.schedulerName | quote }} + {{- end }} + {{- if .Values.primary.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.primary.podSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + hostNetwork: {{ .Values.primary.hostNetwork }} + hostIPC: {{ .Values.primary.hostIPC }} + initContainers: + {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} + - name: copy-certs + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.primary.resources }} + resources: {{- toYaml .Values.primary.resources | nindent 12 }} + {{- end }} + # We don't require a privileged container in this case + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + chmod 600 {{ include "postgresql.tlsCertKey" . }} + volumeMounts: + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- else if and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled) }} + - name: init-chmod-data + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + {{- if .Values.primary.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.primary.persistence.mountPath }} + {{- else }} + chown {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} {{ .Values.primary.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.primary.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.primary.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.primary.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.primary.persistence.mountPath }}/conf {{- end }} + find {{ .Values.primary.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + xargs -r chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs -r chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ include "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.primary.persistence.enabled }} + - name: data + mountPath: {{ .Values.primary.persistence.mountPath }} + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.primary.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.initContainers "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: postgresql + image: {{ include "postgresql.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.primary.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.primary.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: {{ .Values.containerPorts.postgresql | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: {{ .Values.primary.persistence.mountPath | quote }} + {{- if .Values.primary.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + # Authentication + {{- if and (not (empty $customUser)) (ne $customUser "postgres") }} + - name: POSTGRES_USER + value: {{ $customUser | quote }} + {{- if .Values.auth.enablePostgresUser }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: postgres-password + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_PASSWORD_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }} + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + # Replication + {{- if or (eq .Values.architecture "replication") .Values.primary.standby.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: {{ ternary "slave" "master" .Values.primary.standby.enabled | quote }} + - name: POSTGRES_REPLICATION_USER + value: {{ .Values.auth.replicationUsername | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off") }} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + # Initdb + {{- if .Values.primary.initdb.args }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.primary.initdb.args | quote }} + {{- end }} + {{- if .Values.primary.initdb.postgresqlWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.primary.initdb.postgresqlWalDir | quote }} + {{- end }} + {{- if .Values.primary.initdb.user }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.primary.initdb.user }} + {{- end }} + {{- if .Values.primary.initdb.password }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.primary.initdb.password | quote }} + {{- end }} + # Standby + {{- if .Values.primary.standby.enabled }} + - name: POSTGRES_MASTER_HOST + value: {{ .Values.primary.standby.primaryHost }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ .Values.primary.standby.primaryPort | quote }} + {{- end }} + # LDAP + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end }} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote }} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if not (empty .Values.ldap.bind_password) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: ldap-password + {{- end }} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end }} + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ include "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ include "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ include "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ include "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.primary.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }} + envFrom: + {{- if .Values.primary.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.primary.extraEnvVarsCM }} + {{- end }} + {{- if .Values.primary.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.primary.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ .Values.containerPorts.postgresql }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.primary.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- else if .Values.primary.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- else if .Values.primary.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + {{- else if .Values.primary.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.primary.resources }} + resources: {{- toYaml .Values.primary.resources | nindent 12 }} + {{- end }} + {{- if .Values.primary.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.primary.initdb.scriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or .Values.primary.extendedConfiguration .Values.primary.existingExtendedConfigmap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.primary.persistence.enabled }} + - name: data + mountPath: {{ .Values.primary.persistence.mountPath }} + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- end }} + {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.primary.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.auth.database or .Values.global.postgresql.auth.database)" (include "postgresql.database" .) }} + {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} + {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} + - name: DATA_SOURCE_NAME + value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.service.port" .)) (default "postgres" $customUser | quote) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} + {{- else }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.service.port" .)) $database $sslmode }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: DATA_SOURCE_PASS_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }} + {{- end }} + - name: DATA_SOURCE_USER + value: {{ default "postgres" $customUser | quote }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPorts.metrics }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http-metrics + {{- else if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http-metrics + {{- else if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http-metrics + {{- else if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.primary.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} + - name: postgresql-config + configMap: + name: {{ include "postgresql.primary.configmapName" . }} + {{- end }} + {{- if or .Values.primary.extendedConfiguration .Values.primary.existingExtendedConfigmap }} + - name: postgresql-extended-config + configMap: + name: {{ include "postgresql.primary.extendedConfigmapName" . }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + secret: + secretName: {{ include "postgresql.secretName" . }} + {{- end }} + {{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }} + - name: custom-init-scripts + configMap: + name: {{ include "postgresql.initdb.scriptsCM" . }} + {{- end }} + {{- if .Values.primary.initdb.scriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ tpl .Values.primary.initdb.scriptsSecret $ }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ include "postgresql.tlsSecretName" . }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.primary.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + {{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl .Values.primary.persistence.existingClaim $ }} + {{- else if not .Values.primary.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.primary.persistence.annotations }} + annotations: {{- toYaml .Values.primary.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.primary.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.primary.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + resources: + requests: + storage: {{ .Values.primary.persistence.size | quote }} + {{- if .Values.primary.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) | nindent 8 }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/svc-headless.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/svc-headless.yaml new file mode 100644 index 0000000..b782631 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/svc-headless.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.primary.svc.headless" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: primary + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: {{ template "postgresql.service.port" . }} + targetPort: tcp-postgresql + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/svc.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/svc.yaml new file mode 100644 index 0000000..6d4a842 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/primary/svc.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: primary + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.primary.service.type }} + {{- if and .Values.primary.service.loadBalancerIP (eq .Values.primary.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} + externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.loadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq .Values.primary.service.type "ClusterIP") .Values.primary.service.clusterIP }} + clusterIP: {{ .Values.primary.service.clusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.service.port" . }} + targetPort: tcp-postgresql + {{- if and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) (not (empty .Values.primary.service.nodePorts.postgresql)) }} + nodePort: {{ .Values.primary.service.nodePorts.postgresql }} + {{- else if eq .Values.primary.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.primary.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/psp.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/psp.yaml new file mode 100644 index 0000000..48d1175 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/psp.yaml @@ -0,0 +1,41 @@ +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.psp.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + privileged: false + volumes: + - 'configMap' + - 'secret' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'projected' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/networkpolicy.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/networkpolicy.yaml new file mode 100644 index 0000000..c969cd7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/networkpolicy.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.networkPolicy.enabled (eq .Values.architecture "replication") .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "postgresql.readReplica.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: read + ingress: + {{- if and .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector "context" $) | nindent 14 }} + {{- end }} + ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/statefulset.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/statefulset.yaml new file mode 100644 index 0000000..486d803 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/statefulset.yaml @@ -0,0 +1,433 @@ +{{- if eq .Values.architecture "replication" }} +{{- $customUser := include "postgresql.username" . }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.readReplicas.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.readReplicas.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.readReplicas.replicaCount }} + serviceName: {{ include "postgresql.readReplica.svc.headless" . }} + {{- if .Values.readReplicas.updateStrategy }} + updateStrategy: {{- toYaml .Values.readReplicas.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: read + template: + metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.readReplicas.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- if .Values.readReplicas.extraPodSpec }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }} + {{- end }} + serviceAccountName: {{ include "postgresql.serviceAccountName" . }} + {{- include "postgresql.imagePullSecrets" . | nindent 6 }} + {{- if .Values.readReplicas.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAffinityPreset "component" "read" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAntiAffinityPreset "component" "read" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.readReplicas.nodeAffinityPreset.type "key" .Values.readReplicas.nodeAffinityPreset.key "values" .Values.readReplicas.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.readReplicas.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.priorityClassName }} + priorityClassName: {{ .Values.readReplicas.priorityClassName }} + {{- end }} + {{- if .Values.readReplicas.schedulerName }} + schedulerName: {{ .Values.readReplicas.schedulerName | quote }} + {{- end }} + {{- if .Values.readReplicas.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.readReplicas.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.readReplicas.podSecurityContext.enabled }} + securityContext: {{- omit .Values.readReplicas.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + hostNetwork: {{ .Values.readReplicas.hostNetwork }} + hostIPC: {{ .Values.readReplicas.hostIPC }} + initContainers: + {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} + - name: copy-certs + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.readReplicas.resources }} + resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }} + {{- end }} + # We don't require a privileged container in this case + {{- if .Values.readReplicas.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + chmod 600 {{ include "postgresql.tlsCertKey" . }} + volumeMounts: + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- else if and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled) }} + - name: init-chmod-data + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.readReplicas.resources }} + resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + {{- if .Values.readReplicas.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.readReplicas.persistence.mountPath }} + {{- else }} + chown {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} {{ .Values.readReplicas.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }} + find {{ .Values.readReplicas.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + xargs -r chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs -r chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ include "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{ if .Values.readReplicas.persistence.enabled }} + - name: data + mountPath: {{ .Values.readReplicas.persistence.mountPath }} + {{- if .Values.readReplicas.persistence.subPath }} + subPath: {{ .Values.readReplicas.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.readReplicas.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.initContainers "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: postgresql + image: {{ include "postgresql.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.readReplicas.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.readReplicas.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.readReplicas.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: {{ .Values.containerPorts.postgresql | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: {{ .Values.readReplicas.persistence.mountPath | quote }} + {{- if .Values.readReplicas.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + # Authentication + {{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: postgres-password + {{- end }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_PASSWORD_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }} + {{- end }} + # Replication + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ .Values.auth.replicationUsername | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ include "postgresql.primary.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.service.port" . | quote }} + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ include "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ include "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ include "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ include "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.readReplicas.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.readReplicas.extraEnvVarsCM .Values.readReplicas.extraEnvVarsSecret }} + envFrom: + {{- if .Values.readReplicas.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.readReplicas.extraEnvVarsCM }} + {{- end }} + {{- if .Values.readReplicas.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.readReplicas.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ .Values.containerPorts.postgresql }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.readReplicas.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser| quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- else if .Values.readReplicas.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readReplicas.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- else if .Values.readReplicas.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readReplicas.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + {{- else if .Values.readReplicas.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.resources }} + resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }} + {{- end }} + {{- if .Values.readReplicas.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.readReplicas.persistence.enabled }} + - name: data + mountPath: {{ .Values.readReplicas.persistence.mountPath }} + {{- if .Values.readReplicas.persistence.subPath }} + subPath: {{ .Values.readReplicas.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readReplicas.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.sidecars "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + secret: + secretName: {{ include "postgresql.secretName" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ include "postgresql.tlsSecretName" . }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if not .Values.readReplicas.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.readReplicas.persistence.annotations }} + annotations: {{- toYaml .Values.readReplicas.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.readReplicas.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.readReplicas.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + resources: + requests: + storage: {{ .Values.readReplicas.persistence.size | quote }} + {{- if .Values.readReplicas.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- include "common.storage.class" (dict "persistence" .Values.readReplicas.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/svc-headless.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/svc-headless.yaml new file mode 100644 index 0000000..0371e49 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/svc-headless.yaml @@ -0,0 +1,33 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.readReplica.svc.headless" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: read + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: {{ include "postgresql.readReplica.service.port" . }} + targetPort: tcp-postgresql + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: read +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/svc.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/svc.yaml new file mode 100644 index 0000000..2355475 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/read/svc.yaml @@ -0,0 +1,45 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: read + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.readReplicas.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.readReplicas.service.type }} + {{- if and .Values.readReplicas.service.loadBalancerIP (eq .Values.readReplicas.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.readReplicas.service.loadBalancerIP }} + externalTrafficPolicy: {{ .Values.readReplicas.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.readReplicas.service.type "LoadBalancer") .Values.readReplicas.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.loadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq .Values.readReplicas.service.type "ClusterIP") .Values.readReplicas.service.clusterIP }} + clusterIP: {{ .Values.readReplicas.service.clusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ include "postgresql.readReplica.service.port" . }} + targetPort: tcp-postgresql + {{- if and (or (eq .Values.readReplicas.service.type "NodePort") (eq .Values.readReplicas.service.type "LoadBalancer")) (not (empty .Values.readReplicas.service.nodePorts.postgresql)) }} + nodePort: {{ .Values.readReplicas.service.nodePorts.postgresql }} + {{- else if eq .Values.readReplicas.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.readReplicas.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: read +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/role.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/role.yaml new file mode 100644 index 0000000..00f9222 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/role.yaml @@ -0,0 +1,31 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +# yamllint disable rule:indentation +rules: + {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} + {{- if and $pspAvailable .Values.psp.create }} + - apiGroups: + - 'policy' + resources: + - 'podsecuritypolicies' + verbs: + - 'use' + resourceNames: + - {{ include "common.names.fullname" . }} + {{- end }} + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +# yamllint enable rule:indentation +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/rolebinding.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/rolebinding.yaml new file mode 100644 index 0000000..0311c0e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/rolebinding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ include "common.names.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "postgresql.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/secrets.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/secrets.yaml new file mode 100644 index 0000000..e8cc69f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,29 @@ +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.auth.enablePostgresUser }} + postgres-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "postgres-password" "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) }} + {{- end }} + {{- if not (empty (include "postgresql.username" .)) }} + password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "password" "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) }} + {{- end }} + {{- if eq .Values.architecture "replication" }} + replication-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "replication-password" "providedValues" (list "auth.replicationPassword") "context" $) }} + {{- end }} + # We don't auto-generate LDAP password when it's not provided as we do for other passwords + {{- if and .Values.ldap.enabled .Values.ldap.bind_password }} + ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/serviceaccount.yaml new file mode 100644 index 0000000..179f8f2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "postgresql.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/tls-secrets.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/tls-secrets.yaml new file mode 100644 index 0000000..59c5776 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/templates/tls-secrets.yaml @@ -0,0 +1,27 @@ +{{- if (include "postgresql.createTlsSecret" . ) }} +{{- $ca := genCA "postgresql-ca" 365 }} +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $primaryHeadlessServiceName := include "postgresql.primary.svc.headless" . }} +{{- $readHeadlessServiceName := include "postgresql.readReplica.svc.headless" . }} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) $fullname }} +{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ $crt.Cert | b64enc | quote }} + tls.key: {{ $crt.Key | b64enc | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/values.schema.json b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/values.schema.json new file mode 100644 index 0000000..fc41483 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/values.schema.json @@ -0,0 +1,156 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "PostgreSQL architecture", + "form": true, + "description": "Allowed values: `standalone` or `replication`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enablePostgresUser": { + "type": "boolean", + "title": "Enable \"postgres\" admin user", + "description": "Assign a password to the \"postgres\" admin user. Otherwise, remote access will be blocked for this user", + "form": true + }, + "postgresPassword": { + "type": "string", + "title": "Password for the \"postgres\" admin user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true + }, + "database": { + "type": "string", + "title": "PostgreSQL custom database", + "description": "Name of the custom database to be created during the 1st initialization of PostgreSQL", + "form": true + }, + "username": { + "type": "string", + "title": "PostgreSQL custom user", + "description": "Name of the custom user to be created during the 1st initialization of PostgreSQL. This user only has permissions on the PostgreSQL custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for the custom user to create", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true + }, + "replicationUsername": { + "type": "string", + "title": "PostgreSQL replication user", + "description": "Name of user used to manage replication.", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "replicationPassword": { + "type": "string", + "title": "Password for PostgreSQL replication user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "readReplicas": { + "type": "integer", + "title": "read Replicas", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/values.yaml b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/values.yaml new file mode 100644 index 0000000..b766f88 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/charts/postgresql/values.yaml @@ -0,0 +1,1329 @@ +## @section Global parameters +## Please, note that this will override the parameters, including dependencies, configured to use the global value +## +global: + ## @param global.imageRegistry Global Docker image registry + ## + imageRegistry: "" + ## @param global.imagePullSecrets Global Docker registry secret names as an array + ## e.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + ## @param global.storageClass Global StorageClass for Persistent Volume(s) + ## + storageClass: "" + postgresql: + ## @param global.postgresql.auth.postgresPassword Password for the "postgres" admin user (overrides `auth.postgresPassword`) + ## @param global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) + ## @param global.postgresql.auth.password Password for the custom user to create (overrides `auth.password`) + ## @param global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) + ## @param global.postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`) + ## + auth: + postgresPassword: "" + username: "" + password: "" + database: "" + existingSecret: "" + ## @param global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) + ## + service: + ports: + postgresql: "" + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param clusterDomain Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) +## +extraDeploy: [] +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} +## Enable diagnostic mode in the statefulset +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the statefulset + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the statefulset + ## + args: + - infinity + +## @section PostgreSQL common parameters +## + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## @param image.registry PostgreSQL image registry +## @param image.repository PostgreSQL image repository +## @param image.tag PostgreSQL image tag (immutable tags are recommended) +## @param image.pullPolicy PostgreSQL image pull policy +## @param image.pullSecrets Specify image pull secrets +## @param image.debug Specify if debug values should be set +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 14.2.0-debian-10-r70 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Authentication parameters +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run +## +auth: + ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user + ## + enablePostgresUser: true + ## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided + ## + postgresPassword: "" + ## @param auth.username Name for a custom user to create + ## + username: "" + ## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided + ## + password: "" + ## @param auth.database Name for a custom database to create + ## + database: "" + ## @param auth.replicationUsername Name of the replication user + ## + replicationUsername: repl_user + ## @param auth.replicationPassword Password for the replication user. Ignored if `auth.existingSecret` with key `replication-password` is provided + ## + replicationPassword: "" + ## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials. The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set) and `replication-password` (which is the password for replication user). `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. + ## The value is evaluated as a template. + ## + existingSecret: "" + ## @param auth.usePasswordFiles Mount credentials as a files instead of using an environment variable + ## + usePasswordFiles: false +## @param architecture PostgreSQL architecture (`standalone` or `replication`) +## +architecture: standalone +## Replication configuration +## Ignored if `architecture` is `standalone` +## +replication: + ## @param replication.synchronousCommit Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` + ## @param replication.numSynchronousReplicas Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. + ## ref: https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-SYNCHRONOUS-COMMIT + ## + synchronousCommit: "off" + numSynchronousReplicas: 0 + ## @param replication.applicationName Cluster application name. Useful for advanced replication settings + ## + applicationName: my_application +## @param containerPorts.postgresql PostgreSQL container port +## +containerPorts: + postgresql: 5432 +## Audit settings +## https://github.com/bitnami/bitnami-docker-postgresql#auditing +## @param audit.logHostname Log client hostnames +## @param audit.logConnections Add client log-in operations to the log file +## @param audit.logDisconnections Add client log-outs operations to the log file +## @param audit.pgAuditLog Add operations to log using the pgAudit extension +## @param audit.pgAuditLogCatalog Log catalog using pgAudit +## @param audit.clientMinMessages Message log level to share with the user +## @param audit.logLinePrefix Template for log line prefix (default if not set) +## @param audit.logTimezone Timezone for the log timestamps +## +audit: + logHostname: false + logConnections: false + logDisconnections: false + pgAuditLog: "" + pgAuditLogCatalog: "off" + clientMinMessages: error + logLinePrefix: "" + logTimezone: "" +## LDAP configuration +## @param ldap.enabled Enable LDAP support +## @param ldap.url LDAP URL beginning in the form `ldap[s]://host[:port]/basedn` +## @param ldap.server IP address or name of the LDAP server. +## @param ldap.port Port number on the LDAP server to connect to +## @param ldap.prefix String to prepend to the user name when forming the DN to bind +## @param ldap.suffix String to append to the user name when forming the DN to bind +## @param ldap.baseDN Root DN to begin the search for the user in +## @param ldap.bindDN DN of user to bind to LDAP +## @param ldap.bind_password Password for the user to bind to LDAP +## @param ldap.search_attr Attribute to match against the user name in the search +## @param ldap.search_filter The search filter to use when doing search+bind authentication +## @param ldap.scheme Set to `ldaps` to use LDAPS +## @param ldap.tls Set to `1` to use TLS encryption +## +ldap: + enabled: false + url: "" + server: "" + port: "" + prefix: "" + suffix: "" + baseDN: "" + bindDN: "" + bind_password: "" + search_attr: "" + search_filter: "" + scheme: "" + tls: "" +## @param postgresqlDataDir PostgreSQL data dir folder +## +postgresqlDataDir: /bitnami/postgresql/data +## @param postgresqlSharedPreloadLibraries Shared preload libraries (comma-separated list) +## +postgresqlSharedPreloadLibraries: "pgaudit" +## Start PostgreSQL pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) limit `/dev/shm` to `64M` +## ref: https://github.com/docker-library/postgres/issues/416 +## ref: https://github.com/containerd/containerd/issues/3654 +## +shmVolume: + ## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) + ## + enabled: true + ## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs + ## Note: the size of the tmpfs counts against container's memory limit + ## e.g: + ## sizeLimit: 1Gi + ## + sizeLimit: "" +## TLS configuration +## +tls: + ## @param tls.enabled Enable TLS traffic support + ## + enabled: false + ## @param tls.autoGenerated Generate automatically self-signed TLS certificates + ## + autoGenerated: false + ## @param tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's + ## + preferServerCiphers: true + ## @param tls.certificatesSecret Name of an existing secret that contains the certificates + ## + certificatesSecret: "" + ## @param tls.certFilename Certificate filename + ## + certFilename: "" + ## @param tls.certKeyFilename Certificate key filename + ## + certKeyFilename: "" + ## @param tls.certCAFilename CA Certificate filename + ## If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html + ## + certCAFilename: "" + ## @param tls.crlFilename File containing a Certificate Revocation List + ## + crlFilename: "" + +## @section PostgreSQL Primary parameters +## +primary: + ## @param primary.configuration PostgreSQL Primary main configuration to be injected as ConfigMap + ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html + ## + configuration: "" + ## @param primary.pgHbaConfiguration PostgreSQL Primary client authentication configuration + ## ref: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html + ## e.g:# + ## pgHbaConfiguration: |- + ## local all all trust + ## host all all localhost trust + ## host mydatabase mysuser 192.168.0.0/24 md5 + ## + pgHbaConfiguration: "" + ## @param primary.existingConfigmap Name of an existing ConfigMap with PostgreSQL Primary configuration + ## NOTE: `primary.configuration` and `primary.pgHbaConfiguration` will be ignored + ## + existingConfigmap: "" + ## @param primary.extendedConfiguration Extended PostgreSQL Primary configuration (appended to main or default configuration) + ## ref: https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf + ## + extendedConfiguration: "" + ## @param primary.existingExtendedConfigmap Name of an existing ConfigMap with PostgreSQL Primary extended configuration + ## NOTE: `primary.extendedConfiguration` will be ignored + ## + existingExtendedConfigmap: "" + ## Initdb configuration + ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#specifying-initdb-arguments + ## + initdb: + ## @param primary.initdb.args PostgreSQL initdb extra arguments + ## + args: "" + ## @param primary.initdb.postgresqlWalDir Specify a custom location for the PostgreSQL transaction log + ## + postgresqlWalDir: "" + ## @param primary.initdb.scripts Dictionary of initdb scripts + ## Specify dictionary of scripts to be run at first boot + ## e.g: + ## scripts: + ## my_init_script.sh: | + ## #!/bin/sh + ## echo "Do something." + ## + scripts: {} + ## @param primary.initdb.scriptsConfigMap ConfigMap with scripts to be run at first boot + ## NOTE: This will override `primary.initdb.scripts` + ## + scriptsConfigMap: "" + ## @param primary.initdb.scriptsSecret Secret with scripts to be run at first boot (in case it contains sensitive information) + ## NOTE: This can work along `primary.initdb.scripts` or `primary.initdb.scriptsConfigMap` + ## + scriptsSecret: "" + ## @param primary.initdb.user Specify the PostgreSQL username to execute the initdb scripts + ## + user: "" + ## @param primary.initdb.password Specify the PostgreSQL password to execute the initdb scripts + ## + password: "" + ## Configure current cluster's primary server to be the standby server in other cluster. + ## This will allow cross cluster replication and provide cross cluster high availability. + ## You will need to configure pgHbaConfiguration if you want to enable this feature with local cluster replication enabled. + ## @param primary.standby.enabled Whether to enable current cluster's primary as standby server of another cluster or not + ## @param primary.standby.primaryHost The Host of replication primary in the other cluster + ## @param primary.standby.primaryPort The Port of replication primary in the other cluster + ## + standby: + enabled: false + primaryHost: "" + primaryPort: "" + ## @param primary.extraEnvVars Array with extra environment variables to add to PostgreSQL Primary nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes + ## + extraEnvVarsCM: "" + ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for PostgreSQL Primary nodes + ## + extraEnvVarsSecret: "" + ## @param primary.command Override default container command (useful when using custom images) + ## + command: [] + ## @param primary.args Override default container args (useful when using custom images) + ## + args: [] + ## Configure extra options for PostgreSQL Primary containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param primary.livenessProbe.enabled Enable livenessProbe on PostgreSQL Primary containers + ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param primary.readinessProbe.enabled Enable readinessProbe on PostgreSQL Primary containers + ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param primary.startupProbe.enabled Enable startupProbe on PostgreSQL Primary containers + ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe + ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param primary.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param primary.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param primary.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param primary.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param primary.lifecycleHooks for the PostgreSQL Primary container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## PostgreSQL Primary resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param primary.resources.limits The resources limits for the PostgreSQL Primary containers + ## @param primary.resources.requests.memory The requested memory for the PostgreSQL Primary containers + ## @param primary.resources.requests.cpu The requested cpu for the PostgreSQL Primary containers + ## + resources: + limits: {} + requests: + memory: 256Mi + cpu: 250m + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param primary.podSecurityContext.enabled Enable security context + ## @param primary.podSecurityContext.fsGroup Group ID for the pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param primary.containerSecurityContext.enabled Enable container security context + ## @param primary.containerSecurityContext.runAsUser User ID for the container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param primary.hostAliases PostgreSQL primary pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param primary.hostNetwork Specify if host network should be enabled for PostgreSQL pod (postgresql primary) + ## + hostNetwork: false + ## @param primary.hostIPC Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) + ## + hostIPC: false + ## @param primary.labels Map of labels to add to the statefulset (postgresql primary) + ## + labels: {} + ## @param primary.annotations Annotations for PostgreSQL primary pods + ## + annotations: {} + ## @param primary.podLabels Map of labels to add to the pods (postgresql primary) + ## + podLabels: {} + ## @param primary.podAnnotations Map of annotations to add to the pods (postgresql primary) + ## + podAnnotations: {} + ## @param primary.podAffinityPreset PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param primary.podAntiAffinityPreset PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## PostgreSQL Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param primary.nodeAffinityPreset.type PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param primary.nodeAffinityPreset.key PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param primary.nodeAffinityPreset.values PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param primary.affinity Affinity for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param primary.nodeSelector Node labels for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param primary.tolerations Tolerations for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param primary.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: {} + ## @param primary.priorityClassName Priority Class to use for each pod (postgresql primary) + ## + priorityClassName: "" + ## @param primary.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param primary.terminationGracePeriodSeconds Seconds PostgreSQL primary pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param primary.updateStrategy.type PostgreSQL Primary statefulset strategy type + ## @param primary.updateStrategy.rollingUpdate PostgreSQL Primary statefulset rolling update configuration parameters + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + rollingUpdate: {} + ## @param primary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s) + ## + extraVolumeMounts: [] + ## @param primary.extraVolumes Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s) + ## + extraVolumes: [] + ## @param primary.sidecars Add additional sidecar containers to the PostgreSQL Primary pod(s) + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param primary.initContainers Add additional init containers to the PostgreSQL Primary pod(s) + ## Example + ## + ## initContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + initContainers: [] + ## @param primary.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) + ## + extraPodSpec: {} + ## PostgreSQL Primary service configuration + ## + service: + ## @param primary.service.type Kubernetes Service type + ## + type: ClusterIP + ## @param primary.service.ports.postgresql PostgreSQL service port + ## + ports: + postgresql: 5432 + ## Node ports to expose + ## NOTE: choose port between <30000-32767> + ## @param primary.service.nodePorts.postgresql Node port for PostgreSQL + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + postgresql: "" + ## @param primary.service.clusterIP Static clusterIP or None for headless services + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param primary.service.annotations Annotations for PostgreSQL primary service + ## + annotations: {} + ## @param primary.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param primary.service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param primary.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param primary.service.extraPorts Extra ports to expose in the PostgreSQL primary service + ## + extraPorts: [] + ## PostgreSQL Primary persistence configuration + ## + persistence: + ## @param primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" + ## @param primary.persistence.mountPath The path the volume will be mounted at + ## Note: useful when using custom PostgreSQL images + ## + mountPath: /bitnami/postgresql + ## @param primary.persistence.subPath The subdirectory of the volume to mount to + ## Useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param primary.persistence.storageClass PVC Storage Class for PostgreSQL Primary data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.accessModes PVC Access Mode for PostgreSQL volume + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size PVC Storage Request for PostgreSQL volume + ## + size: 8Gi + ## @param primary.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param primary.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param primary.persistence.dataSource Custom PVC data source + ## + dataSource: {} + +## @section PostgreSQL read only replica parameters +## +readReplicas: + ## @param readReplicas.replicaCount Number of PostgreSQL read only replicas + ## + replicaCount: 1 + ## @param readReplicas.extraEnvVars Array with extra environment variables to add to PostgreSQL read only nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param readReplicas.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes + ## + extraEnvVarsCM: "" + ## @param readReplicas.extraEnvVarsSecret Name of existing Secret containing extra env vars for PostgreSQL read only nodes + ## + extraEnvVarsSecret: "" + ## @param readReplicas.command Override default container command (useful when using custom images) + ## + command: [] + ## @param readReplicas.args Override default container args (useful when using custom images) + ## + args: [] + ## Configure extra options for PostgreSQL read only containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param readReplicas.livenessProbe.enabled Enable livenessProbe on PostgreSQL read only containers + ## @param readReplicas.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param readReplicas.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param readReplicas.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param readReplicas.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param readReplicas.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param readReplicas.readinessProbe.enabled Enable readinessProbe on PostgreSQL read only containers + ## @param readReplicas.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param readReplicas.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param readReplicas.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param readReplicas.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param readReplicas.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param readReplicas.startupProbe.enabled Enable startupProbe on PostgreSQL read only containers + ## @param readReplicas.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param readReplicas.startupProbe.periodSeconds Period seconds for startupProbe + ## @param readReplicas.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param readReplicas.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param readReplicas.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param readReplicas.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param readReplicas.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param readReplicas.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param readReplicas.lifecycleHooks for the PostgreSQL read only container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## PostgreSQL read only resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param readReplicas.resources.limits The resources limits for the PostgreSQL read only containers + ## @param readReplicas.resources.requests.memory The requested memory for the PostgreSQL read only containers + ## @param readReplicas.resources.requests.cpu The requested cpu for the PostgreSQL read only containers + ## + resources: + limits: {} + requests: + memory: 256Mi + cpu: 250m + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param readReplicas.podSecurityContext.enabled Enable security context + ## @param readReplicas.podSecurityContext.fsGroup Group ID for the pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param readReplicas.containerSecurityContext.enabled Enable container security context + ## @param readReplicas.containerSecurityContext.runAsUser User ID for the container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param readReplicas.hostAliases PostgreSQL read only pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param readReplicas.hostNetwork Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) + ## + hostNetwork: false + ## @param readReplicas.hostIPC Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) + ## + hostIPC: false + ## @param readReplicas.labels Map of labels to add to the statefulset (PostgreSQL read only) + ## + labels: {} + ## @param readReplicas.annotations Annotations for PostgreSQL read only pods + ## + annotations: {} + ## @param readReplicas.podLabels Map of labels to add to the pods (PostgreSQL read only) + ## + podLabels: {} + ## @param readReplicas.podAnnotations Map of annotations to add to the pods (PostgreSQL read only) + ## + podAnnotations: {} + ## @param readReplicas.podAffinityPreset PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param readReplicas.podAntiAffinityPreset PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## PostgreSQL read only node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param readReplicas.nodeAffinityPreset.type PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param readReplicas.nodeAffinityPreset.key PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param readReplicas.nodeAffinityPreset.values PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param readReplicas.affinity Affinity for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param readReplicas.nodeSelector Node labels for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param readReplicas.tolerations Tolerations for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param readReplicas.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: {} + ## @param readReplicas.priorityClassName Priority Class to use for each pod (PostgreSQL read only) + ## + priorityClassName: "" + ## @param readReplicas.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param readReplicas.terminationGracePeriodSeconds Seconds PostgreSQL read only pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param readReplicas.updateStrategy.type PostgreSQL read only statefulset strategy type + ## @param readReplicas.updateStrategy.rollingUpdate PostgreSQL read only statefulset rolling update configuration parameters + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + rollingUpdate: {} + ## @param readReplicas.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s) + ## + extraVolumeMounts: [] + ## @param readReplicas.extraVolumes Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s) + ## + extraVolumes: [] + ## @param readReplicas.sidecars Add additional sidecar containers to the PostgreSQL read only pod(s) + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param readReplicas.initContainers Add additional init containers to the PostgreSQL read only pod(s) + ## Example + ## + ## initContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + initContainers: [] + ## @param readReplicas.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL read only pod(s) + ## + extraPodSpec: {} + ## PostgreSQL read only service configuration + ## + service: + ## @param readReplicas.service.type Kubernetes Service type + ## + type: ClusterIP + ## @param readReplicas.service.ports.postgresql PostgreSQL service port + ## + ports: + postgresql: 5432 + ## Node ports to expose + ## NOTE: choose port between <30000-32767> + ## @param readReplicas.service.nodePorts.postgresql Node port for PostgreSQL + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + postgresql: "" + ## @param readReplicas.service.clusterIP Static clusterIP or None for headless services + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param readReplicas.service.annotations Annotations for PostgreSQL read only service + ## + annotations: {} + ## @param readReplicas.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param readReplicas.service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param readReplicas.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param readReplicas.service.extraPorts Extra ports to expose in the PostgreSQL read only service + ## + extraPorts: [] + ## PostgreSQL read only persistence configuration + ## + persistence: + ## @param readReplicas.persistence.enabled Enable PostgreSQL read only data persistence using PVC + ## + enabled: true + ## @param readReplicas.persistence.mountPath The path the volume will be mounted at + ## Note: useful when using custom PostgreSQL images + ## + mountPath: /bitnami/postgresql + ## @param readReplicas.persistence.subPath The subdirectory of the volume to mount to + ## Useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param readReplicas.persistence.storageClass PVC Storage Class for PostgreSQL read only data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param readReplicas.persistence.accessModes PVC Access Mode for PostgreSQL volume + ## + accessModes: + - ReadWriteOnce + ## @param readReplicas.persistence.size PVC Storage Request for PostgreSQL volume + ## + size: 8Gi + ## @param readReplicas.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param readReplicas.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param readReplicas.persistence.dataSource Custom PVC data source + ## + dataSource: {} + +## @section NetworkPolicy parameters + +## Add networkpolicies +## +networkPolicy: + ## @param networkPolicy.enabled Enable network policies + ## + enabled: false + ## @param networkPolicy.metrics.enabled Enable network policies for metrics (prometheus) + ## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. + ## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. + ## + metrics: + enabled: false + ## e.g: + ## namespaceSelector: + ## label: monitoring + ## + namespaceSelector: {} + ## e.g: + ## podSelector: + ## label: monitoring + ## + podSelector: {} + ## Ingress Rules + ## + ingressRules: + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin. + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s). + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s). + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules [object] Custom network policy for the PostgreSQL primary node. + ## + primaryAccessOnlyFrom: + enabled: false + ## e.g: + ## namespaceSelector: + ## label: ingress + ## + namespaceSelector: {} + ## e.g: + ## podSelector: + ## label: access + ## + podSelector: {} + ## custom ingress rules + ## e.g: + ## customRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: {} + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin. + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s). + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s). + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules [object] Custom network policy for the PostgreSQL read-only nodes. + ## + readReplicasAccessOnlyFrom: + enabled: false + ## e.g: + ## namespaceSelector: + ## label: ingress + ## + namespaceSelector: {} + ## e.g: + ## podSelector: + ## label: access + ## + podSelector: {} + ## custom ingress rules + ## e.g: + ## CustomRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: {} + ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). + ## @param networkPolicy.egressRules.customRules [object] Custom network policy rule + ## + egressRules: + # Deny connections to external. This is not compatible with an external database. + denyConnectionsToExternal: false + ## Additional custom egress rules + ## e.g: + ## customRules: + ## - to: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: {} + +## @section Volume Permissions parameters + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r400 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## + resources: + limits: {} + requests: {} + ## Init container' Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.containerSecurityContext.runAsUser + ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container + ## + containerSecurityContext: + runAsUser: 0 + +## @section Other Parameters + +## Service account for PostgreSQL to use. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for PostgreSQL pod + ## + create: false + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: true + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## Creates role for ServiceAccount +## @param rbac.create Create Role and RoleBinding (required for PSP to work) +## +rbac: + create: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later +## +psp: + create: false + +## @section Metrics Parameters + +metrics: + ## @param metrics.enabled Start a prometheus exporter + ## + enabled: false + ## @param metrics.image.registry PostgreSQL Prometheus Exporter image registry + ## @param metrics.image.repository PostgreSQL Prometheus Exporter image repository + ## @param metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) + ## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy + ## @param metrics.image.pullSecrets Specify image pull secrets + ## + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.10.1-debian-10-r88 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database: + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + customMetrics: {} + ## @param metrics.extraEnvVars Extra environment variables to add to PostgreSQL Prometheus exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + ## extraEnvVars: + ## - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + ## value: "true" + ## + extraEnvVars: [] + ## PostgreSQL Prometheus exporter containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param metrics.containerSecurityContext.enabled Enable PostgreSQL Prometheus exporter containers' Security Context + ## @param metrics.containerSecurityContext.runAsUser Set PostgreSQL Prometheus exporter containers' Security Context runAsUser + ## @param metrics.containerSecurityContext.runAsNonRoot Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param metrics.readinessProbe.enabled Enable readinessProbe on PostgreSQL Prometheus exporter containers + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param metrics.startupProbe.enabled Enable startupProbe on PostgreSQL Prometheus exporter containers + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param metrics.containerPorts.metrics PostgreSQL Prometheus exporter metrics container port + ## + containerPorts: + metrics: 9187 + ## PostgreSQL Prometheus exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param metrics.resources.limits The resources limits for the PostgreSQL Prometheus exporter container + ## @param metrics.resources.requests The requested resources for the PostgreSQL Prometheus exporter container + ## + resources: + limits: {} + requests: {} + ## Service configuration + ## + service: + ## @param metrics.service.ports.metrics PostgreSQL Prometheus Exporter service port + ## + ports: + metrics: 9187 + ## @param metrics.service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a PrometheusRule for Prometheus Operator + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.labels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + labels: {} + ## @param metrics.prometheusRule.rules PrometheusRule definitions + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ printf "%s-metrics" (include "common.names.fullname" .) }}"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ include "common.names.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + ## + rules: [] diff --git a/packer/ansible/roles/helm_install/files/keycloak/ci/ct-values.yaml b/packer/ansible/roles/helm_install/files/keycloak/ci/ct-values.yaml new file mode 100644 index 0000000..b738e2a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/ci/ct-values.yaml @@ -0,0 +1,2 @@ +service: + type: ClusterIP diff --git a/packer/ansible/roles/helm_install/files/keycloak/ci/values-ha.yaml b/packer/ansible/roles/helm_install/files/keycloak/ci/values-ha.yaml new file mode 100644 index 0000000..4d63174 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/ci/values-ha.yaml @@ -0,0 +1,8 @@ +serviceDiscovery: + enabled: true +cache: + ownersCount: 2 + authOwnersCount: 2 +replicaCount: 2 +rbac: + create: true diff --git a/packer/ansible/roles/helm_install/files/keycloak/ci/values-hpa-pdb.yaml b/packer/ansible/roles/helm_install/files/keycloak/ci/values-hpa-pdb.yaml new file mode 100644 index 0000000..d996388 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/ci/values-hpa-pdb.yaml @@ -0,0 +1,4 @@ +autoscaling: + enabled: true +pdb: + create: true diff --git a/packer/ansible/roles/helm_install/files/keycloak/ci/values-init-scripts.yaml b/packer/ansible/roles/helm_install/files/keycloak/ci/values-init-scripts.yaml new file mode 100644 index 0000000..c908973 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/ci/values-init-scripts.yaml @@ -0,0 +1,4 @@ +initdbScripts: + test.sh: | + #!/bin/sh + true diff --git a/packer/ansible/roles/helm_install/files/keycloak/ci/values-metrics-and-ingress.yaml b/packer/ansible/roles/helm_install/files/keycloak/ci/values-metrics-and-ingress.yaml new file mode 100644 index 0000000..45682c1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/ci/values-metrics-and-ingress.yaml @@ -0,0 +1,9 @@ +ingress: + enabled: true + tls: true + +service: + type: ClusterIP + +metrics: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/keycloak/override-values.yaml b/packer/ansible/roles/helm_install/files/keycloak/override-values.yaml new file mode 100644 index 0000000..c472034 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/override-values.yaml @@ -0,0 +1,60 @@ +auth: + adminUser: admin + adminPassword: "admin" + managementUser: admin + managementPassword: "admin" +proxyAddressForwarding: true +serviceDiscovery: + enabled: true +cache: + ownersCount: 2 + authOwnersCount: 2 +replicaCount: 2 +service: + type: NodePort + nodePorts: + http: "30100" + https: "30101" +rbac: + create: true + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +postgresql: + enabled: false +externalDatabase: + host: "postgresql.dsk-middle.svc.cluster.local" + port: 5432 + user: root + database: keycloak + password: root +ingress: + enabled: true + ingressClassName: "nginx" + hostname: auth.dev.kr.datasaker.io + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + ingress.kubernetes.io/ssl-redirect: "true" + kubernetes.io/tls-acme: "true" + tls: + - hosts: + - auth.dev.kr.datasaker.io + secretName: cert-auth-dev-kr-datasaker +tolerations: +- key: "dev/data-druid" + operator: "Exists" +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/druid-size + operator: In + values: + - small + diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/keycloak/templates/NOTES.txt new file mode 100644 index 0000000..acb9e0b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/NOTES.txt @@ -0,0 +1,76 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +Keycloak can be accessed through the following DNS name from within your cluster: + + {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ coalesce .Values.service.ports.http .Values.service.port }}) + +To access Keycloak from outside the cluster execute the following commands: + +{{- if .Values.ingress.enabled }} + +1. Get the Keycloak URL and associate its hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "Keycloak URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/auth" + echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts + +{{- else }} + +1. Get the Keycloak URL by running these commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "http://${NODE_IP}:${NODE_PORT}/auth" + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}' + + export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}) + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo "http://${SERVICE_IP}:${SERVICE_PORT}/auth" + +{{- else if contains "ClusterIP" .Values.service.type }} + + export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}) + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} & + echo "http://127.0.0.1:${SERVICE_PORT}/auth" + +{{- end }} +{{- end }} + +2. Access Keycloak using the obtained URL. +{{- if .Values.auth.createAdminUser }} +3. Access the Administration Console using the following credentials: + + echo Username: {{ .Values.auth.adminUser }} +{{- if not .Values.auth.existingSecretPerPassword }} + echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecret "context" $) }} -o jsonpath="{.data.admin-password}" | base64 --decode) +{{- else }} + echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecretPerPassword.adminPassword "context" $) }} -o jsonpath="\{ {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecretPerPassword "key" "adminPassword") }} \}" | base64 --decode) +{{- end }} +{{- end }} +{{- if .Values.metrics.enabled }} + +You can access the Prometheus metrics following the steps below: + +1. Get the Keycloak Prometheus metrics URL by running: + + {{- $metricsPort := coalesce .Values.metrics.service.ports.http .Values.metrics.service.port | toString }} + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "keycloak.fullname" .) }} {{ $metricsPort }}:{{ $metricsPort }} & + echo "Keycloak Prometheus metrics URL: http://127.0.0.1:{{ $metricsPort }}/metrics" + +2. Open a browser and access Keycloak Prometheus metrics using the obtained URL. + +{{- end }} + +{{- include "keycloak.validateValues" . }} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.keycloakConfigCli.image }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/keycloak/templates/_helpers.tpl new file mode 100644 index 0000000..7e26914 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/_helpers.tpl @@ -0,0 +1,273 @@ +{{/* +Create a default fully qualified app name. +We truncate at 20 chars since the node identifier in WildFly is limited to +23 characters. This allows for a replica suffix for up to 99 replicas. +If release name contains chart name it will be used as a full name. +*/}} +{{- define "keycloak.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 20 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 20 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 20 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Keycloak image name +*/}} +{{- define "keycloak.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper keycloak-config-cli image name +*/}} +{{- define "keycloak.keycloakConfigCli.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.keycloakConfigCli.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the keycloak-config-cli configuration configmap. +*/}} +{{- define "keycloak.keycloakConfigCli.configmapName" -}} +{{- if .Values.keycloakConfigCli.existingConfigmap -}} + {{- printf "%s" (tpl .Values.keycloakConfigCli.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-keycloak-config-cli-configmap" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for keycloak-config-cli +*/}} +{{- define "keycloak.keycloakConfigCli.createConfigmap" -}} +{{- if and .Values.keycloakConfigCli.enabled .Values.keycloakConfigCli.configuration (not .Values.keycloakConfigCli.existingConfigmap) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "keycloak.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.keycloakConfigCli.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "keycloak.postgresql.fullname" -}} +{{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "keycloak.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "keycloak.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the Keycloak configuration configmap +*/}} +{{- define "keycloak.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- printf "%s" (tpl .Values.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-configuration" (include "keycloak.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "keycloak.createConfigmap" -}} +{{- if and .Values.configuration (not .Values.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Database hostname +*/}} +{{- define "keycloak.databaseHost" -}} +{{- ternary (include "keycloak.postgresql.fullname" .) .Values.externalDatabase.host .Values.postgresql.enabled -}} +{{- end -}} + +{{/* +Return the Database port +*/}} +{{- define "keycloak.databasePort" -}} +{{- ternary "5432" .Values.externalDatabase.port .Values.postgresql.enabled | quote -}} +{{- end -}} + +{{/* +Return the Database database name +*/}} +{{- define "keycloak.databaseName" -}} +{{- if .Values.postgresql.enabled }} + {{- if .Values.global.postgresql }} + {{- if .Values.global.postgresql.auth }} + {{- coalesce .Values.global.postgresql.auth.database .Values.postgresql.auth.database -}} + {{- else -}} + {{- .Values.postgresql.auth.database -}} + {{- end -}} + {{- else -}} + {{- .Values.postgresql.auth.database -}} + {{- end -}} +{{- else -}} + {{- .Values.externalDatabase.database -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Database user +*/}} +{{- define "keycloak.databaseUser" -}} +{{- if .Values.postgresql.enabled }} + {{- if .Values.global.postgresql }} + {{- if .Values.global.postgresql.auth }} + {{- coalesce .Values.global.postgresql.auth.username .Values.postgresql.auth.username -}} + {{- else -}} + {{- .Values.postgresql.auth.username -}} + {{- end -}} + {{- else -}} + {{- .Values.postgresql.auth.username -}} + {{- end -}} +{{- else -}} + {{- .Values.externalDatabase.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Database encrypted password +*/}} +{{- define "keycloak.databaseSecretName" -}} +{{- if .Values.postgresql.enabled }} + {{- if .Values.global.postgresql }} + {{- if .Values.global.postgresql.auth }} + {{- if .Values.global.postgresql.auth.existingSecret }} + {{- tpl .Values.global.postgresql.auth.existingSecret $ -}} + {{- else -}} + {{- default (include "keycloak.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}} + {{- end -}} + {{- else -}} + {{- default (include "keycloak.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}} + {{- end -}} + {{- else -}} + {{- default (include "keycloak.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}} + {{- end -}} +{{- else -}} + {{- default (include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecret "context" $)) (tpl .Values.externalDatabase.existingSecret $) -}} +{{- end -}} +{{- end -}} + +{{/* +Add environment variables to configure database values +*/}} +{{- define "keycloak.databaseSecretKey" -}} +{{- if .Values.postgresql.enabled -}} + {{- print "password" -}} +{{- else -}} + {{- if .Values.externalDatabase.existingSecret -}} + {{- if .Values.externalDatabase.existingSecretPasswordKey -}} + {{- printf "%s" .Values.externalDatabase.existingSecretPasswordKey -}} + {{- else -}} + {{- print "password" -}} + {{- end -}} + {{- else -}} + {{- print "password" -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Keycloak initdb scripts configmap +*/}} +{{- define "keycloak.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} + {{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} + {{- printf "%s-init-scripts" (include "keycloak.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret containing AppName TLS certificates +*/}} +{{- define "keycloak.tlsSecretName" -}} +{{- $secretName := coalesce .Values.auth.tls.existingSecret .Values.auth.tls.jksSecret -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-crt" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "keycloak.createTlsSecret" -}} +{{- if and .Values.auth.tls.enabled .Values.auth.tls.autoGenerated (not .Values.auth.tls.existingSecret) (not .Values.auth.tls.jksSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "keycloak.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "keycloak.validateValues.replicaCount" .) -}} +{{- $messages := append $messages (include "keycloak.validateValues.database" .) -}} +{{- $messages := append $messages (include "keycloak.validateValues.auth.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Keycloak - number of replicas */}} +{{- define "keycloak.validateValues.replicaCount" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- if and (not .Values.serviceDiscovery.enabled) (gt $replicaCount 1) -}} +keycloak: replicaCount + You need to configure the ServiceDiscovery settings to run more than 1 replica. + Enable the Service Discovery (--set serviceDiscovery.enabled=true) and + set the Service Discovery protocol (--set serviceDiscovery.protocol="FOO") and + the Service Discovery properties (--set serviceDiscovery.properties[0]="BAR") if needed. +{{- end -}} +{{- end -}} + +{{/* Validate values of Keycloak - database */}} +{{- define "keycloak.validateValues.database" -}} +{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.host) (not .Values.externalDatabase.existingSecret) -}} +keycloak: database + You disabled the PostgreSQL sub-chart but did not specify an external PostgreSQL host. + Either deploy the PostgreSQL sub-chart (--set postgresql.enabled=true), + or set a value for the external database host (--set externalDatabase.host=FOO) + or set a value for the external database existing secret (--set externalDatabase.existingSecret=BAR). +{{- end -}} +{{- end -}} + +{{/* Validate values of Keycloak - Auth TLS enabled */}} +{{- define "keycloak.validateValues.auth.tls" -}} +{{- if and .Values.auth.tls.enabled (not .Values.auth.tls.autoGenerated) (not .Values.auth.tls.existingSecret) (not .Values.auth.tls.jksSecret) }} +keycloak: auth.tls.enabled + In order to enable TLS, you also need to provide + an existing secret containing the Keystore and Truststore or + enable auto-generated certificates. +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/configmap-env-vars.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/configmap-env-vars.yaml new file mode 100644 index 0000000..4a26314 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/configmap-env-vars.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-env-vars" (include "keycloak.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + KEYCLOAK_CREATE_ADMIN_USER: {{ ternary "true" "false" .Values.auth.createAdminUser | quote }} + KEYCLOAK_ADMIN_USER: {{ .Values.auth.adminUser | quote }} + KEYCLOAK_MANAGEMENT_USER: {{ .Values.auth.managementUser | quote }} + KEYCLOAK_HTTP_PORT: {{ .Values.containerPorts.http | quote }} + KEYCLOAK_PROXY_ADDRESS_FORWARDING: {{ ternary "true" "false" .Values.proxyAddressForwarding | quote }} + KEYCLOAK_ENABLE_STATISTICS: {{ ternary "true" "false" .Values.metrics.enabled | quote }} + KEYCLOAK_DATABASE_HOST: {{ include "keycloak.databaseHost" . | quote }} + KEYCLOAK_DATABASE_PORT: {{ include "keycloak.databasePort" . }} + KEYCLOAK_DATABASE_NAME: {{ include "keycloak.databaseName" . | quote }} + KEYCLOAK_DATABASE_USER: {{ include "keycloak.databaseUser" . | quote }} + {{- if .Values.serviceDiscovery.enabled }} + KEYCLOAK_JGROUPS_DISCOVERY_PROTOCOL: {{ .Values.serviceDiscovery.protocol | quote }} + KEYCLOAK_JGROUPS_DISCOVERY_PROPERTIES: {{ (tpl (join "," .Values.serviceDiscovery.properties) $) | quote }} + KEYCLOAK_JGROUPS_TRANSPORT_STACK: {{ .Values.serviceDiscovery.transportStack | quote }} + {{- end }} + KEYCLOAK_CACHE_OWNERS_COUNT: {{ .Values.cache.ownersCount | quote }} + KEYCLOAK_AUTH_CACHE_OWNERS_COUNT: {{ .Values.cache.authOwnersCount | quote }} + KEYCLOAK_ENABLE_TLS: {{ ternary "true" "false" .Values.auth.tls.enabled | quote }} + {{- if .Values.auth.tls.enabled }} + KEYCLOAK_HTTPS_PORT: {{ .Values.containerPorts.https | quote }} + KEYCLOAK_TLS_KEYSTORE_FILE: "/opt/bitnami/keycloak/certs/keycloak.keystore.jks" + KEYCLOAK_TLS_TRUSTSTORE_FILE: "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/configmap.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/configmap.yaml new file mode 100644 index 0000000..393d645 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "keycloak.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "keycloak.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + standalone-ha.xml: |- + {{- .Values.configuration | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/extra-list.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/headless-service.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/headless-service.yaml new file mode 100644 index 0000000..1130100 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/headless-service.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "keycloak.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: http + port: {{ coalesce .Values.service.ports.http .Values.service.port }} + protocol: TCP + targetPort: http + {{- if .Values.auth.tls.enabled }} + - name: https + port: {{ coalesce .Values.service.ports.https .Values.service.httpsPort }} + protocol: TCP + targetPort: https + {{- end }} + publishNotReadyAddresses: true + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: keycloak diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/hpa.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/hpa.yaml new file mode 100644 index 0000000..7a09b44 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/hpa.yaml @@ -0,0 +1,35 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "keycloak.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + name: {{ template "keycloak.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- end }} + {{- if .Values.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/ingress.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/ingress.yaml new file mode 100644 index 0000000..d2bd407 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/ingress.yaml @@ -0,0 +1,58 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "keycloak.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "keycloak.fullname" .) "servicePort" .Values.ingress.servicePort "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "keycloak.fullname" $) "servicePort" $.Values.ingress.servicePort "context" $) | nindent 14 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/init-scripts-configmap.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/init-scripts-configmap.yaml new file mode 100644 index 0000000..99687dc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/init-scripts-configmap.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "keycloak.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/keycloak-config-cli-configmap.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/keycloak-config-cli-configmap.yaml new file mode 100644 index 0000000..9a6cfd8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/keycloak-config-cli-configmap.yaml @@ -0,0 +1,21 @@ +{{- if (include "keycloak.keycloakConfigCli.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "keycloak.keycloakConfigCli.configmapName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak-config-cli + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- range $fileName, $fileContent := .Values.keycloakConfigCli.configuration }} + {{- if $fileContent }} + {{ $fileName }}: | + {{- include "common.tplvalues.render" (dict "value" $fileContent "context" $) | nindent 4 }} + {{- else }} + {{- ($.Files.Glob $fileName).AsConfig | nindent 2 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/keycloak-config-cli-job.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/keycloak-config-cli-job.yaml new file mode 100644 index 0000000..17807e1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/keycloak-config-cli-job.yaml @@ -0,0 +1,120 @@ +{{- if .Values.keycloakConfigCli.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "keycloak.fullname" . }}-keycloak-config-cli + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak-config-cli + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- include "common.tplvalues.render" ( dict "value" .Values.keycloakConfigCli.annotations "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + backoffLimit: {{ .Values.keycloakConfigCli.backoffLimit }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: keycloak-config-cli + {{- if .Values.keycloakConfigCli.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.podLabels "context" $) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "keycloak.keycloakConfigCli.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/keycloak-config-cli-configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.keycloakConfigCli.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "keycloak.serviceAccountName" . }} + {{- include "keycloak.imagePullSecrets" . | nindent 6 }} + restartPolicy: Never + {{- if .Values.keycloakConfigCli.podSecurityContext.enabled }} + securityContext: {{- omit .Values.keycloakConfigCli.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.keycloakConfigCli.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.hostAliases "context" $) | nindent 8 }} + {{- end }} + containers: + - name: keycloak-config-cli + image: {{ template "keycloak.keycloakConfigCli.image" . }} + imagePullPolicy: {{ .Values.keycloakConfigCli.image.pullPolicy }} + {{- if .Values.keycloakConfigCli.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.command "context" $) | nindent 12 }} + {{- else }} + command: + - java + - -jar + - {{ printf "/opt/bitnami/keycloak-config-cli/keycloak-config-cli-%s.jar" .Chart.AppVersion }} + {{- end }} + {{- if .Values.keycloakConfigCli.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.keycloakConfigCli.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.keycloakConfigCli.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + - name: KEYCLOAK_URL + value: {{ printf "http://%s-headless:%d/auth" (include "keycloak.fullname" .) (.Values.containerPorts.http | int) }} + - name: KEYCLOAK_USER + value: {{ .Values.auth.adminUser | quote }} + - name: KEYCLOAK_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.auth.existingSecretPerPassword }} + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecretPerPassword.adminPassword "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecretPerPassword "key" "adminPassword") }} + {{- else }} + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecret "key" "admin-password") }} + {{- end }} + {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap }} + - name: IMPORT_PATH + value: /config/ + {{- end }} + - name: KEYCLOAK_AVAILABILITYCHECK_ENABLED + value: "true" + {{- if .Values.keycloakConfigCli.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.keycloakConfigCli.extraEnvVarsCM .Values.keycloakConfigCli.extraEnvVarsSecret }} + envFrom: + {{- if .Values.keycloakConfigCli.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.keycloakConfigCli.extraEnvVarsCM }} + {{- end }} + {{- if .Values.keycloakConfigCli.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.keycloakConfigCli.extraEnvVarsSecret }} + {{- end }} + {{- end }} + {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap .Values.keycloakConfigCli.extraVolumeMounts }} + volumeMounts: + {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap }} + - name: config-volume + mountPath: /config + {{- end }} + {{- if .Values.keycloakConfigCli.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.keycloakConfigCli.resources }} + resources: {{- toYaml .Values.keycloakConfigCli.resources | nindent 12 }} + {{- end }} + {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap .Values.keycloakConfigCli.extraVolumes }} + volumes: + {{- if or .Values.keycloakConfigCli.configuration .Values.keycloakConfigCli.existingConfigmap }} + - name: config-volume + configMap: + name: {{ include "keycloak.keycloakConfigCli.configmapName" . }} + {{- end }} + {{- if .Values.keycloakConfigCli.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.keycloakConfigCli.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/metrics-service.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/metrics-service.yaml new file mode 100644 index 0000000..fa31d6b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/metrics-service.yaml @@ -0,0 +1,30 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "keycloak.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + ports: + - name: http-management + port: {{ coalesce .Values.metrics.service.ports.http .Values.metrics.service.port }} + protocol: TCP + targetPort: http-management + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: keycloak +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/networkpolicy.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/networkpolicy.yaml new file mode 100644 index 0000000..0f6d77f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/networkpolicy.yaml @@ -0,0 +1,39 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "keycloak.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + - ports: + - port: {{ .Values.containerPorts.http }} + {{- if .Values.auth.tls.enabled }} + - port: {{ .Values.containerPorts.https }} + {{- end }} + {{- if .Values.metrics.enabled }} + - port: {{ .Values.containerPorts.management }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "keycloak.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} + app.kubernetes.io/component: keycloak + {{- if .Values.networkPolicy.additionalRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.additionalRules "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/pdb.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/pdb.yaml new file mode 100644 index 0000000..2aad4f4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/pdb.yaml @@ -0,0 +1,25 @@ +{{- if .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "keycloak.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: keycloak +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/role.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/role.yaml new file mode 100644 index 0000000..08d08b0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/role.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "keycloak.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/rolebinding.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/rolebinding.yaml new file mode 100644 index 0000000..6e693ab --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/rolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "keycloak.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "keycloak.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "keycloak.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/secrets.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/secrets.yaml new file mode 100644 index 0000000..0ffc192 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/secrets.yaml @@ -0,0 +1,31 @@ +{{- if and (not .Values.auth.existingSecret) (not .Values.auth.existingSecretPerPassword) }} +{{- $secretName := include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecret "context" $)}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + admin-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "admin-password" "length" 10 "providedValues" (list "auth.adminPassword") "context" $) }} + management-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "management-password" "providedValues" (list "auth.managementPassword") "context" $) }} + {{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) }} + password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "password" "length" 10 "providedValues" (list "externalDatabase.password") "context" $) }} + {{- end }} + {{- if .Values.auth.tls.enabled }} + {{- if or .Values.auth.tls.keystorePassword .Values.auth.tls.autoGenerated .Values.auth.tls.usePem }} + tls-keystore-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "tls-keystore-password" "length" 10 "providedValues" (list "auth.tls.keystorePassword") "context" $) }} + {{- end }} + {{- if or .Values.auth.tls.truststorePassword .Values.auth.tls.autoGenerated .Values.auth.tls.usePem }} + tls-truestore-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "tls-truestore-password" "length" 10 "providedValues" (list "auth.tls.truststorePassword") "context" $) }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/service.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/service.yaml new file mode 100644 index 0000000..f6230b7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/service.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "keycloak.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: + {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- if not (empty .Values.service.loadBalancerIP) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- end }} + ports: + - name: http + port: {{ coalesce .Values.service.ports.http .Values.service.port }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: https + port: {{ coalesce .Values.service.ports.https .Values.service.httpsPort }} + protocol: TCP + targetPort: https + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} + nodePort: {{ .Values.service.nodePorts.https }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: keycloak diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/serviceaccount.yaml new file mode 100644 index 0000000..f8cff00 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "keycloak.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/servicemonitor.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/servicemonitor.yaml new file mode 100644 index 0000000..b7040a3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "keycloak.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http-management + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/statefulset.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/statefulset.yaml new file mode 100644 index 0000000..762c5a7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/statefulset.yaml @@ -0,0 +1,361 @@ +{{- $globalSecretName := printf "%s" (tpl (include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecret "context" $)) $) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "keycloak.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + serviceName: {{ printf "%s-headless" (include "keycloak.fullname" .) | trunc 63 | trimSuffix "-" }} + updateStrategy: + {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: keycloak + template: + metadata: + annotations: + checksum/configmap-env-vars: {{ include (print $.Template.BasePath "/configmap-env-vars.yaml") . | sha256sum }} + {{- if and (not .Values.auth.existingSecret) (not .Values.auth.existingSecretPerPassword) }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- end }} + {{- if (include "keycloak.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: keycloak + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "keycloak.serviceAccountName" . }} + {{- include "keycloak.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers .Values.auth.tls.enabled }} + initContainers: + {{- if .Values.auth.tls.enabled }} + {{- $fullname := include "keycloak.fullname" . }} + - name: init-certs + image: {{ include "keycloak.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/bash + - -ec + - |- + ID="${MY_POD_NAME#"{{ $fullname }}-"}" + {{- if or .Values.auth.tls.autoGenerated .Values.auth.tls.usePem }} + if [[ -f "/certs/keycloak-${ID}.key" ]] && [[ -f "/certs/keycloak-${ID}.crt" ]] && [[ -f "/certs/ca.crt" ]]; then + openssl pkcs12 -export -in "/certs/keycloak-${ID}.crt" \ + -passout pass:"${KEYCLOAK_TLS_KEYSTORE_PASSWORD}" \ + -inkey "/certs/keycloak-${ID}.key" \ + -out "/tmp/keystore.p12" + keytool -importkeystore -srckeystore "/tmp/keystore.p12" \ + -srcstoretype PKCS12 \ + -srcstorepass "${KEYCLOAK_TLS_KEYSTORE_PASSWORD}" \ + -deststorepass "${KEYCLOAK_TLS_KEYSTORE_PASSWORD}" \ + -destkeystore "/opt/bitnami/keycloak/certs/keycloak.keystore.jks" + rm "/tmp/keystore.p12" + keytool -import -file "/certs/ca.crt" \ + -keystore "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" \ + -storepass "${KEYCLOAK_TLS_TRUSTSTORE_PASSWORD}" \ + -noprompt + else + echo "Couldn't find the expected PEM certificates! They are mandatory when encryption via TLS is enabled." + exit 1 + fi + {{- else if and .Values.auth.tls.truststoreFilename .Values.auth.tls.keystoreFilename }} + if [[ -f {{ printf "/certs/%s" .Values.auth.tls.truststoreFilename | quote }} ]] && [[ -f {{ printf "/certs/%s" .Values.auth.tls.keystoreFilename | quote }} ]]; then + cp {{ printf "/certs/%s" .Values.auth.tls.truststoreFilename | quote }} "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" + cp {{ printf "/certs/%s" .Values.auth.tls.keystoreFilename | quote }} "/opt/bitnami/keycloak/certs/keycloak.keystore.jks" + else + echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when encryption via TLS is enabled." + exit 1 + fi + {{- else }} + if [[ -f "/certs/keycloak.truststore.jks" ]] && [[ -f "/certs/keycloak-${ID}.keystore.jks" ]]; then + cp "/certs/keycloak.truststore.jks" "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" + cp "/certs/keycloak-${ID}.keystore.jks" "/opt/bitnami/keycloak/certs/keycloak.keystore.jks" + else + echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when encryption via TLS is enabled." + exit 1 + fi + {{- end }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + {{- if or .Values.auth.tls.keystorePassword .Values.auth.existingSecretPerPassword .Values.auth.tls.autoGenerated }} + - name: KEYCLOAK_TLS_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.auth.existingSecretPerPassword }} + name: {{ tpl (include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecretPerPassword.tlsKeystorePassword "context" $)) $ }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecretPerPassword "key" "tlsKeystorePassword") }} + {{- else }} + name: {{ $globalSecretName }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecret "key" "tls-keystore-password") }} + {{- end }} + {{- end }} + {{- if or .Values.auth.tls.truststorePassword .Values.auth.existingSecretPerPassword .Values.auth.tls.autoGenerated }} + - name: KEYCLOAK_TLS_TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.auth.existingSecretPerPassword }} + name: {{ tpl (include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecretPerPassword.tlsTruststorePassword "context" $)) $ }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecretPerPassword "key" "tlsKeystorePassword") }} + {{- else }} + name: {{ $globalSecretName }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecret "key" "tls-truestore-password") }} + {{- end }} + {{- end }} + {{- if .Values.auth.tls.resources }} + resources: {{- toYaml .Values.auth.tls.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: certificates + mountPath: /certs + - name: shared-certs + mountPath: /opt/bitnami/keycloak/certs + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: keycloak + image: {{ template "keycloak.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.auth.existingSecretPerPassword }} + name: {{ tpl (include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecretPerPassword.adminPassword "context" $)) $ }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecretPerPassword "key" "adminPassword") }} + {{- else }} + name: {{ $globalSecretName }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecret "key" "admin-password") }} + {{- end }} + - name: KEYCLOAK_MANAGEMENT_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.auth.existingSecretPerPassword }} + name: {{ tpl (include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecretPerPassword.managementPassword "context" $)) $ }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecretPerPassword "key" "managementPassword") }} + {{- else }} + name: {{ $globalSecretName }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecret "key" "management-password") }} + {{- end }} + - name: KEYCLOAK_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.auth.existingSecretPerPassword }} + name: {{ tpl (include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecretPerPassword.databasePassword "context" $)) $ }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecretPerPassword "key" "databasePassword") }} + {{- else }} + name: {{ include "keycloak.databaseSecretName" . }} + key: {{ include "keycloak.databaseSecretKey" . }} + {{- end }} + {{- if .Values.auth.tls.enabled }} + {{- if or .Values.auth.tls.keystorePassword .Values.auth.existingSecretPerPassword }} + - name: KEYCLOAK_TLS_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.auth.existingSecretPerPassword }} + name: {{ tpl (include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecretPerPassword.tlsKeystorePassword "context" $) $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecretPerPassword "key" "tlsKeystorePassword") }} + {{- else }} + name: {{ $globalSecretName }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecret "key" "tls-keystore-password") }} + {{- end }} + {{- end }} + {{- if or .Values.auth.tls.truststorePassword .Values.auth.existingSecretPerPassword }} + - name: KEYCLOAK_TLS_TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.auth.existingSecretPerPassword }} + name: {{ tpl (include "common.secrets.name" (dict "existingSecret" .Values.auth.existingSecretPerPassword.tlsTruststorePassword "context" $) $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecretPerPassword "key" "tlsKeystorePassword") }} + {{- else }} + name: {{ $globalSecretName }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.auth.existingSecret "key" "tls-truestore-password") }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.extraStartupArgs }} + - name: KEYCLOAK_EXTRA_ARGS + value: {{ .Values.extraStartupArgs | quote }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ printf "%s-env-vars" (include "keycloak.fullname" .) }} + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if and .Values.externalDatabase.existingSecret (not .Values.postgresql.enabled) }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.externalDatabase.existingSecret "context" $) }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + protocol: TCP + - name: https + containerPort: {{ .Values.containerPorts.https }} + protocol: TCP + - name: http-management + containerPort: {{ .Values.containerPorts.management }} + protocol: TCP + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- omit .Values.startupProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /auth/ + port: http + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /auth/ + port: http + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /auth/realms/master + port: http + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + volumeMounts: + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: keycloak-config + mountPath: /bitnami/keycloak/configuration/standalone-ha.xml + subPath: standalone-ha.xml + {{- end }} + {{- if .Values.auth.tls.enabled }} + - name: shared-certs + mountPath: /opt/bitnami/keycloak/certs + readOnly: true + {{- end }} + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: keycloak-config + configMap: + name: {{ include "keycloak.configmapName" . }} + {{- end }} + {{- if .Values.auth.tls.enabled }} + - name: certificates + secret: + secretName: {{ include "keycloak.tlsSecretName" . }} + defaultMode: 420 + - name: shared-certs + emptyDir: {} + {{- end }} + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ include "keycloak.initdbScriptsCM" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/keycloak/templates/tls-secret.yaml b/packer/ansible/roles/helm_install/files/keycloak/templates/tls-secret.yaml new file mode 100644 index 0000000..b1d4a2d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/templates/tls-secret.yaml @@ -0,0 +1,76 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "keycloak-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +--- +{{- end }} +{{- end }} +{{- if (include "keycloak.createTlsSecret" $) }} +{{- $ca := genCA "keycloak-ca" 365 }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $fullname := include "keycloak.fullname" . }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: keycloak + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- $replicaCount := int .Values.replicaCount }} + {{- range $i := until $replicaCount }} + {{- $replicaHost := printf "%s-%d.%s-headless" $fullname $i $fullname }} + {{- $altNames := list (printf "%s.%s.svc.%s" $replicaHost $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $replicaHost $releaseNamespace) (printf "%s.%s" $fullname $releaseNamespace) $replicaHost $fullname }} + {{- $crt := genSignedCert $replicaHost nil $altNames 365 $ca }} + keycloak-{{ $i }}.crt: {{ $crt.Cert | b64enc | quote }} + keycloak-{{ $i }}.key: {{ $crt.Key | b64enc | quote }} + {{- end }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} + diff --git a/packer/ansible/roles/helm_install/files/keycloak/values.yaml b/packer/ansible/roles/helm_install/files/keycloak/values.yaml new file mode 100644 index 0000000..a192126 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/keycloak/values.yaml @@ -0,0 +1,951 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters +## + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override keycloak.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override keycloak.fullname +## +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Enable diagnostic mode in the statefulset +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the the statefulset + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the the statefulset + ## + args: + - infinity + +## @section Keycloak parameters + +## Bitnami Keycloak image version +## ref: https://hub.docker.com/r/bitnami/keycloak/tags/ +## @param image.registry Keycloak image registry +## @param image.repository Keycloak image repository +## @param image.tag Keycloak image tag (immutable tags are recommended) +## @param image.pullPolicy Keycloak image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: bitnami/keycloak + tag: 16.1.1-debian-10-r85 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Keycloak authentication parameters +## ref: https://github.com/bitnami/bitnami-docker-keycloak#admin-credentials +## +auth: + ## @param auth.createAdminUser Create administrator user on boot + ## + createAdminUser: true + ## @param auth.adminUser Keycloak administrator user + ## + adminUser: user + ## @param auth.adminPassword Keycloak administrator password for the new user + ## + adminPassword: "" + ## @param auth.managementUser Wildfly management user + ## + managementUser: manager + ## @param auth.managementPassword Wildfly management password + ## + managementPassword: "" + ## @param auth.existingSecret An already existing secret containing auth info + ## e.g: + ## existingSecret: + ## name: mySecret + ## keyMapping: + ## admin-password: myPasswordKey + ## management-password: myManagementPasswordKey + ## tls-keystore-password: myTlsKeystorePasswordKey + ## tls-truestore-password: myTlsTruestorePasswordKey + ## + existingSecret: "" + ## @param auth.existingSecretPerPassword Override `existingSecret` and other secret values + ## e.g: + ## existingSecretPerPassword: + ## keyMapping: + ## adminPassword: KEYCLOAK_ADMIN_PASSWORD + ## managementPassword: KEYCLOAK_MANAGEMENT_PASSWORD + ## databasePassword: password + ## tlsKeystorePassword: JKS_KEYSTORE_TRUSTSTORE_PASSWORD + ## tlsTruststorePassword: JKS_KEYSTORE_TRUSTSTORE_PASSWORD + ## adminPassword: + ## name: keycloak-test2.credentials ## release-name + ## managementPassword: + ## name: keycloak-test2.credentials + ## databasePassword: + ## name: keycloak.pocwatt-keycloak-cluster.credentials + ## tlsKeystorePassword: + ## name: keycloak-test2.credentials + ## tlsTruststorePassword: + ## name: keycloak-test2.credentials + ## + existingSecretPerPassword: {} + ## TLS encryption parameters + ## ref: https://github.com/bitnami/bitnami-docker-keycloak#tls-encryption + ## + tls: + ## @param auth.tls.enabled Enable TLS encryption + ## + enabled: false + ## @param auth.tls.autoGenerated Generate automatically self-signed TLS certificates. Currently only supports PEM certificates + ## + autoGenerated: false + ## @param auth.tls.existingSecret Existing secret containing the TLS certificates per Keycloak replica + ## Create this secret following the steps below: + ## 1) Generate your trustore and keystore files (more info at https://www.keycloak.org/docs/latest/server_installation/#_setting_up_ssl) + ## 2) Rename your truststore to `keycloak.truststore.jks`. + ## 3) Rename your keystores to `keycloak-X.keystore.jks` where X is the ID of each Keycloak replica + ## 4) Run the command below where SECRET_NAME is the name of the secret you want to create: + ## kubectl create secret generic SECRET_NAME --from-file=./keycloak.truststore.jks --from-file=./keycloak-0.keystore.jks --from-file=./keycloak-1.keystore.jks ... + ## + existingSecret: "" + ## @param auth.tls.usePem Use PEM certificates as input instead of PKS12/JKS stores + ## If "true", the Keycloak chart will look for the files ca.crt, keycloak-X.key and keycloak-X.crt inside the secret provided with 'existingSecret'. + ## If keystorePassword and truststorePassword are not provided, they will be autogenerated. + ## + usePem: false + ## @param auth.tls.truststoreFilename Truststore specific filename inside the existing secret + ## Note: Setting up this value, you will use the same trustore file in all the replicas + ## + truststoreFilename: "" + ## @param auth.tls.keystoreFilename Keystore specific filename inside the existing secret + ## Note: Setting up this value, you will use the same trustore file in all the replicas + ## + keystoreFilename: "" + ## @param auth.tls.jksSecret DEPRECATED. Use `auth.tls.existingSecret` instead + ## + jksSecret: "" + ## @param auth.tls.keystorePassword Password to access the keystore when it's password-protected + ## + keystorePassword: "" + ## @param auth.tls.truststorePassword Password to access the truststore when it's password-protected + ## + truststorePassword: "" + ## Init containers' resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param auth.tls.resources.limits The resources limits for the TLS init container + ## @param auth.tls.resources.requests The requested resources for the TLS init container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} +## @param proxyAddressForwarding Enable Proxy Address Forwarding +## ref: https://www.keycloak.org/docs/latest/server_installation/#_setting-up-a-load-balancer-or-proxy +## +proxyAddressForwarding: false +## Keycloak Service Discovery settings +## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration +## +serviceDiscovery: + ## @param serviceDiscovery.enabled Enable Service Discovery for Keycloak (required if `replicaCount` > `1`) + ## + enabled: false + ## @param serviceDiscovery.protocol Sets the protocol that Keycloak nodes would use to discover new peers + ## Available protocols can be found at http://www.jgroups.org/javadoc3/org/jgroups/protocols/ + ## + protocol: kubernetes.KUBE_PING + ## @param serviceDiscovery.properties Properties for the discovery protocol set in `serviceDiscovery.protocol` parameter + ## List of key=>value pairs + ## Example: + ## properties: + ## - datasource_jndi_name=>"java:jboss/datasources/KeycloakDS" + ## - initialize_sql=>"CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created timestamp default current_timestamp, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))" + ## + properties: [] + ## @param serviceDiscovery.transportStack Transport stack for the discovery protocol set in `serviceDiscovery.protocol` parameter + ## + transportStack: tcp +## Keycloak cache settings +## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration +## +cache: + ## @param cache.ownersCount Number of nodes that will replicate cached data + ## + ownersCount: 1 + ## @param cache.authOwnersCount Number of nodes that will replicate cached authentication data + ## + authOwnersCount: 1 +## @param configuration Keycloak Configuration. Auto-generated based on other parameters when not specified +## Specify content for standalone-ha.xml +## NOTE: This will override configuring Keycloak based on environment variables (including those set by the chart) +## The standalone-ha.xml is auto-generated based on other parameters when this parameter is not specified +## +## Example: +## configuration: |- +## foo: bar +## baz: +## +configuration: "" +## @param existingConfigmap Name of existing ConfigMap with Keycloak configuration +## NOTE: When it's set the configuration parameter is ignored +## +existingConfigmap: "" +## @param extraStartupArgs Extra default startup args +## +extraStartupArgs: "" +## @param initdbScripts Dictionary of initdb scripts +## Specify dictionary of scripts to be run at first boot +## ref: https://github.com/bitnami/bitnami-docker-keycloak#initializing-a-new-instance +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} +## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) +## +initdbScriptsConfigMap: "" +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param extraEnvVars Extra environment variables to be set on Keycloak container +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars +## +extraEnvVarsSecret: "" + +## @section Keycloak statefulset parameters + +## @param replicaCount Number of Keycloak replicas to deploy +## +replicaCount: 1 +## @param containerPorts.http Keycloak HTTP container port +## @param containerPorts.https Keycloak HTTPS container port +## @param containerPorts.management Keycloak management HTTP container port +## +containerPorts: + http: 8080 + https: 8443 + management: 9990 +## Keycloak pods' SecurityContext +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled Keycloak pods' Security Context +## @param podSecurityContext.fsGroup Set Keycloak pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Keycloak containers' Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled Keycloak containers' Security Context +## @param containerSecurityContext.runAsUser Set Keycloak container's Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set Keycloak container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## Keycloak resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## @param resources.limits The resources limits for the Keycloak containers +## @param resources.requests The requested resources for the Keycloak containers +## +resources: + limits: {} + requests: {} +## Configure extra options for Keycloak containers' liveness, readiness and startup probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe on Keycloak containers +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 300 + periodSeconds: 1 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 +## @param readinessProbe.enabled Enable readinessProbe on Keycloak containers +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 +## When enabling this, make sure to set initialDelaySeconds to 0 for livenessProbe and readinessProbe +## @param startupProbe.enabled Enable startupProbe on Keycloak containers +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 60 + successThreshold: 1 +## @param customLivenessProbe Custom Liveness probes for Keycloak +## +customLivenessProbe: {} +## @param customReadinessProbe Custom Rediness probes Keycloak +## +customReadinessProbe: {} +## @param customStartupProbe Custom Startup probes for Keycloak +## +customStartupProbe: {} +## @param lifecycleHooks LifecycleHooks to set additional configuration at startup +## +lifecycleHooks: {} +## @param hostAliases Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param podLabels Extra labels for Keycloak pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for Keycloak pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## @param nodeSelector Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: {} +## @param podManagementPolicy Pod management policy for the Keycloak statefulset +## +podManagementPolicy: Parallel +## @param priorityClassName Keycloak pods' Priority Class Name +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param schedulerName Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds Seconds Keycloak pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param updateStrategy.type Keycloak statefulset strategy type +## @param updateStrategy.rollingUpdate Keycloak statefulset rolling update configuration parameters +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + rollingUpdate: {} +## @param extraVolumes Optionally specify extra list of additional volumes for Keycloak pods +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Keycloak container(s) +## +extraVolumeMounts: [] +## @param initContainers Add additional init containers to the Keycloak pods +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers to the Keycloak pods +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] + +## @section Exposure parameters +## + +## Service configuration +## +service: + ## @param service.type Kubernetes service type + ## + type: LoadBalancer + ## @param service.ports.http Keycloak service HTTP port + ## @param service.ports.https Keycloak service HTTPS port + ## + ports: + http: 80 + https: 443 + ## @param service.nodePorts [object] Specify the nodePort values for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + https: "" + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.clusterIP Keycloak service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for Keycloak service + ## + annotations: {} + ## @param service.extraPorts Extra port to expose on Keycloak service + ## + extraPorts: [] + +## Keycloak ingress parameters +## ref: https://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress record generation for Keycloak + ## + enabled: false + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: keycloak.local + ## @param ingress.path Default path for the ingress record + ## + path: / + ## @param ingress.servicePort Backend service port to use + ## Default is http. Alternative is https. + ## + servicePort: http + ## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Relay on cert-manager to create it by setting the corresponding annotations + ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: keycloak.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - keycloak.local + ## secretName: keycloak.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: keycloak.local-tls + ## key: + ## certificate: + ## + secrets: [] + +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable the default NetworkPolicy policy + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports Keycloak is listening + ## on. When true, Keycloak will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.additionalRules Additional NetworkPolicy rules + ## Note that all rules are OR-ed. + ## Example: + ## additionalRules: + ## - matchLabels: + ## - role: frontend + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + additionalRules: {} + +## @section RBAC parameter +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + ## @param serviceAccount.create Enable the creation of a ServiceAccount for Keycloak pods + ## + create: true + ## @param serviceAccount.name Name of the created ServiceAccount + ## If not set and create is true, a name is generated using the fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod + ## + automountServiceAccountToken: true + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## Specifies whether RBAC resources should be created +## +rbac: + ## @param rbac.create Whether to create and use RBAC resources or not + ## + create: false + ## @param rbac.rules Custom RBAC rules + ## Example: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + +## @section Other parameters +## + +## Keycloak Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + maxUnavailable: "" +## Keycloak Autoscaling configuration +## @param autoscaling.enabled Enable autoscaling for Keycloak +## @param autoscaling.minReplicas Minimum number of Keycloak replicas +## @param autoscaling.maxReplicas Maximum number of Keycloak replicas +## @param autoscaling.targetCPU Target CPU utilization percentage +## @param autoscaling.targetMemory Target Memory utilization percentage +## +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 11 + targetCPU: "" + targetMemory: "" + +## @section Metrics parameters +## + +## Metrics configuration +## +metrics: + ## @param metrics.enabled Enable exposing Keycloak statistics + ## ref: https://github.com/bitnami/bitnami-docker-keycloak#enabling-statistics + ## + enabled: false + ## Keycloak metrics service parameters + ## + service: + ## @param metrics.service.ports.http Metrics service HTTP port + ## + ports: + http: 9990 + ## @param metrics.service.annotations [object] Annotations for enabling prometheus to access the metrics endpoints + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.http }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + +## @section keycloak-config-cli parameters + +## Configuration for keycloak-config-cli +## ref: https://github.com/adorsys/keycloak-config-cli +## +keycloakConfigCli: + ## @param keycloakConfigCli.enabled Whether to enable keycloak-config-cli job + ## + enabled: false + ## Bitnami keycloak-config-cli image + ## ref: https://hub.docker.com/r/bitnami/keycloak-config-cli/tags/ + ## @param keycloakConfigCli.image.registry keycloak-config-cli container image registry + ## @param keycloakConfigCli.image.repository keycloak-config-cli container image repository + ## @param keycloakConfigCli.image.tag keycloak-config-cli container image tag + ## @param keycloakConfigCli.image.pullPolicy keycloak-config-cli container image pull policy + ## @param keycloakConfigCli.image.pullSecrets keycloak-config-cli container image pull secrets + ## + image: + registry: docker.io + repository: bitnami/keycloak-config-cli + tag: 4.9.0-debian-10-r14 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param keycloakConfigCli.annotations [object] Annotations for keycloak-config-cli job + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: + helm.sh/hook: "post-install,post-upgrade,post-rollback" + helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation" + helm.sh/hook-weight: "5" + ## @param keycloakConfigCli.command Command for running the container (set to default if not set). Use array form + ## + command: [] + ## @param keycloakConfigCli.args Args for running the container (set to default if not set). Use array form + ## + args: [] + ## @param keycloakConfigCli.hostAliases Job pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## Keycloak config CLI resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param keycloakConfigCli.resources.limits The resources limits for the keycloak-config-cli container + ## @param keycloakConfigCli.resources.requests The requested resources for the keycloak-config-cli container + ## + resources: + limits: {} + requests: {} + ## keycloak-config-cli containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param keycloakConfigCli.containerSecurityContext.enabled Enabled keycloak-config-cli containers' Security Context + ## @param keycloakConfigCli.containerSecurityContext.runAsUser Set keycloak-config-cli container's Security Context runAsUser + ## @param keycloakConfigCli.containerSecurityContext.runAsNonRoot Set keycloak-config-cli container's Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## keycloak-config-cli pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param keycloakConfigCli.podSecurityContext.enabled Enabled keycloak-config-cli pods' Security Context + ## @param keycloakConfigCli.podSecurityContext.fsGroup Set keycloak-config-cli pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## @param keycloakConfigCli.backoffLimit Number of retries before considering a Job as failed + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy + ## + backoffLimit: 1 + ## @param keycloakConfigCli.podLabels Pod extra labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param keycloakConfigCli.podAnnotations Annotations for job pod + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param keycloakConfigCli.extraEnvVars Additional environment variables to set + ## Example: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param keycloakConfigCli.extraEnvVarsCM ConfigMap with extra environment variables + ## + extraEnvVarsCM: "" + ## @param keycloakConfigCli.extraEnvVarsSecret Secret with extra environment variables + ## + extraEnvVarsSecret: "" + ## @param keycloakConfigCli.extraVolumes Extra volumes to add to the job + ## + extraVolumes: [] + ## @param keycloakConfigCli.extraVolumeMounts Extra volume mounts to add to the container + ## + extraVolumeMounts: [] + ## @param keycloakConfigCli.configuration keycloak-config-cli realms configuration + ## NOTE: nil keys will be considered files to import locally + ## Example: + ## configuration: + ## realm1.json: | + ## { + ## "realm": "realm1", + ## "clients": [] + ## } + ## files/realm2.yaml: + ## realm3.yaml: | + ## realm: realm3 + ## clients: [] + ## + configuration: {} + ## @param keycloakConfigCli.existingConfigmap ConfigMap with keycloak-config-cli configuration. This will override `keycloakConfigCli.config` + ## NOTE: This will override keycloakConfigCli.configuration + ## + existingConfigmap: "" + +## @section Database parameters + +## PostgreSQL chart configuration +## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml +## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart +## @param postgresql.auth.username Name for a custom user to create +## @param postgresql.auth.password Password for the custom user to create +## @param postgresql.auth.database Name for a custom database to create +## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials +## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`) +## +postgresql: + enabled: true + auth: + username: bn_keycloak + password: "" + database: bitnami_keycloak + existingSecret: "" + architecture: standalone +## External PostgreSQL configuration +## All of these values are only used when postgresql.enabled is set to false +## @param externalDatabase.host Database host +## @param externalDatabase.port Database port number +## @param externalDatabase.user Non-root username for Keycloak +## @param externalDatabase.password Password for the non-root username for Keycloak +## @param externalDatabase.database Keycloak database name +## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials +## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials +## +externalDatabase: + host: "" + port: 5432 + user: bn_keycloak + database: bitnami_keycloak + password: "" + existingSecret: "" + existingSecretPasswordKey: "" diff --git a/packer/ansible/roles/helm_install/files/kubeconfig b/packer/ansible/roles/helm_install/files/kubeconfig new file mode 100644 index 0000000..95b048c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/kubeconfig @@ -0,0 +1,20 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1USXdOakV3TkRZME5Gb1hEVE15TVRJd016RXdORFkwTkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0xYCnhYSWpmVWdFdXdxMFZrYXQ0N2d6Q09vRERDL1YvRHl5T0dWZG1PSDEwd1dHZmwrMFI0dkkwaWlHc0ZKRVFqWWMKRGt6THZUOHlRNVpybFpiV3VuVkFYaTlrcHRxY0d2R2NZYXdrMGVIRVdqQ1RRTXo0T2dOd2JuQytKdkd1MnJiVgpaUVVvRzV1cHpDRkM0Q0RtM1h2Ym14RjdYUU11L0FOU045V1UwYS9Td0tvR25EaVMyV1JBOFJpRG9DYURKcGprCjc1azAyMkZOanlOZkxadktmMzFzNTg3OGF1bS9WS0UzeVV4SGhqVzFEeEpTWUMrK1RhV0F0MWpBVXZObWVNQmQKVStmRW0xbUVnNWtnWVBER2d3czBSVHB4WFk1U3dTL3hKVkd2VjRYeExlWEVoWmc2ZlF4c0hvcG1vdVZJOEJLMQpUdW1ram4zTkhrU0dtRVEzczBFQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNc2RSdjJzQ2RaUW1ZM1dVZ1U4aUlhOHM5cWpNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRXZ5WWorT2QwVSttYkdkSzJyWApTcXdiZjY0M0V4YWlkVDVWQjhPUExoNm1kbVQvTk04cHdYUDg0Y0J2RC9rSzBXTllObkc2RFhTS3BtWjBSM1BmCm03ck8wZ2N4M1dYaDIzWHk5VmJWcGcyK0FXdFRRVDd5dVM3L3U3YjVnV1lQNzVqNk0rOWQvdXNtc3g3alFxNjEKa3NJTzlKNXVmNCtXSHJtQm1WMGNydGZTTjN5bTF2Q2VDZzNNeFpkY3hIUXgrUjNNWFZyYVZFK1NIUE5hdzgzQQppZFI3eDkyenMwY3dRcy9wSGxRK0t5aDFnQ01JQkVFTXM1OERwZU11Q0VUaEZ2elBuL1l6YlVoNUYrcm1KNytoCjJ5VVV0R2x5V3NJQ2l5ODl0Y2pOT1RBN2EvSGJ5ZDk4MmxIM1hLY1ZlUUdYVlJFTFF0UU9sUVNHOVRQU1R4OFcKNWdJPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://10.10.30.214:6443 + name: kubernetes +contexts: +- context: + cluster: kubernetes + user: kubernetes-admin + name: kubernetes-admin@kubernetes +current-context: kubernetes-admin@kubernetes +kind: Config +preferences: {} +users: +- name: kubernetes-admin + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJYzVmZFNYMzFJTWd3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpFeU1EWXhNRFEyTkRSYUZ3MHlNekV5TURZeE1EUTJORGRhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTFBRGVDUGF5elpXTWtpV1AKQzV0RmRzL3orSmpndDYzUzFxMC9TQ2VYTWx0MGRTVGFqb3B5UzRueFVPb1ZXYmY2M016NEQ0RzRDWDNheW1TWgpLa1JmbVJ5SEtNRTVWTll6WUNWSUY1Qm1acEpVUHJ6OU5vZVRocDlQOTV2M3hIWlNBektvKysyZnQ1dzJ1dGJYCnBkN3g0Nk5KSnBPb1I5M2ZxOFFZRkhHOEhhSEd6WjhJbS9CV21KVEJua2R2aGJxczB2R3ZmbkdXRGhFT05wd2IKd2w4Z0kwMFpqTHhBRkZxY1d1MVZtNmJZYXUzVDlrSGdEcEplNUVrSFVFZ2cwWWlOTlZlUzJHdGFaeUpiWUcxZQo4Um9Zd3k0cFlvbzVlMW1sZDJHWE1EUWhkQk1oWGk5R1NsSC9GaWlqN24xTVZYTFpCSk9UL0lSdElQR1dIdmtXCmxVcEQ4UUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUTEhVYjlyQW5XVUptTjFsSUZQSWlHdkxQYQpvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTTFLbEwyL3BwU1pCTGpTd3NWZzhGYTlkWk05RDIzNDNJdzY3Ci9QN1JWKzRjSVJqSXlJZFZGMUgrbkl2bFl0cncrMkZDTHpQYWNYcTZUWi9IUktFVEZtb1FYRnhnVk5GRDZVZXAKTW1sd2FCK1BnUmFRWDZoZjJlRUNXaXBobXpLRitsQnRtNENpci9USlZwTitQQ1Jhc0VkVW9pVUVtUHVsRXYvUQp1bDg3Q3RUbVAzajkxRi94eWFrYmhSS2pPbUY0dFRlZ1E4ZUE2SkFYV0d6S09XMzdZR1BHc091ZXlzU3hzanp0CjdpRjczVGVKdmdtbUllWHkrMkdoTFdIQ0tHVGJUek1UZnpYV0J4ODBXbzVjdFNaWmYzT0NJWWRHM1ViY0lsdXMKR0JreXM4b0phSXFHSE93NUpCRE1PNzliajQrbU01MlJGNmtQbkJDL2duckUyQUdHM3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMUFEZUNQYXl6WldNa2lXUEM1dEZkcy96K0pqZ3Q2M1MxcTAvU0NlWE1sdDBkU1RhCmpvcHlTNG54VU9vVldiZjYzTXo0RDRHNENYM2F5bVNaS2tSZm1SeUhLTUU1Vk5ZellDVklGNUJtWnBKVVByejkKTm9lVGhwOVA5NXYzeEhaU0F6S28rKzJmdDV3MnV0YlhwZDd4NDZOSkpwT29SOTNmcThRWUZIRzhIYUhHelo4SQptL0JXbUpUQm5rZHZoYnFzMHZHdmZuR1dEaEVPTnB3YndsOGdJMDBaakx4QUZGcWNXdTFWbTZiWWF1M1Q5a0hnCkRwSmU1RWtIVUVnZzBZaU5OVmVTMkd0YVp5SmJZRzFlOFJvWXd5NHBZb281ZTFtbGQyR1hNRFFoZEJNaFhpOUcKU2xIL0ZpaWo3bjFNVlhMWkJKT1QvSVJ0SVBHV0h2a1dsVXBEOFFJREFRQUJBb0lCQUZsT0VEb29hY091WnF1OQp4SmM0RGpmeGU2MVNBUDkrNnB6aUdCRTJGRHZ6U0loOFFORGd3eXJNN2VtTzRmV01TZEd2U2lPR0dsZHRPN2djClRtVCtybUthSU5sckk5SjM5T1pnYmhEM0ZCdkxNay9IWHNjVXIzRjdOTDF5WnhuTVdkbmRBbEExbGgxTFljYXMKNytTQW1OYXlsd0w0R21CRHQ0L3NwOVFjNFFoOXRDQXdTMGUvb1k1cnl4QzFBb25zNUFIMmJGNGg3SGRMM0tvWApHMjRjTm9MY2d0K0J4M00wYSs2aGFoSmV6aGhVL2R5L1dRdjlJay9VRlJra3dBdkxvM3VPUVA1bzB0RVpXcXF1CkhUM3VRLzM4bTBwOGE1U21WR250RTNGWERQRlJGUi9aWXBjME1FMHRPYzZ0U3BmUHQzajRqUDBubjRGMStXdEQKTWhBSlNIMENnWUVBNHNzTTJ3Y1lKaUZhdTFCRzd4cXJkVGMrTWl4L3pWWWZtZHRhemtUcEsvRFF3ZmdRWVREbgpWbWRwNW5MRTdyeTRaMU90RGg3d0pKTVMySHRvRW9sTk9YMjVMKzNBaFgzRFUrU1lNeDJ2VU1jcUVzak1hUHFDCjFvM0dxa2JiNmozS2RZck9jWDhFUXVBWlhmc0RTSWxUOHNxcFdRcGFEZE9RcE15Y05WYzNjTDhDZ1lFQTcwNDUKd1d1dXN2UitGWUgrdW12bU9Ndm9VdmNROXJFcnZGcEJkdndiQnJsWHgvWFBNNE9kYXZXV1hQb3hxbWpUeExzcApnV000V0lVUUN6RjZGb2V5Kzc0T2ZmTmJtZG8renNVSkx5bnBPb3AyWUNUWk8vQ1NCNTFXNHN6UTlQaTErak9xCkdqdjVCK1RqV3o0cEdKWWp2eGpXZ2Nha1FDZEgzRHVTeFlYMngwOENnWUJaT0RRb2ZsUDd2Q2RyaFJ0Q3VTVTIKaWJNSUhnVnhEQzZHWW9zSWxvZDhaOUpZWEhSbEo4MzZhZGg1ZGpFUEVtTWhFd1FEaUJ4RTV5OEV4eGVjSXpPawpLRmVRQ1dJeG9kWVR6TndyVDhSR2JQT2FUREJPSkM4UXBObkE1dnRnM1VvbWo2TERkNHAvbkpXZUtUK1RhNk1BCjRzVllhQUFoYkZkODNabWVTbDlmRlFLQmdRQ3RURlQvQVdCT01FaHVndWxaVDNJMWgxVURYL0JrOWdEYU1mSmUKbkV0bUh5cTJvQWdoSWhzSnJqZnB0VFhxVm1lbGZIU2VRcUEzV29VMzFlaTRFQ1ZKc1dVRlNRcjQ2OWU0SFhCOQpPeml2TUQ1eGViM25ibHdTTDVzUU80ckhIS1dNUDRYYjRicUNRUHQweEJzMnR1UEVLOVNMdnJLTDB1WnpVcUVECmNmUTRlUUtCZ1FDV0xtUEJwUDVMVFA0YmxRVDFMMy9LQ0cweGxzL2pFL1JBVlE5VmY1UVVPeFlUaHBlZTUzdXAKUmwxOEVuSks1THpuNlF2TzRMeXRGdVNLeG5aRnYxY1pycUNKR0owcXhNc3VpTGVtbnYxb2NGMDdiWkYwV0pzWQowak9Ha0oweXZtUlFBVzhQUEhJeGdzN3Y3ekNzZHdTcmx3REEvYnNxa1BUVEJxNlpSUHhSUXc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/.helmignore b/packer/ansible/roles/helm_install/files/mongo-dsk/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/Chart.lock b/packer/ansible/roles/helm_install/files/mongo-dsk/Chart.lock new file mode 100644 index 0000000..b8814b6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.11.3 +digest: sha256:d5f850d857edd58b32c0e10652f6ec3ce5018def5542f2bcef38fd7fa0079d6b +generated: "2022-03-07T11:59:31.665943918Z" diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/Chart.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/Chart.yaml new file mode 100644 index 0000000..8bf0c80 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 4.4.13 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: MongoDB(R) is an open source NoSQL database that uses JSON for data storage. + MongoDB(TM) Sharded improves scalability and reliability for large datasets by distributing + data across multiple machines. +home: https://github.com/bitnami/charts/tree/master/bitnami/mongodb-sharded +icon: https://bitnami.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png +keywords: +- mongodb +- database +- nosql +- cluster +- replicaset +- replication +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: mongodb-sharded +sources: +- https://github.com/bitnami/bitnami-docker-mongodb-sharded +- https://mongodb.org +version: 4.0.10 diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/README.md b/packer/ansible/roles/helm_install/files/mongo-dsk/README.md new file mode 100644 index 0000000..37dbc29 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/README.md @@ -0,0 +1,548 @@ + + +# MongoDB(R) Sharded packaged by Bitnami + +MongoDB(R) is an open source NoSQL database that uses JSON for data storage. MongoDB(TM) Sharded improves scalability and reliability for large datasets by distributing data across multiple machines. + +[Overview of MongoDB® Sharded](http://www.mongodb.org) + +Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Bitnami. + +## TL;DR + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/mongodb-sharded +``` + +## Introduction + +This chart bootstraps a [MongoDB(®) Sharded](https://github.com/bitnami/bitnami-docker-mongodb-sharded) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Classified as a NoSQL database, MongoDB® eschews the traditional table-based relational database structure in favor of JSON-like documents with dynamic schemas, making the integration of data in certain types of applications easier and faster. + +This chart uses the [sharding method](https://docs.mongodb.com/manual/sharding/) for distributing data across multiple machines. This is meant for deployments with very large data sets and high throughput operations. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release bitnami/mongodb-sharded +``` + +The command deploys MongoDB® on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global storage class for dynamic provisioning | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### MongoDB(®) Sharded parameters + +| Name | Description | Value | +| ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `image.registry` | MongoDB(®) Sharded image registry | `docker.io` | +| `image.repository` | MongoDB(®) Sharded Image name | `bitnami/mongodb-sharded` | +| `image.tag` | MongoDB(®) Sharded image tag (immutable tags are recommended) | `4.4.11-debian-10-r6` | +| `image.pullPolicy` | MongoDB(®) Sharded image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `mongodbRootPassword` | MongoDB® root password | `""` | +| `replicaSetKey` | Replica Set key (shared for shards and config servers) | `""` | +| `existingSecret` | Existing secret with MongoDB® credentials | `""` | +| `usePasswordFile` | Mount credentials as files instead of using environment variables | `false` | +| `shards` | Number of shards to be created | `2` | +| `common.mongodbEnableNumactl` | Enable launch MongoDB instance prefixed with "numactl --interleave=all" | `false` | +| `common.useHostnames` | Enable DNS hostnames in the replica set config | `true` | +| `common.mongodbEnableIPv6` | Switch to enable/disable IPv6 on MongoDB® | `false` | +| `common.mongodbDirectoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB® | `false` | +| `common.mongodbSystemLogVerbosity` | MongoDB® system log verbosity level | `0` | +| `common.mongodbDisableSystemLog` | Whether to disable MongoDB® system log or not | `false` | +| `common.mongodbMaxWaitTimeout` | Maximum time (in seconds) for MongoDB® nodes to wait for another MongoDB® node to be ready | `120` | +| `common.initScriptsCM` | Configmap with init scripts to execute | `""` | +| `common.initScriptsSecret` | Secret with init scripts to execute (for sensitive data) | `""` | +| `common.extraEnvVars` | An array to add extra env vars | `[]` | +| `common.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `common.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `common.sidecars` | Add sidecars to the pod | `[]` | +| `common.initContainers` | Add init containers to the pod | `[]` | +| `common.podAnnotations` | Additional pod annotations | `{}` | +| `common.podLabels` | Additional pod labels | `{}` | +| `common.extraVolumes` | Array to add extra volumes | `[]` | +| `common.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `common.containerPorts.mongo` | MongoDB container port | `27017` | +| `common.serviceAccount.create` | Whether to create a Service Account for all pods automatically | `false` | +| `common.serviceAccount.name` | Name of a Service Account to be used by all Pods | `""` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r308` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | +| `volumePermissions.resources` | Init container resource requests/limit | `{}` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `securityContext.runAsNonRoot` | Run containers as non-root users | `true` | +| `service.name` | Specify an explicit service name | `""` | +| `service.annotations` | Additional service annotations (evaluate as a template) | `{}` | +| `service.type` | Service type | `ClusterIP` | +| `service.externalTrafficPolicy` | External traffic policy | `Cluster` | +| `service.port` | MongoDB® service port | `27017` | +| `service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types. | `""` | +| `service.externalIPs` | External IP list to use with ClusterIP service type | `[]` | +| `service.loadBalancerIP` | Static IP Address to use for LoadBalancer service type | `""` | +| `service.loadBalancerSourceRanges` | List of IP ranges allowed access to load balancer (if supported) | `[]` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | + + +### Config Server parameters + +| Name | Description | Value | +| ------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------- | +| `configsvr.replicas` | Number of nodes in the replica set (the first node will be primary) | `1` | +| `configsvr.resources` | Configure pod resources | `{}` | +| `configsvr.hostAliases` | Deployment pod host aliases | `[]` | +| `configsvr.mongodbExtraFlags` | MongoDB® additional command line flags | `[]` | +| `configsvr.priorityClassName` | Pod priority class name | `""` | +| `configsvr.podAffinityPreset` | Config Server Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `configsvr.podAntiAffinityPreset` | Config Server Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `configsvr.nodeAffinityPreset.type` | Config Server Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `configsvr.nodeAffinityPreset.key` | Config Server Node label key to match Ignored if `affinity` is set. | `""` | +| `configsvr.nodeAffinityPreset.values` | Config Server Node label values to match. Ignored if `affinity` is set. | `[]` | +| `configsvr.affinity` | Config Server Affinity for pod assignment | `{}` | +| `configsvr.nodeSelector` | Config Server Node labels for pod assignment | `{}` | +| `configsvr.tolerations` | Config Server Tolerations for pod assignment | `[]` | +| `configsvr.podManagementPolicy` | Statefulset's pod management policy, allows parallel startup of pods | `OrderedReady` | +| `configsvr.updateStrategy.type` | updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets | `RollingUpdate` | +| `configsvr.config` | MongoDB® configuration file | `""` | +| `configsvr.configCM` | ConfigMap name with Config Server configuration file (cannot be used with configsvr.config) | `""` | +| `configsvr.extraEnvVars` | An array to add extra env vars | `[]` | +| `configsvr.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `configsvr.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `configsvr.sidecars` | Add sidecars to the pod | `[]` | +| `configsvr.initContainers` | Add init containers to the pod | `[]` | +| `configsvr.podAnnotations` | Additional pod annotations | `{}` | +| `configsvr.podLabels` | Additional pod labels | `{}` | +| `configsvr.extraVolumes` | Array to add extra volumes. Requires setting `extraVolumeMounts` | `[]` | +| `configsvr.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes). Normally used with `extraVolumes` | `[]` | +| `configsvr.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `configsvr.pdb.enabled` | Enable pod disruption budget | `false` | +| `configsvr.pdb.minAvailable` | Minimum number of available config pods allowed (`0` to disable) | `0` | +| `configsvr.pdb.maxUnavailable` | Maximum number of unavailable config pods allowed (`0` to disable) | `1` | +| `configsvr.persistence.enabled` | Use a PVC to persist data | `true` | +| `configsvr.persistence.mountPath` | Path to mount the volume at | `/bitnami/mongodb` | +| `configsvr.persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `configsvr.persistence.storageClass` | Storage class of backing PVC | `""` | +| `configsvr.persistence.accessModes` | Use volume as ReadOnly or ReadWrite | `["ReadWriteOnce"]` | +| `configsvr.persistence.size` | PersistentVolumeClaim size | `8Gi` | +| `configsvr.persistence.annotations` | Persistent Volume annotations | `{}` | +| `configsvr.serviceAccount.create` | Specifies whether a ServiceAccount should be created for Config Server | `false` | +| `configsvr.serviceAccount.name` | Name of a Service Account to be used by Config Server | `""` | +| `configsvr.external.host` | Primary node of an external Config Server replicaset | `""` | +| `configsvr.external.rootPassword` | Root password of the external Config Server replicaset | `""` | +| `configsvr.external.replicasetName` | Replicaset name of an external Config Server | `""` | +| `configsvr.external.replicasetKey` | Replicaset key of an external Config Server | `""` | + + +### Mongos parameters + +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------------ | --------------- | +| `mongos.replicas` | Number of replicas | `1` | +| `mongos.resources` | Configure pod resources | `{}` | +| `mongos.hostAliases` | Deployment pod host aliases | `[]` | +| `mongos.mongodbExtraFlags` | MongoDB® additional command line flags | `[]` | +| `mongos.priorityClassName` | Pod priority class name | `""` | +| `mongos.podAffinityPreset` | Mongos Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `mongos.podAntiAffinityPreset` | Mongos Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `mongos.nodeAffinityPreset.type` | Mongos Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `mongos.nodeAffinityPreset.key` | Mongos Node label key to match Ignored if `affinity` is set. | `""` | +| `mongos.nodeAffinityPreset.values` | Mongos Node label values to match. Ignored if `affinity` is set. | `[]` | +| `mongos.affinity` | Mongos Affinity for pod assignment | `{}` | +| `mongos.nodeSelector` | Mongos Node labels for pod assignment | `{}` | +| `mongos.tolerations` | Mongos Tolerations for pod assignment | `[]` | +| `mongos.podManagementPolicy` | Statefulsets pod management policy, allows parallel startup of pods | `OrderedReady` | +| `mongos.updateStrategy.type` | updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets | `RollingUpdate` | +| `mongos.config` | MongoDB® configuration file | `""` | +| `mongos.configCM` | ConfigMap name with MongoDB® configuration file (cannot be used with mongos.config) | `""` | +| `mongos.extraEnvVars` | An array to add extra env vars | `[]` | +| `mongos.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `mongos.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `mongos.sidecars` | Add sidecars to the pod | `[]` | +| `mongos.initContainers` | Add init containers to the pod | `[]` | +| `mongos.podAnnotations` | Additional pod annotations | `{}` | +| `mongos.podLabels` | Additional pod labels | `{}` | +| `mongos.extraVolumes` | Array to add extra volumes. Requires setting `extraVolumeMounts` | `[]` | +| `mongos.extraVolumeMounts` | Array to add extra volume mounts. Normally used with `extraVolumes`. | `[]` | +| `mongos.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `mongos.useStatefulSet` | Use StatefulSet instead of Deployment | `false` | +| `mongos.servicePerReplica.enabled` | Create one service per mongos replica (must be used with statefulset) | `false` | +| `mongos.servicePerReplica.annotations` | Additional service annotations (evaluate as a template) | `{}` | +| `mongos.servicePerReplica.type` | Service type | `ClusterIP` | +| `mongos.servicePerReplica.externalTrafficPolicy` | External traffic policy | `Cluster` | +| `mongos.servicePerReplica.port` | MongoDB® service port | `27017` | +| `mongos.servicePerReplica.clusterIP` | Static clusterIP or None for headless services | `""` | +| `mongos.servicePerReplica.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types | `""` | +| `mongos.servicePerReplica.externalIPs` | External IP list to use with ClusterIP service type | `[]` | +| `mongos.servicePerReplica.loadBalancerIP` | Static IP Address to use for LoadBalancer service type | `""` | +| `mongos.servicePerReplica.loadBalancerSourceRanges` | List of IP ranges allowed access to load balancer (if supported) | `[]` | +| `mongos.servicePerReplica.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `mongos.servicePerReplica.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `mongos.pdb.enabled` | Enable pod disruption budget | `false` | +| `mongos.pdb.minAvailable` | Minimum number of available mongo pods allowed (`0` to disable) | `0` | +| `mongos.pdb.maxUnavailable` | Maximum number of unavailable mongo pods allowed (`0` to disable) | `1` | +| `mongos.serviceAccount.create` | Whether to create a Service Account for mongos automatically | `false` | +| `mongos.serviceAccount.name` | Name of a Service Account to be used by mongos | `""` | + + +### Shard configuration: Data node parameters + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------------------------------------------- | --------------- | +| `shardsvr.dataNode.replicas` | Number of nodes in each shard replica set (the first node will be primary) | `1` | +| `shardsvr.dataNode.resources` | Configure pod resources | `{}` | +| `shardsvr.dataNode.mongodbExtraFlags` | MongoDB® additional command line flags | `[]` | +| `shardsvr.dataNode.priorityClassName` | Pod priority class name | `""` | +| `shardsvr.dataNode.podAffinityPreset` | Data nodes Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `shardsvr.dataNode.podAntiAffinityPreset` | Data nodes Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `shardsvr.dataNode.nodeAffinityPreset.type` | Data nodes Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `shardsvr.dataNode.nodeAffinityPreset.key` | Data nodes Node label key to match Ignored if `affinity` is set. | `""` | +| `shardsvr.dataNode.nodeAffinityPreset.values` | Data nodes Node label values to match. Ignored if `affinity` is set. | `[]` | +| `shardsvr.dataNode.affinity` | Data nodes Affinity for pod assignment | `{}` | +| `shardsvr.dataNode.nodeSelector` | Data nodes Node labels for pod assignment | `{}` | +| `shardsvr.dataNode.tolerations` | Data nodes Tolerations for pod assignment | `[]` | +| `shardsvr.dataNode.podManagementPolicy` | podManagementPolicy for the statefulset, allows parallel startup of pods | `OrderedReady` | +| `shardsvr.dataNode.updateStrategy.type` | updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets | `RollingUpdate` | +| `shardsvr.dataNode.hostAliases` | Deployment pod host aliases | `[]` | +| `shardsvr.dataNode.config` | Entries for the MongoDB® config file | `""` | +| `shardsvr.dataNode.configCM` | ConfigMap name with MongoDB® configuration (cannot be used with shardsvr.dataNode.config) | `""` | +| `shardsvr.dataNode.extraEnvVars` | An array to add extra env vars | `[]` | +| `shardsvr.dataNode.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `shardsvr.dataNode.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `shardsvr.dataNode.sidecars` | Attach additional containers (evaluated as a template) | `[]` | +| `shardsvr.dataNode.initContainers` | Add init containers to the pod | `[]` | +| `shardsvr.dataNode.podAnnotations` | Additional pod annotations | `{}` | +| `shardsvr.dataNode.podLabels` | Additional pod labels | `{}` | +| `shardsvr.dataNode.extraVolumes` | Array to add extra volumes. Requires setting `extraVolumeMounts` | `[]` | +| `shardsvr.dataNode.extraVolumeMounts` | Array to add extra mounts. Normally used with `extraVolumes` | `[]` | +| `shardsvr.dataNode.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `shardsvr.dataNode.pdb.enabled` | Enable pod disruption budget | `false` | +| `shardsvr.dataNode.pdb.minAvailable` | Minimum number of available data pods allowed (`0` to disable) | `0` | +| `shardsvr.dataNode.pdb.maxUnavailable` | Maximum number of unavailable data pods allowed (`0` to disable) | `1` | +| `shardsvr.dataNode.serviceAccount.create` | Specifies whether a ServiceAccount should be created for shardsvr | `false` | +| `shardsvr.dataNode.serviceAccount.name` | Name of a Service Account to be used by shardsvr data pods | `""` | + + +### Shard configuration: Persistence parameters + +| Name | Description | Value | +| ----------------------------------- | ---------------------------------------------------------------------------------------- | ------------------- | +| `shardsvr.persistence.enabled` | Use a PVC to persist data | `true` | +| `shardsvr.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB® images. | `/bitnami/mongodb` | +| `shardsvr.persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `shardsvr.persistence.storageClass` | Storage class of backing PVC | `""` | +| `shardsvr.persistence.accessModes` | Use volume as ReadOnly or ReadWrite | `["ReadWriteOnce"]` | +| `shardsvr.persistence.size` | PersistentVolumeClaim size | `8Gi` | +| `shardsvr.persistence.annotations` | Additional volume annotations | `{}` | + + +### Shard configuration: Arbiter parameters + +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------- | --------------- | +| `shardsvr.arbiter.replicas` | Number of arbiters in each shard replica set (the first node will be primary) | `0` | +| `shardsvr.arbiter.hostAliases` | Deployment pod host aliases | `[]` | +| `shardsvr.arbiter.resources` | Configure pod resources | `{}` | +| `shardsvr.arbiter.mongodbExtraFlags` | MongoDB® additional command line flags | `[]` | +| `shardsvr.arbiter.priorityClassName` | Pod priority class name | `""` | +| `shardsvr.arbiter.podAffinityPreset` | Arbiter's Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `shardsvr.arbiter.podAntiAffinityPreset` | Arbiter's Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `shardsvr.arbiter.nodeAffinityPreset.type` | Arbiter's Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `shardsvr.arbiter.nodeAffinityPreset.key` | Arbiter's Node label key to match Ignored if `affinity` is set. | `""` | +| `shardsvr.arbiter.nodeAffinityPreset.values` | Arbiter's Node label values to match. Ignored if `affinity` is set. | `[]` | +| `shardsvr.arbiter.affinity` | Arbiter's Affinity for pod assignment | `{}` | +| `shardsvr.arbiter.nodeSelector` | Arbiter's Node labels for pod assignment | `{}` | +| `shardsvr.arbiter.tolerations` | Arbiter's Tolerations for pod assignment | `[]` | +| `shardsvr.arbiter.podManagementPolicy` | Statefulset's pod management policy, allows parallel startup of pods | `OrderedReady` | +| `shardsvr.arbiter.updateStrategy.type` | updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets | `RollingUpdate` | +| `shardsvr.arbiter.config` | MongoDB® configuration file | `""` | +| `shardsvr.arbiter.configCM` | ConfigMap name with MongoDB® configuration file (cannot be used with shardsvr.arbiter.config) | `""` | +| `shardsvr.arbiter.extraEnvVars` | An array to add extra env vars | `[]` | +| `shardsvr.arbiter.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `shardsvr.arbiter.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `shardsvr.arbiter.sidecars` | Add sidecars to the pod | `[]` | +| `shardsvr.arbiter.initContainers` | Add init containers to the pod | `[]` | +| `shardsvr.arbiter.podAnnotations` | Additional pod annotations | `{}` | +| `shardsvr.arbiter.podLabels` | Additional pod labels | `{}` | +| `shardsvr.arbiter.extraVolumes` | Array to add extra volumes | `[]` | +| `shardsvr.arbiter.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `shardsvr.arbiter.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `shardsvr.arbiter.serviceAccount.create` | Specifies whether a ServiceAccount should be created for shardsvr arbiter nodes | `false` | +| `shardsvr.arbiter.serviceAccount.name` | Name of a Service Account to be used by shardsvr arbiter pods | `""` | + + +### Metrics parameters + +| Name | Description | Value | +| -------------------------------------------- | ---------------------------------------------------------------------------------- | -------------------------- | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | MongoDB® exporter image registry | `docker.io` | +| `metrics.image.repository` | MongoDB® exporter image name | `bitnami/mongodb-exporter` | +| `metrics.image.tag` | MongoDB® exporter image tag | `0.30.0-debian-10-r53` | +| `metrics.image.pullPolicy` | MongoDB® exporter image pull policy | `Always` | +| `metrics.image.pullSecrets` | MongoDB® exporter image pull secrets | `[]` | +| `metrics.useTLS` | Whether to connect to MongoDB® with TLS | `false` | +| `metrics.extraArgs` | String with extra arguments to the metrics exporter | `""` | +| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `false` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `false` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | +| `metrics.podAnnotations` | Metrics exporter pod Annotation | `{}` | +| `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.podMonitor.namespace` | Namespace where podmonitor resource should be created | `monitoring` | +| `metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set shards=4,configsvr.replicas=3,shardsvr.dataNode.replicas=2 \ + bitnami/mongodb-sharded +``` + +The above command sets the number of shards to 4, the number of replicas for the config servers to 3 and number of replicas for data nodes to 2. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml bitnami/mongodb-sharded +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Change MongoDB® version + +To modify the MongoDB® version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/mongodb-sharded/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### Sharding + +This chart deploys a sharded cluster by default. Some characteristics of this chart are: + +- It allows HA by enabling replication on the shards and the config servers. The mongos instances can be scaled horizontally as well. +- The number of secondary and arbiter nodes can be scaled out independently. + +### Initialize a fresh instance + +The [Bitnami MongoDB®](https://github.com/bitnami/bitnami-docker-mongodb-sharded) image allows you to use your custom scripts to initialize a fresh instance. You can create a custom config map and give it via `initScriptsCM`(check options for more details). + +The allowed extensions are `.sh`, and `.js`. + +### Sidecars and Init Containers + +If you have a need for additional containers to run within the same pod as Kibana (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter (available in the `mongos`, `shardsvr.dataNode`, `shardsvr.arbiter`, `configsvr` and `common` sections). Simply define your container according to the Kubernetes container spec. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Similarly, you can add extra init containers using the `initContainers` parameter. + +```yaml +initContainers: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Adding extra environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` (available in the `mongos`, `shardsvr.dataNode`, `shardsvr.arbiter`, `configsvr` and `common` sections) property. + +```yaml +extraEnvVars: + - name: MONGODB_VERSION + value: 4.0 +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Using an external config server + +It is possible to not deploy any shards or a config server. For example, it is possible to simply deploy `mongos` instances that point to an external MongoDB® sharded database. If that is the case, set the `configsvr.external.host` and `configsvr.external.replicasetName` for the mongos instances to connect. For authentication, set the `configsvr.external.rootPassword` and `configsvr.external.replicasetKey` values. + +## Persistence + +The [Bitnami MongoDB®](https://github.com/bitnami/bitnami-docker-mongodb-sharded) image stores the MongoDB® data and configurations at the `/bitnami/mongodb` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. + +### Adjust permissions of persistent volume mountpoint + +As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. +As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. + +You can enable this initContainer by setting `volumePermissions.enabled` to `true`. + +### Adding extra volumes + +The Bitnami Kibana chart supports mounting extra volumes (either PVCs, secrets or configmaps) by using the `extraVolumes` and `extraVolumeMounts` properties (available in the `mongos`, `shardsvr.dataNode`, `shardsvr.arbiter`, `configsvr` and `common` sections). This can be combined with advanced operations like adding extra init containers and sidecars. + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +If authentication is enabled, it's necessary to set the `mongodbRootPassword` and `replicaSetKey` when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password, and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release bitnami/mongodb-sharded --set mongodbRootPassword=[PASSWORD] (--set replicaSetKey=[REPLICASETKEY]) +``` + +> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. + +### To 4.0.0 + +In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). +Please visit the release notes from the upstream project at https://github.com/percona/mongodb_exporter/releases + +### To 3.1.0 + +This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +### To 3.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +### To 2.0.0 + +MongoDB® container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB®. Refer to the following guide to upgrade your applications: + +- [Upgrade a Sharded Cluster to 4.4](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-sharded-cluster/) + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/.helmignore b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/Chart.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/Chart.yaml new file mode 100644 index 0000000..3f32f99 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.11.3 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 1.11.3 diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/README.md b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/README.md new file mode 100644 index 0000000..8dc47f0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/README.md @@ -0,0 +1,345 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_affinities.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..189ea40 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_capabilities.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..b94212b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_capabilities.tpl @@ -0,0 +1,128 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_errors.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_images.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_images.tpl new file mode 100644 index 0000000..42ffbc7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_ingress.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..8caf73a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_labels.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_names.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_names.tpl new file mode 100644 index 0000000..cf03231 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_names.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_secrets.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..a53fb44 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_secrets.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_storage.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_tplvalues.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_utils.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_warnings.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_cassandra.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..ded1ae3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_mariadb.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..b6906ff --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_mongodb.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..a071ea4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_postgresql.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..164ec0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_redis.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..5d72959 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_validations.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/values.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/values.yaml new file mode 100644 index 0000000..f2df68e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/override-values.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/override-values.yaml new file mode 100644 index 0000000..806d580 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/override-values.yaml @@ -0,0 +1,49 @@ +mongodbRootPassword: "mongo#pass" +configsvr: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + external: + rootPassword: "mongo#pass" +service: + type: NodePort + nodePort: "30112" +mongos: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid +shardsvr: + dataNode: + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/NOTES.txt new file mode 100644 index 0000000..6db3cef --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/NOTES.txt @@ -0,0 +1,74 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/mongodb-sharded/entrypoint.sh /opt/bitnami/scripts/mongodb-sharded/run.sh + +{{- else }} + +The MongoDB® Sharded cluster can be accessed via the Mongos instances in port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ include "mongodb-sharded.serviceName" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + +To get the root password run: + + export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 --decode) + +{{- if and .Values.mongodbUsername .Values.mongodbDatabase }} +{{- if .Values.mongodbPassword }} + +To get the password for "{{ .Values.mongodbUsername }}" run: + + export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.mongodb-password}" | base64 --decode) + +{{- end }} +{{- end }} + +To connect to your database run the following command: + + kubectl run --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mongodb-sharded.image" . }} --command -- mongo admin --host {{ include "mongodb-sharded.serviceName" . }} {{- if .Values.usePassword }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mongodb-sharded.serviceName" . }}) + mongo --host $NODE_IP --port $NODE_PORT --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "mongodb-sharded.serviceName" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mongodb-sharded.serviceName" . }} --include "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + mongo --host $SERVICE_IP --port {{ .Values.service.port }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb-sharded.serviceName" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & + mongo --host 127.0.0.1 --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD + +{{- end }} +{{- end }} + +{{- include "mongodb-sharded.validateValues" . -}} +{{- include "mongodb-sharded.checkRollingTags" . -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/_helpers.tpl new file mode 100644 index 0000000..679eaa9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/_helpers.tpl @@ -0,0 +1,266 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Returns a ServiceAccount name for specified path or falls back to `common.serviceAccount.name` +if `common.serviceAccount.create` is set to true. Falls back to Chart's fullname otherwise. +Usage: +{{ include "mongodb-sharded.serviceAccountName" (dict "value" .Values.path.to.serviceAccount "context" $) }} +*/}} +{{- define "mongodb-sharded.serviceAccountName" -}} +{{- if .value.create }} + {{- default (include "common.names.fullname" .context) .value.name | quote }} +{{- else if .context.Values.common.serviceAccount.create }} + {{- default (include "common.names.fullname" .context) .context.Values.common.serviceAccount.name | quote }} +{{- else -}} + {{- default "default" .value.name | quote }} +{{- end }} +{{- end }} + +{{/* +Renders a ServiceAccount for specified name. +Usage: +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.path.to.serviceAccount "context" $) }} +*/}} +{{- define "mongodb-sharded.serviceaccount" -}} +{{- if .value.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongodb-sharded.serviceAccountName" (dict "value" .value "context" .context) }} + labels: + {{- include "common.labels.standard" .context | nindent 4 }} +--- +{{ end -}} +{{- end -}} + +{{- define "mongodb-sharded.secret" -}} + {{- if .Values.existingSecret -}} + {{- .Values.existingSecret -}} + {{- else }} + {{- include "common.names.fullname" . -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.configServer.primaryHost" -}} + {{- if .Values.configsvr.external.host -}} + {{- .Values.configsvr.external.host }} + {{- else -}} + {{- printf "%s-configsvr-0.%s-headless.%s.svc.%s" (include "common.names.fullname" . ) (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain -}} + {{- end -}} +{{- end -}} + +{{- define "mongodb-sharded.configServer.rsName" -}} + {{- if .Values.configsvr.external.replicasetName -}} + {{- .Values.configsvr.external.replicasetName }} + {{- else }} + {{- printf "%s-configsvr" ( include "common.names.fullname" . ) -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.mongos.configCM" -}} + {{- if .Values.mongos.configCM -}} + {{- .Values.mongos.configCM -}} + {{- else }} + {{- printf "%s-mongos" (include "common.names.fullname" .) -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.shardsvr.dataNode.configCM" -}} + {{- if .Values.shardsvr.dataNode.configCM -}} + {{- .Values.shardsvr.dataNode.configCM -}} + {{- else }} + {{- printf "%s-shardsvr-data" (include "common.names.fullname" .) -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.shardsvr.arbiter.configCM" -}} + {{- if .Values.shardsvr.arbiter.configCM -}} + {{- .Values.shardsvr.arbiter.configCM -}} + {{- else }} + {{- printf "%s-shardsvr-arbiter" (include "common.names.fullname" .) -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.configsvr.configCM" -}} + {{- if .Values.configsvr.configCM -}} + {{- .Values.configsvr.configCM -}} + {{- else }} + {{- printf "%s-configsvr" (include "common.names.fullname" .) -}} + {{- end }} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "mongodb-sharded.initScriptsSecret" -}} + {{- printf "%s" (include "common.tplvalues.render" (dict "value" .Values.common.initScriptsSecret "context" $)) -}} +{{- end -}} + +{{/* +Get the initialization scripts configmap name. +*/}} +{{- define "mongodb-sharded.initScriptsCM" -}} + {{- printf "%s" (include "common.tplvalues.render" (dict "value" .Values.common.initScriptsCM "context" $)) -}} +{{- end -}} + +{{/* +Create the name for the admin secret. +*/}} +{{- define "mongodb-sharded.adminSecret" -}} + {{- if .Values.auth.existingAdminSecret -}} + {{- .Values.auth.existingAdminSecret -}} + {{- else -}} + {{- include "common.names.fullname" . -}}-admin + {{- end -}} +{{- end -}} + +{{/* +Create the name for the key secret. +*/}} +{{- define "mongodb-sharded.keySecret" -}} + {{- if .Values.auth.existingKeySecret -}} + {{- .Values.auth.existingKeySecret -}} + {{- else -}} + {{- include "common.names.fullname" . -}}-keyfile + {{- end -}} +{{- end -}} + +{{/* +Returns the proper Service name depending if an explicit service name is set +in the values file. If the name is not explicitly set it will take the "common.names.fullname" +*/}} +{{- define "mongodb-sharded.serviceName" -}} + {{- if .Values.service.name -}} + {{ .Values.service.name }} + {{- else -}} + {{ include "common.names.fullname" . }} + {{- end -}} +{{- end -}} + +{{/* +Return the proper MongoDB® image name +*/}} +{{- define "mongodb-sharded.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "mongodb-sharded.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mongodb-sharded.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mongodb-sharded.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mongodb-sharded.validateValues" -}} + {{- $messages := list -}} + {{- $messages := append $messages (include "mongodb-sharded.validateValues.mongodbCustomDatabase" .) -}} + {{- $messages := append $messages (include "mongodb-sharded.validateValues.externalCfgServer" .) -}} + {{- $messages := append $messages (include "mongodb-sharded.validateValues.replicas" .) -}} + {{- $messages := append $messages (include "mongodb-sharded.validateValues.config" .) -}} + {{- $messages := without $messages "" -}} + {{- $message := join "\n" $messages -}} + + {{- if $message -}} + {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} + {{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both mongodbUsername and mongodbDatabase are necessary +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb-sharded.validateValues.mongodbCustomDatabase" -}} +{{- if or (and .Values.mongodbUsername (not .Values.mongodbDatabase)) (and (not .Values.mongodbUsername) .Values.mongodbDatabase) }} +mongodb: mongodbUsername, mongodbDatabase + Both mongodbUsername and mongodbDatabase must be provided to create + a custom user and database during 1st initialization. + Please set both of them (--set mongodbUsername="xxxx",mongodbDatabase="yyyy") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - If using an external config server, then both the host and the replicaset name should be set. +*/}} +{{- define "mongodb-sharded.validateValues.externalCfgServer" -}} +{{- if and .Values.configsvr.external.replicasetName (not .Values.configsvr.external.host) -}} +mongodb: invalidExternalConfigServer + You specified a replica set name for the external config server but not a host. Set both configsvr.external.replicasetName and configsvr.external.host +{{- end -}} +{{- if and (not .Values.configsvr.external.replicasetName) .Values.configsvr.external.host -}} +mongodb: invalidExternalConfigServer + You specified a host for the external config server but not the replica set name. Set both configsvr.external.replicasetName and configsvr.external.host +{{- end -}} +{{- if and .Values.configsvr.external.host (not .Values.configsvr.external.rootPassword) -}} +mongodb: invalidExternalConfigServer + You specified a host for the external config server but not the root password. Set the configsvr.external.rootPassword value. +{{- end -}} +{{- if and .Values.configsvr.external.host (not .Values.configsvr.external.replicasetKey) -}} +mongodb: invalidExternalConfigServer + You specified a host for the external config server but not the replica set key. Set the configsvr.external.replicasetKey value. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - The number of shards must be positive, as well as the data node replicas +*/}} +{{- define "mongodb-sharded.validateValues.replicas" -}} +{{- if and (le (int .Values.shardsvr.dataNode.replicas) 0) (ge (int .Values.shards) 1) }} +mongodb: invalidShardSvrReplicas + You specified an invalid number of replicas per shard. Please set shardsvr.dataNode.replicas with a positive number or set the number of shards to 0. +{{- end -}} +{{- if lt (int .Values.shardsvr.arbiter.replicas) 0 }} +mongodb: invalidShardSvrArbiters + You specified an invalid number of arbiters per shard. Please set shardsvr.arbiter.replicas with a number greater or equal than 0 +{{- end -}} +{{- if and (le (int .Values.configsvr.replicas) 0) (not .Values.configsvr.external.host) }} +mongodb: invalidConfigSvrReplicas + You specified an invalid number of replicas per shard. Please set configsvr.replicas with a positive number or set the configsvr.external.host value to use + an external config server replicaset +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - Cannot use both .config and .configCM +*/}} +{{- define "mongodb-sharded.validateValues.config" -}} +{{- if and .Values.shardsvr.dataNode.configCM .Values.shardsvr.dataNode.config }} +mongodb: shardDataNodeConflictingConfig + You specified both shardsvr.dataNode.configCM and shardsvr.dataNode.config. You can only set one +{{- end -}} +{{- if and .Values.shardsvr.arbiter.configCM .Values.shardsvr.arbiter.config }} +mongodb: arbiterNodeConflictingConfig + You specified both shardsvr.arbiter.configCM and shardsvr.arbiter.config. You can only set one +{{- end -}} +{{- if and .Values.mongos.configCM .Values.mongos.config }} +mongodb: mongosNodeConflictingConfig + You specified both mongos.configCM and mongos.config. You can only set one +{{- end -}} +{{- if and .Values.configsvr.configCM .Values.configsvr.config }} +mongodb: configSvrNodeConflictingConfig + You specified both configsvr.configCM and configsvr.config. You can only set one +{{- end -}} +{{- end -}} + +{{/* Check if there are rolling tags in the images */}} +{{- define "mongodb-sharded.checkRollingTags" -}} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-configmap.yaml new file mode 100644 index 0000000..0073138 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-configmap.yaml @@ -0,0 +1,11 @@ +{{- if and (not .Values.configsvr.external.host) .Values.configsvr.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-configsvr + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: configsvr +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.config "context" $) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-poddisruptionbudget.yaml new file mode 100644 index 0000000..6138298 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if and (not .Values.configsvr.external.host) .Values.configsvr.pdb.enabled -}} +kind: PodDisruptionBudget +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }}-configsvr + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: configsvr +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: configsvr + {{- if .Values.configsvr.pdb.minAvailable }} + minAvailable: {{ .Values.configsvr.pdb.minAvailable | int }} + {{- end }} + {{- if .Values.configsvr.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.configsvr.pdb.maxUnavailable | int }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-podmonitor.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-podmonitor.yaml new file mode 100644 index 0000000..375c6e8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-podmonitor.yaml @@ -0,0 +1,32 @@ +{{- if and (not .Values.configsvr.external.host) (and .Values.metrics.enabled .Values.metrics.podMonitor.enabled) }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "common.names.fullname" . }}-configsvr + {{- if .Values.metrics.podMonitor.namespace }} + namespace: {{ .Values.metrics.podMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: configsvr + {{- if .Values.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: metrics + path: /metrics + {{- if .Values.metrics.podMonitor.interval }} + interval: {{ .Values.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: configsvr +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-statefulset.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-statefulset.yaml new file mode 100644 index 0000000..4d4458c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/config-server/config-server-statefulset.yaml @@ -0,0 +1,376 @@ +{{- if not .Values.configsvr.external.host }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }}-configsvr + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: configsvr +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: configsvr + serviceName: {{ include "common.names.fullname" . }}-headless + replicas: {{ .Values.configsvr.replicas }} + podManagementPolicy: {{ .Values.configsvr.podManagementPolicy }} + updateStrategy: {{- toYaml .Values.configsvr.updateStrategy | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: configsvr + {{- if .Values.configsvr.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or .Values.common.podAnnotations .Values.configsvr.podAnnotations .Values.metrics.enabled }} + annotations: + {{- if .Values.common.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if .Values.common.schedulerName }} + schedulerName: {{ .Values.common.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ include "mongodb-sharded.serviceAccountName" (dict "value" .Values.configsvr.serviceAccount "context" $) }} + {{- if .Values.configsvr.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.configsvr.podAffinityPreset "component" "configsvr" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.configsvr.podAntiAffinityPreset "component" "configsvr" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.configsvr.nodeAffinityPreset.type "key" .Values.configsvr.nodeAffinityPreset.key "values" .Values.configsvr.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.configsvr.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.priorityClassName }} + priorityClassName: {{ .Values.configsvr.priorityClassName | quote }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- include "mongodb-sharded.imagePullSecrets" . | nindent 6 }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.configsvr.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb-sharded.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "{{ .Values.configsvr.persistence.mountPath }}"] + securityContext: + runAsUser: 0 + resources: {{ toYaml .Values.volumePermissions.resources | nindent 12 }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.configsvr.persistence.mountPath }} + {{- end }} + {{- with .Values.configsvr.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with .Values.common.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb-sharded.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + ports: + - containerPort: {{ .Values.common.containerPorts.mongo }} + name: mongodb + env: + - name: MONGODB_ENABLE_NUMACTL + value: {{ ternary "yes" "no" .Values.common.mongodbEnableNumactl | quote }} + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.common.mongodbSystemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + {{- if .Values.mongodbDisableSystemLog }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_MAX_TIMEOUT + value: {{ .Values.common.mongodbMaxWaitTimeout | quote }} + - name: MONGODB_SHARDING_MODE + value: "configsvr" + - name: MONGODB_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MONGODB_PORT_NUMBER + value: {{ .Values.common.containerPorts.mongo | quote }} + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ include "mongodb-sharded.configServer.primaryHost" . }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ printf "%s-configsvr" ( include "common.names.fullname" . ) }} + {{- if .Values.common.useHostnames }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MONGODB_POD_NAME).{{ include "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- if .Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + - name: MONGODB_REPLICA_SET_KEY_FILE + value: "/bitnami/mongodb/secrets/mongodb-replica-set-key" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-replica-set-key + {{- end }} + - name: MONGODB_ENABLE_IPV6 + {{- if .Values.common.mongodbEnableIPv6 }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if .Values.common.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + {{- if .Values.configsvr.mongodbExtraFlags }} + - name: MONGODB_EXTRA_FLAGS + value: {{ .Values.configsvr.mongodbExtraFlags | join " " | quote }} + {{- end }} + {{- if .Values.common.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.configsvr.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or .Values.common.extraEnvVarsCM .Values.common.extraEnvVarsSecret .Values.configsvr.extraEnvVarsCM .Values.configsvr.extraEnvVarsSecret }} + envFrom: + {{- if .Values.common.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.common.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- if .Values.configsvr.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.configsvr.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - /entrypoint/replicaset-entrypoint.sh + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - pgrep + - mongod + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - mongo + - --disableImplicitSessions + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- end }} + volumeMounts: + - name: replicaset-entrypoint-configmap + mountPath: /entrypoint + - name: datadir + mountPath: {{ .Values.configsvr.persistence.mountPath }} + {{- if or .Values.configsvr.config .Values.configsvr.configCM }} + - name: config + mountPath: /bitnami/mongodb/conf/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + {{- if .Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + mountPath: /docker-entrypoint-initdb.d/cm + {{- end }} + {{- if .Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if .Values.common.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.configsvr.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.configsvr.resources | nindent 12 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "mongodb-sharded.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + {{- if .Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-root-password + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - sh + - -ec + - |- + #!/bin/sh + {{- if .Values.usePasswordFile }} + export MONGODB_ROOT_PASSWORD="$(cat "${MONGODB_ROOT_PASSWORD_FILE}")" + {{- end }} + /bin/mongodb_exporter --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri mongodb://root:`echo $MONGODB_ROOT_PASSWORD | sed -r "s/@/%40/g;s/:/%3A/g"`@localhost:{{ .Values.service.port }}/admin{{ ternary "?ssl=true" "" $.Values.metrics.useTLS }} {{ .Values.metrics.extraArgs }} + {{- end }} + {{- if .Values.usePasswordFile }} + volumeMounts: + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + resources: {{ toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- with .Values.configsvr.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with .Values.common.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + volumes: + - name: replicaset-entrypoint-configmap + configMap: + name: {{ include "common.names.fullname" . }}-replicaset-entrypoint + {{- if .Values.usePasswordFile }} + - name: secrets + secret: + secretName: {{ include "mongodb-sharded.secret" . }} + {{- end }} + {{- if or .Values.configsvr.config .Values.configsvr.configCM }} + - name: config + configMap: + name: {{ include "mongodb-sharded.configsvr.configCM" . }} + {{- end }} + {{- if .Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + configMap: + name: {{ include "mongodb-sharded.initScriptsCM" . }} + defaultMode: 0755 + {{- end }} + {{- if .Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ include "mongodb-sharded.initScriptsSecret" . }} + defaultMode: 0755 + {{- end }} + {{- if .Values.common.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: datadir + annotations: + {{- range $key, $value := .Values.configsvr.persistence.annotations }} + {{ $key }}: "{{ $value }}" + {{- end }} + spec: + accessModes: + {{- range .Values.configsvr.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.configsvr.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.configsvr.persistence "global" .Values.global) | nindent 8 }} + {{- else }} + - name: datadir + emptyDir: {} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/extra-list.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/headless-service.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/headless-service.yaml new file mode 100644 index 0000000..6f9c7d8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/headless-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-headless + labels: {{- include "common.labels.standard" . | nindent 4 }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: mongodb + port: {{ .Values.service.port }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-configmap.yaml new file mode 100644 index 0000000..8fb01a5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-configmap.yaml @@ -0,0 +1,11 @@ +{{- if .Values.mongos.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-mongos + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.mongos.config "context" $) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-dep-sts.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-dep-sts.yaml new file mode 100644 index 0000000..1b89fde --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-dep-sts.yaml @@ -0,0 +1,319 @@ +apiVersion: {{ if .Values.mongos.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} +kind: {{ if .Values.mongos.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} +metadata: + name: {{ include "common.names.fullname" . }}-mongos + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos +spec: + {{- if .Values.mongos.useStatefulSet }} + serviceName: {{ include "mongodb-sharded.serviceName" . }} + podManagementPolicy: {{ .Values.mongos.podManagementPolicy }} + updateStrategy: + {{- else }} + strategy: + {{- end }} + {{- toYaml .Values.mongos.updateStrategy | nindent 4 }} + replicas: {{ .Values.mongos.replicas }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongos + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongos + {{- if .Values.mongos.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.mongos.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or .Values.common.podAnnotations .Values.mongos.podAnnotations .Values.metrics.enabled }} + annotations: + {{- if .Values.common.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.mongos.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.mongos.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if .Values.common.schedulerName }} + schedulerName: {{ .Values.common.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ include "mongodb-sharded.serviceAccountName" (dict "value" $.Values.mongos.serviceAccount "context" $) }} + {{- if .Values.mongos.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.mongos.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.mongos.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.mongos.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.mongos.podAffinityPreset "component" "mongos" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.mongos.podAntiAffinityPreset "component" "mongos" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.mongos.nodeAffinityPreset.type "key" .Values.mongos.nodeAffinityPreset.key "values" .Values.mongos.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.mongos.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.mongos.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.mongos.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.mongos.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.mongos.priorityClassName }} + priorityClassName: {{ .Values.mongos.priorityClassName | quote }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- include "mongodb-sharded.imagePullSecrets" . | nindent 6 }} + {{- if or $.Values.mongos.initContainers $.Values.common.initContainers }} + initContainers: + {{- with $.Values.mongos.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: mongos + image: {{ include "mongodb-sharded.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: MONGODB_ENABLE_NUMACTL + value: {{ ternary "yes" "no" $.Values.common.mongodbEnableNumactl | quote }} + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MONGODB_SHARDING_MODE + value: "mongos" + - name: MONGODB_MAX_TIMEOUT + value: {{ .Values.common.mongodbMaxWaitTimeout | quote }} + {{- if .Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + - name: MONGODB_REPLICA_SET_KEY_FILE + value: "/bitnami/mongodb/secrets/mongodb-replica-set-key" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-replica-set-key + {{- end }} + - name: MONGODB_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- if .Values.common.useHostnames }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MONGODB_POD_NAME)" + {{- end }} + - name: MONGODB_PORT_NUMBER + value: {{ $.Values.common.containerPorts.mongo | quote }} + - name: MONGODB_CFG_PRIMARY_HOST + value: {{ include "mongodb-sharded.configServer.primaryHost" . }} + - name: MONGODB_CFG_REPLICA_SET_NAME + value: {{ include "mongodb-sharded.configServer.rsName" . }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.common.mongodbSystemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + {{- if .Values.mongodbDisableSystemLog }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_IPV6 + {{- if .Values.common.mongodbEnableIPv6 }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if .Values.common.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + {{- if .Values.mongos.mongodbExtraFlags }} + - name: MONGODB_EXTRA_FLAGS + value: {{ .Values.mongos.mongodbExtraFlags | join " " | quote }} + {{- end }} + {{- if .Values.common.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.mongos.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.mongos.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or .Values.common.extraEnvVarsCM .Values.common.extraEnvVarsSecret .Values.mongos.extraEnvVarsCM .Values.mongos.extraEnvVarsSecret }} + envFrom: + {{- if .Values.common.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.common.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- if .Values.configsvr.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.mongos.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.mongos.extraEnvVarsSecret }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.mongos.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ $.Values.common.containerPorts.mongo }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - mongo + - --disableImplicitSessions + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - mongo + - --disableImplicitSessions + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + {{- if or .Values.mongos.config .Values.mongos.configCM }} + - name: config + mountPath: /bitnami/mongodb/conf/ + {{- end }} + {{- if $.Values.common.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.mongos.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.mongos.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.mongos.resources | nindent 12 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "mongodb-sharded.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + {{- if .Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-root-password + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - sh + - -ec + - |- + #!/bin/sh + {{- if .Values.usePasswordFile }} + export MONGODB_ROOT_PASSWORD="$(cat "${MONGODB_ROOT_PASSWORD_FILE}")" + {{- end }} + /bin/mongodb_exporter --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri mongodb://root:`echo $MONGODB_ROOT_PASSWORD | sed -r "s/@/%40/g;s/:/%3A/g"`@localhost:{{ .Values.service.port }}/admin{{ ternary "?ssl=true" "" $.Values.metrics.useTLS }} {{ .Values.metrics.extraArgs }} + {{- end }} + {{- if .Values.usePasswordFile }} + volumeMounts: + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- with $.Values.mongos.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: secrets + secret: + secretName: {{ include "mongodb-sharded.secret" . }} + {{- end }} + {{- if or .Values.mongos.config .Values.mongos.configCM }} + - name: config + configMap: + name: {{ include "mongodb-sharded.mongos.configCM" . }} + {{- end }} + {{- if $.Values.common.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.mongos.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.mongos.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-poddisruptionbudget.yaml new file mode 100644 index 0000000..e7d30fe --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if .Values.mongos.pdb.enabled -}} +kind: PodDisruptionBudget +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }}-mongos + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongos + {{- if .Values.mongos.pdb.minAvailable }} + minAvailable: {{ .Values.mongos.pdb.minAvailable | int }} + {{- end }} + {{- if .Values.mongos.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.mongos.pdb.maxUnavailable | int }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-podmonitor.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-podmonitor.yaml new file mode 100644 index 0000000..8b1bc19 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-podmonitor.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "common.names.fullname" . }}-mongos + {{- if .Values.metrics.podMonitor.namespace }} + namespace: {{ .Values.metrics.podMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos + {{- if .Values.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: metrics + path: /metrics + {{- if .Values.metrics.podMonitor.interval }} + interval: {{ .Values.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongos +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-service-per-replica.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-service-per-replica.yaml new file mode 100644 index 0000000..6364892 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-service-per-replica.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.mongos.useStatefulSet .Values.mongos.servicePerReplica.enabled }} +{{- range $i := until (.Values.mongos.replicas | int) }} +{{- $context := deepCopy $ | merge (dict "index" $i) }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb-sharded.serviceName" $ }}-{{ $i }} + labels: {{ include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongos + annotations: {{- include "common.tplvalues.render" (dict "value" $.Values.mongos.servicePerReplica.annotations "context" $context) | nindent 4 }} +spec: + type: {{ $.Values.mongos.servicePerReplica.type }} + {{- if and $.Values.mongos.servicePerReplica.loadBalancerIP (eq $.Values.mongos.servicePerReplica.type "LoadBalancer") }} + loadBalancerIP: {{ $.Values.mongos.servicePerReplica.loadBalancerIP }} + {{- end }} + {{- if and (eq $.Values.mongos.servicePerReplica.type "LoadBalancer") $.Values.mongos.servicePerReplica.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ with $.Values.mongos.servicePerReplica.loadBalancerSourceRanges }} + {{ include "common.tplvalues.render" . | nindent 4 }} + {{- end }} + {{- end }} + {{- if and (eq $.Values.mongos.servicePerReplica.type "ClusterIP") $.Values.mongos.servicePerReplica.clusterIP }} + clusterIP: {{ $.Values.mongos.servicePerReplica.clusterIP }} + {{- end }} + ports: + - name: mongodb + port: {{ $.Values.mongos.servicePerReplica.port }} + targetPort: mongodb + {{- if $.Values.mongos.servicePerReplica.nodePort }} + nodePort: {{ $.Values.mongos.servicePerReplica.nodePort }} + {{- else if eq $.Values.mongos.servicePerReplica.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if $.Values.metrics.enabled }} + - name: metrics + port: 9216 + targetPort: metrics + {{- end }} + {{- if $.Values.mongos.servicePerReplica.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.mongos.servicePerReplica.extraPorts "context" $context) | nindent 4 }} + {{- end }} + selector: {{ include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongos + statefulset.kubernetes.io/pod-name: {{ include "common.names.fullname" $ }}-mongos-{{ $i }} + sessionAffinity: {{ default "None" $.Values.mongos.servicePerReplica.sessionAffinity }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-service.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-service.yaml new file mode 100644 index 0000000..4666378 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/mongos/mongos-service.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb-sharded.serviceName" . }} + labels: {{ include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ with .Values.service.loadBalancerSourceRanges }} +{{ toYaml . | indent 4 }} + {{- end }} + {{- end }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + ports: + - name: mongodb + port: {{ .Values.service.port }} + targetPort: mongodb + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: 9216 + targetPort: metrics + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongos + sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/replicaset-entrypoint-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/replicaset-entrypoint-configmap.yaml new file mode 100644 index 0000000..7df7c0e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/replicaset-entrypoint-configmap.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-replicaset-entrypoint + labels: {{- include "common.labels.standard" . | nindent 4 }} +data: + replicaset-entrypoint.sh: |- + #!/bin/bash + + sleep 5 + + . /liblog.sh + + # Perform adaptations depending on the host name + if [[ $HOSTNAME =~ (.*)-0$ ]]; then + info "Setting node as primary" + export MONGODB_REPLICA_SET_MODE=primary + else + info "Setting node as secondary" + export MONGODB_REPLICA_SET_MODE=secondary + {{- if .Values.usePasswordFile }} + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD_FILE="$MONGODB_ROOT_PASSWORD_FILE" + unset MONGODB_ROOT_PASSWORD_FILE + {{- else }} + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + unset MONGODB_ROOT_PASSWORD + {{- end }} + fi + + exec /entrypoint.sh /run.sh diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/secrets.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/secrets.yaml new file mode 100644 index 0000000..f7839ae --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/secrets.yaml @@ -0,0 +1,30 @@ +{{- if not .Values.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} +type: Opaque +data: + {{- if .Values.configsvr.external.rootPassword }} + mongodb-root-password: {{ .Values.configsvr.external.rootPassword | b64enc | quote }} + {{- else if .Values.mongodbRootPassword }} + mongodb-root-password: {{ .Values.mongodbRootPassword | b64enc | quote }} + {{- else }} + mongodb-root-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} + {{- if and .Values.mongodbUsername .Values.mongodbDatabase }} + {{- if .Values.mongodbPassword }} + mongodb-password: {{ .Values.mongodbPassword | b64enc | quote }} + {{- else }} + mongodb-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} + {{- end }} + {{- if .Values.configsvr.external.replicasetKey }} + mongodb-replica-set-key: {{ .Values.configsvr.external.replicasetKey | b64enc | quote }} + {{- else if .Values.replicaSetKey }} + mongodb-replica-set-key: {{ .Values.replicaSetKey | b64enc | quote }} + {{- else }} + mongodb-replica-set-key: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/serviceaccount.yaml new file mode 100644 index 0000000..676c09a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.common.serviceAccount "context" $) }} +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.mongos.serviceAccount "context" $) }} +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.configsvr.serviceAccount "context" $) }} +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.shardsvr.arbiter.serviceAccount "context" $) }} +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.shardsvr.dataNode.serviceAccount "context" $) }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-arbiter-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-arbiter-configmap.yaml new file mode 100644 index 0000000..ef84cb5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-arbiter-configmap.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.shards .Values.shardsvr.arbiter.replicas .Values.shardsvr.arbiter.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-shardsvr-arbiter + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: shardsvr-arbiter +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.shardsvr.arbiter.config "context" $) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-arbiter-statefulset.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-arbiter-statefulset.yaml new file mode 100644 index 0000000..c48dfe0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-arbiter-statefulset.yaml @@ -0,0 +1,337 @@ +{{- if and .Values.shards .Values.shardsvr.arbiter.replicas }} +{{- $replicas := $.Values.shards | int }} +{{- range $i, $e := until $replicas }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ printf "%s-shard%d-arbiter" (include "common.names.fullname" $ ) $i }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: shardsvr-arbiter +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: shardsvr-arbiter + podManagementPolicy: {{ $.Values.shardsvr.arbiter.podManagementPolicy }} + updateStrategy: {{- toYaml $.Values.shardsvr.arbiter.updateStrategy | nindent 4 }} + serviceName: {{ include "common.names.fullname" $ }}-headless + replicas: {{ $.Values.shardsvr.arbiter.replicas }} + template: + metadata: + labels: {{- include "common.labels.standard" $ | nindent 8 }} + app.kubernetes.io/component: shardsvr-arbiter + {{- if $.Values.shardsvr.arbiter.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.podLabels "context" $ ) | nindent 8 }} + {{- end }} + shard: {{ $i | quote }} + {{- if or $.Values.common.podAnnotations $.Values.shardsvr.arbiter.podAnnotations $.Values.metrics.enabled }} + annotations: + {{- if $.Values.common.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.metrics.enabled }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + serviceAccountName: {{ include "mongodb-sharded.serviceAccountName" (dict "value" $.Values.shardsvr.arbiter.serviceAccount "context" $) }} + {{- if $.Values.common.schedulerName }} + schedulerName: {{ $.Values.common.schedulerName | quote }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.arbiter.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.arbiter.affinity "context" (set $ "arbiterLoopId" $i)) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.shardsvr.arbiter.podAffinityPreset "component" "shardsvr-arbiter" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.shardsvr.arbiter.podAntiAffinityPreset "component" "shardsvr-arbiter" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.shardsvr.arbiter.nodeAffinityPreset.type "key" $.Values.shardsvr.arbiter.nodeAffinityPreset.key "values" $.Values.shardsvr.arbiter.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.arbiter.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.arbiter.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.priorityClassName }} + priorityClassName: {{ $.Values.shardsvr.arbiter.priorityClassName | quote }} + {{- end }} + {{- if $.Values.securityContext.enabled }} + securityContext: + fsGroup: {{ $.Values.securityContext.fsGroup }} + {{- end }} + {{- include "mongodb-sharded.imagePullSecrets" $ | nindent 6 }} + {{- if or $.Values.shardsvr.arbiter.initContainers $.Values.common.initContainers }} + initContainers: + {{- with $.Values.shardsvr.arbiter.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: {{ include "common.names.fullname" $ }}-arbiter + image: {{ include "mongodb-sharded.image" $ }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- if $.Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ $.Values.securityContext.runAsNonRoot }} + runAsUser: {{ $.Values.securityContext.runAsUser }} + {{- end }} + ports: + - containerPort: {{ $.Values.common.containerPorts.mongo }} + name: mongodb + env: + - name: MONGODB_ENABLE_NUMACTL + value: {{ ternary "yes" "no" $.Values.common.mongodbEnableNumactl | quote }} + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ $.Values.common.mongodbSystemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + {{- if $.Values.common.mongodbDisableSystemLog }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MONGODB_MAX_TIMEOUT + value: {{ $.Values.common.mongodbMaxWaitTimeout | quote }} + - name: MONGODB_SHARDING_MODE + value: "shardsvr" + - name: MONGODB_REPLICA_SET_MODE + value: "arbiter" + - name: MONGODB_PORT_NUMBER + value: {{ $.Values.common.containerPorts.mongo | quote }} + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-shard%d-data-0.%s-headless.%s.svc.%s" (include "common.names.fullname" $ ) $i (include "common.names.fullname" $ ) $.Release.Namespace $.Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ printf "%s-shard-%d" ( include "common.names.fullname" $ ) $i }} + {{- if $.Values.common.useHostnames }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MONGODB_POD_NAME).{{ include "common.names.fullname" $ }}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}" + {{- end }} + - name: MONGODB_ENABLE_IPV6 + {{- if $.Values.common.mongodbEnableIPv6 }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if $.Values.common.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + - name: MONGODB_REPLICA_SET_KEY_FILE + value: "/bitnami/mongodb/secrets/mongodb-replica-set-key" + {{- else }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-replica-set-key + {{- end }} + {{- if $.Values.shardsvr.arbiter.mongodbExtraFlags }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $.Values.shardsvr.arbiter.mongodbExtraFlags | join " " | quote }} + {{- end }} + {{- if $.Values.common.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or $.Values.common.extraEnvVarsCM $.Values.common.extraEnvVarsSecret $.Values.shardsvr.arbiter.extraEnvVarsCM $.Values.shardsvr.arbiter.extraEnvVarsSecret }} + envFrom: + {{- if $.Values.common.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if $.Values.common.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraEnvVarsSecret }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: mongodb + initialDelaySeconds: {{ $.Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ $.Values.livenessProbe.successThreshold }} + failureThreshold: {{ $.Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if $.Values.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: mongodb + initialDelaySeconds: {{ $.Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ $.Values.readinessProbe.successThreshold }} + failureThreshold: {{ $.Values.readinessProbe.failureThreshold }} + {{- end }} + {{- end }} + volumeMounts: + {{- if or $.Values.shardsvr.arbiter.config $.Values.shardsvr.arbiter.configCM }} + - name: config + mountPath: /bitnami/mongodb/conf/ + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + {{- if $.Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + mountPath: /docker-entrypoint-initdb.d/cm + {{- end }} + {{- if $.Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if $.Values.common.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + resources: {{- toYaml $.Values.shardsvr.arbiter.resources | nindent 12 }} + {{- if $.Values.metrics.enabled }} + - name: metrics + image: {{ include "mongodb-sharded.metrics.image" $ }} + imagePullPolicy: {{ $.Values.metrics.image.pullPolicy | quote }} + {{- if $.Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ $.Values.securityContext.runAsNonRoot }} + runAsUser: {{ $.Values.securityContext.runAsUser }} + {{- end }} + env: + {{- if $.Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-root-password + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - sh + - -ec + - |- + #!/bin/sh + {{- if $.Values.usePasswordFile }} + export MONGODB_ROOT_PASSWORD="$(cat "${MONGODB_ROOT_PASSWORD_FILE}")" + {{- end }} + /bin/mongodb_exporter --web.listen-address ":{{ $.Values.metrics.containerPort }}" --mongodb.uri mongodb://root:`echo $MONGODB_ROOT_PASSWORD | sed -r "s/@/%40/g;s/:/%3A/g"`@localhost:{{ $.Values.service.port }}/admin{{ ternary "?ssl=true" "" $.Values.metrics.useTLS }} {{ $.Values.metrics.extraArgs }} + {{- end }} + {{- if $.Values.usePasswordFile }} + volumeMounts: + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + ports: + - name: metrics + containerPort: {{ $.Values.metrics.containerPort }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ $.Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.metrics.livenessProbe.timeoutSeconds }} + failureThreshold: {{ $.Values.metrics.livenessProbe.failureThreshold }} + successThreshold: {{ $.Values.metrics.livenessProbe.successThreshold }} + {{- end }} + {{- if $.Values.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ $.Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.metrics.readinessProbe.timeoutSeconds }} + failureThreshold: {{ $.Values.metrics.readinessProbe.failureThreshold }} + successThreshold: {{ $.Values.metrics.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + resources: {{ toYaml $.Values.metrics.resources | nindent 12 }} + {{- end }} + {{- with $.Values.shardsvr.arbiter.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if or $.Values.shardsvr.arbiter.config $.Values.shardsvr.arbiter.configCM }} + - name: config + configMap: + name: {{ include "mongodb-sharded.shardsvr.arbiter.configCM" $ }} + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: secrets + secret: + secretName: {{ include "mongodb-sharded.secret" $ }} + {{- end }} + {{- if $.Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + configMap: + name: {{ include "mongodb-sharded.initScriptsCM" $ }} + defaultMode: 0755 + {{- end }} + {{- if $.Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ include "mongodb-sharded.initScriptsSecret" $ }} + defaultMode: 0755 + {{- end }} + {{- if $.Values.common.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} +{{- if lt $i (sub $replicas 1) }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-configmap.yaml new file mode 100644 index 0000000..95ac001 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-configmap.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.shards .Values.shardsvr.dataNode.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-shardsvr-data + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: shardsvr +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.shardsvr.dataNode.config "context" $) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-poddisruptionbudget.yaml new file mode 100644 index 0000000..3cd357e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-poddisruptionbudget.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.shards .Values.shardsvr.dataNode.pdb.enabled -}} +{{- $replicas := .Values.shards | int -}} +{{- range $i, $e := until $replicas -}} +kind: PodDisruptionBudget +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +metadata: + name: {{ printf "%s-shard%d-data" (include "common.names.fullname" $ ) $i }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: shardsvr +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: shardsvr + shard: {{ $i | quote }} + {{- if $.Values.shardsvr.dataNode.pdb.minAvailable }} + minAvailable: {{ $.Values.shardsvr.dataNode.pdb.minAvailable | int }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.pdb.maxUnavailable }} + maxUnavailable: {{ $.Values.shardsvr.dataNode.pdb.maxUnavailable | int }} + {{- end }} +--- +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-podmonitor.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-podmonitor.yaml new file mode 100644 index 0000000..3c689fc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-podmonitor.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.shards .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} +{{- $replicas := .Values.shards | int }} +{{- range $i, $e := until $replicas }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ printf "%s-shard%d-data" (include "common.names.fullname" $ ) $i }} + {{- if $.Values.metrics.podMonitor.namespace }} + namespace: {{ $.Values.metrics.podMonitor.namespace }} + {{- else }} + namespace: {{ $.Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: shardsvr + {{- if $.Values.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" $.Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: metrics + path: /metrics + {{- if $.Values.metrics.podMonitor.interval }} + interval: {{ $.Values.metrics.podMonitor.interval }} + {{- end }} + {{- if $.Values.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ $.Values.metrics.podMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ $.Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: shardsvr +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-statefulset.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-statefulset.yaml new file mode 100644 index 0000000..f1f04d2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/templates/shard/shard-data-statefulset.yaml @@ -0,0 +1,387 @@ +{{- if .Values.shards }} +{{- $replicas := .Values.shards | int }} +{{- range $i, $e := until $replicas }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ printf "%s-shard%d-data" (include "common.names.fullname" $ ) $i }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: shardsvr +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: shardsvr + podManagementPolicy: {{ $.Values.shardsvr.dataNode.podManagementPolicy }} + updateStrategy: {{- toYaml $.Values.shardsvr.dataNode.updateStrategy | nindent 4 }} + serviceName: {{ include "common.names.fullname" $ }}-headless + replicas: {{ $.Values.shardsvr.dataNode.replicas }} + template: + metadata: + labels: {{- include "common.labels.standard" $ | nindent 8 }} + app.kubernetes.io/component: shardsvr + {{- if $.Values.shardsvr.dataNode.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.podLabels "context" $ ) | nindent 8 }} + {{- end }} + shard: {{ $i | quote }} + {{- if or $.Values.common.podAnnotations $.Values.shardsvr.dataNode.podAnnotations $.Values.metrics.enabled }} + annotations: + {{- if $.Values.common.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.metrics.enabled }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if $.Values.common.schedulerName }} + schedulerName: {{ $.Values.common.schedulerName | quote }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.dataNode.affinity "context" (set $ "dataNodeLoopId" $i)) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.shardsvr.dataNode.podAffinityPreset "component" "shardsvr" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.shardsvr.dataNode.podAntiAffinityPreset "component" "shardsvr" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.shardsvr.dataNode.nodeAffinityPreset.type "key" $.Values.shardsvr.dataNode.nodeAffinityPreset.key "values" $.Values.shardsvr.dataNode.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.dataNode.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.dataNode.nodeSelector "context" (set $ "dataNodeLoopId" $i)) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.dataNode.tolerations "context" (set $ "dataNodeLoopId" $i)) | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "mongodb-sharded.serviceAccountName" (dict "value" $.Values.shardsvr.dataNode.serviceAccount "context" $) }} + {{- if $.Values.shardsvr.dataNode.priorityClassName }} + priorityClassName: {{ $.Values.shardsvr.dataNode.priorityClassName | quote }} + {{- end }} + {{- if $.Values.securityContext.enabled }} + securityContext: + fsGroup: {{ $.Values.securityContext.fsGroup }} + {{- end }} + {{- include "mongodb-sharded.imagePullSecrets" $ | nindent 6 }} + initContainers: + {{- if and $.Values.volumePermissions.enabled $.Values.shardsvr.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb-sharded.volumePermissions.image" $ }} + imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} + command: ["chown", "-R", "{{ $.Values.securityContext.runAsUser }}:{{ $.Values.securityContext.fsGroup }}", "{{ $.Values.shardsvr.persistence.mountPath }}"] + securityContext: + runAsUser: 0 + resources: {{ toYaml $.Values.volumePermissions.resources | nindent 12 }} + volumeMounts: + - name: datadir + mountPath: {{ $.Values.shardsvr.persistence.mountPath }} + {{- end }} + {{- with $.Values.shardsvr.dataNode.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb-sharded.image" $ }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- if $.Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ $.Values.securityContext.runAsNonRoot }} + runAsUser: {{ $.Values.securityContext.runAsUser }} + {{- end }} + ports: + - containerPort: {{ $.Values.common.containerPorts.mongo }} + name: mongodb + env: + - name: MONGODB_ENABLE_NUMACTL + value: {{ ternary "yes" "no" $.Values.common.mongodbEnableNumactl | quote }} + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ $.Values.common.mongodbSystemLogVerbosity | quote }} + - name: MONGODB_MAX_TIMEOUT + value: {{ $.Values.common.mongodbMaxWaitTimeout | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + {{- if $.Values.mongodbDisableSystemLog }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_PORT_NUMBER + value: {{ $.Values.common.containerPorts.mongo | quote }} + - name: MONGODB_SHARDING_MODE + value: "shardsvr" + - name: MONGODB_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MONGODB_MONGOS_HOST + value: {{ include "mongodb-sharded.serviceName" $ }} + - name: MONGODB_MONGOS_PORT_NUMBER + value: {{ $.Values.service.port | quote }} + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-shard%d-data-0.%s-headless.%s.svc.%s" (include "common.names.fullname" $ ) $i (include "common.names.fullname" $ ) $.Release.Namespace $.Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ printf "%s-shard-%d" ( include "common.names.fullname" $ ) $i }} + {{- if $.Values.common.useHostnames }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MONGODB_POD_NAME).{{ include "common.names.fullname" $ }}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}" + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + - name: MONGODB_REPLICA_SET_KEY_FILE + value: "/bitnami/mongodb/secrets/mongodb-replica-set-key" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-replica-set-key + {{- end }} + - name: MONGODB_ENABLE_IPV6 + {{- if $.Values.common.mongodbEnableIPv6 }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if $.Values.common.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + {{- if $.Values.shardsvr.dataNode.mongodbExtraFlags }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $.Values.shardsvr.dataNode.mongodbExtraFlags | join " " | quote }} + {{- end }} + {{- if $.Values.common.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or $.Values.common.extraEnvVarsCM $.Values.common.extraEnvVarsSecret $.Values.shardsvr.dataNode.extraEnvVarsCM $.Values.shardsvr.dataNode.extraEnvVarsSecret }} + envFrom: + {{- if $.Values.common.extraEnvVarsCM }} + - configMapRef: + name: {{ include "mongodb-sharded.tplValue" ( dict "value" $.Values.common.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if $.Values.common.extraEnvVarsSecret }} + - secretRef: + name: {{ include "mongodb-sharded.tplValue" ( dict "value" $.Values.common.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraEnvVarsCM }} + - configMapRef: + name: {{ include "mongodb-sharded.tplValue" ( dict "value" $.Values.shardsvr.dataNode.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraEnvVarsSecret }} + - secretRef: + name: {{ include "mongodb-sharded.tplValue" ( dict "value" $.Values.shardsvr.dataNode.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - /entrypoint/replicaset-entrypoint.sh + {{- end }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - pgrep + - mongod + initialDelaySeconds: {{ $.Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ $.Values.livenessProbe.successThreshold }} + failureThreshold: {{ $.Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if $.Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - mongo + - --disableImplicitSessions + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ $.Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ $.Values.readinessProbe.successThreshold }} + failureThreshold: {{ $.Values.readinessProbe.failureThreshold }} + {{- end }} + {{- end }} + volumeMounts: + - name: replicaset-entrypoint-configmap + mountPath: /entrypoint + - name: datadir + mountPath: {{ $.Values.shardsvr.persistence.mountPath }} + {{- if or $.Values.shardsvr.dataNode.config $.Values.shardsvr.dataNode.configCM }} + - name: config + mountPath: /bitnami/mongodb/conf/ + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + {{- if $.Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + mountPath: /docker-entrypoint-initdb.d/cm + {{- end }} + {{- if $.Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if $.Values.common.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + resources: {{- toYaml $.Values.shardsvr.dataNode.resources | nindent 12 }} + {{- if $.Values.metrics.enabled }} + - name: metrics + image: {{ include "mongodb-sharded.metrics.image" $ }} + imagePullPolicy: {{ $.Values.metrics.image.pullPolicy | quote }} + {{- if $.Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ $.Values.securityContext.runAsNonRoot }} + runAsUser: {{ $.Values.securityContext.runAsUser }} + {{- end }} + env: + {{- if $.Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-root-password + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - sh + - -ec + - |- + #!/bin/sh + {{- if $.Values.usePasswordFile }} + export MONGODB_ROOT_PASSWORD="$(cat "${MONGODB_ROOT_PASSWORD_FILE}")" + {{- end }} + /bin/mongodb_exporter --web.listen-address ":{{ $.Values.metrics.containerPort }}" --mongodb.uri mongodb://root:`echo $MONGODB_ROOT_PASSWORD | sed -r "s/@/%40/g;s/:/%3A/g"`@localhost:{{ $.Values.service.port }}/admin{{ ternary "?ssl=true" "" $.Values.metrics.useTLS }} {{ $.Values.metrics.extraArgs }} + {{- end }} + {{- if $.Values.usePasswordFile }} + volumeMounts: + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + ports: + - name: metrics + containerPort: {{ $.Values.metrics.containerPort }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ $.Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.metrics.livenessProbe.timeoutSeconds }} + failureThreshold: {{ $.Values.metrics.livenessProbe.failureThreshold }} + successThreshold: {{ $.Values.metrics.livenessProbe.successThreshold }} + {{- end }} + {{- if $.Values.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ $.Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.metrics.readinessProbe.timeoutSeconds }} + failureThreshold: {{ $.Values.metrics.readinessProbe.failureThreshold }} + successThreshold: {{ $.Values.metrics.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + resources: {{ toYaml $.Values.metrics.resources | nindent 12 }} + {{- end }} + {{- with $.Values.shardsvr.dataNode.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + volumes: + - name: replicaset-entrypoint-configmap + configMap: + name: {{ include "common.names.fullname" $ }}-replicaset-entrypoint + {{- if $.Values.usePasswordFile }} + - name: secrets + secret: + secretName: {{ include "mongodb-sharded.secret" $ }} + {{- end }} + {{- if $.Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + configMap: + name: {{ include "mongodb-sharded.initScriptsCM" $ }} + defaultMode: 0755 + {{- end }} + {{- if $.Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ include "mongodb-sharded.initScriptsSecret" $ }} + defaultMode: 0755 + {{- end }} + {{- if or $.Values.shardsvr.dataNode.config $.Values.shardsvr.dataNode.configCM }} + - name: config + configMap: + name: {{ include "mongodb-sharded.shardsvr.dataNode.configCM" $ }} + {{- end }} + {{- if $.Values.common.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: datadir + annotations: + {{- range $key, $value := $.Values.shardsvr.persistence.annotations }} + {{ $key }}: "{{ $value }}" + {{- end }} + spec: + accessModes: + {{- range $.Values.shardsvr.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ $.Values.shardsvr.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" $.Values.shardsvr.persistence "global" $.Values.global) | nindent 8 }} + {{- else }} + - name: datadir + emptyDir: {} + {{- end }} +{{- if lt $i (sub $replicas 1) }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-dsk/values.yaml b/packer/ansible/roles/helm_install/files/mongo-dsk/values.yaml new file mode 100644 index 0000000..caf1b40 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-dsk/values.yaml @@ -0,0 +1,1217 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global storage class for dynamic provisioning +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters +## + +## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override mongodb.fullname template +## +fullnameOverride: "" +## @param clusterDomain Kubernetes Cluster Domain +## ref: https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#introduction +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section MongoDB(®) Sharded parameters +## + +## Bitnami MongoDB(®) Sharded image version +## ref: https://hub.docker.com/r/bitnami/mongodb-sharded/tags/ +## @param image.registry MongoDB(®) Sharded image registry +## @param image.repository MongoDB(®) Sharded Image name +## @param image.tag MongoDB(®) Sharded image tag (immutable tags are recommended) +## @param image.pullPolicy MongoDB(®) Sharded image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: bitnami/mongodb-sharded + tag: 4.4.13-debian-10-r5 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## MongoDB® credentials +## @param mongodbRootPassword MongoDB® root password +## If set to null it will be randomly generated +## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run +## e.g: +## mongodbRootPassword: password +## +mongodbRootPassword: "" +## @param replicaSetKey Replica Set key (shared for shards and config servers) +## e.g: +## replicaSetKey: testkey123 +## +replicaSetKey: "" +## @param existingSecret Existing secret with MongoDB® credentials +## e.g: +## existingSecret: name-of-existing-secret +## +existingSecret: "" +## @param usePasswordFile Mount credentials as files instead of using environment variables +## +usePasswordFile: false +## @param shards Number of shards to be created +## ref: https://docs.mongodb.com/manual/core/sharded-cluster-shards/ +## +shards: 2 +## Properties for all of the pods in the cluster (shards, config servers and mongos) +## +common: + ## @param common.mongodbEnableNumactl Enable launch MongoDB instance prefixed with "numactl --interleave=all" + ## ref: https://docs.mongodb.com/manual/administration/production-notes/#mongodb-and-numa-hardware + ## + mongodbEnableNumactl: false + ## @param common.useHostnames Enable DNS hostnames in the replica set config + ## + useHostnames: true + ## @param common.mongodbEnableIPv6 Switch to enable/disable IPv6 on MongoDB® + ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-ipv6 + ## + mongodbEnableIPv6: false + ## @param common.mongodbDirectoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB® + ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-directoryperdb + ## + mongodbDirectoryPerDB: false + ## @param common.mongodbSystemLogVerbosity MongoDB® system log verbosity level + ## ref: https://docs.mongodb.com/manual/reference/program/mongo/#cmdoption-mongo-ipv6 + ## + mongodbSystemLogVerbosity: 0 + ## @param common.mongodbDisableSystemLog Whether to disable MongoDB® system log or not + ## ref: https://github.com/bitnami/bitnami-docker-mongodb#configuring-system-log-verbosity-level + ## + mongodbDisableSystemLog: false + ## @param common.mongodbMaxWaitTimeout Maximum time (in seconds) for MongoDB® nodes to wait for another MongoDB® node to be ready + ## + mongodbMaxWaitTimeout: 120 + ## @param common.initScriptsCM Configmap with init scripts to execute + ## + initScriptsCM: "" + ## @param common.initScriptsSecret Secret with init scripts to execute (for sensitive data) + ## + initScriptsSecret: "" + ## @param common.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param common.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param common.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param common.sidecars Add sidecars to the pod + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param common.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param common.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param common.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param common.extraVolumes Array to add extra volumes + ## + extraVolumes: [] + ## @param common.extraVolumeMounts Array to add extra mounts (normally used with extraVolumes) + ## + extraVolumeMounts: [] + ## @param common.containerPorts.mongo MongoDB container port + ## + containerPorts: + mongo: 27017 + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param common.serviceAccount.create Whether to create a Service Account for all pods automatically + ## + create: false + ## @param common.serviceAccount.name Name of a Service Account to be used by all Pods + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image name + ## @param volumePermissions.image.tag Init container volume-permissions image tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r358 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param volumePermissions.resources Init container resource requests/limit + ## + resources: {} +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## @param securityContext.enabled Enable security context +## @param securityContext.fsGroup Group ID for the container +## @param securityContext.runAsUser User ID for the container +## @param securityContext.runAsNonRoot Run containers as non-root users +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + runAsNonRoot: true +## Kubernetes service type +## ref: https://kubernetes.io/docs/concepts/services-networking/service/ +## +service: + ## @param service.name Specify an explicit service name + ## + name: "" + ## @param service.annotations Additional service annotations (evaluate as a template) + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + ## @param service.type Service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ## + type: ClusterIP + ## @param service.externalTrafficPolicy External traffic policy + ## Enable client source IP preservation + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ## + externalTrafficPolicy: Cluster + ## @param service.port MongoDB® service port + ## + port: 27017 + ## @param service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#servicespec-v1-core + ## + clusterIP: "" + ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## @param service.externalIPs External IP list to use with ClusterIP service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param service.loadBalancerIP Static IP Address to use for LoadBalancer service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges List of IP ranges allowed access to load balancer (if supported) + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + loadBalancerSourceRanges: [] + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same mongos Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None +## Configure extra options for liveness probes +## This applies to all the MongoDB® in the sharded cluster +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Configure extra options for readiness probe +## This applies to all the MongoDB® in the sharded cluster +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## @section Config Server parameters +## + +## Config Server replica set properties +## ref: https://docs.mongodb.com/manual/core/sharded-cluster-config-servers/ +## +configsvr: + ## @param configsvr.replicas Number of nodes in the replica set (the first node will be primary) + ## + replicas: 1 + ## @param configsvr.resources Configure pod resources + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param configsvr.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param configsvr.mongodbExtraFlags MongoDB® additional command line flags + ## Can be used to specify command line flags, for example: + ## mongodbExtraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + mongodbExtraFlags: [] + ## @param configsvr.priorityClassName Pod priority class name + ## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param configsvr.podAffinityPreset Config Server Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param configsvr.podAntiAffinityPreset Config Server Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param configsvr.nodeAffinityPreset.type Config Server Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param configsvr.nodeAffinityPreset.key Config Server Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param configsvr.nodeAffinityPreset.values Config Server Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param configsvr.affinity Config Server Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: configsvr.podAffinityPreset, configsvr.podAntiAffinityPreset, and configsvr.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param configsvr.nodeSelector Config Server Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param configsvr.tolerations Config Server Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param configsvr.podManagementPolicy Statefulset's pod management policy, allows parallel startup of pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param configsvr.updateStrategy.type updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param configsvr.config MongoDB® configuration file + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + config: "" + ## @param configsvr.configCM ConfigMap name with Config Server configuration file (cannot be used with configsvr.config) + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configCM: "" + ## @param configsvr.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param configsvr.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param configsvr.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param configsvr.sidecars Add sidecars to the pod + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param configsvr.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param configsvr.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param configsvr.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param configsvr.extraVolumes Array to add extra volumes. Requires setting `extraVolumeMounts` + ## + extraVolumes: [] + ## @param configsvr.extraVolumeMounts Array to add extra mounts (normally used with extraVolumes). Normally used with `extraVolumes` + ## + extraVolumeMounts: [] + ## @param configsvr.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## Pod disruption budget + ## + pdb: + ## @param configsvr.pdb.enabled Enable pod disruption budget + ## + enabled: false + ## @param configsvr.pdb.minAvailable Minimum number of available config pods allowed (`0` to disable) + ## + minAvailable: 0 + ## @param configsvr.pdb.maxUnavailable Maximum number of unavailable config pods allowed (`0` to disable) + ## + maxUnavailable: 1 + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param configsvr.persistence.enabled Use a PVC to persist data + ## + enabled: true + ## @param configsvr.persistence.mountPath Path to mount the volume at + ## MongoDB® images. + ## + mountPath: /bitnami/mongodb + ## @param configsvr.persistence.subPath Subdirectory of the volume to mount at + ## Useful in dev environments and one PV for multiple services. + ## + subPath: "" + ## @param configsvr.persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param configsvr.persistence.accessModes Use volume as ReadOnly or ReadWrite + ## + accessModes: + - ReadWriteOnce + ## @param configsvr.persistence.size PersistentVolumeClaim size + ## + size: 8Gi + ## @param configsvr.persistence.annotations Persistent Volume annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param configsvr.serviceAccount.create Specifies whether a ServiceAccount should be created for Config Server + ## + create: false + ## @param configsvr.serviceAccount.name Name of a Service Account to be used by Config Server + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + ## Use a external config server instead of deploying one + ## + external: + ## @param configsvr.external.host Primary node of an external Config Server replicaset + ## + host: "" + ## @param configsvr.external.rootPassword Root password of the external Config Server replicaset + ## + rootPassword: "" + ## @param configsvr.external.replicasetName Replicaset name of an external Config Server + ## + replicasetName: "" + ## @param configsvr.external.replicasetKey Replicaset key of an external Config Server + ## + replicasetKey: "" + +## @section Mongos parameters +## + +## Mongos properties +## ref: https://docs.mongodb.com/manual/reference/program/mongos/#bin.mongos +## +mongos: + ## @param mongos.replicas Number of replicas + ## + replicas: 1 + ## @param mongos.resources Configure pod resources + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param mongos.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param mongos.mongodbExtraFlags MongoDB® additional command line flags + ## Can be used to specify command line flags, for example: + ## mongodbExtraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + mongodbExtraFlags: [] + ## @param mongos.priorityClassName Pod priority class name + ## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param mongos.podAffinityPreset Mongos Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param mongos.podAntiAffinityPreset Mongos Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param mongos.nodeAffinityPreset.type Mongos Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param mongos.nodeAffinityPreset.key Mongos Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param mongos.nodeAffinityPreset.values Mongos Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param mongos.affinity Mongos Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: mongos.podAffinityPreset, mongos.podAntiAffinityPreset, and mongos.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param mongos.nodeSelector Mongos Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param mongos.tolerations Mongos Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param mongos.podManagementPolicy Statefulsets pod management policy, allows parallel startup of pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param mongos.updateStrategy.type updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param mongos.config MongoDB® configuration file + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + config: "" + ## @param mongos.configCM ConfigMap name with MongoDB® configuration file (cannot be used with mongos.config) + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configCM: "" + ## @param mongos.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param mongos.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param mongos.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param mongos.sidecars Add sidecars to the pod + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param mongos.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param mongos.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param mongos.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param mongos.extraVolumes Array to add extra volumes. Requires setting `extraVolumeMounts` + ## + extraVolumes: [] + ## @param mongos.extraVolumeMounts Array to add extra volume mounts. Normally used with `extraVolumes`. + ## + extraVolumeMounts: [] + ## @param mongos.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param mongos.useStatefulSet Use StatefulSet instead of Deployment + ## + useStatefulSet: false + ## When using a statefulset, you can enable one service per replica + ## This is useful when exposing the mongos through load balancers to make sure clients + ## connect to the same mongos and therefore can follow their cursors + ## + servicePerReplica: + ## @param mongos.servicePerReplica.enabled Create one service per mongos replica (must be used with statefulset) + ## + enabled: false + ## @param mongos.servicePerReplica.annotations Additional service annotations (evaluate as a template) + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + ## @param mongos.servicePerReplica.type Service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ## + type: ClusterIP + ## @param mongos.servicePerReplica.externalTrafficPolicy External traffic policy + ## Enable client source IP preservation + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ## + externalTrafficPolicy: Cluster + ## @param mongos.servicePerReplica.port MongoDB® service port + ## + port: 27017 + ## @param mongos.servicePerReplica.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#servicespec-v1-core + ## + clusterIP: "" + ## @param mongos.servicePerReplica.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## @param mongos.servicePerReplica.externalIPs External IP list to use with ClusterIP service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param mongos.servicePerReplica.loadBalancerIP Static IP Address to use for LoadBalancer service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param mongos.servicePerReplica.loadBalancerSourceRanges List of IP ranges allowed access to load balancer (if supported) + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + loadBalancerSourceRanges: [] + ## @param mongos.servicePerReplica.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param mongos.servicePerReplica.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same mongos Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## Pod disruption budget + ## + pdb: + ## @param mongos.pdb.enabled Enable pod disruption budget + ## + enabled: false + ## @param mongos.pdb.minAvailable Minimum number of available mongo pods allowed (`0` to disable) + ## + minAvailable: 0 + ## @param mongos.pdb.maxUnavailable Maximum number of unavailable mongo pods allowed (`0` to disable) + ## + maxUnavailable: 1 + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param mongos.serviceAccount.create Whether to create a Service Account for mongos automatically + ## + create: false + ## @param mongos.serviceAccount.name Name of a Service Account to be used by mongos + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + +## @section Shard configuration: Data node parameters +## + +## Shard replica set properties +## ref: https://docs.mongodb.com/manual/replication/index.html +## +shardsvr: + ## Properties for data nodes (primary and secondary) + ## + dataNode: + ## @param shardsvr.dataNode.replicas Number of nodes in each shard replica set (the first node will be primary) + ## + replicas: 1 + ## @param shardsvr.dataNode.resources Configure pod resources + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param shardsvr.dataNode.mongodbExtraFlags MongoDB® additional command line flags + ## Can be used to specify command line flags, for example: + ## mongodbExtraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + mongodbExtraFlags: [] + ## @param shardsvr.dataNode.priorityClassName Pod priority class name + ## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param shardsvr.dataNode.podAffinityPreset Data nodes Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param shardsvr.dataNode.podAntiAffinityPreset Data nodes Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param shardsvr.dataNode.nodeAffinityPreset.type Data nodes Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param shardsvr.dataNode.nodeAffinityPreset.key Data nodes Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param shardsvr.dataNode.nodeAffinityPreset.values Data nodes Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param shardsvr.dataNode.affinity Data nodes Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## You can set dataNodeLoopId (or any other parameter) by setting the below code block under this 'affinity' section: + ## affinity: + ## matchLabels: + ## shard: "{{ .dataNodeLoopId }}" + ## + ## Note: shardsvr.dataNode.podAffinityPreset, shardsvr.dataNode.podAntiAffinityPreset, and shardsvr.dataNode.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param shardsvr.dataNode.nodeSelector Data nodes Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## You can set dataNodeLoopId (or any other parameter) by setting the below code block under this 'nodeSelector' section: + ## nodeSelector: { shardId: "{{ .dataNodeLoopId }}" } + ## + nodeSelector: {} + ## @param shardsvr.dataNode.tolerations Data nodes Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## You can set dataNodeLoopId (or any other parameter) by setting the below code block under this 'nodeSelector' section: + ## tolerations: + ## - key: "shardId" + ## operator: "Equal" + ## value: "{{ .dataNodeLoopId }}" + ## effect: "NoSchedule" + ## + tolerations: [] + ## @param shardsvr.dataNode.podManagementPolicy podManagementPolicy for the statefulset, allows parallel startup of pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param shardsvr.dataNode.updateStrategy.type updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param shardsvr.dataNode.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param shardsvr.dataNode.config Entries for the MongoDB® config file + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + config: "" + ## @param shardsvr.dataNode.configCM ConfigMap name with MongoDB® configuration (cannot be used with shardsvr.dataNode.config) + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configCM: "" + ## @param shardsvr.dataNode.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param shardsvr.dataNode.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param shardsvr.dataNode.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param shardsvr.dataNode.sidecars Attach additional containers (evaluated as a template) + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param shardsvr.dataNode.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param shardsvr.dataNode.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param shardsvr.dataNode.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param shardsvr.dataNode.extraVolumes Array to add extra volumes. Requires setting `extraVolumeMounts` + ## + extraVolumes: [] + ## @param shardsvr.dataNode.extraVolumeMounts Array to add extra mounts. Normally used with `extraVolumes` + ## + extraVolumeMounts: [] + ## @param shardsvr.dataNode.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## Pod disruption budget + ## + pdb: + ## @param shardsvr.dataNode.pdb.enabled Enable pod disruption budget + ## + enabled: false + ## @param shardsvr.dataNode.pdb.minAvailable Minimum number of available data pods allowed (`0` to disable) + ## + minAvailable: 0 + ## @param shardsvr.dataNode.pdb.maxUnavailable Maximum number of unavailable data pods allowed (`0` to disable) + ## + maxUnavailable: 1 + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param shardsvr.dataNode.serviceAccount.create Specifies whether a ServiceAccount should be created for shardsvr + ## + create: false + ## @param shardsvr.dataNode.serviceAccount.name Name of a Service Account to be used by shardsvr data pods + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + + ## @section Shard configuration: Persistence parameters + ## + + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param shardsvr.persistence.enabled Use a PVC to persist data + ## + enabled: true + ## @param shardsvr.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB® images. + ## + mountPath: /bitnami/mongodb + ## @param shardsvr.persistence.subPath Subdirectory of the volume to mount at + ## Useful in development environments and one PV for multiple services. + ## + subPath: "" + ## @param shardsvr.persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param shardsvr.persistence.accessModes Use volume as ReadOnly or ReadWrite + ## + accessModes: + - ReadWriteOnce + ## @param shardsvr.persistence.size PersistentVolumeClaim size + ## + size: 8Gi + ## @param shardsvr.persistence.annotations Additional volume annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + + ## @section Shard configuration: Arbiter parameters + ## + + ## Properties for arbiter nodes + ## ref: https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ + ## + arbiter: + ## @param shardsvr.arbiter.replicas Number of arbiters in each shard replica set (the first node will be primary) + ## + replicas: 0 + ## @param shardsvr.arbiter.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param shardsvr.arbiter.resources Configure pod resources + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param shardsvr.arbiter.mongodbExtraFlags MongoDB® additional command line flags + ## Can be used to specify command line flags, for example: + ## mongodbExtraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + mongodbExtraFlags: [] + ## @param shardsvr.arbiter.priorityClassName Pod priority class name + ## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param shardsvr.arbiter.podAffinityPreset Arbiter's Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param shardsvr.arbiter.podAntiAffinityPreset Arbiter's Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param shardsvr.arbiter.nodeAffinityPreset.type Arbiter's Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param shardsvr.arbiter.nodeAffinityPreset.key Arbiter's Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param shardsvr.arbiter.nodeAffinityPreset.values Arbiter's Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param shardsvr.arbiter.affinity Arbiter's Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## You can set arbiterLoopId (or any other parameter) by setting the below code block under this 'affinity' section: + ## affinity: + ## matchLabels: + ## shard: "{{ .arbiterLoopId }}" + ## + ## Note: shardsvr.arbiter.podAffinityPreset, shardsvr.arbiter.podAntiAffinityPreset, and shardsvr.arbiter.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param shardsvr.arbiter.nodeSelector Arbiter's Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param shardsvr.arbiter.tolerations Arbiter's Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param shardsvr.arbiter.podManagementPolicy Statefulset's pod management policy, allows parallel startup of pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param shardsvr.arbiter.updateStrategy.type updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param shardsvr.arbiter.config MongoDB® configuration file + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + config: "" + ## @param shardsvr.arbiter.configCM ConfigMap name with MongoDB® configuration file (cannot be used with shardsvr.arbiter.config) + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configCM: "" + ## @param shardsvr.arbiter.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param shardsvr.arbiter.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param shardsvr.arbiter.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param shardsvr.arbiter.sidecars Add sidecars to the pod + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param shardsvr.arbiter.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param shardsvr.arbiter.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param shardsvr.arbiter.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param shardsvr.arbiter.extraVolumes Array to add extra volumes + ## + extraVolumes: [] + ## @param shardsvr.arbiter.extraVolumeMounts Array to add extra mounts (normally used with extraVolumes) + ## + extraVolumeMounts: [] + ## @param shardsvr.arbiter.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param shardsvr.arbiter.serviceAccount.create Specifies whether a ServiceAccount should be created for shardsvr arbiter nodes + ## + create: false + ## @param shardsvr.arbiter.serviceAccount.name Name of a Service Account to be used by shardsvr arbiter pods + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + +## @section Metrics parameters +## + +metrics: + ## @param metrics.enabled Start a side-car prometheus exporter + ## + enabled: false + ## @param metrics.image.registry MongoDB® exporter image registry + ## @param metrics.image.repository MongoDB® exporter image name + ## @param metrics.image.tag MongoDB® exporter image tag + ## @param metrics.image.pullPolicy MongoDB® exporter image pull policy + ## @param metrics.image.pullSecrets MongoDB® exporter image pull secrets + ## + image: + registry: docker.io + repository: bitnami/mongodb-exporter + tag: 0.30.0-debian-10-r91 + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.useTLS Whether to connect to MongoDB® with TLS + useTLS: false + ## @param metrics.extraArgs String with extra arguments to the metrics exporter + ## ref: https://github.com/dcu/mongodb_exporter/blob/master/mongodb_exporter.go + ## + extraArgs: "" + ## @param metrics.resources Metrics exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## Metrics exporter liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.livenessProbe.enabled Enable livenessProbe + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: false + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## Metrics exporter liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.readinessProbe.enabled Enable readinessProbe + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## @param metrics.containerPort Port of the Prometheus metrics container + ## + containerPort: 9216 + ## @param metrics.podAnnotations [object] Metrics exporter pod Annotation + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.containerPort }}" + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + podMonitor: + ## @param metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.podMonitor.namespace Namespace where podmonitor resource should be created + ## + namespace: monitoring + ## @param metrics.podMonitor.interval Specify the interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.podMonitor.additionalLabels Additional labels that can be used so PodMonitors will be discovered by Prometheus + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/.helmignore b/packer/ansible/roles/helm_install/files/mongo-manifest/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/Chart.lock b/packer/ansible/roles/helm_install/files/mongo-manifest/Chart.lock new file mode 100644 index 0000000..b8814b6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.11.3 +digest: sha256:d5f850d857edd58b32c0e10652f6ec3ce5018def5542f2bcef38fd7fa0079d6b +generated: "2022-03-07T11:59:31.665943918Z" diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/Chart.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/Chart.yaml new file mode 100644 index 0000000..8bf0c80 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 4.4.13 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: MongoDB(R) is an open source NoSQL database that uses JSON for data storage. + MongoDB(TM) Sharded improves scalability and reliability for large datasets by distributing + data across multiple machines. +home: https://github.com/bitnami/charts/tree/master/bitnami/mongodb-sharded +icon: https://bitnami.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png +keywords: +- mongodb +- database +- nosql +- cluster +- replicaset +- replication +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: mongodb-sharded +sources: +- https://github.com/bitnami/bitnami-docker-mongodb-sharded +- https://mongodb.org +version: 4.0.10 diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/README.md b/packer/ansible/roles/helm_install/files/mongo-manifest/README.md new file mode 100644 index 0000000..37dbc29 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/README.md @@ -0,0 +1,548 @@ + + +# MongoDB(R) Sharded packaged by Bitnami + +MongoDB(R) is an open source NoSQL database that uses JSON for data storage. MongoDB(TM) Sharded improves scalability and reliability for large datasets by distributing data across multiple machines. + +[Overview of MongoDB® Sharded](http://www.mongodb.org) + +Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Bitnami. + +## TL;DR + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/mongodb-sharded +``` + +## Introduction + +This chart bootstraps a [MongoDB(®) Sharded](https://github.com/bitnami/bitnami-docker-mongodb-sharded) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Classified as a NoSQL database, MongoDB® eschews the traditional table-based relational database structure in favor of JSON-like documents with dynamic schemas, making the integration of data in certain types of applications easier and faster. + +This chart uses the [sharding method](https://docs.mongodb.com/manual/sharding/) for distributing data across multiple machines. This is meant for deployments with very large data sets and high throughput operations. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release bitnami/mongodb-sharded +``` + +The command deploys MongoDB® on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global storage class for dynamic provisioning | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override mongodb.fullname template | `""` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### MongoDB(®) Sharded parameters + +| Name | Description | Value | +| ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `image.registry` | MongoDB(®) Sharded image registry | `docker.io` | +| `image.repository` | MongoDB(®) Sharded Image name | `bitnami/mongodb-sharded` | +| `image.tag` | MongoDB(®) Sharded image tag (immutable tags are recommended) | `4.4.11-debian-10-r6` | +| `image.pullPolicy` | MongoDB(®) Sharded image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `mongodbRootPassword` | MongoDB® root password | `""` | +| `replicaSetKey` | Replica Set key (shared for shards and config servers) | `""` | +| `existingSecret` | Existing secret with MongoDB® credentials | `""` | +| `usePasswordFile` | Mount credentials as files instead of using environment variables | `false` | +| `shards` | Number of shards to be created | `2` | +| `common.mongodbEnableNumactl` | Enable launch MongoDB instance prefixed with "numactl --interleave=all" | `false` | +| `common.useHostnames` | Enable DNS hostnames in the replica set config | `true` | +| `common.mongodbEnableIPv6` | Switch to enable/disable IPv6 on MongoDB® | `false` | +| `common.mongodbDirectoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB® | `false` | +| `common.mongodbSystemLogVerbosity` | MongoDB® system log verbosity level | `0` | +| `common.mongodbDisableSystemLog` | Whether to disable MongoDB® system log or not | `false` | +| `common.mongodbMaxWaitTimeout` | Maximum time (in seconds) for MongoDB® nodes to wait for another MongoDB® node to be ready | `120` | +| `common.initScriptsCM` | Configmap with init scripts to execute | `""` | +| `common.initScriptsSecret` | Secret with init scripts to execute (for sensitive data) | `""` | +| `common.extraEnvVars` | An array to add extra env vars | `[]` | +| `common.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `common.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `common.sidecars` | Add sidecars to the pod | `[]` | +| `common.initContainers` | Add init containers to the pod | `[]` | +| `common.podAnnotations` | Additional pod annotations | `{}` | +| `common.podLabels` | Additional pod labels | `{}` | +| `common.extraVolumes` | Array to add extra volumes | `[]` | +| `common.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `common.containerPorts.mongo` | MongoDB container port | `27017` | +| `common.serviceAccount.create` | Whether to create a Service Account for all pods automatically | `false` | +| `common.serviceAccount.name` | Name of a Service Account to be used by all Pods | `""` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r308` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | +| `volumePermissions.resources` | Init container resource requests/limit | `{}` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `securityContext.runAsNonRoot` | Run containers as non-root users | `true` | +| `service.name` | Specify an explicit service name | `""` | +| `service.annotations` | Additional service annotations (evaluate as a template) | `{}` | +| `service.type` | Service type | `ClusterIP` | +| `service.externalTrafficPolicy` | External traffic policy | `Cluster` | +| `service.port` | MongoDB® service port | `27017` | +| `service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types. | `""` | +| `service.externalIPs` | External IP list to use with ClusterIP service type | `[]` | +| `service.loadBalancerIP` | Static IP Address to use for LoadBalancer service type | `""` | +| `service.loadBalancerSourceRanges` | List of IP ranges allowed access to load balancer (if supported) | `[]` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | + + +### Config Server parameters + +| Name | Description | Value | +| ------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------- | +| `configsvr.replicas` | Number of nodes in the replica set (the first node will be primary) | `1` | +| `configsvr.resources` | Configure pod resources | `{}` | +| `configsvr.hostAliases` | Deployment pod host aliases | `[]` | +| `configsvr.mongodbExtraFlags` | MongoDB® additional command line flags | `[]` | +| `configsvr.priorityClassName` | Pod priority class name | `""` | +| `configsvr.podAffinityPreset` | Config Server Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `configsvr.podAntiAffinityPreset` | Config Server Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `configsvr.nodeAffinityPreset.type` | Config Server Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `configsvr.nodeAffinityPreset.key` | Config Server Node label key to match Ignored if `affinity` is set. | `""` | +| `configsvr.nodeAffinityPreset.values` | Config Server Node label values to match. Ignored if `affinity` is set. | `[]` | +| `configsvr.affinity` | Config Server Affinity for pod assignment | `{}` | +| `configsvr.nodeSelector` | Config Server Node labels for pod assignment | `{}` | +| `configsvr.tolerations` | Config Server Tolerations for pod assignment | `[]` | +| `configsvr.podManagementPolicy` | Statefulset's pod management policy, allows parallel startup of pods | `OrderedReady` | +| `configsvr.updateStrategy.type` | updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets | `RollingUpdate` | +| `configsvr.config` | MongoDB® configuration file | `""` | +| `configsvr.configCM` | ConfigMap name with Config Server configuration file (cannot be used with configsvr.config) | `""` | +| `configsvr.extraEnvVars` | An array to add extra env vars | `[]` | +| `configsvr.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `configsvr.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `configsvr.sidecars` | Add sidecars to the pod | `[]` | +| `configsvr.initContainers` | Add init containers to the pod | `[]` | +| `configsvr.podAnnotations` | Additional pod annotations | `{}` | +| `configsvr.podLabels` | Additional pod labels | `{}` | +| `configsvr.extraVolumes` | Array to add extra volumes. Requires setting `extraVolumeMounts` | `[]` | +| `configsvr.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes). Normally used with `extraVolumes` | `[]` | +| `configsvr.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `configsvr.pdb.enabled` | Enable pod disruption budget | `false` | +| `configsvr.pdb.minAvailable` | Minimum number of available config pods allowed (`0` to disable) | `0` | +| `configsvr.pdb.maxUnavailable` | Maximum number of unavailable config pods allowed (`0` to disable) | `1` | +| `configsvr.persistence.enabled` | Use a PVC to persist data | `true` | +| `configsvr.persistence.mountPath` | Path to mount the volume at | `/bitnami/mongodb` | +| `configsvr.persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `configsvr.persistence.storageClass` | Storage class of backing PVC | `""` | +| `configsvr.persistence.accessModes` | Use volume as ReadOnly or ReadWrite | `["ReadWriteOnce"]` | +| `configsvr.persistence.size` | PersistentVolumeClaim size | `8Gi` | +| `configsvr.persistence.annotations` | Persistent Volume annotations | `{}` | +| `configsvr.serviceAccount.create` | Specifies whether a ServiceAccount should be created for Config Server | `false` | +| `configsvr.serviceAccount.name` | Name of a Service Account to be used by Config Server | `""` | +| `configsvr.external.host` | Primary node of an external Config Server replicaset | `""` | +| `configsvr.external.rootPassword` | Root password of the external Config Server replicaset | `""` | +| `configsvr.external.replicasetName` | Replicaset name of an external Config Server | `""` | +| `configsvr.external.replicasetKey` | Replicaset key of an external Config Server | `""` | + + +### Mongos parameters + +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------------ | --------------- | +| `mongos.replicas` | Number of replicas | `1` | +| `mongos.resources` | Configure pod resources | `{}` | +| `mongos.hostAliases` | Deployment pod host aliases | `[]` | +| `mongos.mongodbExtraFlags` | MongoDB® additional command line flags | `[]` | +| `mongos.priorityClassName` | Pod priority class name | `""` | +| `mongos.podAffinityPreset` | Mongos Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `mongos.podAntiAffinityPreset` | Mongos Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `mongos.nodeAffinityPreset.type` | Mongos Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `mongos.nodeAffinityPreset.key` | Mongos Node label key to match Ignored if `affinity` is set. | `""` | +| `mongos.nodeAffinityPreset.values` | Mongos Node label values to match. Ignored if `affinity` is set. | `[]` | +| `mongos.affinity` | Mongos Affinity for pod assignment | `{}` | +| `mongos.nodeSelector` | Mongos Node labels for pod assignment | `{}` | +| `mongos.tolerations` | Mongos Tolerations for pod assignment | `[]` | +| `mongos.podManagementPolicy` | Statefulsets pod management policy, allows parallel startup of pods | `OrderedReady` | +| `mongos.updateStrategy.type` | updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets | `RollingUpdate` | +| `mongos.config` | MongoDB® configuration file | `""` | +| `mongos.configCM` | ConfigMap name with MongoDB® configuration file (cannot be used with mongos.config) | `""` | +| `mongos.extraEnvVars` | An array to add extra env vars | `[]` | +| `mongos.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `mongos.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `mongos.sidecars` | Add sidecars to the pod | `[]` | +| `mongos.initContainers` | Add init containers to the pod | `[]` | +| `mongos.podAnnotations` | Additional pod annotations | `{}` | +| `mongos.podLabels` | Additional pod labels | `{}` | +| `mongos.extraVolumes` | Array to add extra volumes. Requires setting `extraVolumeMounts` | `[]` | +| `mongos.extraVolumeMounts` | Array to add extra volume mounts. Normally used with `extraVolumes`. | `[]` | +| `mongos.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `mongos.useStatefulSet` | Use StatefulSet instead of Deployment | `false` | +| `mongos.servicePerReplica.enabled` | Create one service per mongos replica (must be used with statefulset) | `false` | +| `mongos.servicePerReplica.annotations` | Additional service annotations (evaluate as a template) | `{}` | +| `mongos.servicePerReplica.type` | Service type | `ClusterIP` | +| `mongos.servicePerReplica.externalTrafficPolicy` | External traffic policy | `Cluster` | +| `mongos.servicePerReplica.port` | MongoDB® service port | `27017` | +| `mongos.servicePerReplica.clusterIP` | Static clusterIP or None for headless services | `""` | +| `mongos.servicePerReplica.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types | `""` | +| `mongos.servicePerReplica.externalIPs` | External IP list to use with ClusterIP service type | `[]` | +| `mongos.servicePerReplica.loadBalancerIP` | Static IP Address to use for LoadBalancer service type | `""` | +| `mongos.servicePerReplica.loadBalancerSourceRanges` | List of IP ranges allowed access to load balancer (if supported) | `[]` | +| `mongos.servicePerReplica.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `mongos.servicePerReplica.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `mongos.pdb.enabled` | Enable pod disruption budget | `false` | +| `mongos.pdb.minAvailable` | Minimum number of available mongo pods allowed (`0` to disable) | `0` | +| `mongos.pdb.maxUnavailable` | Maximum number of unavailable mongo pods allowed (`0` to disable) | `1` | +| `mongos.serviceAccount.create` | Whether to create a Service Account for mongos automatically | `false` | +| `mongos.serviceAccount.name` | Name of a Service Account to be used by mongos | `""` | + + +### Shard configuration: Data node parameters + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------------------------------------------- | --------------- | +| `shardsvr.dataNode.replicas` | Number of nodes in each shard replica set (the first node will be primary) | `1` | +| `shardsvr.dataNode.resources` | Configure pod resources | `{}` | +| `shardsvr.dataNode.mongodbExtraFlags` | MongoDB® additional command line flags | `[]` | +| `shardsvr.dataNode.priorityClassName` | Pod priority class name | `""` | +| `shardsvr.dataNode.podAffinityPreset` | Data nodes Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `shardsvr.dataNode.podAntiAffinityPreset` | Data nodes Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `shardsvr.dataNode.nodeAffinityPreset.type` | Data nodes Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `shardsvr.dataNode.nodeAffinityPreset.key` | Data nodes Node label key to match Ignored if `affinity` is set. | `""` | +| `shardsvr.dataNode.nodeAffinityPreset.values` | Data nodes Node label values to match. Ignored if `affinity` is set. | `[]` | +| `shardsvr.dataNode.affinity` | Data nodes Affinity for pod assignment | `{}` | +| `shardsvr.dataNode.nodeSelector` | Data nodes Node labels for pod assignment | `{}` | +| `shardsvr.dataNode.tolerations` | Data nodes Tolerations for pod assignment | `[]` | +| `shardsvr.dataNode.podManagementPolicy` | podManagementPolicy for the statefulset, allows parallel startup of pods | `OrderedReady` | +| `shardsvr.dataNode.updateStrategy.type` | updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets | `RollingUpdate` | +| `shardsvr.dataNode.hostAliases` | Deployment pod host aliases | `[]` | +| `shardsvr.dataNode.config` | Entries for the MongoDB® config file | `""` | +| `shardsvr.dataNode.configCM` | ConfigMap name with MongoDB® configuration (cannot be used with shardsvr.dataNode.config) | `""` | +| `shardsvr.dataNode.extraEnvVars` | An array to add extra env vars | `[]` | +| `shardsvr.dataNode.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `shardsvr.dataNode.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `shardsvr.dataNode.sidecars` | Attach additional containers (evaluated as a template) | `[]` | +| `shardsvr.dataNode.initContainers` | Add init containers to the pod | `[]` | +| `shardsvr.dataNode.podAnnotations` | Additional pod annotations | `{}` | +| `shardsvr.dataNode.podLabels` | Additional pod labels | `{}` | +| `shardsvr.dataNode.extraVolumes` | Array to add extra volumes. Requires setting `extraVolumeMounts` | `[]` | +| `shardsvr.dataNode.extraVolumeMounts` | Array to add extra mounts. Normally used with `extraVolumes` | `[]` | +| `shardsvr.dataNode.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `shardsvr.dataNode.pdb.enabled` | Enable pod disruption budget | `false` | +| `shardsvr.dataNode.pdb.minAvailable` | Minimum number of available data pods allowed (`0` to disable) | `0` | +| `shardsvr.dataNode.pdb.maxUnavailable` | Maximum number of unavailable data pods allowed (`0` to disable) | `1` | +| `shardsvr.dataNode.serviceAccount.create` | Specifies whether a ServiceAccount should be created for shardsvr | `false` | +| `shardsvr.dataNode.serviceAccount.name` | Name of a Service Account to be used by shardsvr data pods | `""` | + + +### Shard configuration: Persistence parameters + +| Name | Description | Value | +| ----------------------------------- | ---------------------------------------------------------------------------------------- | ------------------- | +| `shardsvr.persistence.enabled` | Use a PVC to persist data | `true` | +| `shardsvr.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB® images. | `/bitnami/mongodb` | +| `shardsvr.persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `shardsvr.persistence.storageClass` | Storage class of backing PVC | `""` | +| `shardsvr.persistence.accessModes` | Use volume as ReadOnly or ReadWrite | `["ReadWriteOnce"]` | +| `shardsvr.persistence.size` | PersistentVolumeClaim size | `8Gi` | +| `shardsvr.persistence.annotations` | Additional volume annotations | `{}` | + + +### Shard configuration: Arbiter parameters + +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------- | --------------- | +| `shardsvr.arbiter.replicas` | Number of arbiters in each shard replica set (the first node will be primary) | `0` | +| `shardsvr.arbiter.hostAliases` | Deployment pod host aliases | `[]` | +| `shardsvr.arbiter.resources` | Configure pod resources | `{}` | +| `shardsvr.arbiter.mongodbExtraFlags` | MongoDB® additional command line flags | `[]` | +| `shardsvr.arbiter.priorityClassName` | Pod priority class name | `""` | +| `shardsvr.arbiter.podAffinityPreset` | Arbiter's Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `shardsvr.arbiter.podAntiAffinityPreset` | Arbiter's Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `shardsvr.arbiter.nodeAffinityPreset.type` | Arbiter's Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `shardsvr.arbiter.nodeAffinityPreset.key` | Arbiter's Node label key to match Ignored if `affinity` is set. | `""` | +| `shardsvr.arbiter.nodeAffinityPreset.values` | Arbiter's Node label values to match. Ignored if `affinity` is set. | `[]` | +| `shardsvr.arbiter.affinity` | Arbiter's Affinity for pod assignment | `{}` | +| `shardsvr.arbiter.nodeSelector` | Arbiter's Node labels for pod assignment | `{}` | +| `shardsvr.arbiter.tolerations` | Arbiter's Tolerations for pod assignment | `[]` | +| `shardsvr.arbiter.podManagementPolicy` | Statefulset's pod management policy, allows parallel startup of pods | `OrderedReady` | +| `shardsvr.arbiter.updateStrategy.type` | updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets | `RollingUpdate` | +| `shardsvr.arbiter.config` | MongoDB® configuration file | `""` | +| `shardsvr.arbiter.configCM` | ConfigMap name with MongoDB® configuration file (cannot be used with shardsvr.arbiter.config) | `""` | +| `shardsvr.arbiter.extraEnvVars` | An array to add extra env vars | `[]` | +| `shardsvr.arbiter.extraEnvVarsCM` | Name of a ConfigMap containing extra env vars | `""` | +| `shardsvr.arbiter.extraEnvVarsSecret` | Name of a Secret containing extra env vars | `""` | +| `shardsvr.arbiter.sidecars` | Add sidecars to the pod | `[]` | +| `shardsvr.arbiter.initContainers` | Add init containers to the pod | `[]` | +| `shardsvr.arbiter.podAnnotations` | Additional pod annotations | `{}` | +| `shardsvr.arbiter.podLabels` | Additional pod labels | `{}` | +| `shardsvr.arbiter.extraVolumes` | Array to add extra volumes | `[]` | +| `shardsvr.arbiter.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `shardsvr.arbiter.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `shardsvr.arbiter.serviceAccount.create` | Specifies whether a ServiceAccount should be created for shardsvr arbiter nodes | `false` | +| `shardsvr.arbiter.serviceAccount.name` | Name of a Service Account to be used by shardsvr arbiter pods | `""` | + + +### Metrics parameters + +| Name | Description | Value | +| -------------------------------------------- | ---------------------------------------------------------------------------------- | -------------------------- | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | MongoDB® exporter image registry | `docker.io` | +| `metrics.image.repository` | MongoDB® exporter image name | `bitnami/mongodb-exporter` | +| `metrics.image.tag` | MongoDB® exporter image tag | `0.30.0-debian-10-r53` | +| `metrics.image.pullPolicy` | MongoDB® exporter image pull policy | `Always` | +| `metrics.image.pullSecrets` | MongoDB® exporter image pull secrets | `[]` | +| `metrics.useTLS` | Whether to connect to MongoDB® with TLS | `false` | +| `metrics.extraArgs` | String with extra arguments to the metrics exporter | `""` | +| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `false` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `false` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` | +| `metrics.podAnnotations` | Metrics exporter pod Annotation | `{}` | +| `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.podMonitor.namespace` | Namespace where podmonitor resource should be created | `monitoring` | +| `metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set shards=4,configsvr.replicas=3,shardsvr.dataNode.replicas=2 \ + bitnami/mongodb-sharded +``` + +The above command sets the number of shards to 4, the number of replicas for the config servers to 3 and number of replicas for data nodes to 2. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml bitnami/mongodb-sharded +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Change MongoDB® version + +To modify the MongoDB® version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/mongodb-sharded/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### Sharding + +This chart deploys a sharded cluster by default. Some characteristics of this chart are: + +- It allows HA by enabling replication on the shards and the config servers. The mongos instances can be scaled horizontally as well. +- The number of secondary and arbiter nodes can be scaled out independently. + +### Initialize a fresh instance + +The [Bitnami MongoDB®](https://github.com/bitnami/bitnami-docker-mongodb-sharded) image allows you to use your custom scripts to initialize a fresh instance. You can create a custom config map and give it via `initScriptsCM`(check options for more details). + +The allowed extensions are `.sh`, and `.js`. + +### Sidecars and Init Containers + +If you have a need for additional containers to run within the same pod as Kibana (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter (available in the `mongos`, `shardsvr.dataNode`, `shardsvr.arbiter`, `configsvr` and `common` sections). Simply define your container according to the Kubernetes container spec. + +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Similarly, you can add extra init containers using the `initContainers` parameter. + +```yaml +initContainers: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Adding extra environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` (available in the `mongos`, `shardsvr.dataNode`, `shardsvr.arbiter`, `configsvr` and `common` sections) property. + +```yaml +extraEnvVars: + - name: MONGODB_VERSION + value: 4.0 +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Using an external config server + +It is possible to not deploy any shards or a config server. For example, it is possible to simply deploy `mongos` instances that point to an external MongoDB® sharded database. If that is the case, set the `configsvr.external.host` and `configsvr.external.replicasetName` for the mongos instances to connect. For authentication, set the `configsvr.external.rootPassword` and `configsvr.external.replicasetKey` values. + +## Persistence + +The [Bitnami MongoDB®](https://github.com/bitnami/bitnami-docker-mongodb-sharded) image stores the MongoDB® data and configurations at the `/bitnami/mongodb` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. + +### Adjust permissions of persistent volume mountpoint + +As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. +As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. + +You can enable this initContainer by setting `volumePermissions.enabled` to `true`. + +### Adding extra volumes + +The Bitnami Kibana chart supports mounting extra volumes (either PVCs, secrets or configmaps) by using the `extraVolumes` and `extraVolumeMounts` properties (available in the `mongos`, `shardsvr.dataNode`, `shardsvr.arbiter`, `configsvr` and `common` sections). This can be combined with advanced operations like adding extra init containers and sidecars. + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +If authentication is enabled, it's necessary to set the `mongodbRootPassword` and `replicaSetKey` when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password, and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release bitnami/mongodb-sharded --set mongodbRootPassword=[PASSWORD] (--set replicaSetKey=[REPLICASETKEY]) +``` + +> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes. + +### To 4.0.0 + +In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`). +Please visit the release notes from the upstream project at https://github.com/percona/mongodb_exporter/releases + +### To 3.1.0 + +This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +### To 3.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +### To 2.0.0 + +MongoDB® container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB®. Refer to the following guide to upgrade your applications: + +- [Upgrade a Sharded Cluster to 4.4](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-sharded-cluster/) + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/.helmignore b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/Chart.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/Chart.yaml new file mode 100644 index 0000000..3f32f99 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.11.3 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 1.11.3 diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/README.md b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/README.md new file mode 100644 index 0000000..8dc47f0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/README.md @@ -0,0 +1,345 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_affinities.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..189ea40 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_capabilities.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..b94212b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_capabilities.tpl @@ -0,0 +1,128 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_errors.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_images.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_images.tpl new file mode 100644 index 0000000..42ffbc7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_ingress.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..8caf73a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_labels.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_names.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_names.tpl new file mode 100644 index 0000000..cf03231 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_names.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_secrets.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..a53fb44 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_secrets.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_storage.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_tplvalues.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_utils.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_warnings.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_cassandra.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..ded1ae3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_mariadb.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..b6906ff --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_mongodb.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..a071ea4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_postgresql.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..164ec0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_redis.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..5d72959 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_validations.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/values.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/values.yaml new file mode 100644 index 0000000..f2df68e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/override-values.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/override-values.yaml new file mode 100644 index 0000000..4280339 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/override-values.yaml @@ -0,0 +1,52 @@ +mongodbRootPassword: "mongo#pass" +configsvr: + #nodeSelector: {"datasaker/group": "data"} + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + external: + rootPassword: "mongo#pass" +service: + type: NodePort + nodePort: "30111" +mongos: + #nodeSelector: {"datasaker/group": "data"} + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid +shardsvr: + dataNode: + #nodeSelector: {"datasaker/group": "data"} + tolerations: + - key: "dev/data-druid" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-druid + + diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/NOTES.txt new file mode 100644 index 0000000..6db3cef --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/NOTES.txt @@ -0,0 +1,74 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/mongodb-sharded/entrypoint.sh /opt/bitnami/scripts/mongodb-sharded/run.sh + +{{- else }} + +The MongoDB® Sharded cluster can be accessed via the Mongos instances in port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ include "mongodb-sharded.serviceName" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + +To get the root password run: + + export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 --decode) + +{{- if and .Values.mongodbUsername .Values.mongodbDatabase }} +{{- if .Values.mongodbPassword }} + +To get the password for "{{ .Values.mongodbUsername }}" run: + + export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.mongodb-password}" | base64 --decode) + +{{- end }} +{{- end }} + +To connect to your database run the following command: + + kubectl run --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mongodb-sharded.image" . }} --command -- mongo admin --host {{ include "mongodb-sharded.serviceName" . }} {{- if .Values.usePassword }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mongodb-sharded.serviceName" . }}) + mongo --host $NODE_IP --port $NODE_PORT --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "mongodb-sharded.serviceName" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mongodb-sharded.serviceName" . }} --include "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + mongo --host $SERVICE_IP --port {{ .Values.service.port }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb-sharded.serviceName" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & + mongo --host 127.0.0.1 --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD + +{{- end }} +{{- end }} + +{{- include "mongodb-sharded.validateValues" . -}} +{{- include "mongodb-sharded.checkRollingTags" . -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/_helpers.tpl new file mode 100644 index 0000000..679eaa9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/_helpers.tpl @@ -0,0 +1,266 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Returns a ServiceAccount name for specified path or falls back to `common.serviceAccount.name` +if `common.serviceAccount.create` is set to true. Falls back to Chart's fullname otherwise. +Usage: +{{ include "mongodb-sharded.serviceAccountName" (dict "value" .Values.path.to.serviceAccount "context" $) }} +*/}} +{{- define "mongodb-sharded.serviceAccountName" -}} +{{- if .value.create }} + {{- default (include "common.names.fullname" .context) .value.name | quote }} +{{- else if .context.Values.common.serviceAccount.create }} + {{- default (include "common.names.fullname" .context) .context.Values.common.serviceAccount.name | quote }} +{{- else -}} + {{- default "default" .value.name | quote }} +{{- end }} +{{- end }} + +{{/* +Renders a ServiceAccount for specified name. +Usage: +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.path.to.serviceAccount "context" $) }} +*/}} +{{- define "mongodb-sharded.serviceaccount" -}} +{{- if .value.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongodb-sharded.serviceAccountName" (dict "value" .value "context" .context) }} + labels: + {{- include "common.labels.standard" .context | nindent 4 }} +--- +{{ end -}} +{{- end -}} + +{{- define "mongodb-sharded.secret" -}} + {{- if .Values.existingSecret -}} + {{- .Values.existingSecret -}} + {{- else }} + {{- include "common.names.fullname" . -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.configServer.primaryHost" -}} + {{- if .Values.configsvr.external.host -}} + {{- .Values.configsvr.external.host }} + {{- else -}} + {{- printf "%s-configsvr-0.%s-headless.%s.svc.%s" (include "common.names.fullname" . ) (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain -}} + {{- end -}} +{{- end -}} + +{{- define "mongodb-sharded.configServer.rsName" -}} + {{- if .Values.configsvr.external.replicasetName -}} + {{- .Values.configsvr.external.replicasetName }} + {{- else }} + {{- printf "%s-configsvr" ( include "common.names.fullname" . ) -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.mongos.configCM" -}} + {{- if .Values.mongos.configCM -}} + {{- .Values.mongos.configCM -}} + {{- else }} + {{- printf "%s-mongos" (include "common.names.fullname" .) -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.shardsvr.dataNode.configCM" -}} + {{- if .Values.shardsvr.dataNode.configCM -}} + {{- .Values.shardsvr.dataNode.configCM -}} + {{- else }} + {{- printf "%s-shardsvr-data" (include "common.names.fullname" .) -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.shardsvr.arbiter.configCM" -}} + {{- if .Values.shardsvr.arbiter.configCM -}} + {{- .Values.shardsvr.arbiter.configCM -}} + {{- else }} + {{- printf "%s-shardsvr-arbiter" (include "common.names.fullname" .) -}} + {{- end }} +{{- end -}} + +{{- define "mongodb-sharded.configsvr.configCM" -}} + {{- if .Values.configsvr.configCM -}} + {{- .Values.configsvr.configCM -}} + {{- else }} + {{- printf "%s-configsvr" (include "common.names.fullname" .) -}} + {{- end }} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "mongodb-sharded.initScriptsSecret" -}} + {{- printf "%s" (include "common.tplvalues.render" (dict "value" .Values.common.initScriptsSecret "context" $)) -}} +{{- end -}} + +{{/* +Get the initialization scripts configmap name. +*/}} +{{- define "mongodb-sharded.initScriptsCM" -}} + {{- printf "%s" (include "common.tplvalues.render" (dict "value" .Values.common.initScriptsCM "context" $)) -}} +{{- end -}} + +{{/* +Create the name for the admin secret. +*/}} +{{- define "mongodb-sharded.adminSecret" -}} + {{- if .Values.auth.existingAdminSecret -}} + {{- .Values.auth.existingAdminSecret -}} + {{- else -}} + {{- include "common.names.fullname" . -}}-admin + {{- end -}} +{{- end -}} + +{{/* +Create the name for the key secret. +*/}} +{{- define "mongodb-sharded.keySecret" -}} + {{- if .Values.auth.existingKeySecret -}} + {{- .Values.auth.existingKeySecret -}} + {{- else -}} + {{- include "common.names.fullname" . -}}-keyfile + {{- end -}} +{{- end -}} + +{{/* +Returns the proper Service name depending if an explicit service name is set +in the values file. If the name is not explicitly set it will take the "common.names.fullname" +*/}} +{{- define "mongodb-sharded.serviceName" -}} + {{- if .Values.service.name -}} + {{ .Values.service.name }} + {{- else -}} + {{ include "common.names.fullname" . }} + {{- end -}} +{{- end -}} + +{{/* +Return the proper MongoDB® image name +*/}} +{{- define "mongodb-sharded.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "mongodb-sharded.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mongodb-sharded.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mongodb-sharded.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mongodb-sharded.validateValues" -}} + {{- $messages := list -}} + {{- $messages := append $messages (include "mongodb-sharded.validateValues.mongodbCustomDatabase" .) -}} + {{- $messages := append $messages (include "mongodb-sharded.validateValues.externalCfgServer" .) -}} + {{- $messages := append $messages (include "mongodb-sharded.validateValues.replicas" .) -}} + {{- $messages := append $messages (include "mongodb-sharded.validateValues.config" .) -}} + {{- $messages := without $messages "" -}} + {{- $message := join "\n" $messages -}} + + {{- if $message -}} + {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} + {{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - both mongodbUsername and mongodbDatabase are necessary +to create a custom user and database during 1st initialization +*/}} +{{- define "mongodb-sharded.validateValues.mongodbCustomDatabase" -}} +{{- if or (and .Values.mongodbUsername (not .Values.mongodbDatabase)) (and (not .Values.mongodbUsername) .Values.mongodbDatabase) }} +mongodb: mongodbUsername, mongodbDatabase + Both mongodbUsername and mongodbDatabase must be provided to create + a custom user and database during 1st initialization. + Please set both of them (--set mongodbUsername="xxxx",mongodbDatabase="yyyy") +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - If using an external config server, then both the host and the replicaset name should be set. +*/}} +{{- define "mongodb-sharded.validateValues.externalCfgServer" -}} +{{- if and .Values.configsvr.external.replicasetName (not .Values.configsvr.external.host) -}} +mongodb: invalidExternalConfigServer + You specified a replica set name for the external config server but not a host. Set both configsvr.external.replicasetName and configsvr.external.host +{{- end -}} +{{- if and (not .Values.configsvr.external.replicasetName) .Values.configsvr.external.host -}} +mongodb: invalidExternalConfigServer + You specified a host for the external config server but not the replica set name. Set both configsvr.external.replicasetName and configsvr.external.host +{{- end -}} +{{- if and .Values.configsvr.external.host (not .Values.configsvr.external.rootPassword) -}} +mongodb: invalidExternalConfigServer + You specified a host for the external config server but not the root password. Set the configsvr.external.rootPassword value. +{{- end -}} +{{- if and .Values.configsvr.external.host (not .Values.configsvr.external.replicasetKey) -}} +mongodb: invalidExternalConfigServer + You specified a host for the external config server but not the replica set key. Set the configsvr.external.replicasetKey value. +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - The number of shards must be positive, as well as the data node replicas +*/}} +{{- define "mongodb-sharded.validateValues.replicas" -}} +{{- if and (le (int .Values.shardsvr.dataNode.replicas) 0) (ge (int .Values.shards) 1) }} +mongodb: invalidShardSvrReplicas + You specified an invalid number of replicas per shard. Please set shardsvr.dataNode.replicas with a positive number or set the number of shards to 0. +{{- end -}} +{{- if lt (int .Values.shardsvr.arbiter.replicas) 0 }} +mongodb: invalidShardSvrArbiters + You specified an invalid number of arbiters per shard. Please set shardsvr.arbiter.replicas with a number greater or equal than 0 +{{- end -}} +{{- if and (le (int .Values.configsvr.replicas) 0) (not .Values.configsvr.external.host) }} +mongodb: invalidConfigSvrReplicas + You specified an invalid number of replicas per shard. Please set configsvr.replicas with a positive number or set the configsvr.external.host value to use + an external config server replicaset +{{- end -}} +{{- end -}} + +{{/* +Validate values of MongoDB® - Cannot use both .config and .configCM +*/}} +{{- define "mongodb-sharded.validateValues.config" -}} +{{- if and .Values.shardsvr.dataNode.configCM .Values.shardsvr.dataNode.config }} +mongodb: shardDataNodeConflictingConfig + You specified both shardsvr.dataNode.configCM and shardsvr.dataNode.config. You can only set one +{{- end -}} +{{- if and .Values.shardsvr.arbiter.configCM .Values.shardsvr.arbiter.config }} +mongodb: arbiterNodeConflictingConfig + You specified both shardsvr.arbiter.configCM and shardsvr.arbiter.config. You can only set one +{{- end -}} +{{- if and .Values.mongos.configCM .Values.mongos.config }} +mongodb: mongosNodeConflictingConfig + You specified both mongos.configCM and mongos.config. You can only set one +{{- end -}} +{{- if and .Values.configsvr.configCM .Values.configsvr.config }} +mongodb: configSvrNodeConflictingConfig + You specified both configsvr.configCM and configsvr.config. You can only set one +{{- end -}} +{{- end -}} + +{{/* Check if there are rolling tags in the images */}} +{{- define "mongodb-sharded.checkRollingTags" -}} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-configmap.yaml new file mode 100644 index 0000000..0073138 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-configmap.yaml @@ -0,0 +1,11 @@ +{{- if and (not .Values.configsvr.external.host) .Values.configsvr.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-configsvr + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: configsvr +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.config "context" $) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-poddisruptionbudget.yaml new file mode 100644 index 0000000..6138298 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if and (not .Values.configsvr.external.host) .Values.configsvr.pdb.enabled -}} +kind: PodDisruptionBudget +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }}-configsvr + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: configsvr +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: configsvr + {{- if .Values.configsvr.pdb.minAvailable }} + minAvailable: {{ .Values.configsvr.pdb.minAvailable | int }} + {{- end }} + {{- if .Values.configsvr.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.configsvr.pdb.maxUnavailable | int }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-podmonitor.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-podmonitor.yaml new file mode 100644 index 0000000..375c6e8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-podmonitor.yaml @@ -0,0 +1,32 @@ +{{- if and (not .Values.configsvr.external.host) (and .Values.metrics.enabled .Values.metrics.podMonitor.enabled) }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "common.names.fullname" . }}-configsvr + {{- if .Values.metrics.podMonitor.namespace }} + namespace: {{ .Values.metrics.podMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: configsvr + {{- if .Values.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: metrics + path: /metrics + {{- if .Values.metrics.podMonitor.interval }} + interval: {{ .Values.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: configsvr +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-statefulset.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-statefulset.yaml new file mode 100644 index 0000000..4d4458c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/config-server/config-server-statefulset.yaml @@ -0,0 +1,376 @@ +{{- if not .Values.configsvr.external.host }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }}-configsvr + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: configsvr +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: configsvr + serviceName: {{ include "common.names.fullname" . }}-headless + replicas: {{ .Values.configsvr.replicas }} + podManagementPolicy: {{ .Values.configsvr.podManagementPolicy }} + updateStrategy: {{- toYaml .Values.configsvr.updateStrategy | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: configsvr + {{- if .Values.configsvr.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or .Values.common.podAnnotations .Values.configsvr.podAnnotations .Values.metrics.enabled }} + annotations: + {{- if .Values.common.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if .Values.common.schedulerName }} + schedulerName: {{ .Values.common.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ include "mongodb-sharded.serviceAccountName" (dict "value" .Values.configsvr.serviceAccount "context" $) }} + {{- if .Values.configsvr.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.configsvr.podAffinityPreset "component" "configsvr" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.configsvr.podAntiAffinityPreset "component" "configsvr" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.configsvr.nodeAffinityPreset.type "key" .Values.configsvr.nodeAffinityPreset.key "values" .Values.configsvr.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.configsvr.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.configsvr.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.priorityClassName }} + priorityClassName: {{ .Values.configsvr.priorityClassName | quote }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- include "mongodb-sharded.imagePullSecrets" . | nindent 6 }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.configsvr.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb-sharded.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "{{ .Values.configsvr.persistence.mountPath }}"] + securityContext: + runAsUser: 0 + resources: {{ toYaml .Values.volumePermissions.resources | nindent 12 }} + volumeMounts: + - name: datadir + mountPath: {{ .Values.configsvr.persistence.mountPath }} + {{- end }} + {{- with .Values.configsvr.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with .Values.common.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb-sharded.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + ports: + - containerPort: {{ .Values.common.containerPorts.mongo }} + name: mongodb + env: + - name: MONGODB_ENABLE_NUMACTL + value: {{ ternary "yes" "no" .Values.common.mongodbEnableNumactl | quote }} + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.common.mongodbSystemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + {{- if .Values.mongodbDisableSystemLog }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_MAX_TIMEOUT + value: {{ .Values.common.mongodbMaxWaitTimeout | quote }} + - name: MONGODB_SHARDING_MODE + value: "configsvr" + - name: MONGODB_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MONGODB_PORT_NUMBER + value: {{ .Values.common.containerPorts.mongo | quote }} + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ include "mongodb-sharded.configServer.primaryHost" . }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ printf "%s-configsvr" ( include "common.names.fullname" . ) }} + {{- if .Values.common.useHostnames }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MONGODB_POD_NAME).{{ include "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + {{- end }} + {{- if .Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + - name: MONGODB_REPLICA_SET_KEY_FILE + value: "/bitnami/mongodb/secrets/mongodb-replica-set-key" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-replica-set-key + {{- end }} + - name: MONGODB_ENABLE_IPV6 + {{- if .Values.common.mongodbEnableIPv6 }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if .Values.common.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + {{- if .Values.configsvr.mongodbExtraFlags }} + - name: MONGODB_EXTRA_FLAGS + value: {{ .Values.configsvr.mongodbExtraFlags | join " " | quote }} + {{- end }} + {{- if .Values.common.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.configsvr.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or .Values.common.extraEnvVarsCM .Values.common.extraEnvVarsSecret .Values.configsvr.extraEnvVarsCM .Values.configsvr.extraEnvVarsSecret }} + envFrom: + {{- if .Values.common.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.common.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- if .Values.configsvr.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.configsvr.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - /entrypoint/replicaset-entrypoint.sh + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - pgrep + - mongod + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - mongo + - --disableImplicitSessions + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- end }} + volumeMounts: + - name: replicaset-entrypoint-configmap + mountPath: /entrypoint + - name: datadir + mountPath: {{ .Values.configsvr.persistence.mountPath }} + {{- if or .Values.configsvr.config .Values.configsvr.configCM }} + - name: config + mountPath: /bitnami/mongodb/conf/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + {{- if .Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + mountPath: /docker-entrypoint-initdb.d/cm + {{- end }} + {{- if .Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if .Values.common.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.configsvr.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.configsvr.resources | nindent 12 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "mongodb-sharded.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + {{- if .Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-root-password + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - sh + - -ec + - |- + #!/bin/sh + {{- if .Values.usePasswordFile }} + export MONGODB_ROOT_PASSWORD="$(cat "${MONGODB_ROOT_PASSWORD_FILE}")" + {{- end }} + /bin/mongodb_exporter --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri mongodb://root:`echo $MONGODB_ROOT_PASSWORD | sed -r "s/@/%40/g;s/:/%3A/g"`@localhost:{{ .Values.service.port }}/admin{{ ternary "?ssl=true" "" $.Values.metrics.useTLS }} {{ .Values.metrics.extraArgs }} + {{- end }} + {{- if .Values.usePasswordFile }} + volumeMounts: + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + resources: {{ toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- with .Values.configsvr.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with .Values.common.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + volumes: + - name: replicaset-entrypoint-configmap + configMap: + name: {{ include "common.names.fullname" . }}-replicaset-entrypoint + {{- if .Values.usePasswordFile }} + - name: secrets + secret: + secretName: {{ include "mongodb-sharded.secret" . }} + {{- end }} + {{- if or .Values.configsvr.config .Values.configsvr.configCM }} + - name: config + configMap: + name: {{ include "mongodb-sharded.configsvr.configCM" . }} + {{- end }} + {{- if .Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + configMap: + name: {{ include "mongodb-sharded.initScriptsCM" . }} + defaultMode: 0755 + {{- end }} + {{- if .Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ include "mongodb-sharded.initScriptsSecret" . }} + defaultMode: 0755 + {{- end }} + {{- if .Values.common.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.configsvr.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.configsvr.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: datadir + annotations: + {{- range $key, $value := .Values.configsvr.persistence.annotations }} + {{ $key }}: "{{ $value }}" + {{- end }} + spec: + accessModes: + {{- range .Values.configsvr.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.configsvr.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.configsvr.persistence "global" .Values.global) | nindent 8 }} + {{- else }} + - name: datadir + emptyDir: {} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/extra-list.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/headless-service.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/headless-service.yaml new file mode 100644 index 0000000..6f9c7d8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/headless-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-headless + labels: {{- include "common.labels.standard" . | nindent 4 }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: mongodb + port: {{ .Values.service.port }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-configmap.yaml new file mode 100644 index 0000000..8fb01a5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-configmap.yaml @@ -0,0 +1,11 @@ +{{- if .Values.mongos.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-mongos + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.mongos.config "context" $) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-dep-sts.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-dep-sts.yaml new file mode 100644 index 0000000..1b89fde --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-dep-sts.yaml @@ -0,0 +1,319 @@ +apiVersion: {{ if .Values.mongos.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }} +kind: {{ if .Values.mongos.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }} +metadata: + name: {{ include "common.names.fullname" . }}-mongos + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos +spec: + {{- if .Values.mongos.useStatefulSet }} + serviceName: {{ include "mongodb-sharded.serviceName" . }} + podManagementPolicy: {{ .Values.mongos.podManagementPolicy }} + updateStrategy: + {{- else }} + strategy: + {{- end }} + {{- toYaml .Values.mongos.updateStrategy | nindent 4 }} + replicas: {{ .Values.mongos.replicas }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongos + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mongos + {{- if .Values.mongos.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.mongos.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or .Values.common.podAnnotations .Values.mongos.podAnnotations .Values.metrics.enabled }} + annotations: + {{- if .Values.common.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.common.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.mongos.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.mongos.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if .Values.common.schedulerName }} + schedulerName: {{ .Values.common.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ include "mongodb-sharded.serviceAccountName" (dict "value" $.Values.mongos.serviceAccount "context" $) }} + {{- if .Values.mongos.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.mongos.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.mongos.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.mongos.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.mongos.podAffinityPreset "component" "mongos" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.mongos.podAntiAffinityPreset "component" "mongos" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.mongos.nodeAffinityPreset.type "key" .Values.mongos.nodeAffinityPreset.key "values" .Values.mongos.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.mongos.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.mongos.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.mongos.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.mongos.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.mongos.priorityClassName }} + priorityClassName: {{ .Values.mongos.priorityClassName | quote }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- include "mongodb-sharded.imagePullSecrets" . | nindent 6 }} + {{- if or $.Values.mongos.initContainers $.Values.common.initContainers }} + initContainers: + {{- with $.Values.mongos.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: mongos + image: {{ include "mongodb-sharded.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: MONGODB_ENABLE_NUMACTL + value: {{ ternary "yes" "no" $.Values.common.mongodbEnableNumactl | quote }} + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MONGODB_SHARDING_MODE + value: "mongos" + - name: MONGODB_MAX_TIMEOUT + value: {{ .Values.common.mongodbMaxWaitTimeout | quote }} + {{- if .Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + - name: MONGODB_REPLICA_SET_KEY_FILE + value: "/bitnami/mongodb/secrets/mongodb-replica-set-key" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-replica-set-key + {{- end }} + - name: MONGODB_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- if .Values.common.useHostnames }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MONGODB_POD_NAME)" + {{- end }} + - name: MONGODB_PORT_NUMBER + value: {{ $.Values.common.containerPorts.mongo | quote }} + - name: MONGODB_CFG_PRIMARY_HOST + value: {{ include "mongodb-sharded.configServer.primaryHost" . }} + - name: MONGODB_CFG_REPLICA_SET_NAME + value: {{ include "mongodb-sharded.configServer.rsName" . }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ .Values.common.mongodbSystemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + {{- if .Values.mongodbDisableSystemLog }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_IPV6 + {{- if .Values.common.mongodbEnableIPv6 }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if .Values.common.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + {{- if .Values.mongos.mongodbExtraFlags }} + - name: MONGODB_EXTRA_FLAGS + value: {{ .Values.mongos.mongodbExtraFlags | join " " | quote }} + {{- end }} + {{- if .Values.common.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.mongos.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.mongos.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or .Values.common.extraEnvVarsCM .Values.common.extraEnvVarsSecret .Values.mongos.extraEnvVarsCM .Values.mongos.extraEnvVarsSecret }} + envFrom: + {{- if .Values.common.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.common.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.common.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- if .Values.configsvr.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.mongos.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.mongos.extraEnvVarsSecret }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.mongos.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + ports: + - name: mongodb + containerPort: {{ $.Values.common.containerPorts.mongo }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - mongo + - --disableImplicitSessions + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - mongo + - --disableImplicitSessions + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + {{- if or .Values.mongos.config .Values.mongos.configCM }} + - name: config + mountPath: /bitnami/mongodb/conf/ + {{- end }} + {{- if $.Values.common.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.mongos.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.mongos.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.mongos.resources | nindent 12 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "mongodb-sharded.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + {{- if .Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" . }} + key: mongodb-root-password + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - sh + - -ec + - |- + #!/bin/sh + {{- if .Values.usePasswordFile }} + export MONGODB_ROOT_PASSWORD="$(cat "${MONGODB_ROOT_PASSWORD_FILE}")" + {{- end }} + /bin/mongodb_exporter --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri mongodb://root:`echo $MONGODB_ROOT_PASSWORD | sed -r "s/@/%40/g;s/:/%3A/g"`@localhost:{{ .Values.service.port }}/admin{{ ternary "?ssl=true" "" $.Values.metrics.useTLS }} {{ .Values.metrics.extraArgs }} + {{- end }} + {{- if .Values.usePasswordFile }} + volumeMounts: + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.containerPort }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- with $.Values.mongos.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: secrets + secret: + secretName: {{ include "mongodb-sharded.secret" . }} + {{- end }} + {{- if or .Values.mongos.config .Values.mongos.configCM }} + - name: config + configMap: + name: {{ include "mongodb-sharded.mongos.configCM" . }} + {{- end }} + {{- if $.Values.common.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.mongos.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.mongos.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-poddisruptionbudget.yaml new file mode 100644 index 0000000..e7d30fe --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if .Values.mongos.pdb.enabled -}} +kind: PodDisruptionBudget +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }}-mongos + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongos + {{- if .Values.mongos.pdb.minAvailable }} + minAvailable: {{ .Values.mongos.pdb.minAvailable | int }} + {{- end }} + {{- if .Values.mongos.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.mongos.pdb.maxUnavailable | int }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-podmonitor.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-podmonitor.yaml new file mode 100644 index 0000000..8b1bc19 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-podmonitor.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "common.names.fullname" . }}-mongos + {{- if .Values.metrics.podMonitor.namespace }} + namespace: {{ .Values.metrics.podMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos + {{- if .Values.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: metrics + path: /metrics + {{- if .Values.metrics.podMonitor.interval }} + interval: {{ .Values.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mongos +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-service-per-replica.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-service-per-replica.yaml new file mode 100644 index 0000000..6364892 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-service-per-replica.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.mongos.useStatefulSet .Values.mongos.servicePerReplica.enabled }} +{{- range $i := until (.Values.mongos.replicas | int) }} +{{- $context := deepCopy $ | merge (dict "index" $i) }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb-sharded.serviceName" $ }}-{{ $i }} + labels: {{ include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: mongos + annotations: {{- include "common.tplvalues.render" (dict "value" $.Values.mongos.servicePerReplica.annotations "context" $context) | nindent 4 }} +spec: + type: {{ $.Values.mongos.servicePerReplica.type }} + {{- if and $.Values.mongos.servicePerReplica.loadBalancerIP (eq $.Values.mongos.servicePerReplica.type "LoadBalancer") }} + loadBalancerIP: {{ $.Values.mongos.servicePerReplica.loadBalancerIP }} + {{- end }} + {{- if and (eq $.Values.mongos.servicePerReplica.type "LoadBalancer") $.Values.mongos.servicePerReplica.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ with $.Values.mongos.servicePerReplica.loadBalancerSourceRanges }} + {{ include "common.tplvalues.render" . | nindent 4 }} + {{- end }} + {{- end }} + {{- if and (eq $.Values.mongos.servicePerReplica.type "ClusterIP") $.Values.mongos.servicePerReplica.clusterIP }} + clusterIP: {{ $.Values.mongos.servicePerReplica.clusterIP }} + {{- end }} + ports: + - name: mongodb + port: {{ $.Values.mongos.servicePerReplica.port }} + targetPort: mongodb + {{- if $.Values.mongos.servicePerReplica.nodePort }} + nodePort: {{ $.Values.mongos.servicePerReplica.nodePort }} + {{- else if eq $.Values.mongos.servicePerReplica.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if $.Values.metrics.enabled }} + - name: metrics + port: 9216 + targetPort: metrics + {{- end }} + {{- if $.Values.mongos.servicePerReplica.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.mongos.servicePerReplica.extraPorts "context" $context) | nindent 4 }} + {{- end }} + selector: {{ include "common.labels.matchLabels" $ | nindent 4 }} + app.kubernetes.io/component: mongos + statefulset.kubernetes.io/pod-name: {{ include "common.names.fullname" $ }}-mongos-{{ $i }} + sessionAffinity: {{ default "None" $.Values.mongos.servicePerReplica.sessionAffinity }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-service.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-service.yaml new file mode 100644 index 0000000..4666378 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/mongos/mongos-service.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mongodb-sharded.serviceName" . }} + labels: {{ include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: mongos + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ with .Values.service.loadBalancerSourceRanges }} +{{ toYaml . | indent 4 }} + {{- end }} + {{- end }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + ports: + - name: mongodb + port: {{ .Values.service.port }} + targetPort: mongodb + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: 9216 + targetPort: metrics + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: mongos + sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/replicaset-entrypoint-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/replicaset-entrypoint-configmap.yaml new file mode 100644 index 0000000..7df7c0e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/replicaset-entrypoint-configmap.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-replicaset-entrypoint + labels: {{- include "common.labels.standard" . | nindent 4 }} +data: + replicaset-entrypoint.sh: |- + #!/bin/bash + + sleep 5 + + . /liblog.sh + + # Perform adaptations depending on the host name + if [[ $HOSTNAME =~ (.*)-0$ ]]; then + info "Setting node as primary" + export MONGODB_REPLICA_SET_MODE=primary + else + info "Setting node as secondary" + export MONGODB_REPLICA_SET_MODE=secondary + {{- if .Values.usePasswordFile }} + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD_FILE="$MONGODB_ROOT_PASSWORD_FILE" + unset MONGODB_ROOT_PASSWORD_FILE + {{- else }} + export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD" + unset MONGODB_ROOT_PASSWORD + {{- end }} + fi + + exec /entrypoint.sh /run.sh diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/secrets.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/secrets.yaml new file mode 100644 index 0000000..f7839ae --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/secrets.yaml @@ -0,0 +1,30 @@ +{{- if not .Values.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} +type: Opaque +data: + {{- if .Values.configsvr.external.rootPassword }} + mongodb-root-password: {{ .Values.configsvr.external.rootPassword | b64enc | quote }} + {{- else if .Values.mongodbRootPassword }} + mongodb-root-password: {{ .Values.mongodbRootPassword | b64enc | quote }} + {{- else }} + mongodb-root-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} + {{- if and .Values.mongodbUsername .Values.mongodbDatabase }} + {{- if .Values.mongodbPassword }} + mongodb-password: {{ .Values.mongodbPassword | b64enc | quote }} + {{- else }} + mongodb-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} + {{- end }} + {{- if .Values.configsvr.external.replicasetKey }} + mongodb-replica-set-key: {{ .Values.configsvr.external.replicasetKey | b64enc | quote }} + {{- else if .Values.replicaSetKey }} + mongodb-replica-set-key: {{ .Values.replicaSetKey | b64enc | quote }} + {{- else }} + mongodb-replica-set-key: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/serviceaccount.yaml new file mode 100644 index 0000000..676c09a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.common.serviceAccount "context" $) }} +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.mongos.serviceAccount "context" $) }} +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.configsvr.serviceAccount "context" $) }} +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.shardsvr.arbiter.serviceAccount "context" $) }} +{{ include "mongodb-sharded.serviceaccount" (dict "value" .Values.shardsvr.dataNode.serviceAccount "context" $) }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-arbiter-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-arbiter-configmap.yaml new file mode 100644 index 0000000..ef84cb5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-arbiter-configmap.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.shards .Values.shardsvr.arbiter.replicas .Values.shardsvr.arbiter.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-shardsvr-arbiter + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: shardsvr-arbiter +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.shardsvr.arbiter.config "context" $) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-arbiter-statefulset.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-arbiter-statefulset.yaml new file mode 100644 index 0000000..c48dfe0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-arbiter-statefulset.yaml @@ -0,0 +1,337 @@ +{{- if and .Values.shards .Values.shardsvr.arbiter.replicas }} +{{- $replicas := $.Values.shards | int }} +{{- range $i, $e := until $replicas }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ printf "%s-shard%d-arbiter" (include "common.names.fullname" $ ) $i }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: shardsvr-arbiter +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: shardsvr-arbiter + podManagementPolicy: {{ $.Values.shardsvr.arbiter.podManagementPolicy }} + updateStrategy: {{- toYaml $.Values.shardsvr.arbiter.updateStrategy | nindent 4 }} + serviceName: {{ include "common.names.fullname" $ }}-headless + replicas: {{ $.Values.shardsvr.arbiter.replicas }} + template: + metadata: + labels: {{- include "common.labels.standard" $ | nindent 8 }} + app.kubernetes.io/component: shardsvr-arbiter + {{- if $.Values.shardsvr.arbiter.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.podLabels "context" $ ) | nindent 8 }} + {{- end }} + shard: {{ $i | quote }} + {{- if or $.Values.common.podAnnotations $.Values.shardsvr.arbiter.podAnnotations $.Values.metrics.enabled }} + annotations: + {{- if $.Values.common.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.metrics.enabled }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + serviceAccountName: {{ include "mongodb-sharded.serviceAccountName" (dict "value" $.Values.shardsvr.arbiter.serviceAccount "context" $) }} + {{- if $.Values.common.schedulerName }} + schedulerName: {{ $.Values.common.schedulerName | quote }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.arbiter.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.arbiter.affinity "context" (set $ "arbiterLoopId" $i)) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.shardsvr.arbiter.podAffinityPreset "component" "shardsvr-arbiter" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.shardsvr.arbiter.podAntiAffinityPreset "component" "shardsvr-arbiter" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.shardsvr.arbiter.nodeAffinityPreset.type "key" $.Values.shardsvr.arbiter.nodeAffinityPreset.key "values" $.Values.shardsvr.arbiter.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.arbiter.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.arbiter.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.priorityClassName }} + priorityClassName: {{ $.Values.shardsvr.arbiter.priorityClassName | quote }} + {{- end }} + {{- if $.Values.securityContext.enabled }} + securityContext: + fsGroup: {{ $.Values.securityContext.fsGroup }} + {{- end }} + {{- include "mongodb-sharded.imagePullSecrets" $ | nindent 6 }} + {{- if or $.Values.shardsvr.arbiter.initContainers $.Values.common.initContainers }} + initContainers: + {{- with $.Values.shardsvr.arbiter.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: {{ include "common.names.fullname" $ }}-arbiter + image: {{ include "mongodb-sharded.image" $ }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- if $.Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ $.Values.securityContext.runAsNonRoot }} + runAsUser: {{ $.Values.securityContext.runAsUser }} + {{- end }} + ports: + - containerPort: {{ $.Values.common.containerPorts.mongo }} + name: mongodb + env: + - name: MONGODB_ENABLE_NUMACTL + value: {{ ternary "yes" "no" $.Values.common.mongodbEnableNumactl | quote }} + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ $.Values.common.mongodbSystemLogVerbosity | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + {{- if $.Values.common.mongodbDisableSystemLog }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MONGODB_MAX_TIMEOUT + value: {{ $.Values.common.mongodbMaxWaitTimeout | quote }} + - name: MONGODB_SHARDING_MODE + value: "shardsvr" + - name: MONGODB_REPLICA_SET_MODE + value: "arbiter" + - name: MONGODB_PORT_NUMBER + value: {{ $.Values.common.containerPorts.mongo | quote }} + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-shard%d-data-0.%s-headless.%s.svc.%s" (include "common.names.fullname" $ ) $i (include "common.names.fullname" $ ) $.Release.Namespace $.Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ printf "%s-shard-%d" ( include "common.names.fullname" $ ) $i }} + {{- if $.Values.common.useHostnames }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MONGODB_POD_NAME).{{ include "common.names.fullname" $ }}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}" + {{- end }} + - name: MONGODB_ENABLE_IPV6 + {{- if $.Values.common.mongodbEnableIPv6 }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if $.Values.common.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + - name: MONGODB_REPLICA_SET_KEY_FILE + value: "/bitnami/mongodb/secrets/mongodb-replica-set-key" + {{- else }} + - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-replica-set-key + {{- end }} + {{- if $.Values.shardsvr.arbiter.mongodbExtraFlags }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $.Values.shardsvr.arbiter.mongodbExtraFlags | join " " | quote }} + {{- end }} + {{- if $.Values.common.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or $.Values.common.extraEnvVarsCM $.Values.common.extraEnvVarsSecret $.Values.shardsvr.arbiter.extraEnvVarsCM $.Values.shardsvr.arbiter.extraEnvVarsSecret }} + envFrom: + {{- if $.Values.common.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if $.Values.common.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraEnvVarsSecret }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: mongodb + initialDelaySeconds: {{ $.Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ $.Values.livenessProbe.successThreshold }} + failureThreshold: {{ $.Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if $.Values.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: mongodb + initialDelaySeconds: {{ $.Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ $.Values.readinessProbe.successThreshold }} + failureThreshold: {{ $.Values.readinessProbe.failureThreshold }} + {{- end }} + {{- end }} + volumeMounts: + {{- if or $.Values.shardsvr.arbiter.config $.Values.shardsvr.arbiter.configCM }} + - name: config + mountPath: /bitnami/mongodb/conf/ + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + {{- if $.Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + mountPath: /docker-entrypoint-initdb.d/cm + {{- end }} + {{- if $.Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if $.Values.common.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + resources: {{- toYaml $.Values.shardsvr.arbiter.resources | nindent 12 }} + {{- if $.Values.metrics.enabled }} + - name: metrics + image: {{ include "mongodb-sharded.metrics.image" $ }} + imagePullPolicy: {{ $.Values.metrics.image.pullPolicy | quote }} + {{- if $.Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ $.Values.securityContext.runAsNonRoot }} + runAsUser: {{ $.Values.securityContext.runAsUser }} + {{- end }} + env: + {{- if $.Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-root-password + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - sh + - -ec + - |- + #!/bin/sh + {{- if $.Values.usePasswordFile }} + export MONGODB_ROOT_PASSWORD="$(cat "${MONGODB_ROOT_PASSWORD_FILE}")" + {{- end }} + /bin/mongodb_exporter --web.listen-address ":{{ $.Values.metrics.containerPort }}" --mongodb.uri mongodb://root:`echo $MONGODB_ROOT_PASSWORD | sed -r "s/@/%40/g;s/:/%3A/g"`@localhost:{{ $.Values.service.port }}/admin{{ ternary "?ssl=true" "" $.Values.metrics.useTLS }} {{ $.Values.metrics.extraArgs }} + {{- end }} + {{- if $.Values.usePasswordFile }} + volumeMounts: + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + ports: + - name: metrics + containerPort: {{ $.Values.metrics.containerPort }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ $.Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.metrics.livenessProbe.timeoutSeconds }} + failureThreshold: {{ $.Values.metrics.livenessProbe.failureThreshold }} + successThreshold: {{ $.Values.metrics.livenessProbe.successThreshold }} + {{- end }} + {{- if $.Values.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ $.Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.metrics.readinessProbe.timeoutSeconds }} + failureThreshold: {{ $.Values.metrics.readinessProbe.failureThreshold }} + successThreshold: {{ $.Values.metrics.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + resources: {{ toYaml $.Values.metrics.resources | nindent 12 }} + {{- end }} + {{- with $.Values.shardsvr.arbiter.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if or $.Values.shardsvr.arbiter.config $.Values.shardsvr.arbiter.configCM }} + - name: config + configMap: + name: {{ include "mongodb-sharded.shardsvr.arbiter.configCM" $ }} + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: secrets + secret: + secretName: {{ include "mongodb-sharded.secret" $ }} + {{- end }} + {{- if $.Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + configMap: + name: {{ include "mongodb-sharded.initScriptsCM" $ }} + defaultMode: 0755 + {{- end }} + {{- if $.Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ include "mongodb-sharded.initScriptsSecret" $ }} + defaultMode: 0755 + {{- end }} + {{- if $.Values.common.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.arbiter.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.arbiter.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} +{{- if lt $i (sub $replicas 1) }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-configmap.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-configmap.yaml new file mode 100644 index 0000000..95ac001 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-configmap.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.shards .Values.shardsvr.dataNode.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-shardsvr-data + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: shardsvr +data: + mongodb.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.shardsvr.dataNode.config "context" $) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-poddisruptionbudget.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-poddisruptionbudget.yaml new file mode 100644 index 0000000..3cd357e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-poddisruptionbudget.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.shards .Values.shardsvr.dataNode.pdb.enabled -}} +{{- $replicas := .Values.shards | int -}} +{{- range $i, $e := until $replicas -}} +kind: PodDisruptionBudget +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +metadata: + name: {{ printf "%s-shard%d-data" (include "common.names.fullname" $ ) $i }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: shardsvr +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: shardsvr + shard: {{ $i | quote }} + {{- if $.Values.shardsvr.dataNode.pdb.minAvailable }} + minAvailable: {{ $.Values.shardsvr.dataNode.pdb.minAvailable | int }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.pdb.maxUnavailable }} + maxUnavailable: {{ $.Values.shardsvr.dataNode.pdb.maxUnavailable | int }} + {{- end }} +--- +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-podmonitor.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-podmonitor.yaml new file mode 100644 index 0000000..3c689fc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-podmonitor.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.shards .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} +{{- $replicas := .Values.shards | int }} +{{- range $i, $e := until $replicas }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ printf "%s-shard%d-data" (include "common.names.fullname" $ ) $i }} + {{- if $.Values.metrics.podMonitor.namespace }} + namespace: {{ $.Values.metrics.podMonitor.namespace }} + {{- else }} + namespace: {{ $.Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: shardsvr + {{- if $.Values.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" $.Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: metrics + path: /metrics + {{- if $.Values.metrics.podMonitor.interval }} + interval: {{ $.Values.metrics.podMonitor.interval }} + {{- end }} + {{- if $.Values.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ $.Values.metrics.podMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ $.Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: shardsvr +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-statefulset.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-statefulset.yaml new file mode 100644 index 0000000..f1f04d2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/templates/shard/shard-data-statefulset.yaml @@ -0,0 +1,387 @@ +{{- if .Values.shards }} +{{- $replicas := .Values.shards | int }} +{{- range $i, $e := until $replicas }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ printf "%s-shard%d-data" (include "common.names.fullname" $ ) $i }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: shardsvr +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} + app.kubernetes.io/component: shardsvr + podManagementPolicy: {{ $.Values.shardsvr.dataNode.podManagementPolicy }} + updateStrategy: {{- toYaml $.Values.shardsvr.dataNode.updateStrategy | nindent 4 }} + serviceName: {{ include "common.names.fullname" $ }}-headless + replicas: {{ $.Values.shardsvr.dataNode.replicas }} + template: + metadata: + labels: {{- include "common.labels.standard" $ | nindent 8 }} + app.kubernetes.io/component: shardsvr + {{- if $.Values.shardsvr.dataNode.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.podLabels "context" $ ) | nindent 8 }} + {{- end }} + shard: {{ $i | quote }} + {{- if or $.Values.common.podAnnotations $.Values.shardsvr.dataNode.podAnnotations $.Values.metrics.enabled }} + annotations: + {{- if $.Values.common.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.metrics.enabled }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if $.Values.common.schedulerName }} + schedulerName: {{ $.Values.common.schedulerName | quote }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.dataNode.affinity "context" (set $ "dataNodeLoopId" $i)) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.shardsvr.dataNode.podAffinityPreset "component" "shardsvr" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.shardsvr.dataNode.podAntiAffinityPreset "component" "shardsvr" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.shardsvr.dataNode.nodeAffinityPreset.type "key" $.Values.shardsvr.dataNode.nodeAffinityPreset.key "values" $.Values.shardsvr.dataNode.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.dataNode.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.dataNode.nodeSelector "context" (set $ "dataNodeLoopId" $i)) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.shardsvr.dataNode.tolerations "context" (set $ "dataNodeLoopId" $i)) | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "mongodb-sharded.serviceAccountName" (dict "value" $.Values.shardsvr.dataNode.serviceAccount "context" $) }} + {{- if $.Values.shardsvr.dataNode.priorityClassName }} + priorityClassName: {{ $.Values.shardsvr.dataNode.priorityClassName | quote }} + {{- end }} + {{- if $.Values.securityContext.enabled }} + securityContext: + fsGroup: {{ $.Values.securityContext.fsGroup }} + {{- end }} + {{- include "mongodb-sharded.imagePullSecrets" $ | nindent 6 }} + initContainers: + {{- if and $.Values.volumePermissions.enabled $.Values.shardsvr.persistence.enabled }} + - name: volume-permissions + image: {{ include "mongodb-sharded.volumePermissions.image" $ }} + imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} + command: ["chown", "-R", "{{ $.Values.securityContext.runAsUser }}:{{ $.Values.securityContext.fsGroup }}", "{{ $.Values.shardsvr.persistence.mountPath }}"] + securityContext: + runAsUser: 0 + resources: {{ toYaml $.Values.volumePermissions.resources | nindent 12 }} + volumeMounts: + - name: datadir + mountPath: {{ $.Values.shardsvr.persistence.mountPath }} + {{- end }} + {{- with $.Values.shardsvr.dataNode.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: mongodb + image: {{ include "mongodb-sharded.image" $ }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- if $.Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ $.Values.securityContext.runAsNonRoot }} + runAsUser: {{ $.Values.securityContext.runAsUser }} + {{- end }} + ports: + - containerPort: {{ $.Values.common.containerPorts.mongo }} + name: mongodb + env: + - name: MONGODB_ENABLE_NUMACTL + value: {{ ternary "yes" "no" $.Values.common.mongodbEnableNumactl | quote }} + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} + - name: MONGODB_SYSTEM_LOG_VERBOSITY + value: {{ $.Values.common.mongodbSystemLogVerbosity | quote }} + - name: MONGODB_MAX_TIMEOUT + value: {{ $.Values.common.mongodbMaxWaitTimeout | quote }} + - name: MONGODB_DISABLE_SYSTEM_LOG + {{- if $.Values.mongodbDisableSystemLog }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_PORT_NUMBER + value: {{ $.Values.common.containerPorts.mongo | quote }} + - name: MONGODB_SHARDING_MODE + value: "shardsvr" + - name: MONGODB_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MONGODB_MONGOS_HOST + value: {{ include "mongodb-sharded.serviceName" $ }} + - name: MONGODB_MONGOS_PORT_NUMBER + value: {{ $.Values.service.port | quote }} + - name: MONGODB_INITIAL_PRIMARY_HOST + value: {{ printf "%s-shard%d-data-0.%s-headless.%s.svc.%s" (include "common.names.fullname" $ ) $i (include "common.names.fullname" $ ) $.Release.Namespace $.Values.clusterDomain }} + - name: MONGODB_REPLICA_SET_NAME + value: {{ printf "%s-shard-%d" ( include "common.names.fullname" $ ) $i }} + {{- if $.Values.common.useHostnames }} + - name: MONGODB_ADVERTISED_HOSTNAME + value: "$(MONGODB_POD_NAME).{{ include "common.names.fullname" $ }}-headless.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}" + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + - name: MONGODB_REPLICA_SET_KEY_FILE + value: "/bitnami/mongodb/secrets/mongodb-replica-set-key" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-root-password + - name: MONGODB_REPLICA_SET_KEY + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-replica-set-key + {{- end }} + - name: MONGODB_ENABLE_IPV6 + {{- if $.Values.common.mongodbEnableIPv6 }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if $.Values.common.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} + {{- if $.Values.shardsvr.dataNode.mongodbExtraFlags }} + - name: MONGODB_EXTRA_FLAGS + value: {{ $.Values.shardsvr.dataNode.mongodbExtraFlags | join " " | quote }} + {{- end }} + {{- if $.Values.common.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or $.Values.common.extraEnvVarsCM $.Values.common.extraEnvVarsSecret $.Values.shardsvr.dataNode.extraEnvVarsCM $.Values.shardsvr.dataNode.extraEnvVarsSecret }} + envFrom: + {{- if $.Values.common.extraEnvVarsCM }} + - configMapRef: + name: {{ include "mongodb-sharded.tplValue" ( dict "value" $.Values.common.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if $.Values.common.extraEnvVarsSecret }} + - secretRef: + name: {{ include "mongodb-sharded.tplValue" ( dict "value" $.Values.common.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraEnvVarsCM }} + - configMapRef: + name: {{ include "mongodb-sharded.tplValue" ( dict "value" $.Values.shardsvr.dataNode.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraEnvVarsSecret }} + - secretRef: + name: {{ include "mongodb-sharded.tplValue" ( dict "value" $.Values.shardsvr.dataNode.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - /entrypoint/replicaset-entrypoint.sh + {{- end }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - pgrep + - mongod + initialDelaySeconds: {{ $.Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ $.Values.livenessProbe.successThreshold }} + failureThreshold: {{ $.Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if $.Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - mongo + - --disableImplicitSessions + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ $.Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ $.Values.readinessProbe.successThreshold }} + failureThreshold: {{ $.Values.readinessProbe.failureThreshold }} + {{- end }} + {{- end }} + volumeMounts: + - name: replicaset-entrypoint-configmap + mountPath: /entrypoint + - name: datadir + mountPath: {{ $.Values.shardsvr.persistence.mountPath }} + {{- if or $.Values.shardsvr.dataNode.config $.Values.shardsvr.dataNode.configCM }} + - name: config + mountPath: /bitnami/mongodb/conf/ + {{- end }} + {{- if $.Values.usePasswordFile }} + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + {{- if $.Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + mountPath: /docker-entrypoint-initdb.d/cm + {{- end }} + {{- if $.Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if $.Values.common.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + resources: {{- toYaml $.Values.shardsvr.dataNode.resources | nindent 12 }} + {{- if $.Values.metrics.enabled }} + - name: metrics + image: {{ include "mongodb-sharded.metrics.image" $ }} + imagePullPolicy: {{ $.Values.metrics.image.pullPolicy | quote }} + {{- if $.Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ $.Values.securityContext.runAsNonRoot }} + runAsUser: {{ $.Values.securityContext.runAsUser }} + {{- end }} + env: + {{- if $.Values.usePasswordFile }} + - name: MONGODB_ROOT_PASSWORD_FILE + value: "/bitnami/mongodb/secrets/mongodb-root-password" + {{- else }} + - name: MONGODB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "mongodb-sharded.secret" $ }} + key: mongodb-root-password + {{- end }} + {{- if $.Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - sh + - -ec + - |- + #!/bin/sh + {{- if $.Values.usePasswordFile }} + export MONGODB_ROOT_PASSWORD="$(cat "${MONGODB_ROOT_PASSWORD_FILE}")" + {{- end }} + /bin/mongodb_exporter --web.listen-address ":{{ $.Values.metrics.containerPort }}" --mongodb.uri mongodb://root:`echo $MONGODB_ROOT_PASSWORD | sed -r "s/@/%40/g;s/:/%3A/g"`@localhost:{{ $.Values.service.port }}/admin{{ ternary "?ssl=true" "" $.Values.metrics.useTLS }} {{ $.Values.metrics.extraArgs }} + {{- end }} + {{- if $.Values.usePasswordFile }} + volumeMounts: + - name: secrets + mountPath: /bitnami/mongodb/secrets/ + {{- end }} + ports: + - name: metrics + containerPort: {{ $.Values.metrics.containerPort }} + {{- if not $.Values.diagnosticMode.enabled }} + {{- if $.Values.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ $.Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.metrics.livenessProbe.timeoutSeconds }} + failureThreshold: {{ $.Values.metrics.livenessProbe.failureThreshold }} + successThreshold: {{ $.Values.metrics.livenessProbe.successThreshold }} + {{- end }} + {{- if $.Values.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ $.Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $.Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $.Values.metrics.readinessProbe.timeoutSeconds }} + failureThreshold: {{ $.Values.metrics.readinessProbe.failureThreshold }} + successThreshold: {{ $.Values.metrics.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + resources: {{ toYaml $.Values.metrics.resources | nindent 12 }} + {{- end }} + {{- with $.Values.shardsvr.dataNode.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + {{- with $.Values.common.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- end }} + volumes: + - name: replicaset-entrypoint-configmap + configMap: + name: {{ include "common.names.fullname" $ }}-replicaset-entrypoint + {{- if $.Values.usePasswordFile }} + - name: secrets + secret: + secretName: {{ include "mongodb-sharded.secret" $ }} + {{- end }} + {{- if $.Values.common.initScriptsCM }} + - name: custom-init-scripts-cm + configMap: + name: {{ include "mongodb-sharded.initScriptsCM" $ }} + defaultMode: 0755 + {{- end }} + {{- if $.Values.common.initScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ include "mongodb-sharded.initScriptsSecret" $ }} + defaultMode: 0755 + {{- end }} + {{- if or $.Values.shardsvr.dataNode.config $.Values.shardsvr.dataNode.configCM }} + - name: config + configMap: + name: {{ include "mongodb-sharded.shardsvr.dataNode.configCM" $ }} + {{- end }} + {{- if $.Values.common.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.common.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.dataNode.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.shardsvr.dataNode.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if $.Values.shardsvr.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: datadir + annotations: + {{- range $key, $value := $.Values.shardsvr.persistence.annotations }} + {{ $key }}: "{{ $value }}" + {{- end }} + spec: + accessModes: + {{- range $.Values.shardsvr.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ $.Values.shardsvr.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" $.Values.shardsvr.persistence "global" $.Values.global) | nindent 8 }} + {{- else }} + - name: datadir + emptyDir: {} + {{- end }} +{{- if lt $i (sub $replicas 1) }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/mongo-manifest/values.yaml b/packer/ansible/roles/helm_install/files/mongo-manifest/values.yaml new file mode 100644 index 0000000..caf1b40 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/mongo-manifest/values.yaml @@ -0,0 +1,1217 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global storage class for dynamic provisioning +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters +## + +## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override mongodb.fullname template +## +fullnameOverride: "" +## @param clusterDomain Kubernetes Cluster Domain +## ref: https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#introduction +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section MongoDB(®) Sharded parameters +## + +## Bitnami MongoDB(®) Sharded image version +## ref: https://hub.docker.com/r/bitnami/mongodb-sharded/tags/ +## @param image.registry MongoDB(®) Sharded image registry +## @param image.repository MongoDB(®) Sharded Image name +## @param image.tag MongoDB(®) Sharded image tag (immutable tags are recommended) +## @param image.pullPolicy MongoDB(®) Sharded image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: bitnami/mongodb-sharded + tag: 4.4.13-debian-10-r5 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## MongoDB® credentials +## @param mongodbRootPassword MongoDB® root password +## If set to null it will be randomly generated +## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run +## e.g: +## mongodbRootPassword: password +## +mongodbRootPassword: "" +## @param replicaSetKey Replica Set key (shared for shards and config servers) +## e.g: +## replicaSetKey: testkey123 +## +replicaSetKey: "" +## @param existingSecret Existing secret with MongoDB® credentials +## e.g: +## existingSecret: name-of-existing-secret +## +existingSecret: "" +## @param usePasswordFile Mount credentials as files instead of using environment variables +## +usePasswordFile: false +## @param shards Number of shards to be created +## ref: https://docs.mongodb.com/manual/core/sharded-cluster-shards/ +## +shards: 2 +## Properties for all of the pods in the cluster (shards, config servers and mongos) +## +common: + ## @param common.mongodbEnableNumactl Enable launch MongoDB instance prefixed with "numactl --interleave=all" + ## ref: https://docs.mongodb.com/manual/administration/production-notes/#mongodb-and-numa-hardware + ## + mongodbEnableNumactl: false + ## @param common.useHostnames Enable DNS hostnames in the replica set config + ## + useHostnames: true + ## @param common.mongodbEnableIPv6 Switch to enable/disable IPv6 on MongoDB® + ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-ipv6 + ## + mongodbEnableIPv6: false + ## @param common.mongodbDirectoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB® + ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-directoryperdb + ## + mongodbDirectoryPerDB: false + ## @param common.mongodbSystemLogVerbosity MongoDB® system log verbosity level + ## ref: https://docs.mongodb.com/manual/reference/program/mongo/#cmdoption-mongo-ipv6 + ## + mongodbSystemLogVerbosity: 0 + ## @param common.mongodbDisableSystemLog Whether to disable MongoDB® system log or not + ## ref: https://github.com/bitnami/bitnami-docker-mongodb#configuring-system-log-verbosity-level + ## + mongodbDisableSystemLog: false + ## @param common.mongodbMaxWaitTimeout Maximum time (in seconds) for MongoDB® nodes to wait for another MongoDB® node to be ready + ## + mongodbMaxWaitTimeout: 120 + ## @param common.initScriptsCM Configmap with init scripts to execute + ## + initScriptsCM: "" + ## @param common.initScriptsSecret Secret with init scripts to execute (for sensitive data) + ## + initScriptsSecret: "" + ## @param common.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param common.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param common.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param common.sidecars Add sidecars to the pod + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param common.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param common.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param common.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param common.extraVolumes Array to add extra volumes + ## + extraVolumes: [] + ## @param common.extraVolumeMounts Array to add extra mounts (normally used with extraVolumes) + ## + extraVolumeMounts: [] + ## @param common.containerPorts.mongo MongoDB container port + ## + containerPorts: + mongo: 27017 + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param common.serviceAccount.create Whether to create a Service Account for all pods automatically + ## + create: false + ## @param common.serviceAccount.name Name of a Service Account to be used by all Pods + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image name + ## @param volumePermissions.image.tag Init container volume-permissions image tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r358 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param volumePermissions.resources Init container resource requests/limit + ## + resources: {} +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## @param securityContext.enabled Enable security context +## @param securityContext.fsGroup Group ID for the container +## @param securityContext.runAsUser User ID for the container +## @param securityContext.runAsNonRoot Run containers as non-root users +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + runAsNonRoot: true +## Kubernetes service type +## ref: https://kubernetes.io/docs/concepts/services-networking/service/ +## +service: + ## @param service.name Specify an explicit service name + ## + name: "" + ## @param service.annotations Additional service annotations (evaluate as a template) + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + ## @param service.type Service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ## + type: ClusterIP + ## @param service.externalTrafficPolicy External traffic policy + ## Enable client source IP preservation + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ## + externalTrafficPolicy: Cluster + ## @param service.port MongoDB® service port + ## + port: 27017 + ## @param service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#servicespec-v1-core + ## + clusterIP: "" + ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## @param service.externalIPs External IP list to use with ClusterIP service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param service.loadBalancerIP Static IP Address to use for LoadBalancer service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges List of IP ranges allowed access to load balancer (if supported) + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + loadBalancerSourceRanges: [] + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same mongos Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None +## Configure extra options for liveness probes +## This applies to all the MongoDB® in the sharded cluster +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Configure extra options for readiness probe +## This applies to all the MongoDB® in the sharded cluster +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## @section Config Server parameters +## + +## Config Server replica set properties +## ref: https://docs.mongodb.com/manual/core/sharded-cluster-config-servers/ +## +configsvr: + ## @param configsvr.replicas Number of nodes in the replica set (the first node will be primary) + ## + replicas: 1 + ## @param configsvr.resources Configure pod resources + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param configsvr.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param configsvr.mongodbExtraFlags MongoDB® additional command line flags + ## Can be used to specify command line flags, for example: + ## mongodbExtraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + mongodbExtraFlags: [] + ## @param configsvr.priorityClassName Pod priority class name + ## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param configsvr.podAffinityPreset Config Server Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param configsvr.podAntiAffinityPreset Config Server Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param configsvr.nodeAffinityPreset.type Config Server Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param configsvr.nodeAffinityPreset.key Config Server Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param configsvr.nodeAffinityPreset.values Config Server Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param configsvr.affinity Config Server Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: configsvr.podAffinityPreset, configsvr.podAntiAffinityPreset, and configsvr.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param configsvr.nodeSelector Config Server Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param configsvr.tolerations Config Server Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param configsvr.podManagementPolicy Statefulset's pod management policy, allows parallel startup of pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param configsvr.updateStrategy.type updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param configsvr.config MongoDB® configuration file + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + config: "" + ## @param configsvr.configCM ConfigMap name with Config Server configuration file (cannot be used with configsvr.config) + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configCM: "" + ## @param configsvr.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param configsvr.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param configsvr.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param configsvr.sidecars Add sidecars to the pod + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param configsvr.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param configsvr.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param configsvr.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param configsvr.extraVolumes Array to add extra volumes. Requires setting `extraVolumeMounts` + ## + extraVolumes: [] + ## @param configsvr.extraVolumeMounts Array to add extra mounts (normally used with extraVolumes). Normally used with `extraVolumes` + ## + extraVolumeMounts: [] + ## @param configsvr.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## Pod disruption budget + ## + pdb: + ## @param configsvr.pdb.enabled Enable pod disruption budget + ## + enabled: false + ## @param configsvr.pdb.minAvailable Minimum number of available config pods allowed (`0` to disable) + ## + minAvailable: 0 + ## @param configsvr.pdb.maxUnavailable Maximum number of unavailable config pods allowed (`0` to disable) + ## + maxUnavailable: 1 + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param configsvr.persistence.enabled Use a PVC to persist data + ## + enabled: true + ## @param configsvr.persistence.mountPath Path to mount the volume at + ## MongoDB® images. + ## + mountPath: /bitnami/mongodb + ## @param configsvr.persistence.subPath Subdirectory of the volume to mount at + ## Useful in dev environments and one PV for multiple services. + ## + subPath: "" + ## @param configsvr.persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param configsvr.persistence.accessModes Use volume as ReadOnly or ReadWrite + ## + accessModes: + - ReadWriteOnce + ## @param configsvr.persistence.size PersistentVolumeClaim size + ## + size: 8Gi + ## @param configsvr.persistence.annotations Persistent Volume annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param configsvr.serviceAccount.create Specifies whether a ServiceAccount should be created for Config Server + ## + create: false + ## @param configsvr.serviceAccount.name Name of a Service Account to be used by Config Server + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + ## Use a external config server instead of deploying one + ## + external: + ## @param configsvr.external.host Primary node of an external Config Server replicaset + ## + host: "" + ## @param configsvr.external.rootPassword Root password of the external Config Server replicaset + ## + rootPassword: "" + ## @param configsvr.external.replicasetName Replicaset name of an external Config Server + ## + replicasetName: "" + ## @param configsvr.external.replicasetKey Replicaset key of an external Config Server + ## + replicasetKey: "" + +## @section Mongos parameters +## + +## Mongos properties +## ref: https://docs.mongodb.com/manual/reference/program/mongos/#bin.mongos +## +mongos: + ## @param mongos.replicas Number of replicas + ## + replicas: 1 + ## @param mongos.resources Configure pod resources + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param mongos.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param mongos.mongodbExtraFlags MongoDB® additional command line flags + ## Can be used to specify command line flags, for example: + ## mongodbExtraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + mongodbExtraFlags: [] + ## @param mongos.priorityClassName Pod priority class name + ## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param mongos.podAffinityPreset Mongos Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param mongos.podAntiAffinityPreset Mongos Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param mongos.nodeAffinityPreset.type Mongos Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param mongos.nodeAffinityPreset.key Mongos Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param mongos.nodeAffinityPreset.values Mongos Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param mongos.affinity Mongos Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: mongos.podAffinityPreset, mongos.podAntiAffinityPreset, and mongos.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param mongos.nodeSelector Mongos Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param mongos.tolerations Mongos Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param mongos.podManagementPolicy Statefulsets pod management policy, allows parallel startup of pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param mongos.updateStrategy.type updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param mongos.config MongoDB® configuration file + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + config: "" + ## @param mongos.configCM ConfigMap name with MongoDB® configuration file (cannot be used with mongos.config) + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configCM: "" + ## @param mongos.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param mongos.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param mongos.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param mongos.sidecars Add sidecars to the pod + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param mongos.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param mongos.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param mongos.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param mongos.extraVolumes Array to add extra volumes. Requires setting `extraVolumeMounts` + ## + extraVolumes: [] + ## @param mongos.extraVolumeMounts Array to add extra volume mounts. Normally used with `extraVolumes`. + ## + extraVolumeMounts: [] + ## @param mongos.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param mongos.useStatefulSet Use StatefulSet instead of Deployment + ## + useStatefulSet: false + ## When using a statefulset, you can enable one service per replica + ## This is useful when exposing the mongos through load balancers to make sure clients + ## connect to the same mongos and therefore can follow their cursors + ## + servicePerReplica: + ## @param mongos.servicePerReplica.enabled Create one service per mongos replica (must be used with statefulset) + ## + enabled: false + ## @param mongos.servicePerReplica.annotations Additional service annotations (evaluate as a template) + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + ## @param mongos.servicePerReplica.type Service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ## + type: ClusterIP + ## @param mongos.servicePerReplica.externalTrafficPolicy External traffic policy + ## Enable client source IP preservation + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ## + externalTrafficPolicy: Cluster + ## @param mongos.servicePerReplica.port MongoDB® service port + ## + port: 27017 + ## @param mongos.servicePerReplica.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#servicespec-v1-core + ## + clusterIP: "" + ## @param mongos.servicePerReplica.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## @param mongos.servicePerReplica.externalIPs External IP list to use with ClusterIP service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param mongos.servicePerReplica.loadBalancerIP Static IP Address to use for LoadBalancer service type + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + loadBalancerIP: "" + ## @param mongos.servicePerReplica.loadBalancerSourceRanges List of IP ranges allowed access to load balancer (if supported) + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + loadBalancerSourceRanges: [] + ## @param mongos.servicePerReplica.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param mongos.servicePerReplica.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same mongos Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## Pod disruption budget + ## + pdb: + ## @param mongos.pdb.enabled Enable pod disruption budget + ## + enabled: false + ## @param mongos.pdb.minAvailable Minimum number of available mongo pods allowed (`0` to disable) + ## + minAvailable: 0 + ## @param mongos.pdb.maxUnavailable Maximum number of unavailable mongo pods allowed (`0` to disable) + ## + maxUnavailable: 1 + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param mongos.serviceAccount.create Whether to create a Service Account for mongos automatically + ## + create: false + ## @param mongos.serviceAccount.name Name of a Service Account to be used by mongos + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + +## @section Shard configuration: Data node parameters +## + +## Shard replica set properties +## ref: https://docs.mongodb.com/manual/replication/index.html +## +shardsvr: + ## Properties for data nodes (primary and secondary) + ## + dataNode: + ## @param shardsvr.dataNode.replicas Number of nodes in each shard replica set (the first node will be primary) + ## + replicas: 1 + ## @param shardsvr.dataNode.resources Configure pod resources + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param shardsvr.dataNode.mongodbExtraFlags MongoDB® additional command line flags + ## Can be used to specify command line flags, for example: + ## mongodbExtraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + mongodbExtraFlags: [] + ## @param shardsvr.dataNode.priorityClassName Pod priority class name + ## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param shardsvr.dataNode.podAffinityPreset Data nodes Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param shardsvr.dataNode.podAntiAffinityPreset Data nodes Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param shardsvr.dataNode.nodeAffinityPreset.type Data nodes Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param shardsvr.dataNode.nodeAffinityPreset.key Data nodes Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param shardsvr.dataNode.nodeAffinityPreset.values Data nodes Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param shardsvr.dataNode.affinity Data nodes Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## You can set dataNodeLoopId (or any other parameter) by setting the below code block under this 'affinity' section: + ## affinity: + ## matchLabels: + ## shard: "{{ .dataNodeLoopId }}" + ## + ## Note: shardsvr.dataNode.podAffinityPreset, shardsvr.dataNode.podAntiAffinityPreset, and shardsvr.dataNode.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param shardsvr.dataNode.nodeSelector Data nodes Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## You can set dataNodeLoopId (or any other parameter) by setting the below code block under this 'nodeSelector' section: + ## nodeSelector: { shardId: "{{ .dataNodeLoopId }}" } + ## + nodeSelector: {} + ## @param shardsvr.dataNode.tolerations Data nodes Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## You can set dataNodeLoopId (or any other parameter) by setting the below code block under this 'nodeSelector' section: + ## tolerations: + ## - key: "shardId" + ## operator: "Equal" + ## value: "{{ .dataNodeLoopId }}" + ## effect: "NoSchedule" + ## + tolerations: [] + ## @param shardsvr.dataNode.podManagementPolicy podManagementPolicy for the statefulset, allows parallel startup of pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param shardsvr.dataNode.updateStrategy.type updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param shardsvr.dataNode.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param shardsvr.dataNode.config Entries for the MongoDB® config file + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + config: "" + ## @param shardsvr.dataNode.configCM ConfigMap name with MongoDB® configuration (cannot be used with shardsvr.dataNode.config) + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configCM: "" + ## @param shardsvr.dataNode.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param shardsvr.dataNode.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param shardsvr.dataNode.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param shardsvr.dataNode.sidecars Attach additional containers (evaluated as a template) + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param shardsvr.dataNode.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param shardsvr.dataNode.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param shardsvr.dataNode.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param shardsvr.dataNode.extraVolumes Array to add extra volumes. Requires setting `extraVolumeMounts` + ## + extraVolumes: [] + ## @param shardsvr.dataNode.extraVolumeMounts Array to add extra mounts. Normally used with `extraVolumes` + ## + extraVolumeMounts: [] + ## @param shardsvr.dataNode.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## Pod disruption budget + ## + pdb: + ## @param shardsvr.dataNode.pdb.enabled Enable pod disruption budget + ## + enabled: false + ## @param shardsvr.dataNode.pdb.minAvailable Minimum number of available data pods allowed (`0` to disable) + ## + minAvailable: 0 + ## @param shardsvr.dataNode.pdb.maxUnavailable Maximum number of unavailable data pods allowed (`0` to disable) + ## + maxUnavailable: 1 + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param shardsvr.dataNode.serviceAccount.create Specifies whether a ServiceAccount should be created for shardsvr + ## + create: false + ## @param shardsvr.dataNode.serviceAccount.name Name of a Service Account to be used by shardsvr data pods + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + + ## @section Shard configuration: Persistence parameters + ## + + ## Enable persistence using Persistent Volume Claims + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param shardsvr.persistence.enabled Use a PVC to persist data + ## + enabled: true + ## @param shardsvr.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB® images. + ## + mountPath: /bitnami/mongodb + ## @param shardsvr.persistence.subPath Subdirectory of the volume to mount at + ## Useful in development environments and one PV for multiple services. + ## + subPath: "" + ## @param shardsvr.persistence.storageClass Storage class of backing PVC + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param shardsvr.persistence.accessModes Use volume as ReadOnly or ReadWrite + ## + accessModes: + - ReadWriteOnce + ## @param shardsvr.persistence.size PersistentVolumeClaim size + ## + size: 8Gi + ## @param shardsvr.persistence.annotations Additional volume annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + + ## @section Shard configuration: Arbiter parameters + ## + + ## Properties for arbiter nodes + ## ref: https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ + ## + arbiter: + ## @param shardsvr.arbiter.replicas Number of arbiters in each shard replica set (the first node will be primary) + ## + replicas: 0 + ## @param shardsvr.arbiter.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param shardsvr.arbiter.resources Configure pod resources + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param shardsvr.arbiter.mongodbExtraFlags MongoDB® additional command line flags + ## Can be used to specify command line flags, for example: + ## mongodbExtraFlags: + ## - "--wiredTigerCacheSizeGB=2" + ## + mongodbExtraFlags: [] + ## @param shardsvr.arbiter.priorityClassName Pod priority class name + ## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param shardsvr.arbiter.podAffinityPreset Arbiter's Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param shardsvr.arbiter.podAntiAffinityPreset Arbiter's Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param shardsvr.arbiter.nodeAffinityPreset.type Arbiter's Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param shardsvr.arbiter.nodeAffinityPreset.key Arbiter's Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param shardsvr.arbiter.nodeAffinityPreset.values Arbiter's Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param shardsvr.arbiter.affinity Arbiter's Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## You can set arbiterLoopId (or any other parameter) by setting the below code block under this 'affinity' section: + ## affinity: + ## matchLabels: + ## shard: "{{ .arbiterLoopId }}" + ## + ## Note: shardsvr.arbiter.podAffinityPreset, shardsvr.arbiter.podAntiAffinityPreset, and shardsvr.arbiter.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param shardsvr.arbiter.nodeSelector Arbiter's Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param shardsvr.arbiter.tolerations Arbiter's Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param shardsvr.arbiter.podManagementPolicy Statefulset's pod management policy, allows parallel startup of pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param shardsvr.arbiter.updateStrategy.type updateStrategy for MongoDB® Primary, Secondary and Arbiter statefulsets + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + ## @param shardsvr.arbiter.config MongoDB® configuration file + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + config: "" + ## @param shardsvr.arbiter.configCM ConfigMap name with MongoDB® configuration file (cannot be used with shardsvr.arbiter.config) + ## ref: http://docs.mongodb.org/manual/reference/configuration-options/ + ## + configCM: "" + ## @param shardsvr.arbiter.extraEnvVars An array to add extra env vars + ## For example: + ## extraEnvVars: + ## - name: KIBANA_ELASTICSEARCH_URL + ## value: test + ## + extraEnvVars: [] + ## @param shardsvr.arbiter.extraEnvVarsCM Name of a ConfigMap containing extra env vars + ## + extraEnvVarsCM: "" + ## @param shardsvr.arbiter.extraEnvVarsSecret Name of a Secret containing extra env vars + ## + extraEnvVarsSecret: "" + ## @param shardsvr.arbiter.sidecars Add sidecars to the pod + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param shardsvr.arbiter.initContainers Add init containers to the pod + ## For example: + ## initcontainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param shardsvr.arbiter.podAnnotations Additional pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param shardsvr.arbiter.podLabels Additional pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param shardsvr.arbiter.extraVolumes Array to add extra volumes + ## + extraVolumes: [] + ## @param shardsvr.arbiter.extraVolumeMounts Array to add extra mounts (normally used with extraVolumes) + ## + extraVolumeMounts: [] + ## @param shardsvr.arbiter.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## K8s Service Account. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param shardsvr.arbiter.serviceAccount.create Specifies whether a ServiceAccount should be created for shardsvr arbiter nodes + ## + create: false + ## @param shardsvr.arbiter.serviceAccount.name Name of a Service Account to be used by shardsvr arbiter pods + ## If not set and create is true, a name is generated using the XXX.fullname template + ## + name: "" + +## @section Metrics parameters +## + +metrics: + ## @param metrics.enabled Start a side-car prometheus exporter + ## + enabled: false + ## @param metrics.image.registry MongoDB® exporter image registry + ## @param metrics.image.repository MongoDB® exporter image name + ## @param metrics.image.tag MongoDB® exporter image tag + ## @param metrics.image.pullPolicy MongoDB® exporter image pull policy + ## @param metrics.image.pullSecrets MongoDB® exporter image pull secrets + ## + image: + registry: docker.io + repository: bitnami/mongodb-exporter + tag: 0.30.0-debian-10-r91 + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.useTLS Whether to connect to MongoDB® with TLS + useTLS: false + ## @param metrics.extraArgs String with extra arguments to the metrics exporter + ## ref: https://github.com/dcu/mongodb_exporter/blob/master/mongodb_exporter.go + ## + extraArgs: "" + ## @param metrics.resources Metrics exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## Metrics exporter liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.livenessProbe.enabled Enable livenessProbe + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: false + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## Metrics exporter liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## @param metrics.readinessProbe.enabled Enable readinessProbe + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## @param metrics.containerPort Port of the Prometheus metrics container + ## + containerPort: 9216 + ## @param metrics.podAnnotations [object] Metrics exporter pod Annotation + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.containerPort }}" + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + podMonitor: + ## @param metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.podMonitor.namespace Namespace where podmonitor resource should be created + ## + namespace: monitoring + ## @param metrics.podMonitor.interval Specify the interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.podMonitor.additionalLabels Additional labels that can be used so PodMonitors will be discovered by Prometheus + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} diff --git a/packer/ansible/roles/helm_install/files/postgresql/.helmignore b/packer/ansible/roles/helm_install/files/postgresql/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/packer/ansible/roles/helm_install/files/postgresql/Chart.lock b/packer/ansible/roles/helm_install/files/postgresql/Chart.lock new file mode 100644 index 0000000..062bd76 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.17.1 +digest: sha256:91bdebcf473f5da3c018dd74f25fab166d4faaa6be86d492f5caa50fc63f93fb +generated: "2022-09-21T11:17:10.826892958+09:00" diff --git a/packer/ansible/roles/helm_install/files/postgresql/Chart.yaml b/packer/ansible/roles/helm_install/files/postgresql/Chart.yaml new file mode 100644 index 0000000..59a7938 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 14.2.0 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.x.x +description: PostgreSQL (Postgres) is an open source object-relational database known + for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, + views, triggers and stored procedures. +home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +- https://www.postgresql.org/ +version: 11.1.11 diff --git a/packer/ansible/roles/helm_install/files/postgresql/README.md b/packer/ansible/roles/helm_install/files/postgresql/README.md new file mode 100644 index 0000000..727ba4b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/README.md @@ -0,0 +1,662 @@ + + +# PostgreSQL packaged by Bitnami + +PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. + +[Overview of PostgreSQL](http://www.postgresql.org) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```bash +helm repo add bitnami https://charts.bitnami.com/bitnami +helm install my-release bitnami/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +helm install my-release bitnami/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. + +To delete the PVC's associated with `my-release`: + +```bash +kubectl delete pvc -l release=my-release +``` + +> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.postgresql.auth.postgresPassword` | Password for the "postgres" admin user (overrides `auth.postgresPassword`) | `""` | +| `global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `""` | +| `global.postgresql.auth.password` | Password for the custom user to create (overrides `auth.password`) | `""` | +| `global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `""` | +| `global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`) | `""` | +| `global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | +| `commonLabels` | Add labels to all the deployed resources | `{}` | +| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the statefulset | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the statefulset | `["infinity"]` | + + +### PostgreSQL common parameters + +| Name | Description | Value | +| ------------------------------------ | -------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `image.registry` | PostgreSQL image registry | `docker.io` | +| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `14.1.0-debian-10-r80` | +| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify image pull secrets | `[]` | +| `image.debug` | Specify if debug values should be set | `false` | +| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` | +| `auth.postgresPassword` | Password for the "postgres" admin user | `""` | +| `auth.username` | Name for a custom user to create | `""` | +| `auth.password` | Password for the custom user to create | `""` | +| `auth.database` | Name for a custom database to create | `""` | +| `auth.replicationUsername` | Name of the replication user | `repl_user` | +| `auth.replicationPassword` | Password for the replication user | `""` | +| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` | +| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` | +| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `containerPorts.postgresql` | PostgreSQL container port | `5432` | +| `audit.logHostname` | Log client hostnames | `false` | +| `audit.logConnections` | Add client log-in operations to the log file | `false` | +| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` | +| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` | +| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` | +| `audit.clientMinMessages` | Message log level to share with the user | `error` | +| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` | +| `audit.logTimezone` | Timezone for the log timestamps | `""` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn` | `""` | +| `ldap.server` | IP address or name of the LDAP server. | `""` | +| `ldap.port` | Port number on the LDAP server to connect to | `""` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `""` | +| `ldap.bindDN` | DN of user to bind to LDAP | `""` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `""` | +| `ldap.search_attr` | Attribute to match against the user name in the search | `""` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `""` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` | +| `ldap.tls` | Set to `1` to use TLS encryption | `""` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` | +| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` | +| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | +| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename | `""` | +| `tls.crlFilename` | File containing a Certificate Revocation List | `""` | + + +### PostgreSQL Primary parameters + +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | +| `primary.configuration` | PostgreSQL Primary main configuration to be injected as ConfigMap | `""` | +| `primary.pgHbaConfiguration` | PostgreSQL Primary client authentication configuration | `""` | +| `primary.existingConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary configuration | `""` | +| `primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `""` | +| `primary.existingExtendedConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary extended configuration | `""` | +| `primary.initdb.args` | PostgreSQL initdb extra arguments | `""` | +| `primary.initdb.postgresqlWalDir` | Specify a custom location for the PostgreSQL transaction log | `""` | +| `primary.initdb.scripts` | Dictionary of initdb scripts | `{}` | +| `primary.initdb.scriptsConfigMap` | ConfigMap with scripts to be run at first boot | `""` | +| `primary.initdb.scriptsSecret` | Secret with scripts to be run at first boot (in case it contains sensitive information) | `""` | +| `primary.initdb.user` | Specify the PostgreSQL username to execute the initdb scripts | `""` | +| `primary.initdb.password` | Specify the PostgreSQL password to execute the initdb scripts | `""` | +| `primary.standby.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not | `false` | +| `primary.standby.primaryHost` | The Host of replication primary in the other cluster | `""` | +| `primary.standby.primaryPort` | The Port of replication primary in the other cluster | `""` | +| `primary.extraEnvVars` | Array with extra environment variables to add to PostgreSQL Primary nodes | `[]` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes | `""` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL Primary nodes | `""` | +| `primary.command` | Override default container command (useful when using custom images) | `[]` | +| `primary.args` | Override default container args (useful when using custom images) | `[]` | +| `primary.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Primary containers | `true` | +| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `primary.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Primary containers | `true` | +| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `primary.startupProbe.enabled` | Enable startupProbe on PostgreSQL Primary containers | `false` | +| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `primary.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `primary.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `primary.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `primary.lifecycleHooks` | for the PostgreSQL Primary container to automate configuration before or after startup | `{}` | +| `primary.resources.limits` | The resources limits for the PostgreSQL Primary containers | `{}` | +| `primary.resources.requests.memory` | The requested memory for the PostgreSQL Primary containers | `256Mi` | +| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` | +| `primary.podSecurityContext.enabled` | Enable security context | `true` | +| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | +| `primary.containerSecurityContext.enabled` | Enable container security context | `true` | +| `primary.containerSecurityContext.runAsUser` | User ID for the container | `1001` | +| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` | +| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod | `false` | +| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod | `false` | +| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` | +| `primary.annotations` | Annotations for PostgreSQL primary pods | `{}` | +| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` | +| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` | +| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` | +| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` | +| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` | +| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `{}` | +| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `""` | +| `primary.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `primary.terminationGracePeriodSeconds` | Seconds PostgreSQL primary pod needs to terminate gracefully | `""` | +| `primary.updateStrategy.type` | PostgreSQL Primary statefulset strategy type | `RollingUpdate` | +| `primary.updateStrategy.rollingUpdate` | PostgreSQL Primary statefulset rolling update configuration parameters | `{}` | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s) | `[]` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s) | `[]` | +| `primary.sidecars` | Add additional sidecar containers to the PostgreSQL Primary pod(s) | `[]` | +| `primary.initContainers` | Add additional init containers to the PostgreSQL Primary pod(s) | `[]` | +| `primary.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) | `{}` | +| `primary.service.type` | Kubernetes Service type | `ClusterIP` | +| `primary.service.ports.postgresql` | PostgreSQL service port | `5432` | +| `primary.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | +| `primary.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `primary.service.annotations` | Annotations for PostgreSQL primary service | `{}` | +| `primary.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `primary.service.extraPorts` | Extra ports to expose in the PostgreSQL primary service | `[]` | +| `primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC | `true` | +| `primary.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `primary.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` | +| `primary.persistence.subPath` | The subdirectory of the volume to mount to | `""` | +| `primary.persistence.storageClass` | PVC Storage Class for PostgreSQL Primary data volume | `""` | +| `primary.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` | +| `primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `primary.persistence.annotations` | Annotations for the PVC | `{}` | +| `primary.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `primary.persistence.dataSource` | Custom PVC data source | `{}` | + + +### PostgreSQL read only replica parameters + +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | +| `readReplicas.replicaCount` | Number of PostgreSQL read only replicas | `1` | +| `readReplicas.extraEnvVars` | Array with extra environment variables to add to PostgreSQL read only nodes | `[]` | +| `readReplicas.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes | `""` | +| `readReplicas.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL read only nodes | `""` | +| `readReplicas.command` | Override default container command (useful when using custom images) | `[]` | +| `readReplicas.args` | Override default container args (useful when using custom images) | `[]` | +| `readReplicas.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL read only containers | `true` | +| `readReplicas.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `readReplicas.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `readReplicas.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `readReplicas.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `readReplicas.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readReplicas.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL read only containers | `true` | +| `readReplicas.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readReplicas.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readReplicas.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readReplicas.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readReplicas.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `readReplicas.startupProbe.enabled` | Enable startupProbe on PostgreSQL read only containers | `false` | +| `readReplicas.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `readReplicas.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `readReplicas.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `readReplicas.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `readReplicas.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `readReplicas.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `readReplicas.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `readReplicas.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `readReplicas.lifecycleHooks` | for the PostgreSQL read only container to automate configuration before or after startup | `{}` | +| `readReplicas.resources.limits` | The resources limits for the PostgreSQL read only containers | `{}` | +| `readReplicas.resources.requests.memory` | The requested memory for the PostgreSQL read only containers | `256Mi` | +| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` | +| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` | +| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | +| `readReplicas.containerSecurityContext.enabled` | Enable container security context | `true` | +| `readReplicas.containerSecurityContext.runAsUser` | User ID for the container | `1001` | +| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` | +| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod | `false` | +| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod | `false` | +| `readReplicas.labels` | Map of labels to add to the statefulset (PostgreSQL read only) | `{}` | +| `readReplicas.annotations` | Annotations for PostgreSQL read only pods | `{}` | +| `readReplicas.podLabels` | Map of labels to add to the pods (PostgreSQL read only) | `{}` | +| `readReplicas.podAnnotations` | Map of annotations to add to the pods (PostgreSQL read only) | `{}` | +| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` | +| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` | +| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` | +| `readReplicas.tolerations` | Tolerations for PostgreSQL read only pods assignment | `[]` | +| `readReplicas.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `{}` | +| `readReplicas.priorityClassName` | Priority Class to use for each pod (PostgreSQL read only) | `""` | +| `readReplicas.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `readReplicas.terminationGracePeriodSeconds` | Seconds PostgreSQL read only pod needs to terminate gracefully | `""` | +| `readReplicas.updateStrategy.type` | PostgreSQL read only statefulset strategy type | `RollingUpdate` | +| `readReplicas.updateStrategy.rollingUpdate` | PostgreSQL read only statefulset rolling update configuration parameters | `{}` | +| `readReplicas.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s) | `[]` | +| `readReplicas.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s) | `[]` | +| `readReplicas.sidecars` | Add additional sidecar containers to the PostgreSQL read only pod(s) | `[]` | +| `readReplicas.initContainers` | Add additional init containers to the PostgreSQL read only pod(s) | `[]` | +| `readReplicas.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL read only pod(s) | `{}` | +| `readReplicas.service.type` | Kubernetes Service type | `ClusterIP` | +| `readReplicas.service.ports.postgresql` | PostgreSQL service port | `5432` | +| `readReplicas.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | +| `readReplicas.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `readReplicas.service.annotations` | Annotations for PostgreSQL read only service | `{}` | +| `readReplicas.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `readReplicas.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `readReplicas.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `readReplicas.service.extraPorts` | Extra ports to expose in the PostgreSQL read only service | `[]` | +| `readReplicas.persistence.enabled` | Enable PostgreSQL read only data persistence using PVC | `true` | +| `readReplicas.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` | +| `readReplicas.persistence.subPath` | The subdirectory of the volume to mount to | `""` | +| `readReplicas.persistence.storageClass` | PVC Storage Class for PostgreSQL read only data volume | `""` | +| `readReplicas.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` | +| `readReplicas.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `readReplicas.persistence.annotations` | Annotations for the PVC | `{}` | +| `readReplicas.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `readReplicas.persistence.dataSource` | Custom PVC data source | `{}` | + + +### NetworkPolicy parameters + +| Name | Description | Value | +| ------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `networkPolicy.enabled` | Enable network policies | `false` | +| `networkPolicy.metrics.enabled` | Enable network policies for metrics (prometheus) | `false` | +| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` | +| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin. | `false` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s). | `{}` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s). | `{}` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL primary node. | `{}` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin. | `false` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s). | `{}` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s). | `{}` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL read-only nodes. | `{}` | +| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` | +| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | + + +### Volume Permissions parameters + +| Name | Description | Value | +| ------------------------------------------------------ | ------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r327` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | + + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `false` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | +| `rbac.rules` | Custom RBAC rules to set | `[]` | +| `psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | + + +### Metrics Parameters + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------- | --------------------------- | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r14` | +| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | +| `metrics.customMetrics` | Define additional custom metrics | `{}` | +| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` | +| `metrics.containerSecurityContext.enabled` | Enable PostgreSQL Prometheus exporter containers' Security Context | `true` | +| `metrics.containerSecurityContext.runAsUser` | Set PostgreSQL Prometheus exporter containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot | `true` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` | +| `metrics.resources.limits` | The resources limits for the PostgreSQL Prometheus exporter container | `{}` | +| `metrics.resources.requests` | The requested resources for the PostgreSQL Prometheus exporter container | `{}` | +| `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` | +| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` | +| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | +| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.postgresPassword=secretpassword + bitnami/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +helm install my-release -f values.yaml bitnami/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customizing primary and read replica services in a replicated configuration + +At the top level, there is a service object which defines the services for both primary and readReplicas. For deeper customization, there are service objects for both the primary and read types individually. This allows you to override the values in the top level service object so that the primary and read can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the primary and read to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the primary.service or readReplicas.service objects will take precedence over the top level service object. + +### Use a different PostgreSQL version + +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/configuration/change-image-version/). + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the PostgreSQL configuration file. You can add additional PostgreSQL configuration parameters using the `primary.extendedConfiguration` parameter as a string. Alternatively, to replace the entire default configuration use `primary.configuration`. + +You can also add a custom pg_hba.conf using the `primary.pgHbaConfiguration` parameter. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `primary.existingConfigmap` parameter. Note that this will override the two previous options. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, you can specify custom scripts using the `primary.initdb.scripts` parameter as a string. + +In addition, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `primary.initdb.scriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `primary.initdb.scriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. + +For example: + +- First, create the secret with the cetificates files: + + ```console + kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt + ``` + +- Then, use the following parameters: + + ```console + volumePermissions.enabled=true + tls.enabled=true + tls.certificatesSecret="certificates-tls-secret" + tls.certFilename="cert.crt" + tls.certKeyFilename="cert.key" + ``` + + > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `containerSecurityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL primary +primary: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +readReplicas: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.auth.password=testuser +subchart1.postgresql.auth.username=testuser +subchart2.postgresql.auth.username=testuser +postgresql.auth.password=testpass +subchart1.postgresql.auth.password=testpass +subchart2.postgresql.auth.password=testpass +postgresql.auth.database=testdb +subchart1.postgresql.auth.database=testdb +subchart2.postgresql.auth.database=testdb +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.auth.username=testuser +global.postgresql.auth.password=testpass +global.postgresql.auth.database=testdb +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```bash +kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,containerSecurityContext.enabled=false,shmVolume.chmod.enabled=false + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +Refer to the [chart documentation for more information about how to upgrade from previous releases](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/). + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common-1.17.1.tgz b/packer/ansible/roles/helm_install/files/postgresql/charts/common-1.17.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d2e66eb702c03db2f57932528265520573877492 GIT binary patch literal 14611 zcmV+uIqb$CiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhciT9U=zP|%s7t3eb|#`EJ8@<_o4xBenHit%PJHcja%Q{d zwjmOd(53)30LsxMxxf7$yh!k+hb=#{Yko*%5-1c3RfR&KP>9%c%4qLsg18LlXqxLw~UQ>_z_%(7yp(YELF4;(zF0 zyRB;HzL5t}$|RD6QE|`#h>*l%#^(ocOh+6E$+Jji9CuJkK42~gqX#hC?VvQx{~Uya z7vZ22V-azZO8xE-ejr1R_#FO@lPPHSf)V2|<}6DI9fM&!NZ6P}FvRi_V+uneDVh?9 zRCy700NziCFn_-hFW|uT!C>FhhjhS%Yx>Lk2!jz6X7kGZjcq|S& zUE8rv7bZAKG4FIi;%S;7i91~wWi(P0>U3RSJ5xlcM1*3lt5c*p^2&Y$$au0szdELx zZCkL6M_7YfUb853d3hQ7-R{VFiVq+$BiWf%2K=sB_u<*VWA*g;=+o`6mRyq%=crgdAe|c=LhilGlUm-4qw0KUjSH& zIg*Skd)j+#x_RKe0Z_f-h>kIY=5ra6YDYBzU*PwQNnHJ^s$&|v*O!=#C-MLW9rvMI zAIAye@wLWL0l3+5G%ctqZaP|h7!`ywoZv_@{vPwGC3yE+8p{Qvca4F|$4m)(0D+N~ z8yP_}c&1Ne1o(FdRimy=+jISOHLVeP0C6I48LHuzb)cFWC8(C(3uv!3V9H`g|DO6y zC0TzwQWjVAVZ^2>qnOHkEbu4E(T|F0e?UW=hycP5#$d00QMIYWpJV`!Rvsr01=sCI zITCR2QdLD+A|VJMEI#CAYe;xibf0#hj_B1@b3t__)K2gc1=dM>A&t|b$pbyO+tsnq z6-78Lk=Igj2fhF$G*;am^vhyu8JaQ)+jyGFxkt2}YEeizp>hNPO4INn8)8ne#3CfD zmsdJ~??m8JzSf+l->Z7&(FLAAg-2Ry75(djQpM*?NuYsMat=Q!G*x;ga5L z;Bs9s%!?Oftv4iD$`Ur7f3LJ}nLZOH)cORkIjwC@I7^e<-3Vtf3*Me^u0P*)n}u+5 zBKRktGgp?s>q}pQ>|IgvR+hU;lXaQ9p2V#pZwn-BW5RVihKOlt19pfvQ*O=-@g#hi z6|(vDUw!=_p%e{CvOy2P;`RSvu>1U3W&OY3fBx)Y{eK(J71sZ9fLkGn* z&;s`doxy}mqnD&ad`13J@IdnbP;FtH#S_6Xs+~a^43rp zXseOR72O(^ZAftFSVW2G4GtsZg4VjS@;oB=IOq#L8;QuW_5CvR%ImA`v>~ zScnw~?$4x%A*n&?UguK)WMVzsGHw@d{@Sm^UaFaUSh!%dJ+HKEWr>_o=fMXj( zv!Yb-A&S<}H`kxs1LD@pujTU7z((N(#1Li*zkD zH%GO@ljAeYXC%Ta(hjA>Ral*b{Y{XN<1rDEug`z2bvH-Gzbn>eRH6hKt=!zGcE z%8FWnu~dEvmlG0AK#>{|DgaSHajcz_D1qSf*RKIU9^@K!Y_zFDiwM7MBme=&WBf@w zc7aeKF^YkWv>SHRjstxC3PT*BOke|<(6MGu)$a>z0%ToTLgC-{!aX(nWQkN50D^!} ziTMacSW{%gG8zYfIcJKKpS))<#K7^C&2S8t6Kn({LJ}ox{8+%0P%_PE(`Y<-vZ7I) zr77c5c(|72!J|y@d3*MAzx(HZ?mYSV|9<`FldoSN1+ZNr4}1a1&Lmfqu%3DaN3+i& zZo6w=*?-5U?*G+{wXxW*KP->`+8aC@RQ$isUhM5X_=g< zSvuw@R&tyP^{?57OOX&d9NxypfSe!+3ZzzGLu|^0oz71Jjq!omsGOmM#M&5mqZ;V< z;oxO$+oUKYY-CNS8cuMiLFU^@`rG$<7b!(@5=s_2tor=`0)ZorW&YzWn&JS05y45U ztC*tQem^MY=Ng8Co5FCg28M$i!x}19lFcCD9K5Jw;&&_GYHJvgItg~lo7&1IICXKu zu0cos2g{5+rku@4 zjA70)4pGK66$<&S2)VK=xNSUWZ}g=#B}*@ZUno?cw@hNA9PkWNKqHAcaIB0glq9$MMN`evrQ#4l$KrxPuVJ0Vd?%rPDRN0J>DkDWm)tebhvMGirL1Zd6g7#lC zE+?1+p(DnphC3rfRr_qHkMhKTWPYqBW|1hJs~Ka8IZApHcG;DzCppW82^JH^WOss- zsR@$r5+O1ydRs;3yN3O`mlKlUZayxyyd4>Fg)V+qsbu3NO2z67`2|LZB)7h0{qSt? zsoQ^KipHCZ{r|&q`|sJa=P#=E-~Nji5BA?}JZsp0p4TPiEL93nu?pB=p_=(&8A<;a zz&03bL;rcom@MMtoc$vw*p!CA?A|+*qHQ)Vw~*Uu*0D5KHj|nG!@SMVeew&ZOc2Rh zio1_R1&PL$QtFMjr1kwd&4COyHo-t}7`foDdKX@{)M$-5@P3m~1(@&b8A0%!=zS*+ zbm&{DSd}ii+wE>64atF7P;nKPo@K7rEV{rPjx|H%eLmCHFeuOhwqu-f93hG01JDkZ z5?^pkW6V#oBr&ywbKC4JVAr%LUSZnYFmC1B!PE9{yE_F}mt#~`Vet}Ho{{OjS4^qV zQ#7sen$LmuV1mz5K8?D06k@G~mw?h#ja%t$*vN?GzdEI+O{YrL?3eVG5FsPj_9I6< zFgtoYs$@B+U|MQex8ja&>w_H?JW6P6j{mV*L?Wq_j$LUhbJ$Jg3z)nn85?Ky%A#-y zdpF>-oXPE1x3E(>+5IjJv@6jbTxN%~vD^j(q_!&{)5N+4OvlSkfdE3Eer}&&=e~&9 zt#{`h3F}>(Ya4$W?0*}&vAG4nQu}|fTRs2VfAQe|y_IL3_}{;2zlFpwMA3zk2u#(K zq#Za!DB~+dk_;1Uw&hTg_yNL)C&zC0N%*ec`W$5$(6*9m6JfTvttZrewSU=fCydMD zoBgZmpFHurksi$45gF>)71#(61^kH!J;B6If618Iiff>r6)`mOz z(}+MRlHHQZ0VGtGq3smkMhQc5|5^3BYfiIjy}>Vv#TsVH#jCm#6H*|#G6QU6fYJlX zWPCqQG3fma#m{z!8OJLq2Dcl1Vxa_P4qwKy^=clYZ8t>7{Auk7nOca<2qgk94%RTl zxmuKk?b=a-gwWdNTJ$`wKwFcp_3DcQkk%*fjZ-%#ZiKn)P7y_8y(3{aw7g_#T6@0# z;S2;BQyh0x1u`O$vY|kAQB9}BEa)s@{OX-kJSx(9`K>8U6|+e6GBs{JOXS{GKA>G6 z%<{oiuzxh5)ii*GEY^A+q!w?S)6-tZ7q90QwCZ*#jjEa;@jaeH33N~;M3iJgVs5rV zxKi^gRm+Qe`syLNr17cS|MoEM?fL%)gPQ&SZ2$T52mAjvo;Cdco-HpVqA}vJIq)r7 z)q&+DSKR1;`XTJx#%Vv#Z0Dj0PNt!lnB0X6s_5^wPQ5+7!Av7-SGnzUXQCpUj$-6G89`xt8 z{?zrqVTui^|E2z){k`W^{r~(S{_l34HT3_RPpQ&S%A%##L81eVb?WF=HRbD=Zc)S@ zh1PYoHgV>sD*0}PIVUlOFUoAA5$x~jpJaNLjYi}X1l_t#Z;(9V7)gtiK~v%EqMng3 zq2|MRfx4N)mUX~RDD_Rx?sv*|_B&#JJ4eJ9;5bcCgdzB20Ku=p)jNf9!i};dnZxfH zO2~+)g-M#~&W4?j*g)6irD{WAF7gm`!KT>v$`z|dvusJolvpQ}oDc!qmQ=6bo~g3h z6PDs=C+r-LTr8LYk_Xv)v?qmwOVeG4(JSOFwu@=53f2~qj!)djoL9P)BZ##EE79Fw zLO!B4B4A~H_3+HeVW5O-`P2Q>%(j zHSV=6LXBUqElQ10H!V_!Ny0AusM;dWlMQobhCDGgN7|-YB1yL>RHOyaXN4j*9qQ;) zmp^~`q-^s5g6TZ}xoCs80;&sdN-ui(*^_svITdR5 zNEJ55?!f*Qu!|zp@4Y({U`%G1x@AQsFt=Iua%;moFsh2UsgY3}f}RGiaUyPqBBruVbUJX$khmaF~Ju5~_#HV~);`ek)~ zv8GPF-kPh$u00Z6<@;iO*O64Uo#$e2&D5v9jpc9-nwdE-P}MsZ zc)pU_(Mcq)p><3W$_uRHn1ct^ayzQ!0?(U|1itlrPO6a87`p0m0oS9MbEyJw@X{oC zF9~jg+>}$z)+DD~qa4;)hp1Zo5v8d+DBwk2DqLOyp)vlnsMez#>Gt5srQ+s5ESI+Y z5GUinvE&5Lu;ML!PBGya#dCLbt@SkIhIv&NB@1XYEkAf8f~ zg}4fbv?EVhRu|&0V?VWk<|2!H72ul=ilh@{D`fa-wcpsvXiijHu(8v7A)IQ_Namij zRLEs}d->H-k2!Wc{GzG5#boi@A3Sv zoK2Nh_pjg)0fZIR?@eIEa;2@=4=#^=Ys0#PYWjQ6z}C}rV;>f_ZieSIl1Q(%62>mF z6oQ$WzMZZ9sL>f~9Eo;(cfweK@XkDXfPE9rhL8E5{fmCe?BI;C=F*=VvPe4{t0CpW z`@+EfCHPMK5k?=V%-yOy%vQPwXo+<%5? z66&0NT;Y!(G>b>gL$L2#r>JXEXr5O=#m9nW6FzvWB%5(X&R%k7;%HW?# zp7&%sVV9W0wwfajlXQY$u(Mo80R1A|j-wgWD?L zG5&OFHtG+PX&KW4E5U zrRvSKNdaor{Cm5~Exue_Y2g-$*46b|_R}{0U2g-GitJR}%5Dz#%a}utzXZPoex3#2 zu2@#r7&6V6wf5#=GP!?GUH=!^95yurEYbh{{eCU}t3#?7g`$5SJ*SeUCd82&bqz#>60r2(f%SYQ6*$_uE(Zq3%2QO^*^XKLOWAnA}&e$vrcC8Lw2EPeLm2!L; zeAX`SP?a!;{=a_x8o(DAB7ygxL02cat2$|3Wh99K(;3VVH``|>yabuJ`=ujSp@JDU zHx$!(H{S?eJ{A>Fo*Ptu(IHT2LbTUIs2@5fw6b??hrJrwO?ZR^{%ftO_BM8_xv{Ek z_>)8{v?3i=TZwHj4$BaB8Vq9nXW_eSh0+q2A&aSZ#M#tMmSzN(j@-hHn>E7cpjjpdDC7!+|gR`%?cQ{YwBvypr^{7v7fT-jd8i`mi4TdKwDcyPK68#Sp3 zyXSaDu!+RSR1$8(A=n5Wei+5y-6yO<#m$28drk z<8p`WOpRZ$_h_nUh_JvnYj%4b4ZU68QcMOgZcAE^s1_j|?vnszv};SR!gB4Kl$E%h z3p^i``A|petjmd|_Nvidw)=VmKL5t?40D0MS1%7R6@nV`rg?>555&TxF441!*d^=y8VBNI3;wv!6m>_|8KwM|J{A|aR2wMJZsqh z9}Qyw8nR5<3tu=(5`78_jTf2yIZxU0@6mWc`tMW5 zLhl`$Q?#1B`-|BN{wtv|1YQ2iFYzBAeGwD1`+WZ(FzH4=9-h8Ee*3orI4yb)F_t)z zIEHOyl6#56zkWSXZ&aDDUw58@H92U0_k~I5XSU3fIdH7HiKz{rLo-I=I<@WHV5z>K zOb3QxIwPD>b8JEfXSd%#VQGW8aF;oB??tfm zevOb2h{haUYcg1(|DX2<`xX8FV*la%-|akW=zkjtgyG0>MUfe=xH1TFb4_9Gimz2- zr3!w_0k%1ZT;kU}n9Bw6msbp{g@BY#m)LS9?4#(cOR>(ejs0*j@Hy7G`$Kdswx(Sd zW!4m#9_E4RMN96`91=xc#uZsZcx_gF2d2NRbL6VT_12)3qc06BngW6aSvyu$f@ebj zR{~_pRv^T~p9JP79FNGSmB3u!d1xwCAi0P^KbEjq8x`jlDs7g-+O%20xG@|aRnPtC z47AlVWO|Qv$9=Q}F-a-QCxvQ}eWL2TS|=*9*4@^S$Oh&OmLXR7!Rp_d;~R?&nB_V^ z=Qv1f_vJab4Iz|%Ok!h5;(`ne*(Z_^#OK}t0pruwSsBQ9BAv^P@ydz6h01NIsJP4_ z3)IyesEws)mmF+ifuhGT)llF9rjf1c89V3iu0$d%0=Y7vO%1%2+@dS%jlI)u&4a%B zU^qA{jDqhfY#$NVu?4g*`5cwzYYFvk@_1jD?k*zUjQ3hJ_oo79LFBfAO$&VQrO)rg zk}iig*91uj|tz1ZKa=6`&#_v~T)cPr0T)_*@Lu6X@w z2X#mPfj3h&Q}CE@4pajYiUEl&c)Xtub8F z3b`B@>EEzc!eOT#;J#@mgrjtw$QyM-RO9Xa?wbpQeC-o>vJfmFLW@wfb6-RG6_~K7 zbpvE-!f7$Z{--!{R+#}e=F8cjF|Z2WS8(Pyunq98;>cMM%!b`Kt`lpF`xRX{ZBVZ1 zz;R&jx%TTFDr{s5ykuA*ZZ*o)%^p}jN zuO*vC%zuBkZn!1>A4bRQhW$T-{fbmX|7G(|Aj@+1 z#|h;3w%rqC(7vWG$ZzU~971*SuICW4^*7=WD#L1V2rYKwltHw(ah5ujDxGR~D&04S z&}$^o5Q%F2*uK6khte5#=RE4JB=c=4q{B>3-W0sz!O8ie#SNujziDT)b^Ikh7E9Km zH{ks;J_sL$d+8Rls_uV)Tg+7Oh3q=5=5Urf;}mCAx?I8K=6!ON8SP&Avt!iv+&iAH`ui-|PjVs`N6`z0w`)&K)Y$w(j z_pAEeTA*Cl_h!M~bKl#_9-1}_`X)Uz8(!zM_FmCGM7XS6UcK`2-!QkQi=dCrHH@>E&bKd4WO`Dqdm*aeu6_y72ZTpyX7giqatNNE3VO-a{ zq=DXZ-_puXjCRxQCS4deBVO0`To}3f#^bq~&FF7#G*@>K=GyRn$8lZtS?vEwnUG_S zujvF@68|;Wulj#>`-6w`f4B2o#s70+xZ)<9Kpw;08&6PyQ@cB;D04lZkk{7DIEI=D zyq0&!198nXFb$9zT}1inGB58hzm`K)+TOhtg`;Ch8{S%JL3B}bYmJVTusqq^p*N*o ztdX+q%lvxr_H}K8Y-}jSOdX4|d&N@78_2b|&>zKO^vZsOh9;`xv4Gg?IusT%=Sm}R zv+jk(J-bhihO3#+F^))#^E>XaLQKtw_Oc+0=b|~U&TN^$p}XOzl#}}c&%12Yb>9}v zYps{&>&)Wz-hYR!xq+8Zi?y4=DoVU{Qd!)CvN>H@#I)S0)L6=E$74^!Df))|rL}B| zZr|BZ9`!r(H7%b(*YiXyhv!XnhET27{I0>E)kc;F%r>u-T_W@C>X>@CH2aWt%H3J8 zo^EYpUBDZ5Re4=plVh&tv|0e@nw~3vurA-Y_HXj{21nhW?Ad>Kn?CS&08vlC+hzYqL;ui#MQ2d}H-$s-$f0e#2bc z*q_a5H=odJYPu@aC7?E}@BG%%tE;@mwe2^|F0Fl9!ZIx^kygaq=Z8h*?#6$-*#FCM zOs;v?=l3peBJ ztr2rIx2&nQnn$)Z;I0JZ0?$R5>arC;`pOB!$-i*?0dvvfqALOOs)RFBCop#*wfnH8 zvM~7^wu|65eI-(*A3;+P#m>@N^$Pg+#;!TnV4J(W)vjJ84y@`dZjJ)02MNYR_|C_* zNR_(~mlMe^x-xl6SpFpNVJ0W*kEdnfDQ1Ub>vjjA!nWbPF-l`;{rJJu-IUyumfr#;lO`X}^7#O&x#C7L)#Hf};zO@4{$$ zYy36D$HGxm7<*jzhi zE(}_1FV%p(7W9g9M-|(}<_8(IHSbHTV(%rwc-QNvZ~a-k{`cpyt9t>KtpA_w@Aa$k zU%StrKdk?6rDv`^Zlq097wT6aSB3#nZ?bp2Y<6Q8BISHKuk%#p-#Z}nrA_7?bM?VDn@Zx)#t zNz~j#d)&hcc6~8bnH!_S+&flUFfHdELFl-)Tqt-r%m=!4U1aabZ@6B1HS;#-GI!4xgX6?eqvOK zgPqDsMaEbjWt?MLI2D7S>bOBP&NYYC7#07CYpIQDy3%|0hR!}9?gvS>pi!)0;C-=N zj!Y55+6TYTU#N>l{7(Er8&*1|af7)UIZJ_XrzOy<>;W*~AActv*VS5nK{JYDc--wO zvq&wsUOrOAtrk#NAR32i6;`lDG5X#+N5C2-?#H^u+W+AMCsQ(}jN{F>vBduGKi{q1 z|GT^Y;>Cmge;dyhoFJ(*l~BBGI6zH16owf|Vx`4X6kVV(7GY-#-cN`Ck)zSJ5I$Ln0Sr$GVok2{v=!9b;d-`94ekUCMi}&=u?!{!>Q~$U>#fX5BYy?<=KK)L{c;* zP8xn7L$0irBQ=qAI*0J{-*GZ6zy9a;M9Neg^m=OA2*soqvq~ZyP8`MEId8WTUY7<48l+0Cl__Y1d)u-55OUA8?kMM5u5hxZ`GJ?afrmE^9U6B zkT*PsELC=DUP|MIQu4vII~#N^2#pUwt>DS{N0fG^SR!RTE0hhw4NE5VL4>0$NlYxH z-qCiorgLK&LGX8+Bn&<>p2UGcVrvVIspKrq^fpANqm{HVL{iRXB*p@eqq+0+seYxH z3%Hz+XaW(U$^_Exe|^wlh7* z)I&2w68+6CmMr&Mvg(kLh^1IBreZQ0VQuIN9GOLnYIX|_MYF9%+^iW%6S=;?xgV1J*LUv%>zfeHRTsQEJPp*p{}t?< z!$MRhh{q*V)Qj6jC1tTAN{uQhiybCC^_xo4gjtSC#HJ~un93ZX!mn~(W|dY{3{h%S zxj9s{KpmkJ4N0=1NHqw{m1J!7r%4)@3*7ZZX%h|jqaAs44wd@0)8KivyLR-IhLnh_ zb-$;M-Hz`mJ?2r+-9eS??AVRO(1(rLZ;*;>)Oa)*W16uKnIHSL@VOY%C z=S_H`H03PiM0-K=qIyh z=1r)sil>^%aFlT(=N8ya;7PH(Wc=c!j_#^>S_tdmxHg_BC1;q=NQAGdmkv*k9fTVk z_eqMb$)A5`ocxPXi4r(rF&t)+i3laj%!hULr}d|))kqmxho>;1FvRSh=rxpHy3C5X za4+2Z<9f7g$5We7Z#ZXsE#v9Nt)@*qYp;b?gSv+OcH@TIrkICBXJ}ab+?kSQ zFOJyOcsxbp z{-t> za~G5QH)Bu~Pe~x{!g`3J3ryqlh9Q8z*>ER7PB1OYgRKRaD#0{+HEP;tMvMa)JJ3f75<<=F=WRqKm4X{3?tc@aMwrVV%?{!z z{yoD&7IsyQsQEfT)#}=fM?jP^X^;9SIeGuX83;0_wj3FeNKeyxXAVoZZRh0Gubzv) z_p-$-bDqVbV1o*~6{2ce;0H9s$xW>m+M2$?md0jht!0}PiKdD>commDR^E1mD*&d# zS~OVf_OTe~peQp&N?n*=AelCt8HID>w+}^%qfp=kN0RY!Ew!dN7qh5b=6sPuM_a0^ znTMO=jH_>RZHhCN@q~%GFp9eYcSUBU9;g?*oS%zSqjm1ofhzHChB+s38PqbKD93%2 zy_82B8-vH~g{fk5_&r038n_rxnrhq@x=~ldK>wSf2$%L74wHmk+9Q@GE;cV`(@HYa z=@>6yl=W!fqvFw^t?z(hZS9#!R!Ed2S_MBA9RR(ztXQt8P`<(S)tZkl4JNSO*NfirtEvxe6#n9|ai&x)Rd|CnRn3!O zm7kiw&a#m{&m2tW`A^>$qMc!HO7;J_z2yK3n~kHvEw%~ntC8;l&-0C(oP74U#RXnt zgYH`7%d-jVW8qD ze9e(q-_qmeVaYfe0yzig4!v@;5QgCak%rqe} zjc~J~^a?a=shkvF|GB;8m2KHp(H!(XHEC%#Wy{@Tt8GK();%_?d_I(Ek|))pG3JI9 z)i04Bk=BPr@+^>_^Uco}gP5=^iNT;?67{%dp5}{+5y!u0 zn95}CDo3S7$N8gkHEXKXh~?U!Bw6k)y4l^LjWPNP?u8pa0l5#__6IO3_4{Bpso8bvi zM!T-G-;KIaeSznLa_6)u-PAp+wLTPQ|F00@fA`^P_jqo$Y zB`G=l&F2-8%-kf?mF%*Wl0${`I;m*R?QHhcZvCoteV#I+yq-U%5Fw#`ZSx|!@u_$8 z&;%oni4kTc7%%u+L6y5w?1SepFCi zzpCVSzxuG&tuu>fw~)F8sZP%e*~ud*oB$b@nO-Xmv5B2m_-Gd#kv2j|0HZd;(wt?6 z0GYsGv9PNqw*zR%bVK@R+4z+*Nr~L2yyp1no0K;-dX3|!vqIhR=qViT(bzRzxO%?! z*m+m(Ze#%KW9QuwdA9@TUH5V;qqt=JDt9PcQTDtWGp;p$^>H)#&+m4~yzI-jBXcW^ zTZDu_H0G!@cI%GYk%O`!y;&c>9M3x*!yJ#>8pmaG9;0J+eVau=dHrewk_U?h(IR`- zQ=h@&b|*jWius5*C3L*p53_>L7d+ABdxg;VWVfqYE2LOLU(=@>c5bIhYVV#bbiD^kwr+G=u z$i>MiAF|EZ)T3iUKXp11jhBHna3mW0U}5bT zu}5=22K-50F~2oIJG37kCYNX~9s?N_cqp1Z)`x`Tq*lm~CO zIrNF3=-BDlJ#oF=y^J^iHete~?ky0M@PQ@S6qh&7pThCT@m|mko`T=ZTb;Em2y9xb zm)-i*=RT>UM*Dde} zTOq&}XbNbgxAabv*KE$Sk}hm`3^K|6jj$N}Z0=r08)NhBjd}rn7^Nvm{+= z$&X-KKBE*q7^zwQNa>? zovTLr{oB24q(8XAbt5a@H?s7KxoclMqQ~ZVq%_iq@kq^_Oyv7LX1X&OG?dQLnKCdo zsthHVOHmp&n^)DI*8pYz!gOx$570^1D?{}%2%c7``7#JJ&p)mdT`{YBwSh-Y)PGeV zDw*Efv(fu6M71F^Y?vAsW}N`(LYJxTlljIz>-61bUhT$BBOioOtUERGsM|%&D8d;OLS$Dq-bGHuDBnAdXlle{vKmQ$b zyg2E#OLnbT0Hwrs$^?_`=yh*|sN$&@rc6_*SnV1|kfQFnpRUYA?RC2FlcIvLgKT!; z^BPXGy|9GV2>ssMvZcEkxvu5%CD^D2-#NPFhGv z&PIm0j;*V~TFx$0Q>Cm4(({f&=<_3n5nPsPD>qLyJQIFPA4?c1#f9h`h!7bTt2b$E zbSp)cPep_&;)LZXP4j#JNR(^G3=7q~Q&>(K5uK}XEYK)=VdCV=vgUWq$c#c;EW*1? z3_Fu>Ji^?msh`O6_v@65%@Fst@}J#I;BJHj7CTl- z>?b-lgXj7n8O-(+v-~9RC`%wA^gsla@}$mWv^yvAquUFh$V>I|xs~?GF1ol&~^Oug|mnoWS*2{Fv5fMhB z@uvuwR6d-A=1VxX7UhneqGDI57knwRZ zF{MQBhvTC+Z_nOzch$806HTxX#RNH=o4GME$=J~)DD5%k*l2Y^;gS=nZyOP8Brg%i zotOy8$uN^80y(UR0Kb4z#uS3XGdMmA;ML*T@!8YP$K&^ZfA`aS_;`4FdieJJ@tZSv zcM3=E-o8G5fBf$48NB-|9KQVre1H7*^;5vaIPyNFI-dmNK&E;+4?AZzIgD#O_ugw) zEQugNbey3vhB2FAvq_L*J|)6Tkch^egiMLcPf_bm_zhh=^6)%756_)H|33f#|NrB> J+Z+IZ0RY0N)YJd~ literal 0 HcmV?d00001 diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/.helmignore b/packer/ansible/roles/helm_install/files/postgresql/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/Chart.yaml b/packer/ansible/roles/helm_install/files/postgresql/charts/common/Chart.yaml new file mode 100644 index 0000000..2c93878 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.13.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 1.13.0 diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/README.md b/packer/ansible/roles/helm_install/files/postgresql/charts/common/README.md new file mode 100644 index 0000000..c090f74 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/README.md @@ -0,0 +1,347 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 1.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|--------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_affinities.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..189ea40 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_capabilities.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..4ec8321 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_capabilities.tpl @@ -0,0 +1,139 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_errors.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_images.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_images.tpl new file mode 100644 index 0000000..42ffbc7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_ingress.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..8caf73a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_labels.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_names.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_names.tpl new file mode 100644 index 0000000..c8574d1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_names.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_secrets.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..a53fb44 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_secrets.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_storage.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_tplvalues.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_utils.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_warnings.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_cassandra.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..ded1ae3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_mariadb.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..b6906ff --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_mongodb.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..a071ea4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_postgresql.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..164ec0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_redis.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..5d72959 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_validations.tpl b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/charts/common/values.yaml b/packer/ansible/roles/helm_install/files/postgresql/charts/common/values.yaml new file mode 100644 index 0000000..f2df68e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/packer/ansible/roles/helm_install/files/postgresql/ci/extended-config.yaml b/packer/ansible/roles/helm_install/files/postgresql/ci/extended-config.yaml new file mode 100644 index 0000000..224168e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/ci/extended-config.yaml @@ -0,0 +1,4 @@ +primary: + extendedConfiguration: | + pg_stat_statements.max = 10000 + pg_stat_statements.track = all diff --git a/packer/ansible/roles/helm_install/files/postgresql/ci/init-scripts.yaml b/packer/ansible/roles/helm_install/files/postgresql/ci/init-scripts.yaml new file mode 100644 index 0000000..66ac9bb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/ci/init-scripts.yaml @@ -0,0 +1,8 @@ +primary: + initdb: + args: --data-checksums + postgresqlWalDir: /bitnami/wal-dir/ + scripts: + my_init_script.sh: | + #!/bin/sh + echo "Success" diff --git a/packer/ansible/roles/helm_install/files/postgresql/ci/metrics.yaml b/packer/ansible/roles/helm_install/files/postgresql/ci/metrics.yaml new file mode 100644 index 0000000..df26bb2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/ci/metrics.yaml @@ -0,0 +1,24 @@ +auth: + postgresPassword: adminpassword + username: foo + password: foopassword + database: bar +metrics: + enabled: true + serviceMonitor: + enabled: true + namespace: monitoring + prometheusRule: + enabled: true + namespace: monitoring +networkPolicy: + enabled: true + metrics: + enabled: true + namespaceSelector: + label: monitoring + ingressRules: + primaryAccessOnlyFrom: + enabled: true + podSelector: + "{{ template \"common.names.fullname\" . }}-client": "true" diff --git a/packer/ansible/roles/helm_install/files/postgresql/ci/rbac.yaml b/packer/ansible/roles/helm_install/files/postgresql/ci/rbac.yaml new file mode 100644 index 0000000..ef92a1b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/ci/rbac.yaml @@ -0,0 +1,16 @@ +serviceAccount: + create: true + name: custom-sa + automountServiceAccountToken: true +rbac: + create: true + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +psp: + create: true diff --git a/packer/ansible/roles/helm_install/files/postgresql/ci/replication.yaml b/packer/ansible/roles/helm_install/files/postgresql/ci/replication.yaml new file mode 100644 index 0000000..1ce6cf8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/ci/replication.yaml @@ -0,0 +1,5 @@ +# Test values file for generating all of the yaml and check that +# the rendering is correct +architecture: replication +readReplicas: + replicaCount: 3 diff --git a/packer/ansible/roles/helm_install/files/postgresql/ci/tls.yaml b/packer/ansible/roles/helm_install/files/postgresql/ci/tls.yaml new file mode 100644 index 0000000..24131f3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/ci/tls.yaml @@ -0,0 +1,6 @@ +architecture: replication +tls: + enabled: true + autoGenerated: true +volumePermissions: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/postgresql/override-values.yaml b/packer/ansible/roles/helm_install/files/postgresql/override-values.yaml new file mode 100644 index 0000000..61f8521 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/override-values.yaml @@ -0,0 +1,29 @@ +auth: + postgresPassword: "root" + username: "root" + password: "root" +primary: + extendedConfiguration: |- + max_connections = '1000' + shared_buffers = '1024MB' + deadlock_timeout = '5s' + statement_timeout = '15s' + idle_in_transaction_session_timeout = '60s' + shared_preload_libraries = 'pg_stat_statements' + + service: + type: NodePort + + tolerations: + - key: "dev/data-es" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-es + diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/postgresql/templates/NOTES.txt new file mode 100644 index 0000000..710c733 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/NOTES.txt @@ -0,0 +1,89 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- /opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/postgresql/entrypoint.sh /opt/bitnami/scripts/postgresql/run.sh + +{{- else }} + +PostgreSQL can be accessed via port {{ include "postgresql.service.port" . }} on the following DNS names from within your cluster: + + {{ include "postgresql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection + +{{- if eq .Values.architecture "replication" }} + + {{ include "postgresql.readReplica.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read only connection + +{{- end }} + +{{- $customUser := include "postgresql.username" . }} +{{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.postgres-password}" | base64 --decode) + +To get the password for "{{ $customUser }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.password}" | base64 --decode) + +{{- else }} + +To get the password for "{{ default "postgres" $customUser }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }}}" | base64 --decode) + +{{- end }} + +To connect to your database run the following command: + + kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ include "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" \ + --command -- psql --host {{ include "postgresql.primary.fullname" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }} + + > NOTE: If you access the container using bash, make sure that you execute "/opt/bitnami/scripts/entrypoint.sh /bin/bash" in order to avoid the error "psql: local user with ID {{ .Values.primary.containerSecurityContext.runAsUser }}} does not exist" + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.primary.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "postgresql.primary.fullname" . }}) + PGPASSWORD="$POSTGRES_PASSWORD" psql --host $NODE_IP --port $NODE_PORT -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.primary.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "postgresql.primary.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "postgresql.primary.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + PGPASSWORD="$POSTGRES_PASSWORD" psql --host $SERVICE_IP --port {{ include "postgresql.service.port" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.primary.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "postgresql.primary.fullname" . }} {{ include "postgresql.service.port" . }}:{{ include "postgresql.service.port" . }} & + PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }} + +{{- end }} +{{- end }} + +{{- include "postgresql.validateValues" . -}} +{{- include "common.warnings.rollingTag" .Values.image -}} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/postgresql/templates/_helpers.tpl new file mode 100644 index 0000000..98eb56e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/_helpers.tpl @@ -0,0 +1,320 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name for PostgreSQL Primary objects +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.primary.fullname" -}} +{{- if eq .Values.architecture "replication" }} + {{- printf "%s-primary" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- include "common.names.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name for PostgreSQL read-only replicas objects +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.readReplica.fullname" -}} +{{- printf "%s-read" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the default FQDN for PostgreSQL primary headless service +We truncate at 63 chars because of the DNS naming spec. +*/}} +{{- define "postgresql.primary.svc.headless" -}} +{{- printf "%s-hl" (include "postgresql.primary.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- end -}} + +{{/* +Create the default FQDN for PostgreSQL read-only replicas headless service +We truncate at 63 chars because of the DNS naming spec. +*/}} +{{- define "postgresql.readReplica.svc.headless" -}} +{{- printf "%s-hl" (include "postgresql.readReplica.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return the name for a custom user to create +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.auth.username }} + {{- .Values.global.postgresql.auth.username -}} +{{- else -}} + {{- .Values.auth.username -}} +{{- end -}} +{{- end -}} + +{{/* +Return the name for a custom database to create +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.auth.database }} + {{- .Values.global.postgresql.auth.database -}} +{{- else if .Values.auth.database -}} + {{- .Values.auth.database -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.auth.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}} +{{- else if .Values.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL service port +*/}} +{{- define "postgresql.service.port" -}} +{{- if .Values.global.postgresql.service.ports.postgresql }} + {{- .Values.global.postgresql.service.ports.postgresql -}} +{{- else -}} + {{- .Values.primary.service.ports.postgresql -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL service port +*/}} +{{- define "postgresql.readReplica.service.port" -}} +{{- if .Values.global.postgresql.service.ports.postgresql }} + {{- .Values.global.postgresql.service.ports.postgresql -}} +{{- else -}} + {{- .Values.readReplicas.service.ports.postgresql -}} +{{- end -}} +{{- end -}} + +{{/* +Get the PostgreSQL primary configuration ConfigMap name. +*/}} +{{- define "postgresql.primary.configmapName" -}} +{{- if .Values.primary.existingConfigmap -}} + {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-configuration" (include "postgresql.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for PostgreSQL primary with the configuration +*/}} +{{- define "postgresql.primary.createConfigmap" -}} +{{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Get the PostgreSQL primary extended configuration ConfigMap name. +*/}} +{{- define "postgresql.primary.extendedConfigmapName" -}} +{{- if .Values.primary.existingExtendedConfigmap -}} + {{- printf "%s" (tpl .Values.primary.existingExtendedConfigmap $) -}} +{{- else -}} + {{- printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for PostgreSQL primary with the extended configuration +*/}} +{{- define "postgresql.primary.createExtendedConfigmap" -}} +{{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "postgresql.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap should be mounted with PostgreSQL configuration +*/}} +{{- define "postgresql.mountConfigurationCM" -}} +{{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdb.scriptsCM" -}} +{{- if .Values.primary.initdb.scriptsConfigMap -}} + {{- printf "%s" (tpl .Values.primary.initdb.scriptsConfigMap $) -}} +{{- else -}} + {{- printf "%s-init-scripts" (include "postgresql.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +{{- $customUser := include "postgresql.username" . }} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} +{{- else }} + exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If PSP is enabled RBAC should be enabled too +*/}} +{{- define "postgresql.validateValues.psp" -}} +{{- if and .Values.psp.create (not .Values.rbac.create) }} +postgresql: psp.create, rbac.create + RBAC should be enabled if PSP is enabled in order for PSP to work. + More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "postgresql.tlsCert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}} +{{- else -}} + {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "postgresql.tlsCertKey" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}} +{{- else -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsCACert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}} +{{- else -}} + {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CRL file. +*/}} +{{- define "postgresql.tlsCRL" -}} +{{- if .Values.tls.crlFilename -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "postgresql.createTlsSecret" -}} +{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsSecretName" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "%s-crt" (include "common.names.fullname" .) -}} +{{- else -}} + {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/extra-list.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/networkpolicy-egress.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/networkpolicy-egress.yaml new file mode 100644 index 0000000..e862147 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/networkpolicy-egress.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-egress" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }} + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + - to: + - namespaceSelector: {} + {{- end }} + {{- if .Values.networkPolicy.egressRules.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/configmap.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/configmap.yaml new file mode 100644 index 0000000..2e6019f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/configmap.yaml @@ -0,0 +1,24 @@ +{{- if (include "postgresql.primary.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- if .Values.primary.configuration }} + postgresql.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.pgHbaConfiguration }} + pg_hba.conf: | + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.pgHbaConfiguration "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/extended-configmap.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/extended-configmap.yaml new file mode 100644 index 0000000..ce5ba2d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/extended-configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "postgresql.primary.createExtendedConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + override.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extendedConfiguration "context" $ ) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/initialization-configmap.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/initialization-configmap.yaml new file mode 100644 index 0000000..b73d69b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/initialization-configmap.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.primary.initdb.scripts (not .Values.primary.initdb.scriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: {{- include "common.tplvalues.render" (dict "value" .Values.primary.initdb.scripts "context" .) | nindent 2 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/metrics-configmap.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/metrics-configmap.yaml new file mode 100644 index 0000000..952f3a7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/metrics-configmap.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom-metrics.yaml: {{- toYaml .Values.metrics.customMetrics | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/metrics-svc.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/metrics-svc.yaml new file mode 100644 index 0000000..8b6af03 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/metrics-svc.yaml @@ -0,0 +1,31 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/networkpolicy.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/networkpolicy.yaml new file mode 100644 index 0000000..d6f8e14 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/networkpolicy.yaml @@ -0,0 +1,57 @@ +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary + ingress: + {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} + - from: + {{- if .Values.networkPolicy.metrics.namespaceSelector }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.metrics.podSelector }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} + {{- end }} + ports: + - port: {{ .Values.metrics.containerPorts.metrics }} + {{- end }} + {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector "context" $) | nindent 14 }} + {{- end }} + ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (eq .Values.architecture "replication") }} + - from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} + app.kubernetes.io/component: read + ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/prometheusrule.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/prometheusrule.yaml new file mode 100644 index 0000000..92a8d77 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/prometheusrule.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "postgresql.primary.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/servicemonitor.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/servicemonitor.yaml new file mode 100644 index 0000000..ae545ca --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/statefulset.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/statefulset.yaml new file mode 100644 index 0000000..6827f85 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/statefulset.yaml @@ -0,0 +1,639 @@ +{{- $customUser := include "postgresql.username" . }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.labels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + serviceName: {{ include "postgresql.primary.svc.headless" . }} + {{- if .Values.primary.updateStrategy }} + updateStrategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary + template: + metadata: + name: {{ include "postgresql.primary.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.primary.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "postgresql.primary.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if (include "postgresql.primary.createExtendedConfigmap" .) }} + checksum/extended-configuration: {{ include (print $.Template.BasePath "/primary/extended-configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.primary.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- if .Values.primary.extraPodSpec }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPodSpec "context" $) | nindent 6 }} + {{- end }} + serviceAccountName: {{ include "postgresql.serviceAccountName" . }} + {{- include "postgresql.imagePullSecrets" . | nindent 6 }} + {{- if .Values.primary.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.primary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.primary.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.primary.priorityClassName }} + priorityClassName: {{ .Values.primary.priorityClassName }} + {{- end }} + {{- if .Values.primary.schedulerName }} + schedulerName: {{ .Values.primary.schedulerName | quote }} + {{- end }} + {{- if .Values.primary.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.primary.podSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + hostNetwork: {{ .Values.primary.hostNetwork }} + hostIPC: {{ .Values.primary.hostIPC }} + initContainers: + {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} + - name: copy-certs + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.primary.resources }} + resources: {{- toYaml .Values.primary.resources | nindent 12 }} + {{- end }} + # We don't require a privileged container in this case + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + chmod 600 {{ include "postgresql.tlsCertKey" . }} + volumeMounts: + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- else if and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled) }} + - name: init-chmod-data + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + {{- if .Values.primary.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.primary.persistence.mountPath }} + {{- else }} + chown {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} {{ .Values.primary.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.primary.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.primary.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.primary.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.primary.persistence.mountPath }}/conf {{- end }} + find {{ .Values.primary.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + xargs -r chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs -r chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ include "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.primary.persistence.enabled }} + - name: data + mountPath: {{ .Values.primary.persistence.mountPath }} + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.primary.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.initContainers "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: postgresql + image: {{ include "postgresql.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.primary.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.primary.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: {{ .Values.containerPorts.postgresql | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: {{ .Values.primary.persistence.mountPath | quote }} + {{- if .Values.primary.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + # Authentication + {{- if and (not (empty $customUser)) (ne $customUser "postgres") }} + - name: POSTGRES_USER + value: {{ $customUser | quote }} + {{- if .Values.auth.enablePostgresUser }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: postgres-password + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_PASSWORD_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }} + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + # Replication + {{- if or (eq .Values.architecture "replication") .Values.primary.standby.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: {{ ternary "slave" "master" .Values.primary.standby.enabled | quote }} + - name: POSTGRES_REPLICATION_USER + value: {{ .Values.auth.replicationUsername | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off") }} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + # Initdb + {{- if .Values.primary.initdb.args }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.primary.initdb.args | quote }} + {{- end }} + {{- if .Values.primary.initdb.postgresqlWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.primary.initdb.postgresqlWalDir | quote }} + {{- end }} + {{- if .Values.primary.initdb.user }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.primary.initdb.user }} + {{- end }} + {{- if .Values.primary.initdb.password }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.primary.initdb.password | quote }} + {{- end }} + # Standby + {{- if .Values.primary.standby.enabled }} + - name: POSTGRES_MASTER_HOST + value: {{ .Values.primary.standby.primaryHost }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ .Values.primary.standby.primaryPort | quote }} + {{- end }} + # LDAP + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end }} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote }} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if not (empty .Values.ldap.bind_password) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: ldap-password + {{- end }} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end }} + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ include "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ include "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ include "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ include "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.primary.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }} + envFrom: + {{- if .Values.primary.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.primary.extraEnvVarsCM }} + {{- end }} + {{- if .Values.primary.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.primary.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ .Values.containerPorts.postgresql }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.primary.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- else if .Values.primary.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- else if .Values.primary.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + {{- else if .Values.primary.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.primary.resources }} + resources: {{- toYaml .Values.primary.resources | nindent 12 }} + {{- end }} + {{- if .Values.primary.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.primary.initdb.scriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or .Values.primary.extendedConfiguration .Values.primary.existingExtendedConfigmap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.primary.persistence.enabled }} + - name: data + mountPath: {{ .Values.primary.persistence.mountPath }} + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- end }} + {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.primary.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.auth.database or .Values.global.postgresql.auth.database)" (include "postgresql.database" .) }} + {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} + {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} + - name: DATA_SOURCE_NAME + value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.service.port" .)) (default "postgres" $customUser | quote) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} + {{- else }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.service.port" .)) $database $sslmode }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: DATA_SOURCE_PASS_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }} + {{- end }} + - name: DATA_SOURCE_USER + value: {{ default "postgres" $customUser | quote }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPorts.metrics }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http-metrics + {{- else if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http-metrics + {{- else if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http-metrics + {{- else if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.primary.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} + - name: postgresql-config + configMap: + name: {{ include "postgresql.primary.configmapName" . }} + {{- end }} + {{- if or .Values.primary.extendedConfiguration .Values.primary.existingExtendedConfigmap }} + - name: postgresql-extended-config + configMap: + name: {{ include "postgresql.primary.extendedConfigmapName" . }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + secret: + secretName: {{ include "postgresql.secretName" . }} + {{- end }} + {{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }} + - name: custom-init-scripts + configMap: + name: {{ include "postgresql.initdb.scriptsCM" . }} + {{- end }} + {{- if .Values.primary.initdb.scriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ tpl .Values.primary.initdb.scriptsSecret $ }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ include "postgresql.tlsSecretName" . }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.primary.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + {{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl .Values.primary.persistence.existingClaim $ }} + {{- else if not .Values.primary.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.primary.persistence.annotations }} + annotations: {{- toYaml .Values.primary.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.primary.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.primary.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + resources: + requests: + storage: {{ .Values.primary.persistence.size | quote }} + {{- if .Values.primary.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) | nindent 8 }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/svc-headless.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/svc-headless.yaml new file mode 100644 index 0000000..abd5aba --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/svc-headless.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.primary.svc.headless" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: primary + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: {{ template "postgresql.service.port" . }} + targetPort: tcp-postgresql + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/primary/svc.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/svc.yaml new file mode 100644 index 0000000..b7784a4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/primary/svc.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: primary + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.primary.service.type }} + {{- if and .Values.primary.service.loadBalancerIP (eq .Values.primary.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} + externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.loadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq .Values.primary.service.type "ClusterIP") .Values.primary.service.clusterIP }} + clusterIP: {{ .Values.primary.service.clusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.service.port" . }} + targetPort: tcp-postgresql + {{- if and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) (not (empty .Values.primary.service.nodePorts.postgresql)) }} + nodePort: {{ .Values.primary.service.nodePorts.postgresql }} + {{- else if eq .Values.primary.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.primary.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/psp.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/psp.yaml new file mode 100644 index 0000000..d164079 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/psp.yaml @@ -0,0 +1,41 @@ +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.psp.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + privileged: false + volumes: + - 'configMap' + - 'secret' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'projected' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/read/networkpolicy.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/read/networkpolicy.yaml new file mode 100644 index 0000000..e49f020 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/read/networkpolicy.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.networkPolicy.enabled (eq .Values.architecture "replication") .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "postgresql.readReplica.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: read + ingress: + {{- if and .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector "context" $) | nindent 14 }} + {{- end }} + ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/read/statefulset.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/read/statefulset.yaml new file mode 100644 index 0000000..2fbdf90 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/read/statefulset.yaml @@ -0,0 +1,433 @@ +{{- if eq .Values.architecture "replication" }} +{{- $customUser := include "postgresql.username" . }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.readReplicas.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.readReplicas.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.readReplicas.replicaCount }} + serviceName: {{ include "postgresql.readReplica.svc.headless" . }} + {{- if .Values.readReplicas.updateStrategy }} + updateStrategy: {{- toYaml .Values.readReplicas.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: read + template: + metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.readReplicas.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- if .Values.readReplicas.extraPodSpec }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }} + {{- end }} + serviceAccountName: {{ include "postgresql.serviceAccountName" . }} + {{- include "postgresql.imagePullSecrets" . | nindent 6 }} + {{- if .Values.readReplicas.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAffinityPreset "component" "read" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAntiAffinityPreset "component" "read" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.readReplicas.nodeAffinityPreset.type "key" .Values.readReplicas.nodeAffinityPreset.key "values" .Values.readReplicas.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.readReplicas.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.priorityClassName }} + priorityClassName: {{ .Values.readReplicas.priorityClassName }} + {{- end }} + {{- if .Values.readReplicas.schedulerName }} + schedulerName: {{ .Values.readReplicas.schedulerName | quote }} + {{- end }} + {{- if .Values.readReplicas.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.readReplicas.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.readReplicas.podSecurityContext.enabled }} + securityContext: {{- omit .Values.readReplicas.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + hostNetwork: {{ .Values.readReplicas.hostNetwork }} + hostIPC: {{ .Values.readReplicas.hostIPC }} + initContainers: + {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} + - name: copy-certs + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.readReplicas.resources }} + resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }} + {{- end }} + # We don't require a privileged container in this case + {{- if .Values.readReplicas.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + chmod 600 {{ include "postgresql.tlsCertKey" . }} + volumeMounts: + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- else if and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled) }} + - name: init-chmod-data + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.readReplicas.resources }} + resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + {{- if .Values.readReplicas.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.readReplicas.persistence.mountPath }} + {{- else }} + chown {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} {{ .Values.readReplicas.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }} + find {{ .Values.readReplicas.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + xargs -r chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs -r chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ include "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{ if .Values.readReplicas.persistence.enabled }} + - name: data + mountPath: {{ .Values.readReplicas.persistence.mountPath }} + {{- if .Values.readReplicas.persistence.subPath }} + subPath: {{ .Values.readReplicas.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.readReplicas.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.initContainers "context" $ ) | nindent 8 }} + {{- end }} + containers: + - name: postgresql + image: {{ include "postgresql.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.readReplicas.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.readReplicas.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.readReplicas.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: {{ .Values.containerPorts.postgresql | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: {{ .Values.readReplicas.persistence.mountPath | quote }} + {{- if .Values.readReplicas.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + # Authentication + {{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: postgres-password + {{- end }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_PASSWORD_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }} + {{- end }} + # Replication + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ .Values.auth.replicationUsername | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ include "postgresql.primary.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.service.port" . | quote }} + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ include "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ include "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ include "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ include "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.readReplicas.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.readReplicas.extraEnvVarsCM .Values.readReplicas.extraEnvVarsSecret }} + envFrom: + {{- if .Values.readReplicas.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.readReplicas.extraEnvVarsCM }} + {{- end }} + {{- if .Values.readReplicas.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.readReplicas.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ .Values.containerPorts.postgresql }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.readReplicas.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser| quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- else if .Values.readReplicas.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readReplicas.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- else if .Values.readReplicas.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readReplicas.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + {{- else if .Values.readReplicas.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.resources }} + resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }} + {{- end }} + {{- if .Values.readReplicas.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.readReplicas.persistence.enabled }} + - name: data + mountPath: {{ .Values.readReplicas.persistence.mountPath }} + {{- if .Values.readReplicas.persistence.subPath }} + subPath: {{ .Values.readReplicas.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readReplicas.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.sidecars "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + secret: + secretName: {{ include "postgresql.secretName" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ include "postgresql.tlsSecretName" . }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if not .Values.readReplicas.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.readReplicas.persistence.annotations }} + annotations: {{- toYaml .Values.readReplicas.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.readReplicas.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.readReplicas.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + resources: + requests: + storage: {{ .Values.readReplicas.persistence.size | quote }} + {{- if .Values.readReplicas.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- include "common.storage.class" (dict "persistence" .Values.readReplicas.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/read/svc-headless.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/read/svc-headless.yaml new file mode 100644 index 0000000..7600ba6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/read/svc-headless.yaml @@ -0,0 +1,33 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.readReplica.svc.headless" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: read + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: {{ include "postgresql.readReplica.service.port" . }} + targetPort: tcp-postgresql + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: read +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/read/svc.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/read/svc.yaml new file mode 100644 index 0000000..dd13cfb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/read/svc.yaml @@ -0,0 +1,45 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: read + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.readReplicas.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.readReplicas.service.type }} + {{- if and .Values.readReplicas.service.loadBalancerIP (eq .Values.readReplicas.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.readReplicas.service.loadBalancerIP }} + externalTrafficPolicy: {{ .Values.readReplicas.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.readReplicas.service.type "LoadBalancer") .Values.readReplicas.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.loadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq .Values.readReplicas.service.type "ClusterIP") .Values.readReplicas.service.clusterIP }} + clusterIP: {{ .Values.readReplicas.service.clusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ include "postgresql.readReplica.service.port" . }} + targetPort: tcp-postgresql + {{- if and (or (eq .Values.readReplicas.service.type "NodePort") (eq .Values.readReplicas.service.type "LoadBalancer")) (not (empty .Values.readReplicas.service.nodePorts.postgresql)) }} + nodePort: {{ .Values.readReplicas.service.nodePorts.postgresql }} + {{- else if eq .Values.readReplicas.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.readReplicas.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: read +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/role.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/role.yaml new file mode 100644 index 0000000..8b04879 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/role.yaml @@ -0,0 +1,31 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +# yamllint disable rule:indentation +rules: + {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} + {{- if and $pspAvailable .Values.psp.create }} + - apiGroups: + - 'policy' + resources: + - podsecuritypolicies' + verbs: + - 'use' + resourceNames: + - {{ include "common.names.fullname" . }} + {{- end }} + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +# yamllint enable rule:indentation +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/rolebinding.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/rolebinding.yaml new file mode 100644 index 0000000..88f10af --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/rolebinding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ include "common.names.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "postgresql.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/secrets.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/secrets.yaml new file mode 100644 index 0000000..a46fdbf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/secrets.yaml @@ -0,0 +1,29 @@ +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.auth.enablePostgresUser }} + postgres-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "postgres-password" "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) }} + {{- end }} + {{- if not (empty (include "postgresql.username" .)) }} + password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "password" "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) }} + {{- end }} + {{- if eq .Values.architecture "replication" }} + replication-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "replication-password" "providedValues" (list "auth.replicationPassword") "context" $) }} + {{- end }} + # We don't auto-generate LDAP password when it's not provided as we do for other passwords + {{- if and .Values.ldap.enabled .Values.ldap.bind_password }} + ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/serviceaccount.yaml new file mode 100644 index 0000000..2de14af --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "postgresql.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/templates/tls-secrets.yaml b/packer/ansible/roles/helm_install/files/postgresql/templates/tls-secrets.yaml new file mode 100644 index 0000000..d660f97 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/templates/tls-secrets.yaml @@ -0,0 +1,27 @@ +{{- if (include "postgresql.createTlsSecret" . ) }} +{{- $ca := genCA "postgresql-ca" 365 }} +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $primaryHeadlessServiceName := include "postgresql.primary.svc.headless" . }} +{{- $readHeadlessServiceName := include "postgresql.readReplica.svc.headless" . }} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) $fullname }} +{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ $crt.Cert | b64enc | quote }} + tls.key: {{ $crt.Key | b64enc | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/postgresql/values.schema.json b/packer/ansible/roles/helm_install/files/postgresql/values.schema.json new file mode 100644 index 0000000..fc41483 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/values.schema.json @@ -0,0 +1,156 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "PostgreSQL architecture", + "form": true, + "description": "Allowed values: `standalone` or `replication`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enablePostgresUser": { + "type": "boolean", + "title": "Enable \"postgres\" admin user", + "description": "Assign a password to the \"postgres\" admin user. Otherwise, remote access will be blocked for this user", + "form": true + }, + "postgresPassword": { + "type": "string", + "title": "Password for the \"postgres\" admin user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true + }, + "database": { + "type": "string", + "title": "PostgreSQL custom database", + "description": "Name of the custom database to be created during the 1st initialization of PostgreSQL", + "form": true + }, + "username": { + "type": "string", + "title": "PostgreSQL custom user", + "description": "Name of the custom user to be created during the 1st initialization of PostgreSQL. This user only has permissions on the PostgreSQL custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for the custom user to create", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true + }, + "replicationUsername": { + "type": "string", + "title": "PostgreSQL replication user", + "description": "Name of user used to manage replication.", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "replicationPassword": { + "type": "string", + "title": "Password for PostgreSQL replication user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "readReplicas": { + "type": "integer", + "title": "read Replicas", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/packer/ansible/roles/helm_install/files/postgresql/values.yaml b/packer/ansible/roles/helm_install/files/postgresql/values.yaml new file mode 100644 index 0000000..f5dfd0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/postgresql/values.yaml @@ -0,0 +1,1335 @@ +## @section Global parameters +## Please, note that this will override the parameters, including dependencies, configured to use the global value +## +global: + ## @param global.imageRegistry Global Docker image registry + ## + imageRegistry: "" + ## @param global.imagePullSecrets Global Docker registry secret names as an array + ## e.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + ## @param global.storageClass Global StorageClass for Persistent Volume(s) + ## + storageClass: "" + postgresql: + ## @param global.postgresql.auth.postgresPassword Password for the "postgres" admin user (overrides `auth.postgresPassword`) + ## @param global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) + ## @param global.postgresql.auth.password Password for the custom user to create (overrides `auth.password`) + ## @param global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) + ## @param global.postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`) + ## + auth: + postgresPassword: "" + username: "" + password: "" + database: "" + existingSecret: "" + ## @param global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) + ## + service: + ports: + postgresql: "" + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param clusterDomain Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) +## +extraDeploy: [] +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} +## Enable diagnostic mode in the statefulset +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the statefulset + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the statefulset + ## + args: + - infinity + +## @section PostgreSQL common parameters +## + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## @param image.registry PostgreSQL image registry +## @param image.repository PostgreSQL image repository +## @param image.tag PostgreSQL image tag (immutable tags are recommended) +## @param image.pullPolicy PostgreSQL image pull policy +## @param image.pullSecrets Specify image pull secrets +## @param image.debug Specify if debug values should be set +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 14.2.0-debian-10-r44 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Authentication parameters +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run +## +auth: + ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user + ## + enablePostgresUser: true + ## @param auth.postgresPassword Password for the "postgres" admin user + ## + postgresPassword: "root" + ## @param auth.username Name for a custom user to create + ## + username: "root" + ## @param auth.password Password for the custom user to create + ## + password: "root" + ## @param auth.database Name for a custom database to create + ## + database: "" + ## @param auth.replicationUsername Name of the replication user + ## + replicationUsername: repl_user + ## @param auth.replicationPassword Password for the replication user + ## + replicationPassword: "" + ## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials + ## `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret + ## The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), + ## `password` (which is the password for the custom user to create when `auth.username` is set), + ## and `replication-password` (which is the password for replication user). + ## The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and + ## picked from this secret in this case. + ## The value is evaluated as a template. + ## + existingSecret: "" + ## @param auth.usePasswordFiles Mount credentials as a files instead of using an environment variable + ## + usePasswordFiles: false +## @param architecture PostgreSQL architecture (`standalone` or `replication`) +## +architecture: standalone +## Replication configuration +## Ignored if `architecture` is `standalone` +## +replication: + ## @param replication.synchronousCommit Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` + ## @param replication.numSynchronousReplicas Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. + ## ref: https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-SYNCHRONOUS-COMMIT + ## + synchronousCommit: "off" + numSynchronousReplicas: 0 + ## @param replication.applicationName Cluster application name. Useful for advanced replication settings + ## + applicationName: my_application +## @param containerPorts.postgresql PostgreSQL container port +## +containerPorts: + postgresql: 5432 +## Audit settings +## https://github.com/bitnami/bitnami-docker-postgresql#auditing +## @param audit.logHostname Log client hostnames +## @param audit.logConnections Add client log-in operations to the log file +## @param audit.logDisconnections Add client log-outs operations to the log file +## @param audit.pgAuditLog Add operations to log using the pgAudit extension +## @param audit.pgAuditLogCatalog Log catalog using pgAudit +## @param audit.clientMinMessages Message log level to share with the user +## @param audit.logLinePrefix Template for log line prefix (default if not set) +## @param audit.logTimezone Timezone for the log timestamps +## +audit: + logHostname: false + logConnections: false + logDisconnections: false + pgAuditLog: "" + pgAuditLogCatalog: "off" + clientMinMessages: error + logLinePrefix: "" + logTimezone: "" +## LDAP configuration +## @param ldap.enabled Enable LDAP support +## @param ldap.url LDAP URL beginning in the form `ldap[s]://host[:port]/basedn` +## @param ldap.server IP address or name of the LDAP server. +## @param ldap.port Port number on the LDAP server to connect to +## @param ldap.prefix String to prepend to the user name when forming the DN to bind +## @param ldap.suffix String to append to the user name when forming the DN to bind +## @param ldap.baseDN Root DN to begin the search for the user in +## @param ldap.bindDN DN of user to bind to LDAP +## @param ldap.bind_password Password for the user to bind to LDAP +## @param ldap.search_attr Attribute to match against the user name in the search +## @param ldap.search_filter The search filter to use when doing search+bind authentication +## @param ldap.scheme Set to `ldaps` to use LDAPS +## @param ldap.tls Set to `1` to use TLS encryption +## +ldap: + enabled: false + url: "" + server: "" + port: "" + prefix: "" + suffix: "" + baseDN: "" + bindDN: "" + bind_password: "" + search_attr: "" + search_filter: "" + scheme: "" + tls: "" +## @param postgresqlDataDir PostgreSQL data dir folder +## +postgresqlDataDir: /bitnami/postgresql/data +## @param postgresqlSharedPreloadLibraries Shared preload libraries (comma-separated list) +## +postgresqlSharedPreloadLibraries: "pgaudit" +## Start PostgreSQL pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) limit `/dev/shm` to `64M` +## ref: https://github.com/docker-library/postgres/issues/416 +## ref: https://github.com/containerd/containerd/issues/3654 +## +shmVolume: + ## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) + ## + enabled: true + ## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs + ## Note: the size of the tmpfs counts against container's memory limit + ## e.g: + ## sizeLimit: 1Gi + ## + sizeLimit: "" +## TLS configuration +## +tls: + ## @param tls.enabled Enable TLS traffic support + ## + enabled: false + ## @param tls.autoGenerated Generate automatically self-signed TLS certificates + ## + autoGenerated: false + ## @param tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's + ## + preferServerCiphers: true + ## @param tls.certificatesSecret Name of an existing secret that contains the certificates + ## + certificatesSecret: "" + ## @param tls.certFilename Certificate filename + ## + certFilename: "" + ## @param tls.certKeyFilename Certificate key filename + ## + certKeyFilename: "" + ## @param tls.certCAFilename CA Certificate filename + ## If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html + ## + certCAFilename: "" + ## @param tls.crlFilename File containing a Certificate Revocation List + ## + crlFilename: "" + +## @section PostgreSQL Primary parameters +## +primary: + ## @param primary.configuration PostgreSQL Primary main configuration to be injected as ConfigMap + ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html + ## + configuration: "" + ## @param primary.pgHbaConfiguration PostgreSQL Primary client authentication configuration + ## ref: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html + ## e.g:# + ## pgHbaConfiguration: |- + ## local all all trust + ## host all all localhost trust + ## host mydatabase mysuser 192.168.0.0/24 md5 + ## + pgHbaConfiguration: "" + ## @param primary.existingConfigmap Name of an existing ConfigMap with PostgreSQL Primary configuration + ## NOTE: `primary.configuration` and `primary.pgHbaConfiguration` will be ignored + ## + existingConfigmap: "" + ## @param primary.extendedConfiguration Extended PostgreSQL Primary configuration (appended to main or default configuration) + ## ref: https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf + ## + extendedConfiguration: "" + ## @param primary.existingExtendedConfigmap Name of an existing ConfigMap with PostgreSQL Primary extended configuration + ## NOTE: `primary.extendedConfiguration` will be ignored + ## + existingExtendedConfigmap: "" + ## Initdb configuration + ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#specifying-initdb-arguments + ## + initdb: + ## @param primary.initdb.args PostgreSQL initdb extra arguments + ## + args: "" + ## @param primary.initdb.postgresqlWalDir Specify a custom location for the PostgreSQL transaction log + ## + postgresqlWalDir: "" + ## @param primary.initdb.scripts Dictionary of initdb scripts + ## Specify dictionary of scripts to be run at first boot + ## e.g: + ## scripts: + ## my_init_script.sh: | + ## #!/bin/sh + ## echo "Do something." + ## + scripts: {} + ## @param primary.initdb.scriptsConfigMap ConfigMap with scripts to be run at first boot + ## NOTE: This will override `primary.initdb.scripts` + ## + scriptsConfigMap: "" + ## @param primary.initdb.scriptsSecret Secret with scripts to be run at first boot (in case it contains sensitive information) + ## NOTE: This can work along `primary.initdb.scripts` or `primary.initdb.scriptsConfigMap` + ## + scriptsSecret: "" + ## @param primary.initdb.user Specify the PostgreSQL username to execute the initdb scripts + ## + user: "" + ## @param primary.initdb.password Specify the PostgreSQL password to execute the initdb scripts + ## + password: "" + ## Configure current cluster's primary server to be the standby server in other cluster. + ## This will allow cross cluster replication and provide cross cluster high availability. + ## You will need to configure pgHbaConfiguration if you want to enable this feature with local cluster replication enabled. + ## @param primary.standby.enabled Whether to enable current cluster's primary as standby server of another cluster or not + ## @param primary.standby.primaryHost The Host of replication primary in the other cluster + ## @param primary.standby.primaryPort The Port of replication primary in the other cluster + ## + standby: + enabled: false + primaryHost: "" + primaryPort: "" + ## @param primary.extraEnvVars Array with extra environment variables to add to PostgreSQL Primary nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes + ## + extraEnvVarsCM: "" + ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for PostgreSQL Primary nodes + ## + extraEnvVarsSecret: "" + ## @param primary.command Override default container command (useful when using custom images) + ## + command: [] + ## @param primary.args Override default container args (useful when using custom images) + ## + args: [] + ## Configure extra options for PostgreSQL Primary containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param primary.livenessProbe.enabled Enable livenessProbe on PostgreSQL Primary containers + ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param primary.readinessProbe.enabled Enable readinessProbe on PostgreSQL Primary containers + ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param primary.startupProbe.enabled Enable startupProbe on PostgreSQL Primary containers + ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe + ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param primary.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param primary.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param primary.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param primary.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param primary.lifecycleHooks for the PostgreSQL Primary container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## PostgreSQL Primary resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param primary.resources.limits The resources limits for the PostgreSQL Primary containers + ## @param primary.resources.requests.memory The requested memory for the PostgreSQL Primary containers + ## @param primary.resources.requests.cpu The requested cpu for the PostgreSQL Primary containers + ## + resources: + limits: {} + requests: + memory: 256Mi + cpu: 250m + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param primary.podSecurityContext.enabled Enable security context + ## @param primary.podSecurityContext.fsGroup Group ID for the pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param primary.containerSecurityContext.enabled Enable container security context + ## @param primary.containerSecurityContext.runAsUser User ID for the container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param primary.hostAliases PostgreSQL primary pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param primary.hostNetwork Specify if host network should be enabled for PostgreSQL pod (postgresql primary) + ## + hostNetwork: false + ## @param primary.hostIPC Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) + ## + hostIPC: false + ## @param primary.labels Map of labels to add to the statefulset (postgresql primary) + ## + labels: {} + ## @param primary.annotations Annotations for PostgreSQL primary pods + ## + annotations: {} + ## @param primary.podLabels Map of labels to add to the pods (postgresql primary) + ## + podLabels: {} + ## @param primary.podAnnotations Map of annotations to add to the pods (postgresql primary) + ## + podAnnotations: {} + ## @param primary.podAffinityPreset PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param primary.podAntiAffinityPreset PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## PostgreSQL Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param primary.nodeAffinityPreset.type PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param primary.nodeAffinityPreset.key PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param primary.nodeAffinityPreset.values PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param primary.affinity Affinity for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param primary.nodeSelector Node labels for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param primary.tolerations Tolerations for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param primary.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: {} + ## @param primary.priorityClassName Priority Class to use for each pod (postgresql primary) + ## + priorityClassName: "" + ## @param primary.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param primary.terminationGracePeriodSeconds Seconds PostgreSQL primary pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param primary.updateStrategy.type PostgreSQL Primary statefulset strategy type + ## @param primary.updateStrategy.rollingUpdate PostgreSQL Primary statefulset rolling update configuration parameters + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + rollingUpdate: {} + ## @param primary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s) + ## + extraVolumeMounts: [] + ## @param primary.extraVolumes Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s) + ## + extraVolumes: [] + ## @param primary.sidecars Add additional sidecar containers to the PostgreSQL Primary pod(s) + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param primary.initContainers Add additional init containers to the PostgreSQL Primary pod(s) + ## Example + ## + ## initContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + initContainers: [] + ## @param primary.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) + ## + extraPodSpec: {} + ## PostgreSQL Primary service configuration + ## + service: + ## @param primary.service.type Kubernetes Service type + ## + type: ClusterIP + ## @param primary.service.ports.postgresql PostgreSQL service port + ## + ports: + postgresql: 5432 + ## Node ports to expose + ## NOTE: choose port between <30000-32767> + ## @param primary.service.nodePorts.postgresql Node port for PostgreSQL + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + postgresql: "" + ## @param primary.service.clusterIP Static clusterIP or None for headless services + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param primary.service.annotations Annotations for PostgreSQL primary service + ## + annotations: {} + ## @param primary.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param primary.service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param primary.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param primary.service.extraPorts Extra ports to expose in the PostgreSQL primary service + ## + extraPorts: [] + ## PostgreSQL Primary persistence configuration + ## + persistence: + ## @param primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" + ## @param primary.persistence.mountPath The path the volume will be mounted at + ## Note: useful when using custom PostgreSQL images + ## + mountPath: /bitnami/postgresql + ## @param primary.persistence.subPath The subdirectory of the volume to mount to + ## Useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param primary.persistence.storageClass PVC Storage Class for PostgreSQL Primary data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.accessModes PVC Access Mode for PostgreSQL volume + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size PVC Storage Request for PostgreSQL volume + ## + size: 8Gi + ## @param primary.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param primary.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param primary.persistence.dataSource Custom PVC data source + ## + dataSource: {} + +## @section PostgreSQL read only replica parameters +## +readReplicas: + ## @param readReplicas.replicaCount Number of PostgreSQL read only replicas + ## + replicaCount: 1 + ## @param readReplicas.extraEnvVars Array with extra environment variables to add to PostgreSQL read only nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param readReplicas.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes + ## + extraEnvVarsCM: "" + ## @param readReplicas.extraEnvVarsSecret Name of existing Secret containing extra env vars for PostgreSQL read only nodes + ## + extraEnvVarsSecret: "" + ## @param readReplicas.command Override default container command (useful when using custom images) + ## + command: [] + ## @param readReplicas.args Override default container args (useful when using custom images) + ## + args: [] + ## Configure extra options for PostgreSQL read only containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param readReplicas.livenessProbe.enabled Enable livenessProbe on PostgreSQL read only containers + ## @param readReplicas.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param readReplicas.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param readReplicas.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param readReplicas.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param readReplicas.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param readReplicas.readinessProbe.enabled Enable readinessProbe on PostgreSQL read only containers + ## @param readReplicas.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param readReplicas.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param readReplicas.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param readReplicas.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param readReplicas.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param readReplicas.startupProbe.enabled Enable startupProbe on PostgreSQL read only containers + ## @param readReplicas.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param readReplicas.startupProbe.periodSeconds Period seconds for startupProbe + ## @param readReplicas.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param readReplicas.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param readReplicas.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param readReplicas.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param readReplicas.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param readReplicas.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param readReplicas.lifecycleHooks for the PostgreSQL read only container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## PostgreSQL read only resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param readReplicas.resources.limits The resources limits for the PostgreSQL read only containers + ## @param readReplicas.resources.requests.memory The requested memory for the PostgreSQL read only containers + ## @param readReplicas.resources.requests.cpu The requested cpu for the PostgreSQL read only containers + ## + resources: + limits: {} + requests: + memory: 256Mi + cpu: 250m + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param readReplicas.podSecurityContext.enabled Enable security context + ## @param readReplicas.podSecurityContext.fsGroup Group ID for the pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param readReplicas.containerSecurityContext.enabled Enable container security context + ## @param readReplicas.containerSecurityContext.runAsUser User ID for the container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param readReplicas.hostAliases PostgreSQL read only pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param readReplicas.hostNetwork Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) + ## + hostNetwork: false + ## @param readReplicas.hostIPC Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) + ## + hostIPC: false + ## @param readReplicas.labels Map of labels to add to the statefulset (PostgreSQL read only) + ## + labels: {} + ## @param readReplicas.annotations Annotations for PostgreSQL read only pods + ## + annotations: {} + ## @param readReplicas.podLabels Map of labels to add to the pods (PostgreSQL read only) + ## + podLabels: {} + ## @param readReplicas.podAnnotations Map of annotations to add to the pods (PostgreSQL read only) + ## + podAnnotations: {} + ## @param readReplicas.podAffinityPreset PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param readReplicas.podAntiAffinityPreset PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## PostgreSQL read only node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param readReplicas.nodeAffinityPreset.type PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param readReplicas.nodeAffinityPreset.key PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param readReplicas.nodeAffinityPreset.values PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param readReplicas.affinity Affinity for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param readReplicas.nodeSelector Node labels for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param readReplicas.tolerations Tolerations for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param readReplicas.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: {} + ## @param readReplicas.priorityClassName Priority Class to use for each pod (PostgreSQL read only) + ## + priorityClassName: "" + ## @param readReplicas.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param readReplicas.terminationGracePeriodSeconds Seconds PostgreSQL read only pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param readReplicas.updateStrategy.type PostgreSQL read only statefulset strategy type + ## @param readReplicas.updateStrategy.rollingUpdate PostgreSQL read only statefulset rolling update configuration parameters + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + rollingUpdate: {} + ## @param readReplicas.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s) + ## + extraVolumeMounts: [] + ## @param readReplicas.extraVolumes Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s) + ## + extraVolumes: [] + ## @param readReplicas.sidecars Add additional sidecar containers to the PostgreSQL read only pod(s) + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param readReplicas.initContainers Add additional init containers to the PostgreSQL read only pod(s) + ## Example + ## + ## initContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + initContainers: [] + ## @param readReplicas.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL read only pod(s) + ## + extraPodSpec: {} + ## PostgreSQL read only service configuration + ## + service: + ## @param readReplicas.service.type Kubernetes Service type + ## + type: ClusterIP + ## @param readReplicas.service.ports.postgresql PostgreSQL service port + ## + ports: + postgresql: 5432 + ## Node ports to expose + ## NOTE: choose port between <30000-32767> + ## @param readReplicas.service.nodePorts.postgresql Node port for PostgreSQL + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + postgresql: "" + ## @param readReplicas.service.clusterIP Static clusterIP or None for headless services + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param readReplicas.service.annotations Annotations for PostgreSQL read only service + ## + annotations: {} + ## @param readReplicas.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param readReplicas.service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param readReplicas.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param readReplicas.service.extraPorts Extra ports to expose in the PostgreSQL read only service + ## + extraPorts: [] + ## PostgreSQL read only persistence configuration + ## + persistence: + ## @param readReplicas.persistence.enabled Enable PostgreSQL read only data persistence using PVC + ## + enabled: true + ## @param readReplicas.persistence.mountPath The path the volume will be mounted at + ## Note: useful when using custom PostgreSQL images + ## + mountPath: /bitnami/postgresql + ## @param readReplicas.persistence.subPath The subdirectory of the volume to mount to + ## Useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param readReplicas.persistence.storageClass PVC Storage Class for PostgreSQL read only data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param readReplicas.persistence.accessModes PVC Access Mode for PostgreSQL volume + ## + accessModes: + - ReadWriteOnce + ## @param readReplicas.persistence.size PVC Storage Request for PostgreSQL volume + ## + size: 8Gi + ## @param readReplicas.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param readReplicas.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param readReplicas.persistence.dataSource Custom PVC data source + ## + dataSource: {} + +## @section NetworkPolicy parameters + +## Add networkpolicies +## +networkPolicy: + ## @param networkPolicy.enabled Enable network policies + ## + enabled: false + ## @param networkPolicy.metrics.enabled Enable network policies for metrics (prometheus) + ## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. + ## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. + ## + metrics: + enabled: false + ## e.g: + ## namespaceSelector: + ## label: monitoring + ## + namespaceSelector: {} + ## e.g: + ## podSelector: + ## label: monitoring + ## + podSelector: {} + ## Ingress Rules + ## + ingressRules: + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin. + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s). + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s). + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules [object] Custom network policy for the PostgreSQL primary node. + ## + primaryAccessOnlyFrom: + enabled: false + ## e.g: + ## namespaceSelector: + ## label: ingress + ## + namespaceSelector: {} + ## e.g: + ## podSelector: + ## label: access + ## + podSelector: {} + ## custom ingress rules + ## e.g: + ## customRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: {} + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin. + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s). + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s). + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules [object] Custom network policy for the PostgreSQL read-only nodes. + ## + readReplicasAccessOnlyFrom: + enabled: false + ## e.g: + ## namespaceSelector: + ## label: ingress + ## + namespaceSelector: {} + ## e.g: + ## podSelector: + ## label: access + ## + podSelector: {} + ## custom ingress rules + ## e.g: + ## CustomRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: {} + ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). + ## @param networkPolicy.egressRules.customRules [object] Custom network policy rule + ## + egressRules: + # Deny connections to external. This is not compatible with an external database. + denyConnectionsToExternal: false + ## Additional custom egress rules + ## e.g: + ## customRules: + ## - to: + ## - namespaceSelector: + ## matchLabels: + ## label: example + customRules: {} + +## @section Volume Permissions parameters + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r377 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## + resources: + limits: {} + requests: {} + ## Init container' Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.containerSecurityContext.runAsUser + ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container + ## + containerSecurityContext: + runAsUser: 0 + +## @section Other Parameters + +## Service account for PostgreSQL to use. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for PostgreSQL pod + ## + create: false + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: true + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## Creates role for ServiceAccount +## @param rbac.create Create Role and RoleBinding (required for PSP to work) +## +rbac: + create: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later +## +psp: + create: false + +## @section Metrics Parameters + +metrics: + ## @param metrics.enabled Start a prometheus exporter + ## + enabled: false + ## @param metrics.image.registry PostgreSQL Prometheus Exporter image registry + ## @param metrics.image.repository PostgreSQL Prometheus Exporter image repository + ## @param metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) + ## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy + ## @param metrics.image.pullSecrets Specify image pull secrets + ## + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.10.1-debian-10-r65 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database: + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + customMetrics: {} + ## @param metrics.extraEnvVars Extra environment variables to add to PostgreSQL Prometheus exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + ## extraEnvVars: + ## - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + ## value: "true" + ## + extraEnvVars: [] + ## PostgreSQL Prometheus exporter containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param metrics.containerSecurityContext.enabled Enable PostgreSQL Prometheus exporter containers' Security Context + ## @param metrics.containerSecurityContext.runAsUser Set PostgreSQL Prometheus exporter containers' Security Context runAsUser + ## @param metrics.containerSecurityContext.runAsNonRoot Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param metrics.readinessProbe.enabled Enable readinessProbe on PostgreSQL Prometheus exporter containers + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param metrics.startupProbe.enabled Enable startupProbe on PostgreSQL Prometheus exporter containers + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param metrics.containerPorts.metrics PostgreSQL Prometheus exporter metrics container port + ## + containerPorts: + metrics: 9187 + ## PostgreSQL Prometheus exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param metrics.resources.limits The resources limits for the PostgreSQL Prometheus exporter container + ## @param metrics.resources.requests The requested resources for the PostgreSQL Prometheus exporter container + ## + resources: + limits: {} + requests: {} + ## Service configuration + ## + service: + ## @param metrics.service.ports.metrics PostgreSQL Prometheus Exporter service port + ## + ports: + metrics: 9187 + ## @param metrics.service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a PrometheusRule for Prometheus Operator + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.labels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + labels: {} + ## @param metrics.prometheusRule.rules PrometheusRule definitions + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ printf "%s-metrics" (include "common.names.fullname" .) }}"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ include "common.names.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + ## + rules: [] diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/.helmignore b/packer/ansible/roles/helm_install/files/rabbitmq/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/Chart.lock b/packer/ansible/roles/helm_install/files/rabbitmq/Chart.lock new file mode 100644 index 0000000..d8cafb6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.17.1 +digest: sha256:dacc73770a5640c011e067ff8840ddf89631fc19016c8d0a9e5ea160e7da8690 +generated: "2022-09-21T13:15:49.012454903+09:00" diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/Chart.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/Chart.yaml new file mode 100644 index 0000000..da574f8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/Chart.yaml @@ -0,0 +1,26 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 3.9.15 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: RabbitMQ is an open source general-purpose message broker that is designed + for consistent, highly-available messaging scenarios (both synchronous and asynchronous). +home: https://github.com/bitnami/charts/tree/master/bitnami/rabbitmq +icon: https://bitnami.com/assets/stacks/rabbitmq/img/rabbitmq-stack-220x234.png +keywords: +- rabbitmq +- message queue +- AMQP +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: rabbitmq +sources: +- https://github.com/bitnami/bitnami-docker-rabbitmq +- https://www.rabbitmq.com +version: 8.31.4 diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/README.md b/packer/ansible/roles/helm_install/files/rabbitmq/README.md new file mode 100644 index 0000000..d13d278 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/README.md @@ -0,0 +1,604 @@ + + +# RabbitMQ packaged by Bitnami + +RabbitMQ is an open source general-purpose message broker that is designed for consistent, highly-available messaging scenarios (both synchronous and asynchronous). + +[Overview of RabbitMQ](https://www.rabbitmq.com) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/rabbitmq +``` + +## Introduction + +This chart bootstraps a [RabbitMQ](https://github.com/bitnami/bitnami-docker-rabbitmq) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release bitnami/rabbitmq +``` + +The command deploys RabbitMQ on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + + +### RabbitMQ Image parameters + +| Name | Description | Value | +| ------------------- | -------------------------------------------------------------- | --------------------- | +| `image.registry` | RabbitMQ image registry | `docker.io` | +| `image.repository` | RabbitMQ image repository | `bitnami/rabbitmq` | +| `image.tag` | RabbitMQ image tag (immutable tags are recommended) | `3.9.14-debian-10-r5` | +| `image.pullPolicy` | RabbitMQ image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Set to true if you would like to see extra information on logs | `false` | + + +### Common parameters + +| Name | Description | Value | +| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | +| `nameOverride` | String to partially override rabbitmq.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override rabbitmq.fullname template | `""` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `auth.username` | RabbitMQ application username | `user` | +| `auth.password` | RabbitMQ application password | `""` | +| `auth.existingPasswordSecret` | Existing secret with RabbitMQ credentials (must contain a value for `rabbitmq-password` key) | `""` | +| `auth.erlangCookie` | Erlang cookie to determine whether different nodes are allowed to communicate with each other | `""` | +| `auth.existingErlangSecret` | Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key) | `""` | +| `auth.tls.enabled` | Enable TLS support on RabbitMQ | `false` | +| `auth.tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | +| `auth.tls.failIfNoPeerCert` | When set to true, TLS connection will be rejected if client fails to provide a certificate | `true` | +| `auth.tls.sslOptionsVerify` | Should [peer verification](https://www.rabbitmq.com/ssl.html#peer-verification) be enabled? | `verify_peer` | +| `auth.tls.caCertificate` | Certificate Authority (CA) bundle content | `""` | +| `auth.tls.serverCertificate` | Server certificate content | `""` | +| `auth.tls.serverKey` | Server private key content | `""` | +| `auth.tls.existingSecret` | Existing secret with certificate content to RabbitMQ credentials | `""` | +| `auth.tls.existingSecretFullChain` | Whether or not the existing secret contains the full chain in the certificate (`tls.crt`). Will be used in place of `ca.cert` if `true`. | `false` | +| `logs` | Path of the RabbitMQ server's Erlang log file. Value for the `RABBITMQ_LOGS` environment variable | `-` | +| `ulimitNofiles` | RabbitMQ Max File Descriptors | `65536` | +| `maxAvailableSchedulers` | RabbitMQ maximum available scheduler threads | `""` | +| `onlineSchedulers` | RabbitMQ online scheduler threads | `""` | +| `memoryHighWatermark.enabled` | Enable configuring Memory high watermark on RabbitMQ | `false` | +| `memoryHighWatermark.type` | Memory high watermark type. Either `absolute` or `relative` | `relative` | +| `memoryHighWatermark.value` | Memory high watermark value | `0.4` | +| `plugins` | List of default plugins to enable (should only be altered to remove defaults; for additional plugins use `extraPlugins`) | `rabbitmq_management rabbitmq_peer_discovery_k8s` | +| `communityPlugins` | List of Community plugins (URLs) to be downloaded during container initialization | `""` | +| `extraPlugins` | Extra plugins to enable (single string containing a space-separated list) | `rabbitmq_auth_backend_ldap` | +| `clustering.enabled` | Enable RabbitMQ clustering | `true` | +| `clustering.addressType` | Switch clustering mode. Either `ip` or `hostname` | `hostname` | +| `clustering.rebalance` | Rebalance master for queues in cluster when new replica is created | `false` | +| `clustering.forceBoot` | Force boot of an unexpectedly shut down cluster (in an unexpected order). | `false` | +| `clustering.partitionHandling` | Switch Partition Handling Strategy. Either `autoheal` or `pause-minority` or `pause-if-all-down` or `ignore` | `autoheal` | +| `loadDefinition.enabled` | Enable loading a RabbitMQ definitions file to configure RabbitMQ | `false` | +| `loadDefinition.file` | Name of the definitions file | `/app/load_definition.json` | +| `loadDefinition.existingSecret` | Existing secret with the load definitions file | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `terminationGracePeriodSeconds` | Default duration in seconds k8s waits for container to exit before sending kill signal. | `120` | +| `extraEnvVars` | Extra environment variables to add to RabbitMQ pods | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables (in case of sensitive data) | `""` | +| `extraContainerPorts` | Extra ports to be included in container spec, primarily informational | `[]` | +| `configuration` | RabbitMQ Configuration file content: required cluster configuration | `""` | +| `extraConfiguration` | Configuration file content: extra configuration to be appended to RabbitMQ configuration | `""` | +| `advancedConfiguration` | Configuration file content: advanced configuration | `""` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.servers` | List of LDAP servers hostnames | `[]` | +| `ldap.port` | LDAP servers port | `389` | +| `ldap.user_dn_pattern` | Pattern used to translate the provided username into a value to be used for the LDAP bind | `cn=${username},dc=example,dc=org` | +| `ldap.tls.enabled` | If you enable TLS/SSL you can set advanced options using the `advancedConfiguration` parameter | `false` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes . | `[]` | +| `extraSecrets` | Optionally specify extra secrets to be created by the chart. | `{}` | +| `extraSecretsPrependReleaseName` | Set this flag to true if extraSecrets should be created with prepended. | `false` | + + +### Statefulset parameters + +| Name | Description | Value | +| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | --------------- | +| `replicaCount` | Number of RabbitMQ replicas to deploy | `1` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `podManagementPolicy` | Pod management policy | `OrderedReady` | +| `podLabels` | RabbitMQ Pod labels. Evaluated as a template | `{}` | +| `podAnnotations` | RabbitMQ Pod annotations. Evaluated as a template | `{}` | +| `updateStrategyType` | Update strategy type for RabbitMQ statefulset | `RollingUpdate` | +| `statefulsetLabels` | RabbitMQ statefulset labels. Evaluated as a template | `{}` | +| `priorityClassName` | Name of the priority class to be used by RabbitMQ pods, priority class needs to be created beforehand | `""` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment. Evaluated as a template | `{}` | +| `nodeSelector` | Node labels for pod assignment. Evaluated as a template | `{}` | +| `tolerations` | Tolerations for pod assignment. Evaluated as a template | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `podSecurityContext.enabled` | Enable RabbitMQ pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Group ID for the filesystem used by the containers | `1001` | +| `podSecurityContext.runAsUser` | User ID for the service user running the pod | `1001` | +| `containerSecurityContext` | RabbitMQ containers' Security Context | `{}` | +| `resources.limits` | The resources limits for RabbitMQ containers | `{}` | +| `resources.requests` | The requested resources for RabbitMQ containers | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `20` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `20` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `customStartupProbe` | Define a custom startup probe | `{}` | +| `initContainers` | Add init containers to the RabbitMQ pod | `[]` | +| `sidecars` | Add sidecar containers to the RabbitMQ pod | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | + + +### RBAC parameters + +| Name | Description | Value | +| --------------------------------------------- | --------------------------------------------------- | ------ | +| `serviceAccount.create` | Enable creation of ServiceAccount for RabbitMQ pods | `true` | +| `serviceAccount.name` | Name of the created serviceAccount | `""` | +| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `true` | +| `rbac.create` | Whether RBAC rules should be created | `true` | + + +### Persistence parameters + +| Name | Description | Value | +| --------------------------- | ------------------------------------------------ | -------------------------- | +| `persistence.enabled` | Enable RabbitMQ data persistence using PVC | `true` | +| `persistence.storageClass` | PVC Storage Class for RabbitMQ data volume | `""` | +| `persistence.selector` | Selector to match an existing Persistent Volume | `{}` | +| `persistence.accessMode` | PVC Access Mode for RabbitMQ data volume | `ReadWriteOnce` | +| `persistence.existingClaim` | Provide an existing PersistentVolumeClaims | `""` | +| `persistence.mountPath` | The path the volume will be mounted at | `/bitnami/rabbitmq/mnesia` | +| `persistence.subPath` | The subdirectory of the volume to mount to | `""` | +| `persistence.size` | PVC Storage Request for RabbitMQ data volume | `8Gi` | +| `persistence.volumes` | Additional volumes without creating PVC | `[]` | +| `persistence.annotations` | Persistence annotations. Evaluated as a template | `{}` | + + +### Exposure parameters + +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.portEnabled` | Amqp port. Cannot be disabled when `auth.tls.enabled` is `false`. Listener can be disabled with `listeners.tcp = none`. | `true` | +| `service.port` | Amqp port | `5672` | +| `service.portName` | Amqp service port name | `amqp` | +| `service.tlsPort` | Amqp TLS port | `5671` | +| `service.tlsPortName` | Amqp TLS service port name | `amqp-ssl` | +| `service.nodePort` | Node port override for `amqp` port, if serviceType is `NodePort` or `LoadBalancer` | `""` | +| `service.tlsNodePort` | Node port override for `amqp-ssl` port, if serviceType is `NodePort` or `LoadBalancer` | `""` | +| `service.distPortEnabled` | Erlang distribution server port | `true` | +| `service.distPort` | Erlang distribution server port | `25672` | +| `service.distPortName` | Erlang distribution service port name | `dist` | +| `service.distNodePort` | Node port override for `dist` port, if serviceType is `NodePort` | `""` | +| `service.managerPortEnabled` | RabbitMQ Manager port | `true` | +| `service.managerPort` | RabbitMQ Manager port | `15672` | +| `service.managerPortName` | RabbitMQ Manager service port name | `http-stats` | +| `service.managerNodePort` | Node port override for `http-stats` port, if serviceType `NodePort` | `""` | +| `service.metricsPort` | RabbitMQ Prometheues metrics port | `9419` | +| `service.metricsPortName` | RabbitMQ Prometheues metrics service port name | `metrics` | +| `service.metricsNodePort` | Node port override for `metrics` port, if serviceType is `NodePort` | `""` | +| `service.epmdPortEnabled` | RabbitMQ EPMD Discovery service port | `true` | +| `service.epmdNodePort` | Node port override for `epmd` port, if serviceType is `NodePort` | `""` | +| `service.epmdPortName` | EPMD Discovery service port name | `epmd` | +| `service.extraPorts` | Extra ports to expose in the service | `[]` | +| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is `LoadBalancer` | `[]` | +| `service.externalIPs` | Set the ExternalIPs | `[]` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.loadBalancerIP` | Set the LoadBalancerIP | `""` | +| `service.labels` | Service labels. Evaluated as a template | `{}` | +| `service.annotations` | Service annotations. Evaluated as a template | `{}` | +| `service.annotationsHeadless` | Headless Service annotations. Evaluated as a template | `{}` | +| `ingress.enabled` | Enable ingress resource for Management console | `false` | +| `ingress.path` | Path for the default host. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.hostname` | Default host for the ingress resource | `rabbitmq.local` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` | +| `ingress.selfSigned` | Set this to true in order to create a TLS secret for this ingress record | `false` | +| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.extraRules` | The list of additional rules to be added to this ingress record. Evaluated as a template | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.additionalRules` | Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. | `[]` | + + +### Metrics Parameters + +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------ | --------------------- | +| `metrics.enabled` | Enable exposing RabbitMQ metrics to be gathered by Prometheus | `false` | +| `metrics.plugins` | Plugins to enable Prometheus metrics in RabbitMQ | `rabbitmq_prometheus` | +| `metrics.podAnnotations` | Annotations for enabling prometheus to access the metrics endpoint | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` | +| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabellings` | MetricsRelabelConfigs to apply to samples before ingestion. DEPRECATED: Will be removed in next major. | `[]` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | +| `metrics.serviceMonitor.targetLabels` | Used to keep given service's labels in target | `{}` | +| `metrics.serviceMonitor.podTargetLabels` | Used to keep given pod's labels in target | `{}` | +| `metrics.serviceMonitor.path` | Define the path used by ServiceMonitor to scrap metrics | `""` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` | +| `metrics.prometheusRule.rules` | List of rules, used as template by Helm. | `[]` | + + +### Init Container Parameters + +| Name | Description | Value | +| -------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r378` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | + + +The above parameters map to the env variables defined in [bitnami/rabbitmq](https://github.com/bitnami/bitnami-docker-rabbitmq). For more information please refer to the [bitnami/rabbitmq](https://github.com/bitnami/bitnami-docker-rabbitmq) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.username=admin,auth.password=secretpassword,auth.erlangCookie=secretcookie \ + bitnami/rabbitmq +``` + +The above command sets the RabbitMQ admin username and password to `admin` and `secretpassword` respectively. Additionally the secure erlang cookie is set to `secretcookie`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml bitnami/rabbitmq +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Set pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +### Scale horizontally + +To horizontally scale this chart once it has been deployed, two options are available: + +- Use the `kubectl scale` command. +- Upgrade the chart modifying the `replicaCount` parameter. + +> NOTE: It is mandatory to specify the password and Erlang cookie that was set the first time the chart was installed when upgrading the chart. + +When scaling down the solution, unnecessary RabbitMQ nodes are automatically stopped, but they are not removed from the cluster. You need to manually remove them by running the `rabbitmqctl forget_cluster_node` command. + +Refer to the chart documentation for [more information on scaling the Rabbit cluster horizontally](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/administration/scale-deployment/). + +### Enable TLS support + +To enable TLS support, first generate the certificates as described in the [RabbitMQ documentation for SSL certificate generation](https://www.rabbitmq.com/ssl.html#automated-certificate-generation). + +Once the certificates are generated, you have two alternatives: + +* Create a secret with the certificates and associate the secret when deploying the chart +* Include the certificates in the *values.yaml* file when deploying the chart + +Set the *auth.tls.failIfNoPeerCert* parameter to *false* to allow a TLS connection if the client fails to provide a certificate. + +Set the *auth.tls.sslOptionsVerify* to *verify_peer* to force a node to perform peer verification. When set to *verify_none*, peer verification will be disabled and certificate exchange won't be performed. + +Refer to the chart documentation for [more information and examples of enabling TLS and using Let's Encrypt certificates](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/administration/enable-tls-ingress/). + +### Load custom definitions + +It is possible to [load a RabbitMQ definitions file to configure RabbitMQ](https://www.rabbitmq.com/management.html#load-definitions). + +Because definitions may contain RabbitMQ credentials, [store the JSON as a Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod). Within the secret's data, choose a key name that corresponds with the desired load definitions filename (i.e. `load_definition.json`) and use the JSON object as the value. + +Next, specify the `load_definitions` property as an `extraConfiguration` pointing to the load definition file path within the container (i.e. `/app/load_definition.json`) and set `loadDefinition.enable` to `true`. Any load definitions specified will be available within in the container at `/app`. + +> NOTE: Loading a definition will take precedence over any configuration done through [Helm values](#parameters). + +If needed, you can use `extraSecrets` to let the chart create the secret for you. This way, you don't need to manually create it before deploying a release. These secrets can also be templated to use supplied chart values. + +Refer to the chart documentation for [more information and configuration examples of loading custom definitions](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/configuration/load-files/). + +### Configure LDAP support + +LDAP support can be enabled in the chart by specifying the `ldap.*` parameters while creating a release. Refer to the chart documentation for [more information and a configuration example](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/configuration/configure-ldap/). + +### Configure memory high watermark + +It is possible to configure a memory high watermark on RabbitMQ to define [memory thresholds](https://www.rabbitmq.com/memory.html#threshold) using the `memoryHighWatermark.*` parameters. To do so, you have two alternatives: + +* Set an absolute limit of RAM to be used on each RabbitMQ node, as shown in the configuration example below: + +``` +memoryHighWatermark.enabled="true" +memoryHighWatermark.type="absolute" +memoryHighWatermark.value="512MB" +``` + +* Set a relative limit of RAM to be used on each RabbitMQ node. To enable this feature, define the memory limits at pod level too. An example configuration is shown below: + +``` +memoryHighWatermark.enabled="true" +memoryHighWatermark.type="relative" +memoryHighWatermark.value="0.4" +resources.limits.memory="2Gi" +``` + +### Add extra environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `.extraEnvVarsCM` or the `extraEnvVarsSecret` properties. + +### Use plugins + +The Bitnami Docker RabbitMQ image ships a set of plugins by default. By default, this chart enables `rabbitmq_management` and `rabbitmq_peer_discovery_k8s` since they are required for RabbitMQ to work on K8s. + +To enable extra plugins, set the `extraPlugins` parameter with the list of plugins you want to enable. In addition to this, the `communityPlugins` parameter can be used to specify a list of URLs (separated by spaces) for custom plugins for RabbitMQ. + +Refer to the chart documentation for [more information on using RabbitMQ plugins](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/configuration/use-plugins/). + +### Recover the cluster from complete shutdown + +> IMPORTANT: Some of these procedures can lead to data loss. Always make a backup beforehand. + +The RabbitMQ cluster is able to support multiple node failures but, in a situation in which all the nodes are brought down at the same time, the cluster might not be able to self-recover. + +This happens if the pod management policy of the statefulset is not `Parallel` and the last pod to be running wasn't the first pod of the statefulset. If that happens, update the pod management policy to recover a healthy state: + +```console +$ kubectl delete statefulset STATEFULSET_NAME --cascade=false +$ helm upgrade RELEASE_NAME bitnami/rabbitmq \ + --set podManagementPolicy=Parallel \ + --set replicaCount=NUMBER_OF_REPLICAS \ + --set auth.password=PASSWORD \ + --set auth.erlangCookie=ERLANG_COOKIE +``` + +For a faster resyncronization of the nodes, you can temporarily disable the readiness probe by setting `readinessProbe.enabled=false`. Bear in mind that the pods will be exposed before they are actually ready to process requests. + +If the steps above don't bring the cluster to a healthy state, it could be possible that none of the RabbitMQ nodes think they were the last node to be up during the shutdown. In those cases, you can force the boot of the nodes by specifying the `clustering.forceBoot=true` parameter (which will execute [`rabbitmqctl force_boot`](https://www.rabbitmq.com/rabbitmqctl.8.html#force_boot) in each pod): + +```console +$ helm upgrade RELEASE_NAME bitnami/rabbitmq \ + --set podManagementPolicy=Parallel \ + --set clustering.forceBoot=true \ + --set replicaCount=NUMBER_OF_REPLICAS \ + --set auth.password=PASSWORD \ + --set auth.erlangCookie=ERLANG_COOKIE +``` + +More information: [Clustering Guide: Restarting](https://www.rabbitmq.com/clustering.html#restarting). + +### Known issues + +- Changing the password through RabbitMQ's UI can make the pod fail due to the default liveness probes. If you do so, remember to make the chart aware of the new password. Updating the default secret with the password you set through RabbitMQ's UI will automatically recreate the pods. If you are using your own secret, you may have to manually recreate the pods. + +## Persistence + +The [Bitnami RabbitMQ](https://github.com/bitnami/bitnami-docker-rabbitmq) image stores the RabbitMQ data and configurations at the `/opt/bitnami/rabbitmq/var/lib/rabbitmq/` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. By default, the volume is created using dynamic volume provisioning. An existing PersistentVolumeClaim can also be defined. + +### Use existing PersistentVolumeClaims + +1. Create the PersistentVolume +1. Create the PersistentVolumeClaim +1. Install the chart + +```bash +$ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/rabbitmq +``` + +### Adjust permissions of the persistence volume mountpoint + +As the image runs as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. +As an alternative, this chart supports using an `initContainer` to change the ownership of the volume before mounting it in the final destination. + +You can enable this `initContainer` by setting `volumePermissions.enabled` to `true`. + +### Configure the default user/vhost + +If you want to create default user/vhost and set the default permission. you can use `extraConfiguration`: + +```yaml +auth: + username: default-user +extraConfiguration: |- + default_vhost = default-vhost + default_permissions.configure = .* + default_permissions.read = .* + default_permissions.write = .* +``` + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +It's necessary to set the `auth.password` and `auth.erlangCookie` parameters when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password and the cookie, and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release bitnami/rabbitmq --set auth.password=[PASSWORD] --set auth.erlangCookie=[RABBITMQ_ERLANG_COOKIE] +``` + +| Note: you need to substitute the placeholders [PASSWORD] and [RABBITMQ_ERLANG_COOKIE] with the values obtained in the installation notes. + +### To 8.21.0 + +This new version of the chart bumps the RabbitMQ version to `3.9.1`. It is considered a minor release, and no breaking changes are expected. Additionally, RabbitMQ `3.9.X` nodes can run alongside `3.8.X` nodes. + +See the [Upgrading guide](https://www.rabbitmq.com/upgrade.html) and the [RabbitMQ change log](https://www.rabbitmq.com/changelog.html) for further documentation. + +### To 8.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/administration/upgrade-helm3/). + +### To 7.0.0 + +- Several parameters were renamed or disappeared in favor of new ones on this major version: + - `replicas` is renamed to `replicaCount`. + - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. + - Authentication parameters were reorganized under the `auth.*` parameter: + - `rabbitmq.username`, `rabbitmq.password`, and `rabbitmq.erlangCookie` are now `auth.username`, `auth.password`, and `auth.erlangCookie` respectively. + - `rabbitmq.tls.*` parameters are now under `auth.tls.*`. + - Parameters prefixed with `rabbitmq.` were renamed removing the prefix. E.g. `rabbitmq.configuration` -> renamed to `configuration`. + - `rabbitmq.rabbitmqClusterNodeName` is deprecated. + - `rabbitmq.setUlimitNofiles` is deprecated. + - `forceBoot.enabled` is renamed to `clustering.forceBoot`. + - `loadDefinition.secretName` is renamed to `loadDefinition.existingSecret`. + - `metics.port` is remamed to `service.metricsPort`. + - `service.extraContainerPorts` is renamed to `extraContainerPorts`. + - `service.nodeTlsPort` is renamed to `service.tlsNodePort`. + - `podDisruptionBudget` is deprecated in favor of `pdb.create`, `pdb.minAvailable`, and `pdb.maxUnavailable`. + - `rbacEnabled` -> deprecated in favor of `rbac.create`. + - New parameters: `serviceAccount.create`, and `serviceAccount.name`. + - New parameters: `memoryHighWatermark.enabled`, `memoryHighWatermark.type`, and `memoryHighWatermark.value`. +- Chart labels and Ingress configuration were adapted to follow the Helm charts best practices. +- Initialization logic now relies on the container. +- This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +Consequences: + +- Backwards compatibility is not guaranteed. +- Compatibility with non Bitnami images is not guaranteed anymore. + +### To 6.0.0 + +This new version updates the RabbitMQ image to a [new version based on bash instead of node.js](https://github.com/bitnami/bitnami-docker-rabbitmq#3715-r18-3715-ol-7-r19). However, since this Chart overwrites the container's command, the changes to the container shouldn't affect the Chart. To upgrade, it may be needed to enable the `fastBoot` option, as it is already the case from upgrading from 5.X to 5.Y. + +### To 5.0.0 + +This major release changes the clustering method from `ip` to `hostname`. +This change is needed to fix the persistence. The data dir will now depend on the hostname which is stable instead of the pod IP that might change. + +> IMPORTANT: Note that if you upgrade from a previous version you will lose your data. + +### To 3.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is rabbitmq: + +```console +$ kubectl delete statefulset rabbitmq --cascade=false +``` + +## Bitnami Kubernetes Documentation + +Bitnami Kubernetes documentation is available at [https://docs.bitnami.com/](https://docs.bitnami.com/). You can find there the following resources: + +- [Documentation for RabbitMQ Helm chart](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/) +- [Get Started with Kubernetes guides](https://docs.bitnami.com/kubernetes/) +- [Bitnami Helm charts documentation](https://docs.bitnami.com/kubernetes/apps/) +- [Kubernetes FAQs](https://docs.bitnami.com/kubernetes/faq/) +- [Kubernetes Developer guides](https://docs.bitnami.com/tutorials/) + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common-1.17.1.tgz b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common-1.17.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d2e66eb702c03db2f57932528265520573877492 GIT binary patch literal 14611 zcmV+uIqb$CiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhciT9U=zP|%s7t3eb|#`EJ8@<_o4xBenHit%PJHcja%Q{d zwjmOd(53)30LsxMxxf7$yh!k+hb=#{Yko*%5-1c3RfR&KP>9%c%4qLsg18LlXqxLw~UQ>_z_%(7yp(YELF4;(zF0 zyRB;HzL5t}$|RD6QE|`#h>*l%#^(ocOh+6E$+Jji9CuJkK42~gqX#hC?VvQx{~Uya z7vZ22V-azZO8xE-ejr1R_#FO@lPPHSf)V2|<}6DI9fM&!NZ6P}FvRi_V+uneDVh?9 zRCy700NziCFn_-hFW|uT!C>FhhjhS%Yx>Lk2!jz6X7kGZjcq|S& zUE8rv7bZAKG4FIi;%S;7i91~wWi(P0>U3RSJ5xlcM1*3lt5c*p^2&Y$$au0szdELx zZCkL6M_7YfUb853d3hQ7-R{VFiVq+$BiWf%2K=sB_u<*VWA*g;=+o`6mRyq%=crgdAe|c=LhilGlUm-4qw0KUjSH& zIg*Skd)j+#x_RKe0Z_f-h>kIY=5ra6YDYBzU*PwQNnHJ^s$&|v*O!=#C-MLW9rvMI zAIAye@wLWL0l3+5G%ctqZaP|h7!`ywoZv_@{vPwGC3yE+8p{Qvca4F|$4m)(0D+N~ z8yP_}c&1Ne1o(FdRimy=+jISOHLVeP0C6I48LHuzb)cFWC8(C(3uv!3V9H`g|DO6y zC0TzwQWjVAVZ^2>qnOHkEbu4E(T|F0e?UW=hycP5#$d00QMIYWpJV`!Rvsr01=sCI zITCR2QdLD+A|VJMEI#CAYe;xibf0#hj_B1@b3t__)K2gc1=dM>A&t|b$pbyO+tsnq z6-78Lk=Igj2fhF$G*;am^vhyu8JaQ)+jyGFxkt2}YEeizp>hNPO4INn8)8ne#3CfD zmsdJ~??m8JzSf+l->Z7&(FLAAg-2Ry75(djQpM*?NuYsMat=Q!G*x;ga5L z;Bs9s%!?Oftv4iD$`Ur7f3LJ}nLZOH)cORkIjwC@I7^e<-3Vtf3*Me^u0P*)n}u+5 zBKRktGgp?s>q}pQ>|IgvR+hU;lXaQ9p2V#pZwn-BW5RVihKOlt19pfvQ*O=-@g#hi z6|(vDUw!=_p%e{CvOy2P;`RSvu>1U3W&OY3fBx)Y{eK(J71sZ9fLkGn* z&;s`doxy}mqnD&ad`13J@IdnbP;FtH#S_6Xs+~a^43rp zXseOR72O(^ZAftFSVW2G4GtsZg4VjS@;oB=IOq#L8;QuW_5CvR%ImA`v>~ zScnw~?$4x%A*n&?UguK)WMVzsGHw@d{@Sm^UaFaUSh!%dJ+HKEWr>_o=fMXj( zv!Yb-A&S<}H`kxs1LD@pujTU7z((N(#1Li*zkD zH%GO@ljAeYXC%Ta(hjA>Ral*b{Y{XN<1rDEug`z2bvH-Gzbn>eRH6hKt=!zGcE z%8FWnu~dEvmlG0AK#>{|DgaSHajcz_D1qSf*RKIU9^@K!Y_zFDiwM7MBme=&WBf@w zc7aeKF^YkWv>SHRjstxC3PT*BOke|<(6MGu)$a>z0%ToTLgC-{!aX(nWQkN50D^!} ziTMacSW{%gG8zYfIcJKKpS))<#K7^C&2S8t6Kn({LJ}ox{8+%0P%_PE(`Y<-vZ7I) zr77c5c(|72!J|y@d3*MAzx(HZ?mYSV|9<`FldoSN1+ZNr4}1a1&Lmfqu%3DaN3+i& zZo6w=*?-5U?*G+{wXxW*KP->`+8aC@RQ$isUhM5X_=g< zSvuw@R&tyP^{?57OOX&d9NxypfSe!+3ZzzGLu|^0oz71Jjq!omsGOmM#M&5mqZ;V< z;oxO$+oUKYY-CNS8cuMiLFU^@`rG$<7b!(@5=s_2tor=`0)ZorW&YzWn&JS05y45U ztC*tQem^MY=Ng8Co5FCg28M$i!x}19lFcCD9K5Jw;&&_GYHJvgItg~lo7&1IICXKu zu0cos2g{5+rku@4 zjA70)4pGK66$<&S2)VK=xNSUWZ}g=#B}*@ZUno?cw@hNA9PkWNKqHAcaIB0glq9$MMN`evrQ#4l$KrxPuVJ0Vd?%rPDRN0J>DkDWm)tebhvMGirL1Zd6g7#lC zE+?1+p(DnphC3rfRr_qHkMhKTWPYqBW|1hJs~Ka8IZApHcG;DzCppW82^JH^WOss- zsR@$r5+O1ydRs;3yN3O`mlKlUZayxyyd4>Fg)V+qsbu3NO2z67`2|LZB)7h0{qSt? zsoQ^KipHCZ{r|&q`|sJa=P#=E-~Nji5BA?}JZsp0p4TPiEL93nu?pB=p_=(&8A<;a zz&03bL;rcom@MMtoc$vw*p!CA?A|+*qHQ)Vw~*Uu*0D5KHj|nG!@SMVeew&ZOc2Rh zio1_R1&PL$QtFMjr1kwd&4COyHo-t}7`foDdKX@{)M$-5@P3m~1(@&b8A0%!=zS*+ zbm&{DSd}ii+wE>64atF7P;nKPo@K7rEV{rPjx|H%eLmCHFeuOhwqu-f93hG01JDkZ z5?^pkW6V#oBr&ywbKC4JVAr%LUSZnYFmC1B!PE9{yE_F}mt#~`Vet}Ho{{OjS4^qV zQ#7sen$LmuV1mz5K8?D06k@G~mw?h#ja%t$*vN?GzdEI+O{YrL?3eVG5FsPj_9I6< zFgtoYs$@B+U|MQex8ja&>w_H?JW6P6j{mV*L?Wq_j$LUhbJ$Jg3z)nn85?Ky%A#-y zdpF>-oXPE1x3E(>+5IjJv@6jbTxN%~vD^j(q_!&{)5N+4OvlSkfdE3Eer}&&=e~&9 zt#{`h3F}>(Ya4$W?0*}&vAG4nQu}|fTRs2VfAQe|y_IL3_}{;2zlFpwMA3zk2u#(K zq#Za!DB~+dk_;1Uw&hTg_yNL)C&zC0N%*ec`W$5$(6*9m6JfTvttZrewSU=fCydMD zoBgZmpFHurksi$45gF>)71#(61^kH!J;B6If618Iiff>r6)`mOz z(}+MRlHHQZ0VGtGq3smkMhQc5|5^3BYfiIjy}>Vv#TsVH#jCm#6H*|#G6QU6fYJlX zWPCqQG3fma#m{z!8OJLq2Dcl1Vxa_P4qwKy^=clYZ8t>7{Auk7nOca<2qgk94%RTl zxmuKk?b=a-gwWdNTJ$`wKwFcp_3DcQkk%*fjZ-%#ZiKn)P7y_8y(3{aw7g_#T6@0# z;S2;BQyh0x1u`O$vY|kAQB9}BEa)s@{OX-kJSx(9`K>8U6|+e6GBs{JOXS{GKA>G6 z%<{oiuzxh5)ii*GEY^A+q!w?S)6-tZ7q90QwCZ*#jjEa;@jaeH33N~;M3iJgVs5rV zxKi^gRm+Qe`syLNr17cS|MoEM?fL%)gPQ&SZ2$T52mAjvo;Cdco-HpVqA}vJIq)r7 z)q&+DSKR1;`XTJx#%Vv#Z0Dj0PNt!lnB0X6s_5^wPQ5+7!Av7-SGnzUXQCpUj$-6G89`xt8 z{?zrqVTui^|E2z){k`W^{r~(S{_l34HT3_RPpQ&S%A%##L81eVb?WF=HRbD=Zc)S@ zh1PYoHgV>sD*0}PIVUlOFUoAA5$x~jpJaNLjYi}X1l_t#Z;(9V7)gtiK~v%EqMng3 zq2|MRfx4N)mUX~RDD_Rx?sv*|_B&#JJ4eJ9;5bcCgdzB20Ku=p)jNf9!i};dnZxfH zO2~+)g-M#~&W4?j*g)6irD{WAF7gm`!KT>v$`z|dvusJolvpQ}oDc!qmQ=6bo~g3h z6PDs=C+r-LTr8LYk_Xv)v?qmwOVeG4(JSOFwu@=53f2~qj!)djoL9P)BZ##EE79Fw zLO!B4B4A~H_3+HeVW5O-`P2Q>%(j zHSV=6LXBUqElQ10H!V_!Ny0AusM;dWlMQobhCDGgN7|-YB1yL>RHOyaXN4j*9qQ;) zmp^~`q-^s5g6TZ}xoCs80;&sdN-ui(*^_svITdR5 zNEJ55?!f*Qu!|zp@4Y({U`%G1x@AQsFt=Iua%;moFsh2UsgY3}f}RGiaUyPqBBruVbUJX$khmaF~Ju5~_#HV~);`ek)~ zv8GPF-kPh$u00Z6<@;iO*O64Uo#$e2&D5v9jpc9-nwdE-P}MsZ zc)pU_(Mcq)p><3W$_uRHn1ct^ayzQ!0?(U|1itlrPO6a87`p0m0oS9MbEyJw@X{oC zF9~jg+>}$z)+DD~qa4;)hp1Zo5v8d+DBwk2DqLOyp)vlnsMez#>Gt5srQ+s5ESI+Y z5GUinvE&5Lu;ML!PBGya#dCLbt@SkIhIv&NB@1XYEkAf8f~ zg}4fbv?EVhRu|&0V?VWk<|2!H72ul=ilh@{D`fa-wcpsvXiijHu(8v7A)IQ_Namij zRLEs}d->H-k2!Wc{GzG5#boi@A3Sv zoK2Nh_pjg)0fZIR?@eIEa;2@=4=#^=Ys0#PYWjQ6z}C}rV;>f_ZieSIl1Q(%62>mF z6oQ$WzMZZ9sL>f~9Eo;(cfweK@XkDXfPE9rhL8E5{fmCe?BI;C=F*=VvPe4{t0CpW z`@+EfCHPMK5k?=V%-yOy%vQPwXo+<%5? z66&0NT;Y!(G>b>gL$L2#r>JXEXr5O=#m9nW6FzvWB%5(X&R%k7;%HW?# zp7&%sVV9W0wwfajlXQY$u(Mo80R1A|j-wgWD?L zG5&OFHtG+PX&KW4E5U zrRvSKNdaor{Cm5~Exue_Y2g-$*46b|_R}{0U2g-GitJR}%5Dz#%a}utzXZPoex3#2 zu2@#r7&6V6wf5#=GP!?GUH=!^95yurEYbh{{eCU}t3#?7g`$5SJ*SeUCd82&bqz#>60r2(f%SYQ6*$_uE(Zq3%2QO^*^XKLOWAnA}&e$vrcC8Lw2EPeLm2!L; zeAX`SP?a!;{=a_x8o(DAB7ygxL02cat2$|3Wh99K(;3VVH``|>yabuJ`=ujSp@JDU zHx$!(H{S?eJ{A>Fo*Ptu(IHT2LbTUIs2@5fw6b??hrJrwO?ZR^{%ftO_BM8_xv{Ek z_>)8{v?3i=TZwHj4$BaB8Vq9nXW_eSh0+q2A&aSZ#M#tMmSzN(j@-hHn>E7cpjjpdDC7!+|gR`%?cQ{YwBvypr^{7v7fT-jd8i`mi4TdKwDcyPK68#Sp3 zyXSaDu!+RSR1$8(A=n5Wei+5y-6yO<#m$28drk z<8p`WOpRZ$_h_nUh_JvnYj%4b4ZU68QcMOgZcAE^s1_j|?vnszv};SR!gB4Kl$E%h z3p^i``A|petjmd|_Nvidw)=VmKL5t?40D0MS1%7R6@nV`rg?>555&TxF441!*d^=y8VBNI3;wv!6m>_|8KwM|J{A|aR2wMJZsqh z9}Qyw8nR5<3tu=(5`78_jTf2yIZxU0@6mWc`tMW5 zLhl`$Q?#1B`-|BN{wtv|1YQ2iFYzBAeGwD1`+WZ(FzH4=9-h8Ee*3orI4yb)F_t)z zIEHOyl6#56zkWSXZ&aDDUw58@H92U0_k~I5XSU3fIdH7HiKz{rLo-I=I<@WHV5z>K zOb3QxIwPD>b8JEfXSd%#VQGW8aF;oB??tfm zevOb2h{haUYcg1(|DX2<`xX8FV*la%-|akW=zkjtgyG0>MUfe=xH1TFb4_9Gimz2- zr3!w_0k%1ZT;kU}n9Bw6msbp{g@BY#m)LS9?4#(cOR>(ejs0*j@Hy7G`$Kdswx(Sd zW!4m#9_E4RMN96`91=xc#uZsZcx_gF2d2NRbL6VT_12)3qc06BngW6aSvyu$f@ebj zR{~_pRv^T~p9JP79FNGSmB3u!d1xwCAi0P^KbEjq8x`jlDs7g-+O%20xG@|aRnPtC z47AlVWO|Qv$9=Q}F-a-QCxvQ}eWL2TS|=*9*4@^S$Oh&OmLXR7!Rp_d;~R?&nB_V^ z=Qv1f_vJab4Iz|%Ok!h5;(`ne*(Z_^#OK}t0pruwSsBQ9BAv^P@ydz6h01NIsJP4_ z3)IyesEws)mmF+ifuhGT)llF9rjf1c89V3iu0$d%0=Y7vO%1%2+@dS%jlI)u&4a%B zU^qA{jDqhfY#$NVu?4g*`5cwzYYFvk@_1jD?k*zUjQ3hJ_oo79LFBfAO$&VQrO)rg zk}iig*91uj|tz1ZKa=6`&#_v~T)cPr0T)_*@Lu6X@w z2X#mPfj3h&Q}CE@4pajYiUEl&c)Xtub8F z3b`B@>EEzc!eOT#;J#@mgrjtw$QyM-RO9Xa?wbpQeC-o>vJfmFLW@wfb6-RG6_~K7 zbpvE-!f7$Z{--!{R+#}e=F8cjF|Z2WS8(Pyunq98;>cMM%!b`Kt`lpF`xRX{ZBVZ1 zz;R&jx%TTFDr{s5ykuA*ZZ*o)%^p}jN zuO*vC%zuBkZn!1>A4bRQhW$T-{fbmX|7G(|Aj@+1 z#|h;3w%rqC(7vWG$ZzU~971*SuICW4^*7=WD#L1V2rYKwltHw(ah5ujDxGR~D&04S z&}$^o5Q%F2*uK6khte5#=RE4JB=c=4q{B>3-W0sz!O8ie#SNujziDT)b^Ikh7E9Km zH{ks;J_sL$d+8Rls_uV)Tg+7Oh3q=5=5Urf;}mCAx?I8K=6!ON8SP&Avt!iv+&iAH`ui-|PjVs`N6`z0w`)&K)Y$w(j z_pAEeTA*Cl_h!M~bKl#_9-1}_`X)Uz8(!zM_FmCGM7XS6UcK`2-!QkQi=dCrHH@>E&bKd4WO`Dqdm*aeu6_y72ZTpyX7giqatNNE3VO-a{ zq=DXZ-_puXjCRxQCS4deBVO0`To}3f#^bq~&FF7#G*@>K=GyRn$8lZtS?vEwnUG_S zujvF@68|;Wulj#>`-6w`f4B2o#s70+xZ)<9Kpw;08&6PyQ@cB;D04lZkk{7DIEI=D zyq0&!198nXFb$9zT}1inGB58hzm`K)+TOhtg`;Ch8{S%JL3B}bYmJVTusqq^p*N*o ztdX+q%lvxr_H}K8Y-}jSOdX4|d&N@78_2b|&>zKO^vZsOh9;`xv4Gg?IusT%=Sm}R zv+jk(J-bhihO3#+F^))#^E>XaLQKtw_Oc+0=b|~U&TN^$p}XOzl#}}c&%12Yb>9}v zYps{&>&)Wz-hYR!xq+8Zi?y4=DoVU{Qd!)CvN>H@#I)S0)L6=E$74^!Df))|rL}B| zZr|BZ9`!r(H7%b(*YiXyhv!XnhET27{I0>E)kc;F%r>u-T_W@C>X>@CH2aWt%H3J8 zo^EYpUBDZ5Re4=plVh&tv|0e@nw~3vurA-Y_HXj{21nhW?Ad>Kn?CS&08vlC+hzYqL;ui#MQ2d}H-$s-$f0e#2bc z*q_a5H=odJYPu@aC7?E}@BG%%tE;@mwe2^|F0Fl9!ZIx^kygaq=Z8h*?#6$-*#FCM zOs;v?=l3peBJ ztr2rIx2&nQnn$)Z;I0JZ0?$R5>arC;`pOB!$-i*?0dvvfqALOOs)RFBCop#*wfnH8 zvM~7^wu|65eI-(*A3;+P#m>@N^$Pg+#;!TnV4J(W)vjJ84y@`dZjJ)02MNYR_|C_* zNR_(~mlMe^x-xl6SpFpNVJ0W*kEdnfDQ1Ub>vjjA!nWbPF-l`;{rJJu-IUyumfr#;lO`X}^7#O&x#C7L)#Hf};zO@4{$$ zYy36D$HGxm7<*jzhi zE(}_1FV%p(7W9g9M-|(}<_8(IHSbHTV(%rwc-QNvZ~a-k{`cpyt9t>KtpA_w@Aa$k zU%StrKdk?6rDv`^Zlq097wT6aSB3#nZ?bp2Y<6Q8BISHKuk%#p-#Z}nrA_7?bM?VDn@Zx)#t zNz~j#d)&hcc6~8bnH!_S+&flUFfHdELFl-)Tqt-r%m=!4U1aabZ@6B1HS;#-GI!4xgX6?eqvOK zgPqDsMaEbjWt?MLI2D7S>bOBP&NYYC7#07CYpIQDy3%|0hR!}9?gvS>pi!)0;C-=N zj!Y55+6TYTU#N>l{7(Er8&*1|af7)UIZJ_XrzOy<>;W*~AActv*VS5nK{JYDc--wO zvq&wsUOrOAtrk#NAR32i6;`lDG5X#+N5C2-?#H^u+W+AMCsQ(}jN{F>vBduGKi{q1 z|GT^Y;>Cmge;dyhoFJ(*l~BBGI6zH16owf|Vx`4X6kVV(7GY-#-cN`Ck)zSJ5I$Ln0Sr$GVok2{v=!9b;d-`94ekUCMi}&=u?!{!>Q~$U>#fX5BYy?<=KK)L{c;* zP8xn7L$0irBQ=qAI*0J{-*GZ6zy9a;M9Neg^m=OA2*soqvq~ZyP8`MEId8WTUY7<48l+0Cl__Y1d)u-55OUA8?kMM5u5hxZ`GJ?afrmE^9U6B zkT*PsELC=DUP|MIQu4vII~#N^2#pUwt>DS{N0fG^SR!RTE0hhw4NE5VL4>0$NlYxH z-qCiorgLK&LGX8+Bn&<>p2UGcVrvVIspKrq^fpANqm{HVL{iRXB*p@eqq+0+seYxH z3%Hz+XaW(U$^_Exe|^wlh7* z)I&2w68+6CmMr&Mvg(kLh^1IBreZQ0VQuIN9GOLnYIX|_MYF9%+^iW%6S=;?xgV1J*LUv%>zfeHRTsQEJPp*p{}t?< z!$MRhh{q*V)Qj6jC1tTAN{uQhiybCC^_xo4gjtSC#HJ~un93ZX!mn~(W|dY{3{h%S zxj9s{KpmkJ4N0=1NHqw{m1J!7r%4)@3*7ZZX%h|jqaAs44wd@0)8KivyLR-IhLnh_ zb-$;M-Hz`mJ?2r+-9eS??AVRO(1(rLZ;*;>)Oa)*W16uKnIHSL@VOY%C z=S_H`H03PiM0-K=qIyh z=1r)sil>^%aFlT(=N8ya;7PH(Wc=c!j_#^>S_tdmxHg_BC1;q=NQAGdmkv*k9fTVk z_eqMb$)A5`ocxPXi4r(rF&t)+i3laj%!hULr}d|))kqmxho>;1FvRSh=rxpHy3C5X za4+2Z<9f7g$5We7Z#ZXsE#v9Nt)@*qYp;b?gSv+OcH@TIrkICBXJ}ab+?kSQ zFOJyOcsxbp z{-t> za~G5QH)Bu~Pe~x{!g`3J3ryqlh9Q8z*>ER7PB1OYgRKRaD#0{+HEP;tMvMa)JJ3f75<<=F=WRqKm4X{3?tc@aMwrVV%?{!z z{yoD&7IsyQsQEfT)#}=fM?jP^X^;9SIeGuX83;0_wj3FeNKeyxXAVoZZRh0Gubzv) z_p-$-bDqVbV1o*~6{2ce;0H9s$xW>m+M2$?md0jht!0}PiKdD>commDR^E1mD*&d# zS~OVf_OTe~peQp&N?n*=AelCt8HID>w+}^%qfp=kN0RY!Ew!dN7qh5b=6sPuM_a0^ znTMO=jH_>RZHhCN@q~%GFp9eYcSUBU9;g?*oS%zSqjm1ofhzHChB+s38PqbKD93%2 zy_82B8-vH~g{fk5_&r038n_rxnrhq@x=~ldK>wSf2$%L74wHmk+9Q@GE;cV`(@HYa z=@>6yl=W!fqvFw^t?z(hZS9#!R!Ed2S_MBA9RR(ztXQt8P`<(S)tZkl4JNSO*NfirtEvxe6#n9|ai&x)Rd|CnRn3!O zm7kiw&a#m{&m2tW`A^>$qMc!HO7;J_z2yK3n~kHvEw%~ntC8;l&-0C(oP74U#RXnt zgYH`7%d-jVW8qD ze9e(q-_qmeVaYfe0yzig4!v@;5QgCak%rqe} zjc~J~^a?a=shkvF|GB;8m2KHp(H!(XHEC%#Wy{@Tt8GK();%_?d_I(Ek|))pG3JI9 z)i04Bk=BPr@+^>_^Uco}gP5=^iNT;?67{%dp5}{+5y!u0 zn95}CDo3S7$N8gkHEXKXh~?U!Bw6k)y4l^LjWPNP?u8pa0l5#__6IO3_4{Bpso8bvi zM!T-G-;KIaeSznLa_6)u-PAp+wLTPQ|F00@fA`^P_jqo$Y zB`G=l&F2-8%-kf?mF%*Wl0${`I;m*R?QHhcZvCoteV#I+yq-U%5Fw#`ZSx|!@u_$8 z&;%oni4kTc7%%u+L6y5w?1SepFCi zzpCVSzxuG&tuu>fw~)F8sZP%e*~ud*oB$b@nO-Xmv5B2m_-Gd#kv2j|0HZd;(wt?6 z0GYsGv9PNqw*zR%bVK@R+4z+*Nr~L2yyp1no0K;-dX3|!vqIhR=qViT(bzRzxO%?! z*m+m(Ze#%KW9QuwdA9@TUH5V;qqt=JDt9PcQTDtWGp;p$^>H)#&+m4~yzI-jBXcW^ zTZDu_H0G!@cI%GYk%O`!y;&c>9M3x*!yJ#>8pmaG9;0J+eVau=dHrewk_U?h(IR`- zQ=h@&b|*jWius5*C3L*p53_>L7d+ABdxg;VWVfqYE2LOLU(=@>c5bIhYVV#bbiD^kwr+G=u z$i>MiAF|EZ)T3iUKXp11jhBHna3mW0U}5bT zu}5=22K-50F~2oIJG37kCYNX~9s?N_cqp1Z)`x`Tq*lm~CO zIrNF3=-BDlJ#oF=y^J^iHete~?ky0M@PQ@S6qh&7pThCT@m|mko`T=ZTb;Em2y9xb zm)-i*=RT>UM*Dde} zTOq&}XbNbgxAabv*KE$Sk}hm`3^K|6jj$N}Z0=r08)NhBjd}rn7^Nvm{+= z$&X-KKBE*q7^zwQNa>? zovTLr{oB24q(8XAbt5a@H?s7KxoclMqQ~ZVq%_iq@kq^_Oyv7LX1X&OG?dQLnKCdo zsthHVOHmp&n^)DI*8pYz!gOx$570^1D?{}%2%c7``7#JJ&p)mdT`{YBwSh-Y)PGeV zDw*Efv(fu6M71F^Y?vAsW}N`(LYJxTlljIz>-61bUhT$BBOioOtUERGsM|%&D8d;OLS$Dq-bGHuDBnAdXlle{vKmQ$b zyg2E#OLnbT0Hwrs$^?_`=yh*|sN$&@rc6_*SnV1|kfQFnpRUYA?RC2FlcIvLgKT!; z^BPXGy|9GV2>ssMvZcEkxvu5%CD^D2-#NPFhGv z&PIm0j;*V~TFx$0Q>Cm4(({f&=<_3n5nPsPD>qLyJQIFPA4?c1#f9h`h!7bTt2b$E zbSp)cPep_&;)LZXP4j#JNR(^G3=7q~Q&>(K5uK}XEYK)=VdCV=vgUWq$c#c;EW*1? z3_Fu>Ji^?msh`O6_v@65%@Fst@}J#I;BJHj7CTl- z>?b-lgXj7n8O-(+v-~9RC`%wA^gsla@}$mWv^yvAquUFh$V>I|xs~?GF1ol&~^Oug|mnoWS*2{Fv5fMhB z@uvuwR6d-A=1VxX7UhneqGDI57knwRZ zF{MQBhvTC+Z_nOzch$806HTxX#RNH=o4GME$=J~)DD5%k*l2Y^;gS=nZyOP8Brg%i zotOy8$uN^80y(UR0Kb4z#uS3XGdMmA;ML*T@!8YP$K&^ZfA`aS_;`4FdieJJ@tZSv zcM3=E-o8G5fBf$48NB-|9KQVre1H7*^;5vaIPyNFI-dmNK&E;+4?AZzIgD#O_ugw) zEQugNbey3vhB2FAvq_L*J|)6Tkch^egiMLcPf_bm_zhh=^6)%756_)H|33f#|NrB> J+Z+IZ0RY0N)YJd~ literal 0 HcmV?d00001 diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/.helmignore b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/Chart.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/Chart.yaml new file mode 100644 index 0000000..2c93878 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.13.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 1.13.0 diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/README.md b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/README.md new file mode 100644 index 0000000..c090f74 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/README.md @@ -0,0 +1,347 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 1.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|--------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_affinities.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..189ea40 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_capabilities.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..4ec8321 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_capabilities.tpl @@ -0,0 +1,139 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_errors.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_images.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_images.tpl new file mode 100644 index 0000000..42ffbc7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_ingress.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..8caf73a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_labels.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_names.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_names.tpl new file mode 100644 index 0000000..c8574d1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_names.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_secrets.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..a53fb44 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_secrets.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_storage.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_tplvalues.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_utils.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_warnings.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_cassandra.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..ded1ae3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_mariadb.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..b6906ff --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_mongodb.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..a071ea4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_postgresql.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..164ec0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_redis.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..5d72959 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_validations.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/values.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/values.yaml new file mode 100644 index 0000000..f2df68e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/ci/default-values.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/ci/default-values.yaml new file mode 100644 index 0000000..fc2ba60 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/ci/tolerations-values.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/ci/tolerations-values.yaml new file mode 100644 index 0000000..de92d88 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/ci/tolerations-values.yaml @@ -0,0 +1,4 @@ +tolerations: + - key: foo + operator: "Equal" + value: bar diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/override-values.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/override-values.yaml new file mode 100644 index 0000000..9c30390 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/override-values.yaml @@ -0,0 +1,31 @@ +auth: + username: root + password: "root" +extraPlugins: "rabbitmq_auth_backend_ldap rabbitmq_stomp rabbitmq_web_stomp" +extraContainerPorts: + - name: stomp-ws + containerPort: 15674 + - name: stomp-tcp + containerPort: 61613 +#nodeSelector: {"datasaker/group": "data"} +tolerations: +- key: "dev/data-kafka" + operator: "Exists" +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka +service: + type: NodePort + extraPorts: + - name: stomp-ws + port: 15674 + targetPort: stomp-ws + - name: stomp-tcp + port: 61613 + targetPort: stomp-tcp diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/NOTES.txt b/packer/ansible/roles/helm_install/files/rabbitmq/templates/NOTES.txt new file mode 100644 index 0000000..01fc6fc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/NOTES.txt @@ -0,0 +1,172 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- $servicePort := or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) | ternary .Values.service.port .Values.service.tlsPort -}} +{{- $serviceNodePort := or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) | ternary .Values.service.nodePort .Values.service.tlsNodePort -}} +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/rabbitmq/entrypoint.sh /opt/bitnami/scripts/rabbitmq/run.sh + +{{- else }} + +Credentials: + +{{- if not .Values.loadDefinition.enabled }} + echo "Username : {{ .Values.auth.username }}" + echo "Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretPasswordName" . }} -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)" +{{- end }} + echo "ErLang Cookie : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretErlangName" . }} -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode)" + +Note that the credentials are saved in persistent volume claims and will not be changed upon upgrade or reinstallation unless the persistent volume claim has been deleted. If this is not the first installation of this chart, the credentials may not be valid. +This is applicable when no passwords are set and therefore the random password is autogenerated. In case of using a fixed password, you should specify it when upgrading. +More information about the credentials may be found at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases. + +RabbitMQ can be accessed within the cluster on port {{ $serviceNodePort }} at {{ include "rabbitmq.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clustering.k8s_domain }} + +To access for outside the cluster, perform the following steps: + +{{- if .Values.ingress.enabled }} +{{- if contains "NodePort" .Values.service.type }} + +To Access the RabbitMQ AMQP port: + +1. Obtain the NodePort IP and ports: + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "rabbitmq.fullname" . }}) + echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/" + +{{- else if contains "LoadBalancer" .Values.service.type }} + +To Access the RabbitMQ AMQP port: + +1. Obtain the LoadBalancer IP: + +NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "rabbitmq.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rabbitmq.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/" + +{{- else if contains "ClusterIP" .Values.service.type }} + +To Access the RabbitMQ AMQP port: + +1. Create a port-forward to the AMQP port: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ $servicePort }}:{{ $servicePort }} & + echo "URL : amqp://127.0.0.1:{{ $servicePort }}/" + +{{- end }} + +2. Access RabbitMQ using using the obtained URL. + +To Access the RabbitMQ Management interface: + +1. Get the RabbitMQ Management URL and associate its hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "RabbitMQ Management: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" + echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts + +2. Open a browser and access RabbitMQ Management using the obtained URL. + +{{- else }} +{{- if contains "NodePort" .Values.service.type }} + +Obtain the NodePort IP and ports: + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "rabbitmq.fullname" . }}) + export NODE_PORT_STATS=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[3].nodePort}" services {{ include "rabbitmq.fullname" . }}) + +To Access the RabbitMQ AMQP port: + + echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/" + +To Access the RabbitMQ Management interface: + + echo "URL : http://$NODE_IP:$NODE_PORT_STATS/" + +{{- else if contains "LoadBalancer" .Values.service.type }} + +Obtain the LoadBalancer IP: + +NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "rabbitmq.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rabbitmq.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + +To Access the RabbitMQ AMQP port: + + echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/" + +To Access the RabbitMQ Management interface: + + echo "URL : http://$SERVICE_IP:{{ .Values.service.managerPort }}/" + +{{- else if contains "ClusterIP" .Values.service.type }} + +To Access the RabbitMQ AMQP port: + + echo "URL : amqp://127.0.0.1:{{ $servicePort }}/" + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ $servicePort }}:{{ $servicePort }} + +To Access the RabbitMQ Management interface: + + echo "URL : http://127.0.0.1:{{ .Values.service.managerPort }}/" + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ .Values.service.managerPort }}:{{ .Values.service.managerPort }} + +{{- end }} +{{- end }} + +{{- if .Values.metrics.enabled }} + +To access the RabbitMQ Prometheus metrics, get the RabbitMQ Prometheus URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ .Values.service.metricsPort }}:{{ .Values.service.metricsPort }} & + echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.service.metricsPort }}/metrics" + +Then, open the obtained URL in a browser. + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "rabbitmq.validateValues" . -}} + +{{- $requiredPassword := list -}} +{{- $secretNameRabbitmq := include "rabbitmq.secretPasswordName" . -}} + +{{- if and (not .Values.auth.existingPasswordSecret) (not .Values.loadDefinition.enabled) -}} + {{- $requiredRabbitmqPassword := dict "valueKey" "auth.password" "secret" $secretNameRabbitmq "field" "rabbitmq-password" -}} + {{- $requiredPassword = append $requiredPassword $requiredRabbitmqPassword -}} +{{- end -}} + +{{- if not .Values.auth.existingErlangSecret -}} + {{- $requiredErlangPassword := dict "valueKey" "auth.erlangCookie" "secret" $secretNameRabbitmq "field" "rabbitmq-erlang-cookie" -}} + {{- $requiredPassword = append $requiredPassword $requiredErlangPassword -}} +{{- end -}} + +{{- $requiredRabbitmqPasswordErrors := include "common.validations.values.multiple.empty" (dict "required" $requiredPassword "context" $) -}} + +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredRabbitmqPasswordErrors) "context" $) -}} + +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/rabbitmq/templates/_helpers.tpl new file mode 100644 index 0000000..c32ecb7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/_helpers.tpl @@ -0,0 +1,247 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "rabbitmq.name" -}} +{{- include "common.names.name" . -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "rabbitmq.fullname" -}} +{{- include "common.names.fullname" . -}} +{{- end -}} + +{{/* +Return the proper RabbitMQ image name +*/}} +{{- define "rabbitmq.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "rabbitmq.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "rabbitmq.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "rabbitmq.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "rabbitmq.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "rabbitmq.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "rabbitmq.secretPasswordName" -}} + {{- if .Values.auth.existingPasswordSecret -}} + {{- printf "%s" (tpl .Values.auth.existingPasswordSecret $) -}} + {{- else -}} + {{- printf "%s" (include "rabbitmq.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Get the erlang secret. +*/}} +{{- define "rabbitmq.secretErlangName" -}} + {{- if .Values.auth.existingErlangSecret -}} + {{- printf "%s" (tpl .Values.auth.existingErlangSecret $) -}} + {{- else -}} + {{- printf "%s" (include "rabbitmq.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Get the TLS secret. +*/}} +{{- define "rabbitmq.tlsSecretName" -}} + {{- if .Values.auth.tls.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.tls.existingSecret $) -}} + {{- else -}} + {{- printf "%s-certs" (include "rabbitmq.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "rabbitmq.createTlsSecret" -}} +{{- if and .Values.auth.tls.enabled (not .Values.auth.tls.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper RabbitMQ plugin list +*/}} +{{- define "rabbitmq.plugins" -}} +{{- $plugins := .Values.plugins -}} +{{- if .Values.extraPlugins -}} +{{- $plugins = printf "%s %s" $plugins .Values.extraPlugins -}} +{{- end -}} +{{- if .Values.metrics.enabled -}} +{{- $plugins = printf "%s %s" $plugins .Values.metrics.plugins -}} +{{- end -}} +{{- printf "%s" $plugins | replace " " ", " -}} +{{- end -}} + +{{/* +Return the number of bytes given a value +following a base 2 o base 10 number system. +Usage: +{{ include "rabbitmq.toBytes" .Values.path.to.the.Value }} +*/}} +{{- define "rabbitmq.toBytes" -}} +{{- $value := int (regexReplaceAll "([0-9]+).*" . "${1}") }} +{{- $unit := regexReplaceAll "[0-9]+(.*)" . "${1}" }} +{{- if eq $unit "Ki" }} + {{- mul $value 1024 }} +{{- else if eq $unit "Mi" }} + {{- mul $value 1024 1024 }} +{{- else if eq $unit "Gi" }} + {{- mul $value 1024 1024 1024 }} +{{- else if eq $unit "Ti" }} + {{- mul $value 1024 1024 1024 1024 }} +{{- else if eq $unit "Pi" }} + {{- mul $value 1024 1024 1024 1024 1024 }} +{{- else if eq $unit "Ei" }} + {{- mul $value 1024 1024 1024 1024 1024 1024 }} +{{- else if eq $unit "K" }} + {{- mul $value 1000 }} +{{- else if eq $unit "M" }} + {{- mul $value 1000 1000 }} +{{- else if eq $unit "G" }} + {{- mul $value 1000 1000 1000 }} +{{- else if eq $unit "T" }} + {{- mul $value 1000 1000 1000 1000 }} +{{- else if eq $unit "P" }} + {{- mul $value 1000 1000 1000 1000 1000 }} +{{- else if eq $unit "E" }} + {{- mul $value 1000 1000 1000 1000 1000 1000 }} +{{- end }} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "rabbitmq.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "rabbitmq.validateValues.ldap" .) -}} +{{- $messages := append $messages (include "rabbitmq.validateValues.memoryHighWatermark" .) -}} +{{- $messages := append $messages (include "rabbitmq.validateValues.ingress.tls" .) -}} +{{- $messages := append $messages (include "rabbitmq.validateValues.auth.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of rabbitmq - LDAP support +*/}} +{{- define "rabbitmq.validateValues.ldap" -}} +{{- if .Values.ldap.enabled }} +{{- $serversListLength := len .Values.ldap.servers }} +{{- if or (not (gt $serversListLength 0)) (not (and .Values.ldap.port .Values.ldap.user_dn_pattern)) }} +rabbitmq: LDAP + Invalid LDAP configuration. When enabling LDAP support, the parameters "ldap.servers", + "ldap.port", and "ldap. user_dn_pattern" are mandatory. Please provide them: + + $ helm install {{ .Release.Name }} bitnami/rabbitmq \ + --set ldap.enabled=true \ + --set ldap.servers[0]="lmy-ldap-server" \ + --set ldap.port="389" \ + --set user_dn_pattern="cn=${username},dc=example,dc=org" +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of rabbitmq - Memory high watermark +*/}} +{{- define "rabbitmq.validateValues.memoryHighWatermark" -}} +{{- if and (not (eq .Values.memoryHighWatermark.type "absolute")) (not (eq .Values.memoryHighWatermark.type "relative")) }} +rabbitmq: memoryHighWatermark.type + Invalid Memory high watermark type. Valid values are "absolute" and + "relative". Please set a valid mode (--set memoryHighWatermark.type="xxxx") +{{- else if and .Values.memoryHighWatermark.enabled (not .Values.resources.limits.memory) (eq .Values.memoryHighWatermark.type "relative") }} +rabbitmq: memoryHighWatermark + You enabled configuring memory high watermark using a relative limit. However, + no memory limits were defined at POD level. Define your POD limits as shown below: + + $ helm install {{ .Release.Name }} bitnami/rabbitmq \ + --set memoryHighWatermark.enabled=true \ + --set memoryHighWatermark.type="relative" \ + --set memoryHighWatermark.value="0.4" \ + --set resources.limits.memory="2Gi" + + Altenatively, user an absolute value for the memory memory high watermark : + + $ helm install {{ .Release.Name }} bitnami/rabbitmq \ + --set memoryHighWatermark.enabled=true \ + --set memoryHighWatermark.type="absolute" \ + --set memoryHighWatermark.value="512MB" +{{- end -}} +{{- end -}} + +{{/* +Validate values of rabbitmq - TLS configuration for Ingress +*/}} +{{- define "rabbitmq.validateValues.ingress.tls" -}} +{{- if and .Values.ingress.enabled .Values.ingress.tls (not (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations ))) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }} +rabbitmq: ingress.tls + You enabled the TLS configuration for the default ingress hostname but + you did not enable any of the available mechanisms to create the TLS secret + to be used by the Ingress Controller. + Please use any of these alternatives: + - Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates. + - Relay on cert-manager to create it by setting the corresponding annotations + - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` +{{- end -}} +{{- end -}} + +{{/* +Validate values of RabbitMQ - Auth TLS enabled +*/}} +{{- define "rabbitmq.validateValues.auth.tls" -}} +{{- if and .Values.auth.tls.enabled (not .Values.auth.tls.autoGenerated) (not .Values.auth.tls.existingSecret) (not .Values.auth.tls.caCertificate) (not .Values.auth.tls.serverCertificate) (not .Values.auth.tls.serverKey) }} +rabbitmq: auth.tls + You enabled TLS for RabbitMQ but you did not enable any of the available mechanisms to create the TLS secret. + Please use any of these alternatives: + - Provide an existing secret containing the TLS certificates using `auth.tls.existingSecret` + - Provide the plain text certificates using `auth.tls.caCertificate`, `auth.tls.serverCertificate` and `auth.tls.serverKey`. + - Enable auto-generated certificates using `auth.tls.autoGenerated`. +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/configuration.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/configuration.yaml new file mode 100644 index 0000000..1888d83 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/configuration.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "rabbitmq.fullname" . }}-config + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + rabbitmq.conf: |- + {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} + {{- if .Values.advancedConfiguration }} + advanced.config: |- + {{- include "common.tplvalues.render" (dict "value" .Values.advancedConfiguration "context" $) | nindent 4 }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/extra-list.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/ingress.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/ingress.yaml new file mode 100644 index 0000000..09ba870 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/ingress.yaml @@ -0,0 +1,60 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "rabbitmq.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.hostname "context" $ ) }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.service.managerPortName "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ include "common.tplvalues.render" ( dict "value" .name "context" $ ) }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" .Values.service.managerPortName "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/networkpolicy.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/networkpolicy.yaml new file mode 100644 index 0000000..158aeaa --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/networkpolicy.yaml @@ -0,0 +1,37 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ include "rabbitmq.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: 4369 # EPMD + - port: {{ .Values.service.port }} + - port: {{ .Values.service.tlsPort }} + - port: {{ .Values.service.distPort }} + - port: {{ .Values.service.managerPort }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "rabbitmq.fullname" . }}-client: "true" + - podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 14 }} + {{- if .Values.networkPolicy.additionalRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.additionalRules "context" $) | nindent 8 }} + {{- end }} + {{- end }} + # Allow prometheus scrapes + - ports: + - port: {{ .Values.service.metricsPort }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/pdb.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/pdb.yaml new file mode 100644 index 0000000..84c69b3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "rabbitmq.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/prometheusrule.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/prometheusrule.yaml new file mode 100644 index 0000000..a1ba629 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/prometheusrule.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "rabbitmq.fullname" . }} + {{- if .Values.metrics.prometheusRule.namespace }} + namespace: {{ .Values.metrics.prometheusRule.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + {{- with .Values.metrics.prometheusRule.rules }} + - name: {{ template "rabbitmq.name" $ }} + rules: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/role.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/role.yaml new file mode 100644 index 0000000..9bd029e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/role.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "rabbitmq.fullname" . }}-endpoint-reader + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/rolebinding.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/rolebinding.yaml new file mode 100644 index 0000000..74f82f0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "rabbitmq.fullname" . }}-endpoint-reader + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "rabbitmq.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "rabbitmq.fullname" . }}-endpoint-reader +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/secrets.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/secrets.yaml new file mode 100644 index 0000000..3e810cc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/secrets.yaml @@ -0,0 +1,46 @@ +{{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "rabbitmq.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if not .Values.auth.existingPasswordSecret }} + {{- if .Values.auth.password }} + rabbitmq-password: {{ .Values.auth.password | b64enc | quote }} + {{- else }} + rabbitmq-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} + {{- end }} + {{- if not .Values.auth.existingErlangSecret }} + {{- if .Values.auth.erlangCookie }} + rabbitmq-erlang-cookie: {{ .Values.auth.erlangCookie | b64enc | quote }} + {{- else }} + rabbitmq-erlang-cookie: {{ randAlphaNum 32 | b64enc | quote }} + {{- end }} + {{- end }} +{{- end }} +{{- $extraSecretsPrependReleaseName := .Values.extraSecretsPrependReleaseName }} +{{- range $key, $value := .Values.extraSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + {{- if $extraSecretsPrependReleaseName }} + name: {{ $.Release.Name }}-{{ $key }} + {{- else }} + name: {{ $key }} + {{- end }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +stringData: {{- include "common.tplvalues.render" (dict "value" $value "context" $) | nindent 2 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/serviceaccount.yaml new file mode 100644 index 0000000..339bc2e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "rabbitmq.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +secrets: + - name: {{ include "rabbitmq.fullname" . }} +{{- end }} + diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/servicemonitor.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/servicemonitor.yaml new file mode 100644 index 0000000..3d7e9b8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/servicemonitor.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "rabbitmq.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- else if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.path }} + path: {{ .Values.metrics.serviceMonitor.path }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + {{- with .Values.metrics.serviceMonitor.podTargetLabels }} + podTargetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.targetLabels }} + targetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/statefulset.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/statefulset.yaml new file mode 100644 index 0000000..435bfcf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/statefulset.yaml @@ -0,0 +1,375 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "rabbitmq.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.statefulsetLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.statefulsetLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "rabbitmq.fullname" . }}-headless + podManagementPolicy: {{ .Values.podManagementPolicy }} + replicas: {{ .Values.replicaCount }} + updateStrategy: + type: {{ .Values.updateStrategyType }} + {{- if (eq "OnDelete" .Values.updateStrategyType) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + checksum/config: {{ include (print $.Template.BasePath "/configuration.yaml") . | sha256sum }} + {{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) .Values.extraSecrets }} + checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- end }} + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "rabbitmq.podAnnotations" . | nindent 8 }} + {{- end }} + spec: + {{- include "rabbitmq.imagePullSecrets" . | nindent 6 }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "rabbitmq.serviceAccountName" . }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" .) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- if or (.Values.initContainers) (and .Values.volumePermissions.enabled .Values.persistence.enabled .Values.podSecurityContext) }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled .Values.podSecurityContext }} + - name: volume-permissions + image: {{ include "rabbitmq.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p "{{ .Values.persistence.mountPath }}" + chown -R "{{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "{{ .Values.persistence.mountPath }}" + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: rabbitmq + image: {{ template "rabbitmq.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext }} + securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: "{{ template "rabbitmq.fullname" . }}-headless" + - name: K8S_ADDRESS_TYPE + value: {{ .Values.clustering.addressType }} + - name: RABBITMQ_FORCE_BOOT + value: {{ ternary "yes" "no" .Values.clustering.forceBoot | quote }} + {{- if (eq "hostname" .Values.clustering.addressType) }} + - name: RABBITMQ_NODE_NAME + value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + - name: K8S_HOSTNAME_SUFFIX + value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- else }} + - name: RABBITMQ_NODE_NAME + value: "rabbit@$(MY_POD_NAME)" + {{- end }} + - name: RABBITMQ_MNESIA_DIR + value: "{{ .Values.persistence.mountPath }}/$(RABBITMQ_NODE_NAME)" + - name: RABBITMQ_LDAP_ENABLE + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: RABBITMQ_LDAP_TLS + value: {{ ternary "yes" "no" .Values.ldap.tls.enabled | quote }} + - name: RABBITMQ_LDAP_SERVERS + value: {{ .Values.ldap.servers | join "," | quote }} + - name: RABBITMQ_LDAP_SERVERS_PORT + value: {{ .Values.ldap.port | quote }} + - name: RABBITMQ_LDAP_USER_DN_PATTERN + value: {{ .Values.ldap.user_dn_pattern }} + {{- end }} + - name: RABBITMQ_LOGS + value: {{ .Values.logs | quote }} + - name: RABBITMQ_ULIMIT_NOFILES + value: {{ .Values.ulimitNofiles | quote }} + {{- if and .Values.maxAvailableSchedulers }} + - name: RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS + value: {{ printf "+S %s:%s" (toString .Values.maxAvailableSchedulers) (toString .Values.onlineSchedulers) -}} + {{- end }} + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: RABBITMQ_ERL_COOKIE + valueFrom: + secretKeyRef: + name: {{ template "rabbitmq.secretErlangName" . }} + key: rabbitmq-erlang-cookie + {{- if and .Values.clustering.rebalance (gt (.Values.replicaCount | int) 1) }} + - name: RABBITMQ_CLUSTER_REBALANCE + value: "true" + {{- end }} + - name: RABBITMQ_LOAD_DEFINITIONS + value: {{ ternary "yes" "no" .Values.loadDefinition.enabled | quote }} + - name: RABBITMQ_DEFINITIONS_FILE + value: {{ .Values.loadDefinition.file | quote }} + - name: RABBITMQ_SECURE_PASSWORD + value: "yes" + - name: RABBITMQ_USERNAME + value: {{ .Values.auth.username | quote }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "rabbitmq.secretPasswordName" . }} + key: rabbitmq-password + - name: RABBITMQ_PLUGINS + value: {{ include "rabbitmq.plugins" . | quote }} + {{- if .Values.communityPlugins }} + - name: RABBITMQ_COMMUNITY_PLUGINS + value: {{ .Values.communityPlugins | quote }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . | quote }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ tpl .Values.extraEnvVarsSecret . | quote }} + {{- end }} + {{- end }} + ports: + {{- if or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) }} + - name: amqp + containerPort: 5672 + {{- end }} + {{- if .Values.auth.tls.enabled }} + - name: amqp-ssl + containerPort: {{ .Values.service.tlsPort }} + {{- end }} + - name: dist + containerPort: 25672 + - name: stats + containerPort: 15672 + - name: epmd + containerPort: 4369 + {{- if .Values.metrics.enabled }} + - name: metrics + containerPort: 9419 + {{- end }} + {{- if .Values.extraContainerPorts }} + {{- toYaml .Values.extraContainerPorts | nindent 12 }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/bash + - -ec + - rabbitmq-diagnostics -q ping + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/bash + - -ec + - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -ec + - | + if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then + /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t {{ .Values.terminationGracePeriodSeconds | quote }} -d {{ ternary "true" "false" .Values.image.debug | quote }} + else + rabbitmqctl stop_app + fi + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: configuration + mountPath: /bitnami/rabbitmq/conf + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.auth.tls.enabled }} + - name: certs + mountPath: /opt/bitnami/rabbitmq/certs + {{- end }} + {{- if .Values.loadDefinition.enabled }} + - name: load-definition-volume + mountPath: /app + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.persistence.volumes }} + {{- toYaml .Values.persistence.volumes | nindent 8 }} + {{- end }} + {{- if .Values.auth.tls.enabled }} + - name: certs + secret: + secretName: {{ template "rabbitmq.tlsSecretName" . }} + items: + - key: {{ ternary "tls.crt" "ca.crt" .Values.auth.tls.existingSecretFullChain }} + path: ca_certificate.pem + - key: tls.crt + path: server_certificate.pem + - key: tls.key + path: server_key.pem + {{- end }} + - name: configuration + configMap: + name: {{ template "rabbitmq.fullname" . }}-config + items: + - key: rabbitmq.conf + path: rabbitmq.conf + {{- if .Values.advancedConfiguration }} + - key: advanced.config + path: advanced.config + {{- end }} + {{- if .Values.loadDefinition.enabled }} + - name: load-definition-volume + secret: + secretName: {{ tpl .Values.loadDefinition.existingSecret . | quote }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- if not (contains "data" (quote .Values.persistence.volumes)) }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + {{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + labels: {{- include "common.labels.matchLabels" . | nindent 10 }} + {{- if .Values.persistence.annotations }} + annotations: + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- end }} + {{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/svc-headless.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/svc-headless.yaml new file mode 100644 index 0000000..5168b41 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/svc-headless.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "rabbitmq.fullname" . }}-headless + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if or (.Values.service.annotationsHeadless) (.Values.commonAnnotations) }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end -}} + {{- if .Values.service.annotationsHeadless }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotationsHeadless "context" $) | nindent 4 }} + {{- end -}} + {{- end }} +spec: + clusterIP: None + ports: + - name: {{ .Values.service.epmdPortName }} + port: 4369 + targetPort: epmd + {{- if or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) }} + - name: amqp + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.portName }} + {{- end }} + {{- if .Values.auth.tls.enabled }} + - name: {{ .Values.service.tlsPortName }} + port: {{ .Values.service.tlsPort }} + targetPort: amqp-tls + {{- end }} + - name: {{ .Values.service.distPortName }} + port: {{ .Values.service.distPort }} + targetPort: dist + {{- if .Values.service.managerPortEnabled }} + - name: {{ .Values.service.managerPortName }} + port: {{ .Values.service.managerPort }} + targetPort: stats + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} + publishNotReadyAddresses: true diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/svc.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/svc.yaml new file mode 100644 index 0000000..381ddf0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/svc.yaml @@ -0,0 +1,99 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "rabbitmq.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.service.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.labels "context" $) | nindent 4 }} + {{- end }} + {{- if or (.Values.service.annotations) (.Values.commonAnnotations) }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end -}} + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end -}} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if eq .Values.service.type "LoadBalancer" }} + {{- if not (empty .Values.service.loadBalancerIP) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + ports: + {{- if or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) }} + - name: {{ .Values.service.portName }} + port: {{ .Values.service.port }} + targetPort: amqp + {{- if (eq .Values.service.type "ClusterIP") }} + nodePort: null + {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- end }} + {{- if .Values.auth.tls.enabled }} + - name: {{ .Values.service.tlsPortName }} + port: {{ .Values.service.tlsPort }} + targetPort: amqp-ssl + {{- if (eq .Values.service.type "ClusterIP") }} + nodePort: null + {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.tlsNodePort)) }} + nodePort: {{ .Values.service.tlsNodePort }} + {{- end }} + {{- end }} + {{- if .Values.service.epmdPortEnabled }} + - name: {{ .Values.service.epmdPortName }} + port: 4369 + targetPort: epmd + {{- if (eq .Values.service.type "ClusterIP") }} + nodePort: null + {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.epmdNodePort)) }} + nodePort: {{ .Values.service.epmdNodePort }} + {{- end }} + {{- end }} + {{- if .Values.service.distPortEnabled }} + - name: {{ .Values.service.distPortName }} + port: {{ .Values.service.distPort }} + targetPort: dist + {{- if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.distNodePort)) }} + nodePort: {{ .Values.service.distNodePort }} + {{- end }} + {{- end }} + {{- if .Values.service.managerPortEnabled }} + - name: {{ .Values.service.managerPortName }} + port: {{ .Values.service.managerPort }} + targetPort: stats + {{- if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.managerNodePort)) }} + nodePort: {{ .Values.service.managerNodePort }} + {{- end }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: {{ .Values.service.metricsPortName }} + port: {{ .Values.service.metricsPort }} + targetPort: metrics + {{- if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.metricsNodePort)) }} + nodePort: {{ .Values.service.metricsNodePort }} + {{- end }} + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/templates/tls-secrets.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/templates/tls-secrets.yaml new file mode 100644 index 0000000..08c8a54 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/templates/tls-secrets.yaml @@ -0,0 +1,74 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "rabbitmq-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +--- +{{- end }} +{{- end }} +{{- if (include "rabbitmq.createTlsSecret" . ) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "rabbitmq.fullname" . }}-certs + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + {{- if or (not .Values.auth.tls.autoGenerated ) (and .Values.auth.tls.caCertificate .Values.auth.tls.serverCertificate .Values.auth.tls.serverKey) }} + ca.crt: {{ required "A valid .Values.auth.tls.caCertificate entry required!" .Values.auth.tls.caCertificate | b64enc | quote }} + tls.crt: {{ required "A valid .Values.auth.tls.serverCertificate entry required!" .Values.auth.tls.serverCertificate| b64enc | quote }} + tls.key: {{ required "A valid .Values.auth.tls.serverKey entry required!" .Values.auth.tls.serverKey | b64enc | quote }} + {{- else }} + {{- $ca := genCA "rabbitmq-internal-ca" 365 }} + {{- $fullname := include "rabbitmq.fullname" . }} + {{- $releaseNamespace := .Release.Namespace }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $serviceName := include "rabbitmq.fullname" . }} + {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }} + {{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} + ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ $crt.Cert | b64enc | quote }} + tls.key: {{ $crt.Key | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/values.schema.json b/packer/ansible/roles/helm_install/files/rabbitmq/values.schema.json new file mode 100644 index 0000000..8ef33ef --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/values.schema.json @@ -0,0 +1,100 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "auth": { + "type": "object", + "properties": { + "username": { + "type": "string", + "title": "RabbitMQ user", + "form": true + }, + "password": { + "type": "string", + "title": "RabbitMQ password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set" + } + } + }, + "extraConfiguration": { + "type": "string", + "title": "Extra RabbitMQ Configuration", + "form": true, + "render": "textArea", + "description": "Extra configuration to be appended to RabbitMQ Configuration" + }, + "replicaCount": { + "type": "integer", + "form": true, + "title": "Number of replicas", + "description": "Number of replicas to deploy" + }, + "persistence": { + "type": "object", + "title": "Persistence configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Prometheus metrics for RabbitMQ", + "description": "Install Prometheus plugin in the RabbitMQ container", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/packer/ansible/roles/helm_install/files/rabbitmq/values.yaml b/packer/ansible/roles/helm_install/files/rabbitmq/values.yaml new file mode 100644 index 0000000..8144a1b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/rabbitmq/values.yaml @@ -0,0 +1,1215 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section RabbitMQ Image parameters +## Bitnami RabbitMQ image version +## ref: https://hub.docker.com/r/bitnami/rabbitmq/tags/ +## @param image.registry RabbitMQ image registry +## @param image.repository RabbitMQ image repository +## @param image.tag RabbitMQ image tag (immutable tags are recommended) +## @param image.pullPolicy RabbitMQ image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs +## +image: + registry: docker.io + repository: bitnami/rabbitmq + tag: 3.9.15-debian-10-r0 + + ## set to true if you would like to see extra information on logs + ## It turns BASH and/or NAMI debugging in the image + ## + debug: false + + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + +## @section Common parameters +## + +## @param nameOverride String to partially override rabbitmq.fullname template (will maintain the release name) +## +nameOverride: "" + +## @param fullnameOverride String to fully override rabbitmq.fullname template +## +fullnameOverride: "" + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" + +## @param clusterDomain Kubernetes Cluster Domain +## +clusterDomain: cluster.local + +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @param hostAliases Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## RabbitMQ Authentication parameters +## +auth: + ## @param auth.username RabbitMQ application username + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + username: user + + ## @param auth.password RabbitMQ application password + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + password: "" + ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (must contain a value for `rabbitmq-password` key) + ## e.g: + ## existingPasswordSecret: name-of-existing-secret + ## + existingPasswordSecret: "" + + ## @param auth.erlangCookie Erlang cookie to determine whether different nodes are allowed to communicate with each other + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + erlangCookie: "" + ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key) + ## e.g: + ## existingErlangSecret: name-of-existing-secret + ## + existingErlangSecret: "" + + ## Enable encryption to rabbitmq + ## ref: https://www.rabbitmq.com/ssl.html + ## @param auth.tls.enabled Enable TLS support on RabbitMQ + ## @param auth.tls.autoGenerated Generate automatically self-signed TLS certificates + ## @param auth.tls.failIfNoPeerCert When set to true, TLS connection will be rejected if client fails to provide a certificate + ## @param auth.tls.sslOptionsVerify Should [peer verification](https://www.rabbitmq.com/ssl.html#peer-verification) be enabled? + ## @param auth.tls.caCertificate Certificate Authority (CA) bundle content + ## @param auth.tls.serverCertificate Server certificate content + ## @param auth.tls.serverKey Server private key content + ## @param auth.tls.existingSecret Existing secret with certificate content to RabbitMQ credentials + ## @param auth.tls.existingSecretFullChain Whether or not the existing secret contains the full chain in the certificate (`tls.crt`). Will be used in place of `ca.cert` if `true`. + ## + tls: + enabled: false + autoGenerated: false + failIfNoPeerCert: true + sslOptionsVerify: verify_peer + caCertificate: |- + serverCertificate: |- + serverKey: |- + existingSecret: "" + existingSecretFullChain: false + +## @param logs Path of the RabbitMQ server's Erlang log file. Value for the `RABBITMQ_LOGS` environment variable +## ref: https://www.rabbitmq.com/logging.html#log-file-location +## +logs: "-" + +## @param ulimitNofiles RabbitMQ Max File Descriptors +## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables +## ref: https://www.rabbitmq.com/install-debian.html#kernel-resource-limits +## +ulimitNofiles: "65536" + +## RabbitMQ maximum available scheduler threads and online scheduler threads. By default it will create a thread per CPU detected, with the following parameters you can tune it manually. +## ref: https://hamidreza-s.github.io/erlang/scheduling/real-time/preemptive/migration/2016/02/09/erlang-scheduler-details.html#scheduler-threads +## ref: https://github.com/bitnami/charts/issues/2189 +## @param maxAvailableSchedulers RabbitMQ maximum available scheduler threads +## @param onlineSchedulers RabbitMQ online scheduler threads +## +maxAvailableSchedulers: "" +onlineSchedulers: "" + +## The memory threshold under which RabbitMQ will stop reading from client network sockets, in order to avoid being killed by the OS +## ref: https://www.rabbitmq.com/alarms.html +## ref: https://www.rabbitmq.com/memory.html#threshold +## +memoryHighWatermark: + ## @param memoryHighWatermark.enabled Enable configuring Memory high watermark on RabbitMQ + ## + enabled: false + ## @param memoryHighWatermark.type Memory high watermark type. Either `absolute` or `relative` + ## + type: "relative" + ## Memory high watermark value. + ## @param memoryHighWatermark.value Memory high watermark value + ## The default value of 0.4 stands for 40% of available RAM + ## Note: the memory relative limit is applied to the resource.limits.memory to calculate the memory threshold + ## You can also use an absolute value, e.g.: 256MB + ## + value: 0.4 + +## @param plugins List of default plugins to enable (should only be altered to remove defaults; for additional plugins use `extraPlugins`) +## +plugins: "rabbitmq_management rabbitmq_peer_discovery_k8s" + +## @param communityPlugins List of Community plugins (URLs) to be downloaded during container initialization +## Combine it with extraPlugins to also enable them. +## +communityPlugins: "" + +## @param extraPlugins Extra plugins to enable (single string containing a space-separated list) +## Use this instead of `plugins` to add new plugins +## +extraPlugins: "rabbitmq_auth_backend_ldap" + +## Clustering settings +## +clustering: + ## @param clustering.enabled Enable RabbitMQ clustering + ## + enabled: true + ## @param clustering.addressType Switch clustering mode. Either `ip` or `hostname` + ## + addressType: hostname + ## @param clustering.rebalance Rebalance master for queues in cluster when new replica is created + ## ref: https://www.rabbitmq.com/rabbitmq-queues.8.html#rebalance + ## + rebalance: false + + ## @param clustering.forceBoot Force boot of an unexpectedly shut down cluster (in an unexpected order). + ## forceBoot executes 'rabbitmqctl force_boot' to force boot cluster shut down unexpectedly in an unknown order + ## ref: https://www.rabbitmq.com/rabbitmqctl.8.html#force_boot + ## + forceBoot: false + + ## @param clustering.partitionHandling Switch Partition Handling Strategy. Either `autoheal` or `pause-minority` or `pause-if-all-down` or `ignore` + ## ref: https://www.rabbitmq.com/partitions.html#automatic-handling + ## + partitionHandling: autoheal + +## Loading a RabbitMQ definitions file to configure RabbitMQ +## +loadDefinition: + ## @param loadDefinition.enabled Enable loading a RabbitMQ definitions file to configure RabbitMQ + ## + enabled: false + ## @param loadDefinition.file Name of the definitions file + ## + file: "/app/load_definition.json" + ## @param loadDefinition.existingSecret Existing secret with the load definitions file + ## Can be templated if needed, e.g: + ## existingSecret: "{{ .Release.Name }}-load-definition" + ## + existingSecret: "" + +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] + +## @param terminationGracePeriodSeconds Default duration in seconds k8s waits for container to exit before sending kill signal. +## Any time in excess of 10 seconds will be spent waiting for any synchronization necessary for cluster not to lose data. +## +terminationGracePeriodSeconds: 120 + +## @param extraEnvVars Extra environment variables to add to RabbitMQ pods +## E.g: +## extraEnvVars: +## - name: FOO +## value: BAR +## +extraEnvVars: [] + +## @param extraEnvVarsCM Name of existing ConfigMap containing extra environment variables +## +extraEnvVarsCM: "" + +## @param extraEnvVarsSecret Name of existing Secret containing extra environment variables (in case of sensitive data) +## +extraEnvVarsSecret: "" + +## @param extraContainerPorts Extra ports to be included in container spec, primarily informational +## E.g: +## extraContainerPorts: +## - name: new_port_name +## containerPort: 1234 +## +extraContainerPorts: [] + +## @param configuration [string] RabbitMQ Configuration file content: required cluster configuration +## Do not override unless you know what you are doing. +## To add more configuration, use `extraConfiguration` of `advancedConfiguration` instead +## +configuration: |- + ## Username and password + ## + default_user = {{ .Values.auth.username }} + default_pass = CHANGEME + {{- if .Values.clustering.enabled }} + ## Clustering + ## + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default.svc.{{ .Values.clusterDomain }} + cluster_formation.node_cleanup.interval = 10 + cluster_formation.node_cleanup.only_log_warning = true + cluster_partition_handling = {{ .Values.clustering.partitionHandling }} + {{- end }} + {{- if .Values.loadDefinition.enabled }} + load_definitions = {{ .Values.loadDefinition.file }} + {{- end }} + # queue master locator + queue_master_locator = min-masters + # enable guest user + loopback_users.guest = false + {{ tpl .Values.extraConfiguration . }} + {{- if .Values.auth.tls.enabled }} + ssl_options.verify = {{ .Values.auth.tls.sslOptionsVerify }} + listeners.ssl.default = {{ .Values.service.tlsPort }} + ssl_options.fail_if_no_peer_cert = {{ .Values.auth.tls.failIfNoPeerCert }} + ssl_options.cacertfile = /opt/bitnami/rabbitmq/certs/ca_certificate.pem + ssl_options.certfile = /opt/bitnami/rabbitmq/certs/server_certificate.pem + ssl_options.keyfile = /opt/bitnami/rabbitmq/certs/server_key.pem + {{- end }} + {{- if .Values.ldap.enabled }} + auth_backends.1 = rabbit_auth_backend_ldap + auth_backends.2 = internal + {{- range $index, $server := .Values.ldap.servers }} + auth_ldap.servers.{{ add $index 1 }} = {{ $server }} + {{- end }} + auth_ldap.port = {{ .Values.ldap.port }} + auth_ldap.user_dn_pattern = {{ .Values.ldap.user_dn_pattern }} + {{- if .Values.ldap.tls.enabled }} + auth_ldap.use_ssl = true + {{- end }} + {{- end }} + {{- if .Values.metrics.enabled }} + ## Prometheus metrics + ## + prometheus.tcp.port = 9419 + {{- end }} + {{- if .Values.memoryHighWatermark.enabled }} + ## Memory Threshold + ## + total_memory_available_override_value = {{ include "rabbitmq.toBytes" .Values.resources.limits.memory }} + vm_memory_high_watermark.{{ .Values.memoryHighWatermark.type }} = {{ .Values.memoryHighWatermark.value }} + {{- end }} + +## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration +## Use this instead of `configuration` to add more configuration +## +extraConfiguration: |- + #default_vhost = {{ .Release.Namespace }}-vhost + #disk_free_limit.absolute = 50MB + +## @param advancedConfiguration Configuration file content: advanced configuration +## Use this as additional configuration in classic config format (Erlang term configuration format) +## +## If you set LDAP with TLS/SSL enabled and you are using self-signed certificates, uncomment these lines. +## advancedConfiguration: |- +## [{ +## rabbitmq_auth_backend_ldap, +## [{ +## ssl_options, +## [{ +## verify, verify_none +## }, { +## fail_if_no_peer_cert, +## false +## }] +## ]} +## }]. +## +advancedConfiguration: |- + +## LDAP configuration +## +ldap: + ## @param ldap.enabled Enable LDAP support + ## + enabled: false + ## @param ldap.servers List of LDAP servers hostnames + ## + servers: [] + ## @param ldap.port LDAP servers port + ## + port: "389" + ## Pattern used to translate the provided username into a value to be used for the LDAP bind + ## @param ldap.user_dn_pattern Pattern used to translate the provided username into a value to be used for the LDAP bind + ## ref: https://www.rabbitmq.com/ldap.html#usernames-and-dns + ## + user_dn_pattern: cn=${username},dc=example,dc=org + tls: + ## @param ldap.tls.enabled If you enable TLS/SSL you can set advanced options using the `advancedConfiguration` parameter + ## + enabled: false + +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts +## Examples: +## extraVolumeMounts: +## - name: extras +## mountPath: /usr/share/extras +## readOnly: true +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes . +## Example: +## extraVolumes: +## - name: extras +## emptyDir: {} +## +extraVolumes: [] + +## @param extraSecrets Optionally specify extra secrets to be created by the chart. +## This can be useful when combined with load_definitions to automatically create the secret containing the definitions to be loaded. +## Example: +## extraSecrets: +## load-definition: +## load_definition.json: | +## { +## ... +## } +## +extraSecrets: {} +## @param extraSecretsPrependReleaseName Set this flag to true if extraSecrets should be created with prepended. +## +extraSecretsPrependReleaseName: false + +## @section Statefulset parameters +## + +## @param replicaCount Number of RabbitMQ replicas to deploy +## +replicaCount: 1 + +## @param schedulerName Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" + +## RabbitMQ should be initialized one by one when building cluster for the first time. +## Therefore, the default value of podManagementPolicy is 'OrderedReady' +## Once the RabbitMQ participates in the cluster, it waits for a response from another +## RabbitMQ in the same cluster at reboot, except the last RabbitMQ of the same cluster. +## If the cluster exits gracefully, you do not need to change the podManagementPolicy +## because the first RabbitMQ of the statefulset always will be last of the cluster. +## However if the last RabbitMQ of the cluster is not the first RabbitMQ due to a failure, +## you must change podManagementPolicy to 'Parallel'. +## ref : https://www.rabbitmq.com/clustering.html#restarting +## @param podManagementPolicy Pod management policy +## +podManagementPolicy: OrderedReady + +## @param podLabels RabbitMQ Pod labels. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} + +## @param podAnnotations RabbitMQ Pod annotations. Evaluated as a template +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +## @param updateStrategyType Update strategy type for RabbitMQ statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategyType: RollingUpdate + +## @param statefulsetLabels RabbitMQ statefulset labels. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +statefulsetLabels: {} + +## @param priorityClassName Name of the priority class to be used by RabbitMQ pods, priority class needs to be created beforehand +## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" + +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" + +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft + +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + +## @param affinity Affinity for pod assignment. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} + +## @param nodeSelector Node labels for pod assignment. Evaluated as a template +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## @param tolerations Tolerations for pod assignment. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] + +## RabbitMQ pods' Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable RabbitMQ pods' Security Context +## @param podSecurityContext.fsGroup Group ID for the filesystem used by the containers +## @param podSecurityContext.runAsUser User ID for the service user running the pod +## +podSecurityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +## @param containerSecurityContext RabbitMQ containers' Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Example: +## containerSecurityContext: +## capabilities: +## drop: ["NET_RAW"] +## readOnlyRootFilesystem: true +## +containerSecurityContext: {} + +## RabbitMQ containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for RabbitMQ containers +## @param resources.requests The requested resources for RabbitMQ containers +## +resources: + ## Example: + ## limits: + ## cpu: 1000m + ## memory: 2Gi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 1000m + ## memory: 2Gi + ## + requests: {} + +## Configure RabbitMQ containers' extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 120 + timeoutSeconds: 20 + periodSeconds: 30 + failureThreshold: 6 + successThreshold: 1 +## Configure RabbitMQ containers' extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 10 + timeoutSeconds: 20 + periodSeconds: 30 + failureThreshold: 3 + successThreshold: 1 + +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} + +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} + +## @param customStartupProbe Define a custom startup probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes +## +customStartupProbe: {} + +## @param initContainers Add init containers to the RabbitMQ pod +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] + +## @param sidecars Add sidecar containers to the RabbitMQ pod +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] + +## Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + maxUnavailable: "" + +## @section RBAC parameters +## + +## RabbitMQ pods ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for RabbitMQ pods + ## + create: true + ## @param serviceAccount.name Name of the created serviceAccount + ## If not set and create is true, a name is generated using the rabbitmq.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod + ## + automountServiceAccountToken: true + +## Role Based Access +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## @param rbac.create Whether RBAC rules should be created + ## binding RabbitMQ ServiceAccount to a role + ## that allows RabbitMQ pods querying the K8s API + ## + create: true + +## @section Persistence parameters +## + +persistence: + ## @param persistence.enabled Enable RabbitMQ data persistence using PVC + ## + enabled: true + + ## @param persistence.storageClass PVC Storage Class for RabbitMQ data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param persistence.accessMode PVC Access Mode for RabbitMQ data volume + ## + accessMode: ReadWriteOnce + + ## @param persistence.existingClaim Provide an existing PersistentVolumeClaims + ## The value is evaluated as a template + ## So, for example, the name can depend on .Release or .Chart + ## + existingClaim: "" + ## @param persistence.mountPath The path the volume will be mounted at + ## Note: useful when using custom RabbitMQ images + ## + mountPath: /bitnami/rabbitmq/mnesia + ## @param persistence.subPath The subdirectory of the volume to mount to + ## Useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param persistence.size PVC Storage Request for RabbitMQ data volume + ## If you change this value, you might have to adjust `rabbitmq.diskFreeLimit` as well + ## + size: 8Gi + + ## @param persistence.volumes Additional volumes without creating PVC + ## - name: volume_name + ## emptyDir: {} + ## + volumes: [] + ## @param persistence.annotations Persistence annotations. Evaluated as a template + ## Example: + ## annotations: + ## example.io/disk-volume-type: SSD + ## + annotations: {} + +## @section Exposure parameters +## + +## Kubernetes service type +## +service: + ## @param service.type Kubernetes Service type + ## + type: ClusterIP + + ## @param service.portEnabled Amqp port. Cannot be disabled when `auth.tls.enabled` is `false`. Listener can be disabled with `listeners.tcp = none`. + ## + portEnabled: true + + ## @param service.port Amqp port + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + port: 5672 + + ## @param service.portName Amqp service port name + ## + portName: amqp + + ## @param service.tlsPort Amqp TLS port + ## + tlsPort: 5671 + + ## @param service.tlsPortName Amqp TLS service port name + ## + tlsPortName: amqp-ssl + + ## @param service.nodePort Node port override for `amqp` port, if serviceType is `NodePort` or `LoadBalancer` + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## e.g: + ## nodePort: 30672 + ## + nodePort: "" + + ## @param service.tlsNodePort Node port override for `amqp-ssl` port, if serviceType is `NodePort` or `LoadBalancer` + ## e.g: + ## tlsNodePort: 30671 + ## + tlsNodePort: "" + + ## @param service.distPortEnabled Erlang distribution server port + ## + distPortEnabled: true + + ## @param service.distPort Erlang distribution server port + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + distPort: 25672 + + ## @param service.distPortName Erlang distribution service port name + ## + distPortName: dist + + ## @param service.distNodePort Node port override for `dist` port, if serviceType is `NodePort` + ## e.g: + ## distNodePort: 30676 + ## + distNodePort: "" + + ## @param service.managerPortEnabled RabbitMQ Manager port + ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables + ## + managerPortEnabled: true + + ## @param service.managerPort RabbitMQ Manager port + ## + managerPort: 15672 + + ## @param service.managerPortName RabbitMQ Manager service port name + ## + managerPortName: http-stats + + ## @param service.managerNodePort Node port override for `http-stats` port, if serviceType `NodePort` + ## e.g: + ## managerNodePort: 30673 + ## + managerNodePort: "" + + ## @param service.metricsPort RabbitMQ Prometheues metrics port + ## + metricsPort: 9419 + + ## @param service.metricsPortName RabbitMQ Prometheues metrics service port name + ## + metricsPortName: metrics + + ## @param service.metricsNodePort Node port override for `metrics` port, if serviceType is `NodePort` + ## e.g: + ## metricsNodePort: 30674 + ## + metricsNodePort: "" + + ## @param service.epmdPortEnabled RabbitMQ EPMD Discovery service port + ## + epmdPortEnabled: true + + ## @param service.epmdNodePort Node port override for `epmd` port, if serviceType is `NodePort` + ## e.g: + ## epmdNodePort: 30675 + ## + epmdNodePort: "" + + ## @param service.epmdPortName EPMD Discovery service port name + ## + epmdPortName: epmd + + ## @param service.extraPorts Extra ports to expose in the service + ## E.g.: + ## extraPorts: + ## - name: new_svc_name + ## port: 1234 + ## targetPort: 1234 + ## + extraPorts: [] + + ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is `LoadBalancer` + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + + ## @param service.externalIPs Set the ExternalIPs + ## + externalIPs: [] + + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + + ## @param service.loadBalancerIP Set the LoadBalancerIP + ## + loadBalancerIP: "" + + ## @param service.labels Service labels. Evaluated as a template + ## + labels: {} + + ## @param service.annotations Service annotations. Evaluated as a template + ## Example: + ## annotations: + ## service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 + ## + annotations: {} + ## @param service.annotationsHeadless Headless Service annotations. Evaluated as a template + ## Example: + ## annotations: + ## external-dns.alpha.kubernetes.io/internal-hostname: rabbitmq.example.com + ## + annotationsHeadless: {} + +## Configure the ingress resource that allows you to access the +## RabbitMQ installation. Set up the URL +## ref: https://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress resource for Management console + ## + enabled: false + + ## @param ingress.path Path for the default host. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + + ## @param ingress.hostname Default host for the ingress resource + ## + hostname: rabbitmq.local + + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + + ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Relay on cert-manager to create it by setting the corresponding annotations + ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + + ## DEPRECATED: Use ingress.annotations instead of ingress.certManager + ## certManager: false + ## + + ## @param ingress.selfSigned Set this to true in order to create a TLS secret for this ingress record + ## using self-signed certificates generated by Helm + ## + selfSigned: false + + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## e.g: + ## extraHosts: + ## - name: rabbitmq.local + ## path: / + ## + extraHosts: [] + + ## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template + ## Useful when looking for additional customization, such as using different backend + ## + extraRules: [] + + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - rabbitmq.local + ## secretName: rabbitmq.local-tls + ## + extraTls: [] + + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: rabbitmq.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports RabbitMQ is listening + ## on. When true, RabbitMQ will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.additionalRules Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. + ## e.g: + ## additionalRules: + ## - matchLabels: + ## - role: frontend + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + additionalRules: [] + +## @section Metrics Parameters +## + +## Prometheus Metrics +## +metrics: + ## @param metrics.enabled Enable exposing RabbitMQ metrics to be gathered by Prometheus + ## + enabled: false + + ## @param metrics.plugins Plugins to enable Prometheus metrics in RabbitMQ + ## + plugins: "rabbitmq_prometheus" + ## Prometheus pod annotations + ## @param metrics.podAnnotations [object] Annotations for enabling prometheus to access the metrics endpoint + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.service.metricsPort }}" + + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabellings MetricsRelabelConfigs to apply to samples before ingestion. DEPRECATED: Will be removed in next major. + ## + relabellings: [] + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.additionalLabels Used to pass Labels that are required by the installed Prometheus Operator + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## @param metrics.serviceMonitor.targetLabels Used to keep given service's labels in target + ## e.g: + ## - app.kubernetes.io/name + ## + targetLabels: {} + ## @param metrics.serviceMonitor.podTargetLabels Used to keep given pod's labels in target + ## e.g: + ## - app.kubernetes.io/name + ## + podTargetLabels: {} + ## @param metrics.serviceMonitor.path Define the path used by ServiceMonitor to scrap metrics + ## Could be /metrics for aggregated metrics or /metrics/per-object for more details + ## + path: "" + + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator + ## + enabled: false + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.namespace namespace where prometheusRules resource should be created + ## + namespace: "" + ## List of rules, used as template by Helm. + ## @param metrics.prometheusRule.rules List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + ## rules: + ## - alert: RabbitmqDown + ## expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + ## for: 5m + ## labels: + ## severity: error + ## annotations: + ## summary: Rabbitmq down (instance {{ "{{ $labels.instance }}" }}) + ## description: RabbitMQ node down + ## - alert: ClusterDown + ## expr: | + ## sum(rabbitmq_running{service="{{ template "rabbitmq.fullname" . }}"}) + ## < {{ .Values.replicaCount }} + ## for: 5m + ## labels: + ## severity: error + ## annotations: + ## summary: Cluster down (instance {{ "{{ $labels.instance }}" }}) + ## description: | + ## Less than {{ .Values.replicaCount }} nodes running in RabbitMQ cluster + ## VALUE = {{ "{{ $value }}" }} + ## - alert: ClusterPartition + ## expr: rabbitmq_partitions{service="{{ template "rabbitmq.fullname" . }}"} > 0 + ## for: 5m + ## labels: + ## severity: error + ## annotations: + ## summary: Cluster partition (instance {{ "{{ $labels.instance }}" }}) + ## description: | + ## Cluster partition + ## VALUE = {{ "{{ $value }}" }} + ## - alert: OutOfMemory + ## expr: | + ## rabbitmq_node_mem_used{service="{{ template "rabbitmq.fullname" . }}"} + ## / rabbitmq_node_mem_limit{service="{{ template "rabbitmq.fullname" . }}"} + ## * 100 > 90 + ## for: 5m + ## labels: + ## severity: warning + ## annotations: + ## summary: Out of memory (instance {{ "{{ $labels.instance }}" }}) + ## description: | + ## Memory available for RabbmitMQ is low (< 10%)\n VALUE = {{ "{{ $value }}" }} + ## LABELS: {{ "{{ $labels }}" }} + ## - alert: TooManyConnections + ## expr: rabbitmq_connectionsTotal{service="{{ template "rabbitmq.fullname" . }}"} > 1000 + ## for: 5m + ## labels: + ## severity: warning + ## annotations: + ## summary: Too many connections (instance {{ "{{ $labels.instance }}" }}) + ## description: | + ## RabbitMQ instance has too many connections (> 1000) + ## VALUE = {{ "{{ $value }}" }}\n LABELS: {{ "{{ $labels }}" }} + ## + rules: [] + +## @section Init Container Parameters +## + +## Init Container parameters +## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component +## values from the securityContext section of the component +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r394 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resources.limits Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} diff --git a/packer/ansible/roles/helm_install/files/redis/.helmignore b/packer/ansible/roles/helm_install/files/redis/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/packer/ansible/roles/helm_install/files/redis/Chart.lock b/packer/ansible/roles/helm_install/files/redis/Chart.lock new file mode 100644 index 0000000..93fb935 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.17.1 +digest: sha256:dacc73770a5640c011e067ff8840ddf89631fc19016c8d0a9e5ea160e7da8690 +generated: "2022-09-21T17:20:26.455768358+09:00" diff --git a/packer/ansible/roles/helm_install/files/redis/Chart.yaml b/packer/ansible/roles/helm_install/files/redis/Chart.yaml new file mode 100644 index 0000000..f07aa1d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 6.2.6 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: Redis(TM) is an open source, advanced key-value store. It is often referred + to as a data structure server since keys can contain strings, hashes, lists, sets + and sorted sets. +home: https://github.com/bitnami/charts/tree/master/bitnami/redis +icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png +keywords: +- redis +- keyvalue +- database +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: redis +sources: +- https://github.com/bitnami/bitnami-docker-redis +version: 16.6.0 diff --git a/packer/ansible/roles/helm_install/files/redis/README.md b/packer/ansible/roles/helm_install/files/redis/README.md new file mode 100644 index 0000000..a952b20 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/README.md @@ -0,0 +1,866 @@ + + +# Redis(TM) packaged by Bitnami + +Redis(TM) is an open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. + +[Overview of Redis™](http://redis.io) + +Disclaimer: Redis is a registered trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by Bitnami is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd. + +## TL;DR + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/redis +``` + +## Introduction + +This chart bootstraps a [Redis™](https://github.com/bitnami/bitnami-docker-redis) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +### Choose between Redis™ Helm Chart and Redis™ Cluster Helm Chart + +You can choose any of the two Redis™ Helm charts for deploying a Redis™ cluster. + +1. [Redis™ Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis) will deploy a master-slave cluster, with the [option](https://github.com/bitnami/charts/tree/master/bitnami/redis#redis-sentinel-configuration-parameters) of enabling using Redis™ Sentinel. +2. [Redis™ Cluster Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) will deploy a Redis™ Cluster topology with sharding. + +The main features of each chart are the following: + +| Redis™ | Redis™ Cluster | +|--------------------------------------------------------|------------------------------------------------------------------------| +| Supports multiple databases | Supports only one database. Better if you have a big dataset | +| Single write point (single master) | Multiple write points (multiple masters) | +| ![Redis™ Topology](img/redis-topology.png) | ![Redis™ Cluster Topology](img/redis-cluster-topology.png) | + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release bitnami/redis +``` + +The command deploys Redis™ on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | -------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.redis.password` | Global Redis™ password (overrides `auth.password`) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### Redis™ Image parameters + +| Name | Description | Value | +| ------------------- | ------------------------------------------------------- | ---------------------- | +| `image.registry` | Redis™ image registry | `docker.io` | +| `image.repository` | Redis™ image repository | `bitnami/redis` | +| `image.tag` | Redis™ image tag (immutable tags are recommended) | `6.2.6-debian-10-r146` | +| `image.pullPolicy` | Redis™ image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Redis™ image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | + + +### Redis™ common configuration parameters + +| Name | Description | Value | +| -------------------------------- | --------------------------------------------------------------------------------------- | ------------- | +| `architecture` | Redis™ architecture. Allowed values: `standalone` or `replication` | `replication` | +| `auth.enabled` | Enable password authentication | `true` | +| `auth.sentinel` | Enable password authentication on sentinels too | `true` | +| `auth.password` | Redis™ password | `""` | +| `auth.existingSecret` | The name of an existing secret with Redis™ credentials | `""` | +| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` | +| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | +| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` | +| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Redis™ nodes | `""` | + + +### Redis™ master configuration parameters + +| Name | Description | Value | +| ------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------------------------ | +| `master.configuration` | Configuration for Redis™ master nodes | `""` | +| `master.disableCommands` | Array with Redis™ commands to disable on master nodes | `["FLUSHDB","FLUSHALL"]` | +| `master.command` | Override default container command (useful when using custom images) | `[]` | +| `master.args` | Override default container args (useful when using custom images) | `[]` | +| `master.preExecCmds` | Additional commands to run prior to starting Redis™ master | `[]` | +| `master.extraFlags` | Array with additional command line flags for Redis™ master | `[]` | +| `master.extraEnvVars` | Array with extra environment variables to add to Redis™ master nodes | `[]` | +| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis™ master nodes | `""` | +| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis™ master nodes | `""` | +| `master.containerPorts.redis` | Container port to open on Redis™ master nodes | `6379` | +| `master.startupProbe.enabled` | Enable startupProbe on Redis™ master nodes | `false` | +| `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `20` | +| `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `master.livenessProbe.enabled` | Enable livenessProbe on Redis™ master nodes | `true` | +| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | +| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `master.readinessProbe.enabled` | Enable readinessProbe on Redis™ master nodes | `true` | +| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | +| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `master.resources.limits` | The resources limits for the Redis™ master containers | `{}` | +| `master.resources.requests` | The requested resources for the Redis™ master containers | `{}` | +| `master.podSecurityContext.enabled` | Enabled Redis™ master pods' Security Context | `true` | +| `master.podSecurityContext.fsGroup` | Set Redis™ master pod's Security Context fsGroup | `1001` | +| `master.containerSecurityContext.enabled` | Enabled Redis™ master containers' Security Context | `true` | +| `master.containerSecurityContext.runAsUser` | Set Redis™ master containers' Security Context runAsUser | `1001` | +| `master.kind` | Use either Deployment or StatefulSet (default) | `StatefulSet` | +| `master.schedulerName` | Alternate scheduler for Redis™ master pods | `""` | +| `master.updateStrategy.type` | Redis™ master statefulset strategy type | `RollingUpdate` | +| `master.priorityClassName` | Redis™ master pods' priorityClassName | `""` | +| `master.hostAliases` | Redis™ master pods host aliases | `[]` | +| `master.podLabels` | Extra labels for Redis™ master pods | `{}` | +| `master.podAnnotations` | Annotations for Redis™ master pods | `{}` | +| `master.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis™ master pods | `false` | +| `master.podAffinityPreset` | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `master.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `master.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `master.nodeAffinityPreset.key` | Node label key to match. Ignored if `master.affinity` is set | `""` | +| `master.nodeAffinityPreset.values` | Node label values to match. Ignored if `master.affinity` is set | `[]` | +| `master.affinity` | Affinity for Redis™ master pods assignment | `{}` | +| `master.nodeSelector` | Node labels for Redis™ master pods assignment | `{}` | +| `master.tolerations` | Tolerations for Redis™ master pods assignment | `[]` | +| `master.topologySpreadConstraints` | Spread Constraints for Redis™ master pod assignment | `[]` | +| `master.lifecycleHooks` | for the Redis™ master container(s) to automate configuration before or after startup | `{}` | +| `master.extraVolumes` | Optionally specify extra list of additional volumes for the Redis™ master pod(s) | `[]` | +| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis™ master container(s) | `[]` | +| `master.sidecars` | Add additional sidecar containers to the Redis™ master pod(s) | `[]` | +| `master.initContainers` | Add additional init containers to the Redis™ master pod(s) | `[]` | +| `master.persistence.enabled` | Enable persistence on Redis™ master nodes using Persistent Volume Claims | `true` | +| `master.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `master.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | +| `master.persistence.path` | The path the volume will be mounted at on Redis™ master containers | `/data` | +| `master.persistence.subPath` | The subdirectory of the volume to mount on Redis™ master containers | `""` | +| `master.persistence.storageClass` | Persistent Volume storage class | `""` | +| `master.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | +| `master.persistence.size` | Persistent Volume size | `8Gi` | +| `master.persistence.annotations` | Additional custom annotations for the PVC | `{}` | +| `master.persistence.selector` | Additional labels to match for the PVC | `{}` | +| `master.persistence.dataSource` | Custom PVC data source | `{}` | +| `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | +| `master.service.type` | Redis™ master service type | `ClusterIP` | +| `master.service.ports.redis` | Redis™ master service port | `6379` | +| `master.service.nodePorts.redis` | Node port for Redis™ master | `""` | +| `master.service.externalTrafficPolicy` | Redis™ master service external traffic policy | `Cluster` | +| `master.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `master.service.clusterIP` | Redis™ master service Cluster IP | `""` | +| `master.service.loadBalancerIP` | Redis™ master service Load Balancer IP | `""` | +| `master.service.loadBalancerSourceRanges` | Redis™ master service Load Balancer sources | `[]` | +| `master.service.annotations` | Additional custom annotations for Redis™ master service | `{}` | +| `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` | + + +### Redis™ replicas configuration parameters + +| Name | Description | Value | +| -------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------------------------ | +| `replica.replicaCount` | Number of Redis™ replicas to deploy | `3` | +| `replica.configuration` | Configuration for Redis™ replicas nodes | `""` | +| `replica.disableCommands` | Array with Redis™ commands to disable on replicas nodes | `["FLUSHDB","FLUSHALL"]` | +| `replica.command` | Override default container command (useful when using custom images) | `[]` | +| `replica.args` | Override default container args (useful when using custom images) | `[]` | +| `replica.preExecCmds` | Additional commands to run prior to starting Redis™ replicas | `[]` | +| `replica.extraFlags` | Array with additional command line flags for Redis™ replicas | `[]` | +| `replica.extraEnvVars` | Array with extra environment variables to add to Redis™ replicas nodes | `[]` | +| `replica.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis™ replicas nodes | `""` | +| `replica.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis™ replicas nodes | `""` | +| `replica.externalMaster.enabled` | Use external master for bootstrapping | `false` | +| `replica.externalMaster.host` | External master host to bootstrap from | `""` | +| `replica.externalMaster.port` | Port for Redis service external master host | `6379` | +| `replica.containerPorts.redis` | Container port to open on Redis™ replicas nodes | `6379` | +| `replica.startupProbe.enabled` | Enable startupProbe on Redis™ replicas nodes | `true` | +| `replica.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `replica.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `replica.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `replica.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | +| `replica.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `replica.livenessProbe.enabled` | Enable livenessProbe on Redis™ replicas nodes | `true` | +| `replica.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | +| `replica.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `replica.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `replica.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `replica.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `replica.readinessProbe.enabled` | Enable readinessProbe on Redis™ replicas nodes | `true` | +| `replica.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | +| `replica.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `replica.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `replica.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `replica.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `replica.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `replica.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `replica.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `replica.resources.limits` | The resources limits for the Redis™ replicas containers | `{}` | +| `replica.resources.requests` | The requested resources for the Redis™ replicas containers | `{}` | +| `replica.podSecurityContext.enabled` | Enabled Redis™ replicas pods' Security Context | `true` | +| `replica.podSecurityContext.fsGroup` | Set Redis™ replicas pod's Security Context fsGroup | `1001` | +| `replica.containerSecurityContext.enabled` | Enabled Redis™ replicas containers' Security Context | `true` | +| `replica.containerSecurityContext.runAsUser` | Set Redis™ replicas containers' Security Context runAsUser | `1001` | +| `replica.schedulerName` | Alternate scheduler for Redis™ replicas pods | `""` | +| `replica.updateStrategy.type` | Redis™ replicas statefulset strategy type | `RollingUpdate` | +| `replica.priorityClassName` | Redis™ replicas pods' priorityClassName | `""` | +| `replica.podManagementPolicy` | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods | `""` | +| `replica.hostAliases` | Redis™ replicas pods host aliases | `[]` | +| `replica.podLabels` | Extra labels for Redis™ replicas pods | `{}` | +| `replica.podAnnotations` | Annotations for Redis™ replicas pods | `{}` | +| `replica.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis™ replicas pods | `false` | +| `replica.podAffinityPreset` | Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `replica.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `replica.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `replica.nodeAffinityPreset.key` | Node label key to match. Ignored if `replica.affinity` is set | `""` | +| `replica.nodeAffinityPreset.values` | Node label values to match. Ignored if `replica.affinity` is set | `[]` | +| `replica.affinity` | Affinity for Redis™ replicas pods assignment | `{}` | +| `replica.nodeSelector` | Node labels for Redis™ replicas pods assignment | `{}` | +| `replica.tolerations` | Tolerations for Redis™ replicas pods assignment | `[]` | +| `replica.topologySpreadConstraints` | Spread Constraints for Redis™ replicas pod assignment | `[]` | +| `replica.lifecycleHooks` | for the Redis™ replica container(s) to automate configuration before or after startup | `{}` | +| `replica.extraVolumes` | Optionally specify extra list of additional volumes for the Redis™ replicas pod(s) | `[]` | +| `replica.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis™ replicas container(s) | `[]` | +| `replica.sidecars` | Add additional sidecar containers to the Redis™ replicas pod(s) | `[]` | +| `replica.initContainers` | Add additional init containers to the Redis™ replicas pod(s) | `[]` | +| `replica.persistence.enabled` | Enable persistence on Redis™ replicas nodes using Persistent Volume Claims | `true` | +| `replica.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | +| `replica.persistence.path` | The path the volume will be mounted at on Redis™ replicas containers | `/data` | +| `replica.persistence.subPath` | The subdirectory of the volume to mount on Redis™ replicas containers | `""` | +| `replica.persistence.storageClass` | Persistent Volume storage class | `""` | +| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | +| `replica.persistence.size` | Persistent Volume size | `8Gi` | +| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` | +| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` | +| `replica.persistence.dataSource` | Custom PVC data source | `{}` | +| `replica.service.type` | Redis™ replicas service type | `ClusterIP` | +| `replica.service.ports.redis` | Redis™ replicas service port | `6379` | +| `replica.service.nodePorts.redis` | Node port for Redis™ replicas | `""` | +| `replica.service.externalTrafficPolicy` | Redis™ replicas service external traffic policy | `Cluster` | +| `replica.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `replica.service.clusterIP` | Redis™ replicas service Cluster IP | `""` | +| `replica.service.loadBalancerIP` | Redis™ replicas service Load Balancer IP | `""` | +| `replica.service.loadBalancerSourceRanges` | Redis™ replicas service Load Balancer sources | `[]` | +| `replica.service.annotations` | Additional custom annotations for Redis™ replicas service | `{}` | +| `replica.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-replicas pods | `30` | +| `replica.autoscaling.enabled` | Enable replica autoscaling settings | `false` | +| `replica.autoscaling.minReplicas` | Minimum replicas for the pod autoscaling | `1` | +| `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` | +| `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` | +| `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` | + + +### Redis™ Sentinel configuration parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `sentinel.enabled` | Use Redis™ Sentinel on Redis™ pods. | `false` | +| `sentinel.image.registry` | Redis™ Sentinel image registry | `docker.io` | +| `sentinel.image.repository` | Redis™ Sentinel image repository | `bitnami/redis-sentinel` | +| `sentinel.image.tag` | Redis™ Sentinel image tag (immutable tags are recommended) | `6.2.6-debian-10-r144` | +| `sentinel.image.pullPolicy` | Redis™ Sentinel image pull policy | `IfNotPresent` | +| `sentinel.image.pullSecrets` | Redis™ Sentinel image pull secrets | `[]` | +| `sentinel.image.debug` | Enable image debug mode | `false` | +| `sentinel.masterSet` | Master set name | `mymaster` | +| `sentinel.quorum` | Sentinel Quorum | `2` | +| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `220` | +| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` | +| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis™ node is down | `60000` | +| `sentinel.failoverTimeout` | Timeout for performing a election failover | `18000` | +| `sentinel.parallelSyncs` | Number of replicas that can be reconfigured in parallel to use the new master after a failover | `1` | +| `sentinel.configuration` | Configuration for Redis™ Sentinel nodes | `""` | +| `sentinel.command` | Override default container command (useful when using custom images) | `[]` | +| `sentinel.args` | Override default container args (useful when using custom images) | `[]` | +| `sentinel.preExecCmds` | Additional commands to run prior to starting Redis™ Sentinel | `[]` | +| `sentinel.extraEnvVars` | Array with extra environment variables to add to Redis™ Sentinel nodes | `[]` | +| `sentinel.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis™ Sentinel nodes | `""` | +| `sentinel.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis™ Sentinel nodes | `""` | +| `sentinel.externalMaster.enabled` | Use external master for bootstrapping | `false` | +| `sentinel.externalMaster.host` | External master host to bootstrap from | `""` | +| `sentinel.externalMaster.port` | Port for Redis service external master host | `6379` | +| `sentinel.containerPorts.sentinel` | Container port to open on Redis™ Sentinel nodes | `26379` | +| `sentinel.startupProbe.enabled` | Enable startupProbe on Redis™ Sentinel nodes | `true` | +| `sentinel.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `sentinel.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `sentinel.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | +| `sentinel.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `sentinel.livenessProbe.enabled` | Enable livenessProbe on Redis™ Sentinel nodes | `true` | +| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | +| `sentinel.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `sentinel.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `sentinel.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `sentinel.readinessProbe.enabled` | Enable readinessProbe on Redis™ Sentinel nodes | `true` | +| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | +| `sentinel.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `sentinel.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `sentinel.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `sentinel.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `sentinel.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `sentinel.persistence.enabled` | Enable persistence on Redis™ sentinel nodes using Persistent Volume Claims (Experimental) | `false` | +| `sentinel.persistence.storageClass` | Persistent Volume storage class | `""` | +| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | +| `sentinel.persistence.size` | Persistent Volume size | `100Mi` | +| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` | +| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` | +| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` | +| `sentinel.resources.limits` | The resources limits for the Redis™ Sentinel containers | `{}` | +| `sentinel.resources.requests` | The requested resources for the Redis™ Sentinel containers | `{}` | +| `sentinel.containerSecurityContext.enabled` | Enabled Redis™ Sentinel containers' Security Context | `true` | +| `sentinel.containerSecurityContext.runAsUser` | Set Redis™ Sentinel containers' Security Context runAsUser | `1001` | +| `sentinel.lifecycleHooks` | for the Redis™ sentinel container(s) to automate configuration before or after startup | `{}` | +| `sentinel.extraVolumes` | Optionally specify extra list of additional volumes for the Redis™ Sentinel | `[]` | +| `sentinel.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis™ Sentinel container(s) | `[]` | +| `sentinel.service.type` | Redis™ Sentinel service type | `ClusterIP` | +| `sentinel.service.ports.redis` | Redis™ service port for Redis™ | `6379` | +| `sentinel.service.ports.sentinel` | Redis™ service port for Redis™ Sentinel | `26379` | +| `sentinel.service.nodePorts.redis` | Node port for Redis™ | `""` | +| `sentinel.service.nodePorts.sentinel` | Node port for Sentinel | `""` | +| `sentinel.service.externalTrafficPolicy` | Redis™ Sentinel service external traffic policy | `Cluster` | +| `sentinel.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `sentinel.service.clusterIP` | Redis™ Sentinel service Cluster IP | `""` | +| `sentinel.service.loadBalancerIP` | Redis™ Sentinel service Load Balancer IP | `""` | +| `sentinel.service.loadBalancerSourceRanges` | Redis™ Sentinel service Load Balancer sources | `[]` | +| `sentinel.service.annotations` | Additional custom annotations for Redis™ Sentinel service | `{}` | +| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-node pods | `30` | + + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `podSecurityPolicy.enabled` | Enable PodSecurityPolicy's RBAC rules | `false` | +| `rbac.create` | Specifies whether RBAC resources should be created | `false` | +| `rbac.rules` | Custom RBAC rules to set | `[]` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `pdb.create` | Specifies whether a PodDisruptionBudget should be created | `false` | +| `pdb.minAvailable` | Min number of pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | +| `tls.enabled` | Enable TLS traffic | `false` | +| `tls.authClients` | Require clients to authenticate | `true` | +| `tls.autoGenerated` | Enable autogenerated certificates | `false` | +| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` | +| `tls.certificatesSecret` | DEPRECATED. Use existingSecret instead. | `""` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate Key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename | `""` | +| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | + + +### Metrics Parameters + +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------------------------------ | ------------------------ | +| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis™ metrics | `false` | +| `metrics.image.registry` | Redis™ Exporter image registry | `docker.io` | +| `metrics.image.repository` | Redis™ Exporter image repository | `bitnami/redis-exporter` | +| `metrics.image.tag` | Redis™ Redis™ Exporter image tag (immutable tags are recommended) | `1.35.1-debian-10-r16` | +| `metrics.image.pullPolicy` | Redis™ Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Redis™ Exporter image pull secrets | `[]` | +| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | +| `metrics.redisTargetHost` | A way to specify an alternative Redis™ hostname | `localhost` | +| `metrics.extraArgs` | Extra arguments for Redis™ exporter, for example: | `{}` | +| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis™ exporter | `[]` | +| `metrics.containerSecurityContext.enabled` | Enabled Redis™ exporter containers' Security Context | `true` | +| `metrics.containerSecurityContext.runAsUser` | Set Redis™ exporter containers' Security Context runAsUser | `1001` | +| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis™ metrics sidecar | `[]` | +| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis™ metrics sidecar | `[]` | +| `metrics.resources.limits` | The resources limits for the Redis™ exporter container | `{}` | +| `metrics.resources.requests` | The requested resources for the Redis™ exporter container | `{}` | +| `metrics.podLabels` | Extra labels for Redis™ exporter pods | `{}` | +| `metrics.podAnnotations` | Annotations for Redis™ exporter pods | `{}` | +| `metrics.service.type` | Redis™ exporter service type | `ClusterIP` | +| `metrics.service.port` | Redis™ exporter service port | `9121` | +| `metrics.service.externalTrafficPolicy` | Redis™ exporter service external traffic policy | `Cluster` | +| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `metrics.service.loadBalancerIP` | Redis™ exporter service Load Balancer IP | `""` | +| `metrics.service.loadBalancerSourceRanges` | Redis™ exporter service Load Balancer sources | `[]` | +| `metrics.service.annotations` | Additional custom annotations for Redis™ exporter service | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | +| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | +| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | + + +### Init Container Parameters + +| Name | Description | Value | +| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | +| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r355` | +| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | +| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | +| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | +| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | +| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | +| `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` | +| `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | +| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r355` | +| `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | +| `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | +| `sysctl.command` | Override default init-sysctl container command (useful when using custom images) | `[]` | +| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | +| `sysctl.resources.limits` | The resources limits for the init container | `{}` | +| `sysctl.resources.requests` | The requested resources for the init container | `{}` | + + +### useExternalDNS Parameters + +| Name | Description | Value | +| -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `useExternalDNS.enabled` | Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. | `false` | +| `useExternalDNS.additionalAnnotations` | Extra annotations to be utilized when `external-dns` is enabled. | `{}` | +| `useExternalDNS.annotationKey` | The annotation key utilized when `external-dns` is enabled. | `external-dns.alpha.kubernetes.io/` | +| `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.password=secretpassword \ + bitnami/redis +``` + +The above command sets the Redis™ server password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml bitnami/redis +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Use a different Redis™ version + +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/redis/configuration/change-image-version/). + +### Bootstrapping with an External Cluster + +This chart is equipped with the ability to bring online a set of Pods that connect to an existing Redis deployment that lies outside of Kubernetes. This effectively creates a hybrid Redis Deployment where both Pods in Kubernetes and Instances such as Virtual Machines can partake in a single Redis Deployment. This is helpful in situations where one may be migrating Redis from Virtual Machines into Kubernetes, for example. To take advantage of this, use the following as an example configuration: + +```yaml +replica: + externalMaster: + enabled: true + host: external-redis-0.internal +sentinel: + externalMaster: + enabled: true + host: external-redis-0.internal +``` + +:warning: This is currently limited to clusters in which Sentinel and Redis run on the same node! :warning: + +Please also note that the external sentinel must be listening on port `26379`, and this is currently not configurable. + +Once the Kubernetes Redis Deployment is online and confirmed to be working with the existing cluster, the configuration can then be removed and the cluster will remain connected. + +### External DNS + +This chart is equipped to allow leveraging the ExternalDNS project. Doing so will enable ExternalDNS to publish the FQDN for each instance, in the format of `..`. +Example, when using the following configuration: + +```yaml +useExternalDNS: + enabled: true + suffix: prod.example.org + additionalAnnotations: + ttl: 10 +``` + +On a cluster where the name of the Helm release is `a`, the hostname of a Pod is generated as: `a-redis-node-0.a-redis.prod.example.org`. The IP of that FQDN will match that of the associated Pod. This modifies the following parameters of the Redis/Sentinel configuration using this new FQDN: + +* `replica-announce-ip` +* `known-sentinel` +* `known-replica` +* `announce-ip` + +:warning: This requires a working installation of `external-dns` to be fully functional. :warning: + +See the [official ExternalDNS documentation](https://github.com/kubernetes-sigs/external-dns) for additional configuration options. + +### Cluster topologies + +#### Default: Master-Replicas + +When installing the chart with `architecture=replication`, it will deploy a Redis™ master StatefulSet (only one master node allowed) and a Redis™ replicas StatefulSet. The replicas will be read-replicas of the master. Two services will be exposed: + +- Redis™ Master service: Points to the master, where read-write operations can be performed +- Redis™ Replicas service: Points to the replicas, where only read operations are allowed. + +In case the master crashes, the replicas will wait until the master node is respawned again by the Kubernetes Controller Manager. + +#### Standalone + +When installing the chart with `architecture=standalone`, it will deploy a standalone Redis™ StatefulSet (only one node allowed). A single service will be exposed: + +- Redis™ Master service: Points to the master, where read-write operations can be performed + +#### Master-Replicas with Sentinel + +When installing the chart with `architecture=replication` and `sentinel.enabled=true`, it will deploy a Redis™ master StatefulSet (only one master allowed) and a Redis™ replicas StatefulSet. In this case, the pods will contain an extra container with Redis™ Sentinel. This container will form a cluster of Redis™ Sentinel nodes, which will promote a new master in case the actual one fails. In addition to this, only one service is exposed: + +- Redis™ service: Exposes port 6379 for Redis™ read-only operations and port 26379 for accessing Redis™ Sentinel. + +For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Redis™ Sentinel cluster and query the current master using the command below (using redis-cli or similar): + +``` +SENTINEL get-master-addr-by-name +``` + +This command will return the address of the current master, which can be accessed from inside the cluster. + +In case the current master crashes, the Sentinel containers will elect a new master node. + +### Using a password file + +To use a password file for Redis™ you need to create a secret containing the password and then deploy the chart using that secret. + +Refer to the chart documentation for more information on [using a password file for Redis™](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/use-password-file/). + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. +- `tls.certCAFilename`: CA Certificate filename. No defaults. + +Refer to the chart documentation for more information on [creating the secret and a TLS deployment example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-tls/). + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9121) is exposed in the service. Metrics can be scraped from within the cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint. + +If you have enabled TLS by specifying `tls.enabled=true` you also need to specify TLS option to the metrics exporter. You can do that via `metrics.extraArgs`. You can find the metrics exporter CLI flags for TLS [here](https://github.com/oliver006/redis_exporter#command-line-flags). For example: + +You can either specify `metrics.extraArgs.skip-tls-verification=true` to skip TLS verification or providing the following values under `metrics.extraArgs` for TLS client authentication: + +```console +tls-client-key-file +tls-client-cert-file +tls-ca-cert-file +``` + +### Host Kernel Settings + +Redis™ may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. + +Refer to the chart documentation for more information on [configuring host kernel settings with an example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/configure-kernel-settings/). + +## Persistence + +By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at the `/data` path. The volume is created using dynamic volume provisioning. If a Persistent Volume Claim already exists, specify it during installation. + +### Existing PersistentVolumeClaim + +1. Create the PersistentVolume +2. Create the PersistentVolumeClaim +3. Install the chart + +```bash +$ helm install my-release --set master.persistence.existingClaim=PVC_NAME bitnami/redis +``` + +## Backup and restore + +Refer to the chart documentation for more information on [backing up and restoring Redis™ deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/backup-restore/). + +## NetworkPolicy + +To enable network policy for Redis™, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +Refer to the chart documenation for more information on [enabling the network policy in Redis™ deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-network-policy/). + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. + +### To 16.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. + +Affected values: + - `master.service.port` renamed as `master.service.ports.redis`. + - `master.service.nodePort` renamed as `master.service.nodePorts.redis`. + - `replica.service.port` renamed as `replica.service.ports.redis`. + - `replica.service.nodePort` renamed as `replica.service.nodePorts.redis`. + - `sentinel.service.port` renamed as `sentinel.service.ports.redis`. + - `sentinel.service.sentinelPort` renamed as `sentinel.service.ports.sentinel`. + - `master.containerPort` renamed as `master.containerPorts.redis`. + - `replica.containerPort` renamed as `replica.containerPorts.redis`. + - `sentinel.containerPort` renamed as `sentinel.containerPorts.sentinel`. + - `master.spreadConstraints` renamed as `master.topologySpreadConstraints` + - `replica.spreadConstraints` renamed as `replica.topologySpreadConstraints` + +### To 15.0.0 + +The parameter to enable the usage of StaticIDs was removed. The behavior is to [always use StaticIDs](https://github.com/bitnami/charts/pull/7278). + +### To 14.8.0 + +The Redis™ sentinel exporter was removed in this version because the upstream project was deprecated. The regular Redis™ exporter is included in the sentinel scenario as usual. + +### To 14.0.0 + +- Several parameters were renamed or disappeared in favor of new ones on this major version: + - The term *slave* has been replaced by the term *replica*. Therefore, parameters prefixed with `slave` are now prefixed with `replicas`. + - Credentials parameter are reorganized under the `auth` parameter. + - `cluster.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. + - `securityContext.*` is deprecated in favor of `XXX.podSecurityContext` and `XXX.containerSecurityContext`. + - `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones. +- New parameters to add custom command, environment variables, sidecars, init containers, etc. were added. +- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). +- values.yaml metadata was adapted to follow the format supported by [Readme Generator for Helm](https://github.com/bitnami-labs/readme-generator-for-helm). + +Consequences: + +Backwards compatibility is not guaranteed. To upgrade to `14.0.0`, install a new release of the Redis™ chart, and migrate the data from your previous release. You have 2 alternatives to do so: + +- Create a backup of the database, and restore it on the new release as explained in the [Backup and restore](#backup-and-restore) section. +- Reuse the PVC used to hold the master data on your previous release. To do so, use the `master.persistence.existingClaim` parameter. The following example assumes that the release name is `redis`: + +```bash +$ helm install redis bitnami/redis --set auth.password=[PASSWORD] --set master.persistence.existingClaim=[EXISTING_PVC] +``` + +| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[PASSWORD]_ with the password used in your previous release. + +### To 13.0.0 + +This major version updates the Redis™ docker image version used from `6.0` to `6.2`, the new stable version. There are no major changes in the chart and there shouldn't be any breaking changes in it as `6.2` is basically a stricter superset of `6.0`. For more information, please refer to [Redis™ 6.2 release notes](https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES). + +### To 12.3.0 + +This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +### To 12.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +### To 11.0.0 + +When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml` + +### To 9.0.0 + +The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis™ exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter). + +### To 7.0.0 + +In order to improve the performance in case of slave failure, we added persistence to the read-only slaves. That means that we moved from Deployment to StatefulSets. This should not affect upgrades from previous versions of the chart, as the deployments did not contain any persistence at all. + +This version also allows enabling Redis™ Sentinel containers inside of the Redis™ Pods (feature disabled by default). In case the master crashes, a new Redis™ node will be elected as master. In order to query the current master (no redis master service is exposed), you need to query first the Sentinel cluster. Find more information [in this section](#master-slave-with-sentinel). + +### To 11.0.0 + +When using sentinel, a new statefulset called `-node` was introduced. This will break upgrading from a previous version where the statefulsets are called master and slave. Hence the PVC will not match the new naming and won't be reused. If you want to keep your data, you will need to perform a backup and then a restore the data in this new version. + +### To 10.0.0 + +For releases with `usePassword: true`, the value `sentinel.usePassword` controls whether the password authentication also applies to the sentinel port. This defaults to `true` for a secure configuration, however it is possible to disable to account for the following cases: + +- Using a version of redis-sentinel prior to `5.0.1` where the authentication feature was introduced. +- Where redis clients need to be updated to support sentinel authentication. + +If using a master/slave topology, or with `usePassword: false`, no action is required. + +### To 8.0.18 + +For releases with `metrics.enabled: true` the default tag for the exporter image is now `v1.x.x`. This introduces many changes including metrics names. You'll want to use [this dashboard](https://github.com/oliver006/redis_exporter/blob/master/contrib/grafana_prometheus_redis_dashboard.json) now. Please see the [redis_exporter github page](https://github.com/oliver006/redis_exporter#upgrading-from-0x-to-1x) for more details. + +### To 7.0.0 + +This version causes a change in the Redis™ Master StatefulSet definition, so the command helm upgrade would not work out of the box. As an alternative, one of the following could be done: + +- Recommended: Create a clone of the Redis™ Master PVC (for example, using projects like [this one](https://github.com/edseymour/pvc-transfer)). Then launch a fresh release reusing this cloned PVC. + + ``` + helm install my-release bitnami/redis --set persistence.existingClaim= + ``` + +- Alternative (not recommended, do at your own risk): `helm delete --purge` does not remove the PVC assigned to the Redis™ Master StatefulSet. As a consequence, the following commands can be done to upgrade the release + + ``` + helm delete --purge + helm install bitnami/redis + ``` + +Previous versions of the chart were not using persistence in the slaves, so this upgrade would add it to them. Another important change is that no values are inherited from master to slaves. For example, in 6.0.0 `slaves.readinessProbe.periodSeconds`, if empty, would be set to `master.readinessProbe.periodSeconds`. This approach lacked transparency and was difficult to maintain. From now on, all the slave parameters must be configured just as it is done with the masters. + +Some values have changed as well: + +- `master.port` and `slave.port` have been changed to `redisPort` (same value for both master and slaves) +- `master.securityContext` and `slave.securityContext` have been changed to `securityContext`(same values for both master and slaves) + +By default, the upgrade will not change the cluster topology. In case you want to use Redis™ Sentinel, you must explicitly set `sentinel.enabled` to `true`. + +### To 6.0.0 + +Previous versions of the chart were using an init-container to change the permissions of the volumes. This was done in case the `securityContext` directive in the template was not enough for that (for example, with cephFS). In this new version of the chart, this container is disabled by default (which should not affect most of the deployments). If your installation still requires that init container, execute `helm upgrade` with the `--set volumePermissions.enabled=true`. + +### To 5.0.0 + +The default image in this release may be switched out for any image containing the `redis-server` +and `redis-cli` binaries. If `redis-server` is not the default image ENTRYPOINT, `master.command` +must be specified. + +#### Breaking changes + +- `master.args` and `slave.args` are removed. Use `master.command` or `slave.command` instead in order to override the image entrypoint, or `master.extraFlags` to pass additional flags to `redis-server`. +- `disableCommands` is now interpreted as an array of strings instead of a string of comma separated values. +- `master.persistence.path` now defaults to `/data`. + +### To 4.0.0 + +This version removes the `chart` label from the `spec.selector.matchLabels` +which is immutable since `StatefulSet apps/v1beta2`. It has been inadvertently +added, causing any subsequent upgrade to fail. See https://github.com/helm/charts/issues/7726. + +It also fixes https://github.com/helm/charts/issues/7726 where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set. + +Finally, it fixes https://github.com/helm/charts/issues/7803 by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable. + +In order to upgrade, delete the Redis™ StatefulSet before upgrading: + +```bash +kubectl delete statefulsets.apps --cascade=false my-release-redis-master +``` + +And edit the Redis™ slave (and metrics if enabled) deployment: + +```bash +kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +``` + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common-1.17.1.tgz b/packer/ansible/roles/helm_install/files/redis/charts/common-1.17.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d2e66eb702c03db2f57932528265520573877492 GIT binary patch literal 14611 zcmV+uIqb$CiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhciT9U=zP|%s7t3eb|#`EJ8@<_o4xBenHit%PJHcja%Q{d zwjmOd(53)30LsxMxxf7$yh!k+hb=#{Yko*%5-1c3RfR&KP>9%c%4qLsg18LlXqxLw~UQ>_z_%(7yp(YELF4;(zF0 zyRB;HzL5t}$|RD6QE|`#h>*l%#^(ocOh+6E$+Jji9CuJkK42~gqX#hC?VvQx{~Uya z7vZ22V-azZO8xE-ejr1R_#FO@lPPHSf)V2|<}6DI9fM&!NZ6P}FvRi_V+uneDVh?9 zRCy700NziCFn_-hFW|uT!C>FhhjhS%Yx>Lk2!jz6X7kGZjcq|S& zUE8rv7bZAKG4FIi;%S;7i91~wWi(P0>U3RSJ5xlcM1*3lt5c*p^2&Y$$au0szdELx zZCkL6M_7YfUb853d3hQ7-R{VFiVq+$BiWf%2K=sB_u<*VWA*g;=+o`6mRyq%=crgdAe|c=LhilGlUm-4qw0KUjSH& zIg*Skd)j+#x_RKe0Z_f-h>kIY=5ra6YDYBzU*PwQNnHJ^s$&|v*O!=#C-MLW9rvMI zAIAye@wLWL0l3+5G%ctqZaP|h7!`ywoZv_@{vPwGC3yE+8p{Qvca4F|$4m)(0D+N~ z8yP_}c&1Ne1o(FdRimy=+jISOHLVeP0C6I48LHuzb)cFWC8(C(3uv!3V9H`g|DO6y zC0TzwQWjVAVZ^2>qnOHkEbu4E(T|F0e?UW=hycP5#$d00QMIYWpJV`!Rvsr01=sCI zITCR2QdLD+A|VJMEI#CAYe;xibf0#hj_B1@b3t__)K2gc1=dM>A&t|b$pbyO+tsnq z6-78Lk=Igj2fhF$G*;am^vhyu8JaQ)+jyGFxkt2}YEeizp>hNPO4INn8)8ne#3CfD zmsdJ~??m8JzSf+l->Z7&(FLAAg-2Ry75(djQpM*?NuYsMat=Q!G*x;ga5L z;Bs9s%!?Oftv4iD$`Ur7f3LJ}nLZOH)cORkIjwC@I7^e<-3Vtf3*Me^u0P*)n}u+5 zBKRktGgp?s>q}pQ>|IgvR+hU;lXaQ9p2V#pZwn-BW5RVihKOlt19pfvQ*O=-@g#hi z6|(vDUw!=_p%e{CvOy2P;`RSvu>1U3W&OY3fBx)Y{eK(J71sZ9fLkGn* z&;s`doxy}mqnD&ad`13J@IdnbP;FtH#S_6Xs+~a^43rp zXseOR72O(^ZAftFSVW2G4GtsZg4VjS@;oB=IOq#L8;QuW_5CvR%ImA`v>~ zScnw~?$4x%A*n&?UguK)WMVzsGHw@d{@Sm^UaFaUSh!%dJ+HKEWr>_o=fMXj( zv!Yb-A&S<}H`kxs1LD@pujTU7z((N(#1Li*zkD zH%GO@ljAeYXC%Ta(hjA>Ral*b{Y{XN<1rDEug`z2bvH-Gzbn>eRH6hKt=!zGcE z%8FWnu~dEvmlG0AK#>{|DgaSHajcz_D1qSf*RKIU9^@K!Y_zFDiwM7MBme=&WBf@w zc7aeKF^YkWv>SHRjstxC3PT*BOke|<(6MGu)$a>z0%ToTLgC-{!aX(nWQkN50D^!} ziTMacSW{%gG8zYfIcJKKpS))<#K7^C&2S8t6Kn({LJ}ox{8+%0P%_PE(`Y<-vZ7I) zr77c5c(|72!J|y@d3*MAzx(HZ?mYSV|9<`FldoSN1+ZNr4}1a1&Lmfqu%3DaN3+i& zZo6w=*?-5U?*G+{wXxW*KP->`+8aC@RQ$isUhM5X_=g< zSvuw@R&tyP^{?57OOX&d9NxypfSe!+3ZzzGLu|^0oz71Jjq!omsGOmM#M&5mqZ;V< z;oxO$+oUKYY-CNS8cuMiLFU^@`rG$<7b!(@5=s_2tor=`0)ZorW&YzWn&JS05y45U ztC*tQem^MY=Ng8Co5FCg28M$i!x}19lFcCD9K5Jw;&&_GYHJvgItg~lo7&1IICXKu zu0cos2g{5+rku@4 zjA70)4pGK66$<&S2)VK=xNSUWZ}g=#B}*@ZUno?cw@hNA9PkWNKqHAcaIB0glq9$MMN`evrQ#4l$KrxPuVJ0Vd?%rPDRN0J>DkDWm)tebhvMGirL1Zd6g7#lC zE+?1+p(DnphC3rfRr_qHkMhKTWPYqBW|1hJs~Ka8IZApHcG;DzCppW82^JH^WOss- zsR@$r5+O1ydRs;3yN3O`mlKlUZayxyyd4>Fg)V+qsbu3NO2z67`2|LZB)7h0{qSt? zsoQ^KipHCZ{r|&q`|sJa=P#=E-~Nji5BA?}JZsp0p4TPiEL93nu?pB=p_=(&8A<;a zz&03bL;rcom@MMtoc$vw*p!CA?A|+*qHQ)Vw~*Uu*0D5KHj|nG!@SMVeew&ZOc2Rh zio1_R1&PL$QtFMjr1kwd&4COyHo-t}7`foDdKX@{)M$-5@P3m~1(@&b8A0%!=zS*+ zbm&{DSd}ii+wE>64atF7P;nKPo@K7rEV{rPjx|H%eLmCHFeuOhwqu-f93hG01JDkZ z5?^pkW6V#oBr&ywbKC4JVAr%LUSZnYFmC1B!PE9{yE_F}mt#~`Vet}Ho{{OjS4^qV zQ#7sen$LmuV1mz5K8?D06k@G~mw?h#ja%t$*vN?GzdEI+O{YrL?3eVG5FsPj_9I6< zFgtoYs$@B+U|MQex8ja&>w_H?JW6P6j{mV*L?Wq_j$LUhbJ$Jg3z)nn85?Ky%A#-y zdpF>-oXPE1x3E(>+5IjJv@6jbTxN%~vD^j(q_!&{)5N+4OvlSkfdE3Eer}&&=e~&9 zt#{`h3F}>(Ya4$W?0*}&vAG4nQu}|fTRs2VfAQe|y_IL3_}{;2zlFpwMA3zk2u#(K zq#Za!DB~+dk_;1Uw&hTg_yNL)C&zC0N%*ec`W$5$(6*9m6JfTvttZrewSU=fCydMD zoBgZmpFHurksi$45gF>)71#(61^kH!J;B6If618Iiff>r6)`mOz z(}+MRlHHQZ0VGtGq3smkMhQc5|5^3BYfiIjy}>Vv#TsVH#jCm#6H*|#G6QU6fYJlX zWPCqQG3fma#m{z!8OJLq2Dcl1Vxa_P4qwKy^=clYZ8t>7{Auk7nOca<2qgk94%RTl zxmuKk?b=a-gwWdNTJ$`wKwFcp_3DcQkk%*fjZ-%#ZiKn)P7y_8y(3{aw7g_#T6@0# z;S2;BQyh0x1u`O$vY|kAQB9}BEa)s@{OX-kJSx(9`K>8U6|+e6GBs{JOXS{GKA>G6 z%<{oiuzxh5)ii*GEY^A+q!w?S)6-tZ7q90QwCZ*#jjEa;@jaeH33N~;M3iJgVs5rV zxKi^gRm+Qe`syLNr17cS|MoEM?fL%)gPQ&SZ2$T52mAjvo;Cdco-HpVqA}vJIq)r7 z)q&+DSKR1;`XTJx#%Vv#Z0Dj0PNt!lnB0X6s_5^wPQ5+7!Av7-SGnzUXQCpUj$-6G89`xt8 z{?zrqVTui^|E2z){k`W^{r~(S{_l34HT3_RPpQ&S%A%##L81eVb?WF=HRbD=Zc)S@ zh1PYoHgV>sD*0}PIVUlOFUoAA5$x~jpJaNLjYi}X1l_t#Z;(9V7)gtiK~v%EqMng3 zq2|MRfx4N)mUX~RDD_Rx?sv*|_B&#JJ4eJ9;5bcCgdzB20Ku=p)jNf9!i};dnZxfH zO2~+)g-M#~&W4?j*g)6irD{WAF7gm`!KT>v$`z|dvusJolvpQ}oDc!qmQ=6bo~g3h z6PDs=C+r-LTr8LYk_Xv)v?qmwOVeG4(JSOFwu@=53f2~qj!)djoL9P)BZ##EE79Fw zLO!B4B4A~H_3+HeVW5O-`P2Q>%(j zHSV=6LXBUqElQ10H!V_!Ny0AusM;dWlMQobhCDGgN7|-YB1yL>RHOyaXN4j*9qQ;) zmp^~`q-^s5g6TZ}xoCs80;&sdN-ui(*^_svITdR5 zNEJ55?!f*Qu!|zp@4Y({U`%G1x@AQsFt=Iua%;moFsh2UsgY3}f}RGiaUyPqBBruVbUJX$khmaF~Ju5~_#HV~);`ek)~ zv8GPF-kPh$u00Z6<@;iO*O64Uo#$e2&D5v9jpc9-nwdE-P}MsZ zc)pU_(Mcq)p><3W$_uRHn1ct^ayzQ!0?(U|1itlrPO6a87`p0m0oS9MbEyJw@X{oC zF9~jg+>}$z)+DD~qa4;)hp1Zo5v8d+DBwk2DqLOyp)vlnsMez#>Gt5srQ+s5ESI+Y z5GUinvE&5Lu;ML!PBGya#dCLbt@SkIhIv&NB@1XYEkAf8f~ zg}4fbv?EVhRu|&0V?VWk<|2!H72ul=ilh@{D`fa-wcpsvXiijHu(8v7A)IQ_Namij zRLEs}d->H-k2!Wc{GzG5#boi@A3Sv zoK2Nh_pjg)0fZIR?@eIEa;2@=4=#^=Ys0#PYWjQ6z}C}rV;>f_ZieSIl1Q(%62>mF z6oQ$WzMZZ9sL>f~9Eo;(cfweK@XkDXfPE9rhL8E5{fmCe?BI;C=F*=VvPe4{t0CpW z`@+EfCHPMK5k?=V%-yOy%vQPwXo+<%5? z66&0NT;Y!(G>b>gL$L2#r>JXEXr5O=#m9nW6FzvWB%5(X&R%k7;%HW?# zp7&%sVV9W0wwfajlXQY$u(Mo80R1A|j-wgWD?L zG5&OFHtG+PX&KW4E5U zrRvSKNdaor{Cm5~Exue_Y2g-$*46b|_R}{0U2g-GitJR}%5Dz#%a}utzXZPoex3#2 zu2@#r7&6V6wf5#=GP!?GUH=!^95yurEYbh{{eCU}t3#?7g`$5SJ*SeUCd82&bqz#>60r2(f%SYQ6*$_uE(Zq3%2QO^*^XKLOWAnA}&e$vrcC8Lw2EPeLm2!L; zeAX`SP?a!;{=a_x8o(DAB7ygxL02cat2$|3Wh99K(;3VVH``|>yabuJ`=ujSp@JDU zHx$!(H{S?eJ{A>Fo*Ptu(IHT2LbTUIs2@5fw6b??hrJrwO?ZR^{%ftO_BM8_xv{Ek z_>)8{v?3i=TZwHj4$BaB8Vq9nXW_eSh0+q2A&aSZ#M#tMmSzN(j@-hHn>E7cpjjpdDC7!+|gR`%?cQ{YwBvypr^{7v7fT-jd8i`mi4TdKwDcyPK68#Sp3 zyXSaDu!+RSR1$8(A=n5Wei+5y-6yO<#m$28drk z<8p`WOpRZ$_h_nUh_JvnYj%4b4ZU68QcMOgZcAE^s1_j|?vnszv};SR!gB4Kl$E%h z3p^i``A|petjmd|_Nvidw)=VmKL5t?40D0MS1%7R6@nV`rg?>555&TxF441!*d^=y8VBNI3;wv!6m>_|8KwM|J{A|aR2wMJZsqh z9}Qyw8nR5<3tu=(5`78_jTf2yIZxU0@6mWc`tMW5 zLhl`$Q?#1B`-|BN{wtv|1YQ2iFYzBAeGwD1`+WZ(FzH4=9-h8Ee*3orI4yb)F_t)z zIEHOyl6#56zkWSXZ&aDDUw58@H92U0_k~I5XSU3fIdH7HiKz{rLo-I=I<@WHV5z>K zOb3QxIwPD>b8JEfXSd%#VQGW8aF;oB??tfm zevOb2h{haUYcg1(|DX2<`xX8FV*la%-|akW=zkjtgyG0>MUfe=xH1TFb4_9Gimz2- zr3!w_0k%1ZT;kU}n9Bw6msbp{g@BY#m)LS9?4#(cOR>(ejs0*j@Hy7G`$Kdswx(Sd zW!4m#9_E4RMN96`91=xc#uZsZcx_gF2d2NRbL6VT_12)3qc06BngW6aSvyu$f@ebj zR{~_pRv^T~p9JP79FNGSmB3u!d1xwCAi0P^KbEjq8x`jlDs7g-+O%20xG@|aRnPtC z47AlVWO|Qv$9=Q}F-a-QCxvQ}eWL2TS|=*9*4@^S$Oh&OmLXR7!Rp_d;~R?&nB_V^ z=Qv1f_vJab4Iz|%Ok!h5;(`ne*(Z_^#OK}t0pruwSsBQ9BAv^P@ydz6h01NIsJP4_ z3)IyesEws)mmF+ifuhGT)llF9rjf1c89V3iu0$d%0=Y7vO%1%2+@dS%jlI)u&4a%B zU^qA{jDqhfY#$NVu?4g*`5cwzYYFvk@_1jD?k*zUjQ3hJ_oo79LFBfAO$&VQrO)rg zk}iig*91uj|tz1ZKa=6`&#_v~T)cPr0T)_*@Lu6X@w z2X#mPfj3h&Q}CE@4pajYiUEl&c)Xtub8F z3b`B@>EEzc!eOT#;J#@mgrjtw$QyM-RO9Xa?wbpQeC-o>vJfmFLW@wfb6-RG6_~K7 zbpvE-!f7$Z{--!{R+#}e=F8cjF|Z2WS8(Pyunq98;>cMM%!b`Kt`lpF`xRX{ZBVZ1 zz;R&jx%TTFDr{s5ykuA*ZZ*o)%^p}jN zuO*vC%zuBkZn!1>A4bRQhW$T-{fbmX|7G(|Aj@+1 z#|h;3w%rqC(7vWG$ZzU~971*SuICW4^*7=WD#L1V2rYKwltHw(ah5ujDxGR~D&04S z&}$^o5Q%F2*uK6khte5#=RE4JB=c=4q{B>3-W0sz!O8ie#SNujziDT)b^Ikh7E9Km zH{ks;J_sL$d+8Rls_uV)Tg+7Oh3q=5=5Urf;}mCAx?I8K=6!ON8SP&Avt!iv+&iAH`ui-|PjVs`N6`z0w`)&K)Y$w(j z_pAEeTA*Cl_h!M~bKl#_9-1}_`X)Uz8(!zM_FmCGM7XS6UcK`2-!QkQi=dCrHH@>E&bKd4WO`Dqdm*aeu6_y72ZTpyX7giqatNNE3VO-a{ zq=DXZ-_puXjCRxQCS4deBVO0`To}3f#^bq~&FF7#G*@>K=GyRn$8lZtS?vEwnUG_S zujvF@68|;Wulj#>`-6w`f4B2o#s70+xZ)<9Kpw;08&6PyQ@cB;D04lZkk{7DIEI=D zyq0&!198nXFb$9zT}1inGB58hzm`K)+TOhtg`;Ch8{S%JL3B}bYmJVTusqq^p*N*o ztdX+q%lvxr_H}K8Y-}jSOdX4|d&N@78_2b|&>zKO^vZsOh9;`xv4Gg?IusT%=Sm}R zv+jk(J-bhihO3#+F^))#^E>XaLQKtw_Oc+0=b|~U&TN^$p}XOzl#}}c&%12Yb>9}v zYps{&>&)Wz-hYR!xq+8Zi?y4=DoVU{Qd!)CvN>H@#I)S0)L6=E$74^!Df))|rL}B| zZr|BZ9`!r(H7%b(*YiXyhv!XnhET27{I0>E)kc;F%r>u-T_W@C>X>@CH2aWt%H3J8 zo^EYpUBDZ5Re4=plVh&tv|0e@nw~3vurA-Y_HXj{21nhW?Ad>Kn?CS&08vlC+hzYqL;ui#MQ2d}H-$s-$f0e#2bc z*q_a5H=odJYPu@aC7?E}@BG%%tE;@mwe2^|F0Fl9!ZIx^kygaq=Z8h*?#6$-*#FCM zOs;v?=l3peBJ ztr2rIx2&nQnn$)Z;I0JZ0?$R5>arC;`pOB!$-i*?0dvvfqALOOs)RFBCop#*wfnH8 zvM~7^wu|65eI-(*A3;+P#m>@N^$Pg+#;!TnV4J(W)vjJ84y@`dZjJ)02MNYR_|C_* zNR_(~mlMe^x-xl6SpFpNVJ0W*kEdnfDQ1Ub>vjjA!nWbPF-l`;{rJJu-IUyumfr#;lO`X}^7#O&x#C7L)#Hf};zO@4{$$ zYy36D$HGxm7<*jzhi zE(}_1FV%p(7W9g9M-|(}<_8(IHSbHTV(%rwc-QNvZ~a-k{`cpyt9t>KtpA_w@Aa$k zU%StrKdk?6rDv`^Zlq097wT6aSB3#nZ?bp2Y<6Q8BISHKuk%#p-#Z}nrA_7?bM?VDn@Zx)#t zNz~j#d)&hcc6~8bnH!_S+&flUFfHdELFl-)Tqt-r%m=!4U1aabZ@6B1HS;#-GI!4xgX6?eqvOK zgPqDsMaEbjWt?MLI2D7S>bOBP&NYYC7#07CYpIQDy3%|0hR!}9?gvS>pi!)0;C-=N zj!Y55+6TYTU#N>l{7(Er8&*1|af7)UIZJ_XrzOy<>;W*~AActv*VS5nK{JYDc--wO zvq&wsUOrOAtrk#NAR32i6;`lDG5X#+N5C2-?#H^u+W+AMCsQ(}jN{F>vBduGKi{q1 z|GT^Y;>Cmge;dyhoFJ(*l~BBGI6zH16owf|Vx`4X6kVV(7GY-#-cN`Ck)zSJ5I$Ln0Sr$GVok2{v=!9b;d-`94ekUCMi}&=u?!{!>Q~$U>#fX5BYy?<=KK)L{c;* zP8xn7L$0irBQ=qAI*0J{-*GZ6zy9a;M9Neg^m=OA2*soqvq~ZyP8`MEId8WTUY7<48l+0Cl__Y1d)u-55OUA8?kMM5u5hxZ`GJ?afrmE^9U6B zkT*PsELC=DUP|MIQu4vII~#N^2#pUwt>DS{N0fG^SR!RTE0hhw4NE5VL4>0$NlYxH z-qCiorgLK&LGX8+Bn&<>p2UGcVrvVIspKrq^fpANqm{HVL{iRXB*p@eqq+0+seYxH z3%Hz+XaW(U$^_Exe|^wlh7* z)I&2w68+6CmMr&Mvg(kLh^1IBreZQ0VQuIN9GOLnYIX|_MYF9%+^iW%6S=;?xgV1J*LUv%>zfeHRTsQEJPp*p{}t?< z!$MRhh{q*V)Qj6jC1tTAN{uQhiybCC^_xo4gjtSC#HJ~un93ZX!mn~(W|dY{3{h%S zxj9s{KpmkJ4N0=1NHqw{m1J!7r%4)@3*7ZZX%h|jqaAs44wd@0)8KivyLR-IhLnh_ zb-$;M-Hz`mJ?2r+-9eS??AVRO(1(rLZ;*;>)Oa)*W16uKnIHSL@VOY%C z=S_H`H03PiM0-K=qIyh z=1r)sil>^%aFlT(=N8ya;7PH(Wc=c!j_#^>S_tdmxHg_BC1;q=NQAGdmkv*k9fTVk z_eqMb$)A5`ocxPXi4r(rF&t)+i3laj%!hULr}d|))kqmxho>;1FvRSh=rxpHy3C5X za4+2Z<9f7g$5We7Z#ZXsE#v9Nt)@*qYp;b?gSv+OcH@TIrkICBXJ}ab+?kSQ zFOJyOcsxbp z{-t> za~G5QH)Bu~Pe~x{!g`3J3ryqlh9Q8z*>ER7PB1OYgRKRaD#0{+HEP;tMvMa)JJ3f75<<=F=WRqKm4X{3?tc@aMwrVV%?{!z z{yoD&7IsyQsQEfT)#}=fM?jP^X^;9SIeGuX83;0_wj3FeNKeyxXAVoZZRh0Gubzv) z_p-$-bDqVbV1o*~6{2ce;0H9s$xW>m+M2$?md0jht!0}PiKdD>commDR^E1mD*&d# zS~OVf_OTe~peQp&N?n*=AelCt8HID>w+}^%qfp=kN0RY!Ew!dN7qh5b=6sPuM_a0^ znTMO=jH_>RZHhCN@q~%GFp9eYcSUBU9;g?*oS%zSqjm1ofhzHChB+s38PqbKD93%2 zy_82B8-vH~g{fk5_&r038n_rxnrhq@x=~ldK>wSf2$%L74wHmk+9Q@GE;cV`(@HYa z=@>6yl=W!fqvFw^t?z(hZS9#!R!Ed2S_MBA9RR(ztXQt8P`<(S)tZkl4JNSO*NfirtEvxe6#n9|ai&x)Rd|CnRn3!O zm7kiw&a#m{&m2tW`A^>$qMc!HO7;J_z2yK3n~kHvEw%~ntC8;l&-0C(oP74U#RXnt zgYH`7%d-jVW8qD ze9e(q-_qmeVaYfe0yzig4!v@;5QgCak%rqe} zjc~J~^a?a=shkvF|GB;8m2KHp(H!(XHEC%#Wy{@Tt8GK();%_?d_I(Ek|))pG3JI9 z)i04Bk=BPr@+^>_^Uco}gP5=^iNT;?67{%dp5}{+5y!u0 zn95}CDo3S7$N8gkHEXKXh~?U!Bw6k)y4l^LjWPNP?u8pa0l5#__6IO3_4{Bpso8bvi zM!T-G-;KIaeSznLa_6)u-PAp+wLTPQ|F00@fA`^P_jqo$Y zB`G=l&F2-8%-kf?mF%*Wl0${`I;m*R?QHhcZvCoteV#I+yq-U%5Fw#`ZSx|!@u_$8 z&;%oni4kTc7%%u+L6y5w?1SepFCi zzpCVSzxuG&tuu>fw~)F8sZP%e*~ud*oB$b@nO-Xmv5B2m_-Gd#kv2j|0HZd;(wt?6 z0GYsGv9PNqw*zR%bVK@R+4z+*Nr~L2yyp1no0K;-dX3|!vqIhR=qViT(bzRzxO%?! z*m+m(Ze#%KW9QuwdA9@TUH5V;qqt=JDt9PcQTDtWGp;p$^>H)#&+m4~yzI-jBXcW^ zTZDu_H0G!@cI%GYk%O`!y;&c>9M3x*!yJ#>8pmaG9;0J+eVau=dHrewk_U?h(IR`- zQ=h@&b|*jWius5*C3L*p53_>L7d+ABdxg;VWVfqYE2LOLU(=@>c5bIhYVV#bbiD^kwr+G=u z$i>MiAF|EZ)T3iUKXp11jhBHna3mW0U}5bT zu}5=22K-50F~2oIJG37kCYNX~9s?N_cqp1Z)`x`Tq*lm~CO zIrNF3=-BDlJ#oF=y^J^iHete~?ky0M@PQ@S6qh&7pThCT@m|mko`T=ZTb;Em2y9xb zm)-i*=RT>UM*Dde} zTOq&}XbNbgxAabv*KE$Sk}hm`3^K|6jj$N}Z0=r08)NhBjd}rn7^Nvm{+= z$&X-KKBE*q7^zwQNa>? zovTLr{oB24q(8XAbt5a@H?s7KxoclMqQ~ZVq%_iq@kq^_Oyv7LX1X&OG?dQLnKCdo zsthHVOHmp&n^)DI*8pYz!gOx$570^1D?{}%2%c7``7#JJ&p)mdT`{YBwSh-Y)PGeV zDw*Efv(fu6M71F^Y?vAsW}N`(LYJxTlljIz>-61bUhT$BBOioOtUERGsM|%&D8d;OLS$Dq-bGHuDBnAdXlle{vKmQ$b zyg2E#OLnbT0Hwrs$^?_`=yh*|sN$&@rc6_*SnV1|kfQFnpRUYA?RC2FlcIvLgKT!; z^BPXGy|9GV2>ssMvZcEkxvu5%CD^D2-#NPFhGv z&PIm0j;*V~TFx$0Q>Cm4(({f&=<_3n5nPsPD>qLyJQIFPA4?c1#f9h`h!7bTt2b$E zbSp)cPep_&;)LZXP4j#JNR(^G3=7q~Q&>(K5uK}XEYK)=VdCV=vgUWq$c#c;EW*1? z3_Fu>Ji^?msh`O6_v@65%@Fst@}J#I;BJHj7CTl- z>?b-lgXj7n8O-(+v-~9RC`%wA^gsla@}$mWv^yvAquUFh$V>I|xs~?GF1ol&~^Oug|mnoWS*2{Fv5fMhB z@uvuwR6d-A=1VxX7UhneqGDI57knwRZ zF{MQBhvTC+Z_nOzch$806HTxX#RNH=o4GME$=J~)DD5%k*l2Y^;gS=nZyOP8Brg%i zotOy8$uN^80y(UR0Kb4z#uS3XGdMmA;ML*T@!8YP$K&^ZfA`aS_;`4FdieJJ@tZSv zcM3=E-o8G5fBf$48NB-|9KQVre1H7*^;5vaIPyNFI-dmNK&E;+4?AZzIgD#O_ugw) zEQugNbey3vhB2FAvq_L*J|)6Tkch^egiMLcPf_bm_zhh=^6)%756_)H|33f#|NrB> J+Z+IZ0RY0N)YJd~ literal 0 HcmV?d00001 diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/.helmignore b/packer/ansible/roles/helm_install/files/redis/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/Chart.yaml b/packer/ansible/roles/helm_install/files/redis/charts/common/Chart.yaml new file mode 100644 index 0000000..3f32f99 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.11.3 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 1.11.3 diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/README.md b/packer/ansible/roles/helm_install/files/redis/charts/common/README.md new file mode 100644 index 0000000..8dc47f0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/README.md @@ -0,0 +1,345 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_affinities.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..189ea40 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_capabilities.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..b94212b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_capabilities.tpl @@ -0,0 +1,128 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_errors.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_images.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_images.tpl new file mode 100644 index 0000000..42ffbc7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_ingress.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..8caf73a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_labels.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_names.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_names.tpl new file mode 100644 index 0000000..cf03231 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_names.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_secrets.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..a53fb44 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_secrets.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_storage.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_tplvalues.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_utils.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_warnings.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_cassandra.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..ded1ae3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_mariadb.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..b6906ff --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_mongodb.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..a071ea4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_postgresql.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..164ec0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_redis.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..5d72959 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_validations.tpl b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/charts/common/values.yaml b/packer/ansible/roles/helm_install/files/redis/charts/common/values.yaml new file mode 100644 index 0000000..f2df68e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/packer/ansible/roles/helm_install/files/redis/ci/extra-flags-values.yaml b/packer/ansible/roles/helm_install/files/redis/ci/extra-flags-values.yaml new file mode 100644 index 0000000..8c1dcef --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/ci/extra-flags-values.yaml @@ -0,0 +1,12 @@ +master: + extraFlags: + - --maxmemory-policy allkeys-lru + persistence: + enabled: false +replica: + extraFlags: + - --maxmemory-policy allkeys-lru + persistence: + enabled: false +auth: + enabled: false diff --git a/packer/ansible/roles/helm_install/files/redis/ci/sentinel-values.yaml b/packer/ansible/roles/helm_install/files/redis/ci/sentinel-values.yaml new file mode 100644 index 0000000..48dfa1d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/ci/sentinel-values.yaml @@ -0,0 +1,6 @@ +sentinel: + enabled: true +metrics: + enabled: true + sentinel: + enabled: true diff --git a/packer/ansible/roles/helm_install/files/redis/ci/standalone-values.yaml b/packer/ansible/roles/helm_install/files/redis/ci/standalone-values.yaml new file mode 100644 index 0000000..dfef688 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/ci/standalone-values.yaml @@ -0,0 +1 @@ +architecture: standalone diff --git a/packer/ansible/roles/helm_install/files/redis/img/redis-cluster-topology.png b/packer/ansible/roles/helm_install/files/redis/img/redis-cluster-topology.png new file mode 100644 index 0000000000000000000000000000000000000000..f0a02a9f8835381302731c9cb000b2835a45e7c9 GIT binary patch literal 11448 zcmeI2cUx22x9_8Zh@yyC0I4cPR3wC|kVp$H5PB1ZB#;m~gf1}_1O)^|QB*Y2#4gyt zMlbeAQxFvp712m>hX{m(GZyaOx!ZkSz`gf*j(>!>GS^(QjWNFCGu9zzC!56!6&9jU zsKs`+R<0=2Tv-%qj{Ji8aAni0vR)KQEHl>HJ2pI#N)HP{sbegEe^b}f4US~Qs$;Cw z_4G(lQ96Ni5-o-l&d`YniiJz?dw66Zok|Z1{M|-RS5J47uKp%8#vQGzjxpCah7XLM zj-j5O@9*{`T2RE_9UAE9LI+xoBnmwuHj)v%{&$O@SQ71bZ+Kl2DH#*!W~guJ6YNcK zHZTeO`>F9kF${WS#P4QkJslGrH2U}5u}M)uzb^*{#nUN4$W@Fr%;@i-!xQO$57ytD z8g7NACsAo=gGf@4U2vq4|L;yBNa25X;tb>6G}|@C+Q2i|iEP41uyWQ#JBJ%4#8?F< zhJ?qHVxj_RUKr=dpkNn9ac?y zjjf4Zb6GNz?1!C-z2!T|`I6FNrJxgzEdNh&X5<(5KrG*81T6sFq zW4#j0(FP$=R0ktuGQKhJ>5aE1x<}i)7{Yf-uoVV+b&Uyx|9F@?Q)9v%9i!kom8xr_ zZyDi8quLlJ$HoMDMv5Etu;N25ccDbf0|Q5Hey zuy9hmyN{lmxi_9+6lmk*8e~ZKun3K`af^yY(`;?=K0&@@N^D4|ZmdgqQerIL%hrxy zM`KVuoedc@Cs*&NU@z}TC!YjoOLVwfgp0XBq^=QOH`LfZDk)yy$}P!&oMd9pNV2eV za19GKbTn|V3?&(oC>TsM-pj)_-XqzO!f>`XcTI{5(F-#P4|eb+*@i_q#RWz9Cb}lU zY#Dly5oBMwdxVb>J|ZxR=Hn2B(esIp*C%@g#keGsV#(gFfsDuqU)z`@qaaF%b3~+m zaCivCJ1!{#Z-OS0%&mNabUj@xDKwK12OC|CUMSr<(LBO6#=*zKmh2FMcXPB0wAZ(G zOLT#y3^MdVd+FN4H&{DMs+$|$6}}_mun)3ByGD6M!*@NGc#37RH*(}cY~w5(g7s}^ zzJ{deP$OjHtPIHRcv})F*daVJ9OLS0Leg`Niu1-BQNyAVy)cG$-t^cQdT5*_#!w#< z6bFATlk}s>LCIl6HxqO;(KpT^F4{I2o&%lvSS5MJQIi?*1e?StBg+V5BGsE18|WMZ zW@PMb;;rjJh)Z(TCxklSlZ>ctaW=Yo)I?_w8+1I}9FDPYfEk{Rp z-ILpbFFK4J$#eW+T6n?W^l5qJZKu}h5eQ&HLB6NEPly?kFMd+9B*;21U%BtZEs%?pK-aOJA&_a1j0}?4#_1KVkJ~ zb1N$=!~T5LHEY(Ki6ShOkvZyUtN}kg)=-p%p8{pGCE=%=k}YB~GBVw%{}0_J=Dl%c zNm&_1!2faZ@ZlzI_bqfh*IP+9=vgI}rUzo0%pyLDCQ>#KFyN?VT{J-WBp zCg)?vCAY`Vo>`JeY8zKB+H+FMc}Q(BfZHZ_r67MSRsc_F7C zywt+dvh}JDW@2iJ{P>7kKAJK=H#hgl*|VFbw_3cM9SuWCQ8xa>xpUb;&rXoK%1McR zdnJ}CDoP!Dk~;a<;97Nc@fy+86}OQmPoC7l)OA^+lzf7Q)M`ViYrc0ZqM~%M)1#Jw zfq};3$}t=HHo0Bw?;rEaU97FebB`UnQf>OC*hZRgcFPL?lreG9^k2lGzd~ZiK3a#p zy)Aj;;m?Kl6GpPH?|86AUw`=-!|+_};cth8N7wOf@{BbUz8)iD>yD^dMsdu3sjgcm zW@l$t760Qj&u4MW_&1NM{x!;Vb#<@w7h9$;X)0sy)@H8k+&6o3!pHoJ>1>urexUjA z{*xzH?Mxn059_{ZJ+&^q>tPZG7Orn-Nb**9*6rK+L&p|ya{?=HmlwBKDP8rsHUCla zcztmWHlwP_c!*J;ZD_dCY!|w?1!4%~4*Dqs@kWrCfWZ=WDk*3@9_9&Rg z5F_^U)4UCdKkmGFRb;&gdi0)Bv?Q|{S_2<>6TK>ZjGG z9{XfuWax&!)fbyTe+?S#0yhM(;#x%99AT%DK(HZO64jEUVl(pL5m;Fr&fwZPdwct( z%F5ZbwcE;A()V1-YtksJyA;;q7Ewg>BpOX=mYSHHB=uG^+sd@U;l8gOmt?7&bDNkM zu3c;-9?ml75dN@2UC14Kwt46Ayu3oYV;XHVV{t*d3K&7wJ2t7s>ig?!V=XEy zTei8u;}z>#O<*5YkYo515Ix`}TT?sxu@^5d`*D}*ybg@r&so3e+v-a$5 zZUo2RH_Wjx%ILh}MVX!$Yom3g3NIn!T+5S?3nT>6XvGdEb=qi07N;DkD{zvz0b5=XcjZ z%dB}4OKjOLo4Fig7=&v@&9~z!vfyUH!r>W8>ohdhn40=cWhIkX&B#nMgdSzQe698C z&HwuHqLib$HKeUX^6As3C7g@0e3~gTl8)Z9$CYK#Xmq|lJ(njRXfx1~)AFtJO6k9w zkVqt3A`$kLt7TxY0_>xW)*>D8sh7e;aXnntiCP%~e12HDO9BW)FCB@FA<~X*CewMZ8<>mEH4zkm8a-`u%DeyvRRBF-r^R>#fZ%=tc?G*uabB8b?O`
    gt0u3YK+3VbZ)7Cr=g*&)YecY;+uHRLladT3#L-cG+Z4CN zKHgdOtr;9@>`b#Ba+WJ_{4yh$6P!auoRD{nC(pX_v#ErxkgbB-IsWFP&W_}s%qJmt z*68S5|2A?sI~z}@uitaVzm50v=e`T{#J^q`x%l~|^x)X1PD%ECQ3)6r7}&pZlW#!x z&7i92f%*0h4r6aaZ}j74CZ$tSQjUNV{3&o&kyxTw>qazFXX3Act31{S^Z5WvqP%;8 zRA3x!@p~>={SD~@*D62Me{9N}gIbv>4iVJ*7S*vcbLjhxnzRda8yg$XpFfY95st75=?aFC9}wq0 zF)@LdjmM0RV|#f>r?%h2M3;$#Pa{fO)5_jR(9T%&W!y0{L3|lv0qAhQ-1KmF^PQ#ZP>O;1`%Dz!7D2~MQU ziWTB2Dk_SwVr4}3^O^Dya_Y^8?nk&h01c(e<# zn#xC@6l4*7aQx)S269E;yL${|OE<2}jM=QQ;)KaRrkkog^P>D`le>${Uf8$b)1Kp> zs|yMWF0X0_-=xd4u&0Y3+CqaAK$nqa%A?fkq#lyJoui-Hen2>X}amW4T zsHl&Pl3-Q+5SF_hB#eanpW7uIe*?#A_w<-e)@q~SyPJD|z&6%iOR!QgO3a%bavc#AD>^6l_mA0H!azv|NZlSo-Y>{7yA@;9CP`qRRbUn%6+e)_JqE@(-#Tj($SLZ+CP~bsy z^z=kD2pv1Nx#8&8SRE{FDJOU-zYL2!Y4}F2TC*4mHh4*NbaWfddEQmOd&^+c{tSn~ z1k|3gva*{asc|0Qw8G!sK8kJ7>0&1%@zj--rXaiP*RVBWzVhzUM4V8cKhnFInYN=G zH(rj*4J;8!8EBy5Shg7(^gc>&AhW&&K%fp5%101T+q}K=U2!!ZR+L`2pe;1(yhCD5 zwZLA;2r!@WQK-ns$WLFsz)Bk!GrmY|iT$d|OtY-O3CYmGMWK8=bZ|_=(b>~egE`;B z&DC`utbzl(e>s=PLdF(@$Qo;F>;K4_clR(EnVF@3${I-&7|nq*XIAU@RjD#F9Ja!- z1gAUx{SAmEZGM?Fa-d@lh@@~DD8%M>?%ZkX;BXAvqz+>)+VLR1jdqa4x`}xGPujwJ zjrkWlZqbNgA0GNlNuA6sD9GCRDA|r(xQNS{?CRYFpMIBcClzE-x)A0>$IUe54MLV{ z5YKI7rd=<`4U$-_CQ(64=M>`}9L2G*vBc3jiKCFeFf-JY%#xS?czdS-j34BuI)Bic zdm|o%rQaRgNkv&y6rbx8JJcqgxpGr3w#j*=j^6?ni&d~S!D(vw4hk!~PV_BJXp*+! z*WgV`k!x(MK7_Aw8b^7^?KuC1QSW&W@?d1=cj}_1HTsUh>3@C-(>ADeNNAuaxTPcrHRdNQYOyka!)+4~pt_Se?%`LR z;xnbVV}q7fEhKKOH~ewy)Ya|Slm*-y!(D7)Ma_K*%o**nUm81s`t?3R<$}}M49N5# zO;E?-RNO8Q>V&^~b0AxTn{2rwaMM6V%>xSL3uu>2xLgQhlQT=!U!rWP1^I{yYZ~lH zCiu;Dr4yU|b(q->0jx?`SqgmC)WAIw&;orf@uOty$OokjUf03z=V70$*Vfi9CpRq= z6BFxuqRFa7_Xe7xHZ?Q6iq)$~_dm)_vy2nS?9xW&ct6KH?@M@!S2w7Qj z=(&&|);AuKJ$mZYdgjW#!lRHK-s#T|KF`4lq}0^Zf;%qCq)Ex|YizU%>b>pm?R_vc zRSXGr(F4tL*c4;KurAeqW_0EIH*LSGYHF$oXUzJ|^&Mz>+qx9d`YfxIVcpv04@u z7P_>TibzHZ0gUm@th>A0*2$^4z=W}M*)l}U-VX0sxfY*Qo3UcUk-WUm9lIV^fIX2} z*E1>gbxsAwdp~^&w6d{TYiukBsv-@H2jbq;uaTU`k8PiyHdu7U^IHAuYulqIMoAFE z)@W)<+`D%Vl!lF+oh0gfNr@P^e{hY~PEJeofU`lfu=n>@z+N=MaRRq@2)rNV)8nJT z@2b%EV~6$~IkFUaoQa9NiHS*l&Du`{aQhXwH+5(=#3Ug)*1bHtRYpZ6C+V**r214z zInzX4$S#&HU5fJe_fOoltD&J`-itFv$e}!K6uCrNS{k|d=FO@(bLK2qw5Xx4Za)P6 z0|_6JB*5sp?lCk$heZuEFCHT1#U4bGY#KpPcA?gW4GpmOE{Mljcuy6aXct?-SY!Dp z3!^+du-4Tf9pP_A2VlmeeOgNzIH%HHIGOnLW(iBYVtfv6^)iTckbN8)b|_e zoVEKYtaXQkm(nQ~GAVfY2Jx!TxY1AzKg z4W8SD1hSHnb$$=x9jC6&zn46&{rZM~PG4U@@aeQd%k+=!L|h&=GXz-6GC}dyXhKH= z2RD-ik+|;JvqhU9@s`~U>t4gmwFDg}4-1F*+3qmBukUG|ofzK+)Lv&ArD)0Pt3LZd z-u1WIs95{?74S@)R;*r~3HkcRiWX(dl$3`&lRqTHrj?s_W*^34BcsF5WXY98Q$y+qe39R*cE(Z(E%W;ALmX4_goK$fL!PTdlU!K_L zGZ#S${GQ0RvabpPh7{k+h|59y-9z+iMMVWtafpeDDIuauU^oMX>B{wQ?}V2ATkEct z1-3xFh3IQt>T@|OYirQg8@QaLu3rBN++g$_kzWV_bX-8s-S9SA)$!xUm-D{1T24vr z2w=Sg{!3!L9JEK2I^=1iqodoX)C;`zI_trjLECF>-h2{kEhacNi=@1UIHQz$az!l| z8)%lcvZ~uaCu?84c=5SCkAqGC7kmLkoDB}^lYD!N{7&jB&RM& zLL_Grvo2fFWDTItH85H@m+%ZR2)7Vtv%1**&5dUws}CJmvmB zGtS1^z4OMP90a2@w6(J{cXmF)lV1!SAerA&p@-{k0=K79n$nUDi8{9rS~df41@yU! zPg8_JTD8h3G71pC{{UNtA{1TRzuwRQ1S%=35%6pHJ^Yjj1%R3w-0SN*GK-4VKt?7H z+!zW;Nl8h@(I3T-s)4h!D)aJ1NHvB;hl3ET%cg*faQRJkm08o#)4X;fbmidWztg>;!#64Q4Gor0j7EW=${<=D*66b5 zujA|8puV!ZCvyl$p>fKDE~*bq0LeZf$BO##)&K#p0HJ_%O}wcQ9Y9h)n8zMKySw-s zXZgX*^dPPxyvOhfvCXxg%sc?h3$;R^(_K(P3*UU9 zmo=l*kS={AxsHB14URAhG(H6XjehrIFNH9@s`H1Z0V^NwC<~Q+g!6yY>m|$gN=Rl^ zC)eE2fUMg+rTS^MrFP;Z-c2n#cY!_uVPeiZze#uwRB7j-`Ucr7 z1d%86&I~B~qfip>kaqztb`AD8{~L0y=zSrD@@I~B`d2Tngq+?T{yoYEXi*LkuBUpH z0H|_0bQSw`DM}TKRR+*p$t3cnann&fH_kwO9H+mvI*@?5h2v`?1mF>%Lx?i#e=%R@ zUH7lahQrdIgA+lKduYc@^~aB7Sa?aW0Ti5oJ6nWrkqTQAxuWOM%e$d(bO`56eWtQ} zAwti*<#NWldf&6c`I?qc=!pDa3fZy)Qd5EY%4(=&UH>3%Ritcc}65Wn3V;U zGj2e~MHl15QJ{w7^`fl(h_e)2ahe3|wfW)bzFeGAc0@N6uhW(&X@lDYn22!P7*?JX zS_5i1OF&7$Q0K$m87KWL`6GbnHRhxCfFD-V(Sg!n$ez3nUTd_q?Wd&9l;h%{m%vmJ zYTjW<6sS6P{@L>DPstVMK}`bn6c@P7#^Y}sX9^jr!V9FNkWys-P#L=!m_#Y3d=bA4 zshnkXunU{T&JRo5MO)*iN!DDV5)vM-K@C$91wg?Pk52;}n%U9eURqOj-w@Jegh-NE zX+Y}we*8ELCNYG$IG^^iz#NJ$PzKfFm-!=I+`%_M==-;pa)8z>^u1K?EVY%s@=l- zy!B2{l-)a99)1PoVKEd^t^nOjr_({?$m#Ja;%i|Y6XALlsj?* z>f2SmNb!5t=79F8f=nm{tq1iagrj;_Mx5oXzuzcQ%oKKJ3r$X3;Sc6QhcC~WWrCv& zXf3jCE0cQ)RgQir2!ajTv5P`MK6d%PFUPe+eHQt}6WlYhv(uo|$me#iWoEQhPkvbq zRiQcH$&UT0Oko%H9MdEgMfO%NSiHCiiXkN&7kd{M8Aw*3GGGEM3_qo)KC5{Der=#X z{~{HX6C8=gD>te$AQ(BYi$kGmp1&nd8(e8RqDB}}dyzL1z;k#dz?_lSAL=Aj`lBCJ~vZaRd#_rNgaC%{d^a1(O*c4V(IEKPIWeu+|! z%s41R;Cpis01Q##f4*n&tq)o>%MwlZf?K7)8x|0Q+B8i-h>9Z>i#>Z#rjwtJ+1lD3 z!9G!kDkObY&CdG<*>PCB)+SAnpzcWopr+1YmyVP=wr>GG+}yaX!FnYg^j|U!I@Z5A*1U%+~3V zCPXPnD)TY4C4fAUv>D!~AU7VA@vb0?g9P~_1vT!1n$8ix_3$2(n1nwesZB`Vk~c;^CATva2ZRgf1zp?(eu{DL2oO*VOmYB7 zBSIoS4h$fnf{?E}XTO9r-rHMl?%cV3-@h+{@KL~<7Y!45Ic+v z^)Lto6Ar$AW@U!Y=x^d~2*j3yWE7t4A3^l?BOoM{bpL#lP?Yxy3?WM>=}9Omx&{Tw zdU(5f2D|!)$OaI|a0%}F2YPrDy$K$F+9=8^${&_jKCGaGRZx&n(pFN24@E^;byWqs zKkZ#T2?2ixRFRd30S=kEx_bwZ14Fzd|Fj^GT|NJdW~Fl2&%!mz$V#6`a8_3jwp5Pr z{?jIm5FFwi81Sc=0*o&UkNX`DIWmaw=duSO%-fy7xT=JLH~JeoJkk4au+G{41$dfjkSY4t(D}p^=!R^ z)U|CKrYmJoGw(?iivqLLdoBFF*ll?<2 z{d}S{4I;xL&BN8)(F%r&3f=@&csYzVH1I;Yo0Ig+@#@xYm`Gbo z6;m~mpLZnL*4@I=+EvXe#N5m`(AL<@!_3GsBE%yyGAcA&UeVCaP}fffP1ZH`@bDwr zhD2D}kpm6o6;)Mze6)RWD3Yg@kB^c!$`GxJM4>$4F##cp{%-QFkw)lnTQgk~MI&8P z9Tk10zyNPEcN7YiN#By}ZyI8$7_3L|v~!E_G_ke}4lu`u==l2t+o5oZCgwN=4ABVf zui&QcjmD~akyP<08^&v>n44=yl98cgJ8fdPxxR9gqDi2sKN3SAn}o{~-Th!}D@b7- zBK+@V8i5Z|Ggr5W#Ca+Q!5y+WQr{-X&)36BG1AnE5r%G*B_;-qhuCJ z3XxYc5B0Jokc_ z1Ak8sy+8wFWt6*~nwd6M)r1rorlJ;Lr9cdJSMxSgQB?OfRkKvnLmDd)4PlJ%D3S^z zavWp#D8Z=u|LmCG+Xw#siwR1ok~bZf5C~C(k)Ad-qG*2D7mHoyXI?BnJ}PN*Kx35p zB0Edh32l>qHgUl2g57l&%5g8&D_%rGS=zPh21n3VO3m93Nq4b_7)maAO;F`;?+;dI z-ItZmu3&nclXqOPbM=E;&Mi0Mw-@mX$2tScS4HKOIzK$%kW*?FHp&rSe6q*<=x6aE zqfMNg>J+N6p7{PeDbDP4JY7#u(T%p7vpxBL@S=FafS-O?m}=Pk;F*MkEia0-M7p}V zc-4c&*_k(Q+Pt~zwx>CH=JnS3p_-(c8nsiWPJNi4&-gY!bOoI+J3VmwAhdCn=amm0 zH+=HsiKwjX&TZSa_22d72@Vdnu(y|9yOvYvO3Uev{k8tx(8%cV+qw`=LBVvVhN#Cw zLjofsBfQ6=l+*S1@0E2(-XWms^8M5B)An}lxHwI-iyCKMzs6v(*hW9q&9zRg+}zxU z4j*ozS(RlK7iSg~34VOnAdr%hg0FI6f)VsHg)^$E+^rb`NfeiQbaZvIb8=46=~7+QAA^@?ael-1x%chcmnFW9`5+-`|sGz2%raXVf(`V0i3#DLBQH>AZa&2a2=T~O^{ytu7 z_ntkdHWCdMm|YOL>og08J_eIBjl3EpgIlwDo-b!G)p3ziNGKycoxO{cpb_=;P-$uD ztGW=+n+|mtvLNPAp49N0p}>*sdv4gE+APmW+f;m@<~!-shs{^TtOj?H z3|;Z`HzvWsiitagQf-_fQFqNX>Wm2l31a7^jLVlr{RVEKU_915DJBHl_U#HDPj~6* z>wl@t^21tLolZ_>-LiFS-A|R;t4C#UO^_=i3k#WFzmmHwvGX4upPufy!86%eET_S? z?FlB-z0B<5sp4XhVsiFCD!23pXetu_(~``!`vi6N+V0)EUqSA2@$jTkN{!B(Ia51V zQC~$G)9 zYeYmwrckuanlL?8u(o4U#qoQEP6w1;y}D)ie&`;d(?ut!bjv*l&7OQ7YeThN*2=zk zF=KHts7t|+D1+M(wcKMT8s+r`Ah^x8yOs<60_c?`zhDLm8KUmT?H?Qdx5)dH!?D_MFWZI#S$rq1v zB+wAf5s2Dv@Q!zXOEuAN&0x^rX?S5=J_%t|iN3u&ey6>3h?*0=V^7W~8OvepuYS zvHk<{P1I<&Q|vMhYh$B!B)(gK|5{m@Ze`yU$NDe^tnu^n1LmgXJ4J2#wb~hfxo<8z zJA2>w50|v&B#yC>B$0n!H2PB=3kroQb^j@GwmkvTY3y#FQ}dUJ=S&XqN==Q8$Nl=N z9^28KV?J*cH)DPl{V#bM3xnx-yaP3}NgPM4mWxYSY)bJ`M(cy1MRT<`7O_ zS&2B8pFj5K*SZ{Z1c=Sb&E4AIlqrGE!&jnn#BbWy?BtPi;`%AH>U+?v==j3B21pOa zB;M3b+DVT{dILn$>>~eRy6ei~_wNR=vB$oA`NG)Rzt$Jxdojmi*OV2Nl$a1Ul};_= z?PobfL^8X}%yo0bV>VW&u2)vJtu9TGzJ0Vs^!+N3k(S<$a8c%02z+;RZdn)^gotVo z1{PsuXUF#J(aM)~Je8T53HibT`LcEE))dMsv7wqkgPC?Jo;qch5&8iSAKyzjefpBwFgiTI=#4{#8O>d{c3I*NgCZ^R;=lN7vkDzJ4lIuE4zn=j{mtZ1sLs$wt;IpVe=%!g!U@8!+H#$KE(3~X|%7FAQ@$q{#L zN##by{X~*Agp7@i5eV4Hd~3^dNv*B=bB{e__HOSjw`YMB+|DC=`QE*~XAhd|!~FR8 z_+V}5F($YMJYDKqp64&E)$u*PG;18L#Q9MizAjh-arydnR*j20Z7LidKR(S;xIVZ6 z`9qfC6LR8|XW>^5JwXc_wE$g%13l{hqmSaUg!# zjYh}&`Q4OqD)UK$IdQm8ZeP>1$Ki0jow>QWBR~`Kg)d)rbbq~dL*S9w4vw^+7aF3! zkFHJ?GeCl|u~BJzRif_|-WkhKd)EjYCZWMRaFR-QW7#R#SmoLb`}iQQq6h2i?(Vw38r1=E|{@#%l6Kh&4Fnyf}Txn9EYy_yX2aTKPy=i-Trn`)RLyG(v zhK7c_{@|1P?E&_{z(9ao{Y#fFy`)T{W&z(%fKUONXTYj9kmY-06sQ9Jpy^lp^iU|^ z0LAml-n%J+>SBPj0Q#Kf$CkM?*S}f;8ZsRT``FlD?GE9vRAW_2tEzTwY-|9`ZT=c{ z%pwhLE@+L(sUPcZ!V|uOw&fy*U)$7l$KXAGX$WZ>8aE~-EzQZxdq{(M z_%cB3^@<9BqoM@rEVGZV@5szd3Zz&vWwaNvnZ+n4Xns%ys5%8Gx%A;fVU3HFHYaZJ z{rfiq)&V~_0LK%VcM2wh{7I&aSeqQ!!@PqZ0ZFKg)XGhCnc65)a zgoMOM$B_j+ZS9lOhYHStf~;_?cLO{ty^@tyjUDbExb4ZgYu5?F^Sl&FsU)adl#7cf z#BvbSMk7YzNlS}%W#3ri$<3u#t`Fur$E64#i*o5IMM3}LGPq5MqN9k1!n+e z_e)6pl}E#Gjx0Pl4U$XfHu0qn3Uy{0nToNtPQ0MxIZ8S5sgaJmq1U$Wj4SPRu^k}) z{qO}!``Lr_>jJN18T%_eU9Ydgu{vtm2Q*m;XfiP%BTeC$MeVN(??rt3D$caHaSF9d zKwei9U-EyQAL8LS_H|dz*|R7Eu`}+p98=Kmy95NbLynjfAvq76H451}^y<|KfM@rn zgl!DbaLv4!^7gGmSGA!8L(+0+{oGYjQsM=YrZt`K^kMsZ*T1!wr>3%rA3V4piR2X) z7UtE8J9^K5=)fO6>rovtWu~X6ciFsHbGo~XgZSe7NsuS3Q=PDH=dT%~(bfJ#swTyn zLf_v-%Q3U_o_PAy@G6y>LeZCM!$=GWX~hYC{`@&&@`C4wxw*7z_ck$QWv=aeWsdv! zNSPHOM_wNVP?x`8!YB|xWi#pyS;zY>5I+7kaR=~nUIjc z$j!yCUlSg?G$wQI-^I;+W_sF-Q5O}e1?m%t2ZBRFEFB!ub8>c{%grqT!P2;VWilVW zf=+8`X?gncB??-p2EI#=T$*%!c1|)mHMI#wk|&Moff5lF6-B@_C8wpGZuih3k*Yr| zuzK^Ma}yZk1x#G+*(odzxtenD(ut%b7Q31N&?2wyhx&q?YM!r!%8uyc zuo|8;&yf(ILG zbEkIiQGtmc`9lgxfZlG4A09InT-@kXem;+WIxneviCsif5Y`&X7x=9Gwef=l3dePQ zZCTdL{EZ;Is5+y(xN@b7j*~ViRNY}~Yg-$$st6kDG*HbIkl*o98z3MS7z00e@W29x zJM-d&38+x+9Pxbz4lu(jg>)U>x5kamb(pQOpGn*yP!RhN*rw)Plr&kxF-^9!t&JuA z$I$zr**7$zh`EW$_%~ynDr~z%z`fjeCT3=4Y1{7_!7$my#qr&pq-Y5n$oTG`J=U{6 zZ=Kq?@pSR}^z`(-{?yW-XbDd@T8>P>TVoc0ml$b($$(06wLB?xy%~FNG<2~9y^?ivgWfk=c}B{*6FA%m-FDSxA0+prtm z^D;;}bVoqtr!+v&f_txje5%j1ry<@t4R1%|n&awoi9}*5WxThx;XddaW|A~cGoW&? z1=Ev!tsI*p9zd09n#V;0eYcfkkJL8!fHpo;o9iP`V-pHWg|!Cry?GuNi>I@NL)jTX zeKL#_phZ?zR%7`&!5sMK_k~k$ zYjgQC^aH5k+XE^`tFeyh_L6mMH8u)(x-2x*8~rwGCxbgUYHe)XJm0g5rz--(;cu6p zu$PqNtg)GLr9B&OEk7rKplz$MiLAy7L8m(jLpP4%>0w@L?H%w}>d=jKJpJ(3q4IND zE$u=<(RYQ=%W^@|689-XzRzn-X$3EdP$akmBmy%x{#;#R6ua5`4Vql!Mdjsp9gF^^ z2Ws%u!`Nsj;l@7IFC@a&3#gx0Wmq4KyFdlthv-uTQ()163ZOn`f}&T)%xou+7wSD$ ztZ+b4q-How;ONn#LEneNo59@xtelE@d;BbQZT(KuMOI#>eqi_xITRU!GkQTtEHg~dIyyQo^1M~xbpWnHeGnJqeQ9*m?c>|JJs|260Rn4DW3Omd2LTs<>rFE= z3VJCkdMu_kPYQjvx*CX~ea*N11k+}D-(H!RpP$f>Muwe6qm^FCZVl3e(v24I?g1Y}sy)|R&dJZ83RVpkhfARl@^9Ewy1_-(ZQD+Y z8}S|qlhIuHuo-x!1u63E@(RXZgEz&jtoe4QW*Q(CUtGk&nc_tTi8AVxt5?N=7*E1@7dcvTXMu>j!0pg8FxbC; zzb;v@gd%(_6|^|{(_22M#<+x%xK1p6mZo+jxfw6d*Sv2nuX&dWf?;g7=LRtNvs`JL z#n))L5=I^NFs2Tu9x*kRDe147kni(vGlYX)|9_Yv!Au-sF>I$ZEbDY_>6sZ%u~&ArBk|wG!P{`p!p2V&BJGweO`jP?z&+k2NdN@ z=E~um(iJY9Y^GA9X5UDztgcGVY7-9QtKGK#TwnhTHB2f+XXl3)WYUePW&*V!E9(Rh zM`>+s|4iQm1soYtpJTY|SZfBT8X=@e$HcSMAR`)VU)~J;GA9;CHNrElKUz}tLrg72 zda`+jI#?6v9J4l4W>z1w)&K?oJFon4GP@5`N79^nv}Tbtop_s1NP~PlAfV!7zG?j7 zBS!?FE`X}0^vWw!$b{g@7$g<@lBo2cp~2GH`oP>oj=!u!EyCQ~{GqskE3DCno2yw3 zSRg-!d>op{9^15OlZCAu4ajB++Su5z$jQldDX7P_fSLuh;v5nU$7R4FWaZ%C5o$h6 z(mZEgv6@B2Izz=R<9Pqgi2QgAI#1>?6lHqg4i#}MXSr(%%J#(m_~yE@II{DMXkXOV zE`!fKHqI&FDN=`B<6Z?!;)(_jq=xYc{#Oz!Vrzt z4GIEprQpe`g;w-ba|OoK+}wanzVp&X|Jl;pkj|0Ck>*l&FSaS&BOfnt)HBLQQ3;8b zYfD**{sXtRa&mJ1_iiEj?jINCu8M%&y?==bKj{lmCfs zt#LEQhx&zwA>xJ4xp{c(7eq}#J}dYSDucg}>*=2i0xT(o|>K{kpItU_V5C|MX{qks>ED zsDof~;xw~jKaZk*{&@c@(X8zD#<`2?AqQsX<_d?s!K+|IfoKE|SRwL@2iPB1=yW!) zR%T{qs_-%qqbUa$flEq3k>!Ywd>puqII*@C^>a+*m&L@7TIc)ZZQxaxx?ks?I=#fy zkEa8^QO0+d-oMYEFXw!3qyE7IL7)j(5cqugNm*z>w3k-!Fbqu-7TqOUmNyjq|z zNO_NS?;>by79U8MmPx^Gr~-4OTrxk1vjtDydRRPY{K6EMscA0PjwuTSkqEzl$Y zJ-h;(7J$EfvxWra8@?e*1;MaFfKS_^7aEeFG>4UhLj#7-4pIT?)WiY5R!|E;FeCZz z%?wCZp@NLqYahGQ0ZkxMY3rNEq1FW}=HbSgFRU*>f=Ye2$pyu&fe%*?fMABIp?qp{ z+aN`v(R5N#qXKd5PhsHEh!sD_6FzTY0MP8JgL>j}^ITB>#Li~07R zRK(H2;^IzgZEdB03XL#@sy7jI$OyopzQ6yxNSq^NC1WmQolBr@-Rt-bTu>L)Lc;So zA8;yLmO8cMes8{wm0QE!ntoC}V5Ydfdk{&19UcXS%3`m5U<#$gr-)w@netuj+x;;pdLBjKx{+OdZa0uW*APf{{ za2?khGuHi;s2zGJ@RaVc@$($E#@vXe z=4OzFV~Z16OCG;{no~i4NUR*oblJWp;E<$bHiHAfpw!M3J_ao2Tf{Mu69OEGLo9yz zqT}dz(J$YCa)U}y z|MqaEnTt3GLA?x;KRLHhalLyc!p{h7GR0SSeQmlFraAspoDzB)_hX*XKuSsqJf(BDZYjPfQr{E)mc(LRZYQC!b6ex; zio0JunJ}i!|Hdq&O z5Dtc3m6?mcerHi4zGyTMiA`Xz7A4FIxVrzIzW~F60?g*w%*+l)KjN=nzt%I@zhg8e z`N|-sp$ps;#`%EfrAX$74<9n>2ylU_T^?_`dhOcilaxKOFRd&r5Mcal-M&{8tfR+| zA5XugZa-jh{siEysGM9UHIh<^>4V=Bg))8%@U(%X=>SF4nmwGI0JnmNqYDSaupM@Q zR%M(P^D1nDl8wPmU}YqkYp!m&aNz>O5h9Tkz+JZh1FxWfAJLb|<^*5CLIUNmAGilv zt&E>FXE?PF0KotMj!{=7h;wQ?rr`omD@a$t=x-mjF__(up9$XG*G6W_iuIu&TKhJ? zT}w-gJlDH}p}=8Fb8>MdfCX0yx(ZaV0LaQ$Am5=B9b -- bash + +In order to replicate the container startup scripts execute this command: + +For Redis: + + /opt/bitnami/scripts/redis/entrypoint.sh /opt/bitnami/scripts/redis/run.sh + +{{- if .Values.sentinel.enabled }} + +For Redis Sentinel: + + /opt/bitnami/scripts/redis-sentinel/entrypoint.sh /opt/bitnami/scripts/redis-sentinel/run.sh + +{{- end }} +{{- else }} + +{{- if contains .Values.master.service.type "LoadBalancer" }} +{{- if not .Values.auth.enabled }} +{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }} + +------------------------------------------------------------------------------- + WARNING + + By specifying "master.service.type=LoadBalancer" and "auth.enabled=false" you have + most likely exposed the Redis™ service externally without any authentication + mechanism. + + For security reasons, we strongly suggest that you switch to "ClusterIP" or + "NodePort". As alternative, you can also switch to "auth.enabled=true" + providing a valid password on "password" parameter. + +------------------------------------------------------------------------------- +{{- end }} +{{- end }} +{{- end }} + +{{- if eq .Values.architecture "replication" }} +{{- if .Values.sentinel.enabled }} + +Redis™ can be accessed via port {{ .Values.sentinel.service.ports.redis }} on the following DNS name from within your cluster: + + {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations + +For read/write operations, first access the Redis™ Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above. + +{{- else }} + +Redis™ can be accessed on the following DNS names from within your cluster: + + {{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }}) + {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }}) + +{{- end }} +{{- else }} + +Redis™ can be accessed via port {{ .Values.master.service.ports.redis }} on the following DNS name from within your cluster: + + {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + +{{- end }} + +{{ if .Values.auth.enabled }} + +To get your password run: + + export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 --decode) + +{{- end }} + +To connect to your Redis™ server: + +1. Run a Redis™ pod that you can use as a client: + + kubectl run --namespace {{ .Release.Namespace }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity + +{{- if .Values.tls.enabled }} + + Copy your TLS certificates to the pod: + + kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert redis-client:/tmp/client.cert + kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key redis-client:/tmp/client.key + kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert redis-client:/tmp/CA.cert + +{{- end }} + + Use the following command to attach to the pod: + + kubectl exec --tty -i redis-client \ + {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }} + --namespace {{ .Release.Namespace }} -- bash + +2. Connect using the Redis™ CLI: + +{{- if eq .Values.architecture "replication" }} + {{- if .Values.sentinel.enabled }} + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.redis }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.sentinel }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access + {{- else }} + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-master" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-replicas" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + {{- end }} +{{- else }} + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }}-master{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} +{{- end }} + +{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + +Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to redis. + +{{- else }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} +{{- if contains "NodePort" .Values.sentinel.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- else if contains "LoadBalancer" .Values.sentinel.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- else if contains "ClusterIP" .Values.sentinel.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} & + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- end }} +{{- else }} +{{- if contains "NodePort" .Values.master.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }}) + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- else if contains "LoadBalancer" .Values.master.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.master.service.port }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- else if contains "ClusterIP" .Values.master.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.port }}:{{ .Values.master.service.port }} & + {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.master.service.port }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} + +{{- end }} +{{- end }} + +{{- end }} +{{- end }} +{{- include "redis.checkRollingTags" . }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.rollingTag" .Values.sysctl.image }} +{{- include "redis.validateValues" . }} + +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Release.IsUpgrade ) }} +{{- if $.Values.sentinel.service.nodePorts.sentinel }} +No need to upgrade, ports and nodeports have been set from values +{{- else }} +#!#!#!#!#!#!#!# IMPORTANT #!#!#!#!#!#!#!# +YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/_helpers.tpl b/packer/ansible/roles/helm_install/files/redis/templates/_helpers.tpl new file mode 100644 index 0000000..a9c0d03 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/_helpers.tpl @@ -0,0 +1,291 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Redis image name +*/}} +{{- define "redis.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Redis Sentinel image name +*/}} +{{- define "redis.sentinel.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.sentinel.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "redis.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "redis.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return sysctl image +*/}} +{{- define "redis.sysctl.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.sysctl.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "redis.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.sysctl.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiGroup for PodSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiGroup" -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy" -}} +{{- else -}} +{{- print "extensions" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "redis.createTlsSecret" -}} +{{- if and .Values.tls.enabled .Values.tls.autoGenerated (and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret)) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret containing Redis TLS certificates +*/}} +{{- define "redis.tlsSecretName" -}} +{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}} +{{- if $secretName -}} + {{- printf "%s" (tpl $secretName $) -}} +{{- else -}} + {{- printf "%s-crt" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "redis.tlsCert" -}} +{{- if (include "redis.createTlsSecret" . ) -}} + {{- printf "/opt/bitnami/redis/certs/%s" "tls.crt" -}} +{{- else -}} + {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "redis.tlsCertKey" -}} +{{- if (include "redis.createTlsSecret" . ) -}} + {{- printf "/opt/bitnami/redis/certs/%s" "tls.key" -}} +{{- else -}} + {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "redis.tlsCACert" -}} +{{- if (include "redis.createTlsSecret" . ) -}} + {{- printf "/opt/bitnami/redis/certs/%s" "ca.crt" -}} +{{- else -}} + {{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the DH params file. +*/}} +{{- define "redis.tlsDHParams" -}} +{{- if .Values.tls.dhParamsFilename -}} +{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "redis.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the configuration configmap name +*/}} +{{- define "redis.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- printf "%s" (tpl .Values.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-configuration" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "redis.createConfigmap" -}} +{{- if empty .Values.existingConfigmap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "redis.secretName" -}} +{{- if .Values.auth.existingSecret -}} +{{- printf "%s" .Values.auth.existingSecret -}} +{{- else -}} +{{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password key to be retrieved from Redis™ secret. +*/}} +{{- define "redis.secretPasswordKey" -}} +{{- if and .Values.auth.existingSecret .Values.auth.existingSecretPasswordKey -}} +{{- printf "%s" .Values.auth.existingSecretPasswordKey -}} +{{- else -}} +{{- printf "redis-password" -}} +{{- end -}} +{{- end -}} + + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} + {{- $len := (default 16 .Length) | int -}} + {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} + {{- if $obj }} + {{- index $obj .Key | b64dec -}} + {{- else -}} + {{- randAlphaNum $len -}} + {{- end -}} +{{- end }} + +{{/* +Return Redis™ password +*/}} +{{- define "redis.password" -}} +{{- if not (empty .Values.global.redis.password) }} + {{- .Values.global.redis.password -}} +{{- else if not (empty .Values.auth.password) -}} + {{- .Values.auth.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "redis-password") -}} +{{- end -}} +{{- end -}} + +{{/* Check if there are rolling tags in the images */}} +{{- define "redis.checkRollingTags" -}} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.sentinel.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "redis.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "redis.validateValues.topologySpreadConstraints" .) -}} +{{- $messages := append $messages (include "redis.validateValues.architecture" .) -}} +{{- $messages := append $messages (include "redis.validateValues.podSecurityPolicy.create" .) -}} +{{- $messages := append $messages (include "redis.validateValues.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Redis™ - spreadConstrainsts K8s version */}} +{{- define "redis.validateValues.topologySpreadConstraints" -}} +{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.replica.topologySpreadConstraints -}} +redis: topologySpreadConstraints + Pod Topology Spread Constraints are only available on K8s >= 1.16 + Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +{{- end -}} +{{- end -}} + +{{/* Validate values of Redis™ - must provide a valid architecture */}} +{{- define "redis.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}} +redis: architecture + Invalid architecture selected. Valid values are "standalone" and + "replication". Please set a valid architecture (--set architecture="xxxx") +{{- end -}} +{{- if and .Values.sentinel.enabled (not (eq .Values.architecture "replication")) }} +redis: architecture + Using redis sentinel on standalone mode is not supported. + To deploy redis sentinel, please select the "replication" mode + (--set "architecture=replication,sentinel.enabled=true") +{{- end -}} +{{- end -}} + +{{/* Validate values of Redis™ - PodSecurityPolicy create */}} +{{- define "redis.validateValues.podSecurityPolicy.create" -}} +{{- if and .Values.podSecurityPolicy.create (not .Values.podSecurityPolicy.enabled) }} +redis: podSecurityPolicy.create + In order to create PodSecurityPolicy, you also need to enable + podSecurityPolicy.enabled field +{{- end -}} +{{- end -}} + +{{/* Validate values of Redis™ - TLS enabled */}} +{{- define "redis.validateValues.tls" -}} +{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} +redis: tls.enabled + In order to enable TLS, you also need to provide + an existing secret containing the TLS certificates or + enable auto-generated certificates. +{{- end -}} +{{- end -}} + +{{/* Define the suffix utilized for external-dns */}} +{{- define "redis.externalDNS.suffix" -}} +{{ printf "%s.%s" (include "common.names.fullname" .) .Values.useExternalDNS.suffix }} +{{- end -}} + +{{/* Compile all annotations utilized for external-dns */}} +{{- define "redis.externalDNS.annotations" -}} +{{- if .Values.useExternalDNS.enabled }} +{{ .Values.useExternalDNS.annotationKey }}hostname: {{ include "redis.externalDNS.suffix" . }} +{{- range $key, $val := .Values.useExternalDNS.additionalAnnotations }} +{{ $.Values.useExternalDNS.annotationKey }}{{ $key }}: {{ $val | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/configmap.yaml b/packer/ansible/roles/helm_install/files/redis/templates/configmap.yaml new file mode 100644 index 0000000..71a710f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/configmap.yaml @@ -0,0 +1,60 @@ +{{- if (include "redis.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + redis.conf: |- + # User-supplied common configuration: + {{- if .Values.commonConfiguration }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonConfiguration "context" $ ) | nindent 4 }} + {{- end }} + # End of common configuration + master.conf: |- + dir {{ .Values.master.persistence.path }} + # User-supplied master configuration: + {{- if .Values.master.configuration }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.configuration "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.master.disableCommands }} + {{- range .Values.master.disableCommands }} + rename-command {{ . }} "" + {{- end }} + {{- end }} + # End of master configuration + replica.conf: |- + dir {{ .Values.replica.persistence.path }} + slave-read-only yes + # User-supplied replica configuration: + {{- if .Values.replica.configuration }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.configuration "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.replica.disableCommands }} + {{- range .Values.replica.disableCommands }} + rename-command {{ . }} "" + {{- end }} + {{- end }} + # End of replica configuration + {{- if .Values.sentinel.enabled }} + sentinel.conf: |- + dir "/tmp" + port {{ .Values.sentinel.containerPorts.sentinel }} + sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }} + sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }} + sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }} + sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }} + # User-supplied sentinel configuration: + {{- if .Values.sentinel.configuration }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }} + {{- end }} + # End of sentinel configuration + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/extra-list.yaml b/packer/ansible/roles/helm_install/files/redis/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/headless-svc.yaml b/packer/ansible/roles/helm_install/files/redis/templates/headless-svc.yaml new file mode 100644 index 0000000..d798a0b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/headless-svc.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- include "redis.externalDNS.annotations" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + {{- if .Values.sentinel.enabled }} + publishNotReadyAddresses: true + {{- end }} + ports: + - name: tcp-redis + port: {{ if .Values.sentinel.enabled }}{{ .Values.sentinel.service.ports.redis }}{{ else }}{{ .Values.master.service.ports.redis }}{{ end }} + targetPort: redis + {{- if .Values.sentinel.enabled }} + - name: tcp-sentinel + port: {{ .Values.sentinel.service.ports.sentinel }} + targetPort: redis-sentinel + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/health-configmap.yaml b/packer/ansible/roles/helm_install/files/redis/templates/health-configmap.yaml new file mode 100644 index 0000000..41f3145 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/health-configmap.yaml @@ -0,0 +1,192 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-health" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h localhost \ +{{- if .Values.tls.enabled }} + -p $REDIS_TLS_PORT \ + --tls \ + --cacert {{ template "redis.tlsCACert" . }} \ + {{- if .Values.tls.authClients }} + --cert {{ template "redis.tlsCert" . }} \ + --key {{ template "redis.tlsCertKey" . }} \ + {{- end }} +{{- else }} + -p $REDIS_PORT \ +{{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h localhost \ +{{- if .Values.tls.enabled }} + -p $REDIS_TLS_PORT \ + --tls \ + --cacert {{ template "redis.tlsCACert" . }} \ + {{- if .Values.tls.authClients }} + --cert {{ template "redis.tlsCert" . }} \ + --key {{ template "redis.tlsCertKey" . }} \ + {{- end }} +{{- else }} + -p $REDIS_PORT \ +{{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi +{{- if .Values.sentinel.enabled }} + ping_sentinel.sh: |- + #!/bin/bash + +{{- if .Values.auth.sentinel }} + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" +{{- end }} + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h localhost \ +{{- if .Values.tls.enabled }} + -p $REDIS_SENTINEL_TLS_PORT_NUMBER \ + --tls \ + --cacert "$REDIS_SENTINEL_TLS_CA_FILE" \ + {{- if .Values.tls.authClients }} + --cert "$REDIS_SENTINEL_TLS_CERT_FILE" \ + --key "$REDIS_SENTINEL_TLS_KEY_FILE" \ + {{- end }} +{{- else }} + -p $REDIS_SENTINEL_PORT \ +{{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + parse_sentinels.awk: |- + /ip/ {FOUND_IP=1} + /port/ {FOUND_PORT=1} + /runid/ {FOUND_RUNID=1} + !/ip|port|runid/ { + if (FOUND_IP==1) { + IP=$1; FOUND_IP=0; + } + else if (FOUND_PORT==1) { + PORT=$1; + FOUND_PORT=0; + } else if (FOUND_RUNID==1) { + printf "\nsentinel known-sentinel {{ .Values.sentinel.masterSet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0; + } + } +{{- end }} + ping_readiness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ +{{- if .Values.tls.enabled }} + --tls \ + --cacert {{ template "redis.tlsCACert" . }} \ + {{- if .Values.tls.authClients }} + --cert {{ template "redis.tlsCert" . }} \ + --key {{ template "redis.tlsCertKey" . }} \ + {{- end }} +{{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 3 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ +{{- if .Values.tls.enabled }} + --tls \ + --cacert {{ template "redis.tlsCACert" . }} \ + {{- if .Values.tls.authClients }} + --cert {{ template "redis.tlsCert" . }} \ + --key {{ template "redis.tlsCertKey" . }} \ + {{- end }} +{{- end }} + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status diff --git a/packer/ansible/roles/helm_install/files/redis/templates/master/application.yaml b/packer/ansible/roles/helm_install/files/redis/templates/master/application.yaml new file mode 100644 index 0000000..041ce25 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/master/application.yaml @@ -0,0 +1,467 @@ +{{- if or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: {{ .Values.master.kind }} +metadata: + name: {{ printf "%s-master" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: master + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: master + {{- if (eq .Values.master.kind "StatefulSet") }} + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} + {{- end }} + {{- if .Values.master.updateStrategy }} + {{- if (eq .Values.master.kind "Deployment") }} + strategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} + {{- else }} + updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} + {{- end }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: master + {{- if .Values.master.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "redis.createConfigmap" .) }} + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} + checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if .Values.master.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "redis.imagePullSecrets" . | nindent 6 }} + {{- if .Values.master.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.podSecurityContext.enabled }} + securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "redis.serviceAccountName" . }} + {{- if .Values.master.priorityClassName }} + priorityClassName: {{ .Values.master.priorityClassName | quote }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.master.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.master.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.master.shareProcessNamespace }} + {{- end }} + {{- if .Values.master.schedulerName }} + schedulerName: {{ .Values.master.schedulerName | quote }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }} + containers: + - name: redis + image: {{ template "redis.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.master.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.master.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.master.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.master.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.master.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.master.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- if .Values.auth.enabled }} + {{- if .Values.auth.usePasswordFiles }} + - name: REDIS_PASSWORD_FILE + value: "/opt/bitnami/redis/secrets/redis-password" + {{- else }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + {{- end }} + {{- end }} + - name: REDIS_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: REDIS_TLS_PORT + value: {{ .Values.master.containerPorts.redis | quote }} + - name: REDIS_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: REDIS_TLS_CERT_FILE + value: {{ template "redis.tlsCert" . }} + - name: REDIS_TLS_KEY_FILE + value: {{ template "redis.tlsCertKey" . }} + - name: REDIS_TLS_CA_FILE + value: {{ template "redis.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: REDIS_TLS_DH_PARAMS_FILE + value: {{ template "redis.tlsDHParams" . }} + {{- end }} + {{- else }} + - name: REDIS_PORT + value: {{ .Values.master.containerPorts.redis | quote }} + {{- end }} + {{- if .Values.master.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }} + envFrom: + {{- if .Values.master.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.master.extraEnvVarsCM }} + {{- end }} + {{- if .Values.master.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.master.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: redis + containerPort: {{ .Values.master.containerPorts.redis }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.master.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: redis + {{- else if .Values.master.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.master.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} + # One second longer than command timeout should prevent generation of zombie processes. + timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.master.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} + {{- else if .Values.master.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.master.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} + timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.master.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }} + {{- else if .Values.master.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.master.resources }} + resources: {{- toYaml .Values.master.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + mountPath: /opt/bitnami/redis/secrets/ + {{- end }} + - name: redis-data + mountPath: {{ .Values.master.persistence.path }} + subPath: {{ .Values.master.persistence.subPath }} + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: redis-tmp-conf + mountPath: /opt/bitnami/redis/etc/ + - name: tmp + mountPath: /tmp + {{- if .Values.tls.enabled }} + - name: redis-certificates + mountPath: /opt/bitnami/redis/certs + readOnly: true + {{- end }} + {{- if .Values.master.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "redis.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -c + - | + if [[ -f '/secrets/redis-password' ]]; then + export REDIS_PASSWORD=$(cat /secrets/redis-password) + fi + redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: REDIS_ALIAS + value: {{ template "common.names.fullname" . }} + {{- if .Values.auth.enabled }} + - name: REDIS_USER + value: default + {{- if (not .Values.auth.usePasswordFiles) }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: REDIS_ADDR + value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.master.containerPorts.redis }} + {{- if .Values.tls.authClients }} + - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE + value: {{ template "redis.tlsCertKey" . }} + - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE + value: {{ template "redis.tlsCert" . }} + {{- end }} + - name: REDIS_EXPORTER_TLS_CA_CERT_FILE + value: {{ template "redis.tlsCACert" . }} + {{- end }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: 9121 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + mountPath: /secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: redis-certificates + mountPath: /opt/bitnami/redis/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.master.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.master.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.master.podSecurityContext.enabled .Values.master.containerSecurityContext.enabled }} + {{- if or .Values.master.initContainers $needsVolumePermissions .Values.sysctl.enabled }} + initContainers: + {{- if .Values.master.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if $needsVolumePermissions }} + - name: volume-permissions + image: {{ include "redis.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }} + {{- else }} + chown -R {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }} {{ .Values.master.persistence.path }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: redis-data + mountPath: {{ .Values.master.persistence.path }} + subPath: {{ .Values.master.persistence.subPath }} + {{- end }} + {{- if .Values.sysctl.enabled }} + - name: init-sysctl + image: {{ include "redis.sysctl.image" . }} + imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} + securityContext: + privileged: true + runAsUser: 0 + {{- if .Values.sysctl.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sysctl.resources }} + resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} + {{- end }} + {{- if .Values.sysctl.mountHostSys }} + volumeMounts: + - name: host-sys + mountPath: /host-sys + {{- end }} + {{- end }} + {{- end }} + volumes: + - name: start-scripts + configMap: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + defaultMode: 0755 + - name: health + configMap: + name: {{ printf "%s-health" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + secret: + secretName: {{ template "redis.secretName" . }} + items: + - key: {{ template "redis.secretPasswordKey" . }} + path: redis-password + {{- end }} + - name: config + configMap: + name: {{ include "redis.configmapName" . }} + {{- if .Values.sysctl.mountHostSys }} + - name: host-sys + hostPath: + path: /sys + {{- end }} + - name: redis-tmp-conf + {{- if .Values.master.persistence.medium }} + emptyDir: + medium: {{ .Values.master.persistence.medium | quote }} + {{- if .Values.master.persistence.sizeLimit }} + sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if .Values.master.persistence.medium }} + emptyDir: + medium: {{ .Values.master.persistence.medium | quote }} + {{- if .Values.master.persistence.sizeLimit }} + sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.tls.enabled }} + - name: redis-certificates + secret: + secretName: {{ include "redis.tlsSecretName" . }} + defaultMode: 256 + {{- end }} + {{- if .Values.master.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if not .Values.master.persistence.enabled }} + - name: redis-data + {{- if .Values.master.persistence.medium }} + emptyDir: { + medium: {{ .Values.master.persistence.medium | quote }} + } + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.master.persistence.existingClaim }} + - name: redis-data + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.master.persistence.existingClaim .) }} + {{- else if (eq .Values.master.kind "Deployment") }} + - name: redis-data + persistentVolumeClaim: + claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: redis-data + labels: {{- include "common.labels.matchLabels" . | nindent 10 }} + app.kubernetes.io/component: master + {{- if .Values.master.persistence.annotations }} + annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.master.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.master.persistence.size | quote }} + {{- if .Values.master.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.master.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/master/psp.yaml b/packer/ansible/roles/helm_install/files/redis/templates/master/psp.yaml new file mode 100644 index 0000000..2ba93b6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/master/psp.yaml @@ -0,0 +1,46 @@ +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.podSecurityPolicy.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ printf "%s-master" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.master.podSecurityContext.fsGroup }} + max: {{ .Values.master.podSecurityContext.fsGroup }} + hostIPC: false + hostNetwork: false + hostPID: false + privileged: false + readOnlyRootFilesystem: false + requiredDropCapabilities: + - ALL + runAsUser: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.master.containerSecurityContext.runAsUser }} + max: {{ .Values.master.containerSecurityContext.runAsUser }} + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.master.containerSecurityContext.runAsUser }} + max: {{ .Values.master.containerSecurityContext.runAsUser }} + volumes: + - 'configMap' + - 'secret' + - 'emptyDir' + - 'persistentVolumeClaim' +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/master/pvc.yaml b/packer/ansible/roles/helm_install/files/redis/templates/master/pvc.yaml new file mode 100644 index 0000000..2f31036 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/master/pvc.yaml @@ -0,0 +1,26 @@ +{{- if and (eq .Values.architecture "standalone") (eq .Values.master.kind "Deployment") (.Values.master.persistence.enabled) (not .Values.master.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} + labels: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: master + {{- if .Values.master.persistence.annotations }} + annotations: {{- toYaml .Values.master.persistence.annotations | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.master.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.master.persistence.size | quote }} + {{- if .Values.master.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.master.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/master/service.yaml b/packer/ansible/roles/helm_install/files/redis/templates/master/service.yaml new file mode 100644 index 0000000..37ac3d1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/master/service.yaml @@ -0,0 +1,49 @@ +{{- if not .Values.sentinel.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-master" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: master + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.master.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.master.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.master.service.type }} + {{ if eq .Values.master.service.type "LoadBalancer" }} + externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy }} + {{- end }} + {{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.master.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if and (eq .Values.master.service.type "ClusterIP") .Values.master.service.clusterIP }} + clusterIP: {{ .Values.master.service.clusterIP }} + {{- end }} + ports: + - name: tcp-redis + port: {{ .Values.master.service.ports.redis }} + targetPort: redis + {{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) .Values.master.service.nodePorts.redis}} + nodePort: {{ .Values.master.service.nodePorts.redis}} + {{- else if eq .Values.master.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.master.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.master.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: master +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/metrics-svc.yaml b/packer/ansible/roles/helm_install/files/redis/templates/metrics-svc.yaml new file mode 100644 index 0000000..94459ec --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/metrics-svc.yaml @@ -0,0 +1,38 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if eq .Values.metrics.service.type "LoadBalancer" }} + externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }} + {{- end }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.port }} + protocol: TCP + targetPort: metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/networkpolicy.yaml b/packer/ansible/roles/helm_install/files/redis/templates/networkpolicy.yaml new file mode 100644 index 0000000..64c0505 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/networkpolicy.yaml @@ -0,0 +1,78 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + policyTypes: + - Ingress + {{- if or (eq .Values.architecture "replication") .Values.networkPolicy.extraEgress }} + - Egress + egress: + {{- if eq .Values.architecture "replication" }} + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + # Allow outbound connections to other cluster pods + - ports: + - port: {{ .Values.master.containerPorts.redis }} + {{- if .Values.sentinel.enabled }} + - port: {{ .Values.sentinel.containerPorts.sentinel }} + {{- end }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.master.containerPorts.redis }} + {{- if .Values.sentinel.enabled }} + - port: {{ .Values.sentinel.containerPorts.sentinel }} + {{- end }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.metrics.enabled }} + # Allow prometheus scrapes for metrics + - ports: + - port: 9121 + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/pdb.yaml b/packer/ansible/roles/helm_install/files/redis/templates/pdb.yaml new file mode 100644 index 0000000..f82d278 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/pdb.yaml @@ -0,0 +1,23 @@ +{{- if .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/prometheusrule.yaml b/packer/ansible/roles/helm_install/files/redis/templates/prometheusrule.yaml new file mode 100644 index 0000000..cd8bc68 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/prometheusrule.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.prometheusRule.namespace }} + namespace: {{ .Values.metrics.prometheusRule.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "common.names.name" $ }} + rules: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/replicas/hpa.yaml b/packer/ansible/roles/helm_install/files/redis/templates/replicas/hpa.yaml new file mode 100644 index 0000000..468a504 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/replicas/hpa.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.replica.autoscaling.enabled (not .Values.sentinel.enabled) }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: replica + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: StatefulSet + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + minReplicas: {{ .Values.replica.autoscaling.minReplicas }} + maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} + metrics: + {{- if .Values.replica.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} + {{- end }} + {{- if .Values.replica.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/replicas/service.yaml b/packer/ansible/roles/helm_install/files/redis/templates/replicas/service.yaml new file mode 100644 index 0000000..95cd756 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/replicas/service.yaml @@ -0,0 +1,49 @@ +{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: replica + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.replica.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.replica.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.replica.service.type }} + {{- if eq .Values.replica.service.type "LoadBalancer" }} + externalTrafficPolicy: {{ .Values.replica.service.externalTrafficPolicy }} + {{- end }} + {{- if and (eq .Values.replica.service.type "LoadBalancer") .Values.replica.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.replica.service.type "LoadBalancer") .Values.replica.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if and (eq .Values.replica.service.type "ClusterIP") .Values.replica.service.clusterIP }} + clusterIP: {{ .Values.replica.service.clusterIP }} + {{- end }} + ports: + - name: tcp-redis + port: {{ .Values.replica.service.ports.redis }} + targetPort: redis + {{- if and (or (eq .Values.replica.service.type "NodePort") (eq .Values.replica.service.type "LoadBalancer")) .Values.replica.service.nodePorts.redis}} + nodePort: {{ .Values.replica.service.nodePorts.redis}} + {{- else if eq .Values.replica.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.replica.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: replica +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/replicas/statefulset.yaml b/packer/ansible/roles/helm_install/files/redis/templates/replicas/statefulset.yaml new file mode 100644 index 0000000..14a1924 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/replicas/statefulset.yaml @@ -0,0 +1,455 @@ +{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: replica + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.replica.autoscaling.enabled }} + replicas: {{ .Values.replica.replicaCount }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: replica + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} + {{- if .Values.replica.updateStrategy }} + updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} + {{- end }} + {{- if .Values.replica.podManagementPolicy }} + podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: replica + {{- if .Values.replica.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "redis.createConfigmap" .) }} + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} + checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if .Values.replica.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "redis.imagePullSecrets" . | nindent 6 }} + {{- if .Values.replica.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.podSecurityContext.enabled }} + securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "redis.serviceAccountName" . }} + {{- if .Values.replica.priorityClassName }} + priorityClassName: {{ .Values.replica.priorityClassName | quote }} + {{- end }} + {{- if .Values.replica.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "replica" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "replica" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.replica.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} + {{- end }} + {{- if .Values.replica.schedulerName }} + schedulerName: {{ .Values.replica.schedulerName | quote }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.replica.terminationGracePeriodSeconds }} + containers: + - name: redis + image: {{ template "redis.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.replica.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.replica.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.replica.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.replica.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-replica.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: REDIS_REPLICATION_MODE + value: slave + - name: REDIS_MASTER_HOST + value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - name: REDIS_MASTER_PORT_NUMBER + value: {{ .Values.master.containerPorts.redis | quote }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- if .Values.auth.enabled }} + {{- if .Values.auth.usePasswordFiles }} + - name: REDIS_PASSWORD_FILE + value: "/opt/bitnami/redis/secrets/redis-password" + - name: REDIS_MASTER_PASSWORD_FILE + value: "/opt/bitnami/redis/secrets/redis-password" + {{- else }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + - name: REDIS_MASTER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + {{- end }} + {{- end }} + - name: REDIS_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: REDIS_TLS_PORT + value: {{ .Values.replica.containerPorts.redis | quote }} + - name: REDIS_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: REDIS_TLS_CERT_FILE + value: {{ template "redis.tlsCert" . }} + - name: REDIS_TLS_KEY_FILE + value: {{ template "redis.tlsCertKey" . }} + - name: REDIS_TLS_CA_FILE + value: {{ template "redis.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: REDIS_TLS_DH_PARAMS_FILE + value: {{ template "redis.tlsDHParams" . }} + {{- end }} + {{- else }} + - name: REDIS_PORT + value: {{ .Values.replica.containerPorts.redis | quote }} + {{- end }} + {{- if .Values.replica.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} + envFrom: + {{- if .Values.replica.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.replica.extraEnvVarsCM }} + {{- end }} + {{- if .Values.replica.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.replica.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: redis + containerPort: {{ .Values.replica.containerPorts.redis }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.replica.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: redis + {{- else if .Values.replica.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.replica.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} + timeoutSeconds: {{ add1 .Values.replica.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_liveness_local_and_master.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} + {{- else if .Values.replica.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.replica.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} + timeoutSeconds: {{ add1 .Values.replica.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_readiness_local_and_master.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} + {{- else if .Values.replica.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.replica.resources }} + resources: {{- toYaml .Values.replica.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + mountPath: /opt/bitnami/redis/secrets/ + {{- end }} + - name: redis-data + mountPath: /data + subPath: {{ .Values.replica.persistence.subPath }} + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: redis-tmp-conf + mountPath: /opt/bitnami/redis/etc + {{- if .Values.tls.enabled }} + - name: redis-certificates + mountPath: /opt/bitnami/redis/certs + readOnly: true + {{- end }} + {{- if .Values.replica.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "redis.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -c + - | + if [[ -f '/secrets/redis-password' ]]; then + export REDIS_PASSWORD=$(cat /secrets/redis-password) + fi + redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: REDIS_ALIAS + value: {{ template "common.names.fullname" . }} + {{- if .Values.auth.enabled }} + - name: REDIS_USER + value: default + {{- if (not .Values.auth.usePasswordFiles) }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: REDIS_ADDR + value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }} + {{- if .Values.tls.authClients }} + - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE + value: {{ template "redis.tlsCertKey" . }} + - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE + value: {{ template "redis.tlsCert" . }} + {{- end }} + - name: REDIS_EXPORTER_TLS_CA_CERT_FILE + value: {{ template "redis.tlsCACert" . }} + {{- end }} + ports: + - name: metrics + containerPort: 9121 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + mountPath: /secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: redis-certificates + mountPath: /opt/bitnami/redis/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.replica.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} + {{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }} + initContainers: + {{- if .Values.replica.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if $needsVolumePermissions }} + - name: volume-permissions + image: {{ include "redis.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} + {{- else }} + chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: redis-data + mountPath: {{ .Values.replica.persistence.path }} + subPath: {{ .Values.replica.persistence.subPath }} + {{- end }} + {{- if .Values.sysctl.enabled }} + - name: init-sysctl + image: {{ include "redis.sysctl.image" . }} + imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} + securityContext: + privileged: true + runAsUser: 0 + {{- if .Values.sysctl.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sysctl.resources }} + resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} + {{- end }} + {{- if .Values.sysctl.mountHostSys }} + volumeMounts: + - name: host-sys + mountPath: /host-sys + {{- end }} + {{- end }} + {{- end }} + volumes: + - name: start-scripts + configMap: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + defaultMode: 0755 + - name: health + configMap: + name: {{ printf "%s-health" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + secret: + secretName: {{ template "redis.secretName" . }} + items: + - key: {{ template "redis.secretPasswordKey" . }} + path: redis-password + {{- end }} + - name: config + configMap: + name: {{ include "redis.configmapName" . }} + {{- if .Values.sysctl.mountHostSys }} + - name: host-sys + hostPath: + path: /sys + {{- end }} + - name: redis-tmp-conf + {{- if .Values.replica.persistence.medium }} + emptyDir: { + medium: {{ .Values.replica.persistence.medium | quote }} + } + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.tls.enabled }} + - name: redis-certificates + secret: + secretName: {{ include "redis.tlsSecretName" . }} + defaultMode: 256 + {{- end }} + {{- if .Values.replica.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if not .Values.replica.persistence.enabled }} + - name: redis-data + {{- if .Values.replica.persistence.medium }} + emptyDir: { + medium: {{ .Values.replica.persistence.medium | quote }} + } + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: redis-data + labels: {{- include "common.labels.matchLabels" . | nindent 10 }} + app.kubernetes.io/component: replica + {{- if .Values.replica.persistence.annotations }} + annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.replica.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.replica.persistence.size | quote }} + {{- if .Values.replica.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.replica.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/role.yaml b/packer/ansible/roles/helm_install/files/redis/templates/role.yaml new file mode 100644 index 0000000..0475e0d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} + {{- if and $pspAvailable .Values.podSecurityPolicy.enabled }} + - apiGroups: + - '{{ template "podSecurityPolicy.apiGroup" . }}' + resources: + - 'podsecuritypolicies' + verbs: + - 'use' + resourceNames: [{{ template "common.names.fullname" . }}] + {{- end }} + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/rolebinding.yaml b/packer/ansible/roles/helm_install/files/redis/templates/rolebinding.yaml new file mode 100644 index 0000000..74968b8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "common.names.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "redis.serviceAccountName" . }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/scripts-configmap.yaml b/packer/ansible/roles/helm_install/files/redis/templates/scripts-configmap.yaml new file mode 100644 index 0000000..2123d6a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/scripts-configmap.yaml @@ -0,0 +1,625 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} + start-node.sh: | + #!/bin/bash + + . /opt/bitnami/scripts/libos.sh + . /opt/bitnami/scripts/liblog.sh + . /opt/bitnami/scripts/libvalidations.sh + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo {{ .Values.sentinel.containerPorts.sentinel }} + ;; + "REDIS") + echo {{ .Values.master.containerPorts.redis }} + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + + {{- if .Values.useExternalDNS.enabled }} + echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + {{- else if eq .Values.sentinel.service.type "NodePort" }} + echo "${hostname}.{{- .Release.Namespace }}" + {{- else }} + echo "${hostname}.${HEADLESS_SERVICE}" + {{- end }} + } + + REDISPORT=$(get_port "$HOSTNAME" "REDIS") + + HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + + if [ -n "$REDIS_EXTERNAL_MASTER_HOST" ]; then + REDIS_SERVICE="$REDIS_EXTERNAL_MASTER_HOST" + else + REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + fi + + SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL") + validate_quorum() { + if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then + quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel master {{ .Values.sentinel.masterSet }}" + else + quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel master {{ .Values.sentinel.masterSet }}" + fi + info "about to run the command: $quorum_info_command" + eval $quorum_info_command | grep -Fq "s_down" + } + + trigger_manual_failover() { + if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then + failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel failover {{ .Values.sentinel.masterSet }}" + else + failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel failover {{ .Values.sentinel.masterSet }}" + fi + + info "about to run the command: $failover_command" + eval $failover_command + } + + get_sentinel_master_info() { + if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then + sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" + else + sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" + fi + + info "about to run the command: $sentinel_info_command" + eval $sentinel_info_command + } + + {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} + useradd redis + chown -R redis {{ .Values.replica.persistence.path }} + {{- end }} + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + + # check if there is a master + master_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" + master_port_in_persisted_conf="$REDIS_MASTER_PORT_NUMBER" + master_in_sentinel="$(get_sentinel_master_info)" + redisRetVal=$? + + {{- if .Values.sentinel.persistence.enabled }} + if [[ -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then + master_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" + master_port_in_persisted_conf="$(awk '/monitor/ {print $5}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" + info "Found previous master ${master_in_persisted_conf}:${master_port_in_persisted_conf} in /opt/bitnami/redis-sentinel/etc/sentinel.conf" + debug "$(cat /opt/bitnami/redis-sentinel/etc/sentinel.conf | grep monitor)" + touch /opt/bitnami/redis-sentinel/etc/.node_read + fi + {{- end }} + + if [[ $redisRetVal -ne 0 ]]; then + if [[ "$master_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then + # Case 1: No active sentinel and in previous sentinel.conf we were the master --> MASTER + info "Configuring the node as master" + export REDIS_REPLICATION_MODE="master" + else + # Case 2: No active sentinel and in previous sentinel.conf we were not master --> REPLICA + info "Configuring the node as replica" + export REDIS_REPLICATION_MODE="slave" + REDIS_MASTER_HOST=${master_in_persisted_conf} + REDIS_MASTER_PORT_NUMBER=${master_port_in_persisted_conf} + fi + else + # Fetches current master's host and port + REDIS_SENTINEL_INFO=($(get_sentinel_master_info)) + info "Current master: REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})" + REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]} + REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]} + + if [[ "$REDIS_MASTER_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then + # Case 3: Active sentinel and master it is this node --> MASTER + info "Configuring the node as master" + export REDIS_REPLICATION_MODE="master" + else + # Case 4: Active sentinel and master is not this node --> REPLICA + info "Configuring the node as replica" + export REDIS_REPLICATION_MODE="slave" + + {{- if and .Values.sentinel.automateClusterRecovery (le (int .Values.sentinel.downAfterMilliseconds) 2000) }} + retry_count=1 + while validate_quorum + do + info "sleeping, waiting for Redis master to come up" + sleep 1s + if ! ((retry_count % 11)); then + info "Trying to manually failover" + failover_result=$(trigger_manual_failover) + + debug "Failover result: $failover_result" + fi + + ((retry_count+=1)) + done + info "Redis master is up now" + {{- end }} + fi + fi + + if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then + REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST" + REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}" + fi + + if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then + cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf + fi + + if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + + echo "" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf + + {{- if .Values.tls.enabled }} + ARGS=("--port" "0") + ARGS+=("--tls-port" "${REDIS_TLS_PORT}") + ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") + ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") + ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") + ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") + ARGS+=("--tls-replication" "yes") + {{- if .Values.tls.dhParamsFilename }} + ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") + {{- end }} + {{- else }} + ARGS=("--port" "${REDIS_PORT}") + {{- end }} + + if [[ "$REDIS_REPLICATION_MODE" = "slave" ]]; then + ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") + fi + + {{- if .Values.auth.enabled }} + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") + {{- else }} + ARGS+=("--protected-mode" "no") + {{- end }} + ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + {{- if .Values.replica.extraFlags }} + {{- range .Values.replica.extraFlags }} + ARGS+=({{ . | quote }}) + {{- end }} + {{- end }} + + {{- if .Values.replica.preExecCmds }} + {{- .Values.replica.preExecCmds | nindent 4 }} + {{- end }} + + {{- if .Values.replica.command }} + exec {{ .Values.replica.command }} "${ARGS[@]}" + {{- else }} + exec redis-server "${ARGS[@]}" + {{- end }} + + start-sentinel.sh: | + #!/bin/bash + + . /opt/bitnami/scripts/libos.sh + . /opt/bitnami/scripts/libvalidations.sh + . /opt/bitnami/scripts/libfile.sh + + HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo {{ .Values.sentinel.containerPorts.sentinel }} + ;; + "REDIS") + echo {{ .Values.master.containerPorts.redis }} + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + + {{- if .Values.useExternalDNS.enabled }} + echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + {{- else if eq .Values.sentinel.service.type "NodePort" }} + echo "${hostname}.{{- .Release.Namespace }}" + {{- else }} + echo "${hostname}.${HEADLESS_SERVICE}" + {{- end }} + } + + SERVPORT=$(get_port "$HOSTNAME" "SENTINEL") + REDISPORT=$(get_port "$HOSTNAME" "REDIS") + SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL") + + sentinel_conf_set() { + local -r key="${1:?missing key}" + local value="${2:-}" + + # Sanitize inputs + value="${value//\\/\\\\}" + value="${value//&/\\&}" + value="${value//\?/\\?}" + [[ "$value" = "" ]] && value="\"$value\"" + + replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false + } + sentinel_conf_add() { + echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf" + } + host_id() { + echo "$1" | openssl sha1 | awk '{print $2}' + } + get_sentinel_master_info() { + if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then + sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" + else + sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" + fi + info "about to run the command: $sentinel_info_command" + eval $sentinel_info_command + } + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + + master_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" + + {{- if .Values.sentinel.persistence.enabled }} + if [[ -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then + check_lock_file() { + [[ -f /opt/bitnami/redis-sentinel/etc/.node_read ]] + } + retry_while "check_lock_file" + rm -f /opt/bitnami/redis-sentinel/etc/.node_read + master_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" + info "Found previous master $master_in_persisted_conf in /opt/bitnami/redis-sentinel/etc/sentinel.conf" + debug "$(cat /opt/bitnami/redis-sentinel/etc/sentinel.conf | grep monitor)" + fi + {{- end }} + if ! get_sentinel_master_info && [[ "$master_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then + # No master found, lets create a master node + export REDIS_REPLICATION_MODE="master" + + REDIS_MASTER_HOST=$(get_full_hostname "$HOSTNAME") + REDIS_MASTER_PORT_NUMBER="$REDISPORT" + else + export REDIS_REPLICATION_MODE="slave" + + # Fetches current master's host and port + REDIS_SENTINEL_INFO=($(get_sentinel_master_info)) + info "printing REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})" + REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]} + REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]} + fi + + if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then + REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST" + REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}" + fi + + cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf + {{- if .Values.auth.enabled }} + printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf + {{- if and .Values.auth.enabled .Values.auth.sentinel }} + printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf + {{- end }} + {{- end }} + printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf + + sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}" + + add_known_sentinel() { + hostname="$1" + ip="$2" + + if [[ -n "$hostname" && -n "$ip" && "$hostname" != "$HOSTNAME" ]]; then + sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")" + fi + } + add_known_replica() { + hostname="$1" + ip="$2" + + if [[ -n "$ip" && "$(get_full_hostname "$hostname")" != "$REDIS_MASTER_HOST" ]]; then + sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "REDIS")" + fi + } + + # Add available hosts on the network as known replicas & sentinels + for node in $(seq 0 $(({{ .Values.replica.replicaCount }}-1))); do + hostname="{{ template "common.names.fullname" . }}-node-$node" + ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')" + add_known_sentinel "$hostname" "$ip" + add_known_replica "$hostname" "$ip" + done + + echo "" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf + echo "sentinel announce-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf + echo "sentinel resolve-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf + echo "sentinel announce-port $SERVPORT" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf + echo "sentinel announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf + + {{- if .Values.tls.enabled }} + ARGS=("--port" "0") + ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}") + ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}") + ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}") + ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}") + ARGS+=("--tls-replication" "yes") + ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}") + {{- if .Values.tls.dhParamsFilename }} + ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}") + {{- end }} + {{- end }} + {{- if .Values.sentinel.preExecCmds }} + {{ .Values.sentinel.preExecCmds | nindent 4 }} + {{- end }} + exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }} + prestop-sentinel.sh: | + #!/bin/bash + + . /opt/bitnami/scripts/libvalidations.sh + . /opt/bitnami/scripts/libos.sh + + HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + SENTINEL_SERVICE_ENV_NAME={{ printf "%s%s" (upper (include "common.names.fullname" .)| replace "-" "_") "_SERVICE_PORT_TCP_SENTINEL" }} + SENTINEL_SERVICE_PORT=${!SENTINEL_SERVICE_ENV_NAME} + + get_full_hostname() { + hostname="$1" + + {{- if .Values.useExternalDNS.enabled }} + echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + {{- else if eq .Values.sentinel.service.type "NodePort" }} + echo "${hostname}.{{- .Release.Namespace }}" + {{- else }} + echo "${hostname}.${HEADLESS_SERVICE}" + {{- end }} + } + run_sentinel_command() { + if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then + redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" + else + redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" sentinel "$@" + fi + } + failover_finished() { + REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "{{ .Values.sentinel.masterSet }}")) + REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}" + [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]] + } + + REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" + + # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + [[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")" + + if ! failover_finished; then + echo "I am the master pod and you are stopping me. Starting sentinel failover" + # if I am the master, issue a command to failover once and then wait for the failover to finish + run_sentinel_command failover "{{ .Values.sentinel.masterSet }}" + if retry_while "failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1; then + echo "Master has been successfuly failed over to a different pod." + exit 0 + else + echo "Master failover failed" + exit 1 + fi + else + exit 0 + fi + prestop-redis.sh: | + #!/bin/bash + + . /opt/bitnami/scripts/libvalidations.sh + . /opt/bitnami/scripts/libos.sh + + run_redis_command() { + if is_boolean_yes "$REDIS_TLS_ENABLED"; then + redis-cli -h 127.0.0.1 -p "$REDIS_TLS_PORT" --tls --cert "$REDIS_TLS_CERT_FILE" --key "$REDIS_TLS_KEY_FILE" --cacert "$REDIS_TLS_CA_FILE" "$@" + else + redis-cli -h 127.0.0.1 -p ${REDIS_PORT} "$@" + fi + } + failover_finished() { + REDIS_ROLE=$(run_redis_command role | head -1) + [[ "$REDIS_ROLE" != "master" ]] + } + + # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + [[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")" + + if ! failover_finished; then + echo "Waiting for sentinel to run failover for up to {{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}s" + retry_while "failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1 + else + exit 0 + fi + +{{- else }} + start-master.sh: | + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + {{- if and .Values.master.containerSecurityContext.runAsUser (eq (.Values.master.containerSecurityContext.runAsUser | int) 0) }} + useradd redis + chown -R redis {{ .Values.master.persistence.path }} + {{- end }} + if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then + cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf + fi + if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + {{- if .Values.tls.enabled }} + ARGS=("--port" "0") + ARGS+=("--tls-port" "${REDIS_TLS_PORT}") + ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") + ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") + ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") + ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") + {{- if .Values.tls.dhParamsFilename }} + ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") + {{- end }} + {{- else }} + ARGS=("--port" "${REDIS_PORT}") + {{- end }} + {{- if .Values.auth.enabled }} + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--masterauth" "${REDIS_PASSWORD}") + {{- else }} + ARGS+=("--protected-mode" "no") + {{- end }} + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + {{- if .Values.master.extraFlags }} + {{- range .Values.master.extraFlags }} + ARGS+=({{ . | quote }}) + {{- end }} + {{- end }} + {{- if .Values.master.preExecCmds }} + {{ .Values.master.preExecCmds | nindent 4 }} + {{- end }} + {{- if .Values.master.command }} + exec {{ .Values.master.command }} "${ARGS[@]}" + {{- else }} + exec redis-server "${ARGS[@]}" + {{- end }} + {{- if eq .Values.architecture "replication" }} + start-replica.sh: | + #!/bin/bash + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo {{ .Values.sentinel.containerPorts.sentinel }} + ;; + "REDIS") + echo {{ .Values.master.containerPorts.redis }} + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + + {{- if .Values.useExternalDNS.enabled }} + echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + {{- else if eq .Values.sentinel.service.type "NodePort" }} + echo "${hostname}.{{- .Release.Namespace }}" + {{- else }} + echo "${hostname}.${HEADLESS_SERVICE}" + {{- end }} + } + + REDISPORT=$(get_port "$HOSTNAME" "REDIS") + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} + useradd redis + chown -R redis {{ .Values.replica.persistence.path }} + {{- end }} + if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then + cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf + fi + if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + + echo "" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf + + {{- if .Values.tls.enabled }} + ARGS=("--port" "0") + ARGS+=("--tls-port" "${REDIS_TLS_PORT}") + ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") + ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") + ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") + ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") + ARGS+=("--tls-replication" "yes") + {{- if .Values.tls.dhParamsFilename }} + ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") + {{- end }} + {{- else }} + ARGS=("--port" "${REDIS_PORT}") + {{- end }} + ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") + {{- if .Values.auth.enabled }} + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") + {{- else }} + ARGS+=("--protected-mode" "no") + {{- end }} + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") + {{- if .Values.replica.extraFlags }} + {{- range .Values.replica.extraFlags }} + ARGS+=({{ . | quote }}) + {{- end }} + {{- end }} + {{- if .Values.replica.preExecCmds }} + {{ .Values.replica.preExecCmds | nindent 4 }} + {{- end }} + {{- if .Values.replica.command }} + exec {{ .Values.replica.command }} "${ARGS[@]}" + {{- else }} + exec redis-server "${ARGS[@]}" + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/secret.yaml b/packer/ansible/roles/helm_install/files/redis/templates/secret.yaml new file mode 100644 index 0000000..aa2b3a2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/secret.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + redis-password: {{ include "redis.password" . | b64enc | quote }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/sentinel/hpa.yaml b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/hpa.yaml new file mode 100644 index 0000000..51f0f80 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/hpa.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.replica.autoscaling.enabled .Values.sentinel.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ printf "%s-node" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: replica + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: StatefulSet + name: {{ printf "%s-node" (include "common.names.fullname" .) }} + minReplicas: {{ .Values.replica.autoscaling.minReplicas }} + maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} + metrics: + {{- if .Values.replica.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} + {{- end }} + {{- if .Values.replica.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/sentinel/node-services.yaml b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/node-services.yaml new file mode 100644 index 0000000..8bf7a2b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/node-services.yaml @@ -0,0 +1,71 @@ +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (or .Release.IsUpgrade .Values.sentinel.service.nodePorts.redis ) }} + +{{- range $i := until (int .Values.replica.replicaCount) }} + +{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }} + +{{ $sentinelport := 0}} +{{ $redisport := 0}} +{{- if $portsmap }} +{{ $sentinelport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "sentinel") }} +{{ $redisport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "redis") }} +{{- else }} +{{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" $ }}-node-{{ $i }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: node + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or $.Values.sentinel.service.annotations $.Values.commonAnnotations }} + annotations: + {{- if $.Values.sentinel.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.sentinel.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: NodePort + ports: + - name: sentinel + {{- if $.Values.sentinel.service.nodePorts.sentinel }} + nodePort: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} + port: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} + {{- else }} + nodePort: {{ $sentinelport }} + port: {{ $sentinelport }} + {{- end }} + protocol: TCP + targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} + - name: redis + {{- if $.Values.sentinel.service.nodePorts.redis }} + nodePort: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }} + port: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }} + {{- else }} + nodePort: {{ $redisport }} + port: {{ $redisport }} + {{- end }} + protocol: TCP + targetPort: {{ $.Values.replica.containerPorts.redis }} + - name: sentinel-internal + nodePort: null + port: {{ $.Values.sentinel.containerPorts.sentinel }} + protocol: TCP + targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} + - name: redis-internal + nodePort: null + port: {{ $.Values.replica.containerPorts.redis }} + protocol: TCP + targetPort: {{ $.Values.replica.containerPorts.redis }} + selector: + statefulset.kubernetes.io/pod-name: {{ template "common.names.fullname" $ }}-node-{{ $i }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/sentinel/ports-configmap.yaml b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/ports-configmap.yaml new file mode 100644 index 0000000..f5e7b2a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/ports-configmap.yaml @@ -0,0 +1,100 @@ +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Values.sentinel.service.nodePorts.redis ) }} +{{- /* create a list to keep track of ports we choose to use */}} +{{ $chosenports := (list ) }} + +{{- /* Get list of all used nodeports */}} +{{ $usedports := (list ) }} +{{- range $index, $service := (lookup "v1" "Service" "" "").items }} + {{- range.spec.ports }} + {{- if .nodePort }} + {{- $usedports = (append $usedports .nodePort) }} + {{- end }} + {{- end }} +{{- end }} + +{{- /* +comments that start with # are rendered in the output when you debug, so you can less and search for them +Vars in the comment will be rendered out, so you can check their value this way. +https://helm.sh/docs/chart_best_practices/templates/#comments-yaml-comments-vs-template-comments + +remove the template comments and leave the yaml comments to help debug +*/}} + +{{- /* Sort the list */}} +{{ $usedports = $usedports | sortAlpha }} +#usedports {{ $usedports }} + +{{- /* How many nodeports per service do we want to create, except for the main service which is always two */}} +{{ $numberofPortsPerNodeService := 2 }} + +{{- /* for every nodeport we want, loop though the used ports to get an unused port */}} +{{- range $j := until (int (add (mul (int .Values.replica.replicaCount) $numberofPortsPerNodeService) 2)) }} + {{- /* #j={{ $j }} */}} + {{- $nodeport := (add $j 30000) }} + {{- $nodeportfound := false }} + {{- range $i := $usedports }} + {{- /* #i={{ $i }} + #nodeport={{ $nodeport }} + #usedports={{ $usedports }} */}} + {{- if and (has (toString $nodeport) $usedports) (eq $nodeportfound false) }} + {{- /* nodeport conflicts with in use */}} + {{- $nodeport = (add $nodeport 1) }} + {{- else if and ( has $nodeport $chosenports) (eq $nodeportfound false) }} + {{- /* nodeport already chosen, try another */}} + {{- $nodeport = (add $nodeport 1) }} + {{- else if (eq $nodeportfound false) }} + {{- /* nodeport free to use: not already claimed and not in use */}} + {{- /* select nodeport, and place into usedports */}} + {{- $chosenports = (append $chosenports $nodeport) }} + {{- $nodeportfound = true }} + {{- else }} + {{- /* nodeport has already been chosen and locked in, just work through the rest of the list to get to the next nodeport selection */}} + {{- end }} + {{- end }} + {{- if (eq $nodeportfound false) }} + {{- $chosenports = (append $chosenports $nodeport) }} + {{- end }} + +{{- end }} + +{{- /* print the usedports and chosenports for debugging */}} +#usedports {{ $usedports }} +#chosenports {{ $chosenports }}}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-ports-configmap + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: +{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} +{{- if $portsmap }} +{{- /* configmap already exists, do not install again */ -}} + {{- range $name, $value := $portsmap }} + "{{ $name }}": "{{ $value }}" + {{- end }} +{{- else }} +{{- /* configmap being set for first time */ -}} + {{- range $index, $port := $chosenports }} + {{- $nodenumber := (floor (div $index 2)) }} + {{- if (eq $index 0) }} + "{{ template "common.names.fullname" $ }}-sentinel": "{{ $port }}" + {{- else if (eq $index 1) }} + "{{ template "common.names.fullname" $ }}-redis": "{{ $port }}" + {{- else if (eq (mod $index 2) 0) }} + "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-sentinel": "{{ $port }}" + {{- else if (eq (mod $index 2) 1) }} + "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-redis": "{{ $port }}" + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/sentinel/service.yaml b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/service.yaml new file mode 100644 index 0000000..622ed95 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/service.yaml @@ -0,0 +1,96 @@ +{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}} + +--- +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} +{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} + +{{ $sentinelport := 0}} +{{ $redisport := 0}} +{{- if $portsmap }} +{{ $sentinelport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "sentinel") }} +{{ $redisport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "redis") }} +{{- else }} +{{- end }} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.sentinel.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.sentinel.service.type }} + {{- if eq .Values.sentinel.service.type "LoadBalancer" }} + externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy }} + {{- end }} + {{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.sentinel.service.type "LoadBalancer") .Values.sentinel.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if and (eq .Values.sentinel.service.type "ClusterIP") .Values.sentinel.service.clusterIP }} + clusterIP: {{ .Values.sentinel.service.clusterIP }} + {{- end }} + ports: + - name: tcp-redis + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }} + port: {{ .Values.sentinel.service.nodePorts.redis }} + {{- else if eq .Values.sentinel.service.type "NodePort" }} + port: {{ $redisport }} + {{- else}} + port: {{ .Values.sentinel.service.ports.redis }} + {{- end }} + targetPort: {{ .Values.replica.containerPorts.redis }} + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }} + nodePort: {{ .Values.sentinel.service.nodePorts.redis }} + {{- else if eq .Values.sentinel.service.type "ClusterIP" }} + nodePort: null + {{- else if eq .Values.sentinel.service.type "NodePort" }} + nodePort: {{ $redisport }} + {{- end }} + - name: tcp-sentinel + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} + port: {{ .Values.sentinel.service.nodePorts.sentinel }} + {{- else if eq .Values.sentinel.service.type "NodePort" }} + port: {{ $sentinelport }} + {{- else }} + port: {{ .Values.sentinel.service.ports.sentinel }} + {{- end }} + targetPort: {{ .Values.sentinel.containerPorts.sentinel }} + {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} + nodePort: {{ .Values.sentinel.service.nodePorts.sentinel }} + {{- else if eq .Values.sentinel.service.type "ClusterIP" }} + nodePort: null + {{- else if eq .Values.sentinel.service.type "NodePort" }} + nodePort: {{ $sentinelport }} + {{- end }} + {{- if eq .Values.sentinel.service.type "NodePort" }} + - name: sentinel-internal + nodePort: null + port: {{ .Values.sentinel.containerPorts.sentinel }} + protocol: TCP + targetPort: {{ .Values.sentinel.containerPorts.sentinel }} + - name: redis-internal + nodePort: null + port: {{ .Values.replica.containerPorts.redis }} + protocol: TCP + targetPort: {{ .Values.replica.containerPorts.redis }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: node +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/sentinel/statefulset.yaml b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/statefulset.yaml new file mode 100644 index 0000000..0be57ac --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/sentinel/statefulset.yaml @@ -0,0 +1,670 @@ +{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}} +{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ printf "%s-node" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replica.replicaCount }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: node + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} + {{- if .Values.replica.updateStrategy }} + updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} + {{- end }} + {{- if .Values.replica.podManagementPolicy }} + podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: node + {{- if .Values.replica.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "redis.createConfigmap" .) }} + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} + checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if .Values.replica.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "redis.imagePullSecrets" . | nindent 6 }} + {{- if .Values.replica.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.podSecurityContext.enabled }} + securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "redis.serviceAccountName" . }} + {{- if .Values.replica.priorityClassName }} + priorityClassName: {{ .Values.replica.priorityClassName | quote }} + {{- end }} + {{- if .Values.replica.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "node" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "node" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.replica.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.replica.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} + {{- end }} + {{- if .Values.replica.schedulerName }} + schedulerName: {{ .Values.replica.schedulerName | quote }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.sentinel.terminationGracePeriodSeconds }} + containers: + - name: redis + image: {{ template "redis.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.replica.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.replica.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.replica.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.replica.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-node.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: REDIS_MASTER_PORT_NUMBER + value: {{ .Values.replica.containerPorts.redis | quote }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- if .Values.auth.enabled }} + {{- if .Values.auth.usePasswordFiles }} + - name: REDIS_PASSWORD_FILE + value: "/opt/bitnami/redis/secrets/redis-password" + - name: REDIS_MASTER_PASSWORD_FILE + value: "/opt/bitnami/redis/secrets/redis-password" + {{- else }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + - name: REDIS_MASTER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + {{- end }} + {{- end }} + - name: REDIS_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: REDIS_TLS_PORT + value: {{ .Values.replica.containerPorts.redis | quote }} + - name: REDIS_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: REDIS_TLS_CERT_FILE + value: {{ template "redis.tlsCert" . }} + - name: REDIS_TLS_KEY_FILE + value: {{ template "redis.tlsCertKey" . }} + - name: REDIS_TLS_CA_FILE + value: {{ template "redis.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: REDIS_TLS_DH_PARAMS_FILE + value: {{ template "redis.tlsDHParams" . }} + {{- end }} + {{- else }} + - name: REDIS_PORT + value: {{ .Values.replica.containerPorts.redis | quote }} + {{- end }} + - name: REDIS_DATA_DIR + value: {{ .Values.replica.persistence.path }} + {{- if .Values.replica.externalMaster.enabled }} + - name: REDIS_EXTERNAL_MASTER_HOST + value: {{ .Values.replica.externalMaster.host | quote }} + - name: REDIS_EXTERNAL_MASTER_PORT + value: {{ .Values.replica.externalMaster.port | quote }} + {{- end }} + {{- if .Values.replica.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} + envFrom: + {{- if .Values.replica.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.replica.extraEnvVarsCM }} + {{- end }} + {{- if .Values.replica.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.replica.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: redis + containerPort: {{ .Values.replica.containerPorts.redis }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.replica.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: redis + {{- else if .Values.replica.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.replica.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.replica.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} + {{- else if .Values.replica.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.replica.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.replica.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} + {{- else if .Values.replica.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.replica.resources }} + resources: {{- toYaml .Values.replica.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + {{- if .Values.sentinel.persistence.enabled }} + - name: sentinel-data + mountPath: /opt/bitnami/redis-sentinel/etc + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + mountPath: /opt/bitnami/redis/secrets/ + {{- end }} + - name: redis-data + mountPath: {{ .Values.replica.persistence.path }} + subPath: {{ .Values.replica.persistence.subPath }} + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: redis-tmp-conf + mountPath: /opt/bitnami/redis/etc + - name: tmp + mountPath: /tmp + {{- if .Values.tls.enabled }} + - name: redis-certificates + mountPath: /opt/bitnami/redis/certs + readOnly: true + {{- end }} + {{- if .Values.replica.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - /opt/bitnami/scripts/start-scripts/prestop-redis.sh + - name: sentinel + image: {{ template "redis.sentinel.image" . }} + imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }} + {{- if .Values.sentinel.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sentinel.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.sentinel.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.sentinel.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.sentinel.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-sentinel.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.sentinel.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if .Values.auth.enabled }} + {{- if .Values.auth.usePasswordFiles }} + - name: REDIS_PASSWORD_FILE + value: "/opt/bitnami/redis/secrets/redis-password" + {{- else }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + {{- end }} + {{- else }} + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + {{- end }} + - name: REDIS_SENTINEL_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: REDIS_SENTINEL_TLS_PORT_NUMBER + value: {{ .Values.sentinel.containerPorts.sentinel | quote }} + - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: REDIS_SENTINEL_TLS_CERT_FILE + value: {{ template "redis.tlsCert" . }} + - name: REDIS_SENTINEL_TLS_KEY_FILE + value: {{ template "redis.tlsCertKey" . }} + - name: REDIS_SENTINEL_TLS_CA_FILE + value: {{ template "redis.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE + value: {{ template "redis.tls.dhParamsFilename" . }} + {{- end }} + {{- else }} + - name: REDIS_SENTINEL_PORT + value: {{ .Values.sentinel.containerPorts.sentinel | quote }} + {{- end }} + {{- if .Values.sentinel.externalMaster.enabled }} + - name: REDIS_EXTERNAL_MASTER_HOST + value: {{ .Values.sentinel.externalMaster.host | quote }} + - name: REDIS_EXTERNAL_MASTER_PORT + value: {{ .Values.sentinel.externalMaster.port | quote }} + {{- end }} + {{- if .Values.sentinel.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }} + envFrom: + {{- if .Values.sentinel.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.sentinel.extraEnvVarsCM }} + {{- end }} + {{- if .Values.sentinel.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.sentinel.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: redis-sentinel + containerPort: {{ .Values.sentinel.containerPorts.sentinel }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.sentinel.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.sentinel.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: redis-sentinel + {{- else if .Values.sentinel.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sentinel.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + {{- else if .Values.sentinel.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.sentinel.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + {{- else if .Values.sentinel.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if not .Values.diagnosticMode.enabled }} + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh + {{- end }} + {{- if .Values.sentinel.resources }} + resources: {{- toYaml .Values.sentinel.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + {{- if .Values.sentinel.persistence.enabled }} + - name: sentinel-data + mountPath: /opt/bitnami/redis-sentinel/etc + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + mountPath: /opt/bitnami/redis/secrets/ + {{- end }} + - name: redis-data + mountPath: {{ .Values.replica.persistence.path }} + subPath: {{ .Values.replica.persistence.subPath }} + - name: config + mountPath: /opt/bitnami/redis-sentinel/mounted-etc + {{- if .Values.tls.enabled }} + - name: redis-certificates + mountPath: /opt/bitnami/redis/certs + readOnly: true + {{- end }} + {{- if .Values.sentinel.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "redis.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -c + - | + if [[ -f '/secrets/redis-password' ]]; then + export REDIS_PASSWORD=$(cat /secrets/redis-password) + fi + redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: REDIS_ALIAS + value: {{ template "common.names.fullname" . }} + {{- if .Values.auth.enabled }} + - name: REDIS_USER + value: default + {{- if (not .Values.auth.usePasswordFiles) }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: REDIS_ADDR + value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }} + {{- if .Values.tls.authClients }} + - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE + value: {{ template "redis.tlsCertKey" . }} + - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE + value: {{ template "redis.tlsCert" . }} + {{- end }} + - name: REDIS_EXPORTER_TLS_CA_CERT_FILE + value: {{ template "redis.tlsCACert" . }} + {{- end }} + ports: + - name: metrics + containerPort: 9121 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + mountPath: /secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: redis-certificates + mountPath: /opt/bitnami/redis/certs + readOnly: true + {{- end }} + {{- end }} + {{- if .Values.replica.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} + {{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }} + initContainers: + {{- if .Values.replica.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if $needsVolumePermissions }} + - name: volume-permissions + image: {{ include "redis.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} + {{- else }} + chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: redis-data + mountPath: {{ .Values.replica.persistence.path }} + subPath: {{ .Values.replica.persistence.subPath }} + {{- end }} + {{- if .Values.sysctl.enabled }} + - name: init-sysctl + image: {{ include "redis.sysctl.image" . }} + imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} + securityContext: + privileged: true + runAsUser: 0 + {{- if .Values.sysctl.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sysctl.resources }} + resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} + {{- end }} + {{- if .Values.sysctl.mountHostSys }} + volumeMounts: + - name: host-sys + mountPath: /host-sys + {{- end }} + {{- end }} + {{- end }} + volumes: + - name: start-scripts + configMap: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + defaultMode: 0755 + - name: health + configMap: + name: {{ printf "%s-health" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + secret: + secretName: {{ template "redis.secretName" . }} + items: + - key: {{ template "redis.secretPasswordKey" . }} + path: redis-password + {{- end }} + - name: config + configMap: + name: {{ include "redis.configmapName" . }} + {{- if .Values.sysctl.mountHostSys }} + - name: host-sys + hostPath: + path: /sys + {{- end }} + {{- if not .Values.sentinel.persistence.enabled }} + - name: sentinel-data + {{- if .Values.sentinel.persistence.medium }} + emptyDir: { + medium: {{ .Values.sentinel.persistence.medium | quote }} + } + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: redis-tmp-conf + {{- if .Values.replica.persistence.medium }} + emptyDir: { + medium: {{ .Values.replica.persistence.medium | quote }} + } + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if .Values.replica.persistence.medium }} + emptyDir: { + medium: {{ .Values.replica.persistence.medium | quote }} + } + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.replica.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.sentinel.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: redis-certificates + secret: + secretName: {{ include "redis.tlsSecretName" . }} + defaultMode: 256 + {{- end }} + {{- if not .Values.replica.persistence.enabled }} + - name: redis-data + {{- if .Values.replica.persistence.medium }} + emptyDir: { + medium: {{ .Values.replica.persistence.medium | quote }} + } + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: redis-data + labels: {{- include "common.labels.matchLabels" . | nindent 10 }} + app.kubernetes.io/component: node + {{- if .Values.replica.persistence.annotations }} + annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.replica.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.replica.persistence.size | quote }} + {{- if .Values.replica.persistence.selector }} + selector: {{- include "common.tplvalues.render" ( dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} + {{- if .Values.sentinel.persistence.enabled }} + - metadata: + name: sentinel-data + labels: {{- include "common.labels.matchLabels" . | nindent 10 }} + app.kubernetes.io/component: node + {{- if .Values.sentinel.persistence.annotations }} + annotations: {{- toYaml .Values.sentinel.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.sentinel.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.sentinel.persistence.size | quote }} + {{- if .Values.sentinel.persistence.selector }} + selector: {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.sentinel.persistence "global" .Values.global) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/serviceaccount.yaml b/packer/ansible/roles/helm_install/files/redis/templates/serviceaccount.yaml new file mode 100644 index 0000000..1ce68a7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "redis.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} + annotations: + {{- if or .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/servicemonitor.yaml b/packer/ansible/roles/helm_install/files/redis/templates/servicemonitor.yaml new file mode 100644 index 0000000..0d94a4b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/servicemonitor.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: metrics +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/templates/tls-secret.yaml b/packer/ansible/roles/helm_install/files/redis/templates/tls-secret.yaml new file mode 100644 index 0000000..5b40dff --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/templates/tls-secret.yaml @@ -0,0 +1,26 @@ +{{- if (include "redis.createTlsSecret" .) }} +{{- $ca := genCA "redis-ca" 365 }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $fullname := include "common.names.fullname" . }} +{{- $serviceName := include "common.names.fullname" . }} +{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} +{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-crt + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ $crt.Cert | b64enc | quote }} + tls.key: {{ $crt.Key | b64enc | quote }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/redis/values.schema.json b/packer/ansible/roles/helm_install/files/redis/values.schema.json new file mode 100644 index 0000000..d6e226b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/values.schema.json @@ -0,0 +1,156 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "Redis architecture", + "form": true, + "description": "Allowed values: `standalone` or `replication`", + "enum": ["standalone", "replication"] + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Use password authentication" + }, + "password": { + "type": "string", + "title": "Redis password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set", + "hidden": { + "value": false, + "path": "auth/enabled" + } + } + } + }, + "master": { + "type": "object", + "title": "Master replicas settings", + "form": true, + "properties": { + "kind": { + "type": "string", + "title": "Workload Kind", + "form": true, + "description": "Allowed values: `Deployment` or `StatefulSet`", + "enum": ["Deployment", "StatefulSet"] + }, + "persistence": { + "type": "object", + "title": "Persistence for master replicas", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "master/persistence/enabled" + } + } + } + } + } + }, + "replica": { + "type": "object", + "title": "Redis replicas settings", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + }, + "properties": { + "replicaCount": { + "type": "integer", + "form": true, + "title": "Number of Redis replicas" + }, + "persistence": { + "type": "object", + "title": "Persistence for Redis replicas", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "replica/persistence/enabled" + } + } + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus metrics exporter", + "description": "Create a side-car container to expose Prometheus metrics", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/packer/ansible/roles/helm_install/files/redis/values.yaml b/packer/ansible/roles/helm_install/files/redis/values.yaml new file mode 100644 index 0000000..d6abd90 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/redis/values.yaml @@ -0,0 +1,1536 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## @param global.redis.password Global Redis™ password (overrides `auth.password`) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + redis: + password: "" + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section Redis™ Image parameters +## + +## Bitnami Redis™ image +## ref: https://hub.docker.com/r/bitnami/redis/tags/ +## @param image.registry Redis™ image registry +## @param image.repository Redis™ image repository +## @param image.tag Redis™ image tag (immutable tags are recommended) +## @param image.pullPolicy Redis™ image pull policy +## @param image.pullSecrets Redis™ image pull secrets +## @param image.debug Enable image debug mode +## +image: + registry: docker.io + repository: bitnami/redis + tag: 6.2.6-debian-10-r158 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + +## @section Redis™ common configuration parameters +## https://github.com/bitnami/bitnami-docker-redis#configuration +## + +## @param architecture Redis™ architecture. Allowed values: `standalone` or `replication` +## +architecture: replication +## Redis™ Authentication parameters +## ref: https://github.com/bitnami/bitnami-docker-redis#setting-the-server-password-on-first-run +## +auth: + ## @param auth.enabled Enable password authentication + ## + enabled: true + ## @param auth.sentinel Enable password authentication on sentinels too + ## + sentinel: true + ## @param auth.password Redis™ password + ## Defaults to a random 10-character alphanumeric string if not set + ## + password: "" + ## @param auth.existingSecret The name of an existing secret with Redis™ credentials + ## NOTE: When it's set, the previous `auth.password` parameter is ignored + ## + existingSecret: "" + ## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret + ## NOTE: ignored unless `auth.existingSecret` parameter is set + ## + existingSecretPasswordKey: "" + ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable + ## + usePasswordFiles: false + +## @param commonConfiguration [string] Common configuration to be added into the ConfigMap +## ref: https://redis.io/topics/config +## +commonConfiguration: |- + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" +## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis™ nodes +## +existingConfigmap: "" + +## @section Redis™ master configuration parameters +## + +master: + ## @param master.configuration Configuration for Redis™ master nodes + ## ref: https://redis.io/topics/config + ## + configuration: "" + ## @param master.disableCommands Array with Redis™ commands to disable on master nodes + ## Commands will be completely disabled by renaming each to an empty string. + ## ref: https://redis.io/topics/security#disabling-of-specific-commands + ## + disableCommands: + - FLUSHDB + - FLUSHALL + ## @param master.command Override default container command (useful when using custom images) + ## + command: [] + ## @param master.args Override default container args (useful when using custom images) + ## + args: [] + ## @param master.preExecCmds Additional commands to run prior to starting Redis™ master + ## + preExecCmds: [] + ## @param master.extraFlags Array with additional command line flags for Redis™ master + ## e.g: + ## extraFlags: + ## - "--maxmemory-policy volatile-ttl" + ## - "--repl-backlog-size 1024mb" + ## + extraFlags: [] + ## @param master.extraEnvVars Array with extra environment variables to add to Redis™ master nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis™ master nodes + ## + extraEnvVarsCM: "" + ## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis™ master nodes + ## + extraEnvVarsSecret: "" + ## @param master.containerPorts.redis Container port to open on Redis™ master nodes + ## + containerPorts: + redis: 6379 + ## Configure extra options for Redis™ containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param master.startupProbe.enabled Enable startupProbe on Redis™ master nodes + ## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param master.startupProbe.periodSeconds Period seconds for startupProbe + ## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param master.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param master.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param master.livenessProbe.enabled Enable livenessProbe on Redis™ master nodes + ## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param master.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param master.readinessProbe.enabled Enable readinessProbe on Redis™ master nodes + ## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param master.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + ## @param master.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param master.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param master.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## Redis™ master resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param master.resources.limits The resources limits for the Redis™ master containers + ## @param master.resources.requests The requested resources for the Redis™ master containers + ## + resources: + limits: {} + requests: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param master.podSecurityContext.enabled Enabled Redis™ master pods' Security Context + ## @param master.podSecurityContext.fsGroup Set Redis™ master pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param master.containerSecurityContext.enabled Enabled Redis™ master containers' Security Context + ## @param master.containerSecurityContext.runAsUser Set Redis™ master containers' Security Context runAsUser + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param master.kind Use either Deployment or StatefulSet (default) + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ + ## + kind: StatefulSet + ## @param master.schedulerName Alternate scheduler for Redis™ master pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param master.updateStrategy.type Redis™ master statefulset strategy type + ## @skip master.updateStrategy.rollingUpdate + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + rollingUpdate: {} + ## @param master.priorityClassName Redis™ master pods' priorityClassName + ## + priorityClassName: "" + ## @param master.hostAliases Redis™ master pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param master.podLabels Extra labels for Redis™ master pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param master.podAnnotations Annotations for Redis™ master pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param master.shareProcessNamespace Share a single process namespace between all of the containers in Redis™ master pods + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + ## + shareProcessNamespace: false + ## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node master.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set + ## + key: "" + ## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param master.affinity Affinity for Redis™ master pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param master.nodeSelector Node labels for Redis™ master pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param master.tolerations Tolerations for Redis™ master pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param master.topologySpreadConstraints Spread Constraints for Redis™ master pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## E.g. + ## topologySpreadConstraints: + ## - maxSkew: 1 + ## topologyKey: node + ## whenUnsatisfiable: DoNotSchedule + ## + topologySpreadConstraints: [] + ## @param master.lifecycleHooks for the Redis™ master container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param master.extraVolumes Optionally specify extra list of additional volumes for the Redis™ master pod(s) + ## + extraVolumes: [] + ## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis™ master container(s) + ## + extraVolumeMounts: [] + ## @param master.sidecars Add additional sidecar containers to the Redis™ master pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param master.initContainers Add additional init containers to the Redis™ master pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Persistence parameters + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param master.persistence.enabled Enable persistence on Redis™ master nodes using Persistent Volume Claims + ## + enabled: true + ## @param master.persistence.medium Provide a medium for `emptyDir` volumes. + ## + medium: "" + ## @param master.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. + ## + sizeLimit: "" + ## @param master.persistence.path The path the volume will be mounted at on Redis™ master containers + ## NOTE: Useful when using different Redis™ images + ## + path: /data + ## @param master.persistence.subPath The subdirectory of the volume to mount on Redis™ master containers + ## NOTE: Useful in dev environments + ## + subPath: "" + ## @param master.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param master.persistence.accessModes Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param master.persistence.size Persistent Volume size + ## + size: 8Gi + ## @param master.persistence.annotations Additional custom annotations for the PVC + ## + annotations: {} + ## @param master.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param master.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param master.persistence.existingClaim Use a existing PVC which must be created manually before bound + ## NOTE: requires master.persistence.enabled: true + ## + existingClaim: "" + ## Redis™ master service parameters + ## + service: + ## @param master.service.type Redis™ master service type + ## + type: ClusterIP + ## @param master.service.ports.redis Redis™ master service port + ## + ports: + redis: 6379 + ## @param master.service.nodePorts.redis Node port for Redis™ master + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + redis: "" + ## @param master.service.externalTrafficPolicy Redis™ master service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param master.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param master.service.clusterIP Redis™ master service Cluster IP + ## + clusterIP: "" + ## @param master.service.loadBalancerIP Redis™ master service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param master.service.loadBalancerSourceRanges Redis™ master service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param master.service.annotations Additional custom annotations for Redis™ master service + ## + annotations: {} + ## @param master.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-master pods + ## + terminationGracePeriodSeconds: 30 + +## @section Redis™ replicas configuration parameters +## + +replica: + ## @param replica.replicaCount Number of Redis™ replicas to deploy + ## + replicaCount: 3 + ## @param replica.configuration Configuration for Redis™ replicas nodes + ## ref: https://redis.io/topics/config + ## + configuration: "" + ## @param replica.disableCommands Array with Redis™ commands to disable on replicas nodes + ## Commands will be completely disabled by renaming each to an empty string. + ## ref: https://redis.io/topics/security#disabling-of-specific-commands + ## + disableCommands: + - FLUSHDB + - FLUSHALL + ## @param replica.command Override default container command (useful when using custom images) + ## + command: [] + ## @param replica.args Override default container args (useful when using custom images) + ## + args: [] + ## @param replica.preExecCmds Additional commands to run prior to starting Redis™ replicas + ## + preExecCmds: [] + ## @param replica.extraFlags Array with additional command line flags for Redis™ replicas + ## e.g: + ## extraFlags: + ## - "--maxmemory-policy volatile-ttl" + ## - "--repl-backlog-size 1024mb" + ## + extraFlags: [] + ## @param replica.extraEnvVars Array with extra environment variables to add to Redis™ replicas nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis™ replicas nodes + ## + extraEnvVarsCM: "" + ## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis™ replicas nodes + ## + extraEnvVarsSecret: "" + ## @param replica.externalMaster.enabled Use external master for bootstrapping + ## @param replica.externalMaster.host External master host to bootstrap from + ## @param replica.externalMaster.port Port for Redis service external master host + ## + externalMaster: + enabled: false + host: "" + port: 6379 + ## @param replica.containerPorts.redis Container port to open on Redis™ replicas nodes + ## + containerPorts: + redis: 6379 + ## Configure extra options for Redis™ containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param replica.startupProbe.enabled Enable startupProbe on Redis™ replicas nodes + ## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param replica.startupProbe.periodSeconds Period seconds for startupProbe + ## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param replica.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 22 + ## @param replica.livenessProbe.enabled Enable livenessProbe on Redis™ replicas nodes + ## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param replica.readinessProbe.enabled Enable readinessProbe on Redis™ replicas nodes + ## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + ## @param replica.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## Redis™ replicas resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param replica.resources.limits The resources limits for the Redis™ replicas containers + ## @param replica.resources.requests The requested resources for the Redis™ replicas containers + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 250m + # memory: 256Mi + requests: {} + # cpu: 250m + # memory: 256Mi + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param replica.podSecurityContext.enabled Enabled Redis™ replicas pods' Security Context + ## @param replica.podSecurityContext.fsGroup Set Redis™ replicas pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param replica.containerSecurityContext.enabled Enabled Redis™ replicas containers' Security Context + ## @param replica.containerSecurityContext.runAsUser Set Redis™ replicas containers' Security Context runAsUser + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param replica.schedulerName Alternate scheduler for Redis™ replicas pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param replica.updateStrategy.type Redis™ replicas statefulset strategy type + ## @skip replica.updateStrategy.rollingUpdate + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + rollingUpdate: {} + ## @param replica.priorityClassName Redis™ replicas pods' priorityClassName + ## + priorityClassName: "" + ## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: "" + ## @param replica.hostAliases Redis™ replicas pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param replica.podLabels Extra labels for Redis™ replicas pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param replica.podAnnotations Annotations for Redis™ replicas pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Redis™ replicas pods + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + ## + shareProcessNamespace: false + ## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set + ## + key: "" + ## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param replica.affinity Affinity for Redis™ replicas pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set + ## + affinity: {} + ## @param replica.nodeSelector Node labels for Redis™ replicas pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param replica.tolerations Tolerations for Redis™ replicas pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param replica.topologySpreadConstraints Spread Constraints for Redis™ replicas pod assignment + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## E.g. + ## topologySpreadConstraints: + ## - maxSkew: 1 + ## topologyKey: node + ## whenUnsatisfiable: DoNotSchedule + ## + topologySpreadConstraints: [] + ## @param replica.lifecycleHooks for the Redis™ replica container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Redis™ replicas pod(s) + ## + extraVolumes: [] + ## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis™ replicas container(s) + ## + extraVolumeMounts: [] + ## @param replica.sidecars Add additional sidecar containers to the Redis™ replicas pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param replica.initContainers Add additional init containers to the Redis™ replicas pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Persistence Parameters + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param replica.persistence.enabled Enable persistence on Redis™ replicas nodes using Persistent Volume Claims + ## + enabled: true + ## @param replica.persistence.medium Provide a medium for `emptyDir` volumes. + ## + medium: "" + ## @param replica.persistence.path The path the volume will be mounted at on Redis™ replicas containers + ## NOTE: Useful when using different Redis™ images + ## + path: /data + ## @param replica.persistence.subPath The subdirectory of the volume to mount on Redis™ replicas containers + ## NOTE: Useful in dev environments + ## + subPath: "" + ## @param replica.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param replica.persistence.accessModes Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param replica.persistence.size Persistent Volume size + ## + size: 8Gi + ## @param replica.persistence.annotations Additional custom annotations for the PVC + ## + annotations: {} + ## @param replica.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param replica.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## Redis™ replicas service parameters + ## + service: + ## @param replica.service.type Redis™ replicas service type + ## + type: ClusterIP + ## @param replica.service.ports.redis Redis™ replicas service port + ## + ports: + redis: 6379 + ## @param replica.service.nodePorts.redis Node port for Redis™ replicas + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + redis: "" + ## @param replica.service.externalTrafficPolicy Redis™ replicas service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param replica.service.clusterIP Redis™ replicas service Cluster IP + ## + clusterIP: "" + ## @param replica.service.loadBalancerIP Redis™ replicas service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param replica.service.loadBalancerSourceRanges Redis™ replicas service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param replica.service.annotations Additional custom annotations for Redis™ replicas service + ## + annotations: {} + ## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-replicas pods + ## + terminationGracePeriodSeconds: 30 + ## Autoscaling configuration + ## + autoscaling: + ## @param replica.autoscaling.enabled Enable replica autoscaling settings + ## + enabled: false + ## @param replica.autoscaling.minReplicas Minimum replicas for the pod autoscaling + ## + minReplicas: 1 + ## @param replica.autoscaling.maxReplicas Maximum replicas for the pod autoscaling + ## + maxReplicas: 11 + ## @param replica.autoscaling.targetCPU Percentage of CPU to consider when autoscaling + ## + targetCPU: "" + ## @param replica.autoscaling.targetMemory Percentage of Memory to consider when autoscaling + ## + targetMemory: "" + +## @section Redis™ Sentinel configuration parameters +## + +sentinel: + ## @param sentinel.enabled Use Redis™ Sentinel on Redis™ pods. + ## IMPORTANT: this will disable the master and replicas services and + ## create a single Redis™ service exposing both the Redis and Sentinel ports + ## + enabled: false + ## Bitnami Redis™ Sentinel image version + ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/ + ## @param sentinel.image.registry Redis™ Sentinel image registry + ## @param sentinel.image.repository Redis™ Sentinel image repository + ## @param sentinel.image.tag Redis™ Sentinel image tag (immutable tags are recommended) + ## @param sentinel.image.pullPolicy Redis™ Sentinel image pull policy + ## @param sentinel.image.pullSecrets Redis™ Sentinel image pull secrets + ## @param sentinel.image.debug Enable image debug mode + ## + image: + registry: docker.io + repository: bitnami/redis-sentinel + tag: 6.2.6-debian-10-r156 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + ## @param sentinel.masterSet Master set name + ## + masterSet: mymaster + ## @param sentinel.quorum Sentinel Quorum + ## + quorum: 2 + ## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out. + ## NOTE: This is directly related to the startupProbes which are configured to run every 10 seconds for a total of 22 failures. If adjusting this value, also adjust the startupProbes. + getMasterTimeout: 220 + ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. + ## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data. + ## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000. + ## + automateClusterRecovery: false + ## Sentinel timing restrictions + ## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis™ node is down + ## @param sentinel.failoverTimeout Timeout for performing a election failover + ## + downAfterMilliseconds: 60000 + failoverTimeout: 18000 + ## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new master after a failover + ## + parallelSyncs: 1 + ## @param sentinel.configuration Configuration for Redis™ Sentinel nodes + ## ref: https://redis.io/topics/sentinel + ## + configuration: "" + ## @param sentinel.command Override default container command (useful when using custom images) + ## + command: [] + ## @param sentinel.args Override default container args (useful when using custom images) + ## + args: [] + ## @param sentinel.preExecCmds Additional commands to run prior to starting Redis™ Sentinel + ## + preExecCmds: [] + ## @param sentinel.extraEnvVars Array with extra environment variables to add to Redis™ Sentinel nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis™ Sentinel nodes + ## + extraEnvVarsCM: "" + ## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis™ Sentinel nodes + ## + extraEnvVarsSecret: "" + ## @param sentinel.externalMaster.enabled Use external master for bootstrapping + ## @param sentinel.externalMaster.host External master host to bootstrap from + ## @param sentinel.externalMaster.port Port for Redis service external master host + ## + externalMaster: + enabled: false + host: "" + port: 6379 + ## @param sentinel.containerPorts.sentinel Container port to open on Redis™ Sentinel nodes + ## + containerPorts: + sentinel: 26379 + ## Configure extra options for Redis™ containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param sentinel.startupProbe.enabled Enable startupProbe on Redis™ Sentinel nodes + ## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe + ## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 22 + ## @param sentinel.livenessProbe.enabled Enable livenessProbe on Redis™ Sentinel nodes + ## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis™ Sentinel nodes + ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + ## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## Persistence parameters + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param sentinel.persistence.enabled Enable persistence on Redis™ sentinel nodes using Persistent Volume Claims (Experimental) + ## + enabled: false + ## @param sentinel.persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param sentinel.persistence.accessModes Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param sentinel.persistence.size Persistent Volume size + ## + size: 100Mi + ## @param sentinel.persistence.annotations Additional custom annotations for the PVC + ## + annotations: {} + ## @param sentinel.persistence.selector Additional labels to match for the PVC + ## e.g: + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param sentinel.persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## Redis™ Sentinel resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param sentinel.resources.limits The resources limits for the Redis™ Sentinel containers + ## @param sentinel.resources.requests The requested resources for the Redis™ Sentinel containers + ## + resources: + limits: {} + requests: {} + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param sentinel.containerSecurityContext.enabled Enabled Redis™ Sentinel containers' Security Context + ## @param sentinel.containerSecurityContext.runAsUser Set Redis™ Sentinel containers' Security Context runAsUser + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param sentinel.lifecycleHooks for the Redis™ sentinel container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Redis™ Sentinel + ## + extraVolumes: [] + ## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis™ Sentinel container(s) + ## + extraVolumeMounts: [] + ## Redis™ Sentinel service parameters + ## + service: + ## @param sentinel.service.type Redis™ Sentinel service type + ## + type: ClusterIP + ## @param sentinel.service.ports.redis Redis™ service port for Redis™ + ## @param sentinel.service.ports.sentinel Redis™ service port for Redis™ Sentinel + ## + ports: + redis: 6379 + sentinel: 26379 + ## @param sentinel.service.nodePorts.redis Node port for Redis™ + ## @param sentinel.service.nodePorts.sentinel Node port for Sentinel + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## NOTE: choose port between <30000-32767> + ## NOTE: By leaving these values blank, they will be generated by ports-configmap + ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port + ## + nodePorts: + redis: "" + sentinel: "" + ## @param sentinel.service.externalTrafficPolicy Redis™ Sentinel service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param sentinel.service.clusterIP Redis™ Sentinel service Cluster IP + ## + clusterIP: "" + ## @param sentinel.service.loadBalancerIP Redis™ Sentinel service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param sentinel.service.loadBalancerSourceRanges Redis™ Sentinel service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param sentinel.service.annotations Additional custom annotations for Redis™ Sentinel service + ## + annotations: {} + ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods + ## + terminationGracePeriodSeconds: 30 + +## @section Other Parameters +## + +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## When set to false, only pods with the correct client label will have network access to the ports + ## Redis™ is listening on. When true, Redis™ will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## PodSecurityPolicy configuration +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: false + ## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules + ## + enabled: false +## RBAC configuration +## +rbac: + ## @param rbac.create Specifies whether RBAC resources should be created + ## + create: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: true + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## Redis™ Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Specifies whether a PodDisruptionBudget should be created + ## + create: false + ## @param pdb.minAvailable Min number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction + ## + maxUnavailable: "" +## TLS configuration +## +tls: + ## @param tls.enabled Enable TLS traffic + ## + enabled: false + ## @param tls.authClients Require clients to authenticate + ## + authClients: true + ## @param tls.autoGenerated Enable autogenerated certificates + ## + autoGenerated: false + ## @param tls.existingSecret The name of the existing secret that contains the TLS certificates + ## + existingSecret: "" + ## @param tls.certificatesSecret DEPRECATED. Use existingSecret instead. + ## + certificatesSecret: "" + ## @param tls.certFilename Certificate filename + ## + certFilename: "" + ## @param tls.certKeyFilename Certificate Key filename + ## + certKeyFilename: "" + ## @param tls.certCAFilename CA Certificate filename + ## + certCAFilename: "" + ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers) + ## + dhParamsFilename: "" + +## @section Metrics Parameters +## + +metrics: + ## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis™ metrics + ## + enabled: false + ## Bitnami Redis™ Exporter image + ## ref: https://hub.docker.com/r/bitnami/redis-exporter/tags/ + ## @param metrics.image.registry Redis™ Exporter image registry + ## @param metrics.image.repository Redis™ Exporter image repository + ## @param metrics.image.tag Redis™ Redis™ Exporter image tag (immutable tags are recommended) + ## @param metrics.image.pullPolicy Redis™ Exporter image pull policy + ## @param metrics.image.pullSecrets Redis™ Exporter image pull secrets + ## + image: + registry: docker.io + repository: bitnami/redis-exporter + tag: 1.36.0-debian-10-r5 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.command Override default metrics container init command (useful when using custom images) + ## + command: [] + ## @param metrics.redisTargetHost A way to specify an alternative Redis™ hostname + ## Useful for certificate CN/SAN matching + ## + redisTargetHost: "localhost" + ## @param metrics.extraArgs Extra arguments for Redis™ exporter, for example: + ## e.g.: + ## extraArgs: + ## check-keys: myKey,myOtherKey + ## + extraArgs: {} + ## @param metrics.extraEnvVars Array with extra environment variables to add to Redis™ exporter + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param metrics.containerSecurityContext.enabled Enabled Redis™ exporter containers' Security Context + ## @param metrics.containerSecurityContext.runAsUser Set Redis™ exporter containers' Security Context runAsUser + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis™ metrics sidecar + ## + extraVolumes: [] + ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis™ metrics sidecar + ## + extraVolumeMounts: [] + ## Redis™ exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param metrics.resources.limits The resources limits for the Redis™ exporter container + ## @param metrics.resources.requests The requested resources for the Redis™ exporter container + ## + resources: + limits: {} + requests: {} + ## @param metrics.podLabels Extra labels for Redis™ exporter pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param metrics.podAnnotations [object] Annotations for Redis™ exporter pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9121" + ## Redis™ exporter service parameters + ## + service: + ## @param metrics.service.type Redis™ exporter service type + ## + type: ClusterIP + ## @param metrics.service.port Redis™ exporter service port + ## + port: 9121 + ## @param metrics.service.externalTrafficPolicy Redis™ exporter service external traffic policy + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param metrics.service.loadBalancerIP Redis™ exporter service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param metrics.service.loadBalancerSourceRanges Redis™ exporter service Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param metrics.service.annotations Additional custom annotations for Redis™ exporter service + ## + annotations: {} + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created + ## + namespace: "" + ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping. + ## + relabellings: [] + ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules Custom Prometheus rules + ## e.g: + ## rules: + ## - alert: RedisDown + ## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0 + ## for: 2m + ## labels: + ## severity: error + ## annotations: + ## summary: Redis™ instance {{ "{{ $labels.instance }}" }} down + ## description: Redis™ instance {{ "{{ $labels.instance }}" }} is down + ## - alert: RedisMemoryHigh + ## expr: > + ## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100 + ## / + ## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"} + ## > 90 + ## for: 2m + ## labels: + ## severity: error + ## annotations: + ## summary: Redis™ instance {{ "{{ $labels.instance }}" }} is using too much memory + ## description: | + ## Redis™ instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. + ## - alert: RedisKeyEviction + ## expr: | + ## increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0 + ## for: 1s + ## labels: + ## severity: error + ## annotations: + ## summary: Redis™ instance {{ "{{ $labels.instance }}" }} has evicted keys + ## description: | + ## Redis™ instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. + ## + rules: [] + +## @section Init Container Parameters +## + +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## Bitnami Shell image + ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ + ## @param volumePermissions.image.registry Bitnami Shell image registry + ## @param volumePermissions.image.repository Bitnami Shell image repository + ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy + ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r367 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits The resources limits for the init container + ## @param volumePermissions.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) + ## + containerSecurityContext: + runAsUser: 0 + +## init-sysctl container parameters +## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings) +## +sysctl: + ## @param sysctl.enabled Enable init container to modify Kernel settings + ## + enabled: false + ## Bitnami Shell image + ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ + ## @param sysctl.image.registry Bitnami Shell image registry + ## @param sysctl.image.repository Bitnami Shell image repository + ## @param sysctl.image.tag Bitnami Shell image tag (immutable tags are recommended) + ## @param sysctl.image.pullPolicy Bitnami Shell image pull policy + ## @param sysctl.image.pullSecrets Bitnami Shell image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r367 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param sysctl.command Override default init-sysctl container command (useful when using custom images) + ## + command: [] + ## @param sysctl.mountHostSys Mount the host `/sys` folder to `/host-sys` + ## + mountHostSys: false + ## Init container's resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param sysctl.resources.limits The resources limits for the init container + ## @param sysctl.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + +## @section useExternalDNS Parameters +## +## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. +## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled. +## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. +## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. +## +useExternalDNS: + enabled: false + suffix: "" + annotationKey: external-dns.alpha.kubernetes.io/ + additionalAnnotations: {} diff --git a/packer/ansible/roles/helm_install/files/vault/.gitignore b/packer/ansible/roles/helm_install/files/vault/.gitignore new file mode 100644 index 0000000..99dd863 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/.gitignore @@ -0,0 +1 @@ +dont_delete_me diff --git a/packer/ansible/roles/helm_install/files/vault/.helmignore b/packer/ansible/roles/helm_install/files/vault/.helmignore new file mode 100644 index 0000000..4007e24 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/.helmignore @@ -0,0 +1,28 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.terraform/ +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +# CI and test +.circleci/ +.github/ +.gitlab-ci.yml +test/ diff --git a/packer/ansible/roles/helm_install/files/vault/00.old/override-values.yaml_221117 b/packer/ansible/roles/helm_install/files/vault/00.old/override-values.yaml_221117 new file mode 100644 index 0000000..07b6e52 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/00.old/override-values.yaml_221117 @@ -0,0 +1,58 @@ +injector: + tolerations: + - key: "dev/data-kafka" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka + +server: + tolerations: + - key: "dev/data-kafka" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka + + + dataStorage: + enabled: true + size: 1Gi + storageClass: null + + auditStorage: + enabled: false + size: 1Gi + storageClass: null + +ui: + enabled: true + serviceType: "NodePort" + serviceNodePort: 32702 + +csi: + pod: + tolerations: + - key: "dev/data-kafka" + operator: "Exists" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka diff --git a/packer/ansible/roles/helm_install/files/vault/00.old/override-values.yaml_bak b/packer/ansible/roles/helm_install/files/vault/00.old/override-values.yaml_bak new file mode 100644 index 0000000..fcfe83b --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/00.old/override-values.yaml_bak @@ -0,0 +1,14 @@ +server: + dataStorage: + enabled: true + # storageClass: openebs-hostpath + size: 1Gi + auditStorage: + enabled: true + # storageClass: openebs-hostpath + size: 1Gi + +ui: + enabled: true + serviceType: "NodePort" + serviceNodePort: 32702 diff --git a/packer/ansible/roles/helm_install/files/vault/CHANGELOG.md b/packer/ansible/roles/helm_install/files/vault/CHANGELOG.md new file mode 100644 index 0000000..df95800 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/CHANGELOG.md @@ -0,0 +1,433 @@ +## Unreleased + +## 0.22.1 (October 26th, 2022) + +Changes: +* `vault` updated to 1.12.0 [GH-803](https://github.com/hashicorp/vault-helm/pull/803) +* `vault-k8s` updated to 1.0.1 [GH-803](https://github.com/hashicorp/vault-helm/pull/803) + +## 0.22.0 (September 8th, 2022) + +Features: +* Add PrometheusOperator support for collecting Vault server metrics. [GH-772](https://github.com/hashicorp/vault-helm/pull/772) + +Changes: +* `vault-k8s` to 1.0.0 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) +* Test against Kubernetes 1.25 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) +* `vault` updated to 1.11.3 [GH-785](https://github.com/hashicorp/vault-helm/pull/785) + +## 0.21.0 (August 10th, 2022) + +CHANGES: +* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771) +* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) +* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) +* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744) +* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) +* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) + +Features: +* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) +* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) +* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767) +* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610) +* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753) + +## 0.20.1 (May 25th, 2022) +CHANGES: +* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739) + +Improvements: +* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736) + +Bugs: +* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737) + +## 0.20.0 (May 16th, 2022) + +CHANGES: +* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703) +* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703) +* Vault default image to 1.10.3 +* CSI provider default image to 1.1.0 +* Vault K8s default image to 0.16.0 +* Earliest Kubernetes version tested is now 1.16 +* Helm 3.6+ now required + +Features: +* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652) + +Improvements: +* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) +* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) +* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) +* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) +* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694) +* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684) +* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692) + +## 0.19.0 (January 20th, 2022) + +CHANGES: +* Vault image default 1.9.2 +* Vault K8s image default 0.14.2 + +Features: +* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) +* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) +* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) +* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) + +Improvements: +* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) +* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) +* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) + +## 0.18.0 (November 17th, 2021) + +CHANGES: +* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) +* Vault image default 1.9.0 +* Vault K8s image default 0.14.1 + +Improvements: +* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) + +## 0.17.1 (October 25th, 2021) + +Improvements: + * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) + +## 0.17.0 (October 21st, 2021) + +KNOWN ISSUES: +* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set + +CHANGES: +* Vault image default 1.8.4 +* Vault K8s image default 0.14.0 + +Improvements: +* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) +* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) +* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) + +Bugs: +* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) + +## 0.16.1 (September 29th, 2021) + +CHANGES: +* Vault image default 1.8.3 +* Vault K8s image default 0.13.1 + +## 0.16.0 (September 16th, 2021) + +CHANGES: +* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. + +Improvements: + * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) + * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) + +## 0.15.0 (August 23rd, 2021) + +Improvements: +* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) +* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) + +## 0.14.0 (July 28th, 2021) + +Features: +* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) + +Improvements: +* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) +* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) +* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) +* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) +* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) +* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) + + +## 0.13.0 (June 17th, 2021) + +Improvements: +* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) +* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) +* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) + +Bugs: +* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) +* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) +* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) + +## 0.12.0 (May 25th, 2021) + +Features: +* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) + +Improvements: +* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) +* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) +* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) +* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) + +Bugs: +* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) + +## 0.11.0 (April 14th, 2021) + +Features: +* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) +* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) +* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) +* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) +* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) +* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) + +Improvements: +* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) + +Bugs: +* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) + +## 0.10.0 (March 25th, 2021) + +Features: +* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) + +Improvements: +* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) + +## 0.9.1 (February 2nd, 2021) + +Bugs: +* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) +* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) + +## 0.9.0 (January 5th, 2021) + +Features: +* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) +* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) + +Improvements: +* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) +* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) +* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) +* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) +* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) +* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) +* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) +* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) + +## 0.8.0 (October 20th, 2020) + +Improvements: +* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) +* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) +* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) +* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) +* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) +* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) +* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) + +Bugs: +* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) + +## 0.7.0 (August 24th, 2020) + +Features: +* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). +* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) + +Improvements: +* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) +* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) +* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) +* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) +* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) +* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) +* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) +* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) +* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) + +Bugs: +* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) +* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) +* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) + +## 0.6.0 (June 3rd, 2020) + +Features: +* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) +* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) +* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) + +Improvements: +* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) +* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] +* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] +* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] +* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] +* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] +* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] +* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) + +Bugs: +* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] +* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] +* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] +* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] +* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) + +## 0.5.0 (April 9th, 2020) + +Features: + +* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] +* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] +* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] + +* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] +* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] +* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] +* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] +* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] + +## 0.4.0 (February 21st, 2020) + +Improvements: + +* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] +* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] +* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] +* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] +* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] + +Bugs: + +* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] + +## 0.3.3 (January 14th, 2020) + +Security: + +* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) + +Bugs: + +* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files + +## 0.3.2 (January 8th, 2020) + +Bugs: + +* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] + +## 0.3.1 (January 2nd, 2020) + +Bugs: + +* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] + +## 0.3.0 (December 19th, 2019) + +Features: + +* Extra containers can now be added to the Vault pods +* Added configurability of pod probes +* Added Vault Agent Injector + +Improvements: + +* Moved `global.image` to `server.image` +* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` +* Added better HTTP/HTTPS scheme support to http probes +* Added configurable node port for Vault service +* `server.authDelegator` is now enabled by default + +Bugs: + +* Fixed upgrade bug by removing chart label which contained the version +* Fixed typo on `serviceAccount` (was `serviceaccount`) +* Fixed readiness/liveliness HTTP probe default to accept standbys + +## 0.2.1 (November 12th, 2019) + +Bugs: + +* Removed `readOnlyRootFilesystem` causing issues when validating deployments + +## 0.2.0 (October 29th, 2019) + +Features: + +* Added load balancer support +* Added ingress support +* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) +* Removed root requirements, now runs as Vault user + +Improvements: + +* Added namespace value to all rendered objects +* Made ports configurable in services +* Added the ability to add custom annotations to services +* Added docker image for running bats test in CircleCI +* Removed restrictions around `dev` mode such as annotations +* `readOnlyRootFilesystem` is now configurable +* Image Pull Policy is now configurable + +Bugs: + +* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) +* Fixed bug where audit storage was not being mounted in HA mode +* Fixed bug where Vault pod wasn't receiving SIGTERM signals + + +## 0.1.2 (August 22nd, 2019) + +Features: + +* Added `extraSecretEnvironmentVars` to allow users to mount secrets as + environment variables +* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS + depending on the value +* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` + to "NodePort" + +Improvements: + +* Changed UI port to 8200 for better HTTP protocol support +* Added `path` to `extraVolumes` to define where the volume should be + mounted. Defaults to `/vault/userconfig` +* Upgraded Vault to 1.2.2 + +Bugs: + +* Fixed bug where upgrade would fail because immutable labels were being + changed (Helm Version label) +* Fixed bug where UI service used wrong selector after updating helm labels +* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks + Consul is the active node +* Removed `step-down` preStop since it requires authentication. Shutdown signal + sent by Kube acts similar to `step-down` + + +## 0.1.1 (August 7th, 2019) + +Features: + +* Added `authDelegator` Cluster Role Binding to Vault service account for + bootstrapping Kube auth method + +Improvements: + +* Added `server.service.clusterIP` to `values.yml` so users can toggle + the Vault service to headless by using the value `None`. +* Upgraded Vault to 1.2.1 + +## 0.1.0 (August 6th, 2019) + +Initial release diff --git a/packer/ansible/roles/helm_install/files/vault/CONTRIBUTING.md b/packer/ansible/roles/helm_install/files/vault/CONTRIBUTING.md new file mode 100644 index 0000000..ad31ac9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/CONTRIBUTING.md @@ -0,0 +1,247 @@ +# Contributing to Vault Helm + +**Please note:** We take Vault's security and our users' trust very seriously. +If you believe you have found a security issue in Vault, please responsibly +disclose by contacting us at security@hashicorp.com. + +**First:** if you're unsure or afraid of _anything_, just ask or submit the +issue or pull request anyways. You won't be yelled at for giving it your best +effort. The worst that can happen is that you'll be politely asked to change +something. We appreciate any sort of contributions, and don't want a wall of +rules to get in the way of that. + +That said, if you want to ensure that a pull request is likely to be merged, +talk to us! You can find out our thoughts and ensure that your contribution +won't clash or be obviated by Vault's normal direction. A great way to do this +is via the [Vault Discussion Forum][1]. + +This document will cover what we're looking for in terms of reporting issues. +By addressing all the points we're looking for, it raises the chances we can +quickly merge or address your contributions. + +[1]: https://discuss.hashicorp.com/c/vault + +## Issues + +### Reporting an Issue + +* Make sure you test against the latest released version. It is possible + we already fixed the bug you're experiencing. Even better is if you can test + against `main`, as bugs are fixed regularly but new versions are only + released every few months. + +* Provide steps to reproduce the issue, and if possible include the expected + results as well as the actual results. Please provide text, not screen shots! + +* Respond as promptly as possible to any questions made by the Vault + team to your issue. Stale issues will be closed periodically. + +### Issue Lifecycle + +1. The issue is reported. + +2. The issue is verified and categorized by a Vault Helm collaborator. + Categorization is done via tags. For example, bugs are marked as "bugs". + +3. Unless it is critical, the issue may be left for a period of time (sometimes + many weeks), giving outside contributors -- maybe you!? -- a chance to + address the issue. + +4. The issue is addressed in a pull request or commit. The issue will be + referenced in the commit message so that the code that fixes it is clearly + linked. + +5. The issue is closed. Sometimes, valid issues will be closed to keep + the issue tracker clean. The issue is still indexed and available for + future viewers, or can be re-opened if necessary. + +## Testing + +The Helm chart ships with both unit and acceptance tests. + +The unit tests don't require any active Kubernetes cluster and complete +very quickly. These should be used for fast feedback during development. +The acceptance tests require a Kubernetes cluster with a configured `kubectl`. + +### Test Using Docker Container + +The following are the instructions for running bats tests using a Docker container. + +#### Prerequisites + +* Docker installed +* `vault-helm` checked out locally + +#### Test + +**Note:** the following commands should be run from the `vault-helm` directory. + +First, build the Docker image for running the tests: + +```shell +docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test +``` +Next, execute the tests with the following commands: +```shell +docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit +``` +It's possible to only run specific bats tests using regular expressions. +For example, the following will run only tests with "injector" in the name: +```shell +docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" +``` + +### Test Manually +The following are the instructions for running bats tests on your workstation. +#### Prerequisites +* [Bats](https://github.com/bats-core/bats-core) + ```bash + brew install bats-core + ``` +* [yq](https://pypi.org/project/yq/) + ```bash + brew install python-yq + ``` +* [helm](https://helm.sh) + ```bash + brew install kubernetes-helm + ``` + +#### Test + +To run the unit tests: + + bats ./test/unit + +To run the acceptance tests: + + bats ./test/acceptance + +If the acceptance tests fail, deployed resources in the Kubernetes cluster +may not be properly cleaned up. We recommend recycling the Kubernetes cluster to +start from a clean slate. + +**Note:** There is a Terraform configuration in the +[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory +that can be used to quickly bring up a GKE cluster and configure +`kubectl` and `helm` locally. This can be used to quickly spin up a test +cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes +cluster. + +### Writing Unit Tests + +Changes to the Helm chart should be accompanied by appropriate unit tests. + +#### Formatting + +- Put tests in the test file in the same order as the variables appear in the `values.yaml`. +- Start tests for a chart value with a header that says what is being tested, like this: + ``` + #-------------------------------------------------------------------- + # annotations + ``` + +- Name the test based on what it's testing in the following format (this will be its first line): + ``` + @test "
    : " { + ``` + + When adding tests to an existing file, the first section will be the same as the other tests in the file. + +#### Test Details + +[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. +In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. +In this way, we're able to test that the various conditionals in the templates render as we would expect. + +Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. +The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). +`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). +The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. + +The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. + +The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. + +#### Test Examples + +Here are some examples of common test patterns: + +- Check that a value is disabled by default + + ``` + @test "ui/Service: no type by default" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/ui-service.yaml \ + . | tee /dev/stderr | + yq -r '.spec.type' | tee /dev/stderr) + [ "${actual}" = "null" ] + } + ``` + + In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. + This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. + + +- Check that a template value is rendered to a specific value + ``` + @test "ui/Service: specified type" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/ui-service.yaml \ + --set 'ui.serviceType=LoadBalancer' \ + . | tee /dev/stderr | + yq -r '.spec.type' | tee /dev/stderr) + [ "${actual}" = "LoadBalancer" ] + } + ``` + + This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. + +- Check that a template value contains several values + ``` + @test "server/standalone-StatefulSet: custom resources" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.standalone.enabled=true' \ + --set 'server.resources.requests.memory=256Mi' \ + --set 'server.resources.requests.cpu=250m' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) + [ "${actual}" = "256Mi" ] + + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.standalone.enabled=true' \ + --set 'server.resources.limits.memory=256Mi' \ + --set 'server.resources.limits.cpu=250m' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) + [ "${actual}" = "256Mi" ] + ``` + + *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. + +- Check that an entire template file is not rendered + ``` + @test "syncCatalog/Deployment: disabled by default" { + cd `chart_dir` + local actual=$( (helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'global.enabled=false' \ + . || echo "---") | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] + } + ``` + Here we are check the length of the command output to see if the anything is rendered. + This style can easily be switched to check that a file is rendered instead. + +## Contributor License Agreement + +We require that all contributors sign our Contributor License Agreement ("CLA") +before we can accept the contribution. + +[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/packer/ansible/roles/helm_install/files/vault/Chart.yaml b/packer/ansible/roles/helm_install/files/vault/Chart.yaml new file mode 100644 index 0000000..ac1dcec --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +appVersion: 1.12.0 +description: Official HashiCorp Vault Chart +home: https://www.vaultproject.io +icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png +keywords: +- vault +- security +- encryption +- secrets +- management +- automation +- infrastructure +kubeVersion: '>= 1.16.0-0' +name: vault +sources: +- https://github.com/hashicorp/vault +- https://github.com/hashicorp/vault-helm +- https://github.com/hashicorp/vault-k8s +- https://github.com/hashicorp/vault-csi-provider +version: 0.22.1 diff --git a/packer/ansible/roles/helm_install/files/vault/LICENSE b/packer/ansible/roles/helm_install/files/vault/LICENSE new file mode 100644 index 0000000..74f38c0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/LICENSE @@ -0,0 +1,355 @@ +Copyright (c) 2018 HashiCorp, Inc. + +Mozilla Public License, version 2.0 + +1. Definitions + +1.1. “Contributor” + + means each individual or legal entity that creates, contributes to the + creation of, or owns Covered Software. + +1.2. “Contributor Version” + + means the combination of the Contributions of others (if any) used by a + Contributor and that particular Contributor’s Contribution. + +1.3. “Contribution” + + means Covered Software of a particular Contributor. + +1.4. “Covered Software” + + means Source Code Form to which the initial Contributor has attached the + notice in Exhibit A, the Executable Form of such Source Code Form, and + Modifications of such Source Code Form, in each case including portions + thereof. + +1.5. “Incompatible With Secondary Licenses” + means + + a. that the initial Contributor has attached the notice described in + Exhibit B to the Covered Software; or + + b. that the Covered Software was made available under the terms of version + 1.1 or earlier of the License, but not also under the terms of a + Secondary License. + +1.6. “Executable Form” + + means any form of the work other than Source Code Form. + +1.7. “Larger Work” + + means a work that combines Covered Software with other material, in a separate + file or files, that is not Covered Software. + +1.8. “License” + + means this document. + +1.9. “Licensable” + + means having the right to grant, to the maximum extent possible, whether at the + time of the initial grant or subsequently, any and all of the rights conveyed by + this License. + +1.10. “Modifications” + + means any of the following: + + a. any file in Source Code Form that results from an addition to, deletion + from, or modification of the contents of Covered Software; or + + b. any new file in Source Code Form that contains any Covered Software. + +1.11. “Patent Claims” of a Contributor + + means any patent claim(s), including without limitation, method, process, + and apparatus claims, in any patent Licensable by such Contributor that + would be infringed, but for the grant of the License, by the making, + using, selling, offering for sale, having made, import, or transfer of + either its Contributions or its Contributor Version. + +1.12. “Secondary License” + + means either the GNU General Public License, Version 2.0, the GNU Lesser + General Public License, Version 2.1, the GNU Affero General Public + License, Version 3.0, or any later versions of those licenses. + +1.13. “Source Code Form” + + means the form of the work preferred for making modifications. + +1.14. “You” (or “Your”) + + means an individual or a legal entity exercising rights under this + License. For legal entities, “You” includes any entity that controls, is + controlled by, or is under common control with You. For purposes of this + definition, “control” means (a) the power, direct or indirect, to cause + the direction or management of such entity, whether by contract or + otherwise, or (b) ownership of more than fifty percent (50%) of the + outstanding shares or beneficial ownership of such entity. + + +2. License Grants and Conditions + +2.1. Grants + + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + + a. under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or as + part of a Larger Work; and + + b. under Patent Claims of such Contributor to make, use, sell, offer for + sale, have made, import, and otherwise transfer either its Contributions + or its Contributor Version. + +2.2. Effective Date + + The licenses granted in Section 2.1 with respect to any Contribution become + effective for each Contribution on the date the Contributor first distributes + such Contribution. + +2.3. Limitations on Grant Scope + + The licenses granted in this Section 2 are the only rights granted under this + License. No additional rights or licenses will be implied from the distribution + or licensing of Covered Software under this License. Notwithstanding Section + 2.1(b) above, no patent license is granted by a Contributor: + + a. for any code that a Contributor has removed from Covered Software; or + + b. for infringements caused by: (i) Your and any other third party’s + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + + c. under Patent Claims infringed by Covered Software in the absence of its + Contributions. + + This License does not grant any rights in the trademarks, service marks, or + logos of any Contributor (except as may be necessary to comply with the + notice requirements in Section 3.4). + +2.4. Subsequent Licenses + + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this License + (see Section 10.2) or under the terms of a Secondary License (if permitted + under the terms of Section 3.3). + +2.5. Representation + + Each Contributor represents that the Contributor believes its Contributions + are its original creation(s) or it has sufficient rights to grant the + rights to its Contributions conveyed by this License. + +2.6. Fair Use + + This License is not intended to limit any rights You have under applicable + copyright doctrines of fair use, fair dealing, or other equivalents. + +2.7. Conditions + + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in + Section 2.1. + + +3. Responsibilities + +3.1. Distribution of Source Form + + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under the + terms of this License. You must inform recipients that the Source Code Form + of the Covered Software is governed by the terms of this License, and how + they can obtain a copy of this License. You may not attempt to alter or + restrict the recipients’ rights in the Source Code Form. + +3.2. Distribution of Executable Form + + If You distribute Covered Software in Executable Form then: + + a. such Covered Software must also be made available in Source Code Form, + as described in Section 3.1, and You must inform recipients of the + Executable Form how they can obtain a copy of such Source Code Form by + reasonable means in a timely manner, at a charge no more than the cost + of distribution to the recipient; and + + b. You may distribute such Executable Form under the terms of this License, + or sublicense it under different terms, provided that the license for + the Executable Form does not attempt to limit or alter the recipients’ + rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for the + Covered Software. If the Larger Work is a combination of Covered Software + with a work governed by one or more Secondary Licenses, and the Covered + Software is not Incompatible With Secondary Licenses, this License permits + You to additionally distribute such Covered Software under the terms of + such Secondary License(s), so that the recipient of the Larger Work may, at + their option, further distribute the Covered Software under the terms of + either this License or such Secondary License(s). + +3.4. Notices + + You may not remove or alter the substance of any license notices (including + copyright notices, patent notices, disclaimers of warranty, or limitations + of liability) contained within the Source Code Form of the Covered + Software, except that You may alter any license notices to the extent + required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on behalf + of any Contributor. You must make it absolutely clear that any such + warranty, support, indemnity, or liability obligation is offered by You + alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + +4. Inability to Comply Due to Statute or Regulation + + If it is impossible for You to comply with any of the terms of this License + with respect to some or all of the Covered Software due to statute, judicial + order, or regulation then You must: (a) comply with the terms of this License + to the maximum extent possible; and (b) describe the limitations and the code + they affect. Such description must be placed in a text file included with all + distributions of the Covered Software under this License. Except to the + extent prohibited by statute or regulation, such description must be + sufficiently detailed for a recipient of ordinary skill to be able to + understand it. + +5. Termination + +5.1. The rights granted under this License will terminate automatically if You + fail to comply with any of its terms. However, if You become compliant, + then the rights granted under this License from a particular Contributor + are reinstated (a) provisionally, unless and until such Contributor + explicitly and finally terminates Your grants, and (b) on an ongoing basis, + if such Contributor fails to notify You of the non-compliance by some + reasonable means prior to 60 days after You have come back into compliance. + Moreover, Your grants from a particular Contributor are reinstated on an + ongoing basis if such Contributor notifies You of the non-compliance by + some reasonable means, this is the first time You have received notice of + non-compliance with this License from such Contributor, and You become + compliant prior to 30 days after Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, counter-claims, + and cross-claims) alleging that a Contributor Version directly or + indirectly infringes any patent, then the rights granted to You by any and + all Contributors for the Covered Software under Section 2.1 of this License + shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user + license agreements (excluding distributors and resellers) which have been + validly granted by You or Your distributors under this License prior to + termination shall survive termination. + +6. Disclaimer of Warranty + + Covered Software is provided under this License on an “as is” basis, without + warranty of any kind, either expressed, implied, or statutory, including, + without limitation, warranties that the Covered Software is free of defects, + merchantable, fit for a particular purpose or non-infringing. The entire + risk as to the quality and performance of the Covered Software is with You. + Should any Covered Software prove defective in any respect, You (not any + Contributor) assume the cost of any necessary servicing, repair, or + correction. This disclaimer of warranty constitutes an essential part of this + License. No use of any Covered Software is authorized under this License + except under this disclaimer. + +7. Limitation of Liability + + Under no circumstances and under no legal theory, whether tort (including + negligence), contract, or otherwise, shall any Contributor, or anyone who + distributes Covered Software as permitted above, be liable to You for any + direct, indirect, special, incidental, or consequential damages of any + character including, without limitation, damages for lost profits, loss of + goodwill, work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses, even if such party shall have been + informed of the possibility of such damages. This limitation of liability + shall not apply to liability for death or personal injury resulting from such + party’s negligence to the extent applicable law prohibits such limitation. + Some jurisdictions do not allow the exclusion or limitation of incidental or + consequential damages, so this exclusion and limitation may not apply to You. + +8. Litigation + + Any litigation relating to this License may be brought only in the courts of + a jurisdiction where the defendant maintains its principal place of business + and such litigation shall be governed by laws of that jurisdiction, without + reference to its conflict-of-law provisions. Nothing in this Section shall + prevent a party’s ability to bring cross-claims or counter-claims. + +9. Miscellaneous + + This License represents the complete agreement concerning the subject matter + hereof. If any provision of this License is held to be unenforceable, such + provision shall be reformed only to the extent necessary to make it + enforceable. Any law or regulation which provides that the language of a + contract shall be construed against the drafter shall not be used to construe + this License against a Contributor. + + +10. Versions of the License + +10.1. New Versions + + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + +10.2. Effect of New Versions + + You may distribute the Covered Software under the terms of the version of + the License under which You originally received the Covered Software, or + under the terms of any subsequent version published by the license + steward. + +10.3. Modified Versions + + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a modified + version of this License if you rename the license and remove any + references to the name of the license steward (except to note that such + modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses + If You choose to distribute Source Code Form that is Incompatible With + Secondary Licenses under the terms of this version of the License, the + notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice + + This Source Code Form is subject to the + terms of the Mozilla Public License, v. + 2.0. If a copy of the MPL was not + distributed with this file, You can + obtain one at + http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular file, then +You may include the notice in a location (such as a LICENSE file in a relevant +directory) where a recipient would be likely to look for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - “Incompatible With Secondary Licenses” Notice + + This Source Code Form is “Incompatible + With Secondary Licenses”, as defined by + the Mozilla Public License, v. 2.0. diff --git a/packer/ansible/roles/helm_install/files/vault/Makefile b/packer/ansible/roles/helm_install/files/vault/Makefile new file mode 100644 index 0000000..e423f35 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/Makefile @@ -0,0 +1,101 @@ +TEST_IMAGE?=vault-helm-test +GOOGLE_CREDENTIALS?=vault-helm-test.json +CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 +# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats +ACCEPTANCE_TESTS?=acceptance + +# filter bats unit tests to run. +UNIT_TESTS_FILTER?='.*' + +# set to 'true' to run acceptance tests locally in a kind cluster +LOCAL_ACCEPTANCE_TESTS?=false + +# kind cluster name +KIND_CLUSTER_NAME?=vault-helm + +# kind k8s version +KIND_K8S_VERSION?=v1.25.0 + +# Generate json schema for chart values. See test/README.md for more details. +values-schema: + helm schema-gen values.yaml > values.schema.json + +test-image: + @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) + +test-unit: + @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit + +test-bats: test-unit test-acceptance + +test: test-image test-bats + +# run acceptance tests on GKE +# set google project/credential vars above +test-acceptance: +ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) + make setup-kind acceptance +else + @docker run -it -v ${PWD}:/helm-test \ + -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ + -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ + -e KUBECONFIG=/helm-test/.kube/config \ + -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ + -w /helm-test \ + $(TEST_IMAGE) \ + make acceptance +endif + +# destroy GKE cluster using terraform +test-destroy: + @docker run -it -v ${PWD}:/helm-test \ + -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ + -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ + -w /helm-test \ + $(TEST_IMAGE) \ + make destroy-cluster + +# provision GKE cluster using terraform +test-provision: + @docker run -it -v ${PWD}:/helm-test \ + -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ + -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ + -e KUBECONFIG=/helm-test/.kube/config \ + -w /helm-test \ + $(TEST_IMAGE) \ + make provision-cluster + +# this target is for running the acceptance tests +# it is run in the docker container above when the test-acceptance target is invoked +acceptance: +ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) + gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} +endif + bats --tap --timing test/${ACCEPTANCE_TESTS} + +# this target is for provisioning the GKE cluster +# it is run in the docker container above when the test-provision target is invoked +provision-cluster: + gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} + terraform init test/terraform + terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform + +# this target is for removing the GKE cluster +# it is run in the docker container above when the test-destroy target is invoked +destroy-cluster: + terraform destroy -auto-approve + +# create a kind cluster for running the acceptance tests locally +setup-kind: + kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ + kind create cluster \ + --image kindest/node:${KIND_K8S_VERSION} \ + --name ${KIND_CLUSTER_NAME} \ + --config $(CURDIR)/test/kind/config.yaml + kubectl config use-context kind-${KIND_CLUSTER_NAME} + +# delete the kind cluster +delete-kind: + kind delete cluster --name ${KIND_CLUSTER_NAME} || : + +.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/packer/ansible/roles/helm_install/files/vault/README.MD b/packer/ansible/roles/helm_install/files/vault/README.MD new file mode 100644 index 0000000..816e4e6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/README.MD @@ -0,0 +1,127 @@ +## override-values.yaml 내용 확인 +# +``` +# user_vault의 access_key, secret_key를 입력. +# vault-auto-unseal key id를 입력. + seal "awskms" { + region = "ap-northeast-2" + access_key = user_vault의 access_key + secret_key = user_vault의 secret_key + kms_key_id = aws kms vault-auto-unseal key id + } + +``` +## vault server 설치 +``` +helm install vault-server -n dsk-middle -f override-values.yaml . +``` + +## vault server 생성 확인 +``` +kubectl get pods -n dsk-middle +``` + +## vault server 초기화 +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault operator init +``` +위 명령어로 나온 key 값들은 반드시 파일로 저장 후 반드시 보관 필요\ +vault server 봉인 해제, ui 접속 등에 필요 + +## vault server 봉인 해제. unseal key 5 개 중, 아무거나 3 개 필요 +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault operator unseal +``` +### unseal key 입력 +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault operator unseal +``` +### unseal key 입력 +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault operator unseal +``` +### unseal key 입력 + +## vault server login +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault login +``` +### Initial Root Token 입력 + +## vault secret engine 활성화. 사용 엔진 kv (key value) +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault secrets enable -version=2 -path=tls kv +``` +## secret engine 활성화 확인 +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault secrets list +``` + +## approle 활성화 +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault auth enable approle +``` +## approle 활성화 확인 +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault auth list +``` + +## policy 생성. (secret에 접근하는 권한 설정) +``` +kubectl exec -it -n dsk-middle vault-server-0 -- vault policy write datasaker -<&1 + livenessProbe: + httpGet: + path: /health/ready + port: {{ .Values.injector.port }} + scheme: HTTPS + failureThreshold: 2 + initialDelaySeconds: 5 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /health/ready + port: {{ .Values.injector.port }} + scheme: HTTPS + failureThreshold: 2 + initialDelaySeconds: 5 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 5 +{{- if .Values.injector.certs.secretName }} + volumeMounts: + - name: webhook-certs + mountPath: /etc/webhook/certs + readOnly: true +{{- end }} +{{- if .Values.injector.certs.secretName }} + volumes: + - name: webhook-certs + secret: + secretName: "{{ .Values.injector.certs.secretName }}" +{{- end }} + {{- include "imagePullSecrets" . | nindent 6 }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-disruptionbudget.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-disruptionbudget.yaml new file mode 100644 index 0000000..b44fd73 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-disruptionbudget.yaml @@ -0,0 +1,20 @@ +{{- if .Values.injector.podDisruptionBudget }} +apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} +kind: PodDisruptionBudget +metadata: + name: {{ template "vault.fullname" . }}-agent-injector + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + component: webhook +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} + component: webhook + {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-mutating-webhook.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-mutating-webhook.yaml new file mode 100644 index 0000000..3d3fd36 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-mutating-webhook.yaml @@ -0,0 +1,39 @@ +{{- template "vault.injectorEnabled" . -}} +{{- if .injectorEnabled -}} +{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} +apiVersion: admissionregistration.k8s.io/v1 +{{- else }} +apiVersion: admissionregistration.k8s.io/v1beta1 +{{- end }} +kind: MutatingWebhookConfiguration +metadata: + name: {{ template "vault.fullname" . }}-agent-injector-cfg + labels: + app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- template "injector.webhookAnnotations" . }} +webhooks: + - name: vault.hashicorp.com + failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }} + matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }} + sideEffects: None + timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }} + admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: {{ template "vault.fullname" . }}-agent-injector-svc + namespace: {{ .Release.Namespace }} + path: "/mutate" + caBundle: {{ .Values.injector.certs.caBundle | quote }} + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] +{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }} + namespaceSelector: +{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}} +{{ end }} +{{- template "injector.objectSelector" . -}} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-network-policy.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-network-policy.yaml new file mode 100644 index 0000000..68892d2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-network-policy.yaml @@ -0,0 +1,24 @@ +{{- template "vault.injectorEnabled" . -}} +{{- if .injectorEnabled -}} +{{- if eq (.Values.global.openshift | toString) "true" }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "vault.fullname" . }}-agent-injector + labels: + app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} + component: webhook + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8080 + protocol: TCP +{{ end }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-psp-role.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-psp-role.yaml new file mode 100644 index 0000000..5d23c75 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-psp-role.yaml @@ -0,0 +1,20 @@ +{{- template "vault.injectorEnabled" . -}} +{{- if .injectorEnabled -}} +{{- if eq (.Values.global.psp.enable | toString) "true" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "vault.fullname" . }}-agent-injector-psp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "vault.fullname" . }}-agent-injector +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-psp-rolebinding.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-psp-rolebinding.yaml new file mode 100644 index 0000000..4f6b0a8 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-psp-rolebinding.yaml @@ -0,0 +1,21 @@ +{{- template "vault.injectorEnabled" . -}} +{{- if .injectorEnabled -}} +{{- if eq (.Values.global.psp.enable | toString) "true" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "vault.fullname" . }}-agent-injector-psp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + kind: Role + name: {{ template "vault.fullname" . }}-agent-injector-psp + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ template "vault.fullname" . }}-agent-injector +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-psp.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-psp.yaml new file mode 100644 index 0000000..1eee2fc --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-psp.yaml @@ -0,0 +1,46 @@ +{{- template "vault.injectorEnabled" . -}} +{{- if .injectorEnabled -}} +{{- if eq (.Values.global.psp.enable | toString) "true" }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "vault.fullname" . }}-agent-injector + labels: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- template "vault.psp.annotations" . }} +spec: + privileged: false + # Required to prevent escalations to root. + allowPrivilegeEscalation: false + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Require the container to run without root privileges. + rule: MustRunAsNonRoot + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: RunAsAny + supplementalGroups: + rule: MustRunAs + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: MustRunAs + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-role.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-role.yaml new file mode 100644 index 0000000..08c8264 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-role.yaml @@ -0,0 +1,29 @@ +{{- template "vault.injectorEnabled" . -}} +{{- if .injectorEnabled -}} +{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["secrets", "configmaps"] + verbs: + - "create" + - "get" + - "watch" + - "list" + - "update" + - apiGroups: [""] + resources: ["pods"] + verbs: + - "get" + - "patch" + - "delete" +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-rolebinding.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-rolebinding.yaml new file mode 100644 index 0000000..ea0db11 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-rolebinding.yaml @@ -0,0 +1,22 @@ +{{- template "vault.injectorEnabled" . -}} +{{- if .injectorEnabled -}} +{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role +subjects: + - kind: ServiceAccount + name: {{ template "vault.fullname" . }}-agent-injector + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-service.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-service.yaml new file mode 100644 index 0000000..5e747d6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-service.yaml @@ -0,0 +1,22 @@ +{{- template "vault.injectorEnabled" . -}} +{{- if .injectorEnabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "vault.fullname" . }}-agent-injector-svc + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{ template "injector.service.annotations" . }} +spec: + ports: + - name: https + port: 443 + targetPort: {{ .Values.injector.port }} + selector: + app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} + component: webhook +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/injector-serviceaccount.yaml b/packer/ansible/roles/helm_install/files/vault/templates/injector-serviceaccount.yaml new file mode 100644 index 0000000..d1919b9 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/injector-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- template "vault.injectorEnabled" . -}} +{{- if .injectorEnabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "vault.fullname" . }}-agent-injector + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{ template "injector.serviceAccount.annotations" . }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/prometheus-prometheusrules.yaml b/packer/ansible/roles/helm_install/files/vault/templates/prometheus-prometheusrules.yaml new file mode 100644 index 0000000..572f1a0 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/prometheus-prometheusrules.yaml @@ -0,0 +1,26 @@ +{{ if and (.Values.serverTelemetry.prometheusRules.rules) + (or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.prometheusRules.enabled) ) +}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "vault.fullname" . }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} + {{- $selectors := .Values.serverTelemetry.prometheusRules.selectors }} + {{- if $selectors }} + {{- toYaml $selectors | nindent 4 }} + {{- else }} + release: prometheus + {{- end }} +spec: + groups: + - name: {{ include "vault.fullname" . }} + rules: + {{- toYaml .Values.serverTelemetry.prometheusRules.rules | nindent 6 }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/prometheus-servicemonitor.yaml b/packer/ansible/roles/helm_install/files/vault/templates/prometheus-servicemonitor.yaml new file mode 100644 index 0000000..323e51f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/prometheus-servicemonitor.yaml @@ -0,0 +1,44 @@ +{{ template "vault.mode" . }} +{{ if or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.serviceMonitor.enabled) }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "vault.fullname" . }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} + {{- $selectors := .Values.serverTelemetry.serviceMonitor.selectors }} + {{- if $selectors }} + {{- toYaml $selectors | nindent 4 }} + {{- else }} + release: prometheus + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if eq .mode "ha" }} + vault-active: "true" + {{- else }} + vault-internal: "true" + {{- end }} + endpoints: + - port: {{ include "vault.scheme" . }} + interval: {{ .Values.serverTelemetry.serviceMonitor.interval }} + scrapeTimeout: {{ .Values.serverTelemetry.serviceMonitor.scrapeTimeout }} + scheme: {{ include "vault.scheme" . | lower }} + path: /v1/sys/metrics + params: + format: + - prometheus + tlsConfig: + insecureSkipVerify: true + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-clusterrolebinding.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-clusterrolebinding.yaml new file mode 100644 index 0000000..8cdd611 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{ template "vault.serverAuthDelegator" . }} +{{- if .serverAuthDelegator -}} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: {{ template "vault.fullname" . }}-server-binding + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: {{ template "vault.serviceAccount.name" . }} + namespace: {{ .Release.Namespace }} +{{ end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-config-configmap.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-config-configmap.yaml new file mode 100644 index 0000000..f40c696 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-config-configmap.yaml @@ -0,0 +1,40 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- if .serverEnabled -}} +{{- if ne .mode "dev" -}} +{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "vault.fullname" . }}-config + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + extraconfig-from-values.hcl: |- + {{- if or (eq .mode "ha") (eq .mode "standalone") }} + {{- $type := typeOf (index .Values.server .mode).config }} + {{- if eq $type "string" }} + disable_mlock = true + {{- if eq .mode "standalone" }} + {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} + {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} + {{ tpl .Values.server.ha.config . | nindent 4 | trim }} + {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} + {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} + {{ end }} + {{- else }} + {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} +{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} + {{- else }} +{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-discovery-role.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-discovery-role.yaml new file mode 100644 index 0000000..9ca23dd --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-discovery-role.yaml @@ -0,0 +1,21 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- if .serverEnabled -}} +{{- if eq .mode "ha" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "vault.fullname" . }}-discovery-role + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list", "update", "patch"] +{{ end }} +{{ end }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-discovery-rolebinding.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-discovery-rolebinding.yaml new file mode 100644 index 0000000..6e22e4c --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-discovery-rolebinding.yaml @@ -0,0 +1,29 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- if .serverEnabled -}} +{{- if eq .mode "ha" }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- end }} +kind: RoleBinding +metadata: + name: {{ template "vault.fullname" . }}-discovery-rolebinding + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "vault.fullname" . }}-discovery-role +subjects: +- kind: ServiceAccount + name: {{ template "vault.serviceAccount.name" . }} + namespace: {{ .Release.Namespace }} +{{ end }} +{{ end }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-disruptionbudget.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-disruptionbudget.yaml new file mode 100644 index 0000000..d940fa4 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-disruptionbudget.yaml @@ -0,0 +1,26 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" -}} +{{- if .serverEnabled -}} +{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} +# PodDisruptionBudget to prevent degrading the server cluster through +# voluntary cluster changes. +apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} +kind: PodDisruptionBudget +metadata: + name: {{ template "vault.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + component: server +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-ha-active-service.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-ha-active-service.yaml new file mode 100644 index 0000000..ef21237 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-ha-active-service.yaml @@ -0,0 +1,46 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- template "vault.serverServiceEnabled" . -}} +{{- if .serverServiceEnabled -}} +{{- if eq .mode "ha" }} +# Service for active Vault pod +apiVersion: v1 +kind: Service +metadata: + name: {{ template "vault.fullname" . }}-active + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + vault-active: "true" + annotations: +{{ template "vault.service.annotations" .}} +spec: + {{- if .Values.server.service.type}} + type: {{ .Values.server.service.type }} + {{- end}} + {{- if .Values.server.service.clusterIP }} + clusterIP: {{ .Values.server.service.clusterIP }} + {{- end }} + {{- include "service.externalTrafficPolicy" .Values.server.service }} + publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} + ports: + - name: {{ include "vault.scheme" . }} + port: {{ .Values.server.service.port }} + targetPort: {{ .Values.server.service.targetPort }} + {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} + nodePort: {{ .Values.server.service.activeNodePort }} + {{- end }} + - name: https-internal + port: 8201 + targetPort: 8201 + selector: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + component: server + vault-active: "true" +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-ha-standby-service.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-ha-standby-service.yaml new file mode 100644 index 0000000..e6d66af --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-ha-standby-service.yaml @@ -0,0 +1,45 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- template "vault.serverServiceEnabled" . -}} +{{- if .serverServiceEnabled -}} +{{- if eq .mode "ha" }} +# Service for standby Vault pod +apiVersion: v1 +kind: Service +metadata: + name: {{ template "vault.fullname" . }}-standby + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: +{{ template "vault.service.annotations" .}} +spec: + {{- if .Values.server.service.type}} + type: {{ .Values.server.service.type }} + {{- end}} + {{- if .Values.server.service.clusterIP }} + clusterIP: {{ .Values.server.service.clusterIP }} + {{- end }} + {{- include "service.externalTrafficPolicy" .Values.server.service }} + publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} + ports: + - name: {{ include "vault.scheme" . }} + port: {{ .Values.server.service.port }} + targetPort: {{ .Values.server.service.targetPort }} + {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} + nodePort: {{ .Values.server.service.standbyNodePort }} + {{- end }} + - name: https-internal + port: 8201 + targetPort: 8201 + selector: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + component: server + vault-active: "false" +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-headless-service.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-headless-service.yaml new file mode 100644 index 0000000..b03f491 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-headless-service.yaml @@ -0,0 +1,34 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- template "vault.serverServiceEnabled" . -}} +{{- if .serverServiceEnabled -}} +# Service for Vault cluster +apiVersion: v1 +kind: Service +metadata: + name: {{ template "vault.fullname" . }}-internal + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + vault-internal: "true" + annotations: +{{ template "vault.service.annotations" .}} +spec: + clusterIP: None + publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} + ports: + - name: "{{ include "vault.scheme" . }}" + port: {{ .Values.server.service.port }} + targetPort: {{ .Values.server.service.targetPort }} + - name: https-internal + port: 8201 + targetPort: 8201 + selector: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + component: server +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-ingress.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-ingress.yaml new file mode 100644 index 0000000..c81e5f5 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-ingress.yaml @@ -0,0 +1,77 @@ +{{- if not .Values.global.openshift }} +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- if .Values.server.ingress.enabled -}} +{{- $extraPaths := .Values.server.ingress.extraPaths -}} +{{- $serviceName := include "vault.fullname" . -}} +{{- template "vault.serverServiceEnabled" . -}} +{{- if .serverServiceEnabled -}} +{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }} +{{- $serviceName = printf "%s-%s" $serviceName "active" -}} +{{- end }} +{{- $servicePort := .Values.server.service.port -}} +{{- $pathType := .Values.server.ingress.pathType -}} +{{- $kubeVersion := .Capabilities.KubeVersion.Version }} +{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} +apiVersion: networking.k8s.io/v1 +{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end }} +kind: Ingress +metadata: + name: {{ template "vault.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- template "vault.ingress.annotations" . }} +spec: +{{- if .Values.server.ingress.tls }} + tls: + {{- range .Values.server.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} +{{- if .Values.server.ingress.ingressClassName }} + ingressClassName: {{ .Values.server.ingress.ingressClassName }} +{{- end }} + rules: + {{- range .Values.server.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + {{- range (.paths | default (list "/")) }} + - path: {{ . }} + {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} + pathType: {{ $pathType }} + {{ end }} + backend: + {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{ else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{ end }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-network-policy.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-network-policy.yaml new file mode 100644 index 0000000..5f4c21a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-network-policy.yaml @@ -0,0 +1,26 @@ +{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "vault.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: {{ template "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8200 + protocol: TCP + - port: 8201 + protocol: TCP + {{- if .Values.server.networkPolicy.egress }} + egress: + {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} + {{ end }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-psp-role.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-psp-role.yaml new file mode 100644 index 0000000..b8eb897 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-psp-role.yaml @@ -0,0 +1,20 @@ +{{ template "vault.mode" . }} +{{- if .serverEnabled -}} +{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "vault.fullname" . }}-psp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "vault.fullname" . }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-psp-rolebinding.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-psp-rolebinding.yaml new file mode 100644 index 0000000..fded9fb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-psp-rolebinding.yaml @@ -0,0 +1,21 @@ +{{ template "vault.mode" . }} +{{- if .serverEnabled -}} +{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "vault.fullname" . }}-psp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + kind: Role + name: {{ template "vault.fullname" . }}-psp + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ template "vault.fullname" . }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-psp.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-psp.yaml new file mode 100644 index 0000000..d210af3 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-psp.yaml @@ -0,0 +1,49 @@ +{{ template "vault.mode" . }} +{{- if .serverEnabled -}} +{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "vault.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- template "vault.psp.annotations" . }} +spec: + privileged: false + # Required to prevent escalations to root. + allowPrivilegeEscalation: false + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} + - persistentVolumeClaim + {{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Require the container to run without root privileges. + rule: MustRunAsNonRoot + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: RunAsAny + supplementalGroups: + rule: MustRunAs + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: MustRunAs + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-route.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-route.yaml new file mode 100644 index 0000000..e122d93 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-route.yaml @@ -0,0 +1,34 @@ +{{- if .Values.global.openshift }} +{{- if ne .mode "external" }} +{{- if .Values.server.route.enabled -}} +{{- $serviceName := include "vault.fullname" . -}} +{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} +{{- $serviceName = printf "%s-%s" $serviceName "active" -}} +{{- end }} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: {{ template "vault.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.server.route.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- template "vault.route.annotations" . }} +spec: + host: {{ .Values.server.route.host }} + to: + kind: Service + name: {{ $serviceName }} + weight: 100 + port: + targetPort: 8200 + tls: + {{- toYaml .Values.server.route.tls | nindent 4 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-service.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-service.yaml new file mode 100644 index 0000000..3a9b0e7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-service.yaml @@ -0,0 +1,44 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- template "vault.serverServiceEnabled" . -}} +{{- if .serverServiceEnabled -}} +# Service for Vault cluster +apiVersion: v1 +kind: Service +metadata: + name: {{ template "vault.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: +{{ template "vault.service.annotations" .}} +spec: + {{- if .Values.server.service.type}} + type: {{ .Values.server.service.type }} + {{- end}} + {{- if .Values.server.service.clusterIP }} + clusterIP: {{ .Values.server.service.clusterIP }} + {{- end }} + {{- include "service.externalTrafficPolicy" .Values.server.service }} + # We want the servers to become available even if they're not ready + # since this DNS is also used for join operations. + publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} + ports: + - name: {{ include "vault.scheme" . }} + port: {{ .Values.server.service.port }} + targetPort: {{ .Values.server.service.targetPort }} + {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} + nodePort: {{ .Values.server.service.nodePort }} + {{- end }} + - name: https-internal + port: 8201 + targetPort: 8201 + selector: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + component: server +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-serviceaccount.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-serviceaccount.yaml new file mode 100644 index 0000000..c0d32d1 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-serviceaccount.yaml @@ -0,0 +1,14 @@ +{{ template "vault.serverServiceAccountEnabled" . }} +{{- if .serverServiceAccountEnabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "vault.serviceAccount.name" . }} + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{ template "vault.serviceAccount.annotations" . }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/server-statefulset.yaml b/packer/ansible/roles/helm_install/files/vault/templates/server-statefulset.yaml new file mode 100644 index 0000000..fb3cbfa --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/server-statefulset.yaml @@ -0,0 +1,210 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- if ne .mode "" }} +{{- if .serverEnabled -}} +# StatefulSet to run the actual vault server cluster. +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "vault.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- template "vault.statefulSet.annotations" . }} +spec: + serviceName: {{ template "vault.fullname" . }}-internal + podManagementPolicy: Parallel + replicas: {{ template "vault.replicas" . }} + updateStrategy: + type: {{ .Values.server.updateStrategyType }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + component: server + template: + metadata: + labels: + helm.sh/chart: {{ template "vault.chart" . }} + app.kubernetes.io/name: {{ template "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + component: server + {{- if .Values.server.extraLabels -}} + {{- toYaml .Values.server.extraLabels | nindent 8 -}} + {{- end -}} + {{ template "vault.annotations" . }} + spec: + {{ template "vault.affinity" . }} + {{ template "vault.topologySpreadConstraints" . }} + {{ template "vault.tolerations" . }} + {{ template "vault.nodeselector" . }} + {{- if .Values.server.priorityClassName }} + priorityClassName: {{ .Values.server.priorityClassName }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + serviceAccountName: {{ template "vault.serviceAccount.name" . }} + {{ if .Values.server.shareProcessNamespace }} + shareProcessNamespace: true + {{ end }} + {{- template "server.statefulSet.securityContext.pod" . }} + {{- if not .Values.global.openshift }} + hostNetwork: {{ .Values.server.hostNetwork }} + {{- end }} + + volumes: + {{ template "vault.volumes" . }} + - name: home + emptyDir: {} + {{- if .Values.server.extraInitContainers }} + initContainers: + {{ toYaml .Values.server.extraInitContainers | nindent 8}} + {{- end }} + containers: + - name: vault + {{ template "vault.resources" . }} + image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} + imagePullPolicy: {{ .Values.server.image.pullPolicy }} + command: + - "/bin/sh" + - "-ec" + args: {{ template "vault.args" . }} + {{- template "server.statefulSet.securityContext.container" . }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: VAULT_K8S_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: VAULT_K8S_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: VAULT_ADDR + value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" + - name: VAULT_API_ADDR + {{- if .Values.server.ha.apiAddr }} + value: {{ .Values.server.ha.apiAddr }} + {{- else }} + value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" + {{- end }} + - name: SKIP_CHOWN + value: "true" + - name: SKIP_SETCAP + value: "true" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: VAULT_CLUSTER_ADDR + {{- if .Values.server.ha.clusterAddr }} + value: {{ .Values.server.ha.clusterAddr }} + {{- else }} + value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" + {{- end }} + {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} + - name: VAULT_RAFT_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- end }} + - name: HOME + value: "/home/vault" + {{- if .Values.server.logLevel }} + - name: VAULT_LOG_LEVEL + value: "{{ .Values.server.logLevel }}" + {{- end }} + {{- if .Values.server.logFormat }} + - name: VAULT_LOG_FORMAT + value: "{{ .Values.server.logFormat }}" + {{- end }} + {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} + - name: VAULT_LICENSE_PATH + value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} + {{- end }} + {{ template "vault.envs" . }} + {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} + {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} + volumeMounts: + {{ template "vault.mounts" . }} + - name: home + mountPath: /home/vault + ports: + - containerPort: 8200 + name: {{ include "vault.scheme" . }} + - containerPort: 8201 + name: https-internal + - containerPort: 8202 + name: {{ include "vault.scheme" . }}-rep + {{- if .Values.server.readinessProbe.enabled }} + readinessProbe: + {{- if .Values.server.readinessProbe.path }} + httpGet: + path: {{ .Values.server.readinessProbe.path | quote }} + port: 8200 + scheme: {{ include "vault.scheme" . | upper }} + {{- else }} + # Check status; unsealed vault servers return 0 + # The exit code reflects the seal status: + # 0 - unsealed + # 1 - error + # 2 - sealed + exec: + command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] + {{- end }} + failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.server.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.server.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.server.livenessProbe.path | quote }} + port: 8200 + scheme: {{ include "vault.scheme" . | upper }} + failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.server.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} + {{- end }} + lifecycle: + # Vault container doesn't receive SIGTERM from Kubernetes + # and after the grace period ends, Kube sends SIGKILL. This + # causes issues with graceful shutdowns such as deregistering itself + # from Consul (zombie services). + preStop: + exec: + command: [ + "/bin/sh", "-c", + # Adding a sleep here to give the pod eviction a + # chance to propagate, so requests will not be made + # to this pod while it's terminating + "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", + ] + {{- if .Values.server.postStart }} + postStart: + exec: + command: + {{- range (.Values.server.postStart) }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.server.extraContainers }} + {{ toYaml .Values.server.extraContainers | nindent 8}} + {{- end }} + {{- include "imagePullSecrets" . | nindent 6 }} + {{ template "vault.volumeclaims" . }} +{{ end }} +{{ end }} +{{ end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/tests/server-test.yaml b/packer/ansible/roles/helm_install/files/vault/templates/tests/server-test.yaml new file mode 100644 index 0000000..56dbee7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/tests/server-test.yaml @@ -0,0 +1,51 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- if .serverEnabled -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ .Release.Name }}-server-test" + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": test +spec: + {{- include "imagePullSecrets" . | nindent 2 }} + containers: + - name: {{ .Release.Name }}-server-test + image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} + imagePullPolicy: {{ .Values.server.image.pullPolicy }} + env: + - name: VAULT_ADDR + value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} + {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} + command: + - /bin/sh + - -c + - | + echo "Checking for sealed info in 'vault status' output" + ATTEMPTS=10 + n=0 + until [ "$n" -ge $ATTEMPTS ] + do + echo "Attempt" $n... + vault status -format yaml | grep -E '^sealed: (true|false)' && break + n=$((n+1)) + sleep 5 + done + if [ $n -ge $ATTEMPTS ]; then + echo "timed out looking for sealed info in 'vault status' output" + exit 1 + fi + + exit 0 + volumeMounts: + {{- if .Values.server.volumeMounts }} + {{- toYaml .Values.server.volumeMounts | nindent 8}} + {{- end }} + volumes: + {{- if .Values.server.volumes }} + {{- toYaml .Values.server.volumes | nindent 4}} + {{- end }} + restartPolicy: Never +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/templates/ui-service.yaml b/packer/ansible/roles/helm_install/files/vault/templates/ui-service.yaml new file mode 100644 index 0000000..d45afdd --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/templates/ui-service.yaml @@ -0,0 +1,37 @@ +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- template "vault.uiEnabled" . -}} +{{- if .uiEnabled -}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "vault.fullname" . }}-ui + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }}-ui + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- template "vault.ui.annotations" . }} +spec: + selector: + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + component: server + {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} + vault-active: "true" + {{- end }} + publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} + ports: + - name: {{ include "vault.scheme" . }} + port: {{ .Values.ui.externalPort }} + targetPort: {{ .Values.ui.targetPort }} + {{- if .Values.ui.serviceNodePort }} + nodePort: {{ .Values.ui.serviceNodePort }} + {{- end }} + type: {{ .Values.ui.serviceType }} + {{- include "service.externalTrafficPolicy" .Values.ui }} + {{- include "service.loadBalancer" .Values.ui }} +{{- end -}} +{{- end }} diff --git a/packer/ansible/roles/helm_install/files/vault/test b/packer/ansible/roles/helm_install/files/vault/test new file mode 100644 index 0000000..bcd48de --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/test @@ -0,0 +1,600 @@ +--- +# Source: vault/templates/injector-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-vault-agent-injector + namespace: dsk-middle + labels: + app.kubernetes.io/name: vault-agent-injector + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm +--- +# Source: vault/templates/server-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-vault + namespace: dsk-middle + labels: + helm.sh/chart: vault-0.22.1 + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm +--- +# Source: vault/templates/server-config-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-vault-config + namespace: dsk-middle + labels: + helm.sh/chart: vault-0.22.1 + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm +data: + extraconfig-from-values.hcl: |- + disable_mlock = true + ui = true + + listener "tcp" { + tls_disable = 1 + address = "[::]:8200" + cluster_address = "[::]:8201" + } + storage "file" { + path = "/vault/data" + } + + seal "awskms" { + region = "ap-northeast-2" + access_key = "AKIAXMVVF3TA3NTIIHN6" + secret_key = "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" + kms_key_id = "c5b3ae3a-e976-4773-abcb-18d68c26a67d" + } +--- +# Source: vault/templates/injector-clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: release-name-vault-agent-injector-clusterrole + labels: + app.kubernetes.io/name: vault-agent-injector + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: + - "get" + - "list" + - "watch" + - "patch" +--- +# Source: vault/templates/injector-clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: release-name-vault-agent-injector-binding + labels: + app.kubernetes.io/name: vault-agent-injector + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: release-name-vault-agent-injector-clusterrole +subjects: +- kind: ServiceAccount + name: release-name-vault-agent-injector + namespace: dsk-middle +--- +# Source: vault/templates/server-clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: release-name-vault-server-binding + labels: + helm.sh/chart: vault-0.22.1 + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: release-name-vault + namespace: dsk-middle +--- +# Source: vault/templates/injector-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-vault-agent-injector-svc + namespace: dsk-middle + labels: + app.kubernetes.io/name: vault-agent-injector + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + +spec: + ports: + - name: https + port: 443 + targetPort: 8080 + selector: + app.kubernetes.io/name: vault-agent-injector + app.kubernetes.io/instance: release-name + component: webhook +--- +# Source: vault/templates/server-headless-service.yaml +# Service for Vault cluster +apiVersion: v1 +kind: Service +metadata: + name: release-name-vault-internal + namespace: dsk-middle + labels: + helm.sh/chart: vault-0.22.1 + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + vault-internal: "true" + annotations: + +spec: + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: "http" + port: 8200 + targetPort: 8200 + - name: https-internal + port: 8201 + targetPort: 8201 + selector: + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + component: server +--- +# Source: vault/templates/server-service.yaml +# Service for Vault cluster +apiVersion: v1 +kind: Service +metadata: + name: release-name-vault + namespace: dsk-middle + labels: + helm.sh/chart: vault-0.22.1 + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + annotations: + +spec: + # We want the servers to become available even if they're not ready + # since this DNS is also used for join operations. + publishNotReadyAddresses: true + ports: + - name: http + port: 8200 + targetPort: 8200 + - name: https-internal + port: 8201 + targetPort: 8201 + selector: + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + component: server +--- +# Source: vault/templates/ui-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-vault-ui + namespace: dsk-middle + labels: + helm.sh/chart: vault-0.22.1 + app.kubernetes.io/name: vault-ui + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm +spec: + selector: + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + component: server + publishNotReadyAddresses: true + ports: + - name: http + port: 8200 + targetPort: 8200 + nodePort: 32702 + type: NodePort + externalTrafficPolicy: Cluster +--- +# Source: vault/templates/injector-deployment.yaml +# Deployment for the injector +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-vault-agent-injector + namespace: dsk-middle + labels: + app.kubernetes.io/name: vault-agent-injector + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + component: webhook +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: vault-agent-injector + app.kubernetes.io/instance: release-name + component: webhook + + template: + metadata: + labels: + app.kubernetes.io/name: vault-agent-injector + app.kubernetes.io/instance: release-name + component: webhook + spec: + + affinity: + + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka + + + + tolerations: + - key: dev/data-kafka + operator: Exists + + serviceAccountName: "release-name-vault-agent-injector" + + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 100 + fsGroup: 1000 + hostNetwork: false + containers: + - name: sidecar-injector + + image: "hashicorp/vault-k8s:1.0.1" + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + env: + - name: AGENT_INJECT_LISTEN + value: :8080 + - name: AGENT_INJECT_LOG_LEVEL + value: info + - name: AGENT_INJECT_VAULT_ADDR + value: http://release-name-vault.dsk-middle.svc:8200 + - name: AGENT_INJECT_VAULT_AUTH_PATH + value: auth/kubernetes + - name: AGENT_INJECT_VAULT_IMAGE + value: "hashicorp/vault:1.12.0" + - name: AGENT_INJECT_TLS_AUTO + value: release-name-vault-agent-injector-cfg + - name: AGENT_INJECT_TLS_AUTO_HOSTS + value: release-name-vault-agent-injector-svc,release-name-vault-agent-injector-svc.dsk-middle,release-name-vault-agent-injector-svc.dsk-middle.svc + - name: AGENT_INJECT_LOG_FORMAT + value: standard + - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN + value: "false" + - name: AGENT_INJECT_CPU_REQUEST + value: "250m" + - name: AGENT_INJECT_CPU_LIMIT + value: "500m" + - name: AGENT_INJECT_MEM_REQUEST + value: "64Mi" + - name: AGENT_INJECT_MEM_LIMIT + value: "128Mi" + - name: AGENT_INJECT_DEFAULT_TEMPLATE + value: "map" + - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE + value: "true" + + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - agent-inject + - 2>&1 + livenessProbe: + httpGet: + path: /health/ready + port: 8080 + scheme: HTTPS + failureThreshold: 2 + initialDelaySeconds: 5 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /health/ready + port: 8080 + scheme: HTTPS + failureThreshold: 2 + initialDelaySeconds: 5 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 5 +--- +# Source: vault/templates/server-statefulset.yaml +# StatefulSet to run the actual vault server cluster. +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-vault + namespace: dsk-middle + labels: + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm +spec: + serviceName: release-name-vault-internal + podManagementPolicy: Parallel + replicas: 1 + updateStrategy: + type: OnDelete + selector: + matchLabels: + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + component: server + template: + metadata: + labels: + helm.sh/chart: vault-0.22.1 + app.kubernetes.io/name: vault + app.kubernetes.io/instance: release-name + component: server + spec: + + affinity: + + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: datasaker/group + operator: In + values: + - data-kafka + + + + tolerations: + - key: dev/data-kafka + operator: Exists + + terminationGracePeriodSeconds: 10 + serviceAccountName: release-name-vault + + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 100 + fsGroup: 1000 + hostNetwork: false + + volumes: + + - name: config + configMap: + name: release-name-vault-config + + - name: home + emptyDir: {} + containers: + - name: vault + + image: hashicorp/vault:1.12.0 + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-ec" + args: + - | + cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; + [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; + [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; + [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; + [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; + [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; + [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; + /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl + + securityContext: + allowPrivilegeEscalation: false + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: VAULT_K8S_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: VAULT_K8S_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: VAULT_ADDR + value: "http://127.0.0.1:8200" + - name: VAULT_API_ADDR + value: "http://$(POD_IP):8200" + - name: SKIP_CHOWN + value: "true" + - name: SKIP_SETCAP + value: "true" + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: VAULT_CLUSTER_ADDR + value: "https://$(HOSTNAME).release-name-vault-internal:8201" + - name: HOME + value: "/home/vault" + + + + volumeMounts: + + + + - name: data + mountPath: /vault/data + + + + - name: config + mountPath: /vault/config + + - name: home + mountPath: /home/vault + ports: + - containerPort: 8200 + name: http + - containerPort: 8201 + name: https-internal + - containerPort: 8202 + name: http-rep + readinessProbe: + # Check status; unsealed vault servers return 0 + # The exit code reflects the seal status: + # 0 - unsealed + # 1 - error + # 2 - sealed + exec: + command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] + failureThreshold: 2 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + lifecycle: + # Vault container doesn't receive SIGTERM from Kubernetes + # and after the grace period ends, Kube sends SIGKILL. This + # causes issues with graceful shutdowns such as deregistering itself + # from Consul (zombie services). + preStop: + exec: + command: [ + "/bin/sh", "-c", + # Adding a sleep here to give the pod eviction a + # chance to propagate, so requests will not be made + # to this pod while it's terminating + "sleep 5 && kill -SIGTERM $(pidof vault)", + ] + + + volumeClaimTemplates: + - metadata: + name: data + + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: nfs-provisioner-dev +--- +# Source: vault/templates/injector-mutating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: release-name-vault-agent-injector-cfg + labels: + app.kubernetes.io/name: vault-agent-injector + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm +webhooks: + - name: vault.hashicorp.com + failurePolicy: Ignore + matchPolicy: Exact + sideEffects: None + timeoutSeconds: 30 + admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: release-name-vault-agent-injector-svc + namespace: dsk-middle + path: "/mutate" + caBundle: "" + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - vault-agent-injector +--- +# Source: vault/templates/tests/server-test.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "release-name-server-test" + namespace: dsk-middle + annotations: + "helm.sh/hook": test +spec: + + containers: + - name: release-name-server-test + image: hashicorp/vault:1.12.0 + imagePullPolicy: IfNotPresent + env: + - name: VAULT_ADDR + value: http://release-name-vault.dsk-middle.svc:8200 + + command: + - /bin/sh + - -c + - | + echo "Checking for sealed info in 'vault status' output" + ATTEMPTS=10 + n=0 + until [ "$n" -ge $ATTEMPTS ] + do + echo "Attempt" $n... + vault status -format yaml | grep -E '^sealed: (true|false)' && break + n=$((n+1)) + sleep 5 + done + if [ $n -ge $ATTEMPTS ]; then + echo "timed out looking for sealed info in 'vault status' output" + exit 1 + fi + + exit 0 + volumeMounts: + volumes: + restartPolicy: Never diff --git a/packer/ansible/roles/helm_install/files/vault/tls/ca-cert.pem b/packer/ansible/roles/helm_install/files/vault/tls/ca-cert.pem new file mode 100644 index 0000000..bac7c9f --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/ca-cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFlTCCA32gAwIBAgIUcJvZ6e+t9LnoPjpzENgZQVW8e04wDQYJKoZIhvcNAQEL +BQAwWjELMAkGA1UEBhMCS1IxDTALBgNVBAgMBEFTSUExDjAMBgNVBAcMBVNFT1VM +MQ0wCwYDVQQKDARFWEVNMQ4wDAYDVQQLDAVDTE9VRDENMAsGA1UEAwwERVhFTTAe +Fw0yMjEyMDYwNzA3MThaFw0zMjEyMDMwNzA3MThaMFoxCzAJBgNVBAYTAktSMQ0w +CwYDVQQIDARBU0lBMQ4wDAYDVQQHDAVTRU9VTDENMAsGA1UECgwERVhFTTEOMAwG +A1UECwwFQ0xPVUQxDTALBgNVBAMMBEVYRU0wggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDbpnrLEJhtRspuAS0zPSdldRciPlC7pVBpiMZY5kDsCrW9D1qR +7e0Dy+J9XrJlKvByrDRxvHsdEU3LTlmuss5Pg8XQTmXm/mdznaAiQuzjmFzRXIs5 +KXA0oP8LsT6wgEZSMOE4psKvVBOZRzlGSV325ucsPNa16KOX8a9skZYl6GM1COn3 +dm8jNyKboRhHcs1opl0CsZ8Wh8sljJQ1M/Tm9QxGYlCVtWEarA9p4Qv2r+Nz53Da +1AicUM9PFGRmcsH8uNsQF6SB1GHgbshViV9A/gVJtWoHvjRfcVo/B4Q/wmsYfLal +yyWJxZatUJFg5z8/YRrLmRPBNeMmOl2c197J3vBNKzbwFp5AesyNfDlP51aIdg7C +TUn89Pts9afT237/lVxnxsCZJfB0QeV+EPlS8/lJdGW85EhZkhm27UjUkHwXnTcs +pagiJ07Jk3q4ulL8yT+MK1dVxpgTD3Po99LU/E+VZLtzPUD+F9+H4MQcZRDBuJrv +0PpRPgwHkCUTytnHBAZj1ZVZEjgKzW9HbVXvi+DkLJsuOSWy39STCaAkMXQA2rV5 +Z/bkDKlz5JQoKRZsHFAdzJQ/+29GONbTRIUlKXMSglG4i1sHRLVRyr2Ep9II/dQX +wClXulBDfOIKWP5PD0Pqju47aR/9+SttU1TPBqT+BGP4HVst6ofiIIfnmQIDAQAB +o1MwUTAdBgNVHQ4EFgQUxDyce/PQj55GdKLbhRO2/LPksxowHwYDVR0jBBgwFoAU +xDyce/PQj55GdKLbhRO2/LPksxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAgEA174OK1t8d31bO7iVYoAYmg19GJNtd3MPHfDclose7zt8wtbasVrx +SYcBcMjSYCHZoGCV1gxI2SoNN4I8Q2JohZbr9pu18SdPgh911PRPTBxRPeXGtYL5 +/R0Xn83J3B+VsR1/fqmKpnWouA5ReRSjQ5cBpMS+amVdnxesNnMMVafdJ//Qn+MU +wt8oNI+opU/GPobpTfI4PWWpUANa8QUk85CrYNkfIG3anKRovEM0HQ03iVvwG7Bc +vAS/O18CrEFcSJMjsBT/yWX44k+I7ZJCSSAMnFTDEzTmgR3oV306Ycrb2IPvAXxl +VEyRYBLdkhSi3aWZqXHwMhUcNV6ozosF4qHfq1AOj8DTI+r9057bX9+JOwXyYLT7 +tfnz+uF7VNCQH8PZ3PRgXQ2CKbISdm0z0y0rnVoDRv80UwJdZiuKfsW069PE5bX7 +Y1r+MoQH3mup9Kotj1VWhjHN+czG7OBxhb0gga55FdyuV/gHYJfWc8UemmHed1MK +0TvUR8+yDuYrgjaNCBK7zdXX0plwaDjaCi3FZIytXZXr2dl6eza9NTf5tzCase9G +m8asGTo29ye1lt+VIx50mN5M/DYc4OOpgm+kzaiRquIV81+Qa1HCBbOHlmGheSyr +lbRwwnil2jLj3Qh81E6Z9BUEHmvFsr0s/Z2Ge3ffWsknsUcTpt49Z48= +-----END CERTIFICATE----- diff --git a/packer/ansible/roles/helm_install/files/vault/tls/ca-cert.srl b/packer/ansible/roles/helm_install/files/vault/tls/ca-cert.srl new file mode 100644 index 0000000..b49f304 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/ca-cert.srl @@ -0,0 +1 @@ +09BA177CB280640376E27730B98C9945A5BBBA05 diff --git a/packer/ansible/roles/helm_install/files/vault/tls/ca-key.pem b/packer/ansible/roles/helm_install/files/vault/tls/ca-key.pem new file mode 100644 index 0000000..9e9ead6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/ca-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDbpnrLEJhtRspu +AS0zPSdldRciPlC7pVBpiMZY5kDsCrW9D1qR7e0Dy+J9XrJlKvByrDRxvHsdEU3L +Tlmuss5Pg8XQTmXm/mdznaAiQuzjmFzRXIs5KXA0oP8LsT6wgEZSMOE4psKvVBOZ +RzlGSV325ucsPNa16KOX8a9skZYl6GM1COn3dm8jNyKboRhHcs1opl0CsZ8Wh8sl +jJQ1M/Tm9QxGYlCVtWEarA9p4Qv2r+Nz53Da1AicUM9PFGRmcsH8uNsQF6SB1GHg +bshViV9A/gVJtWoHvjRfcVo/B4Q/wmsYfLalyyWJxZatUJFg5z8/YRrLmRPBNeMm +Ol2c197J3vBNKzbwFp5AesyNfDlP51aIdg7CTUn89Pts9afT237/lVxnxsCZJfB0 +QeV+EPlS8/lJdGW85EhZkhm27UjUkHwXnTcspagiJ07Jk3q4ulL8yT+MK1dVxpgT +D3Po99LU/E+VZLtzPUD+F9+H4MQcZRDBuJrv0PpRPgwHkCUTytnHBAZj1ZVZEjgK +zW9HbVXvi+DkLJsuOSWy39STCaAkMXQA2rV5Z/bkDKlz5JQoKRZsHFAdzJQ/+29G +ONbTRIUlKXMSglG4i1sHRLVRyr2Ep9II/dQXwClXulBDfOIKWP5PD0Pqju47aR/9 ++SttU1TPBqT+BGP4HVst6ofiIIfnmQIDAQABAoICAApr8DiRTYIl0TX99UyQkr10 +HEhiJ4d3tQSE2lBegGcSrQPO5i+1V8EN2+2x4An/yw/NzuE0nazH5OaIDaZF0pcg +O/MBvUEEAhmQuYfWoBG+aWz/lJV+O1Yr6139J2nNdEizDASZmPQjq5hisjt9AKnV +09McAd34r0Zmz7l5gOPEjmx2Q0+b/XLwy0ISFypQrqFP/2rAzbkOcVuTO3b4w55v +swjl4kfwJq7SyhpudJhcSRD3QroHRG9SQDvSzl60BDM+/Bnb3VDRqGEzMGsqjOvz +AYI5StIaOrbqlGsYKrSxv04WoL3mER5j0x3fDD7KSgxySYiudyr8KQ5nx4hJD8dy +uwoZRjfxi1gLxQW7PfXuiDCIL9TLWeCbNE5kLhP7nc4Y2UFUQsJ8+F3kKiCXC0y2 +l7IDQzYALUgoToJou2uPkSO43z5X4dEXbVMhTH7wmurfqyJMpDrhVZ6sLHdlYOMO +5px8o7F7nW3adycTM4cII9BLO2cO7dWVhvOX+sSq3DGNTJKQBkVMbvOOcgFaoKvE +BSvMlmVP93gmp9vrN4Q830WGmwgjgeFd7B3DGLM/7fH3D0HPrAbjyq3V4LAzv+ZS +a09c8lJaZTSnDCPXYHBqJtVXUsyntPMSkFP/ko+NAD7U9pPoF4Kr0At0djZJ3PQI +4DVE4MkbLx4kAQFH7eiBAoIBAQD0ABOt/Oa24WFnP75cN5kmGlUr7WbpukcIJH1f +FwQrU3QzebIJH2gAD7DlmAZZK9jklE3yuwDBwbu4h0/lox/ow/x0sgJiKE4rtOCQ +QGM+DtpYVqVKtu0xMSA12w6rIQqfoS4ZO3fBRI3Vp9GzsiMVWLwprgfMJMOqOwdy +pwp8ko969GHyA4f4qAyXjbHgX3MmmpWvXBEq87xPsu6wJncDStSPXUSGz68RQvrG +7lTvLe32fYmcJvOLpdkTHFOSXWZTwHLKg/9mVpQ69U8y4XW5F2HjS9hH8LdEhYTY +TjSQ+BP6bY3gscgv6ZnbV7rtJmRXTpTwfu2NjkYb39XgA8GhAoIBAQDmc9cpzU3Z +ek0uYim0onyhsYNSqZypCEi1ulwuLQQS+0hQMnixZYZMNrmvNKp1lB0pVd3Uoq+r +3hAdRfFc3wX0mOvHAUxralewJ3gWz8gJeJRV0reOoAlIgekcb67NRKDYSIgKfKNT +kfMLwcXfI1NyeWATFmA7bT3vppdmMxr+7NPgqE8lZ6NZgtJBcXgwjBXXBDY45eC4 +WDxzEZTypwsLNjB2RigTAFu72By50+aFgr5dC+5ivi5cT3zThY4bxi4y4fCAi8tx +3bW+j2eGwN2xVTmNiImwJ5pd4j6MU7DvMDDbAlYKCgCYh+pPqbrfblpl4XN8M0El +3dahu/0w+1L5AoIBAQC0Af6CxGn9D2cJgehRJh9REeo13w2mbuuKYUkwxs0nnYjD +lQs4WbgjG3BY4YAFdyiq8ZJT+YwEZYW1C/Zwppia40OzX8QMYEnTSrzFDwtoNBL3 +SuzkovF38hMeSD6ZF2Y7/+//Y3Tk20t8DTPSyx/A1tbyNNbBz3mec6/58Kv23TUG +85XyspI0at3nTPymWCSenTrCxTxRIMGTVqFqyOXSQvlvztIIVt2D8ZMLAbcdQRgm +WdUUo1PXeYIc7C/ncgpUzUyihSD9gfAXUvSbx+NOqqZnxoOIB1ldLtejsIZtUOeE +QCCEXQQf/MmqHR3laQZrtqiAiFN+tDCazdZ+TqchAoIBAQCOXvKGeLenq88S4MIz +Pk8Q9cHTx8VpCB0jaEaaoGTr9SHvqb62maomW4jLnRXSHfcGGm45d2hgHYiHDTbX +0VC0k+TVxQ+ZLNGPmlKuhR9n+n5ppwyPqH8TtG53iufLGKLl+6lQEUA12Oz2TngY +KpLbHfEk2aYKEKs66wiNsvTymQ0stc5vpV9dZVzP4XIHTAQSGiAFdr8mJBz0WeBT +KK/B9XBrIVyQoKALpK/affbkdKl2gnB7wFKT5OeRJeltbzoLZVpXkAXYCsjFOYMT +1QMhEy3DKp8lnNHZPnS17N5aZsNICmFtQlCr6wvuu0Uf0+U1G9tk16Vf53U55hG9 +uQbBAoIBAQDDYFtI0g9mG7eCyt8lZ1YW/sNPLhr2Pw8KjvZ2SMSp1rIRb6DDShiF +ayFq7KIKJMgqm88Efapqx85yePKK/voaX4zL0Medr0HNT/jifbosNm/59FdFEul1 +mFYI6Nf9pTMRhuCyAtNbzZ3iZb9d1iUKKlNg7haGd+Z3C5K/CZ+7C+ovi5xKTvhp +VmEEybhILypySADSYnI6mE5dOf+kSwPdQpipLb84CrCwkJVgD3JH8tXiJR5CgWdg +Y5H0JGN4IaZpws3CdCFy6YPW9e3BjygnUxg1zIXJgJO4SNyPf6xckqnM/H27XvHc +cwaotmmDO7aug5eY2IhumKimQRSFGf7+ +-----END PRIVATE KEY----- diff --git a/packer/ansible/roles/helm_install/files/vault/tls/client-cert.pem b/packer/ansible/roles/helm_install/files/vault/tls/client-cert.pem new file mode 100644 index 0000000..ee7aec6 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/client-cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIUU/FxrarBbSo7RaTjkegsZtiEEcQwDQYJKoZIhvcNAQEL +BQAwWjELMAkGA1UEBhMCS1IxDTALBgNVBAgMBEFTSUExDjAMBgNVBAcMBVNFT1VM +MQ0wCwYDVQQKDARFWEVNMQ4wDAYDVQQLDAVDTE9VRDENMAsGA1UEAwwERVhFTTAe +Fw0yMjEyMDYwNzA3MjJaFw0zMjEyMDMwNzA3MjJaMGAxCzAJBgNVBAYTAktSMQ0w +CwYDVQQIDARBU0lBMQ4wDAYDVQQHDAVTRU9VTDENMAsGA1UECgwERVhFTTEOMAwG +A1UECwwFQ0xPVUQxEzARBgNVBAMMClRFU1QtQUdFTlQwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCxCa4ZQy9G+sIKVIquGnkBkPfBI7AeocbslM+jnj17 +TqqJPMSOGVZGlCktKVqGd6LkuI5mf53IhYbx/mU85UdgQPYEI0JcfIkNejYybtd1 +t0+/jwqx3t8YR/xG1ShOwqY2tx0ieoW4aKJEk/JT/LlNKgQwcxdFt1ShwaXKo2Fc +HgfY9hIQDKcwtSn/Clz0VM0VuOAdFLiPypf4nDqHS+aKgjAt9yZaiZwhbMGWhTT4 +pR0hMsGiwwXw6tKEeWoVaAkg2wlY7ABZQRpgsqoNKXdTpkl6apryUJ3M/PvBce5J +yMErVg5Rb2s2wLpK0fakrxE7sgLVffydhICvLLr80Msq7zJw6kJPtr9I5b3U96wN +rrruioLJvXYlv1KX7jwEc+4FADCXvNf6geCemXTRJ7Sn1qFA82q6YfdcMQFZVlrR +VOzxphWoZnAoGDWv41OK6Y2NTsJA6rXeIv3D3TcmxMyba1ovcOWyR5pYTDQqkThV +q2nklI8x+h7o5N7hMWIyxYhZFQMWd1NxxZ12LISrk/vD3rTSipDwrO+hEkTZP40p +lNNwmshzHZ2R1/z7m1TIlVEjKNp+w0PMKH1TGmDHmT2sORCL2Hbo6AOgZi/3euPu ++5ipxrbkV6cJnJh4/wpipl7dmVDDy81fCeAAbmbvfB9PefgEfPRFlrVXuYuY0w1t +cwIDAQABo2gwZjAkBgNVHREEHTAbghlkZ2F0ZS5kZXYua3IuZGF0YXNha2VyLmlv +MB0GA1UdDgQWBBTIkFbBsCh4m99Lz3R4DpNncMAw/TAfBgNVHSMEGDAWgBTEPJx7 +89CPnkZ0otuFE7b8s+SzGjANBgkqhkiG9w0BAQsFAAOCAgEAx31IOe39f4n5J7/E +wFpegE49QcdOlzEMzMQWEFg71OmqYIzLVnQ8RblkHMLPdMIPTqrUG3GLqAKbBvNU +8/degg1XPq2OJseo8+cyVZkEamknVjNNK4/fOxYQ2BwiFW/G+e26El6Fjg/jEHeq +w8wZXoaSF8HlZ11Lynd6EStUBsKmY0Ld/pw4EGdOm5uFpLcwhYZaQ+aFS1fX6CxB +uThYxuMXKRKr78GyQUzeHKn5wzvZtlzmNdf0xB5/kiwSEpZicAZ+ZFKRe/C5BAIR +tDmBTIb3NeBoo2h3elbvLeIC5+aW9zWXSxUOOa4QFfcCcN4+K9SVh6DqgworEhFw +iWuCh2tOYJsWnoUyoOc3A5EdKXXZOU/xvjjKPM5OLEQ0B4vuvbQref59haMToaPP +LXEiE1GPJEgzR4Pem81fjZXmtMxI44YEUqg3iN7Q7urKYdqdWnVpIdECYy9nULfN +cRrJZIRTPYIhj2xr2I9JW3i7asiF3Ht3VVNl/YKYwSIv9fLPT03lbzfijcIYLVE+ +m0zzKbUOqA0S2yekzRswEF5H3QAekaix6ov81UmLM3iBPVXM+sZi7k0pZNp8bt4l +fxP1MypfQC6XvvBo74XBKj9rJSKUIhW+ZjydKGv1jQzRAUZtslYfrtXx3hDeTjaB +7DsclIKNo+8jKLC7ifCl2iK0UV0= +-----END CERTIFICATE----- diff --git a/packer/ansible/roles/helm_install/files/vault/tls/client-key.pem b/packer/ansible/roles/helm_install/files/vault/tls/client-key.pem new file mode 100644 index 0000000..3ca5773 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/client-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxCa4ZQy9G+sIK +VIquGnkBkPfBI7AeocbslM+jnj17TqqJPMSOGVZGlCktKVqGd6LkuI5mf53IhYbx +/mU85UdgQPYEI0JcfIkNejYybtd1t0+/jwqx3t8YR/xG1ShOwqY2tx0ieoW4aKJE +k/JT/LlNKgQwcxdFt1ShwaXKo2FcHgfY9hIQDKcwtSn/Clz0VM0VuOAdFLiPypf4 +nDqHS+aKgjAt9yZaiZwhbMGWhTT4pR0hMsGiwwXw6tKEeWoVaAkg2wlY7ABZQRpg +sqoNKXdTpkl6apryUJ3M/PvBce5JyMErVg5Rb2s2wLpK0fakrxE7sgLVffydhICv +LLr80Msq7zJw6kJPtr9I5b3U96wNrrruioLJvXYlv1KX7jwEc+4FADCXvNf6geCe +mXTRJ7Sn1qFA82q6YfdcMQFZVlrRVOzxphWoZnAoGDWv41OK6Y2NTsJA6rXeIv3D +3TcmxMyba1ovcOWyR5pYTDQqkThVq2nklI8x+h7o5N7hMWIyxYhZFQMWd1NxxZ12 +LISrk/vD3rTSipDwrO+hEkTZP40plNNwmshzHZ2R1/z7m1TIlVEjKNp+w0PMKH1T +GmDHmT2sORCL2Hbo6AOgZi/3euPu+5ipxrbkV6cJnJh4/wpipl7dmVDDy81fCeAA +bmbvfB9PefgEfPRFlrVXuYuY0w1tcwIDAQABAoICAAdyPUjhuwjUvjmaAbU99s36 +j3knq542Nrw3rB4ZJ0Pa9LBOBoRli2vvimXUYfLa8FaHbrHf9z56Y0klZpOvnxds +1AwrgXyLXmZbOBFZ+SUB31BSz2PY2HBYgsNl7sqVRFFz1T1gguRVPlH9GQmwTQjy +VffFt3pesigVkYga5BrwRms5OlxDc/rH++q2wF8ke/XIb2C5wOOHZWn3BD0xk5JK +1ITyasIPHKqJPQE8PBSjOTzuuhdC9aqC7fTVeIFK/WtM2zFKx975LodXrHBeSJ8T +lO6Zskez3VdEYsBprtiaoYlVlseVFKDabVt9Rk758BMfMyBQqsHjU1hK3NiKXakw +Omb7+Jwo9AEq+9bToCdDbKyhqmgbZ6ow/ivLfzQCf4NhyhRt51KCS4CeWwqzxo5Q +eN6vl97d2xxzF9ur5hv1SlqJyOP1LtmyVf3U+7xhD/BsBVE8y9HmneeSnM/K9MFZ +cfdAPI0o2DJCK4hOtHYkf1ISIsZ06YZ+a7s18qPc439ArYM7Tu0GL3/X1C1dgLN/ +xcnwVvSnGfDyV1jJAMhWptenct0ubbl9BEmeML2dOp0XaKb6VCofHXcxVwlmvbYp +B7bhluFN32zw3poBbgWh3vP40px4CDXfZsp1XSoovephiEIo5oblvLTOzFHeRd+Q +zlzn3r8hnXcIb1pSp17hAoIBAQDXq+MpKqtpe2s4fdXTrTZ3ptuujgq490eLOKVR +JjPv83HsUvfYj4Hrju0X4BDy+8+P5fdXCgAFR/sT6Ydea1r3f0VYUsyuGMPQCaYt +y2fJrC/yFtLrsIGii9+aQhqDXBlImgMKp3xpBtB4ZIeRsqTeuGSjgEHCKV7DmJS3 +C3ZnvbsDhkaPxoS7iLjx8TEGzMBeLMpyXZsjFqJa9kmU+tg2ILpDMEp+fUjzahkE +y4YYVXAK3AjjBoOv/nrg/hyuKtBYLcfFfs8vfCA0/j1YMskt4mSAtthYz/kv4aSA +oE72xpVER9coq4oGklzqPjNOV+bs25r66x/AF4VuYVqCFrjTAoIBAQDSJGpV6PY1 +YcJfp8BoxMKLRalrKQHnB7R9V92/lk0tPBs+0oGSHW7q7ISdtMk7PtmS6lvRK4Qy +bj+Fi3eIyei+0lCsW3hLX+aQLSME1nDIpP/v5SARCFyB8us5rknluXoVcNfSOW/s +eVTOlVDI73BZxLfC6mKGn3TeD62az6wEscLgJfB4+PNv6Y0jK61J/CqadlHqVPRL +/I9uDO+R6GyiPsfGY2VJLrABD0YaDiFh49kxPf65REDIZzoJKfJ/DcKYUYX2G7n+ +TQJS8vUnAghrcjXgq3XbBYI6aLz7o9c8Pdxfv6GJNCWCBEQjDNuzNnN+Tfxcx7hD +UEKVnK73+ZThAoIBAQC7H5oCt9DtvnWzGAsUk+70NcPZWciX34UlmEpndDwP7ytj +HkGIlkrlNKcl1fUevbjDY4YM8NI/wspn5nDbTU4p+zURgxWv4DDVKeoTRa6RXmJj +K8ZpVEXF4JJrZvtWCeyt/2KwNc1N2um5649srJE75MT8z2U+r2JXVuWBQ+LB8+51 +CmXijR3RELlWwiwFeFVX4IjuXaUi9pp7TcFeD57Up+S0MwwPX2iSOfXnIScBqe+C +nJLhV1+era+z0wbTXrZSK7Zu9q2Qx6OyFvzmr3m54/nLa9mehSPxlVeDepPIrVgJ +XEOkN+GT/h2756fgS4hC7e8z0hlEM6RDtxguUsSdAoIBAQC7v49FzErVLM+V2PG+ +aTULa6TPOicZ+7dVWYCkYKv5Yz9QZJEhM6zatZBSuqgjh6aqbTq1ajTFPd0A+rdE +fmi0vIEZTOvwI/GCFOG5u8GuckS8V7DLpvXHoHpq4X3iglFCALzCdVC7LTgJDjzM +Gaj+exRXUEPQ1Xx7vfQ0YaDl3NAopZzw6DPPZBIWPzqm5GZH9LiBLX/KuA6Jm4Mb +kFYmqwKgDEP9G3pip/vQ4ZkPtZtiNGp1qjZbFmcyssiWnXujzQpr9R+6xaDy7WD8 +hgNxw+vBHE/C7GwKtXNLPHnbt8VBwpuXUwDD5f3edul/d4G+cfysBEBr27RxqThm +ExXhAoIBACu/PJGQae6MGOOszAyEQb4c8NKanC3TikXcTYali6veodbyAVv0BpkZ +Kbn5NSMZSQZBNdeSAOQAFNaTEh7jA9zFPtFZMpSG1fjx8dlC+ZTB8746wKunwbVS +yspLcC3U1AXChbF6EHRxYnWKpTQVYtn3npTjE95I9PK7dPvM9Qv74EiXhpOy7orN +hj1XTLP89uR70gLkCjWnMi48qoyMbKrnHJR/H7qZXIfkHUA+wrzJ0sMVmDvcXV+P +9oBJIUM0PGBmqLYbhG/mkiAuX+KJyHXcJY9YxRi9nyqptZPH+igQPC0pNaDtajm/ +2ePO3b8j2RJQp1ABqH7ZT0TVUwH/vWo= +-----END PRIVATE KEY----- diff --git a/packer/ansible/roles/helm_install/files/vault/tls/client-req.pem b/packer/ansible/roles/helm_install/files/vault/tls/client-req.pem new file mode 100644 index 0000000..61e62c2 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/client-req.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEpTCCAo0CAQAwYDELMAkGA1UEBhMCS1IxDTALBgNVBAgMBEFTSUExDjAMBgNV +BAcMBVNFT1VMMQ0wCwYDVQQKDARFWEVNMQ4wDAYDVQQLDAVDTE9VRDETMBEGA1UE +AwwKVEVTVC1BR0VOVDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALEJ +rhlDL0b6wgpUiq4aeQGQ98EjsB6hxuyUz6OePXtOqok8xI4ZVkaUKS0pWoZ3ouS4 +jmZ/nciFhvH+ZTzlR2BA9gQjQlx8iQ16NjJu13W3T7+PCrHe3xhH/EbVKE7Cpja3 +HSJ6hbhookST8lP8uU0qBDBzF0W3VKHBpcqjYVweB9j2EhAMpzC1Kf8KXPRUzRW4 +4B0UuI/Kl/icOodL5oqCMC33JlqJnCFswZaFNPilHSEywaLDBfDq0oR5ahVoCSDb +CVjsAFlBGmCyqg0pd1OmSXpqmvJQncz8+8Fx7knIwStWDlFvazbAukrR9qSvETuy +AtV9/J2EgK8suvzQyyrvMnDqQk+2v0jlvdT3rA2uuu6Kgsm9diW/UpfuPARz7gUA +MJe81/qB4J6ZdNEntKfWoUDzarph91wxAVlWWtFU7PGmFahmcCgYNa/jU4rpjY1O +wkDqtd4i/cPdNybEzJtrWi9w5bJHmlhMNCqROFWraeSUjzH6Hujk3uExYjLFiFkV +AxZ3U3HFnXYshKuT+8PetNKKkPCs76ESRNk/jSmU03CayHMdnZHX/PubVMiVUSMo +2n7DQ8wofVMaYMeZPaw5EIvYdujoA6BmL/d64+77mKnGtuRXpwmcmHj/CmKmXt2Z +UMPLzV8J4ABuZu98H095+AR89EWWtVe5i5jTDW1zAgMBAAGgADANBgkqhkiG9w0B +AQsFAAOCAgEAo35RHmcSHDmQDdGNOprlWMeuNbajRsERAKKuETPVHmh6QikNBD2R +l971+Feva9W0xtxNrWoly0auHelHtoRt7sBEfy5dGkVmcQOGfrUFZKOeZFjXg32d +dJdYnjur4nYUbD8sufo9711RAJz75fYUAa88pNhdrgNb5jpdBOrYVp4Xzo582wSt +VKKBYpYIy9yK1sAfUdk+yyr4XfM0GJseK5Fbbb4numqhFNlwWH26QkkbjKGZz4BM +AhC/2qaG0b7Dm691evSnPWoS++sQTtc70d/4WJp9NoxQie4wCabqgx+sG1yN9JRY +YHirPRPBBtkK9Pt6Vj99ahKWjqlknAHgiBF6CpSc/UVCqUgV1/aKRk1YSkHJpuZi +2H6w+TjF0o6vIDh2ayKdE/nib7TIbqIL1canxymePbqLN0dpIQYaUpH91lCP2rSy +Fng1jChMmN/pLi3ucx+3CTWSzrAve/2F1dC52HsAtVrKUDeg0WRk5onoxKHll0X8 +H1lgHzBfSw+25kdAkOhwUBNuOXHig7Qks58JVsMmfRe26GFbTrHz3D47d8p9U/pP +muhGiOekl6/sg3rLLfZraGw9pT1kqgGKTBaAR23BLLLyTnhZLUZzL0Hl88PObrlj +UXDGbmN6knc8vpnYFJN+Gm3zFwJlnqndwPUhu8UjLgdpI4ybFMOK+2U= +-----END CERTIFICATE REQUEST----- diff --git a/packer/ansible/roles/helm_install/files/vault/tls/ext.conf b/packer/ansible/roles/helm_install/files/vault/tls/ext.conf new file mode 100644 index 0000000..24dd565 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/ext.conf @@ -0,0 +1 @@ +subjectAltName=DNS:dgate.dev.kr.datasaker.io diff --git a/packer/ansible/roles/helm_install/files/vault/tls/generator.sh b/packer/ansible/roles/helm_install/files/vault/tls/generator.sh new file mode 100755 index 0000000..4f83989 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/generator.sh @@ -0,0 +1,94 @@ +#!/bin/bash + +########################### generator.sh ################################ + +echo "Generating TLS files..." +rm -f *.pem + +# CA 인증기관의 private key 와 self-signed certificate(자체 서명 인증서)를 생성한다. +# -x509 : +# -newkey : Key 생성 방식 +# -node : CA인증 개인키를 암호화 수행을 하지 않는다. +# -days : 인증서 유효기간을 설정한다. +# -keyout : 개인 키를 입력한 파일명으로 출력한다. +# -out : cert파일을 입력한 파일명으로 출력한다. +# -subj : 입력하지 않으면 CSR 생성 시 사용자 정보를 입력해야 된다. +# - C : 나라이름 +# - ST : 지역이름 +# - L : 도시이름 +# - O : 기관 +# - OU : 기관이름 +# - CN : Common Name + +echo "Generating CA private key..." +openssl req -x509 -newkey rsa:4096 -nodes -days 3650 -keyout ca-key.pem -out ca-cert.pem -subj "/C=KR/ST=ASIA/L=SEOUL/O=EXEM/OU=CLOUD/CN=EXEM" + +# CA Cert파일 결과를 출력합니다. +# echo "CA's self-signed certificate" +# openssl x509 -in ca-cert.pem -noout -text + +# 서버의 개인키와 CSR를 생성합니다. +# -node : 개인키 암호화를 수행하지 않는다. +echo "Generating server private key..." +openssl req -newkey rsa:4096 -nodes -keyout server-key.pem -out server-req.pem -subj "/C=KR/ST=ASIA/L=SEOUL/O=EXEM/OU=CLOUD/CN=DATAGATE" + + +# Kubernetes의 환경에서는 Kubernetes의 Service명으로 DNS 등록이 가능하다. +# 만약 IP를 이용하여 subjectAltName을 등록할때는 IP:0.0.0.0 으로 등록하면 된다. +#cat > ext.conf <<-EOF +#subjectAltName = @alt_names +#[alt_names] +#DNS.1=sam-datagate +#DNS.2=sam-datagate-develop +#DNS.3=sam-datagate-cloud-1675 +#DNS.4=10.10.34.129 +#EOF + +cat > ext.conf <<-EOF +subjectAltName=DNS:dgate.dev.kr.datasaker.io +EOF + +# 서버 인증서 요청에 서명합니다. (CSR) +echo "Generating server certificate..." +openssl x509 -req -in server-req.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile ext.conf + +# Server Cert파일 결과를 출력합니다. +# echo "Server's signed certificate" +# openssl x509 -in server-cert.pem -noout -text + +# CA, Server 인증서 확인 +echo "Verifying certificate" +openssl verify -CAfile ca-cert.pem server-cert.pem + +# Client의 개인키와 인증서 서명 요청(CSR)를 생성합니다. +echo "Generating client private key..." +openssl req -newkey rsa:4096 -nodes -keyout client-key.pem -out client-req.pem -subj "/C=KR/ST=ASIA/L=SEOUL/O=EXEM/OU=CLOUD/CN=TEST-AGENT" + +# Client 인증서 요청에 서명합니다. (CSR) +echo "Generating client certificate..." +openssl x509 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -extfile ext.conf + +# Client 인증서 서명 결과 출력 +# echo "Client's signed certificate" +# openssl x509 -in client-cert.pem -noout -text + +NAMESPACE="dsk-middle" +VAULT_NAME="vault-0" + +CA_CERT_NAME="ca-cert.pem" +CLIENT_CERT_NAME="client-cert.pem" +CLIENT_KEY_NAME="client-key.pem" +kubectl exec -it -n "$NAMESPACE" "$VAULT_NAME" -- \ +vault kv put -mount=tls client \ +ca_cert=$(openssl base64 -A -in "$CA_CERT_NAME") \ +cert=$(openssl base64 -A -in "$CLIENT_CERT_NAME") \ +key=$(openssl base64 -A -in "$CLIENT_KEY_NAME") + + +SERVER_CERT_NAME="server-cert.pem" +SERVER_KEY_NAME="server-key.pem" +kubectl exec -it -n "$NAMESPACE" "$VAULT_NAME" -- \ +vault kv put -mount=tls server \ +ca_cert=$(openssl base64 -A -in "$CA_CERT_NAME") \ +cert=$(openssl base64 -A -in "$SERVER_CERT_NAME") \ +key=$(openssl base64 -A -in "$SERVER_KEY_NAME") diff --git a/packer/ansible/roles/helm_install/files/vault/tls/server-cert.pem b/packer/ansible/roles/helm_install/files/vault/tls/server-cert.pem new file mode 100644 index 0000000..594542d --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/server-cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFrjCCA5agAwIBAgIUeYr9DLb76Ps4kU+TjPUqWGi++/EwDQYJKoZIhvcNAQEL +BQAwWjELMAkGA1UEBhMCS1IxDTALBgNVBAgMBEFTSUExDjAMBgNVBAcMBVNFT1VM +MQ0wCwYDVQQKDARFWEVNMQ4wDAYDVQQLDAVDTE9VRDENMAsGA1UEAwwERVhFTTAe +Fw0yMjEyMDYwNzA3MjBaFw0yMzAxMDUwNzA3MjBaMF4xCzAJBgNVBAYTAktSMQ0w +CwYDVQQIDARBU0lBMQ4wDAYDVQQHDAVTRU9VTDENMAsGA1UECgwERVhFTTEOMAwG +A1UECwwFQ0xPVUQxETAPBgNVBAMMCERBVEFHQVRFMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAv7EV2uwFSxTZMK5EG+QhuyZivAEjaRSrxqYbbqARWGVb +wgg6fseiwudn+4rgQTSr+FIH5xEbQxD5WncTPE4L8gwYTZ+eNykii4d82xqQUeEN +PeQ2CWBeYJfgRdN7AflU+BwbOjeErXdgxJybABnVoXdxusfo0freVSYseiT/ZLaD +0u7lK6srbY1vUwxorgQRhi0DD2Hn4SrXQv2K6y9djW2YusPOSHQcd7yK+J+30N9k +vfe7sdKiinHM65lezwPyx34PY+2RqoqqLDa1MpBpialxQuiGpz7UexNuiNFJTZbK +YmGPiMPnTMbjyqyU4tmMUhSKPFa1cAam/nDtVbzS1u9LY3Q8FMUnQV8TeBQ0cvqZ +rp0bvI3Z6ogpJeMTDOr/obLuFu7bhPnsGLEmL6BIZPeiQuCzReq0TSHWgoMWGWAn +kZoFpGgWVjx9TifoCPgvx1ULsTbPmXBs9b9NcFyLtlAuCrrnCK5zhbBVCGtAhrhE +TapQuaFK7glsncSRJMmivfVXcdnWlb6KpKmwzJl2XdMf/e+cxDxwK03U+NkInfuY +U3yo3mfL7ZZfjShEtOoKSqeWIjXPmp3qP1Ih5EMN13lBdkybV8t9ll33zpHfx57I +3B9deSz1pTnCnQ/tX29ENISs9bac0aPgCgecjO/UWkDSfwRfwbgKEAY0g+2HYxkC +AwEAAaNoMGYwJAYDVR0RBB0wG4IZZGdhdGUuZGV2LmtyLmRhdGFzYWtlci5pbzAd +BgNVHQ4EFgQU3HFs3DszdXhH2F978fk6+G4NixcwHwYDVR0jBBgwFoAUxDyce/PQ +j55GdKLbhRO2/LPksxowDQYJKoZIhvcNAQELBQADggIBAL4MoIJvwk9S512WG2kP +mCyDt1WIej1N5hioGH41XLTYBgCRZR53IiFKE5GuL0aDd9CKOPptMXDxpJJuzQBx +0FCQl5qrDpryGcRad+5ljcTcCyQTv/eeoJqR8YXu0N8/ToJ2412nc042YJ+Yueh+ +gy8bOtKnh5QlG1/wC2BNpE7W6DBglz10KfiXwBUz1aDhb+GX2HSPLBko/MvVFdy/ +jjVf7eJrXymPnWtQxNRurzfpT31xv2slXzsNXu53/jMeTF0ScjRltVos5cmjB+2r +7IIVhlQ767ScTCb+OrAfEJ7wCEcYVYN3+VHAYkSYYdg+slXr3lxyYgaeeQWc7zNw +5ClzNOP/juAfwC6JiCpJxR3l3pqQaaEbzWeAIUbKRaSlECV93lc1sraPVjEiAxog +2VlmtLD3MnyC8FXomIZNaZdh68cmiNsPehecWb10qrewiLYgFJQhaRSuQJ35CO0Y +u9E3JSZpVOJB6OoDNkV6AMWvDaimDtCbX8GwwNwoc0/rNc5Z6qZdjBsTfzUb/opc +XMsj/yuGZAaBe5Slqz+5FQKUMd4RrDVnZzgqriIB5jlXw8sRn+iiC/UYjQfyPiwk +lHccKWsb9CL2y0gpot+jg0e+A2Y3UO6v4opGXoSteaEj6Iqn+wINE0RJ+XTQKKao +VzjxmZAfIq9hRA6+IO3MschG +-----END CERTIFICATE----- diff --git a/packer/ansible/roles/helm_install/files/vault/tls/server-key.pem b/packer/ansible/roles/helm_install/files/vault/tls/server-key.pem new file mode 100644 index 0000000..d05ad90 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/server-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC/sRXa7AVLFNkw +rkQb5CG7JmK8ASNpFKvGphtuoBFYZVvCCDp+x6LC52f7iuBBNKv4UgfnERtDEPla +dxM8TgvyDBhNn543KSKLh3zbGpBR4Q095DYJYF5gl+BF03sB+VT4HBs6N4Std2DE +nJsAGdWhd3G6x+jR+t5VJix6JP9ktoPS7uUrqyttjW9TDGiuBBGGLQMPYefhKtdC +/YrrL12NbZi6w85IdBx3vIr4n7fQ32S997ux0qKKcczrmV7PA/LHfg9j7ZGqiqos +NrUykGmJqXFC6IanPtR7E26I0UlNlspiYY+Iw+dMxuPKrJTi2YxSFIo8VrVwBqb+ +cO1VvNLW70tjdDwUxSdBXxN4FDRy+pmunRu8jdnqiCkl4xMM6v+hsu4W7tuE+ewY +sSYvoEhk96JC4LNF6rRNIdaCgxYZYCeRmgWkaBZWPH1OJ+gI+C/HVQuxNs+ZcGz1 +v01wXIu2UC4KuucIrnOFsFUIa0CGuERNqlC5oUruCWydxJEkyaK99Vdx2daVvoqk +qbDMmXZd0x/975zEPHArTdT42Qid+5hTfKjeZ8vtll+NKES06gpKp5YiNc+aneo/ +UiHkQw3XeUF2TJtXy32WXffOkd/HnsjcH115LPWlOcKdD+1fb0Q0hKz1tpzRo+AK +B5yM79RaQNJ/BF/BuAoQBjSD7YdjGQIDAQABAoICABaR/r1Gof7rpwEE288e5tvW +0rRJPAag4PLkVwGJBlHOqWWou153GhJx1bv355y123PDENwjlv6oDnwY3iJxHBX1 +V504KJRdGwyruMdBkvGZGoqJhtVGzAX6i/Ucx/R9C4SlJo2NwOj9z96Gg/eYkx9O +ZY01AZRLwgbrljwRhCKzHMVmzIP+RQBCsXNpWB/5KakPPrd+cyN/fFYObV9wtcaz +u1JuQKkmRr3QbNqGT8nfq8h0VVzELNA5QwQQjGm6kMjtbll5PPgEGLJZBK+98jc7 +xLK4lzY0/ya4rICeh8+DbDP2QcS8ME1Jc8PG20b0j4GQmpAtM3LLzbjSyhcYwwhI +cbWzhlxcy7AmIQ9kdd6aodI8cqmCcf85xrLV4SFlFWHjul9uoFIPVQKhcbNu9rp+ +OOLpXHuA3KTG2I+HBGU6rmkZ0h3hhnzK+KY/ecg4ZnqVaHdbrnyuua/U1lSG+T2/ +RBWr0GFOHqzW/STOe5k0joYH7hVncymDw9DrRHSjeYEZjMgadBOtH+zXtL5Slfzb +OMIgkrcOJY4l4JNgg2ts+fPhXAbB7RUDFPUsW9mi79pk9JDn8MNSk3dPI9T3ZFG7 +b9FG69HfK2OsnWhjQexgAVgsdyRpgMem8z/rSKw1aMwXvFGne7o/N7YaVO3w0/PA +XY0GjI8YiE8Idtkd4HRBAoIBAQDUloMgTFcv/PSHQAg5/zmfN+eNQZE2Zwft1zZD +JsYDU1kXB4iaheqsfBrHagVxyiBZaFwPGEOuS5S+6ODSB+zaiGZeZ+yj8XcYOQNj +8y693ZFkqIaliAV7sNoSwsESvOGFeWCKWnx0If6uLp6170sQ1nST4TnSHlatgy1u ++k+HBgmQChPvPvp8ov8zS59TzHEI1qfsd1Jq6fS4I6SUA6bYLtnifatAWRuag/A7 +X5jAU83+jpdR/89A9k2DiowrW5Kp214/Ac66J7NhIcdiMl1EDw8tPxHv5OlOYEre +z8NSDwJMIqcZlBFskQv3YGaJLCuOzkz5QIpSyFrS55t8OLYJAoIBAQDm1i4IuabA +rGZ+cZnm31BDw2r9k2gy45PEtFkSKht4jvlMhOXpyEjq4weaEbqW/b84agB9D5Nv +NnRcLrF7DEZUgCPo86LYHsG7mXaaWmnKGQywVxCehZZ4ZZFH6iK2hANFS528TL88 +QoiHbw7NgWoYRL2NqkJEbm31Th7vYQ70eoxAWTSa2Tk/9fI1xCQni+tjzZRForHv +XLNgki91UDW2CS/5nkQGhukAlh47zXB4KDO/G/M+ZGmiCBpC3gE29Hd6PDgcByeZ +FOaWSY/uS2CA65dfloUTQfYrFagMos9zYaKJNbZ59HCQJ4T0SIx1F4isf8uG/z8w +U/xFK2Gb+AiRAoIBABYitfSe/lUY2b1bhX/Ee5OAlrO2qBAqGkFBr3y+hM/D1fr3 +5dlxKEZdhcxN1dNLYKLuoudPd3ymkg5u4Tn9aUQ3/7DE0XcgpW34QcoegDd04rbA +dYS27Rs8Bvj9Hm19DV6AjPTbBypwf7xTTmNTT1WpfuoHAaZHUm8uwYRUvAMrNcOx +yPGYdSyVLE2DCkwHdZ2d/E46/nHzem/SBkkDOFQ6TKWwwCwrGxyzsEf+ZEFieIiR +AGChaksxWlDgFEhPeK4HEYEuBwCLMbpjcgdfhyaXCtWDQ7Le+wwWKrWYnJXmyi5z +TUL0j/vl/oD7oLGXz9FG2ez6M2z7P7nGNAJzRUECggEASgbbom6vHFDtWZVizphE +7EZKFGHmY5N5+vX/LoUUZDgtmK1x8eQKBlGiSXVwCiX74cKUv4Z0OJEVBc7vmc9Y +6pZhbb5cNcS/SkMvttZR4L7hw9dX/A5JL/kaex6J3VA+oEVco1tVZKTNlek2rQ7Y +kEnTJBA6yilD2AwifY/5tMtsGOLCrPoGkw1zjGyHT6teZJYz+5TuTR3EZK7cy1la +sDMIEJwBoro3FLoPngwHCnGSDrKO8i5Pdef1TAZYC2CgxDF1qP9eYohCXmXe44OG +wjFLTRs/N+rKYAzE5LB9qLnh3vC7wSZzxrb1u0VczdwrN26QPY2znPMCDsiXt+X2 +EQKCAQBQj8LEoX+FVdTtFw7mMtcrpTs9JhWzA4emQSdEWxSLeXalAK/HM5xvF8kq +OPN4wVZYbhJyFCBxQAo47FB53WrcUKc/01E5RRsNALAbRszCAjMQ5X50TrkQCS+X +VeXCS76KnpH9yDfBxYis4eFtH6CvRHO572MpbJzjp4n4ZTVYws02BVVF6Jynmc66 +LDCw3lHaK+K0A5qX4MPTTXwELHMy4bJsWrI2r4PuMygJ8lrRxg3/YlOq9ZEegvBq +Dlv8nLIYYCRY8TRGVhtwQtEuuqrV+phFrkOwp/46UCsr7U2pTphNfebhfL5R1l2h +eAT5gUCcf6OjqDgIpD32xijmzp+r +-----END PRIVATE KEY----- diff --git a/packer/ansible/roles/helm_install/files/vault/tls/server-req.pem b/packer/ansible/roles/helm_install/files/vault/tls/server-req.pem new file mode 100644 index 0000000..239a981 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/tls/server-req.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEozCCAosCAQAwXjELMAkGA1UEBhMCS1IxDTALBgNVBAgMBEFTSUExDjAMBgNV +BAcMBVNFT1VMMQ0wCwYDVQQKDARFWEVNMQ4wDAYDVQQLDAVDTE9VRDERMA8GA1UE +AwwIREFUQUdBVEUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/sRXa +7AVLFNkwrkQb5CG7JmK8ASNpFKvGphtuoBFYZVvCCDp+x6LC52f7iuBBNKv4Ugfn +ERtDEPladxM8TgvyDBhNn543KSKLh3zbGpBR4Q095DYJYF5gl+BF03sB+VT4HBs6 +N4Std2DEnJsAGdWhd3G6x+jR+t5VJix6JP9ktoPS7uUrqyttjW9TDGiuBBGGLQMP +YefhKtdC/YrrL12NbZi6w85IdBx3vIr4n7fQ32S997ux0qKKcczrmV7PA/LHfg9j +7ZGqiqosNrUykGmJqXFC6IanPtR7E26I0UlNlspiYY+Iw+dMxuPKrJTi2YxSFIo8 +VrVwBqb+cO1VvNLW70tjdDwUxSdBXxN4FDRy+pmunRu8jdnqiCkl4xMM6v+hsu4W +7tuE+ewYsSYvoEhk96JC4LNF6rRNIdaCgxYZYCeRmgWkaBZWPH1OJ+gI+C/HVQux +Ns+ZcGz1v01wXIu2UC4KuucIrnOFsFUIa0CGuERNqlC5oUruCWydxJEkyaK99Vdx +2daVvoqkqbDMmXZd0x/975zEPHArTdT42Qid+5hTfKjeZ8vtll+NKES06gpKp5Yi +Nc+aneo/UiHkQw3XeUF2TJtXy32WXffOkd/HnsjcH115LPWlOcKdD+1fb0Q0hKz1 +tpzRo+AKB5yM79RaQNJ/BF/BuAoQBjSD7YdjGQIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBAEyXArw9/0KHqS2WWpbd6/3LyrRISPE+WSH9cErOmiU9caDxbQsRLiW6 +I0G6MoJxkScsNy7i3vbQYIb5Ur+jqcC6zKZXevL9fVmYugrlR2LC9pPUVSD+brol +ooUGdjVNtEucNzCLgKg11WYp8zgt1E06mk5FYimCFWFA84ZDcFndBWpoExuTSLLc +dyQfmPQ40RAyT3qD55d0J+IiKhfWBq1blTY5uHaEp7Ok14ukSK5baA76tnpm89vU +eWM+TpaQUqYCcGT54xbcy6gS3F4slpeHBK0Lq1H9nKl0+GZWf9q9OsQNpVTW+q/y +ukBiEYHxx81LxCHrbOcRjCv9NGMVPiMGHn3wx02BIswtzp9HNeNBzno48DhBpJgt +R7tGcF102BA5P0winooqiCcDEeHC6c+MNWBIxT9dT6+jJNBLKTJuYND55BDzoeJX +O6brWipR//OHlcFDKxf+ZyukGuV+geG+7qpjc8RKqVhK2+Z1rioY/toIRuUTvkIO +KS6BCAlpr3Mavx484FUmZe9K8X3KmS1i/ItKBV5RhNwip9wOFdyQ8BmSAos0WyL8 +EBcNj2u2tUTQs+w5A6LNI+HVYeFhXgwJH4yOilb7iYhcig7lPaqCFR1RIARqUW4G +8AYasXX8bMbghDRFlIOdOdEMI/iaEC2lOfa4Jo3hKuV4YUqDUh2S +-----END CERTIFICATE REQUEST----- diff --git a/packer/ansible/roles/helm_install/files/vault/values.openshift.yaml b/packer/ansible/roles/helm_install/files/vault/values.openshift.yaml new file mode 100644 index 0000000..ee00563 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/values.openshift.yaml @@ -0,0 +1,18 @@ +# These overrides are appropriate defaults for deploying this chart on OpenShift + +global: + openshift: true + +injector: + image: + repository: "registry.connect.redhat.com/hashicorp/vault-k8s" + tag: "1.0.1-ubi" + + agentImage: + repository: "registry.connect.redhat.com/hashicorp/vault" + tag: "1.12.0-ubi" + +server: + image: + repository: "registry.connect.redhat.com/hashicorp/vault" + tag: "1.12.0-ubi" diff --git a/packer/ansible/roles/helm_install/files/vault/values.schema.json b/packer/ansible/roles/helm_install/files/vault/values.schema.json new file mode 100644 index 0000000..676efb7 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/values.schema.json @@ -0,0 +1,1030 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "csi": { + "type": "object", + "properties": { + "daemonSet": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + }, + "extraLabels": { + "type": "object" + }, + "kubeletRootDir": { + "type": "string" + }, + "providersDir": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "container": { + "type": [ + "object", + "string" + ] + }, + "pod": { + "type": [ + "object", + "string" + ] + } + } + }, + "updateStrategy": { + "type": "object", + "properties": { + "maxUnavailable": { + "type": "string" + }, + "type": { + "type": "string" + } + } + } + } + }, + "debug": { + "type": "boolean" + }, + "enabled": { + "type": [ + "boolean", + "string" + ] + }, + "extraArgs": { + "type": "array" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "pod": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + }, + "extraLabels": { + "type": "object" + }, + "tolerations": { + "type": [ + "null", + "array", + "string" + ] + } + } + }, + "priorityClassName": { + "type": "string" + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "resources": { + "type": "object" + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + }, + "extraLabels": { + "type": "object" + } + } + }, + "volumeMounts": { + "type": [ + "null", + "array" + ] + }, + "volumes": { + "type": [ + "null", + "array" + ] + } + } + }, + "global": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "externalVaultAddr": { + "type": "string" + }, + "imagePullSecrets": { + "type": "array" + }, + "openshift": { + "type": "boolean" + }, + "psp": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + }, + "enable": { + "type": "boolean" + } + } + }, + "tlsDisable": { + "type": "boolean" + } + } + }, + "injector": { + "type": "object", + "properties": { + "affinity": { + "type": [ + "object", + "string" + ] + }, + "agentDefaults": { + "type": "object", + "properties": { + "cpuLimit": { + "type": "string" + }, + "cpuRequest": { + "type": "string" + }, + "memLimit": { + "type": "string" + }, + "memRequest": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateConfig": { + "type": "object", + "properties": { + "exitOnRetryFailure": { + "type": "boolean" + }, + "staticSecretRenderInterval": { + "type": "string" + } + } + } + } + }, + "agentImage": { + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "annotations": { + "type": [ + "object", + "string" + ] + }, + "authPath": { + "type": "string" + }, + "certs": { + "type": "object", + "properties": { + "caBundle": { + "type": "string" + }, + "certName": { + "type": "string" + }, + "keyName": { + "type": "string" + }, + "secretName": { + "type": [ + "null", + "string" + ] + } + } + }, + "enabled": { + "type": [ + "boolean", + "string" + ] + }, + "externalVaultAddr": { + "type": "string" + }, + "extraEnvironmentVars": { + "type": "object" + }, + "extraLabels": { + "type": "object" + }, + "failurePolicy": { + "type": "string" + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "leaderElector": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "logFormat": { + "type": "string" + }, + "logLevel": { + "type": "string" + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "namespaceSelector": { + "type": "object" + }, + "nodeSelector": { + "type": [ + "null", + "object", + "string" + ] + }, + "objectSelector": { + "type": [ + "object", + "string" + ] + }, + "podDisruptionBudget": { + "type": "object" + }, + "port": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "replicas": { + "type": "integer" + }, + "resources": { + "type": "object" + }, + "revokeOnShutdown": { + "type": "boolean" + }, + "securityContext": { + "type": "object", + "properties": { + "container": { + "type": [ + "object", + "string" + ] + }, + "pod": { + "type": [ + "object", + "string" + ] + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + } + } + }, + "strategy": { + "type": [ + "object", + "string" + ] + }, + "tolerations": { + "type": [ + "null", + "array", + "string" + ] + }, + "topologySpreadConstraints": { + "type": [ + "null", + "array", + "string" + ] + }, + "webhook": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + }, + "failurePolicy": { + "type": "string" + }, + "matchPolicy": { + "type": "string" + }, + "namespaceSelector": { + "type": "object" + }, + "objectSelector": { + "type": [ + "object", + "string" + ] + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "webhookAnnotations": { + "type": [ + "object", + "string" + ] + } + } + }, + "server": { + "type": "object", + "properties": { + "affinity": { + "type": [ + "object", + "string" + ] + }, + "annotations": { + "type": [ + "object", + "string" + ] + }, + "auditStorage": { + "type": "object", + "properties": { + "accessMode": { + "type": "string" + }, + "annotations": { + "type": [ + "object", + "string" + ] + }, + "enabled": { + "type": [ + "boolean", + "string" + ] + }, + "mountPath": { + "type": "string" + }, + "size": { + "type": "string" + }, + "storageClass": { + "type": [ + "null", + "string" + ] + } + } + }, + "authDelegator": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "dataStorage": { + "type": "object", + "properties": { + "accessMode": { + "type": "string" + }, + "annotations": { + "type": [ + "object", + "string" + ] + }, + "enabled": { + "type": [ + "boolean", + "string" + ] + }, + "mountPath": { + "type": "string" + }, + "size": { + "type": "string" + }, + "storageClass": { + "type": [ + "null", + "string" + ] + } + } + }, + "dev": { + "type": "object", + "properties": { + "devRootToken": { + "type": "string" + }, + "enabled": { + "type": "boolean" + } + } + }, + "enabled": { + "type": [ + "boolean", + "string" + ] + }, + "enterpriseLicense": { + "type": "object", + "properties": { + "secretKey": { + "type": "string" + }, + "secretName": { + "type": "string" + } + } + }, + "extraArgs": { + "type": "string" + }, + "extraContainers": { + "type": [ + "null", + "array" + ] + }, + "extraEnvironmentVars": { + "type": "object" + }, + "extraInitContainers": { + "type": [ + "null", + "array" + ] + }, + "extraLabels": { + "type": "object" + }, + "extraSecretEnvironmentVars": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "ha": { + "type": "object", + "properties": { + "apiAddr": { + "type": [ + "null", + "string" + ] + }, + "clusterAddr": { + "type": [ + "null", + "string" + ] + }, + "config": { + "type": [ + "string", + "object" + ] + }, + "disruptionBudget": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxUnavailable": { + "type": [ + "null", + "integer" + ] + } + } + }, + "enabled": { + "type": "boolean" + }, + "raft": { + "type": "object", + "properties": { + "config": { + "type": [ + "string", + "object" + ] + }, + "enabled": { + "type": "boolean" + }, + "setNodeId": { + "type": "boolean" + } + } + }, + "replicas": { + "type": "integer" + } + } + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "activeService": { + "type": "boolean" + }, + "annotations": { + "type": [ + "object", + "string" + ] + }, + "enabled": { + "type": "boolean" + }, + "extraPaths": { + "type": "array" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array" + } + } + } + }, + "ingressClassName": { + "type": "string" + }, + "labels": { + "type": "object" + }, + "pathType": { + "type": "string" + }, + "tls": { + "type": "array" + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "logFormat": { + "type": "string" + }, + "logLevel": { + "type": "string" + }, + "networkPolicy": { + "type": "object", + "properties": { + "egress": { + "type": "array" + }, + "enabled": { + "type": "boolean" + } + } + }, + "nodeSelector": { + "type": [ + "null", + "object", + "string" + ] + }, + "postStart": { + "type": "array" + }, + "preStopSleepSeconds": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "resources": { + "type": "object" + }, + "route": { + "type": "object", + "properties": { + "activeService": { + "type": "boolean" + }, + "annotations": { + "type": [ + "object", + "string" + ] + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "labels": { + "type": "object" + }, + "tls": { + "type": "object" + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + }, + "enabled": { + "type": "boolean" + }, + "externalTrafficPolicy": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "publishNotReadyAddresses": { + "type": "boolean" + }, + "targetPort": { + "type": "integer" + }, + "nodePort": { + "type": "integer" + }, + "activeNodePort": { + "type": "integer" + }, + "standbyNodePort": { + "type": "integer" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "shareProcessNamespace": { + "type": "boolean" + }, + "standalone": { + "type": "object", + "properties": { + "config": { + "type": [ + "string", + "object" + ] + }, + "enabled": { + "type": [ + "string", + "boolean" + ] + } + } + }, + "statefulSet": { + "type": "object", + "properties": { + "annotations": { + "type": [ + "object", + "string" + ] + }, + "securityContext": { + "type": "object", + "properties": { + "container": { + "type": [ + "object", + "string" + ] + }, + "pod": { + "type": [ + "object", + "string" + ] + } + } + } + } + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "type": [ + "null", + "array", + "string" + ] + }, + "topologySpreadConstraints": { + "type": [ + "null", + "array", + "string" + ] + }, + "updateStrategyType": { + "type": "string" + }, + "volumeMounts": { + "type": [ + "null", + "array" + ] + }, + "volumes": { + "type": [ + "null", + "array" + ] + }, + "hostNetwork": { + "type": "boolean" + } + } + }, + "ui": { + "type": "object", + "properties": { + "activeVaultPodOnly": { + "type": "boolean" + }, + "annotations": { + "type": [ + "object", + "string" + ] + }, + "enabled": { + "type": [ + "boolean", + "string" + ] + }, + "externalPort": { + "type": "integer" + }, + "externalTrafficPolicy": { + "type": "string" + }, + "publishNotReadyAddresses": { + "type": "boolean" + }, + "serviceNodePort": { + "type": [ + "null", + "integer" + ] + }, + "serviceType": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + } + } +} diff --git a/packer/ansible/roles/helm_install/files/vault/values.yaml b/packer/ansible/roles/helm_install/files/vault/values.yaml new file mode 100644 index 0000000..70779eb --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault/values.yaml @@ -0,0 +1,1121 @@ +# Available parameters and their default values for the Vault chart. + +global: + # enabled is the master enabled switch. Setting this to true or false + # will enable or disable all the components within this chart by default. + enabled: true + + # Image pull secret to use for registry authentication. + # Alternatively, the value may be specified as an array of strings. + imagePullSecrets: [] + # imagePullSecrets: + # - name: image-pull-secret + + # TLS for end-to-end encrypted transport + tlsDisable: true + + # External vault server address for the injector and CSI provider to use. + # Setting this will disable deployment of a vault server. + externalVaultAddr: "" + + # If deploying to OpenShift + openshift: false + + # Create PodSecurityPolicy for pods + psp: + enable: false + # Annotation for PodSecurityPolicy. + # This is a multi-line templated string map, and can also be set as YAML. + annotations: | + seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default + apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default + seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default + apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default + + serverTelemetry: + # Enable integration with the Prometheus Operator + # See the top level serverTelemetry section below before enabling this feature. + prometheusOperator: false + +injector: + # True if you want to enable vault agent injection. + # @default: global.enabled + enabled: "-" + + replicas: 1 + + # Configures the port the injector should listen on + port: 8080 + + # If multiple replicas are specified, by default a leader will be determined + # so that only one injector attempts to create TLS certificates. + leaderElector: + enabled: true + + # If true, will enable a node exporter metrics endpoint at /metrics. + metrics: + enabled: false + + # Deprecated: Please use global.externalVaultAddr instead. + externalVaultAddr: "" + + # image sets the repo and tag of the vault-k8s image to use for the injector. + image: + repository: "hashicorp/vault-k8s" + tag: "1.0.1" + pullPolicy: IfNotPresent + + # agentImage sets the repo and tag of the Vault image to use for the Vault Agent + # containers. This should be set to the official Vault image. Vault 1.3.1+ is + # required. + agentImage: + repository: "hashicorp/vault" + tag: "1.12.0" + + # The default values for the injected Vault Agent containers. + agentDefaults: + # For more information on configuring resources, see the K8s documentation: + # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + cpuLimit: "500m" + cpuRequest: "250m" + memLimit: "128Mi" + memRequest: "64Mi" + + # Default template type for secrets when no custom template is specified. + # Possible values include: "json" and "map". + template: "map" + + # Default values within Agent's template_config stanza. + templateConfig: + exitOnRetryFailure: true + staticSecretRenderInterval: "" + + # Mount Path of the Vault Kubernetes Auth Method. + authPath: "auth/kubernetes" + + # Configures the log verbosity of the injector. + # Supported log levels include: trace, debug, info, warn, error + logLevel: "info" + + # Configures the log format of the injector. Supported log formats: "standard", "json". + logFormat: "standard" + + # Configures all Vault Agent sidecars to revoke their token when shutting down + revokeOnShutdown: false + + webhook: + # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the + # API Version of the WebHook. + # To block pod creation while the webhook is unavailable, set the policy to `Fail` below. + # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy + # + failurePolicy: Ignore + + # matchPolicy specifies the approach to accepting changes based on the rules of + # the MutatingWebhookConfiguration. + # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy + # for more details. + # + matchPolicy: Exact + + # timeoutSeconds is the amount of seconds before the webhook request will be ignored + # or fails. + # If it is ignored or fails depends on the failurePolicy + # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts + # for more details. + # + timeoutSeconds: 30 + + # namespaceSelector is the selector for restricting the webhook to only + # specific namespaces. + # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector + # for more details. + # Example: + # namespaceSelector: + # matchLabels: + # sidecar-injector: enabled + namespaceSelector: {} + + # objectSelector is the selector for restricting the webhook to only + # specific labels. + # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector + # for more details. + # Example: + # objectSelector: + # matchLabels: + # vault-sidecar-injector: enabled + objectSelector: | + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - {{ template "vault.name" . }}-agent-injector + + # Extra annotations to attach to the webhook + annotations: {} + + # Deprecated: please use 'webhook.failurePolicy' instead + # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the + # API Version of the WebHook. + # To block pod creation while webhook is unavailable, set the policy to `Fail` below. + # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy + # + failurePolicy: Ignore + + # Deprecated: please use 'webhook.namespaceSelector' instead + # namespaceSelector is the selector for restricting the webhook to only + # specific namespaces. + # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector + # for more details. + # Example: + # namespaceSelector: + # matchLabels: + # sidecar-injector: enabled + namespaceSelector: {} + + # Deprecated: please use 'webhook.objectSelector' instead + # objectSelector is the selector for restricting the webhook to only + # specific labels. + # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector + # for more details. + # Example: + # objectSelector: + # matchLabels: + # vault-sidecar-injector: enabled + objectSelector: {} + + # Deprecated: please use 'webhook.annotations' instead + # Extra annotations to attach to the webhook + webhookAnnotations: {} + + certs: + # secretName is the name of the secret that has the TLS certificate and + # private key to serve the injector webhook. If this is null, then the + # injector will default to its automatic management mode that will assign + # a service account to the injector to generate its own certificates. + secretName: null + + # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA + # that signed the TLS certificate that the webhook serves. This must be set + # if secretName is non-null unless an external service like cert-manager is + # keeping the caBundle updated. + caBundle: "" + + # certName and keyName are the names of the files within the secret for + # the TLS cert and private key, respectively. These have reasonable + # defaults but can be customized if necessary. + certName: tls.crt + keyName: tls.key + + # Security context for the pod template and the injector container + # The default pod securityContext is: + # runAsNonRoot: true + # runAsGroup: {{ .Values.injector.gid | default 1000 }} + # runAsUser: {{ .Values.injector.uid | default 100 }} + # fsGroup: {{ .Values.injector.gid | default 1000 }} + # and for container is + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + securityContext: + pod: {} + container: {} + + resources: {} + # resources: + # requests: + # memory: 256Mi + # cpu: 250m + # limits: + # memory: 256Mi + # cpu: 250m + + # extraEnvironmentVars is a list of extra environment variables to set in the + # injector deployment. + extraEnvironmentVars: {} + # KUBERNETES_SERVICE_HOST: kubernetes.default.svc + + # Affinity Settings for injector pods + # This can either be a multi-line string or YAML matching the PodSpec's affinity field. + # Commenting out or setting as empty the affinity variable, will allow + # deployment of multiple replicas to single node services such as Minikube. + affinity: | + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector + app.kubernetes.io/instance: "{{ .Release.Name }}" + component: webhook + topologyKey: kubernetes.io/hostname + + # Topology settings for injector pods + # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + # This should be either a multi-line string or YAML matching the topologySpreadConstraints array + # in a PodSpec. + topologySpreadConstraints: [] + + # Toleration Settings for injector pods + # This should be either a multi-line string or YAML matching the Toleration array + # in a PodSpec. + tolerations: [] + + # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + # Example: + # nodeSelector: + # beta.kubernetes.io/arch: amd64 + nodeSelector: {} + + # Priority class for injector pods + priorityClassName: "" + + # Extra annotations to attach to the injector pods + # This can either be YAML or a YAML-formatted multi-line templated string map + # of the annotations to apply to the injector pods + annotations: {} + + # Extra labels to attach to the agent-injector + # This should be a YAML map of the labels to apply to the injector + extraLabels: {} + + # Should the injector pods run on the host network (useful when using + # an alternate CNI in EKS) + hostNetwork: false + + # Injector service specific config + service: + # Extra annotations to attach to the injector service + annotations: {} + + # Injector serviceAccount specific config + serviceAccount: + # Extra annotations to attach to the injector serviceAccount + annotations: {} + + # A disruption budget limits the number of pods of a replicated application + # that are down simultaneously from voluntary disruptions + podDisruptionBudget: {} + # podDisruptionBudget: + # maxUnavailable: 1 + + # strategy for updating the deployment. This can be a multi-line string or a + # YAML map. + strategy: {} + # strategy: | + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + # type: RollingUpdate + +server: + # If true, or "-" with global.enabled true, Vault server will be installed. + # See vault.mode in _helpers.tpl for implementation details. + enabled: "-" + + # [Enterprise Only] This value refers to a Kubernetes secret that you have + # created that contains your enterprise license. If you are not using an + # enterprise image or if you plan to introduce the license key via another + # route, then leave secretName blank ("") or set it to null. + # Requires Vault Enterprise 1.8 or later. + enterpriseLicense: + # The name of the Kubernetes secret that holds the enterprise license. The + # secret must be in the same namespace that Vault is installed into. + secretName: "" + # The key within the Kubernetes secret that holds the enterprise license. + secretKey: "license" + + # Resource requests, limits, etc. for the server cluster placement. This + # should map directly to the value of the resources field for a PodSpec. + # By default no direct resource request is made. + + image: + repository: "hashicorp/vault" + tag: "1.12.0" + # Overrides the default Image Pull Policy + pullPolicy: IfNotPresent + + # Configure the Update Strategy Type for the StatefulSet + # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + updateStrategyType: "OnDelete" + + # Configure the logging verbosity for the Vault server. + # Supported log levels include: trace, debug, info, warn, error + logLevel: "" + + # Configure the logging format for the Vault server. + # Supported log formats include: standard, json + logFormat: "" + + resources: {} + # resources: + # requests: + # memory: 256Mi + # cpu: 250m + # limits: + # memory: 256Mi + # cpu: 250m + + # Ingress allows ingress services to be created to allow external access + # from Kubernetes to access Vault pods. + # If deployment is on OpenShift, the following block is ignored. + # In order to expose the service, use the route section below + ingress: + enabled: false + labels: {} + # traffic: external + annotations: {} + # | + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # or + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + # Optionally use ingressClassName instead of deprecated annotation. + # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation + ingressClassName: "" + + # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. + # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. + pathType: Prefix + + # When HA mode is enabled and K8s service registration is being used, + # configure the ingress to point to the Vault active service. + activeService: true + hosts: + - host: chart-example.local + paths: [] + ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # service: + # name: ssl-redirect + # port: + # number: use-annotation + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + # OpenShift only - create a route to expose the service + # By default the created route will be of type passthrough + route: + enabled: false + + # When HA mode is enabled and K8s service registration is being used, + # configure the route to point to the Vault active service. + activeService: true + + labels: {} + annotations: {} + host: chart-example.local + # tls will be passed directly to the route's TLS config, which + # can be used to configure other termination methods that terminate + # TLS at the router + tls: + termination: passthrough + + # authDelegator enables a cluster role binding to be attached to the service + # account. This cluster role binding can be used to setup Kubernetes auth + # method. https://www.vaultproject.io/docs/auth/kubernetes.html + authDelegator: + enabled: true + + # extraInitContainers is a list of init containers. Specified as a YAML list. + # This is useful if you need to run a script to provision TLS certificates or + # write out configuration files in a dynamic way. + extraInitContainers: null + # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, + # # which is defined in the volumes value. + # - name: oauthapp + # image: "alpine" + # command: [sh, -c] + # args: + # - cd /tmp && + # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && + # tar -xf oauthapp.xz && + # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && + # chmod +x /usr/local/libexec/vault/oauthapp + # volumeMounts: + # - name: plugins + # mountPath: /usr/local/libexec/vault + + # extraContainers is a list of sidecar containers. Specified as a YAML list. + extraContainers: null + + # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers + # This is useful if Vault must be signaled, e.g. to send a SIGHUP for a log rotation + shareProcessNamespace: false + + # extraArgs is a string containing additional Vault server arguments. + extraArgs: "" + + # Used to define custom readinessProbe settings + readinessProbe: + enabled: true + # If you need to use a http path instead of the default exec + # path: /v1/sys/health?standbyok=true + + # When a probe fails, Kubernetes will try failureThreshold times before giving up + failureThreshold: 2 + # Number of seconds after the container has started before probe initiates + initialDelaySeconds: 5 + # How often (in seconds) to perform the probe + periodSeconds: 5 + # Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + # Number of seconds after which the probe times out. + timeoutSeconds: 3 + # Used to enable a livenessProbe for the pods + livenessProbe: + enabled: false + path: "/v1/sys/health?standbyok=true" + # When a probe fails, Kubernetes will try failureThreshold times before giving up + failureThreshold: 2 + # Number of seconds after the container has started before probe initiates + initialDelaySeconds: 60 + # How often (in seconds) to perform the probe + periodSeconds: 5 + # Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + # Number of seconds after which the probe times out. + timeoutSeconds: 3 + + # Optional duration in seconds the pod needs to terminate gracefully. + # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ + terminationGracePeriodSeconds: 10 + + # Used to set the sleep time during the preStop step + preStopSleepSeconds: 5 + + # Used to define commands to run after the pod is ready. + # This can be used to automate processes such as initialization + # or boostrapping auth methods. + postStart: [] + # - /bin/sh + # - -c + # - /vault/userconfig/myscript/run.sh + + # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be + # used to include variables required for auto-unseal. + extraEnvironmentVars: {} + # GOOGLE_REGION: global + # GOOGLE_PROJECT: myproject + # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json + + # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. + # These variables take value from existing Secret objects. + extraSecretEnvironmentVars: [] + # - envName: AWS_SECRET_ACCESS_KEY + # secretName: vault + # secretKey: AWS_SECRET_ACCESS_KEY + + # Deprecated: please use 'volumes' instead. + # extraVolumes is a list of extra volumes to mount. These will be exposed + # to Vault in the path `/vault/userconfig//`. The value below is + # an array of objects, examples are shown below. + extraVolumes: [] + # - type: secret (or "configMap") + # name: my-secret + # path: null # default is `/vault/userconfig` + + # volumes is a list of volumes made available to all containers. These are rendered + # via toYaml rather than pre-processed like the extraVolumes value. + # The purpose is to make it easy to share volumes between containers. + volumes: null + # - name: plugins + # emptyDir: {} + + # volumeMounts is a list of volumeMounts for the main server container. These are rendered + # via toYaml rather than pre-processed like the extraVolumes value. + # The purpose is to make it easy to share volumes between containers. + volumeMounts: null + # - mountPath: /usr/local/libexec/vault + # name: plugins + # readOnly: true + + # Affinity Settings + # Commenting out or setting as empty the affinity variable, will allow + # deployment to single node services such as Minikube + # This should be either a multi-line string or YAML matching the PodSpec's affinity field. + # affinity: | + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchLabels: + # app.kubernetes.io/name: {{ template "vault.name" . }} + # app.kubernetes.io/instance: "{{ .Release.Name }}" + # component: server + # topologyKey: kubernetes.io/hostname + + # Topology settings for server pods + # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + # This should be either a multi-line string or YAML matching the topologySpreadConstraints array + # in a PodSpec. + topologySpreadConstraints: [] + + # Toleration Settings for server pods + # This should be either a multi-line string or YAML matching the Toleration array + # in a PodSpec. + tolerations: [] + + # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + # Example: + # nodeSelector: + # beta.kubernetes.io/arch: amd64 + nodeSelector: {} + + # Enables network policy for server pods + networkPolicy: + enabled: false + egress: [] + # egress: + # - to: + # - ipBlock: + # cidr: 10.0.0.0/24 + # ports: + # - protocol: TCP + # port: 443 + + # Priority class for server pods + priorityClassName: "" + + # Extra labels to attach to the server pods + # This should be a YAML map of the labels to apply to the server pods + extraLabels: {} + + # Extra annotations to attach to the server pods + # This can either be YAML or a YAML-formatted multi-line templated string map + # of the annotations to apply to the server pods + annotations: {} + + # Enables a headless service to be used by the Vault Statefulset + service: + enabled: true + # clusterIP controls whether a Cluster IP address is attached to the + # Vault service within Kubernetes. By default, the Vault service will + # be given a Cluster IP address, set to None to disable. When disabled + # Kubernetes will create a "headless" service. Headless services can be + # used to communicate with pods directly through DNS instead of a round-robin + # load balancer. + # clusterIP: None + + # Configures the service type for the main Vault service. Can be ClusterIP + # or NodePort. + #type: ClusterIP + + # Do not wait for pods to be ready + publishNotReadyAddresses: true + + # The externalTrafficPolicy can be set to either Cluster or Local + # and is only valid for LoadBalancer and NodePort service types. + # The default value is Cluster. + # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy + externalTrafficPolicy: Cluster + + # If type is set to "NodePort", a specific nodePort value can be configured, + # will be random if left blank. + #nodePort: 30000 + + # When HA mode is enabled + # If type is set to "NodePort", a specific nodePort value can be configured, + # will be random if left blank. + #activeNodePort: 30001 + + # When HA mode is enabled + # If type is set to "NodePort", a specific nodePort value can be configured, + # will be random if left blank. + #standbyNodePort: 30002 + + # Port on which Vault server is listening + port: 8200 + # Target port to which the service should be mapped to + targetPort: 8200 + # Extra annotations for the service definition. This can either be YAML or a + # YAML-formatted multi-line templated string map of the annotations to apply + # to the service. + annotations: {} + + # This configures the Vault Statefulset to create a PVC for data + # storage when using the file or raft backend storage engines. + # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more + dataStorage: + enabled: true + # Size of the PVC created + size: 10Gi + # Location where the PVC will be mounted. + mountPath: "/vault/data" + # Name of the storage class to use. If null it will use the + # configured default Storage Class. + storageClass: null + # Access Mode of the storage device being used for the PVC + accessMode: ReadWriteOnce + # Annotations to apply to the PVC + annotations: {} + + # This configures the Vault Statefulset to create a PVC for audit + # logs. Once Vault is deployed, initialized, and unsealed, Vault must + # be configured to use this for audit logs. This will be mounted to + # /vault/audit + # See https://www.vaultproject.io/docs/audit/index.html to know more + auditStorage: + enabled: false + # Size of the PVC created + size: 10Gi + # Location where the PVC will be mounted. + mountPath: "/vault/audit" + # Name of the storage class to use. If null it will use the + # configured default Storage Class. + storageClass: null + # Access Mode of the storage device being used for the PVC + accessMode: ReadWriteOnce + # Annotations to apply to the PVC + annotations: {} + + # Run Vault in "dev" mode. This requires no further setup, no state management, + # and no initialization. This is useful for experimenting with Vault without + # needing to unseal, store keys, et. al. All data is lost on restart - do not + # use dev mode for anything other than experimenting. + # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more + dev: + enabled: false + + # Set VAULT_DEV_ROOT_TOKEN_ID value + devRootToken: "root" + + # Run Vault in "standalone" mode. This is the default mode that will deploy if + # no arguments are given to helm. This requires a PVC for data storage to use + # the "file" backend. This mode is not highly available and should not be scaled + # past a single replica. + standalone: + enabled: "-" + + # config is a raw string of default configuration when using a Stateful + # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data + # and store data there. This is only used when using a Replica count of 1, and + # using a stateful set. This should be HCL. + + # Note: Configuration files are stored in ConfigMaps so sensitive data + # such as passwords should be either mounted through extraSecretEnvironmentVars + # or through a Kube secret. For more information see: + # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations + config: | + ui = true + + listener "tcp" { + tls_disable = 1 + address = "[::]:8200" + cluster_address = "[::]:8201" + # Enable unauthenticated metrics access (necessary for Prometheus Operator) + #telemetry { + # unauthenticated_metrics_access = "true" + #} + } + storage "file" { + path = "/vault/data" + } + + # Example configuration for using auto-unseal, using Google Cloud KMS. The + # GKMS keys must already exist, and the cluster must have a service account + # that is authorized to access GCP KMS. + #seal "gcpckms" { + # project = "vault-helm-dev" + # region = "global" + # key_ring = "vault-helm-unseal-kr" + # crypto_key = "vault-helm-unseal-key" + #} + + # Example configuration for enabling Prometheus metrics in your config. + #telemetry { + # prometheus_retention_time = "30s", + # disable_hostname = true + #} + + # Run Vault in "HA" mode. There are no storage requirements unless the audit log + # persistence is required. In HA mode Vault will configure itself to use Consul + # for its storage backend. The default configuration provided will work the Consul + # Helm project by default. It is possible to manually configure Vault to use a + # different HA backend. + ha: + enabled: false + replicas: 3 + + # Set the api_addr configuration for Vault HA + # See https://www.vaultproject.io/docs/configuration#api_addr + # If set to null, this will be set to the Pod IP Address + apiAddr: null + + # Set the cluster_addr confuguration for Vault HA + # See https://www.vaultproject.io/docs/configuration#cluster_addr + # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 + clusterAddr: null + + # Enables Vault's integrated Raft storage. Unlike the typical HA modes where + # Vault's persistence is external (such as Consul), enabling Raft mode will create + # persistent volumes for Vault to store data according to the configuration under server.dataStorage. + # The Vault cluster will coordinate leader elections and failovers internally. + raft: + + # Enables Raft integrated storage + enabled: false + # Set the Node Raft ID to the name of the pod + setNodeId: false + + # Note: Configuration files are stored in ConfigMaps so sensitive data + # such as passwords should be either mounted through extraSecretEnvironmentVars + # or through a Kube secret. For more information see: + # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations + config: | + ui = true + + listener "tcp" { + tls_disable = 1 + address = "[::]:8200" + cluster_address = "[::]:8201" + # Enable unauthenticated metrics access (necessary for Prometheus Operator) + #telemetry { + # unauthenticated_metrics_access = "true" + #} + } + + storage "raft" { + path = "/vault/data" + } + + service_registration "kubernetes" {} + + # config is a raw string of default configuration when using a Stateful + # deployment. Default is to use a Consul for its HA storage backend. + # This should be HCL. + + # Note: Configuration files are stored in ConfigMaps so sensitive data + # such as passwords should be either mounted through extraSecretEnvironmentVars + # or through a Kube secret. For more information see: + # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations + config: | + ui = true + + listener "tcp" { + tls_disable = 1 + address = "[::]:8200" + cluster_address = "[::]:8201" + } + storage "consul" { + path = "vault" + address = "HOST_IP:8500" + } + + service_registration "kubernetes" {} + + # Example configuration for using auto-unseal, using Google Cloud KMS. The + # GKMS keys must already exist, and the cluster must have a service account + # that is authorized to access GCP KMS. + #seal "gcpckms" { + # project = "vault-helm-dev-246514" + # region = "global" + # key_ring = "vault-helm-unseal-kr" + # crypto_key = "vault-helm-unseal-key" + #} + + # Example configuration for enabling Prometheus metrics. + # If you are using Prometheus Operator you can enable a ServiceMonitor resource below. + # You may wish to enable unauthenticated metrics in the listener block above. + #telemetry { + # prometheus_retention_time = "30s", + # disable_hostname = true + #} + + # A disruption budget limits the number of pods of a replicated application + # that are down simultaneously from voluntary disruptions + disruptionBudget: + enabled: true + + # maxUnavailable will default to (n/2)-1 where n is the number of + # replicas. If you'd like a custom value, you can specify an override here. + maxUnavailable: null + + # Definition of the serviceAccount used to run Vault. + # These options are also used when using an external Vault server to validate + # Kubernetes tokens. + serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # Extra annotations for the serviceAccount definition. This can either be + # YAML or a YAML-formatted multi-line templated string map of the + # annotations to apply to the serviceAccount. + annotations: {} + + # Settings for the statefulSet used to run Vault. + statefulSet: + # Extra annotations for the statefulSet. This can either be YAML or a + # YAML-formatted multi-line templated string map of the annotations to apply + # to the statefulSet. + annotations: {} + + # Set the pod and container security contexts. + # If not set, these will default to, and for *not* OpenShift: + # pod: + # runAsNonRoot: true + # runAsGroup: {{ .Values.server.gid | default 1000 }} + # runAsUser: {{ .Values.server.uid | default 100 }} + # fsGroup: {{ .Values.server.gid | default 1000 }} + # container: + # allowPrivilegeEscalation: false + # + # If not set, these will default to, and for OpenShift: + # pod: {} + # container: {} + securityContext: + pod: {} + container: {} + + # Should the server pods run on the host network + hostNetwork: false + +# Vault UI +ui: + # True if you want to create a Service entry for the Vault UI. + # + # serviceType can be used to control the type of service created. For + # example, setting this to "LoadBalancer" will create an external load + # balancer (for supported K8S installations) to access the UI. + enabled: false + publishNotReadyAddresses: true + # The service should only contain selectors for active Vault pod + activeVaultPodOnly: false + serviceType: "ClusterIP" + serviceNodePort: null + externalPort: 8200 + targetPort: 8200 + + # The externalTrafficPolicy can be set to either Cluster or Local + # and is only valid for LoadBalancer and NodePort service types. + # The default value is Cluster. + # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy + externalTrafficPolicy: Cluster + + #loadBalancerSourceRanges: + # - 10.0.0.0/16 + # - 1.78.23.3/32 + + # loadBalancerIP: + + # Extra annotations to attach to the ui service + # This can either be YAML or a YAML-formatted multi-line templated string map + # of the annotations to apply to the ui service + annotations: {} + +# secrets-store-csi-driver-provider-vault +csi: + # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. + # + # Requires installing the secrets-store-csi-driver separately, see: + # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver + # + # With the driver and provider installed, you can mount Vault secrets into volumes + # similar to the Vault Agent injector, and you can also sync those secrets into + # Kubernetes secrets. + enabled: false + + image: + repository: "hashicorp/vault-csi-provider" + tag: "1.2.0" + pullPolicy: IfNotPresent + + # volumes is a list of volumes made available to all containers. These are rendered + # via toYaml rather than pre-processed like the extraVolumes value. + # The purpose is to make it easy to share volumes between containers. + volumes: null + # - name: tls + # secret: + # secretName: vault-tls + + # volumeMounts is a list of volumeMounts for the main server container. These are rendered + # via toYaml rather than pre-processed like the extraVolumes value. + # The purpose is to make it easy to share volumes between containers. + volumeMounts: null + # - name: tls + # mountPath: "/vault/tls" + # readOnly: true + + resources: {} + # resources: + # requests: + # cpu: 50m + # memory: 128Mi + # limits: + # cpu: 50m + # memory: 128Mi + + # Settings for the daemonSet used to run the provider. + daemonSet: + updateStrategy: + type: RollingUpdate + maxUnavailable: "" + # Extra annotations for the daemonSet. This can either be YAML or a + # YAML-formatted multi-line templated string map of the annotations to apply + # to the daemonSet. + annotations: {} + # Provider host path (must match the CSI provider's path) + providersDir: "/etc/kubernetes/secrets-store-csi-providers" + # Kubelet host path + kubeletRootDir: "/var/lib/kubelet" + # Extra labels to attach to the vault-csi-provider daemonSet + # This should be a YAML map of the labels to apply to the csi provider daemonSet + extraLabels: {} + # security context for the pod template and container in the csi provider daemonSet + securityContext: + pod: {} + container: {} + + pod: + # Extra annotations for the provider pods. This can either be YAML or a + # YAML-formatted multi-line templated string map of the annotations to apply + # to the pod. + annotations: {} + + # Toleration Settings for provider pods + # This should be either a multi-line string or YAML matching the Toleration array + # in a PodSpec. + tolerations: [] + + # Extra labels to attach to the vault-csi-provider pod + # This should be a YAML map of the labels to apply to the csi provider pod + extraLabels: {} + + + + # Priority class for csi pods + priorityClassName: "" + + serviceAccount: + # Extra annotations for the serviceAccount definition. This can either be + # YAML or a YAML-formatted multi-line templated string map of the + # annotations to apply to the serviceAccount. + annotations: {} + + # Extra labels to attach to the vault-csi-provider serviceAccount + # This should be a YAML map of the labels to apply to the csi provider serviceAccount + extraLabels: {} + + # Used to configure readinessProbe for the pods. + readinessProbe: + # When a probe fails, Kubernetes will try failureThreshold times before giving up + failureThreshold: 2 + # Number of seconds after the container has started before probe initiates + initialDelaySeconds: 5 + # How often (in seconds) to perform the probe + periodSeconds: 5 + # Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + # Number of seconds after which the probe times out. + timeoutSeconds: 3 + # Used to configure livenessProbe for the pods. + livenessProbe: + # When a probe fails, Kubernetes will try failureThreshold times before giving up + failureThreshold: 2 + # Number of seconds after the container has started before probe initiates + initialDelaySeconds: 5 + # How often (in seconds) to perform the probe + periodSeconds: 5 + # Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + # Number of seconds after which the probe times out. + timeoutSeconds: 3 + + # Enables debug logging. + debug: false + + # Pass arbitrary additional arguments to vault-csi-provider. + # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments + # for the available command line flags. + extraArgs: [] + +# Vault is able to collect and publish various runtime metrics. +# Enabling this feature requires setting adding `telemetry{}` stanza to +# the Vault configuration. There are a few examples included in the `config` sections above. +# +# For more information see: +# https://www.vaultproject.io/docs/configuration/telemetry +# https://www.vaultproject.io/docs/internals/telemetry +serverTelemetry: + # Enable support for the Prometheus Operator. Currently, this chart does not support + # authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included + # in the `listener "tcp"{}` stanza + # telemetry { + # unauthenticated_metrics_access = "true" + # } + # + # See the `standalone.config` for a more complete example of this. + # + # In addition, a top level `telemetry{}` stanza must also be included in the Vault configuration: + # + # example: + # telemetry { + # prometheus_retention_time = "30s", + # disable_hostname = true + # } + # + # Configuration for monitoring the Vault server. + serviceMonitor: + # The Prometheus operator *must* be installed before enabling this feature, + # if not the chart will fail to install due to missing CustomResourceDefinitions + # provided by the operator. + # + # Instructions on how to install the Helm chart can be found here: + # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack + # More information can be found here: + # https://github.com/prometheus-operator/prometheus-operator + # https://github.com/prometheus-operator/kube-prometheus + + # Enable deployment of the Vault Server ServiceMonitor CustomResource. + enabled: false + + # Selector labels to add to the ServiceMonitor. + # When empty, defaults to: + # release: prometheus + selectors: {} + + # Interval at which Prometheus scrapes metrics + interval: 30s + + # Timeout for Prometheus scrapes + scrapeTimeout: 10s + + prometheusRules: + # The Prometheus operator *must* be installed before enabling this feature, + # if not the chart will fail to install due to missing CustomResourceDefinitions + # provided by the operator. + + # Deploy the PrometheusRule custom resource for AlertManager based alerts. + # Requires that AlertManager is properly deployed. + enabled: false + + # Selector labels to add to the PrometheusRules. + # When empty, defaults to: + # release: prometheus + selectors: {} + + # Some example rules. + rules: {} + # - alert: vault-HighResponseTime + # annotations: + # message: The response time of Vault is over 500ms on average over the last 5 minutes. + # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500 + # for: 5m + # labels: + # severity: warning + # - alert: vault-HighResponseTime + # annotations: + # message: The response time of Vault is over 1s on average over the last 5 minutes. + # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000 + # for: 5m + # labels: + # severity: critical diff --git a/packer/ansible/roles/helm_install/files/vault_agent/configmap.yaml b/packer/ansible/roles/helm_install/files/vault_agent/configmap.yaml new file mode 100644 index 0000000..5864097 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault_agent/configmap.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dsk-vault-agent-config +data: + server.tmpl: | + {{ with secret "tls/data/server" }}{{ toJSON .Data.data }} + {{ end }} + + client.tmpl: | + {{ with secret "tls/data/client" }}{{ toJSON .Data.data }} + {{ end }} + + agent.hcl: | + pid_file = "./pidfile" + + vault { + address="http://vault-ui.dsk-middle:8200" + } + + auto_auth { + method { + type = "approle" + config = { + role_id_file_path = "/vault-agent/role-id" + secret_id_file_path = "/vault-agent/secret-id" + remove_secret_id_file_after_reading = false + } + } + + sink { + type = "file" + config = { + path = "/vault-agent/.vault-token" + mode = 0644 + } + } + } + + template_config { + static_secret_render_interval = "10s" + } + + template { + source = "/vault-agent/conf/server.tmpl" + destination = "/vault-agent/serverTls" + } + + template { + source = "/vault-agent/conf/client.tmpl" + destination = "/vault-agent/clientTls" + } diff --git a/packer/ansible/roles/helm_install/files/vault_agent/deployment.yaml b/packer/ansible/roles/helm_install/files/vault_agent/deployment.yaml new file mode 100644 index 0000000..7860a29 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault_agent/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dsk-vault-agent + labels: + app: dsk-vault-agent +spec: + replicas: 1 + selector: + matchLabels: + app: dsk-vault-agent + template: + metadata: + labels: + app: dsk-vault-agent + spec: + containers: + - name: vault-agent + image: vault + volumeMounts: + - name: vault-volume + mountPath: /vault-agent + - name: config + mountPath: /vault-agent/conf + command: [ "vault" ] + args: [ "agent", "-config=/vault-agent/conf/agent.hcl" ] + volumes: + - name: vault-volume + persistentVolumeClaim: + claimName: dsk-vault-tls-pvc + - name: config + configMap: + name: dsk-vault-agent-config + items: + - key: agent.hcl + path: agent.hcl + - key: server.tmpl + path: server.tmpl + - key: client.tmpl + path: client.tmpl + + diff --git a/packer/ansible/roles/helm_install/files/vault_agent/pvc.yaml b/packer/ansible/roles/helm_install/files/vault_agent/pvc.yaml new file mode 100644 index 0000000..712472e --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault_agent/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dsk-vault-tls-pvc +spec: + storageClassName: nfs-provisioner-dev + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/packer/ansible/roles/helm_install/files/vault_agent/test/configmap.yaml b/packer/ansible/roles/helm_install/files/vault_agent/test/configmap.yaml new file mode 100644 index 0000000..5864097 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault_agent/test/configmap.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dsk-vault-agent-config +data: + server.tmpl: | + {{ with secret "tls/data/server" }}{{ toJSON .Data.data }} + {{ end }} + + client.tmpl: | + {{ with secret "tls/data/client" }}{{ toJSON .Data.data }} + {{ end }} + + agent.hcl: | + pid_file = "./pidfile" + + vault { + address="http://vault-ui.dsk-middle:8200" + } + + auto_auth { + method { + type = "approle" + config = { + role_id_file_path = "/vault-agent/role-id" + secret_id_file_path = "/vault-agent/secret-id" + remove_secret_id_file_after_reading = false + } + } + + sink { + type = "file" + config = { + path = "/vault-agent/.vault-token" + mode = 0644 + } + } + } + + template_config { + static_secret_render_interval = "10s" + } + + template { + source = "/vault-agent/conf/server.tmpl" + destination = "/vault-agent/serverTls" + } + + template { + source = "/vault-agent/conf/client.tmpl" + destination = "/vault-agent/clientTls" + } diff --git a/packer/ansible/roles/helm_install/files/vault_agent/test/deployment.yaml b/packer/ansible/roles/helm_install/files/vault_agent/test/deployment.yaml new file mode 100644 index 0000000..650af00 --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault_agent/test/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dsk-vault-agent + labels: + app: dsk-vault-agent +spec: + replicas: 1 + selector: + matchLabels: + app: dsk-vault-agent + template: + metadata: + labels: + app: dsk-vault-agent + spec: + containers: + - name: vault-agent + image: vault + volumeMounts: + - name: vault-volume + mountPath: /vault-agent + - name: config + mountPath: /vault-agent/conf + command: [ "vault" ] + args: [ "agent", "-config=/vault-agent/conf/agent.hcl" ] + volumes: + - name: vault-volume + persistentVolumeClaim: + claimName: dsk-vault-test + - name: config + configMap: + name: dsk-vault-agent-config + items: + - key: agent.hcl + path: agent.hcl + - key: server.tmpl + path: server.tmpl + - key: client.tmpl + path: client.tmpl + + diff --git a/packer/ansible/roles/helm_install/files/vault_agent/test/pvc.yaml b/packer/ansible/roles/helm_install/files/vault_agent/test/pvc.yaml new file mode 100644 index 0000000..612ed9a --- /dev/null +++ b/packer/ansible/roles/helm_install/files/vault_agent/test/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dsk-vault-test +spec: + storageClassName: nfs-client-test + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/packer/ansible/roles/helm_install/tasks/helm-chart-install.yml b/packer/ansible/roles/helm_install/tasks/helm-chart-install.yml new file mode 100644 index 0000000..9d0ec9f --- /dev/null +++ b/packer/ansible/roles/helm_install/tasks/helm-chart-install.yml @@ -0,0 +1,37 @@ +--- +- name: 1. helmchart install (default) + kubernetes.core.helm: + kubeconfig: "{{ role_path }}/files/kubeconfig" + name: "{{item}}" + release_name: "{{item}}" + release_namespace: "{{ kubernetes_middleware_namespace }}" + chart_ref: "{{ role_path }}/files/{{item}}" + create_namespace: yes + release_state: present + values_files: + - "{{ role_path }}/files/{{item}}/values.yaml" + with_items: + - kafka + +- name: 2. helmchart install (override-values) + kubernetes.core.helm: + kubeconfig: "{{ role_path }}/files/kubeconfig" + name: "{{item}}" + release_name: "{{item}}" + release_namespace: "{{ kubernetes_middleware_namespace }}" + chart_ref: "{{ role_path }}/files/{{item}}" + create_namespace: yes + release_state: present + values_files: + - "{{ role_path }}/files/{{item}}/override-values.yaml" + with_items: + - ingress-nginx + - druid + - elasticsearch + - keycloak + - mongo-dsk + - mongo-manifest + - postgresql + - rabbitmq + - redis + diff --git a/packer/ansible/roles/helm_install/tasks/helm-chart-install.yml_bak b/packer/ansible/roles/helm_install/tasks/helm-chart-install.yml_bak new file mode 100644 index 0000000..57bc4ee --- /dev/null +++ b/packer/ansible/roles/helm_install/tasks/helm-chart-install.yml_bak @@ -0,0 +1,23 @@ +--- +- name: helmchart install + kubernetes.core.helm: + kubeconfig: "{{ role_path }}/files/kubeconfig" + name: "{{item}}" + release_name: "{{item}}" + release_namespace: "{{ kubernetes_middleware_namespace }}" + chart_ref: "{{ role_path }}/files/{{item}}" + create_namespace: yes + release_state: present + values_files: + - "{{ role_path }}/files/{{item}}/override-values.yaml" + with_items: + - ingress-nginx + - druid + - elasticsearch + - kafka + - keycloak + - mongo-dsk + - mongo-manifest + - postgresql + - rabbitmq + - redis diff --git a/packer/ansible/roles/helm_install/tasks/helm-chart-nginx.yml b/packer/ansible/roles/helm_install/tasks/helm-chart-nginx.yml new file mode 100644 index 0000000..748604a --- /dev/null +++ b/packer/ansible/roles/helm_install/tasks/helm-chart-nginx.yml @@ -0,0 +1,23 @@ +--- +- name: Create Nginx Ingress Controller deployment + kubernetes.core.helm: + kubeconfig: "{{ role_path }}/files/kubeconfig" + name: "{{item}}" + release_name: "{{item}}" + release_namespace: + chart_ref: "{{ role_path }}/files/{{item}}" + create_namespace: yes + release_state: present + with_items: + - ingress-nginx + - druid + - elasticsearch + - kafka + - keycloak + - mongo-dsk + - mongo-manifest + - postgresql + - rabbitmq + - redis + - vault + - vault_agent diff --git a/packer/ansible/roles/helm_install/tasks/helm-install.yml b/packer/ansible/roles/helm_install/tasks/helm-install.yml new file mode 100644 index 0000000..d057455 --- /dev/null +++ b/packer/ansible/roles/helm_install/tasks/helm-install.yml @@ -0,0 +1,60 @@ +--- +- name: Create Helm temporary directory + file: + path: /tmp/helm + state: directory + mode: "0755" + +- name: Fetch Helm package + get_url: + url: 'https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz' + dest: /tmp/helm.tar.gz + checksum: '{{ helm_checksum }}' + +- name: Extract Helm package + unarchive: + remote_src: true + src: /tmp/helm.tar.gz + dest: /tmp/helm + +- name: Ensure "docker" group exists + group: + name: docker + state: present + become: true + +- name: Install helm to /usr/local/bin + copy: + remote_src: true + src: /tmp/helm/linux-amd64/helm + dest: /usr/local/bin/helm + owner: root + group: docker + mode: "0755" + become: true + +- name: Cleanup Helm temporary directory + file: + path: /tmp/helm + state: absent + +- name: Cleanup Helm temporary download + file: + path: /tmp/helm.tar.gz + state: absent + +- name: Ensure bash_completion.d directory exists + file: + path: /etc/bash_completion.d + state: directory + mode: "0755" + become: true + +- name: Setup Helm tab-completion + shell: | + set -o pipefail + /usr/local/bin/helm completion bash | tee /etc/bash_completion.d/helm + args: + executable: /bin/bash + changed_when: false + become: true diff --git a/packer/ansible/roles/helm_install/tasks/main.yml b/packer/ansible/roles/helm_install/tasks/main.yml new file mode 100644 index 0000000..53b32fe --- /dev/null +++ b/packer/ansible/roles/helm_install/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- include: helm-install.yml + tags: helm-install + +- include: helm-chart-install.yml + tags: helm-chart-install diff --git a/packer/ansible/roles/kubernetes_install/README.md b/packer/ansible/roles/kubernetes_install/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/packer/ansible/roles/kubernetes_install/defaults/main.yml b/packer/ansible/roles/kubernetes_install/defaults/main.yml new file mode 100644 index 0000000..44c7e04 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/defaults/main.yml @@ -0,0 +1,131 @@ +helm_checksum: sha256:3156e4fe5f034e5b127cf165d61a8a1c48eb7a73b14689b273de5e6117df6fe2 +helm_version: v3.2.3 + +kubernetes_version: 1.25.2 + +kubernetes_kubelet_extra_args: "" +kubernetes_kubeadm_init_extra_opts: "" +kubernetes_join_command_extra_opts: "" + +kubernetes_pod_network: + cni: 'calico' + cidr: '10.96.0.0/12' + +kubernetes_calico_manifest_file: https://docs.projectcalico.org/manifests/calico.yaml + +containerd_config: + version: 2 + root: /var/lib/containerd + state: /run/containerd + plugin_dir: "" + disabled_plugins: [] + required_plugins: [] + oom_score: 0 + grpc: + address: /run/containerd/containerd.sock + tcp_address: "" + tcp_tls_cert: "" + tcp_tls_key: "" + uid: 0 + gid: 0 + max_recv_message_size: 16777216 + max_send_message_size: 16777216 + ttrpc: + address: "" + uid: 0 + gid: 0 + debug: + address: "" + uid: 0 + gid: 0 + level: "" + metrics: + address: "" + grpc_histogram: false + cgroup: + path: "" + timeouts: + "io.containerd.timeout.shim.cleanup": 5s + "io.containerd.timeout.shim.load": 5s + "io.containerd.timeout.shim.shutdown": 3s + "io.containerd.timeout.task.state": 2s + plugins: + "io.containerd.gc.v1.scheduler": + pause_threshold: 0.02 + deletion_threshold: 0 + mutation_threshold: 100 + schedule_delay: 0s + startup_delay: 100ms + "io.containerd.grpc.v1.cri": + disable_tcp_service: true + stream_server_address: 127.0.0.1 + stream_server_port: "0" + stream_idle_timeout: 4h0m0s + enable_selinux: false + sandbox_image: k8s.gcr.io/pause:3.1 + stats_collect_period: 10 + systemd_cgroup: false + enable_tls_streaming: false + max_container_log_line_size: 16384 + disable_cgroup: false + disable_apparmor: false + restrict_oom_score_adj: false + max_concurrent_downloads: 3 + disable_proc_mount: false + containerd: + snapshotter: overlayfs + default_runtime_name: runc + no_pivot: false + default_runtime: + runtime_type: "" + runtime_engine: "" + runtime_root: "" + privileged_without_host_devices: false + untrusted_workload_runtime: + runtime_type: "" + runtime_engine: "" + runtime_root: "" + privileged_without_host_devices: false + runtimes: + runc: + runtime_type: io.containerd.runc.v1 + runtime_engine: "" + runtime_root: "" + privileged_without_host_devices: false + cni: + bin_dir: /opt/cni/bin + conf_dir: /etc/cni/net.d + max_conf_num: 1 + conf_template: "" + registry: + mirrors: + "docker.io": + endpoint: + - https://registry-1.docker.io + x509_key_pair_streaming: + tls_cert_file: "" + tls_key_file: "" + "io.containerd.internal.v1.opt": + path: /opt/containerd + "io.containerd.internal.v1.restart": + interval: 10s + "io.containerd.metadata.v1.bolt": + content_sharing_policy: shared + "io.containerd.monitor.v1.cgroups": + no_prometheus: false + "io.containerd.runtime.v1.linux": + shim: containerd-shim + runtime: runc + runtime_root: "" + no_shim: false + shim_debug: false + "io.containerd.runtime.v2.task": + platforms: + - linux/amd64 + "io.containerd.service.v1.diff-service": + default: + - walking + "io.containerd.snapshotter.v1.devmapper": + root_path: "" + pool_name: "" + base_image_size: "" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/.helmignore b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/CHANGELOG.md b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/CHANGELOG.md new file mode 100644 index 0000000..27a52e8 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/CHANGELOG.md @@ -0,0 +1,445 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.2.1 + +- The sha of kube-webhook-certgen image & the opentelemetry image, in values file, was changed to new images built on alpine-v3.16.1 +- "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" + +### 4.2.0 + +- Support for Kubernetes v1.19.0 was removed +- "[8810](https://github.com/kubernetes/ingress-nginx/pull/8810) Prepare for v1.3.0" +- "[8808](https://github.com/kubernetes/ingress-nginx/pull/8808) revert arch var name" +- "[8805](https://github.com/kubernetes/ingress-nginx/pull/8805) Bump k8s.io/klog/v2 from 2.60.1 to 2.70.1" +- "[8803](https://github.com/kubernetes/ingress-nginx/pull/8803) Update to nginx base with alpine v3.16" +- "[8802](https://github.com/kubernetes/ingress-nginx/pull/8802) chore: start v1.3.0 release process" +- "[8798](https://github.com/kubernetes/ingress-nginx/pull/8798) Add v1.24.0 to test matrix" +- "[8796](https://github.com/kubernetes/ingress-nginx/pull/8796) fix: add MAC_OS variable for static-check" +- "[8793](https://github.com/kubernetes/ingress-nginx/pull/8793) changed to alpine-v3.16" +- "[8781](https://github.com/kubernetes/ingress-nginx/pull/8781) Bump github.com/stretchr/testify from 1.7.5 to 1.8.0" +- "[8778](https://github.com/kubernetes/ingress-nginx/pull/8778) chore: remove stable.txt from release process" +- "[8775](https://github.com/kubernetes/ingress-nginx/pull/8775) Remove stable" +- "[8773](https://github.com/kubernetes/ingress-nginx/pull/8773) Bump github/codeql-action from 2.1.14 to 2.1.15" +- "[8772](https://github.com/kubernetes/ingress-nginx/pull/8772) Bump ossf/scorecard-action from 1.1.1 to 1.1.2" +- "[8771](https://github.com/kubernetes/ingress-nginx/pull/8771) fix bullet md format" +- "[8770](https://github.com/kubernetes/ingress-nginx/pull/8770) Add condition for monitoring.coreos.com/v1 API" +- "[8769](https://github.com/kubernetes/ingress-nginx/pull/8769) Fix typos and add links to developer guide" +- "[8767](https://github.com/kubernetes/ingress-nginx/pull/8767) change v1.2.0 to v1.2.1 in deploy doc URLs" +- "[8765](https://github.com/kubernetes/ingress-nginx/pull/8765) Bump github/codeql-action from 1.0.26 to 2.1.14" +- "[8752](https://github.com/kubernetes/ingress-nginx/pull/8752) Bump github.com/spf13/cobra from 1.4.0 to 1.5.0" +- "[8751](https://github.com/kubernetes/ingress-nginx/pull/8751) Bump github.com/stretchr/testify from 1.7.2 to 1.7.5" +- "[8750](https://github.com/kubernetes/ingress-nginx/pull/8750) added announcement" +- "[8740](https://github.com/kubernetes/ingress-nginx/pull/8740) change sha e2etestrunner and echoserver" +- "[8738](https://github.com/kubernetes/ingress-nginx/pull/8738) Update docs to make it easier for noobs to follow step by step" +- "[8737](https://github.com/kubernetes/ingress-nginx/pull/8737) updated baseimage sha" +- "[8736](https://github.com/kubernetes/ingress-nginx/pull/8736) set ld-musl-path" +- "[8733](https://github.com/kubernetes/ingress-nginx/pull/8733) feat: migrate leaderelection lock to leases" +- "[8726](https://github.com/kubernetes/ingress-nginx/pull/8726) prometheus metric: upstream_latency_seconds" +- "[8720](https://github.com/kubernetes/ingress-nginx/pull/8720) Ci pin deps" +- "[8719](https://github.com/kubernetes/ingress-nginx/pull/8719) Working OpenTelemetry sidecar (base nginx image)" +- "[8714](https://github.com/kubernetes/ingress-nginx/pull/8714) Create Openssf scorecard" +- "[8708](https://github.com/kubernetes/ingress-nginx/pull/8708) Bump github.com/prometheus/common from 0.34.0 to 0.35.0" +- "[8703](https://github.com/kubernetes/ingress-nginx/pull/8703) Bump actions/dependency-review-action from 1 to 2" +- "[8701](https://github.com/kubernetes/ingress-nginx/pull/8701) Fix several typos" +- "[8699](https://github.com/kubernetes/ingress-nginx/pull/8699) fix the gosec test and a make target for it" +- "[8698](https://github.com/kubernetes/ingress-nginx/pull/8698) Bump actions/upload-artifact from 2.3.1 to 3.1.0" +- "[8697](https://github.com/kubernetes/ingress-nginx/pull/8697) Bump actions/setup-go from 2.2.0 to 3.2.0" +- "[8695](https://github.com/kubernetes/ingress-nginx/pull/8695) Bump actions/download-artifact from 2 to 3" +- "[8694](https://github.com/kubernetes/ingress-nginx/pull/8694) Bump crazy-max/ghaction-docker-buildx from 1.6.2 to 3.3.1" + +### 4.1.2 + +- "[8587](https://github.com/kubernetes/ingress-nginx/pull/8587) Add CAP_SYS_CHROOT to DS/PSP when needed" +- "[8458](https://github.com/kubernetes/ingress-nginx/pull/8458) Add portNamePreffix Helm chart parameter" +- "[8522](https://github.com/kubernetes/ingress-nginx/pull/8522) Add documentation for controller.service.loadBalancerIP in Helm chart" + +### 4.1.0 + +- "[8481](https://github.com/kubernetes/ingress-nginx/pull/8481) Fix log creation in chroot script" +- "[8479](https://github.com/kubernetes/ingress-nginx/pull/8479) changed nginx base img tag to img built with alpine3.14.6" +- "[8478](https://github.com/kubernetes/ingress-nginx/pull/8478) update base images and protobuf gomod" +- "[8468](https://github.com/kubernetes/ingress-nginx/pull/8468) Fallback to ngx.var.scheme for redirectScheme with use-forward-headers when X-Forwarded-Proto is empty" +- "[8456](https://github.com/kubernetes/ingress-nginx/pull/8456) Implement object deep inspector" +- "[8455](https://github.com/kubernetes/ingress-nginx/pull/8455) Update dependencies" +- "[8454](https://github.com/kubernetes/ingress-nginx/pull/8454) Update index.md" +- "[8447](https://github.com/kubernetes/ingress-nginx/pull/8447) typo fixing" +- "[8446](https://github.com/kubernetes/ingress-nginx/pull/8446) Fix suggested annotation-value-word-blocklist" +- "[8444](https://github.com/kubernetes/ingress-nginx/pull/8444) replace deprecated topology key in example with current one" +- "[8443](https://github.com/kubernetes/ingress-nginx/pull/8443) Add dependency review enforcement" +- "[8434](https://github.com/kubernetes/ingress-nginx/pull/8434) added new auth-tls-match-cn annotation" +- "[8426](https://github.com/kubernetes/ingress-nginx/pull/8426) Bump github.com/prometheus/common from 0.32.1 to 0.33.0" + +### 4.0.18 + +- "[8291](https://github.com/kubernetes/ingress-nginx/pull/8291) remove git tag env from cloud build" +- "[8286](https://github.com/kubernetes/ingress-nginx/pull/8286) Fix OpenTelemetry sidecar image build" +- "[8277](https://github.com/kubernetes/ingress-nginx/pull/8277) Add OpenSSF Best practices badge" +- "[8273](https://github.com/kubernetes/ingress-nginx/pull/8273) Issue#8241" +- "[8267](https://github.com/kubernetes/ingress-nginx/pull/8267) Add fsGroup value to admission-webhooks/job-patch charts" +- "[8262](https://github.com/kubernetes/ingress-nginx/pull/8262) Updated confusing error" +- "[8256](https://github.com/kubernetes/ingress-nginx/pull/8256) fix: deny locations with invalid auth-url annotation" +- "[8253](https://github.com/kubernetes/ingress-nginx/pull/8253) Add a certificate info metric" +- "[8236](https://github.com/kubernetes/ingress-nginx/pull/8236) webhook: remove useless code." +- "[8227](https://github.com/kubernetes/ingress-nginx/pull/8227) Update libraries in webhook image" +- "[8225](https://github.com/kubernetes/ingress-nginx/pull/8225) fix inconsistent-label-cardinality for prometheus metrics: nginx_ingress_controller_requests" +- "[8221](https://github.com/kubernetes/ingress-nginx/pull/8221) Do not validate ingresses with unknown ingress class in admission webhook endpoint" +- "[8210](https://github.com/kubernetes/ingress-nginx/pull/8210) Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1" +- "[8209](https://github.com/kubernetes/ingress-nginx/pull/8209) Bump google.golang.org/grpc from 1.43.0 to 1.44.0" +- "[8204](https://github.com/kubernetes/ingress-nginx/pull/8204) Add Artifact Hub lint" +- "[8203](https://github.com/kubernetes/ingress-nginx/pull/8203) Fix Indentation of example and link to cert-manager tutorial" +- "[8201](https://github.com/kubernetes/ingress-nginx/pull/8201) feat(metrics): add path and method labels to requests countera" +- "[8199](https://github.com/kubernetes/ingress-nginx/pull/8199) use functional options to reduce number of methods creating an EchoDeployment" +- "[8196](https://github.com/kubernetes/ingress-nginx/pull/8196) docs: fix inconsistent controller annotation" +- "[8191](https://github.com/kubernetes/ingress-nginx/pull/8191) Using Go install for misspell" +- "[8186](https://github.com/kubernetes/ingress-nginx/pull/8186) prometheus+grafana using servicemonitor" +- "[8185](https://github.com/kubernetes/ingress-nginx/pull/8185) Append elements on match, instead of removing for cors-annotations" +- "[8179](https://github.com/kubernetes/ingress-nginx/pull/8179) Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0" +- "[8173](https://github.com/kubernetes/ingress-nginx/pull/8173) Adding annotations to the controller service account" +- "[8163](https://github.com/kubernetes/ingress-nginx/pull/8163) Update the $req_id placeholder description" +- "[8162](https://github.com/kubernetes/ingress-nginx/pull/8162) Versioned static manifests" +- "[8159](https://github.com/kubernetes/ingress-nginx/pull/8159) Adding some geoip variables and default values" +- "[8155](https://github.com/kubernetes/ingress-nginx/pull/8155) #7271 feat: avoid-pdb-creation-when-default-backend-disabled-and-replicas-gt-1" +- "[8151](https://github.com/kubernetes/ingress-nginx/pull/8151) Automatically generate helm docs" +- "[8143](https://github.com/kubernetes/ingress-nginx/pull/8143) Allow to configure delay before controller exits" +- "[8136](https://github.com/kubernetes/ingress-nginx/pull/8136) add ingressClass option to helm chart - back compatibility with ingress.class annotations" +- "[8126](https://github.com/kubernetes/ingress-nginx/pull/8126) Example for JWT" + + +### 4.0.15 + +- [8120] https://github.com/kubernetes/ingress-nginx/pull/8120 Update go in runner and release v1.1.1 +- [8119] https://github.com/kubernetes/ingress-nginx/pull/8119 Update to go v1.17.6 +- [8118] https://github.com/kubernetes/ingress-nginx/pull/8118 Remove deprecated libraries, update other libs +- [8117] https://github.com/kubernetes/ingress-nginx/pull/8117 Fix codegen errors +- [8115] https://github.com/kubernetes/ingress-nginx/pull/8115 chart/ghaction: set the correct permission to have access to push a release +- [8098] https://github.com/kubernetes/ingress-nginx/pull/8098 generating SHA for CA only certs in backend_ssl.go + comparision of P… +- [8088] https://github.com/kubernetes/ingress-nginx/pull/8088 Fix Edit this page link to use main branch +- [8072] https://github.com/kubernetes/ingress-nginx/pull/8072 Expose GeoIP2 Continent code as variable +- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 docs(charts): using helm-docs for chart +- [8058] https://github.com/kubernetes/ingress-nginx/pull/8058 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 +- [8054] https://github.com/kubernetes/ingress-nginx/pull/8054 Bump google.golang.org/grpc from 1.41.0 to 1.43.0 +- [8051] https://github.com/kubernetes/ingress-nginx/pull/8051 align bug report with feature request regarding kind documentation +- [8046] https://github.com/kubernetes/ingress-nginx/pull/8046 Report expired certificates (#8045) +- [8044] https://github.com/kubernetes/ingress-nginx/pull/8044 remove G109 check till gosec resolves issues +- [8042] https://github.com/kubernetes/ingress-nginx/pull/8042 docs_multiple_instances_one_cluster_ticket_7543 +- [8041] https://github.com/kubernetes/ingress-nginx/pull/8041 docs: fix typo'd executible name +- [8035] https://github.com/kubernetes/ingress-nginx/pull/8035 Comment busy owners +- [8029] https://github.com/kubernetes/ingress-nginx/pull/8029 Add stream-snippet as a ConfigMap and Annotation option +- [8023] https://github.com/kubernetes/ingress-nginx/pull/8023 fix nginx compilation flags +- [8021] https://github.com/kubernetes/ingress-nginx/pull/8021 Disable default modsecurity_rules_file if modsecurity-snippet is specified +- [8019] https://github.com/kubernetes/ingress-nginx/pull/8019 Revise main documentation page +- [8018] https://github.com/kubernetes/ingress-nginx/pull/8018 Preserve order of plugin invocation +- [8015] https://github.com/kubernetes/ingress-nginx/pull/8015 Add newline indenting to admission webhook annotations +- [8014] https://github.com/kubernetes/ingress-nginx/pull/8014 Add link to example error page manifest in docs +- [8009] https://github.com/kubernetes/ingress-nginx/pull/8009 Fix spelling in documentation and top-level files +- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml +- [8003] https://github.com/kubernetes/ingress-nginx/pull/8003 Minor improvements (formatting, consistency) in install guide +- [8001] https://github.com/kubernetes/ingress-nginx/pull/8001 fix: go-grpc Dockerfile +- [7999] https://github.com/kubernetes/ingress-nginx/pull/7999 images: use k8s-staging-test-infra/gcb-docker-gcloud +- [7996] https://github.com/kubernetes/ingress-nginx/pull/7996 doc: improvement +- [7983] https://github.com/kubernetes/ingress-nginx/pull/7983 Fix a couple of misspellings in the annotations documentation. +- [7979] https://github.com/kubernetes/ingress-nginx/pull/7979 allow set annotations for admission Jobs +- [7977] https://github.com/kubernetes/ingress-nginx/pull/7977 Add ssl_reject_handshake to defaul server +- [7975] https://github.com/kubernetes/ingress-nginx/pull/7975 add legacy version update v0.50.0 to main changelog +- [7972] https://github.com/kubernetes/ingress-nginx/pull/7972 updated service upstream definition + +### 4.0.14 + +- [8061] https://github.com/kubernetes/ingress-nginx/pull/8061 Using helm-docs to populate values table in README.md + +### 4.0.13 + +- [8008] https://github.com/kubernetes/ingress-nginx/pull/8008 Add relabelings in controller-servicemonitor.yaml + +### 4.0.12 + +- [7978] https://github.com/kubernetes/ingress-nginx/pull/7979 Support custom annotations in admissions Jobs + +### 4.0.11 + +- [7873] https://github.com/kubernetes/ingress-nginx/pull/7873 Makes the [appProtocol](https://kubernetes.io/docs/concepts/services-networking/_print/#application-protocol) field optional. + +### 4.0.10 + +- [7964] https://github.com/kubernetes/ingress-nginx/pull/7964 Update controller version to v1.1.0 + +### 4.0.9 + +- [6992] https://github.com/kubernetes/ingress-nginx/pull/6992 Add ability to specify labels for all resources + +### 4.0.7 + +- [7923] https://github.com/kubernetes/ingress-nginx/pull/7923 Release v1.0.5 of ingress-nginx +- [7806] https://github.com/kubernetes/ingress-nginx/pull/7806 Choice option for internal/external loadbalancer type service + +### 4.0.6 + +- [7804] https://github.com/kubernetes/ingress-nginx/pull/7804 Release v1.0.4 of ingress-nginx +- [7651] https://github.com/kubernetes/ingress-nginx/pull/7651 Support ipFamilyPolicy and ipFamilies fields in Helm Chart +- [7798] https://github.com/kubernetes/ingress-nginx/pull/7798 Exoscale: use HTTP Healthcheck mode +- [7793] https://github.com/kubernetes/ingress-nginx/pull/7793 Update kube-webhook-certgen to v1.1.1 + +### 4.0.5 + +- [7740] https://github.com/kubernetes/ingress-nginx/pull/7740 Release v1.0.3 of ingress-nginx + +### 4.0.3 + +- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx + +### 4.0.2 + +- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx + +### 4.0.1 + +- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx + +### 3.34.0 + +- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates + +### 3.33.0 + +- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1 + +### 3.32.0 + +- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA + +### 3.31.0 + +- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes + +### 3.30.0 + +- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints + +### 3.29.0 + +- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor + +### 3.28.0 + +- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs + +### 3.27.0 + +- Update ingress-nginx v0.45.0 + +### 3.26.0 + +- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics + +### 3.25.0 + +- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken + +### 3.24.0 + +- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment + +### 3.23.0 + +- Update ingress-nginx v0.44.0 + +### 3.22.0 + +- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file +- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart + +### 3.21.0 + +- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject +- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values +- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled +- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1 + +### 3.20.1 + +- Do not create KEDA in case of DaemonSets. +- Fix KEDA v2 definition + +### 3.20.0 + +- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled. + +### 3.19.0 + +- Update ingress-nginx v0.43.0 + +### 3.18.0 + +- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy +- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters + +### 3.17.0 + +- Update ingress-nginx v0.42.0 + +### 3.16.1 + +- Fix chart-releaser action + +### 3.16.0 + +- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service + +### 3.15.1 + +- Fix chart-releaser action + +### 3.15.0 + +- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml + +### 3.14.0 + +- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend + +### 3.13.0 + +- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable + +### 3.12.0 + +- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs + +### 3.11.1 + +- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling + +### 3.11.0 + +- Support Keda Autoscaling + +### 3.10.1 + +- Fix regression introduced in 0.41.0 with external authentication + +### 3.10.0 + +- Fix routing regression introduced in 0.41.0 with PathType Exact + +### 3.9.0 + +- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling + +### 3.8.0 + +- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image +- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs +- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend +- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations +- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog + +### 3.7.1 + +- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart + +### 3.7.0 + +- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315) + +### 3.6.0 + +- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector + +### 3.5.1 + +- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release + +### 3.5.0 + +- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations + +### 3.4.0 + +- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288 + +### 3.3.1 + +- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart +- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link +- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0 + +### 3.3.1 + +- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test + +### 3.3.0 + +- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values +- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort +- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression +- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules + +### 3.0.0 + +- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements + +### 2.16.0 + +- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller + +### 2.15.0 + +- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec + +### 2.14.0 + +- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration + +### 2.13.0 + +- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 + +### 2.13.0 + +- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0 +- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip + +### 2.12.1 + +- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples + +### 2.12.0 + +- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels +- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting + +### 2.11.3 + +- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH + +### 2.11.2 + +- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version + +### 2.11.1 + +- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1 + +### 2.11.0 + +- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0 +- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe + +### 2.10.0 + +- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image + +### 2.9.1 + +- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823) + +### 2.9.0 + +- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues + + +### TODO + +Keep building the changelog using *git log charts* checking the tag diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/Chart.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/Chart.yaml new file mode 100644 index 0000000..55c0b54 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + artifacthub.io/changes: | + - "[8896](https://github.com/kubernetes/ingress-nginx/pull/8896) updated to new images built today" + - "fix permissions about configmap" + artifacthub.io/prerelease: "false" +apiVersion: v2 +appVersion: 1.3.1 +description: Ingress controller for Kubernetes using NGINX as a reverse proxy and + load balancer +home: https://github.com/kubernetes/ingress-nginx +icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png +keywords: +- ingress +- nginx +kubeVersion: '>=1.20.0-0' +maintainers: +- name: rikatz +- name: strongjz +- name: tao12345666333 +name: ingress-nginx +sources: +- https://github.com/kubernetes/ingress-nginx +version: 4.2.5 diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/OWNERS b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/OWNERS new file mode 100644 index 0000000..6b7e049 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/OWNERS @@ -0,0 +1,10 @@ +# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md + +approvers: +- ingress-nginx-helm-maintainers + +reviewers: +- ingress-nginx-helm-reviewers + +labels: +- area/helm diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/README.md b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/README.md new file mode 100644 index 0000000..4e6a696 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/README.md @@ -0,0 +1,494 @@ +# ingress-nginx + +[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer + +![Version: 4.2.5](https://img.shields.io/badge/Version-4.2.5-informational?style=flat-square) ![AppVersion: 1.3.1](https://img.shields.io/badge/AppVersion-1.3.1-informational?style=flat-square) + +To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. + +This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Chart version 3.x.x: Kubernetes v1.16+ +- Chart version 4.x.x and above: Kubernetes v1.19+ + +## Get Repo Info + +```console +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update +``` + +## Install Chart + +**Important:** only helm3 is supported + +```console +helm install [RELEASE_NAME] ingress-nginx/ingress-nginx +``` + +The command deploys ingress-nginx on the Kubernetes cluster in the default configuration. + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading With Zero Downtime in Production + +By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8). + +### Migrating from stable/nginx-ingress + +There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: + +1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one +1. For critical services in production that require zero-downtime, you will want to: + 1. [Install](#install-chart) a second Ingress controller + 1. Redirect your DNS traffic from the old controller to the new controller + 1. Log traffic from both controllers during this changeover + 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it + 1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production) + +Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +helm show values ingress-nginx/ingress-nginx +``` + +### PodDisruptionBudget + +Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one, +else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info. + +### Prometheus Metrics + +The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. + +You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. +Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) + +### ingress-nginx nginx\_status page/stats server + +Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: + +- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed +- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. + You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server + +### ExternalDNS Service Configuration + +Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service: + +```yaml +controller: + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com. +``` + +### AWS L7 ELB with SSL Termination + +Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml): + +```yaml +controller: + service: + targetPorts: + http: http + https: http + annotations: + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' +``` + +### AWS route53-mapper + +To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label: + +```yaml +controller: + service: + labels: + dns: "route53" + annotations: + domainName: "kubernetes-example.com" +``` + +### Additional Internal Load Balancer + +This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. + +By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL. + +You'll need to set both the following values: + +`controller.service.internal.enabled` +`controller.service.internal.annotations` + +If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken. + +`controller.service.internal.annotations` varies with the cloud service you're using. + +Example for AWS: + +```yaml +controller: + service: + internal: + enabled: true + annotations: + # Create internal ELB + service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +Example for GCE: + +```yaml +controller: + service: + internal: + enabled: true + annotations: + # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing + # For GKE versions 1.17 and later + networking.gke.io/load-balancer-type: "Internal" + # For earlier versions + # cloud.google.com/load-balancer-type: "Internal" + + # Any other annotation can be declared here. +``` + +Example for Azure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +Example for Oracle Cloud Infrastructure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/oci-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object. + +Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`. + +### Ingress Admission Webhooks + +With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. +**This feature is enabled by default since 0.31.0.** + +With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) + +### Helm Error When Upgrading: spec.clusterIP: Invalid value: "" + +If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this: + +```console +Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable +``` + +Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error. + +As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. + +## Requirements + +Kubernetes: `>=1.20.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commonLabels | object | `{}` | | +| controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers | +| controller.admissionWebhooks.annotations | object | `{}` | | +| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | +| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | +| controller.admissionWebhooks.enabled | bool | `true` | | +| controller.admissionWebhooks.existingPsp | string | `""` | Use an existing PSP instead of creating one | +| controller.admissionWebhooks.extraEnvs | list | `[]` | Additional environment variables to set | +| controller.admissionWebhooks.failurePolicy | string | `"Fail"` | Admission Webhook failure policy to use | +| controller.admissionWebhooks.key | string | `"/usr/local/certificates/key"` | | +| controller.admissionWebhooks.labels | object | `{}` | Labels to be added to admission webhooks | +| controller.admissionWebhooks.namespaceSelector | object | `{}` | | +| controller.admissionWebhooks.networkPolicyEnabled | bool | `false` | | +| controller.admissionWebhooks.objectSelector | object | `{}` | | +| controller.admissionWebhooks.patch.enabled | bool | `true` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47"` | | +| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | +| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | +| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v1.3.0"` | | +| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | +| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| controller.admissionWebhooks.patch.podAnnotations | object | `{}` | | +| controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | +| controller.admissionWebhooks.patch.securityContext.fsGroup | int | `2000` | | +| controller.admissionWebhooks.patch.securityContext.runAsNonRoot | bool | `true` | | +| controller.admissionWebhooks.patch.securityContext.runAsUser | int | `2000` | | +| controller.admissionWebhooks.patch.tolerations | list | `[]` | | +| controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | +| controller.admissionWebhooks.port | int | `8443` | | +| controller.admissionWebhooks.service.annotations | object | `{}` | | +| controller.admissionWebhooks.service.externalIPs | list | `[]` | | +| controller.admissionWebhooks.service.loadBalancerSourceRanges | list | `[]` | | +| controller.admissionWebhooks.service.servicePort | int | `443` | | +| controller.admissionWebhooks.service.type | string | `"ClusterIP"` | | +| controller.affinity | object | `{}` | Affinity and anti-affinity rules for server scheduling to nodes # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # | +| controller.allowSnippetAnnotations | bool | `true` | This configuration defines if Ingress Controller should allow users to set their own *-snippet annotations, otherwise this is forbidden / dropped when users add those annotations. Global snippets in ConfigMap are still respected | +| controller.annotations | object | `{}` | Annotations to be added to the controller Deployment or DaemonSet # | +| controller.autoscaling.behavior | object | `{}` | | +| controller.autoscaling.enabled | bool | `false` | | +| controller.autoscaling.maxReplicas | int | `11` | | +| controller.autoscaling.minReplicas | int | `1` | | +| controller.autoscaling.targetCPUUtilizationPercentage | int | `50` | | +| controller.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | +| controller.autoscalingTemplate | list | `[]` | | +| controller.config | object | `{}` | Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ | +| controller.configAnnotations | object | `{}` | Annotations to be added to the controller config configuration configmap. | +| controller.configMapNamespace | string | `""` | Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) | +| controller.containerName | string | `"controller"` | Configures the controller container name | +| controller.containerPort | object | `{"http":80,"https":443}` | Configures the ports that the nginx-controller listens on | +| controller.customTemplate.configMapKey | string | `""` | | +| controller.customTemplate.configMapName | string | `""` | | +| controller.dnsConfig | object | `{}` | Optionally customize the pod dnsConfig. | +| controller.dnsPolicy | string | `"ClusterFirst"` | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | +| controller.electionID | string | `"ingress-controller-leader"` | Election ID to use for status update | +| controller.enableMimalloc | bool | `true` | Enable mimalloc as a drop-in replacement for malloc. # ref: https://github.com/microsoft/mimalloc # | +| controller.existingPsp | string | `""` | Use an existing PSP instead of creating one | +| controller.extraArgs | object | `{}` | Additional command line arguments to pass to nginx-ingress-controller E.g. to specify the default SSL certificate you can use | +| controller.extraContainers | list | `[]` | Additional containers to be added to the controller pod. See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. | +| controller.extraEnvs | list | `[]` | Additional environment variables to set | +| controller.extraInitContainers | list | `[]` | Containers, which are run before the app containers are started. | +| controller.extraModules | list | `[]` | | +| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts to the controller main container. | +| controller.extraVolumes | list | `[]` | Additional volumes to the controller pod. | +| controller.healthCheckHost | string | `""` | Address to bind the health check endpoint. It is better to set this option to the internal node address if the ingress nginx controller is running in the `hostNetwork: true` mode. | +| controller.healthCheckPath | string | `"/healthz"` | Path of the health check endpoint. All requests received on the port defined by the healthz-port parameter are forwarded internally to this path. | +| controller.hostNetwork | bool | `false` | Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged | +| controller.hostPort.enabled | bool | `false` | Enable 'hostPort' or not | +| controller.hostPort.ports.http | int | `80` | 'hostPort' http port | +| controller.hostPort.ports.https | int | `443` | 'hostPort' https port | +| controller.hostname | object | `{}` | Optionally customize the pod hostname. | +| controller.image.allowPrivilegeEscalation | bool | `true` | | +| controller.image.chroot | bool | `false` | | +| controller.image.digest | string | `"sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974"` | | +| controller.image.digestChroot | string | `"sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1"` | | +| controller.image.image | string | `"ingress-nginx/controller"` | | +| controller.image.pullPolicy | string | `"IfNotPresent"` | | +| controller.image.registry | string | `"registry.k8s.io"` | | +| controller.image.runAsUser | int | `101` | | +| controller.image.tag | string | `"v1.3.1"` | | +| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | +| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | +| controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | +| controller.ingressClassResource.default | bool | `false` | Is this the default ingressClass for the cluster | +| controller.ingressClassResource.enabled | bool | `true` | Is this ingressClass enabled or not | +| controller.ingressClassResource.name | string | `"nginx"` | Name of the ingressClass | +| controller.ingressClassResource.parameters | object | `{}` | Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters. | +| controller.keda.apiVersion | string | `"keda.sh/v1alpha1"` | | +| controller.keda.behavior | object | `{}` | | +| controller.keda.cooldownPeriod | int | `300` | | +| controller.keda.enabled | bool | `false` | | +| controller.keda.maxReplicas | int | `11` | | +| controller.keda.minReplicas | int | `1` | | +| controller.keda.pollingInterval | int | `30` | | +| controller.keda.restoreToOriginalReplicaCount | bool | `false` | | +| controller.keda.scaledObject.annotations | object | `{}` | | +| controller.keda.triggers | list | `[]` | | +| controller.kind | string | `"Deployment"` | Use a `DaemonSet` or `Deployment` | +| controller.labels | object | `{}` | Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels # | +| controller.lifecycle | object | `{"preStop":{"exec":{"command":["/wait-shutdown"]}}}` | Improve connection draining when ingress controller pod is deleted using a lifecycle hook: With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds to 300, allowing the draining of connections up to five minutes. If the active connections end before that, the pod will terminate gracefully at that time. To effectively take advantage of this feature, the Configmap feature worker-shutdown-timeout new value is 240s instead of 10s. # | +| controller.livenessProbe.failureThreshold | int | `5` | | +| controller.livenessProbe.httpGet.path | string | `"/healthz"` | | +| controller.livenessProbe.httpGet.port | int | `10254` | | +| controller.livenessProbe.httpGet.scheme | string | `"HTTP"` | | +| controller.livenessProbe.initialDelaySeconds | int | `10` | | +| controller.livenessProbe.periodSeconds | int | `10` | | +| controller.livenessProbe.successThreshold | int | `1` | | +| controller.livenessProbe.timeoutSeconds | int | `1` | | +| controller.maxmindLicenseKey | string | `""` | Maxmind license key to download GeoLite2 Databases. # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases | +| controller.metrics.enabled | bool | `false` | | +| controller.metrics.port | int | `10254` | | +| controller.metrics.prometheusRule.additionalLabels | object | `{}` | | +| controller.metrics.prometheusRule.enabled | bool | `false` | | +| controller.metrics.prometheusRule.rules | list | `[]` | | +| controller.metrics.service.annotations | object | `{}` | | +| controller.metrics.service.externalIPs | list | `[]` | List of IP addresses at which the stats-exporter service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | +| controller.metrics.service.loadBalancerSourceRanges | list | `[]` | | +| controller.metrics.service.servicePort | int | `10254` | | +| controller.metrics.service.type | string | `"ClusterIP"` | | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | +| controller.metrics.serviceMonitor.enabled | bool | `false` | | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | | +| controller.metrics.serviceMonitor.namespace | string | `""` | | +| controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | | +| controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | +| controller.metrics.serviceMonitor.targetLabels | list | `[]` | | +| controller.minAvailable | int | `1` | | +| controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | +| controller.name | string | `"controller"` | | +| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for controller pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | +| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | +| controller.podLabels | object | `{}` | Labels to add to the pod container metadata | +| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | +| controller.priorityClassName | string | `""` | | +| controller.proxySetHeaders | object | `{}` | Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers | +| controller.publishService | object | `{"enabled":true,"pathOverride":""}` | Allows customization of the source of the IP address or FQDN to report in the ingress status field. By default, it reads the information provided by the service. If disable, the status field reports the IP address of the node or nodes where an ingress controller pod is running. | +| controller.publishService.enabled | bool | `true` | Enable 'publishService' or not | +| controller.publishService.pathOverride | string | `""` | Allows overriding of the publish service to bind to Must be / | +| controller.readinessProbe.failureThreshold | int | `3` | | +| controller.readinessProbe.httpGet.path | string | `"/healthz"` | | +| controller.readinessProbe.httpGet.port | int | `10254` | | +| controller.readinessProbe.httpGet.scheme | string | `"HTTP"` | | +| controller.readinessProbe.initialDelaySeconds | int | `10` | | +| controller.readinessProbe.periodSeconds | int | `10` | | +| controller.readinessProbe.successThreshold | int | `1` | | +| controller.readinessProbe.timeoutSeconds | int | `1` | | +| controller.replicaCount | int | `1` | | +| controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply | +| controller.resources.requests.cpu | string | `"100m"` | | +| controller.resources.requests.memory | string | `"90Mi"` | | +| controller.scope.enabled | bool | `false` | Enable 'scope' or not | +| controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | +| controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | +| controller.service.annotations | object | `{}` | | +| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # | +| controller.service.enableHttp | bool | `true` | | +| controller.service.enableHttps | bool | `true` | | +| controller.service.enabled | bool | `true` | | +| controller.service.external.enabled | bool | `true` | | +| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | +| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. | +| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). | +| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. | +| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | +| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | +| controller.service.labels | object | `{}` | | +| controller.service.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | +| controller.service.loadBalancerSourceRanges | list | `[]` | | +| controller.service.nodePorts.http | string | `""` | | +| controller.service.nodePorts.https | string | `""` | | +| controller.service.nodePorts.tcp | object | `{}` | | +| controller.service.nodePorts.udp | object | `{}` | | +| controller.service.ports.http | int | `80` | | +| controller.service.ports.https | int | `443` | | +| controller.service.targetPorts.http | string | `"http"` | | +| controller.service.targetPorts.https | string | `"https"` | | +| controller.service.type | string | `"LoadBalancer"` | | +| controller.shareProcessNamespace | bool | `false` | | +| controller.sysctls | object | `{}` | See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | +| controller.tcp.annotations | object | `{}` | Annotations to be added to the tcp config configmap | +| controller.tcp.configMapNamespace | string | `""` | Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) | +| controller.terminationGracePeriodSeconds | int | `300` | `terminationGracePeriodSeconds` to avoid killing pods before we are ready # wait up to five minutes for the drain of connections # | +| controller.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # | +| controller.udp.annotations | object | `{}` | Annotations to be added to the udp config configmap | +| controller.udp.configMapNamespace | string | `""` | Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) | +| controller.updateStrategy | object | `{}` | The update strategy to apply to the Deployment or DaemonSet # | +| controller.watchIngressWithoutClass | bool | `false` | Process Ingress objects without ingressClass annotation/ingressClassName field Overrides value for --watch-ingress-without-class flag of the controller binary Defaults to false | +| defaultBackend.affinity | object | `{}` | | +| defaultBackend.autoscaling.annotations | object | `{}` | | +| defaultBackend.autoscaling.enabled | bool | `false` | | +| defaultBackend.autoscaling.maxReplicas | int | `2` | | +| defaultBackend.autoscaling.minReplicas | int | `1` | | +| defaultBackend.autoscaling.targetCPUUtilizationPercentage | int | `50` | | +| defaultBackend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | +| defaultBackend.containerSecurityContext | object | `{}` | Security Context policies for controller main container. See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | +| defaultBackend.enabled | bool | `false` | | +| defaultBackend.existingPsp | string | `""` | Use an existing PSP instead of creating one | +| defaultBackend.extraArgs | object | `{}` | | +| defaultBackend.extraEnvs | list | `[]` | Additional environment variables to set for defaultBackend pods | +| defaultBackend.extraVolumeMounts | list | `[]` | | +| defaultBackend.extraVolumes | list | `[]` | | +| defaultBackend.image.allowPrivilegeEscalation | bool | `false` | | +| defaultBackend.image.image | string | `"defaultbackend-amd64"` | | +| defaultBackend.image.pullPolicy | string | `"IfNotPresent"` | | +| defaultBackend.image.readOnlyRootFilesystem | bool | `true` | | +| defaultBackend.image.registry | string | `"registry.k8s.io"` | | +| defaultBackend.image.runAsNonRoot | bool | `true` | | +| defaultBackend.image.runAsUser | int | `65534` | | +| defaultBackend.image.tag | string | `"1.5"` | | +| defaultBackend.labels | object | `{}` | Labels to be added to the default backend resources | +| defaultBackend.livenessProbe.failureThreshold | int | `3` | | +| defaultBackend.livenessProbe.initialDelaySeconds | int | `30` | | +| defaultBackend.livenessProbe.periodSeconds | int | `10` | | +| defaultBackend.livenessProbe.successThreshold | int | `1` | | +| defaultBackend.livenessProbe.timeoutSeconds | int | `5` | | +| defaultBackend.minAvailable | int | `1` | | +| defaultBackend.name | string | `"defaultbackend"` | | +| defaultBackend.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for default backend pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ # | +| defaultBackend.podAnnotations | object | `{}` | Annotations to be added to default backend pods # | +| defaultBackend.podLabels | object | `{}` | Labels to add to the pod container metadata | +| defaultBackend.podSecurityContext | object | `{}` | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls # | +| defaultBackend.port | int | `8080` | | +| defaultBackend.priorityClassName | string | `""` | | +| defaultBackend.readinessProbe.failureThreshold | int | `6` | | +| defaultBackend.readinessProbe.initialDelaySeconds | int | `0` | | +| defaultBackend.readinessProbe.periodSeconds | int | `5` | | +| defaultBackend.readinessProbe.successThreshold | int | `1` | | +| defaultBackend.readinessProbe.timeoutSeconds | int | `5` | | +| defaultBackend.replicaCount | int | `1` | | +| defaultBackend.resources | object | `{}` | | +| defaultBackend.service.annotations | object | `{}` | | +| defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/user-guide/services/#external-ips # | +| defaultBackend.service.loadBalancerSourceRanges | list | `[]` | | +| defaultBackend.service.servicePort | int | `80` | | +| defaultBackend.service.type | string | `"ClusterIP"` | | +| defaultBackend.serviceAccount.automountServiceAccountToken | bool | `true` | | +| defaultBackend.serviceAccount.create | bool | `true` | | +| defaultBackend.serviceAccount.name | string | `""` | | +| defaultBackend.tolerations | list | `[]` | Node tolerations for server scheduling to nodes with taints # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ # | +| dhParam | string | `nil` | A base64-encoded Diffie-Hellman parameter. This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` # Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param | +| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | +| podSecurityPolicy.enabled | bool | `false` | | +| portNamePrefix | string | `""` | Prefix for TCP and UDP ports names in ingress controller service # Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration | +| rbac.create | bool | `true` | | +| rbac.scope | bool | `false` | | +| revisionHistoryLimit | int | `10` | Rollback limit # | +| serviceAccount.annotations | object | `{}` | Annotations for the controller service account | +| serviceAccount.automountServiceAccountToken | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tcp | object | `{}` | TCP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | +| udp | object | `{}` | UDP service key-value pairs # Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md # | + diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/README.md.gotmpl b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/README.md.gotmpl new file mode 100644 index 0000000..8959961 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/README.md.gotmpl @@ -0,0 +1,235 @@ +{{ template "chart.header" . }} +[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. + +This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Chart version 3.x.x: Kubernetes v1.16+ +- Chart version 4.x.x and above: Kubernetes v1.19+ + +## Get Repo Info + +```console +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update +``` + +## Install Chart + +**Important:** only helm3 is supported + +```console +helm install [RELEASE_NAME] ingress-nginx/ingress-nginx +``` + +The command deploys ingress-nginx on the Kubernetes cluster in the default configuration. + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading With Zero Downtime in Production + +By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8). + +### Migrating from stable/nginx-ingress + +There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart: + +1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one +1. For critical services in production that require zero-downtime, you will want to: + 1. [Install](#install-chart) a second Ingress controller + 1. Redirect your DNS traffic from the old controller to the new controller + 1. Log traffic from both controllers during this changeover + 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it + 1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production) + +Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts. + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +helm show values ingress-nginx/ingress-nginx +``` + +### PodDisruptionBudget + +Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one, +else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info. + +### Prometheus Metrics + +The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`. + +You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`. +Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`) + +### ingress-nginx nginx\_status page/stats server + +Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller: + +- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed +- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost. + You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server + +### ExternalDNS Service Configuration + +Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service: + +```yaml +controller: + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com. +``` + +### AWS L7 ELB with SSL Termination + +Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/ab3a789caae65eec4ad6e3b46b19750b481b6bce/deploy/aws/l7/service-l7.yaml): + +```yaml +controller: + service: + targetPorts: + http: http + https: http + annotations: + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' +``` + +### AWS route53-mapper + +To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/blob/be63d4f1a7a46daaf1c4c482527328236850f111/addons/route53-mapper/README.md), add the `domainName` annotation and `dns` label: + +```yaml +controller: + service: + labels: + dns: "route53" + annotations: + domainName: "kubernetes-example.com" +``` + +### Additional Internal Load Balancer + +This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application. + +By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL. + +You'll need to set both the following values: + +`controller.service.internal.enabled` +`controller.service.internal.annotations` + +If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken. + +`controller.service.internal.annotations` varies with the cloud service you're using. + +Example for AWS: + +```yaml +controller: + service: + internal: + enabled: true + annotations: + # Create internal ELB + service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +Example for GCE: + +```yaml +controller: + service: + internal: + enabled: true + annotations: + # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing + # For GKE versions 1.17 and later + networking.gke.io/load-balancer-type: "Internal" + # For earlier versions + # cloud.google.com/load-balancer-type: "Internal" + + # Any other annotation can be declared here. +``` + +Example for Azure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +Example for Oracle Cloud Infrastructure: + +```yaml +controller: + service: + annotations: + # Create internal LB + service.beta.kubernetes.io/oci-load-balancer-internal: "true" + # Any other annotation can be declared here. +``` + +An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object. + +Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`. + +### Ingress Admission Webhooks + +With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster. +**This feature is enabled by default since 0.31.0.** + +With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521) + +### Helm Error When Upgrading: spec.clusterIP: Invalid value: "" + +If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this: + +```console +Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable +``` + +Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error. + +As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered. + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml new file mode 100644 index 0000000..b28a232 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml @@ -0,0 +1,7 @@ +controller: + watchIngressWithoutClass: true + ingressClassResource: + name: custom-nginx + enabled: true + default: true + controllerValue: "k8s.io/custom-nginx" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-customconfig-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-customconfig-values.yaml new file mode 100644 index 0000000..4393a5b --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-customconfig-values.yaml @@ -0,0 +1,14 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + kind: DaemonSet + allowSnippetAnnotations: false + admissionWebhooks: + enabled: false + service: + type: ClusterIP + + config: + use-proxy-protocol: "true" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-customnodeport-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-customnodeport-values.yaml new file mode 100644 index 0000000..1d94be2 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-customnodeport-values.yaml @@ -0,0 +1,22 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + + service: + type: NodePort + nodePorts: + tcp: + 9000: 30090 + udp: + 9001: 30091 + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-extra-modules.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-extra-modules.yaml new file mode 100644 index 0000000..f299dbf --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-extra-modules.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + service: + type: ClusterIP + extraModules: + - name: opentelemetry + image: busybox diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-headers-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-headers-values.yaml new file mode 100644 index 0000000..ab7d47b --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-headers-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + addHeaders: + X-Frame-Options: deny + proxySetHeaders: + X-Forwarded-Proto: https + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-internal-lb-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-internal-lb-values.yaml new file mode 100644 index 0000000..0a200a7 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-internal-lb-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + internal: + enabled: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-nodeport-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-nodeport-values.yaml new file mode 100644 index 0000000..3b7aa2f --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-nodeport-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-podannotations-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-podannotations-values.yaml new file mode 100644 index 0000000..0b55306 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-podannotations-values.yaml @@ -0,0 +1,17 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP + podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scheme: http + prometheus.io/scrape: "true" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 0000000..acd86a7 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,20 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml new file mode 100644 index 0000000..90b0f57 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-portNamePrefix-values.yaml @@ -0,0 +1,18 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" + +portNamePrefix: "port" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-values.yaml new file mode 100644 index 0000000..25ee64d --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-udp-values.yaml @@ -0,0 +1,16 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-values.yaml new file mode 100644 index 0000000..380c8b4 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/daemonset-tcp-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + 9001: "default/test:8080" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-default-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-default-values.yaml new file mode 100644 index 0000000..82fa23e --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-default-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-metrics-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-metrics-values.yaml new file mode 100644 index 0000000..cb3cb54 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-metrics-values.yaml @@ -0,0 +1,12 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-psp-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-psp-values.yaml new file mode 100644 index 0000000..8026a63 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-psp-values.yaml @@ -0,0 +1,13 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml new file mode 100644 index 0000000..fccdb13 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml @@ -0,0 +1,13 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-webhook-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-webhook-values.yaml new file mode 100644 index 0000000..54d364d --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deamonset-webhook-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml new file mode 100644 index 0000000..dca3f35 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml @@ -0,0 +1,14 @@ +controller: + autoscaling: + enabled: true + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Pods + value: 1 + periodSeconds: 180 + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-autoscaling-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-autoscaling-values.yaml new file mode 100644 index 0000000..b8b3ac6 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-autoscaling-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + autoscaling: + enabled: true + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-customconfig-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-customconfig-values.yaml new file mode 100644 index 0000000..1749418 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-customconfig-values.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + config: + use-proxy-protocol: "true" + allowSnippetAnnotations: false + admissionWebhooks: + enabled: false + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-customnodeport-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-customnodeport-values.yaml new file mode 100644 index 0000000..a564eaf --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-customnodeport-values.yaml @@ -0,0 +1,20 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort + nodePorts: + tcp: + 9000: 30090 + udp: + 9001: 30091 + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-default-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-default-values.yaml new file mode 100644 index 0000000..9f46b4e --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-default-values.yaml @@ -0,0 +1,8 @@ +# Left blank to test default values +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-extra-modules.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-extra-modules.yaml new file mode 100644 index 0000000..ec59235 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-extra-modules.yaml @@ -0,0 +1,10 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + extraModules: + - name: opentelemetry + image: busybox diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-headers-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-headers-values.yaml new file mode 100644 index 0000000..17a11ac --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-headers-values.yaml @@ -0,0 +1,13 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + addHeaders: + X-Frame-Options: deny + proxySetHeaders: + X-Forwarded-Proto: https + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-internal-lb-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-internal-lb-values.yaml new file mode 100644 index 0000000..fd8df8d --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-internal-lb-values.yaml @@ -0,0 +1,13 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + internal: + enabled: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-internal: "true" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-metrics-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-metrics-values.yaml new file mode 100644 index 0000000..9209ad5 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-metrics-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-nodeport-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-nodeport-values.yaml new file mode 100644 index 0000000..cd9b323 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-nodeport-values.yaml @@ -0,0 +1,9 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: NodePort diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-podannotations-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-podannotations-values.yaml new file mode 100644 index 0000000..b48d93c --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-podannotations-values.yaml @@ -0,0 +1,16 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + metrics: + enabled: true + service: + type: ClusterIP + podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scheme: http + prometheus.io/scrape: "true" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-psp-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-psp-values.yaml new file mode 100644 index 0000000..2f332a7 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-psp-values.yaml @@ -0,0 +1,10 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 0000000..c51a4e9 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,19 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml new file mode 100644 index 0000000..56323c5 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-portNamePrefix-values.yaml @@ -0,0 +1,17 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" + +portNamePrefix: "port" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-values.yaml new file mode 100644 index 0000000..5b45b69 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-udp-values.yaml @@ -0,0 +1,15 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: false + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-values.yaml new file mode 100644 index 0000000..ac0b6e6 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-tcp-values.yaml @@ -0,0 +1,11 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + service: + type: ClusterIP + +tcp: + 9000: "default/test:8080" + 9001: "default/test:8080" diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml new file mode 100644 index 0000000..6195bb3 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml @@ -0,0 +1,12 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP + +podSecurityPolicy: + enabled: true diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml new file mode 100644 index 0000000..95487b0 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-extraEnvs-values.yaml @@ -0,0 +1,12 @@ +controller: + service: + type: ClusterIP + admissionWebhooks: + enabled: true + extraEnvs: + - name: FOO + value: foo + - name: TEST + value: test + patch: + enabled: true diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-resources-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-resources-values.yaml new file mode 100644 index 0000000..49ebbb0 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-resources-values.yaml @@ -0,0 +1,23 @@ +controller: + service: + type: ClusterIP + admissionWebhooks: + enabled: true + createSecretJob: + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + patchWebhookJob: + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + patch: + enabled: true diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-values.yaml new file mode 100644 index 0000000..76669a5 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/ci/deployment-webhook-values.yaml @@ -0,0 +1,9 @@ +controller: + image: + repository: ingress-controller/controller + tag: 1.0.0-dev + digest: null + admissionWebhooks: + enabled: true + service: + type: ClusterIP diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/override-values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/override-values.yaml new file mode 100644 index 0000000..e190f03 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/override-values.yaml @@ -0,0 +1,10 @@ +controller: + kind: DaemonSet + + service: + type: LoadBalancer + nodePorts: + http: "30000" + https: "30001" + tcp: {} + udp: {} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/temp.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/temp.yaml new file mode 100644 index 0000000..2b28787 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/temp.yaml @@ -0,0 +1,724 @@ +--- +# Source: ingress-nginx/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +automountServiceAccountToken: true +--- +# Source: ingress-nginx/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +data: + allow-snippet-annotations: "true" +--- +# Source: ingress-nginx/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + name: release-name-ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +# Source: ingress-nginx/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + name: release-name-ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: release-name-ingress-nginx +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx + namespace: "default" +--- +# Source: ingress-nginx/templates/controller-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + # TODO(Jintao Zhang) + # Once we release a new version of the controller, + # we will be able to remove the configmap related permissions + # We have used the Lease API for selection + # ref: https://github.com/kubernetes/ingress-nginx/pull/8921 + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - ingress-controller-leader + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - ingress-controller-leader + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: ingress-nginx/templates/controller-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-ingress-nginx +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx + namespace: "default" +--- +# Source: ingress-nginx/templates/controller-service-webhook.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller-admission + namespace: default +spec: + type: ClusterIP + ports: + - name: https-webhook + port: 443 + targetPort: webhook + appProtocol: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +spec: + type: LoadBalancer + ipFamilyPolicy: SingleStack + ipFamilies: + - IPv4 + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + appProtocol: http + - name: https + port: 443 + protocol: TCP + targetPort: https + appProtocol: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +spec: + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller + replicas: 1 + revisionHistoryLimit: 10 + minReadySeconds: 0 + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller + spec: + dnsPolicy: ClusterFirst + containers: + - name: controller + image: "registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974" + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/release-name-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/release-name-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsUser: 101 + allowPrivilegeEscalation: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: webhook + containerPort: 8443 + protocol: TCP + volumeMounts: + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + resources: + requests: + cpu: 100m + memory: 90Mi + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: release-name-ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: release-name-ingress-nginx-admission +--- +# Source: ingress-nginx/templates/controller-ingressclass.yaml +# We don't support namespaced ingressClass yet +# So a ClusterRole and a ClusterRoleBinding is required +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +# before changing this value, check the required kubernetes version +# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + name: release-name-ingress-nginx-admission +webhooks: + - name: validate.nginx.ingress.kubernetes.io + matchPolicy: Equivalent + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: + - v1 + clientConfig: + service: + namespace: "default" + name: release-name-ingress-nginx-controller-admission + path: /networking/v1/ingresses +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: release-name-ingress-nginx-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: release-name-ingress-nginx-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: release-name-ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx-admission + namespace: "default" +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx-admission + namespace: "default" +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-ingress-nginx-admission-create + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: release-name-ingress-nginx-admission-create + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: create + image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47" + imagePullPolicy: IfNotPresent + args: + - create + - --host=release-name-ingress-nginx-controller-admission,release-name-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=release-name-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: release-name-ingress-nginx-admission + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-ingress-nginx-admission-patch + namespace: default + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: release-name-ingress-nginx-admission-patch + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: patch + image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47" + imagePullPolicy: IfNotPresent + args: + - patch + - --webhook-name=release-name-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=release-name-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: release-name-ingress-nginx-admission + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/temp2.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/temp2.yaml new file mode 100644 index 0000000..9ef52fc --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/temp2.yaml @@ -0,0 +1,725 @@ +--- +# Source: ingress-nginx/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +automountServiceAccountToken: true +--- +# Source: ingress-nginx/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +data: + allow-snippet-annotations: "true" +--- +# Source: ingress-nginx/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + name: release-name-ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +# Source: ingress-nginx/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + name: release-name-ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: release-name-ingress-nginx +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx + namespace: "default" +--- +# Source: ingress-nginx/templates/controller-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + # TODO(Jintao Zhang) + # Once we release a new version of the controller, + # we will be able to remove the configmap related permissions + # We have used the Lease API for selection + # ref: https://github.com/kubernetes/ingress-nginx/pull/8921 + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - ingress-controller-leader + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - ingress-controller-leader + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: ingress-nginx/templates/controller-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-ingress-nginx +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx + namespace: "default" +--- +# Source: ingress-nginx/templates/controller-service-webhook.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller-admission + namespace: default +spec: + type: ClusterIP + ports: + - name: https-webhook + port: 443 + targetPort: webhook + appProtocol: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +spec: + type: LoadBalancer + ipFamilyPolicy: SingleStack + ipFamilies: + - IPv4 + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + appProtocol: http + nodePort: 30000 + - name: https + port: 443 + protocol: TCP + targetPort: https + appProtocol: https + nodePort: 30001 + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: release-name-ingress-nginx-controller + namespace: default +spec: + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller + revisionHistoryLimit: 10 + minReadySeconds: 0 + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: controller + spec: + dnsPolicy: ClusterFirst + containers: + - name: controller + image: "registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974" + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/release-name-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/release-name-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsUser: 101 + allowPrivilegeEscalation: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: webhook + containerPort: 8443 + protocol: TCP + volumeMounts: + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + resources: + requests: + cpu: 100m + memory: 90Mi + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: release-name-ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: release-name-ingress-nginx-admission +--- +# Source: ingress-nginx/templates/controller-ingressclass.yaml +# We don't support namespaced ingressClass yet +# So a ClusterRole and a ClusterRoleBinding is required +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +# before changing this value, check the required kubernetes version +# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + name: release-name-ingress-nginx-admission +webhooks: + - name: validate.nginx.ingress.kubernetes.io + matchPolicy: Equivalent + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: + - v1 + clientConfig: + service: + namespace: "default" + name: release-name-ingress-nginx-controller-admission + path: /networking/v1/ingresses +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: release-name-ingress-nginx-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: release-name-ingress-nginx-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: release-name-ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx-admission + namespace: "default" +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: release-name-ingress-nginx-admission + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: release-name-ingress-nginx-admission + namespace: "default" +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-ingress-nginx-admission-create + namespace: default + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: release-name-ingress-nginx-admission-create + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: create + image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47" + imagePullPolicy: IfNotPresent + args: + - create + - --host=release-name-ingress-nginx-controller-admission,release-name-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=release-name-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: release-name-ingress-nginx-admission + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-ingress-nginx-admission-patch + namespace: default + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook +spec: + template: + metadata: + name: release-name-ingress-nginx-admission-patch + labels: + helm.sh/chart: ingress-nginx-4.2.5 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "1.3.1" + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: patch + image: "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47" + imagePullPolicy: IfNotPresent + args: + - patch + - --webhook-name=release-name-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=release-name-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: release-name-ingress-nginx-admission + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/NOTES.txt b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/NOTES.txt new file mode 100644 index 0000000..8985c56 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/NOTES.txt @@ -0,0 +1,80 @@ +The ingress-nginx controller has been installed. + +{{- if contains "NodePort" .Values.controller.service.type }} +Get the application URL by running these commands: + +{{- if (not (empty .Values.controller.service.nodePorts.http)) }} + export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }} +{{- else }} + export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) +{{- end }} +{{- if (not (empty .Values.controller.service.nodePorts.https)) }} + export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }} +{{- else }} + export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }}) +{{- end }} + export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}") + + echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP." + echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS." +{{- else if contains "LoadBalancer" .Values.controller.service.type }} +It may take a few minutes for the LoadBalancer IP to be available. +You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}' +{{- else if contains "ClusterIP" .Values.controller.service.type }} +Get the application URL by running these commands: + export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 + echo "Visit http://127.0.0.1:8080 to access your application." +{{- end }} + +An example Ingress that makes use of the controller: + +{{- $isV1 := semverCompare ">=1" .Chart.AppVersion}} + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: example + namespace: foo + {{- if eq $isV1 false }} + annotations: + kubernetes.io/ingress.class: {{ .Values.controller.ingressClass }} + {{- end }} + spec: + {{- if $isV1 }} + ingressClassName: {{ .Values.controller.ingressClassResource.name }} + {{- end }} + rules: + - host: www.example.com + http: + paths: + - pathType: Prefix + backend: + service: + name: exampleService + port: + number: 80 + path: / + # This section is only required if TLS is to be enabled for the Ingress + tls: + - hosts: + - www.example.com + secretName: example-tls + +If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: + + apiVersion: v1 + kind: Secret + metadata: + name: example-tls + namespace: foo + data: + tls.crt: + tls.key: + type: kubernetes.io/tls + +{{- if .Values.controller.headers }} +################################################################################# +###### WARNING: `controller.headers` has been deprecated! ##### +###### It has been renamed to `controller.proxySetHeaders`. ##### +################################################################################# +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/_helpers.tpl b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/_helpers.tpl new file mode 100644 index 0000000..e69de0c --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/_helpers.tpl @@ -0,0 +1,185 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "ingress-nginx.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ingress-nginx.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Container SecurityContext. +*/}} +{{- define "controller.containerSecurityContext" -}} +{{- if .Values.controller.containerSecurityContext -}} +{{- toYaml .Values.controller.containerSecurityContext -}} +{{- else -}} +capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + {{- if .Values.controller.image.chroot }} + - SYS_CHROOT + {{- end }} +runAsUser: {{ .Values.controller.image.runAsUser }} +allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} +{{- end }} +{{- end -}} + +{{/* +Get specific image +*/}} +{{- define "ingress-nginx.image" -}} +{{- if .chroot -}} +{{- printf "%s-chroot" .image -}} +{{- else -}} +{{- printf "%s" .image -}} +{{- end }} +{{- end -}} + +{{/* +Get specific image digest +*/}} +{{- define "ingress-nginx.imageDigest" -}} +{{- if .chroot -}} +{{- if .digestChroot -}} +{{- printf "@%s" .digestChroot -}} +{{- end }} +{{- else -}} +{{ if .digest -}} +{{- printf "@%s" .digest -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified controller name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.controller.fullname" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct the path for the publish-service. + +By convention this will simply use the / to match the name of the +service generated. + +Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride` + +*/}} +{{- define "ingress-nginx.controller.publishServicePath" -}} +{{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}} +{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }} +{{- print $servicePath | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified default backend name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "ingress-nginx.defaultBackend.fullname" -}} +{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "ingress-nginx.labels" -}} +helm.sh/chart: {{ include "ingress-nginx.chart" . }} +{{ include "ingress-nginx.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/part-of: {{ template "ingress-nginx.name" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "ingress-nginx.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "ingress-nginx.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "ingress-nginx.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled +*/}} +{{- define "ingress-nginx.defaultBackend.serviceAccountName" -}} +{{- if .Values.defaultBackend.serviceAccount.create -}} + {{ default (printf "%s-backend" (include "ingress-nginx.fullname" .)) .Values.defaultBackend.serviceAccount.name }} +{{- else -}} + {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiGroup for PodSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiGroup" -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy" -}} +{{- else -}} +{{- print "extensions" -}} +{{- end -}} +{{- end -}} + +{{/* +Check the ingress controller version tag is at most three versions behind the last release +*/}} +{{- define "isControllerTagValid" -}} +{{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}} +{{- fail "Controller container image tag should be 0.27.0 or higher" -}} +{{- end -}} +{{- end -}} + +{{/* +IngressClass parameters. +*/}} +{{- define "ingressClass.parameters" -}} + {{- if .Values.controller.ingressClassResource.parameters -}} + parameters: +{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}} + {{ end }} +{{- end -}} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/_params.tpl b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/_params.tpl new file mode 100644 index 0000000..305ce0d --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/_params.tpl @@ -0,0 +1,62 @@ +{{- define "ingress-nginx.params" -}} +- /nginx-ingress-controller +{{- if .Values.defaultBackend.enabled }} +- --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }} +{{- end }} +{{- if and .Values.controller.publishService.enabled .Values.controller.service.enabled }} +{{- if .Values.controller.service.external.enabled }} +- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} +{{- else if .Values.controller.service.internal.enabled }} +- --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}-internal +{{- end }} +{{- end }} +- --election-id={{ .Values.controller.electionID }} +- --controller-class={{ .Values.controller.ingressClassResource.controllerValue }} +{{- if .Values.controller.ingressClass }} +- --ingress-class={{ .Values.controller.ingressClass }} +{{- end }} +- --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} +{{- if .Values.tcp }} +- --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp +{{- end }} +{{- if .Values.udp }} +- --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp +{{- end }} +{{- if .Values.controller.scope.enabled }} +- --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} +{{- end }} +{{- if and (not .Values.controller.scope.enabled) .Values.controller.scope.namespaceSelector }} +- --watch-namespace-selector={{ default "" .Values.controller.scope.namespaceSelector }} +{{- end }} +{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} +- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.enabled }} +- --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }} +- --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }} +- --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }} +{{- end }} +{{- if .Values.controller.maxmindLicenseKey }} +- --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} +{{- end }} +{{- if .Values.controller.healthCheckHost }} +- --healthz-host={{ .Values.controller.healthCheckHost }} +{{- end }} +{{- if not (eq .Values.controller.healthCheckPath "/healthz") }} +- --health-check-path={{ .Values.controller.healthCheckPath }} +{{- end }} +{{- if .Values.controller.ingressClassByName }} +- --ingress-class-by-name=true +{{- end }} +{{- if .Values.controller.watchIngressWithoutClass }} +- --watch-ingress-without-class=true +{{- end }} +{{- range $key, $value := .Values.controller.extraArgs }} +{{- /* Accept keys without values or with false as value */}} +{{- if eq ($value | quote | len) 2 }} +- --{{ $key }} +{{- else }} +- --{{ $key }}={{ $value }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml new file mode 100644 index 0000000..5659a1f --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + {{- with .Values.controller.admissionWebhooks.existingPsp }} + - {{ . }} + {{- else }} + - {{ include "ingress-nginx.fullname" . }}-admission + {{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml new file mode 100644 index 0000000..abf17fb --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ingress-nginx.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml new file mode 100644 index 0000000..7558e0b --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml @@ -0,0 +1,79 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission-create + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- with .Values.controller.admissionWebhooks.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 +{{- end }} + template: + metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission-create + {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 8 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + containers: + - name: create + {{- with .Values.controller.admissionWebhooks.patch.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + {{- end }} + imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} + args: + - create + - --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name={{ include "ingress-nginx.fullname" . }}-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.controller.admissionWebhooks.extraEnvs }} + {{- toYaml .Values.controller.admissionWebhooks.extraEnvs | nindent 12 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + {{- if .Values.controller.admissionWebhooks.createSecretJob.resources }} + resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }} + {{- end }} + restartPolicy: OnFailure + serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission + {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.tolerations }} + tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} + securityContext: + {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml new file mode 100644 index 0000000..0528215 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -0,0 +1,81 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission-patch + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- with .Values.controller.admissionWebhooks.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 +{{- end }} + template: + metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission-patch + {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 8 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + containers: + - name: patch + {{- with .Values.controller.admissionWebhooks.patch.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + {{- end }} + imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} + args: + - patch + - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name={{ include "ingress-nginx.fullname" . }}-admission + - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.controller.admissionWebhooks.extraEnvs }} + {{- toYaml .Values.controller.admissionWebhooks.extraEnvs | nindent 12 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + {{- if .Values.controller.admissionWebhooks.patchWebhookJob.resources }} + resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} + {{- end }} + restartPolicy: OnFailure + serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission + {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.tolerations }} + tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.patch.securityContext }} + securityContext: + {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml new file mode 100644 index 0000000..70edde3 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml @@ -0,0 +1,39 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml new file mode 100644 index 0000000..795bac6 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml new file mode 100644 index 0000000..698c5c8 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ingress-nginx.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml new file mode 100644 index 0000000..eae4751 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ingress-nginx.fullname" . }}-admission + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.patch.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml new file mode 100644 index 0000000..8caffcb --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml @@ -0,0 +1,48 @@ +{{- if .Values.controller.admissionWebhooks.enabled -}} +# before changing this value, check the required kubernetes version +# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + {{- if .Values.controller.admissionWebhooks.annotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook + {{- with .Values.controller.admissionWebhooks.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-admission +webhooks: + - name: validate.nginx.ingress.kubernetes.io + matchPolicy: Equivalent + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: {{ .Values.controller.admissionWebhooks.failurePolicy | default "Fail" }} + sideEffects: None + admissionReviewVersions: + - v1 + clientConfig: + service: + namespace: {{ .Release.Namespace | quote }} + name: {{ include "ingress-nginx.controller.fullname" . }}-admission + path: /networking/v1/ingresses + {{- if .Values.controller.admissionWebhooks.timeoutSeconds }} + timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.namespaceSelector }} + namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }} + {{- end }} + {{- if .Values.controller.admissionWebhooks.objectSelector }} + objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/clusterrole.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/clusterrole.yaml new file mode 100644 index 0000000..0e725ec --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/clusterrole.yaml @@ -0,0 +1,94 @@ +{{- if .Values.rbac.create }} + +{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}} + {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }} +{{- end }} + +{{- if not .Values.rbac.scope -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }} +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets +{{- if not .Values.controller.scope.enabled }} + - namespaces +{{- end}} + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }} + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - "{{ .Values.controller.scope.namespace }}" + verbs: + - get +{{- end }} + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +{{- end }} + +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/clusterrolebinding.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..acbbd8b --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.rbac.create (not .Values.rbac.scope) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ingress-nginx.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "ingress-nginx.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-addheaders.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-addheaders.yaml new file mode 100644 index 0000000..dfd49a1 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-addheaders.yaml @@ -0,0 +1,14 @@ +{{- if .Values.controller.addHeaders -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers + namespace: {{ .Release.Namespace }} +data: {{ toYaml .Values.controller.addHeaders | nindent 2 }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-proxyheaders.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-proxyheaders.yaml new file mode 100644 index 0000000..f8d15fa --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-proxyheaders.yaml @@ -0,0 +1,19 @@ +{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers + namespace: {{ .Release.Namespace }} +data: +{{- if .Values.controller.proxySetHeaders }} +{{ toYaml .Values.controller.proxySetHeaders | indent 2 }} +{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }} +{{ toYaml .Values.controller.headers | indent 2 }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-tcp.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-tcp.yaml new file mode 100644 index 0000000..0f6088e --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-tcp.yaml @@ -0,0 +1,17 @@ +{{- if .Values.tcp -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.controller.tcp.annotations }} + annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }} +{{- end }} + name: {{ include "ingress-nginx.fullname" . }}-tcp + namespace: {{ .Release.Namespace }} +data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-udp.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-udp.yaml new file mode 100644 index 0000000..3772ec5 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap-udp.yaml @@ -0,0 +1,17 @@ +{{- if .Values.udp -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.controller.udp.annotations }} + annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }} +{{- end }} + name: {{ include "ingress-nginx.fullname" . }}-udp + namespace: {{ .Release.Namespace }} +data: {{ tpl (toYaml .Values.udp) . | nindent 2 }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap.yaml new file mode 100644 index 0000000..f28b26e --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.controller.configAnnotations }} + annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }} +{{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} +data: + allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}" +{{- if .Values.controller.addHeaders }} + add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers +{{- end }} +{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }} + proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers +{{- end }} +{{- if .Values.dhParam }} + ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }} +{{- end }} +{{- range $key, $value := .Values.controller.config }} + {{- $key | nindent 2 }}: {{ $value | quote }} +{{- end }} + diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-daemonset.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-daemonset.yaml new file mode 100644 index 0000000..80c268f --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-daemonset.yaml @@ -0,0 +1,223 @@ +{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}} +{{- include "isControllerTagValid" . -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} + {{- if .Values.controller.annotations }} + annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: controller + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if .Values.controller.updateStrategy }} + updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} + {{- end }} + minReadySeconds: {{ .Values.controller.minReadySeconds }} + template: + metadata: + {{- if .Values.controller.podAnnotations }} + annotations: + {{- range $key, $value := .Values.controller.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.controller.podLabels }} + {{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} + spec: + {{- if .Values.controller.dnsConfig }} + dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostname }} + hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} + {{- end }} + {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} + securityContext: + {{- end }} + {{- if .Values.controller.podSecurityContext }} + {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} + {{- end }} + {{- if .Values.controller.sysctls }} + sysctls: + {{- range $sysctl, $value := .Values.controller.sysctls }} + - name: {{ $sysctl | quote }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.controller.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} + {{- end }} + containers: + - name: {{ .Values.controller.containerName }} + {{- with .Values.controller.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" + {{- end }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + {{- if .Values.controller.lifecycle }} + lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} + {{- end }} + args: + {{- include "ingress-nginx.params" . | nindent 12 }} + securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.controller.enableMimalloc }} + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + {{- end }} + {{- if .Values.controller.extraEnvs }} + {{- toYaml .Values.controller.extraEnvs | nindent 12 }} + {{- end }} + {{- if .Values.controller.startupProbe }} + startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} + {{- end }} + livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} + {{- end }} + {{- end }} + {{- if .Values.controller.metrics.enabled }} + - name: http-metrics + containerPort: {{ .Values.controller.metrics.port }} + protocol: TCP + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook + containerPort: {{ .Values.controller.admissionWebhooks.port }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + containerPort: {{ $key }} + protocol: TCP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ $key }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + containerPort: {{ $key }} + protocol: UDP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ $key }} + {{- end }} + {{- end }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }} + volumeMounts: + {{- if .Values.controller.extraModules }} + - name: modules + mountPath: /modules_mount + {{- end }} + {{- if .Values.controller.customTemplate.configMapName }} + - mountPath: /etc/nginx/template + name: nginx-template-volume + readOnly: true + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{ toYaml .Values.controller.resources | nindent 12 }} + {{- end }} + {{- if .Values.controller.extraContainers }} + {{ toYaml .Values.controller.extraContainers | nindent 8 }} + {{- end }} + + + {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }} + initContainers: + {{- if .Values.controller.extraInitContainers }} + {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} + {{- end }} + {{- if .Values.controller.extraModules }} + {{- range .Values.controller.extraModules }} + - name: {{ .Name }} + image: {{ .Image }} + command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.affinity }} + affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} + {{- end }} + {{- if .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} + volumes: + {{- if .Values.controller.extraModules }} + - name: modules + emptyDir: {} + {{- end }} + {{- if .Values.controller.customTemplate.configMapName }} + - name: nginx-template-volume + configMap: + name: {{ .Values.controller.customTemplate.configMapName }} + items: + - key: {{ .Values.controller.customTemplate.configMapKey }} + path: nginx.tmpl + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook-cert + secret: + secretName: {{ include "ingress-nginx.fullname" . }}-admission + {{- end }} + {{- if .Values.controller.extraVolumes }} + {{ toYaml .Values.controller.extraVolumes | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-deployment.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-deployment.yaml new file mode 100644 index 0000000..5ad1867 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-deployment.yaml @@ -0,0 +1,228 @@ +{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}} +{{- include "isControllerTagValid" . -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} + {{- if .Values.controller.annotations }} + annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: controller + {{- if not .Values.controller.autoscaling.enabled }} + replicas: {{ .Values.controller.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if .Values.controller.updateStrategy }} + strategy: + {{ toYaml .Values.controller.updateStrategy | nindent 4 }} + {{- end }} + minReadySeconds: {{ .Values.controller.minReadySeconds }} + template: + metadata: + {{- if .Values.controller.podAnnotations }} + annotations: + {{- range $key, $value := .Values.controller.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.controller.podLabels }} + {{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} + spec: + {{- if .Values.controller.dnsConfig }} + dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.controller.hostname }} + hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName | quote }} + {{- end }} + {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} + securityContext: + {{- end }} + {{- if .Values.controller.podSecurityContext }} + {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} + {{- end }} + {{- if .Values.controller.sysctls }} + sysctls: + {{- range $sysctl, $value := .Values.controller.sysctls }} + - name: {{ $sysctl | quote }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.controller.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} + {{- end }} + containers: + - name: {{ .Values.controller.containerName }} + {{- with .Values.controller.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" + {{- end }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + {{- if .Values.controller.lifecycle }} + lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} + {{- end }} + args: + {{- include "ingress-nginx.params" . | nindent 12 }} + securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.controller.enableMimalloc }} + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + {{- end }} + {{- if .Values.controller.extraEnvs }} + {{- toYaml .Values.controller.extraEnvs | nindent 12 }} + {{- end }} + {{- if .Values.controller.startupProbe }} + startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} + {{- end }} + livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} + readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} + ports: + {{- range $key, $value := .Values.controller.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} + {{- end }} + {{- end }} + {{- if .Values.controller.metrics.enabled }} + - name: http-metrics + containerPort: {{ .Values.controller.metrics.port }} + protocol: TCP + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook + containerPort: {{ .Values.controller.admissionWebhooks.port }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + containerPort: {{ $key }} + protocol: TCP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ $key }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + containerPort: {{ $key }} + protocol: UDP + {{- if $.Values.controller.hostPort.enabled }} + hostPort: {{ $key }} + {{- end }} + {{- end }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }} + volumeMounts: + {{- if .Values.controller.extraModules }} + - name: modules + mountPath: /modules_mount + {{- end }} + {{- if .Values.controller.customTemplate.configMapName }} + - mountPath: /etc/nginx/template + name: nginx-template-volume + readOnly: true + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + {{- end }} + {{- if .Values.controller.extraVolumeMounts }} + {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{ toYaml .Values.controller.resources | nindent 12 }} + {{- end }} + {{- if .Values.controller.extraContainers }} + {{ toYaml .Values.controller.extraContainers | nindent 8 }} + {{- end }} + {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }} + initContainers: + {{- if .Values.controller.extraInitContainers }} + {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} + {{- end }} + {{- if .Values.controller.extraModules }} + {{- range .Values.controller.extraModules }} + - name: {{ .name }} + image: {{ .image }} + command: ['sh', '-c', '/usr/local/bin/init_module.sh'] + volumeMounts: + - name: modules + mountPath: /modules_mount + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.affinity }} + affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} + {{- end }} + {{- if .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }} + volumes: + {{- if .Values.controller.extraModules }} + - name: modules + emptyDir: {} + {{- end }} + {{- if .Values.controller.customTemplate.configMapName }} + - name: nginx-template-volume + configMap: + name: {{ .Values.controller.customTemplate.configMapName }} + items: + - key: {{ .Values.controller.customTemplate.configMapKey }} + path: nginx.tmpl + {{- end }} + {{- if .Values.controller.admissionWebhooks.enabled }} + - name: webhook-cert + secret: + secretName: {{ include "ingress-nginx.fullname" . }}-admission + {{- end }} + {{- if .Values.controller.extraVolumes }} + {{ toYaml .Values.controller.extraVolumes | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-hpa.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-hpa.yaml new file mode 100644 index 0000000..e0979f1 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-hpa.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} +{{- if not .Values.controller.keda.enabled }} + +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + annotations: + {{- with .Values.controller.autoscaling.annotations }} + {{- toYaml . | trimSuffix "\n" | nindent 4 }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ingress-nginx.controller.fullname" . }} + minReplicas: {{ .Values.controller.autoscaling.minReplicas }} + maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} + metrics: + {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.controller.autoscalingTemplate }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.controller.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} + diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-ingressclass.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-ingressclass.yaml new file mode 100644 index 0000000..9492784 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-ingressclass.yaml @@ -0,0 +1,21 @@ +{{- if .Values.controller.ingressClassResource.enabled -}} +# We don't support namespaced ingressClass yet +# So a ClusterRole and a ClusterRoleBinding is required +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ .Values.controller.ingressClassResource.name }} +{{- if .Values.controller.ingressClassResource.default }} + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +{{- end }} +spec: + controller: {{ .Values.controller.ingressClassResource.controllerValue }} + {{ template "ingressClass.parameters" . }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-keda.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-keda.yaml new file mode 100644 index 0000000..875157e --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-keda.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}} +# https://keda.sh/docs/ + +apiVersion: {{ .Values.controller.keda.apiVersion }} +kind: ScaledObject +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + {{- if .Values.controller.keda.scaledObject.annotations }} + annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: +{{- if eq .Values.controller.keda.apiVersion "keda.k8s.io/v1alpha1" }} + deploymentName: {{ include "ingress-nginx.controller.fullname" . }} +{{- else if eq .Values.controller.keda.apiVersion "keda.sh/v1alpha1" }} + name: {{ include "ingress-nginx.controller.fullname" . }} +{{- end }} + pollingInterval: {{ .Values.controller.keda.pollingInterval }} + cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }} + minReplicaCount: {{ .Values.controller.keda.minReplicas }} + maxReplicaCount: {{ .Values.controller.keda.maxReplicas }} + triggers: +{{- with .Values.controller.keda.triggers }} +{{ toYaml . | indent 2 }} +{{ end }} + advanced: + restoreToOriginalReplicaCount: {{ .Values.controller.keda.restoreToOriginalReplicaCount }} +{{- if .Values.controller.keda.behavior }} + horizontalPodAutoscalerConfig: + behavior: +{{ with .Values.controller.keda.behavior -}} +{{ toYaml . | indent 8 }} +{{ end }} + +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-poddisruptionbudget.yaml new file mode 100644 index 0000000..8dfbe98 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-poddisruptionbudget.yaml @@ -0,0 +1,19 @@ +{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: controller + minAvailable: {{ .Values.controller.minAvailable }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-prometheusrules.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-prometheusrules.yaml new file mode 100644 index 0000000..78b5362 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-prometheusrules.yaml @@ -0,0 +1,21 @@ +{{- if and ( .Values.controller.metrics.enabled ) ( .Values.controller.metrics.prometheusRule.enabled ) ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) -}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "ingress-nginx.controller.fullname" . }} +{{- if .Values.controller.metrics.prometheusRule.namespace }} + namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.metrics.prometheusRule.additionalLabels }} + {{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }} + {{- end }} +spec: +{{- if .Values.controller.metrics.prometheusRule.rules }} + groups: + - name: {{ template "ingress-nginx.name" . }} + rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-psp.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-psp.yaml new file mode 100644 index 0000000..2e0499c --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-psp.yaml @@ -0,0 +1,94 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} +{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + allowedCapabilities: + - NET_BIND_SERVICE + {{- if .Values.controller.image.chroot }} + - SYS_CHROOT + {{- end }} +{{- if .Values.controller.sysctls }} + allowedUnsafeSysctls: + {{- range $sysctl, $value := .Values.controller.sysctls }} + - {{ $sysctl }} + {{- end }} +{{- end }} + privileged: false + allowPrivilegeEscalation: true + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + #- 'projected' + - 'secret' + #- 'downwardAPI' +{{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} +{{- end }} +{{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }} + hostPorts: +{{- if .Values.controller.hostNetwork }} +{{- range $key, $value := .Values.controller.containerPort }} + # {{ $key }} + - min: {{ $value }} + max: {{ $value }} +{{- end }} +{{- else if .Values.controller.hostPort.enabled }} +{{- range $key, $value := .Values.controller.hostPort.ports }} + # {{ $key }} + - min: {{ $value }} + max: {{ $value }} +{{- end }} +{{- end }} +{{- if .Values.controller.metrics.enabled }} + # metrics + - min: {{ .Values.controller.metrics.port }} + max: {{ .Values.controller.metrics.port }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.enabled }} + # admission webhooks + - min: {{ .Values.controller.admissionWebhooks.port }} + max: {{ .Values.controller.admissionWebhooks.port }} +{{- end }} +{{- range $key, $value := .Values.tcp }} + # {{ $key }}-tcp + - min: {{ $key }} + max: {{ $key }} +{{- end }} +{{- range $key, $value := .Values.udp }} + # {{ $key }}-udp + - min: {{ $key }} + max: {{ $key }} +{{- end }} +{{- end }} + hostIPC: false + hostPID: false + runAsUser: + # Require the container to run without root privileges. + rule: 'MustRunAsNonRoot' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + seLinux: + rule: 'RunAsAny' +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-role.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-role.yaml new file mode 100644 index 0000000..330be8c --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-role.yaml @@ -0,0 +1,113 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + # TODO(Jintao Zhang) + # Once we release a new version of the controller, + # we will be able to remove the configmap related permissions + # We have used the Lease API for selection + # ref: https://github.com/kubernetes/ingress-nginx/pull/8921 + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - {{ .Values.controller.electionID }} + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - {{ .Values.controller.electionID }} + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] + resources: ['podsecuritypolicies'] + verbs: ['use'] + {{- with .Values.controller.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} + resourceNames: [{{ include "ingress-nginx.fullname" . }}] + {{- end }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-rolebinding.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-rolebinding.yaml new file mode 100644 index 0000000..e846a11 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ingress-nginx.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "ingress-nginx.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-internal.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-internal.yaml new file mode 100644 index 0000000..aae3e15 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-internal.yaml @@ -0,0 +1,79 @@ +{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}} +apiVersion: v1 +kind: Service +metadata: + annotations: + {{- range $key, $value := .Values.controller.service.internal.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.service.labels }} + {{- toYaml .Values.controller.service.labels | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }}-internal + namespace: {{ .Release.Namespace }} +spec: + type: "{{ .Values.controller.service.type }}" +{{- if .Values.controller.service.internal.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }} +{{- end }} +{{- if .Values.controller.service.internal.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }} +{{- end }} +{{- if .Values.controller.service.internal.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }} +{{- end }} + ports: + {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} + {{- if .Values.controller.service.enableHttp }} + - name: http + port: {{ .Values.controller.service.ports.http }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} + nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enableHttps }} + - name: https + port: {{ .Values.controller.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} + nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + port: {{ $key }} + protocol: TCP + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + {{- if $.Values.controller.service.nodePorts.tcp }} + {{- if index $.Values.controller.service.nodePorts.tcp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} + {{- end }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + port: {{ $key }} + protocol: UDP + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + {{- if $.Values.controller.service.nodePorts.udp }} + {{- if index $.Values.controller.service.nodePorts.udp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} + {{- end }} + {{- end }} + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-metrics.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-metrics.yaml new file mode 100644 index 0000000..1c1d5bd --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-metrics.yaml @@ -0,0 +1,45 @@ +{{- if .Values.controller.metrics.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.metrics.service.annotations }} + annotations: {{ toYaml .Values.controller.metrics.service.annotations | nindent 4 }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.metrics.service.labels }} + {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.controller.metrics.service.type }} +{{- if .Values.controller.metrics.service.clusterIP }} + clusterIP: {{ .Values.controller.metrics.service.clusterIP }} +{{- end }} +{{- if .Values.controller.metrics.service.externalIPs }} + externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | nindent 4 }} +{{- end }} +{{- if .Values.controller.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.metrics.service.loadBalancerIP }} +{{- end }} +{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | nindent 4 }} +{{- end }} +{{- if .Values.controller.metrics.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }} +{{- end }} + ports: + - name: http-metrics + port: {{ .Values.controller.metrics.service.servicePort }} + protocol: TCP + targetPort: http-metrics + {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }} + {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }} + nodePort: {{ .Values.controller.metrics.service.nodePort }} + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-webhook.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-webhook.yaml new file mode 100644 index 0000000..2aae24f --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service-webhook.yaml @@ -0,0 +1,40 @@ +{{- if .Values.controller.admissionWebhooks.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.admissionWebhooks.service.annotations }} + annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }}-admission + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.controller.admissionWebhooks.service.type }} +{{- if .Values.controller.admissionWebhooks.service.clusterIP }} + clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.service.externalIPs }} + externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }} +{{- end }} +{{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }} +{{- end }} + ports: + - name: https-webhook + port: 443 + targetPort: webhook + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: https + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service.yaml new file mode 100644 index 0000000..2b28196 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-service.yaml @@ -0,0 +1,101 @@ +{{- if and .Values.controller.service.enabled .Values.controller.service.external.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + {{- range $key, $value := .Values.controller.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.service.labels }} + {{- toYaml .Values.controller.service.labels | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.controller.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.controller.service.type }} +{{- if .Values.controller.service.clusterIP }} + clusterIP: {{ .Values.controller.service.clusterIP }} +{{- end }} +{{- if .Values.controller.service.externalIPs }} + externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }} +{{- end }} +{{- if .Values.controller.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }} +{{- end }} +{{- if .Values.controller.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }} +{{- end }} +{{- if .Values.controller.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} +{{- end }} +{{- if .Values.controller.service.sessionAffinity }} + sessionAffinity: {{ .Values.controller.service.sessionAffinity }} +{{- end }} +{{- if .Values.controller.service.healthCheckNodePort }} + healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} +{{- end }} +{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }} +{{- end }} +{{- end }} +{{- if semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version -}} +{{- if .Values.controller.service.ipFamilies }} + ipFamilies: {{ toYaml .Values.controller.service.ipFamilies | nindent 4 }} +{{- end }} +{{- end }} + ports: + {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }} + {{- if .Values.controller.service.enableHttp }} + - name: http + port: {{ .Values.controller.service.ports.http }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }} + appProtocol: http + {{- end }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }} + nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- end }} + {{- end }} + {{- if .Values.controller.service.enableHttps }} + - name: https + port: {{ .Values.controller.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if and (semverCompare ">=1.20" .Capabilities.KubeVersion.Version) (.Values.controller.service.appProtocol) }} + appProtocol: https + {{- end }} + {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }} + nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + port: {{ $key }} + protocol: TCP + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp + {{- if $.Values.controller.service.nodePorts.tcp }} + {{- if index $.Values.controller.service.nodePorts.tcp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} + {{- end }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + port: {{ $key }} + protocol: UDP + targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp + {{- if $.Values.controller.service.nodePorts.udp }} + {{- if index $.Values.controller.service.nodePorts.udp $key }} + nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} + {{- end }} + {{- end }} + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-serviceaccount.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-serviceaccount.yaml new file mode 100644 index 0000000..824b2a1 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if or .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- with .Values.controller.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "ingress-nginx.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + {{- if .Values.serviceAccount.annotations }} + annotations: + {{ toYaml .Values.serviceAccount.annotations | indent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-servicemonitor.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-servicemonitor.yaml new file mode 100644 index 0000000..973d36b --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "ingress-nginx.controller.fullname" . }} +{{- if .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: http-metrics + interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }} + {{- if .Values.controller.metrics.serviceMonitor.honorLabels }} + honorLabels: true + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} +{{- if .Values.controller.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }} +{{- end }} +{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }} + namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }} +{{- else }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} +{{- if .Values.controller.metrics.serviceMonitor.targetLabels }} + targetLabels: + {{- range .Values.controller.metrics.serviceMonitor.targetLabels }} + - {{ . }} + {{- end }} +{{- end }} + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml new file mode 100644 index 0000000..f74c2fb --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/controller-wehbooks-networkpolicy.yaml @@ -0,0 +1,19 @@ +{{- if .Values.controller.admissionWebhooks.enabled }} +{{- if .Values.controller.admissionWebhooks.networkPolicyEnabled }} + +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-webhooks-allow + namespace: {{ .Release.Namespace }} +spec: + ingress: + - {} + podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "ingress-nginx.name" . }} + policyTypes: + - Ingress + +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-deployment.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-deployment.yaml new file mode 100644 index 0000000..fd3e96e --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-deployment.yaml @@ -0,0 +1,118 @@ +{{- if .Values.defaultBackend.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: default-backend +{{- if not .Values.defaultBackend.autoscaling.enabled }} + replicas: {{ .Values.defaultBackend.replicaCount }} +{{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + template: + metadata: + {{- if .Values.defaultBackend.podAnnotations }} + annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.podLabels }} + {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.priorityClassName }} + priorityClassName: {{ .Values.defaultBackend.priorityClassName }} + {{- end }} + {{- if .Values.defaultBackend.podSecurityContext }} + securityContext: {{ toYaml .Values.defaultBackend.podSecurityContext | nindent 8 }} + {{- end }} + containers: + - name: {{ template "ingress-nginx.name" . }}-default-backend + {{- with .Values.defaultBackend.image }} + image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" + {{- end }} + imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }} + {{- if .Values.defaultBackend.extraArgs }} + args: + {{- range $key, $value := .Values.defaultBackend.extraArgs }} + {{- /* Accept keys without values or with false as value */}} + {{- if eq ($value | quote | len) 2 }} + - --{{ $key }} + {{- else }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- end }} + {{- end }} + securityContext: + capabilities: + drop: + - ALL + runAsUser: {{ .Values.defaultBackend.image.runAsUser }} + runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }} + readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}} + {{- if .Values.defaultBackend.extraEnvs }} + env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }} + {{- end }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.defaultBackend.port }} + scheme: HTTP + initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.defaultBackend.port }} + scheme: HTTP + initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }} + ports: + - name: http + containerPort: {{ .Values.defaultBackend.port }} + protocol: TCP + {{- if .Values.defaultBackend.extraVolumeMounts }} + volumeMounts: {{- toYaml .Values.defaultBackend.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.defaultBackend.resources }} + resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }} + {{- end }} + {{- if .Values.defaultBackend.nodeSelector }} + nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + {{- if .Values.defaultBackend.tolerations }} + tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.affinity }} + affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: 60 + {{- if .Values.defaultBackend.extraVolumes }} + volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-hpa.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-hpa.yaml new file mode 100644 index 0000000..594d265 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-hpa.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "ingress-nginx.defaultBackend.fullname" . }} + minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }} + metrics: +{{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ . }} +{{- end }} +{{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ . }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml new file mode 100644 index 0000000..00891ce --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml @@ -0,0 +1,21 @@ +{{- if .Values.defaultBackend.enabled -}} +{{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: default-backend + minAvailable: {{ .Values.defaultBackend.minAvailable }} +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-psp.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-psp.yaml new file mode 100644 index 0000000..c144c8f --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-psp.yaml @@ -0,0 +1,38 @@ +{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }} +{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "ingress-nginx.fullname" . }}-backend + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI +{{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-role.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-role.yaml new file mode 100644 index 0000000..a2b457c --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-role.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-backend + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] + resources: ['podsecuritypolicies'] + verbs: ['use'] + {{- with .Values.defaultBackend.existingPsp }} + resourceNames: [{{ . }}] + {{- else }} + resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend] + {{- end }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-rolebinding.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-rolebinding.yaml new file mode 100644 index 0000000..dbaa516 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.fullname" . }}-backend + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ingress-nginx.fullname" . }}-backend +subjects: + - kind: ServiceAccount + name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-service.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-service.yaml new file mode 100644 index 0000000..5f1d09a --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-service.yaml @@ -0,0 +1,41 @@ +{{- if .Values.defaultBackend.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.defaultBackend.service.annotations }} + annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }} +{{- end }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "ingress-nginx.defaultBackend.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.defaultBackend.service.type }} +{{- if .Values.defaultBackend.service.clusterIP }} + clusterIP: {{ .Values.defaultBackend.service.clusterIP }} +{{- end }} +{{- if .Values.defaultBackend.service.externalIPs }} + externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }} +{{- end }} +{{- if .Values.defaultBackend.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }} +{{- end }} +{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }} +{{- end }} + ports: + - name: http + port: {{ .Values.defaultBackend.service.servicePort }} + protocol: TCP + targetPort: http + {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }} + appProtocol: http + {{- end }} + selector: + {{- include "ingress-nginx.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: default-backend +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-serviceaccount.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-serviceaccount.yaml new file mode 100644 index 0000000..b45a95a --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/default-backend-serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- with .Values.defaultBackend.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/dh-param-secret.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/dh-param-secret.yaml new file mode 100644 index 0000000..12e7a4f --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/templates/dh-param-secret.yaml @@ -0,0 +1,10 @@ +{{- with .Values.dhParam -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ingress-nginx.controller.fullname" $ }} + labels: + {{- include "ingress-nginx.labels" $ | nindent 4 }} +data: + dhparam.pem: {{ . }} +{{- end }} diff --git a/packer/ansible/roles/kubernetes_install/files/ingress-nginx/values.yaml b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/values.yaml new file mode 100644 index 0000000..9ec174f --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/ingress-nginx/values.yaml @@ -0,0 +1,944 @@ +## nginx configuration +## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md +## + +## Overrides for generated resource names +# See templates/_helpers.tpl +# nameOverride: +# fullnameOverride: + +## Labels to apply to all resources +## +commonLabels: {} +# scmhash: abc123 +# myLabel: aakkmd + +controller: + name: controller + image: + ## Keep false as default for now! + chroot: false + registry: registry.k8s.io + image: ingress-nginx/controller + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "v1.3.1" + digest: sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974 + digestChroot: sha256:a8466b19c621bd550b1645e27a004a5cc85009c858a9ab19490216735ac432b1 + pullPolicy: IfNotPresent + # www-data -> uid 101 + runAsUser: 101 + allowPrivilegeEscalation: true + + # -- Use an existing PSP instead of creating one + existingPsp: "" + + # -- Configures the controller container name + containerName: controller + + # -- Configures the ports that the nginx-controller listens on + containerPort: + http: 80 + https: 443 + + # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ + config: {} + + # -- Annotations to be added to the controller config configuration configmap. + configAnnotations: {} + + # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers + proxySetHeaders: {} + + # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers + addHeaders: {} + + # -- Optionally customize the pod dnsConfig. + dnsConfig: {} + + # -- Optionally customize the pod hostname. + hostname: {} + + # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. + # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller + # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. + dnsPolicy: ClusterFirst + + # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network + # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply + reportNodeInternalIp: false + + # -- Process Ingress objects without ingressClass annotation/ingressClassName field + # Overrides value for --watch-ingress-without-class flag of the controller binary + # Defaults to false + watchIngressWithoutClass: false + + # -- Process IngressClass per name (additionally as per spec.controller). + ingressClassByName: false + + # -- This configuration defines if Ingress Controller should allow users to set + # their own *-snippet annotations, otherwise this is forbidden / dropped + # when users add those annotations. + # Global snippets in ConfigMap are still respected + allowSnippetAnnotations: true + + # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), + # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 + # is merged + hostNetwork: false + + ## Use host ports 80 and 443 + ## Disabled by default + hostPort: + # -- Enable 'hostPort' or not + enabled: false + ports: + # -- 'hostPort' http port + http: 80 + # -- 'hostPort' https port + https: 443 + + # -- Election ID to use for status update + electionID: ingress-controller-leader + + ## This section refers to the creation of the IngressClass resource + ## IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19 + ingressClassResource: + # -- Name of the ingressClass + name: nginx + # -- Is this ingressClass enabled or not + enabled: true + # -- Is this the default ingressClass for the cluster + default: false + # -- Controller-value of the controller that is processing this ingressClass + controllerValue: "k8s.io/ingress-nginx" + + # -- Parameters is a link to a custom resource containing additional + # configuration for the controller. This is optional if the controller + # does not require extra parameters. + parameters: {} + + # -- For backwards compatibility with ingress.class annotation, use ingressClass. + # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation + ingressClass: nginx + + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + + # -- Security Context policies for controller pods + podSecurityContext: {} + + # -- See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls + sysctls: {} + # sysctls: + # "net.core.somaxconn": "8192" + + # -- Allows customization of the source of the IP address or FQDN to report + # in the ingress status field. By default, it reads the information provided + # by the service. If disable, the status field reports the IP address of the + # node or nodes where an ingress controller pod is running. + publishService: + # -- Enable 'publishService' or not + enabled: true + # -- Allows overriding of the publish service to bind to + # Must be / + pathOverride: "" + + # Limit the scope of the controller to a specific namespace + scope: + # -- Enable 'scope' or not + enabled: false + # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE) + namespace: "" + # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels + # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. + namespaceSelector: "" + + # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + + tcp: + # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the tcp config configmap + annotations: {} + + udp: + # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE) + configMapNamespace: "" + # -- Annotations to be added to the udp config configmap + annotations: {} + + # -- Maxmind license key to download GeoLite2 Databases. + ## https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases + maxmindLicenseKey: "" + + # -- Additional command line arguments to pass to nginx-ingress-controller + # E.g. to specify the default SSL certificate you can use + extraArgs: {} + ## extraArgs: + ## default-ssl-certificate: "/" + + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + + # -- Use a `DaemonSet` or `Deployment` + kind: Deployment + + # -- Annotations to be added to the controller Deployment or DaemonSet + ## + annotations: {} + # keel.sh/pollSchedule: "@every 60m" + + # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels + ## + labels: {} + # keel.sh/policy: patch + # keel.sh/trigger: poll + + + # -- The update strategy to apply to the Deployment or DaemonSet + ## + updateStrategy: {} + # rollingUpdate: + # maxUnavailable: 1 + # type: RollingUpdate + + # -- `minReadySeconds` to avoid killing pods before we are ready + ## + minReadySeconds: 0 + + + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + # -- Affinity and anti-affinity rules for server scheduling to nodes + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + # # An example of preferred pod anti-affinity, weight is in the range 1-100 + # podAntiAffinity: + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 100 + # podAffinityTerm: + # labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/name + # operator: In + # values: + # - ingress-nginx + # - key: app.kubernetes.io/instance + # operator: In + # values: + # - ingress-nginx + # - key: app.kubernetes.io/component + # operator: In + # values: + # - controller + # topologyKey: kubernetes.io/hostname + + # # An example of required pod anti-affinity + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/name + # operator: In + # values: + # - ingress-nginx + # - key: app.kubernetes.io/instance + # operator: In + # values: + # - ingress-nginx + # - key: app.kubernetes.io/component + # operator: In + # values: + # - controller + # topologyKey: "kubernetes.io/hostname" + + # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app.kubernetes.io/instance: ingress-nginx-internal + + # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready + ## wait up to five minutes for the drain of connections + ## + terminationGracePeriodSeconds: 300 + + # -- Node labels for controller pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux + + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + ## startupProbe: + ## httpGet: + ## # should match container.healthCheckPath + ## path: "/healthz" + ## port: 10254 + ## scheme: HTTP + ## initialDelaySeconds: 5 + ## periodSeconds: 5 + ## timeoutSeconds: 2 + ## successThreshold: 1 + ## failureThreshold: 5 + livenessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + # should match container.healthCheckPath + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + + # -- Path of the health check endpoint. All requests received on the port defined by + # the healthz-port parameter are forwarded internally to this path. + healthCheckPath: "/healthz" + + # -- Address to bind the health check endpoint. + # It is better to set this option to the internal node address + # if the ingress nginx controller is running in the `hostNetwork: true` mode. + healthCheckHost: "" + + # -- Annotations to be added to controller pods + ## + podAnnotations: {} + + replicaCount: 1 + + minAvailable: 1 + + ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes + ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903 + ## Ideally, there should be no limits. + ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/ + resources: + ## limits: + ## cpu: 100m + ## memory: 90Mi + requests: + cpu: 100m + memory: 90Mi + + # Mutually exclusive with keda autoscaling + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 11 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + autoscalingTemplate: [] + # Custom or additional autoscaling metrics + # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics + # - type: Pods + # pods: + # metric: + # name: nginx_ingress_controller_nginx_process_requests_total + # target: + # type: AverageValue + # averageValue: 10000m + + # Mutually exclusive with hpa autoscaling + keda: + apiVersion: "keda.sh/v1alpha1" + ## apiVersion changes with keda 1.x vs 2.x + ## 2.x = keda.sh/v1alpha1 + ## 1.x = keda.k8s.io/v1alpha1 + enabled: false + minReplicas: 1 + maxReplicas: 11 + pollingInterval: 30 + cooldownPeriod: 300 + restoreToOriginalReplicaCount: false + scaledObject: + annotations: {} + # Custom annotations for ScaledObject resource + # annotations: + # key: value + triggers: [] + # - type: prometheus + # metadata: + # serverAddress: http://:9090 + # metricName: http_requests_total + # threshold: '100' + # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) + + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + + # -- Enable mimalloc as a drop-in replacement for malloc. + ## ref: https://github.com/microsoft/mimalloc + ## + enableMimalloc: true + + ## Override NGINX template + customTemplate: + configMapName: "" + configMapKey: "" + + service: + enabled: true + + # -- If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were + # using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http + # It allows choosing the protocol for each backend specified in the Kubernetes service. + # See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 + # Will be ignored for Kubernetes versions older than 1.20 + ## + appProtocol: true + + annotations: {} + labels: {} + # clusterIP: "" + + # -- List of IP addresses at which the controller services are available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # -- Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP according to https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + enableHttp: true + enableHttps: true + + ## Set external traffic policy to: "Local" to preserve source IP on providers supporting it. + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + + ## Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + # sessionAffinity: "" + + ## Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, + ## the service controller allocates a port from your cluster’s NodePort range. + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + # healthCheckNodePort: 0 + + # -- Represents the dual-stack-ness requested or required by this Service. Possible values are + # SingleStack, PreferDualStack or RequireDualStack. + # The ipFamilies and clusterIPs fields depend on the value of this field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilyPolicy: "SingleStack" + + # -- List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically + # based on cluster configuration and the ipFamilyPolicy field. + ## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ipFamilies: + - IPv4 + + ports: + http: 80 + https: 443 + + targetPorts: + http: http + https: https + + type: LoadBalancer + + ## type: NodePort + ## nodePorts: + ## http: 32080 + ## https: 32443 + ## tcp: + ## 8080: 32808 + nodePorts: + http: "" + https: "" + tcp: {} + udp: {} + + external: + enabled: true + + internal: + # -- Enables an additional internal load balancer (besides the external one). + enabled: false + # -- Annotations are mandatory for the load balancer to come up. Varies with the cloud service. + annotations: {} + + # loadBalancerIP: "" + + # -- Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. + loadBalancerSourceRanges: [] + + ## Set external traffic policy to: "Local" to preserve source IP on + ## providers supporting it + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + # externalTrafficPolicy: "" + + # shareProcessNamespace enables process namespace sharing within the pod. + # This can be used for example to signal log rotation using `kill -USR1` from a sidecar. + shareProcessNamespace: false + + # -- Additional containers to be added to the controller pod. + # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + extraContainers: [] + # - name: my-sidecar + # image: nginx:latest + # - name: lemonldap-ng-controller + # image: lemonldapng/lemonldap-ng-controller:0.2.0 + # args: + # - /lemonldap-ng-controller + # - --alsologtostderr + # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration + # env: + # - name: POD_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.name + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: + # fieldPath: metadata.namespace + # volumeMounts: + # - name: copy-portal-skins + # mountPath: /srv/var/lib/lemonldap-ng/portal/skins + + # -- Additional volumeMounts to the controller main container. + extraVolumeMounts: [] + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + # -- Additional volumes to the controller pod. + extraVolumes: [] + # - name: copy-portal-skins + # emptyDir: {} + + # -- Containers, which are run before the app containers are started. + extraInitContainers: [] + # - name: init-myservice + # image: busybox + # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] + + extraModules: [] + ## Modules, which are mounted into the core nginx image + # - name: opentelemetry + # image: registry.k8s.io/ingress-nginx/opentelemetry:v20220801-g00ee51f09@sha256:482562feba02ad178411efc284f8eb803a185e3ea5588b6111ccbc20b816b427 + # + # The image must contain a `/usr/local/bin/init_module.sh` executable, which + # will be executed as initContainers, to move its config files within the + # mounted volume. + + admissionWebhooks: + annotations: {} + # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". + + ## Additional annotations to the admission webhooks. + ## These annotations will be added to the ValidatingWebhookConfiguration and + ## the Jobs Spec of the admission webhooks. + enabled: true + # -- Additional environment variables to set + extraEnvs: [] + # extraEnvs: + # - name: FOO + # valueFrom: + # secretKeyRef: + # key: FOO + # name: secret-resource + # -- Admission Webhook failure policy to use + failurePolicy: Fail + # timeoutSeconds: 10 + port: 8443 + certificate: "/usr/local/certificates/cert" + key: "/usr/local/certificates/key" + namespaceSelector: {} + objectSelector: {} + # -- Labels to be added to admission webhooks + labels: {} + + # -- Use an existing PSP instead of creating one + existingPsp: "" + networkPolicyEnabled: false + + service: + annotations: {} + # clusterIP: "" + externalIPs: [] + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 443 + type: ClusterIP + + createSecretJob: + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + patchWebhookJob: + resources: {} + + patch: + enabled: true + image: + registry: registry.k8s.io + image: ingress-nginx/kube-webhook-certgen + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: v1.3.0 + digest: sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47 + pullPolicy: IfNotPresent + # -- Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + podAnnotations: {} + nodeSelector: + kubernetes.io/os: linux + tolerations: [] + # -- Labels to be added to patch job resources + labels: {} + securityContext: + runAsNonRoot: true + runAsUser: 2000 + fsGroup: 2000 + + + metrics: + port: 10254 + # if this port is changed, change healthz-port: in extraArgs: accordingly + enabled: false + + service: + annotations: {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "10254" + + # clusterIP: "" + + # -- List of IP addresses at which the stats-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 10254 + type: ClusterIP + # externalTrafficPolicy: "" + # nodePort: "" + + serviceMonitor: + enabled: false + additionalLabels: {} + ## The label to use to retrieve the job name from. + ## jobLabel: "app.kubernetes.io/name" + namespace: "" + namespaceSelector: {} + ## Default: scrape .Release.Namespace only + ## To scrape all, use the following: + ## namespaceSelector: + ## any: true + scrapeInterval: 30s + # honorLabels: true + targetLabels: [] + relabelings: [] + metricRelabelings: [] + + prometheusRule: + enabled: false + additionalLabels: {} + # namespace: "" + rules: [] + # # These are just examples rules, please adapt them to your needs + # - alert: NGINXConfigFailed + # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: bad ingress config - nginx config test failed + # summary: uninstall the latest ingress changes to allow config reloads to resume + # - alert: NGINXCertificateExpiry + # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800 + # for: 1s + # labels: + # severity: critical + # annotations: + # description: ssl certificate(s) will expire in less then a week + # summary: renew expiring certificates to avoid downtime + # - alert: NGINXTooMany500s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 5XXs + # summary: More than 5% of all requests returned 5XX, this requires your attention + # - alert: NGINXTooMany400s + # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5 + # for: 1m + # labels: + # severity: warning + # annotations: + # description: Too many 4XXs + # summary: More than 5% of all requests returned 4XX, this requires your attention + + # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook: + # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds + # to 300, allowing the draining of connections up to five minutes. + # If the active connections end before that, the pod will terminate gracefully at that time. + # To effectively take advantage of this feature, the Configmap feature + # worker-shutdown-timeout new value is 240s instead of 10s. + ## + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + + priorityClassName: "" + +# -- Rollback limit +## +revisionHistoryLimit: 10 + +## Default 404 backend +## +defaultBackend: + ## + enabled: false + + name: defaultbackend + image: + registry: registry.k8s.io + image: defaultbackend-amd64 + ## for backwards compatibility consider setting the full image url via the repository value below + ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail + ## repository: + tag: "1.5" + pullPolicy: IfNotPresent + # nobody user -> uid 65534 + runAsUser: 65534 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + + # -- Use an existing PSP instead of creating one + existingPsp: "" + + extraArgs: {} + + serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + # -- Additional environment variables to set for defaultBackend pods + extraEnvs: [] + + port: 8080 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 0 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + + # -- Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + affinity: {} + + # -- Security Context policies for controller pods + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + podSecurityContext: {} + + # -- Security Context policies for controller main container. + # See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for + # notes on enabling and using sysctls + ## + containerSecurityContext: {} + + # -- Labels to add to the pod container metadata + podLabels: {} + # key: value + + # -- Node labels for default backend pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: + kubernetes.io/os: linux + + # -- Annotations to be added to default backend pods + ## + podAnnotations: {} + + replicaCount: 1 + + minAvailable: 1 + + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + extraVolumeMounts: [] + ## Additional volumeMounts to the default backend container. + # - name: copy-portal-skins + # mountPath: /var/lib/lemonldap-ng/portal/skins + + extraVolumes: [] + ## Additional volumes to the default backend pod. + # - name: copy-portal-skins + # emptyDir: {} + + autoscaling: + annotations: {} + enabled: false + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + + service: + annotations: {} + + # clusterIP: "" + + # -- List of IP addresses at which the default backend service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + type: ClusterIP + + priorityClassName: "" + # -- Labels to be added to the default backend resources + labels: {} + +## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 +rbac: + create: true + scope: false + +## If true, create & use Pod Security Policy resources +## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + +serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + # -- Annotations for the controller service account + annotations: {} + +# -- Optional array of imagePullSecrets containing private registry credentials +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# - name: secretName + +# -- TCP service key-value pairs +## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md +## +tcp: {} +# 8080: "default/example-tcp-svc:9000" + +# -- UDP service key-value pairs +## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md +## +udp: {} +# 53: "kube-system/kube-dns:53" + +# -- Prefix for TCP and UDP ports names in ingress controller service +## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration +portNamePrefix: "" + +# -- (string) A base64-encoded Diffie-Hellman parameter. +# This can be generated with: `openssl dhparam 4096 2> /dev/null | base64` +## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param +dhParam: diff --git a/packer/ansible/roles/kubernetes_install/files/kubeconfig b/packer/ansible/roles/kubernetes_install/files/kubeconfig new file mode 100644 index 0000000..95b048c --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/files/kubeconfig @@ -0,0 +1,20 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1USXdOakV3TkRZME5Gb1hEVE15TVRJd016RXdORFkwTkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0xYCnhYSWpmVWdFdXdxMFZrYXQ0N2d6Q09vRERDL1YvRHl5T0dWZG1PSDEwd1dHZmwrMFI0dkkwaWlHc0ZKRVFqWWMKRGt6THZUOHlRNVpybFpiV3VuVkFYaTlrcHRxY0d2R2NZYXdrMGVIRVdqQ1RRTXo0T2dOd2JuQytKdkd1MnJiVgpaUVVvRzV1cHpDRkM0Q0RtM1h2Ym14RjdYUU11L0FOU045V1UwYS9Td0tvR25EaVMyV1JBOFJpRG9DYURKcGprCjc1azAyMkZOanlOZkxadktmMzFzNTg3OGF1bS9WS0UzeVV4SGhqVzFEeEpTWUMrK1RhV0F0MWpBVXZObWVNQmQKVStmRW0xbUVnNWtnWVBER2d3czBSVHB4WFk1U3dTL3hKVkd2VjRYeExlWEVoWmc2ZlF4c0hvcG1vdVZJOEJLMQpUdW1ram4zTkhrU0dtRVEzczBFQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNc2RSdjJzQ2RaUW1ZM1dVZ1U4aUlhOHM5cWpNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRXZ5WWorT2QwVSttYkdkSzJyWApTcXdiZjY0M0V4YWlkVDVWQjhPUExoNm1kbVQvTk04cHdYUDg0Y0J2RC9rSzBXTllObkc2RFhTS3BtWjBSM1BmCm03ck8wZ2N4M1dYaDIzWHk5VmJWcGcyK0FXdFRRVDd5dVM3L3U3YjVnV1lQNzVqNk0rOWQvdXNtc3g3alFxNjEKa3NJTzlKNXVmNCtXSHJtQm1WMGNydGZTTjN5bTF2Q2VDZzNNeFpkY3hIUXgrUjNNWFZyYVZFK1NIUE5hdzgzQQppZFI3eDkyenMwY3dRcy9wSGxRK0t5aDFnQ01JQkVFTXM1OERwZU11Q0VUaEZ2elBuL1l6YlVoNUYrcm1KNytoCjJ5VVV0R2x5V3NJQ2l5ODl0Y2pOT1RBN2EvSGJ5ZDk4MmxIM1hLY1ZlUUdYVlJFTFF0UU9sUVNHOVRQU1R4OFcKNWdJPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://10.10.30.214:6443 + name: kubernetes +contexts: +- context: + cluster: kubernetes + user: kubernetes-admin + name: kubernetes-admin@kubernetes +current-context: kubernetes-admin@kubernetes +kind: Config +preferences: {} +users: +- name: kubernetes-admin + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJYzVmZFNYMzFJTWd3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpFeU1EWXhNRFEyTkRSYUZ3MHlNekV5TURZeE1EUTJORGRhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTFBRGVDUGF5elpXTWtpV1AKQzV0RmRzL3orSmpndDYzUzFxMC9TQ2VYTWx0MGRTVGFqb3B5UzRueFVPb1ZXYmY2M016NEQ0RzRDWDNheW1TWgpLa1JmbVJ5SEtNRTVWTll6WUNWSUY1Qm1acEpVUHJ6OU5vZVRocDlQOTV2M3hIWlNBektvKysyZnQ1dzJ1dGJYCnBkN3g0Nk5KSnBPb1I5M2ZxOFFZRkhHOEhhSEd6WjhJbS9CV21KVEJua2R2aGJxczB2R3ZmbkdXRGhFT05wd2IKd2w4Z0kwMFpqTHhBRkZxY1d1MVZtNmJZYXUzVDlrSGdEcEplNUVrSFVFZ2cwWWlOTlZlUzJHdGFaeUpiWUcxZQo4Um9Zd3k0cFlvbzVlMW1sZDJHWE1EUWhkQk1oWGk5R1NsSC9GaWlqN24xTVZYTFpCSk9UL0lSdElQR1dIdmtXCmxVcEQ4UUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUTEhVYjlyQW5XVUptTjFsSUZQSWlHdkxQYQpvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTTFLbEwyL3BwU1pCTGpTd3NWZzhGYTlkWk05RDIzNDNJdzY3Ci9QN1JWKzRjSVJqSXlJZFZGMUgrbkl2bFl0cncrMkZDTHpQYWNYcTZUWi9IUktFVEZtb1FYRnhnVk5GRDZVZXAKTW1sd2FCK1BnUmFRWDZoZjJlRUNXaXBobXpLRitsQnRtNENpci9USlZwTitQQ1Jhc0VkVW9pVUVtUHVsRXYvUQp1bDg3Q3RUbVAzajkxRi94eWFrYmhSS2pPbUY0dFRlZ1E4ZUE2SkFYV0d6S09XMzdZR1BHc091ZXlzU3hzanp0CjdpRjczVGVKdmdtbUllWHkrMkdoTFdIQ0tHVGJUek1UZnpYV0J4ODBXbzVjdFNaWmYzT0NJWWRHM1ViY0lsdXMKR0JreXM4b0phSXFHSE93NUpCRE1PNzliajQrbU01MlJGNmtQbkJDL2duckUyQUdHM3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMUFEZUNQYXl6WldNa2lXUEM1dEZkcy96K0pqZ3Q2M1MxcTAvU0NlWE1sdDBkU1RhCmpvcHlTNG54VU9vVldiZjYzTXo0RDRHNENYM2F5bVNaS2tSZm1SeUhLTUU1Vk5ZellDVklGNUJtWnBKVVByejkKTm9lVGhwOVA5NXYzeEhaU0F6S28rKzJmdDV3MnV0YlhwZDd4NDZOSkpwT29SOTNmcThRWUZIRzhIYUhHelo4SQptL0JXbUpUQm5rZHZoYnFzMHZHdmZuR1dEaEVPTnB3YndsOGdJMDBaakx4QUZGcWNXdTFWbTZiWWF1M1Q5a0hnCkRwSmU1RWtIVUVnZzBZaU5OVmVTMkd0YVp5SmJZRzFlOFJvWXd5NHBZb281ZTFtbGQyR1hNRFFoZEJNaFhpOUcKU2xIL0ZpaWo3bjFNVlhMWkJKT1QvSVJ0SVBHV0h2a1dsVXBEOFFJREFRQUJBb0lCQUZsT0VEb29hY091WnF1OQp4SmM0RGpmeGU2MVNBUDkrNnB6aUdCRTJGRHZ6U0loOFFORGd3eXJNN2VtTzRmV01TZEd2U2lPR0dsZHRPN2djClRtVCtybUthSU5sckk5SjM5T1pnYmhEM0ZCdkxNay9IWHNjVXIzRjdOTDF5WnhuTVdkbmRBbEExbGgxTFljYXMKNytTQW1OYXlsd0w0R21CRHQ0L3NwOVFjNFFoOXRDQXdTMGUvb1k1cnl4QzFBb25zNUFIMmJGNGg3SGRMM0tvWApHMjRjTm9MY2d0K0J4M00wYSs2aGFoSmV6aGhVL2R5L1dRdjlJay9VRlJra3dBdkxvM3VPUVA1bzB0RVpXcXF1CkhUM3VRLzM4bTBwOGE1U21WR250RTNGWERQRlJGUi9aWXBjME1FMHRPYzZ0U3BmUHQzajRqUDBubjRGMStXdEQKTWhBSlNIMENnWUVBNHNzTTJ3Y1lKaUZhdTFCRzd4cXJkVGMrTWl4L3pWWWZtZHRhemtUcEsvRFF3ZmdRWVREbgpWbWRwNW5MRTdyeTRaMU90RGg3d0pKTVMySHRvRW9sTk9YMjVMKzNBaFgzRFUrU1lNeDJ2VU1jcUVzak1hUHFDCjFvM0dxa2JiNmozS2RZck9jWDhFUXVBWlhmc0RTSWxUOHNxcFdRcGFEZE9RcE15Y05WYzNjTDhDZ1lFQTcwNDUKd1d1dXN2UitGWUgrdW12bU9Ndm9VdmNROXJFcnZGcEJkdndiQnJsWHgvWFBNNE9kYXZXV1hQb3hxbWpUeExzcApnV000V0lVUUN6RjZGb2V5Kzc0T2ZmTmJtZG8renNVSkx5bnBPb3AyWUNUWk8vQ1NCNTFXNHN6UTlQaTErak9xCkdqdjVCK1RqV3o0cEdKWWp2eGpXZ2Nha1FDZEgzRHVTeFlYMngwOENnWUJaT0RRb2ZsUDd2Q2RyaFJ0Q3VTVTIKaWJNSUhnVnhEQzZHWW9zSWxvZDhaOUpZWEhSbEo4MzZhZGg1ZGpFUEVtTWhFd1FEaUJ4RTV5OEV4eGVjSXpPawpLRmVRQ1dJeG9kWVR6TndyVDhSR2JQT2FUREJPSkM4UXBObkE1dnRnM1VvbWo2TERkNHAvbkpXZUtUK1RhNk1BCjRzVllhQUFoYkZkODNabWVTbDlmRlFLQmdRQ3RURlQvQVdCT01FaHVndWxaVDNJMWgxVURYL0JrOWdEYU1mSmUKbkV0bUh5cTJvQWdoSWhzSnJqZnB0VFhxVm1lbGZIU2VRcUEzV29VMzFlaTRFQ1ZKc1dVRlNRcjQ2OWU0SFhCOQpPeml2TUQ1eGViM25ibHdTTDVzUU80ckhIS1dNUDRYYjRicUNRUHQweEJzMnR1UEVLOVNMdnJLTDB1WnpVcUVECmNmUTRlUUtCZ1FDV0xtUEJwUDVMVFA0YmxRVDFMMy9LQ0cweGxzL2pFL1JBVlE5VmY1UVVPeFlUaHBlZTUzdXAKUmwxOEVuSks1THpuNlF2TzRMeXRGdVNLeG5aRnYxY1pycUNKR0owcXhNc3VpTGVtbnYxb2NGMDdiWkYwV0pzWQowak9Ha0oweXZtUlFBVzhQUEhJeGdzN3Y3ekNzZHdTcmx3REEvYnNxa1BUVEJxNlpSUHhSUXc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + diff --git a/packer/ansible/roles/kubernetes_install/handlers/main.yml b/packer/ansible/roles/kubernetes_install/handlers/main.yml new file mode 100644 index 0000000..4bf601f --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: Reload systemd configuration + service: + daemon_reload: True + +- name: Restart containerd service + service: + name: containerd + enabled: true + state: restarted diff --git a/packer/ansible/roles/kubernetes_install/meta/main.yml b/packer/ansible/roles/kubernetes_install/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/packer/ansible/roles/kubernetes_install/tasks/helm-chart-nginx.yml b/packer/ansible/roles/kubernetes_install/tasks/helm-chart-nginx.yml new file mode 100644 index 0000000..3fd6896 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tasks/helm-chart-nginx.yml @@ -0,0 +1,13 @@ +--- +- name: Create Nginx Ingress Controller deployment + kubernetes.core.helm: + kubeconfig: "{{ role_path }}/files/kubeconfig" + name: "{{item}}" + release_name: "{{item}}" + release_namespace: "{{item}}" + chart_ref: "{{ role_path }}/files/{{item}}" + create_namespace: yes + release_state: present + with_items: + - nginx-ingress + diff --git a/packer/ansible/roles/kubernetes_install/tasks/helm-install.yml b/packer/ansible/roles/kubernetes_install/tasks/helm-install.yml new file mode 100644 index 0000000..d057455 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tasks/helm-install.yml @@ -0,0 +1,60 @@ +--- +- name: Create Helm temporary directory + file: + path: /tmp/helm + state: directory + mode: "0755" + +- name: Fetch Helm package + get_url: + url: 'https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz' + dest: /tmp/helm.tar.gz + checksum: '{{ helm_checksum }}' + +- name: Extract Helm package + unarchive: + remote_src: true + src: /tmp/helm.tar.gz + dest: /tmp/helm + +- name: Ensure "docker" group exists + group: + name: docker + state: present + become: true + +- name: Install helm to /usr/local/bin + copy: + remote_src: true + src: /tmp/helm/linux-amd64/helm + dest: /usr/local/bin/helm + owner: root + group: docker + mode: "0755" + become: true + +- name: Cleanup Helm temporary directory + file: + path: /tmp/helm + state: absent + +- name: Cleanup Helm temporary download + file: + path: /tmp/helm.tar.gz + state: absent + +- name: Ensure bash_completion.d directory exists + file: + path: /etc/bash_completion.d + state: directory + mode: "0755" + become: true + +- name: Setup Helm tab-completion + shell: | + set -o pipefail + /usr/local/bin/helm completion bash | tee /etc/bash_completion.d/helm + args: + executable: /bin/bash + changed_when: false + become: true diff --git a/packer/ansible/roles/kubernetes_install/tasks/k8s-helm-chart.yml b/packer/ansible/roles/kubernetes_install/tasks/k8s-helm-chart.yml new file mode 100644 index 0000000..6a4e308 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tasks/k8s-helm-chart.yml @@ -0,0 +1,7 @@ +--- +# Set up master. +- include_tasks: helm-install.yml + when: kubernetes_role == 'master' + +- include_tasks: helm-chart-nginx.yml + when: kubernetes_role == 'master' diff --git a/packer/ansible/roles/kubernetes_install/tasks/k8s-main.yml b/packer/ansible/roles/kubernetes_install/tasks/k8s-main.yml new file mode 100644 index 0000000..346291e --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tasks/k8s-main.yml @@ -0,0 +1,68 @@ +--- +- name: Install kubernetes + block: + - name: 'Add kubernetes repo key' + apt_key: + url: https://packages.cloud.google.com/apt/doc/apt-key.gpg + state: present + become: true + - name: Add kubernetes repository + apt_repository: + repo: deb http://apt.kubernetes.io kubernetes-xenial main + state: present + filename: 'kubernetes' + become: true + - name: Install kubernetes components + apt: + name: ['kubelet={{kubernetes_version}}-*', 'kubeadm={{kubernetes_version}}-*', 'kubectl={{kubernetes_version}}-*'] + state: present + update_cache: yes + #force: yes + #dpkg_options: force-downgrade + +- name: Hold kubernetes packages + dpkg_selections: + name: "{{item}}" + selection: hold + with_items: + - kubelet + - kubectl + - kubeadm + +- name: Enable kubelet service + systemd: + name: kubelet + enabled: true + masked: false + +- name: Check if Kubernetes has already been initialized. + stat: + path: /etc/kubernetes/admin.conf + register: kubernetes_init_stat + + + +# Set up master. +- include_tasks: k8s-master.yml + when: kubernetes_role == 'master' + +# Set up nodes. +- name: Get the kubeadm join command from the Kubernetes master. + command: kubeadm token create --print-join-command + changed_when: false + when: kubernetes_role == 'master' + register: kubernetes_join_command_result + +- name: Set the kubeadm join command globally. + set_fact: + kubernetes_join_command: > + {{ kubernetes_join_command_result.stdout }} + {{ kubernetes_join_command_extra_opts }} + when: kubernetes_join_command_result.stdout is defined + delegate_to: "{{ item }}" + delegate_facts: true + with_items: "{{ groups['all'] }}" + +- include_tasks: k8s-node.yml + when: kubernetes_role == 'node' + diff --git a/packer/ansible/roles/kubernetes_install/tasks/k8s-master.yml b/packer/ansible/roles/kubernetes_install/tasks/k8s-master.yml new file mode 100644 index 0000000..037a542 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tasks/k8s-master.yml @@ -0,0 +1,34 @@ +--- +- name: Initialize Kubernetes master with kubeadm init. + command: > + kubeadm init + --pod-network-cidr={{ kubernetes_pod_network.cidr }} + --apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }} + {{ kubernetes_kubeadm_init_extra_opts }} + register: kubeadmin_init + when: not kubernetes_init_stat.stat.exists + +- name: Print the init output to screen. + debug: + var: kubeadmin_init.stdout + verbosity: 2 + when: not kubernetes_init_stat.stat.exists + +- name: Ensure .kube directory exists. + file: + path: ~/.kube + state: directory + +- name: Symlink the kubectl admin.conf to ~/.kube/conf. + file: + src: /etc/kubernetes/admin.conf + dest: ~/.kube/config + state: link + +- name: Configure Calico networking. + command: "{{ item }}" + with_items: + - kubectl apply -f {{ kubernetes_calico_manifest_file }} + register: calico_result + changed_when: "'created' in calico_result.stdout" + when: kubernetes_pod_network.cni == 'calico' diff --git a/packer/ansible/roles/kubernetes_install/tasks/k8s-node.yml b/packer/ansible/roles/kubernetes_install/tasks/k8s-node.yml new file mode 100644 index 0000000..304cbf1 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tasks/k8s-node.yml @@ -0,0 +1,6 @@ +--- +- name: Join node to Kubernetes master + shell: > + {{ kubernetes_join_command }} + creates=/etc/kubernetes/kubelet.conf + tags: ['skip_ansible_lint'] diff --git a/packer/ansible/roles/kubernetes_install/tasks/main.yml b/packer/ansible/roles/kubernetes_install/tasks/main.yml new file mode 100644 index 0000000..d8978ed --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- include: os-main.yml + tags: os-main + +- include: os-runtime.yml + tags: os-runtime + +- include: k8s-main.yml + tags: k8s-main + diff --git a/packer/ansible/roles/kubernetes_install/tasks/os-main.yml b/packer/ansible/roles/kubernetes_install/tasks/os-main.yml new file mode 100644 index 0000000..20f4552 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tasks/os-main.yml @@ -0,0 +1,70 @@ +--- +- name: Update and upgrade apt packages + apt: + upgrade: yes + update_cache: yes + force_apt_get: yes + cache_valid_time: 86400 + +- name: Install apt packages + apt: + name: ['cloud-utils', 'apt-transport-https', 'ca-certificates', 'curl', 'socat', 'conntrack', 'gnupg', 'lsb-release', 'bash-completion', 'chrony'] + state: present + +- name: Disable ufw + command: 'ufw disable' + +- name: Disable SWAP since kubernetes can't work with swap enabled (1/2) + command: 'swapoff -a' + +- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2) + replace: + path: /etc/fstab + regexp: '^([^#].*?\sswap\s+sw\s+.*)$' + replace: '# \1' + +- name: Add br_netfilter to module autoload + lineinfile: + path: /etc/modules-load.d/k8s2.conf + line: "{{ item }}" + create: true + with_items: + - 'overlay' + - 'br_netfilter' + +- name: Add br_netfilter to module autoload + modprobe: + name: "{{ item }}" + state: present + become: true + with_items: + - 'overlay' + - 'br_netfilter' + +- name: Add br_netfilter to module autoload + lineinfile: + path: /etc/sysctl.d/k8s2.conf + line: "{{ item }}" + create: true + with_items: + - 'net.bridge.bridge-nf-call-iptables = 1' + - 'net.bridge.bridge-nf-call-ip6tables = 1' + - 'net.ipv4.ip_forward = 1' + +- name: Disable net.bridge.bridge-nf-call-iptables + sysctl: + name: "{{ item }}" + value: 1 + with_items: + - 'net.bridge.bridge-nf-call-iptables' + - 'net.bridge.bridge-nf-call-ip6tables' + +- name: Disable net.ipv4.ip_forward + sysctl: + name: net.ipv4.ip_forward + value: "1" + +- name: Setting hosts file + template: + src: hosts.j2 + dest: /etc/hosts diff --git a/packer/ansible/roles/kubernetes_install/tasks/os-runtime.yml b/packer/ansible/roles/kubernetes_install/tasks/os-runtime.yml new file mode 100644 index 0000000..60be402 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tasks/os-runtime.yml @@ -0,0 +1,45 @@ +--- +- name: Add docker apt key + apt_key: + url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg + + +- name: Add docker apt repository + apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable + filename: docker + register: containerd_apt_repo_task + +- name: apt update + apt: + update_cache: yes + when: containerd_apt_repo_task.changed + +- name: Create containerd configuration directory + file: + path: /etc/containerd + state: directory + +- name: Configure containerd + template: + src: config.toml.j2 + dest: /etc/containerd/config.toml + notify: + - Restart containerd service + +- name: Install required packages + apt: + name: + - containerd.io + notify: + - Reload systemd configuration + - Restart containerd service + +- meta: flush_handlers + +- name: Enable containerd service + service: + name: containerd + enabled: True + state: started + diff --git a/packer/ansible/roles/kubernetes_install/templates/config.toml.j2 b/packer/ansible/roles/kubernetes_install/templates/config.toml.j2 new file mode 100644 index 0000000..0217565 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/templates/config.toml.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% from 'yaml2toml_macro.j2' import yaml2toml with context -%} + +{{ yaml2toml(containerd_config) }} diff --git a/packer/ansible/roles/kubernetes_install/templates/hosts.j2 b/packer/ansible/roles/kubernetes_install/templates/hosts.j2 new file mode 100644 index 0000000..18804b7 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/templates/hosts.j2 @@ -0,0 +1,6 @@ +127.0.0.1 localhost +:: 1 localhost + +{% for host in groups.all %} +{{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host].ansible_fqdn }} {{ hostvars[host].ansible_hostname }} +{%endfor%} diff --git a/packer/ansible/roles/kubernetes_install/templates/yaml2toml_macro.j2 b/packer/ansible/roles/kubernetes_install/templates/yaml2toml_macro.j2 new file mode 100644 index 0000000..33f69d0 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/templates/yaml2toml_macro.j2 @@ -0,0 +1,58 @@ +{%- macro yaml2inline_toml(item, depth) -%} + {%- if item is string or item is number -%} + {#- First, process all primitive types. -#} + {{ item | to_json }} + {%- elif item is mapping -%} + {#- Second, process all mappings. -#} + {#- Note that inline mappings must not contain newlines (except inside contained lists). -#} + {{ "{" }} + {%- for key, value in item.items() | sort -%} + {{ " " + + (key | to_json) + + " = " + + yaml2inline_toml(value, depth) + }} + {%- if not loop.last -%}{{ "," }}{%- endif -%} + {%- endfor -%} + {{ " }" }} + {%- else -%} + {#- Third, process all lists. -#} + {%- if item | length == 0 -%}{{ "[]" }}{%- else -%} + {{ "[" }} + {%- for entry in item -%} + {{ "\n" + + (" " * (depth + 1)) + + yaml2inline_toml(entry, depth + 1) + }} + {%- if not loop.last -%}{{ "," }}{%- endif -%} + {%- endfor -%} + {{ "\n" + (" " * depth) + "]" }} + {%- endif -%} + {%- endif -%} +{%- endmacro -%} + +{%- macro yaml2toml(item, super_keys=[]) -%} + {%- for key, value in item.items() | sort -%} + {%- if value is not mapping -%} + {#- First, process all non-mappings. -#} + {{ (" " * (super_keys | length)) + + (key | to_json) + + " = " + + (yaml2inline_toml(value, super_keys | length)) + + "\n" + }} + {%- endif -%} + {%- endfor -%} + {%- for key, value in item.items() | sort -%} + {%- if value is mapping -%} + {#- Second, process all mappings. -#} + {{ "\n" + + (" " * (super_keys | length)) + + "[" + + ((super_keys+[key]) | map('to_json') | join(".")) + + "]\n" + + yaml2toml(value, super_keys+[key]) + }} + {%- endif -%} + {%- endfor -%} +{%- endmacro -%} diff --git a/packer/ansible/roles/kubernetes_install/tests/inventory b/packer/ansible/roles/kubernetes_install/tests/inventory new file mode 100644 index 0000000..44d2fb2 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tests/inventory @@ -0,0 +1,17 @@ +[master] +10.10.30.214 + +[worker] +10.10.30.215 +10.10.30.216 + +[cluster:children] +master +worker + +[master:vars] +kubernetes_role="master" + +[worker:vars] +kubernetes_role="node" + diff --git a/packer/ansible/roles/kubernetes_install/tests/test.yml b/packer/ansible/roles/kubernetes_install/tests/test.yml new file mode 100644 index 0000000..d2103bc --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/tests/test.yml @@ -0,0 +1,6 @@ +--- +- hosts: cluster + become: true + gather_facts: true + roles: + - role: kubernetes_install diff --git a/packer/ansible/roles/kubernetes_install/vars/main.yml b/packer/ansible/roles/kubernetes_install/vars/main.yml new file mode 100644 index 0000000..2aa5032 --- /dev/null +++ b/packer/ansible/roles/kubernetes_install/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for apache diff --git a/packer/ansible/roles/node/tasks/main.yml b/packer/ansible/roles/node/tasks/main.yml new file mode 100644 index 0000000..7e8907b --- /dev/null +++ b/packer/ansible/roles/node/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: echo hello + command: echo "Not Valid Ruby Version" + +- name: Update apt repo and cache on all Debian/Ubuntu boxes + apt: update_cache=yes cache_valid_time=3600 + +- name: Install cifs-utils + apt: name=cifs-utils state=latest update_cache=yes + +- name: Install nfs-common + apt: name=nfs-common state=latest update_cache=yes + +- name: sysctl.j2 create conf + template: + src: sysctl.j2 + dest: /etc/sysctl.conf + owner: root + group: root + mode: 0644 \ No newline at end of file diff --git a/packer/ansible/roles/node/tasks/sysctl.yml b/packer/ansible/roles/node/tasks/sysctl.yml new file mode 100755 index 0000000..52c98a9 --- /dev/null +++ b/packer/ansible/roles/node/tasks/sysctl.yml @@ -0,0 +1,8 @@ +--- +- name: Add pam_tally2.so + template: + src: sysctl.j2 + dest: /etc/sysctl.conf + owner: root + group: root + mode: 0644 diff --git a/packer/ansible/roles/node/templates/common-auth.j2 b/packer/ansible/roles/node/templates/common-auth.j2 new file mode 100755 index 0000000..64a603b --- /dev/null +++ b/packer/ansible/roles/node/templates/common-auth.j2 @@ -0,0 +1,27 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. +auth required pam_tally2.so onerr={{onerr}} even_deny_root deny={{deny}} unlock_time={{unlock_time}} + +# here are the per-package modules (the "Primary" block) +auth [success=1 default=ignore] pam_unix.so nullok +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +auth required pam_permit.so +# since the modules above will each just jump around +# and here are more per-package modules (the "Additional" block) +auth optional pam_cap.so +# end of pam-auth-update config diff --git a/packer/ansible/roles/node/templates/pwquality.conf.j2 b/packer/ansible/roles/node/templates/pwquality.conf.j2 new file mode 100755 index 0000000..3ec2cbe --- /dev/null +++ b/packer/ansible/roles/node/templates/pwquality.conf.j2 @@ -0,0 +1,50 @@ +# Configuration for systemwide password quality limits +# Defaults: +# +# Number of characters in the new password that must not be present in the +# old password. +# difok = 5 +# +# Minimum acceptable size for the new password (plus one if +# credits are not disabled which is the default). (See pam_cracklib manual.) +# Cannot be set to lower value than 6. +minlen = {{pwquality_minlen}} +# +# The maximum credit for having digits in the new password. If less than 0 +# it is the minimum number of digits in the new password. +dcredit = {{pwquality_dcredit}} +# +# The maximum credit for having uppercase characters in the new password. +# If less than 0 it is the minimum number of uppercase characters in the new +# password. +ucredit = {{pwquality_ucredit}} +# +# The maximum credit for having lowercase characters in the new password. +# If less than 0 it is the minimum number of lowercase characters in the new +# password. +lcredit = {{pwquality_lcredit}} +# +# The maximum credit for having other characters in the new password. +# If less than 0 it is the minimum number of other characters in the new +# password. +ocredit = {{pwquality_ocredit}} +# +# The minimum number of required classes of characters for the new +# password (digits, uppercase, lowercase, others). +# minclass = 0 +# +# The maximum number of allowed consecutive same characters in the new password. +# The check is disabled if the value is 0. +maxrepeat = {{pwquality_maxrepeat}} +# +# The maximum number of allowed consecutive characters of the same class in the +# new password. +# The check is disabled if the value is 0. +# maxclassrepeat = 0 +# +# Whether to check for the words from the passwd entry GECOS string of the user. +# The check is enabled if the value is not 0. +# gecoscheck = 0 +# +# Path to the cracklib dictionaries. Default is to use the cracklib default. +# dictpath = diff --git a/packer/ansible/roles/node/templates/sysctl.j2 b/packer/ansible/roles/node/templates/sysctl.j2 new file mode 100644 index 0000000..f8eff1d --- /dev/null +++ b/packer/ansible/roles/node/templates/sysctl.j2 @@ -0,0 +1,82 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +################################################################### +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all, >1 bitmask of sysrq functions +# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html +# for what other values do +#kernel.sysrq=438 + +vm.dirty_background_ratio = 5 +vm.dirty_ratio = 80 + +net.core.default_qdisc = fq +net.core.rmem_max = 268435456 +net.core.wmem_max = 268435456 +net.ipv4.conf.all.arp_announce = 2 +net.ipv4.conf.all.arp_filter = 1 +net.ipv4.conf.all.arp_ignore = 1 +net.ipv4.conf.default.arp_filter = 1 +net.ipv4.tcp_congestion_control = htcp +net.ipv4.tcp_no_metrics_save = 1 +net.ipv4.tcp_rmem = 4096 87380 134217728 +net.ipv4.tcp_wmem = 4096 65536 134217728 diff --git a/packer/ansible/roles/security-settings/defaults/main.yml b/packer/ansible/roles/security-settings/defaults/main.yml new file mode 100755 index 0000000..fab5deb --- /dev/null +++ b/packer/ansible/roles/security-settings/defaults/main.yml @@ -0,0 +1,43 @@ +# Password aging settings +os_auth_pw_max_age: 90 +os_auth_pw_min_age: 10 +os_auth_pw_warn_age: 7 +passhistory: 2 + +# Inactivity and Failed attempts lockout settings +fail_deny: 5 +fail_unlock: 0 +inactive_lock: 0 +shell_timeout: 300 + +# tally settings +onerr: 'fail' +deny: 5 +unlock_time: 300 + +# Password complexity settings +pwquality_minlen: 9 +pwquality_maxrepeat: 3 +pwquality_lcredit: -1 +pwquality_ucredit: -1 +pwquality_dcredit: -1 +pwquality_ocredit: -1 + +# SSH settings +sshrootlogin: 'no' +sshmainport: 22 +ssh_service_name: sshd + +# Crictl setup +crictl_app: crictl +crictl_version: 1.25.0 +crictl_os: linux +crictl_arch: amd64 +crictl_dl_url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{ crictl_version }}/{{ crictl_app }}-v{{ crictl_version }}-{{ crictl_os }}-{{ crictl_arch }}.tar.gz +crictl_bin_path: /usr/local/bin +crictl_file_owner: root +crictl_file_group: root + +# temp +username: +password: diff --git a/packer/ansible/roles/security-settings/files/allow_users.conf b/packer/ansible/roles/security-settings/files/allow_users.conf new file mode 100644 index 0000000..b8a221d --- /dev/null +++ b/packer/ansible/roles/security-settings/files/allow_users.conf @@ -0,0 +1,2 @@ +AllowUsers *@10.20.142.* +AllowUsers *@10.10.43.* diff --git a/packer/ansible/roles/security-settings/files/login_banner b/packer/ansible/roles/security-settings/files/login_banner new file mode 100755 index 0000000..d294eeb --- /dev/null +++ b/packer/ansible/roles/security-settings/files/login_banner @@ -0,0 +1,20 @@ +#!/bin/sh +printf ''' + |-----------------------------------------------------------------| + | This system is for the use of authorized users only. | + | Individuals using this computer system without authority, or in | + | excess of their authority, are subject to having all of their | + | activities on this system monitored and recorded by system | + | personnel. | + | | + | In the course of monitoring individuals improperly using this | + | system, or in the course of system maintenance, the activities | + | of authorized users may also be monitored. | + | | + | Anyone using this system expressly consents to such monitoring | + | and is advised that if such monitoring reveals possible | + | evidence of criminal activity, system personnel may provide the | + | evidence of such monitoring to law enforcement officials. | + |-----------------------------------------------------------------| +''' + diff --git a/packer/ansible/roles/security-settings/handlers/main.yml b/packer/ansible/roles/security-settings/handlers/main.yml new file mode 100755 index 0000000..abab7ef --- /dev/null +++ b/packer/ansible/roles/security-settings/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart sshd + service: + name: "{{ ssh_service_name }}" + state: restarted + enabled: true diff --git a/packer/ansible/roles/security-settings/tasks/admin_set.yml b/packer/ansible/roles/security-settings/tasks/admin_set.yml new file mode 100755 index 0000000..e3442ad --- /dev/null +++ b/packer/ansible/roles/security-settings/tasks/admin_set.yml @@ -0,0 +1,16 @@ +--- +- name: create user + user: + name: exemdev2 + state: present + groups: sudo + shell: /bin/bash + password: "{{ 'saasadmin1234' | password_hash('sha512') }}" + +- name: key add + authorized_key: + user: exemdev2 + state: present + key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" + manage_dir: False + diff --git a/packer/ansible/roles/security-settings/tasks/banner.yml b/packer/ansible/roles/security-settings/tasks/banner.yml new file mode 100755 index 0000000..6a172c9 --- /dev/null +++ b/packer/ansible/roles/security-settings/tasks/banner.yml @@ -0,0 +1,29 @@ +--- +- name: Create a tar.gz archive of a single file. + archive: + path: /etc/update-motd.d/* + dest: /etc/update-motd.d/motd.tar.gz + format: gz + force_archive: true + +- name: remove a motd.d files + file: + path: /etc/update-motd.d/{{ item }} + state: absent + with_items: + - 10-help-text + - 85-fwupd + - 90-updates-available + - 91-release-upgrade + - 95-hwe-eol + - 98-fsck-at-reboot + - 50-motd-news + - 88-esm-announce + +- name: Create login banner + copy: + src: login_banner + dest: /etc/update-motd.d/00-header + owner: root + group: root + mode: 0755 diff --git a/packer/ansible/roles/security-settings/tasks/crictl.yml b/packer/ansible/roles/security-settings/tasks/crictl.yml new file mode 100755 index 0000000..26efb30 --- /dev/null +++ b/packer/ansible/roles/security-settings/tasks/crictl.yml @@ -0,0 +1,19 @@ +--- +- name: Downloading and extracting {{ crictl_app }} {{ crictl_version }} + unarchive: + src: "{{ crictl_dl_url }}" + dest: "{{ crictl_bin_path }}" + owner: "{{ crictl_file_owner }}" + group: "{{ crictl_file_group }}" + extra_opts: + - crictl + remote_src: yes + +- name: Crictl command crontab setting + ansible.builtin.cron: + name: "crictl prune" + minute: "0" + hour: "3" + user: root + job: "/usr/local/bin/crictl rmi --prune" + diff --git a/packer/ansible/roles/security-settings/tasks/login_defs.yml b/packer/ansible/roles/security-settings/tasks/login_defs.yml new file mode 100755 index 0000000..f25702a --- /dev/null +++ b/packer/ansible/roles/security-settings/tasks/login_defs.yml @@ -0,0 +1,48 @@ +--- +- name: Set pass max days + lineinfile: + dest: /etc/login.defs + state: present + regexp: '^PASS_MAX_DAYS.*$' + line: "PASS_MAX_DAYS\t{{os_auth_pw_max_age}}" + backrefs: yes + +- name: Set pass min days + lineinfile: + dest: /etc/login.defs + state: present + regexp: '^PASS_MIN_DAYS.*$' + line: "PASS_MIN_DAYS\t{{os_auth_pw_min_age}}" + backrefs: yes + +- name: Set pass min length + lineinfile: + dest: /etc/login.defs + state: present + regexp: '^PASS_MIN_LEN.*$' + line: "PASS_MIN_LEN\t{{pwquality_minlen}}" + backrefs: yes + +- name: Set pass warn days + lineinfile: + dest: /etc/login.defs + state: present + regexp: '^PASS_WARN_AGE.*$' + line: "PASS_WARN_AGE\t{{os_auth_pw_warn_age}}" + backrefs: yes + +- name: Set password encryption to SHA512 + lineinfile: + dest: /etc/login.defs + state: present + regexp: '^ENCRYPT_METHOD\s.*$' + line: "ENCRYPT_METHOD\tSHA512" + backrefs: yes + +- name: Disable MD5 crypt explicitly + lineinfile: + dest: /etc/login.defs + state: present + regexp: '^MD5_CRYPT_ENAB.*$' + line: "MD5_CRYPT_ENAB NO" + backrefs: yes diff --git a/packer/ansible/roles/security-settings/tasks/main.yml b/packer/ansible/roles/security-settings/tasks/main.yml new file mode 100755 index 0000000..de01d6d --- /dev/null +++ b/packer/ansible/roles/security-settings/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- include: login_defs.yml + tags: login_defs + +- include: pam.yml + tags: pam + +- include: sshd_config.yml + tags: sshd_config + +- include: profile.yml + tags: profile + +- include: banner.yml + tags: banner + +- include: crictl.yml + tags: crictl + +- include: admin_set.yml + tags: admin_set + +- include: python.yml + tags: python \ No newline at end of file diff --git a/packer/ansible/roles/security-settings/tasks/pam.yml b/packer/ansible/roles/security-settings/tasks/pam.yml new file mode 100755 index 0000000..ae1c637 --- /dev/null +++ b/packer/ansible/roles/security-settings/tasks/pam.yml @@ -0,0 +1,50 @@ +--- +- name: Add pam_tally2.so + template: + src: common-auth.j2 + dest: /etc/pam.d/common-auth + owner: root + group: root + mode: 0644 + +- name: Create pwquality.conf password complexity configuration + block: + - apt: + name: libpam-pwquality + state: present + install_recommends: false + - template: + src: pwquality.conf.j2 + dest: /etc/security/pwquality.conf + owner: root + group: root + mode: 0644 + +- name: Add pam_tally2.so + block: + - lineinfile: + dest: /etc/pam.d/common-account + regexp: '^account\srequisite' + line: "account requisite pam_deny.so" + + - lineinfile: + dest: /etc/pam.d/common-account + regexp: '^account\srequired' + line: "account required pam_tally2.so" + +- name: password reuse is limited + lineinfile: + dest: /etc/pam.d/common-password + line: "password required pam_pwhistory.so remember=5" + +- name: password hashing algorithm is SHA-512 + lineinfile: + dest: /etc/pam.d/common-password + regexp: '^password\s+\[success' + line: "password [success=1 default=ignore] pam_unix.so sha512" + +- name: Shadow Password Suite Parameters + lineinfile: + dest: /etc/pam.d/common-password + regexp: '^password\s+\[success' + line: "password [success=1 default=ignore] pam_unix.so sha512" diff --git a/packer/ansible/roles/security-settings/tasks/profile.yml b/packer/ansible/roles/security-settings/tasks/profile.yml new file mode 100755 index 0000000..fb1b456 --- /dev/null +++ b/packer/ansible/roles/security-settings/tasks/profile.yml @@ -0,0 +1,24 @@ +--- +- name: Set session timeout + lineinfile: + dest: /etc/profile + regexp: '^TMOUT=.*' + insertbefore: '^readonly TMOUT' + line: 'TMOUT={{shell_timeout}}' + state: "{{ 'absent' if (shell_timeout == 0) else 'present' }}" + +- name: Set TMOUT readonly + lineinfile: + dest: /etc/profile + regexp: '^readonly TMOUT' + insertafter: 'TMOUT={{shell_timeout}}' + line: 'readonly TMOUT' + state: "{{ 'absent' if (shell_timeout == 0) else 'present' }}" + +- name: Set export TMOUT + lineinfile: + dest: /etc/profile + regexp: '^export TMOUT.*' + insertafter: 'readonly TMOUT' + line: 'export TMOUT' + state: "{{ 'absent' if (shell_timeout == 0) else 'present' }}" diff --git a/packer/ansible/roles/security-settings/tasks/python.yml b/packer/ansible/roles/security-settings/tasks/python.yml new file mode 100644 index 0000000..e59b533 --- /dev/null +++ b/packer/ansible/roles/security-settings/tasks/python.yml @@ -0,0 +1,25 @@ +--- +- name: add apt repository + shell: add-apt-repository ppa:deadsnakes/ppa -y + +- name: apt update + apt: + name: "*" + state: latest + +- name: install python 3.9 + apt: + name: python3.9 + state: present + +- name: install pip3 + apt: + name: python3-pip + state: present + +- name: setting default 3.9 version + shell: | + update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1 + update-alternatives --set python3 /usr/bin/python3.9 + + diff --git a/packer/ansible/roles/security-settings/tasks/sshd_config.yml b/packer/ansible/roles/security-settings/tasks/sshd_config.yml new file mode 100755 index 0000000..6e51765 --- /dev/null +++ b/packer/ansible/roles/security-settings/tasks/sshd_config.yml @@ -0,0 +1,31 @@ +--- +- name: Configure ssh root login to {{sshrootlogin}} + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^(#)?PermitRootLogin.*' + line: 'PermitRootLogin {{sshrootlogin}}' + insertbefore: '^Match.*' + state: present + owner: root + group: root + mode: 0640 + notify: restart sshd + +- name: SSH Listen on Main Port + lineinfile: + dest: /etc/ssh/sshd_config + insertbefore: '^#*AddressFamily' + line: 'Port {{sshmainport}}' + state: present + owner: root + group: root + mode: 0640 + notify: restart sshd + + #- name: SSH AllowUsers Setting + # copy: + # src: allow_users.conf + # dest: /etc/ssh/sshd_config.d/allow_users.conf + # owner: root + # group: root + # mode: 0644 diff --git a/packer/ansible/roles/security-settings/templates/common-auth.j2 b/packer/ansible/roles/security-settings/templates/common-auth.j2 new file mode 100755 index 0000000..64a603b --- /dev/null +++ b/packer/ansible/roles/security-settings/templates/common-auth.j2 @@ -0,0 +1,27 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. +auth required pam_tally2.so onerr={{onerr}} even_deny_root deny={{deny}} unlock_time={{unlock_time}} + +# here are the per-package modules (the "Primary" block) +auth [success=1 default=ignore] pam_unix.so nullok +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +auth required pam_permit.so +# since the modules above will each just jump around +# and here are more per-package modules (the "Additional" block) +auth optional pam_cap.so +# end of pam-auth-update config diff --git a/packer/ansible/roles/security-settings/templates/pwquality.conf.j2 b/packer/ansible/roles/security-settings/templates/pwquality.conf.j2 new file mode 100755 index 0000000..3ec2cbe --- /dev/null +++ b/packer/ansible/roles/security-settings/templates/pwquality.conf.j2 @@ -0,0 +1,50 @@ +# Configuration for systemwide password quality limits +# Defaults: +# +# Number of characters in the new password that must not be present in the +# old password. +# difok = 5 +# +# Minimum acceptable size for the new password (plus one if +# credits are not disabled which is the default). (See pam_cracklib manual.) +# Cannot be set to lower value than 6. +minlen = {{pwquality_minlen}} +# +# The maximum credit for having digits in the new password. If less than 0 +# it is the minimum number of digits in the new password. +dcredit = {{pwquality_dcredit}} +# +# The maximum credit for having uppercase characters in the new password. +# If less than 0 it is the minimum number of uppercase characters in the new +# password. +ucredit = {{pwquality_ucredit}} +# +# The maximum credit for having lowercase characters in the new password. +# If less than 0 it is the minimum number of lowercase characters in the new +# password. +lcredit = {{pwquality_lcredit}} +# +# The maximum credit for having other characters in the new password. +# If less than 0 it is the minimum number of other characters in the new +# password. +ocredit = {{pwquality_ocredit}} +# +# The minimum number of required classes of characters for the new +# password (digits, uppercase, lowercase, others). +# minclass = 0 +# +# The maximum number of allowed consecutive same characters in the new password. +# The check is disabled if the value is 0. +maxrepeat = {{pwquality_maxrepeat}} +# +# The maximum number of allowed consecutive characters of the same class in the +# new password. +# The check is disabled if the value is 0. +# maxclassrepeat = 0 +# +# Whether to check for the words from the passwd entry GECOS string of the user. +# The check is enabled if the value is not 0. +# gecoscheck = 0 +# +# Path to the cracklib dictionaries. Default is to use the cracklib default. +# dictpath = diff --git a/packer/ansible/roles/security-settings/templates/sysctl.j2 b/packer/ansible/roles/security-settings/templates/sysctl.j2 new file mode 100644 index 0000000..5f2e952 --- /dev/null +++ b/packer/ansible/roles/security-settings/templates/sysctl.j2 @@ -0,0 +1,79 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +################################################################### +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all, >1 bitmask of sysrq functions +# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html +# for what other values do +#kernel.sysrq=438 + +net.core.default_qdisc = fq +net.core.rmem_max = 268435456 +net.core.wmem_max = 268435456 +net.ipv4.conf.all.arp_announce = 2 +net.ipv4.conf.all.arp_filter = 1 +net.ipv4.conf.all.arp_ignore = 1 +net.ipv4.conf.default.arp_filter = 1 +net.ipv4.tcp_congestion_control = htcp +net.ipv4.tcp_no_metrics_save = 1 +net.ipv4.tcp_rmem = 4096 87380 134217728 +net.ipv4.tcp_wmem = 4096 65536 134217728 diff --git a/packer/ansible/test.yaml b/packer/ansible/test.yaml new file mode 100755 index 0000000..7a08705 --- /dev/null +++ b/packer/ansible/test.yaml @@ -0,0 +1,30 @@ +--- +- name: Set session timeout + hosts: all + tasks: + - lineinfile: + dest: /etc/profile + regexp: '^TMOUT=.*' + insertbefore: '^readonly TMOUT' + line: 'TMOUT={{shell_timeout}}' + state: "{{ 'absent' if (shell_timeout == 0) else 'present' }}" + +- name: Set TMOUT readonly + hosts: all + tasks: + - lineinfile: + dest: /etc/profile + regexp: '^readonly TMOUT' + insertafter: 'TMOUT={{shell_timeout}}' + line: 'readonly TMOUT' + state: "{{ 'absent' if (shell_timeout == 0) else 'present' }}" + +- name: Set export TMOUT + hosts: all + tasks: + - lineinfile: + dest: /etc/profile + regexp: '^export TMOUT.*' + insertafter: 'readonly TMOUT' + line: 'export TMOUT' + state: "{{ 'absent' if (shell_timeout == 0) else 'present' }}" diff --git a/packer/test.pkr.hcl b/packer/test.pkr.hcl new file mode 100644 index 0000000..0a0c6bc --- /dev/null +++ b/packer/test.pkr.hcl @@ -0,0 +1,35 @@ +variable "access_key" { + default = "fHrc64JJfNV9pLVUMIsQ" +} + +variable "secret_key" { + default = "93qernzjJp9CKuGkXLlHxQNn2bkxIKauzCkBjrw4" +} + +locals { + timestamp = regex_replace(timestamp(), "[- TZ:]", "") +} + +source "ncloud" "test-linux" { + access_key = "${var.access_key}" + secret_key = "${var.secret_key}" + server_image_product_code = "SW.VSVR.OS.LNX64.UBNTU.SVR2004.B050" + server_image_name = "packer-${local.timestamp}" + server_image_description = "server image description" + region_code = "KR" + support_vpc = true + communicator = "ssh" + ssh_username = "root" +} + +build { + sources = ["source.ncloud.test-linux"] + + provisioner "ansible" { + playbook_file = "./ansible/node_roles.yaml" + user = "root" + #extra_arguments = ["--become","--ssh-extra-args", "'-o HostKeyAlgorithms=+ssh-rsa'", "'-o PubkeyAcceptedKeyTypes=+ssh-rsa'"] + extra_arguments = ["--scp-extra-args", "'-O'", "--ssh-extra-args", "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -o IdentitiesOnly=yes", "--become"] + ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"] + } +} diff --git a/terraform/.DS_Store b/terraform/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..5008ddfcf53c02e82d7eee2e57c38e5672ef89f6 GIT binary patch literal 6148 zcmeH~Jr2S!425mzP>H1@V-^m;4Wg<&0T*E43hX&L&p$$qDprKhvt+--jT7}7np#A3 zem<@ulZcFPQ@L2!n>{z**++&mCkOWA81W14cNZlEfg7;MkzE(HCqgga^y>{tEnwC%0;vJ&^%eQ zLs35+`xjp>T0?8~#PQ|pgPDuzuFgSo(NkMZ$0xH3l zL({9my-ff?h}2RFt@)`Xh$4b*8Tz}uSK7-tClevH66$Sp1kC$=*4{hWIR@I^_r9Oc z`$zNn?3_KU^{i(-(|Vp~t-bbdKL6y4zDl_ie{PQc9QAQZd6kbdrLN+*l_M|j?yTuk z@0&X7F1g$DPgm}F>q}PxXA%YT@^YtsE4SxkUEe>q=S}MxR8$Oy$9kHV_vG9qPj(mm z61)LsXYymMM!5EN7ncja^D-~*iIPWVKejOMi6@_$J@(7^}^1$DohU zZPJ=M&7u~)>}#Qy90D5>K=)|8dWZM;!Ye4vAMh@Q7knsreD1;pj~1K7^YVJa^Z#+F z#_zxk^SNAK9NvN_3ua#!UjBq-8eaX?COo;mIK26f!C7GTj-T)ACOq@0QgVHK*oEQMSl|@!dgz1MO4t9qyhqUmQzagMa`Bh&tGUg@&#)9yuElQH ze}Y$$eZepA9s^F7N<{ZJc!vpZQn5)bxxN_P^76Vs=~klQ`ReL4{nkv@Rz=D6#o^6< z;)x#kiX3;}sQ>K$m~v-#m`6@{W-Hz0t^RfajmFPE{+Alw;nUr9E(WjL{@y<0&Y4rE z%&^RwGWKXV?w?2r`Fl(Mx32{+CvIQmdQjKBM9$Z zyc~O!iZ`G2_FrT`;1~<`sM!n{HD~sz!$?jI_1Q?+x0&Hd(Ampn4RcOFb?9*m<*qKY(lzEb+HPJZb0C-=cpr@?g4GvhDsY(cDHetiV(IW1wEeHkjGoQcYxaER{oRe05rCXe?};kgy7Jjzp< zH$b(|Jl~lcql~(xeZM#BtzU0myhkM$Z#dVP>jK_JVDY=QaWwensK|ys9lyv_?zZPs zRBk49J^T(GppGe;n%Dz?lBO~P%*CH3^QugGP)$1~^QSBSxQ*6<^C6iabIO_!cN#(jZ-pDwy!?kEH?W}lE z?bvKw64>H3B7_W@mM5!K#!Bw*=l+M>Z@pIOXZY7ibB?GgW0cyV-cAmLJj-^jJ_f(X z!AE%h0_QdI?7#q?E#0|7o=r4mVL9h&lv<;fjOAJB&S$w^1gwS}Bhon9h*Tm2;dB)V zPF9hb+y~BK^>|z$)$2d{gus~$oOC1dcodw4T<1C9lmN#M?h4#piavqAU#VR|_$IPK ztd^u@GRLiDGS#mF>2r*XA@N3JDCLJyet5o-G2NpkcsQO@M#cwjHL)2QG{N`qa1{w< zsz@4b=8saR)%GEQRFD7YZGt0x30-SMrgP4-!)jqtAmsKR&Ea|i<%9GylxYCN02h^1 zu2e=g@{xiZeRQ@n_hWFEYmwPit)01^qS=#5cc?`Lot?Qec$TVV*xh!p4LL0;n6&3J z^V$78BPjr!gtmh*D)%7$*h@cBfU`VK<<7iZRrWo(^w@0+7Iw^zF(P>?rmgIY&fH)M z^!D^Ym*Q%_76Z;MH8GfCAm1iWn$Tfe4qD*j$!a5`mHsu+UO6-_gvJH5Gl%x1p0pQ6 z{wk7GWs}F)xguX>*w6Jdx5{0~vlifdFh^zB?eqoSuMev#ztD5X)qzm|(w%=f3cW1Z z`7`IrAv>RP9j3fp|J)ayS6=p_tLjpY0URx~aT53@O=8py%100$=HKPwgf8*QKA+=i1LHpW^fUU#E>5 zTuwd9#vKGlv2nKj9NAB7+cjObt!6wjtC9mRUrWES6XKoY2p$Yj8QPpL@*b;PX5E+`0y*WBR$*d=6f};kp5O`CR^^706{p{v`o) zKBCY4=D81g)hIRIwhfFU5%OqB%PF6Y9RCs+3HEs9acSEi8%x-b`6E5x2O?(=js<#;<9_IW$>^VP9|Lhxv~SJegotOB9LXLrgt zHT-E;Rle$&Amf&dZ<#8kxZ!uz>%7pn0(yv@C`303m-X)nKgZqCw9nnqkmKnH{s4G! z&uDl9EqG$jZFoW8Av>p2p|=lsL1bTF!#}y!=kTuU9KLm(!!tQI$MSC4%!M{@J7}Z$ zv+1({JMcyS!Cmx8hbC^0A<&0078~SglW|ULP)O{)Cq|FygS^-wr6vmQanPaxyONKr zHDLP-_|1mL{VAhy*{8nbR~X=A>)ao}&Bo_L?4ncOf?~(9>Gqh=Fwlt1#)gXh4q~74 zhN$*h`jCU&98y%+;o*o$a#s%Hc#VD>;OJyrcVW}Q0~s68*=ELb+cybgQ=2^4Eti_0 zbyNDl7-{$6zj&5^E>8DT_r;Pq;Y*KehtHJY=-WY??&nTCFTRz~UjId1yUtbjcpiP7 zto#}1@!`TXSBPw8>{DvO|dU+QrcH{eGIACk}I>FWY`=02DF{QAz$-SSNO z>umr33wUnu%Lcz}@FU$f!R-&dDZ1+hCl|OJ2bUmrTJVteo#pY{CY<%8*189reKT9R zR>}A;_2gXo@fLNX@psl=F71s8N!?mU-P+#j3jL$o*Y%aIU+Jh{Y1g;$Hkrr&b0-cs z@rk~Me?6W@U-w4;v)CB;c>sR4IryosEq)%j7(bo#u;|}m(fs@%_V;*R{==b788-728t zluuRUXTR3|#10i48rXoHIgT&!Ywm?UH6oLdA7nZZ_LS`WA!CBrA#%P+L9tWZPg|1T z5k}WHQa<%JGFBUrfz>JX^dj&ZF9Wh_H`f1a&`Qo5nEp2+q*7Px!TLdRIe+* zhPaB-COL6dd!Z$^OJbq|@J@;HAy+%_`vbT+WA5H?a5ElB+#ooVfkPM^vMn64OdM9F zUSk{+A0rr7z0QftAL_etxy8c8=Fdp_<{Zzn$M}z4@4oOj{E!3hPaQP1;VrmK;3aqY z2NIt(5c|a-gRvYk=6t|-TvRk~(t@x0k0$tP&J0bBNp5CbtyZyZ*AWvnlLMH~vpAle zq@Pmf1!b)5^GsZFrYoiG)=QsXS8*=u2QACulB-pUt|R$@I1By@!0%HuXHqdR5`i&) zWL$EiC!zL)^0vK*d}Z=`55+;ThTu-K}x~Ac(u2aPniyv?Tn-rf& zY;mos!&cOWJ+ZZoh zl4JT=&7Q>CO#1sttjbM*77v4KA8?&MG%oo=X zS>TqmCwl0fJPC*`rU;5m-LgaBj*QJ&`iqCJ$dlB#xiVC}UJZ)%f zasx5w9(-j}9z9wf9{`so#?m#roC*mavrReF7Uw@w|hck3Q(Q5H5P(-q&Ag}$e#K5ePU-2T4C+G(+B*M7#! zL(tG$VRTI8kn(%E=Kc|H(Y%hS9C9xR4=VcBf4rGPUn8evUOpDQ=D7w<@Zwud<Mq?8PDQ{z%`3xduqtI?C2jwzz=Y>3;H{L1d2!>_9e0vx=88C6ps5?gO%JZxCbo!bwz&PWRarxxZwS|5ah)FUgi5wSSUb&83+mTY}Um*E4o^Nxj zUFpzVa#x%Cy6((Y35R_Awp=s(hWNoFZgAC{xLwMpul7AUg`@DAp?6kr%zJytogYjZ z^Jx5vmWM*nEcWL3JBwYhmG3IGOWKom>^7I<^Cr5w?C9DyU;NQSuDo~6L{XFy<3MPi!I7~ zaCnT`J<=6(u+^(}3k;FPY-BObt9H${{W% zWmL4jWy6!7K|{MtCb;{llMNr_*>=Y>k*OirwhE;xStl4MMHjYWQ$6%=Dt$|#y#vrb zHp%EXflQS_1K=f<#|$8M96tfNNx8adV~jVYY!Q0vNiyCPdnaW*J~@xov}5UFk}ex> zlt|flY-x|OV~izs*69^UsT-`B_}RdE_NOYSsmDR(Qn48CvL_ztvS zO+!bgGcO=zSl1@7bbA_4Z#S$s6PCvDByn-A#EK%*5aUFr$v*vqGHZXnuwh#%~$R5;4^j5-mMSkt0U8k9@h2Zu{V9F zm*+BR+2?UNH|zBQMxHCKZ7;BiO|O)?(`k31UmdxvXrWmjd()Tt)mHt!)UUSc_dPA= zX8pdvs%Gpe0G8;Uom&dyM@T-WwLt}*=Duxzx}ICUMk_k~nB)1o=vNzK(@;Ntg?sB6 zu`gnqHuv@3DYoji0mfPut#4{m0nQBl`!`f1K}~R>>N)L(0ML?sJi**F!zYw@Q94=gJGmX`e0Yrqd_T-lq2qY?TupD+Aw&_xZje{)6II z@w*&9D`yQklkfiE==~>moLPF$@6SwbZ#z?{k`FCSUU78&6}!$%{`fa%mIlwAnWK^q z&RzE2`gzN|>vPtq$h#`$VA$gxm8DzYn^GkjElECiKuBv5M6Q}cx8I{va;RG7@_RNDx{PO3e-8SGt z_P15rgP!ziz}NdnX?0^S{rpF1mEH@CzlT<37opX|&}wWHtzPMcR$Cpks&mL|LXz0a ztGe=8p1X|X9%QJH@wD(pe4sJ-GUORTIVv)Tykv!cVqpD}!j61T3cjj2mt6CO zr7Qc){EvPAzb2cJyG?zt z`rb%>tvp|mOBcK2s+Bpu2J&`cawP@eGDqfQ$tlSEY!kUWDRWIBxng37Ao&FGZ5wi= z4D)p4$0Sb@=DyG;#GIh4zX&rwm`AL>omf`dIe`o`kgMWa%e+hU^E&F*Mc?m+58a^4 zh30GAJWJ;&C3m_P`4FEal|#yhnBQ^36BlwTyfR}s;~n6=qkO4fapGyWho5qu=jWBL z;6l&4>W6`^yujlSc+#H1ykO6mu^XOM{ygP1{NBpj{(|`8PX9^z1#Y^pLpaZa|Hxgg z*lQ1cl)UP<&)K^F<#BSAgP$!HFQw0Rdo!Zi6WxAj2e>Bscx$*4a4eoycAaWmiT3D;JL#a6YxDvf?WyQ~X$_CHZD0LIhm+I%w@Eo{n3b{82xvo&g z&N<{%^*vuN_l#cd<@da2+Fn!N#24B@KMy(h<(zMmcqhBah}@5@%(-y}a|4oRcGU_F z1zr`AdxeGy`tSfW9Y>s2DmpPwQR+q}y z4)77| z=M?7lSHRzu3z?V09!s9C5F0IdH~gjC6^|oxPs&&o(v{r8+BbCEQ1JSmL3o5)S(s4Ui#dfKu%ch>JLb#3cpj*YIYQT1O71d$2x zor27#hqxciQ2~*cwM%UO&eScN1orsxf}Zd1riDQcJc}G`2slCD+{S!8a&lOC#|Fxf zlf?&^o5q&L^UM7;>g7>^EbcFq`{d%>{QinM4{+2-z1y!0l(BYrp=F~*w_gFLphLF> zC+8e=46-!Uqjrfu*NEK7e6R2*ta;?F{kG^KwoLkqKlPFy9o4kSv3zy>#Sr`m!#9z` zo9(gAdhRUiJhy2RjgO4q73hG>HETR3nmCEiIDz&J3zu;wE_y9lXrd93yt)(qh0gUl zQ|TLci@zZHGXR_$!QYQ=G;&{j+GhH+SH)B|PDcLFmD`bhC(NGscdyqM{Ke04!|Mv= zJ|y~5?k`{GWxTF%jhQgzLDn~-&lSilIrd%BR)wX{_Pndijq)Brl6Qb%jpJVCLoHis zt>HFtG1qhN7hjvXylQmz4t$2!mdxuoiB7ko)2Fc2GEXTwE%W9c^ynly-HJ}jebH&T zFFMWZ)=5LiXUDi)heGF!$a3YbtWkY9dbZtF#+%hu=B21I?>)qrXWST&{=LQ6(F`6k z9u7Zu-?2`0cf0!%mAiS#{EpYut$`8e?l=}d_L*ZXMMWKFDJ$ihR=Wb5&z*?hjGw+I zUM=!zdK!`S@{IXsfmIKz6kyF}{XqqGtPy&CFlXwq=Tuzf{sB41&fddX6qT&kV2OPc zy4q_Y!uKj24>cg`Vn;8d@13Qw+d50*wsjJ#y3qAh*3s(uW@NA#c?@R~Tk$Md?$Y}H zFRVFr@*$O+Nf9&?x`y#}Lde-k#E6?8m9%$x6JzIvijr}gSy^a|Z$-WPn4%W=&8GA^Cys}{|Mr^5R%`d!Vuho9>f zuBD%U;9dwiN&F>qhe2$9pPN*bh5;{HxZjAqmo@~x=vSDw#BX!<3A?hxwkzMnPYQV+ z-npa|J($@~7A?1G{&NEi?PNeUV3?>FJBut10KE z9h3Itm^#RNXp{0(itS1rlwIi_30@vB0}u;fa$Ok-P{ zkmcryMr6N+6WjKIfBCutD(=t>j!`O>brSJyt@KsqB3s~fvx+^mhkL7;%lZ$S-WKjY z?Q>nln($|LzWz&9RY9Ho)Y+$E4u$o54GFbEn`(TSv|7)+;k+Hd% z+_lUF+3WCRosPWA)1^PyNT;vsq0Kq8S#22YZr-Jso6G#KPc0h3n$H!ivzx5ykMjOj zTMqPMY}q}8c?WZCnM&e!?dJIR)@9Q7rkASM$+Pzp)Woxi{Jk~fNBe$DT9@otg4V`l8!dX1_|#twV9*Z2_Q8U8zVz79Pa?}=BDQOKK{ zm|zQQM22(Th(4*C@L&An1A|lWU7&3U84y^aOI5%N0mpvFV>xj2cnquJ z0btr~2D#s#=fODEn^?G&*|<^OF6YF}LwU)!l>$fnl>+GL8ly_ez`sE7A0RnH@b|00 zcPJxk<6Xo#CNE9BCa=so%bNqPo5?x*t`6M(w)W3XtH;yyyH9Ti(eFZ!hyI}u0V@jbBF{I?_%(2F@m3CSA6?tjTG2b6d7$Y*%?T`53 zVK#m>`N}$voBqMieaMF7FJ(Pe18Yx+SFxAa2$3!PUs*4`2|rJ4hiT7DI}zUG&IsLu zUfhMAz^_7;BC&3yP~cHka*5JUIc8><{S%%A?-G4yOwD)ku7QeZT3}DVdj+zKJpD})LP``taP}~L&csD1>es)~Hi;z%^jOHG+-bIiy^IQggjY{f* zX~7a7VC7%qCJJ9|T*MZ{TrIpZ^JK#75m(@+Y|73^Wn8m)7ewZN0&k-Ee-3+&!LLe5 zLVvM?;Id2XN(|Rc^l3A6p`Ufl(53kvBNE$Jc+EOJY(BCf@5Uy%^U-6TRa>+YA4F)k zp6jsqDwKVhb6Mvq@o36nl_Bp{Z3XW0z&(k)#E+11kGwVKFH-g-<<3IeR$olul+PV_ zow7{Sj}N}8BAruIMCfSdw`5ISLakr7)knAcj6U~je^Tld3r~>^k>x~-_l@Eku_kk| zRaVBiFymY+W7{dlio`75^BRd?gS>4A#&%$c9n1%g8mS_Kfz=l|GvV~D%?HkGU<*zU zYM6<&_gk>V54B;W07DHmVaR%Xfg!ZA;oM0bcdARnnQ6h9VZmu?bO)M|sV(QK!rY`eLVzRaU9d!VDxJIpvO?T?|2 zJwbOy>~D>X=O`n3um?KpGULoL!zt6;sWMm#Mjke$?Rv)7Ffvm^OeE{R@85{-;}6(v zHFp{rwhd0P_#4JQkoJ;*l`JtYW$I&yMd_E*KCo^lBK}QGJTf=NDA}9jSszBmWKLr0 zMCK`xlR1Dr4Fne5@>Vsg!FO15$a0JZsye?Grlir^{(Gs;$n>xNYd$n*GMj zfo9@?An}0Yx}?2^2FAlUW2b?wj;yiOgBcO3X6BA}Y?z%YTVlPa*G-i%&h29QIs^ z@fiygd=q-<@dW#Ue^XZhjU?ZYg8dLZlyk8gA`1c5kWlt;A!Q{8)BvA+@K1d9+5CQv zEilM=i(er=3VwxtcQh5aWxy2~bR(-`v)$N=2CkO@(_CX|?9BPC%E&=h8nA8B=T|0L zw41EDmbm#lS z&`WGhD)f@PsMzh+uaT=jZC~Z)NR;U0&jD z!Bg;)b@IKny#-m@FF8o?{bGXUGXXOnS^JxH;f44Vr@-rB@OmG)-V06N6}bkN{owKr z*F*7(rgn7hN(=Vzi%dFD*Y=Bs_2L)lya2J&&!k_XZ_s21=eA$;W6mwV=&;i-%5?Ze zuTmxrzi1=BHVwotY9=l`850? z(QW*pF8+!y)Qm60oc5I$l8qtM(Q=Teb~Qs2J?_C{8Phge{9O$G!mnod)r7qfo&{{4 zq0|3Up2>Pmn`hsqjo%5+h9FmG;hE2+ec5@~OW|`Zd=?*e*bvi)mG@N+8m4VDdDW-( zR$$n?n##G&t8C6iX6^oEp7VD3u9JC|hM$$eukeQUdhn(XJUIwYqWK~Eb}?Q^jz#;T zk+_N5=$Ft;4zXQVpvOYr6m&GixH;i{#!YlKXxUyV=VRTb`)+Iw`ui8^JMEkkmIqjj zi94*gY)xwL>Ok|GQTJ-tXMuaVeQc!I=Jv&=&Yf_Khtctuzic1j>nahdw!E!-T05x z-ACMkzq3nW=eCbG{S}F^bU$;fCayOz!x`!4=6##auc+&xC59-Or=rR_6t8IzV>0RMNbSTec~(k~rP zB6D^;IsH9kMPha04%F1H_l{fQPIrkU3HNot>>W znthTO$*rHeYwrO^!8-?7h4>CRgUGMIYl*?=cWxfnS+tkRoFdmf{LtH_?~EbQ{gAjV zD=KcwqHJ$`lh|z)ebliV`77bQBX&D%$8KBTfird!{dQyjBxd_6>%iRDago*0obw)% z9)I2??qZ*jy631{|0?k{_=}yE_+}{O%y`8dJ5sq8|3TuqIPA><#;R@9-A3J3=#zl& ze}ZwWkJRVdtQ%K5P}hsEZH3m-et#PdHlmjLGXB|dTOXe@PU=(ZwaSVwA#qy^aob7a zwoxuuAU)NL+a&gT9T;}p=1Vo>wghaei9^>%K3? zZK=#R5KA4FT--|fqQ@_IA@pvWTD=Q$^P;qO`8LjXAZJ=$PZ;L@8J0cKagP<#I|3+b}^;qDD|JZ%&g7IG~^K#DowX92QME4{IDD%!SyyN61KPh9-3D$v0uC)P~ zYDAXOkT20!$+O2|d*iUZO@m_Ai`^AJUF@!HZ^i!39B0a|z>v8Zd7g$ZZ?5@@smGQ?V~=lbdJbQNis z39s%#N6?iZ`6U@gTM|`Wj_^JcnMXgu)8X4p_{R9yL_3?=CuR${Ov9%WJ0jx;@z0L< zvb4Z)_O*#SFZVvY(yA zh)vM-ldm$zgP$h*(~(!&A$tOmgUXl!Ek(xVy;ySoJNARmdT9B+jzzu2Efy`K%b2kc z?*>Dg_pP{8%Dx6I%O50fm48DZA6h`G%FXEQo|^vcr(|xL-*;KNF_nAIL9>?pv4N%~ zzK*74{-c|fI+Vw}-K{%TtZU*O@&w9^Y=7q1(DN%+1(|QmWPOSc-Eqr3#xm)P-Im~I z<1g(Rw5zC}kB=rc4E`{ebpvyIW)9TF{r9@)uJnE;u4nv5pT;hUt}Fgzyl5{s=bJv% zd%9iGHHRI%m%KPMliaxY*z8T7B=)`)xlY86e?ot@vcBX`p7=wn!FTof@2wi<>RUOT zy&<)}Z|atfAUSt|(b1u*WDmYm$jNOb3p%oRU$6CEvF!=9B995kqpV?B1r0Kx<3{Ge z6R^#rN(wq=x?Gi|8~V3zB^P-e{jO$Dh!>bUW^yYjWqbcf0`i+czNZy^`_QEhkKCIW zILPm9d;0`NUaA7EIqY32zvyNH_zON7&+=|On?2&QmF_&rnh3$^Bf%H^GJo1%|FXcU{(9ba zM{4k@Kq~ej#F`0t?kqES0AoUmJd^cCDQ%CS7b34^{F=IL%9!MDiNDsUbGHPtSTp(k z4~dtkqjmD`s{_Qybz8V6`PUxxtbTOL8cgiV5&GfuImCxp&N!K!Ppsu}x4GmUKE{*= zk1HVS?>}UWTTVSWFXCLU^(%F6>tqZUQYe3NKyVADv*riCgM5EL=C6bJKtjVGO1tPo z2)m>40nxE-Howx@9zWRxU7XVR~RH9@`6=0Y^ zy8Eq9J6}psDQzDiH;s&~tiSk@?7)|{GU&0=qDL|`JpoNcepZfQuU>d=K+|ZvrCx8e zko&2u$6q1v;AiqmlNM#zuob}D6I6@p!Dj?G|6Mq}2#jH`^~C8v)S?=2{zq^sqdyv_ ze$UOC3_S2G4q^K=PUuLt9khHLnKKYu$-86M;}?i5-T%h-jvjyUjWd&f%)7!LHEF%e z0uOBA&I{>0_UE)3bXAwm>%BC&-pjfZ(|(%miLa1_od`0%rj5dPz`takBa%X1Djz)O zl8?ey(f1@bAn}!qf8tlvVkgMCj1AJqdU6vN!Ug-YMy(#%g$wp)O(EAmio!+4qemWb zRn(CHAr_STa!+69Bjb!a0^`Whp1EKd0|f6p@RsrC z|LXCldymx4$5ciqGW`Tx8Y~8zI1#58y7jpcmnK*txLhj7+bKz!6*0? zo4m;!Yd&8{8#hUgdtBgma{d_c2Y#yH<|1}wysS$ra@VCT%r@UmSm@T{vCIYdc936u z5kPB#yWrmp ze*5dk1!T{#AiBRH#F$P0{F9JJ|ER#fF^4SkXC7oqkL`?8bFAEwtgG`fe(9W}Y)h1AW`IAOuBmP!7G|5Abv(Td;yp#Df zAMsd0QFfiY+mVG&Q2?z{@e2!}RVlO+p38jxT<9g|>Cmj21ALP-44(O+ojfZ;?zAph zH1vti?Yc&<-LKqb&NGN?ya}&f@5R4b5S1T^L7qjHW5ItVu~Z7}#?prq;39i_iA-!k zzV{>FtUtLzZcElhN6nn0r?&AXWJPpW%e}EPmwA@ISMH^sa@am! zzkX)F&XF8X(w=riXbbXjr}Uy=DEeQoS)VefIL-(~CR zQ=&J>YISe?Ku(z-wflCNHY<)BBTlf6C_@JGc*pL3ep?&Rpa^5+ad-$m6 z>l&qEP5*QQkphu9ppQEn^wnfRB2)QS9?>p(#?guugx4)6XMJc(19ejh_0Q(sJB_Me-vB$`X}To$6<4!V*_@s5qsE# zU6c1lWNm#AUtDahzQMnFfG0p=2ko(;7RpjH% zJw7d*#UA|x+G+c;{rbRObo>eED!OIUR%rQ4XeqKSviB2*eD{`rYR_@&{bE~rhySx2 zZ_oW=zb~;nwp*#)srYl@k?8K-BglV>4P^br-IAlEkKd;)=pIH7JjBM5Yn?04xSs=k z(+9wp$?)Yakw;JML-sRrv*mr%?$AW;&s34qo7{oM22UX6*|M!EZg1PKc>ih$wzT4- zv4O^W$w$!N#{1zd`q-GqFLZA#dyZya13_`yUw1Yl}E4B}^X!ne! zou&`;6B;x^LwK;J;w1P$!y&>0XgCGlO(n111RWcpp-sQA(3rW{u~B%vOT7l+8$63) zP21*k*9NvAQ=%g$ktM003a?Y)^%eBl*(cj($6Ine%aZBd{v8>`y)ryt?-Z zaY!Kp`oe7IYWWPg_bjrP8Of%f!TF?9Dgjy5HS>CBG{ZZgkp<6-|| z|Mj0dciwZJO98Q`?d2Y=?=#3Ld{!RQL*M7{j#V{#zlVpiMl;Wq5kl7_k5_ojvSUpT zsKcB6w*CqXYn2vx{HlSSdcnN_P`K41cw>Pz(@C`{mhVS z5&mSZ%prO_9X}tbaY$%O1Bae%Cv>%4L)%jBLT&4Iu^F{7?1M|&Z5|I>-l`LldpNEJLpWsqK{h{T(!UQq#nxX>y;YiFtl6=km>-Z&<(g=x5L9H8FSVb8oHq zDtB<6;_!>YGVeX#ocsRHf^NGWmUYncjf^^L{<}TLoX-&Z=zM=he3uZqoj+9VVl7YI z(nr?Ldh4z?7U!wtYoBLdqxFf^v+lpMR<4VmXWn7`=l)qs-+N78--;bb{>3Y^l0U7{ z*CFIN8~c;Z9_{kZd0Cpu72hG4uJnE}A!z*}`#p$n5lS~AXIQJ&#Pww^@}&;Adwn*X zei}{|*FN^F;eEi8I;lV1Us6cjf9KpIb*KH?toxU4)i{)O;V?kgE%=JAn-N^9GHRvn zQh!D+bwA+zGjz(?KNsKgGVz~m;(v|Q1%GsBz0^e~`cd~y&YP%vfAw>--g@T8x?SWV zcl~Q+v)-!S9)-sQ4J-9(3l?_zd4YwU{rnfIYBT3YqhReNPi*3GiP?Xy>3q z_1C3?$G>pCPx_GcqglyEG|%)t(QeIy%gp|hSB3}YiLLb>I^;0U7YU3M<2?C-^L5}* z!Szpp;5=Xwz~P0VZuk&G_BD~L*S!tJAwTm=c}ZT4p@81A)B}j zHR;1ObN1|cL)|f)KS%Z70@^P);5x!A!2Bxm05({cPN>zpuSfxhBkN6$Taa$Cuz2uF}x&zJra}AH*q5pax zq|k8n&ZoP9G2G-4In8%c;ngkRmH<4N8$90chqKlPwshf=HePV)tKsbhSKTkhjXww+ z#)apo`#I;sg(jb@o3;Mft5J0)>bfDu8|s!2Ta^4->gE_F26fvwm$}ln_W5TeAKw^N zcapB_f+p0h3-Ye`9;wT_;A5%#d(LHD?`6!rOYZDVuIopVCp>vG@4^!EQ|1`=OyAm? zCyc|cB@!FqdyXmUwu|pX*~1U7>)jp(vGu2JryjhOcN6rQO!hb+k8>pN0oDHe2=-;Z znfY!tEUXQIEAzRv)oz>^qa= zfVD6RR*}GB|C#0}ShKnR4eFgiCc5Z_{TSnb_3bEF-w;^XmSa({?&5wn^-efpVfP0+ zU`>mHl`XIs6U3f7X@3*kZde&X#^^o{SmUB#jTTsp*H1;k8p-`@s8`nws|1-W z`78NXTfTfzu&xnUlZ}$uQLwJyegd$zbi=B{X4Ex0V2M3<%4&kZ;yVI&MZxlL|1Z@0 zK{u=jup&nsus)}b6V_k223F*zC|IYtZlIpu32V5D{L%qS?70(GgTNYYL`Fuz`UBU8 zsmDCLEfeoB_Pz7E1J-Y&U>!DL>GAB_(8tM3@mJoa?zg+)oyVU!|B?e>h(zv;>-K^VrXSoCB>jJ~J-|43P7JK>%WyF44@~&~A{&^YK7dz@} ze+3+vYdc?0J;~S0+@REx+?V)bN_;cy%N$3&7im}b-?#yrRJ!v8!9)BtY|Kjg*|*H^ zeJ>_sCFW+X}supcv4;sd1zN?9kqg;pB4FUI(r+2UgGC1?+*L_p6kA8@AoXZ$~OTX@Iwa-@DYi7W~q{FCITE zg*{nheULn#3vQF&U!mvCQ^8H=)i&Ar3o|$AC686{YJ$#9zDmrYbCc5dJa9|lw@~LM zcT^-@uk&k7jA>29jJ1z}_Y;(Pn%u}ze$meg)?+n6+gFwMPzB!rkni&j<@>ynYq4`| zIuB9U8=H3M<+f~)okMlkdN3hTpAP2`gGZO=|fv@R=9ST$LKYuLsVru(SPJYj`UP$1a zm32c6R=p~#p3s24{FZu$s3&ol_!ona&---_fMgVZWc=F<#caehk`(4V!O9XFYr;GVS zWFoSc_tT^Immr5?u8#*^1AfTotmR1=AapF<=}jW1O&)>y40B%y*8EED$(^qPrz!W> z!QeCC+mFd} z%Y3w~m1txi2FWYS{CfkoMC*FFN9RX`pDqrW*O30ooV4?~=&sKH&jqJA-UoHiTIjux zzRUiBGGD^?xDK9OvHIv+SN`P8`tAG99KYl5uT!-$FC))9)-#zKzJz=7OvAud@%}@`^mAFq zDvIV$de7&r-OP2l!FO$-oA6NPFeFDByWV)oc*-%y)u-!xv#akxg${|_Z2i15w*nYK z-}j>A(+w}9>6b%4WS{(Zk=<-$H=Dl7b+57uKjy%XEc!AVo^6C@VR-f~JhORa(7&%=AWUY`+}lEggPIPCps=3(yE>slsmyo4OQ zZ3lA9IgIcoS4Q~*=(_LPz#QHaH1n<4eDtiE*wBbmyKOquLswPf3tSbWs>-O7N*!WL z=DSQAgx^}l{M0V7yU}&FQb*?5hl%b|ehxTRpm!CgpE>6DE4@#UTlV$z4-T;Dhu$kl z+aPPL$9v43OFJ&?uh=^`Hd^Mo!eWQH|1xW7Tt1nn<-H!BSIOEMd=zYR-G9saa>khF z_;uiQSo%VqQ$KSd*CECH;-;(&m&{c}(aH3qOqx-STn~2qN_>v5F?OgCfzSG?D#i=F zZ$KKdIh%cRWd2IlrZj?|m+?g2neZ}J4B>er{gJh*ZpH{1o0Q&nJ}EG*R#nM((ZI7p z`oIF9E8X-<`XuXx+y>{sdw_G911}(lRX4*`l|PgIM&a}ua6%Uj+wY+lUIeEp7r`mj zfzvG(PF@Qqc`q-+f!74i?KWi|j5THKX*w!^U%2zw>pkb6!`AyngXfrIP$&^OBF8#| zde~|iw~q`Ve>#;z>_DT(I|_epmH0+6@O}&9`g8a^jrtzn1%x*H`+6()Bgey#L)N=6 zhiZPG<^$}T>^Uair;)jMQ=k1uZN0YjsTJSOsZV;%3wwx`$Eoq?$ziQ0z+C}6#*D}Z z=dzErc;hPf06U#AuyG(dhy3sBC_Pq)Uzv}5%Q!5)M@s^7gUrbLGjph0K^ZUdEbF@( z-OQV+n**|+n8>9i$l1uFQhR-U#EjISccHl49^85>#S;s-y4P7XeW zA5OjHTxWBg#a_7Z*WCL7Srgq(LWZ3(?Z+Qit1k_N*n4ULd{VNPNPRrtm^XILb?{Am zhM%$*y!Z_AeJET7{fEqJJiXE{_?8XN3OTYF@8tU>e4l4kgT*)22L`6$m%pp;#ni^Y zw=Lv*Husf%5M$ed_zTTnbne~&-o#;gpB3@RgjY^}wR=o|Z~?j8FZw5S`-AvUIv&H< zlKsTx{Y{w*ee72J(CN%Y`V3inP$KJ9z05t9vNsz0qu{d`?YHtP@tdqyYs7xadXA>~ z?01vTciQfkb!M_ogzs!}$a^uv>5HuA5V$9?F%8gN^j_*T-*50<1N5F~L^_ErRuM0Z z!aiS1`<=|0EGIwP0>4k)i{A&&Tk#3A`^8med&%GEc`tYEEOc9JxY&vuWU299)(91C zdNW9SZ_yu_LoB$BUwq2Ywe<5IBk~8X%fyyZ#>ZN)Z_D!>o(~7kWN-vOu|~Yq}H(4Zxp?*-lhe(}O)Y%Iy!|*Um<_l=!L2&SLUt*p@@e|R#25=`v-q}a!z9Y;rQQN+;5m68OCUqFs^;npWy-AgIbAMy+XxT3_)ZgT- ztXER-GE*tNUz6Cr9QIY6vkMu6cZF|?PRP4c=K3gU&)Mci+H~5XChVtw$=r^AW#3H3 zjL1-tlVoJ0KYT$hwSK|(J=nq5vE{NBPHfU@`ul;^S20L-e_tT)?p*(?^A_MAMi=a{ zJ0`Jv?3UQA%*EIYkLa6jQ+y4{Ww;r`Q_i`zImhe!w(`yiaxXl6nl&e085hA*#>FSN zc4ONbsQWnQ?cgW;k(`OWhT|cNPkQX5k4K~UmB5%1jlbXy&3Ea&8=#lnk7Io<(hq2P zv3`tj^kb^s59&xivK;-m#p;KwT@>0!_h(d8f1>xl-^SSGTyG=u0J26^#(NnfB_@;D zO=Lbf-W)H5-eO}VH~G*Ixo7K$>5thsh#d5BwBOK+JY1}OiItu0pN+G|YucR+ej#wU zPxSC2?Vl(rGQN=eDM?2s z3-c!g3cw*qoZEx0v2VU%EZON2f$UT8hq*Y$2xiO^%e;4_f9BL^*<`Y|#JpA;LH zWxe1sS=DJ={5CGnYFvIQxJ+iRNY>)^iVN>d3ND)jmqepZz7bmNg$}9E zf%i&GI-s+tzdhIp;uXEe7-NFo^C<*gF7U#~V~oK@aQ*1R)_OIYPnJCp9Pf9? zj_gw_e6s&+dd=tsU%^jog1~1i>cSl#FG=GZ9B;}F-@g(an`+Ta@@`GYw!|ng*tYk; z-?>&xk@w;H00>Q{t4rb8k{oc#EYvJc%aB{Zgq-W|sNY4_B zo-g%6&y^1RWY4TtiNc=+Hv8|nQtFgAsaMcbuch51&4>3Nr?Zs}miR))$ldw}eDtPCfcLX!u z$M-&qEW6H~Jy6QKx=p+{FY6hS&*kas0vT7&B_CMN_oU@n)A=~_TNEBE{{@d5@Il0% zZNyLg4s#GS@?DHq`7Q=?K0o5!2Jt_a@mtUOaCPJ0zy|35vfPK3H<udUZBKZz{1=sBsuJWFO6TfJA5gUUKX8Qc)mak&T-g*m$$fhkXFEDrL z^cR=Ii=6nfy7c}X6XhMa0%RvE-c={>^kaK>q#_sOA~M|M@I+4}=OFUovE-u>8IW}^ z_A{rPcq}=QGG6w-7Qa+{K8c~XuhYKuj?@8Hqlf;wOs`rb?+~TdGY2Dff^rfAh)s~Z zq^7kcV+tI#-dSZN&sqU|Ju%(=2R0plujU-)6Sq#;wtq1eJ8?*z!brupVQvE5F* zr_%4|I!f2RHpvx{^UdJ`orvj~5$6 z&TU6F{K|n}9%M}9%L~3|iCMgwZys%fM8@oAri_{2xbiw|(Nt`ad~-Yp8qb-OCApTa zeOdNfcFlz8Zfmw=!6~mcEO|!xi8gL_yAn%EEL8%XW$c%ImoX8_f_n)=#bp+t-td8eP~CVuuJ$-ul+`MZ6^KHI9ql_%a6J~ki~nx zH%8&?w{ZTFzoO@syT>POZx~0bJ)SoFl3cL~=g=|9MZNZlnV(IAu97E|oWcFrp$7Ea z9-}Id6X~NVBi`B^OSkPl%KiHt`kmvDj}^#QI<_%-J5MosUx_oD&2dNpHwBnZeOHIq9#sQt&ioK~%5wlvcbyVllD2q9xqvkRzoRXu&Zb*5-%L5DO&2>Z zbPhvTvEyOjN6Uy!KX)(mGiAiIk8TJ3-e*734ZL$AHe7fldXYn)$&2sErf*Z|m(cOm z0VW;qrQc6NM{W1Xr4CQE#$R%Big-MTEs%L*H+6*08?@Z@{5GPd^|vOFH!t1!68+cy zw)kA&Ao>=~%elb9u11=WVpHhcp&47FZMR+GNDmo^#Nwvz$7~zx$;p<$UHM538 z-a`yw|C~0e8M&5yq0W-4ndTU?1g_k7%JnqIxHTQ!6&vqts~UQy0zU)}d%<1g`p+-p zb6}e;hGV_R+XL4GvRFSf8G3WQLrobMNacE>(ElR+i>9Sb$MMk7)`g?sQ2#~eM0=kw z8EfRvwr^(q(7V0Zz*rO#TY-Fwy;u({oy$bN#s82T+AUq*)iM21^yjpy7^2??k8|jc zbp8R8rm}~!Mb0jIM*9=@+55jad{?{gZ5ABbi(F`b`)GK4L(PnX9q@$D z|6#$3_D@FY`TlPIBu(;#YbMHChZ5F=EGlEq8SMucX_}7Zm#JN)D!ctw*7KKojdl;~ z?eUq9WGc_80>(4#GyBrCozLNZsdAqxV2&VqyHVuJ^G9pyylwd+@jOZO~j~eW(7`4tA4#8uN)sfrr>rQGC9%2flSITir(v58Dsi z?BIbDhX^8qY7c>rA;``<_FQ z^V8d`_-9N%9sdln;Xr4B^FS1w0X*kTVTqXzv&vrU^FZMIR}`GsC^)wPCtqy9A z_hP%S@msC2OwWT(W<4Eoa2((IJIQmIlWQH#JD4TIJ5EhEBF6dZ1H)s8$tGh_vUj9o6H=4hDrBy!a9qxdFk zWq#`k-cihAJeKFderlJ@)vhpN1Dokj4RhJjUJH1f1b=B$+CEOd^|uYt%lG=mRld*n z4TmPG-Hp@Hse;&mqONOs+0j&Q&6zOyg$D7R^9Kip(0_7zyA{uTJd@l*m}l8MV-L0} ze>{8A)BbVl&p&Ja7X1~Q>WXXIfDM*0paHvD4h`{D*Hj=M<;Zb^j1PMLr5oPm0*^gc zZFmKLw%`I!;OGCD`D@0Hc;2y;>!Pzt-?!UqsegW*S&sIx>F_N#OkN@mJ1j6|{Ly$? z@MeQ=2wl&k>?Xzqc~KZW_x`&iGofCCxdp_btnphM%4 z%Nn^Jf*z978Oya#u6L1BBR066Yx~=TcT(3c&lX;x*Fp^A*-6&I>3*G1I!C3?|NNxB z_wey2Bk`_2hs=97n&n!ajGV+y$-Vh4H$u;ZT77$M__GRJ=kobtdYe!%nV zqz~eI3Y}X8Cg(2jLVk9OUn@E(vi=lnN&Kt@wRJB9F24F<0rf2-5X_;yvET@N7w|&Z zYnM-Dlp(9B*nG)fip}>)TRG&9DJ!^ypqZ=%NO!p_Jv=KHxu?9uKC+f7pL>G4yvr=P z>=w$8PzjZpu6WF%$~{F6YbLg-_}`KOLdQ|iFb^7T;@K!kQ%VRb6Yz^w@a#Dw%7j+ru}7jayk$G)3)tAA7WUKumx&P#N?1 zzL?Hk8Zmr3)L$3Np2s2Pk5b}|GX>DLfw8$Syh-ue*U#>Z=h~x;wWY-54b16_A6uv@ z)|ot9#yjesT0Ne#9(KIP%4_X2V=&rUv)_LcZ5bIW$r0)68hssk?k*W0W83!9uD)M? zljN2oE%2ZGawMGY&InPe8*J+r*1#r0$GU+?a!Azj?`}X_Je$@;e&cv$E^;1 zP_H5%kW1m4!^m)K?M+j)3`9cM>~MN^hD|4%E_`!X%cJB0o&&D%;v~7oc>J!D^?mHOF|wbUkixq8FnZdjA2`9E zGU#;MU=_Hn{h75gt_qLzy?)&L?`QGr*zcI!s^C8p+#imVu1)0o)}>jh{Q!E~H^GRk zCWbZGk2tX(Htteuz2c?h%jkpD3(@a1v3vA8lX(O1&Mo^OJEMU7Nh-P4GVGbwJBz=4 zMjDZs^m(DH{^Qk`)_+{>a<$)vExqF^Bl2U~xpOeFzpG!HtY!HLICWlboDrBOT>aY^ z7jqM#xx`(oc~(61qjgfhcr0UDs*2oom5R*VYm~5OMquV%RWftD5xE^&ygoK@z0gnU z7DHFt|B&@(8@N}`daN(;82M;n{1V@<^=C##8)Ja%-J!=Q@Go{^N3tb(Qvx2xG#~+9<=6wE zMmPn%DfKSL7NoXSC@oNrcG*fG3Mp8{LGSl>?!D60M9u>A-~K;;e?Ice+~u6-Jp1#U z=bRIsYAsrLb6N8!-hFc2O!l!TT_t*4{HB%j@;5^{TM|b^@8j7W>HgmJlYwuS6}kUr z_LpAq>B~=n|8Il;m%#r82mfCJ|G)BGQ@s`Zr~0oo`0oXexi{MQPxW7C@ITtY|4ZC^ zZqiFNdjC1_{}lL-fd8k!|8v}X3j99>{=W#0Udb74@UM5t{T)(nNc9^%1=ec225>~Q z;GNK*Ahh}w=9<;7Lrjv`^#*Je5|0%+* z%Ey3yZGXqQ0mTOBzX7?9r+FrOc_7QLV23ZUkF@F$UuNGC!G9a@%TLt#nHodIWb{4q z8DOtW^NB6;VV?rnB?BM%+JvonIVXJ9U9Ip_Sm$N~o95)(fK_qHHo-@KE%d8r+UQs7 z^8)nM&TsMU+rfMZm^joPI0FOt5w2Q+?PdBAZd$=h+xJ-8jf{#WQ)vGZu*lER9JRY= zHnou3Tfvob$sOSBFmu%x;q`gwC9^({c=7@|zH*GMpXP8~`@N|iU1!dpV%}S4Mw@df zz<1mCn9~O5vMtiTUirGjxO;?e#{3F?#9r28h&G2m9Qg4^;LVTBwUp0pm;-%Vphe8= zRWuTKM@P@z@6p$9(~sMSX}@ry_AbOvNbMPo4pN>r#`qF^$TxMm>-k=3jciKrS$*=e z?Knz&Fp~3C-@Z?yH=HrK`m!B;$=(j^-;R$1^_fwP(2|S_?j}eb}jWII+ygkZZ~r-JWUupw&AV1MkQW`rF0G3piRAEIyZe0%=VS66KkA@$>*&Zj^5!de-_q|z876PFMD5A{bJhba=C|>?zIBty zyMKz`sp!=KpW0d1@$ARxI~iFWiLA1&cbj2dY6BY1D{_m4#?9}a+EjbXo%Y;$1Gl}?arM0T z1HFadK<$<|=dtf#{wE)~s=!uevZhdTUrFFYd8W$X@tRz8O#3rCYILuX8i3hW?0gyT zOvNAY`7eLZ3*Uk`_~PLY$K5~Tto1#5H}QGe_(;arhtgJKyTgO4Gmanaj*r|E_!^8C z1Nd;_4S4@hahmPN8NEW@xPmbUI7h+NGv)kF1t0iDizEl~$J(H&Vk6}M$0OsuHKC{7 zn8)w~IuV}-8L{&K+bSGi*_r!qDF3*D02; zPH_qAJD0M)Gk+`jY}Ph~*UW1UOvozwhT!yDOTUqS<+IIme)!qu;xU}lfsa#H z9*pc+#crHCyG|>t! zp6IhyO-!RdBRkGKh3Mn`E!&(uKhVy=;B)bWQ@;^W{f4e-ZABaHl^|z( z`K%=$G5*8r&$E`e+Qgi^qxX!>D4!LH{)V}|51_+s%*$%XTv6lUCxED%A*c{V@7?Ij|BB_jQmLi=mrau&3$7sXbHhg@7ppUh=tre1vuA zPBSL32C}+r#yK$M#pD)0bcyCt>@mu>H!X)L{eb zfLZg>>CjAL^p11XZ|!lKG2(Bv%Z~-d0(56cwgMflT)~ztz$|1N+*U^3%ugAd#AVfF#j&|0pJ`Z=B}SKhGwgONP)hL7+&P4{QLKaxjIe0iMScV(#2yH*o;=Q(oi%5#d* zmxKC00i4ZYja?;l?EuI4#9JouTkFd&K)V2WE@EsOccBdBBKouzo$*(5&L2FO)Fl4v z=h+NwOHyGdhxwTqF=G67c)tVw++`&4n+Md&Vw@@i`Pz4!I7UbUgzay+G}#+Hv;~i6NuJB@LP5&^h$e4t+YHS)%df z6KtMw?9YInbbb%fNx&|h@u@!_YJa3#uBI=wZ>Tpvr96)EIj!@NPuASeO|lN{1Gh3;4^r(k(y)g^D~_1vDIS(zT|2n6ZAn2%Ji{^_tZxn@7aAMMyEON7&`H+ z^j2n?^eZ}wm`pz3IBKw4^7%a<-jM9`T(@MHm@6qOl+y*Q{mg&wMjn85H9QhY8f&e- znYNT`x;Tt&p5}YAZO-8uFgm6N^7jSz&vv&^USn= zZliDH8FFn8uZ!z*GO#zodr70L=eyD0!nN?XPiO9!y+%?a%kjH*F%IwkB8ne(vWE!r zFjn7plS6J}j4i6EP>dKqesqJ{mCSU~b~$_BS>M*oVZBq2N z|H+2vYwm(>>Uro;bQN0kBZ3lE~hE^vVEoqiAf<6D^bHXHl~hs0PzUI>FIbLm6*B_+d*6Q881gt5f?!xfCRim`5B ztjF<%^BJdfiXZwELvwSk4K}-EY-pR-{_jmYQB%oYE&F`s=PTDF)#d{8i`0AMXIVKV z$ZA$1`6KLs^oC;V>G*5#xLKPe8DLz~jh_NvO7FJ=?|Sr+_%O-vPD0du{wTR!)o`Wd zh__QCk1c44SBD;}!j}_Y>;vZ)$dB)a zZ!eI0eGxpL!UyTPlHc5);O}LBibcV{)VYvTBgre4&FUZH>-Door+sZ^Bzg6+RTNE) zJw-mY>&pD*{`NrcZhU~L)FlPU$GY#J1BSe#*zQy?6uH2@3G#iVzonBTqrdB~IR7I4 zYx3zww`ne8C-)h{p$=kS@r3pe(z=*-c(4QC_?XW+r1fta<5I@73!W%OPgUR#3(sG@ zQRi|iH|3A6m#o91>dVjb+Mi0-$3fS2{2AGC`ILpkCCbw^qC+at^(U+Z{b}WBl1*ObHlu%%OY(lZadwZzKLUzwB zv8*kfv~dbNwvS1y)j0svH6IGoU)UNqvluxp;+fX5{@Q%}vtoR{VtBZ0l(jM+y30rK zUs=_h&$YQ@u{UF}@wcz9X=P8>>%eVbQK;d#l{UkLO>jw12`&@!u!hqsXUBm<`^^_a zM|1)CQtEV&Z~1A-v^U&47CI<3&FalS$5gOi`&_|iC6*QfUuJ**bggrW!HdU3c{u^j zdZ+Ek3E-N8uUSkV$EczGOU4}rcP4j@UJ3!<5%jC(uv^)eRz9Tg)InPQYP zIe9tlJhMI+sFnU;KaJ`z?Wfazo)w%CrhSdsJH~k1by9Vl$Gn0za^o zc-WQ4H|dHy-$qy9`~Asv#SZp~g>I5@#r=lXPL60;T4P&WeK6cRE}h>}AD~mNrVq5< zaEMOGlpXTu1nAeg1D$~V(HulOe4`x25L)w$p*7D8OKbGC+VqY!p4NvyHdHTcq#w)q zC;iat?r%RyKE_Q0H4(lne4+=fzSslMn%L8|9hUM3-||OxQNyu`^$M{EfZ;*Lf)9T+ zevlp4Ga1GnJaImQ+OQ1l$a>)2xqh79O~dDs?l$en&w|F= zsr7K5)w)-;CE1k>d_BPf8~3C?bw3LmR_XDbWcU5#E8yY2EcqDlwcb}fq*+U=u|Ye% zE59@WJGBAZun{|T0Xx-xdu2`gVJl}c<5`B?=^W>0j#qZZ-a}|2@N_aqH;wiWjJBSi z#yH8JN3wwP25Zd<5w5FQUH}aalg}+<9c4TdtFQw;rU;iTc7P@wkHgZ2? zt-Q!yP1)jQHuy@)fh1sIhyJF&6knm4@(<3KFfA@)>s%7o_5! zJc2%YiZhx&gFd=#`ZcwR1D||vO6|sU_IRR?7qMNOeN3D-GCJao{^>{Q=OXgZjo#>z zFG9ThFm24^9pH&PjQ(1H9W^m7K3vliC2*Y z$xj!4O81?iKFwL^nG)JQVU3$nNSm^`;?sH8lRM&Gkz;>Lq*r-=cM!cwTkENNll=vz zvG|?jKkYdwjq@3D6yu#Z)3i?;$voT5o@9bcFeygTST)Wi^qei81RK#% z?DP>}e3GMM^r1F|JA)_X*uc}3_kbtH(@viioR8Q>|HhxfR{~B0huUxFdKI!g$v0-E z_TlpCh%(lnsK(R4%ya8_F8%V_ZR^khi-G%1{!PAJ=gS<`L96^j5$34K;f;^1{@dZ_ zbvAxB{mF?wSldDA!tVa*5$2S(A zDt=Kr8pAPb%uHxFfP-tmfyS4{Jqy~UK|61o=+MXx`OfTBI&XQ&tYyGX%vV~7?>rgb zxd&O)yu&_ZWqmNIRltJdGgeHUm3lL0NTY+-L%%k1ZyD4~gU54W z;ZCuZCAwL6$wvCo=@~1EWuap^~F$}#c{Wy`0|+D{&eSgOb3j6>x(MFU_w zr{@abo89oq(&a_7E-)8lVTZI{SA4B`vSRSToI+IN)*8j#wr)1#Ry}JvYmhp?ZyUO~ zl{H}EHM^E-ZT%wNmA#7hi5`1ksLuF}qcdE6ahh|)z4;dL5_3WawQo+9n*(tCk+~t; z7qRVKV)V1nSau@s2J6ryaGl7f`%WJFzllC`3-ykV^&zs6iP0kGok{47xl?^PnaH{O zPW~9n+JS>>}D@u|pX9rWg* z+tD-SP99p{*YC8)kxSc(`6WZ{nAKh#W2v(9&*$CpPI2G;pd3O`X3uNahRNyfLq48e(^$Ko{8Sb4(QXCLu%C7IaDHbAe&?Jt z%lM?lStn|CSiat3<{gTIp>6qTzMOpMn?KdIOT`J)5tA>8p###>tcbxU^IgTr{T_5^ z8|##^Zf~2#-lD zbLC|-wVCnrRc5bU>`E3kqum-aqfl`}=o+(!%wyPcV^h&@?9XY=i%y)1UWLZVx8~&p zZ?*mS&B**T{K;wQ*11|_aI%m4(xZ%{5q;fe<^qGP3!#>nKXSlhlfc8C9WK&BL|Fedg>bMfckQ6%mdWz z_~DQH`SjXo@^q0Ez>KfIGW;L5ub+~ZN9|)ub#_W;&%D@EwX#WzHK|;9rTcV^G zs2=qq?}(QU;2)%bSK^s-)2R1dn02})mzvxa)Z|uEPh9E?ZOiqI>`7yOxs$rNe}I>3 zvg~{vK3PM|^l!)K^2_sSOL{mE>&VcqH2Cl=*$rmDr#zq+%&HR=ZR$y~s-R;`4 z;hww7m^K4%Zi=;XCw!4R+CF<&I2#AfHiQ2a4i1s!KNyGc_?zYnoli-`$CB;`7i)=g z7~}JDK1U`4*T5%=iQ`endjX^bZ-JWX$Lj1JEeCWnHz=O)cd}j?)`RtZD*2alfr!za8g)u&3@2|KsRL>kzQ_Q4@Pec3wI) zfjqwQj9x!I>&xiX>+zA{D?L+bJ#oJB@|tZ~`0HN!ECF}9_#z36A*0Zq+s^~;TzrjO z=F@Y*YZZ9kH;m2We1JFAx}C!2xn~OO!{$w5-~UO>@5wi4#WxjCRMBSvx~c%bN&Fz) zmPMa)p@HiMrSbb%$cE=;zRQj)Pox~zhx+=TIZ9jdRjO$B1?&Oy%?BItIiRia?|0F* zbm4B=5PyxL4e3(j-++(!xaOzZ@$+e~oO_CE$_L__tJ_A=&75zR3|u2aeNTIAqH7ON z$IZuNLObbS`2c13yPt-aD!n-<=11zt@$98mP&LLy$i4jjL}1SZwqk2-eI~FeucUQ( zt>|6(h^h-yn~LY;v+4e?FSGYBda;D}mT<2Vy`(yuC0SNZ)$31e!++Yg&nl~@*1Pn? zn5vqRINqp}?4skAz#oO+Q+!?oj~M>u`uC_~vGHp~5Aj`mUIyPVXR~?G+^_+O+tIl)S zh(qe93SU(9K(3EF`ag`1yLE_<3myi1T)w+L?grXwfxmUm2y(GietjWrj;DXuztq_< zk`KSbORIUu*i&~dmovt#y)(_3>o>wj@(*19Nj$RnzCqt9e!gyVT>XG#TCyyDS8O&3 z+SOTWw;hH?#bYXK;_VRgLtAdZk5iwLb>$Q)@P{(+Hzfb;Uo*tVbK!F56aUNuo92qV z`?oRKzbBZ(hZk}h z@s}Ev6Tn}}q?Wb6Klwm^e~`Zv{ze>7?lhS;=8a3P?Iah|iLGdaM>^*dFDdqB&3xxV zt51Dz@Qs_P=Qk1u2IX7flXX78I}bSTeBATSL&(Z!!R<1uucZ`UocKsSR3>;*UENV5 zXVTU95XK$_q9c6{?wozhHMV`o5Ad8j3126ogF0qA^*+G%tl%7##QNp(^Y2yLz!-Sr z+L?hg$viR3mHtDbPlAJ^D%z|3sKvy7vgeNpx=&zu#7pBEgxBclEFa&NF!9%tYD z6yq~kGgQ+feW<*J<|pJ+UPPa0|ATDcewaMz2*xp!XS!doa+K=|2Mm8TXnngof6)q@ z#3nh#tmSC|?kw6b!6y+8gkR;hGQ7SWvgi7Cek*j| z_+%!~86f5#g@MPAHrC7a1=;{SGKi=Ha=8HVy8&Ul-dGn_d@$txC_~6w`$YwXWx1tpf zU-t6J4dhnakiB-^D_@>@xnm~pNWZ}k`_LU4&lHDu_n}J-e2mqluNS^!L_+0Uyt|#)0YEVM>0!iqHDUN>V9G6&&KQlyU788pV@a$3Y8Ti1) z#${nAOQ3hEQ0PeM(T=qBv z8-wpNJstgiEAS4{KW*&g0*@#@RGmsb&tA0_h4xN?Pj4+s9)0IIwJ3|JMQIu9s|CKC zFt#a-t|=I(MN!>W61pxSs`W|K0UWg4`V!V590?Ts#82B9P99P|LmuPYh5eQN%W!b4 zJiu`8N~ed%P~(CgKSsWM4s=8pG#s`PN|npZLa#$F6NmfZ-^B_3+O(ZR*JTXQi27vt z8uPp~8Xsz?acJc7=fyvQKGzOIANl0B{fX%lhCc7KR!HY4tPCE*a1%(CV3CDy(^U-d&tFICuE`ugpCBR^@by8G8kCsdqIGFTdQh z6S8y0^{OYq?^GM&d+G8Ys9u!k1(VkCDOaNV!{tHOBaZ{~@8}A>e?NYh+Eg1R7r?t6 z;8t^BOQG!v=D!s0C?Ci?3;T!$S(omQD%aP@d1jNLx9Y={@4JAk-G-h`A-8uR?R3pF z=GniA-e0jcr8d`>)KkG3bbi{_1c5$~=1(?*!>z@vQcHQteSD57tTrGvib za_)olc^I5#5Staj^R3Vz1ka0~{LKAo9k-V!E%79}+VF~aju=}!=Z&Lw&QQ(mha$V~ z)|oWpBmG~Dv&D{%8yzP%(;2&~-%iJ^ziKVT{!ptVc>R2~;ODAtX*jw0m#x5vkJxf& zoZRdglpEa}A~W#R)#i4OqhnNSsW!hx9Hw_=uN1Fq9=!_Q-Hrb*c}Rw41{e8uUMOGn zy6{iDu1bP#@~Z`dau{A5KMVZoBaM4Q=4PEXB?Ho9k^w(@tgAHCupE9eIdJUF{N+n$ z^*i<^hOeu2ciIo80^h6(8XpTL)`p?+5@MM;#&7r@(W3jb1=s+3E5K|uiQij@ttC|edspj8tUNfj(l>K z$j=gT3wm}bzFo5DrswDL{Cwy62b||0L{64jeJ#bvd4XltDoQ@HOkRO=3`|}@`K`gc z!hc{7jjSKH>svG?)#ukC?|b2E`RncIDR-Pzz_$U|q_dUx&jP*#@(KxQ$nivsju`=7%j(Bb+j&HLb2)MB>+!bpT6mNA;KTDhdINc!=;)0BeGwlYU<2MN zeoNDOdnbNN{t`U)KRbTg`bWfXZ+h3nZ^&ku?1UY^^>x6f#BZh+W!U&F%{OFS{eWI~ z=<}0#L+SIj@!Pwg&klGZo<9G>;x~iiKO%k`_I(q-L8n~kvnKLv8;5I({295Wn?Z!WIy}^_0Jh_-)Ore?&iZ9e+bzlq*}}aplSFyhlQ`jQQ7ixzT;q_SHG_ zVkgs1){qB2NBpow^JkOr{Z!+l+Kb}2yocV^T$=pSjm9Un^B&6MrU6%nllSPsUz$Q& z$CQy!t8+(#F=k8V%y;}!bf@5y}} zBlj_xzLon>j?Tfn0YB=%oAMu3HKpV~ zHk1F*d7>B9Ch|j@T6gKlPoh~T+Tr9sH0Exe)$bl)&jgmi9Ej>z5~JTFk0p8tkII2) z??cf{IgmthAp3|Lo^{r8blhH5vy^$3xhp2m>L3R)Z}iCOWAy(J@M>K0=Qe2n4^PcO zK62%!-(G4tyz;dkzpm&8@*{5{U*CW7-OJba*tbNm#QP8@=M0svY2anRzccy7!Sf=t z=giyWM+W5VOM;Pcx7-Y5GD<8j!_&(LC zi`&PXStI^D`>`H^56*h|pdUU+0tU&YUC)vneFUB`@c=Q2&U}}Q?;%du2XD+7!#p{> zv6S}q4dhi4qRW!Kd6k6d1L&Inio8n4|4Vt5TKLe-mkiCTBszH&yB<6~uW|ysYaS#% zuW|vLsvcZ_Q~p%-8pGvNhSY1IOSJy#6f&eWPL1$%C;1fBYAhYDR%1TT&v%}Gz!RyIt=Agw05iWZSyIbmvrVp>HDhr6z*wH7Ogcm z>)}*ipnM9xoboAAU~uy($B6x}mQPs+-(N&;#phFg@(TGBV&3+v%DIOch~?y8#`C;t z54Lbmbuaf(2k{8Lo9ZAmKln1bq7~o3t%FFW_NkRRP1Qjpa9?fceLX*z!$~&v2zRpv zbl4mYbbd!U9LDsfag)ROJUpX)Tb09k7I=1=c|5xoq2em`{YT-UI?6{Iu6{awvt)m8 zKl4^(tZgB+x75mIGPYtq-94nl_ifC_(uczmgDxk#*lb6(?8%hwC2CfJbvz*=kf0W z{(GEx{9^p)wy}ZQCDza!Fg_V`WYi7f-z~wvTjtDhwK?nP5`pt1`l61yN%^eGzn;Jb zw-a}0OjV3gYr^Hz4>umI4X+E?`$Z@R^ei^q;E8=sYBbd*u}W7`ab}pWdn5AA_f;86uXH z?sV!)96Wnvzx7?nzUl?yWj_VEzJz>VP4*@Cl7HznSN4y-IwI;o3!KtZUYWm|9tfichJ*2HV;oK& z{8Q-7`r!9*>qSyhhqwRhZYGC@FD~1!*jTl9)D8^9#$VYqs0XfQqs`v@*lE4*tr;>o zG-%?j8QR}za%gAWb)c2Xq4Dm(-W_TO9j$rMI_f#dp_yluW7L{w*;~c^-&WlU&kDz? zozR@R?!Rpg4ZEuM>y<;}J++~EN4={Yn({r*Vwd;h5A;)4oOnl7O$Tc!rjUEkI=$qZ z2Xku^fyJCRMNVx$dpu6XJ}8$p4gW}aEalX)sV6#<#@-uFJ<-GLCs{z=pv~F0L-j=6 z^prHm6gIL_Lw@Elf^rq58zv`7}KV)!I!X= zJ@|R-AJS9EI~uq0YUqN#m$8XExK7RFBGra#j<=gUhT@erY^3%MuzgwkJb<2~{m%qc z%BRVB!(x3ol|nFDWL;q|TZ3gzA&?ByVb?zba}jz5A`Tkz1KUzZ%C) z@J$xq!vnQW%JU^hzjMjv8Mm)icucY0L*Qm9^R;uAE2rm=&KnajIX&63PR86tfAg4| zC7&~7Ezx}Xl%J?tG_5o3qozT8>&@{gN2xVu>(NX8Nw(gToS0m?{5vx@YwsiR1D!cA z#pX#POWs;2N0(CzwN<(Fb?j@eT>3v$4U_A0{DjlFZ`KP}u2P?zGC}&`eFL=?t>}X` z^ul7NMmK}cmf65dEHBs`J+alzp?y)X6XUncj>`eId2)c?PL$|H(g--Y~g<3On97#eLT88ky;U zhfm_$cfhZr`Lp;he)vN91;OjoQw@yuLB^_azA0bmv>nFJ>_UeX$k)dI?M8MkqG#NE z;ePT~Tad$4;wa0wZZZjc;_FIl5AR%aNw=f3FtlnJivAQOT?dB1k#M*BBt z+&U*Da3y(WCA_LNOO@E-5_GIL_h|38n;g9#epQX^aq^8P;LkZ@+1n8RVQ3v!LUbYX zbP2#>*Ks98??k=^@{RO6q>c+1mVn!LRma6UL+ZE~S3daoud3s!Mu+?inK$(L6V!1X z2akVf9oHe=70(T4*Z=jyZw|9INyn8A9k|GxaA|6S%E zdHz9k(K5^A=vB|9x-RL5x5_`R!$*1d`A7dBm47UhUsHf?C`LCdLpPu+hvXm8OYbKC zSaHoCk$n|dzv+?(=`SAps6@{ewQ@CStXQG4zDiu#cFJYqKXZP+{_^m@m6#CZ70Bd$kZxOv1cQ{zP*@vK`5 zwsJV%f&9V?9~!E6uJz~~@0x>L@<)ZlPg-vvA5Uu!@YfF(pEc_Na`IWH7XT;5mJh7u z4@4hT-G}@fY=`z~3ZUx;*5)ZEhfXx@{IlH-z8(AgWAk}#@SXDWzaTGWQSPn^`09YK&I;uuk{>3Ib0`rQ>-a3gUKisRYmXe|cG^sC$K8V<5Sw zU}*z(FU&syx1yhNf|~199w0Sj^=5+~<&_ey)^+pMo(WuYpH;ri)kNVQAKCLCwb@!iZ?+>tNikDV?=0K!V%AlDA4+p4$HD~3(%L!@1>ydw} z9CPH~WU~}2d+{Xv=dsUsOTSG!KhKAGeh$yK0;~2LHtTTt6p!Z7e%SIw!tIZ7ZmGW~ zh!3l?{1gXy+YOUD*ZmaHUN9gNbcD+gmFX}ApegyfCC0K`2ktyGkzDW9&3&9rV?J|(% z0&>bbp-IecbMx*UG!TS>iFP&my0o*yqPwM_(Vb?z+vaL4AXM#Pd({ zX|BJV7->m%F?pyxvScTWRYke;)OPrteJkMFW)_r%R<=V3PU#LCadsO}0!5mKcXp?LF7hOj_KFw#L z?8_(Y^Q+JC`vh&23uj-+1*Wq4R^HdV;2F-egWqoYnqbiw3pp>F^JY%)&iA;cy?2K5 ziN`v$YZ-|QT}xZ==a+cal@G5>hz?5W0euMA!7y2e&< z7waCZq^6C3#eO<#l52NgDQqreZ&|hDZR7Fm%JUCp?|to|>=XR8zs9*`-#m((d10Gt z&Og*X2bv4@MR)zU_WZ6Nzwp|wAODQM-@P{DZQ-;j;9cXZHNED{Yj98rzKKQq_A*DS z_!u3OoeEw2;A-xgwaw+=I|dDY_n`K)8ect-S9jJ(3J2<9i49S^^K(KSW)j z@FfU`gO7cMvaz|JSE!8W_!o6lfIQl@?I1Cw|L+m&{y>3 z<#qXBZRjlR!P3b%mRVMl)^K#c{zUVRU~*5wI`Sj%vDU?^-+y%I>E#n6Z`WH5*n@_) zYvFk(k2G_(tuI@y4{V_@fd2z#lMY%QUW9a+!S3p+@8}8F}nN9vhc0GxDf+_92TWki|-5 zQGU`6WN{aM)d?eu2|fAxZe%f`haBIcO603@Ip<6x>+yXF7C-BZ)MqDsCYQ`@K1E(A zI3~YYbYm~0>O_Zb%DJk4vqmx(`!F9I;SZ6o!L)M*3D33UTlll(=X3dPaC_YLO*{Sy zTog`^?7MQ|#SQdxim|FrOg!PXsrS^E_q}3hc!7OLeuTVsuPVNrvO+p0r6->`_edF*kyzis0UaX?Oee_r7^d}xvpXyIKPJJA9`Zz@&-JestLDR>@ z&)fakeFU4@6Y`ih9@>YuzhZJ{+Bf9@=XteZ%S3bLi>WP1$sTcCXxp?&XKGHf*YOI= zs(#q=Raf72Z{IW@wH*Ad@UiD}qSd!q*Yd2$=DSk*w#>ShoLEXvI{e=93EDH zhiTwpi-UuE8Gpf5#_wbN-mwc8?)bm!jvv2U*q?f*0DI^`#;C3*+vJ_&7`MU)R}wm-Mdt&wB=97W!h2l@Q&5zSxETMb45lrcKT=XD_(% z%B@%D%4Q3nN$8Rb$Zrw(fx1;oFLyZdtGuo&ztX#sDe=2#EZ&#=YQ3-gJJpd1j{|a- zZ_BG?=x6mzgO6p$u13EUc-W<10rb1~E$G*s3IF0tYQIM6xCZE#FZ$uzss>g5Q9JzG zfzF~fi|66p%%Qw1`W=qr-J$feb^OhuA8o1DRJ<$OV0hQlm*{8s))}|Guf@alU!RBEJPL#l_3e9bKG(*u`^GlB~OoO@bbsWme8cWalV#`umX|Gw%id zQ^EhU`W>Q{5B;$p{h_**JZyq1FI}Gj-|(-SOHh0xduDK67Rtey9J>j+9&p-aPP=ak zZBM;Q+l$f7Zrf+yrtQYdWz9!ioI7!=D;xUs&cPhH2Hyf6Ro+9fQ967c_$%;~eEUpd z*R5`zg`C9<&CO`erUE(?LkHz99#`Ih^`@@AAK>u{o5$;*Lozl&yi^2!4iks1lTQoI z@pqU5;atBpdCiTSqx>xR*iU`WieYfF%)$3E@V(r@cRIBX9ikI_?#h^K76^!yKJMAmWE<@4p_*z&EuCQqA^w=nos%(*(Q{av2+zhSq()%vRm96Mcp zzDD=Jb&R>7BZ_a1OpD}k-o>JY^bN!TstXl@Ybo@r3rtlHQcRw(d%} zImYkrP;aPnioA9Y9lPyCi&|CqN8@Vbvp+b;_!62Eh$+^)dknGQ+WL<%c7C6=4o-^X z5&PZm;Noh2=$B^=?}vVucD?v>_outKKsX%SpDvfNSe%=AFS0W&@2*HTa;-HUf^#Ic zq|Eox-edQ$*VpRO%OmjXN8tENW^Phn> zx#avTo#k6-^_D}!51^xd#eTD|21aJ5KKy{0JAWDfLGNhKxprvUQfl?BM6Rz(xP9gl zcv1T}UBuq2?*9}ykp6b7cfb6Uz%|Tc+Wr03$6olH&!+p}+N`PB&-dif$xYon*Eo7! zHMl>gwl3k%2)=9h`>EdJzG&&TrF-MK{ww(5RpdkKkp;(#*C|d@9qb7F9zV82aqDP& zqmj{T$c1W7^AdcJyJA646*xIT&8^-O&vdZQ`d+KDriyv>%HW!2@_NxKYYlPGW83N` z&*pkZ zt}o{>`{1sVpU*Rob8bE73vSUT`)qHi3?@Y@c~|uP##ZI5VZ2Hu5rq5At)2D+& z;q@+0pTO+&nb$1%y?q)PbM_llJ!C34UI*UTlQ?@Z&!(pxsYxX_mquP~9e7B?w-Szq zya!z^c%&t;rr!HJG|etje`!ZKQ{LAbrj6sYQA`|c!9&)lHQNel&*Hx2w4ZKeY#FW( zZ+|iL(_F=Xo?MISC*`XpDsEnePC>@v{WZy#xd&gmwoANvv6ORh-pFshg#4sJ^IhPd zT)3fm&^La|NWL%k1*6^2NH%S!LvQIK=|;_`Uqp|_9^y}azM;MCE1hRAv%n zzXUGSZ@b556i#Bmv_pHK!FT=W6`$ch#Y?KMvBzA_yLwLV3uoHX$Y*h;HlLFir_QZ@ z2|xWD{3Y04LKeH&3q`(0FVD!OPRyMg7P%a}bM~f#cB(?fvfSee{DnYF57I{-|&z-s?)U&Q0X=GuZK$c$ zN4&51CH67@(RKGz3pUd1*P(XK!3%dd?c6~-&-t#4z64!l$JNd+q1y<)tKVac?Lnt4 zw@p7^ZFrpq?sxh-`*Y>9A( zJ?)~NNuM2jUVz`#ujnqn4$S(Z2iL}%EH~i6$ z&hom1jr}FMq8pt28lBLE&Fp~>^60;bv6Qk_HkG~SOQBhiJ@Xg%So`Y8L+a>xJ#FN4 z_JM;JN6oEH?XY=UXLyTlvgy)?J^WT&`%BZG-A9b}7p6DXs9m+$XeCu&0Qbs6?3gByo;dH#8c_J9h$Yi|ttW)}Zk|MtKQ!~3`WWAJOo;_E<*cJ!Ql z)C<6I1b=Am_12;O{s8;-Bpm2Rk2azg4uGTV(Q}%%U{87&M^BrTLk^|)G31Gdu#Z~%w@s@C1dAQ z7Y4)CdIw#FUh_wPMV+132UfmdDLiES{QI&Zi{XziGS{vc|DWNTo$`Ulj*PU7EUVw7 z>-6^$*DvzUD)+rjH<|Y~F<+az6J5{T(It(ijkC~Jq|eHRzZK8j>RVm^2y39Gy)nO; zaYk}|{$9;R6zsBkIg@nJ9XzA&>p9b41<&2fGx7^{W|H1NW38@#c*V3?jaTM3PvhPN z%YHxCd0*>4^!=FpQJ$NuXMm>_+;m{~v}b1-YoS|!%ZtYi4jwzObDhLVC)ksz99ro- zd*v8>;AExh6RC&L_s@8~mzwX`4X!Wud|zU|+8k-I0U1e0c}-7cSiR>_fod%7eW>>|p(6>=yR=24BVa_-(XX!gs9?t^#)DSX$uq z-S}4F(9QVhiP3NWyM5-I_DCIX?I-^{zGpf9kz(uIQFD4uLqEmQss}nbvV2=2dlN|p zY?_7YW4DB~C-8RNZ<)frgw!YOsPwOtJvO}U#^Z|D?j{B%UTawc@A7;!ZeJM>( zPI{^40($;Q^y-u8wjI>>Mr)MO_mg~y)zo7(g^?@UhOVu@2(6{7vPV1Z2c7m4$)7vz zKZ!r_3jWL=*2fd{5pMop^wEWnzY*O@4ul*%=SE`x(Ie-=KL3`mW49F#G+Ow?)Mf}q zJ*PSh#ZB^uzYOllC7nB*X7wI_jk94KoX&In&&DhFG;7XJIlWV(m|GjQrhY#6PEEi! z)At114>HeT^IzdPwc&$4I{zczN@&_MDnRU=*ra{6R3q{_a17iFI`kXaUcivDlB3XYb?sllYjA z;B%lOO{_f+pG{-JRz{}%zW@1eyKM~f{=-AwvvHyKHuGK=*&-)mkcwxhJ zNd{K=Kce4Z=7^;K^(k8zg~xuFb*82OUfjUgY&s@tZ+L^}3*cL_J_+9-=}7-J`57Jf zEs6~$v4`5>cH0NhJ{mdZUP?4Uc(xLaZ{Ndp#T8Sb*=Z*hokl+^d@0c=IS|paoH#}H z8y{NOaPek*1^f`_3nsb4;w**+T z!O49oCu=sZO{^6h-{M)_H!^MD9<@dF3M)TvZ5KT@q&u|0M|NqU`MR(3jLnxLqA5I= z4PP#B_)>j~*G9l|;>*+UrOtCbuX=sPqHCJ>^P_jf(_TJpbolgYa`&pnhukdyPYb}q z8RX7C4Z(A82FvOFBTX*mYRJ=-&e0G1?9z#~HL;NerZMG+vow z?6LN@9jFV+w`pAp={oFm~xe}iH4gC-2S3Yy6V^6Umu3z~X;l<-mZU!&jxe3in zsQthd_BOpTulaZV73YhY3o2$ldFQ9_?XCCYuawoRcJ2%Fuw&R%Kl8`Rj}{|CvW@n- zj!^xB%%dpRYwVztvv=W?jr*(zzMnG&!R7vQ?RyITm$w$NAN$zf?>oSA!-ukm`Dcof8veQG=J|%_-iq1rP2#0 z5+jlyLf#f5&l-p3m_PFK{%3q^LQl8SP9E!4VtktM9JgtraeRpWG>_!Mu1^>K0|vhn z2iAw=CF3VB2H{wLE>5>Mb0!pUSZQM-9VyiK&`%our2|uj;EsJTf~{%D*q_i4|8Dv} zJN29ugD_qGpl|yH4@@pR7tu3A@Chz`fSX=Ej{HC4^WgCX+VGB5xYc-l4&8c&Y5xGa z%3CWEV!ScNyGk{DjOj0aZu^AZvHv+^*Kb3I81!Mx#ah1xE{gfinJi7nNT0c1Zr^XC zts<^v@)wVfU(lX`+k=loj79p)rO^OBh?%@|tK;DnQ+Eb$tS28GfN!!UtZiPhyyWt} zBdmR)R`3G)I{iKPg~U?wG38$_)!s$c7-IXRo+HdR?fXQiVG7r}pc`{+4PC@TyjQCH zNlS$s ze5K$;eV=?~{EIrfP;sboQJhb;@+kb_J7Pt&E`9@f`Db~5BkxbKIxjPyXx^W~`}#h` zd4C6IF1YYM2D~l6n!((PYRrn(_-jQULr>>S#pATc?^lb{vN`Lx^>QWiW6D_#T%&zm zD{-|_50>*rI=voY=w=WexTjWly| zKR3_%qrU6P&-YO`B%B#tna|nK$Xpiu8%e6%?R@5&ea!G~;_Y~8~?0Gv(J%9$^%)L*)~ zN%Mq<=74L>tHQS~tzTGb^QJFmbnDqL^v#D~_CVh@aFqqmaYkl!60|kH4P67(oSA9( z&S&`|b9jC)&$r_rOtRW9Yu^YxZ+`Q|vvSGJCe`-Kw%VZ~t$UFLjR+Hf?_^)W3-~R6K zSh&y^DNe|1F2<)0;d3jV+*3ka$me?5N9KEq;OX_VSO*AeT-UZ6p>RBnBP>KHVCS_Zze(PxS1-hI?nEdyU&=vL|782LTbMrzHW_PaQW zOt;LpRv$wzw&q)_FCgD8pIqp*t(! z8F=MvC45x{Usb_ZORN@n$!B!m62m{f>LqbJc{hED=0@+KE2Q_(XJ?CPr-XJ+(9Qr4 zqVwt;oi}jJwCf+>%M9!X`|33)Z$UoMtUJy?$4z3qVPc0#n!ARtcYj6es#zn$_f~MH z8sU;)plK2~tAkH>j!S6z6nawQ2A)@o!DIU^tUX+naoN-pkh4(js*B@xwL`yOhpwq> zdFG)SIPKXc~^cci}6VIU0E;i*oa=*a%HW>?yoNad9!V{ ztyfj&DZTmke>SKKr3YJYxA_mhcfgj*rn~%S=Ys~!bYv8tq9L$bp%~p;VcV>*a&^!$p#jean*VP3Rt0jl!qY|rsT8urjtmo6Ay@>&kciKLy zw$XDr>uGy2dpk@{gnsaxA6}Ln);b3Z8U$E}q3=8KKZ;l%p>-A2tOGR9rtvKIwKsh@ z>v)YnZRnYw*wwSvgz=^}VuXXcw!dOM)vK%lyK-UE3IFApk|TVygN?}JDd0H;Jhk}s zORoHGQ&}LPwCkoFHS$3ozfxd+1M4DWd=q=@J+FJq-bkK-?mz4L6bU?wjGe86xAwqW zZQ!h;e6eh7X&cYCfxiKFY3{Q%-Xyc{5$(43UN-tY>P)2F}IT z?Fb}hYtD=uy76Upf#>p3zUngJm^_y9ku8ep;l;;hh?iLN0er-k_8ulP;bH1lTAM>T zG4KHAMednyZMW$X>ia5uq@23?)tY|E>i|6b*7Z>0o8ifDYWmh;>ss)AcLP`2D1Y@Q zf$NC&!ScYhNN^!nd4j9WKD*~%fJ-uVGjx@VWxxZe(EKR4)_OL@kg}aWF0!^O9!z7+ zO8hu(^o(N}&&1!qhWqL8T{?V+%;&UH?-qvEo8aphWBUtowT0N#7V6bLZsf^X>vY`J zJF3YntN%(4&tpsV{mbUN-{_-le0S}lWb+?Cz;pOz6HHsuMD{;dKJUeE@Wxvi@Vr0K zx(nTM){W^h!Dklwel9$^16{uke9VD2O3*pd?L~Z+BO{sMD~tE#|I3#fjjSj(2q2ST zcq|&Q8y!y=2Jl_v zgwB2wtxn-r_2XBqCpM^CwaoZcFXC72*SU{zewBPG%?--0(p;fg(}oXk@AHuuZ8y2J zV6=oY3dPF?Z;pQ@pUnH)u8DrQJ_VkUEepi)&IcSkeg_=7_)B5FYKT8Col`#D#KDR+ z_kx#7@KPHJMM{1fGO?%nH8PCNeiV3J7>@v>YA%7%{2QR(Xwh%NK)wgN z&_@iKgI~F&m|EODuIzjKf3+D<9UU|w|GFp-pLaI&m<>)BLl1rTANf=>{%dsxYc~R) z`^#p;!Q=hb5CoBixFR>T+-gE4kvZ!>Oho5g+RhuDwfNveD&`;HRcwaF zDLfe79r&&DQy;GXOVtjd*Ojl3pZxpB(G~oat6u%ZaglU#yp!->WT#(XzHb9_TQ~6c zI?oupeC55yE>F-i@JT(-um+AfLVFF|jk*rsev9iN<0IK?;Kp!0Ks$wsQC=N|U3;S5 z?47~0DVff*<33E=)S=Ngam2O&*UPyto$X^?UQF$+nZUX{XztL?#MFvs$aN|2(Z0vZ z(Y&DeZXq-^F*bV5&6l?CVUG~n++@>wtawrXygJ=pt7_-i6;Gc;$BL$2dbDDLWb^Pr z&NdciWaY#O|9{thq9pLf8;ocWc ze{jXw(rGs7IkG!7oBl&%{3s}0zkp+E8CYLpE z4LEeI+XIL43;F&*dQOjn!;8OtSHYi4-_vpVT+_CPS0-MCSG;{Z<>|xJ`GAP4wXgiJ z$rD4Pkbrl!r_no`Y`ycEt|OUcL}^#clN#1h*8&g9cQ@_e`((Z=^)ieN{-aN{)|ma zON*@iQU5c>9*5H86ZfshzRwv${JGt?(uchvjz3swr77Rhcan7>vB2kt*!d+t>3_!P z44x?@-%dWG&%jYWQTgS*4bHW_`a~9p`?Y2@rzFLiF8%fA$fnxfM;=JeX7PP5xu8kT z_i|uK-R|q%4ei$zQlAqGB&VubOl@!1MBpenD+T3pOK0DBqFUgIJaQG%$$7vi zKROSX6q`sdX&vp4c;8>nHJ&}A?`eGJ`BQ2a_>A7)e`6#MUm~6se-ACZx^frs;9Bax zT>7}QpkV8!rJuxBgl0!hvd65^C*ZYXdD<)sA1{@fvxmur?fvRk&sTo6;kC-I{wsfd zuT`xH)z+c+>aK*JR(zgFu84EKd-t%eMDffn=&_jo;K{Srl^cz1{!koG4%kNQz4){0 z)C9FcKl>Zv8ykp#rbCrA8xha!=L@o@Zr|MrU{22Q*#z?^fZ1zrT=?#dgAcqj_w`=E z)8G#nA8M=XL-~PE`m_z2K18k{)8q>LrR~J`De#4RZ??%9_)8a~cQT!vfu2!LtnhB& zET0{z-0A2?4~!oG#v%JX|)6R9^P;zQ;ybxW2KJn7+({4YG z{(we(t@!<|=$^&!X!?-^^>5a*dEfgT?@69o7lxEmFnjt=10K}^;0JAOgbz+SGGgQD z&mx8%@JcJS_7(Wt@^gQHZz%s#b>BZlE?OUiFJ~gV$}8XbX1wIN@S?8-mt?mHS)VKq z>3WF$Dbao1xzxpTKFh@iEcTQqCz5AHM3XYh>N%$QIcU`iUiO@`@vHs?i(u+{2-}*= zzIhJ-3pi^v@oFHNJ({(`W2{5+8$S)7vOi=*`mkV)bwD*(tsl35-Rh$*r0yBF9w!pQ~_b0N~2hV?&=RcBYu^!4A`#`$t9&WQ6W~`&lSfu~4m0OE<-WWk2leyIU|iYWg6FwcKngAWSJW6f8@7p(9d~R zvLW4>0z5x=>O@>0P5QI9!e{HJDT;C5GZ5p(zJR@aobi>xLlwlkiZ4Qm#24ia6=SUF zu`iI9n8ZA-)?kid9`Y0586BsbZd-RHWW$o~r=BeD6~^M=3i>_38@IQc&7d3=(-9U=Crg8$F+ zzMg3><1dA0fUOSL4&TQd_)XM*B7;>Wq17kHu9{g@7+QUpy%IF%U-eO~)v{*zQtbRe z%gD9$RqQ*|0lywbK6heY_R&@&ZCzlTM}XzRM_Fe@USMAu`hq-Z3;2*N*4|I=hqu$N z6%K#{x$S_DNlu_^5~ELF3t!;Jil@ZqdghB$qWBdD4oLZdsM`Gx!*dBNq{TwUyn_8UgY^R2#!lsk)eVp&} z$a56q%bZ#SzM#z}i}mN!g>?mzo7k6kOFKTD;Az6oX-D5*OFdD4{|M^XNAfqy?$^34 zqV)%+U-W0JjsDTun%lCdWwc&hyDe7CZ*Zh_gThg)l+QgjeEvB2q~q^E7RG>Qtru!R zCn|3|ir-;sn%fpaCvvoJyS2S*C3cJcRF|nw z)yw?nHACC|4Zq(_yVf8WhI zE-yb3cTtORZDbv5@-_)J`M94)&q1R~e%CTK|Io1=tb64Bk$tR7cE)x#{ikChb&PEl z&xcf>@p^_?Pw;tuOFz1Cv+E;EU;bbkG)>0tqa$7a_|P!=v%mQEo&${Cn;)FZd-HfN zd@V9eEIsEY<#0KVg1@Kp83S@_#^~hb3{3afFg@VFBpB8JLl^wz)z|9pUU2HI$I7F> zG}<0ZJ%^1uJI|>$N@?RYrw!L%-fZSC2J6>y$Ao(CA?D7dX1Rk}?OnI8tMTDiEkRFf zU+I0==MC5_KmHbbsr8LOMGpVv^&;tvrwQ3t)6@2OXO2U4eUwmkD& zoq@luZwwx-Il9JI>$}xzNM#;q7wuwCrzcF%x_*4`nBGl@KFqt)kJOUbYc?JK`sXX) zXT|&XD6W6JKH)0#YrhGb#n|r~hK8#7iI2xO$L${%KyOtfTZa;uYnTJ<>-o*RU7y)k zj_=Z~e&F|8oc9hb)t`^+lC=*|N2fmY-AiNndI?jB&ykfP$;7S1Cd~cFK1x5WJI@}S zQ>azKA1L8o33$_WA9M2WgSPL(H&;F+9KcTqs(t%hBjXc|2R@z?+y*w<@Y9!mOV|5p zD;{>)W-oke$)y@udt{7}wL0cpzrwX6%5!YD*M9B)+@QP&zpqcVWkmJf;!&5s?qz;r zNG`Bqaea$oKjtjc@U646^Ok%jo%ev2IY5wqr?&-FF) zU7r;B^}+Xv@TV^g{^Ymv1xKlwN%%UlY})xyB!_m8nXT!eT;|_QUE|htWG9_=*1_ZC zt4%wG&z*J-(#Eg9#&~rPJ~;HeV6(q}hwqYs_2gc{)UoE_L&lGNJ7YgSjDA=VrysV` z=IzX*gwPYen(}5HQA9hvv~!(5)c5)x<}3Zz^=L2d*E6jM0dZfv{&=hQm%abZ?Jszj z?O%+G=Tp(qn|t6-`P0_4hy`D_NatBrll-P{VN1j_20xCj&|ZFF?9oHav*eGtw=X>5 zUg~cBO^fk~(yXFy`1rHNEuLun@}1K}r#EWvu+Bc-mJ}%pgx<&tE}oc{RyZ;CaVH<| zv@5=!!FYZQzFdA^!JNKV|C8rTgA#RUJGJZj4=)cN8Uu|EuQ&0Gfbex2*& zD;qR_O-$XO^#$hLvzB7qhA_`(!2cS5h&}F^(u#a@3c8VJiT_^>(?>pi;7^qnf&sc;VCosqV;d|Np&m{*U9J})sQ)kC=SxfoY(9%H|# z_c(Ys$=K>bx7s;Rd|Zv8GcX~#&&ewoyqEu3#Ly+})<`RUmYc(P(y6D@J4a~8;{Hu9 z_CMp&pFJ-(g&A*{@k*bRDc(p}S3^F5nk8SUA74lBdf(r}`(8Px&bmQk`YK~0C)Ut3 zjJ(_P^Mm%hLa`b;qnP~L@nma8zG}n@->2UV`N`IF^Bb7-`*@NyJw$8{znFDgM*pFQ zMY9ZQY|uXk!)X)ET&y1(BpE9DB-eH(m|90@*3j{X528&333>`w4R>_v{Ep_rOFWN)VMD_iz|S$h-ks;YDUf1M!%gB1%Z79}SG z2&gSq8B(m-NdO15wO4KjYs(=g3>w?&ZJ%2$*qo3A!Pr|4a(`O%N*IEYPASFKbhrf2 z0FAatI@sD?&ⅆy#noRNe#{K^Id!IR3kIIt<(+%{mM8{29tIMf=w%GwWCNcN1nxkC5T zclx_jHb%8c9MuEe(9i~arQPo{{ZZmfOjF^A_P#@V>Wh6g;R7R{HS(PcM!dB8s!bURsGy zL$_{bUqVG3K8+wV>1&zjHa9?n;&ZKzUOYXp#R2b4@-mIx&jr8s zdvb>JZK3TSaw5F6Q1#Q^W_P}3YVMltb=al#Z=`t%%`@C1Y(vBT` zx4aj7*Wh6G9_9jB^y)+kn_Q}tI6v7y@;MtV%k+PLnrkB*jVDJv{E?mHd^~tG{XvfD zuV=nA2D?7UDsiuFyEbX`U@vv2)0}Q>=snP{C~Jg$runYVBkM`e+jOJ#)2?F=dU8p; z+3-s_=WxzR6ayz~RgQi9Ail1+^pwYD+C3Wos&dx$N0k4Hx>oXEFMH`1rrA8x|N5C> zJx2Z~;$SRKXraI9JmIl-(Dz+=Z`glZEIxuxkq2xmHr8QXuO&yIWPZWFmDM8GNCxPC z5jd@JuCabu`SEs|P#yTzkGv-z&e1gzNmYRaU)l?Bg!&%%rs2h`!gQZ>3kEIuDv z?e4d^4%iZm4V90I^SDZ|iLLbO@R(BanRkW0w3isBw(<$))!N^$ZQt*Vv-uKgu%}@2 z*em}?Y?5NC1JGw|;GFkfGUL$J(t*myOHY-ue{kXBB@@suc~7=OXF|9xhdS`NEwyq3 zzT^_}^;>HA1@Z~GdmTj<49ARi9lE->oH^jy!FZT)`v zsFdtk3{J8LgmA0(!W{QfpB z!QR{c2I_(yoVs*u7%r>dI}DfKCuDKAwun=O(V>>9Vs zvApj#>Jxn(O{+is1G8lzyuJpR9(ktO%1gwUSltHR(LkA%t(=)wZXkzD#d7=}JU`Yz zoTc(2OUAVKk)ijGwGwA3IYaN?BiWJp5dRWS6wd2DGQn7x&msQTjFPkNU<~x@SPi(d z4PLhB2HLBiljsH)E@LeIGxa%xTs)R{jH>5K#&(oB)H4D?EPVzpkL4zZWQ$|Dz-0tj ztO8GV(6_v}>4)YFovXMD`^zHee?xR$V%l2MKZd?fONQ`OW;B*k9;5tr;&t?`|D9rQ zGT2Aa06k~^3K#jZN(FG^Oj?;(qa z7`v?xxk>ReYmh&_hrPmu`+(IMv^JybZKmGzcSM6uFwUa$-~;&%M%Yg*KgDhU-)t&D zjuzkSgoc+OOUp*D@n*7yUFchJWW5yYZf*3?clio$1+TR~c{wrBHYOgN|HLO;ek}T* z7rCWB?{9RPO9B^d;UbefJvr`NcmCKJhPE$S<^Muvbm-_!GGu>qPIhhMALw zpI^y1MC<=B+iYp#Tg|=Rfkz#aok22bF)&l)$)uuLqJ2fkq$y-l_q}VaJ#o252TN`__sW5$#HEsjawVxH}s z$6cDH^}V&nU4LDpi`spcL1g_BU|)7IE9(AkHgu?=Z- zFavrbo3{MbJ`EgC?9xEHn>V?Ov6k-&7Y@lDKO2@k{?8h-rIWmWT|dK5(h`KejVGiQ zI@*$z=v;-Ib0zp%!EZi&fWAGG7uZtD8pM)w?EO~mJKKo^z`tEd8%gT%WtU3o4ncQg z(A^lY81m?D62BC1z8TtdT=Y+RxcMV{aoeyTFy2LsGyM!yVk@jqspEC|MdHVQLHvV{ zBPGm5$w#q!Nk4AEo(%u1l0C^$z6jHA;U((w+|SWh&HKr2m-i?xwInC7#o~2jNTxsL z%k+v%d?`(?KLq~7%r%LX)SFAZS%&kq=_fzc&bWk?a59Su8=*T_k~^HrS#!i zWRnJDr)Swi-OHZoxuSXL<;Wr`f7X*l-YY!!WTygTr*32?&fI9LMRs}?*=f*|oobPt zx{&WBJJldNZ9{hIMRuy0{m9mW882>q1lj44Q#aN1B0JSg$g;ANV$|h3u9=WgCmF0` ziIts*vzwa89Urc*@d%IrPKNdlI53?q{=vm}T?LW%(%ii6K{gk?Xnz}miGs?dixUg-`eZ62wjQzZn=?M{rF4AMlHPbNeNUZ&LOa*Kbu_l6Z^jpP38W z?f|AIbX=C05R5nfVa|l7oIu$#+xeH@f^+pY-5Qvha02F>;8Xb=FQi{@6~906hjZJG z*tT9Z3Gyj4+v`-?^>W*X!k@8DU!|V6PG6BYMLg7mOvA71Z&00lMuK}kP+8EBz(0xb>rhEUS(u`J@8BUQ_fePp6zBIWRN-c_xy>E zhPki7KDUl}Dt$kDMcG3N3^ZGsVqBZmUAciRD{hCLz{A~gm)0z$+}=Cxdv|b;&9vFD z2Nge8g=|W$oQ2Fo{_-Q!t;}}H+#iN-#GCcbACM{Htf?_m#Y@f+Cv$Fa@Pa*qUxXfV zwu1e>-rC9f-8IO!c6{0O56=C{@pXTA{>+a0U!Cb_J$0sd?SZFq2kvZ_&*O5&Hd@Aa zzVEK7El;z*e!wg5gf`2T&Dy@Y0zS13nFPJ+9sD<0R?c$s=aP$ShB*!IT)ONIbGnZ) z?Ib3;nwaQnVxp^wi7r@s=&2g^6W3;wOCp@nwk*o~)7cA%AGaqKBEC9r{vz64w$z+f zn}?x!hgVOVzk;zSrb741*RJnM3b3{ET^HZ!{N8HjF9xi`f0{cvTcw-)?7Nwt-cV-S zO#_cSS_Mr>=4YTkWHx^N7p&v2;Elv5eS>`dj_goh;EXVA#y`hjj{U6pJ^b48=kTM$ zSAVMVU%~U1IsI+^vkBMRXNUDHW_^)OYYt_xSIjwQ@I@N);4_Z@?$SB7{vUDwZQ8Uv zhBc+X{ezVk?is8$vNOT=ueRq*b*=I4liq!$cMo5x;hQermrRXfHwk-GTatNDPI~Fe zk7r;XIZ#Heli7CSSh7 zR>0gTE)sh}Q)~Qc>;v)U9{j0)z^2MNZ8B@eC33ONUQEA|cQVfdOWW^)?nGqIea_vF z^DaI6u>0)JQO~mUY>E5qHlA6$8Gl7$JL_Te>?ZfwBA(gy2ClcZ;C}9tA9J7G=sr7U zelHvMm-n90GyGoa%RK+t-LtH%xKGa(#GCKo*Y>f=#nEo=Ut>(r%O-;!4E$Jo;CKCT zzC6Z`^L5_)DP`Z}{|45fjbE$71D}DrYYOwALBYGjg%S31=0N{azZmxUvPQsuPGUOe znD4>XZ1>24cmJ)pC1R_DgMD1LXkN!(04;!qt)jog76q_@o^YQvnVQ1HcAmBHOn4#P z>VimM%gY0Q@1Ios*l7LAL8tg1@`;Srjed)qdp`Ya%&7Q`i^LmlU@Xp@M9~&+&dgP^ zKWyHH9H2e{e@(fR6(Ng(hfTTl+Mf|0k|k^zwg;7Ag8>#V!`2vYUS`4-R}&vNx^KUr zZ|{^}?j$rP-JY3899J2>YxScPegwaNbs_wy(&I<#@TJ0Q=H}rKT{q6s1lBx~cyd4S zILNW-ZAm$k3RVR0-fJz{lBHI|96ayr@nN^|2qJ_S51M|61P|oxA@hRu9ua8 zA0-3iLG$#oJoL91WiiTj6K~Qo9~v0HERjQeKni-0hwel!64|-XyX@J(%`x=5WuD$s z!uQg9p5WUgG*@GnuUCE0bw2YDgEr+e54u-*fEYIm@2t}=T9DtgrV)4zw73IURNO1V6=$MQh zhFI?2d2atUbpYGaZ|7luxqJ*`{_oVn&oBL#lkY zXVXV#XzF!lN@u_xnqASNTygpMj=qh3uQF@TAT-g)#^>ZFMCUsgyUrj=QQmn78zFG> z+o`TD`B872HV*-^aS$D_<4WFT-1&?dx^PVS%CukhjmgZ(w_Vz!y)2rCDDxn@j%<4$ z!zR;B`EI^@1AdYV>`z&^?l@;})ZN6KYfmeEE_{x0pFl4^YEGP;8OW}a4bD|Z~x>m{TcS2d>Hi8uE9wAb5ldawLjbMubr95=KY+&JKLW#h?mzoXRyw-Z<3b; z*b9K~dB9~UcrN%}=HYo2crKe)E_hxA4hwE%I}_Yr_SeBDG#-EK%1wWgSgkja-Rqg# zGsoPsX+NrRVzi$2%b#}3?@&2%`~RW*JJjXy zUoXGp%Y}B|#vLoomLBwl6SR4m`)rfB{G!Bm@UB?jq6<7Ss?G&oomG@S%{N!^@A8Wo zmR~HOPVQ*~Tl2Ut@14iJa4+eNX|TeRudbeHdF7R=k1;h+-v;Wslz*eWufWj(<^Se; z&70`o7l7wOX+Bcl{c`FZsyYd%VT8Zzdm+L{3S#dMx8!VE24%_!`+I)jHU!l#LGtCyiF8{gY&4m-q z^R~Qxmi$I;doAv@?Hl|~ecJ{7N0)CZiO*8ZjK43^-i!CWMr;VrHwARq`>wU;S~}xkO+3 z;GJ$xo&~b!-@eZJn_v4U>V`h4Og@M*^dR{lNRfe=+YwPF zkse_}eLrE|7Sd)-1o#^q+y~C|_p|PH9t`KM@tw~<3NH0v2mT`;Mi^YT^pQ27&&^Xj zzjw!1@pas5=|Gd2@5WqA1OJoni#P8C|D&RLS6^l20 z?C*yD?Q;8a%KUb^ZS!UNB3fIWvDuU(Uu!EFElBY$45BMy@q4}n#y90+`@*hU7{u3tepYB{ zUcE^~fn&{U2XfITh@ndRev{$*2dUTcCeI&8y_-x@v3J8Uc=_b-$sra!mp#$Du5x|V zZ}QtR=*EirbwabSS-vL`P~0*0U}QJ^>Y-WX*n<~h53XJtdMbuJI2I1om6V6tN_bv^ zJ-Af1I%Ja-^q)1Gy8wG|(At9o6^bd9{dS7A2fMN5#BEr6u%0c#9vr&ar;*0eNTdB` z&UN-Y%HPLE!uDHJow&Y^L-8Hi*jyYY|*)iW7seJ z@v`Pk%7s?vt{*Wdb6ndDbYdOPN_h53@`0881sMc+W%PHKG51zJ0bj)<-o-c-=T!D! z`PomxUmS9R8gfmgLjSsVEPPOMj3b_gOe2{~d*0>yQ|$CCWG!%`Ddt>n?LU&o#ACLR zyDEn6EkBW6TQk$feOkMPe3fo&=%(CyH~!PYg6A)njY7Gm_Ja@VyX3_I_GN0HJyT_K zfcf&t(RYpX|L*{fN?PV5?gIY4gpB2cG{&M|Qhut$v9a`4p0x1*%#Fq`8BDNR1zs7; zD}#Nrz?X8yq4we3n>_zu;Y*z1n!FHO9P?#uDSUVF4rDOa&z~P+iTZy}U;TM!{KQ5~ zO60I!;O4OsbFt;M;?1&Ir;rf~;MaaT_!FA(`OPVUKcA(Z+=#n>Tej4_#J>1-$Zw79 z0~{QV^^hzhJxnspvtG=P`r-FsD}5NzugJxT{vUe%a?aDQN$2U;B(GoKx!O^`9`pM} z9qIiN|3hz@lishY(fy(iU!Y&$La))?v!A&Bv!qtUtrv zlD<;l@kM+QHTWWS;fv_P7g3G9KZY-&0G+Oz`Thj+6C2>{%-*MtckTJknXconoLN|Q z>P&3yi@bMpdknbgLI;@4dqwOK+DM(9_m=ALDy`5t6kjJy=eDTU{)|C zoA)@b8}L2U;(MsY_fU)PVddJFo;rl@p@zOxZVK3QHKuW0fUi|$T05PY*h$Wa${DU7 zW4{UajYDSKO<3NTc7Hst`pf=b+K?Z`yev}JSu~TjEZHoRD zA^+_GrjH=^WUtPjzmt5oJdu)pk2=2v*(+vw8w^B#SVCzqg$c7W%d(80SsxP%_rKc61C z`8|i>a|-m(=QDmxf^bH@c=;d0p8ruiMRpbcnag)vKV&$K?=%o+8j6!Q!32IneaCkO z%skQV)FD$Sy8LD0t2z#mI|mw67AJQ*?UdDc@kk!5M#QIH7;DelD?ujX{*?LAd#p@+ zBlkn|P|EkvI^p65e-28?p~@V*_zvTrY3;ki@>!^czNpV8kRbQ&5#j~<9s|x&$h^w8 zCwVQO^$Fh=Z!TLKeoAy0cy;wy|Lc>!CSi zZbQ)Vm8^}WLHN#F;YZ!_S27R24R8bU(Q0BcvWZ8K{cbh3KV7dLY5TM9tL{+JBvw%8 z3hFw+c~j`~_S}e7*bvF(U~{LhvN0Xmb*ub3oZ`YmK{KyQa4`><#ulm=BGtDFn_Mrv zc@;Lfo$zw$;j7^Bz1Y^I>q>{(z`G~VAw`GZLm%Bab@f-_%pt}Q*Z$23_fC~xG=yJt zrOB*2M4U+#zDxOJONQ3P{q7|4bDqxWnTOo7K<%KP0h7JxUb2BMlU@zY)fo!i;GuHR zce3|Ja*%IteU&oZo@9NO zO)w8geiu%!pj_W7Pn4bKF;&g0pp{u;T%W`N&JorAit4lEr^Z&P{apumw?+Euk$hyj zHG3DG2c|Y%HcaC_!~5DN9%f!wfSZf4F=Kb>Q+xpNynQ?Qm7R1QbEiE9%0ntUXn=15 z$Sk$2x%#I6zy#z*Xb^f#_Hy)>Tzun_336FW6A2)*Z`&XlxYeBfUcL#oZDT%HGZ)DH z);6YCaqaO_y*=<{(6>b>7bYymWeIr1QUagFV+|ciMcVfK7k@%&E!4@YgXV-mH9g z>GS8V3;Q)`uN)svE%=1obbVfS>E;#qZ+395-ZbE+i1F;G-?p^_`;gw9#6&nt;3 zTFiXJ81o@=`z{7IMV}5b9|tqcKG|cBFt%;Lv;i-4ALo7+^zGUm(TzDK{`t$LtU2hLv)dhBpLf*VaMa|>DP{IcaOb4 zv7CG^lYpaCC{Wl9ulOByJaDqf+~(%;%vcSN4HXwI!KWRO{qbfu24GPBZ)o=-exvvz z-qLrf6B}@9V&&e!Wy83P?`=r-xy6S~PxjdeZ2I_o)aK(H-tSuvZ!*~Va?r!JbDfKg zuZZg!u4|%m61A*{oZ49C8rrC#4cXXhyf(trt#;De*ygpdn>G%A zfn4h3+UYTwZC9qX(MlVGH!rqrw9>|OzYXnIP0Kr;!CE$8huF!t_8ObTF5Y#^-Ro(@ z&`6J#e!Cl;5PR9CR%dPkzHDhd_N`4N+_OPqOARrnyP30AY@#pne3xR9l9yVW+p}Ev zwp^O%q%E#b^;d9TZ{Smf4 z#z~)=?f4moY^Usjs(21~8w8&Q2ZMV8u&mscixTp6rO+Ev$Ti8GCUF<`U5k^RttN#J zOf-A|TP}9t=Ffsx7U$4G<%h}>&ap>+HRW;P=%2!NALZqgUkLtDh8;c6Js;e|KaK4^ z#-{Tm{UQ0|8NFYk7@HdQM|b^L%NW<d`SdVN(!69cFR~;4C~a;u zN1C70UjBeRd6IdC^9Q89%Nn%@3l+;Xh`ihY{5Alu!ownySrLO?TU?tx%lhC{hK#y& zJ@2(bvs$4i>!BxyncG&6o`_!QY=j=8)p=UAAuO`MbKE{||K|(<{D1b^nOE zw}a1?h7dOne)n&stO#BfMW*uciuGqqp^6y&w|EIo;Zvb3Tp@WS&*)6O;H)RnBW0&4 zqz?Nn@0EM+9fBX*ae#NCBiKeN@+hz|R{)DsHNdIMg&4*jZX?ZfTc z$pN?kSyQw+AGnGESC#O_D1E4e*QWT*UkcnB^SrG$>iUB6mkR%g31ROwykJvFd`7~L z1+jS%@#QKHU9ywkEYttdO9I+^waG+gBr+LG&)yZKU*eE-QXu*$D1+qpRh+;bs9jdws#-^S)``5$u$ z9c;!g-0agY(Hr!+<}-Rn@P9XWfqwfQ!T)!i<|wdFIX=Wf8+$NG<;1_i#)00&x%Hz#YYm?shnT-2w6!T0Ow9 z&jeeY_@mC}Sf8zLSYO~vF@YV7zx$kfK7w*pbzX-aLY~4S@XDjW0r4+w2gAkqaGmDq z@XjvU=ux~YdCXFr<=cr)iC=e1H}eKRvgadpU&p#blT?3-v8xRqZ?p%bcb?9a4E243 z94~flof(O*rnkMCwvh>J+XKY!{DZd1$@;%*8+y=#KHH0qJG$-rY1`VxCPGKK&W|lv-m7?f3MF@+}?AeJSf6W1S=~NN=@vG<-Fp^{F-3zBngH`g8J& zPGLQ`BU(O#cV2Jv5oJB^&FV^!Fb49{wp{1bV+u{f8ghw&kZvpT`bhp%{MTP}d9l-Ss1e z(Z2;C%4WZTv_%(pb|D=0QF($vGXgcTh1Q^^@$r(R|`_dWPakil zkLi8UToo}_>H8T^d-0qb?Vj!7c+L>?+CMj}CS8ucu-KKCk%2{jrVms;KK;~U&i+`) z*@Wx+j*>GP-|?mzd~NWw{-?kfonN$HXBnY~)I7N2tjea1|5E#YGvV|G;tbcDNTL;A zUN6494s7`3U2JP$A3_7R8)UxI`Pd6Pq03#+wQl%$vefkFjsIf1_8!T$BK(uBrigcE z!BeMWD+52X52L%@G&p#@;#YcJH-(Y~#6R3Qad|^8-wj4Mw+#K{1h_E9JEL3YU?1g- z@|jmS?I-^>c>OJ$Wp>hVR`?j_G&vuZK5A}G-15*pXBUundDd3~iCfRTk-da>D>Jag zKu=`zn*|TM^`%P^O9D<|A324t`UH8g0-=gHxN#rnyH*CqbL_cUdJ_30l7d$jxo~!) z)*U*R=Q#Zr(qF*^e5U{BlqXBUWoUoLJnVe%7{%>$FF+@H-6^#8KE|LNTFA@&CF}t% zo#7N(`w;%=(h1H(1=z%i!Ve5x-@Est_BxC5aN~!$w)2TxBHNB|;!Bf;>Bj<> zW=xtK3=G-BM&~ogAm&%Fzb%wu&;C8^&iyMHOS#uSq7x2D`Ge%%%bNUzuI(>hP z$GfS={Db#Tje7qd)!jYnUGZAs#&yr{bfUY2d2Oeg3NIN^Y8B&Sb-j;`42HC(yji3dC%v0tckpS$X=b7 z5ZekrNU@ea-F$&u5u%d;@G}?ra{={s(0BPbar3_);J>qdz{XjN zZLu4;#U8a8z4Msx?6B#6LHm7W;~Y_rEnelEe`U{dK~6r_;LJ=s2OJF&OJ5I96zp;S zL$fajo+JLO6FAj=GRc9GIb-yB4Sn|Ge5DV;pOi~>NPg4!{+n+FSNdm8PQ~aOb8-?u>^vCjqLoQzDutw?k=!ebllIGjc6XMb{ zy_oqgz!T|X^AC{q9m(rn9R6oj&iM9G{xiP$wENvLKMw!1 z#NjuLs`C?Go!cn?0pHxhe^hP0Jjd#>pP){ygD;~C_g}~z=Bt5p`Z3DirSB}9v|N=K z+&lP$g_Gn}R{oakZST$1)<)d{&qn@B%pu=~zDxi1vG0!b=~(*n?!V8UyvOQ$!}>~k z9dFQnF0hviospd_H_Kc{EP|C#L$AMAT|{!{kId@>gXEDav(1QScny|H1*%;;SGR`h>5J!^r2~H<7yo>6P%y`1$tBLdNP zk+|6T)_Hy4$+(w;g<7Kn2f!P2-_*ono;&@g$S>KKpXHs2G|rxhG>-m^ z2WEbM*!1_cnf`GzZ2S8%oIoOvykF9xkUJZ@_}1Fnk(D104c9wZnX_jw6wvttO}7?j zB;I_Ry#~Dd=Aih0z{ZRSZlsgRPu8;r{~CMfb>{CF{-Fh%71Q@$z35c*b;-rd*;}R` zS~98fGB<8xh+dRtTih>ZJyJ2xmw;aVUF?yTm;AQC#@@dUo!7Ww!m@FavvLw~@y^~~ zs2u(9PM;6l&z>D@MdCNfnA3bQzq9d`?595X1UW6ISX*Nech z-RPy$iOHzP_NloUnlI*C^M#Gcj!EzD=3D!2{rTU$G3{OamxZ3RBUn&0^dL{5@anoDFdgqA|j4kN>=B(vL`wa()y#yRnKgHL2=e4i`kIr8iuk7~9$%-Om2938$5P^W9R&mxXHqp{P2gV$LvwfDb$|A#^56S+8k#$5;D zM+bZ`>g~IzzS3;@3Ud$_jQ)sRF4+60Gl!y2xxIr+Eq*K;#*aR1p^o15@MEIj9sD>A ztVdMt;l~9k2R|@ix$y7dN0!Q$InB3Iz8c*43-z^V{ce6g@VRDh7H!)$R}HuMQ{JI} zo6K)r8ST$}t2Tc=s?Ad>r_Imu8&zMtHs4hFDyKQl?-JVljbGnmMfQBpH$V3GvfC|b zd%xFvc5|QK-(&T^;dqe}^gsDHS(jni!t-IK%Y$aZuso>qg@)?0^24w`m;nt%*Vwmv zlT-KxeyDUCyUH6V=X}Tq6pt#{6fKl4D7Z>N!>)7|7G`Cbc|F+CU*cc5d@=M}=i_yw zhvi_Wxd2(K6CDA+RddGLhac|&Mh?SclHjrQfKK#`F6L4&Oq~6ej-q&T=ldu_C+p5v zOkGaJ?aV_r-_=JLKXquof&bkVeB-~{$vZ2ldphwg!k4S)bI)6*u)7bNB;~!rJ!l%Z z+4cz6^2@{vP%J3gBLFoT5+Cfx7#M!FkIm%qnpDZ{iz6A4Y#Ofp7G_|L$UV zS}lA~vR%Xp7i#W`__ege(>>C!4f-OwT_3S_OEZaeSU17ct)jo{SMPpdF}S~qHdEMW zSJL-4OrUQAHdM)ag2CpA^!G~oM4$b6(0&6S9{iZyr*vi&u#*CYIxd8-iynD@K75=+ z7D$g5MXzd7?m6jRu{<-^>dsMYmC%`@@R!fjvo2L;!rW;$um`^71J>s_%{;t$KeCi9 ztN%cvVZyep>*Mc9v_>6lJEGaAHVcjv&)KOlK+9w&Le_8UMSnd3twN4(n#rE+S?t+f z7RatRN;_Q>u`OSUEN?0|ONQ^@+=veRHb0=wUdC_jJkV>!o8y0FO@obP*oI1=dCOUg z4%R|4i5v5AvE;f9f-Tjf_0ie~FC^X+xK%s6*JRI*H|VAChQE;CTlS}v+MvBIU{ij) zo=bVoJG8U!Cg^__zt|F9y$K#O_@~h6k_l#M3B0xh+q~aS2lai7`dZ*If>ZIkCl67wOEOT;BSKx0J547use2Ndd@I}UMZ7pU7ww8{w z4a99pb{{H3K2=$*C!dPvMNRg+4#tOkG)Z-La_!(N|E~e`6`re2zYWcsY~4l5)4*Kp z!vDRE^?w<>*ZiztjPlvZU(=NX9hhSJ>zS{=g73x@{nFa$rVQ8DmE+B;#zBAaj>VX>739oo zK+n*e(Vkmo=PX>e!ke>tlRY<|dZO4q{+&5e+nNuHm6IyFT;g3l-#y(|p)_>`l7w^XyF(oUwN`c(*Muu3}8j;L;T5Y~J@5 z)}1+yvX+8XeH*ZAXc{A0L#-9hi~EuP7}tooXH3dn?Du5~*KyfaoGCWWXWB>qo+sYV zS!_P7`ZYY!-w$`osPnGv`g`>0&_(1~26yGp6`c}|>I#M1Vo~N9+Mzyo)0ZA##GUU< zXn#iI3g#6UmHpBB4}?GZpT=6J`v{RMnEJ)u4#B_FDXzdnFHU~2E z@)GmZM}AxDC#Jnl+UFh=7u(B?3Wa8Jt{q8?=-WX$xVH1!IPd)-4 zFL$xlF0IOFM9+57)*S~ZPz5T5nW{)?=~2HNx6)_jXjNal~Df4ltFc)s{d zi;KI7p8^)~kzHWr(RKLQwDvyllr1KO{nLj=!2Ff|Nna6dNtXxUABk4>t~NwmpXpfmz3Mp1 z9?I#1S#w#lI`WzHA3^7l|5N)M6x*URgk8Bi!^WI!<}9%mU?}-va2Ne46bCnjsuIHWJda_=UZT~7gg6kCJy6<8QyGxyB$>_cKmBph5(F@A38wn=0 zX9^n97v~<@mCzg>*IECCukI2+ZY17sP?DWEmb*`h0gGy`bMZVL#P?w#T2zY9c zLn1!k^yX+5YcP}fz9le*ahtZHD(Cc@q0jAIShaC$6Lr)u$9hL+Q{NgGSEu|J}^R@2I~gU-OsQm~jPqJNlQ#oXMK@!lQbLh0DGho5GbUp z>P)9^^3M{~Il`VV*-AQb!77pMBMliU53i=cV6$Rg9O?VaCXvKmFFr=44tt?Oy$reyyRJ6$*V3>t`c zY5;D3$eieV+i&1ZzlY%ggW>`3WyM12od)t3G!XN2xcrXxJ*!u#?z+|+Zg0=bZQXj9 zxT9XhE&*q<<*%dt9kYApml)uf_IC^{%hvUd0k{3K4aJ2e>|c#Tx0VBYisO$D(R5eN zcj>!(-6h;5cBTv3IQUz5G5Zy-akd~6-#C}W*Vsjm_l(1;HM6U9-Jh&-5o)}dUs z0f#oi^v9*?;l}LABV!BG+mugLddBAzt4F({LHBdr0e+@(O#j8?{jV3TdThMSJ@&y* zf+O^)9ls)Q-ektRvFP(up5yetqVj8je=kqywJHav4^wU=J9#m;S5ZEdx+yzlPL0RL z_GOz_PP$_OFlyhOd?Rue`Q~VkScA>v60tch<*N_u3KvGz{suQ*HwQdx(fy1MB$kse zY|1~tJH>(u=F7$n)75m`>jsa`cV5KF_Xz)n<+siy&@k3aGMr>N!PG)v%I2>CrsWS% z4vW!nxQkpFFT!JMkRui$M>NcSxV>ie3M!bqd6sC?{?)oQ#tx)*e`!fcG)lQeL>~W(!a5uww|SKJ$or{@cI{cjJ!R_ zBzeS8m4ZWEpJX2l=aSR{)7odGTmwG=o}J6r694YzwyKBc=p4Hwu=sh^0~|<)d763$ zx&Jr*Whdw$7Po?H+xB?qE`Ex~)hA+Zf9=B95Zrx*^0?|^&J6RDLXN@bnVn0YiijKD z&blFEJfB)Z>@7SqC_Lgi3Cu|LQq0RZ%0BG2*JSRVX#Fl?EV*Afuf` zMq5TqWj^C8Fu_-sG1iT=!*xQ}=t4_7Sy!FwsJPP*diy-;GFq#%mnXK<<}&L4C(1g& zF|B#%KYszJYf1e*Q`{arP?dp>bPmZr1MJX_c7Gq*gY6P}Wu zuf}gnI=-&!!T%h13ih|9QF6d2*2Q=^akj%#LaUe07a!OTPdN}duoYkLqcLEw6rNH| z`_;4`nw^?Yxotm0`?@ACfNej{9Q)_B1ZLQ?h3f({yf_svzDqQGkoYd*GMmiLvl3Or z82suZt{ftn!sqWB?f$M|dRC2nC_P7A4BV3}DVwA4K)fZ#g!=AfY_*JScLe)6{=u4tzUn9M@Qvn=wx2lUuStq=myh&QN2mr0k4{{gYy9RjYX#f@u65#)z>>|L&A_7eFzx8uke3t8UV}TzV^L<#eqZ-x#I=c@A0w8`j?-H|iwoK>aiOt%>IKGZ zZ3+|Pl%dCu8oxi@JvP7Dus-1H0n!Nshhg@sNFS(GJ`CCqN63xtUpwCQeQv+QaqoWM zU3+rK?Hh=j{>AiD@y!l%C;vgz=0mt|YLJ`=#M0*!5DT)fhIg~erdIQ;obw_wCVX~k z&HNQpKgs;AiH%LHAigyoSuqvh$ub|EHdbZ}Kd}wWB&Wx%tekyaL^yqw+NQ z?>qWtigRuOeRwzj+v%qZ>#oc@n(j;X=_UqFxc=Adzo-9QwBJn}T&ar#lP14=7~eNq zeRx=3k)9F&Z;@l0700UBoDS*_5%;3FOxbyb6Wa4EKTZbtpg3;DGiQPiir?;m?+aHH zkD&PeyxZU@#26KPoLK$(pnbn5N4c4EDzbjQ>G+kV{!CBP`mNGqPcR?y>npBIzh&4f z$S+hU8y4ps)Txdb_sdL{&FfikgKWOxwt5>sRA$dxS-ZS>{bAGpQ+&DL)TUfw{vyO> zr9RC1#KDg{(UVNDZ5jRi47i&QEz^3(=x680uwjtHqK50($nr zG65XVG3O%it6vBX87Jo-o{Qo)wz(I%wt6wNr35-ie=GigA2GS#6gFU^-o?Mg@#n}z zD*Oizg_ErNvC(IJEOKeZCiAi@*B;P4@he4cIl99Y_B@Oqa{n#rO(J6&#wB}`?7o(M zA?J52z{g2>2RPVCf6Kue+00geJF+LO1omYEdRTSLV=kxP9o7JWFj+U{xI7vr5y zXtsE@bS>LQFK*?Xt}XA@c_-}Ks$ouQH?hy)OOGG_OPCOZX%C)9P38OiMpY(WTP!C0-zT4f?B? z`4s%+2fs&tANm#@m9@<$M>G2Dz8La8y3O{rq^^SaOPucb} zZTlO%_WkF3=)-;F&x2x|%Z@~+8gw-LN&O4q*W37Baa9YDcc)JvXEr=$9sjwL%ch#h za?(x;7qu5Uqw%5LZtQyMLNAul!#jPed?opurJy)J|NYPW!}lHgem(0g_;>d@J9`U= zck7fq%RVyJ*y_B(2g%eI{1*Dh_2~8^$~$;}AaQ{FJq6^8*Sd|MSKz{DGe^>@8`I`2~mL;RAOgA1;)SB$N;gWZsNlp5KhyhGoGF8w(!aoPo~MO`rX9dGWPdcpF4M zoCXdwM7%SKxQ}3eWGtIIm^;CyeB7V^r6>2M+1*p)TpV`N`mOW1hw#_#hZxTHRfI0G zoOKmk1?o9xMfmK+?bHA_1>PPP=^zEbiuSe?crhmiI9$$LZ|6PfD*pM>SMsjC=l%5D z4Y`zK4|C5zp*_9(UP ze4^=d_@d^JwX9(+Yl+Rr=kCWoxn=ZGWq#~a3V6r`hBY6{fd|>{lB_9;<(4EethIxA zYZPLPep_}PwT}gw76_U-*zos7siTGVEj@Lv9Lkv`{c@;m)EtZU9Uy*a#5}HV!sU%XQ2GdA(uA$YwPi{FME9*ogcvV$z<3*1vx)L za%ITLux+Xj;V5THP__vEGz}eTo5|>l;nUT#3~VmK>GdX~P4ax}>}^}Ckja*_j=*c% z0e;1|<-gocd68L2Djc&k*DQQh*XnmFbl=|K-46K%f_={Hs;$=E#Jz8K^5JWYm4Alm zi|k>$ng0mGP_RrHs$@ z2YGzaqeCjQ@Z-}Z=$C~ZV4(||{qLL|5s{pIn;WP9WBID#4IzGQ`O|Z(FX8(tNA5a@ z-(@oY&+^@R_uEtE_vB^4fAB5618x5k&yj04nWtUf(Q_&Xj{ckSG5kNtch+{fC1CT+ zK6l$NzDwr$Q`p7x9UguQKDLV<0f(~D=b>jx4hW$0OCMn^6G5Jld+>!3f{hnS0OSG+dB8I;BCW!U%1u}uC&luJ-K>q|&K0M7F zg`Y<2V9?>Pzd!rr;1i;+Rjg~!I1j!3%47e;KFErI?z5f3WlsjIF9W$_b2@$a$`8pW z%J>8m%o*{xW^VfP_;@cjh=-e+?*S)z;r>Cy{cv!x)@K8`>;h~cL6(jfk@A`Pk z?IZkB=lJaXJ;da<+^fM40~v7@~WxJ*)LZzdG*vo)LR@b&B;aQ z4@^R@M+Q4U9eMMYPjw=Lf~`E~>Uaea?%vKZUNlS_tu z9~!@pUt_F1@Xm9=_+RaUR{X!3gA8Q!^zm9c%b0H%HQw^H@uoxz)5iO$wDJCiXFulK z+eVG|Zg0H4j`&>2rI!as$wPb4l}E!u5Ll4?s?&};G;11bkKM5`!^XF|IYwLU+J_oB z|Jdd{)jkmEN1wE7AF^xD`Nwwc^=$E|apNm*)>{AVj*;s;J#B0|M~z$l{bXsp`9CO+ zGu{hFjX5W6%qe^)!u5N-ai{Q`97?BOz>>``W&K0L>o5FShfZI@SuXI_4O2{$rKu^# zV36Z-HC5K`)$*jo$i^vuKo6* zXDW^9%MI*7q4MfQ!6#|8Pk-{QKHXZ@Vtz=T=0t6 zzc%ErM-Q4T;-bmBOJC7H+Nx>0lKZ3Ft6k=X{0G-s+p+Wnl`)^#39lXEm!sbkEz~^u ze?Go%L>Ebici;YzU#K|!cUj-2=&<7Y{xWI}B(s*y(H@T*6Svj7=U|N1KYtn=seg2g z!nc#q)%5+?_-(B1?$k@bw(KszMhY29GK}*n;LUk&;-ArjB$sQ9J>GkQ5y|5(tFOpS z(wi+^@npCF^QiLlGM^SSczsOg=NA50Tgghm_Nfxq*2>s|8|GPXCf!c*z2r#yKJe$g zf2;)9()-JJo|@fh*w=LLug5+1{FPz+Q_k>$3y42PkFwvi44+MM zd04(0_T3=QcVaiJBzC9%1A>FOiL;H~Swy@K4mE?5b2$61KT2$<=in&bBo7$a zhWxM{IO|5PndTV#+|CEN6Lz3SRAUQQ&V--96Vm%-b%y&*;sE;8Q=|IT8*p*+ci^NC ze@AV9hV3i9{;U3!>RcY-mP0-R&(;%&D;~(|7aMZu*C6_Ffc_R?Bhok0yOX6R@dceB z$G0le|I5^6`&sSDx1PRx(CgDXohR&`S2KAiA5U_LIhVX?c+TFVKHfwh?VN#o^7$;W zex0T@)ov~++4pLp6Bgbm6TBrC82Nsh*5tc9BM&`=oNec@!=Edi9D|NO_)O|L{34FK zPt704R;>~3eL&?Q=+$+^0+^y-UI)DBo&S81ajQSzO$YR><0|Z1yo24?<`67ESJEDg z=@anxOd>B9c7Hd9I)raBZ1>lY1Cw}F?a9k-{Ob|w0|wM)WE32f0Ru4)4sHexw$Zlw zVCg7&x4q`OSGRj}M7wG$aM*p%f4)L4IX?(XTdBp zrteRdEURuT{O@nxpvpXbMyFEY<5*2>~cGGK95 zb9})&z<$VU?_@eYj`AO+(}!hRN9cnO>j$uns{a2`Ir@=w3DNF|)rUfjc8=0;AOl$! z{(4U5Z>gU5KsSq7qX=shXYZS6&j+Bv7Ou&+Cb-@XeYCP3a!@I9NhlM0VfLY|l5;vH zdU(cO{}}6(n_ZeCTU{P&jeq}K@r>A1|6AJ^@4ZfB&zLcFIplWh1iq}C)skc7tZ9E8 z+^0R1{&#v8UVl#Xc&H2>7GR9k_!mk%S?Q3KSwf8(`zU(2$(*|0(!-Cj=Cg{CMU}ID z1Lp`sBmXH44g>?w7?(yq{SNDY%P4tS@=E+}@!&~`amdBe!-}CRx$$=;iXI(&!haU$ znSWi2JuHsB6aL;LTQdCG=0rKj9-R{Ne&#ueP1wyBGgO9Np)x-w3UxK9&F@j~oAlMc zU&+1BrSfH+d%f|D*7tpQ-e~oo;dl|{tyIj2XrE}i!=Q zH^{}lDSX?BoEFEPJUAF&J3x^C(4HWuLp*rG>Uq>7oku(-h1@6FY2{D&g?wN@#c#8BlK$BBE**}iNVomY^2VRyJ;jZU*8g02c-UUK5T2#{JH@V-NWK6-(ALzewP>OE&fBt-*Jdb@eRT?N< zi#^}U^hxrOAxFBh-%M+hkc??{6=YIZ4h_{UXHT{6#OpX73c{67PRA&m7t6{xs3%Ub&z5W0d*tLHG+Lo83qm zeIwRljE!Mf$$OumY(D>o`Tr>Yar!Dc_rLJ(gA+N4@1UEw{K$ogYn)+PkKTakHvNGSj8ZsO`+N1n`@ z{ZM-^c+7beb=udH%6Ik-0=vuE>uTegX;X8$fc}?N5GTNIY!y6zywf)Z8LDi&Qx{@i zOBemFjvU(B8OoRKt4X#m{LqEy0@%Lt8y8M^dwz`xJu3RVkT_jkWB0Iex~enk&5iU$ z@uv}Tf_(45a3^Dq?Yg%;cD*4k7MO;XNY|7s@Hh5GnQ_FTbDdt_eCqSd%BmL@mShr7 zfWN*ISXqAL^X-$^Pp90(#ayS5!F=4>dma9L%2V@#Z7F0VTMk}*gYpRDGx2GOUvn+m zX4jhW!uJYyGTzjc@INnKm2@h5Z|QQNj@aZQKg7-#h+sG2{T;mDag}1PUH_imxA*q_ zVIQC0CKi+}{&@U3ivdfT1J=&wS?**l4(9S6bW^cK#SgkU@;jibvZY51aqRGLjW0~@ zn9=q12{w5aVNTN50X*Ggo($Q&TK~3~`DTBTVh6shm^5Hod2GMIwQ|%p@+-I*q4z_7 zgj1d8*{3?orGt~Q0|AIZz#QQ}!nIEiZ(+Y(x<9gLf;pXyP9i^V6gZdvmDiUBPnpec z|IzF%A$B^*Sw$tM%-)VrUZdo0eX|@pX6OX(^cmtHrqqS7)y7Wfo&3gGykp1f=^jOn zIlWqSN8GwYukqdMY2Ur(es{U*=G`iIUFZeg`C-~SFSzd@V@@iHd-XiXJ8RP3dC+}F z@=TElSU<4lE_Bw}JcXPd>L)zCF?QCm{mjKCR9bLgtKMCXkB&8!eF%SH?g(EY^s>o> z+4F-Qn8$jhuZPy*Gk^1F+c@%3d3?y9@1r(8dL+M>jTgG|W-hb@da@52#_1X4wWe>+ zD{l+7xJhb5zUi3k!8#ifJh!ow&^pNr^7|Ix#}k~}oEE&-X`ca)z@%bY3xa3AFTC2u zydNY^H3+BAsyaHL8H=bR zlmC~n)4KJrUx9i$LXpOj2`#_rBnLD7Z&Mwy$>F+;$U*3G;B*7?yaG9L2k%U!@5C^Y zhZ9;FdT1|wvS*4)rWNfP@)LTpMmM~1m&OTBbp_6TzY9E&oYMimmeLpP?-o670T#s* zh}V50sJs?%b7<;p&9ZwSr$XP32gjY*$`!T+z*Lb#y ze_)loY+<{1>WhoamXcB5-0OYQ#5Zj`yNmyN!S^?E61l{X+{-uV@a_8x1n1v9Hw@>J z?G#hIcoe*EgqNk$7u6L+o?`#O_kis-jax8od0R3f-e&h|V*ri%{V#C=FC;YtS-eCh4&TFdltsBZmhe%67jwhiW_oH@y$y$0Ib zO?$0gdz`&${an89BfUM&TpjX#ti<+HI3&DmlI=g>fz11KVIB69UZ6_UVS3cO59rDbSC-w+57+MjOa((TO&ud z;uq~71B~RXDDE3WezAfT#dX=tuky}}VZZQ3=654|YG(#A8%29IB3J2pqbFAhXH~!d zO*!o@qAW(+&}V3uv$p}6t&+BPLf=HQr_pwd{azU!eC{tV?wbj`9w;xaOPA|vXuDu` zr)0Xu%czqWD#>(>#86q84g{ElTxid>tfY=Tz-c~ptIeIXS@jR?7JR=ALl4%C^jI6Dc0p6 z_4qhhG=5Rv31VV2F7_PQxeAewu*;jPYUWDs$_8J=8t;LQA}_yMU0zZbW?eKlr`{wGy3F+9dj-GN}-d> zAB>FHe{I+7kZbQvUHav{mof)Y@q_FP?0WIzei<1Le$;Tp(H_J0zmJYv&J$uS6v^Yr4 zE#_u@fZQd_pX8Npc)9rDQO0j=Aetk1y}p+m(GAbZU>+N=tJX3v-N4dL>WTt0_1gQ! z+>|lr;_dRE?qH4_bUHgP9&gop>|i~TlDD-M$P7i)If7n#?`jTPi4XJVOg!+++b;aP z;L$PT{rU5C(#B5?!;iJMNXJ6=2|bNWf_?Aw7}kOHmhKRF()353_SP7Er;~M-t*~4$ z1de_Ne9r&|i7{(i&p6*0FsISImabxKCnjaqwVqhh-m`k;3t1UXv-sYAlUZ?yIp4;6 zRltd0^A~=5f+xRS+U)S#ll}*c**5u3b6Csztzb@Lv{OqPne-tSd(86H(_UCUDO^_? zjyLCrO|#}E4?kI;p67fMsQ2tM9voVFK|IVCn8y~`Ckk#%**8 zt50}yokFgbyzy+>ocr@V#@f?{?MWr%kJbK<(t(mX$(H2<#pGfPH?q(9i3P~Q%NQTH zB)e>XK4Xhb3f6T3d&uO8WoOZApkKMbR~R_%1U9rUKNhZSD`W0ubCXV%qAuaDV3Pg6 z{c+}Wh_{Da8;Gk@n?}Kvg+H%caHlcPeupvNHEPVQ-kAOIZnXI^N5YqIaf<8;3yPb; z!RBhkIU`dOcfLU~6!}k@k((2OD`e%N=i8j{19{LgtzoTlIUyhIj|5M5Am?{oX__<5 z7|!Bx5)IiIZ7)sEXsf~Qv^ZScE?%f}H+4SQ8{l{lopO6LkT}RWWs&jZ>3gr)qCFJn zdslfcw*Oz|-UPg=>fHZd=bVfTib@@dnhBJltpf-~v^hCJ0f*LB+HxC(n8I-fOSDhId-;de^(&m1_p`eu=#1T_+x^+EFY2R@$CV+mp0Ak8+f* z-(u22?z8ThvtA=w#cp8ZbId_!=|CofyY;it2P^H_=K&iNO>-)xKSIo~>QJCccxD_~ z>-h>TadjrY3{{v9vu*j#x$5{L4VJ$>#UI7d z`>R{NEx$tX0c(rjwD;-Ff%9sPKF7W4_w=Wqz2nH8#~gYXe?60Q|DQ)6^X-1bA%4J~ zy(<#CRyLAW#`&tvn#0kjk`>|g(o^JbQf($wm4m|)o=57VcZR&@Z-w4z`z#n@hZ*eS z&GgapU#Z1DfURej38!&xLrrTA`@^1uSKDZhshMtVu38tdHhFxX^B5aso3ic22aEPv zTkC%9eUD9#mf?1gzXAiH8d#wrge7euN_@z&zg$uvzlXb$g zhu@txp4$+9HLt|RyUxUrz2Ml&V9t5P?DMqd^m*=na(s-|MNT?CMx`sv7xu#Ue%fFh zZ;&$4@V)%8#rMBgn#LGp z4P#rYWMB^RWGdqjd*IvWAUmYDD*mSY+cqIPwsK~mc+>WQ^_7{NgR%I+;jndd&gvHS z?mrz9-kvV9@dfs1XDty)^o%}^MM6pCs$`ow`GF=TiNY>FLrFv(q?pd!Dp~e-bZ*JqfJ+%V}u7X zXZ;u)crt5;-erdSzfPKmkNI}I9$L>0jtdtC)6Gnc&H2z0et?7p4Y#h&GV(vKV!ygOIjTJdo-8D@8ocs~(0)=xEiAamiDz`}4V zu{~Oun^)C9zm=S|S7g$va=HI!+GO`9Y&Fq^=yY1&TTHt(=ZK7B{9$erLyr|cUWW%* zL$>>`u#v3uY(YtAOMYLrZ@DvAQ%|yoC)6n38kUZ2Na@}_9?g+Llq)@R0{6nP)!X2C z>1}hs!RngDE!Za4DGn-oJqr&}*GA}miKY9rs&1F=9i1l4()|*b?)7ddeW?ew%p)w1 zP~Z9v;uf*bRlX;!iSLCAtxTiNlZt~v>>@)S?U>A*E{}1$h;J2t!jUmI+H-oB^f_`@ zZ61_^<^!VDwIksz27LT@OAse2j(*A7Q|kw@r(6CCUv2p-!nhhE-qYH-?wD)i@ITga zqtej_SCMWsMt=x?#2!CW>FBg8Nq>g2uHaWAe!cS=M?Y}aBE=(hwEG5^M?87-gdHD- z^yyXLz69Rb&$v)>vZl3;t8@|hht<0NALaPlYAltk+7F&8;gwE&C;j%iN5B)l%IHa< zD$j1_$fuCS(;OF1dMA4w{Jzf9)6$>^=xLpJWfi=lIVAJz)^c!J3O=;PnRw6?*5NO2 z>9@i}pR>LYjBV)XjLWTw2g8MBw3Gkn!@?~%&^Qo7&WWBULeHuB?kAtc6Exoza?XRr zSEuzF_C)A=%`*bXXpKqmh}9=+ppA&-sbEztJmvqsNn`crCPa&|EB~y>p&4&%$ORV~ z8@}Pg$Emu2JwN8=-LriC@~f1i8Ro%dDm|F6(3snmDPg z2Q|)yr&``yia*|BWP;Z69{n+}+h0On=75~J)p;9o-_1+x&DN#lI}SZe!M->ZJJu`k z?JMB(*4pWu|JlvihnaSd-(Z?O12MDlHuns~rNmO}e#R7*vqmkO%01z5{|VN^s|@GN ze4KM&?m{lzg%4(?**%(bJo7(kc2{NZ+wi$ZgB$N*Cio_K zRt#PE0UJfQB{T;f4vlSIf4&0?=9T>;!K3?`aG_x0!Q;eS&dcF@`Nw=Y5Ny0Q=*Yfl z!O_j_%dfgV#yio!#$m}wUEiEVe>a-KtH{d&%5K5q9@f<@{EBBN=41aN&Hz$dy%p)p=>r zDxNuaXhs#d=>3f8e{+AZaG(@iPUN|Q=Ymk-K$T;EdYW^O?qSTUx|B7Mz^LAr(H->N z9m3)Ad#}HbZ(ikE75GSl&MUeVyxv3X-CMbz8Zj?6L06=n%V^(SqCI#pce478 zpC#@5$oJ9B;YVatRvdoMhu=%#_dpKkE|Rwdp6`GjtI+`h#CZ|_%GM=a(-3QMwa((@ zz6rmS5@cN^V_Fg#UUDh+5#ob(-W7gW>vqp(m>C-Tiq{1SndhFAAH$Amjvqsu{Q2ZB zxitJ#^|-*P1TjrRvFvE%(np`tI%JYEl11wtW^D7!YR z=I9yjbETKT2YJ|3UcZU?AiPG5p4QFSdc)EM(q>rSw3k_9j%^ATp3BupS95i_{Yr;7 zv$;~%5wnu>#W)xGhf0S&LtHPPW1fDV^4e71S9p(Z@k8noZ!31+34D)`vk%vk$Ch#9 z4YrJLsf=mi{?mMKWS_bH64D=Sc~+eO5KhL!) z@L?;*zsVZ)32fGaC2PHZm+U@)jau?seebQJKI-k&c!Eq*{W)fIZ~0FK7W955-2c{o z&c0(@s|t*@^^*5GeRD5k&Yr;N-X3_Rw}N~HCByPfLl#saZ=_pPU1v7l!I<_F#+%r5 zV2y4XL#~TIdnW;x>G0X#G4^=lW-t1s`Z1Pq^LfV2=cxm`!wii*dCkHT@;e$bb{V(WT z{954f!63i>Qt9yPWn6Q8{Q8>G;n$0}UJGyRrMxn|@B5%#hkWfu`+U-@#Qr+^v6i3k zto~_k5HE4oBrpCWWn@B2_>1Jjtz8Zwb6X-zkB+uw&LFib%1<4YvCt+J8P4)rZt3CQw{#_w> zmi30-Rjl*K{xH}dXhmzRA5)#ohp?}**Coten83zZf$1MZdzO0bQQvuAY689G(3Hxy zV+L|AnJg~E?pe5)7_fQhMw;KpIg=+&+_nI7oS734Lrr z|L=r{x7E~dh%vs_8iS7`@yPjBbeNzo@=>Zb!3W~NPyU{=m1$j3e#HrJtT{@gulkto zl_q~Vi&t>3G6ZME;9)J=%Bm!=x9_2e1T>*_oC>~Aa{mbTWrEXZ@h62JvVHs@yTzye zKp)_Rk>Z2TxAu!6d+HYHEUcG=Sue@TExSA>o$Vs%5Zc*_JwWk~D#6nn>^$E*Ot}|< zJLt*#&dVcx-x>d1TfqC|Q(w1HXMNLj;<^&Y5+3g2`5`TeR-r~2}Yn)20>k9g5^*pV6(KdZ+;ZJ|CU)txbw7sHiy1U<+ zbt_`S4X#*zA<5jPH*EBsE zbmM@K$NqWtv24~o|8j25pe;sgc6(V{il588i!%Nt$XH>_3qSDE@CC4ND{<)txCv(4 zT$pL^j4JTTSDbSH{%HBp$leu%URL4PRg%SAm~#jA(vDD?{K0ug9p$8#Djhs0E^u_G zyJ$;X{E6%Joro*;k=a~K1S%(v=4cPKZ(YYL=k;NwyaklkVO-DXV*NC zJBcFt%($Z%aYKCV_$gGF?Dh!1E_@s(pL+CI#@WXk@bhTgf}KUSFpZ@NaKhTy_<5{7 z?x6iWto@gAHthUeYd16ilOE1^JxE-;gJ;$@+`<{IMew5Jj`sB&2bZ0UE%}tKb?yfG zj?N(aGv(4QjjhO^PUO4FJ`V042fhbQcH`r~x71|!Cf*rX01n4b`YW)0#DjI6(>JXf zzA73JO;D$3;(R>|KG4!c=pq+dvT*XX$F8x_hBv@_40*8+e8e~-LptuS#cEAkgX*KdPkzmP2j_OKombzNVF$(E($e}q=(iZW z=6b$UZa(!{{&QZR)z5Fc{nWaj`sMw3^gBN#o?L*wEQYT&CgoEvb-f_?-|pe*BK&!2 zqtZ%!X~G@$fc~)h&Ue@$Uno-F$ge&vNX-jef~0$Xb76SK@+tFq_}lvMRv@n{%oN7M z7;}1O|KDJmou`{YJBj@CG{5l5kUharreGm`3OO%1a59hc7z=#+2?x{c9Ni4Ynk&U; zD0O@hJpa*!=dSmG=T6q`{p*Q>=Vo|S@DyDLm;0dw!M2or8j6=GSX%f1t6X3xeI*}w zDyHJFHbCFO6gb|Z`KZ1Fp0@ArBj>($V)&ZmuyWlopup{$#$S&6F9A?^phO z>+e1k|K92VjO*gr2>n#;lo>R;CF=bd?ihS_f3j+gbI|UYl-$M+!9;;y9 zfozWz1nipL=haV@nf~7PTt->``aUs2eY@QHWP=qyI`DPmup@hNqoujwQ}dV)$B|QZ zZI$ssvZ(}KD#L!IdCVf#m~!B?!%^Cg{3?UbV~i6z|4dh4YUe+_JVO`jOrNvY;YRS5 zkM6V&o-85GYK0qTm9^Bvtj%#w=5Sy7i7CGHv*AxKhLmi1@(c6U<|Ic#^lK~lWX-Z) zcA90#<|OUW{S&lByjukfzvR-PM}Lm~G$h|k&_gvwxC8 zb5-tjl>2`4m&!k)v0{xI@T`0)ER8^qxxmv;^U^(3_DBB;eUDWBd8y@_E2CNOQ~niy zrF>_9_t5;s(mmz<-@xS+th0K!3^7I~(Y=Jf|I*qiy8JNsknVpLtbTve48}w9@T+~< ze*IPBcR%G>nn#w&4>gij*Pahem*a~X@)OJ#JFMakvEcUTNq>Xt^fP)q|ksJOOaP4^f|&etKcct&W}Wt#&ZQYsN}i6 zP3Jz_INZeTP`rEeTE-j3X`W5L^mJ!jCSLRPj&3`LbX!)9$}-ID-1bqH?q$N*kEGStlHo$u=L@ZDhCfHsP9KbS8R}qu+RvK2 zox6E$`UK^Resh=)#<1lKqmu&1o;F8xQNUiJ6!~=A((jOe&?a&4y(!L8q6DwEGsh&tZSeC}_R{U1<(y z8gFCG9{h8b%H(J*{R*5NaK>fVzel+G)7$20e|+L8?C6aNIRl{;kL z3H7qTzF;t}0&Uiwh4M7`OZ*5QmNJ)4GMA3D)osw8{xEzOuyMaGi?;3so_v#=g^ak0 zbLic2b@qw&T6O{xr7hm-yjwz@%uRM{|I0SczmR>7zS=WLS5fXA@TgZ#nfpy8?d=3k zUBIWC{3>r5<>i~o-o&B5XB^rZe`g?I=J5;j^ZrD~0nVu^BEBs6M;&#}sl)DZB*J-#k`EgD zwZ|G=dUqb@)CJjdAG!L`V|mNU`y{vZO&;UB&S%cSmZQF@+VB`o)(9 zo?$OQe-nFMjq?6KHP}_Ms+A3dFh;`RKVVZ3h0_MuiDvP++JporO>?A zrgfH5ZkV`P;+3+?qR)>`@h3*MO12FA&Y@ibr)cglzGm4Fy?XFIPFx6odBLzg}HEM>7C*Msk((i9)!ImWxJ;;DAu;S||3 zZZrM!_tTEK@X&3@gW1X#9?WNXHdJiou)li{rhOn_zHsY#wHrEtUoT}syrdX6T`o zpO`oMo)3(%YvuMC9b3;oao5V94`jVoI^&LBjk$4T>xo(H!@+;;t!c)>PcZz;zaWc& zO#(TYgbt1)>)x6Mtn8VkV~N}KP|JMg1YO9|9PCcw`-8@`cher7tstK_@HP0{!(5#_ zGx164&kl6;vCq>vPhQXTRnOV3A65o%_1Epki`wDA?*#Us4tQI*+X5`CEP*ceVpBap zU3y;juLIBczc;`Mnw@z*xL3OJ#Gsb|GAu5iT=}TcmzqNnn=f};&H5U~eJiiMxL?q* zCx>r$X<2gk6D~cQV8HYtgR{7bo(VE;{p;Ag2Tfl%Xw!`^a%70wfS$Fh0vq<-`1l>f zxA71>)dMWOy|ORU=HKAkxYYVKW>o1c2+@h-gPLJ|8#%Yo`d;hZa&&HN*+(kyWvr0j zFL|-uAL-^f$usk**8P6}-=|DrMxbw2>@$qDRrHUxB}&Dw>CM82>XHnwaHwLJD@WX&u4G{!%O?#g^$->U2-fZ zFz!?ju@{bW{_Y9Zgl-FDwZ9n}-JW&!%MIC_=lv$HXA2cFrA9PrMf zU>vhFVrk$roQDa`$E%=uXqtEw?eaM++c%^O;*-#Sz4(InemFdjtf>x+?S1mk0}H-Q z+kblYjjWxF7vu05dpmG-!%6(aPU34I{`%c*27ge=e=~ku268i>eO&l$oq~?1=O5XS z6AYYs@Y+oqejm8N`U?J@@17bvw()}C1&!6C!lzcDU!6qubRmo0#-}*JcwM~W!9Mwy zrvHJqp;Ivy&XP>S|C;qv=J5CzcfmJ`^P%}^9)6P2C)IDS@83|rwmLqlkNlDQYDfR} z-oNuCu%S%mhgnI=lI^(Cq&0R{v))eJpU215ZSd+_y{zK;kDEyif>(SI@GPY*z_kND z?JRQSY!B@^j(idBdyz3(6PJAX9d(>U-UuGr>lq7Ofc^KumRtUetj6y#j;t)Q_gUQk z@0Nx3-Z{(orosDQ^9|hFw!6IQ*@!!UPbYoXIP_0%4e3y_hj@DnJL%i`E-$b1=~B{K z2FEA6J~O1h+j&JbvB0WBI|rcA5Lqi~uCsfTEl#L2k#y%6ycfPScRcwfZJ_R9`k>e5 z3TF;6-QUg%d={LxsX2q~ktISF0!F!NJTYy#liY0wom&t%9^nML|bP%04x$KHQ5bi#C)u_S*;J35`yFj^a%hTKs>mTz` zZ|$O0wBYs8rN_fgKgWA?I7ojf_5`a-(wDSAMtdzby~vC??d8}w|0g(TKeOPV{@3ST z9j!+eYc2VT%J6#m9d z_GZeaAp9(=&}tPK?InZf;; z%$PTQ$EwlTlQ|B7|Nnxl^sYoyDCV;sF(wk6qbo8W29uQf*~rwqnD z*8ZI54(eKs4yAZ~UCBsc7e1-PotRNg?Ct7HO~3YQEW@Udd0l4XQhbF~XE*z?r5j|P z-IO(xvbwt?g-dB?4}RT;vH2~by>ZH4%=guwHLd3>5AS05eCOcvy=p3RnoFynn*0yu zWLE90Xkhu`6^r?1^AxjtGw~huUHsC=o|?=1ZgXKYzHIS-Vn=NC{Nds2^^0?{wc!u; z)eLx&e#y^0m**$2vDs&6S@f_7dM_voL>FnCAqIea*42k3?UUYB2h1!iph3Z+b2jr# z{PwKe%$;O?Xq4a4^V6eQ=#5$Eifb7sk3)B&QTYuF=2<*dc@FE{Wc1=uflT~wvU=wd zcZV|8Wz}9|-{+*8@3QWS9WHFwN>4D4xOMN8=&hQIYQ7kl8m;2~*1+h-TiJt=!=8tI zjA8T8!E-1ttF~r?%FVoH&4w6!*~EUAHT=5KIn|b;Z#(0Z){UeSPPlp1(R^aOu`laz z#hFKsRWQ~k*=MjHd?~+vX(z+$>(feF<}f!)0=q|mT^al&8ya?#brIIb{*ARv<-L;f z6O4oSv}!-~by~BM3{gF0)DxGz^C+?rIhaHz;T)fKm05{Bw;o({$~WF!cX}N9e4N;X z2aR*~*yD^fx_^Ao4}XYOJ^Tp1$F)`tPpLh~&vo(*zmhTR5an6?l}(NInB#p}==&PO z2Gb~CX+3WF`d)Imb2L1O-!t~j)(4*le$){Unf4g?FvLQ=B?tWq8d2SO*QGh>W@D_F`fW z;kQy)Pv5+~3tCGg?$7W&3$#NvzP0F2`@l;G{OP-Gd?($0iRoYuW?JJld~2WiUeD}} zw0j<=ksc}=`J0LF^UdX?mu8s<_A-WsnnwQi1MlK_qnwz1Noa1^d4E?Yu4n%UTZO#XQo+GkRT^t;S)7fQ2mP0O z_@}MI;&STQ#Xm7JEKc@(H1u;vZ*yasE6xgf>IwX!zB-jNnb>2HdMaAsj$c)y%{?Pg*GtwIIb7X&DzV-)N+xoHz#r?-kdgGLI^ICT(v%TA7H{=8| zt!kmQY3xdG{g**>BOPw2BFVevR8R zXs@2jXvcPA+Lsvfg3>3Go@8u`BNsavvvsCsLUaH>fAj~8`7VD}U+(ayc&&rBdwY*4 zYo_8Ll@n_R1lwoiQiNx%>4auk-|r*l;`8kq;52*$BugJ)Ezn4JZ~BOhlQ>D~$Z*Xw z4eg6x`eRXWJx?f7a1%o(#s=~X6 z8_iXI@!}AEE*b$ptc6;+CZDxo_|fzG;Ag%MKhhKA`*yqVf=t(aE<7&X#ovC74W2EL z17QdG#oaGGesVBiuIA_cdHgcP+8>72O9!fnMb5k=h)Ez~W<`l5)UUNo`FzAm99zTB zdxp=u{dIrPSGV?`rq=het#4@kBb*71fqU_2@n~=e-X#Y<{{*rTdoX>~nLrK^D=zo_dJ3TUhyZBIMlOZoc!$ znd5&M(uF?1EMUU?7V`7|dGda__2(Uuzw$HH`gH)D1>yT5?rYIq^0{XWu(pnT{89^e zF5y`|s)KpB58~&O25sf?UitJ~gq;97cW@PQeYxRfYezuV=R#kyWh=jIVA=G$O*pK{ zuxE^1Be)><9|A7GoijO|GZdyN9ooBut4;57_AyOTI`*v#bXER&Id)H&@S`zgte5{z zC%?XzzMaYSOVq9U!Q&Bgqt2&V*>Xt=+%>jT`e6P%*pP_qT_$v3;=pOjAbN^B9e?l3yzh{WCLVy43Bg5%T{hjRV?@Rvv zvexEbAMkv1n*Pk#d9LHfEV&@M^~Weun%0Qd{|-AHI;GY3&@)TeXPIP;sDrlF#PDT> z4_CvFo%B^@+_#4Od@K8<*3uH>DfSpjw+H!! z{h=xsnWXf2(70lpbdj$2116&?o9FSAqq;1w!Pjq5r|#p7`RYRndTaq}x|*|YhBswViJLctfeuuoz(miuD8;jVh zQ?hIK-`U5Qr*FD_)SB6Y_@qg$KEO3Bn*70sqnn9SJAVXvdb$f5bY<4PK6;vB&+{8v z|FZPNp1d*86L!YkG3elbqNl&S<)bHPB<#|Ve3Fyst?KiCJ?_#FI-#W@@>v>UpWrYW zVjS~mXfbOJ&q5>J(8?PovnmdqYy)?~rM{8V1J9{5KFS>`h zu;ynT9ea5Kk`d6S)k`Lu!eaCo3o~qimG~&sqbJHXGY9#q^(Mt|wQ(~@d*^rPlg$0R z{Bg#qjw0zl;@fcR0lrO^Krh(3lXJOZbCwP}2c1jlPFZQqJ(Lq{B8@zqZkf_?G_U@y z?Ayf1vvuHiiVSGo%AS0^xB3)z-L{BzApa!h5eMvg6^OwA`ol4FBB zUgwP2sc;?*E|j(x+~k?_t-q}86S$FFll?Rw{;=~emS0X<0l(Dpo}#=#+3D6f zIH!VlwVv4lk7+!r?;MgJ{x$Y{TpIJnW5*wMXg({t=mh?4vctM#irV4P&M#K~zvvV4 z7)!@1zJHLhB7{zw zHeUR!7}4p?ZU5oWh1%eKbDLZLOVqg?`hS)>4{_fO{daS({n5`-k9`mQ>wP!%cag?C z_&qo}MtK(gA&1`_o$N}hldVXBzx6u-2m3mP^MU-;{P16X*>L^L!Xo@pdp>vC8J*2> z%dsT7=Mrpe+llcr;V+wx;=9q?$r`=JHM@5bKjrPvhV2Ko1Ieh1c_*F3OWWbv6PB7T z>vpcH%Nq}Vl5}|bT%Sz!$d+_^`--TDk58N_Nr^tiU{aLO&v;DisgXjy6)hzpb3#-h4CjS>}^3%mFvTugdSC%^F{D5PHx4 zEY@O%jfb`^v@guJ205UyPjLm*jyPwqeo1g=%#)2Q6`v0YpX7-nv-9vPzv>0XK$S6E zFR-vVLJVlpR}Que+XvU?i~hUL+fQ+>8}mzT|151EX*_rQ{fG3Cj)nN?*IZ=Bt4#~c zspsgQ#(41&W7&~8wd_=UH)01jpO)MUrh!cI;3%7_H!) zH+Ft%JTO28hVV16I-yCo`!kZHJ)$zvwJjW}D?(jcs4Is2)4Q@Y&K~n}Vz5P2AL-Xn zmmdZl!0T&Q+qnQ|dS7Md0tc?8PGmzIn3-JXOg6*$Fdrp7k9EFX-1h8~}2ZNnP_11_z{M`ITN*V`SMA3rV-Fe@Mm zot@|L&wM+-ykyWCG+M*jux5)-g-HsAeBxW%3=x9y(w(zWxrTKfd>{TMLx=t#04 z#MwofA8Z6ROG>m>&Ay?9VJp{^R>53GwtL-|GZ%;h^HR=2T7}%p=UXQo_~Fl#pqvsH zcUpgv-qUII57}MQo1YRM$umJ^ag`mU6g!4wsL~eGk50;$jy(=~Kfqe>M*6jcvn=b8 z!!;&g$L<6^_CLmcD_mAEuh96|NqN@ajWV^KP`&Wx-URmKO8l=k>6}b-HQ7Wnm`@*K z95_tbS?urPTnXzlEWc^nhDMe1xt7oFhF{>NmsB zo8Uw2(v+k7%tGV{3EnC5)ITO$dd_7TpFl%X@EYPwfsZ}q6hC! z^l&QV#;2VqnKFKmCSpsG9aRoZOu|obJM$#1!+LnX0=#v7937790JucvE~mh~+H zU;Duqb0^|&2AjXYUY9tqOH^TJT^Q+of|!=ck5kWQ!u>V)?R75Yj6C)n?VyexVEx9z zdA%XleagUV4)@E57ruXCL}xYGwbu-Ex&3GA8p>FoN!}LjzngaldDp$Bq;M&HkZ;iU zX!pVM&F;PAoeI3Y`jubxs!rAQq_2OX>6g)W%2(XoS3qB@p&9sdfoz}ZU*3v}zS;C` zAAQ5-Lf-<-v(-1~Ee9G7Gp=<|ZY}UyO<%ffe{bo1f_N$2^tWlnm3?W{XXQ@Fi502y z0l|4o92yGp&d`rs&Nsw%Ju^1l^mij$yK63v_FzAIdE(&>oKJpg3O-HGai7I?6fo)~ zPgO1ZTpqrs?@jphEuNpRy(qesXYIui&h4HbY!T8~WgGOj;RN*DGaEniY4F{Zj_-K~ zysEaT4_+I*dc5-EmcK_e7X`9W*hKqorClGv@BgPfzs>!)G}CzA=|_)U zQ*NS9EqkCZYR+rSAH`ZG@#~hslLPoz?Z=LJ96QPHkYy*4H*tKeBW6^4JTQuL8G`LM z6RTz0nfivZU|Qp~>G%U7r!3vT!`tBHTE@!`Y!92jLq2#oM0$?N?5#nrw5^!f7X!Wr z;inir+Xr+-K76rPJUNQF(Yeh}aIb5%(!kXN_8sfv_}AZO?{ywZu(^tRa~3{;Hp-DL z@kQ9*z>Vml9J?rte9-i zoz4!#PG>_e-QX9SZtrc_?h@pePg%M0b4{R&eTI9r_hwx~^8081DEHlWL02pC`mW&n z81)I4aq0w?&2JzVC)4(Q$S&CkxjduV)>`h#puAY-*oQh=Xv2pW<+SKJI| zeu>YGZG+D6e6S^t`}fGWI&9)=9GlwBaoU?XB;fG4<>oghd zTfpZ~eQC|#ORW#S_z3mIC|_$VqR&Jrd=338_M7~)zJQ%Xdxo1>hqiLS-Ls^zTDWUD zL3{aDZPR!g$B+6~qzV5es-HesdZrA~lkE@pU3^o$aE={w^=%pSB|cfjJV-joHuz*C z{kofe9iU&@o8%wQYv@aoaw?cR>wE7fJEuWz$*0`5N#hXZ?t^Z(y6XyBpBRJ}GNg=l z6F<0rl?yM)y=5+}bZ>Dp7q~#%s#E(n%4pN~#ACqV0s0%n-*pvhy~t$taGF!ZN?P!J z_x*C-d;E4c_iC5sEqpJ$=rx?+wL25Iw6rt0Qr)^*(&2S82ZD z?n#cIlN7MFQmwTWU=V>`(06wa&g0y9ltB+O=v1fA!&i;Dtb=Q3jV?97y(Cuuzh2$fqzq8t~H-6ksWDNU+u81brz?b_&(PX1DFAIS` z)+*M^_gZ%AZty5M8G8oag5JII67Zwe(z+f(#~g1?oq!G*%XW3wT*!D@-gg|Hn40H| zsT#8?IG3{m{l14hS&W~fA1?2^JuBEgX3UuOC$q!-Uk-%(?=zzs_XN)At-HxAs5a;H z_TXC!3Q~BD^rvm{@~d9az?L?kqIZ z{!T#}^U|VU#2-PP0N=Zqt0x$5BJMX4zH#(`pu5K<&CcNyyRjo6-00ah~O)HS@!EZFiTsw7}XV z{+YGx7%^&o%bHx1*2a6Z#$DaAQ0dh53)0&rGpCg=9ew_!(vewT@$#=#jGO9~+m(J% zxPN_0`YlSo0DODt3!VI7(x=mw^PTn_F(*ewi;2&4gYs`gmnHv3-c5DhuQNAJrk<58 zH(belvG1N^8Y>I7ed^dDuAe&2H{e3D=F{A3pX46&pjV`CPB9CfdidVH2aS0_IEEQ6 zdh0W$|Mw4>{!>fQk7hAGLA$GS+c&Ux+MZwiY#`LwwTQ6`+B=+k2p{#pDFf|wgU`+2 zN_dQc#{|4k0{rIyd&O!L%qz#$Z|Izb4vzeb(~lzb4V~$w^O3uFFPglCcH8t0)|zLd zqf>q-GDp5qI^$NlXigxlH=8j`@APfL{We11rE{}Z6WvbU?eN%l4gO8fAb-J^=51Y! zTZ6pm@}KzgL_COBu8DmcZ-uL)jdzZGDtVXX~Fa2*WpEjnJe`+b? zCv|*F7B> zBK=piVHv-IB%(0}$$L~k}@El=`i13`KGW{1Sugbr8jJ5H6ROQ@{zCk%gbNrs^Ha7e9 zO0Np{KSugj`DQXd=`F?ZPpxcw+&g2fBO}GjlB)@LHbK2-@SV518f8b^^N2-b$)!Bc z7+KCruln7z;rPB#?Vw*z(+-O_7tiCAei!`(20`pZnwvM02Y3(4%1q_ClJh;hZ(W=R zlwJ_-pPQ2YF3+(XWWAT}%E~|T+(WxmpY*2$v@f452Dk-rc%T5-Rzl~Z@k(gD6WZQ} z9IEiq^WD&S>@LQ;0_5G52EEW3BZ!GgoZ@?q?d1ym2jy&R67|`A(4(5q%Gby0v*$FQ zj}L8}b3hWj%jDj#t4XiP|8MeU0+-R@{-3%&__DQl`dRAvh7t10Zk%I6y#>rQ=P>u2 zgw84(%O?Ef>zMC_vEAN`Jy>h=6M0w9JH@zR{}N|fI^RCQy`=|ttxV&d)!E_UhaH^K zw?aFHY!;j^3ir>_Rrq@PoM;|rO=-M|!Eod;J7>o%YG^*ie^j!ArdIRyyT9 z>6TY8Sl;#a?5Z_-z98Ix8CT)&A%3}{{m))xd20(JOdY_W3;3p?7uC7*s{`)*N_29QY@+By zxmvSfyzBsm6${fECvm@x>jjiOPkUSNc}oEA(lm1_4*vF`yRtsy*rKl-vPFy6r5E|} zYxh(je>KPK05^`0L#SEh-F${UjPCc9z(w=3J@i|4(MN#M67)W+XVETynIqM6Vycw~ z>r5H(($5XINM8|77eXV@&Y;X4qjc*2BkBHz37%!@6L%C3^u`~mJ$>FUlm z$(!l$rTnX)tMTGX*+TW_?N3%*4Zr`nM_)^TV-fsV4h+>N*_IRh)usJ5-N_E1 zW75wiGk@wflN)xdxT4Rqga0G(&Yf}2v4cBj2|wEMHTh8iU+KJG)x8hCI#0r*i}kz{ zk8EL#Smd^+lD34=Pt|VOBVHhn>=4!-0k3ob6Kjj$DjUQ;aIUbxQ~B=BM~dJ+$FCZRn;Aah~^>d8ZZw_W*H*v|p>1 z_gn9*!d4z?j@gF7UXbG|3I*2z`XF~1rBYD<^@qX!L;OQVfu-<;V9%5xeGj^X{W+1b{k_PPXp(<>i8 zBkND7_Z3SW-}gvvD5|y6ZhUhrFPAubAj_oh#xA%1RP_Zz^e;Re`Hh384YU#Z9)AQm z{W`zHp1gMHeJ5kNfBj!PH24Gl5#&)4yj7r+S0Do>PIPFu9+*dvy%Cuz7-v|0QsdzWM1a_H@e zT=n6-_UNJo;nR8eE0uDMvrZ=a^gwmyPIQxX5%v`(7d6 zr@h{>YofCKB=jQiuEjP|KxO~b)4fkv&z5ih@C06C`dIWsV-F@rc} znm6W<_7*taD0;iiS$AFxy=L)E5wd7Ld!{r#N?+4DPx@Ock1bxdq_1LJ7B>EHzvG`8 zYJMjajMk|A^o?`4@f)D;(EEk-U42r2yta1nzFRP$e$~6oS8oossj0L_W3=WP-SBCW zdeh!qc`UHJvM=pC>F@Z}QlC?IT63AdUU)VRfAx)iZ@sEhb*tV1;JL~jmkyiEcHu7z zJocO#*sZk*@7;d)o$Q>7E1-1+wYj{JdcfU%&!a0&r+>2;>(CLs?`n`yDpPXDORII$ zL@&aXg$KT4;I8l>Heuw~u7m8?Kg2%UZWFNk^#{|e?^~epkn8WH?~|FdXSCYn?AKrO zb?A|{XuU&l^y+2KW80#2ajkp3Nc->pSH@TT>U3ZEuap5yES`|N9-d?)7vAWLwOy;< z73w#1t-0|U*4Xu4=}RbYJ98`N-ne#bM@~H|pF+mzN4R=A@(S*y-#yMXZ!+&?J9Otm z^QHSz#~V}Zd>FrfXFgP-bn5*T>D%~bI=?2(hj!gy&s-|WA6b4p`D?z*q}`((`EknK z&$JF%_!WLy$G@1L|IeFmE@$rYmve{aOVS5QC`UTcKT_r#_*r!S4zymvz5KrI+~6Xu zVHEwsKR+0zn;_TbrnF1(iM%#=^*jE$L+cSG)cFW<$c`8Az5G%|3;0;HKRYJSuxd<@ zc+$va&NuTP-<&E>Q#i^=+}M%lYN8ho^JE&t~Xm3|Hk%?ZbsB zeK_j&!E66={007U?r{H@IPz7pIlwxiWbx|+$+1Ml*O-AuE*B(Z`WfkW~ zvjUQ7S?yDo6eGt*Rh`(?upxq89Jv&K$gzr{tv+Wr>@mTrEp4kdWYN!TWM@$zr&n`c z$@vcW7n^-+7c#q>eR=YuNf7Jh1TjFi5VJ6h{*~Zb%vJs@nrp~DFo$wB0kfBpNzxnS zPnDQn(<&Vo-e~NYRnsaTm(AS&NZ%oYG)MR)_eI9^%C;cbq3>Hhlq@M>Uw@pkMtT>c ze90E^^kuUdu4L+i8lCP34z^Aob`xk&kI-~bEa1yC8_H1p9NA+j^;aDBA ze>cP1C8q7y7311|-GRC;uD+IrEU3YbS!}#@XGae^ z-}9SFnG^VBgC_%|XU_Ds-|wHOb{4>sb{mo`xc%h4*em!h~vi^2DXD9`jefv zZ-e}bMp152VAP2+@Z8K?xfFjdt=mn*K5!5IM2m=9+G~Q1KW3hMD{*sG-{;QWa%@wc zIkk_n?s)ifeN`U_uOH2s)!z(EYq;&<5A}@#2Bm@Q6J=)x7HoBGazW-;vUg4#!5*iz z`y_Q(c|_ZeLLbr<;_$ZS{IZS7f1*1Fza`#lT}}O;Egb`1-GiP5&o9uk>}Gl=97_gT z9|+6a>CIRF2|ozR^}O2`Ub5@;(mSPdRRCM@h2)!b5QkqK`cgY8X~!nnm$2)~4^1|v1MZsicIuZu zr~GVW>s3Fr9{L+%#N}Xz4P*Oo`f|&$J+!SH+UjB)IEWu>cE^|2zcM46Z#kEXe)WW| zXnvgb9^zj8)wrl{!=JkAnEW=N^#$F~S`WN%0>0SEoN`Jat9d8B9ozXXo4NWoNn0M6 z(x5cQUNwsOkw-JkEfx0_noI91j;fB|xU?0A21S$pzP}$#L_@!k-;=e0J=*fR?zPtC z+D3ONo)v8ueZ6M$X^;P-Ew2uK^I%K6d;c<5^-=UEnV9a<-cldkd3Mr4`a_4b@ki}` z`62yIdQbs-XsUtL7T}Kk;Zzgzp*f7#TDMruyFC{d_m-i*2^aa`B8Uw=4|$0X#`?X; zLi{0{18xjP?MHFO21h2YLMEn>A3VIKZ;EaHG@IXnn==lmKVG@|zSdW+KVJrZZF!pa zUOcCFD>j^3%G7g$Zz8T-E~d^P^g#M+vO5Ji6T> z@XH~-mMuVM@d~D%zM1`h0iMMsui@{3XRVvx52umf>6JSy-`@excqq^gu4&uI@GS7b zGxvSqdCOmc=lqoOLoGeR!^7wln5WWbjZ2>zuRJ;`p15~Iu5Zi@Fy@v+D_4#{qal~3 z7xRs16}oBge{1;G4>z?ZAKoa1CxX-+#HYy8x2-e0-k(=?1Iz#TP?b=B26@|j?aH8R zopGrB52es`lD*lhpljN}{s`$C4lk8M*CFUy?USAo_LUK&4Edi9uUGc=M_YbKz0R2S zXv_Dx_hg5k&SSqAPUl~9>D-ealJi0MUE`?c_0q8|AJYF(=nH~JI`+~f#=KC0T$SI- zv*=L=(W4GBPXUkL-Dg(eJCV_Q;Ocs7qua_mouj39Vam{aV=-so7WEDX3>3fG`AJa^jQL#t<0X1)n7k zdc%n(8%rUKjXTi%5$cU&dpSw_bX5#vU3Ko&-_xERSKsKw9&w3aMxC3X5&Z9(Cs8l< zwG*=0H|#K(jjW0CZPtkZYa7~+0R6Nd zMAwa<9oYQ_bCP}NTZhRnU-9%ndh>I(k69=7(#KcG@5!&_)*d^wpQi}_p6`v!G`J`hH-tWk4&XODUEPD0$Aq0&lLj}zh0|UD&XuswRTJ-8JcV$I7^>-1c>2ByzdHU#cHFT!F9ilzmv?ob> zcDVP78&za7dym7*6X7rUHfdd@!<`@01Iq&w4{SJyJ^29N)bsr&%@3ffZQREwKhp6f zty8s2cXjmnn)Tj2@ub?j!Oz6M4D23&&R2oA9?Conez1);un+D9t*g|~Chr@M_jGmp zE8bh5&QEak`n=EWv*gMf^ilLAK2@JL@w}PmZuF#Xx33-4kpwQ11N&)v7kz|B+g~DG z=h%7h>49%$lU)u>2Iy;oaz^?_G0w&Fzvb$Tt!cLZMa;Q0A4Vqv4o;f?y}y4RJx&3h z!|Y$^j+!gTpFuSFD(moCC(%41evzYpU4~Dym3tva|4gN$oj)Hg+XQE?zU&nGm#sy6 z&$Gts_{_KP8PeZ0*Dj?^aoQOe&)Pip_uMvo zZr`omIpFF$Mr-uD&$s7EUg)b=b(XtzYR}?G^*u3CeOcyI8TAoE^sm=j>D1eI=}>=F z?;N+@!T5HretJA*zqjVN$=T2V^B&E0(>NDfG2I?#Kkwblfmq8Z6dd(yVjrYw%a8us z|8n-a2gsX8-hA?|!gs^uY&zN$Y&snWUwPmw`7Chwb>oLB1Ezf%99Ij_w9WZls#E1FNQ`SbqMbMN@`>F$*WHg=!+#Ic^_Ge_r{rqh|x z%#H7Izli$*_7|_ZfOBQWWMZFxTI%W{4uJeJ^K?IsxjpHU z|LPaAr$49Goa$jtSxtI?^yARYDEjaa<)w2Tdj~e7E_fjo4mSZ`&3y#dByf;lWGC}; ztz~utAHhKLAWMUu&4Kon)4qAMZ@_KeJlnnu+rD|UZ;!8i^W64jv6p+3+rIg~$&_>ONml!U`#tdv8PNpr&>nu$h$YL_ zT`vo}`-pRW`-wd|T>~6dzaLIX;?O*RPnv;#a_ILfw0G*mWqno5QLFJ04ueb9t}jZs z_8#?}@{Wk^A5?kBM1Oe+^bVEzS;}N>J6g&*zsj73J?Hin_w;QFjJ9Qdo-zf~k-oh{ zK5~LL^j8f1P2xH1+czBW@%Erj3GH;y#?JkYPsF^R4VS@#XNv3(7Y3+%P#)X))Q~=+ z{%xjzdFF%S2ao$^a|{_&W3diVRt>*dhDKi&$mY^vlmeO?e_4MJr=vq$p6 z*V#C=Inc2D9i%@mWgHFEFqg(|Ub6BL>?g!0hi@k>tLWQ?euRCTGs;7avOhk~?Cm}so;oAlJ~Q^E!`F}Vv(NBV(XxWRO=rx`P2w^7pU1b-|BBDJ=PP>ppXN#Q^+~s{ ztTnc(zpeB)HagrY-+6D0^5|t}N`KX6k6!Yi7xq2B2hU?&JPV)s@ELKwr;dnkaIHCx zhwlVq;s1p1KR@W;`|GYuQd@-YC#g^O`g!)LaWuWPXp5#y>g-j41?S@JFDpnUmY#Q2>9 z4Qb8lXXt6t*ShA0TMtrhcPL}(fJ=w$VQGzhlei1;%@+730^fug6Jy_T_+~qBjDHh4 z5iOR4TO-h70cS2&fQy1<`F-$UV?Okjqz#I%kq^yz@Qr_T)%5@Ts5_4dWjHY?B&N0u>`s=lyr!q{SQa;1Y4iwAgF z^APx`KOde?PIGYruMgscG498FZ~Gf^b##~4*N*_#9|8vtu0L|&>cR6ka?CH^92(9M z4Ih?oiRiHDNDX#|oZinN`}HiF(DnyMB9m_Nm^} z2hD``M<%R3y79u@r)U5Ar>7r@ojHBTOnBw+%0nApUYWV^*>(7g2C`lef4n&6z=kEy zq;1SG>AjshoH#?w$&PMk|GDIe^pYfdj7F!-kNvb$@9U$^qf!4(?GIW0mJRF=`_qT> z_a5kVKYERLye<$uQR4CVD9hsw^y}8eoEyfv(5BF+-X`eInRm%QW)wWiUQNF1f|jMH z%J(FjUyxt_bLMI3Y<5mg9#39e^gU=Eo}Y(|weuX_4deHA;*vmjf5d+|27h_@wlc0M zKl;5d3_R0Co;R2;1SC86BQy4d(Zle+qkYNmX&x6on`g?u5#g72arx!BlglnIGv;hL zbS3&)3|)<)ZTc=w{#^10#@%Q0<&v*J^v9Sa`b(|!`d4d z1I2@v`|x6YH<9086%E2?{x!M)Yrg(x$vUe8;9tYO#=`yRC9}~>f>tjHR3%-#WP;U8 z0#+{}mXOs;^iFe0e|a9gr_T3QfoJdRrOmT7j^7Z)M&{UITv<{hKfMFvqP3h!u;G%S zzN&v+uQ|N+e)GMTt^IXK|5Cq#;h>c>r5BqA%D|g9N7lN{$6hc`gRfcWIX13~e@ye= zd$Unv>X-7A5Z6y~zJ$1bUYZA2{7DMaIGa#&E%Eh6;5*5} zH?67*7-mB!-aAMCOS5pEf#QDFAc&tD=+7LCpZXH?@(y#ta7g=pihiN;Qp?hL-+uUbv?v@s>f%V_ zitA4~IG$u%{0zkx6@CKXN4gF%iY-j7{sSH60Wa(VGli!ui_FPL?oGrziuYl=Xw-aW zSUUa~N-uH!G2pw`>^FvQkn7bZ(EB8|61(OM{Jiu0n0u~^Fc*@IMs^d?Mgn~*N8qlxnQU)C=EJuA_`cHqR`mDlLc~qb z9Jd7D9}BY*XAJS*Yd$x?dviOwCF9t0m)pGyN6e9H?7podxzIi1*T=YC!&+M#@5^M5 zSurNMm-v83E*{P&m%2DejYoIf+Czr;BMgorjOW|vTRr`(1y=Sxe3SK+Dq`HpreAfr zrqPqf(CIL{>1(uGv?bjCH!$uhzH^{8?e(}BxzXm$tYxOPO(GjPNeosAyy5cgXWbxDeSqGe%kmd1KSCZ@`B|)D@^9 zZ8~vCnA7E~9JkY}%i}rXgbD8B8VJ2Fg4vbRuGx;s}&!Z_nm6mpXY%J~kx7Nw&#}ByH z$S2C(qxibgfx&$#=|`1L|K%I}Q}3O-Pmx2tp8gT#Yk$|*QtCON@2F>s_l;Z6kCaY5 zIDR?xyJh_+&)=ks7`PCO^UA{gdy#QD$jut~U-RpCzsr1r_xZdp;l1R6a3*|7H#rxa zjiW86$Tu(m?GI$^3_$yNhCR8^1M=G1K=Dn(p2f59J{w-BKxc!7xBk>TeGhHu=eO2v zi=nO@U@O@B;ok%NEj}qrvS1khgWKOymY?_6`e=U`{nI!9{G=FqE`h(o(6;LH`uF;` zUHS<*JSX~5d$q1MtUSw4L-CZYZ2~&*xBW8F4syUxJ0GII&QF1?UjEChW7Z`#h!p zODEI!LHD|f_od{EaFsu*zbt5do%unI-3Pomr4Rlw{KTu^240NAm);mIpE(bH$E|)b zq|bOdTn_W8B=IY>mgV@E%WlIard&j`<9O5Y+}AI!Uv%am}+n9G~ zZ;aOXo4EJGyPoGw;N~81EnC7CuB$0`342qtM+RR~WPI8%9I1`|GDHu`^QqSzyOP#I zKgqp#&JT-6eXvL!UzexA!_$Yb2R~D${mIBAY~I>DX^C-su%*A) zxLL^Vg3IxnW$aug8!hm$c8FP=V+bsmU-o0q1{R!g&Hk-==tX;fI-y~~po96NbRw;J zDNXdJ@9yTia_o_U!BqOcg&2pKz~Im_{3+2rbmm?+-|Bsc@0BJSOlAgaZ2W@6J4~bA zL*tA~pJ}~Q*vD{STw3EA_|R+H-EJL|i8HP8rx??IklzXRUUi>oXjo%18x3@-IY*Mc z4pZ5Wh(B-d{Jl?TU*~IGvq1I$re}@>b%4d(2)_3Ltcdu`1qxw`v{{nm~ zIaI)!qwFzSr+busXf95Dz{~Vb!LPNA_Gh{8{}=BMp?gNy3t_19rDeH&`tE+xMY9uW zXDKkf4gTa@iv^W@Cpa#pPS)h3MXXyM#)ow({p;q3bN*|+q0#MAXzP@-jSVlGZ1_8^ zcNzNT9J{WS);s6t4I6aMq53%Y?3#wXz@x}y_vW&uw2HJ?D7*O_(Hpey?`JV>(tJYt zredh5EpzbIs6_UKdmcGf$=am+sI+J9Ppkp!TggB1m0+ZCUUb)kJtKi`sQYEy%STmh zG|)so^~)~!J7l5qE1$|yo+T~~sqeY;eGl*~U|xlPYWsHj-2)F21GZgfho^scHG8fD z?cJoSuUV9vNnhLO>n)@U$5)cpb>?yWRMOZ7Y`@vF}N%r&O5%#-b|K69z+LB3tfbqc@9_BpNjBV2_C z!D5=5mdAA*zjOIr&TkUGiTorhM{&*Omt~*Rn=`n6_k+CCeDeCyHU`tL&?z+b+|SkO zbgr&*|&Bk7<4=8>i~G zZ6L3?4|_XTyGIUtyN!zr9aJNmmN5nl<^_lUa4&hGBdy2F4wHnoN|Dt%8(#j}I)A8? z?~0M{TmKJhX9FK)b>;s%GkHT$Q9)6xnMsfrZC5R?Bi2k_6sWdZOSf*dC1F6Y*sip; zYDJllpuBCHLAt24CA6xIa@F6Qz&Q)l-vZ&VJp>Ois<8mMM%e4Ex} z$R|D7rS(~S-=!RL$WPJ8BHp=1;{nb^M>S!S470v1x~_o^tc@2gO&-S2VeL5HDd9W8 zRlz>#m|`sGO9ixU*9+XWana*8`odoPl*UbZM1;EWZS7KjBZKmnhq)GRO|?nZh97** z7|zF>jEtfVXI?o~pWggRb_`cCcNqS8<2TKYUsnI|#!X}7;ds``YH*e}Zz+77&looG z?4^yBHnvH0tg|%F23GNdg~8Qta_?2&b-sExQm=BVLLJwZFyojkE?VJKwhlS10O4Zof4YvA$g@ZGH;j!bjSlP3!&1i>Ba zL%Zsru{djO@{^ZyKNt3ryP@<%V=Xr^xH+ep4KvEgU?d>x`Vbi(e{4y2hK)# zL1!aqT>#BZy5mX>pl-U6fPEni&}J)a$-_S2XlT+ zNPD`9=BJT;qFM2gU|&x^O2C80PI^S8uP=X`r?pOa6k67E={ER}cNyN-buUf2HgBV1 zCh|rlBL#`QTh7BbDm&zwbCR{(w{YLdyeQn=kI%kQw(N>YHV@Xi;m|KQJAllh{D^tM z&HtlvcrG0>m!)}jg722`7gM~~+^g)FdrwfWV3U3+{O;ewH^{T6T|N*m=%2?AOLOc& z;Wq?bYzI%XPJa5edd0<2ANwYE^+%uiIrPbTM=yQm`{;8HaTr19C=WbswD~Jt-Pxsw z4dgM7Ba>>7NhY*tFEXh`GU@!BI0>&`EpESlnZw_?{lU*=&n%BX*Xy8b>8L^fIm5aK z<_hGBchUjtoFpDK_O74(TY8oWB^Cg+3S+`b5I`RL1-1HOdJ zkghTao~tP4#;#I17sP5_`^foIY)!Po0cQ zmFaw;9=?_QvG>Ry-B-EtX9W3tKEyNGu%g=lXLefJXI^O#uQLBwc@dsy*R$}IUp9+a zhbm$n>K267#EEr?=Y^IdC-*2OL~%3Qz(wHE#9m_S*Z6T_*GlPg2XRfB$5(hbG7gTm z2p7y_?}3M*{B87bv0{|P#TFkfa`7R5O9XtByZ8u$kJHfY3!+ou!_qPMaOu{{V_=^k zpMv^qTwJ^j9{l~lE=qkq2lmA-?0bNFKhM6F1N-6}*ad&D{ILE6pS_MO45BOB@qGO% zyEa-U8ck4+o*e={Y*l;h+4jQ!j6tzuwH_VTIewe4Z0sVBEST8`n~Y7k}aZM)X-Zs5XV(H196@XZel3h~I+5Nv84h z-uJ1V)wZ1VCY4t}iwV9nv?crxziAP+@9^b;aRVG5h}&)>c{)t^V|JZlEbZH|ai7Kh zn{U-m@1M87a5uR+{Od(t+j+E|KW z)ynpl&-dp4iIN$b4>bp(=nT>PruA0&MH|`oG3;mPpzv1&9VU&wr+iBL&`HY%RUJM| zZ0Yb%EMi~A@a12}?sod<=xG(aKZAFcVaIK<@$0dp>>0q0V!mPywr9@JmV8i`f0MnA z_&8L5200@e%4 z{W|V+b!nYT-{9lwJ(qqlben(G{z*-ypjomt|NR+7_WFJ2Jj&V3QBA}fH!)|u$e8PU z{f$I_*6%Kzi5a;0Xa}}olbct($qeQkl&Q&GoQ=78?p*3FTE62N@|6SgF7gW$eJJ+Y z)PNbk1e#hx`%hiDe^ODvY5ytC!_@Ut?s=G(E-8;TVUzCzKbuBR>mEH$XLuDY-!yta zxAocdgR@5ZDIbsaSH3jp`olIBh;a+E$7_Q-mc6(R6*Oy1ALSc#rK1PoEuGyb+LEoO z{Y#zXF_Uh0&#%$*fJ5V+;Q4Xl!u;dz?C-s|b^UAbE#In*Z`o_*vHxOg1J^p|;de6aeH0#(yqWRlsn29@Nd|34cU0R!cy8v+4jjxW-CKR-C2o0u za_Lcezl8ax3LSPWao%n8xd}dRLWfdroc-{b?3)wN@%2`p&9nBF=2DeAHWz! z3U94G9QPSh#-n4PjY+XOmf~u#?4<_yGOui=xAPa9IXTl!O0##?fzw z6e9m5^A+EA0-xqnwlD1K0#?me-m@2Ne+umwB0udI>K)D#pSYX;90DJQEI!yPZtEyI z{I-h^l{?=T+3z>I-|P7=SZiu#oM+^lqp=g5i*ll8%eAyitoTHaM+#%a!xFDEhc?8w z=kmM^`md!w>eo&)cp^H}5M8fR8P6Uu!+3Wgv3uEf=a`}i@Duin<9ldiZrsP5nV5`S zk(Ny&nY^$y&VHkf;G+z^PO|=C_Q}YvARGy%ZS;30u&hrUv}e?;2RFjW8`$*3X&s%4 zoSy-or0JiPX|6ph*!}lL`WbosYiRG}+3>n_|N1d@-_ddI)s~e9$jpvUJNp7EcDXX) zyaZ*~FD}h`Bmn8_I>A^@@Sm4OQ~0WxHIv6 zm)@#18}nS_S!M!!yR!6dU;DtQI{odd?ar3ECnmXVr?Kh$?H;B7lF^OW4=P{8c*{Oy zT`1bgIIE3%%Ie|M#n@C$*ieGKPdR+5^2M%grMa#Ldq8$yZoSfXJE&Ksiw|8(*JD4M)4$gXt*@!)EFX_+j$uPg=Nxzc&(7@J z-w}rn=ft9gzWK@H_d{0y$ogZw_2{k%=;4Xc?1^GO8}ca3e6KZe>1v93d)L!1w>$cc z{IVV6@MD{6lj~+V`!76Q#PjW!`e7nw<*olCc!Zz!zW~pJr-7$uhYv^pNAO54$yf69 zUx4QyP6N*ye+4{aa{Ps!??wDJc8=q7k*>&?J(n(C&??^8CS4%$p=2qs9-Y{5DpL%W z-b0`6E@5ngKArNXst37aWrRDvs(&W$cb&bUb+HMoS&wcvn{Oi6EM-;ZXvnU|hnlsY zS>rDK^GUZqUOrEo4<#pFZRRq@U|=G(j{KsLwrDbJOsZ|b@rjyy)7S=@^N_cx8+osj zxc80%GoJXy)X{h#*?y&IAG~O2ax1@)^iW^E*?`SAYmixrgHsHxSAWDLQs~F24Btyn zmONw~GSvef$QPUHVP2aim?kGui2!gght(nrBh?YX)}5|Qr0jjdxp(BK8`Cw#r1qbO z-%;ya?{F63z=vATB32|l1v@5W_6VM3L&^Wm+81#?&YIeSk6C}@Ab7ds29x@=^L>jM zd{wfXdHn<4Pv4OJ{u|tXp6}mrzHc$FJM;a?GkNbOliK06fBX5i{XgjYo3h`3k^4{Z z{hQ8v?dHaa)gRvBdyTQijbxRp2#D)rFGyY-tz_*vIQZ~pOM}_`zlz)P;^%sL3O7q< zko}k5VD1kihtp4*`!i!XPh|r+f=h`Ttqb_Z%Gj|A>-|o1enVcrSy$)YBa~u)yy6{7M0Fe@V#RXy7!(eQvU)zK2vT6!#__RI`O4hd1&WX=0W*I zE75f&Yr3GB#n41k?4slYz4Kzo#>BG+#oAE*cbs`L)MuX5e0Dwapyn|@pY?ppL~WbU zSG8pBw^+lZy?egR_$YQ?`-xYWtE%-o*j$z17ksCtGM?3%`|dj@8DJm6-5PgnX^-yS zVa$KUJ73_BIkLgLS&}SgY`*Lp_ZNTOH@@^}W!TyOMr_8rl_h=l$9Viy!Z@L;UX{QP z(6g{$b2WZ#$-rUstJ;|7l-GGE*P^XO|FCRt#k^;a1>gPovEb^1$0`=Y*z0-wqaDyj zDE9c?%CA0otTGW=(}|C4_|zqPPXro|>1=1^{R?v6!M)y9o#~tMx;rY_n^PK0c6LVG z{dXa|H%EFzcKl0hT$=}PN2S)!9op)FuHg4nnmVM@rOC^Hyhv#+YN|_H;;C5R_ypm4 z9kCUeo2slY|DRav&22;ZraO5q`6|6cvat&vNEvhJW%!`V$mvjm{;Al~F4|l?B(QuW z@eU6YD`oW(WDNQi=lvAfwd1D2iTgKQ6MOAM&)QqwGQ;Q9vKJvvz7gd(PV=68BQ_4( z^2dVKG<`XLiL>ruWfb%&--P&Id#nYU+V$F!t-OggcF@KfZX43&4xL3lP~i944KV+2 z8WOvIhnc_fEqt;gKa|)zm3MY?R*w3qeNCH>_l(e@5 z>{jWElBEuhI%6W5&^tE-7Oq?vD4ut?aP1TG0{Op~hrUkP-WBlJisbppe+tB+{|c|% z_F(MMf$yI{=R9NH@7+3wzb_s149i;s-*>csuS_&ve1W&AZt-ama|GE&I? zAMznf7ggT;=ZT@3$#d+ocJsO;=a=!FU&a-1-=^5Yhte(*3nXKu=hQ5&2 zbm1S*M@C(TjA~5etx4mb7aV!uM|o5gSJXwD`#Vi?|JkN{mEgoLS$xFIujRZ}(Z0s& z3zQ=_R$BZa$K-?Yo_)5TXULFO1HTD$d+&VGdB>UC-0zvb`mFDHI-wm`tz@e=#`o$S^gh8kj%)uId-LN`yZ{QJJslR-gD$kDj0J7tyYe?`kvLt(D&LIvjlY+>Vi%josD3av9ri4E~%#Gr^>DSnO3|j`$H~B~2xyOlqz}Bm-K^T>@{Mq*e_nqT$Kdye z_58|2e>&cUjXw3l_AB$QIf+55rS#l2@uPhcGl+1?%*jBE#opY!fxC00MRbysG6&O4}E>oi_{(`Psp<*x;T5#f}1}lULp^0rYwPSFlDlRnRZ)9Q@SeNRtt^Cf~89Wiat<)_3_#mrx#c?-MCKfQi6_g?Vc2fX;> zdSUe7o7NwEZGSs_|0y~FK7*~10X}%r=2zAn;)k(U*YLr36EMo}Efo4`RJe)XMh?-$ z8Sr5?C%AB{XBqIQ{Z5iwlIx!r49I-RP00kUNr-O6m&$eB!8_JQTFiT*>9O!2^vw9C zF5%lw=s~hj-)sNUw?Ea_zvR)zpI&iv6Vb^LuEl>I4fNs{{m8$cDLuuYPqBZTc|fw- zZ);?bwHf+wmEby0_L>=I`)vj!Wvk*Rw=vmch&dCDY*-1b%z2%_J@qB_{4md8b66T; zueasjzf)b{;&gT4ueNnH`05%@UC@?=Q)@IO*u@@f@&^llqyL+Fry*Ab<2QWu77ND9 z83%mM8jD)u1|#w_YdkgpFT8a%_;2L+G-I$gU3^%c1s?J2Mc$ZQ!I)8x#>{?89ohqU zna2K#)Ax6bWC3tZ_rcZuGjDvewwA{90pIxE=ez!z@A@n5xQlPaXW!dK`-QRYgpb!m z6COPrviz2fZ_xT!IyArau?dVNKGz4J3o8%V7l9umH51*WdbGPIBBtCNS|c^h4aE0! z;-iv25#c@NpYfq#PCP`g%_Nubyqa}v1KrsAkf*$d{u9_EScUVk;L_nqN4|P}_>$WP zf4)2qe#uh*TF~`(5Rb%Pdp&aqw8EHl2S&L2H0rW)`&Q~yu11eP{B=lPi5_mqfyaAS zzkYcjIXJTjA0j-BZMG5{O6!>TgvKQmk5mqfw$Clj9%ku^>!7I!dY62V&NX}DgnQb> zuDA1o=;xar3?XkGaG?0$Y~LI+3cm`xt8XQ5ES>W0LeVBVNe2H&uYOwT)FYVfSd))L z@1IJw+9PalX{>NZ<`E}tSx{qv@3VtgWJosoSF^L=STkF1p`!IP= zsJpxEe)MkUD)E?X!%qBz)|MtkrvOYSeFgW& zh%xcr_1-CtnWJYi56_0aUL5qTy)WMN^syJe`O9OIZ+z$2OW3;+pw zI5v63FOLm>=74>su`)69YM6H7*jO>zucm#qtFcnd{J+trrPJ*$oq{XTulQ}-R&YL0 zvOCtTHB4u;vi#=Ezgd3s;`HkmnpLA}Iq!fyKLddw2<*50;G28j_$T0d=3kG!_{u(O zt0Rk$7Z*1-vK|~{&l&ue&9P5e+yeXbMW`092nR41LF^UF#fIh>tcN*mp}UA?^M{nl>^%Y{lLb?oL*V+ zx8N@${)PU2(hq#6;17Mu#UJ{Y!^3xEVYFqp^aEp!561r~{yg|r^#flY{PhD{Sq^NM z_XFG2KG^;@_`9ng_)ftec3dw0&d-4{*bj{7_+b27@mJLke0}iO4{U$@d@ujnv3(=| zRN3;jYyo$!`rqL1;(p-E#oq>O?p*xs$bqr79~ig#V9dqeejTtMvm=^o>GY}5a(L^ zUcc`ldDh2mwC@s)@Rg7-4)bbL4Lb(>LU(=KlBV+cd+@hzPjg9 zx7I>W(XVpqZ&Uq0!KcgK?>)Ws59_!7GGF~S|Mm4BF?qvmOwhAl{cZijKgw7Cq`$KM zgw~w!jYrs1v&O66^bh~pzWT$bssGM?^aIuHwX=ve>{>1M!6MqOpzRKHs}kN(ypQ!) z$gZD+Pug5=^{UM64&QoZzt79^t?1x=>{;<_fAI)Tz8#;x6J52Un)AX!!NcpYO_i@f z{?@6+tO~GiwKim)%iu#TB|k1PKfU|)UzWW|e(ErP(tDNvR`GGcMw2|W)2u4tS9a=t zu7lNF^A5bTDkGhUeX;US1n?{DrOdC}$Fw$a>(zG6PxB!@&IWdb+w-IE^~p~4bGzHm z-O#1qo>aWO*QW^dS!~Sx#YHA6om6dlFchB*ZN`V$U5wpai|rktF9~q|j0Y3%TYt6> zhQD`V@c3)DJ&$KtuRpV%wx#ngCeK$BHrQhFe5q_PvG{93iRh+D#7Yy(P(W_!9kHR> zo7X+Z=CU%~`z8a6d`LVq;i1VtY3`Ve|D`dI#MV{5u_2p?$$pYLMiG0I!I!?1*!gYb z>|Vmy6m7jq=gy_(GB$5|uf>t%4Qc=a)~slDIp>1XFy_Fs>Me#onpA&;@X z>tvm5@hsvP!Rz{KjA9vEb^rt8kfM*{8^^(Otfz=}^MJ#<9!GmRH`D8f2m5~fng@jo z>e~$rW5DfzGYgi#O?_V!kK8}<_)novr#}OlOI)~Lpv*tkL(ub;&rEPV!ZXqLKtyzdHF+f@0s z-159w^m^7SA0F<|@lI%iz2eE8(1yx%7U524nezxOJs$-3hroGpV8G!FbQ7TMAb-e@ zA(pRQns^F04+_o&W^?g^0DnRL;J>i5ciGyBE`9Azu#V}2bw7AH0A4z1s|r{$jB_V# zvZwa&Hu&2c|0Lj_YWOD%|0LiaKQ6R)p^Ls8q#wfF+PrCp zzl7{vN*!y-H=r|tLigW!Jnzf_%bQ&~D!zZr@gm?qX!#9W7C!jHlgIM!`sV_p`K0K>_?8#8LdW)f@z%JXnpJa>le7rDvHv*w^Prg+fL}e{eG)v2ri+<#3&C$;wZrocZ4@>S zaA_jLTpprs@BKQ)Upj%}g?^`TmR`YpC*ISZo6Z1h_wc@AfAt+c)E4EBi_l&z?FnAd zkoC(U3;y_X)@#t~9olyMoTt04wsEXuk~PHgEcW4X?@!3b04&1)(K;s{>yVAd%ASv% zsS75G#%-5QnSJ#7ld$X@k-=$Bl_-LySecAk**?fP>PuNo&h}KQk8F`bFnzO9k zL7C=g!?;&7Uj~cNPv}Q2`|GvFnHj}Abvb_B@z5u+RR*0fOzyiN?`y3s27R6QocNXg zf(xx>G9iX8CcUjH=HxE&WZQj=t>$0vea&B@nY3+>yw{_U$N2p^ zZX<6HW0IzR`7! zYbZ--jXqt#npUiJJMaC7GH<_=#!&A|_HMidS;zOLEf!5PPpnWITF-x)HpqLX_5CL) zdzinWXR!a5Ux)4;oz#Er^_P6*w!g|B>-Be9j{Px{IbZXJ=0fp!O&Fgxbk(ykK)y`; zyT}BdkuP%~^bVaNzhsX{PT2jFmCpL&W3**qKweoL*&jDK8~D>F?Nc<>p|Bb4zXcg;LPM<_~UKnr%uYGXXNpx82kMXaPC%J!0t&Iz`fS@ z9QYhLA$nL1Oda6H&yP#VN#tMKsi5sj+AW11WMk)nqqXFJSjU{Mbt+qDrPJpSGDZ0y zW`8FZeQB_nKbLm|kM!5s-!aKME@nO~Dp=lBMa~cS?Iq$06(?E$82c)j>)A_7UVQeF zGA7s2j&vu@m$~f_tA>o$*N zoiDu%Ug3Y~0x@8#p|9=tX3Nx8oE$%0*noA&o63v%y*Mk2X7m1H%`c33?J!3k)wV%r zR@VtM>#UFIY6IEp$)j?3sTSR_96Zz_*VLw+qe{7Fjw%2?&7YmzU&puJcjCD)W2^UT zXfuy@&r)CXE_2}3yn6=sz4bBAjo_Vp$}(J+xbI!bd$~An6aT(2*6z=Lg*}zrA2C&z zTVKmA?xm}USG~2XKmFL@SMdnz1HHP4pFW-a*x9wm5yP~G>*&~;hqeDrcFkhOUG>+a zx4vY8^W)IP`XR@kZ#sV8%BJwPC$RmFHgW!6zR6#HJ!g==b+d||B+fj^RA!ns#+j+}vXVKu}&+nj}9c~>vXs3X@E>mcy$8G29w6o}}%5acscLo zShSuqV(^zVD8C_NW9fU}SnZK^XsH9blpOvZb*p?6b=|?YJKESk%3LCT7r*R-UUe># z`g&ktEc#REBv(G9t!+D?d5LdqiUYy_)h z?`3F1F+19;cYym}zlSW44UG;_t9wb@U+Mq)z*K;-ULNd>5E8@zIT$}rHzIWya*Kg$G z^n3bLd|A2l$iAm!9e7m# zb$x;ujgB(vhHi8BGUM-PIFPsqU(Nm($QfYw zmx39&G?Mx6dibXIeb+V`34e>vy!W@c@5`U*y&HlC#OE*aO!`?9an$>O7vE5Wd_%7? zULHJx?Naz(a6AHRk3d7hT`BNs&e65k){|~q9q1|<=Gpz|Eu(;Q6gJip?50NcU&!aP z7#uXg_p`C{(rfUi30JO+|E6%ahW*vNr@a{ZmA-y4w4bhIoVmXUSyT?5!_cdqOFs1Q zOns2<@D_fOt>o(P`m+laLpeCpzEt8?E=n$C z|M-}Ib522@a_Cg$OIx#F|0%fF_>k+! z_3MNj9hmpDZ?GocY!Q8rU=A3;c+X=0u3$IJmr$o{Lc#kka#pzO7w4D9x--l_uLF;V zckpWQEsDClcreX)rBW0a-m(5HFC-`v!*8UE8$6W&54!BuTuRocNSwWZN(PqL=IK9nW$_6>Fdt7P7YtM z9@V9P{+Kq|9*V2$=?QFx9vdnWc}c~bYVOy(kKD5{uK)Esu;RNRnA(|lw>$H$>htsm zDqwESu6N0%OjCz!Oxdhlw*f0D$E&Q=oc&|_Ws_(Cb|DhcCH~HY-z;yxef4d*}U#D$9{9b!wY<}o$ zzJ$PvSa)yMK$w6!k*}rSKuH!n0O&7o>E54F(V(bGShA-02Sk0w9 zi$m96ptw}=%O`=&(*Lbj*j(gacj0Frj8on?(3an=a^{QzeycTJZjRP3svKT3Uip!a z;-gvEI*WU)Uo*B1<{i#&!>2L_-;PJ`8pCIWf9PQ=Mr>RmIOu>r)7;0Hx32vM%IUA-M|VEk7su-3=YXNlc`%HV-#_ks z`-1mvox?-=b{^km^Ofu9iumNxqF+*(pw(y~|6)aAK3w$Nwhx80^!rbTK zrbxJ-5sN11gEJ-zTUX!8*edr(+c?YLJwM99pX+z=vU!RbH+PIQ zU&;SajlSsE1jx9`%oU-{&R$A3$6^2usF-oh3hEIo&PVdlBoJn$rc`ml+~t@zXN zX|DPXWwKrD*&x^nar^+4%(wO)8=;Op#a14(Mx{Ak*AeEgl0mhp_3UdZ9TZ6Uae(}u zVDGERB}I-8<$f*XyWTSTt}=4@*gQPd;L5Z`k`q4Lv$_@?EYg+-yor=-$yb;QY*|aT z>`Sgc?aPzQs*kW&9C~qlYp#sN7eAlznNI$g`L)n2eA*fY#tQnG7Edo2Zgqk$()Z7+ zOnYeHfdc5b5uVd^h->kmUv`V$RnL`t(`M&lXD+>!ddMYy%KI9t&5YG!zOnMt-yw3T z``2c@wKLgYp(EslEg~;$!pyI8eS`8<%HGzxc70Lap2eK|)Rg#Ga^oPbk%{%plN*t> zUC^rH0SbUAA$d3GGUVEWt$zoc>B-OmbftK=OL#7SRcDz=oe1@PSNcM_ES5?k2Z!*U z)-(dha@it58{J^2pbR!d)F?@y+1Ve1fmi!DK-I;Z?Tr(F6<`f^}&%G>z@ zxE^XPQu(M@_xGIg7URm{Amx9iZndqoL)jX2?1_(?tCMkZv{)M#IXjyiYqBS$)80Ye zmbajr{p_Eu-&hqrfKEMy=lMLFv!LR&m!OG#jN``eBTwK5POatLXYlLiL(flEOaCBW zKHoOMFZ;>0x1V#9inXQ&J+0+i4EyP7x1M%&zX2cl)4-1x%;0ERl zFw586Ngv)@<@BYKGj8|46^qJ7_%82#82rBI_Vb*_PW|qkobN0jedm1b@rZ82KG+1m zbrYO>r~S$)mFLK*IQxqF)LmViy!G#$xv{rB%05jQ zaSbWt&PwYO0;kR#?)cO_U#92tf9pB=T?oFI!{mFJ=;Ikrz8$jb5!v;Z46--GxW%ih zl&5u~)$_1lzVlV_vDRezo)e)t_uKBXUfy=+tlW1`d0uF&@706%*&KNP-3PCKj=Z1t z(!dgEz&D0m>dj;2wwv3Il@Ih^`9YSJ^py{F&|MrFrLSA!v7qIFh0tJQ7#WAmkX~9$C1nBKjnAVd2Xa);Cdz4C+}jC(q4%%Z)|lbfN9^C~p=s1KoC z!D#5^U~~jA5_zl(h<_#XUZkB(w6g=4@tLF!(8nJ5w;C9fe@$&rmU_z+&J&*>zz0!I z{o0$hW033XPv?>2B9SU32cmorX>3^0_8s@RGz$KdtN2FEEz(brsh_@uIh6T(`20nC zN7$T{dClrahIa+8a#!w0?#kXKej%l`d*S{H-tj+InZ`xqqj4I=^Wrnj{19yo)Afa% zvq+pkafDyuK8i2pTul1*RH%C5RGvoyig9|V^;gV`VQi|uRQF)F?Ss58om=A`4BW$Y zQS)u!JCXO7zt5$aCiIIBxi}i$QO~#zUoP4j=HZS03vc8vm>vU8&9h61g%DnDg@43@ zD*Mg7X4OEi9`LDpZq{?~SUh;(eX=9siL;U+#$7bu0nYrgMLebch!_0j8pD$lp>Jq| zc`OyYk?~+YyC&$$@1Hoiv}d{Vo%99f&j!Bk zl%pW6n#x}qxi9|l&d1DLo^3DewRe&n>&zEZ^*!&8%xO>UtGza_y%A1(*QosRSZWdF z-=(e(_ttlXt?wHAO)=#)If$M^UXw}OtMA@g?_=Bfz7TrMIZtA9&iS5N-;3ZE?SMz5 zf2%*LCxlF>0f&>#qFc&{n`mS_AApCT`#o!sakA}7j(>IKG1j5QKRln1W{mAvF)me< z+i`Jqa{sj*BX~;n_l^-d_iOmgm}6UvJ4Vu1ROf&2TP@wg9V4qRASb^{Iqx6w#^{fF z|B6^@Jij-CueYdA`gXr#M0?MB?YU$0mcHlxpYrQ(PwmSN_$2Pf1c}WikxB2EWGYRxV~Ufj>_c1lj(N;y-<4ElUhKx&(T#W9sVT zvxIAn-FJ#@ex()QB%$0!d}H9{cJOnUcfR4_=!G)tV_N3oNP6_Y)0e&O9P7b9#^z_t zuK!CHn8p04JZ)P!2Wi$^<~s5!&c=pmy3mZDjcqfV-*|#G`U}l-b$PMWLg;lX=N(C= z%)s~53GB)NZuLyyi&HLt#cs+aS46{pnWA+P;btMYNwYqYW)8|AVn`|t;i;>XH%9O6 zd<=g-Ynokl{Xc(M-Z^GV)v8$Z<-vm|rqSaw@G0{+Fa_}^7c{^B6@0;Ny9)=I`5K!8 z)FWF$?d@Z(x!#L47}qz}K<^!-J*}bU2l9z!ELe7(*3ZxtBpak7IPDa&zRMmZ`m282 z1C1zOm~wm-o2sLW*vF2nUaq_#bw#1&GY2J7)()ZmtI&@^z>#6DldKc0YFB$JZ$OS{ zTypnTE;Pdr>)dL+qd8XkP8=B{zK|bYIoOubPd(Rosh=Lq>(J99gG!Pm@ZcHa$pJ^Z z3wh6L7hh$w;8@4pS&Xc^ycdQQd*4{`%&`~mdga)fU+z2R!Qi#Oo%Z{qk4|z!5SM&a z8}`G@!6rF_aovHW51Vg-3uX54I!F5%k3L4W+Trui|$`~I?W=tD8o zb^i!o3ih0D`h)5Jx(vD3U|!+O#eoZ3zl$Fu6S}MQMdGJ~Kg~IcS+IID{s{4MS1Y_C z88?veJ{w)tx)dGi9JN^-<%F zZP>?mxCwf?o*04MCl@}t`^{;~$Gku7(H$cO?7@cWjv>>epL~hfhS}8JR9&JNY2~0g zx&&S806D=Anu0xtLPdLaoLst0@5=rg!?=|NiVm0jaLE&M@nsYRK1}ZVqUCo|eke3x z&j8+C%9&whfr7(^vv%a?)BX(Qmsf0R5jv3d&jEMG1>nQ&hX;e&_3CX0PYV>AX1~3+ z_5S|w433xQ;Q0If;Ma+t%Gy)bZ;7l#??{&5>nXXtK3d6j>Fs&Zii=~f1<8Y?vDCQg z&*DE(ocs;(Xd25f-x_2^m~SnOy7P_3d=BvB#!uY|Px$9H+rHE0t7@~HHp?WR;pN;m zKl|xZbBceGHV)BGkA9}*_@gcTu)c;a)~##e<5z2cb}SD&GJ))>M=r7^^K)ce0dvU? z{9E!R+{hSn*2kXxjE~ksx3$zi(G|+u6F*tMY=a3cm+UHI?nnb?c5FkY8&1{%{4 zb?4DWtqCq)XgG_Hz6TP0eY@(Td`zlO@sU5S?Mu53-#dOl#akaECe421=P__SC}-?{ z;v0L|E6ZQVAwT|!Q)Dd&Ukx&319Nfi82;xE&8nk5{N9=KeYNDktsk-9Kibdt`*Xe@ zlQaHp$WZENF=6ypY?4LPA-|0+yM01(9X$PDPQB=*QPJ10s2iCY^^gCZc7ILQKW@U+ zmqhUO1V&e1V!}0-tfT!R%2v=1-ACN}ecanN*}E<{(2M%W5c@3cJo|^7XFVH&$9qac zFZBGQxj&A7we$NXsy1qQBuqO?iSN_=D!w#D)CCMCJo6IvyieEM7;Kn% ziJnLJu7dB%E;dJz71LwjNZ-!|mfkvfUu(+w=DzQ-R+xOU%_I+g-y{p~963qfuQM~h z7nnpFYP)ErQx~#y-?OaW|BH$KoIdV*)-u zZJ4t4Sm!t1Jr-I}xrTXtdHm${kH*P67N@<=e>c$$k3YV*?(x*Iy2t;6zwTr41u^%% z%13AMUOuw@VPwaYvBY*RC>XwD!Huu&P%LF$!SXmUShk)wh&?FETOP^_IrsSa()2}h znD!g|F()>idF*}B*?7@eVeEa@gL>ERJbB}+$7JPc`U3NQX1IBOBXuPd1N?Nv@&-O_ ztw+88_mV%uWABrAZM7ZK>ajdu*!nWhpZD5#WvJRm_F5Q*xG*4d-_N-Gc(l?V|DMf9 zdgM`X_FAA%PDsUf)G!9_xWB6SeSCC>e-Dl3;x=!=cJjVezP1=#<>%$^X<`iaQ|Hg; zMkW=HM*m`bMV~4wYX}^jOC5F8O&+;D#Ix)vJz2M`O)?UF^a-y|m97sEJlFE>F5;U! zIVK#x*~IS2m>T>OAPOXD7W51<|Ye9?Lu{NCk$@2&rx?)&wp`Tq9P ze81F=e|Ei2Hb@$sQgO$MJ=c1obV2TwN@O_aH9 zN{=~R{<#6@fc~|5t+7h4l@CyMR|h)9X4+sLZ7?@G@&3ertyWCHP5jz&)_*m>?om0q z?=-Kx+IgS&`_(TfZVO+-=eV};x^}b&ujhk4*9Wuo=wIiI*CBg;MRvak_F*@^hVG6j ztijVp&r6cK545KFl^<#*dv+?IN!jt58*EG(aMXnH8}pv`yt9nBX6R~PB{8Y!Lz~aQ zUI7R42bSsVEXJu8AN3uy@n`<(`6E}WjpMtNKE>phVegD&9rM%b1$svP@}K(KkS?z_ z_D><6j&-fA=;D%9@1grDUd_V&68k5l`}2J#{g5ouHP0-bCCgR6>^#}>qK%l^gC2sk z{dumh;qOKMKIfLN_!8^m$Jr}`9gPpF`@`5)X>>-7v0c+aKcB}t(jh;>H?}_`9QpGZ z>P(}%Ww7sV;o6RQf}Em^`6szoPBg(1L!az`C+)Y7Ik>o<=TYh-2h#;J7=!bp-T&XeQ&Ad-)uY!ej@S-UX!$X0Bh6B2D^HWOK;+f z`>FScuP%Rm1BQzqviS*>^H(%=5?V;mPx*F=8;Ro}S7?k}p*70c7Rx7oma@dky^Z^S z;FN`(GTE-IQME)~IA8BXYk)7(I1xREJsiNHI*ZYf19w%Vq;CZ73Z}fW40?Q^#c4Nj zuXvL7(cv@X{)-sS;zQ@I!3XoTuQ+(J?U+&vOZYsyhTk5!GT*K{M_A*ky~(9T@FRZE z_*vRa*!w7XYg>%@Xfl7IWGHs|i^Mf7%yZ)zij$%h%Gm3qZ_yP+KY9=ROn(@Cz{W+h zR~1ZeGFWY%P9y`za ztB5_{V($}Uo%@0AeWQDShI=1AFFA`b8Zp3Zd6uznqYguv#!Ya29sdY^I(&j-l6xkY zRTgLTAGE`(wSAr-cPKV|Ie1sQjQtSN(R=Wb_nxKwI*0bLi(8to`jKXk&;y7AOP%xm-Z+rd2hcJ4n57|0`_RQ_e!%!aSE45mma@jPkG_qao=^RYKj;~+ z`5-KRx;e+@J)ZTS@U>*vV8>5c?cBF>aU|UOTJQas_l0#-{#Kej(we#Czd{ld5++d5)H$94H3ra8faK{LkIU2 z+;_sO|40mv=9lDr@DJSLefdm3@`&pf=Uo%KD7p2M_!d-8La`(1iS(p=7 zC+$1DFTY+Lf1-gBXaHJiZ@N1#*~EI@OW5-N#JINMS5C-=di~mDIqOgdk*#k~_B-%w z$91}sBjoKrJFp0M6Y2jpcO3jWkVi+`pXrM;7$Om`cz&*8`J$ zFpTFZc^z!utFKPh=k(p;uuMM7vyHV1{q8ryO6Pdp1iK`qHyL zn)mSM_zSZ1X7?RZ4|6{24)kYQJtjRQ85HeLCeEsDWHyJ# zZ>qZ2@r~>O`5!k!13T}lCXa_%j*l=Wk4N~pY&`kLA0-ZHeY%P@4s&=r`dQhzFJ_!G%uSzwrmo@dQeYfOd&=QKob~j5id8aB4v)@4 zbVK5mJlZ`7?XoW6UiS8C=FSjwoOQSDpKXNDQ+TZ@Po4+HS*NvUkqCFZrY5z&uZ~P57nTUQy-C9TU zuB&K|_4r^dw z=kM297B2Qk(if}O@_iL;jG#ZW$X#LQS@44o-0q{P&dFi%0WmPzGa`IotMvLq{Pdp> zjV->wJeS{2E`syTMCB>SKc9QzM6MgkZ+cmyBZ!xA9DU+6oT0^Ugx-71_`p?#}ru@UfC3z4@(Zty)?O%Sc~6z&v%gn zk@x?Dd*Q;T4)prp$K>c=w%vCo+IIK2-)Wv2_VoWC-^ecIPkW&CMc?;Dr}_RA{m&9{1W966Yst7)yKIcz$vw*ILI|_CVh`(!;?i z-?#a`PiMdX#%aIL>QL3v!(S&qHG14bZl67UVVXT(D{G%B)+2~6Re>(GZJ-&Kp6JZC z>La>;gK4`Yc`0;?ZF3|-Ubqrum3X_9{#=T@lCMK^3$g=SU;ucQ+|6$`x3JH{&Tqq# z>!DlZW`mbsiFL*CFY~OP`q16%KE!R@S8y+x@(l4F-gD8p%Dnc~wyigPL2@JCN+u&; z8Z>7~zC29bUGTyzzg*`2G3rEDCQcAP0DejNt+4Ir-&p2PC(a=a?Wy0`kv6AC9J`^E zI5)-hiobt#6*i3fjR%j`q=F~c?uvjHY~hBA#!Hgr+^Zfx4(|qsetXRzizP27z_V@Q zwVN-ucG0=+cu6-DjeP+clP=icn@dD9-grva@zaj{ZvJ+Ebc1i~=w}DIpDr zih;!Uqc6ROf1nZ@RIwY?*r6G8J9H}TH{&~WHv9$O$G4r^x2V@QpFSzruW(^k9up7V zTz{e9#YQ4;_9e*(=d=ngXrZBkae*dx30~RNWUp{+{L=aa4O@6li9p=il> zn5v|os_#-?ebv+_|8C<-(5lOa^8K0d2<1N$2C_v zvfj$UH2y34B6;+Y1I&-3@CV^b6aE<2mA}ER{?;tcds<06*c9f=&%?LwJ9d6&U6NRA zo8LZSf_87uYhQBSkx$Mf$e$rTIC3HWBa^ykyo0m7{B}I<@cLdL`U){j!7 zn57j%tRGTqMC6`ok8^*?vrg=kGk1|=#n$WO8)cl2;!m6I)H_VPM*B|Q0&GC!jAIv` zNgaM!E#9g{K586?e`3+z2(h;s_fc=5zhTRUp|cEfN3mRzk;{=e%2ySW4%BkF)v3PY z(;E(LM&EMfj%2z1dGhBJd2V&NbM08#F>X6ozNBu;ALcyqUN`i#hj!;JXWaV8I${++ z{$H-&Z3|92)LEv2Z?W@4?4){uIKYlow|Bjd!A~p{47GIldX>)&$d>&xe zZ?fxMnX$+|Y#+P-gf`cP@@&kB^qN3pzRgR9JhL%iQ0oiVS;xgr`N;d-@U@sW2i%Y z4EXdFPqtJcTdX|7pANl6Gw4Av>B7+5)=#<5sFP{_=$Qz>Vcz0)MJMckqks zZt-Hd7pYw9IQ+t^EnY150_XkIHhB1V)O8nsntv=GfCqG|CGbjbdsSY0ZY=j*`kwbc z&ab~cwXgQN9NExf+*s~vm9rmX6Xjc}Oa6M`Ib!NZ+x$$`N1XYpkB?LH|5Mp9@4&bD za1MX(w)$+=mXQzK(qRMhBK~dZP?GoNL39!3)0Ok658W>yeTsL>hM1#YMBa$TGUPC` z@~B~`)g$b6VrVi(J@<{_yY~wxdi5lz=c|-?_Y1gp=78*4!2`gayPmw6v+Di%&N6ZK z3(Y}iK_;;mU~eh$|B5kQifo=7aP|h&VuO`Jf5cYL+lu_u7>QP^h?A^GhpLCBUxub9 zGe^&~XQ~J0bumY)-<*BUd6t2B%+=FpvR8Bs`j4K~^S+$=UB*eW zWiP*sZ@ansENdVBLFI8`tG)6Yo$`Y!pA$*kqdS>rF4(1t4$H>7S z@LodoyL9|()x&pNocfttoP8thDu@3*$uD%%yKm$dD(C#3!TerMyFXUD&|e=qF3q;L z(reG9;~(pL-hYf=`q|r_+E;rY<=3|7((w;eUK&fiOIv62_dV*X)?VOi@{+aW4FAC& zdsg318Mr)R8cXe5zE0oJr-l5|MlUYcs2p5g<(0d*{I<%$<>mbTCv`36uMaMnOL}qX z?ZE+;xA9)Whs!$EL%TIj{k?sAQ04UP1n}FwxqEQ#b>2_?lyZ&V9JPzg>VwP6v$!nt z+H-L^N8j`Qbvf;+eYN+N*Pe^Z+f>f}j&+p(gt~6v4_vmJsh1=(;PN(bDfwq*!g=t? z1tuk%py^3hCY;Cqy9;8eF~|f@zsSumDH(=8ErqT3s`zR&vb)sW)B1nOOR_2byx;vU z{gP~ZcXTp>KP#esBKw}FpNxNtx$8n}8w^)D``CU+`2zYruos`BdA^`^_-Xn-JE#9n z{)DWKBUvJuBH2=Fswd9mugnDJtwYW!zDMe#F~v47K&BG>OhNvjZwSvp)eX&Lpvw+u zP&Qm1f3lbMF@_r?H+imSdPlU8k1V<#S+oOL#5zE9rz?xryRu086eWwCbE_R$wBD6P zdiEsyqso|9(F>;MH`qLl^TWiQc0$t|jCt-KzUYj%_66plOLt+vPIt>P7sTv-xM%oQ z`dBA0$wv4F?Mc2%<`3oFsqXuEgGVKQ3B8oD4j2I+p?52y?En0V80?b3*0dw%>MfMsOW5F|!7nR~KWqz7!jH6kTU}Jw96ESy~72etZagU;;DtQMsI(j65GAuQ9I}oVR=ib(Fv}*b*%f{E89$XWM{TdZF~5 zQquvf!R4Y4dv9S3E-yVf+`?E4KJ-j@J8-AVx8N=ej{NhF)_DS-OYB{wcr0{(Z|rVS zOb+_LVLYTKb}+sgb8oB_KdF5xRnQH#!@LN#l=g)ZLnM3Zh`GJko+UB$4~{Ic#*@!} zT1wyi_DJmPSSro@R6dY)m^TXGv10?tDm_)zQL!K>-gSn6fTDjzS8R{5w{>SvTM z<(pxS3}`WiJss!8T1UI>OMZQ36Mb^^m|S=c<>)h_({;coU0??5)#Y4!^0)$?tAOXQ zouVQ1?N0o~BLa)|>J0f2miI#QwC8C6`1hVow)%i`cKisJ2ldYE_X{0;pw7`>5_TRL zW#v%!@B5d-mFkCl39cOOFP}!PepWUDKBo^e;P?LeBAX*fUrO*nbfR0|Mqf&8UxHSr zQD3}gPG5pnw}IYzb(>sy?C;Bt)AVI32Ny?4-SJKRozz*Z*UTpZHC2gxd4`W#Z|O!%hw+YuhYr zz0-?(-JaELH`2yoAC7wKM@IT%J0y!g=Ec{$v?U(c!uS2W39r*ReN%B==cl%`5 zMnl&8)i#UVkN&6S_&aR;Bf4-OdTEK;7`9JCFVaObvJ>$q*ztAS(A@0V!Lw=0 z8{b@i$8L-NEdH9QNBFY+b=y(fVfyQ@Ut@9;_5LA;UZz=lB^&>`2wYcy`x*EnUcnc8 z5?w>}>knT*i^0#>bY0JCI|gaau*av!yw+0T+El`KC--sesv7L75@M_**CW`?5$xs; z{GKIw=q{RX_@&QV??#&|z=yY`s<`5TNEw(?lc0JY=m z_Dy~D`qYJd*vGi<=RJS@JBP%a^FM}|)JSlleWWA71u@PS2cqC~ z#d)QRze@SVnKyqRJC^kY55FZmC+0epJBICyVP;e!RmM0!15F9P&tJ;7z-}6cCIhcG z?2VYlW4GYDj`bAU+zxh}c_!beH|7=8U&5ZZZSv1EcJlL8Fm4*N0DsamMp1Vd9VLS9 zA8BN5(aviZ+BL=w;u+J(P{n?FFvfUps*95YfibtNfHK({8GJDb4rDwAxW@9h=gi=6dU zH!kys|BpUFPm=v-5o7B0nXzaPzwNHF{MH_E`OVgGv+~ivJJi8=q%?ktUDJBZM~WFo zXcHP}h`@*VwZ(7jQ6FmK1JUiqsm#`&9-3U|!?V}sR7)S|zoI#CT}~dEQpUBDaT-CM z<|<+z1Sfl;x)w8niyc{G4N zpz;_x0W`Cc_wCw}ayWhR9<%CBaxUsQdKqV1IWc!Za4MaB9lBxeSxTZ0EBjm@o00uK z=}H@y`m@8XuH){BJA*N$-slQe6{)0ro)K^Tdc1O;}k3Pe_MgPDwydpWR?qeK7-V(Z1HEERPb;i>+w$?IUxo z9^jShovUw;b^jLsa*X~e_E_KgpX=K;a2{sN4}_8JJeO=QW8ANRcKv-pFFRslqinoy zwTpN0(KEn>KfPc5YpI=2v;IEjnf8e5a~7T0`^TKTPK(HABpib0=q&OjNah5~To~%I zx=fPxa?j`W>oCd}A^x0867mZDd4il^a_;o*X;wI+x{j{^AdT4Sx_2HjP;cpyYdUJprwvIhmk~kw- z#<$LyV1edq+lUV&V*ICzXT5MYR7>oE6QUng@wyNN}Bx8ry{_NV*{y=B;-D$8?i z(8r;}=>@0C%?H4Nm1nF`1b{OleG>TI=Y7H9hh-43SUa?RkliaE3z~7ZJz!!@Fq%f6 zfWB5*`ny|k)@gF~8JnlOPdR#p%DudO>C*D3apjxFKLdS)!Jp-mkTY-juPx79^HIw) zkG{>CID#~Yu5w07kCttzejDigCiNMeLF>)M(7Cmv(ihpazI$lf z;>VSfZR;I5S>erp$T{WT+FdGpAge!W|CH8F#0UC5cMg;esB*>0=)7&Mb;!oDZMn32 zrf665RaktUNCm@Yyd4YXKXC2rpJ)EEW$+0!ox(ppzN3u!iSOdZ#vRz$xDM_sxbNiI z8e%-OC)|67n4*^Y>S6M)cN0U@(uDq^Tm}cm#`sqAmKjo%kIqTF>@swu-NX*|aQ+vx zfW6Mz?@jf4#{`Bif17c=?ESS%{tRw(ExTt{Dfm))n(xEHull$y8wPJ%eQ^( zd*$9DPk6ufz4PpJ_Wh;U_nPzHqo3u-ZW{yR!(jz_Wr^l|^iQu{`NPznVqX0C&e0dG z4kCK<>P~|n)xTAGE;uUzXUaEW^#f!CV`On>tiB$yvCUQJV&q>;y@bA=!9TG0zL`3& zW&T#={bF=?d}-~Tf3XmLIe?te7@PnXPg(uFaNZ&G^P%9;d-kH$;R~$}|CFo4>mB*Q zy!yO%2T+&%RQ;9jeh=KiANlqS#mi*7NB6<+&YCX1-+L|XcTfI0vApOYwdm}UCAH}6 z@i*XI~0@ zgPuqp9Cu#|_aX4OyZKc4`4j3;or-%9&sWN(Lr0t8>S+DO?Yeq9`gVh9WKSjf_TL|J z*F9q zum16>q0G)1u1?~=mVWh_b;J-tYr=!~&%?(U_V@Yawau}D%x0aS8+nQ^CXmd(62BI* zq(2$%$@UK9$Zgpm!Q)~=AajdCKtIjf**%)1Nw_ z$!h3WIz%TrO$YbG_}0^#^j!1+Joe0@5N9Mw{|UBXkMW-DALaS2pszX?U@dx`#^?d{ zmuLE3x}xa53c4TRqx)Rj#KW-x$7#N^W9RZg2H8?W?iJxHg1)6SdijUTk&${f;^uPs z7u&tK**m~X7@bS~ilA@VzR8Z=Y~#QiD!_4??126Z5FV^z_IWqINE?g{m`GKW$f5z z8T&{0&hvG7d$c#JJ$P6;x9lhR_C0#tZ2etXd!T~%;8Xi2eOY?*(T|_1^WQ_Af21Cd z{{1nWR@cO)h$H7i_;Tz$Hiho%*ne5dycSOsC1+B14Q(K=4@OzY}&MOL4l{y<*6^jJQZjpe-HZ*BGngK zI``&iy#sBwR5TXb*kSxo<`%BvqaJ`i|Rz4!z*SjxFRwgnph?e`5(QY|&JLji9SBKw%_^FiI zJCFC$jKlvkPMh)%%a-ut4SIa;T%J2T=GcSKe+nO<=v#WE&dp906L(RGEu^zEBtP?^ zozt!l*m$$7y(d@%ZxGq@Bz|WbUVWm24E1HG zZ<}KNp+SG1)jy>ZUX z=~GVMR9*$GYwfot!TKbAThZ6hN{7Z@<5zu-&}WOktlWTa-F^ax@X&)?n8LW)zEjp; z|1+#-BGXeD4;^Y=#eVBf=H1X;$Pn>8ao}-iI>bDnJPzgLMU>7F;8!xIWNt-jCNd#XT@^)# zu>MrFVP(B3OHL|tc`i{V*_-0KaTfRCGR-|Uzu-*hM&Fb&kK1Q4`^?4yUX*Lw*X#a{JiY{4{#(8aE0%55Rd!$PG-6`~ORiq===T^ipI*VZ_UZ%P z`0Td+)vP?X^onkPjuG94F5d%gwXb45Iza`tJaVPG4jVqeuY7ueFtPi{gYtm<>+lb9 z20XRn15S?ph*`DH+Q{b#=XUP)cx*IrINo~?@}8g9(xb9lJPug#sTgB-3tjaqzOQ@BaB2-#YRwOP~GGrpi2iss}Il{wK(9Al|{oZP@`$t-((J zxwX^tY~J#L@K)|SZ@{+;LwVL-|G8_gD?Vr^e5UcMh93gx&o%Hv@n5tXUEePFk4;9G zY0KtkDRI|BH3$AJ>%0ZvD+R7R`f%ibR{s>7ZOl_zmx*8N?xi|%Ee$rmu z*L(L}-aQALNakA_gSX1zDb;81;j0<&o$mGL@$G)T^Y|_fkNKZf@=QLB+;2Wcxu3UZ zp6uD8ca-~I_PoE2U-E7my<7E2@09#6Mh;8@k1DT57Rq-nT6*cbS^4kb$2rd^OFvql zsAL?s=bQ1B*h?YyYggP{6-Bq5sI>|YRu3=d(!QO$k!3eTPQ}|Mp6iTv$q4B%`d&Wz zFu2HID|kM7)gc=#b{Bq_i_m?zx6hEDe*LdnzJ%9_zhjTXVK88lx$;U*mIAgZ%G%`_x^Tn(%9FPM~jX5ishr~XwnQ``$Pu2l(@_8n?7*mDlqo9 z?$)nQr_%9hcQDW8wl`K|&74*OJuDh%CYCT(+s?pu01Va4(H*o4PYh9?KkTDx4=<%I zyw%ujmS?adB&R$0R{HmL_%eRC^7V9}V+F0=(5Kw$Si$A9T)m--{L6w-Hq!sJf7WLe zbJmDAcM%T^9SHss=uPx_Be1G&>70M{oao|CewE5tfjzsT>gIyvV*CKtSC7$$w=2%W*{iXEH9UJ?<=j^?w)Vd9a_KwW+o5rLU+vuU{&W8K zw=?$AJ;TT=Kc8Ejsm0NmO7qOPPH@UHKq^Q!$Izq;S*!gCVd@xvotq`r1bpWx}| zTsKvpm)yklT2pX&IX-db*aq1R4@1)h%&`U3dw@FMU~Zjb=hlLG2bnJw2jV?@z|N@! zc21q+&Z&B57jOuk-{!#Kf-VXfELIjmiA0@4e&vhF2&!17|ANg-F-6{n;5t)XWc`CNYS5Y=ct&&UI8E4dt@~B;F1lT9g|A~A=;J? z;Q?sgPXnTP@7d{SU@@}9(p>Lay>rINgDHCmRoH^_v#t#+i%_`~EaG z0b+o(|D_y#rv}{rd6-$%LYuM^uf335I{2nDnj6qhD)?6Ny&~r1Sg2&*4|ehVa{QeC zpR_Z9ud+Jx|9kJv%AzRLg{aw37Wc9lv6Gtwa6!k7e>dzuAqktIqgFe`3g$urBGHzM zOsUY8fP^L0`DZ9p@3cw)323@Rn6d42@!s5o0HGC_&P;BB=KuYj_kEK$SLk#;lg}rg z`!44_%X6OnJm)#C{u1VUl^>wLxN;Srz^{%udwI58Z}y+~h^@dzh}_MZZB(|v$>AnH z##!$FKw06P*;7p0QRK3CxZ+m(_L$%UF#C1T5%y8OOtQq;uX93mBC`+i8}#fu>(Fy_ zgmQjEo_%M(v&%HM1Z zoINJ{^c){v2EX~Vx0Cwn1%vIjEZo=5d&$0QZZUf`-r-)fAY2~IyeIp6#wO)Y@H59M zFB=G2?+!uhCFm{4rQPk&BD%_&1I*VV{#DNCvW^Zg0~(ujejp#D@29Nh%Z(h~KwnH> z@A-7N2)Vt^>6=Sy@%1*XDJIR;FJDZu*9<+uyTzOQ>DB~;pXgUL@WE1al49*Y{iL2` z%b`!|NsfGyFREWpdNBO9!m3&Gb{F!hKd*<;~;PjS9H8^!uU$Mc4xqnTM~X zzRdQcZg%{rHN+VS&ub`ufHHF^<6TR7j`xzuItOG3I(Zzrte$BlsyU+z-)utrc`Jzz zi_)(2VZk&VzNcSz{b}kjVr}plO&w-M#2;+_YOe+74qHk*r{A14Bzwt)ao#Xr#K->F zTy!pEd_gX{#q2vczXM)1`($weJZn-Jyz5HVHa`0V>l^f|ENbr;I{fNDIbwV)j?Os6 z!Os{vcuVVo_-4k*H&gJMtxq;pIQnFqu^m`o ztqldSGbUrRjYki0%S-=2M^w98h(nE0xBTA5-nOm}|6&b$L#A1~lgk?)9rdXF4!&8= zoJ_y=O< z8k_I~oq28aiBHm6TxFghhGfdc$D;nQMz^|Q%N2@cDQJNY7`)wX@7;QV`-i^_4`uEp z=i6y-2YYib1{-gEZao2T(!EYcFYdB#43nQOk>Lv_wo~shbOo)2J+Ya13HqaTj4|jd z(L0S!-BtlCDuG2Mx?nOKE^*+XzEubgrJsbuCY31#4wL)qGrBWzwX&5Om`ekL+eRAw z`Y5>5f=<_hekL30Bi7$^_N9Ct(xauryXAFH9%aRP9d12BJB8p_A$IBQpKQzh<|w#) z5L_m%dv!+aYU0mBkuG>JJc2lu;7;kU2Wh_xy+=7J-{<tOUOQZj}mUsfjBAB^-Q=f#R z`c--HQsLP2Jq_R-%FT4b9*U_h2K0HbvZln+R&5n*IzJoG?K}TUxfs4n+)__OMfd;1~@d$9$oR6Ch z-ef!cLHKt)F)rq+7xsAETnq=xJBDc%=jfd_9ZsQhkK5&k;d+ftg3yx>A76lDz zu3w%7Uu0dwmVdS!&$T#TiGJtS+qN+Lb4?z7EpE;>YZleK%OSVVw+_S8rr0(lIELIL zrxN)-L_^5orV4muIrsT|Tfw);#>5urxMK?bbZC3opYUTd2OgYjk{_Y|4qJv?BAz{O z03De36TnIKyeC2osxa)WDjHVWF<)GF1 zRu?(2K0e=jrPd(&o`WlTe$esnb@5*Hx^<~;m5=dU@>S>7^vOTus$|Z$zD)m}YrV65 z7y*;J%9fWtd!28;{S5!2eb$|G@4_Yav}J6;yoaC>WJomb3$FtwZ5eO3TZi05FGJ_F z^)h(FBv-$AM*V=^FVyCRo+bCgE;F$InwJ>kPK>Z=Q~IMTQ*xPa@A>SaSrZ=%ypz{q z`cN8JD`I(uDL2RAsD*weVB3Lvs>-@{Ax5#2gY{}fcHSyUJ#bxZgjsdJT(cH zcl-rd=Kcj(s;=9q3&;M5dhlF%SfHb-7<4MWAvogSkx!{97g`}E>k#_#F4j@HAHZgR z{sWuW8XSYSxctIP-@6mN>!yNps_T|4=5^L5>0_bjXV!)1+t{zQcZ6pX|9Htq#%4Ta zozz(`PT7G!L6}!$%`L~~+c`kbH%rPtL{o{)dZ8)(wW5Ypm zRZaJ0zQ0ZSu9X))hTeqE)HXIZFFY2VsgdjZe0kyfe8I?lS6dTWGu|IL_timJhpw_F zEX+JKvhIzHtdoJk<2G_u;6C=&#Imf!{3XvH8M9#iTfMWa$ca)baf|28;!3bv(Rt0-{XByeN z^iyGMn8=~atcl0SL%|rke^EGq3^ryWe z!{6t(3f=Jc;MF|(qyEjtU*tYtNF86Mj!TwIJF?MtNq6QjYvvHHUt)Z(`-arLgguaP zS#XWM-=2GD{YqcPs%&3&m8&zj_2|9m>{tqWT+zvuk2KD?)OOrWW~20@z2K4ZRY|We z#Bb&5^LnPZuyS;1oe3?!s@4W$qv5Ml*ne~l`Wrd^fU+|f(H9Tz4;81p5J`D5UD%8Ywhw`laFGwz=_R*(tp_fT`>>C-ei+|K zZZCW_QS!&?3`p%I+KGOV!gRFhek}Vsj)PCf>DS45 z+|!Sf;KRv3^iI6O!KHTEh*N(D^&7f#@JMT;abVMtbf&iOPcV?4aUuMB`a|eEFpRMb zY5Xy}?!RWeW@$*OKT4{CIX)Es@7F=_T zv83l7T#sG$ICj)bt+5DaF5#cEI;)oQtQ5W0y9U!>1rHx!&-5_L^wHpcJ7z@== zHS^`PX`cg{(pU;ST{tSv!NeaAw-O!Tel{W zk4Ur>2X}40YQtOk&<)HbGl2Qs2IlGA_j0f6E?_>-O0U!S?*Zn=f%zEdKiil7IBVTA z1v9M?ZDU=CGG>jaforX~ZiBw@Gw#}BrJFUPPGt9T?xzETkJu|egtI(4p_|{)cm4i` zU%_Lb97zY?QW~%PZ{TxOxCD$o^A})r6q@nI&%Ah<@UcI>%Gf0M548T1pK05_CFlwj zLDpFrPvyC?BU(eg4?p*7*xKIpSaa{J$8OJ=Zb`Gp+|kzDTdMaqd*lE1ys zGt*!6Ibe8bKl)rH`dsZPTc5-Kb;#8{W#b<-`dok9qnoRVHMCE}JnG$O^f~bft+j4J zKM`#t_kS<_k3kc;$acZQJ60DyBQ5}+AMl+E(?h`YLSqwtHLSJPKIx$~i$9mY+53b0 z&+{?*o%AWjjbD5Bh4l27;ZbXU*1JyQ`Vb$o=`T8#;&xn~x{@}p}hN znSJXk#0F}8g}G?E!1~JSi^QSW&#{}l>nmHVp2-C8y z*U(VzH7A1A7wNb5V)XTwbK1T7UI0Ba4nNRY5gno#Y|UEm0-Ju)KLZbY?riHM1G=dp|Afx@QXduXs$cdL z;=AG<_#&Ub1#aPQSY1&z-1uX9t5bJ$22#ff|8c&K&^P*rW>?FI^y=# z+g=8^s(aD8>>uf&F1{}RPsYzUidg^OM0=)v#v%T(kF&76FjXDL@C)V|xtrPzU}qj> z4EU0E>7D+!QpZ7H*#)fbwyfQ~f)&p{VjNw!1`{vv{un&_DEB9s>n>d*(~rUH6`Lo& z&ro#ssOAnH?bhqUuE2#Ix?el>{jXsMkMD9!Yf+oPQPl+pvFM`8Ex(q1F& zTW^Cuc;OU-&$#ftS@4Cw2)zHRu*nUr+`;A@H1Hg9{ke=_xH^Au!BooE%2!MI z%Aasv&k$>OX8k=6D&Yam@NHmu<#ij;~@K4{pf1$H{SA{vZ1IWHN8KU+@0Ts@y4gUI+uF2o;aI& zUD<2uqV6W@wut!@UPx9Hx^$W|!uTVF3(Dg*o9Ci0l~eu_(_fA}6V1w&)AOk=?FL5} z+LaC~y45@VyZy=n?__%j#?sZ2-w)@#J60Dyn}OTIno9?6f`Qijm!0X|{e;Vt!CA=) z<7cVlEGPUdum78qA8s+{s*%faJNL%#QpP!z#Ex#^UhRuVpC$+Vd>hwB9HQf1d`r$> zo#p6yZVZs(fs_-GxW7Z-(k^g**GBBQ8OSujCq?o9@Ryink@wZ6{nXFm-$RxuhE%$% zctRn0x5ayE7+(drmrWhB@n3D2S?k6dt<2&&)z&Ll#sh(I4U3D>#ZtRZ(w13ofNmuh zZ24)!ByK9Aa(DT(_0yntV{tK6GlIs;diC2|S zM+Nj2l`RNP>igUOFW>hP(+uD9HE&!W6~0r}Pkm}j>s2bNz5eZdC*JKHH+sT=acit8 zv{Riiwfh0a`f_Q%ZWo1bE!TKx*Wi|G3zpd97f+Ebp?Urq^DG@gw!=yfZ}HCe0^0WO zoe_=*1`E{&V>YmLbO3MNWuCf!Pu(uRI-YFrA%7Jw9hdHmtcPC~h&PCj1#|8zD7vR8 z@%B9W3IB9+!W}1e#=xfxyr4h&m+Y@(Uzwiw-Ir1Cr8du5e^*h0g^XRr0sL6OBJ#6Q zKRE$pGl{>6w~azK^5zw(=FC0O`W(*Ilh4UMBPq3UB5^pP*=c+yTL=9_>-`h=a86$e z^05a#ZSxL2m!F{; z9%=Yuz2W1W0U|jXXnc+5X~0M2bZ_*Kkm77@J|G^7KHR7CT#Rr2l=gxyY#d&vIwkLB zW2eQ4IdkK+?!=#5rg$$WKCE2%h3I3D-yHd&oqW!Z={daT-=a=D*^}ghgD-y8E+6?0 z&)=l3>HJHM3Z{MWVfp>-UFWvv#D`7S_mm%%)SlW`d+)gIIq_k4>N)v5LpJZ}D!C8A3-sY3^?|-#cac6^BDOHj`GoD8h=B7 zyryKMmtP=5CxvKFa^gA76LRBX^qh;IGM~7-0Ox)N+KNq#vM~E?5r4u`O6X&=AgXg$6bdG+IOy@!O zTZhi)t1bFEo!=Y}otNu5bQguLXzP@F{=j2;PE6`%p1)09_p9&7(2LReD7QU_&hOXv zlpmMWp4wM?@4D?dbRN`m=zImwH&NGZ{0BXB9(2a);&45_F3IYzxcCFT3V-bV>I3Ny z9B%tdG;|^StuLc~=q~{6O5chzf39p8N}TFnD{n;uG3pV0zR9}zhi;5y5>0+y^v-yc z``XK|cA)bm(PQ6OQlUr9e-zw+9@cnyz?1YpX9~E}JSqII-*jy?TjvoEyNmX^EYyL4(yw51>X&fh_Ok*c2{m|;qoT=b@ZjaZ>>1>1ujsZ*?(;66EAt@X=^RM+DUw8_I}IW>V(%|Z>`x14{pink6V!a zHQ;$t+(N+ayQzouZ?x;H|w`K)jWG!*Mcv8U-?Lu1*{2q&30amn?13R zlxZt28*BDZl8D-b`twrCf0jB$bDf8A=Q8otMwm&yq-!tag@vYf& z-AsN;aH_b>mV3f?!K(xq>UrNix@|i!D_&R}$zxx_QS@lh-Vc@A2_4ds4FX(E96h)y zK4u|n#ZNM!k5inDZTmB98X>P)xs z2uA)pkhS1sfIJq4*Rke*n6uH^c~^1=@p2eC z@JezD7}$RJ4QvCxkHUj3^cV{q$boMe-ei5ol=&%T#7AQE@GyV*G1)#zHiE=m~VD@zWJ`_8z0}~k`K)H9e*T>9u++4 zFL3M1CdWq+^~xU2dD1d%WY4z}W#j@8e0<~qH2oy@nQ`^E$r*y`=Q>ZDA#a<^M=riG z<;M2nocO-`*Qbw}{W$&dEC@dNm<#C>_uiQkR6(0W>ljjyMyZEFzA9(Kw;;x8n_@?5w^KNUVf z8GYmZF3dBpovl8sqz`dVAKdnJX0Vs`mI9C5CvCoA_DXyD^U*C%f1LetrB1B3Yyshw zpLus>j%?Qec&xnr9neYgekbF1ciyp9bHP1tk`t<1KD`5qp@T*g2M>=mdtx8t{6W2c zx!nFWu%d5%@U<8pnxFi2dHBLhz@>crY3{y01K;{jg*RLPcEuNfT>-G$<$;~%&zocH zLVTnhd=dZ1ho98IPoy7ILQA#utrA*V_OajWnO4rN5}sAi-x8B=58U1F3;+1fHm>=} zl_S0r$g%lO0G!sIEb$oS+R-)qe5Q|b^7Ct*p?5sxL9vS9En%(I#;Gsv@I2))RGg*B zi3JV*@MT~JPP_cmI)F1wF@3kv#PBg-3Zlow~{-k9zPWBO^ciuQt7kCToDl`wm`R zbbR!$h%svYp!ib8CqBk_`^Kkv5PxHQgOkQLUj1Sm@6oSXjfuXuaJ^L5)Vts9ufz97 zt2{7xo9Eu~dXB|6(shV^tqOss%9|Zc(#v{#eU2_i zZb8OlaG=80(p{Hmy}Z z%QKC$nfdu%CUv=Z;`FZ%PdxpdPk%3Tp6UYD{k(G_9F3tbNPeCrkHcTuZdyB04-QUF0?BNW4vaW$zQ#+7S2Z=SX0obroGpN32hRN&7&Z%fRGijUU_R*rU1%L}3uWB3dv_gBF-lYMX`Anx?R*kOFF<$6!}dkr>TV}) zyB#`r=GBb#Q%-+GFL!D_=!b0fuW`1lL)(*T;g#<5r+BXOq@Huv|MuH>C7oQjb-s=| zz{7POe(2)Y0;6yD%U|dtVogC02;C6=n${<0an?8S9)gW*crU*wh87feUzxLSeW~R; zU3=Tc^{m@f-A`^p=@7l}sNN~WE5M%&|FZDw@vMVq;#o2JDZS!F^$%I*1HQTJDfO|Z zl<}_d4bd-i01V|f6>rdZ-c$L(p~%lKFrN34=}&w_v_bjLO~f|iK1h8A zy~*dzEJ%`X;uqq{_IQ-91fBw($!7%JV1x5pVe^kisn5VGVDoo(K3-M-nU4$kquw*^ z_48Zl3epoK=kNiob^TH?Y&6l7;#__^%vy_{zPjQqJ2yoMv~cKSM}cJEt*$gS*jp+N`x#hnJ%7+;_yzn?QH=T3ZeXC?Na;3Pa&4#FO6e9_#hkL+JRI#2mE)-He0&NEPY73))3tmE>H z-W4}nA1MB@l)3Zc$7l!6vB66izrS%B@qKRWBXuOogH|HXhs-9AWij%*JcscBrxNm3 zN`E3hY2wK#d@~uni$0XEwkw#x=eByl8D5kR?6TL|3}3^)l|f&{7j>Ucd};;z$i+wZ(g)HTy7lBWv%dGPd`0A0hJMTG8*&Ccaq-UAB(to``+R?z>jBS`{C~^t zBJX`Oek{?|yWlZ(`|r1Z4XyF6o%wU^=4G_w`wq4!F#wud(V_H>3*~T1&h6~w<@NIG zy*|wN*mBu(XYQ}L%-mngz3@Z)t1k{2ell;B&Bqi!Ao}ZO-;Cw_Nxqz}8EW>^-^&`; zA8RiC;Jbe++_BMbg|(+1*fmwOrGSGW;)SxSzKl(pa=+QTx4U28xYUk${4dtkzm2Vp zJX{XG)Pgqw;HWi!`4T$dRh>WgB~}2lYAda(Vpr|@a&+_dDe$k!*lM9G@ay;+FTD+V zoq~-`UeA2=l;|&fiE?}i#16GKaOPwdXD)%?t9wq`7-^PDllsI*N@48cQU$`^> zl5qC(OSfnHQ@ekPoD*E=?;7!AKYfY+R}nZ(u0hJK7^1VD?fsIO{QjT}c#Q{!hIjiK zL*pf9r-YB+ij6ZK+kCa}w7zL+UcNrY_u4z#3|yi|e2IO;%Ra4`&m%<%l|8%vl5lmk zwc~8yQuEu}?Mp;|?Mrli#DCnEP(LbxXGfPWQLz?2$9sdX>A%%|0U5?LFtI z^9?c*SlH*X#JTSxZo$@joq2^9h*!Q%e4C43l2aeNXyX;@(F5>F>s@wyL;v|5Q}9#e zd1S^Wa@*vAANk&boo>EC-Jj>ldKT0PoQWKL}8#^h;ugb_*79WJ-zCw%Mm5nasSGpYPor2ZxRW z8&eK?A5adN-45^0J4ZQWq;ku~h=)*F{o^Y`#~cxkj%EI+PqIs~uCW{Wj(*v?t{wB1 zPy4aa_$!!4t#c{HQT`a|2z_Nkp0e<8m9=dUJN7L;IuvnZFO&N)Yh3R-`QZ$&;f%9Q z_;CH~EmJv{*9adTaPUEV=6MGvT>bT4li#{uUy|M-9-G`&khWs<&%|#r2QlDm#_II{ zHOty?0B7Z zq4Rk2!Nm%2k^13z{%&+5@W-`3SsOsVk>AVJANQ}sre@5lXCM9TD+|v^F8dZ`Wy5)O zXz>}1*U+4!2lnw+=iZFDc|>>)e7J#r&%rjy2R=0p?u}w>`8JM*^ED<1p9lSi&HKDC ztNA$S!ze*d5OLk?IeqDSzZtRDCd~*F8)N6A0`^QuF@P1z5g{^RP z8FhQ(-4>X9J|p{b$=LQois2W2aLMop;N6by0CFnxFwnzQA_K>O)l2S>Jf=FsaC^ec}5Iev>-V<~3c_cZYf zW?gW8vF(?ikG~#%R>FM=Yi;ru3HHiU?Q62kxl^I94YUvO_pK@6yRz~4n?tvTbBQ&` zExRgwIr}v9t?hFvjx41<=JW#}W!-vxtkG_wA3oZHXH3kdjg8cAVsst9xVQiEQ|Via z@9HUUO`*-`r_CDMJ1^LDZv5=LH*GEa@7uEBX!`}c_&(O)dp|t|m8bg2oA9Ss@7(xv zdu+n%leFvgr@Hi#X}<5@-|{EyJkwT5zi;ceeEUbwTzT97Yrg;K|ML5{|Cist@xT23 zyBGQX^!{|CA0Nlg{p0@30s8SEv&TJ;J?^1MH+gH`g`d`uFRKoGuz60V(TzJEMAw^v z?pNqb)PXY#PlqBeu~&5AX)AK-HD9>9BGb`V2OE90?vACAYWC5 znD_~{WK}^hQO9rHsg!UPdwaWSYiT`p8ExMP|EuCxIxbE}6Sw>d0YFZi93~&LluLOdKsNN@)Kf&fuB&xv-}P zh3oMhs4eY3j85h(nWf5;X6>@y4+%H$Ui;FyA7MYs?0crOS5le7hSho0ABrp|mt>57 z#rXbu+3)~pn~O5f4>PiNrsl@BJyKFoH;p!N6;;A?ad>-O;OEAW|6R}N!W ztYs&4Y^AP`fbafcq4kQDlpn&av#%a>J=L@P^VV9!uZYbw{Nt4C&$e;OwoksklfCh4 zg(Jd`FM}KCyr-9eH!<|j6ZC7^P+#32sISH6YmKr;*ub7W!J0o87c_6Nz|h8L1b6h! zLDrx;;X!b3X#HY%g7lLZb!?%nV)SKn<EQ&Mk_oWbULJYu-D+50`fI-Anb@V=3A(3jy)XO^l$C!q>w#s&g=W6*m;j1TGD81i9-B2m6KGO;;FYwd}BQZOj+gPX|JS?NNH_I?U}5-Z%47;T5=Ao-veG8!1r6mdwjLs zFM_`{i=Tf*@o;9$_*Yio6CoaK()8Op$(xkg2)&G$Zv0%Sjnkd{H+I`2``T7r()Y@U zg^LBQZ(K$lo2lb$Ah*#!?Ce{`mT#5n@l%hk{Z2hzS$7HZJe2?KElxbgGnpo~^w>{5 zcE)hquRPwJ^WmY$#q`e?&H1VQ`kd@!bl@iC-z|a8vE}$B9-O^U0kap%U)9VQ%4HL* z^+f_@@D@>FT!6Mq zpl#vCG-%u2+mqV3jlQDiHwK~WSYXl4@4Iy=4h@XC$sUr) zoIG#NYPacUpw7KebzztNjm`f?tj?1b*Z=48!xv3F$3Xi@vidUmUlN=guHbw}dwiE_ zk6$7Up4ehts=Rv0#I)As;G=n8X1|}qeGUJX=&ED7iNRZie8{%^r)$pl&Xhm59XqD9 zBhBEO=DCdAO_p^_c-!^NCwx06#}}S$@>bmv{+rkPaltKD06y4yimkK8m{$uPtGXl$ zhBEd;4&Qf2tnr>MvGawFy;o}}!~1MJBlpR! zi@2v_@U!_&j70B)@MC8OWSztue~H+`&AlKX=|^&jUV|rd<4*dBCk0 zJ%BZZriOZxLo?CEnw|FAX5w?W;p&VHTY;Y+IO%y5eI~uTy==q%X_(wwN~JylW<2#Qnx? z+Z~_A)=`BHhkRSXH!b8_+{c*7SCBY_oGi6ctI(ro>OI%pHIuEGFHo*4Ix^fzTjm;> z+Rit6Uoy#>Y1)ovg{SepfW9o{+gKrRG4|yh>^aVWH>NlGflaK?87K8ErMwv@v8TFr zc?Gl-X<(f6y-E2X>v@-Ij}h54(&&&cFh;&@s-<0IsbEamtnh1G({7s;x+8paEICkV z&%C3YU}dhYYs@w6wYfTs+5<+|@>yZwl;X4*7wu)4_Nr*leJ|YAKlsC%`*q>Rz@O+8 zbXQ<|6xa$k!Mi5mU5s%Lrmo|k3nnt*<;UlRBBQZsR94?;Oa( zoI0d?o|^?OAdk9`qj%#kJWe|&;1PSQK~*R55AWcdrh~+XiZ`5qH=t0PwYe9chGtoN z6iN(X@J#{E8`0x4v!$N_7wXEUj!QTe}ebtlA6w-oS3|Dn%AiZ){31@vrId7zf5~Ke|ehA@t+Kqu7=5hbb0tDd=>Z}KHynIIyRE$NN5Dq03>q(bGW4IK{6kgy(IxEsRP43oT`7A8_cE6+Fu%&xCVqMk zn*NGwE0=d}y*dXyIEcxpUUyC!=4tVM+_?wx>vb^wS+I8u7EBq5VInnef zCokNrceH8fmwVaZlZknXKM{;{41iT$xUWCpl5jc-%+#+#)RDg^@2ytg=a!Kkft(?Z z>FV%o*4Yce=_qq$Z!)f7#{5~-IhVUEYr;-n++Bc-i$9f)Rv9*=6Yf$5Rj6*Q~h4cHb=2vzx z`ZU+lSM`1m*TO@M>Bn6EsPA2%@hz_9S7>p5-!;D}jr;g5Q@qIM$C*7O-+14#vz*wS ze_KZVgF}%f@=IEtKUaSoiyZa(LS^ToJFbmgDLpQj_`}1_8D<{-a-94DUYpNdOW32f z&{?%s=G`x1`+kFoKpK1fi7}30t3VgKiARXA{x(r~sxb%Qb)hWUg||h)Px#S*{R?~X z+2<0+6{C;D>_*VPBiFS#`wh==W*7Sgrn7b)rH+?a*UGsK-RX6E??F({8Phv@t{CRK z(oOk0^_+c(A)arbu5tVucaD*Ie(!) zzDHvZA}h-90kr2cF2{Z|a9|wJUH5F}z^52k=*`Eq_Emd%I=p4l7GNID7VPYJgF;~C z$^aW@ZTms>#DL2$@g)q?Zv)P0C2R#Q~6Zm})SpAN6LW0YvKscB6#6P^}#A`3Q)a)TW!M)~Jdi`YZ zgZ(!K4_$cOo3wu;dZW$D@V%{8tmK+Jvu9#;Zj*h6Ui`*T#O(WnpH-vhD<6aKRc+|s z{VpfpUCXd-3^$hT3Wpw|PCt_8FB9MJpD*qAH~8Qkxx4K1h-Y7BO*Z$h+xM|y&V3pA zJmF`)VXQf*e3Sit6EVT&p0lHQZ}OlBmy{b%`28klRG9bpMD@M;9|cF+nJ2@uIN!M( zeXNjiD&Op8U{YLvx$%2!;kwouE`Jq1P0rBez6BVypxTcr-BzXI)791fFDe7 zk3l~%;BCs1uQ>UP-M;7ewY+ES>YLf*@KXC_oY_*AlN$aVW3_poO>ckAb(#2$b(^7& z8*KVGB|aj0$>ZKac1h12gsxD6z5X2jo(g<7CFC&i)}IXbdGw`Odn49fX7+m*QkS=U z2fQYJEBR2NsV;cJ5!TM2)h6qi9J8PBEc6?_H57T4-=Jvt{=vi_Rqy-{J%`So<~K*r zPs&DEvh!m-hgVqWL<_mLG_H){d=uPxOz((2n9J|I@PuF5ZJn}CU622-dgrl2{d{2J zQfuv~i_stJ6<*l^kGEsq;fbQ1&FopK=d1&Gkl8aOn7DZ%^2oDM0uB%d_tbGl*(hWXsBZN&N8mD2=~A-bUkd zdD?@y4lhhPPxJ%!0(r~DC?|Rnykx%&g08eiJpg~2uL%Ewa#7YOSa*(SEn9hFwGINz zb}vQtrSM%o=TBrGB2R7e()C&GwU21;hSg3^pU~3v@P-I67?HP2Z2tQ(zecYjW|Ouf z?dSsHT|-gf-(hGO)=64Oq=w4?f?f&=vv*gm4?Z_$Ck7t!VG z;Ewv>zQ2X{lH(e~GHkEn=1(a{{z|t$A)ZNgRns5e=dsP|Q*6J{x#GH#b49OoKtr9> zU2CPbZcJI$y{xHbz4?ay0`fPWhpv^+D7n6$=h(VPa+~I!Z%e^xcVg<(I19r-qzU9ET$xnqZqp3E>IfI4uIq~T^*2r+fsJZaJ)b63!5ZDJz4e)L3 zgMt>up)MPffUO?> z24hIBqmw$+2ZPtpUNLyBehh`~l+QWko|T6?eD!CR4e@UvtGb)Wub&a>^`KP=d*fAE1O`JM9AH|9cf zBbbSvEy3zi<9}q2rR{&5gAO1ZScMH*iwx}ebMLMwe&!D7d^tMp9&}^z@;&f&?0}go zI8#Y^4p&}<-sDT~uIJr~tMI7|lkYxs_zK#gOrpga8Eyf;3azy6R%AlwmB>T*y8KSx zmz_i36lW(rT=Be$slh*C`qcrAc3v5b9DUQ~L#kKp`~K8Bb2)pH(#SQX+`TW13F=&$ zZs>02@-g(`Dl2gizAnD&&Xo&~uLF-LZFptRa`GLMt9RuJ@*R_df91-u8^Rgblgfeo z5&jg}lfCF_d+9&^>)qJXr*tNY`G)Hj_@~NB@7u#XcA_hacWZrH@Ye4EXvxH}0}s&~ zx?gwezuPfo-uZfj{)uL;5{*b+YE7QGRPGCOuf9FWDb%Sw$)h~yaEi}rzp~!h`|<2^ zI7fNT;Y`KHwijP*u47MbqF*;_O@y|p9<_hH`@ZJ3gFnD451i3hOw1FwBij3zH5G5) zU&yA<%%SGgokNvpFGOFw+ZEt%G(DJj=py>Zz3?Ef{$Xg*(No*OMd_->{$z{+{#|^Q zoH)V!Oa*scd@W+$gu`+68wuYo6~3`oFkrF9pnigP?TlMKBgGGRaYD4#{k*l7{0Rf> zrQ@c5p7n3+Y1zfHGlj!t&_-SvI=A8=;my@N3yKc_uM*CY8^wO=sTr(K7#V2uihcND zvdA-8L7qwZ15a}Xh06E!sm8XUM8mdzdEt9kw|Sd>3&u|VCzI3A#5hEze?oZ zH1yJjss6BJ#qyJjkK6zsZwdLr2jOruDDuxkfi;Z@1PDpWm6Q zcg)X5x2}_eOkG)e4i3D^^To73n12J`5?d#A;km$p=l}EItl)V%V6TT|P7uzH=vxnq z<_8J{)4C#i9p2G zan2d{U3XiFe{40dYO=naW&9Bz0t*ud`5-dY^0$_6SaEpYfBy5C;n$gMxFD9b<5idoxaSyBzvc!aZ}>WF5QK_%8NvAAOK>$?WH=t?vvm z^AO=aHUnC`+io)lzBYkprtaE8v+uk~-_8g|{*yVP&Ngf9jp0q;13@n9qIZWPWBBDc z=TS}y7x8?Ho|kaOCBOf`7^C?m1@+__H?R)b`8=Y)6aI2az75IX81OUjCI^FLIO}#c zyqiDO2k&y~GGqF&J*HJ^hcUI;{W|5^aJ70)zx@1~e(kdR^}L?buXFA=?oTuRp+$Pm z_}=09uV`bw)8_&FZx;SlXeVC6IvBh_^feW}tg*S}+Gpv#)+z$sCy3SQm_i)aqRO7F z@TqOcIpwhLBJO58vJM%y@)-JNFw>ee7g}#|XdOAb=ICVhlE}vgj5Zv>@?@+{9y{X_7Jz#DGX^U1-)_ucwO*svX~=jht#hY`zCjFvU-aktDf z6AfNmr!vgTckJib;&vadvfE00i|5ZWo(%rM6?DX_!tIP@E3_ZS=cxJjX}mm(LdU=3 zS@1T>Jrsb~1b3!UPl9K^gCs;Z;3eNCN zr{^1$t)VaITa#wPS97D|h+7!vp#1fZV166z^&2jbL33D$e1BZBgZCNk+I}GK8`&!Zsyd26XZ4C*;QMy2X}is8yWIFgw&)#nmghcSY(M{= zo=*-%uHl!uR$DLGxbtm2$9ChSNBeommJw_8oIJ}Z?(;+T^OyAeR^t2k{XOtlESNls zzP3G>n2qeu!RIVJAiqiLrp6A6NRCRkGjbOHhAU?k<0rd@Iowsj^R>(`y3Lw3k~dS} zpY>D1PvY-&=Qncg!1;~llWQ7%WzS;dO@6T83m*I6y`=MXqjB4=b?X{QU4{onm3N(7 ziSb|o@d$^Dt(5nXIfvU*t;wwA6~sBq#*_=%aqO~{B)iNrYeZPOj*&$C7_9omAQ+49ou z_e%O58y$*VMLixl+9tbyDet5UCqIAAg`2Y%#L$Ry9iwgOSLiv1|KoSWJW+QMw8>c~ z6OajQt_m_f%>V25m~t2!<7%^z z1WJ0DWNJ&3;0cb+SIUR<1MSS= zJnH2`4vgGNdmF8^s^z;E}iqZt7{MBH{!!H`-RaDP0on3fxO0iVn-`1zlj~q$H%Vgd?$9)r4iZ0KcKH( zn($sPA|`CO2ZqAK*BtnhfIGwlKmGkcUjli%27}oQ?6d3AkrG3CK4}N3l!|{Ku zK*mnL&76DciQi2b7{42I&b44)s9>piECJ^?1OIlu*E+w!^;$*=gf)W zb|<|l z_dakBe`Y3gw}n{GdcAuo#hg>v!8=oz=mEc>=JQsU9 z51eS-nY$Uxo%oa)KV?MAbC^5DU~OXV8u(@f^Cmx17xUJ|ydAXC>y9xmEh92orw{JI zzmqoZI4~TS+p_*6=56}z8`pR7o;a88Ok`X7lILG(;G1;tzKeNNjNwY)zWuhNZ)Nz> z%)D&}zPjG-z}N1>$N_!O`5hVOOJB)YGV918E2D1E67^wFYYQcd#4{TpaMgLj2i zM)wY4Gww0%XVe`H+|a1Dx6}4nuD3&Tv}tJ0X@8a5KK==_7cfqFWZxvodSoPVgUXQ* zCtf^YaAd%9#-Qh0oiUhrc<`hKJh9Je)ZRz-K$Q2c6P(3EV~Wj4;)79QLYCK(*9?4! z5>v5^>ub4oaY1gy?%$6L)ukS4rW1doo0~ZfD3V-#^ zJMkyLKBaM!@mHsGA7lMOHqwvCIZz!)>BgTibCct**1PSTrGzZorPz-)#_Day$O-78 zy~5V5<~uNnK^yHA!Ga%qU?Z__`vWdD`EG{~NpXjL~_UJR`X1z#!vvTp0BdNe-Ex+=k^4eUG7yXBOR(I?4g=}-M~ z`ZBZkYB~LxgAZpK`kU}7oA!ytB|dG*kvRQQjQ=e9l0x5jKQ24Pf4YMHjiavKYX1(c z=ZJ^LvWkrlPdKN4qx+z@eQl(Thr%8Cgg2u@x@QO(9jyM7X9%Hlwz+wT#CMH;)oh<3 zRGi{R&%&oq+sSS9(3X6dX3hil_;QDZ4!=`ltqsX%(KE%Yo37v6PaEQs?OE)d!0#nG zi9hS;55kEo{4wN?P2R6PHYq=)J6Do@DbPeJuucO$>CE#==J@FRF+H`w4_zsIgZLvb zc)<#A{(Q<)dBEBo#|reHgXlk_8S`lLA7WP$%BN+^*o~YIk~)q!jaKR9ud&V(gDHYLZZnPUxkL7m@;TceyTQiPe=#w zAje4^^ARZ|$3SwMuhOQ0driMyYha7sB)Gopg)4dq`5F55egvR<){9ox!t0lVc@{#KK1~XpHj$ynjobl>?ir^vLAGm3+ z+Gr=%R&%3y)|}Nczekz(8tzjmuXnoC;yabVD-C!Zv{G8< z`K<}U)qC*0Z>PWF$s2&vTmz?+DwikQJSe3~{haH-N$*yg^X;5-&FGW#2Rr^R(AW#U zD3^+0=JutS`N-wJ)Jm`NV{2)@(KK+cf%&R{SGnWsq%QcI8Q*J+Pd@+7zOkh?%4UfF zh4x(ex5MbS{c|NbY-kHVO8nog0@1f*-g3bN8K!ligV;=6@OYhl-eRSxbjfxk$OL!0=0sGpol^ii^peI%>hbMCu`bK%`^()>@|LZbnFM~6vGkw8=_h|1&%;^he zPE)InGjEbB;2yZ2YUcC>XHNC*#eg;0TlbsPJq0*vU)ZSmdBi{uJXfbr?l}BGWiy!9 za4v_oS*6FxQ2H>ZOij#7A5iSr-KDA z@U3LI{@nSt^R@QtyZGi3;@chgYs42i;j1QJ39y&Frx?+%VxyF?)~xmD0R2Q(e;~a^ zF$Y`bSN3GHmKrtoEPh3BML1GyrL`7YRvq~KK`Hdp&ihT^Pd@t3Cv~`iwrwB09DBM< zey#6ZjgM@}&J%l*t*Oz@5$edb-y*xm7;4g`!oGd5rPOzHrA#*aKGC9hC@F7Z7X z*6C*OC%Vn%4L;<7c!PM7EnicO{-9X4ydkV3ve#9-7ypG>YY_cLx8V;#_7qzFZq1{Q zSm(X0tHmC})(hQbd{di=5s|MzI#LS%@+FAAZx@|V&Z3;YvxYz~@D0TSZ5)Jexbx3Mm=Q{Dc&|&SbGP%DQgSYSa9um=YsynqV`U-ItuLKjpfY#Lu zKa7rsCY>?3?X+W)#_JEqyUFCEwd-%Qp1jtyJ&pT2^d5Xyy{xyIdWDaw?`Chk6@hT3 zr`|!HddE|br5Lw`wtx6m?(_7%ka~fweEc!i8x_ZNp*d@4W`7ssIWRx>4seWp1<0^5 z*6A8(>$O*3JzVo@S^VyX2Kv1UV`dyxr699iDz4rk~8gYHO=SXz%hlrkomn0BuGNW;pK)`n+-ui&e!+X#>9 zMlVPi5#+2pU!8Pf*0^6uVLfaaytx*AWlqMsBVT(dB};y`>#?yLGUN|U?S34dhJ997 z&fMhkOlvgJH#e>~e4!+14c@sgf3tr)u3zO>oVBPi$#zUW|K&Zif3)8}9MCuzkIoZJ zWju2kPs_@wt*p)A=ODfWUR$L&EylBn@d$4!c$da__S5$?e7rAYw2bUnot7n^*J$Rq zi@p=b(!GlDU`y1+t+ZD0&r!Ua4GwQ+j3r!G5Nq<06)@!lt6a+Y!6U~0K{0iRH~)9z z&r2GAyQ9;8+XI7kbo%BC$(tI>&Yw3%b9_bLdV0J9{qqU6-1l8i!#hhU_c``E201?-zBrCJ9_DePcsubQBTm3yrN6f0``9S?GYcMD3U94| z4(GA{^#p$Pr`ba>gS|EInNImoK4WZKI)#(Nqv$<+DG?U>O?jk zHtSNZvF24%(2XHNzOkK4$;sABf4KE7nhksIOVH!c|0lSw>>_BhPG+?p^bbMMG|HuH=l9moI@S}q7oao0L0dP| zFYMIQFXHD|mdYGaW*pC}=|5)-%q-2cPRH@-X?|;)UR+PC$_K{-nXO~bSHCjWw|LE1 z-;la$-VuL1lh_6$hfdzjIlIVn)-e;yOr8ww`3W>uisvwIl20A**iP06-MKx6Og?$H z}~S-utH;teJ&i=c=FGm#SZs%yFREX=Vh1M;_;Vym{$|xr?3O z^BWI6Y`OcN>~V@FMUU(so$$cclM1XWk>!%KYoVI@^fsKpPPORYP{L>V^H_U z4qWYi3^H)N+3APgJwZQYGrM&R0WSB&dnfdwKOPSZ8b=OGqvN&%4_6=6`oqx*AF`Wx ze0V|YpMjTf@FG0Mtvdx?7?hs#NA?P#1DyA)v-J5zhJ)kSnzA>JqPyxW>SO4nl9@$c z?Uyg&t#0lX*&9c*;b-W8$3_$X;gPAXJbjNj^ZFiSzxv=itZf}Cu}XJ-axVRi`Hr8Z zZ!SGP7S@&e=CT18mOHrlBsqL+9@p>lQQt3j`u>{>$OGlSJZ{!c`|WMhpWxNu5WXdI zO%BdlVxhLcXRLV;5uYVh)Zmp81St#r*4geg*uLvtS$jckB5Vp4obn6I(~yvX#r37x7Br z!Z(?N%?=*8@ZVwb>-XE=8o%U`#rR9qN5-W-c0LBYf&Es-o`#;(!uuA+T8qz|^T>Bc zZzM+zJ`0Uo^Tph;PxjXEbj=%dQb{aLZS?AJ4f9~GiPP0Ja0d={4q4$CFmK9jR(xCE zd^HtwulcI7=gYizzf*su)7RVcHQ-(QjrKf|K+2t`Hg}%P_l!rllp^`U_qAs3Dvj+N ze8O4_u9&t<82?n}sFS%<%*97mN_RQ)w1s(^%eQ-(Cu~gc?Dp_z=4l?|C}R!b*JhrS zS3RxqF8c1)Cm)KLE61N8e~Q*f{);m1T#aI`E|g#YxH+G_pI(buhcsgeyXcQ?qK!{P)F%@>-19ekaAt4ujJ|)eyHmr z?7%$XU{3QH$tOL>KXo{Z`%){bdoSx_n`wI=ZM)^X=iv1{V;tUd@MfuwVDp)c)RBvg zqk7$Es@DgOsNT)g3wvmBT(ue;rERo^Cb71j5g+Tc6Yw-i0c z%a3zp<2^IT#NB;~^+50a7u@@x{r>+X-9PN!4;gFruRY-2KbB(ZyO(=Q^6f79q@Le7 zE$O}}>HafG_XXU$c(;Oc9Orn>S*Ka1}L+d5!t`th9YCud(zWJ>yqN3z+wm3u9DJD}4k zE7m_k*{V&~P&VI!=VFuaYiI?UfTtCtKocFr^LOG0odxgO;;iEdS49)m)_Dg$^+wTj-?MY28G3f`Tvo=9w66I|uwW1V))+QO=Q^(64Lr3}*TnSc zd9JRB`_uJaWKAl2)*Ete?Q64wHup20IP-Is_?iR5&fdX!qimDWUW?$)1GK0615SH! z+N(Yncq#^;h|^v*^)A&l?df^0u4zx#dxT~`nPu=vmCxt<}L z&*$(w3Qq{~&mO@@&>DT6m6LN_5S|d?nt1KEb99d`_dRq@$sFOfh0G9MmE<(9&jzO} zz};#q=cyUkHM7C%A1U60ctLb2dmY~4_d%_H-ZaMSzyIPtJNqaXb5}w0cc*>dWOZC; zV#OzMZ+w}jhML&^PrLU~`~DX9zRkWL=iWEl_cyrrP4<1BdtYzgU&p-}-(#OP;~UAn z%X{X1g?wg?4lVw3y2SQZ9EZ04eCd^a{tCeyIzEMOMlw${eX1hlxwcZxbH;JXdWN`r z_U}$j>s=>%G=`oP#a7)r7~i*aGJLIWEW$EmX*>S=(|`Q4i7DG__53i7eGBa!)|~5G z`61+cmai&~Pap>zP>fRv*W?UrEjIo{f2)P>Pv4fY<{)2qRQ9y&iFAI^iMOP~8))l8 zr>&*5gW|)d>F|$+{^OZhfB5N{U*Gh5BlDI@U&#nYHoWoDBeQOK{VN;cjWKX^%T>W=H~iyE zkLX@FE8G6}W308Cz*)CHLFD~T^~vd<_G!G!{>NG?BP^ZZ1$3h>d?hjTThUq+e?b@a zo8UG|@N&M}WY=-3I49M_|C@QcEtS}Rle5{j(}Vr@rB-&8&NDLQhM74nFt~H>dV@PZ zPsJBBADsD|?2^Ka|Jwhh~Yy{jBp%CGev>jm%A?`(W5o1k%Mo_wv? zom1#LwztV|O4+)9|MR*s_P|B)XUNa5J;c&w-LVVyM++G{zH;R@GUa&xUEn8O7#qRp z0r(Fl$qx-KME;t(?g6KIiGNziKD>VdX40ou!b`r!zpj__`wags-MspgwRQsKEYF`S zzjqk_XMa4A=18$b)mCvW8>NAj9O z>sfDWB_An!i?rqv=pGBsbwUsI_+O;MUP2sCoOc~O>*QM>I3T%X=3>8Xn}+6Juk`{G zgJGS!=SX3Wb^65F-kH_dKX34xp?ziaMSc1-<5b+0=0x#x8na8U#`j4-W!ron7`Q%Q z*GAvtfeB|n9w~M9Pz8;@-5;KfFF$c0ge5gD3dn zjlW#Ve5+61vx~B@@pW#IuO6He?xSxMBj==Big)D`rzpR-WSqH2ztFuKGn((~nWVh# zKIN*gCik5Q6|G<$5B~ANla7DJfv27c23I;TkbU9ycR^BrgUns@QetW8+xs! zwEqM@t8_KrFgpfVV@kigcik}hs4>QXv(^vuoS15#6OXBK=cy;gT<1X7U*{V=(|zF< zXN}M4r~3Fa`Y!vmuYV@~x8I&ozx=?>(6OVZVHe^n3ay!Dbr9c~V&G=(ft&89p_54$ zIS}ZXgr0GG4sv{o6?!Dg+WwV2R@RO6z`)mpzl%9oMqPQ-gN|7zA4VQ^=sM4-V>5A} ziaF32ZWMg3H1J_(Ua&}}OV^*KF+J&w30a(Q>9Yek%7^xz7ay2AFMTPm zgT|#XE)#t1aea^%=y|i!j47pi0X#_js+Mu3u>OzS=)M_QHjVOg7R_PYsV47l1MgFb zS=oc#5oN7-1LF-b-Ul?#?syra#;e%>f#XbVyp(Z@R}TFv#yjCJjQ4xW*Pbmvd=mE!5Y%TG?%`0aRwu+Cpf84#}^x?P40C=CWr zANr=Dzk;KICw8_VFNi;Gy@xy->E~ZqHO5M>`v{z@_y)Sh2Kd%%7HbEo1(LzXSXYX! z0~a4-KdY5(_EgTbtliMM$tl!@j8^~kKZJ8L48Pyt$mQ3-rIKj{U4{5!KL@_zFVfn- z{2H13OZSt{3g0sR8-MqG$i?@;hrz?r>ITh!yytylAy$ElGs2%dqpZsJ$ur6p`m)~t z@{*ry_`4-THp~dK4u(&>)i?D0Zq|!V;=iuq`9gf$QgPd*&KD=J5B4DUm-sPX6-~ zc4y8e)r_F%Ek6hDCGf%SWu^tbzu{Et8<&z)CUY_K*rM5svVE!D%l?jQcwFW%V#b~RpQzv*BI!r)*jc_%!B73xh#A)gBZI$S z=USV={qKS68^Dz{fF`X`TuK|KpohWyw$8M6&+r8k_ouSf=^NaA@44QYwR{r;e~R!4 zys(WNmD8==CckEWYPjnO;U@f$H3#w6eEMqZh`z=+&y}AB`dq^}*64k%qWsNaImp+Qq!chti0DAnk6MY@;JA-Gm@!~hL9DIlGzQ$2 z2PS`*zYc$4lbe5aIr!H(i&z`N6;@|Q3Ed`_H9i%_nLQIujKnfw12FEb@aO)ay_W=_-p7M;OkImJPZ6-McrDX z&PHcZ-~2gNSoMgeKIA)nGpNWH9y}KMCnoeI%D+ze!Q>GrgC4E1W?#&e{-DOB_69c| z;=6L{QQHSh+k+bSo4PU@zX@H|QOEbyCUscX+jYFibJfx9wEZUK{kise47;2l-wT6+%hPF2h&cs3S#90#A%T=Y&Q&jE9xIru8ybt3PC zPg{|9CYNsWl(6_h9zGAn0(J0iax;5%sdo?ZQM|+Kqld4E2E|XrV}5wvDYM8I**X>e zLc8AelRdPXLc8r%TA${;b=uyJeAT`U;bI1GJcL}${=h0Y&K$m|IUI`I0S6L-!E6h5 z7dm_o-}%8AT~Fg$dlua_nmy>frVZ#-??1!)qw|0PeO6yx{&xaAwRxX8({GJ<6Z~{d z7X7#bT8+UA#1q?{?>gWGo%5hO#@fZVT4z7r8!R{hEq9l~D`tp4K%101N;!Azq8+uR zwPneZV=B*gC;49db`UuMzYM?K1HUc4&YF44Wkc(-(GCAUYv%%9Rdwe5buPJ?08zXa zZEhflv})yIifvAExM;=EDy>x7NgzRiVAa}bv7iYgC>pFeXlo0O+)+-or3j<>v;&CZ zCALNBbf&da&Lt2qwu0ldoC@aq{ny?**@?03%=hs;Vehl{y1wgO?|rQmfPduTTQ3R} zbrtMhu`2&p?70dJhIb5#KPMPgbG`vI`P1{he!My`sOtfId2g}a2C*)NKobhlvo9v5 zY)Jf%#I?+( zYE*g6Uzs1K&e7Z76H<^!WFw;}6vRl;(`O_gz5UtiM*$2T}LCw(ddk|8m#g zzf<-F=1_J2%B@dzzhUbfLY+h7$o;4P1e$P^dbbL1>F+N`P%pIPJA6A@DZ4^pPn|EQ zPP?Xu#CO_yoc=zqcjicS!naQU`3T@@26f3ksy^RB-3LyFx6IKu%6olPf1XmE^z%oy zKKca?%_QG|u#Wz1SWlzuK(Ky@`Yo)ZkxZ*?%jx?AdI#1mHqC+cMC#}R>krxc);Ft8OM`~Q>ufzve`o34h4rbF z`}uhetapRYy|4~#IYr+n?}znus*`?RYwL4horIrub(?a@A;S50E`={4hyUR!lMya| zUHDdPGDD#OgW=m+BN|%;bqpr06r4YdZRs6sjXF!1xt?B+oT2sJg^b{wqs!eq(64_z zfi5xu+BVUV5&porw*K$`!gr&y?i)WBOMVu=bIm7WSx;Mk(or*fv^~4^rR~(gId7oY4eD5aqK=#sipusDk{SQ!|@VxqDh^>7N?f(;bs(|XG9VYcd4bdGg!`cSRm*J^2CtnIZMZT)&O?ZS_g{ zZHCm(0^Y4BoxLK;GbR|ZKI8tfp=8+=f6ke(5ST|!!QT!#!J|Gjj|O4@1Q_f6OqrE8$OSQ&R9J~c`62(6baD4FpN+U#x^ zyrsKg2!DlJx?8NQf*y2Q?9d(5^KFwkxQM?7lR3otKh$J09ryB^eCnfPx6F^Hn?l6U za$nY;KkQTgOzIciID)*g0GzyP1oO_`h^msnU!Qkq-N()Qz06rEq_tZRZ|2>b_a(f$ z^WNHb-orifzK}dsm4Vo|crx#;lGQ(E-dnvGqyLZdZtL{$#G7~7DZRdc8-4ObF-a&b5j)Y;Bf9 zkz0VptWUe+EkdV-KUiI!zH48|bw6|a?X%^}KdAnf`QX&yjzeS7KW{w!&+~2u7R@!# z0`_AsImg-08fO2~Mq)RYflJuddiJ%wjBR=~eyS{Y@1VEGa+r;GaP|&nx$zGA_A>E? zj;+FpF|&3Cl! zWg8Oj)h^z>dbkPU&z#g!dt&PTx+2cOZ4Rxr_UsDgmpzo&Ct91a1vUe#7p0eZ_CFV< zvbo4tS_xdOy_$B@l(qIh(xubMez+%)J071xYi)4}{zmGiuCVW{@8h51o*Hl~K^d=} za3MUl$nMeIT5B$f%{n{KqCHlsQ#@UL(Oj0~Gj4td&{OdDw0dVrZUDa0TSxf(7WTL6 zw;19291hZF$+y{@bz*r5eMldOloK2Ca7UDVmFycpCr0M`Ea#PjU&wA{_zgOsqu+R5 zFpp%y7f0G&#D}B1#EAQ{`%u%gokP7!lU(klm%deWr8DB#BX7J2mhk$_%!E5|Sy8mFSnZ&vN!1n#0_WER!QB&^GF|Etb&3D&x z6n)sGU*~?z`h1o9RQklXB7cQh3kO*XS*(Rktc4M*g-z@;y2oU-ZwgOo*~D77iM8-z zYu0N2xHdB{vXR_u4n5mxvaKJ?{$^bIO{|^ugK<_5a^pp@U1x_|!rX%UI>EnweYS8uaM@3$E??pnI(3p&)dTSVG07?=z#$i&cVmUmghWz`3>b z!}3fQ=jMJ4zFkl(eCzcm&BO*bso2COg9n!O6QlYvI_u-;VP8cy1lE~q>@V{3c3PXu zx$zirI9Jrjwik$dcGne(&B6C2z3)Ez&bh$$DVu9fJcl-NkwN8a$)+yseAZsxiR^F$ zneQ-i$?~D>FB&A9Q(l*WuXj>^1u+=&So3-4l=4&Mp*t$>Z^Ixnei!|$p`YM~jW>7p z0q4Z$*>*#5b4jEv0t^i@aRgc&LYMW*M7d){{fH!V|Br0PCO*@a3&can+&%fQ4@nnQ zthVAGuCsYe+#rkZru|v8AHn`0-N30QjQ!oQIZt)#)BZv66R*zMZre4q?ey8iFL(PK z0Y(w>dUXfgyvCRJ5;w0`-xbBqU1$+(3-YIU;~D9;A1THTi9YAm86ED7$;)@1n=b^v z^YUCl9&4inE~@i%@~FMFjJN1K=)y_Pl^9_%V;HyWyqfoX@&uWuJUyAG9QzE!vUrw~ z&(Mb&|Jdla@QQt;J#hF7F$(fs%J$-okGkw!8SDTaypFp0l&6tC1?fvQ^=TdqI;)rO z5c$|AYWtVw-H}g>^`%G_TGskef8HkZQGebOX4q@-#jmXX(c;|I%UX$151jHEGRL+_ z;Ma@vp_x8h$y^B+)%Qtuz8ra2>*7V*-yC2Wi0^j$ZsWe7pCR&#mMLzml09BYU{nU} znZzGDTm5X-LK(KwYV@~VtOcDBqW1vl@39w0>tPzSSairgzR0DL2`-WyXkW=%?kW7S zk7pr6TAtP9$lR^ON%fJrn{`=0GiWDqYg*II5fjrr?akC7`?&Z`2fRcw;xg#|9AkFK{+&;~Dd6PM z^zU8h^i?!k@m3x1h9r0@Ibm6`Q!Y6KzXs*@68pE;rD-=aN0XT!!CPyxnt8Yv7(dP& zHUW3hJ>}WJJSxw6=J3npX#(~=-=GKf8-2fqZ>*W^-nTiF)0&x0In_T^Wr2ce-m<-?Sb_@_ik2?-_=Vb$-Y)<}eGHVKe2{;GdWUzV)B~oy?!^M_W(d)c@ZT$M7=0Ka!8R z+O2%WPQG7}?`Qme34GH1i^!2}Hvt#fo*g>r_zPbnpI4V+^E^FQa^W*K_pY%qd^5g( zp1yVgdma4zS!;bbOX=fx$S0hZAKK$ZA--$f1o{3AzWZq$_Ucx% z_HrAmH{>UM>6>7FqYvhf`(XaD@Matq-t_Y$@TMOY-i*t_oBnw4o<_escweb^#w>VG z;r;J{_vJRQwZw7a%_S9@R|Vvcye z%eTAreGR&`zbyPF`Jl<%;FW#HDchj34@NR)=*hQR2PzBSNw%2G6<*nCpSSJarZO#& zOg7Iq_*OGeS#;Foz1*+sm3^|pmYt=t_eL^*-qHQY3w-^*;|S6@yaf6%I2u-t;APTb}r@qtndAC<6_FzzoJdg6NVW6_tQuZp7nc=>u)?J7GplF8xuCf{ZaRCWesqbBoNuj~S+>}-{dMl#2N(;mKE zH&EHHQntcmF7(Q-aLQhc+(kVMhWhX{5zoqOZzKtEI zY#n7M;H&n^zV4JAr?L~c^Ov&U=i7*Z%FdM$DZ7wzIRllwjj|V_BY0)UIAwEH7Tf1zl$}Sp2$WfwSQ-&WbONT!kJRh0ehKxG$G zwut=_UfC5+*|$`-D3ZCI=jD`bAE<02WzmZ^dSw@kxAf|Dl|^oz&GS=~eSV;_&6GuN z`kqsEpIH#LWq+o!=uX%3{3K6zFV1MPuS|=l944lyvyB&(n0?lU$iHmIp@Fi z#}9{x#w2rW~|%Yv9b?> zG<+96*;HzQ*Wdr?_|&%kX47Y{UtXH}0~_V{25h^Hl(BQ@+Ek@G29ePX{^p`ab9*UqOW4##SLFuV(>H4G%;#dW z3xe&F*vrM;W@BIcaO4D?jgVqZbvJ~zB=R{YHs55D__?IJzdjON;QT)BY2PoK?jHJ6 zYdH5|ZprZ=_I%l8N1HnFo+=$!QD zSOA?yu(q&5{>R_ZmbG~D{+)aa;*(|{&B}w6TgP7JO76h&@>O!ipln7t>scp^*&D0Z zKb29NdNMEjG%p@ZH-b08#dq&d^NsvRn@t|)qm@1jF1D65j*Y#!&Z)D1x$jfXKYz}C zs>rtA-{SaZz4fOvzWw$d&25l9v_6_r2a^V}{IS_nHfp3uWOGTd(oO^nPV9fcX(8e|k6?E&HM4#;vYssdvYzxCU+RGCNo9rG zqCd0PODSCT@OUYGkZ*Pp>qC9B`|eol=XtPqec~4O1H5~%|B4Iy4L%y{!GE6h&-eO6 zEZt-6>b{62X6}Tw#25c}j(He*=lZrC+p*H=Tp!(7^Za?*Izl@=_4k|K@QYP~#e^{Y zq8S-#BX*e8*g95o|6E9wt@owyMm?J(Ltu-DVjoE`jy*>Ep)ZR`Zt-G>>hO74{zg3$=}*b7f|$47 zJeseyHXL7GGrm08i|lXKmwxMxL+!B>AC&FJ>?^SG*#YJ*!u+dUc*IIehi>EU2$Nus zow4Wa_erNdrF;AB{B!HKrFF~(=aCf@BeKbvS9{N%asPSnch1Z2onQGYcR?q0Ue`m% z&;?l68gD861-JKk=YR=c1!vJ*#XwAUV<6-Y7Jc!)IX+`27DD?BMPIDXnE9!3$DN=K z3rofwW!$yyxcj6tZlySgwBok$_Hon?59t(z^Bp2q*uL`Wgad*%}nU-&fbzl zpOXHNLMKb1gCsTtVuv_?FM(d5{@kkg6m)@I#Komr@TI~tBE)G`!%Iup!((YlB5e0} zZwQ)kjBTG`PbYlf{|#R_yHn%PxT;Ube+zBX{^~k#Q)^>Wp?PBw<6iBKeFJ=Y*y2ss zHLw@75gwmL_fgq~T-mKTCy8;@F>Z&(J9R7m*0WV9Z!z^=Zsn%J_4BYP@6K^#q8F1GC}hW=Et zj>>(KekF(n(RcNugS0j7m=Ds&&D8ZWed}b*&oSP&+%X??$E^LY8ncZtp*;3+#>{?i z=2r9i3;NYT-5reK1I0Da)-KkD_Ou%Ms5X6qlZ!n#vq3VofoIj&vZ_0WY0{{ILexbO?N@g{IfAODVd))I>FP98`Mh`tbfvu;zJ8z3@T&e4^uOT~c z;$HDhz)L=9JzqjDkZiDw_j^K|9mumApBA)x`aSTyO~7CKvvmfbWCL$cx1LruFJn!2 z;oGeT?$5DjADU2!tTP;0ySaFLY!&tWmii}Ax0S_f*@uPSy^-^@*TNqX&vD*;Jv68b z*^T-goN(#tLhgX3u2Sl%ij0rlNL{O_tJ2mLiWmPqb-)9V_oiDJ8y+B8GKEj;CACdI zlJw^%?A7x6Vf7C34pC6g}I%vreNcc&9DdD!jI8X)8($L4q;vCC1thTaEWC&~&5oooL^yGek_e zzJ<^y8_*|9FEG>nvT6w3vV*nTRJ>H*H!|ntOYfRvk7k>0Q^JgY3e2dFUt5$8q1>;>?YHt2}wODo+RHO2G~0 zDemfpTRpw76r4>VLx`TqX8G<@)Nz&GBbl?ec0aNR8_X&E$+vcxZ@c7ESW#xr=PBg7 z`mK6}uhWrbZzb=Cs)P0|FLmcsFe{O*581?nc@;3%9&*i3da7yLN4d2+|0lPcGtna3 zj!QPa5c@w*o9^Cq`kvB}2X51IB)-Ol&YijM==apdw$JdqntuGw*N@VgN#($Rb0i!% zHbD1xgS#a)#Qd{PeoEdNoyYe4XJbpkjc@*jI$rmcFC!nk^mNSuea#5RDmdq>hB>V$ zMs|YcCK;>fwl_XKOBkb_he)Yx58UCyUIA$G#M~EF)!iFht#i|my^cXAvCS;rmO>8s zF6|n{mo)}smBfwy3w_z5zQDs1@JaD*>C$WHj~}1>?~~DICj0ubmVT%|>zbYC`bPNN zfAq!k+i0VkKefN>2HNL*9wVJgJdAr$OEyj_SF8+u9h*hlp~Y4EtI>tT=PQewR#gzA zdJFc4L$RsK z1y0%h6U>F`FG3cGFo$XANiF(WEq$#;KSM^mJq-<(4^{C5(u?#IJyJQowqhvJ$^@$E25}b#!*O7MH-S@-l z!x;F&aqbbJ59>n2as8F{Z|T?m_uTd`X+{=uOXj~NfQ>$kqYY%i3?3zW03WIAvQZ; z2oF7$V!nzUd*{9??41$xg&_3?v7dmmZ3QJ-SI+ud=X-z5_r6;1)T#bVf0TJq{ggdf z+*@{~FaLwS_Z9ZtS-1a2Y_+BDu5BS1TC{Bj@qrq@asTzK4|tJ(e~V<#1h#JJ0Fn)W zueF(rF1q%`eb$ce+81>$k8GHi1CPW+_&c~Xg1%e2g`FF^RgSJZ0o%YH7 zgC-KMnkW-(^kW1LC!N!iBL-YK-@FXMmr=!NF- z3g$79Pye73yZg^4bZ>dLTaODf4?cNk2tK{Gly2mnZqdJgV@-XQF*SaMegFf_E$NmQ zCdxI=Ht{y;7?K5y<5xNM8hDbz<__IBRtjzEPbaFN{iVUnCKN@SGp4LAjeIR#x(;2M z-&^G$L9ZyEb23LhkFB21(j#K!@MZ`S_A4mleOTs@epOt>^s8gYcU5 zru2UH_Oy9*>AWtFHzfZHJ32JB8@h5cu+~1$fxgx74ZHtV+5H2|pVdL$HL>-bA3k!v z_9x&cc$xH3yyvbPt9!5T6QOrEWN+z&k8}>@oOk5ABgk~biN|!FpmgzMS-|>!#B=TW ztn~jke?X?o!Uh$k@7&KJK4I4!xNCAvdy=yXOYmJ37npY7-L@-q*#!8^?ckkkRQqaO z8&!xqrTD$I7WknH%T_BJ_ts|c(!!J9MZj-2JTwCQ63mnQM3da}KO2Fc)=&p91Xtsl z-!@?9wXeKh{Z9*~Q_07iG55AE(UnrSu83O~@;=&Lk>?CZpXf69-dAaZ*A-8;qL|g&R;|4+gin($sT|mU`OIJ!r@$N>wWsr zhmTnKllVx!x53xOm65-e{59Aj#Iw`zF0YOT#fsVT`L_Iqk1LNq<0IusyR~2WhkWIc zf5B5T4u8m2`J9T~_HEnzRzIpKZ`WYr(%9NJ`mSF;{j=*I7-8S;fsqFv?X~Pr+i~(Z z^3%q_R(DClzeI~i@@y2JU5h*h4|UdHuQ@X|+tQwfZMSg_zx3ZUa6jWKoSQ$yp&xbN4VTSY-^d*S z^Khf=6Gh0U@Sh5NCZG5Aob7RVj^;-H{Qh?Z7S=n=25 z7jblRZn*s*bZ8TFXk$URUGzE&d4L$yeS47yUNTwi`#P|E1pBls&Bjl^iE(bq<_;Tt z)Z)3(EVEs9xTInv;J+i_iId@p8?jkH*Bl!rG*Y(lH1Woe%b_)8BuOKHX>Ocdu>z1bxnjRmF?MtT;e~V`*_K87tI$Wv#+Xd$#hkn7rdOe#l#ccNF5vfNzTXjkU*2oC zmJWoD+GEE~W6zDUCd#l;%MKu$bQL!0QlIUc`wMNXP0@^Sxnd@g^iB4v2zjL+ehd9m zX(gnIpO%u(;$FzbduZyvp_e}UarCs`{n~bHjo8bW1L4@m$zn@cf37Un>gj9)$YNWY z`^sXi{baG$|B);<(v`*N8#Kk%<(I|$xDxJ%E1q01dyXR)h}S#_T>jOCi{Bq3Ur%7h zr1IU+&;W3j91$drHZ%qtVE#&(uOP9pnkVT%c8-WyEsi+nvk~WW)D)j;<-8zxW55%| zE~MlW01p$wLDs9{e-3@p^Rqeg<>9oyKLP3pf`c9&ml)2@qb}(IqB;Kh-u#&Qy!CO! z%ICfMy=b-O65i43`GS%2?76&F*1OFh>!sMw8nnJ^;aE>PK3t`Hds@BNpDOO;ur&K( z&NPOGXJf0?T^fgq_pUl%vgR*AhJYuD&MKB-ip+We`}3Z|uRY41jgwXXw(HmSzHu)T z@ifj|vZLIyag=8?d!Y+icmI?A_Rw#)zqWrh#Qp$_d$5PyM86bor86oIL+9S2Ur)Gu z%XNRP{O#Vi=YWOwoX>(kJmLD=m1iFP!ft>10b*HZVQW#Hhk&QbeL#JiZGAa*uexk? zN_XnYv2|^B>(YMpx$t=PK5LmzwX6B;Nw+?K>~QY9_Jr@O{dCw8OVpCuNH`;qQOA5dL({Zo(j;c3lz<>&Q_ z|3VM!dV%qVS!>IPVVh`ny@?OGE6RK{8?$4?;_zz0R{B2Am3wnv#8#W#b?A{btL(QN zGhw1h*fLL`e=W&A{>&uGgl&HIbu7+at$V!Emm1FeU|$kzeG0yhgId>&Uwl8v-(2JD z(N4odsCi3aUFBu z!T;5M{3rz6>rBwXeT@tECg5JTIM@Sse1I!A=k7sgci^sXd!gNeyUNT3Cn`C+RddN1 z64qDaz$F|%4Y=6xxNDX8O50X7<(4wc-7Z^xFsvYEchubco!RKIMPeP9KSA4Vqk!>K?24*L2jTx(DS?C9I*x5lIOvWGtPUoU^PJbK@HU-_p8Du0pI z>nD1A#mR}r#v!zSin~#m`w`&lO~^=VnA;VMv%!RqjlR%KzcwJMsi;84ED`7j^gg# zIhXA$3>>RE-%Fbidxtnz4*~CU?61 z-|6;$ldu0T6nX9T_WuRWt#roZ^hLhgO}_rm=3b!w{h!Ujj$jT<`8z$b za!T<_t7`eXm%nazoZap?I~ivub#^mP!LvAjlX=QrGAfoc@8-+8nWx~HUfP6M&Yd?e z)HpjCXD9R2%{;B=EZ|YhQ*NNJr_6fpCUNR<%4nR28K>@;c)~Z%!;CZM)jL*>Vtwb1 zcxlxdz8_|+2Zz68=SlaN9pbEjBh1%9JJvjChdF)9;;hxR{5@{MmX>sjmQZgqX`JnA z*Qd_-?aWo3IbEI9sc-#pw3)H%j_5UveLX%GZ|vcDb(gJS?9#ElafI)zvtw^&?9GgQ z4P&q3{84Z0UYRQRo4<_4zTDzy-?1-e>|w^fj6U|xr^c%})p&E`Q+&MbFnF58HmS3& zQ}ByUmzSL{UWR_2?#Iuze@Hy;NYb$_XkRq zwu!R(9w08k&&!&`%cxW5!XBDn_mF2snw<8%@YIyaw)b&-{gd!E>UHX;ukwwO|9#rD z>DbrBKm9bs$KSS=B+iN5@|a|kaC}KF_YbKY?wZ2s}?yYf%)rC;o&lm8N5`e-km{1^JthkNPdAHln5r_RQG7T@1Z zrXaTWM8iWj9iP&&m-pJ-d${-3xier5{G$NArr%G2!}jcJx2$wS)pN-H4#nk@16KQ7 zdCS786j+IF^x<#df@B@>luys-%jYEDbO8T_zOxwo@>w4K0KY8(-nSh+Vn>fX#O33} zgmjhdYFZTrN9vHb*1!jr(Emzgo&X&bj}%UNJmZ^!32jS`^2-As`Q1;Z@y2oDhJnZN zWQx+&!TSmOjd>UTI z-D=2ozn+hcGskQX?uy)*;=C-K8&!&(I#pI#o(}!fwp!PhF&o=T5L<=h$zsM{Lq7Z} z@nYa3K0Al=!sbxNCj2gQc9}cp@ckv=sBx!9K*wtdn2ecZY4?`r+FzVExY&7bA!3T4hYAK%x!lts$dy7M4h(mzlB z$+P#Z_Ugk+fp1l0tc@p`>Bf!P$X}XUrTcZzmBj0WXS0Drka;XsI`f@ECP{_@<+A0L`sQ7G03yu0?)u3A zCf4>EVlIJ;=Bti+&>g6cKjv!^JhhJb+NixS`_9qcgSI+!%xd()66Dun+AE^HQrbEg4cM~=LE+YsKdWgj*FaeAzTxSlRc7Zrmre_Me! z4_Ysr7pAp-skcTrv*{!AfelOd?_OZ#|K9cChnHx3G8!n?I4s>~op450i}aIb=X_Ut zp2raJjA&&!zHA#iAbJk1$|y}R)Vip1*TquSh4_!)u5nqMWStcif}_M;XzukVeJJNR zdF_5BrdReR%NNQ{&>M4<j{(%wg30Y82Mxk52gX>iw@7pu#ev9VTQ4BgHY ztuV)`pp`-H?Qq63Ha3ep$z~ac=S!bTUSu*gg{I|Z=vCq(Uh;4peGsIENI|s)%eoDC$qS6 ze-U?IYK)WS%7#G)y_?Ua2fKhieY#rI=TC!XA~ zS@+&|srE`}e>ga~#suCLu3NbYT$dj)oMpyI##j%YpJ1$twU7;sJtwC(1LtP=JA5*; z8d|FM^*0Cpz7zgl1%Gc|IOq5>_adNT6A{h@mn0&YHZ$`x&gd72yBI?#mtTLs$%e4xb=$ct>DxB z_@gIp;GOyZCGXeqp42ztdiXpme;re-6*{2!{AtuvMSr!fD@?KNv$bV{Puiom4BVds z?l*(`&ES5-#r@gfehS>L?8D2!eb%!2+^X@hE|cK@_rQN|p0vJ4Fb>6wYy|H$CzGjj zCo;}#@O~M1KLuL+IQrgUaJ8r;a%=bem?lGHI=5VgHiY- zYe9Er*|ou)aI=vc*3CWtc#^s}x347u&a<%zT-W&T-u4UPr1X59r;#l5e!%+rp8!Vc zv#0lnp63X^bErE%lDUF9jPGBMJUX~9|FW=To+g8@Q|QA~d`Y9gah+RVwIagVdybFp z3-~v5mx6HqLh?;J8Qot$Z^31$s)1B32g z5jdsgQ-cax#3z4_Z1AZ&#~j}ZUKg%B)1E`=y&t9DpT2X!@ep>oUsAUFWQAR4zhqs# zyCfWYH_+I2O^CZYxI0DnXdMV-ca`!iGQqAYf8{U;}fy`sH_`gZDxobkV)AAf)!{}EY3Jn$g?i^&_q z<&GW@ju)H`tifyf-A)C6p*zHLaxM~ga+ibG*1kP7k{QqYTE*Stx6nL(M&FPP3Z3+= z<}%I`r0y|FN6vYH_3!}ooy#Az4L=`eK2YbFe)H|c+dZ`y%%>YeP^kQ2b%vL zdWU_=f4{GIPzW6_1Ph_YIYVa$oEaNIx@1LYU1sFNk<1qcMcOLC)w$F!{-M~uL(tZw8qvy`QEdPw? z{x6JZUp2ZrXZ$I^qaJ z|F`t>KZZ7P76|-PI4S$8_ONJu$!@E)eO#D8?B3w(=vM4k5|;Ll{n)NHa^ z>XPQt)t|}yy?1*m zmSPd(sbM@N?w#S%^VJ8*dw#fhIBjV%eE3u!UW*oc{>NjXEayH?d?W9Na{AoosW^`p zhM65f#uEY-=}#~xoy^Bo#_n0tKE^EYMDoQH&MiL#P1bn_H#6Q&bmS{csQoZ<$0YXD z-8bWloO7Dfa_@{&Gx7r+!Pfpk_q}gc1cr5$Vc*5uzST~Zp z;yRCifpX%FJ!$YrrHzI^60f;q4Rsds9edEeX8iNWx#cfXhqVu_9T~gNbRNIJt)nOH zMD;65yYGZkN3u)wEfB9g0d0a`XkXdUTJ}qB$c`1=z2phq6Y_KLAT<^I5&yXgc))*# zGscb^;6t6vd7`R(8SO3upX49Eojx7xf_ETW5u;({lw}>k81W&wn~>j@73j{W(7!3a z@NX0Nx5>r7&EQ`rG`5>^!avbRy$k<3Z{XZYlhd-<#lM4>N+-%{uj5bWSL?jglf+c2 zZv7?bTZna`{gSe6i*||6Rr4;|m7+dNyGFU|c`RciuSe(7pnGHR1+Hq*)+iHjVNz~5Ul>LG^rDZ$ZB1{oV@Mxp*!;<(05z5pk;mpnu~8q`n`CTXodF39$FOH z_Bb&Roohc6J4|17E_vrD)*f@Hz3&^DYiG^m*m%jc(%ZEck+|Le{vmr}-1&GM*gc{7 zxHxiWr^#)p#(y=6Iceaj`8dE6of1DmPF!p85M!~jHuI9A-Mzpl%^1Sa_=9Q}T99On zqFM5fYF`SpuGPHg*mi$S+clE2rVWcF(Ocf+x1GlvV4e@|v7XPnu9r{gelgKhD^GFe zW<{{D>(wiC{$_Tc^=$1Xj6-`q=Rliwa>hVn3i@KT$wX?9ff@|+Y`T)4$ELzw+C3MV z3DJa!U5jn@SSTDDc2DH^#Cr^P>V&$UV*IKPd#{y6b>EQv&AizsxEYLaJ`%C7shK8I zz5Mi_F2TmsM43AFzIm~hAB9n=(v3n&s|Fkf+4%>dc&Q?Oc3Gm#dIV$)BvhiKp<|rNf`+&HQ zwMt(u|3t&KYNdno|4lk`y4AcwzlTJ&eMRZ4sdt_HTXi0~Wbf;h4o)2L(ziM?`PE7X zPt#64t>%eSV(U1MW~$P`rT_HuyY*Bmoqqnim+saxQR&d1H=Oi+=0Av6XD`b*r7t38 zhNta+<5=7Oi}+m%3_KWjP^V}=F$i6Au{mfSlgwkf+S%_shi{Tm4f6XO<`2DhM=kRk zI*mP7uUB!tFEJ#q2NhS?GjFOh@JdxVI?nj(cR6ic;y&%XF@HhoO)-BV=1Ka^B}2@^ zqEn(pvcp8VOS%SHnV!fTUx>bQ8t2gy1EyF~^*zM=3oi~%L*X3Fa);{Dyr!7*g!V)0_eGJ+CDNhox4Zb( zu1{L-~v%y71)ExV|>u0mL7(y4gN+;sR?EdXu@?Mf-+68S&mRyr`f(n~+8^ZXjNJ*D4jQ@H);C~E`R`UCcF_v`xx^4Y!vJN3O2-0}B)HQ&EW znKz(O9*lp+`zGdZvkBvS4YeOIK`ZB{E@Xb8iQnUUMD%ZZX{-|Zw~}`02fv*&pufxS z0DJUweiMAUEjSHanP4*0Jy`s1xP`@H+7`@i)L2x$^>n*eL;GW7>v`Yn>t&y|YwI>A zy)E0x&zf^!F`wUG6D+7pV@v@5at98;Wl+!9k?GO z{dvk<#b2?;_RT@|j+vQ^#pw4HpNo}XFTR1_mEe%2xoJPm4Op6+TmudeZ=Kx0lQ`=@ zvDQZ*K5sC#m?36IF*IT~bf+Xd*zS=6Zt!W=NSTrCJyR!IN&mHO4}w28fk%gsXF92` z6Z&|V`VT`Nk30=cfpAk?K|CtP25R8>e1H0N(U!5lHRC!b8$6S>Cn)}NM~HF z9&HUO9UA%ruYQ*%o=`q$=t?i$rHOx1dNh(*!E=}DcWLWUrB|R|d->gZ-c~wu*yyFZ z^>ip5`tltoeXB=Xf3I|C>+?Kq|6SVpAN+0yZi#B}2%SmmEFk+0u-Ck%fVt*K^2@l3 zte=rRLl*Y(I;(J*6>RNe&>8rXxjIbesd&q2hTsz zw%YgLG7KF@{JyXlxnob3PwsHm0R91;myk*Q5_s)#;B|z%!010Tv)rDyunc&CpIc3b z-T!oi~=wdwQ4J*-ks2?ehq*_v+6hhRGkVD_-})Da13l`;JQkH4`K!)z*k-gt}&7 zpO>$zn5X>fN&KVI&1U1<2=1#YpA8?C+$;S!h<<_0<@n;USEaBWO1IGW_3R^(Y*uCK z4R$R-CJ%y#Rku~@zWE*N(4R`K4aZ8bwN_Ae8hV-hrGZBs8guO+#se&Z*y51)Zddt} z_TGAT>}R3JKu;tu;6H1h<=V&5si%t<>uidu#)4RNZnUeZU)isDvUrnIm%m>BJ9B!} zBrdVOwE}OBzsVXwR?BsM?=y)pmX?P3T`U}U6grfD_cr6=faXZ^GtHf!Rm_biKg%EQ zoY#0xkN;VCk_`-nKl-cUT*YJ&Iv4i2B5d%lF+Ta)7=J z;IsBj3q}{Z^{oZwxKCm+@~9onl~KL;07t7{*0}tD_*?eX;_Ilx1}K~7Z2VSqx~ETG zJ;Ugmh1VX(_MKw>qRdAc8OgK%-*_`?P3LhcriM97L8DK-i8N@p?4IJoRrqCpFM0uv zR~_%(t~w?Wd(q6E`P4ArXX|s$*qB0n@^veg!mC$xo|r?O(2!)A+IP+m5ZwRx59Z-b z?s_;D4Oo5U2(hmp4jI}5^BnY)$Ir&z0KMu22I65_C#h;=Lg1I43GEWyqksR956z?R zMaU7X)#<=-Wgf7J;wwv2R&*sf(-~(6wD8x^PvvL7kM5PeB&TrAD*PjDhoNhE=iy&C zgZT-Z(%w*Mj&WJ-bd@i7G*Z4M%iO-4`c+o}b0yno!J{TN=-f!#io8KBE6y;n72I!3 zzDxeVx>LSS|A4cu@foZL3~pJ0&*8`f^jUDD3-~=*Vzxhk?_g&DyK;${eqR>rj`ydS z_jj&hZ}qU_6S~cy`qA9YE?l}FyXS@HnOOZ@(TBPg=MSsLt}ESH>t4F8{32Prd*k)e z@<+hC**92l0e8?MGv7;__4rD#uh!qZ``%S8S@3ilAfn?1JDHYi(-@ z=fZu4@4581D9_wJm${MMS$)o>&-wH@HxKxX;9fHNTtuI{+&(joH*)E7ZXo~u!`P<| zBkOeDU^4G;ZqVD;BmYEAn_wOYfIF@`QCjnoUAr#7}Fs3S?b#-=qd`+JIeTy=+t&aF9!9peyk zuyg14DUMw)8nXPQH@{+f0`VSO2l?%~ck|sRTFrQp$ZoP(RYB8JjICw0);ViG*O8^4 zhVP~-=o5Xvn0L$Ti_eR#qfhehC+P2Jp3u=&GlsKbprf0W&X|%F*h_gw4%ljzpBtNn z9I!^;SX<+GHcGad;poLb|K5E7k(65GVjrukL{Yg)s{P`XIh7J|-e2e<#dv%_We7|_xcj(9G z{QW?d^x#$D^s}~$!=7-+vgj2_rvRYeFI)c zDC39M)uczfe!B3wmVOTP_Y-(k!B-XAaE6!Hh12JJZGP6a!Tg;-|6#o2`K`E>^hAv_ z)RG2fx@+?l`rwD#7?p!=zd-r})PJtmh6}eb^hayNlX+6LPR!f4uI`n4Qniutd)&BI zYoBuM&GV39`rDh2633cq>T7T9eha#Pnb}umPLHLAg3HQt7SEyJ%2y-hO<5ODfH!Wf zg%%VOCvWg+SsscX$w2GE&?nh0a#MZG7|9AWr{KOM40A`9OksRXvb9j0ddUa!4F=s>+&twiGXWKoN(*GsX zdA>){Jjt;m7S28{pU38}elhcS%@;Foh0WQ|)l6(@XfRu+0(@j z?x1~d%(C&O;cM6nk0r6!)YvkSZQ2h}&74clZbEh{BbMd-LTn9^8=x(RSTDl)dqR=S zy*a{(Y%7n-?vozr$jfS@)Xf;~%q;Df|>D9$1|jC!FP>Z9Z` zwZ8=(x0Lpak=06RzmoPH+;C!GJX-Eg^JKJt`m(o2*2%j!BKYRUU!jf$_)FgIrd6*o zPu1oWEAuE#?aEgsc}c#QG%~67CLCtHIB`m+;D61F|B1RKzb4Ld=Gpqg;3XZ%X&TcZ zXhSD73BDND`j>1MWh|Y{akI&7ujTJZDBPZV^1l18z#hI6xD{|$`mexW=Wh2<{A;w~ zjirkB68i7#snA{uXAj9J#`20WI}Tgf!->t;-V*WuL)0sO$28hie0C>xae{|QKr=QIOm;7ft zBn3-wMrYI7vlm2vm~Rih$qkwt=WJT=-Hmf{m&q1cE6J{sWl=ZNi3 z-~D1~_&g|Rg?(VFQ?YGYRISlL__;OY!{pY^QKKji-@b&uN zDclDJ8pj(~eRSRhZ*Lr(;QnE7{+9!chq$AU&?ou+4lR<(LX|Bfj`l0R(T!GJ^N(=oLkZ>0TVzB79LFrT=+zP(lCF z%&W5((b?xE-)-&IrSN5VI%8CfnDEHTQ_#_G&^N_~Nv6`8@b(A!Vc%z+(f5;I=)0a| z-}n0O?Dy%7-$$loFE#B=Kz9c&(pe;bHCuWf>iQJ09x=D}vYjS)JN{qJx8^tmIk-Uw-XASTXzX8TGY2(#U2AMM}`T< zuLV}pw**HU4^6!ZXojWhz)13it1vP1L|*mlydgS07oxY|5`oKOZo6Mo5WFMErHd(_2kc%{;BCzj6nzG&OG zc=zLy7vu4Resl6DaPerfo_*)1_q;k!u2I|r=hnA*bEH^a`M`!R-0*DTY4JGDRR&ht z|8|72$yU_F*yYb_Hl{_kaQW3!*DzlAM>V#~0%Xi3+&5SP-${s;17G2R>@qe+kGztb zI;lgtyKENc(e7c|Rm|Bklh;0rKlI`D^H1J$f5c?BXx*i`OI-M%J}g%sfG;ryEs8ym zk6pZ}6WG5EP49x%d3Gr6&sEuuP=4IXI&RxLk)Qqm?!C6~iDxSUIbFmi;NQ>ddI7oS z6#7%aJ30VzN1hvJ9XKz3s$w1aCb{I31I^D+hdy7_Z;m8?^tV60+Hd{uvT`lw zT?2p3foP7_yy!xL--yyan&hl`(NXb<^RcN^AV+QPUi0SO!X>L5xyiY^d70(*^r(UT#%g=vWY%5{7>@vnSpw z6NG>I%Lso$>^GJzUv?qI^2<&qm?{=3Oe|Crd*UUd%AV=L=Lz5=dy{aag0k=_Ymeu= zhW4-_E*scrJ+4x07xU=l6@6C>eOhpY&h*S_4^0W#eYRg!Ioc~>-|W}ickSc-vX{=j z*&BHG=3X#waAEG*Z)GpP&+aGeg||I-3Rn*_ui#%9)^!-ag?K>d{k!)!xbSaq;a}^6 zf7Jl+uj&VX>2|d~_@{t%fB2_ZKYsXYt<-71cdqHPr@!uF;Qj^RE|?3R4Y`3{xN`?q zIJXz>mkUkKZ0UIHJ)PF`NUoil5|HT3c~SU>Hx>~%(;UCFI;EgpRr&++6b>E+_Py3bwvh`+!Z z&SDL0-eum{ORU;~;oKhu-pLvK#J^y&8|Ub>&Z^m}WV-%;QtXWO-G3iC()o#AlT zdU%?@?vHy{KcR1&`+Rhz>UxE`lvcu%v^SMDm+wjo_v>%t>CL~DtmxPj96PFOUx3^7 z^1BPHeW7>1t9&)H^38T++BZU+Rb5A)n;GL8#&{*T%ADUm3tX(=T;U6OmgTZ1hxK>g z5M&Er;?FPtfOvNG#=!0Cz`F|kLG8ef^RXzynbw?Ppf(!D1ngaQ4d+rf<4K~A$!4SU zb&OTx5S})Sb-$xeYP=2C@?H6%^O`rE)q1H94wf!r6Z6C1Z>5Q5{1g0`ddD}Kg4Aeit)8F5L@(h&Lz8pD)ew^X1!=XGq`X@b1>+bVcuy(N=$qS!uhhA-Z|1vmXZz;r;Av>I7H{!?UJkVL# zknDT$S+Uu?>kPupXZ7`ItE~Plp^v4l>;?YLLvPMJy!E|B*Z=OliO0I$t1`pd7Y$qX z=IS%Izc=x>zkF{|;>3GVGwiiVi}$Rayg0PFlzTANn(%A>wW<2Vua7l_tpD%Ii?Ihc zW%Y?yOgw{Loesvj(xEEA^_BbcS-;I~iYRVeb7en;h`T*|R9Uu(zF@ z_%)|=KXQLE z#&VU(Akc8mBzTJ~uDF~-+2jEpQRr>QrHVmDAH8_#subTQ^%63I*8+ju!6}Ylq)YoKa5W1CUsuLT0 zSFU+@E&F5C2l4sDRQYt_hseuCX40`BKG#q#`a~2R2YAjdz(=OMv^|)+0%hlrPg~=W zzM(!HEeprG%Ch?4YWiN*X$yULkUl*G-faNJkF)RON2CMutArc)R4c)WD7c~doDE)h zbCg0)`35*}ki6@emwUjmz2F#eifuPDFKd|-@re|3A-S^5&PP_93$7Tmi7%k;Y0PUq ze$Yz_^IKXdU%&ej;cXlCj&bVqJ5hg(O@WOw%M&bm@bT1mihR@Z@Eg$&uMQ7K&SUPo zu!G|hJ~oTK=a&XzTteWB+sU_e5-XAEVh-{dM`)LcdG*Mj%>0cDF_y2;?t8>#+`v=o zSvqL47W}-K@zn$GTY>i-;MBL#?-pURYruEb#Qaq|`vM)Bmu30kEO_(B^(7y82Y`JA zzJqzlucy+V+bRRG6~Jc&@Ogkfp%0F$pY_pkNS^Nln^0jq3)m!pjpo6tqYECC-+#=$ zv3`UZ7c?me{8GSA^2Hw3YT{PX?qJ^rYoX)Y)L%i{fugRrbBJm9 zJLkeb4+-EPon{8OsrS!|o`x1|yWIZP*%{&Z7kMv2ACe3!9y@0WdEv3&_MM4i`9(D7 z@C){gz8?+ukI&=plr7!xgaovJ^&k7$Xxe0rBYW*gvsTgNw|o3wYuT=S zp6aJ)rR{$-Z1G6tpQ60=+q2$N6M-M}#oDx>yQ)vJ{MbtJ2%gY#`P@Z!E+S1lEY-uq z+vVdLSCy6(uWjn$+n}op)_=P1Uk&Ag;_1$`W21O7A>Hk%!O~=I`MWEHhx+_zAJOV zciK|j>XUSMufF6B!1+(zJGx!i|D#|>UiBwM-afE(=ljTHXTI-+mPj_xKTn^(px^lq zHJ@?(ymfy>?g7>%Gl&Io{l3~iSUK2iA5n9K-HUTC>$wwp`4{mgV4&EmNx&ux83CQ# z!g47zD`D?iDP{aw@iT$nLFQvUa>7UGEpmaSx7G$_;x7}+B)D5UFlEH6r%-=3vc_iY z*hB6W-}eK-o>!*#4P#^qY+PHY;Pc z3vVOKi3RfNGr=}%GiGjTkv;p%LY3h_M*LuMajsi;7V#cg%}vYlxUj){QdLClzw$$|y5# z(&>@%;d-7;Od5BF?H1M_Rv>{o9R~;jLm;PqHul`WWysuP z*@MPjodehks>;mtDcEI4W<}b%`MtCh`wMcHVyX^858r0prA)A;C=lxUk#t#f-=)M1 zRS|PVe$3r(jC-nQ+k!lQ#<#@v9Y4`btSQD zL=OYMcdYGxdk63lKh!#Rc()U8CfRn=TJ$UG6OWTlGN(~-*+G0Pq4=<#Jz-f^#yeP# zY<4rU8FIoCth;sK@d0p2HV*N|^i|9OHh7&QId(5=h;=0%D0_fpZS`{jchkrZuK5on zfDQ9zI%uChO1_f6B3}-z)1SbF6UdT`5nA8KeFwx%1?-7?sn?kXMQk*GVBdfIxt?yle${X z>%@JrU+8yAho*kR%irka|FzP~BAEp|C(wtzw384%y)(|9qw#C{AlvTy!~|(hv^I|M z?&0uS=G)>hc>M@v86)xe&R&(BsvDgB63;^6mW#7({63f8KeBCsYrxyXyJ};)o`g1* zv95=+u1A1p=Ywa};E8zSOYpHxtaYui^~|Hu{vA4)^?pbMC+st<^n> z1#{nb*>~w;S@EA~Y<8{X*_gr~+A-(YGXLT$^R#`>iT~6-v*SOp&)oP^JS(AxNzUy? zZz@l(Hszv+9gi5DjZ%K_AyZxj9h9#r8(OG%m>kx7r*Mh&E?l|-SkMRd`CJ^UWbe&w zF6^>-0@I^r_)t6V^Oe3PQoa@V+4P8$UZ?cck@7g{Yc&T2=h%7wN2Na!Dc|U%+j*@d zHgbm2ABvPeMtVZ|fAAT*$M8C(gI9;W`WHI&Pg6ShlXB`gYF-~>_bE+Lx;w8?-ZwLj zan4xwnS#&TeMOUjr}$37m9Jt^N50~Gk{aNlIJGH~CQ4z>CMg zM?%yY2n1Tn@b3k_DtaC0I>OqwHm|c-<3mm605`Ni`GoW`_tY{H1x= zZT;twNZv1mw(i1ioQ=)m05%KRr3D+w$Jy8`aG%P-cZ~APC$Uq|BG&U|z|!Qz9_;$? z5%j>7%uQPw8Wlp0mAz5AIWp%yPv&e!eoBI~0c2$1MlgbI!f(Y3dHECr5 zAKn{4Zk}Rt_OPDu*z1})~+#Q2Io}z!eN&t9P(Dz3Ajttu> z8CG+km{5P6Rp>%h^ealgCjE_mN%l~`KJem?+_8E6TH^NWEf=;Qg>SEaB~1UI9X+t^ z0JdH~C0~RJg%|LkvjyM2XU}?lo=l&o(C2%Ac!?WN2gF6;@`hf9XiregiFVLbSvKTUXn-`Dr(*fY*)j!@>zs?61 ztn|-cr-y683E@wGc`8L-laE8O%B9ntcQ001cvDFp;cDp&)|m;m4~I^VaOt$-utbY4 z6CUtXem^d-=YRB4Wbom%p?z4BPE6ZBVj8%L-)?fMtMbMVN1dx1Vx@ohbI zM35g!nNO_|jd4A=TVsstqj2U(`rk962gp7<+~?Ewxp`1gJLE9ICnZYhu$JRVWp+z=ouZz=g^pTo#VENCwh7N zJtywDzY{t6kjZW-VeU2|W24LNtE%~gblEnIVW9r{+sd4D_(J!0t&FtKypDX#-j9*+ zP|2=8gO4tMu=|m-__KWYN%maBhezIr?S!=`KZT<&aIPY}Q+tfl;(72X*%~XgmTJ)r zXh*&Q;e_tFxAM7bCrT5q(7|1k;Ml`u>|M0>_C=14kU~z74RaST)}F>_>qq@kwFCI2 z=HQpQY4J;|Z|3ZIttI_MTRF3WxvVmG?$^B{oQ=^o7khsmaofP~wY`hKw*NpeXYH|{ z>1E=%=gl2?{HDU}mX~r(+bad8?I8Rs%vrdpu1MQ#(&mtsAT0^sv}@4C2g?_k1M%Mt zxn^8CG^xBcmwShh0X#pD-Ma-`en?D@^wlJ|Aoxg*eU!O~NM5~syxrsaB6DEnK=5EU z?~T$Sj-spJE7tr-ro5i#TBT2)5R(l0jM9PO)n0yd-F4vbPnCW{#M-Y?$Ob>>cOi4T zhBh@%0q{5o9*4kV;oKS%=z0RVMEy&Ht0{2Ro7efm9Uq>iq7n2y$DY+eUz<&+9bXMG z3Cr$32%c`h4s@PFw?49lQs9jB<$yoZS7h(Ikv=ijqo$bq6w%9;s_($t@U&yy=!|u- z(t*KgJpYq23;2`$u><^)%~o|=n<#Z31Si+IIQiMX11CQxocthX0{R2?0!N3LYkkMz z_+yIkf?i4oY_ji)3(JlxK2I_1-Qd#b1KrbK0pFHGxAIQqETcT`i8iOy2cZ3LgJZe# z<{xi>o-Kif6%Rr_^60sXOCCQ%R&JA=+yRd|xX0Ol^Zke;2Z_HCN5yx>d=_?+J(2R4 zee!>geHD7|*98)+QOS!D=v*+|*cN2(iO%sF4&9ZEAbF+~x{pj}d4u|vqz~ea702;c z(q5AOB;c7z+D%zn;P7X=9zu@(Ao+75Fwq+H#v?n~O}_pQ6kmRy?Qd`VZi2SNpI=9o zEk(`_f=g9A|1WXx0$*iy<^4bBoZPrru%M{1<_2=pY88P<$DAZ6D7CgVQ`^#cNeCh| zTBX?Wf|>(_i=?d_w8erm0l7)Ml=4C~W2b;9g48LO)@jua=aLH{*b+qLD3bs8x1Z<9 zd2&d+%scb>^ZA75Jp0*~wbxpEt+m%)d+#auQC>$MnD~p|;u{0E&Nuv9_~H4s2mN8b zzhKQO=DX6RL!^tm`qS0>>dU!?rvCcA-M~J^1H1M^xVlA87vHu$myGXq@oj-`7tcYn z4%suFn?Cq_c#aY)B{*-I%Uw$ca&WZ7G_^GFK z@!4wnuV-Bkc-T|q9W$YZ9nj9Dmwi5aazD6P<3Z+y*n4E+F>-u`X1yCdmoYHdpn06m zmQ-A^?4~1wKFIKX$n*KO9I5f*q#rVK zez5RG4^O-JnF&nZ*b@096|)kDKEDDE8-}iSxEr%vmC}aSUUutmHT9o4UNZXY+~xpl zFZSLR;rbEq=#??9TruszXOb^pPia%~vB{x#`+R%;zY*Pby5G5-{`kl(^a&l8j~*;Q z4-Q5Trqlj5W#O*IFl%&m9;Vn$WREm!WeP z(WdsgciLCzcFoI;pP&Hyim|iA;+{M136D^}E%V$p4EgZ<^+$+z^2!e3@Z)Qe<7KnM z6P@&8tam3bGVqT~u`;S8UuA!K=_LQj1l@&e;Xgq~zJx9oU9)?lr$_Gzp1*kD@#?(p z=Bs=Dhu}MLss~>4z~<`YU-tl?bn=@i_#2K~{3QJCbnw?{6F@_)Idz9aTNVX3@A(v1 zg~P?&z}OxBt~b81uKL&PnPD9%gSE1YSxZi5zod9qFlv2Nb99@xY&o#r8avwEU!ghF zc=0&&Uc_G4-NdOL=G@v{4-_B7XZD)rF$?iW5t}+f>mI}?lnr67bDf#*WSIF*CV94@ z@3nU+W5)Ecs$cDEPONy5XM9nXBR}+OMpISUYFj6ucfRvyxZsO;Ih^kGsj+XesEcB z-rg0vtUmP{PZy0*-Uzg|_X(uepPG>L?zpMO8^5 z#@OD}d41j<>g-j&n>x3c`nZqFQ&%&;z2nuDeO?>!EHAAk+mV5;jfl_1*e&jOo@w|o zN$)i2eC~D8+H4yBJs&>8xjK)5wbDGsZ3VtQon@O2&MkbzwjQ+VPZ87M#Urwivz>++ z-}^5YB>mN$dI+A3|3gyF#DLSwk6xWatU&{|#4&3-^VB%!N?@PIa*%VfOZjHnb$mgx z#q_UBdGvEg<%5Gv`3Jq_`SzL1Tde)i{vDsU{LL=>cKLtumgigd?I&qsVBgOA!x}66 zb;^42tiI}>*Z%~C6Cs1Ii%gl~ZpwJ`o4lbMlb6GWdZ<6Sr%3Ut+S}RDk+D%a&-kAw zGgq0yIIcuT-DWj(pd;HWt?)7QP;95q6L;b_Yl${|fpC;O=hLRv*rEl_oZ4Aur(2!> zyz~qiTBaLX^ro!K3tl{)kzcWw(C)O>TOHo{#QfXs{KtFDpQKNcKbfCHqb9A>x_mj` zmWl3o8*cPd(x2J^51an5uPsX6H`HE%{0pImxS3nY&g|+(l{_EF*zwv^UV3(1Y4~lQ z6)ZCF><~PpdHKeh-^M5Fm%#oT@_O^R1n4fm?5_xABG{Izh=1^w^X7N(v(MUY!}BlQ z;Kxg^4tu-;|22kY9E$LmZ0zpnmW0oPQ*6|Z4&O$*Us;C7LewD{6ECps%JJNxR?S(Y z^ZL(Q!5WA;mz4bYHv{$Ci61NJyM0BBdb~U`?!n}GQWtpD9`x>PGsM}BmFzuo+EhI; zWU%Z)Z+$N8dV28{GW^Y%DB$*6)ZxXeTjtFCoP$OF>w3(e#E-!veJt%CYFK0SA6<&9 zue6Ar3(VSFioBAN!yOc$4jSR5|>)9iF3&^F3`u z_|_ecy5PIgE#Kdi@8vDex9-a);q4gbjt|yiftlb4t)toH=G)`di{FlsPJZ?=%jS7U z`APHArAvNfp^X#H$)o_* z-viHe!KYh3WS8IidCR--TijW*K>ep`Y z7errD{>R?(p8IgZWKAiu4?S=K|F@rg8iKV|OR zg&rP zx!(ai2c13!S#!8ubs^&nydxet5PIRci5>ZBO0`dxGWV6nsvk4KHrI{fPxG zte-0R#~P*D*Zidv|J<~@iW6y^yD0m5>fJtko1DXVJI|d~cyP}2ub?SfOw7ln!C}!38GT95Mb!mU*$>)jZYbfFFOT{I~59SM64X4l{ zb6E>fe%ZZ(v4FFfE5ThsmajqI@@B|}vhPgE{zlD#0`@>E&dluLrmvbKsGM}%?QapE z1r6R;3;|F1t%kz)`fl=2Ux)J0ukWt6^`88_`Lv0S*snJ6{h9r1p;t=^%UOrYT^m{! zf)=L#rS`nltZ9ULg?Dh)@A7%hSz}LKX5up*<=xB^YKEBmv>xHzv<-jB#(C>%V9N|9 ze$AZ4#h*PtO`eycH3O}$5TCkqUG4?Qo?rvx|Eh_zs2l%_;u3~17i{Wn(^av&x$ut8 zQCc(cn~C+~IZNql-%Lycj~&cE(SybYI1j#vkHk-Yg<>ak&Y8P!C$m01>ckL#?QF#m z69?og@4-H3XdqBwpsQZ{u#lf_SQ~3JMmKAfMRl&YJXAc#$e`nP~@3;A}4`LX75tLUrhFJfJNHGRo0 zo_8Pw9C`4Kk2u!svKsTwoNj3z@x09G3du+OYjCsQioT$GP8Dxp-cLk{{hn)Ioadp67)y!I@@yn4u4jd@00$dIO4=cfg zzOT=+#;EQJ>dt38Or`E3#zP+QadR0D(M0CxJjTOZaKPHd|0*oIdUp@Yj`wU>=DwGN zg-IJe3L9@7_>EHWwwmt?;H}hj`itP1j|<<>rxV|k;h&Z8 zc`T^jh>YV+X%;dRrcG%60OuIe8XB z8^z;C@NFp;a1VaNHTO==DV-Yr7jX`kB~V)WCYNmU8HYMur^$V0W6NxdDa z2fg`Z-wYGqFB!S*-iwWllTPTEjHF8?fcG`qlyyVc^2ko>*mk<86{{>xY=q;K`-xiau z@1nEv5+ky-68%JsNZ}gjOdHDvTk#iI8!~h@@6cKAgB?28ICQqu7WH}M(`-XWn~%$F zI_|RupBtVF9lr`4T^;>h4;{_;cWC%%H}o5RNmu(+`I=eOP_W?!#@zl6?qy z`q1*>XYa$0D0iF2+Gp(Zbn<6uy!mWhpXJN0{Te*;3_Qb`(#y{B9ev?h_R31voA-~W zEY|y3AKSL9){S)bw7wrk@9Vd8kJ69w?kD#74tVid_6tAf3pV_aai}-xP-uBep3{3{lCZ z`6~kSW6Fi>^+Ik*&Y-sjwjhgq_~I1*R>HiFn2v<(8qMoCf1x(+nad^qlX)8XG>7{Q zHl6A)a+~?u&;ERRc?JD&ZT&nSwmv)~`$y+djKfBoYQ~nYs*$myJ*VF9bIcg?nK3ri z8Dq*fo-?sOVn4Ck(cHJYd10zurr3pDPr?&-1`CZGbLNPp&}}Dlo5MJd8Cd#M#c4w_ z)gI%0O#3mXeSM45K7Q4PH-W*7k(^*dD{vg8?gGX=^Q--X8Taz>MzI6tGwy}sHMEn@ z*q_JPmmXFccTzIvV?QOZsr;YetvSLq`c>x$E#RK3TbbK$L$^GQeSaPB?xLQLp!3{Q zy5lvyO>+XlyOO<+dYA1nm;I0Kd|~0onWJ}6FEM4@Nn+1`4?YAgbOw+!|NR5+hHltt znmct_+k^h@xt-^XN$OzZ)282MeGeYc*=Ro{4$Pe|59bbbuRSL_=oGvYgEu6r1CHKp z{GzpGJoh$@|DrVp{lu9T($8sab2(p!^DQ`ojX5?lUFSLYu(2xPDe1CX(PgX$GlvRp zZpOzYn}4Cl=9eAhegikmrEI%@p+igA{jYwMIrQ=s2;FE8{BW~Sp8QF81Bj|jtA+)y+da`D{Y@yZk!Y(Vl zb^`UAcVO1L;ME+snDq4*viAkPS_~ehgNI$E8Y? za$wZ=-N5ML)5X;<;T8FrDu}77Kn^^mIW913to=K>!R?QWt9dL>0 zg)y;*BPEM%Te_0D{S@NTp4I(u%(n*PA7})31fmR-ZK;^^yTI90XjKBON}*K&{8a$X zbmmeM{h0&J)*6}x%=};c<^BGm;oX3dLu(z{Y0M)B#x!tlj9a%`#>ivl3nmtaIp1xx z-9p<>0kdol!KJhH=0V?i(AS0Yy8lHub-vB#fwMk^rYn&b+L?>1xKx&38teBoin#V~OF7C3&&;5ehI)fpE`w{e?caQl>lTYZ0+ zd$E@SLuy^ZVRv;Yy~nyvWR6i=Is^Dd@Q@9CU0dtliEG8VF)+2A{|?Np*mJeCF^V>% zU#{Sp$_tH*VYe-{Aw0WtELY}hJgmIxOgVowdENQC8_(9u_|TH^Y?ABJU6O4^cj4QX z?z%*CoLe-13LRL$T*Ajw^An9D=9uhHbN2_^F=Ba)E6v+7&=Ez<^?P$xLq6m273O8@ zjef{z%Og!^V#JvTm^d}&2J7LGSK$%P{vMHo{Xc{I1NXom!{>fEJnp_3hCgm)JghV0 z!RC*{$d`}ckKKkpGCTQ0>2H~_mudK8w}(G^p*NZ*S&9AKj2WG$xsE>R{Lz)v`--VI z&G?}-w!Po&`qNDPuQ>I){wT$R?nr|UMad)-^TxuUSCTbmDe8AnEcJC%`~RI(#nOB-_jVHrb3Jo5$rta_!Rf>~rV^&Zu*r>^V2TV#U2WygT_c+k*?& z4*ebFjC?}pX@BPRoY9bKe@4;WUfZ)yv3~x_1a^@kSo}O16`a< z2hYunt?ukw*>+0z*5$QrH((#QFsaR#z|U2TFYLE{nv=QqTbw%9BCm92{T$#;wMD$& zUo>!cZ;Skb^*pz3w~TA+rX!~=rZ4O13$c^SHdxIsv{)HNPMLS=)%ylVPD%E^(#P6* z2Yn1_op30&r~|iKx61t^-(7iiGc1+KY1iLU2Yk|b<7D6A2g;>w?e7=N1OIq>`G@deaey@od;rAB z+iM)~QMpz0hVmFX7X%Y`9CYpxbk=ga$aZwx*&g~!uFr)B-1*qUBSrtN`(;Ec*WPq( zOZgSFelGe&;Rn$$2CT9(ks0Q`A8aGD7E*&Q)Skm7tUZZ`I3K=2Jk$Iut8nJM(@wTB z=X(ttt>^664)XbjT4g`zn^{{0e%|4#OpGM4>IVVB50w-qwDfkoo&A(zU5B?5c7HZI*KKX;Vdm*t98%ug%J$YWl zS9RUTS}#7U(^ggbWc-XulmF*Be2t=?<}!Qm|6K}W-ND171`l5VC;d9{fS={D zX|z`ZpR&eMI0QZ&f<2)&Td@74JDUx!rdP>VA=}ye{UeVKZFcz8^=Z88soO2n3SNiO zr=IYjc7^vj^tX|-gfxdT`zq=42;zfYlFx-c&jjY-_-04Y=N~}(YH0sHWsW#~Zlli{ zPv16u?oFTj)c=j|^7&*iZd%xbfQ`A&wVfY^u6wK&?DouB&4c#PFa4IC{30~e8ji|k z!2^rQyPLdOPTt+*)o;yBl(!E5?nGiS(pX#a6C+~u5H_$IKOZ1QM80Chh-j_oQef2B zTt_C8gUuZTnzvba-0d zpJRTm`RIM0aV)hmCve+Uy?>&tYd5@o0^Q9VEBYzpF|`ijz6QByzQYb$b5_}%^7G4MV1Zg8(0Hc&$RBfBAhj@7ubkZn1Ps~Z?s+pFmFh1`<+YQJv&CMj^Yxq{fx51}7w$w3SVgDoF((2y6PWVT|diimTPzLWgk zgKd$jc*U+Lr%4skQ zy7#t|yQwS3m)7cnbGjbUA$&u6sGW zqcwYXp0?J5`!4t=zT?yI|6ot}XYIc`{LlJC{P(J#&fO8O!izdb>UHMN*TVx@;65uI znr11zmsy|J`Tf1`oq6&G(x>>c+K~HYhtcyb=y>8xOg{GJl!*`Ae7iX7M6n=R-`Cu{ z4|B#U%2)e(oAO7{3$4&Bhxgx8-x1DDY=tKR(8K*b1^V}%P;=y>-Mm8{3qj4*4%q>xg4dxpl;lkFrS$@cp}KZoPw%)v0naHBUBq zI_G_kEKPkE?#}}E+da7Vj_>PJ^o4A9-{FagoWoi2F>Vn~Q`@be&xSYfi|HFOH(_u< zp9|=7C3wpxO)|`+hd6(YbfvlP`kh*D3-ubBIeqc|cJkn0sp|t9h2@l+RMHo)?oxe3%uvZ}YI37mu}0O*pvA*g5|8HRM&jhp0Ee zc_6{IscVWa zyKO%E6z=0)c+i<2-{tpwjS+r}U#{U@xO;~>6z8G&t@ig1A+AI*60yL2+y`c#F`@m) z+TYX!-q%yU1shuNjH;`|%G?{rrkR3nk*zZg`UbhrCS+N5e1$Vdh{*SI!ah6lH~-wR z+z)PIGd>wNy7SJ(4Ze%A2>D;4?@xjo!PJPo)q+j+UyMuno_yeSo8rox-@oN|fOZOI z<{KK6q|iY7IYa}kC#W60KS>{Q$*;Wmv?IN#Gig-!Q>JeF_d0%GOWi|e7K|-{zLn&k zVkPNYol>{nRd+u5r#f}Z&X+z_-CUoA!LG{9IGs{{4{oZR2B(=l8w*UI@$=&m1%835FM#Cg~l~jA?I~9G~-(l-yKFS zXpBq#guV>z(8)&ru%E^38DB$uJm<|eGiMjA55sG%@Zn!Q@g)x%dp#+SV#wSf=*o4- zTKVO!MaF6kEs7kLtkUW87#>#n%0{+-+msY@+IgNAVME8jddoKSALQ=;GdtKi%E%3^4v= z?j_;L%y~Je4xdf$s&|;viXT(+tTaBI-o~d>>&$wgb>Py18A0OHsVx84T z{qahjy;03werfg16Tltv^zcobU;2E&_-TT2@d#9JNcarzDNgpUyQ*$T_{ibh-RzL7ap6FaRt&KGs|4BMF zwd79*>u#C#z53bnEyWzU$9z=W*H*oIYp& ziQlsyqTBsgj*X=?Wx-G*eDw)6#8U9{u(?kyc^;3kk8?-Jhpo8hEy7nNd{nI%M(zyp z!v`_OQ=Q20TV_#@i2evck`|3Qg z2=Y&S5A2B?q}>zHlh_^@&0JJ+7*>i)sD+=25~1hH?Frx=|pT~&lWDZvj}id{08 zd;O-($QwJJZ}4?^JoPovN7)VQk@wSQ3?91N9mSRPfj=Wu%?}?hjCR-{<*YS3_LpDdOJQogKO$EV~)8@rg#+_)9`1&wOP}Q z4*9)evB0PF+aAyFU7p`N&2OK{vz_0o6x+4-5)*&^#ND1)M)tdk=UOgt#^`{M_Q!V1 z|1*gdNnKwmfmdYDyL&B0X{wbYNaZ)jPO~BFYz#-VZaA@8*A2@CUjyilG zg5x&eIK*$k(E%Jfk8uWYs1JosUseeY`pv%4h7xG)=X^@-`(QoxG4Ze;zE$jaDc=MA z`9}LbVweT1=^OkOpiZr)X^wLi^%Be9(AgKtKBRGr4d8`$;k~z>oPO_+lj~?xKCPbs zqt>CcXI=iashq8;u@#lBV9ft%^XX(vGIh?R&KR~tkTbTt^~&xY4If$5tMgx9L+rsueKoVY=v*iDYt`X6y2mU!zrWwPr;X|GL!C`da^Hnb-q5PjLy8-K^gg2 zmH$iRS07V#t$6ermq+`c>l{7uUCO!g`C-PESAS^!Yz47b;mP7v=B{XGzUSzOOz?o7 zP~Ag4bswcp$$j^qTfeQplY7(iIWMT>*n`Ug@W@VNTmT-?p0#Z5{FPlR|Dt|R;rC+b zDg7S9Zg6DZCds}%AD>>H%Uz42Pbu{TB=_ilkmnRLcVoQ_pQzf<7}D84s#7vaw*Oq( z^O3J2*9zxaX|@jB>H4IQ5#)WDG06De*E#-YJ7>q9@|$}P9_QVQbKwKuZl}%JlfPm( z{qx3;=>FLS@b^qvq#& zFR#oj%=TO7O)ei-TU~8!w8x)K%k7#cKEQdWnGbHh#G#j9xDOZ_?e+)$`E1LI@aMMw zuxUSOFBsa;{)@E#BJEA5{R}^ArpG2Grn9$Rwt?tY&RR?qn7nwa1#glUP4rcB?9t9jD;6Fi}J zB=aFdXPeKe4WCUBouRS%Sq)wdE*-no;PRP&2+W>@xYV(D$1xZ0w<&F|B*D zwNE4udtB@C$mkK88>}+)U|&dF??S{JJ$mx?SFU1olMkL4Xe){9We?5B2>z^|C zF2{F49LO&CV#DpshZt8I=o2x-^>4u^yU)8m@f13~qnb0Nn6GRAwia~jI`Zm#>Fs>a z;qF~OzP@$zWnJ#2;dSVQCi3QTmya3$z!=AmWX3-+7#F}3>+iC4XazE?gTAh#Ug_%X zoJC;Dn7-O&j#5VYZv*)4s7~9sp1jTA#lQg1MsyE_e5X5Cd1&)P z#KdX53rA0bqci3oDe}za#|5+L3;Xs`$HXqT4cc|r&VEk4J?W3ul={nkV@F5DCk4L3 zkkfDPn0t=;BL&5U;vMU}U>7;IA*F3}JpM^rF5NBqJO0Y3hyFc{w+v`0d71&;GYnnQ z+loaOVAI@CG9dzdUOB#q_T>*r7fs+>lMni(Qih_Ru2xui&;+p-*8}d z`@bgzUcn^({mlB0dzl1-m#5ALhW{!3_vUb0&h(`Ju2122@e^@j$cUlxKN-Htb;rBM zMmR=HZK{p1jkdIIE1J6a*_fi=Sl3404hi=kj7;ZFW|xQ6Zm^qn-k=@Dcj>$2b$5AQ z?*^79faOp({AKHhqljt4@&Z%93t+z$rrC+or@b@NHzB#rYHli)>dU$tq^BoS&I3K9X z_-LQs$K3C^=Q-U6eO8zIJ>@655x6HjYi&Jsr4Jufz?@&Q1b)1sLhCZU+agaB_jQZ4 z=?34`;Two=X}hvGQFT5sCGT;^?7H!V@35A82R?VL>1y6Q>A{kNb-k=vN0HY{@@iLz zUOO1?MLg&7tQf1abgeB@ziQu2tUaKj)zn<#T#1FR;vC@HhXqZnP8;~pclp1L1^N=3 zb(V7%@L6rIYmW9b=LFUI64B+pMBAgjMAcKo**z0X{199EPWTX?#+Lq+m*2R9z8=GO z(%&CE(DA08~`Y@^~t^P}k7M}pKFq<(yruNKo*F>Ml;e@n4hvtW!H`&RSBk@O)#*>c*B z{vlXcAs;XGSjh3neEI+kQTlQlYYidA)=#@8T!DS@2Vzu}d#GI&Pm#r*D1S)B{rG!9>SHG1)&RVcbd_gaM~ zRu(5toNaAA@m6u-?z8%j{zvSe-}tpwb8cIdIEk%OgNdzutt~}YShI4mnTo#7{&dpc znZuombKr-2;G@~l`%37I4Rq{3twQ^3+1|`~2e4-%J$zX!b1ZxSjsF=eTzXQlfU~{9 zLeVsSko(f0vGF@N^woXJqNiXI?OX2wCv%|l9PXN$T})f>0JdQf^lhY$1;D(noIl1w z6MXHy{|bJ44!(XG9)A`dZ=(H8-uCeueV+CUXm3?MyaNw^8QyjIR{bai2KgKNKNc*k zWIV>@(x-*dePh27kCT z5dQygxMO)Ee3DL#{pOFT_|FJ{t*|`}S++>e6jX8}!jYAg>cf1Q8!GiJ` zt#K|{ayEbe4DK%XWsP2ee91wsybfP}FJx`?=0PS7)VMhYtnDj{6Gi_1ZPF3P9xYDn zbJMx!8hMmBM&0;s2CDA%N$4!{>_HD~r~Wu&y%D&Zp-T&Jk0)P@w3qPtD(zKh)lxpb zkaK)S>-*uQ!NQ#D*)Pl((mX^uNq#te!v`_Yt;g&cx|4BJfJhz*bBupM#0UE z=(osie7^_ZhIj%w6GzT8K3be;oNXm;{Bg(fa`_$|IrHOt#6!WvyU3C4k~5cl)toPO zr_ygjHr<0<=eLm?FOM)XXokMc4kk`hW)Jm!hd-|jiceym*BcphC*`XcUn#g4e7Ch# zXVmw^b1t1lV~s({R+rX>7vRHo4I8C8v>gZ?t|I-t4d{%geTgl| z?x4Mq;Ml)P5@RMalPBc-z}gZy%2p!F!YF6L6}(M;S{;AMp{B zXpKHPADGVyHr!3@R0nCgGd+r|2A29S!h12kbKhe_3I2c*<`6OR{7=GiHM+7Sfc#P4 ztBZ+!D0(B55C46JvHY3)ySF%TNpEY*3Hlv^zu$YSIB`{4))>)4zjp+zF(<|_-oSkn z-2btWe&Z{}*WZ?h4f=UuIZAsy;r|5ns!h@17a3MqXWg-&z5jo*4Y&UHX=}{C1PeR9 zVB4jG;62%;WB$bokNr}x;e+1i)qXJA3V-0|e&G!3D<|R6@BT8FI4{%MKPE7!_5=TU zOP>EnYs&|h`4Sa=&gwwVUdg>m@wd>2$OGZ?1ik{vzGoOCYWK%h*64F-=OWs1@fi|6 z$t!%uhQjCf*t#}t<;Wy1-$%wtJ|UAwV;_upEW_GAn!X=$`YxE%_tEry z41Is2_n_K0==&S={SbZsfWCi+zJEZua|7qrzTqFVPm)VT=UB5O zcaEKHZFvv;zmLp5wkE-~X6c6J&|k zW|iHHo%N$t{X;80M2;If6`VxDNoi2)tG>3mymu*sO&w=`Ae%Gj*xEnCPiu5v%^+j{ z{ziHW-8ahBiJS6_?Y&9q*n!va49ZWx-M$;FUg_BWL7shBvs*!ZvgLi)QnKN7?_`8F z@3!0FzS|M#hX*%5;na79UEe0FzkO%VFP!==vD5ci$GF3lxca3^2M1qp)4y-GzeMTS zsaZVRXybnVI3s0~^|iCY70joX+`)JFbqjOJ_kibpVELwC)VyNf7tDRQ_o)v0*3YfG zKWC}a=4_?Yw_ZH|NSR9h;^5b-*LQKY8+O1x>jln|W^ddNX|JggJEIahWO4T}V=RLH zkv_UJjtn8agmbe8GG}&WgmivWC3Z07lwb15l{?zkmBzS_Gwyx`Zv{PfzvdSZOPpoZ zwv5E4%F3v1uJk2#b2r`L%X|$l({|&P>4g#GSrGqyGxZ-r#%bOjS(6r)T_m1tqHW@u z9}CJ}a?*Y1%*Z%&b}9WpK1CSI%HKz}^#syyCcTJrit$TF#__F`I}B~yare^M=HBbU zybl6j?~^BV8TbitzBgm~BH?rbWo~AT$S$+Vy3nTmAl_p|p$5flJq9n`L-`E;V!(ba za!ThM2v1M(l>8O^nxmx39ofU3Q(6nUt=aW^jZtF6obMe=71crWToj}4+zDd{(n zK8`i=BF6n!t#;}A#xcyl7=x3a``LlFe)`<;anHVf{Kell9pA>9Trobc1+3|Qbo8g+ z%Kq{*KO(JaH8wW$v-{q<^rzp_d!F9M1`D_S#5ZdPa%2rWI363hW|g0{Z02{=ue*gB zf$Kr>0qLi zWBJ<92W8RHP(u;vRkF9xHEKulI7&OFy~$SM3cEeV1NsFS^F6^&TgTvY`nAt;WKWsW zf#Zmqe$3AQb)`=ZGH>ZvUPN6N@%Jo$U*#_X|D`idK51-x)^Sk)zkh(<(Ot^lC3Y+} zg}GHVatXV^m1|A&>6@{$)9c5A*VvS#Y?EE+m2ZMcc7g1#_rZ(mk*t%gDjC;^?i9aE z&ixp^4yGsXxc0OEjM#+Q_+`b3sagJ7Vr2^J%CHmQ(MHB^-C%2$#c%1{?a-latR?+i zrZyXCQ|n85)-jgfA)R&Z{Y}V?7WA#j!=8=Zk}ag^eH%U>?f1yB#<$1V^U(}_l(+fb z+>?qe_;>Q^oxOU4Tz^Tbuf*;9XT`VVklKEqwuC2RlYQHs``&$F@L=7=)~r?P+YPpz zRCl%Af9;88eqKgA=zhi2xpshHe~I*8+-JiqdIJ0YphMF};MGY=n0E~b=VgWtth3)YS;K~eqZy$Ct9j4KJu{x7agb&F?^-`?DZodDUDk?x)_MeI zMRuq1441*Zy@@W-a$lEoq{^G1g@S$0l?@l>Ss8 ze+sl8oOc$|4nJ3dxq-BN3@E%(odZ~DSBZEkwG zZ4V3}J%jW(_n;|$SYxf6eyi@N>K4y9b-wMEb?Qu`><6U1;if-v6?RE*^J(}~?R)E- zq&nXV%(C#K<|G2McBH`jid%m-jnut}J#xLlL9N@L zpxvMUOZ)3d^Y){IepS;KGp}%XLcCCM4rgN#pQPvOJPmC!;lV!ea6iWE0DIiNpMU1K zJ)ipA^|F~}KTdKzRWYGjdoJx0OvJOT#Q02f9P;pD{%VNPJCtk9%12f=1@7Oxy033< z9_b5mcdRI~eC_KluUoNt@QxLOc}kYtEL;u>CeEQ>ck%l})`o%sa7%oniA!c3TfQ6d z=tRC79(C>#y^AuHq?vv@>$uRcFgg^!?nwJi%sTZ=YuZDpZ)C7=Fa5HdejYW$;OABSXdM~zt@LTkKt9>rd)z~O`p-Z@TJ9J>uT4MXKl{Nn*eQDlf!@~1Ozn1h6I8@xC z)?RY?uDM$|vP(YPEZ$>dh%@4hk5Xd7N>*{UKDH`rhlPq6H8e+##ErZQHbmg}xBmMN1YheF(p}?J7wbCbVgSO`!MZuKQs;u?dCgc`_!#7 zQg+ctjm0SZvG-2rj_BX_Gy4(WMfRAn2hSYixA-SUo{)6g17jFl4{Sa@vm4zt-zpTp zNl#s!%J1_T!_@bfhc_(#iGJ;+S!R86ICm(XDDB;4eKT^CFA<&JyD-lBLL;`A?nP^g zr#WkK>1It%^QI{2vA`S?xAQb}laES!g%zju(R}B*(|&d^Z)h(_H}|V?ccSNhHTEjA z9@#kmhQcQ1QO($NE%+u}eITEVY#_zpNGIontoGi>v^aImAg1Oi?!8sq=^c#Y1<<<# zJ0zd)PjSA&_|uuA6<-+LW)*Jy9{V0DMrmI~;>b{6Vgzf)JJ^pD!4``F^HI*dizAx? zjDy?IiSm0LhDWEmH2T^Y6BoEdG=k4^dA9NGe*UEU<3o$_f!IFj#%-)IT4`qAf#CG^ zjkVW7tF9XzaajqQ?`{d_8r;g())LLj(jUc2J{1t z0q9HUy|^2C>wK$TDe)5#^s?_Uc$2TegAriTs)U zcTwPW_gBQ|Q=B}N_<5??H$fd`is?np+wrBP$ru;$=~4&oHyt=#d2)Tq{v3BNP7Ik5 z#dZ+9??s@2WCyT)_(Nm+?Xw1sGJd0c(T8y+*mC$i5Bi+VpWrW6tiYAbz5mKP@}ac9 zwO{_#%FE}iAZD2Q)gSF632t7iaf)nG%o%5*HAHB~=w8RKkfnAsrjZfp{5G=NnIrmm zk8vi5#)sB-+bQd9{}rcwwe3f)c)$IQZ;HEknKGtMXP$UevH+Ol(jm+fL%hF5o`2)- zdiwWgo`!#RCh^><3&Hm&mroe?;**~C(+@}HdgE6`@2gxI2D+)+(X$t()Gt2lE`D_* z{q@#=D|6iS++%bd<8jsP#fdd{Gsi=YivQI1xhZXHpVHYWX^~9ml%n@f=ANndQ{z+G z1L;Qo^`W`-{1=t{s5oV4}fe2RL@j%fC#?=9Ch@HD5ud>`(gIv<=(`WBL~(l>ax%C%|5V-L3hKCgm3=OfFBS;5 z7x+E$&}ZbK^5i>trdY(x@IH>%!@Of@CbnPoL@0N^*1KBZ!#3zz3V*!I`2WC;i~d2- zZ{kjFNX%X~1wZ#(#$-9M0g5B3Vf|ZuA^v>Jq;PSfmS^zi#U?#UJc=22+#|*cyLyLfAToM-LOD#W~ayd(V?NQ+A4c{`(mRd`D zhob|6o3DVchbWDH93=iT$}{hA>IA+a=;Djf!K^22X+{=EM@UB5Hd3aMo8I3ouQHED z*XvFU`OYLenqDP74PQumX-4=M>Ddc|C&w+cPUiSC4Bngf($*h<{~);hPjLB`WOIh@ z+7{zIS zDt$0A5?L|@UlN0@EQbByyLakIb59$3;H2cxP%9xB8>0;Nqw(d6p04T(l?4*y@Pf- zbcSVrW0Vdl}`@sHw}5}~{aN(sTITrIF$Z6V&wSmeu5)nZI}Cqo z9-i)Fj?O&%TGqsx9Q`JqHFg&KE5B9zCdGG!4(vt;hI~n%RS7m+0H2liInO6{ZYqBH zh-gp!3xH2{lyE3LCs@_4!8P^gFfWwO>uiTM8Y#matj0c%F@My&tG*n8KmL|P9N7Hg6W#^;NcbiwTiEgW59R#=z9()s zx_PPV^Uot)dS3pEi}-EEhohS>(6=$6hR2aHeN;EN@X0O!ABWyT-q3gXSB+lgo3R=A z_GiAy4*D_b+SBq@$l=!2KJw4?wZtZd|(Y%~*rNjp%6R@n&zX@x34qPD##y z<0xZI^DyB$Qi)uE=J;^Ty^C*M#8~O)#!z-Yu4K!7DFtrn{+{Ar?fn-?_^-UnpN5v0kH^cuHTbf1u=``lvHS zn{pSfz;`+865;s8aT7@63!lwb>m#3Y4Ugy9Tv!rmB3B>B=WP zS-_s4*C~g*I-^VxWdvJsE^GK{KC_NgGy`}S)vZu`oBXcGih)u1#P7U|uf6c6;;)mZ zQs)HpDSjJ#Q)Tnaxn7>B4Dt=0sR|a}+rxNlHT;s?-Ow%RPjy`bk*6(qrrsWH-oiXj?n*M>>N^C{-OM49lYc28U=F4NBeBRJk zI;&juU<2fdcgh&oj7#0WDIMn1JLA3B^6m8>UVI?dy5V@qyN8a?8{T@n>aDu|ny{Q0@n+- z^YKMJxOoEUSF0?2v+fQi7;jt7l(Tc=~EjwO90X@Doa&eA_M_hT>if_leU#l27l7}1-Z_Lw}K_-?UM;eja(~u+D7a%#3j~uB+j%Y7b zMee*6%3FfGd=lTN=HcbgOLLx>bRw|^jX&sEJ{$P_{0W!e>9GB7jDuy;FQQGHblGBe z=w3?Adx#~7k=D_H4u&r}Dy;^_=+a7SR5*^Fl|8QW)uW{2V-6SK<2C)?*|qYaMN!`?lu{b;OvaV-3v1Ae_QNQR0}4qa&D zsllT!?fF#Fz8F6cn*!Kgfj3!)Xq!iWnwh^!_i2pjcQbw0{v_ioWE{sQL8l3fXLR)f zQ!bcDaCl2p8G*_*e=@g;xW2wbJ2-b9k0(?zU-^S)aU5 z>5SWcN>{AP7CUxfw$j02FP^y?XHJ~L9m+?Wu3cxrQ`Yutn8N|{1je0gw@Ex@yP-=g zD{X%ic=D~>{rC>rf}zj~&EZO{G|oB84Hv-|dHB4fJ2d|*zI^Tq`MNvvG9I6x%~alu z_5m;bzz=v4{_7n4d+itZe3#-(+JiR>z`gwEA?Tk6Eo586U#xZ8yqU|Iu51$N7qh<5 z?;*1$5gAZzp7hoHbI1R~X8d2&xt1E;X%$*e1QTC-6P)3f@e{*6WxTy+Ej_WCwmNke zcCFf&5+wEzcp^K4g{$E8)bGW*Yj~A?*Kn>CboOr8W#3>PAl*BX^1hyQE#vA8J?gZb z+Lm}38@^EZoaEvYU+&AEu`dL;{hw*h%SrOLWY!w=US;{Ha3%1>;n&o8fW~z`ysl?I zp0Yz?(C}&265!)wmgCz#C|L*p%;Y%=e%r}+$$g*v1<1Fekku}EVB`pQs=V~EbH}nH zzl?o@tsI>b+#JK6WHIV7`5P)IuUH|SHQ}uzKpmB*JGPp=X5_zz{HZ)AyresL+2+BC zi;q^b{*=TAxHMx|cnRV+lWipVA1w`%4t`{_t1s|mE$4H_;b+ZzzeC$mzUTI3{Gbye z$b(-URR5t5V>qfY#`w}+Wa;AX3pb1z*=!5I*J0l8;ZHK`A9*s~k6FJRW!7vSG66cR%(msRD-YPb-MJp=(#xLDB*$+FW38n80<+KWN#a*sy<8XYn|Vy} z)r`gMSFoqb8fbn8uQX?2dU^gs@Fkrr_<~l^8wN&ayt%sKZU;7J|9x^irL6zzt`Adp zXjE8hgf-A)yzc)6#v1$tYk{!_eAi$*)CJNEjN^f^#(~lN21fbISZ6Pbz+WBE%Zxeb zHIF*W`NIYXe~9ksgg0Q@00wsFw`7I-bE zrQq8~8*|yW;ro8DFt2}bS>AYJW00flqc5AsJ?SN(FK|Cfg*ofn%C&J}VarQiTM=9K zT0!T%JS9E#`*tTkaGCO6`Dy5#;id*sUuLmdTEnL2GfjzFeJAe9Nv!0jikLbIOzC^h5S+p$$-<9CI`WwuHX}@|J zx(`@`=;fXGRlWV|uFuNXkdhC)G)OPtdw&e#cd5f2Z;v}Lr|#dj@9R$byV1|1qO+}r zm$2hYLg$8MrwR@mE}PCJ{fiSXf#=en*tW!c){Dn4we8(}e&;_Be6$=q)?w=u;7|9K z)x29arTe$)dy>C-;XnV|>E)~Wowq&Doc(HzQu^iL*lf=7)A_Ni8OtxA*nGFFo^JVR zFEVduop(F2G=I6x=+ULtWBJA&^dU+;kr5~_yIJ?M7yhs`9-(;l?H*>kT>PJ`I$CLDZ*6rt+ zdD>r{u0VRkqAV|dDWTk!HI0k1WN^AV+E0{Gz5>I?s%bB%)uY}&1g>BxsJaqyzGiXi(c^Qc$zpwbjx>_Sh* zX?J{e#V7D(Htl-L$o>>RxIDRyvZ4b#xpkCFyR`*|Cyl)VjK`q^ywS;%-xiG+%STCv zrr0btPkw{+QtEJd@&fSF1%Aeb;Yawy@FU}F5c#RQlOKy5`v1vpvy&eSmCiW$1L-R$ zGn_y1dl!COJl62zXm~`tt~IQV>CQNF`ZQGa(5HX5VejO}Jg42~Nze80W46=ouStJ^ zHv5=%!A0Lo3_oUf!;jO?cWfH?u{(eKOx9hz=k=uWqI605#~sIX=8eH0b1Ug2$+XYH zk0lw_)`;u}d4(*o*#@;_rcX4G%$E!$XXTh1B8Yq36^d zyfU6A>76|El+xi_$+KS2@o~zD_q*`WKKu;Gv~}fY%9&&5CF%N8kG(WJWq#SwVQoaV zY>_P>`5>R5(z?@?dFXlRZ_P2%EMM&c-if!x&* zTT{-LS9|EW!g=gL{O|O!hCX5!7jhn}>Ek;3xBy@FLi)HX_mvgf=;JH&@k#nPm_BkJ zV6EDboh6wooQ)?f4Y|31{-xq8qZ@qfv;wu)QkQTtk9!ni;3VFO6F2V8#!2iutm*Nm zysm9B%fXA{=`jt>KX-njI~%-b`)`N#Hh%gW{0QzW;O;_y=B^skHvQ#WvhX?jY85MR zMt?HSq`&$j`d3osR&d~@1+gvzJMb@?zH&Zf{81}hZQ-v(-_4tG>kHT?4bh?4W9X#~ zA9pPOI<}wT2@g!SQg1qC*L8#6>DaT~@uTo7S}88{T5zn`nMc6m&r)!Ck%LQ}Pi^Yrrh*rk=_SA{FNw`L9a z(meE5`~#KD{k5K5Y?+x0I2MZR5O8C*Nu14;ano-V@-E*t~uvsv{Z3tGJQK-YOlq9 zmpayCA6<<9W;N-?e#TCcjJ%OPFo)h(8O#n(1@7^Tg9`Nl_>B*iHMhvkR%aQlvAq57 z9n05IW?d*dj2|E|MEC7-N6C8T-1wxgTFbW@>VtpGS@f3p?*2pGrqrLy9j}ddV$)?g`)e6bs{2ROt@L@ptni)ucI#gVPMX2V zBKqC}P9zU*2Pcu6kjoQf4+ayB_+*KQ^oF$cc_J ztx31u`{WC+fo~>^TVMN0Fmb)FSFMplnzw*=dtXzp`enaA&G}8igz9dcY$fu~4mJo6 zE{`qYyC0g!76?F(#>vnQ*zt1@EC45!;9U2|T?@^K6K|Ue@5Zjgmo`T2WMK!V*Uy4h zL-?+;s$1t_#IEFbC4TgA$l@{FrwERRQlIypnZe*#{AW90=Xb`(2u99LcHm+hG}OQgjg@8`B%TA#nA+z(i@Mx=!uMftY=L8!UZSB(^Jehd z0)BO7>yqP~1q*(6-n;6B_!O&Q0l3wEOYMnix{W)AflqL`FkTJ*0^lxAUv=)N_Pq#y zUlQ$a2@vKXqa4>=R|djk#mp^ojR_#8tTYeovp8 zz{e`^uKqTHBdzz;p8|gHT|q2#lr}p$zJToM$6x=A$A~?S6=XUx$8Tg#Olj3tV$*+M zFMYte53ojQE4C&O9$+E=I3xZ)Xv?CV9Q4dx!>T?;<~=Ph-Puz?ONG=W;6%T?rn|9GrbK;wSb7 zzlt20Tfq9%2JlUu#;57GH{YXzJ1zXm%Qj9U%10ipHw5$W&*S@;%3lfokHP%aS^g?t zF7k~%9%ET=(mwGhV>d#XQM||Ci6Z(e{b6LsBf-R%A3wc(6$4CtHe)!DZe*s~nxs15 z1C^i1?jbWqDGziawT2D-Yhcog7y18 zkMGHWPq@eh_LExUb@)YiDJ4y|{&CV>zA46+>GI90<);-JJ32=BQgA3dFW@PeIv3o; z;XAb%0Y9lclKS2qt%iX|aBTQec9h8j?#2HVJk_V1Zg4GHm^=j6(sdGJ($PI2+{ZSVvRI`JgD2v@?v#h(E;5jVEU9hWKZsklsi z|FrVj`?g9l7ug`VL{G_=Bg7zG3!aPVzt%MU_yID~tlABIGin!;KG#XlC*R>(_zfM? zvoQ?24&w@MdR=#UutDqagdiNTdE|9#<$cdeU^=gu~ri&g~htY-bcaWXuN z{MCK*Ixiw!IAoud^i8>R5_)+qPw@cvFD?&dFs7*|wupE+Y`ObX7X5sf70u-dP)| z(p?NwE&pr&_cD{~uMQ1UY4myDQ)&7NF-R}-r}%A`mZGERX=uruuL~`)f!Fu7Y8QFv zSVA7Hvo~WCw9Ll_=KOToWvgdA`GVrZCvt{pq#8QT2RF1Mnl+-2o4|YVjCJHmt1nWX zIq*O=ZA*9D10AU&GAEdb@Gcxm|3qE9-^2L>;JutPr&Q(^mu^m(n?)<9%npz2nM;`< z@nF*JzO+!ouhlNLY79MJ%)5Ls&yZ$#2p)-4aYqw;VttT#hMxO0+^6FD2jF=of9w-A z_E)q3J2}VZ#g?1s_s!r3+)LhT+;AyE*<$RA9AXt?;9a&%ly~jR`a8OB`^RU(Bpomf z*^a#Lq64O(KWfGXmrX}+yo^7g68SFL%>8N*Q_9!28{db@4z{el&BWop%CjYqxi<@1 zW`4YANhLO4cRFJO^|ny&Q`DQuy}9d5y;=29r{2TRt1;V3#3xC&TYIB}ti&$UM#kPu z>TW)@a0zkUwM`RjnJ>FtdkD76hRzO}wOftVrU~F?lJJ6E2VSNdy!hH);&*dh;JE;Sp>J3tQrR zevg{U`oEiJZ69-P&B4h@KZ z@5OJvcl@cECF#%%S<%Mbm}O}*rj1o>&LJx>E5I86p-^B}2|QlS{Qjr#$(l6zoC5XR zEdQ(k@7qrKXYFQ;*7U#sVCBHzvXB+1&pG9rbt!4Z_&tp6Hs7B2AKD(6^%DAuc(C?M zk*BIlF}{bWYYjYdh`MI*T!#-q^J1mP@e3;bDV{Zb@1~9W4>Gr|U)$MM&aBt*b!1yB znU`nptv;1A>w4ac@tt&OI}(^R4}M{vK>Lk6y>0IVCbhAcCwHe6%J%6{|9J0E|LFg^ zzDiFw>7~3YJ&R{e)(?T{ZUfWHz*forLl?F{Ft|Va^tLY&J6iP=wns5%u6toZ&WBfV zC&H(tNftBN? zJCXKIp{^O=VGVs|&Nc9(j=FCNH^abV5j?RGx>P*ywMX*~&#~)QTb?#L+smRo*15dx z6+zdT)Kl@mw;s(q`hZiOy1eDR^-)J>eSHQ0LtW}q{pT2bS8pC*p25v$^K@zPh3;rj zV6UZ(Nufi$Ak^T-XSwva-mG6F{d2kOce6sd;W?Z$Fo(Un<$>VGmSue$`7W|z`}xFS zU=J$~egYr!@zu=7=i-aWWBssz`K$0bPrezw6SotkT%L6S-;B>8nLm`0pZ7s-{$Mxx zSEc0Vy^otebpDz3TPgW@C(g)*hw~`TfG2WQSNM5<*Ur!WbK?B4U0BomQ8aMJ<~)n@ znZQ9!`9(Fu zV_x-n>&OSL66h;??Im=q=1YoW`G7fR1o({*bb=51qIud<^Ehc>&175{Q)w^wU#@N^pcaDb? ze1ZecLJKAaKhXnT74HshzVF2=aqd0ccQ7-he)tfXioXN>GrO*vHi!*$G7GqGiT_jyo(>3-;(nC3;){nPF(Su@Nu34>+uwRorx~< z@`iYeHH-vz>lhkM{WW(jLAS}akIbcW!y3j^ka425#~{8z`LN^YqTYTX{~K#qyzjF(Lqz+6kMJJR z`@XZoJBYDq=Dp#YCT*#8$ydU2Nz;1h7ShUI2l`&0!p}GS?(}l$S*w5D ziXO)bbz7dgB?~{Ryp^mOLLAMfw&BQ&=Kg2Oi&l@k=!LE4m1o*Rp!oRQZLDK3@2!N# z%=kpkXnbD8y+=Lv%V~2@H*IR4xjQ!WbjQbV(|%Gn8a+rKH6Q&u{cIdctf~tGI#GUz zj}JI7I6BZBlWuH(Bl=SG+t3{x=uq$dIrex@j?W9We?tGLb6HBAsq$!e3O|TmuekTF zcW2W$IC~(aUdeT@esuAb3h#%X0`K&cdQ;)G>r3jx%{!d_d*q#PS?1K^>cgb2cBtB^ zd+qn~|3`h^Q-2?FY2O_#fpf&C^f#408uK$hrOtCw>U_sLevCbkYEA6T&4cBeBIc)0wlx%BCN$@wXBrcHU+{>;bRxg_sbnK_i!nwWcT zD&bwW;e29K3@%EOb0N`XmeYToQ{lGgwzr45zgM0cdgSJXYly|j!9QWGsxx;)Ukcq8 zz$5F4^&EHqqX#A*-gJD<&2Jwc*WPw~7e0nL*$WP=Ja^0Sac}u>;Wc_!PJ12YR-8Hi?yq)@<8fuQ;4k*j?|{<> z7k-;RllaqO|MD(lql^tuSIaYqi3YUT}_-2dzb*r)Al&_$ibJs|pMtU9T75Mq2p9W*k7j3r+ zl}CR=g4|=t-oXI$)VqF9_h*fM)v7))3|O+bAHA24bEKJ@zD4Z!hEuu^J)^3XSRe7( zi>IcTcX+RC!>R1WD?2*2>f6P>pz-&(b!5Po8TgkkMn7`?M)=|j?fxiz`l-6zMdOJ* zm}p{Z!UYrUZ`UcEyUz0Nw%_x&GY1_XGst$Fthl(*y!I7vt$11CdI>ZM`K(dUslla_(!T@UW5k6?Zpv3= z#(^sn`K~e9B~5X=`vx1E@w?x4Y{+}r=Zn4gkG!jWcW$?uJJcmJyNl1Z$4^op`oYgU z){Ru&4_~nNboW%~KLz?1Gqz1SeBn*^VFSo!a{DvHOUe#lSc^##&;3_^D{O&+PSJpU9Y^ zx7phPUny;#bsl-DH;d==K9}^V#8Ji=zlsAR6 zj%-@Zw*^ZV-GY7;ycN)A759Ot5Bifn5iB*pBK;HrkBVc|Zx@%{!6e_U7ng!b{!igj z_z0cq*y3%!ldn^38OgYlXC?LeuN`}%z0_yoQLY~)88@IaCNXj+x^*`GhkI<<7FdNp zVVpg_WwYP-9D4Rn;`|urKNanKnQf9Ug0mNJ9>#`g9p@`NGMm^5 z&P&$03@!Ml0{aK%#5g*kCz%1nxREiaG0998 zt9k<^CZZ-o$O*y{A?Hgco#{OG=%Tvh$=qLDU6)*Y__yw>ZVn|+I?>HPpS_M} zLUYw|b!f;7&mQ7T8ix$m9+Bga;c6e#HprL${zFo?V-sw{_qrXMW&7n$cKoVHa{Cp` z&0c}6ce&aklpIeU=>hR`hPlV>zwBROZH;ZT#c*iV)r2l2?cSI3->R`g7UP>zn*I~D zSDMlhw?;WF#6;=6&i%G+yQ99L&eCx_Y2U=&AWrTv#mT)vSzn~A8p;tbT}J-?{-LS6 zfdBl}6O$K(;@LN6I@yze|IHTQZvp<9=+9G~?3?7BPu^oExc=tqRXX>zq@$5CgxAhY}0hL(cs2jD4QD+XWn#&B}nr{mdi(0iQW_wpRgw?T8we~&{y8oHw&-88f> zbYIH4sQ&))9PPJ3`)yN51MJ%_0QL)jeG0U1rVh#;OF5!_4Q<}Cu?{<^tmAeMHtmV6 zbSr&ym;JX0d`r#-sYyL2xBXT7&{K9T$uwv+J53@xD#do+h9Iv=K-@zh(ssV+I5 zvZAE7aJ>BywZV|o9kf9?ZBR}dY`?_gq07MIGVr*BHu#*A1;@^-)dtO88#ocu1{ul_ zeq-m*1|GiEGiU>7D?Bgq@U-w&(?*TXu7CeDa7f0b84p!MBfTS7!r0ZB)7?IA`|id^ zu?cF4Z_s`g^jm!Rk2NkkD%s?)=L&rleq3&B*;7B3T;g=EUq@VUIb{{R$8OU5CD&|x>Sc=Ddz&$V*aW-oF>@az2*duEzjIh#7AGXMJ;qmNcfp|*o-}*c;fI<7bm_5Gg5p)(dqS0ALJGHW9s#5!mMkYv(@X*}2t4+GGjk z^-`W<-^B;#dVHXL?8OIq@8^SaJwDL)t2{oiZKAZcP3&*sTLb@H1^>MU|Iv?ToCp6| zJa*%AxYE>Fy2IM*3k=_t8ku;dSD(HKkJsS4&G3L^iFASFx$a$zpJY=Vi~LBfkSm%D4*0vjcqL|N_=mGJN#z>2sL(C;6UVf2S3#~yk{t)bV*;lavu>ZF@!|IH$d+cR}W0x=KT-Gvl1O1O-Z|=|9*Fpc5 zY~R&WijT!@zx}*dW@c#I#J~9cTdyON_6^UEhctc;`CziXq6>Xx>;$$#cnb4Zk>B83 z#OHLTuN?n*-$DOM0Zb9}5M^~QC@eQe9Dev^j`nD1Dqqyuf*ffo4|OiacI<}st;F?A zCEjPxa3{MGJ8Kc?V#ty-{H`(cuWx0}fc=J;PsrBK#ok7zHpY)P^UPhGktg2x0{mXX z`<9ANn)%%(d|>_k;Z%AbbLNTDlcJyIpv_$GT6_>?PWDHfbJ?vtl+}Wqs8Q@2Y0O;F z+<3N^auvV6nzm^9ZewTr2+m7$BJ&*V@)&zJIO(&^eupb{UMBg}S8e_l^3NfCJGjmn z!CEWEBO3E16fZ^EO6)3A5A-0-OLL${>urMpy$fph3nQR zMk0Nr!F>&BGsx#De`1XzF}?rvxk7%fX3oo__e-L;ftmeYE(2aeOJGo%Mqq6MR?{xP zT2DRxevzh*^iZes(f@W~&p;RBHw2H3jLB6-g#3-rXeRVYu!n(U!mCP8pHW>g+RgY1 zb>`VmYm=)Pb6<3++sFL;qPDMwCPu#ia}}_~h;6rgnBcq04w0q`x`jw%zp0!Lo4>Nc z+4%x8+{o1m=Cr80p1lKg27-B){-}9p+M(IBL+4uBq=hqM;Gs^fdlT&StQpW4Pw)r_ z>2cX)g7qwX2G#LW<1eV0UTVhQ$2O1EzE{t&cI%E-#j-=gm6U<4I^#;mc~WiQ;#oLH zU(g?k$5T7~nK^WSKljtu%7-D?v;OtROISO$ZsSLjYof>^WEZ^kBz_clyoPuk*N2<< z1kZ_66l=1qiuckh+AmFh<*z^1zrvPbbPQvB`T5c{><0i3KR~&?_-1Sw8O9hH*0iJ< z+h<7I1)U7cP3}5pjm19#pZ;5?=0Qh@{41~X+y=bd3 z?BnlmE89NP%>G1$@>?-tcO!ddv2Jh^bH>PqTh6-so0raX*iTZ=#Qx2EjJ1ojZJK=} zWb@a<&mr=Vw)3}de)H1bKKjU)lztQANAcrHN;3jm*GseD!f#!A*0nz{X;x#`hASv@ z6@Dy!H*-c(mC}!Nc5b3SsLTZ?Q|6m)nHhMMwPCm1|LEN&E^Zdjic5p>M=Ut`+m|l* zmRqjU0qZS4dBlZX>Ee_vzd~Xo<4PmfoZ}UHyNGYjyWe=laaxT(N4_4ze^0pkY^_G_ znde8`=LYgR>?dyCJ*NK4Ix)xTsAAov_WO&m|GA&u)|M8(-9mdAd4)dq$Gh#^?D~J6 zKT3V(@SOjL__bwK%@ehU;B&z7L^XU~1D{uw$IV#KwH4j{V7kz2+6zkYDyu$$3`~?J zdx;5AtWiC7@ipvEk-o_>eg$mS?Ap8OFQ=G&!(YPRzhxckGS?9Uzr-n7s4VQ; z_dN@KS2K1*z8D#!HDH&~|EXh{;|xjuTy@~9fDYN3hmoz1@cS`z6~6NjI>pe*vma*% z%4wjSKH$U0{Zij$j8m^?411G1-X^x`arOp&yqD{BF4?P+d)=JB+RHxh+C#Pj9+p3> zi*fH8#Pxrl?-za(d_zNb%!Z$O@B^f0@(rKFALlV9KHbT>^5JayAm?i!Bf2@;tB3Mt z|B!tj$#3D+TE8B~?Y*Zn-*y>30$_Uszs4Wu0V6bcoj#nNiCnoPo;~!?lBFj@r|ZCP z*e%EIlHITUdAlNqcKiw1C74UW)vfQaj%%ssqEtM4@uTc1{3F=_!*<|{p793$hd<$q zc=Ku}D?iYVCj51^v@7-H_r@L8;d}x=a-u#t5tvU5z-(dNeg!@|#@%mRfWNK@|IF2# z|2PGl1Q#%0Umn>qeAw_Ue=31KL!9jKz%L)qn<4h0M<#XyyNko{j$aegAlO&&UUIby zn(3?!?JJ`BEXBkdp5N^H=hW{7^Ebg+x>UUXADj<*uFrlPf;{lcs$;M*2J{l2yl+}cQ*I5I=LW5uQB|cpI?#9 zB;Sc_q-VeD@se-8L4EG`URnO}*1?qbZ-bQg{C>)F`*R+?yS_INrc6^lX7t~^vNB%G zXfS?dS^!_OmYXro-9=#Ym%A!Z?qKm(!SY2<>C?{@fm^h^%PTi1e~gby{Eu%59ax8+ zHe;r+lUc8QD&!~0&`x3e19}d7zQ#DbD0|zs$DJmgFu%XF)^ufBoKBS=jeVXy8_Qc+zvu>}Lz&G9< z`&o}?y)lBtUt@^F=(DE3df$v)=jo@2<+&r{orA>_-pSe!zpo<1I4sP17yQbM$3pWq zqW_sIXPg3Up_gLAH3puc_8zA(D{}5gY%otg&4F&nvWe^^k`mpY$O$~gFE*Mcw`z#@i=ouk?%+fLjFROp5z0^k*lEx474Zv*s z8uG==EvbFf2GXtiZQEf!dDVtBw4on2e|et^(7?9SrCvMzi`Pz$_h;qP^R$QGUaL%S z4kC0n^;mx&Jo{68fcQB%%Y35obN2ir`~>Zf=N>cu&tYb-=|AW_=ktx>UO%IM#f#)? z*8Xqrj!n*@-~QpELjUOT9(=)gFbm&t0sHUb=P4h)^TQ{897#Fa`!a~%HG%v_j-<~r z{@Ev(ntKK{$+d|4)GI>#DnneLf$#>D)hT?He+1o!GvW_+c{d;UUSB&0)rCk`w48 zk++ z{=u?!_L=4@ij{4@4OaG5tnIb+YadZFX8=8xfL|JT;q#pxe_u=(XB<(zy{GJxzfAu}} zE5j%3b8{4V&Dik<#*nl@Re%4)V46d18rn%|>hb%9kT3pr6dc!+t_zsOqn5vi;D7P= zKhxd`+MD)8p46sKzy}OI@I{^Fx#JqZ^MrV(c&!@vO`cN=dF?59Fa)n@ysfiUu~9l| z;K>%!%|@1*JaIQqgHz@5AJ5V!b*nu&=L-S+UJuY$ zFfRr+;q^7@F|-9H$w1cObjIl`;tj1qjsw4J;dpH0eK99?mrWb=#rWY9t$K;MQX5*> z4)GRB`X-**gll~R0_+bwuSWbXQ7j95XHzDI6XTN92f#tfSCv2#Z+dS%(UBWs@<|M#+iv89bgVoRHdEuFk@^Zn;8jNC6eS1)t2tDNWy zuAkYJz#p`{Vr8kseZ%wTnVWM7T1z>1igUs7rNB$ZN7i*Zwh4X}`+jGOlY9$$(;mL_ z4jpsu-siIDEeF}bcoBO%8Aq?Q@XoZA+78>yZJV&Mq5jtOpY7Ja%t_Rk`eW4JwBPzi z(H% z(!%46Gw|$rj(#9`@Z)J*(sjB=kBI9F+Bf|FEj;h;GVOyelD&p$pWgt_Zr%+J&)=3m zerfBEA8YDgPyN4D{p!nqWB%wW;Lot(Pk58{xh`*hhq?!=SA9c&`-UHt0>|PWna{JR-lU{HML@H&dLw{qTt4ix&8zX&_%Lw{&n$Fm(7TuzbgB2h%^= zZ2!p5Im85eBAm>ub&_8sy_?SUhZtb_uTXyF^L`_c-rBLNBCZUy>sbcN{|Wk$zdoCP z*&z8-Mt#4B&fxdVR63pC;Ti^ut5z|#uXLQ`e*))! z0q-i{{tw{afPY}aNUjPl#`PN*kMu_>cRa|LXQNa3EB}~v+qa!m?>(W^yV&_}P^O_@ z#KqON*B>g+x$d0NIBj5|APpk*`qekNmx zYjk%)JMYA zi^5aKU))H!{(JoF@{5g*@$TUp;uroEoxX_sCg7+d{rPd{rSJ_eTo~b<&09lRExxk+ z&-&dsy5>4t_M+x|Sx-@>VA#xE`Oi-{FGW|qaAE1H_=QpOwe#*+?(4Xp$Nd@ZS99OS z{b0T;uktBR`{=RPts6b=y7tk>UYGFjTNHck!X^8G=V{;)3_s&87@pxS7@p-W7|wS> zFO|n$xNul3eqs64@fVk0GydY^xF5&;eD3FSpT~V3_q(~@&HYjCk8*#J`-|NF%>B>Y z{}%aGx9U}$s!w&P9@SC)@e{8*?&Bw2cmBsuzHZ*fPr0uAJ-yVpXUZ$iG?$O7xQmY(xvTA4xU22kxr^58xEoq? z7p=E(7p=>I>p*1;Bh7)z5j<;l_dj`{vJOyz}AT4$EzZy z$Ztz3yWd{lgN?i!8Qg+za5r+(FYn!|ls@mXUWPBF0^iIC>}|)1{qkML2)g%gW?z~b z*I#>hIG%mC+exkrAHHJ~WAb-voFoe>veu{Ik9iohJoH0BdFa%^%9H-u*~FP7;ffuu z4$9jvD*uLJ@S>k>`O*u&MK9U`pOIHTT@V9`2p%X%vWE1$JTtMA#cx^c@xY+MBK0qOAN4OAQ2!h3ft$zQl(nDwR}QHE zU1Z3;jqw4zSBwW3D<}J#;syNog0KE}Tbv|i86FJsfPYPFf1C4?d@HhnMzmp)HLwsYd9P$&=lhnLe0>8|? z^1BRW@4>dp_4uWvZ?bK?JD*Gbbay_f6ncOQ_4o7rCf=+3L!k+JWUI4rR8oE#erKJd zANnt=TXY|&pYm&9KSMc2CsCG7*NdKFkG1U6*z1S0U)_7?FuxA`S9GHEU^lqlf!}C! zD4zX3c(yvDci{V*F=jY1PK-Te>wm9S_^<~^q;i+wpA0P$PW`WHNMm92x0hhw81c?2 z^I-CS?;ak{zDIdFXKcy%IAe#=J2qm!E1pQdoB4fPv-T|+y<-)yFz>;>-F3-k>YOx$ zHE8VRxQDsAR^V*|##Rr;Cg4(-`^p-2NlrC0PO`E)Brc&)V;g zh(7}D4S#TcTIKP7KvoGR_Bc%~J}i`KKPsHM?U+dFj1g-o=!6$$;|S!k4-`vheZB@TeVkL$6Wvr3Gyt zNj66+f3=(WnS%F`k9zOFUiiLkwD_iZ)a`>z$gkBsx)f3@&^+wtD} zuN1zIob0{-a^d^7)4caL6~1qp=)M0^;5|HQ@V&9{ecLC!_c!?8KenJP?7hD}@V?A@ ze_i1HFz@~R!283!_tysAALYHD7kEF)d;i72drRkQ0`HGC=|{y@z3gj8;CJacDjs;h z`4l&OBJe)q(ruKpy0Dz4Gu`ygn!@*O_1^mj{O`9e*c|oVKV0}ea)@~kk27~a5m}n= z&(h~wU!*-N{kFZatxKFI6_3!<6z}YDQ-R5Gqr`Q z-6`F&es`fCN%nR>a!&gn7~6NPH&%ErKUR3flMU+Ah4=-=BEoMR_+9oP@xv$kHZZ+c zIUHRdta$WO-K3Hr# zXmDHsj;A+#xPG{n^9qFHJw65{O zI|dEn=;G&&KVAF=jz0~4M>l|93hZp#C@>w{Hc;PM^6RM=^ql$soARx zo>P5zPR(9q@SF;sZXJEKZascH-(@aP{m}XmWWTB}o=M*S_WGjVhp@;eb0m+{AFcnO z5a;6l0~hD%;N1Knah{$%&fq-Vhx7Dog~53`IJ%Z*>AUd->x3+ z*6FWXX^PS5_#B;FUyr5J4V1MxN2k1>XI3_EKR)NtX?((QPUVVo#kfXtP2lqXx%6}W zL4NuT<_|LTYx3yF{X^4_GDN>iMI(L}(9io;>wPoyE*|JpGc;`T@ZkQTX-FBO zVMui1cL5E(Z++N!`etaz-O!M`p&|ETG`!PKL(*6p{(`ce@_5kDaIx#_D^9~OGz>$- zFf9=4o`h^6n#&QCwmSo*aF=@)J=y1h94qR=l2{i4t>3jLzckBHy^{dNyZzs5o6*XZHU z_&1b4{iYiFVH-oEsR8=A-yZb7x%^jHxAGLD-?ReyP0i8o+XLt~bwBirLBAOEi6KciCX{n?4BrrhD|8{x_iCbVI)z4UMJ;=;wa>l=sc0Ut!(5Bh!o0FZ)-2 z|DB$rpU#si9c|Y_^K)(bOOTcvr=$C+g2}{0w|E+ZC z*W}sIL%5G(odv$(w~NgU-+&!`f0;9~d)|Uw3%K{pTd@Aa_*fT|I3wSstgYa77Qf%) zxAoQCkJ{6>C;7I3-`n{8lZadQ{oGaeZ@Kq*F!;w_pY~{Iananh)g#}dyp1_qI)|$} zZ|bwBpRx9|qtG)7J)_Vw>LX{qzxNM9PiOVtwZAJqda(Z9$+!30-#_Q4C%E|O zxjINs7uWsKvmAPsL(g*PSq?qRp=aKBgs?gO>|brhe*@&Fv*zzg&%}P{dF2P7XL$iV z*A&q6q5dd8q>o}Ld4LeGc)uJrs3I1bj||C4X; zx4$l11`9G@vPS`-Bhu^D+6=Ka?M-=(9hnS+Tv-Zv( z^OI(enKvot(FW(G4I$1WjX2qM)+DfB>y{qkumq3t?}@~-^T@k|xT!uaY{M%BVt@cPTsnp2h8<&~v%6*HBGwGI9}e*E@8kLlFq|L&N$FJjERIG{AKKbAJ4D=|hL z%wybZY0Mh$PjuHfbvDhu;YZ}wXp&d0& z<*qofRuRNu;QYWqWx)EhsHrvCWjlGL9z zl&0Q!r7ZQA-Z>eC^&A~dbq$ZC(q-Y)K4^X(b(?rQcvNw9Y4IAde(!ST6e8}I+HW!4MjRV! zM1C$@`}-erSaYVdP2~L)-=RtVTYS9vb~fKGG2g=ZZ;9i~Hx}gHJJo!P=D)>HFyBt* zTZ8#lp8w{YWWJ5#+nMHDMgH5ylg+mn-%dB*V)<|ECnGpN%C{5sEgH{%i+{p=JA!Y= z>RY-0+XVBCeW33>M&By@-zJ%FQNAHuSbOaMc82-3mo=Le`WE+pJJWpoE8n!%J9diV z6)ViU1mizH%|m>Dmsl{-fA>w7(6$%TwinU17t*#D(6;B(w$o_askH4B+V(u!_FUR_ zGHu&L+cu{5{<$^P-xf{oi_F}mm@0qFj`jgCZ4HmR^|qS26!$59QlI$gg#6lD(|>}` z+Jl~Tv*C$uIz9bd%=W9#g5M(6G4b5lzp-+?`^>)Btl4g0T~mL$@@BoO zTnY}dH`4|7uK6{(ReRaIiZ&-**m0iVVEnz)lT`LonItYs(u7@B73U#_RkO;^?RJ1 z|GkIztj{`um~U67eJpupB+ycwVapf@Q zh-0gM_A&pr6!om$t#V6tv~YirH7y2br}T}D!VP>|1=Ff?-_?xP z44v+t(3&b8?WE4-EQCiUxHQvyJ_wBkJu!1vDQ)|Z*S1g5w!H7WedEma zyzhL-YvZSATi)MtdwS;0yualkubp{U$FtD|wtT@beoRB^t`onJ5*#zZ@j2=fJmq6T zsg4uRNm-aqKD#k>>g1->%tUA>M3}L7*uvDJid$1_hMk>SUGYhSgYq19b~sfrIZ}|< z)>nr9D(9N%RO}?q-)-9!MbPoj zD5dXn$Ar!IFP<1NX|A2n?xq9h?eN*R&R&>O+S^9oYSP{@<{K%cz3ar*)U^|$sUMtu zcIv^=pG-YG<{WTy+etJ#?9lk~b{CEWOt)>j6 z={WI|Cfy?wernRPAA*6UdRP;6)dP2*Z=YP|IAv^ef^*3 z`E$I#g72Rt-DgPuY4Tl8{!dZPKT_Td%Ds&8FQuM;puXwUd&&It?HA8a--InPc@%JA zvowx+HM`?N;JpC2&jMh@>{IQ3RO72-0S-67_7s;A>!`gPtn_NugPu= zl_xsG!`S~V;&fu_XCJxoNE5qXXu~O|`{&P3eVuDb?@#Oh9>N|CS0pGm(fM7{X@9JG z$1!_~-p{k%WB+YAnEcBF`IjC<{yRuh$(|C;^!-+T2kUY%N^~ybTl~Jn%MG_CUXCHJ z-1qMPeteFEKDUrI6FIWu>)ict+dTgC?;snR!|VrE8qdx?BGK7$RHAdv#}b`a9+T*t zPk!j3J=K=a^l0)a_nqkVa`O>RcGgjawzlf=B`>b{kCeEATk^DBpW;~U=^Y(G8H zHLM%Q=F+wrt%C@=JdB@+wPhK;jhog&!}*;@-xx7n!MsmKTYKNX?-zTqFqjep;H#X)z3&>>-T zUL>{qohUk^1pQNr9x6j0mCqkddDpWR?+0)9uXyK`IO!Wm-$?o<(oZJ+xuidj^ixPb zm7|9e?%p|@-PmV8euC{LVDsbR|8C{O{6Lxm;XCIb(;NB%Ll{0_U+b*;|EI}&u=G_M zUJ|IQ82r-$X$FH|^k@jA^_QpbXYc2`rPriDn!)O`=}&qe>D6BZN6jF4g7A(Gr1O85 zd_J1*&EbK1$inPTZ{a;OP^L|*d$IJ<_nCh8^@Th+Soz`~ji-k}j}UYTv!4gEL)w=& zn?N4RrzKvBv$sbBdwZ~7)@dP6*U0bnCF&6m<j#Zw{0+H zAZ-r@-(dX(w9eOEK z(Xs2--(BmiSHibp_ih+`Kc4)4Lxa_y2-N>{p#FvLvwlC$@|WGPn7vwAr_BC8o}bq- zaU!Cn{(|YF?S=I4@86Ri$DUNIYwJ1%K0clGIm2&m)Z*J zR{htWRA|4A|778Fu)Gn0GgE`#M+d%-Kew>F34!N$;Q8kB3e%6gsPOse=ECP-{moYv z;#%hqX9XSSDpoD8C^=v|hYAi68 z>ouMm^o%|m%cbW{&_H{EXKL^#;p5X8-y?wq89S*PKAnY4p|!8g+-Fn9;d~1lKZ~`g zUEcN6BkqIuRp?QTeZju0=G>-D&{Z&2ap6nek!EjMS1;tx9J2I#-mLe{_njJWB1)P) z1EM=-fqO)_a*3Ys#|+s%HNY9=I+ouv@%>iuUSpuKTxP8=_~-G}S#^<)-`$9OwfI7p z9`H?YUre4?`DSP#8f;{LX3>Ou7wh6*qzFm%EL>e6_KSiT-vi*cyNB?ispS~wc;z&zb&ug zFDrQVWP^D3RUdr+8-Q;}06y`}7%tIU?P%fcD!cXZrO<*tW9rtP$A(U{f#DtQvqewR z3n)&{pC1;9uRVUKru|E}#3zOPt^IyWIxhT*uT7i1HswB>ed0fJ z5N&#g57z(j_4nff@?>@>@$$L*!TGDca;&WN%cncRsThB(8J2kYlpwvupZ~(Sy5djn zjhuZpc0YAr?yFmKx~kXyS$YTYX+%yPzMnE1ePtHIXIcOs>8k12b8+lB^=sL4;W&F4 zPmb4#r@w0L7>|#yyQ9#q8|&4#9r%q7>vrwBMLxUEFOTmu?URpfu(~pVU&8QZlPk++ z1nL>))sx>p%dMxFt`rTcwU0N~OeZo={3m&*Gn-nGcMW>3VBdN!p63~PNdI7t?tt~7Hw@mV{=j)KR`&SY1NgGQ=jsQ^V|+VRT*%{j`;*6m@na+XW+`wq`}@E6 zk$tcYKXPAOo_KljeqjAKAFPA%<6!ka#a_(wiq)U?>gO(bJ$pa(-?N|ktDsewt59F5 zrQN^5`b#x-!@2vZ^Q*o({q1AR3-%Y}T^;?TuFZ+O(Bi~jZt>_XUE#!-tL5q%e(U4o z_fzL*e0BB(O8qBqPb)C3uP{_dnjj2j%ClL6UQbGr{2m{!*{NRhq^g) zfcNZUUzWrlJmRU(@H;Ui*+jkucwciO)5QCKT=>fDxwCh%AK%gz-rKo$)BoB$JD8Ze zn{F@c>nC_{%bqZOeXZLEtC%ykW4K=h@VV3Ii$H(pyrKmAiqf8SI!~tcTIa^Kz&{(= zRx^&hiYAAX(qB!$8Rgv0_CzSzHn(Nh;)*b5E(%`h5bRLaH_O){+huA1R>y-?`~MhN zTReHe{JDkoH4j#CkZteh1M*QaL$bqf&s9M~`3c8z$$k^fH*w}pjk0@@QuzM zku6ijnGjXm4~4hcpWf~_?~PSoXY5@`ESnt%toGp8W@+z@Yi9X$g7k&xZvQO)2df`` z9;mb3tMg#>gRM_{75Mc#{kxO?jb4b(3kB@kMeuSl`*ssF^xL-$dd5#RmP__-q5b39 zi81)Z*tD`0u*-~%#(g&S?ne)Tho<^?NbC7yPJC~O%Zbf8Ms_$pqP^Jndto0R&amSNz1Mfy z`Bk(}Q+fWIKVKXgD4wk5Li#F~(i?f?jVD#Vz6Zx61I9Jued8L*UF2;IR|#;g0}eaB z(HT!SUI*_o#!-8u8P~|C=O25n_GqW^)_?F#ecZOkkYInK?5M>PUeP#t4A%$7!#_Sd z03P)Rz~g!!9@^i<$|^rTckTzD)d75@H)`nL@?(Es{5TsnH~s{_F|<*npq-=}qvlM_ zvIF2(>%&j`V-&;BJ@3Rf{`a>Rd|A+5!WZ1ec=#DTIhtp#4~#G8+8!*vTjuYdFL&?A z>s@c}h8)U%e_4OOlL~Xz>l$=m_Z7sQKX+7eCjBZV{IKt4@lEqK^6kmC_s2~tulkx| zF8uE;|4$3Z2l;%u#yMHe^LavJdDV+-EvUDd*g5vN9MO~ker$S`-345Yz}5IayyM)N z$=){$ujH2Oe!<-!`3~F}{GEr9-pJa`uHB?F*y7%|GQMTVqdKDeK7}&UY0$o=oqvE;XSXKjI;?^FJNAMLRrvOgV!-|j4z{LI@UnG>K7drj+%cg~y1 zKE;_}Y3Q{-I%U()1YG@e+Vz|M71*4$?|I(}=tQ}OPSTU21%CP8kY4q55r=O4{`gNd z4`Arw**)?f8`_b6J?Z7sSG`a2J54=;+46!vUjfZlRV5pObZo9lo;?U1&kxWMe^a4+ zHRrkI_jk*%m!|(5iKau~t<&S#Hh8S(EVo~V*y~?sPDJ3n&3X@SwZmJ|OX9uZ@Lq;I zt67V>M)U(;KW$foZ=7>J*LvSi6KlTm29h&uZFBdKod?}XO`PZx6_m7ebE z(L4)u-^>_ll{daJ^lNhWhU=<_&a{VOY8F#>!8c$tZ9ofe%IgLvgN37#)$R^UZIKz{)L$(}xHuBuab2n`^`90}G0(jsjZP$JaRvmTzz>=k+?b-6t6O7R0lMkXL8E>CClKbLGp@v;C&@4^dA4 z=Qz{7%9+u38FgIZWZkiJsj(NXXCMDnmEgyDUK@`=CR`HF9>scv#xv11&F3U5}JMGHNe|KJ*~~0HDAFQTbFTWrqa%I({|Ihb#A)mQJskn zYe`N|es4KvD{{6|)y8m=yP2!fndKQ|Lx^)wGRPyHYg`3AY3qrZnY@oW%tN?mK6dk5 z0Ucc#>+U<4tGC6g7d>n0MR&OMo|bI2^~OuxdeMERUg?fv^|l1+<@s&mpZxV|eqcO0 zY$h~}K@UAw@tlKao(B)|*1%J5;W;jOg$ob3p6$Ye+%oVW%ZkD?F8~kEF9zVr)qAy9 zFZ$HfdzP*Dl;kIK^`7b0iykxeB0G!Ldv%~*o*xU;I}^JtEjqv#Y3Pu-T)YqE=@PMUuzZy4efdw7u8X@JuIiXd-*AGCuINHP8P z=S{r#!_4#C!Ro!B6tZhvJo_Bau8whSkf4s)dh$RVH*C-27#wd{efT=I zxnCb@p1lcNWeYL>m@#?osx#{O-GvTsn!Eaprn#{*CeN)p!>{k$wO5gjduVITK_n{)Nwy!z&*n`1XmzPak=V)ftT)qi7=`WJri`q%sF zUr+t(segU3`Y-e9|A!*=f9?a<-@Ged|Eyiqzl-{J6|4Vrum01D)PMFM^{0&gAaBo1 zrv1h1mG}*rcb-wo7{6`qRrtQ0rBmSjdfqp}^D*8pncKW;QAKF!c-~K?A3n#L>GDmd zC5MFKo!1}}m&_fzOZHnIJkgEcX39=@o^!~?k+y_1SCXb}ZfuwAk1k|$J>Li7RnoDS z_nNca%{|Chr9Qm2c($5sLd##%z`@Voe*D7Vaof$!yA}^~mI|+G`a;{yvvw^R7Fzl& zxNJk`Z$rM{E;yn4ZO~o#d;~b;hY~JF3 zeW$Lx?V+HFM_3YZ(@p<~IPe1G7VfSlQyx!}^zmVrA zCVw4;`)j`n!G)(f5lEN%a@|d zB9AUVDaMbCb^ZSSjkImp(5J%CM{o~lGyYmGk?1ZCOw3@bl=oX7snd`}tCRE(6{F_pSaFzvuF|cZmn1 z|GeGM^myH(h%+g~c%+K)NY!M{?!p#*7&xlW#HL9MO{Vt*{W%&pBDb#@@J^OJrbbF#y(fZ+4D~vXlh|o`-v_w=wjd5yT0kq z!XIqk4)`y|+$}M5xAel3OOVZyi`vJ5HMAp$`C*M;6d72ubSCTH?*Jdy=JMuvytcM7 zRC>pcPj}>o#}@@~`KE`9zkMxy#|7*s+urrlot>-UB_~$MN5p^O11hZ3&RgE()noku zlBd(qQGWdurme!^ib-n6t0~K2j1K)f@&d%+$?aax}&II-9c@g_fbJi%n+R7a@XW~=AC(&H7^1cQxKP?X?&CD5$ zOI7}-z4GykATR!A<%gN`I1rq%Pw1SLQ<53RWL2>&@D%=K>J6b zS3C4td7-m2gsl~YALht^H^kMyT|;kuJldS^tLmrn3CVX-f?QeYOy0R2`qty4ZREZN znRp<$-SI}W<7>oZsjqiOu6_Joeiz`=d`5Dq4<9=YxzEE%e$Zm}VsJc^;|JQS0r(E4 zZ42O7bw=_U9~`m|Zt-B~F2aw~0`eqRKYUnBo)pxTJ|lT?psp`?bqyBpFlc>q4x+wT zUGfuw`WioIeejRL4_@*2r9%8BCXWi#H}(Ma4GGx)IeJpxENC5`6TfBV8P1m^f27A` zn>L;iUmgJt*(MEV$6t|5ksa|IX{sD&OHh7?g1i@-l>FoIg?(vHkK31m@wM8+zCgZP z`2&1a^fk%X*@6BP0p?axSuD(t9nyUy1Cz16*5xy(bdc zQu5ZVuRO4){jNsRNv^8jH6C=oi*$U4*d~qhH*+s&pXN!)ANcULeeOR!+|}ov@_63L zlW9ht44iM;Eg!tySQYJ|Uj9a#%QKpojFJ)*8&BG58vU#N%JX#&0o9mbou#f zJKtIbe!#v}Iz(-dp$#+-YtH$`&J?bfv%a;NwwH}1d8xU*3_hrjTiiSwT>J=r%RKy+ z3BPg|zpaw*o9djms$#XtDTCnhj{#gXo(mBJA$vGo=Eml$y>>Q*%=te0_DcbYN1%F~*tUfMwRaVc=s zJEc21nA^MxKD-+IHsJf~;#uw4*Mk2K9$iDf+BA2~ddZ9S-=drF&&$WxI4rWXM}9rZ zT8SL#I)t{qfVQ6LWEbN{(YaK!$TzzpN_-*fFun0u8o%wAC`bP4UF;d2z8reur%f~8 z@Gj3?_+u513Xd3?9s%wd@y_M(?88^OvACk+FwvQ^G>$XnT?XwgP)sIvBe>2Nte45> z6W-Cq{M_OwJVzZGmv%8{{STZsK)XGeA#Du%=T+*?$XAK4IE_zx8s9hZUGt(1vPG$D zGG%TNjPympxCs6>ur+ah6|iBqPSX5#BXk!G5ooG$=Ogd*&yfA7cl!Pvc+vj;XZ=1v zTT15LsCX^>Gnq(P$94RcO@BA{Inf|0(jWHarpS=>K20 zEtfzSe_JjRom4Jm7+yJDG-K}DYgZ=NM|7P<+tap!TkU%)G)yoztvqUD$^Wjiyfy`{ zU8+m%d`Z5Y-{GCVot4+$)=$yazXBG2TYpxtPN8o6*J|q*?RV-BFI+0vD@DhU*}uZH z@sxPB9Qa~dPeUDDqL$kPF75cMVuG&(iY=bV~%i+rqe}hI_YDQ5!*qX4zjzBK-#d_0BXBqRfDOvPkqtbW_CX}X5@^k>CDH0eEjBt2{UuFCEPFZn)A`y$Jh&DqDi zas1`A#QrE=rCRzKzBT0`mo-Oa-cgp`N%o1h1vK+uQ~s(`-TX1Z1FtE+c}IS|Q@!GI z#RlQC^7d+Q{USE@&*9=bg;<}INSm~p!baeNT$n~}Hx)i)+^jVvGp87R$>9eD9 z`b=@^*dAt{xrFv!N4t;Z{tS1;(=Pg$WA-R}?QCaf>Z8t#4a_w+>pqt`SMFWi;X2d5 zuW+&(u;b<;6Em5nRmcgthaC#MGLJdx*ObzV%Ju08L6;}<`TW+AUaz@onUPSz`5@__biGVdcDZ}Q&S2D7Z*g$LHQu*MO4vJ2SM z&%4RjLq5TL5-rz2ZHqk+o+d5FJHG=t1i9;e(Cp0c=C|L zoEhiBvkl-Q`BKeuY1CQz(6G{_ckq6Z_r4LG-iO@Vj?L1G?I;|L@Y?h`F}md>Ay9oLIZqPe0?$Yt4{l1rKkQXjhj`Z`0LNt(}HjsLi> zHlE$gJq9m1@RHhI{qaud5ii5WQr{$YNAgd$Q=Bo_5B3AgLxRQB@5=iEnN0mBP`_j{ zdsEb^Y}o^i#JY3?M+_NYb%TVX@gUEp`8t3gE2yc)F>{_PpzY%D2{3`!EmimmnSJv@0zIQU3Ue4u@%7*pAd z-J$Wd)sZtM%?`zl&t7)c^Dj~+c8ZZ5qmX4s6Cb*jcic1BC>m3${T4fCOsaN}4LpZ= z)_chM#YOuQ;t&3e0^v0iZ9R>t0}9o!Zf#=fFMJDw+==eTKyCEqA( zef*2}diKL+7tg`U=^g95wXS_=vTtbX<9qKZ%p(~kTJKQI59Pnf-L|#t#E*D1+2GN_ zPmiE~G#zPu{4clcTe0!G{fZ5K;uGJq_KiCSmj(`YLQQ4_ht>yr^DwGs_iOztv{uDm z{&B|tmyb8vh##afy5McbU^CqOF5bVxMyO^jIkFuY5b9V54c9$!Qt~#|cpLnnW7Wb_ zlK%znv%W!W6zMEaJb$b?e{@9}{gy$_G%N0r7^<19an2w=L&Rfjx@{tB@dyTC{GxA5Bxe(EdF^Um_qG&8@F$1e>p3BT3I zkc1PT@DTkOYi2{?`q;J6I9?g``{j7DD}|Hwf81o_*@AEePy zAAm;leKfi&K%=jFG+OWDH9tR0W2{h2o;0CrTCr(YLAO@sjEMi6(TIGgqF*&IhsM54 z*{0}%60kFpMR6S72nT%~oQqrLc5 z$~1A3KK?DGZEW9{kHGqKM|kZbKY_-I-yNiV?hLG-F=JJ54-=Pd+ekJRcHI*hWc*j5 zX&jn#A=ewA6?PSu^Mt#O*qf8Kz5~+4`L1*ZSMU9m)_(S$E#B9I_bmE`@NN*^pFYOK zKnDBl^JCDvUZ0;G%=5>O7tQli@)V=f3x9C?xTRBYecf@`H2(M&OCQmu8+x=drc?|> zE92obV-r2kLWfAMw-O&Q3;IUDzorZtdHk)h&doo!GTn=Hh!xVPm2ux{%CqGx(zuCo znvggCaz2ah_0zVMu~r&ct9bD$^2Y+S4?bHuRzSxpkLN2qKy={pz+99hjkjY^aZ|0;H{PkhbDVid)<3_Jey%$F$W*a z;?Nnj8cST^B)<8apX~f6KCPn5HC zhjwsi2Zsm1fprth?79iT&$shNqGL;Ho~ic) z$`}{V$|g=z=4AYBiPPQjw|MTl3TzbViqS2YMr1#TX8`KgL^wxCCF}x#-ekd0vMuT?5bkjCEA&(4`NeOCN+6 z$MWqNbmwNiDaNJ`KB(rM^l1Y;*@bUQ?QQdE4z>F-C);-k>u#{0pJhz39UU_ybj#!0 z7*q5!rWhBx!;C4mU*_soodF>~oBVi!Z`{YQyMbA-3vS`D9r-Lj@HS+o=K8s-cbBRH1@dsb=Yl18}d_jdS2^9sGBe}MF3jzI6y4}Jq&=^9{1M=O@k z@G4KJeis6)D590}Sitwv$)xx5z1Bkb`Tk{|^E~a@iO@!C!PQQu?_qAAe%J!sS9!Q;t;ubk ztv3$-+Qu4L)^OB41b>=m__GflWPQgnyT0RD_;VZZj3<40Xn3+LvLz(1ET69E z5uZjowo!-Zs62i3@DlP)u_FiM(~{Hnh0f7Y6ko=AB|FMiFkz3@P;PrLZ% z`@H+ixMG>-_j|0W`D4k8tISv<|1S2iJHV4A?*!@}TRUV2)*(=2*nHR*r_*2gLRp+VHVP`b(U)e~Pwm zL^d%N??hHjjPcEh4Ks9*oHc2A*4X7^w7FkzONI^s=E3ZbA;#a8k7o-Ln;)THijQO~ zY($1=e}S%1%nboYi?@cpoB0U!wcYU6VzZ7uvZI$+9Px|Z-*48^N6cFK#ok(aeP4sj z5HG5)E~bnybt%3ggx!#)e~044yf6k59WH+bTATG8?wV-XGQ>LbEz%K}Zo*c?AK3YM z(s4KIrZxU;p#R7CZs-tkb&ZejwpOJplaIynZ7dpXRQyTV!2NfgH~#W`dlsb+?J9rC z|4aI8LS8%2<`3ZNZ{HwZUk~7QmxtG2@qYh*!*BKh@M{dGDzd2>Sa=QW3^zbJ&A}xRoc2u4kW*mCUC)=(JMW;~Bom9_&L;OE%gx z%G-@T)L69#`QL{gxOyV;Juxx)8nJlDfEl-;3)^Gt9ZEjgZ?Xey{XIW+>ZD5*N44s7 z$-?ra=F_^?hLZn?FGqf()rX>ce;luCK9ram9B=ruPo)vOUkh2_xDFrnyYIsLKoQ@ zCD3J^=t6&1oT2)=$%D++{O48B;Th;a42huw_E-TOjE@!kyDvb#LIc@UeFbzVF?2Z6 zqXYg+Lx(sz)8^?Wk79^qC(J?~SQ?6cCFIL&aG*PBkZrw=Zi) z)?pLXJ*~M{&Vy3A5~pYVI^vKuUeCRQc6uke{RF!8I?e>MU&~KuL+o`X$L`JigtD;# zRs&-Tv}uB$ut)LbOi~^A9-=1Jh_>^_p>7PV+DQ6AGF7&Emuz_JTlRcWIsHKzSLPM* zQ6b}Q|DQtLRgb;mcz?#8_WUu^j#Zz?#}{?Up1uM)T@F35P34nu%>2qZ$@dmvL($I6 z$Cy1Qs?kwTp`*H6&>>eFyV2}NARAiaxGv66vUz`azw#2x>gDaeJf2-(`dw*i4*hNk zbUGJ0J;V2B=y&25^}DO#uWfwmg*Oxvp?+u6^!Jy-o9J5lU4K)!PO%N!umR`7bLERB zCi|Uo!*dTo=XGA+6Tiu(*+!mT@@V|ieFYb`QV%w15B5@yf4W1-uducszoGQ_B&QUVY0!re$iv$vg26 zX@8Ascvxc>!7z*OReTpr&lC5Vfxj~FR|b4D;A{KDSoJ4lreK!6Qw1C$aI<|x{cAQj zNAMv^Z-lAid*Hfpf^Tib5Jb!~SWP>Wb_+M~u`k8B6ts#G-w@1@cvh^fGp-aT+THoS?jSS7b zLx$>I#FL>d$WX~U77n|ylWnd{GxE**9kkEogO@FLk@lh}gRVp4W^T;--=8fKPkT+k zUuEWhu;)Zu6Ssg}r+vPnjI|`IrK?)e|1so{nHvDcN5Oa1zB04!!Ec-8$3Ctf(ZVYj z$M|6UebApVw$PuEX~7P-8r&^n>;I9FvMnSd%aM`gdtZA_ z<2}WYsm*Mf{{FI5FLFU;SwBPnCCJORa9tl`zU}q#>@^det;ZoRD?>w!ynGJ4pYi0S z>=ca!1(RUgPToH9O6RIibYVkTelj|XJ~7_wQz7h<{{He*W*%*GJ^L}SW<)lU?4Gs9 zxH8o69ejf>EVN_jEBlq9eBYl8J)Qn5AA>F5=n7<@wPV&n!*!m0S767WXL`{y$QbOH z(v+o@_G;^`H8OPT0qq&=jb7-~1D!IW6MbAdvK!ocucjOy&AOo1@7PCPGALAn46Sk7 zJOU5;W$1ADu30hl=z*hv&6d|qdGc9GmP&@&woth*(hkM?w#q1w4?N#aoQc}X_!PbN z`d4(FZLe#6bxPOwP^a{PMk*Vm=0-EuBCi#ld{f5ElUKuEZ z=i?|tb26HHQXkQNg8n}9NwoobH8YOB24C6s5N}@vP1EQ<*|J^Z-~)7zl~a<>miN(} zW*ZHCd>UCwHPhM{> zVvizYt-Q|ss<^!VNfCKH&CJ*5{T1p*+V3)o94w)KtV2fQ!^Njix?>fx{Q>somVK%; z@+(-rxR5r@puhY)(P-QC6qhF?GsEHuo}X5{1$fJMpP>9j=;khTzvyf5jktaWzbzj8 zCK{PGl}!MxDxaoI*%tgR2ETO7oPGUIeBk=PPjlC@x4Nxg&V$qHA{$SV2(-ZizOjLZ z2zI>u{QDR$`{k*0QYktqI9|4C1{p7JJJZ27_Qvc*|`gaSPSpAIr!KCpf%GG5Np!5uG8 z@#w%f%+P`UksB}fT!Q>Y$7#N)Kz^?cCF|saWh^TicGCxXE+8#B(dOwP&l11PCy&Ox z^N@L>LjyYAjDO*O$)E?2qaS)~joecm)tm=z#_h<>Dq~xe8hv%DWF#?X;1C@rYbZkL-(}@66Bh2O|smX}kW-p*o-M?0~W$vj96(d`Uj7Wq8{2 zi&=id-&R)&kH~)Ajy(J=KCyD+6DytfI=(LXDC{@4f0vpyP34|HOli_zbFz0bH`Gl# zuaxcjHDv4p`UUoqt;gbuzt6y|{x6?T1Up@0hmAfTS$Ck%Tf8-1ldnwccJVXJxRSPO z@$7H(vx!6O1=ntHl?{pwGf8t%UGz`I$%u9t`k~hQ^nPjIiZ0-6LYFZPHFlGk3uf#h zTjyBfi`UR6?Hq$_8{t*So}RLc^gG= zVMc*GwrxJM;IwP55@8m(`mOKzsRbgZ4ohx*8v>*Czz4O(Q-~ z|B?SKyti!9d%$;YL^@wF`O%J5%rC_El+~Jk)aI?*E(4#TvP$QHJ42j_wUe(^8^bSy zwecgw^$uub(&yTk-?okKB*sK-?8-;iuJQkttQ3wnc{tkmX}jM3IM$x{*V_xPnlguN zS)#_DZvCI|&sMu{w)#XA`#@tc^@$$rI`M+?bOT!t{ozVtLf2vQs}Id0J^YrVlh*D_ zH;I0dgUYM6gJ&2=$afw!>oMQM?n5tcm0yE&o$c^?&-L(%$LspN7+#m(W(st8i$2ud z9S-uLTPA!jfAW7az7g*j8Z~*m!234%Geh6RK7K+mU2)*jSdQ^Swu|S4BGc zwOU#KmPV!;xB@!ocbfYvi)ZbATvi_r3B-Si7L3cbR^cz8%sTlOTpK(7_*uwz_V{LA zBQ#I@cuT(9Z?1d~8Trm$-)6o;Y1)uq2A(!oZ;z#I{Lhy6pYY(b`=d~9=TDr(rS;CJ zFK%Mals10c&>pzx&t|L@ghz7-gTVnG8-J2JZ)NvMv-i9`KJ94rwZip0$c;|nY2}yv z+mf|C_d9i6E3lj3!EVk~1>Tphaz@>S&g^_G>fG2&pOPP3v5A_0jXck|8b0b;!Q2IB z$oAaNzJ|1UUu~k(#9y9*kKhoe_G;%F%ZU+rTrnf8E}YJ^~6bo z=s6GXQV;L#@N5w8QV(x^n@W1sp|<~t=qx#*HFne|dRUm$#pfvabnY*Q;Bha@2?Q;X!}f4 zqO&1XF-fpG@LPuV63_kmg~Bm}WK0cwu{PpNs4r&^C~#Gtnwaxa3w&bqDSU#Dy6$J- zDR~p|eL0>T74IO zReQgzK5zx}m}BS>o+q585A3%Ew0~A^lE=@Y7r7Hg!%HK)3{y1svooLS(44z*RjHj~WYk2<&jkEO(uiqPjPMfG#Iz)Dm zku%tM*aYqw2+#?+XJR?S=qK5fzaVzx|6}f5z@w_p{r^3g$qf)ts93Ru5U3)GcOa#0 zCJ88lR;#hLrEP$qU}%Fh{eb>9zlHIZJJN2IY=M?e@r=yo%dG{W> zv~uJ4hduPF8x)MF2GA?7nPz@R%-jh`rvk0hryjob!b*vL^U11@2NyxlZ_mA9(_87(Wo%saH&h+`i8kXbt?)bHepI z#2&xkxE4Pa*&P}uEB<)9dxL`~>w(7M*J|ef#p9=(taMTE%b#zc?Nsn>1Xk&r>`)W5 zdRqOE;6+XwfU6O>RSWh2G9~&JFz>vWXKots%ss_-1}Z8~@|Vv7*Ym*DA}?zA;=mc0 zW!DQ-;Zt6NU1SX`6O%r7lCQi4I*+Znaqsr|*L2np2kx6cwlk6DUC>LC2Ka6a%w;fj&rB{PJa;P<^T>VV!4>dOYBji9bG8rC? z0^fXilnsAWlU|1pIOim*yjH%Do7;BuS3Y4+{ow)42Tw2*3nm6^kEi#SkU9k8(-QQ9a5h*$LZ4=u;KDm-9F2G z#5-|rWBTHJj*(k zxH2vL?$5i{nCDA*9{t})yWZM!>Vmc|;aljb$-kKTPRigbryME&|M?Syfkx%7gdh5RyAS3p->{w8G zc0AuXoc^oT%r}Yc=L;|C?@ywxS9t;BgYOYv){=jaty4@qo%k`p+8q_>Cw$!M%Es07 z4QrX-{w_Ey#a<{ErP^-UtCQfV`)#eYp?orR!YeK0Mt!69jMQ^#s|s6Zw-spH56{NX zmd4D8Gq$S6oH%3KeA?PXTk?_aGi_yrTWL%3>x*kEGrWm!Zvy@%-V==2xrp|%RX^qS zTklZs5Q8r*to76VwCUqr)=`WgzbiM^oP^$x7vVU|`a)JY%8Dj`;M9HOw{GRyl0}R5Hd0rp8jm#QxJe&3u?F%kD<_mSc4{lA)qtG1N8~tmhmGudV&o68bHvEcQ}5d5iIL4YvQbEk{Jdfx-D^3RKEVfHM)Tc! zt-uP_X+Jd${>Yce$Nq^APs4|2=Fjb%Dp_}UpfTpfeCsO9dQ7=S$PMx zj)u;4(NOx}rQy?B+XlJpX}^ZCW^QtPe$C87K1Vu6JtlfNa)RnaGD8!ur#~egsrBDX z{O$+>KFgGH@~0jE`x232+x| zUj={Vwv{u>2LEjE$5-3x))or?k>D@<^1xp*H_E~P>L}j6aIubQFIZ}Y?gL+wJHZDL z&g;O@=u3eew|I{eZP8SR=dLZf&7(i9^u6AARy>ycHQ>`P0pBugv7Z>C9v@z`-9x*h z$a8yjwVV98{&PA!MsLSB?I&AL-JXvTi>HReLqD{bOS^N)S!zv+4B+Y3h7$)hz{dvY zFW+G?bjspA^+B>X?*r=`)tm6lEO4lWC+Zs&6E1?DBdK9jEo~4yr9YQ&%^sId&?l!Y zgR^ri8Vk2K$%RUvdYW%CHlcs5Vea~`-FVxflfLs$zN5Vq+z!I+9~9ep$J-5kf>wxl zZmU~Ua4&XD`JStsT7C6#=A0al>h!N7CQu)@(dwL_T%2nw2I1oyoLqb1;Iz%bNj{4U zkJ|Oo?kMtEx2AMXEWoC^Fu3_Q<(slS`6kKrWKW(c+mmOy4O^-{H$LC*wie5OjWzhk z`bWW$0vtx4u;azparDWI!A?mSgPlU#8iSqU;6E4qH76P8GniO zFR~rE0qd-F^n;Tb|G<9y6#Fr52j}EEw_2mm2xSFI_l$hn)>p%?OJlSm=aD0R(SNS; z^2?le$%|ar$xCW|a94iDn)z-q_yvzkyScy;Am&tG-Uu%$ z;GcKSjC^7Do;_|8F!@5w`;af8`7*nRF-4Q#Mr?fDZwKJfReXOVxHc}E^YBuu@yT8I zfs##g4z4<1>hK0SUbYW92C+x7$ z`4QhvLMQRp@6c$Qhd!+d{ul3?ajhc8wPwLn>5A4YFJQbUnY`QiW;?&?_zt(bc~x(| z`6_TwK2g5BzPX+{SFaq$@dA2@7gLQc+4Gm8yx`tU@YlSi*}yl|!;7WZI`#F$>+Jb* zczOQ;AJ{Rb*RCJRCw6V%16peY8+gCRUbymS#|H`a9og{GQZkYX&#(5#h&gv;lD^T<{oZu0Fxo4Xwv`SoGOtJlTt@$uA)9f+j(ytf$ADypt zr1t+#@K3ZS(vutqMz8&M;pxR5N9W2Ou07u9`Z5WA!!QR9uRXTyS-d<+=Cg^7;CqxN zOOPpQayn)IWitZAdrm!$iTBEgul%W<6QSL?iZg$NF2U~w+v#sg7|T5k*}^uSD}QJ$ zaxfdar1)BPrUqG(&+6qbb0Uqb$^MLyTp>eqi4){|jPB|>&-<+9%n4s_)|wg_df`}f zFX7rViPuJs3{`PWxVrwGc=eLTXwg0Sc26YHzeN87+q3F{gmDU2kDqeBrF@UeZ-Tiv z|4{vhU{EdIC}?;qV{@a>AMC#2zwFpE(B8Y>xN?!PxGH|XaoxLDz5qU)PqZbDcz_x{ z`D(=Pky8#8_lZK$P+;`4&>cVqowjrLfwz7`7n>|^B( z%$z>u71raUQ@gQJwHqVhyJRSZ^L)+~lPsc+#H%}MZvpgca(Lj<@0tYvLGq;B)F}SP za9o9Ktp_F(lMutmF3Cp;euFrLzFD;~v#^&9!~u)>t;5cJ{$l1za8L0?7W2s!Bjod2 zMEqV0J>5P=wDiL0m7AbPZvNLpp9_<~I~q6zuVPy1!s2f5riN=SWz9_oCdFKeljicP z@r@nmRu(l;bNF{*3_wrygMESZa~@c=28G36Z}b(sf>kgJ-W^HceH3^t&7Xyag0m5L z-TZYPx<40KH}S80w&0&tN{*ZVy7ZeK-geQU*9>Z5JlWMtFMVx&jLDzYKibImdg9Y7 zp6?`E|ESf(>#_OVrM}L`sq3hIme}dTA-+&aiM2)J#j{u&VmdTepT77@)DN9-dT1i& z>v*oK#J{C$r@wPH&uH$2_Zbr}AxDa94UCKv$YNT@9&_b?IqPS8NomsYA*b@6~!TeB9O-kl%YQw=|o^h4ATrh5CK z-T9oWjn`bFh5 z$GO`3Z`y;d=6 z{jZCVL-MIBm5(OByA3$bOK1P4s`)2(N=Mb!uYi9r$1V=ucFg=S{Ix%_rf>t_rjMdO zX0KAGUH98Az1(lObZ8nEj5O1aWZ(~J-u)jsy9#%}hhol4IG;{U_l5I|C*{6tEu78q zPVS9I4yEhj+f4ZO8;5VMe!p;>^gG5c*>W@1$T)0Qm6c;`H*;0=4degTj8_f9?f9#$B)P-d$@mSK_8MVcpSc0QtpU5q7~IN@!7szt24eO=x$hy|U^)@7~jQy!Z3rYY}bsBWB2E&(xB4 zY`(JRX|?(i^rc$Qsso+I*zgK!vA{I?eh%|_zChs{Hn3-ym?ilKQE`svVJ;e@REC!+pT4-`Uc)h z_Kv~3z{(M1a= z?m}O18*>6eW8b}HRk4*>-oW_uJaP}>Nv@UNR?U2YT>R2{e7BP=fAuu}Tm2c;*Bo5F zq94z95sz-+nauguJehlzwXh8Tv(29wF7c(eT?jw=(av+|baUy1kmjXl^538T7sp$> z?^u6KNU>@9S=P(!ZBd=^QOW9z)LT|%`1+NP-M0l^^89W_y72D*P4@gwzinKfbk2>ZP=enjS%{+u@ueYt((XAFn-m` z12W2QXKqf$jwV>MNWkKY`on+YS3Gxh%^e%ARUNFOZ>piYind*QkD)~0V)+f#mMQP$ zexr+hFK(U=UdZ`~fc3{&$b%Q|oybKoa`6nZuw>ma_WGgDn1$A|%o87Ehghf0D*dvl z3q0#b#M{^j;qA(^!OMBiZCg6?um|?N9-T?S2K%tJ8o!fn`Z!Nf{~o-1Pr-GYJ7#70 zDs(+gzx;#Dd^*(-zvDml<==mhyJc;P75XUKdig*-V{Mg#{`2LEn|cVL_37+w5jdAVl6RLJoVGeJ$vzHzgEe0n44fe5r z5x>CXKiAskUn!WByI5rA6)cA)Ca>`m=I8w+nB&4}>ymBTC3B+L@s7Oh_Q;xKNI8^L z=&*L3ubnkD3h`YYT{^%Dr3I~=Ci>U3DOQen;jLLrM%%P$R%rA5*^{2L<5>234YaWj zTcO4;e8KK?^vbWPr%I$}Ab8^xY*t_CNIodXf2oyIK#b!rgl4?&Kh3()KbY&YI3LRI zTz*gBcRs%-@%ux5p`CA}@)5Tfnx5;@^inIdm~Zt)(;bZa$^InUZ+$uIpeD|*fz~$fnGtPwJH> z1$KO(cJzJ5>xpBJ3w_c3Rz@%GO;qh7KKzfdA=pZTOG5jjP6%#Gq5Tx(ItxD7bqk9g z-b1~dfkSifu&FL=-tW(v1a8*2P_w>|KkU*9ymH7{<)j46?~VN4I0`wSCO>Bsa*#5V zU*sU=1b&f&l#{HS6xxoqk1RYKZJ#wbiA9pNZ^t7kZPJ?(^k)wA8J$7x^8Ct4;%9(- zHL$P_ZAw`8Gq9D?`7E9h4^@kC-!I5vj4=I4q>TRBt!*eK<_f|ezj@yZpH0n<&6iA5 z8<7kit(lW@OzEDtRo}z0kK-1O-M&+HV5lRr-*oJN@y`nE`PlZDKy1I`1LR-oFOQ$Y z*j3VROBvs-Cr@9?{kli2(2xx4uG!SGLjP?$$YYDwHQf6u`SCdx>)OLV*$?@7^7mBN zRzH(tt`8l6f9d)b(4l^&;zf<4DnF(Ab>*n2VSISUdA3Q}~Xn7otsE z|2@)`OM8x`ozF@!bE)*KEmN_%xT4cv82glNCyp-}dX?G!tnG8h>XQ#Zi~6@&Z_G3I zSnIDCdNFUVmiu*;#ITvbN*#q8m$`5oIPlNZ&(!ej8`1F`=bB^7D;?PW4<5Sx(Q-3i zAhtevZ2_?${-x%MXfCYg)we)*151I$&~3_=Te0=Ej2B2gRNK?F*2*F!Gp3zAiNRu2_CtweG*C{-Z1txaC_DJ7}#O&8t#B z)sXFD4vL?>luGxUe5`fXEaq`5FO;7~4C?sI%7s7k1AG{+GgjEPg`7jpWZ*mpTTc6K z-I~7T#)UP+8$ldj-haEOG?3#3agFTmxV0Co>i?f7YaXv7z$$WkYpe*9C*d zPVU22i;l9H7u=ZWv)cNWR6mJ_Z2vn}+oXJ+;fHgtFYlQ;JnWnIJvYwQ`@f>r>t_CK z7_IQnId<*1JKt@+)&WWnnla17e3w1m7|VBwKWD+OY<&G@?Li06SVL=D{W;`~3S#vA z^I+>PYDXT^Iua#=t@e>lU%vyNAPc|!>G9-_xA(XE`7&FdYc8?t1EO;3TsJWRxJ2dE zx$e?kv8}=1{Z2Z3C-#t>{=kD+=jTq-VqJqdjF_;GB0L#gJ_kZ&d@ zsky-Cl`<}&b+CX5ZfFtvB9K!n zoXWk8+fNML%e_kCsbh8T4$r;P*u8$-laG5Gdu-ebO_!ikk`ehrvQv^F$&zxkvJtj@ zaP$oQ5Pp>oeWUAV>^#=Q|I690`<rx_h%Tgk>Whs&R@|1|? zdV9|MT0c$w0lBb%Xw4jp27D6r8~6pG2H-NeYG6_BwQgB{q`oXa(omjHJj%Qj(FxtU z1NjuJwMF^Bm2bvE3{7?pG5kK#duH8$s4vN01oS(q&#s@D5@}Tb1MUY3QbJ7y$2tC7 znpsPx>++OH*Okzddv%q^g*x#&gY<#*SLR2G*^fc-xcaiw(X-ha2c_THNUlh}j%3+NAd8L6-&mUz-xSb^C4i)Xw8sp4a#cdQqsnf4S=K zxTdyL&!BHK(XVNYp$S^49geG;{b|+94lY}fZl#xR;JgJ`Qd6yv#!|#r^@)=Gb3A;< z4|!Db@xgWZ(Y$^Q-*)NmrM)XZ$(|Rl^p5xW5gvUCqB9oyr2Lk~7LJ48+Mh)Fl+V3< z^eK;fLGCFJJHpW?a}RxT?;%@5bD58}9$ixZB>AgBev`qJ42P|$(6R^olKG(0zn!W{ zb^2Y|H`nL<0(6bqU-;iszJCxhZRq0IPkr-Oe6uh4ejj$(_CGB1=eE~s?0u|1tVd3o z{l1X;`IFJV=HO{&d`CHB`4`eL?G>$cp3eAh@Ij7<2Og6xkW6T-%H&J2Rn4zPj-FMG_i$>o@G!DVCod@dsb~t~mwrY3Q^Jj*RV=khB5gM3yD&2;w(19y)eHgobHI~nl&mj9p zU9cHPWqf>P@%FT+{a1cV{X)!V^M}VwW1knNb|?2-_S!*~YmLoBM#-6~rby2lxOO^y zCpv8AqCivAhShr;1H5gpw`5!!8NR-?Q5xTdbk2*%+ZTMiW*zm&QNPWBRd!lFM6$Ja zqWp*VA8O3fqaT|+{r?DjO1@n6bl)TpTn;EjoZ^)m*SD@2!g{#OYxmxZvs>_EO#(lX)uY<;SK{UWNa5+v zx~{#!bKN1}X)pWt@+)n$-TtO{$0LW4bNQx{)$Z$huiTeww?Z= z(OmPBd$Z?|+2fB+e#XhSxw#v+zc6^ZYnWkcqj)0E4a6Jj6W(Pmtk*8M{ifn(R2>}S3MR+0!0pRp`Oie&xp?2!3*NgN9vXZLY<#yEpCn#>8%oHj-D%5lYgCRi zqjKDGoi9|4T$Z_fE3n~eyeTiIsU$Dw*^#N`O?L*hc1uKg#AjW;InVXPx5T{RWxe3y z%^N10kJi4^#_t-#&tqfqS%$2GTgzJT+v^Lp4sq9^bnq)VW=jj#S9|f>>Cm0nqxKy5 z2tQe4Ez*Fl*S`)w_c{Dr>+thV4?o|w`MFH|BnFT_Z*penaKm*DU)}E~(Mj<&kuC%J zNEfY#7S-1>n;w}-tl11)Ny zh1Nl;;ki?p2cmpT1O1@J1Zu!l<2`1)7<{#!f$UTZadQK?WbG^0~q; zNc^A7MtSqeiS|nQShX^(Ej4uC)d5 zd#EUC3i~7l7*w_?yrd8GX~CCO{@6P|>;*%gSbU;W`5hGrzFA{PaX0;q({iGu_lFF|Qr^7+FKEBvXJ93hdV_lE z4eFtr>J93tH_&lC^#=9Ou%3E@nw9h!&{2KHkEyAwpGjW*C(I?J*1(lF$)zig$}foC zTJJ+VYeN@ZnT@A^KgXAK>EEBdp+)~p_|PxB#^u3b$ftPle~M#0afj<)cy(8@S?S?{ z8y{R_C7M-Dc>z z8QIkFW@K|Sblr?>@?7XXWYe{G^kw+?srX^8k7d)vwP6!o|GvP!-jhs<2EXft2G4@G zi|_Iz`SYIel}&yQe4D{nxQ_x~?K`4cwR+^LE*E=+J}X}!`Kol}s}lLD1b4|-CGw@? zO602&I#eQG>yWSYj(ojB4WVQuDqrxamONG+c`DIK>%oZDvhVfSIpr~8bW4xZ=SE~{ zKkH!`+jj^(7R@f{g=RgiH)8vyF?%L@G@)Gdj zp6DYk>c@o7@LuqdZC2h#Rc-_2gryN!VKaqCG!6o7@IAbQQU_-OgChO6_ZG z_c3-p<9T;ZxSQWdM>hH+BZF+%-eDamuZ}7YDm&=@x$>!TJa7Gs^09T+kb6ak9m7y`yTW5yL-voqwC%C_M^XR^7gy?l($c&ukh!Q1R5msCo&EG zv3Ro0!-pAVCK2DAM*-jPzlrac4}ovuc$DF7(BO)HqL|#4>obp%T>lt+?}fj8 zl52mGeh40aq_uTC{cl`DV8vyjikZ;MTbt%q&%oW3q60e`PP^onn=JHF$O0=_@`H}U<5b$@!&|5oE)$MVaDuchFL zY}@1Aw!ORPiKKnmC(74z`if_Q4i$Alq7k_4JGJod4 zw~gIL{+&7m>~N2D2s@M5eMjHjT#{&XlZQs$@liJpdnAeew1vYYb zvvo$O1)6Csx+Nm_mbcl zA<;QT7ki$~&!LNvCv57cDNo-`lqYOn^{v#F-sXmLC zakpii8J!;>+~*z*{Rh`R>Ay$5Wf#wL@Jm+D_=3s*#r#3#>gpC)+b-(pT2t)gE>nrQ zRI4ak>5k{sQ+ID_vx$#u@F5LNg3yH6xM4w%vB-ewUw@7qZ0H^%exm*A_ma@19yw5~ z9v34PIC_tNt2#H6KX9(uIa(|HCu-chHILM%n>ez8cqr;)5J&d3{$_H21G>=9dh7kp zJPLFfmV_=zV`q=QA$i&2;F?TclH#|$JAR#ye)@dhcV!>-ApyUIz2KMBzFB8=2Z&pNwX|9iqwz_06@hp&I$oa~)0j{ULK zgMyLglKJP| z3q81c`MJf^YsTVJ`cdXho^96QP>ia2my6-0H`lH21^HgG^`tVB`{(2!pqb;JyE-s2 zxr}_GH2Zm9Y3A`+T$-hOX!g8EHk7k>^EXNKed`kIoNn?_cogJga$j*xA|Edjcf0U(a(B<7LjGc(nngr*mgUvYijZ006t%^Uf>HRJ_sU4^FP1RBbM*ll87{NHU4JH7$F zae{BKvX>mn%3g9PE0g6=)v+X`9+e>5YHRE90!j4|L`k0wyd{_CD*~~FE`6xRNwY7QsIi}CD$5=HF z(;a(A4{vel*F6XIiPG9bXb%JUQoo692jS>&-p==}75go!cXQW*;T` zq<@0+xvP)#c_Fd?LSEwJ2i+s*fDd5PCnh(6@auo8{~-|XJkh)=Fv+}S-B zu+`drZgl+u$-e-DP^6}zx?72sY9;u%YJy!RD z9?MPtAInEG?zXi#ID!42QmL(0jdl0hggloH`0!qTJDd5OJ^9;XxYv`vZSFBH@6M}s z=T7gu?Bg{{nC}_&x6$7o#~KQfj4^q}EKUEPgdPpZS|c{P$9moF`4Hp(%MX&BQ=VD* zt=~S>-JXmB=brK*qq)~pKE&KhQm0S?J<6cRk>o=LdvN#0yJHjhudxMFgGWE9u;1Fw zTwCaF>hPdbS`xeYN#i-SuXrZoIsMB25@UPqfVck~n=pQ_dGgFdd~BB1C1Cts^AYM9 zlTpo*#-R-jSj)GWG5mUJ?^Tc5NZexk!Rg`e90k7n`bv+Tz3YHmH~Py2`na`A(gW3v zde?)=H2Z1C)`O{?0d4N5X568ZJD>D-ZQc9iEuL7uOtHLTe`s1W*`aH2VyJF1_0#tU zw`tu=vvvzKc4JgOv^D(?y!bTj%og?zh_f^B*u?elxqf0oTGi(yHOt4AUJ(#@z{-o{nw-f1i zxcxUe+d_=()!FSm(u~#WYZgv;|B6$wmq8^wds1k^?^^HPP^GZ zB9Tt2^Apbwcg*;7>g~Ge7WBN*Lr?jC4|!zB&6o8=&maCf^bE$+^Vdg#o{K&~dj5mD zq-6B;_ko_aKE~Gfd3-bTJ5;;I+V-!g!4-i&M!$g|9Zmt#R=yZ zC7jPlIG>(yeqqA-w1o2u63)+0IG>tuUOPS>-^~fM;r=BF_rIQSeoVsivlH%TB-~F=I8RGBPfa)vB%HhU^o1nr-|S}nwC$#rDHyqh zT&6wlVe8x3tTXM}8tLAC;tBQp+DG)*lwjnYN-MNB<=8eK`^3DHZH0!WSdlll=eB3( zXJg~HT3>%9^Jd+3HQaWWxa~S)e?vX(dUI`maoVqS#>ADMHE`71aO8aygF}0ky9U99 z=TP|nw+ly^jep05@%V=i6aPcC_i#dcuOzhhtHW$>Y{GbX9rOOCp562QOF#F}Gue2# zy*^8fe}3jAjpkqbPUX>-S&IjM#UHdnqxsKgy$jnv2!v0j-C53hHRLIVYF^lE<~C`4 ztXcfd;X7aK1-45(uqE5Sz|2odi1)MkW{P0s`&vJ{2smf6-T~`PN4~`WKF(QxqtL%D znDZt6*<0r?#a3`n0sF7826g01{Og$=9^C9Xpn>q)XW9Fb8Ti4~;KT0*U+JEIaW4fN zHBM;s$B|=qJWRSX+=EZD^(chTa>Kt^|7`RH{VYX4z5U=t333u}zWt`F55GS72`BduC z%RWro^i$>uFYrOv=Q4sf4o_Qpna&rp#?f=EHQlw{T4T{LLN1({^>tOmFJYykqnJNc;WZSl%CMzpwT8E9cqoXYiW{hk1`Ruhs7MQ+V$L z`@Q>lFZ(L{z1!z{-aCJ@fq%W=^}s(;@3J1eaG&vBS7F&4``wn==G_~FyYQU-Zdc(h z*7n}_Pivu%I(=IT(-xv$e(s-Y>?ZREpSPQ9*E$sTcweXrTJY(QYYwO?M zRd|7EGrjGFE7aaR(_Y?zu0nmUwNQM&YEsqn*248~brqf|SZO>Y**Z#Dpn4-~`uW-Oci#Z3y_9>xW#bax%Ntp9ylSqsFtfF*@cRxP>sz{_aL?el z@!( zZ($bKuW;VmQ3LKCz1^8><9-Ui(wCY2`=+<+q<0>@-T4*gJN)vUPQKHt-quKmJbLT@ zvi<)2obGUV^>&ut^XP5aMEkv#37+?Q(A(`N^RA<}<$p(B&$Zv3#;=iAaF^b$e>JAJ zc^rRPv|HqB&+_PB8$5RPFY|1@kN%=NBWc6cxds0l)446^u+h0izJ=@m$JRO4@`&o3 zk8597JKNE#z3|A@bB^71UO=v;=ldQ-9{1SK8yz^wdb!Eyz*3_FX6-8W&hYw@=DE?` zpBu$~;@zGb+Wol={v^+x(EYhO_7Ls%J#@4id_#h9&&dW=o`rrtW4-(wI&1VLQ~L}_ zw{JIib)8_fk2=#TeDQ?&TALsGjzRD4rG3U{ zs-Hc0Ta-R?vf}Y^>AiryEK2Wj4!!>en~0tX#(MfILreCaNW|&Zy!daLwzb|VZR?wH z?T?Iq7Q5S?#d^zA2ix{taAYG(MYMVQmjnm8N&h)~*QTHDQ{MtS29Ckq;g~Zj{@cC5 zQI`NmZ_jQ>h99yg{2D#99hLA+@h3mwnrR35(YvW1#rU!z;W@qgbiy@*cQTn`ZxXNU zRqdwFgigKTRF@2=9(Xn?KmPlYhwS5fmWK@q&l|Xt=<29sx|Kv%6;F8aGv7<1t99u& zcYiL4uFgr;ZW6lYCp>q7vD@r5hKy>@vC2&R4e1-d8S}4>%BlKnVi2P@+Uvsb0eIu( zB`usNucB))xod-85v&|T?zHo9ZJpG4R5yFCxzfW4>hKb^og`N)3$wReM;{)$cB zP|Xs4*Iwth)%>Q0|7L#E!+&+o>z(_xjNR05?2d`q_tU~V&3&zDnHv6k^nPmiSo0n)Z}VK=<+=Wd=lXWf^#{!L)bLa0H!ZwA`dmi%@#u3I;mYXs)bQ5m_0;h1 zqu0~J;pp}B@S5oL)bPF0>#5<8=lXwou9utZso}fLZ(6v-`TezX{U-C99=_4}t!0f{ z&EFIc?l8Y;;h*xm%kirpK<<#mNh5se3udwBl4Rr!u3d)9zj-jdNheyk_|Fq`;TI->oZpJg4D zjjSQRiTHmbxd3AFRqohdJ-9c(FRu<+#PHhlPJ3#n@y=Rwe*yH?x<*>teyZVTYTJv% z(yhcp&761f%n#7t`NS}{;*-6=?|#C%4oqv$t(%p~!)5k59fw2*`Jwg=!b3*|$D%(gms+RQjQF_~Etpn>OH+$BG6f1_*7 zSmDnYx!J1%{LLEhjFGDzLG3GFxtX>b3R#;LxL6<2=xPz`R^JM)O`h+2zx_|Xt#6v| zIp3;bY+qxG0pw+em4VFIdlR&(&TK}|UZ;z3L|fLKwREAYXg*EPILA{DAxA&zL5{8k zm&E+4U4Ib2zr_yLuJ^N7TFIlsfmnpYvtbyRBYwuw?ZTE4Yf? z@5&`Bl6~p4z4wAObP2Q-o!7GF{(f{Wb^hE*o3>jo@4{E#H`-cw3fC%-lM3Xd0y(L; zySAfka{1l zE=zw0dFXzhht{IG^4aYL_Ik{j?4|ngpkdMVPHQebTBescDGs#>R0e zIgPp6=VC;g?DRbTcWqsEPtzGGIUDc2?X^t@^Y*4ca@U?^uWaf#xuv=zeSCYzu0_vP zJb&=Jdo$Vh^g{MMP5pIdh4$sxb?|$8n~RW(B^-V~PRl855SCG-s!neS4eW zVGYOH!&vuq?|UD!FATiUT)xrJtr`1j_i?IaObcJZ{n19gY~IVBduu&ixmtax{haLY zv*417{AiAk_QlnA3;2#Ji_*`BzRx+br*Y=!UO>oX>-XIGgt7Ig6ZrOPmtX#X z+3)3=0`2#j7PsF^-QSSKhu{e|yM})6!)m|j13&B^uzzPbzvcFCR|U`U%wnx$|Kf?E zeBi%MHGvl(x7hZ&hg9=ax~C({x+{-+PiNSB8i}5IF9Td_Hrp~F9guCQXU_xg`}Mq= zja-+UX0>Oa$D+j)@^ab_Ml>ry*ObSt*{t`}3c z>(}zEaFDJ`#zZ5nQC#&A@S1LCAW_k zt~VlQHwZ76zQXMe@KT%ZTF7cs?Qb}YHupJgsy($^K%2$1IhQsAPMa<*2cKl!RsYT9 zd$ParV8_mN&v)#c+SyUOXnRHR!AtiB&Rnr)w6(6IxHM34Z|R+T=6?TyjwxTM?ihVy zYsZpB1rkk9gM-Ky5*4Vkrk8PRaTf66(KmVy?$qlb`OgXm$ zc%K2@>3aiDFWw_qM;{y76FByd9f4zC=D)q;HelUo`O7yRoVvO)3A{571K!&Y1Kw@G zn++^}U|}0){@XkJ_@BiGr|xYSbj!nnHIa6wIIu{r<{(#+v7Th>DhHMZWYXAacq}`O z-+V(8y3+Ir>r)|LO;7NPY&AWF-}neV<K6r9%f^Xc{b^G+-^es_?8= zX|Dm9cH7+O$Z|bxRLZaUwzYEOx^YIoWQW~zp2IezwvA+ecmF`^QF9&N$Gxr`^%&NV zm0zIP!RVFaGrRhvI!wi3Ujh!n;L5lk-_O{*cTP0@bw0N3JZdjR8`&h$`D$!YeWeu{ zL)_L#A9$!Xj!E9e?yS+L+CBmMx}8KD^_BLxwDz_6GkZU}HlU_DCA8#w+y{nY%U50x zZRgUqc&dG*svJ962W)1I^!wp8eUyug=g58YNDT2EhG zfP6QY{?A@d-JYYG7Ji4?u6pP+cM9Xqv{~Y@%~}gozR@~&|3duj7ep2T4F&@rdj@ttH;v~*(|_ggNX{;Y4&zWjx&u|vCFOw+gc&gf3@ zQEl8tA1%4acjX;C-1pt@h561Ho)bT_>7)JgN7F~^xm2?k-(SA#&d*CT`vVEq=dASd z2K7tOI}vyJ>RP+4acu(rzyT7UY@83aR**)omWb79o zcMa?MBR)BCmSu7)>BQ(Q^i%bUxn}r7v!QL)MJE!Q-25=Qv~?qNZlZ7d za3+2Y{f*WQehD8zaaRiMm{^zhFT7?XxD)Fh?0VFq59}V}?uf>?V~KGEOE&(dzVmm% zM*ry67Z~4?m?7o9c%SmMk7D_gcE_Kz*93_7C+injk=v1l5k7mr@vf4zEnOw){Nq2C zWNvBn|Kj1MGGAy2^lmvBKJa|q<Sni z4WYeZ!HByby@{80X4w1jo#$gezJBrk**qWX`}-p7(*m46;PpkCZ}LT&uJ=W19|6yY z*rWGE`t*sMUuolB56%rYn{E z$n9GNzR163Sdq3O*5^l8Tj#Nd!A$ysV)_N_ja#R(@qJ|Z0_buExL~W+W6MqdbU)uL z$fGufJPb0v30u~L9c|`%7qOdsy%z2(hgN$D-#f<_vngDcj@o-Xr-h#sZ!h6{e5VC| zY9HvDbMhiBxzG(=^!rlFT|O%AdIou|y8ym`lk~5q5?-O3jk$S|4YjPNSb-d^u_BF= zp*i+3joee6FF2tFnW;sW3P)IX{Q$e+zTY@G&&ZLz&jM{%@Z1`BPa6T?Z-%BV^VoX; zd(~PTjARD*o`2eeR(zzf_((6{BfWr+^akG_fAe1}Ui#?Ly@T+R&cIK4>9Ii-Tk(^A zf}eCLe$tuvNypyu^@_7Tp1%65kAGD?1pj3GpN3SNi%&2VpI|6H!BBjHU-QgkDFe$N z`*`Z=`+4qNe1kvysei@ifG1hIZhMJs>HCS_*0y+thuM1$9UpdWyzJ_k z$j1Z^zr<6QCyBHWk6hfu55dzDZG?MI^pTxazFV?zWq)FZ`6DNd!S4PBzP#c)zWi1A z@;-dIKCScdVFrg`ZTaBy9y$=iV^|y>A79k9X5vxC<2`i4i;HCXN&3ns!RH?zm8_mH z>^IdB|G?^VkSmuL!sC5>fEXU}{CE*Ojy6Bu$M;CY;|2#0;3vi(7JeUl_a1x`4>0NXd96Y|XX$qd zUezU5YX^>4^~KLkx@(04q7ow&po zX}N&D(sNr`!3zuCC*^41e7^p=-h9&Sm8O>KKRk z74Z%W?+<;G{NI~zrRL1x{70NmV9e!}TR$Iqm3at%PYXsy_y@Kvf6*%Z`x}e)cK+ao z&Nq)6SpHHf_K|1zWyZI4J2p4j`(t-@fB(Nzt)U;jooeSLpEG-gMd6~z+=eSR&A@dl z=kmF-ej?vU>(iy17)Q2U{n&=i&zA1Qn#1;eKG6O{#(ei38)%^c6eM>{60ezoK0|Mg+VOSim)k9^tQVV5r3Gtnm>d055YdH#ee zgQ1+8zg02b53Qr`U%L9GkA7Rd@AD2%OFqA);zgUMidlaQUvGtnV_e$ZY16JYU=5wb z+^-Y-pAUWBAB>!s9*h*h)65F1@HKe)7mhhc5)$*9}4rvXFy*?EO2| zYF~jrIS~Iu{n^uTe!l6?c5A#}{n>=+U2Dek+>!Ld|E`b!9(A6N;}gpldehM_o5mTA z&J7IjA{IUp*p4&?k)PwWbE(kRg~`kJb)PX@`#y}prQES=pMLQf!?g{#_MMl}{x9l` z_gzd3dm_JM1MMS`%YCQwi(Kk@)>PNNs-EW-;sRTrrhmrpFOSl-U$`MX7=>%}XAD;{ za217o?LWZY_eHOR7am=`mOm}OSh2gS*G1SNigOBIO_d!Q)|SHYo8>0YXzY)jLsMKh z%+x~-0p=t2Im?eM=O9>JfBy0L<0mQi^ggkzY|{I2HmRRulZJ)YzxUbNq?!-Vv2S4W z)%Ty3(Y}s4SLxhh@z`CzEJIU~LL z)M8b&ls*-MR(P>+`II(`L*}# znLqTwj{7dy(b4jYcRDg}zM!I&`8Z=gI)C-pkCs)h7*M(=`}h4Sgon4^IPNpXf!xcm zeR&z}KgvdCF68&~{9cjKo=1&J?%7s5g{g%D&AgF;CO`P*GH-kp?>n44?FjW?*^%k0 ztEaLt-=wbMl@(`(UP%ewh!1hYc=R<6?y{cYj$CkraF=~TaPK)I3b*ZV3=GR(*&l&7 z-|mGMB|YQx%#q?$@(JOTa&8o-ZoIguXSjcJq;TK#3Bi5bIZ?R1yjTV=#1s3P6)qER zre?Gg<2Z5QfH<3Z(z{0}Q?zj;esrRrIurP8n>irP-n{qDXA9SPqFYWzdkynC_I=e$ zzy5Lbd+{@dvwxI+{p0Aj=`)6_v9oK~k@o4{e&=VOF&>YAM=j%}HTYJI{y}khU{ia! zv!AIKC}NDfg}M}bygsE`bN8k(cdwN=J=@24eQ}1y>sMyIGtt!4jrkHaWX^c~pu(7} zoAJfTeIK(r5*3cu}xY+vNf z>$};4dbY)yKTLkTB%a&<)X#Dg*%DGp6XhAnbzA_ zOnt`5;HNo%Z_vk|jE|+`O7hQ|U!K7)@Z9j>M{CUUJAfxWll5fYNm)3X<7Rvm)y*|i ztEL*@TI#ZEuJeU{PM@f@lfl;tJygFYxHPX&wS!miZrAPB!dZN?>nE&L16ho~@QQFrW2>EuZv#FVB*43U)JG`3v~zKR@OEUohHtBeu#WeyNA9N>Je_$M4vuaczvKI=({btO2M>KqH8QFb z{WJ5v>^WF|69@F4f7&GGPE(WHFWd#~PAAvdLVeV9c&u8veOAA=eCVk<$rwHRMd?{8 zeBetQJ-Ahj?=*VP_VQ? z$2Ts?%W>NfY{$$$brR!vq5Eln!7;&A)z>Vb-F|JO-tQ{>7c^*#wmZOSH->+Zc27M- zyKS`hFJwh+-3$NZ)5|Z={5QX`WBuVb`ngH{tF7x#b8K{;>ko14wQsUxdwv(QW3N+R zU_zrWee*Z!4mbEEX=%Z}wPTu2J{2?jskfVK($mI`p@27+x z=Kg_tU#PCq9~yDX;`>IVq_q8&x&CvIiTu-2kyk6SfjJDan_4?t@>WOxU5EbUBM{XJoT>v$E*c!x1a*&H|5V z%=hwsqb6N2e=&Tu!>`}MZ@k13WHoaUR{5+n z=0K-L=ghm$ZOlk5*Bs$z1F7ZoVV-wNR$<4xzjKJTUHnvYFJI5>Yeu`8v#xoI#R2Ql zDd4=e)LK{zj*F>x2sr0?;3t_M#e4KQkBTOT1pJkqnpOfvyL(gij3C&~C90&EY?%o}ukFBq1_I${E>h1j*ar)XgoZ9qyWHy~z z`yu$dgQ$V)?^7N99<96J)X}f%M@>C-^s7`ye+>Tv`5(mpVE&Kg`VfAH^8Y#hkLO=~ za1(P6n*D>rE#!&b^7juP@DB;UP3}nb>nsoxenU3uA?!GP!+!bb#x@1Q@1l3_RiQ(b zz_pKhYV1PuX5@S=I`%qtdZsT&wbt$E+kR}qTV+DxB2j9NL zimmq=^N;8*&uwG?W0^8JU<XJ z;8iCC+E1HF{plU7p;%zop{weuQ$=r3R%t8++W~o^}x77Fj7lyV5GLZ zR(u-$>A|>5FgkpqFDOi5e)p%zGdl7p&r+HHcgkq3U71lm7QRi!PZ{eQzG5uAn;Ug==hPaFt-n2BzGhpB@aw9vDtxJ+uALWjb_u ziau~Ubh!{1Tv=|Zq@SWctAEalG(JI}L!Vts4e;tW>0e4>YbUASuX&EXhkJK$&-n5s zTC-W}x2R91hEaaz6ZSJ@dgeN8oBC6p(_HA3j6lV$15zsLv3c019If?Y5l?Ha7rw*T zCu@-M9oLS`K1};+>QFiX#;(`rhbTb1ZyI?1z*28G@@DObPwG{EYXZn@y)-Vb-G`YT$6zlIRJJ zegFD&;rOxWG&s7CzSr+rLkA$Z$3+{^owvRU$f78Gl z%*iJv&nIRs8f`6XwSBU!u0Q-q*@cH`Tk8O|BQNsx^I1ohe1+rN-m%}Bn*aDU5Xu&--L~H`h-s$&l?P$B@atKg=Yadh*%t6vZ@h0?u#gAQZcq|%cJspm^4rhC>j2j34dgE{ZQNHul|sH9I=S%sTMXl11rIqVAk2ID*s?egU1CmeKypF+1~Udv5)fd=U;rU>RX>a{(ESrNBsZr%jEb!=(+wW;r|EV>Wy}WAJ9FKhSH(Gdr%_5xz+Ugg-esmOCra{Ml9znU7-v(rP#WcnuB)gFl0eb!_p z7wGt1Yw^1@hki7E*Ai^(5^U^RY^-vkS_7ee4Zh>$J+x|4 zMmu?e!V-Q(+a;pynI79wnqWIhKONhVCH`VN1VgdI-v)T&v0wO?llx}B#CLeEd{s|; zPsZzd;;TmDt9Ng-9vk)Du19}E+_88TdmLdm=-(%_@ZAw-F{cXNWt?S&w3eE#$#yK} zzV7Ae9)3%0F7ehEJD+Hs9E{|q20Lnziyu%c{sU^o!_FOR#ed{5gqp6s~)i_dnHx3%+p|BB(Sleqj9*Ph`IZtj>_`&!3MLu)!pe8bzG$4ALUPu2rdn|vK)U<2!K zYrP=(Gvn}AG`~Uje88-DL1UiYbB+5Z!Yw$x&-_Sh8~-u2{dvZHk>|(8XD!+DtHB#O zzMiq8WBif>9e=&~;)(~rlQD#sANXj>>IWIi+IODSK4+d)cm2WLRE_C3=2cInQ z4Q{&_xE{>3LVwjad8Y0vtMH8*A9!+(?-&zry3d7h2e1|uYu??a z=LT_}VLz9`8d3F}kL9@$i&D0XILY(e>+DZ-g7X~pCW@Cw@Z40!uv14{k!R(D1B(uOHa?L=ofYv#5V`aawwqIDPz|eZ%P; zp6d%v`}IBM$T&Fd-uQfKpK)?=xZ*Hz_-h|=*x5%Mw(;Cl!)cQ^<2lp9=T4XKH z>U>=OgW`=`-w4*O4L+Rz$L04($CK%ZS5}M20nfk&?8`(SvH7wI%Eh0G4LH@;uY5W- zU^+Hn#m)WD|9(dQPeuRtqyJ&_e+Bw~D)$ogpBz#7^ke_hP5+C~f8_we;M)%!mcEUe zVHNI2&#KX_63+9dV;63`|HB`K9&Pth21g_MgMpL#p-1JmR^UiL47Z%zAYHx2yxx*N+QbARmu$q*}&~ zv{rS)^~8ji&^OXQ&N+@XqMGTy+vvyNVhpJ{7}>3vj%D-S|9#gQ>M;&jR&MAg;<58?qOEM;d2)O) zTgiC~?`o~z0Jf1BBc}l!Xsjmg!FJv|nDv8c_iEZ*=h)5-vYoW~8t-j4>x)~V%W2cc z+RZ+`Jz}tRqZ=Qh8|WD8-&NO?rH5_+x0bh&6LcjdL09sjo8-9e z{b0naGkK2Aj2&v-rF8*Ck6QFVIx~k@x(3;hU!r`k{ATr;k_D3=-prb3pZj=?p4Gd` z6X{sb1pU^8M(7ORSBmc%yWQZ>xe*w9Jg!^*5DUsK?io{axdsk?VI(#TI$} zPQ@0fvYq&yvUe*y@6^1C-NX-VT!!z7t&G0w_@el?LsPfgzNp^4iFc(BX1>hmfuTCq zNv+>U4zw~D8Ogl6hF9^U>0`&hw~h228-e92>|!ZCEB1frt(NSf6~4y#jvFf!adPa^MBjFO@XPqNON-uo@M(H(CV0~yM4#KqIem}5mx4UkbN)3w z=g=qmoI@Y;oI{^;d2Ym_z?MXulKJMMVJ&oM;~n?7h2t7(Q`R$%*=UXjn&Ucie2h8X z=ehn*j$Ims4wFWiyxSKVbye`(1qn2IB!NbpzpLkv0m)F5M#x26Ji~b#&-Il?@2;ly zW^YV4zSRqk&FBMi9`i3a-%VT1#A50A6DK2w%aFrnbRaz;7Tcxgz%d;;h&~5S>0UYD z{LefmeNnAVI(SB(1+R2(+{XDIc~*SQ(!8=sXW(a`CwtM8)$|qeKYz84I(=GSV0?#1|^C$3&8iXH>IZM7}dt z`d9i+Kl`y3ldmc!UsXcBYAp3%bqlNr^R4b`xE%j?fiuQQ|GUgeW!_zS^?jOm_f#;F z;mc%AV~w|^n>8L(FQ#>GH4po5rcP9~bAj+=guE!iD^WlZY?B7NvG#av+ZZXGI4c5XJz^Cpe zi~42k8hwu5D-f@+ZPMMftUI_99Nxbv7+J%3^!sVn%bosV)lVM$?TQHYZjAqg_;HuX zJ&y$^=3#ptlO7g6&){P7yGl9+ZNz)&n`~s*T$6mHg`Y6jw0{WucX6z~Ty>?gA zX8m8yg-|W(&Jf>A$KUFYFFgpqZU{O!419+NBmaCizCKm;iDo}3a!(%*ir=qBbw1U^ zv$=y=&j49SK}T=O_~m6ctqA|Lh`4JVG=6H!9nte0oY$B&XyW&i7DiD<*2*O zDI!)=j&2ljT6C<-)X(|L)$VM*RmWTc^);%eCMLQog}BbH+35EDoFeKg1Wyt574mVV z1M+#l#d{-&Uus`ndylah&R#RJQ?e=EYewg&?>bdD<10t?J>awTeJ*2w$dh#9BIySD z*-GwL=XuIon{{sDVJm`mKJXMynLK0ahQM7qC3=2%>hjAfPQB02GYdIPM!zEJXJ*r$ z_^?IvW8Y-aZ#~!6fkQ3+y%&!na1bw&;h5~2+DwzY8ThTRKS9PMQ{z1{b)BciIVwNY zqJKQ-r086knvbJfzoYrkEpfji>NZXOwm8FIUK#M0%Vul8BVE^CW7G(*boV=wJyTn%xgAVf z8@ad9+4IPIPcf5Vm=6rv_h=(9H&H*g^x)DJyMR~m<1>uGS0%(*s;RFZMoff$N}nr_ z!?zoUUOGAnJtid5qlB8&ElKD!l0L;tH?7$&{dn-6m`}BuW3P=6|NeVr%qFZ(!oOD5 zmHK#4Y=3+0XD|M3p#~#Wwb{xdKIFLQ6s!FK;LGKgv9rQ_`t>~ir8n7(S1Mmu zh91>noAL~A<7+i1G-BtV)po1%iK)ETgpJxrEwA|S1?a4rRP~jn?*5sfp;6?q4Bk8K zz2DsXu3zB2cbloDIW1I4Uv)3FG_K6cSN1+vj7+6vSmoP0OZIBL{&M=%-oC3iTJ2p9 zeeHQ1_B@YV&J{}w|F3xXa8?2z+_mXvdUzrGyfz6xRR90+pb=4hk_}@#u&|-Xo!{f^ zfj5XbJY1{gJC@}u*K@?8t43}uwe4Mj^Bnz!~?Qb1M~m>*89GhcU~qaw)=nb`Q$S*?`5rLJw+69c z74yi#p9%23_&&gxMc-+RJ67PHi)G6xcfZG}C%K1?J?f#I7oYjaB(FXdKDUwYV#Y<= zk26NWSVUif-Q}klgX8+`qQY^}y}wN1TKZr3KH|V4eIFYHp4A4Pbonf~R1Qw6z)1ly zqXXy@UAu>Ty%_U04h>qNQw&)ZhxUI{aBgE5Srq_ZUKyk_C6|9p_TeX^AHF^vK9}de z2?a(=xqO*(NM?A3qVle!g`I9a`2ucQ+mAc#$WQR{>uTh@cYd}`g#I@}d*(x8 zvW1;o(9@1Tw{zF#O|nyEi~j9zlN+}xzBm#7z%FjRnZ4`qhRe%_N6Kw{wt?R|%W59S zzs~B;L1%Vq-dgrvCAC?@exW#YX_Xv+_oTxlj|cYCF&ArogKh&B=^pVy0X|3x`ur;T zJ%GH*)HnOqi1imnS4=#&Q8GF}oT*f2m3-}rD7=hLwi*kG#aK0;v|}+2%&y+>j^h{b zj#sxD{&wtd&BeBF*mA*ddq3^q8=J51AZI$1qjSbCDUZBU8{RFOWHt0FBWA6(z3U?; z<_o-fuZ&nZwh()RtWl+WFM2fCSY(x=ldL}NYsx~`jm7^`{I~U)&6}oxC)vHFR^VsM zhn7m_ZjiPV8(Rzhq$h+6$-j6m?eJagh%el~!TgLkvac1LO@B{p51#o^oOtzEU(CJA ziB~6(OB&Zfo|)!*W(Ut~2HuB7PxPyDtD)npBF3lj;$tp~GZxu^(!HXuU=)5gL;D!_ zyfFX&1@9Lw1TQ!r6khIKEWBgi1AYg?t@bRRhtCgP06y+{;dAx3?7(xwuNu(bx!82c z>#WlY;oEmEbI!3vW>+u=wP#FaXT&$wTMgEeb^(CCMdrf|RWJqX8 za}s#mx;f&>-!Q+m=TU9{Q1HUzds~>-ilwl4IXFT26od2%-Z8JWP$KJ z@)DidWHpNR33OEgSgL%m49G-upLY!p7@LdnTk6buW~iqSdo6)pnR;Wm51(?+vS1W$%n9J|DeTj{pz9o)OR?FDEsfG;B-&bNPDeBp2Jsx$Zs^|<&tG%SU$Ht^L3 zzUqAVs&jNmn-5>hfPb9v^R)h(-NRbttTym94SdZ5Uw447li+I@IJyIT>AP%(r;$C% z*XQh4qX&hfH-MuJ9BB`)>QHn*L**fRajO2ZjZ6#gR!krV`EocmDeA`|`3vl$w)bnu zM!FC_e=GmO6Q}dahnc|bomH3o9pDH7gvg z;@r+U&ISl^Hb60F1I*=YfLe1F=6xqZoDERS*#NaQ!TPy8U&r(9oVPWO^R^Cg-qs<` z+uFHgYJC+s)>Q-T-MgWpzs`>B3%^sj@^+m2VI z<7*`F`Ol}d&;GT~r>z0D3*qA*eSNpnw^s+s=aFAhNR1%ZMt1oxlRT0=oQqLyuS+=ov7r)J6Nu93v~Ia4f~GsUtwQ!JY^#pVM?XaBSlUCj5yn!Nf1c4e*l#D~pi4Xuqj zcP}j%d%Mm$R7^wbSBrq7nYI(u+1QS4A{ZMO-)hFUn(?h>d=D=og1mff3b3&jHmd=89OG>Fot#C_SB)&JR&NAl=jXFA4IM!87$HvP`{+ zHlACC%#*J*W{TreIkb)Q?AoWacDZ=>SNZH_%*W`vll5)Iw^TcDEdB0a+;xn*j&av9 z?k>){&STv9`FYe1%x|vN`T^q}YsMXDT=D1Rz?kR27eU6{#F#Z6@#M4gbCiDC;T`p} zbC7LY~{=6u8pQ=n^AOT7D;-qL?R*}JTy z+i7o(-JTU`Y0cZ$yNx{Q^V)36+~(HCZ?|lH{$F|zw4LmYNB-Tk7hs*JsDGi;=2I9oWx zV9x~P3h~GYFfpnDc{FT)-zgYIRr z8KL`B=w7!btG=BW_0!l4FUg+_f9pPU^j9`pqZes^vGNUEy^WvStk|df`*Hlp&BQ8R z+Eusd4(89nUCTFZubZ>J4%?&33N>myImTR-yjt{U)*tDomAG<(IJ0CsAx7LHu3o(pA8$KBNz|ZXM%VoVHut^|0F1x}rA^#jO8P zhtg~3D*n*Od=^z){Faax;I(JW`Pr;DXx%~U4Q*3cFE1xA{08b8v9@s3%6;Nl#uvYt zoJ%Xz9Aj*o;e|$rrpB&wbWwqL(2Uvk`Ndb>``+&zv~$!KbI4;)h{mnF>`v}?`|eY3 z#oX^k_K?%nd>CAH@_*RMZ9WWra-sip=-+WgUVVr7#^@D$%|v#N>RBZim-3F=CsJ1u z`W0qb6BCS6=Yh9P0oS@$4!*g67x%Xy_xtz1{@TzuSJ8N=^x!5{4r;!?%c8xtZ2J9UNaj1w7_FunGct-+n!0d0!3@`Du zba=57l-DZ#C|t*Zy%pH+dKY+SzXy01n)UH32jc6AyO;y_K(G73Gq{d37h0#gYhvNu zFvC+Z;r<4$GjGH*;ur0Ww{t?IGjkem?}?X=bOvxIx;SQRx_pBN)fJu3o(02qP3dc= z-nB88?>_9qg*P|tU!bEaA66ry&Wj&ywkCa(xe(tRp7a66Z}*u&4%J$dB!>e2zG}mh zx;(t%@X`;{%zIXivFy4?B|_{!ry9cej&e>Hu|@!pl@`6Knu^#9$7 z_VBdkmFxq3`ik88mA{O(==pIU+tjk+-W|Q|?fZM@z44}LTREgVL(?NW`|mt)m^{vB z{&$Uew!LFR%eYsz^=5zm-+IR-(w}{%f5wUS3DcSn6JL7f`kI#QwEfPn*S1XFwzaoD zZ-4K8bWLd<`)xzv-evL?*;hN4eYHE-SKG$E+7R&>=_~I$(oZY;@7S;tyXJA=KEzn} zSyoRRIa`OlRLAvfaIj-ZsD3lol}k|lrgd8SeJ=WIDD%I9@7i}HJ?HMFt>SEHLq|uS z=>9nNzph~a>ooSij${9;Vr45B%g+9(^k3KfGizcW!^> zi5>D?&>!BobAWp0J^L#Dqz!j_mH}PB*TT%{={C&54f# zvsYev;~N^E{u8|92bF_afr$T!JYfOIB zuA+)@(dL&kbta=|5=^rvwyM{Xa0wnfyO90P5&X5o(69dEZUf6F^w z*>g?UG5#@C!dqTmD`JkT?TtB(Y|Uij0rPi#FrW0m>%wE(Eo*S3G0Y~CX@AC^7YZo~0 zq~A{3ngIXh1;}beW^}@Tx-J{VZNt4!`|GjSdsr8qMQz=_Bs}14cO~t1!UwYRI%rq* z$q&<>errt&U%yYbc{}z(Y=viB#)dNQ`}@_UJ~A5!+4*JdMzwg(@Wqr0t9 zMg}sE*}u&ESIi>RXyiNBh`F+NGt{#c9j08EAZsd$t6rx$fZWf<&OAT9T~=R?uUEx7 zL>2VVIz-))VEr_FB(=2@UaT$*|3LmG^-F$G!{qH$|@kp7{NxxD4!VMn07HKe{0pvL==He`!N7 zPoE1m1c&LfVgt2I`TW#|;3$3GyMdfeK4)wQe%P9nRml6u5AkyO5}qmM-V&Z+&vf|` zp1F=^ZseKo*L=PF)7Ou#(+uhE;>=)&U>9^?C7F@F1mh=BD`lD;v z2ll|SN!cH_CXK_sP`nD-wS@RLb3Kz?%v}HUigelk1?IZTPu;}T{rQjw3(;Gup%b#c zjK4T*Gcd-GOD+w6PVQw-p?|3^VU6@)hm9^XlU%r;jt_Kt%bj{SC^E z?L?<&uXYpdRr%VRM|%g+NoDAyFmv0hH?|@p|An3hoWI?|KEW>%R6~4_^5GeA$$V< zF?pA~%RGGBVn6lm%ID>`^qBIgRkJ{{Nji-h3w_jP=(FwGn*|R-#g%+!#-Jd7+OCL{&ipRpvS?P+x`mhA%8@87mV|1TWctitwugL^Kt*pvKtGd zZ;%7LjQTf{#Rrs!HS8nad5pYv@>G5A{har@k(b*KO#3kbsvH8(w zk~hD6C%JKSYn_QLx8g^m502}+LD6*^^n0NsbtaH%60{QEYh&*0d{SEQ10jb-k=@!U7=t6%%vSFlAE9YE%1niIN~dwX&tcGGeBw)2=@=DTAjt%U!#Qzx#Sxw?fpxRtTyu*di?^Z2kc-?uRz6@%D`e3HMTJT0vqN>0^~ zZ=&|xn5}nyrs2Thrv*Mdh@aTMGT^_t`rOXXN!f?3#PVbpiN1>CiEgDHekw;_xpe#W zwLZF?c@K1RYz~)SMB_Q|$q0B-Jkx6Ujrq>?c^-Z=@jYUK|MZ4(o!;Gsncy4$VEH*E ztTp=W8S#VY`{cxTr*8%G#adGoErPz+{sr{SyGZ)Jz5IN6(VU6CCO)3x_g2vr9&z{3 zNN$QZF2)akAxpV(P7a|X>(h9Ud3e+Z-(dMN4daFXls`WIYHN>RB0uZ38LX@1Lx++; zp!s3Wy}y%l@9*T?`#U-J{;s7n>lbnT^JmL9tf9VEe*fx7$t98ILTX^G&L7rXl9%5+ z;d<)7GoSqLs-9mD^Lpme8TI+Zn6IS`YuM_@!t9}uy!`y;$L)UCUmM72Uc-9Y-K?h# zV?Avc>uGD3-c|qn+0SlxKqA#y)o=2ZU@y+hSH~Yesm)5&$WlysnqxsAj z*1Pxp?YYmM#P9hoFs)g7NBvsb-}$9Ak*B{kv|hNF20YgWvYW3X=VKT-AH&G`7)H*A zV0n(~s=xRA*=Yu*h+w*WZS!2N^NqRcHTw3u0U3#jJcRYzF`yod+o5H_1p35 z-F(WjVWIj~VpRToW5vPZ!;v-EXAP`Z9VAD{tU0q*?tk_G&sMW$`g!`*+UXiTW2^y@ zsQHxM*`DDY;y}$=@U-@qx;j|#Wv?$&3?H;3+n&bn>cA&zBOa#p@&s)YXI?Ec?PzaaoLHLC#pO=i3|mQY`A?BMXX`i*LBy+sg zUH|N${Z7G${CsrT`SRUe2koFw?NR%_@BB6G-_TxuuRW`Ma!H z@uy1ofm})U5!9^T3EbplEZVVW+3VTpv}x$Hoy@;&dzQbh`KGm2S7#|!Hw4);4|$M% ziM1z(=kMV8H-;VBG_O9pejfYiIWOmysl%GCs$&ikKUn`D-{(YvqZPlsiT2!gR-k96 zp=Yzvv)Sm`o#d_TByVLWc`MJX-OzGm+B3b=kN&o|^XTc`PUO&NYgx;Kvv>6_UcJA! zlW}wwAK5UvbaTstUux*BxAylYflax%EBY%=xP9zglEWHj#ffK^RGa{w^>u|g^_y$5 zd)kXvZW25?Z%uU+c09FWlkDtKz&8%LwUY5r2WWl0#9kY-)seY zRx#&F;W^c7$m8=4E4z6mGI+L?)6;ol-KI9y=oHgbd`V|JYJIEeZ1RNy;s?vvb1Hwq zuIH0u_J4KnKew@qfAK<^o#xEH&t>4V1%u4L24hdA)~{;7&vIfyWvq1;0Pj}dRX@Z& zc9j+05H0IJxhgAQ-KzMF#Wjm-0kc0p80~xx{zkqVTsdnx7JFwbVj|>0W(UsS z0owro)1P;J{8z-H1Ly(mIkodP+J`1GVkX4Nv()@p57vYLl1^ zHB$Pv<-q6c<>_EeG{|0_PGZDKXh!1LtPuNolE@3yG1?Cd2Y}%q?;WZLPcq|id>_4& z!x@!%oMj1p_Z;KdBsr3@|Kw}S_ff6O3D8$Q{nwF4%DWjuTVsKtfc~~YhdV}Dk=(Au zC&CNnpE=_6HGy_ZXqWulJ$V6Orj0z>5)6u!1j&18qYp1Uv2oy>JwtJFs>MrsMzJdK zsP{SfqT9%!>LM?+o&1V??7=D7)Z1XZC1+OXLy~$Z+IJ=i_hmE%a4u-Me>TmlM1L&yBytBGAb{U*S+|}6YLk9uwcQNqHM;U zPwa}eN-D#X9%deFmd(TXhZKhUh87bifd}1upDz3xt#Ngqv?jHq!(zZ0r;eL^Y2|*B zqxTfKrW51nDCNksBeOfuSzY*^-6zA76c6)`Sve*4S-#nfIX@k5+|zpY=ag55t`mMf zW4%I%56R@F6*{v;KoV#J8Li*jLDX&C!G4t`goUf+s4;-y-hv+DNBO@r%X# zdhQhbIPhFDccQmHfB!|a5jdCp(cDpiNFD9g@x11r_Z`9i0S``uk54-I*zduGtM5+- zgXVn7{A+cdY0=78Zvplxzo(WIpQ3@{Cu&165w)o~OYI*U@6H&K$vpOC zqHl9P zZEI~PI{NYOnaPh^XLOb>djn@3xzf7r=_{>0&p3D}r6%(M+6FFauT`U0!|S(LS&@X= zeuTEaO56WT+ly(tnzoy0yDAuMO$5(t`+S$(^B-eE+^=mqyS0}u4VAsk`=Dca>Ipl@aulGRPH{q)<{9w(d zj$My$TKR*>ro5f2U+*SotAw1bW8`cdBWJ6Jv6SGumypL+a`xU0CBzbj-S`CSsatwi zKbK$MgIpT;J#J`y53qRs)X(EXuE96`BKc8YBtPnT@}vGhe$>lLU#?$+e>)uiHuBu? zwA`vkc;`lZ+k5F_&C(I|Z}I*sOJA*j1>g2beA`!-4zK@GAls;y)f+|5ji`WRdSVomKFCeA<_98eacAKJB8LF0FUr*SQDM3D+UpwGZHKY_gTs z(1@Rw3H-UyyVkdiE=cYBof}Zzht7o^!rs^Pd1+|!qs^NZW@u|H@2$>oz1Xy;{TSNQ zlXqU5ewgO-{DKVaggkIbr}$xeuk-T%=5vbKf1jMIf zCiP*<(i(D9H6Lo>%?TEJiikgPrYCF2tDb1(zP)c+waHx`wBbw9FEjj#eS8rd$9PZU zTx7o6dPM635AfR^Be90hX^f+hO};Tc^F7wSS(nznmz~s++eh8cRoMTtS?iV! z`fl)1Bc)kqD^2TP@dS25#Lmq-f1Fx7e=qIXwxje=I-XpgL;AkV!&i@ZbiVAL(@m_w zXN~CTHhT&$A6Vm3ZTuo?@Py!{&D80Gzc`;K{VZ;s3#E92;?gucN^YCSH-bKS3=9AXvsL|Qzx)a zzH=xyQpfepTe40+*Poo_hxtm{SKnpWBZ}qw@5{bBO8!H!p?S#ATsRYNYHXR_kuB`D zqvt9(^V!%p_}^{V+zqlxx~(rOhhZ5wrbfZQIp|xg+{k9;obd0q;o=v@9My(wkgXn< zjebuG&zEtpvp-mW(z3o18?lO-PRbY8TD`+l4!*s-eLgL)>3C207=n-Cl^vSvm(Yjo z#sqfNG z_S1!ELaz8I?d7b4CUp)!Yc5_aUBb|%li2?J!dyd_XQ4}hhc2ptYtB**$PUXhbg>vm zC-`rZoJPjP?n=>s_?Pi7B(q%p*PdKMlhDf7-w#dZu)nVuo=_Wgp*q?KLRZPn@NW4| z-nn#P+R7iZY5TB`w(JYEX^Xv{z!w-U+G4*Yu+@|!A=-92v;`-PiZN^N(0ie+3zLfv z#V5VA_21We<5A{CX4=}mqGC82%Zog#`R8xrhekds7ecsFyr-r`^=0H!{6;xieE!P$ z`~{z0T`pPMxj3c6pY`bO0spEg%gEb>oEP)Qrck0UspG>vCgKIJ1cl(p<^NuBky)WLD-=sBl#WZcdDbSe9b(03^|L4P!Mj(c z``?jF*EKz(KDOZhpW^$euQCRFvf(pM^i} z>8C5LpS*#7y6C4ntsm9YQEeUN5!w5ly|jP7c+k9jn;aqeEeXal+sZR~C?DRL;_%L$ z@Xj!B-TDA{M_#G_#6!FzUlp0vH5ORmp;O|aCv6_O7G9}#cxVwkR00o`ux4Gt^(m}r zuXT9HJ3l^5A9J8fHFNQ28RicY5gnD+BilfH#2TQP$KoY&nG7$%s<_z>Zkq?FJ=PDp}=$+HD6C@Yzqd#L8L~I*D^H}%(vUxm& zc`jPmHbF*O+>buQK3gU_V2dTN(b}-lOl;7lMFd(Dg!{a-h~$ORX>oZvE!=UrwAk#U zg?rzoMWAN_G3dNNIxXCJEm{or{(GUtV04f@(1lIbhEHYeft9xWlw7=?KE3i<*ZvYY zF$P=U6nTA;IWc5T+hXQGHMEA;yU~Y#Kv%urxu-cN`5`*riGARwv$6fKH`^zYTPZqY z-x)f82)Tm|*mbRE-mQez*au!(f0w;(Y4h$%+xGM0=LmY*wGR&Ybi44UT&!o2k)pF` zA{%W6{$?KbnS2=O`*vi4YMEtv|NF)c$ZoXtm|gozdzmGBUQ_N9pRYQfk}WUu{UEYF z>EPVPb+B>6Ux;g0zGcF-k#7$|+j4jc7`{6Xd_M@j%fa(_51u!G=k4iuK2N@(BPHLw zc$ThI&XZTZ`R_Mz-^e#`E%}y)Ya`!m+e$iqFVDJi&fm@t3~qx1_*UQA10y_ZY+nPv ze*0_X*HiY_j=Gx5n&f_(kRux;(h2%)hBu8o{IZ`vpkt!j-X*Kph$v7)YjmQlX&aOhf=S5cK z!o4Q-qQFm(%b+^_4C-KY;tAOuK?3h)Tum*%}q!@Y^dh%2u>k*vG zIQ<3IX|3Gm=^y3{5@O@6#AD;klUtBang`eFlQ?P-G0vhTS@q+6zm-c9AkI?7*sB=( zcE+Ay>{Zm(2on3Q>c4|^*qY`##$Jn$t93Tz){N!6#sudzZs)wlTFz?>YW>-FUaRs$ zszx-OcV45`$QPh@XOkE8FrP(M&TB=p!mkzKdlyP`01y77|cw(C~kGGPe^N4a3(HHvudGkGF zzAxmvcP_g*8Pbi~FRnZt`BzUqnwsBkjMST>lS^Nk>-uxo_g0hVgL# z4DH>Ft;Bkr;!lbZNzP<}lPbm`zGwvhA=dJ;c}DvMmQ$}{#i(H9A=ZIcE_mq7v#bM4 z-Yp~csXQgg5A9(R%!)_Gk-dt2Px$lMjr%QYVhmp;j;(3pQOKDNVAi^5IeoO<#ra`Y zuvyRC4r~eRo;LjF+67f-6f3EtuPLlE%7$yb40zGs@>NF;(zZEE=ra0a&f0di9Y+l^ z7Rfu!VU1NZo5I{W6d#RRX%Gw^3trsnla`yzSZX$ zBl_Kpk+Ev8y>gVojL{E^EBC$d*=v8SA1hCZ@hSch<9op%vGe>4d{N`!1us9$M80_Q zU$x#i2Y$43I0B91*k`fxM*Dm!!B(Vw7hkiYFSEDH!06_k`TRL#FPI@{)BKBVBd{v zpKIZ`wWLwAsqJFSCK=6nv%j(`Zs| z8NYlvaD~}ZW#hoU=H`hsIOCV@*Vy&v&Od+tN({as{-XUwFUIe&CMh2Un@e`#q%!Q( zBL3M^^kNw~L(t?J)<~hh!@rK)maV3}%yay(I`>_;Y8|+K2V8c%JKMxxR{x{oFS+UQ zmn8EkH_+GGiLB{i4!=bVrZ#ty&Jk_v3HPSbtjc44rhh%vj zbZF!K9r~n=Hfr40p`Yul$JVP(WSjGzi*xo;%_5KT#riuV_f7u!_skxMN_2txZKvN3 z`rQ|{X*1BTr%(AO>|c1TojwoglRi^Cu!Q`wU_|Gtwz9u(Htj59PSf9{D)u`Gk9oXb zeUvqN$rOA9@m%%GcFe!koC6f#ED7GfNAW4*QOObfkA$q$e&g9Ha*?X`UmLB2ujjzm z;vIV~=Ni8GOYajGzNX`=tpBoB-Tvs+XPS^zv83b(=Q-j_hz8Zv%*Ifhm5{B?xv)j> zQ|YzHq#24y&>}TZjaQ+mz|x{ ze2TFQ(Ig#D{oUdvQ=S=E=mT7$k&hJyWQ@`p{xGUh9 zvG>p)dlF24`gHpHS^pDH=&bQmjOmp4gZj8tONP{+Vq86p=}pE~9YCM@aHe)=b3J&s zHER*M_&to{PCngst7x~@;e!PHX4<2zH)(S-@A+vUUJ;($b`vw$&p>-``r3V%b{}@( zg@4}!&fnASA87YvV90sx4x!CUoOU;JziFB^>lN(JKhW+PKHmfnZw7}o-+gw?6Kn8C z-UJVC)=r=F`8;Y@O$7J#R$upK@QR_%a9ct=A-D>e%;YVhO|$Bm>%~gz1ajMD zjAjq_aAE_2#+OE;vzlz1NqYC)WXrqVuaq2Py*)8oHXXb&oIQSvB)@W^r-`u^U25Hy zXku)OnERtbksQ{)o<_gR2I@G%IA3L)%_g7mg=F=W4M})jan(-vUHB0{OCKq|*wxHE ze1%TtLu#*fc>NLiHqLvBC05|`vNvwhNvmLy>PbG0epO#x^wmvY-K^aX^yTSC{Kx)< z*ShJ)^hZCEG42}JQOOzlQ6Dw5As7XpY)|#Kg|+6xoTI5TA~o->M<%!LgNLBwHJW$K zam~3NXj%y$XK_tqtYr;D_L06@@PlZo?`KQkjeYD(#x8R0D)vLacnF=RnD;#F*$!~K zf5Esj-@!JJ?N|30_BQu){aajnH~MJ|@Ak~Q-EWPA`zmf@uc#F?_4}?BkNpIl!1cua zHm_wfrk#dYSUb62yqnG1NU-M`;u7)s(#yzD^w@LAn%MT7=r(u<|6rol6!rTb^gGA8 z&4Pd0=d(A1JkR(~$j4f6^_i8ekV8|2Y$7;c3>|$<1JWc zJ*qL8{pAlJzo19#8O}9v_Q-$jZ`g|ojsom`*O_8*?Ci8N#^EEKB`$j^i(FC7<({R~ zV1tGs&Y^0506)NcUhp&g<~%adJ8KKi^ZO*vtN#vcog8@iYIyi@c(@~p|KRZt68!!J z&&Ixwy!~hH6{nt69$!|W1BcF^=Jzq4o$+P-3HngnU3x@gtpX3##0G|7lg@=t#*GL@ ziWkg1Q-IHTEqR9zabG#{`{98G>LnlHnepU8D<*Oc{%_~^kyjJc*W2sc*mvKBpV^I{ zv$K$#Bz)v;ti5-!w|?y9DZhlAh8NZ5Ld{L~-!raJs!=PSc{6ZMK^~|s?wiQ}4)TxV z#o(N}O5T_kQ}|2^TZ!wEhP3`Xi>$z2f^{;z@!dfY67O0fafJ(IRZ@cSufFE zD~-FH{v{(~b)0_XTMuC@bv1VV;Z+sk zNvpBppTL%nFpeqA_X=n&n+U-=s%J5>X*zu&o4cw5lQf@18^v_q{?l0lyNNeXhY$9J z!GEd2f9GB3km}M&J&WN7-iZPGF=FGht)b=&5bV>RkvrdV^iR1H7rH3&GY>Y^WDx(RQ{cvx1QJdOY_~Xo7m#{{wm*%Kk^9r_r3Tdk4T^AvbSQuA6a)H zUrBO2i@3F&?~&8^L;91xmp|*>tE9M?;ttJU1t+=8iJ{En;n4Up@ctp{0Q7tIYoJU0 z@eb8ioq{j>1$cHmerhf?THcuU|LpQB)<4>Y)bdj3z5E5x%y*5*yqsQ)pR|Jsq(3vKYW z@-DC=)>VZkM&(bo{WI;dmYz`i=#2zzhMoEj2XuZEc=*JX&|w4pGVX(1lP=kjRkJ?E zJh-Nfd)PekC!c0+j(&J`%TM-i={-r@v;r9+dxaR&@uG?kn6ph2%+CCTxSLIJsy$FvgN$+FB{^XCCQD+^cH)7))i4N zB)$>c)Z4iEGxIPUl+QlpSBZ_`J~wxwtsZ_tHyFCrW*a|VeCYmf9~J(30^Z&>Ec{~Y zBE>qwFSgCM`dqvyukp+kDV($}f;YLQd~e~TJ&{x_^o0cTCK$Swu8_3b{l8Hq4M6nxGO?FX`MlPTa4{? zBkL2)zlWJ;T8ozM4LQ6qIlQHJGrSSFfoCRgrtYoQtf>?1btm_E=}0%O^dPZI>SsL> zS}^y~+3edcznPrd3UX7O_T{Hb2Mol7LQB_YFPOJ?_Ln%9_a<_Czhu33l63&JEt_1= z%5OLMx_OVS&sp%$qq83+mlt@ZKWg${&9jOz=-B~(Vp#Qhqt>h$HRRdg z)2Utg)p|DN6D(ezw_w4ev!4at>!=IxEcp~8?PsNHY#SiIxrDW>2dQI4o#iL;7cAWS zv%RuEhV)cj18!afCh}JA+^akXI|lFu&)&(i+PB?F%po_B8|gCdVJYu0p&I#oR1 zL%piJvk|lQ+k;(Jjg1lSP0otXX1tZdYn<_g@ih9m+Woyx+z%?c=EFw2t@@@tscQ zdl&P)Li}9|A7N*@^Zkvh&TZ_*KFepmcQfBh4%`$i34~uCpY#7zJk<63K3`2Welg@bpe$aLC8gh1&zPoa9 zag8k(Yj{TQ>)o4pW=bKnW{-=m-SH`Ez7EE(*3$J)!>Er#FjO7Yti_^th} zLFDOTAHVVYNB`rm$8XXD${~y~hS+vK(OJ^j(&2tRC0Xn0D9Kx|tQ}0B-mdXhGv0er z;|*%O_Y5-LYTtPIz4)&NkY@m$Ym zSoLxAn>ccb`Ly>=Ud{LY$Vu78WBIPnEBOqYYgvsSG0!e0KQF6sw7%1xzF(p5^r7#U z>wE4}^Zf&S52J&0eK_A`BV_NPejIdhb)sww(aTGxOm^Uh@Japl>~bfM!(C5Wh|TKF z-&l89xbH^xy@zv&JH*|3@%H+ZY|GX!B{$078krUD`{Q=%rDTol*^00F$FWwFjWK=x z^N$x|llkj8sFs7)815n#GWQDWHEL=`rY@MfxBl;*ys!Sc?|lV*y{HoZbVpwJ>-8U9 zbDw_4fphAo@%?HhMmOP4O${Os9lKcjW^8{%dt`GOYp}lzZklYk+nndx2cDCko836{ z?7P=?ILvtcI6TJqZTs2Y?=h2lisy!ZaA3bjD|#=6T_szyNwO1}FS|sxgXA;^dw?oC zSJsTF!XDF)iQ8#CU3-Dc7+;ui9E28i!4yNs zT3bHI9_#Ae{}`ek9`@!mofEl#LUaplZKaQ8T$8-e*c2-@xj?{P&YEx4Pp^!=ge|Xe z=$Q${#1su(7~5$3-2^ae&0cwi8k>Arg8rp>-xmw7`O7Ek=4$)s~Gn@ zV9L3LdT@+;A2E>w=po{keft=9rO`>$8PIq`Hrz(8AOAqKOg;zwDi&~VEcC~Ii5D0- zcif_m;IS)^a|Hu(ZkN|@Q0^=EGjS?|Pkxt@M-{)FcozPGu4(-C+_m@K=(o+k&OU-# z`+8c;)G_EA@?q_e8sSRUd z47S`$Oy+rb!L6wy9TTVj*5KFJ&q2Kj#!`Sk|2@qS=&rpd?UQHp5yKcoF4yTi&Od9N zLL24a3Hi{@GdnCRqCA}h&uZ^}74LTN&Jft>xF7-!Rg9d8?%=ph*>T<0=2;r^1{=y&Mm(onDn27mu9|4R=SdU$@O&F7=G zjIgX#{Oj+%==UQh&)4s#zIbu^y~N~yrq0{muUZ^$--!KOy?gV{CX#LAFHmk$6{@$X@QFNZl7 z@X)8E*RG0gL#}N{u3>sZzTG?$rY zeb^P1L+$>FSMO518u|F*wD-`z)>Sg~|MrdNHo9$TJ{R0h?ul|Om`BPLd1vREmijM# zulJo5Kkt3#3vc#LA?C3a`>HZ8{Nm&_YwxT7=yPA;8q4Hdy8?VZx8^?mUWT2u1=(Wy z-132FA-byuSY!Ca==^oojPX$y9^D%Sd~=+7ISKApaep;=K|06Iz#`mv+Sx)o6hs;_ZRb?tq1KqI^hvte%;RFSyAP}DPKeRe-`$GMa|tJ>|!sTH-qOmYY*6GyS?zo zz_|s^EoU5tC#etP9f$l?7mg-)wu<`?_}~%$xH$hy=~v^S-^JkD3#W_k>wR!a9(fQT4 zhK#GZG5VjX`^%gUfCu-QY+3Vc_!jf*A9yCfSq|Q3%>AEEi6)c}#`EoiJ##em%)e%M zW}vUVHe4t44Cgq+Imf}<-@tQUyWYsCV|tESXQk9S%lO=v?C19BInG9mb2j2u&PL4m z>;n7QJ?7b`S^}JTcz`nx^{hJ&1MtlO#n>1te6p)-%S1zS@s9gD!M%S5=UJaH>rbz- zUbjoiwWtYkZwATYejlcNA*^OIR?=>XK6c?@Q4Dxe^$Z2iF5uY$Jj{c>ID4r$`=&+uxe{B3 z9EtV9LmYc(px#uu9k=MoPKRZ?1B?2zVX@;cMIKoE`O?I?&x2=#{9SBk^kd)qJ;!vk z&Rg}JV`})@f&HgG*uUn${<;tL1FTECczlCOqc!RJBFv}xr`n>n0m zGlny5%9fOJUg(Ss;r?az-V_I(Z~EZ5*MUd)^5U}8gUinM0nZ%H^f}0xK4qNgGlw&M zYKLeb8ii8edpeKX*|*5SLPM`qz1~dv_y9bm`h-{WFa27o-{k&W&3~1Z^D}(U7VPHRTwUAu=DX{@2_AU8 z^e8d>n}SFBtey4@&6{kV_3F?MdfIslJp1KqH+hfV^Jg_5-p)sU{Z5{mL*NBVU%Q@-r!b;j}v#jP$_I>2`uY95l7=o-r zOQ*-jq0{fa3O{}6?n8XvIqZ7YfWy0A_(&>mMth~?=lqm5Pwls&J-q+$!ou4-$+PP0 zPwuf8-?QusUB$l8RqP90#lFz)B}b{VUVh@5{QO8Kdp-rrSol@#tf!r94}WP+{ma9) z{QK?zkJ~mv{7)$!*Iru}_xeod_Y^%{dqMn84ujd-lm%ZY7N!`ta+$7o*JT`f$AhUk z?(+LL9hfAe2KYVk?)HLhPo?}t!Lv^C33zgVCl{LK8F+F`yj?M7rk z{@4ebyBAS-d&C2yn{V}RE)K`qI4t$ZrA+4`b{lz-4(~4D)tc{nh56fWq}%3eF935{ z2ADNJjVyIwF7m*v@p$Py)5w$218YSFzu04O;MLjO7J7iXG~_5ybH(6Ub^b!;d|<6_ z*!Wgm4)H>M}T@3z948Nq$w;Rzfh48ohg#dWB=UcFG-|rmUI`b^o1D9ag=fKkK z;>?*}TRk>_>;o^pW@hOBUiuF^^F7tS=6iVedf!~{$V$z1!SEdi2FW?YgANSKJTM5p z3(1==Ir>%d#^3)}=zl=JI(RtbgJG!ygY0E543!=j1fTHW{<-k{HTWmn$3Nfpz$ba= zl{xqQh5U0YgS@#Hd81m9TcDwQ^c;97*UVk5N89U?cFoS*#@i00%bKrbf)%<>@WB~# zaqGyKWgZz5_t5uZ_`B!-r1SSZ9$3U%xeg2$!`~Ove=d28Uc2Q6U;mxdKhs>lsQ!(= z>zm)m*FyYV|NMRszDZEqb}Y4Ro2YHuL~YwD&LgklJaYGZklLDH{f?R^Tju`5bG=hP z-rQS!RX1mrmvd(Mof~SX?eB#@8AzX-KXTyztxG#sK6qrR{9(-rcRpMU{vO~=GjIPV zef@8IANZST@-@=+>AGy>6S)b(pW-R3zx3&h2Un*YKxegmigga^-fKVo7}h^!AL@TB zXEV(8o#{t@Wkm0qv#x1J=RL--Gvch-n(;WcL!ootGi&F&bl&ql&!5})v}cU2t@Al& zoU(OZadGY153Db{eunn%`{mEY;QPV$bbQx(V9|V;{66q)`xoi)qAwv&D!{3c#o%0L zUt~H*n3&@WrJR3(PqZjbJy6Aw0@%g=IMSzmaE^4~ls#qSb(L)wR(fQL!5blXLo%>kzVdK*1p3zE3%KW}yL_TG;yDhVjMJGlJ{~dW)$smyomV3n zPCGH^8z1iQh@*?f_{R1+HS8oae&LSInR5ZpocksB-1#=s$n$jkyZTsXCM*NT%jL_k zwo%Hs{J72X_5Wk1{{emM;C3*5d@=m@6Q3=Ru+rsCz0>za$;%A($YA!+lRkOfz3_85gT8q6x9o}JoRg`6%`Gqe^vAt*kN&E6>Mgy! zwM&}N8F!utQ9EDyqL_2eLY#9J;+(S(=bRaRL0)NH|FrXT##ek}xW*a7Z+!f_%)`IZ zCocak%s{^j*>mUqP4=8~u7NX${<{x`dg$)`;C*yXWrRV&2rPk+lN*DvwFRlLJyg9OOt4FT4 zI(T#W=VIi~zyBnC{x$jfU+naMG4iK7gFSt*{(GtGr#W`Rw>@y3XaBo6LYKHPhu^vQ za%_eR`S0(CzmECj)<62-lkISw2d;~W*OX+CUpKn;?jZWuwawm(-c5S+u5#VH{8#Q7 zhsN;EJbT_=l)alF9`4Q$**}6+abMX$Wj-5$Gx{Rl^YRKggTX6TM*HA9;lL+<$tzbb zG(T*6CtaSo_KqLEOg35>@=j-SHL*^WV4bRpb*izfQ&lY~V_whLFsFZcbC5Or1Z(z1 zc{&&Dn=Omm_w~M!{B>{r=vc3ROdaRa=lpk^F%8%|j=eFMy|dczOZs@$!7nxFyNel5 z73*A0taFvK&Q--ampz{Q?D3HAV2`D~rGDDB-o+!1oHvd=zHxls8AmGqWZR^r9=(?- z{&Xw@{~SlY?sx2GFaKPKK0)#!%E^Zi+;4n#Z%h61lf6GV)^i@*kNe>MqyzVRT~DE| z1MzmBe~N!q==fL0<~Ol}VB-&etr`qD(W+VDsLofb``!~Rp||$*7H{}<@7#ZR$FV!^ zI}y5fWlJ&qBimyx&)4yMJAUmr{MtkKwTJL)cP^P)ulhTzM>y@>yP=}LF3o?v$2YcI zXKb&z^TpLC9-pekr%z^Put!{b+8FHp3Wqn2eXIN z|Bvavf_!AJT)V^v!yyNT_hS#0WWdLbgTxyXt{!W$?V_Hu>2rO%1INYa*Nf@D)7O8q zum9Tj(f>?xh5hSG_YT3nrZ$R&TrXfB$U@)RQU$i+GS*sd$h@w!tIT?T>q=wEk$aEp zO1p~wI5Aqr+8XOh>)dsvf-BBnSGt-u?>ykHD~-QBMoeD&=oJebpJ8n&-?O$fgtet4 zYfC}amdK49CA(a9zv>)n{QpUQ(8E3&jB#l2tUD*S+j073p0%b1?z#3|x6l5}w0>C% zk9yZHmqCx9Z~d~0{h1c?MfJ_xb<88}XE&19K1$c$EtltyRrWlV{p|H$GOcI+fOfs} z(Yv16>S@Qjo>{1K%#Yp}Eh0b6xoS+7mS=VIi^D)wx#Uh963-A2Bwl^-n_X6G*+@YKF2BL}%)iPccB zB*1?b|G@_3_d`c&ZEC&I>Kg$~mGkJfv+U|~=KP)n&wYbDm8pfQwWNJU_BjyRx3h}t zI)^~(Q(B|UVt;&DSUJ&l9{X73r~qIhqkrYq{{ic&aK1X$ZFZYqiNrtZ&LEXbor;fAMwe=#>$Cl zvECOVk52QxhP_@DqjW~1y+7!Cz2w!6v?j(T(%W?dp2D)9x1b zodI_Alkj=~UN72TXy>XzPw}>kt1;keIk-}t{1;vj=+5 zZA1?5i5EDyKu#H4(B^r#p#Af3QEu8nyZFD)Ql}EpiKcT56E*#8K2VJv zojpeV>y6ZoH*zo-wxULNFjrSFSF@3W+GDF6pr0TIA2M<U_^MSO2F6=k8qH;lVxA zbzuEbwzzjcxXZhR@a|WC@7QIvwtu2|@fdAuKe%h3*#3A*f5yRw_8Hc}$93?r)(0!; z!{9M?mEpHIbTIY?d~LzkW^9gLb#tKX{3qwUS!gnsvrWCvrHvc7KII#;>}rkE{qxGF zW9%b4H#{YulI85{;%vPn{2<+<{hLAN)?DV#ROoGVA#+Q6sV&Bm!`wQ|y*Bu?13r~( zcAwF^ZSY42^6C!BBIa2U^Xw#Y-~hGH+vr0&)~2T|Z=~N3Gk*`m*N5SezgWND15C6z z1D=+yZG%^Z&&6xu>wDl?r4l36lz2U>B#yaL>>^reO8NCzVUbc<< z`wqv~|K4`l%IS0vPl?A5RoF7?s~#S5`Q1NXOne`ENOof<_%(F(%$N1Fbusl5y3Kjo zDSKc1m<273e1|{g!XF{zp6Uxo=hY+krWv^xTBI`~W&gSN9yD?`9vXaBy2al;#};D!EnRncD?axfd+6u<_Q46CAl<+h?P*56?z_8w-P3*H%J ze$$_R-{IIq@bN8iWNZ6yoBxy(^MAmR*8SUuhmEW?_;Pijga3IB{;}5v=CF%@J3gD* zf9l%ThOdl%!k#wuzBrGXcyNt)5Izbk-y2)r_)L@GD|j}}SeJ3Va1wH;;*;91Xnb4o zYSwjvFVHA`ZqwA3y;-tNGF*4%k@)9U2Y&g!nd4sQHp$4j*>*qb&-fbf!UD(F_>_2UHgpJ zlrIpZef&gnU`81~QFUPC-@HyOz69f{#8!BFEHbnzD{X&&joC|R`#KXxoZI*}v{k^o z+UBthYVl*L@L4oI*#@=DEB&r@=2fk+4RWx>f{mxZqv6jcTbE!L_0_;n)RZ$mlZ)FL z$w}bppilY#FP%%ifKJ}!^}_{swd=p}UH+Tw!nNR4{+r-5@4zQ@!21$%09muX9lAYj zwIK^a#`hYyX5>LA^0Wi@(}EkiN)G%KxYb__`tPTm3gE5;?pFMH#StDon?5f5eQX8e z?;kHJ%#Y64>GAi=tw~;A<^P#&%Wr%quESf%u#bCWiN&9>2bu!*`MsPacW(H|0e{8R zIjTiAK8ddRD*px4L9FIXdh|WM^Pafwp(EwH=vmco@ydlJ#$#%mpaj3ZJcfc*}#A!o5=0E+)t{w4(OR(waYfRYaDx*83 zE3g-&D@@Jc#ptT3Mpp$FwL7}Xy=UvHpwU%R;TOd!^o-=S+H5BtDW5=ca%RNVQ|hl3 zTPsBw4H_DZg5hF-_7r4@+5>~>B!<&IiC!?y8EP=leY?nFHz zyma}&^FbfZ9#d`!u(@!=fXS9uHY_oCN__UxpLxz1ODoUoIX~QKGJu%h^c}Vgn6wo> zcb->2Y3=7)#us(vgYpoiqwoF)`pcycbhIlYloS7F=iJ!=d&BrgDgVZa5AO2E2mhB_ z@73{R)W>D?;g1hyiZ}Y{AzG};&|dO$=eKtud$gQ+V%sh$|LqU7aWVF2CU}kB^TbDG zFMT!xyeB;HhKk|k3Ct;DSJ}Dl`-7=?y)BPzdu5^76P>bGV%QO0J83DpLH3@hH#M93 zMzlMXcBj#Y?K5kSN~p2?hdhUlmkrwLd9KVnXYWJObJKpA-1ulqa-;NhYn7|7vrIjn z*0JyhGDtSD|F@&ZT>i}GJl%7{Q}(3b z(q5Q&d0>)cr|dh?XNhoDUOFiz-Gux~)3?a?|Aky{<$5`?*46QUtr$y~Hg#@MCo=r? z)xaS<(U%h=*;R)e~3wV_tX31Z?bdR;a`jO+cMUi^j)^SiP1@x!tZ*=Jp)qf1=tjO#-m3% z9iK|IZnY*6H!;$j#zJh-aJF?@jaj#{qF-jut?UW(@qn%3>S5LB40&}5zq`p(kgQhx zycm65hwe4;bmHblUsu@r`lOx%e<9-M?sKi^i7aef^V}9Yp8iXoGkz8@TQ!&4@u>0) zbdTjn8@HX?n8piR@}oQb*U(K{xHiBaL&48*aCI5D1845OtnYr-p3{CEBzyXs9$I0p zrrE1Av9!CE$7NbNmy|At2YG z@KS3}2;LdJ^PBh8-}1cSjV|(}CNErh-{{fLnctPp zzV=^c!w+6Ft?`7kUWHC_=e*(zUKrAJ5#!Z7c;vzJ<=q#ZIpNNSV`hCVWpCFghkzQK zUF^kl>psPqzeWAm*gn(kim!h%I_A^LKbT_b^k6Tr{%ZTp+t3Z>Ud5DX82uuf!Tqhc z^WQ7KhP4W-W>oZ5`pEb$c^+x+@>}mt_q@A*uy+ebrN7H>y?gt>yLN2+vu$VPAFh)> zS%yv%+(nE@>xhM3xcRO3C-A<(x5wZ35cqxGhtCG%zoh4X?jl~j1^Iu&e>!cH+y22_ z)MYPlY#Pxk=+Nt8>TO)8ztO(_Zt(Tj`5Bu({#yOL^B?KsyUf>L^ZV{Ey`G5h89?4> z9u_grW#1UuIO_ne4gY!BUA-HE-|g^x6lkL--epN}j*q@XVq&)4rJ&u;_EaNA$$K9gEswD~E0{O=Xt_rDK( zziWT!%)#h8@xP)!^z&f-jeZ~f+50_H@>P3Mu#Nl1z`L>=s?mvC$stVD3$ydPx=tFK z?l$P(SAjljgXSyvTn@ii@?RiZ4q4O4b6be{ndiWjd5%xj4pU5A&s8`&MK<_%cs`3y z=@_p(bM=RKFpdu>-&Z{Nich}T{*#YC$Wt1aAMmo)=v5b4wI$!voPZDgw)%b#4BmKA zJ9FT7z-0CpxbxYw|HfYr;(fzA2;aH$#t-jP|F_{Cgl`9fcfnr?-fojmlH!Ll{MOmj zqEVf_@)7%AFDq=?RBZ)Lm)*!ZDBtV&oJahiBlz{*hpg=8tBVh9+Q-%=15-Gk1aHH0(nuU&R{Lp5th2l=h@ z97~p!MfA)Rp4pD9KgPRtHHSA$<=w|=W9PaY)5b|^#Ho#+Em0fU5w(%UoH|Ti@y;5% zjeR_$HZ%s!8+{fp3q{IkqpY}TQz@|SugQye_0RwO*13)BY28&;b49e2IgWk7KmI)5 zWrzOhJMR4tWxW4;?z?uu0R5Pk?|dpXFEuANJ9E?GFR!rTBm2o!dgprT#%<4!RtCdo z3%SPHwS6r()LgR)D?c(<@_>7;T-Z-sFtESkBj(+vV04aocg{yx1F+v6Yqw|RReq!* zr)ItIAo(E}1J*;|8FS`qC$d;C3!fSOTG8>+^+knu?bf|QYyNlCww|>=1*!cfc*F3> z#lRZ|o{NFC(t%a+xI)W{c;Th3NLK&w*Ji&w;s@VF{{DaLy?cCB)tUdl&n3wT7r{!a zElLs+E>Syby^z$-88U+TzCUa4o$MR}L8rezzOUEtdWF5u-fKVWSsilQtN6^QQ_n#w;q?mjsI0*)dw8q_dZ^yMXN~E7&x%iv`oU|I_fH;m$dnHR%{xP* z(O({y2|WtWjEY$Yl^3}1JEEarWm<*nEQdb&?fT=#Onj(cpTsAPy?}kt%h%;R^U9p? z&cT<@gr>rC33J=#o2t}4zR%|yYjVjr3;Fhen=fz9IKMUbJEmMwS}aOCqm$>1%f2Ey zZeA!lZh2^)Wa8kX(UjN%-kJMAN^Bwb+pd_NVSd*;zptET|1L_k-@Cu7?DwW@c1o<2 zZ=bnxhFvz0YX8ohp3xDSKdySrw2YL|_mA5Ojkb&~w98}%P2KxKbH_!mn3_@l_?(P6 z;BDi@S{vYntD_lSS~z?<_^89X0HuNmZ*0ZzBiJg-Vk!$k( z`}w1~bbhxFyro;>mFR0h*8#Bc{Z>-0nLgF$(mar6bS)eV55V8WqxT-8?`OUHkE~8w z@1nAdai0S2S=R2Ko$Sbq&szK);h+9{?Q&;l-ma8)d z#=8YSlk+(I$WNI2=8svk!?Zh-t7O&3xks6z!xi{6ldQ9n%Pj1YzT1L+jg*XrOUC^S zT5KdXPAuiD!N-lM1{|I^zg2cGWi#<{S}2=|y|JV_lkeEo$3LfRAKxAQ^uo1eHQmTd z3HVi$lV+Y_7v~{EnVIv(wR5I%33%G}ao)HNXl>~^cnkj=;Sc{WR8Mmf{^2WVe|XL~ z^5F->jswVx@YsXC2S+a%SE+mYQsRAQGxtDO_&Pj^uO-w^9O>)~aGAip@Hj`7-Pi-= zO#6!5HkXW>>F}Y1cDeP-js)RlR^GgEmDmPyGS4!9b2c0<8TXs_OzzOxtWe3g7VxPd zriD*kZy5S%Ix{#~SnMsx|&9uY1XX`h@XU%pKRt*IIQp4HP{7f zUxM{Q3%?WCgB<~v5_mA&_7M&~>ex!j?bOFhGKy$V2>4Y$iH@6toMpQ-P=QGoJgF`z$T?WuE;!|4ZY(pT1z++aLY%xbNpZFz)UAdE>6uW=tr%zvQpYz!SyAs8++@>xpQ*dtL#2W=O%rLxGrnv@)ubC zLpp2y=ozbgGWM&EGb>(~j*bZDukgG(a2{BZ(3g*F9rMtU2xE!pn6Dj~Yx(00|0$(w@v92~JWF6A^ zV(M%9bkp${CI5Xg={&0jR-F~-?gozZJ{LVrDV>+MHTbo44ZycJ_oWWlRlqKwTpRk^ zqIf4U(1;ai%HfZ-K~3||EXO2rRt@uQzoOq!9$_~2L@_PF-;=E4PW?tdoO|K?QD~+4 zxZb}XTt{*}bkjKc1!(8eOL2?A=rx`;`b+2L6+84A5501d*GHrcU``32)C`;UOT~_lWIwOMb2HMki&o+Fh!Wvt)9a$J_ zZ8$uaJxPjzr9Pz|*;I`4-QK#pRAw@CE1)mg0e$Bzxnq4+*P}Lk)#a(9uf7oVCE0tO zk)#;noF#Xy&w7hmG9r@A@293p+2nepeD7 zOddlva|ZC^Q4c>%OfQV)<&+H%8%4J^Ycb+I+S1H`(5j|!uS5V?if(lfV!!#uWopsT=#&!+Tm&HAUu7-V~>*KLGsTu zjtcOn@fWs)HDCU2jjMCf#UM7S1D-TsM_SQ|2=6ES4QmbX;r4%y93lL)KLFo-wgo$_ z{g02n94O!9ly}P=qudJoy#3gf0xPW>=hVP+-zzRredW|6)%bw!vo7GZW0%M+$!EL? zZt30HlZErJ^H>jHe7`y?y=*S9I2hU?2@u6ybzdC%s zMNWD3OGnYkF!C}LnNWGnAtjfe>6Cv7++PGw**LHLQUCC;^0m1BgSn>1A2e5gyqv4X zX#@C${%yFs-yTZ;o(8V^TK#kTkN@S@|9|`%?(i$!;a8f&uaqQy$yQ$P;nla`lgppn zLB=~;_mP!p9l{PaMb1>Lk8m!xC7I_OZ}~>#dhKScy&GR8UcATm)s4&tNC%~VI$yom z@^!z4{&FEZe z_i*xA+;LXFjz#m@oN<<`V+Sbb>R1>0Q-O}vbJba_&Fm+nbG+qyX+BbZAM0BVMbWJa zbW8Dr26Sp;Pw(uA(J6oT0lt;L6QNv$a>bO}!5NV1r@VUfKmDET7bxZsQw|jLc+y5YKVHLiFui=?u7P^F{D1lV{}jJJ?C|?Chu@bv{2rCWZ|U_XJ-jBKevbX!ap}4K zXd&~5=x}~{Y>$*R(T0}UHrUNPVC%V(dTt-^hXh^s+M^5A@YCiGwz9@Tj-kJ zsqYbtrRYX0ztsn)=~#`t%57C##Y!pL!@i%gWyWq%ZYlHW(z9%E2{2DmVlDiR^s;Yk z(}$PxBK`5L%3Gozt>?Lh0LGGnc}(a;ilRbRitv_<@@Yc4|n4g$f z%6q+sBO903R>H3^IG>BJ*6;=6j~IMY;}3K7+7rpw=Fj%qlCnYMYmr&o*&i=cPEbZk z>LbEoB=pTj&MJ_vIp8Om2|?Eie|Ad)Tews9l%!K(!0khuY&fy?N)h6 zSAI)2gOq#OvR+7is<21%-1?@SZ?q?--qlr(I5muNx{jx>OfAjH({ssMaILRL@-A4F zv`60sUmlTf%Z|=w4evT)Xg08qP#aW6*O$pdpU=7k!3-0yf={IvU{G)(wf*&FH5Oer*Z{Hu#{K+1rPA(mCnhE6Pi9?q4$Zire_(4bF4l zJkICwJm1Z|SMJ^Q3vHk2mwoxS$@|Ti^%FU=uLJXsHO~Jy^yNIG{9gDYKDahe^3N$i zeb2-b;sImiKS}&treD+gQ)NZG>#J_EoDqoX+1c{)Y26g1?dc zUBcfe^V^mI*pr9RzXyl^ zf#^EPVL3u=Ak ztGEi@YtSt8_qHt_e(CTU!IZAN4Gb67tH9cxZrxJgv%b3h(lxc|fBO0n!Jh0}RlAz| zT;Jow@fdUBtLnM~+cXRs%z`(w;LXpl;dQ=YWqZ-#+YGHzx<8E#%B61}Ryseg_&K}1 zv*3LPG?A>Be)I)fPHy8lJTN+}cLnq((&1y+BlA77AssI6uyt5A^z*c#IWXMpy=0$r zKMMY(#ntZ`f7RjL#gtK7MH5{&K~MJ^!P6c_g6Y;V80?|Sg?#Bv6~2t_(4}>?-{VYB z(Xbx+D0e?mVdcO5sFmOLu$AA%SihT?pLBU+y7iRB9Jt9>f0((HiZJil!<)F@+mD9x zhpYYEE8nh__ia3Dr;PID2BU%22Do@?96oq^+;|HO}wVT)p;7{r2;B_S>$1V=mGi@2$RkpuO_b@4Q6(+mAgh{#EeQv&d-ixVzPrjvWl;lf#=lwl_oG#IAU#6YErku4&xp3((6wCL*t+!6U zn9aH**2v`7{n9Fj?xv15@ae0EI#y6u1O2I6kK#^>8#hvy@==OtQx5IJ&xxtrNZ@Eq z7wh8=6EC+tMz-ztyTM%XTDU+*!P?8Mhb>WiAX0>=yab}Dd%pVlF0 z{jB6s@QQ(@akADXy-dzhvQE7H*Zn&2Db?%w=junUi5K_#v-O{2y)5g^qqIFpexq=! z0+%ArEc98???lKmP(Di*YZJ%QzT&m?3+Pb6z1FEG;0t+=Ya^AzV@1$sDljtd)m(?w zy_$KIWs6JBWRat=m%dp(fLoS1__dD)((PO*@-6UBl{2vR(Y9fIxrnduER&psWPeNb zM5w0#x$uKWWbvFcnbeW&hmF4%KMWitgKoXsPrj&}GP8as5dT~5_3WM`p0!4?``EIj9=^3k!};HYcNgSW<)riQE8F2$RzJVg zkBeWEJ^W(N&^~@m9>A}kWQE3$E5wiL;}>NOZ+_?(Z+;ri%nE94ocsM?b?aGjJ<$E z>sdEfua3F=`tSw#m2Sq11O4Uc$gKK_bf=$~L_aYT9iPOxo3m&idqvcU-cfRRWJ4Os z9lkx?irt^nR9oTmovNYyHNCyhms#OmN9iM?msSx&u*NJPR?!$Nit|lu+DI!_mb0(+ zDEhmA@)OzLBe_fkb8oBBtBLeYvQxmEy&xD~S9T_HBpTw+N{z3;7pov9unD~>!dH9? zyr0Oj?Ls|p$65D9V@G3QzW6S>bW=w2eOg1hhc$IpWlBu;az&QipU9t(oOpc+$w<`kC8GEeQK#<_ zZC`eL3H4F(CH7gv*WgdY=UJKyvc6h1x~g^yw!Io#q4DTmXg|lAG%j<`_yPH8iuDZe zX}$R+_!8~#q@&Tw@7!axv{A)-Bb3 z>y`x18kmdfV%(**$erk=`akuJ;-kLXOgkgAGlO|?E3AAr`LV27hSqlM`VzA*3-mZx zeQ%z|y4(z37jzKj7ewF}=75x51uk?;y$6`QD$b(w;Y$ zIP0$iX8m<lrM_tmrP0qd%_*7<3pLXh$p2_a`(X%#w|2w%Cu1-}U@8%wzl70o9eFNs9 zQvq~JHqehw9pIb2X5DED>%QS5x^5x6$^3L}ME;)v&u3jcOLAjGXPxp&=uZaV znj~{Bj-!Xhv2RW7GUzcFEvsxC4_5c%c(8g19RIN&$DLW&97E3}9Hld^9C&3^diDuy zny#&kg|Fk@+aJnzx$BO8dl2yWoJRi}ZT+7q{clXt|D))C8~Xp>z#ogg9Yz1!(0}B$ zV+wm`q5t!w|2&iaZ$F>@^BwwsFoF-8f$sL{{uFngqCVZot zf?gQiN2ksHTN#D<#4K#xA6sbaKKa^ae;4UKbZn(eA!Us2llz=Wj;gKu_=?~#fUb=; zF6VpRL3yM5=lSkrBf4Ldr29wEeM2LE_YCPiWm=$#bpK9hYjmGy=>EYhXmktqRXjXL z_iyae{hjJ}=dqU8)9vyTk(fxt)N}U6ApWkng>wvx=RDbH|6uG4r)~VO{27T(6 z)f=Vz%ts{g6TLEce)7+N=W{Ne??bOPDvtx-e*muM!ST{R1CG@n0LO{DRQ~G`r zcEi>C8@Nx_``Nem>wSu6ys|oJza%%tLhSu1?b(;XxUHG7zK{KfUWU)r*rWpdlNO$7 z?}Xb}*O-dT?8C0@r;m6QpQx9yS_%G(e0c`7#J$K#$6r+Z!p1Qazv9r@rvt1VF#B{| z&VFYOY!{Z+FKFy695nZG&U;{I;uE-XwdD`zk$=7)RQ|CU1LU9Imwy1B4Rd%V{{=r0 z8BZB-E`vQr85o~7&)APQ%ep1j%Kn#;%B5Pe!^ZSY`tyA(JYp{=&>pwbkf-A7OcAw$QU3&dT>U%AzKE-zwmN5N8z;Evl3Ge?H z2oCfQSK<$_?pgaQYp)jVt0Nhl9}LuNJ#$;lX4Xb%zc9(K#eO$dU{(;I^Q>HeR%C>JSMy4; z`__l8r#5qypDn*zcs@@TXfD`}i5FZFctBD8e_a z!k=kjUAvEcHsl*>?YjJsJIUE`_3c%@Z^71M7vxtC>|5w(`ObW+@7nks=G*pLd5#~N z^o!cnd_UX=L@CJJ$ zT7Ni6rWIq=80Z;?_O5)J`Lm0p_m(l%Q{#z~dFkE4JbBjRAC3J0o+s0L$p@hKAIPO} z>3#qEq<1^tUJSk8q};{Q`xlhG7<%uXInZWZh~BxM7%1P8?WH5F=b2+V)Ue7rwH-UA z@p>mR-GMA!jXb`@`B^E%tQ(l8ox{A0ay4#OZUs4wTbZL)-bBMHpP7eFAwDt@Sc(&m z z>5R9%{*P>gm!B#pTC1#JxZnSdKI1~)xiZ>#>g?0{*4PB?NkrYUAsP1A^IRL@9eZLU zrXXL&|9l^Q-PL?^A>5ePi5+L&@hEfDA7{<$cbTJpi{F~-+628ByS<>f-)`p0{)9ca zpSiFnm?LeNV3nsMCuPi;-p}v4<-YQ4=11#}`O3Rkn|lA>`3}|a{0YgLZ+O{E)`=GT z(z^Z3InR15xIypAe8XyreZ#x)rDj)H!@DH~G(i-v$@I_aSfJu<={#j?I&G2>RjMOo>?o@jK}1 zg3I5fpGQBOJ-JN$Kz(MCK0IjSx6>0pV4vL!kH;1af!_}1hmPY5{E@ZG7W37|>D!x; zefeSjBzxet<@J*T^!fv}CHw)}a^nzfsb4k7J{>hrIdac&VF2V z$Jq2y_B6-83Tj@Id>J2hAV=}x0CSnxed5d5{S@}2SDp&CoBWv;bbPQfvj6hO)OU5V ze|H;xapzI3J4qqt8I1oGww1Ai##U?Hu~i|lliTnIr{NE#{Vi((tX%E$-*XIKwE;V( zv6b?4J_2m{8S<+Y7qwxg68lMy?|I!GUzxML@T=uxyLGrQopF_^*L|kB>Fl6#9)jJ4 z%#EmTn~INDjl61ae0=8JTk*%X65HSU_=MPPj-Q8*y)(-1edH*0;OE_j4I^e~;`wd( zb>ugjSjkky8TlG#}AHA6ie&r}{e0!ESZtdh3a!tM6+$ z8qQxzTvX%K&Dh>ej0ttWh&eP@ey>7)TWE*VFYU|%PxVVJ;Hk0UIl2gb19Xw!Yrzv+ zyVDaJA!q!;x>&_GW}Lu$IySe@X7sOhu-jTd{ND;zzBxb#9Xhyecx{P#YP|hp_7@!N`7WMk zFm6pAOUR}Krk`t5exI~I`f6f&$?FsMrdiJy+`)Qs^072_mCh3T$XDK}bXobRK4f<= z`=RxBb3C$qpP}#9jVv$K`0ixDmSv5P2BR_deSj?U`*-Bx7+HQFG(N~TgVMOsjw84> zPJM{%;+5E@2)>}~$yRKfYkOo@_F_-lS$F5PE3y?^uq#!xDN37)9J}KF-bww&PjTvt z;1j9*8>){v=b>F9aI{s3~D^?EqQR-pLH2Wxdzw*1syjhwVgV2?oXX^a`~M@EUDelX<)u{zkRS}*OVt;)5uqq6BlFr^agzM+5+*w z@8LnchX<}dp}Z(>{%voCe}~Rdv-QFnvvrRZ>!glXO2_9(hUEh+CEu<7Ti-fd^{w6S zRDJ8${PnyuZ^_;b)n|&1EGI{ALNKMNxWqb@jV%8KG|V8+n{N+^zQNM$yZ||K*ymWl zc|P8E`bCxZLtnjXr@m_RqJo_9Dqtukt2{eDxyovv_@Zz1te8Ic1hgvxzRJS~*6u~~ zMB`?@jWAxy;5$RBfD?CtRz7l=YoM3_spTEJ+^DP=YH8BG=1*2e!2dhLsOTY ztJ(9%8{ZTiB~zMrnMa!?Khr|~nytaqn$76F=J%)O>?QxzcS>{ZTiAH?^FDp2w5~vHsv;l7LDYK zc$DF5isAPN&waYNx8)#}`>C{N8SN3B#2fJi`}O=baB}743^_WdH(gu zhdH~jKR+&dFa1a5C9!$<%29k~^*62LCFg`#FEk?9G>>N~@J2Lzm3`yqsvPlZ^;v%L z6daG@KVA);wNB_X7JZ*h03&7LWF0MgJp~X>K%Cy-)J8`YFfNLaQekm_=|iT z+K1eTC*t{5E45}DdcFcZUxA*lK+pFtd1XTaJ?{#oA;Te)|5yxeIK;E(l9MNUk%FyI z&gF9WDjzrnzG^*)?zNwH2eI;3kd8bs8KX-i?`l>evt=n z4*WHEyYfCWsedmFo_CYxl+MYk_@z~@^#(b}bg|=i`Cq;xzm+}m z)i&knjz?zAI#Ogc!nhXuU)D-rm;!HYTTA>BIIUCaYUe7ql=6zBiq?_=T~*d=KR-}k z;^Dn`eww@`)g{{dX^Yl-RNx!TmHyElKYJbUJ|-L_zgelsBzr%!Ah&v^^*H7|GAW-x zzP{kL0ykMsMtbNinydud=sEsoV=$#g zW7=Z;8`){~JEHq{>2HF3E4=6NO%=9KWol^49BhU7r{CJUE=XIIi!HuQpnNelNd9s% z-$WZ9WwYQLb0q8FXPNd96fbAE4;4mOxmfvl1X1mO#`%9#C`OwB}W=d zqo?NqV*xO#tn``!U!Xhq%~iE4GsEk8`DP9@ARqDvSzPyFcN^$i55OBYpI7*{vu2`= z*vIlS6-Tz^Sh1B(er2bzz2U=IR!UPg?XJrVzaxLKkz7jUST0S1(+EAut>ldKe>_r$ zp0q>PEcOVkW1OB9Tv|Ji{P3u9Fh^I{qFaaRPG_jk9e_)ey~O6Qr)aiSxT~1&=8Rs- z9(Db+_2PXFKmOp?9;H9E`9U645SWEc-^~Chj(c`NQ;LjtB2yrQ}%bge0P4n zOfq@9=kVp9F2I+k2IEUVoPNIit%onZ3-Bf2@TDI{^j`S#Me${hhcEp!cJqy0JrQs8 z&$YklroZ@T-`R+*%*!+vkP|zd>vh&y_GyY$;Cr{@_eS?r*Xk@_&Qmz3`EKc@*73a3 z)j#h|j@;R{g2H^xhUw|JG2BB;uW!y<KW}4h|1bPcHQMv{>AA}9N}9i~<9ww`dwxp!Wh1SLx!9M zt$sc)rn$16dPe+!XFID;`plZUzTceP#s1Yb9d}#U)RgYc*b8&c&x48!Yt5i?OVAoRNvo;_-DHipmab)~qf_|~o5xktl2EqAMoo3Cci>u2~gx_^(I zDB$`Pf2{WVto?h=_hjua@GTR*(KQdyKlHBll~)qm?PYCb3HG9Q4(qMJuOo0tybB+$ zGcYoKjC$-GWzKEwJLB7~V=eihqd%V)8|@G0kG_H&QF!+IU-G>S+QF+C)^?bCRf72dc z>-UrNAKJG@?|Z*(ukBR%2mIBwdarlwfl;h|vA@@Ety%0OFCu|%oFMM49E;vw&ipL4 zdgjpA^-i!(UCXt-o-;fvc#qC7RwXyX>UkM?YNg+3ZVNC*9tllG#jDb+r`mt0y~Z-S zo9o~MJZpUhzC~}#Z-*zH4?}D8=mfFj-~Xa8U-f4S-e#13b>DZ+{(orDt?&EFc`UZuRYuHRXK#eb_yNsL|%{+Yej2dn-n8ChEu?%-`BH z2|RiMnxw|r&;6u$FNwIJx(V&DCiQH|0*$aGn}E zr!rgi*44UY#;6SO7WKC(^ZO?$=ewjSxt!#u?w@TraldV+yyT$oH~dScq4;y+nY!AJ z3g}n`-&W#7@ZB-$IbJn2zZ>~^%jm*Lt zdfRsSy4WVg<~Lp$dwAu!^GVI*uC>)$=KSW44A~IY{}lF*E0mMfOs-m6J?lBgV#65+ z5breWflf7!H2G39nMe6!o338Q3;_IIvU-?9Wzaxb`C%U-;^TgY}p1%UVp>O8>ZPYn8R_3qSO1)6>OYMB z_5B`c`mZ+W8+pE+TY*_n4bYi*Qz^t1qMa za@PjrSD_aj&#=~n_+|p#=wfa|`msAaP(Mum5BkyZ3~Nr%kpw!@l})~f$47Dfs{N!@-+9S?XH+dS!>Z{O3vb#rDe(yo{W$;5`Z(@E%-&T<0q4?+tU^H;A z@nMJgJ}oYPUH29E`zJUn@3~8BYE{=I*w>?%T0gi?_>miL`bgg;-6NzU{64W~dF}5# zILaQ^q}#Df**+V`k@1De_%RpU&9`N~kXf%@hFrYmfn&FEL|+@f?;qH{9CD*HK3xWl zTIiqODhlL#_xHm-lF$0d*f%?!{RZh*-zqA~uMZM~W&9n$Kf2$$$Dre*dT|&??|xh! zPr}8Gf0(^4s<5{!kuCD~ys~v{5`5M^CzboudwZPrtI~{2H5LO!#MA8VSt>^Ku>dVpl2R_9WlU|&WREY zPe8*IVg`!)66b4Lk;}Z-lGF{X`Rkd+@0ILx(aCSc6eTmZoPEsbRZBF`bFz^$bc;Ub ztP`@&+U>nN&@-M`f%Y9JlFg-z);V_cU^~l-Y`ed(h_fpLO>?jndOu5jg8L4e>#mKi zVhr3KEy8zVZk+nt_)f6`T{|w*Tzg9Q9G))+j^tCcdxd-A28Xl``(&FHYmJT^h~JC8 zp3UHA`UBoKICv39GH3R&R=$aMhnjhpBfN@>dNii-@u#_qzPNj%O$UoMw%u98+$j5} zLQB@h)!YU>6(@LtJoU~W7WS}at|pt9Q0MmxdlaXA9h@tOd5ve@wUc`G5qFgyb}~n_ zh4t-qylW*!Je|E=^gO}yuG@>qYY&;&ZieDz*qmd~E_YFhDRYc6$MM(AzSh>TvP$ac zgm&t~)HmsVA2|omCe{re6~rpqnD-L=0ByU5Z@3Wy=Eg3e z9QzsETsok#3$Jn^m)>Ik!EQKhcbt^HOq ziQUo0e8oBREDY}@3t?h+CN_$#_R;tLft((1T`F6Ie8~ThO$PQM@w1itsih@-b5_y! zdS568mg*9m7U1Z5R5?Np?BAMud(Pt5+-DHS8eo&qbJ-hz!MT0gDc9etvd`{84c&VMC z_?zv-0&WcVv=>0X+wtuw+e$kEz=!UK6hoEoExII-6Scv`U*EOT9?__oZ)?HTrHA@h zjf2mvH!c2C>J(26J@{5U9WFXBo>f~C&_n#&H@dF&DA)a4R=k;*V)d*tv<`Kn-^^8I zbZg8m9(E2&ce{O?scSOdb%19B-?;otOu;YW+Xb{|>&_LmDe$zHeC7L)jUa2=)yG9> z!@2l};!g;FdEQ;;ZAVtUF$ogISRqs$~@R|=E0UT54N0n zu#P3SZRjAbyY)=b`fcp7#XM@0>J-m9XphE4gVp_Ir*5^U6P|TJzj`w-YS;gYQ~!0; zA7st_{Fd6o^T&MeovqXNzSHrwKlas|JTKR|WZDMy38`WJZ2bZ3?yMUt56^roeQfSy zcO1!0Pp>%;OmEu9yqb$=s|U|x6~qJ2(W6kjNVu~8-izz8io*Q*Gt<^bJvdL;Ytzi& zK46bzzwsB;ho!-vEcn=tEV6#Ty9Pe3F!GSv?Z?ix-wM6Zi*xai9B}41xJ;zHk@Z_` zop$9|^Cb!7`?FlNf9h89o-Fzk!CJ@tIkr*$8a{&deCf=jAT8!-xCrYcck9 zCF5pns@CF|nA4-+Pyr6u+-#3+ohuoR4sKh2)8^RLC^l)OO%vHw*-P2f_B(-(&6VC< z3%&7`(2JCA1M?hyi_R(WeZZU`KH--OrtGflWg##-AJzUn%A?P|j%DE8dH4DFnG%1NdJHeAr}J*?5V$r|UUo}1tHZ=RWw%n|yWwFQWrR}) zcB&P-C0|f-wUB%Q%~NSkxs$dQV`F6lw(+cv`&Q<%wC<<_TjBN*@<|2P9&e<^SA&aW zs{>uM*T*oPlzl;-L<8AQ;iNv})4<+BS?RjyC|y5SW>ex1IlPhX2!`EPOvsZjsay=r z3ERGbts}BuUj6tuaeMJjXS>`c|Iwkn{08+m31}}~ezPAwxxL$M3> zA0310x2;#RoVF{sRDDPX`Yn8aOWPF_)qJj-r`td-k?8h1*Y~Sa@iy}{b<{0g z(m!{+ZOt$dh|wpezBF--739-H|@x!9Y;@t=Y4T>Gfo^%+f}{=9 zn4=4s4*1fVqW;q_y1vb3@NT~bSin11uEevn`0s!zytPiP{hDx3slhkL9xuSN3iQ2$ z*hvdz?KM8(T~~syEpK+LV1TcfWDmuwhlb$QKYMuN@`uSQGafx~^SS`4qm(*g{sT!RhYn!T1B6k!Tg5CF*{fbl>5_<#DtT%Kg*gVY;aexwYxn#kl%?dk*|0R zTi1ci$zICljmI{$e8H8s0rNJjvG`={0r;k}@`c;5+3ndyz(N*~KjJRCk73*5@N$^r z8|z+n@VoTE#jMBC_@o1UcIBd-*bO$#z?NR#1N>_!>%#6pp9h2A4UD(26(g{nS{Hyl z%YW{^@u^pBLMvk*E;r{s6{*PZ66dw4w0kx8}5_zSel+oo=C z`5EmQQF=`t`I2KKqskv}VH?^xeUfCnzg@%QS+2Z0G#d)OZ0yhA-F$<0im?T1b3g7W z1K_7Sd~x|9yhVHAypkN!1hS!AD(P=%7-Ily75Q-2&XfRj!_V(5vYSmgBEp$miR4W@VGfFD55T zviOqvU+_u{ii6$PH-X0l;L4|#FPZ?4M&sAz;0p(9+PR;HY?RZM-i@P9T}@1Jx%Oki zCtZL~x^4R2cRKM&_br)je9!Ip$gA*?SK%YC!bd)~WX6VLwX=5B-k5!_6)XQWO&`Ri|)^p-C@rn z^gNq)>_*z!T< z3vPAB0&f4P_1fCo*1JAFdgq;_|(UZis@JSK*rcw!hmYx_PiZSo4`E4llMs_*RzSXZY^;LL396N(jB z)|x8%P}T&m3;BFa`yAgu`KQEF%CfOzh5S+1Ek5VEjTi}dmvyGq)sCbt)uFk#RO(i| zvn!BxHG4C!%LSg-Psku%sWolWE$b%b$l-%u9br!oa$4}+QseE&C&^|{X^*UJtY=GP zA@Fz%SenD!a$;Y#e`O6=iE?BVt$ z`!|HnMvkOoQyMtOrV?5H5#QN;!*#Kx+LNl}s+g~m_4uY=cb;Wl6+2Ur^sM>H*njb? z&kw)M+HK|{kX!k0L03jE3-g@zA*0&gQ?jUku0L&`Z_vMj^P|xL{<~5J#0aC zy|Q>BU_G@|vN(zH(QIUqeK;kHZSboeS(J=+1X7xU@K|%FZLGN)Ocql(EB+$ou=@gX z*ey96;mD!pHzkJ}EohRT;rix<$gHu}@#{PBgXLFpoYT>6zuzgzHO&RRn*66mMa70l&64cN*P z=l&KwPjH_YQG|bo9i%Sx2SvP7->7;5*qqJi@iO#y8G5`7J&sUMA@v9^?GK`HLfWF7 zJngAlfWOwpJjM7kB}e9xyE%SI;gQDaOAohw?fG}+Vvi$d<{w$k+}iXdDPt#LQxe!J z*|2QJBgwJ8`X!AU=AOCjNR`T02R68H^nHSPtS;)$$O@cde+l+G3bX%YxMvMEwR@s< zuq@pdD_vBYS6~h6Ud^2F^b zVk*Uy*BVvkQw{|wpF;TruoEF)td%@s&CSiEt(#fXhmR8(M&nCjRSE2a<_%MsB;%pNcf178F71*!t z(3*7Co8N8qbm41gjA7=vZ^TC5*>CTso(*o$o=VHl+_k;~`@I=>TK8SUnQ>)HC&jeC zgz~DJ(dia)8p6!4H{VJh_8aW|jbUo#*jE4wrzB?3R2e<$Ak(+UVx0IDG2sYn|W3 zotnDfo4coPE_}NWzR%)X!?ld-GhF3Up1+3S|| z!il@XJ>Mrz(yRB*{I8z94WEy4HbY|cleL-nVw_>I?&tEIvh4g<$xMcCME6|UE}TXI z7hiRDDX=ntrL!Z{@6q3xe$V~>$qDxNzvug-^m|>@xdL1`OYC?d-+!8Woe@#VwGKGy z7lpIv+I*+_M4ja@+}M200m!$y3%YgkZa@B67ky%4#;PXyk^5a+;Ls16aE`_BcmZ?F z_n|X!Z1@^%_!?~Z8f^IR$6nh|hA(!1`tTaHP5q$imMu%%ZRUhsQjAU{b%lY>LMoIeuV^ zGykjcNUrIRuj;csT1TYz>u(Z$Qs{?I9bWbC+uoVn)$~s2FHXIa_Sk;>hc6yU4}a_M z%m<%&r=>c5!z{`TgPya_e(^|Tb^3-fefL-szU~)~1fEFW5DHp1G1p(V3Z83S{Y2uZ ze+L~3@Znp6D{HIaKlZLH;qYI5^w^D$-}SG%>%UrTjV)6jehiw45638z>q}YFifptY z5B8Z8>Et3mw(Ch`qZQw8x_tK>D>faO&^LNV-R7Nm90rG}^euJR*pDL{h4eSKVJ9n* zBVq*Ix%7EkocZ{T$c0;0XO5`cG|C_4+tvKu%KUT#ebOBIIef1}Qw5v)%{}!`bzo~R z|2pP{8SB{P*rVcQm1m!ccJ}G0X6~0Y-y({K3CM;rY`BC^jmfWG=akb;P zZlA~cA?S6IckZ0mzj6Od{&E@nucqJcG&y5w@z==3NCbvm?Zz_F9!rCl(IdxL%QrJ6 zz3DaZ84kW9Xk&$MSa*oFPk>%&Jd>}GP8-w*ZKtgXE43+&HcX=bNTUt1d;8CDjT={p$>IJ~Hd*lA`(CVb~ z-l`ZYN*-m~wrw{FIFOh>kcAzS#YJ6)fZ{-Jv=x;0}_c3xz$ z?ME&Hc8Id_aqmM;=PsJd`LDyeUuBOf<(#&Fr|Y8%mk8~Q?6L4Ov+Z?v$kkxHv-2Z@ z@lc;!h2kmZ-u4~+=3Y4ztZz^*4K_!9;u-GyWKU!7%Q$(}*3=i`R|BQa-XCB>>j=Am2 zWnH;2KInt$; zOzTkPZyTYFJ2z|FSnIcok7V(#k2a0=^8vIe85djc(k6}AwTCvFM4L4H8HYAMg*Gld zR@2vb_g^5#@RVd-x`_6#a@rr@dNJ+KkQ_WC-?N_%@0U~wHa2o1)2Xwc}Pfy@6zX8(}{*PPI4GKD+X7Lo!pFU z={$rs#%P)^_s(J4^8LwJ;cv**z}IeLtfSayD{;GK#(P0>6BM^nPNM9|owUFCM&z8a zQY${Mk(WkW#$=B~WBJ#QKu_Se8bYFsk)EcdqDk^jMcpRINEO8xxhwwxWf zX`p_Y{Qb)Z-!FCM2cY-li=g**hu(pUptnnFLwDm7*?9>ry*u8#IC}pv))~_j)&(cOl+|7DdgwR^;gza3=#dg*|{eDAT|Qhcwj1f_N`pw>ZbD3l&9wA6}UMp$jU+G6ntK?@&)vA zEIu>7ax3MP1DZ|W&<G7qk z*?5NgZtA^nQEpz8SciC43eWE2teRr@)e4@Bp$}aHPs-rQeT(kPD@gI3B7b`JNb#L_ z$^2S|oVfgY3Yl$&C&F`;Q?KrqoBLq~hZWqvw&)sUM(2XERtDQ#PrtH|F>WdI;HAui zZ)YC7i+ON+Y<%01)%d$tKasX!7Wpi<bA?>vP0rzq_a`uMS)lU;RC8 zY+7_}Ua`tyKWfm8IBlumeKuz&PoymivF-GICf?gh{fs>i9haN}Ylh;ylzj<$h+d`8 zOMON*wCbfVkd0pj%<05>GgJ;5EL=3%$Yd9Ot@2-#J1O5*?Z3^m-;Re)^U$Th+}r+d z*xZwwLHT@h&z_vv?N6Hf5$5@gP8mJFiF;dSP27U@i{oO`9~nGuA-mquh!5?Y3G~?; z2e;!$ha@n((U-;MFy1NQ|W6Snp@6ySKRxU#^<1{~XlTT^4jeR^FyVQy--6*=zKb^N8 z;;i?vPJY(vPsC>V!jB9qoxC_i&hve=Vb)bsk9?Q)@@3>+Nv}o2Wz=>2Veg!O$Wvc> z{BoC$=c!XU6vrPf%y;1qE6vSIM?Xz{6*bdj9wa0e@ z{n_@r{rQuO9;BHZwzl<*9g$V(VTbe(A4qY$WWA`TP5RFGp6e@jx8EJ1e4){=AUdHo zjI}o0Rbh=SYeU{k^TLPT?X9|NtbgNIGmzDpJge`mW1c@Po&&8#pFSEQ+p0IY&J_+F z4PU8G>jwMjX#27Q@A`Jvo>3uiKF<4Mv08TpIAbz8ydV$4}@S8^~8Z-=m()RBKA}*rNPO z{2!Hn7h55o+>hP3?Ow(y)`-|9Vim+ndnAMM9hk=&qq4KW*UOi|@X1QTXF2;O$|f#1 z{Iqk;y=#H`^}@~$fH*y}?HMk_cix|K4(b@@rYQ28DB6BSpo$06h4icG7#5}T#xg*zMzKgh&p_^##(tj|W_@WC7S?z&mAqxAwZZl=w8@dUZvnZ-hWThna}jYy7VIP`F%2s z#r-h)`WeS2nKdD!brwi!oIdu&0`@dwo%pT^*DtSK0ZkV!39s*%Ob!$L*vh@jC#?t3 ze7>J?kbFX|1M#i_f#*9lcC>k(8b1I|6M?5SAZ?OO`GoMQnSRQPgYVso!eOoC?HnBN zr!R!Vb{B^!cAw+LL3;&0huluI{7ut>D{3-m+iLXqnZ*khmww95&DK1{OSC~}Vkm~B zy$p+)%bWG@y|XpmSwOk1i{~zGuu{u5{af$sYQ_xG0mVYo$(6J3Q{$=J%a#n)$6tGW zl3$b!-8_9fb7y^XOKv>GoY#YW_Qt>My|v{ZvWAuZls%-L*Irr8#J48BiJv}7exSd5 zGULJs{y(;$DO=<5%Qyqp3e?Cye~$LOd$jJZ4D8%q*8Rxel)tXuCD17YTe*fZ8T1c( z7*DFt%BW<|6KG1_L3tL>G%u}jyzMVKaql61H#5HQmUnaXUMCmKOGEjQ&DZtQ>!*(Y zBYModR`lrK54D-GpYLPV^QnvhrsMZ$pDE29`)Eh+Kim6{6E`yZwCuarI;nHqwD;00 z_!q)obD{Dt6x*=-QoAh~jETmRXO>aU-cgsC`1q;Und?hspXkYqjgJLFO}S?)*5~>v z)}@oPew=!X+5bv$n&RJC<*(Au7O%F-H-bm;x4}c#y;gYMq7c8BzOdD#uRfF%u?WYa>kdQsgF_H zm@k;Exp6(?{g~ndzVc(pS@FNw`|A`RqHpCp{m!J0DU_MWJgv(AgUbKfsgwP|eDuY_ zLG5S;resXt*}uPT*8CS!&i-Ao%g=kk$zWWk+)tNh_woGww10tv&u3L1`=8K`*`4&G zf_;ac?Y5sybIOtXYuc%D+ni^S_gUxr!7rOQO@g?kd;XH&N+TYZ8kd~PUr*uBE2olw zoqIO<*XaIOTlc$=wIXz%vx%D~o>{RbaXG%Cl}hYgbGGNgct7~LI@?U%n(c3DK0d@8 zuMJnYdhv^3W7|fv782WfHS#u*dD#8PeJ{496q;%tSuuzG)xJZ$W2|!WE@tolqK`hz z-iu;?(DR%;VLcB}K8^ZRXYg#=l=p+b);R(@7GnQ8csYrEI})N9{(CNY zKkoVyL+nYkzst~q{^>j5y&jiY!1z&8KX&>+7PrOfD`}#ZOGh(kF`ip*hO{^>b zsq^$_2WU@nf7S}Eu3)@fL@w#e*l3*rvz#&T(l$Iwr$ zJ#W{%5^ZnY$vGSJt(6};{i1RQefWhMw{@~sMQ1#!?+If!)fZX1(vQy3cszS*K6BZ( zv{r@j+kM^jw_*n?!aZ&~He+i9|1}4G27ALcV^iDkcjkga>le%z()eYv4P8gxd%BJ9 z+kvNC@J_~R(s$X(TKbnxp6#U_Zhb|cu=}+788=l%=yTdkC90~eb|0kf{(g;jqIbutF>ws#r*kJ|eUPkT2aqwMdo`zSP&9?DJ_ zKLOZ=P8tWphloR~3eUIA%+t5(C+49hk&851%MH5uT7k z86mGKLavKwS;E-+lHahFoO(L({W7WlD12PX7(W?Kc8(3FDtmA^d*0}MdOWfrSmeoc zXTi%ppG)n8SBk~RKhydE`B$1#maWq_y2t0{jQFYfdx)F3{44<0cIL$NU4ZNPcqw?o z+3*j$rr3P~{v_xp62_lNYg%+>^%}n~-SA%X7p_hB@=*K`4)pU=T;ECia!4+t%ooqQ z!iq)DOs$D>oqL8eQSTWjr+xFjO^l}K@UWm;g){{ZJ?RI!v7_g?8TvX(*i}vHE z+Hs+>aF51=%qQ%2$675svvYv$oW=X0n_`=71?V{N1*e5}c4-_?T)De-VYnx=bYk8$ zz)=jaFE*ty3vr{Her3m}R&geP_I5S#sbcU0kG}X6bq*6Ai~+rPe44sdm*~`71YW9} zxsf*Lk{qAp#{#PB-5&tJ2JeWauhT~?sUN9?>8o7_fO z*(j~E8B`abUn}wSZ}|RUXP%3Aj<;`1u+FtpyuX|C<2XA)aR=#v@)<=h@#EEIcp-km zKiPlTzCFBm=QOSW?+pEU$L@|VQ+Vw_U*^=={`ra>9~(IS%)poW679_(R)~{6dp!P2 zq;h1e5Z@)6`)K8ezOy>$S4^(7*67QgKZLxR^42B&<*kvXyvh<^9Z+89xB4oXvs~;e zUrk*Z)&BA(>`KP-{__xSUcuBW%v?7Za z0LNdpN_bX=%U=Uee>i-|&>QdV@;V{7oLEju_e^kDuz3FB z>BMM`T4`m9G&~JQj z8T9jar$fK_Cbkta_!K&P*4en?vzK;)>33*XK%F{+;X-taKnI&{tZg&*De=Gb(CL$& z`zhQT{K*ZK-yXdNIuEbhJpmjB&JXslH^_9(_ijFN_US^_SNU{4H!G@L)!<<_k-Ww z@lrN+#m`?3wjqT-`I39#XEr(2sr((~cOkzOC$!hW+UIco^4YUbSF%>8Ej!#ZhrImu z48|;6m+{T(yxXX`IG&ZT7NMOo%el_se9mS3HK0q-%EX(3(5nSM+l|L~+u@E~)Si=9 z_uJ6dJ^Yl-@U}vDpq`jb?PE=>jGc;*|9>rH$r)1w- ziL(}wbIh4xr?dG>0ne@AA)nISC+ZRCX}y;=MQ2jUzG?lamo_^*wD}j_S^RV5eTU)q zm3?DV^)EB2mmIC#5#y!1KA{ikAuIy=RBWL*I{ z`+a>wz@CqmzBk{F&nVx?i5cBT9W9rmD~soxHgmt&0?jXcgnZuC%c&1~NY*mnOS`3+ zyiCJ)2VS$IzYnTi=&zUGi|_%w@mjTKJN#0N`7QY1%b`CTZJ&v!XM1=ieq@aCmrLd{ zD*a~9=%M-vXtOg?l17d*{4#diA0O+kZFFp*i|0%S&o>;}51>CjzZYM{*9vCX>-gqk zlZ(N>6ucxiH-e}3P1BgA02}_gi7TbBFXObDZNU|s*~l3#JmY*S*1oXLkGVj_T(mwz zG1%k5@FT_Cw*pVk1ostqqqWBxe@lK^Lg7ak+nG41`ZCdGt`%x(VQr53vM+@8er!&S zZ)_I#;<--emjSC)*Akp16;_0Zf0!eqH2BMW~ZLv3n%Aa+X7aO}HqG&WaJ-W7jDn}>ABem3<;NFUkI26KD!1RhXwIXpDE!Ei zgYa_^=Ryp|&-)!7UJpGrhcCak06X&~Xu!U7*1f)sn3Cb&%nR&q5U5#tWFzyv3$!g ze6zpY+DEMz-^p4wU1oJeXKQEVX{Hye+$wM_0y@eDeVgFa~kZP1;17?2CZWpB!6yIkiA{W{S1B7 zIu!Dyu+OX77%B_FLzNF9e=k{SP1XE$2GeS^wp;T9?9I7mkEMKm(I6QA#d{x&1~(5y z12g`E*2+`DeyOfkx$o0WhdzIp?C2!)`N?_ca{zzXyMCqhI^rWEtW(R-8^vT~OXaU` zBu_&9nzx@puFam#3y@o{ja8qiGXSTvE)g4R&Jph_@}EA|=s%qp9p0UoV(m^$693Z- z|GTcyeW>gNb?TYM39`G|zfoh*POhy#v|^FP8-M)n*@h1lGcWpS&t#92+v3{ae@vodD|5MKO(Ok{WbQj2ni@MtKip1#{Ooz? zE8pHrU(MH!0C!)t?~q?($9cq~*H#YbzbD{VY^@v{+YIgMk=HHAs`^mr0&6L4Up1+( zUo5=n>suW>`tUQ&3_5+M_g?+Q>%j8%7m`uM zJ+`q2!nD!_i!-n}Uvl~cjjd#>bdIU~Q2AV~;I)*p_-l(JoQ0cV`O4&vdL zXa9ab;ZGH+^6ljV#Tg@kn~|3YV&d%6W39^kfMOw;e-Vp9 z>#0fWl>>~C_@f`T;=d&>wsCY>oNyc5Lne4{~}g31gzf-2CK`4WqD!k z85-8BgTXp!!#dGvx6$BLa@~-4y)YQ8(>AO(y|DHS4QumYu);PE_IqKK+%hCyPYwp_ zit7#SpZCJ5oH8V=C4<4rv|(-X!rC}AtVM&tnry@Rh8NbJp<(^aV6d*YVLj@Fh3*d} zUqyq#%CljWdSPV_4eR>BU`@68_&F~u*0~Oa*HweTnqlJ=82~GPNLa%LgY_93)^%Q3 z8;6GVU*zWo%A~jn{v6 zcyxQ?(6Ii$!C;lzu-d$^GCwsWUf&%I)>mv;2feVuL&N%~!C=j>&(6H_p4AyoVR=F2e z<vNVdZ&Yg@=Y^4F>BDTfQcE zVP*P<#Onn48|T=GgEn3t^1`Yd8rGYG!TOaAtGC_OZ6m8Cfg$nQKNzfL8`fK1Sd~M= zdVVliT{f&=dtq%H8rG)4V9mB^zt0P6Puh@e{KjCg@@_Cbzz@B!tk96K9vuu;*oL*y z3oCPISfzu(nqk9w!V4>WF02mX@$xa-@F%xwtb?CW&u_&*>nip2)(6BB^f<<3=GP3cqSR3cP-ROlC9varWANS}n zZJaB-?!S^YKDH~<3#(*kSY7ABS{tdpJk~~z>PRoF%AsNX+qtlIMjp5E`tLSxe?K&= zmy%#XFUFO&Y$Uv}_6!Z{`$@2%*TKl+qhs0RH~rEJt9fWx|C|KN;I-YxYp)lU^>J6e z4p#5EA*T4@d`Dm0G1+QhWqv|?hdc{G{bLd=+PE{a({AGi zFD%9|jt_WVyrSpAS{r%G=Hn_atjeKbeI^N(q1P2-jNJc&7uLq1Vg2Q~uuevPWz%b} z7uKGkVO^aB3wo`MjJV3^(4Agb%|pYwJP8(U+!;A-%fzR=u&loE@Ofz;OoFvccH-dW zu_!ht*9$8=G^|tPTO`TX!AOZs`;T~Gl?)B*Kaya9*TKlzYhy*=74X8U92!tt)6oj6$CJT$Byp9^beWMk0S``>wCS$$*v^U{8660EtBiDzw@_`j^33w)H- zng8FJ$qfh>1#d-7!bR|k76l@9GnpW$*lJg{&}uh5RCJ+!b?V3S%(_(iM zZX(fE7O}|MEJfF{;<%6GoxkboIPGx;mokAe6S3?er?lhs~1*vW>|L&1gr2gBacxp ztj5f+zUYGmy>>>{pJMdt1729M%&=zrVA03!$bDxSJG9&j%epk9{+jB81zvTL>(4c^ zy}%2rFf*(|A1s5{Q5&zTy|Ah?!y4{`W$1PGXADn#+6${OGps*R*Wi_HU>%N}IU!mJ ze-(IPS(jy`SGx}uecTxtHQxAP`CeFsnPL6H2MfIFB6k!R+Na_k*~VYZWQX?qU~Lwx zG5DeAoHj44ip;Qn;DbdUyCXY4W%%n&FRbd!upS=>)=zC%&0biInPIK>!7}v9FEsS} zz86+=W?26)5Ui(dSR1{ttWRg8{i6P`c1Er*F}%9Y3#%|QtQ&l=pgpw|*lm2@Z+Kya zGsC*7KdkOZ%UCmx3%#%^GQ&E*KdhaRtciy2Kj(#2of+2YK3HZPkJ_}K>4nvp8CIx2 ztnSG5Q=?mu?a5wP&6#1TUdX2>@N<;UyMNbdURbfruzur%#W>bQ4o_zs!@GiBSk}~x z{PkLYScfB*+C1@o%%dj?GsD{BgSA?CS<~2;Fudz+FRXB8SX+It=wo+e2EH%x(5qfp z6`5g0`@=dMxyJ6}552IeGsAjdAXxX>u(o(%HD-pj+y`rs=yj3J6Lnr#vCOa*_+UZ% zosp{)E8Ms1elM)*%QN!C)jn9@#k|*O<4@e~h1HlD)~9{2Hmi^1_!Ya)_rhw<46C3& zteug^3Ze&qHOmVtmKj#Q50*{)aYi05^TM*O$VjggbrW9Mj!3WWJk#jabG@*_nPIi{ zht(Z<8{ZecALfNskr~#TK3JxY*V}zO{*Fhst24uD9thSQHmp`Jtj5f+zTY3#;mB^w z*t9piu$nW&+USF|T6&`HY!j#L^TLXyVeK3&53tULb=Z>!sEa&#p0Ptu_rlt_2A$^k zOoPJuMt@j4BQcvNzUzfmm>JeWA1pJDjbn^FKInxN&J62wK3L;KuS;hb+i|xSR&{1r zsuzOq`_ij$lA%|H7gl3tSd;t1!uQ3$$2a+`7glp-Sf}-eRTsJ3#_LKiEGs>qI_NkC z`@`yv{M6?ANnTimnPI(8ErO3;-I1dli=tPb^TKM*4C{U$EF+Kkrx|(N?1dG}4C{6utcYyKDB?8mdc+IMO3yzJO8faf zSm4FJ$N{5Q@AJYc%nWOm50=5}A{(z|URdGGurBk#0x$Bu(~KYe1uv|M%&^Yw4{K-S zN0UvwUFL<=oEg@z{;&>5ZW)2jd0^M2URbfru#QjaE8C`z=&CKm3g>uXS?Rg|LC3Mx z2Wz!_rjL~Wx^LG|FRa4Mu-@not2?r0n2Fs#{Eb((GsD{FgB1~8Fp>nPENG z9~OSj1Y@`V*9$9_8P;YWtVNQclSQVLJePJM2-L?#^^unsn46AG)SZ7~g zWP7O>R%2#Zm-=8CdR;!u(ChEKu$nW&I>!gg(Cc!WUJ);>SY}v5eXt^up>NoHKgA2n z`kRdW_2I+;WP800>ufKq!pyK*`okhdCXb0+|4 zovw`=)DHb;e^_;q7Tb0ty|5ZH!+NSeteuf>*!*?47uMl5R=RF%P`tk5gT**@N1mQ& zbk2`^VeMSgn1)q1SRP=l4Qr>H2Y_D8TV)w}Z1Tct&J648{b3!B%)83uMC-kVv!c7}Xvnlr<)27)!uhBeU(E0!77yAzC_ zNb{G$>uWZwQ@yaPbZy+AwEtfpEJLqfP@jc;?D=1hY!_yR^|B9^!RtvIucKaA;mojh z4+QHcHmv{g!ir^vwaEvIKJJWsPc>T)>^kU$Wo5ZKdQf`(lMj~ZW6Z|uSud=@%&=DW zht(aq=1jx)jb2#c%&?aFV3|JNqS}H7c759mt0FV3zw^POk9CpfnF~NqeA5f7Iy0(Md)}&-21+&J649{;=vI*AOGq$5Jn>SY}v5`olUL z$)9ZSy2K01%Ff7Ne;nUWwhu=xvSE$&!Ya%RE9rwZPC9zQg+@o`d0~Y!!#X?=tUGL2 zfA}Ado~XzS>&HG=hQBIo+9$lQsx!lC8VFXM4eRG#SdE!s)ei*gNgLLWys%=KVXg7O zGPJ*OC_M4Nt{q-jR!&BqxXT9%dhLw7ZOhQVcwrT0hV}RTVI7X#Ve?mw7gjhkthxPR zQ7>oX^))Z7ip;QP^oNCP+jxE13#&RatcgBY&>mRD$aZ+wbzWGp%&<=N!GiX6kuZ4^ z^u%;8tip8d_@K6d&thfB!OVpu{x9iYp`*0-d)5ce3-o*GzuQ@nShhA6NoUTJ3bj&t*+R#2H zz}y)*dkEwIz^*;L{i$11k*+Tt6jqfF7If~8U|*yYwt8WO({*Em!n(r;D{Yw2-abz{?7}mIWw%;{b3!BTyNLUEce2SrR$&u?c>z`u(~5->^g!4URcfP z`i4Pa750b4e3xB!akUqgm7e<_6xMJbtkvR)F=Ne~@u$783Nyp{Q;|m}z+b>3z8hll z>jhp|;mokweXtfuzx?_05Uj-`4Xii4uqx8I!9ig??t=xr&{gPAbX9X7SayzN!pE%3 zUT?#yGciBo_@ZF_lsY@~()S%$E%RBI&E8we@qQevfAGOtE&h6Crm1<^=!Mmo8P*~n zEYrt(?Y!AKFRbRwux{uNYiHyrF$Q~peZvbYmKoMn1H!t}=<0=DSeBg!`Z#)>?}HT) z?QgO3d7tybD$ES)bRR6}wKFn#ron5b7gjhktk6KPZlOjSdQJAiYR(L+yU^%~G=ISp zb&&<<8l7{R7gj7Ytl#)xZI;gY=~VD~U{}zA#o8)l+s*@h9PMB8!7}uE`gGIB_kZcp z6V;hv?eW2isE@Z$&ql2Hwii}oW>{N&u)wQ3QaH`5b9mJYt2r~Q=s>XE9&U2aKlH+C zv~xET(G%OK^L>J~Lbv(W3O(S1HBPjzv-4(K27vW(v|sLn1--f>)uMh?L;L4P8hYLCh1F>L-ya9-(*wbJa)uel`CeF- z?N5FjtO6e_L$6u3|2@kKtD-+F*Efx!+gGs`vZ!!|*}KqPBbf*6)mkITb?qUT#qZh| z@kO=IAZsYciJoD5%_+X9k>g2Dn*n64s5vh>9=lKk?-ap1^ta;H*4DL zwLR{5KjpM(#=9c(c;D^CpM3}!Z{iuduKhb+{HrsMcZClYynooO$zAJ()z}x-8u+lq z;lmg>7+P3;dH-6M7F^eUiC6R6-h0R1Pf`0cU4D8`{nYn*&+yTHNXKgI^9HWv{Fsv? zPfhRX7+=Xg;`dl)kFy~Alg(o9Dec`EV!yH~_7u{dKsxKW`ckdA%;%iBoTfW|bh5tt z9`-al-AeiOuQdW#tYr=^vheM!rgOkg&ziHh*%wHA*T+Jmn&K``Nkdlg%3N4t~35 zJsO&2v)?9rBVINtc&NK35KW8^diuD3EY0h43@Zp!)+sWofa0!m;>KrM4?0dep_)z>OUd)CUIp-+Ni#l6UbnoTI z?50;6l)cGM;;vAWMz;HcdBI*!;Kxnzl`aHt=Grc#-#Xmf#%P%7qu7fEOp; z5-z^gnmlcy_RC|xKJAy5VC{$YlG2$kZ?l)D_EnQT^4`;)UH{EJUE`dM>7s-1dII_# zJll#M?7n})6VR-u2R`b7k9r(Fnogg9FCNmfZR~l!nYQt1Qd`*nOmvVeikIS?f9LX& zWbq-l@1KC5uB7kkw`4HR8EN9BE$mq=UV2@;v;|&5HhSg9=B3Tx6e+Z#o55XpZ2_+^ zd{7QAY47hyR)AH;291+O1Huo%edI zoURL@$84@0EDTAm*#kMdtA_p2TH#so#SqRZ5l#LG?_>jG8+!$t=YioquRY0!rpf|yJ-Ua?Zu@NJcb}=?RmL}PB|s_P&fLz{eV}_ za*fW;1*dkN%`LQ2MSSWUpxfC`QhK7NX9#~oceIkf)R~pD^8>YQa~-{L1N(>QU36nE zxVP|bo`nvj57HY!&d7_SW6&FQmURv`T<3V_HhuFy(3{Z4u|okWt&7>ooDbeGArJAk9mS9*0!roIoO-}(FvxBFgB-}C5urTPvo zOPs#n{V{!?*}v~I|AM|BJ=@#&2m1DX=HPwr&^S2be%UC-eG7V`EbC+YF1u2KJif-h zjXgah==VteM&WPJSNycZO3r?%a{64`+vk91yd#XaJJuR!>o4f*zq@_KMygGXvwUog z^G}^I)>z9YJbmHG`Y^t&mG!A;DK!j#Q^{V=Q^Kh=i%!-zaPJcSu+xVv*4UTMAnvLd z8C~(k0ruy`XI(eC*GJIaqU`Hz_9Dk;Gy9PrE3^HDWt>@fa^x9l|CRHDk8$q$ytQYC z-@MhbE-&Xd`!mnWMz(KdKU#Ea-NA5Q-5Nt);y2-&ATKS+U~yu;eAenWbf!gG#>;Gb zbphwE3}p<@A2Q_7U8f8=)Lj{fc80vNJH*KD5Zc3Ej1D>5N^N7@wfE-5?7!R7lg;?q z_Fg{Y%Y`p(+-C)jwO`t>ah;X>a65SSuvd0F`mqBY*g0zb#!hH^ZC3W7ax2)K z=%*pbw(uFoSmz_#4S}Iu!9VxRYqkALN4AF{+d4-mpL2zVHm%x=jC0P-Cz0__YwYKv zYw?F#lAKqL?dRy|n| z40in&esRzAK&pAFVwoAyufISHS%W|JjJ2Yt>U8}2Gx$4`zq5Aqya|t#l%^J1)^oDE z_&Q@^HQCY6bIww1sI_}P=cTpQ7$0r#J9*aEOWA97Gh?zz{t-UwEW-m?UE{DdHchUK zo~yCooz3{9`2I%UV)Jd^A0CtMzZpMEzW>k1+P<1(Pq4P)-<5E_%vRuUqMavrulc?* z_F1>OhTs#eTUs&WU|x7b2ji7fbZ}#vmDBX#(!v>Ad2Wr~x2(OBfNy-#zYy>4=RY~# zn+CyKI186*2j^=iTk~AJgtO#M{TF@oTjy{Zy+iENGP5+b_D1>S*0kV|YW8|1MjCei zuC*266>Z#q5I^7EtJ#Jz+sfh$nOVnPnPB@}ZRktIj*0`5bL_Je1hZ8-t_ofjPt$H3 z8QW*!^Xg1IZ0!Df7afnIV>RwmJ|Z8KZ9SK)4W||p3soY6@-ep27V^$nkXh`Bo&9hn zzvBns*M0aMw8j3oU5g6QPxn?FKac0wgSQKwn%A<2*aCcV7#sEi?;65+X>0IN6EA?% zv+_$gH}_nfU4;M0S%48M`_OjwA5XB~wmBDWRPMts;%n39p*3gNG0J}eF97eUFA4Cx za-#KE3>bcED`cPisEVr3nAkbTj6X`l1(W@yh?AFBCNkBJX2^3r}?IQ7;9 z>oN4r87Zi)rvy^5sr)??UJ-jUYenoSK7W;E@7;VL$HX_pX!w6wO|u#;C(pv! z6zM#R-Db;N_>XLw z{!rN|&;;B$H!?NL;|sa=Pv=iRWcD}jJ&#Df&t%3X7_@d{Gl5RKygplFFq%JqV0$e*&k~-w;5iIg9f|CX4yS$% zO@ycW&)tvxuff*>U-85ELGXQb0DNO#7#!bsM}2a9hnU<{FMZu}jFR|UE$FQ>at^oM zh)zehzJt$BE@58P0{lAsa|g7qe$|cEu@0WS?HckHyx*z! zxz^0J>)nbCXFu19usNL1(WP^*_-^!N)l%BS&m0%HW;%PsPjjD1@JuPsEW~EY ze<=i>@Z1E>aoR3%+8#&Se+kpR}BTeHa@~4Va$_+5YH5|As#r z^7*4LgZCle;#0Q#iX7UV*6y|ZC7eFZpl4o;}Vp)-}`H@k^eZVeQO| zUy09ejrqZB&ObsYB%i__Vpm$x4Q*S9`>}T>7MBcT|F-ciXDK!{@$PlJdn)fL$KNp> z*j$%Rk`CJF!0QJKd)rAHoSkUSG>P4Vd;_3u)$%~r`TD~4Iq#Fx4!d8(Xe%TpCR`3k(RcSG=#;=K3<&f}7Q zy}{bO8a@+D%^N5WtMB%?3G~%zPrn7b1v;$-_BIFhJ_mLyeZ-GWy#wrpk8n-`u+MwM z+PwzYZP1roh=Hx|I(x|Yr@Z6-?tlh5o4bee6UJY*eq$0pGxxHGHn!u>tY!?{v6Ebs zKx>^F*}k%OtYUXFCR5=He6RLr`M!toc>x|^OcU69OLcVANZtFR6ZO!bxbn-^bivT` zN#G=TCpnc*-b-TJlDzA_f%ZibIos!@o?HlosndGG4sU3cOZ`tebey z;RE>*OBu%oZ0#!X4sdxkMW8)K_u{LRs|}}0u~9lVtYMV>oO5l(P+c3-=h|NR%?+H- z7N~aLwf$P*8Ufb?@>K4$Tkf=*0LO^auI??okG^nik<)Iu)2?&Pv|H}9>s&MK>Rh;0 z-*n&AIb?w@o$uVI&lAW=pcfm??%U_Hgg3kNy@n1K z^|@x^hlWeh!QV)~YtHEGLk9;Jof&7^b?6{mYh(G1~6fvG9?mOTP z@BFyPd8dST0!w(uzJ8*xu;Sc)V{w&jkHvRxdqr6`49R6f7@RA6+vQ&0w%zw>V;pTq zXnQ>GSMq7(n)ge~Z5+6Nf_o>d!bRum?6bnc%5xL?w1N+N`9r#rv**VIbFP^#J?8KN zF{-V{yf!}0IomER#<{$GqwP18VY{U#hrny)T$6lm25$KR+ZQRn#p%0EpFX}rzQ%tk ze#PHf^Y-IAtdc(Exe3UK@Q_XL+Hl5fS~~ad$hKeSi^kH&RoMO{{s;QwjT+vQ{%tj| zZ6Czd$F11AeNJDVaC{*3Mc34qh4f{g)0cftUj)bKY}(M-s>UqL0Q+w$eLpqDy+5un!+MPH!=%4e)c#t zXMW7g-DsTR#pF7`NzdduIC*WZaB^*|-tS<{as%NvlF%xdZB18SM^1wVOE0!|Yd%`JrLRJRO!DEE7q@+!=6-FD^t3H~>4)vUD_owQGB~enFC>(bi+bu^b+5t*L2Rkkr#Zn1itQ?E10i$ z#?71s&-jYJH2=Sku`L~H^TMuK{m0?^TyuG#nz&6dc_Y5vCj6x$_7zFMi?08v{rfd8 zKPkgcmoLumq6zR4GFoVr{4#jGz6YAZd@sQER)Dj3;z@9>Szzs~WIxHp=n26Pk80do zz?*&0Q#wahy2S0rqvNf|+;?m}U^Ss{O~1vjdRIJu8`mm%S8}hIwe`+k9$yWN7IJE> zciQr=x_}1Wb@7s2wsSN#9ozotL?2%9^Q51@{lDc?E&`Vda7r=;i_yCc6}CShT-A5s zs#qsMj2&CfpW|yP-q;Xw5 z^x`|8=H8=@z6Cd3bKCwk_gWsc$D}W96i3-HSM7$6r%gF}OmX`@KJB=;zpvafhng?t zKFib=XJwJvFHBrR35Mzd`z2+i+J*O>CL&cYw)r8{acs$@Zmi#K5Mw&PX~GMx%3m_L#$7X zGA)|*T%TBfXF5kf-`pHQ<7Le8kR$l=-zv}Oo`Gn`rX986l(o=`CeRPDTKY1dxflA^ z0zI>tr)Y(yA@Qha482|Y|MqhFxsGc!ymJ$Drw=XAw3T+f{rv^cC2ztPA`chj&ugdS zHH-ngEPBM&QJ42;@=U1_yS3avGcs4czyh z8|*#!#!tHup7*v7_8xrTf6wx~_uawX8=$@4kw;D5fPR4I#9wBf)}jAs(Ug1AZJ+ho z?xXURyz;9F<-YfK zgS|HZ@BV=Iylu|*)AEDjLECKbv^it2_XcP)>Ur-1-Yf0xTR#C=o^KDwztIdo;BEe1GM)=-Xp(Vr<#N!+3-pZxb1hxN}VyLrO4f^aJJC#T-=K(?8$KL2#hSLgPfukJyogaWBV zF7r9Vn7nxPwZ9!|=T7GYfogQtZK4;>WShwk{eRzU7&V~`0`1C^&5p#2lAy{n0$B51LpB(a0SPffHlqF434Y8gScn!R&X=dz@vt1 ziksyVxwwrnIFVDtHYc%n$ue?*;IJ4Rl(*Yqt=P2&92&r3LSU`Ip>>XpLl$kzR%i3q zIvxC{l1rOJE{zx^-|0lf3cu_|X{=T=p#o7GeXyo3i{TS+g> zPISL)xnSyC(GqKj$*amY)Et-KK2_(-s~*TT^LIT}L#a=oCaNlbM|W8WUm@42Z?Nq7 z#NS)YeR7?+WY>$>zGtkxrXBi{piicc^skkEw$%iqpZ}9P4`jnvO{eSQh(CnOJa92F zf`fx!CL{;-L;K4?#F+;&^}c0!hW{U8PUVBLp?&%P26%ryynk~b^^@Vmsy7A9oN$cm zN!e#??$z)@YgMRNe53gw(fCN1Fn7?vEYgL)40cHNVX&Ym*jWI4@j&2jaeak(J zTa{&UW1A@_iiA&(ChlfF7TP5bxb-0+n|@`;AL9^!pUyqodh8g_bdSd#CA~F2c3tc- z=4AyV5gO{5o3-yXUM?MTMf87mov2UTZDRjaGD!{znT;T`vyh9$$VG^G4#`6fbsv(; z&r|#2KBL-{wqH^I%)Ce2qh%{{F11#uR{f=qu6s0_TIH5|kOAtA<^T&Gzap`YcBp|? zjY5c8UB$vd=0=lTp9$Pxv*v#BJ-9!e-|}5!H$!7q&NQo zo;f-4v~+z}teml{v{K5|Btk28#kN?{#psJHI8gB#yr&iXv&d8wIs_#pLI50Z4h&B}_tbZ_DD zBj9r@-}mvoo$t0B*tKD^uaj?S&--qNp3;F9|J?ab>cOa0J2%~zo*rvQHM&E*<<_GJ zfBiOaYb-lV^9k<7CsprNt;IU4r~V6Wt+xlKTY;O+yW0k!?`_mZ48(Jy zuUQ)+T0`S^pj8!ge85M`5e_W}I^X+P$X=hcj9RCYBgdp=Cbk3~zSBZ4ZGEG}8ryaI zr&Q0d^^GdNUvMV%mB}H;du|A<=qclKW?+T-E}L!pCf1nqV=HzYSs9F8yKK@7)mE$a zdGbed9$n8^^-Q*og{TpET6E)kVvIF!GQ8Ny^OJdAu%s{L-$+L<2iDP>g3;P#lV{{n zhnb|l@^)Z746K6lZCH=;oW8$!3N=dGL&a@#&|mm9Za*~N*N&f3Njpb?RR*jBR&K3w zR?DGz7d{LA+wP03yxMOCLbcx-E}5y?CH_Ae8rIZO5GX#1Z)5wgSJIz+lY^-J0kKm- zY4Kv~{#~ux%Zm3|*4JxB)ohGo_e;n*bW-Cap8%U)Jf8W#7JLBd73IGcZC$f5844Y$ zq&9{e(uPXQs%?b^x)&pl}Fq72awcs`t~EIUq;_j zm((08|78q+J5KKZ3f%*rsm|wRd`dqkS9rR)me*8DE%j*6_fh71uDL$k^L;4a_3kFs zNxX6){1`-^{Nt`{*1vB1-WAa{YKjw~mAmp;bN0*=C#XfTnkvjXzA4c&K6kR7_qvOI zF(EpReG}~bOy73}`vmKY8h!8P@vdaU?+3O}zuUUquHhY>M?YnEhT(UPgvO(xF*Urc z+r!0K9$jkjuOFN<7`w6fJO#)K{(A>w*~wVOfgxVj9G_^aclFQJ$FE}hPmVl0tvkr; z?2J@%ejK@+h{<0CyT*~n53*Ki(b7f7D@R$i3%M?z(jF^&4W;P6?hW}z53uITo@X&S zTyzePjy?uWyw3}N+0b9++I@c8*S`R@tE)oP;o!q+KC@^Rwd~}7pM)&J^Ac6lC0oO%=ylExOE7m|OZ0_s$iFVB?y1~LWd;JLScjeh+=kB8>%;gW!rOu(t zZ_{)Mr(E2;E&Z7#+CgcH@R1FPZsvMJRCl@UUO3X_WO2* zS9wSNy?1<)p|9;a$2T_TJNp*7U8H>Q07;x3c=w?FXT$YCFnlI{=>?$R=Ldj!t+A|KJ(q z?^!F=vIo8K0(xT~dgB0k<7M>5AuDwZc-`Z(S=;EXueIYe#XKe_yAB;iT-5RicHq%) zs;wS7@Hjbu25O1{ zwTrW=_flK4w=%zaFKbPVUl#inwJ*rqhvd9tRlupS<5FFZmsjsC;+|@?g49z>pJO`> z4`8>)lvC55SE%)t__1@T^_i~Pw~NVA1v zl+TBYZzp#h^wi{EurR!$3%{tA_lMH7@b879gp`r3@%2{orjoaXjm(T%|XlE1c5WjX^L!J9X zE9Vev#SgL0_|1bKt$&z!wzd_2vu!@|Fr7R-FvJg{c@gxIE=k~bmf$m?ROY>c4VuOE z9%vqf=2|1wQ4WtnYvl`Fdf(yDI}Qznzgb5yA6Y3!W<)c5scWI_!|;~s4~H&2|M(E( zVHo_ieE((9I|4SXCudtJ*@SUL7Hg^$@8&g~02w12(TG_%6Hu-iV(1BlIVBcQ{o`UzXFC0&7@TDYR+B=WDCCQb!)Q zQcKB`bTpuA-jc4Mof`052MmuskuH(0vGuX7N64cbcJe6r02fEUx&=JRCp1F?w;uk- zhWCa-n>%*>z|iK7T~G7b$8Hr4k8YXUYqwbcX8e&|*|t9-A8d=KhTQ1ikfVQ3>tC-L zM`v~?k*8$9(ZP0ZEDIgH1|8gh4z|c`#L%yLHt}4`cQM_F+8xO>ALrzysbj z7WSSK$G}PJb(3Y@HLLc$_;?$)a{Ehp1n9@I<{8u%_!?*BRl|a^l&e zqlwW1!@90N(KAoFPB7x!8*>sqLayS-SK=OMxe{7dS*g|iZ!;f*Z<)&K<#ELs*Mhg}zg+9{uY%~=U~tql z(P^ys)!y4-Z;U=pfmWwNE3d!g`cav#xjxP>9b97IV0(J@|1LhueEC4(v)LLo?M!eP zho3Dwl8YP+)Gjvi_08m8vX(BI(eS)=S1ER9Joq=<5x7e>sFM31(r&{y0(WgX*`wdl z-}AeSPsP(bJ8zs7JXGrV^NT)OP1>TbFR!@t+a5a0ci-gn>F1t4x&5)}+Z%7C{ljY< z|B!X7Ht*Xp%Wv^{BK`gIx}q`XMoU;@n1lY4twFaP*8JR8eL2bpGSGL28Seq`xgMX9 z{s*wBMb=##h#{B9sKxN&wg=n>h#htoWnCCO6Wrd}+!wbwKHTOzxcvq?x%AmVUc?*E zqoH_|#4s z_^OeEHlO6(PxK7qnhDQJ=$RN<)hB*lrF_HW;^a7E|Yne=}P);U@IheDuf7=rMeo7W|7={JFN} z=rMF$2Rg139d`sB*M*Kd8pQfHoLA8(D|#_B`(RUFS-r(aGj}du`fZtqc5a?( z!2I-qkj;O{^alsB`^;a)4?xcY$_KkV=*%U~CEp4UR^l^NLC;O-|Ig>ZgV;^2TTNg$ zRb$k`c(m5TgO9_5_$nP+;KA+i;8XD6Gw@(dcJZ-F?TLktQZs;$LfhTkPZH;jO|Rv2 zd=&UIfuEv1oLlfyTJcj%juT%>^V^*z#6|ciUGV48vPf|ZpTh7bzL4@3cR}l5e_GcS zEf^7fkzC8N=b0_P6=)>h)A1;?TxD4i>4vLR-*8uq3F52|>=XMr-=fdbA@Y&$Q=TCEb z`B$_V`q$zE{~CPYRj+R}Tl8VR!<(~*K0Ax9xhT3Fe7@?#=a)Ww+5)yL4Mv|K#((ei zFVp-4J`3@;g7}x^PEII*+-Pn*LcS&ho)L02rQ~YlV{6_?IqV|KI+V_rI%B+_da^O} zW1Nq!^y6^R+Y_VzKtHbX^<%5AAG@7?*!82m`Q}&6eEz`r7tuGxBa3|bybyg-o@*8O zDn3z6uRR|s>6dhc_PYq88ZYaK7W=P#HT#-%IFm6^2dh0viSENy12g5R~*_XC-NUYed!H8AWmAX zxijLVS;Rr{Lv+UYD)yZAo%J<89t;qNGSq`XWzC*$@bmuH9Ji=mTRsf&o^ zhRwWXlZQXt{Zn_a*OY(%RMFUt9ji6&5o*i^${F3^8DshU>pi}Md!Wmwm`>$=A)0mb6xP;(Jg`E!RDp~&-F*Nm&3`Cz4bzp4Qg^yqujj<@ipah``Z^^ zmiTbie7b7W`oJG0_+!)a-!bq@&ZLd$rtX9Jpe)wxXE$vk?<(Ie0v|SDizb`7gRDcW zkv#O^M-M)n!@R*-YB7|D3iC`M-*d?$?Xz;b{tG*yy2=RkB(JdNR6(b8mu!dbUCUlM zFD+d%W8Zq~u2u3c(fOu+gPfD*CEA&jc-hLW?I6E59k>O7?5^w3ujpOsH?q6d6RTzg zoLURjl2AV~@x+3WiMSkV_&s(R|Pde#x`(IeI0tdXWq;7wTF8< zc&?{|XY@%w3-$Stopbvk?WitD{d$PNn9zT34V5A$8u)|+ctP5;JcKYoXQ z#XryVppzZF=Ek{S_wdiL8s^s7kM~vTWxf0H4iz*?y&Hb2v27x`%bm(y2AD4@ zsu&*q%+Ro86ev9AFm7O8pk4=T1lj%QtF>ICm^8a@ZOtv|Uti&IMZuQCyT3w$-{$udo zcxrHEtN)9A3X>zDE%?OY3*n?OAIF+V;Z#7bQZbns{|UNhU+=SKk~pLqKUDrhoco%W zHe>5NU#Py(|2X|mqSyCB+fQOcj*$Csb924Eft{ZlNEg4YIeMQgJ>tlctB;SB4Kd@n zjJ3`mlnv{fFS=WM6H+%m-mN`%_9kTiuAZvXsO>*}N9-x~CG_k^*jp|9`WACOe063aw8{+WPkrTPoC_2ENl(J@}lzQ6IRLe;A(;Hoydhd+V zRQuS{R7XK+s&jm4>d2(hRM&;2vr}utXBRkm-@Aw zrgrWN7vb0eUc~WD%FV{NGp@+9_Qh09zw%^l?1w#3YxeL#E&*n6miSf7%FHb>b1T6G=<+wKXcPK7?+ceJ+mRrVFq^URqSxA1#y zA#E+8U7mN}6&%5n%&7+Vy*tCHpP}R5pUYalz=*E=RL{I;;SXJFU4mT#&Jp^gIqwek z!fy|qLVp8{LzsOJM-U%ocOAh$TSZ%|(Xomb6X(JA=%+UHfackbtPB))RN{k`TUvj2 zs5C!tNVO#DyKG|l2l#q5tfS#KHJ!!dgJ(`t4P2R6BJ{6t(2tN9$*6vGa<7cOY zH@tHzd3WY{d?7stx+%dx+DKVEO|kE5D}mYMK8_NmeAb2T%ndx_9U zc;ysiWmMA;;9e@YCGgcu8?Imq_hYmbTgmgZH+9U&+Qmb$yCbaBm@ip7AA9k#=syR; zds(n>#rvHr-~0o#x?<^+;}tnpN_8gP^YQ6#qHV6X2jlpqbFUj6`8UwfQE)M2Bp6do@(Lnv11`PjmN#8RU>lq&} z{EdefuGgA=aI%KNpF9^YV@(V5tlA$j&K|G{_K0OKqf`s)eOl)PSoao4wX@!+gSAJU ztVKG)TBNS>0P{b?nEzo7P|Xl@>M&1!-HvT~#s^Y=MvqrjSvy?*a(U|G`0Md4z5FHK z5|8=$tBIO9@lKpJL=Usy+{|ALwk*{S!^c4~y}b6}^W%cc9J^V`t*()H@Mn=i2U2WO2I?RW8) z&%Jl4q4Mf|>G(To7*px6be#i9Kn@ zu6AK#-p9uL9)I{l;@bnc%s&NK>y{Hu9LVh_1M2@@O0#$2H^U3;Z`vFx|K;Kja;No- z$LHzE+JT;^Bd-`u@>_m=;zB+{foPL(ujl*YTx$ULE#ST#+@AvXXTbegaNh&&FM#_# za6bU<<8zA5-k@8u@VENcf0}-U2B}y1EBfW_lbwgiZYuQgw_Ce%9W^H|k1Hm-j&XAN zTl;(3^|yWV1!cL|n_}{|72Yd8Q0>sIpJvXku<>^<-#tg){tCQvT>LTK^eC~I%Fvu>RA zb9-;a{;y`OsBl@^?D!|-6rQ2}LO#x5v|H(;-F|p+AlfNE;f_-dHY88v%iP(kYO<5PL zx*G9WTz(q*P;q3nn}35}rHfoXNldfXx8{K-wzbZQ>)H2bT69jSSv$~st#Mj3!Zo)) z>HH!6y3y%Z9J!U8>l_93%l+r(2X_!Nd-H=PZ;t*eqJJ*#;_)~#qP(HvYw?eK_h+e( ztzhm(V=a9Un?&D6QxE6%&CM+$SN{GT{*JGIh0~)W2kFZ>zP|KXFKXsnd-auzKXYS! z@Gk;?7w=8et;dufNY`V144zN)#glc$!=tU?focBxKlRnE-t`;WBfZ3FQ{!#xKYRV* zkck?D(dis&dX7(g1pfuG%Zsw$w>zQz-S`u3jS=@(!BeixHfju@b>R2Z>S|3#UhllR zp2^}*GS_cS2l0~fQR3wmbWHM2dmctH{AoNdIk)wqyROW!qvYMy7ytdX@x(~z#x``8 zYKsN01wEyG0NAw4teDbHg+9v48j3zK!UZFFFG&&bn3u?vD6&vaMi`3Q{&`HhVostv6J~+Ok0YFO?=676KJy>AK^ND$1KKG{$v$- zh1L9)?oi#E@~@g7TE+O>>5l0XXH0>$miLr{XhWC0!`LpuKAPMRW82F6FFJEe!mHdF z%TnK1enxZ>uK>gF%G6%pMdODe9FxFyYHSrx#u(q9u4F#}a=dy+&uG3mfz2z`{2zEN zP+J=38+yn2CgFcm?>OsS?^wUcSZ@Fq?^vHMT<6esfj!m_yZ32Byf8wz7l@95u1)S3 z&td$*uTXg;+DM3A&NyrSt-%@RJZGHUXTIZ(HP8R^CmQRVrVXl@Lf&LEAK|;#w#Z)o zN2*uH{oE5Hx%Q;f*ppACby*BKmOm}MG?E;-=CdVV(ivw7UwHDr@!=Lq9^gggS7k>I zb4~hEdzx}@x}H~#K+j+8=HEp_o-O6K{6ocoEx?FLH$cM@*ACU#HrCCnsvqk;{qWk8 z^NqdlwI{&nvglKYI)zH=rpNP{v_?&LYwRYVi_Q83Y$W>E^vmc<$EH+KXB+3bJ15P2 zjj4e*^Dy8k-*v5vXW9-q`gO41xzKbNvP3_=;OWOe_0pZlkAHqHj?UBkoaX6f!Bf&x z?wAk<;n#=ACbN-tpq0>jU7S ze5ZKK#p7q-5n`XvE%-6LcFgXx;1^Zf@C(&X_)R#OYrxhu!I8euc+x-nJUEADF29-B zYc%@LIcum>wFzE6z=7dvoksTvjP8)NnEf6p2ooo26@frwzu@C+g zgTSBagI`6>-g?mlKWh`ZSbiAufX@~2xrxuT?R4<*)8Nn2Q=Wc(=+#r6ew{|U(4<$# zL6dwR&Uu62oa4utx_jv`)&4G&-U3(IWyY^-A--||8>6xL#(NHK&@Tb~%FOjp(^t7J z`ywA>p=*Dje-?5QLq-zdRt7xT@fO}wpD#w9{C&^#`xp4AUfLYy_dsL*Gu8ol$2=3w z{r6kPay9|BGD)9=uke>Iqj+p6^8i=lZ@r};y$;q;6x98{7u6O(pU60_uw3gwQ zV#^fswWBvXN{GcdJ87ItM{Jz@E9Jx&bB2@rld+;DzvZ*e!e?#8R+Zon?Wf*YeztUn z)_RJ+pI(6vH-z)OX4>a@sdnf9b0-zd=~~2(qK(c+dl-6zbMYs|KkUt>JtY!l=tt_? zrhE)8lZA_E-`4eg^dRkji}s}l$)ijcZ23MB=D6fb>s(6tlB>`QrjN8&NgtJ`T+L@C zer+Z5=2gs_YY*;-ZytS-6@2Z*-{MH z$epffEWe_-oa?{v$(Qc`d=MGC7@Ak~Ig8WQal%LTQocr^+LJ#5?5Nt~nzy|l`E-Hq z?-@iNoH9sz{{E)zOQpU4#ZA;(rR_>(xLA2^$DG*twgYy&xr04tPL4dK*GH>@7i+B4 z&);Rfh+MVdP4PN5LblDF%hjB$VjuN8z@P3Z@1|UUdRf_sVJC*dOGnDdq4J(`_n)FI%_mB~8$O38llaLdmb`%& z;ifR_XVCr7zQM}tx`SLaHfc;3e0ijtocWRg-a`+VwFs5u)rC8-3j+CF-$qvs59A;E zcJ{Yxs{+GKP0CSpcLz4s8-90`q0gCb8wfAu*xI07yMv3{Kdp(pjyc?M)Yu)B?zst?-2lz*6fRGv zafvNwPe$PbF4EbX{^;c6!LJ_NtUu;XOF%2l-6Wxx>_DabQRt?4q1vqHzakpv_vnB1 z%op-bc7Cw7?Thw#;V+Z7TSwlmbvf6W$2mm5q`Q<8O>(W7`V#ryFLB-8pG+d=EDLBcGzH%ggdW7n!f9? z{5kr?=uOrB6wu$INvuoLC-d18$iqySz@9%_;Q7bdE0T58Ee`)D*O6FhCZ55$t8@{K;xdS@I4p1X7f%@vkG10Fy(O-B>zV+$Y^8_%Gz*W9R`%T_+*gel?Ki@+=$CJZZPk(2iSmT+;^}PERyxDPg zpxFL?K`9V@SgT? zEaSZz-iyVe2T)CNBK;-G%fSvK#~SfH4K6$%u^!kpj^{O2f9!Yf{`9>P=+-Qs6Zpz1&s*eYia2j&V6YY&GL>;vz=cARToz3RrG(y!P4p;y1U@#m8s zU%}P4=Da^*0Pp;O<^t36`|!j+CY(7kH&>Ahj}3#4v@_Dv&QV8?3%35*`rKaMIApf; zdEfPooEJ(SIH$PfWndjZukHcv3+NAIuBYnM9Z%r&*z`{0C@Rvr(s z?}zG+D!p?u#6`**#P%@02hhte;|EmEE;fC6f&6;dnjU1nB~o3$`3khtz&OGa3G@~9 z#I^fIS;sCWuG+^QS{I{Z_l5Z+p4wN47=xi#i#J`?@Ne?|U~ zW$h!X+DNYNw5oHXUrS&A=B_i-*Mrg9)7Mw-QvTUIZ?XSq`ucsl^NmqQ^n<)f1MJ| zrnV+_Pndhq2Or0UnS_o9sDW*R#*4d369AJA{@C({nimmrg>?V~n*j6S9NmZ39; zpfex7Z^+oUm_wWu82g%PwhOZDIm8aeYdx?#89UY9$9dVJyWHA~jCNa%+0jyDsfcr!6I%k&vQH^qu%;cD!d!6maC`;k zxyYSNK=-sf!nngj^10;iK0$kur{ov0g>|P#74wwwuI!9*j<@0?Y^%^!=6FZ*8Y)wsXPykBey*Gi~)U@f^hpMdve3zb{b ze%>$2|6K=5{_VfQlY-n2LRQyL#&XqYJxFTgL9A@7vW5b5d$2rktLyo!PY0 zY_9ijrL3S?z4w>4VL7Uhe{9aR6URP8xBD%f!Wc~T2tnD)OwE0aJW`|Q31;VMX z&_~sQHxM@k$Zh--Jj<>8u0`m_t~=4=W$+37(OF|@4rnhi2fpSN_$%5wQhSN!G=1>h zll2#gw&;)+cnzI$SbD0hj2N$ScCqBYvxc~iK6l;O+oti0q4y=^Y@R`<-3j0e?>+Ch zd@}7tpP;t&edD_fYpSOf#omX0WK++b*52Dr3GY34--0*Wo(&Y+-*0@gZIAo?nm5~C zu)nwM3lvLtN$<`kjw=Y{bp4by7?SO-X9Ll%F1u~UL2$nl9X1jjR(IdXv01?puf2oK zkl&|0QQGLIYTFbGVXKKDu83m48Q+Ve!=ZH_{Wqe&{`(>C9t^X80x?xPHEgdUv#%k) z%b~sYh$<&ujFZPbVrW0KYaFzfOt<0Nbly$e$QX3o~ztxC1!8kuR!zR z(0s)G!^gf7$bYTJL-Q8$2&(t1G;|-@kM7T~$9x|iFB}nlZ^p^K*J8t?om`Xdf9neT zrh)WNF7h-C*&2yH9u1G5VWrI4t)!iodG~ky{jKzQ4asovk59PkG3Y=b|7PtZ`BOztk)Oe z31W=HisKYxtWt~tPwj_46bmHz{+#MLZiWw_zv>R+Gto)Y(Sh*V=a7YT|Iq1aeMehv zU(Y&=e4L|K(|&cCTcc%ae~jMD1-`~jxdr*7%bju9hCI6SmCKBO+q*w$-Du9b3s}#E zbHk};3f$bYW$cV#dk1OIQ796@=n21y0rJv2ji{in4p#Vo#W?v^A)dN(m!9( z)5DnxJ)Eh~lh5Dq9jz1CKX=A-yn{w?%K*{+m>Kdb;9k?x1BL<#g9{L zr}{bR%oz44F$MdlwGr@x?Dr9Jce3}}$uqa3$2B)A|CjZ1$Yx&GIP81JO;*a5C+!if zbspMlJg@2g?+`Q6Rtr3%w%XC-9XHwhBOBnh*ExZ6EgrfgdVV0h;?<=S?o~Y40gNPk zr9G_M)=?8e%*2^!(^|pt3Fv^{eO>+NA-}O7eoxTGEcOGJ?n}Z`RoLiC<-71jO|ECfIb-KD1Z;zHm@JM!v-?Vvbf_r~g`~q4{{(u88U> z=~tY#)rQsp#lUNVgOB#A_xHWk!9{ooA1@6~ckobKW-P!%{b~gd;j@*#_r`l!P2=45 z!BOqsN&9P!ex}X?SxUoBkAHU4iF$kQPmRCYklxUkPr}cCdFg~1dGPpBACKoT=U7l| z?*X6~LF<52laW`<`7n%oUSLS=1@L-|wK{>%Xb*ruR~~hwlP&8|XDIK`FzQ5>op|Ws zYk97fvC;lY9T!?D#S;tR)vX3+_6+Zbb9U3~;459%3ckXz<3fCodwTix2>U&}wshhQ z#cls3SVjhH{n;|dLtjIK?4}_s>4n;OpFFJ8W#qk1U_p`|E!v^o6T@m`wil1-Gx( zhBkd$_=9_ERbP4>L0@Yu4c~xAT(YzN66yUF`yKf`BL0P!ju`ns7Uiuihj+ z>y=aS>QBVe;#FigjSttCgNO9JpI4vfd5!CE`r-28qJHBlU6kGQC16a1Uh0o%Cj7;N z(lyG(i{`fO%5J)6o0Hq9v2&~+Qs1Y&WIFlu+Lb?a+xET2lS6Us%d7Zg-ujCG^&&;= z%~XWmDq)T`kNm#z&#Nc&?#GRe>2~LJomv9nW#R+pci?Q|okIS!cCNsVQO$fh@rU=h z^qi6NUUEEnkqTlnqfoc2798+ihT5>3@GQ{jA9!OFusy2BV+9fBxT} zkbct#qn{s-A9nQL&t{YM*I9gC^bF|tTh5hqa)3J(i_P}Y?+Y2|*9m`l^LH-)l~C_d zfxMJZ+t7%th!@GJ%ya32J>M;VR{cL6*+|pD&GWf@=KQwc*`&*}?lqTZo!`mPKHeJ! z?~U%|y*F*%o36ST!+Rs`Iyjg2(zJ7N$VGSHlbzIZ+(Jc08 zUxQq)Ios^Rd?b#~G{JYRRDRT*(s`CS|8cQpJ*WK31olT*{88DPYtBYDVWU^`UHLck zALA~6D%kYQKci=s;~#)S4ex}IebvRtJ}VE@N{;=T)F8!{qxX5{L2x|S&3Qd{;&1W% zdY+fBegK@^_Y_a+y*oVbnV6e*61*RwZ!hLYYRh=%R&Y`tVqgC3uFb^xIZJPyL2bYW z<>^922R3p}Oj8KE7{RU>ou1F0AK0BzV958E4=O&2V}~?f7SnuI^*Patsj-e#!VBOL zn1`Q*Js|f)4LbA8x9}U=5@3#kxMF9YxT2ivoJpnH^I$b?^84S8LnHbgYe$bQ;T?R| z7=3x0-wExJvjp1UFJ@~_Zg)|iIk{ISSl#Cjzu4qAVwFK>e(s{^Ue>lLx1~H@7Jsr6 zUu)~BAK#8Wsw6MPoRajZ(Ypui`EPsNrbOdfzY-e}U7*+z`y;x4CS_twBhTi3jJ?wWQ{ZkYUXc_w0NeD^3QZrB^Wa%&G1etw+*cMK0b6 z2k$WWnK@tPwHv=h-0k3-z$dDiuJv%t`A#wOTc%HspNOg^HhdURBAN4y4^x`9u0NE|&>Jyr7wr$jHVNB+@u-T0HvJg|}TapVv1Zw6h< zqNmFg)-%0q&*SdYJT5Y2&eS`=Jg#({=5X)-khwdplY&nY@QLbO#3x>Q&l-&0 z;Nzul?}J|W0{CN zl#T4OzO}n@WHgyPrO)2%J#&J+dyP^rS~|{}w~0BL@#r73|0upitN@w0A()EI zeh>QiDL$W}UuD_KU%^{5qpRSBBG$nFcC`E?l?KAOoquIDrNHnRWvQTB?6vwrv({px0|aU$7&owecTvXS;2 z!`uk*NF;Uge|zffckqpoaeteMnUPfD9>)B_h#7a+#(m>oIFk|k7R0_K?g?{Gxr0z` z1bdH--GJ_e9uclFzm2^NYEGWtW&A!6ur4n{htDF1*FfyHOnS(%h4>-%nU2^&<@aO< ze?$F@c+q_(_BgP>J%LXrAO9?DmpR7--i*<&)A+rJedLncv5nZum(WMsZoCBBSe33< z>9vi_Z^Fydl+IbK;JO~{Q zk`GJpzG$a;{0e9y-5JC;OLDy)y0mb8H8e7HOW?VIYqtMHd`KT!;L#Rn)dHW2cUsas z=3@$G*5>dE@McxSUOrradnx#*(k8@%&f-#Y=`DNvqQJ|sS$e1K8Z`^50g z;!BvXBrbR3$%lw_y#7)+m$}8agu9EwRZ-L5n%hvalO>_Z}q1r z-WVsl>317W*0+Mw=6oyV%C>3`nbW_b5xEu)nEIyt@z7Z3J+{7B7Q0*7Zu<+#lOTrd$+=O zqVq-2*genhe7+~ASgBdW+^VPAmKA#39=oijFKK-7+2jklG)XYFvlvU!doKRAa>oD1 z@iO#Ln-2~^qrt{&`d=|#UuL{q9{MC>w&*XwXS8q3u7+mW&X|cuHD)gVl)yhjh_#+% zufc|+6ZW<#5Gcl_Ymu|o%1oICS zo#7wN1X_Yhn}s1d#xV|?8VSY_<7g6-Sk=`F(3*fT6Iz9SzrSXbzoPBe_-*uRg_ob- zM7KUcO+^~Lskl_})l-gstwKM!`A)kxT7Q3heH=ZQjZLT>7r$uAyjaqliK191^DEjL z#b0EnV+=a!gk;|Wbh7?tM)9x4_idJX7fl%lzjtu0SXKA&FZri;0)IHjbD~q=Q4@b} zNUW(%-E@BRSndps<%K}coA|IHSbt?=?EHM}Q22raYajj2)!xp#mrP52HOBghGV~;K z@X8ro|Hdu9_|C%X_dhan=!!+$H|Mlp1)S7C*Wn)>^B;-<^XELK*T(!9kaHeSUVU(t z_O5wddgLmjGfbXHb~7Oxm`tR`5my-BYA0)~X{U$yc^7T(*8JJbV^e$B+xKqT@$I%h zFRGkXDLfr+rwm)X?)IUn?x8Ik$A-SK^QM;sI0~OfZ1ZbXtebK3YmKTKq4xA~>KD_{ zNIWFkKEN2vTmgLCxdVDo7yB^l6P1JZ{i0E+cGWz>1IqWb@qP?>#E)HR>w=e}dpn^u zcEH#I#iGi|RwEx{bv`*hYbocE$2WUs{<(?wUiE0&+M(C{<_BQ)e|#& z42h@2OYb4ylZIZZd+N9ve}XucGxhqqnz2dOQA@Fixg>mN)m7}H9i4-aS?2CR8|&o^ zkvVDfu;R4o7cn;>eEBh8SCV^P5ZP)Ay5n zpW_znPJ!Eg zq=%QH&y|bIpvS9N|B%5hBua1o`m5-wao(7A>2aS2eZSh#&#ZwMo*Ds6;ziLaS4#t5 zo)*AkZH+z8H3tuLih`#>=bzwPx5B4_X$1Lg!B9=zrVB^7zmiaY-2onKfBt?c`TgwE z@T>NJNz&g~`pd~h+?Na4wZ~Y`W#-vV$n*9Mq8s)t$ZH$@Cf-hnx6yy%?GE5A3Gw%{ z=LP)DJJ~lm(=*_27iT};?en?CnY+Gydog^GhiOi~Pj#)#7sq?0Z@?An=&1k4-YK?o z@g{t_*I_(v2*Hpp!cWVKtWOtD85&+n%md6V)Ndz{)ys(u3-)KNX1_;tlx#pF@HPSO zJm593HTX2>z`lr2Ya_m`BSuMs%f>kTi|((hW~|Vu$=m-Q-~SqMAvDsw(>M8zEtw+Q zQ;wZbfBu??_zvMqb4iza-eVhiuZ@3t&%{T3FQ3hYr-1hxN2LDlJTo6){gs`G>Jh0A zgzu$?r)F?3%UH-QY><9@jasQDcxxrHcGxO57Ftq zFuxo9U%0<_X0q33&c%f$OQ4PM!^qzh&;{Er9vX};1$bC9A~hTsMXTM~b4_~1k(X~X z)}rzP-Hg0QZbIXJ`@Mm@@XiTE^8GkkYa1A4=ulsIj8l-I&aKZ zi0SsZXM|gQ;h%qTVlF?RJhyV;+1Xy-719}h>z|V*+RVl7q`{eLwv_Mhx(2^P{s-@- zYxzg+}Zv3^&fe$u>f z)clOrpZvA)_Y;l#5cnI9k1qUWS)bQ@3iA^Y_)8YzZ>8k%9qJ7&{D1ogR(9 zo$^`!&cWY59|r#Z@i6hXZ`%nbpTEAHeEznR3iA2s>2dNU@xHFvaq^wPfDsttZaH79mslH5{5BJPEzmu??Of_n9UKdfB^I-eYRHz?Jsi)VeU$gZeer+E=-< zow>hzv$GoLqk+B}=%=Bt=PveYUdH~N+o zo(Z2-w9)kt`7LqMh?;?u>J(m;Vd;;30B|l_fjw7*@99LB_ux z8@CP{w~jvV@UE!6jJ2-osP9+X{@U9r@LASA{WR7M(wF*Bj!bog-Rz^PS}%W(pOW_D zu!-#9%{)1HZeg7qbH>U+r_a+jK26nDqc{EKBr(R-jH``xudQ*9ec!ZCP(^!;HadVm z%XlvJ;yXI;!FPcd6zlyyK|KPzBAyZN2=^J@drS6Wd=fbPeV+{s*YVChzzeQAX|Id- zRG+*tP95kbbjZ!{9ew@_{V8Xyn!n6vu-~-#sK&8^xNaG9jSVLS^G1GL*FQPlw|DIb z;=NIY_di`ij8|u1qJor~WZ-1~-F>{fw(CtR@C`AF~4 zy-y-Do9bAr&iv0pZ%*X{?C;p@=ISd=%(;ubSI1U)`>w}sn_5TZi?J=cCfD^kTec1`A6^keAS39b~)!!^S z?I+%ZDdrvEw(lrr*1cZ7`6S=iK9+vWn=_I2&kov`ewj(zd*H8`yjR6{+h}t=ZO)`U zdtZ5m-Mn)a@7Qsl%Du58nIHWp#=xAT#<27s{V}MIv*=?kW7t9;!p%g}&wETiF8tf+ z%RD#z`OgKv?(JFTU)w%a52R=IS~{tN{iZvSo2StmJ&$;O*;Ux&o9m2>ZDK8+_+B5)jQP4n&{EIK+8}M8*A-{RESu1o( z>V~_yj}D3P&hd;Z&9~L6e+p!0gT6y{5@vlLYxQ~l1L`gmm+KqfzDS>y1aZtsX0D_` zd2)1>nGdAj7Iey2sRz;C0MaWjpr=e-ID2=O+?3Z>t;nSCmH7km*^3Uj-`7Xu&SCE* z)?uBFz0lgMCTNZaUvxWjPJ7P;7t#S)cYk3&@059soReZvY)IxV z;y0~>omOY|&`Lik`%P@#>fftIuV#d&OyvKm4w5Pk=cXml?yE&>q`0J&A0wCbW~W z+`$}JH)Gj~-RwfX*RggX$#@J;GLBu01G{};7GFgA?lQ(=Vmq#fIb*2ew{YOEXDDyC zc=!xs3d8o^m*7M8bkBT_aR8I#?sV}hIL|qO$~>STWbFJZNJM>Ywp9yUYXcy3*!}vWn`!6YdXK{ z$%|%b@6t8!PE9#;z9mlGgnw3U=a0!{SCX?t=dOkZTZr*GcMxN|B74kQXmDIIoV7yW zv-z0% zu$kPw#*$$yS@^C49#nrB#?nE5amJHIS6%TEa()%QiRcFZW#L2HmgY(|XLk;3J;U^l z|74KR^8WYO^*Zsz;?RIh*|-+JQ_$Y&;2mE_hyDo|@!5 zH}!MSE5p0T@~-?C{T?bgknXr8uRDz2_BeP2Us>=rZ^69%9Y5fFz4sklwVC+IyJA|Z z4HSMSEg zwBvW}!Dp3ze*{0fcbnI@2s_nMcJrIa9NY*=l{e! zhJ!=l&f@JY)-7JS#jm9iPG+^CQ`T~B1##S%+?mirjbGaPXKX8LG^&x;>#G~77W_N>fH}Pt*g|}xdCVutKU=c+?ESi@eNc42o;B;QBdfYUNwNap?U6jcLp`(? zTcLI`w9~~m;}^`|Fa1z&bjS&*r*Arae}?-V{ot84Zu$lC4$p};*{eA}D4>DX`Rsv@ zwYH}PpRJ9YV@JhBQ+ny+^`UirZ}9yl?n_5iFIe=W)$--gEknICPJ07A^vL3K%sSXj z34ibAvllGduXpBQi|uobXQ-jy(B5I_ls)j~^Q@V?8~?iv9lbja4{&c5YnSGMAN!1X zMzhwoZsElJt9XyILC~wQ_9kjw?vb8vkd2b84sAd2rGu;NnB4Z4>pkWRCC?`yC&<~( zV4iek0zL5Fvm{&o^Wov=>Elvo@VxMwQK^La#@81md?Q{^`~9lH34Xtu`(4#Ol6U-b z=7zMF2fyFqx$eEm-=<)F^wwZ~^fR2X=bs&Q%f>xCFX(^GajBT;UuV_bva!ST6?}UDx#HwBBuAb|N&4^id6SM9iX7%-K1^QYsa3wmsiW>VN?XRI1J_#Q@eS{PVXYlzmhetSF+Yy zv4@Wj#rYNOm!0h0tFxWVzEaYqf`_wM_S{SkeIz_?c!C%cSQN*n_gBbtxa8CHztexhC!ynF(emcN4xLRL zpfN3q0Rwi3@z={ffdl!Kd#TauSjL_gw=H>iY>8h#Hx6A~-#H=Gu_D&D6n)(BHO99H zn%~1;#@(@szpTft|L73*f{Af{3-7E(m#?LdhhlwOc$Qd+-g|^=a;=%~^Oqb~<_G*G z&y{&RW^`#reKQxYJV@)mGOrKM33rz7W{cmTpYmoGXiP1^n9eIQrs>7UWZ-3fRbw*n zGA8BSvWzJUOj*XXP5Iz^M^OvOJ*|acOj*XAWnA)ivWzXu*qRx4ma%m(uC&G!F`f@F zp2tJu8EeKDpr zSIFGz%5^{V=T`gZ>zkpzO6kku5x)oBbzG`{Lg-$4Wa{nky)`3Ke+u7g9GTi1zE?dm z)f>K-9+B$ip8Nuv|JR(SyZ)eiEb?5#J@VXtU~eSNH`{qQH_zQY7TK;z_WkSI{yeLl zFPLb~Ldnk;Xzz37|1}q&J)7Q-`!K20x9O;FA3G>;s0t9fS_eUek(X>;mJ z&>a2f}ap$lvM>=tH}i8Ldz3p>3^A(7Sr>`?A4YW-uQzfCp!g1D!?PquJiz8sG<=$YtE1s<%glDhDckqJ$#IO4rPBiliRn1y2aB{)?g7#6^ z&`b`LxrGdK3>}(ZxF+6LPR(NXqF7(WXn5|rSYIi8+u7oAj&`z-cwvKg!!gum-$tFA z_MIqif4^!Tu9AL5ACa5gTQf4%z1HS&%l)&#T3B0vjfmmDzQ8)YeY~UmZFknK&-c&2 z+1EUjXCqTRSvP-MVSH5G-<4~-GT%17ScW+4aoSGL29~SI5f9c!!?C81?t(u2{sreH zBl=gJf#3D4$qASDHhqMAPJDE#XPeDibLKJnv7h;wy*uzPepbi41bLr-@a9w~=hNWk ze0Gt<%WK_DJs|>%_P_dxBhuV)q*4 z>9feO?EQ{C2UjTvtg{$5lly&$+;8q%>5GVOn}ctE#J7$7*8A>zU#5>;^o_3Q`$+Jv zY|sYYR}NTXX!;;NH+>qvif76J_mhWE4mkZPc{cp|alB)mGd7#kmhZ2&tCT;DpGf|+ zdcWFH4po0Uyo;thM-J7zqa14Rj`F0sx0~w;d}I6AdL@0({%&xmoOv7VSJ3t@XjQ>` z^24^$=0mhuL3{Rooclezv+Jg6n56X^N z@p_#8=;!W{qrP%?Z1{>r+y_UG4V{7>yQaaM?Yozl{`bVn$4CxY+mVlRk1;yr4RRct zh;1|2?wohg*QE_oY6>;$}CoUdh-rsXJ_-H>A172b8;lX3Bqjb0>BO7&FA`9iL0~S^bjZ1^npW-lMOPW#HQV4)z&u* z0)N97yT;V_?Y`@Z#k=Fjygkg-N=dZGn(UTlz5@KiR=I=dPh6E9ldoD;S-sHtQKjr+)hYz5{J(?rc7NbB(x7O_r7^- zus2Y{$z~p*x4EwG267?tcR2^LuS)#Ey39O(_;_7N-go85svZ7w_gupO?^*Iq%gB}B zBa?fd)54tCW^}g6ZIFi@gFfAT540htP=asO`$wGvS(;kEc;SBKNJ`L=Z=lE4lOu88 z?SLQkZq-e}dtAQ(PW7JlRZ*@(d0z9)D!=^>`c>ZM7_TJPeh2*U26{)|$(NriU!Hxr z-X;%eWBnMq+~><%HXhtEnwp+~3QbB3P#IfDP;xqbJK=C^-;uXF#6a2wU{ zNtMzDzGA*z?)9Hej1@(PZ3F4By8@lHn!U-%vGm^0K6cD;3D>RIP2svJz(wyP&;q>H z;|B}Rk1Sra{|)$(InfKxUNCXL;%Gn5J&YJ%d2Y^T-(~aMW$p5bO&$rl^nRZl(pqxs z;5q?rg=@7vk3NTi;}x{s7(4T{>ID;jbTZ$qPM}AKr|o;=_^tO^7cY93citVzJ6U4< z3@~=kZWjIWuP@-EIC>y^v(W_`tSJk)ZBhARi)ygc;~ z__cKVa`<_AbZWKpyp`w1cSUw@4ZqtsI(0Aa-i^Gd<|EA*UPoq(o?K?uY!1|u=)E^i zsOxKw4O#KVC~^kSZIfgJoNR(#o1vHTa&5@O8)u^D$KW$@ZSr&rKl!6g!ZS1&LZ0pq z@b8|*=duqDHW?hp!2ekbKe=D;)FT)6InM6r&Kl;vc(xj!L%9w443{k)zh7%dJLn^g z3|%XngJ(zg4#2ncdha6W4}S{pLy#Tm(AU{VQ1m*>;9m2Pw`@EgeEIvN-?H(&Vce0U zyUgHO`>5Zt@r>|u_7lH^=N9*;g`b1_3v=HOZCCrs7k0oqHNo$Z{FR;8{bS8<B`K$eL66TuxA97G2qvYz2r*FZ%pJ)2}Km4_@{?XhkSB}oC zAza0|X42K+SX*(*iLU`;D7Jp}-C$p~=9A67Y>98?_htJX&ur|XzqxoDzA0KiOnsw# zzH0IpZmsJvwjOMoU&~woAF%EFT_J2;*j(G6zaP-R`r%xytNey5d_P@wvZWeb1mDK- z2W!f`M{RAE;)q9{57u}DwZ<(UL9f80sx`iab;PvH@KsD0H|QZF#41K88#XENkz zloNSYFlPLuOPSSAV>d{J|){ zzLH$V2Aj*k7UXNbfx)S-GvXUD&$Ne)L{lC7HSbp6NKSs%issFv0+HCMN7v0##-)b*;AW@n;;L6H4FZon* z^SIN-l_sC6T~Il5)6>zr4*xL{u{={)5t6n`0<1pM@0FPrn>9uuwQyEemvW=@zK zvFh^5W%Kon`}oJITX3cPU0yfrOeCv{(sU)?3O389Ca(%#f9tn}y7d19G_~}cY2-hDUY}i$aw%h9 zJ)fE@_*XfmvTAfGwKwvin(@I^-_i))gyS(6w7z&5HQeRk>{-5B$Cz(dZZziAKInaE z<3rxf;P6(1!)Hd^WpF51buJQXDyh?9kHdFb*7pbYpa3uF_oV)jv2{9l*>^|2ZXcbw zGx2axw;#dlS4QE5wqygZ4&g@m<^K%fXE$fNy6e-;{xS`GKg;V|jSi4b)L1TK+*)T| zhkTg*BY7^qz}AfxpRo?vUr)HrUsIvn+-mN1!f$ur%V^I^?G0t_gXg~`cIkpAKSAxr zCiv;AtUK;TcGTAl`syK{+>d-UqJxxwP`!rMf2sbTJ!ATw|7FO20h`W(OrMRc!T(wM zQlDM)-;K`fA^)s-qRe^Zq2H;P(vJ-9qU~L*u^&quyPI+9-e&HR;~K5LwLZ2V8?PAm zOvb1jTMuUhkPA0^?({FfH-ultQ4>9nJdfT{4n(!idUqG^lJ|LW27I!My8JLqk3$Qe zFMOO8@J03Usb7pEM;6%8>%%;8_xpWWVO(MT_YB{4fxp$96Pun4zL0y{&Ogyk2KkOL zr#8UGOg8XSmo(7EY@khJV|eGMT@f}0o^xyXfB2h1xpe0?ni#j_b6-QSpD{HG2Z!g^ z&!(Bv(Ar9^tBm5o3_RO8*MBY^91-wf9Db9&lHT%lroWy+Johg6?}RrDFJ1#r%oQ(6 zXTqoO;~ShU+y#GGe*Bd95&q2aBX|t+V~6~NY4{1XUf+ab{8$S=f^W@(bkb)RFqpX= z@M!pP8hdUXf*+{?I&6NdL*E^WAA6`tzf}Aff{C+7Pxzl#kgJc%rue=e^DqT_b7Z8C zZaO=)|7*~9I^&1WTHmKQyE?V)c6dwt==0V}>%S}^7VeskjRH=1|L})N1ly+ z>;H!R%RSOZh4hP}Dg3;Fv}Ni+`fSSEkPQhd7vR^*MKW0X*`GizpyRJ}#x6Qedc?MK zuV6;ci&Ub_JJ>a|-oWH&dTsMR3c$``UHy7paQ)O^H8~t%L`U9CwgJZ2D zl3qF1;u;!RKi$fdZ(IEP1%A^g-~tC%Mc`m-Fn;^Ki3ct?{CHsbVDZ2O{=PPIFT#%q z;sGBg0F_kZWDL(OP?0qLb@$LA;?Db*n#^t4pzy7pW+HU>Et^96d zFBW&qtAjO?V@IiZ!_fFbcO3a`!ZW$eFv(fiUY?~#(9EMTt zjTzbc;!@ULk7sS~?bVZ0t=v<4ZTPG%jQAxhgZ%8yM0Gs%-RhjbYUpxVm@dh{HyJfh z2Y-uio%Yy!GATwL%T z?L6Ur$Ms_O+S;t1r3JZ_m5I*>xs?dKC!_F*4)|aQm;V)#hlPwQ3LoV8AFYG$r^EMY z{O&0DHUVFq_GrZ)NXT!f{e^+*v%eZLEnO zjEsI1T4db($#Z8%(&9h(W`Nu+^Uo>SrhRx^-(^{Hs(eOCT#g?2AO-mod}H~@{rzR@ z)vm=u47yE2UeegT4)VOCvDaoS4MF?}jy}!!Y%b37{8<{u*do3G_R#nS;56)~wK6W_ zr}56eQNv<#WW#|Cc~;I(_Hc#9HyqoF{3zGABZ40$7SRtHmvS2|L0mbXxKgppMCh%1 zo6!?v@Z*&;TF%(DUx9F-oRDNlXU~y0^5d2uPtZbqxrKM+&)Xbhv3KQT8TdK65`;9;PyZ zT;NB^pVEHytXW;T&P$}8nD`wYC#Xzjmgs@r_XFZ<9&VKa*F*f**99>Rp+j!ntpk& zj+%VnSZw;8kbC}w>Gz!6waKrwOae}7@huMw=of!!3FBhiPkH!723CBhrsK@L12OLt z-zw0*7T$~foQ3@^L2fm{_o{hlNn&%TpXZs$#j1@qk2C9owv@67YAm?Bt| z*K}o|1D>nn-7t)n@2iXPz2b_H{aJh({tWWIj67A&w?@Zk9^-vlpUyMw;ej7M$9>+z z8js7#IaD94sLjb=fQvNt$HiSII%z=r=(wfeQu*4b_OD?Nf%hI}`;2>~;^7YJ{Mz#I z@XlPGyl~t*l_#IZxb1hU4|Mdz%7pc;BfdM=`R-Z1tIPMdGI8P%KQ9&W-B{gt9uVQ|MyB^|L*+XL=%4u^f!#Ygda8c_pofrrTCDNA+DRS zNp@bUiClr^rE01Q=cWGdGlg@3UUdL-JkX_ce0j6&ED7cm8$xr6U;1%jJCfxzIB03~ z=N5Cg2-?*gSJN*-xmsXPNS5IHf6}uebB$iGMs17Md#s74zIJM!Unhk5=Z6F56^R86 zpD*D%r!CGZtWDh#aqmX%Me)lWA$t7__RsRidg|PY<PWI=VWIyyPewk^1y=M_WW z(g^zYpTe3a{EJ_4?x&M;GJ5mgmVC~sjdhqdcL|^7_L6h+;+D7e(5CS#$;VWri|3r| z-ZpQ(Tqyf)UVKr=-`uw>=I^)8TH1rdkIU~7bR#sn+4JWjCAX|$i$~-kEIx&6#i zw>I>H_Ab5F(GS`4$Wh^QHQ@&cukuxlFE$N-3?JZDXlU|HqRBM*#_Xe!`kOJD%pf52;P$KOvi2t2X5am-JHiV&Wscb9L~J zedcN3WbCrx4S4ZPc*D$fYOOSF*tOCRhSs4YQ)aDn2l(~ZTzT!^d@a9D`WyUKY$-Ut zjQsg_J8tr6pMa)e-SH`Co`sKQh>s>i3;bAXM@t6dBV@wFC-A=$pBNqW5z9xs^9A6E zn!|4n@y?AQe$jqN;raLy>gbn(H_dy-SdSrk#=vV*G6^mL&yvS# zCXaPTAdl2P2J%?i{u9pjb#0x4n+=KT($pD@qu^dTo=R}f>Q%*A=Lh59JfB?7CZ|tL ze3joX+s;SMXB?&2qAdE!;2fTnE^TB?KgG7SqK72Yn&<0ROb#6%@{+Y$KlN23?@50S z5PixXCVdl6;#ztczqAKl>h@OOS6P)bdxl)eejAmsA?+ox#T!*uV07i^KvzN^)gxXp z5?#q}@wes;p0@UN+W>up?J7;B$As|GSekm3dloO5p^RrZaVRmQaI}m4UkYOFQOQ2d z7b>>We->YdL+|ClRzPp`@Zr+?gM-q$EY%(!SGqK{&KZ}+@>npIzZSj!{t)yY8Ab0? z51-yO)R#2>=!8^f#jP84CZFj2{D?w&Uoj}X%Tn{hcxfz4&2{h+ruX%SNpI~1@A{*0 zgE#24nwm z1b%{x2a1>8*(c z_R2HsXH>huIw0gtYoh%<#*Y6TYt5=vryXloy^v?tzMh)O5SNf`E67oG;@dvU`F3_M zLTdw-+=?%OJ&V!j0AB)~Yit0vFKh!|IXUnpc;~I(M%aKrH)L459o7v+&&R`_9vnU} zo)E7n51Gc6n^*=MHlj1d1E&*{nz6J_PJK{gfd>>byJOkHoUR!oxRo8(SmieuUx=|k z4g4|Tk!RA8o4Gc;6ZiF_jkoN)%y&X#+Uf9utM3+u#^cFX2KFV^Zrk=5-(1m#F=iN} zrOnBM(MB|3JgU_S)8+I51oNygZaYSDjc*$%I-H2f%yco%LHK zXTXWAk&mf8rY9kD;<<6uXPN!WfytG<2ISY+9(-i?ei*O+5W?%P0~jrQ>rK7eK>ny6 z>ODGd$Q8BO$-oE>4ZncL(|)Qmhm@~~^)AGhR1BvvHA4sGc$PpP$))^S$z~_xTFw1k z(B}?vqMJ&+eO1IVy0@8o=fE?oi6Ivf4{9zf!#(9<6x(dV7wJOhpsUQ;>Z{2K!Dn-p zp}*`qalY4Yow=s>yLtZ^-oJxn$OxWU|N2^d8`B=X%{qLWW@4MQ)ZH~th_&Bb-}>S_ z?Llno*8(2GkJ%Z_d#y~YDNp_3By^+Bq$1DqWonO`-28>DJ7C;SehEK#S}MbL1#MLy zllqO*))#2Y$!V-ieA~}yIP)Z?ouBcIa9coQ@GBnt%`XP(gu5d6aeIg#Z9SZH{sZLN za(S#EkNm*%wyw*cqqXC|0+=)TJj~9-_;bSZ2?pi|qF@Hz4Iy}c>A-5`-R>X1(Aa>H z`S_;=Sy{%oS9pD!v3(t-SJcV}*H}z_7&0M0A0>ap`?P15x%;&HwGL;g)&alK$RRSR zIh#r3<$SsGEQP*9{=a&f;qC4i5mvYkr_OGC<>3zUNu*u|3^dkw0!@)ki2gX z=}%j~pn1~i^Rc7IUpO};{W*+tNR2L~PYe5xf!){!-_GqUh?%V}MK&E>YQ}OZV=;Du zci#V-2s_7kCWOXQ%pUmja|7!;&3MRzOJ7u0H=cHx#+7V3?VWSH4L2{VO3jNW4fsOx#v|kpY|N@X2{>lKX9K-2--=|PO`e`G<3|IYTnP>6_GO!)AUGl<-19bql;{Y@|AU^o@i-mds|BYwK1I7GH~wn3()7vJ4N8H30zfkzY82#9O<41UIxVn^B0E42EoVq;G-#zj}3{@rxwM>SBl_6 zxL6f|3tQh}?Vo=hNi_eAqi$gC2y7QT5;OMpOB?Hk#dgfA-g4h`FSf6K((3!LJsT5~ zZojW?!j}8AH=yRiiqZLmn5;GX&+rk-;;Izl<{CUB^H=vrd0YPEsRyb8arvCK1T01QvqZ}D?B^S+tmq74gE zThK-`w%E>f<>t3?uoUL)tzXfmwUgwvpFJV(qs)aSZFw8b9xB0_3G{B*NBJS&*|x~H zuS}%NQ$KL-+4jH3y#YQ5vi75&7wVmRi}0hbZwAf>oBAqfmH;1W->%1T=Y$oTbZC!e zd}Nc4#81|o13ql5LM&5gudwUJ_g8$DpC2^*`WeP- z>=p0)A8JOTa&xzY#;-H#<;U3ntiIW8{Oy6`Pm{}%?~>ibxun3oCfIZ7_ltp<@s1;B z!(L@mYRJ`T?Z)lc>r&t();0Sk;V(aNEioDXFgWq!ux8b_kP{n=eJ&#wGxhd-`w8|4 z&>R2&nmK{xn>dpozz6Gbo>)pdS@PM9`c7?u6YY(1747N%d~y!A6PL^vo`6lyEga^o zHT(E1rH|p@iJF)@0)1uc+h>}bW^{eK>e$Wv5WJspct4FU z$TZ;7PKPhZb*eVKa~k|n%RS_vTKqkoejDhQ{A0G3xs_?eLEuYsImA_dp0>fSf$yP> z`?Ux5WYH`y6aNtKm*RKJ1L#2ioRP_aOwfK88f-8S>Wm_a5bB}7&4UAURPhPGW#tGU&<5zVrcRCuLSd7+6PH{u#II+a0dEh zeSJ^fIoa2$`7iL)9PqV%YyPTZdfn72c-r>~a=Br%E*+lRDV_a~KF`^E=<$lwoG6}i zaN3>qYqCB*2wuCh$*Jvu9fFHT zxLA^$dP(~ag;&O?T!3;GF8{f7s0L4>!{-Ni-|#>AfHTO!OHQp0*`~e5CS8(JTt1(g zx<$}uD{Jl6YX1lC682n;n|=K)9JQMdu9D8swaJYD+wahAI^(s2-`7wNw1#z+9(zZ4 z@Hl$rLTtX#m(mRa_jL|G`}S_&`6$xy*=;e->GJ0)I+&}F z{ugeWz?Jl(S;w@kZmRHU&kvICT*KZI2F`{cm&SMB);`qOJ;iF+yPe8W%)JTQLHrfS z_J)G^3_WS=9rEYM_DcC@kG&_5ZQgnDml3iZ=)O%q8>ssR_}A1(yZKvt-k)r97Jb%* zj_X9nWq{q{q8=X89HVe?n)n7>*!8zrbX+HTuM52=yx4PQ+VJ^i>+U)-V6S-@?Z5A(&Ilh-ovCv_9r2F z5NjMQJthrCk90+B+?SwaEiHc_8nx1wG*<=bcvVc~4dAZ>jf`d^xSf z)-&!?|L6H@v4hw`{A_vnL&6#JU(y{h)o!11q93bDpUCg?<2l2(>%o)ycJ-y3lXxtI z7n_sVxG?%M&=Kzm;Ub5J3;cNjiwD(DYVC=1sK)Q>dS8dS zV;{-bx8&odm5HaP6&?F0i;P|Jd1J)5pAFe#-!~jM-Yj<4rM)}eU+HX`fcC1hG3ye* zh1Mac9u|Mu)VE?Mj1R5*3G|@shU!w4(`fSTh^dEF4j{NT^{{hK^l_x`T^w27*#5yv%_478uJ9kQVX{D7>;W~784bd<55(?WIv z{OG*87VTXt9Khd2^?Y?@>djH;0NQv+H}FAwnv;Fk5s&oe-l=Hc7LGUMXD#v?+S9i^#Q6P<$RaUO z&o%zDI(}CW|M>5g?0XLS_ssR<62&7u*CqQN3g-V;19dTbn?G8T8c*KO#!ySy4?BGw z_*vxfo>N2E5KoO)4I%ic&^YCrk;_w!LfJ5K1K>-!0j(2m3t}jPNAz2k_+owt-V9^z z07q%?5{9EmFkAx+(6Xc1fr0%#RmZ4toLS;MCRl9ltqwdYe;2RF!=g3HO%5#0AsEbl zyWpZxwFuBS3BKMhTse5^p^vTzTwOE>o@zpP+JYP!8j=^Zc#;pi#DT4&Hre;ilZ7;O zd{z@@ZaU87Hmo0O?)_)Py~iT%ZQ!1A2w%xCKIvX!Zfg%N`vQ897&tP{K>r$l7y5?d zjQeTR=t183;eSW#K^t>*6CY^bXKh3(3x$t&iPtCfJxxAO~?XOuEGIv7mxmg!7H&_=Udux1@Nk#4N2E}!| zKcCO*8vDC5$m=@xw>nt!UJs6?r(EC6+TW`pa2Q_CRm}dH_!T~gvcLZ>eAOVIV~|~F ztNu;=x`1)P%UbufhBLd}I9y|oD^4d4zYtzojtC+U3fG#=k%Fg*3XG!Rb@ zMBwRTM~SB&IC$DgUjy>qK|Cs4{b)zDJcjvcJ8PGs)`MlSshu;>*Wl+e?B1qJeHmCf zA~~h3I@#x;Lsg@;iMbQvk2zO{Wu^YOXEDcpI<`w=f1Nytoijl{uk>2aP5t(BzJ8Wpmu1}Y zefNmJ7+V*(Sm$v@F)~^PF4&7|g$uuO?SkExO|Sifz^&L%vaNX-Bd7UXI{lrOGI`B( zWvT}LQN9c~jJ!Sx98LL}nGK0w2J6IW3z|Yp&OQkA)@Z)Pe&yS%u1XCL-&<3e8p1un z9@cNRF5>tieECr)_VoDA#-GLNp)Q9fUkiA0>(Jzsa)&2hgC{kgcqaHf!|-H9drhTJ zn_l$8Cf4;oV*Zx*Ue8~}cAd5OnbY8RWGD@fD%P`n`Wf(K_!OJ2yk(A0(WL|U6y7c1 zQ*e1GKK<=4its7l7Vs(8FY>N(N`_B~&kl=EgM2~({nk{aR*yKis+;jzeyC-fOY;1% zGjZvJ0rTOOA6D{hL3@o=sTJHSMths5{nwvF>!mKnw#?xHOaGb3zFS{w^@ypFMDDiW z<7s|3fh-x`59&Nd*!h;=x_}?ikDm|0(dqPEz<;JbXJ9-xcSQ0{582*|uSuO&t&tVh z$apZUK&QE2A2WuB?ez^kv915=v_kFLr&{*8_5T753y#3!$|Hb5OrkM{L z7!Pb^t;qwWS4?T(3~RejqiR-7EQT*4pJda7rDna&QqD@L7ZK$61nL*kq)_#F*tR9`Z6ncg4P3NBFgI|6oziyWp zVnbr5zxSf8Ikj|uAKwhnvCuae!tZxN`poJ-)sZErGn!70ae>Jv48EVJAD<1Z#}W*= z{a1*m7J#?8#9eFfV-#q2I?D7iNQ$yDUx?Ay>X@@w>w4?ZocBSVB`;O;N zxX&$amxOU^*FbKg0`mN@}sNYK9-X*Bt${>5pJ@_;Y0- zca5J*T}`}^07r^@wI*0|{3m|!z^YaTX5=TZS+Z^B?9gk3XU=S!MmzY)9oW5k`8Lf- z=4kP4X5+i5HsGT3*e|eUW7jm+@6}Qh!o8lo(^I=R9|*Z<-vjT<-%;Jihi>5v#81HA z+_$)S=a>lD3)!*q5H2)FVdq$%4Dq+ckI&|A4aLK1;|*%H-S4&U zrQ%mpS3w(!M?T5>U8UY*wub7&ci9h;cl54H6Xk>-z~@|wEiU8y(slToio++d@0{|o zdf%_t&>AY8L0d|^TGqawb%QzjF{Uj2nt6N1bdq_Ngtm;4u|@T3V1#EF>psD{jx#vk z0pAaK!%{t*dHvA-87q4Dy{_`E6@TKs&JX@?{#x1+gKkJP4oNL7LSy+TUt=$WbOmt0 z+opC4+J^TJUOz~^Opbo&Db>zo#q*5+R@Mf%WAB7c+NX3Rczdw2Y)8**=rOE($2N4! z)6o4{=+;FZmS7cL2}e}`rfexcDd zXMtan)8L&M)Wi(%okQ~Uz6hLKd0JaUo|c>S@6qxky<=i?WFWyhc=-trDpu!u39+_n z!?e$&YU!k#G;f$jr-+}+;pb=JXW{D>_F6GAhR)bBKF~kH5%^MllVYwo?>Fg>#V zNzn#5{S@EYSgVO|m9LThGV%+5Yfn?1>6_NM#v`Vtlmqz=@}qBSpnqC&0Pdy#e$Rcu zCwK+>``)2#`Z2Nt99I(O>3zMcZ(LdJ=KTjaThGuIo=XOM!hB4$g?9#}Ep0h*k)iDm zhUICy^JhM7)yMLPJ}y1VKJIh+cs%IC`i>^v4DrtctX&VwtmU824d9<({{-gk4h|oc zUqAF|@cTJ<;bwTE#pj=H@U8p~HffH@=ddr6uCvY10lrbLCJnE3Uc~$?W-N|#==`6O_^8aS>|0&~BnTp#szK+a@ho|#h zn)hU*J?S;zn2%n(7P-(Gb=h^%L1z#N9v8Qh*&i;;^A?`#`)+&-$)V2Kkxo>*S!7r` zuX7gpHQE<#w}7t>XmUCI%%Goo`VsDSaZl&BmB+vp^`NR7G<`Cj49_~C;qmmTzNGVd z@MpTYuYM$}+FPW12D#E!?ji4u=zz>Do}DK+z{3pq02%H^*3ysJ+>5_X%*yI#|5-lx zZKm#K3;0Taub6Vyj5F-#?HFo&_m%Pw=NJ199EZPqito(0Drk48=jU}oa`qhS+l$HB zMC8o+^ApjzQSnC>e5jVR^aDOFTEWFwaG$|%QGUlGKPr2ZsM!Cw){=ezpVGTP>n*3I z&Sxyt51E?3anh$XzTa1Z{AFU5}4lZUS- zPDAD{tj^`&Ijb1@-Twk(981nK(CgZROT3}}I>^5p-5SJA3DxR)7p9g@@pjgG=cXn! zvz8}xuZDYt{>RYNJaAobuXvBui0LGVWG`!X~&^Jvrz>pVD(J%fD||6Hjt ziQbH_o;3~P3&U6F5O;jK7eg<)_rmmF8y<6dXsTmKp{$8^`?Rk@1vnjw?-$T4Cr_sS zZQyv}WT3IE#JlT7-VS&g+}U9;&wXyBmDV zXO)ii*KU-P%dTiY?mzoibuEHklWC)YvC5}2G?R}TZ$F+I;LR1-Al{LG^}X%v&sXJ5 z5pT#JGwY1V8{ z-z;FjFHk+qQqOx#-~Go%-)HK;4(R&BPw^hP1f3VGdB^eSpxc8rJM{O&?V2CNuBZ-8 z_GX;+OyK(S)H8`!%{cg0wkON?AEbS?qx(y(jtbzDjhW9ncQc+~FY0FYpw{^^df(xf4bYv00tDD2bP1uU}373`7H^ZZ4r1=Ri&#M;g5 zUv$&KRX>D(f>;}!eqO3N#5-Z%PW2s*&5=9tuj;IfDI?34&cnp3!K8k7})6BK_audt#w?Ei*x&j;y1&71o zZ*;Srm%gD0eeMgNoSNZt~JGU=8XZGBnp1BelvKH^>t4EL*5A0w(cy8{K-`1WR z^V!E=dlFZn`&x(_ny7pO9aaAULju#h86HcvdZTP&fuA<`L4N+{u6$_jz8hj zHzr*NeaD5~clqOv&^MM&s_D_Udbgf-{>*zN#`gJqWPC}U?+e|RPSiK@D?bj*UOdmo zAO11d0Za*CN-&1$_*;sr%($x~a8X@|3-N+0Lq08|=v#Qt>RQ>q6Sb#O1$umFvhTa> z?`!?*-NwH@E$55Mwq>zZX?QdPuhyIK$Bi7N(cASK@V97V9JXKUDi%QJx#$$xjV$~N z4yUUAOV8v}2KN?AR_pAW5;K0iN^W6 zE%|X;JO2ze#Ey5liU0EB)jGS5V7$oYfrJ?^>xt1D8gIEfUf^#7R_3G+Xbp|WS|WE0 z=059aj&uz4b0C8~R2-%;d^Z?FdMN9dhNDN|t77}TEX39v9A0ERlf9?H<9YG>;Ae93 zDZy^&7|4nC^sdJbj*R&nd?N!-xv(y^u#QS{--q>A4!&oG_)9UG@*sx4#(D>$aK0WG zb36ur#NZf9c*YpP)pLPg z0v^qOIsP*A$k!_=zi#FLOY%*#1ruLBqj+>FD(jjfYjb^XF9xNVKv8`OJP zU1eq1#ysKkiH;QhJ@53d+CB*UU-~P+|I`t{@7G4<{aK6GEWFYQ4aVZvXInyeEgdBi6cJV z%sz1bxuwb*m$u({FsPvl=Ju z&lbT|vHA|b9_BFdHQry3u;~;#e*c_`O@Yl}{8J77c+bb5e@?}w3Ay*pdW22EdIaH1 zb7Pw(9UlJ99EiW2%1uADAYW?){&wch2#CPn@rS_QxFYx~w!hVSqmK`bzfHsyOW-l; zJ91}jY$CRjP3PW$%ix<$@J$zdvj)D2c{hEl1HC4`*?pjpZ^XOsjv4!Hj9v460q^Y0 zovRQr_E*XV=bbEj8ARy`*WUl{jdyWwyx$#Uy!A&g-un+R-iHojy#HU*Cu_WU-?BN6 z)ge4tp6I*o@b$@u4}qhP7s1j0U-iivuQ`XmtBT-nJ@~70Wy;pqMaWdiA@Fx>5&RX? zC(F(L2?OgbH9!6IvMj4be28eXEi#j3ELRlKj7BuH=?(ylZ~gT53Lvc zGro-*XQ}P*`-*28Y2SWxT8Jj{zbs!jK$l2eN4sG=`OVV7b=|}4nG>b!z7_K4CYoBb zf%FLb6PqsfV^HF_r|LNiiMorYnu9ZuHsMca(DOVy!2JQbJ_*j6gts79tM5y| zL0iC^8O`6?bLt~_^O{58;JP9>*y6++RYmHT?f4JJmx^H{kHnW+Vtg;w>E4pOXA^nR zHSl4kBDt|qdG(j3r&NQcbzBw(#q+~H&%6jYu>QVlPqiPf$w`>}aasHB5MNsUdW8DD zL|*O(^}|XJf!h&9a2wt)$*=z^&R;qF9*OT|@O=cnSAg#a4Zh0<;9I!{7vG|baQ^+z z9X`(QE`sw9g7d@GwGYJym+2oo6)n^5eo4jlr?q-jBE`LbU5ZSqxB zLn%GGk28fde<)omJor9-dHc}MvVR>s=;}C~b0OaAL?31h|KZc2AFl}EBPxDVynI`c zF%{d7vR`FNSRSQ97P+BC(N;;BuIzCY@Y>(6gSkLyB>ix@OKF0&sT^Ll<=Tb#L6 z&8e0%zoZ;%1-@%#`}^%U4-sEqT4bC*3F+hY@TxmsVdFcOKSiIc&GQB{`sNYPCPPf? z+O1-=IiU#5suQ*Oi@$^(_Y|Q=>@T24`C-x{&0Yji_R*z>tw)|{e3s(%lbHtcALKoh ztGU+X=l!`)cg{?6f$|yLd9y6}kNL=)^pA2qc74)MwI5I5W9S{#f2GNXjHT}Qb?j{B z8s^(tlho7sK9HHKLw?o%JCj?#Uhj?h%B$#k{`xf-4gUQ5bn^B1L35huQ*#JE+XoJ& zAwS5F+TX!-eHrtr)98~N(&@~fu6w>Dbp~^-?!0OfbJvNNrleNgaB$VJ*W~7@H)x*v zizT#)%*fW?uWQ?AX74_=a9xHcH$8pgQ5js-d@->4c3&7+*A+!gqc zZ`}beH7sD9Gvt$!uhtq3#;tYK*Z|cn=hpmjeWBKCEFotjd@T*mqB!jte?P!9ZI!Zq z@^*Z4@nxH8pJ-R@89#+K|F|Ap@}A*Uo>d35NPt5#2SY9(f&I9jI*f5TKY(xCoL@|P z@=`N4Zwhs2)QsK#kF4v(hcCuUz3kr+CDZF2{LVatzo+(dKFNpta~B@u+=bVev)GO7 zZQ|Z$?BzsovWdB+nYxEuZ3%3s$#GB%vyNIA&0lR=z%yiS9P4l9c^6HQJu2b8>Y4Sf zJ#T@1)N8;0Tl6||FI#$x-5)>5rAhzW^XHcT5AQ*nu)R|5)Ya?weH)ZNI(L3ST(Kcx z&sv}j8&`P2y74<>gZm&~FM{KT!Ldnf2miD7VWC;Cl;>yp6N=R&PiOzrfmO@cTcEjh zcuMv7(vewswgtRc-fD$E(9*X?=gH2bsU_@4cNpts_&cBUqtzAgYadjegbNHm5)N_67ZL z&U-;WT>m5ebkp{;=)Z2_In!ryM5-H_bt8*W?J6&}2Ke#)FH8fk$Nojkg&F^=L-2Fm zK)ZvRM{8n1{;pjcPN{6Zh)- z1mF97SYhVfMwW0M58tgW8QB|SeZ^ZfUTSm+eyGDUZVjwpnS^e#^B1a3)xOD3{xa}e z=wowy?#rg#tY_M7JD6|xO-J6hgJ*ZX%Z!t@k>N)@WbupCF!?z4+dOSfUdISuFaM{n zQ(mV{)8AUZznIhC8%}@A(SzZ!jEGCmdVP)5K$X&`_H2@E%KLDf2(yR-9f zu`3vFOZt$0{N3(pn z8QjHMV<~*H)L!iMm^+jEr`_r8A6pXZ{ceB%9NFyY$Zzfp=%9|Q-GNi|oEN~S^~^qB zmPGQU#g||In~z@w&j!|gt)ZS&{8N85^~|l)QVseIUFUjU?{;iK$?LcLV%~yz`(Eia3OOs_H^}YrC67(%Pnf)iQ z;jPdngRbfX7R}98ht@Wq7J}*J0Hz$j1Tcm5n1!b*R4*=gM!+u~{32WkC&EW3I{tQS z6g8}7OkHBC;Q;Pmhj6*Y z;SHVH8P*TG4Lw8rF8zgVmJF5yV+Al)8k(x6xWud%=^z&N_lK`&{{}F-e7oI&EvL(% zf#AF?fYa(Ttq=XJg}El+XGf>~E=2#o2E0#&;QhBj;QjDl2yd0a@7P@ZjNuRD#gl#m zrwQ*S;~VGBK|$Zi*4^a5B)m-u;E+5R*>Cpk(iTTndL!t&KBE5(^uH$PUw(pWjuO=6 zO-Ei9z?W%iHs!NQR~fnnFwG9ZG&F!ocHM<3;lR{=81%a#;5XG23$8MFt{k4LFg)j< zLm<9WE=GBnQ<)cV`R!Z>t{lICvn=b--T2@&3unM*O%9)>9o$Jqtb89f{-~Wi6#n84 zoTBNI0enY-zr%)y`qt^p^AASP*Z!_hhpajZc>MZ`kUoZjC6{GGw?vhiQeR&Vop zoOlI4cuFePM9wrg3n!y`fy%-&y@*wq8=jWB=HP)<8$®JyFvmbTfzUvp?H{bK1k zF+v`!{Sv%m&S`xyK|W!@?^2K;|dsP9=p-#Po$9QdXV|A+0@VbhPgTz3zUD0%#J z2%a;Kf_}RVJ__l#7yXcyen19gyK?rFxVH)Ykl-G%%jmJc3hKS_VT?Qmbe$Q3D;B^d z|J3M-fJPaIM#c7<@#$3vpQTsW-?$2RTsY1Q!SUMTNA7PdH~FW+{#TZHkF~O%%Hl^l z)YP61GH0e5v>3jaoinp@WG=iN*hniA7dPhT#kQyh#LkOhFP#|P$i=@LII!yV4;9Mt zw}Y|15W;!g+j(Cxy#C0Xe`WZg&>uKb{e0~o3-$9e4s5P|zBz!=`T|FzpO1t;W{3D= zwF8&*@zqDc9}6SoNA|T5`LVH|?++{fQ|_>=eO(BSTOBxrAHi~ggPWXv2;}BS?dygk z^yi+j@CCW3zYoFZ*3%Ag;Iy@P(zgZii6iI#8~)tXUl;P*#6jTw-G3DN1V`$BZjX?U z4+Z!=9N*>T5UdBU%FC@Q8;^$Ilz-ylbcuu049~26I~sl*$r^Q65B(|xllXC^1J9B0 zqd#9%s6R)bKfNgZ8Pt>|g8B^2P3rss;wMr}|OXMs0EQWz>1>M}zP4L-@Ycfh8yZM~UzCroN*P-y6#D_c`}9Y_EjB z@EHi;+0=~cejU7?2x>-En{RBt=huwR9i6*2HKRHMA)phnf1y8MZQ5PXC=t{nv?&K- z>p~-Flz!*Hs#*sxqR}7N13>=#Ga(u!`tmj{ygqnlgns@I`Z*csXNwa*KbPG2LWnlU zhhTUifMHh%h9!>ACx6h&<4iNZo1ec{{3m_U-(R-A8Xr0A!@N!ZS;p8&zAsDOx|2Mj znUi9kB};tNIoT_y@BTgeLdpL~D=!O<9u$1!33K|Q*^jA<>I?RKaq~lh?}iHO7yJ2H z+^Bu!Q<3Fb)VGe@#Im?P1>&B*A9$gB1Q(;P`lFh?SOQl2iu90|Y89EsWci+AR6 zezN8Ul>4xI?d#nR-mT-^Vtn+ckA-C2&TmBU(Fft9brwg;XM>}U1vJ!oDz2G=w@Z+32Lj7M7^sji`^xy2q4H<`rlz)!u ze_{kb7xRaEL%iG^f@4eoM=pK|{EIdRj&S^PsPT(es^JxP{FjCLJ;44GlH;Qp|L%zK z?>$t!LL8%b<&VFKj#o|%!S~+*d`A;Df#O zw-J5<@+f{@AHZw4;OR^U7V+n6?C~MJb0qwEB>n#}M5l^S|C^4Ye}BJ*LVs>$ zCH^z#uE^d<-n-H{fSKYwA0&>W3f5>$_n6qdBkrp935QYab8j zyad;V*Znzf!yk8SsMU8-{_$SxAG`P@7O6uvgx@HfHaX|HTfFI>J(8~ zwyG(QqsVjIEsjnEN1qPiNIZUqgP(07++-a8=4l5vu79&WBHy)_cx?^wn)Glyz>)S+ zFnc8s7wp0(s^?iY{-urchL!B7sor|uT+VxMp5&kRUe9^&^CoQN4ET}(=e^6Pv^>(n z_!If@N1pd?$N$Uy2UeZujNj_P?v1{T%NFhkkKc(Ciq)G&<@GZqW`~^zxE-{r*ZAzmmSzdA2(-qi9;uwGdo;=?XLyz zb0K&?ItaWY{{nay9)-W7^P^mU=Ry~@2LBxA*Z)0`^M>TqBk^~3NBBD%jxay^9%?LI zS|8)W7ozo63ujQjbENskqru-ZtQmLl*LCGUUGYr^t|P&puP+MyMftDQ#5Lhu#yufC zZFAsoZTjK>7HiXU@C3f$VEJwzoXSgTTQ>T|kHy&>y#Ox?r~>L!M^54Cz>nO|S_+RQ?|U~N<TK&a7%6%I4~Xw{kKQhgCmK5ue7km zeVl$J1e=Y2lMZ}G68|0zzI2|ii?3@#FbQ9$IPe?^zSc+JYZCVJaOS>dg>W@J1ee9t zpR@-}Aj`s)=C=%g1@@rL$z`b?){S4H=(!U34ma=ilMsx@N5L56-FAfFlx^4irVDGG z1FPn@tbo zji>1TtpMg+{w2_ne~tXhEMRf@?#H3NTY|oiBtH0S`MdKiY=NAvabOGk=YJnT*TePC zcSrcUHb3q9M_ZXM&>s1$_t~H`$+V_OIcn8=uCuTPH2i`Ct7v#`0N>H%rzb|t_e^5G zr#dv>ik+-<_q)tpal8d47pok;+4u7z4X?BRcD9rl>MHsN3{OijfLBsJjm9N{_ywz zDwM~S)bqAd&s&1bDgU9mj`{ezYrQ1<_LUUWK5aHy?Pr@lAp{Gf>u{5YwIf1C~R-76s&z81i6B=Wm3 z)PKzc@W;Ov*7m3#Dt-<%(EQUm9ZTS^rB$sjUNY&xs)BmAKn~nG_3HyztiNaV>H1KA zxxKS0Zryk$?GmR<(SD}MMlYo`fOY((p1weDdA9B~qTdfX{Yw7A`n)P6U((a!oAL0B z>RRVA&N^~zHN&WJ<=<=CL!BCO3#ZP4(cWM0o(JEQdQ&v_+X&C;ER!YtoyRwS;#qY( zcs9a+b_ai(Mze1v|Fp(C0Um~4a6o%0`)zFYQl<_5c7Tgcwa+uH!PCC4!bLrQ$=jK| zFopl9e5Ff+p$;xKJGdBVj|=_To$#ORajcs49W_PPcOc^h>pPbD{?+?JJh|t)zKrMU z_1F47Xv~S#r?yvtfA4`uz#T)m(D3?Ja#@k6O0;yicHklu^Tb<`B{fT2G)6aA~8tNXrU zPkockedFWQ{pO<&<@*-QhCf2^y71`vpB?yg9fp6@Bl$M-F$1P|H150y919KUkD#FobkH+_4fgPjdGsr{dYq6e2Dif|GD3PA^5)5 zp|8c~(a6VQ+Hv*G7o0I!`4D_3IPlv3ipl?>^v%OgpRT_72dD49roKss`$OMM3-$Ha z(l@6%x=lJX;q+ti>C*EX8+?7!%y*XF!uS0lez-sM{PAxWzW=22+|?h4(l>9=j{E-M z=$oWtd#t`WAq1}rkH+(=1D~$L@c%jVye6cdUUmA^_tQh;KOuDeIp^B)>++C(s4?-7 z?+?poi_2H!pZwvrzz-RZA5wd-ufbyt?Yniq(A=>6=C{djC@yYgKMBrx|7-@|u!B5r^@yeSNk;2OFS##+J{`;a zGUsIBs};s%E?ggX;EGxg>BkTGdQI&&)ZbFFzP}~Dz8_erd02V7_nuTIu%*e9nte9F zQI=<_f5KRvmTYOD4{%U^z<~qh*Pj0LM9E`KT zZfe{=9ll6E9@HHIgVqrK5t_NVpMLEb64bxg_II213&*RyRr>p5>-+l|cYmCc0B_|w z@1#_h=)<@(j9c|swm#L2yV*F`dIE zeXD(EYFMM(+<12COUPV9JlHb^cqF5uw|Sn-KTp>t&G{~k$ffV+AeYqAX&;)+I}WZY z8L|1-stK9zmF!TQDLFT5n$KoVqr|({=ni~N@oE7M;gQdW##L;8^NB{E7UEB9mrKx< z;>)CT26f7JBPXW60H0;R)(vb=du2Pc_jC?6U_YrmfGvc3@$Ls5xT55BeaN4*{$DA+ zo{^J4k45QCS3g|f^kemd>mLYTYEQUx^|!CT^7=wLO1fb=aFyKDjGid%-3=~cH_hia z^*FB->I~Jvcd3R5IJ5j68|03yzaX7#d2eV0jN-lDy81q(zXpRRc2mv%lAFfw_xZw? zRl&0*fJgOngTd3o{zKL`w>TRBPXvALAa5v}wx*U`Vq;Zmp_RQT`GyC68tO;(tr$JF zhwQ!hLG%!vu0>~+p|i?I#8*6v&Ju0JKX-AzWWja&OGlKhSQh9qt$pr2E6`^T1vInp zfuoxO9DVT+IQmuycB^||D&h}JH1%Ku`APd82>x>5F9Cj?3n}=k81EA9#}_mi_`l5k zE2yn`v+rX_F>NMlXu!oTLlj}kc zXiwd_w7rP7%hCNhlT?0_>gblxo;eGQ_SBB-gW58C(P7*5z1fG6Hp}0ws8!y(z(&xH zaI)v&finM;ga4VFpLuZjKzs-n+CNUVO*GNoU2oG@eVlOsw`#-%m)(=dz%?Bh@mDU} z-|~wG4c^Lo-#`x5RSJh?y>CG4Zs5|~xpcYad+sPLS)q5^c*h@ad3z)6Zf1f*ZL2+< zjnGY><~%L#8Gevo1Rl*Z@X;N#SMQaskS*TA-wgEf+bl6{dT&?Mx^#1YhjC|h_{tja&iR~RJ^pbCLt)IwqB@0s%=h)fQqetl_}FY(*%M7 zQfsZ9YKOK7B#4+=Ip{Pq*p_frVmqc3J7qd8K?G6Sj?zwNzIHk}m)sy~#kNzTNWR~H z?Y+*~XXgYGwPWXbzC2H!bI!i3^{)5+zUy6US$^aS$#b#$%Cg>XN1F=L+sPG&K7>~I%$ zdCReZ?~5P1ppjywO-@de{Ck%NbIrKzd&Y)?Kb@^sPrJ(V&j_@;=Z%5y8@%k!;&*sF z^%q%i(w+q$_PoZT)5T+h&ucX29fFfC_S5L*zmReC%*HnZzE1HvHb?ue#@N#$&VDKj z!P@}yVkdLn)q*k3_8xH8{cESZtHUWzfa4^%K9_ytI^kUh|4I9mHfnsdsWT1}RkR5& zbt3CmbH9RfAnK7ldtLG;`42w-8=lpBdJbQ$N%UxR^7hx$b{x24Q=IB6Mypj zt&X$5LvqVFbmp<%5luuJwXJxj3!c>Z!#hv9x37yhLg&ptg*?Z2|76Cc8krn^oBq7_ zzNq(#Gv8Cc@{0vu9q<_*Y;gDKoXqq7-w#-O{e(rX*i2(#ec{0%Ox2g|*N~d%ua6)47&FR;ux1Zik-AMToawqi@ku z?@Pz&{lw|ubPTb?v4W|3*S1rK?|GZ|uJEXLjqdgAig-Zh1;u#3f<3m>mfBIiOk2l7u^*$-|apB5MX z@dR-p*oBWbgA2VI;oTrURP*7-h4MN6G1~VuPRW~poI~-`SwryC?LK~T_bVNOpWvgI zY#%(8ji02abA0?{Y%X*^5&iU@#ryq3;9X8L$o8jiw?uV@6IjR<#nqMzX!+2mZanJ7`j~XdFq@c#p~!Y z`EPli+{t&?!|xb+Dvpk^=d5U-SDo#18$P*w5)LFA7sGzvivH`^=Nul*_X)_o@$F<6 zg1#N^OHW?yg!iw*mdKBbl|}lmqn*wwd>h))Swo|#al+0<-_P~bTt$OxU$IZoPIRPv zOzD34fn#|Nx(xCGMXMz3$}g%z=IwYijxNU7E!hX2TakUOy9@Rev-0fq{TjG1G7s(I zz%4lv9R+KGHjRCuzjd+!e;An4g-&}79O|9*vPlLfdB#6&p-=xi8|gpQK0KUi-)mQR zQr=AE&ukiEIdR0DXrg4y}@ArRymh- zCC=d{d{XQC%jeUWy~tsYcw`EA zMdt};^BMaB;O$B}(JSS5Ag{VEf7afUZq|MIIG1_8iFt zS<2DiH|m^kwMTCJVcFOi*Th%zsj*O)8T6)@zVZyELk_r4f`L!#!w;4RHV7;!!s_~op zI6f64NT%ZOY0BnJb>%xoT$SMcD&EKTvri}QbI;&q4DZ38_MKFW$2)P}kuIFhI}`K{ z{Ab>QzfYvwrCTMdv$Ehv{+M*vQ0EI>J4F6czL|U%`9|6U+|Gr_*4X&FUiyso1+(%v zdR}{Y%NO}HcJg>|3*PZr;MM+-etJG@;=MFIW!sJK2w%&mmK_qFHt`wEBVY_%eGztf zF0A?_U{w6-=0aV6KM75x>pS6X;YxN$Iay=JptW)VL*){}j*Z%va!8+u}0embDgKpbyyDj}A&nc|Pf=9{06CN)8{B^D2ue85oeI5BdBgrFZ zzC>{=xt15~yo7v(Y(@&@lC)@wXL-rzKU-hejaw3(=) zO~xvn{PE-E4Fb>q_O0X%ytY0?-k^R2c>|qIkmOy}&{RT`F4;nj0XdM2k#jS-1C6OO zl{>&rGQLXX4unI!LmNr#WiWTJ1s?T3^I^|E$4`_ypxspNfVS@wKVFQCp~p^`I}l9J zRWSXn-h^@H@Ot_zidIC^qh%_TsdlyO=8?t*n`d~ZhlIA%0|c@D~BvQVeT$kQg{i^Zz z@o8)uNpzH8ig@uFvBV2%Yn>BLjDI{A&CIAHRy<)Q+E5 z)t;fP=mDRK4x-EP{5g$5KHZiL+2#5%AFloQUTpG%>G;vcigC}Mxf;CYVGqTJ@)^kE zM^ku1g6lzf2Gta0^AANc#Tc4%T8C~(jRzRgxdvL$o^gcvhXz+(Q?|qVowA|c?`*ieBMWYW z`G;!_Kc?eVlXoCaRZWnMUFGNI%U>`$XoPtO@v!6;9WEc#oD&8vgCqk;$JAFdxp{^9kO!LlM-=Z7yCZ%cp3Mk&^A zU@y^J&o-$RQMUBJ>jTZw;SD$X>=g9TT-709a?jw&ZQaLnNv@k*5;}D`Z3)k6L-5}& zy~WrSpDQ-*#Lnf@*L!$o54k|i_kV}>q(3^b&9Z}KiWO+f#Q3z`iO$eIj;??1^1bG< zck{m5)4ON#j&hvhgFVy=1m9Ob@=H{km?0DB=Enp0`<{n8i$5D*E_QhJEN%= z{1k<9_fOuneC@kT{RBN+5GvZ=13%R9`=|KxbxuLw z{d^|a4?%g+zZFe}m&(`E+s z#c1(*I=`Qs4WA1ha4%kOguf-vn)9KCVvgoQIFyMwG3G%Sk8(dV8H@Q1z88X{9`5x( zN8P)Kd#a7l+Mfk{3Xi(3IW6Vs6c5kjomtS_rHOlHNelcgJt=*u+JQJYNX`bo;8l66 zYTy}dak1Og71BQjr%ry;45z?r&*dB03#)%K+QY`Ey>57@2Yyn!`=O8au2ybOdVB`$ zrQwqvDlq=0e4s(_+4i8D=+#GCo1NVK%H<73s})1gs@bEJ)lWKaz^#`}*B5HPlQ#C# z4PieWY6nZH<1JyVMu#>ysaj$Arc1njUZP#ICVHc{-wSxOXU@Is^=bXp#n3#s-|;J~ zN3HSpFH)bi=qsJo<qt@KFo>M0-Cx8FT=Sa|3Xw9?{^(gJV53v~bwfwX+l4k#0^$+iA?lPMnG9)gLZNU@&RuMVziGh)bDPu-xPn=o|r#ZnfahhdC+-c_1Y_( z{=i#pha3y~% zgMPmK2C}W!$R=NHo_q;*orM@Y52Mtc7qZ*MmT^O$Oo%mN1fxtV`2>Tb0ehhNaSIb4+i0D;G3=-jz}Ju zXAkP@vD%N5{WvT?iSIX{*UzKwynfNGNA4XPYT5-JW&4(c#~ECA*9PU7dV2X?XBQ7u zOD}xpwQfq`Gp}_$-^cmJ;>YK6-k9Q}@oT{6NY9UW*4U$TyefUC{eKj%ibwO{iQ}Dx z_BGB_H##Wn`V5Dz$S&6{0XS7hVdT2(_~!#`&0;TylAkG8`Q(SX`LhD@v)c!o_+hCB z(}?89%ohgqBm39XbG}6eKfpKQhX(jzCH&B9`2qbJ;rg;gHAj|@&1ss!^)A*Q%=iRn zpSNEc-O7G7i&=-TY|(i~RL5s(j_{8TniwzC`bp|>TwlMa^%~w=&-27emp3dbG3yyV z#{CStNDf#0G}gyYC-c4DhYLSHT@j#@<_k0QuW#>~-Q2VOgKSZI*j)>xYu27$Yvd=* zUxt^A4ax6IK-=>RL;HJAD%|gc$mi#A&SR0}Cg13vnT0v~IWKwtZk~Ud_V=(3Rp&nb z4Rdy8U7cNr;_;qp6O_CBH`Oc|U6kK?fbYfR@q#|e(QmlAz{<@~>rWP+oavAFX`I7Z z)92-eni}qb#+>Uc8Xp8k$^BEKkbC0k`|r8sNYhDqO`m3Lw==ev3Z4FsKinAXKbPXD94 zzf!cn=iDQU^4$I8HHV_T_MT6@SJ?Vf^ImRiF1~C5zGVe5<9z1&1^0cxT?A~S4BiX+ zrbDlKU|tT)m5gT=<0-SQ9hFaT9pKeTg9b;|*)_MOE2ACuJwjn+~6nD>1(>qt8eWiM%WL)xT6V=uZ421Me&sUJI+>PQlAP z3-6_VcxfjH?{HvLy{Coo{{ok*6GE-OZ@ej zrPvng%XTbh+@0VO-ZgW-sy|5b`)S(g1h(9<;Eplojx%fDcQo?6*2AFd%=0-l=pugq zK)9JrAG}|~USm$nlxQu!fYvRz{(#FXLB0E}M>6&9Ii5@!d2GmW<#7@6*pQnkkInS; z2>i4W_>fKUR)YRJmvZfH?%f5?+@TsGcV9c<_!;E12RT(;_A4*29tYTxcSm@~<=5^z zyjn)tin}8HF=V0#9^OM6o00Qg`0ZKRm>mCLbPR3CN4LEHpI&o|L7Kh4X^dDz@*L)YAEv_ur_fnpn=Y*c) z^8hs{Q#Yzs%g!I7A6&a#zsA+Sso!pWrgy)C^SBn_%W57}dQ9V@J+l{|?#-KvzT;XY z`%(y39qh}m=e%oQ6b(A41@~RsAsyJkxn0Zt!am2`A>-4y%>IASSm%JL-)gVl1ml_R z^{adF|HHVsHs9;F+UwW5X8P4xVd~erX8P56VWAuCHQB_RzS;Ei9iGdAn+#l_4>NGp zG0{0(h%eK@9)*6~C>O1o-Sn6v<*G^4^YgAtjrofPU*~5$x5MD;qKs?CW^_i`Hkyuh(BZt%$Xzh9hb*{RO-D`!8@T3 z@{W6*Gcjt;sR1U@O>;^mCG*U0(OG!bnHjfu_qC@<3D4`d?&s(}_RudI9aq73+?Nbk zSW9ywrhmQP5n(UN52WtD!M#kl?fbxoPX5t!;4b6+T0ZrD1@F(h#D$;xZ*XtW7$PO} z17nz<*R`Ga?3H2G z=Xv*}_x>n91>ZPvVR`X~1I^ZU z#L?46_hLIl|9PC(9`W*RCB%8+!A*0WR~p;Tj5eZMC+0X;nBTE8qxIO;tFgC@*jsAI zcWlOfZsgfo=d9>F?kT3*!0+k&mW}A%aI87ZHTzC%CHQEukTuOj8_)3xRq z=Zo7mJ4@H>bc&aBIrpv=4Bbt{OT4T482N0PACyn(|DD7q?3(2CchAK>dbUBhZadC+ z&-IPBopV>z*A`&j%Xs%P-h9SueluR|PXA2CyO;5DZ^stKYwj_=UEIqHjJK8X#_AYj z12ENL`xxUhjIoz77KOgJt%orVFvdxt`^*@78{9D#c;hSd#_0bYy9s`q3lB|#=kQ58 zi4nW7vCI`TLyzs*_(A-42RM+=Am2g0gdabPxF>&5d3fVn`uO(WXxHDS|9dBVUypr~ zPq+*}U;c2)PS?0PPCkRy7c_ET^t1i;{fxO|(;xAKeDsU)RW5{n_?7avH4k_HyV*B0 z=g2?V`-z(w^M$md^ zKn6c(>=`gk^}$38VPVSM#rV0G4W{4xC;$`B`Ci#r~__d)Ey09=?3=z4g53@3WkD=XvL*(q~)h zY}+h-uJQGG;ZW~o>9f)I-g|kk(%;|Nqlky0MV9`);CpXO=6kD4?R%O15no>!UF5!p ze|<$X#CxS)fAjq3!e;ho-utBQz28NKcrQzT*Ylq0GD^P$Zx9z~PH_W$TD}k;g4^dy zw>#03uRqrO3-WWaL-iNyT)~T@SMk2|a7H|JI`Pk0=!fyh0r|{Xf1ep!srJv--8^>G zm#cHq`MGD!-T~?P2|Le~MDKK>yVR%2VbGU7d-Yb%UhN>}IEa0=XRm%4{SiES72kzi zn0uZoKD(*m)Y+?*r#N$-%DZN&|IF1SXO_Ki%V3m>40KI^`}uhoC$?&rNcOP|&B8E4&07ct!oXWA9mZ06sK`)r@s{i)!8O{xaW zn+Fn2g4c!%+j~a31B;*{EyL79&GZ*g0La$hMzwIU;5;Ab!nFKY0(jepSS$R z=m_&(#R%T}d*6GPj^MrfdGADg{CCYm^YO=g`2x+~Uu*UUO6Ql8Q?Lv0t>!PZPC#od zT6C^o{iV?^Y^#mmA49%MGzaJH(- z3(fO#q4}*bJ4bGF(*?jZ8ra4ltMIkt_2w+&d@eA)$>f-`?H{8Wv^w(4+JiuKQCbHU zXY8s=)4npgFMm*el6%^re0h%ZudG)lWKld8`T4jdhy$1;P9YqvdO2Z21@zi5a+^> zx8+`f=T(3F5_VndddXiuS;y}Q)Fw;-My)&RKsNPh;EfbU7kKavkaw#=?ge)d&#LaL z2i<4)FZu0z-e^`WThDm6PRn7vjcKF4D7ug~7BOb|+7>6uU%EB8g>G%ThX?n1xb@f6 zx1ESr4}E=TUVYG`CF(XcAL6cO%&d1$Fb>gAbQAqV$M(x)!!L<`vI09$hK>lu3K%P%Ne~#t|_SNc0Kg4c(;7w=Mmvrx+sVLjOzjZmR%B$Zx{kU|Kh`q#ZRhU(AcE( zdNkDub}z)v)zaq8@b+BrbOZRp$984=a`pt(yhpfo+vRUGM|7U1k@@#U-E$z$ZxJECNMrBcKF@kE;*Mx8hC01Pj&FvJn#^^nVcv0#A_jNlgm8Fx{}D@R_-a^ zrnPaK+8WpDna=Q?+d844YpZpZhVtW~)~Qz=Gqlrp)gc<68o5-gru952-9!KK<5RlF ztC36H_r?&suUvl|c}hTc)qhI&b<)-f;5L9xQ88H@7S=LiS1 zBj2`=`emax=~L~*=|eeU#aJ!qv>NBg_f;n-p3`SB_#neR;dQ*rph z@DBL?2;-_|eAk07v(|||?ELy>aIM;3=^o)(`gH|72k!Q-K$guIJlk(^X5}-b$E|M= zkVTE7J+X04Kks5Yjqk~U_3gs<)6S89629|k_fc%IYJ4w52b~B1?UVlM<-6JE0lCvYgPrIF$&udCSd0%M zeTJ-QT*5&D9sKPvrlucuYL_Q)-y9=??K=_rrtr#j}i8ahvp+pGPb& z=<`JPEq<6=%BV+*T&#J&G0_{T9gCgLn8SB%lfALF=<6TE2I<=AX1#KMCA!4#M_}tN zkKkL#FOrY&6!jnV?^hg=V{ED!zo%C;zJFwVzhOKU9(R32dOeZW0mZO!4*5d)FaQ12 zvF7EpH=Xv1nPaJh-{a^A=`8iB{enb`81#}aDVuX1be;g6%b;5fy2^fuR$9-{i0+to zY+$?g^f7w}k5BitjDAY#M|r@<=ofieUF-87wH89E_w%lTYMgbfBoy7 zWs9W~WZShThhiHqrh)GAdvaT6OkwYJ$%ObAem84Ou)8(j%)so)w0JBSgM82jr|QR) zGqCiv{#cQTLDK%1d@uQAiSXUq;IrqQ`VX3Vh1bi8k8X(cci!aUO!t-F)HV4J-SSs} z*VYc`Ir+Mpdn;w!=aLJQU73%r(-_<}D)L_(@w4gYQ{v|-!0Gim&-y#;(H zAL|xyG1Cd{?+NGcpLBHP{RNI{*V)qpJLJ|*x%ecGm0`O%J90bu>(zVV zn`hudcVFCsKG_A;G{|={H4etFl5djV`og>3Xl}7zWUiiY5n4_XSclW_X*OxmbN#m&Kw+1O1}zsqJ`D5x18>5 z-zgi3zEQo(z2IUNwI@CGQ==V<7my*v63f8LChl#Ktw3J$RojD(IrkIJ^QvdtLacHt zItIPkuR3ryPIia~RWp>^x`i4YmnMa+I%iRN@p{_Y1P$xqU+HrBPzmInIhNIp&_&PO z%QF@5$};(@K3aSRTHya*k+>M2p666ww-Xz2Ejgzd`1qTh3wht^KM(jcX910OJPLf1 z_}vpLi>?HI`3H@}Q)OJM<(k>&4p^5OSe;h;?A5e=4Sih8xD^xZrsk`WbtPBR#>6~6 z!9!;_cYh;$IyE|9S`!ZCHa$&$3+S&37!*6)sv0H9ExIj%uCZgx=U%q!vUj(G`y}y) zYGwSmsPV3=X2*|{$>1bRZY^7TRn!B-z?HF!@UHBrrJbesQs~maI5l5UfsIu^iecn` zr~Aom9Ya5M9I_?qZ#QzG+8O!wwZvUkHjG}Xa&>Gr-u2&)F;>0zM{p&*DShyteD}+S zKd+MKlM$=aB1Q*0sXwc4-TK$GzhUJ-_Q>j-IPslq>h5W-?okdy<5S$H{fcAIZY;5M z2F!k4i#>>~Nz1KZiVXpeyI*E{{ZJfzmYC(RR!4P8%ol-2>LIpk-n0uHtn0e3=Xzxu z(9O#G6!EVdr0`aJ)Y&=_Ue=ssqsM=&`7*waVms0DY1QR0#ti!GcIk5nJ$YRv^;YOE z)dHDyLpPB3L4S9nQ+vXrs85C7=(p}k#$Js2 z#HU%OmdQV(*i%Mp`K1@78%DRj{`x?35B4~Qj$TjvsF-mUZC28z_8}_{h5DXC?-#xF zrJoNhntY^ZY+=)6#yOeV$_uDBybU=UKo(Ws)q^~1oNk_=p!Gh+E1DMMIniGDvp7`H z_Y-Pc#aohht!32OGpqYnBI9nKd42oPd7GWW{VQm@OP|PjS2%Bf0dRC3U2*?zC$GuM z&}Q&`3ve`mZ`lLINQ(0onf^W9@8MbdrpdSdkaPmy%ZA`_`PVk*e_epD{5k(6J|46D zzSYDVX@2+X{4V6v^1p0?){08rPBwC$lgS&N>}p;5-Uz%Qn~d&|o$bUXN^dJCV)c`J zZyVcU>z|Yi$sdfPOSJA1y&3I7|H%%2nl(CFpXBO=bS&?eFaP&!eobx`yzI<|53^n` z^Sn58rCA3t5jji9*FnZK7b0B9=GnYzR=k9BOrAkG(8&6FKBNDcN@&$hA05iw;Fn1rd!UtHW@Nv$ zPgz!adH68&^1f%#3*Gn+(M;X=542_ZwdlQ>@lNbg&4-ml$9<4Fju5#yWUx~6W|0ar zM_5VCTxtD>qtsZeo*pTRRw8#3&*MwE zH=37u^McDK(%!@p)q^Ofx_UZ&n0Cl_k^ks7z5;zLppQ-TVeELU$kc;~UZ#D1tFOhr zJ`(g1FZjwfZyc|be&gK1<8Y2Mj*=|n;M$G8KAtswU_-%GDdQ-;e(K;p@T-Q#Rbduf z6-KA}`e;)hqw7o`^VCP@g@gO3Kh8K>vW$ak=lJ?)rjL1fF3m&dLi4LsCk_4mG;cr7 zIAU4G!L>YJA77!544Q8`WiZVnqlTt=&8SS8^IJ53@gLHBb&Ic$Wx~~*QwEQNT+@*B zC>b@F9$fpmuaE2LV?AdHistJzr_Fu@gK$;v;);C0^LAcgJ-oXf*(q%)jFx!vVR)C{ z8pl7=hmmDpPGIY5)+hONtHYm_-^tj@;CfE2-!ZW)IxmJ^vp!@W_TIGJ;20hH?~^m* zYUAUfFCL)3SOL0lH2QB0x{SX4Yg9^oYdpI>xH92M=V!Iv=@r3)?sVi=rDBP2>q8bE zZ>-KK!_< z^x?{XzK_M%szAO;ws9i=%Fielr~K$H?1HTuaBHOVT2DIDcfK#alX7d*`BbbPKWm+t zHwj@&g>OGUS=%6-p6-KP`&^5!?4O0ND3EWr@Ci1-DEQ`q(;$4EXE2|@{9qDWY0o!S zo^T#^b2%0o>#o4-$TLM^I)1U|6>Sv-Sy3x>v^ANJ#Ra5ptgk* z(|(mJ184f^DxCbx>qGl`7&_LvycP1TIoJ9|iyybYOnx`~1i$A(N9B0sE66vA@U^M+>L3?DGUI%r#85CVTW;4gu%TW@@Z%cJu-J2jPy!&fps z81aStDuds!8&kEMpIx_oJOF=ceQcS#PIA`?)<2JwzrNywL-@Pm9ptaG0%MmB{d425 zm%o;laVrBO;V;)7X3D?pPYJfCftPB^#Blb1 zSUe1UA4e}*dA0g}^|&{h(U(&Nv*K-|SBVQ1OU&a_=L#WGu-X;XV1?57@2@5hLrcyEWz1uGA}j+&RnQ|TLjcGIHsrm2Qz zvtnT25IhO~!@#5OszBeXt+doF3rc$@BMfkNEI~9>y`BwE)6>?0jl{ zh9sJ(8r4pI9t^)im)5bO5O1x{$w zwdnk58k=HXjY+WY0d~<#@T=}ga~3D#1Fb4!?2B%hHUR#_SC*dH#?W?xF^IQzmt>Bi z7~e@_xO|vnn17BlXU{OluoIk(Vhr=&GyE~sonQ>2!(;EtK8D<3j$t~ynsp4||GV&p z_)EEReacVMr~EX1Du1;Ld`aFq$j`6myRNei)m+;$%GurxJ0bDt8$OsxAKH^C&6k>63blUl1UNBt<&2eVytz~LfF5rq$cb70 zR9>vx$DbXXMR6_b(z~H;cYr@j1Q#-L^ced{Gah{3?aG^~z9)>0F>_`3VA9iqS9D#7Ehig9Rk!s&_Ma+@jX+rM~C4wt4rzZ?3s@hmZ4JIEq3moBQ43J@;+%Tpn%bw5~Vb-Q4iE zy!)Gc_y56n|LflUZ}4gLu=JO7b1QV|Wn2dt*H+>U<-AqHeg5Kw(?tJX=yA}{qoD6u z#;fav?~VLic40ks!JJ#bSanw1mrS4T_b;07`K@<**Z#))yvuy%wBG667k)m&cYS`I z&*GABs-9iGXY*InzLf(`9N(Y(^TQ2}Ss%QWxxCTXL-Ky!A)mqxj9#rKk;Xpmpz>D^NS9(T-v=;U^L`MIKr6q_TyN;^WDl0Oymp<~!S;2G0ACpK4?~2l-UK zS#uGJA1thzH&8w8H-Yzjo)yeVWV;iZb41Lb=EPBirTR=@IVVzXR(c&pI?`F+=$xs=>ibM6Q@ zP&{7Cy-l>GImAy7xaXv6Oq$2Galg&+jPvnAVoXHmDGuTX)qe-$e{#3@Zza*Met>*r zdJW0y(#T~d|5eIdl=8#N=PD;W$>i9`f0_01rQ~kmqsy0ZuQWC(mH#r&@>}_@*Ql2; z^xf^o=i=LgO~;yt%1<0Lyqd0$VeQfmooPNWkh@iUB_5T%(!5Uv>sfCjpHamco7&Eb z=z>M_reQD(4UCsfxvhbOS_c@Hss=b{PIrb8!-9)*8B5#O}2_u}XZ;KrXYaG%FBV+1$xdBVW$*2b0s zcY_DF+O+R>0lPU{La?6&KZn1(tryr2(*Fge`_?k&cla7$FAh1kwSyPIoR-M-ux`!xuJ67Ya>n0pu9E}P z^^}S$iLCMew$D2}uj@8H@vMo@((}Wb2R5~I?8{eb@+LX0CFB}p^O^5pKTK*M$ZO5y zo~u71+X|R3>6vzMw3joP4ubDP@QT3;JXLiOF=*_R=w~f{?A&C5WAZES*I3ED2KhaQ zdcF`a2zP#X-F#0vpJHK+Q9DJr7@f(P(lzjz`j`JUXn#L1Un2b=T%Y3gKh*idtIYXz z>HLzB<(m9x8MrXtBl)VI?{7rL8=cWn{0!B@8Tlu#Y36Rsy^_(<2JQ(aBmew<{h?#c z=3XqHdtMvu`I=MjUqO4D>qn#C+kgzIGg6JME(ew-Xzc2@k*j z-L})>Yp34VP9zIFH34||y~nl_%kzyZ&o{12cnm&TMlqk}!w|&kUPMjWy!4v7 zw$c}`%A$WqA4mU=4(Q*}M*ps*kD&ftbw4$WKG~B@S$T2mNz?qmT6&YSgVv_@x*A)w z3z;fIKJxkR;CCgz)AzFjgYu!BZF5i4Ww*4_(dCu(rM*5F<{ad|N>eF+6IOYf7 zc((_KCbz^q?&!X3ljmhla=Fc_$67;CQznOvlj;(U>Ivxen(2*gMt0)2Z)OY>YVa{rB1nQ zp3#-7&y)@=uVns2zJPoK=D%0hmb@=|<(DE4%|H73eRbi`l1^-#YSDtvEInFn?$1Le z<{uq@-y;J9PwLr53_=O*IJDz@|5)=tT@GQ2YLPFE#_%2Ny%@ek41BA`Bu3xtCs1zg zMR*UmV!$exb;^ zj{u`-)1$rKpUL}&EiZetUhkWmd6j#9{ZwS?anklt^}YiGIa?dBC$&ytwDxGnK4S6h z)NieB+;^r~pA-Xcu8k^;HgZ1+K03jLbc)_hGH&Ihb9ryi`>{*TInj0GsN#%e0eVlh zc=F#A-zd&`nz*MCePv@A`IhzI%#Sa(em1XlK5NTW^StT2v_4TTT4SH&@to#m_j%*g zSoLS+_s?d$=;e`&cTtw{_T87((SP>iJ$q#1y(r6gpBTn?-StnI{H&b&L40({E3DAw zL~^34`4axcf3mMf8jdwjfM4Z5{(-&~qeiq3Zv7QeKOf3wN}mL;>G`>9GII(xmR#n8 zTd}0_7?vMb0hfP&*LZ=OZ-4%$$C`-+w+C%>*!jwuI>sZvUU1}CSa!Sm-}sib@W5- z(bxCYg~NT_=xxpSj6Yg!eoLq49v#0=I$ihfeWT!tjo69szDW6Q-bJsq)j9=HtA{kF zaW(Zjjm`zpF#V|B+OL}$(X}yh76Wy;Te-fv7N0gr4pDlNI{K*gDM*5gBx5L|E$P7| zd0$swdHKr*H^$TajBJ?Jfz8WzX(wIx7tp#C-ji>5HTz{WI%gO?OKdPlF;v}H=Wq!+ z+}5lJUph}YWn187tsio2f!kM&w{JtKYLiMXkN)JRuD<;7bJ(3M&s)CvOEmzm)sbr=w=uz~c|mJ& zs;^)CYKYvCXl%3v{HsuS=b>NGKzrtMJt^=Jn{KYo$t>zkZ z?n816xj1Zh9ynf+=S*ci!=YX9+!iO)x|jAk!1a25zn``^52C5V$vxCgey9Mv_kj0a z@J>zxdE{&ugZI3?UT~{+Bv-CX<{8}Qd$_mv7ac9Qq6U9J`gR_;i%o)u@fpm#13FUY z*4lnl%aX#O=Rc)r=KT)hbSyXxUK{PhbG*tam(TES57+UkNcp2#@Lj~d9U1yLh;MM+ z3C@G~PJ-)Pa4y^m9}fAcoziFEZ;MlU|1%}d3yYk*`}aDz`@!`K#i8Q9y<=CdwPO}; z_hrFtTGtK6>to=wj=ox;na)-dZm$Ek8JQg+(YM;ZLU7+3nnC|+px#^;ZB-FPqUf6MpRm^A-=H){xLpivCI{cNCr zE6dBhHWlw#TqG1fzO z;as>M51h-8$5>fqc{@D39KUEfevuvj>D)K);}^O3EsHAuUkuJtIC0YBmR>5>eyHel zV#Bt^`hpa`GRE%lS;m;XYg2yC+BxPBoTC>-Rm*+zzu~LEKmYd^Z#4f4_h$2-A;Yl` zM8Ce@r>DSIqSn>xn|wG+)JDp;4826EnfH(#KQ$?W04aOO#J?_&Z+vSD#XU z;QV20Ps{OS)w?XPZj#y2VdqWw-3gJ|9qpZG~VyYutT=jNfuB>SUy#$Vg| z@uS47#FN}xQ|r{P)jX5Eo_CEFICLNJ5}WK zYRFAxdq;b=bSXAuPEzx!{`Qcm=e3WXu}8#Xi-^PIUw!f!bR2!FJ^%ATdFaINkW750 zF>MQ!OEC5oJHmW+R{!F7@!CVFS^+nAp!Tnz{gK3L&zg87y`FDC_^nespJU>A#c#{u zA^biQyR~D#@&BHGvvJ!BcxVGWlmibv<=U;)e!Hc(qYRs0>)Ng7r+YkP?Oqt4C5e7X zfX@uOROQCa%0nPWtgkAHDo#?2m_T=`Zb*6N1Y>jXA;#@ydj&V zSjN!PYd1*$-e+C<|7x#mzI|F?SC?bPIVKa!BdCO&L1J=53UBl4&e4fL|UwYHNqm`rxt=@{60_8-YH+ro5B-V59g2`x>L(DJA>u?;cY2Wj~Ln zKkQxx;uGyJq!|2*9-rjECspuCEqtPR-(}e33GhiZ@l-^4BJ`49pG43n&M@`KFZQ|m zWbd96>yzIsPwSI4BjAsMEd0?*TO-jY2S;cx;O}>oKZb2DA`^z>8PQla<2B+!*$3H1 zYcndLaf$p1?1k*c@odJ;9*sXT3>q)+(Re*Hw*K<*?8SqDHGQ%@myM9Vi-{@y`5(pN z;_nb~0C?E(>x&-v*dyQh_UEdd@k`{B%BJS*bINyP(`{}gr$#wTcOQftc&^^mRz|iZ z!O{GSoE-*74X%zd?{h69p7icz=*9*&E>PTlo*@ zb9A&Bj~AZ_X5sz!%Ul@^o(Jyc*V6eM`6u$#FL`aCxrO===^go#f*Ji{VE*Rc&=%Lu zg1*}0rRt){jwJO#abOdS5nytLfJe_yAHvtd4y^g@W(=0AQQe#q4SBk?Ea5J!miGoKz>|BJ6a z<-uo52g%bwc1fc8eB|0kRMpVINJVqL|&+T%hotM&NRV=950p;QJdjb4O4Z#)UP4K}AG#_O43KD;wi?6tuSitZMu|OAl zvkuhdZ>0{ZtuaEq=@j}Ww(e{QMYX?HCw+Ai>&0$R%;;>dK^JMxWIlaV68BF)hFb6$ zI_Y;sd!)RJes%WPc;~SLJDu@nPs%*Ln^>IdiU-dH4%M+JR#iM7j6aQE$9$glj57H3 zVo_|K?3wZhd0koj1qX0bi;gTN|N#s(wQ+^C`UQxAcALyL>pu zd9wEDNcl$S(EuO#*D)IZ8@y=U>~L}U`Q4tsodwSsb_JQ09Nbs$>TA0vfa3BhpNtJh zzLM~GP`*A!yCadW#esNDu~4>LP7QjOTuz&v$J+*pzkC2137#*^OMMpU{?&6tV++*s@_{X<>JYW*<(|Y z2gPT|MY4+g75tZHd~fC@pOx*SEzuu2F7@U$&SQV;Z1Wl|)cvWw>!F2YOtmAjfe~lj z+6XZ7{*zkEBwpJM?6r*B&uijI?UUn&kJ!J>%l$mBx%h+lZ^lkz>;3C!JIN)8m;Rvn z&;rIZnlX)GOz@KGsa6K~>2QO)9%b=3`CMlnd82{4#4_iFf!W|~E^XB^=4$%58NMGN zCj(9g>I(2Z^HX~Dwj-`y)tZw6WJdbzG(yNo8Z4b1~ zhlln;+XB`k4%8L8H4^RPqM}(B`keJ6(IoK5-X(#dMfwz4Z1D8y&!pEm%hb{gKjn&{Q-|P5~zs-~$@CICk@O_I>UB)y?}c?|D6|y{EM&l>d2+uLT~7-%NYe zJX0$jQ-9#LA0KOOKnI5TzXe_8=acpD=SpxefUa_g*EA>A0PLmcM%kR5=t<2bsqIJ6 zlLg!}`y!!tG~O8eBz+lY%=PFi+xBmut9VB5X^n^G#I&ANxh!3i4%DY~pgxUl;nV6s zU30{jw7D6+luQ|UWG(kb;M&AEV$fdlq`Zi7@SP{XvG6P0`EhpfQ|LrLUZF*h4%u{L zWfp$E(Z|cf^*s3=Z9e1GyD*KTR&t0@{+|5dEWCw+8U9U&FncLS%jv{EtVMHLu<4; zcjJcukMTq3zs8dn>wo0HJ2BR339gi^@Z4)vK3Rd6;*t|+Xz*3#$q4Usd9;`9cK1=v zTua%_INBu_H}O7vl|()y7n(;%{^(e92)V#7*nS>7H3=QsgWu4>+CIsK_M$94mD&Py zsIGDy_h-KR*7&_F3%{?S&0+I< zL&!b9mo@vx#+;V+hnAo#@5V29&|!TlI_X|S>(V`HxJ5Tn(88;a}X>#a-Xd!-5 zVZ1E5%J@kqd9|chM&+aRECd$Lc}@bS@sofhCcQr!_&h(UQFaHt8-y{2-HKzc1pjMG zd^Q06Z}y}>ziOXU>G4kdoNjcwt5d>eo-^3qLE7t;{qwzV-|b?pc{gi%{qO6%VW)_` zmZGcc=%;~xR?=q^eLd)|2d+ep&Sj199&E>B*p129jme=iqFQ$^yYU=$qZ+#*-&@ya zFwQtWmHf>Ce5y*m8$4q-3b_}t^pRzOhlx^vv?H>HBN1^#bXx@XL)dj5G^0VL} zGiQGxaN$enj2P{c+x-@3^ukVLF&jOgYxmqtdS-OtgwOPwFJ+h0uJN>2 z41VzOE_xIG*%V|XXs!Q0o)?HNn|&1 zH~e}BGEj{S!xJf<_Q~%he{k(s*Bya4huw5pIlyV; z7dTox`Q6~j@5A6GrZ~q3UrKg){`sLzp||ou%AIst8drHT>uaOO<1G^d+jso& zj`z+%##tgcy^D6?<0SIhiM)0puieON4|36aL!|##Kjhp3n0xJ)5Jr3ns|s$6A$s3B?fwavp)s`Z^rLK$1CU9IoIWxk>LL2 zA0vw=pwEe9kiCJ79KOEv#B$g>Dbim)On>nvcswY7PtnJpgZ$n2`(eo+`JzF2hBhzH zuv&QrpZt;I;|$|r%HMWy^S?pL8z2%qKZF<##oQbocMPSgksco8Y%EH}QOy z+(es~n^>*f#4X0g6}h>I$obLE+4PO=?Ie%TDZQyV68bl}3G}++_&9#ouNi*~o!*Hp z>sp9iq2I(3^fIvNEC9i4>;X1h@V|y_i-dKbxzb{EJ^DU@9Wpq?p06ZP_ z_iE-N!qj7Gy?g`vI4Do~47m{H6su?>iQXo+wqJ8PoFB5k@aTQ_GlAFCTjBIyK^x~{ zD>aYOd7*nYrRpl5Zf{)M4K7$a(-$GgYm@QT3NP zGbxTgpn1M*^cU^L1AhA3cM?OqlZ|KI%sZn00JTo~`~#oL&;RaUu=T|*OhLX3+IacZ z1)4)I;Q7(eV@$;4?MHzJhri+EdzK=jnx3qDncth4eK^8R%GdpW!IF?7TE=!R9Sn{(@d z-Lq>uiJ`YXb*y<=dL9a&$6a4jN{x(NU$YB6)kB{;vry+GGFM=p({J=ylXOd0`--)C zM!KYgx!QT!hogVs$)MaxU&X@V&R|aibkFeR)6PFEJ~jLNgXSFka}dG#2if?q9QJHHbU)7g!wGG? zZ~mdJky?7yKAdR&K{hA>4&JGJY{!mc%@J&4KDLCsDf5r%xrg(yF`9eOyqxA99PPV@ zJe4V4)w~?vmH*M)!$f3HK1&Q9(wN?0O!fFJsW#z@cAj}Nb1bpB5wkX2b4J6RTlmBe z;c4VL+nmi%JpF0-E*nqZIs$vs0WSsZ%@zN{{QTT2!{TRnbWmN-YWb|4f5}{1a6T<^ z^04{&{qG<@FU;g;;@r1~pRY~xv)ktXFh6hp=aKXC546^<02%Q4PSVjM;pYpp@bhxo z9d`Ux<;GuIv*_opTF0Fuu0~Iib4bk*lXrLL3*4Ft>F6{56g=I2c6Oeoe-npc+ie{7 zMetyBv}`^;lc}fRxr{kt=|1HPr+Rk3%8R$;Kk<%Y52GKk+R?-}_Vv21h1#1h@L z)H8Z~tuvU&?`NIMB|5UDjGWxi}nVd-i4C+O*i7?n1t^X518CKFw`rzUg7jF_wo)u z0xvcA1va;y$}#Y4MvehqH#}bz=}*qej5F=K-BsX#STmL5#rN0Q_6F~}T^TvVxFSWg z1+OO-($*4U+dJ^p$*p(aP3*js*tyP~Cwz)Mx^@BE1<1mM$ifn2p*l3$$inr=!a6UP zu4~KiS@7XA>m}$*KFcQjk(ifjiB-7r@UM(p@?hIlt#~RAfWIE1J;h6!4^iBmPz*f+ zoao&cV=_AAO}t+wc{vWwhmsjPS7r0$m%`)OY=eKkN_p~Go-7U5pI-;x2Ic9$sg)n8 zJQZb;rylt8xUy93n{W2X(!DSLDP(C%c3A=jBTMj=m8C=A#K;mnqq*>uEb(lHEMYs$ z{Bkx~^4?9!l6^LdEFFZuOO7W?@OmLOb($wflaV9ljN1HjQnTgbBS$UXoYV>B2);J{ zKQdzcf5t31vh8XQ-;^A|zebL{F{R{a1o)8r7&!u;Z|42~^8@6_;xG%oPb5dmP1R@( zNEZLfFGI6OC_n!SuLkAkymwfBzW>tOE%w{Gi>|Q;LR7AdWpgH-&*V7t|4)2zWwWIUVPD& zlb*SOdM1AR>X}vt>zRtCs&?msXzyP-&!_8|yt;4V?j(MKYBVzHzJVhqpREiZ1fQ)E zU;akfIp#vNHcs{awk}n4yEx-7A+|YERfQ@HqRa1mi`jMiJsz|SisSG7y+|AIOT z&MuL!ta%yj`E2W!m{VI5^TwIPz9?SP+MjO5YSy>}aHp{ge-?KdzwqbspO+h_JzFEL zxafH81!*J3Wg$EvLQV%9G|# zR+;sPf&C8FAxCG4N3-uysWpkjFmKzQ2en$iM6BfBqcRt{)1C)O`U&n)d9`wtz?a&? z;4FBZbzcegC~)Z;a_3T0dsv>4eJ=#Y>A?G6q+TyZdvW+70j~~lUHeT|h26bRwBK1A zx@ujFzx{}}$4UGO_S_<8e=+{Qa`vU-gCX9@@Liz)6(0R<9%!w{2g8{^t45~<^=Zxs z>0e~l24tB(>#+0f+2_w%IA@~=+PsbPXXH22@v>^4^5Fr^pBY{wUJmOTzOm*3x>fUz zkCJ`vtR(x~8Dr9(UYcW1&6`2fq2|rZeAx}i@lDJhg*`MQ`s_*7)-AqeLwHf_txXk zSN_dcJlbx0GxC2Zi~Nt2zGnaJ;qSN5&i*{_Bz=wiD}N%ros$3ZwkNajQoG^IPyQ*wHJT*Y}#IoNdB|%$5XU568S%9&VxwrFGAk^mDbhLc z6(z>eJ{9u{-F-yQBQLiMd!C05-^^a86<%GNvBm74syJxpw9w&7Vj9hjC1`It?Nze( zh4kPAyN{x`SBT;o_El#MEN5VqIc=qlS421Pp3#-wGipbBm}*bALHoz@ZYesv6n|to zXR%GMFO6P%ii>;cSjpfwJ^b$W$zaOAH1d)5|4i-FI_v+l7Xv=D=xF?K_Q0-nBIQZu zH&K=S96`VQ3-ri5Lm!sK(JocBY4{s}{PRyeE=PdpewznR)gY*7+l%lbf_#F_@*;dET6F>8PE1moOFE=gy6=-dzG z6oeDoW)*GLsGjo#ZN5ixpqRk(yVU=nem#0!>d}jh7*l&3rsxG<`S%;rdFl3il%@@X z&qq0S#|Y)Y@I(5%GqbiN#Se_ziwT4EbP@C>@xa@*zru{UgZEb;9-t=7!~=u&SJ;bP zG`SE%quj0C*gl;{Yj6&(wccFkLUyL+wrq@;=klC$N;FPB!SD?}is3)mOUAAk@%NlN zWMV{*r;@aEUdH< zeAmkJR%oi6!9yeDkDvDrwx?ehA%Cng{Fm03Vd9z`<#x2+GqFwgL9dU%UPxc^V1C(y z+4A#blYhwMH&ZiPf$Yw5`jv-H=k;<^wckg2yu5csU=Ehwb`CbkL&_@!d1wp%wq%-n zt2eX0!tN*21rMk$!0xeHFW(t@Ywtwm7`x#EvmdKy4PT}9=-BP~x6s|_kScg@7CbSV z8m@nK_ZiooFnO#ARPD5CiI-tBY%Os_`{L1lN_Xufc7wlCy35B~e!j{T{|s?Yd=tmk znmrS-WwHrpd-Sk*ha`H0GekzFZ?f=H;xi-DH`&fdk)Aj6xY9eGzLDNv>d{>Lkz~{Y z^4r$?Uya@f)=puopZ98~%w7byn0fbHx8A?KINAv!#5rbU-+)aHvzaU&xltZfTq$n;+2v3XMNDi?aMLw zIJNc3KM{Y(m-t<`s}tT<{?K}mVep4^-`sbAKh*Ck`u$V!$IERe=8wEL$sdyEAb%XV zefaw0aM)Y_eujLaaq0C#H>2zBK&J0PPOFf;h1ie|o6jst*^q^nUls=R3BO08Pga=q zL!&%>a=BSEl$?v)H&AB`EJmNuztJbyG|9H;wx97k*q=`NGxi1DW7exuTO(gzXBL<> zMA*Ri4el6TyV<92kXf5QGa5M%nKF2)k#Wt^A`qFC|!Qd=ln8`(0;U z*}SvKs}6%6@0APU)S_S!F zB=bZ6-Zhy1fBQc}|F>;j6+S$^+n{-&HZKkww61FS^v^pk{kxV%c69mZ|MyRfnEtD^ z2Oe>rSCd`P0At+jEt&u3KMr5!w?Utv%zqQw z+jx2Laq>UE?i?)dUl}32v&G|DLpPMZFLCw#{{niSaa?*QUuVDU*QM(t+rIgaK3RVg zbbp^m_u}Eu-P@=813|j8PxnaU@td>I|JZH+U*6r^&U=qbf606CTcrCF_<54|_1_u3 zyni41yjgkgNDh|w<^P}FZZ6L`_qgf90TJ_#h_#NbagZ@hLHn=03#Rc1~o0Y$JY29ADP#Lrktp z`RX!aVdd&-)*oxGSFVirlq)m+_|6T`yXs5xH#W8kPoxfPTt##N=O}j3p7!Q4zI&CI zQ}y+y_*naNnpz-R_vJn3Z?lVg-PDE=)2^t^DCI&W=5-I!Ev;l_lQi)s$! z7WnPUEj*tkSJ~#}D$U*`D|7}}-B{%o+8XO~qn!=FyOKCK%y(cgxdr++xrORmKMxYj?>&vY$@Zc zbI15vlP~u$1==r#_H{O&nCs>q6rb~s_9`v zkDaY`hTq?Rn&J^1Xc;RFf8G9;1ic6=(UHwdw7zxO+ycEnROp&DmZ_ zy>6Q zza>V%qu0&Tc@!rx7kEnR_3+n6;IHpE&Xbl_FGJ6(M3=cv|JQOk7uq?cZ$7!GLwCW~ zS33PKE^+!_n&tG@lf!bH4@F&?p<~Sa;wi1Cjycx+e%@2QEIBt~a$n+k%NvL8g73lW zi%TN31K+?;+Gj(&r1f>bg?|U~oD}bz3cp05%Y)G2#YGoWs?AzMo==3w(C105-=!u- zc|7%H$M9|T`1mUG^yZv~(D=TSdIskF#K_1=ea~V8UL1Q;(*yL;5gL0q!o5!eZ(Zo5 zzKi}iFy{l{^(kodjPi7^3~aCDa~8a*{f>7!p}wY<2If>Bb+&GHLiTe7RG9bWHDw|87xLQL zOfJteF%IeRQpT~Kaa1yn(w2f~ zi8l^227YTiG5T=xgz34ee_eR2xfNcq{(#wU$i&~AJK&u?p!$nf@R4HJ*BZ`&cCNV! zeX!K?G2FI7AvZ1%pNL0x(5`r-kG7HR{@>R+(RDee_Qk2={e77e9hZZS@%mNY`m^yr z#R~XunfDvh3 zZ*NWO(viTYnynJxs{_8h;7|K#){MP(?FL|5_BO)z%n9H-91gqtb6-dN5YEepA7YQ9 zdmqPdc|ty*d;ai(iJmV?%yNBfpm`%_H)#!g`=#1f?)>N!@$8kFm*U+=RZAG@znQ%d z4Gqw9*g4}@Mkca97kYYnNyzY|>V@nxvVkGqE2XbEet+b0+IGf7-$UE6N1Xna_jArR zwNPj4ce7x0=LVObRDWRl^UKz1e=KbKnt6PWSEJAF#=pVOR2*hw3awu*;(rwXqxnCH z|C9Nj4NRR2X%l}ycEsdz|#`y9HWGu<=&oibz zaIggbt@gcqmhuc|)LjS;mZ0my_!aW4b0SW3v7W_tkH&}B{U+}BE#&t&x6Pau{6T(K z^PH6#`7f%q?BZYJk{{a3|3TLJOb(St4*^F?--h!{?DI0X`0d5m1AN)T;N*AB!~)P# z&-UT3y~z77;djKsr{i0U_58O}=)>K|v4_3Jd-3Bs!>6`(-As)U{%6la*aBjJKK%Zd z9wbh~x9`RGJk;d$pMvlHv(V_Km#a8)5Fho^_}>-8389OfIk!M#cTE(wjXrvlMI#`s=b2#nO- zUU*~WJ-^<8H|Z<+1mii|*u?|;63okxAk>K!pa2TtjzO~eOG68Q~O^hJ^sB?1rYQdfOL^Z!L>W&>}d^FDQ1EY^MPt&Y0-s8Mvu*Dvi(00itKm*Ieh7^NdN75uD+UIs&g>Itx2wZiJB6P+s}tL z(pL|7Q+ydh=5tCT{o#vPABg@^9)$f=j7)y$UB{YNew=;k+b@W|#UV(oTi0$?wgEhnG|qMi+-7{kP?1`h7#$Fn_=9Ubm_P(!M{VuswzFjn2I| z+2r7Q$uC%2?tjlg#*3Y?hY!6lFz4|_HPe~~1}=X9x>)<^AA5%V1W$+VaN+c~XW#R~ zoPjgFw`A~p)}J-?GsIT&7o>eg)y{nDjm-GXjc3kD#cyVf)LBmdkzc948`_PJ^!KmL ztfRMmD0aKf*S_L6`SSX+@y1Z?$9(O_kJJ8TCuqOO#0%;Cz3Nv&aZL-=_R|F}AA|9F{O1 z;pTn%KGPcY^~AHzC}*nSw_&dm)`g7&O@V&^#Pc*()BQ!a8G;tgJm`fjz(1-d_4pIBGzebKPRo{Q1(_hIP zSrzZ=Oikq}Yk9u{9<709(uKr5_{rMq+}$hqG;kG%UlJF>GstudoC!xs@DVO>rkb{# z^j->TYrVmDx{VNRw1aQ=*@@A4^sD@+;w81K_QkKN|0F&`jw_-Mk0w5&4lbnlO!l?p zY}dX{h2MEUU|*lN^Cv<3nonJm<_U9&#o+H9jo4A`^%3^RV*EZzJ%m{!gB;2S);JBl z8(e+i>M`G5jox*utNrzqznPzD6OyO1=X@6Za=6OfU*@3MU*@coPSYHWXf8V@x{Kzn z98OHh;TFZ}H#q$ZoFo6FXDWH7{!;l$CD9q+E>;D9j&c2y&_wX}qV|bTZq5bBKYH)|Jr(ebli#E{+o!1mjsf@b(Zq@s@DY5TL{FQ2HsPy0_~nP5Tqrg@ znYq$9Hlk~asU2?88o6TT8J=a2gO7V3Rq~#>H^_pJf z1U}LkJIK-%(l=M|%y8tRoOg$m586|^_?X7#So!$Ls3GKIg!KEc=!g7e&<+{Ppxyst z?p@%cuFm}b?__f2QnXUF#Wo2EAmXi6A*pRMAzY=d7U^Oaw+RF#k#;S$U8UM4T)m(x zgZ4)Y?IwUAjJl;%TeEI|1X0w*ZV}sRYrD)X2^h6vU27_s|NC>k-!t=_VS?bc|Nr0D z3p3x_InR0S&vTx04%ey|vhpFkNp__tg$pAu;MGsdeB{pPpe#L^#3sq^4$mPY+K=|r zo}5^HI5sO^Y48ATBpTP zNN%R)wjn>Ju3NcRr@d{R;)^zXj85!@DbKVb(FXVuP_6s@s>Jv1d|kbzvTBevx6Vh56*~ZHoGVPD#Nw)C*JC|1)f9jETo*7;xAC-45dkS?9 z4ad-_Mu&mxO09b(hFF1aU2c3MH--?8D&Lsatp$;Q=#PFfaT@(J`1~W&4)KHX$ckmO zzeQ&JkRLhRUKp)dKb|!{zVR>MAafW}iy4?AwE8p~=L$?md18-9gA>3!^ zR&;rWZsqz_-UDBT2c%omvg_(i`AV9{bbTbhj`i&$SC>P_V)vh|&*Xh%XPdn-)UZRZCPl|7U!Eg+MLpb zPoA=3-L=m3YgRh{ykn=iUcRo;`O2CV&P_X*!(O=Yl;!I}MdT^4*~WK!;MiJ~eBj8% z4~Gmtrt2vzUiS@h?t22AV)HQW7+rrnk6f4Zg>rOx&R2GrwTs~80P`XK_be_HKdApG zFk-{|Vm^6z*7)b?{2*&MJ2Z!E_S%3SfAeedA@E#kUz7=~yDD(*+W>4SnGL$Uqj~Zq z`eM2B?KR-7H(AuSZvM1@ISVi)%ig;dw)ik)t-__%%U@2z7#}A23w8V^i(V!8z5e}G zPS5kkyv)UoY1iAg>}lH``DU>6ORT~&xhM?+XkNoR%}kL zd~l_h@tm&-({6 zji9-w^TV-v^k5_MlE@2dzBfjmFGf3$A;0rH88JGJJf@Y|plUgt;=_sHO*`g2(z;G@ zAMcLDF3{G(k<8#MVL zwGq97_e{+K=b90BE8qAaI%fqiXm687?1gGmHHVn25&Xp5Tx+gSd+}JfCgnpP{6_3AQq>|Ieh2g)zzmiKHa#lAQFaGg`<1;D}8@= zJMj}V5Iyvr+EE++Z>_!)k8b$Kw4VEiEdAD;rQiJfM_pm_FrKbcTmM8`CsTj=tdZxm z|0Ca4bhq;}BRgC7>wJ-$*-vSg_`OuPXI!E^G~e+q_5gY9#D6d}^ZClEdyeB5$bWF4 z;{o)L>~|8LGPMFDWE(hBgl}yOZE0$7W&J8IpPq5Ah;|19r|iXPz>J?lJk}u`T<*iC z)y48bi7h&w$inYfV{g;*i;M$17V0B8=IVS8w&PuJ(yA`;uMd`F5S34kx%56~4wWF76Aje@Qqe?At||OEbP2xUhcM znu07p?DL;;{V?d4(+`8T8Gabo1=P)D`|z6k$?(Ite)rlOe%P|KuP&K%@s{PMd%oF$ zYtnK+`yD^>>1>P7zlDDmw)?Q{cI}F2`2%3d<)1y9BVLq!vbx6diJi;c`9*UPy63fDK8>kV8>ub7-Tdnh(2j)YI5$d%QT znh#Qrz0}LGTX?=6Cw4^U6jNzV248!;bb6F~7a^Z~Pd$!1|D-lb(ZRLoocVl*ER1J7 z`z8`ITD~{=F1}S;%1uV$wX%zpf2|4sIX}&78`$5k-16E5Ib+7v1LX~x;iF^t4Oz(G zH?Hf&Z_J%2Z(zokLr+*AAwzdCr>pt7jC;~2o}c(x%ZK=hOSAMviJ4za>r44RHfJka zWAN$IfyqJWOmwPz;agI3D8a~;FC9b2eVS7oh>p$&q~n{hlc(c~Y&tf0I^!hi_-ASo zPK1uH@!kicqt<+Qd&pZ`;kOIO@qa4!T?DTVMh1qlzUl<%nI+Hrr1z~nCp>!kh9#_9^jeanBT*r4OYbVcxejD%^B#(xERUb^h zwoxy0BKq~ay!XNMYi@ZI{k|~({qD%l9}&ySM*3?pMrn^AbgHe1+QW1A4011C^>RX* zuX;QslLe8=kGJms2l7wGZhP<8ILgKWg6(n-HmmcM|9@!!eet)1cM|Jk&p!cp%m04@ zZxVR(P5|Ej`BJ7$Jsy6yWyM$R^n=f@bas*jv`4d zU2>;W?U;J=@!^qqM<~PNmH0W8Ki| zMsIBqvGpZM@)`MOIi`j^KkDEolgr`WYU)Syy?sBqGgO^FDNxNER)_hnF(kP)^#KX+ z66boE_f3-D?6=jo6Zm;&)=uCCud{UBO`G|QW#OGSO;<@I@1ml)apn3_vLl+XeIG+m7<7}Xb&XDkK;)%x2 z^TSo=3-2Bu)_M6J+I8bFYV#P&Ra@MB`SXdJx>)n&-ygV=w%eFUZDvn;d-SZD1#CA3Ji7ypS5HHPIpZ_5uYs`c(`JX$01bND-#o;xjz4<(0R_Vk>U zhdZ+3Rg>4bk@+R`vf`47dDF&MV+kJLTislmST!YQ84*nlC5q$y-)HcFH%}72 zI!hljPtrPoy&IcVAKOVyLv(_}+HB?lscjX`#k)!5%gp(pFMj>6jA@+amVp`CZ}8S> z^B!|!&LyRljyrG1`bGKLi^0LIzhOTU&Zi?D-kzObSb{!?k>gS>@v{F;`A^%A$uo?B z2Z{4d&XM<_=RV~b{=m9rpZ~P4{7KJ$0yfpPjx2*GSvRr~IJGVwo-lA~jiKtD@|jHt-Y|4r=H7LeN&xSKJ=2FRPDiX z>cm7t>A7o>5zSr4v9aVf`c$7XPqYLcLrcaKLubU#V642qo;EgvGwm(189ZDIZQG!& zYBiU8v?Z5s<^vpXA=$Kf4dwM`+x^T2u$w)zGx>C{k4LS(I+S((i`7#alWe4w8C~B% z-Y%4$^M=pdIqw+y)6RLfqJQ-rbK>TCyL?UQ5b&Zl#1EpMWX&&UdS?5&d&9~1d)?&FRo|!n26X zP7Q*4yPm~2HjV3Z-na%_zn-N(lhkUchBZ-#e4$5`-!HpZbqF5~|Ad-V&6DIQ&hvC; z1$0}6T=k$kkSilwsx5Kn>zv3r&_udPYwEh|G#;n#Y`(djZ@OwUM%R}s_G%>D?}{U5 zdEaUOEa`-U)OZw^IUVfb^2v7e?N<6PzT@<8aUfL9y4VS#yTzrcpKTwTp@W1&?bYJP z;|qgw<8h+)5F5w%kt=^K!n^%#Yesba_|1Sb;!d6CQ42iMgSF^Yi;r@~wuG@Iu`iR( zbn!8%6F-q_`5(eX7qto|zbifkPUUVb?0%h^A;-(I<{0ce(KvUG=*hp&)J5{0fT3fh zr;{u{HfPbhowXFs@biEnw4*KP+?S_y1dLsB>^`Gjnb_jWH<>SEFKzOK)%E|unqu^} z=n_L0V^Rc?8d0FW&{gs{y5M%4vE@CU` zsYz9>9i#Zi{OQ7S?oBFVO$+}tpSl6sn|cj&{E6c15C8Js+L7q4Nv?mj-S5}VN7m%m zM$xPIN{`w$KLLEQG4jt;(;)wbHM7{b^TUVVJCbRyw|o1{zzd3Fa`8ewd@mcD*WmKP ze0advD(vP&)`cl1kzMuEU-J8R(A94*ONOalA=6%pSL0)xj(4e#*(kjtI|wbb_l9B- z|C+b5d}o67J9cJ|!`3wMt^COBafs*h7@rx3e7s0(CG4Yj2ECbEBn<~Cy4 zx;U6a7kl@V_eQt&z6O6(kCzrr%FDy$H_P6Wo6vwye!?{;+>bZ$9ZRbJMH+- z%KFRYz{4D_yANX^a%cFxwVn6|>eKk1^f{3}>k{Y-27?&Y~;&g!rzyzU>5^vS2;r$z9PwFlEp zelxwF)5sa`ttH0U*Vu4+7+u|0&hPTp)7gtKQy*-=#+hfK)5B#vQ=Dw(R=JigI~V+# zzU$I+&?D&EuIIJ=-;tG1L#`fG4()2zzC@9+-%SS>$l1BT<&MS6p?UiN>{5+wG!TAc zUFKd>jwd(WS@PogW9fP??3w0}v*$dw`)j11G`^Z|ZjM}ud_Bc+nnzZwGKYT^%(2Mc z!T;=;?zp(O?|O1A8vJ$^V=97|28a57_x~b%yV;NZMBw}J|3~muu-4#2;Jf2^@ELwe z)3?7rur115VXV;!*Zcq-Lf$GiO!U#(jXYQF9`A*hQ@>Y^t;-{px!;^4`AMxgFgbz%bW#8E(N)*gNBum{0;`I7e;V%>ez$P_LEt#RcmhAZZJllBX=lW$uI($=ZN4>h?{$CAIfJd^ z!n@&@0(`0w(SO~4>6`!d=F5T3H_Lf1fN!+~Skcdy1c@=^OXm?|{8Dh<99mpXEl%J} zrz4Nw6Uo8WpBY;83^3LghZfx~|A?II5^!1WEZCv<%K2W;upP5Tu>TN!M08*0|J0M$ zHSf00HScPDz1j=W-f8-Mc4$$t+9VGg)nBgVqnA6^n)kJqr2azNUz52fTTx%-=8Man z>&!jDy~Me4Jn=E`T<^PgwRf-CcW;_^?eb-mha8n8uEP8 zRcSq}T8cS78ME@`?q`|yx7&;5Uo!`IF@90&XTq<)dxU(Le3tZnXu&AwwgH3u&-Ykw zA0lpwVh_pE@1i*-@=BF`ax}>s$E0 zBhPO3A6Uw_%ZRaZ`MXx1eayr8Rv)gV(k#A9%>JQie49Ajhwn8WzC};TykIoH!MS1{ z`RqS#cjqyJz>=g+dpUWu7Gg*7aRo585buT18)eW%G!bnqUA{FCU1-~jiBhz{Z@5Hf zsAlBWxqgkhjuW9tg7@B!CMMTPn~Gb0LJs}?XkmF=wqxhaG=G0ke2+f?d`~}*1YXJGU zBRgNtJ~~ckFuZ|1>o2|A*5%_;KfUZ zr_noZ?h2X8h?lsoO5^Sgo3F^$AGvgc`0(S5C)auf?PvQewe|jd#+Mae;v;q9bH95p z>j+w$ZCblF7x>NGC~+)&!v4YM5f_m&!9J&IA3Z&`8C%%Rw@)>dSCwOHWd};nX76Wk zzv=tm-@okp9d9oC{%`r$_vZXtJJ&BiQuo4&;`~(w`2~Ax$Y%%94J6Tr>vx=Qg0z>U zy=Anw3^?Yo27r41y%k56-MPdGt`Z)uDfDuB9z4H=eu7PSe;C}^-w}RGUkNWSe&M~f z|JS3l^q*b7(R_w*lDU2(vC8R---e9fOX_?5Yp>9}%*V;kwd`nm&8-EHP2v7_Cz=cC7Gw~ zT9DScABR6{;a~CRF2+>;`474LxoQBN%eXRhF4wE6IWhB`K0BCLkTsvl^-A6&X543M zY*ReE+np0v&MZ#O?`rIx-Q&jW!#SI|>oKlvi_Iao%eW?nmh4XyE#7f0xzT7n_Wefi z*=TB*S2wo0drw@84YEAy;<6y}RcO^(MBOrRJp36R5nsN)20wBfYpSgsdZ`b;;s&QL zCtm1ZumO_bofce^_0(FvHrf_pB#-$sI5KxB~SCSqNeMr`nNiZmUwwd z>cG|!yD z+%^2nO&~A%Tx=CQcj4cN4k3hx(Cx ztwV1gZ1~swZXIm+w}AVbTStZY-t7CNcHDPIrP|5Unwa)c;cwe^qJz@ybPn>hQ<}?8BxV^V|7wx}8uaJO&>PsyTP*Wv?q}r@`zkT^9bqJH$hS z-Tl4FwLjI7Q;iMSz#LgQdr6sZI!A?TX@flTcK`VRLFm>P9TjfinPN-nHS<3A2GIvO zXwDC)hMJD%^33i=9yPt=JCY#<*lCzw|Z^S&i091tIa=Czp&{l^;KZo z+FtIIhv(7O@PXQD&uWWnwUxAOb^6-+RhelkkfW^taFjQEDwS(BaB;1+o~JE~$IFCA z_N+IyRKDK1ozidn#y5haH&$F+n)nD2B`B$K0HCGP~ z;63FOgS~Un`=-VRKSDJsn!l)go;?QH6EQ)4xB*?O9R3Ra&SidoDgQM83ICe)TxLmJ?G{0E21`4gmiK&MXL`>qqlX z*Z3&MjOUGgN7gn384u%_tMM?dR{m-%hj`Yi{hIU)yJ4R3cPZ_~d6vQhw#49pzsfl* z<=;-n$-u+gzj}W>6!`Fvy&iI#ncqm;8%vkvoYzba%g|$9nG44f`fuRh3a;y+M=dt} zr@-r2x@kXqjfuaK`5*D@{b=;xf0w3FuKl^5r4K)Sv>tXfYs_QtPCoqPz+20~X{)X8 z@bb~t_WS*&-M+r8-=uu?sd=37k#NuWsP&!k(c|-}EPqdjceCNS(yo&QCgz#@3V|tMzT?od6$P;~O`1!m05bGVy%oc(V0LE#vab=Pr$_EYvZYf5_*;THm;= zz9|N#lniFcXMkrZ8AK+H4Dxp_a=4U#*)sT%6Oh45-}s*OjgPs941QW#fWQ08fzMO< zu&*8ec`BMa3G%NVx=Jpo&+4e)UyGBsa2I-0^;+fplfNIOPTTcQTlZT()$-3alV8l- z4=+l+Q+%pp&Z|$%aQd1{m9!#JbDjc;SO;2-!@KCQ7!jLWTiBc4O=r{^8Gewo@2 z#k9*B&`GqVS}EDFx!AEFv0V`Rkk{aZpXWW-_SJ-ywQc59DS;dCA6V@X&|f5 z|LgT>ZE2L;K@6E!4rPY$LJX{0XxB~-P?O}zdYf`NS#g|X{fF>Jc6^duZ)fTCtf5!B zeoi$a53BA2yesC=ep4%<`*NOToB@dz>u=fB<7x|-+`Gu>r&ynNpL!q3} zj6WS+n*hJ_`Bv>{?@;YSxRH67CEU{Uvsz(iV#>*CT4Pkx*8S>kNvOdPhN9w6Eg>&~Yoz`pMPLL&h`dr85zV zBL4u*^vyy1wH|1w`QjevdJtMWfxJ~Q?@sb2| zR9s?k$nW=5Hvrt4>!>FObRM{sePI8>wb~P8BJgRyygFdl-j^%L|8)WT6kxCA*#Z29 zrNFMe4=k@~&u#Z?zJka(;yGZ^w=u?`bN9M=SG-zATk?%HhAIm`GI~7tqre>U!LNED zzii4U?Lro|0I$XKCSc{PMRUf2U{(JXR?8<2a0(9by3PmG{w8r??g37-uY*&#YM6yl zy6!kQ&W3Sw7L1k`{l3iV&mXHha?Q_`9EU#(JpOzti$A;GAqIh#b@1j~c(V@P-0kt^ zWZ?_m6ux>GZ<29}H-$6trsk2vn;y=X7yGoybBgDF@+Q0~eDR(5Q#cc@T;447c(W+7 z3ppKtH_ck7fp~Mak2fDc{s6pbVE6OpGT=WE-V9s#kLAq___OIgCX4PT z!J8hQT^;r%;Cw&cY_c#O%bUlA@jdDl{PL5*o9N0{s6+DGwCwdsW3&9{UDSjv(cTed zBbcxF&W@Sr5#=b%y=%sYH=_S9=bqcAFUG554IKUbm+h}ERGrIT-}X`YSLyn{*rn*< z3HTB1PPm{lRK1xPr-0aNCv%=UvtwhW6Rtlca9C$GEiHEERK)LE>wymN@SGP}ei$5I zDp^3^p$mLuQX&YNYp%$ZLO7`Rr!;2r@p+705Q! zmr|cbn{o8AYK6Oy6~*0JgQGY~?>18NCApc-^%QchI$xlK^@ly2>v&t!=&HHY%JJTs zkMX?bNMMo1k-$$=T|&)~Qt!HD$A`Hd;jG_3+8MF;0QZ|*Sk?^TJ}}M%zJ=ynYMYf0 zfA{Fl52x-iHV>XPQ=H)5XAB(0y^YjPcY~{Iu~(a&yuF*r^Ri#_-om3R?`%a+m_2}q z_ce!b``h?#;I6gUd0svr>r;BCvo~TFuX76b?k*Odg7`cu@7&(IjtvZ2#hSHn&8e;oE<={iq>VT-o4m>C=sDn2A3~nG>yRt@ zQY?{{%M!y|KYRn(gr~G_F?myKht^SOZAH%kYEa=D*&f9vf=%rk7>H|2=zlt~d^!K} zpi%r~mqt2Qr4o9?U*>zhn`i0a`J*Mg+pO;y6Y-oG%L9yU(7B=N>-G2IQ1zXRe=PGH z>Qm?S)R#Gj&xJR2o(48{)+^BJk37@;TK0R^^?&P{d0G4XDP6x zcbzkA`F$L`e!v;ryX_;6&JBM4!KQ^(^_(5N6@K5$HwT|H)vajS~EfFUB`5fkD0VSgTslys&C#Cv|G{VcVH5J>q>M+Us{0 zXHk7b-!uMQe1Cwy+t3%+(f8&MYc2wXy^4hjnn$PlK2(x!M=^wLM>^X6Zu?BYoDX+D zxTxoRa?O_=8VXM|S61DR?3#P%fDe~&6PuCs0-m43^8#qz<$KOv zl8noJUaaTv0(4A$e+a$Mg>KXL)Xf>4(B=&4eTFf1z35ce1@hTXFSu9rc!7Yc8)8S$ z4KLCUyqMAr9xu8zU4tTTsE$a!GG|8p+V^|E@Aof#zn}B{e%Aa}UUpDqkNGWKGAOd! z{JwRE=GZ!Y@BG~S)>&bLBLD8Y|1;n3M||)6*!*_q>UNmlI@ftniI?BQ8ueQ z7d}sOad=ra4o?g9JxV_oU$X1|dK%#-2)+{FOLdFFnYjnPG}kP>@i6k{hetY~o;U}; z)UBZfH|Te>r>5?!4#(^v4Sv$N&W{Yfgt$t003XWJDOZ#LA3BS`;-nG02aopu6hF_@ zmMFKY`H@$t5juv4;F%9)jdu_4XYdEO%^t64_ceTK6SEq8gLh!q%lZiaI5T{E55I3t z%i>Y+Yxm;xx~>?UZw2SY;CZK0+Vbm zcUoR3#pXPWE-yh>mdKuBZz6Af=Y<+_Mbl2beO)oru@19e@S*s=TTR1}#Sg^O_`>{>UAH!w>*DtV5E!fRG ze8Si21J$own(eO)GI}hD{qBAJDEf#xP5K?E&sQ#`ezLw+K9f1KR&WZ&*Rhf3H=k2= zMWAHWYXwfVY@F`BieA+@zeBms!#_cW$IG92gS}V{t?TkkEy9KP5f=uAtQuPAR9{x$ zgkR;1TiNvMvEQ#uaQcQqi`R;=`JxSbT;9z)ErFqCT(9DbMOD{eVtx5wL%cB!jr^1` zoktvS+%ZjHKY08z!K-t4H8wl0KVlm%05;+FArH4>f$1S|yU)YzJmD5!@D1>r35RPV zgxmX01h>HP8or|7P`_{F!1MXd=T&_&Fm%<0;7PvHtJop=1$uuIHF>h#&*FD{wds1} zOVx9&Jweaodi%#Gz0mKR(p$pyzNW8LJv=nDrr#ObI~JcKEM95)D*o1~y&M13KTBhI zZBC&2Rrn=yOcuA$hcSKf{rE+=70=A6tv=qkTG1QIIe(r!)eQ20%URd9oIEOdW3!h6 z@urtYEr}eZmPWjkhiv8<8OrO8AiqIm2)#AF)+ye5bryd`!IN@lJ5;;G*~5`OEjE`Uc{e=xu2ZOveqT*loOKOR*k6WApiNx z_%Eg8gP`#&<-C=1P|PUX-OoNQetRi=>AR9Fc;(ww`e0S!pIeCR;1`Zpja>Y+Ku5F%8AY!Z3g6Jz_&(x8c+bUqVI)7l zf34OlAG(B?Eubn&MbMGj%g=nndm4+z6vGA=f$L|O8+exIyO|Tnm!E)7JQ6wV#vkihkZq%jBM-lN zbZytdP~S%E&Pwdg9_-H3*qsH;Kec0bWM|!dp`6H?8_t6X2p5O%ug+V|L`~DYbS`U8;`Wy%bda*?Z2gZbu)KG zo7a+yQ$Dc^-%;~dQyG)yuj1f8fnOP`hmI+~N4fX(Jl4&ODOQiJ!OYZtb}d zJH@w4X*Wt=E3u{8FFwA&n}3f%d`P%b|S&+t`DR zOya8?Yz$Nn(Y^#9379o+Z5`ATBL@fJ?>EsEx-VI|7<#tV1{Rg!_q2T%SwRO%W;*q^ z0U6})x#X44!ykPO-2WZFUk`q0?>`;+7hLoYt*XcG6b)V#4Zvrb27{qN3AR<|WDkv; zAsT?ILl?Q{bF-;Nb*f{^ISfg*q&DBbmF|JBu-}4RbCF?!-LK%GL$wCM4 z>Rl_BJ=lEFp!WvODkK+H$T|_lZkqQmZmO(O+sf(d9D;uI&{xTctu%cV_QuJ*h`+>( z>dVqvxdnamuk^{YlQZjvhcr(z51tvQox5m9ZP;(EP75L@G4e&4 z;}&nN1IOwo1|L{l{|G-a3Xi`_ZH|?dcT}gty|?*meb(q;=V)vgx>EbNogv(PBJzpJ zu04$o4)F{gtZ3yK>-l}Ysl$KPUpQp;r%C&#@=as+Ivv#YEb4_$*h({>jUMkSLT5>D zR)A~O;AlQE$h}G6OFDTYc((YA@!kw@ptCgmdUy|d__`c=_y{!-#z(vtc%hB-h-z5T zGvOdQcmp*Wu5aY}oClZ-Ax{*Uc8U}3C*HrFzVGMVe%S`{C|$^88W#6VTh%j+w!B0? znhVkXh^lLlU#eWnE6{j1wz{4+&*rb@-@EZGl1`qXEEfBUmkg`SaBG-?D1OFIT8JcTdYjI>Xzx6lH z7*_arAaCS(pKYPg;UU<7QfN_19hZe=1-y7IyjaRw8~Frzt?(Ll>Pv!!Jx^25kK}DD(sTSv zJ^upF^E%z%f2Vh^p-nHYEp71Ha)RdFDLjvXmvZnTU*F>EYVhSBpZ~Y=WE$HzkEW{c z%R3i-DXRr9?)s9v3%RaLU)S8_9DWX3*R-xa@Tg09_x~ySBX|CK z37zSbz_*WMn^iZV`iU;=aW}TVhq{_5bj(%%`N-+iLP8q{KRgDlM#3wqMON*x)<8zl zpGHR*pE=*uM@Qi+<=$089p#%pt9|%Fa|NnXGxS~N&4FjpH;Fy9IUvd6w5;)p*8cp@ zK;tK#$QZvJv&Jtx2p`)77jVWHpZ5Dx9bdAJabZ9HS>p!Y0OPfFuRr`VdxA11%~k8! zE`856soBscJw7`w zjj>Msiys+>?0N$F{MSbr7qIy0Q7w9i*T8|E{iD7UpE2$MbqKKjBn#G@>lID_{~yhP z|FixI_#gKH@c*5xF-&zEH#vnmx%doZ0)6G?dC|dq8$)NQ?|keoaz~BTsH$bovssQpqnycnC$K7s98N~ZPXV_(8HeI@on4!dAA#=4 z9Eb8H1(EX@hh$ds!}1Zd=WrCA+Qm1j^VvxcHck}VtSKza1 zFXJuvb}R7{V|Au})$E1u?k!4x-1`MJO^WR`4z(e^m;w&kh!K}64)A;!)r>2~EXaZ9 zJp;r=Kc#Jr$-*0=-3DMpFYYL_G0`$NCX#)aG#tMad`Umamr{%>9L9w&500)LVpGN& z6THF=FiXF!Acw#C{xUP(&8LK_M>mapY&8DaQ>QRDMV~=%Vtr@p?`Fg>(C<#*b#0J0 zH;`plrK7)Dd#sM0mW$tayZk==9P#@{Qv9y9|H@GpJm?p(^Xv_BcT z6p#ZM)l^Y6nSA&Z{G)F6WS2kHbroa3!mI~)#6kWXrfd%92b8+DU( zo;M$c{FOt8GU+|qO6k2EG>D?R$B zYFIrQY**|io%al|`S^VM@odZDEE=fILTIoB8laP^v?oFkJZpc1C!s?D{CqCw<9f8% zE}dNoEnJ?!9-$NKkU`0!bi-0lHwZ7_(ZDFWv;m{h3GkxTjcU{A1oWcj5cZ%K$25(4 zOtnc{(2MYgi7nv))30oW@>{hwu7u8$8INldfS0id4#8vev&*X<426;JHR(G_qlUW z^~^9=w(FZCdw>)=$Ysz2t;Pv(Jy_z25|mo>Fq^*!!YS z2Hf#x#|VvXZU2iFj=|{qM&{>yHpjwK!W@Kuez)bWz@l@BVOwVL7rtqszO%u*uBE2P z;^Un^^{@Rh_-J9ip@A{AFuxZCU-~{k{f2$-pO_aRc|xtci$~etNz}Od$EE#e|ATQ| zmi1o#VDCNZ$~AuBWe4wt)bD=)A3k2oYUULMC)c&WY5UQ+kX2X!Y|X^DM+9E$~BtaTbwJdVu`WQhePwHu+BKz|P`5@re4!rkUDWL0j6( zu!T9AR&XReo(~Ucp5MZ&Z~E8VWiOKrd#o%(xUV9_|^}HI3pH`68n)nFBWYLFvnp z@OTV=0$X_0>TbJ+?t(6C4ED_PrH*T3qSQ~s*SB^=>q1ARKQ*6f<}UFqcB4mw=+Pj0 zG=UziI8wW6?vdJiWqbeG)H#NBD4qzO8>lA7f7F~+L|ZrTOmNGl8as|pDnCm4UjE-k zaFLY#CVsK7TmQ)c_5?aiv4?DrIVXj78d%HZG+dG$=|*1C`dc`X zj`#|EEnOIe&bry=~r!j`D7`F!iwE5%$Jd}Z5`VbISz zH>u9URZR9|7=9>oZU64cjqJ(cpnIO%^a-*l!&C7~Y$3k+EyS6<@caU&uMPY>#Q55T zFUHp<9j+{;`ZL z$@^{KmAu`oHt;%^^&0UT@GpT)I(@;1oblr2B4p64$wW34Uln^k)Dys|G4$X=b+@GX z+0IdYK8Y;eLM+h294h`)YJDc}AH0g1)j$#Rpo(h?BVVEh*!ZE0Eh`q-t~sMrEO1qh zSb%%4QA6a91yuV{z**+5&*l1~Pr#2>=H!o73O@Qf5nb_X+9&Qcu&C`6?)l#Orq>N~ zeN*B0Ft}CUlkqzhk4WzQzNTW5eELtd>GLO|7lPNsPH@%`GPJss4~Saoqe1eZ_Bp zM|xX3df+cpYs>gz;7R=z18Wn0%h}Cisw8_?i|^3;s(te3fzJB9JEs?9Z?VSC(^aQZ z-AHZYN^%x^T8D*;xZe{!J>1P$Z-W*+@I?>f$M?9zJaf(nqial@$eu>4CvvTM zI?%S$O^z%&2c9M8F`7LXpS~tkeUKbpNnr7g9_JS7XG<533EXbZOP4-S9c3Z^6f?W~ z#wp$hPmEV_hv+r5$hq$n-nIHIL;gJd;+MbaSw75IuKo0q&nufIUr9Lg`#|z}FJb?~ z9_&N{{HlN9+R{LEkYB~`OQ46xP&?B?{lnetK~szzmr&0%2>K6J>_MISQglquE!Z$G z2GW|DIPGiAN)mpUa}s0743&fiyf5TV; zDc;QQo#>O->Kt$k6cfEd{XjJg9ux7W#Dkh0u-z*oFi-i@6>iQ}PI` z-SD*5wLJ_jmG^jnb#1CoJCFJi3-dHD=OmeGp9Bs z+5PmifGc!>WJi9l)dAOI`!BoW{P1Og(BgBNN8T)1QjX+y_@4TjOYr^rw6{&%d{+{A zkg;p7*upnC1E;CHh>10&gA(y$<$NH#-Zv0l(R;${mGqmvzJs;O9sW7An?B>kfrCAJ zc^bTeZ(-(gOGAAZ`D#>*{j~YNip>09tkI#q4gA(SeaV-dj%$(MEz_LmHSPn{Up|Y^ zv1Jx}zEgM9%{1U0s76ZvQxc@n0MC zm-}V>eH|IE=?pBoOYab0wVuUat^+(v)RQwNZe2>=U;dlwd!~xN^bPhk#`+EAKek|7 zyU(QN79UXXZdA?|I&FZ5HhDP#kM~zAck(UKi0?c*wfcB@lW~3;;Y*75H;HHPV=JJM z^4G)=k8E&rQmd7dQvGxhFq-ud@+q*V-~M_!Kc(E1a@{AApOWvV{GgYgGVr@P)6Ef1 zWi0ZQGxAeY2hLAjC7n`3|BOG&FIb)77tF}v7jUnK`U$^ZAbjIHhr5tx+2y6s5g9db zN*+pq57{(rcOj>uqmf7Y7aZ5ISMHuG&o{YY@=!NhJG|1%`N$3{PpP_0$)wI;lh5@O zaLCV*-ROoc*Ku~2V3}h4gF=(5?nZA|Sd@#BkMeFT6P|8h@WZqKczOJiZO8u2)gBJy+&0SYzTUs~RGw`@zUHOms~~a% zFl$UT_!BYY+}c~Hu2)kv=x#1dYv6ja?&Z>7iixIQnp`|(=$t})ANfhzdm+I+bH*R{~e>dx};`lLB;I}7{34g9uafaq2RD+k6 zkHW~s@SSqCw$E;#53RNu6gR^^Bo-iv>Gp3Y!ge6VS>$pxsc>3+tcIACgO97U0>s_{S% zX`X8Z@t)vP8zwJtmg-yGIUbvvkS_G=ZJU?)U6hy;+zK|ymB~xc4)MwMJ^91KPt*4^ z#i7M}&QxB!f*2*Z>R_?67#nAD@O~@sDwY(S zhk)-8I(ny5V&*T?bl2YK(v2mNM}SK(scj3F*}nnXUS{^ZV2$}r)MJU?(dCMp=b;nz zjW@TOlAV>nqIt5p;7>fAn%m{x-vgJiA)*Cs2tM)Jo)CL%0I%kFNBZoDo#VX=_ym`c zJ^B~E<#&`3!;QqRUn2c>_2BS2;1ho3^T|(50H1t3>h;aOIrG8qa^On>3-L&L&XMa2 zfKBJgG1~O^~J-+&lpIL zpKAKeoRe+^cB{vuH%@z}6?ur(OssB2CNkuyC4FvKs-BK~it2adD@xzKR-L79$*ZV_ zr)vcMlc#fyf4HpZ`I@{_dYdbqS#K>XdH#ogsoB<+=Y)?|IM4SFBlq>(#OlOI+`tDpLWGk(Q2=#@`6kG4|RY4r>G z*VKwGX>e(<`i%FVRvnexB-i;Y`Ct@b?T9_P|W`B3b{%kUI(V#iWSKdm}r z<(J@o9M9m57;M@L|Pi*UNDc#l|42YLjFL!Ff$v^S#pPjz=yWqc{zrYp` z=5-{N6@?SzgQAJN@H5|nZp1$^;ERo;f7*-wG6X*}ZwVd}d?S93(pMkr`>wf_nw(*^ zF720_z&LEzH4R@9y^C50xDpYOrH3qDgW zTzm0GUnFkf%+qqtM2<5C@mect-H|2M}y$#z=~S#I;mau6TpW$IGes8=`poFLEj ze^wk6+5x_+x8`VfQ;vJahxF!HAFuNC7;~(@^7)Dm|JnIQcfK_}-=zJB-{8!V+QFJ??{_V@3D`Q{tZ|@kDqyNy~xPLSLt4}xhFUZk< z*$3$V@G`f)Y3%2e-#E6OPv>71wL0M@){gl7raaaw$WJl81u>D@Kp=o#LBUsB4h#8pGd;lkd@d;ACQ%Eys&x$ctbLO)OKu zI26yga}zovgmq+tZ{2YXv7{en)n>OUcebD z`MtaFX>@+J{BzN?l34YN0cW_sjSb|*+;4`OZ_2r@by^ooXFZ4Rny&Y!{BY)+Teg}$ z%2R!uV&30SZr-of`<=Z1S-tOrc|)0P|5CSot_6?i{Rr=WlK1Dd-8S>_Z$E6>KbtYF ze_+YX$J-vt>TkUJ{U_4j-_Q5Jlkt5yc{F!CA9CR%zs7j*MM68i$NL`_bTs5JCmUSM+N@wi^YKM|cgvsF&b;Noj|A7a0JiZq@;*Jx zE7Ukey>r>qaVof;hJWnhTk{~ytD*BYPb&*|qjPmu%wTBn7JTBT^Ah$>b7817Fa)@! zjh~lwj{HQ7Jhxyt1nk7)!$+KP*Ua_rZ8I>CJD#=v@^v#`zR%!pocQ7KN$Y0LDRTKI zO{;3tE@$4SaQ{WxV?tuM|NC0z?_4-WnfG_Ghog&!Zy6Y#;hU%U=G}e&GIRYG+&25hW9&o|MA(&XI}c0q35{t`@$P%!?SOSi?7g*3wi(HtTAq&Rsfjx zS)MNETI~xbN#-n(>ESOA{qD^5;VlLyTfxE0tCr0i@r03)aT`+fJb8ALqD$r zzqR1E!Qj{(-%Ip=cUF5FsLy%Q@W&AMd#)|K`MkeG<9lu0%=ItaZ~9MD#Mjt`B(cBh%Nhm)IWXEZ#5dEoUwq{xh}86XB(a%t6-Y-|}XFI*}gy zJ*{hqjUyh$uT{P$0bjGx@!I6hd%o=}{JAUF0 z#^0gwKgRek;eGjw8|WJ!eS-9LH+pvu`6*(>>XqcDy7Ae_LG811bqg4iovV8q-Q82q zydcku180PhOZGe>C+X>K<BFfi1Al71#@*inwN*%dC1nh1tTxnIXlmWW#kSk z+**oD#~&NV=K15--GwH8z2gny*WJY#@oNkpIgXFqby1)%IVZ0pir<{L2_AY79(q8z zk<#AF;j0RGtOXt;_R5$~6>ps;-YTul;H@pt^E&9T#N(}{_!r`>vn+4TS=uoc`Vxmu zi1Kah0eI^{c4E56?V9W@368~IN^TpNK)u=-*9pO?vf(Wk|^;%+lf0Ss~a$8PQ049`9Q zURB3GhB|)L4s`kI_@Ct2eBm4)>H*-e^8)LDYZKSXkC(#Z?fgauptJKMH<3sD0oVOQ z9J7B-Kl5vIk(0^bQ1joqU;C1-TdPIGe)d3ipSLcSzuG@Mb=@Hu?LU*e@NeAjU4Kh^ zw&X{CNIy%}Po;BsE937!%YGN?8?NulQrFd{U*6lb-?X#X^m}&dd57uu+|;$<-Tn)K z^Z9hY(r@Zl^+xmE@%rp{ex#54U*>+=p5{m1;@+3IHxXMD!VbwU$tJ~uvPb!mi_w=~ z@V=2x;`$@`k@LAfgZuvZ$5FHU*XEt-JSrZVOnzw85atJww@&8j+L^11!po}Nmn+TW0HgY|eRR{OWWdBWz|sK!JJik;(YKrXclkdG|6d1;g3spu z1yfI+_}`tY`yKEkxE36f(G@vs$HA-cVd2tz-6@_-sy@idqiA7ZK^6-=SVnubIS zk0JkJA^Dw!8-|A$664Qk9`l%LUD(&q_y!BmAMA%^bcZ>Egl`WTc^wpaothHWt;r|w z^LWEr`D*xrlHnEP_klUu;$ZJv_p^t^@N1C~`G~R~{_i4lRdedD;q?1I*7r$`L;XY7 z2R@CiHa@kxo^i()``6ati?qyg4nHGba*}gcIelHD&u7VpZn?%eZ2Zjm&f#)m2+_V9 zJUk7oN%-U$;NA_+<(Eu^FJlh^J3e20j*&eN=k8u0Z~pdJ9^Hekk&o97&RiN(>jTa< z30HF@pX_%9%m=wA8zOshh<;h?-S;f}zm-s{*Mq+4;@&a(2A=(b&3}2k;>VMv`8~wk z{`n2zK-a>7)=6l7Lpad9MlChqR%hY2?JJHQtFvBe?q4f-W4FM2XI;G-D((B!iZ1L6AH9;JAE|dT3=h5`~z-i#s)czp*Df_T&V83D(`sjaS9}ZHpk(#$fwz?Vr0r+7q z{Llk#shMG~-qPNK*n;9fX#X?RAe@K}KAmy=t#t6?!0gw-f^!-&*hXz(BRnDaM<6?v zS6w?*969{bu{r>|*Kv?Bm;R%3So%}CK)$1V73qR@`qHxun}rTlpVn@v?g!h@cDJs&A^u(clIzI?a?ROVfo$Glr~e}shZMa zV7nLHL(D?{1sjAf{%h7|{S#w1b?xjqY;_I(5qXMZbmm;E}y*mr2G z`qe?`sCw-CJf9zAYr+#||GVPI?318haW48nyF)(O9i;DK%U{?W+2b>z(-LBerJzsIvA`fUYmm>AvYRhKVhtGAM`PhJ)3yN&1m97fMo=&6(r4o1H7Wppy{ zN$=iG9=Jt$71rz7SPY-r=mirCP}7q>cg$U5-i0nq`gEQvUxkq&;7aW(9_qs9k)LMj z0?|babT-WG=c|5wF>6Up9gohMn-AS=T_gU9sgF4aJgAmbcH<|XmXGN~Msd%;!`Q^< zg6ROh!bW^ED|;4>S6%ql7JEIJ zy`q45g5uYw-Ym+9Ut`FbYE8S~MaAQOn;OS<3QxAbk!Q>1XphaHvF*_xVWWS7@AEU{ z>v7=N>GXB&cKW)XCT`n{FYrt1$zO2#UU`u{7+-e!UQHBM9}X6U-)Jld$C>*du`=|| zr7N9xO7rr1A7)>;SOR(IVZOe^tFL1WThJ4es85oQxCvZ708Zt5+4wVF2MqW6<=Qt1jhyBB)~jTKKBKCF|B1KTF}j5aq)4*nN$&Uk3zw_{VFhl!1Sw6<~a4JSeCGQ&&h zc*W{`Xl>$@N#1(*0_Y`sr)wMAh+ZFOKH0=Z!X4ji0B6FT@HWy1+hsXm8puC=m%1Md zM~F7t;k$OPzWhD%rhd7VzyBh>_VIMU1JrQn+`rptD|sV4#yI>s#PHd1^rNviQ`tjO zegpP*I%Ca_7k+a!KH>Ye;nw!cW+{fcTyvfH9(VU~_6=>GQ{aRLgTEo*uZ?qTHfHEx zy9enI@*9I9Z~x}R<@o{OGfVfoV-h?8_WMuUQNb_>e7}O6U*9~oYBTheKV))};4c7t zL65!@UHWcUth_%Hp6!Z}2cqvXAAN;;@}(JTGgd%j*FP?bG`tUOFBENOFc(c5*0)ox zTlDQ>%(4-Z3wU5RJ$oU9t7vg6RQ65I?<1I%=>(A-&dRZ#>Pmcfk5wT(5(jh z!2abXW^1CIeD>LI1~1oxpBm2Zkq(v~@#15HqqHAX5?Kkp)SqNZIoxCVTj-08#aE1D z2D#>itOFr7UOc1u?3?F9r)KPht^2$l`@aKvxpVun6@wyY8(dQhKtB(9w44XLlGVAu zdL1y!X3X=^Qghv3J_&jbqYwFyewl6X$?U1nGuDXSu6O$4Yth}~sAEyi=@#a@l&fTJ zC(($F#9nt9`xtQjy0xLc?T0gMf7ca!*9N|^LFCKB$qSGb*5}+!?%b^B@Ni}L2fFQ> z<<`7vf2QP()MJs+Vc=a>-m*>%2d`Hy506y*Qz3FPF@9hxQ9-^K!}h zUi(G0kxP!jQ@VbUYvs)aL!9yK;+nIF_pwwp9HJ(ymU)8!_}QR2r85U1Q`i;wEC4O# zA2=6kZ_Z1@-~Xm7<60}Sg|o~ghZ{ZG<*)hzZJRq^VVbCPJaj2qg&=u1K$EKAd|`~Cf0+K*$z2nmsb~nU&-E3=776zf}bA5 z#*z~`2!EH<)>e<@{4n9EqyT-2Ob#wV#skH-?H`g%E?^A-G}3t@f>V0+a^&)15vXIS7SX0z@5&Fi|PGh%p)|xqA&EQ4x*r3Qbo*UR@3xInF@cV3m2Xm$^ zxG@I}6!+!w?JCt5Fds8M5v4~>oeXmP zpVV834zhK59?uSBJL*mX{F&lAA28@*@r4K!^7R;>fwLtDyA_A}@3P%mdMBDYa^V?8*t@_XfrCoaF+ zzHv15-9)}CPs{!G@^6$4DEI66&fu;H-X9E)4?}mJ=Abv-b#$up+j4%^obqXm$6G_U z@SSvxpRMnkP8~@0{&h9PI_FWJR6@PS{8w*%A-`$k#8(%2vu3 z7Tpz_E#X@78D(x69y2-Xq_@tRIelvTPuJRn>S@#gnCsZ-;e2?X`nBz&7_+k;TwjaZZx)cQO91VQvlAW@@;$qR+KfcQflzcCsF2l($y* zAb8L`M*(mu2N2}9{_0vdWgc|RHqPJE@0wGc!?&Xob~0aikTJ1uh4Jt5C3k$6A84&6 z-#mP$H-E|XVzs@~o4@3mnh3pzO#&B{{FYCiJfm&hma|xQ$a`Dy;dWw6n&82mp3R|t z&G?TyJ)6U|nJ4A%V$+{zYq;(({du-V->EcS&duipQ1u>H-Q-r2DE;KJcwBmA!S?X_%=<^lA*8*h92_;Bxc&>|O4 ziWh@9cyXR=9{;Hxq6Yjf1ix``r17Zl7{4{&s=9%Rz`;J_y}tlQ!KQgtE#F`t0%ElK zeCIH=M6;AmA4BPb=619$U-0D(%ZheH;DhTHo0I zg@={JoXODXJiqy@&52>Z%@_(g^Vs(}e=mLSU3O&IofDZ47JTd2qhua<3I*QznbvA6 z@9_$KCGe-_vfrX`lkpq z8EUrt`v*rSko%Wi@z!1!pr354o&gN4tndVXv?gtIvc+f82o#_OoU$& zz+~ZZ=i3S*%Yi9D|B^lV1zm!BoI`y{aMeV2ebDOiNmb!B(uKesH+^6a_{OU**`85f zGS00pkz6PEeKznJIxS1@_X2-(NNzu3=|Ek&*2DYxar$2Y-0FJ11E`_ z5;wxv_rM>k@V9Pr`bv@QLUe#^vTCeS^YAy~3#^65@nO61UzC%I-lp>i3VYAv3?-eL zQj9Dgl7CJ9UNvtJ-X`7u};aV z!N?!y_pW+%Hs|=^Pkjg(+^I7O(V4HHe-07v^Tq1dV+k*D?_ zU3;h=pBkOhdlhSbfb%tE;5EK^eF5Lmwwrq%6xk0SCuU=38AlL*Pq`w z(NuzK*00GwWL??taVrAPFZ_7ug_dibMbn5oRW~q{zxBU$_az#{`s6`c1IoU2gV@Jv z&}aC~9!#db0NmXj@)dt!t|AE>%jr{N+RWbsaCQT4 z4>;J${Olq0kM!*o20MSbDh2=Wr6Aq1?=rM16<%ctpL_77m{;<_RFCC5~F_$ zd!^^J-za*{&|G*=6 z#n__lYZse255o`f8N#I#S$QrvbKd!Bcd&5pO2*L*U00qBEvnd8kZ*O}a|Jl{;a9km zjqCxRva#ArN_cw^`H&AHUsAbP`K0Gp9y;X`{!}$&0PSD;AS_>zf z3;)9V_dL9-4bjxBg@JD8ecG9|t;VAr=M-KKZ^Ypxou#O{x_M4uFL}7Vl}DD}+3D!4 zpS;NBzh>+{8J4V?yy9&7o4^_I_+47>T>4$kMna#&<=?^QUT|Ntd$;d zdLJg9DfRSR5Op-(oT=k7nnF?!Ce(oD4_X~fL1|A1DB3YT3hP7_4{5x)<`I|rc+JiuzO?UHej6yy ze}~THgwO1pUOO}nG3GL}&&Q}L6q})MFT&4RNDVT0?x_(E!t;&D0&(tnnkNB9 z&AU{R)4L3M)bd_E@*o%wL60Q%%gTj4tL*_CkxwjcxdeAGLugndupiqoTf3^j7Uh1z2HN1-Ngnmjgj_jJB=p1yt z{0HI|OM{dz3jJp=#@IOg3TTk3`I!Sf_@)~<$*u{Vjh>1#e))QNk`ca>uSYDl+Rlrw zfEF=iA;36`8Iybfv;L8Ly`S>tN@+ten#E?Xk zyWg85Ro!bGzS_;2;X9ePuynILV)?I#?+&1Q&OPYn7}rA|`IhpzAKuhI>kigxaGP=;zmT{iw4D+RrM+7b?XU(wTPkoHtm$jk!q9a2gv3?Jwbeocra#wzarmRS)@* z9`Yky`NgZW--P^^Up&@7>kz(-e9D8!aVc$7aIdt>S#}V9wbq$et+ok-Jzcoi8CvL+uqj-ZQcA1Twrp+~ouam#uH#*@5^Z6|nI;P4{r=AR z|L^_ZOHe!SJD-=&C)|7g%Q??^_UAdzIS09xt&@Kgl%Dm;^pAgT^{bg%haZf8!F}mh z#mPp$zAz>F9Jo|$kk+p}o2y@qPF-kqs*z>B{~fgT=p_HaiwC4vyU`hUVK?4S+cx(S zioK8TZ-*D^qUID~EB$zBVNAly^?aTUFJWZQ^Dm7LiGS9Ce-?hSU<&IMOkC2#?_YpF z50?J`cJKRf-}l#j-;epecbo6BspJgJcf||r5o5j=86WDu_%0dt-~SEQBuiOqoX!Wn z3((zTpdUE}XX4p&JJ+4G`+c9NvFn}1H>XElkl7Cv9yo+PN@Azt&^81vgb(>}#$MIf z^;z0?<)G{aw6%7Laj?&=_R~!e%Z^0{cTRBz#=%QnSMV7^$FY}i7j~r+|5o~c75z~6 zxK1^u(tFAgD~=9)0=)wtmoP8M8Ez*M z*9vCAroN@4Ox+H3aaJ$q#iXO^kK=nWrsc@D&U@L9+Z@1ChEh@c;|H=*@;a(IZgJswK)53q~_F46KuXsP4nlG#o+aP>@)A^*;;JHbKq>O6Kv089P(3jhGq-?>2&BSyS^OXWj=Nt zd9>@B&`GlEf4ZEr!L<*Jf;hbf71|A9{d(sus+tO*utr}W;XDxC45I7!6 zcZsiG8Gj~U>l|M3wD57F#p)}YqtEQmpja@0@6(}J7hhHT04N3&EKF{EGmfrFv|vM5 z1*WB1iILzH?f)x1#GcU65-mJ>azlN-t#7EWaMqPxSz+cm>scRN+I+1!`%*E8pFZmI zi}cy+Z=W^Sr$=V?6AvGVOxsRfVVJW%@=7d^-vsYH1wSl@AC|!nE%1Zdmj7znuW@tU z*ahhq>6%jQBLhE3zi-7Zc<-;^{&Mcuk{iUX&tXl#KAq#1g71^y-}08`kixOakDlC6 z!rX~`piXeV{eUwqKAC-w#y~f4ohonxZH<6gi zkKe7#2cdWOCdC7cdnmkYk*pgTvv_#@5%$ai5A?a-53m2bWNvUUv?~e!2#-nO2%K7e zsfZ?0PW0zb*)wRpYrnfKGyg5#=o@F{^CcgDtTFtTIiDmB+-Vv!|L@T_LBEyYvkaV9 zGZ$C}&OIC%I9nVO1Iym2ucK~XT`rD2eK^tR!_0XHgXsRj&CayJ@q9Mru@6;{ztAr9 z(Yl66ag;MB22$I|*)rA?V@&aU3VNh?rR}rq=SHhXwQM{jIi)SdP)Ybz zZNG^vs0nF3Tjj4(j3bV`D~{?A4&fsM|6$AH%NDU-#l3I#3E+7>=YPi7^cv1%8EMD* zkM39#I*(-}xdI=4d(qW?`K~IUZ*)ZRuoI1xIMK4tpW09Yzf>Ui%bP1W>o?pNfF@e! zQi3cc(ETOo@kq{^#&UGObaokSES>DFbFeh{TbJ&l!zY3555RMJWQNAYk;t9L;PFyq zzO*?IEu)`O`jfs@E>?7PSkE^IO||!%c)tNTQ=IZVygU7#h9}T*`@$b3hM5$(7dyG+ zIod;p&G&8W=^Tef_PpcfmlY?eP1T2aGL+^ABR`q_n)1;ruR_yDz=7x}yO%GW)2zDm z$exbSSN14AHTyk$o%t)~w%c5JH8cuYI;NmuU30|Bzk4mj@9?PVd-A@@XT-TTZ#Czz z(cg0TISempZd*D}`A&aZ9#4-MN`9zu_s^$>E1LJs5BE>$3{}MPDx7_rPjYqx@ChI9 z1Gk$`7Q4Tj_PmGRW1LMduW-h+@8^1>9mjgrOuRL?dDdoU%o6i%L1d5U^46*S?@3<+ z5Av6#GvucUX3;NQbI{`IY-}ZdsM(jhF5*l}uoqUC*mJWJytBcDOL=*RYaOAI*nD6% zv7zz*+_`JFEz!`sm$nV=y*l_KHHF+BH6D%B!bp$IC$^y0W}prGupknd_RMV7d^%3_ z>Ba?9A1aKjFD7=sn7rYRi>AM_Sv~jzK_Cli>C8EP_$$x z{K7t#OB$5RqR!++#<1Y}$h7^8=P>qW|HX?+$H_Ho zm50>x6L|hsC(!;XYncx1Ud{U3Kznznpnd$wRcm{Iu^>>;I*1LfldTz#4MvZ4VUO%u zfP&ajbVhtUwiY|9e!I|d>RauvKo-PXy50#-tbiwyj8igYC$J7>hN&xFe z%=fSC5lcL^m{)q~`mxp)UFzxtPaiDG(U(EwDH-UWVr^PU^w5hZHyq6P zMY~H6RNDG4`l-V=a`24|jObVCtz@Vy76g9LC(X0&Jx{L3y08p&epT*y@6MH4(|k#^ z4LCHmIA@VN@T|X2jc*if4t3u9F8J{D$c+7qSHf>K&_#A_d~jN_JUC7EZ*VZYtAsU> zj&oV`uV>@8>nwQsDW;Ytflrsfw#6?KEF+=`>|3%1*~9*~v7bvfHZ6|LxE`C~)rp~7 zu1a7t%AjkqM7osyKd4*ypk!ZTaxRW8(U@o}z`IqvTS_c}ZP>Srce`nye4DA+2S;Ya&a|HKe0E^} z@huARzj`Xj&6Myr!OhXcxreWj?2b%J^+l$2l*5zoVHZ5k+LLL@F<9JNeW(1(*2&tt z?Aqw~L-q^|W3PwPhR(2BXwNR&Sz-CloHfJQWyA>6HVkE-a^trUaYzAi$Z+BibVVon ztqWQxo|qrPuf}KE?2I}g`z8OR7+mJYW$3gt9;LIR;3RPsK0fqKf+Og@TXf$xE8DL7 zc}!Wj9+d`i}(zw}v0?WEdMExEx7_>x}0=2MeNtrot@b@$AFqO;uDmxn*oRTH`QRVQyr z54qK@8TPyU8O2ly+L5m$Jyt@$)zCVEPpRvbIli&KFFg--jw`NP|3aqjb*bjEBJVN! zOMWl09pkz-nt(2GbhUj4-+r4D{q;esZ@gGj?MG0k1$4We7z>V&G2K2Jb`#p zzQ1CCe{x~Rew$b{CB1=ul)sek@`#^SviFtf*iSIl`P5L#Ptu(9b?}SqebU&_P^@_* zIvJa(_BxPR&CQwEmA3KWmmGwDG*s-&}bpr!2l=RIZbXGO~W|i~?I;5KXZ8hIT{}YYbvK(;X%RN8c%lA(-F^4bT zzYQIGjWe);Iwj3_zldB*Hzc+-@AGt_{4@E>F>2In(8UdxT^XIg{C@SgQ}Ty2uCT(VU4x%Blj)&&<|$T=^vchvPpz)|s2&YjK3jIJNx_otwB z+~aR|?jg;q?(bsuii^m8e2a4#<-gOmu^EL|U^BE|B>6zbRmb|B^u4ysy_1Z+j=Yv~ zN$06Q@BIs}OuzphzGpPonSN$MrXB17=hj7D-p+n}XTW&Wp1YTRuQ1d0?|BdXn1O9- z=H4&gMZYh&{Z?q7xOc$S*1yr&6X!&0#7FQ@3Li3w59!&4L@E%y=|Hx<_%uBBZr-~# z=e-+wFMd}bdL`?x=aK)H52xCm>$E4DbDr7Da|U*-yMI!&XLw|fa8|GNSgSuAy@j=J zsxMC9+gjL4qAx#xa)ZuB58?w=vp%~T9}{`l7YsUAC5boC3j>3L1-s^93#*mqWNh)A zvAs73#!_Gu&no`BcGBq$$B}2_^SJf7mz24_9`&NR@kSBxr~iCf*$mHqq@cx{&_(`( z@|yFW}^7tQ&Ri zk33-ZX(J{mWnLm!a&Tj%6F5rZuv`iIw(H6?LEO+*Tx8eQ z#mBfh&b=oc_dLFI=DO8O@8_Ko^ileH++IJQ>utmw>Fd{9opX+8gYS@gUG49oec^VC zaO(_wbQ8Wq5a~GcsCcWIp?Tx?L9zz5gAz-FortJH2;dM&Ewjeb3FB@ZS5Atqz@91( zC4VvBv#01p@s#p%|1sk92Jcy|n=t2$(+_pj#-8e&v=?}{lC!a!v8VbipIdoDot<`& zdvRl*oA%VmhWA_=Rqjq_r`da7rmrvWY0$mf#zYk>=`1JRI{=+^-t#u-({S4dqN>-3 zfXizBcz$=o=cYwdw}1=RmI#KW^evni+I-6LuW(-qj@V!KYTa8pNjc}eUe0svu=%T!g zE^=w=>KtTsT(mlbT+GC`$5#EXU!Z?(rY~%nr+-S0oZO�sN+c>)bu+c3{Uk1K6>f zt^P^duv%bl@ZQy2O)xtDXW9Dt3%9zuhj+h5?T2cO3?K3?c?`I{1wM$#?dLtE2YpWNqi0R zStj;YdtQI)TYa(){tW%_7IouQZ=)Zcu6TOm4)ny?bVEWg&p$UhkGgJ8H++(HP(Iy& zJe5S>53l=lgV`@5S2w&Jpa1Po)4IXP=b{A}-LR5+leg0ipUippv%Krq4gdb^U#=Ub z<+OPnZAv#x#xMIzb;B&-D@QlH2u%OCx?xlfj2C%0LpMwVXG7_R@x|G?;VoA;$gT7I zxiy>v;Gf^u9*4^78vcDQ0e@_+*#IeevsTo^j-tdG~zp-z5D)Exl-! zzVEY<({*JF~_3 zeE5?1CPwcZzalCe)L}R3bq~Kyb3o{wbq$;mVQM3av5EM`$kc#*7}ad~W2C9@iPfhz zPRPA~SHi-~_rN=hf`Y^hGoO=i4JM*0Kk*cfE^<#=>{A2df zAjLi9v~yuOCl?lt#T~bmkI0^1xUfieO`n1lnAPWt+*6$R2i+^Mu}1R;EpPrE*F1hq z*H3Y7ng4v7IDT9GB<%bn!n5_CpPsRmpVLurl3X8703smL!am0n|< z5A#kN`}s+~dbEhw1fsuW&6)B`nnP53Oi*nw^H$K#>rdBBJGWgD{kGa+pSSp{k!c2( z-n|hS{IBDg1K?TmlDGz3K!X(eUGqBwtO2ofB&Uj=PY{n8UTCp3hvYGiR!4mK59~k^ zU(oSF0X+82iO+E`Z}loam}H;*YuTX;~OuZ-q7qgKlIC?(NFL}0@|nX zopPePbH@G?#;!S*TIyL|$5$B3y8HdaA`boTC$3>nkU5>;LE}oXrZUbL>{@Pb9HH19 z>K}Wp`o{=uX>C^}&mSgFNM80-8M%gPYB#7!Xb-U_U%q;?6EbVW_WtVh2I8I{GG~9P z^C@>84PI6*c0Tn&%bWAqDg=IM5O^^;HG$ERpdHSZd;ct4pl=DTvn z+{Botlh@aKo*%T4ni27`=C|&m?#%0(If8WG6*+x(D2AYoGPiHd2b1c;&Qq4?=L?&y>(lg?oG3YJD zr~bI-pPqgj--fu==BbJ@aSw5({G+sNH3Xx-`Ej;R>YV55N4*c7hw^QXUzF|J3{_w5 z%_p3(e!!hiVD8H3AI;O$vIomC(!$ZuCY0h8^@9Zly^9JU*wC+L2`{xdB z6K%P+l{28sb#y`-dZJQib}ILQu2{-%J+qYaSB;)i8`w8|=XKT8`#nn=UY)vhtiePb^&v zGIWJUWrNdnO$DM2Idr|lqbu)!mHH7sU1dM+^U-u2GAh5o`{&t{iNu?yM`qRwh#zkN z$8mUNHv7O9uckg$^DF$$LsxVnOF{C|(~;8vIqDGeu}$cvtI~*R__9n=0btiBhMk9uh3kS zo+}v~%-@xQmPwnN*lltu+X7K1Lkn|l1hkOOgkJnEiEgL1=3pkLa=diA&C8QhIcjn$ zv?(9SKCe0ZK(udPT5e67f3BB)V1Af(k8>7`#&Q6?8Ry(`GZzd${qa}uG-piLej#Ay z&}v05#%XFPcsJ?37Y7I4I|<%720!HDVj;L#_WEhnBU>AO7Mu))kDuhg{v5CiZsVKe zjPv_B&;FEWjgRKT`%rys%X#m6ZXccxynl?gu>H=(ugJj$4LY#aV0S>AAZOqUZFiPtT>-8lmUZ$5#1Q=(h@L zraapdXT4ZL^2fWLE;_{gzHq*hwP@DAu)e2Xr+h;=C(j%phrC6$rp?we4i4t+O6!%( zyp_dW1M%1s*?J{WmmO!E_<)t0AGo-ajS&7$)P&6bIJ@p*f1H}Uto?Dk{h-bM&<&jP z`~WojhRt;}o3p*gQ?FuUi_f4d57gjWe8_H{f~ApLulg@Sl1Bx`5+((2zOjbzbgy9`>t_ z`Q|eAt?*)x$EdydAiwWh!8wNivctfO|1qcI5@H7CyXChBN;3T=nQK^peN`W7Yb5Xb z$GU|*1;Xr|wcMF(-Yw;~2WyhOf&UKQ)_r#$e$VJ9Cvs+GY0UJyNO&q(HS2eCA2Gk1 zsZDwE;pnVQJ1w3wcss|mUB!8we!R7496q{KeZYg|67&2)>PRxMd}+@$8CVAXz@Gnh z%%jY+^%we|y>HKi%$WC~SVoVzdF8C%mF-I7%Z~Xn^X^i75`RCXzJ3n#u7Av>@AYU~ zVBX!r8gBo)za=FYyR+u5*^(ZQ#p~s!-GlVwwX1p2 zmJD8}jpg0B`QM#&&4M-yQ<@*b=G}yR2Un+T;fy)KME}z+;Jvy$yVw18>Ts5GR_Agj zGHp8bAm%q`D>nltxrBAz9t%$cyJ)h5=XY?X@;2_v_rOP@j^~1??yX}yvM>7Xy&K;^ ztht4Wqoe#3_=Ce*_zs^o)-mRh zXYkX`iNHj6{Vnl)ssS61pYE+~o_!5*Lo0F5Dr^CER`1pDUejgl^NHWu6n0KDLp#oY zdug-QEP(H2oRfB#_^g3_Ff^W@-3&iMFXg7{Sv#hhQR!*rM1!6%7T__f$h^IU6W z;H4V}H~f@$o0wluafWejo4ekj%_8WW+vc}!8r-mxHa(ht2%6?TGl_G6HmlzV`;BUR zQ=Jo9pPAeLns?~``^uX$4zK;cVmxcyz8}N?6AT^1GWzTSR-FN-^{>LgRv-R4XhSus zURz7tepP=ZTq>tx@c9k!H`m1)~H* zd+)vq&gSx7?)Y!;ji1ffA^=!1XJ^|of^DqzuiE%DM))*F;YJ{nCjUik^l@D+0B<|^|{o^Km@VsDM}JnH16 zYw(fh3=W>ZOJ`Cgw)x_;oIR)QdGG)Y~YG3%0pHr_K{;$uAUi<g9+XpDu&sR`v7@3OfHaw@ycygPV_TfFeD>J7rtX&JnjYuAAn$#05x=TUQG@{9}NLCG|5 z9{l9s1{SMc@ZTN7Ks#f&gE7=(#_*KJK>lvXG2HRaV<^lS!)R{|ynFc&V_4^oVF9}S zIv*W~FX6wCk-KF%G{6ttT{``e=n=txH}Kmz2}6T#3jUdAf&cDzhX2<;`NBVCM5D{-7t*8_|4KyhNywimPWt7G9` zUtP(%?h#j|^Q%?jZSru3h1dJQ>&+RyP`#?Dw}H3I;BC*hPl~tiduO~Z%fai{J-qVn z!_L8P|!PQVWY))k9j!c-OqYBETB*7aZO#$`PdBd znKLfP&QYh%j|}_`d)qkt^Wy!9*bo2u+Bmj@y&$5cCED*S5PKOpE-4@e^{t;)-nat& zto>`0%aQM+`7QbU>Yjpx}Q?W%s{L%?0m@5ChZVY#(el0RbMqfT>a z^jqkY1FUPs=QH~zXy1cn#>TMblKz!D*BrR!Ts3#|#&?k4@ve?6=965Fbbm9jl)$(C z^JV4WywBqE`^cG%_wD@64JK#iTQ30Z z2hpvnTN(U0>+68eti5l_-$lRpt)%8PQ$ALrmk=-NDZa(W+D|Rm5HRq^xU5lAtH0!#ixa+!>*tJ}Z^wV`mW?h%; zcQJmgXDcr@HNm$28k>5w^nSPgx~V`p8Q@`k7B*gaCr=kA4hN!N*qg1N?}s+pSL7i1 zB8^vj(Wc-d@q_Y+74XVI_MFl6Z{rtrz!QSK16pVfT;DryVa^Mm>`O3xj7cs@!k z-%{oQWX}__nCA*=Xx>l*6Li6Uq29)eEHJkPaj zsp;|hc$_}AxcRk%%4xQZI}lDbB(1Bo72nSWi)s> z?2g?({vvFKfBl`-D+c+Ke#+yo7G706?9K1mb=2734Q4Ix)hTFQN6u0_v4YQf{NH8# zsYZ?Q&yfsB7Jk3!)&hF;~s80N1DKCF`d zgg>FzKnUGb!Cx6QKGyFD$2I{oFijCm(tQT@I`k>9*Ymk-So6#4dFE{J9rnTZdmk?S z@Eys4F9dADWf?fl<4Bp7H-q+gF3n;Bj=P#g+rTG59F2xY_$O`(~ z+z&Da-Tzze8yeSG`4A6^|7Lpd1H0FMk+JWY^%CN><=7X+YS3%WN9eZ#`{?CT7SJD~ zNy8&~tfIgAy#B|v@0sGm6;7y~8iKytkv-|bI67B4zAPMWOA}p^!M;-{iV!)PYLX} z^vnu_)4aYm7pG&vsdp~?tu9WLYY@El+%wK*qBcbJw3_o%-D4g&+U^8fWurpiIp3AH zt+c6q3)NQ!w>qmhFZRJF*>Ca+a0c$WXxr=`g5RV1rY`iz0rs1?1l&qjbWCRNDe$VA zr55m74vhXY8Kg&A{Js&t52=2I_5$#od@jp(XW-f3bVCkK{dRJ@54WD3)H!bw9sTq0 zyT;hF52WSAk6ZEUrQmQV+`OoqGqjTbLV@eiptAuJG-o z7i@o%qow2<#D6#WamC&NlHa)=j@T#QZ0p4qkw^FMZ;^|iFI)T^&E-8mem)_Z;$J0N z9BP4rcP>MYg)a|R!kh556@2;e)FM1pzB@c!>EWq`b;)PJQyf1ti?8tWgsU*HXkVK= z==Pu!Zhw{B=P_WEyl(4ndS%`ybUE^pfh`=1??cZ3o6$4)ZbRxB_ohQ3h# z_zAx2^D#bidFzMxuxZ`quF-tzeBQ<9Ot41tcAtIt3-s9;Je8}@9tSu74SnXyq19){ zpyNB~vjN6@7JYW~o%Gq)RpWDZeFiKU8Ex?6(ewL}(>py};^#@1JqkYM8^}k{-Udrt zzfrs#aRTkeFW{c}wCXOS@5qDu{a54r(U$hG+>Gz4^E$Bk>qGEoh-qsJWzQS1HzD{M9M0<5dAr{8(>FWr{qU&8;AjnTB5<~a{n^eeqKHV0pdkq-EDzhD3N=EO6?$9(x7 z^etT{oE$^G8jvfEyUrcA&WzgTj=O|$n|(Ow-{ef)u`kis>05h5)RGf^5juI}n@`&f z^btbd!;DdW)=+zNde5H~A7(DUB>DwvM-OJ=ucM{TI4?F@rx;gooq@}o__70EO8EQb zdtBLd`AzuKK9{-m2c~`pp76(;Y2Ja>0hfQo8@Gd_8_-Y7sU>Yd-&-CCXY)YIJMe&e zU-8NP$dyNb!MxLjIoE&B-LFq}M|(=VCSG-MR|@V*-94yEE65Sdx!T}P`Jo7NU%7iw z;g_rrA|Gn2ntJ6R{4Ct2ZSdi2KY6JOTkif327iYCGW%1=7D>17#~#Yx)joC}9wmqJ zgNvA>Tgjek-RR>%>}fS)*$z&_My|AHb!3lxC-Ic^30!!fZz=LiPPcvQ$z^Msk;Tvd z1RV-(YiPS1ey*X7q27f@*9#W%W9!bkuV|V+d9l$s^oh7QIONKq=YQqyXXDZ55@b$x zj=jQuI?Jv^!ytMrYo1%jFJ-UnP+GX1T0mg#`ufk3ug zdHm>(cLD9zXLQB7(tC>jGF^eZy>MQ(jyS7+HTEVG4=VpEU&`YrkKeT?q=C+AZ zoH<(@=Z99e7Nu>Ck(EqLXKXVu9kE7n^!{7O(-~hVFZK`AvU$2Eou30It8#F%-)D2u z{EiMhJu(xYlS4OodiHWj<0RKF3}nT}f!Mv&gBe(BGJ3`j$ATO0ZVPB_Y}?+-9H9-_uCcp>@^d8t>80`fwC1Dlbl z*BR41WGY$1xo7B%6#OMyI=6_uV{7p>RP*Z;M<1d_k=)}^%_%AO*aEB_weoSS-<{&S z>|`nMde6yMmtLLD^YG7A$r|8rW3-@RG=9IA=VdGE$R|6I0=svhZw?W7TnT*Oo z9D@gftWjRTnLj(E>luS`am-n;h9$4Bml}x$qs)Gp=3az+tb7DhKaTAy4cYzHOn+_p zS^X(yPt9PTV)mvgxlFarqoa!$x8&&&Xku{Dd{J~h*WwL|@yWHFta?TDAf8{ZXLtVS z)P~~?+C#bJY0<9~~b zfBH;>M#X;o3UgC)q0udzxAuPFEg19K)w_yO=JS3BaIK&Yg+1F$9ZdH%#4YY`!K`N! zwBx;No*&WwxOB)?>aQN+teP!RKltgX7 ztkH9xCLRQ)dEuJ|<~uhL=iM~$ar)U$Ts9B=9={n}TO31^$>74SYt|V_N5FL_?`~z> z@=@_w6r=P1M+CW1nbGHJ9k8-TwR?GC%Mw zWZ0{@{A=3!Ccoj&bq@7->ci?QyVr)sJ_4CB_(N`r`0nM&^Z6cVES*|vWFdTloXs4= zqtIUU@WR2<&@ivDVrn(lmIeDCR~(B>&Y8~G=5v*CS3O}z`J}1u$FOsc^{C<$< zZf(4k=Uf@%xklz>%>15}<8@A5UY1;Wu>PCy4&Hvxr+4i)=2|fJukO8H^7#w?JR2eZ z)EQ;%zJBVd=s;r}9^RyXNH|O|A^Me#>5LCQf&K{apX~$R*Onne`{Cfk+_}Wh0!u zT8pAHD>~5)UFg{kWZk=8K;MPfj3V?lwMu)3AuC^ib_Ex4Rs?#SeZ%+uj&VL02}Cc3 zK81@GPc04<^vy#?$KTu7|4;~dV|?sodfaI~FFI8<($K$*cgtx*`}Qg}TgF<$86(22 z6W~ez-l&m#D*BDQAj`_5JaVDvhK~S$tG+<|+=>3^Lg)9uk6K6T!B&k=&)HY)H=b&G z;Ko2?J^Sjk3bsS|G9|#ak9oAq7)ua4H=cgGk=I`2m2qAbz+T#Zb#_T0_I3L8#!$c* z$i=hA?d8!@o?puI-Ha*DeyH*V^*z~UbIi@WCp|1*T(Am058iLn|0teU4xnE9KO>j^ zcI#<3giP{ha{RZ`RvvO|`M|ED@qhQus2^|mSNWb$tipV^XV;hV{YK79sSOnMQTsWk z)){8jfc7;mp86sFHV1|;agbBpmz~q6?3tdcp@tdnf&KA@v7d3Uea5L(YfGJi)<(vl z{dsl9TrYH9JPLZFTPySIS>pw~^8woOaQDRH&>xzk7hVd0_XPH!9GUjU%^d8$c^WtP z*SLf5-ektz0Zv-N(Fk9d8_-&@FgvM;sZpLIFr>@mfk21e}33%nNu=el-8bt3E;oaAgD zKX0d45BgbnVkfoU$Ix*eO{TfDR~|+Cks10E!&aSKx;7;~Aa3>epaM8V1Mz`uTmgJw z{nmom!v^+nOmdcjCnoT0qn-s`JzEHT_SwQ%oBM1Jw5erJ?w#21B;)knk<7|obn}k% zi(N}m5L<8FL(hO;<>s~_2jhX6Gr-!fKe>8sFZ3u46mpI@Jdq>U>`S}h1B_od`y9Mt z+boRT!1p+~(wRtq!}pKz_fh^l`!g+lKN$NY-#xpNjtS03H)BIIr_)u8{zmVAj=doL zdf&_On0cMz$Uw7i?+k~3Ui`2I{_)QTB=EVF+fUU5r^#+V-LDQPT;W1~Jvv)Z9Y`-(S?_zM)fd48V?EtabF#LR-HPp%Ty>6{Y zpLtL37sl`d_7=kHBao*LarVO3kfBTE=PmmD)UP3{#m+f>CFEI(p<@}mwff$={+rMv zuZKpoKMLbId(X?pdF?UJdes8j9NSnjwI3Xm@ri#B)meh`xbC+PbANz+0H(uS zKa6cS?6VCG=o)zXssq@DFnt|5VD-jI>P!;gq#N8wp3l>G;irpVzyFm~OTUkU!}&Vpi<4 z=2h){&i{r6iWlB)etHG)YCcDGY&G~!nx9tQ)3axyRSUGz{B(`$N9p?*)m}{@uWk4x zdu}?*uSVZW$A)soFCCkk|NMVF{;S``_^_KW`8`+vTw6lAKg|P*CCJ!0V+-ZI+{&umC zOQVfBaEeA=K1%VK);9XrCyOt|dz$AenJnElC3+t9vXWWxh4yIic=DD#)O5o)S8aCeucAA+K4d*2a9$k8<3fs z^$ef0oq;;-f$va1*$|9Y#L(}IA)*{u^Hou;SBPU9JMMr!wdklNvTJruBG)gF?oHwY z^x#Kq#%Fq%7_g2w{b6K&5^LQjVqYFc7rnq96-yS~HuVwoYg1r^nQwdqyZ>8)l76+poahf{qOY`uqXF9@x*eN|oxTS9jec3>^T`fkUlr5KCwm6nitJylIie2E zxD;&4y&a|=Ry7+B(`I~9g!LGiajE80XLR&bV$ZK3e>5{<#@$Ze^3C;L6MFMGe2*l& z(@`9lmVnRWHGHS7mG~Q5osfx-8aVHz8(h^BBgN_C06eVPfjY-&T}n)Bd@bIY&pW!G zsDT#a;W^)P3FxI-WSyC~3R~!>L7)82Vx5QS;7bK!=8R|B(|9%muk{&xG2&tSU1x&B z2Xktmi|SjJIR)k%_YTf+XU(OXe-Fo$ZxFor)vY0LXV38*hHp~n`XjbIo%5kQ&{pw0 z@~XO+&E~s3tMEJK`*5z0h%NP9{|evF@LP~&`M1)!53=W?U+;K+ZDa`j!&!r7{dAGZ zH;+!&0L77kB=V3zF2whPgTr>oXAvJ@z((ur)Nb)NxcztFNrCIsE%Xn*Q*-$Qm&%dE z7s}VM^Sqjm&^&nuv@)NP3+Qamt0ez`jg>D{UP>OAcRp_TA-{bg{GhX}cXDkP@{c|u zH&GNLMpGU9dUD6#k8|#EKC<#4bP#U3Z;o(YIOn(`mxK6?ZTPRh=J{@ZcO$>L-u3?e z$IaQa@L~5Y@a^2lz{P=r_FB$ze;%FOjqIweL*b%UxAtY7wX+4W((j{#c}Kh}dpvLV z@{Nhv^0Nb`FYP1rh-fy`KGOkiIwc3-Chp=T!Pt}Fz|`M?8^Lrd_*6a1Vb%yY@i~D{ z;)C{Esbv}G8`~3)+uPMIS5l{2;MrN!FJ&6WL%q( z{bpco09O6h`QEAppU!v%Zx`@(1MjQgvg~#C(V}nVij&xs49xQD^Nd~l7%(f}EBRLb z!q`1*gktA4fuh!9=+a8)IP6b@bBOPeN%jrq_c8M0^U#HlM4aeX@4dbM(Gk-J9xI&A zdGY7;RiksCzjtweEqb(%T(+-!f_Jep5 zN--w!g!p5bXn?&`u1EUM8`E&cVd9``BnNISA!ABu{NP?^SSyy1Uwa|A*M4CMc*&D9 z=|Az4&1HG}INNzZ|25m6sk7OwTDUczGWD78Lgw1?A+9xX&FZH7*ge$Bi4Sh&)7Re7 zQtCbbVTgCXz%|LLax52fUWo9Y1P`w@E}BZ*89SGJ=c|DcOXAG!kk7kdEcvx___Q(H zIkD-g&4WMHXO-{!wdT9@WiU3I?`P;j+5chLI`C;?dC%WEV)m!Y)HOMU7qdF-<3p`WkZ!aO+v@C?cWxNj@_AU`{fJCN0J`wfCt1EUQR%BLb^`AXrLQ? z)-#^i9vSOFmvmx>z31h_tG+Z2U)Lf(E%2@0x!$p7r|shGv^5UA&b2<;SpuG4gYSux zbmsJWo#8ZyZdBaQd21$qCf=MQzI~2sis5zElWbWRxtRyiF)PtA@&Ro8o^Ng0WY_kF zvAwjJ0v_33oxQw;ezzj?abPv}*L^lHFu3=;(a5FmZz=#^nceFEX+md zh{7zm{mt!O!q+Meo@;pY6?k(Y zJQ_1Rs{GB!*e2CkfpfL>E#LQlG~YG16pY3Aeg==856@iyF5%T5vv=H3_L@b#=~&U> zUz&eSyqK9U@y83EjTW!TZ)?C;Gx-JVnQ~L(s6A56Okv|f<{I)%&U!h%QVLkQ$JjXI z^FPC9hmMLdy2n6gd?XWRz^BST=kxA<>~s-+&`Qo8>;}#-wH-D_(HYBmu~R?w_N)rH zF|}VOdDpDZbK_9>0WW`_gO>wm!AB8#J9j;u=5n>BsRP+gVf!|hL{4;u?%cD2I(Ro` zcI}{i-azb<@1f_A1^F@ZQ#!GQns-$^QwSb4?({wIAe}9JEk8J)^|Y#)lkGZ$A5e^} z%1@NO??lE-jtrda6i@Jc0{KaT+uZhE#b+;v@1Jpk_`&(@Gw^$MI0eXUxUZ18J;e+c z0*lvfCpP0j_}T$7$@|Cr&2D{W+&zX?gCrWaW6|c8g{ND#Zhz}YY8>bdFj-T2M zuM7f%avP$lksJ3}n}-d@{-k;zcv?F74Zgn}Ux#z(=lP-QT{?RFyape~KfmV9sYwru zXT!`V=P{pLJ0jdi0pA?e+sh9Xk4G8bQ`qAU=_RgvIoH`-_nv!7Yh<8>XLB`{?>`2; z;g8fzXaOzdt4N;-Pqqz1w+qkPM}*s#^Zs&j(2}L#h2c$cH?OVxarPQBbU|Kt zCfdb#C0{SR$y~S#qtQvo)oQ~}svUJ=Qy9xQ_9J+vkaH47E&+eyya&_%1bT{G0z49jN6Z{3`02u@@aGbw>y?vL z%(5ANcoZA)B(n1y`GPcm!kfLP2luK@w~1#;;6Lpt)B`QG#^^dn@poRk;_n9h0FSQH z=f<`}i#qg5K=abj)65&vUkCJ9!TSN)4HXJ*o z8Y~lk2V?vB{&qU;=LOlk;OVq41GlHoCbF+ou04`1lAWnD>$FBhqmNp9!`uLT5sFsr zrX~n^50WPfxod>xlY?DOeoT3cFgda!#$xp_aRS$#pq@f)de7^*;E3=*a8!6;0q?F* z{uVrh3d3feE-z9N)oeEvA%w5!5 zK6A3^0rm=A{|q&kvdQn~y;~jf2DG;eoxhU#g6sK>{(q?!UwapAt-;0;|15EcD+Nap zaC8Gl3LL!3Gt!a5QTe?S`c)I)x4p8_iY=0;=5md=WerGB8lif3O?bue;@vi{amH25FqbC#i;^JG`H|yJk zV!gYOE%>X_37S}`<9zsw_msy-@{Vlqv!lYT3FLJ(^Gi1%6Xc}YFFv_;t@v><^)kbe z<0S_#kKPuD?7IzFJlr^;U;0RVe1w{#Cpizj*cr0~-8knp*3!O4TetJF_bB`sUaRqZa@D@%#TG!v+j3~>)k}RnKU)WW-KD8V&s`=y$;@YYb6Fwg zrJInWHu-SUhxioo1R3hUg(6g26^SLHJSM%=pbL;)EC1f*^ zVbvU-0AJwsYWaNrXL8?>?D+4mr2QHAON}2U&M9g8_q@N#8>4#6>4SqmQcdNpT+iov zH@=y4E44A}d+*O5qgvAO=dIee!9z@eZ)`uiUWB|0_afT$%$F^{~D z+{-?bYr!{p5Io8s@Z(9kS+c87)ohfLyAV7@@OnNm^&-Ys#Q4U&zi><=@KvJIdx3cv zdimquE*P`l$zM{+IGdDvLDw7m#<{bdp>X>Gcy@>5m_7dG7b!>aWngXAxtYL|h8bS< zV8$OdaC`m!78%sMnIGmeX)k?U7+a}&M?P;epP|@d_fzNpN>AR(r+87Y97OMiu=%P9 zs&zt3s-Us#WB^{w<)yUzjzm6O8EMJO))kVGkL2i!qMY^e@*`?l(-Q)JUT#CWvKC#* zd?Ecezgz|kvNL0xP3HPxuGdVBy!6&!%d9cMwl6mEEVUzZs@RV>{sSjEjWye<4KwRV zYO~ z&@a5E`Y5vxo!hs@BN!9t9m(*!f@6%cPkQH4KTgLq?|Uo{+N%Xn}wjEmCzvi2^oK@Vvh+XpwlysWKdBj?9&u&~+qF@q!f+sm0MW>>tfc2q}Z z=H+H0Ys3Mm+3+nmz^Ckcoj#TK%G22yF22w~=4>6|^VQ?v%YDb&pQ{TzdUjc{$QOYL zKk9ML!Ep25L&NsqMc2LZ%tc>$r90(Bdm3+jVh8&?s*Yo9>C+qY0{AeEoS3S8yL>WPLx^f>Q!*7(n&&ogJy>zxnvOBSr(sMxC#UU(gz6EDoC@8$H} zNgLZ6=ReUv-(B>5xa9E0%}!`>Gwo;SJ~aGk{`1Mx_rhn&Q|^A!yO=A^jX#tR%L_Yu zYp^+9PRzt4T#sXiS2+DY8b$3L&#)H|^@M!xN55_T#nO%9V;i@qWaIasF?d}T|whuqqy7or$#arpy=0d39 zLPvL?t2&vBLI3m}!@t&E4a%u0w`TLX_%W66Sq-rcGF?KP(J_NF7SO56A=KhG9>#Z< z|JDV}=wjo;b)y4%@R`HfAC|+r{`{Bv7u}iSKj_nLUOdX7Yf>-coPM zwNF#qqOlyqR_Og&{0Po|nDasLzv3+VQl3xyvS4Qn99rL>Pi_8F_-SF^+V|!3RYPBS z_-T?K#UZv1Ge35%=_hQ?8c=`foRo_{@zDU!h&Cft)5yCfKgYGV_>-Q@}fXC&p3}*}+)3s@p=*`@AzU4m&3Aj2%P11EyAc1$JyDa6IE&8GV|yqhkjLRUuTH9PQAR^XEkGFH`J7L6)sodDl??@*s?YMXlv4@@+?rn&^>0{g^Y(DWzNwAdJi zIUf2Q3yg{l)xY+pY$7(%c}flV7tAA5Z=2t~gSfiI?YEkHVfsbi4&(u=_N&<8<_S9J zH`G|sFCW`uP#Ft}!q8e-~Q=+iaeSTQJP9bEM* z;PamSqw~c!9X?gqOeE0LLY~G#hJ?Q1&vd#~yDKzy9z2uPJs2P^M|NAY0 zfyC?pxv0RvadJMLhl`?iomQS%rzL*HUac3ucCl|cwfRxySmHNVF<(~&FQ}d>L=F_V zW>=A;b9E6us`Aa1=%Y_)9<3%YkV21kp+^hx1&agL4_E{~B+K&8C;kb$Mw?#EiE41F z$W6)*dlNjAkh6;G9C-XaC)EFV5zEThjnO6E#(49oPYLen)9kzwbj9DhveZZz3P_2gBdWf#k&=LvHl>9X|bh?8VPN3ubsZIWjWvN#6DJt5=URu|zgJ zyB;TX7kk~1SFdzqXmr3!EAP+SBz>it*&t)qI{A!WVe0|#*)r?$L-tw^uuBJNt)J!* zY|U&z-%a@UUcHZC_v&T3KG6TTYJoHl&~Z2R_YQ0(@WdCwSGSN?o~zoKLULKGivia? z=x@DmYG<(1mbR)M7x(Yx9{eg; zwSQ9~cu?QHH%A7b=U&afVB59cd9-SOdV%+O&6~q>eZc+NY~TnC>kFbE&0Gw2rw4h? zz&yg};S}?{9nk%|z^^$AQ|ktgQzMU#CYOdzcx?vrOw^xfoU(5ZGY(U$!5C6J>#vPU z-J!ZDo%I$Xhu!o*gLD7-j)iV*)Dm({E}fH%FTprP#}SMn4!jA*VEuAS&rbZ09q_;R ztm0S6!UFJdtBVgqPjK>(TfZ`hEVqG|zY$)*omUqnzn}~K6bC=48s>cHYq~>S5##gM z70FI(z9ECBOij`MlI#Mrd@Qe?NU&+0lUGwTU$_xYgd3jo<3_ORF9p2YfLAp`vTx16 zE4$~_5UH+0KAow#0lpOUOo*QFRT=Oleehi-y78>?CMFN2KDnQOX6ZVcYa#>Jz71TW zB{Va8T&s_nZw$`)4)W{iu7JDO)c0qc+K_wgks+=<C9Z z<}^}MSoey3+w8_|(tq-a?L3jqL*4QEDRXAB{3x~4!8uT!;5Psdz6suy%Qv=eF6TpW zCRDK#SQ3CviiazShfC3=3HnuzMt-66ymxOY^69@v4uyPEkU5}G`*h}jI)S;3+>89< zdmlc%!PAqSbJb5C5;ZudM7+aq`RMgd|JBN4XpLRv$-tfDXy+vGUlqSpo-B5MH|?SR zcr~WDWbrK*Zu2hrSi$?&sr~QKSZsS=+2iF)6wivTUALGV)86iF zLF_3trL^}f?{)FJ3t7;0;r`?7ZME_O^e%GPQ;Y00SRGqS9hGutUErveSVr>DgS@Kk z8fq0Acu)RFMlPj`La{d89SBkzLl38Gc3I-VD6r*%a_8CQAXI zbcl3I9Qc}@{wXGJ3XH2?V?S}=*1TDr_~ve#3r^wVlV55_N7yqs;j5)is8#$dSf!7W zz^#0TWM&v+@?^m1WOv^KBS$mgWx)e1#5R4;lP~nkkaUT`wTU&X41M=CD?=t%r9K&F zuKbjo8k|y$96pb&6`u9i39feloA^jEu5@KFuyyjg6Pzc(xqQk5xYjs??`rTJzs1?- z;kz3iNrE%c)W({~>@CgvYIsjL)j3qpqwhQ%P63C{$oHYm1nv9BPn*nbPL84zkE-VI zwvV6Mu#mdE-0Qb;UGeItvhN+2F0AEV?(?7JntYr&Jg;$Q=}GkCtxmRn{F!gPxmW*x z@?C2Nh*G8scyA{~fw&vtzC)HPS5d0;jR#z-a6^Fs3Sb z9yldm@=ddR(8D(0CEr1QmP0O}{vFy7{IWxfko)xcqC$0Ka92ge%qXn!00fp_*f@4<1AomJzqA9@6B+#{20d{iztIAXY5gp#M6- zhvFz=#+cR~XnjdNwy2Y~q$eAYbHSq;GUgNZcGItPy<~E{Xu|I-y1+}KOBe5pE?bdH z`PycWgE4+s@?)oW0K*tyKyPWzLNrQF2H%XQ3w%Z#)o|L}#c<&j8l*%UJ>#Q|{Obg` zFfx1C(j-^bnyx#wVKH@Fx!3RIdhWHq&%S2l_m13ab;Z%exz|dHqYJnueC5jWU4zJa z0dNk72S-K*MuKO@{il4?i57Q1c$4#dUuOLR`p(NqDaTVS{RIu>Q@n^Dkw;!?Kl*bX zcqX>Kx)ZzqXWHJsJaA_VG}_-2xU+NB=8ekbC_kWmXFQ%~mhGq$4@GyT^P3iT)b3rK zke#9L!NCG_MxoIeovA>y6S{~OBzHXyHDUPPx1%GpjzZ%u3l}h7nN8=y9q0(&Q5>Gu z5$J=oj=07dctACF@S~oQEfr66B6rdsaqNL~z4{j}WM>SmTP(cHPeprqCx6j+vz}A9 zc@&w-2RF|y54_Y(KJK|@=cU2<&Yk&DdnQvia&7fXp3yJzqck?@oetWQeO9fS;0-dj zA^z=RpBT$4HvZFG_9qxy(uGsJD;T>tb5OY!$(0AYYT4qnnV@|??76)6%jwztBR{$0 zbcT0S*Y!WbFJYHo8sC9m4uql?{SWiY{oCJ}Ukd)G_$8d?m+1clzZ_(2|1bIFh9UUn z(?jq}W`Dv=y|vNF*a^)|remh@@aQCTlyoe*S-C;!8P!#Xb7CehCs=WeG4Z_W7!@xm z?zTC>a5^U#;S7kl*Y*X}cOh@c^7>lp7$WE{$?P^hwI>ArVtX}vayr;&BP*foc^CgR z`A=c$8i&%k@AKh7I`?PDj#RFf|5uIEQ0rBN3+3P2$Q23~(o;e7iRMb?vo3uz`j#3H zv-i0C>kje036> z{)D=tAMiKS82@l8qZ>3vmtpT6@{b4l^kv!iSxSx5)w4c6KV7YPQ}Iz|F4yu&uI>G1&Nx(ug2xWw589OXQN(3`lsoEYHEa}gGyLz*OEH&(PwL)T!Lx8mggLv z^S717%kY)tGJY~!=9M>F<>TozKNDm8rSw+q#Q$%4D-SU_hqgn}r9Ou)9ni7GrH%aH ztk{_o-we^?MplJviY|W9kBSYAi6n?Vwq<%Ic4&@TIX`1}@qw$T zZ%ANsfzIaS81K9=U3Jk zzcSQHoyBg|S^Ut8Wn4S!y{nw1`qBJnCBEtF^rLx7&D~%Ki7hjGb}yq()yhBU_NC{k zPfGi;xqa5<^w|UsTU;MFbT%K@g-`Uj9-Jx274!$EYFoW}_Ryy7}uy($02j?p~oDrDdx!l@#Z$3x- z)49#&e!FN>?LQ0esXyvQHg%Vxy zFMZg07U_QN8Aknp3sX0>H=C*HTFY63%A58eN9C-2GWGWGwQ@Ku)OMFSg?6ssRLj~p z^90gizuC_C@pUIS)b-L|n!do3ZlAt2mmz#;&Z(C zhGR4F^mw-X@1=@SGuQoDpTVPo0Yn9Hx>kW~CKSJmI?2n+i@?+@CUVO_wXhJ^5 z<&Sg0<8bhJ4s+!rVz0m}+V4*_bbZj~kBs+q@bfzF{1G}Hpx!UNKMHkdXQQLw)L#l% zw*jlh>dgn=Ab4Fq*BpoV$;<}>v*tOJ0~4Q?{gHf>57tM3P0wmB!{ktbk3Bgr5YB4I z--@p6E76{RYUSDlIaT$qxjSTW@2lvuI`mh$i>prh-R_WIN1oJYm)qwd^pf&p%KvMg zIfEy=S63@AD7U4#v~(`F93JMKF5w5dZv-!i8sMy@ZJrZ<$8Uyj=Q>%kVcRzIEoP60 zQ4wq+JT;8>bMF;#FZWv5Jg@aX>{CO%75=>WeoVDjTuXb%uVJtA**~{GB zUe(rXPDB2mYPj}e-;&Tuc1U}vcxO^3kZm&$0-VNo4@R0sO*A{GCzL&VFUf+x{v_&cW!B7o__m&WYQ>y<+~3R~`1&hS&bpnKlml`V96) zYZqnjWy`(~u5!ol&)_S!e%-Y7JGZS@d~LzcUR$z@=^RJM=JBP!#8;xjpT3l{4#<5b z_Z?#Nto2q;3!d{mAJn#+roY>U?4j!Qv{$L-7uT}yLM3xr+7Gn{`&h(Y0>_ZI%D}KC zZSa)lPix4X^vdU?W??nYcOx(JoPt*Jd)T&M`&eun^L4GA1<34h^aX1zwz{x5MbvS_ zk744wRkU%&nu6bf^H(C%Of43+&h*3FtJaffpPgaUo@$TOTGkJh0#7IMTZ!J@2E7OQ zEaX#r*-P&19$wxWoRFzg`3|_O3$q4i2D%p;ra4H>(RI+T`s~JDXfI;z72gLOdF%}` z;neg83eRKDO>F5`|7#Gto8NaMpA}9)`%?4*xv=(%Q_I&jGv>m3MXUZF<L8pa7(fd`&7`R72Y5loJ z??pNE-tP>{qIU@WDtb5O&|7@v=`T~41icRoMQ{35pN8J*SM&ysTzapC&g@y(t~`mK z&bhMxUHXyiD<(V}tX;+@8_>8}51b{sseoCjTK?1Vszr*1m$|p8K|dL!A*Zj=xv=U8>)}K8`>A-U7Y6 zwM8Fz7c{%U2kXDNeuxLp5#laCzeolo3z{ck9`8g1pQD!ZHWR=AFYViO+7qnl!oZygWJvdwvrfPFsX+QY&0REo zD{$vQx19hy=E*lX?$J$0v+pH=MY2!4JzBb}`NN7wr$m=*=DZ2c^A51yAW%*nTH*Vm z0rt{J;8*CJio`9Pp+@b08F*Vp?Z4)zbk>n#i=fsM@cZAWL7D$IocB^UG1>zEnD3E^ z#vcr`A3l6#_uKcKtMC%{<`JOBce-bt3|x&IMXa{-8ILa zUUPMVH?O$+zp{0cVpXdd?Eji;!FS!=z*!;nBZ94tyKd@0h_kc#r~9l?`(l!_P`81r zs!=T)lV#4)>XI?h6rT;ByE+=-n)iGhoO<8&zWCW&pRmZxkz}t=sAFs)#w7hFT4)V$ zj`uXd>Kt}UwKuvt>={Us6a<4@3b6PWM8(zzuGT?bFEv+YaI8V(>tH@9s0nd zc^}`k0lI1LD{pRj@S7)D0&CaEGUv6f!5JG>e5t-t$guW>Ag*H{Pp z{RbGU_BX23HDq!7J@x&|T>g@s|J%E*oW>v8yfNE0N~XiHUdFA@ZazJjJbU!-|C!;t zq0Vp2)wj}Z4tw$wj}cRV7wnp3S28VL4%{=Z|4r$N5Izuisbh{efqpNO&j&tL>s1Ne zv?eeMR#zT`tJi%n`StCI7F!Q?g!ujR$V@$$>aqrB@<*&TNQ^bul)ozkjA70eK!5Jl zUR23iVC6a0Z;75MVjB6QEs|O4`j^K)!r2{}vr0P{XA0Ucy-DK;#Yz}Q@u$(_=q&jo znnx(DfKR#p%gY8gNTdJT z&*1YgpTIBwNAad~@Aff+8??WLY8}|G5`A|uau$r8hG#V{>6>QyPS#p{BA;_4M}kAV z8lQ{3hA-kSK7^Y$XENswT^!K_8Hy9@s21PQp~c1_pPvdpa9#Iv?`8SA(5b~oC)sd> zDXp`NKB;l*_YA!*NZ0RG!2=pwHSZ{wQv<&X*Bv#%Xmbf`mp*oCLxlL<_>|}q;j|2X zFM*EL&?Dl~qKz>pxyKrl<2s*4dDg6Fp^u)`GZE~9_uPC}r&nP&q<5y%r;V|7W?3Ni z8ERyNcklVZ!91o2^7$*+HC-?OOEr8`&3DZ!X}>h(dm>z~;@VFiIJu#ky`ZY8k4_SU z#-Y8@W6)mqFbVA)&S7;fD~ulGTvqAD6zdB#U-RLIs6&A-{qQybZv*yA@QS|Gz$-W> z1E--KcsmfP{gq_r^c$x(Y=I7*f3nN$SCyH6l>aJUC;+cWmzN@!%8wiamor%VI@pYz zCXX|o>sr6t$}?ePDFDx5-+tJ}dxh9suFLO_Om#KDG``+SH?4uTS-vPs~Wl_zy zj)PwhfU6|@BzY5$s_)P9E_>eXd-CVsnRU(84}EbnYbsbXJ7?~BB zmU*fF!`!>TM_FC_-_K+wHw8gKQPYwHP(ZY5y#S?cCW#l&_IQf4wuiP!NRS}4)?-`s zcu7LSMWU5~{+kwBxrxfOw$w|NgDoHk+SC@cf7>3KA zKxohVzWIFenVILZ_uA{e)?Rz>jo7_4#1CtE=3jXCjTzsW`9{aX=D9j_V&b{jaPwRt zHq7?v!MwNd_m@ZhnRoqt#__8X?}puXL;6ypX!xuj^Gw)@Cr%6fhIU`;8Btsr;V)zcg zx3{o7FQWNhd)-fSU-T~G%tF2DsM;Xuee4kCe9$AT@doJ_j#o8Bl&c4^an3`YY z*y?oI8f0gANo`Iw~v1I)6Yxva}E7mLqF5$CzpOE)&(Q+vA_!*q}#4UJ~#4SJF={rWp`g4<^rXc zWRrm5%fO&D3LBw~V)i$Y#q-Jg{uj8jK2Fd3E$fMCX#I95Y5jKWL8sf; z0qk)JG-#Pe{AtcHJv;KPA7Zx_INkZ^yPlq*o8k|;`d_i0&9PUlIMP&%4_v6TCT{`e z+t8_uP3JM<_iirP`;mzJ;I_&jbyVRewD(7R0egsV2A8z=tY~x{x{L9)aeWawwY}2m z-Z7l@Oz?>Q7lTjD2d#0kx?;%Fp90kO-{9=sjjdtt$u0BH$qm?*9B5+J3Lq0YH%#+Q zFH#$#T4?Q?8J7*X-sxV9?%f0amZE>}V=P)XwGbb#vlP5z8^Xq?R~@z1MQOe=2foja zcK-nXP5cC(3)c2Z<|~Szb15{&PVJ+=*!AG>I@XX)ayDNRKP7TaAUyTF`R7hqLcBw6 zwmTK>`@n54+?gKSxzSZVxGf%*fQKap53FYc4=cdKvBtmD*Ul2gjqEpS?bm&beHmld zoTcW^wC1FD+`Vf|CGT6kad$G-1B_GawKdNDymO!ozkz+V<=Y#72fXj0-mev$w16X> zccb~VQpS!Q-)qmW+Xc-!%b0g({Kn>kOU-xK?^;9mCBY6Z4Zi7D_|_PDh~wWP&zKG` z;*YDrODBDG!XNwKk7^%(SpPzLNc<5t_|e>CAZqXfUkEpK9&X0K7s8hxKQ2GHy6~Ie z#?KGJk?Qk>3$w1>@&dAMc!52Dmx2?{h($jn!&nC{W>_2`C)yW5aE(g9$R6$7?{D0p zL5w>i(WW=B%a3E+2e4t+(q(3b|%ZL@6>%0?~XzLf6>j8w9#Kf&bUZ>b`5oCwJUD^TaU3b!dEN2IM0)x8s<~N z@X3?(L#(>jAFJZuksHV6g8MD>IR}0-Yr5cpx$wn}@WnRlsAQ%E{x^Fvp}%`&$E|Pp z^Y_selh6<1Tgl7S$OF7#)~FyeJDJD!%ghJRLoy@1!d{q0X6k)1GZ#Ky1RrY-d=Y#i z|FZ>okeocI8X9zIfb(fGIH#uRNKexa_RDUchn)l7UGVgyjC})RsR8yDc)EocERH`M zHfJ}p&jtETx^6pg>%H~BkgBWj^WA>oP32l{6-|h5I^a>wohr|+z8(g?UF`1=XRnjC z;aSQD7#we8409O+eo6Pofxp4{&ze&UMZZd07jUgM)0y1DSW5A8$FWws0Ut~-*8#I^ zP?$05yvg0B8s9#}?#RAuARpzoIT>S#1O75G^4w2*nnuu%zpW=vq^$|(MK;k^ z3pT#=eBzJ^%AY$=UxAHpDF1k*9(_YVVl0|@B4Q6 z=`NnF;r}w=jh!87spr~-=#y*VpAEDXtTBGT2lQ?HkJ6BdIb8n32J@cQfgYGl?B?aB z?6vkZ*J5d|y^-eH>s*r@Ss!CJd#=f6+jq1#)^zx@@y-nNb83BWHshYhIZN5#D+heN z2)<^3uZj3X;{#m7Z^%JUst&^NBk@hi@6V02o*aHc^9`B&%YV3*v40dAX3$QMc6R#k zz7V_zX{QprE2dREE8i*v-gSljMDhZSk?*!^d`fF5$ucS$y0_t&1NYC5*eI{A`^M-(AHxD!p-B$@Pu!&%?fP z2>!X`MmL7fh&;k|`H0#_W{@e_P57fJ!xSI)7I#eamxRfO`C$8 z8huKPJC`xPm}a~OZN7o?)?8xa&GPP z&ce#3zZibuyfdB2s%_J|9r&htU+=07H-AWtpKQPc*9QD2I=^7#p#6jh&VtxUwX~haPFOJ-u3qI0XCb{Htzysh`hFWcWuhM+#BV4 zS2Z*yf6lp&iN4|6karevXnV^0+{^a8ul?=o$Rm*d-Rsm&i%j_0ktY0($-2IX>l@ia zydJ+l6(_o13ykv7^nD?4$_BjKeYDBno^U6dbjIc*O?l9@4czJs_XZD7apWwJup{_g z{C<-*TwUhoPvrBJBC9*m72fxV66EloYtXZQuqM@SkG-tbW=wa6KGK!iC_X4(Yqy z-$~$t-1&u(3fhz`ONS|cth{mS2>5FhGM0zDR{s2R6yH@Vt|8!55p2FJSQtT;eraRS?7UO^X}5NzzSkC|qoc<00ehqMM?;+lkZP|s;oth_ zzt4sStB5_rLFEpMUI(s`nZ)jH4#Y7&h_!`pdVT3!FX89lPB;H>-xTr>JCpMdA^f?_ z0>&?&Ziw@g;;tq1Rg~i#Y$RVz{5CcJY3J5LzGtA@_E7_--^JKIJyVYTkWa(_Mp6^@ zN)~#N+{i1L1@H)Ug&SEbwUIrav_BuZXtUKtRp2*>&eS-zQEwspro4{wJ!VWhUB60s z7uDoV|2XqoYjiGmkUf!e%$~@cW7qg1YZtnxfvN$fa$u_YALrHrJ_mxO0a);fH~Zrb z>2K*)H|7gPR{@juduyq5s1+nnhum~tjcfwXSf1mzPSO1$e2qe4h&ims zC|k?CHur@m_TX+R#^)*w57GQ|ccFYJU{c(zc^=t&KaLFEuSHKi;L|xiyw}MV%{nzw z5=zGVUzO+T2k&k8Hg)(a3mLbo7sf ziH^HmxGH4Fho2sq69g`Dl-8Cn8vrh?O=@FI*wm5wT!ao=j1F6Z4ttb5^JDPQCUDRR z?=L|gNd^|9k2;V8w=Vkb6&oBA7bod}dUSx{*-CWn-z5L;db(ETldZnkpYP_Ef+std z??+ygn`*_Mtb)Gf@J|Cg;qHr<8?6ObF=~nojNF%RH)NIZ?Kb=UUEQyx#=`h^d|z1W z`gV5$gZR?QU<K+@A!1=VPdEL zWL^GS4>-y9{4Uw%5r1}V^JUcdCHx8IzWnt}acqEef2iD8~K z->?WB6p+qL=*7(F%ePUx>z#-2>+j>^V25ASCvD3Iw$Hly)AbRoE%9F?r}>ohu6=&% zCB69Z`!mATi|l=u>c>2p#(&XyEgufcPt0|P@g*JN?F_~Xg7T(35 zTJDq&jf6e^ZRK|*zn`UE#K2nW!Y>#e1%?i)_z`g>zs)EChIe$w)1~z zM|<8lzCYXEepAoZyB~)27l(h3cnzB#z+WtsPOTc{)>wYk1N z{+m9Ed&j|C=ZL<2YK7#o!uC?Sj-L;phuH&T07GR2xP@c$9P9V|eLi%jU!xsnVM!pJ= zFMeN4Uom2(xb)jNblF9k_nH`aly-=5mlxJfamVDfRR|rBq03ZPCHfUW2g{d=iBFd7 zs%`F{P1|m+!HJIIyXGnwC-KnPkrDhhycBf(e#w+#f>*dMy&@j{kp1m$hPNy~4OGuM z;&8GbulIk;`-7=xop1761J{G@AVwOCeahlr^`FK3wso4e4)pt9=S&XvXl})qsUS9Q zLzmR@xsZ1v+*_N$J+75wm*g8Q;Jrg`tBau%K+!XpI;x@cvyJ&33#yj#vku7Z?KtG4iAUz(?@ABGfw2s|x(t1! zz317d=FnLF&tcDK?NP6KGUfB+;}y%Fg)iMXb9e1pn6W6{mToR*pBlld_F~VZ)R<+% zhbKEGUa#@N{QG|N%b?&Na^mn0xA4TG?zjXP8Glmt=nfHl)%SVRYBSd~YZiVd`O3Cxi~46#!=G z3~M))Z`^k)@*`U>*chw)NqyI|PC+0NII?D`@T1zmWV__*lD!|Z_AX6M0eRTh)hiFm z1!-Si$M<(U`X>9V50ml+lCvjh_jvWq!TOM?XPB{ud_sLzQawXkC%FFuvhW7+^84ff zx}e)T%(0_Cre|L?xupymY(q|F6U!rax#$+w>oy*^fpcW|em*u~sN~V^Ree2ca<}4V zUx%(vtiRP>)tpb^?N$ALzEJ6-+g(Tg#plxNoXgvur0q-Gb`x{5@S$Rt z8I^AB?cqx@BQ-V7rkeyU3fm?9y15PI(ICUmRR`gcsg&VjB?_gidndepbD#V7% zZ7xZ9!#J>^zf4_;JCDws1=lix*R2t!AKJJI8>O0>=dn!|CO03;c_@O5XS{jf<^Ecm zwX`i8=kC|(MBky_$gJu2;IOfe+P@Jvugb1{^<4I}72oyL4B6DPbI2j_DRy^71-y_= zTl6$>mtl^);c{%w3=FI8)0QBp+7GAsBPs3bjmJ@w%IW_IH zeE>Rk5hvSvpcZmZ(jEJuWdXFTFtsu#nflNc(b>|H_Xb1D72w=YOU1jpzv$5uST(Lx zn!W^#>d*3v-jUzP9&u5@vWNPK&M6n_Ov5|JSC6?vv=dB^!2dVGSK=x8+pb?4h~8@G zPHn><)J`yZ8n!^TNb$+XRMY2upTu|78|pl}w>vnugmYbre#v?j@`Nw3{{LL=>6|&9 ziR2u;kF}~fjTg{XC-mBf?#P}$Zb~KmK)&%6txL=IctUZjcw!?wu?U`61Wzo2Cmy*w zyn46eH10l9x^nlC+U7kuS&iAD?B+EdPgDn;k@`O8Yt)cWgPx^~i@rMO>xJrZQ^fa= z!XNvbQ1d?UnEN^Q@Pt29KM{pL8X4c$0-@%&gF~7hIP$=<8rH*RAVY6K=eOYxwYJrc|UX=2VEuiH$m5m1YI)>T|Wz5%RIT)nGJ72*SCFib!)&*ivHz6<>WKW?(#Cy52nqx*lE`a_#zR z$&gD|tIuwfM}@ac2mtSp7Dsrr1+-6gAaW^X65+j(SR^S+$y#_6G)gg(C+x)wp# zjL$OPAbn0B$D_}$MW4SFJh}P&BljotxqJrcbDbyBE3d9TzgKjnZRzs2plL#%i`Kkn z^?9Aq=O;&({hc%&JxH2hYEfu}hcWS3ZfY=)yO7$LCjO*1Q*f z!aY~d<-t(&jW4@?UQf-bn`U3>%DLv`G76n=Fe*&GZh8rTnIW{PDs;()CM&pzBG4psT4x zEFE@8c?{WRtHX_L-jM8*EACCz;eBm$3AUN@-;Gbc(Aee~KA)U5PDY2X=X{8(Wt-_E z8#^JN+?;!V1F?w($G?lDst;$gFrMCStYHPA} zritrsW#DhQw)w2Tlb(;innlIYvt+ix+&eR{K=8H}O&-NL`7gi^U zR~mhB+Af~6aoP^w_h0$GZ#Cc9a}=I<*7yBs^F3s)KjHiSGxObz1ApTCzR7%d+j+$I zeS`V#wzJmv{YQMyCud;u@#*T*I?1mpfB1Yya$YjEMy+!!bx0qWT;<3s0*><${`IGP z<-vM)zsZTCmD4{hF=yDb0H319>5kowy~9UrttS^&6JTBQ$(u^b*hla7aQ9uzCGLV2 z$}=w_&zwn~S^H7#C;ydqPk7~glV{FZaKOtm+k1DJJadjYYkR(zXVx>SZ&j_F>f~4;an5AAabA*Sm&YNg5)C@!vSD90NgjBi^|Bi zIm|5!uYz|Yxnk<7SKR2dKf9Z{q%35>{02V#z7g1{UwaxmcBxx?m=%3y1n^)hKUaIC zX$^ZFsFtH-c*Ck)toLeo>+(n;-z$f&S!H2V{(YPeFEQX3ZgPFN0rru0EatusKe;~q zoCi+g`0Voaly}@L+|Zt>kDm-~@LPo|INKp$)edC?{I+K~K{@`pWny@j$)ulDXz=tzaSf^|RbLoH3Gratc=N zzji-+GxDr_36p~){#E^s_Sh^iYe3iwuqNF7Z}7TuMWXE-U~1#JssheH^87OS5?Pu% zL~m3u&!5P(qBmN(Cc2qiAHStDbuITDckjjB%&+fOK8=1l*bDZ}3C^u+sZq=F<^K}# zq~}9g_&*8!?ZC7iSgbF(+sg;7_390b55)N1{Gm`kpzE||g| zDcuELjmkO9#f@PuZft?z%`~+ts_9XFUNZK<0`MDT?oTx=vw5b>u8$9zTX~piZ|dfH_z*szSZVp+C1L*3Y~9pANcm~_oID&#J`%S%3@w- z_mMZ3O2+*2x~dsdwK{wd+-1B7S1c?Rep@=84}@HpYp>1EkxHZ0z(Y_{oaEE z(^t3(q=6;o@wsd5Tze;eBtO;%9`R!;OtwDzr|Wz?=fS4+)q<`07_haCVvd5b3dTRS z^_4}-dw&8}E04#6ug|5y*ANe;M~(rLV0k(XEdAlj<*(%V<`^>Im(Q2Mk@!B&SQGMz z-yu47P!neA0l?j;dbbYW)v*^wYR*gV=Lp98)4-UH|6To(44-UFDvXw%pBMnvtv*=a zT9|-!uhtCA>IYUojmy%&Y-v2Oeo2Nu754u-0L%f- z@O&IS!(1ch5jov=4#&4azxUK+P>!#9BKCM10Zoyocs+X!0E6cEso$OI;M>K3MKFB; zkJ-8X*f7s-dbL7-JQw*(xh9(_TpVn5Wpk%bXIOb0uzu*&zV`7~v^5y}=++OV;J3!D z<9Ht2mVnz5aGL>cRb!+1<=NmiXmFdcpv}Xrz31XK!{9dP;a1P=@^CBrTj=3e>;8me zYHOC4Y(FK^;^DXj9IHMoz&fuUVDaPCZ)@wpssFe2L4?yEdN|eE8GrrIK=|AST&6wx zmn~I0Hw_k_X8mQaJej%}#-MS^=lF;7>xEAD%fsN;3x&&|$FCy|j~bnbjhD}0_!T$; z7K!lcir-Dv4`tzgXG`JH26Mckoewj z@ZHP5;xD5kJRT+%+WU{HMIsI``aylD7ULG-U49^ZtlYh5Oq@fV(bMidh{@!RQ`|B=AiV+ z{|Ed(v=9Fm^w0mqLJqOeVEBJNcpr%W>pZ*Tlc z=$wXrVuhMDJx%sm)#)b3-8D}%+4@v;h>0!yaRU5Sn!<1C?6>P5^~$I0t7PXKVB83d z#Mj+#0ORg{VzECz)YD|2WgmlH|BiS}{@vFtjGmpfHozZ$NsphI0;|naz3$0K!ruNJ z_-s4|K1(gE{owPRc(VMa!{>YxKlH|fqW92a^m`8dDqh%j{{V3xIQm^m|5{6s8o%VG z#M7eZ+t5hyi)u6n;-{eCPz-||xs)81ax?hi#=rgH_%yyaFhx^f^6!Ue;(N1RqnE!5 zwWf@O{%WbZ=wbVj*;rzv#v(Iu9o+S~l-U zlY<{6TC{?L^65G=AsDso%NE4AZhse(?^y?IW=zORfma7KhB21#TRESv1E1dq60d&+ zoIUHKooHzJ`z7*Z{`IATv50z}P1Jg^CgV=O{ui8QW0UezbHVg+MG9T^oj`v<$LZ7G zhm5CBf2Gcy8rS%gK3hw}cc!ifaryJ?L@qftnR=5PCsM{7!9vDP?&eO_9+{k=$(LCk z{6wT|$cTq``@Gessmt}?3Z#MSKL>*k>asojZ%M*GeD?3@@BuE` zV#&HRcap8Zs5C8Sfmj3YHvl#sItigYMcnkP{ zc0l}laIH%N*P!tKkp%v`lkm^}C;yTTAK;=PrO!d(-|G+j_v!D`>H5Q$6#nO>^eG#5 zT=>VoOz?jxdb%(Fvu5fOku}0U&l>!fvQDkK@X&zx_uwi{16L~kW7If0zZn{dXW#4Y zyUcoB=eY?H&3DSTkbXKC%ry1ox!^Hk*>yINdS3mZ+S>wDk&zUvt^zY9+oagR)Ii0g0?%Go~^Nr^= zn)}tPQMv20D`p^Bi!XI%?P4G0hS~soS%$iHT!LN#-U?zft@~>So{pa} z-$A@Rmzv3k*=M?;cA|NEz^FDK#?@&wOy?YJs-nD4e%+Rjea-XwT9dx7q4d=tIGqd4yM-69 zRu@ zJJyTLvpdci9IVWxjU0CYaiTNCeShrWaCJ8CZ_QpZ^Nrc=KCGha;gjlS9$x42XMnNo zGGpPa7V%eskB(&?9h=hA@fODB=k+*qvo5SdOIR6ejA`hQ7ZPlIOYwH%Ttw+Dyi}UiaZ-2WwUvjO=~Pv{lS+gJb6T29Uiwt?V%W zHIi`x%P{wS&IGhLlWcB-ht_XySS8&gIWFRN0nbS9p2xY|R^RH`+h}X`<{!>neTmUI zlU^i$yY>4^XU^VWcy&_mxLw|7?OdX-wguj}H>4kTsrdfW56xV?+UVU$h0wan@RkdA z9p_05X577!IE(jYXFW7?+T69~y>+}7 zGCUA6?-lafzQ>u43)-^Rtn!aRYwz^iosZWXw!80!8%t!Hc>l`Nou}bjvmY$`>yg*; z*7UI!)clT}5y9RnueDig>lP8OP}gwTl{~xA8O8py?p|K3pIu(U@6yhrP53+`?enp1 z*z=v(^KGm<;#}QFz8s#qhcmSIId?v>+qrASo4}nFSh7m-K<7^PJPp+j2xje5rnz_9 zmjAk*f01_bzvLWT3;y!I!Wu~88}k1v3VEmVF8aLPG5eml>tEeH7?)%@-xW@5oAMj9 z&ywchJMTi4uvMq>zW<%S_K*YoF|@^>Xt~Yl{&u=HZljGK(+0exHYzd?{UY`ZW8cbq z&#*^__V>9Q-^AO4U+ZEuSCMfy&qJ3m_Oe9#WB?C)=tp(GP;1cHn`2c3`CCFe<5}oC2jndN&)(Gf4)%Qy<9eUZW~V#$JKiBT+Ws1!e*i}7 zZ;`u^za?Mmt5>mSCgV@Xf3dMy5!Gn4)YBe0>c(v6yB0ToK23M6r4-)~-(zf!&SDFC zXR+lpy0vXu*A+Ci4{i9l?W@`U<&JUBE~IWk`^j}6bR-f}H4sMaEM3>dBjh7AUWI}8j91_8sNn%9a# z$uPLTxjyI9B zmZIaNM-ebI`RGwL2pH1P;{gwbUjai8dbJaKu!LIA5_oMq8^Gbm*9Cie@m1>K>pGs1?Mat|wsjca{?FvRjm<-=2B_#ra=!Ioskh#G zmG+NMS#SL&`V_q?9ozZ_wg>&%-U^;pbIpr~-x)$Y{3UcNH1x&5%N6TSScuMF&AwY- z?SXccQWB2Fc4{ao#R6BM5OglWgk-47^+S{c*l^38L#iX41 z(yh3(o!@QPrx>z#8ZoVZ%oYFS%vvPah;h|soV8Gd$J#`1!5sV~;o zZ}Fo4eqq?ei1c@v>2F<8dR|-t{at!rWX4YuP;GsI<(2LatOD|t)tnfE$sFHc8 z_Lw~MwUqI%n`&u&ifOZu-;x<i+%9nzZ&>%?+f353zuF#!O(}C7wsT_pLXfwfC~hDUAuulwRrn;+2ca%9VYKS2Hqd~e=Jen9xHJI@Elcn^-d z`od8O9J_c=vAkqy#{`$Rwg34d>OPFFMTXkZeXYkl@#v1nX?OK!SIvCmyGHgWErn0F zUa@NC>}(g$g5A}7Q%yh0eYvuL-SG7Pv0(phN+0XUdAYEkW7;g#Zx{BXw$0<=*?VdC z@ZRstT>Uv0_I1dVtM@)ZyP>WM^2)B><1AoL?``@-uipDQ@B4WyewH1pXr0+r!SBJ2 z^-CJ7m#;B=D_uH@{X9S1WcYTv@ayGobl=kh@TF@5cEIQA)93+wY$G3yefg4&xkmci z4d73}r|&jU+o-YEk^iz|Z)0tQ{7Lc_UHi!+w=)l!iSFlrq`m$U>k{*okAa6L2rph< z$nx)8WBXmatQ$@nqJ4sYYmdplBU12E$GOl|Ccko;fj7YKR2%gYIb&<1f`aL7a__G_ zZ15;MZ*xY;c=YTud9VZ?FZA$8%$=%F&q`@`2Y#5#?~@G=6!Y8Tf#bIGe*~{vcalSW zW4(d3SB9pTHrJ8E^V&Rad$N-@ZC*>`6|Xl)FF6;x_(T6$dRt!4g?}ynp5%R--_rYa z$aToPA9CO4w|(EwFZYq7O~)_u;Zw^mKcsEz=l#I<{d;_m;S-m8Ij?bFfIq#Q*A?Wv z%Qioj=c|HQxUA{Pz@x*c?~@-1~D@GY)^))M3`?Xbl`^h}`0IcjN)b0>uuh zt8w#TI|J;OO|D9DLVOLp2<-6 z@7T*uHNUTgyW_+NEj+JWmSTun;)kR>mIqG<@9ehzHuzO7xZdC1&-2P>3I45&(SCo{ z_x)+Ux6EeE{i$w#OJ|9ndvx(K)*F%E(phiX!!Bs%+1h8bhKLxy{X%RvI#qE_CvYon z()uX-d^@=s<-HVBm9aO`ugPyce8-$;ZH`MZvG`XxF8SciUY<+!ffmLGec$i*eZNoe zRs!!(Hy1V_ypw)WZH$OHYT-SSW zjZXvDT`6$!ObT3wX83Xoemvgk!SzMKGVeHXG|z)&S{hg$Oo4@Gl3`ijFOI(8!E%{k zxh_3_$w#v^NbuNo9z0{yz;k;FJUruvXYCzxp0hkQCxyp8?!j}a;JM*A>2!k!%cL~0 z)TF?|Gk#d$_kQU#%!B36)cPoAR))V7MXxR#2;H%rPb){iP6CV9N;`<3t4 zyu8;Fg5}!uxR=k{2cBy^c=FT0b6W~LJmZH4UN~aqB$XF_=E3tF;1PZkGyuPgtJhBv zuBVfS^UKzH56AO)C;u3Ex#fT8KQH%D*1p^Nx%t$3_|KbAeVOWM)P5;*PBmZVjAVQh z&6_NArcWNjnMftf>j;23HWgY0EeiBF%;9+&Iz%?ikm`TLFKVegRLj{$F-@5Qt&cvXL@xu>Bx`1 z$$8(Y^rSv2KZS-XkvGTtGxbHK?s*vVsUb*r9%me%B;zyUQFqQQ|9s~lv4z{w=(NHdeayHDh4Un(e`|*YmGn9#ZW=L&Z^g zc1*eZY*@a)DAv4a-j9Fnac}O!Cu&RgIWMGXt#jxX37+uUjg5c?>i3^}`;CvF|GOQR zm%Qg%p<4yIt92M_o#iWxV!ulA{Wn8zvvzJ6d1Trto#3`pE|^4L_@)IKx5CqH7vd*g z;&gYw_nq+lz9RNcz~4G>wYR5JWyaKl^%;?OTUo-=0BkHbmYdll;;;QwJL8 zYDGR(qg&0V#+L=JYj4Zl%+-}Tna!MG%K0Trm({Tjzl9oe>A3CSLVF@FqMePjvxr(@ z1E;O!#wSvJ-dFjzyeXLf&4c-mCjzgjn;Zb%f^_iS+ZSHiNeAyVVEuRsy#Ms~z-#IZ z2Y?q|?u*}h`oc>)>EIm(tXV1Wju`-6JAX3qioWwFnmf^)3FkMgXkd-LXtt)@Iap1; zp%q@1e;vQUG4m^&zrA;3?fH?dcT^oJ59Yrf!k5?ns9ErW_VL^l##d&2{|m@gCVWBO z!qi*XSir6!@5$_Gx}Nx5eWkWBk=(MsjfRheSEjyydv;G#Deqs2>;yl_eSDqx>~Oc{ zFuuXPPjc@j-Mc&a-hA#|#=Qr*XP;Lsf!?3Py^nD(6`mR7kp1wa!g5hA=e_AY z4|1`FGd_cpomp@4Sxt^O8`;W1wmOlmdd{UGR%+gLq+!`QC*;XiPBbRj`dzYYF}~OQ z;~PnTq1681YxTF2nn?9GfzL#L$VT7(BpWIHd9ndM&hz(oD2F{K(7{RLgD=%zJvm|Z zw+~)P^apSE?N7X&(x1oMsdV^H`uk04f8O{?$^EK7&B-PD8|3&jukCCfGul7KN3(jG zewNy&H^$a;+&-uCndoznV|190_4n6Ee=Ae_^TxQL(CsgW&qRNN9OFWGQ916#$mI^& z)m(NZx!O1R+{c-S?Cr8;3H+#BcqeU_I$1{7??%_JbF}v-{Nd+Ck2l(i!dq%R`~~swqS z5BSsud_2uFphw@`h>xe-n7^IElktnuW3A}1HguBaCbZW~JAQ{dm+kJuaeaXGL--!* zPq{DGPjGWSZPUm}p?_nSxIPX0*qS|N#eeP`FTOE-eE8Q7oAS=Def0__Z`m3rbTCX_ zR<%O$>*)H9yX^kJ;7T z?4^{_?#F3Y^)HKrOWKJGf0j1m-CEEev%m8?+Kl7-rQ-MFY1;g#+AQ+uL!6Tjub$6& zH_HV(xvI1N`)Jc}{@vQF?C9xycXN=T=tpH+=uKUVpY_7&OLb zf7LtJ*Ns=a`i~_8`!CSS_%GY!zm&mG_%Eg|1irR@%(>JT?shJUym7}|GYG%ve1rSyi3Q-t;_9(eBx9-fXDoDPm2oe?^M&vT^Elm_L*0O!*CXd+@s%o( zan)w}`E9~U@Fj9R#~)t}C%z({&L^e{NDh(zGQL+68|kbKa?G5U%^A<=Y~sO@x>t8M z{u$TiP#Z8z*Jwk}dDrgLepY28ldf%1d|Y-WXDt1jeGVRkCX$m1#$Uzw%gy+muK9No zTeD}9emjh>obf%v`0~{cH7jPW!h>;}2cvSVn)ecn+XUmc$OCch1rNq;9*o{K1LHOi zM(>(|ahqVg&A#ixsNC`M*pxlMxE+`{Bgg3c(tibSvTL_GvtFd{m(aU8L#6MXX7(Rz zKIzD^WpU>u^1-?24V_(`8Fd2Gx6s}rw6mLb9${>%_s<8G9h&0-|AJrm?{94DzGmTb z@jsZc?YPOl+t1jn&7SX$Er-v<*iP+lZ1?sZ8|`RpQ#3Yky5p+j8{3Xb3*X?!7O$}H z_A@rmR@axiW1GNdVr-}PH@18Fj*WISw!m@7+_m`3ePnJNGDrR+pZrCgl{v2E5DS;F zF3m4xB$>km$JtaVo>;2rc>*Ik)-x9?c3j1p5z z|K#wQ80!hh=ye(^IA2F>bE0D{Bz8Vgx)y&j@owL-dNLcNMoVLTj9QGuSWiG^M>5u9 z*~zaG2lkQKOVMHEwG4jvz7Ba5zpHjeF`eXU+Z6a)wN&o)qtf&1u^W$IH`dB-cy!x9 zjI6QfT-`^p8%}u6XwB(7hW+T|dD)Ns*pJ*J_buDOK8uQ9ZCsSF9iD!T(QiKe?x1ev zSg-|%mHUOw!}CsRo&;MppMp*E3kELWPY;(H%Ov3PbmPAR*Rk*%N{8o9qF>lgz>J0O z@f19-3x$8F*iXLAwlL3*>m3vK`o(#0tj9lN@U6x>NB>^Dr=@GYM^`@8er$aB=-)%z z`JydjjN_jjFFw{0-&z_AAM&yE--j2iT(LIK$QA4C$T1tdoG8tcaANt18Y9C`d>WjL zb!!Vxgs0NQzoUqC6mKgYT_SujRulgc6D$6`m1{eb<6rhX=^Ou6kb^TZ7I9uu{7Y`y zAOEgAN`IHQ{S7MqHSwbx|9<-YH1RL-LL&Yp$Nm3@`1cBb{EJ_j8mB%>oU8rPOpJOR zF)DGg@&_LRa#&-4Ff{;%ghd@=KI&gGFqcN}S2$6ELRYqkP98+pPh?irSh$()Nx z>=eF`S{7$oU(#|Al{Af?i;-8fB$ygFYF!r=E83l^gH&wyx+|G&-?nHH;DJQ z^Zr)eeZu$t4TE@pGw-kTy*qsn@2=xr?R!(t`}(ZoQ@S%qC5bMYzgqZ-SQ&7H(P+xVQ$X9@FvEy0ZD^+y&iTj*po z;^RDJ=2taeLauDFU?xwawkl|&fHssPNSzC;;WuWSxd~G5}aFqzB8*3|F3`= zrR~A8*ZuDXxVN6V%M!C!MMhU0zF7g!n&-T|CDi5)e5GRQc?-?{4S}v&^6j6)-}S>K zAHRZr3(X!8JaeuyYdX)^bt`J;F<`ZOQdn5&e|d@7lY;)Ku{E%=W=t^n-&LJ@fIU76 zS@R;D8y@4#x`_7e8WsyDzUcBov-d)v%c1UgykPLwqv#p=b#6P_vmns57XNKD&)795 zdPa58c1?+XF9mM9zl80_9jo?;pdWJcLuteRPGO;;1Gv?m6B%9W3VLyC*NoV_w zY-bMz>|7E&JDBHiVb*>Ez>H6RkZ0`L3$-KM+BF^eEk1B*t9>HqpLYFx;D1*>zKb^( zw*~lxf1-W62E(@J@|E^p$ml9OJDFB?orRt)##eOds=XC5x_00Tn!c&u6J2ecJI_w4 zhQIAv0{wmr+}pJh`fd2z+iO9;<+sx|{H=Wf;BRnmdDj14A=lmKgfqsEpXeXI-D5#* zioacYYLA6LS2_D1sCL*7*Sgc3Sv!!G!rF1>nL>WYm{T%*>aAH&TjCYFX2G`Y(r&7G zZ*361pl!R(!8}8MZrkUWXNvh93*KYewrdKK+xmogZacZ2Tf_(6+7vxg!8Nx(;U~}~ zAK$iR*8=FdYVo+Y7C^tnKXxsEetY}_o>eyl{#ZNUr=kB{)u{tNd+AgWdo%>Pwv)G)5XnX(?0$fxT!ICwl(r-ZQZ+`>*X8m=YUQ^=5%(j zt!=k$p@Y$jA@fWHZO6#Li*Fp_2z}c6mR#WR+q-ga&42Z`@f|pOM*d@k_6GRl`H=wY z{MVU1?>-&L(4KL%*^y#h^X&<+j@tDA_X^i$C-#>!&+=P&h}U2D_LuYOTr_X-!pldS zQulYV@a>0p{q=Fnv6b(JoTpVIw>`so>Pqs?HPlWn1P^T^0(WXXwBzl|q#X5!w;gRd zhiBSG6q_{~#_z|M9>=+uu040x?i+jS?a9`DW14!f5zNzF@9rD-1K^EiGnaKTal$Zn zo~7;j@SU$=Z%@q#cmHKWAhIUo)UNmkJ+uBY)`^VFaQfYk|Cr+=HT{aGs9I&(j`d-kxOc+_Gcp_CD)_ zPw-@V@N`-JsiZDM{6m~*`R6U4FDIAI%7?pu=jf#VzY#<}@^p5c^Hf>L-HUEqn!OQq z_Vh21$B908boRWRQ?&g4U%yGu?{8XoH@NUtP;YJFjh!gG%olA!UjgqHS0-JYA#YCz z-euAsbNi7`kAHuj4qo{8e+6FV3p{weT2v2S_WBdNUj^P*`h(Zw$3^Mjg&$7@-u(mc z<95#Vv3utE`EipEKJjCP2hTr>A1_M7kJJO-nM7aglkjyK_*&$H$Ip*~?GtHm6;I*A zbv{09@%V5cc}arL<3Hd_%YO&{@6o2O3;^G0|J(3+{04k!`R#e&yKDgX4m9_b<-y?3 zJFe&TncCQJ+`tgc|+y-VB^JMi*Uod2prf zKe@@+|K9zH3$XcV`@~-wLx0q$&}Yc>SwWxjch0Fz_Bm?DP#gYmL1Z2G3{0Lc(wG9% z8V{!bf``;+2IJ$br)J|vY5v^!Q_{x0`q-@(_TdM3^J|@{J2DPEW9lMkN41faPN=zv z`iLRGUFQT$-k=`5$=~whNjS>qT0Z*&s~!Kn8-N#IhxKR|M)1ov7nYwD`Rb{?c$Mr3 zw>SG}Zuh75x0&P*ve%pce47yPW&-bG@))d3d3qyuEfpsHR=u;vmjf@%aIzU&ZrAyY zr_jkZV+*prRbx}_vl)ZkUwb^cV)EP7v|Z!`4t|#T60IHF7%FLe*x)GCbw4-?0z(h@ zsw8%6bAru18FIjaZ-`j(k&6P(MEz1l98-uL1)Etw}qB8p}gCpiH%%1ukc_zOy za-5UVnCZN`LhYB)&TohTL=&|cNmp$chIcee1T`5<6m^Pc_i`GAAa4dOTN*M zz0WoB+ba({0*9W_x`Zlfhg-05rQjkTx;}=@Cq7H!effK;b^Z~3C-ZrB99rclh$HUJ3DJGe6oh`t;9%~z@{1mty|DLW*q}~Voh07 ze5^|w;azJ|jLd+~EZVDqrxc$zn07;5VfH=T#dqnbO7!9eC)g-Guw5}4F^1OC2=DtC zv+{xgXsGoYhK`<|a_JI^mhp_`^I0kMu|AxUe;;0Kyz*Rs^!f+m=K!^O{~P#OdmQ)~ z<-^aAbohaX&rQM2uTuPl8R#2-{HeH8F^bk{8NPuwR_0=pi3Q<}c<}Zoe!{q0_-*-n zDSA!(T?|i9mucp3UIf=MbY1&2=GD7Q@p;@NXPFZ1@&Eo1DkaivISx zBTeNxhXlTrj*^a1KenCX?w+Syo8zt@({o8Y>BY>J51&Bq7`+lsuUCFC>}b=^dB)22 zBYgMEvEf_jvi+rA-6Ec4eNQ5n?eJ&)xm157UhhN-h!;PD9RwdwyRf@H`9S(^IdBOM z$;&$W?r;C?`^YnWIPAkM zSCNa{#@>3nHZNK=E{ipK*NSe?gf{S7o|c>k`Inxt`rqPOaeebGN1H@vckUA12t8ZT zM`nE3L%hsY}wC?Q{p3^n+EcDj1OW_gCJyY}1 zt-b9uo=4GbG3FcNm(V6W;o6c66T?oSjjdmIadz1d+Uw^zYcKrzXhsTcRj2w`fAmFe z{Qii11)cXH+4Jk!Y~*Jten);Fzw2v^Q+PWQJZgPKEBUz?c-n`ojpMnUJg2qU9oTl& z=?i~454#pQYm<#eXa5Ad)e3H^cplm`R$;f-WjIf-15e^z>0t4T-;Yv0!qUsdl`Atr zWU?}xYtCNQIn4fh{_jaPj(l0yDd5$tzh_^aSJTVMUtdg?lP6O2*Gne9*K2>Rt&|3j`kHXiJy+p^Z>X6&rhL0yn5?SkDitX zG?pu!P_t@BHI_xDHYu}fEV*3SZPhkVk3fFx-Y2foIIgeVqP3**3-xZMbftMGt4sP+ zYp@=J{yJw#zM%C3*TO6A8M5TyZ~L%Ge&9k+ACvbq{@hOZqmDk)@xf}z6Sz!wuL``l zwHaB_`36^4L@wCb+$H=W_k8g@ zKb}sek74LX`Vo(vZ}D|9{dhUsCw)4{;%`$w^5T!#Dz?{|J%kk#SpLzNE5YX)K3`;v zf?vFYu5PYp{H~wpjwi%;LS{Tc*XK{jiq0JfM)$uWSqVnpUf#LD2c2>E^-*yNK}R##17onj;eoPKzc@aw^q$|L>qfo~jZeXtAe-*|A_ z_|w8WKgHh^ywWR{PmAEw&oZW$kohI7iQI=i%nxMTs(k-04}P=W#o$wWm4u(LcGSwKzg7}(E>(ZZ zg;@D4VZDgpurNsPw{U(@N$sa1VQ{1PQr9f6>eJFc7rK5p?5u=8W%dJrR;~CUS{q*H z`9-RK8!DS5e~0-x?KvtM2{&2`CcM|*jNCxWc4N<7{VpF#>%NTL@}8A!DL3#SbTNLA zbdUTh{G2xY7#D}0zY8wno}J3GvWK18>!V%Lcv9?@?4-?)DUYJqvJ$(banw4Q#DPxp z!^DB)gBn}u%hZdYyJF}reA%h%XB;v4ivaJMc-aXwR>Jo!tlL-2nh6hXga;o1&l^o& z&Pcm&lXO!y*JYy>gVs2#rS^1F4mv0YI+i$r=4$@;qo*cPqgxQjCeM*W?jpuxZAPU)lbjx>F)285q*yD30>vk>vy|7T?M}SJ3lHHxcvUzPqC4$*xfdK54%21 ze0Awv>>Gk_){5_u1e1?GPx|`n&wrmt9x64SQ!J;L4jJou0DDt}d|k_@#u^8Xwaha+ z%>4_VuYXNE!}Gw=S_Hq~7b|`f|H)^n1eZ(r*P8zctOMQU=5Vfqb3-=r<&c(j+4 zp z{nEj;PH>KY)vUaDC-SB^e;@R7kh#`Uc;wn}x5+Juzu*V$Pka@7)DvU;JZ9i>V|?+G z^6Vwd4`u?Jd?$Z@e**XE@FbbC`$q43!IMoNzSToK66Mya1i-1codsssqd!I9+ z@XbZz1Mqx4etZsmXX8%JXo|>RZ`XQi^m725nDLgnIvV}3!v8y!PM@3Zqm%cJY@gO4 z+zYN0Q`b9zM)jxm73)goZU(-c{41xUScw>(SRmAVBXMIEu|V(M|Dovlw|v+n9OQ$8 zI_MIkO+QS1U_|C_Nk=E|46@o(`i!mJLi~{A?;WgXpO}o{T{8-#)6PiP(AW*|ZzZuV zx$w4m?)M^ioA?!e2~X`HkBvOux&WF;xBd}Y$@a7%Q|*<`)SWWYzRAhF28N8B|ZDguYbt-7A_Bqerw_FR?}{oK82zi8o};?0+#p?P;iAo8Z(HT_Vp z1`frOG1_|RD$aEbI+N`?+j&QATR61uKs(RL|B-I8wCjL&4@oCMyV`))C;sqe-j|*5 z4L%-Wk23MkO~8CLdTj_WxPCw|`tO^WtMI`pI6D}Z_JxcUu@^Ns z$ak__8A*Z3S%y{>d)H8O=kWtIltL@z0*A}I^k~cP>sHC0)f&Hj7`i?q`jMM}X&Udr4?OpZ{C&|ubw2Ia!85#nhIkvk zi;%N1I1aixM|hCGC41q&&iq?*PQYn?i}}DINA6#?ATXq{1sJqu+4%Oslfh|Dv<#R~ z;ImrL>+RUC4s=G_WX5Iu7wvV)o|@M~2lPxk`erWsbcRERo{|1}-fo++dM=i#xdIiE(p z8vaIiyX&j%_0LbrSJQek`D)C~8(-}pH4E|!OTm?JD!#8dL&lvD4duYJNDKDnOj^q!M%;pU>Uqmuszup{@e$Fq304c?G{ zqp>`SPU!LEcOQB{@n|c2TIFOIzu+qT0_6zL<+r(v?tEghKP`Wm9Gsa)tV9M?w<`Zrwl=f6(%6hS*rX~JcD2I~+6#1BL*UkW z#zo>?u z&_+5=I(7o|Uq=pRA-bz1HZ~$yO&-R3NAhKJFm*gr$TNlTgnVfi4$+hE$d7o(m9-3X zo#2!0%Zy$i+`|WYrv>^M`gm|wRaZ<|)DU=OBe|!=wazQss+?PQEpJ#AsxF*T2(H9) zZ()Ze|Ni%qY$5dd$@9tjr@#5ce;9p29(}5hgFf4XkzLqLKm3ZV($VLi{sHvaLK}mj z&kN%Jf#?%T&?j=D^ts|V=|fp}9^b`C#%X@Z**R=xl7oSSQ$M_Tt871d#*fOhU4eysNn~ z=@eUwVQ3e$Iwcf+mzt|L`R`9(lk~Lg}qWvq659}k7YIXhpoQw#-#eZ{>JiucO=V}#?oJY zbd$;V_l`$?U)zSjRL$wyv1tsl*Q%H59Ho74$d8~K3H+KmsaH!5XI~xzHb2c1 ze!qt=@ljbnIBVPB&U-FNgSWN~;i>-o%YN*sKR;^mC7u_)gg5C@q4W5weo_$$7<^tYy0$uZ|Cr4+FjN=FOi9PFGop12zeeWdR)cZrhS#|ZiDVnboEc>w? z!)d1zU&z`G1B)m zulIw0^m`)K^5Z{UeUs#=ZUA|j%$WT0bPB)y{Pq8a+=w?OrO1uqSiwCOSqb4sFG7Ad zlF#WtPF|><`)mXG9NCDrf?cb&IiZ{CpqC$Ry^rolyuSuHC}$r?|1ZFu?|#*m3^OXcgu;%jmSt<&J^A|GF)|INIUkFTX$ z#FxsGNrvP*XTVE}@ywV?U0$~Q`|@$}?=OE0|N3D_$G;vtmVf^nJUmJr*g(9yZCiTX z@pIly;LprY^v;)So?kJFVqC>iildZ!6a96zlkoRE<8Pm-vvocqeK`f+`!extiKDvQ zjOHrx#Euif9}G6vQ_EMmHW>M#%|Ur{vXxBq?B70X5#ntJf|(Ocei>7ma; zhb#Ek_iN0j>~tu4VLJMt)4!BLmmm4*(NF#`WN?&Ao<;jVQKvD)d1@E`;&bKTlxJbz z^r<#)pTU^OEx$s&M{~~6nw2?$@QNJrHq=MFGD2-h-yAwTH>eb<#At@MWS1?QzUQOec7t;j>W44!%4u9MQrsZG4DQTomIo56>c@2fn`L*HXAgZ5h{)ow9)BPU})p<*C>L*+)4Z}a!<&MA3$WzXMO18>Df zCHn|VeeLEufdygoMm}v{i$3f$IxV>kH=h=a{z7$E$cS|5lYH+_-tD~P^S??j^MZSx z=||Se^%oA7dh=iB%Lg3QJO6bZ`g1nt$mhELUl@8Q9~H)z{xLGyUJ1XIxzDuRfUk&s zi}B84)-ms9o@Y1tImz!3@KzLd4&DqMZiF{F@&i-nh2YUqfvFRmP;*YE6WIsf=9+k= z_SG%WB%M9b*xJI(%Or9euAgbz%=6kD;cF9~v~7-~%|vWb>b|!FJraj!l(Q8Neu}o& zIu2&o&V%;)v94Zsf8#q&O@fa(?30T9bEE0s+fUy705aPd92zYO{ohLD*dcl;p8AFdVWI-Kt9UllamSGEb5|0)I z*z29oE^P0Wz^L^^=XmgmZxzc4*R4h1DnzaP05GWk{rGW$p$mKbHZWZcEH@p!V&yfb zlCPq#`;lMatOq06lBzKaqK1KmFGP zvXkgfJ&U3LbUu$o|4Qgzn>hgefkFKn`U8WZKQN`ze;ITyf#!<4EX^JGTe4Zeb%*OQ zWWm<2%9oc8c}@I>4vFb}pMH3t56zFk6Mdfdcx1ZagY4+14Ii8wJ>UBjj})7GInl}H zT5j|lK98l>Kl97}^}5cIxBi@brqq0g&2zM&Yn1oEPj6aFj!!ubY*5#W$a5$1mW^#y zzN-kiZpB_+>0~#L<9{FW+(|8#WHV^$+Z6kS%~=XYUV^UQYjR7xuXg1_Dz_$|QMt6F z=a3!8;J}IgmAa#2jeY0|bT<5_@yhc0HHjxhd%sh#AW`P9SwCGchP zL%sg5>W5TAt+f$r@I_QR%UD(fhjX24{@U6aY@B@06RFt_i}vth%Ls5qf3{}3zZ&gU z>Olvp9e4AO!DzG}d@7f)^|`)0l)7FkUH$vRterBolGt^v$rD~qGUL|z&tO+Mwdy;u z=c-ljtT(MrS*+!*3%Rwsg=3jtIp3|_ts^ce{~7UOpVwyIv&0JJ8tHW*31o`9w32u?FI*O7ybo-8Fx%Iim~Zc`R9@6I!{oPnab(M9~|9}_&fLNK*K zqvNS%k5ZRr^__6>`c_vaxBGD6*H4>_KJUecrI+Gl_Mz);p-#!t?ONy-A9n8(0csc4 zjb%OitgJ+xdRn@H8%sOMfOyY8HrwuHsr+!Jw+|w+ldfIaVU2B#H#XI5S^j$|Mc-Qa zfL>;=l{$2R^kIb)XjD#J=MIp=nI-+BYk`d3@eTv7B-wuM*s{%;aqvURIx|o1?RdK@ z*}JJ%XDl!L$WVjFVCOvtC!#5PbXyNjI6x!_hd#?BpYr+&h&+4~JLqdb6ko_Q{_ zmSa18ts`&i>Y(&%@R~Uz|-h5%~fRi_&uRh!Oxi~_~~yw^?fP& zRC6zRoa4~oo!Q*L+WlSB0_ETBY|6hou!-7N=G~oc?SbDyd~ep^@lGptT`}MGiv{bX z$Y1VpYYR137f^i{IMLjB>sa{_*m`Pz!0(Cx?HQS{x;Di&h|k;q-IZZW>w)I)X5dfz z^{?f*FT->3-n~ZIm+kaqp8LGF*8pRqmSA}a`xcZk_6>|3+AOau_*A5vdy*N|bhPMs zuKk+23fo61eeB3`ZDE~k;UC?-WD|U?ceL)fzdp*-^ue{C`}#OfedM@(po88me9YAq zNqyA1eNgYP+@329k6jk0|H8GOO6+@P#=vil=lk^G*GY6obu6E zaIK+sRAf>0oM*Q=fdv!b%fgR@SL_Hnm&WtSWwBp2pGR9p@DIOzTz!smj^g7TC69d6 zSz0j~y?At4C3{B0bH%h*Sj!%7)#cB{M}?0TvhO?3ZgH@m&fWLEHiqjZQwm1ozvjbN z=Dt%T&-I%@1$;C(k|mhPb* zmHfqmAavXS4XLl$B6_uzK=fmuXhXj| zOTSu6zm)^gZzk=-D@IoRI8r^A=C?izP4JnIsy6u=zQ@6(q0!FF$Q)=mb}45Bgeyij zOsE=NnNvBsyr63I1ZeqDwR-|Q&;~6A^PZ)%*0m{y$p`mCu^k4+%IrubFoy3h&i9Ya z+}m)Hdv8ecy%XvC`|2Co`1`OtR=35~#|wNsX8CJkivJr#UKHzX#IM~Ln_~9Ti(~UL z)~fC`6x|*4)=GFjg62oGXR+={zGO4X)_VI2*=IZ(AszKq4;I-5?MIf%@AJW%KVFcI zayb3c2uT6`u)Og0k+4vzX+Uth>mgP$c z4@qs3Z_zkX^=yoo3VAX*s?gI>_I=@}@JQKf1+|V_1CcW3As&3G@yxNuTb_2jhn{tL zBz3%-(%?@v!%q|EPRG3a@66$i?R0mV~s^iIF_ z$$9tH7IaQw&hx8^j|5id@w?E;YYegn6FzZsocLPv8OnF1@=qM!v%qnd8F)SZl%A2D z(761z0zJcgkmT8|3CtVv{HpT$4EM}p%iBr5-X|j~K1|+AQ2e>h!-Hs=nqP41mwMwF z>Fv)F6L|Qzsn+77)Y;M>KH~KiPqdWQZUG->gO9vCXS49p+Y ze=73UQ6DVm9r5MiXIz;VU&eg8Q##qo>wfspua6Z!82=Hyl}@L5{?%UVUpe>*@~>ng z%fXEw=9s4^{^Y^Y>VqNCe+oYQ{i_yTXUGJHe~k9WjxJ~JQ2qjT@PuF!&Chzxcr| zm$-HB%79XUj>fKK-M-?hHh}~LqHi6vFT0^_fEbmrwra7K zcDDpjtfuX%wB23%?lOm*V^vyrm$cZt-{1W_Pv)6ng4*u;|NQ^?eDax@=Wrjc^L<^{ zecfiT))OVUHFEw`0EJ!Qd}QpDKc5P*@~g9WE@|?PySoh z!&QEb1^*?o)aZOZS!ciI`Y?ZYSKYI9(CVkaxA*Pblxuy*K$xjkzv- z=bxFpoxF?Z^vsLI?WH5%NisIZ;I=J2saV2RaJL3{tO0k8;BGbFS98x?2VcY2`L63N z!X0>81MVK!!%*W5iKgH%&b)c#+FozMnlMdGY~U$?r89Z0dy3fQf1?MTV5sc1@A}x ze+2Iv9C%CT7F38B82m@V=5sF$wgLkumRSB@1&elIoeLJO-d*p3hh*VM{_B@bK6bi3PomoP zU#|m3J;10J7zKe*5E zccL#-%gA}a_Zbts&>e|tY^_De>}AO8tI#QPh$lcps%4-UeJ8p=>jGD=x1wVs_2toz zVgm`L?s$6`FFHmtdzbQMw_2(1wILHlU&GfJr><>v=<9lF9?2d|qJIP@y;l$IcXSZ-R|b#HB$kR?Uj=MStoC2$S?~P1>fXvd z)a+@hI`jF5tIllhsJb_=qmtiRZk(_Kfj*mu@P(i&onfz z=h+?i2KUV5*%|L`?+85@m^_nbgKhS+A>ZUCYB<);cxHR^%)h+l;mEzWv*#i7N(j2r z=K*}8Gkq6CXWhN(bhXd_$|&?)_1z_>Ujc6JJ?*oV9og@ORLeb zz=j-#)8DN^$Fg2B^2uBW{=?V#F1aPxC9yaC^u2o1s?!#26mcz&Yb#kNYz7}IH*LXS+8m|vt>9hmP2t_6+^gbVim_edX)7Q4P!53dPWA!wAE0AwSUa); z`BizP{P9K6Jn}xO>OT^F;xqR8Uv%-_ci!7QlK$S26c&gK134PWPZ#{zTXZ$e0 z$gEqDnXi_c8YA;G_7(U;l{3ASPucNX_}89oAHIa+JlBqVH@+48#wng#&1Z|1H{gS& ziuYm<^RL=)#FI|Qr;%>>55*-{@984ZoK<`~Nim()#ijnY*qp7~lRzK6R)9 z>_=Jl0mEzR33U$n=6_p|KL>?oUhy!j;8ySZNGJd@!2BEBd2r1n5;&Ash=*4}IF zDYXioY_+WKuetXqzw`D?C)bO7+uy!q<#ilJH*}5P)*Q)iXs!XzD;gV`_jA4Kp{>nT zQ|-PhX)l-jwClB{?M1)FOg$7}duj{s#Qi09U0mj)`161K#qZCuLxlUq4(|IMyu0}B zBd656pHFo~_T#Hp&5?X^MFPP5^UxOiT}>^0LtDdn>$dMrcu_44YBf>U%xCIch!*AJ zId7r$h`ldewt{8W+p;&jwu7H%7l89U%dJPc7KI1*nLHEuZM4UOKHy>Pr_|n#p>}Iy z7(Z4kyz>}*R|AbTK(kt_D^F?%JfeLH_(PC`cFjW3k=nZXFQ5x#oAx1SO!4{f7dB5f z>wk?^<5OOo=tnXz&R8TDQ`kO=?_;OF>el~nKt?55XTx_!Zc09CufuQ2Q;`3ulDhj| zSjmr~T$^iUd+Po>#EWRZ;vMUm*~|x@Y{ymH`wjT{2lAcT;5*UE2Kc9J)0)%w4-Fmc zyxC%Z8u=Mk`x`ybLC>T>lYBAVk2Jo~jjVR@ARGw()I7uIB779aZU+x$AHvPZ9@XP; z?wL6=jtA*idDpV%qV#Y020bbNnAfHfEj{;aT8_w;b?vEK@v}b8==0VS$zxo?xAee^ zPA=QRU|v&OenHdzcI&n4ryjwUvUzbD=Q>G_E0?7XSg^?knGzVN#`pDA-q&;30MCgw zZJB4w_Xx1No;LSWLqqL}uh#%S)q}*&>=0}N&{!8TrEQ9RpKGsaZ4sp1f+Or1T|d?2 z*){U)!qBLu>4Ac#ql~YB@z^yU3kLe3wLEgI7dvAPUfI&z$DEd0ft}jVApax2gyHto z*7Q)Q=_upcLjIE5mYy9&Ti$k-IBlq=(r45L^seXDvp$ghF1ua!dOmX(9Ar-~q5TlQ zkGJD@+fZ^%cd*d(l}BB&g^ckya9BjUvZ;c=)K8lWct<)b0&LZeVuan$s_K8ZJS6*d z`z`P7?!tcG48v=rcOG%FJ0Kncs2J07WfC3Ui`~v@}~HZ zPt`5!Q|=JoB?Csp0kP0pov6+qXXK zb9WvUz;!45yM~$?hks^mlzvB!MTN)B;9Igyaqwx(Zw>QngTC6>Z;ZaE?J8_(7AymX zUpTLx_q*n|aQ=!lPjP;Y&&T||u+#Gf4z5kfJYD%Y)%3CYn!^qZu^S8w)kdWkhR(ZR z0|v^+a^Ke&4Guc3jaA4i#{b+@a)VamKNKC+vG4mB^OL=)HWl|RX0FPglg`omE%5FV z=DV7?Hga$E`f1k)?;6W`@TvC{^S;mELb517cAFW8or`%_4!rF0-~}Jwus=~YelC5w zA#z^GynuSLA~y#^}3*@0Rt~nh!E-SMm5Q%|4zjnv{7a(C_N(xKonP zs`|~%;GWoF;TK z4W7@4Kjkrp8fOmTb06?si9VNZP^>|pq7!|3$5Pz+KTb@stPbxr3mg@pUz5zEnsp1c zeGaZd_f(;K!jr5f>8b(`PQ)i4cjlq}(wLR$zwu$uT(~^3KI6AwpTMsqxHH~)jBl6b z8wdXOyzTsaw?Wr_k$&{%$GP*Tjpcb$>V*sWv0mSYyj9FRIYGK!dfxS2ppUV!tLYya z-dM?dHB&hEaRT}uU1;EO%+9O!;_F>%$GNujzcN>MJbhXCP^_7_S*5-#8cT8C&ov+8l77AqJHd;m4@#@<_+6jWG0z;N#}yyQhVKr>?S-$2 zeX;I)ggh7d23>fAyXAi1ts4D02TU->k8OPHxnSsyVSm;blI|Fw124TB-V9nBwNFyl zU3f1s>y@c+Z^ti~&KZ<8I!aoi0PXzv1;qcEq^4nZpBmVik1CJlMaBvXf&Nsw4 z(O!E>GQ#iDF0?0EtXQ3FowbY!TZP(Q1+{tb$#JW&<2Z8oNB1r~QHR|qnHzHC!H!Mq zProuTyldvPSDI(C_qLL=H#WeBqu^WYoVk2oE;;r?V1upjoW3jGBKauW!^W{~e|f*h zu~oXySkag0v*$(&92C~}F_!g=rQaW%RpVn1F*WCEtx+9y>>rFAX=rZayY>VI@4N3r zfPI16tw2*7{M(03B0IW!nRRFtXPw(RJs7)NIfAk$ura7(c&O*b@S#3zjXYp*jDBla z7gUocC>uTrOhgOXzs))Ev&37GDMy>Z+o@I9N2Sc2_57~YR(`CJ{nGi&zXiGrGG^9_ za}TgKN4Ct?(ZaJL~wJLWgTlu&d?0z7_gIuhur7Qy!SH z_wr&l^BtS^Y2}`;B!90ses%P({vE%J^X!e>S6t)2nRiBEfB0jo_^$a^z%McIvvbqR z(>vi~%~N*ZcKGHveACYvaSMF~9YN}(o`jYPSPQI0@9Mbb(a*#!^4S5;D)Mu5MxJ8L;vuf%LkuHleH)Fv z1FSXIpAiR;E)eVuUi`Lf7`C6B-v%DlR=KMWE_Go-4SVUN?0hiUj~V*NS?eA|*Vy1l%DIMLLq5w==wT}K5TO6ISHEL70`*+^sAr~!A-RCJUJZlMI@mWt}}1wgmsKfCw@aG zOQ93BI~;3u#ym_X&hP!4AzIZqKPq{(k9`la#o=fqX}$$f*i+#s+K%KQVm4OgcM)4oabeTpkw9#*w87 zWS?@7RC94UvefvFfPtaM2Al3RzxnWv+VZ}y@vZdGk!W6d((d>+pi{i#n+m?Bfv+~k z*u}o&Mtnn!jIA4FBR(PM%It-tF4LhlaMJ>Bc5#1e{Z_3hjm(%vTrL28O{2YH z+S^C%2FVM}zW`cLtPeS6_Qq<>eyL)<~z0z&Exmod~|erk1>aIkEw}S^I;! z(7(z((LJ;G7hjw7T#0I$0x$R7|F|jFJ9)8g)=KivX>GWe^M8g|JMN`Vo#7z;(u1ta zJ0%-HXV3&lJH>J zBx(|Bol*-P)>(ry*uxw2eIn}jVPgc~&k!(Se5xhTh}@1_)^qW7jI%a8_&2Vc^83vm z(4o4}fuXul2ZnC7FhvWfy;gW&Xc6sF(?ZX$=lLX`ta}DavGs;ZedR;o*3^^F_zrCg zzgj!#6IqhP27@M|iq9rXeTv^rtg6SK+3GWOfj>jr8kc0E(Y|rfi|jzr zrF>>5N8pV=fzA`xg@G4zIUD|fH^djx*P<)sbsf#(4f&-$p7TA<;JL`=kCTQ!woy;3 z(C~+9)TpjnSDDKn@}m^So)&%6kH%o?(!d+t(0Bp-p*S1yx~CPdYXoPqF9I3-5r{1y zk4X63!o6ZXec({`S}EVPuG#@Cr1yVu=4?Lk;&i$Pr@K8kb@8>t=t~d2z*QK#7n}T$ z?47CDybWGuFm$I=Ir>KykLU;Hm&P z30IG8T6?+&T=igE^!N*B9iRFVy4ZJ0u>`f-p1Ed;20g89;b@(!zla&Yb=Z9O^lAhVcn);kWp!UY~{cJv&YJ;lU&H zB|oJPy4a)rqow}n3V-+?L=T2vs%<;j+)L%kJ4Ue1Y6D(3Z4}c+F>O?x_C>4qZa7iAX)(S(&vHDWf}W}v*DdR4+q{E^A=qzcc%FFLkIW4H)>-T=h%1-&NJRIIBz)5+{^BxSiTqN z?G^CwD83g%YmWa#b?{y|v+%^D%<)BhFj@n>XazbNr@V+g+3&~w>%NhF zEt`+_zH@Fqnld6EjobL3hmS^>PX>Kt&nKHk()={;%26ZmlXRK*NxZb+%enbT^;&cB zk=_*_Rh=Fet-9<}4;PXOG>1b;f+fLoC=v;Gt12PBY%| z@X&kNeVoNZqPGvjLpFVm$U|4gY#nr!hlj*JryA^fkq0JA2W6g@2Hu}5L>CQVNB#)j zCO;9|>QADNeb)Bp#Bat2!Trbct*iBn5B*UH{SP6#R702?=UqMHw>JmTU&>!q96f}N z8ilU9&9NcB1KuPbr|{WB-ABdz#Q$R_T8|_qZ!Wj(v^;yg438BB!mC0+mH#B5(4XQhuG=s_m+P}g!F^Y5=9pNBO{ zAL~qa{%e_kPtoRbQ>&DoaZN7RVYn)}QOV#h9thFgImEpB1Yf5{5dbc2Uf3Ej< z-uC+zP-E2^2(@c%8noA@=v|%t)K$&CJ>$F4+B6sok=v^NJJE|>)vQZdA8RbrS({F^ z*QO77*QV20n_|dMEHS>DKuOqCW!+ZZi@g|vKdE6_`(t8!G1ij3!~nhYDnFx3ukxi7i(a9Ro||lXP1t_M40`SR zGjMV%z7%Ms=O*^H-B^Dp!=J*~6k9X?6zI)Mvu}*}E^Bk>PJS!-RF)XJEgWd4|4#T* zJf!nU({x)HyA@a){~KfJgjc(ut8VCDQ@K-M7e>n1cTgKZfxE zYMrLMm!HicF2h(FfnOKxJ<9rP8@fw=b>%ba%;o2=;~DziJc-!NB_?+BP)6)#qTSb) zy>{&8gmN=z`wJ1|AMbsRag2lu$qv;A=|*n!+-&0lnI)fZ1}?Ta@a#c8W#C|u?e8@> zfbY}q;a|;uhiAq6>Qgc!=)k^Sut!FABO|+R%=BlS5zh$j$j7c5f%|;;{2cPa3-c&& zr~qakWqvb8kQrqcbEX^cR{d=8)n5YZ9{O|T#$xv4oJ($OqK_f^knC{vh0zm^pL6Jg z=o{x*_x+(29)087+w0U2Af8E{{?*ZI-%7_n+}xriPo()j&%^(!pSJ-Rd;JH>S9<2R z`0y?wuMdBkt=rCysa@@9Q~SbQd-*_)_P*}4C*4{_>^kop?Oy6>cfc8|*B*blNaIcK zkD3X8Ohx9*x;VdM8nV6=d@keKBCg#I4i|H6A=k$8e;(Jy@%u)6?Btdne20C!Pmdkn z^bG5+jbqMl(%G)~D3-qi56Tvt!!zu)8h-A4o`21G?j0xRemwfW9~q-Ohx5@Hr;rmZ zzEJ~Dp_>!PvGDG(BsAGiI|<(H;rlxux8FY(eM)C4_gFIIRq{-vGu^Sp zsWqMOpGUjn&Kld-ov~%N9YSXwaCD|Em-1r7mnOR3)z^3FNA-DUF^}2IV;b{NOtI6P z4QZeMqxqzm!(ryo2MmaZ4wj6y2A9HPI=^u#{b1A0of5F+nLCFT+Sb_#apd+o%>_Sk z5_$C|_;@p31+e~EEovrTlzmBDUAF{1$ zJZ)(oQVP0GLemLoTjvTY9@=u6I2*W=?2k;!Z-Vzalrtim{j&dX6fQcv_|<$At$^d(KwPkQZ6`QvaWo7tn4(@&dYbdGcKH;(O)rJA5U$b^_BbU@Q5c zv!ujNPk#U!^~!@ElOyp#<-y;nZ}9Yo$b)C;=Yz_Fx(`WnduZF02hh^QSIDby<-t4t z-11I`^A3*3|9(<=ivJ*KP234 z@W3sb?=St3ZC&eW%ggge@DC4t+S)Ya>i%OkUmIC~e2_fY^PeNjgBkyRZh0{Nu}pbj zd29!-Jg{T$>G+~zgpvtM`Jd?<)ubFl#b*-u0?hslXhOMCvMXd~$i}d3x`J3MF?iXX zN3c7OvX)$=J=(-j+4Fn|eKfZnTVLz%qt04V`9jLwcl{Kjv)YxNBD+O4i)_v$`bKp* zF1QN4NI&nV7fXt5JO5wkM>a(}?H!@LqqMicfvu6Tv?UpP;#~)(4Y_6P585(e`fU$P z&HC|}?cbScVo(N} zfc+T=v@4L11BZ%QpA&xmzz61&Q_apiN!i`}*iyC2z;g8r4GlR|F3 z$-3)TtN|XN-Csq*gWn3VhVzXX_~|nbG{5N|({Ts6qHn(Uz|Jw&n5J)|D~Gr@1v@p) z8uO^}LyW=p85iq;cH^uk)xO$EuHzGV`Zl)FTe7`s_|15hGWLGPxs16iVNPTCSA1(c zzZEA^oKt(`yRoNqhDR@L$FUod{_(L3m$7C;&c8`po3V4YVCQJ;ms?|--lE^1Xb!af zXVB75v3-7u?ekaAQhk86HMFzU!7=9;&|V<+d2p?DbBggspyAYA)**M@*mb zg`QB(X_B0>)LrCg->EevYfEy48Z8UGo8O_i-RRQ8G1t%KkCgzEB9A}8)xTF~(Z)#e zC%ZnpCw|NrOZivMz&F9cX#P!3DKIqr#iyNnmLCf--#E6ocMXD0wEdn=4t5Rm`X)9z z@yvk-P3)QT7x`UXiKoejtC*&q(|yHSv_D5VUXSD3)%`;5pCpgs826X3 zckBK7mVWk*O>65Pf)C>#0Y5+ByBBtfH*`Om=Beki_(|)rK9ld2&iC}gKa6Lt@+=nc z@6Dm1cB$F3kbrj<@Vx~;>1Mtw544)K)^JV>-y1CdD-qUS5#nc0k)xq}WaaW`-=ytx z%8NZr-cFGNpLiL3fNiF{+o$m52Zal+DIZzw_>tp^h3PEnHswZfPdWPdjpq8u(WoGQ z8JWM_N1jG8`-hP`a}(fFxjObb*p@kpv8{v#%=r19;2n+odj1=&z$>~>Y{cw&()U){ z*ItbXpGD{s+BW+|D)|%+wZ6*kV+C#MomR&1Ti34iJNgGa{d?9mwX3yn2{qBH{${Gl zSF5DHy=qBoUHtD=whwHtIWyp6(f`(;x#o6xq}GFL*{JN{9F8%$>*XEnAM~ETaV~rd zuP)B_d2n9I_uTll=6zxWTu&MS*PnPFT+jL=alP4tYaidexF+}Lbr;`Lz@@$)bMW2Z z!S`n9LHI6~FX02={Jt#wN{?*fnrQYcpM*mf88k4J`Um($yfpAPSv2s!`*PDje`}iG zMFU$L8gTL7mzCdrF8r4==LP&n$om)nxwKFT97W%C@W1#+bn=3OCoiul_f79Kzy~hB zg^_=PGcYx60Pm~o`CiF$6DOBSqh%E$jp@cQvN;DyXI@LHW`UG2ikgOF6D36fOGpdxt09ZbCUUW#NDd$x4a?x5jL0v;-XFLOolKJQa{7K|1@PnZ)IQqy4LI=X(`^0f-M819_3ZoUYHvIw;DOtBv-oi) zizC%7Q@@I*gh^|~+-B?DR`MU7n3gkd1duy<3YL!#>sMXkfe9J z9k5|_hGZvg%BD);4~^4qf__9xQ;9L;jb|M6v6XRbV+{8*mUZW`PX!-of^}C9wsex% zN@|g85Iav*w(P~&p($+P2=OCmtwa7j%YXX2iVYr~Vx77jnmNolAEGniVie=l_06n9 z3i7R{6hpfp1KSB>D!G)ds%pOwUp#0 zZ(g?YX{jX@RZjLlzeC;9IoMFt+)ynDYRW&70Cq0Tx3f<|`1pUauKyL+O$-XyB(JmA zMYdeF^T0KqQ>V`TOnr%JWlW3~v#-MNJMXYhD^{_bTqxisoQoF|^xiWeI3XXl&qQ+5SbQOEgG{*n+ z>!IBykE|~Lfb!>4(9UY`N}g6UjyzZeUiI95{+oDK@fFnxiQI0zrWmDZuRcGzirgkW zw}oeH8R*)lI(O2Fy^Fllm?LK@Psj!>B`%>_&Hkanc?tS->7-wJjQh$%RKB;jEmtlH z9xv=m%cLWYJkt8(WmB(XQhF`F41dTN_yw6g)e7Hz-OCStw#AxUE1qH>O8Mcx^=*vv z{kosn*Awt2>$vh3u5aeM)<3d4I?2^np1tg9&C{hb8^`u~Gs(JFISwgguIkU!P*VuL zRlnse-?TQ$j&C_gJ}=j%jSp|qSPna5;hdWClb*5Yx(~eJuQ6lXr?D`OF2)gH9BQW% znWdcnk;bF3x0||I*G8?S=;Ry0IX<0Ar+yapCwOKr-mm*L;45Oq#?MtKh}^4yEa$(N9sKZ3@T*FV6#U*xQl zHqP`?&6~%$7X*g#2OPy73T~iw1iq3N=}T)|tz(Uh1&#}mJ1_9A&YGeY7deKCZ&Pau zS(QQ_X+M?r(rC|sySGH~nW<&ep~B9NBkvN7RrOkXkWY%44quzhwX*P_>ZWUtNgMpw zM$Mfr_$2VL`%Wyp$$IE`{rORH@|sj*H%{#)Yw;!MlY5@k-VfOfk~7n88p2;?`>x%# zjZXvLtCv2!--q=Da2B3i+BQ1Z;rY=X8kg-Y{#oeoyla1lpe676tFzTtuDx7lT?|~b zPqzIkJMX)02{Zt2ec^3nb!%n0k9`QDsRS_4IyeP9KF+$z9%l}p8sqA0wQEsz?oIQb zJGRc&aC!E51uvWNrSo^qzP+o!8!#?4=PBgHR#4Yn=fP|Lv-U{K~ze=^)J{C=+ ztmvbE%Gp<voR3_cW89^jd5p|>K6}j6#6PPZosl1D{{?&S z4r)E($8I#XB7CSdPJ}(-5%y;1L+ki729`nNqJ;*0b&(mIZwF1K3XvI%Q#jDxG+W+Z zYwQulP}eQQ_XR#`us@cNXQ_HV=<0ISntKc%#PQ%gCmzTD&;xJup$D)Fup!DTgVt;C+Mx<$pZ0YVSK&;{x`%tLx?RVE?Vl@H zU-rGnXzL{Q?-6*ZW|DQPl>C;;NxX-DOYd!vz2Lr=pMGy2bAAjyY{Mq%0S7az!Vc{( zZY5sPhFwv{e-C-SZTy>k@c1aT4_3Hv+E~1xI7Z5!1e`yF{ls+k>pZ}AEFvnz_NQ}_>-&%*Z>WACE&{#QW{ zKUzQQ8s*lH{#f`#)9;6_2G37Bx}H7S<p_qQXcx)^(R8enb7&wCxGQ^A>>UcRCywV4kKr6mvSF_@#_ZBW1Ok`TG3eOj`n6u z34bpbYX2O5yF)?fv?xH^=nB!#Xy|n@bgE|$&>uNIhkC}5ABjwvz9RfRL*Lk}Zu}z% zovwl2`l!h;^F5p1X8I=YEae>O1zcA=Bncj*Ki(q0E-NPTbaqTc_V!UHCh{%id+=WO zBI-7bt1OpIWL+U!Z%VXuG4i$m8b;@?#J5oVz=csCdRA}^V+RhOE9t;;8|&~wV5Qu| z{I{ri39Pf>Jv5YmKzm;wgT{`dt5i2_`c2k5Mo*1FPocBJtjnni7_Fpl?QeAT)IFcc zw9VXc4lYWc|CdmG!Z*|BDCQbxyioKQj9ul>sJ>s}p-0vkcAVSMV}H?dwywCvp;OEG z8`fv0{!Ci_)?+6M2C}zgTX&98{h#_>Pq2>2#ry3hpJ;CM1?E&q?Zx6prp1qu zE$FGE*fQ=uYvECQRpYEV5{uBk*jzv0{O)ROkVySF>Wk7IxRj2=ZakQWyk-2vya(W22jgab0I@5(``#TMpTop&yUs(2owD-u}kfcsiOTPx_2LPsLZdKcL71%prYTqkE>t1g??$X9_=!A&p| z9IJt&SJoIC$y00Lm^)sl)R&+V}F1njb#gKMR#mlJ!5L%x@hcr<{-SW2G1DN zrS6!j({L2M>~+SH^uX(slRw^fnPhM}e_VN{ou&Tru3GSWGiNlQ$BE<2TY^r~84vr> zDao2N>^g~s{xf5o$^FjKYTkopfRXq?dFIKQ@L&x8{;c&S*N8^?xZZ~>9EIGh39%O# zc^ROOHQ2*yOMZo^=rz^NE1@qJ4oU9)kbb7pkK(m%A8TlP8s|rB9iw*w16z1UHgYHQ zmws0{QGwXEc;D39_Pjrx+6Twqov(U(cOPeMRknWWrm0qb)3%`N4+MCeJ1#vVy|WUZ^ovh{~_pas4jS52p$~GeCyB?mC&eUzv6O*$o|FX z>t6JA2enRW$vJ)#KU0%$bjSLOgQnJi)*=CHo=2@#(Mb~zwR@&_tahz8?n;b+HCR;XzRT9Yl}6{)wCslh4N!0XZBfn zO&Z70!26G58t;e>^!!WW1?F9IiO=kLsF~>7$Qo<8eotYXAJLc}VeVX0j?6Uly=bk5 zb#21A)=&TBDRfl$fZdUnX8D9_zUDJNSNX6+zoPGKxEt627r{&L{gDH2(?7r4>Hh|` z1*{XmTKf*VX-~N^z4U3@bjpL1FVLpdE^M-&x@W#L*mNhDhp{OH^J44`wV}4u&S9%y z;0D?rpuLmSdU{f004G|@bwM|>ne{zYqQ2M26(ibZ#{Dx?-kLO?1(yI z`8tPIzdPFNn;*aiTFrBr;~hi$qhhUDV=cnw);qQA52yp4wZJp;z0vUGC^NQhClBb$ zd2a1Bd%ltjZO8@TO1!;_vCU^(UC4sRsEu65xLkfu^Ll`G3u51?es4E9%eGAN@cZM$ zPRgi_IL!()J<3|d9#g?tJg(g5Uf|meY_+E$bL@g?F!tH3@k&NX&Y=9A8glkLbp7r8 zv#wVSQ5Dh5*&b6Pt_DUz~TXT*uGJW>f&(?>XtZ}>0$=h?}>zz7g??+fNUGo0? zVINcoS+rv!{?i8JeI5Ba$fa3a6Avi%@A{HtizwelvRnBX6#=_Wi4FJkewTl#LWeex zXDc~`Psi5tPA!Hyd%sJ``Q)CUlhf~pVjVf(1D>;iJ?}~P%%pyq_G+|4lalYo$AWAv zHF+jlXDhGAAN!Q@7kNkHkW5J-XC(JGAZz=OwM#c`IK32EJAkac4SrvGamdKpQOt2R zvR2ph+%lf?%H$2sb6T_YV^hs$Em4cE8t{*vH65AV&HCjywTVx{XTO5yUE9X4^ON3N zu;L2h3)m8z1;=K(@dqep38K>+C`%DSR7WLjIp_Ue(_ITcu9IJ)U_i2}hij5)J;eBWZ-wsAi8aU`-J7|=zSqaS zet4@#dfQi6i_N-Ru^RdKTCL#xMf9QE6rFLRw&dq4W4)|rvGJGl%slx3+jyT^Ikg*j zU;Ys3hwHgsXR{geGJ_W$c^ky&k=0mA3}z;6rZY28)LbFJuOt?R#l?Di{v4d0sV z0L}keo~h)SO7yyS{(3J3E$Y3?7>nex_rCXgiaFLndrvXGHPHGt)%ESPYsxmTC$1Db zyx{}Xl$D=B?^hsmwTD6N9A_NcoSL$VGp?r(%^}XS@*VUjXNmrQ&SwJHNNyzg{=VaL zYUZlVC!97p$I#RrKIOFiD(#4tMVtS?cdu-eecQVyEel^n_Icxf8?xemiu-llL!D*T zEeBYu3g4oS&b#o_-fWq@QS74{?7|LCHTcW%rw9QWR1NZK#o16 zdgvD-!}Ppr0HqqL%RBFaC!oo0Xwu$G1%1|4mWS3CU(+HP0ZlJKe$*h_N@%|yS*AJK z?T2D+yV{R1RB7ATBeg5rr2|`dH2$8QjNv45^2ou)<_i37w*yz<$q!-aRrS0-7zAN=9+h>7x;7MAh`6RBlK<`@<6gWP8;|uCoV8>$v6FLd~V-fn0%jpX+Ns= z+_w5@#}5nw%u8~(jeYos`D}f3>l-O_*EWOCf&pTm#s(H|c7k{9n>@P@*zvcZ|Iac(3EX?dkiQ1JpFH!~Zi2JicK1$RAh*?7ETDXSZ7rYjVd!4Nmt{X2)Ip#Z;GIw zQfsicOnT(fSiXlJjsLwN%(KjKGIK4W{ZjB=79PBi_AUMlzaF#mT|>qvn9g@qo@)xe zOGGT_n`a0#Te!;8mM8tSOvVjdd!{k6%MQu5#|eT+ORIZ=1&bj1P0pL z?{Dt8!;alF;G>rBVk-6_aej1(jmI8nFjw0b)3(~}0+!-&L;F1Iw|q@@F0&nvEfd{y zU-2wryVUuzW8cE(I^?SKob2@OdmP=yydL9P3wka|oqEM2y5K{1PLjEHoY$t&{|q}c z3jZmez}ObhRBa5C-b)mS#c5mgqIWyd@yDV0 z0_a_~MGzQ@R&6L5KViG}1uM4V z3)VhCA4kD+5ZkhwdcdwdXlyq4`iGZuCWve`Y`7l!9t{p=u-7lwv%k44^I3b(x5gDP zaSq9=`6p(JZu3}Iv7QHyYDe-~ za`{m!uW8tpgr=5*OXXt-mXgJ8A8}|?^ytDh!S5>_*c#sDovzW6vnAJv2Ng?d16HbQ zvL^5J^U@7kQ|4V?lwSYMm{#!>$lJ>(bq@P^o1Nu))5nizR&@4 zJMX71Exs`Ar`DRe%0p-3iCM5EviT@2NYrp6F!A9O?f7oLJH9JC zSR#KqzI4Tpe{TFpHjnrn9!WwoHIwoO#2@?NkNe@7ZY!_D%OC&gp?Aqs`Fut(hJ};z zGoHIV$8!bHRdN;RbExC>b+UUca#!S6cY zD}8PB2jdYv$E8PH+?`3|?(y{{n;wT}gge=P58`8WaVOdyZWr9Sw7t&3pWDYUFVcr_ z_&Bs(W)(DbV$W&3;<+ufr9JGK?G?n9J7eue7m1(Uv35yb@%*E-Q$jmFaH-s;732(R zUMW3~JaG9??W?cM_HBK4ol9?e&ygG5Jlg|*Ypgvr^@og2i@Yg=w_h;4ZR_&P_6lM% zXlp9>sc%l+TzbswnfDXeWQxz8>-|Y1y#IvrzU*q{xTyx1JGY~n8?sG#dYR*~=jV6l zhYa(MsTUpjgh$TUxf-slDKxTXd&H474Ytj=6+c+pyIPT4|bz}pfoXp6kofg6C?i~N=>lWiMEuZZUAO)TwN z@+}IGKY`fu^eY=hvQ2d7_8mv&>x>lHRyup!#A!yS<*xLa$)ASU^^sq`(pvs* zb>OwH|F+^lOP&>duaq2v?*PN+Y41+oq4>91`*0?re3A9!K2?yvlO#@%#~D4TJ2xMy z+wR+_HCNpv-^MqAVI6T6_|^O-KWF(d;**yE&pP5RE4i=tweMB$DGqW---)SU3oKvz zi0?J!WrWlo*D5cxpBFyr+KF}WOx-{G%svUVlcMbc;_FqM_vhC$abj20zKMU^&KFgV zlk8dfoco&ZT@I?1-S&uA-Ll5XfeJYAHJ{zw3+0;0vl(;43j@qUPu1o zO8RC^_8RSUM92feSGmg~_nCDK*T})9oyPH(M?c9pWXmY$TKU#>S&`cY|>rbcZCPrEpjHH zn|<7~=}A7^@Uv6s)7$<^^o-iKs9&f1t7*HDwiCQ7J2_5U!h!c4cT5@YFfQ*q@^AWq zWj_Dj>zb$Ln<|Cx?!^9L{$0%XG3CrXuW?uW!pB&WrSKS##d!z=?KDoxix+A!pv(&QogVe%e7kCL?w`wX~yt)z3;`TMV2;GyC;y9nVSz z-O96N;lV3-R`gg1?ZqGF-W~GMe*{1JgadK-=e?`R6-0Lx*8}U_z-|x!4~Ka!JUDNz zdv8uO(ZcmsY=b$<*Sad206sgpp8&pFpuMU`0#TC>(3;OWyN){Wf!Hi^JCDI}bf@SnsPQ#1z8e|eI?wp7dY|!K<&3Y1zHX$ib?Nb)3uo+AMSs}-_C!k# z-Q(n}j{0AWtB|%w)Al%UPR{BY>?Q5jCZTnc+X)9cWtp4S+1)!m;8EqH4i2A~1KIM2{PAhs45yLN!VeM35LO1>H4{xcpJ z#~c{Tk02Vi>Chi*_ovTh7Y<}^3I60n0sr*=Kf!a`yOHFMG!Ci_K&F*cA3&(FU7tm7goS)}M=SC)jhk#4{(uw-fBMLbK_o z@BcFW{PfyCjDFg4zW3qjr|OTSpI?xJ;nGhU4`v55u1)v7v5< zX0+y|zlq(*#~yS%Hncf2CYwM1drmmLKYy;z`QC?zZ$I?;KK%LWx%l(T9{7sikkdw| z0CRF~oq7br^nW(oS9##xnnOO$WbN#QzhvS}bXH%DuY4(=vwWjoS?UYFzLWY!%9Bz3 z+Yee-CNep*uFNd5#3bvt)I0oGshB9!~R` zWZPB`zlA;kzW)$h_kQ%l&GAQH`|!A~`2%si^+UpcpEI^U1lPBH$iB8Yef^=hzAX#a z+Z-Mr*1uW$OZ;7f4Ybn9!Bst7>F`o`i+zZ=d>x8u$S)UQZJ{`wk53^DqcUnegL4>s%fWb^^gCAp5hZRef(9sgmWm5woD%YGwk{I6$?Ka^wt zNOBQt1$2?>aE%2I=Yfamd@tks48AYnyJ~i+UYF}DQrurPxf0apN>ZomifgP#-h>`E zqi?p1wFWN-Pft;Q>nZAQ5&t*!x6Ind(S`NGlW4ixp=H+A*|fab=z=lMnk`fJyZBm_ zHQ(b|^X)VE%G@ubxyrs*OkMHxk>)BNqrFDXi=CcNOpp2HLx%zA@G|E20P}l*`C+fk z^+Sh#=w0iMCCshSGdGtveXbpIEcaaIWX&b#dD5)yy!Cri%WT{k{}g!i;_wdUxSBbx zImaBmI80Gz?T5@W7aqUGJpanUqkM*2z@unZanrHP*Q|q=Nyf512R>~)uQhL}1D6uu z;^(<7==&tFNrLxkWS3${$PsFy1YQyRbX_#InrB20f}QZt04ka!bD0<@k8xGoq`M z=PEu09xIV|@^9z5_Y3V8=DA#JQJ1El${N4xk2vMTr#2WHCo_MlhB(?@e5dkF$bMYN zr}mx{jW<=o7(t%k$rlHS!ZAyE*~n*E7#tYp`p-$&eA-SV>JaDlMgC^ z+%onkZM7ihzlmHEZt%~WJ@UoOu@iZwcvB1OlLY;o&2Nmk^$-bBjpFhnL`o2gbE7NLh;=%E|^&|3{nfNw(&;GVh$ zh8~o2r@B2~qwYk4xl9$_Sv#r@^J=~~X3GTi!yNxoxaWC&7mfUk-?Ei5WQ6nVPqLo9 zf#2#&V>Yx?or889+4qfy&X#=}p&?h^+4f6%e`^JDVrhdzO!C5fPpdrRCTzRkMe6Emjj0T?L&`HjGzMEq{Kk>|GW)?mS z9z49JHIigdmsu|avA?u-D8v@$><@B1#cxNj!H!~sv7S9=?SK~YVKUaU{v39xGw$s< z#(l!WGcG<382dDh56KBXw3q@XtI)?<6Ul##jv(fFZFJ#WY)8ht8azaJ&g73nAM$_6 z?h}7hnLG@?si$#2wP>YxB&)W0&e=T9GbhIc%ri%k{eJR|Bh=HF!S@oYphGeKV`mz6 zD!#A&y|@$Xu2EhlpO^9(B+tI*%;FP8s<&}wXgO`a_89!B_N!>Gko=|pWbS?J6*@q@ z4SOzgqQ!F+H!hFP{JH9F6vRf02Z$+ajVbvy-+|$C9(>#I%8VauAtoCKPKv#&zK~)H zE^SWNI0YYQFo_M5!lrWLQOf6#92d+CJkWzo*yMZ(W(c^6TY#AtuCf^vqgcYcrn1k9 zbIq={b6T-+oOP*z)o|=V*YjdOgLYgvY44+8bsMl+0;~=It0MNhsLe9=F{n04Kd{=F z16Kd`Gvo>~Lw=FNwCTbtn{Rsm=h2YZ3Njv{_ zcz(z7O`KG+?jdp=%$%KTT3>WWsM$`RJ=jW%8OyP;7V#~69WsvlU*y_GJ}2;b=NRkY zr}@9Lz0*)KlOYGz=?Al)~ zqu%#AY_dhx;2re$McN$l>|IrUiTq8MgPXT+q6T^`?XY)spKXgGXVUADSyy9=GGEQL zJEE~;^DPR~KDEi0g$Lil#(MjvFl_)6<}F*li%-Exb-I$;*Ls~~_@>@pslBFXxXu z59N$^HP9Aty#qP{uH`9UE5E=Of#XK-B3ofRusfgsar~dU75Lq34ZeMcH8_FijNQU> zDSSPh_0UatUkF+=Q$ z7z-Vv2jw?R-60(bjBlk)PMU+TAyc@M`U z9NN$D89Ms0{lT;4(`bjcC1DJIH#qsFW`B0N9>*HsycT?5XCJ(u&vnzVS-?XaJSbO1 zF+g2c9`Sab-2g88hOF|PeD?p&D(@a`Jtw)@0`FPyQYXA3zt(7;RsB11o0hAl#0=)s z3oi{}7p}~~8tJW&|? z^apN>e7@P>iMEC;|G@3+)2j0Y2Uds|;4|g14#4+Y3@?m^7lN^$C?AsNv&U-kI2o^M zj1G?%-Y#@}cI1sbt-O)P@g1+jZXJy+t9qt|_@?YLp$cPf8lTqa*e%e2p(XI&2%O=Q za_|HF7RKCmR`FYKm&_B~QxR-n;2s3-+S4Vt4?ur{dlzs&IRe}RURXi@+P9&6@ZmWK z2f%$e@4|umQNg{;3-^N9uRr0z;W^u)Hba>Wch!=({m8av?Qs^|yXPQltC1VXA{*{H z!z~cIBOC6t-#H%|!LHVLRZGD;<^tfJj~z;m!_$fZZw2o12?iaw2Y|bK4ucK%VC=W# zE!edS$HdkEck+1z`-yHFf~OY;-JJ1J#50M2b?`CjiYcBt6<#R;5As!M&&X?>GiuKH zV?0j&kfDReoESnq<53@57?0t9#sDvsEALJC^|mSBmD>FK5837mwAl?0ZKGY$uFGTM zsV$7Xm9d8zdnIFE;EY{4B>UA5{OHMjGGoVQYG9c?cI69s$L?)YV^^CGe#kbzN}CDB z$y(2h-L`#fAH?Ug>RV*X#?Ff@WBYD;;B5J*T%hkebu3)_>t*=Jn@=+hcuWT_(nE?9 zO~JmafZvv28}wppg{bimEPlDU!sj~`yt1WvmTI_xvkLY#_puh~*>v0K**;(NP5<4d z=1$Ml4&;mPlsQM%3dSn1kym1;zDQebQ|xxyIAiuW?;UrZJ{TC z?;NI&4eYz|KKmliN^i&>i5pt6_sNSEWv9qKmn|+IN?-8B=HKyuTT5Wi>_Fb0(3sF3 zWX@~sd|7ZK9l?lUM}8bn~wG1iujZ9i@5l)&+|^N?^4KTt-1RndF5KC z$QJBF*2z|r{MI@~a^y*9`kUYn8Oj*zU!TM{>#)&wO5UK?SVKMJwbR6#o@^+|482#6e@FBjW}MZG6CL=F zbg3&t$#FA#EEXCWns3G<8r)`J%3fvgXlj^i9N^6zhkT0Ci?JNzsBp)@yKaB-7Yn~? zBkqg|Uo~wLb8=+j{mxjnnz6_?B0L9T5oatZXr>z2rCQ8c4&}O^fOZBr<0(#GF8q4* zo9hW|b>%w`=*$af()f*et|#kU43~#oe~)AzxiN#r2aOG&3H)J8_5nZT zs=8-is_ukpiu6J&oe|{{lTU-*-G;oqAG)E2rpcF@#qZhteiL2vU?4pBKe5}t65=c> z?Cy8q^R3v++d|l>W6!3IhJd4ASr_DigLi=E4$-ee^DYf-cWB<$!@<~plBb|&KhCpr zc=if#{3tkH4If|5v(nim2FGJ#Z}My+Rb5^@(a!r%)Iz`a*uK4bVjPN(xb!!Jxy)o< z+M7=7mR!4FY#MEuv&4~IMaZRM+dj^aNqerK584$isBM=fC5PNNhM~Z~o2M}LHQ-kY-W!0me7NzOi2sZJnQvkpbLRKs(7SX+ir<>QVsCrV zv5GIR1)iHlGkhM#7b4qN{-aBQgW`xii}1(7=SOnz`SrlWZL?<)_9Xo$;Bm9YKn{%+ zp40I`gOh7=y~DHO9rY_4A=ti|xL~1)iFLtu$~Bj+$uqE1T(B_qedsX(pSk^OEz*sS zSqZ$>0Iw;?ISV;wL3hZkxod%&bnGhV&eU2!#@ztyWH;6WKc2C3b#uk{CRk_HBIqr( zWx*9YKY%PKtt@AMy|>pAAL6?Z{hRaCj8$f_N#SEVXP7y>-p@lb-^>eO~}`q8DE(XIqMq)AJ{12a^OPz zpZ^H|6M$JOaB^W537VQ6f|-$%=YU!Ft(bu)(F^DYFU;PBrgOp!S=W0%Fhd@6T?EV~12f>WO)wLz_?NF#a?lUW)Idw! z_;9*+`?U6%FPbXkUpzgODl8xJiym#*##4nR@99gwp)Og3d%wX~F?8vHu1H~2^0lW0 z{65LGRDp6cxOd5cp$Okk==(*m!Z1I(MMFOmWg7e8riokz)>xBLrZ1( z`ObUFBN=X2bK?C@-tVIQZrbl*EWNbf=RE&1&+lN|8=N_fMF-`4p7Bc-x;8}$o8q6< zMiy+`I7Jt}KiB6aS+k>5b=%or#(y{cZ@bW%C;Abc$TpVz>F4tWaFRf-Ooi6EkTKK7 zSqD2G_LX-dXCw=V8JN9;Cz1VA_^$jH`C?vX{IBpSJ!<=8La~{&)rXzb{}uES_;UPV z8T!8E>W7}zTxLA4os8;GSD9VYoUDi#v23f3cxwdXp<*#JFYw}jAZ zh3K_1^qO*A`_O9}JU*Eadad8s%OTcO%I^xsz8clKNOt1r*l}Qw{*zy3Vxe+Reigj~@8w%ryWC)OxxEL^BKPk}-qX9c^X?ZeF5FW)Ex2bX>pit&*H0Y_ ztp)MJk3kQPjx|z4uYZrPyf1=WtV5ps0N(#jdX24kMGLxmmTbp$*5C?LPaz!(>A4*G zMh3X>?y7_T)?9IXj`<^&3MI=-OsBZbQ-d?vxDo$+@s&f zwFJ*3xn74J(b&E7Bfl2=$%c6=cq_sN%C&CO`mE#r+&0<1_tNexun%)+4=h@TG;YfyeSJ zW12~fhFFV{0an1FYbQr{H)E17$auw$FL{xs2DF?82;6|}O*8axdB zC34W;Wghxd9XHhvk#9pj4kNpyvp+WRW*OTGF0@{<`U34wmNj^RCTldY->RtA_ zCKtbb8r&q%4M}K0ZTH;8xZpS8)!_87&2MH62%n_&MM11G=eu^@IOUp=dyO7V?;jSw zsZLQhxb3QS*Z21R;iHmaJg>269G&2%tCq2V=k9N7p1cEW^5LOQ;1qAo$G>k4fScu= ztvri<6imxdQ>GkEJml|?6 zkqf(ox2o}t&7&E!z9;z)@?CW-QcfGG(go!y-cf&wH6?H5%s*s_a^zP+lb=T>t+;@* z_r4t-Y^5f79Guv;Uw(8E`dfJ!3GP)+u=8!&XupA6nh3cxtH`CvQ@s#y(%B-KEE))L zUKX~ca>sVnab^_$7wXm6XI7?e1@3;osYRmivOUc;#-yB>1bydG$6f0_wOK)XGe2T2 z#|G3nZ@XG(Z?kBt33z?Q);%wid)?^0Pk)Lnc2d_x?VInkZ}b>E)XjXn{xBm4Cj+m0 zMwWw{XJf10Lz}dl0LHS9y7-juc~}mXrs?HN-sgG7JYNcpAa_N}g~ku&H*&D68aa5C zHP{_-<)Hjv{@7{Bva9SqyQ*m;B0NAB@JBcNk%A_m;d0F@LHLN`ziG!;IbeX&e z_(PZ1V@v3o4OiRV&DMo)Hm1j!92Xw^XOAv)$2)x9fr%NX&pSv$-w9wPdw8f6y9b@1 z`uXuvzdcUQkIL7$nA=b*wh;WP8u+OOI}ddY@?L8|l z87#ZgUhCz@wlg2WIB|bE7xTBsTj3@S9uquk;uhfRLCz@|ieTqFEF63UTNqgnE!J?R znf7J5eHeI|dz=r;nUv-^?3FfrSFF#TIYMnB@7l!cQyfaseyiG_h&`RQyEEEOfqTaF zuWDQ0;Z5nxHH^>vMz(0oDf+CJ&m@8_)HUAGwR?0e#n>66d+on-O*}N6dC0~Wjm~6V zvYS)Y+C%B@P!4Q@dy=WYr>_KUB=ws%*ABNSc==-A0Gv;~Zi&y^*uLF<`@_8rVLGL=?8uD=y z@PYa@HGh}U_g$I`&)>jW#@V-N2B3hG9544a3!EJrH1z}0{u|jwNoY7efq&pA`LhrIz2reVKK(ekT5;sA zA6egupC`T#Bd;;&V=gh#y@x{2;+eWxPI_tXHki7WVuQJ;aO?%tbZ?*kP zaFPqIfh@RY)DJNGS2E!#J*+ikkoktttEGHbj@~rB+xdSX{8Nf$2V<|3t1Dkff;D)O zHF%JH)n3Zn==0WZs`y z{E288@0;(HpNP(IzdPsrc;9;|lvyug6tKya$6Vt0?;aOy;QL~7Glp}R8*F=PBzy=5 zUYvZKarQv39~2)u>2t`72dBSmJp4@-9`<@{2iLw+eXSkHLT~+^efU(}y&gyLi-C9c zbcJ^roI8CD)3ft?U*PofA?Sm>gY&hYL;I2HCRLjAZNv}q-IShLc%o`kmwI4$a0K{m;7nyN{7Ob6r;u+m z1&>0-XDsZ7Ka8$>M33k<=okCgL*MA&#V&n&X}Z`$>pAFq+=ry^x5=5%nms{$ITwv9 z_NRF4DDX1dBXg89BO32v-Q>o#rk^YMeZ#h14hu*Sr*Y;8- z?%ez^t;e3-oGFh|$ml4zbk}2j<~(puy%BV-aJQ6yw{{f=YR*G$%}Zhrm{tt8S0$){i=Kb%JoZPt%DArg*hzdw6TCB*>P6DwY zVoOJ8ZOe25Mh%FTDxHD_8!!mSQ88efDe2pQ5s{-->!sGe?F38(G;I}m+fM6DIVb0q z4?x%Tp$x4nCE?e^UD9v`JAzYZNgq$e}&`es+(7o^!Ot$&&hZ)x3=yPuDA?7iZ9 zaB!x5|C4ywtDl{I@5i^W*LK?LQMKmiY-nrsL5oA^qDE-*7_`|2ZTh3fYiBuzf&Gjj zUFW~IvNx|!_vkE_-}4HkuRQq&_+9(8r1N}70sFP(T34M7PF{g8Lh!lq{o#4@Ej)HQ z`zu&<)>a4P+Yb`&inY;a9@R{46zVOi>U;G|gc0S3FV^+JV}GOlX?4bOrhWg2 zzR%SDoDFT~^+5~SpEHs9i~on|arar$t?q5pK9wdvXX3x*53sHpi%ymQ zb~ZT9=}Uf)8O4xZS@O2oj{nx5Jv-sx$*XJ6#D6<?5U;EwOyxy1p_Ig^p-W_ZDd-m5=ZIV}~ zpDuUu1>u&M>`e99ZRs?2VltPv&Zh50!sS`?J+m)dI{mx2RLu8j4<4UO*B5E~zg$9` zw)Fc$)|YBx=uBeOgA@T|q0Be{pS zis$`f?Vp=_$FCZL-!lg9empbG{9(`fKysNcWC644NCdO;rkeY-_q@yweuJ7c@7(9D ztY7xRVvS<`#bYC>LvnJI4vb!WhVSX&%Ri;#)9_>Oe5CTbBiR?|n&I|2jiWTjZ_g(% z?tiTP_(jZ57b&jOyfpC_Jdgz(+kitgrrS7s?ve$gem2eW1zzI}Iy+D7J-^Y$V}zJZ z`DBgX-ABP4|K%Dt?V58G>04)MXgy6O`Ci4!%F%~P_?}!c`2+)(=I8%Xg1i>mIeozv zDzWp)G2V^v?lo3cuX7YL(6xFe%y?S)&fvD(hR?;Jn~%_XHPQA#4?Z>bs+>f0L|N)d z2e;n*TsygH?|xicEbB$l%B7pe(bxEO7SfRmd(%E~MQ_>*KEbolfhUsI|FLp=ezE;3 z<`>I*&o4%v_r2Wud+@j4N>xA1IY!X9dYG&oq)!nDxK3gcn-WsvzSH0W>E}mlS zP2g)QV+w(jFt8RMy{uO2VD-Ehx_962ysTF9U`^o1exEh+dY`jRME@q8;pA=Syz#Zl zxw^TiOwV;_Iy9@ZQn5Gj6_K0m=#58>-rx+O3gO6Jw>1ym2?cm}oSnNea6{KPuqN>3 zcUx;Ws~$7~9EsfVtZN_^x7KY=(6+|qW8OzKq!)5trRw5tLdK?|^ID&=QW@yIsarUA z?s;TyymeG(^E_5aZ3XylWzJLcs;aqoX_7mSV$W5H_qWidA6>B;U7^~p{&@fLG~OQr z??=GBYD%R~G-ndspn0Tob)3Kst*=O&f3j{qaGG<4ULr5@3V$2mf$`+PfzN)%xk63c zZ|;Fz^#7Iv|5RX`y0^5pBm;alW_6z{G(2rA`i3($Qz6D&#-3^6Qs1Pl)Lv=tLh8Yi z6h(l)j25#7E@0R4RWKJ>4BtffziJ^GIQM-Q?+Guq-m&qd=c2vl!}M!nK=r4yrJVk> zw{-+M>RhSVL~>S~`xd9~)mC<36~2V#Nk5ORRNY?)J?oW;t&R+7{xdSuo)ce*JgG0u z*BKd_)%%;Ua~_rCi1i4QfO(>Me-?I2GzC_(#***#|Clp3*o${*Q#payjkFDq==+!U9G{6%!SU3{X^$Bfrl;NU3F45%;$%mgw9LK_*QnpKEJ6* zbDrQSgpCbv;u*Z7KL30B<1RKX*I*D%E)PFtwSJMAd`Y(6-pZyX2&vyE+r;ked zSlZLSm;Wox9uk?!L(#4|{som+-?!SgZ`%cB`(`P($+ZO-a{7t*r&)u`X@kGWWorw+5e3m=MUB+IFTeGYe zL&$kzBJ@W0hS9yP=wA6IQTR-2V`V=kaRz|i@yrQ6oIXb@{jND$=}G1GR#Pja8mcVT zei?e3xtA=Sx%*VuK8faYqRi*8&T7(XD{Fn!nM+iSqU27zX>jTI)oRQ5Xvm}H-Mr6w z;cgh?26tah$K9~9ly^VAg~tExecn^J1e;*&vo9!JxQo47GNG5w0i2J16AWfQ1)V8q z>|EJ%`5Hfch6nRkMEoLMTB5m1bSX4zrC)t#;BB_-T8Fg%yYLI{F&?@`?6{i=6uZ9i-(OZDS{6e4J06)-B z__b+h!C1Ldz`n0OicBD__HYR^gAR4jUPm zLw&+s32H#wgJ%UlZUr&OV{9a*i@{!<^B%hGw$NUZH|Vd-r(ZQ4Bjw^^fSU zq5QggVQL@D;9os^hN@5aD}B#U8!sltepY*iUa-^NGxP&$YmCj!vGvuZ4n6v-j~Hv} zReHy_qmXmu3bgLb&pJ=<`AgI>b+292xGtnW7x!M?P~KtB1ylBSads>I)*R`T-PA-J zu!??2q5T`SvS^*0NVqK=E)$ z`s`;{)ylW?>a#zLbN%+-y337&rNe%8caIJ;a)7?>^L#0ze|zMCn9<}r(&K%_g%hxw zeeu#tQ^)w}+KHoxF%&luJB$J+*bJ?gec4BjVJoz9W#dD<=)pw<^6R~HtU3caeytBWVgS4G)1H>EIvxF*IRmPH`dw1Hr`Vz2<>#7pp6Fg| z<#$azW?$b)|BBbHaA54~e8(N=s}BbE_#^T~Du%FL9i4I!bb06Lhi<5U@ael6tina$ z*!UvdIClJsd$1b@=g$9o>3zp98qx=z4tQ*=%TIX*Up??>Z9paQo%)myB;BPr@KWHD zpK0s4o;AmBT!60TkM?O`YhU(ZS^O^#Y_9!3R^yzHU}|Q1_SX#E2%am+ zc@PhE5jXydyv#+~JD`gDGp$q==VNHySYnBlT7{iaZE}UPrUhL(=Ml!$w$%RqUUG)o z@5~+7_Zd$Z-&k>`_RBPD%ZQ^AOPKdx$~e(?U943b!@41}H+ea72i+3|7QQ?EgMa1S z()Wp4QAU0PJcVhem3CEwdmFfq&|U@W^sXJKbxOXLi?O+J)*d~My-Ez0>`^Klr&`@A`uB zjY{d~;%8THuC}aX8SSh7B{~r}r`zjk6QcM|Jqwa z@rL%-h*Bq-#D>RAy<;AAN%>|?{Wn}$alTQTib)=1%okzLZgI}>6kSD=C%CU1h_~O5 z3od-00)Aaz`8;#Yc~<OLgXOejjpj2{OeV zj4gXku3g^-@8|e(0tsZQif5AB7&4`?ZPWjGZ#VBHkSQa3$Q0)owzx1zu8JMGD$6DQ zqCLgZSDb|`-Q&TFyY8|-S-Pv&yJs#-ovK4T3t3WJ-{8na4RVo1?X1qXm0UD9a*-~N z`u~^d$ELaQeIG6k{bTLde<9!3J_Ak9e^?@D361(iH09Q}*j-P$$ zZ{e>A{Z>Y^zn)G8=n^{d|nI4{P{~-ssp#^s(1Yeu1&;-FOA^F_*n|Wh*_pzU2aFi=K|mMh0#~ zf6YZ^D$rk*=x}tt_+|nAs>$af-?Ed@)9A->k}LFHn6?y03zr$tPx-2O%ZfXP0}uN= z8{b50c7!MSCi#8nt;c}Pz=4ipjTpAXJ>SE&C0ffY8p;kRu5s;vbcS?fo1s&tSudh@ z4gE9iZ*3dk57w#H%J6wca5dMGhmHK!egqBU=#T_FC|W-L?T_Z^2R;0}qmT6r5p<^3 z4z06t0u}6KTY`;GKsRzjCNJndSAH-y6B=N17ZBI@*mG!&#sIFv;MnBorO(hC@+so8 zpe3}`eyNfJ#l&5-e~1|Ab@nZ}AN{c2%B9czWI1%wzDDe8GN)}c`!J2OQfhyim5WZz zZYf5m`Yc}{?C?Mwo$K|L+QG>?(&;4*EaPnYw?kXitjJ%HUG5J?*-Nb{wdK@_1Cgf- zH9mX-)$~r_TEAn>Z*Fijzo(NmmrfdwXf^o^XeBtl=g`aD&vQnRbWqQJo+0EZvIv?j zrDnB;`7574IiE8kn%MWQ*!<=v!|VZia09ejY^9O`@VVB0S8LY}ZR+`cYpQyGg@2&& z;a&yz{|TK+k%=kzxjnYnUPE@E5MLcT7hMc}mq6d8W%SS9Kx?T953m>L25Pf6!3W5S zeX;w~)<|5k+U$3+I8hI0MA1Z*ZgQ3qbXg30RE3{IF z;q8mOyv%NqqQC+|o z_ULM2ztT3=$Tj(V$pu;~=ZsHrPPsLZ_#?Ar8#1mK#P7r(#oU*#q`aYIx&u9z98G-n zS!A2OMHA6TdrPVP1^8@gzYTsZ;oBx(X0meUgPX50?fbji_tE|@vDG($|6LBxxNWH& z`RzKp)X0CctEUGBFVnl+zmi`)zts8v<<9>vG5^=veSdJ6xwh8`4l&nS!!|g0v3YlJ zu#n&L`RnEHjGSCs{K}d8G412P39^)&z!@kL;TL#Iy5*vO1I`@ywE!FqhW^8#`3UG; z2(3Laf!RBFJn}jLc@-|<{}^*cuD##U*ZdHCdqB2WG^9`23fTh98HuKfD@D@~JSN)d z+(zYUqR=h|?SB0kXg3ZW3{OO$;e3BhKzdldLL>C6<`;gMqqWNHJJfOuG%|51@F^~p zZP7b>(dAM4yXEARO);lW@pUoZx&6w&PSIa)J)Rl-<#$EL%;2m1zRaI;%`fr$QTkiB z{q?s_kK3O(`dafZ|2Ocr_5T6j^;r}1ZeXqC)(q`c*1eBoS1!4B)ZZTmYGLuhhG}}Ym?0vS#yH^ zwJqb&IR`WITW&w~!1~**0f7g(*TwV7686xqM5d-AV>6Mj8hH5`c=}0ryB?Wag3jK9 z-fRYrI(YjPVA=$qv(6`h{Bu5UUHhK0RH&JCfLSYBIx=%xl1s``x1CzQ{$L&Zo%`|w zIsTO`+C#KR{ES_fZD>P|;>*!@&rtK=vsx~-td;^~Ah{SAkO#qesGj}ueFFm8^T745 z?6Z3FgYaKndnI<5ev7m61Ff`UWD6ev$=P4(&rgr zKe=jsg!VZXD-f>ceh#o8Um;{Vs{W9%7`DXNj+te)?LY@7khS&_;D4pe>}CGmWJk{N zv1JeBZ-=VE2knJ{&*V1B%k2CH-^<2HZXdHw;1DVv@!#crQ8Rei+CqGf$=%x zj6;+t?*+4{%&8wn$c5h*O!r332k66QvaHk z#1iOE-2XM!tV^E4v>};k!$)QR&47W)m($WlAAWw7chMfVIkcnwh%;%+#CZHdu zqbF!1T#l^dSVo@kc~kB1`$)dk{I=xC>kqvCkG7uJqBGiM2%I*Cv7hb9Q)3p69;p<4fm5Ogy?kFc&Kwjl$&S0L-Ul;LK88LS& z{wehv`#AR{5ajo^0r`OnAA9}7tJsC^XZcyyzBim_g04vz`vgyCg)$89H!!}b>Pk0 z=Vs&_MX_ zKt88x@9A+S_IAF{4<738+i~b-?1SEypCCQ1d66IBPqp&Qodc3Dp&GnWe`d0V^|{yh z<+uA=ZaKKZ$ZH6@p?L0M?yJ6QtFa6I;QOjs;+fh}duk*4r1E^3$p;v741Q7`G=wb= zRhrtlM|{xR-J?M~Yx0Ef9&=pOe`(*ryzaa+`=;y*E?d}n8#HT&FH6ablrY!PK_3;I z?IC|5v=kc-pDyrax3o>>yh?r(6S1l2xL*P1diiSb^Ll)>j>X`?$!D8foB78TwEVVPOO*2;7 zx&%Bb|Let%7dNu+=G}hAc$7B8hr&sOaTq_>;Bbi9%kcBqjB@PMefZ5s@d1WH!^=N- zc>OnhLjugHv{YL|lgh;l7tAliFPifkYWAJd9=&7#(nSu#&IQl=lGasBtlfI0YN{`( zZCzTHx~ri#&x&sS>50B{#D(y@`m2^+;XK?s;n88=xwCT#bPf?Ws;yS$9f$K?A%EJ7 zVyNWA*sT2Ex#phMlH>&oxSrQpyy^`h6dP6 zH>Z@In;d@U>200sOH6a>O3i#?vpv85x|vVxou5?RF%0i2PZ@$IThS*m_;U^LEBB@G z1=wpdgzRLft`r%RtjlHy?o8@UBNJGYfc{X<#+Abk)jz?9#!kR{5%iVvkqzKCkG(oI z567CE)SeZ)>-Vn6u8&u;H!OBc`*iAziqTnCYK#xt2p_khCsm`+0WT+Kk)K$2Y3H@f z_p3d9r}vd3(z|Nc^oz`@&j#|?1Mz`^5_09h5|N4`Bl={P%M5-O7tu&FbLBj|%j6uV;5x`%F&MLA}7s{6^0UyAmdGAs`b}H31=d6*ZU zWF-dv%eaqBwp5<1-c)Jbv#~_65q+)ZygWB1a``1hUmz#OfDKENFUZq)!rX-mFfxP*J)HZ+>Ot*^Eo5zUdmhaLH&4i))>&KrN^ ztO0Uza+>3sBpv`B+59hX9Y%hx(Y?~L)Thidc0cxbkW5oZN zH9speYUS6sdnz}O$H>R#uR>NT{MfLM5tq5XO0&K9;u@3FSe+!EoD)ZeVw=G22HIT$ zp4Wok8t}WAdyMVB`8K`@TyH2#z2;xpqPgidWJ>W|o?^Krb}Z-TS-3_twUU{NttZef zav7cLRSj z`1>M%wvF@$KhO0w{C$+n&RyKU%(Cc@ z>gT57^Lt}GZye~2^&-oyRIJ`gMeC43bjaBGb}qC5zp(|ol&)8LVm^OR@zXc353YVu zyfGD;-pW12e5>qu!-3nL`wI;R?&Z*`4qDX%Kl(S!pXwgM=m*anpZV^8r@ucQnj=@O z;~6JBCs{b6Gl8JLZ29Cq;JNZN@ccZz{l4Hqf4TU7HvN5M+rYy+;n~0g&+BX$<#F4v zCs*q1Oz|oFthFoM@nxnRZ}#T{y19(*SkZa^htzD<^Vjcp;HQ`W=zRAO-#p0QYV>^q z-$XV-G3J_)dp37jzGJ`Sd|AaznfPE)bjBLLKd=Y=I)=YC=u(uGos2)bj=0j^um2|K z+{k$36ZJ*sTU|U!UpRD*gIm>0#3!<6spfLW_25;u^Q-CKj6;?uqHobldROl#pQe~k zdDaSYi<$UirY-|Gi}?Sw#5&qPIX#w)p+__alz?~Ih$pYbA5>j{&aA8gFVgF3S8eHC zwXb&%5L130|LVA9eK>|(&bz!HhtBfn71K32asLkdqV;YJSr1J(13Qy;LQCW~5;LOP z6)U!&XO-7qZ`pBTl76ccOQM5aU)7EoHGkX_H-20BjHTcNTk)Z|5ttPB8op#q!}PA_ z|Biv9}EgwD_~ijHTk19F*_oPuo0hm@{RZT?F-e+Zcjqw^HsNbh@}Kcn*vpkox- z*P2$@$nO2{plNs}bVWC|yEf6OAG!};ecQ}T9c{$Gf$U)c-#jY)IKrzRvw}mt@6u1}2=nX%PS|9n3su|+i#<`u>mOSM;GBfou)^A(?RQtpHo*Dw- zb)cWvT#Vv{}9z{pX-hK{Tg^(k~@~USMOy05l68ToQi zf8U~e6X*rSOO4cH>^(Vcf9ZMCl9^nqjRZWeyh$7SXUcigT5_<5iaFY;=Wjo0&(XMZ zG2y|`bQm~+Csj+di~VfFMONyIpLXJS@gwj{x4sVFYtB`1ywR!XAjy-N)5E3&;KeZS z>z!UckrSH>uceNS=v5ofc+~zA;8bmSasOq*-xT5U%#vNWr`b*m)rTO`-wq67(Al$R83LmsS?)G!zHfX;Gz3tVz zT6^384bfYgKk7xp+o6Zcd&c*GhHc^zhYyt(H9EMYhlb*vf9>}>c(Oz|^Cw3;>vVR~ zZ!6zR_h^n-xe4JrEF6j^@Q=PRb!zZI+<`&5?hv}7f#1Ag>?^YDmd;9R%=%2~4%dpm zT>b6Pq)RrM_(AV~0zTeqbhtg2`6&Fngl}H6b$2fujPvrOr+-_w+qvN|y!fbeH@xKH z@ZJ!Wj^uX`PO-=cA$gTm-6jmyh#qIEm8wrQLj6pf92aA>Qz;uqiI zd-~kZ?;HHtu(Gd>=4s|luHE~vx3K-8|=mfnC4}%}K)^b2U{_762o}#z^8bNmB$VV5lqq!>KRdZGP z6|Uuv1h`*`?;GRZD4s=;fBB~gWJ}+w4aq@YvVN!N32bJr1YU}b08Zr3^-;tJt@5|v z#~wb&30C&^9pk0mCa4-}!I`&gOs8u5i-?tPg9oI?cOZ8QnHwqPI*;o&bWW)+f4%%e z>SpE);k&-#N_Wn^tDA0aOzHZ*Il&o*Zp!iJ1g~HX=a}R zT~(joYdysv`4TpUFEQ)tHXWhYM`I$yv!w)?)^aqa*KFzoAf#f*Pp=18Cv7KX~W2rCK&`~vK zGtj5Ekq_zO`hMn)TDZQ>H*US=)&9Uz$el@;l@BD(hMoM)- zK}Y^$z}QaSESGVMmv!yxUF9d0tCTKqbwdO`?BM_7cwc%-Ifr)mFoqsh`{FO8nMrZWmx18XY&!i3bPU~w6 z9KIW{Y+NUMYm!4LNZtWIH1V59p5^vsi_jkh$%XLXC#j8iz&9{h?dXpQ^sic(2z=MT z@3s7vV_Q}4sWTo`^O;GWWQNb*qIE^&!sht7R-KA!%68!|mJ-*x{1-xhDz38mFEjWv z@x%n1{}Ryf>~xhKCx~tr(vGQLfCmc=pXuD+{NPCE{<-E}fzf4|&b6=mURLmfyYzid zZ~*tthBrr^A#Z-ou~TmSzvj@>^I!k3@MqJYzn?#Ud?s!D?fm)1|6lw$L_G38z@OhX z{6&2Y{JDf{`B~!6WzPL?n0q#V&ULQ8+I=r8_+|56PVi=a&xSvjEjTmXna-aJ``}OI zV5gFgx`aRKH}>U{hkBjg`>CUpEt`){b!#MDUXIO07os1VuwAzsotqWBP`b0y&iToY z8ri)kfvq2l#5;2x{fItv*Q&btKlxFQ%8x>i^n6SHuix*8nb0k&RoDJB`mT+7jJCFG z1G%TBZAzS%+oGI%8)v)c_||S#y-IGeJ@1o4Z6WhP`*g0jsZ&Nz3pTZ9^f&Ou(ANe= zbh>;s*@iKE(ZCa0La zeY9s;2)m-WG4`b~`wmYv`=Mn9wO^O~{Nj@po5GpCOEdVLx?UPaO4yyU^kzayN z_SuI0z$;&JCiPPP8~vnjG#2UL7ODdTKOjN3^tk{VXS6>gwUF;LqOSd}Vo# zsgIrhF}u!qD|Y`^&`j@5;rdc)BfRsT-Z>-h+`?xDl1EYO4xebA#*WeKwj&W_sS6&? zWNZf*<2%^W0$-|QgfG=L*q2Hc`clkezfi$CyF2g?1+V;%9vQLaYx+R)N)ddIF6f;( zg?8{03Z~G;6xzlA7%_#mrWhYY{>N0+ww8KjEkAhGnYMvHEgop-mVfH>X;VJ9@RAPO zNZJhpm*6`cY*A!XK9bg!8h;!e)6)p(Qx1%S=P%EdpB*{kvxJ|7Muqnn-t-E~A z0sIZ*ZxDZj`5VIDQ2s=J@k9l<=m5VxbhG)hVF2@@&{lI^z(p?A*%QE#u@j5SQcJR} z+HWzZEjYCgMU|C0_6qgCmB=2pFhqa0Nv z)w|j{edc@2`Q4~>P@ONCdE|2XeWolWUTuAn@oeYY-=n91L;ahx3E}qyeBXvVhIlv3 zH?7m*E6yraThS+xhwZfUd)@=?9P(^!6~qg3k=K`~tE{4Kxstl&SISa9lP=#+KaIfM zKtDWJU9ypF_|leb>=55-9#pzo>v0YOk7|A5;PCtb>@`Y1aoTHZpr1zi*-t;TbC7Qi z@vit>dP+QRU<3x`ssEk+FQL9sc4Rla6bBEALG!3Zh%dqR!dK#(F+8{9&Ft=+(i-01 z&hskjc2%$527lOd-rjxQZGC9#$jo5TH&4}_SafzgA$|~F#Ft3V*!<82Z}jE~-?4o5 z6pYlv18+kAI{2am{@4Uw7r`4F;E@14u?L=5%eYR%6T3Nox|=8J>2njbY;ky^23l3a z6V0dL3EmC!O)KA)x;#-sJJqz)?BR(3wAuiz-h@_l&~z<4vB%+wCg5I9UrXtS=Y8@7 z-*)o^ZFza(dj$?p&|cee`dLapO&`G%z@YW;;tBEAW7LL8_Pz5B-g&clk(E+htz1$2 zIIDXNwtR%wZuw{*L3sf0+Us{u^;K_{XZ(lzFIT-;K`;Lyw%nJBF2%kEu&0}_ts8vQ zF8WfTDqkvI?Mo$UeCPsS>S)AYd$2LTw&=U7o+!!~ko+~ZLQi229^f3T2YqF!hqB62 z59EP+o|3oaJi+WASoxs3PiwYAdMgOJ53 zsl-zJkmXZSYdG82?JKn4l1|l9`e-*p?fxC(iE=im+wM`|P`iVHWe~7L=*LeVS@aRV zQTCj@c!4PjOfg_e)Zia^@F)3kbz!Iqe`zuHQ~I--F@USX;Nl2)ISQT*g1;ie7e*z^z5RcR%hr~b1!wMe@ zKUlGUY+hbV2fQ?6U|!25KI&qj!&vALhX0g}d+0uSPE@iuD#AJJJ%WASM_%F9x-SuY?Qx-xML{`S)Ka3%Pw0)OaU#bL5} z#@>Mst%*`U%*`CTl=Ur#(W^(6Amg(bV?FX)4!tvc$tl>dU%uD%LS!*Iz7Dt-0e>H3 z)c8K5bK=33D{ql{WOoTNj;`%@eCSx!cC;?Sm(-cZ;3o=xV&G?t+QUwTE9iGF_yQN* zHOl?rOJilst&IIVwFf+k;bYKmxZ3mLAA1q40KU1WfzN|~e_DH1I(+o4wG3vyyFd6m z?H%R3%@fd3awxjVFF6b>M}X-luzBhAbz_5u`i+;b_ZJ&#};)oV2fm*p0rZQMr;u_NqJeV&+^8R zeaD)<;A1*_7Jb$V&&RO?3G6`olj!dTY(gV`F!K!qZC&%0T|=Rql|T5kJbdzgzKP*` zt0qozst4IM(^j-tT>G`ggn^nl;Rb|AF9_-TcWe{w(;c| zlj`cD;7n~P{s|-Z!dDMHviZgroRCJ3qm`W1Qc~dfMw!Mp(pry$%om8Rk!P^w4y{Bx zLkIAZ055I8W%vc+IfX`nrNq)cHq-d!UMW_klzX%h8K@8j-z*fqx0CnL4jlF^Wtps zaQS7a{p16d+{C)Bg-be5_=W{;=Kd|*SFDr(mNsDV%9Pt@h&7?ngI#rpflqCRShse# z9-l1>pDho6VG(s;$V3r7Ld*NulWNgxO6manF4??Bt^)be9vI3a%$87=i$Ha_4VC!$+pceN6~FV@M(@#;d?#_|3Q24z%le*4EPm$>iM(yJc{2Y zeCL~;I%nhGxF3^0+6X-vV;ed|bAE^Tv(LO3?C_+YoP*+LtpOe!yaU=ATRR&ZO3%=z z;cxn!mh7tAVs-vhx+4NUw6<3@CT6`4*R8q_+}-&AzDWS)do6l$lQpitXW#n_HG+p3dnrO#u;VI2e2_geCl{5ei?pHQ3iG7@aN-y?Rp`+9C+)HzoqCp(H&iA z`;l4Q@Y(uW>$w>znRCqabUkYq$XFK?+0ShFsF#@PNh^UvOo`U$bU{3kQt&z?Qr^YB!!9+^O$=>_C2nd@2e?zF&eu6La*-&8SR zjj20U&DvLx71j8}Cfn~zudeDtM|~#;+dY9XPlRtLgDazBopo7-%x6nKjp)&@-$;MI z5ZsQCk8H0C^V4tcKys_gMt3s5RNFApI<|;@pI~l1x7ey}W9`f8k=DL-C)cePP8Td# zKy8RGSxGI(SiWs=VzDf6pTi#lZ*pm}-=)s865=$s&ZiVVVIBN#a>mZt9{&uz7A&~= z>fGYjHa8(3xy*HK;|z#|m5X0t@0+`tHV%*v-%G!_^r1F2pTCf{a+Z~J>TE#S=F3!j z$=DSCjx*Oe!Lj^a&EM&GLV2B8r=k5i!(Z~0?SIB!cGe5-V1JDC^@7F+LzZLp$P;!< zdMJc$k09gZ>mPRW^?N<}dUvkH_7!vSAG3phiFlV^VZ1dr^q=3x)cElaK8ebsA)mH-pB z-T1B83B}6FpM{o!FZ6wUu9ZpvM;l{r2hSbgSb1zaudMkRKXrh1AI2927hmK2TQ3}O z+DzO?8?@idxOzQfyi-|+6IuceO6gNRF7InCkmA_s@Y2e^cD)n==CW+gm*jq=T>h24 zAB$+-T6KDU`dT_a(MC5vO*H)Utm3sV>OGzrewt|Wlh&F0cfwCg<;P{2I6-kncsj5y z`Y=DS;I1w_oi-K$=Pb2h$04@vaQKO~Oh1gT*ZmyYEuh`O;9!`QQcZHKkZa`pOY{2I z@%fIN8~HBxnf&aGtEAJ1b*~?g3`en#@e==}7`8HmEVM%7*Wl;JIX7@Ca}K3Ptz$Eg zm-rRdRZXl94#CS!=+-Uz9m9EC`o+Hvllyhsn{VdS{XxyQE4LWQvtC?fSuf^ZP`1Bl zmv!e(zPXNbWPZsxDB?lQaa{)w%6^a1x7bWGAI}<&a^7nzxn`2ySB$B5CyKw-)_mWc zxxiMG=eyI=?`M7HtW(|RJf}I*Cq?)B%-M}@J2M8Xe7l3##60^&?`Q1;_3R$A_N6GC z_H6Jy&vlU7kn9ScBA<0vJLmC?^)+l(+xqUdA?r7{gS*mQ;01V0zFm4IZCoxaCa;d& zmn_=8B6D=$OEMFsZN>KT=e&4Yf3fufvb`}k?~Tpc&nE#+q&u#=C%ayDuY$S}&bgYS zy;jwKVgmF92F)*+y?D@Rhv2otjKMpHI1Ctu)9z)obqKw9@J4c)@bkOq))UC!QDj1O zpR74~`N(MBq{HKUlY9fk%LO)_<-gE}*6qa^LjoFVf1P&pNe8^2ypeceCVfw&?{fUe zSu0;YI(o{aW8D--BEIShsgCEq`hObdxG}g zr5~-$Rz6O!3vR)m4m){71N)Q#){E!BKTZFib>|f5beYe(s$m6Zn~iALTx<;vYJOF5 z$WHi^{XBy|N0yqt%X9d)89r{{JkT&_M~&y*P{GQ#U*P#UJFR^`y|8TmflI7A7x3PT zTALAw>&|uDKlfjJ`+m#+6;qt!?|C)`I1W5)9aD^V&VO0v8`1yVZ&~Jj z@yDM>ls(s!k)52%eE0r2!|I8(YP*Od=i_%B9`BoE=l+MHe+ObSJh6}AlVQP0ZRlC? z7kD)IhE`_YX&f{fZ}Z3D@lz%pfiA-75b$saU3Cmxh(9!UwGAE%!JA7Nvu|h*{ln%7w_z3dd*jojV2}bHR(zf8q(*ZX3=4wLaj?0M5^GE}3Lpddxgq)$^=?K1Bz~ zxb&6IS5^FD=VzRKn#(gyPQNI_-a||Cc(U>IPzNC1dK{bW@{xE&d?Nl3uef+*4sXQe4JYfmx(Yb= zH!GNT>ixQ6bMEheTIJ6}mDpLGi+<&mwL0&wHImVNR^v^DU3DMl{V;9f+hL2x*WUM7 z&sx#GY+^iOp-V0dZur;!?P5GqHfi#Q^2N4&%qy0C{D*G)D1YZ(Y+wa8Z~=SXhFSl@ zyv-!Vw|W*`Yo%6NH~nZ7{+RL;nVfqOVO+DbKd1{;l%*_cJ;Ky>jI`Jf6*;iZ^96jo zUwq!Y3rAYZe&l05tTpqRNfn&qS3G>><}kRo$I6+_;PDDSe#2ViiuIABtc>-FIaGgC zV(t86C2fnpR*!5}uJYJw>PU)+YZPC|FVS97s;iTasJ7a8S3crh@E10B`8Xdh%sYD5@KlY>yTvOq>MPL&rT9OxH_G#gZ{$~p z=u(Xtl}#D~T3v_0;gHHODC8N2CMHosR*lJUzFW3=lX zjc+n~Ms1PTd*COlHp{*>`7FCe8haqWEK~(8P2JJJ;9}$;R0V#pA7=l7MZi1Pw!7LB z$K-R+XYG~fMeIuwefbdkF~oQ$!n^Y2C8rkSFJkNlKzrWqL6FCBlQRD0!jcFlQ%{wmmgOlO;oqrZdn z_W=E^Uw9k+6(n=%FNgj@;7jd))wIu^scqAUC*44xBjbvu|<)o1Nha4K&H^INk1-rS7l@5RFtY_t4ym5>8 z_SCJX>aJfn?rL;WZDsD>&0WO8caVp##`b)Y-!Z_locp(L$gOXHj#J^AMU3$fbbJ~* zKDF@nt4n7YG3Ez-?|1b%#yi|GGBzXI z&iKTWPw%p72QIwSz#74(3f9llujbwc^2`n4{=HuBP z}$|M)KYXj8_pmOIZM8khx+ zRjc@Uek-UIUZ``*;N4B&?#h9~0^b`%I~nIB?|_f>p7yagi0+nMIRdT@fy2YX-(>Jd zJhFzI_gZq^WA0u;4R{YP+qKe~N6QI*HfHCX;x9F94xzW*ngugwSZR;F7Y@Oj#%|&i z&v+T@TN>*z#VO#OdZMcyfFGX9>U>FK$)grk^KcI{mMaDh2^_;Wxcu&Kc3ujMJDN5Ef0c5U(jblww2r)sZ2&i`=b1zqqluF-7|%a=m8 zJzE@_TzmPWIp@)0pZHtq%Etdonm!x`&!7)uh45Mtd|QH^84Zt) zgD1y>^9g0CpQi0+GZtHvzMiKBJEy#oat6xJn*5z~88YVXX(O2JG4}Wp2Ylq3;aTEj zQ|sG03wV$N`97*u48hl{X6)$H=E>iu=qnYoLS#LbF((%+eTs=_>%ZJKeaa9w>@ z*Nb`=CwO9+*|TzThp;`J>troz|hJ8t|WHT!hV(ZpQYm%k>A$-V9q=hvTyXxyYmNK`j5G#)S_* zycj=ExQT$12s!{>+&B%GcCQ=@O(H)_ux>Ax_j=twS+P#{_na(T_X^|B@mW{8W0&9b z0^^r2s&Olxa&za#mOAv4&sRhpNe6ohw4=6ZmG*o@&NBmRPBF;*Y(V){DQy z@AvWnFq_Q9B!jIcF1CWBfysRqTg-WtL->QIUjwFH%sbr2o?e=xc?v#L zKX#6N<=Yq0hT@GFc1H71ik;GR!+%=vOewsFKIpEK@{CV;-!}L@#GlrFn|Y}TCQd_- z4zJyNCf`rM4#S^qvS-*Z<%l&WF?Q$5&B`BJ=(>{bIskhPVw!4mrz02GEf+Q~-rHts z4HJ9(0Jr!jn|b8~aJPXE)dsa;hj-)0?9>RL1FRXh;Fa)1i~Wr7$+7JjhCVuvAuo79 zHEMhtp2*m}aNu7hCS%uVV+uSz9Uk9>ycHuSqaAsBeAz{v&wxkeZ0@W)RmYx)#6Mc! z#rl8RwdMai&t1i}bWOVbRlITI*FJ1N*zcTqW2gSD+_oRDn>B|$`F`d1m7|ZN_uDsF zseI1LZAUg@HRzB!Xt&f#CF`Nx2FuI~D3=kM3mwrfTAz^!@PFWz-m>dR^RR!4F$#jM zt<2YCcm7l`hXdGoXsPMF-G1F>OG!G zF3nzzv@Kc6VSZ0F7)7krT1orbTf+E?vlw&t{9Z0_X9gDw&(KMJKpffEJd)}q>^xVt zovT~w%)^x1HngLTxgOSkt-?MgD)|oGsPDqizm<25i~?6|12wSZ3L3E+@>PTf)pJ6e z;krJ+_!of_-IG2E%?7@5aF1?Ko+6#spVfHbHIt_(r!9?J_?gW)1L$tshtV1nJI|th zla1|g;O+$@eMYN+5jdnb62RLAyo!aA^<}BAcduiz$85vm_=+PxQ@f2^USB-v&Pkna ztwHdsALiMQ@(DkWY}oTx_WoC6S?`j*|CM}~#|M#@1BX%gRruY4K8L_9JTGovnTF;FpAJa1;U0F>s=NeOke_{442{dsUM#+DjvU@Y=q<87(@&^Sm3H z3|!J9&_(-pDo-nTrtwlerpE^{yU6}w6QdB@syQ(Bw??`1c9H1A0_4*3W^yB(gAo^=0-zf|vH#~Z!R z7jk_H#RZBvWH-+PkEP(9{N9|d3D6eY#`ufZ_-a`PFkCft5$sM#`UjpgcF2SCpML<4 z!C#8WBj7CxzU|yScmSWOj}so-3|_Lyaf)A5H)Yq8Mx9)T=Kkoqi~gM>GnEm z<+msYsGNiLT8m;cTzf9tEZePbTzf7XFIz6VUVQiMo$_bQSm2#Mss^&cIlBVAsIzKX zp=l<*SOofpbNH@+_6I}nP0(`~zt})CZfu2W5Mt=7ZTOe5*<3@T_L0^jvdzqg)JAGl z-(%Nwm$1jP<^*K_r!co>rR`7f-YMIr%a%!34RGYBg#F7R@L$jScHKnMeIK5a9I5VO zFTRf6ZAI4Pv$*sU{E97Gfj>Ng>kV83d+Tg|f%)ga9D*MNw`5VeF9SQHSX5_khnC{A zl8eoQx3u>>Yij~A`hAlBFB(t~sP^S0r3=Kb$_ZowyPoUa_L<0pVmJ6qcIYPJ$10xh z=mQ5oWlSdi1qSmyydDM@iaTU`j4n9``!l`=A3OT`rW~F}9y)GhytBXq@3%v@(puJD zBE!aSszgR6WBZX6<;H>SksRTiKI3W6p1>y%&y4(%)(lLnov)lYd(_IG`@?;^H+kSTb9kUbv`gPzz{1QVW#%t#CM9ab4cj*L;BG4!Tjq0J1 z;ak25^S=6#4sdPDCG?Zy)YZx!$+nQQFt){=yA0jPx4EKdxHSNXV4_hW#(mEyO!4wB+K5``IMT@Wg(1;E}=8S*399q$4ls01<@SS)s0e_h_ z)!$>-=FDx$CGQ-rKvsCij`!soY0b$1{H1|G(}wDrr+RyMz^dP+7fLxX#Z+DTX7J6P%J!NI%hQFp>NGyieF!q&H)e7InkNa z7+C&5oIVc#*Bgv;i)Fp|IpNOu0rvjyy4HJ%8hjYuD`zh)jpGSwcVm{nh5fe79**WL z4`61G0aK4yPVT)GTOhsNR%yd4T^|G9HsEECsTS!D=}S{<2HYXw7A>^b)RPwi|2WoG z0F%+1z!|6ggXo@1!AC3bXui7wz1PfsSUP`5I`CRuqhE~NGj=00$ha%_p;EM{TjSYwDEQwa&BT8`qS87N52S`JXFsXxj#<) zrC53LJn0mBZU5C=&*E>Ixo6k+&g{O<3SP^#{5>;&VeZQh$p~I*?kmrk6P(EPK=^YI z{At$5N=}dw#oNS$b2J|9d&j)+9E-88@%hZ2bqkpr2s7?h!Ik z3pu@xvD#*2SR*f!P1V2^5SMa^oVa1nXA35hoWBeZVQ6cn47(N+= zUlSp3b`$!sb-I-*C*K$;w^H-4e-`#nV^z+1@B7T3AS>dBFuV=!Ul^r)1AHyI9RvsB zYdveNLPst_N5V%j_$|H^d7`g2cvE$a9ndBT-X%w>aZ?+_gO6z5ElC^lF{J09X>E~z zP?AK&oSW{R*LknbWCONz8-1*XzG+L}s*U6Q@h$zvdDqy*W;@<={U^z$x9-#%*9rdN5ksYiYNZsxb5DN3&nRWS_yS?NA;|9z0-!ajbI#|jYQT7NrRPIZKhp|Rf`vZ-)VHB*f5?|^F zb=F7rvpxs^@J?()Eqk+H&fMP>8Pq7s2h12|e85-9P1Iys!)KAJ@9}Hp_xggLhL^&_ zSVJ~q3OHb${C4=HgmtB(Sy$Q!pNwY>$pqF`Ph{=gWY*r5vYxM;^*I}um)%co9lUcC zfANIz8>gfS!N-XJ{4T!{9_{IGSn&M+iN4^g69M#e=9JX881trV=0NkU)U#jK-0&5( zLo&)<{w8_-+6?xm2bNa$137`*=v={1QKMzX$^7O>o*nH%PSI^IP*=8<@0By9{^(`& z@uv?nW{r0q>-)^SKo@evSc_>x_w`&bd?fDVM}WI@yiK5g+b7I5arAcg9QJbi|3%35 zeB`g~`S_ z)|@|PO%E*2IKSlx^7ht=d-ne&b8ySKAAEoP?=sE_bXgZBOJ?(a1@#2YR_ZVBgOesJ z_19PM&(NoXz}Ij1PJ0ub$Q;x%?1N3~_gljPC*Gru*gw7H5o&GUecnoans+o-yQcDE z@bbCPW-zoF25p8zn?ca#oZxQGu@T>dfH}-~4s$+ME3nJg+xrD)&R~;9%%FgG4z~;8P@P7a?WA&JhF@3>6z2M^snd&cuj4p9esZYxtIOuko?oH z^2>+TlC#r(W7xHxHUt_oXsh2UG&B(&mt+=Og|l2$5Qg??HLE}(A*v{vrx7vM@~rurGb z)_3YGqqZrE=QQ7*7u@q-c3sC)W#F+29OxbJn#=z~wBfZ~-gvS#$-71LS)x9<9&M#M z3msoJ%=xvn6$TFZtqa%-FT9C)9Ab?KyjW@Z%=wm6(E(Gb*^AQ8RD5sEeMRBVRXmqJ z8yQU7!{}oK*M;ab`kQ@$^~hiFS-ye%y_HAp&2lTX51Jo4V$0HRvfz&;R_Zs@L+vv7 z9UAclEME>RAWQ6$h-TlbZTr2e+`sKuI^vMB>{a>aV z89dU$ePpoigSz#5@QK7Ho>QPI5++ui=EGR&c148%;JT%kh`PxWNd(u zG2;C>f2A$$DY&Z-8T;oHGFAtl(5AjUh+Nt0oschJG4(k$)RjuUrhDaUKyYgMw>8MA zWOF+F$+sHMQ<5#dJ6H;wzqeAW4DIuR6{5Yy>h#_Idt`&}4wm*ITXS96(*DqjYx9GF z5VDnk2P@&lMYN4=>DX?|mg*DYPqO9;o#);UCFrY?aV{cfm&@Kb?ANY&J>rMq@;{oW z4Q=G?oye2$GjDv z`tMI>BiKiMCz*|6JENnmRDmP224>n3y&q)0*36Ydr)&J>E#!i!6Y;mi_j7hA`*tVj zBW7g^WTaJpe}?a`iYy2g|8~CUZhYxL;V_kydTdTfz0eK*;OK@dw0Wu_=`E zwmllJbE}UQ&-+a6ga58tw2a_do_)8E=lAj4-XAb4_-&rMct6z9)eG;li8a2#bNAgv z=GvBx1zcD0r`krv=C_+?=OQ=5g7drY`-8Wd`?ikx{Hv@H_UM>F=<>uK;XiD$SEKPKw=CIYV~p;Z;{FP2WwUI@8C$=z*xyO6uQ zpw>{kcJB#tHIZj5L+ZL|6X#drByXGi9&_42|lCh?)IhP<~ z(;XS>WX-yG=C9P$9pf*Zr#kDzGkMTAE7;C+x1E81?%j^&WqQ$t{^gJS$!TA_66X8= zwQ?o7n5n_QL}deXB$0J&1{{s6m1biU-LF77eb zO(~z8!8%Uml($*di^^LV*>~2-uOZK@IYl45bAZ~uSJ4|`>_hR$-J6S9Pf&l(eQ(bl z`oi(TYxW&4^v8}DTZQYTcS5YW^S1N&Fzc!idN9mb?X~h*!N%tM-!A$1?bo1NMy^Y7CM}K=fdVTo#>J>Zdv&eC-_J1z0`eeoa*rx+;XYKrti=FmzI%ng@ck3krw&+!i*#oCv|HC~Ttl6>xu3A_FXa4`>=_$3-uli@&Heg|?!RH~ z#>ei`H}@mUYXT2#-2J(i>}Qv4zTuU&N6oVx$mz7v-`}|AfBnonTYl5p8zz6-e)c*x zV|RGf#_S9K!|v-%yDyzVaBKMw-oAC~rSXD|^@8u>8NbnC}*1Qy!o8?{7~#yn|<1g@xa*zhU|L z_ILLat7NZ!cw_t*fR^jpi58d$29=pxgq5rLK z)xDkluHdB2zutR8{eRfc+Tn@#AJ)D7_>rf~v$<0qxMA*(?PqyBoA&eXZM^l~pB#UU z@7_r~d_(=_Eq676OX>*CT%4CrV({}8cycTJ_$YiChqvYbXzm`}^2j`RRy?ZQLWFnc z@$P)yy@_{!?$*ROyqnI;z4XnN&(!|c_j}hVNam7X?2)<4ojjQ3{4?{vHGY#1Tlgvb z>6+}``7r##NCe-cBxh3i9rzqu(0ag1-Ot_&W7!+?5}&=#-nd zq#UGeI|_nN|7Ta7@)(M-?jXj}uX37Zuaw2KyM%ts+>5FYN1qj*bdGj+tDZ31LZgMjoU^78>c-79{`5LJJRh%$-J@1eHCpj z0)|G~eMU8nWz0*F%e+GIZdUC@srTzb&+{x$mij?Gd;W}9{rYEghSI~uD<{>qK94Rr z@;++}&t)0f2>#C7(aN)_diD}+^St#H+HazbW-Aq|GPSV#eC(eP#b!M~UBLtFpKyp= z?^D#?KkzYMz|0r$O!G%TiC{56D-KgSYPe z6UlpZp!1X1A@wUbv_GL)-}fYVt3k&`>~(7oGRG9Ew#?kU>Uulo5_{KMsrXEClhdu# zkFkG6)}SOdV9w!^>63n3U|qF%j&<~iZ$j=TYm!neo8+7DYY*7hy}PsClC4~R5o)vhLg zxd2+^LW^wZkOMvPkWI;uD_fF-?B7!h?ZNR;M^-g9v#0f1#!&;`A~$wz;t=9uYKSYL z2XfMZ3?&aR7JLoOo0>H|74WR)FgC#J@QHFhw*!mz(5(TM)xdHeuq;Ie(RnY%p;f-d z0*$+C3_bFD2k#Xjr*UfbvsnY6IWzMf@0&S)cp?T*l*@ObEi<Fbaah?xX zAN_oLrSq-P*EQKD|Ef8W5c;{l_Eg_fWaT99h2Ej%7JVVt$VnU-QN0iADh;mWW6AHE zOg!wxf3H2DJh%)2tL81Wj{P$2qe**V+HIx%2sn*`(-=7IwI<7huVV1Ev$N}kTfw>Z z#c4*D{Sv+S8hX)-;}N_U>g?+Ai=1&w&v@~m|A*m+an!U`f)CZXsAejMdiS-&T?y6! zCp1rWUS{ASViLi15$_g}Tk!hz#z$)Svo_AcNwsFmfqb)%Xfq zSHE3q6(-kRt5^tLse)IUfN44Pe=B_TQ-@F&$CyJUIkn-&?Ap@3^zFBPvJ(DX$(aS3 zmp-t?-cv>E^-K)Z#IIySzg6%g_apQb1&$bSY-GPhFHhe~oM~(veH$1&?=EMoJF)xf z$J_qvw4Xj+;Yan2KKbOd!5oaqe@$hry5c?Uk)d3G?0R?2o`b7}@O`>ZqV`=MzzhHG z-}d+-2VGyJ6ug07`7w4qvlT2;U3oLO#C}!Le!9OQntR(-fAV=;f8(3K@9Ue-=^OTz(Knhy zUPV6|yI>qB9r&jGZF*l5J$=c38oqiHJ-<|Yfs@Dd7{z(W5NUKAgR$H-2AnYz&q?0MklpuoS zS}P*fVml=PK`B*1s;zZ8+$9^tjjmi-^8fzM`@XsFz1#q{9X_9MxAUI!oM(TY^PF=o z>ScTt{U#qoIW`+s>=OLa4&QXZKk{STeZ$(z`{80cC;T3G(ply9d7$t+dFP<+2 z&mG&bP4`;Jo@*Dc3g|u?osTC!!1hVR&pJmrCpZxOl;DdoC*$|rME~%IscnKkdeP4H z#U|$9i$T|JyWqh?n}-fdpf+GP z7^})pAMh5m6&%{*boeo9%AQ-cy5n}@lgEh-XfxxvhgVN{Zt3d9&n;iwjxT;_FYS1~ zkaiRKzU_Hvh&;Q#Sq}Xr!qtQ9Jr4}G0K@Inc5!C?lR6)vm^g$vnEmOu*}6_TPr5G( z{z493q=Sp3f6mfn`mR_&K?sr|>=4{Y-vnKgSQ9Pc4^hWawS!b`ZKn!Q1+YMdLXa zsqlj?YHg+C!Snizz#!j=`X{nvzighcRzF!?vr>Bj)*jD062fL} zu)eUR?s&ibp#!Hs|fm! zdax5Y`4xlPZ(F;1G3W9uuCW5dnk#a`BLg`;Vj^msn#dRGu8hSO`(sN7GIlPyBUAZ+ z_})tGi#?1l6TZso-WLmQ$*aWc3qJLS~4TTsqK-iDru%*h_#9VaM&+!A}XN%p=?97aoh+#^8fPH?3!g zZx?{O+6#%7!J}kMaisL&|6pg@!AY2LB8;;My5%%qDg1B4&$%YVco#8V#EfSJk4`&L zuXEsZr|<%Jp%z|P2rqd1e8ue(eu%&ir}POgWT;Q(Eq;j7r)s4h;!I7W&m2Bf%oply zolws4^{KWjgnIi=6dOO^GXLy+qjSChd+L+VyNWKbVwb_o@3B9o?*m^y`V6_T56F$Z z=IgunM;G-m`-kOEK3rgJ<=(aZ@6+xc>Z)I--G{XMz<18x*DmU7+R5kqVxhJ5y-E0m z@UQxAS!~4~r7xY0E<6{5^B*B=@{!#=R^m^^PNDmI=Fhv2u&(nU_*ejsF2)8-LN|h+ z52nH&j=$cfaE82s^$cnUk@!qi%&XA@!5oTVQ$XXz2yCgl=`0pnWYt`hjqh0%@$e8DlmdZvB_ zL%Zh7pM3oJl1F4b-WPiy&$b_A+^nZyH>AU4$JZjGk8Q45T}^FFlQVC7pG10ajcPz8 z6XoEZ`MdLO$6kBs^30u9Ksi>OXYzIC*(c-ZPj=r)Yz!~kakYCclN$a|^%?x@TpVl{crI?>EdVInV*@ z=a3U_v$9ORfadblysw$|Vb)`sZ%qpn-(ekD0#0iC)vPSA&eG#DD|&+8{G3tORB7%1^AXll{nH2gnuZL1ca-(f zgX?nx)6@MY{P~rGUxt6pcic~;@AC7f561Qxp4Ql*?IlHaF3a9$6G|U3SiI@|uB)q0 zVr5-Qi!nC%`vzL)STX+)^3y->7bwYK4Wcl;`&_^~vb*XpIMnSAU~9$% zs#hG>y03XpEy3mj_KSX(?<8x|iQ(SJZ$I?U0QAoV$nhZFqazpIXzR#SYoXrrXpSs! z_U8@%+x6vTXQ?ka`|AHhUk?80@6(s(oc8&@OdPnT;~%9j|Ao6+d(@Z5zb*Y|&VF?CWv9`X_|hr$ zPntJt*!)~K{+9l-#tZF@|)kP`eD;s z*8bo}C+b}tS!wiPMS_mhcNTi{^g43p56?E!CR^OY{TE*O-=@Z@?#5*e7%Oc49m1I`xFMPkj)%T8Ayx`DOAIqMQ$4pM^|r zikNB#zG2)i%nH_jfNj86Rjj8oRqTD3_*nRJE13jQ#2 zj>Bl@E6HX z?mshgHMOBDo>*4_ud5GoS!+Al?~?Abop-SAX3l3}K7*{9 zqF!6be*$laJEe4{#6sk91HSV@k+-*X^??lz*7dTo-}^ z<#Xs`8#@1*8fVV)oxH#wR1<{kJls8R%Ra*+Y2L3sl6u~6PvZG(WDfls>4%PV=IzdR zsky)B)7|q8A@`bRp5iy^!@}qWuRM-G9uFep;ydwY9`jWmM*J^%Y=-u6{;}n8>HF{> zzE1?+R}LmY7SSWpIYt%}crPpXV9Mt>e@Q&Ya|h9RlZ_l^8#!!4mRq2cc+NhDOM6hW zgC|tWNPEFx&H)j>A2Y-kqTTZ^zl`U_sRCJwh=xPNA0UP;>qDA0fF*p$arlR9J z?;SVi$GH8qgO4`wAY6nUTu7d|^D4H^(OruZw4KDXTSBU^ssV zv6&U*zFpZJf!{e2+RHbRkD(k>Aw1HKFQWW-7d+u3eu&T2)@jq+`HqR(G3Aye=gO}c zS!W)ys}cDb3A!yiIR3QHlWUTW}PFnPl7gHQ}uW9aocD$7O@35$yBW-h+(vXFl$@-MUWjfQx32 zzBrwI9}5gdK0JA9S62-6$VU;n!nI$s!O6*fgX8uKJYU&`ZUcYVCMUOas_yCU>F<3{ zf1{vva(|aN{iUIE=2IWz!xj`^^A!&&ALcvFIDeTCm+N+qj&tGPL%pGA*e%<-4b9JQ8JNj#_AsDTBX@%dUl zn>acIU+63{`Cj_x;zMUvC&!1fQ9kCc{-k$Ri%5;nW=iG*oUzNkT=W#<>CDL+u>pC? zwNihi&t@)3abUoKH|n8>bZ9Dgat(dr{-EF>hyFtT74ot1H$R~6cmVnsoD)az-PHjf z-x=HP@O@+e`$M5s2|j?e39(o(b;ge?E6b$}j50 zTo#?jI2SR_C1*cQgFDVejB`nRoM#y48ye?4XPkBRI3InHHBEBmwLYsz=djx{8b5xFFYDN=r?9GV}-1}59O9~>r6irlGg3|=uh-8=rv znbr%kQ+6zx9n`vJ`+f93)wZ9NDg4Sh`qUm>Q`=0x>R&Z>##Ul`<1l0gzmw3GvnR*c z>(qstWfv{`{uXR?`&gcv#9A;hxN07{piO8JaR+v}eXMwuSm0Q7W7h&3Z?6D%IkAlF zzVZ`-yJaT6DR7JbQ^EaJ!7`J)!c_E*2k!Z@@uLmg`|Q{|BRDmoZ4YN=!pAN6WFh!o zxe~?5`vo_?R|KAI!4DH`Ubz2jzq3cunTHz_B(Gg0pTTmA!yj%e7)39o+S4`H<)1QJ ze@x-LC~rN4);Q&Z%J(ee&OY%@F?6Uo8~>B}Ci$NZzHGnhciNzVCsy32oK2l$Yn8K+K1ehA zJ2RMtoZ=gp`;ZLH%4}X!{<0T3w>NhCGTvX#`(eDd?>tr=rRphl-clcQYhRPsR4v00 zXnhEH3eZPG`dYDNU$yq#h(5XzJ#jaBBHz(RLmYk7rrMTU{4om{^3fGu7*g?x^u}vt zJd@3wu^Ewm@V3Jj)gJrk+GqB+!V4G1Z3*(GTwGTbx*ME!b!9bnale+%FYD^cXp~(Y zf;}n3z6`~V%XWmSeB`$>gER4~loNY`-`Df|ll&fv+V%Vu^10NG&wZbF_&q(Y?_9s| zhaT8}lLW78|7OFNUi%lm-HJuZ;bHjL*qrK|#x8db)xZyrDxR7ETxGyD-oWLoEPS!+(1M8@mWT(E0r2yiFZYgX70N(O}z)8R7%rJxOld zt2+{S0NQ`agFn%Ji-SY2{rE@X@37|41OB4&ca!ip@gIc08$Kca20Hlr@fq-UvNTb4 zy!g|4$06f;#q(>*rzyv#d}$?dsC=I+^g%ZIK($|mydUc52G>XVK6PNqw>RTM?!bp! z4DH*Yz3xL$Em4!BgLW7lM4pM79-R}Nejf1xK1s$!wr}?`ytNBHlWlYI90|I2ZO3sl zj@!TM=gF6KeY|G)?`8Ne?8Fbd;5*eV?J#_o8Qjg-=kmFUahl=h9gKOW3qQ~9;90l- zcKVnp_#NK0`>=v9s3ytv-51z-uL!zYawWOEoxdC87lM-t#;IhS>5S9DoEP$W5ufY$ zY-%IUE8=G(2a&_B{yeZ~9uE2rpL>`E5DMX_(K%)1Tz$zRHZ&$8e%@?HD9 zwT6l-6)VWreL?dkpBo+l-bX7w!w!P8bq-&6bATnZ4Of*EMWTwE(|+lL=YM-VNvB_? zeVk(gwO3QmNgjXTlEgUE#o>@7945=#9+MA<$7^Bk;#C~gRG>PM^8){VgB>4+UUc{K zIB{-oYnyCgFZJKMX4`un+IZvBJ%&E<^RHDK89|<-W2|i|~0^rJ5-Ru1Q3g9pLa?6WknyX+-+ zzMB2V&3623YQb!~Zu6OcjN;DxK-FR5&g_S__@Gl*cQanBn2GoF(ZF6;tLF1|>{yog z+^sy<%)OeWsw6JE|j}z>RT`#k=O!hf`pQdX1 z()_HuRD-YkfuGNI9ama#$0%!asnyTa`CLDln6KZ_7j?E(9`Q$qpV;Mke7gJnu{Fqo z>i$G~#dpfRR+IBC=}TP{d`{dQ2=ko$*7RbYyWNUeR|=2U1PVNaaJDkMD5OE82W%W)#66bi7t(D@y%xgM+n$hGaBgHiZ1F8 zWGh&odLc3gok9H6Qf$Rs7))IxeQT|-g7XB@hCB3RT+wp@@GJzbYI4|nd!Xl#k=C@T zv!G|~5a@|b(fPeDU7z0#T?=fw_F=4F!9&{7pS(v*v9`cE@&)wkTJ{7~GCp`@ zUpw`veBWHCyBmDe^V)mZ){f#16xv9Ksm?M-?MnELafkltdk56c*b-jFckf|~+)vNh(c^#u%Uh7Yvmp9p>F>5+A9NZ`0&>=@t<-P zv*~_g-Ibeo$D7Wq(;a@w&unGyuI}r5g#671#PSEJWxWg;s=dh0_uvC<_WE#czQ?_j z``_S|$Q*nZ`Xc7rteEe1;C+84d;lDEz_GBeV2SU8arLrn{;JoA8yUYKw>xe$eN2Tn zm&2Qi8`ZzjA-pP=bsJ-jKqrkvKXu_FF0=DCo4vIJ=eJ>(1Q&g~aOn;Tt$B3v*W1S) zA6`c@&k>h!w-MvX#~XQ`6&nrwx`Wf?IA{7}*K3YEJB;sB(J&kQ=Rga=a$^cu{@9AY ziofEHFMV`~v2%gJyrMgm>vnN{2puiC%yIn9G^0Cnf){n;8h_5gwfcR<`gEXu=v{$9 z4GZ7Aet5$ly0mwfy0U}hm-|r1bXVrlpA>?tq3H5q;7zsrUK+gn<|#US^XYW>U#U^h zIZyJZ3!(8)XgmxWd;8q&_UY&ybWUQQ=o~LiBTk>Hvu(hCD4@?`;McwM=t#4EQDAb4 zxxxEBK0AFq`z+g~qUqoB9XUaG(fEk_3L1(6%NKGEnD@JiqQD}3hkTm+0(8BLzlZpf zuAjrJQttFl$bYR*D~djqRun>aDhH-DSNSLM^D4=Q`7ZV! zDE9m2QqMN6c%W}?lV163!NcRgdGRXWT6jLuHSIQ^j1{w_0{=N=>gf+=n9d@l4yS5G-g~y_s(ABQbr#oEw z>^fFo1OG~QyS5`d)=xV>xh{K7vNamZ_Dk(tQIt6yVou8Sg>SRA9iHSX3QhGD$*ybf zp70uFKB{SJ1?INfYPPjcDk(DigqX8A+iGe_QNmde#Ev@KP&g4j4%5Dq=LEB0H+e~zLE#CQex|9zUQ{SRN_Kd^R~H8%(SL2X8$n)BC($hW!)xC}2}XL4hjv(9+C78;Rr z3kdgZ9=vNz#pj}B=q6-)*3fYwbYGbJmvwJXANXYLLq4<5APZluy4jj5nZK0#z2#pX zk}uc0=FOkdHY|F93(?EPsY~la%-x+|8}!-@ys2x?Je~K)EwFHGk@j#-ad#9AB|584qch+BOM@la`-E*1AIZzfVPWzaoe|iO_aDJQ;;2Rqt5^ZbRTubalrNP8ZYfP_=_c^^9shTBUDh4H>8X^Bb}4 z%7-d1>SGORp^=Bo&Qj?B#nzIexG+n0g&WDN7eDfOzb2f}wp+%)i~1qXkF|oIC#|&QE?wn6 z&j2sNM=Lr(xUhLM-CnnG)&OL8MC&7;vw4ZLSvXh2{^#<~6tmuZad&<_3mnN0^?{>G z_Uft@dJ=M&YVCXZ?ymZL@TmGk;USqv#2>=R7ljievsO?%Il<-0bSH1c^A+T>y=`tt zZsW}57tUPvdFG-Snf!5Cntgu%wK~5)Bk{bl$Iz9JTQT|CnxFh_);-PozRtjyC|#3$ zHV(e9eC#hX&+aw;$H4XD{@7jF*0rabbAQQ2d7@lsoX~=v<>EI{c%U4bi+?2x3wU3J zY*f3lk$8SklzO%(uvFt;nR8}&R&vr>rTQXAPO5bVheuBMti0sU8Oz8D&+A;12+!_D zRqI+#An63WxRLu#j5kp1%JK3U2pLSv=q%`|LwhPc3v_wN?!eb@I49Gr&_Tu zfLopQ^oY+Ndo)OwMA3C9!`662%GUpF~{eAHK{)3zq zeGBJOl#_~NTOfrj$^NtWjm-0$&hu+wPOXgN%D+on@we!!x&6=Yq1nB_ zj_qoFT<53y_O{VyJ9E@sT1L0gpT?2y67BY~H_!HsGfWNnA$-L>vqp~FKz>u}&mD}r z9X|dBK3xX;P`l7s5$*zNz0Kgqh8w$T-|3qje9VE}*vZ@Mac#N7C%u=?*n|x36cX;$ z*L38gd;Xq&9umIC#-G=-ZQvo@m*v58dT_aF_MAEGrEhm$-%pxXJM+rMFQ{T(TI-QM z{vvZ)1fI8(%S_|Uh3M_z8Ms_OL$pv^7rw6n({S2HZ%0lTQ}j8^m}+nGWxRLeNZIt` z*T?38T<$dV*0a@c2Dfau?oU+BRh5;oyo$Py=pfddxW`a+qVlC(I9>`*YENVVBPo-A|LUE}WT>bg3I_jjV-X9BD0hoxK9zK-^5sh3szP29~beLpp2pJ}E| zgq(@n=L9QjZ+m*?rCq?}Lsm5I5@O$1IQvZdYIfrPbPU3m}*bJmETvfj9#ymZlao*QDGx4zlNnQraG%)9$9UY#{-*toP&?4c$%xZ(IBK+Ie& ze7d&5@V|o_)=kJK&rJ)C=lv*TD(A%H1I6S^4|A?Gc;CN~a}mnn$tlQ2&aC0% z{t939B1R0J?7G_K0h908To5V>+*GUFhTY#4o^d|sj5C^7_Iw4}k54|3#~7D>6dyx) zmS3IijB$wgurb9L*E(ZdNMCvQkgm@<-r;ZE^X2+?TCd#0U3Mq?C9ZGJ#|It6`U^Fu zD^!LZjr}Mnl z-L;M!#qLYzw->U`34iCn-&%XW6W%(+U3jBTR6qVR=se0dXxS*~FTS_&olU$H;D5u#4;{GcE7YIVoXftYtmUnvtyl%;@K{I31(bh?6#C5iobIlE z>AjOq{Ym$lqmj9BpAe1)=%M<(Wz?{_d>QTyJ^Mk=0sNtZ*IXCZ!I6I8e}F&s)g*px zL}z&QaS!p;zEttmRrpCw&Xo=^8!Ln>Fv0zh&F-&vD>?3z*$_@Q{Hw zalKjbc?f$EfuBX|x7eT8?T?^48;`P<)x%nGS66yt=qhXo_EzhgAOH4P{Q~0asv6c* z^XM0ufR>xBO*aJA5r0Iezf#?&XgSHHWtkHv0(UYEu1i6K*F5uCYWDNQ=aY^es=m;g z8^J#7echL>&2^#Tz=By-<1(=`4Sbh(v2|oRc&MFKF|PPR-;r0zomHdHCi7ZgrE>;` zZ}0Tu^OvoM2df?!9H_9;mfL=g4W~sPCHPD)W}K{lf>+nizO#V(hCY{LEBsr8$92>Q z6wD|Jw6f>P`@G_U_mHa{IW=$oj@K~j_WO7>d{}7bhmIG)dxid@BtD5OGO`a5L=3m%b~!*k44x=vqFn?Ciy6Xbk?<&0-Mt(wh+(Gsm^elZgnc9p?0u|MX^(?~Wz2cc{ z#_r8sqbcZjWT#ypF~#ivI=4F~q!=N*fH{MsuIfIGUDbUXyNJ8wr&i6Ic%W)t^#S?3 ztaVQ77-+8(=$vhXgKi%@euh`ULHzFp=mThB%Q`qGZcq#ny$ZinwauEBiCy$udT^lo z40g|~4Tw%W6D6LC5SPfeHt==ja@KmU#;$U{yX92)mQWv;25+42z*mw2zS#f9>(Awb z^%h+4h=EHw%LCU3Y773Ai&NVuu}kE3jZJ+NIjyehZ182*d-@QQ0_*bu`2x%-pqxOs zDlHH$6Mp?BU!pZ~@k!33#9Je*6PlwBypv<1lfxKLoZ;c&9Y0s9%}qF^z`NeViENC=2F&1pi6AJ zv;RvpSdXra@>^9yAMBuQKcquVd%pXB(B2*6H;hpkk9$@W%ou&@7=C+ej3q2mWO%5{?M#B_;~wDo z7#X4U zGw^6%fqcK3V_nlKj>VswF>wB-yDqlj{+M=Wfxk`{PoYHoee8bk!QaQ=@8cfuXMO{J zAA>*IB;gO*_JBV#eiHu7*h%>7{?3Cx8%FRq|5W_-2+t?MUudzvF#_*Jkx#3SZ+R(y zz8q^S`I)UPth3hPcTaq{{OGQsFRy+zf9L7~bqC?uHDKBy5DC%oOiUumvimJ zi@O>R^V^NSoM1c8?BV?=U$)&2S$kZ$ zQeMr)OEdM_3&7JfWMawiovT+3d3p7pc(xlyeE;iw!3~av0ylE3-)tN;Z_;nO`Ch;O znfD#Me<3X^IB;6+Cc$XqXvd~6TwUEbtpI!uv)g`)_j7pvLRzojzw`cK-oFiQUgZ5I z-v1Sx4V*TA)A@H4$8m&>(44&ZDFeQA2PPXo&6_d?+GE@J*|BLNx+4Rb%R=Ua?_~Uh z9sT9vrv-azQ5P_QzMq>fmJxBmO_+|daZ_Mkp=Iir*xhCE=D{p-A(HL`*KHt*FntC-6-fMt}g@6&UE=SFPa zx906$Giqclw(`7}?wj`tZ3nzG`ik03b+nbvZPR=`ysY`U@!}rziPs-lfeu(fK2LEC z_qN3>t@q*Q*5LnnZM>Tc_vT~9UK{t}+ikU?>UB z+T(FJb>D^yUv5%-E%^F_FL-?`F|3IPd&exmhj(e>tw%BW z-W20$z9H}##`jJ$wM0HsSLL0r%O9HSbI!Pmd;j6{Wu2s_`9A)CF<-_L@A*^USh+FH z_gjDWd=vTq3h+&AZRlIYnoxy1_D*Lni{hv<&ZFvQkAJH>ei{4iiH(%M@yg&j508l+ zUiq{6J8}GdqPHV|TEp_nUQH@kz(Yi}R8F4uN*5mJA5kq8JgfYb7bc$vrdEDC8+q&I zd1@h&dEjfWC(2uY2Znz*|D_n)mA5}$ZOiySRNffxO#JtjGw%P1yyc&YYj?gc{$I?O z@y;~gAN(Ejwe4S`KHY~tZL(_*i+0o`>hT?~CGypGow2ol%&Sv<9-S)syZn5}=+nIJ z+@AFJM_OZGJg@yQy0pxe?+r;~{);oF?1LGz%C;S0j|}y=pDl$xkI&a%^eJk+y?T66 z(%7H>g!A2#l<$xpDdt@264nKL_*lvb;|p_#l+T<+kv6MxT=__AZUeDz`PH18&DuS= z-+_9r;~iyy`dQo|IEhw|oJ7 zx|K7iuPSA{ax3G=9QyYDK6KXfanq?Iuz&ZN-wiGtJ=^5$S**O8e0|0Ff%fkluTS_c z|NKCN@A8~=RM#FHxhn1#y#&p?`gTv!c{8B}zHRP2=P=JBiX>PaFZu^xpFU?K=TzelbSS;k$wWw*Y?-=F_bHE+V2Dry9( zSVySJNMEj+2%WR9bptQokDN7X-0nWCGm{HHNKTi7Sf{C$WXieLv?bI_?16{2Q_DTO zKXu)+W{(^7`v(q;EXfJ7U(|d*g*>;u&++93bN}Tl2Xc9@_3BZqOOKj0VjSyyfnF27 zaG=+$yZJu1Gnd+nOBwSJ&-c1~V)yrlSob#H14|BfW97`6W!mSE54jbX*IQY83yD7k z+aA_t1Y7QZ|LXzW8&2$|ngig;GW(3{_^s}L9yqYnpA#GkOc}Fg7?`FYqeFqIg|@?h zDRb7He4o)d3K<=SJZK%E8NHG2uieJ`EB)lQTYyt-w7yzMn<(&Q@OwG9(wVrgx5lN7csdvqADpABszJXzc=qySCJX~o#*{;%zM=@rUifPdB5ND{&n--?q_fJ_nE<0 zJ@0p!_jdm~c<Z8%=~_>;%$ z_G&F+0yMjewz|uDB5fzqcH_K>#K39Gck|nBWN6p%g?pc5f1in`jegXA2Ayr<3oiaG z^(*9EP5ym^pLtU6$C`rKQ&NUqXT9MZ)@Ur`FFYFGkT!$cowZn}9>I+xT)YWa|CIt) zKkorQ97uwGi0`l0zIts9<~U}LX@&IvR;m~QVG z=m6eypS2g;w6`NYeQ(b3C8h?Xz?ZXJ^SOlU%><{D z!09A#ItiS1%qv}!<4aqfbE4$&oXni%=Dja%uhvgbX`B7PmONj2=c~xN)`~>q4&q{+ zCy^VXerl|2;I~=7*V+3y)Wu3ha_xO1z_f+^|Lx>vW&y)wV3-UHlY!yTyvb`0QNJ<@ z7z+OUy#w46d}J2#ubR9MrJ3fUvDb59Paf&kg>b8V%t+?BKnNd1@T3nF@be=W7|^k4-~{RJY>AyLdSj zPEAcDa6bVaO)VVoFXnwJT_>5{eC4V7?E;U?y8gl;YYay#?Q&IIBav)lmn0ty| z9F}{kUfhjeu^ZYa>&3Om(Gu)ot3yl4P#C_~UKi2Q$PjROWoQHIdUvwsCK-~Swy>L) znZdiESC=-*0aj4Lu^@V3db0qQw^-TCDfrKTWpVu@ghE z6Q$UKQ+=n>HI=Lj6!2RCb|U}y{Jl--l=V4v=N+j>FZZT9Kd{At%?xUuJj&YY6-8B6oU zPx1b>SE>cs>&mmX$v;$`N;WF8}9M{3`xx^5M zsmB~O`|fdv(W&Jp(&tJa=^4(Cnbvln71)DMqj>KS?TSZPb1V40_!`UX|5S~N@}V8r z{ao;U(8`_T!w-^wwN(A!D>YHSu>g3)vt{HAC42LUH%hIG&04G0suSi)=b{}<8Tkko*Sr|pT zugD2@Jjm;XyjJtdx>4JMR?(}}uy)+9*P9P?+-DUD7d6ODHL@OZa9pdJA->lc(Zh47 z^W?cU`h;(f9OAd(8Jw-ue?rkl^7iawD7wpMT^$1FN5}=836EWjEjY{3F{2oFxXx*! zuQv6?7nq^FQ%E_w_`ZO2!tRY+27tsMEIn3M**p=ZJOWbBLw_ z+q<1}fG-E0rTi_z_diIS=O=zUNZe=fYJP`@RAa7uTL*rncwGDWw8wJ`a2nqV9izNk z2R>yTb)R+cllD7E-;4jd>BTdT!=rju{_&?gaA>~^aZitMh_Ca3Wr__M% zYgi|K^ephE8tb~VYG=cENOe^Xylv*ad>(A2c`sibyUP1iw#n;$GnPl8C%FY`XXQ`ponvk&WOD|>G> zb?;OASktCbbFKHC#LMqtFArLMI@e#qT_?Qe@cJ5U-%szm_xtXpX)C=GJEd01AYBPf1G{axL=>^FZ$E$e;fDKdH$k5&;Hi9 zw=eP+{blyI$Gv`uzvzS6_l)bu`t*msbNL$(d@QYB@LB%e(4Vhg@Iz|)yRZ-9f8BSe z`$wKRZ{mRu*;Dt-etu6sH~7ppy$%RIvrexAgU>A0>v_Rv=IZtQ;4}Z!FZfK!IYB>k zD@PAhvA1Ln^XyFTy|?#?<;$Mw+w{B3XN^9ZbCDHL{G&Ee>_-RkKbv;gsJ*>TEL+AN zaQ4;ohTiO9$8HtjUn+jdq1K&xf)|Yc2hZrtur~PWJ^11fd~z5*P>dESMt78PW@EQr zuz4sYJ52dXN(_^x*ZA(BpOJA$&jU>+j(EoKx_t{LM4pzstt& zmxVv@TLk_J;`oaKO9K9KoBkR6{giz#0o7|69OGAZAbY37-ywX-4rJ<+;_t=N;I9+> zz6Y*_f6?Q8aIV-&G->zJ1HQM&3V7h^ZtkCy>xD$;2PfRReOn6c-nm5 z^M0kL{bQc?b-X{5zLu_D{h364Bpc_|)xUG}wCmqW_ZDz&(GYZRDZ00W_xb2v2l-S^1bV;di9%qwst(9S)+Xr$1~8;-`!G1?ws1Z&DsOw*5>V0ZC=xb3AK4U zRLjSA_m4eMZ$F=Dp1&%^^UbQe3tiYR z8Bp$cP*Tp=)}`^ByJFi6a_(#K{goHK4mqODO67)UFc;O8>JEVo_&;XcnhOJd;!edS z?q|U?-UG{jyRZP`-vi61Jg`uY$lR_B6adRQU@>!Th~ve;!e_x!04zo~#q;*q(J_Ha z{GI~x+Ohjg-ag^GKk=RT&Dei0F|y{(=4X#3jOXU8)Yl&_ zkMrk;o<6(#LvFqOX+7u)oi~rat~C#rzO%sTN8|x}qH8!szWf5tZF6Nvu)N{I0vz78 z*L9v+hlm5C3*T&f?PT~ibGAtZ^-g9@xXjw-!dQGJ7|Uw@(d!inG+dBOSJo@O$9HdW z&Y6pc@BsU)!iQa445-<*D+wP3v3Na1^8Sv-Bz$OHp8MKjLx{n(N2r>-kdIiz;0Axv z&QWIuzxMpGdVhv>t?KJ$kb`K&hup~PLE6{C0~O>2p5(8Re9sg7ttAiMjBdY?=W5b; zj`lNd_J609=Qr}ob90*E#V0oroA9^R%9>N6&*V1l;!piHBijw+Mk@JJp6LSkRCxo% z9$xwI^6NwwFTFVjF9pBu0VZ!eEq+yfKokC*1s)W?zw_6W@%ui-?`@&P`28LaZN#I) zo$COi#A5b1{khSJ32dzPKs=(pFasIjMd0lIzb;`fbd|=2=kARy&HFlc_I3f0= zpDc3@L@s^JeBiDJbY7g=09?c z;n^k!8b2RZXL*?OU@Y>W`JA(y#ho<1-t_uOz<`b zx`WHGU`&6=GYEE8Q1^+JQvmrlQ`@K1X(BfQ$pS*vvj>snN z&X_#*E^FMioS$y;=F-b~oX^?8e(@Zi|IJs^t!u;RrwDo~jP8&PQ6Kr{yns&!a(_(@ z4cnphhY0&7OGDQMO8cAh6k~O*xWOBSY>v97+t5Uvo8alCz@2VPd1K*&JHgrfkc1>%>dHMW}jO(ks%N)H{ zVe7R@)#xC{c}?tLLN!wO`cgt@NCi?8|7}A>sp8k{T zQ)j2>uar4QiO15TJ@?ti)2FvSYiW}Ga&xKD|LN3O%s}SvgpcmDtQV@#znt^Em0G5) zh5h~8u0Ma#S8gwT>YLU04eRg$s-St5bpy3c>751g3B_aZylPa|-66e_Vf41_UI}YD zE*}-b6IJkp-{FM`@Pc%L&SN`F{fq3~2H2n=?au>Xr zaBl?XqZ->5vip3S{tRCzM{0P%xqm9%<^h)uF0FrYX`&C1d>;F3=ILF(lMWRxYrm`y z+=by|>DMSSrgJni^YMkjhh*9K%J60sSu=S`d^Y)J)6uyt1FYDmu}2fq@sU}JmCb9A z-o^iv52v-v8Ky5ili3-h7H&HBx}v|8ur?-~tA0-Mt+|Q6mO68KBZWVs`WA0}k?Nk^ zeV>{~G5*IX+A?}W7|f%22k@IlLYte4%`Xn2N-)6U+)sniH8jhgnRneIza}oYwu(xFqw0T zr1!w3?r*fuoFPZdXLC*wzUX#%_-^Phoq4wQvuRPrTx+Qn5^NQkC$ev7fzOsl`wD0v zeQM_A&d1@aO6KU}J3agUwanjXm*7W%KjpqvKj+fRt*N`%!-vg||D<~LTynu){UV-I zU1d7+oWXibF>%pS{HyWs(ApNx<%D)?msoT2k^8lrry7FZYn!aOPw=W5n6>|5pWRwT z4l_ref9iZzy^}ug^UW>67q8-THN48A*fjC0^qRplG%n$61MyvT5obff)8YlqTlkfo zC_!KO_|CrHQJbJMVV~gj_u!IO7u&Vzbc>5>zEoBbsUwCOy-1D!#xjuYJ!Js{Y zdR5GwgFbBdX1VMi&+P!-Qu1zj=tz8xX%(N* zdRD)Hv2&q9+ZS43>o+rJ=Y8@#`+DZ7xn1JSEm>b5DYMT{7*!}8FreF~4c&_lybpQY zna)|j&>XslC)sqLgrC^u`1Sa$TjyJo$F|_()#2kwzQ0+1vR-Rz($lrr?0oc`{6L+p z8=8v018t)_%ZgN|5S}DmW3QzSW!*T<=fCzRpFde|eiskWzKu3IJ6%4WY@F6$+j!RY zT{$nWyA3sDJfrooh;;b%^8dIy5ni1v-}cMYRif)h$p+!e9s-_G__Cw2tg#*N^s6_X ztS_ToHFLwin>OD!dF*s++_fWUFBo;6eHZg+=ec(7HeJj6_&|1ac8s2vZgcybLI3LeRq2hfv}KJ$^?pV++&SlQ z4l{BhzrC4rrq=V!pv!9BoNNtRmgmbjlFxT58C&C-x!r8@r{rb;V|n{sLc7KM>7I{p zIXJ9>{*0^GRW*n@A3}bVIqPmGXFzZcM1;Fkz7#yh9V6D*5WiJeldlz=!|1yP-03~O znbFyLuQk+aa2N%LRp79SIHCdm*@54#7(wI7uhBUJg6-h{J4p%mp;uh9;;H1_Gn+2tK)R(za1V0{K&5Z=o(9{humX{Ue1 z^Tl5he0Dt0@EM(3lNZ=Q4mm_FCImgLH1OhqN6&orlxO+|Uf>x^d-fb2(0FD1)bY)k@dn8=W=c?I;@5E;$O*w{&q^< z$6H6RebcIujV8U`!8thSUiGKBgd``}Yx}(7tl(d6Ia%*#pLfgck_Ge=wAqaw+z1~l z7uW?MztIA=-> zA-jc|OUQcgc3!%gzJwdT|H;2VS8QXbFizJ!)P|*`Yhe#`MXnR* z%I6!-lCFb4Azg=i=vv+bT~&LdI7l)g8XI2^dwL7)!+h2q+|ug>@SO4Q@aJSBYD~Pq zeNlWiF*mU&tf~4morS78+3ZT}3pOZ> zEz((YQJ!m|oz6HPSs`1B-gf!!7Jj>l-^P*)`6|CL5B(-sHHTsJEtu~{2WdW>i$8FN za6}(A-)00CV9(t7dY_k!xP4Xfy!tXRs`Kn~*c|tFJ#XsR7~hPCu5-s&JXLl?Ya~vN zi#Go&oFfPFapY^e_Cfd4k=uPiaF{q`sC|BzXf?{AQwwveV-A`4$lIY;1!HaJtUCXZ zu4(tupO@y|_j*qI0JQI6yYw-068ytG^U`PG<-5+@^o-djfm~``=`ePCJGy-xyr}d1 z66`;C>Gm^tzw3_Fe#VGo`ZC5f!0qBo`{)OIX~OUM{4SV>V$XfRaHg?0dd60a>z@B4 zI@}8nCHOYL>dyPux2D!x`rY{7@*6$v`-`?79(wVNw z`S9m`vFKvt>qF$M6F3cT+VwZ`Q(lMH{FiZ;12#Fd*rT&MlXUin@QZXd-%kPO;m7C; zpTM=ncc|_&yV{)li7o!9;6I9OTMX}{w8f7l>1;l~K^;VNY{?mI@pIIzsNLDx;%(~J zvBiJj*#uj>AlIB#-3E?Y!BGo1a{UqM&t~*n0s2jA0bYM32OPA5lQwW>Vlf9dT4QKg zZtH&eN6`gVOukVCGAP;aOFynJ^!%5JE#%J=(+ICxpJ`c+96J4)y2%Cp*z^mzV`LhB z7Wszi8P<^k=^R7HjNtUkb^nL_cWUQ=CCan+FosK)zp$S+C0!URC0!Ul!ItuQ_F2+p z>L;YjEgrf&+yh;POqR{a2>P*cXSekAZ%K`bU*UI;D~i|M`c@FvFOeJl9h z4((cq#p;N~UMBuF=R7jD==@XS_ypb434M7kLfc<%g-{t z@t2)`+Ipiu`}tyRy-Q*f&)_e2^eZuOh3hj5_eQ22n#)gX!RKkk|G5VGr_w>ny@Vfk z{6^+!{Kjf(nZaY2&nf-J>LkB$ti5mUw0`5`=n1di=;*+y$YUvg?Ke?x{uKL`p4J~V z{!ft$x=FSpGbsPW2W>k6VtPwsRT# zSAe~V&(uP6rt`U$y~T=2$MY)xR%`m?toCLcuUl4OWh@UpZ^b@!j@m`A$4=HSGsXbmQ}Q z-mIM8++2YFGs=$+3WQ(u$0qB%UG#$wJrJH_);2pE=Tp1W$6DU@Gkm1}nagEEMEC7! z*1$H}gtptcF@2}{8?}>fnMr=Lb-NXNDua8_%6&zfE`uIXE7o`g^mq`QbaJlEhyGY6 zIwWN72vMyqcbL&n|8(pWv`OdL!c6PhV+(AZ5_*>T;=e@jZ@$0dSbZ5jh&hva06czy zFV>*@i(9S^G_$53;Th%O)Mw-^^cejqE*_7++U?t-|K8vnXpbG<=dR7OR(VaTnD{r; zM7Z)T9BIC;KkVj9TpFk*O6v_KwZFodXBa=+~+HN-Yk98+uDjR z-ko>eZVj3vA9Vx!kT;mTbEc`GQ=CH#Z}J~^u_sx+Xba=DGF}^FD<9j9NBX`bgFO@Q zv}}CM6zc`){C4nr8~oz-9pX7Rp2jDku9P!@=~FxvreEWm@j3EOC+pp3y2s#Imk&y? zBL%=0hVBvQUZZ;An=cGh_Oj`&9Gh@H1G)>2jnKUv*t&r2F6uD5`-DC>^+5kN+8?C7 z%Lm!O=*^AX3Lofq@q+9qac%Ho+T={5CZYE80iO@P$i&v>!r#E)#hvu)e%5C?7$fgi z?7rW{SB^QiSM9^X12~B?@9#lJS6?(0yKOUqmE0K>9&?JnuupkZ`3vDPc;O)W_+9u7 zpW{!%Pu8ykzEpn0_eY@5$5>;-2kB2f%DcAzA-|*&pUo?KKWVmWL+v{4^8@5@i>k== zOh6ttuvW2~n(E!;dUlb|naEySt);&b&-H9>cXBMxX~f$ob@+>tA^(IiDQggDa^^nKRk9v^(b`yCodkI!QGE+)2Q^T9}h$<0bNN zqMLkP;hG#9IjbuJU*_JZAnl@UW1(&(V+EP3BxI($d`~UjM^lLSJy86|H)vI4Sfa8}< zHvi!}ZT99GZJkl{H}hWwV~hXXe!BVZkIe0_=;uHB{~`SM=^ps+ImY(#)h6f`S`S~9 z#rbN`@8W!QKJB$O=knEY;<;|VBDSc8Z)b5YYXVBOdEEreGR_f^*o2K*N&g+)w%K& zWt*SG@1f@6NHaMG*GIn)-C_I){Z9PIn#R`ov4`8zWMo9U?y~szH{;a1pSqx(`y*F9C`8ouxr{#ewQ37t~EJHH@`B| z`1%3)y?Nvp@7~lkEi{w9@sHbohF{b_YkAvtEA~5TnkJ|FV|&O$Hxn=HV2miXLTCGH zy-4@{={$;>6WP~};T~o07-#dI+#BnRV*(}0>yUf<)Xd}cnbO6J;U(RrU|kz%+;gnH zAl+V9YL;C%>a%lM&_FqpFnAALj{UH%52W$D_u17vTjG88x6YbWif8|L*YWy9crFTj zz<1%RwDxpOpp@5A>+-;cUmQzncVVD~c6L6h7xtt#{(s-#?eJC0eg4?P#7->_g0CpJ zBUWhLZu{Ep__G~+r@MJsWMID~Yo3}5u*n~fdC-NovY0&!vYEBMP6Yv4H^>u0j&SBq)*3s|bexrk|qpzd3 zsqdx!iNsyLsxJ|hxO6OKnZ8WDRy#w=*QoT`_OkK#7@-d{rQvW-zC(b zNH@t}_R`BsU-@ml`BN;V{mh-jNQa4!S`;4 zdZXcLyDm7=4i7QzEXLRO$zvPe+{<6IIgHNgL}zKN%li6bm!GS9K&`+S{Q1rJX&b=Z zcHcRjPrw(4c3QF42d&sg2dx;gfKN7ty@~zc={|<1Tey$&k=@7ZTX(AN)cC}kU7vU+ z`l$hV)LP{ee*7!o{5)`qkA)Y(rWn)kJ#caNR?vm*ql4Oa>|@_d+w}(@4-{@<=%%Ty1O(_V>@tb?(dCZ z{yr<_KKuT1a6zB)-A5Hzf%l!~KhX31*3UfOm%h#ks;%m_bPiM$`EEtVijH?(@Jrgb zctVHmlMV~tsk=QggYWX2UiYVH^INrHAB>|{R!FZr_TQd;YQ3$Px1KAMcj~%BG#1~Z z=+@WGHuaB*`|s1O(xS3ns@fmZe0b4_F z_T|ui1hQRd=fUvP$+6@G#>1yt`!CVjg6pTlW3He6^#k^vt4i!uxKR0*yv`xi%ClC# z*_)TBaMsD~I#bcj3O+aTM7`SEYj>H!T~|YM^uh+7zZ3o*{kI7H>EcQJZ0lUzm!1`DW^F7ovxH|#Og_u#(JJEjW61jb zR_s_|FFVg&Wxu*})OyDU%#+*{_aSm0)g;E8%HRFU$CGN)QZZSEG z6|%))?$3(Qca$?tl*71cKl-=a&S7LF>EHZ6p?~?!Swk{B;?h~UE9n&FEJV{$(AK4; zq2bP6X3eO5XYZnxLh{4t*w#E>j9Ry%F6wp7dJeoHTu2`OjIQ^;OYY>;_;=tTgLbNQ zwTO$uJEs;k6OSr~ga5X59eAZyVzX*s!i6PfZ$^k$lXt;SyBpkw|B5_epOf(z0pIFB z4DSCk6&~>o{I2a1{{DJ;{6+WmjK6(Cz#1G<)vK(vGf=u)>JXf)Yye2qn0%uy=Pv$w{%j6Wn-D|8@gg=Dm=A54A zx_+KQcIPDV9Jcv%GCL8T^U7Gu0$ZOZ)K#RHce+mlle7y>yr(I=lgVQ{i`bNBcXX9=?5$Ix^2%@4f=7SHK6as`gQFOR}FAeItoS z`TW7~)I9p+)>C=(jX#`T2mD87T!;Raepm5%{WSZ0iW&HUbPv`+MPG9Kv2wriCS=DZj2%?|iRx#kwy82jnrne;ycNo$+I$t zFmu>2jdccp@4!aKhb||M#x9z=0+T0YZmOZwzOApVKUR-yj}1A`sz3P|y`>MMoFBsX z5&Hb!{m1KnKfqd*&KkDc*3=!)o_xeuV|Rc<`uhNFH6Q6u1D6Byt<*7G!u*a!?R9I{ z21)09{4++)3_NroBQ6sI==Tjid*|~RYJ$-RThB%x z%+%cXGWSWT=YD@rbDz}1-1jEUozI7r98dcQ7BFkodWFx-uZel~~T~~N&VK*n$!me=FN93pPpsl+;@>9lB?#k__ zZ4A7474~9G$tSOcm2EU~;Hia$M~lC3vi^3_6Z=~82=Fw(X zTbAs*bY0*0mL&W78{58;lOUIMs!x2+>xnX!x6L=Vne(%ZPmsf&415LUzVSt;VMDjQ z`^=+XS@Xy<-|S+oQ+CSr{gKBN@==9nukXKuxu}nBpTCoN&Fo=bvcJgik(Z2)NSxQq zqS%9?Nd*!)%ttw#0t z7ZraW-{vf6^iRO4vASv04vnf#N2BcEl2kORN}^Hw>1p)FYjGM4|7IeMe*RH{?l^@; z3q3U2HS|P%EuS?9;n3X^Bs#qc%{XWGNDXK3Y0pv+B5O(z+{|6!Abe)aZ;8F zC*?^viJl%O%RD$)G&>O|_n!eLeh*G+z{w4K-i^)l?4>Y#DnHUIqwip^%|4}riFPA& zrRq}i0*7`gFY!H7%UPg&3$d5+BX94v8!Nmqk=BP3VjVu;0X(Vf#*FF4Zs427_f~xF z4D-zL%yT0Brtvvi>?`ulsbbQ}`UdI~+KNkxMsRn0J9o!N`(!N_Pi$n}emAycH@0MA z_r8iTfv5Q1V@p-%X+?pF0Xu)02H| zid_@vx#z>v%koO*<>pr2q~Aw1Pmdnm!`xX1ADH(7ITH39M%hDFGg7(1bbs;f8 z8~*dIKAC&7@^`J?POZakY8-YA-L-mysddQg3}G|GKQ&1XGeM0>2<+-o-WW3j!C-S>6kf(xhxvGXNHH>9eOxD8sjjG>Oq znF-udj}{e9Z^gm=yu>6Z65J~+Lc|Az|?8=Usk@(IhW+r zqHCzByPCQ_&H#`d$jPr5d?&t=&(FQ&(A4Lz82sQU>!Sx*qn@7bKjF`>9K4YD+>vePf#FNj`Rk^0AU5v$x8j z=TB}TC(E<0uPpkBmgG7%dvhJtPOd|HR!k0qxWUbJT(TB_Mf7+2Q6HkO+E(?k^PLv8 zux@_Xja`&iP=3jczaIyd@J{Gg+=HE{0=AhYv0X2wuoJ~ec4Fu0?L?owiFU$;&B=8b z{_?{1b-}hB*sf2_Tl1(Z^yL0l6p$Y`KHK#@*!b;9HlEKP7NoZEFAt3Kh>P3Vr*=RU!_X|+8`xQN7hN-ehKSepR#iamn%t>@HM z=8_x6DpXHp1fBo)xAxvMdnS{RSl{>a&*ziR%-*y1+G{=Qxv%GWmhj~F3v>Eea?(#@+zK8ub^sCKYeR+ik1~YQxBA@4h!7cPV&%mH6 z5p-&-p%3qJ_2H}0hs`xHr}!!oC()l%DYv$FDd(iiD?J4D?j6d(^ zHBz>5uZ$XM9lt<7n+|@?BKHg2C^7S+#su$>ZyEo<{Sn5d->=s1rY_2f;V9$Ky5&>9 z#=ys^m6Sc-=l&@@U(M;ir`mH;ZBWbkGyBQS`vP1i%Y+%k1gMdzVYiIuU= z5C7=NLu-8SXZfVH<~A=Uwgq{v96Isf7o;-#W|5v!{liiG$nb#KCPR4$jT-UsnRZl+MAp#<5O&h{0=OZF;dYOnw6VLSsM2 z8GC#_`wTuT^#1O5lS{N_(vvkO&Bee39aa8rvrf%^v;UmEPPJL< zbc3@_KV+TUc#Tb*ALy;WC^#pim!Pw#zLCaTr1A3Iz#5-Z9sWV#pbz~_c<+P86rWK^ zJHgb=OVU27o8N=nUD8*M|I^9uSw|likk_LepS6ll^W^oY&lAAG_#Vy_cKmjt?O*Oh zzugn8D8n}vg{Fl6su76Yl)x4==M757(U|}A24e=lRr?{;2A^FA_M_Y8Wwqh?nX0)Y zof|w;t&lj+q-X-Y>Pys>R&F%3kthQX-1_Rx+Sg@W0^ovd%{*{H*NOuv0T^PC^HSW7|D6fjf#m7X~@ndbe{<;TWblzlkeLb`O@S85?WO68+dIsM0uK`#3;6LvAH*?-( z3u`YN(E8&O-I;&rcJjLNTib}enFGEwP}|MqRT3940B`FeMj{0Ky0{kqD*@&juXqIk zANR+*GVx`u@TJSfmopxh4~z4v9A0l=T4Tesi+F=>@S=uUtV|aGT?kW_q*`>?4_REvKF6RUv7%EVma%u>`LEm z)x}`p1y zrhZN>aU+ahd-5~z;q<`sWp~KN(Ok6_!Ux?mYvS;3)xe0u(I>xUy!y}`ccZVhZeR=%C+07@=`QAppjQ4lt z1FDVIPU99n>Qg#|J}+P_?bv(0@Yb?vQ}X!9&QMbD^hA7c@mT{}?w$X*yniJesbQl;X} zXKH^QeovowmM90cz|;!SZ?ow`c9qUfY^LsFobfL`(D-r;`QRP@4H`f1m(0-km$P>x zze;6Z-k@mP%wd5&hYn!f%Um_aF5V%(T?D;A^Vu)jbzrQVq(}{O)4b@zeMaqK+|xX_ z&k&p>pUDa3>W0kCkL9?O}{H}uooPpGLy0sM@YODA+ zXY=hwuiUxrQ1jhAte`28zntB;VlC^?dwOVV z3pM&%sLe0hT2C#0(Qq5>jU519M4+b!6&4ncKdy5o-}U@i=AP}BE8)AVGo)-}bj(jrVax^K*Le8oL~z47FUhq}o&z_s&vTRC zh58!zOaB+m#TKAnBTtp1{+{krFR&M$+(CTsL+p!eL?3O(7O7NS0qC?J`snApT-DBc z8r%`RNDi#DtjFCo5`XTq<<%~ofhW0bzeBJNbYA}-ht|lRF>3;S$X=2>(fq%~T-)(i zTA`D|O=q!R8ag>F8F5xMa|Qp6%mA0vUtUTNuys-CLatv-V^ROM46}dl`*&E7ax{u=qTKo3E0A&6;_=JK`@#m=k!L-gY|P)3Y#g^KiTsl-+;a&s z=Q8Bh<@hG90M@Q9i|%~giI!@wJ}#YKyrK`D7GXWahh`&dwgcBv{y8gQ=Q#9{c57T~ z#+(DT-8$@?o!{Lx(Yp;SocrstV3F;25o{jwz()8LpA4Uy%6M5bormUXfG)mmA_m)Q z->42*6d4f*9@5dZUitj{!4Gt;uxRsCY#Y_GJ_%h=x$DV&wq1}sV9V3w56}<6yS|@V z708&aT|Dy@`24e+LwB{6zjG!3s^zu;e4GidmaLa=>y^dWrQld8@y(^1In#nY_~S1^ zUi>szQFp?^m)UFG*J4cwH-YEc{}X-}!Jj+OmGxZnr}2l-rkXZYw5g#@56^}s1n*Vb zRoLM5PTQMlE4-Y^ob;@F&PaR#&v3v0^x)RyU7RO)Ai3lYbb(rQj3fDer-4Dipy+fK zx<(Scvcj=6xp`x=;IJ#)OufdlcpDL7OK4$R>KYGk`}GxGw!W8mxm1`kw& zMCXgv@ZZ3CRP#^Hz)sGhzq=H9eG~6BxaZi6t}OL~gL_X9-&GB}yv`5Icg6WrU)y{a zf5fN6_dWc-X71T--{$)eo;X=_cVcH=4!pfQ2fki}j^*_aVryZ4fHUs7Ak>ug@{=aT zZ~W=#@OpBnY+ADUifi-t9c}Xx)g^OjL!T~v=qw=b`&8Fl_3A{Urtc*S!e!(;erK5e z|I_LJjU4^&-(mX;$(iRJ$E5v*welC@e_?+wHWhn{_eqxLIrEgv)1IHPp`kT+H74>F#A_dX%2|^gHeYntq{)GqmtXmrpZqSaE$gn2eV$DEJStZX{WfU! zK({m_j~b9iszn#Yj>P^;RI=Y*8L}$M@I@>oUZ`5IhQEm~3l0;YrAqSu`4b%(`uq~&P^6Ran^(39_fmQq^@V%x zv}+8%c2ru|F!Gcd!##HfD}I!No^>9=UU0{I9zvCLJ#Z!l4h8X-Uj3y*YtSLKw4BcV zzI8l!$@z8i_dwev;GyuR1lX2ys-uPYdr?YnX4 zK(U~+;fsy9PJuWSDv`li-Z^-rAZt;TnPzpRRVay_s7 z!w5b|FTKgf{jlD{zJU84oJvy~*)MReE6jUoSA`xxKi@R(r7oWH`&RSbQ&QK4E*sBa zoah3>zL%JZCg#PwpR~HmPBddBKBFE!&As;(M=@lqmsunCqG-uUgVH{>pzi~P51%H-Odr$he{7lu>x%1p{#%NomJcTU2q(04j z!6D(u1r_Yq;>XMdQ}JLgjJutj|DO>1RgXOIfoJuSnctBO0IrCi5wE2Fx}BW=eDKYE z?%%SXd#7U9=idE7`nlCSSLJ=*G$&Ul$NTnro?FRtrRnE(mEKe`?E7BjIpKE(Z9^k_ zCuP#KY=4)(ZZhvQl@JJWFd*L%)dqZ(|vNyDU3!mGf^KvAMrNiky@_e-wnuRT3$I8#+ti&>E z%$1Y>+hBdn$n_5PPEs_1tP@Pz&rmGyxbWY8h0JEn*x%Y^(f+TxX8oebK=~j)w~*XS zwY4UN2l)-0UtMYy8k|D5r*a>Wcjw4AnGbzPmW_iZv`^{R9vJuQjw3ENsC_+TAirP9 zwPcjmT)NRx=C;V08-5&MjBoZV>Tf#pP|lP)*HX@6&Yq(WUwHN$BlK(R7Ulx%?k{J& z4af{~Mz%IHUg>5*XjuG9-v!fojLXmjV}{4vdo=UcZwtX&^+$VC+d=g19iKb42Y`Ps z?b~T@aM*#jqra?{{<7*(?L8TN#$4adwU-VhrwTo|@=Xu@+46Jfc{OHFT)L`gQ1o{Y z8bRJ)I3BtJPZl9(RiEoT<|CM#$M~uO+=C9y9w%e&ISAb(gB3deL-IdGhdT~Whrgbf z$uqokxZ5-S=kVux?S)taaoUVI%Gd*+(HMP3H`m#Q?OM}@s)`V?S#fyAdT30!l#S>F z9r$xK_U}*rU`-S8CZ*QUdad)P5cAC$7!jV0(pLKGYuej|mP!m?uME!vryIa&mI_9gGIO*n1=mBc`Wp}=zq4Pb+Z=tODuGM_8k=*&d zM{L@V`L+);U+kWY`EvcgvgT{%%2b+NTWJWviU~_57@nLijM|ZW?#M}=Kz3<`$K9Y?17W2MP=KI{X zv7*ej?)@NjM>Fui!MO`3WZt*uHz8x(ZXeC$7<>CLZG)L}H216=_qsF3yUnTPQO2ig zdHm=n@O5}j_Wkd3-^+Vq4Yphz_?U;D8-f*+JhIB-&y`oJ(Am85bUL~%{;Aca;*sEl(U@0MBKQacb5WwU-r#w;CS9nUE#p7Mt^O&~Y|P$B~^Q{i5y++1n?F-zH8h ziX4z$>y_=qbe^NV$2@pq4|tvD#OJT~BSVoTe*6VX@pt$+AF^6L5PT$lV)2v7f=y-E z@YUoQN=MZGW}V@?$A_bFUwAIKCpqfgn~&}3uhaf&FtLQ#B<<1rr9bfQOSz769bJID z;u-mse@cv|`EGO{f9DJQo}qJP;n!Is;MeuJ@T=LzFWU#4-v5tY!P?g{A8<_gB|lJ% zxkWWcXDq^nSIh01fwCoqFS2)rvw^-29%kD>Gr&(TUMj9xHjr$&GUxm(wXt#7XK=U| z8)!W?(6WFvU%2?@S=c(@sNm${qV(6r=o}^%5;#gG8C<-4cw9ViYz|y(c5spBvT^aI z8i($kHYVOpxX4-tU0keWPsYJT6K@4Ry101hNVo`o?qlpZuJI$6o&UoUti}@<-vWe2;qH-^(8lRJ;E0 z!}G_Bz)6?S**G~q`~tin2#y8--*GA9lR#&HR&G5QiM((D09lQv+3$OcZ z8rRIdFS)n|KK<)4nY`|6TxavT-PBCX#x;1|X7Re%mJD9EITx>MKUMyO1>ps}SG;E= zUU%ULc$#bfYZZHlUjK=FB-)P=efM;Muh951a3hWlsQr1#t*X4xOP@quNj8}nGU#5m zT@SIMS0TH*oR~N-ZqER>)jmdBwPP=}A`Sr5pHKe5lIceOeXJ_EMt;iF{VV60eaoM4 zKf-hEJfnWxaUAc;&6>m8+{y97)9|lz=rhLuj?I-FKOx<$XOC5(F=#zB=U!xWm*dCo za{SmApleKGF1o)B+x!CB%b(me$@Z^uZT#3>jvt$APz zZ(*M+zjGnFqhb<&`Uhfl_5e%PM{A=P3ayuPJ+0Bp(5`gZ)EYsft{hRDiGnH5hXhmS znWt0qZo|{X({sU7kDqjP%1?@Z>&j#oPs9Iscs%{l2y4;d@KfV|H2YIS{iiwM@A&t1 zrdK^aaludieVz5?TvwR&pq;%Qwtv6N@$b{#`1iXU|Gu7=@1pCB(XGeE!>q>*hgpwD zfaq1}6zQTu~=4RJo$RMNc>P0^?2oXbHKZGq_j6Z&73z z^~fp~KtpBSbtf)n&!ijQG_f+~oN4o1b6&W?XiXb(Or+d+K%3Y!<~60Jky z@-1mELE}yF0@_Rv?(w|g1=4WBjbQg$1}8% zt&a=|Nv97@3(p2$Wv2$Ph4B;OKRh$M40>ykt&Cj&otfIB#!i91=V1@)_dMCm3v4?j znRMm!r%XJ6W0UN1<#fZtDV@;VyW!HbP4XS$LH2>i8e^RI-Nm)ZH^CNBTz3oC?zkef zlMmSCeTm1iWVE{{#eA}P-{*K|P8mHF+joam(f5q)FS_ywU{t_*;FrmWtJ;A-`I%tF z494L4ZuIH3Pp&1__k)Q!>=R^CjByL@J=#mU1Uf?=?7#=Fx?l2BZ^U1y8qJbJUitiR z5FLg2Xs@A%J*HmdLLcj(y3MjN?!s4CST#Oedge?Dn7{u=zS zlJBzLm8;wVeyUH!O;zL9m0UME1NSyp+BS{+HMR03p;tB$7a}?4CvK#A+Nt57)%<{b z-K*G(AZKbG=YZJqpYf#Rzwp|*Hn`0`L`Nm}Xlrnp->Q&>lU!V`N&ACx&9{X!l8tT0 z_(fj}8T*BdU2*Yt9)P_!7h?PdM!-~iEgFLzH$TqAEIiBk@F(-kSEw6r%Vov^T;#_U zToiwGJAJp%w{o9cxO|0v<-am~M6w%sFZ`68|2cgsPrZp}^z0qPun>!8;sqDOJ6PwP zWhP!QVB!Tkh!@nj;7cz(Jl?uLM9mc^rjk0r#8lGPYx5m{yaShigAU|}GCo#d`3Y!h zrE?Cv>yv6{eXK)s!_mo{yMtdU&f008>X9ct;MsAT#CKGqxX#$~=+NtY;oCN5(&k;4 z3_~ZLy~_KFa?prlw|_DReMn!JL%hHT6HiR}Hs#B&A}+;`zF7+|ZGxAU!8751I~xu) z-pAh7y#XuGN*vGrDC?5i&u+HQwHJ?car8Oj6yZq~ZSY>Tt)?I4-L=q93;i?@=XN4% z+4fsvvUyKikF`Snt6c4Lo@(~HvafSJw;ft`$Iw9EddG9*@+gmWkawEjer3;d8M#6l zYsOfRBk3_WnlV=}7CpZc*?JNGZFpY!PcyLbqSopTd*ay>7_!f2S zC)xTv>?uaz#p?5FXkYQrdmNwUGsJZy!8yfs=w3IloC_@W;B!}8#~vrH<3i|s5Af;3 zPf5&_iR;+2+}iJBEz0p}$}g`r(o2XF?o``;+V;`5k9w0{9{=-`RYQ%KWM|(pCI3$+ ze;+<&`+sb`U;NeBWzN3DXU@<3-Ia}>_*s^0bmKgb1KF~%^&bvT^WXQtJ2nw{G#Pp1 z(EPew@JD~jWxv+sSzF5U7S9jiPdBxnv0udtB4&T#gm50?j!tEa=p8>TZ{`|;f;lL7faH&=(KttI=4^@FEvHu^@~3NLyn#na5a%b1^E{&$}L7viRbmtOe4 zc>V`#*iRkN=l+Ee=D#Cr{%*YI9CYjKc+dEC=o>c@Tks8dG5oma1}o7IZtg`#h+M{f zbc0@ex_;=UVWMKPi4B6bd#RP*$JrPC)ZJH3*6+Y?*_3hgiN)k`7EUT`9jGBz;Z$l_ zF5>KpGdY_89Df5n;4kRCZz8WI(&x4G*N^P(L(lI;798QLuJ{V|Q+1BQWPY>beWfQC zbY4qNr^!PAXX421o*RNZ!#+H^SwH&fKn-VXAphP#X8r|v_U6UBTQc{uVB#z970iDS zT$N6$7=dFY`)M1&rj?#oU&5a9j9?-{pAUY@_AQwE)3|?vegAvh@1yN+Ipgn-3+;G6 zwKsbwj6wU+lJ(vA{q;_FtQu$bxSI1rFa0~~Wa?|Zfld!CyW@kNHkW?!Z2TOJkKN2W z1#|be4%VRGr7`S}?f`K-z|xLS)R_g7I_E>blKn`FOqlrK{kk+Vtmf%CKAG1tIjb~`*~KWkj+ zFCN?vk2%vHd}+m-1@M^kI3M85*L~;>dZ*r}_x@)toQD>Bp-EHQ0sI;$_f_njW!HH4 zUO}4Yrg#9fs+2HSax&Jld zQ2Zfy0Asv??_Qqj`t2lFuJp{&jrZ8!JkHd6ST$egPZwsK9}uG!cbuBsNor{)-?sN? z?_{m|p|7MPQwESJs?{i&qI;4l-=}_1(vc}iN2V-iEjg!daDX)|G5V+%Fqj=j5Hm`xK8YI+kuw3%`uOYZ}NoZ-58K;boCq z;bqi>ZX(t?wk{Bk$Tvzn#bW$ZP4Z*GH|ol)$1i2x-sfav_V8>k&vx*v`<(iy!k;`{ zbK*DEu1+Q=Zb~L6Z9=bE-4gsnxTg_(Y4(icPOj-M-pXe@5RS7Z(t+cwi*%3yz7M<$ zp9S~pq3iw7dJH~N3;Y@5l6V90E$HyZ9;yu{qFl?y9Xw6CKl|6D#2H_1>k@JLGG|-Tm*zVYf4qG6`x?fvPh8-{=lceKmrO26sz#pP@gi%X_q@!Q zc_#jfW$c0gFjuV44Dl5BK!iU2@yrj_u;(~W-@kAMIs?Bew^4CKWmECP@UDlZ1zP)% zBio^q0#9v^hoO(9J-1NzqwK&oXrz$-b#8-n=tqcox=8Yo`RJUNjf#Qd9b5Gd_|j7L z!(CciDBl2m)j@yt(3oQ5mer914LnrSK>e-Z`L&`o`n#X+@{KBH<7eZr7t!}nIHw3M zqEo?e?uLWdCr7ciM{i=@_#jRX$G;0aXcNB=yrNyt8a^KcXX!uIkQcVFeH1UK^O7R` z9zy?)(q3}&SoJS_VvWVmV|=dxw;Rx1YZUMQu4INa&pOa}Zv@v`80VzFn;O zgoDW?Pm70(mm>3pt7Ys-`-zWOsdxqa32|_&ikun2zl8b8_aMC^hAgU93XG4WY%HICSy0x4<>%F9z7B|FV%TPZB`<(j{l1p>si4>*!$Z??mvQW23cxNID_0R z{NnLEaKJvJpZ$zc_92J>bGl6UHxs~V(3Y9(ZG4^pS1U9ghwxGp3FgX zw*#E&E?7Lji8-3{VQHUC9=WLs94Li;qczQZTt(hatO0)D*uxvQGZqI9 zA?c0y!LBB*MY>HsbdwL==q#j%!1X)i2cv)E2V+cmiX8zi@`J7C_dMyPmwhJ{>>3I<m(gQZFo`f0w_mE5Cd26R8J^JjMu<0YGPV`lzhfK>TE4&N&W^{>wZJ$Ypn9I9fXDyEM2NUm< z`@(JhqXxIVpIq`zxfLe)C}G#^u*{zepH(KGH4Pu56CrQ>i-XXv9cSfNoTc*}8*X>y zZ0e{2yJCD--M~xwPnp`oA4JnDmk=|D40io|d7reOmmClAdyp7QJyR+@oM%e7x0>^U zBCK_Z(ZK@YcH(QGt6inRG7~H9waJ>Ka{(vmT=F#-U5o3f;HrVi4%=5_5sPlQ@qf-e z@7g5u(s-0>zt4@2+iP-MhWb~v*76PZoNguB9G&ZSbS~|8O6Sr&`27-O;FLB;=W26w zF67ye*rYaet`1@aTsvNEq;t9Pb#83ZjH9sQ;UmlN-?cx zVS46a@>{Q^{YA9Di1ruJe$KZRKe)*%YMoPLh3C9qb>Hmw@7h`LKi_`2e=hutJ)8;P z*8qEc1B}zxK|Qe=#))khXCFnr(mrI;+q=LSevj6`tL8!{{PtQ!a?JwXo3tkFSDsy+ zsZT_#p7BfjI=|2fpGQY-P>eBi#NTJjcAi(i8n5~m&zEoHkM29*U+zB1Q@o>0utlB; z2TF9-G4lFtVsOCIUEbQ=hG)au4W0(!x$y9>5`Q!Uzk5sQQ{g=L_Y6n3QEs^SyJ;&u zhU=w@RayW)WNb0UCfoDL-OL-lyYVG^{#v&ySvT9Zux&-Hr%(2!;Z|t2- zWjZe{FVo)H2(CT?Zrmq%=dpL7y^-vlw}cC$w0D|_t)GE?JEFY!%%{(o>f>fqeoxwajk{W{SscFe8} z`v-fZ_Z#5tt>7=RzwZX#cOz#jB9qDg4)^4`Y^rv*nqr1VQv)~W#@Q~IBopLvESE?W3 z=#;xMbV~X+IwdeMIwkxhL#Kq#*gB=zTV;(i_EypH>=>vC;DDn)n|sqPO2^xsL(EZ1 zr{sNSa_!w)J(X*tQwqN&i)iy5atc%aXT~m_(&bA(W9(-`$PLvOKlR=AEm!`9!W zT9ERqt(1-j{4;bsuK$g=6ffM+@#rfvcca5O-`Ve+?|f=|W{!q*<&bB+9|hOk_1t7? zC8YDiVvFEK7eik)@F-|Z`ced$)3*m6j}Kh26)vsUj}N_c3vyQZU}n$T;p>v!GhDt7 zymfsOzFQ;HX={8u#diGy`NEBUM!Sn=eX!;|vpc!MM;~(!ve-@t( zVWX$|EVgYN)kTRQGi1Mf7F$5H)`WlHQpPFW+if2Q2KudoIb7uG3Oj7u;&8Ncst1<2 zXa~bS1>fhg?6H)+;lbB?I8P`t+29Ghp^Op(d>-DE8p5 z*!QJHq6_(kdU&pv_KqLb=5ajt7Ih{h|Kt3ob2yWYM^o9KIY4(SEfOU`jCcxXoWk3hQaU;85mM=B!7j7a?> zj%;_<<8b^b-#4;s_j&l!hn45oqeFY;l4Q&?*4X9wX!zp=oaf~5N8pkl{yZ=={1N~4 zX!+v{#L}4Y=HQQ88F!=r*)ZO&SL*Ud6aQ@Z_fUO9aVWmzaddZk#-1UI&`0{>=>Gk| z3id%#@@S5UC(fKt2maiY9tAIzA0-v5;`rN4JQVbxJwfe@e-%GkVENK>8>!cY4X7BI zu{`ock8{4R`GRlWP#cUe%miYcZ$q2ewt~o;DdCYcc0UHcd#Emf&MCq zk!fXImBh%zpJ{tQ&j*~j+5Mbh`WZ(*8P6XmK$JK&J>0p&mvgO)aQWkviQa0cSrea#pWg9@wxf3y<68&;*T`i00T+JHoaLJ|zD=%6Xrny@ z1FxFlZ4trl)g-oGtI~AOx(=)@M&!a z*R&H)r+ppO2-8?hyd-eh2Hq{ySn#RTSm(}@pRx^oMmUV$?WG;s3(N6tZ+@Eg<$I8S zuHLKmMO&x=&iksE8~!#^Lqob?J-T3!xry$onVazcUd7KKOXP31*T9~iJKhH1whW)P z#@#l_+W#!^0vfYw4GplajfHlufZ(YZ*=F<^(M}_6dEXMQzo~s&xAqX%Tcx|Hy?lsO zF7nfqiF>D`;{{ zxc^NvUVQe>{jFxaPELcK%O3BKpBw#n&l_gE_+2-v2AL1Lvb5y5@FeVU!B{+8xL)Gm z`lrEdmp@3pJa^*Ic#ZfDUxjjzqR_eY$twJvCG)Ve(D@WY-m{~MkVPAZH5cuh)>4o0 ztN88rPPgr!tEkJ^$NfF<=k3&H>gW6Nf3#K?Hcbc@U3<;B&k>8%!~eD1o742M@GS0a z1V5?A5>{gQHc126bk17nEuyJ}nh_A+Z%c5TaRiH+@0y-NCd zL1UzCkou3?Y3r?Vsk!c@4syNIb{lO)V|uQNaX!g)92%<^|MaYh3*TP&_k+Mte6)&q zWMtvaJYcm2E zC_GAWezH*-*^4=uXP?E7veF8e+RhEscJ5`o9nN?Uon_+(V_jY9)Z%=XdvR)4Q)BVo zy4!;H?O+|;I-JX(Q^A2a#3fD6I@D^-;A=heb%d@J-xsHGQwkdpVa>nyt z&Ui#y7tybmSGs#h)1h@g|L%VHRK6d}|NF!)9pc~k@+7O#=_YYspMT@NOZU<7@NwiP ze%uQ2fZ`9bD` z@F=-TtFZ57_j-9k8MyVKc>=Z~agBy2$lp>(J$1zwQU9OR9v}63^LL&^z217o--|xr zJ!cEvd>4QC3pmQShvyHp6Mu-)&hQ642i@)AdPM#}yC^=R|3f>&A9U^E4_64^_)_=X#~3y%RfFK@(J#|yPt7K#V;B6hV+OPYys)RjI9Nn77wBR*v^^owR#7hs)_$?XKdml^LdBiBh8LZ>F|ak zc*4GM;vt(y-p}GC=-@rh@N=*u_B z*IG(H8c+6f!o5ojJn}j}>%isW!@%XnVc_y4a54B4m}UEqzm0txn3J)89i5xc`C9pj zeKj+}v6_=IY9>c^ECpRM)a0kWV*aZ}Qo@lh{_BU3w6n zl>{FHRf$~>5Np}^aqZ=9ZU~VhHVCfmCj;(6W~t0@R0lc9r?!r$avY2p>}|5gzj zY3ubohhAT3_(d;$vX2X|&mVlAvq6^5g8w(r-$wdEC+I;p$e&=f_A=gGlk!`~iS`1= zdFW=Gp_{()nnd3d_zh;&B>FF5eu9n0-N3jPFz#=_A2%`%cw_H_#F(#PUeZm$?U~@P zc=lRw4cc2R`n7FT`LFCfuXr4o-^bj(YbD(GMFU6SJ3B6X+;7OGjWf>gGS2&mBX;`LJ4Lg7 zz_A~A?Xe06YtVg)`FxgGhkb!b;k|*Q9lR#lPfg0dd$U#0syW}o zJo7(6-?ylr{6U|ttE(!;t*oioV2yiz1NQt?jy*4Xvlcu5B6O{M1N%vyIpv!<2_N@2 zf1Fs>NyL>NJ>>Tgxuc_j@oODpgfZ{zUsvpTpAF+{1>-%yxD^=RnFV8>>83U}x)Q$u z)!u67~iBT_E5PqBUjN{<4d|o|sFG%#x zy1?MO;y-jQOE_eMiEkz6$<{+zK$j}YBeQ!~Bi3h^P!j#++C zawKo?1@c$)jz2Mn-OOd+8}KZ04n*tymjKHrc>jV-dS7f=tpjWDCo;F!4% zl1o+r|Dq!cTQ5DTsI^G=UE{^yB7@(1FR4zvesML=6b#nCmRu71hV+jk%wCjY-5|Di17?;jQ+U9(U|NesSHs34iTxag*cXsgE_bM@~z)gN-)kwGVg2a2^ zrHncHDsa4*wO9mB|D3Zl1kal3S+V0b9|VT*uQ}l;@+TJfcz6YTJwRUNI_TNNTrYwb z{@nI2Ww-qs`M_}_Q!Ha|Mb-A=V4}xu&v$c=>p1+V0i0HzR2z8wMk2YSp85A(!(7BC zSwH#1wI42hUvb+p<`88LJ)>0sm7V|A!c@L*}}KHv4x>2=8NTJ=DTTzt`3wdp1^4 z8^L;9G$&oq8?Rfuj67!itx@^199s8|OSM%Z7c;I)IL{Z`uzJ#D=>6M|S?|5SrV_qi z1)s+cT+v28FMTY@)yHc3D8{!}Hi!L)Eu}mke5}L|pJ`+5&SDK8VeM+H#JU9c8hsT# z57s1lnmHeWHIH3R8}Ju@Avic8{AL@v%qy%nZIoBh#@hBaV{>e|{ej-bs){bl`kMSG z8z!|qp#9^%HgJdUeO<`$H8tQu!Jx&MR}!bH7{~u5`gsMo(pT?g(0Ld5N#F8^#Lj?^ zfP%FO%m=yk-)$nU?y#;w$vaX-pEvu1oZYsR(K zEJ{C$#rLyMTx}f@j&m+W;5|YjnZ$-S-M&MW83cLjEMc@O`16Cdinc+ ztMq3*6S>t_5oJEy-y*$5`Qts{CwMSl*OI|Q#_ZriJ)duYeOsimjKG9PUVBeq5@qA9?pSkx;<`cN}Obq~I+A+qSXQov|U#(8W_Ea0W zc-_B)8*zUk+V4-q2K`3olrAfs^Pd=ZoPOeOTXsM1GH&rT>&$Qzy*Acd5Z-C?HN%6L zXX0?}Pe-=F2NR9ZL1Y-*-wppVa2CEWe$n&39mV0;j?xT$J#sLB9OPfPI17EB`A6sS zc{=}$J9-wMJRhB(mx#eLv==2hZA5l8XzhP)$8)E2Kd#%Ll^JRW{pgts$j3bjeb=Q? z<&lh&Udec(@lp@p@EIAkma#`(240Q8;?^vkhi96fKt{a`OmAgf8o_agf85V=)x1~x zo`1oH%V*!y^{xB4e(1n0_dcEH+x;|qn0uC4D}=*6;N;uziG$NaFKw`<-`#bJT~naz zGx)NJOA^meenR9d#iX7SRt{pbg{zSBJ8zm~6Gw0PB{;N?N^GU-Ropqn`O>V1DN@7TaQ z`gq5a%H4aL_V0qnNqeoM=ofMHbgj1^{^hRoNvtunnur{Pj~cto>a5Y4C)tl=z0brq zfv+G{KS#a>LznSsp7plngyScG&*E#4?Ew8Ap*42t_!__z8HC5^ODIty3OCTj6A#+ ztAx4a4OX!RCCqyUeU!16T|NPxJ`32-h4xNo{n2Hlqnf$waNt-DF4P1QA=y>5je6Qf z_$|noEc&zK7JT74Q!k<<{Oj*w3l>9fJlnv%2F4)0*B$S#IK$Q*<5GUFHe>V;c4&Ra zI7aDL)!0coJK;RNS9X$fJ&)^b*l+c~el0xN;x82+OU)Z^K7D)va|SLE;3IobuyY=*FnZHhp{*Q#NJ!IVy3+xsNbjS{tMK;!GB(SD1SvgG#Q6p z>1XYCSOxapOAX4}(u1(e--aTUMVD zoB1^&Wda0r}{kG6`^6SoRgqKx8|N33A6pt+b%DLAa*LZJZ2WNA_D_&Vsh*_;g*Cnn&p+>f)qvZLJdId?F3H!k2RWP#Di*za`V^CjjSV?K*@KIiH7 zyawQn$J4et5Cm_EI%TI6&#?AC0xvEm76`p!iOwq$tcs!GPOT;UTR4Osp1Ft0Sj-+O z@Rj^-VvH_~;3(H>wdjUu!*n^5$sOkeuRFC$>l937qXah6J^WB zx!1_|x^V}7xfEHv4EneV+Gw%zImg=?d<3}r&^u+vm-D@z=k+e%lwiV|#<(Pt=G!#( zUJY`Xd0Wgm0xyjzs9?eIh%8Rp+9f` z>Ra#d_WwI#oqo%I(Bz_;n5fmIb;pHwE;zL2Y3@JDzwP5I=-h6;%TE~S+-Sa!H{aLu zeI5U6%{}dd6m=kk1xdAWLPimy9+rQ7}|ty`sdI(wxrV%NF+(v|nu0uS&0 zp7PVrpk{m!z4j8;)6CP^i<7*#o4)t6?j{F)9eX6?pm)GC-zm3q(EsYl47dNi$OG?r zM!oPj=~~jGBJi>v)=+wv;^@}FBZN1G-?7$nSp)H6?V(1{kIiquA;uca5Zz1-ChDMB z#e+1mwr?;FGv0usyCJir*Qek^AFkZHITwuRPjW9^pU39+d(D|l>H6-;i^269>9>~t zuRtfcfqt)JF4r)|%e6-*zF%PYzVubiuMpfGVBSybylv*JJOTLr=F*_e>&-dSSzk z;7>v>N6BB!qxJ!MRao((;u{O0pOC{dn&AHtaw)YA{j8^G+JgT?xko(Pykg=MOT<@* zMT~$y(u@0O`xO02#zih?9M>@R>zMlu@U|O+iQ9C}5;Dxk9F%7*JyM^_uVSyFB3NW? z={u<0P0oY99{mlxNp2>Nj{cJa)`}2g()|$kaYUOsFIChzIaWBM_XTc!Y_h&PdwAN^T8lOAw2=kU-U+?Hq|IXO&cE+yXUh~{tSt4e9dV8onF;%R5s17dn=%B3ys(Vh{g?7M0g* z^9`H-iWWxG?ndIpvU%t&=h-~)`uXs*9DNVrfewwkb;iWAzV%KHemK>p^*-c+bb~x# z=<-H=y8LS-{>Yy05dK)ryT-yFFG99??X4tqF1=9lO);@XheSX76}gqk#(=FW2C4f5 z?=&{&4)#@eCZ#Jn{82nX@)G2{zZm~)1plnX9&Uub)aQH5IS9=gnTcLx%QKsA9wk_3 z-OGS8FrA$R(-%Gj{C>&UvgONP-yR$MRvCXxW_^=ei6NHU?D;$~vG{mqghd2@K zMGF3L@h{-tSYlO(KdWuew61CgUmUKT_>%Z-#l~-uVOG`IhG$Zhwj^ z^7hw#neu;63r9++{Y77@J0rhT2Rx|~*p0N#Gg)Wt+sHQ*ch>n1)~=E@uJo*NrIS-o z#u{sVzoj;;XUebTjN9?E;Hx=59HIWT-mSS@#awoI=Hlfa7coxnd~{w)8?{TMhZZ05 zZE|tc#kXQlEfJ07%Z#Oid6zP8#m%|!xE^?TVQTDO#!~I9Wn`G~%)$5K9goh4_m8t4 z_m>1Ks`IHk15T&yh+7{Eq7%rsQN!;$I5Vq?_P&7ic%AYUtz*Og{vhj2o|6y#yk7MI zPnc$M)a3gr1IJZY(N8Uu>JaDL1M?U(>E?hhg}zEWuourdk@?o43wq}kJj``=dlweT zzuI`c4OqDNwFy1Od;Yofu6)*H95zV7Bw`%UVUqX?m$GhA_A+CaK;!UYd1)cMMcxa7ka;~MOOCR%cV|}h+UhU30t_|Ay*}y^k;Fq8e!Jp0koA@)&M%nY! zJ5?uU`^_^C2tTIBT3%|irVsv(wQ}*pJ@@d6Ce(?~z z4!JM+A7zei?HjFKU5dW!xP+hbe(_N4iQmrJUj+>ES^EvF{q3xMDLfT@>6~WPT>j&g z(A!#`Nv$9Hugl-e`n%WSSvBMdPh>6NpQ5?DoVCR_%YEPq&%M)w^X_`v{3Kl;T=4a? z&Q0iQvMp<{Reiv|EzjETgFm}-)L1(hD=w;}hWU7zHX z)ajEP6y~v{#HAtUeYNPh+qmCBeEL&adJJ>PkjqB)1AoE&WDndGFQl>Q&xQ9zr5az_ ze?NoqwRy(Z=8Uh+8DCrW`0#xR2inl}7qb_jxP$@LsEyp1D%MB206EtvGT!i=j5Xrk z5x`k`yUkCWzUi|Gf6cIc;dk<-aND6T?!Eh7j=spd9C2J0^=60kMVv>jzL@hi@)R^K zm+mDO)`N#V;9*OsNI9pDOmpeJD7>4#>RCtaZz=}isSn&bG|qf~<+EY<1K-GFEy)2x z?rqIAR{E@mKMf1Rx*Ra%-b1oS zskY=zSumXOTWfcVaJj@JuX7>iJFq`){3tGu z-}ys$JhnpykB7gTd<74WzXlo5Z=D?;nArH3c>Jd}z_+m#M#JOh@qWYOvGGRB8#c)1(T@A4D7zVk=G@37Z9;E_J@f9?Ij|FyrfihGJ(Sa@^!fezMx zWft$lSDDER(Y-|vF0Ync5?}1um!5;`KT`bsD(Lwm;fEiR|2>}=%CkNU-u=q-^;oUbpYj(d!mU-pbrqeRl zFAv<2zIYWiJmD{?yle4jbhFjf=mq$;ygYh!1NW9Q7R9Of(G~D1*f{0T!b$LzJ;=yH zWP1deyvLD|dmI_L2N_vv>n5pOXk@x{6a36W^o!LE-1`jgOUZnf=HNHlU%iu@j73LS zkM9|<^HZh6G@*MUSBLiBK7^mGmc4v7{YS__^~zNj9v(i1-k$>=+?%22(N&N3;8W1l zDLgj(!ylyh*sheWn&xAxJ-X`Z{$HPju6mo{W8*XN$;_n;`I$>s&Ex&q_=JC8-$=UZ zyTpcM<5N<4Bl{?O@Ks6=Xd4cWbvfY3y_n)nh{yE8aSyzz+t&RJevJm6yG%d6&fjqU zx=WufJTDj}Jdq2l`)|q*FQ=}t=<}EBGU#(ecy8wXV}<9s9Pm8){p6Z<-tC1)k{tag zx}ab@EFBDkr*{i3<1_Je54!JI;d`?K->Y-L_b+Qkjjy}Ula=_t{QNqF9s}>AS90Lrdeh3&Gkpl)^-Q#a>8a{@7 z8LVi|u|M{l@h=XwXA039>WKA{JyW7jcs2blkv-GSrz>NnCyWKYuPGh_zW74nP&&SB zl<>ud-`BsaGW@WEXHSu*K zTGub+Sl2&)f7JYAbN_9et>~=lC1Y6E#k_y4>$-qvvgKVie7&?(?pf!%hS8_yP-kL@ zK75zY)Xix7wPoVAWb20{OSum6c@DlJtz!h5Yol#DpJ(VEHmKsf+OTUa{l;}S*NXFM zd)AIWZp*YShpvAl$NF>c(BE?4((ez0OYJ%O;@;jIeYyN$EI9NE{RoGi(m4-~?dQt) z&x{g>7D>i0EJ*Q&-;iH7THf$W-al3x>g1Vh9P;AK_y3aSzu)lSjBEcDW!q2PjvWr) zox_^XXz|&0`4nq~V#;RZrLR49`p|U`aTtld`UekBU#rZ1W0roKxo0qREv!smfq^0SUST}hv@?ufdT5^| zIr`+@_8fhBbdyo9?`Fk=K#%{HpTR#3Jq+Iw8nmcc(qq{r2~KL`ID zksh0QW~BAK!Lz>K8Aje^@5jyX=qDciW7O;M&))TL_UcC3kGs$_#$5YxbBJs9?iZT< zIL-_9*hE9e7RiAt+?$_cY;E^DdiInI-FRr9?U{Z`gVWqA%h6}Ydv0AJC*H+lOCI5w zuX3)3=pXpvGVF`du19x{Idktl;wiFe?!(Z>fZ{Tsk3ZxMrH_BQZ*=@`qjdLaM}(hs z^uZU&t@G&aBhtsSynn3p@dVF|L?0VpPxHTa&su0rTz&94_HHxq&$Axa;_o*2_;=z^ z*tdzf82C>Z3;dBMBjSHu4&KMTByk8I1^)j< z@eJVqtK`pQoH2hcR@D1#8eFMmzUHywoutjb){O2YQ{I^kCU?ktb zS98OE^GLpdy2HT#Gh>1O<~01>v6iN7ea;~pg8#c3xK}v>{C~@wvuyocIc$9c|5F|K zPtO7WwZu(3zRyv>zcdB^DPw^Dkskv7)?wiPM*kS_|AoWAzdHx~xwnUSl;QZ#Sm6IV z#kIhHo*>S|!+#9^SC0k$&!*wO<-s)nadB$6*osGae-8dLBL27Y%t-v_J7a;rhyS}{ z&A|V<9PsB}<3|MluR8F*A_x3q-yH+~Kbz)1OU3~I&wdE_2M+`PQ^o>+kN%Sr{=p&o z&#ngU6@NtVKhlB!L2RmQ{9ieG_;2n%AuWI3d0_PT|ChJMj{gy!843Si=ock4Di3_L%=_D82DfRQNn*1{!{xA!T+-k z{1@ba|MveqYW}mi-vj@%#{mCRKLq?s4g>!QS@0LFC{Mua|8vjtw$IE=*XQud{{9j1 zIru_##zsW71-KVE%NPDn_-draj-ytrPFbF>wfays|5f)XPrbxBU)qNa+SPh!jXsr= z9j~$DsxQD7H;#MCTYm5{)izfhB6540ec{W2S(%A5_74(oyrh;`!DjiqIFE+9C_DS9 zannzYn*eoWM0eXth`%g6)zmYybA?vtNHF1Z^^ z=-iJG+o>_HcW^>EY|0~B&9#YPF1O>CxAX#s@?gckXZgSEc#ZV=S#JHKKnppuA^tyR zJuW!8wUM4j=Ob6#uKO^HT(P^zeI$PGT6`bm>+P>6p6cu1Wm6&Xv;4l2T%6m9slDTi z)TXj5Q}3aMJ^wxA<~)mUD@3l)B5T~vJIVFy4-`-r=+3*>S>sxta_W1j2Hw@g!Zwp% zWO9nyt?)g>p%AB^X#0$naDV5lc5`mf%8=jW__fgHj>Xilp#Jq9;&nIB&sFrZhdd{8 zET(KPv2y`$pmKoUx@Y`80Xs)S{8DSO; zRrttC&+yqfchoM3k=IPUfL8ZxJ>=hJi~K8Zzuxb5js8H!dsUlt8u&5M#S!@;$CJCK z{43(Q<_K4`uRNajk$d%ZuRnx3F5Y}*#a(6Vu1`?|PymY_EyGJ7CuC7~05&0Dmj;dA7Hh99>`}JXik4QLLYjYr&2rw)l-KBvO*M8?v`dWt)7F7s#*|kL+>fTeruUOuKFw!++%$Y!edMwfP={; z%7;>J+||ywl&9Lm_?mA9PjBKsWF=f$a%rHs#i6B=yzqYz^U*}Rm9$Uk2F`pn&j4d@ z0N(?Qy^r_&ivAZZ!EYNZ3=fbq+)vJMC397+9T&%SPG{&V$RTRisSg)Mf|uYnn=y;7 zz6>mC$WeFaS|@lgzi!~5IT*eHEHy68Q+;U+6jqyRG2de9(;b07b|dHMBo$u|9D~%M zO5%&P^hwNSH#I|&#B7H6ykLoP6^p_hjC(EP7C&*hD?Oq4zB$k@oDOxbyFV)v-;hk zDGu;nt=;;G*5ju3i*x_WyNSLeV=f0I=a3^?=ZWnTH<_crQ9y$)VWe%mt6){PeW zfJeTKAMQJZ15s#8H8!?E6M7dqiFn~I)eUud;Y#p9^xaaYx!Lsnb>=5r3c}}fo<*tR zXF?~3wFY+_MQu^h(tM|8gOkJT9Z#mrwa55LaA|=DpS<$+vkqRl@>VstT>P42_9xTz z7nHvbjcpOmRawN%$6E(?NckbgK^K$_E$Nx|MW#@~y1U`L-_Q%D@8X#Dxv=UHm;7v-yC# zUXs6(iw>(dAMW}+XZCN?`nB|E|6Ram0`eX^rFI(i)WG#6=+#wu)M>zOsU5IZ_>g6) z30MQ)Z$Q@7z^CKnxzwOnN`6N9tqfTq-dsu>@oV(Q)$)N?F~=zTYMNuc&Zk>aI+Fg# zoHO;u4E`9fb)Qoh-!^xAI%jBjc^D>Tjv~8z0)LGqiK9_Z*W?I4yPdym1+G5e+QGQ~!h37c z5%r9>jeb*`UVhg*s>(fmf@2-oeS%AFpZ~=(P0++5H*eA5X;swUs?NF>W1KbMZzJcY z)*(-+rL*5xLj3_l=f_$aUVC&-l6=`?U-Et%)_s2lnJqhVy~Fe>HZ;caYKdBhPeCbEkgDO5oos-sjW} zIpr>=R>=L-fP+V=RtWWNjqTe09oxQHTPGdT>ijeD9%);IGq&M_>N{_>m6*v{2Fh2? zV~!EiH~J{K-KCcX$UC*?=bcwQbpiex8_0W4bFHGrrEn^b@wQ>B0@o#N@SJYetb=D> z$a+RPXp6=meULflG3S}aw~;?MXR5WNg`852$qyXz`MrbRYLV0B)avvxZo$)Q7x!Qn ztG)Dg*DmhCE*>(ky4>^XBG3Q-#yV}kbM)(U<6+n7+e7DbM(+94lY4$c7R9ci6ZD{HuQYL>qL_pDPe_q@apwDyK4ICRt~KL~nD$*Jg1 z)KdEKDtH3ALGf+YCTM?ksWsWuI?}xVnY!DDqxl~6fDp9a1g+X^&EUFoGs(d`-p z4{et1v)T?{^wx$#emHsbw#~PO7!a*jePLRMFgf=r{lu05-q^lxJ8Pu;PU9D_>_2zC zil8sAd{>=O;ey~G-gLa=4=^w|G!;J2oMm5BC6il@<5TcgO`-fko9}bp^^zFtuzq>N zxtyQb+2!~hy74b`;dcn>6Td@HpR@5p@EL%o$|i8%Yk0L24<>kduibj*)3R`Jp)=3t z9lgVypI!ebQ@@nFZNf${Ys`1yL+U-QK4xrX>>bHo#2e6U96Ggl(( zRR1*&+@xz7SnR*G(z@~Ca_-9(HSgm3 zWzW0pd7dAZZ$~vG<;xlMJgwaGEa$xqCF8^O+4JPymLcz+5tfaS1PA0Z8}++GBfPua zez)i_1!L}gk9S8-lP%*5f9$Sk!*!@{r zv(44qYx4B>-kq8KMFY1OI|<*%X8Ar!(`&N1G-k>G{cXsZ z^(FX>`B%FtuHUIUC^+ zImY1i7pVU9B`SS%rh53_kGM+=Xc9Lz*)~`56kxdsaAGT=cTVXakMoy%-wgp zHRF2Lac;y$d#~%iUrUcg`xoLTJ?nz}9;{G&wW)30;4`(Yx8Xx~Yg^~auP9<|yz3WW z-OSpthGqP>;peDl9n$Nk^D6Q?yO+TqsimB~ep)-NVKIKw4&eR^+SLi}z~OaPecEjUQDW{CFh?eXla`Ov_)* zXBYJ|B?lyj7cn25ttDMS^<`as)aV=Rll;vcci`~jE+1jsIv3O6b-6umANxfvUjLcj zM>V3&6neUsMV}2{0_TKS#@SKa!fA9J~ z_TLWPj$-}S{dsu4cDVKbsK$HJtD_(9H~xPx-dn~n-itqi@os{re=xB)<^K~u*vxqg z?K;;7d13U18rxrg-@m5MZjuaj-!C7ZEu-x77fR8;U0QzA;X&?tUS$07>H2ww{}fn{ z2ifn@*#z1jJ#+^Cty64U&B%3Z9POo^3@_WrIbh=RE8)|NIiK#X zNrkONr?RJgres#(;PdeR+25=?pmR}VpH28eKA1Q;V~x%zVvPziVYVIJO)y&x%=V%8nltj^mgn3$`;0uz*$;em zp5JQD^V^4>%s$0t?Ncm6pUmS-zdW5YjIA{Nj^Kd>cUT9C{q~uDf?4+`uvK)XAHT-} zlRA%SJGjPuzJce_%`zW zuU}8&pclRm|0$E#Y5U|e#`CA&kk2&yFzM8G?rT44;KknWI%<8J#n}yPeF~d-hzw(UP*0BjWr&-}PH-@3r^r0qpdDp8xard2sgr?cch*?|Sd=yVlBO z?^Zw`$`eiG-vMyf1WhRxBfEF@$Bu7n*86i~?129qKm1?i@g?M74c<;b9#8YMd~&X{*{<0XqH;Y$BG zd`-@>2PHqwB{y469A36=1R0{3Lp}9ZCo5zb;>oqgS z_}4Oil<_6I!tuH9j$C+>IsEynnRA$)HHX)q59wC>=?pIH9H{R};X?Cs@Q3)%l-Cab zd8zSj-BxudwN4t^N{y(q4iKt|^= zp7e}jJlSJPz6su&?6}I`iXMHQY4zwt>*-*2@b1f6FW-L}_iy;(&gY|^!1z!6m2Y(# zzomRD{A%+X{&)@l8u%_9BH!xmymvfbyULq?_I}~DS@U!Ls(e+^({k(oyLpH4#=_<} zK3#wxs<=`GG^bjv>HJlWCoy`{-I|khd`gG6d3*OQUdMRz%BC05LQ8&TJ+Il{Y|h_H z$J0~wGtf_i_<;PWdq%E}T=gZ?2;E|88J??Cy!e(Khp*(k-y&jaLyX?#e78{VE+V#8 zo)^aOI=C-av70xkZ9uo0cMfB7#CfjTo3IWCdr5c#?pGRuSa(Cj-T_@??#AxNM@tTB02T8{J;)=56)M8!uhdNzGd~c%~NE= zIiTG=zsuCi+4a0Lxf9C2k4yCi1;i0lU-kiLLuVr^?oQyK&_$Bm#-yNN zKX-NZcDJm)`$|5mCU+$@x%JfE5VzbZJuSIXq8iaj;EO&A>0kG{6}&U(E2B==JfnZr zhBdRk^~1uuBz5;z6S)w@!WAF=BsP=5x8}pVis`GLc|3?sD_&NOS1ECal9Qski*x@9 z{^>5a&No(?`NW9}1(9jLE-!rThpIJRrMWQARm`K6JWQF!zz_EIc|CQ;Ev$b4jRe?M zHPFb4^1#Fl>xego{&~=R3v}YQGcnqhl9=onVuXDW`XOeR+WQOdPRXaAFvk*!Ey`+7 z{E)M9FN;;temd=^gUjiBmfc%f4la$%E@(cV+QE>{&xy6_Zi2?5*m>sng61>%Z7ly3 zOBP*7mc7r?L!Bq9B(t2nnrzOeNz3O1b+5v$ zGcN1$B`@d_BnxD_(Gr*hX+R6F(X712|X1$83xz>8k2nyD%r1q5By!C!1q^cjb->EX`?tsvZ6qFsQyoYhvba{fq%?o)Y0>PCxiSaR_i=#;a9H>`nH z>w#wlaBUJi^m{%1ZlYiLw&Gdk1#~aZ+YJ6PVJLeeZ<{}7*`9g8BOmib=O5;b!ZH4u zu=Ss%ul+E?uJf8QKMQpsnts&1Vh3?}mKVK=LVrha3&!|J?%KLm$1Uc`cvAdg=V; z+xdJf-L~RAYFFI6=s53vj`zx}UQ5Lxu(iautA0x##poN!7VBq^8iaq>=E(OOnFxH+ z&Hv5$fwcxsT>7t8Q zs+NGYP#!=sTDErvzHM94$veT9!-sG%!{T7Ch1=&W2rs4f|kFyly-?=)U}5=T`2;p7cS^fC#wLbm`)Y zx0OUUOp6p48+q$#GoIUe+Vbc2T^qDdt}lz7al_(^Ct!bUEr?dCmhK^7A6gi#oF5sw z>`6ZF4u&pk;O{2tpJe|OmPRXg2YELo`Mmp$JaaCPk%toq@OikLnC%>p-wMso(G-i^G*C+YClWPe8_%Y#@~hf^J(e!--NQ^Mvs=H z&+|@4pTGyAS>;d_w>I=oEs>*t@#(@KZ@=h07ajZlsRy&f{>U8nc+Bn||X zadfKSlpHOc_vjh+S9~~nyMa5?K0<9B@{D`7|65~-&I-|4S_}1C4E#?7#q8@T?)?t& zoFc6gYb5{A>{UZ1$ObOO1}?z{u4K+BT1nAnUhjj%%%?HOajGMv53NBlW0hE1of#DE zKZAe0`K9dPTz9AL7r!4FdMvwS3^dzq^0&q0cuUFeMw;Kn_^M&p8U*XQfoBhT5<8=> zg}FS)vq)hO6RoyEqh zI-x7wudSM#4)kOg$I+gz!se!r9@$tC+l(Txz@HjXy@DPtoiqFBDd?UlR79ZxmZpJYCFIlrr#g34z6B)0Fu?|rG zmOutfLuQ`M--+yt77g9Nnwj6JlT*w~_i;&{Xq*c6UTS^EAqyoZa*Zo}RuOEvdpiFD z{<++GO0L-XU1!#(sQGgK2KMfDeCqWT@uJvAPfM?n^y??=`rPg5*TeZ?zUT&1^EoP& zFVek{@p&PS`*V~Hsrw#f=c_&;J`bE+hYfQjYgA3lXj;(sXZ)u8l3-^kYdaafI|IHu z6TVv>4C$@M2aeBTO)sF$rL6Haw43U$?a<~kSlehJYkL8D1N=zNRNaOQm_xf+tOd`T zfVZPMtSL`kslL&L;5mMsd~k9_)Zhkn!($1)-+tR08^^;d#&)O8&-zj@*sA896Xyb;TMhB0}ratj_u)C zTN$g6wF~{P!rn&F0W#v9wqL=cyqjVLW{oaz__npSysO{8sQNDZc`cu_<=Z#CwP<2a zl5d9_EdQ`a;LYK0Pw~%W)}X(C=(hg;VcXPCM=~$gF+b?LepDEn(wZdUl^%HPAiUGH zgnfp~qJ3vX3W-e)={*TMCC++vfiJb+Q&76DgEdXBTVeD2S+^wZ6c-fzFC-R`sAU~k zCxZj{@;8DB8q+(SOXv^$b}a+{wfuu#O+J>nC81NvwjTId`yi27JGK7Ol^VZmzG57~ zPHev38t^-T=Ypq$@mB?T>$;$yZsxD?rQcT|3#n^P%{K|nb%NV_G-o@O;==Ot#LwNl zo0!916Z(>D5wAVS+!LY;=AGo7q~<*bdSLDy%u{?H+TkJJWXQk9Q)8!%LHELsE#xQ6 z`U9sAqiXOp7ugA=(5c|mzZZe^PGFrM31L0Y!YUZ!$g3BDc|ZG4dzte~!2B{WZ;A}< z&4WGxSt$<3gnUIq^@frpo9_wp=i(IY1j zXDg*mQS%aTU|<&xcvm<`&f+gPNP?SMcvE|hHwF2<-=Q8rbms8u)^a_xnvI)ZotmL9 zwpYa86Km(0;P>UvfnP#D#jF83eTMq+{&V_0JYOTN-zCo_-=*h~gB$X(KjeGYv3DWD zJj1BVz2~>6x5>RopFeHF;2Ek{=nuiVSI1F{GA0N*BTTKVqIf2jRe z^dLDb!KQf4R=d|1`zaMqQk-gqjmh1r8WQmn<4Tr09BDko1LT9bKDN@wVlS>&m=V`2 zY+g!V^1nh{+W3^SlZsjMq44E!))rgigN|;7g3sYu=W7^$KJEVsXWD~d&H(^!#oCLp z>jis0a!|6q7QG`s`E=H)0UNxNf7%zXvs9YUGtO63t|TB{tXk7W^s^FNFT!>d^ z-u3bA;?s^co_fy86iXXFwsOVcXP>b})AB^I8O8Nha^GWwHEk*lcIu1=(TnWpeD<13 z)|fmEbiEb4hjCiP3=5#wqUJ{U-pB*mm!Y5JD>ntf!y&(w##$}EA)j`dm@f3D_lEFy zHDj$|EPOL`b4l+wo6l*$26~)lI-5d!_q(w{Rw++`-PHk2hi6n+9|Jq*Rq-OSTKVS= z_|eU0D}Ag2ul3lO*}S-d_0U?bWIaNd3Yu4&wa_^bg3r}$g#Ozm`pJk@UEC#cKl#1^2?9k={*x40I$kBO$&nF zamdLP;DH$U{sMBJH9^5T+5TpJHfA_JYaSQdd2~CyL|?i1?GP~szaCq4*s^!!cMSoz zJ*-8NvB&byoV9^WQT#rFk1ZT2*VT!9(w(U$hs(T67;776bId2t_Yib21p4_nx=ns- zhxqr*psxf!u`E*9yOi^-4~@q5;(bFaM^~BH!8GWr#oDSm)8P}qCp-AiXvU`h3j7Ae zAuhp|)c!z68}fPI&b*B-gx)i97`*4xk<$yJBk}3#6de^czxq6O2y#Gnx@b~%!` z&z;D7`S6@zx*B;T7@mX=1nczeYwy;XB#PPRA8oi(v3JGVShm8J7=Zj4q1z6EF539CD^VK;^iWk2GT!}W~U98`4@oURX9S%I)7Ogbz zA{V6ZH(?iVhRzo(9e=TSU^;f0Vs06HXX&_u^>gt#pT5KRhUI7bZitt><`4MrTHo+< z4o+;deI9&k&3O!I{W6XC=N4jGf>UzzK5A#BV}w7GQ)0fVZP>)#+!tl9R0q4h1+1cp zv9uXSo7zI?fcM9Pp9$Xkv!s_LhpOv#nZCeB5&WT;TtBwigYd?lfcgslp-c96T=#mFVCuVQ=M1}5$grS3z1qxKG)IvL;@0zCcb;5(q_l1MQymGoY<{f@g2qW`bv z`-}NQIFsVzjFS9d9*PSZ`3f#2UpvUV$d`1skZk0xNm1k_F$Meq z$;EwtNy|m?&b(3#v!>YIa3?t zS-Dtb^j%6W=DXO0>M0bvaOc~(=h_og+&rH?Kc;?7EVHC}9-qah**4cFpUISo|7PWd zJ8x3wAG|p{ecq&e@s8^PWMU{Y7O|%KuIKWBGwI~)SpALoCDMD)Q*sV8at%1V4toGP z7A?E`auu6%yqJQiI)q6&P`=|@=;lsvGc7WtH-b#wRWzhuN$Z%P;C5S#?N>cTJAxX9EA4#{sQt7YPT;aUAGn**~dB+ zAL-wTtujh-F0{Q=GhEnQC!Z2{Mc?5*{$QP>rIpypi?EYL=d$A#rSxw>^C;+hAP%ft z112MjEN<4y&$l?${1v~>HScM$$l)_y@8=A#&}O{@ei1GeQ)<9&Jp`XF;=Ix_TOh&bII*^q*8uUN{2MKJqfZO(IaOePfl07BGSuwWpj(p<;=EG z_%Y+rm&jZBG2^aMo;A|@;FZ*;@cSk!cTYv`&B&KcQb@j%_$PXFEBZk3YOR^pD}nxy z{iU;|Ixm7Z;FqBIwf`<)fAGqdOJl3R(Q0tj^I7nEA-aS9w_%?SAx3|7RY`1Cg#Czx z#1SK)8RVECm7Z|owe1uH?r^KXS*>JBkYDBHHPc=AnO{35AOh1 zvRU2p?sGZUl>H;hojnPUEQLq9E)2{*{)3H?7&T{%RnpvRbU|VBOzN7#bI*o0D=v8z zeRVRpvd-x?*S1k4Wr^Busub`W@{5x1*hJsiB<^Ppp7kPmNB z7Q7nQjnO?1c&8p8-ZjAc0PywzFK0>`cvo9^?-&4YQS(V2ybiy@t6(n$_Qz!_5mWPj zbGYq--Y%aQT-1TwO5&^IH*8nUnezn_#0btMv z^Fidy);I1z&J?a=?$p?Z^=;?Cn{nVW<7y1MmW5|wp8{W@9rpnJwrXvMiHC}M&*qHQ zF~Msa4g_O*pGJ4JagO71_@$HBNJG$Y_j2Cf+|qEj{BU9@#23R{$MS#2reM56qbr|X9a!Ne(1Y4vp7|!0Aa`V6fM?fU^OUXZzSlEPNAvK1Sii?S3wdV^ z^9|7F{d||tW%Rt&pV@tN)iQ5v4dC0pH@MWq$@c=EV#W2w7gg>k ztl$3zaKR53DaWNXs7D^kr>#dO`fw31nIe5wZ{^|&$wj_@M|C&Mr>-+n>CdSXyQHfY zzJi{+>9-ZUw*Vvd&M|pU^mj9Ja_!Z&20TBO1J93xXYu|XL$8I+YjfZ_lxye2nmBj5 zqP#d(GfHx#ASElbwhNHii;;8Jk4GjUU;1TV2v6A3i=der(GD_oZ%|D9i##s5+a4>Y z<$KAtsO#zfq42kgzE;zR)3q;k_bdLnZWXesBGLb_*7vM<|6KV_Td`Mnv$kKN9_Lrk zs^q=+O>;V*zmx6fbND;aem;x8izVuh`c-e|e7~S? zv$DH^xbf(PYPn2#)QMfn%_bVbC$kFB>=p&u;a`c$Gb!iS)U! z>nnagYTy`k#~7nA#~3_Y=#BBb#wfncta+2*_}o7Y9HZqJW5jce!Lym(7<(9_$=)4M zVeSri@4zvl#~7m~#~3_2*BfJ-;3x{$yj5`Q95Zl?mSfOWJO^FzY_vDVdd675`Jx%MAW92@d^Ig37G-DWxVSbJnY zHGSW&!naWlqn{X8c?Uj@?(-;yJVvTjg{bkRU6H^QAGn-3dO{L33FXuSe(P58yu>0^&&dN6@WEW!} z$j(%aVyN5mnr~@;GmLQpx2c`N4*WFFWFJ&>&V6mb8CSrhIEVb%8FlDUzPDkMRC)Li zYzu%b3Z8_E>C9jBKEly^wS_}C2d6Wjm+{13*MByRABR)rkn5ls*_Qgeq9*L?sOl0} zBU9gnO{jU)(uevA?V?C?-PywXS*AAX-JDNd#(eNI*JteU0{5rTx7vuNd+1m2Rnd=Y z-@zK3M0?dC6=e0XQftUOGS-mqzoH+rW)4=nW~N49B)A91TEE@t0Qj@lu?E-`cTl@3a1=z)Ye>(>0Z&+48p-e1leiJxde&h(BHBaYXOtSR#Nspdp zzDx9!uBR;o{`(U#7) z)wr(hKIK_$Tj8PtJWhjl93ET2V-t9s=5XQVgPsBg<%Hb49$;P%nl&o!eTuz@8fW3# zRd+@n@P_LRjY_xNPk&wbVY?flQS_nCWskGhcK3~un<~&{+5Pnc=gYvN{fycD2xjGU z#?$ZoprE${czSM)R63fLza=_z^+WO{PlK-YzH(|kw}$kreAp8B?P>6z(HHgS$Lg!p z?~8hL(U$9Lm)F;3=5?%o{&r(}POgta?4`v<28bu+R~0l9pSVl)+U}i3#>nQ8-Qep^ z@U`azc|UuwCiRr)OSOWj1`1fKBswfH`FJgAQ_hp?;?L{h(_G>*s6qqrD8FO{6%R ztFy2+3w$oRX;N*L{d_N<9lfMt4Cr|2_b2uZ)bF2R4AGG2=WrYQY4S$&?lUs^9Vs0j zpP!bmT2I+q4xT(<>Ef;pY@$l(QQ271i{=^oIg|5={Ua~eAk*(ab{f5oj8hG|^3U3z z64u=mHuq>>8?s#bx^^h_5!45cWqk{mF1%Q4S`V*lAIbeeWL-CO{TRO)yAj@1O+Gf^ z+{CPCpW?h7@Vc9$o{8>%^J(Tvd%+-_i??;}gU(t}u6=w^$lej2BZCyzOoB_*eRo!e z{cn-3nM2-<-?bKI@2opRhUXo?{Zqye9(IFQ>HitbwUfE3A2-J?=A&9Te}3C(CmTfL z8=leJG*{-<1&;0uRI6|E)r|iW=GMWyW-ylDxAw@G+^Cxu-~WrgCGYiqlC{c*PPHzA z<5b~lka;R!q4>2w&((IGW^NXT%5N;nn%`Z*oyK5H&1sS3?=?Z+V##0dA^ajMfAXD`In2Jp9Rp*Vm@yQB1ZN@8*?|aA5^?6-9H_@K415ruukHE z6~Md@JzRl|$)jC0eN@rM3_dTnee8kH>)E%iK2o-UXJaj(k1G0zk~Mym&^?^(qdY?tSY;dH^B9=hfNdQ0GRldh*3F)8 zbkC<`gL1wRbT+OiJl}{|;4#lP+Dk2qdq?LRX&&92ainn`XD(0RXTQQ;D$dijXB(A- zXB(}9=4+wdCFFRQ@maL|Y5s2F@6GZJIOAvy-+9mVUyH9cPG=KB7wR)!T`=H`qdL|p zeqMOCk=akkdoOTDjOO)ue$zV0=21P;0`V*3X>CPkq6@Q+p&)wrYIFeo5Ia3TR!ZHK ziBDTR#W@3BzQQ%&>y<6sk-8<%!p5E~-2;d`G=4kp%Xd%U*Jw=X+63dNJ^)(UkeJ7J z-mPcfs=Ehmtl*mj&geIu%o_k-NeG{rmx({~-d5mqeF#q0f4kN{PCsk#8QpIaz~5qg zz&h*euCTuDhgd`I(8ND`Uu+e=vGa-L%bvw}E36+oi}z0FyNT0}WA5;1VD^hlj*VJ! zWMcCO%yflV6(e`d|*O53P9veJCa$ zWj>N!QO$?%VU1eQJb`{B`{a++on_{*a}#+S!;cLG>3w`d;h*8q6g)W0@}P^SmwUYE z_)+JDO-45O=d0=*-<4TsHAF58V+VP0X?OMlUi_j)-SZ14fOIFREH>KI&i+Y{8W3E{}`}wikQuqsDKiBlp zG#31g4R$uAVb6&_zt2d8o5$2}{^j93zL+(STZgZiee2J@of>!Rd0MxKX_I&le${(| zoo60r-5x1kGyC~@-%0fmuKkD*e$GAGd|I&c)N~)Y*Uh81iZO28P72{iPp&vM*m-h# z-H!U}_Q?D0oqf+e4`}=|OYmF9L>gw_`qFpJcSD=wzcqWzFG5-tZHBl#JDeZ!gw3Oa zomU?Rw|<`$>^lwncyBmA_+!O8f}NG=K0cp|HlH6_Kl{=N;k@cu^Tm?Ib?-2J)Kj0l zaAdIaM^(XHUC?GDJko^xb~4?`>dnYZ>4vS*fO81K+Fci0df^x8*pgxuK8`M(bJy%6 zI}L50ndZ;8h4aS_Uokw``Tg|#bJCZO=Lq{d!gU@V&L6xlJSo`OnC>Gd4({3h&Dr-{ zVC2M^qWgL0-7)*f?C^UPYxDRSoK3*pPLdl5pY$K1HZ(8vPjK_85Jk?Es?I87es7c{+#_ycQEpJN^BSRbuJsGAC? z%~sqZXugd#kdD%MZCW3#jlT|KX52e_-r6QJZkiU)GvjI=)2R=9V0cQ#<(&JxqI+jw zy0|gbM<}NXLioWUw#Cl7iD6k;o3oEH*+&J`hwztroc66Pr^L1f(aH(r#m)ElDKT_U z-zs#VJ3DPF`q}&zjE-&QH^nyPqvUCCAJ6{Dz|K7tlh7q+V)IR+E{3_>|IujW6C2xePAMO$Og4Td{q*-2ZtKDh>B2S^ubKPy$OQ&3vHz7jwmNF1-=jNp zo>K6+H#6d-YAe4~v61pY+Wh6SnQdx}4PPF+=~LKmeolMFIFqxJebs30Teo+FTD_up zY07uUrud)7(>8@_15P3*=k)nZbg+Lur))RYXs4;U7-Q^gQ-dV?7n?LAPu4Y>IIH9d zxrF3M#vCmlINXOKIr0~Lo_N4MtC6bv4P!c+g8bh1b56U?e>U`;Z(|Yuoasxp(6_VZ zt$v=hHj$gZVzU|h)v%Fd``nUm*RCP7u`YJ8S^Hf$(ij`;7@AMu{pb3hZ19ub-zeWo zafc4sx1u9(lmzZA;H)9IYHGoS!7I9BNi^={hkX5mN7y^Vddc70g&iRKDglip!QtzA z4i06XDp#jE9)p|e!Ev)F2X3D8U`WlMn1_Gg&Gkj(;qdRaUW*QS=f#G1scC+Wc<8b^ zY}x+){B2#_hq<-xY;(_j;b~uZZuJML->N$~rW)oh;Es};4lbJzYa$lVkyH*Vr1@$` zzjodkG~-|~F^J54kZvu`u`oRY9Gbt|?=TY`k!!z05?bxR{*?bjzR>v4+OJU!zbBC; z%dZU%AH-){bXD+-&dDkTK0RyU*%hqM@(%}xZ-9Q5e-zokGsS6Eu`au*jp||#4RY<- z;d*araJUNDzA(7zBE2(|XDfn>&1b!z&v!jH_pi~mo3@YB_VPk%&gI`hFB+?cF%;X9 z+=}y8Jks5L6rb9jFG4ISF*RyvOZ9$9IqNIFcu6R8kj=^$ zOZJqToFw%(L(=h!l-#jA{Nu+mWsi7xtzBRFPuuXLefs=qVQ?35I&(Me{m|&%pG?)g zrIqBgmciGiE>?0#@tV`Xqj~47iwC@ufF|{h>f%q3re6u76|vSVn*Q>CkTaIgMqgT| zkf+_=g^)i*=h^%!*>bCe{c#W8Ls{}_;oE|{fXn2}OdnQ0IT-zCj!zcbesi7&e!1|O zj^8V1N*?g8iWwnJS6@pV?`dg#?E$Ce*{JlhJD6hue81|0vNKOcpBJnnra??$1T|q{ zj?B!fErj2+?@X^#3HFG27EeE`h4&KB{8-{W<;2mZkB}dw{r}q2r$Og~EkgJ@Lk&&CdvtkAyTJqxK9;ko2Q5?Zb^aOH(H2|hfp zr29(s|5Eyy-+$F;{6hMd%(*?Q{}6BI4D27->*%`XB0GPN*5j;f_Vp>*j?6K#-SI(f+Map(-_v|B-lGlG*N1i!wg`O( zbva;tEseL}Yzymm($8w}(aroXOXDOu$v!(b{Vc#oHt$`Se%3P9KD#*mtghTXD@i|# zzuP{0BRy^-{-WtGNWWJ@?!r7PNIxsb*E7!^Ot-CpzRa`6^fT!d^X$I#vntU&^yc_R zwxMWpE;Qq4^4(c915FY?96pd{PEXG%HGX;eS!(?8>1PR#4>rOFj!u8ceSSV43`(cp zNW+rq|C{M&e*bgck%me4ar*rO6Y?VmpAAdTHP!!!^s@#32f6WlNe;QulAe1Vww+n8 zC)3a3PIf(=ein7l+SAV(oy>VG{VZ_Lew2QeTBq&lXDK*$rk^FC9pOu~G3DaSc^kju zIDA{f9k{_`?~65&KlJ^OKind|4drXN#=~N*r&Gtry_UWV*SOCO#Ws{pg-v^wzkb-J zVcSfaRGY86HrT@b+}V&?^D@`wZ3D(x;M!nI{@ibajS`M?(ttKm+TlAK5!5c8o2Q4cj-}n8@hA`eUL4!hR|Tj5*(H^JLC87Y}H2hSz3e&NfpA zw5i8enTFk%&)I<$+`~GZf3-Pbz2vyCIvTq1q~I>#GIfA?!S(klrtrh8`7|1yoRBde z*S;X5{lxdE{hFNZ$7i&6Hov1ee;xFj^RWl$`C{}ZHq(3eg!bao>>&ue|C~Q_=wjJ7 zne~t7fxoJ$CvM-Uels{N`c>U8DR`Z14(Y(sc*9$?ZLr%<*tW5K$7!>p*z&qR-ig{a zwEy3c$XxhHXVk58>jNKYuVrO3 z{=aV96r^n%czl3u12077w>sNqT-vtz+ReFb8`-@%Z5tm}&$da)b{t=Es9?*AU0YxF{MA-bHoSQ_j>Vx zCy^^|j%H1(Q@XN!uNMbU90B{feXkb>NIE+gn{v6+eSUji_qq1IU+=Yl02&`KzOUO{ zd*5&O+CKpg4ruS`E-TC0{TP&$W$k-CU%T~K`0(U*s;wtOE108VzX{@194d2Hc&=3D zS#Ji1o~%#xxOVZ!Z6qwdlGq6K)%yCDxeEIb_IGY=d|?GWDaQVhQdp^m7gqZ?ZWvivyQ) z@$u^9;^^I>Tzu5af9dRZKYtV_mlGjIsq^A0_$R-ooH%7uju+cQq>F!ltx=91W?#ni9r{nLZK)$FhJ??PxS4{MY*Q^TP+_iw2~O2biA zSxui?#*@3G_A@g!ofQLb2){d=|JcH+y6V9DF9k1khuQFUOv6SdZ=yXt#nd1vW)}MP zVSZdS%c@ttX40GNmmG)#@UpX;*u;#WXq{rd!Ug%=xw5w$E;<)+o+9ta|1eN-kz8gMxi7}sKuSTcV zhrFcfBebr!O=Q0$G@(3<^3a-tXxiW-Kg<(q&ztHilvB$bH`08U=4D`rn7xMueD>SA zIq2MyBsodd&8vR=fuLZ&!%06lDFL>Fz}C}#$K6ZVm!Wgy)&|Av4w0K!&Y7m7uO8@2 z`%By$TrEu}=a2o7d34f$kNj!i5d5m;S1wiOnM!ti4cdsq)5?pMQO8|E9C$(y?ALiO zkMXxBzaVvnV+ZFBYVN|3aCkm=s%MX=@T>N$Yi|YjCn>M0y`>rSW$~upQh23}-t%$u z5$5yDg<3c5(O~})-?c7|{+vwcL^tW4SJC65M?)Rr%LeVW)SaduK}IDV%Sta@Yi zrG7tZYsskx-Jp7b-8K(@KY92AHV?07E!aY{=ySKt!|%3v_%8asAK6d6kIAKzCo_5Y z-Q?jDtLu?*q*LeP<&pznBP1Rnvwih&4%Ru=BuLESmFKH z+9zbr#sinr(J{&|C`TNh$Mb5%%<2ps#Fv2YWvrL@>N@1y9Oxd|)qM?oKZ~l?KBtlC(4uez@6Hh-c`+aINf?spLJKsIaLr=x}4Ry^o&)qu)(L7sNCRaI^!cZ2`Zo)r_?9u&MSR*H5WQ|u6$5_c4Q*XDd z9G}8GBR1onm9WO<8L=7ntk$jZ!Eimt1^IW@(4X|WcrTn=xDKW*zN%|mo8YqObAB7%*^p}g>HhDPuk);FCg8p;# zP|6x-*E_meM}NJqeFhyN8fiH#wum`G-+fDr9FOk!LgMJgal}w-iJO#B&nP%W7Z6@Z ztNG#jN#E?@p0DZDCBO1v&TPn`)3vrYxp@zTu7)G0p!;7AHh*(Ie!9L#a#6ZGp#H4_ z9+&=&uofN2yLsVWl=c1@5%a0Pm7bKHGM_pk;a+$(xVCymK5&xui-37NwSvw*E5km^ z$39D9pGDdm?iNkd*mEgfz5d8Xe4_RKz8=jX%6PKN^*Mf43jOVIcQI# zTLXVS9pkj`4mob#4Q;lwsf96q#s$<0Q$v-9osB(cax2ouQJ(GL42?KEsdG8pJdK`5 zzbHR8>p#=yV6bP$;E8&^U8|^9mMwt)(3fBxWJ4zTK9ae=z;~zD{W<1(mJ_$gtHe<7 z%ew#N$7%h0$6)Jyg7kV{yQSA?nqD9IU)ed)9nZuay-q!0dYy3$dVSoR_uosebJ@@S zR_XNzZT}#8t$R=GsuQHwuQTQVdWFu8Nw3gWie8~L`51;?%fzefrzN*;=+)Auo<03) z|3=ZPp=tQR&@1zlT`5{jB40Lr9(u(lrOv%?0KLK^^l9idubi4(zAs_!|44eh(p&dj z^m@20v=8C0pmhB6&*_+p@O|x$glYFXy2G4{TrLg zJUfM0zOyS*b_%h4_YA%a?GNI(?pf45BaZ8yH6jm2@LYm-t?i*V^MCpIT>7sCLiTo!HRvC9L@}>}bx7OfKQy ztibs6sxz1EET2`iCF7_msd+o+gwm(#(^v344lOChHKpyS(M^))|3Qs#lKJG@y%UG# z=w8TEVv{4$%0uk&Fy9lW#KuMN%aNIrThG&-k-MHkX1>V$dwG9ZWOVG~{H}9eO-(z` zw9muDl6a?;8V~uoFQOmiS3}RETwm%Vi68JHzJ%^}yBeEu*1tt7KXGz&!xSi#vSr_ne9`O!d8szs3qRE8kGf}v@mKoB_2)lNUPJ7Tc$M_<%gpH^;CcwS9s(}& z9k{kIZ(!ZE4|sGRqX0S3UsJ72Q!9J25z?xeO!{E0*OE{Cq;UQ^&W8#ulT z9KQgLhk#=@aJ(G(vVr4|^TN9DlbC-g|K7$w;l=+hzeN5~oHb5z|4Jw4d+RRQZsHz2 z`ETP)_LG{Q>c#JYF2{3+s-aQVUwam{$A2CB;REJj^cg-^rhc-t%KP$(I(T2YWBP%k z<~$(T3qDPEVjHcj8xvcBjnH6iILSo+om~A7_RR56b{{`olv$&bi@#i-4zBDu4Ays5 zei*O!-*^7Ruw9{Uek$wyy2CinmcSG8WrLHjHc;>58hq9A8(A`rP2ULb@S8OIQ59HPjWtrSsK8 zyo9#wV9y1IJ<{P;&{8|QnTjpOX`eOdO6{I3{vT2I_XzN`8-aVO|i^D^UD z`?>>ruu8Za8S2=dA(yoWNw)Zm*TTI=`dr25Mt6swZR_{r=*NHN`xR>)4ESFD{-eXy zp}t#NA(|MO(sv1Dc*ke?2k*y?T!(Lw1#7r_u<2yrD&tHs#TAhAUj|m?IwHs=#g6qX zQC3y?VRGZZwi6#@z4KG$D=C&(hOgR$UP>U(u6`fqJIF8PxxVYXH{E55PugyLQe*~E6q%X-w&AA>~r!ytH(6_qhs2hE$eS-<+ul+h5%rD9ON}#b@8DF$^wl{Ch=RNol zjrc%uK4S~)Yy{2(a8{s0)m|}p!6?}yct6GbTuj6HGSB>3c6hkQ$Lz_mcv1iN_GHEX zs=YXo{p|WN^l6`UoMUNU@*S9TCjQ4+AMG&|4F%LxO~)ThNM@ijI(csuc}*uHk)y;1 z^N~q~&83_P8n7O5@f>aQSld035mRse8+W&GpGb*d&r#(RqXZyhM8@ z){o74>AxJ=xQE!tboK;vK!K=*Lp`Vtc?!M1(EtE$q z1WuhnvJiPATxg8>LD*KYKdsRu@D+D*<{0yI^3lchB`0tEVOmZ)pQgTIJ zgKU$1r+dd;?Xba}jiqQT_5Wep{~xUkcJlX7R{lG|-RFnsvw^ss`n>@=c^WbMeTZ<^X%N7&!HbCqYHg_ z6ZyCAXk~u+_)41JHs-JSmFjN^`}s8AVX679}*)ZY=oVFTYN z3*S2}e5a-0>#G^o^1HXR9z#Po?h{PKA$(1IZe&db>%Dpoj`jH-^G^8wH_Y?!{jZtN z;qwiAcKG-TpM88hV)5}P>+0xjGV9}?KQ0~L3g4j52E>Ln2kCb7e?|=0(exJE{~@pc zedheS^nTq5#4o9zTEEw;>xvUYGtUO@gIn*{xgA8umQyF5f#2%T9y0B{+OBePB<7h{ z+okgw%`>ldtC4uEdFIt_MWGS%%&W}`pbPWNtIcYJCd@Oh&Px8NdFItw$u_8Q=WE*e zs>UW|6JT3T2xHV~dte;-QSD2=xF{A;j5?X#*ZYB`=@_-vI+V>J9<<)?V65P_=vV#c zBX}0iw{c%P2ffRA&>M;EX1x1C_$-X~+IP8|WTR^I{XVBcC*m1@pM>Jm{yUmquJtl9 z*T#w8Vd*A;J?H1U(&zc4&&L;izU%L#&m#|q^1!FhQgi<8vFWp%b2ZGG{sZZ=CI@{s z=Ah4-9Q0Y9gFfTPtN#mq{)qMU*X;!9bA9l}$XFt4kM7nbgVX1yL`PY)c>~X~Y4b9@ zmqnLT!)F=v^>uQ3IcPA0PQR4H-b_4`Mx!B4N(8Z5ata}5^e9Cr!p-e~AH>;0Co zIcddTvqp`VDskM*S+xCCXTJP-kKOdxh-3hk;=^*WIJi+$g z9i)BD3AVq2b5OdZG$ z#n~RB&qn16&j}tiwLjzVb;sZ*vOlU0dh}_R{NbbJ(4+s}hq|(T_|P`;+ZkFN%9z9P z$FM2n_x$AtA>aEoTz-7X*dr$}|NmkBb(;U^;HW>ZKXGnC_Wb?d$)_Hj_;=3zu^e;H zb^go^CoumeXu3X}KW8%$pRxGgeVqC0?40ulnSX{Hw(>658f?e`hws0g$o%&yUYTS5 zUpayK|AF&ga_S>rj~rwE3y(AZ$()6jVIM&65n?^McZFKIz7A-z6}_3L4JwaJA=Zw+ zg+KcJD*S2HxK#6Qly`NuX3d9!_JI2lX}@a$`H^bQfl-{ViZh^0UW7ScO&yM60P~42 z6I0q%!+UFilzU0l)4JbTJJk^wd4ep7@5q!TzqNWSu>Z+^apx(8HOuMyqm_SE z-J5s@e`sTZIN4a@rg^%1o|xB!m-{#75ldA3Y%?{~+Fx)#_0(I)IWA|-$Xm}yjqx{UE`6txCC~j)*M>_}D zfm`F;M}7K?mu`EmW$F0W9vhLjZZZA1bLAG(Pd)3aepV>wP5Wm0$>b+@-m-V5UbTG& zY`2q3Y2|)()yCCw-byVsP0of2fXh6irpZ04fws&uYN_0_tK2hcsob+I_~62waCtdv zem-+F?Y@zIC)GdugIv2*|G!N?OZCq_IQO34|62OjIo$pIMbKOEHe#;Zr&Eund|@7b zel2Gv)UrQuVZa&S(5LdvQDVVWtnstloyYs_CPq7rHLNyqfLDT@wpMM6YSosTyuhqQ zE=KEc>e;#urDi?LX z^SNvvxnME!(TzbqMtKtdS*|utw+Zhrd_OGih_)s=NZD`n(w&PLwICLNDVb8_x}va-{ZchbEx(nCG35JTy=xf843 zGv;ES`LuezH>O)b=QscG zU)b9;jeItJYOjOhc&cqtzO`e1$cs&~#jxd)*ka`)3fAqxc9LHF#Leh3-jh9&#J*A= zs<-W^PLCs*JeD!^Te3RrUv0$u1^mFPg!FRiO>68e$C0}!*xAd5k34rGys!ERjkk^(ZTGJBtQubj9a(_O5p2_#r9@@K-gX868?SrCkA2!K~ux&_ZE059sg&ghGR`r${vc=Mx?q_X~ zY{?o^y5S^XlP&7tlTB*s$AINbaOvilqz|ou*@Hkon`rwq`de~9xVRWwPoK4i*3|6q z%(eYK^L3xqkKTXvIpIfp+(b|Gf&BUOA#eYeoqI0c3GBYU&t8|_*Vp9l>tmj7UteJA zb}o&zzdE>nd*Qojnd0=@OI|IBFJE$ z2dcAc$6PC8cKwvU$@YH~16lBQ);FKTI=lGQFk-SPUpqfX+{8Zf=Xjkr$6WDY&G!a# z*8Tv0xZU@M>!>BcS8dsY4epmiqsR5Z&JT}?`G0}MT*{X=tsLQ(vOZNB#%W8Df;u)PGgU^V|QfHUn%y#KfcjBtdaCkCpvO3 zuq0R;=}qP|*WudfKhc$e)sENAnvk#t|=3lpdI^W@`Eck9P@TKFkad_qMOROLKCH#puz66XFCjw)ZU9!x<;>B)r z!g7MYJ385AVar92p?pfqi%`D>eLn#vWHfv;Fs~yxB@09!sq-Ox{9@M```_Udp6K*= z+vo2au)TeH(H<+&jOqas2> zE8-2U-C5q;USM8sKKo2PT;}-)9akcc;cxAIk`+L zeN|iI=j;BXKH;61ey?l-#RMMU*@LXlHXB#bel2r9HotWs5B{x{J(k#o2f?w4tFXVy z&?NF8nO}naUuyjS=b@oCL&IJUuPv14PVSr70^=LMmcB1~K1=@F_Z>WjuIw}avsqi{ z-pLi=@cHI}ae(i7@+9T|nwt6J`@g^G1$S?=at2)9th$|(LLOl>Qg6mKpvqx>`PC zGvk_ggK#c+$@|CihYww4{NeQ({xI#5{`0gy+@8xHzU`v}{b6InFsDa}C;9ZKm;m~C z?s(`>aRkK>6)V}@qO+4!BcVIgnLBIX_RuAf3*TmaLYheXZYkTx`MtheIMy@qVirAJ znS-7_<Dow2;R{Ptn{J<9iwy7%~8V?Q_Yc@gg|#dl-h+MYSoOT?$es*uTi zer0+Pn9mE4*}A8>0-4SFO=;!5ik4}ya^BPWnRa{^?+4Tpg=-boWQ$+_wC#}*AVphgp z)p@E*-y7arm`v~Wcy^wv@d)KqhHS46pJm7z=H1G?9Kf%?bn}<2 zs9{d|%t`YUP6SsA_zddKBAyV&<*(;%$g$+(YdL48wr--y|5Yi!!S4otZcgHR_+hN- z82G$^zQsH0TRdan#z#Z-xyBtq^ZJH8vKWAIH39W3J-d470D-#vmFw&!O>M z!Bq03+qH*w0q<&0u>Y>!p>`vDCwl6j@06bsOjQj+neL@yjmpT~=%4Z<#AnwlKC8G) zg1n37Q2r1xesrrpPsvx=AI|UD%{w*u1Lr3{=tpWF88|Qf_IWC;YISq?}=4| zL)9KCwpb5csdn+N?>(}yoZOMxRE!VXlxMY>Zrdb~(+Sxd&~p#%s3V!`d^xjD0q619 zbt(g&(B<40c+bH*#lagNodJh|H+W~pv+Vi!G*ng|-Y+N|mb*S1vv9*&H{w5(p<5Hk zjO_m8tEp~gK)>K6gylUcSY&$(o_fI#-#iFRb*!((cXF-@9I-Ei_aeP3@S~%jt9i{| zD+6OqCXD7;OXj?#x24m^xmbix6LmRgq9w<(AQQh!RhtHXC(cJF1yf?v`8z#0J9g0( z1NnUIgK7CTBwOEQ+s9VE=80}Be{Y| zJp=iz9L6Q&tP<2})oPCkH883-ETAR^S+J~yT0O}K<$KH>o4~63G!H@px$fBfCUmHK zFK@ulR^Ebs*`Ka;RLr-mH_7>&^q;z8GeVt($?@{e>9jRDUi*GN-_=&~Mr}K3+d$hk z_*8b#h2XdbyI#E4g6vn`yA?TN^4|Pz^4_#Jd2hb!yhj&bGCYoq6_1b2&QtQP#udyz zQ2x+<)|h|WcXZ?H*sj(2;7;}!vP`;0HkoWR)dTcEW3tWS^c}8WD9`-Q>dW<;2ONzq zmwtkHzVNN$85!X4%pR~4!gDQhZ4Y?e3|?C#pV1GBg_vAAf6oP+*KMU*_o;R+Y5}a?wXJ?Y3O-T$cl$pJ&0dHplsb zk{9x+JCGUXdmx#V#qCl(>qe`x5JcPbqH+V_o|;Is1fYO6Yu z`)J$A8BYV~7hX2>%ip>eLi&vuxt(uhL0L8(^PX%>#Q?S|pKCv>)<$dfx2N?CJVE=7 zXUmSQqz*o>`Ge?`0%~XtpF{g~S+YR_mGNd|@rLBMcq0P;Ru^0~m9t4N(mV2hl#lj#VFo&L3$W?F z^2dHy zZC%s?U=wuG*Q)Yp-)dl4b2>8Rje>1g(N76y*OhSA+fr<?Ce@+dz?oMD1&c#&+sjMzWGb|mhoRb;PP0ZY)a`Q)-uCp z;oV(X@1lc48zzf}+dgpOG<@1IXn1lC8px%u4mX7LGLyNl`OV?!dYQyLXlg$Hpb7D* z*5pQDnEsC7;kr@CC#{3@Hu!KhLK||?#hm@P^?wMzyyx)gZ1=t76ZW=@(f+o+y#?}b zihC;*6PJ&P{8OFrfis9J3=J;o2LBHr^LjWJOZAvd$nzxfVF_)Q(pGXv-;0q$I-9If z`i1tAaT8AZ8`g?%>%rpGyIL}gXO}+~! zPtk8T`cpMZ-B(hZgZzKuqtVKP=($qPz3d5Y-OwMDEt?d%!<>70a8_7PC|Gs3h~O3c z{&(m9hj=d{_FY0vW^wa1&~AooX|S{_`j)%}SAvPPVejE7rhelJ>_GD!nBb?rE6@Y( z9;Ew$&HM%|=vd=3N|#7~?orH_=No`eF{1c1XsH?)r=0+d)!~}vf=RxigJ;ZO@G!pC z-pEP^V-8t4|Gt5;{*o;FexHd~4D?r=J%Df5F5gb;>g0!fmmmFZ&^R*w$iO&q^k0r| zuU(L1zQ4|%?;!fAEr)-V-1XM&&mm7`+Mn@q?Dib~)vyzQr+>>p{131{O|9ubeU)8n z`rFRX-kiZ+q-_5x?&2`;v5CVV&yE#`nZsHRh{GVqv*R$T!�EnIL}Jk$=@xS7WdD zj9*2Y?D)%;Oux#|j$+8-Ve#!5(2d&oe$_q`EAZk2vXAIncI3ZO((CzD`WW*z(9Cd@$}kD>b&*E7Pql#yH2a#f&_cJ{7F=`LRD_ z=|vO6yC^n{T38pGsE1}!u?b|3=ZkGuY+~`D!R@opK4HZXgk6=w*VucuBXw6VfGQ$}2X7{~0a@w4k`X5#z!^{$a< zP+0&y6r!hA;?we-x=P(!6x|^^LAI@v8)jTTUTJgtQ{0%;9r*QQE+1W*m5(;}!ql?X ztar_M$S3lA-<3 zfIMRX`NjP4k=S_NU8Hx(Kbm(NgV;NHSGpsvdVAGD%cia6yb0*25uK*Jr**8sa zu&x#Ku~~ic{V=r=@8)}r;$6g$ZvYqSLv!@$!s-7`+7!@-crwrS5vPxp%JVRfF6MS0 zV>>)F+IP)((9o}Vx05xlKZ|>X$5G>5n-?p)z5c8XS#@b@1EObB=6O z&H4)9Yye)fN0)Z)o&R0PJ~ZANHkb2>;T6t#<2+oOcWbly+v+yO;F>q5W$I_GZV33# z`7fnr|9GZ8i(}6j`&;tCuHR$2zeVeYU2r1n_6=Y*>&E+k&$=lNu-RWXzBgp8+mWk} zvu?D>SU0|Z#$Pw)cC2+<;;oy*f8K|VSb2~;m;28iz7_Ly`^TFI$VO_SyDEa{jz~?g zOSELZzqWjXzPIGh|Fzb|{g-}!dDi>4ALsqsv)=#0ao+zz*88^|=l$EV-oG{H`;NZ$ zohJF`)u&;1D{s8==-tFS7c+2jk9k(@I5o1CdQkApRuxTxM>r?_E4^~ntGCO%!1~zSz{iV{*BqU zemsOn?F+C6bud%j15=%fGc?tQj%e&o89voC$z z;Oxv2aubitxO?`z;&2XCDV$ZBK4hC{?!Pb09QU3N+&%mGyB;!dt4%oW1kNutsqw%;y1(q(E5BC_k?UndD zE9rMU_L=#Pzf+HlCw|uM_O2p3rkLOGYw#0IeW7$XzRq^}I@eL}Bf3;gW(V;g)uYZp zhOWY&yB~kQ(@9qN-^~Z*>+5MQ(8|*ZgKwTXeW#G*YWdA<4}q_Q9L}dC13I?}oJ9DjeN!#}Phrt?y*x-=^vkyTZYZEt~87iqb52UvzTIgG(__!S-p_*HG-N z9Pp*iZ!-3A`uwKE9QgA(FW!lM%Feg>`2^zK1LB>Rv;OdLYTvcXCp00mUA$B8a-uqXFN2TmGwoSxsR{S2Y5#^|#Rbf> zb1M9gZcM^U5%I$Xf`$3OBjxPlpw2F1j;Xx>;t^oVh?CN8q}m`4Waq9#9;mi>H+po~ z8~t-tr{Tlne~!ObKF&q4o2f7Le9ZJcpWw&yG1tq-e7b9JAM<}U4U{XN$VFfI;e8e} z&3PB2(mv-h*7nmLec?kLi@t7t3-l$M;&}A6xCr`UOx1SBmq25z*|F&B`^4CdY+Dl2 z*JS7`&i;t4#PGHT?~ZL@ZSP~f6;n5L*T}saiR&tUu=??%8z+#v-5Q)ltzluWa?Nr2 z$;bAsroQQwTKu0anf{OQe|bKXx&su)sFzbZ&AZDX-`*v_*yy*x>DIm%r@uD(OS0B& z@IfarkyW(qf;N$1&=d5EtXKV?=C_iwDh&?_X6RA*m*qTbapwcsenTA;&Lx94?C(0O zgPO@gjQRl4-wXdB`Wu&v{-8P0pXg5hy=0~6uamPbQ}hSz zbwGpPW1s8)h5p8Q^mp!Cpue@9gUiCN-#btirs%Ia@0n?NBYM}OUtg^*c;;KLPusRB zFNhr-$N69A*u+-_d$3dSQ0YP0iqdSWY+6wN84H$o*0~@0Y-Icsj zc7&_PCH`sWwT=0V*Iw%@ksnhf6T{e``qy5@PWo03?1~Y=y2puG5YyVOGZr5p2DJts zp@{QxsyQ!5I!k%14^l^@J=GnvG#<7h{i)u@lj1$PGVb(2j))cqIRaIx+|2{bh0Z~CgL4zhI0a39ex=H*4|srB?%zy3^?suQqlaszqR)|XP=#YLgF~@ ze}>P8PtLxr%X5F8^{i(}H!r+ed6x9Yclu^7?;86Y{cr4Z#w7dvQ|RO0FdtV3yW{Zx zwzj%#v{63#xrJ}64Qk}qdqh9m>xW4{$cRrDpr7;JL;5-CJ*J=SGNKmF|Zcs~8yLB7L(m3}_=wVeD3(ob%`N6vq#i8}`$Cq_^ck00bL#4C;M z;MFL#dn6Ln&NB4s`4r|IuV$%zr#tXY)_(Ttm@alAU4wk>5Fh1Y-}uA)JGXv7`1+Re zs%)NBG4|BFqVfJbq|IS|>O-st$(HLNCSlJFbLUjt^&clW4<3iS^!d7>ZQSE;quo6( z%(n4c+Sr3!+{<{bcSg?{-5sy~0zRYi^-734jH1qMQh7kg48?S{CUj9&zq&q#|Jh#> z4^#X(CA~OI-~&j;OST(4Mcwa|>(?N;jIL~=Zt?HIa}wKDHs2C*KCpH=^AHSVPhO;P2Vv0a#u9q5724$+A@{cdgC9cU z%A4(Fej9*63K+?j5Ztwvpgf3QfU~%*@#3|UH$U%QaDF|+MS5vlb+RNDYf)x-?S}RJi6Q#F%GY5Fd4#(JBmQM`-+djr}mTw4s-Vj(17JYU=pBS?)ZF+5n^?ThA z{ciU4YwI5stV-TLN{^4kLgc1}6Hy16mX_wph7zQfn|(D=&n zyMfzbw_c8wCtnTg!{fJWY#&w4BjvXTUJRRGpznVeqVIZN-y@nIXPWu(7dk(W=FhZ! zOlTevzr{H7>He_!1^N!1pV#+TU*AK|FTih{#pa(MGBuAk{QUOjLpgmr5`O!rotvNE z0{yNYqTiqR`t|eM8N|E%`5rZgBL_FJ7FKgOYR)8lYhdlGHPrQc89DG)Q+$hlt3JJ< z+kh;q3iKZ)6Rrt+Cm{2G5jNL=&TS98Bl~ucJsTqLzU+g;wh(!DhN(A^!*8tg(355! z6I~oPPKiHIgAaMHVB{2i>rB>{YAWL2`d8pn=4=+M9>2`OCqR3@3XIvb8^GboVekp? zXdT3t%{0@Q`fOB z@R;qxFIx|}>n=skX{SDD=j1&X&m<=}-;<7-=8b_`H{T29E4lsW@RjTTHu}GY{u@mH zU$Fgqb2PB${48Qy)kV&=U;nP{-v@)_Sm$l^Ut;?o8-F|4zq`Je>%SNuV(n<>V3c*K z9?nrHCSR$TH3rsVt0VXr`dz~wlb4~9<;8ApRfKy*Jd5(JXjpkxT7$D|D0#RcX8kSl zsdR3u)+xTv@A8VMyPpl4GrhpAr}Fc!dU8g!UKYfwf8xWP!#``^UkV-j`QMD6^GKu6 zbq}>23yvSW&%f}J*H$uz?7Wz_nb+udGq0vCcPLMc`Q5Jh(YNNeDmcICuHD)0pWpQO z?LR0qzkqx*^W%KgsMi1S(F)Fw`Om-eql4!MUgzKWk=Ir-$Lzdy{;c3}C-6AhcYnMG zkMZvY9-rSbNALg+CVvim&+_1N4u97%cERU^LHJB^?beU_;WH`z%y$dHhxNWe_@4@V z$g`SCzFk51ASdS^zHKmkfcN~vHw}gl@ScD8`oZvl{^lQUcx@#x%EA-;XrJZ$!@z%{ z@BU=&3;u_J|773&DIWX}1OF+$`|Oc7^jPt3;D6VapD8zr^K)M}IZ{nqUgK{&aR0Hc zIWzZ1=6-z356yMcmRHQ*_?DOX8v}O2&rkWC$Di`OktqlM$>6p>CH}jF*8-@C3JuWR0044v})cGX&LIz9XR znbEpFD|>Bn2b<1z_i(E{#gG>g-_Mgp?^mst*@^k&+SPjdc3Uc_YccsKv(G(6EWxf7 zbyHVE>y}^tZQ)q`;}$0PA~qKBeGe{HUj0vk$AZD|XcIgl`S55f0FPaQ$H#|&$94b9 z;4!xVJiZstqmLosapDm0sQO<9kC_GFar+41@#=31^ULlvo(vg+U)*}%N01-ruhS(z z(BD>mjF&v%zAG=9tBt%spSjPQZ#VJ+IqhAW{Lm)kbIOxHk{4A4=3mYHW1hTNtX%rf zRD{V3!yjKBV*YDG=KowkUi|+#|FQz}@2?sD{I3{d{)_&H&woOJ`9Cv)`5!;T{LBA` z&wp%z`QJW*`M>(>A^86v2lIcB{x@Mq`RzNu{jeDOq2@fdhJ7u0x-rfy-P)@A-`LV*FX{3DLTa zf2^y&@%9?k$x+Q5ldr|Pi<=u4Zu;A!iV7ODq1HvqpqjA<`0 zPiox9t+i?`u#Y%OhCN?Xy?PK|aNIf$><@73ax1DH;TP#oKJC{D@R#Z-qlF1yyCTugMHlWm)OYtJ><;ykrzLmK5Q-CjpW0a zXXM8xc_x^x=UwH?i|6j8uPFCyJN~`UryXH0v}CQ_BdqmI!A3PGGSEbi=ml74{qu+a z2HyaS7s2&*aPb`Rp&j6*8yxoWySo6cjj!h6{pk-VX5_-+9N=7TV@6})2l=GP75Swf z`pRIPa)!rWTA#VW=#$*~1^Xa^`3h}~)ZO>T!!e7li#2U=o`T*RZZ1aV!5nU00w;v=vj41qJjUQBw?EG0CLrU?{y1dscZh>F zlb2=iQSZvxfhNu^hL4qVsvJ}8=heEta{aWYL3yan(AuNWS_+vhei{^?^xCpGF*F5U zp7f1bK7DY%_r4JOBocMDn*GsUPJ#At%AZ)|AG;T)HTx|6<3nzwjch3#L(Rg!(4G@t z3^*0wkL7{+C|`m-k=c9+*FN#_M?62Dr%HQWI0w>CA72a5hk56b{C9p3ct>+E?{P-u zNNDH^-}uAwdG0az7_9H5%Z-kr*5U^GHu=;(J4AI2$~aFfL;Uuf?~v2VKCsSao!?lp zU;DG{zL_fIm-d=S??b@uI+>^MrC*nGp0sk2+s`R%_r`p4uyLYYh4{h5fAi;)LM|)s zMs`e!d5N~#psj9lR+7+rh4vvZ#=Lz9-WaoRFGM@udwKaO-o4&QzFbG-t@aaD0ZZjM zn%s2wN-@J@7)z3|h_+1LB4bkC;?e9YdV_fy-u2qd<2O%+|Kfq1oUrgI82>fvUHR}4 zT%;e2eFS`l%KfiGhYh<{6}E%T{g&E!!jf2o{3CPxw16_1*|0OT?me*ii7p{E1;RA~PO z&eL_?MLw1EY+VRUzUPyFmj>1o$VoonkZ1Ybxx_rk501sD*{yxj`c3^~;iHn@b?ql7 zim>s_Z|WEqVe6US4gB`%gqv>~rkFb6<{7#5MHSwA75tuRzvnkK#8f}reB;m$^~25Y z3Vu^R-285*Ew6sKX|Lj>y!zqhUN`+yKinNlS+;(-+dtRT4|m_=cZ2sk$?qlfe?9r* z)DK@zE@K`0k7}_W&F^OScg$DMVI6knI^K(6$5!y3>N=QrxfU)Dkegum-qTIO#qKX3 zUb8+xkM|gQ9IXG7&>*xlsQz|4eL6Zj-pKN3*Q%%8`rGyFqi=Lhe^2Uf+qUHM+5XPv z%+zchfO?mv<-1z>UvYLmUuwP`%$M~rQ+ND%Z{Cjg&+_A@nC!hAKPK__+U&?10$`$y70)2Hx68iPI2b6;-@u26N`~w+7r=(tz_$Vw_}IL z%e;5urxbjrnVR0F9q6)9JKC428ZOP$_HF>DlE=nor@u#Mv8R`sJ>vVt)ce)g&-+K^ z+><}b_+pH&lJUhDUv7UuwCgqAX<+Z3>DxCx@vIBecY})ZF;}v}x;lYwqQ?y@q@k8oFTJ zvmZnR=YMN!198rwmmlcGk&r9bBR{vFi+rW_ zcO`#S`+LsJ!7}FFL{7$_f3rT8l`o2a_~WU@H-TP?gimB>9D4kk_Jw1M#m!zi#$9de zf1hh&qcNY{Z$a*xby9Sq;sNM0xBfRdCw_Tv?L5iB#lA5H<8?Qf`Y40#InlML`HhVr zIkJ@4S1)pKn^%W)19f_L7dr>{Arp148(uhv@oYl|U8;McHSW!a7J~bRbzbv!{03{= z>7B5B!%M|aKA)lL+tkx8!xxSsN6`)9wIkNkj=DGOc6ni^I$ z=)fpGx2?h10B!ksz~7equGeU1V4!%Dkzwe9BsH|1vz)|Y)sC)WA1m+ZoVC~MyjpD@ zA6nY-&-0~_dA{h=xt1R;9fICOXR>=$16segv0nHXbRzp!KE+GW)7lS{qoKcCqkpbM zMi_s>YiX+9lewkn(Ln5ER>*vU_3|z?XWxd)uXjUF zHSdO=u(yVwry=%oTYY2qWGWsV-}3t>^5_YB`y#{N3w-n>TH1l_nP30TZBO+CRw7eZ zpo=@9zr4Bw_=)X&YiZcXhX6hP?FD(VZ%BH4^7X>9Z^!+EW#5+r{)d~7IT(M&|3$x4 zz~ibdBOBa~S@Fcpo!Fo7hxW0v?pQsVGnV~x36oK4L&o#lz<6$;MpIZlC&@@lPl|a; z{_I5#*?RTTgSsa@IK!hM=|RaG=|ROW)>0G0$|74o1K&2Q2MfkHbZ&}I4=(;zz(<#C z;apVz{5^elMB1}5C^@G9&VjE_-x(QHJp|4#4uSC|pT4_i81moB`$F(NZv^m-p-;L-U!*yc3H3=dw*IW|_NiwCXWCtGBOjk$XKG*TQi6~aM?9{BlB3iDm> zmj?4)yH6K8{ImMlwND4@gAQbi>I1bK-)(Tc*9)nG5q54^yX1Yt%t7adJs&@Ez1OEg z#vP3Rk3@f6_h^7mpyf(y>s!6!<169)OI!2ny%y46ZNr#PYsh?p`s*GO{~9d+{PJcb z_E7b^&|fX^$a|^3E&_%=dkEesHN3OtefhjoNPp$&EBLCVKVP<4nf2}21!PtTzZ^XT zznm0;r++HIFPo6*et)iErs83zC)yZ`)?*tuCrULpjV$)X-W>Y)4_}*>|MnSqn9qMb z*#F7KNVTm|*{bygbY3g8tJuO~cyk)M-SwGdJ5XPB4(mJAj8F{Di<<%W_a&~`iY#bs zsn&OTr$=kWqp%xxJJs#R{wzr>X6&wCimWG=SV?_{I_f*rvt|yC&e!@L`TgeGV&bo( zp|N85o!r;@!|UW&6e;dV+pqGwl^9`TgM0p*W9nwcn9=*wL0SfTa`7S4#wqBTSDUpR{e3tc8&5M z);3qi(GAUv*G~s|Ydjup_@5h_MSC)|zRoyr(Kt(KkG+W+=dXq_zGQ|u<2O1pp+jd@ z;*ImYSVH$K8%x-1YXY|@mH=F_L2|JK(HF2!Wtyua)bh<6p9fEk?ZZA8{)Taho^5^J zODBj&2A>x@u#kDlZ=D1D@Hg8*H z{fcJ~uenBNu)$m9PSO7Doa><4Up>6Hg7;Pc|AD5_n+BT3;8JsTZ~TLa-g=%dpufxL z?{a>#ufB&d^vDOHU)gi)t?92}9f5WJ>f|E!+knF!;8#L>+6#U$vD2LmHI!^5W&_P@ zt?M-CS2cLauXyG<~^OM_XXs75B=TE{T+_;3cBx=zG(E7QHNLEyUrQ4x>H^FKp2#TsZk)L~@4>rkMR)KOG5t2J>CWIh1mP(0Bji)qI6{2JRrh&3 zXO9Tf`###Q< z{Li4CTG;tUs=cB5X({+mJZgAyx5tz4!-YTOZ0Dn#Cv?`|G-?`jcF)n-*wx!O_fK&d zbMN`wy&~ew=HAn}dkyGLb8mC*Ubp>rYwlhQe_Hh{79n3NIiII@cXRay`Yq-EfHP`Y z1u}VHpai#K)TUJ?A8UM~556p&a@T94|Bth4bjxvx(n#s*J;<0oWKAdcOClw!d!gHI zoooBF7vpMFjH}7SxTbv2vrmx`-O)uqRsT9)_|Nd6;bnMQ_2(@w8-B3wLbKA({(JU2 zwUZk1Ti5sZe;ekz?pi&Vu2=hL&e{`an0SaUpM)I!vw)ZO5ViyV8s+SB?fE8~8($i_ zmSy%m@XgxO;CidAj)7Orc=8*`ov2|CQ8RLI-m3tA<{r4P_qM~Yv7fMB5p~Wq`0#8k`GQMXyYIy2>_vV| zgXc!Ui#wZ-OT6H~d$LJl*veNPlV~X+zKjf&zoq!{MHju3J(EZ_lE2;GzDDlBh4I(? z_b&Ruz?vFjDN$$bL$UE|AFAVj190=dlZ;Zwo3@mblYgIj;Gy@aD;|2E`sAVasdFB7 zUpfgJPPmU++_PtIg%9_B{je`!UuqrbcJz9!YKdY8vWK}p!h9p-APF|sH&WkbUOQa= zOQE|o*J$AWP~R9j^~U=1d#$Y*ul@yNwesX15}lx0cG?pu8%t-uwIb*5BUf5>)<0lB)nm_?^(CGSwZ4?* z`69k`z>V=+u>S<_EN-lRn1v3&rZahl(EMjNzr7|8SKfQQZ#7r@WsGCzQn!JGa*E#rN(ORzM$2Pxe z_7sGSDFd%8W?c4N@zhjg?h51~HZ(R(blGC$oaEDZ?0RdnY%ucJK5N>d{S{U|;tNy{ zWWW3T7WwAl#TxPi&P4B~;N@|QF?M($6i#_K34zUldvg5wJs*F%@q?k`M@NcR&ta@< zy>;6o#j6!7I#N7!Dmf#T78I+0;_v^58E8y$ z>q{07KL6rtK73qi)(>*}Tz;P%xcIKGeYu@R^pE<<-g`h8?=gs7}DOXIt zmp4deI9*H0lWO5RXnyN7+7j)m9>4Us?I(?_%mAxZ)SOlhHMs}O2|3Aq)kCxUaz6P7 z4^N(5pm+2PK5}y`?0w0b0Bq-kz_u$Oe_lR8`X~oq!BsF;{h3#&%WCV->?f{f>(6`= z8z@UJp6wO|_BuB}GASIUAyMjG^va^PDIfAj%8 zcQ~Ih*oOQ3Bj$O#Vnu;I+~=2==h=9X2P6NxCay$Z8mr+0@12qUHfQNVUl&e)YfTHj zQ%q+UfoJ6!82jweqX*e%uYVvvcAtf%=Q{*pSrGztzc!SViA zabsnPWXN4#$oX;~3efir1fC3{Hr%bhQC9_Z1|6GnbwhwOsC>W~%W%eAc_ zcWfmzteDs$a{d~SH%WAv)*Q_~32?2Nyzbt=lCIigjlD$9hszJLgW{}-sfJ`F_D}^e zB74S077o_7;T>b!K${ul_j63YH+32M<8uBB|KLryPh!*hb;jGj;T+@9 z*v8=P|GtEcQOfV#*vZnZ+`AOosPxkYbfMgUMc!Tu(N$V9AWIX)UEe+Ctu@%Sa}?Va zUhOki2fHy6*{S$^?AyTS1J=E}XT#?5fv4hEV*j;u9>~R~ z_PTMbw$9(>?$vXzlK1NVFvrkyrBifoE#Gp!X?|`Yy4v_K>GGrq&J5n)lFG z_FfCN@6GH*UXQLSp>1r>ww>sw7tv39xE>%@5HorG@%}b&9x3EAwz@W!p$~NTKC7F( z`_d803v>PX@y4I`Vr!cfTifG|UcCoe+)2NR*S`SHJGs{jU3OE?B^zJM$j5i%YxBT$ zs88bcnTKQVo|!*;63kZgZgaG z^%_d8Py!1trG5{m=yU1;DN5?Aorbahfm*9jqWiu>l|-~V`z@t1P?PJDa}^d&pz zM=uU=z6rh$y2a+%2*#c4O_pt3gd9{I==IEh190d#k61l^eG@j%bCQGT9{C0hW=|10 zDeO7?^jU}3m~YtMGYZ?nzmA9hXVyX2dwx+lxlHQU>~Eioor6A7`;VUO^glno2-xCF z(T2`KfR~?H$vWOVVBdZH)I-Y6c6~Lc>loU}!-1!-EKh13-LJdseSIVU%>T?!C;M0C zY>97pbmDmbY`o@D6JN~52iWh?7K@*1_Ip%78?{qi`Zc=iLFumM>L_cTjn0%rF@INd zPfnOR1lR_BM(64**HK-&IDgk2m-W|A?Rt^%qyzMNMu1*3;6y&#*~qJ;>>2c-u|2@& zkI3_gv!3bqdptj^Z3Sa%@%*r6yRPoho$-5-bIr`h>^a7cRbHT7tFg9{pEv!#ElmBk z!h=58T089(AB-)0HyL~Fr0iKp8SJ$bdQj`c8E8+ut@YU+=g^ZY4t?UavIFOmY`{_!-G&Gv6I9uCnj4RzqHg`|i=* zzvNwf^}F)kEuqa(w7vUm=U~0$`~>DUiLrn;^Axw#hpNsa?9-n=zF{qG$|Y$kH($<9C4tw_;qrW;{cK}SlYYqAuflaXG3xbWfB|y!-(TR|@G9pC z?!U$wT3h4K-8HmEr)dkdYF}$|ik3NL#Q5|Ko3|0)O!u_LYwlt5+IvONgSqF`FVK6k zWz9XWHiGWSZZr41S_rz=0$j0Oy0izU|7QbhDm`0O`ci8`ivI~#1_rGz-R`_X{^1PP zlUP^K@Aesq=lN~zN^H+I=gzat{)OlFdTaRJx3;fJWK3iNu#oJb@2r1|9#?E7cAVfu zo01`VhjF}b=fIkdan2L6bt+gt*BWQa*+g>ZoIkHz^gG&28dP}<1?M`XK%FR%u(_9p`DD^ z_O-3xIOm&j?(~hbcL(UohR=E82 zg^8Ga#;Tmpc<$_Xj4qX4l%HsIrJqiMbJq1xFjO01aI|d)>Ck__(05vUkz5x&2fr76 z{Z9E5*e}W@)Ae4i!PyfQFXiB+1NvDB{mh4cN}!(-=%@3}_`{u|pTo_s=nRStTNE0_(kxs4I3)CdDTO+$>dLu)_4d?Ree2p2zV#n?RBL$#j=)^}sx^lUHul4t-d^+kxjKKh%3*{_w#>E!xv$tAKh@8`3;^}MW{jb`ET>=5v{Fa#c<_0lBVwYZ4%Iq&*)YX;l%n)Y~g zlDSGJ{5X(rD%w&WpKZsi4fD7ci6JKlN^HvwGO@!nKmyutku z_n7tZ96l@_iW(%--TlV0g`|^`X1z0-IEFnfMwS5AO1%dh1@k0!tn`=ct8SCW9Z6K4 z4(%dyl4qlzo#Mo+9zqu{WMWmdNiZM#f0yC~sW*FN>5n&izZsjVY3R z;n{qCms7u^2O2A;c1MiwTlhW&J|g7iN){D0@GjRM;N39VmCl&%gHc%hnuGOjy}y@D zj$H11OzOTA#oFDmrPOILACcSj3npl2dNn8OVf!*+_A-thr2P-XV<>7riV6L=(l$v zaSht-piMi5>C}mqY_l?Zr5AI^@GiRDz{%LcTpu8pqL;ST!#@`jvsecYZp4=(f6~N8 zEIu>vpz7_N4qnasz@NCtuDrO2hlBOP0krT7+E$--95yx+r=NE4SaEdG>J^M_2{^2} zt@4oU4vp&-zH2}>HLxHr8Pxu~mtS7*1p{=2g}vxSv5v*e$HYHgBcE;?xRPwz;mUZOMXwz9 zzdIi|^Q``K_gRDFRx9wn8#u3q4(>;;JOB>XunzdJ)4yk})4#XF>EE}}>3`#Kr+@#y zIQ_qCEvY`(Sd=&rEl#9cOA=+P;)mw0at@Uj7484$fdO;Ab7~o~5uc>)dVCRT{Qso+ z?KSDDi>r&!T`31!>^kttJ4Ntz-S`RM;qzNw;hl%J4&bk7{|xve=DZ#JAup=eZgu{C zF~8HV#jB;8l&Pr5q{=iti z>0vyT#Fk`F%68EBdaefc$hV$Mef7NmES=3>p6Y98J4M@~Lyf`Tj&1u-A4E6&%BeQG zqS;9-IK$NyRm@8^coDjx2w9`OM!>|#izsqT`6-eY+sFs8&oj5cTekwAJCHlbqY~sy z_8ZS$Ek>V+7r&)E5_qrYSMloNcBgu(3!`0iZRaO4rA=Gx_$1T+jWNbXGnYlsPb2aC z54-Wu@{hQA(pJVv)=rB!=a;Y_vNL&dLb83@WMn1RJKHBEP9w(hSBzWtE4!UUbQU%z z?fbYs1$O|fWuB5-s+85&MuMI!j-(TC#ZnrY( zZ@*pr)4|_rd=!e$t z73c+8iFBPuTYI2S?i;)Jc#YMgbyt6$rP^Ny>dv}={_ooI5%4~hx(^ytu+JoPVaL;q zzE}Jpq^-?$x4HCm5pC5<4*ZNYci@-?j;hofewq&pOq<#N0H-Ng{(uzm~ryG_?z!`IZiZjBJa93 zODQ(X=uO7X2Bz>%&SpVZX6l{(BswNl74QG6Q;p5C+1M=Tt0eldUGW&tX0dC!=}aW? zrLSSL1o}+VPKI{gqHoV$$h&waFT7Wm-{{&$jm2w5&UXw zup`e$dN9sBYngAw2)gJj)4Aiz#Ilx^MDBh_ zjMcK)3eE#s7d$1oY ze%MYy`zZs<0Cb{Gi<>;CBW1)w#%dF)pqjRc;XT`5gH*+kvO+W9IuMHa^nR z;quvPV4p0dzp=>talml`Fzkp|f6c?k!Dz(Tzn4}jrZX|OMtBQzyb)YnhmE2=C*>p-(fsVj{Y+{nOmkF7%}&q%x_14fA#Ei<|lhbzioR~ z4)k2koZuJP9F~7qF|QYW{M+NKGV|(Nn9skXvhz~y^y04HlKXD?*UoD(v~G0mWzY>e z?+Iwm@F6_q=R?U;@uN$NQKK`0*I7P=<}II^+O8g-_Fk9cQN<^6JX+i}4jzrXQ#w1? zrmiKk<IfM*d#{kMD)YUxvrG!{1%}uZfJ_ z{~YsHtp1G!_+dUC&qT)%gBaaaIu%~8it`-0hu8PXmz_?28sDV&CdcbXbxlO}8eWHY zhvaqI60a-gq%zJNxZXrA%FA5m;-D^UmERGY3XH%@h5Sh9T=f3L8~CT#NGa|MZ$D;F zntrEi;CaUB;?m`d41A$DPqE?Wh^c#C&fbcOw+F6N`<1%Sw~DWc&r|TZc)FLi`k+Ni z7h@S;5HCSL+{&RF?h2PfyV3iO_s{BwGbT$G<tMC$R*?0qcOqh zUpWgsi7oK#ZA%U{M9Y6lY_7TjyV=mBw+5nfpO7!v^PqUg)cw@`?Z>lUkeHSKJSeVj zmp{-%eYeHTpX+C&19cu$?QyzR423nUNoya<>t|~IxpjIE2ASA|zwEXXuO6>!-m7Ju zmgjlr)^Yue>G!Pc`$qTb+`8@LxfSg9Ja^9q^ZuUWoq5xA0c{|kxcByG&I}ziR{Y1k z%xwv^?A8{$brPGnC%HadWAyghGFfZwCE^GE97h@Zk>nx!%C+jg%e-QOth&O39fmVIW~{W24< z-Qg#-*UmnD)uemkxwqEX@BT9QUC8-9_PdR~@8Wz{>+dh*OhEhHSAE}|%XhKdcbj7& zXM@@AR`Z?oNgf|zLw)tmeEvD#)8D3EK!JFA2H7CIwu^s}+q#zRHV$}8&j0S~$o;JB zju_c3yQq)*iifX6o@(!h?4k^MLNVC2gV_pD%4nQ+0 z6x43IsmG0EQi%K)s5%|p9t|Jz1pxdJCEZvyK>c0IxmKm8UA1wY9N!S4~q?&`f9 z?AG{TXXj;LhV1df?4N;|U{pr#Pa|jN8hnR0zeM{xMzB4YD4`%cR zIzc#`2M)E*ZZR}fS?c0%s)s-2GOPuEwm#fc{Q9!9nqQsgl-;|QGgD%UCrb|kE9u?k z)aGhMHaAk&S+et^TeRkjE~1^q=rE(dkn385EAn(vR_Dn6K+kHu_}{75sPEK&FZwo# z-7h^Qz1xKC;=dMd{MT8!+2P_Sc>UDZ+;wPIhP&_N!5Vt{&K>!@_f3z6L_Z{)x%Tq{ z;>Y#HdGX_QXCjk0FFVylepM^;Y$EP~U)&5#9AF~3C)p;sxrBN|E4rs7ny~|m|BC%F zUVN<+JMkKx)g`ASYI!Dm*Ip|gzLs38BH07{7VOM3bYYx#iCeYV7+DAHm_8~_NiYVp z&ZY0o``r7Y+VS3Z$2}*Jx|MO?!MJZd!nm=AHST%nu1D#ok?}S*Oi3W$&3Lo@aPO9| z@itEh9j|GpJ)|Aoqn+;eu}0Ngk@#g5ejNFF5#nw!V#Tqe%M%g$j*uG~LoRWLDqRFoNCT(A|LxiBe9T;l6vyZRXG_R&I|DR%U+gZsc|7mk8`7`V5W85qfC z&Gx~)nLfDBI}^N9Q>N!e;C>782ER)DX6zg2WdnN##G}^%-#yKzm~)+4xo6?-_H#<2 zl`+U~F!N|XC2^v!j}BOF+_T~Fmz>}&!ztV&8wZM31_bDc>)W|*jt~TXR%XixV-8AsrNuDAe zHujl;57*DqXB~UTSZ8ii4XaAtU(fqIZ>yu;nE2A;VRJ27_$J?2TAprb`7T4ti$%+a zCk&>uxJzfjJ`DaFTsq6j39i-0SLow;YJ{&K&qltZ>Rf3p$4_6K{<)KX{Q_eZeIfr1 zUz<5HhkE~5;nNJD$5acdC8Tf3*+F#0xdOt8Z7WYMu>K*s%J2K+MBSjik@46D19Rzn z&ItN$9-{B|kiNNBHK^|ou9Dhdu9jxQ=jTx6XM8%)8-~MDd`$=O$9<`vLT~ z@+*ejck>Xu-0t#n9?ZGdOWuUVQLWLd?A60B)EQq|XB~Fm&JZxK2!T2Gb`I*hDv`o= z8^GR7VYdyt@AwdXH@JPfI>?is+}lXs&8iPTeaec;0&)fT^=(^j6HHNmyr7twYwUa9&k{+edB_!obua%-CH z39;whe5hRfAj%k!Vf`hHLuyMJ~S`kM=*00$%FJ?mJVwv%3)d zw59_5{65ezzHy{kU-A1uswbTX&%-%*%Jq zKe^4N6@Px2&F45{*5G`Ofq{vvFP^Ze*>TUG5-v{!r^@dzbCE3Z&81Cq>7cJ|fw@2* zVRQM6olA#k9T?G`^qt~4$;W}izvQp2#fbIkY|OOu##+wk1Xia5vpV)c%g)pPeH)1d z($*VQC5f8IQTu84%D;&?6Zdhg{E&ULIkkkC;kSuN(udY5u7SSx)k6<8#4ztB29Ato zt)k6oMps0SBIY}$>viUqS{vsb)~xSl?E?9|ubwu*mDVqW6Rkn)FLyRCJK=qaWs!LG zWjCC0LC?Pck8cwneVq03sm|6h$Hkv{wsqwdcbxmpn`SUc7!kFotFo_l%pp zc7jDo*8_qBw5ptQGw=JEH!x9dR`0`3|Dz6TH--=8w-$G;MIL5=Q$}#md%z;|Fn@uE zp<`ewxS2Vx8=v?ExVOK5%5Oic6q~cp1e@)gdz2DS5sS`<|AABKOwQ(|PFN_6stk;F z#lCxT;`cLL81(=nd@ute#T^7A)*6NdBl+RU)q`R5A;D;d4@RqphS6V-5Jm*(vM~B0 zzptMD^((GkxK8vlBW7W={a8akwa`xnxby(0WJlDck*Cj1u(q{@b=u9HA3X>9Y1*>M zgU24=vC)IafCrDeh6@jDy5yR{@E9d{VCQ9NX3fy>IDUli_^^dXWIQ=X&ct6GckdNt zW7`cpwljZ2GdvT`wD{psW#Dljw(I?gI^vCfcq|zoKjNbx5B(c?c_ZN=$xl0H%P;s{S(;fuoU+_0-GATf16OWfJ;CMg znTZHKU9A1&#O&{J?v=N{*4{fOKk<~-z-sIbOeE*iADz@qdXmi%~zcGk14?Fa##N>wYn5}h5j+m-MDN?*Xx|m zlH|SALSWDH<=7L8eQj4tuE5{+JN5B%waxp|)7iG+bNh~M`}_X3d5#QzBD*eC@2)=& zng=?^KacN)%>$hi?5o4y7tb{Z#UiAq6Eincg$L>Y1_3{25=CT_b`UdQbYuQVly8hZjedD96pJPn2^R+KawtkYh zw!UrDIs)y*a5n`WS8nPcL z1D=wS-$r+9KZEvLX$_;K>qDo%cl%csKAcRHKOwQj^%*OQ}K*F4Mk zK&oBQ`&Ilf<&*MTu+bWdd{6BUOrs0Z{MLSM(Wq=)@tSR$`hSU%iL3!h9yzCC^SLo_ z(XO#;TSMZ`6Y}l(lYB5h*Y#&6pabzewWjfX4<^=LztpT}SjNZ!z8C4QVZcD+j~S!iom~4SL5eRtn`3GO}Jm5!uX-h2=B@M zFl)ZFk#}}L4fly_6w{9QPB!}$wBh2&lRc$;KNi@IV{Fjj2Lp8Yk3Rmg`*Yq4d>uM@ zWcd0uHDiy2ulwHxzOEPvzMSzR!q=b3`{*VYO8C0zUE-^cHip92tDni28)5jmA;4dj zx1{eUd%UF>ZWv#EX@q#XS$Kjj#Z%Jz^6xEAmA(u7yg~oN=BI{nBf`)9E`D|iKcmC( zv+GFw^!Wn#5ic$C;pP#a>~r|%%0D;%aEz%bI3b&Vn7RdiycK@D1DVm3lZ9G;KUMg; zk^9KOjAY_v@b7{_xNDRBTyAl9V?gG+GSR%_mx)o~ZUH#EEN$X=x=pd-;;yUy_-9vEdbv{Bv3S=(JZW6ZLvZA; zuYSbwp%aEXzM1c0d>=0`KC828FOw%i8p>LnB5$wz~0yGfozdoS2o5etBc^osoanU@yv6JOTMAJ5=#JD_3Mc{dzL~ z{-RKS-|&j{kDlYa7v-6o{88Rl4r|9m)sGjAIbCtXFS8P#L9VqETT_0A?(3V=C7byh zFLt(;jE_I_tABg=in-rjcQZ9ymPPOvds(~dH0L9g?2mzm403icW4#8LHUQt%$FasW zOSSamC&f+NQ|%o`yAN;u@)dI@ZZvHPAHC%Eb@E<0alP%}-F)YiyWi2S_(C#7I$m(O z<{0+yGoR(aNqZTjOJr9I=fb~%8GPr5+5N!G*wjI|O^;{avvB*2g`4~#!3}%3M|y*I zw~=FT4>rg&=%$5vE@#eKcWTE^UQaF56f|e{-FoA*W5xk;afz(*kL!lOxU#VbZh9c*-1%ks zdG*BEQ&*B-gRap!;$rM|VshSIH>d0NJBSIYFOM$%!k)3v>e<}jRP<%*C<$K1#`B)f zUx+UdKaqVc#Ir@qyc>K+I29iK-zkP7oS%CX=;dl zBKf?}=%<`~)|#Q@vysinz8YlnG-O35a=Hdu1Qt3|X8$N~r@!0TC#(CCO}d`PeC9JR z(WkC0E$Tb_OykzxMbVavm*W#3=IrcZzSBBpgmp@-M`#Vh(u#qDC+Ft@zZK4j3GI7n z<$b|Ia2e@4dHMpF{ps)XVfK^{W_s7ILmGG>lbZw&_5_B&S#6 z8^PdZvL|Vg1;xaxd)z2tiZt9(*y0;8xh6E%DuctwO2;Fd{?LY@MIiWpcqmOF-gB} z7cJ^i>=XCAfZTp9$tmfav}|v5 zObT9LyhisZcA5lUf%uEjFBeWi|1eM4FxhxB^Rn{F%F#;B1rR)xQ<9#6tl}Nw4hE*; zdF7q2Jj9+4#RSU9=el4fXDl{t5u5~rQS8T3tUxggdj^+*A@cUcac`}uv$ZZ}B6E@Z zN%|2kBk)NPZR=h6g4&aAY<||2oUtFic zxA7Lyx8wcu>wgyq;rd^55Y44nORcH^9xL9T5R4?(D}eP>=2eM)t%A;EBfdGEHANGf z0Y>O5*_o1Q>uE#lu~TVd1#M`*Rh;jo7w7SPJ>P4;5VDUoN$>mzzV8A5;*Sb&V(X4* zAMdAtbuF-tQCCFpOrmGy6U)Y4>VGEPSMTCMvDZ)dpFwL$Xsv-UITgnyYVA2PrS7>* zYb*||UMXcRV;RplWDz)c<)(aj^|()7S$VL@#0CcEL#OFGL*L4m>s`oy;M@aDWmif5 zD-L!ywfZW?AP<CtMBRT_~+D|o=>uFq{#`Sc` z0c^??>+}8Za~`aqR#KLycewUs@Y>R@;$Nm;{;p%~=iT=EtKs%*Wlw=|1;-h@_S3%A z8CEuZB7if$Y=U*r921l#G)&1b{0dThl96s#y_pK!_qJtPV zG$%UkhVGZ}zmESqk9D@j`P;*PV;4c2d!XAsaNYp^=8@ObZtSFr#CIoSCynFmEo`L4 z+JAD}G&ffh8DwOWscS|)uP2v`Y^HvPc)S;W5Z@%>JK3I5YPU$=yK^IivMHPf7{OHV-kJvLmx7; zZy|qax9=+c(stj~{H6WAMf|1zzDBQq#+qiFiX$uEq_?psaVh<4FWDaKKoe^LM#=$6 zvIdkQC&mve3-1Qt-BOGl1H4r2i4fKA)9KVVGW{($7n2)K{ncSi6PBETlnUyEIl0&jJtzy-Ri z9}C=o_q=hy4w{)i0r*`;t%GxjsXAvT%7BUS1+OGm#>+RZqz1@A;CY~ROd_2bGpJUK z>{98tG|z22KRoBHHOgB_uW``p{C$|e;5H4f2tVnLT%W0q;>7>q>;==t%-ZZ&u4Ip> z)+kc-zzbf%hG&odiOQMoUyqDyqOMZ|Hm>|S)xOX=fa)5#`FF)#mk=9>YOfgmr=Shh zDY9*tSQ|7X8E5Z_b}LPth4Ikmahs-{gAMMCN%X?^y^O1OHSj|w%Qvz$b}DrC`_|Ek z7V;y~RmE9dK0g*#mwk-kRsZ;Fu^sJrr!d}b_Q0s#i{>|vHIH@7wF6n+gq>T7zuR!O z@H8!P`w7&p(tE5g_JJ!~r{FsLruOXmgzSB%>rC?6M5ltU+I$pxpEtVbmCB=wU+Ljn zdnPY3in=GYnxn~Mujjo*v@hMS`;%#B9&0Dcao4_W>Fx>KD`HJqJTRW$)?X4VUE9%} zv!#pHNpGRkj|aXJHl@JJdg!hWx|5As`xrhrcbWm!hbFF(U`|^4s>;#~fay?U(51 zQgYeOXgM=6;E?}L^*JA2qa(oUR_3F5>_N_3{3aK|&mLTa>mDDj9|ca& z`*2K+w0?9#7QgMZXYgxeri(9K$^KS^5|JA9O#g{C-y#QydDo!}(*v}RECj^IMo@=lm|MM1&R%Tk5j`77PELn(qQM`}f6TS=RVBBAbUfAYYGvYj`NH_` z0|SNa%Pc?Lj~sY_v5J?HoL3mIFaP<}k@1opLoZ{!_&prQ>LJFFrmtFPR4|M4_w1M7 z5pQli0&nh;eY^emJl<>@%D%lB*bl**X7BR~Y@gxq<|5h(+PEL*p5@J}_+5xM3($9) z^u@X>@GqTn6O;1kyRDGEXg|)Gon#NB==Vu-{Z!x6UT@KL)A00!i}&J0Z!5O$S%c`W zE$H8b&>wrt2h-m%L*PA3mS@M&1W&z({15KxF8u(A!?ik|PrHMtscAJk2Z8y$&$zkoj)#%zIZ*_QoGwxsX1Tp_( z5-FZv9PA@`d}tr-$2+sTSs!+qrzd*JlS($a_LaSt)V-^RZ*xJz?5CfV=xvPm|8d59 z$4eg=f`$w5k~@y8GqRT3hRI{{>hGm@kZanaa=OQI5cN;QU6l>CH*ZTj--4M!4KWke=Ya*SNF9C zV>j#E!{x8fjUPULO$Rsc6@N{ntssAmlV!G4NEyfPQ<~DI&?Cu7|bzjn+PR=Xv#dUvFR+!cb z&8d*SE_C0n-Bxl|MIH59PGi316@h${3HbAq9Qf_ju2nYxXX5**vDn(<;K2#Vmr3#d zKlBgY?{Kiy&5zw=&Xhksm;Z%q&^kdHyE22V*#m6M+QDVs+QA%R-?X2p$9JQTo>|`7 z0sd6`IjXyScH(IAx6E3;PrhW=4t7Knf@4{r&U|+5fakWI@6Q0gbC}B_##7H<^mcj{ ze~FoBFKrs%&c2(<6ea3_k6Al_$L#(2|CjU2+%<#EVQU7$)p&R zGtjyg>jLImJ=0o~w^m^833vE%tf#r_Sy>vo92#OAy$gXCbY|8HuA&d@j0)EDvTFsb zS=n{}4}{TFtD6T~XszHl#@Q`f_Oc<@3c$;>#HYt0AM_qE2-XUQ^rgzlVH%EnFlzm}ef4J+@Y}{XxPJ`oNH%C)z{WU6bI-^I-YwzxAo};_Jcy6%{ZeRjEHp5V{(SVm z^ZIc5pXXaUbNHwAV6DG}t<5dPFMpK$Lc7Qp@%8$dRd$ zLr;mTv;CKbHM7dLn9csQ>k0o!2_}t)psUtnpIPE{1Pw=wYkCw}q>4lcGChE_d z$v|&C&{;kEq8hQ~w~@OVV=d$PW+!ow{GJ2E^mDvdY|eNPJr6XMU}JE$3p{YJ!$}8!7FaoJ&k|9D~4@9a}=@%8@HZ#ZcKTj=oYQFCl?`iz_I3- zEauE9-kEA>;~2A#Nw7Y^J0;6qc<10peM8RECSCXWh3UYU(%`nV~ukkCY~!XP=R~##lHvT6FZ=>%!&3&kNAc%h0*Mo{IA4Q&q^F z>ByZK@EJOTxIM9%47ke{-aadt4yjr>PGsD?yZIVQ-phadUJD}MD_$IX&!Mvf^aiC?@3TH6k- zEhXlz9Fl91Z_2+gdJ7%jLG2K=skI5oH|-5p9qR=~b`ZyGI&Raz1Hi-Z5wV46apDst zu0F1SKOAV{_*0z+2bzxM-Eo_gbDO?}aXrr8Tb=$t@opusH0LhdK|f98c*M|?7hIG` zjb{A-*>CmaO((hMU`ob{CwqafT^DiT?B>D@H08#XYy~EF=Z|kTeJWn894FZs$*ahJ zh3`{0vi1O6>VS)Aub6&hquY7-`%oNp1F}_eA=N=U*a&;(k~4!`(4HFQ((FY}E7xZS zFwI=X`Pt}+p6i_crSS7U$rR+t8)jX84C_QkncQus)R~>6od#rTingM_Su!AX9sg-h zId2)RmmqJgo=)lYx3$RZAN-lKe7rG!2YR=7P#Qwv{y_v;XvRZ~rNM*!Gm4AiSP>OvrvY+Lc|}vw$(x<3o^RJWBgdef#BJ7{>n7 z9pnI6m|O@gtMb|xgFmeuy7(if75w&r zzdrD*8i{&-n)h7iKKFs&K4`cP{6>@q^^prry^jpMr##qR=(PHP&UA9^o1u6ws2e1I zKY#6D`TIj^TS!0H{jc|!9O~SDWs~;5cvF46{Gb@}=l{5;{uqO0vY&Rc>2BI9XjVD+E^Z<(`0dhtj|Ek@K=&ZEY9i z{ET(Tb?jGSF5`{;8smBxc57Q9yVdIRk=UbE=zvDzUjJS8sI`lj+g59v?tljVJM7UP zEFDb8!p(oDJ-RwNLVFZgORfpm{~PVmTaEzZ5!s`L?%o@FG)+C=Fy8m<(YDx~(-Rf! zA9Z41{lizKz2TxD@%j8`AL%7`tPDdiYcPt5)5t83V-(j=Y z6pi0M=KZqYN9E`5?ncLD(0P0Kk1o#acgO>E?e{yLTy@1;i`UD3pMiaF<@21sy~0u5 zy5jvU_*eQ)wsRx0Zz=YsbiZs@>A(tGtBPyogn#-d#)!^8z&c=tb&B%Ow>(x}6y48x zAy=mMW7lw>*gxwHoC`^ggy3NIk>3&TKZ|w;n#kX5ny_i0!?UZk-qBi|Xei3s{kt4^ zZ(^D3e%BUHH_>h@^HTfR})?HvUh^~kzE%CXxg+v#ZB5Rk2R{d$?Nl6Wn`(bHEqI91JbYk$d>P<B0|t z9@w-0|L6if&efieGZT2aK2Do(^@TAmUn;h=1o+AaPcb&_t->cU@A!S3Pf-^<$+HxE znVdyiS26ZRu4}N7p{2~M5I^TC&(DGXZJWwBl%LZ>|Dt#K#o0PLw4J^YoP&G$u%4f@ zc_%idt+Qk4o>+CkIy?7#%J?}3E=9m41@4TWb6M8U$?pAaQU2A90Y8W9+i1h$R=$Az zn5kJDvVRO5Ydx(G9E-;EJkQSo$9>RUA2^PfSdHiBfMe_D4E*j$evT(=O6g;)lZ{2o z&zaXaSoXL2YWP|Ed7p_-=Jx+;ADH}=usG9F@}*?g+ZvXV|J$iogzzSJ3)yrysv%S0n4{ zd45Z)&Py&7M`uq{)7VWqhrqg!Z=AO`!=oCnR3`3LDWJI5+we~r}K@!2Pqj?+B* z1M7|K1sOEQB+s7F9MIe7hpi@7$2|JV9CL1?;<%bqrkq-${Ozd%|BTJHy^8S@Bc1KP zm!7Wofkip(meDRcDI#3)eX`1pzr_y^o^uce+4y{YxExU&z)$Zpk3jDWg7m(_Ti+e8 z81`}5_1)eFp!GG-dJ}U+PRa($AP;+xg>kcfYt}$EYYpVzsau|YAiD;#E4u~)O=QSsZ%TSsdEys-nax zqBrb~N8x3ywQAkA4_sRQF?0s~Nj_UT`yI4Y?9mWBJv%dr`BXqp(3kdA%g(9r^U*NJ zW9`@NxL`H{eATM$_uo2Tevko06vP}=gH@plM~O%xfd_+RMBKsPoj$ynf8Q_Hexi z+SUC%t6BdU?Ihk{Zu^;=_7^T^&2bNN+vl5GDmoT_w3PWA#X9JiuEV34;~e#k&Z=h* z40BX_`&=*jqdtS9;{EGA9!z1=Ca*Jmve`W+ zU{u!+H2zt<>)}Z2R%Wj@bJp6!^MTsVsJd^L4<7gIk*^Rzhg(_U48_KfWG_{z%7 zYlJiAuD#RnftllC=GOyVsjaLGy&T#ucMj}1`+W({TdbZAPswi$WKTu3fET!O^*aT|79L+6tK>o|j+^l_q6WF^qF4BLX1DeZ}=GjBSb(;H@x5~(GxCp%ZV@=J* zUL+S8x@~;hmHQR=qYnCh(upB4zcTgx>oXH+=q4NUyKr(MHYPvT^4a5# z5NoL)ZDM}@aV4>FQ`orv@y+$dx8CGZ68mB-vI)J|ml?C`AGz%%nR^#=?)e!q7FfxC zOE2^M1!TSDztn`<{yUL3E$@`hG4~Yv(ma>BvgorsTZirDA76SL&l#h&Y5e0nj&Uvr zu65*iD^99fBT3qlZ}rV^xV1Umu|cuY>BEFun2nM*5A2agSdWf^d)X#S1(S{F)TzkP z$36QNnPK3AoHzay_Jpx>v4brAq?q%$z{1+OwWm0<6@RN3k6nOVl^qhr=9Rshyu+2* z&G=F6W=;R-#I4GG4a*a_+KZvh0O#nvxXCLhPCQi%-=m{5R|jHfGl&Ix@AzYA4-*eb z@=Wnn6GK}F+|f(2!9D`qLt|(Qy%-w(*ftfFZ1k4LNjl;vD6?UWQ$zT!97rb#n#G9>y4PxE96Gu>JCK1-RZw8ejDE$eJa^5TTAj@IS5`1ZF4qP06k%2Xz$;9gczE~yB5dqkb4t~ z<3%2h(ZPNkf6(H1Q2@v2V~YD@k8`4+uGP-(4N)|lEU$g|8*SK_;CERa*~dO;~N7w=KB4#5s_}{E;e}_cKr(b zr|ZQ%!^6!`a?A3^7l2(>o_jLOFVlYgmQSYTD>Yb?ROgX-ReDR+l(VbuaBNrG2eeiSLBJOuevW&E*7bFjGgfG=?vK#6Y$g0% zY>1;0zu+ut$pGWKUmoxOz4x5GhK%upiT+Clv|s!QjZ^D}nYnJvq7iwMM&GE$j{FSy zO_o+t+)o4R&oe*yO-9Zjd(+TMz1or70XNEnl>XG(?rL~HiJX_*NY9D0wi)lg-^6Wl z^{R}$V{uVRpJScuI)=?dIxd8d6lb65ivb1sPv5c*udNneMQHme3u|V%S3D+nb`fxG;JM%>xc%uj`Sh2KJ$v+*g{yacB)FCx0j~c1D!X2(bD7>5 zHzm84kem(;&VUAII_B&ZBhR1#jYT<<(iz){6U4qTD)AJ1kBq#DM%)~Y0`lgMSBLXS z*!iLRCgkt$NR`1C3m6kLt2jmm8@>lV5npRf)rJ5039YTI0595ux&mC(VDF_Qe~tW% zc0B^D!VN6bv1TqbqpIp zFt&E6OAoFbaN8+PyiJ}X-%*F4!klp)8y&wL`hNz$=Jr%+)0UyXAD{TW`~9xihtJH8 zBLyuU>AT(byH5@8yD!pDoS%>3Jo5(CM6)*kHb=c9QS=U+Vi~ z2Y+wBaocg}dll{Mq^`+}rkzrAri2~GOSBU|s&G5@Tem%z?(e3(J;=>HUVD*Axp{4+ zz2+0O=aO}HTgSAC{g+Lwy`vKkbPx;fuo|oC0CjrVc52n z>o$fMm+E_WVwZ25=o}o&xr8R>KwoLb=f{D&XQ{ZWVu@lgqc@4aQ;)~{w~8hhuZfS= zGyVnnGTO@LG&1=2GO|`JvA<0ziJ#wWRvu(bCk2S zh&XfEQ(wKJ>_6IXUc`Q~b->MzyBzx_g*{dYzS6+53fyJDMLv(6pLqRGe_mtk2w;;0 zC!f_^fR$|rU&+7!s?C94{d(iA>4_`KZt76~GZy1_FQ+z39rf@`|Kts%$XyBc`Lx%k z)|~1YS1n_d|Mb@*>^s=*dfF8ptUoOpk2a&iq{ANkSdKpKLT_37?`3nA zR(?J6Bsfh$qYYy`dYE+I6%W6&$>5_FdSD;j0nxGWQ7d}D7Dx{`)%o*3H?ffUrw8KI z9UmdzidsR9M;EOYEbaHj$TcrkpM&KN*Ot6`)Yq?=yVTI&j2JXfq`i9%@}EA}K?Cas z(ZIQhIqHv?LmlIJH+=@jUo{-ud*cm$`~Ok*HsDoNSN{LGc?Cg1#bQMzm!N1-p#mb+ zX>N#$FKuZ9E$!e;5`smGQ>xTbht>pwqQz=%bp|V)LI_BqRWpiX9ohm0(GH!K(Xn;P zOua980izX1TZyRoeZKpgeeb#F-Xs@he!u7c=XrRNdvfmHYp?gU_S$QY3ef(A5u$w& zv@hP8KqgeDBv=#3-lM#0WkWn6-4@eXyfZI%&qte=ZL4-f1E4s2IkHtY_M7eY%w2xx!`174z1e)OBsZ{tJ~1<$lU?5VmNR!Zds}7NbAq3ihOj$p zsc%JoE2slXY+3(sc+-mCr}ILE+wR&*pFeb#YxAc@E#80nXID;Fvi~@fzJbYE8FkQU z{wj29v+VcmI6v~fKd_v;-}SFC{0*a@;7wN^T5faZhJ9=Lq_-wyS9)xQ_k^xazavx-bY={lIYfdA#Mz)*ekZaE1Bo(c8fEtYCtN zp|`1v`MqFRk`2S~APh?ehQZ<#el<9LpMK)fr9pnph1dD(S6A=&_M--`Kf?a+C|zBB zVE#}1G6{WLJh#-OWYVnXK5sqn#54WjxkYQ7oxR4FJQ$Hlm;SSlZH?{6u*P*;R#fj; z@2&}*GS}rD*JlWQNxTy==Q%9ze35lY9uxS&w+McGc#B($>((Ir4-5>yAJ284w=kUK z^6y;3zt3P-pRq7Z7jCQi$Ln>1Yfd&?-wwhxXJEK?{5V>@?nf^DX&Id1uJ3YB2JvkzZ!KeuMh2%xdYiSrrP=FyHn_f}1Fvu0 zrys69@SqD*2;1iRn&%i8c2j2~K38p#czri85&NWgeGc$YFYv*C2^Rcc%cGWO*9T$2 zf3rSpF1_o=PkgG?2cIyo)bSaeG$a0I+MZ2e{=}Q))u8vM1jCwa814wdux4NwcFbE< zec5wHFHWojAFf^;VPL47?9l|D)6(P=@g4DWf4cr$!9}bX#LX9ja1qxGgqzFeJXn2n zyRr2XJ--nCb#>*6iJ3O&jSpQ}9>_0r1lOW$xGoODwP;|tEUoSO#(CdAR{5wq$N0Le z$;EYieCC>dnp#u;e$~E5Skt`hHGRO{ZgFh?N^4i=9ow4T@V=kdn%=;Fe`%9^g^BVV z4xIRR)$5|hzxVOea96(0^7x7P#q!e~S|@p!{`l#8TI1sEHSP(naq+-wT-Wx4>UC30 zoZ;iAQw&_8k7nZjOKIHq>pR{oxN5TD`e6{Rnt|a8^3#3CiTgNrR=Kh}-PIp_MjmdD zHyA(N_-f^>E71@!_TqBE-;@piSA+034GjN|_QvWl2R0h|r*-XQh3b z0>LoLjdjKdhUM8Xd^!lj@_}KP|6+6X{D)i^TF_yZ?~VU*0x*yZ2;zBaa1MNdf%H-E z`{R#+PGhe4VfFlbS`3cTe#yrTj>7mUVK*K$H2UWcTwSJ|iS+!7o59iQY#bE@;a`1h z@W1olu8zn@#)E6`^uB9t+V_VkcX1lIi;rwgtRrXfIJpb(nRwFay#qL1zNGH+Y4QX+ zyxhgh_vb}^GdGv419KI)U8h zrJOY;XKH;Po#8zAk#t^!&x`LqF`Wm|=ON_GY>ri*caz(;I22DevVZiG5O)~+`+C7g zt>nP!>0dRLedHDR59Q=I$I;shpN3q2;kH?R$?^<7+@Fr&-7##wN9(GaWNcuw&G*z!aOQqP z>+Wh>dB=@w z8_S)!^LWR`@&>+-8TgpXjpb{>`)7E^#&LS*ZemFrFWYf}k2SgD?keLBan0?;pY|Ph zZa4nifUkUMVB8hw+BLX7PvhCn+)2D+V;qem+}PMHHLl5ny6cXSZyOi*&TiJ};?IqX zc8zi7ew24??7=t_#c%FAZtSsv`@%=^j-Q8Dge`oo|K5lVE#)0+|258#p}^<)m-;MR zS^wM4^Q`iHjjsP)%YNUV*}t)Vv3aR7o7w6b<+;`l$BPTm^pW_`r9>UZc zy70Mv5cSVvf%Fg5Z05M{&jl5&` zOEeCCp_gNId9RXsiWS^DI+*MykbUisA^ZE4yF>Qb_nQ)3@Rn;wl(W`eoX>`4$-aNR zEASOvoVdP1BRyo60jvKE!$EYKwe1!M*mme~nvv@mfB#D0JG-@Juh)fSzmm_=Y0_oV zYunx)e62n`m$B9fcCC5nIcxKMI7g4THot|np2ywK$BXk~3r8L}xBDa(j>P%Wo$fwK z9lUVY|A6+%!}-%b$T$D)eHS0X@X6gnbL@Rhz=t4K_#4*i@(Ml#`2p>Hnf;IPWziKU zV9)B)`yX9JgZU7y9rD}xm#fou{seD7)YkFY_Yx!E|5MqU9!>9S{K-wS=}mW5FTeOP z_2pUILJdU+@z$yh`S)8Z>ZiAYY7JBV1$!d-_OmSnm)b}Bzfmt4!q#Z7T(y$n{|Ein zzUHF|=XJq7d-u%!zu9js$di-c$;5p3?0ZOOnAv|Yb+$F|p?4-b=Jo$Iz4gGgY7fB2 z|1bNkjUEKY{(8WH5TDJXs^grphM$HBB1^s{DL;rdGf8(lyIiCK%{lJ&=JYc)q-{B^FHh+Hy<$Y~m z2U7#N20tAgbp<*qBSt`mH|ZXmVDDdSyXpOlZdIMC?0l(&_9C#%hdC zZ*yL_&^_1IlT}g7M zd%$T&6+Ob#XL+L2`%CUOJXGQIex=MkyRBZpuj8M%XTFDTi-hQLrQTSKOFi)RIAfc$ zc;sESUfyXrtOC&0ENG>M-3tz|cs2&^npR_?K@B=Mqpr6q)3@^bOv2mp z9C(vWS3SS(X6Qx_1@SF^OSb1+&Iav4pZV`-Sb_hF&(*9u8eYW?hx8el+vFU1y0aAe z4~z8b`EcwrzE;0yQyv*vv}QN_wTgPbO*bw);_r)P^JDVK1{%ZE%QU&?Hx3Pxeomj? z(AkadrL0Z-3UB()Z|H0Xep_2TwW6;gtMVl}HgJys^gB%dhxA%hO!y*M}UyL^`xV*Mg)h43uC7=^s+r{N9cMe82y zbBx+?|NC8IBE8R1->Le#R_LKR<8J1U1IJh=)Uy$oVyC)vtw)Cyf%iCg@1U3BO5RnS zr*v72K7aE2j4p#uq{}Y&pl@!6k+n=1w^PG3)|bEY^Pcrx#9!jW|CpUEzkc7c8#wRH zCC?sxZz5lJEcC?&wRtgfvts7IdjmgnNy^V`OZk~g(Sx3!SzAnxCEhW;-r$XtpUFGL z8(scL^Mn&AzPCxqYQ;fEmogP)IyAFzr48~iZ&82I7ydGJGH zfFB0aSNOzjVI$LNpICOm{xkZb-PITOkURTu#A)d>HnLmzFA4mYB>JHP{n3g3ki6^8 zA@O-2dR)s3k%FoBlZ1RQV;;nz;Rt zhBZ84{Azlb|1Efv|B#%`czSORKdbnO-;}IDkJO_lvB#QEdSNp9Lhu-vW_f*mfGwl1 zj}O*L{1U;bK3NUuf|Y`kvEn{hWusIZULlx)LABZjZs6*eAbs!a>mxXUu@m@WslGm* z-ZE>S6m9W(jy(S$b=vqBn?2p6yR_v;B`X}x+;R^ax~I|K&xiGxem=l&`}xdgz1@87 z2KNW~Dg4i(pU)u=_v(4FQn51Y>6#8)vTGC5bV$<6rvtq{gtaAsMRzrHq8n8c-;MvH zF-50C*k}1?>i_v2?C-Vo^SPFOJ|DYr+&8;f^C8w8XU#42x{}9epSOIYdiVc&2Rfh=RrfAB=zKr|Si9gK z-H8(H-E-)R@Q`>%wBfxB9%4;KpR;c1n|t5xoBK7%R)AL5L#yDkc|6k^`|}Z`+ZTMM zf8Ad0lVO`*IRvc+yYHnF{w(w4=tb4#rDMM4V~zP_iv;JT1Hkzo!0GA-_q@ zIkL`rr?(3~EOg_Sk0`z@8CkmKS)M26lN-P$OSkTlPnP4Jnb+SZzGVD3G)z3tnD{Uq zz-oCC#0U;=li8a~?fis=o04T8opPsZJ2x9a2x1Dz~Rgi+3-5 z*!Fa(3H1Bm^Tmu|`Bt{SE*LAr$EIfse5^b|C4UbKfAF#H^X-C{-Q1Pe4;fyzG4hVz z4i+Q3JeErzOULznDz`5FB{_Dhe{W(B=fe@1=S$?5B!pXdQ+*zFpQ7j|y!^c z(|B%l1;_dB5+kmq*PVNpnBrP|p5}1lnbCjbY?wc;-5LtS zwcc2{)@k+mo_^M%pJ9fj^E;wy~!6(9S^L+BNOs@AhwQ z%{aTur>5m?spt?fnp5#J{{P0d%mua7*J>LV&&j`EVv)- z^e!ScQ*O$f)8pM3^52O3$I79FbP{Xp91RbR#Ro-3Dv+t+#AnhK@*7@c-L*#M%c4c% z?;>aff7hw^=H>30LD6iZ&ScOhL-~nRtm(mNp&|ME?JYgc~4d8%xNv%MIbZfikg(<|BIE#{oyW^=x(xFNwdTRsUS;2lYywa=~w9cG`y*T>LA#9p=7B)GlvUdS6ZUn}e++i@2 z@AG+DE%5y{@GTI0ta~)@{Ux7kPIul4;Y(V zZ5Kc;vhVg(@tKjAc78o{%LaV(o$rKhspV%a_q#Z?r$u)oQ&!$} ze*cjVKJfNMhNf~ik}+3rxX*N7nC$Cl^aXwmd2jYrmm>SviZc0I4_(Y1E1Vy0l3(NY z1!xY8J7xxFK)>92t9X)lVeWH=C$+y_+*8Nrb2$(4>dm2Bc87^8SW6i^{cIU)@$)Wq zFXzCw=fc0Q!n?0iJMrpp@J{}WUTEO>-s)GyN8okKkjRX_U7=gT{Ep2;c1K3vq@GDN zy<@-SYz?#LA9jYI+py2f*LFkS+FE+;`J;o&?T%AKa~c-r~XSXkVi^8nSS+SCKE=6xh$$+IIk0@s+BevBCL1KL5tTj!#up5`FQYr-y1!%p3MU&3S+A zA>_r6^H(`{E%{Rqy>*Y>S3TywM{gDHv{3)Kc_cJ=5c%YH{D%Eb_40@ z-kF->oiOWYMDCRDSOBjmKe0hIg^q(RZ+!6|4imfcH|vYGW1p2nNMIB7cb!=kZuPsK zy%&TP{TcUQJ^JZ;tLH!Z69cQ@hhJ`Ae(!zNlB?a+vNm2IcuS(HS5+)l3H)KsI$J*f z^TNKhW$<}&i3`s{U{Oqmy&5Gy!u@_BeB$0w{26?2?Sbk2I^H|nS{h9zhh+8+5z8i3#Eh{+!}I>N7eR==OAd-{9t+ky8o?(wX0brj#_4)$@tz5EIP9A6E5*O9*Z z7JW{*_saj?!oYjE=7_P*$5>y-yYxh(2DkI5o2%Bo5;DMkSh|OM3Xk~MD~8e!^D^?3 z*vw7X%vIRTJK?)Kv6*q=o)C8P5K5;&c9YN7z^|Qr)*Yy(|Kb{SE#s*6`Csshw0|p| zwF4bl2Q3TG_ciEy2YXtBzTbr%-N62&dWk(jt)qigc6-Rwnw&N9JMSFo_GGkdWZp75oHc7r8yEGh zomu2Om0=&qFPwvY5RXb$uyJ!`-;|HmcWws{yPdS%tL1&!J)X_AKCxf+YsD*<508e6 zGi_n=XeK}A;(;z=%DoZp5t4t4jKrq9@y15**9!i0myApM3!{b5eT>sMqhq>o%Xcc= zyN6!K=jEQ~(S3bmur+7$|E#UCSBa~V=!9--W7Hd@B>MLjm*gDs)z!~Xr=jsz0jGTN z&cY$v?gF;e!1yEJsG--ma*n!hR{bl~t6XuD*&mg^immV9J64COSKPrjkFGsWaV={x zc}U`2_0Q;nU%TP$t>gkqZ#@4<@yOyeTj23-c>EANeiJd-1+HHovm8aBrubKF} zWZQkfnjpuSq;L5-jIX?t?q-TJ|4&&%hChEQdI+EXwrk*(QgA&CT{{AJP9+}yAa}jB z8$V^oiv^}XNN8Jx7==97_KG6stqu5U6+@i2V(3wm2PlUg6NuM~oPT?S^>s~T?~Qzi z)~FocCh2!eE^xN%#&eFK3(P+G zXIQ_UDJL5*XS@mYl47j-yDu_v^~$S0bp10grYvC25OgdiA6G(Mfad1?!}T%s_`BnY z6PVxdx_zH_LwrZP?0-(LtHaLZ;n9`?&)4(bxA+#G$N2F46KH`wOZ_wPQ{jnjf6Tje z-hV`9{M1d{)I$vQCNb38q23MG5-(nj-5X0RwG6z{hdNGA>JH-aRgE7rchgC(v5_;_ zcbtY!17?>#rv6-OM4yaT{XRUZb^rK%Z>@zRjPH81b!fDq!P$B=>Hf_0t*1rXyVyrt zmfA;aPVJ+Orq?pETnjHmhB}ux_?+q=P){8palflO^$tColVdA;7pf)(n`(N(Fy6PR zMcmNfJQe46-ANwf-7>~Xlvnm%3I4AVpRg7~*KbZTbX^UNyKnqB{V^3U%LgrqKF@j- z6DEi+H=>6-S&z-h#|p{G^SP6lG*MAWPtJlh9ZQjis!HrmrP;&Th(1hU^W)g-*t;et z&pJL~bik26l9R`V*u9b1yTG&r+2Q?8dVFsR^wTdwA19ac_X_Bz_p10wFIC0EGYgzi znYf)Ay*UruZW!iVQcLXaP>(xYxSbH{b!0cd^$>k7T=c{5egDI?D+2czcTT9}{x|jZ zA)e-U#g>iKL2(z1>7^U@(Pj_zs;iuF(bJ)cb89wDV&XgSrg4Z{ja+P|-#~)3LZ7yJ zk3Pba?mLD~ZI({4cDHZ$UkyN~uO17XW{FJY0WC^h%z2@{z*7AMdVw z6i54x_AehpjsfqnH<6L5OuSDP-ti?;cz<(Xyk9;5-v1W7A1xg2>Y^(5XWs*c*P(@M z^6=<}&a^HvbReGTkRI^SVHdTdN9%{Vj&)5ITha`1<%6Wi*? zU&uW43D)}Ci=xv8pz~emp8oV;mroDIdXRDHLVVe@e3fkbr#GN8epqU6vL{XFF7#k< zZ}M66On>qvf6T^oRh-+>-kR*vA<@761eb1w9^DpubW`qtzm)}XO%5T5>sryR+#9Ff z{n zbE(0~rDv~z2hW+*g-!U1^>>zlJLAK7{!W?dDqk3nK3VS8Q+dy0%vD7H zuh_f@^<&I&G-7JWIv=m>w`aEY^EmUO|M(+bpL%1LCPfdizVZ0x$wGXMdd9SWXZ*xb zVuyLq0=!)1-EDg(_FI1M7Wis4d=>1O9i@K8+-*Bd^C9z$=hko(5*rk4J0G6bns;HJ z)GzzQAJ8wGxf-EGVi-Aha5o8@$yd_<&gqrz{ZRNvwvOa%{_f``?Kj9*ihDX@rhFyj zRkbpfhaP909r!w$+w9%p6WodY-+aM^rZ@XJy2D2P5WY|xKPbjnaeOg9O)PJa%Wu}b zHJ99bbZs{L+uXyP;TD53r=}hGJcZeCrC{4Rssq)P7~Mk9fa^_>FaHyhE%#bvKk~3*7gz{*1e! zSpRFRzenpQ7qFY&_4aNkgR5HiZm5I3uAFy!>kuvay!w(G0<`h_vVI+I7ASAiAS<;&*M;h#f?^{c}@nYFS>e>qdPG>V>;iOx4Tj9^S=O4@34zRXKnQJ>qYn$X-+kt`CcE&(!gT|(I23o3i=2ty^ zbEhb#_T<{~=y%tkzXH$h&he}%$Fn?+nhw8&5E%=_A!S*v_(!PWu1or~dtF_pdD@U@Xm_99ZUIR~CtM$PF!vdLQ2 zYxE-?uXezzn>=1!KM=11xAbI&918Ak)^M30{*rC=g84EZuXY0$a3*;_mmDrZ@0(as zI#loZV#*|IGQ7(A#j7{}ci-H<$wAM=cd~i)zj8c#g=dy8U(WIO{l35dYmUFa;QRY? zIsU%O_xGRkyLiUtPHZi)awz|DMRu<0AL$L?=1;u)x+;}F$-J*C25-i(5efMf_@y22 zPbd7;MO?Pm!U*t=VC#jj!e#1d@+R#v>cSv!h_k}R`UskwrllH*=r}(pX zpTpY|SGc_0rn|F5^El`84Q{Zxt@6FF0cPK^fjoSY-W!I;iL07QqCXAd!p2oTT+q)} zaaFU!eQsYAF3|N0h_4Jj@PEVjzbh11p{qC8{1v~;=iN_TiixY>Q$G(ASCLzpX6g$Y zi?tu^)=GBpy%oT0=S$3C9Qg_K(k$Y+?r1N8-ld}TYHZFLbnyL7Z}$UEZAQ z#>v|H|@9lwiqb%W53!*>s6(2nnA&dMCPqnv+B_T^lm=Pam-7^M7AYzBVt?d+iGC zIh}ytH-tKL;v!k{>WfOIGrR-5+4L_&z6B$%JMglqX%iM<8 z;4)`zi0Voecld2dtQ6ZfjIl>J_y@o|8k~>ecYKaVXJ-2x_PkQU+b1*rN0ob?WGi*w zAC4HEt}&d=*yu)`yG>#@I0Ma&xGtR24PQ-asPSmmCl zNK9dzD#k#+>->QB&$Qjbx5 z$WS-5I1AdeV^`D@E;f4o!+sdD#r|N?h+X;qi@6PSZS^U~_Ji_yw0r0FE z$L@0K1K9c`;xaq#sdJjtG<>SlB%Ie0F+g?+MBvJ=?g z8lB6c4n(=C4sg9dwjW$uUNb&Ow;NNou+{{4EQC&~_4qQejC>h3$us(>R1&|e!mio7 zV0Sa0g>eV7|Nf-vv(^-2(r#u*Qwpx>jr*^_-?QDh`jT_B;vC+Ih6! zm5{E5N6OH(I*U|<9qvG;i>TXNg&%2aF`mOt$C3FE`?jVggE~#gw5iG9dB?TyuPvx` z>oel~{xW}4U3VP6bEVfmCdqvJc%IIo6>j^6=32<@u!R0T-ZanWu z$Ecz;E5YO4;Bm%dkyUuQ_F5(dK zToEejx%XY|`=;kcCb4+HiQzSX8HTd)wy+oV5!alOB`5Sd3WoJhtl)yox(tUF?*kJ^6&}v zPm=7f6|jF`azPW(ljPQeFr61t0Bs^6n`~1S`CV!l0()n+=;vj&Se0@s<0iwfr4A0Qz(g_pjpJvDlFC1bWi&e$h(K3YVAo>bu-?$tD5idr_t9&=aZ$YpmqN5&R->s-$|?@zCDTkJU3>75Ph zTWx67hF&7ZE{u)~uG8-O`qpV^dyQv#at%2I3EIMGb z&HbnzzkTYD$G3)~+;;R#@vP)>-@dQr~*qv-Yt!SW1O0fpO!dojnOjf>~g2KqX9fO@eF*&Ch-g#pBT$? zY-cAn6njoR#Wd`&doS+asH&x>!Q2ju*v->Kg5%T4BUCH0Pb&&Str z#=yfRJu9xEzdd!$UGV4g_}mkyY2U#7ssq|U9V&UP%sb1FR2zZPR{&)>m{K>zmi#`g}4PzmT&~%(Iz!WJl`w{4BBW4XjD$@N4vp7^WOK z8jtUO4)LG(?h0b8E8Q42Ltd)jRmJC*_A|G+ubF!=d<_wO2g*w)LZWw_>jXRBX^H-YyiWV#-j2sY_1`*}n^ zFz#5zog1$i9X0W4`o502Wj%L*867sUF2xVyUHN9e1HU~b-?PN)raq1PzuWqp`SWH)mK^Dj%e0=rG|T?2`#A4}QLr?Xa?NTR(Fi4?b!YGmjq` zt&^YR!^hkJJ_J(@G8%-*Z_j4;1DEY#Z1zFm_bbt}n@ta6bOHT|rT+{+u!k9Ao|BtD z%*kKJv%W_8fe)e61M538us+*wudg0m(NsWf)1n`i-}j-}M-ohp*q2;9Z~F@yINP3i9IOjo1jc&ml2Q(#xm(YhX+>_rITI<}Q$5!+)K{Z4bOx?B#Hzt4;13 zf2sq&Y6E8r{QgfcM`m-?%1>>(Jll`8djYe3XJ&$9>?%|rxAec@-{a6IZ0Zm~J+<;n zS*vt=9ke13zc^mH{$ZWpu;aM-FxOwchqJ98ju@5pmlxq1FUBXvZ&nTMbH?`RObGnW z*yNmN+%U|U`YiX!a)w}gF@Em+3-7ERbGduo^gQ_Hz=pr89`pDk=KSeyzC&!*yxHUh zihCmP&}?8kaMus254`)Rd8ZEjVcs$Mk79EVZ5?^Fu+g=lp52^bJzP(pyw-w@I!@C& z6Ivzs+pFyPE@oUmEb>>(xF%LF?xBWv?quE>v-5k^mwoidn%nftH}80{qu`ssJ4gH0 zRj>QmM)OXbXXYIfF9RPr`8u8DG(JJdz^k194e|-38;K_*8y7Lo^3&E-A6Vs%BRy%x zAtscJwJ>hX?tzdy5PgE5HIADDbN{Y;Mk6+6BxZ>dziiO?p^>L@rZe(HqCCy(FCO_| z?RS6g?rmX*P3-We71Znm=9DkCx6!SMR9}hM7~&yfp*vaA3f820tR^qdeG9%|IG_%AClHqKVC44>fypr>A8F-%RIw z68L4RUr-)b`CLg3h0R(XT+Go1$`_*d%t+5(Lp0f$?l(+23IK8?CFA>lat z!u+SUVPEn4cYbG=Q@qCRH@Q6J?hQ)sDVECWFN#go`WId~aDPVWwxv06Y;_y)<><8b z^5XS&x8CZS8RX;JGwZFA}e&uMfyx#$5rO!d@Q` zd@0jgB<$6ah(_9@lCCW%V=slzf5Di7O*%NVpm>KEZ_i-;d)%5R=VRoLy#64S)KDqs|N1NVfAEc06P7+( z2d~(izcay^p8370(Ldz#z45{CT^!w?&-cQ??@ft5o5%NJXDL@kKLW2V$c35wEpoZFq7+==|P zBXjVJcuf4IxU8$Da>kdrcgM(4yGx5ejb5|K(Nd##cMwjSqs@XdT?>|i)7YHSo)+$q zNx{jUZWf$tfpcAMIEQoQClgNUn3R8iz~qv#3*>?51hmOSs5_X zFWvMq$A^m8bNKBA(b6ESc2C6zYsA3n_6hBq=i=7%CNsWMNly#$hF~o*`$GP{uq7_6 zvoc|nZS4fcBf|qQqKkwFe8tQ@;pn9<#_#fUQwx4Y_*17wIoJJ!UpH-P&rdh`WhTjd z>bqcN=Xca)`SI4@yVn%t_uiaPe(zPF+i*aJB#i0+t~uu z+}3+_8H@OdowYWRxX_$iQ%ypF-_G*+o2t#h7wXT>zE0iTfOZytC&SM2xt=locJ|#b z3}9!WZ+~|7t!D@0W!DGVbrOBteEqy?$l)svNZ?o7d#GBdiyVh9ralGA5hn3dGHvX% zXfgDR;lpTuCWd@&=CjVp*>U8D#n4Z>d+o({`_^t68RSJ5p35q^H}Nms`_u(T0lnI0 zHlBx0E9j}CpO%3GAKt)$j}wF=`CAVTe1Gi;Gz|bp8*uCymK%;S-o0GlV`7VP2E>aN zA7MT#U$Byz*Wmo^%n#h#?7ExSzpF1B8?|eHfH_x{=AJV+R$H#IYSUviYApJgWXiOQ zN86WKH9qp?gJXZ6u?z68W;&(vLi%CNrTy!N_dm?`&rQ9KxvL}{@7P$!)I))X4s4Y6%rrOs zN!Zhv80}S!)peeZnCTL-Zs6W#T2C85u`6D@GSTAmeQ*87FUH zd#f(Y6V9MK|NXbKWjxBW!DROb)BBg*(+F-%KCj8O=R+@&Jx||XVehO^ouQ4Jt*o9T zS)K36Dt21-+{#r-R^gcpS>^Mp2=E{`IqbQS)g!MCBCFWG3|Zy#62|n)YGF!NeYJAX zCMnurH#20lH7%>5N?n>>4dR<=D4QwQ^`&wjOV2dDCD;v3mh*;4iq-injcB(E@I z{VwMg&KAsFzsI>HOm0Z~(lzwqYr!5X@38JO^w)gsC%3Lge!}$JH2c0OzN7yKe7BJ^ zyE7Y4Qs2%Q^`FHC67SUyFIXenh%M!BlcKxWbC5sq>p%6az2fYE9rM;xLk~T0YUVv~ z!M)Y%{>HuAu1>JfLvQ_qp<6=y9)uzO?;Z>rhUEprqrkB0qq$*l>$VHFjlA^3wH4qY zP7bQXhlf|eLksv4{p#4;2roP%x{{o~%}FWm@!dS>SD~JPtViS9^_uZDC+mHc^;Yt` zHy8JN4UKLL%yny?bICta4MiRFwK}newd{tb_+8D`?+T;a{e03w9a24XZ4jRTt9U2G zvj+HOH$GaB7I#=$k&>5HH)FaK7yEZfc(5YdpJfe?N9%b-*t0`NK~FA2{#NF5Jqv1Nv~Y z0(ODVhcqU1_S=SU&9Q#m@U$Pd2-~ojHDS*(Y(u$vqPscOZwy9ja$w4L-^G5#-bVGq zr49>SKY@OSeXoaZAwM&>ug}eWbuDpvA3=BTolH;irOdkweq8R(53d~#k32IvjTasQ=r1v~*n(7qn{eX4Yzi#~cgV@W>C*{`~7tn-CsQh8*0AKxN*LNelh2v%K4uB zfiT~VqYonH&ViB9SEwaa{z83jmD@>F@E$a+r^m3#597n!KLj4a=c!_>nT%7$nI&t# zv^S+QfeGT6jUFs)V2tYP8=l^KgWuvFzlCMXUYHhLAbR`w?f1VJM7MbSrg2+edT*`u zJxu<^8@p0I=;_m=5dGr{@RsZG;9L&8W3kTmn zhVf?F{gFImxhcI?OtF!~~rzrMIO z&-o=cG3u@qcduYiH6i{*MmvzDPV`|{Mdb{$R}N2yxii}2T|M5DzJ$k`!w(fl3j+Sp z$MT(@F_3}7;aYOV$bjFU`)Iynl)_8H&~YOibG9g$-<&_Sf7_@0W>wJsRe9(8repuA zGVkAsKgm2#qdy;Kt{vDw_7^*L5+Aj@b_P4RU%8CE|A`%Z(zAn4r|jVVF#C$=AUEIn zc)$+w`SQO2R`h5NJJ_aNMjPW|2gwn;_X`knWsWJ`>EBo6^8}5F-uK(VfBu}u*YqY% z$qqIs*}&S`jUC*d%4f8vWqkY32hmIHS$TGFf0iAjFTAmX4elONSCirEw!NQ)uU9kg z8t8bxJAX(yGHVCnH){tU%yWLf9jpgOs#`2U536_Y2AzvDHQFVdmn+?-b9u>m&=q?i z-!KO6e*xP^ANQvUv5gJb##(A!8nBIJ{1ko~$@5z~t8;k;*a4l_)LAaa?8g^HqyKT# z^tnj#zOC_yD{na|(re$bX9mCVXZVHZiKP*fXOO*)0qgJ=xw~cx-v{OfY9*S`5!|`E zP4;Ct^Tw8vcl73y4C@@(o6I|2Yvg;WyK5L%bvgdKYaSt=O?>+tT@Eot@lZakq#$7BfEMrOr)a z^Aq*-UiQvSc8)4uvyr^Vjo{6HZn6bjv~q6p2JHVva3|kD^_*9-=8d)PxyhOQ{#X3n z@~QkHy<_yNCqwER9xZ6diKuNc^Dv;fMYry0H-d%14LA`N9Z1appH?*%~+x*9v_ffX-|AY2a6_LQ!-z zuuIM@T!OLs-_RGx^a8VohQ3bKuyq%iAOT z&cy@U(2G4A>gE&O_;Kqb>}OLTeq4wAt!I6#(b&!{=w8l>*eio+f zXUC2~WE6T2Za;}5xyz*seTHA?+D~-5;Suzx=FhO7Rp~f#PoDEzy|e(`HWS-fBwK^c zbkB8{Zc|<}fvq$-@#)-Ei9ZoP37*4Vu1C%rIis{5dl}*9CSY7e?ueSe8DIXa&Ox0V zZ698|Ce{l7Z;A90yR^-u26gjca+GJ$=gH_xorzXI3F1Z8a~F0$R)wweY{pliqlwdk zHUn5Deaf>L=<5ud!F(Oe*NL4{4bI-)1A9^a^bBxN(; zN7*~YF&Q?)$B&Ub`9ZY~7ak|iPsnqQfo(>B=VdeUF720WBu zGvEbVbGfR++Kk+KA;V_)=g&>vn@&AEKZ z=U9(?wJe)~Jnnrnht2SKDrhs_{zi8G@{c@Id@)$9$&twe+mWyNVljt*#-4cb*r7`Y zj>l{)rnoE^kEwq6c;c~FR2zfr_h(N&#kd376ZAobJ>he^#zdF+DV=LG*`B?M}_?36FZ3VC%Mcx&cXf8*1 zCC5n)v#q}z<`DcO_+DsUS_ODUz|sek&HMmW^7SWbo6igkMrz1HqLvW zo;iv~4x&#p;yrAedZp;Tl*f_XoH1WjI_9(ED&|tmcPlXT8}nhOmFql*yHAMun)f;* zqgQcvN#)4U8e+b-!D7DA@GCK2n_|9ZY7vcIL7$kI5C6!E`Pwpa8%qMd8J~+82m6hG z7mnVcaqv|X^Q{1nshAI%Ra{GMxMYBs4;?1^{q1+?m7`u>_(3M`DgUbm8!ftU{v+<$ z-Xyp_g?@e=^_>4?zK%uwByL;iol(XwdB*e&TI{Wj!LXWmM2SIsEx*kj{a9{4}R=S_;MzEnS?Ki)!H2Do)5l}!|r;t z4%*$*Zp*g2BYBpO-92N{z;^dsfBe?&=0ESb9DCay$bYu8#^+hzPHgN;=*ouBjO0FK z>Nmu5zjO5_IZ)OsyKQoy z*o+Oq94Pi7iT+efr#MS7*J;?!@R{ix=q_sdlml(#XY4nT-X!CUrN{Gy>=zomf;09o zp3;2EJ)8zjRnw4|!g!voRDSfjf5%=nFdy${?4Pjt2hE0mkW! zhs}HLSNsj#zA%^@MZQdKlsW8p#uo6MA2GMFlYB3g8)e)CI#qY4C9m_@NqQ+Ci=F&5 zJZA0WUe%T2>lxlh7Y1!)68v?rF6DGrl50&YcjZ9+^dtx7UUQyZ%9uJMr+b_4;oel$ zVy(cAC-$-Ta%0_*_$;TlYGlzG^*&VY!SU?tBg`Lbg5QJo6}m3E+KZ2yz_&lAihYu8 z?3{~NVm|1_EYLg3WPsfykP=SzWc z8RIivDn7=xCh!e%os6b*I;w1Z}9sy{n=$tCe?>GVsom^xW6OV*9;uTY9~l`d8UUrWFC8(WXX4i{pF zsnssKZ~!|$R&rN4qtq8;yZPE;Q}1)n70TC^X4d;0W$k^e`(5n4Y<(f;D(Pu2c&wdY zLoH(bsHf}tvUQ!&Z|?@|JfB0VNvi4J&fmtk$7<(apO$Us8;B=dKlGHeorjN-;v4R0 z$nbTW((-xxKMf-LO{F$hn{DS)u{C*p?sV>gKaHJNY`va&;il9ME!wY4tl|G0#+%N1ym+|hUk0)B(zD*& z*3Lf$3|V$wW22Y-cK$B>NcENX+4<(pgY1FMfyc1(&5DPAMa`gWat>SH?2m^#R=crh z%FpFz-!Lhk^(7MXslhRS|Z%7@NK#G=T}-?@SBlu@VIeSaj|55QJiKcJPod=Y!FN&Ja; z1Ns18NwK?uU2(Q-y$AcHJ;d3|yf}M#D$Z_JFR)ac-QekpCVmoUR|B_+vw8kLwHhYQ z=5M|HejR_){#cCh)kp9~c!B)_azNZ&j||IS_Uw0C_*-XVV>#d8li|Cc%1?%^uWVuv zyASKhx8_gz49scv=jM6wfsN&Tb1u$vP7^z#8)UoU0iA%)us{5(bD|sR)s*zW- zom%p(SjC(uy+_@-IZf>OCQv8F`>GFNz z_}+@0R0EYb#9kOO7f0qyO%5`b2+ACOvtpz9=!*`?nsQr`JvXz8U8pXze@NIyCp3v19DK{Hqt3w+H+<-aq3%wY%qM?xDuC zzw@xVpHB5B_)OT1iP29ouk@y&33T`3Lt``SxisY(3;nqfK5w6bF9`jB?|X$KUAug^ zmAquV?Qc_P?kU7?+OPbG^clWJ^ohE@l+7B;+_DF8bgE)6)%EC|lT+uL-E%Iv{7vCt zbw9ZOIe2mRYla$sa_Ak}uNju1Vs_cekgX>0Db3T6S}feau@+#KxM~P06y>5|S?CZ2UOoY<+9_ zuO|o5Io?`Up(C|NvWormD?dxk7JDSE!;99$prvX;Hk#PuW6^&**td54Ede?7#z@R^ zo*|YYpLR+#YD(K%n7?#jc#tP@E*HD?<34zX<_VALg?4H09G~(P)m34Obq7ge%le1In^yc@ zb$No{j&bW9pwFYXQC>$)_)TESPx)dS$`^7NWh_?n!4mcrN6^s^McE=@l(XHCG@m|F+s zul?bB$3<5L^z|+I;%iD8UlH&Xl7C06`z7IqSS^T~H9_3WO5^5waI>&t0Nfl&^G#~a zKS@7p(fJzId>=eAh>bcNK0G?QF|g*Td9K+ht37)+^%}8B&Ij-cu_*T}v-a4e$Omh* z?kclx;?b#5{?2~wDbY`-*WG4hsEU0G;&Yu}J)3oJnwERrTF+g}2iDg{N4y`-qM?)L zdg2q%)pML)|C#&B)gP|iNT17O4ZeAW!#!s19dEHY*x?D0-k-A`*A^42uIBq|_+R1n z&QZO1ftTyodAcrqyDs7q6X&Y0SKIkse~5HG=;eRRQ$FV#els|Qw+xQ|{9H=jT-*}J zS=>HPoh$vVbLuBc8+V+GqaBQ6eS{Whld7Zj`3Pm64ZWs*V7bBFcW8`9T6ud70Lo<8mxb>UPUSZVZ|K{)XhgK#?jK3DI;gBCvC z9n0QR9e0hU;3KBbg0CC@uqTp&Z;tJ|l!7nagU!HZ_Qgx0p9{i99xgX*z8-8AHr^F% zan2p4U?UdKf^8?TwWndb+4hd|U^`lWf=lOC?`P8e>B32#pTAEC!bvVa2xp^c-Rkj7 z()(HNjwO6>K=WI1*ff7YBT;z*ld2g%$RMun~f)P_vbKpiX>^|E|&!cG=e5kM10_qTEI!?3+ob1NNsIQiNc1P-2QR><4_8EP(?0a8N zJ#$jemhdc?$9U}K>^#QS9M3lKY$bYc<~x@}mCtFRhfAE?PK>-REZKT?*e1%OBa9Z z2A5ro)s3I5bEsFd{v^*A25UZMc{Lx*k(!rhirFSY=kcm{;d`l?55`U4x9P6MB)*$! zBiRcw_h;L^pev#2=0Wy?_Fwe=+A?!?e0cO4>Nd?8IOSRK^OV!84D_$+z|SiRwvdZE0eKr^X<(${B!fEUO$d=v-PQ8m&Vbp z@7UPCAAO3?eK5DPylZ1{y#9m2BI;jc5Ni_37V&>wNWTO?UtL^c~iJtornK%$=t`%{X6- zKHWcoQuCrd~)12pngZlI@fZOWRPw@L-`qbtm7yYhp?aVxNVn4cY zzv(xP9KOCgTNgep8F76Y_T5uH4KzAA`qM=Iy0G)6{&nGhmuKt3-RMH2|C+q>r1aYk zo+s7W(HOp>YG!q=v~iL3Cr?WIlk(y4-*k2g{kK1S!4y~jv0hu#d&i@L=)Wdc|7|Eb z@^nQ0B>s@q8|-VtC&kg*IA0}yNj_nP@g?yiRfoQYx$%2cw;x;2Phy~J_3mQEXfIU$ z3tSdOzYFd)CUxS?W>0mo$!8~?s&2yVKzR!0w zW6#P(LvQS$@A!3S7<{&bXNk+GXTisk?Nn})ymimtoa*|CihqCj4eE~QM;o6G4v;O` zM4hc$iSKClT6MmrQu}`Rd-!n8!in}`D}ITtBUVWAeh%N!yk~vK@m=5*xl~SCdQJ7L zs)tEVa(e%R^(Q9{;5#yhoj30Jjz3^-qwDxy%6DYU1pY$6cjW%P^tqaRbY0~IXHWX8}rY0=yGj^KLz5%*k7vIhRbM@)D+&GMlXlGGCqC;H=qrD{PGUZ}O5ig6nb~{36F<+?>+pOe^A~vMVov1uJNokhQ@nao zx()-mOs3_Mn7u4IQ~PN?xqRp+`N?IzGO&GDK*r!#VkjdAcgAz*vVP>?i5vUZWjn`Z z>#|?_&sW&~GRB_^oUeEiJU^YGpQ|MS&6mp%mMO6}X-eR?#Z{!~f9-0+0@IF88^=02}3 zSv9+gW0Xfv0Ke+O5QEB z2W!o#>)?0WHzuX)q_c^k>XNr%CGAL@7=)gqmiX+4r0%Artli{ z$N9TI9{m{i$bY4uJ~9Op)4FdtHGR^zM)yevx^Z)+?nAFhNAcf1C&cHss6)}+^LG-v zcLB%l8*ez$xtRI~Y>3f?=(FqJ_58jm-Wi7JzB3HyK+_iny&p%PD<7aULYCj-{N2XU zXIR{zbCc-*PR2{c(ert)CTAR-)9;gC=Z~XzvJUI_{fysl>`#Y!JbA2qzicNq5uP&j zwX9$Eai(NpsmW7i`gF)cRV;@d>_;BHwkWqA>=+FXlP~;MI9nI$Zh>Fq(1*V~U-4~j zeW-fVp*L9H&Q~L}9J)!@JZ*GfTlnga;xjCN!haUB^v8qP5N~abB}bl)KWTckZdbov z?a#?KkzSNeY^27ePPIwi-=rVyIYY@@3wTcHzb0Uku0t2B^FNpFLr)3bI@JMPFxIW{ zEKKk79oUv1yg~o-W#T2pE`sZ9>1JvkQ|A*|m-M1z&gYl9PM%43p7Ok>JNaJ9Pt@4bo#^G{ET8W5)tl$zCq8|C zT31f~C2*s!L-G@)GxOAyk1&ROV#TLMH!kCRAN^0*$9gKOFP0b2m|A*pqMGz)p-%@o z&iIMwz?^;}deQia=->kU#J{zEBG2z)e&Z+dw#?xNEcjB{*e(#gO z>qPMIRqJb(q+@90F@YY8Av5@Ghr{10jjmK}dTY9W`lEy4$Lqs9w#fO%TJAd;JH&ab zPQ9!rMtYwhZ<#bTlO+y92uIgfH9Shv%^i`|xwYxAC{(+3uHk2O5fZ zgRou-tcmASdkk%hFf2~E)r-I+NbsWC$(|3gLr|(h2 zUvl+!c|mk@@cYu&+OP9{zp+5y=Z-XZ4qn(^gl&-@srNdN*G}H;L{=M#*BxrWQ=)%wHeksx$v$YR-zQ4!TYvlR<-L~!| z&-Z_2>ud6Sf0wNl%Jcm%9^?B9ZLL(EheuT69F%|`dSJtPuatgdwFY|o#$`qQI5bMMAS2sf5Q zXVSkxefZ9#E`5;s4u@l29>_P}-hAd8gx5YAz>U@Ki4o}HQ_;<%;qNi%=CSBx?5yGSw}-V;71}M=prR8lg?0`giu7K#pqI*4Px$i#t!DopNiEp|1Ik@>s6F zQNtSQ8JBn_q}Z(aOt=2EHGN0d*DW5a$lH@QGd+K?JF)5f$5)M$!>YQ+(r9R!CuRfN z9CvJd1bV)EacaHBc6s8j0%M!;ka^i5*_qzE2OYO9yz6A|?tt{Tvx4J-2Xkh97UNzA zJulnlV)qQ85B>`S^JMU}hp&8iW=S4A^9|33@cXm(a6gLQ zpB0Tw{u{a`p=-w?_;az-`y>3PAuA?vFZmGDbNwdd`z!E7A$s}*;>)4@SItQseF)q$ z$U~_wIAPo0r0`#yrYru3>w6ek=ZsRBn}e-S`^DXlSXp<^Rb}9%$$gfX;KG(fZaR>k zSm9949GtN2Cp+F-tNW+y-6e?$@B_RiKUMyC92rthVtmTZgp8f(S`2R^6OXV~^*!rC zMvOlQFV%^+&pS2xto7eH^QOG(&jWDgL#v`ZXvG3D&&xG=@y8kY(Q62`i9HB9vyOci; zpGaTD7^711^C|9a68?Q-{8eC#4EV~28TjrNeB2c`AbdZVkOkjWfw9GB-O^j&u;ObU z(&s1gQcHm|O*tj`90km?VQByJVAq<%|M?fu#IQS_@UP*5z&tVO_gg+(t1~|<7++)0 zW9(g=mF;g0#%AvFYW{rqIV~{u2K;WP@e@(yg;bY6?b)NLT8=6{?-_2+pMFm;{Nmfh zaOgO#PxANc{p78@&w}Y2tF6wUM}t(deULGmN2z`@X-lA)MsMCS>Jx?JkB!?S#ff- zG*r5#8@y!UL%8?!Rn+36%GIG=@U+#}pX5A<>n9bZbu~I7E}n-U4FBHk)j^e~b@jIb zV`k`TZ=QVc{);h#<9#!DH}{PonRi2Io7#`A+cF?)09=KHHEL z6O2x5adB>J*kXF)EB3T@Y#21?T!OFjJl|dH^tM2c*TDH9XxY8U;_HNMAF=#T9csk- zNK2V}8Sgyr`LUOJXHuHdxwgqEe0e@A{)$t~eIm0J_cXqE5wOViCg2ro(-MWlwvGE| z*)_MvkM{49HId%r{j9N`pARta;v9BuE$dihMz& z=yv%Uoyc()>rGa<@^Kh=hpLXg-G86?P*X>L2)y1yUR$&holL*9V(dCRy36)6VNbAc z7kTY@jLG{Md2RHTeb45#JN}CpAOG$({?;>(pOc*49-~(Zw%z{BAbWz$VaJPK2OQXj z>v!ka6J*@P9M*@-CXrq334R$H?Y~Qcyms^EL2741<4s;09X>qzx2p5Q_cVEJ{Bkd^ z-R!URIyi^B*8O{cd_GLwP-jD=w_|yvHx3UaX2C!3P#1c>dr`#r@{6dYje%$7^y}HD zP+n#|`#Cos?wk8y_K{xFeyZRFOzsu8? z!zhp zw0s-9ybDf_f|EY*L=Um^&~HOR#r^v9Vf=K}V0PB?9eA*do@4d!!vg3c-$K0A4S%}) zTd?g`n-?K>nc`pg#Ps2FdweyA-}mf2xl9{#H@15GTUBcK;BYH_Ymy}yeQV03i`C}{ zx+nPi9O@Owg^cp|ic72qmR6r%=gH~8$65E2f-~UPCDZn)CICZ>IZCJpQ!UHPk8r+p zM+AQ{(%XRyo4u+j+%3ar@!OZ-QOWlr_*DK#`F=r^E!OmYS9 zXrJ~Y=(IRGlYKSQODT!IWDm;p6{w=de$T1SQ`&P^z9qQ?`YnbI;BggtR6SjE-b4Ga zE15rNujcH;UNKiz|1bE}+81lDF8$B<)^_r|3s^cQL1*Mh@CnX0fLVEuh48v^>rMDM z=I$fp!|cN{haJzz4ECyxxwC3m7(1~D_$z?vGM~M2GV1jPwO5~~u8VymW3PU#I$8AR zU^Xj(Jj1W)x)nZGF%Eg@4EmhJTH{NBb20Q=V$O#)uVPQ76S{O=2W{s=w`KHyp^kY2 zd$uM&ul@aX;0wEF^wDmei5${XiR>Ikmkg2Ksq&xS8)EcM#~N^bKjWcO%-u)Qx!BMy z=&O0wF-NSYZ@X(3UAfSnKrXpz(SFyBUfrHguC{H=l&cJ#>&cq2v*h-zo&EklWuL2i z<*#$>ah?h-N243Yz%OIb$K}u!+Z#W9aNGOuzP(U~e@1_C$7w~u$eu&=pMR&YB%@zV z?0IOs5B~oRbG*d7zhmA5$7p|Fb$WM06TiR9dCTT{_8;VjRFVgI4cvEk&V@Zq0k+#N2gmCB9S+*EmS%7%X=0BZ(6dGL24Hye!& z*F80b+myGz0{wI)y74OXVmJI=;gt3)z+aD}D^;7(rS;8WZL^^*>pTx%_7E~~-c2_i zIe3}V`>~TlYpyNEkFLRw2A6Blf5XAgiTszpzJR|erbQ32pX{D>JM|anzr~Ep`x*ZF zB%}Y#dshD)(LG1V-|PJC4P^iIDNgSj^MvQnw(lYj@>#R=-#kzMF-K}%p2=VT8gm={ z$M;foD2!|L-*vz=E2aN3&bpnG$62@2sO56Jvu^jPehj^2{B`uP{Pl3)tlL3!U53BT z=OV_C-AT*_KKP^KvPf@d4g4T~y(waJ|8nY=WAfL*i}BYhTz`G|TYYm^T0h6~tjXb& zZhJy?X2fnS-Z@`%iaGnc>Z$yFo_`xXxc+!2m;R_Kb?-}_DgS3^rv8`|!j{qRYI+FU zL+{jz5c_|||7jb@|7nrFX!s~TCuipmIKB4}U!5NwiM|-x6aFN=5qhF~C;U4r)Vm3u zf2*n_pfB9s0Ui6mF?_uc--*3w<2%WIcft#e$7zTTAhQhGh6a zhGsl3GkjhcJ%zdn$)Jf7chEP^_(NmR184I8tgVSx;o+puAL>TNddTy<2@k$4{x<$l zTGo>#DOn%WVr|DzS1&Q|v#Qg8&&+(Q;S>0{^W8}A4fNk=WnJp6SA?HXfuE3|c3JU` z$tM{8Q12dRn_ce~)+rfD-Vg81VN7Cd{axcHR-*?PI}U!X8tJTgjyfy9Y^q25eh)9ocb`qY&F}O(dQ5&)jPW|mygHXyw5=N+jPtw}8aibsMEBkN!CKWn%V*hh zyN$a}Putga=6@a>%`&}d_lK`O!>wtA=dIuR;)Vc@7;D#9@-9!iahGyHUHrZ~;-2S~ z{KtWBJhyI}{#j{ymQ7+G z96AY4_&zN!)0gC2^uUju-ozHZ(+W=3i$4AMq3F((K7=XJoCL{DYu;U%6PW<7SiIM1YqPx5$7`)nya%-D%_z&{^8 zLC1S}ll}hwvwmJ%)KBg7lho2!J$wPRipEc$@9ARfKrUUZb3qw?D4$yxCrF>0p-;RO zIJW@zk0ZUSphe0LU4{*XZ*_+06zZxY+}|x8ZA4egXHZNQtj)A|`AmPbn3PS6DbOO$ z^91;cPjXD`VQFy?_;SVsi*wL|XQIWAncLVz#>}9_+W$E%KI@~!FICq!2ptZt4cJ6J zS1?BWNnou9zQ-fTp5)H6iNbeHr1zhw)vV>7ah+#ch3@J^-glzwUXS(7&G3b)T%GCq z?%BUvdfD&DhbcgY6Vs6|WX94fu_IGV`Pr);)cj4d9IIfgrD^$D zE}B*3ke{VFXvQpgLlUh+J`LSzxGiVug}!YS73X!*W>ncFW%NV zAKda@$m>&LeU&dgnZK{{$Z3Q7D*r(rR5!jEZv2z23l-m-l;NMm_u-rT2H)f*e3Rel zC;0shI{X07_d&;H(DC_DFZk?z4@Rhl$~ zTB;Ugjrg-kQ^0}_j4d+0I@%>{r8gk&0kMCW*d7^jfp?G;PN6G)cm-(N*&QVWUdE!FWoW6$ZnE|i@ zT~nE-r)+1TcSdwhPwzr|AN7`vN_-@GpFF)~jr3+6+8n@>3I4AdZQwI7F&`$y_cNmR z%F`!S!#wT^YU>{H%O3jik}uOk3Xi1rz`x)n0}d{kj_#yiQZc+@_crWV1u~p|+2F_I za+XZs%yneN_)^c*_O!>m2`OxZ`s5pDs_*iI#KYWQ{i*cJ_N4CS{@Nefc#5%=NqF|> zoJWNYK3%#;`%K3m(`oJ{A1uvh=?wq#dAcKa&lLXFfrrd|eRAE*%@&M-uVi#b{3zpl z9jXdu8Px}Ku<&DjToLQ=U6Ol*=$EG_Z;|lc6wJZe9n7h!ifJzbIS}4O$U!UM16Q?%2k(1v~!9b6iVekB51H z{a?X6Fv%49auK>`=P2*=$rbc%;Gf9vurO!s82&&!K-9h>k=*2#A|x60VD24oR^ue}h@0bgD_))3e+o@4Ks;xpN?f8qJY_n0L<4B`y# zo!)_-MeZ}$vcQgo_7CF+?%gs-{p@6T8b1*HjZU=Co2vYwv177lz8wqgp=;ma+p*6| zE|7@~?<=^+72>6a_Yi9yx3%{W>oq<*a#>fB==^?2zV}w2-D*y+xwx% zjQsT2rgMz=&d}p5?sZ*`9+!$9XXWuLuFFFYJ`+9OYw5x7LiBh%4?UcHIzyqyPwBO= z^f+fI^myE-2RRa-9=!h%_fYJHPBXLH#W&PmiIWit)0C0&r>kE5PNV!;;-~gW$oQM_8w`UjJ00X(gb;bW6ik#8%XSMhxE0%Y|u*8QN@ zqZ*WQhnL{fwW8xLCH_@k;bp|Y>a#esJFuB?fBs+Z`GKBeu3U=m#z$o;pRY2?J0tmE zKXlFc>PCP4_1^-S;`$I>&&W^LmxN%f#NB=R-^RN3or6#`FJ;u+!-a&k`du%wqi5K*wOA2~2+ajcw4iNxswd`fY1(ZBJJLcI_H?+4%VTcWHj3+;saj__uN5ApTcQDZ}T_>0SXmwqIS()3c1Py?d-5uVj3kd#Eai zH?MMi%u$I)qByZWrh^j`uha$iX$o}s0_OH+{i0EcP0{;UzsR}IPQ{49UfS8hEiuo> z@bj&0pF)0NCHaN6s@hzyN%NV7eIoOplF(qE^y(03&^CTH zas@x|n>6^y@SE1jwLPawznSwrD-v(g|C5{;W8NhF+uF;lJ-5G`0*~bM(qFhH>jzA% z4fz2z>Q!j`NMamkXl=k3z^<>YrsO`4ian(NZk zWvmWN)s-dQ4^6ZFL3W)n_D0|XQlIy8o~U*fq@obX)~C!PN~Je(w%Q*Gu|mqYgw^uR)VqsMAOGHTa&gVxwf-H`b& z;(?g~p(VXo2g%*S2WSYyafW!+1G%h*j` zC;8s^sR7>8d}jEN&!g}(yYN^%lAAGn7~t2{dGcYB$ZL;!Qn1U)i?ouPc=EmEmiE;4 zG{KwdK~fG|1}NYM(0@fQe*V(3OS$6Wr=#=b8OwV zY@F`uJ{zb1vLFBH3}grYX@k)Rg^6>1fDd~JyU+F3HrRZ#y~d5xPkf2Bo`L)vV!h{c zul3;IVcz4TyaIfg^Yi$z>jOWQ=h%Cu_)LE6CZ2EnSbmrFW4X8b)>JQ3PgUT@u65^p z;m2+pEKWc7UB-{yrZ|14`mUPsU#0UJvVJT$q)Bku8obsK)>ABqN?i@~U6;6rq`osoz=fNqT z38x>oIOTUCoc=ivPQ$VGpg8>#y*|VS2B*u0g3~|yI8|(IaLRkrFZ43&R4jvBW$>F@ znYAzbbtV3P;VAqXi5uFzWeDp`f1&Te^nb^bN^%&u`Z|o7`)$}?)_IQQg8@%$qnKituIJzFY z_qf-yXr^#>LL$cfviAIOqc8Vnh(%w^c zd)D`ijoNGC`a7TrzJ}`W{n>46%L|~TnX?Eji+{#^Mb+1kEz!T-*BTQ{$^b~$E=Ib%)0nIx~{Tet}F8j{1@c# z6>~ht@8usCnA*BOw^M81^V49huME7_XQ>~xJ;Ob(%B^*+yVhqSYrU$b=eu^Tyw<)E zvsRvC*2-sQt$ZF`>(9PBJQ{ZWv8HGG3VQj?K1qN6bK4hrCjD^j*TBaY1NR@jp5z{A z^+nI*f{Y!+?%j;t>p-q=!R~cp_ts$dx@7m7f|}6oAa-anc5jMI%TZPV<3-ajZ`}62# zK9g>4=h?>I@w-w>G-M((l=52WY zW$t0}HsB_zpW}Ctx5;q7n^{XlZ@@e8-+(-W#;H{&^Dr z+>h&+^UL>k-rKh=e$eX~o}v47V2jP%bo6u@y&XNX{=Mk@d~?&4-`#|+*IrAVC057U zHc8)ezZzb5z@w@Kh;NgbFz@`0)%|C&UPt%8_He*ETp!|{v-0!KZ}(!OScC8(JXlyY zpUkxb>T5TBHaySL@DBPA)yERa?}qGvX0yhze_8v=`!d#+@0l5RR(*YK&FW!@cYin4 zOJBG4UFh5a>D-c*pQ2~mc7vB?Io)$LaAfuD?uhPLR@3v9lLI}=>m=VB-IIZ)vLAeA zbPu0LbMOlmVa2OUf4x5 zOgvPnyfv}wO8Tf~*BqOu1=mwF69T`HTKo3R6^PfSk!q8d05F2^M3iWYS9Gj>Jo?-6Kdp+wbJj0JmJd=x2 z4)1#Kv76pFFZic?oz}mUJu~k5*N!I-!Pyw8Dz8U-;VYQi5JyjY#448%x39uKRBzu3 zJ_Csrff9BWn*(~Uk znz;Th(If^<)OTR$Qs?u{DgD6RH99O?zp-?w_vupkdX6r?4d`O&QD*pUQV8C);J{d2iKIG4aIPQ7PhI4qV zE@ouF>t`)Lh^&Q!l6)Rxf3tY3_E2su>Mae#C(B>{dft;=k8nMeKlNiy;jaOFFXk-C zRPp~}*0Yko$?PYyG9+DI!}Xzc?e=M8 zWk&MS*``26zjEWAeE#V<3!|4if#I?#XdNHJ?D0sc~8Qjc)%e2-FNJ5$(( z_1J&IFL58o_ixD~$MB(G`v(WM^w=6~IrE4uuB&`pryN}WcYpAM%c#COsla=*BH;5F zFc%n@<1M=_d;zW+9QXv&839aP7LJV1zZ>7k(R^P3hvnZc^jlQk_7krp$@{8*FJ_)y z5R#+Ck>|cEc&^T`Hu@}(o0Rk1-}STpk@8z>VtD*^FV_#oZyn`1JH4Gr3Bki+EV&VnAb)-ICX8t6Anz`GwC0L_98heBl7%7c&B!j=y{7r+(B#19>~Boki<;OVq@ z3uI!2!<&*9i?6MQzF~d7&C%!D=coOC6%oB&9_Ve+xE-C?VSI#9=$7)JXTPlFkd@y$ zU%%Yuz?!8w`bD)$!Cn`^rJZs0A9gMEzMiRc^o;bqs~?Z#daijkz|t2X zaQWj(@-MD$_CW_m;dtLDU*?C(AHF<={gZLXzXv}^R~Enr_2fnB>06aQBAb_DPLOOK zJ_@sgCNE2stiLPjn~aXY^<)57I!kL`m+x}qJrmH{rFWT;p9p-&kB9sSKAk_U=T~?& zzRz0c+uh%7&dIaza&Pc_*$Y>v?{efu`d-i0KPx|nOW!Dvxm!rLc@$xj2?-$37~PssISS45s!9XxX+_IG+7d$!-PXT$NI z=6y53O+d4Y9XPWz3;d_i5xTt{{?kj}2-9w+1D|NuQReG{;rLHJzvukrDrhD*OQLyx$?Kv%vQ?5WBlP#C;lz*?daLW z{aZ|ISk!$EueDcbR?wR=3twGvuKp)qFkhc5#?pJm$LE+e`rj)~R$stkzPI0z-&yN5 zzC*KJ@pX!^fkiD(a*n<5qBw$B`*fY@sNbocdebMEB}ZQ18NPp-?-h6JzRJ_x!gr;y zW0~7TF0Ux}o!#@0#-GaY3|Gf*-;~p3S-yk5S2_5Tu6Wq$w!kMy{ZGzMW{6l;x4HP8 zYw{~${kpd#7oU2}AG7N;cr`Jq-}589$p_WCE0Me6*ufvHVtuPvyY^73j%xA3!za7~ zzRTeui=U^s=1J!o;qDps4BmXjTr=j_^7vaTjzw>{S`Jm>TS&+DZ*UtP3p zjl$#DskQ)~15LqvKtsc0Lowr8(QpAV<3i#^_NvDl+51`*WACfy?3MS=DQ+TuuV){j z?7Q+qb9C))U0dK>>+h45-S2HEp$D4Tzvp{Bz>wI_wXMwj%I(4Tuhsn)bHDTqh;Eh(+bOGlX8ChxaeWdFgm}SpSv9MYg zH~aCzM#qPgf9b+EHxGOl0$H5 z_O^2^G1&Vhz=e0xow zWX@hE@onViSf6DabZo^QwZX4vlSA9$*tIgg!WTb?EkU(e226iSP#uVZ9X0 z8bcp-z^|R~YX)80dJ1a?e$_K=u4^&<@Maym{dN3ZKkF!otV8)}qZ2azIu<*5j{fp< z{rMZVexNvb3GzRi{h+hxT~AUkFtEWNlBE;-fh}1amZhQi8;4uppKE6`H2HY!U7wSC z$HVlJ*~b?Os2dm4Mp z7R3|o=r!4cTJ_+5t0b|EJyI?o{5%5x%>n$sw(tjZ-{{a?voT!#^mg#?8~23yccTNh zD~A_b{0DM468?QIPyTZ+{_;-vw$aR0`B361dgfA`@1R;PxZPWMp=au>$}?&9u#aP( zpTFe5DjxYj0ArSaGlBn}$6przmK7@>8`iID*&Al{>rUpR45VKx(I3*Uk2kIU#C0G1 zSEFB7$Y+**-Qd?IW4w>*OdG2xju{tso1IB&XIMZ3TOQSy&h2{8Z%WGA> ztkm}8{I_QUUVFRw?U;wd{8rS@S{{$AWhDGIWPM3bQa*k8+i&M|kc;O#Bd}%pt$tvB zJDmQ;!;gghQI9FdbMc_Xxfd7A+zWn|} zVg9|yf!pPga*O{XtS^_VUvY@~@$Ul|+RlezH^yq!#3Qdk^ z6*;4Ouejvk9Q;$|oRmwmI#v4iX715}kJ`pFS_A)8_wakEipaMGIio<={^p+iI^d1~ zcQ!Zwn3c0Y*Y+1HyZY9z55F_ypRSdEN-jm`EAGU;lp1_S{ZoG?rF<0mrd{}^nt9iH z2L35MXX?Z4Fg|K2Im)t@sa99S{g~>3e%ADv$eObK6;(kl#qm|7kF^&4v;OuF_3hr- z?5WGAZ&&sM*O?Kxviv%TzMY%L|F`jevG5ANhyDIyf5tGeehMEj4Sp4?wu0X_@O#{2 zVcGwr1Fz)ir~uAvyr1#yZoYV5{>R~l?+2F7yL~_50}=SzmTU{wpR-l7&4MMr#*0zkTs~#Q)sp z#_Qy7Ifr#xqJe!@uK$_2J1on02k`%I^FJT`R@eqT>cH*F;xdc>Bjtgc1P{H zpAX$g?MwdWf@$CW#DaMnjlPUAGnROreP={KDDzhbi*@i}53;@>;oRE=o0hpH!c64$WTZLP=o+_QG(YQp3IPIvuL-A8?;@=I0cv^v=4P3`^UulDzy zzvm+GRRbCPpo3qR7dm5MeevChOvapC`Sk9l78u4wuc$v*#a|I{ ztET4n|7d?^QA_PgW`@66a)$cfR7+LQqT4rhb$~;~M5@<^;&GGT&h`5iy}Rb6;|sh~ zcNBV8SMdBDocpNypQm$`KYvzYqlLT9_v!e2zxOW_65RVCv!2}NYrT_>r3dQ9(C59q z@vWE6;0!CTJkiD;ilTSl@KXB)#24gOpYn>D+p4I!k<<6yJuOkoUaB;+<`Kc6jmPKYp=*+|k=LF|iRC(3n-_y0$s+#I&gLP`H`e*Ic*2sFz{u=W68?gID z^ryCi&->Vql?3jX=FqYR)uvwo9~(tS*2(AlD_OI8#9jeEwcu$3crn+5Bh@fNGd}~I zXziD=_NQ5UJ8RFbd-TBTe(FbWtZR&{yYuWr>t=m3XKS?fzxJ|sk$l)wtliWN>wSN^ z(#h#7-m>_hChVWjQ7)e;cOIdcz4D4zy^=lb@>$aOO7cNg1n!UH^-{e_-iTrHPvBt zp5@v2Ut1baPPDP7rHH+ATR5}1?G%q$lIn?PRur&g>ipbRgBR;w2~CpllJ2RRoPDNz zsy6}{wLjPFWhaj_ncrN24rn7!nc;VrdETD(c=4VRWUu}8n{M6c6*t>^=-gB7pUHsV z&pg3=bJp7itZm$<4S3tg2Wi%Ma&v99_IIX%QLy>);pf->iGH%l+9LNi87Ukx*R4+H(aav16Nhg~D1U*Q1sJLdl) z{jMAV{XRWZ`Y|8taM15Phmn3aj*xzL(s$LL{B3!2c=9)QbbkHWicWHMsAdbhI@IjT zN7q=rVs&WG=0odR(J3as9Oy)QAL&v3E}tIlw!a%h7Uetqgj`H5I<<1q2NOCAAel#( zrqNxlF3rur@Ur@}CE&O0tOG}v>ijb4(o4~$ZSkT#I^W}|*H_nKzb<*hTd_ximF>Y5psj4&KS5vSvTd7PaVm4!Mo!-k9!C1!LB3-owsI?dQTb$5 z^tCfB|Lu*wGAkOlk)K%uosTqqN4qo{CVk)7H9i45JTS$C%q;5{t&pukB38k zCykK4Cl7(XHN&89*J1Q$zYcBslUMn``Q&wtelrLijX%5d^uuCL=Q=cetNv`uj*-de zPWr0y$*AIz7hdlxn|b}&CO;mTJ4W_2*Wavt3DUb}KGd?XO&zNKohli-9DT5C`1AvJqaLsG=v$e2Am3jxOO2U7do;8CVu{a^*D&&$JS``$=Q^>=`NRpt z2m{#LZHlvg7Vu*}d6lh|&F#nDn%}$jcBZ8@@SE6$HJI3iH6=5|F2Iup#tg8T*rmyj zUC!=@)~-IDpNHmFAFmGdv8iv9TYqzGF8`pp5m6hPH}+($_z-4I)^GaGM&u6vLouJ? zNY`g_WHtDWAA5dVzj0`4@1^-BZayPloHi-X8lMk*3Y%}}GX15wei-!)ia$!d!sl;^ zduJ>rrhbYZ4)qDzoPnOLJ!7rx>uO_v*QX1;J2wP<@&=}OkbA)w9O!)#-)g|`Be7@e zX0KZIRJn-`@GIF(AL=W+t($AOjvf;5)&ahiZwRk9SAS96Md!Y)W}V7;wUW;v`88ox z@LqL}alCKCXEOZDvxOs{w#Sn{(mBpC({po*Xf*@+^4tv1)x2W$w-}ul}SCod9U$tJX_5OTo4SWc#HE%zpq3@Ad?_W0zZ@t$IbG^%kxn8^fWX;ii z^|R*mwREfStEswL_)?V@+qAR^L@~dr~ zOEFIp9+7NIMsvR}X!)M|JNUuBhO-51pH`r^lE5X|vwA_fMe$xA{~dqX-rwqjJ9&ob zn*uI#hMHgmR(mhSWyXIG=_Oystag8E^%K8MM(l^|=T!1ctvr7gIq7=k8(FJ**K#tE z%e9Hu&qF4pvjx)*a#)Jd+65!|DWeC$tKdf0%(pXnrV)>I#7p*+5|5RliJkMcv zVsat2a~9u&C-vO5Gw-Awnzq7wtI6GKKH|;HNmxU^S#uWk{d;?R*9`}bcLPT!bSW+J z5?$BT^vsHtc8_MySbwk$ru(kQhkr-+-Rt1q;$QZA>tVFtkFW3Feye5@_}U@+{jd5B zy4mM-U*5hM_wMxlBju!hU%=Rby8L!Py8pd-)}L43n|gQHo-e_6yShrSrYH5)Ax(l+ z@L)TAc>SDt$VShn&O&b6@bLq|T7rC*gX6Kt-}suIUpx319KJJ#3}5{S z;QMMn@M$f=zs09r8#y}W@1M*WfHAXI%U%=y{>;ALAEz4HhZ3r_>NmE=P{;l1$@vNA z8?i67&>(#8#uxis-+1Pr*IW9pG5dFN{=8~l-(UCIx)}DQ(yL5JhT*ZEHvxeD4FMo~iX(_y^?= z@@Yfm-dd=HNRzTX}kSiZJK=%2*yi3cu(2bRzeFuQSPBJJ|P zqP{$^=Fz@9ApR8}{MdQEJO3v{Z|W2S@MO|=(Hv1G=Dyqug4a7v;Nc7u|v^gtDJROJ*N43RzFyN7!1Ct?Dbs5dJi{z|1d20 za{560AV0L=oi+GYv6dQeBmQ{y>(nFI-&YBLSRLW1x8Ped6N{mVt0Q6q@W<&6T<$zL z%O92CqmsN^ls`lh(cR(~{j|-S`hN72uRkrmqy2@7Zx^xOK8a7M*)I2b1f87Q#4VZ`*@iFEZekqb7yL)nj(2bm{Ji^)VN?lAUK`&3F=e(*#3B@}aTuUhs?>i%alN56fZ zX5O5fc$)dM#A>G{i6Ls3J*)W|+Rw0GeH8cy>Mt?8Yh!40Z~0k4ekA+3zYqM!^f(!x zAH8jDj?SNw?Ed_(eRW4mz|$7LT}FR|{f9>UcO!E=TYJXrT4&y4{l)N}Pa8AJk8tJA z@_?O3`<)0pF27iKqW$-ZK@~f!#~$y(epU)L(M3EB52+U@E8p?J-;Cs8lsnl_qx0j* z^AI1Hxvuz&h471bXce)+InZ|T6_*{njD8=@wb5Qr%@S%vUXtX3G#5p)o;3$UJw~6U z56QQU;ha!t&CtQ-JVcLWk@d@0vN^h)j;@hR=sqj(b7vKL2UzobdS%QkLIW4PG#j5) z{aotPksMWVX5po*q3DWB4;Ir;wTm@~H*HMn%bMR4o6hrli+{ggC+BYq|E)p%w%+sZ zTnzp*@V5LJeDL|Hi9Q_^i%01YeecpC4Q`UqK=WP;fwg`dasvE{rFXH0r<}ek$;2Y) zP@{RT;LOkgdRRInBlM0wcOaS+4?vU09hzADOpnZeu>2_;T?~FUI{5i1_}R?+Bsenh z1#44oAqrpgeRMs-+a~xo$(mEp+sqaKcU9mkPLG=Q=A8`=i^s(b?+TZi0qW1g@^NQ) z*y0ZQ33nfZhc&CH&+{X?#O2{1{!d?>VtH8m?ZmtKXK+qFN%WX1GRVehQI zl0MRN7k>+wu^YYEgv`8}o(y@4I?;uAUf-)vKydjm20EzIa}>%h+K@JhN<=v0%t;y0cA_Leg5k;z5g0qL(&o})ZS8#1V#ssf&kt$E>D zaAiO9>lr0mKg4%>-3i?7zuo6Bs(!3?_)azpJSJMPRc$=8{Vd;x89NA{ zSbWI-Dew19@R7ns2^X57V`2Aai4rfPEOqwt;bSi7K= zy|>BNV4Fnizi>W^?4Ie-;y$KF3wx`z=-&3(_PNIcdjqq_KKqy6`O14F!A+l-+|q;l zi?2QG3h#q{ULL{$1_!T@g~@H*n7n7XRKx81YcKGpx?D7@$x3t z)W#YX!V_B4bgtKX@ssLfbG%ryVAs0D?`B=#Qav>`R>-ZXsO2|z`~2Q!;YJUeeWc=R z|#FC8lyaW>0iP+^&;-)^6T7pg!xtcxf2{Mkq(1*(+g!s{ko1@({g!M zcGk`^mY?Z10#mnYZtNEf^` zif1o?M#+njZD^u1;WE&%mAq^l^pZa60DsbbsznTTT_^VZ7JRNQ^uY98CnwJ2H>JQ- z1}~3d9p%8)0Kab{R;)OgxS{dg$l@q`9nDtP{Nu8gMbNwrcs4n{H~T5KUykp+A@IBX z{W@OD(ex|z2XiNUu}^#vtW7Ym2e+rJ>$;cbES-MlM~^9OE-vF7tTFI=0Pl&hn(bHe zoT4JG6YP~b-$%X}d1?8e=-^lBukgv}{kPC7?f%K1d*^>0+IPd#%XB7C1b_SZ zeJAVN2cLJsi?O1bo`N!B-!U~k9Ekz3`d{{=h$P3{}wJNz&C zq))#Z<~{jWiv#{M^vEOPzuj;+h&dn;ro^X<$f&PTQ#Gjg%Uk1NH=jsmZmHNZmkV*gSsxsu$r}HY-n)JLg zwAbFO6~5D2e?m@P^V^bHpU{7PXzfk(HcSNeNuH^_3JkoFBe0*-6Q4$%FzDP-ju`cx_DppZnwQ!@lS{66E{dh&Q0xEpMB}Oq@Qy2pycJOcbRNz88&s)R%5H`3lg0dpsSE0`6@bZ zu4|sJyVK}y@sNI}S`m74ul9Y*9{uB8=vd#0Qz z-c%h4Sv30uh4c4;bHUJd0cS)&mmSF3BJ9d>d~RW?4Pa_BF!}xLrYGKk$M451YMCpT zc(%1C>f4+O9IKc?wF>&&d&QJ9b#9m7z^ChxFKhH|P`C2eN8aURawFJ^7pf1f+Xw$j zKC@Ikyk=Y(vw_W=d z*4_>dcQ9Xf1M4SVnb5}jHt3?yUD~7q+N^{&Y4}$)QcIUI*54}mE23W2*oepD^$CeAEexs{2JwOI5TO#=N+H;@i$l_`poz`=n3TprF-SS z_BIr4m2a?-vn$Bk?X9E^p|6B9mU;GfIf#Q0X2FgnbSBC$&K1zpw5FOy*){6(G zg<_0PLysxYV>Y!0V=G5Uk4cA-9@me69(VLZ57`~b!sb7PWkEEN&ABJAH>Uo5gy?Z_ z-O%aLvo@f|hBMw0JsyJx4wrnqa|HC5IS4&w4MGo_kC_|k|5ZLly0dlRFyw@5^_!@i z+%CGH?^_o-a)Rtj-zU-G%7e(iQvOZ)tHPXZe@r6P6iak70<#dqsQueJ@(Y0{CdpF&3_!oFE{J*=(9DZ zz822!Ms=BVm#fPZ!=xtlrOgazW9-Nz@MvOZzt6$f!M<-B@-dO|mI$oT`I<}fz$f}H z!oJ1H@hu|m_~(Md)1MiFZ9F`L9#TvoUDOzX)9NC{18%>^R_veK?;%@wQM4b%#v-=o zBjN*G8hMt^gUH$+6JLbsRf%6W6#DG`dX7Fj1OGsI0_!)3u9K-R?84VlOyYj0ykwj_ zY>uu$&LAGp72l&zj?R7;S>O93>wC^wAO1Y}3$Jf6bRNq3nw|CK;0(?#v9JsS&Uge) z&9m@=f0iE8^U(Wj_|fouKlJ_m{;+)h-dVrT@8SBJt#wmN-n$ALqdY8ig+cpw?*78? z`yZZ;z$QNbwFBQ8v)<#fy?&}?RHIiV_Z7hBk)JecZ}R+prhxX6p$DCNN6%xE?D;h* zAHmiquHv5c!{~om8iDUmoFSQojlP>GY=Ub|0M{S$(07fghvw?%s+Ipn_vFmcN^g3$ zR!+ToZN7e*)4$iZmqO3{Z17CmPhzec?+IKdKIhzq8l#*z;2FB_8}rmiM=L^vLAX zNutYh&as)|^9SJvV(;Phe|)4Tzi%iyU*O=@ z%JxY5KkQl`ywi_Y&U-a{ke+4`8}XM{GF!&x74y|d zRjV4TM(Wl_RWBun? z)bg!Bc5TjDIkSOkpbwyrhFSw1P2K8t_}71)$!qUbUVGB1CJzeUa-SW`XMJ*V=!U5g z+4y`!9<057&eWrF@q)=uvR>&PUr)U!(RK&4fiA?gkEq8;H2~Fd74KwqR1hENoTf@@ z`KC9Fd!(_c8GPKu)EO6%f3KvMMz!fQ_E~eGT8aM}uc$iMM1K;w{cT(5>AR1*BJ*ob zTTETh%m=JcJr#IN&9Atnhn@t*Cw1gcb=KBG_1dNHr!@44>AA}FP zKWuKE{b4&<`;x;|A6}&O&^toTLN&eV>Vy>wm)&PCeMz;{NKvUlF~?H<=o?1FP(Om+~CS*`Dt|zZ9Bx zl$Pw7Hl}1xtNJ~uH(NN%r~@yBFWRX$s}I7j0hdtER1LVe<%@O;9p0y;Y@3!MhnYDlqyB6(*NoI2@dGbuG&CTVE$+Jdlcc127vbRQ_cKh~f zx~XR#lZ$y5!uR#$7wHdDO;h@-y{aG~8AwyNGWE=P)Lh{S^`fMSNn4>&lHX|-NKOxz zw0uaqsUEq3M!H7_{AB89@LL)@y?2_owv>8iDfRqL)z2<~PV=BQa<>?n4%IW^1;3tI zoULbCm};TF>I-cKrl6h)OqxAo;j#71V+0e=wzeS+Y}7N?hU%FC9NLeVt!M7`^OI4% zf6oUGtrP!>=IWs}bcRnv=XP|6scQm@YT6yZlgTja4?Uoowx$2;uLX5X=pU+MvSw4q z1b3l2Chyg=BAmK3k(`Pqs#7TkEMB$i|K;t}F{k--P|m>6f#*p_Q^(vEs$&N0m;N*M zi#&1)Jc(vcxphq7Gj&Yh2-PtI_zY~SW3qnHr#*mg6Y!ZneDr9*Gi!Z+qqyaJz^OfV z**Ye=Q_szSyLR+%w2rwQy&_r52xeUe|CqWauxI579+W)&ggT~h_F3cryzoq8tGCI1 z&w!56&raa8eD?d)--Yef`vSR=Z0TQCpO|>I@A;gHWz*PQ58FY`e(h}bVC9?l`kB?a z8GJTpBt14E^8BIBd-db%p}?a(S$*fveyAUK_IHQzF;sZEOg<|N&wl0`Cz1V~&K@%p zf7SUpw|6-(2p2B|&mPJ7%tOWpd%*JH<9}A=r_Xmsh>sz|L!K-jJTLYG&n+W_XAt`A zw|m@N`h4GkLG)SrcF>1CS^4nsRR7U<*W&%*M%P3M~j`YnlmQ!ggDeeA3Dg_7H+{!+_lvxo~)oDZnli}ESz z<#gek?7->L?mza0bnR!dFYzYj<2h@yn=HM3*{TmP*69`^c- zULM){I+o>M->3Uo-}u9@zBPIHYc2BINKLW;n#p$+k14jl20o)kfv=L=V{7;S!$~PKtZyKDW%*6K=GuXK9C*Y#7X@$}QGbuU8u{$^mmOGK zU2{?dH$(M*x90JGPvSh%4fwyRGq`wI(9g4vjyzla6s|qoNIvA%D&}Gpcs=_9J!kdX zK=d&Fcd$pC5tn=n<($%6{yX{}9*@4?QIR!9x!j`$3&g{JtyjA!hS= zJ$=I3FDXAFi?hHs9Oc03((B0pW-F`zZE+UZhM1#=2P`Si;52blTp#4E7?Mw>r1 z_-gX)lX9KH)BV9S)em9lvpMir-ptYG4-xu2XZR!hym9b{`V!QmRABZ#`up6Y&(wPL z+%?WxMSu6%yByvS{fzN*?BAg4Wj~Yh#nET$xyz2kdd>c+f!F)-x3FH{-wOLP{qbXA zF#BLQ{CMSx{I;XQfmya=sQg%F@(X?WLwN;PpFZ+OdseH@lOJ{95Usr6`NQQ8Uw?%0 z^?CTy%CD8(dd{(yj2b=(WHVX=c%>uk*LPT64Pj$x2lC^yFg)YXC+btPFlkm$ zA@I0+#~KHMjaWuFdMpB;a>wZijJq7Yk+1(^$oQ%l9A9@t;5nlB0-oXGYgq)ok>G1M z{+^M?x8M(zEY0tK-_V#}W>1N%Z$$oH9{H90EQ-kQH^_M@XX~MJqCIFAIq->3#{_U? z`5~|~Ly;e!Kg037&BwX=#K>`-uS-sgJpcFYBlib}8lM|l4>LY5ci?n=fn5Q-)))AV zmFfB+Jex7(me);{1vj&&$brHHBN%?(1G_dj;=^?z- zflqw!o&c_q$nS9C`6ghR!e01DJij+z&*6_Yh56#l2+aH2Mi$Q>X@Bb|2TqsvPX_Q> znIEdZ)n(*8>|gAcKOX37<+{vXH+%+q71!Ec#Z}}#vh;JwmtL_@wSgtak|U$?V)+_FsqK?`K;7cl-N~N8lTY|2kxR4Z+`E7l9{h9|HX_6#s6>@zDtU{i`DI zjRar5{mS*bDZjGT=A+TAiYJ?by*;WKsn1CBXm*j%|JFyAs0a5Rk_Oz?lLp@RIhf+_aKl{6+<%Zt{vKsX0 zEp}kb+N>Z3JvI-Hv;JxTbERV^qV+GozbWkBUs&WlTEiYIGtUP&1#byCtupYd{q~w; zqQ14K*juC-PTGIn%RVY*V$8pvYad{Z_F8+5>NZ{Mr#kWX*T3|@6;~c?8CTYPZjo?M zN)I5j9_Rtf(6gp92;5j=inDh4LjRTVb;Mq43j?2gg;TqEf$yySI~?>_9-+q@*XMX8 zN{@#E_^clxo*xc94hOtni@^KB0Px=Q7U3;3^}aCwjHBM?QRj2{hyKM!#W&&$^*f43 zw!$m)w!N^Aa}UpZqv4M8V%Oik#T(Vk><;Fii7(W{=+Bjm^2N8DHHk0g2kX#&N;lWN z>rgJ2ns0x}^gRBXjn|}GRPQP?mL6Ss;Q4&mf33Fus}GZW z*cd*n=2FU!D{YyZ3G3JIM_{wFe=c|6Q;kdg9foHD7#BN!tMZHa@*9T(-mgXAUEL47 zXB`H3hs*En7PdgF|GzUv@H8I;B+wT5YYrUO^jh63Lo zlHr(sxbf6nk;=mNR(hLtbE;M_esQI~Z;aNA) z|IWE>CN`wMoF25$45_4g4oqKsti}D^``zEEU*2593^4ll{n*9dlkw-}VcqbZ02j|$ zKCky<%8kx>>CXpzZspO>hlbaGA^x>yeO1s4!7R$^GVm~p^_SE4Air6%s5y(w6-FLM z5m#v@r1VBv%a<(O>UA$Qo8Sezv=R zetMpMvi;(>Q|NUEe)ddNo7tAYKgz&glGP_#LyGmJfjh%Gnj)~@?ZS@Ev#<;93oYD1 z@0H>(`Tu@w;Nv~zz^r_4KK*hy;lC{c|FQw#uQ*KbA8!7+E3$?UxogP7KYw^7kpKS$ z{4=&K&{+ZRm%Fe>_-Chu`z`X%aP|E;7REr|r>_m`kh=o7hU#BUH}QE`-=Bp3s0jLS zr8hSPdT$r|3pGzqv+P~n>EzV*`sYX#wES+>;4$CB5!januuDIo&1KRaN?)v{5#XnJc@oi=36U2Pyh@Te@}ov?Mv7B zgBE|Q@hrlJMHlt&iqLG>^}zlaX4sp;RtAUIW&9Xnw!$`+3SULj#Q0E=4 zfsUCnNy%BZ(9D{xA=|7Jd z>?zJ&NY|l%*=Mi$8_Fqk5`QPryE<2;jJoZpGV%>$YI;U9r(vLcLoz5BNPB}51xu9Uq0Ttz|(Z$4P2SI1gtYjF0_NZ zMH2t71N?X5gLV?2m`R?aHOnMQLQNpdxF1AKMNU_JzMEHqC^=NPzWJ18Hzz{OWN zu#QD%1$t|o#g!Ak?yz`b-huWzErx>;vVl(dZB7n#vQ4pB2D-18>1AK<`0<>WqUU+xQV z;?@^+zJ#yOgZ!XFrzZkBjf6fo{~=7DJq}!=Pt!2zb6~eWFXlNzqujh0&5CKg3Orr| zE%5PD&_j6DT&Z?wBzcft(s@R`4a}5j;GB$kUeBVL>W_SYu%&0a+Uziyl79g~VQBfI-J=hvD1?QUPLL;F$212gbzK5{$v@6dX{+39)cXJ_l^+!UQf z@+dSDy^aXJ8YdZi?I*T2_^NpSu<)h)Qh)e*S-2bkUssI)U;F+m?7zyN>JMMqpTEZB zk8|=bxzE4@nroJUuXGNUX8NSzEA2~8RmBpPkG^AZA|8Tf;z8wEQus-h<{!zf!PgD> zXf8Vcs2{jFOg3a+Mhq`>Y_RZ(hW)_%jv>Okb_noVf8x2LG=n8z|1(3O|rYv^ni(MRXpNrzfn`d)g;I-!$h94QxeshRav z)crgBRP8a;oUzNfUpsz5EBDm-a+(j+F$)@V?r~7Xz}&@i%b20o#hkt3 zrPB`nJ&zaTiw$Qw@;2F`i*?QHBzs|2;o@I^Jx6%K0y=BIB^3@&6R6t+N+K0yTQ)BrYUQc5i7lP-}?01$P zP#oafUoSLE-T1Ze?t;jAv_Hqv)Y5aV*&m(Tk0JP{qcgL!WCEB&{KLKHMDE?+yzYGW zUp|EUzi$ZlxB58Wc_Q@In)6*n1L)b2RGKD@?FG@Q)d77bVaZ56wX$+px%(yww zG=r{fU_X96bk=zu;+L%MjWFWv1c9^Uvd1wBAq?$=uvt`PwT)o+>g#v z+_edvr}KZ!TuS;Lgi>Bil^3hR!$BmDLMOZt@3mpu&nym;fl^tq2S9<7}lh(6al^s&ErtMpkg0DVMD z(Q#*d;eWdN-H#u0{S!&}Sv=kfAM0G+cFv%C8vk%TaoY;;bT2%9A2Is<@cb6+e*>Q{ zf|n(Cs_SXSg8WFum$EtjIn9!@;+8|7Vow*kRsL*;VhqU_I&L=Sc55bp?jzkzan_QL9_XORh8Jt`gAXQe|ul6pNB*b{NKYt zk98xY$C|@Hk8QsU>yp0oXc!hfgueq#{&|yK<_xfRWaqQCHN(fZ!Hd_R&#r^N8_;J> z@W;*YDg52xeZW6M8G1h3=p_yi-|mNBC*4$Y@T{A>gOdwNyT8}lJHHSf>}@C~9v{86 zcbV67fH-MC*S6Qi6S-@P&9(MS<^xsSYjZr&URBuV8spcZf93ZAdtyKLYp;*>xlXe= zTha4v*rp%T|Bx*3PETEj9=`^^f_*1CuTQ>0gXd*sNb)l4)4_Q!O>yHd#PO?ip0}>` zXA=~*EW$<^`xji3m8pK-i*K_w!I3e={F1W|4M11L`>MxS`HJ2riQgkxliXXm(6#z! z<-^|}7T!-W*nay@eLk085{yR&FpgyY&Q_CK&gn~&ZzH!X`!Bt@s5n>aD?&dOqbm)M zp+jdee_lTGx#-T1qDSZQ{ds&}1g&&Nvfcloy+a#`sTRh3-71>Mug;)XJJG4C3rfH0 zOi!ILuO7C0|Ngag8R)9{SW@xMS)&bkDv6ZkK@vob^Jy=t^4QGujLNj zva|w!yZ$pQySe;wkdJfn%Rdb0ZRxkw_@80=ZG(q5D4w?dZJqDmc3%~y+vec8+5NWl zgUP z->Ro)Dm<)MRkP}AshO$Q`2_x6;r%XXthhq`Jih%eYNc$dyv#Q#h9 z&0qK~#DBZ}by!^^nVstJoa#|wehSa?5kF<;OL6~-td7gwSN9wn<)_Vq^V3{Y9}GY5 zLeUesG-u#R53+8}k=EG(%BNNK14CA(0zE32_Weg#wya%DvSyR>4q#m2^nU9+Yl{z` zUb%drso!Y6WF7kHTynwcDV2>Q7KaZV8&_iNmi(~}^2j>R*7&33klNs}cH;;6{p-iS zY4ha19~N`?ExRVx@>paoIxo%5+b?$bPyMpe^Y))z&vORfx%`9HqyGP$#CvhAqYfJ! zT1VVp2iFPz%7q)*V7;;_|M`z$o$}QH#-aBA`}!+P{}8_s`}N0fUksj=)n7-7-}-?e zOB;vZ{x(9R;qu#{_;_dk_?Y>2;iDfI^5J9DTg1nJ_6B{a{X$WDb8>_yyME#8fRWgn z5&I{^6i3oOx&D*G_fM|kHv{=6na|~9IZI3Q&Nl=6*_z?u^G_Q5{2Mw)x@5QWeCh7% zg6C%CyMAzcG9bV7q z+;0`}lKhuO{D-8Qd&jn{$InqcMZG=pTa|;K<Z|TZo|F#XY zpKA6;+G49{hHB!vSmC!n)m)$1csXe7>2r^pv>@V`1#|Q7vaID@=4`8uN0q> zR~3IMCe#0hJ^>zt^LqHxkI|_Ck+;))_$mBe{`c&lW>5oPPL9?L$b+b6pxU8k)rdER zzi&j=bz!is7cFfwzOLHk%!$ZXKNt>uuZz(4ng|Rtk1%}~DJ9$K&xat-N*{*mPpW$;XP{aHb%vffr3KAbk1lN9%E(V++Y_ z4mNPWbm&cup)Ctfnz>(QBfG5AHfcB3!q{JfrevsAm8K~I~jKQDgKw>y8w zeH2d}h?l-Ft6*IB(tEu5uf|8caL;SAwyrPm5^q#_FC0(L9rd6Wc6`)3@W9>h-1#wj zief!ev`@n;Ni4Yb(u0fQlc^oRuO>I|wW!YK+m%tqA5uO*&))(~+va&ahw91_4GrGb zLrwnwy=TRG+DjT9YOgD+R$tl^T(^t=cSC#eqv~QS!AtwX9PPg(S}zf-+N!@$#T=y4b} zo`A8nY6y7Zx}u@r2^%&ATvajmY-(Z6a>>bA#X)~rfXmf?NBy?(Bh*a5IlQtNJ}Cr; zC+EA)>wDd_$aQ`29uM$d7vO!o@Lux}eUAO&eN%)#e|F8#`LiK{_vE>?$jK0R6gXR( zO8f9=X_QB~?!G(FL&1Fu!P^S(2Cw(PuP08%FGyeQ%`YzXnpcf3Zf=KnZ$i%u#LrQj z_4d98J$@X2)KrA4`jR2zs%aRwI(4MDsxL{jW=aOf71u2o1XoM0aBiXg1 zs&_nmHDPP-g8{BGg+s>G#lyf==}2*vDNMB17Y)u=TsLzNTrHXH;_A8~;p&9<)%3LE zt7QE){PW(1qv5Z2Z0)_9IwSE*M_pmH`aKJZm|Ga5Z>=onuT8;M@5EoT{G}NhWy8SR z59!Nj#|G*-oq_L0PO3#ZEOkEi@dD0OMvujdyq-E@m6OL9KYd#$R;epYq<6dZbw5@y zy@;-Ca@}tezHI8=#60FcdWMCefOXEnX3pk+;5kwC)7fX>tK;*PmX$Wo9$nfz2b*cG zBR}-?wGA&ZqtEnXoJSq+9AZ7iaf;#Ady~7%PV>)htKbaKWCL;0b>8;OyjXRb_08cK zZNRYw8pvN14Oa2n*7FrF9R=Tx-P(IId<$;cH^-~b;reIz{#pLlzKeZ4cUEjv_a?m#a9gPjZ~5ntejHHdKM6eqTV`Hub?f=y1)600a2tr5uB+KDpGCd6&*4|M zmzFdiJ*K#s_|x3?Y5eM9#ZH^^_dJ;WK`u?WZn*$|YlTkGX89`by4#`avbK`-ceR>WT)jl@WBN!a6Gj8?kpg#UQoktYOCFt%f0_n&Lys89jk`{?{VDM zy`Skc*El_`>A9LEiO2skP;CuG*4b>OZFlKA-7vT%VdGUC^x^`vYM_ZnK z{hx-;qu--{!}WLi@u9;uiCji&lbg@T#d#KnR2=)wb^oz;@Hmf{rKk1c;B0g74ng_-rL@Bajd%iD&!yiy7Jn^2UWA5BsyJO%l<%*`f3b0D=@vLM)zG+vpro8 zy%*MOFN=A1w!*)w;AyQ@=lpiSd%DiwZ$&=nVtVo6_h#zCem+2Xq7uI^Ac&_r&-M2g zDt2vKz)dDI*+wk9?8zDF!&C7H-hyE|H>CxJzv3dd+F|x&Xo^xKk@ujC;Uwvy)tf(1TGx-7S zN%|oAs+?@Q=wAeT4#P~UzDyMJ!!JCvW!?KfOJ&O7zevB)GoLRvZqJa>Zg4rI3--P9%> zg*}oym%*>{L#E^Fbt$jy>^~gEcjxo@$M69^jt}^c>{Z?oJF0sMeZl)?x&Fs!bV@lm z90Ok*)w24F==NFJ9NvKb$Larx|AFqyVC!1Z3+?DY>4{G0)O8kohwkcz*M5f%N|F~$ zK}Yg~+dl^^AIC?$vaGy0F=kYA3;xJ?yG~A=7pvJmO8!W^AhC~Jb*@iyl*#jrg9pO; zzaVkZZTKU>y4c)9`(B+34o;#*{bLqKD2#|HxJ@K_{vY zTJylklb>1 z1G{|oSBu68mYPbTOINz3;lzu$g}VwEE7bgae1DcIc< ze9;!KtJZVT$vuVmq$iItx#qQ@xOjJre2dG2z7G=k#Cx+j1g?AJtMFiOZ~JULL(f-U z?`H6zyk2L#*!aXNkwN*wtMG-fJ*TgLR}{0T2DAeHd5YKf;xCI2u}i0EZ=Cp0JgIt; z%ZH8E2YeXVoGsjw-<+{2;6wKFZMQWCpT~lINliZgl^H(rZA|e%eAMLg&ini0ou-=V zFXiEvt!6)F|NJskUdaT!qPl}>P64k3bntoQlVLttJ5au)B;b=H!6T-RLHoFEo(UeA z5#f=;#UIi&l9M!kh;)y8xI8f?>SRX z4)b&C9kJypVlQHc9%2a7Yb!jN+S<&p{%fa4xP5ob#9G#G?2{kx^=i7F@m(u;SWo|j;wQn*DPd!JC)xcwEca2Yk>`K|FA9%}Wx zYQ>Sdrj}>w8rA2ga^0afcD!S~H_2Q(HP-l|u02}Uj`I!>Lzrvt4X#~3)w|mKzO-@s z`uBNPr?~&r(Ybpp=KY-D9&SBIF`422K)1`kPkc?CRkYEc$2rjk^pyx&EDk zlWKY<)ogfip*N}fW8gH!I@Q}w)6SjA$?!XCdq45H|7^dH$(zAmu*Qk<<@Z)@n3z~R zE{re1^?3(Jq5f?%|1YP%;vc3Lhe0LJQf&4)t}Wy~#qi6L>kIDI zJ>$H#*AchhyAdB&sJWq zOwvDrEY;FuBOl`uY>D=+TncU5CgPXDTa$REt6#OgcRn)kC!0JqLu8(q8ZX(#im#11kSPZ&`GIL$U5?`J|B8~s+Dh9 zU*lcfMXazMIxYgY>p$vUExn>1uS}I^a>&A00eDi*62ET3`i~*U#L(s%_)vLf_ZoED z1bt`o&vVg%i+R58@pIvY=hwk64dNG`RR_NiV>}u!CCAQh3$Ksg-2~nYtmwq|@!1@% zxx_2nQ$NnT+kSq6U>WUQExl1i9e)b%>reGw;N0SuxcAk!1naPHY-ODm4$()?v-r^d z?DZe^u5OC{23u}_vq8VHaIpsQt#nf%{~O+@^W{DR9~43dO9MYQ%l;GSAUy1n9N09MVTt&SXI$!e z&30|t=OX@Fh>v+byk~ODz##eC?8TcerRPSyN$SIk-nV|B`?62Ny|3<}xky=^T<`nV zpM1{I#q~ASf6FzlzFQjE&lX4S8#atRP!8_nXTq!MHH8<&C5~adXKU)51$&DhnI!ZcSUF>nXf?RC-dB_tOxWA$$D~P;;6B#2mD)E{~0(U-t=Xi z=WBnX`g=pNu01UdZY1C19K8HH-(}@Hf{&1VgO99yHx?TC{=iCKzLBMze7o|?+QlPn ztdZF?Azn>`56eUB?=k$Xz0v9|UVU%lUBu9ar?R{xnrnTmU;I=KKZ!<$*MZ09^>|CI zc%A#?WMyEB5^RBK$ zH%%qqr#`41+QSAP-Gt9_GyY1iSG;Tye6Q=?Y2>$N`I3VTw<{mf3H^6!W({^dbr!$J zmpPu?;SOY_>2JLG!r$@l)U(aLv*px(Za==zTYf9|5l#AJXIJ9`t-|+N?-dz%q(`{P1nGj)H{j>-eAAo6I^=gvKh~RH&u=F4`^?1k zcL@gd-spF(9@2ZoPWr!!xWm22*74r_Mcm^!dw=dNy{S5r@^y8<=-%Jn2i<(SZ23vt zS9U{dt7T19{9gE94}2?F()elQYNR za(tT&%Iol~O%;k4yq3`~C{7?|9{u%CF0?zQ=d*AeJg~vauAN|~NZa%fy;|xwE>&wRJd_(VrXRp2d;MP)l zNy+ms<+G=*U3#!MR#W{7{(^jt``}}}PN55^pDf=>et&wb=63LO`zv1AvJHHmrD;6K zX`bu#kZ=?J<7y;zx^C_9&~CKy0sfRQ1>EVQP3j)Yae>9rmVPm%3p4zrc&P04Ze&& ziJfUe7iIWO)4S;(hF8>&a4CK;KH6!@E3Tg4+r*U{;1}LELTh_n@{Y#sI|~k;Av(0; z%dFsD>JwkVy;gWJb02(&(^hZ~@r$_!yml4$Si#yVJaYImYL}DOTP{8@yc6K5^;~Q) z{H?t$+6PcaUXWa%$?2~+lm21qy7B?B8PppJ6JN!CS-AAu71YnQjx9W2*VPg;ujEhq zPV>YzHH!aZEgu7xmF9I(%UoVZ=@orH!SJBJUp?mXopQ@F{J3$3<-PHZd{(m@|Ht?$ zF8@7;-gt9tE-t@74Rsl4dp5k$ z25+1VZ`8pXzUsAhs#a(HxU+8(uQYHqA`E`k=;CJOdY%PMVym5Pf`_cV*WI6h$;<0M+ zfat%Uz0Fbj3tz1P{R^`6FEI31AHV4TP4MQ@fAyMx{&D8~LL2dkrTeHnbXUH}->Xww zT??&c(~vuAmgr~nyTOl3hdSRkzsk~qdAYE*#Bxp54K-`9=zD=q4u=ArRb#7 z&qb#9$TxVy*Qp)o;O=?Mp=^MS0Jv*eUjw8R|!1EyRqyl&r8+hI^Fg)n5 z5Inq}G6Z<07kMv~E?;`E92?aTE4aD}ooQjJr>Dk+>DI#l(;Gh<97mZtY}_pB_b<@tU#NY4h1%!u;r()SUwM}I z%MI@z6Y##yzWO!rq^9Nc-&421|Jbb5Zuox|{!JZm2e@oIpV}LCrDGCxCv0CAe6ep~ z&2sy^ZtiicBP+9nEAHd!$YI^j$`x=dj(OEfj`w=%r&HrC@|G*-cV!u`$MDB&X|0u* z`ZT`dY-Ml4=PJF#ABBdY>!(gcw){HusFu;Z)?TxB1pkjS|ChBK z#s66!6TO$s6;FhR#n14!W(9YGuP%67_G$W4fqgF4khD@Q+ZS7<+G+>a-7 zK9>JJHI|qjeo*`#hbJf5V$4 zXJmC_KhLu9y6}>DGQdkY{;uO2h5REk`zn_|R<0Hrn|NrfVh!;bFvo$v5I<2djABj2 zKeNEYPr(Oq)eD!g-wS`d`V|j-h_57ET|pccL*K9VVtc6j?3uRzhL_r3zvj#LJO0hkYWqSf#KZ}l$o)^A%8+^yJ_}&uWdx?B`B9X#6S>CHr8Gj9cL#L&cEq2ZYkEr@ zdcf1Ol&2#1Vel*eSvD0pxaL^zPQ_}A@wu1aZ{w32{MZ;`5k9wKeRG}z*J(bdWM1#} zT778xz6e~+La$5b&?~!rT7h?32{{wh>w58_H=+w(xjw$N5#MwXHtQAc8|OaKum59u zA((v!AG^91m`yHA_v;Am*E`j(|CEqd>U|$;(({6v-eAx9Z=SP(=S82h1zy{+Hg@3s z*ecnZr-(VUmMhQ;>d{wyRyu_^davSW*@X*8h*UbAhj_ zy7T=$ubjLPC|GT6n}qO2MMn#!+U6ty5zwKn>DZ~ACJ+=fwo08DNzo<{5HWTnXoptk zHUR|W_(F})K!I}Q^u1(1 zgl4wBnWC&5Urk!N_=NHXC!^2mSPLriWmPs}lW#{4&gI!V(1qVb7w#rc&W}$+{EfMX;%~|s zl>elh!K~=g+nk(1I~LcA=dHlq2;9x{-~+~~xrci_0k}18FFxCOt^@wEa|e|-NRB5s z7k&j#CHSc$U+|aUME>KNs>vq~!aH3CCt2qC1UarF3{C`Jc61-VYdljjlna?vcjO9k zN*L3(7~9m4#+Gez&$@|Iy*n2_9sSZb&htFu%#MD6ak}uN@<2b>;rs5XkJwU??9tUGwzO8UrN3~_ zpMeh=xb3MQ)uB|ol9_g%Pe^X~GjR-LKt7nh?|@hB*hYGEJN-2Cn{wKp;o9YWQxhOX zc3iyuEp%E54{FUc4<4KkeHK8sh0scCQzh6L`QwU@t?-PQ_@v1Z!H+X@TbI8crr$zh z;LC}Tq#*~=4eg9Q&e)ls>})FmKeS71&5Zvij9=~dj=commFE+Te*=9iXZ*E{yM;f= z;R?q4kGYMi}mm5%J$Io;XOnee9Tqr|g-0smC%pe>v1IKx+7v~^-U z3)vV>|D(`1n<522O^NRw-xo0T0oJUiKES?Ezxn{28Ew`=y0Kllj_sz8gY@+Z{h<5F z*QD08y~o|HW2u^!S^Q=5XY7Wt5sFngYp(l3rf$G-{N;AW*NNcI+A>bIP^2bN=AJ?^7c;t8vLUw;}2S; zBY5^^_UvmcYU4cq)DCM|-RiRrIjLl>-GN@Xmi7oYevFedH>r$)c& zyq<9McjP*#&&1u4mbWMUsy) z{zqTDy#D+CNYkI`V-&nRs@DdNGB!{-9?j4*5f~Ny1%0_TE&edE`jzMiV2(dx!!5ns zZ@f352cC;mbynKr?%q0Z?8i6t!EuZ>l`rM?@tNDPo3!80ZhlmK$3-C?JrAjVL@lRKQ`_=|x_xMTDpSLusevo9%_O%lHR%Yld zJ|W)?xLe_?IJ{!`N_d7B?h8PxgFFj=2fj^xYiiIgre;8im45IQ{yN#4k&aDC|6t97 z8?5v?`RmFhe^PVHWj3$0()MC4TS9a{PuYy>F7D;3H)}F9E3T! z_IjdxpTBT#uMK8I$6%B4u}QA4h8{4sXpDJ2J$gjXq64(1DVfoFrp6G1w}qG9F>pT) z*vImmVE5us@SD9zw3E(yrQ4T}bxP?+ADFjZvwn8>;Gw^kwm*PLRlDn7BxRq=}C(Xe> z_kYzYolR^){$*K)oqv=;d*Yok>_8s!HW@o0-|QfEU^aHZeYObv=-EZ&J4v65)}8A$ z_ft*ejOf%{;sHN~j^HeDCwd6HYAvs=k}*7veB6y6x!%@4S|^kYy%w~lbt%S#oxz@$ zcC#K?9kPzsBzsEBMp{c)MJ+8m-&#V(ZfV&kutl7+P&Si1FKk%XSY&@9&$EYZIX0jR zUhKv{srHc*@I|Y14zSN%fbB*^oOEA~(wlcfp_}_=Y^~UR&H)4;j#hzAUpNfH{?I~lA@MFf4S0a5C zjy`hh$@Ro5>U;6>l!KG!Y@GD7LEvyQIpXk#>HnKfe0KcOi6)xCOXyLZkulpflMy&DBg<(H|p1LxQL#7>lFL`sHTd{aZ zJ!C&GzM+jc@SKGnGWhrEp}&F#Mi0?1ddRfdPY==d06hfn4ylLu?RVq=dG*k*xIbGx z^qQVUE{q;RW_tC|k9+lyJqGRrz;5&quzPXXtA}XkOnT^9`ZIdy5nDDp;XRkfB1A8iWxaF z*p7VnFb61S4YLp#%+)6{7^B`^Au`y=XUjb4u%M~+uJ#^u_M%A-*3#cr`fEVW=Hn0U z=JyvTS*6Ua>Svt}O{@L@l*mBr94?Y5CT01l6f`N-RaGh>Fp=xvPVs07=ymP9{6v_4%Ph=Esi$mX13i9c^M| zv}v!&WJf<|cui|8;plX89pW0lzYISb-Tx}@MCgb8j=lCS4xc3$(|lr`tz{a2uzR0u zANXhkA369g?TxI& zy0`siE7|6OTmF^kdj)Wh<5|7i2E6Sz+xpjSe<01nbuO*PFP(5gxl)S9_0c*l`hUo| zu=fIHnRS3x`dUpNk{ewYFo#xbRDO`;CSb;_T6$sj_@;HwVO~9x=Vfn>A~RufV%w3I zo^)(8_xfHr&S7}N{a$v-#i!&|XGy8gblw&Jj{yfQi>zd8g{3)&hyS(DnEHPU9XqrL z9Z&%-L?iIgJAUXqhFWiKA1=)%E**P9dw}h|?&;CT8N1>DuRCM3_x|>uo7%C;v}h@` zeF_+blXm#G2cCPay~oJ!0%HDi8Q&e)>KTws2H6p1U1ft6k-(&ZZyv8eMndgFtHo17k9K?cjHf*Of7yzn2LdGm#O^H&%e_ z&JxxF$hp#c>@#_^xy0t}h2U3ucY_nFX{ohnGZ>9bQBG8_zOL&1_3pDRwYH9aoSKze z@a0#-|Lw$sbk5!b@c;ez?@#deE8u+qTWQZVw5Q9q=QF^qY^d;CWO&S;cN{RdmVcNY z?csZS{V+Xx%3Mo6(xXXpZSPnAFLN#bEIs<3=b2-k>!aq{ZnKMP@qy&8?mcwIEOHXS zr;$f+n82570e|xA9X`^JkpFjE^)1f30nn#dn$A32J{7;VX$A z#q9k^(5}|U7r=AGdbTTW=Eji9;W_29C|21+zQ^y(_%*gr^fv}pySC-)W(=z1m>q5M zT>mTAS|ik$er&!Mj}#Bst3+CqB0s=PS-Qp@HF@hfSW*cCGnn?x%TQ z$4%HXHdH)?`M===J7m&S@y=}v;EvD@_&&c2Wwt+)<_D9RO z9xQIAb%Y0gJ}_oB-LvQ3U2i@>Zg6UTbUym8n!Ox(_4he9HI|S5fT!I)^!zKx=RRcnNk^sw$nzfl6hBDkH#heBCDW(&nOo7ncKW{# zxQl>)Hgo74<|Id;g>o2+m{*tG>)WRI=6v)7dB)VewMG}^YJW-1TehC?MXxdKSkWu_ zEhob|z8Cott~7?_#8Q>(seDdXH!Wlgg1==#|1q$yJgG6b@zfIFe~~}MQ;Qgb+h49{ z44*dF!RYzw8`$@;u04(%AjQi!pQ?UjvvuFPd@EEJ7xbnXV`>+-wRpLboVnmpI#j7_=Tx#Vt+B|o){e1IqU?iR~`P&R+lp4!J&a@`UL z9-PVg*b}E#J{Yosb*#zmOypR}1$-xcF&BO{`NlceH`=LYO@1PH&nG5?&&b}e>K$Xi zzwEUa2I=ITj9IYhx{2%U=0386+<>=U;M&zOk8wRfCXk1he%4C#PF|#0&vt39F}K|V?@mQm zUjhFz?whek0qE`WvGnZy@R{iD=TAQ7wb0!?`*kC^B!2E?hZ?w+|Kh$o1{lTz%LM2N zpB|?T`C|R}U>|%iL+k37$VO_NDlIw_K4=D>nc{uuH<7jE2=t#pTg+LhmD48&?G4xePKQ=9pf38If_Z^eNru@x|?0LF3U&PlNPxhI3vixqfGle#o zcONqI^NS+M3!qDkPszUf{f`zh9|t%6;=jnF```>Pb&is8@p;M?}}P-BnSQ%^PZ2{$oj zi&}J6us)%9)Z@quG2lc6_xzUF#OFN4sr>b0KA=WE_F}K{L*6c~Y7C@LuTkD|O@4ia z#>#h$jlSR)V#F(;Nip`m1UadNCSA{w$A-QTjxzTk7u?G({+9d+_gSq2$Li>p@3poQ z0vB$)?k?Vo@s8Smd!+Sfg#BSIu1nNEad6?*z(Edd4t<##=)mG{lnwCJyF5A;m{_C! zY=D@x=HWk44hOND=GF8~`z`dNzNM#yv)IG5#T(Ixg;(sxet zTPOZe2Joa+P1q&9OTC!V`xoDGm2#Yz)0J-Kcg1pI@V4}%_~Bbyk;~PQUU=Hz6UCJk z!*RzEMz^P<+cVI~h192eof=%WKDGU>`|e_%!SkNH5+f(#agASjC8CG=vHfQ&`uE^M zaeCoJb~oYhOz~;P*GE6q6C)oS_+xe85nO70PPESZ3g_gakGm?ZWNWprz{D4utR+vP zm#a5eORj^js_XGx&_DPXRc%)8v?BI}H~y(-Jvnbx#n#dttlL*fcH`_%e~jgE~xPjD2!)Q0tb>%wVq z>f7B+`@+Kp#`9GN55#oHz4rCyULR5WzAS?WZy(>MkF2ousLRte)2$bT$FqHZm0(=r zTQX6wk@sCr{H6Mvz9oBd`Q-cM#FPyEGHtv*#hldOHQTr30mXfTz9lvI`iIl`g!d2g z{c_^#8(II0hrhdHtZ)ZBMeO5&1_z75SFu&SPVUI7{Yi78bAbPH!OvLHcL!H8)|HGk;tSR-pvFLP z>~j2v>K)5o{D5^h@sX9xAvP`BkcJ&GI7N8S(ub-VeQyb_N z_0@hSaTd;G0N#QOWF9?PC0QgtrgS#4Sh&}>q#Pb8Eb=Yc0G$%(aLJ`)S$k6?pFha3 z9=&C}^+GN6bh4ThO-~(f!1#*Sc}{Mc}0o8C4$1Mr?xg+f~Zj(zwxC^N-td zD;&fs`^!0X*e-DK(@y)Es}Bax#l$@Xi{KDE=K{<59$3C`8d#nH7ULfPw+|m_ug-M= zCf7%rPK^Y?n(7;EX8eL@6TA@;e}D(w%OCqMay6Qvv0{bqaZP=*r1wgOU$C#+&2EJ?>?)u}%>n~bM7FyW3q*4+n_K_veA=LGA8`csIjqgQ(%I)AAD;Db*9Xf(-!4b4 zBriVZV&YSO1l_`Y9&)7qHeAj=2`f||2lg0p^zO;i!`I4lZ9La{hUfnC48Q;C48Q;K z48Om8hTngFhTmT}&F{uWI(tk4#FFBL)H`x;KM&k5cW}=cw1;~4m=uEJv&8+2dk4q; z+S9=FOLT&GJu8R~XRoBL{miws*FyfAVlK6;JBZHmkM(;leuA-o%)#?`u8=vjdNL}S&we|uxF?E+O-Q;pQe4=4-Z6B?df}`u%}`A z%c9>a?0vYicVUae^p|C9Pt|OmapOA~CZE19zEd=u=ZHxZ^St)Ml<-bs6n2Vvbxp2S z|5nfY>ua)^a}dW;-Hv^e*(*(LB<+b=4h@+DCKV6b{r9Y?VpH_}rJ^bG7oYb0{VcP7 zW1!}(BL#L%i-)Y z7{{P9R-iLfN2TAsLGDLG>nGU5xDtKQN_^!B-j|M#wXt;gJ-93zX5-V z*sspBNjBU;zCQN`KFLmFcKrfi`ZvZ=PR@u6>puePd z-~Pa3TJv@LQT;+V7=Dhq_YFeNponU zVj|C?GvX7F&k@#}(hYrc%T^>5i{#h1pU58+$k^JC0e z#dEJiYu8uNy>M#qxXByD(+c?<1XQ%(u!B)n6E1w!MC1ws9=$(U(WgS2@1KQxHFzqXrsu+~k%@xy$ zVT)})8{7kjaJ>nA+d7Zj-St*M8?xrcv!*icM5gsZPKUMRA>=gY3G!BunVg;Y^U_tw zh-j9W7pY1F@>zbXStnj^flqRt@Ga3APfn?C$zEikg=cE5WjpkacwJ}9>zVnirP#kw zquBY4y^a^;?DV{MV%a+PH|j84kn=k8O8U3oyRY}X{rsjenH)vNC7mnS%jrMQxmG(7 z--&;Xt&bGcP%B4mvpx-h z-juWFz1w!5nfDY|oC1%=%zWJ+y^3oqgm1+-Q{!fv!G-o|7ZW%06F1Yki~mYKp+O>_ z?-@%GI!`jIeO?Prt$5It*$Ql{ckhVaHE>HNbUzq=T^v0F zjs}%a`aWCv%smSnRimTkK%d~^imMu&m~aL9OSBbDyEgzY<8J|GGaqtvP{Y00J=UaG z?V;ukd-4vD1GXyYdvo_fYsqa~uUzSSvw`ajuEir8;cKliH1cWuJYp~Z4t)Fg%fSYx z>h0DSpj#L|l|P2w{yuX=S6{CoX6LQf5l7y~5cj~ZDrneaE!oH1wxNZ3e0)mBD88!i z@gcR|YMv?4cRZ8MXCDuH&UbWcbU-JKTQTy}Jy#5Gu>R)gu*kYRbl8j7QWvHQ%eU1^jOh5hQRGVrQkNT9?B%(>Q`?D-*)pc<|m_&1@a@%In#B$ z7aj7OcUaK@{yw|o)HcDtmi@ik>8lgEyY$nUEguf=^QVb%6dY!M>LkTON84-1_^AbD zd^b@vWIef&@$244-7v`wzUk;O$Z8(z5SsUF;P)c-i55;IW=*{^=|aIIKd?+~^1JSf zK4wj?)^`_T2S!?@_i}xh>j*x671vt3Rh_2!tO<;x{qeMa7@uhpaf8jYpT>7u`{>bk zytAM0$eF2B|M>J(Y5eWB(kk~buWW_KL&O(DypzT|e%4CVRtElL96P^>cY{1HxI{-} z;8C;g>BJAWG+OnG&@FBb(qj4H#1J($`QYw)@AzLxrv#%N$Y#d*taW_?zd`xb$VnSM zN4}4K*z3dj6aCu1m9`b1#Gf>Kztr|sv@Lm8`y*)gO5q2*7cp-cFFJvnBJ_oKOcNO2 zM8=n+KCx*D#)X_=N0hgd7LA@ozn`QZH!k`|@=!j`y^Cw%EuTJA`%U%nf(x=yQW3pYL63deGxorJpVzv#y&Amv+Lm6KKo;gQ#>rawBB?5sOP%g zbNx?TYc0eFZI#DY%pM8lI*bKI3x^FWHL^I}Y7d%Xhar^p&hEVmv*XUvMq@Oa3IA<@!Wk zeDKzUY_%Ego`f7dK;*%8m(kjP* zFZl70`0)VryAAr)lD{cl{}yzU94jBr-J7BMFlL^~cU{zd60URxanV&yOd1}JIC~P; zQNKvPDQ7^reI=~h-{S1`1P@L4JZ4Yg4C2!AHCNTRIW(c@Jo@%?uUv}jxt8rNAubcg zXOissXimS<^>j2j|A^(!)$ctzs8#Tt@({FM| zg%{<)w4r<3v2QixF{VogGY;(^S8d-mbZ|Sqpy(`m7g}lE2awGb^FYV z25ggb8hlta_F{6_@Hd_yCO;M(pt%6=CdV>w8Vj$uytT#AtF&))_LyAd7%QhO7;Pe- zLVG~Q0LK$Nw-DTy5N{EUcJSMOb~&+rp8r2w4`yTW71vtCe#U&Am@ey=KKfa%y5ZMM zwEbzuEWMP6&UAdnLvAfA(VBY1rUrvQV%2}2KBfO^IE%-!LiM&EZ`*RWpY)HQpJk`% zM{~C6@W!<%{IS5{k9&vUkBqVMC;IBYC_bau$i6YmEsbC1&MhPBa`DR=@gej~GkQ|G zb_?rxB_o+5{=m27A>=3LKddFMBab=wjPO=z&P(WOcxlWiCq^S5lQwqq+yi`ujGq?S z(GBf#R@!kBwY330ia{5HOD850W9`O!pYy73$D&Hyl1k7b>oz61E`)#!Ho zi_*Z?eQ(Ma4Fo;k{fG6Y_>yjTL1 zVEvV+;5j$teyDz387aIOS#;{RF}J0L|7VOW=8zvMKTqSRMaC+SG0myeo_Aac^!t3~ z2eK{rETx*;xNT2V+uoRsyDo$cNR@Bs{n=LL(;;MBwo@{m;QsNS+Vkc!!6Ci# zJ5z)2Qhc&!XM*#OOkB~4dHojuD?lx~9Abrgup|Fno~k&}GreU(O;g2)V4dp4R9hES z-hdDFbNNQ}U;dY#oiTnNj9x?0!vg00*tM78&0=%_>wCSi(>yD!E(e>N3BNWoN0VQx zyy+g~x&j&KL9R3K&1BmK>r*ySv>Xe5Tss!eLZ1w`=RDJP*!IkwyZ-t^+pf9x>^A%Y z@BB(@35t*4GwvjoUQm4(x&t^~O|56?;Qc$`-SCW4U$F%}=EPTwJ^0br`qq6mD89bb zS@(gr&X!L`o{3MqwH@8Dtv3W?@O=q!rCwP;owkp;)KUdL*P+$;kJ8lDYwbRr|J)XIJ~c3 zaeOXq-H1(8ECf7G0FOO)*fwDT@sJ+H7l*(pdipK-ECybu-fr_e>?Uot-V9E`v)XRC ziCkd(r&h*luL)FRYeRJ|Udbt1Tl~eT^;x?^+sPm^dI<%2ZHuNb^ zq0d}!YIr{wT@QVTcbeQ^)~ODzB$lo|Rija7C${tKW-DBmj$fr(o0-rs3mUSns@S)Y zk6-_7-&&bje;WJw)c9kspCmo1HaUl~Pmgjx``>Im>gB&x==II$b;YX1FJ7FPe4OdR z7kqLfd~y?Gx*3@uPq39ajP`7_laGSo{z$5PN~Y40&+Ew17^_&cqnqqFu=dKOF|Kg*J=U{7i~Sku_htNkiGGLv zuDnWimGhmRi=RFbodph*8|1dB{WhC<&&>VDqBke>-!W`Q_qI=CHqQM1yXA&TDoL{MP0IS0OtBj6hEzy>3bmV-lW5{W11-LA;pOvh) z&$60&_V|`G@_P^KS!X5pC3fAbW@J20zp3jr@~P!V|2z3wo5tDx<{sKtt=v`kG7ZEX z0_1G&M*mcdw@RNtPmrtY*yHMT?Z`tLHkrB9=or^=-rGpdPe+vXv`;(hX?!PLQG%~u zY*`0o)0GF5f2#Ju7T&34Embx>fzNN&I#_2DA7Ss_ls)NPYYRr!)mZ*It?`uuZ{!o! z3+i9;)`sp@{H>W7yL5TStVmN1`G4v7s-4*Ubl;lCW?-XnA+oZV=;~Xu$(FUw9^V{Y<)9W{&%ZO_nvT8no-O^s=VD!t>g_NCI$X^}l`*RtLfqhG}ukAi>B2T#V!pjidu1OAJUO|6-we!q(EC+U0i zRwH_4W3OHbM$hB71U5UHPuZ5`=#&-clojX{=JMeE@_NOIZowARcy!9E${9hYjOTn_ z`PS9Mb~zWTw4dJaz!yRH4A3i{-`OAaXac^|ey@JI-;qDd?8nKiAOF>U_G^2dYrmkS z(jemQ+>zF_-Ve)PJ1cDHD(wQpM&+B(9O-!&oY zQ45>v!koNm2$+%UvxWJN|3@%u94;=jzN~!&{e4P%Y>JP>*y}MKTXMd!C-NCX(J@@> zQ!)7AT%XDAUi#e7wxHITE4cpL@mfd!Unc$EcV42-NmPuZWGecO>t=L(4E=nq<~ryc z<}(M|$rZsCu4_jRO~fbaK#vGE?K>Kw+S$lL;A4^GZJvGp%!y1*$IRaSN10~-k@`{& zw_>50&>@bzM4UPy|Fs043>j?TnHcnp!_&eAXW%AHO*?dt+lS;#dcl47Zumm_-kZbS zOk3(t?F`z6=)gN&tgqZo{4Eo`a69?i)vN<_;m6<3T0mtZbr+G}ONeWJ6S=*EwE)F- z?KKnmT#CbGM}I?ph~O5y@-dVbJ7Mvnt9q8A-;w2Ou~lANhJE;!^!KVYV)|m@{kPNS z9AX6EttpdpkI{YW0`#NWGcDMR1UT--S8l-u*w0f3lXzS!zm4Fzqm0AFO*ej}y@$oF z7u3Nxl{c)qWij>*8@z%W;jjgL(}is~f`09og^du+q3;&xdKCM#`yYHJUwPGq*0eOf z+x>!FC+Iw2f5*CP`pc~09cJ7XF{F3!3l8)A2K?~D*y!(pgWc?_DB|-dzwPcMRu3-h zTq4;VjV%)#vcHAeGcS`5yC>Q6f@oss1--GIcFnfw@Po-g>i-_=#p_@G82aIa{a&1R zWOoz1CtKXgdrN8C`b*01@Pv5n5`Iezw_ebkrV=>EY0NuWm(aCf{(IZUiQ(_$DSm-m z2tMO;^ZuuKKLFf`S@u~#@DcUCY@bj0pt9SoJTIHm2Cm}3)C^3D*~EbHeDbN%cs}*} zGQOAoR(+~9_|SXlx7YVT7GwAx#a}(OUNC9A@@WFBpU78mb>*{vGlZ_hHVmdKmA4V} z&QG|{gRiC2R&XBUz%vPKeb%S$16swwwQFC! zW7J$~8Fc)Pa@d@h(`v2<*cav(KYXUYO<95+ap!NGON8y{JKsbxJlV2Fa>K30^!m>P z*yD47y|-PtyT#0#3y~|uT)mq24&vA2d3@TXjRE+X=VwA;-t1jKN>sEMLYfx*5 zt)?yAvWxmAW_?g=Qt3;#?#iIv7Uv^XK25vS*sJU!HzaN8gk49GlLp!$L_*c zqn(hcBbc^y+^&`MrF<;%Q@WqzUE$8glf6En`vQZbP;`R%3`WP9&u}!~e5OSu4_YtG z;nT&R=4EpoyuIL^?*fN6KBx7jmy~D4`>ZSXkG=67_N?D`{o*YD z-z{?^Rn7G6+Iw@Jv!PdC{chDz(4Hg3;5UPd-Q)yb4^D+6@)?PXg$@euozNi+-d{EN zOYc^^J7ejSyC#G8YAdtyVq%&P@>>truY-H)&Q#6;pMj<0cQrtl8@LWGow&=!tzPIm8fNWtBKn#&D#}7 z_th;7@-8;k+rH-V|7PSWExLHa)!@He5RX-5kFCZVsq^(lnE z>Y#7Q#f)LuMEhKy24c)lG2TtAA9~?w;JGQ_)_qQ~=%?Waz5g1|3kNNM@9bbN<9dxP zKfUHH_gS?$j6RrmHq}o2UvK4Gjemqb>l0VkG%e(QEce7Ao3f!Jdl~!nOFV-bb2Uxk zQTZWlz44T^XoD4~e9CE8JjnU*>tpy6(qGN_iYe7J&0NXZL-~#kMK_J^l~ zU8a5IQ9606^tB+hz3DYgm#4JXN*_5^sB$lSqkXIcc-*1UJwwpwhaUObhJNs_*Tooz z=7|aX8O?jLfL-y=h3E{~rOyGM;w0jI)$nM?7HfT4@t_8HQ}aNrJ>5!P#a8gxKu$tB zysmW*LtA(4jd!FgK4bVzxhc#S2jjU>z=Mu-W3a`kV;Y4YfW8z=2OZw?%I~?3@5>+Y z_}Y|n1zk111lI#(DrJ0`=QzIEX8odXy;bxR?LlL?9TtfKnm|D}+1Rp`O#V6;QO`aZU zdXjiVPtY>^m^oXjslCK%lFZ9D{}woC#ix)?QC$2m_0aJ#d<#mI=bvzCBFCB!2kMOKyRsUT7XpLDf>7W1a(rg3k@;wu$Viq&{I~ zw(J1>tXkQBVh$ymx%6s>cF0n_^j-)2p!u$H<`?tbVQREJ#G0yjB-58sHx{|WOeZ{}+%?JQOMGsIHw2T*6Hmeu+u(^PJi!?W zO@)kOFR;(1pB{V-*a$9ZbizlHj|ZG_Jk2=H=YEPWvu+m8 zbm5azpRrPTcI@A#{VX$%F2hf<6Is!1L-f%Je|5oU;&F`ydp#&G?Trr92Y2zT%}MtE zEm~j9Nir^;k$%*ePb%G5 zXa!AvrPoK6t#N&1$w3*<>_e}L2Y17RuhaJZ#)nJm-U!ZH%kTrxBl7>{!|j=*HL>%E zC5zr^(cgUWdhRytfonQ1=53ct?+ON{dx;NocvJ5DU{pk)mhTBHz`LEoi)>Z za^8UX3`dL1XCPY0=Kybl z#N%; zd=?sZcVb_1X^YqeYbLq%H+`Ad3h_Fhohx@JZ*0I``{j8jwzAe6JJ)$;es64r``5_t zko?qW{_N(;IsS$lmoPZ&^+9Z3`v)mFl8t)GgP)&yctIM)<$vXjdgr6c7tx$_yJzf- z$Bcb1eBh4tQ$vlFdBR|0ZOvib!8=y&A7-rLf5j(i8Sj9+B_|K0l{O3E!^QB`M(D=A z!h_>jkJs6Cd+{w?{b%b7TZZg4;ZXF;gW%;B4_;hHhnUT|WC<*zH^nN)c?0E}LK>*?`r>*?`t6HQ|k)T1DVr~M7e@$E;) zuOJ^klfys)SyvQ82B0W%7n;if*_=M&&M)H-kie=N4is{fZqi8F!M2xBq1+Tf%Foa8XBX7m*? z%({it6BUf|d#fEdW5`?_KJvl|pYm*|Zk6J`4z6|sqwoEm(i+-Vn+b5W3I5%vd@OWx zqx1PAK3!cU8GP+YTSu)Of}Yz_^sn-aMb7}Rv;H?(eGy+SMNiZ%pl-78Dw@tn_j4bt zn*ofh|C+r<4Zs)yC%Ts%q84V8Wd);(uQiZ2X?|loqFXWJC=<=mVZHMMC;mns>kK}e zd#yt*W?YL>#`cIawqG)~UVTEpUVDnq`e;tjdOk*t*M4on@9|Oc1wRvA?z9shW&3^o z^b_%GuYPj#u*J zj(Z!I&UMe6WL9ywiKseRjfZ~f7i z=u>dK$fqlBE-ub|+y zCZD(yIPzE8*K2f5-l_7d7klAj&!pfh@w`*wd8fqlPO~#6>dG2j9kG0`^@F1Z9RV)> zfAwEP|G8GgmM=%=2!E;gX`ICVftsoH^YIn(axbheJ8IWhF!OVC344%@KKZ7H{>>NE zG%fe&r!(2-Z=AtC|Bci3VD|a=KA)XWHBme^vM-;i78_N~K2r30Gx2TtEAl~=L%kW< zP+nNPR{GvvC$2`0CbN%`Jt3;|O72Ind%-wt9r2vjo9%UW*_fcx zMdOwAaVt<)PK-hMNjD?=31WB6jEB52lY>;kKA93{&oq8q(@NIbwAMNkpIkAEnYn%Y zuM&L!4*3#h-<9)@Su?{Y5Ka@s4O*eg7Hl%}yl%<4)+B1jTWc$}=Mj^LkfUMeV?OXT z+VQ;8)02%)G;Et{)x;~Q*EXL0XElNPwmU8ICn7uA?$$9{g}VX^#cs5cS;)dzYLY1y zl8qb;Lk=1oIq1wMk7O1+-A@jNfy*q@#y^3_&V2G4W+4N}!BJpWj>b`Nc!YP#eZ!ci zW*WJ9T(|_+F>o0WE_prxF8%PhizlxPFrO!ej{gfTFZ1A1`4G}W__)Upa^}%Dz^zBu zuFY%wWPR|+`|DG`>**f&-TQne-K6>a@99H4>c&sy>!odRY;#s5`QrikNW+c(ob+Sr z{nn1`cU~fTuweH@>-eih@Z;6~WNf-Wxsjac;+jv^-^~8f@<7h7bMa}V6TfuVsr9ip zkUQ|ze08zboSWp+>9;xjcCunbeRZ|9?c^rsGvR#Zk2K$#eDbF!)i)3KC!3k8G>_u* z4Rpc# zs88T}+m}qdg3SJgPvWkL-}|J$4^>#i_z&|;!k3J-`;zf)t_`lvGcaA@fhk76v3lbbS3e=`}!=3}3)Z=LRAF97vAujbjSi>M`5)T>WI z=$2K|C&Vlo(Z^ePe3QY5C3vUpA|E=KvxJbz#4_|R<1_k~XTAEj z0{vTyzKdN{q`g_mzrrtAfj&uapAUSOa(}YIgNrYYsBfL>OR640>lNVQ3UD!XXk3(? zB`(s>78m$K@sk5_agA_sG6fg-M_ydaJx5%;i|%xB5hLHCn|oKbuM|%vvTUBr&o-Y6 zWWOf{>YJ;{IweXs&n{@=cOawp!V%JXx^G`y>K$$#_cWe@8+*xP~SSimz;@= zwoc)lDMjSK_2HKMd~CM(ENuAf1=^VfpLuIK48~{A1G{W-*zj4nm(R4XMZTu^tnEGg z6!9ANtk33iULorkt#k0z-ea8%-jQuJe1`oMZad&Ji#$ff@85%lr{gu(*0;i2tKhXX z4}Kp2Mr@clw>*vx9}BEwkcE8KHe(gkoRqKpx7d<*q5nMFCmtL0)vY`=qizLr%4TE- zxQWYt&fxeOU>2^M;r+zB@c%sdgxY^(*MYiFezeJ3z*k5F>;L_$C((NjJvZ5(Gm!n2 z9qg^V)5pGQ_J!RIJ@0{@%X~(jVmz-tzJ`qShc{^8{fXc`47`PBhIfP)-owCK*dN{_ z={cfR*6>2RATPi}HP6V7M8tv4Clv6Umz>RTRW zEa=OYNBG=Lzw7zT;q!4{l4rK#PuI6J@E!8rvWf9;W&BTZZ}erh8UL#ux%igpJJZqC z_NUR!SFty4o+B4G(#}n^bF(8C6`7_T{MKIi`nuXl*s^gl-);x_I#zrNdsxVOvWF$K zGmCcSI_>bh=pnz?p5Kl%zGB-2Maex8oyQW2n*DelUvQQqQ)S4MVnbixU1aKzSEjHT z%;6MA^hf_denT8yi(TML&Vomuu#hL@Ky@6h^T?C@{kFF)v(E1FrD{${o<>4zv(EZ9 zGIe*KOi7j!yywc3bo^%|Q^=j{lbQ4Iyff!9veN7CAyYGvsR45yzJDH=ojH$rrxlrS z{l6)H=_ysdnhoRB`XYQR`F|@r-(UYx;%)6Y;H`B!xcg0?JiBJ5 zKKY;Gt>O%LTQmsXrg`wDd9--W4`0YfkZ-KN`?*%WhSt&KFBHLB%->AC5_kTF+&TV& z&LL2}FV;H^JmeiY{C7Y6H%oIk_^%fJd%*Bt*q(pGM~XeP{yr6tb}r0a!sYM5rHB6% zmk|HiIz0`Y9*TbVBf#Uxq3}p7_bJX^J%129wsiFI-`V2v$XVj?D7hSxLoXg*vHXML zv3V}M2u@nN2gl=Qgvag_JkA}6$BT!;Bfi!QXzxAuMfOp$EIlT_-0XwoyWPNTY%ez0 zE5irDVPX_M8Fqkqebbh7Yud>~y3xVcGKbjz+e_=)a(wuR)jQhq`OGiEZuI#TsXFlc z^t;-LBS`mY4r%B5`J+EFFj!IPzE{zG9q^*gu$lw!>HItsKWMjo37z-Wr~5RA)frgI z-${=ix(+?s4&Ipe%CG2ROr4Ci6JG8@4@U4Q6mO8e9m1zDx=cRBX8hM?@T2%a^Qa=$ z#)y0HDIfORz$?5oI&;PScgU_d_9@@C^Vp~DW?oQ+9nrj?0=u#ZyHe@e727_^Uy)AS zk1dftwd3Juwkg-}-sx=0Y+!VG@k};Fdu7`aUcA~i3{dHrXJlj5+Y|0wp z^b9uTC2;EUq2WRBY4ZX6=-~Du;WovVjA4$SYDqhyY(h`7`boz%RpS`3D-A)>%W{C*O#6JuF>_qxE{=YD_`hz_WR`z z2IBnDL2&u-Am2Us5##rt&lbNG;5OhhIPTLCHZLET1%4~QZ=k53e>4~`|62O!47_|M z{3>5)Q2b(_A5##N;6uh0zuWVfe?!rEgZng2YOn6%a-oj_b+XEi~-Yz-= z-f{-P+dFL^tvtU^{=`}9&Pwo>H4tx?2yd0(E$hs9``kx>w_gJD>GC>@gv6D z)8~M1cY?R!XU5wRcx4DV-L87KXETqf?!%jTr`Ps4a$0NSZM$P< zs0IJY`Y(ew`P|-^^!&!YnDjT^@4sJW%|%+v>&r(kr%qQ9f8=KrXurfb#id!#&U5O1 zHC)NrU##I)P#eIkE3=;bBtE^LT4@2N&Sajc)n( zb$NW|@u@t67&Yry7q{0--RJ2ykM9E)v-ZFr`#QSISs&Kgj`o83ucZIW_>I4DT<>O$ z(fvK0-<4LEU24GiB>BL3M ze;MmdgWyQG$>*=aTDGp3Kk~IIH_*0!EO7CsbyVeg_$PADpYAu*K>UeqXn5&+^BFr-<+co)X|L2f3;w_p3J#!~?fr{%Z&3-wpw927KYo-;1%n zLH-nH0jdw9Q;oh-Zp-kQjGuU(=xh4tyBKR1!2PIdQpSNvF+daBDsgh`z@Ol_*ny+j zfuk2+Cf~EKo@@LH?HwV944mzSKZD>bgpNoww|?Ba8-sbOGjswfwSBkKChx?BcI|iS4VEU z&6a<|PwUZ@yeC~{aIKsnle=R@|BA8eoQwu5ROv(B7NW<9Nmgy z9%_Ro##)A+_i=Wybnyaesz?Wq;nRgJTd)y-5NvjA)_%{6!vo*2amfBY_BF#p!Xxcq zGoCLZk82EVZ=`+;_s1>d%5D44*K!7cY8ldY4(sA^#-N;J!K?8TU)k=)S8j2}BRx^c zSYr4!&2_|g=u7M5Y4GQ4)>UMG4eg;_BlwQLVpWx0gUmq3G0-aD*dc68Wupg{w}1tG zV#XPNY5j2ca?Rt){jPxiMzHJvoRb zeros|U2%*&1Uq&X*+E`*GO?Pu05oqG9iVxXzRIq*^J;y_T)Yt^{qHxCybq25jMj_)sk+_*{2WgOhr|u`(-pm_1x3Ux;U$iNhB1 zT#<6P%50q%L+7~TzlQPaU9T)7U!Oh3yP=J~`s2WO(fyGVSKn`)$nl4|+4EAWSc0)7 zJma?W4rjH*=*w*<=ib0Jd|FeFD95QU;BVAkshYPofiua)#%z2-aH84-8p{LZo2P;E z2I#jKT8S1}^p&W#k~O9--gwqp(xQIakU#pX5^!H_zpr)bwq?lNtp3l+b`)}!lZjyg z-^<8xJF&r6pfRzt?e2Qa1ITa3GGdR=H%Ol^LVv{vmnzSMxvzAF;)cRy4Yq71G`tqr z72gqUs?nd#*uCa^Qu_}@p8`&;rEjE9*Y>&bcyxg2Z=?ES3}2@|#nQC*Sz~hhRv$Bf z{U!3ry>Nr4&+eff_C44iy>G{LgV8yr9V@zo@7?E>!|LTLt$mJ0j#kq4tH=*~_qsWt zr8J$fWw2*0lksISzG`y&#-OWOu)lqDP~0`0xN8==JtO*Ujj>|j7`FnS#@M_X-UUA4 z*1gUXZW*iS+;TPRl8&so^3x$d3O_(PIKlgZi8`Fg*~8N7o`Sb3X?s@H#1n@Ym-7GY zy6fR+mKi&FZoqed-(rf%L%U|+8;9N>&sYy*`{&@pG$XUv!m2dv>S4#83eL-bvvs#s zbr>5hd%6YP9Ok)pK6|V*V^8(mc%E}*;I^5vMfV!L*Ss4&@7T#=##M}+oB_-xW^@y> zg`G?nF68HM|A)=C9#QBV3MRD&#yyre|c$6_}UxM_Z z*5b4WaU*L&;tMbBU6`*iFxz&;`@8Cbrh{)6Z}uMFboh%Ly&I`N0v?qo*rhWh@W{>kZijVo5@(E8*QJE`~ZG? zl<|hl*j0Z3-0|GQd?z_)oqw(7{H@Sh`vcn*djWsV;O|!OcPs739Q-vq@>avU?t9|9 zSD|qyyil0I*&D>@I(}+Z6&BexFT=NNT^GO4;j_$_Q5j=>gmE9zIrm*NJhcC5KiaSD zM|)rr?ZYnZxi13-*%0Vxo>ko?_KqY&(iaZgF5T12*wdn4<{kHW7k(2vW(@7{rS^%8 z30XU(r=&ZIkY(vA>8Taysd7`NZ9F^_iq=90kL<3MZ$6ZMy3*j<)=$P?1OKjW8jEg1 zznS;pdeDCGC{lK{uzIFE6cTYwag@M0=?@g{H@Uw@un;2JV zTOm1&&KTmzzP$#NY1V+|X*|S_9DUn6o?cy4=g~#Z^@mT`x(J_ct$aG!r?x`j(#QId z@(|G{@Sk8whc*+3h3g(*qt6y??IHZREx4a|7c+`WHWW`N*}!UY~of;AH&n zm<^4n)+gYIH*o*+NQ#ku&#t$*-d(ct)&zH;rG`ceB&2)22BeJWll z8{pRZ*g}8Od1K(EmEd=w@Cy&gul_#odilk|4-gOD2tT>kU-Vqxz_mMv)4Z+facCTl zB-azqa{~aH&mON0nE6`94>ey4^_#C*%r9b3SxFx?ne(hd&2^H^Tk#LMuZR>XzL;!b z{u$zab8cb%7Vg_Fz{dctTvG#cGCDLI9i!aF$X}rgt9Lw1?Q1iaK+iQ_Kx{!e>LNao z_g)R&{-eJPVh4TmU0_6*8z)}E1nH34Joj2pY4Ig z;N@|H7jh;8Uc4OJ-xwGgFC8{s#+?gZ9#4UV`_4^{qd3)92ze* zHeUSaf|vCvuyDWM1B=1SBMx4G#ltVh_U8tN#>)vCFNdj3eK!1(#yleN2(b+KHv!LW z`4YB)y5{?!t$ZK9_?h1ufNdkc74w^(dz|}T{>b_+HKl6a`hw;u4;#5-Z*9<)JLcEO z9kdPFatEJX_)_1^n9q^g-1MBd|iVuCV-fc6VT()N!gZz>Ju(ZJQicOgFX5o2P zAHvIK4?$}kvcMR6d7k@kyZ8hagHPstE-d}<2`mHT?_pvY%E7)qqrL=K>dq3MM*i@F zoK7WR1?`KxvLER@1$p@Dn`ECxS+`eeQEvKUy-TK;NNVB!8^4=e^R%-sxL zBB2yM3k{8zzqj!+^IY)4Jg^^LxX*B5sd4bK%)!f^6ufLW4PGw1$lztnx!`443M|~W zZFF=2uo%4Dmw&PG(nD?Cvynf;FZZOt!u>uM7Awu>7v}%iievjDX({}Y zHZ;FnW8>vNfaR?D!T%;uN06n;q?nqOYB@zQiIc)`!<$1mL9=fYCs z;DvdN!ONZ$ylglPUdnB}{PVfsr7{H;?!V@N#o%R;%P%Q-X*>;Hj@Wp)`&{s{C*Ga1uqpTuy8-x1B<~+naeNX6n+U0%`c-fjo!WF zT<}ts0t@%YId|0fU^Rs{UT!vcIkbOIp%*WQ(l-r(we*B-rYHI^zOVASh&B%g{8*9%UpvO_@y6S;Fo@Q@xpSb_?V5C@16!P17Mk(0t@%W z9#{-sh?^R`084*4B`L6Qe~KIqdtT+U`Gq)x%`d+Gc**q*%`ZD`yqte7cqvSQh5O&Ru+%ts zx!S?Yo)o-nI1OH|vhngq>LCv$M+5lf>J(VG|5pzzhF_+;{E~u~#?#>CKWx0b0W3r5 zmjSR$Pl1K|M_gDezs)aKICzQpQ~1R{G{1b^#>>;^f|n~&VB!8Q4=e^RQ(b=Xr|^q^ zXnqN18GE$mT<|hA1s3jaaAB!&@G`~0%bpaxY#0(R+lybHM2zCT9k-qfUZ$kL!u@0q zECw$VTz*NxOXHAuIaK_#JtrwS7rabJfrb093ybB%C-NP z_)4D~4FwChZwfLGS8XEJ?US*GsRNF$pU3%Cx!!p=zyBQAR`6Rfza@CCiF-TV7BXw` zilIIE&nMSkak78>O!c5UStI#ycusGvinXI6$z!b3$5?ytGZ$Apv3Cuk#4_#uZfai+ zo!YLaZN=wQBXFcYlKfKzYk~fe-Ene?{*-UkkM^^7o!{Kpoj%=sluqK4-ugcI^rswv zvGg6{kDRXVBI4cwVw&UmJIwuFZWXac;H^SOX` zF6TGJAr)&hc-d!1dV#e}((m#84O}#?Z=37H7+O1c3EAR%iK(1K^ zcwRtm7O`Jy`dOxq-+WWY=S=kqgV7i~Cp!FrPnRaYcfR`_pVxbE63-%TI-J-NyyN%a zT{$@~_BcGW$>yQGC;E73AHTUg^$Z^zP|q+B{Sjle_kjeW zk9)3vV6N>tj^F1xeF%K~;`_ENi4TR3{XPBhQIzb%hqu0?i;rzap8Cu4cFs|4>{3}R>PsZ znybzJo<`;$R?QdctM)ni)uTtm%k!M^Ywg;lN9Xzd^_%pT>iD3KlEJaaul8@}TFHxm z$>hjkZ}*s-iLlwb+8kKAW7yRv*Gr#KABugqOLr_B+Xp*-x5?Eg=X{7X+E@_N+OKl( ztmt&$*V%@KcId@sY^u(d7z;hwPgcM3-q7Q#?q%M(2FN*slih&HF6z19sOUzQ^?>+_zGe-lrySW zZHV=imzU<9$OB)6$cgIoYn@Fs84A%Q0rF~eCYbWOT^J{_UKk*E27@yI#>a#gU^IB) znOe^FaL0=tZ>oULYgiXl-z#eD+>)1pPq^@p?t=^dUsu};m*2pp{PN%k!4)uYsf~X2 zjjk6rOd51GxrD@g+AGPI1TMjMf5@6PJ~xt_$oWZ=kjvLZZ(pWa zvu-(PHMLffn`_ps!|G)I+aiovpH{K(Ogt22-nuSWKMu4gkX>Wc~oUIC$HnU1=lJ>JE>v3SNeX#{s9{ z-I8VP1V3-S$}`(Wq}6R+ym;5d5Mvk_DHzYY&coz*Q6seUNx=ZWjfdZM^WC-*&Ku-8YH>fm zhu>fEThnxoo@(=}#@G#fPNEI)D^2W?b7(^BaY`hQ!B4ew%=wIfij-A4ef$R}Dqw zX%v#H82`y&b)EgjZ_Z@=*F&2*KGk&!P2TOx?jG|6tMr+SVRbhQ8&>zMFH-Ps;Jj$h zB#u=p+#=*%F9_duDPK8@uhc~dPmzhH)b=m>|(4L@bwSCg=DLX zHpvZreyc`J(k2Zj(2za_496dDY zyvHvEM^nMkT5!~J{`K7?iI%=mb=R(kz|kFfuRnI&m;K-paCF3%9eus(vR#GX=!k=( zY;bgOnll&>@B=7Y)Qy zSD~#-#Ft0l%Xd6{`7rQJg)bk5FJHcG>aLeZX4eTN02FlN91s@u`gikUBm|a_@i&!+5e4k|I|C~L1eLu zc%UnfXEW|2jP+?}?BaFZ%Z5y5yw5WB!|33Rqpi~GsxCEoKKk9o(LeC~40NPDZ%B{U zScSiC2H!>0BlsmXHfvrFPt#uimsO`GMc=zRM7S2b9gZ$3r%kv0zf=40k+=Ogu}zbg zM7!Dx@@{9(`W*HOSa0-{w$VoWbh}2u+4d{_RWe9F8b=9un1Nr~fX=^-{O4P!C!E6` zj^(f0eZ6Y=>SmtB*wn}5LHYph%dLZbZJi6uA0Mne_7j#L=qXjZxqJ#Ag7IA1J%Y`; z1pV-gbVA;+$1g!ANN+xD^yc;52hbPKqBmWg(BM1ocKnXg*U<@2qc^QrdrIG84{!{c z8o$&zZ|}_a!|_qiiynl(-F&f^#Ot&p-*vCK&Muwk?h>*=4>T!S(QH zlexCr{MX*+v!l;>uAktT`d{#!IX{y=8qE9ZFC*G$ zt_4$i^oLx_F1zt2*Pm{gf?s(NzA))7qGi3dfrN^zJPS*!~OiU*efxsPEj34?Bh2Xy(N^%*z^~arsov z`mplqKmIx8$XU^=t(t-uz5uqC`EB4=s<$=vD*C*UT<&Y|9r2UBXCLP>x0hcrhPl0b zj0Ya$tPrltFQ?|O_38SN{ASw0e;7NX|NACpiw+qVaoS-1uAI+%)CSjf8#(pT4=wrN zU;?;c?V%Mp-ijQXeQHysOEedv9uwzx#(E+JR$#=mI66Z<^8}t-4Q^WTb6&P=|3ud@ z+R(h_C3JzAUtd8yR%eT5Skq&?yZkR?pvohulrj*?{7-8 zu8dph({h}5%lp0iUEaNL8sG8my#wB@4O&nQvgUMaEb42O};aMkz| z%(=<04w<-1nCH{4v*k(gpwalzE%ST@>LX5H+EbWVMl8zsE2;q&FmlD7%_i}+Z1QsY z_S3fFn%WQBe77y*Ez49()K?d~2i`??%O&gRM-$h(xrX=gqw$^f+!L1d0_!Q0C*4=R zgY(YJ9*hJ!ulXjc$+Rbb%(N3U?WlHl%xRZs@uiX03zy^-7kqD| zHNE9VE6KUp$!90wI}lHNW=Ty`nKi6Zegd(!x3up?`RcMs&CCm8%z@+JVhp-Outykw zd@eG)2zciK&y6;`UBJ{0OoFo&{KP71n&h*p&2d52g=pgz^jaQ$s~ze5M%s#Ho%l&J zZ4{x~;-ap}BBzLje20-0+gw z;Nb@5!|2W@(48$MR&q*+b*o{KRliRKIXgl;?4KKCRhusdfJi%2PZMp5M4mG~}qq1vzpihjk zWx(IJ!CM)*#Rd3y(>v*hIFI33vxkH6Ek#fD;s_X8`EI!tGJGpM!k6#}v1r}jdR%eUG$UAa=*{PZ@2|K+zKz<4}RL<9m%8QvU()B=-|;So0}u5?H-P5Z{jA_ zf5vb=!$qlrnal6lijcy5dKg3#()_?5SSU4K~;oyFx?8;>i540=0KkUC=c6=XaCi_Qp zuOYti;qdeO^kD_KsKjQ0U+oo?f2jSatqGm;hyOXhxS+GlSAg#0tR~L=1HQ?~;}rA> z=izln+2=iHWVr4+__pJGYo~n54tVW0>ds}tGn4hnZ>o!aFl_D2LRV(PQ^aPww@tQ6 zD}8oMtc?2WzhthQc}*nAS$p-_S5fOALVS_$k*QLbR`TcVnAI>N3q_(Ebl7+nbo=9a zd{=0bs6=n?$g&p=0Fbxq$Q z-tj=y+F>CxY+A0w~X(VhGb-IH^PKUII4dMCuFx=O4hJiKH%dl|F9 zO*XiBn)7K`Yy7{|y$PID)tUc&tEyMF1~HXfy;`?aH=}D`KCSY;Zr%>HQ7Rso`H6)(_$x?K!XbqQ#hO?h(aT*`GczI6MRya{F~cI-ti3 zhg(y`=ZWz9li;@8(*H-9Q;L{zS#~(5%^su2I3LJu*Kv76n-ZcmJk*?7Z87`a5JR3x z|F6YXNTz0RMplilZs#t}YD|C^GyuBKJ zl`{upY|B1-?9)s%I&{}*IFg>6Zf`H>!(e~;f?dj6SfusdVNNugrKbH$9C z-+hC84P-*L@;AIEdMkc32>dmW`&;0_cflYJLGPbpGYYT?@1lppunEJl3AO&Ai5N6G zJel`qTFJMkducTcz7*gqhhraxhRaTZRtL#P=!w0kbUanobF6CN2G~*a$vb9rV6#0%vAEc~Y z^f`0~2JN{!_Nl*XLawlV*rT7o8*>4+hB#_X3{0qa>fUql zFW8n>7T&(2igRR(@DZyGT?QoTiHD3wc0S2F#9$MfuuEZLw%3uPJPEqLgROoSTdnwg z6}B>$wlLqfGX@=nwZA616H6D}*HXu(g%|EnjO#+$S?e2`*n6fm`^U_^<@0?avN#Sq zUQ3%cjljm_4{R7Wcwj>(wtRwY`(XC^!k%OM?rLHVxMP-;tYtlNG4^^q@zPz^fW)uh zV>WHj+4Nrf(y;jUqX}fWe)0IDqLr|n&X4az){1yn7`U9AoR^2Q_Xsj)Fze!?qaE16 zRVt4*7xSFP*LC;~y{B?qdDL^puHFb=DXR^9+rE@FTj-g7TkP=Yey7e7%Ib9dU#9nr z{Q{HfOxs%K3i7eRwP)EjR`qfQ{Rr7u+BTc{SmCw1$orYCvrpbeU(Z*p0lwS@UwAjE zeYWj=3G&1F@Z@s7OLlY6_gr-Uaqu6w<2U;k&p(=rUXA1T-4hiXIxn>35@K-J$|&tE z!53>R}9Z$<@fX zUC$8e$qWA*^+=Y|3O$yM|*kMqoQeVneV=Zrnt+>D%A+*rt)_>2Sw3 zjYNjAO^TT*Uh-RPl*aw;pBpb7hpq7D7n(7@@{5jH$}d{0yw9%uB6y_yBJozXVLr4o z`9;{I6?%t!jb87NzhUx=cH4WTe2I5Vei1gQ*R#l&c;laAKdXG9J?G;Ot&2^5Q5`v) z7Hd*&`S;BEMN=GFxcNmcp6_I?I33S3b~ZLxHu>O6@E388UBrd!uuoC!v+m1gw=RPA z*l*cuy`yIn4fxbGw(ahywUV9n=#kU5+iBZg+FU`K-PkXB_?l&%6>7ZLj{R!vUNR9r z)nk*14=ZnH!4%FjBiBc9P2_8>Rj0h2EcDSA{?CgTOYv+B{i)=cO7exsi7|UZ%tIIF zA=klCmf6dGT9J?UY&}+-_#^UBREGP!ej9Z@`UL;vWA)i1mhIp<;sWIL6dkp|vxQDx zkGsbR^Ef7d=DWmkBIvjq!!AnW{|ed_n~%*w2E^AAWFXG>|DsLh5v#1c2s&)E6o1|( zJ2jeTBKR4%yp}tOWn*Jnupy(cL+SET)MYb#=&}{wN4a)c=OQn@a92zmJ3cB+-b~xD z@g2!bYmh9cUcD2WLTqQOUB2QI z5z10r{6&0x2mhV;;&%L<@`mz9VJ9ac$N0|nGxHke;U_ds6~>P;*Qi|7e|?`l{nE>w zjQya@j!Bf|)G;57|01%3y?$0@3{@Gl(Zrr;V=z7Z6h)u^)CHb4(vC z-KXwK>JnX+S)4r$hEVSEJm{)t>lAx(cwov9y(@duI|6N^qOt06X~}b&~qmKWDS^XCH{-HOK0kcnYD8NG1?g8nQ2x|gJM&Uj^aI@RnBNN zdL7{%6Qh^^1@Cm}HurBvucNb|b2;xwXDKJnbBe!sWAqELgPJRPSo>e`e3Z7yH+%7s zerL}=gKabEbB8cAvhkoVnEYdklQ(5^H-K`IX$H)2$Ubh|=a5 zm^pHVL*EI(i4}hg6jt1L~Q@aKy!t8^&g8h%);J0P`CK=5`MvL;TOEZ=I_9Spd zALZ|*47YugWA<2jH+cwZgWH}s?GV5FDqH-!FP}AcgVjDT2tHz~GoM`tk1ytT%^B>* zm)^p7RXU$XT#<9>#^*7&Tjj*BWjhqxMu1N50E4xHza*EMr+*X~cja1hKWV+(dQ!g%sJ z=bdYv&ug4djqz31RnF%$=To%&BsNm-PTcI%7WOsvO2aws{E+bfA!sJt^Xb(d+*5$w42KRQkb^YbK^vVI5x^t?4dLzBcO%v}+Nc zU+!5pKI0PKY^U6f%pK!fJ194cYr8zp{4>5bYhKUyP22FTS#z8+Sg#~s`_v1ql z?T0dpTOf_zlKbVd`xEB3HXU&`~ynhtAh-3G<{K1VLe=yVI54iu|aODYZ_&%ouR1lo z>}&txCiczt?gy;(RvM#dy_52|XAmpBH80R`ANwjjro3p*cAv`Fki3PRx#VkXCC8`@ zyK{j3iZ>DW+@F`zaQ~p324UX=&KdVEZS1)cpUFji(L9&i@FHb)K$}9w?t7385Ti&Q%*~f^_vyv1mD<@XWiApId&`8u3X>F_tZJ|9(%%NDeNx#Jv)N`Or`v!&<2`> z!3r7o$B4mZYC|q(+TTAYw?VlEDp&j9n)Xm%-nry+5<7W-y393k<0y9hr9ASYMH}MF z*oxUNLkH~r6d&>4=TaL!S8k20*$92whGYL(L-d1he%Kfr&bn#(700*S0(}`%;2Zp5 z?eQG{AT?WKz7}Y(0oq1+_j$_P;yd$FmlwNvSI?GEAA4Litbo3Z8Ot_6-&@pYe1$Nd z`l!8Vv}VutVcFn@tRDL_{{Wltef~A4^RV+7GM|C)8a`dwln;3B0bAC-g>Q1lv&@qr zFXwg5-9$!c?MPkO#gSBF(8pXRK4R*b^cNfJwmG$=mv~l0 z|GdAeAKvc^J?)APXS`0^zUQ>gBagJGIVxJePG0;^PKqGuj zs&+_|{o7^Ex*1=%T)$PTo~=k$ z0X|pqxsOlUZQiBr#01vKUd0>n#n{ExN3dnsDCL!C4A}rJm1CH~&R)YDn|nQwxK}$i zFGYN3Fft?=T%hrb;(3$Vw{ywH9nnSLAbeCgIXRu=H;-NN_>Pp7S7XY&V(L!uWEwK2 zcjr6rt|GU&gY|h9wq0d)UdXZiGeP8u6e zr)`=G>A)B3Jn6mYm&+%`r=)i`sQw!2hga#eb?a3*?cj)ZXfc+$rE?MZ>0^v8+E0MS z5$Y~$B{iRU6h9?y4(((YoK$L&q_2Ad%pu(Y+#Sg!{n8@{P-$7KZsl=kjp~o zRC2a8`*xnwUYth09oi$qr@M6S1hbwBoqwTz_94sv8+88B-$>`bg9fgx5Zz=KI-pw$ z|KkTM=hLX})kLq_FeD!>jF|IwQm zo8FAQVeApd54Fs~R)Im~pWbgE&J$4lu>8$9SXFteTC<|ORmD@3t8V+oEQ6y=J`46u zG*|4e1)HEXT@mVtQAZ1PC?2Yurq)xeLoxLSlsAa2yr0ke_}9I9=X06!TP>gWI@kB` zxzxE{!slZC?{>a_i_dTJZ`)xrw%t}-G$PdSOM5-%?q6`*We31{Pk`kg1J@ql z_ZZKwJu{~v5VJx@;{MRcu6^PIW}o=YL#@!3BGwJYE6Vo!t&8=3ov<%;2nTkS?RoALN34yy#E+&-%8utcLjHXrE2D2L)-V+*LA{YCYGc; z4fYl{-*v6{Qf^pndC{_VW@OpEtb^kfxMsuBG`29U|Eld>%hq&Il(cZKBu{wBC=?lF}Io*88F?>m- zz^%FYkC} z<$bnoDAqIB4n4O!Q1zy(kJ^u<2{}t2-$tx#FTU@%szj#!S zv6k9%meZaQCumRk3EFd{(mtQ2^DOLDWzX|zw8yG!L)FHDBL{^6up6SiZR0O9b7mim zhyD|=XYf(D+WqY>+)vf!GcFpyKVviD@CndEev4=2yR=?JK2153arwT%04 z^KyOE@dwqB%0_N;_|I)hO{WaiF^NyrF`3UP)Nuu$<@{ITkCDT!df=I5*5j0$zPx10 z8$?-y`5(f6fyQ*(s)NMu=JQ^4R!FhOcr|0YJNXRoxrp-b=2|kml+RjZq0%2}spqp4 z8K*wcO#N@6e=D%*`mVU7=0cFYnkHngEs!<-0C-GxR`*0xJ=ckhy1y~+Hv4|^T6QfM zv%}yA{An9@NbmWvzgyTtq=oM*(4Cfj_)eFe*!m)8-I3_|km!lOk?_H8!) z(ESL$qvb``3Q^uJwGkaM{eZ@%{WtSF^|$hj8{650y!cp)=#&P0(-unO4Kg_|cc}p}DLPa?kl#K#X=DbEKW< z=H8$cs(bK*#x|}M*PHs#2aQ4g6;t`F^Z9A#^K$3&GCoBM*&XTrycIm3OD+;+xc28r zz{UeJ8hhh`=#%WJ>Dn|5eEAbozhwK-RnrXPjNY-ifwfB!|r!zd`FFzehg%J>P!g ztG?`pA@s3;z7|?TYWBh#*2N_%9=2u=MLynL`1KvbE+W3mI=za}SZ$VJx91q*Mz>}|&O z2bgQS`W9>UA?(KC`Q#NeGIpH~5794S;n-8yqKB~`tZP^Pz{tg4GxKc+AAv_tTgfj$ zvuViW#_ZtEI%E+VOp(kfw%PJXFu5L@>-X0AJOj3gK8!tjD#*J*Gk>c2g8RTKlKCk2 zZ|=*pD2M$C z$gOHcm&(B`tCmaO*|%ZA=*vtFG1nc9=;^{Smx-2oZn>$Sd9mrr?;%E8XJWL??bWnl zP)>6_ZP58Ag+5F^wWQAYBj+n6y?J>6M8?1-J zKDE-8P4GZDUelm)>n!Xebk3$e@4ou+2Ik$Jv5Bs~1nugNO?_i7HZX?V+wHXd??~De zhZdrh_I)9Dv8z1nirL4f4n9c7mm552^X*E*H(yvh_)36tsjNYX&fD?v^r6a$@s})^ zc$s2illsA%mlyQr4RNbpyzz5S@_16bS?TsUGjBfc@@8ckZ|ZyVraFx`bLXBUZ|Xg~ z;rdSvee>p-^G}U8|4o@1vxzqmXfNK3yBS;nKen6&PG;@X7VOs^jD2@zV^fv)aKV?3HA=U(5~nhAd{y8|=%{rl^Q8NI!T><*TlGbX*wb4fMvW`J~KPCA^^A4aA^h%ug)KAJkkj*w^gD8jS56jSgaOE(xIH z)z}p2wZ?+(_iA`ur}+oVANs?1a^0Xy3APMg5FZb2R~}diI&JI~wzz`w=2Bh}I<0bI zwUT)&d;{f3SEnhzj8A;Ck(-w#u(1W!CKLkcn5} z5B1X>LkZ;e~aex@NEjM|N+~j%WCNC`6liXBXsxoc4dBr0) zb1%^z4@Em(;<-G0{7cBqW8|&eAFwXvGx-FvWAa9r%XmTZP-W&A`moQn+y7oNakC>6 z<;X-;Pnl@?qDLmm;T`z(R%qm{YZdE;OkMMjU)SZ-)k^HrmATQ#S)N1p7I+Cc5=D+o6B9p+Dz97`<(VCahaB^lyg#zc%!j-VRLo$y`Dt*Y74qzA-9&} z3#Buzj->m@zl?<@&iiJq7h|GFkuj~Ct9EoJOS*%vlAkuR!5S|gez66=xO|YWIf`GL zieJ>&NIBFl{!qMb1v0Pvhc3U!_4ihH>(1a)(47+ep>$_C<%mD5QM7qSE|+Yrc(--1 z_3ZI@wu!lP+1lgrtb(!g$?$9w;WxD<{A0CRA@@4w;j%lu3Tx8}o3yJ+41b;4LPJ20X z+QN>KN3F9KUe$a5!x(Niw;o~6SqRMMW)|b;k)=0evyCu8rNptVhXyA zZ4R=>X=Pq^!yNo|){n7iQ+ODK8!G3mceu0O&E}W90J$=#!*8;X~2$uUyB# zNWxc9@RFCm%{M_?aFmO~T6v}oyq1x_Hyi%a*C8ff&gJh{T>h#Ym%lfA_*>JHzdt>% zCx6%d=P?_z)!6(cXgK0!+WZp#+5>1mpD*z5@^mlP{m}zsD;T@Bvrgn$-g(B9ksaP{ zK6As{obNw1pIXo24?oHE$&~#XW&enGe(03-i22M7|FiSG(R?cYpBw(3xy}o(bMCEm zo_WZ8=7+!Q++S@zwQtdo@Je&7whald=(;~Fyv%d|UeEodp8JctuCv46;<}J=Lu4Sh zeIPnlV41kM;$rvKLfe5s?nD0q@aphjvg`wA{a?MkpGGHm1=DNU_MJ z_Or`bOZPm_qVHY#T#xdc^8QoG1*5&n$K1es=9>4mSZ7Yr+6DK1kn$?PWXwe*e#{(~ zd|G-R(!VPP9XXn697xXhZmlbV7cF-yx1X3Z{Tao*mXSPDXwUlz%cYm$rP)>!E652y zCOVa7o;zwQomzI_OxB)brw>36jX}M0M0;72-o_l!0nUFW?z+tzcV#bD^8fAFkmg^D zA0Xb!_XFhrVGn1!&tIW?&vR)G zx3!dboWHHq-={nKYf&b$v0}w%$=XI^8vf}&z8*0xsdf$R!(U0*!LUXEo7a% zzpe~?Zq_y`-bc>VCBC`-v@^neMxV3}J~ABNfFFvncG@kgB?w)x1xD`nIdg4JTSHD; zfA6$a?Tv!Vd~^I|-ub;FmG=GCN8?p4}*0i=JQ zZ=TO>VE(vFc7yTd>=e1OL4C^Z@i`y6x8KSQGY&mH#oopd^d^Nq?%}f6|(`?aqO zb?^Ffsz~f=?u+VR41P)7D0{u%eXRG>`X!xP+wR1%ebi;|znmLh&VB*)-(>!b z^3?D1Xp_o*=KrJ`^VZFvJ*~rMP*vDH(fvwL+U+J6VLs)C`r@-rK!-ZCI?#0jx z9rUg@oiovn_0FB6HH~(x_Z8|FUYLc-O+9MyKI#j=f9V$HC zIjkF(wtADE0pgu@3`}awk$u&y}O|2s9&JpJR|$` zRq@ifzMX67q~^^GR+wxpVP3UNHtON;*fz>wg~>tg2g`CC8zB31Bw*u(g$6I2-lgw; z)<0Cy<`OVMWWGiGz~8W(y#*_*5uxB9U&C*nUq6YA3%Re$)CrSOEZ=JC69V#~F}Tdwcsr(5nu z!-fcR#AYD&nTg&gUn&jstJHm56q3+SNMc1-@O?+2fqi5qI!J_5&3~XBA*v|6V zmO1aCWTSmX#*cUw2YLGF1c)#{qo&iVuc_zT` zwdA#rBi}9vX5q~G#wb3ag!`rZUW|RHVqRt+IJ=lVGNJ)rb1`Rn6kFd}cZ=m~5T;>_ z@*CBmwrh=VEoa$Jg}&bM7b4#(e<$S|y>QyDb_>IJpKap1p8cuQmf}(DQ*w{>i1$79 zC;hwh?mxw2e$(~qT*uL=NC9~-i>r^WS9t|?%-I63DbJ)7A7^rw&_mg0)&bAQy%7L8FjtV5Ma>kfWM3cpY6Yr0g2SuFySi`IdYvzp)4S z>`|ve&TBRGu!F z^a|d?Mhlx%Ab$~XNst_kSm2)R!hWuPbjf`)V*7A>Y!YoOM?Y5+(_m~dd)|UuE;D<& zTK>ECqF;9G)7^929=ldpzUG#Izj@TL6|3i1Sq<{ze;RenmIY^>oM<9Gn>IW5?0);h zTgV@ithjv;FJJYv|NnS-34dgxy!>?gGmbWU{k7s}S20`N(^ z{|+=aZSsu6U0wO9rwzgwMmRk3(V14C>dK~0)uR~M3d`S24rB9G$L?Rf(aLEkp$(<9 zMdO0W%RcN`FErErC26#9`PtxUi};zIe{b@Ajl6c_l@k1vOM?yYRC&L17tFn^3SQ2X z{Nc;wGew74qmO~zkrnhzxyiDP#1+@M@0Zi3y}WZP^015d8@MKJuyc6^-hUI`$Hp>u zO<5|3aoxJ9>~R1d8ee2N=bmMt_vbu)%p|W(Mqa!77l7Vb&^sI7UC!K=E3^00M%j*3 zm&__w>1 zS6)t9UN1ymCuWw{-+a)wy!t)$XOdT8l8*|y?U@_1%!7WiNgePs&*yL6kKB^W*F59c zs?`xIzoC@2jG|4WFP7})Fiy$~PkPRg-++V3jQr+=UrwWoE5E;A($gM!<6Ex&cBaWM zSmif{zwlYOZWlb34A(EHzO1&F46{Euawi$q+_o#jV6=5^8QNQ3xrUPCmB@(XLvkEP zj`zZUuxfMZv3leo(C{eVuRB3yTVC6@dlhcVhCn_=34XtE`7?*4uVC#&3$pRa?G>O2$fF zTbt>5uf1L5X>+>0mA&-Z+YH~=9q;!5cF%Xd{B1?q@%-(}#-8>(k3r*V;cRf)>+(a2 zEw%I6!9VAng>`07g3m+zpYaZRwt(#;>_KY#MjLav{d8sVGEZM+OCug#mCm~Svh91% z_VjFvkGA+Tw#8r?+Ir;e{Q8%wOYp&OFYc+ciY5HfBhL#NQ>EkImYeV?VBq+T;8}Ple#@_wj3FkqrI`86 z;P!9Ue%QF%I{LH7baJ!6X3B%gOV++&d@}bsh%cv7S;SiGcn0I#wc~u8l|fu40?z8Z zku}-iuFjkI1f#Zqqg%k#%6-#3t7wn!GC8bf?~hVnXcDnsFOHnV8p%Fog#HWDi3UH( zKm*~iT^^Zn<;AwI-SVRGfaq`?7;F}DX7by4_xju*v8`@?C7_YymvhYElk#qdz|#T~ zkFsMcL&MMISl>HQdt1ShYV({v+N@age|q@0%J_q`y74V>p*XxtL1WRLxW?MNWr0u! z-{Zo$&|31Z{T~(UZG%tkjB8z4f0MC{m&R{SbYlvRkH|$f1|k;)l;@%G>^|E2rbAJ>NGyf<9FyF7-Mwko&G z{!Oh7JhMjjKZ`w@tg!a3K7@^l)T%t&f1P_c)i`yy^^D1ZzL9>+=8;FPIli#6uyy6#jTXPaM(CRj5em`g2zyAn2A3$zy z|Ytj=4xz#81}4sCfS zJIHy7LlU>s{=@j%S?HSf22Zh%T0|1ZLVz_ zTHJL%JA5hEn!gc#E%n^L&~tw@*T=K7?jFeUZI}Ne?Z}0G1EF65yd940jey1@>31P~ zD@6uBa`LnG+4&VS@LlQq{b^l9+uc@D`|`D7M`N-<(6uF(?*sX*fU{wUVYb&>WqXb$ ziJcRF6yAk*z3?vg4Bo8;>(;WKx0dz1wahbW4Keo3VBe|ZL&CY8V6Dz6vPsw+Y-i^p zKG7ZRPt=LsHt}cV!sLD;=fdC2BO46r+HZr0!7s$-o%mCRG174QGJ?L0q%Vb(0qqjs zIzH{5?&YtX{1h{X)_p#TXeU}-2mNQkhwGuuRnUJr^uHSV-vECm=V0Gh54jP!?!ZnQ zfe!D|mv;40v_~GJ$YmGZ9X{B;SGajdc*=Nk4{o&c>f@iY&q=RlE)DyBNsxJMjWr~{ zdz5bj52Dabv}%F2twc_tiML z$9U93Yti|xXrrYJ9x39YwyG3 z<62i1796LI(xblc;>U^K8%JUru<0kl?^|o(?*#aZY{h6>fAM?4ar)R7e$O;MPq})H zzS`rd%glI6XY^@)MRP%Me(S*#^t|5Xi8F7MNoFK3*?qJ#Q+#cP!RsTtu%qU7RQHwG zK`&lk<-zMOd+>T5*TU=7!t0*)PYaOmf#0<;yT1#w*9o&vb}+l_$P^D|pJZe9NGWu{ z&IFxtndV}P#9M4a7iJglC`WT8+D{`LvriO{dB&aBG(3ieM%Nt7z8O7tG5bGB=N-&` zAJ;BsU(WUMe2M72>YKdVhYxwI%Ldx}T{Abgt@xRdp^^o2E~`9e+8dg~ysv2A`dZ6( zWb=ib%{M5xt`*y~b@zp#$B4`Cv&gMkP;!~2Inv9lBLkT~RUZug57_%vG=anZ9O$`U zMcW2!<7RAjBldA6^lX4mk04uXp!vfV<0Q_GAG&<~;Tt7`b+0?NYh8hC;KSIwM(DeS zGZ$7u!v<{M2F{1M5&A!Z4csjMWD!#u48AP@*9{>~F_b+r^Af*8p31>Y-{n*1a|p-F z4-IC_@snYc17^45W1MHl`x-OYn0{ba{?xdG%#pHIvK)*#gS?%=;K8>m!GDxH2YmK6 zG#f=bh4W*w`}hORNyMw^FKwR&W^7r+Z|cL{^p`frmqLg70Qn$8!bjL|6}>w>M!#Y; z{7ygPck+9s{rhM5UG-gH4QVKcPVdm~U%jwq{oCcxpjz!1ns{61DPjAg(S@7ida&N`4>xv?naGDT*Q$AXO5ahxn8pYKE8$^bm@ z;Nv;M%se}XvJT%2Uablyf53Z+Kj$tkKB{XN8qz;{Nr-8MHoKv4729+BU@Y*DfCwL-O9Y=R*DAjnL^4 z{$09#ool_LIKWr?prLHZ4>Hh@3T-O&(`il4708JvuCwVnTsudSw zJZ;NgAANK46nO5s+b#Z#y{feFU#E!?ck@@gjUlJvZ{M+Wm&c0h=Nnrg z**uTF)H(d+W!9|O{FUET{!a|~u40{8CEqn4xR3r8TLCj3oU8F5{MC5S%R`s9-g}Du zjiB#2{JT8;fV?M{r$@Q&r5EtCB#kD&@X*8Li)7&E@n~T4)SlaLV|st=ICXyhu8(&A z`5QfTH+}xc#hc?Yv|nS4o_+An&(v=B_Ti_0L))M1qwO!GwcU+xyXU!#BPQS-ziI5D zv4h4D?l?>SstJFUNw$7u z_#l7y>t~Xebp_?uV1Kc_ZTOaUWKleoZ*pa@%f9Thb+eeVB*zD#`++Q9;_vu8|7h(S z`RLTRL-)MF9xF$i0!M$Q`4jo$PJWLqUT{<~wo0z6*o$Q|dUAfAuQ`uBg08Xhn+IfD z$pQKJ>cD{JaUZT;-K5yp=d9PR;cTy&zTi$`I_3TcbT@g)80X zh4XDp<=921-S+vX{_vOJnR3Zz^J(w%pA#PExgL{=r^DsL&I`{<XQ8%Zd!=Vsjg=Ti4T+E74S=#O_S-Cjyt#?qDvv}F=) znM_-z*nK`NL!Z;*6CGn2>rV)p^Q_%-3Up?s?5_Lg>gy`(pm%=G_z!Ha&aP+w;$#AT z%Dx^ZHX~fvNu1>%epNBvc77xOzh84sE)MYaOFaDVyL#G{Oz{?Pe|q>27w@unizqPTa951l1uIdbIHwlAJ#sc=L@d$6F2`ca^}9He71*}Q@w8}bhr_IAj=g)j{Yo& zeNwJk6dIQk+a9ca-Lm|NaTBfCS7Ec-p?_q-ZAbN6a1eW}Z(!_5?7ovdC|VcadbAB* znfN{5cUe}Vew^arR&xh!%cl(*U%bM1*{=b|Rwk9G>_0f6T63g2k-RI zocng{ejq&053hs<;+x7ncqeiJ?KLNo;JtvQ*!=)w7ew>#iRL^Tt)vXfnTX9^HOgu4 zQ+9hdm)h+uOWfHdRY014a7YcvO{>a=@-^6>xy{@KjW-LRF2F-YdGVVj}vXMKy*1*IZWKtMN z>m(KHX~XW?`aB@~mH$aLMkmv^DfEpp#3M64n-8y$HJ8?!3)B43?Tk6ELBDi{ayjRi z9;WQ_Y;=oxl55bd0Sj+Gs{3K<=)YZq4r*@T4$fpy4txYXt3%HgqL02MHAiFUnXvLc z#@uEegU>OVw}7?@E2kj=ZLj6~p}?T#Yd-w$Y9D%b5c;q`i;>$y@Ko^w*(qmEW1Cfn zZR5V?ed5qTXRH6@4D8#TvS;*(vNiXld9s7NcL>?7V}3%o>N(}E@rc`0q7t8IJ89VRgm&`@$!O@nQ1mop(}R zF8vxvzY37s;mGX>8M#%55O0W2c$xFSX~5C5K)NZR;j$xzIa%TxZ7uJ7{BxmDk|L z3d#G}sl2BA40r|AFwXv)D_alzO36;jzG7S7UQ> zSg$huI_uqb_72h>i2Jjat~+2A*0d2X(lhcyo3wX&`*9%*$yV_pduwLcrcg?@setr1V zp=m32-K#Hlo}6q`hI!mddmM_at;^|(J7y;iLNnpVuDByOI4$moeH|3K;1f>Vu^jt= zKYN=#+p$L3LD7rcK-t1vtH*drw0iYxz3q&5y_q}y>%?z)$A4YpK5%*Z_}-O4JCD?j zO)J+#V|>L~?%nRjS?ZzP@y7Sy4f;6AjPDnp?u_s8+gc~C`0B}w?=dv9cQL-l-{HESU|$lJd9!v|Ks zgq>rYzRf$X&s#9=sP+cxG-LX_@bbGgKF<&TH}~9UHNMY0rq}tydEpz7Z+E}X&l*|R znSI&e$)4*Ax$fm>;OUprc=`}^x&EN9c(CGyUit5fhqey%jFp|%hx`xr*dVX`OCG&( zz*Cj`uOkoA5AE&LQ|@hZDM|WOPPz;9zq%|1i$) z8}J?XZ&|+HjS05b`<#7o?L4%R%o|0(InfE=ph?cS!LgS;c*JlkU zz6A!u|0OH=UdeiD@*>RI?|IG|IhJwYCVZ=z zV_Aq?YL2Cfc%}BNsbZeElFyg8w})r;5o66_+%kiC;)CSfwKE95(7c_VEV# z-SpXFA87UkXr93}>$;N>%CjiXqP#i8Jg@A^3CRwBnzHP1pzZ(c^C$e_G1$vu{@po& zzw(@m1OCKyCY$%+9X(}t6})!wubuDP&0odmQt;61>yNw|8C_Op@&!7OzYb{BOD-#W z%H_A%3n>DRqV!$-?$M7lKP%iXx%_il8(q0f&%YkWo(bN3U*+m5Z}-YvXJqK zZ1Epco}oKD)BL^W+@w#LM+bh{B z$-C@T4A}usAv2S@WTsRy)7xHg&frC%O!jJ)Ei>kK*Ir5HjJ={9*{ghyy)v-{6Ql7b zUNUh7+g|PEp7xfOy_$v$j5~q7a@#FT^bOkVu~%!4XRk_WuWPRq59)C2RggN3y&C3k z$Vc9ypR?9#FZyEa6yujmg5bjJg+)hg+o#xVc6g{OZ{S!r=cS!{Z}RWjs%EZTTlEsx znPly>?Kr%sQ3IeOh}w`?P}c((TiY zeaOV$rO`dzKAjZa@_piz@z$=to;=?AY+Bo0zt$JtTE+gy>GNeS<`TY|Hjr2scFXuX zY^?m$>) zsm0ig@~kTpuP{CwOMF;k$tHaD`Phn=7A!dW1Y^i{p4kN^TSZJ~@8bDKh12r5u3}tS zja?ke9C7ZT+~yfpUUMgQrxQP?^$~d=u3G&7W64hBeH?Sd@qC zODr$^Hu(>6zAJ~weg40=HZ~EvDtqesZTalE^4Z`AmwqMEiEg}iT%CA>y1M4Y&_R{G zg?3NN^MmuUn&sD~@_j1(@Y+z~R+j|3uparpl+yzvVaFAlcoLpG#=m>^*iz5+Vy-jU z&*iuGw4aLedhJuc@ZQwo9`^G@crW>v{@YO(?=4Pir>hs~{=5_U@Zvppe3Xv)au|QW z!*{)yZ?bd%c}>H7ecIG2$&SaSD!13geZqUs!{5gp%qQ8|i|n{{+UJqygx67Le{E`| zf*dX5dU*yJs_Vjh_FT{;SB@Oa*8@Z0zdl&lQ#N|7@2Yh2 z<@<~G_KZ6zymzPM1b*}v@4b`O-b{FJVPEzV%y&F{88P8!3Bv zA{*(_?7!$&e{JMy>iRfr{!pi4AFq+@ zU;~^n@p1j@2juR2oc6Ju^1PTc-9A3O-~{$@pKTvku|Cop?^ljjfO&20y)%!wLvjJ0 zonyw5mxrzz#{O5>=_qqJ(gRcfK6{Mh%@KR)7_z}QRCx}1PPodoCClKG=IC#s?AUy4 ziROoEi0@-hw5LKA&w6s|UoQubxpQIq&DjsiE!pzYP4K!RS-^Q8)cYLq{JX8%%%w14=G@G^yzug0`ge$ezhHXD`deF|ziMkG% zY@eh3Zk69ZD4f7QAA%1D7;8Vs9NVv$yVd%DgV@UrKH`Pg*abdvU$U(uva5Gwvj&9R ze__zgJX7V%OK_gy?1{t)2Q#1Xc3?1b`VXxRlY3CkSy0Qd2QBLREMm6cMy-9*y!1h6 zksy{3qa8Lqw6A+NJ-!P)CW;>Lu?2c`@o*NgLUgGU9B>dCCGZuRr#5p_@Mg%+{Dxm; zTghKRub+T@p91@?fnMVdlWW0TisoNC%{VV1Hzw_-k5e2ARE@{?z_sfTSXgg zr_Z(ckZb>%nk|~yIZ65Oa6tGTY@oenGB5ldF4yiTrtoj`yKT-}9{PCu zhu-7sgJq@sS6G3r`i|FUHy+W%yWaD;*TRQw*r$!m$y)T+w5!r?*IQQiUVUoY8mDcC zY1c4+F!|?d_J89X%VOrX|6FQ?FfwL7)$1?q@x^&v>$_CnQ1O#={yB?_cig(TB<;Lldr!4NUG2{b z=W~5eAMO9t-_ZUe^|pV~dby7Z&gkMnvkf<9irHL){?ze{QT&UeAFI4YfG?yU2BE0eRD2g{AHaP ziV|D}7wEG*lYTuhCG_@Lr>0+7 zr%0c_22NhT2KR$Lu21vorn`1u`Fz3;t}m9qIMMS(*cuC4BRiw_Tz|I8*tYKYzdP5g zym^xYj;(9O)@gk~do}i=DwvE^+xyrRVdo;WMR|Mf`gF}-ZPZ@$)`g*HsXz2n=<_Jw zi}f8_X>8xkL9?!_0-srd{a0L6Hqhj&VZ*M37bW1{3g(W?zPjMSBJ8KN@e`p(PuIS( zoK?=AxjK{K-V%4u!oF>qmu~XIKe;utee>o!?(kp-*B>9Lch2|W>^krHJ{^tV)<d%z;l&6S1$Z&C5WTWzAgbSbIy^reTBX6M|2H*f7rwK3G@|y#-{T= z7@Kv^2HOSY`|wM`jgL~Ed{1OTFnMNs=5i&+-g<;FkN5pVa^69kv<^pnp4<;UyLqh- zr1872dR)Eh>-Tg$lkDiv)wglXb$?XQy}v_5e!Nn2q|Gyt8T798M(I<4z4Gk+^4z^@ z$jyIdKl-AzIj!iO#({0{uIoO1*POlf>ruXQ*M0O$bF)F|(6zqM)FN~!&e+M(p`R4H z`_>+RuL#lfzvuO>J1=@@sQ$Y7J9bQ^JAX&{^6fR~3w_nxw{o50*qD|o+F8xmA3dqw zJ&E;i0i!1^8>J^Yw<*`7C(ij+Mo+rWNH_v6eV1p+@$u-0{jAFKX`cgV6NN_c5y<~Y z?Q0%L>|q?b=3uh1jx$@8mmkGO#j!=P(r(>Y$?qGzx>4!G9jcK1YJ07q;^V?)bI=2x zy|hcdooBn`yPx0tk~4RGmUyz{I6QIlxBtb%8?QWS&fL3yYy=sKB14gp@MSpHBP{lT zu%20NT|K3ebLguhmxnY4{^ff1QI&3kZ*RF)`xceIsr+QoQ)AN{p2>8-@OtaW9PC2j z7px}#7G_^{?bOD0<4S59-7@Cecd8oM?R`# zV9&Yu#IFwu?PXnyWK8o~FR*4)XDM!F9KMy9gzJxXFBold14QouYjGsnGEzhQa`}#Z@2K1toN%Q^qU{PU*5FAZ-qWA<*bDbzGQr}FWLH}55I)&L$^5k zAG;YFaFdnPo;EiXu%{h1QJ6#PX(H(4=QyKaFY>qvd6aJnB9j&}=||qiA``NuiZ%F= zNy(=CQQAOYg7$UihT@IX`w0IdgY5Hf#{wc7=u3Gp*}9oA8T*D-=dFT@#cE$76KHK*VGI5PMVoOFJ;djX#>c!rxKe8`{#6*5l%=!j?t32QSO*SVo z)`$N3z*Nw8vJbjK<12jl3FutuV{bcOvU8@7wJ*M8;znQc(B=VUN8;I>AD17BZ64sU znXI8;|A|<$_G)844(imLM&zwvGWz>qaxZ5FRNRpt+Dw~^tB*C7lY_qp8WWEw+wcr) z7rE9uuky~LXIjq~T!{{(7KxTanqtroyYj5!sYdQOmw71kkKYtb);ssL=3pTAc2Cea zm~k?4x;>8=8v3I5^{k!C3BRU8XUcB5oByTMQ9G#VY2W*ee&nNKI_4Rz}1xqO>zD4qZop;L?FY?&`Q1fFg zH*(gMWw8%=c5@Ck;05*~UuI=DxMjw`JDjN|{}g_evzl5dvz0b0hTlrN<-667R@!Oy zcA|}Kl-o`_6(coyQ1t)DtmEA{z`Atzc;zW@zR*l)0uAE)Hm>;nM#Y7ua_&H;-$$3c z-zeT-$CLBnk7TIAksd}Px62BRBXW1WI4YvE_lt13!dWs)BNwEjD5l6W!~R@#{K75+odtjmwlmIvNdMN z?!r6&dV1eFm#Q7yq_wv32B&>%oc29TnGM0@HPq9k^EKSN(~M2lT3`N5C_0#Wz~*sy ztg%Vs@#=BxiEB$_S0;PQZlvr-_;>ne@mnc61fI)>nFM%97*M z8$nKF+clrzwKdn13s`uZy-mG%;~(bswEgkn=+Ow|btJNiENQ)1owF`XSVMm<{%y)I z|0mmEsV^@L4HYv!{b3vXYtt6Dozgkk3A4rn8P}S_OnZe7{O$4g`(VmoMU*n$gEsnXh<*vBq0`pT*})?$Hme|L>?ob|i!4*db&j zl^WdSofEj>e9Jx`W{PAB{lb=3XXS*Zk;DC!hmJLtoXuMGa_#wUJ)^xj<=ZrGv!6LJ z(PcVk!L{!`Bh-$qecW$dYQ9I#2(_WlFM=W5vq@h9Lv;L%{Y80xoNq+ve4o9BKF&Sa zp9<$pxxbJ*qP0<)&la}pDud_RZl*s~^zmlK6JWBJz8oye9~N9U-nV3Xo^R>8LSJFc z)xK5h)h_K3tF>dAJ7b-N*^^2*&@InL-+4zvwpU%Nw97J#AgAc;vYka}7 zD#|{{x;w64zvkTUywQA}wYFy2uuwH?K~>*1wEvntXN2@D`zBp_kldO10oCo4q4}ryO}vjio=(3H((jq{`wsej z4gFTzR{I)EzY{kZTYCBc`pkY#WNpA8iRS(GjnK*!32|$9pj&v6PuuTZ*k~7 zV&Il?wXyBOhVrwiR6&y)mvHwJ4xWe4m^dI*9FX0Ry|S@L&F~K!c_+36e`8VEOFYu~kYkPj$d;-SHL&_HKB zxbN>B-irp?ir*~@y>xp2Xz)-!X&|g9{QC;BD_w{ThgTzziIK=vA-1X%TQwHF#lE!5 zCLu4{XY}9|$Y0!7cBtJ~b~xcHlTGZLgFVNFca5R2;VszkR^+G+I<`aq4&L_j0J2sB{gu$YB zBPX%Dd2T6XAg|NFl_m#LSQ5EWuD<(xB*$4lX6j{MifY4eLZ zICO5g37NVXnZi%B(~l15+X)SV@Y1{1RQvq>96dM)O%u>}0(*lekYV-rzoA86JP(Xv zEVglAs2abxg*DtO>V}2tITI1g2%a1til3Ki95s}6RrDc-PtzQp=JL|}a07j?*o&oC zA83CI?Qf<1ZS?0veQ5CXfwkVxXkQ@pVFrCrEVf-Vf@WPbN-IACA2u18wC8NSGP#Yl zY95(<&9ZEneEp+-$)tJyivG#uw*JUu3;7BCl}R_3Mi|*EtI-=dUzzv`>MC=$vd*p)WTvhK7w4}N^@IQ)=(ke$Fr7=FB!-7g!_FMia09Q>G- z#*bP3|tE!M|yK+B=t{Sik&NS=EWhBZ~9i%(WokTlP=Pgwt)(ooC5;P&cjl`!P7wfN0!}@F6yRkmwfQv#M_zQ#eA2(Q^ zb9FpepL-70U90n>-zOg;4eQ%w@Z86Q^-Xy_us-?;UQT$i{FB({G%UY14a=`}u>9H# zSblALZ!B;6x7X>PgXK*be>;}9akMaf+uiVgDZH;mChEabE0F~-OMJ6pIj`3FbO`d2gU~nbgj3px1Wh%Lp=C>n_|3Cu!6zwdLI0v@j>`|z480Aoc{=Z-ZDt=G?!>QxB_U#!#@)-~fB{Eo&q{lV{} zpidU~{Y2Pz9W;rY{&Jo9AN92Lu>V_BuH8v%j);!^bFl?~@bJU)gi{@&6T^{^X`UaQaR7lbgH8WyizmbNk@OisSGj z9j71me|)y!2PeS~@3^MNxat2ToIV|XoD5E%_2vHI^nbu78GP=<bjJCejPu)X;@KN{4(y%+!=-8qdc@@KC;_Jn&tp?# zVEF)X%IXWx4$UJ@x#R(2^0{C!aI6QDtTmVfjAJkf7~WtKzTdYl4U-W6U;DnnBx?;O zxf9H{h;g6hgpZvcx+MopQr#U_%^%VelVpgit`#nOT5If{1eZNU{27eb3zvaO6<1wS z2QIrC9br7&S{qD8s=#IFi{{jAIkMxb-f>FoMt)xdEvor^m``LZ*2pKi7JGzv=p>C< z$?2=k3O$=l8aXJrft)?&CCJ||n@c?YexBLSGh?~$8M82+xkz&tCN6J&1Isg>H~Wd2 zGKB5HcdwG8Asp|Pqr9O=4LqD5OpXCNzer5JV`y+)J~8=rYw5Za`}B?VJz!$;n#WKq zUh@#bTB%y%@eRBSW>AKMvcoMmF{*n(&+b=TW5_82xqv5N=KO2gis{(qJ=nwk3l#7Xpj*vHua ze?N)-pQzun=(mX{L!%h}C3++Dnq}h2YfVfXy2*b22Yu~?E9@F3*9f$yn}G=F8y$ za@>jxnmL~LkmnDO=TruH1~*hnp4TAH4?FTa$(|n>=3{LvEgy_EskDl9r?VW8`kS=Qu!p|pS`@RTtaeN*DAMF z>vy#V)XWRQ_tVyr=Zc={T|FjW+Ox<`J(t0bc4@WbfzhVkX6Jy%C!~Ba_Qps+08=`e(1pue5?53@*=3UYKr&43*~CKym)F&H!oVSlWzH`)Y;@Y zjO72EroHeW_7?K|du-DI_#ekMBTKP%K9QwZ0(*6VuJ5a&7HzX}55!{7bBX zGSR1KX%@M6$}jYX@33b`ZhIfY#`cSD z!;!5K^m(L}JlTAU2fuLYcy_rL&sI9?k<6Yg!@Jg}#_py~OVI)BUn};n4LNahEo2jv zU)_SvwZSuuM^ZOS#s)UkO;nyObNP;)Ujx5)4%Hv!I)9XmLg9JF)M2kgAg*N|Oprwlh|!R^2CH^^Nt zytdCDYWNQRjs7L*tHEniZ2uoi!Bn~U;}N=g*M{tKt7S3cmbdEqop31t_`B|*tVtg3;WxN z44ZT8M^uy@8d*_xxUizk%_~;_e@HI5@y)a)hQ7w3cgqIawApU^w0!da>5KC5zX%Q8 zTyCAuq;r}gfz!h~{*r9;jc0v&-RYs|Q`~zRU#7Ul9pge#H~-qnGrS@H!$yshOkA9{ zE3aC1pm70f6Kl9Xopzw-W=$b>Cdl|YvWWXtk^?)B+~m!mcmJ+>Su1MdYP2V!_AH`2 zWd3RIZ%&(vSZ8jXnHO5d`f8IC?zHI;d3;7!Xb-Wp*Lua$@bOXF`Pfq0_z2~1z=mvg z#~V)k3|$sxiOobl#HYLA2YhJ7Zv31zO?|y5Us_Dwi|f~9pW|z+jd_oWCL zxOp$)cQv{$ti6G?YtnVI=YC)9%7u2wNvwc!hr`wXZBO zpWMJ2aswwLzf+LkD|m+-i^%8ur~l?0v+AjoLylk#If9dkflT4N(<_3>57Ngkfk9^c zvTBXuyF+@6Um|ZX26>C|$nROla)5O#amF+4jAs&zXWn5v^C!kL?=hZ1R*~;yM+(`P z?n{19IUrP9Yc&nvysyLM{<1??_{&;8pbwOxvQ%dKd(7KU@t3I%#d=!*WF^Cl0p4bB zmPxEVd?$K&Nau9e=iB9@cLTyhA3W9=`#ocv15=YNAHdT;p<|8c*n2_hpGrHh^Hb2T zE6}gmK2XcKhS^iKeiN|_;e6{FvfWm*`jP=H~ajjEVJ)K@HA_R&Ln}f1(rS!P6M6i{WyZ2B-0wNx|KIaH-&0M0)!5OpEeF%5@uT!EfB)$_jK{ps-#jl{G`fhhQh+UF zjS1TmfNc_UKcQCpakh`9uVwTl*p!Q}+QUmm3$}m*+ae!ql0!LQYq+2=*q+LUZ4a=) z|G?G~!Und-0o!fW!;j@gq-!5_myTPmBSLP}PejjGsukEQ# zz6LKH-3u<^r(^qSlgHpG55M{7qnkc*(TGiKFmjZ!^}w5}=%?laY%kSkQqFhjrp3sb z*QW8U>9xsTMP-&TjC<&97J*BO6amKoE2HY=aHsFJ+wuS^JkiTzkH#%?q2obp<83BKO-kN82% zVVpTk%&1L@_6;9E^ZxPraeoLOzJdHg(SUqlwL{or@U3#|_Q)#UKMGCsKp*Js*dg$D z0DBc45zi^7*y9zQi(`1z@PZRNd6S&4*dciMfFnQr^k(*zp}&n?w19o2(EEC;GMpf8 zlNyWs8)N8j`;GA8jmRkR;t=>ydb#>K;DKh0oIq!$>AgKSy#w!rNGspsdof_KfvN6q zp>g^+Odm(+&o2kBSB+m}a}*h^b)#$=e-`|BG`^3V+oQ`J8rPW>5#~9{Jj>_w*E;v( zE!xF7-zH~t(5A>r_@IkgIz_~FO8e)GJ~P{z)w$9+&$|n~oTC1kbf@OwnGcbRB{>Lv z*zmi35Zvwu?nWzFf=pP3OsJ$zk?10R(xD5r4->b!?!DIS4Yyg_*FghIpn>ba&w6B~ z>`iAcvLmM(!F>YxE4eEjAKPptdz;IRzUpmv+Eg>~H?Bnj^L{w;vD2+fZjs-Q-$ZOK zG93L?!9F-*QP=W~DSV@jct{=0{4xK z*`--ePuTmBf4mbt$UI0-@b?FSSu`ExZ~1ce2J~$61rt-V(Y5UNldg?4Ul3MI^w7^v zw=M_g-3nmbAN3JRK9#BS(Qs?cQdxbjMLb~KD{j&{=^XM;Q?s& z(gJ15`G#v|@xX8${c2&d?tH`b-YW)%>!tsn;2KvoFkEc~!sY4rGtv?I<`s0(tLP-r z(T-6Af4{lF@1JjceQ3L+ZYbu7ihr1Fnp#b6UIC z$#=frjoB-|C>}z;oxrZ1SCo#CN9H5%78E5LwEyhm*M*mu+|6=)cW1xauF^Bw3R`6> zJXDrpEA-!g=GqG5zLLd1?l?3Czs@-mKJwau^k-xa{rPodc(8XSvtxTn){RE)ExXr| zduxVLTN9ZcK~4pUckD)PuS3tI=biYJnRgSnb97DoTc=v5vzIiV-i$!2QD`*=tv-D} zI(iMdZaO*%*gU)Q(B|bps&rq zAw6Z_*aGZx(5LoLN1xVQ=(HiXZFAbl8fbGm`{$1*TZ_@_W-s{~bX6O_km|N%t|i$U zpvxW5RgqQ>H+0+0L z&F`x?-TKIl{q_rXR1du^{1f)(`0U%fG`n zcG|$%jKXN=J$~BR1?|i)fOaaOof>S3%G%^o@RLnD@*iS5p`Cf)zsALX$Zgx4R(a@= zHf%*d-j{=$75wJs!23$@w+sBO;{H4z-dnl8lk2OCoc;GN4t47bfLFJk(nrDTvp3|x z>+3g%?<^3nLkq=g3VPQ1=<577vLBC;13Z5S9>Pxd<1}h#+0k}>J34|aO54#Z`t0Z} zr&v3gc4l8IG8}pt3B8O0|CLrUUIPt`As#iBc+@yzB;&2TdsW}_!E;|b3HA2X!*%it zFE#O}8~;J^r;!=)r&w<>buWsE6$FxrvOu!4Jdo_F2vGMTK-~-ekADz7S)7cVC{DgY zoT-O6)2qak6vtLPTQOaGA7k9hSoScccH(P|*v0-a zoMjzf%bHG>jox8mIqhyNXAd|;&P4e8A@UQ`v7AP(uLQQ4R@%N#%WR@3s$#2Q*)NwhJq8;X}Rk++8vqkyv#n7gJV6E(Cwv}0(G(gFi(xh+l|)?wk#0DATIk;Ta>SIyUuK)Gk<_hAF;-6@|sTq0bF3Z+QVb2=6 z<9fm#+V4BZ>Gv4-`pG)`B4^AsF5Mkvo`~ldS$7D!v-w-Hu8UT(u7_5#j_1txcs~)U z=+|$P>R6k4)WgCzWzt=TD+fE28&KoYoteWNbhqQng~`F_YUD}?xx#v+WtE1X{wwr+ zh`qPuWUu3#N1eT=dhpni??@cdT8Y*+vD^8-^x&-@oR+v?r^ZSpQ4w*n0YHg`Pu>zUpmrTib1G99lE7 zZ5*;oFpQ^_Y@0wU*)|FLWHR zR!U5_dT*UeTg^_JI*2{5SRpbk zwinvk$KTLaY(Fiu6+1u+ZE4NUe2@2I?S8%O^y{asRgB9g(=ur5JEA*enwh&Cv{h9g zZOPYj*VeWgdu*2*Gu;VJq(Aw)6kL0{uzEE54_Z=OK7w5sT>}gu;`7wph^&@h!S#Jy zZ{s?BD;E);mw9Z{;Q3$={tjtmHK69CapTKrF39sz~7SU8Q&+lLk7J-*-;FtM0 z%v_oMoWv1cVSW2mVo?=3m)M6NW4D?)cGfSae<_6=<(t^8-+(@~e?qaINuudh;F$Tm zoB6CH-gWH*0WsVhUC&u2anocLYpdi^_lh`vKzuQk;5`bE)q z&3Z~5xlBWWx168gp3L7Fb~rTe@rB%TQ>n_0cjHU+ zh(DpRSInAJIcsS{H!1hd$k63ZzLMtge*EY-HozL{4R;f-c=&zRuXj;5hCHxYx`t0P ztDJT8HPj(~hv!<8a#hO)u+H=U%-$?$gd64_{)~ry``zAD7@4Ul% zF2FtgUv(e!PABg?&pX!@TN9$lmTM*F54m!FFJoE-Es#GSS;7B#F9xiVcU6l{weG$M zo1)%AhBy6&T74sgS8r{6`%w0pTxdNN-N&5Kk8a901h zXgGT>uA$+f!^0iyeJX^8|K$sR0}b!UqTw9{(s141M#I1Sr#D)=w*`~dT-Gqy@1e7< zOVDMd*lnB{X7XDfL*5>0AitHpm5M(p|1-XY7TM;>xf#^OQOxjp_SYKRuSDK&A?Key zUZlSi_EvA3W8Y~mAHj}OuGxC@{(9^?<>bi^Yj&^8_8Z1Eog1gzSALc zp?AGwY}Licya|#W#n`Xt5%4WLDUOX4CtjfVl(TPV@TSq6gW=g?+B2d!RRp`K2$>L_ zZ6)nd*m>AeX*+MGpI5IVms9I-PVMNZV3{qRb?v;Fz~!^^22&s1=KTTeysffdjh#n) zOz;P(jh>)SW8cxAiFa&v#^c#|-M|<@K1Y%NF?hya#n?4w=EbUD4R{j#*T}etHF`P! zsv-DiXf)BwoFQk7-8S9fn=$Al?EwfWrq>8wUD@A&tbgx>xL4h+#3F-x zGe;W7#^cO)Gv9=UgnNA_v54`EM`mzeInj~H&;sA=D(8o7oNBxZ+?Rs0L7Ucd&I9;q zksThhnV&9x#9h<4$BtGkHV5tv41V0-mmBw{Z`t@SUg6??O%mVK@O1<8VPG|J3>R0nWZVYk0y%nw@g~~x=>KdQnC8&H3g%q% zxfGsl25A2if5 zYr4hk^|86We->v{Ht>J$b@2brIc~02J@i4Y)++~7v))DyG5z4{n)PpIpBVO_Y<<~< z;yLZP8@==t`?{{#801;A{(J(OJ89N1j#)3t7bNC~&*ZIP{OI(ljJ@=+tn;Oi^DR2R z?ZfPAGITYcdAvGD%?0riGtxa&>6^wVtoE$OCT}42l#Z`X=2|`RRoh*Usc~bEA-8RF+6XbmDDg#mANqek{wVOocF_u^cG`us zduV}8F-l^njGq`P{eGpJ7;3w_E);OrBIiqox!-Jd*MN3%E#$^f+uY|GiD~lOF|Nn# z{;^VXjso}k$58wCZS<64sGISXw*YHbZ8Elvwug2H?NM4_AWq8KANxxA?p?sH{XU+p z#oE$VHx6&)N9|$mV-uNiV;4oBfhcyFql1b!{cZtqcyck~HN=t7E5;T82f~x%b5$5$ zOggv*75_EA-c0<6kQrY}P9Mc->E*!fO;f`0}S(Oe`5bG5J%pCN>Se z<}lA*JlUQNZYD6l0T=E%7w%QS#x?QxiGMxaI#=tE(n)1pFNa3T()qoHFSWluo!>hF z-vF5&WzU=J-yQonUu%$cM<;Zln6UiBK_BSb|9&UAZJ(n57wEr?>t4;E4ZeNC8_-qe zp5lDSU5%-jXSJuVo!k(`W4t~(Q_xI+`Ao6z_)PoX(W}b!mu;!IvDxqLr}6Cl?g59! zQ*}corpAHqW@jBGQa1#B(Da)hY&+e0A7e4O&?k{&y})wPsUyJtfEMkgS;kx`A6oMe zap!6sF(}QI>MYFHeC@R+=)U;oz4%zWZnlo!u-uxJsI!uf4Yq!LXqa{Uu6J?P_*K?% z`y0IL^4yPqaJsens^I=;sdam_v3BC_Qfq=|A9(ye4c>{t!!|q|Wvu>KLL>w|z^~pr zTaRYh6d_=QFa7(u{digqp1Kz0*w4+ikAf%3YRL_a%iH%RIi4XufLk>W4pou&J=~gg zh%rWna(39M!0{o_)LfmfRvCQqZQ#v=(;M5cvl!b~&*RvxEpTjuuKFMQm*1nkMi+c5yw$|= ztJxbd7oK)txTBzPMBr(yd3ii7I{D=X9KQDY>D&Q7?PM%F&b|(qUvJ4)Q~e6nvhdU0 zq0!dybxb1UO$~180%*6vf(Yl%MC7G z8iP+};Dx_kytEj93B4+NrlK&sn0LNX0ABoaGmw0%E)Xx%2gJ)e&lxX88F+bTxN{A7 zX#+27-Wt429B>>H&v_jC?sfRyp|6SI&Q`{;nsKzgHRJGf=Lhg(a_G(s+WHD(&d2lO zcUN~h@4R|uo-dTPzRjEz!t>JkMt8Dz;G4vl4slMUg$}JeRdoD9Pj`;W%{R4YF}6+T zacnaS99yMT{2v#1W2k8Qr(C>0Y=ANNWU|4}SI^@Zt}Sp3uKwSerT;s;T2Qiu9l9S@ z5dZjWVI!Zd4BifM(}|F1OqKg}=vor~7K%((N(f^1s*%PZ$k7A$983XuhsRlz=fNv+JuFH_HA z3{RZLF?_hdF?>8e5N%y}&a`z$25ns!?%W4$?T5DZy+yP&f;*WE*QE|@W_)Nw)D#D$+7)Lwf*!9+oW7qB0abjDu zcD<9mFz9+O{%hSz?2g!p_6V9aA6mr?9$!o>i&#Q$$ca}6y>*`oVsyjF_0}GPmNIAW z3eR}!K5sucaLg~t-aW0cj6F;e1pKYZxyVxt!kQ!64)v%AW= zJ%-IzJj%Lba*6eYD7B~MOCP+>>R3#?aBd)Yx~i(-nrDa)nQLu**Az4It~K!73FvLG z|Jmk?((k9A4O|e`v*bpN$d0K-RZqz(;!NS9qEB5_sA`qU5K1AVQ-Z>(-& z4UL#;gm`L|>X`q6b>88@C;jo%1OJCQ=)SWNv*W4W+%73_Zl@JEx06o=GUur8`}uiiTgjud3Ob$IcUfno%g|9xTlRXjJBd3EDz z>|N-K-#m5$v2ys3_{~;d{3iWZi@xv3yxNN#nYVPXBlBF|+PZjuv3TpJpN6-@%jxS5&;9g%uAdu? zUVqJNQNw@G=;*ZkLN^?U`uI?lXMZu2*+ zuRa;#%!@|OylA(UnKh*N3CC|&Ed}KbD|gNw&pQ50-k(7}R+jAB1I`Mit6R<^UHyR^ z2SZmgSpOj>E4}_RGjsh%^u(G7`Kf*Nv02+=O~kAvoRiG^PrfaC-0P>a3wr8-p1KN% zi}ajZT;y-b&0jj@+;j66pUm3t-t5#1zVT|Ee{o5=UT^}LA6?8mEP_rN$pM+nd`uz- zq#oLt0R1(Se@{#^l^VLyn%0vnq( zKIM!AM}$j?vT~j4gRJMXu0J`LeCi-MPkc*j(H@N|kFQenIgjV&W8<^ln6W-No9BVk zd;Xi zBeYLnwNPWzndfO%vf*asm|!n90zb0m?aV<&F7zU<n@c#hxBihN}|E}}M|7Srz{rLYcKK>tIKAuUvY0i#0BmXl8=Y{`2 z^%nAf9{g=#`~~y>dBorDyZ#^M|8JZH{|C>F|G$-`|KpziUv8b2u9pqaiF{6A1H|i* z(~C0n|5nS<|E#g2|2=wN9z0!)uc{m}?LFSkb;*K9ZouBfM|Ew1t+EA*p#6NZ;K@H^ z$O3eslmC3x0JP+j1?KsOI}4Hp*p;{H+?A(I{xk9@mo4!2v!EqpLB`x1{d1oz`1}C# z@zXc^WPyz>pmPZ2*I^6LU!N^7mO02N3$Ou1q&tW50 zLKijcp~$Yk?%D$nQB$>Ge*jxQ%OA*~`P-m*#eb#{Uz-B&+Qugrt9|9}Px<@GDiBhK2Voo8N0mz~k>$L}?EKlZ=3PxxHy z{x2=d&Fk4`HHg>$$9wwodVC~&4zG8@>s|2rVAt-K?XQ1+`~RUV{h#pkKYHHy|LA@3 zcqijGF#vep^Zz5Jme06woctQ)gnw@3X`|;)(MGTthzl6Iz~hOxXY<13K6#Kjl|vpd zpYch-ZI8^hk3&hdiL~te8MScEHVNL0jI~y}5YxV3s`a&B4!@ zgVDp-*WW)5kfHl;X50hH17txu4!|59W}N-@^%Dp9R47Xxj4Mzcxc%pp2QJQ5~Kb*1_F9nES!I^&ab~ z$W7>f@{FTfg6vJ=JU6bdon$@b;Cxj2`W~(aCwkYfNMGO0^~fF8Q%87zI(EhUqD#Z| zMddx~sM`@)L(Hm;e$k8eW@HEbo0u3p)&&o|aN0e0g7bTx3Dm!A-d}P@!S6r$X6E~M zyJt|9tM<(9%fj(>+;{Wa zTg*Bf_b!D_d)V($Oe{{%9zhoLz!R^`3?|=C%>TR8sQGtl)a;{1%@fq9*+q?-SBt)9 zV*anqcFst=5S^}CH5c*II)eJq|Gn#qrLU!riV~-$bc$N~FJ905A>++iKlmH3)LE(p zNnE!yJn1V7Ol|$=7+>}r`{(!NGPicMJHM6Wn^L=ERwenSbID71u_%}v20XgH`!@aE zG*RcDRgz=p+;94-=A)9lDEIHDwYFG!xplnuR_Fcf@5iZ|>WAU3H!^WlN&f!hf`R=a z9t;$jrk+ar?}-K`o|}8K`NmfbOyrll&p&NoVy}(&zJci$a<^_O45rcEc_-eykk7J& z`Pf|){Au+w*Ir}#Be!K8IN;jp>@ija8?K2Xa}&^UCv-gQROT3)jBiM7Md&^T-9L(s zY2u9fRO%wm!K~oNdFQE%Hzwd2?T_z-9y%Apw>;lK%rT=@bt61ZA6@ADe)pDh5Bngo zl0H^h&YAV2Irsen_Rh8G%zCGm^~Yb!%%iz4YwsMn9xc_cUl<;AjP-oRq}cIuIrmQ& zlXntK{-S~X({p&P9-a;bGi$xLbL#C~i`Owm*{kCj1Mhazzx1Csr+=Wfu8Fz2?|IkL zGJ_gIiNHnF{@4Lo+2Uf-HtwEXZ82mO3OXK(E z|4#gV=iTAj@=W~3Uo8y3-(xRTA^4qj9`U>6(#*NjI#nul;l?BLkfZahjP3w!l-ra+D8*f~>R6XW#fEaju)Sp|;s%0kBJ=`Q?c)sFDfg-5I3 z|8ph{do&au;GNaPW&QM9$UApL&ilka`(y~B)7)fE5BQN{%ILQo zJEsEsW;piDNMzk8WF4^;?`%BzTve0KY-4qg2_`q4_OG`LGWOL&$oSWr2WQwMU+u-0E{$@Yrq0Q`lRi~zIlJF(WVpX? z6AxDZ$ZK=s;M~r3&WWxW#D4ifzWw`N zz2{PMuWw(!bKTz;d1>H^I?o3g>mlZxnnO{WmRdg1E?V~KM)_ugx1XQyeF)eh(1`Rs z?_nJuhPGgu8OxHd4_$Ri|t@XNqcf=R`{cXnQ z)q0H>ektB`qsF#^?>6&Yc(qhx$zICmsH%T3onS6Jim88CLvW9i#Db#mYU7R3uUP=AK2sWralNwH}Rmagg z-ua==;UD_@&qoK5;q*U}ag7pwtYo~#q6P%=X)JPToHgLt4f`e{Lx(f&k&Js(koOsH z4dWey{27b<8Hb!1kDQo*44Oo)g3TGCU7R7>Q#DG(5A^5XI;vv6Xey#E!lJ>_*1Tw=r#%*)uWj&zAYM!0oxSjDZ==o zlNd8&4ZL6TS!C+tS5iB&LFdQuUX*the91X)=VBudp%3a1J;t?29q&)(edcGW@W>eB zj8SpXy`ZH&2&POy@Z@s{eMZC}c`N*R~VnM;7X z?gh@-a)t)^+t5c{vEkiZI!-!mzVK1T_sYRX1^56riX$S-Mw)nGyOS^Ul8F~yoSxrE zBe00J;VTK%=#zub3JuJKV`l1j!p2P z{Cd^esxPYSIYNEVyNiOqxuArz6^N5Wxvnvv`WSRUZM-)>2|Yj?S~p4CcEF%mhWwgH zBltpYwBTQ=j%5_uiU>|`^sl=Y(WR!sh2~4l3~2lY2=mzM-z1K z)f{a-No-OzMm{`c}fi?&cnJSaLPw3MgL^PCV^2pR&qx5os6$OgE0U{-W(;y zFd4XyFwZ^Avp+}4)EwnoUCL47dtPo-cK;DzecMyBmIeMb1=+Vc-#LjacH~33 zk-vA{srccA8TM^_ANK5i?AZg@vj?$b4`I*RMaiC?qU0;chwg>QiUsHmWJDLd+yhS^ zLB1&#m0ojbMSi&UZ6!8t9X4(wI*gigvl<($jyU&U!k|ntuJJ|Eqg~)XUMDJ zq@0E*dtM|LqH}1$O|+hN9&L!0If~Ash2Ep{**_zDtm!@B=mPAeh1Bw)j?Xc^5pDL@ zcXI4N>`iPo>PzuV=5Q6?%d$-;!Fw4t39>heY><3(`0PTX z-=1MVlGQXWJQo0?+u ze}U*{Ebq?*9`}0}Lqqacq=zEVe{?4M%-USKu-&%Ct(z2bTFJ%OBJ5+qv6z-I#u{mX zC)SM5w;Z2u1vIe|T3O}M1@*w1`=6=cr;Cq?E>id*Dg2NoMC;7w(x2ZO{ex`sl*BuKI~OuSjQBJ;EHBvl>n?FDEU>SL&sOE{yLqo|fm#cc`lv z3;5~G>CaCWHw-`*)h=C_ImFx{$x8T>e_@;H`X5G9-2{xyj^{Pa$XjKH~Pz zLmTU%oldU5K+gX2(9Wl*f#T%`DQDl@qXx<|+*4fG^r8Aw(8TrRU@4#6>nDNkk6;TV z8mUc4?EW$G_4i==bd#_D0{Qxf$k!iKwA{q*6$4hSDb=x+-ywafa~-3G2RXML`n!;4 z5|fdWmGnE!p-JO!zz6d`i_JF~+qu%rz2mD-L+?VTsu3&SUABen&<<+uYF~i%1gKWI zpMRRj*B1XQAipTGIFomtGd1~2(!BF+Y=X5H=I0$_D~xmC6t7MJ#x(DYgLh_&cU)ev z-Ils$j*N9$!#k}m@2qxtXN}7{ZSc+pcxN-bvjyJSX8iQD-2A8CN^atdH(t3hbubTq z1YFr(=d`JrF5PlH)_g%fJ~&>7PtUz<{>UYh(|l3}eC5E5{ESu5icf~qicgT;eqMM0 znDfcVPl``gT8{k4!3+O2r!ZbfET%3jH2*2~bH1ROQ$tHl&8Y-*zaDU06(g(6*xwqjn@B?Wc>8gIs=6b}Uf#(h=ypXFTg= zvRANW9rG-*PjwSDN6#R0l$-glujk0g z0LD0SX8OL2oD8GG<##+qf6{Ab*r#EhzvfRlax&=KpOfL2zXRoF?ja9GuuFDICMvhS zUrqXE$KQ#V^N;%GD>~@*(DAG&ve3wlV{JLw7M`anPJ^)|a2zP9GV5&?0CM zzB7KxjG(hd1zis42L%G*(;v&q(SX(l%-Na=eti8KKPb;$jcfDZaOwa!^zGF!IDF#Z z`NQFd&jN>%r8aaHpYO#cUEdp?Py1Q$clDR;SQk-Lg<1Jd$?_6s_ccO zX7ARxuqO}x(7cVQA^fY+6Dt#m-S4w37#OZt~!^@G|Db zKYkmU^5)<}%z^k{HBu!56eo@%1N!klHs)1{14u|=b!jv7XRnQS%+ss4d_`e!rQEUgp|XP4K=miaS1nAL6fG2zkVV?|E5u}0)Y3|!gZ>CrLNhO)*x z@e*k5J=hLw6>Eeh-B_cMdvR#k#2V47(be?r^2`5u&=)V60}ri+md|h&ag6W8W}piM z$4pvaiOr@3p4c4pLp^jIf?no9FY`TmxrFmu{bvxT&r`)N(>bvhhbN0(LT;?2&5f1R z=b;xnGnSJgHe>L|^;pPH7jDdvevfglk6xVXz3r|{47l{tV`7gTCiZv`dO1W41$v3u zw8*kp7cH_Z#&hO-ydSIc(@Q$`n3i)x2B4Q>mtM@=<&bm#GP^)I2fnjqmRVz#Omt<| zVsP!rEVJ&6+^b>@%jA8uStfRD&WT;4IHr4k>;|sqpe3{J;nL6pJ{n4#(7whXy3sis zM{9dFagm#emBhKnxjdY|!Vj4jZ)AO&`=U#~EceUr_&(lg;*1`}Rht1rV2Y&vpgxz-i8WRh&rnh@+o;XS?#ujR!dYNwmKZo}{n19Cqr~hY#OorHI2S;<5)1IPCfBm|pmU!}dLB{k`F!9v zy2{$*!O_XLy*}a#_`Z8TGN1iHy!XCp*7JEUwyXbnPqkL*3a_6yYr!T@1^C|kI%h@D zmw}mn1b1Q=t;PX7iJj;s;Oqp(E@14U|L$h;!mj}D=&NWO{IOw5vP$P<&I9Hh#6>wD z-pJ)Tr%eq-`@GU+jr@@@{_JHc;xcIigTeEvz zF>>KMx)~Y*es7*M|9b96FN5>V;GDknclwMs;7#zY_&9#!`DUAo?~%lgNAY)!^Y>a4 zA7ZaD_lp=iaomn6L1OT395+G^5^II5<3R`GYm@P@zVp9?Pv*vhDdYSv(V|NSTF)09 zczx^qug6)#6g|YZ^{0m=K6;2j4>quBT)R)W^uU-B^p{{t_+12J%9gP%BfNr0D5@X`fdy5Wn%UD)pMOph<0>N0Xj{d{WdK6uH?q59y5 zQ?0LI_Z=ngY9%t{Xvm3GO#oND#LSJYJDqi4@m(D)-_ZFeoqVU0>ycH^N-KDqDPFmN z@dcmM`oz1j=j1EDz?^qAV(WAM*Uf)Q&H5v;k=g;y6x~fuNcD4L!k=Luk)Z{21Gyc! z>&8JRw|%HEd9J-HZ#QfCtfxQ&uWhlCyNigSmge>`#TN$lkORBU^!*9`onNkcI$!eK zFJnLZF3z@M4(8KVR*|DR9G)Esjg5l#DxsAcD_LmH)faEU?;Oq?k7SNVF~^nQz6RWn zVgAR0`*GlYJh-0#?k9nJU(Qv1zw@Pr7=QGoFXN8}$}{}Y*aFsN7Q$nTpvA?k`8T7N zk?Zz;=x-nLh&j_*e`2qdJS-VBAKcI5`8~+~qx@KFyqlbq9`OkD)$e>?=?e6d=0kDj z`&mMNROkCvf7Y7S=AQ4{$#c*1T!4G} ze*%4{^L@QDfje1GF#L0oH37e+!}u)=ndAMeHzGf*682c=>|cBmqq~v!CJzyMsOPNV zCCbC2U-=IInJ;e4<;(O;C)xWYcec_eQHtAC2@OT`avI z_+sEu&uHD`SHK*jzgQ(W;htT?JkxJ{3^+lj*~mVfciC$@^0&9fwehgY99!LKgIW`? zuHw9_!Qr3$GTAzXzo+nb4E+;)gM2CZ<~F=-GY2-jt$QWzJu{ve+?&aJ z$gpVh;P3{2pR>6>hcmX6)8*|i0X}bk$#c=ny!>mk@_OL=t<~1s!k@F@d*(!OV)(wL z-&w-sD@2*M+h>s@b(H5$FfS+3OU#?*&+s9>%rk-dmqlw{F4U~ooLndyI+X5?qI0E( zhyiXjH5!-;;r`iQWyJvJVKdCHP1-y7&Q9=!-j*!v0tR#bGH~|WrwNRwfbR(K^#GsA zg_`Ne)%5wx(zARony3E=I{J~UT&R3=R$btnb{&0j?wT)ic5NNJQA%ITxoE@T=i*KB+fB|K{G>f)igRjR zP3!m3I`%Sa{~CRnxR>}786f_=b@r)N<3lYU%6}Bf)Bd_IxX|rwsV*R*LL;b8Heog`iO&{ zv~4@bv2DAjAk%m+wxz!<PF@4wC5}QP@EvjM?VU3mzI#b$-@?E5i|-cmeV6Z=;IopqlOu^N(4JU( zHREr^zOHj+YqQg)CL!NUei!yN_a6KOYb5RD{W|tFc)1wc2mCcMF6gp>ej^uHccgmJ zjl?-4&@DFiQ<6s^XeWe?JPcZqEJK%=>+;>SJ}z5SIUpY1G`{$L=!a*GY}9wSX4ALH z-3f?JuG$!5e6cRBF}_%jzI)|H>|$_+U0hQZo&?O;u3L>=e1P#D#Xk@|gO~J~$a9QcZ2Fd6e1pzJ=Kc7p{<0F903nMFQ%zKc14j_!eP zGS+llyxVJ_F=Tq8m3~&!$D%$vDwjO}CbBa_o=T>8RHp!`Ns61r(miWH25+Tk* zMaN5y$RGFYfGB_eJ##mjIrpA1d`KU6b}!!F1zcqhUjNrYBZ^ma0oxwVB%KGns3vhY zwT@mSpQ#(TUnK9b8@ONO4Bj7OQ$Jg!^J3uv?j0wW;n@a!eD1%-{{@HW>EC%yITYW5 z4wQpC#pDl+K}SPR(DI5`vepWrH-3oT0A90C!c#{xYdppl zKwle-uV-km!X3BP6*Ok~nWE>c+=0w`4*PS|b>iBO8JFN5Fn7SU1B8Pp^DB9Ocb>7o zpRp@fI);4^-38n`;fEbQdRoZ)eD^EHFh**RT)QE88S)r0VQ41OHQK5hr5=!&c} zm{$~d2J?)*y+=0{@Gben8~C1Oe62geQ^||-_Lh>r-I41YX7-l0Sk|QQzkM;!I_*eg z{wQRBrN#Oy@^B2k=~(!d_1Z^o&aqxQ68;6u0W)ETi_1Z)C;a6^B3}djT zh!1rUJ3LIRNOd*R>$PKRlihofVbG1&r?DsKGkd*uFa5=MKD*EEz08Z-uh9+Y4(WPt zEujurL)g_e{$ND@An_UNhMS1FHa;1{2epX-XWw`X`TC;W6saR_=F{`p- zVx(6%->P%k)c63`M!46UHnocN6rMZA^#p62ed`(Cnr(%-mwi1~->i$Zm^Is)Kr%9h zF*Hskc1hbzJC1faEieSVy`Oyd<(F88f?hly-q`2Py6slkZNFk{5qxqpANb^vHufIi z?;E=b9eN)!+nx;$=P+OOwaEzhjDouuG-3R=_8Mp1)}`N9CKpe9byD#}?EzI>K{1Bj z(B;mYv^j06GN8Bx-yh04(&gbNfKhc{TwAxLx@wqX>q3W~ty^`8H6g+`-8B>Tz!G}} z7PDp|cw}Sn_uEBtq9^{2Vjsr#z_0Xe>~i{(J?_!jc*ee)^}1?u9Cb#8Xsto}{(n0- zT&umqK3e*l*OmH8hh1Oz+XrZ;3O*@DCU9@{>d%)q* zKr(tFz@Cpv_Iz9ujy6~N=)>9b(O~Rr?fIw-hnS~ccipR(H7rAiCz#({bQsE9OHQ#a zZ0L~dQQN<+=k7hG-(%eCqeJIrg$|=- zw9sLc=gjwbKU#NrzkdBR`nEIB=yfiQMwv&QIg?GJPv2V@jS`33YN=)h@o3exucu#R z<5Ril%H$9D=<54(`{+u~d;5KQ+njZB#ce~#tq0tAme!MutvB1k_lLjuUSeU9dFE5@ zGo3usxrlqjLrq-ko7abT4;9^&BjcQU6Bik}yV|8Yx2Q$B|2Zx_kabt@FC;u5C`6I+Ta*+AneG z#i75H){`awxSpu<)0Zp%=vVjp=+3#`TjSDQ$Z1n2i!-VwjB6m-xLkBOfNUI9Al>Oa3hjvs-XveSG<-F=bP@c0vkx6y z+2E;!yvk+dVw*ik$dPyUyxIDU@&ceWH!r~GSFJ0_-!uEid+;M%d3>zFmluG|rQDa^ zwyRvaaoZY~enL)bo1jTFI-n0P8@3WPCI9vITnC=FtoB-R7%(^O{~i zXKap~nkag4^Fn$9F1_r{LoYQhy@Z@LMP7n~Kk^US{B+^w1<>y?-sz(kH!q<1GH0yq zPMflewT{+e@&filF9(W~G3X_BkQRE09ioL^VmxQQ$NRB>pI)4P{qzzz1HJU>KJ;Sd zFNd63IioN+6qD21M(fz}*GRx8i#g6(hIsmygw48@59=;mWTsdAzci z{otw8Ea|=&*A2ZjjS4?ZeH$-+t@zOYC;D-9DS38jx>AiR#dV@9`1xetN1?44^dwu& z>~Z5=+4XV!SbHY1EcB#wQ7!VX8rddY8gq1Mixs>+T%Dy$|8P*cbd*b*Zd>EhXvk@e zOk0G^l1y7nE1A|vE1A|zJCiwCPP>bC1vI)68eQel=qO~`RX!T&FVkA~K%+I8`-)OK z^3Z6rn-|#bw5d9eW-f+b{j})HH2OWpJAE|j$~5~@XUsJ&jqdZwv|Z3>yDQW7xH4_8 zE7N$+&?xUGLYMXH*H5D#V_XBtv=6#8n$Of$YBy-e}LX4&@3xlT^P60Ui2v6=I@*ICvbHhskDOSuW1tcfay zGZp_+*A@Rl&(6|4>F8%nz7_Txf3Mu<_|qod#XCjAidQ6-<9`y%B5$C@f6h+rD_`5M z9G>C_tN#kmjC5>9;#*vsc$;EBMVt0$Jr)?}0^_l^s&L${cKNKt@R|QnEC2j(?f9+E{Jg07 zSzz)dpK7YcXVab%;a;{6xZ3etDxDwp5$LiVT!pls$hEbDTFX0jb$EBFV{0q!ulfXG zav@Fqqs0t`CqY}7PVZG8DNey!yJ+Y5M4RA=$d#-D{h0 z>BCYTr^lKk8|vKSH!KfOQ`2 zPTKkCj|J$Dg`WPn68$l%pPa=e#%FbG91D1Ro86qob~k6cEsy@l$}vuj^W^z3XFzU8*=|iD0sW^Ri30Udl5|F1GGSoJ4lC!V9DL)=0j!fp_NzlWz#_;lN!1+- zg`lAt*QdnZYh&$Bvgl6jIrs7$u?4jztn0o!NATmzbL5$$zhDi`8y9`Wxt7jzWXzp> zD>0AXe7;F8g={#Jf7!_1Q|Mr+@UV75Up~h?H^&XRY|m$&LcScgHI|9Nu$E`w@UP`< z{3UQ8tI~3I4fV9#zO|M&xRSLz-jA0TDNk^3B2c<_5c2BzQxAXJUCT3lnwS)DN~RA! z!djl>pWvrIjUiE93vbh+v)3{Aoxs;wMy?TXcL8%ZFn9AELkIX_u|vXNF!>N?PkXo; zL_TVna#728wv2c9Mt3(xD;^=aYT^*s=1oTT)`WKt&XleH^?S)yH?C>BZH+5qLr!aC>jY${Wa}ha$=1oV zlC5>L)4|6y+8wmhk*zb3tusB@dIhre%6>A)FIzW0hitXoeF!zKY+ad0wz~PLz0Gc( z>L^dvAzRz~%h2QWdyIGb$<{VEZfm=7+YLV1+KOyl?aJ0Qu54{{Wh>7a*~SwjNcdqC@}m-dui?96SYH{- zn#MSIY&`236IhR$WRYiBL~XYsYP%Ip)OySNu0QuY#dS${{UuOl)?YT>qx{4n8S5{x zapazjFG|LVl`D_BtB$|704sBIcn+}521fKs=S*NmPREfW(XqrL$FT0wu3U)AH*VA3 zfO%H(Kh%bFA32ZQu#pYs{2gR|=WJ~DIp{rjXY#YD)@p2i)r?I0&O7<$E@YH!AJ2Dg zR}D*N&Eo?2v()6b7HwKfEPF~;p4&R!tA2D`c>5n%ljU1B-+DCHdE^0V^8n93-p!h9 zJJ0O_#=XI;JhvfEY`>ndfd6ZyuaQkb<(@1;$0|35d}t^3P~^lO>VwG`*F9bPDQdL@ zB-6My?m)6NepIn|YkLA6*#x~QM}7%37X|;1@^>5>NbTcCeGb8|yl=n$Q~s0klbe0| zPjL%R?vlmVKhV6$#)P?qV~6h4DwGIXO_Dn~uG) z3VbeL49tZ+4t#1IRCdcE{0GhwE(Q+)a3UHN4aZmUjRo}IO5ecI4Ge$nLci6~&qBT> zT4KCjeYxL3Q;Ib!pWoz2O?GtK*U4q^f6M#+!_?)K{1+_a z3Feg`qm2Yw45AUua3iJ=5tFh`2px9BS(XIGO;@PHgmOtu`g$?n6K^`taUP9 z{c?VovlYzK5$36fc``Yi$UWHrS2**uRk7k|h;Pn!@HClmn(;8sINvBCcV{Z&U51~> zKAoqZ$Ip{pO}-UtFtp_ET#Jux#;y5b+{Mb<;hx3+M{&4${2tpcl^=Ff zP<<9}ip)UQHV>Tp5u3rhD)u%(@~_zBeymqKh;a|3Go}&?_UGA7{j@KSrj>W;H$FX> z{D+_R&2i9IZ{UUj=2-KqdG?+U7dFS4^#=0H@w?7qj-|IF;8S_*8RsSJL@v{R0zHnM zz18~6u<$zB**-mf`O9b2;~moD&$2&AIIx*3^mzY$Dw4g-=QrPXW<9Q)JO}qB4(=NV z#(kXcE(7<8N#q(r-?I6%zvfK1k1ocBgvO*775j-yV?GuSY+uHwx!;=XeCw6dsaanx z;9Hx(m$5C&kUizlMTM2Lha(?H^373JGFR@-Q#FO>?tIZ-uidRD{H;J{J>iz&)LRW$ zPc;==+XqLi@bQ`=ayqO{eLlwEo+ntBiHt#BjD`QlfzR>KKRl(m?PSbdb-`pCykL0M zt;@UbCr(Ye2xF5CyxfKR&+y;H#lht3q2lnG;){D~Po-wPUSowv6kEwd+_U)S)Q52D zAKz6XcrQ!W=M}siCFnVLD28okbeZ4|Wy5`e12^y<0p1?qwSiZ)o)W;@3C_BpOXUU~ zMxI2e?;Z=3Z~Cb>j^<)xKmMC<9BCXeo|##A*zb+2%^6owZ{N6n=Z;Hb(?5+b6}qKo zBQp2Ripq?!Z7s5%S_@A`u$i6tvxcsFMZ_`my!tnXgxezzysK z2zB1fbJ+XlIoi4SgiHD9xhQk+3!YnB zg=?#j?`=itdJYYTPC2~n^1z>VX7chsyJP*iM*}X+N0WUt@C)A@c=SHR@bcwp{2SRL zUIvyJ`urKmAkD!5GN_xeAI_FR@Nk#mVfMLD8~6Jj4+k6`{*e!UKM&vM!&$5%n0(nA zPmL>^d^~(0$9T?$e^>Zm5WUp7-+rt4_p@2wz0Upax$y5@hIae&uXtBHEIV=?e3;F@ z$2R!*(#OBzUGcETmz_M9=1U*{ig(4sdal98mw)8>Gx6o&>OQ{ITA-NHqsMOns!Pcx@gRL*DtFUGf=biYB$<@0gTz#+h z8r~LOvh96n=f%{O4XlWbLFQo}00Xs%Mi?LeK64JXYAu#*s*SwaI+eY7 zCO$S6p3drbF8waO4u5QIxv5j@^&J{oyh8mxV*0u%?DhXP`il>-o|24~+;iru$c#C= z@4M++eWc+*Mtc2>qMs7Z5Gw((>184M2<*L-$&inP)TrN33SV~`9)k?1I;!lheB)W(0#QP z_<0rkoE;u$%4!{sDB}Ie)FzIMT=TDb&ioAzcz=8Ra@fd&Q5pPVcmU_B8Dq0M7N6a;L}MvK#zGs?zrvVjS1ln{Q;nR{I-7?p-3KntH*?_fkI%7huSt&& z`9K`X$TZd}ZVONOnIj+Ixvi324or?Mr+NJ(ut*U#~Z`Z z)mHfL-9G(uPX8@du+r&2%T|nq=wlu~zBk1;_E;#$b@;^h{cl~6DZgXbZ8o-299tg zOkHN`I=OYQk+Ux%&n#*hdu!DhIBa)t7{jKV!uOQx%U;Wg?6s5*aptAh3YTTgOOxVm z@U~y>rW&oU`rmourw)F+xy<#B)=^`8FO~JZo&w(W=qlUK7A_7|_R*niLFw!GNOaDq zVDbkpU5fVf&!Z2A-umo^)C}Kvpp6$?m@>!FM{m#aP0?EvSt*;LnK^0%?lijDlM&ys&u)!b|Pcq6y`^Wc3chduDTYY(h-?Ezq!g{(Q9$vd})7cv&{ ze53|=tWW(ghMZFz?zqMX4LLgZI^>$M4Ge$1=P#};KrBORW!Zgxl6SEMT0C2z<{rkc znyr1dK+6>98-6nV-K735z!m@}3Fy~POWA!-^WepPdvO35FQv}`>;j+sxIKK^S;G6~ zp9i!HGWs4R7@0ed_PsH`N*{&V1y?@M-!8Z`$F*TOu9b7mwF_GOcER=FM0SDEW5|u5 zY5)%AjMOZDi-A34&+vi!PS*Q7s17h0F|>$|hn=WAty3@!?< zL!Z|$HpkY^(B~bw^!X1u3fJe~)tCm-=ioJ4pZnqRk8faoetY;HVpHN7k5{tw`KN)! z)91&V-Sfb&QN7u$^T5}jC)?1g8<10*tz_pGY$Eh)Ds{oeM_BKTE51_4^~si5=eMz$ zwB{c}9%jp(8-Xc?JgmciHT%_!kHlIku}5z|*xE~oJrR$56rH>b`6j=)0sS4XbMiOU zvL-fh{V?nH=3&@m(w(fw{LJL9$!4Q3#WQ&h-Mw|0b*;1ag75wTdDcWMDb+Zn&z_sk zJ2Q;E)?z(+L3o|)wYuW84H_pWacTdx_^s7{y*>QvUlYS0$G6b;&nbrAR2^O)X!?!T zqq`I%Z{|$n$w3O}u%!!_0LrF_vuz`8xb zz4hD^yn`6$3yiZ9coV?ep!J9EUmLD1%Y^sGz*`7RUmO6Y)##nYZ9~Fy1Hsc(z=VvQ zWv&Iv%{A#&;G1FPwcdS& zvq!=fJvsLOy#vtG-xWwtfdS^mvqzOz>F~TmXZh?q|2m4~?)_Ky$*62wPw`W4|MP#b zh9mjw*-!oa0gN^Bf@CYT7@ZKZ!gn!Gl1ZK(mk)+~!Y;1L>kp_8!SxB9wt7W=3!)|WM&2r+kJ6_vVD1U3UWz0 zASORKP&AQq&HCmyP!vA?pPBR9WMtz+XKvH)IyGWEI&t)}(=X>eO^gKQ{V==Vg9Y`A z?~&*Iy#>6Vk3NO_U03C&$tIs|;HSqMv;0%eMR3NJMU#)Zuw~4Z>zC@=Yx%a~!RlN8 zJpX7JbGs}!DLWpM94H0T?gCHkz_#hd5U+;r)!vHY8{>K4*kc>VrK1+E2Oy2{VqWb_V+_+`=ao=EFa`a@(Vw! zd6rG+#yfsTpOwnrtRXg8j_j*I4-V%C-N!~b_P1hBo*wupd;p(xSXJ+m|IzXm`yVa& z{13(Su4F9h7)LcU?ejl6tiQgkUmS5EWB21d@s(oyluUTOSRgz%p94IiDdS&&d*fe#f8$?31849rpdI2x_!sy6*!UM6 zx%`Vc{(F7?MN2OK;++G~%XJ0POV4}q(~D;}o~wWH{ww=rkf&F?ShC;0c%uOSLb__L z>UTHYMn0_-zLj~Be)Ibm=qqCD)p`93Pv2edhfC`X!|~U%{EL^U**%bd@eO1~_L{?; z7h1R9U!K#yFmj`XJlq`qMW5V&w>M*BGz{+ZFXlbu@~Z1^w0+j$)g1nY!yB%@k-@7z zf1_t_9vzbQ8Pfhn-+be5{BB3)d>h*Uo7nGDWcfcC@MQ3+51u_|glAwMCWS4VrVHTQ zTmYPA?F9cN``sTD@a{mqOUo7c>HQ&>zLbA9B!|C}%A)VDy0B!-v(H!gGT+M1FY{oN z?w0?O*I#GOZ1iR-RkYEw1JR$*=(UEo-sOIKt^D;!S#Eyv*^eL0F>a5aG+rmyvTr>( zg5Hjzzhmfe#Slx#IWsxl#C5g*pvjv2GPRC4-<9=Pd>-NgX3vqMIP-(FN*8~j{U%W0JslgdmO?Zv9Uk8 zut|EXwb+R#MHhJX3}dYegkSz& z~kx3!qsP*`s4aD*6nT{Q!_I~21an?ld zV@d_79pl;eMeIpX4L9|rcO09>J?Dn+FZ%;F4K+*bd8~7>J}w(1c~o3=7wZq>6l_@ze1oHgJ8ji8~#$I!1)6hhQUd_PSl> z>_L0z=lS$N|M`kA@2YodnHZ@v=ePEsAJ)1u=iJ#p#oi6!O!Nx;+XB`s`d~|v+Nle|T`5=CypJ}GH!(XbM-r=Y_mSWe7m-h-HRdkxt{UoxCsB)>8tU)=t7->1^(-{zHAcqy za!*{|@^pnKBjY2Phf&C?N@P|IctK|VX=HwV=GkxCT-(i)pOW`4v0mWM7xD6FlrJN_ z6C}TtnA+B54evHFwOZErB{L*b0?0T=7nGR#*v7ta^`7j}f&R`Olg6+)#~8f)8c#pI zl(jw@fiC>|=>hz{^$iukTG~?ttR4?~wx?qQIl4zVL{s3=DUy%OrOjMEqx_-wjer&x zXXHG6^QC+|m|u@A$}yhoe9o7QebHav7Lz-wxeX$Fu*a#>;?#nAfLb2w8v@}@a!NGE zbAh+|mW#vhWFMq|Y~K88UO(iA!_}iEJ|8GG`tzZiwLiBkQ-5|buRZYHQRd|YJa`hC z>xJf0&>Z{hyV>WTLN26I!#0*&O5P36buHvRycCB|^-f{|`mO`^Vs)d*{RP?f-RvI&kPs%iDuEk7toj zw;;!YC&vV z%O%=JOzhwh_EyEvRW^Fv>_1vNBK%%|>>yAQj?NDzADo0QnCCnBu4`_kmu<#x?*eY- zAl?q1n1{q3%j~_jw{U$M*LDa`=()xbT5sEG{9*P}{cyYShuNFRdfRHoy@sFi*y~Ee zt^Rv$T;G81SKM>z6;AF&J37r>Z`=N2=J_G{=HrtE&d2Bh=A)l)?BXNeJar=HUue>P zD&<0RCdGK>qaOW$+>1cp>yQ_+`yN$ZIJDjdUTtVw&;A#7SHm#Q30SH5yJVy6jTJ?>Jjgj%etSFt_R&#bJ;C=yp9^>vy6piMo$z7<`dsG#Otp$um~pM(K71gZzEtCy4Sxfp z1B>>LmTr20amnWL#w2|%J5PIt5AojP=s=B2`H4%dL3`)%>k5?ZeE~iH!l~uoevJI$ zF5dC_bZRqm-X1oF&MDcgG0qem^r5jXr`1?jz)RziRp3Bt+PnDH&9A0r-G>Zj4>$XS zN;bV*>6|U~TiQy+{L6s9oH?!lXTy1aBz=wQ)Ae3W>?7m2k8JSE^K^*2KL zd+0{d$hTNeyfHdFd}EQR%dq`0bE5qL)6qSLL+l-dPri*^BO1~5E4l9POa4i84K%ir zZ^D=ISrW))>HtlQ!iO>V&|V#+<_7!-Z>r{z&avu--W?mG)X9;7Kb?K2L)ed4v?(zj z+<>EM;HoNh>Y7xcvn#1-(gbfFh8J$++#k_lebErJzcsQY$awkY4!*gQZ|zwPp=bT|cYxDIw4(C4S-1qnUy}r*6*9F`;^ow8>Y`x&y2fq8zkq&0Xu=zYFc4=qD zlAmSg79X8Q6rzx&K&?%H7BO!+6PWs8p4y7R5l5hoGrS0rz}XP^Ur{J`eKTawbP(#_0A zk`pS2w(@Dqx1D+ZU`IcA7`|Zr#TVcHZ)SI)Yo0HN1;rN^!xzQ$qx9f6CKlI&+K-_i ze>Puq(@DeUizH`*gXDPzkK6jDLHsP_BMtv$;Js`Y^0Eb*HdQqogoX!*)A_fjgY4|1 zfkwP5C#wmr7n&a&44! z$`bC|7_es5CN}R!hiY!B2l?nh$4HLS@VMki{?Qr0l0%lx1fE{jeT#`@_^o(Yybgb# zt~}x*D>Ekl25+k_HCH~eyAHotelO&fQt;?n_-ZY)Ky|I~{M|hBUS5l#9en?FeFk1e z_8#E+L%c5MGh{&gnEz}C*Sql(RF@jdx#=zJwGrl9(luYa=f~Wa7C=9fGXRc!&H%V{AGc5BH0Iy5Po&QN`4ahpQu{={M1PC+MC}dNPG>?+ zDXZT9?cX9B_%!kzlz**94qHC_R^p_@J@v=G+HoCyk}g&h&!zdi?$AleFF*E5$0G2T z{&Fxs^pQ}eYoPNO=s%7%oB)4M;x97w*o5LT^;USt#p7GeeC5#joDB5IvexpCb4}$9 zI#VfAZ*nZe5;h0f_TVcW^2vIp@LkqESFd^Ms{PBc72+kqDqht7ZJjd|gN#c4H@{IG z*z~fXKXTkNHO+okKBxQM$9_h8g znX%{7O@G^)@-sXy43;(Q>%d>R71_K6yM^vh?3rE-jn{x{8+5r*bg67eT?>q>fpJZO z>)>@`V&MKDxUG^sQr4Pyv1(f_a`W)S=(-Xw?y39OX~`2=SJ{_z3vr2Z0gu$PM-Tr- zC#P3HZzJO;Cp8b9LKf3mddl9aJl9Fd8Q(K8!=5_ya|W4fBsQ+od?x%^2Y)VAzd89V z?Fl)rR`XxjJ`)pEZhIg6X<`H3r;Wew`Wh>&y4jZyDy|nKBaSxyEPX*y2i&pZInJOt0| zfJeHKlgA_{)eQ%+vj@7+(d3CH-;j9uf*XRDwg38e*ykhLMGZstWDB&#MrH6*n~@o3 z!gt)TcnH3niJdmJ3VXim;_stt9zZ7f zj9#+)6pQ5RBiMvHk&85crK2w3--Bz$lP|$%NABf^rIB&+TgaMn+m*?M(ESQ;j<`OY zQFgOK)C0C_cF4ph(3tUS?7jp>}#@FvBT|f&-?|? zjN^94Ft}~znIm0;XD%PQ22XKKKG}49GFLxPt||rJXYtA8Gi9*}S|80yYrT}S*EuNb zOihd2!_%z8UK_{UQ61c`IrTfpQ)tf(0^y1z}M2%CaJS3s6$ zk409D?}Hu5E=Ff_Kjln%u@CaU6vKRr^AJ;4o%M2VV%7Rh?4?HSWRI(z+=Q*!h^^^j z4>kFmo3J-#A1-{L@6iLYsoC0}@AB{L1*%yR%i(A3pnm%8-w#qpvAH_YK(pG~E2L-k z$ob}~BjlTN!!^{*g7#na`6ez$OIa_)6uG908g9UE-A$ip?=t-3aDM&KvCLbqfUcTN zo_d;{U$0kuX6t{`f5JIoz~}pJ@8h1bpQY@KudhFJ{NeTW*Sy+LL0{Yc{pH80MpW3( zsCOm44Z76u1iYcSi!8F;15WHm+rUgHdoR2v`8;b=hcDOD$^IzVsspS|L3S&R?yi*H z^!AA{d&%(Ko`_wu-_`xn*vBk7Bee`3P)rWLN~cKQw^mRaXliQcX=`lQ5LB#K8|wF6 z@+aZR9{5l`rg&x}{9VDG57|l39sT-d;Lu;Yj`&E}=M?n!-^V{c-23?NHJ7_NVfng8 zax=-+5^g{)`|wlKz@|RWO~9=_ik`{AKm|F-H2ZdB#|P_Gb5pKav7hiw>Ffsl3CV); zPvE@&*X&J|F}_F?mphP~DI?^UC&nM1Up_lRe`h1TivB(Z;w}AGif_&Ly?qYsw{3rn z%bz__J2Zc$e3|lQejW{-NS;vksYWY){)TzbUc8k??c8^8<@dZB8L3s@ zab!OUYb%MPW3!|7x_C~n9QuDV{)K3_gB(OF@<%OhVvhHkn-eV?Ls}}Az6LqC4)`&vn#B*Fn!apl3Ryr^!9>8zak27A|67)@Ek1j(Txj z=PAjTKlDn6VvI+PeCqsBdJpOY^cnL>*v>7;-ctH;96s7-^jqN55ByWeS#^TXN5N+w z?@f-HzdnEH+;qbq$aWw0S$UJ*Y2b~Gwy>NJZ;aY@zVJd1^awZL>79mdz~1RO`$FE) zx+te`3ANx$?ypN;QkG~qW_f{s_Q5~9OrKVbi5&&A?C&Pv6}?p(7yYNl=x=H&z$Jd} z4dLCy8l=%fDQsyJ*6MBJ1S>kN*TFU0!ll@~7hn02pnQEkXG&~7S+*OzvRW75mtUb? zsVwkj!P)3BaFZTWp5xQ#nD{z{NwyNPSUv6N0x%yQef(mJgl+xObIQ}gk=$tQq= zWH<}|$&bi&(}Oq|paX1O>Q2pGRk= zEBR`D@Kf0t={T29Sq^{r{TLZ|MD+AyIsDxNLF<|1ScByG-^s^v>^Csl#&X?(wO=*J z&KU3*$2}(Sf({=nLI?H#IoieHd87IPff;$DcHI^vkM&{RdEBsd7{Po-5txhi1Gd@x z?h|JzzKrz)J_{|LgBH(2hb(K_$C~bkPhZ5B`7Q66nKt>6h4ypRntEA##UJ{OLjj+P}ZVNW4{@&6mH937ln zPESN|wsQ1U$;;`>ln=L*xfb$1-1qIt)5-f>hcBK(AEVQBuFpj2u`KvJO&^Ks5h-9% zkCdJ%8}f+hp?GI<89jBi>?x)Fd=+n8sd$pV<=jItEYICz`Us$j;?fqLn?e`r`%C%W zfh_$2_0^HH)iPXj@Xn-%;}*eV^o^}g$SzqQt=jNB^MnJ+Wo4G}7dmHFux>3C4aD{E z->Hh1lAnT}&L*n%-b{@m*f}T6gOt8cMtQE-y*@gEd&TMX*N@VB2w$aVz*oR(dJo|R z#}}QfX{7fM8dzVE|@o>z{N zKKBE`U!0L_G<)+F>R@j_%rms6Db_PxWG!F0>+oxtf`>i{@APd*3@pQj@9Uy>tqhwA z&*}VwKKbAE!9ZnIVxVd?_0D6-GeW~-PD|w1M6#-0!iVV%O3wkF`NR#5pRv!XUC4&L z<0x9-2dI` z#e@!N=pdfX#`y62BcVeLzaPWz$MO3K@ZKc!+hp|I6lehc(zQQ2wuGIOou48);m2Vw zoxK`K|KOF#*SgO4{?YpfZ!ZG-QS=Y8m(2L1?jP(_J?S?3ohG0wvdUT582+<6O2|=D z@w}_nVp$PkgC-8D0kXYDH8KX{=JM;P~+{=v3tQ~!8E z{ex|zBK-_0&V@>IK9tU*&en6z2j_O=IKQKpb3ghx_hTRDez^X@b@UG^H>(`2zTXFb z=lclxZ4RE#_YookvHn5pS2R^8f4?o#KUlEC%aEba4mTf@?;mWB^bfAEwz7x6>L2_# zF<%q=4>;TNWqK1$4M+FF=4JVwvwMm`q>r~eMei5(kKV!ULGboudL`doMeP(_n4)(u zy$~GFLC&sq_O2Rx=g#x6XNkJ!WwO;~|Ef=6?^12(fg8EkdY5M!Wo+GH`U%ZmC|}uG z=qFr9eP~_fwB#A_e!`Z-z-4bQ(ofiCpHu4j`F=uZlHGwmfi6AW=oDy^dn_o~PneSb zs`wxJO97K_7fUj30&`%KOOg z$oH5yIb4%Y0n7g-f zT>I2Z$nSfW4DBV<8D#FB8T6<62z3To-%seXxAE8>?JT-SZpuh2Za~U?g?=-vcDMHh$KE-xZFR3l8ofTyNyBa9tk^T%|Y-_=@QQ*H8E`y=l96m5hfc7wmn$ z<~bAGu{TeSIlS%9*F0xJCogC0`~llfI5d_X94Ea^KOr?&=XJInac3_FX#=Zke%V*o7fAi z4;imHmfSe9uQ;w}8u0=8Njadb?u!k}@jh1{4BSwQEkkFRemV62PGXnrWBktVmwPgd zQ`tv4&1a@xj%x|Nt61SX(3-xScE4Y)S^aYVfF9~D#0lC1uJvj#i<2|du)LX5JE87ShseKU|HY`{3J;X-hP#u@0VUVFvesvY;b{AY!Y+oZ$l zOs=!W?uiCHm6uGjz8TiGSRYv*cxrx0``J%neo1{~J;0*ea}HQ~S0oG^h3AL$lkk}l zIYut-J|?PfnnK@_bePG99c;4u-`#YA^8L~M?^3q_>#f1SdGzON-D zM(#kz>s*!;xTe8b`S|RT#)f^sPF@myHq*>kDjr<09b2);_6NvDt5zsjG_O`ys-F(o z${@EoDEa0+BEcj&os_6p$@8g{hjcB?__#=c~)+c{1c&u_5zxjhTb$)l&x*=h8(dfGF{PVRQzBP;4{ z-$y@QUl(?MgK9a!ZBxmC%3iuUy{TKHH&U`Wm(lyCJ(|4w`%Mo;&yKp{q#?a{+v`4j zR`MKp!s+{ubFaG5?Y|?By~orNvgOHXz>vP(`00D*lCLp21LRQs4eCQxKZwrd?e7}W zf7c%Azw5yMe=qF6bMVvv&lsLP4tQAah@S+H@2j`I(%D6LAmS^*&-?0!@3(XN6Nt~m zJNnQ0r#HpwE0P=4`7+Z)qq41O;LA*4tsGtOP1ARJzA1FEd>j&PwMXk^ zVkKz%!fy5+97BH{c1He_Pur0`v&^lVI};O{xcfiD{VUl!IEUZVgB*|ap1(TK~wQj*CLtHzSAgZNJMshvXJKeJ;KCU`=Vg zw>!)k*!b4=&tGi%=O-5YA9R*#J(-oPDfUyg^AprPcT=O&xe;semy8ZX7j+?DS=Rjy zDo(t*zLo)irGs?FQyh*s zoRRn~w&w31X3eih&-lMxTBIjz$mg*hFvBlR6Yc!u9L0ktM*Y91%LmeX%Lg*gmg}71 zy=(YA>wQ^EWpHkMT~oKp)}M-fJdM|zx2~xT4vy8DW{*$yWKW3XN_uqdMURfy!c2Wl z@;+v16ek_X)?f=qNBQ7Z*}|GUAFQR$uGl<~oJD%4PBi>bE59?c@1?z-;vVnSIuC|E zdPSr4(UA}1qocRodgs@9Rbt@y-TVe!i?0~555`Ad7W2`0{|ovnjE~N5!IPosDZC~Z=-S0T4qeAb>8fkb#^~Boo%|co6}cY? zU1va76U#uSm-zP(I<rti(p zK%6%0l5v%KEO4bY(r zd~U~HfnO)QmxBj0>scr0JQMl~hFpjIuHZiP_`=JVsjt_;guX{-Ln~m)_ZI?F+JnjU z7k*eg4jeA;V0!t0X7m9Yqdh^tL+Twh+51x(i3(>0Pa75?iqjFR%_eU)JyuFfX8Hyn;T%6=jKr z1Dmro z{+Va&s!INiV&lallz;YQ`4Du-%id!60X&qG-NXKkmB6JQn03TQvT-Iy09~|qm-Z`5 z@!d4vJr=&c692~Z&}?BX@8WeMpFxXi|FgTfelIXfUmrRxxetL-VAKJeHSj3OLx7&Q!CS*kUOVylwInivxeRr{D7w}!y z#^k|PfGcaK-pSs!p}m$nk!AH&WyPcV9_vN?$&5UIS$phaQn7^mnfL7d_@JJ<9v{9B1u~_-_LGCN3){AS>}} z4RyEY$d?`FfItc&se&Ho*)$@%g~X<_Rn_tgRSJE zUmI7L&(m6&b3w-1Gb(qE4$r7Op0lvXGby)V;wScjN6zSv{JeCv7f!6ld$P zyV9xbd;BlmcJKGx6y$gE(BJ-l{FZomWN{1kyP5mlF_ySxGIBn}#Vxk37KdxgFmQdA z`#i##mX3Bd{waQ+uZH(=akj&48TY7+pJ&-t{2uF$5YJ1w_qzCbmL=}}sS@zb5spLh z02aP^$g^tnE)Vd@ONPc^%ZgmPqR6$sE^_U|T+?}m#A@43tcLHdGcJkM+Vip640Mn7 zbv~=i_CM4Y&Zel{b*SUH5HDnhoZif26ZbSSQ$KVc`AaL2nR?Fd8-pGhhhCV#zIMo> zlNZPDcE7d4`GjeBQu7Cjxvtc{aDn>CEBBWXLtR1NjP{bGcX2P*R;1Bq$}e@I|MIa! zTbMU9{tSLa^Q#?Gf+^zWL8%afkcd z(c@xMPma>Vozc|^z8U-~V;_7!-^2O5kH2d7X$!C6`)`l<{_eXWe$sEbio#lH-v+@X zc$MdL`b+PfyeY@$t`C8~#C&n7^E8`P|E!#lTuTnS3I4MAox=Y2I~CIuIZyKk_m}8* z3uV&jW8wE5;a7vbg%?R&8vNYn)Rs9dObd2rg3-;}gJ5% zdgiA*{4*^H?v0-DWKnCF$8W6cPvJar^#RBSkS~#2OrC^Z;P_tGpP=u19kxh4>^b1i zqFXY^Z_3O%pOE|ydPh^|7<|af&P@JP?>TQ~@nxKs;;$`17s#J#8NcD{*{-sNx%|yw zV_8Q_>n`RdI>S5~c3g3%p)-2OtYvt=L4G?J``wEp_+3V|lp?=Pjo`PAXHAU*{_tx7 zFO?T~-053a3%H53cI!Jj#&7g?G-$u+JpS<74?|cYcz0X9DSr9|&x-Fi&3E?%oyQnj zJAOLYZR?L0$Lo*qMl<%#uQ{fu4+pI}L(tX&uK6xJf*lyH=IDOY$R0(m=6DP>gpt%7 z-EY(QEWc#$W6>(~FZUd-=D3-Dn^HAL(I*+M#STx#ME`@`HXqr~IXCx8jm|;(YZJsPE6z2B4vA zW){0@Y6Gg};HPVkyH>?4$ZJ~i3LR8WHL*@Bdnh4m9neK`25ko_kkb}o`zwj<*CD5p z!!p$Yz_GlRxR>`!pvy0LKe(oveF|!}4mNRL?vp|Gcbc9|_R~Q>pHbj1lb14b)g9(8 zYq%%2#_%|_d~b}ezZ=rj(6hqUvqtOu!is1;D}5LDxH}lg-iw?(fL?ltIA%vMP=7po ziE>@_t={=uhxYnz53ox2{uBKk!a34k)MROu(B9gtK?^!CG6w_Q;hl-1KlEwnVQUOjdP=HTTGO`Odv1dLb_z(g&g?z&f&M}GXm!n^8B#oN3csN?rZL&KD^n`QnnNs-LwMQ7McklF)#DM1041Dm>(lTmI*sK=Sq0rl^Lp8JhwSJuinU(K4alakN8!g^b|G}U2smYz)gz~Ti1x!#4B7~t z>-fyr9r(Uea{9he$wr;QT3?7cyYDF>r`QnTm8(aG!y{%L$d78D5J#_`P;RPtP9wCM z$20x-+WFDeKezW2Y$?`4K0z&fdpdf1ZtE#Y^=`;crW8xPbWGU4Q-JfI4+CeMzBiSi zuRCvItM)HyiuU8C+LTwc^LdK7bM@r*L@aI(vY1+9QAO8TPRef2QYfeRWvJ;PbC3 zPmBIB*H^&f=rrZtOVu$nN1I*6D_X}eaD4%IrYbj&F3w>;^K}gFpIL#v;ofQRxTsLa zfR{_xG0vce$kZ{e)$@kdF@E?j)=nlApHauy_#t|Vc~&btn7I}m3%;|E3$3GB%Nwc7 z@L4Zw8ri#m_il|F1wZSXGwU1fUBH^F2g}m`d}bKz-UW?XYt}AbTVOrs#rH1I`m(k; zt!uuvV0(A->lyA{@Wh3$bo2pthT4LwE2L)!rUoSanOzyscZp5I=B)K<3Vq|yXV@b2S%AH1vUeef^-aPkFk+YfF_*z4dr^h6)HX|Gp@Te@P5*>@|ey*jBe zj1rEs^=v&C8wifNUq5*7XH8y^-=y^g?q8o89Qg80Z%cl;Eb+NdE}!<2shHc%+v3xKwZZ`DWlhhwp|mnOX*{z}|~YN;czr8}z_)CFL@dCF9pak1X`~7Jc@L zujDVaus^13gLo~=nsl)yf_;s@PXq5AuT4cK6vHLeVsTM#d|_Rxw`~?KGd)~dEH1)B z_{4Gf-Y~dmpGH$VVC_up;MaqfornF2^W;=`GJb7Jk!z=LO?XQO%a=HN5ZzRR-SuWm z0{(OH@pKa(7v?$gGbPw&d|`3~@`Z!sOW(-nc{l^r`M}nW#P$8L;WN`?pvySq(zB;e z#GaRhUwV)&<$p|k-%T%`_uQX_&vo`IoEvEmg0n(Dya){5y+nil*DMVjJjw@|TtRoD zLA6>(kAvNI{_-a6chDW3zf}Lb_(A6ssn1(9Zn+fy%FTu>Q4Cv?>}hfHhm|IVRc}L& zbf)83{FV=}_mupE6rY`fJ?QDfKb-`R?hpMUXmTCAto}9QL(jm6mcE$}47!heT;!(@ zo_D_TM)oXFj3-*Q)#3x7i_HuPew1V(i|j>Wy!l}~{0C-8_{_{FaIKc_x;d?UT@U$E z-`u2c($|jdGjkN7(>rZD3; z4LD9emEL1;=m7`W4{zqAy>9Hx^qVf=#d@s#d}o$jj#P(&|@xgH&^?=dh`$-^i1t9 z{9fqsIP@_60c$vS34ZOvzQ`v$PC5a(PRpKPj}@aSF3X`aY|hBe52vyHb;dUd_pHXB z>s@%5J*(kw&1q=n$n9Azy_{VQ?*m7!4cp1H?6bpuy6$jZxd#3pW9`X5y;{(v@$-)k zw%K`t(V8!6i_Q~#>$Sm-N}cxttXavl=)<~X)|53UR?5#5wb_3A^a_h(4w}iwRj*~1 zwN&1x89tD{lCGMAL%xDr1%aBwfdOcy3R6^x{9mS4*dBo{xN@^vP;o@JJeceUCnKI(ZG(+juSEvnI~d^gp|i z>+6Ysq?0vI)D@j4>Uj{|fE}18zZ;#r#?2F^N4bxn2fqsfJ1c&pz1()vQ z=80<9vtuOlL}RP*_gLp%*3rxpu@=SViL&^sZl36ZR}OVt5!;`8qx9CLvyyi(>$C#= z6$3h$_s%W&Mvk8|hYI|>5FU{)p#N;X)#k6aGF$!HxS{>D>Z6svrfWVqW=*epck*+gX5*Vbi@V@pneF#s8fiqv3`t<_?fE|xbb-%n_s8hF?N6dcc^}KY_#8e3;WyL#cKt8 zJ4g(;j5WEJeQq8o8#q>Tboc{9coCiH&JI=o;hNg8@4Rai{n2B?+_jCvdUS0IGB5cK z`B!_Pov8JgV`H~$K6VRduz058H}{(?b$l1MeVesW+%{GD?ETm~+5QW{zCPqe@ta~d z_gnb@YqTEqCFC1>r&@&klycPZ1SbRp2fCd9_hoJj26Egdhn?&lOf>Y7yWYaw++a92H%MR8M$OGF!@nDdnx0p62Cd!g~useHO0ONT2!6aNRP4kovCa!CV;(JW3B{FY=Y|!CVEeDK<}qJ(w*vR#tqz<6jSTd_II3AHH2Rmkjqb zd5RkN)%iG{4gar!;x@dwNdEI+w~beqPf)%u8n31{aQ`lB&|R$S-KO5hxmz}eOwRwZ zHgxLs$kMt*qTwR?Aep0ELCxZ_=fn9o*{Z3b-=r8`ef`qG@-tN*e4hAfm*Q4zg?hzu z$mW51aBqqBGdMl3InpNjDRh27zP{OQW91aN1#746`}pVa_bKjmhD!jnbou_1gzo{w#b>-coNweLR7ln-AEjdU(c zHd~|?&2lAR+d>?w`h;WUq zO(`FWognf(o4)V)SD_E(e%Dx{=Qi?rk)B)Qe}(gYPYg5f*TntTyuq`6dAcIg@>L#W z1|)^t7n}Ri9GvF8+;47RUBg+w_F}VsfpkZSSwG2(W-q3S$KCA3vd~Ave{j6+o~2yT ziQl)pA{)mnc;2>MFWZK^M0_;f|B7A>6Jzk(I8SG>yH0PFDdz3}xne}TCUD2^4q3bN@YJ6E}J;1+*&+i>7T6cR~ydy{rvq$H|uBNx3hk2;9zFX@Wtd;n!3p%a^ipDSw9DptH=MfcpNxf zPA~&}Q;%TQ&#h5eIO~^t&;QP>pToxBrd!(~| zTcD}*=;3Dle42k=^MUvjCZNfD7X8q!_atg8%zjgxGhWO0n zZR&p?^*Mg;&GpMW4WpCpO)|S&fwRo&)7e2q1D9RGwAmY zlE1pm>cxcgVlcM&Y{xk6F@YB_|Ihz;Fpp!6CZPMEgM0oPb-qHg>EGsTUwR+z_hD>3 z-on^ayzf9TK2-$9qUS3#+5IR-Pb2GwO;6OR3DVkR!q6OO)zhbL+__R6p){0e%bQqz=go0c3;f1z@EX?R@o zpk?@1$`$Bd`pr~x=D|5h*$mnEvmSV@gZ|0;v-ns#rzvv|zSIozQQ;XqfAI}$AD{6o zliTPfzRF$@6wVVoCo!-QcvNFozU8z0TX@J9kZ&P>%*0Ghwg*i4LpN)kkuH1)I-&zI zJD{)GyJ{NzT9tf9$O|rq1K*M(s}6bM@b^+}oV@{T&oFe+Jx?3KJ&oVv(W~}5oO!_7 ztM^$s8FS{rbF8;~foE;+MC8nag?x9me|zW6*fXm9 z_5RlpJo|+f&JJ3uvjc0)nNR93?4fT@wQJG5r-kRwghumuHhiqy!Hv-MOZ36tKuoFq zE6+X+I)`hQc`h-~!@Y8xU!*e8>v^y_w^J~Z&H0@*EwO?uf z1=<&(X8-$M);WR19{3-^d4q{nhsu_-74bPPQ|qf|UC^1WzZi41%q{dESgZtgt#^AcLsvpxQl zA?GE$WlJd;EN#ao7s1EP|K{;A_I@Zn<>rj?vTX@$M#eiY;SAyc|Gb1c)w{nvBl(}- zDt%tUz)K!)g!vFX|6rT#*V}r&`c0z!dLue7;a=&(6SvNrNPgf})&bq1vlYyl3FwMm zWa@>*)MPHFwvYZ$uZQ|X2iHv5`iF{9$u(;@ziLd`K;C|K*Ce<7Bm3{8BXxF>v!6ZE zN4Fw-$VoHw2u3r@fGnbO_e9Q2SZ{4;4}Y0wYp7zbDog*9v!Qe7u}h(!Ip=M_`19N& z%XcHTlV^YAeryACQafkJr{dg%MLheK#K2y3nf9EQ&HOm}=R)?RR(x!D5FI6(wi4MN z?i_?hbbQ^*=O*9BddViJckW7hqt@MaR`eW%HfjeqCI;SgGUp)Nn;1wx01OX>dF!^Y zuc*Xz(J!-~wSZ>X7ojQ_PAW|g=a=O79z6`5dfVugX$|ntwC^(KwVne_+NklczOn~vS>yDr!NB#{ z8TC)KVQZ8V(HXPfz`sgNq-S&{aoz-a(BP4MI?EP5NxMD%MR(Rfb-Ug*d{4G$LU8}! z4$=H1v;XO)ux>?uWY1>&x;Mc;>bY+7>RHA{ErZ6Zd6~1a>{$xe{xfmeGS*sr#BX|7 zALIY6=9xUBr<>PfdKP=j+y&3yt$$D0T5EiB&JSp+O8z8C?GBweH$lJS?c9F@uWl1J z(U%0DJjQ)@$Yz$A{hv}z!XJ4I;qcE`nE7?!nGY<+m*6{1^lgRr))@2L);LpKN>hXG^19+C;_rNbbe7+99LV36y z!1KQT!OOIFd86{}_!qV4%2U>JP-xPBt|E=C2)>1W% znpa=xsOB|=zOTdiZ1J-$#{br{(c^$&0_!`8^`6XnPl3nl;e%=L_zcz_o)}-G9w&cp zYYBfs`Gdhh&bt__*qWM*E|>xxlt(ZzRFM2}dp?iAH5ZSS_HBCpdnmlc&bzSwWx>Bu zT%AM4G)vvLAQ&)bleU!;PjG%^wk(-pzGm_biI*?9A$WO8xvgLOaBd3Wbn&Csj(CQ% zCZ`XZS5S{q4!oVuZ0O%)d*r@X1ec<;Z)$A#k?%h>*?IE*la+sn&XZ@5;p{``x*gCO zxlT#aIlav2{rmbCveyp2!~$fyAAR=1vc$m6#F8(} zwAWAJx_>Xlo9PY6z%4uzd)3ncuJk{nUmJ{{gRaQl4nJ*382hC9X$`M^=pP%y+gWVQ zfYl|?Bk*-U{H|C_GgWoKRf}BuJ;SZ&%6|0DbmU(As5vatGkiDldoQy10MC4gXYL>$ z3e9|Y`}s~kF!%Gle&Eg_gMwAIvlo2(z;_?=>|nOFpKw2MY}U?-B|lT1^$G{;!i1^+ zX5gtNY`5}d3B}#$mn&<58yjS1Il!wGU6|$hky#Gl(DlSI!R$1jne#xnmf)Js1KA4C zHR5af=Yb^T@9ca}GSgkypLQdO7&;N5WnIuG7OP8HAo_~20eBAGlrB7Zjj zchgD3=l>*U>Z4FE)tlHKKruiX{xh=(T|9FOG;OMCIGEL*)6BKOV+9>#a~h(RW)u66 z3C#+~*E|6^JV-Bq_8;$!V2hYzNo7Sr^r_&3PZxM!fSr4t)pPjy#$i z&`d7}v>?m@0k7b8G?Xq}4gFN(6daNv`F?^+_i_FCefaGo>Cd0~igG~ofro1+pRPoI ze!J_>U-VzfIYiI(VoY@4^$>r$GBnE?1upyd+q~ zi&^3)a?$2@r$gf`^z4};8sl4YPvUj+T@&wz-}^HA)uhlXX}*`?zD9=Hiu)(V)-wkw zod2x^&N*fm<--NxeA18eh?Pq#{Gdud>%YE=?-(AS)7T~-EIB$hE9pHOA zdSnB%3GGMBpp z0#4~v?N7qYSNmM@i^`Gqpsy4I^`aO0kimU-<0IUQ4>Z`=uphgjd5PbEPh?(VOJd-Y zUkm3WnnGA>L@(eR$FnD}Hj`Kzcp~Ee%?JiwXt6%vtYP?Mi2vQv*l>-(tFU zJ;pjURW}^O4x9dDa!CbSTw&~Lwu_pTYICf+;^+*1Y_oi|(8dq0;l3-m?<(%ubWuY+ zebVa5(taY^U%#%Ny)GU~n3_VT;mKLl(^{Wt`zpHV0dx_c(aU+CVijGN&dOmkIICx( z=GOJz_C&M4hWeFn<#}y9??%Jp$RTylipu1*(EW7!7u?wt-S21iih5wn*z)z#h17r8 zFXZf`iC?(h^xfgk5*hwk9}Cym*?M=+w{cH!iS}9($BG~4f#W*)$;7T{bn@bN4(&nx zE3O%Tb|!0tyc`6t1IT?ApC`U9@LV4EcL7hT1)8ASRWp&DuR!MI?>tPcaxQVFqrGz~>a6lZiaX>K6YwZ$3gAzd+rul6sKwi_tSy7A!p+ZijnjSrOcREc%zg?J1r) z(lvPH+@WjmJFfLF!KcP&bM>Mee4m2vwSTtkb9RYcpB(F?^-_-d6Rhnz5M5ku;wx_o;nz&P7&? zZ-k9ezC`y^j!ScH^3Rlm{?@+LdsA1P^>S`v)%s1G4MVMLyQ`JmM6GNiwX!bGgpp6W zskTrr`vrX!o0_TBalfDO?<_urW>a%>l;5h@|LxzaZYH^}G&J}yy2tdv&mKA7w14@? zWbm7}$;co4)O_RqM6i*iPl4DreYp zPU;JN+aI{=P{&yDljOt9F3wC|!#!m$OW7G;Uw`4h4zI7jRwRFPuqm9^H0Pg8$k*6< z(QAF{;fYYEX0C!Yv&>dEG-1D6$QeD)+SK9e^>hZwgDvIB1Mp`-M^qZ!UCCPO z3>bGF)In_80lrHf$I~bFySiT*`=}Y~6uyLdr8T1|K9s(1tq9KBS23@lziDp6oU&0X z)}r61j1E4%3mEpT!f#lK-vI9{DI2w)UWUs?(Z{+E`B3b38gS^Zjm5&5N_-ywef;yo zy-&q{|H3)cwUOC={FW4X-W2+?AKi9l8MXB)d>eR4ag1`BCRPWx9JuJawfKvv0Q``v zQQA)*IR(f4pX7|oUSn%xu-723V}g?Yj`9D0b9lb^Vra*${kHRsb`P%;^Zd}a3fm1Y z7#)GG$e??&==vUbJl9l#?Pg8!@v=?+np)d!;)W^M$r!d{fkw}x@UH0~q$nquRI zixoFOuUOn*emC(p^aAwlnFepLrut48FPP6;x7&E36&vSlw)9MX4cqKYp7hp6;&1i$ zWa_yOYgCW!tVMUKUp);EW#A?88|yJUTW@udp1T45RL*NZG|R7jc;Au8>8&GJkADf* zqtyL29;Tl??*E$am+Wu1{@N3@L-U!+Un-C3=QXiG8-f1;d!1_ z%l!AjF2xFdoDhDeX$j0nfNWZ`n>Ibp9@%&^` z`~xot2JwO7bom@-;(P7B)H|~SnPyLK>(ekuY_riJy6@#m}m$o;vl=Vq70_;UgG zq?RR|s{Q2GRC!Ym6FA2GqpZRY1Gj%F9!QZR9$@(VbHO%Z> zU73@6dtLO>E4MIV_XLA>kv+k9uiB+(*@z7_w%X7#+!G9((jF~c5AwT#UvlH}9vNVr z3O&~~d*_XW^vpre!k%CjE@!v6_a2=$^2j^rK}K&simc`L1Vi3b3(!2t7UXTIw-?wx z@c9<9+YkIx$RT#3zds6n_VM1-4EXEw$3BBo<^C(M0eu&si@>QDeIlRL@ktuJS}nYg z;U3`zJiW+qA39ji*%$JT)iJK!K0mVWO6_gpvoV-L~~64t2>))Vj6mnHkV%RIke zw9Tv5B(QbRVjQ?lU@a%Hmc*idU1P9yEZb}2 zPR`r9H2kUaG#(ve&(r8+FXkP@km+&6kmw273*r%E{!Ph^3+e3$-kBV@Nw$a2uwyCK z;h%5DmxIr2yf@RuJtlX*ds}$E2C~otAH?s~%e~6I*;-;q`bG;eei4 z=+kfVZH0QY>U0&to!=#(NtU=28yuUJv+`qV=j8A;>vRWv=;T>?0GtMPo=W{?l=h@& zzpt#~SKC|gOL_-wTw(9S{bMtC;dP%b=+rSWdT5_z;iCV9uj@^hZ0migSp$9F;eT<7 zd}FEeHfpus(Pj3$jb%R0=(iMn)u|Y^$ax#7Z`VdnYr{!-(`@yOp)JC7{PBH-$mjk?6THpn!i52?}3l@HBUBuc^i#B^?jc~ zct?FW1)PH9Z*H_a8Kr^c6+L$}&yAm-;rPMov%>z`?eNUiB+-5$)kAlXRY!qw0wug?x6+x@o>FWYr(wzdMBca zC_jGxQu@MPst=MA%Y%VECFpsvq34vme5rX!ZCn(d1N083ptVn5!`C4Uzwltt`X<9? zE01945k52RJ+svM-(=`fIR8oX7>_U23LTmwe(5`si$XqgK9hl|&C=yQ4<_kl!~ekc zw=ue89E@F-F1rpD=#u3#@xK0Z^cjs!_5Be8ALmvp?#V|F$@0W_fi){7WXzRZ3j=`O6O7pBJ$370`K90=`usAuF!-Fm7JWD5_0pbT=XnwOpH&QY_~lpoqB5T67f0{I z@r&_aqw>@)eHP01PV`v?ersiAq5*$)&t~A7gFm|#KedtT*qw$7d{yOB#6ugA&pPAV zmaS;!JGwra&s7K1`!u$qiuY@S@*mX&34UXLt2Ojx_Sb8R>y1q@d^O+U%W$Ko(|rHU zt%vnjqWC)fQ3gJ9f+;KH_xP|p;lU#QSR2A{H2UMP&ky}+|M^>E&tLjFo^S1AOn;%z zrN_&`zl``8*>SLL5ymEUtp zKAlgCPk3ro6E}J?D*5&4W!EdpukGP_;lFGTu)Dj$8C9Q7r{>$kOt{oRiJ?Zo~vdl~lHS$h1TwIIWin|s4&%is5(Sw~La+4}#A;cw&XDE`|$ z{gevz6VHBiD)d+vG@zd<^ZKcg>rOwVIn!L=*|`~1pn&fcl^;mh57Jve-xc&Rt414gQ!tiFuuC*yyI`bm0Q z_SwQ!vF#mBZ-+YRloIglDFshnvb`Y1KKs6KjmO+gpeumSh#EW_Q z`h4}_RugYU^BD)cd`7m3eA#^RR||-@7Sflph`cL0r&P?19;8zsum(={$u<5m9)y27;Cw9Wm%g$7 zX`q_>)n}RWd*4ld6906MIm0NdXSC|`BDKo)j&Wq9I&&fZ1%;}@hKV4W1hnT+;_fKETMD6RJ+CS|9KK#?|LF+q= zfBG}xeXUWx+P`~?!4JI4WAGk{{abGQ(?Y+E>P;q| zJBNHWeF3%X{g2-;P>pSJkb0D>&LEbd7rB@Eo#7A7$+D-**O^Q5*Y>r~7i3bj z{MQiHe0&wIWvTe;iDK}n{u}ZyGlk~-EAnqNR+1fKp^=<77 zuAaED+s5Vj#p1G|7%tF5I^ET`V|Wf{zaDcm$cFtRUVcSqM5=D({&VzL9_#;e z^w8dcL-wX=DR1b67G`gnZf0-krPcw^Ks{4jdkL(ZRRvUpD( z0p60)r&3XU66b-Rx^)ln-00P>o(b38t#>i~vM1Cp(!Ukp;d;(xTQchPqCd)C*XzS| zH8!*LJrQ~B{aiu6`11OV7!Lm#gSpJh=lqh-9K55AzKPaX+P(U($ve>_PyhKq23f+_ zI$+M2ZV8f$3vg~{AU$H+e^3I>&&1%=J|cd;uhE0E*#1t|zC` z?6};xxpp0vV7w&hWk z#%){lW7pGRah%}cn3pAIFS>1C*Y4*_=!Wh@LH~7GTCDYGp&oK)3-mWHZ^j-J`e{Xr zcG-9AqGq3WqW?!3K9191l%)ZEv6|7;e5RR4geJM}#ykx)bCkh;Uiy;|*9wd4&p%sS zZ+s<&pZd3qJl0#B8a+F&^D-Px4xcAXJ}fGas?SPqlogf7GJ{7N`bBz;LYe%o2dDV% z6Cr&0d_pLLrTQaZ7d(D0HH7Ep7(8>25FTp}qW;jOp*^S;eX?bBz(~GtEe2RU)S1=5I@f*%U(PDM*oTAZIsh3p}ZZswz$0A z6T{<3(r)^{{}y6{;B7~}Ra1FyyRbn$I{Gx-wvnt|rp zn%^DzBv!ZVDuL^@FAsm0|cz*VtXgojLgUgrg-~2Kv+j)NrogyEjl)t6=buoY2 z>DM9gytl78@qD`<&!?G@s=H=J^3G&5oK-m&xo7c9wdIh#7ARz#$!2u zU)y~Anzd^<^7u9C?zly z`y0+Uy?ve%P( zTvA;73i~Q)@0O|fX4?D3oI8&0+RU@08?NK8&K-BZRV=>rc78*xi5cjDN7z3ga>f|5 ze`Wqzjl7>uFONCXlHXci+WKXSJ-SMcCWQ2S(9tn#{jgo^Z{_;W9}4N{{O2c(K8W_m zjaR-7J?HNkD4jPNT#f;kF|6^}X8O5^LwkwI`=H@IV)88UxN_;*chjEHH)h)<&$yV} z>V&s>Fz0;)r}M*@JpEh=eLzg9e4OEtE~^W6c|NAjuXa4*@EdLLi|T`R<-fvtE5)(Z z;8g=&qrj`e;8pG6p)-U=Z5#XVF5b3y9J;2s9=In4dtSca75Nd3o*pQc|0*V5`S~4S zi^SATR@Q&v!6H6LhA4T5Z!Sf@Bv>c<(@lM=Jiktr z+uq^UCDeQW6och2Ls+CgY&>ao%UVyj^z)hHmz&Jz9Y`7fP=xu4_7CxaQ;UP&Y31bmQxp ze=a8{FgFzx?HBsD60ltzgDs!m3;DcMes4Ja>cn`w;CHy2gVkBL6YEWb!}V*t4iS%_6_7{a7SZ*%o?S zu&1@Ajx*c%iT%X5k|RGJF?pWWGa@oIzZlGIg`Sx|{35Cg%nUSsjOxR_Zr$kRl+{n; z=X)&tQG2}oDCeJ7{VZyeCl!O=`4(Y3DgJmOjt4pVqn&@=TEt$>f?qnZ7wYF$zl^^Y zH-u|p=pU3v=->C5;&T4Y7`!9NpTy^RM%ph~3ZFDSbZlM}KR??4I^#dW_2{;K$-O1; zS$-7wIQu-DelY#gMdk;S9voW#i^Jz1jea=n^NaXLpN>6$`s;Z9Xv1$Y{S?m2Qh(Nb zvx&dPy0vJtYjJ4|hEX95f9ihiw|Q{*da>u{QQb09d+~bswR>-rUu#Oh_QM!#BauJH zuXeqn{$zW&UPcFCS9gVb$oV#{=hMY?!PjH3{4x8ryFC~rH><;EkECBaihtBz34f( z*$c+5UR=J{y($JU@?MJv4b#ZyV^L66CyhwgS{*=pC*UBe!J`nkpR@dJHJzB`c z6!8n`D?H2kC1Gs1s~GIwJw?ZBVtC|pxa4e(d_S3J|JZo>hv(pb%qCY$Udr#QbL)Jn zqj!^yXKx!0X3rPAs1)4DmCmBb_k*{D`6kb|EjF*%Z|rl_zr7lNFoi#;{;+)BncSei z7D2cc*n~YnqB27NrNwZ8=96NuE1zU|xZc9L)XO!gp5=6*{yKhsqR4(1Qy1^`518JGS29cI@i0`_@ZUx?FzZa-~J-BDIrgci^1-44n3?z4%z5^%+_0WdHBTlgzbII ztG9$aQL5fDoV{sx`Dy&M68UMX|3iCoDf34owKu1c%Xaprmwz9ry?OAfM`mx<(vwom z-rT#gxXxQ1qc6=UVf+~OBzgJj2ST0^zYIsu5#;-c-3$5tL(KY&h@SlB3HGgW^!&#o zp{JgQ4*B>I((|n)=()tBr{r!@NXH|w-=*}E%ZDp&&CgF5Ia6NW$(21D=Y;+a`G?L~*M%?nX>kB$;Df;Y4ZNj;? z9hpryM9+e3g7If+D~ujAJkf1ymv1RSVo^bxek@S=G zah5<|=TY^OZ4btuGNhmEfg48FPxc%3yVg3VYV4lHZg0%4817Fx+(SR(k2N3mga?oG z)!Gn_qtTaJi|H%;Ul;F7Z>Ww}Y(DJ8Uqy2OT^?M%-uOt2PDhfDxwweGc`5KE@Gpn! zC(BKZ&WF)Y)?WAR8Ob+&DcVo=e>|8)%eRHF{;B)P$T<_oac*22eY?cG`8pbV{af8^ zZTBS}ygrSC7>)lN`^mC-ezCYrDu#=TQ^S}qJ|DJwZ&cspN?xwXP5u8NKi@_#S!xSu~#A z6Y3Ym|HI6O<=6F9;?z)HxmF#K*S{%-6F5wa;gIh?3vEZ4=S%$(yW;HS=pyyRc28gL zL|>~u@6Cr1M{(vVKHA;_oamad7S7Q3Jhud#FFX^Kw|qZAHq768a2D&2vGygJUzr8G zoxpjd^I>C3z_=?0W8S{h+q}v~55_;nd{}LGMzLnpKl9m<&xg6+rTNWp^I`6L3y4dH zoPpeA{j*0_6m*7U)u6_bB2lJDH3{2}sqH1lC+ zdT@&Vzxt`w7x{W%D1)W?N1k{+@c6NOg|#8&F?jy%2;s5*<{LL3c6N{Rku7}x?{A}W z`i~)ed4Dr&b=F!>XGxzq{cmTDV(^iF{ok4oyVJubFO%@W$3nc^-bjCL^I;!$x~0O( z+chQdI6H>Nk;vQs!hBfX*8iM%J@1paGryZGt_>w{eQ{6J*5~`vT0(v4^{2_lDw^MU zef@at?yRBrkrOPB?cdd0V*jp3uN%G}@73i6ne%z{-ctB>h4mN@-`ClXw|y>W7!}*U z>t`ik`*IAnygtQ`Q(tl^eL7tJ)toyOp5^4{`|kH(kPiP;`0S&}C){N8d9=Pe9)GVD z`$CMnJ?zJ8*ExAJeIAYN-_`EH?BUKQ zS(bA?h_zKSi{aw@Ew3hlOIVvdANANot@;b%fFCA2=!chkUu}l!asOb zak;-g2JcAY1^G`FzCu4meZW~Hyw(JjD;lZIs@J`qe6aQdn##YmPpZx)(YftQK7dYR z4kdm*p35tWH@@P*R_r{T{@D3`ZvPsWuj^z#E%j&%Cc#j}K3_WXPiLfTG<#|#8ZP4c zeDj@PqI%(LcxjKUMr3z0=MZcNs?1p_g7Y}w-4LEbkYcZ;V|YKv`Jv6)bKLwcm}t*p zuh=%N1b*Kvu?~woTvcz%`{!Y7St?eE)Dw!-!}IeO(4bho>2n@DqWRlHIF3f&4X1BS zf1~fCHrbl|M`F)E{&hTmy3w}nyfk>?0*$`g{zg-h4hF%-?vm#CZRm;2Dm;OU(~%^k9*E zeI$h8NagEbQ~6Kll#k#4#K}63yz-~td}Yqo4dsD3*EiEaUy=4N(>`V`)MajEueDo( zfwmyH-^};4lqKJUuDULKFa0K6)_Jz_>}SvySlGL4^D53+zBR#psN*%!Th2Zu~UtfB16tB^|j^Qw{WIMr8#eP|B}SOibl@S z1~$R1J=ylrchV0|+H0q`f<4=Sp>Ga0e+m2715-b+Jxo5c8{L0X5ZrbJF=Ga}%=zlT zh5g#!f=|=o=y%0PW;{%;dPm$)_xjy@vS30J0hIo3R=wr`WPc4RS+~=ZS|HIzS ztImA+&hh2zx4@r$;I|L_t^&VZ%tuyp&xdPu_P6NHK8*B2XfMCsIf;SY+;iW|#K4rY z>iusaCu8?$tYD6>a@$?-tIn_1`H?BsC(Zg~Sf7c{zs5Pd$8McVPO##vV0#O5JK2?d zXB97JUz8_-1f$?AFW$oKwl#&V?qKW%Lv+0FX6g&SU%~IoPiuW93(l5DfFE4M19fkvzSRDXx%KgeHV^TJh=F~U;p6b1K;}0j$rbNQJhmc`4`{(;B#khH1E^c zX@gtqyUh9MyN(MkYla{10cZJd&adVi()NHoK>gaYf8VlW!}}!8H}_dPHn{9c?$cAx z%rNVyvyQJnmGxv@bYJmXCwnrk!!OEBLuX6@_ImcB*7@x-5(Bl`uW@kH*1^HiTki&z zGS;U~=b^(RlH(NpK=?ZMao(JnMegCAX1_#ch_z?pPMvx3+2fPDs#$~ja@K@1PkCnT zni4T-w~fJd-n&1un|KTNX+1HSCid(nJ|998>fSz09ty7i;2#!z*U+{Mn_+0%Ior^L z-(I#9ctzjO7o)G+qauXmxh1!M@VWLay4Q^Sy_y>=eOWhmuVuyV#r`fnTsj*&FH`7D z#UIRp9SA;rUb3+Q8ljinxya9c@h~*1fktECvvJ&K0xx)X_m7A2?uX!8!><)(#$NP~ z*L?ZJ{Cs%|*-pc!8T7+k>c)DXK@Vin6}p}>@;5pueXFy$)_w+iuqrWtzkFW?S$BOh zryzIYQ~AJ7?~Bj$xt*g9&kU@nFnZekPJ3laPw3p}jN5xQ{7w!z-_$IHPN8vIKA^;BomXntiU>cJ6C~9VvKLeF_=imi|`nt$J`Pflsz7 zh2G4dXN}HBXFHuQ-7cJ<1NkFr(7gWvG%&gzewSWxzdduT(eLfPey{!P=`Tya3pd$K z>7}day~)ZJp|6d8hn~{!Uw(P;GTG$}y0$S9Bzpw^9B^F}44e**weaoSiHU&(ayg|k zIM@vTIUCW3of-_V5%hXL#hS}LIJ#}-eG0hK;3s>O#YXk;{Tw>p@MlQxQaW)~5x&xl z+24jb(dAz+o+#cb)CKO9buioDbykt@>stK#mErfN7Wuxe#lK%}zh5`Ye!o_05yE4x@qJy(!xIGO z#p$lt*+o6D z$-iBJe~aHzh1^%-w}{8HTw6lVO8NoTRI>4qUDI;$Ao8H~J`h z!}V6PAIN#hpRjk2Xq)DhK`-iT*A#j)ja+K~#uVR8vR7IPS&|=~K`&&lO$>CMgpTBU zl3#rsKaykPPoRH|KY8MPuq^G9_ zFONt8~+@gnQFoRF!T59W5o4^pN5|J(>>^1>1_Gv@|krn<)I#b6Mh1? z$|ipzD1WlIqWa1C`&RGmJ#@p(cLvq#Wy@?ozV>(ywz+%D#(ew#LPOv%{x{FsB7Gaf zaqpAh7UKDq5#YIa1b7->6I>lE!t;b;crGd6c^1B>a1^dbisxrycz&t~o)7-0faibz z`0(plHxfJ-!-FwApS!xqdM+;D`6c|kqs8-GF+9%!Ph*eZ8)uIsr&ecG8GlCm1Zke` z{pvLf|9y$~@A>>&F&TdLfz7RFC37p0`BT5J_lEZedv?>u_GnPGKDUY(Nc%2aMNBzv z%{_j6HsSy0?%d<6s?NN>Pfl*!BnlO3v`Gkp6ck%fjM(NR2Svpe3v_H>+7dV@D0ZxM z=Cv)h2_)1DPGwg+=}0>XM8pIYidrW_r-1QVY)kQd+iC5L=avM-3#qo{05$LTxAxxW z>~lyEdYM1od_MUkd#}CMde*a^`}3@|?>yH0Gh#u~VV03KQ|*gOjvQZmISP5yW>xvm z5SRR`{>kz3FWDC2IcIN>YQui~o|Csq>vQ~x_eN&UkI1#lpPR~Du$LFP-h1Gp!1CkY?y9ebeH1FPOVZ+z`EG8znwJ-rhO~3mhKqRr4_DjHo7afU+ZGK z?9b>|c!&a@_E9WkEjLcmH+asn$^tB zADCqPfiu$nK=MxT3Vyr6ul#iR>+s_&i4RCmVZ+Ks{oGOPYxom?(mvZ@P-QW%&fsU;Xt%+vAgc zag6!QD~zr|e-Q^+myTmJX5O#j{UskHj)87UBGaWOyf{YSLwt+s#S;6SP<`ilXKOdZz}ob?!5G#i4Ov&Vhx`EWpdm37udU@QGbl#$6p&nuDJc3 z%$O(r%&rr|?!~wqo$9R9$@D!C?TTg_Up!v^iDo|wtvdAS#LwHYPX~&hC)Oh)?t@0| zhgPKvuth`0?uOnH!2#^W{{z|Lst2~0QBAZC($xT-s z(0#ylKX4(ljqJqd=;2rK_eYLlvqPJ+tiW2uGZMg`w%M77Z1(6};DE=mWzD>0OE39* zY&^+W=A5?K=Q0L;$!5R%_x%gx(+qB#IXMB(9_sRM+(%!!_rJq^3;l||+-6zmOZWbL>ZizhYM1n}H8g$yZuK*O9$lrlKkwdv zKKJyf;`dQtx;J1wU}}JnU+8-Szv9pPuE)QkeIQ+=zKm|AJx8~4PTujlwf8G0#%Z47 zW!QGoDFcm{XLOF!J`k*%PXKF{PsF+@Z|a}tcTe=LVuB}vtNeZ1v2PXI_v`V&bo7JI zA1`yoCzlOmPj)%_dJ?&@ce}Fl-O(0wN1K&8i!+am4s1aODpuC!#LW(28^#jeIk^5< zS-{cR_=!QzGLzpL<=K~Yt{Hj^fAUHBALu^fP3R%$-{{aXD;2^9TLLb$e(9JRG~)W6 z>&*E&(8|BCS5^9zSYT=uwm=2ClvrBlYILb$PkHE5)o$cTpK`sJdKcA3#F&HeL79VW z{6m%a6p;bqecbo#j(y}!%^bM5o;fJy$J#%sSX(9V&(a(!v1foiUW)z9-^HxA`cKcH zk~x$b|2aK}<)=7@3*9+jf9|!kUlu$VdgyZXaS`h^jCrGXKj@=@Z~FADsV5tf9eBeqqh&juWn30 zaRr;1+-e_a4KapUjM>Eh^4nrOo5kO5fBsm&XO@~+z&3v@ z0N-YvwKU(}puAvZCO-0u_klBu*TC=Y=dyVW$I7vP8y)}bDzkq(^Sz@wU=K2vJa8#K zUd**MZ7C}*zs@O952uOjy8Sw z=^#eaeBsN&Y6A)944Vtudmp`P--`4RSDOsufZ?6IDx!~kS~ftvx>jfLCfWT zD$3+`uvK;i7ya_M@v%*_;PKJqKlpIQ=7FsIse`ZV{An)E3_qIlwVe3UX!bTnp`Sw$ z*0C)IU*b{jr{~DoIfjS1*8zScBMc8CL()799cJ-xxy!@QcT98+PP2Fz+};k2iVp{r zL&&WxImC4}bxD##hKF}?Mmv2NdNTdxj0~X89j&$jl&Zk=8S8aBgxY zvi;5T+&cr9y)o7@#)f=nj2d{p;@*kJkAY9BF+90kfn46e7y-tph@N4WyJMLCxz<=I z>O&k^=F|xa2m7Br(%j|BF8}eXI?Z{Hi4Q-7}gO)eZqJUAMix&7hu*>GsCkNIFopO4gb za_1urG`|0QvkBw^9G-N>|D|tyjr}cm?2|s<%zWD}ga0Oc+otkDy9u1jpY&orlGDH1 zd8BzGa%fSp)wds=BKxtHvvF&!k@9^Fzl}kTE&7brx107^v^AlF8fjaNEGkjky}q`F zOq}N)C+ri2r2nk};A|{`rTQV}$uH<$c8v#`@-eIc?Ix57E{}+v&df zn>Oa}wVC<}=JpNd{}3=WF@NK;BU6L}=@sc3$#2z|7#xJ1cz+fS@YR#(2jwSgD#ZwOhpS2n08>lV*N=C+PY%ep08*K)1(`7w1L&RS$--D8ZK`~8aTHK(E9Ge56{ zvak2$Tzm9-qk%88UoZV_;QD;N5nRyTPs}QgELyz!Tl)e-9{Jr+UD>hd{$;W_%`G0eA32=Th`U8TowW?M1t{fh(_FesY|6T-hbn8H#xMBLn#}5n1GL?j1!bE!*fCE9Xwn_n13U<@@$Xv{INwQc=Y94!x(;nscB;^ z&+yT>FH^UuS_%LAS@H>(yPwJMrC`?n9*^FyGV&)wf10 zcNy>^rwzP!0dH}|nRZbiR5hD=oIAPh1%9>P>A~;fOn!vo5xo<6hT2U2ri|RLE48&& zTyN`zu6vo^3!MAX+d9nd)qI(wXni&Hz_tHYVke5oom2+MH`NojE$EoRT+KY)as2=1 z&iRp?IX~;JlP3|p`M+f5pZT6>KmMHR^7K8?Zv2Vlb;1x@h1 zkq7mK?dXejkzL3q=BC;a#ne^XX8hN=*hZ{pB8;6)-^vLl=qEm(=dMFH;6L1|HKbq9 z2Gcl4X5!-qo%*vV^ebCexgIm;pyNNxEnr;-Y0JXLsB9gzI0rX=9rf=y^xSUjvy8oB z_Ahb%YYp~ZEwmIWBLC#sNL?A3d>&)GO<#UnaIx>q*F%G>$0Q?vGvf&-QQ-GzL%R6$ z;45t>p{~*6pvQoT*yxeQSb3a-} z-+~<(fxI_yB9n6gpUU@2N7Rs)Rs2x0QsY5o0$?bJq4Bf)n^;PchkjP!4 z)5!xjXs-jZErx6hi*~?!0$GtnPWbcs(oOUK(Y1A4e$S$7aBxcw{p|G7j7KkbvtIss znZK9Z;=AdR(dl_WJB`dE!aNet$FCRRmorCGSI@jPe*-tQF@jsM6fduR26HfY^VX{f zngg~gUD$N~Ocwo;+k9_ihQIu_#veaNodfF;gATO!hcUOAxO(s#+y9fc>JqCjhMyCF z*497zt$8~>@#vSU*}D)M)AFEVL89vodVemkw|*4b4sD;reeW8(B(<7-St0%gLp4=e zd&L|VS08Kko-wt)wAW&bs89T$Z!1^#l|S`2H~9KiO|b8b8oH*D%7SZ(^#U&Q{)y@~qW5!bWd7wx8bR zx|etVp8YxASe`v@;HD<1oaZGs;0x&gEMt%VhIbskarjkh|I)4_&FIGg<=2gd9y9iT zNU)TT0v2?M{M1-#a`V!V$YH@VPf^FYj=FZAoXPI3#MIqT6-HJtoLHz z9LIWN9~&9+^N&l9!_Vj>wNFIhb3;lnni~L16yXK((Ht3!E0b-wd*pJ}lDg5=l zklr5`f5#ec|A^X@ z7_!pnqNxp?N%So-_jQ}1MRpV&mqbQ&vo?iy)l@yqdK9v*-u^%N`i1vq-`Ba;vcrpb zPVsr|6YSk;RqfxxIn|r3s$C`rcbWaK8W;T+7;R#5+p=;cz>_!D;i0@;$V9Hsga#F} zh;60Topo~7;57SQ)!d*XOf7+xZ{MYUfqPsuRE3-|d_NBS|I~dY=WoFNI&_ zyJ)@hLryLBpQt18o=K83$OpE3V)IRBUts5#SSeyk_!dDsAK1n>)KujIhho~)ax34` znIAxYpkMOGTjXB&dmewM@pp=4>K^jTu~lhT{ZpK=@}sur<**E z18c~Im2dCp{e8aY#_s}_^1Q0#W_${0Ik|t`{D`hwxay zT4^uN7XP#3*}n&G74W<_mU)LUkdyew`5i4hFQ4p9?cJHmTG4+3S_~g+xy#|Z>^StD z#B0P`=OYWHkNdiu{Knnn3;o~Ij77lzEmo@Mc5ICK{O$}?4WaKze|qh%>OgSC6!y%i z4%d4o@d~wJ%iy&|&>8RUug9laNv;vTsR_Dq_iEZ?dxYVsMc9Dg_Il>n1Yb%gH7LKv z{Q&nRWAbS0pUv3yLtKAmtexQ6vx8!l)EEJqbaM>&&I++t4gQwS9R_}`VBF{{4V|%D zpqtyk%k805awRrReaO__8~d2?V)%~3S=X0Y*H|^r&g9uJ&qjE58Sw!6=%tVS^l^Yb zUZ;j9^Z{^Z|Ti|rO?%n<7uqu(b+Sq})eN9H5jfj0yWoON^jDX%R=o0Ze% zf37d!#oL|tvh1=-t5bU4U+b*zD@)b}U3&0h<%vq<*cj%Ge9^ZMdMlYXGUOj!dNKLN z0pjCdlK%x=g`lYlWNo?ZktyYsD!lk~j? zdH-C{ny#F5;%R>MZq)Z~!#F!mpZ~_5AibODg6I27+oMmzBk<#IK9_1v;K!K#*{>mE z6389;T@75(E^24cxfKnH$q>g#6ymcLbUa3_wRp234STR7`OdNCV(uk)x6Zx43g4&V zjfr-ASZMoiX^+#UngzvAe~N82@iVFBr3K_qky-M+VmtY(XVU$y++GV#qC0_gF8&d| zjM~GruLNhZ2}B2~Pj=$=1s%_L-8m_nHW`*x?AU{)8DRP_+CS-iv#fVxjf(V3TMbHzy9!xC4sfU0?9sW zUGb`McE43@YA9}mK5v3Pqf6b9CcE^Xr@=N9aWwb)xLD$cgIV7JH~*;uZ)O0c7m`;qdqZJT-$#lAOV$Ia#) z;;I+5VdrUH8|y6lZrVk!-W(-2r7wja@1EALXAd%H24_QT&E^Zy^c~2L_#Wn1tE=`;C>Cxt!JmaT3?_KrP zLz|Jy;UcHT0o;}$&#zu=EhuDd>Zu*S>K5#o>yRriuqJcBNlD?_Ue@_}XyS_HHynPx z)_U?qolnqm=e!+Xf9%U;fzlPrKV&Uff23jF%4av5>tf;vD?hew-j4P*bNwQ5_tK~T zWnSsqt>zl|v)Th(d-U}h^u^w-1xe_un{j`IzV+H*meKsbt(f)Ja~pWChvx*}X6&69 ze0Kvp`23eXVoUeM$W`_uzj}#5Xr48B=6yrQJ@hs6-x}tv|K%nFQw$mBj5ERX9pE}a zzlsYBmgEzb@ja!tuFnsy-E{2owHuGs+#iR}96#bx>IEA1J-5U;YeaOPc!Kw^p)RMc zKz@vBn>XBzOfxbNp2bJ|Jp1oVj0xIMZpF|EYo2_8`Cn&f-ON|C-Ya^T6H1MA=E40D zw)WBcalZ=Qa&R=l%!4^Eh*}L_l|23XI~kkzMTd*PhsGLc9QkG%=l5xRkFdQp_%8R> zU-A8U3s*j3@OBq`zVh)k^A=v}T<^xdaGtF&y++@tcurT|wK>=iv+N zh3wBe71(~3hONZDRygp%l)*uXvzF9_frBdH;QSNg0NR*p3)dbFI2eDlGoKQhjmV?d zZ(cQTN6VuQ%{aK`or|4u+_`F;SH5{dTpu^igXwWjGi&PSFLyq?bDDomJ2g(~6vt`s zjpNPhMfMm`rcaNfeA$2H%{`-#uIT5Qjoxp%9%u7F3D zbFO6ZsyqiS_+0#W0KVxhCT1NdJ9y(Y)`FjKZx8o~Az+_OwHE~f2P@`qW=Vj!1G*)N z&f#2#J)4fz-@nPaVcOT?@CGsK3~wBV$1BtGt0L~re0=a{ z@L1)n*V&>A$JSVOig>)hH_p!(=jh&V&0GH|BM&Ew<{jK#>Zc1sf1fzTaR{8c^f%Jb zg@1iA^BL)*3uivJo#Hr0n1ciJNSD{E?C)}K=F1K9j_!HbtoL%Q|DV1)Z~af&&9!*l zp`CNh_?oxysoeA^jW0XY)^8eIGldNH;#13j;@AzrLS%@<7DXS5;IPX zv#v(oeE$^3Ax4&-kGF=-{Hko{dYod#?)r|irC%Q|aJ~g}fSB{7-Dld9$ZNOfSr?n@ z*qQc(fR(zNa}g$C=Y1HPtpl6wb)LOCFvgxu+i?0b`7Q3%vRB}BlTw_k-)S7Tev`FyDA=F>yp{-?lKx337S{C0hyY{izqy$=euH(qtl zcNvC`l>IlHU&XDwzWn#~{1@rxO=2@UKX3IRUl&B*7Jm#S_ck0jhIM=(Xg!c5=F##w zt51HK{JkE0yWRwKtjb4~>$|JU>l6~x51I3jzDG^3_FL`b9oaULk^7B|EOupN@qjW? zI(=Ljw)Zsb)hOQ7ni5^L=wWbjbzyQ`PqboeIC|8({ky7pQ<_T6sm`b7c9?g!r~ zJum-Au)Yqg2Rv9yj)(PD)gSM1Yz|Lu_iRBw+)`8J(7{yu0BiC(azgOMrV&#DM>nsj zsk%4Mnr{4G@D&RV={W1N)VHETOn#4X<^SSCuZviv)OYeOIC5l8UdQ~y{mmN3>s$RE zn9UmR;63cHCE&Ien_4(6-+ipPJaG7jQD7oYG9$`+dY;(FKJlY$^jZAPv8(r1?7h^E z7lpQ$9Ll!2V>__NXMEm`dD*xQAlj%2UU|SwiteAAEY} zEZ)(%sQ&wk<&4hh-&?;2PXX@x27vp$T)J@AvWaJP#**eMU-`qxR}*)$@@~BeUYmt4 zrua-e!rp~V$SnC1o*tzS(PrdH>lgL20=FKZhF5*WH@7^f9MyyLtDJm`YN6npXV|-0 zOY9(gowLU@MnB&*ZG|Rx{~i8+h~GATJNT8%^5Sywk?_|ji&%r@#7t*eoxPQoVgacG z!9t{!BKTA>-s_v6(kXUoKAPwwIfFS7KOmlwN>YQ7)Lf;*nVWQq_IT^B zQ;QSq`1dao3t+Ah@<1kD%ACD;sm?djTy(~f_IO9Vyh7N?bBJ!D;6ycREzsSYrxU*b zU)L|MyJV+}8^w5(Z*}6YmWjtc25!7sH?PJ;ef0=O;JKV!&`xj@LoO*#Zs@)Eqef@U zg9deGd^d7Iy5ThN**e0Sk$~Up$6L2ff#2%Swr(v)zSWoW7yC!|WB7^U1Jl=Xr>|=I z(l-*)_b+trS8@L(|NZlv`_s6uJrwm*tXtnuzvsCydi`GOJU5BwI{oi|#kpU}{U`MP zh1RVhVi@()`3o)8H(0l>1#Yc#skMGyJvA(QnETR8LcciL-#D){ul36<+{4dYP#+52 zI$1WIGv>C6Lmx4C8BX6(a=**Lbz6VSK4e&D`k5~|;|KLj(Koh#LiFvuf0xsC>`nAI zI9z)6tXDRnyEh#>)84Rr=_PvZMr4KBppkDsL|YSWtH}ANZ3%7P$jo(H#b=!U_S4^2 z{P(YP?#H?RW%quJK3DTTHArK|ql?c)Cr`kKFNYS(h)bQv8ure`ZsWSkvi7Xzm)fyC z`Nx`wE9b9`LaU-l@$Hc?Ip-kqE|*5pcc-h?5B*VQ1^VJ+s42T}^@Ey^>d;o7_soN} z%&Yc}(EXXYEirSO3~Z{$3YA#Du-@zc;Vi+8yg$``KB#_>uU|uHBNXm_s4vZ>oNB$M zciwY5_I~bp6|wt~OU)Mbhx}cJe2OTyd>V3WWINvlNJSfo%MEMT_Z~EAY>#Egl^IUV zT0TlTe#vv660IV4>X0po2+#4X;@eJM&8fqTB1_hkguX3*1zo*B_O0ZQ>=j2w=XX5) z8vZNqD>kXIB#R`^%8>C_b0&=PP@fR52{vlaD(xrPeZi?3Al16*{wiP?hs_|k^}N&G z@KyPKEu+)dor*i_J&kSr|J6sEpM=I*&bIo{H4D~^w|=pc{>}K~t-j?Nk2Y^S)vmRa zr?0CtKK*@FK5ff+>HD3s4_l_BuT8C3%Z0#6J%WGyAFMjs{D8)Ju)+p$-y!#|9{kE&C+gZ?Ei z6I?GPHr{k>*4ovIjiWDj5nHqxoY?q#pL1j5$ST!6sIJu?8~;rsG=PqgZJ}DFe_nB< z`Fi@UgkBQx`grh~#7@vySuyyWagzRVWG}$){&9Bs$3cJI!8mgmN3^v8x(`A3=KPG? z7y4&KFDjYsZ9_)Q@Dg4mxmR*+H#_S`~eH_?xiU&%N5m0wc7Rc>meF1Bx@ zZnK8-bjYuzcI*48V~3jkg|g)XPa_x7?sXaeDUQYeNcYa%6c$mqrU-faxixJuR^&RBZw+4uh1k8Ds$(`idUkRl4 z|C~JgoZhMGdDJ0my*{<>iC1b;Gj!I@6UfNZ*gsF-yGKxiINZ8;9KOosyjMsr zwTQZG<&<79doRWjTPrfT)aB6ijoeopOnFq*yTzHyZtSE4@YG{}c3mj@s~Fw@{soM+ z6hcH5aN36zMP#1QptDtl`Wqrs*3XLVsKvp?$uYxzCSg$at6v> zQy(kHTLG;1eI$Blknpj5uw>Y@KZzZ($E>&NI8%k7aBb(f94lXMM=Tp`$#n zvpH0AE4dcJCf+|E|C#>93)SKycuh4u!h`rM7YB~-%GtKyD9rkFCqkWG9!}@X$I$ED zjClj+?LUvds$7|5M>jBN&)y@#6SjPr@^Nl{L^--&>iKkLSKZX~DbkMG3cvF`bS&O{r0hV3m|GFpl3+)Vxf{n~>byQB_%Hkmf` zOB7vH4vj^pay{ATw{5jkbgtdkw|h9>OMRS2yMcl9+teKW#izjcShRmhYX z#tw}zZYA_Kk>{qV4j20v{Aa=Ny-PhEOAPEo_Eunkw$TSuZDeNZ2KGTb&w9VWdf&-< z#~CvZc?vBUd79w*e=|OC?-kDh$6o2=#QasA_3RaR6#ZGxK8FqX2(8F&6SKc^sC_o? zt38JQ?cU!O2~D@p)P2s!*7H#(#=lMHT$Jd3NzVO4r6%rEKRT=bZIR?fw&07B!(hC1 zkp(l6lk%JRzLjtOMyG7!JPY<0u?A-Tw=jRl#+Yhsj0p4b_BuB)|0MIxXa3T|`Ov$u zlel*gIPl){-Vv|wl04Sf=!(|tv9Vpwv=h`NdShSvK4U9>B|BSV2h7;y{J3}K0Ankz zSdDLaKC+}79rNZVQq9k*&aq6jm(IDOo;~_C;PPPCKC$~; z=0o-d*>Y{**^BbEpKaW;wp)KMr7kTsZ)7EQ0f_LE;$Nz9+ z7IWdD`S9I!=;ej*+#-0f%j)b|2JfwquKrNRb5HQzTxcIWq~oiLu+O@%FP0JSSrJMV zBcm+ej~CBy_G4!DJ8JI9+29>rGZcN-3(sjUhx7d>o&W2di9Q5fJhWrnyWaU7P7FI* z1iYiDpC1Wqqv&f4@RlMYSPQ}WpkOTm)=>>S6XKarCda@!{KkcIF!)q+pI~h~_bfh1*Tx<9b^9r z`X);Kz^fZsR44J zfz&v16YNR&g=!gx%wk^yw%@qrOAe1OAqItgEBPqDJ`ddHOAgP0|B;2-t0Nn!Ro{DH zzt`}E==w&^+nQRFD$Q%CT8u99_LAkXA1gR6&+f~LVFZoOCjBCv6%Uqlczyi`HeeJR z(CZ^XpG(VYtDdEPWf!{N;+&g9|0~t(wG*o|GCjdNb?otyuPPgIb)9sE)p6qv`M1PT z>1Pe=wuwD?*c+YF(YjAw0zFm2p5fE^J)>Ru`X=mk#Sn*MQyfa<+dT=-k1aGlTaWJD zhmLY}xyc7r=G!{IDT^RjlHBc;aK?SnT=n8 zU#IpS+7%zvGja5b&VIjv8uw-NT}|xc!{mG8#91b?ZZ9lfcKCU0c=>ers(V$3sao@z z>G*r-6znR#eH2Pvg^u274KX$3iZAvc(|gfpS_kKR`61XZ#T|=)aT3qQfX9QiXC^uc zo#yp#z7d37FqF8%6$Msm1?#?oSjWxy#rL9TuLiE7bdB-c4-+2Au?zvX#%F{=zEiNDjUY~<^`cpoy zlr!J7&m5YS@31$^cc^#lSr*vw9k@>X`w>$^5MzycrqvJ|arS!c4~J4kLzp-B_k(}6 zrPqMD8eD)M;ZCsju@#eP!eb9zWJ0s2!6@`dH&4?j!1=X&O}i9WBV-e(iBzctW+ z)_FBHeuR692cF~WpL2+b-8%kv{1)&?&R(#ru7mElK7(iR@wQpJMmaSM;UOkA6~7(Y z3=x}>uDIO-N6;#q`ljpZl>@?s9CEZL(FKV?1n? z^ceC#dwC~{tshkp7ZN16pgjQ)sg zZ&R*9ac$8?ls*kFO>|_>ne;1oWGle;eB<8bdunrJ0~`O-^Y2)%_qJxQ*FQryvXVXj z@+D&W{_{$sW!NE=tQT;5>-CRXuTiX5*}&_Sf82WI54v6xv|gh!>!ou8*05e{eCzeu z0oE(YI}Pr7>3`3*-1l$r3Vm$KvMb?Z@RhYbmCpJIms-aJ*Im4O93H!znuT0EKAMBa zZ7v>#OZ|BGY&Z0uIqyv8`SrI@W5t;`pbo_yp!NwyfWaN3q-zx7-dyFj67#=aH7;o&7x1m9xkU| zwR^o))#{!%kq2&LW3YEQ?;w{alBM8mtV3^kyTB3GUjs+U^_-)?84qb%2gcBOuAR^S zt3!^Re+$n_E}NPNVA=7OdlnF|9hsKd6R&tv4E&oo4>@wtZMnV`!`Vi^p~iD@CRe<- z;?WCCu6QxJQRn2wpwB4uIZz*!zk{|0=-XRM$*)U&>v+F!4b$s~zma=h?3YerKYTv@ zrt4cyVL$wh)VRGjGD9!%*{tmxXvRl3<5|mD=ucVwxa(X%H-L(q)Qk~1_E zDnBs|&1RiMk8@aK=#f0rQ!&f_H2WpqHsvSXc3*DJM;XULWWE1$2CC--+qi zi`|KyzxjB!d`}=7Z-lP@QhL6Yeouv-ttrS9&M6TuOCBozQcirvyY}F@%A7}ewePY3;Vo&x?Dg7B4GL!u1qr*3cfZ zmglPSLRQtdeE!a|sw(muI+4Gf4Sc)AvPRh7r~g&z-wJTHk*Rgqro4(5D_0$L5P5BM zS1WRv>(TVDvsTMwgUrR(=3J{LY}<4Be^dD=dn5n1;1@4Oo|$@aV{=nWJk5Lu*qnhD zMZO2Fv`oF1{&(W;*>;3z?9InAG?sfF=~aW+58k@npmjTe?QkmVHb(0PeS7$igNGBX z+w4Kstpb~E6}DBJzOvSh>mO5Nr1hlEq$Pgy3y#DOuj+!a^)L(=31$d$TidFK(<`v;OD-q@r`HV_Jf@JqOTe#?LS;8=6hZr;CI9Bk(ZO3ab%-_O1$n1)=1>1=-m7ms_GP_SPCrL4 zxOd*dpE=hXs1Hz%(EqM-e*Wuf)i6>spuW~W%Day~Zu$z)S6)e|YSH%sw{9@G#%vgN zT=T7Y3*U0aNk99d^Q`if{xQ~n@>}y}-t3$UsAoBgtg89}uitEVtekiKcF0)Ynkgn$ zMx6Q@5<6~k8bFEz5xF? z6snrQ`7>>^LRAU;1kVO6BmUi`J!hd(JA%CP`Vc)oRMp>1ZlLdO=*B{}dwW?D&_{)( z+Q)#YeNo31^IszeuKW%v6;S}KihdW2&{_9v+vvS$MDN` zS=GP9XUxrO zve?VfZSd*)8;v~9oPQa^S1`GGXiK?yt+SVlFJwN#&GYcNe=eHC1o9{q$|`@`~s)eYRP?>XQ&pL539H^4Y;oN+MNIDeNljw_$s zaTZZSKEPPi^_H_Iw0`^3-dH^6%_)I@TRYY_r~LZ#oM!sR@?^6+);-`(xXHoax{3>( zvA*Yx<>JqR&jnu)eKXj2W&ZIz-Ebltj(2dlDrYRMRRlRP7!C`3){ZcWA@KL z4>iciiZ{;3_G;L-oH3B$GlVzMMOs(6@9AF6Xy@#)T4-Yj@6=kQ_b4tAf=2dl&Co~g zm{H`iXy}%wBn#@z|2O;ozfu3Y&)neqKf?dV$rbFCf83HSQ$FVML!Vm@<;3(d``v=b zjC^EA0X9M*vO{O?M3DPYY#3t8okg5ew#h1_#=LM3bqRZ(KX%tWO_t8!v8E^BrEYji zdl-=2>vVRQWOuo#apdeU*G_$eda5Az*>^+?q^LbQ&50QZZ@<4P)f_Qrh>f%p_`*^7 z#52Jsdx^mP$5P9N-);pME*L&Z)Om?#%2_n@g+&{ggmfcB88Tqp^#| zQqN;@i>3BwucnrrJ>><)9wJ`KUb{FlTzf{6$n{p_rDTF~C~J7Pfp<6YY>a2(Jd<#r z5$+Q_gB(sFJ5%h_s`B)qqX*oY7jiPn`TUVuw)A>YQzH2_)LSd+N0ft+?$wW{f3HIR z`sJ5om-dNX8+G?uy7V`YZh5C8n-1hl>U%f-{wJCKGxneQ{(a2tyU}M0hn>Ae|Lye| z4pqsYG{Bw&yf>c+Uhwdu*Y7ZJJTjEh_i?HvPw7jwUP1aI54z6F zgKna)>*;F~vYdWQU+Tm3$Gw)^zL25+{(gOh2Iz}>_vZG6eBAtgeSKwszPR_*oW3OA z9`N-=PJ-_fINt~vPyF8KMPzM&IYz(DfIVhQ`wUhs> zv2{I*anye!du0^QQor69KgjAobS}0d3lY^;?Z!A8c1mo8sA$Uqk;a#tENw`Wy`#N-9OF3H87uV|RN%}HlajkRv$zQHh9j)}o z4di2=Z#~=YLB}nFZV}717&0IKRzKyx4{#>&2T;Zl}IQJZ08^?7m*Pr6~ zOq+>;ZQI0|;G1~&2I67Q*G;#d;~lS`CETm!`=?>IAMd)Fep-!hJ>FIh;?DE?Rcmc@ zfnsqRfnm2~S*X;=vNU~hEx4!hzGKHb{)hDShuV)cf1W*Ro_>Cb7>NJ-RN6ngSKs($ zKL`F`=OQ-_ps^J1Fg7K={dv&eB42GaGIm`BF@SNp@5TvaCz|Jp6{zNVksAkCITCu3aPe`#3XL=LcW)fr0A@7ehm;D^%QL z6?4$sBF;CVI0wl2W>*3^(aL@neZxgD2*qKp`XpspjsUrb#@v>Lmb`lfnf+;3u&Dvm1nm-1a1!QY*R-`V$; z9*Z{Bo;=GOv>#dLp-1)G$ob>0jlsD#?mjQ4mL|$OO`O}5yahdftpCaG+f=(n?mkR? z9Qe{%9IN@;$USeI81P-UjCZhUWE;%N*-N9GS^)d-0PCAqPE4QcvL9gkaINu{GoE5b z2FJ4*gR$4-TTerFa{sikgp63&D=m(#~ zso7Hf0P9EWS$ZS}U0lIATF(K~<-ocL`-y#5W*`$B;eSgfOZ)okWMc>!XXFXXX!E;jd&075>^ga9(>HB4#KaRfP$3f{E_*(c5{h;&> z{b$iP*UO+AkG{7tp7H7BBSYV+Ws6X=7lW4d9ShNA96p-`tta6#bU-Q&o!0SpG521) zoOm1ZXO`-8>BFnPjM3LH_*(MJqXFH!7aADPv-11QKIysi$NQ?wdKh{5Jo0b?^;zdq zpEVo$SH0(c=zlqSxD}pIP4hs;5XJeJU)T7L};Kv&>0x73`6H*D&ulTSBR~+Cr(v(Iszz*Eb^$9Z#Yy zxdoZBRW=&?R%!Fow<8OJroN+R5pm`aa{C?0AJy3rSFd2l#5)81sAb#&Yu*0SdJ!Eg7o?#=untH1OxGIK5c-$(z@hG=A&=IQviCPk<}3wtd<=V}_ibwOz!N<2n`Ie&6E=W}VV&4C%(r|iP93_PfvI_}p~&?@kBW5_PH0)f#$$VqjS8;4E$=hD=D3}jGcdu8fb|U}a z`Me`pSoxKuhZD$=_qW4>9ZQJE316~#CQ~!hdkb`ijiv9i3@K0zCjA4e&PU&ZoL*sS z`G*}`#aOSy8~Wa7InPw^Y#dljY$s>kzQ}rAHVdAC7i05z4*pQA$+OkoT$*a$Oy8>0 zhBs4JBL7u`sq-7|2A`_o53tsb^^?@cyux+F@K^D{dtUEfAlx4KO62f?u!B$O z`PaeUtby>i!o?pvD%|~4{ORHDx|74*C?D>A%m2dNoj&_ix*J_&aM#ZK^o;@SI}z@B zr$Qshr`@za18$?h;it2^rt~+z9d>bsEHN@>Y6fSm;A|6pdV7bj0B8Qa!ye9l?ZeqJ zaHem=9!HCe&o>avI=?=9U|Re=KJ@$2;zVc#d3YQxB0o=t7IzYN^l0%e7oVcV7&ww# zQ0_tJm;^ZcCCWH&PoS3Oy`qafI*Kji8SX27^%?N<5cpA?M)tp-M<0f!7Ei^0kCxe@ ztE7vg2=^k~I|n>@?f*qvbO8BW%$b_G@_BvEd0lue(>G!@ND_K1zs4FM{eaz zl^^gswtZ3BZ!5ABiDB*;8J^$9y`2^{fO%=YF@8i_f&DM+{fKUMp0JBK6JM=LZw+CtW&ivIfhKhU1s!d|Vd=)osAkB2zH zp~!GM87c9dGvd@7$07wz{s;LU-4aUuJKt5bh#mO-$wXR*4>vl&-+xjt`^M>uzeUvd4)HrMW6pRtY7 zGzNUTBfPU79}v1a&aZ59WL4U)e>37xhUqu|jAFpa9 zc4iTmQ*5D*np}NHa>HEJ=ALO{Vj=cQ`M;&e^Lz{POr95CV?%RY%k@%Va&Y0qKV);v z2Nu~UGBJ#O(N$>Z_Wi+F5dl6g<^k^3>AVB^ zsIvLqWbcb~LHu^~8TN?i*qRF54eSxQ8hjux;*GQ+&(($>O&fdpuA&Xu9A6d+72}mX9;_ICLJE`AH~^M=<$U35FM6)pAyrqs!F_)UzJGkx3Qoq(Z=5}f9I_3 zOibg<3uIcNm*>#+iG%!on_u)n;vN2C2PFQ;-=qAZR}-)D7k!s_jlT(g=kk9)f6*Jn zB~pnZe&_H%-?ftdO^oEPV8U)oVz(vkM;12o{A}8u=I=!Q?%?lEe$h{fF8)^X_XYm$ zK^FX+zhzv%!rx!QBUrvEEQBeh}Di17_&Zqrbnyr;fct+aGDGrwuyv=x?stUZw3d+LqA<9eQn7s;!^4 zAoE{K8+7RPS);aL(8);JnrVX$z4tCv+ta+agFeHwL5E)3G_`fn_5y8lX@d^EKBuS+ zxfMrdB^J^K9eVGbOIsiODH`lD+Ei>}EjEAN!712&eau6BMzi{K-f{5d>WsC}^?jD(tAV>h zaOaob+kNs=@|*p`$nQ)&Sac%qPsT@~MnQ3a4b)LoG)%T@nRjhn1!vGx8!zA0#PoYbm8VnR@19p{ptb(ZM&K=ihtMywr_Ew}>m79B+wEHKV9tK| zE%=gK1DxMA#EyfjvTv+jV)c^6sN$9zm%TfUE$eCr-`W2x@C3x{_Lhik#%eWBD} zw%+A~uJ<8u_}5tPFPvb#&G#pB@-bfCLwN0X;w{T!ZgYzxupsa*T%^#ULK^7sB)^xB}B+82k}HPGvKLjQl$>wj%H0lji& zk$=CaIeTaZGHNC|+{9YNuhb1EESucpx(fDAuKF}~A~6~9v~mwxU(@!VAGg0oTMhVB zo@0}b|4n`p8>V#-`8M58?~P9WHcP&p;GRb>@sSqx48QPbtLE&=In^g6MzP;8mwpwdQy{zJ{&`kDHL6s#Pdsf3oD~ zILXg&VUGNC_Td=$NgLmd$(EmUke`)#=u6td{&OQe`B~t|Po9Y;3fy;H`H3Ca2W}3j zt+H@n`Pn$s*ck))&@+5=>BTtp?FsR?=l`6n{#-pC85AlRRGxkhn*3|X)1f}P%GIBL zkvwg6biv{#3AY#wRJOO=!R>6TfB~?EfAb%K}%3tz^H92P% zm_6A597kT2< zKg<)ag&7y#PgMGCddH7QY&GAWcxoK;sYM^hw?G@%GV!g@#td>S#4PxZdUIVd`>rFa zIu~m_v45x`>}=5a8GO6ubm%6r1^b`A6kqVu$r7GdtW7Zu**y19OO&La{1WyL(oa77 z`15xKs*?9#UX`D;s*=Ggs)%pw%Wnu&C3X_$AP%5&6GTfII|v=AuRQ4JcGV@dK%c}5 z0_D#6W2e2=Z)((cn|SspTeVc0!$$Lsv&nXtxLTyH-0lVz&F_=7N6qtD?bz}UO;FwD z6uY|xy5Si^tBsED6J(EKlKIA&uampZ?=XI1aA|FEfun!>E~I;0(Tw9`k!Ur)CBey6tYg~XIUrHH|wOnhx?x&&-3T;JZCnf zpC9i&U+&D!@;^T%lzDE7`&^y#+#jez@Ngg+>|sp|%-~M>pXa@~`e^WgY8UWzMbFrY z)8m`THO*oz+lV1!N5;9Y{PGg;rh2Fep5 z_n|Guc${bav^AI<-1e^n%fTc5?+yGJ^5JT}Wq&gAfxSqFYHz;Gkq?|3?3WLpC8u#B z`7i`pKUw*(nzi|B$%k9C&N=d-@V`$+K2)UT!xaOqVQaR0_*l*wo~(SBA-oMDAAWSj zUoIb}`gr57As8r6{LSP; zMOr>=4Gkb4{IrF9c$jBSMm{|9{gaRn;ZaWhl|7U1hCh&H?h2$Nv)C;a;9=DV4GW#n&s&B54 z^RrSR?Ty%bHs=7;Z@>4FW6dkE)uVHrx!0*}+Z1~--*8z&n{t{l@WK5<)}x#qFfz2g zp8Gm$Mdz&4mb5&Wm_uxrzZ<~MMr<|{le%!S_Qr80E%|$FfjD?k9#MU%&jjNs_X>Ti zv+k%Qo^;3d8|ilybSu9pN}r{AAHPfa(b(TRC9S#|HYW)_EDk+Juv(@ZG{2@0oY>rFQc@Kk&FfzJlVV!@+@`$tSnf z)KH>tI8Z~09Zeh|3B4*04qcAcTI&DUT+S??8mPivCa-y(eVBTw*j&!3!6sWgRXL)d z?fRrbU>gU2+t0a5?7OTc4oki%b9S9m zBPuwSJ8ReT;qS)2VY`b z!9zcyA<@r1&Q#Huy08A9hYvP|92@yzaH8`ZbdK+Ca4KHzp3ho~?o6Dhu;UNsq?+qg zYsvds1GDcJye4Pj+s?;MCYRU3{^y&?;fcq*=Y)H$gW?|^kBT?X`d&tFl=*nllP?F1 ze94>#=K0g+960uV-E(QG*^wiBYh@y^Lg#tPU$VwE%q7g8>=5%(d}|BO)*AVUpDF%< zZ#J@jNx9A%hyL&Vjp|GIDB`}tW?jiS*b71v=Z{ZO2{%&n;G}hi9K(;5@tP9QJMvKg(Xi z9$VEWd3DgccsGh49(zr6q|M1+2_4CH>dJPp6hEY#WovdcZbLL=IV@nKe0*G>Bo2m zJ7=5hoYyZw4#OL(sU@r>PoH>)GmU9W+d0fH^|7PP(YJZ;SC)}E9?a3o%v_$#fnT)e z!T%U-|G?N}J}N!LyEgH@T1+OL%6K_+=q}2G<_W^% zo{1lq6UXHGE8yPDg>kzRe&4~N-M%*J7--Ab@h(4+lgQ$y>%ytz!f>i2haRH|_c{1! zh}uqqpDKCI;E1ui+x*{PbjIEZ@0jl_fG3Zi&J;h*4`=vks_`2#{4_V5I@hD`@L4DH z8$?gNl@3jfe;=CCx8qmj==(l5ess6|!<_hX4|*dJ#verA?7t2@fd25}%}Mk?H@ami zx^Y)N_NN;+uKy#~?BVgQy+{0Q*L(8+ z@Osb4S?@d13Gc_>XZhB9;sEQt`ft46SN|2)`{#T+=!E?J>A&rIZ~gB7EPwCN`ug~L z*h#GSzmjkC_tACF;Y%f?G$C#}Zjm7T+0 z&3zxl_ftG12L5)Lb1U-k=K>wy`WQIag8s&4B7VjqdgEOtv%gpVK71~2&Jv9P2P7^G^)jNZl0nHow^5bUqV7MXf={@J+X3B|h z!yL?aIIw*V+|Hi7If6&9urHau-r7PtG_^BObdY_b3wr0XM;e-cE8_5t^)U zbJnjF`*g|W)RF;H0+=#!cxSEuDbISK_EKUFZSWuQ4tVg%e7?oJ@bL%dl^%M;#9FW9 zoY2x=e}CSqAKqZDS8@K~QerYq4VO?4nSZc`?`V~?4*mUB>L`3rUvIU?zy~qfr~EW= zI&jCqk=97}B^wmGRm?Z^VPc!sxx|}ACxMRo%Z@aAW2i4v(>j~Kj1ddM3q=9O8{5A4 zBEF%Z_zcCY6z@OJ}G4=`%qcPV?r{kY~F9tXFfOAT%pbA2xKJ3;vEC01O2PJ0x5w1PwN zTm}4A0l&e3qhsKfIJLPi{A!PL&vlH~0!=X=otNUlDjZDkaLib$Md`T?`q8}U-^42q zg3GrRpFXR-=U4Res{TK-y}|60;0)%rLi_8}Q_V}je=U8)pXT`;{2nxPY{!Iu;wZ^p z;XiON?&4ptcyK5u1z|{k+y}+oL<*SR<&wF*Z^r4a_Tl>$@Xa_nLnL-oBI^n|MiU2&E+gJ~_IqZ3?_}n@3R_y=zK(5WzE8M$$V z%(vE;&LelX7M#KF{r#owab(F7a)Fn_FL|u7&Ytal4OrTMDM3vrv3Tp)X?CoDGr1Cl z=^W!c`gvw7=aj4kpU45_wp9xyIk$nlO~sF9*o)ck8Krh0RvJh>r?~Tr*otM)RdD6@ z?n?GX0khTcK|Ag<8Qo+zjAPGp{t~uq~qTYhnKpvc$XiC z??a2bKjp_EwCKm7Xizw04YF|PTZ13)zM;W^acF38*OezngG+?N`fMEj;G;eotUq}i zzCxXYXz*lk_z?JR<98#!(yguLufEAPqT@UKUsfJG?!0}kCi<}lm|GEaJ`9>0i7hk= zS{g$>;#j7p!pq+dIYYG+8Gq2^!Nc&tZ1nydE0u&7lw)3Un)T$B*pxdO*UVe_(Z|1B z7ARd&%vt9%zq4xI`kjxO>ln5Hyt#K%-AH>8du(>23+k|W4uCJ&B%U8x2me~wdVasp z-){h&v0QQ74JGtbd~g-E>T>w!MsmeBk-J<%pE}E`2fXNe=Sj|q>E>*lTc}}KtvUws z&S{>T$~>k)E65&8x^)cpT}0pi(zmmN9XDK|bITpON-|1x?T1TwY;O;0o%#L^HWNAL z3y+`EUJLul|L($x|2l8s{0+j*3J$IU?_OVz57ZZW$=}yN_=zHit!po^cjv>`KKy*>eemP?>$$OK`R~I9 zp+n`Z>U_BcmH9aNdCTOl+FAeiMt&e&-=lh#SOl6}##*j`CU1czZ?jT8w_B-R819DV(H}! zoj>|M;|{it{+vr4ydxwhC?^W~Ng8xU|`M^hYmihi9lMpD-Kxs>nS_q*crIohWB1L7A z&|<|EEp>4h?*g4F_TpYtRCG}TgciG0$&v1jTk1kdy9iZ@E#2B%ccD#fb?dcptJbya zWoFJKlMo=G)NRLBa=*X#oOkBTWD){&)#dXE$(%Xoyzl$`f1iKvebBk?UH3K4w7KiM z=HC0@BXd>`XWG>8w|Q>(4EH|xSYyq5JH18WJ)X;~JMz_kd-4B%`=z-@fAZ4f??3hu zV|AN%4(BYNyLji(V0?{pCFk#a-#;fOs+_R-SGo7$yV5)TxykqRWploarC(EDV*G0t zWofq?Iz0@%c0sqDE5Q-;lYo9iE9yCwS^~{1g_fc5G&G(-*Tu2#s;>0&zhnz`U`M56 zQSOC416kF%8o9cLbF^7!H?r>tKUdJpE@nhZrZ>yhT8ra4U zakjYPjP;DQjBySC_g3Kk41E18xOfg+JRi+;zQ9^vWUURX6`UObXGirsI^`HTUOL-9 z8=YK#Z1fKFRT@3jiT>^aH+PTWT%C1{5o0~u8D|IUX?8Ni5B5v%Dh7HveuecHIr}%g zMR}sQEpXcCudc9P&Z_ z*1kYC@LWIH!1G2nJQI=)dS?l;;b~;Up+Gk5L?+ZAAF7ZKT6=D8W%OA;AN|1|K(GU^ zHw3z(L;LG_;C>0TyPF?i-ti!L4cudL9`}LchuLFDmftS*W3y!5k9`b} z7&$U8nrVQRV^6Vfhn59zow1&}o}2{eQhjdZhmnuQ;Bz4`Z$)-Nw-5f)$)@=BXhwN7 z$!2@LsgECTEp)ktF;>HOtDsNT5Sz@i%rybNggfEP%A?dO_+vHeSOfmn!XMC17qk~#!8FTyWqXW;Y{Q%=E1!k>`RY#6hKqu<`Yw5(` z2|1j@g-<7k0y@#XR)<(R*$tia4L~P{0y^Qj0qJCS5jxooo%9WXP6R`8iQ8iDc(Z#e z^dua92K-qZ%bz6P?tt!}a&EupQfOaxWXDqa`#5*pGle|J+p%vSSbvfGF>>QJ^LP5l zIQOmmt#_?Z-rTKY-F;!206*=}g8cevU~g&SErZZR9Dly#+Qzq1cgDHhBWEHnR;s@^ zep=b#3!s^m`09aE6k4w$4{nFJ)ne()K7X#4Z zscaJyN0^b*S4U=}L*}AO;4$g0+uT#zErq)4$ZX{KT{TM{Rs8xt(RbP2XMfb!lmcG2lY7}d&B@#Wd^%=2na#@8 ztadVAK_+&x4xJxlZBO+nAAxy1z2+UR`d@azXX@A31+R4h@6-#{%O zvc;Txv2iDHG~-Jt*;_^K(8joAytDTb4nfIeA~(RlZb)cMeexz-c2U& z%2_|nonUErHu~+c0_%kA9SzP54u-&1Ux(EK%gIX zffMswU`Nyk`av}dg?kL1H+IDBA^l*+2L`vJ9}WciVHa}$dUU`8fgO>X8*$)SPNsbs zYXnCLa3sCH={|4+pC^zX>U9?r&8_rxa<7N2;Mrc4elNXhbVBU=vrJD+ui}djd96H$ zY^z7FP**}e<+*PAD&C8JNj(F70-FY>;U3x9CQo?zd9L>y&v1r@_dM`@Gd1w9&T+jL zkP)NtSH5WOYl;1e^KcGvA9Wg@$M2=ljF;y3On!G$n~kj$`|uU6*TXe@FzUE0{C8}E9Jwf3<#;%>&C!A{V=99h&G>m23Ir|#t2b;z9t?tz}C06W;)%E!{xud?@!@n@=&e-fH?=RNLNP zeojGL*Y?q4eF5`dQu0_BrelW__i6J_dK={ozca3BZ7TEX)ylZF?QcN7>BHsj55a#&YlOX6^r24V&@I13b_RH|zLDwgM{jY)eKCAl*)SMR zt(_eQE{etd*)OO+uBU!G8j_Lq&@-@^47_6KY1z86V~~e8XXPPsTJlhK%r|7e41u2V zbmBPpY`pm3lD(6+7PnEZcL1k5&`lk49mAUkrGt!L^h#GfW)ENP`+Ad0qZxbs=){xQ_|7BjflORmac*NL z0$b&D>@>9H=ezvd+wqYj$0Wxk!?hM`sojzH~M3KNPn2|(I4~C zA3O5*7i|UmQ07Ko$61cC3;X)UU{{Vcu|2KN`W34<`*RBLanbxNX5X7v*{lBuVkw%haSp-C-Q(eA$!fO(pSjcZBFK(d}o(m=x&f-nLI4J zhkegN_ONT1*8;{uw%5V`;r);Hu(N96iPhXwhn!)LWA?H$iMOD8>|Q6m2AdhXB-rP) zXrJ?0o-=!2ku{iS3$)+&9==m_s4Eo(F>PCAgUmUByqQ!wM?N~qo1?%(eQp!agVz_B(~HO) z?16R4&0Pam>HXE4Q|i*i4F_X0fkA~-t)&OC6I#_sHV<=QnulK+bkh^V-2Uq8Z`~?lqs6 zEylc7vJU88zK|q5qWyrOsk&kQeu(!ac$etm`%NdCZmE*plIsabe7vRV?$PdNYl8Tm z_+zcHk6L2$=edea*U3IYH}%z@vxk^CHCGqm%Za#m&ESk#?B|%`;)}t-5`I`uqM;PK zU%iP+_fC4a|2#EE%{6bH6^uL5IkkT{Rx(HaVY}ZJ{eA7Lr$K+Q8lHz2ks;b^#|rm@ zb^d<)HWQ-^oeu+ClE6jqNC68E+S5Mx`i7c0M>~fQvY~&qMd6@Y8OQ?NJ9TSfk`$dm1x}1FeVAen zsTgZo%$lHQOCvYzU{A$6ioI)~>!&-$6@!eC0B3J8vbADwd{j_qmse_E82dNsL~ z1NndE{Y^jr4}L{Ij|N&E(EoGa-{t&2|G?iv_5W-xfN?+nPixRW-`KbL{qqy#1*yNa zHv|6<`O`PRuM5WY_y1H=kI;!MNFyV<;Mvq_XbAr8hX0eR;N_L*E98X-Uq?pZFBvVK zJ_oy3ygy>^*QnWv!xstY&cu|F6DjC0zDD=ud^JD$Uf`>N{&vEf;&budW8(V)pHkjF zrPc2vK1qHacyYb_Jn*2NHU6BHjI#=v0l&(hQS8|+bWGNtgM3q*s-Hh6hOB{?I*^6d zpR=eD`7eJCvdHiZFgg?+<((3|IH-)HznsfH{+Ac^WUr(ZTvUrUG-NT z)}0{tqp$B=?9EDk#_Z`u@5W;`S3lSb>sq~&DVYxqy+SW7<}Ch~ynNp`Pd2T)4ErAZ zC7L7J3pa-L!fmRXovlng*?S;+w*}X91|Ihv3ghv$T%=#pFPJV>@;jxab(Tw7b@+}<-e3Uwe z&&IHnUuE~0CD4Z5W7-&&?zMYN-K#xjCwt6Ef9K~x>|}iNT(HNqF)W?0ROqARd9%mt z4DB(^`0Oz|*<((6%+G_^i64kqXG?gG>CX*5p2@nAm3{T2_8ekA-pRgkSjiptbRav2 zGymaFoa>OCY9uXcfvKT%wd&DnB zI9Ke;56Kph%-#EL=wc!FAmfuGzx0qNI|sUBkJy&oBQ617$Q3%%B$QXJZEI^ zTAp3UJdg+N$RgQi?G0MTNZHqo#=eGE_j88bN9h@nFO=cT;PDN8z=^+J!lMj zDFr-qcCd-T!LO1*9}7ttEuzMo&p zxl!~*!LOfLFBzh`oo?{{DDT;=+74=VMxxufXDU2b1)t9g_V(Ccw`Z z-WS+-5BfL`_t*Y&@ZH52hZ*B58>O`8bR#I;#>DxeCuA}yAFKUhwyEl3*@@RH_!FMH_sb<(_<-{ z-)6=K-*w=-K7?;0TSGZ4{@n1_?Epr|JMr8GgY$CZ+sfh`yTCjfmdohP`5~Mu|7Dpo zsaw9pTk$29%GSZg@*d_{Vi2YH_QLXd8nQdxJInnMxszSM`EWohD~MrLr6TV4hCnMX ze`jD?NqW%YA=dRG`uhd&J415*D%YHG)XMo|$PxOL?oS-xo_c@nmUhCj<$l(&={?jg zP`98OPHQ7vgIqB(DxkOUGf(N6kIyr4j_@=0^GsKLG&B9p(AR++edYPXUVxUN=T7MP zFng7*rf4QgUx>W?8F=LZ_+-%WJBPau;71CNze(eV>3)?@_rJ!5=|zT(OFHgxFYGfL z=bsPM$6Tp{OHv2tQ5Te=E~uTlppNm>2TiQWoOm&sIZ@$cP8{O*NPc_#uH-jsIWf-3 zbONI;_~SkR>Sd*>&R1V{LCFIFH4jx$7YSwjvIllZ#G;=q+`7*YHc=PX>qvY%q ze6PuF>{9Y6yv^jN!K*3c&ZWw?K&O)vLA-jD``6?HnmuuY?$^D6%y~ST`J2z3Z0g`$ z2g!+elAH+QTX{D96XZm+200N=?#$&x{0F%WPX@aB-}(DiWWp2hWMUuhLH5gEwJebT z*v+Su2g?HauX_vSLG>W=U|Asld2T>?P+deGR1Z-e$R3j&J)k^TQbZnXhfb-PvN|BS zwx2v`GxA_xo;+x=_S?+ysarE1X=bg-oQgZo*75DQekW*FIR>_rGUy1Sa|D|jyXttQnN<0U@oA-}1@9%mJ z-BE%qS6=-6CwTvwVUGLqDr~pXapwIK27CXr_Wcq6{m%~mevkJX+i(Ezo;0U!8RRCg9V)#y=NZ@89?Pf!|-u<_yO`QM3 znXe(sj&1g3*>l*H@kP96G4Da1dJiI-cH=L8jAtbWdG-pPZRgnzo;9&p$u{KRZasUT zc8)_oJ9HYcfvN7*R|aP`IPWs~0wt<7#>a=PV&e5FWL{Y~UeD(}jr7=_MEy1O>#}jn zkcHT=k3EG?Mdu!>-+l`FS!Xy@AbU%fvq$0jcAhKU$=`hU4gO9r$0T#~R@DUYSl{;* zXI%-_m1JF0{x^JC0gQolvKiUJ`1o!fiLf5+p)cb7qNilcQ4AQLrtta+5{+5E;b z=VztBNM~JG_*DUq4T1-{x{N#seoPIB^2PsxwaX9Vv9Cy}F9LP_o3uXwuj&Q09-DC& z^;EY0xEB1^YK@hwhdNsax#oQFQnyOABlyhhet7Pj*PGg*v36{h4(O}{nRF=7Da5q1 zI%Qd4V=9LTJFYDj*qGLLpnI)O(Y>-UccD|3h4P!sa|ONwp6jPmc;48UyFxm}jE{}E z3!Snol;4D%*cc1tH~DiT=DZBNV>g!>`?AEGbr**R6YyZLr)Z3Y?aPOwnQvbQ{`(wq zm$?VIQea>D`s9V;`XmkgbwYpQ8LLA&d7tP}aq$#3P5X|}{sW#%Ks(DGBxW3LqZng|SH_!WY zGsWMRWbKfCbVIJeUk-t8eztdTx=F(StMT9VY`BbizRK?3Vhhm;;q=T z@n`ephX?3`x~b^ZPV`?>FT?4 z{>*84?}oANjiX0wxyAU8FLUL)NWlZj<51mp8d=-PUL&iM-~)FUHaRw60-BXC)f1hH zM*@G0hc9&#ywU})97g_|eRRFAquQB+^1PFxSLW!w!g%oFCTPDMU$fB)Z5%L1HJPM?_b5cTm5%yE%DX<7-I~4{JNJN z}LXd$+rRQuU=@Xw}Nw>m~-z)elzdhN`5o<-f`?jnUj&rtV4Z`j%3!pn9Y`nwe?rYV3B#=;;R6CE&ii zxLqw9(b(G zUAs4Uo|JU2Sw}-|9q+?-9~4%HsMj;FDmP;sJ;WHmYS#d;YG({ngRM6#E zj|ct};onK{Z?%I>%vxq(gUxg@=~>XtY~VN7$sC?XoVkvD!vgZ47E*t*2;42^8TKhZ z+JwC_9^RP<9w#B2s*x+x;GG%p&P;e`7Ji-C_(JBwKlAW~)Iom>$ctH+tC@PPNd5ke zrrz{T*;VHk*0W$7W5WaQVQ!tQQMDAx z1O4P^@>5EjYvX*MV7^K2_n5nt$A%}UJ2@Dk&O_^B9ZA-sbrrp*g1L-jE{x?deu{Ys zF1H9S8k2dMF&Hn!`vy9{?KXM=g!>g7X3hikEa+GQewOmR>2;+1)Ka&0N|2w*TI}`f z$DVA8adxlmS%3W%$`hpr9xxN^>X6CWUwGg<1-^F@19N^N{3Y2tN#KOv4;}hu;G-JD(!GB%T|G6h382-T!Tovk4BnNOoPZDG@S&~6&c+s? z^>%1o{RK=;*wQHbW9RO?cNC%bu@e&z_k=-vw}| zzJ`*ADexv=iQX;Q*rk3UkKK9G_Ah?-)AQ(oF`RSKmsV}QY29D#(&tt8LHjpS7c_mv z)o!0NqPv818JrUO7gce-G%!^kLDRpPej=UVYYTJQ{@2tM?cQykKgjdp_m@yZWZqXZ z%e-$xm2XS8h{?~3=_ZJTsSafm@ z<#u=TO-omP$9%4_u-I^wnb&=sabwqR=8nz2u;3jV$a64jN%(6i;d2D|m6fAM@qK4& zYO%{roQgap<#Cw(1hBPz1`F5uvzn7l_fHsnoxPI_a1^X_3Uhp|^BXs9A9KH1*AsSK zRc|-zN}TWGxP&=26v7HT3D2_im%eZ7O)oCJ&xg&pV4e3}Y2NV!`Jkc`z2nn`?;x(E zcXUc-AWP;4aY~y5rM2!lN3wntc}b)9C~tQ;@;#it?jduMvmKM0&<>oG-yNUp-&X-Y zlrq0GW29Ge&mw4NjgyJWXY=vt?i1%I&s{kTzE1esJaQNoh%Xeo_Ve%i`p(v7(% zXY--_GqT%tZL5>{XYEnPQyYXmpt+R>V@m!ck(17J#W5~%6V+vIGrUSXt)(_~jhn8a zNB$D&Unf&WEob$OU-+kDy~dA3<&^ z7rmW#w=Y8<#ej$O{H^bDYfO)`+&M}Uc+bxZ-t$i0Gap>3e&70LW*513HP<9l2GhOL zweQ?GxDNQrAo=>YDZipFKVSdwE7+%xVxL0G%Go~x{FJ{Re-7Gw9=yGPEPD|deh4^v z=-f2?(+$l&F1j6Gv_9yWhw(`x1LNf2e`Pm5>Bpgy13`VzB7cweLFGxj08CzF|1BSA z54bylY_C`DBj;NwN8&kbzUQ&|17D_mt2SOfFYsl`??awLi_L@D5yZ#jm$tsl9f2>i z3SVYHeng9{wb>EG$9S%vFO%nuFLP?hm#KG_Aj7Z$^7139@GTYOK`}Rc)93}+qj~ue z4+CT9Ni{Y2r1I+gRRi*cYryqB?t$*6C_mz1;1P=&|KtkAxX6$AB=;Df#!9~1CmNOg zVQcrxUF9{*{>PI|NpK(^bgI>VUUrbrOT&CyU2|y?e(`rqaQ4T6eFE4g!BIHYth$R% zaAjh`;A%4aU^B-DS;uZ@r8(!XJP&!Oy+-?HC-bpIPH!oG$EaUZ>go2Z|Rkez_(Q78GK7E#e7R2OXJ&F68M(3F&57n z`LGWfeh~WD4Shf-=|`c*Re^75Wf9*JGH50AZ)EF0;}`KQ-JtQ|nZxkR{~Sxc&q7~r z4JY3xf?cS&nEXxNxg7jiTktFMPBzW2bRJ0qyH4d9p!d`xvqO1lb`9`n9JuQ2jw$2= z$W~0&0bB9 z^IYJIKM=^h)2&h8gxs?=hWC^IN!@#|tx?a-t;|hfYqhUsUBJV{ep&bAFum7N11COc z0C&2M9Fe?Jt~W9sIxnaCch_W|n1JFpQdcrHEWLbsDz^Db!R zFfvhg2{N;#iu0d$hxr6LYG2x4W*(+TRD53)e1Pka>eTfjHCPAzt_dhXH?z7I&Y1U04LE!&g8>N(wO^_=d#kC@%1;QK%* zFU&j_;M?jsp6e&uc;3jiOGC2FjE|nX6nq~D<%NOoY)=B|V1I6YO{r`y@moz`W9Q*} zRuR0ej%NO4R!F`r?iYU{*M_{XEq?r^7F+sy^qm*4iY=8&$ME19DUxkV{o6TdbXK5i-q`1sS}s4 zQGVI*`-_dA*bWcj)AapEzYo2PX!R*jzdvVA z4*&doV87qXk7p|%IKSUZaw|RsdcJhf^CjI(ZpLo%f6=9?DYwEAqym-gG zH@*0Z*+;K>4?cz$cmCZ?6Zie2_KvHn;FH^^i=19H#yxbT=7Z~%%NF50vSE8C z-VuFu?j6pnlS=(_Azo6=2ewS2o|r)F95>lKGB{tN)YO+IxfXvbdp*vfJVbuL4d{vR z_%-ZJS2A82IzFItI>!d%HBfh2WW3{%3b&W<;*s)DJ*q#K=QNj<%!PZ_U!na}nR_1R zdusoZWDd0seLm2I%Nb8S7QJ`jpP(Pgo0yaBzakhs!5N)qPSo#cPF2+EJSiBUGxO&Z zoN-*oS^ny@r%43=%^q71La|~)y%p4j2 z|1if}$$dD2%{cME*Ke9T;X$*}|_OMn5x;81wilV`Q(ZPX*VOan1IfkxwcM8|sz>n;KwcU{gH+Y?{Fr-zA&F_zJ^j z1b(0j_ge$N=F zzAjfY@#(qr7nQz*Mr4y{{pdsTX5Z~DyBfQ3F1$Jq9}qfb(^HqaKcu%vb|2Be`<4;2 zX{Ii44P&8)JJvGu^D|FDE3=^GnXIdhI_zehzejFML-^dZ zh{-ASX?-+s9O3?X0LKI}B#8_${@8(F7(dUQBKmr*Z-3$VH#7d>rQ};sN7=cXSRp<> zKW;pXxN*habThfDssm(>>LrxI?(mqW<|~`&4zsVr^vO}S|tz8 zaX*S&Oc6_+4=uNo=dx4q^3cwB$!4sz54 z55DW+@1OJCary!Dq7Ra>vVQUoe6dFwMeJyp`|!j9*~`3)T$?<`-NYL1Pxq(0e*z|j zu=^g@WH${(_sSRa*q4T;YiERfLVmtux!=EGmGT`c^7=O<$+>GM*Q|p+{Av2|cTOVr zv6|e+Y2-f6D9Iebhkq1b{xR|%`>e=uPcV0LlB-pkjx8|2@Ms5glpKdZWKU>SPuRmf0y$Af>1%FsG|Kkk*_uHbz ze=NF8LNng#pmwFT!uQFbC)G#onM>iHb=cIBd9N49QioUak}42 z>?45;kRQCSZ`>XSd9)n7t}tiV!)r}WM)^hZfB$9p`VOu&JL+-W=G;2N-GHww*_`Vs z^Y9?++d0Jbee5*WcOUyT$!+Cd)zV`cSwWofO4s*+V_Q}uZ-Ig2^)O`A)8yS!^ZD3H zWYo@V&Zu;Nv-c;r|E@`TSnorZWTqnT(@Uul{rJ>ZpE|!}OUEi?Xy`pp^PZ=9kB6Pr z!2ObE4amAnkpCMc>$v_X@7x&3y8Zl(;eCGBd!3uh^4{$X`Q6I(weQ{;diOW^TQXj_ zCJ!_-M{-iM9-H|3>GcbKDh${9lBQ*ke*_@NW0q5FO1|El;5hW%+;SY4Ja? z2>5?0{J&-Z{-0y`ztQwSTmvtmZwBH27U!;ayBiAm{~i7L->&OdGjseu*t-7VG}hJ0 zJh4wQ=adJvbalR+{!R8LvP(bAZ+l*o=wJhJKJ-Cj&waCvK1jR;eZaFxY_K}sBm1eZ z{^C74KTEZs@LP+~&FqhUGNFJj(8*`27mRJqUZJXhF18N>zpo4te(ygG_+kIFIoLln zqKo?eI$;$walh#eevR8+AI&TsoF;mm*C)7%0-E^PAZuDY#5GMgjWwm1=LTejU0V_x z&YMX;r0cNjkaxzeL)Ha$U89X*K8384kE0A(mqOO52Eo)G1hVdnvLbV5$A`o1{lCaQ5#JY40cR2+`i! zXyymV_Ce**58l;J9z8S2n)VNIO@DJ5Yf3TCJlfNqVn#GG;VfzIH{|PB+WR$sYn)=V zw+?>26@SGTXis}B?LoDV)Sj}u$h9!8%-%Y%7Yp|j-#plVkMRwz#j%4+k)QLiDN2x^ z>UR^eRgf)Lx-U(}MnO&oHcI1QHcB&V>omDB%8_yQ>b+&<`Cu2@R?hJKbSLjm>_bY$b-wbWPSLj={{mM6x zC#wCQ^6l=#E zkH(KMr}`isRtw$OJb-1P_z1bU*?uVXK|HLEdu@EAK8TOh5+AWOO*^qS%yU6}q&|p; z@m#<72+y1NNU^&4TH+(NrfDbfF!BKM`Xu;sQ!i8Yq$U@pG&o<*hvPW~aD4I$KCZuC z0LKmZWh@*YUOup}%v-tF8pbxQ+lGBjU)lNpaq0|guPrk*SMea=ruJ)?+SDMgU>hq5=jQ|PRy=1TH*KXtF4S?u7{S}S@R9!;a}F> z+feSN$w!*>>~wlZB^WJA$5f& zKO6j6|7n8tkKuav7hZ4r-TALKbv;Wi#46{pu=JNi8-g3vuxKeybNu&`fv>2 z6TYsv!KNtwWawNzW5G@F2H65pXe!+A-2twOJJkYf?Ne?4X2D%LJ3Pif^N0iQ$gysB=SA@5EW^_{=u&`-zi%`;88t4Ia_!?RCCh|LWA&nkJ8Pu9ZJj zx=3|4A8Gh~(?QPTviM0bpCopw_A~9*B7>!~wO5u-N9U(LfUgQ$oLJUlw@ZifE^LF$ zzq1At*W>ep>wnku3qGrdo8oM;7v6*%^=0Tx;v?V!eB)nkbJ}LP3H4hGeCERYV(`7I zA{TokccblrZ zI{5%}G6g!Rr5~GW5W;k#IWeET-n}}*F_d#%U4gzVi0A9tR(#6%I!w-WugnWKPBdzA@l?EAW-BOD*)_uYFw^J_^y9$F-Y) zaTt%s^2h0|Z5e5Dy6rfhW}FB;CS&U>-3a3p;xWxTk!d-d%I7(Z(YFBmo4G4q6OYtp z5*4+XB>u|Uci=DQ{Et+1DS9yakZM>s->7Lx0p9OrUUq#Uy!Sd6o$FQ^9Q&~n;r$o0 zhK6_VvizQVL&5Ve&p$PuZ!>rvM=ZfVZ>={r5?ZY+$lKuBZuAmjOOBV&U%< z$Mbn-i05A^KPJSlpUEGmAD&;m=JfG=fH4f7nR`Dxe}Af5jju0^=NHJ~{f+v$R6y6( z&Ot}t_c`W@U2SdhH*=5C#|^%HI^uftaYMd+nvgyE4E8DZsE2);#9pX^ratj3 zyqCbntHIx9>b9S$%`_9kiaBrh{bL7eGyi(y@0)g(JC7_kxu|b(hw&`7b!H5E7s;A) z^&7c!(DeQ|-#vK=b{)KC_bsI*zF$GS;jKg`tTK8mvmTxpDcyz+^J3A=XMmNym#+I1 zf6tfSknhBof35G(B`c7}y~qPEX6rKivvcgal9Cl~$u!mT-Z(Zv0-a&`^jDe}YfWa? zI6J#Wmo=_8x|4G@um_^(PZO_0Cn{e{`Y@`PUE4fghqmT)=*g=C9g2)nUarxhm!m_Q zcvd=eyJX|JIUO1+b4S24Ssl8DIii25NpRIC-rx6>?!A|uiHQc_u^FAQ#n+)mM>hDj zu+FbRB=B<)wJM|BIJUXJuL^qi>e>M(bDsEVE&Rl~9P$7YvKd&Dasjt656R^O`VSe} zrWzI1t5}%Lh30F5^Xa9FEMDzCQ+jyH7o2p66`xlr8CBGRt|ge zGW5)*d#AV`h5o~JE6@CgU$-LrM*2s6)52@E`n%Y7ad1C#8hSNNuE#X&q;6vW&`TWo zicY0}XfC&51-e{$Be$T}70dqSl-HULUWl$zws-HeDQje#iHnPo+551lm4d*JYR9kIom32YyUre|Ei{dGTJO?|FAoeb3l} z@lUP3=kvZV|E}p@`KgA=OcXXtB2N^v+NAfV^)_y z^NM9)L-ab%)$WS0E`jcAq4(rC&W?hPwEr$@LmZsqet;TI!7d)~h0!JOh3Q8jo1q9_ z)Zu%{+6)DJVQq$A-XohK$UW$r$Qe%Tg{v>f*Co34f|FUS9z?sL{a~HX@qR<^L2 zjLqnKZoZJS@;iNGnAhpo}X2oPe?|r%pa#8 zp1WtAKAs<941;Ic425`px!SiGLU{hy*ZP{+myA!LD^#m{H}2Z!Zp zVyU0Uta>={a=Z@vb*W=y*GA+`(H?QwWt-S*sdxPW@+y?aEI)F19LeeMIC=KWIK~){ zEr4CK>NCKz0vR+CnOljT8;5-`KAQP4Imp(ZihjYrnDeJD$8V6J#xTlH6+iL~RP%FC zIlt`n{hUE(Z`p0Hk@J8|ho;S3T7AD~c5VZFF1+8)UGtq6n(wbzvvHgU|JnIYAF25k z@AsfN4`Z&w_^sL_Pw+-RSwFPd6M>5odQM4pCgca5VS?W=6VgP?@D+qZyNN#_wAD`-TL#fI0^d!g`XGJ6sM=Z=e@>W zt{ds++g&aH-{^e*)x+}L;)}*_+TKb|9ri+B--tcS<@ei14&Jlm;yvSkmpb6zr~4B; zH=K38m6**!Y-4PsHf#HC)IM`x4ZZ|lXC(Psdh@X_; zwSfAYv~!7(FVn{2i-YG^;;&6dFLcw`g9|vnF^x^%S3g{KYn$I=z0_SgHq$hXegJ9q z^l4~UwpE-t;it*kt;fDWy$^GB!T+0nYT8v7rgNc;uPz+f&3=JEqzVd@8~vDqimgEr@XXq5lq6U-Icxy_z^ zk%TVt&c1*@BOzNtHm3GES2NczOn#a_PFu+TV8*$LaXj+4tp5Q&N1OZ{G5j12z$49j z^K1z|PhgBb?B6tVPxCtt9VVc|DWaP(5w{MXeM)hY!2fU+bkkQ~vB$3cOU!8jYfGzF z`&^!%=je=pUgsn8+!Z77F}AAbitm5;rE+5}F<&V=3-@jy>)5Z5U8N=Y4x%b2OC}^bs-;ZSS@m<243h~W;nBF#} z?uG(e#PYz+-b$|{qwm7-@Dlt7Q^?uhk);&aaP+vGAF@)s|vkj>>GTJ z(n~4!e3CB%**G4$EQXCE->lAHkd5;*`DF%@YZcJ%NT*+1N--AIXh}C+`DxJ;a&ct7 ztrM=tTEZCCrm*(Jo#rg_3EB8+5}7O8!0bnfW6clkMOX0I^dFLLVXfPM9rivs8Tf{o zOPskFyiFzE%$dMRPx{*D)1SQU^(NKxh4~bJaBtP9bKS=-W$x2hBd~i?`}og{c9Y1B zTaIdYX0V;p7jluM{NqqaRxNRWV|Ljx!VgIcn_S^9W|9qM|$$@yeA^&`u zj(yu=6od80Q%}Xj8t82;w%2iyo^orTWp%1)m&fWWL{qDWPZDj@sO*%Ua8yD8peS? zUL2T*_eQC$;9wi?XyTpQ!2{Kad<+#J(A$ZgC|n(L_0ij4E*$fAK^l{>CYqQf}6^{JCnBWgc*gL{A6Q-;!Op$Q9dG2-5o*oo%30L5$pS%KJJ>csE_<0%p97k65BD0R6 zcXRnvfxH68^4BH7j|YBI;7579$G}ey_&Jrl`b^^NB-i&?f0e{svs6Md+ zJfy`N*s~qvZ?u1a9xy>JH9pvDJZ#z&H4r0st{uBpwZf_=zK(pWwUN*5JHdgU_+qJxT&vPeR)swB3QsNh5Oy`|tvKSS;lFO0KVRGCCKm8yg@FPu-Xba5~#Ddl>Cq zvN)BDgMZrLrw;I$u0MU8{%~y$r%&o{i__Ksr_fp!r?Z&T+<|?g2B*-deC+b6W^oG5 zCZS)0Q~uU>`t0w0{Berm)aLrxedyQz*QsUdo#6V9WM8!0RX*I`55aSPD)zs zarF@3ZTqnNaqNry{Sfv=OAk0O`yp`fr??;bg~i8N+859M^{IKm;^q%;U*zwHurFGE z3SP{92)z8M?T0>c=KO*ka)RURG1v-e{VT}*Gvzk~gbB=uRA?35;%Oihsf_sRZsxnb=g;uhQ8NreEKNi#JEyqtLHxXxUlv8H?Vs_SP0~4&K{0gLCkn z-jRp%Y(3&&HuP;FoPR8gbM~_bBg=lN{v%nO|CiWXL-Y9v|5p!y|FGYGLtt;I9&m)I zr^@9!*s}zZ&~AitGRx?z5;NzamziEFrS!lwabM`s#EPL`^;og_+fQFc9Wb%!6g0aY z-rC4sCH?_oH|$j${O?@5W&=E{-W2Lhv=P3Q&t1OvN?^NjxzER=_}jNN{XB~K;5Xb$ zIrY6<{b4p1!unrYl~4aq2Xrs{(wsL?P%jrDE;E%M$2k`N?z0U3u6c=Fi>; z{!JYK7s&Zh+7rbJ^^fnvH}M3%I}!==nvEy;J<{dJR$P;KLW_wfpodI60bP`hC!m9l zqJ#Ry6V`Gaoph|;_fZ_LrVn0qgz>^Yh#;N-&mMt)kHWXd;9>c&+mYWL@Nl{rT?fr{ zvClmW{dAk0l2Pn=M?*{Jl3!H0chau{8==nkWA7^~LNnul%Xr`eoMRz4hx3CT0Oo#8 zYq_auUGdvoEvAj@`1?~IA3Brd<<|cA7&8idw1SUk81Gqh^b5$<7oE&b&K9l|PP{^# z_&zcdU*Nl*Jo#ti3;BK_;tMS%z5tv}d;wTz{dK_nL<64};9FaW4|`D%U)ap`E%=1C z;;-8#zYsVGIig<+ z6VdVa3gOWZO@ndD+mPHxtAG!?gE2b;O3=0(luLMsFc`IX(pE zGn1D-zuji|?SedhyRrg)i@|U3nulKLK%S+MWe4HA(MDDl^4)0T(~HAzN8z_)@LLZu z?gTRK<;7ZiKF=LN9(l;46#UkXJhEpSCg8;+`s04fd#yh2O&$ammiMgB>u0x}S{@y= zJcwLZpM?8f&GF!qf1>i}84Hs@9=%vPGrQz zd$gSW8tx?@-rpZ@@a>7|1@`;ldgR(P;&Y61cn0x0c&ZcrinCU0(|gz&vg>U>?erR8 z5W~i3Cf7V~-&Ftu?)jczfSpy#+G|<6{E(>`%on=tm=>kpl72D&kWUMCe;=+X2=j%7 zM`2FY|5;gF#)WyMSPVhE31rvXf7Tyzr=gFFvbLAb&s029aZTmhC!h`WLQwCD6!2$hHy; z%ziK8$CGa}Ij`quVGw8S31E;!2YS#!3R-E0W;&pwbOYCzw`xve_@r*dcO?CRNT{%XGXh&zt1Xe}d=7<3FE4y###+#|&dEXxql#J^01W=cCjpE6&e6Gfz@0 z9j*&VK%XV}fiCiVx;fat8SL5qT14ijVJn?9?)& z5Fe+)vmaxr*ejY4Kb`Xa%4jBm93S%i#-CR{7MbD{Tn z@Npfyjf@MQDSJGIOlwB(H4LKnxaaNor=<6+zI$qimG48-cjA);L%>Vkexc!yqu(;@ zeNUy|rdl};+=e122GVb(Lx9PjntuD9;4^@J`<#VKV@W|6|t>cY9 zvulq0(G&9W+vD>h*nbi1zX0R>HEO7=bX&l zZ)ToNC6A$Vi058GZ*Eib-dj8MT(^#V>Zj<3rF^XL_fM(^#5-r19uPk$@;!BKy|qXD z=l2)?o*urJnH~?{F8+N>?I+%eJ@%!C?l1m*Z|$$%>BgAfy}|d#JO+;uNY$jTcNM-0$}9#$Ecs|93Mp-s5f?jn~F^cbbguXJ($w9NAY20 z?S#nQWUSoHP&cFALcOuk*a_$6+X>hjNv`|PT;)DZoZPn)M!Q?-#pF@DSdE>Kq^54Z z>;&wV8s>KkKS^vh)0b;j&Q2Is##q=fiG}(ey@`Ec=d%oiK%b zBk84HZ=~y0kItLBeXkjd@0*zW7}+?cUdWHndrO(~Tx{hT*vk0ruIpEWTIPQCZ>hK9 z`Nga^RbP{Nit~Eg8)`BewMOjG2G;E%)9>eV3LEGFJ}b9?@w2ozxtiXWL4S=XJw}}M zliby#fyFxM18h;|A%ABHJ*293&UTaQ=qri6)EesJbStsTD7I2LYnYF%WO_KE0}|ws znDZrghu-x;-ZRDY8Ke#hdr|d$QQ|VrnCsjX)VkUlD4uu!wu-(7>eOVG7RjtfNm0bD7WC=62pSnm0D7o%c22d9&9TXx_WP(*owLT44Xo8fWiA%w6kH z4CJ_{b5AC?ULNiHXYhC)@F}o&y=9_(|I7yUTH0Z0pMDta*&Z3eS;o4yBcT1jCev9B z*NOJg!8%*ZYqq_(0vmZ5_~rUeQ)@rVt;o{;Ic^(&dy4|vUmVbWEJXY4Sq$yZWK473 z`$aCI&ZqqaycfT)hmGyO`&#$j>O9)dtDRMTdLHfbS+pMmc0TQMZc+6)d9-ieo6uO) zc>ao>C;e!D3G_M}TE*t>z;C^@2<`t9c#re^-KOG!dA=+;f?YE2q7VK@*k40yt+>dV!+HW(oza~pVrnZ+o&SL}7{uE35yhHE$ zI`4t@{Tjd=?Kc*q{bwiV(LQI07NLFSa{E^d?VEXT)V$f3*?E61Jnz*5&$}4ypCDJl z(tdmk^WO@tw%Hul2}81Dq@#ZkJGG9!I8ZPQ;cO3bqIC1;) zP9}w(RoplUzw`kE^?ABtk<<2_CnmbzDIo`eI?Xh^JRH5$MNQW^{O;!W5q?tq#EET` za7}yD<0j{#l-NfZv5&EPKmYH*IO5Q%hhBfr0*mK(Ul^AwnG3pwe6Tj>^xcX6(FJV6`=9NHK`g`aSqfd?BiR(K}f8$whAN%c@(l5|~twS_>*T5$^ z&~>v9fR{e%IM236%AXx}xyg9vSVG8rk_~_HW9$Q=hJO zbXGfbuADsi2;#`<1UfX?04x^6-|)50*y>nBAF{qaYD^`2{eJ0jVDc}(BhDJ`MLwt| zY!kTvsta3>F4Gxd>I0d8pACPb2)_rzz=A7N$G=NteQ-fc#VF)li{_=^oL0Zm*C6hcZmnp`z{f) z{VBpcR}tvsYuzdE+;s6Aax>8cJ#Dx0bGVV89<-WTGX&m>aAq*HaKokWmUw9&JOw?r zKg{nn{C<%6J;)gQ7~^5+W)(CG?VFmLWzo!Cg}lXj)2vl}+J49!Q|W-Wx&z)qmKok! z81NQ6W_Sy_?qe+3^nzzm-U5z;@zxJ3pl#-6@WH)C1~A7gZ!z~YV|1{_4%R2z@hK<7 zTMevrGe4}=@D}vvvF6l+A>IP61M$`d@is8b@)mF`O5rfw@_7(=O&EQjb-OcaS{NBMjcYxPs;I*4MuVkIb z1tT+&OV^$(keT51Q^G5AS|q$a8sPQu0I%pNgIDBHp3GbdoEfXH{`@n>>muQmxn=P> zmw7VBEMA#=nlU<9V+ZR~&%5`B@rpdv-Yd>pvv}RjdRc!~W)6bakwd_%&d?Z$7q^k$ z_H}-SB1?C!7+jXN6tidQeE(FJiNB1``O_sofq&8~o#UlT=cKwz=d|~f&gqEZPX}L} z@M0IVbQn3&jf_14oQ?vgWAK5ALp7JOhY#nX1$&Z-(9L-IB%|jh>&)Ao748%2hlCDP ze+O?I`>xBh2P}8r10Ljmj08FB320DwTn^nE8=)@n&r~v3o=Y}6bG+T;Rz2vy4@P-Mly^WMlcKyM z$~&UOqNpL88RZ@1tjs271$z2!pred_3gGGI=)N)V)V`-09Uj|xHD}+F>&kf`7RK6- z=IR6dIL>4f>%*VZ?6|L-eASQj@ebKGz`V`jJxA{je4hafv$?Eq5KMo+{On-*9blTZ z9b({hC3sy0URQ%xaGf3xUcqk{_&p4MyTR{~8Q>NC9s|E|@Rgu8|6s)Tb<2J@tM@@0 zqT4s@ec}V?D*Qg{|K3y3&(7vGC+QF1O)Hs`no%;ReP+p=4%VAyy`8ML3wk~bJ$KIo z4t2m`0dQCdPY4c-Q>8v}z|Hd3r~04^*5upTj?w#t{22c3Y+xrI`-149g1L-@$71l< zN_cD)JhmDhV;*T>+X+m%nCoHY+zqcCf!B`0YsY3qGmo7uJup@n)@Mx*%>NC2A24}C z-v?aZ(D#80n`dX=Yw5MioKJK~PIurVc0O^To1j0};?&6|;+HLoU#gc6w%IjRi>Na? zIMJPquTFlsDSWQwvtsbCkw;+YuED2C(azyzoNopGef!_nS0jq#A2!m1S~jur50!JM z-}+n{Cr=w$n4k0O%Syi&4}QUhl74bDZq5Q#&P0j(!0!V&8uRTPUyferZv8u(GvVu^ zNaof4x|%gS#u~EpUm4B(U)E#t)4d>{_jkEm!sqx-^l8@H;K#dt{d`^)#>#It`IhTg zFM8K&aMUk*zy3~etsQxos^&T}!mK}5n0pzlKSusK-zAazg?c2re(w3G)?ZJ2+w3Ka z2%2cFHhY>o_^Zy5>d%MCr`@&N>&G0Oj5 z1$pA>H?S`!{V#xpZC85x`_C&_|gEd z5Dcy^0)ro0`l$BT{zNF>+nzyW=p*9SgN;!ALL|T6j$qI`!g(Z)epBquCJtogw<=#n8uZZkgXy+#U#j;^cZp7kK z=0-FsH{!>@wlEfN=W_{t+LOp5d=1KtFtUXl3)9Omf!@GQ@0T0VPJY90fN3r_!mrO7 zAHs`p@!Vhed`fW0=g;agLwku({m8e&{P{+}f7T%I59LC9WT@~b7h-w{{x9+OP~m^j z^zgsPy=@@)GoOEX^XbF?_5tAk=qouHA^5L8P57(cVUN*2x%0(D_bt@3krTY%@OgD{ zK96H-D5uBhn>s%SU|Yd_76$W?{_*RHN(?kw_}-=C5_utMuSg*|Xrfj#hp5DXF{kq#I70JNcBNgA)8(~VPShs_IxpW?E|t|w=kcrzC9l?Yc7;czTJjTs6{@ZdH95u z2ldGmC7-We@Os|V3wx4X{cU@EM2(Jvj|lthfBnvvT}foUx7GNF@XKB8-r8twSl?Fq z$!~KqEDVQ@1#nP)x50g2J8cNruA*Zj%mR6q)0eq?_dNZr^$(=K(cQB546a&z{oNdz zqv&yIFt@D!_J*pz&tN|An0!Rx`P3K8XZ9a*KHyWnpYVK^7R+bdY0l?(AYc457xLxH z81$(leJY$a7t*Z1-xQ5m|F1*dPT>D-wEkcDs3t4-1OM-jM3=zS%pV$--(g0<{Jo{V zypgU9%bO=cdi2GB=EQ%ZH~&24eEiz;luL@zTZvz%hz}_Y%i#rcIT*}E_Mn+dKx?Nu zPx*}JgAXb^pVZ4a{uJ%s`-h$nKCJM34i?Pk^MC01-~$WK=iY+(+XD&d8TIu3lb%p6iHSLpPogtDeiw(&kfn-EYEM*3&x{CtGN$sQenC_C*%9a%Jv&1C z`rz3|3!mjX-Ls2+8tO$dm7j8QLZ-q)c4~)VEbk6TTUKg zVSf&f4V_$gaz8GnZzzi#jxf6>?n3g!~td;A7owEAO&na{;pU#$8U zC1>K-9AFL?y4H>=J_n6`Rk5)Hy%mPPt+%-mdOlg1^LNTu2CeKD?F+}sbH-l=4&=X! z>=jS`MD;D$hDB?ekWH#>GS4`3+`q@yhKZFcXF<1Nka zv0#2Zq4`;QIve_a*wWSz==&SN9PEDOjiT?%zJ6-@{z9>_L$DBy`}?C2CckU?dDsoi?{aDom5>YuNgUI@|xjM%O7LK9}D4+ z*}Qiy`~m;j`Fu>ZYYPY9kGcZ>;IncQuL$@K2GQ+uUv09IAb+0uGYZQO-VA z{_=Wq<4k=jW3{W}CnKOXy@lK@R+JayFC)tXP@y9+f+l zTpHL_k&$MvU}eLvKkUnfj~Ao2);A=dxA8lPv(M+<^wa+Nyfc6ix!H~8d=_Xn$meY= zmd|_Z1$p_rEd%BAUh*ZA&&&Qlm(Tmpj5Aq#x5?n<4Dxx`n?2hscO-Xe0!3U?4&$}C6RPt@qSe<@8 zuNgO-&wJ}h#)t2+Ifs%Z!Mh9ddBtx-$wBK|lC#rg&xLi2`dAg_^U8kjGWJwXpJJml z+WdjK|2WySE2w|A`2!`3sP~EI@&`)!T+3(Kf8FGn7~8hN*T2%ezh+M1{n8#YUe11% zzv)VRqt=earZ#6rqSKLE7x7-3|6R6s+gAf!7ud5E^aAV$7smYO0yrd)J-$!Ck5}9m z@`ok^xn%8u>Be`PAJ6(EzLl`udyqL+AZJ7NE;8aGH{Twv*n7y%H?R+0q!(Ae`Qmd) zkx!*w27=eu3g#ZhVK!cYttcPoijbdWpz|(&TwpI-U$nKG*Rz)LB5U#O>GHidd@bL; z*gL=)H1}mi=KlXI?5q7b*MwkiebG7lBk)HT^cOHRLM(kUv2?*tcD9E;FA_6{W^ys} z9_l29U~|KpbKDis&3zHP zRLtgnZwUT^d1(OimMolue2xFi`TQT^J4@etPAC3XFjo4{efcuf_@D8Q6dA9Lc;mq! z-l#o+kr{Qq%s8)L%zq8WJYv@u^Le-=6m!&k?D~Fun&bT^{irNY3ZCEnFCOpL1>=4F zG{-v~{2eG5Ywa1}Z$yE95HF6w-{v4UO5j5)r`xvX@4a>wjQ!zY?86q1%|0HV2>I2z z`A)Jx|13V=NO`=#%CbNnuMN#H8&fHe$Cm~3F1By`W60z0+BHOcf5r_1tUwX3kb7qDMr z&z5AbS**8?`tKZXCGJs8f1T?7{dN3&x{+>zd)yO2%xx8VWOYEp(Tm-6Tdc10;~mxq zS{N%YJXcRWhqTrmMc_S9A10kw&{{z6%-`(4Z#41PTz|*zE#wrV?@Ui7#yY$im^1*B zWxyl`Ojx^mKBjNA1b@OS$s(Ti3WA^Ju*{@S{>Bn>He0cde+qrmHH$Jh$ zz@Q6Q$Ty){G}WYeOMwwEYX@c>z$^{SI)NE}J#$85GByZ|xF;eQvG>k{5q5QaO*Hem zg-zX=!A3BtJOh~gOF%=Cm)1Y2{?>W^N!F^|%Oq>{fJqA2g!?mfLQmex=s*UayyFIR72r&;b-^F{pD#f{{E(=&xmi&o)JDIo2mz}aYK2D*A4+6>rFp^ zd2S?x5BZ~qijSQ^KY+R-`0(F-t^199e6;2Hl?TAbva`fT-D%)sC^!!HXd2S}?6DOi zm!En__mAg(VkSerpBi-Q1Gn~2m)W1@;-B$(@JAiIy#O9w2yY|r!hH#K4i|ZN=m7G} z(E~;D=-M0yy~sV!vY(be-BE4;I$){YzqS^So!EVASRaZ{ezSOJd}4E{t-be0(0{?& zOWeD(_RaWxS^Gfx?@=q`-vIr0_Yh$eK3nvUr2l*vq5tXxBlKS$i~{{P{I0-uIt%@` z=nP=Ui>0XGm`{;o09Zx^61-?qHj|>eVaO#(Z7jCHk~U6=;2gd z>Bi~B;^*5trjJ5g*Pe4S)gz&EdN|?ZM<@9`oSsyVrl5z@VrqZY!zujzF3u;iJ)9O6 z`QAJq^l+*x{(Xz>;WW4S_l>rP)2!m(x7i*}GlK7rM}}iJzln8D49SO}hf}0x=sld8 z>DSa;(8EdB9wnbnIw**Ts)y58sEt$%rni|MPV~vjt7lk=zUI3B%)8tV(TB#^5nQ{3 zeoWq@K_8pP2k+rTyr)IJnZJW>3wt=(`5YdL9<2A{J=hWXdJ7$#=bPcP?1=A?BO*JZ zw|W$@s{9^K_PwT_o$uem+{YBgdx({UdpON0(#NLk^YV+2qK}6B;z1vqEvN3`v@=AD z`>6dW33@n9HfO+3a!-=i74G5m68@IN+k!qe#FNwusTnvF#(~ON!+hdEiu-79@JV10 z?%@>YJ*5SGY$kJlRk1!c6Do6kZ06JFsc0V?=JNdKPBz(jw`tzkt+t2LQ{j0dlLnf1 zu|766%-!~}F+H51eJ_vpgW4P~+Rw-6p-+qUaEj5diGF219S1#}bZtjK`=K6AroIM! z-AioLqfb{J?JpDUpX1ZMGtd3s_%MCiKgUH>HF-+{+Fv?&4<~E0{Sr7C+F!tX7hzMf z?=&>Zd}a(r`>_Jr=d)=4C2}Qv+8+V!+t{ujr?u}jHUHHk+?C9|AMG!J_Gd@^Sm(TG z<}ZuT{`G4``yfq zKeiXrtS}9+hZ~573Tgj)z`)QxYtg%^PJ{OU^4uZNK65!gMEhekZ}x6>-sRzWuO4{b z#b|#cbGNkLuZL6QP1)FOF@IR0ofrGy(CoYk^gb~A)7G<(_l{mf|E8*o&$@rp@MrqR zd-vhH%F3{n_zu`JI|KA@>KvVm_m&OPziHQJp=I?P4#j(Gz~5QMd)u7#vt0E@f1~5Q zJB##h`VM=$H>!Wr`=M*adoM>eyaDmvw!z}Pb}fqcUjCn_AMc$3JrI*U?fy-6+;F_N zQ{y9p3*x=z-G%Yq&%&cNCNU5nYM<5cfx-E&Fy4E-_3ZmM!GA4p1pmGD>Hhtjo;zmv zkK94}KyHEmwi^Cx$>v+s<@z@b7ym5=p2%SMudQFcMT6hJ>B-N$G5wp+ZSe55?nC%n z&a{6Mbiq4A@T0p~%uJ7Y!~;i}r77E#40!z8zZ)Jmb$Yu@|p7+$Sj5Ti`cIO{8xFy_oQ) zG}h9KiG5c~j9yHmpf^3Q_juz?O-`d~a?}ej349a(pS|~ikE*=#|7S7@;Xhc=pr}b0 zAX046qT+}xNd^RqEpDZyTiXpdwzNyP)Vf>RrELO(QWv-8e(7#@%WeUqQb0>8ZmFfa zpwo)3wNkOAU22(`JChKi5=vXRraHg(dG4RNb8{yd#CG?)zpt-Xyv)qK&vTyhoada+ zbIy6r-7Huzx%loRzrMw;(PaCn@DHZu(-t=4_wQ$%QE)4^$gXwa z^}pStVsQERlRX~j>}agNN~;c(^`wXkC!x(fPN`4p^)K@76R^rq6?fbHGPFZu8oG7H zfS<7=KzrNQTD~KT-uzhvE0*G-|0x&!hpgC#(64F^)#YpYB*!sE`mz0|lDjPDvFy*b zKh?~S$>$?^YxdO0`w8IvI^jEQzTVfoJ;%JNb|goMdE3go$r&p5Z^G+M&}yGgPkL(L zBt123lAangNly)#;epfx1=U-6yT&iY+E1#>Q zw&r53#;ONHK37L0pJk7~irf-4CVay(UK!IT7?YjPWyhO_sd!~RA714c$@x+6v&5YC zliMg)`CJw#em?Cae&*hGd<^Zr=e;|WpPGAWZ8^dpBk^10=%DzkN365sw`P8Nb5}mM z!@*IE;cAhgO87Sd{*7_fg9)3tGYzh@qxKpx_b+BVN6wGFG3Gqy41&r}lK1an$I{p_ z9qiH~HBb1rd{y;n&pyR7X9~xi>%l}_^8?0z*g8)#QRT~{`^vR>theM0 z<_rBP`ca3kHa*{9y++%{ygz<B;8xhRA38pOPNdoUA`LJqJAWG`|UY?(vzgR_06cf`h*E zWu3=nExT!Xz(dPNEn1xO*w$PPbRHYLZ00|C@Tb_&vw^U4#{Xr-DyRP}v z^jygMVa`~x9XIz<-*=5g=>MEW|F5ve>WoCYDciNKJblR-RruGoudL7C`rw<-$~lRR zV7xYBG0+~`FZv$*#$F=79!;F1>Wc82U!7w6Tt%IoTWaBh4KCW9d0-3;o;moLJr)Zu z_??q5@w|!G1ke9A(I2m=dNA#bXPb%V)p&HT?lH#`VlNnDFFVJt9t_W)OjtM;{^ogM z;(qqX9p)anOgnze)J>`$%r>>RX_Y;4@+-EEGO^NvBD{Fxy@hMisRyH**lD18Fm`t|y#3sw&#A8vv*gW{2QD_lls9XA zC>!-A=)r#HYp9v@yr$>Zve5JBpOPNzcMAOM=FiVP^nC4X=!skYCuJ`S^~YGd9*oRa z+<(5r4OTTFIuwZhe6!(_NM7sUr0}rhn}iGH9he{ zdS-j*Id!9{EB<8sxv!9(Di1x+ze#$Y@zDwy4U2%bfJ#e zZqcPXcEyxyZ%r8SL)!nj<>^h+$G$o>6Z)|2Zu*|_(6{DI(8oJWuBt8%+_9ANQq@BP zcWk9L%@%Ug0!!;O{9=!a?pB{KpXz*W;r)VvrD1KWRmVa7{;i9h-|ex>RmQLOgQ`AG ze*e|Eh`jq-@NLfu;LpUi&cW{z#Sb+fKh#2UkC-==Z&6Y?YSLF{@G$}f(O!PHacy*mC4ITN47w_*3+GEMxtBen078&-|) zA|*Z(@og*uN8N%i4a_3%2ufnlo)}fw_h7lcVplG<=EU|fx_xPK7FXWM?XH($^UHhQ zX}_G4V|){+31G^AIi_55+4fv>XnT$^{R1_Ol3??t?_mA{BULW%FW5Up4@Yu_&4+Ze`Mq_Icu_7`k4u@n#6wuznHr)b&4cUUEb$> z9&w9Y^HAs-wq5E)td#qiTZgVtnf9n3T?x~ktmC~%o54@V!DI8jaQm6Na=FJc_*fpI zj?vxNsE6ol8?g?Fk7SV_$=4oD{*d^@b@-WquUX{Ad50EjM`*p__1t4!%ztMUJ}Ts; z9omIArVlHmb#wMp^7yIKV?01jly%fgzl-ykcTq20YBE$%(^zWwl#%}??|c4^DaMw;ua+dPvzYm1uK!K7 z%Q#eB3dZys+LW`pN&Ing9!GMZB>xH8!Hm2k3_2bc`q{e({p&cd?WSLyk#N(GJg>3o zcl9IZhuw2$%^UkA_5-R$J@4{L z1hqe~Uly5C{8>86TyJqxu1%WFe>aT`+|fdNO=C^n+cZ9K$9}7Rq{xcIl=n5| z;>hEjuKGVKmA*IiMm(flgKVj~7U+z06Zgh!*<;=4W!gL4vS+Uwi-+Dmup>^pHSXtZ zePlf+Ype!6D{E}OcWo7ETiLAU;oEb!7Scb&O~0)DMXq%hEz{m$f9tG!d)*c5BR7OK zj2@X^*oXL+93IK~M!z`gvpuL~-F?{W)9S-sivepbzSq)$g6%#HwqyKPrMM2d=9pKt z=HMN&uh!lc|1~$@8l#_rwQemp2M)<2y>q`+v)?)@nzI z{cL$bYN|<1ivK**N4-M(bAbADL2@3-$bASEU_S6+>r?wn!-pyKX&PIdM5o$xER{S+ z@Zr1UJhK}g&aXG$qvyhhkrAcgL&04Cc!PzxMxaZ^u-3=X9@ry`{r1CyH!6M=p7+v` zL;IZ9VEp>ZVEn>%iQO%UU)H^ybApi+Ix7vo1P|J@*gVUU+ogDh{u2D5FJg?hn3%eA zPD4a6&db9so>^^*96LTeY?K|B?$mkz6ntAS0N*>FydhZ*CV3ToPct(KAhTf2Cc7DP_A;>)XTd5=aO z1vO#DYYlw2)~cZ+anW`#Wr*KmTgGck`Au@mCD%gT&vzG*hh+D$kv@X?K3Z!(d`160 zka6i_4Sm#tTWjfqF<%{|kJ{vTt;Xs@wa;hiD@Y#-TO>?uCH(E3_gb6xJi6dFv)1s0 zf_Pr5_<51RG`euV)HL5Ra82`L$Urx;P*BsHb=#%Z?NHwDI&8;Z+rHkAi800=&F{e- zxq!~6pwpeZA@#|W-#TpW$s1fXaU@LAsE zNyaiiV*B9f;w|W%HR!im_Q1pCdvvCJ@7&McS@sFeXJjlbn2@nbo}}V=)a3auew`nm z@W0g>mouK2Ss!Dt@pLQSUtT`LjDfw_HF2l%ca+bH=bWRJe7NBy z^c`{a?XCB8ql&!@-2YZj|B4>QK9xT&J)KVt&WrP1^hj*QEuZJgkEcrL|95j;Ysl08 zH07@;Tpw3Z7r&;$TpzL)1XtXTj&bCibuy9pPa#K1FgC0O+;^SofK?&;gS+$^d^^#{>U}nVagsC&d*qK?*c^C5y=CB#}jXo=h1%C^CAnC8J7qO&RT|Wv{Aaw@^k~MMjl9D3sCGT4Yqo0sB;u zT}wVXYT29Ga-irKz#c62$iYZ!{7*7=W#240c*2!;=Vz~P^x6X-dDsen-1@XuKC{=G z${+e{h0=G-v1uPH{p;9=LjAkrM}zCTUqE7W-cihD2O&;2LzkTGt zZ2Ds+{eH1Pw>+5i4=fK#KB3*l1GQqGUGm|^2W2J9{gp1d-)eiD{^8*3<2+aYUVL({ z?-xivjei2&t8gf~xa=(6FR4^UJP2Mda_*LrrFT*eV3GS;IZrz8@Q|}Gn zD(@DMcMM29|61xPwQ?Wtay0E3cFumkfV^8k-Z3EUrLawRbKe&Gy#_VbeO%X0=05)9 zK6$Uf0-?`-ufb*3eO%q|5s>#9d`{@I-)nG%bsyKYS8*?YLf=wsj$m)GH8LL2ea?Fg zuI2p%{4KklXZVx;?fd2Z1XEr2+w-(k-fK|LbNnrv%X9p>`;q5v;yLM0`n8`chW-EC zHNSu7onKX}YT)?|`n*5la{8~g`HU`5^TAc-)_#9P1AKl}_ANG_UGwXHe?$;IPoTa1 zHXbT6zfWKbMspu~MN>-QsH|XN;4iA5CRI$8)`MYLJ|Ml}CbnPEK@cMazwfT?S*D|XA z`f>Aj4eN8i@MC2E_2Yg&N5hD~;_nJS>~-tnudE$eL&D!6>-Gym-!Q8^7k}4YjtuZ8 z{CxtsxnJnB*DZWia>7;Cj;tXyU##1I68da;V!f#QTe6M6cG&}YjN>qFhgRn~~C z73o*xX`Rq#%hLkuKCa7d;$Hp~eaO?_3VpUb-E7^*b=hL>xDjBo<3~d$93&T zxtBj%o<1S;+48j1k|(ZbBTs+Tkk`kb@yOFXCA{w?<+EPvp^N&x=DHbb(a+VrUTc|$ zGVV*-{2goE$JMQmQ}Fk4?%QJN#oH%X`x36QFG+!cmtM?%gui7q^~U}DZT9HNi+Nu3 zr0i$5h`vL%9^h};W!%qSwe`Lp(Ql&fe#M@}zTeh&N>3td5Ae6_3ZCQ7-H$vc<0(~7 zj&bq*0gLZq3*|o>kG|RUoP_>T*7N<`SIT<+G53|So}c8tQr7c2p|6DX{B5DnmLvFG zY&}09^p&ulKOywl@>XxP$JM)@TZO(7*7My$UkU4ZfzVgNdj6cycaH1%i}l6Vv$X=B=PMOahWu+D%}-t=v+en4l%Nm?c@~d)Rar~&u87Q;&hx><(_Ns$)xas zrkmK4#n>CkdC;X7X*Hj>^I7vbDb7B~?f=IQ*@YkS7%`e|_FUpioaY*kH-=*8)*K^G zLu#i<{;R!y$b&TBZ-V}KV@y6D;CQoDTa|u}(?|De`dbAL7;B2LO59S1FY?}!>`TUB`T#+>|I55^m*L2K7l{az7$WBSYU{{Q0>;SW5Jdb@+w zrJY@4FboP7^etiEd`QhGw*yme6b(Zy1b?BD- zfEYP0w+GbOxbc!7wbb)Y_xWI+i*4UYmUxd!TMRY!PuN}LGo-VHQ1KJnx zlZoB4?cLBX*ynIcvv;yiHk2?g@@`{$JpWzx?cFlgLG0TnZ9RUD_U(oecw*cB|0(wE zcSnlbx9{70d6V|7>@4|FVBZo|3J-N(E$5#uEUcG0hkB_|>ZMXQRi|!hhPtU)>ZW#5 zH?@npsksf3^K~BiOcVIKkiUzz_fp3*sgJeJqFc36<-6wt#xJPlBDGSnIlXqR)V0Le z8z;=r+F6@JUq7R2rFwqvZQOsprW213SihgtE5V%?YRSY!uJvctD$TJE!{&x9n=3g( zDR4?IcRuu8z+csN=iPMFYRtquwMyl?J>+INb~>~}YL$MBvoESvDYZWJcAr|Md~ZH; zo%VKeHcY!PN;}2B^<7rI#@z$gDz)wOU$T~@W=?7$_Me;?$(gX}+4l$RbaN3qjg2d? z(|i^?eK&bCVyAnlGpUCQYn9sVs=oNWj~XWu-zs=F-L342W`k9ygH@xPC-kY;_{-a< zPsH8@k6ah_VbwLEp9Sh9x4Bw7l!X_o;RXFCq2mDS=n2WM zk@s({HtQb7!7GE+DxC)p+_g&ojds#g!8uZAEDnxc&!6O^j=fG>7HWAx57j>^xn|T! z)Lu3EsFzs(sMMC4Og+g_(YO8H*N5twKN@?*;WaP2CQ{Y94S-!gEmQX3QPgilKL=Oep|kbU+iX4}_jfq`T{ z=8=6qi|ijD&%%`bp~!w=tx~&Pse_c(hicdR$v!#Z?pmd{`pEu8O7@3pXLvqSZOMLk z@LHvA+5ZvsJ-xC&USx8+|)Itjfl^-2S>zSp1I`zhCRw#cce2(ROu z_mMMZmHdsu?%HFKT){w!+IMr%O)_WPt86ejv6J7rWM2U`=)yL3f)zTkVe0+6zdY0S zBx~(#-%n}x>#n``1L+@GacU}J`|Y;vnu_8F--yk+k##C|d!Rj@>}QtD9(WywX{&Jk zoqN5~w`%?Up`(Aj(suX_jxcp8csO~VXZ@icZ7lJt)2u({Oc$HtxBlX0z0!YddTZ*H zVqaJn*JyX+V|ugoN^Q9?@sC-rbO$*6t*TeL5M3knN~fV0GF|6Zue4xofw2Z!Tho%r zHtR~w2ltjzukV=tXFFD(7m>@(m!(GtS#2HcWs?*y;57p4rji@tVpi`#;Ecf)QXdleN+Vx- z+^P@Bzva7v`j9gIn77`KRUa~D)rXAs_dPn}=bk^8@#7~*Gj88_)9QNTdp0lPrr-WC zKVG=}_hP@7d-&o$yX4e|Y#*RLWXN3~vanvLst*Z%O|y3hNPS4IQZH21hZLR=C+hW+ z2_0VXTRJg-OmNS5;R*VzfF~1?jTQCAsLxt*5i)skM-g5K52pI?;2Cg>nWH&KeaMij zK4hqWy`f&-aZHZcVgkm;~*Yzd!9{@uqNvJaam`*vz9F((D}A;a*2?-fR9 zxla2s{w;IgUZ&kZ3`F+clb8b?ymEUv`mZj4U#;HY{1SP!R(;4S=4rb4Z_2fQhqpel z3`Nh|sFRqU?)a>fZlN9X-N$vFeLJ6J-~LPTAY|X3k1d%sk4CuWMdl)Lt+`Icv1jss zkou5s1^;Ibz<*aP>E=@TkKg1H7ymo?cd7ixZ^Axpg7z_g{_`94>QCqSf1B$Z8u;ky zR1yAvu?YWn{xq*Ih5xa$?1IFr-1Nje^i2Fy(o+RJ=rcDxb3F8%o@K6=v*Hh!=Z!Ii=Pf#T zfAdMb6eLo#@4bL(Te+=ejPY&!|{JHaB?fWIq^eWf=_V|`cUMo4VckyTESxcU<`?-(sT&ek~ z%Uyi=fsejZ`%5Lu1M{bp^IYTMR{;8TWMvur5?(CjD(AUI@tZxyVsm)Ci&oLiram_D z_cP?9|2AHTztfx1Z{TXFY0$X~A3$5cNNr+owi7=Jm{--_vFdl2z80yAR6(3>$d31+ zOOotob2;h*<*0p?8@@fsx>Rxw-TF?}=B|3<@btjf6;1|ED_a#V)3OQoUarDi*HZ;o zU#M*)XG`L)#B_|0gWVovU;ZH2`7W?qH*0^GyRH+TN03(~=j>DH0;w6NqYIR8E7TY< zV>b1V9wV-pto@!Tf(9GLTS6~A=tS2OG3MYKF}QfCj!enQ8$ znYXd#-b9Uw-}SgV-_NSGSA;G%9rhaZ+8TN9oUF?OR~PQf-S$TEKG(Zs($-g>QtLIJ z-;<|zC-tXd{%BzKUS#rbPYTjKo2=Bc0 zN8WOM6S&af>6P%b6n(Sz?PsTNRt>;=KYerJ-T%Aw&CaXNPT!oQCia}Nu|318q@LK2 z!hEXdu_uSHFNeuB&#_)~>`WIqg+1g_pCG6D6uIZ^m64O=8})`NwG-`?F8w-2*@aV~ z8zM8`7P#tUd%3zNuYaxIqw^xoL#Wd=I54&{>{l(1wBpx9BOD@(cp`dY65Bau{ zj-y-VbDxT<4yE2q%M0)RFKUYMeP$uLv$@`o*y?6*#Et9?^(NW{%ZdKd(OLF$5A%%P zB+p=v_+8@o_HP&BlgRdgQ~7OQU`P*zHW!}^oAl@f<2G$adIdB^3u&4lH1WNnX*o1S zT{PY5Pt$s#=~j~_mD}&3>(uXASI{M~A&GIW zY;$@y^0BAhc;9bcZ!5>QEB3z&tYy~*P-pE~PqOC3b|o37Jl9Aq3mtw57FBo)TG9oy znDKym<kQ4@x7#IN5v6a-mT&@nVqbQUC=w7e&Jt|zP@r9HUVCw=D?q+_(Z^& z2KgQ7sOh7{M|jYV|EvXP%3iX-=JNRt@@Z_$;%jpgrXO9})MqeW=1}VCcETT_LFhd8 zy0u=cd*|X$S|@AE%Im)Ni^e(0+N+FDnALkQ}#SjspM_@+azChSfPHO z6EsrMAi6V1o@|gj*&uncL8ChsG9~w0@aMiwwz#Z7`#UE$9kFZ~seT=NP zt{C#z#GIqMI+rj%w3VdIW4T~NNAF4=`pYZLwvI11+s)-hvey{J-{|f8Y6B-nqK|vA zAFsxSS^oafJb3q{Eyu6EIMZeI!E-+3R{09hAEwB z-!p>oj^r=q`8`R0Q}LT;kdev61hdG=L&${W-m~vP$8$b~Yn<Br1<0Q`@YwTl< z+mT;){o54!S@L4Lna8pk>d^4{3Gz_H2kLGk9cv&~*kGi4&$LP1sUh^i`Rr?wa~hZn zzQ=Cp*o6$XFXG6qIWE6@vhc4H{m>Od)^iP!?iCHj@s$mRJ@(1ou~#zZBbfg&$n7}h zy9#-jh%8j2pTYs-SU4Dw^KahsUTfb~f<6t?KRUpj4}X(Om*TE8{gok8pPDrn^6@!| z#bsAROEa{@xuTo8kjZ0B!AKUl%%B7Hnb6MsNX)JWz4~$+`eixv-UshD1dQj4 zS-Inc(vzdnlVf&l38E)A!rL}#r<{DfZL;V|bk#Ahp2Wrr4p4fMc?j^_ZRkmr{&oOo72IT8L<_vw+ z#k!ZXXEW>2m5ejRxNKedZOOT#ZPu;PPgf#?1-g>YQ<1d+b!EtlUKeu8M@OYL#BQ-^R%h}NwJ}p?kZRM zE)(NBWWibAlFN-vU%~z+iLCTuFZFPFp}u3T(tK|}b1gOY&xeMc=(`o@yA|lWPowYd zMc@71s1X~ULC;M?&%M`K$3vBl8wSn8`D2dEdhH4G`y_3jpv??=LFqR1g3@iQC8gU~ zL;Z9ca`+_rNMyoSw;}5Vx{c3&M_x#QZljI#Omy3<24fdF+2!yyXxZ7k&%vslYSZe~ zMeTt|fi9|J&0$+(esa@Z&%LapYSvMhbzE0(d=WV*u%A+Ic>w#VFEnkaZ9m1{VJjY6 zVabK)Q29=5q}W%nwPJHK=p%HJTK76SKInR9ft_<~c|v@|wti(pjC?mch<-8&TBi>!5db+2{5(!Jr4nV@V?ROX(kD8X_iagDBxj&+Z2X82k>FzS8GnlF#35^6 z_-$-6yuWA7{tgDVK^^V`{ z+I+_)#c7F?vvD^$8+WsR>twGcXWi}^78t*Vy<7`>l3H?FYS>RC1A$p7*83#Bui^W~ z@%Z@oehW#g65|%#n2XKcus_6m>6C8CuZ35B%-AmEogrOdu=b!)Rs$Zx$0W}u??W$b zMlW^I=48HaZ&2;3zUs*p+)!o^S3lHD-RN%->u#n-bPIk6`Mj0SY4og)p3T%PFtTxU z?)tn=T5&qpmfTg2ekwQ8d&&)cZ@H1#S8ilOQzIwaFV%WuQ?%~TR96hadT;LrbQ*ah z<{9syJBHozMq3wSKL)S5;nh7a1|I8X-zs|+{9)qS)aT{(=mPoJtaHwU)&h3m{~%)BNz z=N4<3rs+q^jq;1Xd}to{@Il^1^FW|{Lq=!pU5vd4Ucjp~ywZhlI&^hGS5KLd)EkWu z^Q2!M=#8~pqUk5fjpV6vW9h}jAifvTmJMOQM&CO1;N|T7%}4v%LhwT7aVhh-cDTeB z*)#H4Xy3|nwO3uNy~ddv=__r`(Ufw0M%>rMeKs$6$M6o$FL$h4TA}^NpPBC+am&*{ z{QZo~aWmss%{W$-8M?#ca^|lB9uL{^&mJCke;6K5wC1m3;Q9N#w7&?x-GU4)fsePs z$0m`XFu69DAVZUoq41zG^aT$M!?5Mu_}7G2t!07n-ZfM(=8ed8TVAezDm2Z4rrFRm z2b!YLG#{Fxlc4D$@_%Zz?&zdJX}ZNj(>>^bZv1&d(_&~UpkV_v+?S`JLujZLd4h&I zXqXNSGoT?}3k_AA`KZylq{_x+B?) zZ*XOqu@$>=zt|h>iqto$L8nxg2To#l7N?pUj9T8$m<~6nI;kVy$Sv-{ALDH|yQ0y! zU$rYWrg<;Q34C2E%8a?RojDpX=Fxt(EvR&#VDsFwWkz4@0yPg0an@V>*`MHi-BZc1 z_BQB_Ti?kU@X>tk+!rvGTIbnK`w-mmm7j8^@dSP~`pz7c_TkAs{HyRvWTlfn^ym3I zL|^UatG+UO%8cw@K2zgEborLc1&g20*|_ty7oIuOcE6kvufI-9Z$mHdf_Ic?0JcU+C_q%WH;_j$*e$hGj!Imf!X!LZww{E4BLu_kyvv%Jh;uAj|@DxMue zKE;pzaM$0h2~=#b+f?UJp;hXh{2zRlS=!7prY!Ac8CQ0BqmgBtY3SnI660+&bZE^8 zt+b!r7d1K)QKRcX)HwER)aZUbY8;RMMa0HBJ@D^d_CNQ2c@A;QmKUb=p<4#9nNyIr zEb?Z*Z*)EK)-}VFw=>L>-EKN2bTmK%bTT)c%+0%gPuorCfm@+>Z-09{nzjpUz34>Z zA)=3DUy;oG=WME09k-3%Ytz7rci)8fcB1&I? z1G7SJXtvqTTJmjW&spPc$I_!qkg?U3#1XhQbKNs9k_}xS>5ENQYpAc?y6V<7e7X8Q zcVC5p&V!Zsx!bSPUZXyEJ322WKJJwjM)J-IBeQNgtuiORIn zpZewo#6yT##GfVxzV)SIls(!0-gS35qr@^yIs(IY(|4o9jsLC_W95o z7yd_WnnTJK9g7Z3v*;7W6JmDqZUdqD@asOjnA2#~Lh~`Pagx)GK0G#O;I_MHThTqs zr2FO9bBj0owLROX?b#)^Jv-m_a-X&fFrNo^Zu~9!YZfvy6a6)#44p8E3Er~fe)10S z^j33RKYGMgk3i<>~&7rP}!cx$!uoSdsCt}}ZEYOv% zVjV!Q!csyjSjx6T*=BIa>PDk$RikkX+uaQhj>DS`;HVYgsE5H(vu&&sr#&CMap?U% zIBJZ!o@NAHII2o$uy7Q-?}YcsQ>@o9tXIKNyZd9AAJBF`95uphyR2B-(-~78V+u1S zaDqLi6=0|pV5ol?!PpQ{GPP)+b<8(1mMbthLai5|N;q6@$7v@p~vu7aUfa}^Aw z&x|DFLyXk=Ax3%w{lu>x97By^?w=h3e&YH(*WF;K_%(S9CG@smGdPACfoz=^Vq&OM zTz7$?+Gj=jqHi}bRNT5ItZT@`Qn?i_3>Cdb+fL1U2SY6cLoEVB_1$1(xKCjyc$!Jf z8W=;-r(meh<0sV@pc`&>wp1MJJD^`jC(n2`hA6a>j&=2J%*1>?Fq!@>Ek?m>2W3Q zr9=6>^n^e7;FroqT4*(h<(A*FyfdzMwI#Y+UM6qj!xr$@M5{s1Jmtb zxvD(g+V6w6Qm1^{K2>7d6Z38VAD^}d!g8Pe4SKW*`7N>!z6rVOr@#A5zx4OTHoN`q z9^c@fOWOnNbFcPm`?T5i2HNfoQ~NSJ)6&UhD)%e55*-)1!qLfT_KA%J`&u*SKE0l` zIuYH9PEJ>I#WtoxS4Q0Qrn@T8Dd?;d6-FQJ+!k$!=rf2R%p`^|3tx47Mnpd?I<3OU z=0vAm>F8+HZ^1s->K9v(o$+KU-OKvvo@Y*47;G zP52g8f=8Ca;}!6DB|N?p9-U?fQ#ilG zJ(vGb#R@te{*g+32JX{Rn?Y=__W&0wgB#L3q6e zA7yRJwOVQyd)D3j9Z?up%QQpdQS8HE*|(PW+>ee+vM*G5JZ2m~(Qp-VYPXR=2g<%x z;snXnU}{t?;qZG!uy$`hX%krV`#gdj$3H9Eqljo6=RvmSgILI zn6cE!SpM7@OWM_^jO!+9*4w`Sr1U)iChC2!kMDoJ*>{_ai?;23>z~bH-x|H%^z9?l z?sH+eaYM23?{;v~fd2n|`1NJ)n&1jf(!=kG=rV>4d={Cxk1O-6Z{#X_*Y@ip$xZnG zH{<_r$8R5fkAsT_^#ALY|G&%f|3~NK_pU;3Y>tDC2K4_|l2<4G{}EilMuOcw9t%YJ z;-;^^FJWCn?=bOF)V$_)yYNwHj%GZm_OAz33}7Sps12+)4*bV`3Ln8+HJ+A$ODFoo z0q9q7(vQex(wT1+2WTS>u#q?by4sEdD7`U29H8Qz;H6Dqoy}mKb`vjs8hOxn=kd~A z;HA6Jv3_xY-@U_%18k#>owTuQo-q;`$v~5e1E6a}SG;V;0iJIti~~H6{$Ou6XdGaE zesA|taEQbKZt~ePrJl7hniU6lc3_<2!~quO;{d*U#{-@{-hmSLc#HCTyfc3EqTgC% z4iYxqRxBVfFx|37R4m|@JYSCb?88#~e6ZiXf!lU)<&yj!Z<}A+dwts8TVmU{=G$KB z({^T0gAqr+NUlzo*quE=RcCUk6?d^?^n$ZRH>ntX%(TOo6BiLY|C!(Sx5dfLk_U$U z-3IR3889-txN;_A)@1O)W_-x)$l^A9yF2mq?y5H~`JJlWHvZ;nz9uwFMMf%nFp1No?lo4 zXg)Z0VN}(YNj8;7Qn!{z(!#$s=(Ol~NczG5ZocD7?0$$msPY|4ZhXVc=WjD{X$sy7 zzRlu~O<~W{*fX0q0eFIcikeCAgzr1~y;Ppu15b+a;`71_A09Y4VfdG2UW5m;OX0y1 zcyJ3m*lqG4sh-b|`6BO_cbjAWx{MiHp2n8jV@_ZfoH6sg*!oh(eA579j-17q-M~s#XN5zMwZ%Rj=2IHp|f|0As3}{$L{NYtvj93yrd3@WKYC||Pxs|#UwVY3YZim(=wBqBwx*Mz^bxqwa&E*KQE*oQ!amcuI>_LbUI{chxbzvPpV3*59HddMZ4_QW;Xab$~nK*mC7S^-U;hNe$LQ+YpiR4#j%@klPaVA*HL(>b!58SEH1| zelL{|SHXv3_8ZbCmK(ftZHp)UkC z4c!NA*s~PvyKz&EdWYtv+V_qs+|=R1P3qjOgPVFhxQWk#o4x|gxg+2M+U@3=q`wsX z(}#0*6x?)h-DOj?2NgaLeP`mP19yX)pxMDqI=Cq@$~FHMZelDc+7-R0V}k@Y^~Ee) z*=}8R8()sny7lucK3Vul=ew$)F<t4K4yG!`fp65?9{7Erh_C2pp13z`k z8bJQRPpyH#JGC*;dk=p2X~Bqg92v9lQ^!E~>21)Hq0KemrnRhxIQ2Y4e|`adB;Uuu zRA82l0{leV4u0a_f}aAkv%bDQvRv>}D9Bj>lm8jke-``Jg?*DekZdLKpAkV5LxqMq z7;5CZ%>L}YI%(IYNnt4VGy&G8g`pHZa*y}~6ox`~DV+s|8ZQ{C%Y&hIBI{j)V5psi zc&q?JS?fQmyD*RFQ{7*mDhvfp3PWwnW2j{|=CRv5>S^!j*|j&$(_S$Qb#JvlhI-V( zP|80QH}TW38_ya)u}>WC;HQ5@4okpK9gcs>g`cMWDvzJ;@9&>#t(|<4cHW_)_^EZ> z7iRUtPua>ZJ^Es_1RMc=O0m~VgP(M8gpK2re@fw}A>i@6uV&X=55{=bw7p%0SW5Bc z!|R=xR%#z}vkENrN5ojE zz4XyWA7_EF#DACC!!v@hCSy9z*2nDR{#dvq|C!Yz((%7d{! zQ1|9A*0t2?84P3X;#~+XjMZWLrfmGsMEy8?Q)i8_ra*HE7^`F5r-x}D_h78gtozeq ztXJ9V4TP~iVe_a6#<~C=oh`YGkAv`BxaL zv8Du!&uemrnA9V+i2%pFxKuF|Np>Pf8oJIa+cEZdkJPcON=$j z(_S%*HS-dGjI|w%W#X%e%0G3_&4RBkDfCY@kpsn9eL1r)XZPg{e|F+rqqBOh_$dws zTJrA)na7%`A^z8wFfn$Pdpfz-@mWkXbH0fIx@;@&thZu-&;1gN)ik$Q46wEKrg7T$ z4uUJVNBOAsu-DqlUTa@ed{nLLp7xIcu5Pd~)+L2Lszr0j5uK~zG@a}@yRfs#!`O!- z_ydlz=hxZucR_P>3}^9)m$Z-8^ynDZzRx-X3O%dwXUYCMS;h0jAnlqLH#J&V?2zTx zVy`88`3dCNrKZ#Wj65HI#~R*3tkB^fzjbm?sr>sg{PT$yD!%=t@Xd!`4j!v&P`<4! zdU-}E{KCJW_(l9Zm4IId;1~G`8FC=9@zIf!Vfe*tPfULNsVC-?a9s5Ot{^D=go509v^(JQi5>){dpfL@U)KOS{bf6DZ~ z3?NgdEFNuxM?2xsE_k#X9)Ur!iBaSe66XuUqXJ)oDN|k^eV;i|enaF)VZBo(kCZ=c z9QhNH7Y_i z_}1LD7_9z63;N*FABd?A)n`$%r$DS0uSDboY}ET zcv$FjGw0bo=lYn2yw6R1N@K_ukys`BG!?64UyskNH4wN=`v|#+N%rIooYSi%hl%<> zk538)u0BbusF$&2$hXbs+L}31#J8B$$r|RA4=C!wdoR%bxTM*xr@4yt>*vBU8LXS(`1?8th zM<(%GC_f!KQ~Y$7ejhsUmk{$6A5^OgLt+yy)qcX+M=)fo%TL!T_3<1(-H3+5_$Hsl zPxp0b&h?2O%8Vr@>5n+H(MS%U9p5aMb-B38#7OMXyDUH5OKZT8(46ZMZ2Q=b$F@#bi}qz{#e(r#i!U9tvfcZ&`&4dk;n5f;nQjSbo8nGbgp*APxrIO zEgsRfACK;WM_|ZSm!Gb+z)uHH3jB0@zDfAQp1+$myJhe1&!2y zWxT`g=l!F|R9@c9TyM*n6pqlC8sM zH{JHx4Rd^U)$cI-v-|3#U7IH5v%`nr^4TeRulw-gC^y(LucD@&xnKntoCv)JSpwv z2JqSWwD&9Upj*Ec!;_mY^2d{ZW#h@j1qx3Ndp~$GF`*Do9taufedzoI_Fyk@&ppID zQUNbJx^!HXNA zuPx7~Pr)CB7j6FVTPOFF%Ab=zCq`I=FTZ{czWDIN!9o)okk^VG!jJY+_#wC$Op?Y% z>YLyP_EPwfRPE%)-{KuVYf{GlJ;8z-82^3w@lW%PpWiyUr_}L(XMpj4^DM?6D`os* zE72L`iy3+w<7a*PjlbSCeueW`r!szp^H|>nI1ijrY>fwogY&RUN}nN1d7MY>$=C!B z&KplI7%|P*MJ}6Q#Wd@fXU(Iy>*jfplzx6B<&u$9Ggy!F2D+R(AfG=y zgS9jhT|G;%-uOuRK7QL+W@OsRID>crSZyL$&25LQK4pJ!gf_snsiR!MS=8z^$nB1# z!c~#fZrTGgo{Ul-Eq)RB)Ta$>B{?eaoU6i~Tu1P^jW%Kv@TcPg6wH@!#aZEJ0p_#T zx6+B$zx6&>ob>?m3szB>Z;yrf*h89_Z@Tspc}{YUBc+o|A#tYg63I_9h@(cxO;dPC z{D12Nw~^-*92zhL^U3*=4@{!=EIL9b*G6*H-p^Gw$B9Rq*bjS~#O5gMx5tdpZr%f~ zIgRYmz8|hx^ov2T-)T>bmd}Fy&WC2naq6bsZmvoCOVPgv`yE{OaE*y=!g*}-7tLTl zXwGB5apbnS`O$yk3c`l_i^I5HYSsL%Xdr88*MxIkADmP+eka>TP*xH6a3e1;Xiau z7W>>)hfd-9>@4u#YzzOz^Z0M`+s*!_Sm)}b51S^1|MuqbpZlKF0ZU(^H$`7QoXjl_ z3jRCgiPuvmJ zx7XuoujlOA<6UJY{*V=h*cHWyS->o%3tyMeU?Ml|r zVDZ`(_Jw&rPd?x6`!D9>wdwvC=U{E?WbHxD75e47DZfwPqJG$K3VC0jyx#Wv44m(l zLO-U#H~r$Z$c^_rL6ll!)sknv&BA=lvDl%W!g#IX&C9II!Q!>Wc=9*!q!=%56JEID zbv6$iyvG`lc@ZAemBIsw*CNkp){2VPs^{}D>LK1SvtDG(-zbdNsxj|!k9j^AFY3a0 z*xzgpn_EN-$4Pk z+l@ZJ2KwoPw>l>-g>Ctx$7|7bXC1FapE>bb!D_2rSPlLN?*`0?!{@LR3?*kY10gL5xz~1;$ ziSb*;;^fGIofQ5e#;Sa8?bcN{uM$5fmLvBS;Zq&>YqN#FTtTQW zS}aHIBR1Z$+dJfG@6g$`H_X#sF}#&H-yd&1=-{pM&G_w262Gk~^tWxs*R~0tTN``d zjriN{!{2r*Hnd6kQLwN1ci8_78C3o@YdvPUr;~dfe+s^vEIyn9Tg$z+zwKi$fVnoC z{x)BnG4e8P!870t?os}>)9j1;$hFQjiodOQ-4FdS*9hv%nYOp8(BFo?Cyl>L`P*#& zN_9m<$NtJ$*iQO6g0JlWHh{CY;I2yZtRDMmd1pYDc9lKeW#KN%9tXwOMqW`GeM^j6 z@#t&tM)}%o-tb!|_ms+;3*b#Lo`i%aKD=YmWtg`J~m{?@v(*Qv4!l|nsu(T2cMTd z4u2Kr0Kz_J2gF~6UrhO{HgT=SPo#XHtrq{<`NUH3jkWvu^m6s453i5wKH8c{U!e;k;$KY(oni6K;Sbb(=se9c z;*%3RFFv^{o)w>5o8?d2(?#6Qj^fZXkaSIOH&wao8?bq{{TkAMqa56 z`*$$f-bQFfZ-hP+DXR}ez%~a3+Z6cGz-qQ1t%cl|axk0iNBa_=?PoZXgdfx6M;mMT z(OOJD+Gn}HFJa-gkmVnWTK=KLXf2s|TVV`UzKaHp4^cOU_h~#XdpZ?EMNcK!<0u@5 z-jW#VbB}^i!1yWJR~RdgzwKtAGk35h9Kbm|;{AQ%^X%RS%K9wKM)vn;UbvBP^+mAN!p{|QFyLnT0^;Z92pb;8F=pCKzQzF(3PR>HTcQa;zN^osp#$5=so#f&X9ti z4i>~uY1_eb{9Eu`f_B#9-&1EEh`ZSNL>Y8R7JJ);z0L4_miSW_@u~e=I5*m!KlAYX z6th3OFR`OGO=&qd3LdlLr|x?M-zr^*P83~uIq}m9!E?F?&+SI$*^3S6Kih4!1+J5} z3gf4y9x2G56FtqI$Zx-_@EkNL{~3DP_MhG0;4iDaBQ88A?HxJ0_Dgxe2HQwIj%BQ!Qu6V@a|iQ2v^<{cemtl5t)sT1LVNKk z>^HGT3WJP-aU%$Kn88E5$C;}zrIKf}Lbe7jrtMtmc^SM;ZfH!FTQm`~-% zneo+yrSR*-TbGYl?d1`eNO<&uw(}`7sW7VHFAMcC8r_*3b_OgEYcqeyRJR*0_k4IbK(STSIo)ln7K7Ug9 z!=BS8AJ5@WhSat_uBr!4?YK;#7`jkcs{M7nJ-;6_d4mVx9Ek_y_TsdHsVg(XO)b z>=_hRM6ZaAf6e71gGcx#F4gXaHwp*Yyz%Bh{`}038KK37+#n{)BGIsoeDmIU=NoVh`{DYpcH@U{HupJoB!FJ%h0{@`wWxb+ks-%Fh|egMuxn&k{y}_cC&|ewS|_A>UL+O6A1HoYa_Gbdq5Op|xlr#Q zXu=1GpD>l6jtTpGJ%oP{KVd42e-OW+z7qc+e!`Q90doGt9~dXMPyB;>Xp6nG%K3}a zj?k%#Z?Q-Xlq#NW$CoI6!XrG3PeAz#@v*3UJN!j8?C(;t_rm`se05^Dmdv{4x1g>G z^6JzzvHgSi`oVM^5cD0lHpaWn6U+UA~&MLul#eC4=`ZWJNXjtlP8wzoW;d=*-;S7W&c`$+xRTFtr42lSzOvx^-kzd z{JZqg>Wbxdtebna=>tsUeOw#<#^VD-UVB15KEMOaE$xbq)f1KvFk!`T@vW(tZq)Jt z;xp}zdVGNLT{vir5I)Uu`2bz*iVrYu^N6)R|nj4-oxyoz!xpPs<0`QQ!llZ3naQZ^3L&(vIT;ByQIiH|Ira8fCGmUD(u& z70>I!7pQ!IvAhrPCpBh&;4#&g*vbKXfX+QmJOuru^c^wXk>Ufy?<#uJsU3&@mHd_g zeSo$)%DY0v8ee4p(DwA(xCYEOKCXX#UX&GrFW z?G^I@zJIhoX8StN2VDQD^SOyj&G_zeIZshj7~kE?x!hglMsg?TboZ1S>D|0*d|IG4 z&@vs|X69Qpv3{s6{8*XP&>7GvyA>Y09iMg?dC2Ab zh91Jk%e(r@)w}v$BMTtZ8YD_$NWD?Us?FPmTR1|?e?=0UwZd*JcI2iCpUUBa_D}KX9{@=66fhgw#sUV z@9?<-nU~svsok9CWBnxenCJO=V`K4e+qITVd#ldX@jdvBJ=RR^^U&(NtB<|jge?F|9#_(F+S z4=GlrLhN0Rq@eCL_A+t^<>ZkeT}$%9YEGjeYxKky=^yrqL-X^9HLX~wySx5!6fQf@_c4i z|93{n`=aeO(^AJ1I^`XQL-0+AuFFEd#67Z%Av>$V$TFrZbY;nh?u6b>Xzha5F4|8< zmqk+etkW}@vsug;W0hK)&12-9#}l<|tj3DTRjBowT|_%N`#<~|*)Fa#xi)i^e&bxF zU-pN|=*5u~d&V?-MxFg*Hp+dcxN_Dadz$MUu034As@W5AE|;^niCX%bzKP z&mDm`r^p*W&AwzWF|U0=<016JHuT}Q@PTwb&v%D-_se1K8;6gd`&E5hc+?qppG7wN zv)6N){h*uy&d~o;FXh^@)Ths~raSjC4@ZcR*}4;5mWKB_ydU~w=8-s41v<^Pt+wwa z1OE%&zsKi;8sztu?6~_&wtNYM8EgNO?{9{jEE#@M{LD6Mxk%8 zUn$0z-dqt$-pRjL@o(<0 z(ht4zE-;<;Ze#wy;;n+k8`(4P`Rb)|wg(+_o7f|C!!qbqdznOy@=NHm8;oTNt8m_p zb()%8{Jf|5=j5FeS#$4Zui<)#cFTL1+TT~Gwe2pnQhJ}-exy#PU9Vb$7!=E zI83#9ucu9Yx~IMAXV;!nvtyV{k#-AJ29wC%^EAN;4<+qJs(c7F zfal{s23_@FyA18ydnxh3C$3y66?rW3snfNITBnt{E&7GUYV` zX3Bz@x`@Hb`>nEZ?Am&3Z>Nu7j|83oODws>><{~+`jU3#Y}PvLVFvu4!7nB_OKMuW z@6oaUYX5{DQ8^Ukcl?HTp30ffTGqJK{+2weB>QT;I%q6|hqu8)g~jPt{65vZ4MBspQ{c| zToJ4YEEfDcj5Rjxg4`X7RKH1Kc1 z!|J(V)3pobxvK&v*OaL~jMXpy{R>B)d-ylAU-|KG_P+ns-_Tc&YIA7))hQo}7J13I1hnL??x0U&MDy z`FAo3e`mteJ8p4q)cmNvn)Zkl#GdB6X1*IvdvV?wEPec-TGQ9deP4Q1-@tWFy`kU7bp}^tEgkx@ zS|2jL6l3|~zcaS^jBO$J%;ug&T&HurC1C7VbzLNvvrL=ytutzmv6OcN1nMu>Oq*Y> zY<{wm=SR@?7@i#m?N!LxL}acSoF3*o? zzV+GMGbdpD61v+te-LZAMAMN48Eb&~3iOWFwlY`gL=YU){AdQ*>3piMZEY32M3%(H zDH(vzwKrd&9TGlGr|lWcpYZv!yi;u^|1RhLSwhP&Xc@jecdLtU(V*77?Mzz?p2gsq z4v&+{CWN@i_gMq`OoBcx#IWs>(D2mAqDy*J%YXM7-~9=!_HS?YuN9~9;@?N z<_(-Bwe9VCV6_w9XuDZxtZXpcw)%GV=j(2os!c)m?*!E+4l}%{ipbClGIz_w|agfhxUah_+5QJIsbi2C3TQ<@4A0wbHI26z4A(Xz<8yv-gq@vZ@jWCV7$7M&*1M@Pt+SHPSqQy zPV@aPzTX`%PV5O7r}hSj353|km20mgDqQ=sQRe$Znvv}|vb~b}9ITF2? zTn)ySb^U2-^;NEZH2wdvcm82g9aY}%o}M54h6IvHAYo=`5<*BqB2m&}WM&$ISyYT< zWqolSVkbLBbkSvZ$-AgS(i1VFGFQ}b#dSzJga9fii5PK(*oo+iE4a9eF0S;ww|j;O z5(ZI|n-Tl{oVsQpMiyms&1>U*BOH|8^# z*_Zg~wZ?)=!9K>Gl=+|E;f_|Vw=D7>R%gmXJLDcSX@}eaBKKj@o{si=W5%P@KS%p> zHuy&SyL%{`aha*5PmpQJ*i^WAoAG+)L5RLmc6PMd$k{c%apU?1#J?hZB1>5r#)Zka zs0@cbD>A9zBv;lO4bhp%zUEcRj8?cZKj+E>ODYR8C%j6TZ;ZGy*A--vyG+-!pZ<9@ zZU4(kSLVusO#GT!X7{U<`SB`O<~s^9IS-^|{^V84+*R$$Y%0jSsvz?_uTtiZYh0N( zxH4V4T-S5ktCV?mge#MUb&@-lt}E2@GstA_JuPExJfC0eIGsGol|9t&WIU@e&e-+F z_=3@)&x-#|{8NJE2f%=Ps7C>JO7KN+-qg6GcsBE{p5HW9fIG-h?;%ItvzW_rhmV@e ztTo-tui{)Tp3P=GBF}%d;oK0!LwhAWQQ7i3&milvxpMIR7IV4Y`v#Z2z3-i#zaipc zY$lEjc!$OMFZ?PiYd`CA^$6DIICFjxI$BJ)~x1z){wYV*CcaAdRD6eva6d<;^O#<)O)Cc+zKQ7?12Dj)Oe}i~R$;mi;$bhn^c{ z6#9YROB~02;OtvH-Nz@WwJ74nNH6C1OPXDt-c=DZH&?_g`asr4uY8wt6#H`)xLj9H zegXPni>#0IqpXjzrr61nK80tP$?|==4jV|uYy*BN%h#uUHabkyXx{JL#Zt{#CvrJN zFZJQN&hOLJ95a(O)Sc&go<5yOOn}N6aFBYW-xjm#&{Y&&%|JKt>X^#^ew1-?jL(-g zyLZejYc9qVP=9G#F{Z%PpIXyyG~2Diwxh1@eojOPek*@kyy#CN-{!uS=j zEyAno@b~#SQy=!UX?wY0^q!Ku2QON-A3nS+{EUqMX<}C~XHEJ|{P@y$>zIo_-iln- zWiwi3C@xs^4Y40J)%Ym+!|(B(;jSn>!@ag--=Ejw8(KgtSe`Y%7rDK%_EWA&nUrzF z^9?;GtyaNbAW>kK&)L^m_I8;)|6KgcIb{6Qc0^nx8(PA|8im-~I^wnvqo+eQxo ze-N+p% zDsw{osc$}=zx%JS9|ps;pH!E}H1XGakf!h~>EhW)!Lwuuo)Oz)6XRonYbLms0oQVK zz^b_#&wTfVndnmCS=%Msb9~;-_X>ChmgP2<;90zgXYWgcX9*Y2noG`pJP4O;cwmh2 z=idg;z%gqIo=u*m*OFujo-v0l=I;vTLDp3Nv+c@L*SU!o5C^u zx7btx97~qqn2dFWW7WpDzXsm0PAD8}!|rRlod31k`=ZzcQE#6|?X>uC zOgK3GrErWs6CC@}M?m~M}ZKjAhC$J)TKHtgfJN!$SnW`XGe9FzAphn!!E z&ttX^$9%E`$KK)TC0QQFs?p1kIEEeqIL7OLA!bBjJ2Dlvm)FVe_7OTinh)DA7oE_? z0FE)grZcZD7RS1(%H!Biz%f65-T!Lv%XeST*U{mt#jn?YuZUmYE62xvajS97GeP`P zeC(;)2H=<2y)Voh9)2l*1^A`-n8wdiK6a4&WdBpK%w(;T*x)}3%f#RGUxsC)jP()^ zc#&B4YkV0O!m|5QLu1*M&%HVX&N4?Y7R%mWSsu%NtT~y&v-AXIUyi(1 z_LD9R+Lt@wW82_jU2w6@@Uj$qY%N@?t=Y+_IK1Nh7#~58E}mVwJ;&$We6PUAHo?c> z$Jm#}v$*KSvoEWk11T!o7*9QunE|#!D^*cfEGG zOg=96mX9EIXc94ilYI5m_X;GqgMoIK3BTW3+o?WX3MN{4+K+$Vj4zE@tI+Xkbi4+g zMn}W~`v58U+^t~XHXom(JpsE^>)qc6<^~_11K%)o)vp6n-a8d?zK;JPa~M7c#w)uN+Xx%n<#Y78@VVOBHU5Pg@ zi9wh5j)t7~iEg^!bCjd(QlBj0bJn9;FY)TKdie}`0RszpD6mU|c_`3BfY0&zouU)C zb1yP`c@CnJ-R)bnU1}HCg~voEv@yWvm~*?C*TVCZUCJC8j$Jw{QXT`J_4r(Tyu06c zjri9t3F6;c@NW&c$C(n7vn3hMnB*3NZTJQh{`vB`-_F=_@oyscHuD|6SHQo`U`kgB z{xL5-{QLfX@DIG)hdtOlkk55AOs_S*{!Q=?`^uU_|IbzUx4ZpIlZ*Jr?*;!B!sq^e zhQ`16B|-dK$?uul${q!eO>o%)hwKv-u`Kf~*8(OYr(fBnl23|QE@ax^++FBi;aiKw zH~ObwqcXPxzEkG6$^0&dZ}oz2!qvskhO7dvnKnM<_Yn^jfj~(eX0AKkI~lS)Gdw8Iv+j8(c>cYW>?1~X3g#a z|G^Ry>{A#A{?&sUro@xerU1ri-MYRvSI;KnzF@P0Yl1cSu(63X#*by3Wk`%e4*`thb-n0>b*mSd%8oCulilqf9%*b9-u`CD`+?8*CO)`7#(s7AUNL`hm^EV<_G^*v#fy0NiSHKe*NTDuw~mIs zHyVHUbQ$~gDEgfW+znf!qy0BJ2SlpKQyyq# z4lnoNT4WGkoNkZu#kG34HauTk|F_VM-+uMU5?ovD=_RRraRc-cMK43*8hQxe8n0g< zen{;pAXDurl+lT@U%xQJwds>Zoy-xP(8d6+G1r=yqZezxekW8O*8=uy#N}_>#UB?b z;cxIZITI{rgH3V^X4qel^I6@j`7WLn^Mn2idQ^DEK2MI%yZK&$zrmGqaJYc|nkwSi zJN_9wgEI)8l*O}-c}CMy;MolL*DQDkyo52;*Z!56MLgs89-dW`qfE`eNC|&Kk5;SZ zZ*VuUAuYI@ii=}jb|d4s!Zf)vyLjH+Lf)T(yB(1Ig>u|20e6cAx!c(|ye$rIv&-x) z2wxLhb0bgTZ^GB&@HL-)%)_(|+eP*f%p`mb&TG#@Z}2uVT^+Md@R>{Xn=`s)Vn}d;3Gq7@50kO86RmsQ4QF zD10sXWzE-8ikIy6?wTW}u}^H$Ih@UduNBTnW0MBYNW(({xW;S2HHR1jWq%=8@iodd zDHFcd5!fsJ!ZbIxjgPN2|5XWJqkm7u2jOdaOxoa*;%mP6yS@b6EK$POjwBL z&)-*uuQA_7Gq*05uYD{}+vAM=MfBC;M#qc)_)$5&mVVX#xg()aF<;*2(C0AxbH)4} zV83UdPW?{NKUZp>-a~9%!&6rqBRLmX;-BkiU%(kNFAis?i*I6|{+OIOY96Nl`}}i{ zPXAy3Tp?~m>)qc6!}QN7KiRv9CAwJu+z;_zT*yDy_)o}%qig@%fH~jCIlLjU5PlrM zLS73NezS&opDgR2^JC%e_AhALHB$7?GKljR)v|i%MKQ}-x zJJ8FJSco119FNx@5}mY__0Rcr($PL)lxw^C)`xG4PRjV_e!#rGSpQu759P72;Gavo z@gj=ffrbC{%KYtJ6(K{;1Z3fLHoVS)*O|nPWQZHd!4bOQ2=F`bubAKI&ly`Tzaw6R z&%60vf#1QSa_}kmT@n8hMg05ax4}O+#-RM}Z5753zYhM@!Ox=b6nG5$?nwKjSw;Ng z_a49d^fV9uO5#P9^ZORf@Ag;3#D`|J!gKHwWtYS6kWr4`y$`)Beupih_8wS^3%)t} zI^dhb-ZPnF<$QCB-zBtf4p{}?Toit12jfT1M&Nf5_+6?DzuOO=OV?0;*0?<7wel3c z=hKgQkhUG7ZSXuZ4!?sF+jGzxJkLy4$1Lru%fj;4cM!hh749YuXnJr~fwL z00q01c8gz3`Quu&KMtQK{x~pgnlbYU<`_OcHx|x4J0Kjd5B_2%O8A|;w>RW`79T~X z6@G^wQ~BeV6B6&D_#OQy{BE?&UFMnW!6;vuj)n91-9GM>9}?5By#tuWYr(V!iMLW* z2DysMP_9Xt1Nhw=qB?hB(MJ1!3Fa?#E?^q{dn!_f-|6qLVdX8Zvu%N-SF$ zog8WZndWysTmE6uiP$z_pFfWIwu!l_e2U_aV;m31A2;rNc}y$I?;`bXeD7mozfKF_ zo3){mGhCHUc2gyDwvzE%DQ66JheGTHO1vdDULE5r^oGz=YK*0s6P%0l@}OjDnREM@ zXXvI`;ug|ybjD=(s>Y-9M}$7~gDXRK&#w%9sD3O@UO&rgGr_so)&(wpawmNa@*78l zp6<6Ny7>p9liX**ecF6C%WoFoBX1|ZG}{IyCo7zUI-@a@GikhD%=wE0Vn?NZ!DA<;>Pb@O)E+QxCrk_02Wz8Nrz?>R{KnXFHzx zT7PFm;!in4v4S?)n-(~0#r__6%kCH^j`UUPj3USvaaf%l4iZ<&{mUSo>nHW23PvB1W zOX1M|eG9#ROj%Q?t9N$F=AK-KvZM`?pXNUF`0xYd8t8P-s_u!%y%mLi*)4vyN72=* z>6bY1rHOTgemRoZQl?+X6JV~TUpQx*S<~cHyZz#xr7QLeXXys^%hEymrMcKIM;e}d zU7%lH*){Bb+1*aRe3!g6t{w08OMhJF!bpyb6=KQ#eI)1C*cY-`Q!|J7`!Ij=-EQ<< zZaw{cNncdGo4#NzmT?rLFXoR4eQ3)>=FEi9he9JlcMmo<3c6-aR9^Lwqq)W8x91MP z$3vAHvdj^g8`;u1(L((a)UOrYw=_B1zNqFzsqS}&-bUV{iEZET&xzlBwfvlz#yL?v zC-5VT4(NV!iS8Fh%Fl^=h0m%|>)Xegdl#-E3@f zR+QIG*>U;RL3Cq{Dd^@%!`o&BbaQu!Zic`MH7>6x(M{R0C}%1ecY;;k{;GSnyn4sW z{N9fN&)>kfgPY2@yPNZVL0w;IZ242^I#UJ%wxR2t=z15r-qz$)U4*XRJ{(X_y-p^8=O>VCo`=4E*s#D}{xLd{bunr1e zR_mbt-K~$J^N9S0bu=w>v(iW+EH)Yt1`M-p+l5W1n>>SQ9&z0N~ z?(4=I+%wjar*iEVUhZt>+;(&0>kTW)*q_1w#X46Oyw+ZVz83j%Ww9?{3CGa&^5@F> zh19K!`oPt)QlHK6FfF@Ia%GLCZ}@%orI2%9D0CJm)GK!mJCXW!Q`a8q+JpQ|@;xz=d~McpI9ChY zN9*ZJ=g*TX>q;Y+@ba6uxw7(W$ZsXzSInc#>sU~>h0%tpTkYfyNWgd0Y?W53-?Wiqrn+QKX83#|@g><# zos)30&PljS=d8lc^>Pw=awNCq734q6Vgr$L!>ME*267VaY7FMA;&rCN%~@5ho_@Jf zU&$9F=WuN>L1Jt!INsAE)Oc^h4$RS?x%rH5`ZpKnd5Y&ep5&a$^)TM&Gv2|yo;c$j z`2)uLLB5|PuV6ppJ#vMSOI{i1hx|Oob1UDe~vB4$ox zyw@_`r!d~5R}MbjlZ|;s zdlf2&U_Q@WmHfA%X@-f-(f4`PCY3kMviYnBuEE-7Yx~kV2=6!q?>Nl+V6Y7aXTjhc z7;GgkkJ-og>^Pj{1bL_9wQ3w$0o<%mIVSQe(PKjAh4cNb#*x(1_UA8le=`6#CTpyq}e^RnzR`*82F+ zahL0q@}WL{V;^Ts(>BTTRLY0mwa?{4E54O~N;sEwjGTvzGk<%tN8x#z1Bt&^e66yN zy+G#S>X5Tg=HXuIWSM{Va>mM1nUj^L9+No< zr*QpFitng8q|lisBg;ILIVtlt15c>qch?EW;dgSjxfJu8T#lpUWZ^i%J#Fe&fu0rK zQfI|CsJG+_%+Zb<^~oIq^QmVyb?l*zJ;)z``RJp=0q@h~0*zlC#QQzqx#+2rC%VdQ z=6Q(cT8;B(kA1HT6c=t%0waNE67{A#ged*?n%lrOT^Hl0Vp3e*No8(wy zYKVEd2i@;wp6+w!>4(T`mZMF6e)AP@uAZFAVn_a*7{I!E&cVm&qebX@G5xnBRLD8d z`%-zI9#m|1ZagNWoREM6F>Zkl%a0!FI_XfnW6Mt33O&f*Ch7(C_k7V0E9y4%>3!C$Lls%eK{@Yf0$>gv**#eE8rBV@LF zpF&?`Bq>L+XPej{O z8^A5FQQ?=ACAcQ|1FmK4Q8CZoXS24SCAWa|NiNVQE;p2%{&LpCdn#O!^5SEB{ik^( zRkF{W0H=|ls(1% zxV}3gsh`+4Vi)wWf6ARA!LcpxO$<99#wV7kt9Zs_Em!-CN#-K`s`eM@TiIVc_gOf} z=8z+2Cn|_3^u>>{PcYR;J^gZLlP}kXMc)MO*w|dMzsPH8+x^5SKgOP$muur2?_w{FIv4gA!Jbp_<>K0>-{;{EHk_eZpT z661&=^X?!Ssd#v=yw@LcZWaBU@x_q&P6dU?O-g?0w^7@3d%K<+$=r%>mb7?ZNc_#@W#@50Lm zThD*{+w$wVaCt)g)jt*QAGt;CFW&!xtmktA`-_=;HS1ap>vN4`kFIfY{dYLmkV9uP z_@Fo_`JWGxE3}o|!VlLI&&YgOPmb1;YOSx?(W`Q#RqgoYADm8$JuI7X6X84FZ?ofT zlzb^isH;^GVv+OB+Y-2|d*d2NYlYYTDQzt=Ie0`k8W{?8UK%b{+f2mEK<5 z?!sQ&=t^w=N+(M$ev^7x)XSDSPGSF`uEMdR*!EMJo#!_BcxP=T?^VkF^zP8~I-^1M zrzzXppT1;Ua4+s5$<@jj_VSCeKi$#r)2YV3C*hrxWodnE_3yvwwo4vD_TT#2ch?zh zS9-kD?VF)=c|>%HFW1Dbv9M`u?3wI(Y#Z)4I2*;^fWNgjewA;ojdXKbs&d7@Uc;Ol zvE%I}I{)FHqw|`u()qPj_=bk)&rRQ@4#%j&aq4h_I@r{qN9s_=9=X(EDs`y4U>$BL zsly|T?cNz~9UkD0mp~nkGp0@y$JF0Q9rja)G<7&g9S%{4!_*-;l{#=&n0+eQ}2V z_m6+22YhKV{zp-Vvx&=T4}Rn1Wxn=kKgm(}+F|7<+3oEc&HW;N65h|kvFyXxJ%?RC z$^F>-_A%xmW7g*U$IR!cF)Nc;fm?*pGmh zPdc08jy39-3)IoY`CJ;?;UH&F@s$fd>bLbXI!(Q{kfG)g^^~()`+xa|PTAw>!GCdb zE_`|;I^KkivF&Z_`fL|Ej-X@Y^(C%?oBMU_mU%W&$2jB;kNChlJPt^1-cT(uV0FfC zjF&qXvVXI6-R(v<81y{6F1N(Jv!1&ko}q28J)rMN_+GtxPeQH40?B-0Z^oKM-RCwr zAEggvof4dG2gBOYkK9)!eOQBj{Mc(BMQ6&N#C~ENyWwcqc@(^UOmJLmB=j#>UZ-=9 zn{oCZ#rDIO>Dhk2D){7F%*Y*XavoDMBkGK=c>ld>dQCqUtyhW!Mw>Un^ye zS7nKhYRYGnkBalE_^8g&zc2BBBKf#zV-|f#u0d;jbJ0gNU&gHVLFqcYLfQDJl#DF; zDfp=HKZ}p*B)KnaerFvTcxR3HsJylmd{or$o!`W6L{^SEt2<$+ckU3cX@}HDVw!B~ zX;a56b<83^hh5wq;jWgNxN~xJ-02-3cV0;TMa)~vPobYN;QS}aS1h@Te<7H0g7yru z7XIoAd_s()Cm2WDy!C#HJC0EPBu}ooUxm76X>ShQi|@?&XJn_5y`OgP8@SH?8?p!B zOsy;XIb^FC+BkQuEoyd7E^c;umo(Fsw-?&tFH_p}tI44wpR5{Te3dc>TiPW$&fz zy#vesCS|`!yAF?RbdHS0kH`Gz!yc0P@o8z-!6rw>xkYwxIOONv$&2#_4n4P#eW+U4^T1CI{JjRnU?BhIT57xdZ zma(fGv!@C_Q5E<0+|1eZ*BaUA>wNMn)f$>jqwiVO*rPmW^W3*EmQCIgQ}Z4!m6Q6V zZXrL%t?a+P*7tjjgZTY&ORDit@?0vDTzmck5pmJ3Z8&GQ}7CD|n~)3+`o) zI=7iU{7&v;0FS%hJN@PCgvbVk3D^uj01MwMHiO2(hZGi8?f7Xw7|_MuM~Xd?ZS14k zP0l>}+TP2)2zcV(Zh5(exBp^Tee{9??i^&-LZ%GtxB+zI>~)9V*iV; zdd$!BcTePZ;zOOSaZc{6JhO)}7Y2i>24W{X{cgF#M#W)FY*KeXNZytEz)p$dSc+Zc z$7OR@lXIPtJ#L4{KDmp#Uyxl^uu5e{T@1??Gk{?LIjL91GVdnUPYNaL2d*9=&h#>Pt)tm~?X6(Djw^uXIsY z)J3m%|6fGg1t~Yy<)n&rq0S;VHMCr{M=N!Xx^B=t2}hg)R~C*q8II_WPbkmN*4LK7&4`O#3opPCv)`c(i>Sk5 z>ac`5ETs<1gdrjv* zeytOZ$opA*arP=W;vpYL+{~OR!x69k0vvHO*pb#85t*6A?ss*J(Qe_O>z{%n@|^-l zT-+r0Pr(r{Rdvh->Zq}i^8j*|vESAc91$HOuP;FyO2n^Y%@I>qFb3-3tPMW>yPstwerVkc{CHOwD>o{R zh;3OtY>xQpS2Ra#VNDxN-RCqpzr8%j5%1lVe=2*%?L)ytyR(EBb`Fylo+<7L{8h>P z$Zaa&h3u1xe_!#!qnZ~k4HtP~1g^%utgJu7;)UX`E#ZZGKMyt?2a_pV_D*Gg&)%nb zA>*Q(GVB`ukEX1&%L}vp!lh&{(|uh}%(&cG7jMPHxce@(L+X8=Cg zvL_r7zNq62=EFf4zh1rkKH~Q??uBO*e8ls)heFF1AF;<9vl|EUM%i!hWUBoJ>MDNQ zLwhuDq)m!9(yrV_)_B@!Q7>x)b)>$EH%eWpU#~r ze}3Nho&(^>3Fg{y+O~fnzj`-gYXEP=pDO$+z#BKvcG|CaBYo3N->lq+>@>3XBfAW5 zT!icayzwPhw&IO5Xv-|xGMl!{p)GTzEq4{#V)@FHcKLbZ4brZClsyPnHb3D&81(pLx!hz#GA2c%yxT5&N{_joe=YZ(I#;Tmx@BywH)eD6YTq zdLx^-$%lnycq3&BZ+thtQ;Dlkym1Y@aW%Ygaez1O{{9fW@eYT1xE9XW2InIlPind6nNuH5GhX-Yp|P-%F**PX zdt5yF25Wdgc8S065|KRw)}5YIMz-zBZbx=s`WnMZ&(zqaYQGT~ZEDYVDmp0mPG`Hm(;Kk=Mc1!!g0{bkgGe&)+ByL+;3{NtWN-|6PNci=1g zK5grsLR;&?PNV-!JKyzkdd%F(nf8_i>P)*;l5oxJrnW71=i(}S2!d=lMzKF(7fyHxK_C9e*inPgtbz40sXRd=5vmIiwwbBuNM zc-XPvsNI0gOjSvTJquKs?$gS*8B(cAYqSCcEFuR=T- zJ|O8w(btCI=nK0~=?l*7otKq($Ch zF61aWN{<~drb=~mxlczbp8~v2bW|mF_eA_+j6F+@efFi?Us@Bt@yDlK6mY)TI0QPKN9PqCnpQ`B;hC5==GfYUmb~esmO$k ztAFQo_7mr%Y^s!g+U~QDvp|`Yca}ikwJq;;5+|{hHDgBP8HsCEcWr}_8P-XO6EMNd zb&REd*g!o-Gp>@X3`}uUkAFA-kN8OwL0Q z>s81XMyyvbUl=+G#Cq}iNzo6!3%T#9muETsJT7q=_tv>NHd00XoPB$qvvtI$JQgzK zOk8mtbA7hn7?X1s@BYNgoip((&3y27;|0c;+_!ydNodIXwjZQ!S$_K<+Fa@HScjJ0ylUOtLXEvnB*f-5=J`yST& zEbr%LxO?mew!k-u6;(bh{8?-Na9)+?l_he$I$5m25^o@WB{{$8|Bi|6t#A>1RJh1} z+m&!P8(U29RrY=*?nj-&s0phWr6~9+F-o!@)9ByxW=~VeA|^m&1@7C{_>qe=Igcv* z(3l-5kJ-XkWsghkeSq2OE^v5Y%(LS?dHKemJpAkB)_}p}{lc>|wY~{`zh6^1255V0vF+ z{19#bJ!gl8+xBP24`UpF(Iz|)e?m<1N|kGSm#^)L+kqJcZU+|*aJzlTgL{{o*DHkE z?bEo!7%FhP$VBkbTkG{b9j7?oXS3&)|p0I%eI%m}yUn z`Og@b3AkM=`yea%Jn|PYIa6a3Ly{d2w@XZn$sGl9S3!0yWkrauicE&v`S-DOS>Tqr z4;lFW%>6v4P*&vfn7IKtQcunk_QlB?X_u)dK1h?ZiY9#6w0YL@+h}df?Bu+LtUsIG z^BU@G2f7P#I(PoMoX-8*J_T1+m<*@e%Q(d@RGbdGT5-Cx;&dIM&@Dz2v6uF~X6g)X zMBWjrXbi>RIUN$q&i<70k-){&8D-&evZwQ{b53Vvy~JT5pMCJBcGrLL``Ii0*Wi+x4W z(-JrxWhzeRlPjF=J0I6NLUuVFy&oOH={jaUINPAl9XMS_Abua61UMb9=ZJprJ@g_| z?nW6@KNG4AvCq4cMg4pj{g||OCOqW&#>Utz?2l8-rC#RI3(O%n9biIs7A@e4$2-p}D5>cKyx_*`m4fzQ?a9zI8TURhFxS0}~ic9!9D ze8=3Yu@FoYEW80eS0#K7E*ju-dl>WBW)gEgD4*M-W$i4-=UnW_o$&E5!RZs_aa!>& z>ZJG_IPLMdI|_VG%R62o@A$>ZJ6GUyuDrqc-1^?~eC|^PJ~!pn`Uly&1Glw*@E@5w z!}Jdp`CPil=Ng_U`Uf8y=;u1paO+LR7|tD+^A9SU=vPw)@VSM|r^92tb^O2IKe%Pw zu>6Bck9VTKVfqKl>hC98`#T5I+jlv8=JyYJ`YLcf?H?3OKe((^M{pup z$4mT!N=Knm9S!auEUTlB522&Ky9gb zFf>czgl;vyMog^u2cPA<->dWw!qH|JE6BYf{y|U9Q2xQo&b~VTU_bWZh5Unm^D*k7 z{ez0<6}cof{#0WcXQLZ@XF$JKdIl8xBfuqjEnMREDP_S!v``h&0 zDCwgA>z23v_xcCFE_!+iE;)#QaHgjte0k+`^mFq6&h(uH{ePurLD5NoOY(Y)=;tN$ zQ{o>i(N9PF%h$U13Hbbjy>Gdoe^8Av@ejV^Vb4EUUGNVcqJAr%y~TKcxbd0y!v!0w zT-&9&!992Kf2mtJ|KN!+MgQRQ$k>YgRN#|k{DZB?`D6Tpt2q-d_3+9X%0KA;&j0!c z^`7$u{DbGZ%k#;Ce=ssr@yQ={%K6_}!Tsh4=YL*@&%nueZT2s8riqU^ zzfhfZ?X!t1jRyTWYM+Srx9HpxQ>m-u0ot+!-}n;z6HAHTT-NM7_40Yvhsz9$&wKG( z{P3F4Q!k{Ooom9>8(-?RRkQ;e^iE#)VsHEzuV0vhA9FMM>>}1K@_|_9+(P%#YF+3|5I{CEhXSlh6A0wZc>_e!vn%qiqmOZK83-iA8pM_6|m|e!Kly`&AZ>nSRiQ(#t-e}~~HxBqL$9#CAp7}-0t%^g7 z-(+;#{&>}Dbxx~4eTnP0id?GwSNfTBpZVn#PWQZpPS5;>JS%usI8T5N+wjpm2_|+g z;XU$ypIpZGmh&CH@5aYoYjmgmv14v|-h5WMSLVpLxWxGDZ{|DYJY9}C-93-^XzV#Z zmRacDM)$iPrysG$s=zdFt@PIJEc)k6q&hF9Fpbv_5RYWW!J|ds(c)%D=IV)2#Fs7S zEPDwiioR0yA?GlD5&2urTfLXxAL6xOqRQQqU#Rx%`x0{Bw3nCCmyd_{-Fm;y_&Iy< z1xzH~+algu?sr)A5}3&M{)rq;y&E+qZqk^@9+Sev!x|HhX-te>7!&W>qcIVmmNgg5 zz#nuWO#BkMsFOV)d`Suu=eij3dG0%M+=|k^(sJHgS`IPjvhKzxr+|rj#V6?E*RU`V-V!@D-`OeO^}}>Hc@|tO|&7`2IkPF9QDerWiC=*g^AR)EGE)cIWKQ@gNd9y%GuWp z#KcWtTpi!*!9>n&=4yF% z5t|yHHaI2{-+w_&BzE^~gzpW8i7EF?Pe1t|%?1y(r^?^6z>POq`-IvDU@JEfVh{d2*LD zIdZ<;M)xaI0ZcsNw`a;>;+)frr8@8^3LbG5Mdr{KM}moS6($DHpq9bJD8Cm>6ux9{ z9LRZ99oI=dyh@cfVL#`QGT6|4Hu>zMlY*RgBkkaQ?>C<$UyS0sy!YqeXSPLi-h}47 zk+92o4;DGE_gmS|yAEAQP6o|+18p%QYVH*|FR%N4<#OKsguXu^H7=Gxj_CJ%mYiUl z!5iAB&JZ2u@1y+9ce>Gwx3^xpuf7OfTAOJX-?yZF@|*n&WAeK#DwhK1ODONr2h};P z-OX~o1bOdaO~Ws7ME3KV+27#xYgg#?>^*7^FSO%1>g%4touy(+?PQa4Pouk6XTe>} z~La^^kpo{hSe&*xr5K9suWk4n$i1{p0kly~dMCelL-^W^kFk$W%F-kSRHv zMCK<;WJ;b@w~kug>Wh>2?oxTHJbB#BF7;bAxV%D};rw2kW8OZ6Zu4SkbHbCU>zEi^ zW}(f<^x8bCM5f(RBCqA*T_zKJiVAEB`+6^}P0elc{0cGd_pfC!Wgp`)&6uqIVv$KjC7h z65n2QmT`()3&pqwy-!SAOxj`5E{W?>`@~VLr-Xi{+-IMCh0#lH)xbWnymuz- ze4BhTpZGPNj*wkWM;3RLkY?%iL-ImasJRP?3-4z5_I{Cd09J~3lV z_KET99U026m!w{e*!WrGd;7AoSKM2JUyt`>pBUR9unr1dr{VUj3zOt;*(d%Gatiyz z$Kh|by9Q*jopadEJ*%+!ct3Z7ePUbh6Q{=&_K8388~l2d=anULlh{S=*hN|VKyojy z*xM5K=l_lk=TUpHV5i!PWuN$i{n!{w-SZ#rT`1(bAr{158g}kMhwnj$4dRo5x7GXN z{v>`x$zoq$WCh~>G`?jvfsviq+nbTsh25Ou$ytqSEXLHPMm~eTZH9MrQSTJ-0n{a= z|GD||YL)-2_Yv`*T^aD7S&}1Qb;L0xU%)Ej>&P9@9}n7({b~K0SPJ1#r-{S(D*0Vb zFRpMT$IEH#$J4~wz1R|WPGd*Dh#h%)F|U`zoij`0&bej0k4^bvONDcW7@%{+0G*AK z3xIM?NBwt8jaBySX>6?*v9-=%Yn_AB{04i{pR47C8FA;-thn>5+2o+Xx6w;%OeQiG zU(q;XWX6;4Ya%(yChhoY3-$(fsN`msdpzu9$T_{5_&$70?)Qtnr9Wfr)rlRI)OHkl z6uX0X>q+(*bQ?!c+t4q$4Kgc<5hA~+@}aHb@9XimtQ%pRW-f#ZIRH6>Z~J4HTzg-9 zCMpLY^~ex|W)h3`QiNQ1$h?7Z=E@ppc=3BbdzCV$Rk<=52wEogE@eneU>cb#@Eb{) zp_)$(DF8xf`dm z8e4$!#E&iaus#1Se9miJEW3{JJeYn9dPJ{s*VpstvXEa8J=^FvTdLRD)MF0yn2Qc) zH#uKv8>mxX?I@ zmgpm*_d!hm*y^X=dFmahfaef{Il98hB__nqrpIuGmAL>HEOH}#E=!H+;<+q`a{S}& zn%RuIweGkRKasB=*cTjQJc@2!<$Pz}k_VIVn38)Lx0LCJHMD0f?P;SQ)^PtHWyQUF z8TEW;Tw;q4obO9Z`a$kv^!EefQr*jVe$(*gd%K*kV7@;~o+tl&FWV0jB__4PvG7OO zb@W4&eu!QYI~(V&jwE+S;K#U7KXjJ#!}F|3xi+^S@VibjvGp3TMTDcP`@P^7S$uI1 zf)@{!;VE0>9wB&!;wf!Ko^m!Rxz{=42=6MblRDSDDkOVxV5)n+*S|c>e(qju1In}a z;0IbIvh@94$5}tXN?CIS!@S?U;bZ9dIO{Iu`|q>xK7SJ1K{!x`H9_`3eD~wN-^ndm!`lcT;od1-VH*+=EepKJH(W-OR2 z>86}~t@u6Nvkgzsh6ru=K4*Xi&0*Mr4_@+k`|jBoLm!x{8z~2!w&J@J-q^w(0J;}F zc2kBuh5vPw6>-awb1W}>ez$)O!A#Eb1v)ZJb1x;)@te%%Cd~%8EBsaghXM;YKd&K0PjW^2PFdQL& zk}+_w3=GyXsbL|$|D(5RK#z{887{N}nm;2@#W!U5SKQYYR15>wW&xP=-%RK~j z+e6CF$i6)}+Sh+r?L**a<-@EXKPGt^SJ&X-_yk+wgF2BDyCVajxKGCq! zo}XRkJxNtK_?~yG+(vSifH6THuMY7&TkC1_2HMLyVe9qCT1nei!5>!hK6qz?cUkZ* z2i{q!i7|UEpS7X0B>G`5Q}km6>{T~Ui2sf?|KCbKQqPD#N3+f?Qi@aQk;d<^am{(? zXFmFgyZZS6`neKan7e%Uc5Mnda^`6;9Acfn+hVRav+meyig`Z13by&@yWHpYsON7* z=3sZth`a)~NxHZuKJZAvf9u+2nK&{QF|QUgHRKjVi;I!4gIi_t3%9_I2M}KY%lQNZ$1{_c^ z%k;lsy>MEac_wEx3ONl{Q6?B)?%Z3b8sEbz)<4FOg)BMiF@`?x1JC3vle_-wb8m6E z&t?RBl@c%D&o$}B3agw9w8KnP`P!i4h<&Bqj1i@U5(eqwM=(lV`fP$Axm#IWV6r@$bLh(@VU%tX^K& zto-|hv;Fw@gJ=8EL%_e!>#vJW+RzCydwC9`laBT+w;RukPV7j*zyC@zI-!jXVfwO) zb4()}iEn6jMli>ESL!`M=7{W%y_tK2{tA2@3eZarn{`1|RLx&3g^57qzck{gh{(*hD%?kgD=QL79{G0lZ z;2-mCADB{6a<&`%JJQfG&luSO{>@-a&7%MDKP&wE%FH7E@q59)t>E8}L!K>vNf7_Q zPOH_$zYLfx7-XHOh}q1wYzsUH8M5!}+I+?H%sa?=rLYZKOko>+Q@}RnbpYF#+rsU#$;SP}FlN9>g=yTi#gOIy72Hon&Z*RdK-*1u zZ-2=7DL$Oc8ZeD@Kw%ndib)?TOrswK(-!{&a+9ojJZBR+ ze3%wI=b9|RG+qm)J)70@7rAQwQm*6#{+{ogE0}hqa6grA{*IFQOPvdtM*p6QkMONQ z8q;)pWK7!3XN76`iRfh#|1SgYxf?6t-Sy_>E8)FuA?H(~n?=66seG~o)2ckZ*l^G? zdU+bXuxD8~+X|)y&$gn60H*Q!!=e+`sa|CE^30Ui$?n44ROuq7J>P^*WL*#YFpc?k zl)0*KncU?sFgJ#SX>UDV9@BmVriFa}{z!fYpD&(w{7dvX41QO{w`39Dx;u;fu6ZE8 zJJRsf)y7Xg9prb6t-kgJQ;PTo{tLb>1m8ZNKmXs(@9w9c{+Hirzs0NMcP#X4F`{IBPC zedXoDl=A;ZcGNMZ z8s)xS)^y=D=1zPRyVSn0;(xU==D2US-*)|RUVbN=?_~LIVLuq(uZ=%N<%%GmhrN;i z{m9G1Q{Xb0equZ5C-#B3N9}6E#^;im6?WFi{$yyT(E#pQl;PdGYkZ!2caOXG?oQM9 z?!py!H+-_f$YB#pY>4btto;=JNy?I35?RW<&wu|JzxVcir^{MidAl*6d{c_!aBo?_ zc0PoR!+NjxAoWgDZ}xia6da1Rup3$BxZ@Q1RN*EzhvJSYA9utb8sLseC&mi-Hqend z7tTKq?mu6?_pX@LMPH@R-!{?Lr7>#}pDnI%vP<|pL7imJ5*}ROjhO&ha<6NbLcB~4%?%R=Sw{I@jS!x49~sv*||oio4WSA)adjeJ40I~XNyH!ZQ7dc z(eMRl(WIURTM+@Gk_8XETjOmAosbL&W5#J2HT-o!n z*-O}P2vyw1YexAHpIg}(K?$)hvzKRm|1 zmh@{Ht~luZyDiGsuKGhTWZ6gYX`{m|^~`m_ty`!seVjqJHgYB2QsPX-hX0E-%9q}u z?%zF5f1KbyeH6wQWYSOeOUR+`+B{!6eP$sGzqcyS?@Pa|jdJP#f-jwZ;hd9_UB~Yq z!EOd5CdrsoXHOWDGJaJa%&5n?eP>VXQ4&W@Ij=Kbug9c}$LyYAjLD=sChx_MpvFm0 z$Q>uAc@ud zW;D)GMj^t;%al<>%Q6O#@ zodj%fUT+rt96~?H?BzL#ev0=)!+AaZWN$}5v^QXbvtIm~oJ_soqdIHA_!Jxblk7=P z!k!+?ulRvu<#}glW`bC*e}J z8lNO@SOk2@@ZO)3TgU8acAmYK9IB_99en(b4Zckm4gmf&2q)MZVlR(*3I5kJPDAVJ zj5QJ$wiq72m$G{}AN6<00UsN-%r)d*tS0s>6c%&Nh8Rbc_pXt1HgfOiTk0jQN#ah% z5(^pHaq@)R>s`5{FLAYT+V;*cj8%8A%N@3-;d7_=@Z2l;q^FYed7AMe=gNxlOyg8c z^4SRYt8xd!i=0gx@L8JAY(7g)ANX0EJ6pMX@WuEw13r6k*8=B7&dZ&JH}x?lUyS=> z?A&rQa48cWWp%={HnY#))#T(-O-}bV_R)7XIWO!Y7J3h{(0hr6-m}2z-Mhe9b$7l~ z))rgl?nK6YZKZRXGi(y~yrn5@;M0R+7vqygGdGp}aHtX7#V^ZxBOL4q=g`k4MpL(O z#_70!Eq3FyGpnfEYU;Lzx~-*dZPbmJj&9;RdN!1=+nc0rXLQ}7)NKZHauITT_37y^ zsm~d=K3`DvAx}Kx{&d_QbEfOF1UXBokKTiqH9yCC-`z@mR+g{Nbg9odU7sn`r*2?< z(xvq|=hkNh^~pt1hY)vWaPCF+);Z>z{%S$#vJ^D+9b`=G4b>;5%L z{dzjNqiR#L^CsROQH3nVOP28>xw}ltuqdOO`>`)?&36iqb@xx<&h*K{$Uceekuw{e zQ8zX^a9MIcxN(HP!|syLLRT}F@f$uE3T-e?;FE9QZ1_=8_{e)>!Af(l#>agcAK@bkAK{1!ANOc{ z#DC%8Z5jI;%h|VSX=cu|H^_cR4|`58 z)Pj#wz{k2GKF%QTyV!#YAJ;}4vyJvKMh3&j^eZKJgpDZp*uWe(o8TPFVED)$qB)1U z`S!)Uz0ID*@~V3v$3)d0n3*^;ti#K5I+slXvU$b?TGbK5xqVCn;BY!J=WL)Or{+#^U4)pNxFqjqrACdjrUxJToXy01e*XH8m z-PCOWKJIt%@o%YL&uZ|IJ;?$-GG4NbmmK58kB>jTZy-M2j_d*WxX;DMMaVAT;d-fZ*=B|N2s&TGB(;u5v$s1iN zZ$^o{85bw-XldU>OZp}{%)Ut%`{ulNep>fUH)BA2gMq%O9Y)_A4ED{D61fuVdJp}r zVtA!*CJx^Aa((mJQhDP&dAe`L4=%4<-@L0--slo}qc2Y0^b&cQm9%jcylFKUye8zx zK7hm>K5-P=cqR7JDr~3KVBi|~)7nPo4a6;awy`{weViQS#ve-jO>#`YK7Ijv&+5Wg zmx51h#(&odPuqrFxDz`NyRiqG@g%llFSgzl%Ik@b@!4DMcQc*X2b-}E66gz^Wz&_$2Y-m~aDS8Q&)$qK zyZ9{C=zL%Dp3#=aX@iLkYF3L43)d1GmOfG3Y`H$GkyNi4q&O3Vki8ck@Ar{dya*RZ3=Ps_}J^*;bUfwIK6m!)hB` z<`(c{Au?UNxJuc@(~v8??;rWh?BY&f;jyVEch7`)6w|IQ!(*%5zJA-2ecPh@ zmO1G4?Got+=ApR^owYVP@j^e~pP=2t?b~OGG4c9V#RoFKJ()KZWYV|H?ZIT0>)V~k z4fJh&v2PzF|Dg1DgMP1`xok21mrG3AHp<^gPFdnM8-DW!!`u~en(%*_*dY1*gzb%z zpJLq<_WY`h_k2)~=lUBBbA8B>SW}rtW|UYU*(1Yt`z?906bDF-Q5=A?evUaBEE^wU zzX~j?Wxbvvwjujt(U5a;2E1SvIq+xmIT-hWe+A=e8u<-51(8*&cL#iRF2rWP^yz-r|1y_4%nLcwI4{=xgG&r+ zK4Xu)WGgQC7IF0-;`gbrQGtB?`bU}@Z!j!$m_diwga&)Y1^s^x{rl@G`_;tHg-y`3FC5OWwaEkEC)-p8)LyZQW-k8jTBpO){`BQF&S&CM(d zIj{c%V{Z{-i?Z_hG26o-=7jLfR`k4*|Ivt%k+xA*hBnpT2-hS=;cm{!JxZOtoXij5 zI}jQ5H-;qV-6Z*Y+C9?up&ic>S0U}sEN0%|yYkv7`e6Toe4o>et;8hw^)co)xBb_L z*{i8)bpGrT#v8x4_`SsTWtK387)K(vMBb71zr9)Am*JP^mHj*PD&yla>ez4#@pG>Q z4`YptDde>=N0Q8u_0nhI*elo|-dxDUnVYOG=>Dr8z%!lzr8?aJo?F)Qywz z1u>@0C5_JOA6W77E6m4c=9F;s4CCHpZd&Lk{z2p|27mun=9t=Z!na&)oRv6`guCZt z&U526?Zxgq6n{|$JQiK_h#w1mWJGSFk$p7If^g4hK0j`IhTk>f#|rUYW)1kmZ*ptt zPnnxHk2M}0!T3o<3UhM;b5nd`+>_UlcsydXj|LAZOLTRfvs8k6661Rfu^n5-kUwox z$azBIKRN|7#}?;oywbRA74{Z$b}Mr>w~8`XgMGC3z&hq_B2t*Q+kSVx^Xtqr#cA4z z(`+M7Gg)P1lHS<_or6c-ONE^1Bh+Jl_!-q!u&P4ZrsvIa7wNypKIQgXf__Pid83gfKB|g7+)5vQ%-4szeSO%>cbmU*yJ69XalUVt z>BGnW+K0Qk4{iEzMM)pNjy`Op53_vsAb!~#?GU>(MLWE9o~E4=NAWm159Ib;%9v%3 z<7R#@{!*LQ-~74Lc>}M-7ZgTb#m$XQ?8VH{zn#d~i6eu# z>&;`eKIl0dSRYsyK7NGn`_|-jthuG@K|XQwsr#|F|1f@PVeRc;?Y=o2db*L{Zac4Y zpd~{JCuF^OJ95v`zDp_^o!_KFMpwlpryj+Y{!KJwOsWVuzveS3$G^VcKWgap{hdRv z?{Jy9#>YP`{#f$O(J%L~e#m;6V{PwdZI^v7IWH?QURlm)``1nXTAyZ2FfMod*LpQB zPtGzPB&UUct^fTeeRy)Cy&lYEzRuG;;1}=*Fw+|S(Qo*805Kvi4+y#A zk@K5_^MFmief2zGOi6!x9PG>f{z#8i>;EIKW&KZ&53c{`SR?bS|Llvhjyw4lz5X+Q z^KIk(>wjPS1H^nxZ2U%GeJZa1>YUG!*Mc2+z5cV8#rnVdPqzLeudx3Ao^dYgKV=Dy zGarfXj~Zf&3vQDq$;e3CWc{a2^;d#ZtTA_E8?gQt?rfFy-$up?_7|#ITeJNA&;d8U z{j)#AhsOAF#~FUhnr7!K=kuNFJM2>=*>iX(1D|VE`<=VRR=kh>i2IQFpuV?NatZB1 zjygw|_H4F@+TT=smNf#rITC`)UPH`=THmi`?QCFuzlJdmc9`^q1(r&zk@U|i=StT1 zwXDbBgSkep@9FU_pGWpDBo1T`a%!nr2<^}KG1zyrKBehGGzin|+c zoF^7bxKv=B<4n8BUSnVnMczw=ocq`7b&fS(I7RLQE+5cq+YxVVQ~1i-_BrM@Yg^&0 z8Ef0_z}f~T2i7)T%i6Xaedd?xwT)*cg5R9JVQurDHS1`9*JZ{+_*r+VxVAkm;}ecC z^D=Y-&oTL}^sBuR9l+0o^XA*IXF0>!7vU^hWVCLpj{A`J;1oAWTgS7e>$dLj+8R;o z_<*+lAKFTsN8$V!aUQ|*W3(+0=fUd+Y3EYfiOgP}<=T0#@X!aYcJGEw7TftgX(w%J zU>r?j97Si+-quFv0dlIzoVlJcHjB?Tz_m`zVLZT>9%1~;Gc+z!&(ddr2y(7(AE;lMzcZn@fb4_9k+L>!6x(X9t zumH>p<3|xbX!G7rh){E_or>{{1{&%W$@#!X9TP#=DX_1~Hgx07?)tfy_E3U$U-`mPh5$y2cN zbNnqnvg@&}GWhUC?hDJs@4#;v8>M>#BKIV6l^>rqTKxF3Hy~r~eq_m0GSi)r5-v2sp@HKj!=J6VKmpr}igYh|jFB5T-uCK7hn&ntz` zOe%0D;n$f~#u00doRw3ybG~MK9t_R5jq_RTbZ-WA!R#1TJfh{ zJCUc>PUiZ`SI{GUBW30DBlOz&8pB*fdlu7{XoX?YHj{obu_qfAGS-{G-m#&l-L+w^ z@%IwfHqW(V%~g#7>;;pKw14Y*bstTjz0CCmv{9W;X5FcW(={_EZSYudfSBnW7P7Xm z7S)N}&3k2J?{2>#rp^%iW#5F{jJg{U-zf4PTdDHl9BEiV-UQm&)EIKSbsrz`GYN2` zae*6?^rrd>W$#PwM~g9@{&(@u5u1dZ2=j8}HDDR|dFPwS75_H!#y3_Ny>mm(^~iZ2 za^i0asXN+bZF-8|UI;gLZY;q~@b1!c;3oAPiJnKH@6mTQI%D3#Ji3d1k~tSw_jNnJ zT8bZTnLE~AS>EWpDIz$H9nGAxSkJ^3F_}}@WuC1cQCy%Nc~Rs|N1pIi!9Vdu*vQNJ z=4+BR3&y z*z-5;&fhz)lKDHaIDZr9U{y%11LkU1r!pUeTjbkDZ};pDcg!Wr!sTU zqn-nq)#zePa30_z>S+H(o#G(=v05`H@A{R>{APjt<_Fd6$E*!t#VfA?8<-o{-xK-M z;sWv%E-)tUbKE|aa`O3+f(yGFLJ@MIqbJ4*_XFbx;pySRUxEwo)q{RD%E|e zeqCQDGLa$sLW)DIyW;;d_b%{J)o1?ynM|$%0)m2q<_d_=g7t!ywoDQb6}Pm7mUeZQ zgn(#im%7-+7HdKhq-|`;sqSVg?TQx!E4!w+d{VlT}qU_U*>o#bzhPIb7?>m??JXpRp(PTnAc(H?*f2{NA>2rAw`i?>W zk$J#pu}hoPF0I$n?lRiF(`he4dtuu1{OZR4Kzk`#&uB|_m19dg?fGd!{i;trqxxoX zXu|*Ojl;nq?&%qCjG5!h_2e) z5Wl(8_{FG4G_W7yu2b*a4{_p1`WkwEh(A|6B3C-buRm-r8z3IB)!n22y({6H_~e{; zM6P&e>wD&ph~zrF6WY4yH1mfxeDMhU5u8J?9NJsKUwKA6;v3K(@rdcz*yts#{o)bd z@W&&xkKF3`?tiAoBfL4f@rc&u(S`l^-!XUosd&W2qD@~s0^Z=oBmC_xm0h`XR6p6} z`H^3sUD=ApUtuE${vMw5ZTJGX_nyZi;3Xy=fgDPUMO-1UD{%nk{#m;}VAp2EBVJwa_zz>;&x}X>@;-2+ zg|Td4ZMna#kosj0B0tjO5f05(=h~<4F!6}i{_zOaGwO>+H1(WYJfgReaSRZTxCcJr z#Ut>i^iRF zLu`&;Y%f#&;Lbi@#?#Xs8ZL!qP9V3c0;za};kmu+W5^bdn8RG~`#L;zH8kj~8*!v- zObuy&JmNlg-Kw>24_s_F6JH?qeKa#3@qlj)%eY_l#xN6)fZshHYlH7PF{RWRHn4`o zfgQfPk}<484x4yH`Wjxq8m8hA4}fFL(-)60^E}KxIX52Bnih|kpAnDX`dh#|6_233 zoL1!ZL+JMZ2+l*J(R#+w#CX=b`o$n)h94US?o`u8J?q*8J+1fb0w<=JDchI+gy#!* zehAMGM~8a{@rb5B^q24Nr`>av@9#1m!5Yl4mx61aUGPrh5u3n?6ke9I29x+hhFf2~ zz%I>*NBrXc6hG;y%ZNuj^Of{?1bV=(s-I3W@rW{bN;W;<*UNqQIF5dc`OC;lSozvJ z*8`3nPG4_N56BjeIQ;J75!9L(I3K~|E8m+2@4)9|)0lWN3_t+S>h3f-vp?4W90i+knd}e@9RR2e2165(|E)WRFmil_|RBiJYufp z#3QC<#3QakR-&I+sz*Uw{Fmfhol87o&RW()a!&ThG|tcl_rrCxNlZMOY`Y8EKBH`d zC#T6at|i-M0MBgk2oDFPpP^5&Uv;W`MsuHRYY={-k4(N4*rMmW(|E*rnycaw?p*Kp z=1S}!+gz_@uEZl!wV#Mbq}P68Zkh3jxBer0JR)PBtp<{GA(*0LP|)V&|j7cchJm8B-d=D6^&a;V0&~DDX$mNDm(rRYytD!4sE4BunT#sBn zhge?;{G=2Zz87@*Ubdx}gcCb(ViG47pE-7rib>4qi%E#5DkkB@4!oE|DKUu?@Ut*9 zIGDJ^@mcQvW_(N9->kEI)TUw)Ufav~K4u8CRLy#N2 zcpe>Ru207qjQ?WZ|Mb^y{`b&1=r>KdPJUmp^2hVj;`@=8!KqiQWZh-fZq+r2cY|B- zS+j3~dw1f`DjIF=o(xSL9%b#m6Cc-2=Q-C!d>TJIFjkHqbe`IO4?jEFJoe*LgJ^?_p7JAU;WsfX0Lh-Jb->rJc{2O8b0wDpY(a+2|l6a6HoC8J)d}*PiT6| z#eCn3&%2ZBOIf#4t`AvB?RW33&!=7DEY+F|aDN%Nzrs3I=h^Y5fIaB~>!BDt^*A_m zg0)s1=bP|H-dt!UzsBCe$((7=SRCIywjnXa(a(}c5d%NqF?(v{(;w={-%ySAt|%^G zb^MrTOl%R{NIf^gk*ie=mi;969Y0jQ@wpEKyMvMi*L~PthwbS1Rjw86upg9H)!RFK zXYYFEE4T?>D}jUHw2Du`2|kg6(;DDZ&$S1qCf?&+oC}<$m)UbN;55VFm=mM-auW=k0?eZY zI0#-F_!NFU$fw}d#;1o@8-dp*u043Q1Fs#zt0Cak(4D<2GT?*U2G5JdJxgK9k zdv$|@*L1;axepFm;5EsEmm}jG{PV%9I0IgO980seMnT_WkRQZK^Wh(Up5*D_Z}@nV z=U+Y5>G(f)p0D`Gg{k<6`~ccZA$?MQ|2R0fEF<65%VW&o4L!|w6xcVhPKx1`kkdXi zY}u#Ci|&Dr#@!z}J@bC+baBp5vq$7r;Q0;Ku7P!nL9=maHUTYuAAIkE*1EybW8mm< zaP$PY7ZL1%>B*JE3W{bX!DQy^T`}wqc}@Ba~5Ab z2@F14WF^1u*8jK#KJ+>GP~9+xzbvV>?C(CGY%7N^mVn1KBQ5fY9bQ#;q5I4h%YKMw z99fm)udrB-CtR`vRIHcknC%_{OuL&V2&fVZJZ#$)OQ zFy0#djy|n;&F<#6+L|k@Cu7Vpx&hp1f!D3q*}>GOih29Ra!r0(oc7nz{{6I{c#T}> z-}CG%yc6TyZt&?OF);6b0sDuBkZ<<~?!U?XUhW42W-V6BZfo+^YP7vvYqiQst_9cq zesB4cl;4vJJxkukxDG4l!_=9+&i;(vYh$eK#Q592TspVTi3^Kz#u`0D-$xk3dcHr! z_m)sH_B8x!1M9ZeN+wv#L?`oE1%G*-SRUhemfXEV#PKEttZO(^utR+uCtt6RR}~pv zrL!hY-X8b8as2^XAlwFiFb4Ih{?wQH@!FnFED$4hchOe(Ah6DCcRG4k>VA7c|NG!z z>OTAWGT%4+Cp!+dHh+3bzg&#y6bI+80Ow1<`J0D@oc-L4?PRdX*S=FPDTVvYGjs-= zpRKsTbN%x(o>hOmTTWkBl!Dt6SR3&CX7sXo=w&Uefp;e91Jb|1gPV|*=K=4<;J}UO zVP1ZQQ?Ie8<1_qj@C5zT=;SYX2fZWBR*bVQ3D%{Hb?IhZ9&W_nnrB@bW6jcd z6t-*K($j65E$hk1^oAEobmriV!))zOkxfc{$<|V?quh(3$JL!Kun&^29=*r)#q9w9 zA0M^=&o!V!Xitm2H=>`$!0VyFOzkz$ zhJ4B8wClZF3jWsu`ygu)3~TAB~)8cwrNtv!M%}7a1nkR`o_Y&qHTggFH0-VBfK>C)S+VZj8`=X~uaG z;-gQY@A$_*kiPW8gW2U_D4V|2NXJbbRs zCl6nShrH5Hf5<8i|LzLt=_P1sB=TyJD-RcYJhsd}U-_u;*pxhU+BJK$Tz?dM8nVbk z#_+P*jsedLX&?S@f^}xRN3DkI?9VY?BM({El-;!meuw^|Gp$ncux~E@KFQJOFAw+9 zpXx{nA2Vy>{`5HVkb7zJaDhYTd7eCMa_p@LV^)p$5^%epJY+mZ9s&oyJnVrFECv6T zUTQswtR3CciLM{?WQ!vQWxvL0dmU}xPumITy9>IOzG2Q(g>GZeJ@mNCvOZ`(rhHa# z)*DZ`J09hcr^)C6#&m=+%^vIQhcb2`dpo^7w#LpG2LIH$ug8vQVH~UJ3;OV4I_Qu` zy&7^;B+sCYp7x-9vOTvSUpIWs9k*ymdvmI(funxBcBbcrk{^Tj43X>tK7F#skqx>( zE~nx8dFZ3;@w>)6M_ZZCsW14S;aR4y;E0aPGy5uX$2Nkyn^@C!WWx?*!=v~LfbFrzfbSFZ@l+`J>eHd* zZ}*0hzv~PoUpvJ3jvyCxNPT%r9{2m|F@!)wKCxSydP6mf|yh?qu-*VpZ?>O)H zHRf59zkY3=bL*ji){E%QL@c1E3V@@R_Buy>Z|T7 zvVy*htXR-jLs>kg$CDKv>u0astafQf zd3U9f?er12yAP-6Z_g6x8eedAjRtb*$RSd{QH}o%aC13unq@gTaaUQ%1hCm2w(Ks} z*Eyd>emUpN=Bi_E4XCToZJ?9LT-g#0FKh>9@#V~gcOL<-o87&9_tXFV^e>-ZJ8+ZD zu@#)vb*FNf7_T>$mH*?8rJAwKgV!^bFgWM<1)cuOGW(zB^#8a1{-K?I{a4dJdYb9K zf&O)!(f<>t>3^ovXCeJ4=DrkqT?W0bW3Gv54o|40FR%S|%#VB5Bxds5Xs7)pn`xix zmW=jSzfSw`70s!qJ4^dhoc1rE{RZG?!4oXn2hP`op;zsl()gF`qkXPd(Z0hEoczJ) zV&pNfRecNDrpgc1{{FS#M&kf_V`PRyqwy&^^DSU}^_q7Wp5Sj=dlSTKq&u4Pa@96G z;7o1DX}cL+QTqt@avrMU0BZYRGTM$UV$UIMt5!plcD4Um_$)f9gHEJJ6jQq>%s%y0 zo8X_?RGp#5%=X|nY3(gIxAs1o(cVD(so+3%{`5z}p-JjD5jvr!w zt^7HA!F6P8{CVfM2={8SQ+jEbb`r8}udBa8x)xX8$$$kZJmB|8}$MuZ&^J<+ObSyeOjmVaV|nwCn1xKdSNRuRI&2UD3R9*VFXZ z>~qPgzYeFr@blUA*YVKPaqgw*uh6n=$;&ZP5_u-cg{6^d73x0Fc`E4WgD!*x(kA>^?%F!`<{yt(`dT%9t z(T{vf@~6o5oB+R({q5zzYtQY3dg_nYp)c3vxqIXseK}JvHf_PH$}1S}qu|tI;L}{b zKS90%{KU&2EBAC&+B}}7`#HXse0YpEPNP5a+&@z1M)MD6U$36#yC?Lk(a1?n=jlDY@u!@D$+z%ye`V z9Fg3|r_fq=@Jd^Dbx`M;H^C$H+fOgBRo}tnnYGB5aK3yA=+gKSVnMs>uZ=I^sPQGN z22ap0G?obZd=%Y6w$GOsgW;Vnz8zzX7W5Gq2~J!XN(L{+r^>o##?|NF_g0%?@RqR? zCfci&BRC%%;eD+s>$cl3cb0)?ejmbX zY>+_M*&}$EaT)&+_nzf@svY1Je?F94i(Fod>{L6ow9|n6mYi#3+|tAL@Qxpz!owWS zs;dgIZ;|y|as_@L){nfbqg4-aHU;aqRe4!i*6;5Iv3^Av>(>`sXJ1}5dhgj&(9=IPRIy93Fp z+xBIbRiEO0i+@I+?!3s6SKpSr8k;V!%7e-1q@W|Oii646lwdMG&G{|Dy;}Iz5_k{% zpEv>ji^V>9RZa~_&g4Z`Zmk+I(UxDt*o|4_)g=?*8PuFK{+11{yn>H~%-MEj_T%LA zg`ImOA_h@eam@&79&UJ3UEZf`~Y3G2;=jzWkH*`X3fx7E9(SD8G zGjHAG&kQ)egk4^&=YVhB;=n$aF%$sb9M(uWStXlEmGTrxuAlq{6o2=bg{##Ek3FrRjGw`z2Ni9B;V z&ouE2dfDg-?%&S6+k@7VJ2n0n`^Nw6Y~y&5ae$v1hmmDmk8;N$oO_zFcztY!PW0SX z!I`lXxntSIbMoKi8vmZZE@Q5Vd4)F;lh{OTi~57H9hJ!)_fntFN53)X*P+>o_7@nV zSyRRoXYF%YA9MqFANmq=eTKQpx2QbI#)7)O*`-$g)J9EpC&0<+k7Q(|uF#lt~zo>|Pw(y$( zu&xN8-{z4=$ZwN|NzXm6;{xVbXoX(z#;(3kJWr0{FzZ^QZ)V}Q&5C_(zQ%rr{aXIm zbxVcA-^Ej__^YO`+4MDsz9yn~O+xPqyX}!H@lY7O*vu8Z44-Q9WV@BTg?C;B=6}I^ zzuiPG6YrjgAty}yd#HT@a5wv0+R>|_o7g5~1aM9~5lR++4}bDR>q!%{<(-JjbB{5n zBKq)n{Z!hXOuKR5r!#9fFQcOyo+)@l@M}i#YsT<%9$E8N+rEG`V<0#@qTH|_lv69F z{&7DXZUPRX55=##Sl{j7NEc(>4vr8f-Q~q#53#o0;LZ+kq?rW02B(|+^(bAOUI0!n0;g{Urx#ZyUuRBl68Ch@18_g7=cVf~ z^>!oF#EeoCGe(X>ysk2tSWZoA@*5K5KJ-xkJYIfbnhn(Z7-yq_XRY8^p6H5a`t(|- zM)s-LDDq*7>_odi-s;?I1!v8B<^Hp4oO=mixE;KH7ToQkpH|@6gC8hg{j~efK+iYy z+tWG1?h1NmhUc5uelKUYZD(vdXyc#gtE-xt-kj-njNec3d=F#m;!K0SF*|K_Jw`op z&V)PFG|V>bR{Q7WJktoD7QZ(2K$&+}-G%+y@$fxPJFC0M*?k$9zEYX&im@ilZw_mJ z19-6xyx0csV628uR)aI*lfNQ=w7kyl>pcB7*hhgm7d|3S5Gk(k7w=Xd#sJQJXmRDm3ZDZmse@sHp9ovyPGY0C(p|6 z6TjNdcXJ=OMV~ik1hhmplE;t!x*d3SAE`9wOD)lP4Q<%Z4?-J9_~c#ry)4yJ;mpJc zb+BHl!;iWVAD7E_)owSoQ5VljCsVG1YOU(rh8t&E3%d?sSJEc3%ADJf2<9Ex#<>mK zIJaTHmDl36E&rYLo~x)Sl%V}C+IH5TU)jDd!^f)Kb2yva z&ratvOny#eIDBjre2m(^$JqyZVm|Vf`oAZr|J&1ap?$pCJ3q*&choy7Nc~pE5kOvQ z3_R1v6Pz)e3Xb8N@DdIM{^Y)3z)f%@jdVO z0rp)XyI{P%h@7nONh{e?KHQFQo`Sy?Rqq(;n9;7{8QQa70dMopUyO6_6z}vf-e|kO z{Tu^J?EhU=;c`1lJ+wE2&RJ8@QP^CZ7iI3jhpNF>{2fk?5N#cA_n!&W=ckH*mr?F} zWBwgyf(#@t!GT@PS6|i7pOh31G$E7G4-78__9vRg`rzW?z@z9&=nuv=JlWqSY;^ZR z%f2=E_JjU)5`IHpJ-i#d0-fyrtl0;E8*udHO}A#|O^aUdd4|12yl3Prb-?;?!{x&( zz|WQ7=PK}Xb!Boa_?d+dw@S~Bkav@X54ZYt$20NaPcjyd4}XI1v3mIMnzQraxjgIf z;n{rm_;45VIspF-SUD+PyaQhR96Y)n-r4B#;$xlgVfe9+7aw(aaY4u3OH#bp%tLLf z-D92b^ep`Nt3&Xqz>B;0I{Y}Fb9DOnasJmM4nH>SJN&q?<9Tpv0Djym+3E4)?!BSp zAwNInx{&!Ef~UR-KR%}QpMX99j^6=Kj=4NJ3QvBU{FnpGy_2~glrPxTSMMf=Tyxrj z9N3BsK#yyc9``J5$gbJ!_P161pZUH@J5l&a6@6Agn_IDSwkkh@?^Wa&h(_?C?W+1y zz>dPd%ckNlgNHAHw^vns2wogWHtHPUJ{}J4I6QpYXN(WD)%ZXM;NjOr(s}qJ%s=up zK9G=NNQ&hJI>N|ZE#9wKu;UwaWX0F% zXEwaeAG`iq033bF7rUlk?SnXzzfE%8#I9R>v1|JK?wjfT4dicYcsjekZ6fdEZcEkM zm~3iyUXqGkt7cHF8k=q|@_wF`?3xe0mvddr@8kGw48KhRZxr8s6jg zD&ETx&T?;-+L**M;CLzTuI1gx0{8;>Zu$!I9M{+IoD-W2448Y(p7LZDFzW_(%F`b| zz#>~cI@Si> zGKaPkSD{}Ip^s`SId?eyEVhz2j)E`EBJYwpt7h=c^nZf&o>zbkx{A41u`hTP_A7J| zV|`~!KLZa|KzH)5`{m3*e5%d2OtdFxFaHF10`&sK@4_=f$!R5=SwuS_)({_@**8}Q zT;rSx1|I-7G%W^LZbD1~mrJR=NQ1--Wec)Gd)~LDR0{N)O z4d6NO$%%F9JdWIs&vIVQX6ja&=k{G-H}YJQo|^$Yf!`ADhjZDdI>4IDmT&0bgnoMd zJ*|5b_bhTyHCb0%T4?Y#EWP-h4vX7Xa)W~tz&V7hQ#fZ}xSD=G zHltrZ|2)Wk1{(h(@?rgHByof^i`mUVcb*zL76CQSb7N>cTYn!XERa&UA`mKh_so zryk9>7V28R$FU(}*pg9Xiid;Bof!_F?Cm`d{-BzA@cV|3*y4?f9mbF|@p1Ul;F*bH z^z}N%EZlF;vBT!f+6nd(=fBy855m!@c~*Nc%NE1qd4DPNvJAd*JM<{opNG!~zembu zkpCUM!sr&FDQE9Me#gz^$Qb!D3;57x1bPxb9&Y%YNBg;MZL>nd7mpz$RM%AfD*sI5 z@cPpEW{a^2hOvikVqxIO?L+gAu%9IP9OFC8_&Rc}|5$9DcXBfKBgm^R{t;Bq5ySr1&g(anz`Yo*_J-ZS~Mc#ZOf z@NL=3x71l0-X7E*@(RMS0@uEF&ot0)E3M@3@UakE*&}%_AG&<(7UMAWL+1li9CAYFUg53|f|_$Xt3%;=p*z4-l7=?uS~*e~bjip%h&>_8WRrcQvLigQTE4Vn0f zWgj5VDwRjenr3ZxX#ewG!i-^q+I|B4kv2_!06feaZwccy@%uW)%Ck|%s~pKV`eb5- z&sURWF0+l!Fs+|oXchg1pK|lfXrnYht`_{FoVhjpH}QM!c`==n=oBaCStfq}D70?Y zG?-^_x~GoXp6$75{xh9fTLxa0gIC^ug0S>zYnc5d!Du-+#WT9E=a#Z>%k$49;3>uT zT04vH4e*!4UyvHeR#G}{446dW`Qq(fd%sjI80n+5XKFMf*7vE}&(_e%54E%5zWA|bU z_tVc>_@v^nh4j^k{o(lo_R?o#jqDMt<44L@fetigZ>-bND|>*m+1pp{-yh-l0}YSJ zzP_!^WBb=he)CcXpOm{;G7@}Q3BIfXUshwUt#S4zbk}36HG#|PvCUeD4Q?PV_#k@} z+SsG8k@?b}aEKf}MO^Nc?9wdvA_3exl;#R{T-06)pmjQ7fCM=V*nv#-I+ z-gNHi8IR|N+DU}szcsW zwR@CpYD#^a=kK(ZCky4m#fenR`W++k*2;}$@kO0BmW8vuk?S9 z10&gqTi`ES;Vim10oi@Y=-ymN+j4W{E z?r1ws-eWEN!t)Etk9Qn7K!1HXEnNTgUTF0Q`W|B}+i%%k?e&t29oZn>{7IfU!FUu? zYQe9dxDxx{c59!Qeyh_pGGzsQl=Gf+-y3=7Bx}DW&~SY<&rIdMsk<=JX?F?vCbM|P z@bE0S4Uat9eBDRvXV~NG&vp2^=#;Uj7D-7FwDJVB0&hw@4G-UozpWGgeF$EDF+BVT zJp6fh_>1uHm*C+q!^2-;En>udnD40q){VYJbA#SzHqco271-M{#=2NzrJuCD*}x=| zpKE_#i;tg6PM-d^WLu@n&mCV~pyT)aCcUzhx$VcNUkSd~vR~Pe`xEWuS=KyGf2sY- zd~a-UqmD+#do`=Yo2h3+>JSLx&@z&sz@_cUL zRd2ObOtGGfFvoB^d=)+$-DnX@FMuz5=kB`uh!?Py^r1Y)`-!8GW0mY8jurkr^!*3k zdz1Hj$)oV@<4ftnr;-`BPu;(Y`{W;G<|jFPy1@R1*6>lrQcWF7aMm9ukGOL!XB^R& z>Gu`-Z|6I_GRE4(o=5g^(8BLJAB&9(Mr|HpzZEDf4vIlyx&xv4DNg5 zc^|c|WiP33^`(B)huZhr_UdF5m|TPY?Rs@G%zbS0KHcBxcRI4T2cBc@lUtSTzVa#X z&Fm>a<~h&#YZ7IQpM3_7?l94QOJ|;(ZT#>i*#f5B&i?&Nj$9=>3i<2Fz;f29pA2lv zkbzu(_s8%RaOgN=7)S;_#4{&=?>yvAnhfMU{gzDzuIHVT(1?+NJd;fZ-p4aW2KLcq zYJVv*u&4RD_w}nWa`+O556DI+DMi-t=j1UIkjLQ9$#e1;Qv87VrS!?{{T*%oj#FdO zFLS@I{&+V{jxjG!j;&y?(LgmuZeV^lBF7vVR_OW(i#kI5?)gYejgj>Z@3tE8*$MgIV9RR^gN(uw}68XzJFMF{D+d_MpN{}~^c1Jc9b52+3aBHEV#f{*> zCL`}tw0KZ8`pbbwSz4^+JspC@w&X~Olv=yZ-(Vck?I4bv8dB;`g zuhNaZ_)-^s)G+zL5%Ph*yS%OWljP7Ivy^S zflEuIyZQV(OTnc$_&{7e8AmTr{&*^0zuNKf$63F$Jp=syDc;M0eq-EQpf+|?njAw9 zUo-b^-R$A4d-l0MuQ1BHx1vkPrZBmcPHrJNgrn>OS2euQeLHxtiFvk@g8&VeZYFnW z2iN2~%V*i!dqE!!$8zo7k5S{9bA?TAA$&i)kw5y7@6Ds(Z~elxH{J1+BgeG=5s127+0SIuQhZD6G$oXrJOP?q&<8Wor0f>8mr3vR zPmH6ypTApUJx+T%lVl&U#@=4)u=ZZe-z7VH%8Tr9`Ox&Zj($VuyXUjub{lo1%kyo) zWeK`y1Ud+*_A&dBH&bsS2;a(umiHH1*Tz?2lZ&qeuw&;FYp|>*gU}1{rP0bg83+ak z1%t7(h}+(q7GDi9=AM=4J~@G`b<$1+3&~B-w~xpCx}oD|-E49*sNc*pWzd|)y$?T+ zMUCdiPrlvuZh76d73^OafvyjZd%P~}<8}Y?m(bBX@CAMpfPY2cUjg`+pWhvT-$kK^ z9PHI7yeh|^OU~~Vb zuP<24{)51s`B>u%?JdaYXr0dXadJ8S>TljO zbrK`h!1OBQE;2xQK+1veWKtdP*4;hAj>9_=z`TnXwDx93fN``MI4?Ul+4N~}>TI&< z6=S{d6(We!jZF_jh9W%P8h^oesG4leES^c^7`k`K9?=bt@KZY$oMZm{`S(o zbs5ZDUjOLX*JWMCToem3`SgX>la(W(KjdHK#rUcDtj3R70}Xn$TWX-`@?j4BmDO5y zKJ@38iT*WSkOeN_aH~~QZf{}T{A>I@!3CUb5}uZDemc2Z{xue#&^rGRco^B>>QTU? zwe;2VT|J6(M<4C4M}2<~FbQSAWFYy|EV((A{G>7I=b3N5=p6K9;5~hqvp>Vc{?h#B zj!cq2N_E5(AB#N=U)qcA(}|4;9J+y%YS%}|>-fm>-nN6B2O`;`+7D6mXuoW^L^+o5 zl)>uJ-y+8+jvO+2wDe`_C)tuEh# zr?s44{wy^Uu?Ho?;%QAzw{1c(m%u zR0amNH;*&+$>a;2n1Q|Noi_j+FY^4zuKpQWPMmko!-Q{O)H%7a4nKc(^_oHul zwULIJnAJf3>E6fSMFsGOA>ie3@NyJ*IVP0+_@CVRWx?~Ec&ESCgA!atB7*=fgv=!JP91hHzf{@GAMKTfMvu^jOaG z>z}vrqYI%&&Sy9ANZBsXo6fZ^F?AO#dm*`H%B@S;F4@}6mbbweN=56V_{?+TozPs3 zJKo2^5o5bRI}x6Z(yp;xkjDvVBBfhopUbXh{5tD0^!q&e3y-OCY!}+_>lPP)Z^yak z*)CJ?1Ei(3hzxiLI)- zv@ziD1=cgQ4;;DO=R0-w@}#fnaQoZ9Xfxvs&xCfNf5U6Dz+XonbL}}9V<}@S z4o;nC?^Vv){DE=G%%`G%8|v=?+L2!>{vdeL*5?a6)(+mn2eg+qp5y6->VBIj~6Ys*<2y%+5~sr7|dX?=&vw_fg#@j7+* zdz-|=N9m>UQu@;b8yFbBA9E>f4OfQMh`_U##+cH zU<_$^y9&C2&nbUTHbZ!o<~rJ>NEV{K2d3I`+k3-}WdU zv4=WZj@)w2H^gSz<<+NZLT6Gv&a`|)t~H;3C6`3!MjWTz<9vGX@$@o64 zwC2J^ZHd<2yv2n{EH5ie9t9?ck>!)uPE#Fh#bI}O^<@^N;6 z=W_sf>}r04+--c{UFCi7cp7-5@S3^$@%p(J;gfS+xe8yCT)pMDy$j#O2Ro3wtN!Qg z@@|e7kF6f&_-n6Fe$Vi9dG~w#wSOQUoA1cGJU+v(;jeuYe{HXGFTyjaGh3jaG(Oti zKR+!1pUnZ^!zQP3x;+=1G<`M(U{;$|;_`Mj5{PNCNuCXgL7V*)m7>jt|0Arag z{rS0Z{d`zQ8H+>1k()ysi!)>=Adiua;NDUVZl z7(sR$-n+=-z2og(a=qlo(z>PbnAmyf&*!J}Uj23mo*-Kt9ut}A^4>+x+8Ex;x{LQl z=Fx5)cr^f@v8kJVM&1kGO5?p;i}x;KuD$4lhS%`v!E->~8|%vj-weJEh-b{j@LqQ= zqA8t~Bpmb0)*kWvb}!cN@?QP+7_ke%Wf8oWwhVpx+7f+!$Aby-IGa4W1(=+X_X2}7 z-plnU!2^BlIBhD&c>s9y@!rlpc-$sl;->}X>!*b~UV#73a`|ty!+)p3e}8)h{u}#V zcK*A?{AF)In3AP#bhBw}SV7%|b-pE?#?KpEu$jfo z6n=Sf65e@+u^eq~;QXl!nUl|0z$s#TQ|)$gqB8A`e)GBRntt<nA5a>BlEzuU{`)0zUb9;-Ayrxat>uc(52I49@mn2 z5AV)yZ}eNo(+=Kr`Rt9@$TQ#!JpJ9;8_NZkGuRui+~mT<(F6LyWCJik=B3W2#okCi zn-&dvdNbz#=&H2{ls{`6eOTkw^~*ZaqdpTLZR z&sxUZ$e%af@A}6(z&iNhYY$?)n+F*0;lgx$D90v~ji|j$dHgMAA7E*Lwa~*8<^O9x z-a_V5lkegHIW}f4d@7%zk-xp{2d!mq;b$3JiO#zcPGwmmJx6ZT!Wy0ntG$RIPggiX-t(WLn z^sIHLWF0zq&SGv6@LD;DQE;$|Pwm-`jM?}b-uN%Rx%_(u{J)mL&;9e! zxU=D3rRqnyeBY_9k=N0{I2+t?%7-ahS<2@o=wv^5Qp%jPANE|v-Q*khf4buq?dadx z_`BrM%t7MM#~J&%;LjYMKO6om^o`vwkKQZ%sbCC)!JkWb?%m=~sc$Zs_)`Rq48*_0 zN3!8hjVs%!Z{XHu$?NEO|Jh;M`%ir|86E&1-mCHabP(ftc`)Mv25%3)ETu1zv+Ks7 z`|B`=eC_pQ%&#QJy1F>mx~qoviVLl~wgAH#^7*WqNp@sN=yCZ)&Gl4rI^F9Kwx!8+ zfIp<}|I_%?eM3m@e;z&UH1epgewONGbz@(c_!M?_be5HjRa;4~o>n`#+VY)+u}{Oq zzGBpuh*PWJ=vTZrw6hQYS?bh0YmKrGBHNxpo=KMz-|}+Q4ex4lo{deR{Yh3bfnMqL z@Axr>+WF)+7USQGOmcXk*^`d$tN6Nd>cdk)$zh*Q?>n1+Ju!~9;bGnMA^q_VAME|H zWq&=Zr+jPT!E3U?|GxSM`+$MP{Kj(TwwY74GpFAA9M0$t?(C(%$O7crD10+hZC2i2$q3v3uEwu1&ho~{IMn~CPUrmV&v% zdU{=NuZfeZ#_taLDd4(GYss9uf%jI{zMXMISSyp4$=O*|s=GbT$@iGeJ{>Q2ZyoWO z1Z%0CNC_4r>r# zEwnd8>*dj$z8m~$a`5MCre@wnDIQf*1peR~3h=)4ieWpfc-iD9BPI+_}%2-kwg2=_r*i4yBcV3 z@d$_4Ego&%#o8EKQ0wV`*8jb?HqdTK|69 z6kSHfcw;XzwE1EGyA31L-t}PWAB(pp3*0r?#+ry{-vYeQGYlUOGbjC4%Wv@MqgG7; z`M>uWK5qE-u5osxpx)!_t(K2(7Xu^Y!NOt}M#aF0^_DznwbJ?jQR}%1dkb*Wn$zws zYau!L1&+Kh*SB4ty0(1(Qv40u?d{=x@<9B=&;K`52eX_#%j8b(vU0DnOF8>TF+1f_ zD~I=@&z!B!S4uv#J{uaGe2B2VQRr7W?w%a-vdM#+47@H*(NY*XP|k83IhugSo(*0<`Se-f1ubbUk*8;em-}qjtibi+V^QFx z_^3A)4`x?-FoQou;jw<1+BK{4`Y^ojIuB-Uo5JzP5ZWBh{Gb`_H8L_aW?e71J#+@R zb;Uy0?{@i=hjPd)Ll-H%W@nh)y}4_*8$*Jg?>^AAFo0VdASqq$e~W|)s>90Yq*z(Jc%K{%=7$q zJ2`1yAFt3yps$bC(oawC-v>CZJ}TYX0j1m%7DJlYHo zs)VJBZ+?RRueUjTAvK>mbfH1a z=XgJRyI~Ky*dF`@E7l_SB(uxWF|aT z^x5M&i#*tI?>L)Med!=etpE9AGSpDKUfzJzYf!Pn!U$3`}zB1 z_c8W~{JkQ7m0<4r{XR8_zSsHsj=DJE^?#GmxBKW@u*&RzOGf{tx@PVZ`O6&72L>^o zTHknnlQEum3y%v1(SN0{|4eusHt8ai<4BMg6qZg!QzYX?gQ zOFq&^=c0p4+_C){xEQ*2=^*f@KDz#IAO0NA^q*x}ze;GN51$=>@pBXLFM0l5@G6_X zcrCd3n=AVKBH9Dy`Ha_s_liaA#UE7(KJ2DF%kvrT!?r*lujR9hoVxFG?`-t(>qq+Z zg2TS~6&d-Tz8)hAtS2q_g$sva)$q*7pDD=&S%ygJyE}>@B!U$uG1D9e~I*y5zGK zxT~FUe=ys)n;f0=we~)mHM)FL==xuIgI!RMUC@NDZ9P7q7Atvd1Ad?})^7O; zdV7m@&KX7R^3~402=D0K1U6F_ejGg;11HqRX6?&wxX8}Gh58BjeYE!;9Xh=(1bV7! z-D}@L4!qp#A?3HPkjG_er}I4wO(f81^QeJ80o~j9nd-SNanEC8zo@BK&TlKtdwCs+ z)znLa--K7a3^j=%Zce&E4qFUFh=Sukr&) zm%f$uOk2Wfw=J_bgK^!h^V6VNwfW<0ZK9K#HrWp)8>EXi4}=__*c`82=q0n=ssh@@ zURJw1vbBr8Z`x%aRjS<@+U56YUb`i}c3Y6W8$!wPd9+*Xv}Lp0s^(PTa67sf{-e5kb>Jm_tgy~* z(7vm7)`Pn7jnqLf=W|puwzrhtddRkWXW84)i(V7nLyP#Ulc{>(&}ia8=(UZp zZnTo8Vma({CnvtszYoW$O@tp(d)!T3Xz}hKFzc>n%yUD@JMygEny28jfOSo+*FMfQ zn$J2_ur>?mS9`B6=Nu%~FghyqxYkg<$JBb&<=7whuNQnoJ{Z$?Cug&`>lLRSb%eg7 z^c@3dQtK7WGx(Bqz1(|FU&VHe9I4nUc)}XmS;<W~8}D7&;5z3+yd-Bc&vShv&-=%3@W~xt z44POT(!M2@D;&LO z035x|CrkbMz@0_?{fiOSECw#hx7S#Jd|>_bUBBs`e31K0{o~8+M%KXiduL%cGsiNc zPZ}Ri3jRw4f7XRRb3Q?md<4bkjlUn>8v_sG;K5b+xocF12sqfl&*SUjJ$dXu%>(x7 zJ`?9$L)Bi7LaVWI#s|D3=A3W*2!@9g+m~`alwcf%MrCKHec2cKRQ$oLU6Z4~WW_u8 z-as(lvn4xU*x`e@;Rl^gJ=mMd;Rl`R^(cX+9%%xcSevl2?*QvO4WU=PP zXI+1}eh6R2TCcuQwUt$_|K+o9wVgtq^~8uHb^7-nI%oTZ>%qTy_)F*0M-#dC3mDsa z@U#V3Zvamp1W((*(~Yh^(pg~SOZYLy{}f|;0+>Bb-)bLP5FLDeIC-vyCWO!Mk?I`# zI^Q^AY2yewe%p6Aj!YUq$#^x^L_IX!#MstD(=Ck8*S_Yc^E#v0V$!P>OHNQ%tIOkM z-W&^<-w@_GoOVXh&KPusakN{^HL{{*b9TPv=`;Q6S$8_|%ERb0{&=@Jw}|zPt)P#U z^s$OQR-1lz_s$g0D%d#z8&kM}4!Eo8b47M^E_hW6Ud=PLms_i*LJRYGXUKhzOV8-7 z&zDZI%jkgRIrfLZ6?DK|MhCnKc+B7reIf#H_H>HppFyVp=Y*${DZ)#`+dCZ}d2~7O zV4NCnVjAO};*3{g-C}rSen%Q_TueK{gF5_J;+eFkxZ0_|rXG9|@#;y8x12TwPvF{M z#yiaZ@r}qEWQ%H+MUXcEY$9x>U0w~n1Ja|59i76&-m!&@%_QA|->)R!CnwDJaiQe< z`5uRU&{<49GwCv>K0}48kCX&#?L(^2bMWUTD$Qh%N;qM6AIV`JmZJAAJ&3>KYiO>huOr&)vl?B zkDT~jT@JpUMgQJawQr=M zi^g(j1-igqYOPvY;n+~Jmu?lU82#I!mAV}JE_^U4T7mwu>EF4c6=>ug>fgIm|1Aif zpF#g->}S@$SCdcU>ECzr9sS$9GZ_6_`9l8j|G%PtUpoMfX4Aj_fA-&iALHzQn49Lm zN%5pc@fCPyHvi2qVEs<~H@)OvNDs{P-(3GE=tw-gI>%me(D-k5Z5xFD<|OTzwzBwH zj&Yu-^e?sf7uniG?;6N|^K-A=EPkQiiRR()YIjDqcH!??{Wtu+*K0S6|K@wL<&hg| zw=`S3$bo_UH#@y{v-ofRIEnEhm(=bMU%M&)4RR@~|AyZmq+P!c#n4o`|7KSf|IMxe z{5K9iYG*w@-@j>}AD_%syzYjZYL^^a|EUH09JA)_IhQm%BD>FmMLniF0ot8@6x&*!-I-QyqVn zbAIUIvGQl7pC4-K0JZ>w2Z2Q!Is&yLv+4lBTru4v@hCYSANbk#M(PiG_ zJV<{3p?Oz!aWM6M*M?AXJ2j4sJ_#-fht?W>G%sBr&457<@BO)K^GWdz;*Y1>mE;c{ExmWDE!%Pn_NvdeO!1uQGmUNO)an|5=X4$zfakbl8)(d#`s;+) z!1}A~tSi5po$pM^)K@zl`)cRN!P!^cYpmq4dh9695c2G-1a*G(TXeaFZw5OIeDdtG z1b7vLH_1kGY?V>=x0GAS8p}88w^5`IBvyjQ;B_u|oYUag1?Oo!i)n}Tl~2{PA&iXz zjuh(IkQ@5}C*CGM!Lw7v%M!~&=IopB;!rYD7fN3HM_0aL%PnR-JRD2KawK1og{fE$ z-{r$QM!Tjh$!xc+*c$k1eJJ^J$!vJ8?8BRVZKh-({4`8E^6BO=UVS%yU4DOob_cR) zQueE27<1hi#yq2wAFaA$lF`$RpJhRR`}Khj`eYz-BAfkMEPRAV4P?J&<)@vFZJUj+ zd$ztmhVjksWXDC%=J#Y^Hhop{@G$34`t#c)%az*}W6tqK*wwd!bI@gX9k>Y&E`hJf zuGe?{uKRjk@9CKs_^J0~?+b^)%T|jsk6)eb`jx?<0C)y&wtDun!OcbBCirG>6MTzt zT_>EF@8Z{7@M|8paw|9ie$+_c0{_EJ0sEQ#2G3g4bWZTO8#+kg8Q+EDANAUlztn3J zyp^pzQ+Ng~sLfs3+61pmo6wN(tcx}eh>rOEI}xlL zzu>=g2h}n+_{(==NAY`^@E85UJ0sn(iyR!uia)_~!=JY|4i10r_VG50fA3X1%-G|( zg~WOrUYH`@Q4c;f!SB|COD*8i25<}=3LMX7kC)K5-=5W4`EAJT9>~ZtXVC?Z`p7)R6KlcBd@vu(}fUnv3+o@{Tzd2MqZcHklBF37= z#k=5FUGT9eGPW09qWuo*$Sc#@C*T9RCqJN`b@uBCrY^1p-Z5)?5Nz<%*MAD)+k z=acxW#z!0M^U>bE4?KsjN?%mpDLk(}1CMg=ok_+?&wA|%-|X6b$_-PzQu$WWiN8k21iq1Q#g^(g!fp0>-fF0|JP=HPq+8kU`F;t9k!a?ov}^NpRD(yi_XFO>@vgcm9P zukT566vV@nd+F)!-x*F{(3NxUfa1}_-s+tDwTwf&LixnAtw4+FMlVAjyB)o0FZ=s* zi0zv56BuI@p0l}vJ)G8M@SS`Uhb|2vo8URdhG)!O(17SGJdb%!QqD#0$$w%Gr=e%s z*kR=y=?)egxskKg3*K7)^+Q%ci^k*Fra2vb?H6?1$N5NtgL2NEabfWcu)vNnFxUZY z9uf?o`%YjWe?liTE?yp;&zSiANx_5Pqm1`)7dAD_EwY&3fI(>~dJghO-vAHQUXb6$#L|#)TX=r0p2t>_ZD3?v338F^B|LBBS!bU- z@n4H4s{YB<(5CnOO1?|(rSUoBN%gnWTk66m^PJb==Kxw`tkkt zPWnms`iYZYw$$sZqOY&O_|S{9+dXDD!+-N_1+h6C%@!ba%66}W5Vgm5rLKo?E915FTT7S z+%17Nq=T2jKRh1)aq!9U-w(BaLN23dP<$o=zZM@Vb@vY9&)*|oMEClT__^UjM!(`Z zL>rMI)YE0o;_>p+Cy+N?Yk)sFR;Pzr57lyRLjpY94t*TpZ$I$sL?%M71`Y=#*H*!A zn~-S}l@D8C{|)m_G~wfb4^Ctp-np8Z%Vw7sZWS-2zhcJF1?)Zi2(JS6^r!X@GLMR( zIW3uOl-yHx`ft(KoE$FB|Dlb)F?zFSk2<&|-dif3fqW7jnEae_@BC^X&c|}?l1buk z*V=1{7YDVT{5D&7xyi-Lb{8*KxOj)$ z=B>SU&5U35)Ebdt_uo@<`gY{)EUvf0SDLBAv6Q_@;yL@^-HrUIwno)hVj1Wg;T@YE zcJwAI6;t$Ihmk+&*OEbb9nT8C_&ms`U#F6N{`^1m&F!eq79Z4nn3H(Hxz6YOcR8PL zx$|kwGM|luo=TP);ep0C|auGbq)wx8!+PfwGK z@%m7Ex~~|axsMK!d0*?X*|KJ69-5El@&TULc+-3X%;Q$o#o-y_6JU*{LrQv1Q*8j_KUr>>92M>9uM(}$hj3oB((rokLg}yD z7?bSmdgO@qsoW1A7aY##)3c}l3jFZ%et-V4)vgewuw9J_H>e!7t5T2Yu=~`aC{qXsfsPyqz9jQ7(b8C9suN7iQ#jH|5v|e#lwd z#wMF=KTqDI;*zoF9UWpBJfwNL;6Qyv;1HC)tM(4Do<|%$VxEOZF9TjnxPLpgY;P}T zIP{*+-|(H?!Y%qfX2wAd2(VIpwgj}Z@-uI>wUZ0$e_p;@|Fz*?tC-tr+3c#v+wg*C z!zdm&fqgNjz~!F0Ap0i$d%m2#F(!vdxQ6`j<|*8d^86ys%26y*@g3QR5$0V6AB{rC zrQm?_P_$2@l6?^P22*=9_OeGK;O^0wz&?g;?9rISxV1-Pi~Fp%KSR%MLI0S;{*1ls z&!}|wXPEccpK-C?V}Hh4XhQzS%)J@BZ|b2U?^1g+O#kYKy%~Gio3X{+o3Tu}y6nvm z@6^5wXKd`tKyJ#;tYtm57A4~2$O_rBseKvc4sWU@&QV%(oqg|(;3zyzzOtTj?A`Xf zw0#-unK)|pWvpjyv@fHD≠`#V5;wNuBm(!28U;j18i7cVEVXmg@fZRNY%(N85Nu zIlLSBP3>u4#wKV``!d@3)Nk6Cv4iKdFXK^@E5EDi5%%9b#&6nx_XMBSA+wi3c6an? zuKoKm82h%lEZjt4h8=otn7wXULyFxxwopYCC*M5LA-@Sbq^PsKy{6Q;` z>c0J!Z|otCvw;5KYl^XpuRD5fzTGv}AktGkM^NK&ZJi_4* zPJVaM9Px+j`zx1}T>Jnr|1!ISAk^T+POKDgX|mRv^p0ZOgV^#M!!+KH!tOZe<|S=OcYzj0r@^f~I)pbw<)kA{CX zpeM-RAlcK{;MhagC_e~XX~1?0vo;O*(;AVxQP!vgx@&;H%SLTLE(dux#`nv4=dp}F z4)C1X)tTi9Z~}R5@^MUGHBMib@Sd^lxj%;Qapv0yt!v*vcnA3KDCckGTMr>~j;6(? zXm>MuiDb9r!1fZSJx6!T@5nXnS{Ht(G`Ae06lGq4ykz-i7z9agB@T z3$;$72lNfranBa^ILWsYQ5}!#hS&k-x>k8+50u%_(dgoJ@JZH4xcf!uNj74wqw}TK zcnR>Y0rrx^OMthduUH*FW*+i4DBh66_+>|{eo#KR_zL<)j(B2)@JBHVM@GDHJ@z!u zZv_{yr}1H3X&(X?jGqTQ5Ra4m7XEEh`;14j-orWB^^#li5vo7sbw7f?2fW==%Q)Nd z^9YxO3xCi14(&Sm1ZRRC< zz%n}OI_OBcEjW&z`C)@2;=2nzak_1s)o^_#txC5BryU#-{ct^=u`2#j^Jeevfan6= zZRB7EU3`q->k2**5~6dUGsR1aVT$g9l4s@7M9uh7c{)k4Xqq= zY2}YMoExpYPQJ#u(#qs>So2@0{dYktKjD2ptr(sJEsH0~FYoN#4EEzmA0jV6^cLp1 zylglz*Tsox{c(bY?2i+yq4H|dZ~~e8@6_iVEKamBm%-pfQ3g(=(fo~t1}C;?KkN7_ z?5*rGjWLcmV;cx3zIcu}@%eXv6OUXsc>ejxcZm~oGH^nC-j5@hI?emOm9EqL44CZ$hHLEwlrC__@MSjsJ$+5Ouh-T{~Wz3S}yxG|70Py$uV@YZsyTt%w=YMo`P z3lEh;*F-I#Q`PMKW}U{}A38nre(Q8`j=SHwjrHbUWFz}!@dL?jk3bVq@GH$v#QiYO z9wk>)`ljkH8h;VGzHIi}8TVf4VDia;f0DgXXsJ&hb8<*pXRy}DIkh2NNac{+$~d40 z`HhYZ!*4_zlJA4ak8t(9f{x!(_d7wG;u{A3^y9}t!G1e9*tH0q5!gqOuSWmlQ*<{$ zcnA&#qwlAGz?TilO-}ip8#Hev%vI_e^yB zSbTT z@?nLjjVCzEhb7+e3O=l<_^|%f=ezo6V4003_qC?eTsR3v!b`zPvO>DK z<4c04jNlx0!D&8gfG;``%rm~|#GlrE{TVCI=Zki7LcR87Grxp=a5h-&kZhX|JpwDm z6%1byocL`xu#v1)u7K(l9EA5g0|L1~7zsEKc9Ky7%y-OY}{y+B4 zJFjEoA4&W}0_42m8qI$=RkX9k9gI+kp) zLrKPE5M}JbG0n(2qIiu;(k`bu9rtA}Aa(+~$S69$_vcyb*?a9ZYtL*DI=?@D^Lou| z@3r`=1pOEXgDMBIpKk^J6=4zM1F+917m9O@MZbOU@Qy| z9}*tutK-GP=@t*rIMH}mZ1Di?qVNE2f_T_Ye;7RQTQlGNJKX;kU5q=tenlDAG0!o@7DPSDWs34s*mW4ZhcfkAJKQ}qhrh`&-T$4 zuaAt+?!$}iBa0Ko5F|&9K33mw{X6noB;SobMi%GkWAsg)KIZ!8Ja2evPe8_c*H*@E zrl0NiyZIg_Z@>HHeE#Z|PhL}Q=DVMb>WDN8rQ=`z+#TbI)Gu zx5*cRZ~SK)*L8L9S&6g7UrQJ#@Gtq18t>(MPjvIW50R^!%JlJKm%iLh?wj~x!zGFS zIc>3Rph zPUC|=$aO3JvzdRs-SOt#`X~02@1k?Z8km=}^-x~2Vi{51mA@o^akH5RDoLC_j=pZD zEaZZ6lSN;?XBytJ&$xSPXb+9jmi}NW$#1D<`VhI1T1jL@7SwChWwm>EL zm5p5`dr3YpbS?msj+u|_pV&&jq~91`d(&;3p=JD- z4YZf{wZ}&*V=upal$&$B(?6f3oZ}_f9&WtPX*o=O$YNuQcyr1%F0Kr2@vD*+x8xhA z>O%7Dxo>bw&hbBy(_!%<+?x0YzmF6?Yp5IYGTo?8#v56dZls=1d-&Yz;d8l%&xsyB z(G3QlYjgOF7sBUy51;4~KRz4Y<>7OE0H0&R@wtFAf|C4Z@Hq}zi>U8%u8~n^3!mtV zZundjf=}*A&i@zX8+`Jf#wv@?jrsVziu3RS_*`fG>_Yfl!T5nsbbJ5AYnO!LGjA<_ z$Ho9Yx&AaX3_fY2i6aP~Gr;Fs7oU}X?%H7R$ru`ZGLBh%GM)yXOOY4nDW1$3jojO0 z+idZ&MNsO)Ln8$JS6{3Z7HKK>~qGSm7hx;q*sZ-xqdEnlwLLO$G1H5Zw!AQ3)aoX~j))Gmt`R=88M?T5CN+S~u=9Fi- zfVLD`v-CW)#S41RtXUGx^K<3QL;r{_!M`CYugd#PIybDmD$3)Xg5`bRS6(Y|Sgl=> z9TD;LY@S{%r*HcqqXsZWgZU?y?yjbMn<6tf-uXvwKFRFY5jgK-YQK2rv~uN9mzccp z?b*EW5|bCctw3J*kNUrryzr8ixcHg)(7XBc+eT``)xI`7@A;tC|9tiY)&I7)SpR`u z{Z9+2|Jgm%e}_4nA(#K1Le41ennu=SW{CeC69a8Urjwh3F4Z}NTC-EuG83Lpp2^u9 zv)nnoB>GucClBaBb5Hi3cdwQOHo}Z}%={)?dcQ@S`16nPySXp^uyh7`_k47c6`WP4 z@_g?nhk5sW?W&e6`KN`7LF?mACZf8R4Fg~B)b10wB@Hv>zpYl02 zo|j)O-y@1_6Rl`1@`USOLCdt67_hDP3i2{FFCu?#a?)}8L~ZffwLpo_%E{248p`S>U+h|damZ=yxwULkVk`NEG4NEvzjBB!91^n5(D&Xv<^S|4 zO-v!5(f{7?Uf!d;eN{VS-O3x-(|Z9q*g6zG8U`O#xH9p>w|19_{xvjbBV(+5ao5k} z_*1+o9-SYuK7+i@b#?4LW7cQTFUPw+<5~7rbA8HVU!O5N&^G`2jAM%5;uA^7*|q*R zV^0O*x7cszByJ@a6dvtttIm&6N&kECTVoGepF0@8eUn^=V7zXN=4-{f*rBfN$-LkU zun%8fPd$z$Ue^#<>wn(G@NxyR2EINK@wy!S@|H%O6Jo9knxi#mpGx=VSS_P32k=bHP-v1`{H9d`4^uC9mljB;$vJUe`L9kfSB zobhewKIKHb@DS}mPsnFZagZ9?@%p7)}t-pD*s~fgDrAAi2U*n~^ zP(Q8DP^{0^QROYz<}fc-+BBLz>cD5{K<3LYdVJZaBhoQ0zDruJgiaE~-GP#pKe)%h|u| z`yT!p9TT^aE!KW>=Z3@3FlUOfmP}`gZDEf5FV*fDp*oY>;m^v?tIgTfx$}w5zDV`X z1m&O^JqT{lPZLTQ>j>D9jiND|2zFK*>_ir|d)TqRx!8#;5_VR5*wHhJ%S52_6zhXh z$a~opR|zxVB{fVqDcM1vuUo}=vYPi%TvB@v$Q5K1Zkc)QqL0n`pFrC(^mS`U`wrK*`A#<~->D`) z-zl{o8MXlo+z!o+@F44!#~xz7elcUcNIb^+n|jVqY2^3YSyuucTQ@2vo}4B0o?>Yx z7scox_pFkBKSD1d7mbbHNN$m_)7&!_e(>!#%-(9POIZ_yZP*GHC9l5$cG{rZ4Bc(e zO;VPL0WOMn{^`fiL)I#vDH))*4SMzrl{L_7ALr83+BrXs|NbE~kkKYS6`-*`SSM_1 z)oHS5ET$gRAx+&B166#Wt&aE!^0fomr!$`xw?Z3vs=75m>%bDu&!By`QlFRL8PQU1 zp1(es8PMYSLyz*VEraXUKN64O`Rw@DxOrZwIq}X5;@%oFWdDIV*vAoU-O_mISxDLZ zoH1^Gj@FnZ!G^!AXA6}z+sy+?a@LG&napfA4`@E)QYG7-@s$0nT%aVf<-kPhR_Y{P z8Vhen`kM7@4+P5kPNA}9#XCotcEwCt(nVXqz}5m~$u6oxo+#Htxl4BKoWEV`3zap~ zwyV@_7y54=Wff{ywhzbW`cP*h_{&;WpsX-{U9mP_7KvZa3gg$9oB!ncyhE}&NBo$E zFEfn2`0KZ8>H1cAY+olgvf3>NWHZAblq%)6J@@yl| zY7YS0rrXt?>GWZsJ&9u4gS^OV57*^|+QazSu~S_7uaXtizt&g3DD{g`zY<^l7OH+V z-RpN_G4(^f<<*bt7s+o3>u=5JRCzK&5l8RO|EW7N^`33e z)U$0+B0Vhm!+0h$=IjDuIIeB*@Ao5f=EAq=S7RF>!^D%Hq7U1ko3#xnOZqTPzwLhn zddM&13kB%i4L$iM?a(v4?&;!5&`a{Z;VtMISpnYKX7cR#I8F^T!LjOh8#IibhsMo} zsXg1#=yP8^%-kQ(_j!VMEp4tB5TnTBojtCslAk`>;v4zYF@rXM?{o;hljvCaZ-#H+ zAB%6J&wXWGU8pQ%jH_eITTFh)^uj!m7y4s`2Sq z+Lb{L^{8WQyWmmVuGN9E1{WwR4D zdw4^*H#RYJv$&@$&EKRKlfNe1FN7Zb8>IIl^puO+4n2c=Yy;6VHnES!**}0r9W=mR zkjBr0bz&?6<2OsNO_EX2YjM)MatvsI*57{!fUfyl|J)3y0&nAXn56tbwCZ3d^v!1nyePz`aDhocVHvEcB zOj)wQdcySq$}%?bxPVRUD{ESzvSwR;#U`e#He~IVo@`>uGB)w}fKBWx>+OZgnq}LC zO{{j!>bYH7(_-Y%#2mjGo7h*@fC6QO@#~LPb?4Wi-T2kjzkSVmuI}+S$r$-|XRs!x z;bnN0c1XYI3}BtjZ9k=3WDn=`Ypmsl?}Ih?BQ+WtHTnAJRPg{<)*Q3ZM-?s)m^C5v zgKU&En9tDft;pqR!u%MQ&YL^nLEdfWUB8`)kvYWViSfRPhmGOg>S*HKzvf*_lk5NK z)`za1*FGkBHdi(HfH!->hivPh&Gn*WtgpQ13zaw4hY!liz`H%+K3i5r4j&H%%6hm! zSz-9NBm^JJgZS{`8_yOI-?)u68LuAn$@8U(ak%k~F5mZJV;$f6cg9U}-IH~GAL>hB zprBme=#%TWgC+P!a(&(RpeMN=B9m_vrjVnda@|LxS(uhw7heQ)%}0ZE3X|*9&B*nc zo?HjVMy`YP`-E{%hfRZ4LAma$kLDRA*FV0OcYShVR}cp_)-m_Q%k^&-Dr=6#_lcA1 zjfKiO33C00LS@ae?K*LC{h9)0h4JlGjosz?8St&Kzm6duxtaAW{lu?}!83ezJn_g5 z@q@LM8uM+hJMV)>!Q`>TBllXn2|W{xM>asOn0Vw5AEHj^EMpG_>a;jmC(m9gHXgZ9 zJSzDC-H$=*SmKe}#G}X|6Z7Q#YYU9|$%sczC{z}FleN9j>n9=}IlNF=@Xd*iN5%@3 zg?x3}b>iZY`<2g!ogR!IhwCFvY;JT}xxPbW8_dVUnerV(a*!Y2Tnc^Nb*tXh>(aZ@lKiFaB6m%|gdCL*; z2{vh1yx^XD;Wc!H{QK)!v)k_R$>*@K()iw|QlGrO0MEN)bAR1NJ+eL(b+EC7Up-7& z=<%>v!mYlt3dRzk8;m9VNW3_SKB7LKhep9zg0CJnmT=9_c^Ca;;uO69ThW;HdIa%=SRkIz1drSff2;=sYn{%QDSP$-PoH5&buHmvF$M24v(}3ztnWFVaN2jl z2K;4gJaFx|J73%$&}klD{1(2D5AP7;R*t2$O^v)~Tz~r#G^Ho;htl*l@!XwG!#fhc zzkoRXcrQ**|0-vLIQ>55FK6TQ3j=Xuu0KeQO&(rjuHW89+p_#edrd5X@_(_D@@2P* zUjl7vp-p*ub&Ttak@VJMo3^P<$e>`GwinYTWJ_Kwoa=K7w8{2inzk9+8SL75!ts&; z=qiqkC z><>zvgLt_{b(-D1PBV+C)9gT)Wu~M+vF^e*Lij{)ZV62oN0Q+jjAGnXt z6nZx+!=R@;n4V-x2lRsR&^nLae9^-{%Ib0GDIc{*AKBJ#Y|ckM$D?<)KFeueKX`Be zvwP#`SOR{ zxr-BzoF6KGcJ?NJ-dO-oh2+n#WNS$Nc)aSDskhRmnB)TVs-W7@Q)m^OvTpQGe_ zgz~Lyc4TN){!H@Z4?Mg?^BL$($)AtXj^mL(A5uH=<&SB{wZ*g}ME?AwP&@qc2N^2) z^PA_x<fyvSDzF$jbxx;y~ z$k|4Rbw|kWCZ}^hHqlnj&9Y}zPaEv+>7w6K*h2F6HJ98DFY4J0a#b{HwLd8527G@s z>ukVyjQs6LV4a@!71BP9<>=JtZg2lc?p?(An)537uKWmN)3DFPC@E=yLx>OSjTTw+Y_7J>L1BS|48F(w!Vex5A@K?tYeT z19Z9ntfd>WXUsY5F|GM>_3aoRUD=!W(6_DC)P=T}c)Oh1J@5Z5sP~muY4hY_iKy#+TcFt4ylW-3&`tt)?;nBAB@aqPrvty&vc{meI9LmHJ9eezHX_p`T zb{BbQ^jC^~yVK;CWn!nae6JaugsfLC-3_I=IrdrLJ3C&x**9w@GJ~_t)3d0j_I^H} z{hMcFCu#p?#!%D!s zip2W!kVVLY)N(Ml7`{MGkoRHM%S4e0y`2|Z4ql_;HR2v6`tH4>9JdnqW-6Fx{^?Tf z52`aqOC;Ae^E}r_$no&k-{8rspYmQ7#+5TjZVob~1DV&8-K@PBs+jlJdYQRS#LW9Y zE&G zJ&v5*TH;ii(@W5QR<29-l(J8JDSdy4{Po;kdhQT2abl;`h{ z&_&&2?2W)Vd##+e*T%Vf+JE2XJLsG>tFybh26NwCORF`yZJXf#X4-!*<8(hVl`{p> zoYmLPS$(1-x=HBIyVz~7a!9l5+Pdfy4iMI zi2j4utWDkl@0tB8p>e>(4>|XYKGk{y?T6S#EU_J#(}B#{GmgATt^FH1+3d?dkG!-r z=lc8iWD;9PzK$Y z-47sYa@0l);|%M8?@FW}Mc!(k{ylusf7++tl&gLEsfXF8|7ps%`}FTMx^>@_qZNtt zb57?7_O(sFz&+8^KK;Mpp7!bgJ-n)W+Nb|TXltMT4Dz0KPU+9N0UgwxJ(SZ2`3)XV z|A|lJWBSj0`uFLl?vJo8MS3HNZb;4HAKum)?G*AbRo7jwFFohThRNvlD)hREr%iW^ z-Qm~kr)+&=!(sH9IiGD$sSlG8SEtp3zZvn)12ZY3k@yOBM|v$dZ33sagVXicfg7-e zHrn+mBrX-Pq7sLl|W8TZ<2`|UKCYsp4C0CD3UOl}1Jdd*; zK^{LyeO1@CdU(2#x~+w$o2Z|UzS^jL<81z(yT-8}eCElrJzg8jXxSC;b>YmL#lXrAB_bg$hOg05!Mr^?9XyWCwjSc9YK|hZE z7|%cUL<-q#ZNPfQ$mE7hiW{9GJ~Og?kDJ4hUPym{L&XK!#?l94-1@4nTa0WhGd!D> zjdP(R*;wbU`PJM`jQ=fHkk8!Lc}RLMT@6k3C;b{X^*uH5$&u(Abc^;3NTF}EmjJ#} zc1`f(vMK0a*%aEJumoSo_)M}bxSt~TBAVnozx_Agm7iOJf26hl#vWP9^+?CHN7#2( z@xfo}IplLAdUZAOrxYD5|LVGc?)?eRnfKnK zkDu@A@n}4fc$jDW{q67TP(A96!&LG)MOV64YsFVT#`+t{jb8A2`|_Ugs(h$CeH(l0 z_IKOaoVU4dXrdjtI)F7gC({0YVRNtc_qr*&2O0Z&Wi`A4UrdqxyD;DaQUjOW3Q4XYJ$vSM2ZhFN9+>%>F)H^LLHkfRAB`t2AcFM=ySp zl}RfllP1FJA@Q3ZlT&g$@tg0O_qxY#CXm}}<2R>+L+t!@_b~3g#cwu3uTY$2TNK|I zd9Jv{8=FFCVs{ma->kNDL*hdJBc4abi*834UF5r=8;sv@f3c+-62G}YzC3zEbbk>> z7d>F;hQx3F(b5fx-?YT2FM3IIAMw%6#&6I|q468;*Fe`FLoqy6lNY~P7ZSf&S0H}l z%A;n+W2jGe*HE|VZvFgr-a6{)FFUKdz4Allk@s6qdcz;T>H2&)Z(4h&d;G?oUw-zi z?(@rgIsbxJ3GB*aF+5M275WnMpD~@O6E%-eJ z*(@LBG4fLsFV%UA%Gv!f*OJ%v{Z?#L#Ye8gzE};Nwhh=1*fM%wK6<-(k3H16{~hzL z{J>cD{dVl~?fuC|0jFu~uoQf|!q{J>`Sw?!4-WC($?{Fly|`<`$QWlo!3PcW9q~BL zwHvu4-cdVO&{vK0lg^MzkA;uS`k6?}XVpgJONN-kXZS9=rdzDh!-3y7TuDq#@92y_ zVP^%lan;2YiBm5M_)+o|zle{7-MR(;%;!sGd2A#+hA*|QCtvE}Zx-M&uWp6v9JJTY zezdT?Cck1-0Y2-tU*sNdeb=Dk{E3d`PUrr5#%2JqQm}9Qihjf`xhLCRzqf-YGw+9; z-v+KSU`#%VYnu;Ftf@l(F;>PNVSN4j3>rI|ao6}pDAv~!Pe^W?^^;&B z&xVF4%Jgo7y5v*AvuipL-R@>&8+OlpGZPSen%LSx9yyA!)Rlln)m|tY0z)`*E4;xA2}7~w+#|5kyVN>WNLh| z;61M27AjZ0--?y}4a{9x{l^OIC$9Axt+T6r}p)O+eDVYt$q=XPcyS?R@5!CM45lX^erRbdm2K=#NsYnzRX1)C)v zHZxq$78YiDxS9^GX3&3gz`|U!R@JqK@Q-)h%^W)P@@y=4paWT##TVbj7gH=v?F(gT zf>-&L6J-m5{UkKEh0z30hNiVyp!qnwAfNU^OBdWWGncnb>)Ac}Uy69V0Nt{``)-=~IxrsQe-5E+zyBs4_xo_6Jn#9RZdvCg2E#Lj=6}-Q zy*K}JExA3`|6Ij)`%W?b=Q5u6*WX|F|IPWIs|w&X-2e3AdHtn-bLVwwjh*)RZ9`tQ zBh%8Spl{KoU0tO+R+k~)B=?X5`b}{!J?qM`vlHK`!2U!w>HKorpZ+-@@oyTN=X`&E zBOhdk+E{^Pjm{KTOsoVwto;;Ze-87%gU*sX$i9QjlTB*mqht=(19*NUI#>G6%>N); zW!JiXjVlMF+YHV>(bwz;W@3_HcD~}@7hax7Pon*bN!Cbam+Z*myg8D1dWa9_)!=+I z|24!UW4V~*|M>5_ z-wsYzp%Yihf0=|Hp-jb;wt*A(*%IR5oyjKPyYA^X;b^zX0Unt6-EjIB9@88Owt&I0 z@y+OG>BM&Onr**k`vu-;@cPyGa9o?58v5eBre905dpNdoFFOYcZq@#9*;}}8gvIj< z^vQn&?5Purzv{#t>YpO;_YGe^t+sw^5BPIV0RH|&zR1bI-_JhVGv8bMz18zB8kG|@ zOV~pOfXld<-GKh?>p!h$#nmD z7ncmAEO?;R@V^^(ke?(UXCCzs=I3KGnlo{z&vn?R*JDRMs(td9+ts=&@lG1vsWp2l zDmULf&+8Y%(ACIb!#C7f>s=&ok~5IY@R0UJJC^e6^nv0ld*Ds!w)9NugnYbC{lR_hnLFR>n_AkIqV1Y{`o&T5hLO*jXVQF=_4{%@ zX=%$@zCOyHcM<3#jbT#qJEV_pRv*z9-TDX_uGoh9=vdCX@b^(0XXdDnlJt=uFSd{D z-kT_$KH^}he^hXLlRUFIArJ?i58F%;P#@?5&WORNdI-l#)dEV&vJvsgAzm|^B zKF+N?XTPWTE;}Gk?jzIwd{aK3b&Frb%1l1Tjgu80?30(z(Kd|yiwg2N$iGOF&ygap zBS}t1D>)hW%J-3OBd(W%zjlkS$gQ0FHu!3;)9IK!%}Wz=xKEe7Lf6zw|=Kd)bS#VNjyoDQjxq=yWE@_h5fw&T>C1AzM`EG^?H3*Z6O5 z9A%u{JcX=n8SCTPF_d@LD14;nm=``Bd+r6r1*rQ{a)FqCO-(1B$#n+VsrlH}<=AoX zf$~d;IXqN~PgchNnbdQ#o=5IBj22eO3!%)ev*C{>WE#&efX;P#2JFe!wa=M(Bjp0= z440)UGj8-odlNEq4ssHi|Mk{A>>a(N-xt%Nt^lT;x;)F$yx1UzAX?bG=WUm%xJ zJSaJnLS7p=1Py;|rekef^4!QFqwl#sL~cc@ALow!hTn9dD?5s zW=|Gwl`N#Z=cq$FeQ)uRTteSdp6KgL#F3n35~QKCB0hu7CfOkx{{ao1Q5wXS;&oMu z5uu;N2PQwKx~%&dJeiWjZgYmkWr;ChK1N?F*XA#L&usE=+3ewRk%!Ak9xl;U2A7L_ z!R447KGfEKEQCw+n8lIB<-3K;Mc{H0eZ%jsN( z*(2#+H4>h%Q=jN#pN%D6@kn804}+Huf-*8mXBm`iH>hy?Beph#Q5@X ziClXOTVxMoorlYX^idX<6B5g4x4|X0PY_d^J)OR_!NuhTL0m5M;Sw9F7+juJ0GIOn zwRd6zytIPPmGINI8At6I1@@T#8lK49j(p%b&D|M!RR>0O25iHG#7CZS_l`C+X!i=* zzmm3p!%w4OSPwL=NKAu>(Aud9GSt4(NOwl7-Lic zjyM~`;m`V)?*8v@%lem7%gNcH-K(j$_D-x|PrjAtur=9pGD^)k8LJAMlkv)*U*(*t zii62}H{IphO-|M)^j~XDU;edpP-)BOgfBjC;?r+a$w#dBwQZm07pg7#>$N?!NwVNr z+w&i9u{~3~_QXTlGo$GC6t_P=`J9L9$o0<*bvm2LHC1elyw=XCjAaJfzqOic^z2mn zVH*8$71%cOTgX4e!tE&{# z7?j1FKPFwRGrXI?II=CBvVtGS4#*N#=-1y8MH{T$IuByV8l|R^q ztt_9d!^qP}i_YRoOD|$ONLF_st0&VhDfC60zL5>B_+zc?GjxaMU((398v0Rusr%YP zcOG_za4cJo*p+u(|3K8MBXo8t#ydiKj`w8SB^N;tyUF#1qlwRu!>V}~lj|3-3tEw> zicuQ>q!!u7^-IbRn#EYoZP>;AU5bw>)|s`>k;|H!%=$E3|ABYnCg1)%@??<#)aA%P z&IKdqfY{GI#nf~TlXQ-9>eJ|=>u7`DCe<1T#e$S0D;p(QPku`Cn~EKo_p>n(=xjy? zo0uHmw{Lb5Zoikc>^Hu-)3S^DXpe{tdEF}+?-X`idLlA)621##tNre*on~~5ua5d% z^Q-1}Y>43R8jsEFkFIv8J!;FlcwY6*iw)3@Ijk2*^NfiJFvhYWWk1$2u9`19Rpl^N z$vW&OolE5q6X5>Oh9aY6lQC|}?^JA2c8qAr&wYj%X&aczfUoO0v${Q2X3nf`Kf31D z?bzh9F-%{2xU{qtXM8*7P}x4!n3#4@j@oe^c0q+xc5n)Ior$?pu5#q<``XLZUHe+v zvW+_GdG&#xo|~5}o{6dzU86H!vx{05l(-mW^hKHtzS13c67q2wD!rAk*;~wfHKfB)B>vawC zL2;JT__Y4?spM(;WxqfFSbE@X{}Qg_I)eGeu@cw6u8@CSmgiq5pN0?j5|1d?nHU4S%xC#s?o;GQqb9gfAAf{2)u&;diLlb}c z?aw^Q+K7m^MuYjuo%gUtV>IPxjm8%5S-U<%&u+o~n8x~yM_HdS*;}7s-eY~n*?N!l z87trk%ILN>gZB>_n!dFerhJvd+Kfk8n<1ZmGy1X={do^-GbB5;E`u`G-E)X_8R$*< zne!M=jYXy8IJ!dqY<68nwL3Rc<*m!Oa3mN-rYTl-s2YE_xzzJ*+;tgI<*{pB##+Wk z>oS`793%NraWF%H5O<%{Ks^akG19O_2yiJsPFY=Q^1 zE~A;>SpQ*CQZ>2tmfOC{ycY6J za!ol0IscFtM{Mq|HMgJB@!opNnEPA4{?Gp{7=t_g)A_REHBUy!UOXIg^Sk>_lY9tY zUpc>;`4##qMc*aq$7%3qO(i;GBz1?cf5KkwMyG>$>9Dr%qVvGv^~68KZ{o*x+K=Cb ze{e6_CP>a?z!EV#aET`X}}j! zyg}brHn{#!n{rdYN&~)AlCf!EJ-|xzZkjQwf^Szb!u7uaMZXkItc(|YaXiA+s(K$Qw=IW^L zX6zEtlOEV!>C$s;x3ZQ84PB?D>NIQ;(S+9;k&Bk*6CpIUuCW%|M}2H)#`9@z@@Oi5 z3K{TF2DP!Wt*VcDBHCRhRcmL}=?|oh5eLh(vk_ws;+Kk}(o?N5N0>ALlWa{xP0U z|JTy@vM1-$->$vlw0x3wDBhs?hA8!yA6<&RC^O!9~0;CFz3$eY2LJ?Mdc~4dmHf{aJy?B^=u~2BPfBt{q{_GuHQaZmY5Rgx8IC7wtlNPj(+>dG4xyc zTkN-2$+htJTTTYL>m-t3@d~ggKj4YeILBd$_N2v+pY6DDEp*aWuAAXM%O|gCUH=?# zh0adTa*U0-8a|S3YcTF$6M_-R-Pk*hY#2t+BFL+a6f2zC?^nC5>T@OaY z7szg-2LpWZ?!frY^Z0`C-B(rl4l};)Sf56`bom1r>Y+U1Y3Q$et{ssmJH6p~vuCNt zD=o)3=3A-fvGU4qhZN5%w~GE-;FT`~#@xsxcv&(@arugWU2$JUG}cWfz091c_)VC2 zh@6RTn3(QiVr+Lzd^QXdjG^+3@-TtU{nv|%$Hep^F|msr&VoGuo<0T>^JF)j`}V|E z)|qCgM=NzJgo#ndh>5oy2PUpP227N`MNIsa+y}oLketuEE{C7{!OsI6gHbQyY9u!xihCHKB)0QUYNWqbjk?qn<)B= z{HvWd2W|l}AN*z4;6Fp1N1(%#Gvm;XcV64axl{U4^XHi{$ep16M|NyR&P%uHOoZ*| zYRy+m|2zaO$pOtR$u>$uZ{%O|=d6`4z1=BkY6ssPWAKsigX^%{_ai6di?$Ad3W-WlY{ZuE5JOmMr$TTuN{mjHeuGEV>hL%<=>Va?1OKzADgU$cCJd-@7knZW_8~ZW?{w1`RVuP5Z5ng&pOtjq=BGC~qn4Ht`th zk)cgy%(0PW|AyMQ-f!|JrpPye%p=t`yD3nB~ly7 z%~n3qCilDU$*1z4lX)6@wI{JFQ}mDgyxQ}%ug?XE-Q;Y_W-L`7(D&+tC^ii9Wu_nO z9KG^3V)TP#nZ949vEPKhj6AACPt_0)lKq=TugETz51={LtZr;1)=vMJzVg1e&y9CJ z#X44vvwU^oP&tK->;-hVhPB^}Q*JK;Z@u*f#+%<#8{?htBn~9MJq1sgTq+Z%@^VP{ zJ;}5C$eoqFIiEV3coDX~eD>?9_oK4G6q6DD(7kDRDQAzlIV5r65A2CXD`TI{A(=xx z;0MKx_Mb}J2pZDw_Yybih?Vbs&!I29Q2xf+Tc38yP25QQqS#T6etFB?Iv)s{k{hP~ zDaVgN_5F4**ghMZk-kr3iyHfnPx0Na$OlS+!H8n7@SkF?X0Lqc=~+958Vm8S%JJV% zVFOo{I^)Z*Lt^*=Phc-bz)d}EdYpc7>)OZg`v?Y z20}c9@>NC&GHPW1vL?;NuBCm_8`aCsbK_WicjH(kEq99!?Rvh${!Ai+;Sqfe&w>%*Q8W}= z%Hx$WF0b6oo@HjvqBvgh=$E%VkIk!oXovQbUSB*(U)Vmd`Bok9#nbdb2bg&pT$Y1- z#m&Vpebpb_m;Nf_yIE5TPMYz}wxK_5AC23D4uhXl!)RxP#?0+If8Ny(*(Y6?+Uo18 zX8LM7bi_Yt;#4+&PH}&KUybqlNqr<5>Le5EaoiVDXto!AG3YP^{42M zR5ka}r;4{}FNiJl;R^atwu9!4^nA2|KID2n&%1VnI}euCo9H^}O&eps1l-#1@AQ3t z2j9cwSA0>v{Q9LY)-D-l=U)#LSno7KwkH_WT$*%k(5^T_ez%F2YK-9(>I!@BfI!MTzCSDCRbECf$`iyED0MfUv_a{F~?t1 z57}b#(PKu>Qy<0guSXYTWf$_yGxn?%8u0< zh-1M~GrpPnAqj2&`P;S+?g1B13KwI+1$|)fVr3WnmEr#HmPi*OC&1Eg`0n}{Ih)ge zZSk>#J`BUeBmbO_i9+XZUwyXpS?>HF;|tair)D2X#V8e1*1aGmmIxEbJj=8AE5uOG zN{kXF7z3lngbDSB#RM3${bBhkgFMV)g706a-LgIX`NJcH3GkGs&+6!FWZ4IW3C1sr z3C6A)CL~+HspL}-6ORo96Vy>OrG@<>Z*B4LH7q$Yx$7ZH~#$L#}4QFV(Js+R{Ql>A73A3^M?a`BVBLg zct{^DQyeK?D|2H$e|5_rt|>S3o6pAa=W6=q z&u@+;XLuaB!{f;zo)}?YJ^U)}*=zka`9koG{U-ZXcB7HG>>Ga#`IO2V)EGy=N@~29 z-#gLG?>$6rYAVyGd#)b$i6`L?UXqBD*WmYItq&K$hsfqM)%10B67M<8Mc7zEx`{Dw z0xQxN@PFo2Y^y=cFTM^BVwWoyt`2#enPl=F%zD@=u2Z+$d6xc(b7?~bb#GuE#@6FZ z`7X$tD9_5zlYdZa@-#~l9~(elH&fO^d{N2}{SwhJ82o_pN8(o)ACY=VMkk>yUtGRyW{#VWTE@D_ zKt8Im-Nok%k^Pn6S2k6Z^rL(p=zN@qJHbcwUts7`B?`vNS<><%{8|CJhuJg}dD93aO{*xQuaau-Ex5dVvvU|3= zxH7nvJ#KMJerc*MB(IwL2DjwL-oYHc#fxxi{9S(kD0oiRP&eddx>28uca6h$>iM*X z&%GW#mwWh}=;3pQHy^$>htHcBhfsX3_wb3V^yBlv(>#2x58!i5I6l8NhWhfG!RI(= zEuy~5xkg4^BYdJS7JxU6QKQBP45k-_;FEij^8@Wz@m@BEMEKnJ*75le`5YFX?{dK)whK53)z8->pq;B&2u&uuziNBCq6r_yfey(~T%PlL~;7M~N?7moc9=ySu9 z7N1LLFYhZit(CFQfC1t2Db_RegwHQgw=jGvuQvtW74ICvm}oCfVC?0Yo|ecwOc^|r zc|`mW?`(Y(z0R|3dl*mZq@04yn)f5`^anpCXOuddcp`0c3_W*`Pi$fG3Hl{6_d<_n zGWVPUE1$|+kGyaSG8tNduO3cOeYpA32s(DX-4c8a?-&6wJi1! zCd5OMF$R2?ocdYb(=h4s5jvC5vj6BDlr!3huuasgp^ramO zoleDf*hS3z zxvL{f5}UpJ%wgmvyaU==%W>W));=+B)qXpAhBb3fzt`E>Vb{#9r|mCNck%(VYv$^5 zYvwLE6tZTn1{*R)d<|^m%VO_7^d3`=%d$y{t>ogx;LQ^Lm0xp4PxNTlF6y1x0Keb^ zwQdx@fQdTvB|1m@sW)=1xiYiX2|F)MS@22s^>^cp-+{g0uD`4356>(?e(=0}p6vR& zamJ=J&)IcOC7cbFtW$Z|3;f=`g#TH{qw!AXu95=&&MeQKq>Ng#9|2>;J=v3Aq-BQsn%V(bif z-}0iBCmo9e_9WK>p^XvJK2`WgKKvZlMpGi5tqU zoDX&t)571`r*(I6+H0Pr{Gh$K8J;pR2mDIeD~CTN8KAsl`ed$4dmDC*)-?s+l`pi^ z_(JY_yEO00H`ZZ}^yOLuYJ4`$X%ROcVS~x#?>7#Ml|hQimau65A$3o zuar{g<~_bP{etnc^>^226}SFp4|@&QvDcGX|3m*C_xc~sJ#}MP$Fcs$ z*N*gn{PjPwFOPSA;Lt1i^8-dNk#oQGRQb8!qdGq(9>w<8{D74gHpUm6A2<^X2ImL1 zC?8-natJx)`nvEUGDPzOKc^nYGCvRx>?QH;eqf*iJ{uE1A@c({`sFPfM~BZ3*ghy` ze&Bg>N912i${V-8Z9F>H+@FUny5{Jx zn>TiKJ)~!p({J*6u!XOK_UMQ+zK!uz4%WhT;Cm7np|8>t=`VD(Y$L6Qz=kDed1|74 z23W*rYpaQ}#*RU;*-1LZC61S4(G z-g=+09k7Rdx!jvwox0U2HL;E~c_yYVysPzKnrpIkRCx=wIn2YCHa!gnI-t{mZdTm* z@nxfqNH@FkuB2rjbduPVigT*JU&C&T$A~M*SHljHE#;r*_}X^(F64f2J;rzH@@2xx zfd76YKE#^?hG*A?t{WWhyqMhmcscTj{x)ScI>y$PE${{C9froBXuR_;tX&IIK_V;AnL0ykCQri8JMfSm}~(U?sHJF5+L zB8%ER?AYI2>_ip`JF7kH=o!rmM4k*X$BE0_YcG?eKQp1Fkk{$HfNr60OJ$ ztrgPVZ<L}!#02c{LRcpco6?#&rg_F#otkE zzN?tIrQwAO>2mQw2yP?X|1lG z#%I0?4P>;L9|_cHbg)iiT^f@`V=?uh4r%J9IXK0q+v@PQkgpxcKAkZ)D+6uhsp>Wa zS_hV}9(rlK^H%Ef50DfcBa z+r+>-=QA#0WgVDE-AbLrOJm{fNMBRd1A(&cC{)(0xOaAP%#(81d^_ z(6h2gpOQz1V{X3X4s-tLkgU!TKPnEPIal%5Z&~B_pU=XpjE`)AN|T53u0-Q0=sYki zyvp`a{=Doa&8hER58miw$?`VFYde@y4xaYy^7HBZweTswYrhcXl&l8J$_ui*s?P?_ zeJ5sU=CRKO-?BCJ>;iI;<#)^eP`=*1e{%UldL&&<{-=?5mnZ&_dMe+&lo*1wi~Tkr zWnL;iAr_E}sdD`s`8|0uGUnxwd1Wdtr@5b2uzys%iA+c`_7~BnR@$_hdaj|KMqUha z+w?)|uQt`vrUhP`bjI3Bo^9k=?KxuGv_$QhP9Fx^Gpd;OATRRT!}Z2O?P2`v*lAw$ z7Rd_gU+b%1l={V}Ux}}NGgLohZ?JxE^ev*lk#BkR<9bPf`kA<=CzE8;8UF?uU5I}j zY$%Pl$x|NY^3=<3bX}`4!M7c%&m{K6CcZ14H`2;G`dRtUE8x|YA#x#)E;fecRpIv| z(9);qUd#6|z8pKRJ6{gx*(^Ucdi(jCn9Z3veuNK|r<_4Ii3k76`7eKY=1r3u&YH;w zId?7*1w+#1vXzox|4=pO09Qx79F_W>`ZMxok1KC(IYTx|ZvPX_Cu<$JVsDxU z`7!PL5$!WM(zLg$s~_{i{rNw2N2cDh4Vrqk4Ze0K?UDRpJd+vLUi)l=X={)<=+sv9 z>ni%M6&WU;{1koI2HmV}Kv~j@r45P-U&VVC+*NPypGHhy-CnZ^1k6M z=o(o8-r8pJEHZ0(D>T8e>Q@O3qvxSfw7Gtd=J$C% zXV1B^O8)z3i*Mvp#|+v4zSAN2PD-D{|AueiAB%6J&wXWGRH!Uu%qUYDeKfv(2Q=!S0rrA4<_GJ5nxeqAab*7aYzeBX=pWuLhXEQ)VEEc^A<*H`tx zw;O$YdprC>|A=qD^%dxeZ$o%)HS`Mdt&hf|322CKLwNtDV4cGFmbw|fh2IR{!moyJ z;op62(Dr21JZKfm=~)r3K0gqZ41A4{8n|{3x8gt=M@lv2pO~E>O`moq|)9vC>$q(o*gVwRc zn|6ywkwYe?#rszl81s`6Z>lO(7JQS{t=K*%BHmP1s4V!#wS`Yyyy;+2-&r|_e0AG( z;^IyF3X~Pbqo4nHcODImH#K_awGNg4cY4mhU5+hW56;k=nMSAcA6UzH<&$r2=mOVW z_4s}0MgMo@X-$c-o&(z`H5|yeK(AeZC5fg1(}!9@ba9aR=|BpNt>M`+wjpkFfTf3}5l_LS>xt_Anv9A58_|d9>zt~iuyf7Zw`LXUiGBId>#$12#>Jj*hv4FqW z1drSff2;=sYn{%Uz~quAJbi}j?^?pYd`9mxv)1z$*Z1r%zWr9P0e=}A4_y20&evB2 zbehK(zlATv9}Y20<#1b{(#U(pb=phNl%7Nfrs-?quNlr~3USqDE-$vWA{6~9@uSofSY@&SGt>TwJo1UUgd3tq>%j@fU zY12Tp33(K3)8oao2|F||*2(qd1=?i$FiqQx?F@G9JkVUp0Q8pHbSLfTpzrs?@BVnv zdwXfee;GA?vD&Z9=`M#-UcR8s zKj~}sPwJk3q8OWa;KRthYxf{~;4kUZuC6|GOJDxoPsLU>AC!wP$6BuZGGk1eQlp_! zlOK;wH6Ukbdn^5EZ08D>C(Rx#lj0`lHVq$SXm9K2cqfz3CLc+3p66Y&&WU%8J{{)1 zi+~!U+)>RPq`{w?Zx&6Q{%zj1G^?YDZ~iTy3-`EjZtWYKr!%SRU~kfB_!E6}EH`Uz|s{REHA z7GFw6AnRYQKR*3*ncC4!Kb0i*M~fI6^ifbh{ZpZK`1KRAMfzzGvLQ@A4N{$EckkOh z#nfqbpiW#*C{U;Wub+muwEtsa{iJ-^tIc_kxqNWht?B8=W^{QwW3;CvepxFzM&ET$ z^H2*1#_#C*n0r3Kbo@iDyU8G9%^G;@KbuFX+@asCcrAC{C^FXFe_U%3+}tANifRAx zK3^f{QuCAr0Ea&q*_bwZ?D!tt*C!(!#4JyTGenV`|Fn+tYZFr1pSmomsX*J zQuLv8spd^eXur+{ko|AkgASH2tTRvAIAhK1!*N5^(b*uZZ`#&}ea=rMN3=OYzG(b`R?5Am-|NsR-(l<- z@YG=PMzoiABrzP?DRM~dy|-^7cdjyU*4<$GH86gc^fG>ThK%3e1K%Tx#PPOT1J53JPn@gM@mk9SB4PpM1<=rvAnH*fn zC}I8;&M_07BK>#&PM?*|!f*DetQ~$G^W%~Dyy430h{S7$Co7ycUaxWvEpP0bm>-M3 z5wDy#{7IfM_nP}A>bO@~SvULwe z5&u5S{m3YIUUES8BD|ceF>+vEo*al*CZ_gf4I*pO((t&I12ayM93Zcrx@z7Gp3m0v z+(4P zxO(pzbX-vHHAwGyGT?AO_TEAVidV$Df8;s^f2H9s>A~uw;rwOWc_Vpc!vCv(EfW9z z&r2)-|23?|^5eg$Z(;m@4BDO^G(2&`-Nos_&-60RxBi{+KOb8sHHN;$-_G=4->qvp zx%j`ZmwxHVzS|Ml-`d)D#CtdoAp*{zasF^4SH)&1a?Pl+EZFm)EL}8r|aKHSyUW1OAluZm;zDQ*%yn`ONQA z)%4<1{hB-}VSE8N%-T{tVSL*u2ID*X=41Rwd0~t{%bAjXUGl4q#bNx#5BH4m^*)UM zz3i!QaxC<^Cx4@AE& z@8WyJk*Rs{f}Ac1+D^ha^Nv|v@-8qw%sIq)n8TXbd*$D6h9}aV{GW^bj}^pwv}G7r z?@b2`4`B7}U{(C_4el4gAN%T-MG~usIqdI~&mR}}z#ox7nWq-XA47Y=K;!=cf0Px; zAD5hD{@8bI&$8oW@W=gMu>A4vx5^*Oj+a0Fxi9-tR>l*rcWq)l!mxwK!XLB9y$j=y zTC=x|8z1|~E3PcJ_vYW_^2aZ^4}a_niOKEs`Qkh4`i$Z%^@isw1N?DAS-$?T^c9nv z5GZpRWfo&2&FlpO{~P@AZfu2O^v5S|KDqj%PcMDb6Mx)zocbg4dBYz&S2av}tNihU zLj3W`fbVT=B%l7+%DFupQ)l$Y>-F&m!gwST^uIkHLTh1fCHJj29{KX&d>;Aw*Igdz zS1gZIo@aPuc6q)I*;HDXM?M`W^NW;O43Dgt)w7%o?pJWK=VLyHjZqALY+HMB`6J#- zzx2c(2h5%e-REPhzaF%!-sbWJc9qUM?tMN+d$(reRUS4yzu`!j-_YAU%pc10=V6)) z+E8wM;aPIqWE0H>b4AJg%SRhLH<#t(`Cv(5JpbrWJ`X+fwc_yn{D*qR^S}L_<4=!c z6BL8zLu*bho^R`=UwXpx1wF|7Z0rf2A&BdR%d9;VDGJvG{e>GwTwX}tUlbzmlbjD~ zV^8OS?T8aiOgb7n9JGb13*tQ5G7yaSCg%qSFj@gd#TNn*t6US=MOKx-K=lUonMt& zLVR&4bCdP(M9944mZg?2e13xFC7FZD&P&!4uV((Ngn3EL#pUF^n~Po^>Dx4&{RJ1| zNAKs^B9m%;80ItAviXJ)M@ngDiaF8@bUyKaprN(@)GJDz zl*jQN>eJ!$*?Rzge-i75{}`Nyta1Cs!4Gj7#wNC0$lPG%(8Pod>{|g{_0KuVd*kzB zK9$3`9e#3ol|9fU!^oZR<`A=fOEdeJ*6qG1@dW#rzET3O)zY zW?0dMfm&Jdq}ozLfAS9jlFqvxs(mUHv( zi=y4^Kls*-GhCU&vbp!3BC-6TUdHY3ZU0Rv63?Grb#n3Czn6Xq*Kb~aSuggV^31~K zA3Hv4^<4j=a9z;;TQ;I#JS=GcDaXuj|D6f86$`5fiG}rK|E(jRtAPEN#pwD!X63E9 zx9O{{{WqvszF2pek?|jo<=cPvL<;l8=K^J}q)gSbxB0@`X7()4{i{N_%VKduJD zMd^)ijW_)9)o4C{{J|;AAKwX-`9sPqhCiNo|Noo(@c_0#G5nESd2;#Vi@o$uPyBJL z@vwiq$?A>MisFkCZ4ccNJvMu&6kd=$v>xmgh3jW7H@JQ=l8@`rJ>dGt!F*mSDH7MG z^)haMZ+qxXWL`0NzVIaD`I&2a=J%fP+_wjN$l5}Riv{Ch%}Xq<2Ns3v9_*nbh2mkS z2I66|hj#noVN877$zGn_=FMw*h=pB4?pklM{sRGger&xf>wnJuB6wnF-4p#xUdcHD zo|xbD8oZUu)yK!q+F#=WWlo~ZVr2c*y^Ou~3A6q#8(WhrkvktMRqb%Ls^T(Q&&+yQ zv#ud_a6d7QI;U*!T=ovF+r9Fxd-$%ir=R59=~bLNt++`oxeAJ#q{#!-`b-xeirK_k zZc~0Bag8)_lgwcDerFHp5$sJ6yM}cP@jeN=HZU6p+T)mY7$uayir7mDu^`1b^46t! z&$xSV##;VNPE=U`WLPI!64ED+`eK5%Kah>|M{d7r#b&fmC+izI;(l^r2{_z0IojPYj`&Fv^+bF*e zc#m-3>;p!BYs}p8uP}Qc-u(*aw-B3B-bfA4)o^A<^ZSXp5RXU?Or|XxT$Q_$Ckgt;Hx6LSI9)x z701qJ?`HN5SjG5oj>#_83}0GJKSj=W&&(T9>m+I!qi9^Qg-FZC?ReF=*t5Qo`s2O6 zamx7m#Fl@H$+gYxmu}WDvtC3wqnp?RImTZ7`rbMnTyfv5ktSbG`L=EJ|9?OD+J;)r zlWMQgdZ&tm7m&N2o)quAiapjlSQpiGH1aRE5R-lC-1vIdN$s6f=^TEU^Rczp-6ryv z>WCd_Pjj_H^t4~;v(Stn5A=*;y8HX^JT$d7t(5->;I!l#XWuI1gkrZk7iki5e=>cU z1p6uEO?r%#H}1Jxhko(uh9n2|nD-j`CRXs?O5W3+pe4}LX9`)ACU@H1BVTiWZhY4r zXLns2@9$jY^i8bf{YKuGd`j8%TaDh@H?s$D`~mG%sXF`L*Yi30-nuXEy)__KRwk^=ZftF1N!_9pKhI;mW_N@-BgeJ_#P$;wXRDz z**zmCi_!z=17xz+D}BzxjPP=}#*L3WJ5W5Ho9~r=SOBlgaJ>->j%Zdh>n8rpU}xK_+x{WP+_^H4Kqjn#vhzQ_^2gBj#3n7OU5LthZ9 z=YI|K*213+l=&$9SqDDS@a8@Icfgd=QeY^EI3 zkKTOp(>Kh&dkpt z8P-J-W1*|@$3{TcoRyfE;4Cb#aw&C-g3~GBw1&Q#LZ4~9eLC=dMd1B0ystKQb(QYW zp0Sz0^MeD=SMa=%-9BsyOBZ=qa?h!fw9Co6XOX3T{qWD)w;#Stme+c?_Vnk`$?o`A zSzqqr^h}TT%RX7=r+;-o|0Kcp2PvaAa^&GOcvfH3@IM9Y%tsegcsg{Bv)jbX_JUjS zkMxntXKsCRJf4%WYU?ZSb@?V)pgtD_+AACABI@I(ZRK@(0ByuhvOM{Fk9G>)^Yi2Z z%F4>`0DbL;p)!V0Mw0hVFS4xN1?% ze%H+L^PS5ts|JU9MsmI$J&|E8Ew;z=b#Inmrajct$n7L@d!_T9@zobG|CGEUA-Q}C z>p5kUs7>=my5|D!FmoXe=X6VFMARFZ24E@mm>a_fy_D z+V;Bk->|HH)|pco=|Sq7#@1>@2B>a7;JgQ|5mvio*J|yc){A_G`nYnY@VaQ>s5Vd! zD}VnxP#^dF(_H^cH)m?71NBl}Y`s*cYR2B?0-O&{Y@JMhQpXp_J@WUB_O`F#41_71 zZ`svVvLoZ^Q7d0k)se*MoSW*GIm6fG+qFRqzr8@a!uHRWy~}|q$cOIjQ(vo%YM<@% zIqGxr9KzbRjJ(`qZQJiV^4r#Nd(UnA^VQ)x^JhN(JW!xLVdM2M?eXWbhPCVZ;~2Ah z0`25N}6*D|b~f3-5fv-^tSyGsJ?jQ7&c_Z4X8Pl}W$VdGb?@$+KmVeQ&TuJ5t( z+?$-a=$9v_^wO>~3$&}y_}ysytKQ}Jf6}&~d~CAgRMWHUKK!0=IiS6f#4Gx<`lQ(U zj0~wyjqTrF>hrT>sL!(jecqEk>0%G}6gpxAI-&|4AzLx#t?RFK!q@fxK4eY5xyL$t zt@E#}oIkuTy2-CI50fM1$C1jBK2jV>wt`h=epKDouL)ywS9d>BlSC>p{4%wjK6La#;M0^K4)4ad}eMF#FuNzREh2Pf-_1 z>~G7;6?5+|U(We9dfxMGvd{ll;Q9UD^Lh57&o=+d^l+XJ&M)jR{z!NI5jIw%=|}qB zT_;b!vMzpu*7;U3UX}Et#a9*I{r!?6=fck~h3fotfjZmx-Qk$K|Jk$bUmM(?)9%e_ z{K7e4Y&IBcaxu0=^#*s5f$Wz#mOW~*|2MH8(F!n=n#1`s`0Dbxwf0}vyKZ1kgik%& zD%&30U2&d^=&Q#$8)Pd!KEyd~j-)x0sDgOG7V6wa-8fH{z3$wyZC#)HIPXxl z_TTMj(q4zuf&cwHdw@13y?9|W@vgTMi+I#I<=~XZR^J7V_a2D#-P`x*Ew@I!-;}Q#@Sz>~+kde;nr__~OA*eEEBbqxkEzpR)QyqD}jWO_X_Y z4fY3o$l$=+KU8^hSMmN+)Ukc8m$T9sQQTpl%~y&k*KgfB6C+~{&%gQ_afeJU_ij=r zzSKg-d6AL1F0WL_5`zM~@-}$oEb5-3pHn5ygO8QGXMBY5t781p^tH~l(cZ0-sY{jm zY%y(K!nx+6!@d@w)p=sf%k0%2A1^}hHt@%sP1AMYM}Bjbuck9TGvb{; zvbN72H^(%obB^5{({-B9*i3)QZo7j#t9E3Tay^B&)BIzKj4=70!@#QlK3GiF@n4;f z#l~}p7v3;D(MsOwwHoVYVbLAyZyW)OGwC<@1^w^I?P%gtfpPwV#+f+iP1H;FTsJ(@ zK6}*v;W-;qqZqq46;B^W1o(!Cwaa>HOmqe4+iiGUHu) zuIoi-LMih>qoU4(+Zmg+?{^OATwip~t{a#aDq~Kl3cc2cxu64P55GPwFByGU*76&2 zA<~>ZnTeg!a+Y)`e7E}oolkv1;(g@ot$>RGA#p1-r zb9GdmHanAkt^U*5#`;~?ehf=aN``%qTsYwzp2*WZ&BErl$`Y%H$zL46&$3s$&C_S` zb9DeeANKGw{buisU5|$f>6?!iz|-OYp5&k0Li_#kbe*UC0p`vo_v4)3a`Zm?sJphI z8@Co-M?wD(vCxN-s5bQkvq>IT@OCdUpluSh0ZoMA!C+i z{JJV4$Box9LA+uUSiEi~hpro5mj>|4^*I)=%fZ4-@XFYC!z*@57+!T=xbV8)@KJfo z0gsPLO}+Yn;l3?xVAY)02hWx{&d#S;YbD!C`mBw6?HR7=mv->mPG4Y~-LV}E4}$h< z%WgO#9O^vSc2kCXmTxP(A#CbQN9hEe<(~4@zm@um*R-$X)BHb$9B3!sLi4TPmJbGh zoCSYW_Brx!WvTOE3L58OkM2fp>+G_p;g4r{uOi|cyoTo$lT40wI`_w%y?st~nhx~u z(=_r_WXvGse_!o6?>uB>rRL_I2M;<|?*MXm{}|dzziKa6+12wGx-tK&u=!t9%paZc zSL)J%PSd$}2Wl7t>MomH^-_+7F!I`>;5pQ;osnW)&nM~c=rzu|DRJNY6}Cirj!zFX zM-z+F`Fddat)3oe%;)18?Ty)IVB(3AhUedXBwr7#`J4FolpSXOTjueE1od$v(IFNJP#{Ojej4;KIC z_LJ*kEK{^qvatl+vVgpsMliLSbxJy`06$~b_2`2by5($et2~3L)xBkBFCcix<%!IvaVlc#(Q5SHM4SI2Yd2{zPiS z1Y~S&$&rU^=|}0HQSjboc+dEeymv3OUu2&8%RGPc>s{B%7dCnc9*I*2$Lgg<*S6Ar zvfrZJY5dbX9>6A$ZD8@3YK|nnlX7{$-uvM#9uK&>Y^U|}>cj)LU6I&^ZT+QJ^LgOO zzlsOSb||K;91lxN^#3hDf2&9T&NY??+&WubCjIj5njG%`39LK(+4yH~`s#`hynh~g z$Ab4A6UgA2oxyo(k|Uqt1SuPqEahQbvNDGEg+&M)|H~v zrnU=+LM?4YZEI`0WiGjb7pU#(AejIAbDrm!d1f*R!Rmj1>+2PndFDLle9!m({hseR zCp0*5-lwUgSyoNLJ*ZrK^pRP|M(|gEYLB}7eH~KVrpSZb8d^Ncod?MM&rg7MR`AE`D=qTk+ z+BV`J+-k*v?}@Pi=^5v20p|=)d}w6889%uN`*#xmAQUM5t(9j@c69AXyD}5+VcS!5 zE#F_EK0>@_>dj6C>I>lw?M2NQWW`6IU)Q5wb$3qi0?X7rW$m?WegB2(D$uD~N8d-D zW*a%UtV^xK)5+n)u;HrP3G=UsQL*F0$)A}Rfq9e-*L;EvMetD8jn3Rcd=8JIzcsu= zpRtwbQ{HdpUFEA}R}3A3jtxBt?BYAs2T)_zVD43ujVN_^Q#mnW3cH#9TIo-}x6xla z{h3@SdfUVq8V4LUgTqpCBdQNx2A{X_*NTnPJ-mC-!!0EiFlSRwm1AO)ui(e%tn)4S zFx$}4&mc>Q+5s0v6WasdZ^X01-Lrr2c}-kfWqgi=JnWY|oa$va1;4th7TH)8yfLVunJ+CVAkpH~i%DF}(BCTbYaQQ*MXvq<=pGKZolj&x7C5 zS26G)8*J{p1V>*%&RRAqubX>ppX}sJ;K3J&&H*0$N7+`LE3Z6i+ugvjkiFMltxCDW z6K3AnAo7(7yar{*`cJf*`mNb@=&z}IW}v}qa<6d0j>WRx%S?bCmr{Y$TJh@l^((?v_^4b@yc9iScxnzj^z=V{_oXD_$*x?ciciiWCt@%-vA z^iumcvFKX$Q?!m*VKav~|rYYpUnJdb}lmYV^;$DnuLT=i{g6 zTz~e&erNrly{Pkj&`pmq$H(EJ{qWCI@X;RT2k$iB!@S`s-HopMq9fa__|b#3+vvxDJcsTLsTdbXEmzeBfFAjd1SbiJ8_c^@ljrUBZ@%E&R z$MxATfP%p7?>&> zB^%Jh_ofPR8Q3b_)6_fxeyj~S_6!}?wm6mUE$Fr|x-0?>q6^EWW~=_Lig79!XCm*e z=C@V+HZ2tYefql#-FLxfw4!Y4U#TOBRUu;)@ZUsqHoT_09+j5}`}nJr{WX4=_N(7p zdG99PD-FeO`jT*w9QP^xzLMXU@%!XZd=?xK;36{p#X7tTiC z9tGdhJ>LoST<0ETE`Q>#FHhfk^~&kz`RLAZvwn&G!A2ams*CJ==Aye)BEhfi(tOYf z$BTb4*~|x-*lbxN?G9?+kinh)c=sf9zbGxw(!&%bGZQ)@NJa}F;5 zb82qX!Lf7BL6-W4FT7{xbio&*JyYuB$E2U9UQa&j-F_D&>N8`|)W{n+jEqC>keiSH z1$hFOs;Lji7XdHE4uWs$+nsnI=-|Nc=zde1otP^=$Kk5m9iQVrnX8u@lb-#b6P;pb z_=&lKkAwf6I@gzoX)?)x<{B>TJlBIhAHwq=+D&YmTK^G&Z)506&Gmfds`W&VuRj6L zil02bUJGAOhp)+_$hH{1o}GcOwf7<=w&44I>QjtuDM{7!e%?;l7jT?nU-()Ll^%C{mM@JhQf0K8^qqG)L z{UUNaD1w}wWUgJwn(?*Z8_Ap(D`%2P6O*{@B%9l$V@IKPfmi;UY5=~^xr>foP4mP0 zLC=AX{`+(WzWAEwZ`Hc>8UygRYE$o1jc(!n?f6;PI_0Hhi&`GT_j(+EtCZhlm(YXe zOdj~=cJ6sL`5)|tFaFzU;y-kXiU0W5#DCbO2iVu@#ebg6rNn_Zqkrf(1fFzXQ4G7X z=r-%V+T6FFRIRqE@VLhpw0RkTi`eNNX) zCk)paGMvA(hG(_>O~W_zKi|l+P5hygkc)&KDwob}yT~3+4(}W6>5Fb>?K#i6X`~O}%xiEviQts*9 ze!lukbcghlJ()uk~mVLU!dLhy~K+F9vv6}reMRf zz@$1}oe_~=LhLZG%+yfSK+E;S1{=tkZ6ud4+R9^{Jpb78OSH!*?^x_&)oA1$Vr}P8 z%c%|2XXH|!k#($XsI!i)wyzGM?uXp)de+k`$<>KpiCLc5O1>pd@U*{}X-4VL35OmfZ+1 zh4=8=ek*Q~54Wm^+YXOTu%odY`>$2;y8HVQ_uNMtXjDB;cH>fe6FeJ!NY6sM!g*!! znFBdnt=HR=$pJKm!P#o?sJJF_Unp)3;0~DWwA}(66TmfdFnOMt)r|%Y-e1*^a|rl% z*fq%16yk+EYj=$Im-G+C!}Jk(9DMXEi&rCOz2=X|z z-ifhXnLGmB>9aWoAJ8wfcp?COBdt7VjOJrJcXAI2`7^nPZx`5214FyMe**c73jy=izp5m{hlaAS3b$EpR0BdEdHOK8a z%+b*?PjxZJyVAz~cQf|I;QW&MUeY~A-*Nui8;tiRe?FK#%I`HMm)6gYyv1+t2&Q0) z-Yb#+^_L;`3}E`GV5-VX;QimafN6OeOkV+}FmR}bsb)O6J8GC#@l5=@NOh6qUYGH2 zN5=*A|E+gD9eogZ4)KSs_3PqV<@bgcnp&kXf~iEj;Na=YUBFbH2Gd-Frwi-%`Nw;n zv0f4mvQx%`_cm9JA8aq7POq=QL2|rLGG0f=MfI8ZZ)Dn-S1_jduDg7qbpACT?q26V z;Ko^swe+8<7bth~hj-wQ`16OJO)~x|I$;sIB)ZyJPxIHN6=K8tu$NQt-H(o3jE)Si zf`7s5W#?M=R_CBwcrS-O*z0Th@b>e~Kp$688z&$C7sNZ&ydUyvmdc%cVmkfbSnJ}V zb8NG@>iAT?H5W9BP<@zn1Q~F6MAw8axjr z@RQm%yuY*R*B9Hvsf+o18h&=sx4#C?@%QD2WZAW8{on2Np9emB%O+gX@V#r2e77>q zpGedvpWnGYId%^=ypDc0@h|vj9!G!RMs>?N$Nc6K_!$GNNlkY<`^D33x$O6L>azUy zTlJA6jg8Meb|ZE7vgJS1e)UoGTf!L7RJ_^(uWf+Wnl{llHTGM`M^@v@vMzVRq9$`o zAHKtr7BPn6j7jo4@i9$J6}nk^<5T2jv?ecGxOb##E&JNC@w=e4&b*MH8krk1dOU`& zBpWz9LqFH6p9TJY3QRv+y?z#S?&sVL{amSj;MXKP7n**)>Gd6rT*CHnPrw) z|AG(Dz3>6LJ&@!B^Q3$Yvz#Gz-N48Q}WE?-Md?;A*W=Eooju1h~vxVyR=4 zYmA4lwVSX@4>N{8FL3-d$w9I<*+2h%Y2*BoaZLZN9Hg)DNG^UiEh!h#e(=md{GGx0 zFX)4*p8vbQ`+CnOkH0_lp6B`TKNH-~;SV_a`JW>jVfZJEZtaRL3q=?F53hc9J2*3I zkmW|VI{X68|2Yj`H6FgwXzr)Sj5KUESMc3yp9?Ix)A7^K0QZ;3uMVNkr*om$BEV(!VUR=t)r#Qrw(r5|*~G~48$nRh^WT*gzrR_hStHLjA+ull-X z#@Wia;ehI!SOe#IZ^qSJ6^G{YS?f8!<9GRD+Z2Z%ztUbD;QWrk&}K+k{E^qu508Ok z__Z1T{K28nVnKCdXryw=L(!MH4bwRrJqH}^(BB2sjm`6{#ui{ZsGI>~hM`FqdPktO znZM$q$B^rCau3j4aaCkqb>kAPCmeF@4Y2GizAfOuLR+m_>|jsFju}JjmfmZ2$<911 z*dC(aX`U<<*>lAcF9Yi|Z~$&R8b0W*329v`g%*52K&^$Lg$u8E$iIdaxe>e+T`2q- z_#J*Nw7;VJqj(m1ikNb&>{+%w!J*O4Vk_Iw$fJ!{f82b?flIuQMeSFN?+-G*Vmi@m z1aPW;!O#$UYuZ&hwEHgY$U`1BIrjce+nfMxU*=tMfXz?wFS$RD?u$kDt-Qxm(3yX2@6o38%mibsGk0zF@!MhpuNh?b(= zueiT!(FA0B53)R3d=a!?qpr~K>fR5h;6Xe}e)=l$lIYXC$CZYG0p}z zXDuo2WG=GP!Ez35x>U4(3Ta;0~_;J#bMyNhT?Jyc_qxs|2DzfGa)9Y_^`daM1>8+c%GE8Ph%XwfxoR*njWw6ZZ^Bemlw4e&_^0 zCFF|lhZ#R1FRpAEd3lMp$X4@{{EHlUy!UUC$x8T*-}muuRyCh#^Iv@Sq3OFMA2UhBZ%O1$amOgAnkpGpm9@6aw! zH_w1h(YMg$??6ZR(Cphg;_6d!PW?sq$FaBcYu1nHx7yz?erhJ2|Do>som<^_l6~9Z zgBkeAwHfLBbglSlJG?VF$xqGHT!xaZH;}TF3#k9-F&70vtk43(sIu3^*=W`y+1g)yDaoTv=x5E zZ!)<%{K`eXc);x2TGz|uPk#EU{7&VNoP15rG5pRqpuw9S4HU2D*)RV#H6Dn4o%eu6 zxjW^FYgh*_t{!4P%^LD_>pZ)T_VVL9IxenPt}B|>-~P1zo~OTJ@;SS~MZ*6dh#u<) z?FZrm4rV?>Shp$UJ3i>kQ`{I}AoitSC?y8an$p74JwIg!b(l<7Q~*^G5PW6lJRvj#eN7!e4?$Fg_9j9uIP*z>y>JL={v zy!F~K_^R*rOI@#x5iiYQ+#4D9h9RN&M}Xy{z%qNV1IIGpxSc<(X{OSpFLXJlVTV`4 zy1#oE$8`bY@4fh?)`=ILGhCAU1ELl1TNU!K5FQ3r^mM!l{bXna+}8tl3pASvysh|` zvzS90zJze9Jt8|k=IChE&0_=Ov2v%TO0_mk=rmK$GLd(t(Y{pv24~yNVNH};F9-Ko z&YDFYF!TlnpFD`){yN!}190Z&w@l~Lj4}L{Jik-?{u__4Yprg_d8dnU+FksKzcTfI zG5g`2d34`@>*(PbtU9D<%p z)*4^JJ}SkJ)y3BCY7<-L+q0=T4MXpJ#Dm2l*XI~mqc~=#Rb6P`!aK6ti`g$YomgrH ze&9NEeYnbr5sm-H=ciP!0WH0D`!2R7doY;wTKasEz7z*m(U(6CjPkyGB&{=>IEe2L z(Vy0F6K#2C-NyzqXW}UO+GAy}+y{LZ0nawzS%m*sOl?e=>uceU?yTbbzq)WaI>lMH zjcr8FIDQ9n9LgTWoQ9X#&!TyjTw*;zd>WrI(AuqY4YPamFZQJ=mw$<~vst%W#F`Xi z?q0;X8jJKVF?@hMnv2{$mBqlc&x0vE%@(c#z*VpL@!7z}^M7<<+s<>fq0d2KV2d!n z$=uzz=mKJgxy1FVQ?drzf1-|+eu!yHjBQUJPdP%_`Urg$F`lu%Mc8bf&l5g*uJ{%a zCFdsl8)$%*gXC*B-J>%tsZ(J5XhkT_e&RaiaGbHvv-dDIKIGh#=hJ)_EN^~L<{Er6_*wXUvU~fAaJ?9qC+#KU%I4p=$AeYO zHHhyNL0_4h-w0YhK(=U851>pS%Ytnvs@qZ43_svtR zdzIh3;x}*A?K6AkC)lc~RBfg9_2YXT_HwZ$TE833-EZVc|KX^7FXdt#-|N9Pe6O3p z->t^?+U(R$1?`)Eo$$TPvvs#QIZ{*inb!7;X>D(ztzcYcVC-98;D>P)@U7-=dn%0h zhli`eImSP{N-&yyu><4Rx`1(R+PDi{7(?cKf+G7(YTdRa>mv^rbB2d>fa4>cQ_ngi zKKiw`=A<09^B%tE_Mkl_t?wCb-)7y;=OfAL*5_oeR1@vrFFZZZ@j1$% z`J1ef^u%tR=Z%+Ue_LJO$KpTF|8d4ko+n=Jj<=ZcZu0he?eE@B#;?k3?=y{8Z|0XA zZwBMZZ;{Gp?92WRtyPqvd&G-P#II`Y|p^o?cgg@d~rQ|7lQ8;UkJyyvu~mB@2wL>!~;#>Gd2#tb`;UVQ3YZh7BIY+{fW}fEU$RDK1wHp{eKK+2A=R>-1c8G+ypl?}`4+&|0;c z$+M>O8XilW1<-xmaItUBe*b!Z+Wfux>Vi?iLGnE4*yF^o*i!i|5&VZH<`*G8h?b+{ z%-ZI7a^u_s5F>|8?uxUY8;gfqlVkIkFYR>ZQW<=@Dki}JhiIq~TZ9d-PG zKVMvEO*ZZE>(bkE7Db}nuuI%_yx*xE>%Cro(V^Dl>xQycbA-J$(7HzJG|;~qzcLID z41?|==#Jffp|sLEvHT+B51zKFC)z`9Ui5Zlu<*A=j`018!IS34`P3`J!0X6?6DyfE z>=Qj>n{W@>T-Jj&Mcuav9|=tj2dNo@KkJCs-4M=(oS;WtqW>@LOH&w>QI~D3zHjy_MgFj^W#HnApY+LKg15*;YToU&30ji zK4qL`C4FjOR_@V-IROj$L$C-A<+{Vb(PCmP?M2LOm<&wJX|iDHlVMI#y^qhDK9@0P zn2Ui&I?aVA3m%dmFMKLzUyV-MeC)bsUZ0th>x!5KhZ*uO=nPfWe z!PNRfH()n4agvvSac zJzU(sd)h$1!^MZYZxhC+^wT_@2hQ|+1pIJEMJL(v?19Ncln`GGM&Do?-kg}`mz2N@ zgQ-8n_wxLodQ%IPJpZo)neTYan%c1@STDOkTyeN+^ZB}mV`@1yjp#z~9NM*1XE9hq z?OSgP-SfbycWz%346c+;k*!Q`^VF#d^ZO#?=Ydm0ZojXiW4GFxdhQ8UCzy3Ie=3>dJI?%FYUchFiL+rykz)1*wBl0 z-5|V_&2P`BUK9Cr<7)hN;%deUs13gdIh&-Cf2+k;{A=;vNaj%dIlf)pAFSB z_{#rmu%4ki{LfU&Qi<;NKhr+HO7yh3A74E7X^+PSRyU^C zLuK;kb^gy~od2U->aEb)fz$DG)!#_^laDhXi)a2k#_ud zs`ug9Dx+iLWyH^h|HvhfcWGQgE+K?p2!ERM8b?qQCckFbZQyyHV>iMT;29sGqhkPd zrswiEu>N>Sj;$Jr!mrmnT$q)0jB~i>NA;|ZJjgL{Jt_da(2u^N^b?D%ZEUK_wtvZ* zO;I0flD~HUcr1_g&0cO_mgy_3XKSqZUx^P{e{%Ywk0|}gcWJ7?4wPd9h~I7|wo&YE z_{&?X=XZClezSkA{--VUHbc-?cGRln!90DoEadswG=2t4TIqJp5;a|8{g)0l73Y#=grLBh+{YbCa(LZ<_fTznky3F~1t{pm<)- zlD5a0n+p%?MdR%#d)Ga9o>kq(tNC^dc>)ifrGjS;@ZfuR@Pw(YYM!Ul=-FFxS|>Q*E7p8fYbM({ zhWx+T6UQ_Cb{_m@>UzM3e4HKdjbA=J8Gfmm{;-RYQAxUdRW)zK5dmQL2ius z-iW`@Nlt&xyVA`yuACbA+@Eda)9^4jS`Q8UJR`fZ^YSFW+=2};_M`S(V?S1W82+do zlwv&rj!eBvGW#5=43 zrVgc={EmELQ-@MFJ=M42-Jf&*xZbUr$eIE0%$Q(3(S#oL`2Nq-7MlDfdXuvY;!$Ke zNw=(qN$`L4Civ6G{~p~+pivbx^4r42&`0|!IywsL-zmwr*Q~MXj|T^EN7SHH8PKy1 zD}F;eJo^@QkMX5*2gzoDlQ46UOyo+}g7?TqD<0hh{=w_XP2emj|DE`3V~G80z`e=y zc?KC?Sfq6V`pg6O`OK@7y-i2i+tfq;l*DgN{Mdwl#rxdu+Q7j?7b}Foa9!X zM|d8kU5s{3;Qw7nuJxTNM>gKs?*1Ed{_PkQV2u%-%N{_*sA1}HTj!R= z+vb(U+ZU9@TdCD;qh`0gFc4pc9%#j$x0djXIkoX_8#D;y!1Dp+ECR>YqO%J)Uv5C( zfp@VjNNr8`N3JlLEh6C@!Q6tHN4QPnc?)%hr2_A1uudjB- z8{3yUfgH;o+ZP=OPNB(8$-#2q6Fn{#j$OI+;*_rB_I#s1&Vv@`^EbF&c#eU`a$+*o z(h={GL*ozG_ISDRS8vrl&3>rq?461}iEeueIG}-IxkbG51OM-P_${Nr^@Z%%Ku9ExGK7kzjtzTkWnJ+$&c@|W>1b-j>tc2 zZ{4}|;c?)Ayq4nMSe=C)LFe43xtrRf#F({O{|Xn{53m>Edm3|la?F-U=DGhUZOmsF zQ?ys@(bMF1rti(S%bELh#_s4CR38I>(KP%$l-9@N^dY;wn!9aY@olM#-ECB?=W`{r`FGy{M#t2QS*-t zcH_=McyfXj*I86KMewevUAO}IA{SQ`uz$ur!yxU8gVy8=6_=L4Z-c=B?~mGk0(P1Df@B;PD@n6IeE%vnH_E3JnLM}l%uwS$s=9GB=bvl*8gg#3 z!-{<_mmVll{rY8g+snW-4p`_z?Y;Lm@LtBT;k}d?gzpPg@53A-ydRy(J|yB=;%aIj zoO@ntWi!RI*Z}4D#80O7hG#eOu8C#%yh!I*4uPLW`R3um^&#E2GDI+fd)i7K9UsxR zrr@nlLhrF@{F8ouhjX{IZ~cmVm3;HyaK>1@{`LWLB7d?>y^_QS$c`7|6yH9>7sS7rvhb-TJj=%4o7mYvC)p^k! z&s$T)&mC)e*8?|uPR4L%4KlkoU^iEwL-%Ld%0)DzlbdPVbdL2zbS^ZV3}4`E(x&~TfG5l=J1K6XQ19Do0K8TewCvd-Bu?sT0Rk;mfmu=)Qv`=FPvCDPY zd6{#rCX3G0gz?^1 z^bvaDiKXCW2Y&og#xl47_871?0sHB;jyi*5V9+~J-)}eYn`qkAdCuMaHqWAl#C>;q zQ2vH{K6`D@#2A9V_%jatMf}#WrdR#H{le6nP&Yxn$vi8rJds;(;21!2N zxHKsrvX!xc;BRnpf8Lq$wJ%-T*3(KXVEPs2|-W3UX~)Oz)2+dJ3;g^uz)8+6oNuM0YQ z#@G<|vxi^d^gBMBW;_px`=BC&K6q3!Q=OBoub` z<7Tm5kXS#fCU3wxN(kTD!uMaKoZeQ;=otL{6WhosnBT(gZ&tvj4$kNaaypGU`2A~d z)EU+1Vh^~_RG%vcnwrD{#`J!Zu3iOhz2BunR`T6}f0`ZX=Yt;}i@;Akg`alwD}mbr zZsA>Umr)08o&m4t#}G%Fy2%<~EVc&OMZl}}1}44>#_NH}Pn*5&848P3cd>P_eF-v> z@~m>OeW5EiqTg8P_pjKBRDUs9pJQrE(1%xYC)B{X?wKWNH8Sew0*?=RhvKif{hiqF z)GybY`*xD|X+)51tq&BLb4o6;ZR)=y1EvPGDiq&qe6tdJ0=lGHJi#;lrgQ!Z@sIU+ z3G`oAeT7|0P0S+jsWw^%70(F2$`x(N4xKnk{I_?k);q4SZ_+r-B@+CKS?_T0a<%=_ z7vHWsjy;W(XSs22z^o_ez7ON`(cbu>6CD_phmHs)>{WoX%p_iFs zi0C(reoN*hEE8jDeanN(_>{C8$et;$k1+2-L-NsA*s6o5aq^eOza2sUOR;y=tjlDJ zA3{zJe?N60H~cQyhv1MOB402x)ZrcVwKnXuf0FjscGbSf*B+h}uRTKhD>Af~-l`n# zYhUEF-$Hv2$HnB6WbYS)>k>W-j@rxEJ9DL3TT1xARhrj$cV3lFKX=iO)+8K1)>)G_ zI;gj!*KZl`>UDT;vFrDE{9Hip+kd{1eAiMd@Z~w=4dKJaAU50Q#}da5wSUU~9NFy> zd`IlhPK)yg+f?t@`|IZH!HCu^h6e2b@@V8tYYG$4r}!k$Z?m_b6~4SGgij(GO%FSB z`80De^MKxagB8CuJitBRhv{FuZEC#to=+V_XzC))(0F!)_DoK(58TLkY2owjXBqQz zjBx-z^C0wPedwx#{MKp>w!{3UJm}MWpU!vD>{`Z?&hYy2-j$tb#?O*G=q&x~uniA= zCN#B;I;eucExTH+TffyoE!wES?cWhxZSbS!k%xTc@R!e@>FfAldmnW#@`F{Q9b;cg z6Z=z^;8UBui`byW^ci|?GrnEAj}7ziB8r#`X(Jodtu8DZrgYT~aon0+Yk z^u{|mA7oR6`;_Dp=^mF$?mb!8!ub2Z^+9k--fpv(16+aZJPp1jABxFzKKVZ}zVk%tLVd_y+G%ZFIVX#@igk+^oBEE; z7Bb7T#!ANZcqfWneUdR#cp4cR56_qI=iqaK{2b068*GpLa_U(WqVH6X@6mth@%wXT ze^V;I2f%ffkJs@#fO)DN`;*q$ddBagfjMxh>?QJh-xB{7Sv9ZtdEeu`b6wc}=;J-{ zpeK*B&jP-u&H_Hm!)Y)XCkt1vk9BlJxC?m56=N@w{!b(rm?|GAO1vvsj|9u6DmN5_ zKT3L8yMyp&Hhif)KHHE7&UKvHj4!`6$C?yIuYQkOv2ga=laSj(`u=Ht)4y4~&)UQ8 z0PpL3iDE13P$_uq%ek)_qlUQeNxe(k7_fSF=z8jBYuuXkZK~lPG&t1`(Y`A?Gy?cN zJM<&!Op5t#Xy*BITS8N-$-gPytp>iDYeMm7;b-q|ORdxBo)q|ZzI2`Nv3BQMb!xvC z-bcqBE{69#9anP({Zafa%wT5Rjo^_NO@@Lx4WQMyU}0C`YrinI(NFP zkM)Ff7IJ%h9rhHtojL=1YQAGf!LRnm7=5m|U?mJ$aJ|v4QHkoxF+i>AC2poQB6ZSJTu*V*`qBl#Oy~rd5-?7di5HOUP*Hs>3c^HI)18r9K$cv5Q+!c z2Q*3R)ykjUN9|yasU6HVwS(e0@3$eQW-xo@B4jPcS2HMHQQkKK->4?(0PCA0{tlfs zld++J$@@Z&jy1VlWdMJNr~|?-i@%zniE6!7zt{w>grh>&rWYcs9$y2esqrdwZDTh4 zpj?{xwt>16(ew%Qm~z-UKP^Z-oBR^Vfpmf48}S2m9BSk7jftheljwAE8qb4H&7N>3 z-1+ggv}C--nhiRgMA`c!qt9zBg7P~Ok@6v2iCA7_t;kEW)E+4sBX(S%-D z&%MWv|Dt#C55XIOaEh!Yd{a+urDr|abMZJT10H|w;xQqA=6vhU@+V$2IZGGz7(CXS ze8CL-!FAPFnY}9k_D(F%VEHu-=F7=w=NSky4+ev+fyttIx>eheA^e3am-DQwy$pW5mZ6ETNk7^~qp^)k}gg0Br6J24`-g;#Yh{A|Xc9*EyUyGAb`Hbr-IpAi;h z(1T^DU_p2G1eRa+5SCKl5InmC3;*uq-!T9B)Q|2gKkHn&OLp|1NB{Sezqfp> zXZ-!k&%8hUy(+^z{rv6Sr+G(_WH@=Brs^=FYvAvjI`jA^K68;P}^G+O~YfPe${-o$sRq`FAeI zFKmPVXT6&@Ni~S%*MC~Pci1J8fzj6IzL(#3?<@LTcsg+6Vb&MlrHc;**W( z_zP{wRQob&Ow8TUSKBxJ3Z7i%@Z|OE9rkhzndD=%coP2A+}eGNSxlq<_|_`~iDkDL7qzPw5Ej#QmHRcC^~E#}!*I%vmvJ$}!+QR%OM< zlOtN&_x3}taaQw~(|6rj9O$)a1@joqv+NP<9iB-n$$XYGFUk7T=oa~Xkp;}DJUJ)b zSE)O8L(DC*065Df&)6#IsZwkdZFL5_#l7!yv28KrJz9lb!*`0&wj5ni4lewA;Z?VE z9r_}N`KZpK`LcMO*Cy=F+ry1;VnLsLk2cT+z11aMhKVld$M%Zk90rIk6+NTN)4<}5 z-G-hLUAm)5rF29(O^B~M(PZI!qlst{MF%TC>hYOJlRx|tn#@b13HsSjlcVsNp~=Ft zqe*o)G%4}xMOO}$D^QMd661NFC-Paclu2iPW>jaL`G&6s_k+-v^RTBq@ds)azCZf1 zB*Ppt>C5`F(3iO%@$}`i6n!aOIg%Kv#iuW|PMYuu5_EFynfrZ5NHuNw4O_EAr}K*{ zjo#d5g-(y=bGpvVzlfL|ooQ<6Cs?PAo|LY9FS>IaGFp}7>Cy0VGkQbz{7ky@_tab@ zWOSS(qxco4Q{)uAawgrmIFs%~Z@g#SiHv5_ohN>gK~6p0iT#l7v^+UQPj#z1u`dbT z$>)Cq7b&`vd3(4KPR?3yqNhAPvmdyd(HlLX$yfX|$)q>a=<#8AGhJ`4&7?Q6NAHCm z3B8FQ;mya>n|FyG*wz$V=IKqB9^Xa(8NG?kI~#gj(G5NFvE@goBmP2D$NWo-4s~>9 zJMVZpvxU!H>CAp3JL}BX)9TgUPyaFx->fJ4@~Th2Kl<|J5uN9kqA%U`(AgQ*L!;15 zYoh5f)Q{Oi?!-`|Q}ksscGdWo_;9Vrob+T$47EQshH4;Bw)N)9pUAgV>?t2|bO$~p zK9l?t(d?{bP5RHrn{9`XHF&Zovi9%PDJdr}xXm5pejf$BqCHxE-S>P?eH3*28D$M$ zB;9Xp$L2)wx!C8>N!E5TuLwS&_8KMpM)X6BciPaG(tZ2j`55vSo#V}VQU)GeL|-3-KQaMZ-V^!y?BBmX^3^f?{gul)SX^3{%-480?6~mVIL|+bg zpXm8`hWVw_v;8dSSvTA0O6Ym*-$c)!C+NBD=JnTvURp~2RW!|UX?j;)XPPPp-xHet zONKc=`vKX%RXwEVe=K-^DWC74uX-Y%W8Nov9vaqJ|NJfVd~BAH&%^7;rxubE)q2bOt#2R9?JS!;rRUul z=KDd?b7K$bx%=qUbSXJ$uM;uEdHw^2-=<`W&5>B(r)hH6bT zk^fXYPhL#%d`kW^=cOsN4^1z#c5>n%u|2-E8`~f5Ze8ep zYB-|f$l)ozXC7KRZ3hQOwJwbh9wD}GCMP$JF?;7&@#(DjOedE%tIyt7+WKd`J*$6m zZD=hyi%#nh^-^Du6>%qRP4Sn;@F{}-Jp83r3)`l{~_($>pFi;#Cq#QJ>x40!R! zBEp04BwQqL1zp<6VTd-v16i9?s}U@4=p_2AMV~8IkxrjGfM5M7MyhXWH`iz6=CuPUxxQ}o!S|>sIh$O>ui=FP*09^r1u5&qnR4sM%6rN8 zdAUAUmUcS2&RHk^A#*!ZzVBK1yNi6p&hGLN3&90Cz_dxvNBo=mN1lQi=H~aOy!}P(XCY55*Ln80&)+0ZH#qWib31E~sw0<7 zjd^b}W%%!cRGHe@osE5tI+nAMsh9qjWh(OQnPuuYvhiMIY6H0FN~W~0Es--wlc{SM zuPYn1w6L=t=YF@u-iZ$?KeQ0vuqX0$$GrDPzQ$#kXD0bN8+&z5LcaR`P4ea1s~=&n zjBLF}du3#+4E}4zUvvG}Ze{Dw)I6MxZ2fQBt6n{jtqb3yY&`}px{|H#?A20avMbs8 z<|UnF>w~ga8}XfbB2T+N@&3ruf(&!}TjlBM8J@l3Oe#00^S|i-8F~8RGd-85Oa70^ z(?u=X_no*In^|5lFHUfJ_(Q=jkd z!P9=0XMv%s`$T4&^FvbCU$yqCHCXLqe!wDc#9C>Py|KCE1eG_sU+Zn;zO>(r+>z1Y z-k!3PPeUJaUd={nZDE~uua&c@K=dgjUqw#O)RNKGt#2{0Ec;^{Yw^=! zB|LZMsn1(fi$Y%ka+%4qgp>O*)Ayfj%z*o+UBBC_U&)j|*ZjMh`_s%_xbe*&oGZ8K z?5X>459a?I{L;nzH~aUlhnaK8H~$LeZ)lro4H`PnNt>_#{1lzNuJZvDYv@0nM-bqd z&PUR|KmTv~-NVlq!=HtTT(sWNKJ-#+$gxAX)RrRI>dt?8hPV$;2-jl9Df@7--7IKo#F1a)ZVgn@Jh)ARy@F;YSxDBwd_F} zi+{DhaXiSj}DkY5Wtl&Uqtah|S;am%J}=oAve&n}fv-JKkRN z(he)MOLH2*=RM@Z$zjgV1xHWww+|fe2fyC_q5GLjGrZN}+BThs5Td4GFZdk6euycweUQ9&F1fB9s}ResNr z;p~Y(#`9Ri`&p6oLfi6@Q}ThWjeOr2^4`Pxu0Pbyo`?gd?znTGmA5IET=BDg)*pIc zIC~=8d~ptWeaXFeU-i@`-^E%0vhVV~bN|IV`;dKd@~XGh-ZEpe(FMvIHVVg$I!<$Qo0R_-CubGeV6?CnaSXBM)dy=N^cxX5d01P{&N zp(ix`ypN`>;4DmBsXYwZ69#_l{m`}<+D_|&w$sUDcA_nGOQ-DtXqyLZn?2eBx7Gsu zwAH$fsh5XGQ)!#mu#P#II%;?>LECZAmbR)L-Aez`f!~52I-@~nqqIw>cV8d9H~8pn>WjdS|GcR1DD)Nclw7@e4SprI zr;59H*06W?QfMtZrT%BIud->d72m?S^KI0(uAgPSu!nnt+K~Z0+siYZ<){6?v-ONU znEQA(93JuS1J;_`mgSu9Mw_*#=1yMBo?*3-&d}N8YTL{mMGtV+#=3X%CYd=0U7Mz} zVysE_XZLdkkGn^|=0f~{Z(MEmU+au3`3JK7dq?P8$!YcvD^t&NFngf~I=XKEMM+)f z?Q8vE8oug#3t!3om^zCuhFnCD-}TyS3JyZdMQ7_tuC+JUJBRPF%Q)KC3IiRG4+oBIN24=+L9FeKN66W5d@y8T+3yjIDi@4xL@z z&I7-_(X0KyDYO#bNsleaKrfvy=RaTTjx_#`0%r_736E=`R}_A(;C`yn(5!;{tW--1 zUCbR2dcF-EwiuhLeZv*~z2B>E$=CNmiSLb)mx>Fl6UER$??-_Vy6zTTOW1=hnex+C z=g*n_*1&rypEL3GLr-(AK$5RF7k{P5;cH|vov*Df_}ar&pDu9a=kJ6)ADC*-qZQz+ z%7-&}y8^rUuy8ii!-3fYJ*a~FmRuZ8?Ju0rZXfmpoZMn?I6Corqru_$#CM}}DlX&v z0Q?DqLvZHdFvxu*k%g%^oTokU=vb|@%dgN{sbu6qpL{$6Kg%|+m3+)h%7^Zw8Z18T zp>Ods>MqPWyQwcgpSW@|41ZxN^SlnfqJ{CF#kaT)-(oAiMIm#SZ*dUcBH#EHMNd)jc4doSXA}IY*~y zkK+sa_>5<#xrf8-WfR{HLtfX4*Ia&=p76`<4>@NmJTY`S zi~Xh3p}BZ(w0N(oYu>vb-V@!L=O*bU{<{g9`SRr5`nIFRf6&vpPc4=I z9JR`~_551+EXF%6^AywOZJICM!;eYq*`RGk-kay+Jw6|$e!=kGe#aJw_v(cUbdbk? zpN0QY?Ehb;cFBJ~{D0kWm{rUN{ zkNA}Re11NauikvCqaUSf_Ca6im?l?8M#ZP-ofhP$+TEkBGrE5HU-0QN$DWTo!#?$| zL$4^bR~**r>Pn5-#uz`tuNby`l=0Q|ES+B$vro&KhInMOXGZb?2RB z=t}wO34TScb?1-tVHN)7aO~HT0jY6B z0cWLqe$p)0R>?=oqywH74?;_ihDQE>3J=2n^5@Se|IownlYH_IjDGpoxfI4<;(5Bi z6eYg$`%6EQ4uFQz0b}r&js^=-bb#MqN{`p&FSTQLMExP3uK^F99uPh}|3J9_;rv&XCWi0&3N<3CIgbT?Zsq=Jo*Wi(mHT4Mj+Pr{s z_SruCV4Xd9u*kAmTL9iX>h+y_Gyc=STL8Sh8b-l8d7R~3O8ZvUI!9rDM^%zbpdZy~ zG3U5)DC7|6BS781Gw1&>edNy+;0I)Cz0(Czgv7aGF$G%ffoEH zn>Z3V5RYE@Dfdna_jiwf{W(Le$0~0)`@GCHOlz{Ls~3lQ>uYx~&v*N!-ski&&R;C+ z4P1Gl_$6^Scjvp)X#o8nryu{F!Zp4-g|*km@V~pCWj5!^`1iBKR>PY&!TZR8_O)nD zOnY0J@XKQOLfY@rQOG&DKAa8$r+djC3l~kxxIYCsS&GbVm)xYqY_-VCdGO6zFY^7c&Sq2O&#-<8ALS-^Fa_Ra8Yhwe8;c7x^~OwM*kW_7o6GtXjG+-Cx= zV(@MZyaYMpb~|v0N8o$s%w2ask2yP^ShSfKHMUB3#DwCX6Q6VLVFS53Vug4UGGWg5 zoa6B1iZXnUQMAnu9@1GE5A@GIq%*0t9wHr5ix0PfH8Jx4DepDmzx~5x&cj9r>_=|2 zhVn)DX&XGFy+Y=!N@QvWdCU-N8)_#X!tC3@uY1Ln4f#DfKQ#i(PK=*x?)2n7=fU4` z+ep{wckk@iZ02rc2z;C*rb>|^7Z=MGxH9AIb;<*#-tb&Ma5)e>33)AI{NOByzI|%?%y8W`F`E#L%{q9d~y#kKaQ??3SG4a zJ@+K@KxSgMGOwHXeNAAhWTXJO7=t|-dm($HIJ00S_Y{5sz4`_Cwiog-629q!d~hBf zy0uTk>+q~}^7V#)`||mmhKp$v*$%I4G4^Ap?8lFPV&vzr-+nZ2VI9$LKlpy7_*(M2 z9h%+*FWwpgPVx~?hJc-zXHOEYc4JF&8k!%+&X!qIOZ!^!&jah{fweftu_a@RE&Eji zYp;ga46K2MAqLhyz}mNAEIi)JwIxTfC1a7dvB;Y@=drFWary|jee`PRZL+Xmn_p!j;pS)6RSDndaCdb8|4p4lS2%4) zcOAuEz3Tc-!s#Z)p93C8EgwGxy))=2xtg&9vfe&Qt|Y{{i6)QFn#lMX%kE1a|E?89 zQ!WMm*D9>|hlopm)%VUrZv@Xd)bG^YcSZtzHhrJp?&R4GBk)JiC66)3oy@f((Cb(h zKHuvTk+X$X{8e-SzMq+EB-r2ZSuEHOS?|?wyb(VgxqY=X6n`DPa2y_Z1Nt6cZN=Z< zJu9mZ@##4Y??NAwSFLbkKia$T>0y7ZOw(%WETA#^b5M-W_om@Uc<}R{@Pv=CTRN0; zqzB~yzs|$)&dQCUZ%*nQIP9_?*ZzLgMf=KCknEkjCruaackWU?$@uaE61t9e zrR(&r#*n_=ir(&StPajfzYF~8>}9RF$`3JTBLiz_3OXFwk`8|KRLA@fdMLb#b}P{f z(>Uvbd}%d4iPq)A*o6qT>JR9(?qHT43FB`RYt7l3V&4y}wHI=B|ro6B1YGsd! zr;p_;PI#8PwmSONhu1J}EplV--QjM}SkSh(&p`f+_pHy~zio0@uR|w|bLx|>u6FU& zm4DMxi0&&v_l-j5p_t8I zNBP&&wT`Ye^`-^rab!eyr0eW<`2q)^{~ql07ol-Ex?6ZzMr_hSTvE*4!@sZYJLr=rHbtl@xo3NEnCGF(#A7`+W$Y+Y3G@CtJ{hoVJ$3 zzcb0sGe4UO<>4-I-v`&Og44&O^ zf;z39_T%x)@!B9YxjCu#uRVh7uSN&lgf6(%a(I(=#nY5~<&J6SrTE9oJB8uHZ>o-k zHurjMR?!A|^tV~>w#fs|>eG3XjgDj9s#7J`Vti%tM&|B4t;>0}s*2q-Mix3~IXH_V zr%gMd=%U0#Ov8cpU(a``ZSoEs!yK> zZ!e)Y4}!z(@Yf-5h)#`dkxfe0fL${2q=8X6HRaRFpy9BP?65yKwjJF(ggzBNYCYk6 z;SpPRKF^5xP0VsvV+LJJ|0%kd?|HmybTK+OIvM?2mmIHEI_N&+j2u7*v3CJF_YU+% z`yq5QF~0It?M37O`0l_`(C{X;9)d-AE5!tyo3gt!NAUvjNdarEi#W5w)!o!knLC=j zcbnXIO^$%}t#>>6_84PJ-yQ=F@xn3q^$P<+-+C2VZ27oTt9aLJY87*=69xDYdbXD} zw?74_L;QQ|#0u!K1^pc1*{fSZaddus5BaXw$Zb9v2))>sd2Cq$-LAIg&&ioJd6P9| zlG@eMPQJB1$A}l@XTHumzvLbA1e2PTV*s8m^T3;u`slo8$3Ao zP=xT0@R8$*Ja91A$cJDGZ^vfBkBa+mgv&p(hc9q0 zXAUhR|3Xe9NN$6e=n1VyZslG~tGWce5p1|}QoL^Qhpb8K+262(yJrhoyIgcByiB_& zI#M~|2zo^IF}GuPn(t259sG>n_WSA%vWWXyHk$eGOr8yp*YKF|urYy$or?LovPYG| z13sNscc8OFBR8Ro7#IGtp93#hD@IKTF-NoZ$n*5I$6@$M2dk5{T4wFBw)5KKOzIDM z!LQe`9%<^p@te}u9<}b+iY`5hy(h+V=cPLEUJbV}uh!MTHGxyLaM3O=wgrj76*+;}u-SwoHvI?Z5> zQ$C+)A)1&vIrzUd1!kSokk@b{Fsq+d#usjlFHN6qz$>^daI(;YbQ`S1RQ0zZ!fX)%=)xfzUO!){s>*pf!SLTsoF8uhA|Y zwHHBjY#9ent@87rL(kvsW{#_nmvN~y6)i*8ALa85aG*UmTiA2+2=i7>xe1#vgZIiS zE!)FAah|!y6@6x4oCj>ud1~+By$qZegYzZeKL&hDfNv@A?I0e|c$JRNveVmZwhbE> zfwzjVvy1qXozwSWdma9`TKrK5%-HnFe0E|S=zP^FH9y99j{{$c$#ZP>@*FY6yfdz}AK;#@N7*)dcdtqYnOgS3mWa`h!>~}6Zof^L@KeA$k@*@`} z_LrG;1AH0zk4umd@x&JDCuSA1Hv?IZOtiR@jJaZec5tuV4r{Xg)XhuYt_&9b7Mna( zYqN$2_d9FEYuwuRHE!*@>~?>6SkEIvt@*`n?fV+H_MPvyh{xBsweNgyls;T@0WmFi z>gfGae4j8iiz(x{_2O&XdU3TIr1#uzrXN!;zQ(N==l4c4u3Imz_szJ} zi$|z0(f5qwy0yQ|+uRFd-kCzZ3AKhiGj+e6V0G&?y?5ZDM7`!3)oW7Eu6KEE-jC?6 zAnG(#uUSN$rhne7MZNeb>c9@41A1GF!5peKL9`-}A%zomgNtx@*m6oLW(DKHi$T z_Q|YSj^9aq-_`ni6o0b}`YH$Jhe3TVVjRgrkbW+n#J+NDS0;Q3-dx(~Ub$NAS$G2S zgPo6#LWdPnyF`9Mdo#8ErL`>o?+cN`PiSrT-Mq=lo%vx1qZ|C+J-PqKA9f-4*rjy2 zKREC0x~7s0aFt-Qt^zK8%LLax{N3?q3D+#(+Lo+o=MF-*Rxkrx+knfP&(-Pk@oJGX zymyc9z45$P=8k9dpI1Yl;l1^~_b%bR;^ccfi@iM}8Q!~z_oz8}VpvvEPZr;X?NSb( zKIG46-Cne-adX;}*w=RY5yu`?yLa6$rJpwT_51bR>*@LqJ-4cFs-8RK%P~9oN%uTQ z*7N-J(=mMRrj6(@;s^OW*Rytd1evkm{Uhk9O5%kh=qJgJ_%)k9<=J!i(_Re!y0~o8 zb;R6}ndn94S3OcOOmAWs?xRGHXJhZQ)>|zcFn9UlVfuhA z06YD8fFQofP{}p(RvuswH9(5J2lI?P0CqLU-n84~0gP`m41K#6-=-N{q~rngop((h z034}iqj@2IWQEBEm@!Q*fOZ|eT)+zXN%&dH>6knKxb|ZC6VyuxmNDq3dgTCU*N*=- zMm{F~n{o+yzr@X6e=)q% zz98ujD;_)VaeUzgJ&Q9BXiVm;`Kq3oe2ba0?)^H-oTOL9Kf(!XiuSl1)x3|LGM#zP zW?fO|?9FCfaV)vb3UZrKY{{`|%f6A^<`-6so$@L;cy%86Q2ew<``%&B+`NG^H_HOO zH{Hp6X7g+~xlL1dz`X8Yewvs3eRJlfd;olSM^?4(Ugv1`YWU+We8OqOo0D0$L^rep zr-?ZygX=14NjY;=p#BA`ndA|e&kg5n)hmW6xfAN!7luo*b^GWfITAEO}w1b@RSGp z-0ooy18>O7$MX5(KG-EsfmozUM4Sjn&;}bqoYrKY#F+3CA!VTr}FoMcAz2Q@9$I$(DxH(UI)6MPpWS9 zuLIS)`ASod!CjvIdPLRe$IAJGPvj>ym9Tb0&G?9H?xD_c*3_tD`BpQwevj+3Jc!RC z{o4+0^h|np6#Tr$^;vYk>OP(=#RuEt%UjB4*@MqggUk&l$GL=Dnc67klKxQJ7JQax z@mX@RtjVSxM)G6iD63)Naq4&B*%0rP!8gVSfp_Hte3x1?2iJ}t>;H@`-l>>k!4oOI zMRH$oVbZtQ>h25P`SGrCE}#7;y))zcL3ho~*fY02rT+5H^(m?miDJ)UtKr%0(0>*6 z2IMZXux*RSS-Zn?_-$2)yaqJc&K&O{CN;K-e4FH{D%+m-qqpiTa1k2A{lDa6kH4XeEe*7^2!?s*u2 z?Cu~x@gO|^Id~pF(VP__+jIx@Ir1C5Ho3s?x#7T!Z9WssKP0z2gc!op4PLH5_BG(f z;Tl6R{VK+ZK$~H}uf6Ue=1>T~jqb%c8Z+2eO^!z27xCSLWe4y+3%ohx2X=(B?J)hw zUcCdn$_)g0Ud8iIseTFD_g9{qF@`6{2!rzo_%^i#tI7G|D~6HN2)Zc>Jkxz`vjiLb zDcEYr)f87>XvU!x2Y99$4{MC#`T_P6kLwxj!LjDex`+9ku(QjQ^K$YM zSw-Xy_&yGpwTC+gJ2=9fr}SVBcFyddq94UXS=h)J&kJd?3t<@)W}XpnzP68bZv-5W%evQl_L~d%jLj@EXYX8S*Dx1k zc=PnVBb76b4`VLVnb&k+d>UHFmTE33FltUb{~ziRJQ&~Pvj^kd8R+82bs=$L0QzU7 zdnh+S_pi}Ug6=$jMfDHh;ie4zr_;Tk=#FlVU{}sa_pP1jeyd0KiX`19CFp)tX1cFT zqdVUp6<#K%(Y>Mzy7PRS52xSr;q+>6&g8E=c}k!2i&~qT$DFYP>2pqRdr)nwXgh%% z^%$L}kZ-@c%jIipT&MXNUciqqynvk*AItwU{LS;#z?v0;FZk_Cf*ZYVczXi>a!^3^l|Lm&)_nvOIj>gpEpm#&$ zigX5$YIB;=zsRWDypNH;LWdLwt6x0HJmeds=Za)=3VXr3d7+eAkI%U=l5-OGRZ?QgAnevLV! zBY7TC6nTunx5A6?qjP(%1Aoon==y&6^2}-GK>T^;H48kom9pl8PgHxatWl(K%fk7p~Ge<^E+?f5ujSO=6pRI0T@^sna+ zsf}={HBhxZO554AeNO%m_Ct2X^M?kDUg-IRKU69o9Q=dp>-FzUa6JcHPh&37MfVZE zo2bun>X#fp$@%R0Nqv#wMgAOumwQDAc{v!*Px{>4?){`sbU~+YyL7VL|BSy>?$E2< z+=-Oj{}IL3m^~oSL%ynf)(ASv&hI3q1JGSM$zWDlk5J=lMsOyXM`*oVAzU%paLH^9MI({@`IWy!tTwayxul z=++i3XTJU5EA912sXt)e5#}nM(V9*Z^V6QA7I4wZ91SkvpL~-~_wbt4aI^4A+Z4R= zegd!b7vX!Z@Jc)N-3hPspTH|)8oV;DV7WaFuZB<0fa53gGwXzUcrBqHjV?%@->1B| z&UVWNKRMy*sSk2L%aK#TFH45CCPGeh<)fS#6Cjr~3;Y!#|0a*l`uG~wxC7{0)!J|F zbFz-LhRwx1j|>6Fg-Ks~Dz%*95`2Ks^8NbSSMfc-zJ=my>`4aSPc+EJUy^+@wvq4O zr#3}vDXQ!9`+u_0S@?g_+adZg_7vT$oa`3f(R10y@AA2Z`HA)pF5Nw0^to-EY}!?J z7XMCXt?|+awLZlD0e;h-g2*0g>Z0MHxSkc^=SKHbPn}LKSp6zLXmY;vn??U4hKBB8 z-}1^Yu)pOE-jzH^Uw_G^&G%fncj6;Q-k-yN?`l7E7@jw_3ckJ`9X+!jwW*Age{txg z!qdSo*PvgA=Y%HtdHTXjP8xs7$qOkz0F2_tD)<{ZNOq#g!ARsJH(*WnzxyD2F^DTB zd+q)D_NiCldHP7`TliONpQip0JU{Qnp!lIWS_u>kpqAREK{@gZ@H)?bV+N3WspCn+i#-2kk4 z{3(}l2YHSx`trv@M{cv~kK7jEFRT6_{hmX=%GD~yXkBP2mUrRHZP@bjx13zkLgb%u zwVy}hv>LW@R0F6dH&5?JxbUd-qcN@8MQ4q5N|;^$iX`&*zum zBNv}PV4rqJ#{hWdT>b{uXM@kCyMcrD%7Zk=z(Fha;uyB7&Wg9(2ky22^LBotUw=*2 z_2580>tbR>54YNf^b?EZ`!9(7h zK1Y0lKDp{RxfyJS4-Wx@hh8cCH=sc|oPT-ltvc_0jUkw7=zlYK5pNf}G?U&fgr^?G zE`@2MdYGk_wHxL(HIW@1=YXqz{PnLV_i=bfWsco^6Mi}ElzUL!7BRfZc~AG@;?rk= zhu+}9!-4V$!b30v9(2AyPx-nuBc9zTTl2E#wp%0;LZ7wA>d8BZO;Gl|8e&&;8j(3-v2&1xe^d4)*IH`Ktx2e zRv|^pAqTHGwe!kb+p#kQf&!(jI`*xkDkLP}1*J|Q5i<-yi=~=}W3P-KrT)aS zu83W_8=1Ev)qBU`XCH|eJCNM0@o-k{1S@9f({fs@nP>9ZgQNAlZfx`u_e3_`a_qzV z*M{>~^L(N=4B|MYQq>FHB6)_x51y`{Np zdMrH~p3mj~HujV7Dpd!A88pMIkXns)sF8!hqH6YDVX}TBzmCvyq~`Ja;}Z=#%EQ>u_?;) zj#aJ(*-A0?I%IJPGNqW$j&H*47f`DwSxdt+@$Q2r{6{!q_F2b~H#=su^C;r0e2us5 zSJ!}-?>Sed%)S-$=-q;>9%--2Do3_l`7-q_#B=`r)fce_7-4QV{t|aRCA(MjpMa_T z)84(+TRnTL^=(WSzI*;oi8;@9`1w0SH)3OCBNjtbXl>?MQRI1^;ux#i=}$9rrgL!$BY82!b3IZ1@_r9=@8Mb5N5vff3Eh)-nt9UT0^*qk#4b_dSNY`>yi;C8 z=cFm-*YlE_3S*~3eSe|+Ho9r%apV%_D_)Y0QGaQlrIg?P@HFZi;ICp`t+VPpxH!ID zzE%Cc!}zbE-}CaV7i3#{kZ0k5-ewm#xk1lf{&P-7-kR)s zhLY)$>FjxMs$tNXaH?mx1>d$~iuL+(eDn%@wCWb$qHb|am9?k@zD+NPn6**0FAh!a zTZK$`YvN~66F(Mz;@y8WBV-MZgWmT1r^MO2TiQOEIy0@SYyYq2mM$Fkec3zVb_n_C z#*S$nU3dx)omKWUc^Tm|ga0!_k--Z~h|gKmek;UTMc6W(A)&otwa!^_3Hniex%PWS zo*~|X-#W|Wc=6T%bt1{N$WRmVH4ph(NFD-tve(qV-r?fghpfLN|92O1cQ-snhlJ0R z0_u`h&X{vGV?4kb`waFE>726z$D*6oYX1;*Y%|$E^cB|FzsqwP)8U)#y}Lgjx8Xp4 zc>IA?e{6a18P?dfuXhJ+FHd2O{c7fnjQJwQ{uXQONo>`-=y4x<|4!69ZtdOGKDWa5 zJjUIJT)z{I48DtAXy2~l_a2__Uxgjb8%JGjDbJ5@A3vV8cInT}_FP1{DF1wg8}xExNS78a{X`R&e%eRj(k>sKHY0l*_;1eA3Kbr}-!gA0>Dxvv+$&bW z#x~^gEn!UO01@%{&ks0ZF+74@}31D&I)@$@nt+lJ&DzW)Y! z6JLaj_5c}M2fkC7+u3t&)wFB>SYdmE;#+K88lGz&C3)YC9@*Q8 z6|kqJ&9gSyM7(b7kBKw#+m}dwpff)GRK4pyuRLO6xiz?fb-I1jOsnR7A7j3szlRy0 zzD?SM4n9cRTIeAD>fHBUY^H2Ha!vlm{Vr=UxsQ_e2irN9=muzv9XtfTwAawoQSjc8 zI_7hsVsp;7YUVdX55r%^NbGEKjShbgdTS}-b=X11BpucKa;D8+^Gtj>d30hb(Ms#U zQ?5Z4@Q>x!fFE&p1M;Cby8L>34pUi64uR{lfnjWDQ`p#4z29Z(+sk7y>Wj9r_7DQ6 zM%CJW$v!XJ?W2-Do}`Z{&Q&!GWyKv4;om${_MTt1?|6}J&wFr zP|xxrztxA|o-5`~hjU{E+3{!m^b{yje8eRzmX z>;4d%_AYd{s^WdE6U{6_B5+IGxz^{m9@)##@gyI(v)Ly~rlCSPv~4 zp+U&ASB<#y(sj^WJZluqjVy-R|CzdsOso_xvg<%*C_ZfHByKwp|9xce`@O^nGwc{a z^k}|bdjstFw>i(cYy)xgzJ@um`)KctpBC#uHj3!G7y9=?|EK8N+_O%Pr98R-KD%mY z`!+a8AC$vzVQI}q^)kxyUWGip`h`gKA@ao~q56(q>+VN~$a_u;-T%1oQLbCMR78AI z$p2#gue{zmI6ZV$Y-$MIVGI=o&=LBmmP}{=q@m?D_R#lmZ!h|#dx<{ozZ)5>CMN3P z`c-JTywrLj1)c9E_SZg*rNpM12d{@d*p*I~H&4Tp)YT20jG;5h^KK3qKvYnmPUnbU0a?j+C z7(=bba2LJV@>GZedyapWbF}b=_cZf&DP-IC$NuO@SWQ@_oAwxdLT;vh*#km{jQ?l z+vv9`Z1)?^izTs({(jRhMh3fg=gO{l`cdfF2@Za{rL~^!$&9m%{;^@t8eSey9bQ52s(AOkm(>ku!EbRPzLHk+MWvFK8$wKOHreTxNheQ?j z1)b2`zskh!dF`T4+4c6h_NI1*++^7`)<7LHoRI@;Usrgsk$rODIkJz>8TMSF%8`9^ zs~q@wrZ2k|M)eu!;G#6VSr1Mdz{ji;M8WIoh?yTef*r8qdb?jg9tFHt$a@LTJJKh? zY4E)}5--GuzZ``RPdak~cYWxv$>*G%$>-R)Q|Qk6m)|x|!8RLPjZJRE?s|RVc5Je_ zhy7j0J?4z$kJ*Fc*yK6XkLgSb<%*KXjN}48{``9E@DA+ot5$tS8+MpH@~UoYgR#Rs zlUauYP60MZ`2*Qv*=6sweg2wka6$Vj#y6g^^AMFf~M^_G2PvG+Q zK4fq?bISF^PKqhx^Uwq2u^U;`TtfaPgdI-Sg<`HvpYc8NZw2^SV*Ct`ktNM5yOEo@ z)ZZxnm!BvquwH0j{atk{GpUnX;`n5}o6r4bd~ztjC+9gn*~<82zW+rXg;(xU^rt!o z&7-AfTC0@L2;(nUE6Vr_;aY{YOGE_QIO;6}O#j$9LEAo?ri-p_R8BEtpth?aL2P+&u{2dPVAr4 zYY~hV^1StLOH~eu10n5T+X33i@Pw^{(RQ zr`SW>$bRSM2?ZP1alL{yGQBIDbZ&-A_X_Av9DJ$P_q^w3=(-Xd+w+_XZKCEEjr$_f~$GA$?tjK3Z`HiyBW3N zG9P6gRvvpt^>NhHh2S~!(Onha$uo5lA>}HWf4aB^!BF0HDzd5hW)*+6&dXfujf?ml zWuH^S1=NCLNAlR`Bs&sej7j#ay0r|7LH1}4{GG9}57`Iu(m&d3MCj-)i*pUmzsj!F zvt=;c-p<}R~XPi;B>+<0Uqwqm4w_(JTgp`Rx|`JY2a zPdFd0c$1o(9Qg6mu}Q$IK+i;|Kxufu)$WtRMs`L_a@x_@KnyFU=1l+MXe@lPudR{VqdDphR%|2 zch)hO11R>bl`U(?k6kYrL}yg*mRHLOH^U7~my^`k3?t6;gllTM0y~-nmu`_jAW2N?0bv9a$&^`>=iA;=- z@2Nt6l~1chmdl6*_Fy+Mu{n08Tr!Sth%gqnuVvu&GPuoW40<<-zmZK)zuxPI!7-oy zRI9mLyhk22_ef&H>ejPntNIyW>wP_=7;gzR7h1bMh+b@+0&e^^IOrM0?>xVsdkOw( z&q6tVf4;l#Fi01V7R1g#7vuQR1hKMfCsNdiCMMG-^u_*}eQL6Qjf_iv5&5(Io%{~h zH!~L3hR7FX<{J+0myy$G?kXW(*Pc@BH25{}yOH0YBbM%BT#8E+n{KE6Vr$&0o(R3{ z_lg4F;|we3y|p>-NjK7AyUo1cknOjXKDW~6T<6_x#YgnH9v|G8w#>e0^A7daLAX+T zYWnO3zV|)piLT|RBIu6ln-kDMe#zAjSAWucck)Vfrp@R~L0>{^J|pOi>g1L>XA6Ag zTe6qo%=H(!F2hH;c2N5M&Yx_3Pn6>OkOS#_#@?CwyzKnT6qW3GMW4s@6bZiNFkmUUu^fP*PWYgM~&>cEQG6)AF=XxI*bl)$>hDr~b@JDs{ zBiW@rYU7!E^Qg%LN7XP@hCkTch1|uF0mk;IcWgm@>A3`Wd7s-lgSte!zOO~~eV6)p zV%BFTK}&eE!NVJ^(JJryO?c$;r^NV+k7ed2s&kYrdW<*;y?ep*yVqWy72k)3LOT=V z;UDmAy`^TY&Wc@QsN>ivGFy>^HT-!|_r6L%bBdBl*^) zdDw@V{?lSn;&F#U)`*S`^HyGUtwfi zwd3RpbMTZ+b8-C=`%F~V8lT(H*@XXYaNd)ys1C_HKJR;f_lf zp|dNT{XTSPf|YZf2kk@9P`*^p9q(H78Q5#DXG|~Ge!<-J3|lr&M{b#CgzxG2Rgv}B z(Ar5mht^VG`HVFfF}1~0VhQ%K-0{TwIxFa4O~aH}l9(ud1Nyg6-xDh9bL~y-1kQ%w ze;GQuq||yW1l)3J{$CQ@q0*g02dvIo?e8KMN~H2)UjXJ(u4}kXG6z*0mW+-J^Lhtn z1enxMgDdrXRiVzI86g|4HPO_DUFE{%S~a=K8>xO^BwR0Z;MM|nv%%G_EyX`L-r_LhHwTbJn+m*myY=!Q)o;8y=bNq7b_hi-sYGs>Q8;j$^hww%6 z(PhYaBYstNEfvVP<;c10oa^7O$6tA4#;xG71iUM(vtqzDG_&b-7HfG{`%l2fwt@B< z-q6}{=-w$imohJ`VP2SA#kj~()s>$SOWkG>XEb#F{_*!WH!^RkXgD{PxD(v&;y-iU z1aX<>C$p*PJ|EsI2CH@Emyg!ieo%IF+p(jYz26U$Kd}98_WKhl$%_-iBpJVQVG;1K zta0>{-+me6OhS_y`9u6&1Y54!!N?idYGf?R+`^2DIiKv5>zBMSK_hr*ex`WMjR}4` zf#4*T9wYh&rgYmJ7 zcRc>9#p9oWTM_%74cFvQRO_d85wlJLOpV*bDv}dwBUR6*JV=f433=^L!z*~%QqwTj z)YQd^In91oXtyVG4?d&w%J&%`XqCqjMewqUT0zCy^!Wkxrna0o@h5#m(1ZEtiMQRQ zv-mvSL*MT@banmZ17`m3iEq%a?`z&8Sw^2&zsQL(1XnOmbztfo7K?u;;(sJxJA?88 z&`h!=SxaM^G>1dRc3IYVWUQe5+pP1BCS!GyJ!0KjSN6`fI!BW^H(#FmaJbxQorIt= z6Oa18zisjZ@Gj3IQ_~%JYbrtBuJ*|r_WKW72X^I6_fJsXCXFO-z%=p(y)?H-0<-39 zTZR?8NrsgVzy=SK;XkpyfNmHWUh2xP3lG{S;Dcn>oFR@}YyNv?fP9MH3H1FV-h22! zVn)eszqMdStb!U0t!cQjyU>+gXFe>vb7a?P_sZ_qJv{R7ACWu-$#2LbzYmWfzsnrB zuKc?C;FnKBUuYs5C_8P-9Wu4d+i5~9g8}43_NmV!D;u( z!uua&_4P-N-I49lKbL<&@^CNv&0Kqi{R^~baR;_n9tN81{bMUR$KX%nv-^8nS*ukp zTjz&(>HY}x35B8gO+K2>jSRlWy^IauzUF;PvDxxD>7q3qRoa{Ng}m6;zRP|g?k_`T z(&$qi{v(B6=JDKYbXxm}a_B_d*cHaFiq76Slhgi^(Q)c|!9jeIZ?SdUt_fG3jhJq* z#>^#jUQ}ND$Gm);2M?qCC$^PLpXR-HHSNUz==(0~5OHxSwd{_cQtkK+@L2jGy-|Kq zV@+Udu3(HwY)cLEWK&x_Td`=k?+E#cq+`?MAJ?y5dQ@w>JFvAI&?~J+t48PmybrQ% z%60Bz&DXVWJ?LmJF^blm6%SQakfV*T|4lgza1uUefs3t+4jqf2PpNeMoc5bN@^;Tj z$XmkQFNgp9$_VndAV}V#MW)_tQGcM=Tsey4*^k8@-lR5z z#}o236L%&qM;;!b&&|lnCgki1cipDM$hPSxa^n45IYK|L(vSL3UnBMtKk^&mM3M=J@>Go;RGoQP$GMFT*$S%#joE zY$Q2(GyslYPIh8nB_|{C(3J)G$T;IjARo^o6IUV=ZOnnXk%?~FyB(SMyW_y~%IJg6 zv#!1K%a30l@?`tLL$Lz&4g*V=uNfJeaN;u7ZSpzx9K&lDmxGJ?_tL_vFOo5GY|Q&6 z#_~NfmiP>|h^|pBm3Ie));RW5r~7Cm=s(9*5udS~Ru<{C-<{ct81$@NcxsrjV)UM2Ma$@_?_@k5{GIpaTAzgA2pTlA!F4STEVNxoVZ zTh3mf_$p{ZjL*7Pi)vjyZs=?G>C(3XTpAf;VioOP`f}Y4F0vmX`6JcB;OpY}y4CP> zG~K=3bKkW!Ufs6wIW2Zd0KZ*)g802bwJdjg`Fu+3O!#c`jyyRsp1d2rI5Pg}gk*PU{=C!i_zvub)>FYyeWr+CXzv0Y+S6N4I zRXw9)-@1{7Uop>!|2#67c$1niz8RQD{es0@um&3=9I20Z!M*>S_dfEW`$^tS@$TEe z&f^;g#va|p{1F(gU2lN*#{S$zT^KOrZz^=3>vD~Cv00ZOo;xM>@+@U`~o{zhy!$D80gzDn~vmxk(RJ8|U8WAipn z14n9xFYQ`gd32qb18Q%g)jmKy&>F5K=Sk!{g?x8akM5&g8xu#~;^3<9B5Cf@ah&(u z{DqtEc5{y}|0nuX1YJuR!+6FwDPn50*Br~OSJ=s%_)p`r^$Jm*U%>NM@@^Y3@s-4+ zsnd~1h;M8Xwr&aSu8&J@vtrY+bw(G%cCJNp+h+Rj^~`DA{K?9I{Oq%>)NyiV(Rt*G zLuW_cTzakc{ahZKzhcRpiu}7Do!4O9p)*m6;m=D8bv9$6)~$_g*81fC{Hg4ly*6U- z@T~<1p9T*-eg|GIKKA(sp8Rx~av_pM$#Y)&8_ciKq05w;s6^f>kTtD8%XXT+_S)+X z320{GIp{1Im%Jt>AzR}`H^B;J>YG~GbE4Y=qOdn469l=#+L5>aIB26Sd2w3}h!llVQ0wo5oi$%(Uec;wIQBd-g^ zuGyBITQ+)Y^1(f|5ZS+h`Y&ou$qBuXs$#70*{o9{*SfDhQaqEQpFlaMkJ+3(VQQ2y z4#Q$Om7#{tcI3?D48?1%|5n%VB7r={>FX<8_gAsMsm?u9BG0Vv8n{o-j3uwO zs4-$4K=N`4a*FI|O*?rb?G@Az#PQ)b(T2VxZ|3hT?k(movYf2r?-@MP{IOVaxi$DC zv`?<0-`nW_PCGtIsBhNDwD+ay>7$$feUqK*jhH>+vtpkm<}G7h5vO*9I-yR<|1IJT z^&^S#4V^jXg*7?(UUPm!Hs33JQs828zTlX~KkCee6g1Tu-#Ti>>MkHYW<6NGP%HAXUi%kwh{t-FW^&I3n#rz^ge>x{2O`ooQZuRu3{#K%!cI-JeCuU_&hlz#tJr1w# zsJ5-#(Hr+Y>CSVU{g}jms}5>DIl(xwz*X4iICv5K=#<;Y;yUTrP!l9e9cRowWC<9Qh%|z>o`{>4}X&+9@9E- zjs8;WC0TIu^IhS^zbIEN)3?rJ9d}KKuD$pEE5H44UH?&H)`zm^1-U+=034|me%{UR zX}!ke)*8md+Bh5N7UBpKdvR`%zIhzS{@i*!`+{4?m~&XW%ZSaY1vYuJ2WSoOF) z*veO#Pxo3=d9SE1!h6coD;`l?qO}X{PsyD9Q5A|^!Q9@G41!O{(G^=39Gi*^BuhLe;e9N%?{o$1hv|l^-`@@N6kb&mayoS~mn|)5H zzo4#y{YrJz3`D8rmj0SLT-w{LvtxH-Yqy(yOJQ>^kZR-n&%9{%FNIevVf@>@`_R`Ij@oM5DHgn#H5{5vTA>AVG( ze+k*%SvOyj3!H*_LPoe5}Ag=|($vR;ra6J6c)YsPrclXGZM&f(MS0di$na+N|Z4K9kw z99*>b`5N><`%qhnXLUWF>&W?{eM#)gstrYUE3w%%A@7*CICxCs8N&nlJBJ7UJmOX#ZfALLE6Krag28Qm2vb;hjzF7VLz`y;_+zMTWN)rPBjAupe& zdf=Ysf&0WraM6_hByn$#H`r43hW#;@y{E( zh@G3qdT|_?GIkIjrE|m;SEX)nd=&30$K%c|Uctt-VdHehU4-|<*M4f{Qcd|eb&1;F zW%f98Z#i+%bjB-RktEhrEG6IZ!4uenFnJm5ULuOjPXq6(ojF6ez{Kl+&O7pz@<}J! zhid)CXwI_=`>A@#+jIs6@=UDA-XQk&5IbSVQ`m82727wJc>=g%%iqS9Yp<@Mrzh`e zVm)lpVd5ZTgNXIoJ|sWGbqZgvI9N4vK`?*mgNZ+-W|R07Ta*)@a@_*V2tLY!w|l^? z0^F3Fdy?8w6Sw+k5ry8hqtILN=T_>6D;mf>OjBO>qp?XX_!?rx5Nnea4U;qNR)ekYqxibLlFezcWu)!v2;Y_yy`7GXQyGI>E~ z4)Y}ST=I2pEk^~hZN=N6*#5Son_Hlfay-nt4r(9c(b>82w{R`;j6JBnb0F-TXLhD? zUZ-Z}!*S#{c^mY*(;8fIIyQj6x=yUZR_LDed@gY&^0S3HhFhplZDTIhN?mTFQ=7Yj z@yV_v(GlfTbaq`5J&}DS?s$F)@2H*^IX%^lNmav?n5;e`^c5MrNn@OB{HpoRr_m4O zOW!W6y`K1n^>60m2P+u=cld^F9J(f;ZzbnANOx54vkbjlKz}+LOM4w_u|-MZI{BA7 z?=pVmjra`ulTAUU^`3CjU(G3NO0C&TnSUtvvW)qN3rlsAE}k=mr``un6nyHyM|Hb4 zj#aVs;I=Nzo*xH4_n9(mDn4&fH)9n}ba;eM8^bCcek+XbzO-oiuj78=LCV&CGpMoPRJ`>ksx>l|w^gc52+qzyVv5`7XHZ zu;#NSk8lHjHP#!m<9`Retf6mHH%;6dC!UToSF~Q67ON;khKuYPG|hd_{Vsc_?1v*%Ni?;lKH*W-*M!5ES^*g8>% zPWW>gChvj%EYV!u&22ynsI2iak!$~_m&x{J^WC-#jEz-P;KN!=V-J&0spNMJziaT{ zHD}-ZX6jnzjSUmY`{!-6pPvwG<~jTKxXinpPwBLsl4<*Trfqzt?SEz3F3YstPFuF$ zNOh)9)>-U+J{en{d2e>+y``D9IhnS=X`7m9`*fyl zQl{`M}pAbD|q#pzjv>t;;g+&C0;KSn!eK z5dXE_6moPGe{#@j7$2MNyFd7_ZBMul%qwCQzWW2&``{Ofo$0%OID4P>KNXwkyPwFp zKQC6|yZ`I#ec)TMknjHM+4~3eZPGzx)jPiZIrqoM27LGTREo7ww}|MJ)#-~Cw5{kgGD-~9)i`!;_k z#J=yl-oE6eCi*_`4`w{DZZrK{n+WIet~#^y>p+6nK>#k?NVZRV*6e0nF8C1!>NTh*j!!` z!^fNbN93Rn)^IKR_?@GCQ+TR!G-a&G-qRtweFO8mIJQ2)eZ>Rr{fo)LICF;__%DM) zGwXu+4t&K&dugkq?J+NW>?`X|9c81z=?Z{D+d4lSa2+=qoZ0|5wB7E5quBOC=J6wr ztNe=LdedWN`c>8heRt0;K%-qIjx55Ga)5oR8Zj}ev3EFP;!Y9_3 z-5Q`abwoQ64}e44B0n5(eQPv04FPaytMS2+-TLWha3TTvP1{92II>$Wjs~YS01j>E z_~Br;c8&(8AwZvK8#@fnnvTt*!Lb7D1Z^Ks+u-^s)kVl|tsf0eZ2%nF4*B57ZrwQ= zoUQ;kwEbcjoJhx#(cqK^(1$kF3wg&SyLH28aJmBE(AMFHgWbAf1UN=78v^VWZLK~y zvRgAogHs-0Cun=v2S;}6%+cU91i+!~9v>Xpt)kK3!~@{a_C+5Y*{wfNKjqhV*)8Vf z>~9FgLf9$Enz2i@XR`L~vs*l~2)OQjdAVK6%k6M- za#s_7_C|`$dDBg_EnrNt$98|ku_nfZuRGQ5t2h?+jOQNFjPnUZv-uj&Z!Z}>o(7v{ z32<@i$Ded*)|#c6fzP$Zb%fdwqi594x^eI~h`CLk)ay^Ue_McD2!EqD@c_M{?F}z{ z<*o21e?1zUhP>hap0+MO9Q?_`(cnY^;L!G69~}9U>e1lD1K`m1Egu~DlWC*DDG%q2 z%ghsKd(ei{Vu}8u5B}t%SvW1;`Hb<~)W;wrM)ouF4cb-@gR`b1JSv<3e5jAQ)dxrZ zWPtsBjy)KTPgejO+7|iX$e+A58XPNNT(s2;gA?ia>1c2w0dQ!$Xc(M(J6;?Oj#V(6 z&a|E5hl4-aIU1bW!r^de8|#B3f3kTrI1K^#(Dng!A?R;Le&kQqj|QhJ01j=3d~oDX z?i>w{6)-N^e&K^7f3hS1j{J#{=T;j|8rdffZfR@Cjf0Jz@JttQv0I!cK^)ApKl1kD z#KDUw{rE{^heuvFMM+HvRku8gVP!Shqg!kaKQCrqrs^S zfJ0k@56+YDr*t$pR)Aj8_7xu-*{wm=R7ceBNB|t#zTk(WTD8&Ov%; zM}-rBPir_f#|KAtYwu`q;sJ1IJJ$zCcI*42!6^?I7j35wgA?i4G8&xP064Ve4TE!U z$2UfUQy!q-wDteqV<#lf*sZ%qgVPY8-?aUk4^Aa=xNOfZgJmM}ceX7WcJQ_Au8G zlY8eZC2&=K{V!XNZm#0D9S2@+;z0A8`LAL^VoS5vS9_}3uv^rK9IS|39xLZwp&Ku9 zt$6Nhz!$6v^S$_4oZUr@#d2(79p`ScK2@taXlLEm&4K4lVeJPzwDtq8#M>pY2(XEB z+1rp4dvms83F|KQelG1FHqX=cIr?>@rthl{X|3(%ljxgxdc?k41Nx?|dRX6; z=1k)u)*%x&o@2>iPJL-hn{~S0@8sEo*3rwUeU5ajL;q^1i?g3y z+cCv`Hj;U^->RK#;67>K&a|K9-80>1yjx z>)dGPS@5;b=HJe{VfR_~HtSi=P+|RJ4EV0?0EdoNz2wH-&PA2DNNe{AO2x6x_* z1~>q>(0-Qdcid;o?Pq_-UJRWL=F$dV+^LwXRW(@+Ww9@_$4>Evxeu=FpXuBI|4i&v zTLfI+{D!s&ykLE&r4ITn1)d8_b*-Ow;F(Jz)>d8=L(k0F*3@kC-MBMjuW+r}*35jCXI=)r(O>Rs-%^+AJ&Z0=PlA72 zXY^~5Era2EJFa(S@H4gyTI5Kq1!H6Lc^28;Rbz$Bvs1X9?>^f#(zBcqj=n75*~{E# zcLhG%Qe(|C&o1NH8Sb;K!=DA;{u=93Hon9b(@>}So`9DMC(uQ1PU2kuAR zXB$R(_Hr98vHTeK+1p2YcCP&_^O>RlaB!%#pVj$`Lu)xxbM1tkLmREZ^7FBM7T=R^ z3db(m@c!nhT(@!EO|6P*P4&%%-PE65MGf#iVu~(uT3el5S2=rM_>NBJKJ9PqKV3X_ z_P^wtnkcOa&pX7v)T8$P6UockBhFqF%d&L6(RY2f=i03w*>BGC%bwrZLLJaS>SDTx zb%<{|FFWF_MLT;iZ*9z;pDi5D0f%@I`-fSZo|wnERokrCmb{65A zZhzPL`pY}n{>=W!Y<)}>wPD(yqZ+jW{_7m63TO~!PyV_5f6EH5+Dc8ETi5&Dm7HaY zZYkEY>vQZid2fBr?|QTKIZ1zg4z>2)`kbKt8^O`re~4>yHY9U#7mtU)Bf?%2+3O0< zUrQ1T*YKA!NLR(#OY6mLG+aA8xc<^pPat`D_i(QKeCWIG^IT{6`Cp{(XHS5>>peKT z^cB8)J^1MQ=f3ORo@*ChKKgT9euSub_3}gf@$=(6@a}T>Q3)S3H(AEtEmq#D5b{*P zUazJ6hd+HM!=LLsV|~-dpZh%H(RercuA4m9?s)C%n9X?*9G3!uKW*e!8ynUEk=rcJcr3;@6MBe^h>P9_CX1pR7LpTTfQ^z5E&p|1dU3 zwnufc1^m|;2a>m}d};4+LHn*Rq3@~#M&E0x+toM7*7J8AwY*FCznkw%&WCS1c+Nr& z&2y}4Ne-9rw}w5mYfpe@-#rfg_Wpj4{Lr`dkQ=c!9|Je>*jlE@j#@;&mtg{Q`6GG^S=KWsV>-7sadB&h` zkKmRw|6KVf@!8J|9@LFmUuAy7{NQjS=OQ8p;w|5mu=h7Q=M;GRo9pRMXIE!BYd zwPvq!cE4we`L3y9W!|ZnMEhJcwr0-7m}-R&v~ixF_6Yu%eMqX6e+M3}cfJSp0Q=Aj zR@^dY_b%&>M*RJHE4*@WVzmP5Z@p7kjoVs4kleM2( z_4L|TdWdyWea9;mg})yZ&E5l^iPNcT3x^KW9b3DJIQr3AzN@UYxje?HwMp4I@zL|~OaLZjNj+C@Jayt?@fC_`*)nbkMg%n`_qfyTPZoF z@r-Yh#&}Nqi``jUM82JN?1du-F8^(Rkb53%2z}5VW$)e%Q=5&Qs=-E?@4|pf5BS=6 zh1>Ts_pO^VEB5toI_F_VbNAc+gM*9fuhsuR)UGF=Zq7$NJ+ogUK@GWT$%)767Zls) zzN~|G-Mg)N?e#BrzTf`l#-p33aG!6W)~BGW=o7yI8Mui(NBLcUHFZVhYHVu#1_Pt8 z?1!@d%vHLdiPVecg6Go6mf=F`J;Sz~M|11fz4AFJ zKt8D_H+IUE&;2tLpJn$OX|GWeJXnl>83UfwFHl1|Gj&hXN6$ik_)rgs^7;x=aa#+g#7?6p88hVFg(Xv^&7^W9G*Mbm+Inq_^bdt zCs_4Y6=m@}A3k~M*~Zuv(}+)^t4q`AXJm0*dAfL2XLu!=$|e_`%J|u*s6ACZ*ztyG zhc;Z(hQ@K13}?f}CN+!Heu#4(zYKkG99z6I(&vggok{DeQEZec9x(PR*+& zM&kOOcR0s|d`g8?%2{pL5%k2^W@jIpe2s9BpYXQ#3K#6Hi%ZW#K3p0uwsFDso+vJ# zKMpP$yZUwe+)tm13pD;c|KL4c0fB8xF`5pRH-pHZ(u8P+#Jn25mPO{HOG){7~ z&Nz2fTr}>a`^-CDpU}12BU^uK`dsVw*-~-4Qzvv1veo_e@noye`28*5rhTZ20lsB^ z+wI>pzqPM8ul?^m?VCK$w|LsW;d%Z+Py2nI=bJsxG@9S+#RL8teh0-9?zu!eQp014 zG_>IRT7mK9{*TChXX8u7mWnI&EtH|C)meZoyb_%zcXzPO$z2zc+brzLkM*O6WosIr zF3T%4X9AVAT7whOS;0`8s=Z|LKkR=e?|w$?Zt8QSw{9G$xX*=44*XR2cOH5Y#x5vN zek=AMM7~sUoW4ga-Pd_=S|7O!zL|3yi4O{}6N-gp2R_e!jBfgAW&eAKb6#YRw4c(| z$L@`i(|e4}gjA1r>u`@w7;0ST*7_U9z`g8Q{(&)&Yk$Ttm2rtE#-TYVlB^ye7 z++Q3jjUATV3XjQ&FON`1(B8tCAJP1ytf6(bUlgf7veBw<|3swzy3ieuE)JEgI>Pst zk4z3#o3`qOZywp?-v3(m{tV}S=&o$rEVpfSw(SzPtv=f}+i4pYdGyE@tNuuI!O^}O zBArK&fj(p)&iE32k?Q2##5f;Ds?$S}>hAFT>Yk$c)xGyc>g6L#T)XSUL^EyX>E+^U-t9cj>Pyh;>($ID7dEjJ$n#V@Yi7T5D%vJW_q@Dc0=5mPqw9 z&aZpRDq8gt@xPsKpBZ}<8QzCaJ0BU^Py03G;fot*#)?9GKd?aad(PS5TZ}_vEprCm zP_cE#5}qrZ6RFpC0oA?)A6a;Lq+Y&oXo7P;5~)|tW$0ArdO@UKb20hDBIeNhE;qQC zc|YgY4ibeO&d<5$7uaLg`R^gdqnxNY`-gKU zIJ+{&eC)BUoSz^%r80D~zs2Oz$(_F#{}?SWdFdo`y439XgG(9z9sL${6P!)@`~2AC z4UwaBH&{o@^78tg9U5AczIuM=vITs53!NIE4?X99Cdo6&y1dSuIhxat@Um@1F7MoP zgS04VR`!L{Zt!$uJP%q(ZgehG4RN8)@yHpw^ISfB zpNd>EZ#HsCtwT$5WM*tVFttzIl}jV94KrCg;CryNyK=ePk;~nVT;@A+sdmX_z9W~r z9l6YRP<1{y zhQLv0W`!k##Pv@hgW99t09_gj`OYTu_C%GQpI^=ScGa%^UH>3{0DD}ax{faPjRGq< zM4sO4Pa79|mi=|gyX6Dl%wH8Vev5M%h-Y^E9X22PJ72Ms6E{}jC+hGM5&VSk)f~V7 z2xpv-V_<%&{GB=HEXABZiXB%TVS(aGuC>S6%rSZ1#Ff};ix^YB*30X44v*K3z+*S> z>V3!9z$o9KLLR#kj_r#^s{h)N$AKo>-d)Qa;JqfFz1vn0>#1|?o$X(LbB=Y!(5ksd zi{O`Rlx!R|)-Aor65lEx?1f%9d1K?QrF}X!?mTSVG;EywvSd|usTlbw3l(MfUjn@8 z*rgKq?|)D9lzo?NdhK-h&vz*Lt3t6JzBl3Z{eGLITv43o{)%tSZJlVnp!0U6KT+|O zIoCYqewrT|U0@z3UD&{VonxTBWM|9B$yA<3&I;L_r}^PWtwqaM)aJ|&ZyBTSwuk?9 zy@6TKr@0JsPU?2;IcFU(#T(hxZe&z&w*WUu+|yv-T74_|eJk_Meat&0Z(0lG-t#(N zI*$Cha{J2%h#T0Kq4>6fZy;5ieU2SBAZI~wgU-y#^TrKaUx%Fa!`ozrxAu98AC9+q zt9S|BFfwS%l5MB2M5m(gt`3}|$Y2nR-;A?i3;=GSYSidnpU z^f2CT&v>8Ec%2%2#(S{hhjUJPyr+yX-n)xOAFs{_)j8iT?N|G8`GSKBxx_%)Kjou6 z*L{bBX+JrCbX-JhudF|jXFneg7ZZ~gId;P4)88{**}})n--7l>`5WWEWHi2!xENdT zzvDc!F)}!0$Kjh)qfhqg0Gtuq!C42s3XS>d2Vt$db^@e%Q#Mn>o z&(WJ*nS4ifeqr{j;P*_vLu(Z|c7p2&vg+7^gYrjSdMoY_Zv$fvhbO|x(Pe|v)8Mox ztINA8-nRU6p5x*)c@&&mh0fMxue{;V*)Z z(W@d`uX^9Iee6uvzlKZg?=7*u@m_db&i9u3tH#CBsR@o==iBp%5?ikehzYxktjh{k z*VOO6oV60p7L3oxgZIN@p8qVd9vk>gG4__+bl4j==i71fq?-ElZH4s%Z!%xzx%7); zJvP~S=C-Tq)2s69YZbqPS2BZ_?HlG6*mxNk2#>Sl_8B#UQS@>FF>4bsYZRGSjDPp~ zhyh^r({J**Vo#rTJfB>(pgy^&IM)w2u#JvJX6DAc&OO(LJtSIV!*8UKULE%ZV!nwv9~pfo;&6`{}0P z^ez{j=|7q2-=?#n@7}RCealXOzQE|GpJdZ;`sVmo2WB8$oqO^7Y#F{xbiFS!xXY$% zhNk~zdR{a-JumqGDLs?_HZnbRURnt<=3T##3{K5=WH4ggu}5qD)67~|&U_~yy;EFS z3Efh5?UjkARNrpvsqGuPnPcogPoLuX9;>umC??rv~uMYcHH8I!zjq%vOVuuFJ z$PH_~@k@gButRcFS~9ZzE1lojJ-McSF7aM^)!ZL;KY}eJztGP+>AvB*`C*}+yPM~* ziSzP0yPF)l2)@Y-zP7&J?X`Ib3g(^J+R%P1wep^E*>7`s}0A zN1z@%_gwq9K>WZyI_Hm{`dRE_4FQ(>&yDx4#W#8D&4%V$ond6K3i^lfKWp=mLHv)I zXCn)m6YH#Ja*v&yLD{)=0`+^uUy5xEUc@$Td^mwvWij_s$oOvluHbJC>-@=Z-hn5N zt$T2pmAA2blf}8t`R3fWr7M>HkU4v&{;t%%|COWb^OkB73Xd1 zIq-IK+amV%2N6Y%9jxPbn@NyPFKFY?*`J@t)oEq-lTr%$NV=jK&h<tQ zrIEp>1MH{teLuS3&3Eg(ebIYci9_$(tvlx9uk_u6VKg7g+o^9qZ;jYA*ZkFu7v1>K zd~1NY*CdDb+Nt^o2c@g4C?Ju_H zXv;)j`c}=b{>G`&OO=2Rq$r1%OBM}V5ioIKh!#WD}X-(QTu$z!{fxGNtt>BeGed& z3e~3%gsZ#zLiIhr30L>N6|O#%3RfTQ4Obs|KUD92(^%h5(0&kVtX?QL=YxHcI9Kud zT^*M+9o_8y*4eWCT}#=J^ZBQ&H2Pa|RQOiDgss>wEg<*Z00Zzy45fwEA!= zT7BfLXm#IjqSbF7h*o#s6sqsOps;<1Ro_t-vi|m!3F{x(Zp*74s0+pVS^H0MW@9$T8a6R&d=~vv zKcMqkQ{?W_y^;FvK57%*jnw!4K2m?^{Yd@c4_T*(GN-=U$%#hovmbNv{!yzwz0s=f zUTD?#JYiM$Zn3HlZL_KmKV?-Pxyh=RJbdt58NPka6cqhU; z5#EXLPNe>8j@)GIr;(Lx{Xt=Er1~vl$8G5O)7aMdGZx>#Vs3%mH2HG;uI#6BQ%@A) zyUA&$pP^Qd_e`FZ8Y1Oc6X@jn)mF@&b6%WTLpU29)N=`*Ti-z59Y0;X=c3G70tHH^ zDi3Skzu&nZx;S%xtnQPSHTPSb`;FQ6aTA$!0L^`$rpD$ld4>;%w)~HIp~TLq2eq}Gw^WDSkFh>K%w%q?#rC)z+xR50yzGON9vnvNV@4%_x1Cl8-# zv%ibtjZ2KqH~8lUHjF@f;KJG{*+c)uZ~S6QkpAzr^?&CS>3{ZnDT&e$vJs*_Dl};L z3;mV*gf|EG5hJ-l|{wYvcMNQGn3 zko8zIcBH#>{$S5|{$ooMmoN_OOAj_e>wMzDR$%LQC4akD(T?6Va7M9m0Y7dg7r;J+ z5d1N<567IdKNe=@!7bX;mB|IH^38*}z5<>(^I+!IPA*`tqi^J&^bH={Z`y5Bt^5PX z%Nx6`$$dYC7E_=_b7WR#z2O}2R8FWE-MNaILDl^&r|z%UvNobS1Dt2OC>aIcx!A?! z*h1_g_J_UYpTzGJneXJJ=u>rOf3*(W=AygUf^KYBukx46iFwJTLa%yquJw{*`6sO( zq>JW{rfUcHQIFyBGeFl49!J*>7LTrL$i#oEuCbZr!#<*Xk#&&kI>3hxiy ziOp)nH(--{7K_Hj3iy0;R%#tK6C2!nGkm(!8ho1dm_s*NgFCTzhw+>3*pC_Hu@+mU zee2+>&T&0Lou2$hI$TQ3p_)dk-Q{mjJax>$($JK83Yg@E=>Y@Hg19M|frv{cMI_Pw;&Vr_RFlPb+=( z&jt7y>M1^vW)EV1Eo+DH%jA{tNs86CIkn{lE6DR(p##)9960ybh6fv&J1QoZoP6^S zLz`7Y+ko9_gwN}=2IuIQH-2Ugd2rM@q!UXIBBv&XcIJ{F)wuAp}OM zdeH3mll0xB6f{m^6SW6gdj)>PcTcG+e!+Zy#Hy(m{3%8b^ZQi4*t^%NPhey09B!@* zUI`ENYyz92_j~secVJJ7khNFyZCLjkSjBeDC_L_c6?l$JWaUjYk;Uy71CRCbSQ?%h zc(1zfrT}k#XZ}RVu8r3rY+mnjzFRU3R&jfo@M6AYU@VVx9>VVR77MTQezxCxdM9({OM1%7!z+4VY@mDZ4KUcpisjF;oVNzGwVDMpG zQoqLv4t=o>x_`y8A5Jgv_7&>9k~&Tof6>Q_e=~h)-lw%sjl&(owWnssu%9)XeT+f! zr!gotES#8E{|f6GTBCQ?5KJtyc^&eG-3n>#o&63KN6)b3ttwdFGzZD4tXXK$ml~1LaPjwf6Mb$4 zFOA>m+ZQTNy3ZdUuTRF9W~}ZwKdEtgb^LbwjDW;R(EQos^r_l7)oHkWe$3yeYgbO9 z&z9r#c|CHVoX2(iy_Wyi@c(MlmfwCQe;1hF;r1G*EyCY<{FfgIvO}^#%YPkggA({; z*Z!=m7;b;G{wH1iDZaO)9NWPf=6cpJUm^BiX4WwCbJj48jPL2NDEyV5o#|{r&Z_6i@i$z5{!Zm@ke!i@`Sh=b+ZfKrH}=K-{>FY|W3u1h zNYqhdcPv`XJiGnA0_zj3`@FvIY-&S~g$Kyfq9eD?dFzMP9b2iPNG|7DiyRi$dzecN zk^gVx?*eqn%?Db}{;Ipz5RcOC#+b?F#7QeE=h$_g`9_Cw=LL2gsqcYkt|+`xtDrga z#2##z=9T*PrXBAzyfF@Y!5m^&n>EYqv)PUfacfAWpUMFk-PmixRSj8kp*2{_Sm%XG z`@TpW@4P>T2bL1w945{?LX20sV&$B*os1P*J0mpaz}iq~;5u@3i$f)SUF6-bH{%@J zw^Z{;VqJHv>G0V0d5rf0?x&f5nmH-s?Ony3w2nC`@!S#OJmn)@dc+mi664N*CTkeW zPVzT13ar;lSFAEPG=4C&XxRrt&!?i$;znpv7U|e#l^jUXubFrKal?b;nKtU1w)$pR ztLhW^&Q$2{-`}h`+nz#eHhIdy4~OnExt4EW8)aY9cSZ)s)1Pc!f}BVaoaQ`a*B7cj z+=Y{19RC5V6fpG8E#z$qh~I^`&T%p{j&g65@opowHasGS&921WlZ&MewxEx7pha=;QGBiM-MKswj%mjG>wAxGp33v-S++0K`x}m3vuR)c z*E=weHTX93j&~M^s@-uVku~K;w$cBL(d6wC&e50`;a%!mo%y18 z7l$Y3OBaAMm*1-SXJ2y1cx+Le9E5(4HNV+E!tWA(2iY6%{OY1#4!1k*{K}1Q2Aui% zPUa}}G{>^9Hoxy1`0)pr zi(If`*_>}ckB1As{^*5y*7I+LsM8{cxPGj4**gB=JbgZ>#Eq|++ zo4geo*VjaS=D%Y*W`)LXd>4M*j-E^?v|jHIPdM=GA6p)rX^q=h78>7|B$hC|#0DLf zPBX3~^iGijNQcL_yZoIAUk@YOhIh!+A#C3v>{A@Q4_hVViN^8XSd%OIB)mz&XUS&@ z8zUQR^Z}jLo)j0R=G><{@@jG#yz>hAYj~wSdaj4?05#bZxj&y$~G29Al zspjdjb7^=ZT5HZ`(>l`O(&deNunp27#_NvV9q(S~LtegGvepfscH<9c+VSA7x>5S? zJ{GQ)eARxm`SB2aX6K3?`Vdc#gnu0VCc>w*N2$ZqU)iKNs>w9%dF@lpZ+pL0CBH}1 z&AoPQ_qD$mK{xkCs?UO-TJtygv#6avJ8ahchwrDBKK?u3=+hd*wgT22ZXiG7%bl%* zKGf;fd-G;4t?z=?CU1u9>D?ao|Jr$_iq&mS-b{O~wI^0NIN5UTMRskM3&+&MV*~1d zXZBnpo89b9Zc~oHM1g7lKNHzIjS@=r?qbrgE%+@%?;fg)m#5M0-q*F2LHj~lX#_nhF^Q_`uyqGpZE6W z*5}8g)WN5y(chL^qkr>9>>8To(0QI!Wac;1(C1#{(XG*!omD<2g@5iv|J}UI1Dy4+ z0$rJB758Zkyu`^Zss3I*^M2K&f6p2`G%ZWpkNasmp~TKfObe!M@_WAZC9d0`t;Ukf zjK!%*FSW-a`5+fW4#-`5vTL0WKVsGQ*RdC%Dz`pbvZ)-W?1Q_$5a+p@*q7JH7?RIn zFR=Tre1yyx?7R|rm0cAPXMZquF-Sg=&-uo{^;bt2!*84#p^?TAH14@hJ$UkwNPY76 zdG!N*)YF51GCI7TUNN3*kR1oxbW!|us_OXQ@kjV;?8ipN{D?J}+=Omy=09_Zxsu0? z5!&$&o3Q_zvB$O?p8B^KMejc&k74Kg=hX4|zkeQ|rhOU6W2!i(R=q!E#d@hxwCmT4 zOr5J_PrUKkkT}o1i|turYEaojmVsmMA#>w?GtRI*PW6|}JZH>wZ<-XR> zD@;r~hB;!mefs5*H|K?lS5;ygW%qaEQ?AFSu^Bd-5;A+Hw$l++$GV;U*1nFM-1m3XD>d;?YGY}_kA0i*KW%v%q$?$dL%HQ0wQ zeESAy4lLPvt%X8&&IFwmdkA`;&pTdRdalmma+o!tK78BTHxMskPlflm33(fzDX<2g zVc*-TJr~Em5{h&_OpV81ynWA`V^_>PDj$|KF^qi6*!Ee!gQtw?QQE`sBOiXaIw-sB zox5vIRWUO*`Ji$y-?}HqXYZ=$Kg;$j_+rN&lV2e zzO~m*bJd`EVVrrG)@^?UEd5PF!=LgyPJE*I9$zT?T8Mqk_4hAUMko9@! zrq-cKSFBjQ%7H09J)l_RMPz1HR%XWgWrnje&3fdlV3|q2==0-TucJOlbWUdI?9}?6 zmW@Tay!+$Ad@CWm_!rtU|Mq=WeV<~ICSsCka7?1ycP1v`xsM;SV-m$9$sc6L^4q(S ze`l@BtS_zpm_3#mBaGz-zOit9!w6%UJYn>)1djg{`<>)QVvuJnKlCLpYze4>wan&g6QbRcCyJqxF|o<#yAwiZ8LvM+P9j&MeSRh_HUcN;r1u^ zJ5p@-@*BX|h}|K6abvq)XTRSDVmo&|s$`RVb#}j>of~BTG3V9F_ufiu9Ivv_QR1~5 z?73R<2`lD4_aEfQxA9yUT5ZEGc)y>somjg0=^0v+;;b(Fyy0y+2aL9-p-+nXEx~kQ zX-!eEe+SGIvM-q1f!R!Mku@Z97JnOSt!>5Um@|z%Fb~$zwh5TRB?#tgz^r2bb`Z>0 zz^Uz_Gjm|>6`r)M5uV@@1oJuJ$+%I{^Rjrwg$kY zZINKYvmiVlI37LwKjz2tU>$Aq1d|%?Aedi09-i+7;7Qy0f>|0o_QisU-UZPU9<{W6 z=e!&|;ZaK+ZK@Zl;`?SncwTorJbx8{CvBEsk{=3!dFk_(Po`vow!jR3P0n4`-4t^k>*Z4WS0)Qkq<`JZc#1M^=3VAA#-!8|>f?+IXz z%J-iH@SV2Jf=S*u2+yAgrlXr)yQJ@lnA(XIwoQ*?b3)YgRK(}R%CS@0Sn6^zUj**|oe)GLkU`9u?U-_5k$cKST+ouJSZyW@{Y&ssy-_9Kl zleTJuC%g>6^DDrtbMW-ieLM4nm$BW=T~#^$06g&-Rk108DP9J^{5&v&K3eK{rj$MmFS$=&gGF3FOw1UcZ0Q>wHXk=SeB?U~bLlt1o`w&s2($#Y#e>~GnAMSnaUuxjG*7+v-;A+W%eO}jAo!2$Tu7TRhJV4*iwl zec$EP_ptW+*UrrOex`YzHq{HceZ=WwEB;2ZwvMwsYA)bBA8f>v^r7#r8#oO!V@qj+ z$Gg07Rz7_+x6aIbciq6}T6Kw^_Vn>8ee7|*1G+@xD7WX-IpgRWWgPK2MxEJ_w&!3ueXzDNUt7_d#3O)5ksZk#No{$b(ijFMnbnee9~Z-?o)GeRPe|M?9bp+J5Ni<6`k6%k!3s z@5~rJj;>Mo5f9)8ZCgBjoZ;aIJl|DuhMl9&8HaVz$UHB0>G1 zm#Nux$#5OCM$y4?pAK>@9W3$mvCh-S5`E|Q?0|7Jj53bafN{{)PrZbz=PT)BPoZtE z_Nb4i3x@N<8inWO0X(Pem!3X8qj6+)@LJU@kXJRqd{l>+9 zrQDvA5A*wtZHkfNmtBg0QpGxkczj^GrIWZ1! z`|D_{7fi)X0WiNSm`?5@0Oqdd+b8*9?y940nZc8|DFEg-fmxM}sdIckF?CDxiU~O| ziD_EuXuAQJCT;PYQgPT>10OIXv$eCL3iyK3S7<%ah+x4Pf4VE<8?xtYFq zp>JL2n-^u&jnz^&rd+@3jt|{<{O^&x|5I{iPOkn}0r`3D-=9wY+IwC?O+~{S-v<|a zJ;6S6z^wt$*pnWZ?|NWH@H5IAyKAg&KJEePm%Qf#XkQBF$`2OuEs3YB!i_`a*7vtE zuBXwj;?UGsG3zR-1KP>;bgrj!eS{jK>po_2-fPK$^Fm`DT+Dj@Gpy~azU522tGZ9s zxtN&Jx+GJll35oak1O03^9_avCa_nk+=@-3PG)hwHL#O4FYTE*#GFa{WrSafb(@}P z)N+s~yqa-Mqt;IKiTeJ-v+!>11Z$v)dV&Jt)V79Cm|D(O^8T;Dr(27y*R>Bx-{H3R z9u>B?@?A{-IlbNRw}<@eA!75z<<`J9YFL()Tdz~UaG;lOHS}8dK03`R+ITH(SF$!R z^;D~RH?>m5)O_VbKmBg*TL1VM`d!S~gO=9G%2>A}?{4os9>dyBe*3>6za#bCOYU9$ zA7<{THN)3fd%MmmIKUZW2ZRf?@CUXXYkF|G1s)aF>sL{ucJ3Kg^%mA9nV;~Dpvd4` z)cG&%+VFUYu@A9VC=Ne_hj7?U-|iUI$GlKsUkW}c7aT&4vvo!`e{BAJVnqJgYg8re z(}Al!x*Fd(8lTajlJ+XouA0dF_A^ZTz3?Ef{bQzm4Yd>0514jrGPZPxIwQ%5ejnp^ z(7KmoeyT_2-8HXkJhCsDcjbL0=TmskzlkG9^WZP*jON^%B=T&EU+KPd zhqDFQGr=Ceu=RpDUm4$F=0V7p_8T<7=k4ri>}Ks}8#1PIaJD*f)_{Da;o~ba$R#(7 z=ll}RBBeI7;PS|u@(ojE_vlCT4)fpWcG#x5#xGu&+E||P-ZTB9PwVKviT>SZz0U~l zl5?@A4HdD+M>DO!2O{!K|=REXc3$)i){OpD|qJ?;N zS|h#_8p~d*mhm<8SZlX!>;vz)fisEtyB)af+vXcA>mTf%&7KUaVB@Q_^`H~->2Y|e z^R3NUC%{x~fXgeLN0DSbz6`vy_k0U`JffU^GQ{5}xxSQV#lL+13n$f}#jydhW98>* zZG2knk6$I$Kt7yx<`y@OSw{{_-{31?z9yfNhh0o@{lBQA>Bcq`Okk|YTLEV*O~se4 z*Yk6^_STYdy^`nmXb&2)r}0R}gpcx9wyfCoY}m_#ZOD^bSMADE#tww-=VUi8LLa4< z(&eeD2Sj(JE9aYbTgS`PPTZpB#+qkjbBTw|Z?)&O7xH@~y`JThN3CVM=V!;U-(G(f zAD?^e%By|eQ1-lx1hiLwZRWeKQ*~~{;EpeG?sT}|K$}&F?<(jkrQS%s=rDZjVeQ~t z#}`o(v8acB&c)xXt+fWKcuuu;s$)DC-jpG~4YHrep!!K67dDOV>5y%#)3}kP1iTX; zwO3TW!uT!TTYEb&Wf#N;uiwIs*VS6DSJcXHt?7`z(z~*&IdcL%Nylcm^xuyk_S#!Rf6iRk zsv7l(HLwuB*os}U8cvJNl^#HwN^C(H=QY%#KU4A}oydNtaB+363t6@r#@c5@I%C2X z9&A32Ei7AY4OC$N7enU*@XoyBwcnhTB05iX=&X7R+3xr(tFu<;TQr;z`v^FuXMq#@ zanj)0X!suLYXw*3b#NfV+?dDre_oDG`an53)y}p_HQ=MJCjM`)MSH?G7hS7n!ir3zs2pvx388@c%ejjIH0KYf* z_5{+m3RUBJ!BAqx55V z5Vd`_3->Elt=VeP>OX>a%c zCGKs&qpZ&S|7T|MN>H%iTd^h~phUD{eSuWF3<-*Wt+uf1?%HkwK?z2ywEx}8YMX=r z3elFa-O|Nw2_V{xwWU<6Y`Z0ZVlmr_Wq;e+yd%0=?9r6&sot%Dm-|)N$FfsqBe%9=bKgYHmUL+k zHBNR=M?ufajxQz`M)dV^-JLJyGM1Oma4eSY7yHKop8R8xZLG0G_&n`c(Cwuf3%Vyb zmL&3ZDt4{LA{}bR0)P3(@`}OB&{zf-%iz#h;DuAoiycd;oo{6Le&mqmd#lIC?c!r> z3GwmU%0t9%(EXvgKTRK})uA4ZNbcUQ_Mx3m@VVH0CpL@R{VTqUc5n6W|2dzx`0jty zyFZUl<&E6Pr zvfGxx+kPGV6z#lngFDaIf*Wc@ujuF%^m%~y4me|DpWwT{k0s2Ty|)Lx-wN&Noi*sw zCy^Vh_iS8)+*nK7%JH&tLpkX=p`4aA@SNn$TBl%xeRjJOX|Zrx``~6D3^(xo=QE!8 z*w6ps8yeSi#R<&w(1ga-lx63kHxEn)#3tPn;5)SY4Y&G{rCJj zWor685YPv0<+VY^%C~s zAVZ981)rju2fMJhda$<&&q>pvYKKi@Kb56J{cb|0aDLm)@}{w|VsdM@LZ`y3{)ump zw>vd9CKMf9_#r2DEHb9!Zekg;$#K1#dCkYZ=*6b$2ZlF+Mfr`rQJcvW^yN$k9@r3<<01g6VG0?Wpkx7rlXYqUs2a`!MmT|5Dhsk2b{CwFVnvn zUubOXJAAkNqOmW5KkPk?eF=K*DD?DocqPu*7clmPj9v3!f8WCI$3g`y&!S`BjEwDg zCNy>f`&Z2wn-(A9C*ec+l-S7=i`jR0obkB#uQvMK-oKdp!iVxJ3xo^eMEj}p@g{H- zhsO3lviFhA%FmRpDuK89(R=bWl*{}j<+bALB#_5l*wC_{yYb)H!^+%82kqD_?ETnZ z$}d&k=rqn_5Zs~%;qs`5%L0STB5+yM@g}&efA`T1H3pXjaZ3-DUhEtb&l^Wd8KO_Hg33UiG4(azgbapo|X&euGaP`jEviT@u42K+G zb2`|s*HLitkqv!}-w74A=p0e(ow&t;#xxSVQ44R=xY*@r-#Z8dI zUGq$>JMvK96Z`r7tcl2Hoeht{TgiFw*h1-fS4M}ypYXW{8Mci)?uV&IU~Tv<@NyB? zjzWutrLL?hhrh_DK32oN<1O(0LGH_6?kb~y$#7)%3jCjAn<7S8K2wo2yhj!Ux0lT zyRjjzh0aaBLNcr$ey$IV>9`!Zd^}QwTz+iBtJGlYgjYXFn}4X%xpMN^mB*hR zhkSYBjTz%ej4+OUj6*v3fEkDO5ah*wb7){wD`Qv(%<_{Mlab-}_pAI~h)k4IP&uZ~BSj7oBX`@FqBF2^F;nC-O7imZCk(9FW0nZ|9bdByjH>IEc1O#{5tcgxKK`f65mIX zPl_K`y^>uv{nD!!V(L+2OZ{=&#c6vGzueeJ@V-OsMgvo`x2^@w|HzyV>yy5w1^OE4 zJn@64=#Mz=u>QKT^+#P_jjt%sXOh~zJpp?+Yk$PSkuw_K?u_vf8$FP%Kl*y>Kqf9n zH9oID#y70Lc((pj)0{pJ2l^!cboUvJ@1mjc4Q7mweAv%t>yN%(4D>b9`1(eezk}d2 z1ih3HBg^O$nprtQpHBq(>>cub)B5sM{Vk!dP!^i`^KAWjH1oMYpQ4!~^lSBV*8Z43 zZ+yE;sJECgK4_*QTYuoRHqh4@kI(CG34JlXVKno;Z2fsOb5o#C(adSb2fcXX8!Q>y z{t^n6i|@ifd{TQkiOrh2Fa79o;;$!a*;6LJ zQhWM!zZ;*`$Y5Vg{s3!z?mj+pWRZ>S=yA>^JnY8za{BA>HM-Cr^7ppm@92CY;;uW_ z_~Okwh&OAkQD>m<#TT@(efIfZwq|_Eb&kmgEsj~ay{DeIklLI<+=@77Cw5fUHi@B` zHn9_Io94Y)yhq$o@$BGxTDz>8K^ziTw$5-hG7n=eew9@mpu(4(3h4&&S@&yPQw(kT=5_d>EO!oHirV zRLg|+qM_Kcw6lXbRUEMvzgM{&`x&BV%rzq#xFFH)>6{n7%^Ts%7*$6@PXuYjQ6G z+nvBhZA=5(>P9EFj(1qUATQ`_<~6Y9>%|5wEgQZFTvL2gHmv`inak)1>%iXo<{501 ztZT*IGjlFcesO6m4Bcs+`0b_m1FSb`E&rm|WEe5&SmnLf#l zF4ZUVUu-@busL$f`@{731n30)FWqy^%bEJl>{}&vZsU`de^DON9kCCD>|f3xr!`6|2H%UPpxJ``JbZ<=S;(`JxoR0Cs(XJ&fqO3xTauJfr-Id*Nx(e=VPuH*V8+VtyadJ$T~d z`sBBG;jj39DqdLmQg&XLoyA_6e+qu6_xNGEbj5IfKyIaTqfV#K`k_+FKd9*3I>|E}wa``9}d+wezAFW_bImkyV$ORG2596if z(N#InwPd__N;R=_;HkCjliGo7N3R%K6Hgia0Z+XT8bjY3{Opk4;roHsYhvwu7tgPQ z7nXQ@V0q|I;e{sc=kR#pOYaQhg+m8`?^L|-Tk<2$gcn-P{_%0A;)RWCPOm>Ut~rhV z5HG~tTr87E@CAK`<{#rz{PBc7;e~(Hr^gFl=KHC5;hX!j^Fq|e3pUrwWZGey(& zKoYgsZ_L>qVo-(n6RHQI{1+S7Qp{bkV#No|yhpDYmIIUa$=w_n#YP^XUO)oBSup|X zCsNxe7u{S)tr^ukcjBszr*+>S!G}kPtMw9VOIAs)JEs0(k8DfUEsnyQ*?2-ZidH@^ zW1UTMRqIS0(0|V&*37WIh;O%Zx++pmVSPK}Q?0l1P)-MNwT=xZH<&ooGst3M z8HakIDaEA3Kjy3hVthXWm#S%&Tu9zXO@+zt+lL)jGnM=#ClvcExw{c)e@@7msaP&+ z?y;e^h;#beQohsQWB<&J5bI+63EabVe6vku<6%60wuH#1i$c^0I32=Z*l2 zYH%v2tn*fKxX4>`utySHe`tkQ8??6%ib0w9pWz$khp`lLPh-l-7*kHhn2rLw>em&9#uAG!?0DqeM>ZU1Tye#= znUf-}KV<09^*M&ecZTw-I6vc5aU$Py@MAC!D@cRuwHD4=4r><58A4v2{v9{>RQXwf znr8dmzJsx6*=9f5H=GBjWZ^$^zF@##{{cCZ8U9^9bVi#mdTsv3Ye)8-<=;Y+lbq&X z@vC^aYq?~!@={gTIUG+CD=yKQS572$c|Er3BI>l4D9`Pj*ktHcw)hliQ8uD{Ir(v2 z&}7$Vh5;#|J^D9C8}3k4;qj(4_VR*ch64 zT)vCeFFT=!@0>ljsa3H}=yDtVR~AxJ-n_4KWWw=V>o}vGd(GTyV4ZM2e5@KiNyXf~ zc9XPe<&xU`n%d0e93EsxC$gdyyGLg`?I&ld);X7)$w+?)oNK)D3%9~YS|8K8tnx2A zexF)gqWZ#(?~f(P`?Px+n%G-VT2f?k?v-<;+`}g1Lq?4o_)h+pe4cO(yvpytAO}b> zOyOWVdZo5ewwx1}EoSD~qa)#9D=>*aXOqkIL*>^ljGFnA?DapJw&UE`q}ub}*LsEQ z7dwt`k2H=eM;HhEn=uZ4PdUSJ{D$WQUjmqZ&i7%u3R=z$@W+RtY3r{Xq^^uVzh1fQ zemSeTv~sqLIv|p>dnY*8iMAyhYf9K-Foim4)1reB`LbLzf4{NIjtJ;_ELEYBD$cb?=)jytcmfmq;HsigG{4IQ+ zVegYOVcw5=@9*{A2L|=2F`M^moD)^#hmH9DZQlFe_TE1?{l4qTH5KK+D1Z1B z)>FEeBWhZ8oT#(b)q#=&zUdlGvTH5kj1~BU;t^U#sX%eL=5f^xOFvXI0j|qF!In?NA&~??I<5iMLYTN z>PF%g(uc^ZY`D1TetfR`-SJqTORAsqVS9y~uR?g4HU z_rTXXWPQC0i90HPe=C0IHsY4Z)}0x?9)7BcdtiIpxW@y)c}ic;}BV)y*q3KHq!v9XcPcd&r23`IL;f$o&4?uJ`Jb z`-+2{&vz>e5=GF>ICS0wXzF}EkquY2yRsos1P;f+OB0Zn=SK$zed~$k$m@*tMAm=U z*SQM4!%$b`ba<@(96!!&N9{Wf2*?f8nfqm z67*t!H*>$1`{ywa@)O-Q%SPR%<~7)6h&EfXF$@goSm3Mp26ppm`mAJ4Kk9>5YlyAD zi`}@>!B-1$4|`Q@?yTguXyiCKBCcF_*HMMbU+fv!I_PX%B2b>)Mudg5n4j_Yi;hh_u+>Y(YKJ4R;T=vy8 z;j2jYiHAC+t5}0*H2&QMu@BW@TeCjWt-N~1j-PW z0rtM-GKGw4q zkbw_yk%PX@odQ0P3BpGiID3lzXOpYhtb7%8M=v<(1t-dn>jWqH7kW5Be+VZpdpPmq zBYLTPnMtw1kOwL}ZKW=~<~;$vLX6+ytDpC_O3pN%ZRo<# z6Zk3xUri(6Yv~C15`PziFU{Gtd|n>F-OV2EzU%Yfq_0=pAbh3sJ)LRtJuZvA1Z;x6 zN&C5heRUCj9I!(JZ#mBOvF~%A>+JhI&%kbIAK0saeY+3#8vGRHd=bkt^DQ}Y6=PT$ zb>;f|`EL7sT74o*Y@bc^DSX*Jw*>mM_`;Xky^TJ*kTrraN}tjlhQ_#duCKrM`1)&6 zf9S6Sxt|(iSJ6Ye{9|mk{Y5X#K1Otc=s9DIT+N7Mk zbBuQd`W!Y!=xo>+x%LZRfB)(0?_=r@UraLH^ykCpLfcn6XNCaFu)grmhV{j@y}rJF z;OlFq`og!d`1H@+4BJ=q;_SG@4jzU}t_hbreEn_n^*2fV;ZtQB+r&VB!LcQa)BO$6 z3fDIH`g)k}_HfrK3L|-JnbWujFikX zYk~Y;>1)^2j7Ptoq;|rYzP}{+KKA>Yqj>+L!S|8zzZk{)a{}*g126wNiubPyyx&DE z<@=*}zclzhISAhv#rx+3-)HUftD|^76nK9rbrK#O#rr47i?DQK<{v-op^@H)-!kZj z--*Ec+vxwEQM~_p;QcOQ{U0CcedJk2|NPz?e4iRcw~X{YJe=`9zrP)PANhO3DBj;1 zc)t?fynLkhk&PMs^E(!Jf2r)c<_*e~u(*CN`h*x<&nE5oPDX8tqRE{?i( z@i5(tty5cbO{@mEWQ)qbGBz&P766;=V?TWuS&q)2kBy}dePDPW#IWbkPS!qJuO8k9 z*RJyQ5vLEyR_O}*ppLhvi~Qrjw;8dI&MbX!?E+sPF^$8kqqUE5RCeZ>Izg-HL$%YA z!bkM#*iy#fm)}n^f5!i+xjNS9;mXC+)y5}Hkpp3I^?om`sS?+h^8AmtD*3Is{}Fw-beQ%( zzW@D!P1T;Q=24n8%53mXkM91Tf_Fw1{FY?Ny%oF{18-~ucqLzM$^vU5fY+@)ymonb zJ=OeYz~|u;__E^j_t4skQ^0re|2BMH?kn)Qve)J=V?zjkKL)-zr-1MG-y2Swqru<$ zEc~<4o8KCbf0S$4NbYLM2t2d{7%vzBM$1G0ngvdsEAW2VPj{fX?pB7%` z+rUdMYDtz{RN-_L@V>ct1fKVJs5KkB@X-GRytie+FLE(!F0$bLFz~jI0IzuHZ?nKE z`Qw*OO+LJeK2C+t4EQ{JN^WP%B^G>Bf$uA)fbYZqoA7zLz`&O^7g+GUOFq>7r+{zj ze*?a9!$0ZzAksf?u?CaCkG~O};a|(wdYN({|8p?q>NhX8lx@wt^Ph+Fb<)mhS;**{ zgl|r}eZ1o5mp=u*mw$J9_+I>f2;XD>b$a+V{y&7T{P(AaukL>cKF$@%u*YrPImHI> z6DBTY9bdH)w63RI@(s{y75Ofl**#Fk|5S2b^7vQWRqKSxr6EseaToTFVt8&HuH5+C zD0Kp%?FQPYc{hKiawybZ=L=gl`)xH#%aTjC`o{Qg0s0KXuOa%=I*Q_^l1C>ZA#o-E9n`zt<5ZB(H<+j=E_NUB{ZC_`ZI4u>h_@&vi=Di&cH?<5{G5s^>g*}c zL;Fn0(<5i*eX$20ihl9QlkYsz5Q)_HoWEtW&Snih^SzVR=Kd1&-IFILJ@P~<^}L>4 z=QuNo_iuD)XI;<0rc^_2TLhIP8$Ai1o4&c1B(9aLBDWiOlk}YgW^DP5wbUpk{xaB& zK0Q$uj=fbDi2-|T(z@ut_3NC0;&4v?v#HeLB|L*4zESlfyLj$}yWI7Btryt$k{Rzs z%zLJfR`>iy^FHxgy?-S!rwDB}InH&8X)lSoXGdz>wd0)UPc(-NEQyRZL#EBHNM*&o zh;tpWLE^77V#}1vO)RY#zoVFTSQ{C%=L_1i&KCV8{y-UiS>u)T&pH~1EF}-1n${B=h3IXKdmz=S2*NrSFu+7q-zzcV@^zr z^3PW#fccGkMFk&ZV(+pMQIkoy%-AVBlpg1&d<%+V|m~(|y2X zV|aoi0sV_N{%}WhFd88@Kx-rLySsJ~F?A8C7jW8V=AKmSGV?vl%R}pG+uid!|7!Pe z-PFB3S~1SY_!)S~!0Fk%k{Od}`-IhVo?o?<{lC_)%E zcF%8H&$_Sw{NB_;cf67dtodwQgIr+Er(!O0K{*Xa;04x9Hy(gzpFl3WY~(^teXl1M zg3tWi$c3ExCCG)BJ-MJ~UqLRgzeQ_-Mm97Y0WY^l2U87^He@gLLvDy^{tOKCrF@(2 z{haLze3DJw%v(;B{VuuA%m}hDhdEC*<$I|c5<^9IM`_I1P)f;V2=Ll-9UwP4`qsN%IlVSUXX zFZkdxY6N>SYG~aCnNbN3MlFwfza_7pBHyHun2odX+L&_TZu&`T)9i`Pi6zWW2>I~D zv(#a^=h;uqrjE^C=*1b&I&ybtrD&&^zN9y`c53@9<(;j_uf4>4N|96eEJm*E<98*$ z)#rNp437H&#@&&H-wp=s0p&0%M{EkTlgq!!_tQEcw1})m|GM>QFaO}%o1$Uz#*hIu z0*s{bz4)a^NHF0WWQgR!GiQ@>%MHUu7&Nw=%@|q!SFx(7W`z zl_i?@`QE%Mp7IlK40irq|L%Q5x?gbql6Cwp`m17%&b6T<@mp@7<`&l~8|^jek?5{h zd3L0Jr~CR1+RKs^`xSTVRDJH~U=sOM!`?#9WMTa6KhqdwSKB`e?|g&r%>Br+i^{;U zbnk4wH)C^^vTi#YUq$;h(S5IXQ!jE2^}5zj2li$9-9f+Gc)pgta_W{1H1Vl?WBY^Qvc4UV7K@+vKkz}^+KkM4%%N9{ywulovyd0wK>_2qSH!jN9A4~ zXN-}$rL!8oA)9|0@^W;m+_-VV=InaEQ>jo}Di!8G($+Z+ zy2G|4?zyw_$;q)U)>jp;?m|wsPSe`f*jS?0iG7uLg6K%FY?tnA{D8?59ippKw@vN! zb4=TnS=wHEhHYD%ie|s+!{@g>c}4LrW3R3t2Wr@P$9ov(er(lOkjov&``3`?hvDt9 z&U4BA(AP|^?Sao8bnVwWb0RG}PTttE?c|&)^^8?qz-biZz37{v5KRGZ~Kc)id|^(Z6)UVctQPbic-XpE-SB*ZKSU4DVc> z+1Gpgebt6zKc=s@l95=FbM)LZbKUcAn^k-KB-a}p&KTt^lxASL4_F@Nb2^_b&S0(T zpg(YJEcpelv1Vw_v+bbISNPw=wI|FohibboiY2#jjtJvTZbxQ4&Dfst-XDvM{1(qj z7k-Ca2A)X(PZzwR+|s@}_|G3$Y`%r8H z_&CZKdKp8d#?72`BMa|jtUDNM592iQUuz`b=WL#L<&_Jcr8&dL6Mz%`u;+2V^W99I zw)sq|h4FEpE|828e_MZQJ^77)9GCW|!W+?E~f?2(}^@4u4Ma~JI#2c{IV zqKW+7t})b>RvklfTpHO^dlTRDIMenG?mPV6LY%1+-MnSIb7D0)jlIq6>#dtIYYpv) z&IR9ps=ZVJa-@*|F>T~c4zi9gI9cbmhV3JqHB>)mXw8K>xuoGQkFzqJ2_k1 zU0R>vd^NQ_nKN91ZGY;&(YBF+m(Mb7Zu`od2$V5fN+a)VUtzZjNr(e*BuG_Y)1DC>LHoTGc(T^9#__< zQaNqPpHaQ*{o?g&*h5f^zsy*ZWm(|46nKzX2A=KYOCsabHtcYCCY&KWqOCFL<81TG z92}~=q1dIJEOYROMQ27kN50@x98v9pOW6x@DQ7!0~<8i~^&H1kW`6&9QxiItm-I*bL<mqwNAyC zXW^scgU!xyzFh*Jc3nRQn~-{pbU;I(RU@@hZgEWVLCpijZ0@V=XOK6B1sK6&SR z;QJ8vz&qOuVhs&W+dG_RZa&Kj&F9hcLxWwDLW7(^bg1$c&Q~qw_XP6k%0g-V&bv>Z z4zJCHMqUfPqx7vfuH=CB+NDytZOT1wZsQZ%w6!dLMg-%inGI zVtJ_H@j~jJ>75$cnx(sJhqo#)DEN48k# zI_jD;KkZjJi?=g(+9P!EL(by)>`hw$ZmRp7mGV>CFCX}>YRn%)7Ayci3qsMy=YyX; z!q0Sk1K|G=w5IXsyY$yVe&5NN-Wu1d;JU^ccwsVq+{w63M+-)Ven0Heg6c&FXrc5B zX`v>6;Dyum#ko6gRW7SAeNE;Jn_ypgXV{lysg)N;k&|7>Noaa!)*4gq^@NhNr)dfG);yZOiUu$K@bB$VWi&e8T%rlkLP8Izox!+JXd8myy-$|Jo z+f~FS6{l71Mf?ZIBWPUTpElp!>re8%7P=L!9zU8gw7qbz^LqXJqK6x%IxE>rxp>(* zIW6PqXW`nAd;MHz<=45s;1i+O7x3I%?khKQVQ%_o(Rt zQmNv$cgj5ZQ|o>nO))nSWRB$eA#_N7XmF|Yc2Q`sZ(L~b$b^tLSNY6U!N~fBxq9#n z=c*=W;JezVg!}}i3!$6$@;|BV=xe}om>hk{!bhP0pW^Ej0L#yzn>V1Fq(?WkoZlVE z&jt&zVEiFq`AZ)x#1h#z7x0HXx+x>CTJw83dF}G=rB7Awv=9BSJWti1YmG)oSV;s}x_CB%nPsR`g{BLC;Mb@6=H7H~xyUE6{2 zX>5jP_`e<=_!gh|`HAmX9?OX(n*C>XyYXu5lp$Q5b%wY~rOu=O^ZCD^?dS{i|2;ET zJ1aS7uxk(BHCOw=-7Da*!|Q*0E_O-YDd+0=N7Fohs=1P`Pz@LPv~A!=Hf<_Z#Q)f~ zqqhUk9iE^3RraM+^Ii5yE$}R7Uh6G9&{dUxEn&z`8p6lHGlVCVI*Y!~=6_t<(fjEC z)6QU}&M~Vap8px_U(W05de9j>)&M@5z5Z+QwIVsE#7Em1_dlM#&*A?)ZATxb{}xZ? z-u%H>*BAIrjxuM<4j$V?|4(@RmtptsKXw1>&#?bK_Tp_R@Dh zyes+tVri`F*Zh`l`7LwtHn6;7VL_(sKQ$lUb%wB5d*mbJ-?{QOH(qPL3&w|b-OP7= z-sFAG^*$@jGomZbn=#kI@jvHN_k*_O^6#W=%X{8U=UQ0*QSnkYzLgn|n~jgwiGG=l zoY;%}{t&e%p}^-yW6*}q_H+|K+hn{6B~+x;kGGVfro6U#L3EMa_|(4C24Mpk)e zhGg!25x&%37wdaf#9AwP_a)YS))2d|W<9luHkNWtv3vR0vI&J3SEoiY>Wx|WYzZm- z==mS=yjSm(`ViE1=H5~7`J+6aqKyvr#a_;T1O7oB{`!9Oi}sX6_^cy_C>UDV$71Jk zjp;k5-{IOe@G_UN-^8_7z)LT9d4n3wP4u&lYuXEE_GAE$>+3TH?>WULbnQ;s_&U$2 zp2{BYU2Ols{M@M7>!z{W7>51cdp^8bOblfb^}foa`&2tMhd8n7Y^eV6+nX9g121%< z|8#zi;>kMe=a*bB#&*5}dg!!tUFF6$q3g#DEvJ9Gd(pk$r+fateLo+4SOl#>Z+5Sn zjSqc#SDK&26aM(nJwD&j&)@4Aqkn%=*OlPxde$6MsZGWBh@Gr+xxT79{tP~xkQtv^ zbc+6i@%AD9^YNPcvh=U}#N!XuLgTEvLdOwvHjcT*JN8;9G}P`m&zGL8IgD-i6V_e& z6SN~*mtQ8`sy2uEqdm*pdN;`L31md@UEwPmJT>4h2oJCyWG=8Xmw-lUz~_y{~F7IsDKi9}wQ~x9k6&jUE)YIP~r8 zw7AcsLw^pr*6D+IOn_V2rj-{(4_7}KUbz<>mST^V@_ROC;sob7#X8fwWzOruuf}WI z1AmrITE)xoO+s=Sy4BiK>B;*KmrnWn$0r@y@-eN~iT?cUNQY(qh7i2JA$njwY#$DO zR<^z!`fg;Nh`F2y!tK(7t4~T9uNmLT&`LiqsLO2qX-w)bsOMV2Rp{gchi4OuO}FFg zW9&nZ&u)xl^pSNweE6$jY{5Bd9|5QDB)0sd)S0y5`pz@QYu5gKxSd1)L-YXbrSvWT zMD($b_0v-P5`#OZxITzu{~TtUpVN)wj!}$5bEQAa-v`l|S;ywXZ3+4`s5e9Kb_sbB z@1))^GHok!YHbPSFDQRWza8^T>T$_E=~G=h0v*fF(0A#?9pwLrmR-Je*JF(=>2zgD zC$tHFJuf-4gf?WKO!MAP@OvtBxdS}!fiBgy+ExF;rQ~uAbD?Xkv>_U|&q$7{|F!h5 zHkI3>=jdy38Ew`=hYieSk~X#H&9(0v+)BjV6X1<+p8t437Ko)*xIm7#G@M; z9dqXEa%wzG2L{daz2tppPncax+d*t+$D37uVV4BL5LD8J*TD@a8Bh0mk;v#8=)nGBj#Wq^JUlRGW0KfPtAs({}_&+S8Blz z_FV#fYw`0*;Rn5+6+hSs8TjFM4>=TPiXY8Q0=!vVW`p0taSL!XF`t5iy+m)7eyPmt z?K;!GO5Vzz&o5i#*>7d?zU*QGbwhg#9R9lS6;dguO}KZIdy((*ONqW?H(0w(&+2c8 z-l184K2aBTRf;_XhIgPfYa2*Lnrp4;YwcWXM1K2iMadJvpj`V-+A(v@TB!P$tli7~ z_A>G$@S&DW$G`2I9b58WZ*THld#jY(%8zqR?f7MfaB;VAf$fvPKVV&E@W&n=?0CwJ zJ(|vEmp>4MI||L4H9g4(-x!-1Pp8RSxFq%;w?kLhjirnu#6FA!dwPR46|^?U^BbMU zS+RfB^Y~t+;G5@-tTONGH#DJGNAP{om*^vSJt+IH2+aS>j9KzfF@_~h=$T}sc(a*z zC(;s}H{m;hec`8N%|*ls#j7}j%IcnkN9UGKJbNtzKc{Ldf`2P`N||He`I+EJvOYs? zx{hppXueKVh0Xe3IWdCYRpn%?|8;FLF@j8)OAXeb%x%R!X)JV}ztr;JnzsEcJ3Is&WjUq!#53qz>o3n3|CPK-{cT786_A>5nb7LsKPZJI_z^=%+X|sedc^xLPlJSr&t4enk97s<|0D9F zt2mRGxi7!)Je|3-dwOAXRr!U{io5Hkytn}#URda?ntvfV>hO@YEgGTQ9y5--{yF+i zJHoGMQGM5d_ayCZhwkr$w(sIuVo*E%v8t!Iracm(d)c*$ONs97_qEhnJc8}fL;Pfl zSxe99UyV#mzz44X@6xy(|Lu%d&n2K|)pP1$z2j-t>GSJKXFcrXQsd1rcvl-b_gVa* zcI^Ago9`x$btCO```XYMd6L@^C#OaGH)KO8=Cugj-NkbWaM?NA^XaR?hG%YrW?g!6 zf0M_a@!O3-yRkF>a~X6OhzGs)Y$gr*<59$yGW4&Z$B4WC<6xEOF`ci}bszZqG~&gv`y57zD z-#p;zedw0My#@K~`^oQU2bTt4Gl|DC=BI(B_vCr8zB=J6uYWc8>Jz?(!9tx|!@GI$ zCxPb@i!WfXZ5X@&i~1Jt3U4dG*-JdT2VZb9ZTCRune%{tpxrO{#|X{(+w`}05ShE8 z?vh#Jcl}?2KPDRKU|jvsNJA{NvWhtw``IGq;MT*99`2W3=`4N}IF6ffj_vOPmTu(M zamJbnj~(aO_}##Cxg96+Lb&(CC0Gppp_SvlIk=ZG%kO&=8fhqZY2?Ge^DH#+P2l-4 z^zmc9|G4mM&PzPIqt$~ke3`R&4fNr{nA5)x7zN*(i-I`QnNqp&NOsM5Dr4c6{Z|_0V7;PX|PemKakNIc=`TD<28%wDT zo0T?hH8{hrwmR0Ojqd@UUuHavT_rvjkNWBM&09xL8~dmWBH7`m4b@8)eK3DMSS&B) z#Ww-ZkjwyIS>ZVqZJ^^a+jeQA$v;l?UAA_Ev~dZt0-3S<4fF{zYH`75^ClG_D;$px zS93nVBaF|Li3LU`s^+=mVkQiBe4O719Mi0JiCA$%muJhd0n6 zwaBaaz)%h!P6vj1gM?#avW@blga1NIiAPVe`rkoR?Q{3KGOM3Qr#?{w8h2j}NYFHf0uH+CpFh!tZ5KjU1D+>*^* z0(|8W=Nj2))-LN=J`z6_##`vu*koS6JAP$*^(mb7fIGo<^gh5*m7{PpU-+{aLoHE4=)IP_Hch$gxt)#2Nr~=*Pk1G{7v%s zIoqO&Qt{o|97t{m&;jMUh71<$YQ zhtI($v5Q1!#~F7+D96C_6!h?sD{c8Y9Cz(JA3SFn*&+J5OmpvpXCzpTV*_S~ z=L!Q)4`XYX;~3k$gZ4iBzPX1#4}N|Oetxv#Uhq@Y9|oS|!jEfT_~5blDT?O-&vYL= zJ=hpQn1q|-S#Wc&hns%Jbr(2Ua8~s3$AIBkV2H1{+t|Kg@(=sbW5<9alOKwPaB}3f zQ{aSt`_XNJ!OA(y9~Z*AJwz@+UL~c+o;~K9i?qJm4m{n=yW;A-_$79{$!c;6cwc9xx#w}`#dkh8uu1iidypT= zYWz`rR9kDn_?OLYEaw2@dlmU4xgq-OY=&PShF@F6uV=L#i{!+P-N*ct@rjT4>O~&E z)~5NjBWGlOT>!6Ehl=Zuu`VM&PV=O**%zG5pSguRuv6)T^W!7ygok+7@%d<;Ww9o}E<=-cuiFfkDZX9Z!`q z5BIfB_g|cuYjBE8Q!Me-x=Uxh;^eomudm`))Zp)<&OY`=tQ%W7A88;)ZeuzF0p7p(# z_dAiX3Fc3^hN*_JZGBadSReYUkNH!c;|k`p9QjMGdTjoR6$9nS-@BR5e&*?J&fQ&r z{4JmQ>SoTmH)}54?Gk5l3E>&&t6DL%g$KA#VtzY3o(fX~tAhR+MZS3#~D zvr?S4kbe`e@V<9D1udF);bNcc4{QmYC#2X@COj?<;=p2Ze6g$h(DNE+4|1U$dP<;I zyU?+_zk?jm{38PtV{`dBC%*p^cCVXDhZ(%Z+C)`bCO=*6ixIi@l^d^YGv~XUm*yXM z!t#$|bXs4l!5^`F(uGbYu5W5MXb*igV~r9sx8u_q!an@=w?8tl$vnpzjh^d5x0+{( zXA+O3UVu5v(a7j1{y+k{-dp56-wVwjJ?Z8jDgGJaULA4T0^*b4fA<*TlLf>lSrgtp zrodTMaDf|}tTV6_xa)i#+%`68<)mb2H+vZsR~9a>Q?4a&1>%$&M;oV{+QyMvch3Hr=Lcx>F52AY)yv*No9>whsu!Shu$*`;?W+4=XE^E{`fWUq|GUfqML*Va~)Xi^>*Z` z#!u7;6QADB+;)S5Ev)&i+1b2V>wUG<1gLc$dOX59hSue0bFWo)544xQ+>XPEC!{BPZB*LUR7Q+%op!E=0O^Px5GKYBWo)-~^IMxgig$dF(zj%fJ- z@=-JR%FFu+^3|?DU&jLUrE`V+^d&p$O!?{QodJIGa8pe_e26)kqP%v_NzvIRJ5b9C$3qw-Ie#fs< zZY_6sqYHXTBC~3v)S5t^t)XpK7i$fNJ&JcQ&(M(3FXCZnEdh=EHMP}}$mkkiUXlgY zrNEjCtjlQ6UDJXdM}V2!4&;AH?El=#xdQ3jjzgs{PBgh431mpkbmcPqSlOnfTYwxqsn-OH*QS|FhAAJ?pt(Z0YZ$m2^;dhJs zzXSKBtQGU@pjj{fx9J&qHIm9{*(&l@6X`_#qgq#-j-;K{C z-D=lA{qNZR|APL>wKX+@>3?VG*vP2+w{2C4j(}BTnS*^_${w^3bQcrOl9JJ=H_2??UdqT+A8c_$Uc%rOxfpEpl7?dzWiO+q z$eNRLTUMW>rpUsytQWp+xW%h$Av{+e-o0hx29 zo12sT&Z*m<;&1<3w9oVY_8ouw_|9(m-kJGl@Vc3c)8Ohq7y9NR3$C93 zlz%S5v6YOy3q5RQ_nquZ+fj$j#-20}M~6ypm=WvvD{!<49HBcbjy@$EA>Xs&Xj1@3 z{60n=iRCZp-(|>&k#J=3@HF`7#a^@VEadKD>`8nCavJ%5COG-hX>fACA1Afp*yY)9 zvT?>RoU9X0z6egPPUGYX;pFNOaPq|fPWZiJ6gZI%wzj2_j~+d_y4cN)bkF;Z#D(9H zp3yy>d42@m^gm;DnqDo9+NLPtAaLo6ZYF~*$_q1-NgNNze8?Q19c))lTTybiXC8NHP>gtA0MGsYUd*6 z16wBfLUfgM?8=`pj$7S1N-jb^;Y-Md=`M1psY`5&Iu_lRGG`N_gZtUPWoW*HT(H}; z7nL|G@925*#&+)L`~W(wVOQ_1;N?r?pP%*#aN-}6r76)2x@MJV>laU^Y0K;_ ztBS4~rq7zad@>W?%#6=;Lqk?BD1WdTTc?xyLey?r^>ygd?mw(1Kc|&?TGCe<^O1UI zFnX5re7P52nN56UFY%Q&e5^Nkb~Uz+_O@Gmr1$qJud6Wr#|8K&;3oO4=&B?2#4SA8 zWc%zBT`_0M2b0f#H?*+e+47jyc{bEd9gwWDa;y=#p3il~IuxhT8HA!EH$JHKC7s=! z7yl779gNXDjsG~B7|o6X=Q$IjLEmbAhhj9)Q-BT*X`TNi#%bsP8aRUf)H+B;j0PNK zi_w5L^S+JI?4lhLqw(6%*~i&pH0{X1F8WfeL@}BR;i;#A^9^vL^#bML+qN_3BtQO- z^ns1+(kydg@!tvGX%6Z*XX}x=sk4&!y2@`8PQT8XhZYZ&$QUCp49~eab+)h777xI+ zgLZP^Px<<8Tdw@Pllf6ileGq~x&2FNPixi*=s>u&ZMitfjo(X~Q+ZZ0M* z=t*_5w9i`nwfMe4mxr2Nxu7}+x~Kd?!&~+`vTP_W0&jJn4~byt}yYT!2ZE6II9#}ldYz>0W$iKKYp?V+RcG(wMWI=^Tkkf?@1%0 zory1DPiT*z#fR(w;pEx*@D%jX#e89}tJ^df2Fw3WH0_zJi}RqFMY_K>6a}A_Rrr4`0O@r0KUb$7bEB2M{H2I zZO50`i|x3dcCjB1S^Ke;IM_bV?>#W&_vXd7)3%*wcbr~)%|FKz+^57dj49aSwKlzGzL63Gi)OTten=vp-& z=K{0nyc67ue*TGZv{QQ|SqASz*NQ*(z*|~ZIDqeafHCz@cd8eV_{gVtGk>h5}= z7nBUjHn4=ql^IqlR!QjOE?&$15;uFs<%!p6y48$ik4#g+D_cHM3 z&F{n@{+M6?d709sHg+I{>UYfz(J$I-`i*^d$ZwyuGsjDKrYSTq)7*nk?cQab*Vo1V zqEct|=A}HNdVPr(GWV9*wrzj3b-0Q3ykI}#dGUheL9id)Q~d+QEjsB>@Dx)oEVz%& z-66ltg+#%Ij9aQN~sr%I_~D@3gZTe(ndpJBX2n@;bV}%N*uPxkki| zI+7=wH*|xKMq<^Sz0Tn6cMNXYimiqpc<2E0A)l|epLGoUJ_lOH<{GLqk&>MUZ6%;7 zV$u`sJ<+vli;2b_v%cbK=BMy9^K;~rzWFK3jco<*{`q-Xv4(+*Voy;gN_=4F=bb-i zeqLkz$TB-W+ZHfC*N-qiuLb6Z-|rp8{0L9tH_c~0IMLdz@T6eY|XM z<7SK7Jo79yIC$3JA3EO${`HRR)6VKB^BC|&J-W!s1Gi`Lz|MId58R%e2OiD9aU^!L zX!{j#ccm9Ef_G|(M=cxcyk1L8s+P~Cic3LLe*5Cfwjc3YFTA!Wlh;1w?`L~%?EQ8w zU*TEw!wz_B$F$PeCCp_YZe)0Fm*(^^aN%3nIlV%2I(vjUJsg-*e(#8%InQ+`;gwrG z9Gr%ZZ}*QKz6#2jtNmjq-{sdDO9x|-zP(jzP}pBd#qMYSyP@w6+PK>I!5eMu*=#tu zSMB_qcIKsVa&$g8!LH9LhkhQw3BPMbffLbNSx%^>_GDE{HX1nhGZ)%+Q99hTtMqr%$zGM{R?1b+U#EAckcU=9z z8XMpJHkfSS+^xWsA2o5C4|s7KYj4fRmkO?j)uMx+WZgE0bxw^hf&Fdw*!t~I|Mv`= z#q;TVThslzK7He=;Q4BWrhY+jI@jWSY_Cg=FMr4%<8xF82)KS&Ffh}~@&aU%{Cw5z z>O*c-I_o#z%`?@`nEn=IyL`nO^uilFBmM9U`k_8?Rji)(-XQ;P342kEKZy*}r{o}O zC&Z}rdw5-=)$GSy&VLG9NODlPaqT_VF4sF+8v$33S50wqhH7VQ*}TSaUft@1UY$xl z(T$OT7b;6$-n@rB+?CvGcFH!)aY7r|CmNqkO(50N@VBY=G`>pqX;w~*K3+Oy-)5dO zwM6{S1!4JJXO{iSS^UAzWtk(tKltTFc;-x z2WG~(w_xv8Cg!2J>1RA|GGF(G9^L#&p4k&RyT6|`cj2#<&!b$c8#6HT4W6y%nK${} z5E|Rx0S#<%oc<-?82t4o%-n|im+;w-?RgLXTgYFoVQ$oq;&7eB+*~?!?Q>n1J)lqN zE`9cc^EdcZjvhH*ua3!cX3h>3)Gy!p@Md5+T#)Nra|AzExry>ulfaWKa|VCT+ToM< z8CsLmer4^6GwYoAsK$3K1M6D z`e7cL+x_ksg1>`f4Bij^4)UseCmSQ^ZFb{v16zjkuAeS?n;Ta>81UatRJrlFgT<05 znfpDpFB4vTeh&YW`CkrRd$BpKe>)V%sB+^QM`~T2Mm%k&n!QXk#C#VtxCdtG=1cBf48U z54&NfyT`@W^m1cUTcZ7R&U#)mJV*p_t35ytt{Md|%3+le9Mv!|!`p*;5a-Fmo}dns}UR+Ibi2sZwD_V<;O z8+qx9<;0kg&(OT~m-fyh&YX^cnLgbZSV8<7^gT^6F!(|J^{{uOcix}%r&mGfI&b8U9Z;UL-A@6#Fw?C8oP80JM zJV&v)`?A7Q5MS@%!NQ^bj$ThbBJdQ}O*8qWx~6>p9^kP1R(7y&#niC@7fYe5b&QAo zIA*Wo5fg9EGx^rS#gVLiyL%{B(ElYC7xYO!&n)FQy7J!TkEds`Cx&^H-df6dveRmQ z{4Z!rG-~Nlx!&DXoGAqDEs>viIrS!~eX>lskyY3T&~6uF_4nnT;llc_@~enJYmK7a ze3$+4(5`>syWi$etRY!7JocFU+NovAuYGGu);>AI_~Xt~#2G-3eMaf>#<70FE@yEtt@yC}(5r2Ft%a}(Qf3)yt&B5FJ^r_>Ie`GHdMV_+7A9tQE z{@6_0RzAD>$hC7a^v49rl8fW_1jjicd;D=e{F^QQNW36p4ojeEbFDp{f7gh`)=Y^Am@~kKKIM_on>`ba{}rI?-Rtun(S$49pDDST{Dr5p0Mx&f3lL zgSKF^)ngYVvHQM9UWV2?5@oKP_r_1~yO_)75^}$taqjvq`mG21O}I&52d@68xAxiW z;-?0g>mYLz$XtUr?|KGLAv;Bnn}TD89)tO;ZHAxH>lf{pDkpA6Y&?bz&!y4(H1`@kv8xSLT`XB0I646X3e*QurRc8ao00 z`R)2jCS@3xX|Bn2V-L2p=2;bR)Pq`{H9sc>`IX^DDu1(j`5(mXUY#(^=0zIN*`=Nez?SgQ#n&6 z1_pk9Y4Lj|{9xuc6Tj5bc|OYg4&m2_!(jYqfe$v(SJ;E+sD;79Ta#~&HUC5OW%NsC z|1)x+FV5vs|6%4eg8V>_ZnQS|7UsFpwcj>c+gsNP;)2DnCGWN=E#$%9Y*afpH}^yL^1u&S|YXr-?tL`8asqf|W3G_>lCtJFuU988lTpGHG3zYfsL;XwZ_UjL)v|5M`AqZf_Q;0S!yg3lcN6T|h_ zj;2dJb$?lR`EvnKe{~MV_`~q_L|S` z==H&5;Ta8oe1SDfzkVzVz_8zgVKn^V>c>oZWA&r#o^I%!y`0Z*&gZ=` z4e3Wu=8U8tS7e#roy>2IH@~?a&#Qme|I3Y+2IS83J{UxYn%{doI7EN)PyD*N)HlbP ze?Pqy8h<+zzvFYA=N)Ri3csQ`;WZmBYXi7E%fsbU0bDBArN_)uUVo2Q`&RjXYn;4} zk?{PGZ;Tq>HQx9X5A@6Sy*`~KeP)=+$4{f7-?D&xcSit*34a3pj;8-#TR-39;p+qa z|Mn{`508d_%Cp!bGd%wx!n|6ULY~-AeUd%IP@qTU({0>=&QX05U2BJbq)RUG{D(L2 zAEI2dXJQ6UZeh>c9_zwpSzhugD`45Vpw8AsFz?KJ{<}((>dc-q|p|~|E^5b9Y z$@CR_u1fRokPL^uzUskd<@b>P;Q5Fn`40!P_}_^1BW$aZFw zWRPT!o8yuGZukHB_2YMa@QW`#>A@|1;^&Ky&kz44_a@W7?9OWDF$7M-z*NS+Y=S1{ zTCkS!uisiD56@^^RjPm1i7WZ9c0wlS!Oa65em<7f7lmfN0`dg;=75J_Y{oyX#=y8{ zdE-*N!#}RQK3UeEjo;0DWX7+g|Ft$C{htpG3K(}GV;#fzl*6OF0;;dnL)=aIJYB4@ zC8?t}ojnOIjBf1eb{~vGw1c0ec^Dg@AMITl(*Ise>rC{28@T`DxJ>-*#MWyi@5KRL zKhCc9!6O*@H@Wgb=W_dTR!TiN>!1J1!tDkiiKfa25@CEVJ?!jvL z?N7#67WtOpkASl(=(m}?=w|i?`TY!kEX>^V>}&ZTy62CDX>V0A*H2|XzcwQ+TQnaJ zdt)4xKayoUR$iNU590}r1375UpQHte$X!$0=fUph`|d@JtNz1|#gmmyK3_@nHw1qc{Emjcdalgm(XV;% zoQ}Ty`g5=JqfdX%(Qlvrl%Elv5k-GSSB<1M?RfrFefeBq9QSzR_}|r++P^!pzWfZn zs9*lK_+a$Yf@EVf3myC^`f^1Ud*go3pOU;>jm-D2f9Q-*`Gz>fxq`q^ow~X-+81Vl3U+P3{?3g_THqE)#kcvkGzwU9wEQtc|D`t z7UjFzy?6N`XXY>VLKozWC=XKmbhWN+`&0}e7an*gN^Kb6(3x1suidN3Bhb2iBYTgO zf1vNH*=MaBf;#2iK##V)9NI|dDCWdVrYf&tLTue4*2>Wlp@CEoaZt}#|!TgEuQ$2hfKk8gR6_Rnj*{*isa z!#eWk4w4JTX9>JKnYH>d*5ylCmsi{;z2{x^%50p*wbe_?1@C)e-~15k{*zb>;rVfD z3wS0oHai~G$}s!p!Q-OEZ*S7vS)3{Nq6wVooT8AIchLo|ls|kC_|hIV$&#szdk5pj zPp){GaWkKfYi{zKBQG8x&rjnXy2iM5P4la96Dzq!zUnO+FYlOhYJo*?X$}2@oSmb+ z!B2tfH?R}Bf4XIJE4bJSF1CS-?cl;Mb2IW-Jm2KVmuTDDe_+=@ZyP~=t-o0QM>;>G zYaY0(g8mkgOF=GA)YM4}Qx74!D?)CB@@ww^XJz1^791=C2gIhYQ|{Lho_PX#ztPZp zPJNF@@AlpuhTe1PMejFy^sZ+*@$GvYXQuq$$)fY=&^Z0rKISriFX0naWutGN8=`N% zTl(Hfj)rmz=lJJ-9_>~|2Vei#+nZ#YHc{(kEqLAmO|ONfSC?pSk`rsXh#aFS@{M!d zy72J0iwET#<;H*cL2^8qvu#s2zXUvZwPJQJhjv;oa)_~z>(lA-+2?^n@7Vo>YJY7B zH2}tjTcD#uUc6=ZTHe*TOCFd!AYK*h%DefTa!owCgWnDf<2S}UjNf!Ez;AwDd)CA8 zP%hbimxr8k<%Yc{_RAaKA!JaiY6&=FWBW+V~t=xMtAi< z+b=WDm%-7c@Re}W?%`&ihnsn3Z0?@>DL-VsfLrtBOcfjxVo7hlRv?4Kr)K=fwkq0V zJ?vV^ng}o`o}%x9;{&v5pA)YlBM(U~uYpcqf>)u%$5s0=*Xe$72Qg#u>d-ZCrfaz# zuij~RH8;Kle6>##F7jhv1{cVNjiv2lOnoUoUXX#;QY&sS2YD-5o5TKPwI7zu<$4jY zg`<4uUV(7M_;SWOgOWRYc{c%VQfrj`OngrC-mT$zuAd~2Al%A#?hW$&h60yQ#Fwt` z;Lc$-d64+xaCzX2AP@RXJR&pxrg+4hB4qzKYO73$4$dW)GKzc|XU`OhxP8l(dWyb= z^m&<=e{_m?#ClV|FD-vejaN_pNEV?_2mb&sw6X`T8$2|E(-P*?fev!P8*_AR6F8Gz zT??*E-4FOpXE-W0_)TzS&L_i;T@9}7JI&x1+L^c-obKQm(TemTJn?wbE8vUy8lpMq z2b!yh1ms-q2y)KV>#m#=ElICS&fSHKJGRGdTYg~|^RM}|^!@^Lt}(7f{v1I+u0tO6 zpv#oM^Il->B)@gr12vq#meZDM$Zbm@mzvQH>(C9d7qpM786B|>9g&nwg@>DwZw=^? zBzh#txzGvbN^*Am`;g_DN92+EG<){ZJH<|3e+Pc0@R3d42rm)zd#z8un``inu0=fF zsWrS4i9ggK@Y@8!gMB8- zGftLgI%%u(44&Kdf6xVi_A_J*b9eCZO!@K;%$c396-J(1Jd_`7^5u{xk{|ux(!ky9 zu3?G}zD!#uc;EP8+uhjDR-gR%O@JQU^}=*MZUlKTg@4(6vWpwogAgJHlFkp6y_p-o z?Si*AMZ@HW7L)r456Sjg%ct@~m+-%beQ$Gs{qK3sf$tMMSK1h@=;FCbK1-eOtH|x) zIT)T_WpSi2HTm!p%x^C=@tL%|?SzMCQ-5OvHj=@OCtJ1GO=}>!zguV9q3diMyYo`$ zaXRt@+98L;J?G7P&%$AHMuFvTe6VyO&x84(<b9w9sAEdq{_e1E=u3MEqLwy+8JwCl}^rqGOyf3|f4Y@n^xe#(*`g1P&VU2V$ z_{l*>7+o)Y%5T|Mm-^o62G$(xlOuOPH`pyV^6pyRJ+g@3*oJyHx1D$St#z*peDCH= za|UxRPxmJp31jyl7tsBon0&RdJf8s0n(6FuYrQV^;!&@@P{iF|qu85h_QE6kp!=`rUF5&`ps}uOmg*%h;hm+tqc&^N6GxaAtqXpG zHP|n~hmEGz)RnPP_7s$Mekk^xpQe55M3FO;rz{z-{f^>=AH*_ch1LNi=jHQMd%Ue6 ziZ( z^V}l_hv<9ut>7Eee-mTuWc-r3#PRwcqn^l=f>4X>i zYMxI}o7wON@0YNj&6ztp_U2~iOXO=kA7akLJ5y#LkFGKHuk2T|FXYbYtl!pLAKQZ8 z5=DM!Y^B7@G`4jGIUT*wSQqnNMjMwfj#9>P6XTe}IIJCei3e8|;|K%S-vH0?&p2Ot zk-0H@0vMNH*97IuO@aCSd_Z3J1?mlHE*ljqXYF~7GfVLkQ_uTJt{Hvm)4y6Xy#SbG z4{2=!ciV-ItDAj(`buU3z%CYkndisz0%J5QEG zE2O)hni8$(K~FvnTt}G?#Y6k(SL=qy%pALGhyV6r=SxxIG}>pdM!W*f_n>>efi30l zM|(84wHs{n9OkSK`Zsa_{I;9gI7P%1&Vfh9$8)i5WJAjTkxgvm0eG}+_enMY z|5AK~Z;vf(c?lZLAs6K>;O}nskHM9TIwK{sk5KGQe13l)w(T5j?Obdx;U|o3d1*nY zZr$aQlfqO07I|l!7;QQdKz;w6t1$?7g>@IEO z$NP;u&y7DyE{R=BVbAX1dfs`NcjUh`don|7(vss%=GokM1bLBzybx?l+21;q8XI@9 zuXQ={9M~#=twOL(CZ}g^PPpanx@EKKk=ys=Ml0?u)cLtnXT6CGKQ6hC9;oBYt`&t& zMPv#xXqwv1GiPKjr_DOrEabg0yjRWjeb_!Vw6}!zu%#+4p|2X+3)2RB(<*ef8@VPG zm(jN2!Tp|n&lnWnnuy$RYnkW8&oSS1Jtuzl(Dj^nk?(qe?|QE9dU)u1emtdo9MgV& z{G|CVKFo;^^4<7v`Pdd#@1SeS0{k=6$3IrTw3)s0X?rJ+xfKtH-YbcXO@m(!jxA`} z|3KZql-%gx)Iygx!ki~L58n9USk7F1VEI5k_X@aI2tAE4^h7PoNzUTw(9^=RiaPEI zMF;QYnR@enVSnX&4R3YKKdZ1q`wZXDy>jl2W6sB$IUnD@kG=O-G3UPxozqh7jPJ)L zSbQ7v{JYTjmUEfI^UNHc*S`_IaM& z6F#Rt%AWocW1n<=>xdQfO?L)=btz|H&2-qa%07N{ zVCVJxbCzp@bJn_8k9~nC~UC zVoU6I?3Wt8fBOn_%>-+YUK3kC^X*Nw*!{Jwxt!zTD6T!U7aZAtZ5K9h7@gqy3-}oP zc7WCM7dARIAB?T(_WT9UzmzTA|M`JUHoslAgYaT)0th@kF?Cg-nkiDN4jPOeAvXjNZpcwobfp=>$$gqd-F@2iUm`gigMuh_D36? z7oo1MY{kRmPCU#rkMPV?YHvulQBQe5<1+DV=;KwMF?{Ix{EE4)H**w;Kb&oTz@v>3 zeT(sS=3^%mLG$ClKX{U@@G^8`$9vH17au;}HuU#W#uTnwI#7jttwheUMq}#ZGbalH)mC7kncHP5`k84vr$Z`o{c1YVmBj%o*%(4J~_iN9oj zsy)&F8roA1k=nZx9{B%hdl&eq$~*u6%uKEX1Ox>|O+rv^DsEA6iftyDAR@Z-2lP+3 z>~4Udps`DpZZ(TFfq>ZJg%P^h%C>+JDWF0@m!|Bm1XDqaRto*qw$x>A$s|N80jn9Y z&Hw#*&N;~>1jM%M>xG$f&U5`f-~01@zE2Z&n*?9)%oi`(vRAcJsDmf z@DIlyRhVYAO@W4uUkd#!uW#U~)VA{QZIQRC^>t)vly-s^GPd1!-&|y=>T2JH z|MnF8;6A~11AV8q5q8hayFM-S0>Sb7(6Hv9-%s;9%=`b~Z!!2)>c|Y=!g)7UgE!JA zeDM5A@Lu|b51y~zlI1>lzHm-0aP%5YLs<+;0L*tX)DL;_f zSnsqUm;`v%U)iTx%PQJ%%c@=>`FSGrmz!_3eT~1(+_j|pmIQ+fow{ZX9R64a4@r>Q zg1p(zy;Fgw_M?-NBkPyIoA=(%_ZWq%@_Dxq+Zh`PUY^@3|Dx_A$maPta+KFw8lFjP3f`nx*AJow!* z)?e#5kM-wl*L_9E{CTXuen%Xc|IBsdAN4)F^S>y!pZeUDZG4}Z3-7vVCH4Q4_t+}_ zW7Nq%)iE=J`ue@^B)`F*$<%MAzI@Kz@WqiEuHPxI2kyACLw5Ro)OGRab>pAtqWAD^ z@Rq#M?Dg642&K@@o6r>T34YONJ~R|rXZe@^?xUJ|@)TPCcu^>ydsm+SJvsoidc{%v z%<|#<>iSR-dBva8`*i{TP~KV7hxX<|yXpBdiDP$%R~Nl?gL`~Z>0seo z4!j(?6}+l@z^jcr#0$LxT3gDLKRKg&{^YljE64DW#(*FE%FEbiY$gV#xg>Y2l$I0B*M2ywJ)TcpJ8nAXWvA|F}KLI$ji3_$;eUZm;wJX zWK4v(&wSQkBX|bBnKP=T+;0~FhQskmoWAz)=|>-b{(h}Pk=|voF7G{I)Cro%IteB#Zk1_b{^2UW*Kq7g_ykO!})a>93FZ2EEn<3S~WxtQ^luJ&~H`|dB!>^FQ2 zILFXC9Jy7+eFb6eHhJL!%A%|0qVLV6t)AsJK#wX{n^F#%H-5t~bNpp5eZ^VR6~Ors z;Czhvc?OavSa9z5#PmJD>lovn%YMys%wzVwPfXWy1lhQWdF*8#OZmM5SZu(DyzwU5 zB3I|8z?GqApo?1CZ65h?O;ta18~U**=fT%tT`ij7J}T(-UG!=ELdgQkmm(LJk}I-| z{%2opDznp4TJSJ;;Xq!Pl?{5!iWoKlYkg_j>VY z>J?E&`ysI}Kyxwpi-YIGk!!_S7lvY)l{>R4thF2Z;Qtn0Vh=Tzk^dgtw5~*sS^0_? zJW+hLKU7P<|9UI?-r!Cg9a_HW#!_Mx%G95|AGH!(On{3~o@11o1TJ!(enN~g;28hN z|AkH~J4=5p&Z7I+JI_P!X)Fa-=|gfuI+g4(SEu_X-ZsjGhEP}pNIy; zCy^(~Txe~nVcZ@`ncd;8|p zJJid!gT1_)kFKCKSl-u;%X8;d-%Hs*nssA7u?OO}9_AG2L6e$80Djv!2WOlw^wO3~ zyU+FV4PJI5cDtG54|@3yd~OUoH2m+qe0S&YWG~+~ZQ$M+{AKY4;LzKazi|=%GW=$- zqn00e>i=Pta$Nb?KTS{BKg}|G9nF>a_p7nfMkD)}e;-dEx#yZE4-b3qg_BF3_{GVi z*SveORQEsY+rU7@o);dQ&a?4(x-^jC1@DK!Cy&{@U$$N$IKqA(`bgE`ejfCbi){Ub z_B(l=X$Lx_U4QADp8Ep8y09O-${t6>x;M~+=qq2(^2t+XA7#)XLMNC{b6Hx-K8rJ- zb=eq<=rST{zHcE2nOTr>btx)3G1VAzY8zC20P$|eQChd8ocKh(qCRQb@yRgJWkz-$UU{izU$1#sJs40 zp8N7xXWcKj7rSsNKK94J#iQ>%et6w4oV)??W%Vd2Og1`%w9Kg}bc>0?9udL{GScwi)lgFsIosJ~n;bi{Js{ zh|nhc5*4!V2vcPvir%(FH9Q-W! zqNB$G{@79WH5b6!7a@1v4)_xj&?(Bn&++V;;nQfvW)$z1ex^3L^Yq5s$Q`SD?(c2u zn0YU2>(YJbjb3=N!xz8P+qc`Wlje*LU5czI@}ckJ1BzmY$70BwW6(Q3KCP|j)9iOR zZ9ULSTlvt2${)way<*|qo1RPa{Bl3Ov(508WAm;18dtA)I)nEIc%R_?YrOB^eMab! zr{%X(S#lAS*URQ+zJiBfA@~SRf|uYV7+t}fO@Hu@K1uGDrQIOymeEED?N-w6venC; zE&#vEZk`Y-=Y5Q~<{Jc8V>4a}qP<7)Qv%Qjpan#(gfz-p^%U}#bC zN93+h>;$}0elzBN&rh{4+I9COu{MV`{dk5hN@L$B6$kwyh z&5k2X{axnJZ$J28I`v*DW*>J`z4c4c>oe@Ho-PgSEG5^$SZF@V zZ|Rvq_=m=|jJ|a?%Uv_g`EKUy?n}JFH;eyVe0d$aC^cW8{KkbNY@0~!iT@Qd#!}uL zXN)7j|K<0N2`$Hex&qqPm>z+)_d?r0TfO}0bl&&IgTw<=cCVFYXufbJI*0?yi|Hc_ zKR0l3eYuQ7_A@&Cq2l;Wp&-7gA>Xvt&VdiB>>o8p)<43!&r_L~hK3r*<9q>Sbf(;l znLfD8dggqMIiCGjkNK$jq;KtMrNZ~`QsBFlZ!Ub>s>wr)Kjn49kGkJa*@%1!!;j<- ziB3f~gfBE%?f-S4{hyBvJMrYTV?E<8K6Jy6aT& z5YI6O*Op2LXZry!w_GZm6t_72&+RpKP7ceQBi4PAI@h859F)^nbI!*XpnYD+}KJPtkQ}Y^(T=V8S={6KVwWpJ9i+N*fLE_=h|FaA%J%cYVO?&jAz3Na2)-=J`65v*I58TS~*tjK~wP}`>#4rDH2l$l_E~LWE zg{@7W_B^!5B>EJ;(B6Z}+xN_-p#w|zR_+t!kJWveSzB)h?(+A&2R$n8Hi8W>tm>)5 zdzxN6i9Ony#_wnOowfrW(s$p}?zg>stKPBV=}sI2){#H8_sB72kEs#8YE%6nY>r>XmU60WP;-}r?rDgvqKKf2% zooJao%wMj^Xy1JcdzZ(W?fd7_dDeNZ+C1cp<8QtNfAK{8Wyi4BrGHD`-78-*@-y|@ zKKQ|8e90Y$toy?JcI%+S%)Ev7$9_W}{C*BTUPD!E>-g93){AteFxdHcaa@mtjvlcfa7Zf%%x{U)ay7FvB5bd{3-Ho#vTZ$2>cA1QU0@(tV6w z*>AgPe=hyH-(1*Bx9G-K96ah-?sp^35C7yNkj>qJEi?vNd2Qi>n_74-+=tCU|Amd# zeek!L-_Bxha-a3fEbau!O3yaBR4#UF4!TqvT}u0^8vkZwic1fAC%SD$_KR09L>8(a z(VAkS{r6aFp|6)E|0KUeAND+TuF}qnr?yh*Mf79KA+OGKb;Sxha8Rt0aMVkTpnb2e zZ|nQS0p;fTy5FZd2tHp+3_LQm|0BJ~)Y^dmw@$oJThMFkBlobs6HM#2ztdQ2C0lmE zr)rQF+mIjYu%CDHt{Q!EJG_1kyuOmY*7Mh~S-N<9U}rsdUA=& zN4z1n{5t#z6CZow{z7c`jlzZP$V=dbPk+azs{Uv2>#n%zG{aj|UOKM+s?9>$_s|Y| z#&s^9sqKBlBkG&Zq7_1CMRu7p=!~+hbBR?{Se^WnEfRS&zOsw5EQR zUS!vmju9>gHsAqvW9L{Z#jm0DiOx9k8Heo3p7c(+)-d1x&K(0ZoLbHugUWgI%^8E* zUkZ<_ze;xNrJ+l%#U2AT9&8a0=Y8FCurb!6k~uEJCTZLzUTWJVqOrLAWW0NVxRUjh zQEYi5x==d%pjR@N6{=ItGjYHfjL#boeNl&ZOPx9{4U6}lDB!#v{gu*|JBDK9MKSV1 z`jYVdl|I(XVf2iR;*G3hG5xr>QOcYm@X}~C=aw_9mx|Dz6ki-eZltNK8h?-cbc$7hXKfA7Am$Wa2MiBa<2#PfRzALdw_X@rj!ZN0-K#AtJ9O|G?xEn` zM!{_(_Hq7NFZ<{!11y1qJCA(E34gnxk@f@+*>i$NjOQ-`3zvQiIA>C3P3$fogEkIV z>72TCW9UWtEMhM=A6r{}ozVxnQF>~u9nV+NM}&EbF1qndr)|MjV=(JubT9YZf!%kf zzRG&*{Asu{06jy4HQYt@f2_4G&BiXYUf##~sz%mkQ_9-xWo+5b1d)Pbe6HuPS3HpW7L?mK8nlJxD-p}j_WFZAANY$ z^obkoz0Xbs>?$K!rSZ$w zIoJ1m)~{s&@?kdeq7>Os>Ol{yIxK(byU^nl>I*N$AB^nlfv-LJd_H%vEyXXFUq3+k zL6Ujkiui!+u<#O_cEulx9hwg4y=ZzWv8+0?0Zso}v2>zen-?B(d7&Ex!qbHr0P)>8vn4$ASXQT7p=ri&FdhE-ms`!KfmOMQc@u3xJh=?_;e;G9F?r zlA{Z?uZSDo$BP8R2RbjM$80`PVpA0$C-Ir-?9B0Te8*m^UDk`e zHUu~gLr=>E1_jtV_`6!hvL`t%kbE*_&rANMwg%h3JO$n1&;2jzIunm9jv|*&6nH|3 zGH)pN;iW&!^=7udNsR0Q#jb=0g%aYs@GdvcEIKK07z9pdnmw#AbvyH?G}yl7p7YZj z?(by|ZhpkJpwHNwcl%{;rgyV9BfA*mZs4#77&WjDwVr>q`s?v`R1PG6$bc=88;~*E zf!_gOxz{eII;yLB?|&@5o8pVz4vy?XW`HYS|Cl|lHI%KPpLLX96F}Cq|JVE;KG5Zk ze_gN$Ba5X=L?56(?Egx9p&OASVcLw)rhLot!Kshoj_j2VQUI^)HV*JNf;^5sfN%O# zd(9lhk2q~a`4;0_oNsRr=U#E<+=z^9WZu$C+;ZwG#(d_F;ve= zkIZJAi}?rKV(W_hWme_R7~f;GV<{If)-x5VAPwP03TxAX!#!>q(Nc z9_$+FX&&U7Y&_{Xnc%&#bNHU7-%kBVCFQY?6#uxKc4EjDofDTGmR3c5p5^!W=sWE- zpZ}13Ov*=i*T^^{W#~H-?78?jhiKXi7Z}|rA32?0b*NzLp8Jqzi*(?OfW^5e>3$hoUs1U^_VZqTYb?VVcQNDk0iQDF@-xQ1oUx0~ zYP{bck*sNDE$_WDkbI0eym=cj5T4PY=RMd#1KDG~$cDF1`{vgvhu6b98~4Bi_QC@i z-~k7iv)bZ(-4op1*^mi7EMnaYfu-hObxCNb=1)D%(L+1=v?Kd6LK}`P+f5ga)4uXQ z3Fpij^Sp}ryq`GlJ(z%8OP&&I16&r1HW z&Xy;OSmcMF3WJkjaPs5zU9k@OUXLzkDOOqEYS|z5$zP8iTOCM-S3x5yne&s*eo`>q z_<_RkwCH5!6m-}9bD`gj2ER&~Gq87cedOm2CxCbMJP&8cQ|}JUHZe8A0l`!Lq_Fbx zSwljP1=S9)a@uJDZrRsc$uZ3TJK*?n;M3%%A5%=6@U=Q1L4{H(SZEl*Pw= zLn~{RbCUzBddl*AJ!K6JTn_GXzo+7gBKUr$cmfsjy~?jNSI@*174CCl@)iJtAhdeeJuWmEg}3)_9hM-N%^WjhFwM zwN`6YOqo(Ex7Anw^x=Y6wx2As>QBzKmOX9u`euPcls{Z;t$hXhD$W}d`YO-GKGt}m zzR8AU{*}Tn@aRco4Kn7h!Byd@@Kty!e6?*{8&~Hzxko(8Ju>Hup|$(%J*P(+z%%Np zj_UTT*Hgx(>JXB*|6X-&ong3hXR^B=)nasmu6U55{=g)MzR^PhgRmhp8N*2SJh7?s zfRXN1?C8kYqCL$Bd|LT0!exp{@gPHNpM9JdU&*Y+1KMk=2Ia`L5}(Cia`;GAmB71V(~68djZNS$Ie+3c@LqUv z;~I1jcrZDXY&lCgwR^eR4bu`Ym2fy}|tMsJsHbDtAkV&yze|kQJ(| zw6>fsv;TGs0j3j+l99rqF99ydnAQ2@ z7L%-jckXa`@G|&dd>i9N9!W3o3JyFgUP*q+#?8zH`Q!SUIbQy~6tLh6dm%v0dQ#9ye|w+sK*kr+n8pl`(i-ZGZnR-;L~`jo#{iO=sVC zGlo6DZ@WbqEBR!wiWV+`7B1bAcpE!{bxpj5EkU{F zBf?|O*z`i1kM&3I#tlbKiV(5Q=d$m(}Sx;ZX~8oYC9DhT~lr{JB&Z0HZX z6P?TepWL#kI5>%VE2tN%Mb3hQ!q;@+AkW(4nnb-vPkmIQ^PJ(+;7doq@F&?OvPA|u z_~7D-a4QvG!pEo+3*f7>aYB48&8g$!LeDy%fV1bqG2{z0I4*>IIg~#qJM_uVZ2597 z`Qh52k|SxA=awUh0^9a{s;4|bM@fwrQ@%Xq-wfoS-yvJRiaZJWpk?^*9OQ|CL&_Pw z{ST+)-;CM$^Uif2$hq?Kt@}gwv-+CXi?sh)^7FNv=X|2byWZyW)MuEFYp;(sXE?jt z>#~cY1wQ{Rz;W^r={eT@KO3;}>05y5)FcBSvtI-cw%S9Ko*I=u?EMHxCoMJh- zV^VhVSX;NSaiNDVfp}7_TL3tQnO}tYqoewjYr{(U&(&wng%5>&&OGBd<}=`fyFWgf zGl@O-$0KWiRSmF0CWfDs%;^tLzFzm3*FL%%Ld;vH}9}%n~x^vUm<(GtB zxT>42wz|_+dlLKgI`#@U^XAxWo$?eP`VBthC3dW_*Yb!>a&5KwQ_1bVp?|0v`C)#u zr@oxu@II5fcdqK9H<-HU0|Tj>@9aU!7S>!M4={%%R`P$~xAI%WmarDptX-w6*V=oD z&5MbFD#lq4b@n{6hBZSj#n=x}+@SU>gfod*7Pg0I} ze;uK3?Oop44|zP8I6K-geiho1z78*+5awNkXUT2(W=uZEMOO0bAL9F2Put+xT~^w` z#zpi$ndhm2q@O!LYO^@k4vt65sZ+?9oNp>ugvBkamK!QyxezlCK3^ zkCf5|W8V8yTNdqOPf<2Sq?CCBgBbW7pTV=}k2P$QeZ^jF6x&TU9?D zW4vXGRblMw@ohZDnU*y4Cf$oHUxXbu^6<_m?Py=q_uOAA>m~{V-D9idyxyQr1+@2=7Jh+|9f z{hYy1hOqaw;19^$N#hcy!3cdY0tA7PE~ zJDIXeXWj%=+lOgz8U1 zCf^BvGP*!zALM+_7HDtve)dS4;IUEgOXFyQZ-?RG@--(K*h_#9Ca?t)%sqkZPcT<_ z!C;l$3!iHwKT0F#8V`Uw$_e%w<8CgX4dxISV!cERRo%poiOu-(GbR>n6!AW8+=%>N z8;Kbk4Xupcr+vEY){Vqj<$AJ>|5tITCMIq%b9jI?V_tD!^7OZ?wI;79KBmSXeWBC1 zvER2cw$%Re$q#AT_uOo^PfW|Fwg1iUI_+0woYDSuYTt=9={Ekk+T&&XoMHd8_WypB z(|%t18SM|HeRm&I?dOwg){H;jfe-m0Kdt=_$<1TnGsk;I`|*kJZq6l3&kJ+jOFYZ? zWLejb;Zd$nHXH=zl#NUV?uD+*@!3AvQL;lW2|Y-hrptpOL-2XI{%3HbhfcHF^%3;c zX7JBBB~cO*X}DhE!wQ%?Mb=eH@R@tS$U zXH<5+_+E-G^b5*}Uh!e$v&V-$5gaPy-#OqRSO_M)!GnFr9g0J_9(aV&fg+qq@uYFa zUh!oQ-C*q1h+slagW)%K@@0Hfe-|oo$LILvUB0}DF~aK&oUiyBz&RxNod=v(s@!?N z`CF8;;WsfPowIXI#ZQ zGN1%MM5n#cpL&iASeC;7JIbzWy&ImC8qaTRupHuFh9L8)7o^_r;HS6vn5zfgoeplm zha>Rede{ENKU41`MxK5%=(h!(!rs5N<;&<1>SJK1e38x=}v9J94mD`tq;e z7V%DWBa_Rx5xyQTm;Px7~%ziarri2iGkFN+yZIxN&m}4-}KpSAByLe>Mq+Rm39q3nAQWQcz%cS z9_ByX#GBsS8EL@49{xJ{f{86M`BM|fIoY#!;r~KTb;d8|N)F)@7=;|lLJl1x zA6Aj#MPl4BR1F_o39cY}zK+~6@t%1%gcR50${E$)hkbAABWFx~o_p4RbgffAd_!n1 z`@534CZ5=V|`M|mQJm4%F zNcOJc)wE}tx&|(9d~Y~3i%!uiZv@wR!;>hus9gJozX#y&JeM*a7w>*Uo4w)P`NHe= z&j7C?%J$0dX7|8No^L!4n8^kf+}@{bY!C|lPW}d-82;AJ=5ML|sgu9C{0Tj>Cx6XsUNu1=8vpHDu4Wa z{$EG$Uvk#q4E_i`bmNaaPonJktkcBvSf}&hkDHj=--165VLUE>T>V$VEA2DDE4lRi z`Qslb`)RoC^2g1L;Zyk|y2)qakLVAn{PEhJ{1N_n&3W+09S@$HKmKqfuq zI^P^dCyBy;Iy%y}EFc#CEU|jX{qC`P_x{Pv_h;*xJ^8tG&y~H5G4+0(w(1Py@0jv; z+MmzrzCS;V{bBZq|Cw0tJbVv@ob$maG*iBY;qZsT0P!ru8i;SQ|2a5swCtdPp_6&! zx^--zBE=>Bj6EyqgTso9oR8d&t?1-VkPj$6guU=oInVQ*4vu)?N5xeWyX$w=Sw^=u zI>!Mk`HIGNv(+|wv^6vB=79fM_9G(rDxyR1)eXHS^skKd^kSdAxB7tc>s1~8GVi3< z7JTsVk$EGKz3`fVxmWV@jFt1`SJ-wWe%oKh4>ssPk9wE2G$N^U9HS*w&=4|HZKV2Leb@#%X_Fq`tMT_S?@qnWf&C-(#KHs9 zCSZ{-7%}GcoT;m(-`eke?{M|^>P}XF@3;I*p1kv+pRL>UN$|*XS?Q~mr)3;0{1Ukj zIeYm#;Sj%{;ogC2+Kba(HSJZiKJzTkLFRSv%1>5&XCpae!^DH#&RC3(mbn{$PXoH) zP4;@5eJR#^IqN-&c8$#w?AKmKTll#KucZCv0$(WeZtf8>|^QU^bxO(tJr6EIpg0# zf5&-0-RJGlxhWU+N)l8l>_e#1MgQm;Z07jvCjA>fNy)D0p`(^GLOvb0^C6(pCbOmhCc0c z7^{4kVfhJ}PlEZJAXcH77y>&UIm^T&N8f@M90BJklXcNGq2{-Vk)}?|QQ&e6-7Cho z1n*kWXWqAxji-42i09MzAUm)-iDe-t$&TeE{jhgE$v8Qo<2fF4_CG>@QF2b{Y{x&2 z=^b~EGxyeNZ|I)8^KP<$WrBUv4hNP$1eT8i%SVCbqrkG|q1V=p29{&8vsWe3`W(!4 zV5#$_`uz&Lyb(RUX%FKTOlh}zVV(n1>mcJe==-D^oB)R#e4%wcVTwN9v`2P5_yK$) z69dUz(6abvGjUY<+obp}Y<~TYrTh+?-#+vHos{3dGrv9N{o5(Of2H6313M4%x0wB? zQszvY7MnDm+Ty_%2id#*e%x9t*84ZI(V1QJNJ7PeO6K@z~A+skOzUb zkUcMnSL*I0cl>AjJC}Y6sXvE$s{b|qx@C3VL34LZEAvON7mm2^-Tm>=>`nH}PhZHs zRJLUEgJtc(5rK+AWWp52?%}?$5j?XGS$;SDNls<~Ypp@?s6a(N|CC!hGSbdZESaZ1 zjZI%|+5TVb)FOjdZ(kpG zJ#~#ggL}^s=nx5X2+lOrtwe|LJXp}4{@{pq;f?t1mx*=JzN7Bsp3d){;~(gZzyGI< zf5Lf;-_FO9lAk-*wk3rJ>5M1s!Flb%;pM=#n!KjMVRFgM)V}0=`Qvy$g8l3{c~+CQZSpE8fJXPHMTzxy_Ejj8(!+SeD}3V(&iF5i%!Pv>K$%S6F9@$@^u!5BC= z!cyuGupXO(!uu)eRr54`J|!1rU|?H2HR0XV&|ueGWL9^l@SqcaW* z9?Wl_|6pFb@YAOEbo!L6&D@%1V3Nge?w~fm?LFq-QTF?TQfO>WMri5J-Md3=TU6uz zF?D*w$>=w_)A&!EH8%dkV79SGUngJD2f>_f_Ndy*Vcv@WjS!Ds9H=_%+D98NWsj*A z8+xjzF0!6D2JuFftM*nXhf8xox<6K3T%kHHe{5o2Iyce6KkcQc&0r0*ORRZ>c=V`Z z&};kn?Wc@dT1%)6M<3gULy5bQtq(Y1cQmtmKIM+dXej zAl1w7GUj(1vOCYjlZqVIP~r~c|T5!PY=aU zxw?Ov(fv;s*fGw6OB>&>(_N^;{h<;3U2c6LWxV#ii6hVnlR7awHL&*t-rS@dpwleyL_9*=qd`9C^pV(g6-W?5|o?DG(t`O7hX zx^)fn^=EUZLy%|A_#C|LPnBzK^He_7$Lh06_M2`0c(*DpK{*o?&m1A%GK&3R_(d?s z=tmac+`eU-E9OY&#+7qTW6`<8)bd`+>%H)@tGq>d?vv%6WI}5B)b`!>y6W|zUib0* z?c2}kHXh~K{(s-HXm$bEai)A28ToAcOb_?H%BRYZ>r@W&QqRm5Wh{EdkL z{-)Le{>1wO{LM@B?Mwbw$mtSYaBGF{W;=K6K6qJl#w``G*|%0yTHbQ>rJ2!LJeS^z z4Dyxhds`W{Yi(92THQAVpS%YD+sdGgU428*H3QE07A?KiA1f{KOBbrN(#+W`!TJK} z3jDQYg6(_y)MxQ!+R24y{~URm`-!j3%h+P{U&cK&z2(S_Gw$Vl>n+Eoa%md7gK_2I zGm0C2?c~pNd@{uP?40eaL%1NVA~G_qB03|>9~+le5iiT~H!jHXH+BZu~hmC@mSz zOk?jojWZ-^6(@YdLQM_1j_sde=)c34mK-+J8ro4lvAtu0w=R>juC@-N_&d=@`qr>j z_-l{i%guQz{Bh8}d|9I|VXWi4NyW&h?c<$o_vvhV;zeC;hi8{mNS2zof9Ox=y>S}+E7y~340`K+c)H_d)&FX!qo!>}Kk|j+|MR8hSa*1OPElQCR$5(K z5IID-$oPRNxb2jgRZUeh6&>UVoAbxa8{1ef!R>hU z#VO_c7@9nuTa;`K7T3+rw1yrBFIvG1tzBf#t^R0PNk#17t^W91jNu4lcw0DGQX&2; zIb&$jS-Z30#JaS<4kuhZSW66{#z@ZCla?qhE5dy?nxVVJOZzccZzOHyNc|F81^&^u>tk zLaW9{O!?=ZfbRA{cT1qV2G(j7boV55w+6baf$rW)tC)C&Lw5_HJI-A-&i2+licS=! z{zI#wyIr3`cZ;CATIh~)ku|;0-6H6&+*cRQcJ;C$p_bsV6dG{o?x;g|wb0$vDgM|t z=x+8De`Dzse^VKBw*b1^?a&?lwN&>)cjXS~#9bVyf6vi;-AOCkR zW!0y^WeI%L$X91Q|5okparx+9*sl0!kXSg;XAyrtjhB7}AJ^G<>5uHa)xqMU|Hwc6 zXY zB|8>z7Bl9pJ6(N&*^@E0{mPxq)T6(b!nx@ciP@Zyo&`U{hK+AWHcex$Q;}QSJmkZ`Zk7(koWq@S zwrm|LWzKV;SF64s`=Oj6Q5@0{Y}mIw$-}#_XLn7iXg-3RE1&9*?wM2(TQb!jubk>{ zte)y`dAlgtv~sFHabQw~ZMR%%_(aD_U^&QFXSb_d6?VHCN3?Ss-p+AES0XzG1?!@$ zL5wwU```H&_8)C1O5PeE#}N3}vH%!1uxA7>3h(kHJ@BJQsV6zB1>a|RQF2m3K2Yu3 zp(j=%52+JgQj%OSFj*6R3pnlp7JS?NBl~>N#&aJR;fISKEK086ytFOxo!@&b1D9aNB3YcfB_`Y>dMv-uKqkU#0UZ z*M}ms6Q$m!{@mY4&XE(oi_qaO>8^7GeMuMpo4Vn@ea1Ke{wL&PpsfgPMRUQAZOmsX z@ZkLVAE1ji+C33WLvEzn@U~nEpH8ocoX%k{Jfk9()7KyG-`C$bsIR|iNMC=Ve@4ZU z5!TQqbmc^5ux_IHJ+VD8%~#jPJk5B0sd}wFrqjcnI@5x6v(0bnFz=g;E%7&+<96ma zgE`JBN`9NzjC0O0#vBha$JX?U*wGw+{8)~^F_z(u!F3`7dFdQ44!Ygh6*zAj)I=R8RFmxVC;k7^B`4{q;HSn3SzPbQ&vH}-;I-gks zy^al@!Ds&CFYG^vf3J))V(7`;&Ur<47bRB#%X(m#rC8&oSBLP&?id{@2n_-cwI;P^ zIU}aJ4>@%=P{tw_D2w*9Su4fIs&2FR8s(1WICMS1S9dlZzX#pJtkr}rxHrS!Tj1|s z{R`(!9$Kk{(EmhuZ6R_ph`cQ5dD_>{=n4_^h{2D+b7I)#_z9u~seS_6_Z1yfR2L26Kc$@$l#9l)Qs~hs zgB>1)mts4-1RkF#gD0fo@f>WuD7p&1(!t?%meD7E{lSMO|8jU8G88_qJg08mV)P!v zTdWH@&o$b9w0=e>aLdI%x}{>dmsqf)clb-V6E&W=!=J|Ao_)*j2FM53(I;}xZadJw z*S4dyInQfdFBsPnuWgyV%>oO1j`Qwg zE$lh&0xY$#=Pc|w%ilb~st~^Y;9tPEOkh_KplpD$0m=p_8=x%rlr0EQHc+Aa$Iig7 zhW@tyK>pQ+f!*=Tmt7Ga?Jor6D9;iK|J9RUy3UpHTrQwCpDw9s2;VAn(DXno}4liUfg#(8O+*~Xvd zmaWHcA1lW;_D!kK9pc=dQC_7w%uh7X${aSdcf4e;OAnlD7-(>=+d4Y$&Q;$2)?Z3`ExhIP#I&|CR<+ft)^HT!UWA`xDentQneu+nL5snJAcrU3G!IpIFLYWNvs*kTqludnP4Y z_D)J3UsGHsd)wV(94I)jrt!`-b^OJwX$kOJj(xQZIbO{gbi>QwD1)nI=via)mESn0 z^*g{IHp9c2`KrTLIPErdw(I!UY1eJX^{3l5nBCrcHN|z$ai`&XjQtOc{rw(ekNEm; zjiJM8uFbxFThllnznu76lh=@Y6^Y$1pLe=r=2+~etFf8hWN&QLIP3ZsvtPUP&6l%= z{lV97%rQ^j*5TySXsYqnZT{9nN6PMA&>maoOD^zau8K3y_%v|MR}e}xjO-47UwZP& z%gOuj#6ItE&%!Qa&o#a~DE-aoaI!IDJYPl3 zQ5?EZj)g0U)mcHgMrcF1v$PNF#fFXXd>Q5BBMoo&C7ZCTGB`7P73CkHd~99NPg9|;C6Y@z|igdeatf;6sE1Y@WjZPNfptt zQ~j}ZlPcm9@fQ?M^*06a6-=J$Z{9qqA`JX@VmqPpycC{=J+R(q?wxnX7VZJtS?7Rl z0$37b)eW|95uc$kW&+z$P8^iRo7DrhuTriV*tP)IY~b3N6B0P~;jFS*2M4Y{p{#O3 zhPU}T=Y22qaR+mMVeY`tGyHyUR#9>pET+q7j80W;Caooi?HgHe2)1EnB z==M#Yhn#ghq;))@I8W9n0)GgzPI;U)iq!g&VQ9dsygv>OrL5B-(ZG9($?Bp3)5mb& zFB<4=o$fr(b(;Md*6B;mI+-~!7iWzQy^ue^UL$bZtdaDIUCc@FsSPHt06z8H^&Q@2 z;C&{1Xsaijo&!#CyXN?O&j$4 z*R*k7eIrvOw^IAI@6qkMbw6;cc;3l1whbP(-AYDxS;^RLD;eKIeD+@ApM5@~%eI!I z%WgxL-5#I}{;1vX`#r=S?nTG&1uOPAw$rarMr0r9Jj`ffFjDi2g>&r~$N24>&!2Nm zX!$3{9*u)1VV*6XBV%+1c1-BO@6lH-@sC!O|5?sRFV7ooav&-HVKw~B)F<9i`C#ys znH&Jpfqp^!Q5kw}BWiGtIjFW!xZ<-t`oEI>8Zsu>${;l?>w9oC?`aJDe13tIbNU4y&XNai3dMqynQSF}z`q*!G4{|f!F(2ZZ?H$b zy1yaU6OteFosZ#V{kS8Gyb=~mtNakkqolIRtq>uXNQ6E$PwM#p6r-K7Jdb1y6Bv8p z51tC{{mIFOj$OaeR=ziH}SrZo*9s#bBkI@OlZ#p?9o?%^LJl_gT!?T%FX&~8l@y9jKD3=*D zA$>|QG)9&(9+$^8(Z_)i;5a!Q;sN?B;r*Lh8?2|F@xTOG@!RjS z58~jD)|$RU|~C|3l&NxtaL#No<`!~1-VZG0eE{sZFNfZxYcDd$VcvBtTBdSB_U z-ERTDS;%sOBj@ogwcPJsaC55JZ5kUVhdK1OaqQ$hj79b;^s5-%yBxdJrRTfhpQ-Vq z$`^Q@;yI|(nP0xz##`a+PigP7iu({*f!lQo_4#BuWOIS#?hnmpdF`ex4rqayL>~xP!)ED`Yxl-TKa_F zKlQ8?`|)ziXY5AvOdooF*6AZ0vywlvoPGlAaWlV<|C9BP1+Y~!L$LzaALZ;TJc-Ws zKJhQ7ij&RcL|Y0CMc%gK;TJF;*ESJ7N#1;pcSYzJ`BpFY|Fps%sEZzLbco+yhz{{K zYi;Y%-E@d}tMP+&>3TfRB(^EeIHX69fX0?XV{yjT?W`fsx2YWPPeV>?ZR4G5>)2|n zt%0v2pT&PQ51aqmK81bw%dnMJ%U04^g^l2-+qcVmmY-t`qZz~5`nJ#U*?nppsr|Mw zUadpCEH&26(JKr-dQEPIPTB7GEm{(R+S zeTFY7k|4%{wQtG|LKCcWYjJWv`RUszFTYWuAU#FDvF+wI#%J2APK}SSzY*W}Qsf|g zABDFZgU7sOC9zT1i^4`RvXc7{$;~{+vR)R<()aN2mH((c}C_)Zl`a31RfIJ2442m zflhgi{RlTw7(nKApPf5aYfwTvo^d(|8x1J9dF)Sba;L4v*f?bU)3O!y zPG`7sIqUTp_Rd_!j{bGyC45^!4n~*uujF}-(SNv~M)5zin@ZdH&tz5c0GcrDq z1THVhmp(u+qkX|e`?qR8VBj(?w1Aw>SJGw^^%K-TW@WZEnX|z*KC0csH08J9j3j(t z_he;z0(IXO+{$dYDSlPIwU@1VTmbAe4(XvrujQNCaO-Pq8cWNfKypk!_{2c;NygeT zmHWzABl)&Q&}O;8N$*yjg)Cu=;(M>a_jHy)`mN^V&f^B=0X~N`j&6NvOyj^8?%mqV z95NWY^s`Ca$K_jiWxMc6bQd8OL~APiPhIcZ;9+s@$hbWndmH=qUp#$R{R02iu_WgV zIcE`{%-uWaxJK7SpN*i4YVGWNkGl7!AMozG^%xw>TD|( zcG13cHcu!0ryKwD-Q>mlAeh)c7LGVu=a z2wV3lA7W(w%L!jmvV$`FC@a|`oUzv})6i+`H2BydxMiA{uLO9Y{mbxM0s3OD9~pT* z*v+dezjZTmqG>lU-KF!wKGEZjvPZ`g+m^-}R_<&CF0uofh{;co1M4f~WDjEJh4(Q2 z&EVvA#(Ka?=9zQ;8L!Nt!5&N<3Y!%vTk zpW6aS&Yy>xfmg04qqT3c1HZf-yDhxbo%P*tZxC}G0v-*sWl(HEcRX~@c`2vRKT;R5 z*!iE)&#UcxX|IEyf9`)_SH83dtmL7Kt+f%>O!*eHPVTx%_FM)`MCana`X)OzItv)V z1EjynX0_$1J@%sihtF{qYYa_^e$5(I+cKpYnpFN{<#rIw+P?5CY*1T2h)ai}-S7{cJY_gh&9b*}%oFXQ0o zKYiyrEmk&SLibN|9+UAaW~&LlDjpm*{6A~!gCniARpb#j z;AI)QZ>NF$;KuO)Zcf2X`KoRFv+pz0+0YNFyWeLfUJ`?LqoO@{ zOcQ*v@gQrk%`$eDp)LGX3H&D`fmc2Al>chq809}16MAhev;aLdLaR;iz2&#DALRJ3 zBH*ZaiO%C{9^d_4M~&_ph(ff5p_Llza*W@6_oVve$pFQHi){Q1U$hOZ9x%T;ZY#HH2 z18ddOKA(g?zc>55^L;P&x#=UtK0o!(?KN)OZauTVjD3zD=rh~r(YL+HXR*&sKaPEV zp?q}Y8n&vq4+UNFC+~k))3MG|CtWi-9zSi)!#iUWd=-(+CDK97o%f38Kvw*+v9=`n zEH;Ps*7qK=?yHil|BY>bq_Gw{hqRve`?N;md=*jt89jVyxlmVWqWzRk!8 z8M^=(9VI`9a(_e*;!Am(vjkr%_Ah5&`*hhQPRy(Qx1-P}eSgRDKtU)z&X&*3qz&n!r-}co)IB#r=Wn(B*KY6PP@MQh)81sK zy{S%n(`au7e*am%h8p?S*ue7v>|t;&3eHLYd7k~q zeC)PJCVL^k%9Tfr{fQgOVNVrb1iEdfT#E88#y9y1Zst9HkR84HLGU?6z+wC#JG7Vb z^aa>T)RV2W4?IoXPi(}W!I-;jC7v%No~e;BrsD_c+)rfO+E0{>@ye&nbC$}1BkA&k zK%0%7w3%*VMkPz7GsS>+8Ga7g$da+Ptjse!r?+}898$~4uM>U?-x_UgGCq^^*15#! zxZ~W{P;kz$s2CV!>p}U z_=jU1+(k&8Fn*j!ree3iN#?3~q~dM!QT1J%Y&}8_PEStjROOjOKD-Akx1z_WerlO_ zfrav~s7;-JRlDzX>Pyno`)yS_w|$JQeHvW>96t^W8b3n6$LHE~ihHrAW%xVC-f-sF z+Zrx4KBri1s?W)1bmnLd>&H1h^uw3Kr_t-6gXk$_+(*m}A67B2!Oyfqex`fU&hB5z zV}CXb@3Ek3{9^uB@nh(GV58cHR&s?ae2>rv`1?|r^Uf|$F!qV#FL;NuP*Gs0+#hqm zH{lF)YV7_naBXa2?}zW;qUkS2A94CHxJdiPUSba7%aLif_;seyolg_<`2lMoy;r)T z;$NgQ*m{ti14a473Mdni&yH`#zx6))gy;hti-2o}Uci?VM+Sx(*IeYtWt;X-H(X@+ zVHlW4h_gyAg^mVs_Py3VA9dDv!^MgP!$(QEXl<(h&xr+FOe|PsdR^OM;?5`+J#tZs zKIxRHoKzQGz_|h9(M#Zw%d4)@o?dbpbfH`#f~WF-Nq^jR+=)dTRHXPCQ#MBIvdcTC za_>ly&(6opDp-j>UWJl?#P7CK|8?mknWWK2{AL_(>5$mtpJuefx5_g5C4d-JzdP* z7FJ!}AYj$tz{=<7G-H9yFu{tuUUT_daQ?8mvlCY6Zoyk4iaNInR!4!=G3Ff;tRC)!mEaOxKi}{DpN<=%i|+8h@=nL~ZRiLmpxfw-Gvh#; z6>z~FZ}H!7 zyu1F&@z$PYyjQ1;_u{|dcvt?F<9*;P<5hl0`AsCdjNS`vHNgWUJKrZJB)k$CvH$)0}Mpi~f@)y}AdF7cyUEZti zhs2Jo7!w?|O4i zt$*krn3o3^M80)7do0EdI+U7IHZqp>kXh27ym{2;`4IK-Emttlih*ytF%F*YzLN2F zO#b)SM|bziqT>S<-%VMsE%@+y#y5Q3Z2R0_e{^fvBiI~Y`G9>}%A9rIHV97hJyDh#Lv8Qdo~RxWN}v}dY^sh48U7$Ji{Yay0d8^p5R-si z+i&x+ zr_T3yL8?w|f72Y|opW$v7??vF?@v&V{jL-q<-`i07evsbqUe$_$_iE=kHt;`mjj(~ zM0Tvh;b&div7gQU%3kK}!~p($E^D-hx$PAV2P^*F!E2Y_ohv?Qkh|{iRrwpm_y3Fb z&Nn`&&57qxPR5?+VdB%6V~{ycW{y*VKk*Fm_2F|qv7mmXp+AjdF08GguLgS!qnx*x34atkdh;7=9loJ;g-+0Sld1mVXHwR; zjWaHV-T|%IW5lnF}C);;go^w%XeahLH4-<6@JhS3h6abm54YG)EUfpgb==EFO~r-`ARF)6umOf1U##GGS8yZ)M?$Pm}ZBfHz^-@w!6Ph$+8e%g1pt<*ZU z9gdG*{!n;N{1oSZ1`P`}9=XDquVZ`ra&6n2vCHJ)u5((%C3im?>;b>RA7Q`XOZYXu zi@ZyS3;8Ihb6TcsJ@!v*_SA~X>+m6K&r5jajDH#9x5$UW{>UNijmO}Bad=_lsbG?` zO2n7vhPGgjwe7mV%#l6+l(E_QjM{b~oA@4CbKx1^tQ>N!?CQh!4DO8Slk(m64Mn#9 zy-g$J@z%N-+MxXPq7BAjY*)tQ+O8Ux*?Va9B_qhzJd>Ad95!q)*^%Mwu^wRj;G=LO z+!|y(yJ7&`dAfV7#U=(|czYFdO^pHgA@Mni0U&>9r|pzW?2~IdkxPGdKK=^nJE9Tk zVEBKH-s8s7H$p$%{JK0pMZ4N#N=MJ?^#8seGiq%_WAQ28~73dFC_1K zu-T_O{U%efECk=x@M(ecksfJFurB>`jI@6YpK>@pqK+Td|c@ zH-uIIuQ2wP^c(5t-oOtIKNHw=a=2B0(u-amW$y+(n!51+ZRGE{-C8?WcUY~Y&J27* z>|I(_6GA>@Vj6xq#pE`wBK8^`d;_)v`qK^zS|`5H+{af74r@A`(!2U+~kz6SA04= zn|Fsyd1zGg=AGfiK4-7A5|~t8h-y#2oUx2xgNAFETXk9}BDet;@`Lz2%un%fMSY16 zXJ5dZ5)ZEN&$-!3&JA>pe}psNc_sFE=I41CkK;pxUu;ucPGunZ{i)X4&ojSRHL#x6 z1yA*NKJeTKJVnd)p0Q`^cWIYBj?WC!l@3h9)0hh|&13vkz%*RVb5EG^Zb=GEg;O7| zLtjK^w9pyDrA{10CycoVnR!O9v2NT)+y=PdU;i$9i|pI4f6Thi;;(T36~#A_Z$5_q zX&QJ|^yiM36pxq=EEH35Y^c>%KMWt|WmcO9JHD1Np6>U=^mW(1aDSyWtlWd{QJWR0 zIQ{11)AhWRdqHZ42K<$8c<#&RcaVL~82LTRKB-(&W&z|hD-$-!6Hn+umS zwh2c5?NDr^_TdZDojTAse$^eW&z3mc8#Z*qNo(r~;teEgjs029oU!pGYsDjeM!eio z{3gnu{{Ca4HDW9`Lu(VEwGPo5cQXk8Um#va zc&#&mUiQu=L04{^Fg%*GhjzT2c)D=Yz|7ezyAU{q%UGvzmf|hJwaif@iKU1C$7QYdHynUP#mq1LCBP6kttU(cJ0S(K$g6NynF^(A{*j1%KnyTw_Ug1 zuXwlay~n4Y{@M%nT;Vm(GS@v9JTZN}<_b;Zi(dezrB~x0Mqf+%+B|G7&+-Wlr;jN7 zDbK(~G$>hu9GnfFGLCBITFqS9FWMoW`khXnRgU~z=FGVt{kmmL{3^7hb-0Q3kgU_% z7mfJ;se2drs;V>pd!I{gfFgp$mf9qQtKh9F5OF3a2};Gbc9f2t(hh-uptNdhXA&p0!q>-1c4bUTf&1o=2qL(S3fMAJ8-LB0L=N>3j5-Sp!!M zel*|tr|XWgR|s>jo;^^B{w$@fZ;`8+OaGU8_5J!^^P0lj?`cc+vgY-*j_ri{2YI!U z?-i3nb{P81H*@9reOExUv1($?z;!S3=HaDFjy`f){_0?!_V{;@ablsHGO#21uq zS$FO?j4plq`#*nu-6wlqN0#(;vwlEjh^v{r-^`n}iJegC=FpSe-pdf^UA)wA(#hu zs4%<-T~Qv%HaZi@TiVALDmYVPJJn z2Y4lattVW#`tA9Vtpm{9P~z`#t|gPIupdOP(qBEmws%XzgTmc2B@Vtl_CMb%fgT=& zAOCNEwCq@au)Q6|FOUzz0(wI_N`;^R2%2f2j`(*mF=hB!aun)a&BBs7)OW z5B30uZu~-n3*f7KlNhq$TKXZI{Sz(tkJ$DVjcNpas|<4p06^tkl5oC`paCKjeqXq?12RKcLLs# z{T<0a`b4~p^-kym<()i>4#_h*B(E=t4w>LM`*-n<+_e20-&u8c&lKbD-Qhnyra!_eYu&xgzvJ~@5j*%l0}Mhlqf&bxhNVt z9~vok*Xtkot#@9?ZWphDx!Qi2wiRPO1bwCE3xIR>c_~_}-t@(vTlUmDQ?0#%rjcMNR`kOmx zw}~-TAm`}kTx6(`OM<7?HJC9$rwQnzW`g=~ZuAT@uG`JH)@xiPXS(BpUUQ90^Qj^K zxVXPl*;USY$u=nnFC1IUOw-~*e}IZk{) zd_X?2c%ch_rLzKjz)RimlI4eyg3C~1xUPIVP#PKP@LMI2SUSyo$^}&;XS1&T|2_MWXznutPXaC`U2d}Tc5Ab@GJdPBNy$|sE z*+1o$Nq+ho3|_~RPdk9sd(p=i0HgKjYmX0!*Rl@?_L=ldE}F`vj~^0@fX%zn$E$O| zAzL38<O$hK4ij5bm$b9yc)a+ppPr*vcF6&6PREFWn?MkniMbCij2KFUQ0G^w@jTPd^$A z4(|g0;L;S^YF*5E#4{{ru>A9RKq7Vf>xso4gzPx8r~IGr48KVB;T5UiQ?o zr^1r7p7|v_VfD;>^h_nT>I!tU^>ef*XG%w-W0F1{bB^HQ*UOJ+&mQ<^5FOKrP6=n} zHj%lY?(E(W#(hc z)jL=#xJ_K6L@66iTi&PoRA~H ziCh#9PRJj_JG*oHGFFE8ZI&4)0VCzBSeatw$%)|8{l9?Ey7vJ-r@l|{dF|TVeCDU2 zT<~$@J?Zm%lhAHCe|Qq@Z#Yr=S@y2%+@Tjm`iGs*ULU?#facB`Mnw8!>~&GXe7o`4XGi*nvLD^B z8E#qYM{ABUflSi;ZAKmBkLFN}ze`=s$qt=F{i*JJkmh}KCKGeYTY4TjmpSFStvWAN z`<=%5Zi2m2mgDbFeu{A>;t_Pwu+6Jo=U2UIR>8&mhl$d5$jD z`fYU1;JoL&zV*bUnG5VcxQ4Z#(2Ab5j&io8p5O1TLD%!xNN3y5k>mwXzU4IM$O5io zFCmM7Q4knu-C6f9`Li@zBY5 z_C4De8)@=LCvd%ob;f)6&P1+zINyP@&B;j_&E5`YZXVcga^upRsx135UE$WNOFsXyRdTQHP9ul<)lz8JWZa%bmz|=6RzNyuQToXPE`2>d(jsO za1&&HG)dn>#Ip<3UMubK{2A5n;F@<&b6vQfcqQLiN11Ou@Md$O1sFCnzBc$|owZ5b zbsgV0!F$nctOXiwbNW|!Wz~k-Qk$-Q>$YWSwI+}Jkb9}K8aOf!8HA4KLz4~AFL3Ig zA0uZ48^r3)QNYw^W2`A1r~Rj>e{XKxsdY5UAxy=>xL?J%)mQ8;a6|4BeU8!RPoH3X z*)%3PSDd-8i*p+CooRYssy(KGvt*SS*DcT!dn#0MR!TMFsbYNE>%9`5to*%uP6{zr z?1HILLm#oS=;`1h#(0#=(nuV?))}I;ni=P;eAKJEg7;PMQH1xEw5>TFTi1_|kDLG> z+5CR^#s21cavJEQZKQ++s!e=7oab(6V2RLu)ROfLc>*`%u zH!FlZqg*TUE z$Ca#cp08tG;;wfF=8C6c&Ctm@@%qTkzk^?oN9)DVT`P3=DfX+?x-Cn8U-{c0^k-;k zS~Qpard+)Y8sxs4Ju-69;IoP}G_R7lDc$eO>31dbdY;e9UY)18d{aCK z-`tedXYRKT(&tqt=(CCCFLO-pMI2dEd^~=+d2oLD*OyPgFE2jv&)`f2^@ z6TsJ$9RsgRb}Zu;`El6^>SWt_etTT@!>2!ed|UHX))316KGNvMTdyZC$-m$6<-F7W zNwbF&Yn;ORsFCQ;GN=EF(aben==9H_zgHG$oCWY{;pRSUuEQ1dKgqtuWr3*m@yuEd zbp8chZ#H*ei^ZnEgT>@vN7&<@c|tSibY8^RvqrynjEJsB{wSx8e4c*U0Taa2)8V(7 zZ8g{)94@!Pl+uaaS4nW|EZ`y7#uM`BqyXx`*$$`ofJV3O=vSWo?|#wsQEF z@<&(; z?GE}np0yfgesUyvJ=zxs8LpfLjq@O9f@zNb!0(U`+Ao1RR(@M~euiWYIM95iX%kt! z5m}zy#tyFy_C{LMgeiaZPcUdHsT*{B=2b>`kp+EiyN>ZRBlBHdL8@g z7oUfY!1eP-2RsF3~qfrF?AV1 zC$y)150t;$1RRssWX0*Yzm;-NGqzV^51Ip~y^ znDym<7yb1+jBmOts})~W{zigaqF@Je_Xi{8!Ke6zhLy)2DB;`Ca&T%I7G;dFQL%(- z#yrVggBm6`FUh_9AFXkzWUR`qmaS=Wba^J*zvp>u0ondnx;l2rHz~(;HRF6rcE1&K%x-Okhp#A10E54HKZ!SYt zR3R%gZ=OWfOYSF-^~Lz55wlmuxzT*_4>B>Qd~oG#T0U@pJL6YOJwraw|B&C8;QlL= z+l_p%^XX=sz)G+;@Tm4;ap;g3@~MNp*HS(*GWE`W&i?kp&zAS#@+l84KlNm&g~t^p zA0-`MQVxygDHI3lLg&slbT7VE9;x=i(cT34?J@Yk#nXvngu=`D-uL4}!QF6Zk3I`7 zHvaW{pKKS>IzpNI=Vjm9{ui12kaWJ1)&F7ENY*O)&V= z)oHuzK-PGTKC5=uBNbh$^`M#Sk#5~jUCAAER^mQnzT!E=Ko)_Y&Q;u_=ac9HV@I*x zY!k7Shlyi6f^DRI5w)jL7wg#PJjGfU_K+(hZc&Y+j->WR~p=o1jtEyy#*`IGA@UNmx=^^p;e1|bo(Y5z)Q$cM{(y+&Lmz7{DH-%mDKX>aWVW zIk|=H>a+GZ`>gtn>`1f$2l&Reqk5glr5HLK*)?5tNAR7!CB!zyv4&41gFZRYWtceu- zYXpC62wm5Yh@yx3A3`oSA(xwwuh8nnCA@Q5M_^xLN77ft$_%`DwusysKU{mUV`7ci zIQp#vwv1Q%fo%GFmoKz_?MkjCul@C6tFf(lK9+G9*?SA}1{o3`s(p>z9KSL`&pn?tK;p01E!eiiIqkZn$>6sFy*vdUTe3xQvLJL3fM&J6>lF4%uY8Af zOZW1f+0X#C!sqGNU@+T!5-`K=-o6o-l>)O;;4?M{%tiwKx;lyOu=PLEc4JCf?9cd(@cq)7qsg10Pu3oFwmAKFfV-~g z@G7*?1#Rph|FfI?&xO#2{EXtT^CRTUT-ll>pKLI-p?ZqPchLv4euF+WF0DP<-J*Tup`#@05YbUzLMBVrG*Hj# zN6Dr_p2u!tEa){$&%5b!l0IKdpQVqmJKa8CnC|mr&Z1TR{>k+DJb#~QL-p#%X|3m2 zY$)wdOH3PD*mxTI%+TimI0@nBA~VRv3HL1oUa@t=H@r2|kG=V3v-a!RfN!x0S#Z4d zVvC>wJ6`3Ws?9JyjPND9t&wZ|y#w<1@Ef;pg05zP-vqcHyL8-9#dc+DnDw7L`;=+V zT{~jOAe#R_$Lo7@y6;Wud-KWl{o>>Fy$jsmk)!Wg>z0Hj%2@CANpz|DuKTgHHHZ5u zlWXkKa)>hM1tZ64#Z zAzl6K`kRMXXOVsW!$2+ZK>VzMYx!l5X|-eQWX`QY2bNc%8%38%WSf!k&WPx|TO;>1 zzVr5-b)n!god+RZn_Xrd`{e39JUq9Nb7t0YKB>yap=HU@JJ4N5FVJ4~ZHfgJZFX3f ztNm=HQ|-IhHI%PqJuUr=(T5m)P3lZK>6DTY#PD1>fq!T8wdTUwkQ)hTSp2Vht(CCj z(^%iC#g`8u>x@rCxq0Zf`JP?QUe~hOWHZhuPW?r6;JBr=Gg_SBa@Ow5T?BsgTy4sC zwQJmDXMW>SXqoRSjxry)VfC=>tNL?2b2Z~>Z$~(=JV{)3$I`&^NBC8n->3c9?m%=I z{3v)Ldqye$SN4V0izbj)9q>M|D4+IXmb@xX^Zp@h%PwScF5Yj{x=^3IIzQ}_SG1ve z;CV|Eutk4M4ltMFlLNq|g}rGd2SU8B{7b>KM490qaObX7d+9IuMbMMtH(F<_97qdy z#kK2!yM?)Qr7PQAxQ~ODEf1W7oIMc_q+~~RAo^d7#olj)Kiqvsg6+dS{y6JC^(!~N zt!xz!UHGZAy?Z|GK$oe1)_ywEyj@cekG53gq|ShNtr{V(7I2 zbilw4con)EsLQjwx}_>NuWo5NF|V33gYs%M^v!oYUd0a{5&g`q;?k>vR`tn0+?5`&QyCR6JIp+6>;ec8+Mywjo5~xlm~kmb1o)E zh0d|Gr}IF9KAKw}aHd-r2p(^tvr_yF?G!iSI+)(^)kM2%}-kty_+4Q#X zUC`T+Mpr-F^&!z*`uqiR)&O=(XIZ#BQRgrp2aE=wzqg%o#U4smKnt8D7|WaL3|$L!^@{HVBcZQv%CIba|d=LG?0MKBy$yKs4e1*K-#D$UeUnZ zFgC;%YeQUz4Y7jxVfi8}TNN`_oB8dP$_1)pZVsB%+@ov@*@e&vo~hRbQBk);HC!6&?Dn(>{)GQWyRyh>CvH z-rm9L6WdguO#PT!e-!oYw_?=qAU+^pM(vbRR=5(*-dg74k+&n|F1@%i_hiZ#em;q| zy7~4_$Bn(Ip9y$Oa2ij4k5mWQmnm?}*(Z0H^OwNgwanXGsXTGVvp)q-H_sy<{+B)p z<0Giu2K?y+Wi9O9D0s8ElrtG+OD*u;bzTE+PsjGAUB#Vk*=yMcB}rQ$>@y3y6rQHL z-;jT4cQ!@OTznEpI1=L*FCmcN?|~`eofG z(|n#7&bUX?&$dYUS+sL9{GMz$mfx?V&3Ch2uE_9uI^Vv592nUdMwZtP!LD*+n&OQx z*KcqZgKR^?N9Y@D@$znX*|Q6`G<6J#uH>A-J?yigm~_T-b7n$l^-6o*;G0hQ9?ml` z-`bM?*2c?^HWR1WQd=`Ly1=zP3||P(w}W5V8_M&^)eqJ)uANBT9{SPibpN<8kZ<~t z@tl6>d9T-x!r;+qacH^|+DJktcI-Mo>}w|5MR9@})+wLHHzZdDDv8K-ccA{JwBYbzxY$E^=2MU`6RmDMV&I*>!iI#+H0gQ#DDff zg4$PteMyneFT;}!l)D`npx;~h75!P>7C%4yi8Mdsqvf<0?;0)LnvUN~?*-wx1azls z3r9cwi0{rEgnmR@Y20;!yYyM2spkfF;S}y-FFECVbMW2X%SJBc4}bb^N8GMLyVRRon@`sP7c|RjdRw~ZuSj{qdR49C1)$nSKKFDt~jmX!Gv_Wat$4w?Hz1? z;C1rK(WTVergN#gDBq2qmMtWh0FY7QFKgH7TK=M61|@)J1+m0u@WoX}Jm`Oa&p#e* z-V@Pz9tG`t(M8X|7n6oN+lod+w!i%I=Bsb%Y5j6VfIXs4b>{A4es^-<)M#;lbp+hs zLBD#jX|?um=PAtPbKT4L>bPG>&gl)EUw<*Y^z5VIGefHnWB2x9_pZi%eH2@A+0F}e zmi_iGV7uN;TupPF_t1}5jqN(D{f}mzYe@SVa%d8qyO9i?+J2ZA-NyrwwJn@U_6qar zp9s{g{brzU>kjUp8*vZ!w{d^F@BUWqZ%f_J2`pdxjliv2=Tp9&@^@o@9>!LC1^cRH zgmdJ2#_;h{*4B<^?KAVF-)|TmZ3XfxUw?wgvZsc1h@~uZU{utI?lf&@w5#~I@ zZHLh#uZ(u&m#xwMKXLMmg^!8gQERZ3pP+qi8nK&^2W$NHdp$P2Y_t{i+8e@+_x%H7 zSFBQVU3-Dw0Cb($()eIK*E@lAG4cLZ`ql;x)wXT32Y*5HBpdJHyea%o(aSj627gOE%bga3+^|A?RXCvR~hVBlM!x=%}#L$HaQ6QKAcC{@anP79GyTfzy9a%zImxFf+szoC z#>V}PzQI0gg70(6v7+CSxBIxZx=ecPFIT!eI)?I&_b;7H;%FBzU-t;@Yyd3YnWQD%}EARWs9N)i-IGjJ<-_G|YpsRdxllBl# z*bR)HV%$$d_y3&l++Tx@Bfn(`_`8n%e6`NaU&il~Url+J&pla5pW;KEek;Fz;PuVU z1OLwJqlM3AGe4g>A6-G7rf^dc;fzfBFZ_6vbYg!YoV1oY$(Mu^O5;02L>)u zJUM?7d$_z4TCV-d^QXGk0bQGY`rLNhyr0{*K2P~<8NWCSM)Hd+eD<0BIX;rkb%O8x z@QJe?LVPz9_}KVQE9Y$sKAVYWGVfMCf0DBtn9ZHPCAhql-wN_=u1B7PIJ2jA*sW{p zBF^#!j4AHnoS5ozbb%?iPcWujMQd<*TzNx$N3^Q=t%0`}tD}u0JE>F2_e#&KTU+rO zZ5*e(=u5DEgB&n>{Xbk=9K6Q09goGqv%sYa955b(1I0KSJsbqV!F&$~tUWN-!a*1u z*mm6Y54UgqaSj}WvvAN#8OzK1wfJ!JNe0KqdgxX7DD~kZ;?e8%9=(55BF$Zba|O4Kef%Y!`TRUId*Jb1zSz|1~E)8TMU7iDH+Pm!ipzZ(4fwNC!;cO#i zEWEEU`LBc1^8y3Y`WMdg!MntR_hi9V^5r39gC{Qxd?hcA9-n?Q;7i#Qe8XQ~iye6k ztz^R2l^s3g7+F5(!6DvqyrvUmN@ z#!`-WP)2*TUOUqFdw5TuOsrXUqQCA<?n`BtrR4kqBj?`)#v$Z<9sJmUY!4ylbzRD}gPbS-Rzg?|IQFUy7Yn*f1j+3g9>8 z;ZLS)^INyZ|40lLpA%hF-ieLiDhQGTHoFm<7u% zlo8+Bf0lkWGwlQsj&xpR_z>{?h2R7Ev zh!Xql-v}IcobU3z>L|u$V_9mu6JJmBGYQUZc=%cJuJAbVb{CJ*Lm<`nR3_60nl&xlK1&=DEu7> z1AhrZ9c|QrXSJ!iq6@)~_iK5-_VdbERi|$28PrkPO_be3*}aANlr3<}-WM$2O}wh@ z*3g(*-qjX{R__k8AGqq%PH1xd3yaJ*u6nVFXPxQ?zG*T0A&zCA)7|7*#8(HSWyFcY z;QKP)o zaMAt&>MbPJ<<^@x!?eR(%+slM>b9OmI|aks`bE^AeA~xgJiDlf`a?|p4dn6I`o!j< z6VHmgSa4gxm>$O2Q&_NiVqU@i9egK9%(;hlCoUatzB88n%JUfard!pgt6tp0y9w$$ z<8E@C)%A?Cn0gz?chk6uvqmqIe(;T3?-i?Zzh5##xbu&DmDlfF$MCgTnhH`h2-ZWlJY88>ZLqYt%q zV26iq(_d^%(T~d5aqsZ(y^?;<2H#z`=8f419v&{tGqiY6@WOU->rI%Ub~a%9x24)~ z$GvitTfdk3h2XoWsF3M7PK`S|MF-kDD!S1yRJiPdhsikz}IzkkQCi9K+A ziMeJC5ZBYa_ZRz~ebjq)zV~~s_dC^;;e2=MO*YpB=6Ztnew^=FsrRhd`#sCN4-F^6lXd&wBA0Ap{(YsNd_{nt6c{faX_ zi;ZCN2q`1^`a1e!G4FQZClW7~{5SGj`d&E~Z_f_7=ew?Qe+O=HjGk1iyNg`uZr)2T zFX8(pPDz|e{dg7|LVHLlZ@Lm%Tg7{=OH0tdv@SsBGl!rxHp<;U|J65}C#oG{oLZlw zz2!_^I(kC+8Xx2QgJ+OI`=G~3c}{tq#*6Kz*sA29?7CNh_bTaJz9rcjpYGQ^nco|w z?@?CsAt(A~i1zjU9@Agqlk`#FAImt2D@7|R;ay~c*4Y&;t^MlcypGQv3bKaG^d)Ti z(sN~YUkc3FUw`Gz=5gu=Z6?8|@*4E5?C~EexOMBkr4wh!mpwG!+1|zhTA>XQ-iN#pe&-7%1y^eCyT^a9u_D`JS(pM@;PwVru(XGn|L7wL`Iw z9}mpU!`IUF03Lhf2WLWYHLsLGv|3`#(S}qjU5(a z3>EadReUkg^^uLuBzx6oGrih}&4iDuxpLWA9{}%7%wNhzl`Ij?dyy5g&BU92|E``j zunv1AsGiE_D)U}s+Y0=uY}ux{5F^{LPt~Vd`V^CWk4+oVo=#3t^hf`tpGCh;{x;WkF2f(U?_j>xkH=?>-lI4FYw=#=iDD5?qu>KfYl0Ma0l)C*E83r z+IP=FQNB>F_6_Xo&xj5O_Lbh=2J5vi@TCrP0e*l>K>2U9@83r{0jz^ruwTJ9gyUA= z?$lqJbH8Jo$0YydhAg+x0bkU3HirvG(L3^fueauX zx8vr`QeO4s+f<@&THvVwzl-K*@8lUKSD^_%v;|*G?Fs&h!^lRF-&sU^;xCOWhA+5) z_>kbJZ!UoM6Y##1^-b}u`4-B$3;JVSQ>>?Tx0rt`?`fyV)u4xz{Q0UFDQ3rl35T7;~8M(2(|z!tY6RP#xuC z=LyHm0i$cpKDI6REX~BT?u}44Qf|MkZ+49gly{Ft*Nq93_ZA1r6MS3xR&a=W-}jdn zj|$`V6~o0s2hW3%FM7;Z;Km^)J8=+w{FZ zaIb#sgl`sum+QdG67aIr;3c@(;zPJ71sAb4>>k!G)YD(i<}UBP4;-up2aQhouaFTb z7_S4y_W|S8z_<}#iP&K`al{^CioL`a)sEn1#tvM?lR*zQ#f&$`c%PterHrv6rLz|p zoqd4kR%fs8PwVVTuEkILcrW-be1)}l*w~UgRi5rwOlC2 zx?V_IDyO|0^xNnC9?EJ@wuEgDVovot$@_Rhq9z82lNBLtx z!>H@{{#pKZ_aDrh?+{ExJF;s9kJ=L9lCy~ETbMDJ+#YD91ph()iq?(o1(&WD4hA9)zW4YzR^4zjX-v3c0Tw zDe!n+%kGbr1I>m`H0Bbo(|{{kM&q4XD^^9qS!4?t_Jz<2=JwUd~F#(1guzI>uW z{E&k7O~?WL>R$eXXroRt9C?*bUJP;n{zCGM4$_wNavi@he${uiC)?8cuw7hhPU0Z- z8@#fj`@#!24+GloM#s79p_GrK+=P6yb~}4sB)h%iearQE+_7k`sE|MH4Wc>pQqh_x zJNALEyP&f_^L(G=<6qtRlzozqT#(qS zTbVmjKF@sMq_LZQ0HA5n)_mZyo@b(MJy(Ax@mz6jT`wj_uA8!YSK;IveJ2=8P6`Ho zUNd8(jLy3WGB(lWWUiNRop6G8SHXXea9t26xVwkz0VlYuMso#O?MOcQ+ja31Zhw}1 zJQKh0;P>#->t?J1ewv@y1pE#nCo10>n7ax1={k<=eHi$4fmh-AXOzp9X|fADt1@|5 zvg}dHS`h~S9dJ4>=8WUI)cn?wYIps~K9eImGL<9J3V+W6-q83qe1>fnj*?x+@UgdU zZ?NZz+3!Ifwh%9oJY0f5Y0eOWHY5-4q0NKH!#FTD`OWh=Yn1c5wU5j$`Vp(e{=fzi zZYz<2@(--65s!Sm7gx22Yt`z-FekyXRgCh|zO!`t_HxzWUB zYVn;E&rX0Z>a3|f)7!fN87!L7H+C1(mNOiC()A4&zv0OiZ|r-BDfZB2_tLT%$m-{{ zc31vzBfR<$xzbJKN;i=!-9)bR9k=dUw~<`wO~ffLC%#_yDK}SIwwJD}fP==XanGXN zF4}#FcAMzu3MaI`lbq?=cbe{APtLUV&-w#>v9cmoi#>)-COs}4(mZ8%8{4^AW3%$P&Xdnsak?DxIb_aW%l2i5Fg_!n@e5+CE8UW#--=ln*-RP7^cy+N z^=QE|+e_;zH4ogvT6SRJo^NQ%*WK6TM3`p_uSQ>+n1h)MB*$00Cx77~WSC+R zdaq})>AJw>#v#tMI?km30`amI^0LHZirpRJUjBe`idiSYvvA)A{otpYGm^J<5D_&u%lX&0f{%d2P$PiXBbqVP5+e z-n{mHZ(e(^H?O^W@Of?GZp4rB+9jLkyosHRH~9pa z_EZ@%L->^JC<`8aB1~>z%l*!B{0`>Q*#iZ-sc=GlA!ueHW0#$$dG>M01H~Y*FZWkL zb3rG#TKu5cv1mm!nvg#`92pAFbDrJ(#>OSCX2zScje_l$G8V}Zm7APnTp#z1OFGE% z$G&mL`n&QM6W}+EYtAH{zH*Iai_1Qe&2ad1 z{BgktJ630^n0am9tL%5rWlxh4&a}7L1GE^Ld5$?V#ma<-!}MbXe!kXANFMHhpBM0K zD&Nwxymvl!UpM-<2Yu7Ue8tn?YzN;9GJhCjPEc)p44wNl@z+`>u)mx0k|(^g^6opG z{MBWrINO@A30edTVx9O3M>>d$F9Odk(86TSI?m5?qJ?>p^5R3#2(%F+-V`f3`X7sc zTQ9Uw_}9Ao*z0C(K5MQ7H}St@pZ0PxYdI87=Igc3>6pQ!vpI^;E;b2c_Os2 z0=c>gy{0o8_W|2RV39w=eMh{@ea9S`_S0x&zASvH`>u+)Na@2K#v>Y+O{aLxFG-})Ex-u=$&TwC34W%5}O>K8yKLnHk!czbkM z`L!9Dnw{??xgmL6<;mKg0XO9e*TLs8_`D9@ECmibpnD^KJm39)m_zX2AA>8eoVDMj zFW#s~_wD5z`a(I9C+eU4X2nV*htxmGQT4AjtAG3HUx=}ZZwBk9^%4E={r!E`*I&&o z`Ssh8M(8YfTHj{!GyMC*YER18wfxz+9&$Vq?4?n=%iR~MAGh{Vo3Zem8C9`{VoE-%Y-ebe8y7uz!ekBu&KmyP#juhYM$S9p+@@dPN|w?`-h- z?9%IJ^x+@Zan@=Z^jF7Ot4sMUBtK!!PUrbKRdj9t?z4%?gv=my> zd~U_CM&r}Bl#t`b7~~V=lXtd?^N*Dm+Fcykx@X)|4`Ndu*>ir&gWaJC?Ru|rihC$l zDPKf+vBuv7f3ewIV>>7YZ}z)1wnbih;0^ZPxDtCp@C1H_o}5#ojf}k;nB+rGT9YJN zS;-o+JYMHWACTtxsu%X&pz7RgI!U;+N%QAW$mHtO3HRu&<68NviX8F z*u>obk+P|N(ns;S`~~&ZPix9C*#R7Xz+bk!eE#p#GHHm%<2B50Id@)&51fu4nDa@E zJ)2%%8-uG>>?9Te}T7P$X^sn7-G&5J2 zAxmUGf!8!0aDTIK3(N#d@n8pg6gxH3-8n! zgIVx^sRKWlI<0Pka_qA4 zgP-3&eyEF|u_wUK!uJ6`c?Lgu?Jtt6VevDbKD2?Kjo>E_{9Fcph`U}K^6-;q@RQfR zC%X>#*$95}z)z}N$B52WsK3r{J$9%U{RA>#aHPx*EJX-apHKSD5^k^m=UV z4bqA2B$-+;1RT#M?-(4<5i3`3Bed?SJp9qxHo3 z;96x@(!SA|eq5tNl`o{2X9C@Hq!JoPH5w+VjQ13&HId&04;69&g&*(l&x`};jjc_UZB z?L)NN1a6ba(~uvx+&@VuBnuNE%Bm2_qb zm+)-{F1i1hi_0}BT*4y;myK@hxf2;?;j;Z*zy+DK=6E*5*?iZQ83(>j#)de{SEm!X zVr>UQr{E#vr)Ta*P#%52+2+%tA>hzfjQt8N3I@<;YRr;9{xR#`&^PrqP$xyd9!v(4 zL89T_nYn3L`tcup_QD}!&!zV>jN=RIJjp^}(JPsQyy=$Af8EG|9@);|@&6nLkJ2NGA%DY%&wU1;>3m6>=URhp z5Jz7GPm64S@~V5Uo;m!XFVA>-FxiVPYW{X;TsBLvV1 zap9X{Sns z-)0_c?%2Y}cIQg@J=%LH*#47O@RgCv%4xNI+D@M|e-I2a9{Qxb$!g}nEgz@sc>0v* z_33>2WZxU#$@3A!vk7Fo{0*anYS2O4k2}s7tnF@a>5a?cQaCH};p{sY`4`$BOJ2Zyu5`O!l$iy?#{&*`kukpv}R|uch`r2+jLV<}7#D{r%a8##hTXwK? zuI7>q9K3gaIPAS7ErViSKhzifv--2h%%7&^PZC|3z=o9^l7IclgX~SpK0emgF*yLp zp7B09X3lO|oIIqB$k>feVYI@@>#M{Mn&+eAso8W4-<*h!+sO0L+K84a~;f0?HzXeivzq{#=92QK-e+>eAFJ+sT@4bSzhDSJDq1Mor3++{kuAv9_&Of zG;!a_d`zdAuMe;81m`{Qehm4ld6nc&fV(e!?e^&1m_li*u$j_zBpYh@Ua*!T;}O4!j)LB=Jrm@3GE)3?fsd}NefEVM^mU}#jW=ImeB#lm{FV4M=(zbVeJOVL zuh3Yn{A1|K`b(YIYl;hZRXF`ie6%(IjMu|M4?}A`&{`dMuS909^U+#V=XQB94kI(M z*G@!hg}}%9DP8DH#hw*wmydF>56Akxg!H#qk%iaZI01 zgyST64;IJ9*YbQh<7>^t_wvh3?q8z(U}F%jgQ`nBi2xU$2IZ(G@6^Vzd~s>jOH z^2FlZ?^Cf?%Q61)_2gIh^D|_-$e-F&Qdzz->`Y%oJW@JRac$W&dcU51w8USJF&B`4 zCncXNYtZJC&_Xd8Sf7tiLXgkoM?(9;pgIf@Akk1n9jLgcO5_3IG#{V9XK z&jlax!xsmE%Z^;|F!`G4^KGoZB73i>w6gq)JZE|VbG7nUy0HWGUjB=Gnk4*?fFA;9 z2|fkw%Ye_W6nt!+s;eUoL0^*tzy?}QLd%k)+QYp2D&!e(>NRjGGHbhTvv6v3>vjUC zCg8M!J~eu9lFTr$$|!Tnam(a_m-W%Def5z+U?)4-+E+gUj?z~td17KPX?YR@PMyFe z32Y==64ydwihU3RarLPDXPwueeUT$upZ^i^hVw$TU(8PQ!zoVWYco&z=G8mcpRR;> zb2&Ux!P#MPXxINvWlt?6@9%kc9?#ZU5C5OS^Buo+mREB9Dlq=uIlvtlKZOm}#M#S6 zra;qL8`jG@(?i%+HxNgkbHVUvAF?WbEx3}rxhB%TyvVt~fjMc(kecyYcj81p7dJ8J zl+D*5pB$c--6!5QwgC6PCJ)4w={7dz@^*^WtKItqeT)F3N?`PNFX87JKYpt5i;+)9^S!<6pH|2td?kJEGDajl0#Yd=ml_H26oWMCk$d4q$m93dt&oHK?PXI1_A(ZtB~b=5lu z@1)GdHN10p7q4}qPc1&`!eq<&QPz8uyEcg9u6Lp@qv%UAi+;@f*8BARhwS%%ocsHK zo}T%AE88OM+b^GP-S<{peaq+98^3Bj^T5Wh>bS)9>5vKX!Ap^)75E;l*eezI9y|FJ zZz<<*=64&fo_W)T%=$Gm-TI8tUq3>7s=t6=)mL8A%eSw-dgl7?XV%B}Gd?B#@z;+b z$5cPSbJbVAmVV{?D2AmqD7p^v>>a_}=l4|l*4tF#_f+8PXuVCP^2xc@dYdZG@A>~~ zTev?d|K|#FoBZ)Z$sOri>0RmI7IcK*w9wNL^JV{`BLo}SQC|dhE$E6;o~g{bFWqys z${?TTEX2{Hhuv>-AQLaK zci>wE)86YCULglazDa5f*o0;bqrEYdF)sQvmb`cRJuSQ6Q=vQC?}Yk2ntqq@XZuag z&0zgLW*GbVkqF;<^fo} zVsk@=@a`iXe_FjRy0hiGWi!aGFmnW&J9GCJ(7vj!40UyNA9lsEO3fwYwI629i}Eac zjXlJ^#K1MVOms068k4P5)P4xt#pIe`Pj$f)J=j>i=&-}^#vyp4a~|sj;SWP!*rr3F zx4sLV{x9&Wb5+$=eSq_9@I}`{*WL3f%L|WxbV?8T z8okV0+=-6q#qNEEIF;s;ca>-@4rArnJ>*Hr9!x;@-RRn0Y~!;jBYWBO%kYESuNdzX zA4>I!`wm~9G&VD5N!{7>r7-$RF=Ecml`z2C(X6%;cO!57!dMV*liiA5p%aWJB1@5xIU{Vf)vid#j_Y zKPR1Dm4l8yO<7}Khurlh%3<}NzZ{27yKccBsdM_rLbtIc;Qwaq>>I_St{r6QRr{1m zmsnb@;e3$z9OX`&7L^VvK_1CYDM9|2JSJ$U#9J%h#@XI+#uxxT);^-n_7%Xb3m6eg zOxwELj{#;~b&8o0kD}ZiDt8O_#3W@C2a$(K?nh8g{ZWorBXaQA_46TPXIQ>6bCbZd zoASy*)!duwC%WZITWOcvuOxj}oJ@N-izj-a|Fi3Jo#!#6kF}U{Ysj@Zj18;xEb@W7 zp(D|E0^Uqs3vTC$cf`;6?XAEk4z3e7@=kca8QNzo-HccJGKbo?hN-FONg=(R^dQ0Xm=W4C%Y)&!TbV2NoLHv@8d0 zXUpq5FFwA!X8lwuRv~*Jn^)9cqQJA)kWI#3<5#q;dD-{VwmI(iW#@U{6-`?^EtgFu zJ1%9DQ72`S=^C3X$b0dDYzw=t`c)4O)}AjqPrRRwPn-Ns=(~(uPSvmFH#yN;1A$J} z8i-o%)#m1@%E1@!VfSDsIQY-XO>Ue*etUt_pBzeV1be-p^U9xl!ab+0g#7jdw5Z(u zZfHvV(-@WGAsse@Z(8}V?!Vd3A>_`j$F*lr?}gC-GC_OjDc{q|j8bGl12m}iGV(pS zKNT9(H>7h#lTFBjCic^?Ja70sE0(@tsGASlLZ7uRwe-VBpD2Mg)oKFU!t&SrLRJN@Y-G_anbq<C4zI1cO3sGp#It5^Sv zUj3Tj(f{ZM?j4Lp?Wm0qxxo{h{QbL4?rvy*zVdcyXO~m3I#veX7DvFZo3rSLmBrCV z!BMFnN9=*}ZgI4c+>MjPk^Szd?C*ZJF#Ed)?0nf^w6W^g?-IMoO&h}d_1JZ?Z_4nA zlyiwRaVN*@_}aCgw%Uo*n~ zn!7Xi*NnFzQy#`Hd*k)4;IBj~g2*oDaUsskUw#=3p$3)|jkE=IRZ#lMa{N{$_}T|V}hZ*Kas+J~3t zcK(n#Lj3f9LRXk~Klk2I$G*FocecKK@m%$-*ZS;+8SqeD&E?3im3`=k)xdntTdW(lS?4g)=QWcX&W*B1Tz|3_I$Q#6 z@x0(n=kbAoQ&>iN>gItuWFcc-Y~%cluZDS;%fMq7HoNE$eQxM5FbNo^ahsyU^DS<{ zo$y6lDLUMt_B016x`cLgA7f1)>xoC%vX&D(vnP80*-A)y~7bx$&N`@nw79!CrW<3!kYQ-{~{VL$nQp&+u7gm)1Z#;@uI# zGrp_l(3CG3z&{T%moR&dv!;iWumZ((4k)fe{AhbYz`6J}_G0a63`fVTj2xZ0(m7fjEHFN{WT)1$X}&a3jV~*E z4BC%}M(~|*^pk(a@3@x!<6CP^R6dRN5RD^$k;~gAV)ypK-`d-B0KQreoNAfFtBsv) z)?DhH;1(yQrLv}+WV0>jOyOJ1LnFr&S8{z{jS(L_8H{dv+pbk{@g)5$-7OgS@u%nV zPuNdF>!owPx6hTctGJK9zSUJ$md!fwhOssD9XAFtHFFQa-Rb^dH?ApdIybrkyGk

    !cnwzc2bG^X_Uh{((vl^Jba7i!Z^l%2M_Cw3nmOiwu29! za3}iey^QsailWu;C=uv4k-oeN=V}?V+*=qy`;oLQ?V0T;#-A=<_4AW*$3pn|Ns+DC z4_DuV99@JQMb>r!|5=sqx@T8Lx*t$uyb0jx93|3=4E^{y zb+GR>o+CV8V=T|x61|h*S&#DUShm;w)-t<$YSlaLTdE@5=aF|8kVz?3dr7mq&8*fBIfS&-d#ERkdXN*GEwNo_ zhW14tW^JtL!}ln|>RXlcdcG0oX(8Rzhwo8_*GH;G`ZUt>by{b=Sf4?94fGo@(gL$s z2iz_49Ud}`5PA#b6GC(Jqdu4V74lbWdNAKJ#_nO&gM~Nld%c%8j<(oPH2Tbs(CjCf z_)wh9kLqhb`H;4b2wy?(V2nL<3LUjAE!@5zx_uA2?PPAR#paNO&EZ&W5%O;j^3Uep zpvHOUFlQ&91)qWAsal0^GWFU{mQ?)O{iBMZ?lTW6p~=`zreHgnik!?wPL2XUE|kGj zz!CpqB_#Hfn~+s=!Pf}EMd-Z<-TEPPYd?Czsbcc-d$0UPPmpgJk4K-Kgg)CgR|%~m z{sQsNIZ7y19qfgtX?S#(J;^&>8RBbWeoEnQoy>=qeov?0t@K%FI-0)hrys%t#1@lA zKV%))flk2PK)$BM#L*wLIC(mtJMR5~4@5S!K8RjIDE#1d+8Re&i!?rporF1-b-H8O zes}D$Xm=MpO4jPL(97>cFAu_>3Rox1W1a9RF#b;EZ=k7R?sM?2-=jC3pM;%69pnpT zQI9Rw+m7xXXOHoXvq$`-kO~5vSbw-rWp^o%@7aGh&SCIQNe*NJlXX0IaWKUdqU_P8UeY;M8hr;#ns zAX|>_R6@^!!_R@kr-AR9io@=oRwTL4zO96Q3}653O~$7t_|CnqghtsTyf46e#GZB> z{VD)_MOHov&ix3SJLiS({ha*3w|Uua_h-vgck@Oi^x0-5G=<-p{66Of{_B*G3tapu zxOjRkxM+*<9>d;O%o^!=+bHj3)=+DKOXpzLrtqUoHObpKggE?=xUUl)d3u5o2Nu&9 zudKiLW(oN0(D>9M`rb;v1$QIpcgx$(P#d_w{+qAmP2$l;{B`1cjW~JR(zypfjcV8h ze^Zo*hL)Y&@k%K1I{KDD-|FaF1hm7wD63yu_O5&LvPg~pcU0_icUDBXJJu+nE@XHR z8GZtoo~-!5eX0Vx4>UCwU1^6c+B=f*X4^*i?!~Ut0Z(?=xg(=N2~D&oT##>HVc)#a zQ3Wlmg?83qV^Jf$a^GRcW{s|Vts9B|+=$cfC+QpW@2jD2V!ISx9iY8j+7tZRK$|w& zOry<(w5iEDFT5N%C%jz4p*6iY6rfM4T@9wvANDX-?^e_c0q{m86rC;)Uf;bGz02V9 z`O3)pmIi@iT0MFpcjLm-AJut!zH&`{%Sy{T(z}0(!E`B3hJRWw@- zdup1UrWT&>gy*NyP7lw|kLs7_&)D9}^H=nv4|fj{+b?Inc>;VdYaDuM9rhXdHe(C# zL@&J!9xG?U`@ADvbkp0=Wft-Dc}KeF&&50~;4J4TIV&#r?-GK4@}1;##g5EMWeoO< zbksD;rBkQqrkoLH|47#_?Ub{PRNe~LFRgd>q}}h#PA_q0Hy0||8TWAZe7=%BuE?3) zdbg52{vVy$6Ta)ro;c5$oq3lt``X#g?5yd|?CWlGW?%1gX5a7)XZED2&g>h%=FGn7 zMrZcT*EzGlHqn{=^$chB

    N2lrhfisUw})*+ZS#wNP7cBc*F{ZQTy;e8VC6L~+F_X!OuuvwoP z&-*yu$MQag_YU4i^FFFUW$b}M#x>$uOxCsC-GkV>O)&Oum-5Xu*}t`GdwJ>qCifR`*LHV2PYjRTX=~g|0*=dm zj;u>0|BZj@*7skVxlfdLO{BR)Mw-+|`UEqN{FXelwVFKsV#<(~%zMA^0QME-dvto; zyd&R8-ZkBd&5!-mWbS}8@8vYhN?lb_S2O#N)E959Yl=~qydz(v)Pf){=sY|Pe zcTMDZfO=#fSL?^kef#m*1)1sT33J^c>r8Xa zA$DSO%`sbbc<)r=ymI&JGw1-5kRPX5(&Bhk~WjHSZwfR z=oHr>x1K>4!v^Ymgy%Qd*?%i`c4X-vSQ~%B+IScCz~5jGjKK!5PaTF{Js5pulvnf> zzNgmk2hy@hy9PUPBK7A{zm57$ou!WYZ=>#ecv>if-IM-BG`vH(49Z1N?l#u=qL+?S zqRmUi4kD`EILt-~C!eyn6`nd$Zz*dq>3(Y`sZdzN5l=7uzCnv6Uy< zk{Vtk?OUWJVQ2k-HZryT4n>C_uIX5*w2?|1HMF7W@yLA9rBcwT)>Af@vMOa&?Ar^K zA;An={Dtw#pbKKZW#5>6RR`mb)9O-y^CI$$BhNVUv@-9J=z*KnK^H_9VeO@@shiOs z@{|b|*~yxeBy_I{^$Qj5FhLLLj@EfWfHn0V(sN}^ZKk1<2v5mHHj7O?SJu?ggveSy z`qg^!i+-i;Em>@6m()-Cv3~^^gUEkPca%0nucVFS&(*ETLoaPF(|z`O?;8uu61lD4 zDJ1eZP^`M16n-&{dciT_nc|Nnem~-$Bl~B8jrhfpN9=_;_^_>qZ-@<{U!T2N{a&2E z)MwB8^Irb={s8>3RP*2K{T__zOD266J}CZsd$?CT&zXH?{(Jd1haDl%kJq{W91x!>c%2aI}Tk}+4B9~kK;@$=E-J+x{1 zeU7rg>%%a3oz6Gzqc8FM1A>BB4F6XKs0A#+W=GS|X8?upZX zOB(`HD}2oPs}esg!;h~bY%Z;Se4AeFv<1Fo(^WU#OpM8ja-)4oZUx)Qszxp@ZLIJN$_vagmjlpf}@#kxWr%mH7 zt@gFHUY|bnpsqEx9-qED(b0}SYYUZE{L1}c#US@xq9-=kLJwDb6&~689PN%(z=<*%# zr%rEPNWSG9bmxV{pP)ee3G(r8K^Hl>HZOEn<%jq=4R)VmJum)_XV&C}=2afS|7nQ( z%(Ho+S;S`$7yI^^2C3tSJ6GPV%nRK?{CmU?Dyp}OweuR_eui~#8MjLMx<~u|8;ltI1?$~uVag{iF;kE4dch%ZL2eI#W zRoOx>GFGuGbBCd?k+J$2tAA~7Nc;x;i@}GbxuVl*I;!|IVGH!uh+Pp|LaOXL<**kc z_F(K3P3Tr)htzc8e9w$C>DwHTb5K%Zo9OZ+t2 zm)b&|BiOqG$F9d;auWN2tZP=Et^5`KL4(|riJ!wqVhg=Wc;Z1@Xq>8e#aH4qYl}8`@htpVf{SgMjqYY_ z^k<4~d_N~Il&IQ$rwVQOEXDeo=G#I~QSbZIdyINtrY?EJ5AZ2le8aIa8{axoyvM2Y zPU^d!dInMcSCoC4{nO)j+d^l-o9APlq0hjZH<$g^y<^#M_qjQ?&}ZPx8~lEg-)Cp> z8+_T!@0a=AK8@etjECQ^^1Caa-{8zfesAITXW-0w;x7_!$+3mLt~k7(-f9c|82`!7 zrr7lT&zo(bcJ@8nC)q+jrT=HMY}j0rye;W6|8c&SWLxMR+Yn#NXd8a8%+Cm5!92DM zA)k%4)?j`!hZ$l^XAZe!k@DBzH%pwk)Z!C}GoM;Ko%mcMj+_e3G2)|%qnB%WfLjXi z@&hj?@bW*JhhM6!pCWz!CB%Wh7JravAs#%Nq=Q5vj^28stAuxe>P9Aue=_h1$TuE!g$9 zV%Hac#_QOZx`BPENyMi><5Qt=&DWXzqDkx*@o}@By`>oT*zkS!`Jq#Pv@Nt7{>1r^ z(60!OcdPi#MtRRB=iwtZ)Yo)Q4YiMkr?4jMI-`b8jmYD>*@?b0C)LnrL-N?(8tw}Q z)zGJdnRj)Vuen_fIjA3BX0bac~414L;mM**A>#wMH}Vz+db(t#;zTUyFC= z;uB}Y|3o~_%#-{AywjV)IQ>U*Lyh9Q_Mz}h=KgmQj?#E%E_x6eTFc0{Fo%ne!c!j@p ztr}|a=CTjPzEqVO3U1B?5954i9%arq=7z3?wz`(6p_A)!L*fV0^q|U~+%WG9>OVkz zna0xzOfzjU4V^31&|&I-jk<55&Lrx(i8@@Ay$QPKymdc!>M@&=UhogLF^VLu>{tnHzs-cb8WSXa_p}ovU^UW%EgyRQ2iFEiw zbC!yqUXrhQf*NXO?(j|bHXq6jojQ}tcMKDK&HIU;G~#=S2aWhn;_XKKZQ{*F{7vFV zjW{sl%pHEA2|oC&uVoE52K==>%V&uLe=XiX9QbSTmBigfobn1|#W&dJpPw757CgM$ zz{A2`JY)|VJ%|1m=Z1;|4|9mu=7#QJ{4X+g;fEQF`9+N%CSg-US4vkyZMW)p_`ZRM z-1D*8JkM|=@i+0M-+?c^iHF+^Jbc-}!>83mgCEkr(P}8bI0GY8WN?D-^bj@lYsP+d zN^WR_@WVJY)OvGnD3g8s&S;fyAPOGF`p(#y^DOWaUe?jge)EJ}{L|rwe^QXmiQd`Z z;W2clmZx^AG38z}n>{P4s%^fqr^=;Sc;Vff)W#&Vvq zoD1SJa1y-=T)aTqInqvnhb_d95pQYcTt++Z!Nb#}eJbz4!vOKmBn}?>iFXn2I;!v; zQF!7XmC%jwic?1vXpnORA1cfxexHYw5Wc#;^ZVIDRPhDaiQWXRHoeW>pYX&t6=)7$ zi`NN-C;pstdjdR?e9YfMDKj@W6s*dHKf*ib5P#H&&mz9Wh)*N_pb^g}US`B|h%Ywc zJ-8@55g(Az;2CqE@xc+qnFB38ggA4c#Rn5lH{$<~wD*CEth(}l>o0UScGEp{H{H#w zMny$~iVji4es8*pf=0!J7|9GqCS7KTq9LZ{1rwsgz9z&F zL+0{(X%kd5Xh#p;?r|v!X{Mq~b z*?XUTG%Z?vV#K2^WlzFHP{wxVmofAaGPmRz-6zJ$f0Q_(#UXHpSCvziNy_e~++U^4 z(kHqptMrNC6RdIQ4@WFI6#Eea8I+N5LDOWc&zt-NM7*RSOS+;}+I!y@P(|670IOu*1m2MsAzw)Ma$*GF|4d z`)%a=Qu53=lJJl}4|%(re2LuXQkyNY(aPG+l2O}jJC6ms!x`pG3t ze;LQlvZFJ^$<%#J+6zh3okaht~1rv2G8xG51dGuVAe* znS=cn>-R8gvOl6?X*tQn%r>91uyKg;^*edsve zkB(!G`Tcy6O;xep{s8Ok1?Hi@W8T<={$w|O{4(@-8FB@(E|bLze~8!Z0L9P8rYth3$(`#(A`44P2G?FM(o&rEB)h9_B$~K$v&r1 z^4v(CGs$y|JjckJ?0x$O(oL@MS&xp(+LJjyebrX>3dkk%kXd-9!;YcL+JW*^)Zm^#c@;3MwA@xbJR*@2m2WEF>yTd?_#JrsTKGvq5=#r_i3>Qbk%O6bo{eP$!yAdh3%XvN9jPqA@Z zB5xmJoLwegds%O+kf+a+pPQMFtkgS{%JOLWQ6aQ(6|{jJGkYXQncHRt^1(y&>!Zwb zBhb?y!7pm;(evLC@KvlCE3kq50y;P8uLroUc4in;nI3HNwwTMT(`Pc+TR|VT#F~3D zojs6@VR6=g^Npoy7we_PDu-Hxh88Ov>Qd74klx*-_Y`T#C1VrwC;tR%|2)zjBHf_$ ziKOG?{UGl;nLh-5$SR-#p_i1bVlKj5g7tTT_PrK)#C6CcW{VtZjAa^e+6^-=}K9TY&Fj0JFs;{p2C{^!;CL0tjX~aZBDQze}sASY?edC3Ye=f z?~buft%8PQPKPR_?qeIw&8t|~F$apR+nI0dGGnWD=-+9^;`~=co6=s`4r*CUj5d@0 zUiM_hXg7`X!L*&mdEic~wUO*X(ovbTh_Sh)WD zS}6>Dy+S#|(3hUW79#Uvz8gN_#WsAq87V4NQ>^W#Nl$34j&)P;Fzp!esAq+TGihJS zUrG5ZDSH9sj#B2|F#hhKyz{x`jQWcmL!TaIwaopX7nB0e_J>^%iuzv-CSZVlDR+*Dh=p7oDuj;jL(p zcHHo?7i_O7>$~{6tc{qjon&pZ>P61B+ngC^?H>1X{_-AkX3S3AW*bh@43cIK>B%Mg ziG5D?wMOi$3AeI$XBX>1Z0AYqWzul-?me{C^!POSd0n>IoV+OOq6&B6{(~dem6MWdh)X~N2#zx&tM7(M;ChHvJ zM?5!4eN0gw*dZH})WsBZ1~w<5v#DX3r-Ez1Ltga*@D$}0`N`cf4;^8>ha4r?ZD+h? zJi(Sy#*?p6?rF-*eqYuZ+nBq1)jV>i`;Zwe1iXrKT+Z!f6#IfF*gyA8_Rq;!`E_iJ zJFqd9ak3NqsK%b3d)RF`jOw?fqW$PxP@4;!V;gWf`$bc%aIwCW=ed-7@d5;2xfS8a|!$*%h|X_yDl07s$);;cmxCczz>G*E&h=r*eS<|;sCwbIKkUC*6I(wWlkc|i*(D(C9i1J1# z??bFvLzFc_S;1zgM%LoUQIA@@7iXt*eb+&|NUy=}0byw`czqnPfG6w{`y$W<7p zXDItN%01)r(zm6V1(a9TX3x>D&B9}IMbH}b^<(yi_p>*ACp7h0_7pZh$o_Tk7umb{ zCH8L0K9l>w_i2pJcW^zpi8aYSWE}<0Y;zeo%@mjHomnjOB8%T;hO=2`7r;NxZRSK4 z>+^hBQ`*flnY3@7mwla?*uB$Uxxx>7^}3w;Fr1{BN18#>(--x_UPeFr^o;vRcL(X+ zM>;>^{T;k_AN(@!q+f=v&h3d@W!|;UI{H*nR(yc{FNu>jwZu5EQ0Y5w98DeuH(K$Bz_gWqz8G9@ zVd{dplOgq+Mm?}LWWAVa%2@GtBCqEEAZ3=h75-9@KQUHPUNACV;wh`f&{3X~es-NW zXh+BK?sr9=y}>+lHEGKo90F(aee`Eic3p1D+)kO>DQ{$$K9TZ%Lg?%S`YY%uwI5dY zVm*g0s}Eh)jo^NG{snkm_Qd|&+7l~wJU!U%_hP&MY1@8d2YZ1(E_A`1Da>^jWnCKd zXc^AJfJeQEE+Nq`dkznnqU&4jV;?O#rf4_w-(IQf4Aunu84LHAb)*v{4Sfj>vA^L? z(tD1v?{(67gfy<@-Pd{NQ}owWHhVM{upt-Pn}~PWl=!gtxnoyitrNQF_9z+Wi=6us z@eZ5nw-Ne9mqyr*&J7xgQBRGsZ{ws##k0K9cbTy9Jj-5$Uh+Fkejg&gSCHSAbQzgHN?TJVbYfA~xe4S3iOa|zc4CQtAYWo*fPNye z(Z-zIT1Q`Qa~ul>ga)jAk^Cp?Y*|OMc0G2cOV+%WPXXdnYiwlE$If(a`mcrmnp5xX zKX#^L(|^RL*4UR~1AoT9>AxoaYfQa|pMrML>B;x($0vxNXk+czVXdQEStrXnx`j~I z(anUij&359b#x=4tfPIq-?5Gs{rLa+%=tC+Us>ztvzg~@cEmSZ${rJW(7Wzoy_Ple z`?!7tEfun^{s7l5XiL_)rCim}zU*Or!L~apw4H6=o6!9yZEygZdC`6#F_C9OW<{9G z9y7u=z88ciWv{FFesPi>?Wpm z-qOjJeUlxbmbVP0C++{=hrDHI>xJ?b<{hV*gJ`>2`o5H1E&lKxOYOUrHNjT)+iqjO zZ4~gVQ#ZlXH#D!R24S$ zZNh}lru6*lFn(cpAKx+NHM~E~yPU6N%HBHa$X`J^y`+)PJM~=cT)kYw#6=F-l=wZG zX0G%ed@EeS`tUlgDlYmI(%~w$DG#={e~ay{hrPc(_WsIV-!j%SA7MQs`+RR}9SQtR zYerzIz@{o&e-pU9bw^-2-=@BVFNYoW{q$X8`ye&}>?ML1Zf6hh?f4Ryh96!-4l@ny zevP$=tpB$%rpdm!t+dfJbXZFMzeheUC(j?_`bVzsas7%ou`d?6{?n{~ChKJX61E)` zR_L?B!&Z363VG*V@)a%+8rskNP(r6E{*^`u_4V^odZuEdy=)~H(6VvEJEM;mB+rp{iED3Fi#aZ^gnXn#{HQbxtBTr zc%Ys82y?F8^er{4Takz1hk$)yT#ETuJ$ts=k?ls9e?=Vo%m{O@bmoGQbUP%)Sk4?O zAH8{G16vr%Sxz}$rkoE^PCMm1P5%%o7FiB!1m<`l>Rn^%DpbH+hw`%5$p}$i_OiVR zM(?lV(ED2%~Mr#NzR+T(fTDo-OS zArlEwR`k1Xg3Tc1)gk58;fD0-#IIW+@BWhfo{mTxGnb4?h)yjAf6)GNiC-MPqxk|` zb^mE;i&boIm~)BmnX4$v5y~MvAu^b&gfB*teDSGW$dYM``BTil*%PoZY*X=*9{hi8 zHJ8UZ7nyKv44*2jlYYp!h)l-}51}ukE%vbH*vgt?4|RVF`spI{(`zTtd2oL%_t$ej zJII`kwz!P@%eg;2Aorf1T*3XV+_Tm;ZlXMoFt_?U>hcR*YyHTC+3R=%bF76v{9v(8 zTQKl{#rkZaSM+Mz&4nKEla*#Jbki1;vxjo#QBEJ_v{6pcLj~iai=uC{+CpQiEhZ_i zmRV3%;R`K;pu9SyygD4U!VxRv-G3y%;;*TcJf9hq5E;-3?44M9$R+k>njhc`*|Ts) z+G1Gjq1abSdA?6s9-7^6cK9Ik_Hyi`geQJx@x)4Jk|%n({{b`~={V05-xHqjpXZ66Yo2hx z6IL#0DIrbdm8zEg*+c&o-x(V+6Y>_#GVn=e%#vd zjR39w)V?FJ)THTD_w%MBJCSIl|7pR$4|RN}b9Z94!KUuC6V{7gxZMeK9u^H^Pr!G? zcf*T($HR9-7Gvid-zDAel9reEy}bKN-s2p=#KuwPUFURaTaKM+mU4+s4ILN%ZPX^` ze0JORV`rK+{YU&pP3k|^0*#ygBYvYg_1}SGvXB2`eWp|A-gg4l>8I z+tQAG#ct`-h?_XdJd*XWo=4U)Pn3CN4WY~(Sp|6Ic=X^EX z$+)?lx#nEEUHyo@Vg4wxa{9nn1@Z~_XBYaJEc7$NKkr4BcN4Nau|FIKzXcXq-mR@; z__-A9`N_@T8^L1^o3?dO@WBFO-U9XdEb@_Q>gpN7a0P1_{5#d5{}1}WA`3o@e@W3T z9O521f3R3|Ms8yZ`NLO}N&lkfPcp|rZ;ju>OBg@tD|kotKE1^M;@k2?zU{$|V1n;H z#kb@VI{S*q{GuX9%P{WY-79%lvrWLY`*RbXDCvTf=Qq_LMYmPvzsWm*P1m1k3T@%~-B`(EB-j%5Cn=Xc9| zI}84!ZT|4UzXir0*b`vR{n#3|KFiqptYzXygZl{gQ`|=~kX6z~A?_!+4+W85(M}WG z2e}WPvXce3@lE=Sm6Ob~kRwON?bt-3KO3_nPhiX$)pJTCDDsIBu?rGAANp?kvfz-& z!uOlO6CxW&{xxV<1=Mc?^&6#6m~HoBw+n^`W{+AJ`k$?^a0QsTfPN? zm)L-mQhq(A7oe9bmOc~P+I(=4h4a9L7Umsf-^N5x=4ALm$dECPcF9B@gB(^anSUdL z@}GtdWS`nZ1RJzdUgR*?TTs52DcdCF`YL5|Qyy)DHo&;E&b(x6k|xBD?gd5{e(gjcecJ3_+aZ+biF%_Ponqx1hh5PZ&!CSH<;*yFGsxUz4&rl8y4B~(M2Fma ze)0+KKh6D|-_8`=Y3yK5Gv8)sopOme*=lF~hHkJ$WY?FN%guK6b;ow&)AZ$YO?K=$ znFlu7)eq_4MRvZO`S4sl_sjw3>absw@rgPX`@e9m^s8y+nQ?HAg~!0z79Is>SvUfQ zHuUq<0k#10c3AVsP6_FEx{&)4%9R`& z@vjP9e2nq&40I9ni>%a%?9#>fnQlHqxzZ@pGn7Zh$Z)Mi7u%C`aVK;k{yl{*ilK{J zpbG_E+zMUX2wi-{nQ3fejWUHyY^uhtv<-PR^w;F2O&vzG65T>0V+gXql?Jf^Vr}T7 zAFlVRbmVD~!_tP^=}YYDZ%Jz(X^F2DZO-_HH%{N$Q#3->#@-^bd$ z7`j-^6TMod8P0{aStp#%LFXpxg={NG}F#nHQkJ6K)>{7(R4dD z=fdaoAJlOjbu9XYP_MKNxE0)E;TCYWg`2?v3quzn=t4hF`7fvJms9pq%6_JX|EM?S znWor;h3YI^1+KL)@3<&SC|`6ITe0PqFcY81UNyy-qc5J(>j&tf&4xYLZcpLl% z_-1_L^urfoJ3772*nwQ+%&JWVv(SA&w~0)z`XxFBSqI)rUl5KlCrcJ{xVZ(-1ou zSzCvE(xio{Vv*A>`No8|7@&{c5=n+2iT*;ywWeWOxQ2AqhqJfjhHU}CWUweT=FV&Nfh(85-mr{p_B(x*^H{FR%*UY?^~bldiT`z+iI zHqN)Xi+qPVtTykI5Its>2VT!&4}F%Nm!Y5VOFs|_Nc;igYRdE~ zX+P^!>ZHKFEjrtdj)eMp!k(2_Ze~8#=Fw}Xw;b7twIKV`ZatF;?tCGux*n%-EQ7(t(`6-{eK|cUy_#SQcm-ZT`uNP=qM5!^{h9}t)I3Y z`xt8$y>=pgqb{|UL9fv)W3BZc@v`npu5*YYWc4w^&Wmc8#et% z{P}g&mSayjthG}W`KxE`v}&!L>R21e+UY2vtet8JW$jc$C~K!GLRmYtWnOgcbjefa z*G?~>L)m;rjOZcW)!z~Si7w)z{*H*(zLKyxyoc)oe@9vTm&tp`_wV7l;6LKEpCsh{ z_i$bCUk3lB+q6EW4%tTDCZ9;+qd@%rYQF*5gw)6BEJEtzbS5G7AwCQ2)Q9*i5c&Ux z^Sn+%)`_X#<&rkvzC!Xw-o@`}%CAxy>5AV@7wI`k%dtt1ka~Z!KaR`)r>Ephqpc+G z=lCLOz{k>0@kdmTkEI{uW2p`wOV4>q!uVdw|AD6@g72lPzwarT!uQfOPkBo4saNuz zfAN&eRNG1lzU3)F|5=KDP*E3LMY;!k->R$FW(w|v4= zves-XDfzgkL^at;ZoS)6lBgsP{{!Doe}fOGyF4XVeE|PWcjCY4HvBi0c}gz#;PdH! z!}rrI_<(vZzMyWvC)Bn0hPoObQCHwA>Qa0@{UyGi_Td9+H@={D;uGo;d_!#^KdzMj zCwx13@bPr_Ui>#@`>@i=&2h_wa?f=Pp z>1O{?Y5b4xrx)=7HL*46|EZn2Z=>E@sq+@~Z_Qf49ru_7$i9 zV^2B!-WTx?HIe1lv{KEx-Mky%-7enkZ|aqc_3`-r?- ze35)enfU(<>2&b^xp#26uIzeo_S3C>M&=K z^H!vc>z&E-<<`fnFw1(sIvH*R-D@&eIn8tUY`pM{JmxMJ^|#}6>hk_~{q2nYU+3%S z#dqGR^@O?C8N^}q9?_P_Jjk8YIzdH*~2S?Rxr}OoH znz2I8SKMgDS5vEt3%^d(xgP7_@d^BPuvhx{{aMf^m&aE50^cnYXkuZ)wH%CjHg~Z6*GB%7g|;UufVoasQH?yq9mC^Uq_|U#eZZ z#IDTp&+|BVa~p5=&+~u(3(uuPYZ;8utTTeFIUahK{^Za3&-wRVHi|X*HZQ`{l%Y8|7-t^^xrT2|DVbKXa1A)|1`zlEo3pSlO+~uW)NOx>eQsZx`Wj~`9g}mja?;dHQJSjUhs?}KQ;%@o zz}MxhgosMk0rs2c;H~8@05r~bu)xt@)`XFoGlrQhN;Z{pSZuKG7z{@>p z>YM1zy3m`gw7T*2;8uUby7UeZ@SZg zeMcty1RdD#W}0#KRy|I*#6F;J60QX8xFpInS5Mj1lZ2`ty$s)*Ltn$$c*ga}vgeV> z?{FM6=aI+XhyG$dZd3n^u5q5V)^Ctu&vzrkLuNVOjI0kk?Rn%pa?Z>=eGmIV%PG358c-u?N?^m zr{D1}4m;Iyw~qJEqIX%&ELUsnf4YUT?W0^@piJMQJa18!HOg@dW%xPy{}yuSHP%wM z(x$WhN7M&fUk_BYUJ_VrhTb~U)NEfe?tKzh!@Y4t-N7>-;eMu?``#n!2=_JIhpW=m zo%oP1$A|oEMVgwdOj9d8N3bRQL*TAfd^8+RQy=DRkxI@MiFY4SA3zuWQFP()z!7W@ z@plBCK9r`uZ98Zriqo*Q!>>eP8s{5wW>-O)_&7&*42`4HnaxW}+WO_Dp#$G;&Sa+{ zdxmDR((nn7UjXq5pOL1f(GlE^j&wR59QSYrmFNk<%&EU7c-^h0yTy)ht2w#qR>%$1 zSLHi#@KJ5+Z%)SC=$hEC79~!6LImB|bF;Uuvy`?h6KuxV%eH*V!r169_gk2~Nz3gP z4tmvcjfGEvi!9s^&bKgno#hQ*GR<1>u!W(C80)8ps2j133mra!KOXjORUS$1?W{P$ zfA|Qfk`TW;)e_>Dr{)M}6AI?+O468W*4Q7)Ok)q-5tTtbMX96r;U9mF`nez3=>m1b zIWgvP{t@*v>S%>J=|X3;N`1V|H$FmLDC*%!bV2HrTb<1~qC)WLD7K`-*piB^>|5Yp zgUhf33XRbZu}5Zp)Q!%6ANFHzRYSNs?8XiTe+(zw>cfO9gKq3d_o3@>t3CKxS?+hM z-#WJ$3+YGHRop-a7Ist^oq zYFq$@J~f6uBk-=qd0^;N<6JPbs&O`$b*IKz;KLTq1S5OU@wD+UZ5tUYr_AV)N6Xa= zbQTdE%?KDe(|8yRooRdm44r8_2!_ry9somU8ux>P7VZO|vM}HKHEr@q+GFNud2-CF zEvFwlV9wN)t8MhnGxg<3-)xQL>bU5p8p`q2AF*)~E_F3? zq!@hd!cJfxb^@VZ7yRo|G5A{I(j=~%yz~$UU+*9;gScpbd-!@U_uIIi>2j$|&H&oU z89)o2)ET_JAHRNE@#{C;;Zj-H=kLZoe-^&pgO58mKJI4W>+RrO;6=X+e_3v0s?Ejz zKm0Vcx|00c;u2qf=0Y>|By*`Iml~lA(MA_`j_hk|a6$9fF4dFo@iO{=ea7NZms%Vv zOX{R+sk_m#WFJut9w}2-OMg)X9_AVPys1j?P#Jqjr5^#GC{v#h>;n&$F)p*u`>>1s zbNB=}L|s6apPGq#&RMAhL!%m3fT2^3ePC!+)TGQS0%huDiSHql`|dI|XOuDj zVE-xaQ#OC7k2>p>xHSJ{9oSz6AMZ2f+RB)7vVWcSk^Sp2+NOv(Vw`r_jShKvD^)D^h&To`NZ!ohpQH30Df>F~Vpb zd``HW3tbV;%rk$7{>fYxt6w&Vb&l%hV<0Z#Es?uc8d}J#$WI zt+I@M9#1IKh5yfN<7M*VCJ!(3?R)s<(|oI(Z+w-s-J~gYY?BeEl6^!l}IRhvTjt@H7SHH!G^gCI1(AIrU`a}5F za3;rvUZ0kcBhB#TMp!Q?$vew8zv5 zAHG8A>xO)aGnugA@g@7mQJ>PbspG`U|6@KieF}_SqWBD;Z2nM?Iy>o0`jhQ&(pUPh z?b&Zk_xqI0A7jok&g*6!OWS+~+q6a6w2e3_&a?%^6y5bGFV2U$YnBC_F|uR|`!NF4xfZgpq0|e9hdr%Bhai zN6%C`ljC)}PmM4}Mtx4T(B|VDhn?p9VW*0<`qXR88Kw_GYc13b<(Mjl2Aidx_M1~h zl(UJtU`&`Ugf|*_mo>$Ffm6*l_?WL?>z3~n8#qJT!SU@s4fUSs6kk_3Exz7`-;15_ zHD}%O&8PX+B;WWdY0FyetFlhZgIAD$MB(d~kc+&9TqKlDpOeG);A@HdwZvsQnNtu4 zU;l=<*NB_W;2ysIJ@>=hN79{Y1iqHD{HB~qzJ43NegnRq+i<9VgRjTn>ll3f2Yl7M zj<1>+eEnPS@4$=e4)&N|VuV*6*e21|aR+vv@Ndk4FGc7j>PYfq#F1Q=2F3p_6{SuSZMO8;p^2?GCjtQp!3VzHY;R&~T}G9p0L4h1Q1fV?#Nj zEzsbJQpTfwX0(}d4&tARb?|JHL(L9QR_afDC(rkns_m3_t{$I8@U`w|`1YTM7x1;; zac;aWxA^)>YrLN18($@Dx8`g3yw0JnLf$#2`TC8(+xRID)!;X(mhWl4egi%wt_ojh z)x>GOegmG|9+<7JNXUxdIY|X`lvI;>$l+R*Wl~v!%4pW-6p>N^(MX^ z1ILSnueafwMEDwCN`(&gaUfSJaIo(UddYXFUKv~S@XaLjmFr-Q0>9@7Uo&23lkfJ@ zBZuW65&!}!IP^|P-uIe)6)Ui#I_Qguw?t4ovpY*ne6t1V5+5>tGA)WO;X z-&4ZZS@@JHE@ghY-@6T%9<}2i27lcn z;wL)WTpG431HO(9iT@nd*XgCq!#N9cQ1&U6vi^s!2e5J9@G=i)pK4#y57jZsF=Mb_ z8T-QHvcB%c$4eZ4H^@Hbdf0an^TOB24!V(*V@v+`ly^E{$In)_!NnQP@4PPH>l5~K zOwjJ=k9HcDE>BCUms@g z_<$EWWxPHFANF~Zd|eDS*h3+FS_JO(CdcAJa1YPOcwGSQ_9o}y`QQLH?(%$|#n-vS zL6@QS(j;F)o8dO`HI#;(J{TI+xBv{DYMc*-RyEE8L$4a=f}vTBbHLE8#?WoJ&ca#X zqZUr_HMFMr`lOe&u*HMpU}#PA<`{V0!lPhlO~;Rbp*4+%!O)t{ab=ixr~s5FSb zqJ746y;of?<8_}m$=8M#eG=n!ua|i^<27xf`I`37^KjatS@^obdw#smfv*pH|I_h0 zwckUJ*BS7bjE(8gD4`y!o%n?VFKyV8bMSRra;!dtUopn&*;V!o7JJow!qYMA#EZPi zIe3))3Wd}QWtfVv&$>YB2%ld;_Ri;14>AWo#omiN;c4dJC(&u;dXd573whk8SRW+U z2z*an|=vCt? zFf^-iB^bKZ7`hF2S=a~ev~Y^Ap*PLfneZU=rg<pbs7N;NO(+1fk5mv5nJx>k#xb z=1I=Wd7m=)!=voeW_*tJd6;wWH)ahvW00|#w$NiU?eIKwx=0)Bma&=o*E~$!>p3^| zuIJo-@#T>mn-lHmvXOfW-JWr#9T)kxtfzxc_i^^XK33EEGJ9Lyfe#~Nz8(4Uhqx-Z z?&7+Q>w{c#=vY4>x~n!1avb=y20m@|sB1+YRt?>>NSVbiCG^z9_n@t_l{R&@QObPK z6yLGY1`qNx=GQ)Wp&t8m#vkz)D}GUagzRv>n6uBx1DAQR3m<2?o{`V^kC2yF$cLP# z_zd5b{p=6(oix(FigceLy@wgM!bS86H6Hf7e&w;>*t4Vah1^$D277j5J|A3V;XH7q zg>%6b7R~|tESwEKWZ{l9HD7FDKbZP`#kM06Zcl@jJ!*bc_-F@w365!u&oyw=!ad-K zg#+NAg}cDCDes!$PB87NaR+$Z!hQ*z$vuhC%^lRmuc-?;tMOUtLiAki)I~aVkxyM9 z!!`97&a+Z?!5a1_*s`OO)Wb8j?1cDY8z#iI9A9bK32eL>Ke7|klpCKri5bdVNf<2_ zn#@kj7O_^Lyx1HhtlmG}nYeO7!9@#OPwB)*>bJS#q% zc=G*!NPHdfPAk6Shze4UJ0<=o@xi}J=EqMw+)+1{2#1Zs+ zHWg|iWFJMSiIBY%p+-XXQ-m4_*;5g!C&UImR7bdv@F?M564nx4YP0MWZ@R$lHDw?5 zkc5LwVHYqz;Jx4ItLQXg{LAB$bhFze?!bgIaa z`|+FcQ~YAYk*zMFr@cw+Y6{ZS&zOG>F#lXZN4koBD z#aO>Z^r;=#95BY~`L!QR->mIQ+R4)pe#k}7-wN(#Kb7DXa5K+{&c7La)RXi{-sHyr zICH5+xB5P95^CVTepyrO!_UnQ{8hN|hl3xeI6kP5$7>%>BVc5b8V`dbB3r;8l>rV~ zxCMN|!j<4o3)8lt0>;gua`mzk-<_-IoMa9%T&|`^%Q@eMx$sE2S{O$!F7y3S*6(A` z5_wn~VU2#O9Q(C{=0~ZQv$bB8$T_0^h`m>WbkA;-3-*hx$=MU-YM8ZmggW{b^7^&@ za{P*KG2_(DzcJ1%Q!h7=<^px1<>%DL?UeWLsf%Z+huiV5B=#R-Gm((-f_|Wben5N< z`oT|vZ^e)Hd!XyMS&}%G_Wz;zEyxZAj1sUvZwsDHlA!I`pLUv(VDGi|_x6?>hpqI%F&LcJ*oK zcy3JWB3MU^q7RLu1NN1R9@v;1cHy(SJZWn-1U^JO&rhBJ7lTEYIS59#eWkB673s0%Ky-o_90LMhPE`W z1~*x_3Jh)O_)0LerEvwg-om6kP5aEyKG)c{8PgjQ9>j)E!ky+cI=%PU@t>YvuI4k# zS+nmjm&QstAFUjI#NQ(FjW4nuR(0@jcDed%u}LLOtuM~O7OUT*eqlT4KRZJG(M}24 zDM1@OiCvDOed5T+;>Fm=u-;oMD#zCxHfx3DtSk0npD6tZX9wnEufum|MnxB&Vg4ID zz1;0mA@rWIrZ|RetRLIhgYfj%Ej!s?V1p`WI^jFY`~lZgz=eE)v-!GQtX(*Zpp&@* z;aZ0aSu+0p{4UkWTsc03ejjCTJ0%ApTCu}He8%_v%}!x425@I2KkV&6?-KA zOuGx7-eHW8ml5*d=i3>4bA)dd@Qn}7>0e&8UpO>r26E{$DGc?4oK!lx#Wlb<^_BV z{QS$?0?Px)Q3mlzgiXy{4*xMPS#B#sPQ1sM$>P3M>}Ix^Q<>Plw3K0YgbX1a+${DR z_&Rb@?@hFa@aKjTd%v_IoMU0l!#j+ZXwR2u&xdHw zP+*fTz6%U3X&FK%7+TV}0}L%`><2?j8n=VHElk>B+A2z0y+XOdv{RIJ0-NCq^zHQh z;i@wHy&%gT=bXXHGIZha0CLKBbs7GFki#{2)k;knbIQHue%eK)c=#xFJ>bD_)PBFp z#?FPd`lxe{akiMYM`k-o`>avlYlUU_|J!0NG?if|j$LVE8M?FG+Fs^HczLnDOvRDa z#_P(IK_6cL4@aX;70SYnMvu#H2Ra|vug|+_e*i!I;1cXou3`MTnd`k=#ayeWoX}dj zIeXH{xSwt=jH3&u@0c2Ms&CChwVD@fIf8UG12+57Bfkxts_q&Z9*MS58;z#m1N4}2B+v-k<*RNYQ> z9kRJ1WbNYLC?0UC0%UPlBa4f6Q06YDx}LLxuH@{X`F8T_$A*A;{LDDEj_7G-TDZ?B zN48U*v}I}L9vWDtAKxkSr6$S_9XySV;$)*UDc5bFtn?W-vHmJ%{k4pqZ55r{Y1T{g z$c*OeoT?vMi63<)<#4s+djx%JZ8^R=_ZV~4+z1TaGx(}zjX*~_>#6>#ZJa#e9jaR2knL1v<;Ur3H^mzHReAsbg1R2 z&|$dQ!UbUHQODVi$40MO>PF`+JeT6#9_s9b2VK`*|4I$(FWPE9ysKJ#>Q?;F zC1{`TFbX)7HN-Bi{A0_5;2K0N_hrQMw_j0H+gAUp46mJALBw*qm$!Z1BRjZaG49y5HZ6uUL-LJApkBXX`adhH-*yTmwW z7}-)h#iw!VD_Y8V30eMlH*J}XO`0RySQ#o+Z=o+)qivp~3@XE?OxCpt+T=ToC1;&J zXvclLocX%6$7g7dMcQHko?YlcKg}3*AG|u>>|ieeV?Dgu{=gV}*0KU}PEH5-QE(A_ zaV4};!1W%kzvg-`*HRPbWDzDBp+Cm-xdw-Nk}*wnVT(h(&embO(pie$n*Ak5ljmiB zj#b$$Ze5#=F)>78b_@=AGrlh5mF@-g71@uaO zxEN#Kd4emH3UD8YK=I3)2^***UXii2vyeH0_=MLvI=nf}uH$2f)ys#(iLD zPh$hTVevpOc-_K1;8hEEgX0#~{J9H1s{76F(`Fy1&B|!AmuRz46a7e=$gGe-HG*3$ z+yHK|a6P!$!lX5sL)x?%>jKV}XT3su=`}(w@p;zSQ?%0*?WE&rqp4F?Jnb`8WZ`D? zy7;#e-S^C)Quc7M7lQOfS0U%Si#@=IEyEvO#qNMMs>bhKJiAnVj`4Q6wlt}`t|?90 zkkTe^QKmK8qeS?Ywm3+6&(aR3(S3#C*YG-Ll+hNS6gghZ%bG#P(GkYcjDVa8(*gbt zIEu_lMBcChdnw^BLwF;SPMj z!kbl`tya$2YO!{{-?` zrkc7y4l&1CMvt3Slq0~HS6jxoiT<#HI%A$BeepcD>+?SDY4>=LzES42hq+uAsfHpuJqQS7?ampbfpR>jW6u z(0C9GZD>3op+oP7jL=5Yv{3{(nViEVHXvX#LfcH!HX73|)3l4mw8=DWqH!~r_RyHN zm~OM4Zw31;42_9=X|kO$v#jjA*_bW}kL?K+ZhwfJUDL<6qGz!pGt* zT-S5m%yk{t+y?&k376N=FH?VFSMoTryQKp96=Yd6G3-h5z3LN;|6)(Fkmp6GveS$P zIj1Sti%uT7&MEXAIoR4Tj}sr5Q`y*&!7DT4*mPteb7UPgIfm>#(~C|CyVOzbztRvN zmKVFG$%pvyW!>Np$Fad6Khxyp@5#efzWo~Ce2s5C%Qv1SZAtSr+d*VJM>v0bG!RA} zoET(I(H8;uY~XJi>pvE!e-3;=5s~XXanD3ulKK z5!xe4KNh7e-jBXwzQ@C!3uHmG!K1>9)PFT|(l~Yhd*okB)cen5o$B|nmujmyAbTy^ zJz5Twv=4C~ceTD9aJTNqK4j~0@lCK7f5yA30~a#ccV1c^NAOkSO?qEt4LMl^zt?bXFXe2o?~O(axvv(RoV|%?KDf%ldEiP5=YlINoCEe* zI2(K@h0~B@T9`fjGRHthnV4js`Xp^9`dsdfNdrt9YWZa^IB4M>u;wY`qX97Osh{Zr z)214Cf@xQcJHVqBrfr{QT~!VZ$($gAx{x+$pe{zJ3-K@T9_r#@>LQK0NTV+FUVDqi zlJ+5cE&GtYmVL-x%RXdpB55D8H<7dt*=yN{P+yeyQ`Fl=j}tzNc_4RdyK+ld|uK%F9R(xjCKIG@bhtjbR zIgEXW*oQa?#Xe-6{orCBvPvlSA#p;n4~Y?qeMpp0>_Z}iVjmJDJZB$r;|2C1;+N^o zW9Mx{TCfXA`Rm;5|Lob_7y4%szecI^%H;gGN%&CwfmU#d|5`ay{SK~5+W+0okSoF_ zeCJ*+&O=FD#W$YeO5+<2IfD(}E+=j4%$vkUflc8H`j5HzfBU%2 zb!-xTf7+IJjQ-@f=-W5w50d|FIhH)b%leP_4f==Ve;LOn=?~7mNBjo;Me@HL$0iSN z`j2?=QJeg4*Rjb%oBktS{L?1?+jDFZ-a3~i@u~CjTu$e)$)ZjFW$|BT@;%PpITk7u zn}$5jz;hj+AYS~_N}3-2yG+M(t|4&~1+*c3?xoQ1L_Q%jJOR&XpS5}K}-NroTcIG5^us-71$Aq3Qb`IYb>R>D7-$vQ(lv~Q1^oO)h+iPuo zLeAqmaG|{x@_X@zBy^p!)!G7|Z2j^}?4x%D@E>hNhaA{da@I2P!|MoTFVppe^T>P( z31i4pZXjGJbg-7(W-g{X*f*VSK5pA);M4uh&&iydHQ+Z1SGw$KfN-_R&boNFxmGK7 zO}kBAPzRU?Bv|+SHQ`yO%)8T$-wO_(6h6p0UPRr;(JM6J59klXuX62UZL-!OzUN7! z&c@u6G~nZZCp-%uzrs8!3?F~)!IuM{dC(nLhKCp7=g)DL$~_Nm2`s}$Kd|jFevFK6 z0lw)YjKL#6BAkaGen=>1r94MC3!NK;QS=$lGdEjAm+=C!;XSM&meFPG!Ny`4JqG@> z&1G~L|HfKk8U4iz%(<7*T|B`$c^Tcs=NRXfk(u8_-Ex^1yYgi%sOJvbjL?wCIMDO= zT4B2t)>$EIIQ@U26{aV{kIOrxFcW^qYGFpmc5wBD9{IpELOK8viK;n*an`Dq8Erz zz6d&jC203K&H?xZ=K##23pk5zfOA|P`zgL$euyuZC3FIuVQZMY_am-(^aB4%s5Ts& zO@QzBb#&i^YpV`)@|pmGwdrwu03>-|_Q`9|uhyh=}*+g8N zI&VTA7^l8vw~PNrmWBiI+6 zls$XoaoB;pL1X}&e|7>J&@p7^#4ilugN#u09aFUb2 zCqx$V3EF0=jc>6Qn`&iGG3$$|7TH^jzPZ_fFMedHO|tiJCwpfc$fS_fHt;-h(w`%r z;=&);J1>#vZ{a(#hh6lh`Ye@vUs7(2Ty-|j2mj%lVFP({u7%gZITl_8Bfr(p#KBn> zh6ZM-e;rTSv(){awo42--{{lgvxYkVA?eOh=Q^ambx2+7kb2hPs1=gNGVa zGp_CaDQE!MfbsX#%{29L4Rvx2_3<_8;x+2wcIsf-FMCxv+rHkRZo+nVt*umdEty_v0t+1NcdsuYgV}9ZJrSxRbM0%Q#zg_OJt+K$pS!7-r;<__1?gYlIGiki+|s zX}ZkG0tahUm${hl!2gGfaX|duA+yhAZz<;>ypB#yY?Eh^RnKNS(0gn#XR{a^@qZ>d zfae&WXEV5`-l9kVk6J9b&oTy%p%2k{j3D=e27U+6 z{~n%SJSB2&yOML`Mp}Otc)4{~AbQfSo~QiBDf`U0?6E`_JZ8t9CBsCy%{%}Z+lU?A z8-DSIMGlKS#*m#or})P^A^SfM8U@Vnql4J+LhsRj&Jv=(i}n#hyHUfATwuEy?dAL- z^f}QU@`O!ew43m->|J#kT;|2DrOMLexJDhznHw)bYoS9jj-#(EMn-*9@D4Ln1g^Dk z0l3D(`QT~`=Ygv%3=N2`O213mqStyqwq)?eo1Z1UCF=Zf*5XUlxelps9a7gi-0&vD zbt@!|GkG_MoRHrUnMggA)6hZB0oI`*~_ zP9L?iH;u8N#*W=GI)Q3@SR(73r)}n|IIoa?d%n^x{faqX!P!_M@ABChNASaSn0t6y z&dPc}^fO;f-cEXiPR$2WbtCm6bt3g4bs_bj>!4bf-;5X153v4Ot@56q4^#>b$b4Xz z-tW0eIO((UTtM9&mhZ85G#@?BA<^-$_dE|CFBZCF9+qoQ<}t^v7NLRH;Q8Oe^V3<- zNw!`4H2ocN!&i_SE@s%(HI6hRAAP)><*aStHmp4p>o#ob)6CGSjeeYS%i?n0Fg}xF zoNdd#kA`NKg&+p$GhOVBopL0eMaehOcu(C*^6O+8Bgw>U;f+b@pVurtjv7e{!$ z*-JWG3@-Cx*FvlOFM4A3;zDav(3vu^zM%`E0G7Wg+&CiIgIbm=7#aFZUy7zk&Mr26gcb>fy)K!9vuN)X5B^8)4nM7V+qQ;I!;F4I;16 z^8wCz#P{vmDb6KAJ~%ZlYiRuTAY0r?9_L0qj04!-kH|hzId2TzIct{$IYX9lzK?ye z^Z~O5^nfgWwpZ4IjA=bKWQ*(-?nbu*4~afwHUnBjht5TM@4S|>MHeY^gXB1W74;vu`}8e|A^Ztq>BCHpZSN3Om^ z9qN!e)FE}KL+Vh6!&b=qD_N4y)EK|pFXOw^iPVSGh17%8fiAz4eE?ZLbDO0u*6IC8 z+4aY4d!ws;9(C5SH*waFZpZLo_koPI-G(0lSyO`Bz&#dj1$SGx1st$&v+NV**(Tx! zJ@^-O8C>SYuB9P)hdC!@kTEnwo|886ThL+d#KvGdHU^xjMV?O>w$z9;$K%j9*Ed_H4C-b@~c3B?!Y6yX$k+ba3*lKqIto1wj9wrz=-Mw_fVI6pK) zpL>PPz#pT|jFD)A$gbqv#6jkaz`>o&3xOxsa32Wp73K)v1irdZcCC?ne>FpPtzo^-@y>Oh z?rSqT*tm{!zrEOcIs40A(?C#U-}vw)tc~UKj!!f94+WejY%=?$oxlw3V+ZghbmS+% zU(E=LE!a=4h4**DyX;l3Ob?2y7{9vluW#kd)Q9*#GnM!G7;7`}fHpw-NiO|F_ENER zotCX@Tu?kcLB9|2Ht(n{ua2VJtT`KLC*%1a$N$Nufc}~DH>|sxfCK3$zG~RU_G2R< zztj8h;bQ#y1aI5Fx`+FF*w=Y=cNBX(wyvE~d|q{$L9A82chxvF|yH)=DqTf>mJ7Tl{*yWY{Br} z+bH{YDfj)9S^IfcQq}_H97Y+hXTDz8!g}>6>+SQ}c!T!)hd;wPiuIhMkZs}kX4Zwf z+p!Uj?)?R8DekG=`-@(!YnVfBZ)c7JTu+>Ct$P~w{(K#2wzjj!&U$oB)biMc58s~l zB5&;M`T~A28}N%cy^=L=2Q~}Fy!*II{`1@=pSv@P&tMea)hK)VQQka{?#-;g{sA0Z z9_5bO=-!ieM2pV@&n$};KfpZwL^4{uFSxijiVs$9QM8z2?9MHuJ;7&gL6kj|^Y`X% z<~Qr_+)dHqQpVog{AjVAJ^tK0;*VmC=G|oe_YU=cVgmMV^3glUFCt6cLf-p0vRs8M zvrY6dQ)LV1UHXHp3*+uP&G#hty`S%i?)wnm``T@M=;b%J<15;Z8Mv`Gzlm?;%lFe`3f68r{RCL2;VX4{t5gQzl*;j?@Mt;O?A_`@p1IwdGsMWNp%wG zy(t#KJ{Q^hd;H6G@dv=c2~qaRB6~CAqU_N}_Wp8Al(X9SK8%VMA7|X0!jp->bLXTUeuKPephiaKhf~$w=|>2=#RwKgK)TIRg~w<$v!`|MKBu z?+lt6pD*rhke?s&oPs=!zu$VTQ=PxxI`@4CK2U4i_cHlIx$i@KBXbiUdWG582$3y* zO}&L#d?R1uwXnXOk7uk0IhqU`YqTRom=gsp0)-5sl@Q&>L zMR^W=JngqV7lT&2E-1T)a2C35d-vyPkNH+KUPF zjeqt(&;HL(t+vxN@@z+*Ipnz%dFCe4j%T*h=3;wu6ZoFtzQ^%B-F=VYdz$;E?(@jp z#HY^k1NhM(TiQo&KF>GuHEjj?R@yx>HaO&KAhI>^n1j%fk7x_+p8d5-yU!t$`;bW# zdE}7AQsgih8Qe$t@1yLw-Z{42ufsQzx*zi<+wM=&?u)d0*&m8sk>c_0Ih?Z?(<__B z?P~X1w03ITdvdeZ)WDU**~EH{c7Oa%(yX7uo)%~LS41qI%Ol3;sHWX7!!PlUNTuEX zSnYmMq<9}~@YA%x&-1^Qf7vfmz`>g%_^U+NzltzkGk(vH*mggUHq1W7oPam96RKO< z{cLb*_p>6!In0@}GgbFv_GYI`7w8|RMT!qaY4=m9`!sJsBPag%4)rg4g>Ux-;>o5J zAkPf)%c02z{ha&W&G!-aP2I~jzY$6AY1x@-o6gLk+10! zkgxX9%{MYO5cwL2Yz5_g*HFhh!l+NCqmuDf>LlO(N`9 z(Jra`m#}GQynhGnex}CziTIFCqEDDT2OotIy}y_x-%r~8OtpK?lTDXR12};=)3o1) z|K2##OvT3(-8wZUV)-0JJtyX9|9jU%cOTf&eRr^hcW{dNCbiSfjoau8zDZw@DF@U^ zfNxE(_c8u=@_)R9?EyG=io33WdXIZI@Z|A;`7!POSWw)?{%13FlF0|f#q>Ry7XsdZ zr*4ii|Htl@d5+(#Au~sUVjK3o%rnH}EJ5ZF;fv<*etOW$|K6eg^LMDOVtaW5_`x(f z){c(dhdiH9yI+9KXQk$BwELU+zSDi*#POeQ0frO0D4vdAHa$;hCc@-LwOuHZ6!d*ht{aEg#7=O>`EhqL{8-)B2Kg~SnS4Z2}-^MQToNO44dw+GL zjlP}pAkWCQ!MJ}&>+i_V(@P8~K?wi~K6>8W|cKGBgkw8hFq_wd?(IRcWcOZxdWfSt@!yN^Irs`j{RaK>!vMjtbs)())1_cOS1EoW_d z`U#WmL4G@53NBi!cR?y);Qc$>Ukcu|c3?#)>?XqI`*fGA9awI|@HOq}2QNE>rFq`k zfjdHB;AM+Y*h4{NZT~Xax~{}usIkYqV>sJ~Mc3w%n!773+LHxep5?=0YjX>27~^|S z7JPZ84cit3Ygdtm_sV|8LHx7mD8?TSKwDMl4{J+lmUN~Xpsf1(KxQ&12 z?`u~FE&Ssf244PObFmwo^;!&eV=`})QwQdaa_S&E3cRU<>f7X#l@EMO5ucRf&6IU2z6ozZR#zcM z|2Fvu@*7TlH<3>xc?^So1GHn%jdliq=ii(QzwbV|VNPrA1>PqQ=CtPL^FH}&ZLNJr zd7u1rTWjGt-Y0*BcdL)^KKY5Z)`4eupZw>%Uww$T!C&Nk@`Joj-pBjoY2GK#@ILv? zyifkqwpMJ}t#AKN-Y4J3`{X}vYyIUO-Y0*S_sMtjKKT!LpL}P~dd>HFpS+j%$)9X% zJ-Iz-edht*D8Gp}%D=@M<=wnd{%^cdzLhu1zrh>jTX>`VQQj!u%p2uj;f?Z5yixvT z-Y8!W-~ZCqnqL>RPTtnmnwtk7{{$av;Oh(U)dioQh0hN7-T>b#DaWTN$DNexlay-( z+6rPim;V&t}BFc0-Wm-rXZ>5Y2DDz^< zJR2VVl(*6Un0L=_;ob8O@b3BV@$UKidG~xS@1D1{wN80YTkDnA@s|2Kc~kvr-d2BG zTkBPC;jQ#3yqVt2+v%6_hWaJEr9PfF)yML-`slXSYlg#5gMTl59PgoDz*AS7Wy{cL_aW$@CNf<`a_d>XT6Pg))!ww_?rm7 zlyKfq&qVEe>31N*Wymv$EEXY`g~(_D@|q27KG%Ecq)O ztNk4%{d1&0Li%S&e~9!4NuMVD&A%bN+U*OZpWoIxrm4Clu`n&hopAYHI|eQKX+x`RXj&6Pv`!FTax!IPoC?!=Nwnze4Xw_h zX$^-~B@Jc&spzQ=T%81j2dw)Hea5;PP5UgD$I{L&*wNV%JR1bfsrOHHZ(GM3QulwiygA7m%gMzvQ%lqb z^WD-pGc}p-$b8;xK5z}+ZI3-11lO8)Z8KAg3DY~&ONragZ?)|`Yt*J`^W`!8(+8C4 z1IoN(TpqPUGRb!=-j%0~%VyTMkp7~Zy*c*ha^2C?e?C>-?0IYPyb=Ck&s*kQhBuRc zFf+B3{A2KzgtuGajWZY58om#_E7ct4jo;#JgW-+0mCGX}gA+k#G}YwuiAPf#e&}Uz zT}TGky@3p_tCPWXCZE4G`S^Z~_r1%!?_K7-?{dt_fHs&%NBWROA9`kFfj;-G?AX;u zyD@Dl9ziBSYAZZ>UVr*#S6}GcZJyVRtuHH+>)t>nGwWnx>ubK@bt1f7#{cC`E)!CZ z`@HgvsbBuPmrH9%F0F4Mm)1JDv>LfwZSuN=eBQ+WrTkyS|Hb@I;QvDY$MHYj%BTxH z*&GxZhj-<-041}n$R^&H$|i>)n}$^Le|p(WNPW)pOZXF>-;AwCE1T9gkj-^o5vv=3Y?A=CY`3K-3 zKf>}5A8BFI!EOu7*d0sh;WjMh;wBvIvapOTv0T0a`A*tVio3W;3(MHR)HY*dGl%o1 zkTLmXp_l7!N^L#qW&GaMdwlr_zrmL;V|BvH_}w)!PSPg3D{Zp1PR3RzdMTgj;}WAy zAE))%gZG@;{KMDneYfT0)yJ-C)LEv>Dr>U?@!-**^S!A{;3q@-@xRCGH)|f1B}?1V zTv9eVtzRbH9ogaIjZ{3^U)zrm*7i~4Jo?}i4I@A69dvg!lq z4`S@2ujIXRoe|jr%*9sj$}n%z+04h#P3_AqX5BQAFl-3LReaBK@xJcESzA@Y`S#&E z2+xq-$UYsMHNLdMYo>|u2p)e@GrlyK@#Uo}G`=*}j4#|NZ+@sT_-1BLbuQd@w5{0n@!&^& zN2sTdlZJ6#X^s;2@do1VM90vp%pP<}@6QLpH>6X-Y0eYo&6E|LP`ze}@9XrPzN}6s zvOB9`Z+B&lAqR~+x1!q`cPK-#gSIi04C?c(|Gntr!Qhh7PCmnfk1Y;@Tegl4KKA&i z;Ffa72Y#1o6xsI^w(Qd5Eh_&A%D-E(Vja*ie20-kI+FTJ z$)VTE^51l`M1pVZHBX*moS6$Y2MDb1AhTgSL<7p5h6!1QI!slt?Bp$DCZ)mJ@!aj>D~ z#fd4?e_a(k+d^L_zUt*)|J&0#46P+GOKZu+%;R3U@Hf(0O#IRCZ{*p8%tr-9b54)` zRDJTbcUSv^+?cka`n=cZql3_2r9T^{{%m5kKbt|nz&c3!DqU3`4>6}Rc}=H|D4W(- zqo2g@$<328%zd)p)CSI{UQJx#T-*^J=hGAResIi1H?#*ArP`@C=|{$e|N48(ulcs^ z$o9$pJfh0?>y_2={d=gtGyStE&zq{{Nk~_j*P)B5mkfP8d-XjB%H%;=%N@-1I$}Gr z39B=it{`(tL3!vSGm+pHUuU;bXW3|_&Nj5%HP+Ob${U~q8t-ghZFyJS ztIdXS;qpB72IYB*e8c07#!Tig&j!IYsf74YnW*2^2N)sj`{@Qx!AqTCEJRu8(K>zBetKw z?qK`@`8^kYH1C+}RVYeWi#(wIuxVRaCn2*eWtA*y!dzb=y?9$l=k7r_e1C8bePiy`lG+~s&H8rn z8|hoj>e~o(sNNnW-H}bo>)S^kx9x86NR3a{J|*2S`WB0&u9m*tsrJiy6&scbtJk+K zt8ZEANn@49ITO$8Ta55K+lv21crMnlE00W#zHM^)#u#V(I{E!&_)&c(7>6`IeTq4g zAD=k$+>=1&<#NN0(#=js$U7U4q#h)l(NXGuD`T*9RCK!O!_Sj$tf1V?i)(a)x>NW# z>Bq#7eyrddozJag58)iTdWCdjCAxuL$%bR(4W{l%IOBr(T^?@Pctp^t_%hC#e(bQa% zx3xQ%yj^)Kak?X^S)QiyQQqL*;q&G@OTIbEdd(2=KI-%KW%7BG?n;xlwRO~#+sBDV zQkQv}%Ey#Dk{aXlCft;pyf5_egd?u{u|F{Mtqp~>=7uC=yqB%!3gY=SwQuGYVf#tK z(;|+g73n#{JfjlN$RJ3)TEQuv>`{@_J1c3OT!?#&cxUAgpW^YSmHeGei~jxvPZ$0S zUE)1o!Ff5vQg8Bksm$UD9T@L%@S}FGxzM3-TJcHT?|Gbwr*%=J=W&lydvNi-6~>u7 zVyTkHnY8p>vm-$um7&ZL*D43 z;(fXjPqGp(4XHI1oSXZRb}ec1TUqa+hZAY1wq956dZmkXpz!Fu!5f*a-1SS3M;C2; z^o6zbi{LZFH+@#R*2e1ZsJQd*s(qE_z0ZZ_yr#cOxbf#Qt%vLSt4;J(THCrlNPh9A zFOjSnpEIUEvHebN6XTF;uR5=w@x$9qO&Gk-GW}IFb=ZViJEjS9?J+_6m5O8J8SA;u z%Z}ehr;zb1Wasx>YSKdAq@|8DpSsGY^>s$tx0$rIjr)1_9G7=SvZl@^`gHvE{mW95 z&bD2(RjlDPBMT$ zwT&~(1#SCxav|(haA%dN+qUa|PlMmKOwrWaef||(EcF(TGkMwe`a&fymzJ>SJvW71ORgYQELtDS~3>&iQr4(xs{HksGQTvS=ZCa`yO zv;`lV%v?CLi1No{t=XjJzSaig?JR01X3qv08CxB4(%ROpe_3zcjLg!J6h0Tld;)lr zeq#d#-|XsHb(SU0r>VDmGSolcWcxIQ-|xeGUEf>{yH{b0uv?L~5KmAKZM!biJa>Q4 z`rXU!IkM#T+fEO=yzR&%*qR=>d(jcqlk`n@GIy~i$A_)8Q)?+`H6q{8cImtFhuC2BK!Nz+r2tFYT_ zyCC(GZ~w~nFK%s=!{`7EFX5y03!%EIte<0XyMK3s)-zYu*jF>#8;aT9hGKqq zLov6rp;(GvYHj{W2fN>7f9EY!S0r#!A0@ibi;3>Vseaxm=_hVKc%?6OU*u>y z7q-aC)m}rkn^&i)7Ab4Aj3mr`d;|?Y*G3TEr*Mrbg+A@qhq1TgL5ne&a{-`E-dL_m&@a*XhZXeXpc?x zKd0Y7@U|Rd98Cw~4kj%$c?{rteT==W?(2g(V$KUvA=-)1nQ{eWHC{s(-(J1Hs#JjCM2~j60aL(B!d( zJl3fkZtpPfVAAEWN3=($`ge*paJPPsO7(-c=x~jss8Qy4Fqq?;r0vJ+cW!}aR-wYnmjmfP~hxAsoU)z<{j+5%*tx3Xpczs zZx(If7X2Qc(in{K84R~Npoep4_!()nwvxm8tX)>Db>GTzk%SD&h8^? z|Jv>=8(IgUbx5@A-f}5F(ek%OG#XR=9ijp3((hrZe(;tSdsJpm+U`XgTG%WLTSUwH zPL#SFt(Brd+7+VFkm|ovzk%RS#NyDNlA3hysxME9HXi#Sz9{7_^hfly{YfBwV*fHA zeOLb-K>C;dVJl>Re>Ys{8kP##_u-?jMklDn3k z&JnMxWbK`chvN^$SUWO`EsHn_;xxS0wr=%nb2e=S|HN44DcGsz+;!_|?SVe@8gt3G z^Qj>`@#`|>n-npqIxuQm}Sn_;ttiPwd0iHu0EGDelhPYECVv9E!?5s(Ujig zQF?FF@oOhTb0#*`S)ygvM5VMHhs()WG0z-6zYy5XoM@4L1BKr{x3X>(4LjFgx$An# zP+@)!%o%SlzxVnuKQ~HN!)6kuy?|!Q{_tgUk7STtmNKpSHFHSlne_m_uR_lL_Xm-k z|Gp{o{d=MB8~D!S3%GQ2+eT0GFY9QISKUq0e2)3v?zz~ggJb_d{b}#IZzu19-M;v` z!V5ubTdDjFpWlp79#@CH-yZsYE8mEy&-j)+ z{T_&)C-+TYKFZwd{!fJFUSrzK{#D-u=H0)p?qON`W5mwC*x!DA%mtPCa%T&^0>L{{ zrOUBb-^iX?$R8?U{H89d_;0k!A8PSMDeVQUz)#EQkFyoa=5OcNcK^uiC1bC}UZ2XN zm-#OAWVwC=!5iAm7p0Q4OZiPzY+l4y+u9=;EVp)z{DP{DQ(=!P4Eydx+Mx*xwaFcX zNpHrWH`>3Jp8P;M;=Z2>eSa_Xo#wmZ2bZC}vaXO1#l`s zcl*@S@}Cpkm+-gnGzMrt>MutUX4f1sqw@!3pLcWzXm_5b`pusWmT$?R>t3FJP*)GX zuip!Qb3G*L>R~p&&s7Kch13OgAeqL(zA@CnHz|+mKyg$LU+1@%|JOogt;mb=un)hk zpEh}r_1CJqmYvR_i=|?@BA21!-Z#2&-2k#3pgq2b@6PSWw)3txpZ+F&huYt!P+pH3 z+!a0def-qsVSM}jsgKZSy*}oON?Xs}7(CnF{N_~qYcG8A3Fu|`9q>E*7S?z8AYS_L zsm*h4U|*g#t~IWyqb|Egs=nqgp#PGiKbVM_{$#{B*$0Q!tmm@3@iF-*zA__dLp#xR zejn8y@;X~jRi7B^Z{pifmVQEQC`Uh0^|i*whW!!aC&PRtkL=_xmrv8LfLB`Yli}C+ zh92WrZno%HzY6(>;$>URCa{gI2d1&z+*+%QH zG^}S!U7iW$NnYgnqe;-}I#a%-i870?nsF~-%aa{-&#s5jY4ut9-paSBhbHP~6m>a< zIv>YBdiebnXODRc(M#DH^yl^8`k!4=(f`amXrUKgCozdjzLD>NGDwwL0zkltBL2zAm0Bm#CzEPO!m8vu-6+t zt7XULi&Ep!5BjQSH8!`<7d%AUol84i-F8u`lQBbbWo&-7o!{ykK8;U{4;RnsiwpGG z+vsOKeo|*-aIM8()e=T7NdWbK}pNBCVrFb#6R1D$@Fu^Ex;Fd`zVE7ftu>`o*|N>(@qh z9_Ac!>&_9K8;?(nw0?A0=f)G0BCQ{bbRHgzM_P9e>pXmNYNYiQ@_S`kr1f*O{a2?) zTHiIib0c@(v~Gs(shN@1(+!;)PtS_9wl;QdEY6O!J{alTcqS2PeRW=>^?ztfug{OP zepv9PNb9}Cef{Q0>wBU3`T~BlSNrA8AudGo)a zKli!zpBNvk8;0J_89!{D^zkd-DsNUFYx_fMw^UuenYv6>`a`$B+kEzZiS|m=*O>k{ zbEWBjHRhZCm*1xUJuox1cN@C1o;FGUQa{%h&$IZKu6+`IOxtjAH9t5>87eq_cMK8d zXT;IIaF%p;5-vT}+C{!SCauCq`%%K=x73EdOd1_JGvU%Izvp~@angWKik{~O+%tqr z_YD2%j=tiO_K!t>x}!h7jy~bq^V~096~8-{`n@o((`sp5FIv+at*eKo^_38<)-Wyl zHdAiL*YAiH{iG@PWtNsHljG^ZaGB`;!fE45>(^~_hvs8#h>rnEo7I?+Wul`wiD!L}_X3ChgrJK2$d<2Xt;Hy0-u?ep-t7A}{7LLyLet7!ee})Tk8)@~{n!)u8D|*l zm#V!=PTkSebnyhthIsnbelzEKHc3BOnR8K|erRnA8V{*YWZb%CEWDVuo^X3GGkyKo zeYGzmtK3X0;~Z%d8smc4u|uzyZ+V9PAPaxT<=ex!`U{|`pU@a^$=_7RufdQ%_@@|e z!~Wo`8J?9t)@Ltej!Qj9-pAY^&_4LeUCWW1_EefX?Ou})`-sN}c04lU1~ii3GsL&! zQne3z^<&`SS>vYv^W*2IjQ@76f1u>7ekktp)&8jVj^;x@Pkk>TU*op`kMC2S$lvt0 zgo*DtiU)2n>Fs{$%3bgAIMUkv(v`bry0nJhbnRY|`rd=$y9u2h#XW&T@IRPnGV{}q zOjCb6qIP~dBZA*1cY1aQsjIID9vz#zAQcBD+b#^*kz&ShjnJtqm+@Y+xC1Uj8cMaPf|9FN})`ht1H}hvL019l^GiC9Zy-(Ql)__V=&!o4Y2A z{K!Lb2EpaQS@~IA__@a!`Du@H<*osjwsx*H!rB-p|DuM-;6wN_s$3oTfY0Ik1h&IW zvdNV#uw@et-JQ%>kYgV9*qiZP#@1-;5i_`FVKwy#ez))kncGQ6I~z1lVXhlFmO0c` zjDl<5)?j>Bxew!ve2HV=k_Q^h`k(tT&SZ|T-UYWh(~w$i(l(so?t$ksvEWc=B>0Bj z*y5c2vFuTur;eVbY$Cg#<7{lwK*HJbWb zso(0a;;s_qLw@%HvGk+x5!rF6~ftzi4$Zn8oJETBmi9^KD;* zZ~Gi@C%PL_nf$QY`WG%#|7;q6HpBYnta{$!aMZJ_`!n)EG4ZJ93a;DXsOJjK)pOg( z;2Rm2Us%qojhu%etA^Aka@mWQe*ufrFi!`^@XA?a}EWxr8}Nz1s=oNBDq|3|(4Gv7RM_PWyQ zsZV?Ak{Vz84K0hunS9?Ut?3hxXLzmlXCI}EuAlaM`Ckb68fnZi_Q@{0pML{ulGn#v zTv@Ya=hGG!Xw7E#?{jHnNFA!r$uob=(>^m-Qh(qp?RGwO4*pl*!)v`Pc=@EPmJTH} zZZRJM*Xe#6{-G(_J55^a50Kfn`EciTkG$OW^P?|!jw`*au{gN!fy13+cfP#su>&s$ zUwrjt*@h21fB)g;zVE!e_@XCYZu`b-FK3t|b~b+MaAw1{m$#*f_W)_9!Y{mr6=I*`opa~D>AsEry(R`_C6~1pBp$A^7@$S`ZsIlVAiIu zd72%&qdnVXn_-UQ&nW18revI-)mF@h*1*z&4A{;QiegwG6=%K>xL$PUKE z;#~gCn_|e~N^C#x~M?{G3S?}J8;G)sxY{g=<@V$nm4k54mR|48Fu zJQ%TdZZK-C{H|qR&clQ5M420$Z*j77!h^+KU~$+ybqR=xpzkG z*8lnW;!_t&-_D*d`hBE|e#Osj!^fwf_ux$%WUi<-sJFa^scoZM22Z%~@;_G}lMAH@ zj~AzfKP%0>Ce44GBh9fP)7)dyeE%G2{%6QEcbhc(&XMLv^?2I1`l_8Fd^S}6?}qTE zjI1pbzdM8v$A2t@SNz9W-zffO;m?vuo8fhX!pPH)Lu%I=*W#6Sz2tP`T}w>6Zl_&q zzCSzEuJf_UJxSViGMKzJ*_K$FZ03I~|HJuj;GcHgLA%}-wxQ9tnYYvY`an8?EL!E4 z>g{JfPN=VY>aVNqcd2W?UjKF&d-tTu*s<;XjDu~XQZd>www6Z&>}QPqkHN>aZ8z|H z+eL(F@6_1On4?~l`Zm5yrte5p?cQG@&wJ(r}#3NKJ@|QzKs1~_CX#UzUtkn5r22SV9J zSN*E~^RX*k9b7qN9n2*U(bpYzs^9J8@yWYxJN*)QTtyyl{kz*v^XB!_yot-+Qd7@< zmxufYb9-ouI~j9#^L{B~n%3o}J*q9DTb)zUANmW8fwI?RsjuAbwxZSx-!^kM7hhrE z)ULCWXyf#gUyqa4(<4nKJWhHyUd&;vHTC`zkz@BN;DWNsx{dL zx6h}HJ)!peI0YczU+K7gAM zm5x;VI9rZdyFz&0x-(QBKW`16pBzls`RYf^9BV?QzH-b}JL<|b<$qNsJ7>w>Ogp(r zb25AGMY=0_t4%#SnX=q$>$6gS)ZNeIhY3F7>yCOW2zQgKd%{%r8HcN+b?cGmJ>I7` z>z5$)V~5vT=Btt;^!!+1=3@Dv2EUs+auM@D z%~{8t`}}6R%V((bo94W$sjKSzL}OfxvPS6>)&Htryq}D_WO`rHQ z?_isKvPCuH-W1p8P8qV#_2XWIa?R$|q*tQ)9XtsD9%Yaf06UGSoNf)pnG z)g2RBw|z!b|-~FNd z2D@zk{VDUFbe+9nUbWw?Zrx@lcvDUrgv~`C|WB`QL76oz2(1b@5xU6Da7%Cn9%pKLf`DUlPem*tWW!E1!T*CUJtIq#sAM}~CSAA%#pAGwH z8??qrupU~;*f#~JwL>9|KPY8UAKP`hRR7cejpKLGZ}z85sG zmSe2DM12A8DAOmT8xrgCGe}EWKCf~nuwf_coceqCCJv?}sT0=+C&osxBLjoQ4WT`j z!0fT;ZW#52S@_WW*@<%x>FxylCw6^_ z{l@QcSFpVkx3T8|%Kv1;+;x338S5zjAF2HCUC|3@ss3|u-4WcjF-PAd`<{LrF~1CAgG-q+-}>77j%Y3T zFyqQF){B2WzHQ?pQ@;1$YG?_6pU&NbABg?EslV0D-+Sa7oQ2lTqt)Z=&1 zs|p?F=V3bkLb&DxC(^84V}4)2?RkOAQlEZ5a=zrBU@t3#d!KM=a5v&###~DEI0sxF z8JRf@^397jGBWZ&K5wVKY_&4jTuFK7S;8io#UMAJ<2bN;R%qjfa+55`HC)KR8PUNxovnONs`|R55L=t;H z`v5h#Jh~hA>w6!MwN`iSx-Ggmk{TqR6U=2NR(#f@rXA#zm+MoGOE1XBlncCc@n^!3 zkHHZpT*1V1V+LWuWxx%xM=9PjiKesK+aTvOREBJNSST!Fco@uIKsw5j2)9$q-(dc7 z(&4|G<~(eLce_uTCof;8eWwzpJ^a1aU#<+Mp9HV=@NwZ?Il}nA20xe_d2YTr!*Wi( zId60>zQerzV@R&bTl2@k{Q2k3Ge7>Ed1_5==DR98w0ybWbB=Pq%am`d;Ztp;Dnr{3 z4s!PET;hwLh<-`iD&ko;~nWti{=Ww_MjnXSpw*082k*PHG=HXqz%km~$vk|IK=nd#fUc z9>J#F62$o*)^jEF9tzR>SJ6wl{a^ZQKZd-`;9Xmk4#TsN8$3K-r%zd@<2iUze_y-; zn&851)~7Y=AmW@*9Okqthw1YfzqHnxL?8YVeYni6Oi8j6~gZD9>L>W)CzP%4W#60zND{J3j$bR*d?>^Yhn4++D?nN_aTo_ZX z4~89TY5wkm`x#SO7*nXDb*if`(&u_wOF4%tT1%nTKv?^fCm);x{2Xz@W!PQEqghXc z%E&_yHDxyQ;ZS(D!pVm^Gjkf>Uc4Senb*X|b{q-Da+U<20&|uFo#+Z;hmt|SK1cJ~ zcKBKvM0=PYZCu*WzAlHJX^wk!ST7ixy4I#Qe?c5O7EZFZa`_}P7XDQJL+<;(Lf=2(yM8SE_3hQM@V#!|)r^O+QD!{c@m9ve z*m*VMVP<=zI2#*Qwng^|ac^PAB|9`$sQ;0^;WNX&DtDZAa1O2R4#axj?&=)W-kaz5 zas9q*+mHYGaPu>JUf#Cxsh2x%J@Ik|nICxN9}aJux#Q)|8PB}jeB{NKGt)UgvF@J_ zFaE1XUT&WElb5#*FT5EO?Vx%_S$ zBAs+_(U5%Db>#uWM`--;?J0A@i~8MAN>Q+pD}b z4Ru4B>xRtd?~QE#@f`U~3#Bo%n2Uv*P3^?bad&MWZ#`vs>j_(6G0z!Q=Ch1-)_3g$=TS49t+jJd$D8VSCh;^k z=U!a-{^xjeE03<_6VO91`sQ)g6&)zd2j0a0&BW)7ZH6X<`3Q_C%0jkQy&Om=E~hWA&TyL4AFe`=oWB zW|sS;Bkbj8DVy%|o%C8{$0Xie@M&U7gFJ&Pj<)fey7+6ptsJcFRb~G(%Km-Edf6@fpSLgD^BKRz{lHCkSMCS?I)0z_ zT#2C&HxH@4+Ddz669!1+qH?jr?#(+&g+G!qq%-M3XgsXh=xw&03;GL|>c|YFN z^5tLR!<>Awyp`p{J|x+Yu4ZqiYq<3prHqSKM+R5npQZ9`#b>mI?|hv5x4HY+&jW77 z@8n9^GP>w{;K$z`d~i>Bb4ye3P4#)zIl=`y`gk*~>q*Wd@z&a^CrL-&rF8oge;D!A zS8Cs<+*bSTWL#u)CuJ% zYX9O^+ENE?se`sOlw2x(mgAxR_o63*!4~GzMrNVAgjX?-_IEYvEs-R0>#M&{IA&#` zGg@~dk0m3K2jfQdyxS;yr!f8ga><7AMY38wBKT}`6Mm7EGr7ZeHGIq6D@^@7LcQ}}y;qp{#@`=$3v~|=y3^_9U#iOZ zN%{p7=H;(+)bV$~OW(}B!pQ!9WM4q`_aplPvcDhMZ$77JaDLTCa+U4{ zzT|RjddPyYiofr)R*5k)P9B8`vn^73%~p@Jum3P*&#?cb{rqF! zq+C^BK{MC5k-GD~g3L8ev|N3G)dTe(=t9L;koIEV+6vt@>~OyRRIaau$~Dye_UG6y zd^QL!Nlg_m%9px6*L}mEcl3waFC0u;`~D8yH=M4u?`QU-+l(Di`Yf#jGfozZ>1WJ2 zSNG;bZhxD*bGRY3KzDELM7EVTOvdgo;j~xjmUK*K2X+2H_vGDdbjsdOtUHWNT-vYV z%J!7o$vfu6F?SEA?Om|m4_jx8%sGa5G#W3wYV??-n1d$#quH=<9aA;UxzznqQpj?%@aIYYGk7 zb#$)G&N-Z2n{xX5WhIN6uu$7NFQkKiADWN6!G86lLGY&3n)80M{{8A!+ir){zb>nP zI+I$zzofmT?7pi0wK@GeVD2BbZy{(tklW+*kM+hL?)=OkU-NF3dlSKg*Xv)G)xX{7 zP1SaQ{)v{?zcl(s9rO^#+(o?4>0jk83iOXS^eL%Nz*~-RY&xwP(=^BSV_M}dVt+YgbUS@P&*wt3 zpmxTX-cSFm`B4s^zLNaH(D5w#RMC|#rz_B|=nC|0KkUL7du}1E>ElCs)8Xn?dmx`4 zV*Wjtw(ng$HAVeP-Fp{#bbElY=LPi_dc(%vK@_L1R?`0G0=Jlcfb}?ih3-L^r~2ZJ z8~^rAK3~1Fqi-N|FL8WW>OCeddgA&i6W7hrOJNx#$3yCwdXNqO67n!Oh3B!Sz~gg6#C!L5=tn~3TI%^E z-64~|J>RJQ&*bm)wGuBLO+D`EDlg>^j!PYE{(PJBCX{>65b-Yc`TKJD{7Khq^4EJz zw(qMczmG>>_>iZoyp%t<|MdCuZOTvnn|(ath^v0@jLE~^cdB_toU@uq<_liVns?+# z`=qC*JV>7dulliaXC7kcMSAY_IL{05{?6n0HnJe>ryi$x)Qxyq4(_b{l^0?EQpq3v zgdfd=lAZ>?J&g}naCSZ{-YfN^a!Wqw!?%1q@;2px-c257Te`V{`YZiJ3N1?Nl!i|J@uyaKlkZ=%U)ku%-C#dhI{|4MyVA zXWQ}zJx)3UUS<6KFizzm-$(0l(CzU2Nj{1PjrS7I)Uz8W+I>Gw*a{zCc_}{sx}U(v z1bV(N`G}9_OSLla<7lSh%F&(>oK;cI|xhYtO~FTzm8?VG`3vu z&944cm-4&1nflDH)O|iqFP7Q9PvO7k!@LgMQ4PCZVRvF%BW)r7zq{l3UhDyV{*Gg4 z_+Y~e&K&}$8ncCx8UwLegOYE=I_r2ozqi~>r8Csg4926ANr2t-X&Fi z&2h)^rjX7W`*3=?u@ArW$C^)HQ)3^_&u=W|<~0^Gvm1--XK>Hxo6WtQrM!djsqXic z7RDVuX`$*=w#mNz4aPoJNOK1!Yvlfex?|X-Njli=VAtCXt@6HM#R2jg*bU5InHtyw zB+UT$QgVvTuiL@A{~dSyI2gBh!w2_w7Ib$f_jZ=@lO4YRdG91I@)+1I9^$Ei zUhyzFH2}U8cWILjcKhEgjwc867Mi@LllKhro~gT=?fuB5yo1~iY3_GTzs-b-AHyYxv<$KjI>c3WujAK>oHW88;&oco}Y_O9Miw}W{H zlP>?wD(j@wzx7&5! zwTp+(jY;3_V9e#ePUXEkHP9tKE=vup5g$PCCjX?pAGFl%VBY_BcW&n$|zH~Dj) zYJs~y`?>eCly~=RbGNq1Kj~oiH1iu9ALX5x8n{z@T$&nKDL&qm8USzd=MHY0&cSZ~ z+ugyes;$uQ;0KCaR@9x>I zzoVPGwJl!`c3Wu5e~`PO4@Hap&u~AqyI=dP`?vFNHR;RCRNjkI1B=85FeyGRN)3QF z`FFd!wDB)9`El>IEw8&bo4c|t9~PSYJIKF_{MQU|&o*~zoA_NW|Ai{=_|(A7;$vKD zV1f7mf;aiQd$mj4mu>TPko&UjZwI+YTfa^IGs%Az`OhZ*yt@~hyRc3Cq>u0Nze(l2 zFf}kwd|Z$km@huYrUt;9{JAsRrgN~{|91CfbN{vFBXn=}arU53vfq44cQw1aukqb8 z@wg}3!1PrHmJ=#3`OOj^V^RaN#mD)n0q`dOyt@xO?$Rec9f!x)(9r9)(3F2W`S+6l zPV#s6V3*i~w|qL7botLzdCyA?Ocx)(8RBDfY5=^+pL?)vItSyP&Pa>rPHPjMw9w?w z{(Qmh&7XB2Hg{i}_%WCNG?jN$Y9KB?My3X)iVq-olYerAjnDqM<-`B3y8}CJ@g{%v zI1B6p_D|BAyJx?*Tk3v`p;exwvW`d%Ob`#lQv(ylLsM!1yy*D5u|ixR>z)U z@8<~TOrO(w&A*|13GWm;+T&CXXpK@Hjj4e#%41k+0Q`ycbn5pS=M&Ln@28&8SR7z1 z94ILrunc637>I$VuO4Uu(q|5g0@8O4i~-Vz42%QPmIo#PX;T9efpOp@AUZY>2U6Dq zQ-R2QU>cC}4@?Kb>j3!<=HH$&Jat_Y^7U*oezpVquP+W9ZzyuNr@5E9&I>-6u3^q`IKlPQbu|6PO8+J_H&ziumg8MX#@1=j|+S&l^z2dU* zsm{%ubdB9x?OSK}_X_J($9hNIuB%IVI}a*14J-ENxpTbCSRV(*_??WU`oUZMv3Fcs zTOap=xcgsBKC{Uq0sVQR?a$Ql9$}ZGUE-aIZsxovfqCYcap2 zVX6B4bm;qF==({&{r#UANAo!K;%VfdxkmNNp2uS9DL?;xwRc$0dtdDx){d92h4SbP zeSbOh{RrQM7u+4zq^sEzPhVqw1vs~}Q+|ic({+dSSNN7ZYiv5>sHX{9n_SWJ;}3`C z*4TEmKdSSgZ*_NATmK999+mD_?5cf_YO#5@a$M@hCgaocX!s6mY=n;{gNrM7SYtnU zw4LADQ+fhl52H`+T|~Pd@85~h`pVyBt@Rc9jNazE(48)=lh7IT8J~=l-orHcWZZq$ z%eik#?O8S-;!96rYKv>^+9|)hY8zMBYm(KvP#C(Tvo-?R9x+yltHc7NgSv+gwassyQWBmO`gLDBy%={M_3qxY;ew11vs{m8i#%GkC` z_aJ+pBA@1$O2b+dpCa~Fe>e3r{bucmUs0tFqPp9Tv{`J2wYUYMZ{mgcV2f}cR9Ig-vRl275U^@Z&unSGWN3jk`ME36B+xk zt%P~qxRtuvg1r45)c$Vk@9X}B@ZHwrQ@Puk@85wZPh)_+AoaDCyREzI-GK+R-xIpq z+S63uxz^on?dADkU7dVhzgPV4>f}>(b#gzy&s87!71WFB7x~uQb4`7e@L5oOD30pn z6u*64yu!CHcSUyeHD}#(jgH<{GtBw9wC@Wd9a^&J8x8d81Cllrh{^ntf|$PQ%Re)aFS>b+N! z2jgLm@i0GMblrW}vKMJ@?;!l9u?g-6#(-&H0vo09FAQ-fHgVPNo)N{jX{6;JHKo~ns{k!35 zYhUzZqUJTp40mEf+uVtrXiQC2-w3~1**W>W|1{&{R5w1NyXH=8_$iPki@uvXv8mIy zhVR6tAAR_@xf2`uNvs~!1O?9uq(YzyD(!+2+Gy$kGkX7rDAs`Ga0Tz#Z%XJ?;xJ^ZKDG8}QdSNKoZ z@&6;2)BX~*TSTk^ZDhqzYgcthX^johiiBy!YiXVNI<)9}46W0V!BMi2t&F08ig(V@2O z+qcH=8|wVuJLA?5|CR>kL6q75{(ycvULs>Nhc#E7^cprQ`MkdtYUyl{AnVZ4-rTEqPzJW)!dZ0 zkMbSf15$symGV9v>VHl7OyB#P{oSJ@IuDyZpK<6_{J-p&Vf$10o2_EZRUf8!zwqI1 zoHgNY{h;uI{KwEM!yo;2eZ71lR4+CD?&%SBKO?UB&ZwIGj4bCrGModEzk3UJ>P*46 zio0j7E!EqSus2y7mWAa7*v;_2HMq2cF=uy5SXkz~h4eEn!JI{0|VH-3qHB3ijH0Pq&8&>*fNtbQFHyrz*+I(i&oZ_i-`O2p)&qfB! zc{LtpiSPC4PrMAgtz%I&?1N4Q@|AC(e&j3PLAx{l@wB@R+TBp{QJ-h^&*okKd(r5~ z;F9yt_K|;F{;XPecU0%hdJAS~UwQ7AHnME!`84uaG75QMD-HW(7&}u3?OQU+M^k?* z87;IjTQQPv<1-&#|6^xb7!-30=a{*x={M7M>|OtCd2?xBV0F3V;H-%Kz0$%m<8_9# z_)4Z`z|-u8$lwV1)Hlp&U5y`ofqFd4r=Iwx&mo_U|Hb|%I#=F`V7rKj?#A4VO?r+zDSWc=uKU$n_Bu|M^1l&A9LziLY1eupK(mS&JT~pKOcI= zKR<8$oHyt#iYz$!Id>EOuVrLDi8d&?=fN|#&fD>ANFV1X@Zl@1aDC)%2TwXU!}3^8 zjySDyapsh_Y3+LXoPPVqoZtQn^b^bv(FMyRc+JBhs&2J_qLfNOjMxTxRa_9P&Eu^tpRj>RRbD@(!Q*Gq$bWE?&Jp zcUgVjiJsN2&l%U(yEI;(ljt*b^e@CUe*Gt%J}-3oyT!qy4o-CXOrK}gO2qpU%910U z@%LxEy@9)t{CMmA{Yy7Ho!jK#5eLUP9n23$2WcO~yB>O#a{$a!%sBw)CmE;AIRM(b zI|pEOk1(|lh5zz(-#(oF9d-Igdpg%SfTDcGXiHi2x1xIqr(e+ay0;YiM)zEp#?23s zHau>sPrc`lt9@$t{K#P1y^k_g^ZUB@Q4*Z%p2r-2_HQ>|KkHlo^KgGI;2Kl!L(k#! zi8;k3uI~Hh%_-i;w;3OkO{uuj4Ka5%Y25n8q~Y77VJ>~K$*bz)>*viTjnm7@nSuDQ z)L;Bid7M4J%)^V{zp2EJHKaaFd?R1dnlT?-QEf*yIli-$TlbCJGDN)Cztfk6%DdF_ zO}h7skI>l#KTkD$IQdlKGjDy5r>{IU_W<{t=Y#JoJjllRJ43|Ff~%2-=Yw=_79Y-! zu;O31kUl*u47|~&@)RH7zUlek+sFex#`<`|5m$4O{mQFcJxgHDZ82Yt>CIW@ zN?!ivOaU~udb-LBIyzJEHBXmsOE=Q<>JMCfc%BG5;c<#5*$}qXr&T=R;HjT@XXUTF z2=R-v1@uOMWF?ciulv-zXoL zjw@K3;s+CRwv2?cPhhvGoG<92yv#oirls#yUl-#8!#JFa hkOE#vyt$3BaB765v z`H+i88E0wzkQkQQZRpW=>0MJlx7_aHxxTJ)?jUZ*;D6^$G~0ihmzV2oAdQJ%5sg;t}>G(uVc1-S_o`&Gzvt zG=iQ7eO}@dyz;-+$MfUjj{s(tTV%y|Ui zeSbhXgx}%uzCVDz@ZI1u#JBx{z0<<)qiLQrIgfDq536NWzbBh^{d#*aZTH)Da30~6bnSkdKa&uZPsvvG6~kIN8^juy z{pXNBS9y)r37m-xpH)cOJp^OlO(+fRJ>;iVo~<-?t(%W?Z_zsDA2EDxSS#f7*xOkH z`?CqE*DP_~M&0JSLp~tutM>6LeVEsWP1Ud~6t=ak*hktz{CfJgwp|x$pN;p9zkAs| zN0!`v+v#DKw;g$e{n|(FUc|j|+81U&fW6(7I-7tWR403TebC4`8vmcqCZye-i94IH zXc2xt#t~bK8d(Gh2rjv)#k7v$tAXLYISS2V?KHwuJdj_@ZBD z<0KvIb}(;Yd1{lf>C0x^*F^l-OdCJpV3&hw3(K*l;=(@~=73VHv;JQtTZzPQt-12h$do^VT1;FU@(5ygheNioe~_b+FsQ@_wB+alD;^7xFJ0 z2a-qOB#`t4@P@baG)n`&T(eh{aInk5@)l@yztx7}qif>CU7DnY+)WcSNR2aA^*a2K=LRY1(Lo1-tZQ4XMYm@ z43L9q3(K4vD&_qd9e37;^Esv*-4>R&Hdx+tz9&7|hQ(Z(go9lcmN^GhN;uw*zzg{o z4gtxd@C=aj1@MNq?iMF62RWN#@=aP;UI48wcLpczV9do$SXk!lkCEFr;?|wdsXxzC z9z&e`@0vWy2jPYM3;TiOQAh(xUjT1-OSrQ)T@I!ljM=k4WzPK6pT{Y2w#L@Kh2?`W z%bU*T#N1h&go9lUrY$UUhNsl!c-sdr+X*k^U)T;Lk3uhy^ab#Sx2_46 zm$ZYiOYHB2g=Nm_l#=%ROv#<2DRCyo@bAvul#fR(Z#q+xxX6ZeIhb}ZX48~8ds9lk z$HXaj!wdNrwgAbauoX!90(iq)-T9dkXJKr8Syr`v zQmQ*I!wtKZH=Tv)I^Xh=b}%-^mCM5NN#evDZ|mTN{0m(`@+hnUlD+`m@K$&3rNkK) zTVIxT`5EoKkG8lj2h$G5Y}_(uWQ^R{|1QPtK7A?aV7G&L3(ISW(>=@3!}dg7p2wR- zK=LT81d_f0-tZP1>B{9`mxE~w%k1}-^1~g!)}Nr1bPyi^m7|PJ)9_~2?`N;wy?;WP zb1tQX<7)+ckayt@AoL5%f$64H0sM)kw$#`s^nOBH>X9~o|NAg|_GA-du<)Ju055dk z_>dG9@y$40NCFuX3(J6vKZQGh^!0`1K>F3f3Lt%0;Z7j^MPVh7wpr)^(hdq;KyqbPm5d=!~u>z$=M{3J6$^-KzJ zKXk_K_bhg2Qr?O`Z;p8F#H&A-5*^3dV^Z~8%BGUmiOv@Z-|86WQvQK_RM+M5rK~Zy zi?PgIjPfTrr8S1`E_U`6*_n@o)+Ov^)Yw&YZ^X_3-Ewo@WlhDt?#5K#B48Ijxk+FW zpIq=JzYhD}M#X=ZHB4nMmb+n$t#_HtFF#MbgwGjZLt$N1>T-E4Y%1mxtb=X_##sj~ z0LD0TApF+%SL|fUSMP2}&M)FeX~O*4c)`4ie@E7b`SsAkYS{CHX^(a?ax>>ukbQvc zvy^+~YpgBF&#cw?eH_1T|NEWD-hW>c`hG{~dm7*Q{cWvFN4IUnPqjk#wmQ211zq`D zE!Me}-uG9}t+2n>xBdP0+{*r-H7J$8;qx3H%IAX6_xYjkQG6H3Up`q%7xq)pI;hNA zL%vZuuM)@)m9?I}e~o{XWb17O-WQ>7g4U&1^j!JDv)9r(yVCud@x2}2JT?f1^B?}R z_C@!8i_Wv8YwvesACo)0-je$KnO8SIbR&Kj_{L*TeC%P~t;9b4Y;tk+JPY=xXWRL$ zJ=pUduQhA%vfXE^S%b?@oISIeb+>GHMi=o@NB{FlbgmbeKowvZ}M-u*u2}G z-yAyULVW4o4U*kXYm3cquAXx-?O$QLLt*Hk?3oIi<#f-Sb8$AdFVY{#)+wFa68io^ z==*bgSK9s9=-^vrlb~N%Y~Fy6rmjbZx_8X~o}=H`EL5lG@*VVX-=(oS)G77VH4#d<(XKn)5A$Z^xIT=6nlr9|jj~L(hr7m2Y#trPtYb zv9n4puTrOZY!;RCEy&i(?3X^ww`FAO!v+ZRx>7lJp>rtok^X$kmnlch`4;l2oNwX# z@8QYQ7>FYW`tHj4mbATp?0`St0^NalThY_h`Ie`3zJ+${<(Vti*2Vwm_ml^gn8=@lakn4epAb3;*EM<|2C#>K}$W&+;(z+P78D zvuxvc!0(6Nf9n?o>0D8sAKfVWF{?bW9veOT zCOPyL-UU9Y>RS9iGiN3f2oNZ5(S{HZ z5nEKMaKttf0-{ojEw;4fwmbrYVlTC{7cCY737|v^1Kvi%y#++XB)*DLEA}=-5QV59 zRH@RInatz?!z&3$1}yo1*FNVYC&MJthy8v2d_G~$W1qd(Uhlp4+G|e`SR8v?Wd3nH zZDm+(5jz^nW6s&fZw_l#Dg0(L2QJSCXEm?eNV`GSZKSNoVRz(7-Z$@eA#d_zbeF8{ z$omxgy(Np4sjc7Z@_uL*JeQ^RyW|i%BKuuT+2|kWC;V)kbMETJo+K+zI{Vu>$#W&6SU7&fZ{VwR!r`p)>^43H8TBQ>- z&dH*F+3)g`xHhZLTK*hzlSW<5`(1#`X@8rn{wxM3>Bxn|KFjqNxmI-W5o3|UJaZ~C z-JL(|?l^cke!t7@*1V^(uh~|7T!Qm-Lpj2a7q3;xK8Znb`(9LTolz}oP#+Lupw^>u z{ISc}3vki?muxGpZLVqO1b$h&5*}Hi`eyBavCCO~lRkaH(WkvuU&L>)^}%knzpW*H zTP@0#QEFHctc63lgwi{ruTCOGiw#HXID;^THd zBKo3ZtN1v0_$7(;ySMR7;rRn*EUfsn(>mm?4js^pr|>B&4{Am>=Ng0$X~vk;+|?20 z*sFXCw^W5Sqna}ms%tc3Ipu4jn(=VQ+|{)wHRDznzYUr(gxHoNXEoz?a$g=juNf5` zbN5G^G@}#0$8?wR81Ik!T*e8$Kat`xy2x*;%SiR+u0GkF-(-G!yNpww+|{T0xr~>% zKb7V(>Nu;iF2iNa1FnX_E@QZl-=Qw!r_^_Pn9KMX@6QZ(8Na2SPe!S(&nMi^P_#|5cONqL-Y08h#o3jC%(B_yu0%+`bpx|1>c3uWC7d&F4^Jpc*v0biS%8g*{d!T$bB5;CxXTQZ4ii{%mSbQPY z+LSLeLSm5}dntH716aft3R6aG@Ko-VA4J(7aD6^aH^=Z(tlxF!uZ*W6@Jb|2H@wie zDnmD_Qx;Xlshs)H#+kC=qTNYa*kg#Q#Z!L zOVMoIxDTCsY@BW!@0`2(_;}rTk8&p_=*9%(_2fj|VBEar)Fj<_-Rl7h6d`*67ALzCBl{8w<$`d||C_TBbL}_}xLB@b-nbbmKQ& zC|jW$bt#nFs~fig&yfRi@842)kYCEx9imQPs5{KB+=q4JoAjZs27J(`x~Oh^)G2p$ z?4)jdkNa4IZZw_MjT5~WZ8>pXHyWGBRR%2wAXg$M&%EDM_%w2o&v<4jHT}+uQ=p{dy$imiO+!d_KEL35nek##f;B8zs~wSZ2m3=FQF-JV*q%o%yAoGa^i+( zxecAZh3B}9r@=vFuG@%o=j@evZo|uc)qJ;cH^0>j+(tEhs9xkY27~9CJh$;I`l@!h z+qefFI#S>^R#5KfO1E(oJRe=-HcF{KTIe>0Lc8c%w{gt(i!I02xsB(!Kfcjz{3rFD z*z7j;^8LwDw{b1soqEx2;_PL&F&tbryy`aYf@e;@?lw-tW2ej9#^Z9o!)=_=f3fAv zTW+H#@SLgO7hXHF*KPcl@Yn&j(HmT!J?J*R3(Xo2xs8$VVB=x8@e$=>VYhJ;_&!(T zHhw646LlMZkl&MTEln=_k%^QTnN$ zrJshy=_lUb3|vY-QAYIBNbZ$>qU;S^pGslQXMB>CXU3!E`qq9^>(ex6RHM>QDPCg} zHmoYuYk0wFRd?!cn+RCHqmSR2%b1T$!mNAc|I}OYgAA18cE1Ubq+8H|IhLoCxmb3c#UE3)ycVD zqZ@71&GQ=9iR{n!8g5A(g~=df3JdVf_7_@muu6j)DsjiK~E+5jHTdW}!c125m4X_9^< z8S|;{tS`wposwjnMV`;5CK*4cU+20fArDE$_vzEQeo00b>OGN`WV}LMr!$g_Wx!KC zILWB)j*l}m$@nXBb75GL@gnt|9G+xc2i$cdl8pN)S2rrj_$K|S%S2mo6=7J<61fQ!s{m6D^bsM@n7^l0r7ulXe zJdG)roH=#o3^8V{<7`KbH0327UJ3a;#%N%vOz{|DbaXh?W9+2gk?tO25d2!z+hbfQ za?;OZ)ZlZ~qsBR0PA zEsyaUycetR7(b`K=k|Jx%jo~P10LfX@Si*AG5)~!7Y=!hB6#}TVUO{oln;B1h8mC2 z9oQP8)B#V$PC|zUk1-oNQG1qOWUBVO$LI@Ou_ljE#W{;ry4N7DlOge-vQJO!#Zxb~ zVK4gkYV9|3FFf@jaV|DbO@OC@%v0F+=t1My+onb*U%xC4GE%bW&&tg;z>?xjwa$HG&Drt?Wb-a~#S>tV}Wn zL9eR9Bx9`Dh_y*3kFP`iIAgAQW0H{s-KsYy8Ie-{UQ9A}iJZQiWZZ(xSHDVm__F$S z$|Ez?Wl6?zp4aS1GTuUFYTimRW+Ml+6-mae@J;Pr?y0Z#K$3AA_&;(m$+(yAj~+@g zR#5)v;Ur^^$VWKIxEi`2tw}OUu}RTrk`aY|(UVEW*ZKZfLy~a~^&UHm9zhQtJD+59 zf%<) zrtbHj$nY5_;m4DMeMTz%Jvo$LWaZ>ApJ|td`;22Fe8x4>_9&le-!gs1JK*wIHs1o< z$#Fj8H`HA>-e+{DT*CyP(Ew}>6Me>Tc)Vef&zJ`2?a^R5m3w*{zU~O2*FMVuS<1=as zea310mD6i|$R~c?I-hZLqtCb+oE_avTc!LlFUy*`v59tw12ATSC*lAYA9Me@&xn-y zjC^!aWQWgq8rh7z#WT6D@ENsxc}HE51ALEOAU4F9i7p{F#CVgw5*uPvNxfnEgbpH} z#aIgciDxmcqVKgQsRKE!ZJ@7bDSO^$c%|=6T%%uz7c!3flCkZ{z?p2E?4E2?_f9ry z`Xw8Yv}D5rZ$&baje*cAGC0{71MMP1lZ`i}&0)#LiQ&n{Olfxn&!A1!DC$A~R%Ip| zx6r@p>|`T}_N&Jw8*hWN+VRQ8=?Te3bYik`D>SQ}lx)t)-9al8q4ZtM@-OV}9`)!w&JEIgp1VcwbuOx>eayVh z>RDR9(ucLwZN*yJwmn+cqB$;q{XA`X(c{{~MO(E;iayj<6v>)Z{=)8Smo7Z8wv^vZ zT1x3NTvu?tOH0}I7S}aeT2bl39&%s$+`>O{-)UQ|o>o-Bvl^bg!?R>pC+>Uln^L-a z;RkDnxYCL`BLDfCr*xC%-L^|h+E%0awk5lgw+(T1*mgVbb7*4@_2*MZ0d>*#wnwRJ z7xkA?7j6x+CpW3ILcL2`o3wD3z{T@U zz|K3(SDLRSbKimcj@xSJzu~mU`}aE$!TUTGw;n>fHSFyrL)4^NU_fUt08W z`Z9%MlTzmYISYHQow4xX+5?@PHZbP&=pQx{o zs^c-POSzUhUf{ZdYr*CFTnpXkQ|T_PGxX>JJ-W4vuQ?0*N}Z+mE&Pc3`>Hx0aojLrutPZ^&%}T%6aC+S6-e~eAU3w#dnVJ7f-x1tN7dB z9bN2k=NAofFD<&;y{u@tdwJ2b?uUzZyB{g?P-oKRuHxi@?&5(xviWul-;U+mY`z`C zw`1G+R_9v}-+C2HA)i0SJWh=Dni3rzKXiq5YC%Sqzzm(70LZku&+ZbqoBN^H`is9b zl0IrFQRL{{Cav?iU0RoqGu>&?99LdZzAL|IlWS?wF4wXmy{lI2?bFh48;2KC)0+36 z2f;z8J8NsKf!poQr5(G?A9FqYPJi(Y-_0uKO!4>MztB|Jp!Y60t@kN8qxUWOM8B+L zbW_vT-cz;WzO!A$<{n3Lp8B6{Z_-qM@%LtD6?5J|VSDx4^lS@$n=jgv>(4`nCDK

    x#vT7uRUkoz4!Fd`|L6FzI(o} zU$$qCD`n54u1&c?;yNZgW{2Z;I=uz!aRsMPHv7-01Ulyf}*6OAa zpVR$Lt+?lRUB$hpx}mjRoN}$FxbsMphizKRZxr~CT_XIQf%kc@7ASM2MDx0}z`L|> z3%twITi|_UNDI7Wi^*qm;bORKIk#a70gK4G;*XpzfvGls>pcT=v;D;;ulEf6Xq3O$ z$?N|=w9`f1Sm#T5C{^ri=`{=Yt{u9ttFo&j7VhJ^v$9ti3*Y6si?S`(Eqrh7b?&qx zbP0Y#Z)~l;Era`R4|!BQVlVA_#9rFz3~e?+Xkw7ys93tX?8vG ztzD0NJIJa>?7v-)*t8trAxGu5L8_i4Rgc&%yB_)0u1CJT(yB+`lzNoULp}M_vk8Cb zO6p1ESIpN^qfg*VyoN6QSnHyEiiQDsMLja|i*CqRTJ)WaWkpL)Hf4qQE8(*W(Kg1)+_@VJUlE~)?IDDR0 z9X`*WTKPQPfTK5liNNyr^O^X}@qCuZKMFYfqgNgN(VtrRN8Nyn<5Xd|rU6?yPm2I05dg5M&(%vpC{Q6D|O$k3M-eP3TzbT+IN$D%Iu^B8=Q zvBfVEhj=#Z;h7hI%a6a6Rh;yQ^yn=v&R-+;8{l3G5CmM zi_4z4qOI3IR`lWZzXac3r;a;{$4Y&A z_mW1vM@dZYS#nPARnl2xA?k|v+R;tlG|$|( zC*%94#+@xRh?%&M>ddc-KRj9a3JH1LrhBS_)#N{$=jMU$$K8FlZFTqE_M!Xl!*|00 zH+>ZzG5LE0@?;=S-xNIj6Ljo;rw5$S(J$Xs*KV$Dp104>Ha%j~9$5LYC7v)Z?)=3=*n`7u z%fLiyeESX6ephhNt#~unwtjnBJ^upFyEpT5wt8mD%l~ja5m>(stWR>?aNt|;p}Id7w>xW?k>Ljc5$+T!?YcV;P}lY!0{Vbph(lYt!OxK zD|OyhtgCif>-h`B-<=JcdfukA@7%GXiQ)Kea#;HAnL2Wl=3B8;(~L#r1>8*@*vjGHYOp4If{e+mF{Eq# z_AK^jMt>DQe{*2^i8I7!&?oA5gD<@kumMLEYiBZ7CHGW!`MGSoX7M| z)OkBO`>lNt#JAnR{*aj9VmfhT(m$DVfA1R-L+>eB1WXb`8XDn`4cZzj%!MW@=i(@T z>^Iow$OQU(Idq%|{%A{bNy~cVdT2^eac{wAI1|_?Uj}Zmwm$GJbD~_!29}I^r;yYmgib-*Loas`zl| za3QrNzoq2148b!(hcI~lf=hcmLO=3_XX%shtfz+7q5$WfL=2{?Ab4RZt$8je7kSB4& z@U-MctMYj&q`gg=fAt1UE0DF)a0W2Jzv;h?6-q9?D)>3C)6xoPSy7cn%>AeNE9AV* z#hSMu2p;kVtz-fO6jyt!5;~Nv;SmIg@cb0b71gO%=#xV|B8wqtJr=#i8A}zrfN2*rs-eBGmQ;|0oVt+HWaKo+ z8TFNVa>-clwpE2;r3{Bf=+ov(`D)%>Xzgp~G1lio_(zecs zE62W>i^}CwkJ(3a&R_JE(>4eWa;e){2D?cd$FRU+b%twd;F=Y2c~Vl*hu!%@uNn#Z z{B|4ty@y=4&b1BpK0W^5{Pjn#mhz`y$Ts1Wx(85qokM>d=_=n}*1R@?3;^fNf%V7E z6qfg5U&mE92bN$bB`&_{i_q%7Ft>cKPiC)qZ8iNuB@ALs^RY50|x8gzif z)QFDqpi9J#c)Dt_Zpz0oeV32EZpGN}jo6J3xOe-}EquFQuBS>IIp@L4buQP`@ebEx zZq@eXuOBFD_3CV=bo9YA^g*trpO#qqshqNkj(L_Haq?3Cu7M{X!4Hdj_IQG4D-%3h zk>J@L88 zGs~??|CHEWd{p6=DU^%nmrtS=pMENN-^_B~rd&L~9BVEoIoix}<0%)!d z_(gxxY6~Ao%Y<{_cvhDFp=L9rQPVh`m z@a)3F7xP+-XEwidyhMI^7(9nWA3Wd*EFs24_@!pc#r(3+F83$KAXd4*P%fTderlFm zm42)%vEB<5zZ{@kJipv)m%A^ux!i8b#q-NlyWFvk&E?7{7tb%>pL9}k9N72dN-FFPPuq~*+aQj{Gts}_9#6I8}%=;M>jxEC%;@L zeBn3k(U;}g;+LUvZSl)hTq}Oj27RVIx`MLp@ynUz7wd>q37$n0JgZLdEW|ULU+S}3 z_@z!a*LRLEA97l6y}lD%j*TzSV%hj}IrwYhZzf^0CFeHxH*&B1J~j4b&Lp=(<8PaC z*c&uY_FZ-{&x6g;15+61tS3KrkMVb54Y{@_<0GuZSH{nfF}{q=s(CMPbfJ#vT^R@A=d^sQmpszeclZ=C zhmZ!0IoorK$}|u2h1y-!_+8>tRgGg_;?yt53CNk0_$4XWg&;nO4MP=vdo?yFIG?f2 z0?O0((cp*kn2gH#?6cRjS1NO|4W2Q-!~Q_}sosGXnQO`b7i#}8Fr0oVRybA0D3km# z$(_=~9-pQh!DXl7FnyLB)pDLmi1#187$Xm>dHzFaqu687*X|OLza@WaD%{99F)~IB zPSj$ur?9`}lb%1qcy)Z-+zjI($v5frzrz#R**?}($J`7#P1W4Y ztlMR7#??GGqj;QH@a;Ndcc*`~zDwX{izi#ni{LNa4u9IQITC+i&xc4In&Y26UOA%9 z#<+NX#P0JS=(C#t0j|BzGq(U;L-0%`0ezepYAyfs49!TwH_!{QImNgMEpw866*X+w?SsndSGl``rXeyja# z1~ipxg|i(OpA+J7;HBK@PpbK$e$C?#8ShszUn%r|(WgCL>C;98p|Q-xF{ifGMSnz& z-N4QLjod3a4$;SH@LwgrKHke&Z}ctp4frw*d98ePU6Ir?z^#pt^XP27VAp5s1!sNb zjIq`Hp7ay^jiN5b;jao_RX?-MesbQA(ZrZT@`MIAl8c7=Mc#9SUft0Nz%rdW1gDn? zp17BB{UTz#LfxU21!J)Hx*})2x;?I>tiU|g9$Q=O#`9jOzcue|c8nQqe%l>)zL$)t zWPIG;lCc58Z|Ic)arhpP0N;xlFUuTBJT6BkD7yh&BDfGbJyIfgv3bQDo7#PmF~@_B ze(bmUAn?~&^WTpso@tr?zLYWh)4)m}857l_F2fQQB?qk+#6EianHf)GhNS zHh-*sLCV7)QU~M2{gko4eO0(`xyd8&Jv8pKhc@Daod10LJ;h`4Z$d>zqE%%w+SBA;Gjx0`d=stVy z%H_~~!BWn&{-U-ujd6SA5O}D`Vvg1u4YKC347x1GE^MHlXZg+4lA`zFzX)FXqboz3 zwOH+WEhclWA=7U`E?WGSd#adI-%S6ldTY-!4+@S&mX+^P>W_)ADYzy zNA+^xIKbR7^E1nsn_0%b?Om+DurBo4Z01pxx0*-smCU{MY$5aehO7taz-yNmoP`d8 zvuGCZc%$3VFN49^Rp6=^oR#p~q;-hSQ8?>RGMI0VY}8^$&w?|rR+mN23%k#P6T$1{ z^j+$doXZMt)NQwS^sGNt3;vE!wuV3H*B1nT-N0XF3;sfShmww$RFAu)Cey;F%N-rR z{gI+HSI207;Ht^fVn=eI?_Mo7UEwnse0D5(*v2O?#=}>W2Yh>3Tg&mshJf3_;Px$R zu9~$IHFrLsKjR7La+!tGLEu#ISamXs^IuFH`oLjwdpKMN4jbCWVMWBk;W`UO>Tbqi zLpwM`N43zSL&0DKo(OW#hK^6yH(%lCjk(L<7tO7RMH*Pgss2S{Etr30`J zHvYfg?zgN>j<9gf80H>J4+Lclvj9Cm8C~#JYd!EW{HFB4WMm7NYjLo$ zA67UQog#K2x#V7OFY?;1UN~&(g(WbVu(2j@>(M!ue(;Nam=AAHg8n;N^LDO{XY@le zo*i)3%m>aL@b{#|Izn(g*y8V6g==3)s={@$!nLh0($N3?!K?TVK6J&c@cC{0mSGP} z9!*yIwssA0)(|()hQ8e%wseKyb&ZKv8>dHVOkS-;*H$_7ty^#^K8$6r#Lm2MN%at` zfZrkbOmpecd$&J~{pz6ft&E{-C&IU7jHR3HSBH{o65(^6znSheW#Drn`Vw8?MOVCu zu0XzT@S!UNmtKo+Wu0I0SpA;ZkV@7&W!%!1-e?MUHkx)wep@pyZjd~=!uMYl|NCY9 zxPw{Ee&^{@#*#Ude_3+fnmKZV=Q#;#i>$-{d&-qYu2yiqntsUdF>Rezf0nuf~ruZVWb|bH-_MX7F#yML#;=ZhRKF zn(za1fMcG(ZsrEo;Z+Z93;*Je?H62$Pb6c+q5JrTvZ48|Smgp&tcLGvfvc7}f;qsC zt`~j(5%4#KJ2GD){WI$ghC2pAl&_@R`@EMtBTYG!nJ8_Wxr9T=VhGi#NWIK&%YKt_a;vicom!qZds>o zx30=@{@7^7cj^2E>9gWLa1*9aKeX3CEn6x+ii*3z#)=#Xt;+X;E7}YpdzHxE!}yVQ z&dGa_!JuWYE0qjtC4V6%qbZzhoF^xo%GW#;zdp=4SMZ|HYo_2)H~0C6skicw%o)0) zQ?bQk=+jvGHjRGW&F?zP7T3Tx$`@aW?;AF4aUx%QStYiZ`lR0KFnVnzek(K=zf;z* zgL+nrFV5J^)@={8`JJyMG87)+yG+d&t-%JDF+Nbf_yjE$nXARBUI#DD^N2|$F?5fV z4^4nSEm$IRf#Y@NT)^QNaF}o9P+DgBJj8FPdBI!2p=o=QN@~=+o44c<@F{W=#@C;T ze2m2pGUpYw5+W)YBjNW8Uz6)*weW|14-CJIyI;Y*Ew^^L|3jw;-34b6?AaojCuLl; z6k05^Xfcc5GK&^6m-t0=gv=k;95!iDZjOsqImbmA;MA_O=CC>L6gnsyQ{a!u*^9~_ z8m#D`zU`Ih8_G&-k+hph>{>E3I1DY;(`MBibkcZu;#G32DSKk(x_$y0NQ{cze$^b> zf7SGVmV*DKoFBi5vCwAAZ(j!fMei*E|HA)aY{yXWF7Yop;5<*^+>~*l=}5sVxH5HA zR_rCYxAch6;W_RVPI)GIUuVG2Gr^~wr%~ie>OT4&^q|Z%_+q-r7pv_3>Bx1f7&&_$ z)~n!R{-n8my`+beuGaH$Vk=5%GmMO(2Ul*k?uA$Q%M+O8z1*YEbmu)fvdLKMG3Sw5&*!SS68g6?u7C0QAnUTt{L#CwV}2yNb^d7aB|?l#E2n@f z{QM?z#x$+vx2ZdGsOp?CXy_{Wg3t{94?{0|j%+tNp(%s%$fx8$4`xt)3Vo$~l9b1W zJIntc<(Wf6{%#H&4Ks(9L)r1@0q7s^H|WR$enP8pRS^GJY}E$w2^?@VJOdmXSu059uiwR+tNeRoApp~Ne5z*gbyDE z_srXrU{QIy17bzBJV~)-wfz1IrH)FWzKa5@XZt(4t%!XCqAEfww9Mz=A@Epa^{r) zYj6&@!;V(k-_p+r^+n*NCE}lDnCHuN7h5+9xI|y^>>zN;TxSODz?02um>Cw2(w_2N zgU~w7_NAy(wAGgWN-aHSziz9duQKv&^IMt&?m7?B5xOc8w*W@hVeFuITbbLn(E+D+a^tg zhh)CQ^c}$wbeRhb60@2eM;{rJi4KXUj|+P)@Dfu9eTdgqxF(1HCbOQP@HEdppx$6M zv;gm-(*$Sxc&7TsvxI$v*Q9S`mtb6GPm?TwkYJ>I^GO|3UBwy86%eB^dKz&&yvU|c*v6}BZ( zi0rOG4w2^&`b_x!SJ*xHeMGa(1O{1a3j@=fGn^O7TDTn(pw90`);`(@%;;q28h29; z>)jK@4sdoxn6)D4C+BHI3h5hlR;^(TQ}jcaGvjmIftoPq+T)KU^*3cztr^m$n!Dhe zsrt0CuSZGlVObLjLra;F9+w@ZCmlAE9DE zWL;LhBj&I9UH?&mO8P7PR_}=KYJL|awiX=7+PQj1EKl=0jW}7c;llf2&L@R$yzor~ zT<7~`OeW)D>@58YK_6^PES!o>#Lmh3wJTrQx4U6Z;XMkSjy% zpV&gF+vGoM{V~;V?T4`PiaXZcgb)5U(v<0!9r%-Wx9cr26E;2{iCe!OgYK32f%f9M zBg_lP_{3Qb9c*ylD*pRv%f>3$cbMza8vM}{p2{SKAmUqBluIm(^L;#jOMiA-{RySO zd-PrKw9nBu;c2@+yW{q6$i9sbx+6Rueuh_Wf(~Q!7Th=Q<8t(QV1m93bZc8>pN73| zV8$tFJ+N_V-GF=LJIGkIin?0SZHLMC^1b*S_P2u)d@DM1sjKnTrO;~`IKG?mKIkuF z&E=GrIXLcBTjG!U+>O8WtGy`w1HRCi!fE7hb761Gdm;n>^Ob;$*lS|sU$V~=5WQmJ z+k^>zQ~TG(v45?G{cE+v^7>r9im+qal2zLUDv-duftevitMLpW8c!-*1n|-e(ilR3HL3b*Mi7t1GZJ-*kzAW z^S-4FYu^&OPVHNQ#v=E%QkJnp(RTLz$zCAvuGZFpNo+;4?zDJAd`{t+Pl)R|&Y#G> z_zWL&Eq+QOxzH2H#n&vku;rncy+2NUDRUo}8q3i{A$|5LzyQeqrz^ zb9x(@)0+YeI=>KsCmB#= z7&FcKjQvXgN9=~|SF&NfL12YW%6t0SpS0jnJcIw?#IN|dKa$uli(l^L+MNH>OQs~^74+wWBU<}-55glhf9zKK zds^m4L=LLpg9!W}c1y#S7vrat>&yjXw<7c-S7?i!v*$uK@ID>=C_c>3HCG@9A1s95 zVUN>=$K+iOa-hBwzClJN*?vK`sf$ecReO3?r3bqNM*QNF!uV&`^DL1(IQ^in#`V{Z zH4#7PjX3$(9q0e3co?hSbLf|gepMp#-w(2X4^$vlR& zwr}fEpT=G!4L<>!kMAXXA-MhBjjd(C=82Lx{NASGM_bE7H8_soM^xcQhz}_;5g|`Z zI&rlUZzgM(>xCDjKj?hvZv=a>240YN+mMM($b^h{BlJh<7R56zwf{H^e@e-R@R!t~ z-svSP;Xl>qMDjt*?A(XqQCFihdr12dkZh|hxgMEng$KT~@o>jy;NeT{^jTZVG$=FGw7a2F=voX4bwU=;~h5f3aEcMWyr~ zUTD>S_+#64_+ccp#vUpjxB9<034VgV#BazQ$a}u61P{U+x595B;Wuny74O$yWxb!w z`zi2Sjz4x5JjuIlLF&Jm=Qh8gt885?cov-&rrggpcOb`4JtAuv=DfE&&$-sB+v3CH zwC$9=Ryr9ze0M<{AFfXgynWHLE`c39`z+q9q5rk?@d!8++U>a^vE15xDmtW={v83A zD-+POIBq|t#DnD#J3AKtM)p>3XY6nLTB?tErruUQ(I{Ym&JpBazLT+oU-uIS&bSSm ze-pl4IyS8`8(bsrGM6fG+_}6@m)s1a9KI0!vi*xI{)&GA+->?o)Fr-9HgO!{3yDu8 zJXJ{@!dDmhLbO@U-t9!b(6$4u_ey`3FZA=Twf2ST{{pP^PxvDfm~?D}@L)AC)}&!; z;`eR?OMAZ1uLK_Gb*aA4cPw}${xoF!LKck@(hdDONMcPb|7ZZ$wtv){>$dn$cx_l4 zyvF=Rv%hpi`AaSPp=ItM+eIw4$UD~&bcBpi6n`aa_iNa{vQ7#3%o-1iJ!!>P;PfVZ zjdb*i$i3nz@Fl*e@Krgy+p6DIJ+dEG`B%`%)|*Y_WHRN}9DB!)A#B@N_m#vlwj+T& z4PiXzoG)6{-5^?b~-}~uxTMCb7Ic%{}BaW%l>PD?-Y7d zIlpVv)-#1uHEo306Cd*rG6ypae@1M{RDP%P-Sw17WJ82Ua~v=S}uZ8aZR$Xfwx8$8O zt!%u&X*l4lwt3Ogaaj%>C;HEXR?`H&wGQ~?{&mN_*e`ju-+CtfllxDsd;9$tT_z6f zd)87EPVD|B;-|Lksi{AP1Om4HYJ=ZxyMF%q#4`Eswx`=g?`gvWn{9t2uYG+YeB!jH zyW8l;zt^6AEiliRVZY3?!|9c7W{r+==uU-ADeK|0MctB+{+rXc#pVuUSQE2@CL_g==5XiLoGp~LA zjMvZ8+UUo>Q9ol}v_OiD_crw5h&VVuSN)uOU0^WhuP5@I)VLR&)cs!o&u8oBF9%#U z9C7-&;aXFMKUe)sj<)-4y0jq=qVM)uusGNF{}FxikB@h*3pCkwEW3UF7kHme0Pnv? zKc@zEUjjZKN&w$Kg3m<$Y5U_HSKtO)kF-PYyFN$w+R@MZwA||h<+ePu0iUg(hbDmW z|B-%X962&@(B{v)_W3hjKgWh$Y^!ZvmAH9(4*m0;k8%e#+IVk6Kkto$^YhZrQ`LCn z`aszy?d#{#e*rx0>1Pv;VSy)YIO6nkfz|%!sGs4huLL^SeAR|Lh`yU0hl_u+|BT$; z5Gb_yC%b+A7kF<@0I$vSpQHc$68YK#(=Gv@Jrcn8@6peC;N44r@7R|w)*1f@eCB*q z%Y1CE+8dlq+!u3BzdKVnoqcVi+0QVVSeU2S&rp7=#H#fQ^e1jj;wj(Yel+(IV{w4^ zh~I9r=A$fG5n7i6Yg_Z59oonTb+_cU2woZ3_37b4$R|QpmD?KpaAnRwD ztOFAFSjl^trnn3uvLF06>P1?#|JA^gE3#l#m-g&Eb zD&K!&fH+0T(H_g}qtz7?L#z4^-roZ6o9X{J`dzbrWMDJ7Tm|n>v9_7bvmBoN47|&_ z*_+h0Y3hxE4b(*}Vl4A=txoVO`9Yqgj$0|8>@oti zBg|E{`nG&zpmwD7Eo{LT8s)6UmR-rdEgAK9OE_|^Ii`tJG-pVZb%UfxCE zJ`?;3tXZ!-vVZZ_8|z)MUG*E5QxC9~7Xj<2-_)01bD%!`p%V($tW|6Fho(GJUw-Dp z`mD0Bf;AN5nYXll@lzkyZ)gB6V0CS!zMsEXpZ=pa>o*(^DOj_v3hZC}#QOSaC*G}} z_9^uNtLvj>`!{4iU+>zwk8f)ftm${H-d}#xmii4J{JB1B0DTA6y98F~DX=cC`t|;4 zOUvpPU%#_H{g#M=HS38-_b=}7TK%-s74;jAHYixrum08kX-A*0pVs+c{j{G@4!mxd z^uPOESC!VMhu^Dry#=m;b=s%v_Lq0tTA%gjx9VMQ@(jFYUB7&P`HxHLH|*R|UtV!m z!J5^xaQ}u?o9Y*5f{&?H3f8R0m+s#%@}>I4ufJIz`jCDC>kwddr9ZiU@%%qPt3TJL zXB}5CPOEu*f7X*P)oV)>wyzBNa-d|Rq^`C#OFMo{w3+?|3PQs=2S)2b_ zA1Xd=(*FCa_Lu*DYkg?Kp8E3iqYB1Q-eddAX8}*Qck4GyrO)7V+Vh3`(`T2}PrKnz z{j^ii2im6(%imu<_o@2yjUUy!9*Qa$(;n)i&I6VC<+?oce2XDp6rJEap9uP(vzGMD z-M?MwoCBub z`CHye-lBEzUh{XWTHeVT!#Zf~>TP|uzUAFa~RyP2ANFAcT^EuPn{=SmB?zih8Cd9j)I*1QzB3`Ju4z8!X z6jul5ciVL=p}whh9m53mY8xyPY~%!;xHu z&2?}+cpx2{SxZBg70Ntgz%%v-8r84SiYI5x!7y% zVeMY*rk6D!U&+-=ja7pW&I zJQ5u5kEIBY^kdBy_-t63*VK96xF48U%apjjD%Q!ov(p>Jc8l$oy%MI4G52Tm&ybw& z{R0^voGDxkZABlrdU2M?I|Eg`yU3obU*(8>&HWl@nP?@l2Is8fK4R7?^#`|1=U3ns zKS1o#vTIDgEZJe3WX;N6PddU`OwRZKS?in9RjZprPFIh}wk6YpkmUtk9{bj)N7w(P zOzSsiJL_(?+%~^^&U_aXU4Yz{gRACu@0jl-zD0Bad4um_--KD`vGqS$N1ZO7O}SRD zLl@sQqpS9QME6w4894dc!qtOj&uA1mN1w#>iwxU-eWhC;9FIu ztE*KXH)x)M!|*6;n`&KF;)X)3Bbw)KJh)|^#4W=l&6>^TqXzjt( z17=Te91RZLGuT7i$G_S=l^8SlNchY2A2emqk5d&tie8&4 zF(dF|qVMkKyT#}i;o~gHG5(5vN#EuCo!{BMt{oR7{Jv-C#p95%@V?FO=KNI4da-t; z#8`9-jG=9nA2Y?j#Wh=tts<6TJ^NrZjl3e@)7ejH=Ox;SI%Mjz>c6JB{za<(2R@_z zC;ra*d)W2kuL}HAKcoKKzq9^N4_Nr|nea<|X?ysY9aq2Y4^M@6#n%j?8^n*BCi;~8 z!`pQ^pXcZ1uh?6;C+0wYMPCKcZT7X?+xRy3tF**#NgQSvUqJTRNergaVYJuZ(n&$u z6a9GWbmDHYzY=q4$6$NV`}vx?z=M2vun+6l3v>tLm37#nTH<`GfZ-YJ#T4?hjC*NW zQ4Q*k6O3z1>XLZKTI5vP%GZ1a9^_Hl z+Q9b$qvXSqefMHlULlW;)R9IRC(L#|Q`kF|1FW1iTrq~fYR*Wi2Bvi4Jauf9l#^I; zslOE69qx_oLf40|&r5<2u9nziX|srS?0FA#5N9oUDr6taPR?4&r=09(389B}@=o9p z+)3R#iMNot^Ilq7WUNYXogTgm;>hwk8@Uehw9ocW0zj4$utx?`T z&-) z#2s=L9QS|Thd&O!uhH zd}(c#Iog!=q}}E=kzr}`z4qD!x6N(lURs+^IoiCapXd>3^Ed6Zsc;H^UJ6c^JKDOa zf9NV{>sRfxm55IVB;eEUS@y}^KffD4D1QHZaI?moQdj1by7Bh~{<;^7zLI^7r^2p4 z6}eALUi2zntV+#YUBy25rP%qh?XJ4f$YOQMLtDy`+f3y2R`i+plwss5#P`n;b0*`S z>eQApwfNu8G8-u)@@J2&Wbg9QQ$IUUrMr!#r+##x$|t`w4^*Yd?+*@CrONNO4^(xR z-#ZRe^_JhU2detHjePQ1Mbg}coc%2AS91P?z_NliB0O7)P8{piw#M((X8&(Y!-tXh z>0HKn>KYxB%eYQmqt9{~lc{TTa4usjbq#;YJ~VZWJmuosrs3O)jOQ}$QO~g*xr|@b zHTI*9yf&x8 zAIRf3XMKi4ujr=kq0D5~*@FCr4kQ0ze=J<%k9`?@%d@HML#fMdTQAjxy@6A_4`sL= zb(?z4^o_h`o__i$v8=KWUix~s)mJ+Yz%HxLV!!M1l1+Wg`2KWW$5#29Lz7*xQ#t4a z^5mI(?NNN~f&O0To&>#Bep~3<0lIdChAGfaa-eeVe8DEIbHOgHOF@m6T9EAOS}?@b zt>AW7_kuaD9tAm?`~73s$45E0@=@1=tJ5hznrBmxizsr^343$}^&EpIZ&$yblH=In z6U2a@#4eq}F0J;sO9(aN0Q?xG8+d6aI z!MuKi@zD#N&FkIB@eAb9lrkOUx~Em1dEFQKTIG@B=dY0K&e2<`e=M**)*@4+88J`Wy`yE+%F z%reV7?@BFbf!$R%huBC2w)d+^TAQlf5_P|YCe^>8QQ1tN5HQ%4NbINuztU%_bs?g_Z9Tv_l(|K#oR~1vBVu81>X{TFY)*hy$><@ zmz9)_cGZ=fYPze}ZEvsn@TRx-eE7`Udn(*11-)DyR!nkTwc-_Uc_|G%xYRsAx$ND4yGJ0KeUPSJ zYQ5eia+vRE=g4Q&Z_azQ)W1Q_ZTo4rz|eN;zpst@g+DK(w#1W5ZVcJ~SFUTXWU^Oj zG5S}0KbaR91YgQNa^_fWAa2)qS{r%eqEGev*?)Ey`6!JYu8}vs(NjA$`sSO}xuY9& z_Pk^Ng1yPdzl(Jf{F)`~9T=_kQ|mvHSEVa;+VxAmmnHON^qtrn?8gSqyps7288iRB zjqjJRHj~+3t9ukUW!^?|G4wU-IW>BFpMZ=#)1ikNho_ROoO;Ngu!?hSv1yKZ8g!>Q zevy6p=H6dLE9*J=0Rz6-Ge%bRH}?gK|9l@lV+21VzmuyX|8oC0R=x-H_c-WN37k(@dRVjm+5EO!tp~LpPuXLskb`FSJl5bg zXqIl#EbOG2;9O{C;e3kV+!}x7fwLTNrq;R`SIGH(b{jHB+)Ow4U(rp*SJ=>Rv{T1M z_AUGnyB30m`a}LTa!yYWd7>_pc8q}(?JOP|)fVmYOxh(Hr?kw&IqB=zXKZ~NPmlG3 zTg(0WHs~Q^73cm^*+*JAj=pDNXa8Ax2rh*l7B0`f2|cp$4aVV{IO)L{uT6R&%ZeUK zuKls2?bH#*p9^Nle9O&&+P%ytzz5RaV#bcLkMwS2{}%XVy_J_ke9x=j#h0Rtychgm z1uw|8=+h+p03UvU>qVtY6=xRN`d-k-E)%uksNwd>OrX#~Lhb(d{@Jai!$G#jG-v&lmla?{K z*fGh6C;88R_;O5};T z03%WV;`y`j%GUh(A8qhwvD!b`6_HCo#;W!iU8dh-&MnG0=GplElA9%mxs=RK z`OzWBq>Efy=>vBZEkeJgqu=^-#<24{nJ3st-vzI&VC~L4268Mmt|AU*i8+zEj1L_4 z?jCiXN{c-bTQr0DQFYEbu*tY2zrV)%w_Z_(-VdV3%H8lMx=Z#hg=kCoHbT2jKFxiH z@i%y%0S`+YYyQAD$>Zy)%cn2!nNbNGku-m-8kjr2isr~V&I4u)B?XN`QAwv$~+ z6*c|eCikPOu7>Y@@YZbjEP0SwXYzIHifXjv5_xX(TqpLNi5+m(8ILEy(UJr>dJX(Y zS=p0;yhdnKAtw8AEjZ7=3`=7kJG5>cmE1FT{=rd|!fI zvai+)e3HxO4t&xoXeTh*IkvL#0djhL30vde^2tY^6jnhOyDr&ZCgXa^J81HsDgUi- z2_CPF!{g32C@Z_iPt*}9)>Vx zkhr}n#weSTy#?M*-ipKcUovK>LKk*|27-q&%67m9s3tx|%2!jqOv*8aNb% z>%oz%xgt~1=jnG)Y&Q5%bBWX;>w9cWd;ATJy~W6%^jq?1>&Qi~OMo+tvR9#pM2|{e zL_eGBc~(9h%Z|%?$?>;J;<0E`_L%=dUHiAlyPtDy@|spM-|_sXj_3DteUTo6r`8T? zt#ju(c*>Ti-O$mQpGorBi7bg6$vm$q7fB^y@RNzZ(;2!=>46?&ZdmT`fwtb+IU|>V zC!ynE&3*rNWcnHAiFRJ@DY;wl{I|>z;x|LPeWPz3VCJ-AZq4-F8Mp7iPXNct*M@E) zqs?^F%{9&Q3;bJH(~FAVEboNYGBy{zS&a^TL;2yCDZa>Z_#huscLW`Ye=GitwFlSq zrA0+n+m> z^=;M;xXxcclzC-jLGT4$wg0&`pw_%u3zD4fl4oS#BXY(Kvca=ul-WfY@#&<#B>8jl4?+XZH7UpVKLKwaA|MbQAeT@?1u; zTi4yH9Ur(z0Y|AOkNkRIYnlIf0{#$vd?B@M{_qNa2#&$OlQ+~gw8SS-ydm7&o^ayX zc^z-Nv*K{R37p&d^&XWkv?af35S)sBb<-!&t;)whm+JVdGxA;U%eZ{q4DJ3Q_(3x~ zE%)R=yKBaF&3r$Q_j3O~);)PXit$TkJZIgLS7r$Ji*mL5gUrt@s@3jaFTba?`=`q9 zr`rAf<@Z_MpXc`p-t#*EejojnG&L8J#d^Cv7xDWfs~ZpRWZ>`W*r70Ev5aK&Ahzid z_}s&@F+3ChD+JFC_%!Q)CYyq7z7J1t40&MkjNhR9!P&6A9!k5_mq5RHQJ)pn>1g+E}qGH z>@vpOoAL3*cPb{&ALp?JikX`lobD@F#F)4H(OO%k89DUp$mO>jki1MaUHz+@9@6U25o)ea^rg({gyz8$)U}&fg3%rEX(>~{ z_^h_fZ%BS7$&IXhvAH7a_;~YphCB+d9B15F+*iBnUfM~a{h|8E8|U=(uP#tyUUQyq zHf;xJ7wkgG3Y75W0*E0=%Ja&%qC=}nzki}kdlXNUCrG| z{o|-p#wt%qo&9f6=P-xRk#bgAa1!%>e`lSdUqr7i5r62N+fUOQN}%sw3O)W=-o`MWAt6tzKYQU zoo3%V@^;of8#-<5PkvH-AZnyAN*$HTqVc^1-u&&(I}mUc0S&+vsNy8cdW}K=|UD*6##B)yw$#uY!w>$lqq_ECud$=)@QKrEfBB z8lR#)oT+e*9+~1=m@3{?|DbF)qt|;@@ zcim3R%{t^m##13+7FoGH)@06Q_wN>{oWMRAfFZ!{A9yPA+{~wKo zGR_gbSvgVGv{Ui@&G-hJ2ddDg)j6#1f}5K0$RT<|U}(;HkA4hIrp}4j1!ye!qp!v; zgpob*WnaIgv9K;fV+~&qMDje2b!(4W6Awf02)L|*-qqQhtHAt0`KL{FM-~%KjFgN4~PJXth2bd`pjo zDs;}%(qmPJ^jP&_Jr+K|vnFtT9-Ja?%!R!2ly>U~v7>JjubCXWDIjsnb(8R)p-1>Y zHs5FSeKy}`$7;?Kk0y3cY;BXw8+oEx_&DL59~hBYKQOB1{J^N5`vc?n%h|EoSF>YB zUeAslEz6EY^&c9?d_OcqzG_%UeUo$JvGq6FydiBWJ@(yBfy&oiCZCpZX4~sovA>pK zgK2Xr@~gq4wvQ789@Dm5p=3B%MxIA#>bk=p>#t>gn1=j`Oo>0|qkdUO7%zi!vdoonA12_Py5hZvr8`dEqfG|jy$Wy7J!Qyc(Dqe6r5C_^;>># zYT(@@t;ck)_Dc3W_ly*uNMfkpLB~wN4;7sinpY%#Ef7p8tb|r#uT!hoHOlJ`X%qgUhOo=oaNOCzsrx0IzYJ5_;93DNa#k$)tEw}o8*yfL6fw90Ovard~pYh~9 zsiZ$)`s1;`ZOvQsXIS7y^^G~#RR70M3S$<2ZTgEHUa$833=0gk+L`TW=MLhEY`n?& z>Y+o>jx*OaiJwNMLmRsU{5H)T?c48rIqG`DSyu&h?WL{*j=HkD1isWxUAm*L$&UW- zOz@4}r%$}*I)~t|!Et?x>**pZkA5*w`7*Gu2Qc(1y!bNb@lhY~Ui;FO&O&Emt6J$R zwT2*jPAq$vZRxQ%UGxkv#_OW7k7!$uqi^r%uH6_x@0>vIo5A z{zY;$U2G=4SLHhRc`bZh$e;M~=u(Ma{>vuj=-_S9OO@;3y|u_&A+{4;6~dSU*HxPWi94WY{^Do$nhryW&wlb_s&F*Za{z8?Y%);L6~J*h2>_5$s|Wu|XHS+T-i7jUnt%B`^hnN$jH<&kVdG zAm`L>5S_e;{w~Oh^`gHa;72FyYmRFX`>b@EwMJ#}mZ@{E4^$SoOh0)gbrfX9yq|$H zo1en?;g$GKvgay@KOVs^3qnKTgQ>~dy6i`$-7b63jQtOT7m3S}-ydNoI&ysizv8efEjpL` zce|}D3e$$HMau7S={s$g{eV40@XaE8?`iyIF}Ho(_lqs!i!4GezO24|tVsNpG4Rs~ zWTFdk2JgAxPuh~PU=4C}9GZyEmiq1Ia(;?OzCrHZgI4nGFOi{l`L+h0Qsw16w7=** z=YYxkP zd=6x%iR++2vooOG{S%i1;$HmW6D*r2LV|mOnCub|z=VzIF-iur?nXL`>&EVmilI z=j!GYM>2zX$}3qPl`)>V-eJzsZ6&rx#yR3U#p|a-DT}`~YS0S`*ICSU`RGecZcl|< zS3mSHI&=}^$1G$_#dUz|pOJr|3S7WX=msrzi{v6;Fa9oIfS+!73fN@)xXCYLT!BHx z*K)?JR{Ey~BL74i4}L})PW~cJ&f=%bRG+7DZ})RJzVQFY z+`GU>RiF9)XEM103J8jdHVGkIq!q0dn6hmq2?&T={i$1iyVxc$ASl~f*Y01f+5{3n zOj{YSn_cKG0Sw5fl~P^n`fCBBppCX(e%qVfGM6L+#46y8DQJH0&-a{@IWr_&-0pvu z*NfNW%$)Q6KHum5Jm2U09IaDp)S9x_sr3uj-u3;>DdwL0uiwA^*?-t-@cjt3@y&l* zbN$>O8s46;6#TC&7H^NY@y|Y-;ttucVq%|}_gOa{^A9!em_AnRd^R|rZT4qRbxtaY zK1!DHiGE6swfFq?YqtXGKmb z!8lXt2U-nnL(nz^ZOM&Xc^G|n2pAInb3E~@UDGXGSYtQ?VqJtS92%a(duRl^u~&WA zJ1;Ia+H2pQw93rdOSyLGFpvH+yOH4zXt5rcrUR4SW!wr(3*oo=UY>`)4Zr0^R4>$* zJ$|-!)%7EPv(ez+M;^n*_ZTzhQV)+udDq`kbhzsDG;afQWXsO6C&Jgixw^%SwGq2w zk2ThYpKIwoV)#IR_C6l6QeAD9*+We}N~}v>y7&TmLtKbX#hzH?vy0~;d+f0*7gUU` z8$>>`nB0%-S~0mFV7xI7O{L?j{rL3UGmrfs7k6Jrjt29+d;P7Sd*XsNd=Q?!fV07F zjFqb~?6?4(RuUdX4PvDe7i`qNg(ohkGW$8{eT(;Vc$S>gTY^pbC}7idjB6LhkGV&% zD&MB>{`6XU?oK^VZYl~Lipfot@OjLCw&C~RJj?zGK7VOF^(bxV%DwpDW`A{LcsKq@ zocn}t#iE!04j-!w|9C9-l~s}#pihhZ6?C+GYImRICFXPS@=fscLKbXqcwqaPU|R@o z(TRfpyY#`0;fstK4S(a0D8|pZM!fEen0TLBt=;61U4KPu)t<=;avhrA&5L_&W%o6} z4Nau~;vr-gxJ8TSXIiTpcb&%>T;5TaV@y{A3IeS7&n89guD1#ePMxLxnnRXyQW zWWxMrjR;5iO}h9w?ycflb6<{Z`1#Hqr^^qX3Vf+9-k&}OpJeY%!GL(N$j6yL_ECDQ z;w58!_pcKy@)KnHWCsl$dtBdE`|HYuQSXTT|K^wb_j9xHrnM%(We0fFyX%1`;^N@} zV&DeJemimF9sKVHcRv7ki8~mh9UAmwTZ;4GMPx%dQ2S-FY4RB!247l>ctdhf!WuVF z=e-gBjlxsz_p1$rAC6bUU)mR$0q&|RQ`bQ&$*?yD)0j?;xBbj)=b3AHW_D$& zx}Rq%S#SK;_`P-f7kC^WE;#-M@Z7_mK02{?4Axxw zC1AP-nBK6@yLg`+#j|ETzvS6Fo%QgHyPk9O?43OO%M;h*fq!*>@W-zQ{(IB#Z=zPu z>=4f=&R)cGp~}>+ z+~?dl`-aRIPBEC9m&}gCOimISxbffy-rwGm6?Bt`*d8F>Us{p z&*eWcq+-OT-mxe0K6btj>3R0QdcQ}PFXFo;IkqluyeJ%#E(g}l&`!GiXTL#@EP)2M zf&V3yssE2>V~l}5-+rq2)3qJa!L`VO-Y=uN3FVacxA{_?(l>j3sw;ZcdeJg9C|*0V zL37{1+;=kf9hIp$!iAS-vS{C5Tpn8jE!ZoFE`b)nGOE_5kL-kgD<&rU40b)vZ`I@M z-)cp>3i9XG{#1Mhx%AoO)~_YEegnDnIsQ~~uAlcf`FV$vKXq`CKh?d&pL#1aGH}>` zF8d4QQbQv>yumwysRxNaQI*e!)tZ!;%syKUn(9o-2vSC+F z`)|>alCyE()eFCLrdh*4)-aeg3}X!=Si?xxP|O<2Si@M>Fo88pWDQrahRLj78(5^{6j$7^k@_CzzLFyH z?)cK;OW}JQd-Yx&ru_2WFF@~ipi#G#im$a&9mK1hJfnE7i|6+8x!>fN?|)!FaciD0 zugTs!RPB6juDza4eUR+6 zJ5JX?=rtI7J@6CQ>uz-ITIpYpy?%%DN>?9k79B-5<$)5&Z~=36ETVQC-u2ddh|iV7 zRW3KW2z=FmD|mOg!`Ch1Yo0TFjSuVP3&Rt?&LJmD46=_nBaxHpNamzEyNONSAy#=e zC$;~>oYaA1IjMs^Iqc=Y6J_TI4u^(?4{bgV9d`bSJi%P-g+A3$SCxu2RHa&>c`LlJ z1>V>MZ)_kxA>Pp1l-m;gFSoqk?A{lXZDkDkHtu)27yCa+c{=UCDOdMX_QYJ>?b@%; zXYKubkQ;B z+2bRh!}`mH1P+WHV(a;a!JIiA;#sr3S7`PT`E6wHnST5GD71{ZG;YHmnvISN5%aNz z!T7jK53`@RHB+wpi%%NhyZQJcF0Jhxrc<-%*s(R(ZBJATg>9(|P@I}5z-ISXzjSjhEBN#6a1Sx1{YH`_UM?FZU* z3w`V*;7^L*v-cQEp+^lmSMO5xb8h4W`fqmVzZLv%u1ww65B?>mqW9Ob@E=W}i<;0y z@W9u3RxoxpAqU*wl`wl!tF^Dx0&QGazU#npO5S+X;f*JN?a|8AmrnuPRavmb9|W$X z4ciPCwg(;9l4;oP1~%J&D2TK|Q&aZ=4c76u_(lB%Vr8szEHTgo^zB3|)p-T^gUMX8 zpTGSA_VbGww+vl17X3W|*`Ej=u7GZnId^(AT`Obp&#jLfkKf_#x8=^0sP+XqX7~b~ zvw0utwZ1@-`Svs40p>e6)k<~K%i*mg_f%H~8sT5f^*lT$Sl$2Ai6L9rbKXfzu^9c^ zfIdENHa3=+%J>y+mc5srbuAia{9eG?2eS6TthK=kbgZ-jolRDt>p?4!906P-feZYo zwywJjxW@Vd!pRchqyU@@1Sf;RNdxs)D>)C<6y(_;&ysT)$-WSHI|$yo%PM)cGVlzv z=*16ll=r-I4)(;)IyUFB4+AacnV3H(Qi9D>u0yprG4MZ%d-TrwN@5fJ7DvB$;}UAx z4waS+5C4gCT4t?IjccFJq8q)>`p{dYH|2%9vz{d%vf7$C(BwnBW2zQJ_!#Tp<0WT( zha2pA%JHV>+BxZZ$~z67Q{XuTo>QC2t&66{N5QWl#}L>G&0T*cVdo!=Kf_*LhR$N& z!kp#VPwvCjTL&CnJ(!v&49P6Et9{qOpmg2!e3S$T($N(i@TrGzBzGs)sPMAh&xhcd{(l? zQt~vV;AtLt2S2%Gtv!cxcJ0*U$nL4;q?&wHh`zJ3ZN2i);CJLjb-M%5vqh0DpGTg6 zAy&a!kjtp_-h<$c+9CS;1Y%or0`W(40*NPb0v&T%V-0H!S*heA@LTN<9GKw`7++#D z=M$>^9)H5^)4_NZ$j?;d=T3CWJ?NA=dmrQ&d0BD=Pbv17ulESNuirLVR(mP`wa1gk z9#0p~?XvQkWXDx&VR+M7i`M4WHo0r}{yrZb5#7YYy*gkR_($%&^-SM5KTFn!0W0$D z)-z3m=cV`Df3AEV7$^BYKh68l*6o$t)059}Qq^PV{8dh*vfO%d{>9Mr$x{5`;EvfP zspfbYvV!i>nSAWcjRTPTV`qKu_4SuNe&pCIuN;~Boj)F_@r~?WivByuGY6%gfJOJu z17FV$dhqp;-+TPX)UUmKWa@X{Hur9XH_g51v2OJ0z~enn)tmZ|LE)cK2dA?Uar9L} zdW$iCqwzj%k7wq8>^rZ&`S@c;=3e^pk@cT(=4Z?SLxOkDed0UU1J4qCi5mxu3kGV! zK9lD<$X?~a$>>nV)7im_L3VzO@$P>1d*3t9RPxNg!eF58yUsK0X}Zrm?K}gY57)Ev zxOeJjJah3}&A(e_uAl2UY>DQg$ZkZ%Xj>iy`^YbS@Aav#Jbq+7u+MdHXJ9Si`S08F z-s*Y&pY%NYeWl=%=bw4=@$X&#?BkF9oz}QiYb<2Vmwq?B=JOfHf&XgHI4d;{cFH`% zI9l_YgSMJ+Hi~uy-`?TEe6Q|>erBzF&elA@zFv6$^kYY!{oX4_)_*B^M07t$&6ma% zAL&!N=;|TXN0q{(_~IFG%{+z= zC)j-0o=o%MMSbw$B!?E#zoLnOgHHnopN@Py1C6hr`pORtZq5AAXzF(y9@G4yk!bDC zKhc>#k)HoJ^+VZmz`LsrFPZt_DKkHxW_~_*+jvYJd;GhvPyOx>k39R>D@R6t&&ERx z8V?YUb$W2R*B9_Hrf|?ht+Ama`%Mcr74bxlnzBToXS7q{;-`a7>FP(AmaqMvihkvSZC!i1U zU9!jhcgBt3!^9_41`-o110DE*o#>D*{J`X7{GB%Hd-qlb*cS=dK7xBrG$cAcbw1>G7Jpb_r?>BQc zZgLbIEq~SASD$~veF^TXAD(sJuDlcO`z`m?o|AQ7@Wgq4$$dd&FJoTo#Cc!fzLK-E z?yEm>-e?=9-88>kEz;bTRu{&?boQ znz1f;wjMZikI6H0kNjKdeCf2ZLDp-QsbzM=G{0KNW#JO0-{f+y-zP6bb?fv0a+ zWAJ5Pu-aqxkIzcvsNd)MS-%+*xchyMo}+#Jrnm-LtkE7)HZ5HLMY1&gytFJ`ihhw# zqGxyc?cSogcIC_Nx0LQ@p)+-=UE78nm9V#L`$}GV!vn>R{FYe(ug|2p$7t@dAm8KD z4aSFnj-9|D__TNF!r;!o3R-8&x8lzVWO>x~#&z`SH+?ltY$~~j2Nj2ZvxFEH-iR}P z1-YN4!0Y98TbE7L`zltKM!yh#YwiabI>*F%9zRd8e|T;hZ!YYvkC*+v>HgMZ_XkP$ z+f}@)m|ADJ%CT2EU)>&fU3f_=!w zKRWbD!RPMTtDa3f>&0&eFxFFl}$9fNKDZT2HbCCS9m&slLeIMY9 z94n_O0qyGW>0jm?sC?f84v+Nm6Y#Iif?w}n67TAt%RhF1lgxe_iE3aVuG1MQ{oP3{ zrL!+ukM@-Zu^yYR?Q@?=Y*>`FD4&+7hNpm8y#h=x^V!N%b6$n@D9;;$U*(g_J|>}U z7xJ};;Z;o2mW-Ua6whr4M`W!bo8IpG z8n#gr?0sK@eHIZKFM`%fpm_+HQ=J6+j;de(_kVNFi_fL^61;8n=bRvCAGD9-i?sgu z{pOyY0z!pC#beYX!Pgax13kn)9Xu!gF)=y%C!X+yEfX(&E`0T^#K-(@!EcEr+!w;< zScJ~wS(o4BFWUTO`$Da?$N_w@6`pzo-l~AF(C0Ufhj)6cqV5CRSFO91zYoGkKR^D! z0}ogOnu>h`x@DJ>@LC++>m-&E@9CVI-8Z=?G7&xzESf(KPrLAR;+J)e#6N@YX2NfK ztO9B-3%g&2&wl6dS<9!;r&n+$2sse{$Kmb77380QPr9HMSmh6ohJVGo;(zHb;jiA{ z;`8Bqz_WUzj4JfC3wQGe<+RH`oJI~}8ue}E^rTW<75gTpjxUJMs#rv}?BR<)Z0SxFtstbNlYdDE)EFIpzUcZ%Rz4~Olk&pCw z_^SrOCk65?^Sk5Vzp&71-#@6Z-STlxD-RkM+4S3lP9MX%y9VXAw*mk2;Om7#!B-Ud zr|+|GhfR%c-LTH^fqUK@+)3w*7w-8S%V)7C7a<+~Sr6>Lc3}0wON|k-khb574}8p> z!`!z1wR4BjfzXRMVHEh)_f{Z&25iRu3)vq=_()5r&CI0Sk#upD~kKg;9GrnxC<}F`bGR5M4#WlCWU&~p4 zD|NrE)Bx|ae22T}iP%a{#D(KtFn-1T>^UhW_0m!D5k3h%{;eN;Xg$5>;Y-D1>GSa9 zfuGEUb_*=)Da8iTZ+YZw7qXve`=`oj1$QhRaP(h$$PxC;RnBYRHqj(T9#C{{QT^p@ z$UozVN9vG|$ME5#Gj$F}cDk5x6Yx;SR4Y|SoUbHiO!~FdZ!W|3Ngl>& z3}n}iReh1?8AJ9&^w)Z88P5t1vfsBs-guY4=2y@5bq{kIes}J{P9JJy9rdhZsq~;T zp7);ls!vf*)N7qyjyHg#YlEpf8DIQdHBPk=S$#yD@zt-R!#_HbySPl}48!u%|5kg= z*vc4sFIp{|Y2&{vf68PR=Zl5&84k{)9-QwwJ)Hl3B>1WZ=jg&XcKR+a&S#t+&f7JH z2j`3W!eT5L9Pof#$S+^i@vS%LrLkk5 zW&K_L(3R^p+)JE~FC>49a|rC~7IZ%+`K!~Oo8AqmS{T_)dOsOm@cHm>fAT@I?$z04 z*Jtmls|@TJ65OFal}7KdZt)fSgv0k(xslOk?A-2Up0TsXZDU;Br*S*sYmKS#1lvyf z7I5I=M$_j9opUbZt}tWfch6@`!6$fK80E|8toRQZa}4*naON!@Jw>+P*4egyD86dN z2JJlVH#TUw88@$c6XVJ!>wE0HNHb%XbFb?867Y!TxH)<^I2dhkVDE$2c1|{@lsPJ# zIV76}i_6XV7Qwjzef$~dz?xp$i@xi@-t5QTBrm&v-NQV)Xxv_GPHy*nY>s-rbiwyY z@%IVq&Wqgc;4uMQrsoTMoCG%c6pFKU@!5EM##*gg^UChttaCHKRJeHTls)`Sf11c1 z|Iw%S^X`$tv-0tWeTNSKPvPaO){PtY;<_Swl@!MAhL4K73x}>+*TGnVPyK1Mhn>Wq z-+vE%7fyh$ATrCPGcXxCqr;QvxBd5!#{@RpUD|Gl{nHwNoU z1OrnU!}b;|OJkJ)qx4#a|B$sGtUX}$)mcRDcF}t?nv%z>*Y1ZNg{A77>2JSfP=PrE zlzi{SwF%4L9x9>FDEE||qr6@TWqIjXhe^ zKwhnw--u;yjE%7Eo$#f6%lYVQ`H!-38Tl5+m$mtPVz?CDseH@oIlSi+dDHW^qj&o9 z$2yq9yT{giGW=mvwFl(l&-J(Lew%53Oa5;K>n@`1AO{;zRhZLMf$t!{-j6*XCTYT+ zJ*C{JYJU92KG5sR;lCP(|Kj9O<%3m0BhHfZo||+pQ0%TbdyZ2xLcWT|5stimm-xBW z!_RMvf0$GF_zd`PadSyuxPg~$%)*8C%-prR{Nn0YyXR)+`wJBV3lFO}2CHYKFhS$&^`_b{PzO>JC=wcx1Mxu12awkgRvwO6k?y)NWh zzGWABtAO+U>AaAwhlPhi`lz^gc#k>K>n)1xJ>GNL>z!rRTV$^n9WGs@eyG{&?I2z( zXU*`dZO^7cEA&zleJ*{Jv2JwK?>&6gd|{fe9^&tl$(;1nvqSpVSBv}Lx1P{t-Q!Ka zxXk>fctLoVtQa{#_WnEj#hJQ0^@$s7r7Bf-Hw?ZVOy8Ry_WF0Pp5Wg(vEv8aBN^42 zq#N)^{9 zX>^GLlRKY@W0~_WJ##8gt^B&H4_BFZJe>~}k11aiW8P?);kWI2hm!Gg*`GN3Uq7&Y zUj9xfh8oLw6N0I0sPFKT(~_Rjy{frX{iChp?7Zo(`@)s$8#dVYWW)ZcEZARn`0SIw zzYLiF@RSX|{`SJZ{WRd;`U&8FdvK=Ac;P=>ZTB~wW%83FdTTy9(ZzA}rtG-giw(Pn z-jOdSyJ7cf&NKe$b1Oe=&b{kXuWfkII$VVu&jj;C$r%FEj(c01y<$q`-HdtQwCnQC${mA@$=-5 zeqX!-kIViU{;sz5|8u4f*Kns-8vTH=QHp#2__(b{6ff9yR9U^EoaZxmA06cSJJK6B zW$}?WU;j0aJa04a6G_((DW4F-4!iv&Rimj|P37FOd1)fNbS&0L9%W?rBj_2?re}ur zjO6(|=w|ApkJ8f*zVt~?!jn;O^3QNJ4agnP-otYZ>;>sPL~-nV zB{`b}yjVxBi2T8gQEZ^<@TA9FUey^#)yVxd^j9vz(4A+om(RebKQTHBeo*bG>QqN& z)7e>vU2pvD9eb(q5{^zrx3|yElz%VX)_QEFoj=R5`&nJ7epXri;x>cp2chL!XxWTD zXn>A)LdQEY=_o(-rz>o@I@XdGMJ~61(-q)!1vp&+PWRqhxjt$6jNB)WFKvJE-Wlun z(+{8!92b7Hvb_-b-=AC9o-8bA8Y?}}EWGB~czrOKVsmeJd=Wm$ZOGP=G=5d*XUDC1 z5epobGq+&KoN)(lPGrx8Pxe`7;$1%Y?UT0rcPg&*z!I$kr`W#)@{$is`NX$opADF{ zpu1vsvc863DtbpS^^IlJiq5f2tz`lkUjVGxz2>*v8?^N;x@!-;=C=a--rlvWF!Rsb= z_*?iT7ga!vBK_ROx`gW$z`qr~7~2cq()Mle#erVgTiHGy**lP1)XNvezWnY@%D+9^G&taaaXh#$f**<;ei-ZU!}A8lOnx|U@AQ6Q z6h8=`ari+oeI|_T-2$V_6E`||RBgH!p6EUB1Uhs7404pf53WKFu0jv4LJwYY z-&N~>&R*%&=)J2yTG2k?zN^>I_6=-W!u67m9%x@uG_YxQ-oW;&iv~3P9Ghc!3Hr&V zc3n$tKlnZfzLO#Jve7YiZ&#OwJ6YRk=Ixvd-mZnOLcvrv3$-5Mf=fS{yUis{LESX+rTPvzrFd1>Y>K|z4UF_zhRmE z9B<={-W{CH#s0+}v{G?!pJ*Ev=-4|f(AhpL(Dln9n_^X;d?XxMa&-sF5%qd2QFvc&{gyyy(-YT{Cvo z*B*N++Z)*n>wDkMrn9-H{^a*;pboYHTe*RH(f#nFuIKToeNDx?rB;1Fal{7V4g350 zyYqF;J7b*dXOzp*{mR2!-`84N+&xDdt}30sy@~z@&FC`q>{yS!X$EIJE84Q3xc!8D zlY@KV+r_DT{a--$js)|PaQtb@?x*)G>v%etx}0@T zN4Z_SEZn@9WJ@{PFQ?ads46MEVLarx87XjBw^a-|K->W}p2CevAeHe7l zd0D@CW!2vouVu-qe8u^t+MoVnxa|?GH+{V`>-yQO>!-P1iZ7_TLcLE!x!PMRS zFGk+xCMm>DSTJIoUPOg^~E5dY*Lg;>BYkbYma{zNI^V(ig4k&&r^+?)zb1_x0{^ z+dL7Q18>PMzY|~K3jC!xR%&T&uvg#fch#)?CAgBWZ+d8OZ!NYU%9(oRNyQ83H87A~ z1B2-`FpORUBj`0S691(b|D_E7Wi0;7gdBQk45imV5j`{phvT84p7U@{4-NWcETf0U zb8ZifCy+&*UH>sOdV=?VvYu1vlo&9M68yjz1V-yZ&XUfCcRjFc3MsS=Bz22j1U z&K`B#VfU2Pdu28tr-k^Wsz1Hi%55*_KfOrW8;&n;sN+=CH&R|zdZ=QH4L)(%};Gs!=MxRA=(GO-B)z9 z`8x4i8T>XDewzTlO@!aNp~*YM%I^{*e@G6ct$?#$1vbBx!EbE^CyamE{Dut2>c9ng zh*jiiJ8t;T*^|}OBDwbDxp(`vC$bM?`l4r+ebByU4SXekN&A|0$9=coLX8SK+U_s1 z6?-8a{V4R@3Qul5(O;79ypQi4-F>KvJw@pm@s`nHz#{(d&sTC`c))>S!7eNPt}S43 zdyd5A!>Q-U1}CS#8JIR;lly_`-~JOYW#kCXpl`y(MOpcS)9jnjeJouAVdvNL?ELyy zlwT;w%rC&F>i3&~M?2ur&h`Rw3I%~=4}9xKMhcLTfyhXxkeotcVAJQUC*#g3F>VhqKdo$52bXl9_5Pp_V-hc3!Xxc+vgUM(>3aA(_$!1My1??H#sx0}5I z(+lGf;?ZnaFY~~vaTUw{l6=VzFG1%lVcqz&icb@ar8sb!&i#AVq1a^WrF@6ZilLkA z_t8;fi(jkr1}*$%%bPC}MOVd;;~PHuuz44@-aC%)p`L}_wN5|HwZ4#NuXQ=^)fPMr zEQ$Qjw8C)E5`TaFn(m#ZtIpy(CeXr)}-J-YjOwuy{7T5=L-1KLa(4Z4pn`c z{muueVby-%T4dqDVCqM_@6gd(t51w$?KQ@0=;cySnVPQgoSYAJ7}Qzt&eN6fjK;%% zi>{>K<7teiF?Ivf!YiOP_^BfXlMHFSuJ52Y-leZ_xt?BG@fvDm3_k6=gzh(f#B9s- zuzi3$i`MH?j({;sn8Q1U_~DPAIokaESjEzIOt||}Du;7B0oAe1>EgqW0ptt-TLpRZ!>sipJr|0Z#L3|nudPnaBU-xk423>Bw==2TT z?8jc%{b$3^BZtl0vmSgl^ZaSxGkc9svc{ge^SAZXUBLef`9E@7Pr^z)Urzi@e`S+H zpto9?&~qJEyNhkV1UrNqA4PEbc%y^OjQDp4gq(|9Bg#RO&rr4e(PP`~SR?;#Be;y#gCK&F&8k z9w*1(%^0@SrSoG?K<67|e@}1it{xNa4%0_Y{-4ea1TME4t53Yb-b}#OH-fLjz z5QafJ+XfXtN9(C&VfVUdnT?6iBz`IF!cR$~;_nj(Y4ddyz zb_xB~ZiVNpBAe%ODs7(Yq!z@*+gF9RYoUk9w+#;az(EerSHb($@N5ImCm7cc9>o8- z;#;n@PyYtv%tL?F5>x4nmvYrH)+~J)BOWTJZb#=FL|e0l$;ci!I2X7V0C%sO z=VM-PFCodC{8-7HWX0`;{uJ{H@2=d)uXg#>%a;YryZ;K${HniX-$}O5#o>{6k$(>k zwGYnzWvT#J+$n{4)=(Rb@J9JJIPW7%0+m`Fu0mP#(Hu_#Gyg2v< zJ-%-*qR!>T-1PM--gWyT{=E6UoZofLyK~KTk#+kj&S}2LyK~L;P=4on&qcvE_SN%V zT+Tu6amz-rUe_KTMP z_`~KF8Uc6W%pjZR^fj z^p0q~MK~_Nehswf5rB?3gV^Eh{7)7;ymveuJ6QZP@q^#4&nco_?>&EJeNI$93;v3H zp`g>Bj6BAxZr{~L^r^X~KYBfD&xJo5kGu?s$v52^S;HEa3i zGxJ*c6YYC;PC%zKw|thlevDJaj3DtqFiPZtO=H|d1>`UFrzEoRv;H|yY0o9U8@8~S@ zL%eHfl&79lcFfd4zzp;NeU#iCu~`gxE7iUL zdPU=zSh@l^l>C9)7UgL12bB|5{wAZ&&z;lDi^JeY>hr#tm&Iqpf~h;Q>$}<<{walj z+A{g4#k`mKFTw|@rIT%3d|Rs7)u-%fJcDm|<@}lGb0HI$TeO*Ib*?`}#*mMDX;ELI^WxslLEBnpxBX)4Z zI+sV6Gk+`do8O~(VPLU!g3Y6=tN2bZQ~-koUt7^KQ!gz1{f_xVqd42gK2u@_yamtN zbuY!;jm)pT_~p+0CXQjh`US=h@txO}Z()A(drN+}jo+oqk&o3?T$eKM80fsG{(^89 zyl~aUypMoAw=U@21#S1S)|Jj2_w!7lFF#!1vr=t*$KLicyxQcfi)DI2oY=q=TwL>S&Re9oE2JTwrx;^XQ`W@;ddU^(I>p`w|5l`6f zhRX>*v+4cj=eXAUBFy14V{#RwFM{AkncppUkHY}v*9D&H(JO0M(c)d z>sbpt`1yK|O02;j{=VShx=Qa=84FF(8S$|vfyX)pJSBa=!*_xw0z9rQ7C&7DKW*k5 zUx@zIiDKq1gP)33N7WBM?dqSOmck3A(R|Lc+H^4T#PxTX6M1Bx@GrvolE<;?M?Wd7 zGfvTw=#UZ0&lYzt!*6r@DN24q$Y-cNFFc>|)LRkxHD_W=;jxYIZ!N!DEqU}0_RPoi z?aXI%TAQuYq)%#dKWu*2sf}^%kIqvZAg=fJUs;Ww*{+_4;9-~IL3s4sx1G4aIS&y2 zXS)x0h7EP})>X_CEkNH5MBfcYCo-PS2Mo;#rrt|%zAk5IcPakIdu3L5cn&=7=rp(f z{v`uX`aG53d6m9nE-Y_jL(JM5?6YfM_rRicj&bH!4?;8NW_wN_=X~5b|HyCde76vP zd;6bizHhMpT5N?Me?|M#;+J{ELZ#mv8djbE3!IO!ZH9fu;4iaa$a7#wx-gXa%(~}! z*1g|Zw`ie%p8%d$OJ5{c0z4bD;2EC3KebD?N z{l_E+eev02&YHY@rhYAk<_^AN_@XY&v->Bx_}*stt+@BBgyDbqt;NZO7#OQ zk9e)gfkFIa<_$Ug?cp_@yYtfbKp*_Jop+B2pS$3>d~m4qafQTC+9#LaCV$QDBP*YR z9@MT3IAn4vzYje9hYPQRr&9cV7f(9J=7o0_d(PSPzmEK8kp93vV9fzm z?Dvy#=98SrzfoRHe|zcM0qq-!mBbJ7ljIvk;StlH0v}v;7K#n*csVzsePijxQeqzI z5!15?*{ow9z=h6`FGa)YStQ;dU)YAesk&n=b*<=$!U7mI?Dr7Ha$Mh zIZ;2J2|cpUbBSLsLtm9R`pO3ma}4kJBXeB1+HC$U^S~usz3ITB-dA4zywRhl4)U9q zAO2kWU^F)BO!UDIW`5B8?)v`q!6SX(^}kvl{L%xD@VU}~;Y{?wD*BL|AYX;HKB%RS zMlP{M9yFC+SV_(I$`j6D=eDo%oWbs3zqzr*3O63FUOW1%+$Q;SFF9wh_1kF9U{B+` z>`wIbCi>fjvd&WPSPi*}Q|a%^pqF%j;-;ZI z+vvenwoC;2pxsYgo^*87(ht)*>KTvx+WtbO{&xKZ$wCSG!^ozi!{>Y85X~-h=I-?u z939@DzwnaLhnfD#YVym{V=d@J`3%Npp|d-PyYS7-dEgMe4%oNt?dj79T;@B=?&%}F zse8+vz8-bZ$L_h~@3ZGlp6R*c@9wMTj=jH>6Z!E#;uz0*v+@3>??hd+$Hn_*+m=<5 z$8l}LUPl*r^+6H5_3_|L{13sNv7ck?L)5{6#d=FkzlSsqdcSjU;HA^ib!k}_owhr$ z#$EUvI_>t@u0$X3{WR(#+a|icrPeaSL%aU`#aYH5&XRxp;UK=Sd?6Dv z0LMJ*=+p9rmjHtg7?igyK_}hUS$Z}j?Kedv$viZAddccDYX z4}wE6!#szc`Cd9!+xU?#DdwJo+_UVi+N0(C-${LGklGaS!28T8UGy%Wv42YImTdX` z2M;dY_*MN%GyHoGPK9r;K0FiuY*-d9pY^~cT;Acpawh)SEm`z*<>uby>AFYlp%}Tr zPe>p)^Z2ZyeyDia`%d2AMA^8`gBS04|M4b%O7qVs_VLa-$v9v1jPs6zJ1_pS^@9t) z_EaRt^PzJTnU4W?4Rz$IN2;dom%dm>%lKbDB&R8#|EgPP<-hD`B`_*JvFq-1)+jHM zyMld5#S@HC`%%GU=?0A#rT>AEyFT>8U=Qs5>4!6dpPK(q3V#dqH1IPAY5QA!#OJ;Ko#q2h z?|cX8#a-;=3?xIF&Tzg}Mt;)$H>J-Th;PjtPQ2aIlcPSZt3$hngq7!z?`QhRp>zL0 zExPw!uYIZW;J>eamc9KB|5`p(y5He+Xto7gc(ax6ces_cvk#fke@}H|v3`0U?j&xu z=$+C@&U`atJ#1tn-Sbd;INBdAm2Myxp}Mm=&d9{TKe?Ih-kyi0txnHF_Ek*n&a40{Y91A=(>?ehIW-jXmSEuTKNUn8zsCEjuR@pgU$w#$3NPKe{>LDcj2f7j@|k6TG76{-rY3i3w^>t z4tjgWo;>%T1#YTjOQ7NF%wNQH4(lb(4EveO2fs-V&zByaYVQl$Jn{MP0QjL}GBo5_ z<%LAgID2-TZw3S9oK4PE&5UYfnAhFkTtM#I$Nu{}tUo8Hd3}*5nYWv3?V*=LGv(7) zeTsT5_Vcty1U&-F&z>@==hx7O|DDVO4O1(SZT9xJYj6KHp5Fq!#$04QwFUV10RKMd z^>YusRBz|fi~5z-RnQCDk;;KyX5X1{=PMuYz^lEkh04`C^jZj>L@WBpvR*5)0=Rph zCC-krx2iow<@~llH(;3L!m<@y_HbtO5`0jXZbzsGa_L6B+o3Ax_Md@g{z>3*@l+0; zHaYa&3{28ZqVIEk&{w&G@Wbc})+9O$?~-*xYt|}SCx0Cb?1k13L+j1Z+MUNex3dLW zYrlDup>=*F0F3elG?sg>biU|$)mhLE8s4l=U>sx7cMP1J<-u7iICE+E=a9K`fk*r3 zy)xHJ!<>iT(aAoi?H45V#8jZGcn$%ChOD7|T zlU=>cd$Xa@IEO|Vw1Hj;?(4dNx;)0wewpM{e$?j*KWx?+2i3VYK(_?S<7g>{j6a|1JK1>9`%wT>eoypRj7UeCG>#_w(e3y>O28lzLE?Q_r;XUhDRHdQfVdo*sHn z@L%`j!6Wk3UKnaU703T|eI@y86z%ld+w)GvFZiF8w!cPvaB6>T1?zYC#oTXd8u6>; zvz24}1&91K`Hu409N!Utyd?ZCwY9Fi!y~VHe70AO@94mS&$c?-XHyPf8or2p5Hlw_ zJ!D{Uu7RP9do=&US$^Cm?0hFac?Ui@bX%={e)4IWH{r|456A!R_2+;=^;caz!N3^$ zA9?(_)!F`>V9GT%UUo)4ZEoa?1}0tG?@fyH`B9-0W3}1)?>#+v+sdg8Y_$r*svXI)-kdJlSwd|kzA?N;pu?3ptgQq>vY!9{z z-`<=TmTuW(@I?K&c=cG_wjO6*@832aj1Ai^8+NEN&8x9$D`4sjiAO&^=EUIDLB0#7 zu6J@EZhXBhYrkFl!ad|J6mx3ru?8#rAGy{;QR@F*{W$A0P|_fQYHk9x>_-%3;GmYi$XLn?;Gr!aA}#`9j= z{rc5AJU?>##YdZ~8EXOOrKE?{3t|@UsGWb2^;!*oD~D9KfcI05Cw^hgieciwrXKH! zi8jva!I{q32xp>~aONAG#u@9Qp6WBI*-ljv>nk_9dyIACRZDs2+!$+;aJid452`~d zCO5FO9Q;adnTLFt)6c{9&w56RZu~}0EQkC??O^-){|Z`E^+gMGccL0vAg8CKMfI7{ z;%sP<7-{d>>Ac-?Xt0w!+PIN+uZm9pw{|={D7SrKiJhNsB|rZ#x%x&vH-J;0-Xj4n zOU{5V8{y069lkVt3m-PXm(qV;zU-lvL3v5>WfVUufj=cbyBdC606#7V-YxKBBmB4l zeth0qZun6>B^58ZvLv1qKYFj-eH7`~S1z(~P_6T9=m@WG-m43$9bPDQcp+hhC&MT8 z|AoA;ll7k0`lt$ix z^6hK9-QuHtRAI3 zz^!*Et4Dhb8%lA~LsmX}k@9`e1s&+hM)bi3>~aad(#_aq`4fwBu_3urChfx>&%++y z%=J~dQzq;86}~BxI*=_JZpGxh1B-Zj&xQ}0HLk{t!<*Vm#C{LgTDp+)UFi1Rsb+n*8(cp}Oiqlp+IwbY7da^L|8tJtm!$TAS`YkRPrX)y?NjyY0q45QKPIAg zPpBTN0zQuj{>AgAD8?=$#vbp1X|Ds*i@+rR(yn2n-iz8b)90=E%;5Z~180c(+H{Uq zIbbXDrG+U&SH&L-z(XVXym{agU+8t|PT>n&2VTZkv1<`?B40y}yu6@&f`3e<`Cuvc zy8c*peNLu72L18J?v_pT_+!|}-kw`!z!HM?>}k_yYRaTKhxYVE3ba{MCfAf$hX=tU z3HV03cBq#Yj(_$Y@Y_od=eq^yqvgN9>y3rTNICn*50~Ud7Vx(PeTt#UK%M~)^e6e& zjz->t*2sCCQpbjAkGa$6t>x=V(OcjrB{)=z>&l04a)Spa|HtF&$>nqLGb^ipsW1Fo z4u0y%eYyVXC{Ir^FMbx}Wa1~`13#m!!+#5YBrm$x@3XGdX9Ku%adxhQGucn!FoT~R zeAV|9O!_1^)H8>(@N$+1FF$ke;^M>RmvlXh_72?I9_6HT)<(7@4_?hjPFA2NYVbFZ z%^OFSw7gzNujGToo8*08%ST>``(DdKo;&?{?XA>*wNe|foS4RqRXC&l%p&-UH5*%( zG;xy^vHKe3Mc$^SA&%UsA18iCVEOsMHLVxXqwZM6HHfN_+s0Wt*?!58o^Rzo z;klK5pRL^2TA0_=I4G}OvDN|nfd$Y;H68Br2ap53|G_(k?tO_~2#rDCYq~$m?{4n_ zgX0EU*NSJo*Jg~nN{&jFWdo%9bI~cPm(@D8-UX~RiqRFU(GmFOtV4c$8MVjfdv%C2 zhjco~qc&cMo`pg*XMy|-;YE8^pt6CV>7j(vuzP%J(e6ecg6iafg`Z>X` zzejk!AMW{nD1T?`+rRMe%H7CNul&$+?c>4ee&aEGoF3wyo}T<|an8BNfaPNNV;B5k z&Q#$KYyOtU;0NN%7(Ai5HuD~?Q2m7PLS)VS-7+C8ooS!X^+kd@+kE4B;d#{02X6YX zxs93=orQ@JpGL9o)%+gf_XYfZ?sdEy65gmF|KfwEOdcG4{l?wIQqudf&-hqN!Cwqo zEd{?ZaO>t=`2I@me=G&(x!`x1avWS2cya9X0@qp$FP!GJSN@V8rseOke)RQtmpxRXHZKSlk@rb0Qr%9b3bg} zY*|l@=DTw4Y2_Z-JB_!6G4?>O7Z}6*&3MoAH)CzLesCFQ(0Sh;IFn9zg>gE#W{mBv z{MMlQOK2v2pxm8w>?7AgGwv15Hex#r&3OK1Xx8HN|MKG5ttnBiO8UC~Hh7lzVaU(X zccQWGQ9R+jH#DezjpC|K{I!WZBR;5y53+e+9z3uN`pY&gH90Qjw|tQmswr{h>=V%Z zRu9crdT8#-Q<0IUbUj0cedfHmbjd8}9h5wwOH`+iZ;*O{+T$&U?p?d(y*+Dp4qDM& zi5?q+{b3RxO~I9R^qIMix-;r__SID547T|v|85Z(z0Od$#QDvTCMzc(PKLP zZ6$Ix4V-#qO?a*b|MLANX5cnU*ZLhlw}9sdif5?*^Wbv32bUKATztO78oc$|>(vsQ+%Hl9)qt_q8@?lW5h$10sP}7;=eSFPYy>sWWUSny${l|91jHp(KCccJS=#W zulaMp^Xh5Ba|`;>d!8&88CL!JLgZd@BK~iLj}}7X4OZTg4tfz);j>S}M{mTQsefxL zwhb9g`)h4kzKC<}>OS`jw`jP<3+G_;1-+eq3+`O{9mt}eANX>C?_ppF0oQ2YB933e z{3p;XorfhKjojP=oVE_}@DjOR!O`f#L7q3}%zwDSKCgQVxy<((GSBO(mrBQ0{Jcl` zB(~T42Gm0C&%jg4!t?n z4JOC>YF3Vw93(kbe!GU+C)qyz?LHg5gSFksTJJcGT+W?mmdiQ+{Hz=+al~T!$^2KX zZ+KtpTf+KoaWLLBlzP#6V&d#o1jE*2zHG}sOJ9)>O$@lKr zb)NPv0$und<{DbHp$oh4McjRjJ?O`->R@US_a~uE7r)DoRg7-ujGg`f+_UdvdP`u} z>{^w)h;*u+O@tV85&uKfTab&~%ewZHi!Acpy(393vWHycSl|677rB3ty)KtO_3ksR z%X>|KMEnEw;V6jAFF)EG=6B`4ck|xP82qSrzs2Dj)pRB1+WGHVc>fgn@9l2>dm8es z{P#wBbZb4!@1e)}FmyEdQ$NHwYl_cd>>ExpcGiBxMtU}w=Vv?5D=&%dZ$OWn32bg| zz7~BW8{%i}UjaV!((4Up+48u1EHzhdo?bmhfm^=*Zr;sf>hHh}y0p8NxJ30OTUqZ? z;>-K_+{b;YL09hMQ;e;>g#DAPR0Vce);BVQTiyJGy}Y#Y~skJUL6Uc<(8zvuB099!3c@1`?a3p{7NE&jRo zZ`Jv-&*}3Eu6^D~?ehd;SoAqQp56OnAA9BGHE)!Co(@i@97hkSwiOcA}7Zb8?w|7v1}15RG%psD-IkKF%}bZZfLnE{a((4nIlZ!BZw^4tQR zD|eo=_vY10PW6I$k#CvjR6my+Y1R2_@@nYrOUi+N4DgS2;1@0zfJ?!ycaRI_F%HaQ z9GDw{xdE8nIm?(+`p3lo%u^0rY1!x-*YNzS&bjT?rM2V3pM`G+@XpHa#fzuhQd)$s zKOmy_oIC(L#XdV%d=Yb0_;PM#+T`I5e2%BFb~-J+b)JFH1Lm>4kSqAU86FUi%peaO{i{rTVc6dw;B z*;{YYGue8kyl~gwbn+>lY8~j*mGG(fS@jgH=uc$F)B(59GhekF^_2YTy(4^bN<*>UgBt^+nTCBU%{yP+CH7mlw2 z$L@3;@M=#@Nd_F~;@(~q^Bg!v0Y{b5#a851=9j%Ob->JXLLD&nL;D>z|Im|i9d@S} zdyKs?wV|vxj{WGI9DIg4;Gej4BlwQ^q;{Vpt=}h^(L5%m_Ca2i&oZjbFPi~*u@_Tr%vCo>E z%XgjF$>r$Ep1K@LIjAM5KPTKle5~AE2l`3zaR>KwFh&{tA-ent8(FLK?)TXH7Q3-c zB}ePlM7ifr=<=XnIj)Ldd1H-hCS~@Z$gmTvX@R?@f#4C_p#2Zo0r#J~K7h=K*D4F3 z0q~AuEmK)v4Qq+FSz+)P?nbuBcRkrb?RsPV5cU~z&DlKmGN>uhbNXbh(8z*D7Cc%D zjmqFr>6KB8akWby#+0r$YjXZBb7&))3z{AZz+5W z)qGKVlhWC>1pbEfn#*s8{*iq(`~l?1#C|S6EB?F#SQkLzkX_9`4_mVj9$1DS+3AsG`z%6! zWY|A_VDhGtY4uf?|ERTeaj)`FWg3g$?6@X3QjC5!d!4{&YKn{bq^8)_VGDs3*)sJ_ zOObnQtDQ?FAM_+}y7#$jlm4rQkNuoyw9FZniD8|Gc7Gqmc*__s&V0df_IMrqy)3Bu zFe|dbtUWhEz04uY$_6i$;3T(%&$6mOZiz2Y2Fw}Pw-{&CF1v2; zP6MCtM?L~S`3?GaD!#p#e4h9v1P?dh-+E=k=6~a(8hd@!6yu{B8}91JO1>-h`ku;3 zp%WyRU!vb&R60U>g}ju`pk07&kv=(GZNGnZ)n$^=^!sOhz!59Ommo$GtenMcj$I25 z`QD`&a%k{Y!CGa{Mzcnj2Ne(hg|k-oe#Latk=++Aww{^>Ev7@0t4g5bMfh-5e$z^; zpnc_pqfaXzJhP-SPl=f_v~7^PW?L%px+C3uUePf zr5Yit`xff1wk$50lFK{3wGW#+936@bB(ViHJ<|LAKW~PQ;b-ZkX=htcNe{hHh8{wn z89h|ow;uWi=WtJ|hZwW+4D?X+Pg(v0{H6K>!6rSFM{R1h9=g?|hpqvhljz7o;M4rxtBcUV&C4uRLsGWgKdMb3H@4|j2Ywk|pj zziF?b12~N?;@Q4*k@{^e_v#|9!@%nDsr>W>@Z>^xvxR-fdGM<06c(a8y1?gN%c3T| zfLF^AAHlQR_S#?DV;{f+qgf>FIZ%Ne7VXXPI#_R+KQ z4}`DEtY^LB>|H!=ipELOOCr~I^y%r~^D6K;lQk9ka+`J%NA712bT;Fyqz{F3EwRL; z(cDwcy*t_K)jQ;kzTkQv*Q#Mq{$w7pZjk$oK7l@?(e35vc2_r*KxYFdI$ic*L>8Rd zqwMJ^*tYONYMF?OO6%FHCfB0eZ5)~e!NFI(zu}*#ha|PhtF6NG!=1ZTf4E;z{s8{@we!F6>CJ^GR|F2V_iHq zT=Mew+#ki}c;U}pPj-B8lS7NxKy<|5VCo0`#RtfQcfV_+;wW;F+Urv+6eHiX6kOJ- zXSt^yS+vR-9W?enNbFKY{k8J3;${4x?QTEm&8)wg-$Esy3D0wArSqKTe!lx6YpYj% zA-xly=4`iekyrjrN5(}mk)beO{%#TTqu7fo|3%`qGM!7 zr1ux`dolVZ&YssMw|5ErG!K5)J?NR#eEwEk#W**LhLZ8${(axQOL}SS#825YPQ2ss z)u6F=y^39>3!>`n%DNPbS)PBceBP23AG-KxpkHUm8e;IVoBV;L)<3qjLG z&~yp5UpSEeZ1h8ZWDm6^ar)aGB7cy;b`^hn=_AEC{_a+wIXw-uR-(9(E%P+Ka%D{d^ULFitnb34>}M1Ki}T}=+$}XN^_=MF|c4%e{JcyBh)ZRf7U4n zwVB$4x`J&z)%bbn!^Yt7@G^9aYLquJe-vNiPtv8xqSm1KFa1iY8GXDx#J%&mH_C6) z6W`=M^EY%?9gb~l(mdzA&d@{9Uo_qIcBU>8FJV)Ab5bt<%rf;V>3phkraD8avk&GR zFSNK1ow5|%O6Nq&6`PL_UnacD9)U|=mW^oxSHhoh3FXR>b`Kis1F>Ye>3HiI!AB) zWdhz%y@Bf5qu@D?PpZ6u)?Ukc&Qx|1&}V`ATOmUWkRkQD(s`7fgBrVEkuQf#Dc@4V z^?a@`2Pb-;f%K;*hqh;6{;)Ek}Qq4xrp`T(8 z@xPH}WZN&9MJ8OlE&{JH_**rr;^_(Sc3*NUnE&q|)AIUT;57QT!EfGoc7Phf_Zspt z-gg#z78swlQl0Ja(_Yr!1~2U-Z?&^Wae<>d@7W>zhSxIodPjdgYr~uH-(zAPqd%WU zX1;v1dENl)DdF{y)>@Y9*kYe;iywq%2U5Srr*KivJh7eRpYbWmzY3jIYs=kLRtH?K9H{KmI7=Z{XR@e6rpg#`L4hV~N~w2kYo$9bK%WgdCt3 zF2U->iT5|HY061>*xhfw*25Eu8NB|$T^?R`{Q;Ms$CJPC^0Vxu#xDArv$%j-Drz=p8XN7*W_@mxThXkNPp>`L41d;d$kcAyA0ek zfE#_^OD88Ep*m>UvuHK@t{SHX9EPCBBGxqrT|YON`myq<=tNh3n!o>kv(BAul>dqz z*!tJ9iNFpIsCU7m|J$*Vy2eIsFuyadu9KRMA z+g%VcRS(L#BA_9gLT3`+GolKKV7U_y}Og(?nT4L1rf_< z+t4UDlr0l4%eIS`k=+2-lejj#9EX>U&B2F`L-%U#4{^VIQr%z8{ajDt+T5Su{yJ>b zV@|ASaMfnpB>771;J$_2M3k|#Kd{%nep-0+-m5(W(MUX-0IzxnOy_LY1I$UDrRKrb zCC=FW;aYgU>Lhr6)PrMVPuhIOo{Z=0^T&gS_Qq$4CU9B@ZX3YyO7udAm;@amyL-U! zTyEr`;W@q2y@(iSK;%XEKMGws8;CK4`<0xHgBO)c>YPK4&Gg%<;OqqJMyWs77UUNHR5Jztg01&2nLAe;Z9 z-^C}=0sQ`Dez#%yLN6@kz*0*sM-1MQ>_ox+H*exO^rPr#-q8U~ZsR-oA0fpIb;>&< zkNhoplq^aP#b@^Wp@r#G`Oq1^v$i^Zhfc4{F6$oXGPw)9ZgG4iuP&F4H*y62#hcm-)&9(; z-ggk%v1Na{MtGOLx#Sc$?>j${u78U{$EETgMp~&6?~~siiSB@hUH{L(++dv;b20b8 zthtj}`c3v@yvd)Y^NB948ljbVGv}{NE_1cc3gI7`n33G&>MG*zU^G?6_(7G7LmXu0C}j@h!O53eS@}{sE{!pV z&HMJch38ife$d?B$NKE^5NUj>fADI(&jNh5kiUKo+^Pqp8@K(8+A8HmmFw#Z$A4-_ z_wV$|n_zeX7<%`f2g5harT0|~&EefLo1K2;o_^r_`hd46E1wC!n)egRPAEsDo(`2x zKGVcq=uYX=yS~9$FP-ZEcKI?1cvbs&8#q_D8~dwwfX(NB4SNMKbcbX>>(jcuxODkh z>$%6Xp5J(2wfN`eL$;ZGTKfEsc|QsD40*t90k3qg^re}@-*;|6x=Qoac;?ISfm|Gx z+3%@2+535Hc+&jrzJEe^6g(k(<60LUCy(o{+2~H-_(B#O2i*C|o9g{QCwu?IDd!)4 z>iIAJPtTvp@7u9MK4<-<_#P$h`aOC>`0qJj^Kb9_Asn79J<0oGUdqa+8u^0$;!W*E z3Fq?3>)ko~!a4Rz^Y3%!CvG--K9V1u`8M+7;J(t+r@JqGX2X-okLvfIz_!Q-7Cd`O zY~SltJn6=j&-4M8n`iFr_wVrLsrvnA_wN7Q$#UNZR1)CaHjA#Yt3k9_X^_?GH-?v+2EXI<*=@2+RnDf|P@26pf6!$0`O*WYip zbQZi1|DX~bJ_>!afd9Sz0`fbb|7YSa+~!$pcK>!4e%n4~(qsE4^cQaM%=h2vFI=7l z$N%5{!qETp{F(aZbp3^QlmET`!W+)~|I_@1$NPZG)nRAqFPyIa>L6x5fF4oYI{qwT zS9}IHN21)uC)HoyI>}mG-{Fk(S0DaEfA&Osol*3oe0Fy|r|UchXdPX1e#f6;;cQtecfd_#XRgE#(_9hdL+c30o_Tm1pNaqv=) z-{zh_mw##Vd#1m!8hfoCseSnz+AkN6D8_Jc?B)fHy*>@UBZ)sH*mw2=yUr`Ryx#l% zBFF!z^w{aX&Vv-0z0yp3r}tAPt67h5?D6>}!v`H1zPdDXJ#Kz7_zC=w1I(fItvrqO zNtO?wLr(X7SubV1Z%%xqc>4e5(E}F#QQSG|8qQY{cg=sfs!4fM^NFuvKILcdebwKDv?{N`iK zYJT_YJMK5%Q&VC1p&{*u3MW+#PWn54w93#gZ6C?s>g)sO7W_?qU@8Mn)%u61?Nt4S z^1ajeZ?1u*4ER*9Ypw+kuvPKD((*O=fa&YtDI2a{xdOfmvuGxL<@Il8^?`pEM&@jP zHn)DwF<Tl|soq8hB#2)qe+j@Sf zJaZv`7j5gAqkGct_}2bOPmkXHt?vi&$@}D&=>Bu~o;~iZ`u;+`AGxh3Vb=o`m-zoZ zTAdfZiyp`N+gvx~hhuzqNA`E*L%*K!9sB#-8&3vPkNG{%C-V57d^clk@qVvy`Ryy- zG0Jl6F}Q!db8l4l@%;_lr+oyI`z9XCfDc$^^Sk!Yg47KcbH1~iyiV^uI)5(M7-zY6 zT)zK;cU*Ky?=za0aj(?4=nOM1eJnD@4Y5C^aT(_}@3?$F);sRl6USwr;34Jp&A8WO zjqA)EXPm$Gjte|Pz2loZ4t{~R+B+`aALH6`@k{)hJ?^{zkGXe& zuc|or{@30+_XHB;j#LuDT~HCLq(;O?f?A$|M$)3lh4{~ zX4cF+&pfwz=9wAtO-!xu``fhsZgcTVJrn%(lFs^8SG~;f)9d{&)r$@?{aqjEj$aQC z)HBduFL-#xUoUbwz21GQ7a48pP4BN)FZ~U;_3C>=Yt;R84{1;IkoL14(zf@I_Mn>< zZ%6NmUZDFVX9MZokt5mN);J`)4>onlkoQhh`r+CWlCcr#7<7Q}QaU$$Eb{xxgOa7@eHZWX z3lD~nq2~Rp@?(*g$`48>nRn@gW0xKbAv3$JGn~X;5xg6H@Otyzz3KX(hx6%zE3D|z zZC3OMaGbg(eC+%+*0Ev1VEbb_x0CcyV-6BU_;h*(O?VGV62LS!R6> zzG=ixQB0;{S{g6GrwVSgo?waYIV*A;xJ_0Dq7m*mT)n8krK7Zl0+=thnrQvg| z(XURZb?(gA9M*ltGhXWZO7`fL5GP!`bk4!_vp;+L zV0p!bMfO4ndL6<4Dl4=<5#qd6E4U8(V85|pM9cgxg_dQfjo@G9I?KpDaBQ6YrLL`z z;n+C)Bh;g^8PNF%(y)v6m-1V2!z1|j>QTCAU-pn`i{J7QYmchRR8vo-%D@kbk+ZDe z{$hUb3ORBAp8x1hvli_ekLjYpt})?!gH+9QV*kSazJfC8Z6p zQLMp4#%Ky_>Kbe8Rh`Xyukfsxs7mT+3A4+Q7Do$)@tthv-E*cLA|(>2!Qg zvP&L5=^J~`UOc+Tjb|C!J)R|gGdR3K{O`Ac{5DgUU8OcnyXXZrO?25nrRYu4&Q4FG zuM^VKZqT?`u`2d5`0Eo~vOgB~kUrF32kpq-Q5|1*%f@+E`=?M&F?T1}K+30l9{HU% z5VES9t-|+Sy;IZbJh)}(D|)DxdW45TUcGKx+(FsZU%w6H=D(nNJsT*!zx30?L(pF@>CgJ>_1i#hy*pJe zx*{xH@Inv$rLV%nTf}S`I&$&wpugTz9Ua-3&o@6&y`BxUAJsT*!zx30?!!Ea8kM=b--{;$O`u(<>7QY#}!S@Mh{TFoE)shhn`(!I=Ws*&*($oO*PaXiT$82Wtvape1R!U<`7Tc|iu zXi0I`de7H8G+@4+J2EQSZu+Hs+R$F)3u#AX8+q@LzK~A$%`v@iE4**%ujYf3`A&L1 z2`yEi8&q%84#_!3*Xr)idTaQ)2Q6aF&{<7Cm);AmQygPwI(n?>2{-+6U;5>w|H@6D z=}VtU`mf#etB6ga{tD_(TxF%=4bUHbI~$lq-`eL`RyB*lPk= zI~E2qpB;xTyac^Bep#M<*Rlrt?q&J*Uh?Y6n?U-P$Uk#gFZEZbxMaaqXzVCnPrv86$KKxn`Y>UwtL z(*5@ROY=J4KcL=Y)LZE0fA97N`}?=&+lPaNJN`iV?@`b9spmhI?X&+34$cb=+(BK> zewBK@Mm^s9{YziAf4sC;=ld6eF1DC3V zKBht+BcaDp(E2{^CU0AsY3DB6Yv(P?vZn?zc9b$MW1wZlT^(AQV~<<5+dduIT|izX zc@@W&ADprDclITGH=ge%@ZI)6{*HBlyl1Q6o$Dw&Vd+cu8A}W77X!IFVx(WX^acAe z>iQYq{haUK4)ogbQlQ}3R>u0BrF-qeOS9}&H|;WL;7g>})6UQN?g_s8RLnGu@zWk!|4vjo7nt6Gj^X}5f)|U^|$+!AhX@q#= z9%)2+`PcC-S-8|k8?vXFCm0{K{Mi|daVB(7j}LnkeO$!&H4ntK zUobvw-aS8dfNw?HB`;Oh2ABiLckR4SHU3m@{_|coF;rRM?bW@@x34-SoXX>y)A_%Y z|Lgg`oByhp!?o*QF0Xy;<%-$^FIU$7kp6s+zQo22u-BboZC`(GVEf&tICCn|_tB8E zUup^aRo@GB-!Bz^7`?dz-Djgq_}9GL?7?^#y|P1kjlBSzSHq#Jv*I@TbEEWRm+f(? z_E?89qCxyB6X$dG*M#UEv#Tfv;Tn;-Wia}w1b;JhK} z>hJ!;u`dkY@4?=nj|tLeO84=*oOVne`cUbYDIFNDrVgcdEXSt6_hIG`p+NMp519|* zKhQp`(#NYGkRI2b_szsnnmLN*lf;bM#OWFNww(FC+O4so|Eh19ODfJG$#)BuauyA9 z%6jY8gR88}*n*`x`%^KSe!qsZH_Myby-mDMv3nlWZpF%OE{bN1I&r?&*GHf0)9BMb zzT45+J&kYT=k6GH6k=B~cK0yW$xw76Fzn`@$#|W{6d(C=eB`$|Ho4%BSB9cbgTs!F zJicSjxX4Nk*Len;`x%=mz71SZM)uSnb(Sgg)3KcS*#jQsnz&I7@x?{=?6sz8I(Wy*KIbxJiePw^2X-kXQ)53{~T&gI>GzS;*+KBxyH6 z!$<1EsSL_=R)e`6uFagdP5f4uJ<((T z-1bYo_UV_`Kj}5oM{uG(4e`o&ee6pg>1RJL9e7ROflqz!{V9F__`kbwoPJ(~?EfX7 z)_))V-eo?Pj$id({ZSv=y?n3lq-{M(zvG(QeFDy3_4V5yFZW_vyqx_1iX-sop%mO| zzl`T6tUgAc@n0C-BwXSnsdv-FTRID21JBjF0zN*>G<+x?8;KmOXHV=_cyT4~g7p{b zJ9Qd*K@R!nU1t98>-+0z^sKX={O3t}`}w-{e^OWfzoNcQar$rWLzx5&mF(B@(&>8~ zo*1F?7U*X+{cIxN>+2f&>iMvBj!2TcdHQCX6}72D@aW&{M}q$oq~FRno#|&{AGql^ z`_rL6Fa3JqgFZU==x&<}AOFjTkAL^!!&?v5exwuDgOkXM55YqRx~603cC8I3+L5Wq zrz~s=-9uD^Pb!|IA0L8~4)z1(SVwiXtl2MBnjKwnOXOJm4e6?`br9jXu`*z6l#V&< z$-_qJhMzZFS^*ETWByK=&BwFP9YmW)A{o)-wybVvw8Tl1Kjy3WoR1`tHKpFZ@u1l^ zZu%zOMji|O_ZfXlpO2t#4Zdoeb+B~%;CN{dauZzU`EV(j>0jUQ?t8eCGp>5N?;)`X zUXfmP*E{4}H|y)t<(KF;>*cZ!ZdMs=1lbX5^&34e+hC5$F#p3o(w&5ozlPsxskbx` zbnfUexKY%9o;CHEIY|!s7@SfPzWusv;;fo7I{~OyRN&0;F*3jWL`Ktoa|4=&L z&4cHf$gg&JFCGa-U-R;yWAiOf^KFe4-A`Ver=d;oUafv?LvP5~qZ{vgK9?>3)g^N^Mn8t;jr~^R+{dx~|AO(kKydiR zXRcrc&$of6&anVD8l&%m(@uE+{>)xJ%HH6O1NccFqs3kx_)H(8d1+%b*u|-TjMTsM zF)H-Zd}DOBm*yLzOt-#I8l%Z+V|2eOmoyjDpMShwLN8xK8l+_-BJ)J_-NS`{%Ph{@LW>y;H{d#^nAU#^iDr zhkic!w%TQ!jD6$EvT0tLZ%h_@X}&Qz->vVH#^hURWAd-v^tZGA=-l~rO6Puh-5V7D zewyCsrgOSYik^^x!CT?@)`i&9C#*~if?WKFTLRROJ=9l@If=gq=_lXE| zBHlaYm(tM-$H8yn`;I;eqkH02*c;R@x&QwAPF|Qc;)}Y{2dZAaG4ih}oa)QF>Ii!{ zU4%XEmT_=;;@Z#K@_aYWnz^wFr*yY@o}r9St6YXf(*`H)%OSd!U-LQ)KS5p6Ps5ef%28WeSj0pA-u{~!-nQuNW|H+dj z-R&dUnS1`)B|jeZ;a2i|1oe8pfNA{h^aJ42Q+$Nx@6+Vl^ZWzMkrn@7(s_2KD=xzI z1L!Q+&UAczihVHUd3L6=-Y?o4LCm{m$xkQZ z`Lm%F;WxyX>ih}rS82fivQFnvJOsRZtr6??uuirOcohqyyoZ3dGaY#4^EK(f+nEl$ zig_{Vz}uM)yoz%%>A?G2>aS7#z^j-fhh|Tl0}b`j=5L@)*%!jcohBZs>%157H+!^> zHp&kxK6c}eJexhaP4{7k+IQi*l;1JId4ks~_7)yip75ynn13VwPHElzLC8MMRq+Qs zt~j~n?0qkH@7~xgpU%G(c>bVQPw)r1-}dCkY5q$W-^t$9KHnG8_|JpaIeVgO{5AH9 z-`kCURr6a9-V@=xZRaGx$+#-75#LfDrNFWU-?)5R0r|Gta!w9QrGtkOVy;R; z$9}bdd&Pe@mHRzqq!{HwE#zg+- zpbJB{adG?86K?PB0k_2Ybjyja^k5nB8R)CE8eDbJ*O8L@hMyc)pFm%i^?-w2J;r;iBVI{u1qSyg#Ktm>o6x+>DzXIiQ8SCro};Tz$y_2s={>q&bHeLmsF@~0pB zXjfAVeG(16?F$lf9GoC>(KBsCG@57Dl2t4a9jZ#hs%p% zhsnPJIEp@=R#)_u@V#FKj+wwQv7&Em;>Q(r6G@v195;VFz3ygy&jOD7KAu{4AHQb< z$CbeGRK)@!ou!3+D?Webb!uPrRJQ+=(}TW4q3kDfKae)Q}t z`>nJ3+1H(&V~?NM$G&u8k^K+suuCTu+HVz7?!0g+1z)c}YcS;p+Ao>%{q6Opd|%4* z&7>mx?aSG}Fp+Qa`34=TSl9JuS$s3teu?kiqOF37{b{2g-|*d}KK7%u_0A>S^P}&w z`EEMrtBx9cSd)mrUqqSDi7$-Z7z%-7ulZPFzjQ$oN9L zeYBNo$6l=|$hWr@6xe$TEIU~+*bem?XqWaHU|06)Z&w!fvm?EG*?W5Ru`3IT?53+! zzR-S!b@ciR^6ln+mYvyuusyQ>K>K$C^6Y5?``fDr^s;}~zpp*5UmtsQzask{VlDPk zHfykDj~YDKzHsnB`@&NP*bfcqW$zu_&%S0z&|WjB59M;~R?3b3oMlh{++e%)v?2Ds z(|XzaKG)x#KD3{`=(G&`%w+|3&cEc_7nNA{MWuu7w&A_(7fJ@$j|>mmcNF)djy!uT z`4^A2?Cm25+b@nBXumirXx}-aKY2s!8RW&rTK4|2gY6k(2HNY!3?RLiefgAp`;~vO z?8`40Y~ORiKzjr6Adi*j+n1eV*>{~YnD?N4fcF)XExTfAKD1Y0ui|;SH8pzON3-kl zud1yrnN`rB*zUJV!>PLiQ=_kvesowkb;gx<*RG#k)Ntg~aH>ymYIM@av+Ld)$h{F) zMr(_%?A!1z`uaPh|B&>*qrZQD<$bj`U)jImeQcCplKv;sk7b8b1Frf}?Ne6{Z1@1b z{V~!9cg(Jf%(}n!gDVF&JWW6JzL)p`TKbvMEO;-1~uGD*)Q;W{p=stz6GCE%^uRwemZ>OrWalLlBe{sHfQ{)~DoZ=yN|E~t@(E5Bk zvtNO2-QU}O=*xrchd(#OexxK|Klumvt`~gt!`}AWmkqXC1`n}YKNqmuw&dIIe!0L- z-qqXwIqCZ$*{|UV^1lPUShMP&gMJM& z-S<_zSMWZG`jkIob{%xkui>DZ-%9>o^832^hsn<&|7JJ8p8SaN-S-OKE#B+g_py{; z#rwqRdG=-J<=LYK<=KmVnrGipl4tM#O`d&b`C$93X+w~)0ejSs#p4C`m@U2SL-5Dg z(HZbxhJ98z!@mBh413Ms4Ewh~&9HTr!{}i_csXdFc|p*=ad*(Z>+?bT`5y=EmeYw9 zIu$uF%(BOhuV)$$kujO}=%JbRlKM>ho`1=-f44i+ejNDv z0RP@u8^C9uh9mS}?_+0g0H3_O`Ss)$PhdG zw1A!aP`+LG#R5C?N4@RG4Sn1NJVgzyv)0hgTKaw`_1{CES5xl_`dUqWtLWn$jN`i6 z8;{SfQ+>bS+h5SmyZBCS3R-37e0)*ece1Rq-;*zTPJ+!bw z&lz4)RhzjWAkQMW#z}G)y?~oo|o0l`-)Yzk}@l) zvzYQ;{qwH0%7$~d&HS%hWkKKz&JL#4cST)EKkECY>Zz=oH($?7>gHX;lk(-WyVqB7 zd}dumP9Qe_TGe}D-TZG^W%HpO^|1upmJGFG^S*7B1;FjR@9BAQ-Mk-IWfnM`dpl>y zaikpEcdD^{&zu^*^{fr9?T@`H`~R#F;b)4l*=7Gvys_ezNe_DVf2Fbi zC(R1qdd}nFvYRXV#WV*vXMFgX``DYHX3np21uk(U-?_Y=PLgaSQo=p4AaYO9(Gc5b9vxD~AzYN*$V2dCA_e^ZB zA@=@p*raC!?U#0j?3b~-4?LTRy*9+&KFYFVSEIi=OXmUp%6( zeeENC?b`8u?MEN)i|z^7*+T>NMa2Po$%6sx%z(Y+(SY5K9e2r@ee5jk-RVR7*o!y! z!8Yw<#~$fpAI0AL^7JA*e|!;kM3KGdCq>w_MfUawi|ixVg-6PV*hi;XcKZbM-;YDs z3K`f6nf77q$IGYmwu{2O?JrO5ZC5=?ocEyK_QTjA@6i8)$cf(ApoeGoZ8(em_oe?; z=$EswJzoPqvPWBIMbTG%8~RXQ?_+02!GGU|FT3w0$e>b^fl{(9bDbKi@wWe@Ov zll#7x@>RSab?eWed@J=&bn|EMK9>B6ZvJ}SOUVBP`4eehy7|m64zbVpf@Pmo5wuT- zMn(-G9{yi5?W4eR0Q<-2XW$YnduP>B{~G$dmU{1?uXj@4I{LVhaa><3J*WEK<@qk{ zzK7jWhratR`tFBWR@om+o&6h%Y0pA$_C{9sp4GeI2K3$G{=H-OdURl^M{EI=`uLBOC?+)Y!V|SzPzJv_E8-4dJ>aUvJyP*^~<|2zj)E}A^ zYN$XaR}2lss!u~sBhRYQck_|S)uXJk=PC0%I%RlXMz{JS$m&Q@Fjh0pDyu{;)}Zey z(RVdxb8jQxB&oOb?##4yX4O?>&<^@;KC-nMebirdk5d#p}>iuq_pfVBDHA_uXmR9NbBz_< zcFXW%721o-xdPYXo2}%Ii{@4=Sl|#U#ysAV#OT4zY{Yl7`IT@yNcCue;@Jvep|nFmjrn&Cf$i2{*d2RvF_(K z>s%X3=JtvHV@O(Bai8e>>1pwz=n>Mi4iaC>8ey$tD|P&ycGj{+SQ}1V*Mq;*?Ef+Q zZ-;dHO1(P;y?tLEO|>x|9Ubid@U2J4hpia$$k3?=YZecmTmo*VKqDNqJ8L-m6hipY zwU)7!v56F5TScs>%89PLyi(|92z7`?v`?J1-stefn*6uVocYd!)$2qwC zsfSDaQ?fZ96CUw-JmJHk6CdKPe;Xfs*ZTL7JzB>Kb>mH)LlV@Tbi4XRuVAezSRITW zrCe9+ud{z&cwi55zs^03;8XmkeQpWe=WCTklZ8LnIX}m;wO59i>ey`d!0J2gKR0w( z+-P3#gNE8Z_!#MoJ8>~ef#=g`{G<>k)zmH8*+ z#cwE2H6lwO^nUWuH8F;)A==Hrvvu*7$z~4${eMXNo#}5QbtQQJZ^aYvyOFdc=ca2N zl)HzbN$S%#lCy6j!?Z3_dc2%F#LDX=r<0tYa20JyCg}eNbp#cU4&3Q9mmu#7)?O=F zyFXeQ^5r}6>Q}ISU%89CJtyXwzEbB>#a!`JKcn>1OaGoPz1Ek0qc456Fa27jyYN0t zdIC5_+x>w>ajph$IS$?)LKZY?%*{GzR_v-Y+}-2D-F?)hyA0;KxYJ&SVJ_~j*4p#& za3}8efII0z^~2Eco_r_Hk8iZk<5tCvxxc^1ZzFe^Cn~;ObiU;v`PkWw*wg-a_M?^V z`jm-j@7pPJkJM|m=zT8e< z{O7Ty^YimYri|?5XX<;^vPL@my!qVdfWQYEy*ASMc@cGYOhM%{OP`upf-S|1N zJTnzvl$lCKGEhz6Br^Z{k{`$%a)v?~p0(%XC}q3o z&Don`$`yB&%QP}2%U8~co$pppX|^xlsYkfb-6xXQjr4QXyYPCQIcMNC;YG0SDm?b9 zcpW;7e4U#WfuB_-N&bSxTPJU_hE=@;FEwQyJJ-+;? zI_bTw*u|XVQ`^KiZ|KLlZ}ZW`;I#`@NA8(+q00n$MZ}qSZJ(-si(YB(_O$j^(-!-} zYQ46C`Tu-dcS-KKa5jO5)xi23uohrPt^RvQC#-YS_SMtOzPBXhowC~|%P!wbKYnLr zHf$Em$hm54lw{$uokckzJL7rD@*c)Scow|mJ?Mj1_5KLG?ZI4rl6D`W&3Y@V)@yUC zV)6fpHcM$!`!Y>CjQ3Tvqu-9)Io-%$*>8i1q0@7qc`n=8-+lJwiT(Vl>}TweBZ?Cn zH>kUO_WKggd%a6edvPlV+;gX#`ImEELoT>`uQKhthF6gHdz`qXJL%_g4usRuVas88TqX}D(~&d z=_bG9!?4Ht227mR=L9d~lPL9UDi_{D>@?CF`(nFrPS0AEs{}7KX?Xdy?5q=QO(}4IjCm5g(QR1AKJS2{>sMPDCdzPG);_0#3f};Y4&oIX|7e;l~Ga zr%pQQ0UtN^fRC>EV%L5*?Zrz(0%h9w=GP5IFF*rbGPO%DOvKjgX-}hH2TjE0?5WID z=7H0OuBv@-=&Joq&*5*vP9R9UUlRV2O(5OX3{O48`4M~Lf!DH-M{7BUsui8uir#JI zj4da|FpE9ELC)gJj@^pf(LJeVKN0ghb2nLJWm(g6E6SFmFDAfG6+@@jRd9|}1?@BU zzzz(?8u-re8FLXoJtZRQ*J-g~J{%?@E6UR2eTC19hbUI5D;{p{NX6#mMeo0r{g&wD z5_IiZ=;VO(EV7^rpU&9`Td>#sclj{Kd{z5)!`iD3UcC1t-)8^i?;E}PS5UtO9`}5HH5rq?}<>Hav&)2Hszx&V%^H0(|!;e&;XU+4xs{UT^TbfI5>rsjIP-HVY}! z&Nr&_FzN5|kBo2p0N+_QWj>@oy?J(+Cue2_IM<8!Y-q0+-{uF(=CNO^v5<7t**8$O zQt1Q9&&JnsYM`tAySKXU@br15@9ng3%KD!HeGCmp`jf=)aw@UNt1oQ#DOr(aViOx#^A8Y13QctO zWhJ(GBmR1wQ!Ia1FwFd$_eowK&`W;)S6_)v_8&_~)LwhRoxu*D2;;7jj=`&ubs4*QmlSAp_Z|*e>MZ=8y zFz9L+V>)b*^~^Ahx!DJQZq&%k70x|oemd9!9nc@nZ?OFRLEb_S^ylYZe_VP{fBu#J z_{ZP5FQW_oQ$7dYxJ%6v{UM*eFzoLeCy?ggz6-AP)N|N}Q^#I&_KR#U7Eb$j`V({} zLwpW;c@cDgA0b(#xN77sw4wbr8ow1;*w%BLeUX8=R@C5q!vLN4P!{6eu`I^F6`A(e zrQy2K$3MJdc_^!@jeEvKD_-9D$LE;zdHA13A3yaD?w5W_Wf~`0sWxQFBiv77S+%dn zbDsO#=D@DMtrUKXCr5Wr`GDB|obAkoH&j?9QN@HRMwGL)q6zx0H3atkmZ^WbN7UNc|rHXrk39ur)|YihN;t{o;bYNcs}(`@%A`7ds0T>1AQaMx@lJtQ5#_^Ivw0) zgS%|{bO;ze1a~hQ++|n2>Eh1I`>VlSc9n4VqKi9~X~8#`OwSUR?IchtNnG zE?V#dwjvLNld<$;O0IQNn6(*=?XG^%(@WXW#_ZeiH^`s7;`QS<9NSouX+5d@ZSYux zu?8Ks|!2^^>dLL#wje*mDx+ z-lPPyDOziSHg)It)boyQjQ87pM8 z=0@-M=DS8;vew|2&$W8;ZONh9hnA1e*RjDJS~)km z^eB4Cvc4@lex31hz##*kCb*6e{Zuw4Us_^wa9A8gx8bU97)Dw!B8u@iZh@Wyf?LW6~C)lE7$l~=A5H1 zz<0se6E{O|jH_&=1zuUoMG7(+mLr>+@SE0HH4h|_b&@%89Q8++9_MF?Z1n#h|Gx1JgX64NBRJ0fm()hQcca6&Q|6iZ{LirhRiE`f(yM%Z|Gm$)k;&-E z3ycK#t;^pad2}Q9+sNOrg8N=Gfh7w#w9f9(yY7;fY~Y-2?~Dz1e!l#gli&4vj;}AC zY}9?OMy{0x%srv=u$4Wz7C%XUdzx>EzIC78v=ZypdaF-#Ikx&1a9Bg%SJ8Lb@N>bT z=)usF>3=Bpr!T$l$XnN*?4%d>Jzd6ovMkU8ERtn^^7Yxnue1NKi#|L$NWeo~yzHE9 z_T0D8^U#6T_#@cWr7Nu0wAQG(bVTQ>jRqdlvoD|9HIt@?WxccvxYGaIa|I*_=-b1{(=ZiS&3x{-GV@=xn z!k^HaNh`I9@omJe*Kd4hsW|D0H+aHBoX2R++F7zy>ytsV?udez}!S%M04yTezoL<)1nKP|9#{5YaRIn z51Kme<6Gh6Wb`7Na#KTh+2p5>6+O{IsK_}Vob&wO3!Tz^{bhPEm7Ez&waf{kvjazW z560JXd60Q?Fx9pwh%FgRwMLx$=Bu5u4vk25XU5`NppjC=ugO=@6OA})=gyhktnDxs zN%*S;Ki}^D)>HBGg2oOzQrbJ(SlY*>6=%)7<4oFDJR8qA`DH)Fx1e&{yn2GMg3WH) zoQhN;Qo&rPB9%>=&i3l)_#FSI@jr|+J5_&nRCb`+UuVj2mSsnu?Md{6=){b5X-4!+ z`c_^<-zEi9M_7wWMDn`R@Kvl?iH6B*QY^^%E)09}qKQ4dx|iJ(NF{(F!81;N4ls1` z&G{9nMtJ98e3ae#K)F9|f)8d^q{>%di(g%l63yy+;qMjl^t;gq^M2CIJysoqfr-1Q zI!@)RQOcBNb;5j^f!R5Kt6O{U;@=K;Y{U=wl*5ml*TtPzTK7ntSK+J!PpU9yI4R$O zJrsQgJS8r#FuEd%eeCgZTyVk5HvyOUP<=M%qfW0d=cC45zLLHcpUi}ZRHlji#!D&; z@0OykymLd%IiaPY=*5&vk}rN;PQ8j3t=(}#2(R$VLLW67l{men4n%`(1s?BY|L zIRNASB(Y=CSuvg-4{p&}An@@oicU;>w1>2ZN%Q#q8$bMD<8btkpWo3#8%i$d6J2uq z-#4DMq&vUg&$pk%?|%It-rv0chpHl~NU?uq4cRXCyk#p*|H}ktwSB44=?wUUgq?$f}rrqz`vV*C_VW*zPc498m!|?=+PkEEK-!1pspJ0&-{`#A<(xz3o*`_$s|*scG20?`rh&B`of#lb-5**HzKUjvOc(Vvy@Z@iKiY5FyrvRibg^q;^F zdhw*|+=ePDRiPv0dv7vqJ2(O)e4`^H-qccV;hBHYrvs=7oE6s?cd{^PkjQs@a@htxa9vabHJo?ulnwP zbj<;KJWtiE?{ux_n)xbpHy7Wl;8ILOhG4^<%*5v++tL|F*|W|(YvB#ZI_7JV$&sGs zS*L!6d6w{r+-@O8FV37zG^KggD0keMXFc9I&w}oauZ1#Sr~Fes+(?#P@8U%9A_f-` zcRrlz!o|tXds$-q4{7svcx$f489W$#fQKe*?Q}epf(PBfF$X-DISx4Koa2Bu!Spl1 z2R=O9IeNo^M`@>#zcLM;G8Z1rhr7-1eRse9hfBAX`{&Jnob{xx`H#l;anbMj^oRLQ zveKCcX+EU+P98AkGwubz7{@={hF{_kzTy`2X{+&B1dT5%5h}p`m2HzBtLHpb|D5E@ zzW)1ty6JNhja4v>e*HG5r*~fV;NIqpV~LNZ54do9@cuLWIu)8)#oYaW!mkg^=$T)O zdcpzl?tP)V9QtSY_2?dF{p@1m&;9FXO*b%Ki7;Q8!j zIrJQRZ1DZh%4AKdp7`j8$g3y42zm42ZQ-5IS*NzYOnx@`tt$f27V?|P&mmuHXp&)) z`6l1u?kG3^nnK6ETS(b!pqst;Wn1ve*57i?v3mTn+Aq^gY+wDLEaR6|JrCi7-OIeF zo;&&K`Mm`{>!|U>yWGH<4D+$|#34$?HsgoFpK!!l@db2UAU5M$u1|+p+wIIln^_-W zk4#xJ-;JV;eY7p#Xh*>v?H6&zdIvCXqpsmO)@z4Ymmd4k^188s<@b&aSha6Z<__kn zaprn0%*R`i=erBAhnfFtt)?l0uZ|dP)h)m3!`$oFQn03>HI&uR#vD2OqqXaj%>7!i z2Q7F?_R;diVVRG6Rm7B-_v@_&tJ#Rq}@^PUeuYXHQ5 z#+F@!pZgNV6#qm5zBJ{x1xCZ{%b^AqfG z{L;?+q-(Ay*=l&!&4(s7)LVh*HpcWp#?jv|e>s1864@ZXvp-*JNAJG|jWaHd!2CCU zJ9D7ySgT17@B9PL6LcB!)RPaA3&;0$=M%qN_!oHICQKE zRW_G@)=t`xM`LeYd~9r=U4MBKd313gw_(iS93zi%RM+RMsANOV`xn>d@H>~it78M% z4O1pqM^`ZiZG|7z|2AaOJdL;Rgoo$m6s&F!VDn66teY>v&apE0<4+!^wW*BbQ`d!& zNpqMdR^o@e(8{ch@W0mzHgKm*gYM=E9eyj9sAje1LPy6KZd5nK>}w z{`2W|24Q0*{Lgq1-;inpU#;k*R`A*i4dmRq=vWRka0nV;J*^>oaJHcV@pv10CO7WKeoR-c5yV1J7H(QOEZ?uIk>~hTPGR*Rw%z=eIT^1iu775f8DA8XGZY5p8O*b?Pm`%%Z| z=TYx+)@0h4qmBrK&|Mh~i_l%q8{L%yJ%#bHX2y2Y?~;!?p6sbj!S?qa&V$D_Hcn&;vHTb;>yI~QywydYrH_?Q6*~oOBmx3G7-g53P-TFCe z)-{~lyVn{T-3QI@h4z^g;Gz({$^|Dr=xQGkC6<&lY0S zhGIu=e;=ETm0kkbk`-YTrzgoimV~GmxF_$j)m6c@5KjvUA)7E833CtTOWR5+gt7^jh2gDEMp! z_Cv_e7HGBYJnU?EBcb?<(LVVHZ_KPh_95pb-?nomfZ`#tu0&dP0= z(`!xpMcA8j0y*v5kiT*GyWPsGt?IR=L1)-)3gov}|DyJRR^|!(!#|wY#2lg3vTEDl z>0yEF_AtElrsg#Cr!kZhi@_`6N5L&P)z+Kv?C4(ZT%#&%=0geQ6D`a;F8pZCy1mrb z3e9Prw2QvV=9aC!(N|YT68(g((wczZ_SgKvk%z%pB!aG@Oe1XudBQ=FL}(OmcB);thd8viZ-SPn(0dW#YiAn6tNuU2^1hUM!(FCcb&qJi|K= zn5WhXvtzI5x0(BSHU{eyc_)`G-nyq`%v--bxg3{G(dNdH`TZqFL(YEJL!)I=be+fA zd>iuRW^i-^5w30&dM*MC%I>u z_c$~%fj%jgBZ=(c?oP!}rn+R0{5PT4Ys=E)58pNR(2fV|n|!0VF7cvY{tTqgJ<6XR z>hk75^qKiq_dZ|L+j=U8elAfQ2C_Imv%4K%g&kjo9C`~mR2#@|SnRXoPe%?FV85?7 zw)~~WmS5iMj`o+}Tg~^kz_&^8p*8U)`=OH(Yores_ zhi|436Sjo=meB{s&XawMUMNH7zZSuEf{tF-ep}5iR`JgMv3168z<8`-t|5Isr(kXS zHst3UJac$HQn0o*r`OtsdgdAR1#5}V&usV|@%fonX6+%yW(x9bE^c_}!JcZuv_yt>|Nmubq6xl4~cw9O$*bD$pzTCcZ?; z)YFl-8t;YJhV{T#4}7eduagdBUe&M(c{hghKORCi?FA0*1Ffy#sd-d2^Qa*2&B!3> zals?G*N6T$BYQoYKsMDO?3@{k7fs&5KYDC`P9P88W^PRK)ayf#K2*?$3i`kuvFmF1 zEn8Op)C_C|5C7Fxa9txdcrNvhpx#XQxj8g4R?irDFjQEXl*ur*u*7wfm5HA-bNH;7t+**8`!izq^IL7)ZPFau_cnezvfhf_V$#L$Ik8*y+tA^e z(Um5~JukXG_tWL7;z=Z1f4Jw9WvkAie6%O|y2r8S4w*e7ny`85yq3!^u4V#R?ef0S=+IQB*bKE&bgRn#UU^0kNBONe)!N_sPN z{SbO`ALl1@6s&5$6h6}Yy{VG>>%@=90FM{Nm**@&C&5F>>AFuk)Zl!dQM;RQZ>@w! z;H5U|zKHi>*fkgNdsraQzKyj{#eB=|Z=6K`#q-FMViQ+d6n$NBV#w;@+>4MTepK_S z_{=b}Aj8bfWdH3V*2pWPyrkqWwk7*$VhP~doSy%E^5IdF51b~SzAK&`UqVAAbV$7o zx?ezi(R{h?ImoPSp&$FWx4~&Y$knOn2 zJM>W2v0o9lx3hl4iw{f*1di5oj#FkJ6ZwW;_Ec?UL zLC(C`KMe91En!du=!&-fK_yI%cNVG5NFCq1dBZ;PrwqGq;%5UGz z*$4%kceOs3^-l7xV@+T@zPr0*%LjV3k39{08y@=7lIthGaWr_-O6d3QK%n6j@)OX{ z9ILQ>5A(kc%8ucA8Ff9@>&}LUq20H!-{1b|u65G_y=o^E+*$h&>31DncJLAWMvn|R z_N%v{xyMGn@Bnh)=p)2xUl!nO_rRESkD)uR&t?xEvgR%1%sa@2!^j537`9CblpT_c zfY%gvs5Q36P+?4RrwO_r0-ejBFFRoDKx`HIz5tqUo>E@MnGow1C|(;rXRXe})Fj>U zjsr`aF*kdWYOJzXrxKq(Q00#ODhd5(SfN_oF=Eb@fS=Wd>TWW5878kDALeH9y1|Rp zp2QB(oOTl9(xa|&?fU<}^E@8CjTpCpe{Mdx$eHg#Lz}THE#~3=Im%w-;v2{x_9@L; zwD_9IYdbp5`J}#U?RG12?Hc@|Z)8|Em18?@Hu5ge{(|OzjBgWT=*jx46m!Qoc9Zpt z=?SvlEfXhC>r9PTA?qajplKt^8DH()LYCKRuFqXHwaN3jm%E^*p#&I+_iJco+#Wo> zYF#s9$e3aW)ij8P7NTcVZwvBG?P`t2)JYyO?Ghd%8XeN8Rj{&p;2~BF1nw|KjrqPtQKNg5T`{$+klJ-7B`hlqrmTooAeP z%^Rol`?Jb8FXr{y-Jea)Y2LlhXR{c2SLxU*cOp|hF6_GBs!g&EdDb`+{=FQ&M!vNy zg7=VbO~}1N$iW%RUoOcEr)K2xkF0qU-*eTi*LIt?Tst_=_?~5JJ3fI>?C!TdHg*U) z{I$d)_>=KB>yOC9R&dtF*qFU_jQbAG?}7iH>e$w`HkhQ0##Qv>jg7{0@f_wZ$el)H zQ3ATvH`1q#Godx;FS#ucy@5H)JjD?qtCFN?uDF1?YXtv!g#ILfVHJ0ju5$ODdc-00QBV7=nxKuf#G`3F;v$|& z?AS#-Tfwp7eKbF5fp(guGbx*Zt{N`^cheaQWK0Koa;4-JCDSo@h_M) z4(eHsf8lxLQY-V5Vbr;gHOYT=4P>$8+hx?xn#V=dpA#4w&4rHf$5Vf9`}5dPhXy%o zWryBFFAvu5%DS8-k;!H~B^P@c`so_;Y!d_f4aVKjA95uDjV2j)|Gud4WAQ0}lAkH$ z&_ot0__oZ~RE0xQbjsy2& zks)J|A&20<8MiL!=7YU>aIWD$`Gv<}BhA3?G4}l##$I}(09y&!)wYrG_&#*C7Fw!- zwy0mWNk&gDlVV6#@tx*!&lLpQ-(t<(@Cvl2 z^%rN1oqc`3S?J1~^IVw&4LyDqaKT@laZnp2@2n>!^E&qqo=H9E*|F`&Wa#Qb$>g=v z0sVRVHCnN$+Mwq{lFQ4X&6;rP^T=h#?&$Q9yn2HFq~_D}K8qX^&HduJ&nCnC>sJBb z)SkK$aE(pzS|hYoam&186^xPM*yl5kEFTmwv?Uqq&9zIIYjY-kv>3eiB>%>m__?n0 z0vb@tMAGn)PZ<;B13K?ayj~=iXqBc|Cf* zWfI>RohW&!7^Oh$#s%~pIjViZC+KT%5*~eQ<4VOm@!OOEN6DGc+g0H0YVdX*`WTtn z25wWtkr$)eoq0zOF=(D{=Nl8tM*GqWTGMc7%+cYZ!5-~F_xqM^G>{ehKJEIy|7&9P zS56&VFPxmd8`^hpGST3qoOj_i4qhHRguKVTz6d(I7+#$LjU<3G2`-G>2hJAYYz59l zhI@vo+lMeQ;PM~+p1r$`{M#$buokV9>!TB!tb zV>mt~XFWJ8HcIiqluryiv0vu=lvBxD&bKwl0&rA~Zzuu2f}&AmT!wT9x=1?v6ma0g z`-R;3QHB#Y4~&|B%U}G(ah%amicUgbn0AqSo%ld+2p@`%ev>{c9yg4QAi1D1mw(|O z<5L@lf&c3`bIzmv{-S;EJ4G)#cbgs?+Ub{B0o`}{Wh$Ni1gJ~8rj@!ZWJ*UV<6oum z@3p;S8@A@v`klW$0bUgU7T?DC&7+<9tkQIrg@FfMkOw>_4SXb#^A+GD0X`%<`hpLy zk8dqxKQH?y-9Bz82|N6$dV1=k*4S2nBk9uQ6zR`k`?b>h;A9@U(jU`{UU_^KG|Ske z;-$gplCi0cW_?`psWcS*>FMCyrR#a7Oep#Yu*Z*gJn8lCxAbpISN|R_`OaCNh(p1r zF*kC;#jE6m^w8MfIC?1CH-Gi!t1l8G?bpB3i_(+QjY;T9W9{i-%bfK;D*99UCOxY5 z#B&}$JG7P)b7GN+4Mrzyg6{E!&XOINWE>LUOS*Nn{8Z@I&bb^ibu&7+Ti)r6UFddV zj_`kbdGcZDJI2B26UIe(aq1SYch=9itDN}`9@iS6SxcZ#ZSaurbsF^0L>qS&gv-X^ z?_F15l}-65bklD3iQJjvrsX(kB}!u*)|4YAMdel=BMtszZWg^0zw9pXYw+*d9NQN! zp1dF5A!`)-w-Xm`K|fj(*@O@BGR|h`z@F*F^99xfowd^J*xh@3u%VDSJ=qse{M)D7 z7i-)x_s08T)-V0zonTyyU4$GO#`?iS?|y9JQ3CK;2j}mZGq^f3w#T)fXp}?8rQ&_b zA<;8(s&N9e%hL~gHys5H-jUYV|MbzKtZt)!_PFbV#7_A4Hv|~-0DBCyCRki5zwQOm z;|q{6bC|=x=cSDGa%9kUVk_XQ4W7Ozr=Qxpedn0e#v0BYk8l*;}ah4Yf1KnzdCj7P<8+V39p3xV0u&t+fI18T`1*oCA~_ZJEcO z26$0z){J3Z#Qo%6dkew!LU6re1U4&pt}b@^)W_E+?GwOu;Oo2=DusHUM;zBd%zx*AV4_?Dlva-tcze_erp2;@X_-o#S z{Q~WG*)MCsz2?ZOS8*oI^g*^w6aVou!>L}>;j>xHw?F9d8`c73r|^x|0H$+3qhcsF z)27aOZbUXHhA#n5yfYDwGlnX!xw_idIaZ3(V6QiDVVi*~owYdvTrB`snb-oNfnc%L zFP!+-dxS4=2TzuP$1<(|`M+Dmcd}8!)MDg;GomX}=`!cnLGfE$^N<&TO>)I?6TF+6MXlS`YoKV0>6yGxxC*i-S=Y1wH;X zO0}&v{`eOAoKK|>mjizl@I&tj__88CAS(GiANV%YM^CQLCC$KaId$-jU{-w^pLirQ z`fbKvc9ifWTd^aVQP#0d{qKhk%ZR=+A_YvO)hX?i?J8HP@2StkW<)ZGoydrd#~$lQ zVu#kKT+#LfIBHCWqO#*H@$V&;u{)>IhIEg{NbyrzFV!5RM7Tm$DlTL>{M*V2j0Mb zXS`>%Aj?~kgU!g5`G%JjH<}U46+Khl>kF|IsTTOD6TjJ#-K&=8l0MU#zTHntzk7Ww#F~J$YQKYlfn&cEOwz{-Y3n)q1vAX5reE?oy+6{a z%iyBeNo%A26TTr9&wN9>!jG9(3Yup1brE!{pI+9 z&?Vx-(a?&A&nMY`YVZksz+~|EeefVTn$ELYf1W3Kz}RSBtiC<%_TTX8BB#GM$R5yd zcsIeA`uSdcd#Dz+r>~_if?x112A8?SW=&yDX$d|k%_o{7 z(Apem?P~nOtaHe>6$fUG;YDT)oqi-}tDo?qJo>72^Y#AsnZ$6>SM9m^EaSV`I`&JA zV}kFhHI{s5-sgl<-%G>)4}|~I&3b6G=}ggRsQo(T0fO;4;8z^ePZb{r|Jpo-YxVJd z-)|E?M}D0zZ3DkO{n41uI20n=`tpzM{LC|sE@{jM?}f;UzTA)ITdT%=?mT}k7hL-7 zd+8F{_wpah{`n?;(Ro_qMW_4id)YtdCSe}KJ+FO&Zg`SNM?VvGy;7jK#TK(I6au7OUR&UKWn%H^MRymr=F z*56unY&|i|Z?o3&XrQ2>c5uE~Yf;SYb#DA})%%y$R`L6df?BhWqSbcb5Iij#yWsHP zYPyI02^a@ztWkB8 zcKKs8UK&TqiDVseeIq);4yUfT3Vy7je>Z?<$!ETauML~K{N#^GmWHCwu`U)MwmXje zZ(5GbmJgtYGMk|5ZIpS~ov$lT^L+9=n(=%9ab$z>PpAxXL}knzAGmyRo!Gk0+TXu_ z(_Q;Jllqyr#F2HsfS#uy!|!C?(+E#!UMb&M0NLM2d{%>$vMf)|evT5xHpm z)TFCiGxALHf>z}9D$2Bxp4;E)t72$XR(`B8tUt?so`PRux8@(zl|-g$tYr^=+tnGe z|CH9F58kDfZuCLiP7|@+&fLzSCCPc=ti;7xv2aGehhbNZVO^q`aa3G-OC|bV@$BHz z?4w~HS{wahKVYr)$mIqy8%n^5+Djlyz4ZdctLK8}H}Sg+D-QkPl0f+ND&q0PcU9~) zye<$l`xX_GqkW7@pHJEhYuvi_P(edgz*@JSwDs(R)n3N-P#$UFdrf)vIaZP;8L$2} z;JZ0QT%OkE$5Pju=mqu_uNxaE<$w6PDVdJnc?JDZ`5b&NtAQ; zzuC&J4G=rw!Qsale9FA@)A@8DF`WbW7o90)Z94yZt?d1rNkgAAi9fg6$Gb81D~V4p z0k_4(w{s5qK*{WX&L6&n{A_s-vE!=1I1mL1Et&a=lQP=T`bu?xKp;T!EO{EVjI6I zzw-CyI_DCb*j?t7I&&q6zm9onS(5X`L-_cT*~@o^imWo7=bO=wd+CWG%pAl$^@S_$ z%^b?T_S_qiRcw`Ij<7f%eZ{@mW2~}=*_)a@-YRRuUy*Z`#aY|z89&D=%bm=5ycbwy zZ{nxS3tMIFp`|Wp#4~DJu&x2uW8Vn*IfkAaU~jL|U0M`QC&{_Q(^Uz7$P-+g#vmtCVVn$H;NZU^Q)&(z3| z0BwfcG170@Ip6fb_oq3)SK0;N@T@NQwgHc5uL;`Afc8f6o(X&{z?TJlqk%6Q_;P?R z2l#XzKXKM&G2qJszINct2fnxHX94iN4ScVuEpf^U=$zD@A9q^(Z|2?wysGNj`(A7BT)ERA7eSH`Ab?u6 zUI4MpPJ*JM(N=o&t36F1T*ac)p0}tdfdo;4m5sDmJS`v>Wh07IE2*a?6h%#X0di`4 z+P<=P?lE2n-blsf`~BxyE7^OKp!V(aeqWv^&t7Y;wZ@!t%yFAzj5%ivAZ4uwMTE@=D*kx%f8M`{h&d=CoF?N2&&d=ES z8M`{^BgSqkW9Mh=>KHpeV^`1EB`|ho&l<+gPv5pPE{X2gB`|i{!<_Z4vHfFDx*2i( zi@6FK^mZE)lhkAov0XEOP~kqv$#;KK$#>EI?49%7ybAR z&+>St{KGrAx3UzEydv2A9i6LFa&&G+`-W)PPk(=_kwXfFqm6mvt|Sj0VCJV8_3jp^QFDLxz!#sw~}v+n0YR3iIz`WC7*a! zoZ$-=x$P9}TD?!%B~f+krj9Lc9iv#=k{39eJqfM$71^9+gAO%ti0cb~@pM95aBW%G z4wkre82H?)uHjL2tdFXLejLtxdf4gxD6xC)$7cKVeo*F%s^ebjST6d3CYEbY=D#JL zUWavtIx@PcgR&NKC%o~PMI90Jh3bfKPD$pPD^9Ni+pNd&2wSK3gR;X>bzGx5`n$BP zF~24I^g04gKRnvZL?>-w%uNiV$PQ*ij|cY}j~A)Ku_N6aC~UADFMPCN_oq(&TgQi| z+gA%r{&Ls;chc8&*jJ6rlR7x7v4wbXOTKTi^5FDLaS=T~z+5_`Pvu`mat^J1s;DM& z>GCw+(vq}re%|EG_|vr4y5a+}A+Lmo6nE8HP2CURUNU7XIig)TT*=ChUN8Hw40~4J zDt_DG<|oMxRlHen(le|!t?5W&j=L$rGG}NdzrD2P$@%k6YR$(cVi_sqCwz%|G82}k zRio*ECV~AZ00bW-xidJkIAyu3EM9 zMpOO}<>T#P!EDMK*e9uM=`A&7yuXU_Cida0pFevaYYM6o_#ZQXapIjTdA^$G*VdZ#s1>JnR0NHI%Kf&k2?3ySxV16`HNf2H49L*UJCw69O}c{bt? zWV6m-4vI!@gFdCFq=yV`x;e0!JkJ@xep=)b_;{Yoa|f?|gUuNhXP(?&leA#;zC7M5 z3|MWedCz|(`oj8haQ0B153tM2=Fghc01fTH-*D)I`)kTF4iP)B+sar^>BTjM0e7^u zY+W{IOV$ra2$d!HLa&}GtZ7V03aw&J*}?ny(5QIr!KunQ^aoQH%$u~@U7L9g>*U5W zpMHz{py}+dH9oU?<1*IIji;Qse(;dRI_wgw?OfW|X#A<7?|b%M?b5Vp^*^5fXv6b7 zv!ed&Q+L*ksAYx zOMF!;GJI8eMH&mc>XXQpqn|_~Cr0VLkv}^+eB_(XdyMsp3-hY-E_B`-Ui84x;YB-6 z3@Skost;niE$xifv-IFt(RO?v*Xk^Y7UK9Qd3MDcbxhT*LT(& zwESG(#`S#XdPI?1b{%E6xYxIEeWSVF{`Bmc;xPJZN#;o-r|91VbQ|aJ2J@H9+^2S| zEphQ2sp+?RJwaez?a7}Gx`NTIr-s+n6hx+;79RgoBIaa zDC-XY(f&i>=##ytk43ai@?w+@`2PxD^3(K$uX8^GU(d$l27HC$%fQ$6&xx;R{|S7( zZs;r4-p?tr+KQkX+2Vh{(U})BH$0waIcM3*CW*0&nFnZ1%w}^|=|#b_ZgqVr*tNCL zwS1W+#2uA0m|^)$4sCu0c|eq}%wX*i^k&|J2LD&*d*os8JU^hEGu8nGbT*>)&%1B$ zcX?+sb5$#x5fn^M&d0PV8QsyFcJ+6B&-3GOQyE1&;ysJ4@&PXcjr!jP<$+E?j#?h za4r3%xy5YGx$BxACBmNxp^kleay!WE}2h#!g*pSLG^fZG1}$SYd%dx$>r{`TRJy-t| z^t_@QdLG^bJ)1Fyo*nw~)@&t)7HZ6+=E~iTd3SV{2R+Ya+~eu2j(JEtO*?cZnobJc zp!&{0)A96`2R+Y$p5y5&A9}vfrDwyd(DQ8O?eV;N@fV=!Xg>Ol=o%hsgoorC=zzD> zx1MOaje2^fY0amW?)~7GqG^YA+sw5?>+eQgx0-8*)|;c=Z{RwfrcZrzI!%8ZUj|K| zpzQO|^r<~(rs?bAqO;|$p>=S%_{8u%c~IYT!3Jnx;vw4?XKj^Ha(?yqA12^qw?$>Sf!xVg`mBk|d8dSYiA-`HOw1hJs9d=W%JTSEj@M}NSjLcJC4Jgt z}kPJzMR(MhBM{&9vuAH4V+&9OzG&^d_RZpX96osj6{0}JGsq?p-Ny> zvNlKhR=JysC1(-OHf;p%1Hfet(%u9=)!{!F#eXwFJwU)u69_2q|czrGHs!Q;{ z>cWpdKfSy2j%~N?ndH;;1aJHq;JuElkKeDt2hI8VSrY}@2VO*TvI7J^G7Y+;JcDvW zchsv~%`x<+JG%4U&*FV(?yzXivE%%q3!uFsazG7FFb;LVo(X z#(z!wwhe$Uu@$xrLdN4$EF(Vr0KWJK@WpG*>ke|?<$K#vM2#>M+q&I2{P zPCsUYn>mcxOyP10yhr`oGe-QrnLd|T)(g>f23#Io@nNhyT=%Rar*H3p{;!FnfAa8x z8QA_A*fs{fOZ%exWxzV&!twa$A=aaGo6nffcoUPz7^AqEKX~$H=ma|WJ2=nvJL9H# zLx43t_?B2h>a6{l4bF4jwK#z=d0pUK^W59PyS@$ZtwsOMw;9Iww8!FGKjT%bZ$~@h zJ2gWw7SDD`2z}d(ul5;ckL+VQx7rtq9J7K?;Qy~Z7MQ$Zpmmwntab7Zco%INnx+l1 z+0m(cl(#nUo6fop^FH)83R;WrLxxLdqoFfz+(bW@n|2_tJJ)k_&c_VaSt#aB{rS*e zKJ@3&E^7nK`V7X`#5Tplf-?>{X8xa}{PqO1E=6=AJ#rx^xEL=>4hGqdAS%LF^zO>aY0v4q3yicDUyo zq|>)5zSW)xxxAaMxf;Ibblz8PfAqJH_wM0a+K|h;-nX&=ry?T*$UNzkTwtre$|)3| zmoVL-77E|IYYbAfM;q%%TCoZ69>;UFW>k)kn`gbGof`VGsN` z9$!(k|EdF9qhr4{IiLA`ami)u86h194O8Z4{1Rw?B7Kn_SO%VL#>m9}pcAbfxaSgN zIPpD=4>+4FSa#>$J5HY#w0Y;kIrm{#r;6uSM73S#TUqX($N#Bu_MGguVRv_HzwODi zE)0&H6>Gn#F4Z&Nt;h4XdGN<$(?{C_;>TQUMdtBsebiUcBV~?nBPsaizd8O8Ge?Gw z_g+T~+T=Z-6`S|$+7I@U%zeh^2|V_slQXxZ)IxW5bcooINhm5GjLMW8RO zPrs7$)I?8N;9tJWF!iS63z5v(L0;l2aM3}z{Fj_V5Sq*VF?iL7&r>q09$o7AFa7Kl zapUBqgc~P6$#;dsO&`K86@IneJGz~#@RiHIJ|7&X&Y!=JSW|fw*S+W8wy*d6ar;u| zPuMrk?#-Uj_t&KGoO4jBvfcgR_md~vM=>*N0Cf#;bhE3woVEMD&?fL5!?)ot1%L6r zazf;j@rR!5Zam=Oc)#bbcAw7A(SA>Y0iEOZdFDIUFX@?IzBMzJUuv)Fk~89)jc!{$ z?|f&xp`R}MI2DB2HyBwLD(}%bZGJ+V9 z(bE?CY%_W~fIPDTlY*PklZur-fu1xnjU0p^VmiK)vu;zO(@_{h`80<0A zkrM@j>%yW~81>1-G+aAm1@Lb6VB`Q}kX14BJk2BRw)x0_2==>dnL>Cxx*gv4wZNLj z_sY{yU*vBNW7{V1&72$Ay8;=}gzRv5EjcuU@iaK6jt0IVhF`s$ycqeE3y~{Zp{qF; z2HHEAk83=(;{$Bqx~#-DZ4h2%@AMX4U7xSl7U9SESb085Z9@0eQ%3`HlEnF$C#4tt z(1hf>kw1RNhJO;et0k8GQ+`#aCpQl~?eKfI=Np;5C%gDb`lygNe>LqJ4L#l4@8NGu zIdAj#Hd(_LN`_{*`_EkRP4dWyi`m$FxymWJeQeOi#?$x~i8s8xQC)peSYo#=M^=x9 z4n>>HNh(GYSDcff9Cc!sI;+pRf87J*c^u+-5;RMmMERTxdw34rn&*KYo^oanOL2@bl)V_%oKSWUV& zZq)o)C-W2^zL5Pv1`$&|&oXwN_}Gk>ixY5(Jx+{a20Gr&m$Q}2cE#vuTpo_cr6=D^ z>_Kfqrd;igaill2i_TSk4g1e_+B=y=Wk5EUeOb_>>i7AZ=-RiKKG{2Z@PUfkvxfNW0-M@zW3zoc$0s2`hH-V-zUJYWtOiz zfpJTKueCl@`&VtU?6zinz;(dORjm1U^NYA&k*QHb(UGl<>bp#H~eDcCHtKqZzU57 z+5b@Ar}Ml!7_v?BX>YNWTs@WlM*L%qv?mkW1|2a-b?JN+!Dcboj5>H-=k7+ZmsZr@ zvraz2tEi(M`>|n&+LBmp&WeN9UuG}hGTv!oJ`sUGUgnwFqJ9YO%hW=;&+~vr) zX!Ar;4 z-PqP)%D>EfJCaPlffvb7I9Yoz;UqrGipb4YMePrm57KwxwC-MKUTft1U92kt|H${X zX5AR~Pk&wWU*tUBXigL^rfz62l4b{`%hczW)c0cQ0spnoh`~?3yUxj-<3!7VY2D!9 zH!cpG{=4}xW>223{f4#Xt%I{dJMw#-6c5N=R6a;_PD%qg=nYx+#&_NF4el>Yz(plQuF@n!}G;=iB42}J}-f2b;N53 zvZ?3zoSKGn_51HN4HxM5n>7s=>-YMahKc&UvZi5*J-Li^=Jl+p3*QQ!sMm?}-m^CW z*!7gHgr`>GSN^1iIO#HLr}mpEL9bcp7FV6<9^onRhGNFNd zVZ(p2N8ou4>$1cjwMC=lF6-nja<-_ zbIMkCV0S-3?6d{m7{~j>$b(hnjb6*M^sifOv(SeV7L1$J%-Y>5@=Lw)JnTZ1H}z4z znFFVknBYw6HM$3%quQZ4vIWdU`n(^U`M??SVKIKm87dpaSs0S-A4A)T4$f=#gPRq| zizJ>mfuDx?b0&?MKX#JV_lN1Lhlj1;A-exRi0Z%m60h=I@rZ4!(RZPP)T4F?7rpR7 z)q;zBaFGZu_6rBh>l?v=zL{@uvu!nNJvoPT%p~UZLE&i>-@V3}Jqy6k_;a>#USvw> zwfWhTp41sHJXf65d46@w^X=eBb(E4{-HUdGr6bYj;c3W->B#n5kr9u(GQzdh`*9y0o|>-?PXLg|Cv@Livi$NhG&KHnEizkm5t(un_^>5#m20^$*Pe4>74hVdx>oa zA0@u8->;L8Q;(b=ceuU&pzmZuzW*d~{EB+ybp63R?( zGWNd_y9pD=n3f^9pcA;-T`2b%^`H{Z&*St?Xi*H-Jk7wmmE`H?btvBvEF~B#x{JE5s zY438rg7)UnzO42B0nC|`$n_f-I!1e@13ydf`&vid1I}^a^uO(neMd5_BNz3%zh)pX z-?Il+9hn?=&%0?nyTjMN>b?6ON$Y>xMf-k#hBo&1_3v!gd-m}1J+!N57u~fSr zpZ(y`$45M)c2)O?r#5oY{x9L_)>l>?ed*^r&fK0{+rg9cg*o5G7rI6HcjTOE&hX8s z>u;EAoq^*E-N3bxf8E&5OP)I27Wt&R_2Fi|8#{j_*0r`Qr4POY_QCR5m&uD9j?_hRNm-L(7K zZrZK=$BkWuO=7be7%@1XoR<*P1Cj46MW@}A%?P8w9Or);lN$AGT7ojUe9bwrgrb?kNO zh$?sL*z5Ems@&;A_wc`$G@_uh9~oVB$MhqrJfg+zu;#9#u(#`YHk;o~#5rvAUMBO*S^T31Tf;*(Z8UU#(8*Jg zT^W7v&G)6dfB0kD)7a0Z=(6AzVgvAcdk(hd>-41(7;a1ef8L~E3GsBn zSh3lKLD}uVaCq72qvXH^%By5u^7;G$r+F?PnBs91q{ z_8GB)m9)i+6{ua^#R|N(E^^!YMPmit_lgz#y9eV7#tJ+bqTTB}7;db9T$PFrd;l5; z(`T*=?~IE#uuj*5p?JX*55^SmHk6pfP+;Iw=!C&_VM!be*3ERn0Nw--#zbI@0LBPl zTpR_1>%z6MFv{>1cftVPFb~GXz{nu(0bk`{Uv|bl*2=z%jeB_CuK-pm-=7xu;F~${ zKz!U|Ftlpo9@Nnp_gEVj_qZf*dfa1A&v6g0EuHrN6zu%#K7ZU}0lX!dQ|R)kHrzs=;F^09GqCfHNX#A{m zGGb#B|2N|!-Ni;a>nFZup5NI+```!jyrhTc(0UT|W!_mE`%ZlPMX?vzN?!csKN#nj z_{-WJ;xCuD@fZC0(kb%wMC%peFJ|nPGj<2M;xETD|J?74W9R9kXy0q|_Ab5T#b2V& zKd_;#TtE77^qO^BGKi}%zLCuvk1qei4ikroJn{HZyC2tz!~A*ux&x74n>fsYpZsi{ zeR98v!(=|O;;7ww_X+mBsEB+JJes+Qcn)};+55-qa*w@u!Um_qkoA$@{^!xmT;8LO z+zVE(i`>pL=8w6Hes=W0!%vzzw%oFOU1aC;PORsK)khCxhD;qZ-(9zEOA+xP#ZNDN z{OHW%TTLCATYqxYUb@TFk-jvk$9PZ+d=#DUVvSKes9$g#IMzIz^GLL|X02r<2Ngey z9uM*CkHO8Dyw*S>6+@Ej|L)(|<9s5yX~;pvIx_L=+t8wIgkLH0jmLjhV}q( zVp)kMmbHnxa{1Odd&M96y3dUx!58u07Fz5bNBgu-KD=3d760VN5T9K|94WC}wuF5A z%H7ttdhZzUcQH=Nt!rc+6JZYX8#kV$HAI(E-{*-bk)zZZQ&Js=h$#v7!9ArL6TnG# zF{SUhIOvQi(WjncN?MPAe^q%zCYFEC-de6TX5I1h``b?E>HA$8a{OiPevl>y|MdMJ zwHIXVDu*VT|N4&&$Coh=`wj7>t#+_0wq!Z6CCa8V?`z8<_LPO*EwxU6r#OFd2{J@y zgiXCu_BML1JSxsq>cp8meH!8ZOViyr6W@gI;(f+vs%4d%SP8T*TFMj-?}Co9ocW@| zlkWLps!R0vIqLfO+B4Jzf2ppdGt|}H7_94N47RxPp{>;MSMD@93|;31hv&&>*Nga7 z@0|(op!OJ#j%6u^VB%TD#F2W4XFbK3cE+lT?VyExiH~Q+#JqUtW9I9kC9N?s@hrht zJZqkQiDxa;FY&B9^h-SJF8vbE`hk9lXWi?@vz8Ihn#Xtm(~DIf_)UHfNl~=p89C=Y5o4m>SLpP=5c+M|6FAke@0&; z^m7WnEA4Ati);uZj+XKt5wbRNM+JlVG{cU{i zYdEWNjV+&hpH829D|%3S>7E0ex0y@kncoEb?TMjx@m0Tv-}*Sd_cr$6d>`N92ly1v z;{BU>F9CZh-VdLOozx2(tT(oo!v_gwUC;STZr`^XpZvS@@ppHhw~swPgPY`&Cx-U0 z@yYjTO~w9y#`xs>wO&Jh$uq_$->>x{WY2EnlkaPM^4C-M!|dJZ!20gKXRmxXZO`=& zr{TY?+I`=(HM{NpRgZktI`W6R@7Q^E-6d< zi~sDZpWWjAT8XQFf^YeM{KKk#?f(8h{$b^3`;*Iu^82BGi1D|x&na<$L}DDNCO)7u zRO|gii4&Y1+V8X5Zfon9F?iU6X+zF`FzqAX;Hn{WoZo6+@AARyd3rPFo~wMJJ-B=@ zIht?yMh5?s6lnjmkA1OyLt2afu6>KnLcb3Q{ZYA4=1gZ_=%~5wXY~FbqON}%_0H>D z_hbW{cmi0-$YNqoo?U+pI1+s;UewZ!KX@v>rLsP;{@?`KTvjsjG=H$xg@0au@VW4> zLu0Xd?$Ps*L*2BuTYvCVf$MG@ckH?u{NKX=x5ovpi}wr5C!956OTpFngya3e50&jH z*fwt5cV-1rzvKUU>UZ?cPWgc;d$}k%ru=pMkByW!6eYxzx0L<7U=`&L6eY%#KUDU- zf&FArQcU^IvKM-Q|BD{rzt{u(eLcXh=mGvOdw~B^5Agr1AQ~^~$Ih}}#gx5X_UoAY zma_dZ_nwb7vutZY{`>f7pR%rto}YO17oQJ3svmoij_x@h`fE}25uXp;=6CE_?Q`>w z{)4*mqZSgE_yKvL__AhVYstRaUu3lf6zjjxYAZp1S)-KmnGt-3^{lz>xnc*%QO>M% z&Ssmby>;+`XgyS?f7kEWn1U_->(JRj%X;k$=lg=%^P&m)tUW`Nv#K{cnlDjOsY8m|~ zCja0VZ9hm(YW=NF{c1x`|E%e&Q10p&?5eTYQ`y9P$DxpI$Bgl{fV3=I1770EHmy%-jmb5PNd$i-K7jTugRsk% zCK><6nZ_gnY^`BmM^2gWuKc}6xK>-^?ezHd1>3irE;FOo7wAkJV;{KmHhy&X^p==t zJ+E~Uw~vZl!=XIvr&x>ekd;!NFhz1m!Y|?;?Jq>8jj>p@?)%(WH0_^ z|B}6_>hSK|jj5RE~{)8-V4l{n*JlS;^qK zhG#|=ySSb+*m^!WJazKCq1MDFPjL=g2Dt&lrj<{zDvx$>UgcB7-|;uF)+DeuIh=rf z&pJQmRZY;|QzHWFc3LU43Eu#*37vy}5S!^3zghe?=d;f>wA_#bA5LSA4PDetfwrgf zpUkt~+!If%$G<|HzrArdb}x3Q4?3x3-qw_DwXad`D0C8;4qr@RPBe{q1ipzz^3|K5 zyXJiM#m1MQJpi-d|6XT|)-x#Tt+B%kOl+SGcp_Kr_6`;9mI zQ>w>(`rzv2x~K0c17%BA9_1|5R;_^=0G^NEq&|E0Ub3;#r+o?z@O@5enO5Ee-kMHb z^{5%6Va^z(U?b_g_s05rYP3gW;jrY^yyqU+*gQPh)Yn43P=cLWPCkipW?L)4vF4e# zD;JXfvi^a+CFwV1qGyv|g*jwxzR%D*}vBl_eXMLsdr~(m6Xs^{5Y$ zgWA`BEcNL<^@qK3y6sCeT|0Y0ri30-t{(iP^$$Oax?ab%&b=3IS9MTh*l8D|}AV$s;m6iVr9m+!hzO;YUSF9FGnFuy!BBxceX1fbh}gkp3b>wcua61_0y)Vvdv?Hb1C~gGVRXI zXO?Ndjmj0U`0Lcqmq@k^@6x5vGI>kHJvn##E9~zxC~zW|-(>Vl3UWUcx!()@(px!2 z=$F3emwuY}j1E)`7#FA*cwV3)t$ym{n^LTae|>n((c!aqoJb?bXDZRu9UUC8D4hdc4J zpMlet`aE)U_?MqP@xG~hWYxvY;WXZlg6nA92rn1oBR9_&1Fw&l`G=RAXZYpKGsebi z>;JOcXXIp=XN=iL)&S>yt(#CijNu^Wq>lGi;j@o$4qf&7e=K`+z3-lNW!9kb4~F2wQh634 z&gYqWo~~S1`$*WI7TPbrGV|g>eiv%}1u{?m73sGIHiD7V6Qb#8_K+qo5qQ*$elZprPWhc?FUBF5yRykOeJ%rWou zC07mj##-jo$>ko+grOPB8dzl&m81={(#U@sST$ho+O$W=oATaq=xVT`=@)!y1{dqU zu|DlR#@u^HIbZMF4&VI;_!5rS&t0E3*gvGa(q~m!fs(X|eyjYXZ)nxfn;xTlF!c^L z^?uA)4fPMH8anT>wEyv+T|UasexiXDX8N zPkW_Cm4hP|iPP3$rVlSbhx=R{seG)TzR`!ya&S~^osBH?oALOV@%X#%Y=fiDa%5j; zIXKcdnXy53YHY+8-uOk2nJK3|Z}^5fW5bvYv4(VxS!X%4(pgS>CP$5##^!RjJ)PzB zS7T|)&oE}4V@ZEG+r=46@OdoTYHK~wF@rq?hQ#Q$qOrke>p!1vtN7WOb=&p8_Vn39 z*uT;7IN6zs&o)lP{$gHrfY?z-fO#Tz?3w7MyJyNtnTK4SkNjPLoV^Wsx)Aw!JM!|o z$j9IF{0}@o%=1G$*BZ!e$oB-~`w?{EKy=|v=&zg5U+d91gU~rYgPxfO9oF15d0N*x zyNKpNf6FlQAkCdLr*!rx_!_ads5$CEHz&!3@e%8nbKO`mFb-$_cgp96p|#=N_4@^4 zd~euiRlSk-m&?6WaT;ADO~84fv!-;va3oKQ_cSvg+f!4QX%Td)tVPX!Q>c z4Ytp&dgB{E=9|Ige?s1TJZnSRw~$Z&=BNI-KTd1ryNU41+rW8~_Pv?^v$RIO`-MHS z{2l+W&}4gX)#RIgLOX|*{{#4M7XJ)h8Cm{6zF}39=l#U=<<~0byKnhNmg7(C?4v2? zeU%TT?P_lezPuOgBw!B>?eq1n8k+x@;k{Pc{1;!6;pyjmXO~}!Ja}f-kJA3=>qlF` zA#HukmjAJr!A~P_K13!|s2#K~4OzJa9_(NISXu}cg)CHYPCIt zpG3Z6jr~B^#z=GRi9xRI(9g9O`nxv50PF(JqcJqzxz5+6Mb--K{ZI151n*39@h0?T zGjl)1BPxG-W*%=sA2(-nt}*ts>{qkKEsc2u`nn#S+{kmS{aZc4T6?WMILQ95YZopb z9Q?p4src^SmaKak+W{V3_f7WCxPNEhxE8kRS4;m&>0f{PbRK=Yo<1(3kMaGxmO2(vX9{(Wr_Md}>j?ciK|dd*pNaHo zEdSH^pUr>9|KE&z89v?Z_-_xD{i2|$>_z&zkG@ub<6qMEmkQRb{I7!DD}Pn+dtkk{ za(}^qNy`fcE?HjijY*{iH!UeGSU+iH!H<@#EO=wms)9c)SyeD}@&%2)3>bUI8EQy!qb}nYh8-*ClaH18GlBt_SJz`XR)_eExcNY9^S(IUvYi;T;(6^ zCw<6oI%f>V=iU0zPovqxh;=kU?PbJ%F;#h%_B&!9Szz^MjxL##%et*h_iQ(_W(!|M z{GLJE{_}KsQ|-!@=>9D*zUHp;)*|>S!px6rr?I||J%O|a`+V);Lj4cocdC=mi+39E z4acm(#tumdcdfxL!w;o=krLv4&CI!-oSEcMqjCcA<3#d_=S)Ms;SUq6Ch#U-km{^Q zAFDpCk=B~(V&)#{qp6pemA4jqJ@~HIw|rNMUm^@FAHVFmTfL3Eod)15k4<&S*QVTo z1Yn$&n}RP`V=uqCl5H{x>3-`OtKI6m*E&&%lV)mlRc zF1A~K@{tl-^H|HB1WvU-L-DDVtg}l3r>;+l_J}Ulx%kxnw(6%~_4xO0%A}jjduHV~9zg%k#{^gMm?_YPZukWrwzCOP^D=Dzfw9$&vSL2s`IM0tC?|5GO2w+P>3*-s1&t5d$ zG5=fZ`a2J27EK6V5HbGFn6e4ol#S`8EQ2z&uRESQKZ=IEnD~uRvR(3>cp3OESvMOQ zJVtcO^$siP@0rkV6Z;`$TFHNp_|yL~jrW@Uc6FBJU#&A}**jx3XV--4EdQ=Nz9Z+5 z{WOw@E7&3OC}VKq;g2{?yRL0;;_1;a@hk6I?Fqw=(f6KyeaOV`yVjR0rc!^i)!tOh zxuSOv=OjkB1^WAB**$v|%XkWX%Av3hzxz9Lp1N=x9veIoj>G%rvBBR`)*U{hV`rYd z-U6-bOw(3m&)dwaB{vRl?2;QE&ZA>$p8f8fZQ2T*zdez&(%o_K`s?Hxow>g=!AZK- zYtrxGf8TWUlaBo-K1r@Tq5d~h_7Ll`ofv`B|LxOQZ&G<)a4TcEjWP3btu?2PelM0j zvxBSR@syDrT=9R1rw9H?Jnf64Uk_iY#{P=k&paWJJGsnnO$;N4Y8j{Bk#i-zT894K zM$W3vRFVA8wGygxkc}zGMy(0gcL}yNv2&dR`s3Gp>)^<-17dKrIXn0@@G+hox%l!) zJ>W^Sa%DF-=q~@v*2zEJQp+B`6>ZE90SRGT8Mes0T8 zG5KMs!^scJ?{(y-f6v*u$!7&W&Em|4o9y=bLc6_bq21nmhu!}6GP}L?Uc3FRAK2|J zciHWInQuNr%>P}+V42mgbs>DY0=hkbd<@@Ux7Xfmw>QqS+uwnIIQz!Ha&UOLyRT}$ z&>cC%^={7PSuXG7@_sJ$vc4E_LQocP?-O?e8*%b$;a%5lg!v7h9oU>(%J% zJBXvT`TJLY{Zw%EMfhgY?f$Lf(ySS2v@hLGYn{)UllS21wu!bm%Z@X^+rMk|t$qjE zdEei+I_=X(S6_^;^8G1xJAC(CB|P?&=*Sw_dDg=Rtf4*&`S_uAR{4J4z}Btw_pGm4 zL1H-EC$~O9Ub^xRltZC8!SOnOu&FrJ&8>4{t!lUO4n%)po|k@X@&d7IIWxm8*WRhx z?^XHTLryyRtl|9J_GEnRDa6oI?z^gnID2(!cYMaaCUGCWntzZ5n>~k z0Lz(=^bd^}T*fN`ZGPF5_hX#>p)9V|hj<euuwX*u&)me;j{L zhbQ6DCV2BL_`5GTiRpIVRzK?AwVt)W|8K+dt?<0wt3xi-!ru|T_i}Cwy>Ery zv(7;8Jb(2g#u^@T#>3%*XnMaDIyC%`9B6^Y$HTwmD^|BMUblU^diC4Lh}GnX2&eBb z#?NF1DxUpGp#42~;tzKJ>gOU;ColezHL*iH0nfLfzu&spZa>Doc;jXGw+!Cc_7jIU z>Y=4=nO4Pq?hXCt``BBfnRvCJ&f0`XT>79XxoISH?T{de=N#!nN8|4=!qvbt{S0Y{5R)UWE-e z<&r02w-N}Mu@&AAPtP^;TaW(hxF7m8=o3EIw}R1tTp^Cv%04qQ8j#6hWZ@3vrgB-> zBcgg5asFg0xxDEDyL}UUH51s)v~vJ_x zo4|FUozhy%+|S_PV)_98=}g|xC(5JGHFYqrm{`L5;R_s|`~kUf*fM+0Y|A+ODxQz< zoxvlrpq_Rac?M2j7o8zvO#jgvnqzeOaQ)8rC1&le$&=rc32#q*Q@rg9DL+p>hD-R3 zc?X#=#k|uOK2I^v)&GB%x375YpX2RbarR`YnO}FUrzF;bEu0a2IzY~uyB;!Adm7Fd zY~m!jtg}`g;1l3E51TO;+dY$fS)Em%NqlDuYq7WREHivwFhlbk#@xKieI5GiY;wzt z+{7M{JullLmA?F~2m9@Hvp;Z`{pQ(hqT^`X<>R-mE43zXJezS~-dJg!{DsD^5nj+- zzk#~7H+ee#frru0%)j6T`CSrQWmD@t?Jd-CiM99uG^IR8?eQZW=)qChmCSveJwmP4 zeED0jv!s`^25ArZ^NBqzW1UP==*~Z#+#nxLBlFn(_<>5Pvk5wDvXZK|@z4G$)rUCy zqM3UA%wv@c6KzKdhH`a6;7jl~D<_ZpAM$$|-GIY=8)E5UPfz$XdjoahQ}(ZLDtt!w z;k=_KHx$_?Uvy~r@}S`b@c6y2Lf`bOj&{p8B)&)iN3xI2JM=NSANUzryKEbr&zV1S zl5)t8l~{`d_#%&uwia9b7Ba_VPBJ5L{^&_%y#GFJSD9=i<$XoN)BV32T*$ZN3tig- zKE5A^kIHWF(N^j=_Uq0(t#3$-v0uY4f|Hk+AMDrs%_cr%8M{h$g4!Veh4Cf6gzR`R z(B810IWlyA$YPHw=1{LOmwKJKGImv4Rt~-ubVm!iXgq5g#&afN3OR4GwQ}%JDqm4K ziISBj*J}!6QYyNVzcM+LIt*S!f7D__)pb)}6KxBZ2HKxwzXsLaY~ZG}W=*kXTw^6y zXY)_}Mi-`_2UGB^DsM|Z&4aY_WxjcZw$}a6$qh;4t;<>%Bkifp`7HEP_DVACNDXPf zzwo`_V;4FKz1DCCJ`DA_#Omy``qK(ujHk{VauE++My?_L%xi7Cx)mL?P`~6NI{BIw zdw4tfzUsgDQ@+w#^sbk;CO_5dL+L+sC7Y{m7x=yleBa^Xo4QT^@0I`78YDQ$?pC!1ZdB}z***`E#GVa3QT{+xu?UG-kkY6j1Uv*EyllW%D`@R5vL+;<+ z#98pbj!=*If5vq9V5|1^hi{O7(dS15T)8KC_a@(Y&%?AkLc8nf1C#7QjeP$qc%R4F z8BL6X*Zx=8?=Ts>Hd$7%nXzf%*;~Aat=@LL|^(SYerY4 z6ORx*sjZ^b@UlSr-QZ7kb;9I53tDLbw&+strU`dmojk9j&U&6VP_JMZTEtdqM6Nk> z?u>bhWtGRn4kLR#x=@a4Jv3AYjIY3hIq3DP$3PR5Pq$O6iN98#_vxC|@9=yL`)%2j z^`jlXUv35ekm%t0J?4rzR{z$w=vOCP=)%AyjynRl#iOtT=2`9ISrc<3Fpf{h@5^sw z8acK80o5&^K16Q$R#g#*Yv!SW7!19Vs3D!lxWG`vEeC5geAKiZHzM5?b3FT#{ z@*nln&M~L*xKAvv&w^LoJyM+fUpsVk3TsreXanO?%3d#}?A0;`{@afIu><~{3;&k% zK`sGjMG<+n$T0EYDRN{a$5+voCfX9FEz9x4Yo66`GvmAvm>UA^U!L2(VJ2q|b=Th& z^w-FM7x@l3T({rVb)|{MmXSON-vF=N1gvs+tPkfB%|%k|5^1@%jpE0)DxZ5y<{ zSb5J4HyJs)_7M9nze>AagYTp}>X5sl@dn0X>7P$-c;LE&){RHnX zr%dO~hJmj!_Rb+Qwt_nzXBw*+$YqViwftVgf7m~WvFRTwFxUM<*O_1COQ(dK=j>Ae zF0Z2etM0RW^P3XNHNVdDuW{X-eRkuIV(qi=r>Czcl|OHR*`J`xK9gPM*=PwFwbov^DkRo&C2Q>!D=Z~e=qHY+_)8_c=GiMhR$HMF=`cU=ih<|P zklc&g$Jy`rGgXJ?e0At#wIy*hdUqT#7P~N?cf-K2_*gaL}s`9QPggaqXd!oZtcY<2TUFL1tAtw8V#hud)Vo}Umr^cb!o^U_{8&9?==4EuKAb^9&?zp>}I@k z7>lblCr*clz)K>y!)I;eifF)*Es5s*pyf9BONU-u{K0c;%fR1q@V5f|m4d%*d|Lwk zjQwup1!qBhvTSFEJ2w-(OJ`{QBwIWBnfB|sE2^LB+XlC9-u_o@2NR5aJsunIgM&%2 z_VqF7x(S-9gZ7Y3`LySFR${QeI4Nd5F|uf_kwxNhp7*-)!wu3AVXkYqu748yl^A#l z{aQ}HI16iS-iY&&7lFO~A3wRF@*f>9hRs=q8NrXQ_;AA(&UdnrWw|=@fVhs0{1V;* z+S8|x#nl}%qP&JhZS4Yn2Kku%b`PbfMCt+0r$eU zhySOierW7p^ZgXshHhA?afqP}2XEb#6=i9C;l;rpGX}D`BlOW8&DmwwScmh_-TCNl zd_R}g(NF(4$8V4jU{3(<)!shjzbz+Dm5J`oq;C=QUSN#$lpS0SOneYLyC~?{@b&1l zglHR{`%lOyYdWrt{O3*djA6H(&26Qd>k)5!DSbZsa z?An>_(2(^)ctfE5;#uuR{|rQa*zi{-I&BnVoJIRG!D%71QU^avPp$;USm;8&GOd@w z-d{J)uG6M8OZvnbx`Pl9#?qso?#42LoHzK-p^uN6dP0$ln7h#5BF-JNGI|AHY5v&kGn7G0D#AOG=|g+q z-TJGv&OKI7c=byLiGH?3I=ZFNMqnQZD9*@QJ#Z5NPw-fKeJQphIH+R|E;`;3g)b*} zC?OPx#+BkerO*^Qy(c^+#Np{M_g*`@#gm0T1V{2OY2Um3(9|0C9C(@WJQM9#G4`kF za&+C_*2U`asb+3qb^dkgbM$t6zP)n)q(2`W^x=jKcmK`V8PIALxZ(F0ZJP zU$$4e(yTcqFTzGw<|04k|6Rd6Di3*=OPMEok;}&ai<~~5nPCMpcqad^d6#?f;6`#! zqT8xAK13UP^8fbKz69Dg)6L^QptS&3TzY!@DtqiQjMH?)iS*1#Sb)A$a`|4e68=Gr^gUK*@67mS$(gM#^-#Kg}h8G-_Dr` z+l#CtN%QBNOk}Pj8LG9z%5Ce59Bf4QY0Mql(;vzo!TkF9Ok_!5@4Htbt8UW!$UStP z=erEQifpdNW;~@Fq>`iL!41-T@z4Kk_(688-}SpXI=vZvpRxts=9@<3U=u#V_-|Eb z(+$XI?26Y)$kWSDBu_6XDo-!P?8(zXKdy(qqx(=i0{?kQU(<(Q(FYH9J^Ds#rNg^u z|Fg)1p9k81w2*lpvL%vl$+vL0xN?Z`Eoctv$zew?IOkiBLALmjLkZw9lbBKXMPR+; z$U%+GJLMf4iaBqvJ|BEM%0D_rx~^l{pq&l8+sL~O*es1t(hh$jK7|15>FrSR4a~oh zZIO$`&$h{xbo5fc;8PRn!^M())CDdjb7iA_4ZNGV_%v*vlgnyq3q9KmA3HYoM!u80 zshh^Pn;ajzz8%JQlIgXD$arkXORkbmcG|0Uk3olQ$G&SM{vdxSIawitUvzQ>_+)Qb zXp8(>#^@L^k2UPqQo>kshNL-LBabr@mN7qjhdpFg;-}v+VrtDi^i|WT!JNM_cT!=3 zzcr6BOClHVD&SyStkby<$0)C3Uw9L*plx%NTSh-3To-dK|8)cOBAVY#9&W?UR{H~- zvv|z%Eta2h8nBepTss}yZeXl$6^>c|eIMUWr+>FPI5a*Q`lY=CWP3%xZ6kXsD2L$K z8f)=&@P*^10Ol%5~A z7QaoqUVEB&HgVrn;2nG0T3kih*?NAG@3}s9r@i<9aGo-FOKJTL@0sy|FXXfF=->&) za~$uey`lxvkHQk#P2a%NL!23#x@640#FWHxWI+YVM?;T2J>P%ZBz+=MOe!tJhZ5B6K|Q|rz6+L;fo zS$+Zgt@LS?%{|>_Zj%TefZZFsDyLTK+uwl)-$iyD8)&uJ+&{y6$5P3uyhwXraebE6 zmaFSj=bgxf+WRWd&i+?N_D{Cj=5znnx#U8kze=;wQ{eR8CEq<+J|2Z!`|?aaj%GIv~=D>ANoV#XEwMRu06X21$9>|tEN?H-NWTjzpX z9j=?i;=YFwTuar%<@ujmW=yY|$Vqtq2WE-mCMh$erlz69L9TtQ!^ zcHfswuP;-(>B|*vU&2mbjtX`+vf~TUSfJ;=Fo%fg%P-u%{6u}h$6>|=zkwfLM|b@4 z?xilj5O+C^#_*|_aY1g2#y0&c`hs7kr*Y9*_vmpcb^9_`ec@bk(-+Ptm!G@4zP#l1 zC8L|Z40Zcb>Gb9He??zL^xT)paecYb?aRgL%XMyFuBI zv_g~r6@9s`=e|gfM~}-nZeOlNPp7lLSD%9&Gt#gXJbOZOz?4V2Y>75vBgTFxb@zuQ z7w;eaqxOfb!A?Ae-Oy^azl=@L@G82snwS~a(p!tD-`EkQPJX-W?v)+M6YJ}+2j0WJ zXP3r_R<*x}j(4gKWB8ehDGHZcz{KF?$Lae&(dZ#D&3PlWzfeva&06QjY_ zn2Mgc5}h+P#V$|olSD2YcFKF`eq?^j`?L`qGXY(3ExH1ITS5NarFE^0>5{Q0#W%VZ zydxWALu(F}7|J{U!woCYCwbWR%2}NSkBtUK8NMrgzZG+Up_rQNpgGt%8ei$FN?>^3 zHK3P_?O%tE#`b@^y<O4$7f{N38bxN3He-<{z57Hf>_uwo(pV z&iWx^f!!Wi#n_b7??=GNqu6#EuVp;YXT-?pN%~=4m+v=nrX|@p0>%smbzY1_Mc<3YF=k(5?o$}@7cgweuaVM z!KfQT-sW&}8q;&n2y1NT_fA_nzwgcW{rNua%-;|0{Qj%4^=I*YHs7Cn=I@oi?cgG= z{p4oWllR#`9_E>F@e#QO&i7Md>xbX!KL(edoEevm-uKJnzVG0BKlLY{x&Alw{WNk$ zi9vNN8@jV4pLGY^w;UvQ_*M8`uv_ex8}mL_&$CvUM)GQIkPhdOEz<`mi^=i;rH=;P0B&6V?LyO#fE3$ zk^S({E_mrl6wN0(^E4wzkZnBoi4S<+ zHBhhQnP3UVRmij_`Xq7wa$v6~*Rqjon(GBznbstk#&>gnESZ)ZYI+t~K;6whR}NNk z>vbP>;16)lO%~2}As-}93LgGwLp!?9$cKY&{vmq{esC~0|4_Nf2jts_k80tgTE?gr zIVIlr{D~T`Yru;q4>TXniMyAKldP*nz8Si!OC-LP8iilK!S8=V54Fg-sl>|bsizKk zC!5LO5P7HEZR58>UUupS%5MXg5#*xcZNi~&8Ac`wRw3V~FyE@94Gq*k7k}rp1Yfz% z**-)J>`wf;e84O$@&zG5$jG{)2u0e&rQdgAYHto~r4p-SJC6{=;79KJ|kJd;C7v`1&G|Mq?P2OXcXY?B|myimU8qYYnk^``j2 ztoH`r(d*fican5VpgrN+_^yir_y%P^$TuMVOA3ATsq!)dPW;2oS@G;j|mszWoGX61QBt9a%?gwPFV_uflJB=_Z+n0VR2A}zq6;oz)2lGw`=9nma#=|sY6zFD*C~GCZC2oxN$~yYo*W(nGfOdL$_|_k^Kjm8opEmj=2U1o8m4Ua z(db{|(`z&T+i&7%VQ7#z-r7uJD;dyMD)L|S3VzoX^UhP$v4ZD$Jg?*3ZQMI{gOfKV zo_nW3Mu$2$NHOi*5ZB%t-1h!&uf16*roA(Xxp?gj z|6gqHpH9WLcVS$6v%WxkefW-Sd`8m8^4)v#l>Bn!dDs3h+8f3@`$T(0_}nqqcdIya zk~!;I&2?+jv0Ji`-8tlYLJu?1ugjvJXY>4A%j6#CQ*R#i=V2q|K|jiul-|f7E^K|j zuaVug&_*5m7LcnIdT!cDHwNv{s`Q2EscE%CPe&L7ul?7==_8wZeClV0a*rkklO}w) zp@?{sY%tB?eY8_LDnOn@G(UKC{NAmj*&S!;9{qi;`bsVhz6B17zCe9@Kcl{##K5A* zCz20d86)vo7Wvu5r}E2ZoyvW*ma!-?eu2x84<$$Myzrw9W)7N#9%YQ`^W{&_oV?_y z&Wyh9=8sLzjPztU%MPaGe6(Q}=Qhe_R&I~*H4|B#S$SbF_iJ8GK-YLgdOKsX!fn6w zc1;w{Jbb0b(bwl~f8aCPKO(OEf2NIjQSCRn=e2W#JCLQFeYwRS{K^^nazj*K4oCGx zJ*>l$mZle2Rk$Zt@;FGkG1$} zVED_dBgNb=V{P~A+!wC37MJMvF>7%iznbg$o85N?IBQ%BZ?{c+v+(=&V)?f%}HSYE5YG@Ipu=8S#2U#D|`qCYJWtwnCd!ZEshZ96>kb} zy4U_$28Y=5TU4)QJ1~G{VDL^1jOJJvIoSBBGiL|@_mY*Ujtt$v^CwudG)us=bhKUTTJ=itRtcY#dYTn>>Fau zfEm*);=|9I0l_Rj2v&8;^_b1B&3upkJHop%EkEJmznePP5l(dKQxOoFC#bM^PL$r4=HM>9s4Z%%=;I*$mYh0&DE!2JGLlWQBRbZTr^8t< z8av63*O{M7cD#!0Xck?<58{Pa;e{sd@y!?+`l`zdufhv40Asy;||WDiUZ3D32Pr}#%+suq+WdhCoSNFvuB(!BM-g{FV0$R`Nqfe z)E;u>mA}>;g_{=Owt$Ox&u+>#P$oHkxAM67{ek)QhyH`#D42UP!y|)h%)9>31MWLo7gx%)e7Cy3v$H%k zbYEwAYUnmoo)juFzbT>bxbJ~1r~8e&PR`gr2c3BEL)az% z=zmt%nHOy;~PlUEqwTiJXE;1~HkW&^k30(g-z)3Z9R=TN5eLu=hK zUF)4Ux!-27cOd^pHXn3i(;dr_*z?IbdrEshWs(0|$J`ek(6)wpo??I1`cgY68>Wla zwBFGU^*KtQqRQEL0DMVmkZh}g;?=g>-(0HP+=BehbcXbD6?#M7d-wJmL# zOKuQFu%H<)&HMeWy?18MFa+$|&-wrPe8SA0z4uzrdhY94&w7@|Ig~wt`REx7oo41^ zjBkbL;NV2>>g*cv+f@3oacAr0^^9jc^6*1^nU-@{A7vhxOWr5-D;nez7(W)AM1gfL zeZ_e0M&xTT^0l3JO+MactJtjzx}BIqgfnm>h0ue3WjBTrA797ZQ83iZF1R$C_sF>| z-a!s3^|^NEy?AOkmvd(X#}fR%#j}T9nvIW2%zb&zO*h!TquUnodk(&ZJ1)`M;N=|l z*aMUHrN#N)%(xdqZ!Zip&~egvE%cv5|0Z7T;8wA0ooA*t)ZS*=k)PnM@BG_1cm8VA zbp0~PQ+C5T=W`98b>_QjdITCC=6k8ZtH0wGXp&7n>=t-Td^HUmuI0B`^tF&&+xO{9 z-w&ttd2w2w_BsgiN!#i}`wN!xJ(G+*wJ24_M$$I6`&n-+M)MbqQFDBKZ{)sm=zPRC z{M8}o88GuG_Zjhy{f=e+x%2aS=<<&NXLieKHF?&`sc>U`Yk5y?<*^Pd|8XX5XCZfr z?L^@>H}<3Fy0k_G{Q`>dvd2#`ajiGCA`6Bd$a*>Z+KhZ5Gu|eV^4FSS+~zIllcqz1>L>|*Y)Hh?7&AczDJQYcc0_~TMVA3 z?0weBA$}g88d{fr(zQ{sRpmywx=Z{c+}pasj(_fD{uusXWIqr(;zP4 zBR)<%g?$i3CVs1T1-IHP!oRI$&xTo>L%(_39B%n{p&wtz_OLdG+mv=pVLA8dui`E-ggM)8xX&HlvU;r{@iYj{`q^a-D@ z_zgazW#WB)b7~z8C1$>W^%w0aO4(<~b@WHaa?w+abS-!jsw|A83)%-pWrywA8#DU zn;Xyj(ZZzeS!{G#s=m01xu{oP*t)`&ze*#2tXHF}Wv^GGGc_+<{jqOu5czXu;*;~) z4~otd4Wo)NR)4|JFo+x+b%v#*Ct`8-G@_TH<5-(TzWmZbj*RV7d&K$FUJ!c}e8QHo zp4uxIF8Mqy{Ab=ZJT?yBAOJYo-=hax;jgX0lM6q#u^!kCpD`C1)5uy)9=fU>IhUWlkLMM0y$l*@J|X|Kwun8% zk`?6Pszua_psfao=jr9J6nZDv-^eLa9 zjM$c)KakxJp}lOU9>~eSrE727t@n2t*{mVo*L_ZFsW*VT1sB?K@$5{gmPM!yDGY)5O`}IpZSGsfvo!t3LjZ-?u9g|>S zOwYE0t5fM$ZO%}=7hn}$6gMVFVdALLmGUnQ&7K{@xul_IZia4d``&h?r_|RKthql1 zEfjz40}s>gUE41Uz4=kg!t%Y=kU1`Xveg%OQok;)hWE1HE5o-f%7bsv*W^3xT2D^M zdaG)=Wo0jwK4<(JN}ch`*BZi@tEovAL!YajNFL`2#NeG$%i6{MrPs+nv1^2&yHq=0 zeJl4d!t)wqfWH`YibJQU#(|CfJ~jfJnZ3Z`1LnkIBwLN>?%uqw?>op9vE?bZTb^b^ zKUbc%kt^)dc`G_z^Nwxkc*&~l@3(kXG+&4B-;7KOufn0?fwmuM*DoDxQ6TMd(Hf&yr_2KT*@1cU~e=QwIiBJHbpmmmyQ$;y6G3N=NGyb{j`>;oGbCRp|5ja zF@Mb?-eF#)dCnGRuiXudMKNYO7st+_S$->g3~cJ(^`#@@fE~GcJj?fb7ryKg*3%!a zwZD(lcl_EeeA=C?TW?{# zCkUML1tjJqhCRyJg1`5vUEuQ07d~E) zl=WWDe8F8G+gBtRPp*$?ZA>;ux)hlzuEmD0W}Q?1g>v#yNxgM z^E%d_6k}Dq;)$TG2c!d3Pe^gjZ2X==a!0ae&%AUsd_P})9XM^dnw(hai}A!xuyH2u zk=h@eg}b!%TJ#PyKv$EhQvJquKIJ>T#HX=+71~dTKLiW~S)I>iNf!abc=SghF>C3l zVd$e4+J1~aR9mE$I=pSb(+)ga7;^!>a@~lgw&kTOquOG+H zP+Vx(lFpTNy|L>Cztjn%rd34qGMM&#>N-k)b0*F% z_I#UjZd!Q0j`f#V;0Mnrl+o~_oi^z*o$#csO%Y4fZN zyJ}Iy%jg@PcJ-v5i%twB#<0Ij^b@ap-^tWYrr)$SW7pXv-?iY#${Fm$mi;f?1>JYV>ZMVy^%my8*bq~L0R3h7aWb*8*j@}>LGmhlLX-uyo zCp(DgbUC(i5@V9xGV7ec@d{(ooL%$%maFma8H>AT+QoC5V;667#`1rk&!fnvjzJ6gHznXew2mNSHwUO+uelcOtsaqV&-HUx7g-7UDhmpHW)1IA z+7l0`ExofK?H$>+80{|LJp%{tNtXYM_fmMb$&Pio{*;j?_qSZe-G_PW0PHmW-aHTf zl+*hQ@GRWvpNqeGe4upv1&Xj~BZvv%kIR>kzb<|kKFB#)VQ|10wh{wypVd7*^N8?_ zj!+y}^H+V&WUt|@0^!hJOVfC;jmD3YJe&b8^<15w+7q-9;CY{(M?aTfCuTaafGDz5 zKrIhu&g{1cJ(Dta2fkmYx;pBhC2BC+cwSD$h zYJ4=3jt|Tklp#M?w#-8z6mmOQ)z5p&IZz0us zk-YJ|kLUGW?Y@I8^vX*GeNG2H?{D%oB||fuF~8!`Ev|lHucFB(zG<>_%t_sA9FZ#J zxb`LIqF=qwVxEx&-{z7FfDfy`mcl@|75mZJvwY&gV2f z@pD}`;x~p8#3Y^-JXPqfYGk_9Pt3%DPx%J;!^YVjXMTm8l`)~_N};GT6O<;4yq-fqTEzw7C@m43F6)1iLzJ^iY-_XPZ77cZ?IytFtt z5q?}a>>6U(4HF%_v@l-f9(nOXt(Zh3ZGNo>yj(=hf^297Y#X!LH$F?BP)-r`(`9s3-3~;Qm#~7L_CPPzINpo9Jy-dvmx zXAivj5-_FnW*N^Ld0=g{(BaJhx!gWzxK(RG(hvB`E$DXPDwBLnPlv&Ss}_fT!c}xM za&c`suCf~*5w1oD$I-zPM zKgQS=dHAsv`acH!+mJog%#rM!!`3I=0$f`<`;NmUi7}jgIo0>+L~OysqiO$ zzt$1k;KMdzh&#Zu?2n$4Z=p}=y~l{HFvnfy#&@m7`04PnTf4Pxp*`mn9rUL;9deeU zGY+dgudYgyqf+3G!N<)WIr<{7D_7l>qZl$}Wa#8Gamo$evkJjNTfXeX-7T$gFScp!q5f?nHZ+?$SXn z-Gx6_{~Rnz%9DBCjW>fASLe5!7J5cH-%sDZi)?&}ZVREC^n3;V-YGo6XVUTF^>iF< zqfevbFNCKjC-tAJ<9`Dj(aF%vtK%JeBeRd{$MqF z*;n8XA7T$urafg*_;)LLF+<6HSwL>oP<%$MQw8xwqNkboGI$;to;aL%>}kkWmZkWz z+4CNB;;~v&@_FOSTyI(QzMadUyalbtp58C)Betx$rH>e`V%rg5`Z9cJXkBL0I%R&~ z{N|4P5og@0n`(Lfx%11N#D=`{?PwwJ6BjkUn4>eQiv(AZz3f~N>^ip2%(qNjj_ZGi2JU!8qZl$8hu*c+tkyaF!NF#aoXB(2}NI%9ev z>lciBExeb*ID4wGb~0n^)}i#LHie^tfwC3gSNQVa>QQhNqIR=v=Fr&%rjCxmJ=a|e zQ**(@!8+^74h)J1FQ*RiF=YVX6B$@08(B9L8GwHs z8Ccen4E!5>n@I+WkO8eDE<^^1H!btl0hoXcv@)jQvx^)Vp!O}-U!*M;mk%){>{vL&bxr~>cF%1W-if~`OU=g&3O>^x^p@|4N2ptTX`>qpUUj|$V*1D z-?}WdK5~KbK!2+^$w1;HCz*Y~qNfl3a&h)n5V@?e5(n31h2!yT=Uj+D2YI|xqQ8X( z{O;1EmbGHp1+DMIYC;LEbEnt|>c%J^G{QTVD<=ycG0)BknKk&9mCWCnC#^%5sopYr zh8QUIBIS=lM-x9WI#Bx0YH(p31zn4HRz9=nYp-1rL#O@N9OMC+h%&A#23kvB_Rx)* zrkmJnFeV4OmCYXB`Dbt^z4}J&`zsaOj8)Mm{U{DDn%FtLSqg|#w{m|gYs#iR`*pxYA4QB;F#}Vd9r<+eY4FQj z{m<09kd1DxwB<~;T6Op%x6(c`Ao)4tFmi`1Y!eK~iE{CqE3pZ{q8NGebxz%NBbQkn zud)6wd)zV)Tmz5E*M_eJm+Fnh(KXHUEanaLbtCnH>9ZAm(Z+ZtIx!^4aNA;X6zH?P zFe}`}KDIjM7f;e(8`o`%S?AOz?`V(3e(=%pAn_GnuZ{)SC!2nXsj0qeF7`|{M|(B= z5}s479Mz1`nBvzmcHq=JrWJi>+Jqij$8zB|dpI7j5<8KpE7`{p00up$YZp#v&AyU6 zGY7gy_kmBa>1@3Hlc|piY;OZ&6}8MX2hyI*B#eDMF!pZvAuvjJwO!3Sz|o<2&@{%! zJ8$1XomF41C*Bfh_z5~7KAEuqW1M$%enI>WJ{hCn(_b81+Ofc_?pWYgfU|{hv;eDW zyG#I&QD9V!Y)>o@{r36rY%ksnzfvngazUT#hy`l?qkbabQT~(oX6fJU`OvZYADQ02 z=0xC1{kI5L$md#cB|l9zMRAZM&axZIgr{?P795$F*;M+~_<6PkJf+84Cij3R@j)fy zX&%jb7;7Wv?eCg$6+CSBXXZc~G%woLXy!Xc=lhgz%5N`b`0e=&zx{&W432UcBR)dY z_iexADYsr!z;EKs_0-fo9LP$kUlB1hg7y|`$xa&k3kpg z^FcTMGV{BgD}9VF241IGzK*i<@!`sJt~lpjK>KEJ9)(A~b^*NPv=2U>RgAlN$0SyB!Um1IZPJ%MR|o(L*&r#OoA-2HloYlCln(iiQA+v#r~I3G_9veFbir~PSm?KbUax!a3#bcgbcs0CN7 zK2$rudym?9yImLmxi<|na_qtd%-yk_8Nk#E{RPVt$ZGpU@=JhaKQQUsN9i@ic3k?~ zy4Qs%ui-jil1*;Gu1LS`lU_q#?BkvNbI6bOWvA%1N^GTxBf}eU-igCQ@i~0LN8P@F zXKc~~YVZ5daWyoV4<0$EwK#th>ydn44IS4of8FlTQF*LEt~J(HXh2TPvwMk|SMcmm z;h(X_7^~5Xj4{qwrIUs-PIrt$J$M#fUBAxgM&Lfj(Tg#?Pg_;M^*^*fA&dNQ;<)0y zQs|1Tz3%d>JqNUT-0ml-f7Wg}TK_zp;kO_2+j`nuZ*@NR3j4Y8UnFM{wilhfF}GOp`(c%+@N?*raZ>^bcK_O}`PYS}J$u5GlJ#(m(sUg+Px*w@|-f6MpC zx|cQ=A}dqT7o)MUw69v}oFi-RA%!Q@&wlW=9~^%BrjeH-Q$H7Olo$6oVBSJ3yPdd; z;A?|cUVD2U_XTeo@YY+oOZUN-9l-lGaLXSs_BMqtz4o?O!_R?Pez$=SK67nu2k*QM zUshvp-T36M$w569Pa50DSYn=WYpfcRK3smgI>%<_{9`F=8g z8gq(oJ_tF$evH2B=y~mbIC&;Me5&!xks`Tv4GcFPuoL>F&u=5N=g#TQ#AdHS4kTaR zxu$&5$e@sNLRJVi`JvwXDewVX-!#}FjN9`3bK$vZu;3Ze9ZQSCTZ&s*!?h-QT6jSa zU%rqz0(>*XUtLUGjG9&UIbeQjT4fC-?gnf_y6gViwJ7By3uc{h>b5nSxm=`>c!tx4 zZ2dy;w2*z2qQB+_k8z!YA3q%bU3oS5dfj!`;`5aUhF;)V`K+w7Y+S_p3(sv_#9G{T z^0~GC^>x;l+__h8?P+uDoci{2PoD;NWp>}d% z+sUC@M@;`QzUQ!aqI>-8nUKHhXV1hs+F3+w{RZ-#*Iml9e9s{_qWf8LBFwYoMEsa% z*M)dy0?$nFJQH%BAz$GEJu{eRz+n#K>u!hfnRe=|@FG0}Zr!m3z>N(Lu_*3IramEu zAd-*YGX&m&rU|a)AIXo2q+OmtRL3`AOCf z)H;Y_xE6Sm9K{OZG2l>qPq{2>KcXM{H~9C&_0&h1)5ktf`}<66IVlg4g=}JPIpPuG ztb4Ix=VG%SXFo=pvmb*q*5=FyE+71>SOu}d?){UJ@(oki8hgtm=m%Jd+D=+{ijpF5`L}zRqQwd3-l^7n~d4PW`Z_M{THHtj-PE ze=hroXkYr$&_?kEhtGvyjXT>JcgA=nw)Gza&hFL+s>P-CTiM2ZbdSMfjgv#>w0GzZ zn^ww6a#f5=FA_A4*&Z>36)841t=&CNyYG1E!=4tez7lcSGn=7 zz0Jbj>N$LppNF8`czlR5_O=YOsL>I~-nEE5nL8|N=`iT4+85dfIv=>D3l;N~9dCiZ z^{ks;+-l`4ZAC9i&rFtl@+qAWgBF5C*9)|NhrTMwd0L2%q5QQb^23JH?{?Z$KJj|; ziSa#`>RrVla>OtE0jt>)l}kQ#8~M~-SLi;F$_qFhg##_gy?7?U0%WK0W z0}~wH()z_s9{x&?KmX0>GQn);TlYtnrPJZ5qwKHRy})T#a~W3_^y$h2u?+Y(nZKp= z8|hBT^-5&-%tKx5$*?vaVyxq^w?m+Re3H)h{%p7s`x3zB`dRBrUFYKLCw$8sa25@4 zUX5UN_D6oLIC-w9kzIE^2mC3Pmhv0&?2X@RJRkm_q#o8fk7D=Q=kJcE7kT^M{XVhD zw88veIpcR6=~~&zp#l z(JuO*1%B5fU&`rFjU>r|XH z8DX6*1MRcww(zdxUcBC$KGxAjqbuv!5WzO3^RU@lB3_7`%Q(;#>eGEs@>R%t(h+)I zy1^aWe{yFPTU-Lq;JMn3(xlVi}~)Ad3Oy@ zJbifvp8nD?Hbxa51e_7aMKfL6Fmqgpz4rh(mv0=9jNR2g(aQaleR8vcJ zon1?HD?00NpSmBU`m=K|iT=UyFlC(dsb_?p@e zyO7W6_#O-R+hV1j%lYC*hs``d@|a0~iN>#eFR8b@`f5p<{>?O=C^!!Q*KlV%({)Ym zz;OO5t(;fU!*4VJZ~7STU>xv8_ZZE17~>4uxs7|$Ej_`!+5@xJ(_}Z?e=a}lqaL2u zeq@5bg#A5UdTgcUhH@2$^JnP8b)oV3?dz@Rp~3>_$Dg^c>k(Y@r|YfM;|P$SIh;Rt z{Dtf>4&b8>=goeg~|hd}E_)kT`8e}Q#dt((cFXEj`YaSv;z*cI0~c#OP(L*!2wxvjD1-^2PR zb*0z;knb&7{?m7pvh4aG@&}b4Z|hQ@sq-A=ObAz(5;)H&KTC{0P3kkF&$WLIT~&cj zKNe0q!Kqi*boR>tGqC=58my{QWnhdu`kuWPE{t&xj4u6c|1;Iz>?S_aXktR}o|{|m z*qJ|g;1I5U=|+U_0FfROw)(L$8KU1!bbry5#ghj_=C{KCk$YUm)B zaeSsa)?fA6Jl5*Yky2biF^&rMEov?B;j@5MF^;kFKlq%Kx))k;HRh8kc~XOsIhSrG zHiFzMPwMldQ}d*d;oYtbL-#R?-T1t1>DrawfGxjcGT~_uV{qhm-|d;@SNnquO$#0Q z{UAxx7aY8$+rK6F7T);8%!!-<5xPWYbuqUf=1P1x&*^_P?j<3r9CaK0>h z+R*!!Gl+RB*3&rHo&(Znd_4Q&7+cqP+6K^2YM6xCpV#&H_goA-Z;-azPF4E zZOR6&S$W(WYu{VXdo6rlNPk;GtfMinP~YA0Th4}1{!w$_?q^(hUKTv`-!hi=7~8DA zv^Uz*9^a>3V;vf*7z*}6wyBo=%E3Hv^Hsv-FVA)Xg2mwISxhF=xh^v zt;cP{eSZOMJ<9u9qZb_7uc`S)7Vpf0uA1|!4x}5?|2ecY_@WQRjvpodGXEOpoy^Cy z7P}6fnspxQsK}sjxxR1XpIi7|dz;U|Ae?BNsv-9wyr(|h*xcEUtlXK#Z?68>iEroi{{+u8>iB9dTLeFB{^9-Q zn}^qZXEiZNe3vP8PR)^JLy|R{sG+hf*!Lo{r(C$TlA&h7tNma{C4gW$0n~bd+Dr;j&UEpGxtNsxDOxYKs)oyHL1_6VXysO z=oDf+5$48Gbc^arDn29}7K2L@XU2BL!TXGBe6Po-RZ~j6n^Noh%Z1;evuAXcLRbHJ z)V&!TTJ9fV$6O?9-f_G5ngG70lV5^NC+2GpeqVbJ{;}}o#;(2d%qPEdwBGxXLsyrc zHyM4F^hXM0TdhmNMf5MY{~0|a7z;QHm^wcxG?gw}1WdA55oFM-k0RjFd+oxv&(w!Y z`lIqgl}DzSP8Kp#Yx$REfzvExYc=ug9}+(&c6jIs_%vPyt$4nLwjV?0rm?m@al@jA z+OS=D&|2qI)e?Kn@?|YmoD};!rQOg~amCz*Cgs0j@YhPs3DxKeS~*MQ zyQn|azEb;&`^P2!;z8*g`jXGGp!xgDW7s;E_5|}*M9>4WvzF!C6$x0oV)?|QKCZsc z;@LQQr^2$9au(PwjZ1xqW`gr2d=&Lnvti*wS>Q-`u^5;7m0r`iO!qi=F*u>00Ao`O zLcAo^k7f9-Id*c|S^D@9gvj?@3zB|Big0j!%BTF7e3&(7Whs6XbU`J))E+VGdOO6 ze{6YiVu_4L_C@lnaedwyR}|Y4L!MuC#uuSYtsQ7ST8c~$oo+q*RdRB&28TxGoK-UN z{<}jDKE>Z}_OBYinnjr3*r9_h=y zs@Ce&r*>xTpq)I6E$p*r|9_Q#boz_mY2*1eJ)fuNvw1#?=X0)VX# zdObf-&*$=d4$o&@wVvnKk61WJu&=jr`h0X`e)+1Wf1QMXaL@2hefh`bA02!m3IFNG zfq&b*OGwgdlc&L2Uxj#?Beo@b`Pc2$dKIA(d*e~uG_IaO!7k;rN3HznT zfqm}1<>P+)Y!dgE^$h>GEO_CP`Xv1Dcu%||UKbzj=WpuIYRmUDdH4vvxC$BAX^rfC zm9N*Rojg-(_3rbkK5woaBv}|T`@hPE z{Y480NiH_`Sy2Ab%O1IgPmVX9dG{?SUp1*NIUewR-0|%GY5BOpo0Bv`UXM4PA$P4V zpZDPl$??GR#~aU{7k*Mc?y^UdasuxhZ#;WGtSP{G*3G@`Elq-gw4M1qbi^ zEIA%z`gr4+8eUR9b-hOq7#{7J-$uZbl98z+7MD-$+L9a>__Jj&+qNaQ)f(F%`5CwS zk@9f|HYEAY=qK5pEZdGuS#0crxLfG42Zq+!ql7=> z6V0w2v@bAxl=%3g_g0rro#pW<3~y%fY_`qE*DvPTVWY&yAAPsBeARb6{seLZ{dhLZ z=Hm(QaiD0F_;_6Iit>5OJ$!6%m&3EUHXomd9|Wx8<9U}ZEuZ(~&ysjHw9X9g)a5@Z zUlmRFAu_|e`GH5uKl)@#63<4KjsfqlmX@#Dup!A8M)otq`_aw^%7+~B_zs5Fnc*Gs zm!FoedfB7*3~y$JchwAhh6<0*fG$2JelNy<+3N8ZjO=HIcj|8BZoh{gjIPQI@8&BW zDWCfIb4flnyqOu^dDlHu{?RwqC-G}!=@|I^&O_yUZu9s7hL1DDTWj^jf9{9R-5)=F zK%b!H3vcoJI<~IvnvylxVou;2nJK<#S-=z2f^AF9-e#3X=0BPrUy!Y$(y)kLdFW$>L{PKHwE8E}8yC<|N?~`vnnDm}H{+2Yf8(g7GH+d8ct#-fN$~U;XImqtpWVe+&Dfe8d^qtS z6Hj4`Pda0C=ZQORmu38;%aV;P5XaMe1x&{$_A_Pys-A}hz`n)(ms+% z;KoNb-Q=!cWQJo&8XSuM9k>7VzN^pe?mMeM`EP69bNm0vG5QyszwPNe(|YGfvtF0X zw>H$xDdW_%mRWy$fXugOkd-hAGS?OQ#!KkFFnk3G@$ zt4H++|Cf)^e*THJ-#Cg`mtDhJdyB>Y;sX;y1V3Xkw68d&k$(?8()Xt)&xcQ=M`O?U zIwM1W>Z{{sTgJWg(Au0gf7kFe=f8`mH74bZdwJWR*0$RHJ?$PVzcM4eL+AB~uYI!} z`SI|Ri?3ffV~`AI!k1k?Ac-$Cp6blw`R&pDe4_EJvHSQWQ~p=R@mS~g$X^?e?#Ix6 zaRz#1Xn)yu&SLLL{vJL?`?qFj-_Ey6;s^O&w!Qj%hu&6009_J5mw0I|8Ly=ei}+<- zP&Te092tCM<^1G&%jj_n)f z^qol`?lb+T*@JUz`&Y_*PjUVd&PsXy63%}SJmWas}S?Qs_|d-gJfTY<^YvXPn*z#-XHPPFQndUess z(6QQYUEEcbUEft{ZJMETNdA}~j>(=6sCq_qU?Th;848`PUg0Qo+SH44L(N$-XQtA% z$r%T09x1eSe|PM!#`fAATlZ*e-u%B_v;8PHPjvi?JU zz)4}V)(D(&VAKBEIQ~VP=k5C!bn|j558G!`ym2FZO#X?>#}~lILDm3#%G=O7?3d0m ze5}5Su^V2F;^)W@5KJFp?@I!qM1eK_4-xPj#eb1sVCWifV%84a?(-p@w|aPf)_)Vj zKUQ10z#$%ir-jGwd+;cp|L-(;xe0&Nn~$M<7V1214CRIroDY$bSE2Tm zlm95+Fa}-??}jcw&&gjz5AnX&mP!XzLc0jKZ7oy2Vtz*}d-=ArINR7+wLBu)KnpLf zZCST@w6B9>?{DtflkiaF!RyP6+4aYI!slrj@cG`iKOH`IntZRMezEoO1wGowAb6-S zGMrW4b*;5&C^b$>Z~j6!hAvo3E{4g!;P-AB4*0^ajq2RFyckIHDzE!OXP@Tcp+iJ=8} zH1j&AuX#>iUjHp)`=JYaz7xMTHub(VlocD}q zINh8%mptdh_?*z|eUPi)JI8G467B z*~`!A^{_)ai@>5jIdZjAuuTnpTL)%Lvt@L`=bB)paW=DGJO?0c>p%m;rl?)$-CDe#qEG$M?C zO~k;P&Y~!rNN!qnR(OVf6TIZzl_Dc+k&zPa1?#fH1>95KT`AY4Tx)LrF1aW+zHI+U zxcVFZJ`1|1?Q82ru6*)ed)jqd+I4H%bxYcHbJ}%0?K+lr9ZkEAq+Rb#yZ&3+^Dze@MIjecH8aUzV8oPE!BNUN6Hx!ACRuS>%@m$fJzI z_ZIQF5`4|iTzq_A^Glye^))w8BRt>9F%ey7Ls#i^ozrXEemm#0#FHzV$^YD$=8tFE z?-0ZX2>|PG{@7PAXN~gpoP8%JcN{+#zr=yf_`x1~bBG!+=3(E_cc#h(CA^E%2W5VzE2QSyz z_h+&{V8}t?EIvmu1>}Rqb61ZB*mYIxYOrNz`IT=CnUh`JlDPT=P_N zqmVarCHqmyzvOx_vgSV5jQ+~XBX5Sfm3rqTy>lJEA>TS9IEy{rn(z1v$dTpuY~J-( z^PPKszN(6Tv68xfq)p zznc9*yyx~8o2++%cLaS6p)bZ3V9YKKTwFyNpATHw^})au*E`Ai(7aG%oDNM6#{J}} zWToV()H!sCaqkO^?Np5o`x)!=gJ(_=JlK7c2Ra%!nsPdu%W^wgnsPhib3&Wqi+Ko=b|L6Q#or$sre5{3sT7j#H?=SJ)<)bN_85H3e zqfY}lDRz7bb1=!?)edh-?xTL(KL(uKozE0f?YKL@?>u+}oDO9_Od6RIpCjmTd5mo7&^Tfq@l#bi+C|4OXr{ zcPvunCK=v?hLH}#b~uzKlp6L72UoPmw8bi>A&Qt+tjW5LGzCkopyUD!N) z(GH9{H+DaK?}e=t*ow$!U10TIx}Xob5giySqyCLUTk*%Y`>_`uI>yVCZyV_7W!8i2 zSh@S$U)^U!_Z#7T^tJd%xN)C}!zU9*p>M8+$Izoy#I3MpQzAFo^(oxv#50O(MEQLO z?dnX&Ctzx=K`3T4X0WnAhzW53WSrC-sLel50uY~tK@ z+H9uHmI2_PsW-Ny54NOFXS@(wvV(c|o4#=L7u1r&_WU2oZ4JK02<%Idt&iuk&rf(V z>u5pz32RXJe)b1rXYd<_QlrL7G@;8D!pwgCISDgGpOuBzM4;qMFz$IATShnZL7I~A7^OZg7%|1)izbxP7! zigw~p?ZtnLv8vCR;BO&1@CI;sBf7f_o>>6TMA7S!Tahbl1GW=;HU{5H`v|D#O3u0J zWA=mJbRNN4{G;vZ`y#;!zSZEh!U;0e?wquw5jM=Rh?c-VLxEc7-kvZ^}sj<*E{JXx4agO|n7-W#{`mG{Qo)czi| z2RpF;Q`nz=*SLG{GqngyxUL;RJ-NZYxlwdz7POg}=Ev(gQdLr{`A-DDDvn;4f1z5D zk+a2z1HzBXuYHi;=Ai@N*`fG{LH0Lm-tB``!4bAT5)Zq$|Hhfn z96h3#ccX#B7oG(iK6F#Cag2$LZ)4nwDU>npCiv6L9l(j|l**@94U8wV6!oC9u#2wFdR$|yO4V6A z;E5YE=&b8C#tb@3`4g4stU`2FiabD<53t$I$c6Th*!qn5E4n5{ccIUMPp0ZFvsN+) z{vpnB!K|bX(|U>O<@}y@-T2E$6MsqO`;;L^(rsN;{`#&VM(-}GZ5$hJR(q$R8~82o z@!osaF~-OMc%a4#zqp(}XxliV+)Vq}s;_`H6~H|WJtZBi z`QUpzmk#SzU{$?pufBKTz0$<{ll$W$`Rs#6m&(2ogEVc%!Ii5+Z9U~{sO!!6^N}gW zQpvM5yrVrFvLAVZo$uZA&L%tlSX-^y-PsM&`>HRvnD?gP<8H$iOv>}`%IllAD<_+= z_e$DKm;bVT>}jK2`}~GH=N$X&hF>yXyZ&{rhRd;=Rrn#V>HJ0MUi9jB;8WKQif)g9 z3)#TN4ESJQm5E1PY1S~4=bwbA6CC6(Ks=_1ze+3X)xv-^Ry98=88@^uxRNa##&5Iu zZN2kbHotAbKUkxA#O)Tf;C74_1b#AENuw zsqovhP~s8xueq@i18a@FhFk6I(|xQjc@D(deb~34)`usYZET?AJjQ{J!Q&=*E~@$JsjQyNur*!}l0N&>4e| zwZdT587DLb?c-`8uEsv3u+9X?KI@)0w@*;M$VuUsnM>-d?~v9q>dpyI*ICVl$+Mb& zcgiu&A$IU18jJ_`T0ho2NHmbIt>24}K@;f$o!k3A={CU{2gM@Pdq@JmY>d;<@) zJsrABbNas`kMhIIE=k}kxOHr-2GQo#W6&motgDZq=vVoY1$*g%_nVgGDeY}}j$?JOHpV?^H_lvl%>z_K;dDh%|>T=EenR7kRK3BJ@nmX3#?keg- z*6EXTb}RJxG5SHDPjH{QBvn7=KA$e#e%=TDmz3$~Z8Io`tPJ59Qwd%&T))XC+QhQK0pXg7CjHj>xr&;aZ84JUZuk zeh;D(q&G{XH?Qww#>YDQvZM0Dnry#LbJ_ShY!7GEb)mbvs`}QOzT^JzP;zvhr0)W1 zQ3(gqzmg+##hGmx%4%3id&)U> zd0@alfg^X^##T9avwbW(7N9vvOu7x(Z^0%E`=IODt~-Rw0pOB(;5z1k(D8b3X>l$< zR~6^cRGn1c^&szXk9Do^nwyw^_v79i-qU#pnxE?)enqTG=R1dIq=o3 z(Cqe*nZx!c&qDS}v8Uf!M^+Z0Z)-UZsF``J=F$=LO+@i%a4Eel+a(_izi3JXTr1{l z=2RB2a;^B!524vGo^{(Y_~iX7^88Cr>YKBam{2#~bE#)|kTJB?WO?>`=bCz)+6x_- z3|`QUaqLcaKc+@!R`^!tJ(0Tm+9RGw!>0^KLNt?(Sgi z_!EBj7T%qY{gbS&QNM?e->;iHWpoXG^6#eGezL1)+B3yl%k22jP53v5%TnV*Ce8tW z#8%?-7P4+v>H56bd-Uf)a2bmS96#9pO>37?em^oBz0lvfQQ$K7Jr{(kjlo@MRkz?M+)fg7#Ffg!AE<%be~FXY{MR^r_%EAjUlD{%-I)aLVtHhKF04I7udd7nwQzS z&ZS#_(cG&iJLTIY``}djtqx7#hew_YQTZ+0riB|e=qyKjL-$(!Z>A!>i-=_a} zq`M67+3~eF^J&Rd3vt#~^kN(SK|AYs`&h@@&$&PyoL%rXdiwtPP7N9d=Kn36>?GfG zdeSy73w}57|681-%fZQMa-cONi+|noXKFoq&tG)o41VlZ0G*XqU!}g2v`3G9{+}9` z=%V@ie^=Ogsm`H;XrX^DJw}>**3@`Lw9qnnA(6OUuVNkfII%(aL&SR`_*eS#e0)D*DewudEd2p^XW>*)x z`K*VUocXmmVVCVDUM2cfRcI^QYN*?*9W=ZU&a=4qm1UmK6j4*I`NL<1N!teTvB* z88-2vCg=R&D^k~Q-L=~y>cS2S5fh!j`pu*eu^`o3!tPzl9LB@*%~iw+h{wEkA+@rY zU;9o&?_QzW+FuM$M=w{Rmz!&d!IE=RP43M!*7>Ky5B%QaY8|K57 z%V*yP9~>1cYO>>W6(;xWvTz^XkKmgY4Aq+OrQuv%kG2w9Cy}$sddpDax6CQV#LJ{Z z-8DgSq`0nDPEj10bLMFk=-ozqBKapX7=!N3SIwa6OTud^8Gj$=UIBY%xHtW5?pgiA z4{^_;mat+2^p_}OE`@Jy^7$2Gku93R{15%KT>fu_xj;U-__q+-8Va7K@m+IZdki_@ zKjfm%)fV^s_?LyW>5eDJc);TrjfFqsOMiuNXbf(QB%-`7Yp7E<&BhnD!r*%gZI^g` z-U$UKgm3r#r}ci)?_C!BrfuhrM=$sN)w~}}%FKpfyRA!3^!*3)zGK6KlDQY`Ir53V zU&Z@TVz)l0VFMHS;Lv4yVHQ&24zY*w7TWSMY@!sFT z{Q}7n_lj6QUdVl7{oS%ui!9B|AWKgX-z!2+PW1WnkvHl>p78Te5qH))@`<*8p6z!U znTzG5?E7QCRMrXcoOQP3I7ptlorh@K=2Us!McXO-{Fh`rwI}`Q%H!tr_rG+4^3c~h zWU;Qbn!24)^qBal5+16-?;Brj9YV*;?>6IKOCQsdGJh~waMB5l|M`zO|G}fzDvVw` zDWhInLLb4TUPJdM_eb=E2iIpb^3v^l+Bnu3!DYzC1jbd0Y{c=enu%M)h*`LCo=6Qc zLX0Ok3mZUeCo%^g>sDm#c5*&1v{qE)vR;&ruZUl$wUc-yGIk?pHJ*--$9h-fT<)EN z{G0r^vEl1Pk9@61r0M`4IzV&gEM&f!d2ALk-;8gi{AcA3__0Zf3+*ER#KY z2|V{Q-@UkOEF|V)jmn72OMqdkqvN+K4%v8O{OZzsxW zqoWT7FHOdId!nW53uz8>&$p6((6&!f=aV~GTk`JTHhY}#8DjF?@wesAM=J4a*ID7* z8=#Y|Z%q7D=cT%EzMT!6$$8g?;0Sx(wbl3xnfLQHqdylGG(MD1ea!V2t$t{jmEBN< z{a-V1{zDe=y8I&R(0#~`nTz7%Yh5v)Sl=9cC(Qv5;?HG&T=w8&c_;red`mqD~1!=W3!Qpux z9L5HO5*s|eq{YAP`Jk!in_Q2Nz|T?mTKkMlJgE>|IzE>0$=co}W)1?62ABiMKbq#w zf%GhKr&Fe5OE@Qi^_LA+b>DCpTr-B{k_$JMvw(Ne`Ni1gxk1LSJOkG!GxnIaM$=A# z=F-fSeDdjtVWsHPfQ<{6rgzX!FsZ9H1ixF{Gw-Ioe`EUl2QU3p?_Zbx{>>-$zRUY= zZ1Kf!Ci!2q`%h@+(kq?+wIA3k1BUkbpnRDY=(Rp_*Bf=LWmmHw zxcZZ>XT3ZOT<}LhxEFA3O~OUa-e(Qo#dpAk9dhGxHe9aW_qLUS!$J5!$iSR5JSrE) zyMNfNC%efV+L; z!6Ep68~y(d{C@ykM2K0wYvNnpcxGSXnElw3(7)jw_8l0U1Z*3af)ns@P8vS8cyxl9 zUk2=W^^!}q-zYU+tvtcY`>+N9KTZUXlXB5*_|-R~@A8>LhLB-h`>5C4LTp7esu>6$ zgA=XGN^ZYK&O$r$P~E#*_rQ<#M(E!A=w|YL4*6)O6@2NL+w}}|kUr8gtgQ~_Y|BGY zavrAPyHsdSO3nBZ=+}Zj2(N})(G%_XdilOAlW*Gw&IP;9#*RI}`nPO#^*QJ?<=pCQ z;=G2>`dK5J+Py}$tfw`y7F+4nBJQqSGxa5VWAl;y zo8WZw5CY^OR5^JF6Bw`N$ahU-F5RCVVe^sVpp;bG+=kUPRYU1Upnz}3wE z+&l#75$%1C6$Zi!`jLmg`^E;)mgd}|eXNhQ@%G<$tt1b1V}vFi4(UaWQ0 zkI6BOv(6EbTwMn(;RnID27YkYM@!*VLw{;xJ?n$!dd^j-ABQ7 z5qnwEX{%i1r;#h0wpPQ}c=t)JySiB0b#U`CXCP+8$B6#nAaoZVT%3Fne5B9<-6DU~ zJ+s+ubAz|dTfy<|{Gnfvk!OA2LU7r$8Q=2x!I|~6!%I3N)a9FO_-2d4H&-}(({Tkf04A+BN3Ml$(0^Mzd^68G zrsMF<;lA(!PQ!)b2|arPJQ3kcNby7~ z@Vl_PeDTsi|I+#3$jciGk;PKZBWj#IwDTMffBc4a3b}T1d<8fTCViM?!I^f9^sx1aQ3Ai(?1&6UFgwSdVpO z@O!lLD%UQK-ytu`Ge_ASY|QDAk5laEAZ!V?^x|)zhp~a~nuC0c3q5PVcD&YJe;8@@ z+hksU@WwDNR4mfT*OLyG-gDQElqab(Al)&%z!*~aq%-O3iZAt^Y=?5gw&O!>$A@Zz zSEb*LK54RJ^M-%Xy~(^M`4%}1?a=6ne&|;0vzh;5b6U{5aqLd>X!H+uU3KRT{P;B2 z;H%dW`)QwSuLa*noxH2&j|^Y!3njjk9ZKAc9#Y@rN)L8zOpvt@)shiS71Qe83x|#B z$8)m%c3$nNCO2Xtyi>%pZrhRx!7UxAcBFeF;!kX$@)&kX&iHQH=XbY#>2S@vEtB&& zfEWNZW766-_~2dT-TKM9ZHNE%F*dDlUx{pA4gc=M){flz+3>l(&?e@1Ve8EdwY3c z&U|9x_>i|ir~l{`O56&~G^gC_%QJC*@uKW}KXAX=*RSJ#^12=X_8`~e$;EpWKkS0L zrgv`OFW=w4BSikf5$;FuN2A#GMf#o#AN8@w$+G3A_UozglfK`^$WM(eKlT|#$^6&| z{-JVYWB8Jhb;&sAG~$nSp83Ay=M>;}W#(NU@$aN=-4MKNWcU0|GSh^d994&-#+H+0 z&JlE+N?en?3;AG*0ckH+7qX$8OB)_?H?WiAfXB*ZEl~EFbw&I;;u5~_!V2cK+E06~ z!<+C~H*dnHiobUACf7^4$SabJ!0USFa>J9^yG$Mge55=GY-(a+2Az62Jo!5Kw|O$V z;d2g8zQ%7ZUh4lJ@Zz@d?TpcI*kPj?>z&<<4IoH{tK{^lp{rXfMx}7l*+A#l8 z^zRVGj56!r_#E_EWuUkPf2kGUs13iU>n*D|etRgto85uSE1DBqszy`kdx0M@wBFI;bo zqpK&##$5gQS!p^d}Qw}`Yhx#A3X$bDZeiU4}BQ7!WGQX58(f79p+DL8|hE{ z7X9`v`t2b4?KbpVW6*E*V{Y@Egui6(4}66D59zp(^Tv?Yh2s5 zo)rF1p4stLf8v#|C+~0nH@}&aY@2^Fe4W#9KhL~+i$AezZt|I(H#yIg4C0wy4K+OT zHfPlt*wM#P#u&Rc4ff9h`xt-XY4&WTz<$01`}8F2x4N)j3G81^_S>vURhS$ z6dhO`c`H=x+JEo;p58?c@nZ|Zza$57Yf{G@44!VEv!!>5ZEiR^7uD8p?)#7Ne$*R_ zInQ2WJl^{$vN;HOS!WfiriRXgZxg@aGv%hqt9+*Bbs?T3_5nY(6^0U=A7f zlU{cckEltjfASVKU=O-?ua)=;e%OI0?U;d!H&>^~Z*py7dL0O@yB&Cv7>m(6vW?O^ zt}oP=c#4}Z*014UcfQ!bhIjXb5)Yh34F+^Z`{TgDd}}{?B({!RjvEfdj(M6VmH*~0M zG%?D--up*%|3U6wYv0EwPPzY%?mxi&$@cwKjIpchl=^p%P-}<%#U{@1G`RnTi8Jgz zD$Y=u9iH7QxnCpl0OLTHpeIeNLA|MbI@2UiUiqGrp z@~Hezc;+vsSStc2Vbj5j@i)Oyw@n96#-=;x%SX9h@rlQ#^G<)}jPC-&Z?mlw-Ni!B zn6EHzJP3>fXJ6pd$xy8k_>|wiNbZyIF;9RFmqQ2PX(4#>0ZWkBeAK~Ho#HW_?6Jaj z#lVjne>fXFx$_X!Gf>W#Pkc3#6_lMgzGu?%iF zVr0Be!}}&L^c2Q)YRVYgIM_P}x~61`gFRR3iGx8K@st|}yWYXQ%WD%d^Xfq>@BHv| z#eh6Ccrou^LxU35^L?h*u`4zc;apN zm}{`B%FPK9%bX8y9;kwMz41k^e?lIUbV~X>)aDx>xb``G;{(UOhS#u5%DuJoc3q#( z<{Nhp6!$Xjf%*nGSKg=D1N9&{#~(=UfjXsr|KStY368x4tMd`ql?esx}w#U-e;Z zkH6uy!Pbg(S=Ly|r`z}D46q}oyRE#e@YXaQx%gkiBW~a44YF3$vW6GC-O*?0_HKQK zeoxV7TvvST(PzA4^x3sN=rhKCls@CP-tf**`V4$2$5eA#uU+xlA@*Sy-R8o7^QXXF zOYZ-keEopEXpwoAS@&?|>&ky1U*nD;U-Q!Bi|eib{;!lTJGL+R%B0g4lz4R7QuuXr zQm2VmPtJg6bbUsfyA(Wk%a_xZSH6Z0v^L&w%0HB=w^4HwBU3#0sbos+Ix_VEJX|9l z#t$(zd5(vNSEcbV*H3@s;bGn}JPaJiw8`{!6c6*;*P+i*JnZ$2;Ah2RI;3lEP5M&b zBGa`IU|BHCo+yANz{YPZSe^(G*lbhQA;D1s7Ct{eOdt5hi zEkC~NU|=qBf+<~{fw|N9jA4UxmPXgdw8MT+(N4TCn<*dcI_TF#ZI?=FyTp@z-Uh4h zN#QkV_T$lB!wl2_n!l{WfuVmfAf%n3`{g+-t|B8zg z+<8H#?4f*3orNL4>UvM#@;#Y5?N&TOb0#|$%-T_9=J}H5R>r?aH(dYm(XrE0rojKX zJky7^280r0c*dSDXPf#A`)<*EIrsI4KOA4b+HZwFDYRbC`)*01*PSJadg4&~@a-ZW zSSC-~*l~O{$%5^#=Nf-KFUo#tVia1RZ-w_4#t`0@vdClBe~AJ*IKP1ye?aJ)q> zG;8v~LTid*{#CuKLtBUPJ)7^RScj(TdoR9!k2QY2U)3*^xT=`_|KG9>O$xGym^$5+ z)DxX|=eIj60{MT4$I**z%qu%W_WYT7bW0`kX6B7uT_@E?nv}bjW%gA>zsbCL6tOS# zX8QxoJs-r+{Q&*m=u7l^$(MKn+~XPlAV9 z=D`vAkJ5jP{-?iB4K&)TxXqU+8HsIz#_8|ek@n8)54u(!;GM09e2HyGe45i4`gh0D z-tpP7wCSurI6SipSY$U|`ox!b+2>FE9e8gC-ll{N@3yT2!rOReM=#=0{rrh`?$74_ z_G~BC6dZ_On$xg}XI?#pc+?rmXLg?CJTqU<^lI3^Gxrx-8(%q8lE|Z8{wtr9B+xq> zU+GnvxR=jw^A|zC$WJx#Di4k%lM!U(^J!zA1D={0b9HUM;`z_|RO@PEJ8j%s-LH7b zvn7e~zWk1T)aO{z*ss{^P4KiSybq_nD7-{Wll+-0id&#TD>P_>2KRs1wX!7N+UUi* zfrI`|=e-nux!odm3%}rJMQXIi*WSy09eiSyT4Uc~OkVo7B)V3%(9W7={>0i9{={R@ zDkTTxemi!!wqkHMttuQ^1wJD@k&Bl$mcJ9TNP&sCQ1cvMx)uK2EFM0sKEgVGw23$m zbMA`-+hlE!V*lmB}@uH>MJMKh+xh zsBp-by#2cUh&T7ckNeq+zl}ftvJ&G@_P)O)5m-@@cpIL5=PhDn@U3jiHhk#=W39wH zqpANok+`I>Et2!z4W}lK7+zbu!k2;1d?qHowxTaGYBlVb`u<8+FS)S1J(0df)7Mzp z5g&e}WYOlo$@n1ymiZEsSsyCxH(=M7nXi8Z8`}VVu7W;ahCa7IpD!_AH})0%{@?T= zAKZQBJoz%dz8!sccTM>|b1LlOL5sL@!AFO?&%c?jy%#_Ad)Lf~Jv%viHMae5_lS9I zN<{X=jd^!JXV-R1eNJ&$H-2Qd=fd$1a*5U?=$NWA$c2X23+?#wY4Ezm8WI0 z^slo{)fe5f16{F;^+tRIqicu(OV`Nuxia1kZ00@iJrrHzr_BgC!R@PfcV#H?ZDjMR z`J=km{qx}^`Kq!Z*eXYMM|os7uR}S5?)@k*#DGE9x94CF>3hZ>OA<5xQex^S-0-^+ z>dt0&3`NEwWtN!(Sf)nMg~(S9zL#Qr*$tOfLB`?UAH|&HeD3{-KbK#<{87QP zUK;vc8a6}2c87+M6Qkj-4;&h{XP{xkp`pdx241|oCmJ>%pN5}Hqv33ahUf9St9z@^ zhwXPLCxmr8=2Kl&r`8+)f>^C=`1o&-e?YvUYaREx2HWd9++!`S$tg$Zbo5;Xa^(MuF3;SX!H=u9ec-j$V8b)-l7r&Py<*4_uiV%A6ZiHY z_tmpUbZ$@MnLVaGUqd6myR<0(v^dRW-ppF*3)k3ly!)8jS^Tr}8BR9yyI$XCe%CZO zWqucX+@GK}2sLN@iE85MmUU)$G<};~;nk&y=#%Kmb$r6N(Z~5@Z7f=5^Q~<4v$6r- zB3I$*P@?4*_~1`MkBKI3M!pF-&G-0^Vpk0$2y@=dler#JaRwBzl1G0d22F!#`8n3=bbNgK357) z4ZYqx{On8I#ADF`a{fX8kUO3ld2ehBFg?86{ z)6W0W_q7pf;qd#{z>jJXb=BZ^3jQX$9?`{urwlwjC|z-~ji(ysv*?lYxfco%w_J%G znuqWHAoM^!+~O~6A$=VF+TkG68NhG9x6%1uP&i3cS)k9=Bnb>>q-)BQ%e%<(@GNi zDoa=+E=hFEDM{R2V6BjETYV+?SS{WeZ0AzNZJhKKzQ({itKl8=OUvU9?_3P;T$+J* zE^>IM+7~{eyaV2g@?MPhK6$%qW$<&H7PrVV_o^WJ3+#QWCQegBuYcY%+py7u_bWbz~+ASfzo62enZwD=&!Hj@NI zMQdB=wYRi43ByygO1-^kZJR)%sL{%(_tLBVUqD1<)Jhd=z4l%nQNU6arLSAtGLO6< zSfQe3>SO-j-#+I|&P+mx*8iW+XPBHh=j^@q+Uvd7UOVCYmhpi$dwrm+TAx`X8Q?2q z9bS2O15)%b#F-@gDIw#1hhjXj~9nVjovot9Nwhj&a$56+(KX?e_Sy6 zZTi^_O!ecyM-Y500v}5qe2fPllX}6&Xa^s~zR=Hv58jLNUX1si2OsN4JNSqwA3;8a zKfFr#kiS}Yg57t}?t2q`2TJJsdiuVRzR`(>k58xX;$Heb#p!z+^+inI-9GtuXiI)? za+Ufau0tQuQhUyqs-M%q`zl~<0#;%>;kTgGwb1GYX!TKO^>JwRDQLA}P+8k^(CQ1& z>Q-pA8Cu;1t?q$VgN32PaeS((6ME3K&MILa0rOgOg>Zf<`w368 zVG8Dk-nkn6Jj}ZAaMg*SSk>^f+Dys&vJyu&oCr@8hNwsF=_kwZMC>(qcpv!sJ@|T) zv8>8U#GA+$x+g2q%DbY)z!i*>wr_>DTDY$NvX$6~Ox%dvC2!r-Mqe?(_J*DHm8?05Bd zE6;C57H$s^V}4HaL5|8+)k1^rHlQoE`a%uJ)+>3ZUiph#E6OU%nY-i};OR_0MVk)C z2Zti@p$={=Q_Ctj6TPJ0-^cIFgZA2e&qrv_mE}jkYyHG-d3NjjN7qz1bpm{nXRGZT z_`c+sD+~YaA9!~W??#xn7gqQg_#~p)>7w!3S{O}B1chF`u?+0dY3vKQ# zxwxobZT1G=Z$CAB$DX%swCV8$R+mij9~V9s_dgRn-Z?+l-tW+#d3%U=*LT z$Dwy8qIZJ@Wi30DG{&qx)=oaGcij^U$${=-9y(i8IF0mSQ)o zE!q0Y7p^zwnT-iWgL$E6sS)TWkES7yz0028V^!$TY1GfA4si=H-fW#yhTh6zUCYP% zmjC;9d_na!wYMvxxf6YdqgG_8g=4RYTK-BdWTaJQw2Z z8^P_ip}u}%`;5k(e~H|%sFz<~v~zg-qJ3Mwspe~buexM2ZI*a-YVpA1(wAU7*oE!O z9y-|v$>d0M{OPu@63-1i^)+k<_V7gZLnm?Qq@DTcWPi+9+kROQuo5e$ciS-T{@418 z?fs}LBdV=xg$IFetp{lhQZa~Y(F zcf)L7XTrQC1LogAKZ+B${}eAU=gE&3{N3jj$5;n3F#-IX`Z0Zh1bRJEApC3fs$x-YP?(g$=Q@eg!De}U)IMhl`lNlTP$V;_%7F&sR|JBM< zm=3?oS0gTA_IgQved}u`Kf&COjHBik<4Qe8>;ySAJUgHofZ5@%@@(mN)lTBNl)M8| z-{3-Q;jHkmzi~bbw4~ZF4a7tmh>2kTo4w<%{ZE|Utlg|6CgR4Mzd)O^|5ws)8*{P? zJgF|p9qc=N40yFhJQH{oOObDI9?!4h*%dt3435f~zXQ~$b)SthUOgKtwnAfhcGqZX z0t0g!`vFCl_1uHbH(SIW9spM*PVFA-Nn(^fSFY^svDd(F?=^7WZQ|YaPJFXMHuIP5 zdKt*MW4_xm(Mo6!B6D@vvd##7Pjl5xvwMS_L6}LiFMTe#hV_;$$YEeUF?3yzcTVi_ z&M$Z;?(A8NPKGBYx@TLakKr4%8Qs4WBbgYzQ*8=f0o8S!1L}e#~v4VJBE=j zlbs)mU4;EktpMrJ$VKd5Jcx~F_IHdl@v4;kaBwd9y6SH9E@SE;7u{!|yEE_M8NSnG zv2(v2n$y~BoITWw;SK2OSv{w<#Kq`qt}o>JUd08Y=(KXx#zQ9F?$BBRG+%BNbY8~V zP1c}-rZBXr^HTEz0R3ds&jxq^nZH^x|A`*&WXO8ndH+1>y^+_fel^cA_(1#0jGk)n zn>eCN%Ri>QG(MPmzM*Bk_YnNtqZVYw`?vFcZ@h54_buq92>f6?%z1?KR6BI0sxQ~9 zTiJM=l7`0$_ReTLp97CI)CQ}aiY%sX=K0idUjcqfpjE|Hlp|kBj-%`o?F-U7+vP8x zdv56Nk7d6xx5y%Q{9hM7kr6)m)yQmbj=XFqbb!$V#@^+6?`%8&urJ(*R%H+Q`K&9| zyq#^={Bm%2+_BfEkA1sCL+G#Jwa9brubDRq`b787r&d}EG9{vO4#*cA&3NqEE!;=G zG-HPcSyM=pt+UxL42?+FNCp>MYafV0$D_b&DR?abulAlQJI0~4*@fBG{h4?k)f=9F zT^yPsJj+i&r@DCl_;27@@~JmG;~%8qnd^W1gm?~&mQ6Gy4bO_b*1(6g$h>*bhmW&y zynXVPyB`B%&Q ztiXR-ccygL;L!gv{s{44oj=hN*B)EV#Fd==Y-cF9E-U0`t{OPcMdPVL4+I%g9Qc)& z6fp2#6p}vn!hhy*;8*-vxS5Zv3W6W)HCuvEeNg!r)X`3bo=y@e#x{3Zcl^onbr>uejZf3eNj zH6udPMd#=(ALpC9@?;eH@*(tP_Dt$cts4=-4l_1r7T1+rOIH2&SJ87b!Eu1|!nt3} zJL`DI{8nTCrWysjv$>LM$(AR1$Lo7&{qZNj{Ckg2VXr^toAt*#F4g+ufVB0;Xwb)A zM_(dYjqKk4m<`<2}Pl~2x|+`D&qZ}{Ea`k^-j*U zQ$0P^q-1@l2AZmcwp3?y^PllM1`~T2=ELs6_h77AuYHKNW2_^|&i8Zvv&*OJk>%PS zsPP>oXUv_`za9av-EqFnCEv8`S$g4K@7SN}FG7E1cVU+kw}=!G!zg7fYZ!5iaTQMe z@&QHPOV9NqD3(Z5>Xse#Amox=IqZ!#u$Q?=0W z8HkCn-x<9kevCJ;1}d8feRZkRA9ntn2zG?_lYIc(7JJxrJ^nAOK{2nzhPU%Vjm%S| zkhzvFjg%U`({l@XE`pwt9DN>`ZYf^z#x!f)--@h}kJsQM&OM|1dKn40)946jYNRi*j(E0pC?A>fgQsIW6NmRylj<*je}9daHX_hO6q?x5bbOjf z5-0m0X!Al0dRE-b&?@s;N#F6wToXfEXZ#Y@-Kq*g540Uk>u(1(eWi6uDCW@OfAphY zuMP7-=>Ufp?Qa9eO!{Sfv02dfRg7o0PyQ74#RS&g283?TfML7*3Uaeue)w)bVEABz zBLm`|@e?bw`HTPXT0frg z_CL8F{f_NNo9*bXD0Z#JH;LP|j)zOTIkK$R}^R=#b5df4DsJnA3h=I>fdG^E)p` zwjRWfxigu3whetM|5dT~2(fopr{3QWc(;M8?ci|-bYY(@p3nZ2g7A4KV}X%_76E^e zW3>PMeze~$OMYl%$p=AO#;h|oj4ewRw)T)`@c4)nkI(A|USg~rRMxY1N4gKYHa-iT zlIKgDhAm#8LyA=W-(snFKj?Jt$-d39b+r3`6IdmKSg*}9!EK6^-bcO zJ;~%#vB|vi=hE!w`+*17-jm(*C2AqMvE*l*+QkV--aEPit|A;iqU#);g1u}oHTdG;WaP6 zp^UIcQgXi@{!>ng@ke>Km}e`o4FmixejLT8g!f9=4#Gp5Q4yV_(WvpHE%vM%C9iI=v~#-}64Kx-T{oc*yOueZH*lWrxrs#2MyeuZp*0 zBL$CgK(oT1f3A!8C2*GlKe#u~0h5WV0YlKhZl8;y+KGR(l4}lEu?|(`p1dZyeS%DLb2QRR=wFOi=ykl(hc9wGA}+!l`#JzO06o?u`uRQI72 zI@381W0>PC{_dt#?J==wb!zA~?l1;65>U&{>jRGF&5tqKB%(rZ{i=ORTvyFNX>r4!3LTI+;kLU5j5-aJ)-RIg& zKXKmo)0a6HfVCc-XPr%-`du<;H+^QI^9&5M{UXI81 zziT7B)dp{IX7QefPsujCl?`t-z)z}O({QxP@Rn%V@E82z<*#L(@E7&SXFTsTC7Cv^X`9TzT3UtbqV=wtP3_mw+rCKm-G!kwo;#J zBQ#2`z`YwSUsI;PvH)BhLT1@(pE===ue8@b+xg8M-*<&KCvOh9xwmAuea=x|F^$oxI5`6K>O!?I-!u864ZR5Vom{!*4 zZ)&%i@xkx3<%6$M`4J9p*?Y_U;U6>iMVV__j@;igz1t>LeuLzGqi1ak^E73j7G#{) zC|w#u=9Z7Pjx1*VAY#_5hlWO?!?jPFxc6#{eRI)abx+$o?=w6vzFV*L63#QUL5%4Ml0g`#!&~wthJ|v_9i^1J|UIkn-Za z&-43U>oMvtX8bOA4ICX>lH=Lb%ZU@ihXFL}f23!N#TSpFvxBuSs zaz!umqkJIEi~G-xzuN1Mmz^a2JT&D)xaYr3XYXC3HCcN!&D)D>fHH4r=`;$oUZ2Q!5fV7n7%-vPpBGx9sqqA?RFc5=pnlkYA}ioqlSxu#V7v zHU4&XWuiU55}%!GbdvDn(&@$Yr|SywAT_p)?4zv~+M2;{8*lnts114eXZGwE95vhe zqLp^n9jZvIKTOQxXhos{Tn2AH2YlB({l$u|HLCN#JQCxcV%A%{@7Cf=IdinSWc4|r zO6FO*Ont7+=qHA4<;vn)Sy$hJmwB zi9aR3JCF%EK5(ByOrikU4W15QpR}QCTd`ZzrguE5TV>|}=Y*GQ?-KGtIUEPj`D#}+ zW@EB1h{@PCOhI_e2OpVw|1RumQ~O#L@xJsx5dT*4L^(;n{(ExH3((Teh~!Crc=tBy zI5cOGtC#DkyZ%}-{j0D;sEPx+;0v( zTpSw2{dGLM9^Ld1dT9gtXgc{6f5bj?Z3pN*^oDS1=GPZq4;_}gI4Be=l$~MQIRm&K zW4m?KU&F}?&jcl;A zxfli>nUB(p`H)`tFK15NcmhFv=3->`TtJUe@Jjq>OP1^!#vMSv#gM;-uD{ON=fLaM z^%rffm+x}ZzHM0Z@25WwIT;(pAZk-vlE+SCpO7K zE4NAO;d7Srko)?+$!FI!`o7Q9HA>d|memmVN*?kpE7td6?jt*r zN4c->F7E4_x_Kq^ulmp0)3Tqnz$L^chy#ZXfRk!uP!{`04_xglYh(V}rNa!Ksln;Y zrF>WZ>;hKBl{BYY|C@4a~^ywoFBPFN(0iRBs?Ym-BuMA7qC^4P9%BvaO$K?ACGUBZ4f^+L+0; zL6*xlJl;F?$d)m{x7D)od%Wjm&na#}UgPWH1N45XMqv#$w`7oX(xb$run#U&d#Z~e zn0^Eg$H1k0Xyq+?Y5REnns%74-;!t5${e+sJ#pFLjnt_o=3n+0@Eq{x@0svX-F*{$ zfqT#L@D0H$F9w^3M-MM(lRKqWmtYrbw*SX9S-!luW z^OK|D0nye}Ygse(xsseOay#Fnp^a+n_#Hgg20gXfc<7GFIrMZEbfjnH$G0+O_Aizl zWc;~{OQt@SZ@tbqQvS;2zMQ6CL0@%e+k8@Yp3Nt9D{MZgyVd5Cx{sJA=%|(PZiFwl zo(_z_(K^++o(`Yt`Yz`>VvnKqUw!uT@Gm+!Z4B+RePtccU$+g1P2!9p(cV3V_SqFY zN8FMzE=yI{wkKFnrL=idD&{jg5cTh)bJm}96ZGR9P$=L_t4bOB!gx!=h{c` z5c43KvvH{!6Lx)xhrucD8oH3)7vAOL$Kc)D*f+i%KXny*rrYuPI`H{!$LG6*dJ*-D z$2v89RU_AqFI{=L?Zdh_`7QW)gtp7s@9w8=v)13n-D1V`j%aW&D_^mMLREovyISUYiIJgT+V@%URgoijc@Y1XmvgKmR|Al#Fjue zPke#rTzl;feDse8pW1D&LFX~yrwIH*C$Vuhp5h~|L@V=R+o3t(mDsj!UE8vmU26il zUC$||A=_rtN69s#+2_%MZL8RabhXAb7~I54nOoYH9+vKnKxbduadZvOT%>2@KSYR& zL`T9KrQnS=LYH)z+KZ`JMzd}AC6hUu+&(}2i?NG08@pKi$Gq0dUYttKjHyvAyV#ER zefMv@#QU5!Q++cQ`GNnHT4zbOHQhLQ%LwoSZX|c+dT{K@ zKiVw|qI>GD^(~82lTE*8@s9d4w4!-M_lplSPx6;a>0dR^)u;Sj7l!|%fAuSySADA; zy)zGZ{+9em^-i`ZKK}St_LC>GH{HtI63ZoCh&+WJMVHL&Ve6&~L)-BqVx`@4`|*)p z=C;9^JNh#H!i$QhjdSPLxi9*Yyq4@Y^2Pc64hN24FL10g@ger15zq3%@u$Av$YU-G znbW~G-MmuX&6}c|n;rf<;`p~OBhxeeTlu#BLUQx@mXBimT=?@6@{%`jhK#`zJP^BD zH48ZFquhGF4msgNKdF{RqiBN|r5ih~ghn(Ex+i~AzJ=Bwg^%-SGpKV(;LEk-m&}r_ zQ66}HEA7ee*Kh0iuHgJ*9#GgH~;5co5r;j!x(5>`OCj7_xU4Fwh^o``21dcuOP|l6 zrT8#v-nsPDoMrMcU%puRnCa(rwmyS@^a6IlR&rr>aTdiM;^wbWlWrgFK5ixMB3Dv6 zrRqDpQhCT2U_RCYcBmmyH}vE@BUVx?5UxFdk_0=e)>t@ zE%$Eq6)hcCEkW!4l!>U|G`(dQp4ms~*;rnZ%8{nNs z1Ev;E%TvhxXVCS};Y+@NzTb*J*^C{HP1U&v`3kMPRf>P);OuSW(P8-Eh-Bj0Kw=7X zb6(c4rt?^{skVl8Hqo#8AIf;f(0A%Q$LkrBau9DMr!slMrgi45Z*pmZ{?L7Y(z=Ef zUZ)s5IJa%4Y-2OMgWg@1YlQ@d`W7te_mhmlh26kCk+lh6d@6-Lv4eu((qVrFpTkUn07I41y zo7Au%Kd$EeJZe)=dnY-B54A-e=Q+(IcqHa#+ZJ`uOamY0Hp<-o#d~iRzc(=-*m$vf z_^#snK4M?8L$arZDwHc9Cx<=HwnK(}fUW}PS|^X;`)dv(%dJH87S5gZ%wtI(^XSdp z>`z-K^wHJ;hsOuPqj$mMcfsRVz~kl`9>3FPC4LQWKLKx>-{9>gepAfhkcYS5GJZ;7 zxRhL>7&RQl>j$rbr)I-bS5e0oo}L9yUkhK|4NotHr|aP9$9;Dho<20&uC-nWtt+N1 zzE-SK-|lY*r_f#zygJQFTt_=^O~x0aHn3>$N6;Y32mVwI9o0xE4CnWk2B*NEMery3 z=`Co(oDaerO@<#|^$l)1$ME9`osZLx`jdW;eRHPzGxOLxFK&MG*u3~x^eXfhQojf3 zUwum^9!rJ@E@L|Zm-M_lX4MGie4{e&xPP?(xkURho%hv8o9ef>ahF>sbh4orJ{w^0 zDE<*n@1JM$*?+)q{o$_?)>*c73H2=MF<3jX*DrL_b02IuomdxjulLJqWFLLjTfJZ$ba^Jud!2x(zA4@A@8X&{caW zItV&AfDAnd{d9`Xq=TTf1bK(9Kk_oMjE@JOp7KXbZWMi*7$AMNvHxW!G4LY%-|fT_ zis6f~*fQf-7a31{-?h`Lu?Z`%6N!(TTq-x8Mr%s7A3FIG-rZ9XWY@j&1D1Imf__J?Fsv1iDHT5NWBo{M`Y=T9*u7v@r6c5Qz5w=??~$J$=T@kR#z?_kZr zn?I@i#wfJx;(tDHHgdkY@V^2%GaA^5O(!bIA1bLogLn*d1P&JR`yzhd&vTM@;_ZB7 zhRfqA+t?YGg&nOn2Y{1W^1_r$Qbb!jpvj$!Yo-W3n^dVA?Z2n9@$3NCacZf4{Vvg z8$1{rb92hZ^yeEJ^ATbRj}l9G4E%QxnDr1!^L%pFk#*+WN^Flxo{3O1RpZjm|| zvo)V{@}MJKN5B!kZE0g)0_%GQR{^KCK~VXcg?3FS)-YF>+)!xpFJ*(*n>-k&=Cy+# zx4m3&o9c&o((j_BnU`3b+w0F!JUGz~{l^*C5^^-IAxGny^EjuS_wHt|nx5C+v@zT} zR&>bb;9Vu5(bRGI#eIx>F1$CBvC+;W;N?+p^bk1mK4<3#<%OTn^H=kHmF9d9I+L1y zbHO9FZ3!}=m2*NiA~#i^K5`?UtGS20dz$y&a(=&skM>HPG9Xk795MV7S7*-ddVh^z zX@$O8;j>ogE3%3{n~eRNqOsaOXzWlfS*vcg*LOgp36oK z)ggNiLd$A1hQHIB?CAVM$|mk1J6yT$9iM1?JuyP@OEl;UN#>7aJZ-b_u}p26LHND) z?^<7Jfu=5rzPsjDPfe8D@Lk$wn|P;*dB*u$=M>5geV_aW#cswb1_S@QxD@}2@5P70 zsrc|3@VXSdE=3k(1IP8iq3`*`yrdF=WBmo91=xW-L1y%R?FuV72V(!CEy$3rLyuStB zxB3Pc-LH6#Vm#y~Q2V2x^Vh`5WIsL0wVwGEGW**%U)OaHpQNw*eDMSLOR6>9_Glon zhvzS+{}z0iD+EJT4loSxYXdcX(esFDpb>aqr>a-2kqH#>dGe=>cR>U^AD`rJdGySn?-+-kg&JbiwFwko-B$RFIG(qy|^+_F}gA_eS9T!ZtweP(tYUP z+@Hk#bGd(h_x%R$$F9fbfPSMlQlp8S!Qi!LLUTWOS~-ht=*xEWXghkeV`(6<1RG&O z$+Xa&{B}9#TXrsDE}#$2+6za3;hw*7h>q_180hix?Y- z8VlHj-~GJ@Z(jy4bHK~jyYcb`FW$b%{TlAi@4kOQ2HrLZZyi?XVe;)-u|Xu`+Uc(y zKQx6m-?8yl0p5yFOvhU${05JnF-&I+F|I4=Bi4<}!`7wj(Ii*gi_6*!To#=|O$*jl zi%usVMLtqB=UlO-HK#g&J;}G}%fwOaIwuMGYQPUQ^+BAzSOYn1)srW!ID=>2F3IRi zbRXZq+^m)Sb#p`g;l~btWa@rMH^h*6kq4nc!#%nJzj+2P;o z9`tPPP3PXF+`GcQx0icyXj%TSXqh=#9lY2IDF?DO$ehf=KV$!JJHA|MPHLxxt}(Ri z??KCdVxL?+@kTE#iw0M|1r4Ilqvfn`J(FBhOI+5hZvk)3Vqm%!m~N;{JmDS3zw-M{ z{Qi9#){Pmk21P%=DGRk=hbTv{t=xeX|G48Shwmyp^aC$?`R-@Hx(y#8%_ed9#tXlh zSK3!T*4Kd{lNaliXL%F#6|^4hnbX$~rt@N^oRoZgcxq4i_<|=VU-6D3Res|?PMCsx ztjbCAA636U_8fEj0x^%R(%Dv`ZI_j3--BQE8gZq4#Fc(eTkS5z@XTD1^p_H z6TOFV-)GhoS6lP5?KMU04XqIH{Oj{Yt2y4sEb%8SSM=p#u zWjBrGcQbzOjb)#)#=4OG96O80g?4_p|MoU)&>F5Su4}R9 zOV&*b9bLfug0r3E^HjK&{_Jv#N|L6zQnHyce_r54l#Ux`=}BWOBE3CSn`&6RTt1$&0## zeJ||)d43V^1bANdq~@zod0srHxm3);oS8ryTAv{{V{#p2bIUFl&YqzT0x&+Se$~Eh zk6XkJd|?+h<&9`PrhOkVP3BJfHq98UlR`@wgKQZeFhpKcAAzT%@J$rHiA(`6&iJJB z;}?Nb_469Kinav9`M`KAzBwKZ9`C+-|#jr13rk{&m(xGC6Eh3|z+6FdjcX zH9Akf)w^{AHe`ps-eX)NdL5VBhj$-^7sdn2*$YrBJ6XA8d12{K#V}fC!ar5?zZ`lL zZ{BE8=YqMNW^uj`eg*pK0CTOgEn9ydK%XjK&#tel^AlUJBI$uNaOcys%uGfH{(Rxn!?w+=3HeX1Oi8qXFA#aeJ*ymTlBkech zPeP+wb2sDQIzVoc)^2k7&3#_|Yfq^9R=%_H*Ocp7gzf+9_o;J$O`!Lc^Xb|af1@4A zvrHZ3+VaO*tB?*Gc2Q3qcDyx;%f0!VetSRD5^9fn_Zw@Eu^%5c8y|K)w3Gww+`%|C z*Tz1FpY=?r^n;dh+VjE;-* z?0oLk@=T#Dw&2Z~bgGG~wi0I{jq! zE7|OYqmeyD%8k5Ldx}bZ_@CJx|I@C2-8vDxjWh9()$N`*)>iy{#xO@RL^Pbk{3+k| zTE`zP;kuk_`J*qh*KokiwO!Tt>;dv3<&O%s{}s&i`%Auqz_L(q__epm?|~!N_`$}< zfF~|Rrsn%5>nzyBfE?C^pa;RBb!ovt9wu@y$K>kBFShqOoyhRifV*3PrefHU*zn~R(A_`B*K74{Tnb?EKF=TCYRUq+wwFf`<-CiKQJ!sk6Uh6dS zvfwM>M1OBY-?UC)D^|srpvgG28IvBE#WlPeyNWzSql2hV#e6=u z@93I`(5a>-)nxE91^8&U1(_Nv=Y85%UZc$uw*Q_v|E?Sr9qhWGCmpylroK0NXtw3! z9b+XQd)e;^{3bpkIfYET1bnnHk2Aq@J9Bv{W9(pjmoc^j%zb4ca5IL>nU90a`>Z_T zag4ocFk^w9Y@JXT{!j7)>r03q2TiVFqFHPG#_k&!I+Of9*DiAHK0PNp4mumIzh%q) z_>1qYk=>&8OUY*BxbhZ}d+5m3z9VN7uM9Xf1qx_$djUCd*oLgL94qy$H`<5a4oI3IQMHa`_Vgf;C2@Gp^X-3LV4jy z;!kbBPTPqcw6h3%(%lcRnEtlYpPxRY$FHEx7lCd5Nz~e>t+m9q*dIP;EwQayYUagg zw*oxMry~B$TFM|}Z#?ox&O+c`6k1f?<_@0C8kpU*fW9^|wnrG-ZS>U!jJY?B?lS%H z_qp`fb|bZ+uz9A_F1ALhepnWB6G1+tY!`Io;y2lw%JZrr=Gq&wPh`WdV|-@r(FK}^ zQ`I(q%O-7?yr{O}b74|{FEaM&*gvs>*?SmQqJnnUyYotW3k_bZa4u~H`CBq8g@cLd zI9TA~V4{r!>UtO)c;Pg56yweV2ZB}e_%=Bf?dXcOAoVpEzu=W^rn$4_TweGActLa6 z3{08xr!kmu&lSyQhu@?=eb&F|D@I>47(;70-{9Y!pN-4|Yp53}ZW>_RhGzJC1LO1Z*RlRK=Qo3o8<{)B zq5j$VzM5~Zttpu}@BD6=*qjmn(D?;ROg??aeumPlvU#j?X-!#qo8|DzHRy2ZV#PM1 z;5|}K9sZ1b^;+%U9e#G`?4M)jY5b*?Wun&zWo&%zoQgyV;K| z^DA`iD)uWTEqhe`|&^{ zdWpTI1@wD>y{F~uJKaRR_5<1W@0ann_J|_0=d^v0d^V|lpdZ*d7>=co4q{xBmxS zdFdh+w3wGO!yioPrVaE;*)1L&Y2ssk$A366-G6X>gbMH~+7Ld$b=g|-+t6YVvEQ`w91v7RjgkI0NT z{H1-+it)HM_Y29jU)^erT)K^SHiECM^Q~pKgGcoxS)%VOzO}xT?MDY296_U1oIlB4 zMA4Y;%bt=QbvEPiFP=AbK5bEVWZzoa8;^|~tmnL%#iORa2hLJ$K#ynAh6|f)Ev*lz zPx-A^GNu_BV={gTGDv=-#`eSB#)kZp9oE~}E zsRsOro{1+J{pddT#b=M&GRT>WPlpF9^e6VkN$;9`MF)PZZ)MtVqQigo(&1p{br^9s z4=q~!v*WckJsub-dK{L@xr<{v$Cg7^(3f&byXQDB?9x&$c;D~P(kc%vjS{|>)8{Sl zBD7@om_b{L*$dzM9a_>JZ|(11d<=Z2(Gs@phm8Lpp(V{t6K%M#X`hH_Nqi-K&=}=k z&qt;Ptn4ON_Qs&=SGFL3ku&bQidQKYhEm#;jW+gNO30 zaz3S-wu9TT$S>Jv^0R!vo2GM|{!_lXa~(wIC=Q@p!ujYO+IhB`xmrPc*u-U9(KW@a zWsPB9OAdQl@`m`Dl%s^s=!_y`WOph@z||MuWDbjoX}GpsJP3UP<7nn#zjP8hV87uJ zH)d$#<v0?T5GlxDhF(kz+cQVHIa?wX_=M(UaVE>~t-=axxU!s|6YOTuWD`jj*kDG_*}9i=kRL~eyxLFrCUTB;#Yl3K8WtY?M1{WLe0>O zWZYbSk0C>%@SC9#r!U=GNFHz;*ymGkXaV(xHiCC*;+D07Z;j(*!6!TegTXU!W#akC z*N%;6`4&6jJ?j3JsUPv6&MB7<&;mbU=OtEw;~HQVJjO0VZnRGky|^*wz|$84r+fsp z(L$TD+1s$m+ou4Ja2uD=0a_5g?F!| zW{_fG!fEDQs(;1Xdb{^&c{|aH9x-!bh5v)L(|8#Dd-Hke{Cg75xcT4*Os$~q{Pq_3 zEH2z>zR^jy9{$0;))97$O0i0fXNlIDM{-}d!)|$b8tuaa+n9SFysX%ee0b5Viw8r` ze%o#>;Ta!!ajIjw;K$@y{e=8W_<7M|rqi)#Cd&x-i{I^^l2H!bW+QlFp}8AIFmA_PV(rvD}MulS{SNx!Qv zeLqTm*;-_L02#&nzWx@!+wshT&H>nng~T#VUJ!rVb%fnGvkg<)JPd4PG?1taxU^V5q~oKs7Jv+is@}DVXe}dO3sQewEIWv1jlqD?x5jXf?6oAz4MCd-#6a zSL`|4aj=Og?*`w!jp6N?tliIoN3ViM;lp_D~RZp7Rck&m#HoG|RTzuqXG z2Dc4X+8TVEeUvTifAh-GTYhxwS0B9Lr^3m^_4qsss4ctEI?Lc>J!>dY=)M@72p_VS z=lWS69fVAf9%0_t17PA)(*HF))5to3d!|i2aoPa;j1^0&=l%-ruSD)Q5c3_{Nxe6C zDGE=;O34>8b>^moup3Mb2Gt*J1$U}H(E{!w=n}KvzbKHn(2Bg)_U%uA!^7a*#iQO=J8CcP9|9f+r{S?!XTH=IhfKaId-&k_ zM2TwD?JhR?-I`PFw=DYMipPqwe10^kr$T8VD2LWCHsCm8GSK0z%{zvv!1DV)h4sQr@Q{c zDDYHim4y`ht^|Mcq+^gr`OtR-xmFAR?!?saFShxsf2Tb@vJvJ-Sj!4p8EaXrZz8K( z=(`9#jh&OK0dxg=Lv>Ljz$9PX!0xmuIWD*#72J7&#BUw>EO=kW=J(d4&q7aBlixNE zosoqv5QNu*@XEZ!^QhTvH7VCb>pyn;mVsI0I6pNG`!~1GJDomT=+pB2Gy0*yuHRE& z^ux(1f7#@3&P5(n19uRavIxCXe75pT0G!HpJPUbb+CYc6ZPXD{-|n=LW(%Mn zG+%C;ck)bTnkr4Y4)1$Z|Q5D*>h7I`ju>vag5;>#(-_5xU~FX;)|?D zD)*v02XKQqll7#~(38n)rIyDwBge`^&#Mh1pW#o|pG&`vA4bhXw+;Eenlm?sW4CiU z`4oBKk54k^0zNBSv1T;%IUYFhFOl(k8`&4N0@!Z__GgRyO8J9zU&x%+cf6jIrG}g zWlrZoVA{nz7TjFZRZgCR=2C5y(uUTa9|8798N*^eOZZ#)$!=8r=Qf+H( z$lLZhcs32c9^N=++uJ;C*Qd7~1t!6*xr-D!wSZk7;rIUbrM3N9#!+thj#MDikh4#x zy_?ZiCGt`^4pl~8DhDCUv-WSFKW@&0Lq2FtSUEOz*weD1#b3g+pRr3;$dA?DK-t{; zxfY&RVRJvmM>#aYv*43`F1>TG%5SJIlz0^jMy%j`+J}9 ztdFQqTeqB_(k+SyS1|XowM2WBW?WgFPx4zf>+%cu$iLG#%)9lUOM7>P^R8$q0?kXl z9k&f@N*`_1^{)-isdV+D#;_i|YYdtj^p$BtwB?286`si)lYFiS`DA)7 zs~X3yN#oMnWo9iZeSdlcyD?g7$DZax3ysjitC z59ZqKqvL7v({g(6qY+$X_kybjJ$<0>Ha9YtE5Xsj;HZ(gl#MJo|GL^n2fMT++g>pN zLsR5ANnY6c@^c}t?;A%3_IL)qJMJ^chvPm|e{P@8xU?s`{dsB*%5IMqVnaDJ=hEBD z8U98Q@oCvNMWfjh#dnnbCiC!}Dm!vRvQNZI;!*kWT6<9Lm~Rg`J^1A%R(Yx(TaEUs z{BlHSMMgcgZyd1evBja!7W9#6@;tKA>@L~17yZ;(8+7KhoS1Wj+IHSK^x`$>!D}P~ zJ{P|S$S3vI^E(UMx_XdZm*yzJ z;Adp#%;?%+gBWLX&_NZd?t&WPd~AoY|dNG2@qqP zj-CBw>UZD^*tKH{!`kzc4SB}xInj%>r;1((HPUupKn=(Z+suV@fs^}7Bq9YuPijnM{TB@Kmr=wqFPJZ zXRH0L(A99oi&cB6b29mW&{^G3k>%`X zdpWh10uMQBRt?>n?0Mwp+<6V-FPT*x5Fj7zhL5_(l<5ecZ}Jk-Fp9h@r<d}@2`ygB)z^tGAZ2joTidhC~UgKru&ZzlzELgz;O zp(AmhXFbQM4S?)^3*L?)N8-p6Q{TCvvdpZr&PBddllvA##xT}S#%$Lr929;<`?%r3 zL&%G}pJeUiXRMt(%i78FdS+1gR)2Dhxd)v!Kxfq9OZ*iXu(}gfpY|`cL0{6B zrj{!6pgNQ*Gv?jJrEoRHgR5;B_6rfM&DM((OpQX!lIn}x^xu>|IYDq|cV4LCg+I*~g^U*cBKa}6e z4c;O<``^*4`c{5i2l&f}P7chjplxbdAP?*u4#g;Q!qq;1=UeEZ*i!UK5V?k~i6Wbe zZw_`nxCuNj;u@W$zKAc9#xZo$vfUnij82N&XVwc2TU)*us=)r09WPlJ3ucE7zA5|F zsT;{WDsNhLvDy=iu|o1PmL%%j1dG(f&<4*fKYh*{| z17CLdCG6qd*lc@Pk19fD%h!?Zd5HUOsXiqA6;;@FdN%X;Rj&2z+CieNwpI8)btBjp zatfbQ`JA>X`KFclE9d+Cbt~(@%*ER;Soj)6owp9T^?}x1Y`?Re|Ro#6Tj@)hq&CeMGI-=7#yZtX|@Wj^NpiAna~ z>v`|tbFI*I=UJ~GA||JL>75OM#L^1YXekJLaS%7UTRD5s#!Tva8T*B^s+l9%ltu>3 zwrxwr@jGs`5=)u;PV67e=R(GB>bn|QQW(B&SO4Wf+aHk!*mq{#rJVXbnj>Hkd>uDx z-;6y^o#=)`!1osOt2v6!w&jLPPm|cAEqP(r%P9;$%wErAawIHyI-fK6oXJP@K|W#J zksJFNTPJh&He-9oBR6O}B{zUAO>PKQ_)N6!hpxsjC$@a+hunzghC1STJ?Li$_|u-) z)~n!&Ss8MJcUli3H_&ZvKPInXR=3N>FHZ0c5cfT$@e(@ zwxD0V^5qcpc^CAlIgC%EjuUj?&cABXb%66u`d2^F{l>;-%rWRxYy7S7e+P8hStq)L zUaq$igP>E@^pxMVI7O!ekr9K!%{$p&#=a_3-{l_KxXH3okD{t zI)z?bI6J}Pq3hKrHU_Z1EnG3K=oISf(ZAqO4eg(%=+(9}y8iU;nh&TuR##_j`k>1B zZg9Sv?e8RK(94gFt4^WcmxxfOFsgcmBlrN%bZAlaIJCxKbRMt_pikt{UZe92?dF8P z_Nu!NTIYn>y6zIA>vEeeVc*hDWS;gGuyS2*DtlfuX z9`8&Q&0=F2zZ-k5wTivfPTTF^QTbLK;6&>>S3s{tw5NJUqSt$te0yrrp;y&`l6-Y- zy%;v_{|tj(KjB=w&0PG|GZ#td_HO9*`_QdRYw7f>JsHx)_;Jj4*qkNrrQZ{vUnj4{ z(T}ce*r%O6k#+OQ&?vMj8}gxX{j|3yV)vr2RcH1(Pkq@5=Dd+py4UWRk6dWq2i<3( zoBhP6+&#(4KfLWP)Uly&#ly8HcNej%nB{9SF%z@L&_0jt%de0VSjzm-Z#8Ri6NnGU z29Xc8&UsGu$PS(}zBSLvhmSM9C@}tp{Iodj&!hbo?#&%RW2!Tg!*12{WHkxuH z6(drGdIb;aNBw2fuIA_$%7>$^=s3nh`$n$#?X_#oi*P;D z!S&CWbH&$=G@NSe@jG5s{i~7b_V{vtBHBE%EZ*QJrs5~I<0sDHC*I*F*5XgBGv^nN z3@KJ6d6q3aEU!w;C%!lxdwmi)Yj^q13El0JUlvGwyS^fEePcyp@-937oYuC0soc2+oRy^QSkPWt<=cp`9lrEJtTwpTlH z(H(1)=VLryaR9&CX{-Gn?12~1MeON}a9=oxqGPWmC-Pd$diGj!GOuv)vEu9=_;~8S zi7hksKjhdxfP56!pRx5s9yE~eYjE0~34RA5GZh!JaXct|Epcyfd!bEhlX~Fxp2uz6R(}HA?$B8$ zO~=74arW9R;C9=UW$g95KT-%T2ZPID;Bv!|vX+tHvItz3I=HMFf{osqT- z58IooS*|fZfIMAA9iD-{J$VE3_Ow5PJSGpag?*sYnRA_0O>X-0*wz=cvIkWDoAFDr zgW|}^suC}}nC>Um5F@wh2Zsg~C)cz-!+wq7)DSp@ed@ID>Ugt% zc!=HpL-n$~6tlF#`Lr)zstUS0w2GJtdf4UfSc4Z=6MNul$~`u&zVF~F57_mtD=Y2T zpv}wkp*I^x6MNuj>b;3famqhP@b{tyx99(hi2fLcm{MjBozD<`2H6M z-+n*%uFJqT`$-N-2YpzPctYRo>oGcMcxAUvq85pCw3pZSU2Wrkd)D#szY_YjmgMM$Z5|hmw4Bqo4=HLqEz?JDgLRWkn{=U+g13T_AC_KT8iQ4zf!J+24 zWmnW#Wi{-NsbxIZ9<4}R*M&Y~Obe{a#6tEfEn-}Y2UaGQ45>_9!`POdQpuha`<##% zvC%{D{)&^>uYRhPxDwuf54o(g4-;#mT)n457)aUnHX5;Rv ze&EjN8hnU8_4r-XBBalG_g5xHNN>N5&+`uc&inX4&4bHYl0K~wCED^FT@xG}ikA-Y z=xs;WEVp${<@8UlYm7bAi{AdI&GvPSu0dzZ9&+b6kNRjm^!Dh=#39!Fu05B!i~6Q! zlB_h{jFWrc}#PbpQF!d{G zbNM*-!aZ1-XjucC$WO)bUAZc|F}k5L(Ym%W(e`L%BJxb7Ie+2O37o%RS$oFuVZCfm z{)e~UxzWmRQmj?+^bUAG58ls(_tE=%y?Q^#;r%RlUu)}<{{zh2S>fsEFV(_WFPjtH zEt_*eV`YMzsVzCs%SP%MJ%XS4D1PQ*Y@{XFNC%2-`WxWT-^sx2wdJ*z=jJGQZ2<2x z{rUYNYQALygK8>e+Ew$|JKBrR+v~NbGIic7P^F+Pt55>m+9~xSIMi2YQ(AQ4O zwp-WrVpo30;Mx~%My|CIC-c(RQ~2e_vJ+J|T(QAc^crVW6AQHSTMmLZIocmi>enTmhSLMIXbGO@ZffrRM8p1XmeDA!tR(H?;%(8D;Mch`;FzSU-jY*^YW z7*_wrSFC~u!@vXoU7#@@tQzUjg9D8Jc_Mv89tBrR@j(|^iBx|kZg*b~OQTle) zsJwl(FGaU4vimx?O1UkZvDHK@hZ^w%-{EXU;I;FPtndw*OXyoRzw+m#k1EN@AIk5l zQy*ikd%$+qw>PL}d%kCV+lKSto5Z?)uY3`^Zn|hT7uYWc59RcCh+Oeb+G^x_t!3A! zzxL+&U9V7ga4T!z0Vh{H298u$Vlyzf@cg?6o&a&_w+%eQ!$$>AgX*{s_P{gT;O*%9 zfyBG-koT5#LMQPW^8Iai_#;%8H9P~J;U;(e=ii&(^&BuIvrg^-kMMG%2af+CruV9W zV_0~f;0Wde#|a)dh8Z~C8CH=v%2_FOSp(DHm<=3B->?igh8Z~i9XNgt9Q(6Q>H&v~ zlP`N@!Rx|DibLx<<@xzsu5yTBKCzQFM6$)N+m5guMG=;qZ8j5`RwRueCB z`!u|Ia;Ta*!I2HfbZ3lie{DhHN7eM_^m71SodB;Mgjcnv=GUwZdU5-oAF?*+;Jy{y zEAK{fRrOYh{UdKVI|zIqWDZov&Xu!X8N2&;;J<-$NSjaTiU0Zx{J#Uf-v|F6IQaJy zR~7z~;J=W#>tJN$Fg~9U|3zN>)2EA%HuK{0=VI~_T^Z`<_cZ=29nd>}vQG9c zYiOU9%yMCw0W6Y#jmY!WAK0+8_#OG_FYFzbMZgm5hQ+p@tl{@($j^;jZ?#qu+)8aut=6$p80v|?-{bZd0_9dd@Zv4!Ou>X3y!~# zljPFLg_&?{7}Pr)F964LpB)@p%P4_1UQXC}i25C!)^I}a{r{f+_jUI#_@(QoKnq@- zR>^g>U@g)km`Q6Ohc!YqtmK@yRiOV)q6ckZchXl;E^}&xg6tYdm?R5Mn+As65I8DsV~%$$_+|i16$~f``6e+_Q>r2-F$Pq-d}gV zc_rhhU~EOj{@?1uKGVb))~<8N!=1sm*5G1{F$x?xtnJOf|ER`Sd4(KK%h~6Dg#4vi z&P(xOPj6QZz$Xe!9%jW@dyjtXBKp9_u3~Ra5StoZ{X9OFsV}M+#*AX+tSDA%*SD;l zptx>!*nQsYtsRGd1CDam1R&5YAw_g zQ-mIduY?}7wt6aX+5VlK<8JpqS^MAimeiaSIOU)e2o7ZuXNum+jbx`F1>QgOyl8tSkDAom2WA zbS$4;dl)4*=d;IJGR~ZtxZKeB>c(wf2(?^~yu6YAkacbRZenObe<(s98%GgGgLi7s z7x5S1A#ABu_@ZqWa(xfEI{N~^raeqn=OJ=HSOeRlK5wGWYn;DF@wa^awp&y`*4m=A z4dvWwACHN}t)k5a?l%Pzku}8oY0Hm{*+m>~Jf8#pygdaU-f`z9tDs3SJlQ+l=ecPO z&(0w;^HP;#*0uBCTjdpPf{za(-xQM*4h|sK$N1nuoE)~eD+7kOWkkT zxoC=kC_hR0hPwwa_Q}kR15c{fBJf0!ef!B%eTDaT8X2XWVtYS;Yz@Kg#iMZe2sms9 zhwfavxNHNL%3T#Mx8n~QT+RfSvus>W^x$&ZC&1;Fz3;DSqhBw59Sf%woWYb#4sdWf zB^19JoR(5Mey#_n8?r+0l-P7^a0=b7B@bs3I7M+&=d>_|)5pMRk&`bq3!D;XH#oh~ z!D%L39n5nlIMZAUw?)c@0=GNBt&6WO_5;s4+rq+MH#OCc!DCuq6%WRsW91#?gZmC} zUkL7X-n{Id&MG^P^xPEgm6Ki=e)E_8r{y`|-{dRx!SAVY19$Wpo6g-l`p0rLCxy0M zW?`3AGbeHAJm{H|cvk2~-Z`NS&56$TaPuwi1dqqdw;aU091GSC@xVTtCv|@OTg+7| z-;(~^e9NCRKYhuzr+VaDDwbH7#wW^)iWXwO4Mt86W4t4fE7)@GKETZL(Pb17lIX+A?5q?TG?pr1w1ZDs)3KnI(I6bz@*+NHD~Kp=7Y^U@P=F z@NIb8-@RW?aBOklIB4k9w$HWyZ~}X_J|3K&52rqAp}Tp|oX)HGf8Ma|pZH9>7Uz8I z*ag_LxALtzU9xExVAE|RFHUiHuPysUaz^{KWoh%1*s?zzn_;_L1Z|EC5L3zuFK}#G z!Lks$a!fC_>}kN$r!DKi)0-`OHvHz=vUdT8^vFE=8f|46TXq3`Dqg01QrWVqU*@%C zwO+KN8QTSTC9joBsvNu+bSt~JZJI^h_N=Cq97GnpN)Dc}Yk{jzyLMWJUCVV47;Rdx zeVR?=9eK36aGQ^ z`yTLo7W8*$%%`KjQJ;|h&iM!EuNfHoqQ3{{rPE*2>9(x&(%+Iy`G*`;>>yc}WzLWx z7iaax`tne#BabBueWJw%EA%$`F}=~^GN&KA27S6eZ_C4Oe_pb!fAgJN~_SJ~Gahi8CB|C^##@Sl-~;3z{Lnz8rg z=NGy3*pTw`fyMawo8{-fUz<*k?IU~AW1srCz91zJ*E{m?OUIzWy-wSoMjt=V{yWj$ zC)CGgzQ1ui+MD^wXzy2}GiZ-_>8Cz6@LYI2`g7np9{oKA9R1YCDf*K>{>%1HrjHLo zL&wm^>Gao&KCT1C40)JFe^+PF-^>j9JK}fhefM&Hgd68H@lt#Q_xz}2-GEKWxyVFn zER7Lz=x#zUw-Xr!{R&sh^U#(@GA7$-J^}+;mc|Lh0?CBUq-DKrz=y&;ls)NY7 z{+!X4e-CTkoRgB>xhaozX!Zdrw(vQgQ!GHXwCZK3&X#1h*)N1GCjV>ODDB&)J}-84 zL}%?`v*{i6Jvpnl#>@j71-NIe%p5F zq@x@k#^n0su#Tub9NNd9M{a;>Bowf|IKcKp{C4dCt@#k!e_hXQEw+xV?4q7I?=_Bo z>4B}(p=&&M?E@_z=Uwu!XQ%R=HbQG{&{{jR)=J!96!|`~jq9nA ztbA+b71wWLKgiMmwKLg^1AaA+CC)tFjqbda+SP(Rm$rA-PtblVv!C|%0y~H5dY+dK zk^ixSGq1-W0!8%=}7-VdV~y!Hyk zq2Cthw-x$rgMQngU&RV!7r8m&Zr+-^Mmv*Odb?W#!=dB$dgZmSUXDCE2#s`NI~-zO zw^{=`*BwdDxs3TQ()v65tzlHNwyU#$jxbj)9Y=fd$3@$xIJ6zbcFXj;XSnpH!MfwHH;oh)Yg zhesN0{9Q)2UQc-m90iz5W`B=v6iPZAcafDW#jSebUaQ0kKjBGKE*?p z!PAh?OTD4?i}So8n>p1pUnGbD&@|L^1wnhL$}bJp2l;5U>x0>`ER@B@x5(7LfNoeXaVCxTx^v1mH2wj4TE z9@@L1jmh}2C}yRJwbl$T!bi-+$;%h+7I;zI@n?7ARsL<5bgHyk`O-|Z(###Bvg3BK zKSAR~!c98kc4)lX!A%E#0%;~*uNUX9M*oefD?-#vP4kx_b7|Cd~osju6gxYZ%0^f2chA^_5Sd;$;qU=`q%P#(06=ZeVv6! zW@+6&#OIsPrJG-fen;1_hjnxM=sBM}PX~d;L7#G!XSMAh7rs4?aXpTsvyZzT7ml8$ zk3w=5mEfzDjZKwUrKvg4oa9w5bf>!{#3MQXTv<|cc6bIk31{Ft72;XBJ#)?3<|W~u zU2fJl<)Qui*vC5M@fTiMK@LZJRuW6kL7qD~9CKyYLhe2C+apyq z1?i4&M(6le9$fsz+CT5 z-b4j40&X5jpMhJT_M6^u`M#LGV&wPGd7Z`p?`40I6Mn4@`PAnwqbnGD#h9TTd7;FI zL(qrvTgAzJYy1wNqy9;4Jf}9&7n(M5Xltt<{|)fH@*uh4 zKJ;?(u=oAZx+r8F4 z8!$2L&{NcV&jLKmxJV2!60DkTsusTFw2G`GN%9-768M8&KMd`dQN`g z^j+PnKmHOmIoAUGP z-Ic&u_k)y*Uvkg$!3n@}BC@{_xWgw8NiTs<>h24225c=QXCb&V`QKdn`3CdeL0%*2 zn&5tS?zaOr?!Uxbqu}pb!07jjzZuqi#Sd*6V&krzJac8_ar-to=dycShi5YvjbG>D z(Gln)=v+qzGfr?)F8@#EyJXE+$OFaF32xVM|5Skd+~WC%=%X{1*~!a&A9@~of_zmX zL!n!AgoEHtc@5T*lflk^ARRcRR{4Rvxc_WBxbMuZwlbHyVSLDamxfOU-^no0ebrtV zB-7ho`pnO;;XX}wbUZlrAMca-dizY)NxnX~t4`9-oU1wdVqm0^=cB$Wd46seeWbZ4 zHPKR%nuttJCErhKB7R+JqUpv|d|FdEYfjbO_3)y8j!#f}Z4Gy#)_sdR$F99BQOMl^ zg;!Zm&Oq0iVOd+nOVYqQJTX{8zEhs>*M3s+xs>~e>Lzpd0kPnP_&pU8n;k%o6%wDV z-)i8S)Y)1{tahQ_y2Pd7dxbwQ|2le_fu-cWbkIU*vxN2A*o8LFwRLLNM|2J6o#KaZYM_XPV$*8AV#m0+-8ByV9PRJqP3FTX7`cXY?Uw3R^>|^ zsP?fJAP%6U4|xkRJ$jkFPkU`5HfW=RU&dV%mnB|lYOgwoo_Gj7@i3op@})Hv(g(TI zn#r5iaxHz7_YUs6o<44*k0Sag@g?4y=}WvnN4Zl5)XKlU5uSM{-V6P?kEc&te=eM0 zZPgw{dzDBvf7e}>C}LjqLB{eJbbcql-OhXP^?lwKj;H)>yqm+j&FK5QpYbv=n!AXf z-Az6tc=tpry{(vatTX2U;IHvv_68;B&@-tAoaHAGc?_HTgWv|9AG?jY(N5#T$b%B( z!Ax{`+A(|6&AL;;x}=qH^`b5F`A6=ddNDuIXGeab5*@f1JB$3emG4P?s4w+7`?>tY zk6y@6%&DUsabCAVGgm_!*veK~R-bSxv=Mn$b7u_jv`BR*QFkji1=h&Z#J*>-xB0Mp zq*7*RXj|?8YugGx_fhhBl?EdeOm+m{*Kp3}jme_mmjM`%A<&3f}$v|#q_(p|&$jyvY#sPea$d4s>igyNp zK?InbCfEs@0%lF{IoCENeEAN7$Fr@i21hr6qhfG$12N8ffX~~&=^b0niQk>$ zJNln59R1;*p@;5!Yr@CReDJKV?t=qo1d7JanS=>Q(Ykp$Z z4DwgK1a2FwM9UkU?Tw_pv_#kTcG8~8rTtsz{$}d5Q@;5naNPiX$1}q}9cmrwU(hE! zi_Z+7H&=(9cWxH^qV+M>P&xj+tfSV#3=ciqW%fZ=`;M{hpr3v1e4?PCk9l_dWI&`@JJeLzP|%lwH7?3#_0`1wCZoW&EwSUjb;-BTHNW;jNyWv7g?ZHzf*%ceFI zzHn;z3G$!|x6;wX6W!nboW*@Cr?D>A5F5N6zVk3^{6_pc0`SvH=&+nM`4oTfrqlAt zHCx2H_3$s{nyqwb?J345AJg)XooluT8dt8__4eLe=keZLvua=V=IBJ)U1hhOrF&JO zuUzg-)~n zEaF&4b&1P39LP2>SA1(H%x%5kaD0TJqj(oOa^k4RBEK#~j*UxAUSM%=-;m)eiq$=UAAM|nej@%bxw)!nV={2LiZ+0Y?#Hw-aqZVv$y$oeAe>QZ5=6J`;s9S zoU~lGoHmxy#x$><_1XB7Z{r`Br|#VA2{v(Jy&H*#>+-uZ-tRNs#f~nD?RR(XbGAP2 z!uv$Jj63HknzQ4h&Yp00Zlj$m_{+30jy9qLOU<4T{d8q+=xZkpw=R0;KnuOx>f(zf z8*mkQ`n>kB?qU{xVDgl?_RKSke)`JA=%?jpb9dU()q})d?IjND9ezU=?MF5pco?}3&)l~LTdz4EknU>dCq2xXx6<(8eU>$SUst_Q zygL8b-=hx_bJ&AE$bC9n#n*~Wy!2V&=)po`Tg`ihIA7$ap4YnL$iL4$KlH3^kTP-w+jLkS%?l%lBAPxR#|Dv^Lq(;iP~tVp2|1E zUz^tR_cr)_m{0VTrZ@Q9+u5#km&<5(LsGjNXxEhI_YJhGHrlDD^3Csb=qFqH7hD{k zIn>(H!hLI<^2E*+c(_D*Nw08A7d_klEwUGx9Y}9*W0fMz}<$Fnf8aS^KySH zXI^>ay@(@2r8`9*V?FNy9+K6p^_RYh?orPjTU?$J=s< z32!7eycs>I`5^25LuAM&o$FisnEIr(ZFmOd>cuap(@yy~I#}a}thYX_k1W>TK36J{e16+`HGXb${7gW2@j1(y3e?t(axXe+@c~u$~RiUd4Sf4$U{!;|FKX zhq$|*^Z(ytXZa$TnCzc?V4P)gy-HT@I^~OHWwM|0fpK=;)(brT%95R3{D~boap|+@ z3!OU0%G`xnM%JUdqpyE6yabzEL0y2mt=K0s#{$-MA#hvI`IxcSkprK-tI543z0#ED zU9Eg%oIdjCBj1Tr%atzor`+TFuu^*NBPZqfK6n?Vk0IT1&ZUuYy;_j1?RqTf-tSO`cJZg*;B0GoAf>4YAg65w)=tKrthg%a4I_6pc|}U z+D%q4z1RwV54-HCGpt~*S@d@+pFg#Nr}@h6KkW`Hm^zO(7xGtT1wY{)l))9Wv7Gn! zQhz1&AFzTM4^rpX)UBc1Lsl^J5i8jDcUG|97Au(bB=4TKg8iRkJaty^X~r|;1%7{- z-*)laZY!9;9)9|ttYG9q;0Vm*Zy5omma+FC_Xm@gggMobV???_F0|1lCnvOUsGjxC zxp=1>?d1ECM=^enf`OZ?U`nwSyoNQ{Zw6~>7X97I=TBKb ztigVFSV8|h*4RS+%Cz1WJ>IXvUW5L7slSr?53n8|q|UFYTSK{rSdWh|j^DAqwy++b z#nZdK<#~Jit?~QH04avYh13s?0#&cd_?&mVT zL1%RM2CW0*XHj(YzU#EOlW!R!D3q5Jx%}0v^*?-aAD1E% zS6a`F4G-Zt7rR5T?iwGH8>aC=QTutf^@uOrpJ(-F+HL(xcslK_pk3jhb_G-w(&=`#GmtjrYqzM_E7?DsNik97E4308IeZGAy;Rk~CCNS-ge#y_AfpV+P= z_=VtHnRtrdEa#saPjZFH1<>hVFL-{N_`Xnz^ip(L_8$e^+&?axeKz*xeAek@?>M+C zx5sv}caST7wFcYbaP+1k&hT``shmg=#vuCE_t!Udo#)-oJa@bETyM{F@u!{hbp2J# z{p6f|dhc)5{C0CLT89ly^Ft>v_myj}qx;J9%voek$9?4`(318m?p%8_SH*7HXN&fo z*tTwL8N94Z8t)IB@xI$JUh+MG7awuEE?)jOzq$ArWyafi|7RX!OyN&woI4m}fbk6H zPjP$s8Z-2s2i;rz4d=VyxY*ch1GRzsk6`z+Y0HcexvO(^S1%Rae9akOv=97*aU|2n zD9+!!_bCc~=X2(ggD*gUarqdF^0aFY)Y9PW6P$jEl3+2|>1&@0i?|JowZt5{ut@g5 z-;~t97anH*^qt2TEWw5E-uc&uzj*#1WOeG<@-Cg7?s#`67|67Ko9-f@EY2s|Ng{) zTi65q(1>W3JV$~fvgcs)yoZwJaFa8K|LK^6&8K!8>!kH}Jaaf1`1u`r(>T5GTbk7OH~s6f1v++x{*gKkw;~YJnHU#+F{+?Ppi2281ye+*YE%SNL4O=CEojK zbEE@wb3g6l4Z7b88!PLhk+mY-NO-RyF3QZ=k#QrF<{ar~^O4tGd^>U}-y@ga@ZftG zz7Wu2ka&$(3#`yv&vOS@CN1t6wK=Ygi-%x&*Vm_x+=im74i{!>b&U_^|{>r?V&o<_>jsEAT zKYvQuwmkkyE&m*cPj5p`ndcqIC&>)OymU8LFF$$3(8F0B>sfn#$**?<)&miA1RrxA zb~QQcfWh=#1(nhP%_s9PpV;H{S@7BIdrHuy@>2rUKJ-t)tYBAuCGtO!`*O&fU-~pA z%KGpLF5sPhlYBMh$YEp3@tcn}3;8{uca%5p$!%lPN2iRHeEop~r=Ic^-IJuBh`&$b zuiOe$1{kMg+a&%!L{AMrbt*ftVB15U}~>hRH* z{P*Bde)-~8UijPkVORLOW2Dc9XH&}VKjw>kAX{A0cpHv2ls<0WcO7@<`>x~feD9e@ zuH`rHi90g$5$^xh!TpKm^;zFexvqJ22miz6spfoXc8<=M(z~25ML2tia(>ZX%6)yM zr)_F~R^J_e`9kp(?tN?L-nTdO9shZ9jI>{`GW{t(U{gExLzDBRy&und--pl4P3?2^ z-nkF(VZG2wbXE*Qu(9OHwIqxEE$aMOae?%Mi zitE|tBk9NOjoLChdB_pR4k6yCf37^9ZS?a_{-{`@qB8rgVq~H%N8sav&9LIo(Skn} z?vY$E&viUUF5iPK%zi#U|0uF%4>mFLEImE<=+%3~$GyC+%*3sYRm{Ml+?;d6zyEG$ zoOB0oAIMn<{QViv9K;88=I-4eUy*eGmdPVj#yQP;#gce^ZfzSb@lxT_xl^`1OT4So z=C1v^VjL8+qx)60&xm3}jox_G<7DqhE+m46+WNi@p*s^o2{vl{Ew1 zJ9S}7^+w|QHXgaW@}6`V zSHQLH@Tt^wnM_b0f zn&-&M6kEo>T0%Q2n*xmt=N)>%t9g8vey9Du+m7B#ACW#_`r^BC`3>h!WtPxRp~^r@ zIlQybJ9GGM>zI}$na;S+ow4xw>YEq(t2Lfm_&!tL>30_2XX`ud|A_B%_%2-|kMCpn zz7~CG`mSB8N<2E&;$1JUit!#9UMYLwj$JRU8up6w%p82Ly|QY$`^RX_j5sZ5Z|&!F^hUv|6)-?^)DCosou$N8~E)!-e1G-V;A+U{&3Oj)khZftG?S$J%8#mMz5mn z3m5sS@3`yv>VLb-U%ipvmh#)wh4t0nTNtSR_k}N2S1nAh{>Xpo=0EudJ@fDMT}9sq zoac||?_>Jg<p5#l}oCjV;Ld%jN`xa(YpSx&B^=N2! z2EP^ZTLJO>S1x?9`YP&;q277a+vMxBd4;d{Gjmuww^H`Jg}bW1x-hf)6<@E-wY9$_nB*{e;xJLQEwylc31;97g$-(q(bXy(E1L`w|SlA z|EJTEmqwPlG%~1_p*`bkjuf4uXd#{tF zk#l>X5y_bb@~pZ3a=PbJbm9KfzSr2Zz_B^=fDSgW$32HJ&IEr=LsF~B#beGwHt=pO zdtLEhv&ZGx-RJtC57Bn+uEI(mJXm{M`+1VtZ@Kc}NIG%#X`xL^`sHt`IE8yzsWY0t ztNHsef4}5!&TFB{dtb}1{QYYMm9M{6Sotf)^E1X$d+uq~E52%Ny7v;_reB_7%N*%X zhs#s!_>(iW|4Qq+|9V^cg}vXBOm1X9G7;N$9kzqmUfDIdp9lH8Uw8lR#a2W7JHFZX zQ!d!p&i5hswzvC&71qxm*Jpbvd#=)fo7&fF|CPmljeXjE`c6I$^5(VARDXRb!+vdn zzO$z*WlwjVzB_k(H>iB)9qu|8o8IKM4 z{u1&|lvw!0u!k6i%#T5vQTmB6hQBbr$a?l5v?<;EEj`z>Kje4hf7t&S&v`skHb%M6 z@qJW1b4JMXTYBcxE&n>tnuq?dOTrIR(X9jFLFkAb?^PaMGDf?^A9cQ0zr1_V`;KSz zUB|mfq55T<)PK_LSI@Nd-`;*TKI+A2?_ z)aw|p>DQ`VqjI!i+M@g_Z=b3U-ZZwqdh7D+j%5$;*!MfblOt% z&B71br|PUR3VsA*<5x%D+>hG@N3%Pgty;mqW1O0|=1HGVtFO01i3QN4>knh&%@r-QBDA?!=fK6;<{a33FSEZBTf5T2&xmumZ4u6ka|*H15}$6$ zgzPdpi!Ly3BUgWUnw(okfZWykTGv8%zOBkad!K8&9{FwQOGexYlb1H3tU zJ^KdYigF|PbKi(;(OLP*KH*$+qF9MPZ0_%-@6Vn&Q4EBg$EUL|f9=&L*Vh(nOjHwG%zGa~ZTl4x%?V zKs(!^%UsUMYB;~LrVIe?3mzAo)xPd$eC8y^Ci)g%S-`pyZFbRH(R&)GD%~^CM4paDl^rX7D_T^}{j}Q8Zh*#+lR6VkA#N%*4w|13 zVjbX%dm*|F{WQX>(HjyGY!)tkN~Y^Ko4<6U$9DsdfBgb@{LurCd&qh5c~+rthiQhq8D5$*M%~o2&PH>!#uGic@t-6RDB)@~N$~P|t{B-7BQMY8ZaxK-c4%J4y z(8iOQA25*r?Hc)%GH=~Q9-GMg3(=bf+h^wWvb9T2@0_pjShm z&nj26T74=t4&^p)A=a~*I8TE+#yGhj@t@$T1sz6yvaY_XeYp6H=t6g_Yd@3&uPOki zdHfB}Avet=irAQmF0>##A90Q)dNdF#nsG|1I=!^BC}WzLn6L*eklIyLsdnl zeKzg-pyf1ZIsJV3toYh8pxcqq7QTCl7CzG%V+*#%~c5<7lz zfU#kFeqPM??s%E_*WC2u`PUFf?n?IR zpUb~`k+aUrzr?$mSZmFbS#PYx*!3Ph16^tTm4RRJtdL?Dtc%0{`>`Wc;x+hpCEWQg zWxh-Kv59q(%05lLU;Z58D|r4Mb5<_3RBUF7nM}ntrWiqdma*-HwpCD1>qvHEQ?HnM zJWn>T!p9QY$X=MTDH}S<{w#G-=mG!p$$_h`8x1G}sti(f_n2+!;|1&SV zMw#>5PJSOL@dYE*`tU`9qhgh~R419piDdB5~K@G6JQdnQP#F-ksOSw53dxh7r zUjB<1DK9UMmE;FS8}dV2|K`V4)A^J?q2e4<2a+cz^Sp2~zM^U;UwPGPtniyjZA8ei zB|12m1|5)F%WEI!Yyy0D+V@{YSF!2MIp=liMx44IB+b9qS5&_|+YYY$fU?C$kPmgzlYZCF)?L=4qdBpnk3ap1JwK<8#+FNd%P$(! zG@~1G9>99w&g}d5Bf~Xr@l}@xCy%ieeeasf+pBW=eED%MPafwl0&{mjYrXTVLs$CF z?Gbi9$xSn^PTfFvRN8kx_Nx8hE5z5PS>s$;_rasYFgS6Q$U1U%oML31)=!RnONo^@ z0gSg;?~V#DmVW4g@%NL*9uCa)!B<|*7TyP#v9AU1SF#SSVjWy98xQ!;1owUT1HRJF zm`88m+XwjSu59J0Ol2Nv$RXW(r#nV_)oz^7UR8&0iCIU~^N!V><2L5#<`XjV{JHZ_ zYK}3Rjt*Hb4+`%{nqyAV9NoTtOJ6GM(|Lf__0wNDVP9IC9sABCU8@ECz>T5N`fX3O z*ROn1+_Nq(Z)$;;wj!VQA?teL@0-X~natm%n~JwfKTSnGZO9oK*4`)^xtfnY8!|CM zBf~S98{;;S$9aK6%!B0M^l741l z_r=q}ne++Om%NiK(X+7?K!fnB#HqBUHikhfIuFq~Q4YFI5puX5x~f3u%IB|%e3_}A zEnQJ;DTi~4<3ncied_{Z|aDLw~JoV(fyL>Wsz4uH}^4g%CD45LwnYw44T^t4_=d*G52NG>6(;`xjFDZ zJs0y?!dhLE(tmE5Dbs&$oj$2!@u?hWYf^^HZB@O@L31Of{*bvl;Qu=U#2D!J%pr59 z@qRJSy?IXUpY!Gh`rV#k&7H;jwY(QUSaU|sTp#=VX*{c~SsDZVPBHy47Sl(DX{(X= zh+(Gh{${MQJFUs|jLnRHkQuA=wl)28=8iP&44GS_PsUWNPu@o<`w+Bf#yTj+X}|Pw zjdjfs=b0D<>8u*#H0l{WhjoL#;?Pk_M;;6>-jwTe)O!5&vf&NHy^0>SrjS=#tV8|6 z)5K@k54-Xz?J4=|S^ZbXlG{7=OSJdFf1bF#$UtkpXs0m++8G#{|Fa}{zsa1Z zchZaYvQcDW9r5L z7r?{hY6eHzSJwzfw|*lW9mt)<9vuDV3)*n)3xew}1y^THZgybn>XU9h0#{W;75n-+*EG=NgoA_4B&+B~=RqpEs-FX8tYv~TWuI>QPpkMRcl9ZJN*@hy*|BW~b*6Z&HF zs{HveWP<9;9uT81$q3=;zxnRc1@jm^4O?A+d?qDM9?B^ED^C5={+V-kWP)d{KlUoQ z^dozj<`+;5tCN#*67fS8&&qM=Q!FSs4&S^0oUq?eeiyeabKG4)e#j-XHwizK3X>l) zr7a52NnJr+qzrVZq&fzc=?cxH)N)6g%^Zom1o8?_dj@w@%@J;6MBnqSi#?j>VSn+APGu4B!k z7rDG5#ZrzpJI|XJCI#3g8qr1N=gVDCQ`6^7pZ5rDY{DKQJvNtdET>EEDvgxC$k(8G`#^exUOfAob<~JJ|;IEBb$C|sAGx2%D=SATk zt>`&A2Z*2-+xEaf7o6!1_#$#zzlzUKpZPzUcK}_Z)R#FYAG^GKVI@~wy{(RCx0 z8MW>_l|Svb?)(bT2bqU*D>q$*PQ)5+Vb1%vhvxU5H)5XnO)KR`7}%w^U5)ROJDd}@dh~tQ_3e7Lg%$zIw zY9DKD8xCD^@7w$t`Yf{M$B37RKVgM6zBo2m(S`H^*^98}Kj7-EqA{CJZ2hx>dFUKr z1^naYc{ApTmIhF-&WSr*xfvREa{3U1u_brvH_g5w*NIn`4v^gDPTEwy=JT+Jr_Z}( zUMo6fyOm*ZtMdf$Q_-(?94_39kH$c7HrR$?tG^S5-o1tE|7Ff+3hn&cqlQU7b>6RQ z&e(}hJR6zw&cBp@_t@06{|h-hCkhNNBcJw$vc8Nnwav#~qFAwm6=~tMeY(owT~9ju z@jb*U+{ z7MgVL@=ZlHrXe?*pv`9F6?#e{jd#tgLD{y9ZgBL>@LF^Odmqc4^XLW-Cygn>+Vy+n z@6dHes_F)JmAy5m9($ipSBJU8+%rEM*=rFr$IpAhm^@EAs!9AKFb56?lL(z&CL@5)DK z?-BjAzpg>nAwP3D50yV?1fEi-GpXm!3`eEIWBYM+_*0W`>dH0YG#7i=2IQKntFDEP zo8XI*L$@G@ppz|D=IPXY%Vw93ZVIodoh_)}7S>BQpQulk@1^x@VX{EzpU zc<9b}(Pq}LbaCvdiALrbhyDc@@#6x+5B+W50;Z|R;g`@uTR3ZN1)sX}LGn0)acU zDLDV_yW|H${^UqjS!dbyz%Lp@+_pJ?_e5iebGN%Q2DkrLpntDFU<7{F9QOsA;M=IsHh^^g z`!e%+?;D?YJD+#H+WlC)^LhU7oX-KvUU%Kn26*XdKBJJUUixs?VhlW4I&TS$59brV zWNc)t2g#Q2eWz>8a2Hs^171lQOB1l{fL}NC=(P`;KFh|3Fa3f(wj}kT_+&4>BG@GA z0*Xhp|GE9oHvM;=kI28!g6HMJpT!>xos~OhB@R#fmDATjPai$Ce}(ZE=z4zQo}KK! z%`!d|x^wA0#`pUzzgXR`zxYGHwj9=p_PK4hll$*ZE73X=zQ|rWejR%4wf5P|zB%aP zv=JdMqrEriTl*LJTx#EXmA#LMv!7@wfp5)(N6tb2zKy&Dx0A#E&QPK+bM41me}6iB zkM-Y_e%Is8@FTTXLvAm7joJEI7o5UJrB}MV$ZN;exk(#qSh=9Y|F2BKOB`O>lTF*b zuU2`Wws>GGjJf#wKMl_%e-Atd{C@|}kK4(yh&=6fT_eZ5X9OpLXHWF{_pFCEoiTaW zgJfg3>&=`$_q-moZ_;^r)~uh5$JhGRzO%kMUi+Z!?1SDzmy^%YFJ|2`{&m*L-V3b5 z_3V3xQC@4M=|<@Cdg}}6`aSGGjjWOPug4zb^tX&Qo2=AVm(Dt8Ja)41c3+_FHTrvT zcFFi#)Ytj=AJUiX)?L=mM!v`ap>X-E4nYz{H# zDIQq(_><^9>&W|J%A&Is=gKCV8~!LU z8(T#&@Gijr0^NF>^uG{(pO)3tpQ39D1l(k^&c+9*2Ds_0QGI+WUpes93BNvF{85tO_rH?h_mghm zH~S>ucgG3f_XiLBW^*p*JrCAC(9k3B+X1cWyL>S%^gh9@&fE=<6K>oHUEzD_#gV?~bbw`$~R5Bp8=ifvB&UY#ddzjxtr!v192b9MR?^!J-D(ccwjKig@) z(0*F$=z)tqugXz=bSo=709y8;!sdpYT<}SJT6-z2GsACkY<{yGf2?G<2o^tc#un*8 zKepq!JL3a%&v+;RjWKUy6Nk^+YwQ%x0sOT;{I#8j)L!=);pPp_y2H2cIC%n}^Lxk1 z^A8zk=i2J!_!8MRagFy}#`{+f{oD2)4?lgw31h%Xa=kcdnSnftq<*w;)xWcEHanz#4&5_rLl z&hJIt{LcO;I@9@`{ZdDL)~9KoeO0v3`5m1`zw4Z!9$TL7pcRZG(75as70#H957~u` zjeSiSfjy7Bam<@G6#LXjJ53{i%V^*Oe{H>x`Huq*z^o0J9T0qg zmEe5nGk64hEAdR_LXgaAq@Sh{*b7IqFJO$VjA0*R*w5J7fYkx!@g8#^eqk`Oe~VSj z8LwzFl4s&jwC{5Nx$CP}l6@d@yEVTKyS!C4Bz(PS=l0NiXnnpz6I-mDAzkfBj{m_6 z_IT$f=S#cd1no~$``Gl*b%H0`Pp#8WPyE8}uXDY~-Yy%|SEk~B8n9{1JwNmMs71h| z!Ck>K|Y1K+#`hoA$vk-DlzB zaJ_wAv(NabcHTG385nUu!~!aJizimljn#<6{o$A2`kZ{_+~1ZbUlebyTPN3c39(uH z9z*xsA>YvTJjd2mV*{M%Hj8K`UMW^_pjb^!#(AO zJLPiha&LIcjr5emzuTU_UG7D1xiOw{W1MoucDZN0<<9q%!$;q=S7w*{gSXs8z;iq? z6qj;FHXe9hYIV-*BBx%BU2na&UWj^=s58k^KID|Qv@TL=t32h0PoeA-&hW1GjO%K5 z{C4?DZ~3x7cbsH`_SwLX!c=fb|!ns7v|Yxe7=tO zTk47jPNN_Bs23l~pI>*#H^2A@pGWvCBL<{`HkXGIJ1X!aTF%~qcBauzU76Dk`O+m1 zRsUMk4lz*0lY(`{DZ%2Ep+wzE_5csk&I7dZfT#Y0?l?N@Pju@)Liyj(?-uI(j()dz z>OJDr3n>oP?)L(>-jmdOntIPs?`i5i=c)Ik4cq5ybPthLJDfVr$Yt@KPm!mtPNlt{ zkptzn9MGNI9p^&MyM5n)rzDk=yb#~>AG77c3q72VCF}Ple<^+pA!Nyo=eaSjwtZUd zz5eM(RfplB1N`LBU5_o9T&-)dTejNf!z1JDUuh*w`iC=GjjJZBxB_iAT z%=QP}IP;;{-$YOGIq<;sqC1F=c@5i4xxPh|R zm+rsYYI=GnKEhh_<{93v=er%=AA*-Fru1(3zkG8>0Y}9%wwGqvJRje)=mO?m${g#F zbHKsyd*E;lWffy@%Z8ER=9sLnpm=ckR4DH2-RYlH`LH9naFx&F8fdSHGE25B zT`gJ^9wy>b9smJNANTIl9a;*1G&W27NWW zmb_2!eCA@`S+*OW(MsnoMC@b0cx?E?iMCy==~5>Kh}eATb}lbyPuRTRbk?t{|D0(3 zU)A0Er;U?c|H?0YqV@x0j^{7``6b#vT%Td*C!8ey(z^?Pi4<|S3HSUQ<4%&&Qft$+ zzSfg@tY=r3Bc9Bx=O*BJi)THXXJDXc5S(MLj z+%5DD^3%~1)y6Pn;}ZFJvWNU5K4L19178@1EXhNTp1vol^X(O65jpY~1^DN&I@ocOCTdw$@8pZC~ITy^b~fHZ**_)-rb) zrE|{`cfR}(+K6)BUW|KWBHX=a(_e2xCmM@cSMWR5=$9VLPKV#UH~M3Ht<#RiEg1D- z4qkj*dV+Bn8SoF_s<|7zd!>V`_R_P&Teswv5&Qk2qjxs|w@-jyd3rbof5rDLe8<;W zOUMXcHnN5B`@rY4Gp%t~3YR>)cpNUhV5qfq7;^r3@R^elN)*FaEbVvMqxj$pZk%?U zdNa@oZl>&Z+8*^)YijwBP~vWM;-xw4*TCJUw|!i7Y}Dg#RloJh2iexpHvCMcsz3RI zm~l|wPkjrWg1rJZNba%%udNeKj8~(lgAeTS!RMhdX!w57>ZE>9>QxuMqfE0zdX{!yWjo9RU3J{XtXj3vZ7R%$j23Ht5U1_myGC!*^X0e4C$Ivs(S^ z9N_pfm-)lrSj%2ZIEKf|$9+Bh--4XjS!RXnd48Vvk-ZwX;*1naxquwlDV%HD`s;V5 zeNwgK417U_Z^plb^QYKkE8)s8@s6MV7T&RkyF2$H%ckqzCvToCN4`@3Eb`49=DxF@ zq${i+=m*6w-8n<1=;R=T5K(8Z!!NaN6lP&Nl+2gOI zy-T52@gJ8LdHK-AC-_agtkL0RqfbEdUS5-Xf^uIuL0@O1vkyaOhcBC0>l{aCA68@Q z6yxye$zgt4`?;(~c)eMVQPyM13Hoe>FK6WX!Y!=#X8fB)JBoXAVP|}*ft_eZyuBH| z?!y0Ni~HV7bVpd4=Z-M@4q)XoBmQY?27WXdxq+~SPV*`4%RUkx!Tn*Q^YJ|c=0Ewk zYQovu-#WJAg%57DB8Jc4TQ)TY&L%+{acD?+@`=-$D!gWR>51oWKtsb-PV`Tm%QF3y z12R)9o1iJ}?KT3hG-yh92S-c1cL&?LoqXmZZ&-=OYnk6wW?k5{syoD}lPh|91KD*I z^mHwB?X)X>+x@OFHqy7o7lrO}8Ba4ZZ!hO(nIGZnE%+JT4ZnDY*6&5{X)n$0)Ul31 z&+WigewX71hIJQKtUkR%$GQ_A$*=vpY=WF!nmig~!>ieANr%?E1>oQPK9BE`pVGBl zzw-5;*!q@ia({B}?X;YKC!>G0oqN1~^b^|rXX#(-M;+h(zx)&1Z|J7|Z+?mP4;T84 zez%FZoFj!PUG%%?D%K`((XlG9rL|9|<#N6Y;|_Ey}zI@0Xz6;o{Y zJ`&hJQ;3(ig0|bO zUM40dI)Ss3?ZkFm$UNW+ipOmvw%i^6Va7g+@;WC{-U;z7cg(HCtC%?63*oc#hRusn zPdTk@noM_MkR4mLcuS$}7kjS@>%veFBYekx?jC%Xz4;j8dC+;bm8c;vgZwpgwvA41 z;8Vev#OHqjpTEqBDG{$1PZJ!COfI)=Kk|`M4gkfAd<(d^@gn<}>vpTx93M0s;k)+Z z-g<@~GG>=f>lwB!O*w*7s8<0WSwmi^GJF~QL%6?> zSQN#FD^^l?_|7MvR7FP9FK~>}Rv~5N&sc}wy@l^+lYF<~DYD5b*Tnb9(P2TO(-e0A z%yZCvv}Qybu~YC%7<8VIF~WoFN0HH?#7_@@QZUni=ml~5D4~z5KK!JriSce^ywX#pSGZ%=K5?uw z&c!}!oMm#aoEN_9x5zu{3}gO+>3Z&kiI0F!LfabeX!>>6m=~7ay^}uN-TRWuWe4(y zWiyd|O7!M!OR!hprNHAAXtTRET)DfNIpa^CSQjBj3TsGXm(3)DaR}Td^I>2+NO-awczpg8x`^84T?88X3Ncz1bf$GAUff7OYv3^l6kkT)Z$iH+ zf1)w}m@#{KsMf=SA9eChV(ZL$K3tz>+cz$feIui*{LAwtQg48dK;MVf`@_xXP1$!X zek9wU*7h1}v59vkh9ldT@K2Jx3|hb19+zUf$k$#qEzi1ybF=v^+4+f9;5`LgNAmI$ zf5iXV$J%NyP4Co|;Bhh5UYX)McIVnL%=MiyDz`rD#Dvsm7`YLr&1v9qI_>)E$zgI9 z>u?#oj`!`J+@bKBEgAWJ!mX_7$Ux$h>0f@xEyx6&C%0Zlzhl7VMewfk`D3l0{y}@y z+OOE{sk|9KWqXkWVB&zxxjCm>Q}<2A=WGyk5ADa{6^%K-YB+LYr1(QdZR4-42g**h zE{Rj$9cNjN>}dVMTOT-5RWq<_TvpC0)|2U;nCNzE=$sm2hu!!po<~nZPl=Q3qQr?U zUd-<~(70j{U(oX>pzNFS`ROLE97V{i)|_kqX#&br#7e!*MY zVPqO>^3#AnEPikE5S#wo7%AZ;ADQ?t@%$|&_BXw42R=0|lSA9uiPJ2HznDItEpk?D ztur)`6Tb8}{H3N-;1*qBlr{4D;=FJwwBvr?#hhPb&eCyD<-I4dUb`RzLw{++Z z+BJ0Hou6oTBQmFeu@zZ;+b|eRy>I^XdF{SFbEY9n^e*=Bn$^vcZRxbr#{zz5)wX@u zDYK>~oiFAO4$UthS6G0x8)q$-TN#%uvCuOZZyoyzKRU-m)*tW42h-o=U($PxMW1dt z_tVt}M;U+9;HHU`M}T*?!0)KegZrRKZnbm_-<^zpJ$!csk2{Ce>ZaW zUrd|8JphbTXj^*7IfvS-&^5N|oI+=6Dd<*>?9(})N!-ozPM+nTCOQ}jjqB6LpP5g& zvoCUZmiL{z7GAAR;y1g}yI%`VTN{eGdz*cX{I3-=h@V1YE#p`R&saVl+<|lQ2W?fE zYd5x66Am91wbpx$*~w+hJDy>?H%9xgMCM}TNk>w^IQT;_`b2_ zo4p&))yzX@(b~tl<+b+_&AoJhGYtB;JJD|P!fJln%X`)T{+a1o>K?^j}j;-KUXh3{LXGdc{>)iK9e%$EbeJQ^i z{!wW2k4+}0Sf_nRXPa^ONApbJ@c{Zj7W)+K4{oy( zUg*KT;aqZRn)rD9GPL*H_o#hGrqOA@Lt>*nZ*=+HCC=IEBxIuY(>k*uH|p-4p`qdG zg`rh1es*kmX&_}z3-?>1$LQR*OPO~#o73;pkee@ZK39#ep~_Cy+GNejKUnr2bno33 zZT{pe_7dR2^#_(ceJL=kc#v3s=-L|#t6Z=(=!x0v7YuzdR?a?xjqEKrx4GZEqs^sO z9N))4rRb~6d&Z{sOPzDWvwhY@itCj>qdOkutvfFp8znRwW6invF?3pJ^YbqJ!g=TF z9bP+9a(t+0YNyV5)0r>)!)sU4Iu~t6II)|@ov|8U0KT|WNVoP&DfYXZ_2 z$){JtUbB>ZdNqCcB&S^sdQmC)>T2LorR379LGLLg=Uol)O{L`1tAUr5lB2E$TWElM zc{6BdO{O(>B=ap%o7^+Dgti(B*k=}h-M%X$Gw013e$yRf(`kP(`S~Y4Z5@7DeQ?e) zh0k0o(7>5o!}QOVtcVlGQ__DZ`v!ldjZa%gv1lWoH4=DExrrANZ)WG8Z8`;CKu`YJ zT-H~Fp8<|s$&yA#6EEXU@E9xvU|l&|Qad`%DK$MjHs z#_{D@_lK-OCL?-H&`|<`E3a_U~qY>b(kDX2A8w= z^y0EaxSaCM<8bK*mqmA2bEEK|$SLrcnrw89(#N~N!NK>kXNB)YJ>uJ^xUVs1g||M` z72kr(bHHRe`~O-#mD8)nftSAjCJA1z9J1l{RCn-VuHN-yXc_$`fQ+)?b7^=n_rjEk zwwL=3FK0a{u1v7ZwJby1erUUpeQwE5PdyGEqU&#Ip3vY4=z3*t&PCw`N%Jgc9tD|Y zZ_Rb*UZu<(W4+B2lli*%;rE>Oy*#|9_=*$umveIc1^-$74L`a5 z&OC|!{J=~)zBeADJAb+k{3FYI!k6y^_>wI1=HpO%e)^3K_`{Wy6IpY!H>F}fW(M<4{E1xMItM80-`U>=^!S_Uk6c~m+-XUT_9MR9TKXu%heJ6`tMPR-Fbz0+ zdDg#dD_$K(Fb+HL@U91)m2LOH+=ch1qX9W9qawbe@H_1V+@h zps#1lnl*m*!euMc7cE;c!Z+g84OaS!y~Ms_%bU8)N^2O&A32%coJdZlDV&??F4lGZ zQ&$vZ_*WF9_*YCiBeW|2jLEB}pHZ=*;Ed3o5OT@Dz~$khMQFy=7dz+!y6BTc7xhW> zz};!){OFa-Ff3{8?y`GBXERZ?;^| zUW+>@GX7S&>RI5C;Tvl1JZZhpN?gJ3`>rFWz370mm$mSd{p>A^zGKbJ=ey2YqS&^y zuFBEhw4dS3)4_A9(bpo6S&46RJ{^6Gb4Tb^dvxjC%84bP1mnwkA9f?^QUCsZr3Jwj zbV!}M>g@A8A7`Q8fVOXkuGgbeFYBajoy+D!uf^=a)8Ub3zd>8E>)89qhCv&O8|z3|%?Jx22^!k)4GLfvh}{!e{X16SZsqp{GIU@X07%Gbc( zQ=!C_+(py&Y$!o&MZ>aFtvAX0*^v3!y(`|M&Lh6e$}4y$J46d@%a5X!_bo-(xNd}2 zR$=d?pDPDA{qVc|8f;rS@dbn!L5Gb zozU$|+=tbIFK<(3TBW;I*^k)wMUgL}qUt9B{J=JORTG%gKF&&bp4jIQe8|F&D)<_hrr5d-3$z z{m@|>YvMqlzsW%!2Y1TXv_4JyV0#VPYtJ${=v~|hcdd-67xULSY?M8P*6PH6wdSrx z=bm6Ke``BF&D_a2brU@IT^E-%eg7_8?mWdhwDX4Z{;s+jm-4v(Bee97)a`v{DADKi zP+|^o3G!2ueLMyY?Yq+-Y+L~UEkRD5DxCDL%@OXQeXY-1k?-%9;3wm=D!*#=Yj|T( z(Vm0Imjk|jD}D(Lv_eDu`dY!v0aoyrl+n5>BHvd%c7!$1{762pwK5wH2C^FN``djh z+Q8XuzO2fLlnLN_62Yc+0Gd2l$sf3kFvdfS^*i+SVPHVR9_amc-@wWb(N)y{`{*l& zv#iAX&|wp6B?`@mMjnE`npsOahuOsQe%8)=&{PbXI~AM%`?o1pre9kzv>@J^11_2? z(LMRD`ltPaxS0$e%;4_wSNO~D^?J3$5)Vo@d6vg;rj?ETbK6Kkd!I7P_WKj0r6mqmX${-aOz23A+iE*^g?`5LdDoilzv zIU|ey7MN=pKPvkUJ6jj+g}wK9nb}1bsu>hM@-_5uVEexOs*KIPUu_%Tqske@C-)4! zc@O=*I&1d$HfU;&-@14 z{xa!Z{blgYZW&6P1pY9MS-wQmK-*Wl7kuv?;<_#;ey{mi3!kI3wgT{PkM-;1=1!~i zt@@~{F$>@6f%v8{K4UW_h9>$Uy2exNlPn+ig`}eAq}2A4&+muuU+7(Y+ToYBzJqUZ zU7+YM&4YckW5?sTV~Vs}i7aC2vXR+W(|;ptXJ0$AP;ol+)f~vj=gX!8tr6o-fD93w zV*H+uTo4awr2HEA1j2A?$>qp?>TwP^i21OW`#O7&{KVlfbOAq6J?TG^w-IDT5%rd% z4>rPw;&1au|I>iabo2%G0O;On;rA=?No6fGQuk(Z`!}sYrUg>DpX}}x&2JMMLA+Az z9V=1CzM+LS+e6mj74ZJ{9P6;=w7hQFYRxMb`k$yAQRpYyy9?nj_UMh9{L^`3heQ#u=NSiU!eBLRO0i_x3-?BzU=)Y;i|u13IDD7! zY91}s%o*J=0{?4nFgoOJtL#EzP%~<`Fz@0__B`lz(v<@fI3qhq*(czAjIHi;VtnC~ z?d{g4cKG2N@WU6GV=^ynZP0lj{E#`fK~o2ysrLrUS3RrtjrX}5?ImQv0>)IznE36h z(B=EL!;9fThkX4i4_yzxWegMj{cRjy0*+}@uyJuL9<28C{%6AV0&ralAEUkZZzoTh z+Pa?gLOFx`ml(INf7>JIha>!1+-sQL(E7LKD`s)8;dag_m!lK5?xo-RfX^Oe)DxWX z^#uw0#=?+PJUYSobb1{0I)(U+|X3aXEvvcaSp#QegcLs84-+k!4z6|;bG-Pmx z;{LtpG`@^VwHaf)jf~0Y<%~Nb`Nw!8d-#odqtW-#!NCoC)rWZ(=j0?$R#yDG;!xSsM zvh`Wfh5QjS+BjpJx(~Q|*Hn~e<*EM!SgX!Hmq*Zs_`|*rp(UTcG75ae(^Ey~&uYC9 z12)2%Itf`7{g4=Z^x61RcI<_CP!szw7pD>09!|L?^p*}DL>p(%8a93n?c6h*dC*Uz z#!86psjd4O@2RyZo>bcweec<IQht@@lJ*M~XWUVpY-RM_kM}MbK<3=c)TD znfDupq;CVgk#TmoCN@pCb1C1l{2EG%VSDkBRHSEPN;MG5@Sbde1 zRXN(%hr3Ss`&;FTO8P%g&-t3KkDZ$q+(w}z^%+#3w4pw`>q~vet|I+GHnv9SO*R|t z1C1@kk-PiRy;jURe|-NmE1d23wf#sk5`Aj|bz{}+!R31b4$b};97f+^{jRb1$X)uT zOpEqQlu;kLKUcg;^55_(@SyR=fWt)A*eLcvXR}5&el}%QTBa48$od+E+)M4xy_3lA zrgr*4x0F9e31eLEJNnc{Y=kdilj3|P{PL{4@w&5a?`O7t*qu&c(}uB)ZOKI+{OS3? zjI$E)iti}r3}@5V>Jy&-E%TXGTVg&n?u^=EzT3RKSMB%se)L@Xoa(!L@6tAU+xKZ( z=T=vl`gR}V^<8-hfWyUncXhe1dA^V3`{n%U3|M?{0^cLZDaoslc`vy&z|>d!7n4l0Z=Un!px`HeJTZyw5TigzDc zXMbiF`%G?{oMF=cxGxM{DZza=kvH66IgnUrC z`0SBye=&ZB>Q8-N%xK*GOMw#7S{huu^9QvfVEQma4y)n9t#~ zu|zSSJU@faieM<)L3Av!*X5R@8)t^c-p_pDhd%jQ(w2Ki@eAh4|ilr!{{Ee#pOqE{+j5 zEV?^ZZ+}Ma@wr)9P&O_cyAD`g&z^_z7SrB5?{7Eq8~GZHFLC2wbH`eY_FUh! zQ}HD}R+wqGUv7W4S5v3bhYgc`9Bt+^|3cs}2^fS746L@m|Ay~cR>OAYy%E~nu;uR6 z6+Aa`&tnQOnFdTEv?n8@YQvGsjy{KW0g_GP}ri}*=wICMt1=}z|B_&zi(0RQFezxhq{D!TR3 zY~dR^i%4zQ3%(u(U(at@2EIhYDTaoHuejQG@Fjcs*Iazje=P6B_^Q6UXM8n+OYwuh z2VYwcJNU{2U+94@zD5gQclLmYQI%_kh6W1#}YjcZYB4&5udZl-5zTm`(pJ;7<-NiL_B%L>bYvgKXcnki4+V5&@ z?r`F5hq1;D@5ffrh4=G3(#G|cli~em_JC{2ZF5#X*~o3?HYyxr-m=5vuM&?!jyfwwWgG*V5W$?=l@I~1;l?Q(vd{Sldu_-NupWe+n-Oiee|H1Z+ zSVxEXJnBT$es4zjkZu&1Y~|?M>F)ocY}4 zrtk3A8sN75+cuvC?oX~+=}X+r8s5tqUX0Jzc6e{-2b?L-%1(?` zU&^}HK282ee*n)0rtC|TVOo1KFl8Us1*SYNbYV(v3!PWEbpOG9z?A)0w{(v!vI|Uk z{?V6!X;BX_)qEfMjt#F|>?aek*)KM97Yc4irzz%)#K3}>q@TF3cK)dRPWM;CIllUG%`ctfHA> z;-(|z*90T|h`o6iy8CbZeenUgJ5pe1DuiF$QgWNT2(R+`$CTG0JDA%ND=plPe?fU8 zaTpQ)Ua-hV71|~rn(~*OGNH8a$Nw*LZvtLbb?*P~b515EK|xW`CLtgySg@dw;x#7& zqQ%w$ytG9x89>xv(P|4Rwn<0;Em}BgORuy|APf?1;VRZzdoKYLRJ>QJtsQJHXGjPT z2T-dVMf3Z7*WNp4pF@IR@BexJd7eCH4{NXCUGKc!^)AXZ{5kQi;crg7OE|;$KHt{+ zu;+cN^FAljyx+(Bno?p*@b~^n@PJNaYstn{oX!sIWxn#FPzC(r`C^>~cxtGL{0f%Y zD|SXG=Nit-<9Z#uMQ8OEF5|ps@fK)-bupU`@N=Zn!T!Z3z+0M9=AQfC(qA+8g7${i>E?9_4o>O{u5A!VH0*Er*h$X_-w zG0qQ&X^2ehVVw9wl5m{+Z=J+AD~>bH2)GjSvVyowC%|mpaKExUq zYq#=S*mFh9VE#<_pY|osBpx`I`0N&wJNvBAz4SX=fSl#b0v~+H#NOUBEF`{-{jwq# z`tjv})9vI3gU*Vev%7%3Qd8 z4BW0s!0k^D0Jm#;fZN9@aO3`(lYm=E4{*cRwYdV{R5^Yr#l|69;*mVoH;qkxdFWqV z+{k0S1KA}X&M`Xb(pU_^~Dt*6IsT1$7B01x8l}N`IGTGuOy%J z25eJkq?m8*HGkr+$Kwm8&yi)&*K&NZ_|R&n`QnSdPTmsi$VJpEebC3hmv5>6^22`W zOXg?peBR;CXG79_t}yn0_w#A?Zg$!J4Jq@<{X};@_cFe*R=md9JN_T{GoNF-=5tSy z-*<1yd~$z*J)bL1#P2N=ZzILtY5F@4-NEhdSOI(T8etqc4`1O)$n>eH- z7;*ollYr3(%Brs#lb5$?O(h5(d>nJuJo5S(-+JdJ_#%5Di{2!kYy;OiW4q}%K33wJ zKXd(qy1hQue}ndokCnEg75%#NvF>qwth;KUyJBn#V;^*_f0#KL;LL?>A0*a4(2bJm zvN**);6Bpf(B(+xqB=1b(=`{>JAL9^`~3&~|vDFJ9*4 zfAJ~*%kM5U_7mgBe!ASXkIeY@)OP8=@W0Ew_EGZqC#H;_`_=CF$1?t~v6Zh%lIlMmVtl^XAaO9E18Ak5@o?h%r_MYG4Ur`t@ zB4)ym|8yp?hYz6dh4IzMFItJN;LhiB#0F`NdJTI_{n*1rtW_1=aT>YZk$K(B=Z&fJ zIi52cZCyWkK1ZhTU+yn*=M%mc#&&RdOA~!iE{$$^3w$Aow{SniJD*Pb!_ddNTQ44v zI-hm+9<#rG=+cS&!qA?~adeRnbCw9c?N%VIqtyW=flV6d-N$iAA*H#hT*)~=BQT0?l%<_Y+z?}SLv`B&0FRGyKMMA@N?@>8*Pd;7y?fx*1$X`PC+)C>^B>SZ8*5!)H{8D zlQy>@f4VE%-FI#|>89TI2A+NBbARIS2J%l_$Z8j^eduq0;w%ORf;E>4D{c2ID=SozapY;qRkdkyK=6$}+$$6v%sq4| zeS63mM^-B5LNRMP*{s7{NnBDe=!+9edC02C3U%HGOo5#jA9KO4T714SV2l6F6Tc9Q z&nMnRV+k;yHqEfkFZd587t`P)(79|4hj%z}GD*6;^USPK!Dq&UvpMAG&>p{Sk}0K` zq02{jctQ$Xr*s3?UwPthOgs;3)L#BDob{GA;%H`*=XL7}pIOh|$698_=Dzvzd+#G( zj;pU;*w&$_=#{pk^l>Kp*-XA5cvmO) zI@hTvpd3={dxOrzzYOniU@|`sICS&e%cFnffmOHp4u~7}<_GYe=d_72*zMW-SjC&Z zNqr}iPy9Y&2E6%r{lgejX-Pio+~aehtpa=rjleV<`1TW~tsOSM_1#NcQcdviSBSR` z7eH6QS^VKu_5zjt#KbD^#{UqXm4!bbjkQwNjA!?@%zkC@|5oHo8?d#UJm4FhwpRv-me&G z`qSNaB(NF;{lJ%4r*gh~Tvr*Wd@W{L5Ow z`#?Qw{Pz%3Y^8Oq0XJ1%v6^;&zRbE`2J$?;`TQl=V9bZf(*rLtzAET#A9Ek0d<(K} zyyOiuBROAJLo5-rQdjSbd=MVP#0$h^4tUvx6R^Qmt~asEbfF-PG8roZGPh)iU>Q^E5Y=+(r+u@`%q zOE0pQG*>nC(91;n!grFrYk3x9Y}#9Nfbq35zJt_FjC+0u?aZwWR=q_$J@Gl0j4IV0 zUi`kqbl%SO>KHNeyVl&MdA-uvwvhC@Y!qmIs)9!9gZ(5Js7{=hyIJM{YBz_ z|A({J+?=MRt209fs5eUeF~;5s9JSB5oqq3UU!n2{WRRyd%s3;AG0GV0*t?hH*JiAL z1fD*{4ULDMfe~?*%fy!pEURPDyPebSXYAqy^5H7ibo3ez2%OSJ!E4Xwzpt+=RwHeIQy%@^Eq|X=K0C(; zpSJDC>|sv19AqQ)3cst}a_4)>jk5WwzqFU(FW;q%zfpC6pR+&x%{PnBGQJpa60c3; zUwYSC_G;G?$5GE3^*Z+KD~@9==VM?u?2&G~n*0oHTq}-4HsES(!&=Io!k)+|bw!yg ztrbT+Fz?c(dYG#i--tJePn^))0>f?Disdza4fONe&|eq6zw#`HclOuV%$|zA%|{t` z*z9-c+Z@+5c7yi5eqgS(529c5dtA%@8A|TyBJ1+dO6tnSzwt>9<$LI}tLwS;qxLq4 zUk>DD#=71!UGq>17+_{!aga%X2Tb^S$hYV z6XQcD#`l5$V~~%2yZqD#FU^IQ4(jXZj*fg#pLYKpnc~sc4;Q1eurINf(GipLH%6h? z81$-qjh*no&b{dH*_xjWqsJROM~^4=K0gE9FdaQ!K7e+3@3ZLfyNn*6Ub)}VwJt1OXclFXc+$*Zyhc0)y+yW{Y;bp< z(l+c#V>82N3gBCk|I(49M+rtB!9OR#lN$AXHs6Ccq6b@lvGXMgj>7d;&o^CstcP!I z6b|*vAac~~<4bC64pQaWZaPjZfcW@>G&e%GXt+T$F&0KWzTyrP5ra5!o4@D2D^YiN8PJDh2@38f^`z{v`I<-rGi!KEob-=FL_7{Y!8BZN}yfhe3zXf?U zi@oi03*%YDF>WNTwE+F$HtJYAkIk^2SgD=AyW_PDeXnG0=D{C1bET-1`18B4MV0&h$l%aw)@!19oLTJT zTHg30&WovF%*ZQuy}i-ct(S*hqTaA{lL~kaaBzIcU3?f_<&swPj9A0%~=zH zhsiHt+oOF$rwOm%2jG>~r#2_8J;T?Me8}AYkb0hT_Z&Ix4|Di`>Yk%&%C2EgNE3TP zx`VrS9@~J~`T|q_(q6+p|*I4x2p^>7jbJjnXtv z+kHYmaG$pXlG?uBZKvkE(09D;l%8VR`HH6v_ z!yLY`;XEKz>>Wpr4X-oZ_cen<6TR=P-sbxOUGMva#(Lie?fSF2-k%d1ne@Jo`QGRh z=pWc~E0m8zJWlqU^o90Xc=}9u2D*phETZ7qN6?^j6ZYj{H^Mh(+RtOyH7&@7M!$8b z?9wnXO=;3i;Hlm+M(^PJQr>Hir}R77i)LMq`qZ{`eJ?*1T^HiVZs4pt!^ev06F3;* zyGCaZ=1)1Jr5irB!qq1YA1hAbW8B}?>hLl2GU-Y+&fc~#u_~UJs1-?k4BaS+k8%HX z>N!z9_EpLrkB@1rv)r*xK6b1(oyb@xr;L^R(e7BMGFEf~cdY9)R^+?S=Gn<(otiRM z?$14mv7YuBV-+9QJibgh`@A;t)^Kh6Q!|=hH_w%`FTME?=Q(|pHGX}T71{;QZAX9G zkN)-odB>&uFY)O9@@=g$x|*%?FY)O7_i_$OY#H>XbR9JT+Y7XM9pV@dwv!PE^u;Mw6{vJRG^{X}Vf z?=0lnmxj+Vi@maj{sx4ORB^t8g*~$j{vsX%PZ6%n0N(0TL^>|C#{P~CvJ3j$9=RV-eGKD>ds+Js|C1P*rFD?NDVqr z82ZU!eQ79l3=Ols#QlueKURK$d-(vu@W>j6cl@4M6Zyh?-O*DwyyGhBN#Y%}kG=3r z8SOTvtZ7|NSX73^NxW%}e->gySFGmADV*0Y7xFC_LTE zXAP{W+l96Gq3nS!+Yy)x_Roknji9}$RyaTp$ZU1C{Rga6G zCyI;urf!mA-3NxsfS=+eTpz3O*NeAbJ;$*!2`UX}bTXL2E!ixN+h&6cW-{u}(t$ROw`dQY5TLN~@ zXM+Jx1G?Xk!$#}Ts_~yFD_lq)$b;7j{Bn1;jj1?EARy>{sMkO&H?2r z)j2A@W|dvd-ktDF))#`o{NnzcyD^M&CRac!8_>5|jZkzMp#Yi;tQrCInEp~Y7CbPV}s{Aj?*mAL`rmD-qf zwBg=7#Q-69%fUNW?mpbddN@XXrDqyHWtU!wJ#$IfIhM(3QXbY>P2!in=06Y%5<{;k zJu`@}&3dX77+J`p((^6qAm7_LLEGOCj0{b{GlK!iIM#{bd8u%dPhc;xQZ+`#5dTN~ zS2VEj3BMaF_QC`cE4E#>iemr90tW~Fs?R$InxmJgtEV~A`{$1HJ_7Go43OlgU|fj4 z`Wwo3I_GE_nN+MY$Qa~p6daSkISPN5uTkq8VVzm=@;RYg;uoUPZ8JRba^nl@2`&?dz!y|^3cSQa z#5bn?+2$L$C+J_C4-T3>di;w+spCZWgUf$jWFOt9{m<;8ZI_;FMVG+VrRNg#pQ8TO zQ&IGi;uVGFEZAaV4y%LK;ZdyJ7??6=HLU3dI5+f-Kd-v}<4uo$yV@F3SqR&XF?xXMV(YKHmPo^)uFQ(l;X$-=vvuw!u5}&3DgB{zlJ)A7g|coPnem z2lZa|AII!h&ZQE0W!YivrK-+J^u=X@}yZMU8;P>(y;^A+O>4we&lEIKGxEb_R% zh7R2MmY=TC(9Gqb{`2klC3J+%CI%K*$=|g$HO~S%RnmTQ?!&~ToC{wJ!(W8|b|3nN z{*^vN;4waQz169C7Qpo+JCXbUp&q+^a_l(m_vG)|LD@!c4ipb8y71q5b`QRK?_9Y! zyZ%o$&dzoGu9ov>o^ajLj|^-5OK` zKhv3&Gx2#HWd3(8C_jRoRCRzgz-(WdIfGmFz4C;H=W}))Ip-n^S?dN5efzQX-$bq) z0=DGd`c0GdaO-^5gvik#{wdpgA9E)=#61_Gm2&Ib$=|S$b)(W?e*LM|r4havirvx# z>~)rv_GJf4zX0`{ABj9Xj zb#Foo6j#mpGE?DS)4_u}e<)JPFYQFou{+U|%o=`PAn7{1!yno_-FmpGx7LR3d~jXs zEcCw(oUSFlNOU2edp5S8i?ik5b!-!GOkKesQR$Iq*D%LZ92rz+`^YudwPOn7 zi^dhk>o}KAYfFCCtBZCT&~yuqjT;QOW?li&JUzAs;?b>(wa>l!R252;VIyY+H1`g zZ%N;1$NY>AX)U-F{@BX8onj2d!&(`W&enCu6&@`7u>G_Ko~#K=KI^?JpHxP=uZ^#+ zu4I>U+n#kJv5n;QTW_V2t0S%BIr93IXulG$QT^|AAZy95=dIVojlvIIT~+N!{znYI;&qcht^SQ)#st;~*SOU)zexYl~v z^Q@WFvR)Pj$F(1*QMSntE3Wv^=nxxr>VLiEUpDJTU%Z_8^Nyzhne^P|hDX-2CSFFY z`mD=nw}f18R~G8*gWY>si}`P26I3_np-fZElv$^v-TGT*PiP>=!8Y_DwdulR6YwZS zmsk7R3!vYq2j(XV8+{}EJkjz$hi(On~*MG}faOYhTSc9yr`N?QYgXe z*Ia%7OzQ1n9$ngZ<3B{Rp+6>gfE)X9W;go9XRYsUf(}yo!8fV(lYu>J~rZ|UY$U;qkOpC=>mGU1Rri)x^;;U`!JU}3-D*wfQv5u z>0AKW6VuR@TZp^p>`dDjWNkzK9^)f}o{g<@vUTzjI&SgO4_8W$l3Y@Ku52-J z-SCPix%p6*Ve~A9P&wS1|iVex(8}GYC=yFB)RDzT#q+ahk zS7$uSnP2bu%PxPv51R1Ca~pUA8|4X|32asan^Rr8!LfUWVow*<_*2@nWq{k}(LdNY zr8B)P{<_*riSJI0uP{0{d>WnP|1`ehIrz03Us33TUqg2hhgYN1vJTIlN6Bt@bp&1= zfma(naIcl`!`EGwVU4f&>IW+W!C$=E6kPXip4Ia1HB&xVDV`5b5>t*2JIt%&YCS81 zxI*nGvd{dgVeZtfaN~~m?3m2p{mJ@YDgKAT74{j!!J0H%Z!&dQ%}**G3Vkz-3<)-- z88SIHy$JyaQqeU{;-RKjx4%mF!RYX>6!+|oagR**EsXNBxSyj zr$00?4>rCg^oOre&&lu$lz8wr5g&|xu*dcFpd0LwZh#(b+r3U~ncL^7PM_bR&n|vm zl~SKz6a_}C%N|pQbST3|;h{mNF6mL?q1~NVceu_zKjPN&$k$t!a(=|e)YZvcbe?I} zt>nL&1r0VpgTXxP`5nyFhjy6=W!=3`Kez*2-U_Zh$-Cuxo))_4bk^07BinL_hyR#$ zg#pZGr_DQBuuED@47L0yHLqTA6Z-DcHm>s=9e84>P|r50FGGk|ImeDc!cL0rrH!Y9 z@o0>8+R-2LGD5Kqeq;Pr@+{^LUGB7Cy|B34Yq!WUfdTy^(NND2JlOp>4PkjqdYB0-a*PKU-LV}4*5&D zr~I3`24*q7IiTxCuK8{s*B4yL+5lyS;!|v*P4|rCR3GJ}9(p4|9(1_0Agd-{zrb;>+0cf8|rnp+3{!4HkY$`ny5>JbGn#0oh@F5FIDnb{vP|B zLtk?(b7HSS5p(sd6`#cT(bt}ugim!HK8Q*9RNZf05}&00*t6JTf(3P}Jaunr175PZ z^t&Fo?FDW*=zygr7AhwcBNi%xA4<5k4PR1j%S8tNwh?P%_ES@DA^k??z$Y%2%rR?p zLC60qf3N8`ZBL`m@;#}oV%o2x{U&Fwa@dy|fKdimg|uiA3o<%8Q(;)icF{55f2qBlM;8=Op)2QN|I$;gA_)t}i-{ZE`k z{fF!9^%?uj$1}QoxP_U_C;DB{K={%K=wLATiXKsd9FWZyL?(nsTJhoV;YR31=f-z- zW^FV+h|zpoV8J`lIRZX>op!uTE3tlBJ83Te$I2FHBRqm~XM@AR0ikc)`2I@SD~jm58JG?O!Yu%#lvp$r{53|z$bQ|T-KT}of}=UAb8 z-Z(bj{S^B3zaD+!a9x_6?;acT{kn{#eD|HuM`v~*|B!fXUawI04{9IP84Ul;`3ur% zP1~+s3E%eN1CacS0pp4I6i+s8*GC<#(kbTv+tEHFk01LK+#gMTi8=7q>VCG|v_^!Y zmCV6B{)+=4@rDR(M(FE!bc)0H&kp5rJ_|m@AxnZsCN8m#sNcV&--j8?A>K#wGLCtt zv3>*(DTEg%Y=R8KV?Kdr+jDH+Yn@Q@JQ#R}XL8<(N8dRfy-e(M>q+Qm`+k4o^msU6 z`=c)~d!z?-(aWJc#?+LaG)D#oP3);knK!SU7QudFzk0rpI1_NN%C{Du^P}KdANV7< z=qoMEM}N;Z@U5dE^J1P)=J^z!(~n%gHD3MH9!u=VX}(}d zegs?9w>B-L_!8wwl;1fr-Ck?-{o&Z>zG2YvieP*-vZhh-p^aY-g=biXW~{l;IM;`P zrC=wYbOL`YgFl^tK-Q~znXkJz@Dt`wIPlXR=zU{%`=P7x!2u^X2LAsmS~9!} z-Xh)h&!5oG@xT?{A>M+GwxY-yXXhJWF2!dwM`o_+pF0zdf_~083Hp)0a3M6c@BF&6c6U;lAou}iPTx< z=%=e$KhK>u{&UwUpHl?=^jpMEN-w)-Ah_BMj8gTr2lv=G?dogg9(ns&{=O%{g;f0h zH|jf4eeLiLzmew`%+`5|X-V>2`~HjJw{`fhi))JV!IAOI?;eYofVUQ4Pih?p{Q)_! zCzt*9nhVKu=}%4Qs1>Z`DA%9hV*0ov&B(@L_;m?9q8^^A^78e+pP3A?%`FLVVoG&zm^U0Iwbg&Z?+ zp3roV^>XbsSOpxz^QnJRu*x^as>*Tp68)Ix8dr2a`o#n*UU-=mhsT&b@c6pSUcTTs z`<(ldM$Tn5wjFzrfp>4>rL^DPE#JymOR(Kbu(M|K?P6@gwuk5wcD>eGCczJE+mLluCD@zxx3takj+Ae;)>0Dm=a&T2^V_D= zW{IZ{%eW6ZePI7#S08x(my~+i#!~iL{1C{aNz*)aAV()%ZE1h^ph=~E)}R;z&tBwv z7nVg{Sl$RMOS^&P*PZdSupit5%co60ys%_ErD^$Q&cWj);PFy)lPemn_~f-#{AOTu zGccO;GrPVk!fDR9GMF3cNgY=){ol;ECiA<+Gp%m>cCTsxj+OzC< z?MKnKZ{dBGFE^Co!zYv;jJHhzujg6udyymep}%be|9i7W_?2y64qZi=D=A~n3`du< z=}kOVzWJ=?5#PZN0ghLX!sj#^+8aa6NzkXYLX-1=J{Wi^#!GW-?{DV3Gy1Ic?C4V3 zo&s&nwv5mi zK8x2`_)_+=C;b8Z69*QQF3>l>;A~6Dhf3gB>B|Yt1xB|6BfV?joqh}14|m%b_RRF_ zduKWR{|g5NWIP^>XKqGUgHA8NpS%+prTp%-VH{stM2%j^>E}d^bF{r`fko70mq6wI?`I=j3Sx$7{0Mu`s#!e=RHObq0I`~ZlW*g z(9b&Lv~YJV&$WJTuWhC^KeEbtn6>(+!m?@avf_T|%FT16{kYOygeS;DbfE#EAE;mS z+hNMH%MX*Vp)m@X=lz!l(7jBIya$&=7o2yuqJ?KcD+|Ux%L{*9{H6K>pR2 z@vBjOHsxEMv&(MJVLbvIY^SWrk#bEi9=$6V*WN&PZPwifAs*`04_&@0U5+@1q<30> zmF$wgrJTHuYD4E+tIk~U=0n3n-_;(w3dV$;=JN1Djd>ztWGvXuW{kP?xmIJWV2qaC zZ|OZT?w_IGZas;he0X*Zv|L&aDyQ*wKhhhwUeJTs_aovP}*nZ!y<0WLxkE+U!a8_?sr?0npFMawH zQ|~Fw-=u6s5W63KeKUA?1$>V)OAq&j7mc6|?Z?*oK?AWTFMrxOO}wQKXK%Xmu$S1b z)y$jbf%)2#JLuFCmdCCS;EMkSo|(b;o}>1nNtJCE%d+#U^x8(b#$`fb7m_K1*~1 zzGyBLulaNG5lV+TNWB|JSx@apm)ZxtN5`T&<`Mrnk~Xs`Kf*FORAQ5@co{Z5{Af#O z^(o{>>A$fP8Gz2d`2yd7&;j_w0sK`5=JQLR4#>``=6lK`rf(He(-)rNeC+c=k6ZJwet z5!43lMLtKr&Dt9{BztY^A8k8SJWX`tmmNADdlG$T7JPX&`c6S9XJTg)A63epI^wd{ z9j$(7UE22_EU2*#7eYr%Zkc^#)&Bcl{rIJg?|yvcOYg2aKm6`qY-0J2R7Uk`-(fCg ziK|L3n-zYyfwIbLp>pD%MVAF%n~9#`qrAqOUSsP-=w;KO-|@rvS6RK&9&K=Lnx8T= zv-;k7FW0jI#02Aad04Sp&R&VP?tXveBJ6)ZbR1QT_}#fCMtse1*}d#b0G9H1p6tB& zXjlH)T;l5w<>8NwWhD8dJKL#qDf2WPcrW9(li%gw$wOR&i;7>^Y5+raNw zew+B6%6S>~T*d%i$pTLJpG)5z%$McJfHgaPCzl_U=-Kv;f zKRh``xjxk4FXfuDS-P&_8n~qE8rwF;H-4_e6Rr3Poh$H9;JwzfEci<+afW8g>n|xb_r=>MFY8?*#d$KqpTPHS^`Jw(o_CdUTQ2S)a z>%n?Ybb2rztpF#d@;irEb8=XV4`}@-3QUyWBaEJq*e8?7>9OVe?34MNb8Yw;Hka*- zbNHEf96qF^XPMuB;s?M#8~g9>Q<#VD_+Tb;+lT)4XPo%Ff4JM0cdmc%iq!R76F-)S zzbQcuYK>59p_7o4>(Ck7@U^*fQNvuUWiG_GYnTID_e%K3zealp9RIrOAG~$?vHrn6 z%?JVPJs9Q2(( zNDimTXJyKV8w7iQb02J_4s>H5Fz~0bmIMEF^~We>iW$Q!WOGGHFdjqC_Ug`hFL}{Q z{ju@LSMX^P<=2DHjll4EbWzQ(Vk(5o5o8_mZc7LKpZiN}`v0)y*(mYWIg|zeBo|zH z*~Ygzm${wa{rvah-9hfXy0EJ&>pNH1RlYp!<7nr1KmYc3*8j38b2}~Xs9*qC0wkZEwY1a5tuuXqN&O<+Tcpyi1DYoq-Yg!@jj@*Up z?uDHXT#*Z#i*f=cUhyO5#R6WjyMR4;US<<}dowv-l;^G$U8fEG=iJMPjp@bSL)x1K z%xjsWMa)r{Z*Kl+=gMFv_Rd4hEwEOf`pM1*uYmuwxfcNYi;(N%WaDt&20oQq`kafc zUPfP5Yu_4u$)S%Q0YB3h>Y8;6@_8=x&(geSG#{P#f%3+V@8I3sOM+FmPqH@uvNkvL zD9(&)d*@qeKb5w${w#ju(%9#n|Iho~{~!DGdB3^BRi#G` z!AB0`-)is;=-Lz2pSgYo`g;?cSOE@%zyZjKALxKIb3Uu^M~ltbd{{(cXK3Gnxw+XYWrsr~Lst?8p9K)dzur&0GBg%{XK5 z<##HPVc?tvU0C3BDLCDz^#pKQeC{K7LyqW6I6VQJ#y@@YI2)(m2trrL#|ZDR@#E3? zprq~jPAqz--(ORT0t9g zx3(4gXurjt0^2rf4BNKR8q3Z>{wif-m5dwyn?W9my;oa@i}0c0ciOzuI>+|QF}6

    mABxj4||>0D70=A6+>jxl@naIk;T* zkL?pQedc~M{cy|4RuV6|?XVTU?H^WrF5j_V~G4;?7la7z6mpizKr34bnEw9 zzseZcmuh&7@0`$T_{%ThGX+-Pj;q+0dXV`lJQbOKIx_1l?Cx){u5=T=^)meJx6YmL z+-a=+_8lCWgg*3>2iaE*kCpD9&i_7mYF8XQZQk}{^uA@_z)W-u^c|Ho-~a9m^Sx|~ zO#Z#!^wT#>`DQxbOvN^&o+;pc82S6e`=6`~*YR#1cnJ*N9ZmaL?900bnOV($9XcTL z!Hzeya}0&&*>PBcL1Za-IGy)X!9U8j@$RtNTS%Q#Xm4_2o?f|=++0(@ALglbGQZ3f zw)BdmoJ0##@QeFNz+JX9}e9lj|q41^94 zVevEU~obHLoN;C0TTC*-4#$I2mFFwpuo1>Kb0cZ56 zF1L&Ik}C5D>IK~Zk!FTpAD~{Il;C~CbcMz zRJIBEp1`g1pat<#xBf!vX_36fe-@k1__;2!CWL0)YCT+Y26-dtOD%H2lp(*M`(9;d zP{tz1h`}BDRYw?GWW-fh-Tq0|w?n zbP?7@OgoCbbK6&67G}~v<%y!cG5g6k#oh>aUxkh1S#~_-$JHAEG=z>B_m;dL#2wFFn%O{cFuY>=*b z0DdaFTrkDn><-?4g9aMeJJ~_GxybU{`;m{Gx>{<3Rb|Na@~>itUWd+h1Ng@KB|KYt z7VD>6Z{)g}>o-_)S_ZCH!gsNypIHXp8G4#)>ltcyQK@_yR`b2Y0m&vVk`G9Hggh+C z{Nq^ICcy@r6&`z^{WI6y&8v8=`0RDNY(CrJ_%_64T>g3iv1s1?MQPAaI`pyRd>dca zHQIKbWRGM(8|%qh>yWJ5wV-Ule&}$kmDwfhSO;BEZ{=uzM7%!DmUZXxtz=z2uyu6_ z`5QO`&R+X!6byaMV}WU|(HU6twSrZ}TUc}FJAG?lv%~hISk&zUHz$Ler8&|&b3%>t z-e0+$XY!dYlF#(dml>a_WRKC`@tb<<&{#AM$+Ptf%8sy>UX|_3?2>2F)3m?sHTbd% z$IhKL9RGu7hCc@~4SzmxBm6ngE15r!@FB0!U3Rc$2p^5U!rBLHNeJ2gSTJ-DI zQ~0V^R9F|9oFv%K$K*4LY=sx^h8}le7fiFJ4P$IOYwh@EI0u`9k;e6|n0Nt;p{jo`?LRzQy2Y8)xg*UCH&;D?lAL|9rdkJ{#1|HS;1`k|8&O&^0B|cyQ z&c#?;viU@2a|>VCWL!3Gs!zgA`xhVFv*eXvPPG0f8|fV3t@IVfSHqmuW-$)hSp%#d zMP3N@YWMG1*29JQjO9tYAKvj?sPT-)UV1jszHA7MPxe9klR+cvG{zTzdzLSQ{$&~3 zIbd`Q*5~+@t(W^HYg#*P?4|#O#06Qovf=xLYQKdIPd)Ig_)z*OTi?$bLK^&S5j3Pd zfF;n7cwT@thBU^NUJ6g3-VgqV^?t?&jVacawR5de5+BHQ1-zma+LrEm1pTx2BF5;< zhsLA68(IJd_EE=n@abOW|32owfcd}gQqINz2LsH%J@59}JZTq#gL8n@N_Y#heg`~P zeQ0$1KrUbTUA=wyGwrV)LHjG2TWp9ZI)T~Gc(%2rk}>Z-%i7YSv#MDS_!r<|_FU4x zp|qbzzj6$pKE=`90?ngllP{C}I^p@2@m*_P*E6q1pJ$z{82Gj^#x>ZsO*!~27^8`G zpw3&jqaO%&uklrVu?0Q~zP^JDe(&jEd|tVg|IRgqRr4;js?1(@>h-af_PbU$-;m8u zqUg90bYkI81X|z1d*zBGcEh%p9K7|OPt~BdP7w_J`H>1M{thsEuh1VlT$~v?#5^VT zCk!;Y*?S%MuigPx?*Xe1nX8Y%-%jR=^Vr)n3*-Cy6vhvruN>rT;Et&!Rc~_s?LWR6 zjDK()xgl=|#{Yr*{-BQ)|FFLm=d8!(w?&Wmt0I9x%>$&@FJ}xhn8TTjqaql8y5jwn z@2o7!@4PQy_WXlS>;pV4gl}b#!PS~T==IyRSGDFrAO4mI-}vCaHoc4w?FSaUh6m#p zrgO$NIHOp@KJ10BB)05U?r-Dye)Qxlc#VmHTh5qfFs7Lrlg^oe9-Dw6e8%z>yuP3L z@STqQJIjjS2OV61UUeaQ)osv$b*imX`KjBDI~)rwNDruEZj)3YayWe&5gxPr50Sd|DZ9>!m)~H;?+4cM9pG8)kTTc?;F*-yQi|3s{Z zbl6*&&x5pmHFKZG^)T8Wjy{}N2f?R&@&F;I_ z6ihtQq1?@5Lf0=qCtC(CPq!40WOTuE!SU#Hc(8OqhyNDQr$xXby3EK@(=WkKzNH`2 zub$+1clgu>p0s-KX&wFT4xhUF_P}oNW1band&nNIWaf|gzO$OW=+)CprL7CnB z?lo(yD~c@eKgP3%c-C$y2i=~oHP#)%t!m@rn2~~8-O1}HeUEth{@ot>Zggd5e!8ni zbEUrD?Ctw5`seBU8WSgSq22eb$M5^76X?6^C%8Kt}Tsvv^ujmI?&~Ai&MN|5${z}(%zjOW3>Vxs$ zuaY0C=GFZxnLFmTSHxds{l&&n7?Q35AviPWCg8MWF zB39g$asD>T#Gv%f)%t{ZZtv#rQMNbj^!BAyW#sze=fR_IhA*WJcg_XN?M2zN<~t~t zd4VrJjQ7$T(=T$~m+5_a^DVqj=B4Sjt(6I$VDnGgVdMK1j$hICC))eF@4Hwwf8u;8 z#kLw>;zTR{5qUYS)9|q{cd`-JUs;%cMSts(@WdczqhTX*UfjBAh52oqo6rV6qz41} zODMN<4C`R{wtVPPWl>~_{>uJ@IoVf_!;=j`eOTK`~%k)!29+g(A#+Ywb|%Y!0a8` z7LRjbJ(D(bo&9#TivPU(G86yl_SFk>^;!0nd;+S=tgZ4)JpFJaF@Im7PS@^T#2&t) z9NX^o)|EPchTglG*9iVs!FUJb+R3;w9<}02$W7tynV18f2i7`1hMe@!CSqj-k5~}? zRRSEaZL)&sG9`>Z>@)i;%r}<_9@d~HmH)bUkhNtgu-p${h`^I-fuHI*zE@R2@a!^~N~A;+}Z+|QasFYFiUuH43c z@O$A)2Z)i#^2x8%tI|h)k(m0#^Y$~b)2_AROQ%`vXA3@~G1Ogc>%&XgXJz}hGn?lz z9>G%e$LP1l(~cdKMcGWgcfSo>X@8p;Onh7F{T5o{p6ls*-PPdrH2i_r0zYicG-nQJjH;&EM^^zsDJ*Ax$4uDuPs%7T8in(?1;c;qIt-(V&P#g z@G#K)c=7uyYw$;jP9x)~Coh4M`-+*%AO07GbvUI9 zm10|N{~CL4uE&q?ufg~(bhh`9BX^$`jDP18#S0AT*hbsxuk4vGi+9XmT+{hyEaIJO z!rjD6&Y%zIO13`C8TIIIQRzv?g^~8nL-!t>I26E^Z9%UcGWX3;*u^`he{FV`X6s)UZw@e6Wzv$v}d=>D5 z*ktD5X?uTF`R4jZB2$9#@RNe8)q#FCZ8`Ms(wBE^-fQXeUGbX(Eu-t4<=~|o!xy3b{pUsY8F}@e0J5Rt+QR&bLCALS%i!w>WC}dR$T`PnKNuWcgKo6loJUG7 zkDlV+q2*li0ER~d<9_&cQ5HUFd=-m`>rai-(?0zOa$UTmahTRE1EJfQw+Qquzr6g! zxyTJ4bLb}?qt?mgG!))RotNN0H9mQxf4)eZ4{a_+4yCi-xeXj!&-Xj6U{%IAtEve; zydECB0bZOj2wr|>A`U1pz>&K(R_OQCBft6*@omay#SVx%l0&Q>ZveTQCN7J^`@BFq)+jcui_I0uSth@fWw(LzUHXoki!EqbEoqPlR#E+Bn z4H#eHL-cK>URs?uc<-AFIqUkp!m79HIL`}w8UsFE48FKy7JrdF zqdeJd=wSP>W!sT~`>~Y{U{4*yuI<3CeG|L(Eqq;ywRs17`p`qfLBT)Dz}s?g8M^4& zcUH!Hm-e;iy1X>uUmU_b%YP=@Q@(C!`%o_YO7gZ&IThq@zlNM^z{Q7eOZCqh!1$06 zTk-iXYFYe988oTbSmogr&nkZ@6?f8XJ4`k&Jlp17_A~EwcYLgUt39t?KK4Urj_vu) zGX9E-`v12IFd!*43FgbztgwA zHH?{eQSj@>+#d>L5C@y-?1$-V@@i>6+ne-NG1pTH@*-}$8ap?7@WfAA3Uu)n|m zvUi%SxM-eui9wNtjJJXBX}b{l{lNcv{Gkm&;}6}=bFV+NO!-xAnHW0dF6MeUFq^|X zI{8HYG6$Om+LRu!hEjaA1%Iq z)g8Z5nUN}U?@+C`U1-V#(Sfh0%&N+|>)&YIV3#2_;e1oisisUJ_uJs(+u-dk{ z*-tIV1&v`l{7P`iVGLRu{pftwS+P0fm)Zf}c@8=CJaQ@w4Mb-Y8vj&~m=fXScFF2d z-~{%fi5GiIaXPH+5P#EM{;~+)92=)2Ur%q3E}DqbX+Z}_=Ib_0<=4`>wmaXaGT-5O zK@&%8^9-jPyj#9Hw_K*m!Dl1zCvQ3Ry$t;5{JV6~!5gFC81o%3X1({_2JfAYFQelYih;iS>n6vS*bjPn3{@1bm`X`?KLx+oPf7?~Vll4vM znA*o0E(VrUnTx5uDw~)2LvIsX7@2|Y2i^`H!&(gZsCZoIelG2HttCUZ;<=*RS&Z3z z-#WFhDy@{Vzu(~bR%^Ax2HCz*`H|%tg+B~h z$NWkLeg!(cg?#hb>DHZP&~Q6ALjtqG**@Q$5$0Du;(u@-9&g3-N;%sk&AN2obYFh^ zRA2tk9NHU;9%lB+kHj}s^XjJ+%++{o0(i9cx6MM9mm`me7253X7gqeA@2Zwa!zLdTDO=$2V#ho&j z%57I;&a1vC^fWOa+W(tN8O4Rjt}R10hw~^mSawOxtMaE81%wm6X07|${j+1S-Fnth zk9ddtFy8lVLzsVT$8a7zKz0RVhz_yhF0L(x4-O}OSuwY+(r=kHVe8$#J9D|0FD6Dz*sv_^ zdr!0Xy<5Qt)5#ej8(Dcg+89?G@Ms0r^0Nv?<)`73NV~|${<>d(X!5H6622Z~T=H++ z$~7Gv6y{!V2?OJG_k6OlMzVDT&qfA~JQ2UuxXpY7?D>-Yvl>_prLO_}O4Yxy?kvTR zlw8JYt`!a=H}w6FxX$*-Tfu9!2VTEUffvc-llBMrrRN|!tI<;*XWvo)9?&${oFNyl zc!B4@DVKdqQNaNGe3kg*AnOvs%b`K^81V9s?VsR(0e5&7#OF}w?0c;Me=6V;h3J~% zf8<^RZi>kf?@w#4d*0@`#o%=eye}*X##``bS~b4V)ic0-@JD<&297kcmtQgJ|8*0- zu~S7W$Y$CunS|V{86K)-9EzVUr~ehyHxoWq%3KIWl7ph%yvwOmbHcY}#Bust3-jTX zChxCkqZj2Of@`ZUUvN=BKb0*(pWW|#&}l9CFR0t}LEm_3Dk+Ac*q&F#M2W6^j4yB{ zV+B_3I8W0!!I7kK5@%n}ID`0n)gR%OV(ZoKCx{8pAtqec$Lqh(^xxO~KPmlRO^p3h z4N%NkiR#47qpz~-n}WWSTg!F=Wm@Ww@KC* z__#969<%yfB%6``9~C?YDac|Dt>G?MHvmD`h(8)J( z-K@k~Wx4#sXI|9hC&mT@PhCH;Jx=j5(dDzx+I;L>Xwv0h7hvall3!oUY$7*lO$p&>qXh`UT%6@tY1k ztjU27q4SmTU%|CvWeX*5p}SW2zWCdWe=%z)m$pK8?ppRf=vV8kyWkN!M^Q&((8QP% zlQt*}Pmf>|{D%iNy@5@+vqrQ?>$uMPr|2gMHco7MD|IN=SM@Y_>N!Geo@{nMx;!x6 zQ?%k=x`(k-kLuXQTGEd^b+l8*n#7vd=AyK7KeG#5^;>KFg472xO zKRTk~a<^JpU3(8E!8^U@K1wD{WM1{VI0z0PL$f(&3wodC&h@39J}swDMTtJGC|WV< zxP79YEyTR7P>lRKWP|LKnxO56SY+9Lh);>bfcF}`sl12%3~pZrdipY#z9iv`XFo$v z@X^>_LPqRbPvXk_R^ta<)h4i=hvT^&~wb5PjvVi^tJG0<`A7FifnDI2IhRXg!1d4IqCV0l)(mp zr<@lW%NU0di;CYSKYM_+pbcFjy|0zOkMDNz-3xrz4tTv6>QQayt z8JWZPG5EXMFz?|#Z58;2oj&ZFnUGVrd;>XE;mE0(jyy(A{dER%LVLQ@cfMbLsIY2@ z-@0V|9mE((PE4UK=;u*#;=26P$2f+1@uo+52pAula$Ia!fL=nKP3XUifzA5gS@8`m z#wJ5W7{*5&)>7hz+NxB?%iz%c2Z3q@tjXWzUS%pYvs^jf)}hPI(l9Y_-^;x$RPIgwFG9qt~O>KwKhKQ;QdT! zSACNXUr0YSrVXv+qhx$bnV)uIA+Cfzvublgy?n$Wq}zSFiEkExS6WA{^67-_Q48wUy}SJVdfs2-1r-G?Kd_)`HdMD`C+8{Zt=oGFjigOXHohd zo(e4#@GID}el!HwcXpCXr;}VdQyKFdi`Z>`E8(MVE}eNiE8y8(;Ho#5PF`YdI8y2O z=bX8aOz&D7?t11~e{h~z@X&VrUfK9$4+4t|@#9S)J_Wybb2WRPd=9TrF0u=W&0h-7 zys{s22cF4~TS(p#1LI-XZdu4)bjDitDIAmU1DLT+9A7*R+GpLa{xZ#1y2-<0uk&Oz zuNd>e$_V9#GUs`eokh-r=g4_bLe7I(0ivI5Iy zqT3%}-+m4G4~Ei5>FoPk*(Z-48kvai$KfwS!0%i;*4^+I*(%IyzSif8X|q+j^F-(w zSu6h1Zv2PDI>SG-{yLO0dM}N3pN3mWrhL{>)E8mH}`D8IR z#5Ih4Jh(H~jDLmlF1%63e*W?3U&v|s*0i7B#r4I|?P73UYsAt_!AIo89C%)8#Zd}sjj!;AZ}O%nV0kL4X(kDjy9jUn0^w%bSw>Z?oHYs9kxPaaaY?el0m z=;+baz&lD#Qt3sDw5N@nq}}T@HcVphg;~(j;xuT)Vvh@O-3O1{iJkEr_s{d(=wHA+ zN zzR(D`qWmKfa7FwNe|~aaHE=_?guJ%%m2$t6Hq;-@nS8(NU$ElqU$){S=#%7E<8#jZ zIyp;!OL-S><}rt{VsLhZWq73Ql~;)k3d^rh?D*qdeg>>0cVFVY3-3Joo}@$m)PG!f zYtB^1GoCt5qmJ#)dF(}+vwM?tzRg{>kK2z-3;O&*^F6<@b*Cph@#ON~Y|Krze`Jri zHjwNRbkr5=uV2zi*N%n;7?P7F>JoX+HBj z?w9wn#`(Zszk|P$1HxhX8RTCprc4_6j1ROjf^VqAD$Y+!w=NyVTurJktg3Id*R{Wb z43z(j-!-COpWH_rv%G8?||pq$WeOPM1F zzC&d{J=(`RM;`dvbtKEuRn5{?z~a&p`Pc>sl&0!zU-;vA?jG8ayR>KN+SnB^MFge2SW*gAl-^odMQ9i`L} zP3UsimtQ>YSi~1wjXjlabOG56tmRi7V2lmeRIV-{yJ2!~Ys)ZXPa8N@&wm4UMlEsK ztYoLVY9j8)^e5~KJxKZE;b8OYhW{Ac4rtySy?>GB?Xo0$yxVyb z-TXUsB+-q-Q|3Hv^OUz7|N7x#+aBv>e4GOl_82;18g!q|Tx7sU_MwAh!UO7gwwm#+ z`8syRjpF;6woP^hF(0EXW0y$=?4QS8hg|ll3@4}M1;j^03iBT)7n@ZGT{GX(pQVG? zK4U*IIsWExb=JfBu7hjk>^XpZReA08v-9EiX|7kEq}DN^HrA}%wZqpJ+28e|tn?`9 zTy|a_^en!OAVXxgokRVKqm=%pH9gZuzR8$`fB7m~Ct9oeA3rnHM*M!450g6nlQzQW zUXjUsJB4p6*o*0_$?vr~GjxzXPf^?SS^M51#1uuP_wil9uFjQeN8@nYiC|kqrSlbl z(`s+-aMRvewIO{T{Yr6PYNJk_`5bQbfZZ?EKBczrvSZ^!a2^7{vT z8^-79j>|iq?&jxPp81jfl{!Dd2gOHiamx9wv*P|6toW_Ye$ES6hi8r866>puUf}F8 zY$28@iH?eGohMuj46*gXj7hZcIyrsA#X+-%YiOc}axeE(j(Q|>p5r}wfuYNDIiGJ0 zd9bC2`6bhjp4vSxblb|bj7(qpYn%RZyZj-}ei`DMKka{dg8slYd^!dXx_sb_3*CQ@ zeErwmfKCODMHyF^Ik^wJublbB7F|(Kj9E{%sBnw#rpd0YM@BDhV5)N*J3D)A)L5dTFX%!vhP}E%@x4*_NmTVtwUh(tP*=QT zp8Q{SyyGRexb~{O9-M5i+RyN%J(b5ehcQmASFU|DAve1C^je2cvp3}YRQ%du*P}D8 z!$a&b$bWjd@MZ`&0*|qIu3fG^Xqh}5i_pR9n9G^O;jc#j36H>5f(O|)Oh)rdAbmm}>8-JfV2iw6lJ#**5 z>z|7~W#i*bEptOH0H6N70$A^GVxG+Bt9j_SqTQLeg2F?iHe_)^HadQqmgwDt} zCz^Ap1zRPVzMcF*OM%@&{;98!@&E51fd4{Zx72~ZlRwDhuR?zNk>Al(3EEjS&7qxD zK~u+Xv9H#!K4;U;m>y|owQ^}YdWLJ;M*9;#hhC5YZnts0rbRKhzUF@?Zb!Kn3TeNX z_G6y*%TwBag!ZFmO~~V8adRaBSG!-MdhD0hI)u|{eXK2c6Tt7w;Qc{+Y-#8r>F6Qe ze$R%N1{{4vanRqQuX)Vl@Gq?kl!E| z`I&pSKO`IHm0xwPY@@C9(z&mePmr?=@sYd)PE5Hj82`!*#CtQZOHXBg8+yupXF*%& zFiAQE`P6J3tatM(zeLYT=S+h-;6C5Rp)&gX``4hk`QRD29Iiue!lo_axi{XmR{eVO z+|c#6z$2@fvr0?xu7>xX%h;op@D}7>dFuZEYMy)jUEKee7#GQFS1#Imh=UX2A;6<3 z!KaX&zR=gF!l#78d=~@18@2a^JQXk9U_D&p`iC7n?T$|xdPM*E31juP=g#E{p657w zXb*6vv1cwfr_3c|cGqX^KC3;ACl7ugy}(`Xxn_$kPrCMR1#J7`sxL^tNt|CBo+CNS z+@TM+JVWwuI`*a?zvU8Q8g^RRqm|LEPhC2EEqJ+aPB7jAuWLtli0lVeZ&K$W*5ZNZ z^T6|!8tdVG6S2#f=NI6S1^Ae2!E5Ow(nZmAjDBKtlPQ*cCLwi6H@On{NH6K^?7cBM zg}SAOpg&6wSw#Pe=wEa?&!|5-!|<6z&V-7DZgPrCmjOpVH8z417v((5#y3)SDr*Of zr%PtgAM`zg3xB*GTu?j01^Qxefqey&!G&OdbaB433gN$B1^1wn0CeKo8}-EB)Zb&< zG|Q^7l_=}G$%^~SjEoRxr2}S+vqsOkgX&XEknR9^ejs3#+ zsrHNcrsOp9%|7(K_L0~x=u}_h+Zd$AYH?j-KM;17%EEr(AOn z<-B#PPVun@%DOasgt(ZYj-SXce*Bw@z5F;q!%n*;$O7%f+t2?xE9<51_TrTz3yO%X z3bGe(Iy$0D=QliQ(|IP(Ea%VcAE~qH{l)V|@27RyGk$12fNoMT0$mY49Ib#}h|RZH z!+uHeJn-V7yjNUR33^D;D4VxxJpul@Cn>+x|0C~R;G-(f#Q!syOfG;$1-um71Oj5b zRIL|`XqgbMYO7Ydx^=q*0wUtBQtblbnn1XSu`46BY}GC|114&X2zA-o1&yMJu26g3 zw(BI5Ndjn#Rojji=J$QxbKaSEPR?8s!|vz*`SbbknVFMw-t)ZA``q8>d0u3ztby>t zcyO=(K8ojMe{aPpcAO%g{K)_@?1@ecM*3ojotDpDo8(fRXFS_c!*g}iw2{+XR)j5- zj~#Rxu~cmXmD+p}uzWllXdc0{BL5`T_Dk#^Un%y_3_Yhn=pp75MkXAYL7X73uHppV zIn$`C!`{0n??s=H!*AC-Np4hK8FJn_hg@^|n^KE3nKPGU4^lrbdaFusIXhU(P}Rh3g+y_7&H}e#)Q7*`3_GoIGh_{}<05mAnrfMUFQ21oJAy=8B--MD|QX zZgwD_we0!vwQ65<&4_Axe*%Znk?>u3K5+x=fu$!~J7kZs3Y^sw2eQ|d{9nNV^0AE= zp0Ap-A)Gaifa}@ddJ=0j85?o}>!tP}7~>$aQSd9ZLJ~V%g-sH<9^R(5a3*z;SEA2n zNiN$AUxo0DoQr7M5}@Ob12bBWHVtk`w0U-hqIZ}Euk zU$tB5LVxIV;D(nU^g(CBt3Gr*_pKRWjSY$3k@%LHFFIucb7%)wVU>d?y~n6M;vMbG zQT(IX;G_oJZpN2+b&_?Yh+b5FA8Qj}f0}2*;8C6tdK9@XduZaDiq7h~8ktT{5M)>PRR#+p{@HI=?sjBT#zKe47S zD1XG*->tWGSBji-u60~zDLt;^Eq5Kjwn9EB+v+;owvrfreXR9Fe&-zTo)bQ zR>iupPCo3~ukv>lBLZIYKCk(v)&3hYE5bTzUIE)_&z8>4*(Va;c>ZkJ@e6d%tBo7cJrb*}QW&pEn!tL`DU$v(-DR;Z=UiJ6|%M z9dTN4r!Q>ntUnLEcp-DX1iqhW#R5~2PryDC*!@BK-9Btg*~{5(JTEo(Qp>*-IVAam zzH4}Py7BB);-A`e{9AZ#DRfkqPYwrjl>KjsQ7iq<^EEslf#%FS2>H9cA7nL8f|ev7 zPn|ghuIyYO>Ijj+8yL%rAH`pI{7t=wm&}Q78wjnVKfcpq%b~V`!Px&eIz;D3&qID3 z9sI?lJOcKQl&$JZ*1Oa@d)CM`J!Z8rrqn>`@urdUY@UxG_LS5$#B1~DC+KgA!-Lr4 z#v0l}z*HYm(aK5b6 z&Mlb=-jy!adF2kQ?SmPc_jK?c!Nr#ixZ4K@`5Sf=yuRP?O+?4)`4p?YmQxb=nE(z2 z-bp-HStxP(z~K?}){wY{{11S?z;VRISo=B0V|z|vPRO1B_FtowN3K}l@EdX-no|q? zeR8s9I%lM|Nk7Xci>X6op9GmS0{cX4m`Z-vFn@jK0W#~NAoCade-iVz`)7(BY&92v z2eA+J{VGlgzqSkCYzS7Ype{pTDS);nQH%4o$Xj9~8lGsIFfzbW%z`O zPJ+-0zyA}sQh3O3>+yIzK}cV6?ie{ytP7+P!tAGh&c@qo_RH~95VXMB+X2MvCmM;@A49}yp8?Sw~n z<_jGo!(_d79dEt&8gVdui5BrC#1E91*omxfEm zeXELs6?;kxn`aPfK1glaszJeuPOG4~6S!v=sG77`0dN-r_uIgIA8-r2vgXJ0-aWus z0KA>@3A~;Df_-~9lXZ`Rx1gaBIOn+FJYRCF95_pWb1yP(8E{G*u9)xjz*z&Fv#Rr& zOMtT&{;mg3Y>?&>;4Fu~>Vb2Xg}(}JM_vbL|9P^LLmU zSdooCQ?S&k?{BK__Vw5KF3-q4d*!-w{~qK1R^$HN#{EC#yU4DvK`-4uO6rX781zzn zcB*_=vi(h~A`1LbK9&4qej-DZ9fk}Oxx}7Qi{#wQ6`3HqzZ@AUGEw#`!Q*{~OuY8` zq)co_CQd*miXWF451oLWC;L=t%oWa>RkN-l6Xzg3^#!zfy2E{F9Szk*XaU} zb-Ks}hv+qV{}$do7Z`44o#Ix3s^ga2hfZUi+UOS~v=_m@mfZ52ST})9>{3myYQLVf z>t-#xkl~u1$gf#kJa6=(n^?=atfi*wn^{9e*Q}w8E%eLTJIw=A;Ix|6`f=uztlykL z_WG@mPh=5^wns&%F#+rKCAr5R_ zc8KtmwnJV7rc!>-0tb^=KcS(Sq8s4#cK8f=jIEKhL+n^$p!u)YVPhCDi#;N|r_O?h z4~b_kF1>l=BJd1d;u|7^s?i%W9e$hT@Y^QdZ`!49JK(POId?$WKuO!+J090==bDz$ zV#n4!Wy|M>4SW8*R{MOeX$Q#1XiYtz%ZEG-_FYtr( z_`ANJ@mF<>@b}@hY54aMFZ>y#mC>#iQZjV&nNc59`PU0yN;cq`rW#mFQkQ zUKjR;_ygvc8+w6DHuXGhmu2DyCT$lb3%~B*Qs(HkUpm)v4s8$n<#RSZgCj#7cYx1@ z20qz)6#M0;&pG_O!Jx+nu>1UXZ;O_s(qrSI^z>NM8$4#V|J1r%-3uIM(kIdnx5Kvo z6b^lYL+rg2{9zA9AMm2b;~aV%7V4M}{%$kyS7qbxA2j}glPZXZ+4`gbekT7YdU7iM z0{@sEe?$5ie{u4_`h%a{_H27=ii9clvuS)eHCe2BYgP#F&&b(;QkoXTeHemAM ze;y+o+@1~xt9s%f&|>gaJ$44M;%K3ZF8(e(PQKemoCrQ#ewE^@#m5LIXQjhQeNUXk zYX>=eg`HLdU(Gf6%5U@4x*t1o>3IWxwd|J){^G`#(2=zZnMpTJw}#pQ7>is)4^H(4W{De@VsP%ahaN?_KhL`ofdx=5d7_5zWc0@TmyZ6Z$9Km?lw7|fRj$vuAUzKLu8%lKM?+JO5e`23 zS{fd_qbCjmzc%=axOt<{#oI2r;A~Tmc#o39C-)ytuxm;~{#2Y$Ut-s7?DkuXfW#ytY{Qig+3J=9Tc()rMTEviWL+=Bo|^f5fdv3;uqUioX>l zp7>MqeT6(SLoV$%;uk&UnA_?wdsf5eb`;;+cYU$7|DQ3d{{82Do^ zS?u)#+ikfNZDn5^9k_-3%OYZp#r&7Nug~F6wBhSSiGhj?>H4ksC%(hoL#^qrT7~<{ z`G3e?w6E)v`|j(q0u53djqmico5+9P5MNC3yRpv~Jxn~E zK8aDzj$OfX-4|G~gXdbYuJKkZ`WI|5XJ7A3JGVgL_eNvARK9&O*MYtEuY}qTGv7b* zpZHqWc=kugCpvg8^N38b&v$di?flq|6<=YDJ<(V@_6u5!yoHQopDMl=H#VWm0) zqKLj4dn{|;82)#&w_Wtfz4sOQ0u8dhvJc)4Zl|zMI+=ZnX|9^-sm|WK>@D3Xc`|(3 z=Q(l~1N%<)esr>?$0y^lr>OT#%)d(>h1AT*JI(8tKJ(!^8=q>wgFNwJp^A6OH)X%< z0*}9anZLR3KgZ+R86MZlJg$AwS!2ft4q4E>c@ zu_*(QGsu9cezEe4S%Ejy{mk;HW{kZaCD>S~?dT)Te zC#ht_*RM{>bT1jvKG)uptb%rP$%lH8ycgM%)b~q1R1}%gSt9TXtkev#A6ZT=fWS0> z{Xv0ihOb!X0w}o71}?1|yyT09s}i_IkmoRh{lJ;*2L|Ca$xWO@PJ-kj$opjv_fZ9x z{afH62gJ?=z-Kda0n{GlS;Q~KSTQY!4qSyC8YB2mokv0zfur`bke%q~a^gWcH^9yB z?%aTdz_gM1Zz4Z)GwamhU$Sk$pY57^a`sw~L7^!6NZuP2-OhX3h(jrvRhAbz>)E5! zz!f%e@0!NCi$hV-1#++GF?FwFUq^hQQgv^EeQ)qfp(ybgbuThEW!%la&@k=|vtAZ? zLb}Ed8)MCK>vYb?0XM9pw&6QiPvsAp@2klR}v{WE^)mMN#Wc%sPRiLbcw zvF1?=dvx&UQ}O{N4^a3?{s&}#)ye;x#Ald!Nxq=Y0hFA(8Oa<#MOzP%SElV4PnsXw zJDLx8(7fc-<&XoY;8`GfZup2!4qy*mDto1p7vM$fk}IM2-Xr7?<&p!a>00Lio(g>n zyzU%8$^Vl)K*<3-1N{_{wFVY52T=35&H)U=2X)S#{4&{-=l4&6OVL8Toh$36g@+EO z%EuLrwtTF0Xu;y2&d+nxgUH2Am(cfyJmbF7!wLON4@;S^TL$)q9^U5`-qUoPn%HKQ^8XU86U}b|R;3=m_l2 z@yLTKkSnh&nz=}5CQgj2D}VPlyZ9_bo~*+5n~Gj3;+&Zepus|9^B8LHrGB;$oz;cT zh|8XaokOR1xQ;c`GKIa}9=?&(Ku8YVM8-`y*Cb62-4XIlW;uSO*n6rU3B06q5c0PW z9ZC(y#R8AistHW=HavWVq1$gX=!kr}9{yEtVcM4kCXKVL;7sM&Il5JHLnQ}UbgSr9 z$pK2rpu*}Pn z;J0lHd&`}Lhf?Lv+{bLWGmqyo%9~Q;&1t=tH># zMWOQ!QUBBQx*C7<=-_1iguu4q9cr(R(9=WeMg=b3EAmis9MwCBbBK-B37_q$rZ1AL z1u{o!VWbvIaxNc3E^Z;GZ7aOofn4px&g#N;jMoP2`B3u11Wuo`L?M~G<(;PbR@^_?`<>=t#c~BzH z%1qW9?9ijD}U}J_h@>1uioybNjwsoJ}D8?QU2OX#N638C+4+X{59Dh78zcoZIpW3Mv)j|r^xW@ zB^HK#A~pwd`W0+~SFug@;t#z>ALB#s0Sf_TXu=!lzk{VH^cjatuba6D|3q`Rz6L$4xU+Cad=vw?orE7V& z=-Su+5TE{S^s3v|_^30L7Y=Q(dEo}f?sVJJp7tknwh?;ktNr;M)~`SHakS~P>Emk+ zdLq`|XaBDiIQpWGW0SM%<052lU-j`1fh&_f{*H?#<~TIbYkj;M+Dz!-(sW>joP1=Ijfhj~k!#rnje^_n7pSHh%h~$Z+DPEh5kR6hCdrC4P!dQ#5g& zL8Iu|HCoS3AV#C~Y%+e@l8c_*@c4)863?d5v+3fe8m55;olY?7krU(g5~d|tU?Qfe zaF%2I)S>CZ=B7!G?v=QWTlWHEn)s=DSGxG=HNff-KTVXXe8QW4o^ekRcw>YWqd9C%uPwai(~H^7XMXrC&wD z|CiW68U8=~q5S_EJI?hAaJzl}ckuZm;6wXh|K-dfUH_AE)gK}mzmt5VDtx|~#Jgr; zbA);C4r&6$_J~Z8eoFkuj+NT+6?{s(PWC`m4YK8Hki8D+f1+vnZ>D6?1&mqAK1CI@ zn2Rphvo&FR*t!5+(nh>PYUbT_$D`RtlsaIkJJ#@g8F(`40tX&1T_838dhhcw;3(&} z)E$qa?~B-{bJ!QT30qC4YzoUH~rFK4_|580Xpt<@XX`wCw=fm$6|<>V@k%QuRWWLo17O<)_`= z@qiI&_~|SUe)6rtkL0&dFJ5u9x;lxtr!#H`zbPw%@L4?jhjGNOKN6UNmR! zcN79gj`nVX<|G&8a-lik&9vWsm8LUb$w+7TJ?{PXHgYLk_HK&Y-Wf@yv!);R)&B5~ z2drrJmfsIJ?=j_fTKl8Uu|Jmo@7N#58#LM<_D3CSkgyZ_Xn!1@l%&)Cus?3h0#je@ zkJVNEZ-1Nztl8|3LKhwX zr#`+FeSCAD^f7v%H1vy!Nm|)R9|E0!fd9SUm4C1%7aMRAb9M3$)cw7P2Pk-+0Ukpi z@7MVUZg|kgYck~@lmSPM`j~Y{_Q3mFS^q5h_-5o$ns|VkbEbH}r{tBm^l=Iu{Gu(D z4qkqwkNSAGcRXO@=3A`m8^de9o4?hfknn z(3+~GOx$GjWtbNdu#uddeZMVwtCCU8P52o zyewAnnq>S*_A*sYDfQBE{!3r@E%bydAU@Mcd?rdPNpe&Rh*Rt#AL?y-F*5N{!6I=KYC?daME3f4|3uzx)?lbuO>&P>(b?@mYA|GPk>?V1 z7reh6z1l}|P>P0;7PtZb|cwVYq z=Mm3a1&pqEUJ8xOaM8%s4vm=cyo2OxoBe=&@6b2!2z`{vgOGZ@4)V&Rc35b$ZHN_X zKOA3I~$tR zfu)X8`T=WwyS!(o2e9UO$n;r- z6_`DCuhJcBi2m*2j`gO9e$Pbv5)xKBOtfduI(+b`#qA2B04~w0fNkl zk{=u0?5mJo?J9S8_vN7|F?`9<1d#(5L%W|yQ{04biBJ=hAz3|@^JTCx`VJEa0{(A~M zBRpy~&3O6+z>$kTRp<0c(DiHczLMRaS_EBs`BQq%nf&+TfXk+H+ZM3juWW%e632=D zKGhcZ#X4{Q{XKfbj?X*(aPg0%U+jPbKm2HX)A~Fs^l6!OpsmJ7PZ?iqxK&p%%BT?v z_^gWpb%miL$VIb9fR8=86X5^Id|ynSZJ*00_v{`;4+-m}(0)0mX+~u%Qd1fGz2uq5 z9trzb?Q^*{zcQxZk%#>ClXult53jDG#-PE9&7hC_Ey!%q9RqmBBzm_;`P&@%39lVS)ka6e*cc7DTI^~mblD*(-AKb$@oobxg zZOnQ5c>2CidyF$qv5%WJThr-hzjzNdS_PcnvWve(IZLh43aXkek)daedJI0{Wz>Ks_)GX<6<1}saqO#&7lXTub7Hq1)w$(yhz1N0weFL-Dkd5B_jtN_0P zQv{fxqo1Ku$L58p$3hOa0Tbt^g|=f)ZlDKq{A1ZmF5%pRd?nl4TMI)^@wcG#mSw$m zeG+Ke#2GNBLj!y8Gv(~3t-Ny#zq`U^p{-}w?^bln@0)mc`_)!#S9N~Halj<9+Sc_0 z5;lPOyEtHln$9LC@>yz?7oD-FD;|u^Euzl%S!=Pt+x0PddR#k5pNSG`#bpg;Ou?P3 zVNtPlpgV5G&X7;PkDl5^`-(oTU0dX&rt$5+5O82DVYtsgwS~q)r zg4-s`+TbTepzC^QJibrX@6_b_RTYFT=blp5uZ?@!u+2V>6o+bSt)`F52H2l9_NU}B zO1*Y`3OL&A3x%inVu!H(!>jUkdaYgZi~{eqjJ%0{KNpyuvlhpH1zfemnQzQh;0 znOKJ33RXnUu*Rml=a0nYgoin=qN0Ow*57X}ID_+G)}L)H=;nNi^+T-%Q?aW$0@j6< zr&-hE*I_q3E9-GmlhAI*ubB7S$e`cSf6}sch#jQojs19_^S9(P@k!4hLxu$(Y-HZ_ z!C~IPZL^(um*2w~5&|#p2s1x5&-y^!R#~TEO^Ij90->jPX2YpG^8_?YzrxqJZ~Yn80ww~vzPvJTKHk%l2KIe0FAmg8v_e2CQrzPLxFAS}f`%gyBbWt;Z zGV+?|PV@7wAb7>^Uw@&sV1vAq-<6zq8-GAxJux{(O@3&Z%x@U)TnlgBVC{H9-Zfv| zbzJg3`ZO-$K8yRJx6#XdsQs?H@_5%&OYyvolR(A2GFR651?Nxl8Zq`lY&Eu-aN?}7cYxWB3wc=J}^X*n_G%~UgnTf7Ya(dOxR_u1hUlx=z z1wS5##+~I8^yhKgPgS{A9U0pd#x{#cf1Op$og#uZdpHmSMobPLtq?a zz?c_0k#Tm@!!=riuQI@X=PwyUy>kP-=?(fSl=;xFS?2#mdC%+C0`%1MapCn}UvCYc zUk#4rZ*si_fF%U z4s>e-I%xfMeEWKS3oo0x?Ei1S1&`+ZJKu*#{v1bl=P!<5;ER2{+15Lqe}r%NTlZgr zF{xA6I$V5k!9BI&2fE(Jra^~y{l%izx{%&fwQIZ30k2s2)2xl?0BoHd!Y_k)M(G01 z{}EkY%x5dQpaxwK;oXX6SU+1v7KawIjv^yv9XE5nV&~Y(*iG02n_jhJeH&kbKVG-> z`bg+$L#dpp`}xqqagI)ZJyoaA#s1mwl5O{FDlJfbUCtnPN#|uvCU&vqRczM_Dr23` zPF&o@`?|+LL)}Z>I{oJIMW+wVYj~vy88XOEylm`LYh>d~RCq;Is~$-U~gjF15r-HhmnQ z-uV-2aqx@MQ|_!#smATS9=NS@aBJl&+#VoLr}HPl#Tvh_dEi8N^Hi>DT-)S#71}8s97HXVG{+_0fAm2qV z_>tRj&I0+^Z}V#Wy1bo&59u?f_$N{nYTAq(#O93dVm*1L>lNt6Ia^D{6Q4@>cn|(q zXDc|C&sX>~&eqx@bc2qPbF@}CHqAVGWhh%5-ClxRD3?#p%UVtRZVUXdrwE(@&o1mf zw}16Ad>k#K_Z)nz?CuT+uVL`oo#f>@>2Y9<3N6=o?N)f*uYDQC%VAA#5>vC9FEa2t z5gvN1!-|c9XCo!>Gwt#2O`m5|+Ni3t3 zF(30-qj({>r{A8~=Sdr^D0G$JTztrZ$SmZZ;MtV5a@{ZVOK-l9H`~vvbt@}k-9(=k zg~rJk0oLv0%GhX)C*q(or;WryH-C`CQ>lt!3=UnY@kH#=oRh-SJDUD%JRK%KMAM(b z(-DjFSMv6a9F)H=GNh7T0^np527)#o5Dcj}ZS{PYfB|pzt__=fM4}4a9aI&{_9@FTbwV84JUjn`ATxeS!)_v z3V|m@8`l`Lf$x!^jR>@HI0J2TIka)ugEsJQ($dB?4sBcoZA?!?8`hbj8#V5xr_NdN z-c_3S@|27klp}3SH)x}kXEdMe7F^-qwPJI}Iio1P5c;Sc+!Wc0zy36SD}P&o+%bK1 z<*PnnN!#Mj8T<>6R|PG?R;K0C4{QSTaLt$06Y zE{38Gee5FNL+EWhw#r$5jZZIQ9>~~+5pwS8&~u361h;*AC_Nc1Vgkmyf9yd|Zh7qf zEwbywPoyV`ZI8`1a6gmpS||U#ab5U9U%$b){te^$*Ny8}^IggOLgJkRi7^ev<{ZL* z_BIwh$XJE&(?IY#7(adp@uH8CJzCU$S!+PWe-Az?@!!If_^)|hSTtnq2*)kX3(F5h zu?x(&ZyY@zxT-SQ9~&E|kvT_a(BB@J^0J)c^c;I{at;hMCHUVjXDsYFb(Wj-{MX~Xz<4_TPoBye-3Qrg zypy1jcE(cYhA~zf^e^`6EXLFQ#cervY3Pni*z+I9J;)k$1|#su-bNIgQuXnLHzM#w z8+;(^66Xvs69<#lq{qSc`WXjx#|Q^sPKN`1{+EG+z%>S4aK6_ZIbTW6_cG~XReGFU z-Oo4~cZ_iI?$|VRq0jd+aH8mfv${+iOu8pM4nEh2RRW=rV8+m|j^i zTA$mq-Z{5t9CU&FRp)OR^zrhY>2dQ4bD8O!o!uXDp!lqtD+ma1*a}&X1zE zh4=YU`Jn?pBo2n`30#Kk(dXxJ{+2qgN6z0e@HhIF^!QuY&-kl3M)(_+4uAUmtrYw@ z=SS@xk>>oU{LoU3KWvEv{^a~EIj={~-!kyGVn%xWjp=9n4e2NRwU5I#8>{T|7Rf7r z`C{Y~dMZV4p~s^7{H+xHsq>=n(>Q++A1I7nDE6Al`KXt3S@J{YYy6#8xfuLisASq& z=Uf}k-7@hPo$iT0e4*0NuP#a9-$ae|NT#kYINWsD`G9k7SqdGh^MP8H*IgF!J|8GQ^nk{rWt`*4xm%;<90@sh%i!ZV zMl1kp8!F z4$MC6jyG+8-#lw28kuaL1H-tIQz2uE4RD1q_KS?IWrxb+r5BlxICHkK)j2SXD=}Qz z<86D(jsv{tq01IH>uAE})@hu9Q-N)8Nyo2<36L+)_LjugPT(Av6PqL!OCHdg<-zk3 zXY6*ZB?oGq73=12ZHaSWI4_o*mR~$fzUP~)Be-sK*0_Kei|p5_b6|j5@@oVq;jUnA z=fK2+iF07e>8(*t?P$5vyLu}4@}t}39GE|SUt&^T=fD&u^0_3RPGY#J=fK#1?|BZ4 zef{6peYlRe3Uc|}5No6Q5Iy&neGbes9)D}$Z|?h_@VK_c4L8d=jz(T(yrOx6yS@i{{5O;m2Fp?{L=(9S3Y1!GU>B%ZA^{ zIW6ium6pccC#0UI!h2-TNBMB%`MvOiqw55wEgR@T$+>HLWN(^J>0wzwy#Tpt+u3tz zkv&rO9)?P-*q+m<83X^?50M%%jr%$MOcTF&$eSh#s1e)Z)QAZjQYR+%VVTg+ zbg(TAEE+$Fnla$%Q8NZTbQtsy`7-ptdJFDTXaE}N~%wL+cc!$`8n`t{zY#mYWv*q zkh9;T=Kgf%JCS@D*#ngK3LFy^JmjcrenqdF>$6GpdUAc%h<~ueSsx9zdyS&b*=~A` zUSe%#d#uf9=iOm=-cn~4kz*TI_S~A~b;Y5M@z4dbP1|)HWqiL9dq?HOC(lUw)xSD5 ze@?Gi^dE34eW_~x4j)iDG38pP$F(-DnY!dagRM($V{hGZ{^|NacfI|DfzScEM4p%b zLTBU#?hyK##Al}Sjo?YOw%^J|Yh!yyYj1q7C#|)?SK0b4X?QBK(V7E~7p7|=4sGXWuMar_4Ml`5fW_>$r1_Ek)SdOv zp4a(CD}YPoiqt3SLsDquTP}L|szVQ6{YBmMAa=#3Qu;5PX46Dp=;1dPWRX3+q=#vr zksfvcPe$33BR!1iBRza82YR^mGth%C3qAa1f2w@gd!H>Iyyziw|HR=&{kpa{=>NIS zyMFy?=RIcqx+lF6AJ{m%@AP(gKhxV&Yd@R(IklhYtpPatB7a^uFT4EN56$#d{>%Zc zO!DV)7rmX6f!>NgC%(<_l-}%(#M|U-$wutfD4!yO8VA}s>195{_&v(jz$TMe+kJ+e z@gHB#B73mSdSmyT=|Kx(@2qg_odWbhVz0uEQz)JIufUN}<~VS8=^*hzv<@1;`z06N z?2WE{l38Nopp&F_SL>h&tbGS|Ny4__J?-cj>LS!$hPG|+-`0r#mab>PJLH$BHLmj3 zF)zKDDpR(vwq?qFDwoEt*Ova$8Rg0DvkiHY>|Y)FzPCJi#CbGt)1%7ftUXB zlqbvkE>E_c-@o$YBoA81MV>4Nj{cA*e-8Cdo_vY5?+b*H6;zyqPl<7)?SbR$vpVq&C9BWLw#MUor!#)YT;2Tc*#ieybPpVS7i{>_ z(16r+PSm#JC)>5{4lF)u&)mJ~3egj8Klv^Ni|se3^uY0oXAsK}AE(->cYpdzti9+C z;ui^h!uutr)ybZQ8PCWEo=p1W2H;5czzKNvz!~yTY7ZP64&@K4y7w_I8adgak;Uko zbpEaKXKp|rkeAyB|5mL@<9R7EAkqIIu_liE^@D?4`WJEnprQ|bzlsaw=HDuKmI99< z3wqLs1CJMtnEvhiYjV>EnjUojgL3FX^jD^S!j~ZDy!3&db0+`x4d62EOE(=fzL6>` z9$J;&pYhZOvM}k1K#HlYIQv>#6ebs}3!A*~=OIv!L1EKgmDkY53;? z=RGF>WE_9@D1$$f@uU;dj6d9Kd}R-MoL_MX`;_F*%J~%mYEeb^N2cU{eubv(Enmt) z+l(pk1TDX_$@`Psw2iLLrQe-~XBqHhq-_TtFS&2_yZhi@a_e_z(zevroGG+D9QzO5 zmCN}R7i&5PE;G)p@s+Rx#syQ)72x+iU^L~aTSsi(mrCbrSJ*Pov2V!GmUnND-U#2%AaA24Swk7X?h)HZ)rU);Eyn4T zPsT~shu1!+>ciDIM!&6TPQR_Gx%b-=|0M;EO#QY57U{Q@0*ljcOTm&`zpW;6bJ%-N z)I8>ejb2-=d7Gco#0KytLbARb(b1%#E%a|f%Rqi zOu>KcgLBw-j5>JpQ&&HpTKTU=N#&gB~BjLV9|#m*%PdlnoIRw-YILg68Oz` z?vegPyp!Ak*E^*@k>7b|aNA~VTzTibOVzt70#khz_$}Kbj9JDfaToI5j&BNs2fLqu zKlBjz*zKe4n0x3&vm+iSCyv_Wczh`T1N^5i)p+=!hMrXG$z{3>`W@>_?MYQ1P&TyG zOWL-M{X0>I>HIxXABcWtPpVbe@9v&d%t>l} z1>Ysiz5L5|AA{B8VWHpco>aWge>(Pm#Ba~LDnE2R^R6CEO+U4A)Cn%OB&H)hsW#__ z+HdrQTJhPSlZw_d)+Wt8R}kx!+FHN#q~adwRn$#SAnD7bdIiywYNPbQf!6A;lC{Wh zej6H-zrSz_eVe#GtJH7z#Q`SC3pyXTN{0g%f1Ax-+w9L zfI~;EM;4WowhN zOlV8wSwfaQfcy|yM($=0Sq7~Mjm$aGrjg=PZ5o-!8ZNR2aXp8@_ybM z<-MJ}SIYu;t4n%p9HegKs z$h>9F!@1w=86~vyXXzQm=d5a{-=4!8xA1(B9tk36@m?ZaC--9+40->_KSGNEt~$o_B)%bmA{J((gc6W+~oTfzU%9ojq4kX>pwKE zKg@TL84-F>#IF{4F+law!+wE(ku5cOp@4(u=yl{GNnaE2y@_~>y_Of|uvagBd z^fk#Zr|*W`H1#rNfka=Et65Lp+j+fupXzI( zWzI_MwVTMvslwlTlbG{n#(Bf+9iVj*a7bTvjhAm3^Z%yt{d&IZd!`%LuQjfJ&A5Ig z--SoLdL7@njIj#wB?lry2ZP@s!Pt%ThA{KL-t+tHegO30IXZY~V$a>|1u%zRb7AE8 z5p3aTz3wH=nU3`7j$?-?86mYB{(s)4YB(-{N2LeAmE?H&Sx@fh!6;GS4uyr~7K}p|AEB{&&-3 zsfhlAkJIZ^bd$)~c3`5FpLp|2gjW*Lm;vKLn2K_uIJ!Lf?`TzutMrLEe$r-|^c2 zBL`#U=g^0uzu5ol^xwU$Guv4h#y+5?sk5@sXgh1=#CrDUvd{Af_;>tnb-(y%+4cc7 zEJa!9Tf;(}XMZmHfQu9?z1{~@Jn__+UhM-?Tbw?xV14u)7d|kXO_$DQ+h}9|3hv@3e6+?a*1zhc&-4ROmbbr z<3;yoeDitW$mKi_o3`xSU9lbibb9aNn@6E%6?XzpuK1?n`AqT6wZQ0#Z?-rxcfZKo z`Fm1j?u`z8==kP)t(L9N@!5_J9+uGOZ8hkk8Hrd^qD}`N?V^&qt)`N@eN83D%bu0p z)4d&iFV95g^NHT8mNU|=VWAu8q1-+LTcRcyyBSy$F(&kn_-EKfYV1UeX*e;a62?KF z>b}#F;pn##^jjJJj??E|bj|?mu||nEasSKm$umh`=N>!m!FV;69e0tvwJ>K=*f9oQ z=1X2waB zA5-P{L{m%{Ywb7*_JF{oV>89{jh6mX^YFKHY=+p*;)tBz5wXwLXs^l(T?PC>@mprl zKNCNE1OAi5RPOCpXNeDT7W2$!F4#>HPZ2p_`_sPAMch+O zexmeRYlr{xBwi!;=h^=B%nPAe-Zc{%(C@?N+BpaMsHSIW0l1!3Ex5M(t{o)LLj36{ z_Q}g1#(Ut_jq7Z`#pYFXpI95)uMmFFe#IKTr?Yi;*4lE|v~@2tWWOo@r{UY0=iR{X z@R;!XJ;X75&3BFdaNTC;(NDZZUz7D0JIjXAKEp=rkw9H!s4?DdMi z=~w%@FlYN39bFpwWK4=2Pt@Eh`%P+YbGNV6c-@Sr<*-lA%W>*#y~fMYzE*gD7<@}k zQLpUlx>M5H*9G?{ ze@8BbV+W}FMR)YbYjNtk55c1vjw`azorVMb-{Q7=>ycX%oZ6k|d4Daxz0P}^gqD$u6jxLG5ZTo#XZ(7SsVql5dFy!XYyr9&l`I`TY_s-y7f6W(@}R^BOGa;~E@1Ju~lTS_3n;=tkb3$Src!=gAthvj&noqt{@qtN}Pr z$Oc&hWJUD1+1EhgJ9-T+=e;RS|I6`ChVLF8b8hJj_`au{Ya>K!@ZgMX+`7T`Ss&+eA(#28G>J z>)1(v-M-@!P`v7h95z1Or{ zdV4ZP4WFrF1QTP39kI#T_bI0Kwvs)IHej2T$q zV8v3gF{?$F2Db&c2U}=C8@7%7_Hmsv#_Th^{Px-;Y=sQJg&yt)XX)&L9sk_Z9{8Sz zJ+t%@Ob4Z!JS9%J-V)4 z_~o?V&M-Xs5x*rK0zb7(*gYuJjy{*aw~M{T--T}?HNKGW@V?b@Z@zsmXJ54AAE%bVDkwYh5@waK{`J;osn9!HP3zg8zWzfB%xq92b(lj^H8S99L{FZt$ z&wQ&=@~!$%uZ+#vBEHj8qmpzt)996eud`qFCd7xXM3+N%YjUxDzmTLmb-#+6jDe@& zXSWSJi9KDlw_)4B3ZB)#W6<7y!}m&o2ioh=E8$FZuC{?cCQs>fev7@CseavF-(>yz z`OsS%@Mg;I4H?V9!lmDf}uam&@5b2leHSkd_W?QcC+o!>m3`s&rh9Oe`SE0&kiTc7h= znm*6(LBWd0to&xqfZJKi82T(q@e3puqsGa9J6C@9H@w8V$-}bY9p(WqIWZ~lk{gqN z_cUuKu&G==@y+t;%v?Sz)QRr%OD-SltLJdM+!xmO)oznG^zXQ@j(D@&C-W7ZpNLOm zgZ(^poSt!Mzm7|Dwgxh>mAo1im&Wdscy0vwt9whWml}8X8k3hKd(P@yMd&I?E42?U zCx1`+5}9%7a&nK<`VyZ8cXkdNap`)AO9QWpFW37*TYx)EK8%V>a~@qK=hTTDjo{~~ zee7{I-D-Hmf0KL}MZ04i+8t-Y_jIA_ru zsTaPs&!Tx(eYa!OhxjgIh&<>ru6G#M+vK`4&i|-;>~Vf;-2ZFi{$CjP|IE1mP2>L8 zjr;fVJ)JN7r^U9eG-KmC$$jeY_;jQ0;hEk4RW{A^k(q5Q(_hV!|DnbUGF~Pd$s8|7 z{}&tN($Jqu`r`jykk-p~lH9&EX5Yem_b3&w`u64Z(`7^qJJ~6p63sD^z_ZSuX|Cml}t%2#yOt&4s?V~l>2=6Z=N$`fClSp1*JDG~cgkF#}l zuwt&}KYE5v;mnM#Us)BhmSgl$U2#^y~G9lK$nrzt4gj zbG>A(ym)UfF!d+zRb+uF(|T#Wt7YXavR<+$iO=S_UdYj|xw);^5a8NMtZItXa)^yY z?0hSBbr*J$@LSg)TXuGxlYaf~>F4$P19=D8_-(F-?0n6T=YQMJ>$f)zOubpRPfp8W z-RNm!^4Uwq9>2+Fjld)MZCq>7{a&M0w!dxfsrW+G_4v`qVv|m`mKtll1lh{|0_S0; zuJsqvueHCQ*ZPh$c-3?*yqayT|L2SS%d1~Y15`SD; z)CNrM+#E0e=Pd=3hyUZUSw(NU<#16hYrHVGHGT#-lK#*6p8n6Rtg)R_V#kqeeW3Ql z*2tb%-A_JP=f1YYD@x1JRdjGau z_j#p8KRhd)Qp-JiNYJl1)anGf&TFXs&MP~eBh@ZZAX#}ea~ zSarYl%L!hrVlZC)az0&342Bpqxi2Bv)7r)PpHF@gpWcRVs_~ZZ%;i}2%hA3?=nGkR z+u3i_yh@xjV-G2x2XD*%T@L$=im(3xc(lFc$=41%UVLrtH@;0yL@xV{+LqG&a)u4h zzP~gIIUK?6k{GnP->7kvX}@tNaGCp!ZaxkDM=B33z0>9)ul>dh{L|8CL0{x~xcg0g z3;I*l%MFz9~p1QMz*lO-AN3+5gS6z{Sf|l|?fb zX*;ruo&a6glVV4%g73N~TlE_HGR_1^`sVxXyz;{4nV*NAnVX8KoGa^wEwBA^V3fE@ zH@0TC;h*bw6+3726tZW&THdSt^up#MU|qp)MMtf+9EOg0=eeP_QFe{q+dEU~_{}?P zI-bXKxyk>5p7i@voj3hH=Zv2d{oh&>!RNh7yZ6hpQq}brd=rgb@EgD>pa5#;yQbu-;_zCrN2(l z+~>DznM=;I_xVpihDJ6M4_%K<&lnPWvC4=6TIYv`bJkeij^+3UG?N$EJrPyX_zZy6-JbK^yIGNjRY9D*M>`^D5rOv)SFLajovtuQ%!B1a? z#9nEAzEdykZ`SXS^Onl+Z&crv88Y8NO_KW%<$C9h8EUDncWSA?NphY}pBu@yFlwn* zkFxiy50AF z-da$~ShcTO3+jx&{}_2IxgPOa>az6sHNMcBjBinwrE-SJy^!%|Gfuo-V4;VOzSo~0 zdWm}(`{Kwd*3WP4kaOVl`#Wl|rQeTl|0>tqYt-A{iT!V9jpco<|4La8(PAmN>l`n8PM)`-#{g8?o~@pO@^-5I)U1V$}@}{qPieGsu1L9I=J{ zvOn<(Htk&YqBf9kgKs@_6FeG$_r6AMPfBlwv#n%rhK0~L@9nHr?^E^fnjYP~87^a- z)ZPp>4ZHC(1-Q4CTCqLYOQ$ayxkz;N9(q%V9o2>I?jD=kAEpqyE72bYd#s?C{xD;i z7j^o3$i?4d)jrs16*NfCPRSoY@7wtf*fEmpFpbYm*l-G8*mRpmF&}7K`VnmUI6l2o z`UZVb^!iz$t2N$6dEo6d2XA5fTqKM6c0L_kta0}mH0YkIq969NZs%|EU1Z&lc~0(= z@6YmG;bW+Q4|pMgk8$9mDg!>SRTVynh4sJ({FW9U*aQk6*a(}kP1E6HpvK239{7-2 zMxmoR8z0Z#l{-GpHt_Ln10T2XUE}Fi+|y)%ERe6cc#t_VukB&@2pO+@8i;miJNvKg*uPO^ zMI*AJ(b<;`6YnbE?;F*hrjyF{SUw6AGGiO zPixoS9|%79x;3bwmh08X|3f9fdNQ;C-n-%ZPW-Ac?`!i91jgf_|oZu#`S`}SA^8piX^`(yFx z&ncQ6$U6efzXu08SLsFd-RA9GeAm1!{17g*^N@D(eS^dEKUVkOqh!Ie>K^;q7Iode z|0(s|zTV7tJ?2)v*HjB`3z%o1nH;Xz=?d<=hV@p#Vfc!=pFs0B1y*=P_~W(PZT?7C zuiK>fBY7T-!Ix|E%UX{>4PpLmrweU3N6_C^}gnxkfS1S$+?rGk0&Q$ zXs}|>?-srFaxl<*`YFMRm#ska7Wia_RWN@kIIlSkSx!xrlH<_o>B#XZTx)~Q+8Lvp z{r+O`CN`tsz>WvnH0J(YV-4Kb#s7C0Z~mwEvvva;npw|D$5{u+cMApl)`f9+=t}74 zH7i)LkDSZ-zhCs$EtLbB_mOLPi*G=)&_moBIDa#?#bN)zGx>ga!l&`+x99MF)r$tY z>_!I2UjISp6Mc*<7|ePVGap~`xRZ#fK#LvFAT?#NdgMMl$N7@yhql0TH=&>FoO}7a9gd(oCI6J#wdt#o z9rqza27=Fb`~wqwdB3lKcNHJbV?V06$l5pIxZ-`~@DO@8b|o^UiFwUqUROag$iATm zRc^+gI%(FM8Gvk{AdhDt-#rzGP; z>`x@>+1ex)(TjR>J>FG}r(-*9QiI{tn|qCyOFkd5krs)^935uw`w8xI?&lOdF>OBI zEq5Q=e7=M5U%Gt0RgzQHhkU+oKxZ~SRIF&f>{m?Rks2$SeVZ+p&3wN1T5W&3nEdGv zT2uY)>k94qiujDY3i&@2{kxrgt)bX&KR@2u@&5J5oAp*~C_MVT0xPt>z|QN_>%ITv z%=FW~KC!>m;pCmeakaA3 z6uo|3==JJgOkhvYEVyXLxBg(pgo+D|yuJ^B=X)=nANpQiaOa&Kd3_%*{BYfpyt;}z zN9KiYpJjzu&(QFd!M~1MY5lbX9FQ+P{muy!DtLBme2Ms=gPU%jJfQ;pGB&GioNrI6?=EB75l?FEB41n=xetbx~b89?d+Nl{Dw8lgCjyx z7fnwcYC@=sYt1)sm9KD>=b4`Cl3 z#-@2^EO3njuJOQCW!pye&iqZ8FE!jz(X%Ds99`RujeZc@@en%uFgE2oW5M}2a6TTK zR|R9+937$XSMTsIy=dI=GTHZ=G!VaoIL}AG6b3fw!85sx8VKMMUqj+WYWY5^S<(yj`JVl*b-5KFb3+Ar( z&jqhT!RL{xJkCbR50%`r^zo8Bdu^nruf0B}hvW?1DC-lwnos7xCF~0k6AT>z4@tT% zP-|tw=0|bw<2Pk&*tA=grckus=roVc-pZB~`J^Oi20)O}=%9nU@ zgf;ym);Ihddo@+S2QDXrqm{=yc|GJpsyx=W?L5{3_Wk9|?atEF+|}0%nRM?-N%_eB zOX3{%cJ!;-e|avk|I(7n{>xwg3Hhj>W!-e{>PM_;0WxwWGE&a}mb07X>}|PbqX~?ziak4mXLsghplmSnKzKp~y?tRdN|*E(w_l zJhIP%tV%hj3g1EDYo%k~x^tm_1YAdI;Qz8f3LQd&JXa7Bc{9TZYGsX;PE({zRw#j3GN9THxTREBB%1&}C3!tMt=uV-DE%e_s&tW%d!f()om(3;p z;GLWhPn|g_p)>8XhwhLyuyaBZI#a_cG%?wOCYlYJczalqCcJDm4Np3~IWa|V<~Luh z;IZ|lhNCyMP(LIKEs#fPo>``8VL7xg+e3ezrD(wiEzk$pkV#4&SrsZz#HIz=U&urY zzR>R$JNm-u5o^m;yQjHZFTT4?<&t0zB<;0su4!LE{ODibYU|2hI%j;F`ci78OnsSN z=aK7=p1KB^KM|QMx-Ts~Z?-~D=sC0|b)LYo!-3^(NB4+}BJiksZKb=D^_UZp)sx_Z zMkg0U`oE><8hFcnc9PaLqF1B_!qhd=J5u7WUFZ|(m4@H8rV;-`WUyB*$X(1KTQ0~_ zXFk&7SLP!B67wPcb#(CO6SWJX2R5PiHp0WQJ^?;QBj0m5KV93O$H7NB*Q?T~Kgah; zsrM$=VU3q9?B?r#CYQzGYjwZcw?Z~%%Lf4-Xs$GLaA*o&C+g4L@W9s@>(6flj?(6^kw z5ZXl?#F48C|Es}&MtWG7kn=gwLySBVH$8j=UINJY(a3m#L!Dy`EYgeMK3m2sSZ>Nj z3l1z^v>?8bTgLxV!D7pJfgz)BgiR&@shsYxf>k5{riAs6d?J>?=ctF7mKp*f4RY`6O-yXk51GpVwBor==ay7j=)A?2Ep-Mh97BDhXktM>(?lD28gBX08=ClP zKheZ4;OGlYe0Y3znvnd^zS6`GfGZPCEO61pOot}i`bO+2yZ>C${*XTO(l=lFTbMF$ zljz^?2E;^b1_ z8X?A@_hH(w9c7O(f(;k1rN0GwP3^8sjWdJVjxwswOI)Hmb_EW>TU49qv+b8h}o*PB%DbKl|zmJt3 z)El|a()%{Zbg?simjq+u*^`jIcD{*u6~42L-@&|!#2$cizt^7cFlW8YxQ%E3xmMd= zXd+&4bnpoYd!el!{LK&?4r*$TkdK0HnaF&D%oBTdXaeR|TfaywuAaUP@%cOxC(lS? zEVadUu7>lx>&M~{*KAS7wgiX%o zy56$S=DN``@}z?H89>ZY@bMV*EU+D9-yNT*A}ZqoZ^!kO6})#rwUd)1^PNSn8?hl& z-W2rpBycKzlKn4WC6=T1yXxrYIC~W9MJ|HubIRFJ8$aOe4`PHWpNToDT%a0X=n=-K z6rW?q2o=}cK*?q+;mLNQi6_=haJek&Z^9G zEPmr@jFXaoRYHe8u06-E7+oB5w{E{=evl zY4mw9`;(gaC4nOHOR%YB4?_Bg&N`kPks%`c^P07d{o~KU$3yHKk$Ie(6)n6+`gp1w zk=5+mO74Qn`Ec?>R_%RQyqA3!fnWCLcaeKz%OF=C zh~Jj=J@RJsb@)MWeTP~Dd;j)!V?F-CSdUwb^^mprzOxn^(%5gSRs5qQDeJ+v)}LC2 z!Mm#Wx{o<|ST5qx0KKzkSP~H+{B{#LdM{)&Erd$=`qH3%yKiG{^nu zH5M_8=Z{bEa}xD(ZJd|c%l&9I-s6mC_$i56H?Q$>*^e%DdM$ht{t_Qn=q=~{=(<5^ z_oMgRd2IKi_fpH3Za+FAISPH)kA4O^wDF;0E^8#_((+WQU$lF!E#u7nXpwK_8T!j~ zLfcvUj!KLp8E;W*eNGnI(S2Q7bF8)eA$SpgNZ&8^v&6Ft@Q=xlO761&i|#Rlf2?2` zkcI9vEHC6(V|kZ?#g4ZK47tQxG_5{;oK36pT!LQFe`0fYx_ZpK1U#AIEjIv1qQ=r1 zmaMTf;wVF)WhI+hZF%jckufeBIoY9+#mJ(J@mciHM)Zy7(O$-9)tWR8&MaHRSE@vI z>-El7uQ$wtK63Pz6+BCUCzEW_@OaUPS+Dm#IUl+B%bFf^o?kh1A@GWi*XhVHi7ksC zD7lZj(La~K<6i!<#!*d%`0N|NW%|o*I%s?{RaQK7lPxQ}{N*OquRS%NQ0w0wH0$W! z4rNay`?WU#kBV<#qsSgaqNn37tHRye@D^-t@iW9XRsJqGQT{G*Ow-?0J^C1{hWv0f z20B6TxdQ)Jo|iolvD=9ct21(zOW*dCF@koVKgJLrc{9F%_^}kKtG;?2z*fuebbT4c z*NW^4R@6FvLWD8IewVyKu@!_@#1EC8h8w@*_zLW~^PaIj_zBx$dmHd>G=1tSZD(m4 z!~U&p+2PQ=Y0H{<(-WOFG=1m?3>!o9_cUxD^E{U%ZQAF#6bypy2I9A2vt~QbWeo2; zE9s!QN*jEPzWVf%vtYI4aYQN+NWU{Zm16(fqYQN-~yx`Q4f7L|` zmpioJX;tZkTZJ$ne)F}L4wl$saL#3Ozsc2XPXwn@xW#&@4d<0XSnb8ukF;9Z6c z*7ix$NYPKpd>0=vV6(o&MmDqaQ<^6g5k2|oaeGlwRu>mC}tk%izwY`Oc~&mEYA)n_dx`6{PYK2*Gl%imO2wRYA09^>j{2`H ztjiRxi$B}dvhraaPyY#X*kcW+2E=NZikv9%6&x;=m>==FHe{E?{LT?QNo-Z%lko)> zdB-cvN9r-|rJpytc%QsO&O`3vJmey)uwfeWpGS@CH0J*{^OD&7nXxHr2i!d767lhi z`F(n<_N{_|RUvg$i8?fDGz+K`nL_>LRGt-Fe;fSE7<=&-qS)eFrRL3NRmeDdiKzw{ z<7L?^(6wxO4AycgYk4ngDYaiR7D4Z!mBcM8iCbc4?KkbLAUq)PIEh=XCC?~GZiv`e zUhCb39Uk!yXg&xH9pb)Sz$f<4S=6cRbL!U0;lI7aVxIuE@xFnF&wi%i;diNrd5Su< zr+l>!?y-(*m;uh=jp_3DQ+W45V!#pjv}>%T>edd!JCgHjugL(`WKi>~@MIVtuZ=jY zoJlR~B7Mpw{;T>~;PZCl4;*A3hk;+O-&EH27UCL>R`EVLJM%F3D*v>>t^x85ID9KP zw>#mRF!eK1ANM7B559-Q7l!a%+l9v)*N-!<58%7Zw?^K<_y^VawQI}OT#FlOt)jzc z0>i;YHH!patNDKB{0rU=CdG8rKi0 z>xIphg3qp-i^?@8hTN|HZpV<{R^RQhf5&${_HX#UoVC?;Wh+_VG0bNVXLw2O?JleE z@E}z?SJ3Pi_=x?BZT#^p^`2N%_w%l|^W#^Si_AGG8DqY&rwqs~u2cA%%%_=J(J*^j?d)?#YM?uzzwyxBm8P7M zJpf(pSVy_0_O_jO>hWh#vo@1Gkj@(Nb1nbAt{Lnn z^7$%rlG?U;)V7^TZQEgf-;XRB#J*o`F*SYgWZBL07VV*SP@UfnFBU$1wX+TqQxlHX^kIb9<-f#(!XO2Nsfq-;sx zftv6F@USc_c(7~r?qdE@tJjHq?Pi``;8EysEBDE#Z3o!;#`peV!uNd>puxJ2~Bh&gG4th zqkq6F$l5M!pKj>lX6R!58Mdqy*?Ni40s2$w62zX!Hdl#j7qGYcHoEXi>L-fW^DPSO z{^nj}&LMyCzAISMD_B!MHMvEX2j4336(7DI*?b?mU@1DG;k;n%D(XC?MtA~q7WsOR zc|@vMW7c`M(;J~3`5r+Ib|7=FV~wNCP5LD4G5RF1R;o{elEKJHkze|Io~&;bbb%~W z_+bAufd|(7Aow}N`ip$M5_lTe@4TXTz`ipF4cIp|V8x~t^De7sA94qpF4$M}>FWD# zwu%}Kg2Q>dms;f5PnC=mz8cUh`ASk_`|n)KhC`{NmUxOuV^@H~GZ&XGvP9lF?<@zG zBEO4##SQDu`Nl9df_FcdfOvb_kK4 zdv89UeD>aJz2oyf^ZUHdOHSC=byoB?=(7j@Jpml(K?aMD*CDHajLgmkee zp9Jr--rusOpV7V^`u+ds_VwX2?Qcy|T+e^OzD`ij=2yKo)koV??dwbj-%hiy``O>x zj%>Mgh;{k)OGDK?Ge*ykcooA=BJKE_m=79C&w*dLOv&i%iP!`bKB)zE@H2G7?S1;ww(&eL6v zH{EgCK9_5MAJ$&z9er@+mI|9Utu#DW+~{-8BVapilC6ag|8Lpv0#6tR@&B1Ac#=HZ zz0Wz@?fO5!lU-+X9^s~5JTc|Z_B?_+o);O9>kHiHIUC-0JmAV{=W{2rHl?}t`P^xY z<1GC#yS(QS?f^fc*g~>P&$QolA2fdke~g*)K>nB!jLVjh$$d}yH@w5(!_jT2yyFiG zY<%d?A49GKY=JZSW5CI;gd33Ui;(S-ABs2WyWjOT@gB+jE^I^heq!y9+=d;Q^vNiW zQ$86!Q++bJkJxAKBQ7DAQULx{z`nQeF^)ayo@w2Pe(-?Po^&+rcQqjY)uy@EY7BIm zyaUa-*NX9omI{b-E0%tMZY3YakKrxAxLW#k;8LqvdV%D=fvXee%wTw@QHoB25 zO=sy7>f4s9U);*t>7C?V72nUKUp(lnnODDfq#t@d+GqW|{-d<4KJi=Qd*ip@Wd>)j zN&{Dcv0#(MU0?0oxdklDU1<~0V@>?lxxG1lpJL_)*q<`=_j$JX5c*5n;^VPDfcfXy;+w$#vAM*T6q45_H*Nh@ z1re{ii;{M%N1dO9bq^M?iwPG4={YXjw^-`e}5=pFbDR7WrofAp5`4-P--2M)jM z!w-`AE}`ST=l3IxjCmttf80uZO00Vwv7OOI?xU;?RWBGm`0fZe6Mw5*?Y42NnAM56caPkbC0M5uC=gh6&j7xa{ z6nhb+t*F+FcC>DaXH|^CzYceDO*n1XxqAHey1CCXs5c0>4P&jrmvMd8U`rqP3m=aX z_nmT|H~O^?y<7W_3;fojwO;`4&`E46Jgj9D#0@4&%{tMa}-o9`OWFVh%fwmsfEGOb4~=lf@am=kizjD2hB z*q>%RmhjSr4`X&=G+%R0x7+j1;e6)XBp5Nr9OkPQEwu-9OcO^bmNzoZQ#T$*sH|y+>;my507b zY20fn0w#aU)5L>F?)?%=EN^ar=tJoDy0`04V8WtX4M zAH)}uJYt1#*2a@HwLOjbtXCkHv&7bL?g_)ki4JD(LFhb(uUTcIOW40aw-P;9a2_DY ze*>{fk((`JR}?#Gao*&^rs8`cye7u@Bg-`(Xbf4t_`V)& ztYJHqGc~rHerllU6@1p?_hw$D%qzBzXG?en->|r=!g}q3a9&pJ8?m_7y5^ZS_|l|d ze__3C-&j(XIlMx@ZC`RAg@@?b*Qa ziq&x2H2CWBQGAX2GHc%mm~|MsGlG9SIty6iU;g38ryBQ@XRef(<=9HrY&E`4^2b}p zuL$RH-;Hv}sxQI+(9ko(KM(()bf9+jiHgC|SCQN6$Zy}p_}TMm-fLwp2iEAf{^k#$ zik$K^poA@G8Lfn?E^}D7*yTgX|0< zH(mTFckC|q|4i;V`B5Jxw#R*65Taf=w8nl$vMlmeKK&r_QoQMYyZi>>TfrR4&w~!< zQ-?j0H2nX`dhDB+dQEn{Ro;3xQt!Les}NmN4?lUbUanJ*^Fr$HHgCOqsJDuG_fZcY zbsFbslJ)Q_+vBwBeb-y>XVhz=-d5^eNxhJ#-gKv4i(T&5!Fu9U*?ej?4w4t_wJXaaFo^U5}b13nj_^4wG!1pqn zKl-w3-}ut%9@};)V;l=Y2`}y1bfvw|Z0IV@+H{o zj7mQEsbewU9N_rsh1k$bE2gjO>AB2?hvF_)KO^~4>7y;$UNjt7@N6x#xfXh5pK*h1 z-R+F!R>q=zOpQZhaQE*XFyrtwFQjhyD0mfoXXd%I!+MwUEQXx!V2mx`n2#|%yr`!U zdA=vz86Q64>Vxd39T`0MZtR))os{ijKEz=xkMmn|&@=X%HXJp z2j7hr<4>rtPL_S0c!~<^^&`2~$u8_@|GxVlYb!(k^UU4M#ft(3mYio2hWIh)UU=R zUA6;Qy%N-(F6#-bCeE~WU0Y{`ukwWw*Q9|nCO>K>a>I@RS6sx)tsgd4a%V~h>-Z9Q z(Df*?dyuu~W!9jxqP!^MdS8(_?{+nxypM-?UXDHrt#<+6jK!ArstEX1Wz^VN88Es zx$srZdoz4h^Z2OBJ_EVw3C01wEdk$}wmM~U(@dFnDO0bp*H|WxoAT-X2sm{i=axOi zS@35=iRHW4+eCj{gw8^YdG%W8d>eGG95^vsXED4$xVXhKI*Z{0i-2_-x|q>f79c<2 z1zw%yN%XxqdR`3v5&>S(VLy1LySm5Rp%;bU+WNAcM^Nv5+@}`jJw9UmUb*2b1K6L# ze)x=JZcO*pJUc85JdKUoV(9_ zmr-B)bzkj2P8zVUWAM%HY3%=28GT`c^o8NH5v@6+zF_2gQnoS=$rkba`&lFO1zY}u zW1pul-0Lkrhw}5lq4~&9_|HK4!tLIAH&X8`^@Z)k`WRcEI!%=6a!8}x-zPrbHj z%uD)$^aiiKP{r?ZkG{Zf=?hc6b-}5#(HAcA)EP)$xWH4c{f1DgzOcHFzQAwE_+ivp zQwR>S&hni+iJj5PTDyBJ(tSFi`3Sm(^aOqHLf^3c_cp)!j2I!!&8=60%_dt&a=QRN zSA{+!S`-}?bKZX+ywmlS$XD~~kyG-CPjl%a8@v}E(eLP>`<_V`ouD^I*QL@)7kneL zWM)w&@pxVEq^!y8(_cbvt0{yd{)Kuf*>1S&texv{*$E-H}0^D)6(OJ2gVa4;~0l_d{R6 zC!ev%-Y8pYCCYBMlKN8vV_C#lLW^v?D9yEf06%9eDlc9vUv)tRa+~%S(oV?mnxV+% zVDq_&Q;ikKj&}N(sdY#epOrv5&B`BkRO2)jPN2dck?`BtXPcX0SmA2C;88<_D@fP4P7{jej|GS4R|YE=a0_k@A=GOzfJnId`QP{wDst(erliF zHs?jkocKW#(?2>HKNx{m#2GW|_H2-U$;ozPR~vF$&*hhqeyROBcP;fydWKokGAEua zBtM#R&67WW67(?xT7&O&=4js$-Zcf82+zqj?OCIA_ee3Zf^&$`{0ePXQGYq*Zl}&h z;^chjkjKU`2H<$Sz|N!FaReS~Ngn+g9y21JqPu}LAy15@DIUWM*= zgnQ<4)Hi$vcpn?*RbrM+2$A6d@^OK*x z@%Yf6zxVOjgYUgHw&T4T-! zm+76pM}N2RF};tOPtG|KXSUGtH|JXZ2U-FPeyg?UAf_&dnB$ANSEqZ`ZL5w$H#OKj zdBoOsc;=!h8G2}S@=fQ;=ii%eIs)DYz{5EFy@5G2pl`~r&;VX;=N#R^OxteKdbfd_ z?X!??@SB(L1s$Ah+hsc#_x;p8Xyt`pr0xOgx@B)Iq%1ntLG&`&Bjb_NnftB?rvsY| zVADAj8xLHt%wCx7OBJpk`t<$AIJ{DNk9^wgWvn@TLA05{KYpfB2Z3WJ^sx~e{-2|3~{Mh!H&2FFSZ_;P)H;$)Hl)l`4)n`XB zV}#z0!LzbgjawB5w(`^Ie$}3ytewPSp2)157Vd(tbU}w*@RO_|=)M!s4=+YP{EEh% z(cDqx4}W%jPvZ_?Dm$qY8NCh}9ivXj@n?yS*EET*Sk0}(#fbNnjiN31R28;v8@#^$ zS*yAX_%8Rbe-kVvpBY z{^g~>U1QpZoZ96XQx;>&ckGMJ%C)>}#=v8upI&)tk8=X}-v#~`b8klTsh;`GtCp?m z#^-aKHO=u2TJF<$Ss%%@VsPU&#?pl!$k3%PH#`yCn*{D@4$>(G^Z6RSs|Ud0YwPmD zvw1(qd7s1kA-w-5^7a(+U1P~RnlY`M_Dce zv!)5(#Dn~=g^FV6((Z5f)Bmzv2fRp>;%8ZapJfevuF@KAv-jLmboLR zS6&BcXDzt5Em&6c;vj2U8+0rguDqU`mJ&~VJLk6V3Zb(Fn=iW5dNh}~=J;s#B;i%j zaTYStO0?t)=0)M#dQLS)N0$`&EML(k=uokD`OqQbyG-{I)Z$|n|JL_45t|O9#6v{I zgOH{1Nuk8ArdW^G;zN?1;Jbk5@P;zRmluT2r`Y>Pi^|Ct!5wGl;fXf*TU92s0q<)q zMAtkgO!s7Pxs$%T==&&rPh`Jv5V%p}%U&*f=NNFA4ez-Y-Xr*ak@@J;DzrhWzj83nQLAySbm| z!sWjOwl3`zf7_-#c&mLML?F}L|9O;iXYU8HQ||u^Vw0pXe*B%v%U`{=$*KZAUI;nA^Hs{IG>qVw-aoeg}BI1U#hC^ z*88iE@1X3glEgPHa&ND&5?dIDYwM$TUv`4MGUcHk(M2>{w#ADSv!rPh%eb&=X~8_#$_nJPACW26nrF;E?Y@9;m2=l7=*V~}C(F=biPhRNtw*rd8y`n$Zdnnue)&Smlp=RZ$+hVRFQqR;I(;U`+(KwXb#>-dx>*@C>B>BpZvMwO z=mz|VcCz-}jQw5c<`i`E7wG0==%xp{3HTC6Gkl3-gM8e160ANx(wB&JI&|~ve&{BU z5pJu`^sJ+OH^XUkL%F}_?jN<~(oGwnb`@J2R7XWXBxlI&|c= zlR{6w?xm;iec033GzNO2&oj~!<WS8qbW1!=^r zt#nRF5#=v8W2hYxuJVo{moaGV$DjQee)oA}2&ISr$Qbr#lNlN%tS5rf~f;c z%={~c;@{~DoAl;iFrG?co!aSVJN+C4FOCpz%pS=6ihTAJ$z}B=;1YSxa`KcHh0hb5 zpcfwsRWxw#Gd|9%n*5c|LFcSh3BGq1Ph9>SVjT@$)pBOQjM=`U;{jkM8;A0TB^%5* zfP?nt%CP6;cetv;D!LVY>Y!Dq{ky~xzITQSWj`gB@;x)JkURNw*4awTLf$O_MCJbTKCNV*X5Mo`iCbq`&vqPQ&jY;EzGIVfhE4ov{9my};pvOO zOX+fftMMDb%ft`n`EC6wpT1mQv(3|n89o?;??>0e2Z6B%Xd4n|2V4`EX7vNKT(z)KGizNk((oJ zxmoWcM{G%=V?jyc=<*U|tWB2%(8W~n{M2mt;9MUuEIz)Mfb%1oKTlpp10$QC4BL1ZeWE> zFmQ;W6T~0Ewl{0;M`k&3Q~`U*H{?4A7F*{=`!L>K_ zp3mQbd%&|4UwG^-o-zK|5$drAmyGYKPscZ4$9L^cb9};1pTb3rUGZcZf3%Uh^gWg} z+cp`#ulP2`u&qwI!{9UP4#44b-C;1g!%&aR>D3*GmE99z9??d|>%c|0@*;EDW?c?$ zq#4|3L$*ur)TeX>AF-#pXL}p#eGy~qgvZ6;afNF_)se@6uh9k4o15T?oWa=B&HH4W zB<=qiyXUTRnAeE@Vvo2lFymB_;c_j>Fv4L2$byd-7*{j<;Hvm>Uz&+-q2GGDZy!FR0*$er@oq`wlWoi+ z?%}8BonbCfbZwXBhI{7$u9|rWUw`M)+~xK>o*sA}zYV6+TyzJ0th2`~9rwe#8S^^E zyd!nY{mu7md3z)$P^A60cfs3Jb==LhB{O^izT9g!jWl}vsnI2g_s2j(IVFjBK}n)* zTnTvy;IC6k@UfO~*E@W6MoHpWaY>>(FthsjtdhhB*M|}x-V{pw<(5$5gA6P2;UFvV zmtox92R^?8?nU6I(ZHzYtI=cMWsN(*`7Ut&C^#R#Q+l&vNH~8lyw52sQY=FZynAXk zb`|-nBQ;hcy3vMDB|g8O1D{w8IuHCkveDkJD&@INYqqa{lg_{ueknYKb7^K@Y&kKW z&N<<~{`FL&Vq*P4qZ1x><5Jf^yRnBPk1fN?MelKb|2^?l^7pnN&yv1QhhIkYERr6M zGB51G4YCL0!1bR_^)!aChjOqn+kp8->`ZLvlsqRJ(UT=J)}SYg=iW#^mUtTfUf%Eh zz73zrUVN*sve$C|s>Q1mD|W=nFg_FE$FJwW3r_SHStb0h0#@GoqTBEB%!S2sz+!U- zK3HI}Uw+i#7kK@sr_ER66D&?LR#!id8abbqq8EHcdH`}R0$+KX{j~n@RB^sB-p`y& zyw)YgJ~Z&zj_!3UYY`eR+lKhMkR6|6>tE^3L+RV_V%{~N3u<3zEqdJj=vBH~aRKMv z_v7EXI@5nBb8zM%a@!=xqo93=!w1n1UvhN2G@tg^h!Fs8G4x*hp5wIU55J@KrRQZe z&jj8z$e!2mpZ&PTO`b2>Jj^KCE+o6{Z=%o{S$^1enk%b>18=t@=<~o@oRYAX?gSDnus2O697dX3Nc zlo(?tNydpf6Z$ z<@u6jePexw$N2NIDC=u3rd-B^-uLMjJMSy?KD~Jw?^AhDn(c>yughmr;Nbc-(1Pu6 zckchx{l{f}@cU`j@i}0(+p_ltSzr6CSm>FziLJ-SzDMz7;&;N2LU=}uvoN+jaOIip z0dS;}y`@u6hZ1-BxmOUJzGsbn-(;^mv+wRTIt*(OW1ZrxXYQ4YULTe@)i_S+Ut zCuhv7RhIG%5jT!bIhp;i9QYo3;+qZR8Ed$2!J8Yg^Go23(OJx6Hvf``RyID@kPZ{{G| zM!uzm$hghKPAWDkMESq6Mi#sv0-p>b{M$%GuQw9~JV<-JiTROENRqU8>lT8N`iDV;!d=Ls(DkMd8CZth;Wcqe@?F?h(Kr_!uM za~A)c4Z0TlX%6<&?eI6^ToZ4ycJi6TkVD7mQ~7^}-z2%LJ)FVKhj`ypGaMQl!T%Td zAGxz<3-SZI279gg0DQW^;(La_x_uonZS%1uk*6;sPZeX^{*VRjgFB7P@p0B^BmVce z&Uyxcm3KeE_Jv1y_wq&7qph5~OF7fZx?DcldQ^M-oA6I<#&?CDu}gXeekP;GG~s6y zU*C+M(T!RE6EP&>$6L@51+x}#=Ky;g`wG!pBZG`ivxV>Sv-}x-Z6COhqC+`!(cgNf zoX2&__4^Du5>Nm6T$^^L_e(GK{n!(@Kj;0j)cft-c(WKVlwVwZ%*IBlV2{JlOzr4! zj%Y@B^bqGcncoTUH@{ZA+PmN2H@1i5X&ipp2Cr;~XDFvw=Mr#!IkRXS_v+# zMyEVgQvFVSC^3a~y@YlB3hV0fNAWA=$<*E3Iy2FMPSc4l*TufyQSj&(_|t9hYAE|8 z!?00?H@}PivBt5V^t<3i6mE_c?ko%uBZ1G9ecKgEf<>!*F- zJ6J;>YpwRp8HYyue(g0aYagqW{`LrGIni4~@W5xl^VD^9;`I#uIp}NKeJMa79 zi_@I7_436BoOL$*us&$-cYKxgtxr$YPk+a{y#;L?0Z-!4Rws1RZ6!M1g&&=Qe*OY4 z`WSt)2VTMc!*TW>-e&*dongMjyX-&2-(o#$s268VZ%{iSbSBz_u0!U`^^kD<{r4Lq z;E&?a>cDZ?b&{*&iFME8yl=P-Yt|p^N*vF@~#PbO4@Juz$8=M_QhLshFB*D;j@lrGLC_G`x3@0nGXM0f&C;p zxLcp_l?ZXDmPL#P2Vd5+@v3KI@fg?Em8o#+y8J^F5_CULVlEllGT8UStgEP!?Df4W-L_CA?wZ8CU zDw~0CVGzEBVU)!#ex)27qpW=Jtyel_BfjuMl&$3ab_TT8iQjb{{zzh}ld-iq#3Swl zM_#_rI-Kdt=Ui51cLaUy3-sm23{z&3$~=)r44H4DDZ|s?FCb8{{;Z2+YjkWg1;ND<4I-P@m!tK9~ z#}324ESsX0HV(kgUKBrr7NkGQwrD}mNZ|=ieG_lIg7sp(OBmM@#uY&($%kTigIn%q z)_fghR#kiyf08!gPnn&cHA*iH8T}yi%<%={L4&)WBo65~^Q!gH&KAb7gLzS>?P>V( zZus(Z!2Si+b}wt&3SWK+zI=$ir*nE51CnQqW#5hHy6pL$h9~nKJZZA=WDM)6Gs~it zW$>l8mC(xU-uX;rKFQeRm5dcwlrm4Rucwaq&%6t+2tUgiGM#~r&M>|n!w+gc#Md(; z>Fe2*;_F%7$JfK}zYtF$|3-hjLbk&ic)#|^;$^_I-eNq!6dkP`ej&NjW7+4P+scTo z8ysBk>H@CMp<-3xN4-9WG-Q&UgYpmbYx^8Bo1?7tI;{yXF|oer*IKWCRV*{|Gq$=H zKHawiALNVig{`*XliweFR;7n;7kusnKE=K8nI`xYp8-C1_JI$-pB?}{@`rf!^0v{) zi!t!B9B8=!+8>9!n1sBTg1ne&>zQw}R_`#LcY&vLk@a7da=^O+@NOJ< zHwnC(0^Uuvb<4L|<9C?HyTJWg&-q7lKLtGfvtbwZ#%?n%quUR%60^yx!MOKCM$-;w z#&VtS|H1xG1?R`a17m|&W96-&%zE-Vgp_-M@4w8l?EDmbuO!C0g z<{@%8SkCuR!zho8v+2^Z_w^`WDxOY1r{z+px663Tr|5wFy!V#S-XpU9^khYeyJE1**)UxQSf~NbbwFO(EJ+u zjg2IiobA&*Tzcb_{&fIsZRr4|(3bDqw= zBldPBec%f!D)d{IYVOCD_s+dcbMKAS-Bo%xbHKS`^mrqoaDx;o`ea z>M6Ifj{Tj(eS&xz*)$!%L~^YQzK9G@?0}zT&9n|rsI$W3e0D7Rt*q~hqwtyYdEi{h zBVwVA?=h|U@;x6mmMC8e<5%MPD?HlWD*zc0=+4eqp9XKN+yhHcgP+BqG3wv>oD%3o`bG({hIOn(JC9p7{5|K^pSHcD3wRhamX z}f)2l;$203Pm|oa0%O?`utZX=;Nv{=KQ6HR(hSbpltlC4YrGt~O+riQ&gKmA{}E zp2G$$XUCC|#I9~8wj7(H+RBwaetvi!{YHUBK5!{J01RKYW6jzg;jBI5{TIfI&$(Lu zh$_pvRCzvhp1_o!L-~2=Y?PJWxSg`9^9SB*z6an}TSr)z;%|RmeQ&}yXWP%|&DToy zu~)8j&>4Y6^j$^YHN-sVz5r~LYWb7o-;xb>>^$qy=-klr#rIfuSAa*Q+>h(xW9w~( zHyQf4Kyb{s&+z5VqL1mr2c(ZU@LR+>t_^A}?KMm%2KXQ{;{d;3y zLik2>HseCS@PlKLm(m%NJdJW|L%!-d^wTxyr|{}zu7ic*YmR=p#?en#%;!8lIz|J$ zN@r9z(dTA#y)D2cG8-M4w#BFFuy592-@qpg4|4agYO!;Iz|kaN`J+^%;inURPC)UV6X3X^ljzY@Y1fv zEI56Y=XsPniVvw6+cNw2J@aQ*S8{HO96X#E$-_tfEc&O)6m!n)Rob0gU1`pA?BzXi z+9scb&Wc27Uhd09U&n9c@Y>^h zssY;9J<+aS+HkFH8+q?+x9l0(HKL+i@p_yXttC&cvop@vCN@(8Uo6CvGXhAj}!|!774!k;!o%c=VaAHeZxGkRH z#M=c;yj_a#oALPS9rE1o(;Wu_ePRuTB_j1EvKJp`4zO*cN{s4rmp~uVLM}pP_<&j*PJN@H-iMI_*rs z5A{=UfeoioYD@KW&aMI4mM?oRvi`OAdgk}Heimhp;e*bxhIBu`In1B3KjYHq0?ujq zz&+)?6#Sk{vtFrst$HuKiH26-+WK{zDdXLug|^2g4x%au&95~UYgi6`N? zZmz)P$js1KJKpW;JX^-OxfZs5OZ+z2e6`cQ8OOhVF=ZUR{bV*@LO*7Y{yGc47ybgq zmPOs{O3nc-=8O+(BOKSAIO5~*>_Y>kb<*I zb2>u>LkM^`iV8sJmU zyw^cf>(NCXVy=&1yES49JdTfLBR-Zb_(pcH=kg>zmZzbG-Nch5I3EhWd-+fdn3bV( zwbB0~D^R5G?Z9nugRi=Lt5wt=?rWTt=nqAnc|Xj&W8AH%dHba&F1>WXd0z(o{I}aG zr;mnL|JFbH)l%z=;K(`1=TY60pdHc8br*!*T#;_QUh%^PZ~j6u#n_wa&3nPo2zx>M z_{0|8pq%2H3@^$K|K_KuImO$qw&l;lKK>=;hVGmHG+G7@k7Mo88*%rMr0k|>=T*hY>8Atx7dp>QHE~|Z5msZ^Nj?+d6-W3GS#xFF9 z^~_;C3v9g4zS_d}Mx~DiZ|19^N z?1DD{yL#n_e3~3&$e3ilCEyk@G5GeG@LBJ?-)PGqC%+~#yGk+={?Yz4xg>y#OUKy7 zqvUtpgq6LF**>Eb*f`IQvQC}I*DiGG3Ul`CtKlOju;HqR^Bs>JHCdur5MJ!9cMtWnUiVQCdnXNBC|Pf^J5IY^ zj=sMkcjt<+PW~s_a_Y zj9(W@1S*)9%45svw_+9ltU9!5%U6H%z2EFnr|oxgH&5HTOw zZbylylAS3VMLCGt`EC3_b6q)O`n9rt2UtIQOqtF9P)_bs z$~Dzm)jn*F25{BA7omZ<#cse3#=oXMH%IXI@cRko)gN8B^D=fO^6cNvFt$AS_741~UFZY3=rW9VEp=cE(7VQ+v#Hm^$uQO<3fyl^6EqKvPF86 zcN{7MzjS4e#$lOp4-Idk4^x)@x51awlpE6U<+0%{(4P6;GB&)8@A&059BdkE{IThy zpci=7TJTN2T-T2hfcMEK;;*&BL%}ooa$D*Dr9#G<8%m_ZpEBTC$@1W)DGzS?DIY-= zuc1z96S1}U8_oBtON#vXgU$C#N~-iQHKE2aqo>&h!68Oo|H=TL-c8ak%6Bg=d_@7-zoYUs|Jaj=y5Sak_16 z^R)5VJNV^$eN=}_Lqi5`1KNxu!_`&^Hq*nj)zgznF72$H+AEErE5wjJF=V~FM&far za}52Yg>fd&S`}!Y+dgY`<3}Gl`L~?;LRZQ2E3Njk6nGeY(alTW&wJ@z1y;58O}}=P z&6}bHq3S<+_>=ZOcTN;<>b>tKunT&B3c1VwMSMS^TtWDu(x3m-(E+XN_-Y_aq2l+1TYV4A6nn#%xdV_rn zlULoelS@1B^g{l}^8HNhT>E+LOsAboX@~!@d_Pk=(+6m0nC4YZJ0aTPe=OhKb~JDA zye^_0?3Xv(wQ=Y4McN32N{b5lC*F%#YR_E1OWQZnHveP!?zY_*X2S*;qiLTU1BLvb z*8c6Zzm)d*AItZ>_}TkglfN81^O~6UE6R%s`9H1wM`?cp?ejmD?`InSk_U+_++ysrfK&a@Ig=FFGwuAE40 z`EBSW*4J$NFgxn?Rc1F=6Z0ZlQT-@?YQ|#0$geS-Xn5+}a65O+xc(R2%bi9)5oEsX zHQkZig>5&+S6h@-nHE0AJZ+z|}z=lvCS(`EjZ2wNDedUfjM)?qHQ!oPDKLck1rMf z8j>#t#sOW-@KwRmIR)%e7*MV{oWNmD*PRqHF^FM$){$v*OM_!e13 zrRC`It`$t=&Fk@vYu^QK^vK@F?3Yx$;VNClvt+~lnD~w!28y5>?MHHlEJfyZIO(SO=e)# zYWq)Gh#9u5wD8exaJ&lItl|8@1<<~~wrB+QjXMtJ^?V$D6WH%NE#E;lW4GaQF}6Rs zso4AZpWKZSsRBo6&uyasnyErIw!)7K=%eZqI|d`3vGFnKyoy5$l>3Y9a;3fHn7d*% zQp$z=Mft!qcBhpnsDK|Vf`=|Qa>n4i11-)wuI(v8}mRQlFBSPkpVYvGiQ{!dzcb6h78YnJx6amA-|O@S+oW_xQu5 z?0;rkg2 z>-4bCVm#FI1+j|@m3w4b*qp;ErcL@T1BT*5RmjOWbGOWSa64D^Oy(Y2LK$FZ@BvtD zv5<-2VhZdgeUoZR>ooSr|l&hIzom|L1N*VC3 zve?t4jVjvGnV2=?<1XjyMCtqG>#N9fTlG=Rn^oLdTr+r$$$cAP-F)~ro~U$up!y9D z-OBGMd^V4{MbLS2nS!E5kOa53`mo-4y+Imc$sDIsS=PM&}h$KY90ZG5VO2f1f~ z>g3;;Ek0qdq0!Cwy_7YS@3DzB>h+&EephEqHH^v2Pf~cZvtAd%&+uCw)?QSd@I5y> z{FNV(gR2jIltV{e8a~&>kEXP+{4{2s4t{(c{K)$wc>%m~%jvHTo+sbmR($naFR>E% zat_Padp|tvR_5BoK0p*d=;n~EGkuwP{)yiWhX0=3+57ux^B`@$M4R}GE<4lN`_ZBU ze2sn2-fRC`JmpQ^OUAe{Aw4Cw%(@<#W%TWUBd;!yyh@EvP6wYl=A!?di;i$fNn-z{ zC5hJQB}t#Ge4Gz)x1Ql^;u+#Y1{X$$?*JFH$1EC8hju%lclj#4^I9jofad*}!{h(p^tI|k00wS$)kZ~x342bJU;)7>ma$Nn09 zl-PP>gY?rrI`j94IagWfvXT*fb!8vVWan>n%K5%-afd)Zy7D!Su3X~HW0T$dbIs>W zy7GOe>&jQS{oF)9xAfD`^)?;(H`)FC585~LyoPyxojH87kA8fmtsfWCZi;>kFE;uy zb3c>*y#rmgG37&JQ}yHY>(TvhqMcjd@w%JmF3w`I7u|*KK6oxNit_JRKC0SFn(RJP_*R-r%DU?r@aN}T*PC{_oJ6BL}wU}Z?**)mcsu7Ha{{v z$oU>Y=9-vE+85vaHo1mO93VW+Th5fBtl}3`Zq6CXrSKTHj|}7uI_5}+UeAG^ZTmRG z#BaSaPVrk=De+s8DL(W(Xm*K1vt7XKI50bbECyz2z)Uo|89eBiQj*vQoc7F)W)y4qdN2>gX}lFIb8Wb33}xUBFfHS+bk9Qgly;wu8{NXrP<6 z@)=73V~MZqrDvUSe3pAcqN0CfLVTsM-O+`!!xzPfoxoo1qR%Y!iV5J5c-n-tvZ4v( zMwab1@jrO}2k0GIm9Asfp)AYzM^o0*eTIKf=evnpoIiV6#q=5{W^DjEI^4kdG{ppc zi#te-o-_rXhy1g3)62q_2sSrhcYr(b zuzeP^bSL&EV>!CQrrmDnOT5kOPr)a3&T9@iU)BsBd}ua0;LJ>8Gwzbj_$2hCSfyFW zY%a?f-3|ZKIj+^LpU##mpLHCbuQ&rA>*2H2%*?xbY zv;8HU?LV;vT`iuOa!+rJbuWVlpx;!-uM1RrW8CsM{~vt|dW82!kMKE#&p4k``RwGg ziqCF7nQQc2K9NV!Q+xuKf=j?%Y;5^FbGQXp@;t=za-NUo`52z(_{irP z3~PMI+S6>52=9XDbKaeJYQZ<@`=FnDFW|g8@ZQ9p+h+FM;90vQ+r_htzQEp_>@)2P zOHY<8%QJ8$79M*(FmK%(1-_>Dww!A{kDi14(>-vuf8|I!HW~1d?pIZqs*AUmWB;Rb zY~kHja4E9f;*1^hr~Tf2%AnZ~-N&AFJGzhbZS7UhynwzK`zB*Q3^w_egtr;k&!_3l zE=}=XveHX?DZI@orx+3K;d;x-hiCSX=u^DXx4_}4=vm%!t{(HNVq1@S;WYoDozMA| zDdLZ*`JBc3V~v(=v%vp1!v80cXGn20ZRcQ@&-EFfqJI(PHX7c9Ug`_~^v|-zf!Ri2 z*oglI80;Tu?b(gbafN>}eB=yy7#~4*;U1J3R&CMLTz~iyc;Lx;Z>|IK7UOl-TKfK=|I6!rnm**f zExI1~tnP);IfBt@V6;9JMh(a^?IAP|w>Yz~h%*Zo_w1&dxc<9}?0x$*Vh#5;1n#at z7b_l2ejM$=v+hw~-*XFj;hb}dH+J^sUfZnLZ%^*ETKH7bhIH4q*v{dHPo%FO<#66{ zpYfv{nr`1&yd8e9V~%20bGnz2yW>@O#q4i#HuidG4xCyy0{`nd#Lk@u?%!$4(WF1U zm>hg2#x}e8&@?*-UldsvSz*JclD+g_F^|{^^iKG1q#hj=S}Nta*S4->PRhae4bBvr z9DeX?ckbsg_Za-ykDNxw+LdxHyGDAgt+N^3iQi#jZ^X0ugG&r}lvJRH!{-d0T`2q8 z7oPto_?+m6dU0s0NifBCa`1?)e?_Rb;8SlLtBw1q`qk;Qp|uoGe-IdWX~tdS`#o!X zq~mW}WA&|ho<|I&*Up{!ceZ?3-A6uXfBzNM_p@Q=CVjKAQv4gRvtQhqHvr>bPT^f!H~{3dvr^sVi;gG1=VTJak0TG(G@j+~Zbly-S0!JA&Ev99 zI6N+3$3WP7ac-_$`&kaMZy)3CpzpVkPc0Q`;Z5jRo9E-lyAgfiyUYU{%pJQ~H@7|N z2&d2WtlQnJTfTEHBVT8!F8xX}W+Vj%oi;Mz3&-$HO+xp+);H+YJS&_19`2E0kKK(y zz6ic>5MNgdd9zF|!3@jTMF0LZdu<;?2enfEZ2d#)C*E%CrF!T7CF0OO8}`NIn$Ki? zu40{LjUwKHJSp9S$ZvsunVHt|or9Uy>smV>u|m@4b%#+0YtTL$UoiFZsb?9Uq`MLV z%@d)U_zYwr^|*ulPy@cV2CL>_#d2@8g6o@`q^ih&sfE(f@_m_pSgVJV`8_QeB+5t@;`qvGORHO@6}E{JVJMi z$*vHtc-t`gXULz_KV4kv+yB{?lkS&{n=Z5CcxF4e;KokJ%R<#_9K6u_n|ubylh1~I zDY^FU+zv3eJaEEE65(7LVw5lwExN|wSQi+{RnGk)|jg%kX=6x!LzRub#A}*xi%B$bRr(IOV_dt+)7g^6mto>qeV4DXgUgY-yo|`k8_;IB> zw;~&L-@Wz%+xgtH&ACe$e0XUdc0Y8y9lmwYQcjoj?h^1@zPOiY2fM@E35Ku!uzdCD zK72T7w2uv`^R{vDsg3cr)6a~1K5Hx^#~^W2iHP`>@SYgEe*kvE=_tG)pD`(RKRH+Q zkms3a6do1_S1a)iRNB6Qq}*DFZRyPqrMXBJ#%J1j4Q>U$izSQ6MPYJSd~)?8F9WMe zXwSTZe_ezB`z7G!K3fVc7emWs_`fGWi#^!)v0XoYEF;T$y)%$;s1v&Egf3gGjP;_6 zV$N|(=g3D^YMhE+6OCz|q=)KkkHP0YG5>lm*l5h69d8*Iw=M=gby+rU?GtXTnvy~{ zs@DMRG(bD;UfS{Wr7~_zfJ<-Qz9R7Z6^dhHPw6H;MPI_*Z}Z)ig-Ln=cWbY-`KC)N z^ZM{l!!KJMehCcw#^;`hbB{oQKjnN|&s^K4FRW;IV{6w_@3qaaoB6mBLSe&-6a<`PTv9vkZFb3!m5$=z%#v2k28*gzMlf!j%uB=yQxuYa$rNlQ0aJ zGlF_v0Q|N9zc}z~1%6wAAO4l+dH!%2@QVXKp1)BB{Nlh*@s;vz2yWWD5Uz~t2X2F2 z{j9NggLSfjvE-9KvK_cdkEsRkg)8D83xz|pq4wl=|6xy0WAQwTlyj<6|5%(li$e03 z1-qM)^@7dwsi$|c=iRy5_-V@(#Y^mGjg+S(&KfD^vxGG&XN_ih)=0VMZh7VObsEe% zz1Gh<{rikmJbuhsC)+>j;4k*ZXTy5$Gc#vm7T{+=r#P}9aCarT&jF826rPFRzv1X; zF7ADe-?Od^z1c(V_bTeJ4$K$%c`JDrfZ2X*Y{j%lj}u=P-?)%EM;;8^?W4Tw>rkBj zc;IT_Q)a`*`;J^rDer>lV(P~ohiIS{o55RO{Ja(TM&PsZZ?#FsK=w#}ECj~40^z3yC*eENlC1aqij4vLc|zOs8V=RhNjDax1>Yi!Oz7jQ?)Ao`q&t}qha zYqVwZD@l%jO*m8#;yvZ3;#V9A{6^CsWB9%opIYsFjz_P=pVXR~&vEe_V2rHIV9ouk zc_-tMtj$K>cw*HOb6;r`9Gg&!f4YG?*!VuXoU`h6_I;)9_hr6N;x^>3&bYrw9EI?3 zJ2;m<)w(pYk@;_7U7uw9Pcweboy+IJzTESo-5bcM6m@b*w(%~hm0nVnzeH~lY?{)GIO%-?x2vAvmm$A55iGIY0ub)SV@%sCBc$H^u5 z!-uOZYkgaljWgnbE)C`hr*@#Lpm!`}jFy4n(D2kha&D*q{k@E_E&%?_bvt%KC%7n{ z5Fn>-a}^$3T@7#w$L%z=O3 z^)T@S4!m~J#v0-d#j6Y-!)H>-96FKzz-H7DVhTFBv$l&dW@T|Fv6c1exG~l=;fnI4 zM4_dgnxXj6hVk#@f_(&BV*D>L=U3354#IajS6GRoD|x<}|EK%BtKnTe&)4z4B$Vh_ z4_&iPoe%LzTYhpG#Ot|Zj`fm`^!R7^g>C?L@FwUmp?$J{`~9g#WW)0suhw9b&W7~H zsDQhH@SljKfcM!kD%3GJEW9N~r3)O*N+Y(!#~CVMdJLMn7CrWAeqY1$V`cblMnKo> zLB?+oUxcpVD{g*qBkSNhA?zY}$g^5=o$t>DC-);K#s8#tX)Q`bHy@1;ALTrhiMN4& zx%BlcW0W3g#s=N>iIaO?L+prP5o0U2F_4z7EmWMdS=FDqN> z9wTmHgL_785&C$Dy}B&$s2m=zI8^CR9pI`6JaUGs3JFR=awlyX6b6*B+#71L3A*;Q7wHBoo0& zqm$Ztj?FV&e7HpTKpr*W!zStc6<_{bek&a7j}IspdixG|4e;9rEIXFNd+szopAA;w zu&@u?B37pTS^MtppLBo7`e+?a=jmta!yUJuapz%AYTV%aiM-6L&mFgH4)rwyoVMGy znx`us(s_QF=lNI7^FZ^}`h+j2-o@rwjrl&&e7B#ESY5&fx{*mbm!Ep7|G7 z-@eMd=T~`Q+M(gg@$aSR@gtFw$a%^5@}g8d(UtMs8*KbWu7BVt`>tO9z+zy2E4aG^ zxbHw_;}O)J14q}61e?Pnl{iqgx z1N}TJ-CcU4jZ=2rv+d)wxnF1dMbi44`*oq}R!6t7__Ot8`#ypRS7^U1^*#dO-VVkt z{M$r|p8qpti?g}ojB`24 zCm-F7%y^Eqe1SFHi@X8ZzhFvkyM`2C4V2LFYpweaiSeT6hzN7`-cNZNDV zg8VUSRqNSjg=e@taRzsZE@ZE;4LMqS7CO=v#d{!QqsZSNu#dsNB|D4`zk)Wv8MWn! zliZLJkKD z^3j;{h>3L&28sM4v-W--GWTJun-3Ccn<87-w~n)8P=f zQUX7)?I|0NVtYf0&^(^c4<(AG+V|WkCL>NCIv;x(^;3NJWlp^T+WcF~4>UgH1AdI$ z@V$z)bLb;a@*$Nz(AS)^uV*nnuio0>(OWyvTRT~kuFO!;K`Zms^r6{hosk)&_o+)N#A&;U&^x*Yp2E zpLY-O?h&3hisyt99gp*gPT8@MPjr}$E%eD)@M|RX+~~(WjUBAnE9es)fh>p5*F4z}%4p8! zdk#Ll(`4~z=^XfhX2`FG){ z_{W_ZUx=}U7!&mQB=iYSYTpgb!#_IV6UiLz@v@?3zje9#>t1d5S>ww#z8|;G$*DNE zD{uPOT)jG_Pq&W(_`TYj&G^lo9V?K3oE`Tgmz4iodBA&R?GSW~Y-}^#JvONM5C4g+ z$G8U^^AyGkKX@B@JC3Z@Ts6;k$np8}WfNC*uSBO>jsCO(9y(WiGbLsC6R9tmYsa5~=d_!_eUEsqobA4Chgk$S+>tM4UoF4u7?;7%dOOENU!1zhgHytnYaD#3=_?QF?fsaY*o)ry ziwJx~I3e6v%Q@z4p}{71&9+SP3vCJfvc1M4XES&*)W(zc3)q8(7Ge&LY{TER_gw4b zs~#LVOdN)bBQbbtrpX#_U*JUC)(G3nRo59SNi8avUZGDYbHN!gz+m*OzYe+ z+e);Wy)xSuD4ab8-e|w9jd2-1Kv{^)1ya#-i=Dv4dl zt2ifo!@ciI-lRPH7SFWS(jmngN-wo#$tRvzJXc>d@i`{epjTc<*XWe4!CbU2Wc=ci z$KZ(Kr;z)5e85cd_VERuHVO{92mFB1i!+iwTCJz?mrMiCD8C)Qz!A<(N}rloZk@Q+ zcR_e|n(;Z4izlu7DDb{!+2ZMO;HlUxw_W>waq_0m0M5vM5JJH7uccMQ@&&r_hPH-|(;0s?fsV}?&&Aa-6Rcm!G?wko$ zg43_24y>OLAYsl+8GXdqQ@!{l_+&G-*=}xN?1V|cWjXk8JNTg7z#Gx!e+)h>TXx%Y zb7t@(E4;W*KHvkN^qrG(?GA3fx1V|ayc@H7eR*o#N0* z7Hhdkxj-)X8hJ2!bAc#l@#Bm!!hGcy(f*tKcBbrxsqFF8B=d%->``)dL|9+5XT~aLA%pe@(f%;n2d_1!#r@1lu^gg%_s^Z5V!XWZxSCtr z4dCLcA8<*c_2Q7;$&bidZD^QmC3E_WJJ?aQ=g^TEMCYJ&InLD{8 z1HtEB-zmQ@14pGx2f<~NZ^#mhui;)MgLmL>lgY(0G<-kvGx)Zmq}n%+ zxDaqeI<(H-OPAc={b^$-_!edUG0*(vJKn^6BFsI`eA<|+Vl|b2z}>?+b;SpbS8I;o zuI}7?m*25k{SG!C=R0`}p6#8N9Z%pLyMaSRKK`YQBy7CzbIm#A-0=0xVPCI*^KjmV z3C6c3SYWelF!mnsRbSrvN#3EDF!;p_U-9q@;=tzi!DpkN_PGx)ARPX#b$1g0sx=gq1r3ThqzoSa17W zYbwsZ&CA?2Bc3)R(@$@6(b>0|>$Yhzc6XfC6{of7uAgw%hOIsR$VeNew+f~sL)Crn z!?Wgvs#^jJe%n|6UjrPy`|pt)=#H}De;bL5jOF0}Mqew%HnQ(Zu<79dcxw80_S;>1 z<0@xO731snrB7GixTcT2(bvWZn!bb0we%fZ|QCVQ30t{%Kp}}*d~ym zKu{TVH@n&v0z_ogntCm3yWyfBrdBT9c3azJF1Zp^@JcM2|NC>E=gB-XOaR^XxBKVy z3N!Ou&iS72`QFd>d(Hzf#-5Oi{&4%R@%5l%;XwQzDGYZ1uHHQp)z*jZe5hZ0KGN$+ z(R>`ts1&;Kdx$m^8 zHq@@2vlR&IetbB%gjU!mvQ{*^9zX9@>^_r+?a;Kb=RQrpE?kULV>JCT?lXZa1}uWD z40txd_lo^YV~?XE;vFNEpFUmrm4W6qV){3qxND7a3)`%$TGfR`-tRFv>%zTqET2K2 z$QQO{fJ5`ljbiJUa4*k^L3n)=*RFAWZg0$cavFMZ?Pu5bc4OX)>DQGfTT|)@+n|@j zw?Q)%(9kSs1A3BO)49m%^-<)v%}^eJ?2g`=e%X!M%O@+m`akfsE5I-Fzuxk7jZrNc zHe&2H>}T>>*PK|h=31Xs+qH-o4ZiAjtt%M+p?~<>jNSNZyek~YZ^73M&HQL)?IJ#J z{HXW=(P>#mZC4?(aOOwF2g@?A?W%x2w9X_SQFEHGBeTQTptHvMCWpNK;bq9jUf5?s z`_TLgz^z!qVcPGa->WibHXjaTHXnh0*L<{Q%@NwJ_Vug1k?Y3K>+`{K4p$qryUCGYI2`9_WzUV{#pw`;%@aQ0yUUG@Ir0TmWlZSJ5D39D& zAF8S#Xy%T-iLG&tG70rq+ zQ)yOyxP0pw+0u1Z_e|(kbkaNbruNyU+t+{P&@E#Z-L7J+UYhM^_3NeCh-em?cIkGz z<_KDltc%S;PCzS)S++t;URvyg9$Y%S55FpT-ZR3N{x{}$*r%A|a0-4qO}r^_ezHGf z!2S|!M)Ft|uSVwi^_^VaDBlavtv=uRR|aJhZkQZ`UdY+6e9G2s_I#RqRg*)vbFUsb zf6~3}U%>WFzHZNriPP>Y*f1pY#@{>f18g+OL(#{HOTjmGnqrM^yvg;4$C~=4g#Tu8 z@0Rf%bRvJa;|`1UT4)8@G4kz@wRAK&eC^DqOBaGk^6WWiLNpL(ZYB5Gv&YDB*>di) z(ure`9mc28vqjKFDQzR)zQBAcZXnyhaNpOuat1n3Ysj%> z&^H~E$ zryT~iE@1o+TTQfiL_S*?`XB$?(5mx}J$H`J?aYN6H|t9`Nd{@Y)_LYDHV7OI0Vl(N zVL1GO9PqBmO8%tQM;rfqm$M#su4GW+{Eg20uy3ka`(IBEz{AXKC39SBb$8V<-3OI^;|!}b7rpfEb}ZsTzf|}Ab? zTr($0bIot{@dKv~_x%>GnYpgyeziTQ z3V-q{%h&uCdU3*u`_@EwHjXaWy4M2YP#x&x36`&RhBc`9XdtKgvJ>mp+-wc5Jq-M1 zzML-3TArQ5-z?vt+L`8={>@+eXx*BB)x33Qjzi6)8=g;jm*X=#0|GoEmPIy=E^_=ie&2`0IGs8dUyVek& z=JP53jLxR!J37oVxdQP#U@C-8M?<&c&|mOK2Rf;95_$|7)CFxGfv(S7WE&)br z!=vzvy-p5|6*70D;hk}g{V|bwoRr|@Bh2L+%$d$Gb@k`5QhUF|++pIM#Ccqir+rJ0 z5-*N{o4oHYe>BhUw{w@k-#;q$C%B(3UMiZeR4pNTy&_T=s!%NlV_41}0ns7wf$X8b zCLYLm6w5+BcgOhMSKF}(+-KZc|5Gf?#B~^ZPbKGXP*)peeB#-jo_<@S^dBWQbOan6 z0j>z+HSzqZHowYGkp0~TEw@9H9oIw8#E5c{&4=-O%-oavvprDu>#739%8Eko{0Ffl z=0WpQKn-g>HLTb#+jdgJx{(@Ie@3E)mHI5z2AdjS;$hobsR6!<8sN;q*0#J8nOog9 z|4VH$zkj+muMF)~o5Md{n|XJ-uw5B?o_12<+QC@s8LN-6f`j{usn;cLxQ*)vimBHn zPj#Ex&>Tj4>BHAcAN8sUva&)ZHVjQ_9<@d#TQAC7+V?X<#wQ)leQ4U~T*<0G)BGxy zmg8G)QyiEmtmt<>kU_`+4R)7SkKBk?=Nkk^vWAF-QO`nsC6 zeffcv_?9KeJLMp``at{XWgL9BPR~Wr=|)$9d-<#Kq4UieJGGGT&^gE_<<XEvy zzD%A?qj!Bh&fHe#3m@dYTkO}u?=8xkp%3X#*+4dr^&P*tPjitC9Q~n#LEsDd@FS0W zGV7ftzLnVTLcAonl{*thrkI=%=A{iflf9@U`cJcvqJUCH2yn=UyM~zW7nBw}?Jfk)Y?r2}n zsPs?cK{d?ob?Xs30Va(D8 zUrK|=Q`u5oyMnySe5IlP)b-0ZmQj;ZiQcS6#yY$zpGv-!{3!WTuFusmAKWhj_qT!j zUEux>LxTp7QRfVWw*A;8%u^iM?5@qK9zyjMs!?b!LsnOyyXK?279q25L%#1SUi!uz z;x{{1s$2Og8r6&@geV&28`X?Si{~SUc0xYl0K{H zhdDaT{B$ul#$R*bG&b)t_)s?QRA6{ zWypmJXa*i@fyY!o*|r3k2ak0ugYV$c!|-U=5dYF6wfZbs`WF09N&V>xe9Xqr1`p=l zA6Q(E42(e6`8n1z?zM96>pA%)QFuwY*tYDp>D;tI?BfaAXu8MVZ$kcJ1Rm{Ej+Qz+ zG6&v)r(--H=lK?Rx)q*oTLQ1cpB=!`h234_#y;Hlu)lBk2DT%-B3r?aK8*9M%eN*b zjXbbrsvW$>YY7#>Q&eME1hv`8J#9yt^zykq`j=1wI#`&Mqq4DBmZ;F z`d~ueO4mk~SW8`D4yF?$~vTf)t&c#!-Lt#NA~X2nW$7D(?JG`Q2+v{{4JdMv+J>G>tWr5U$dOM9OK z=NXQT;&*J6@9R0{AOo95HcrNP*4kMMUaou%=EsN4W7^Hfrs4N@cs@x-f5JG&H*8uk zaVgivIhB0(+CRri?fR3kg{o&w-mfE8$GqGJP9H!PARDGJR>iWeW^BrNo6gvjcQ^wY zyrw^S9@)~T#5;$;Z^(?VfU6_KKEBErRU=V!xpfSiX7)hr+htFzJur39=C@xM@Y>tM zFFo@1A>Z(>0_4V^oZz3{7#2c|yp_}j1FLpv|p{Y!4C|EaIubKTTie{A~q>Du|hrNf_CdtEO)lYuAXTU-v` zEc@}=19N`qz~i)2Oe{h0xa|m@dX3v@$H1rGv~!4dcF;~w&!DY0zRWq2*n}nIi^h<( z5oB#S`Lfo77l-CjixrC}>ev79`ulaV4dd7rl091U>#dQX9%y@@?AIMPAhY2m&13vw zXxo>=+7>yp#P=FZO<-PE!(i5sko{g;RB?oVdJS824zlG2#g+VBBfx{~Q6~mz>@D@5 zz0ZkD@to>`;>ah(4lf`tQ+XTmk$dA($YdujW!r1~R{QU(FWE-U`-)+kxYQ!lWFpbRiERwr}Z@1hcDA!3ph$`%iw^q)DV+$?Q_}Y zzk<(AZqao51g0Ut$o#IezBM9L!2AlITAP%uf72PvZ*QIwZJBr=@W$xZh12LnXk!F$ zn)>DWJV%^v#D~OJDwwDHfa8In*#rKw)FFRZVcW7Tv(O{g!{gvcdBV!))wx~D`|ASF z((P{B#)e(u*sz}K8b@!9zC(|F`5w|0nPdC5QGe~J_jBV(W2t#hiYGDdqvX4_?sDTv z)WfjG)x$Wci&)x2eMAGbu*7MX>MWg?*q2#jyl5Doj7$8`#J)JMKixdFVam%fzNyX1zNCZdxl!rmUpC&5Z}CJ(CCTY47i8Z--M;IZylXI`s|d+B*;0 zhym9$hqk5PMBnphuLV6AD@@GuDAD0)4;=zetPq%}N4RLgi0>*-+0Z1sPh4SX&oT!W zd?w+7+L69+ag_%bJHUlo4>(t`7}W!QLR@^_gNwPUFLi4D(zSOgT*xL+T+^lb_%Fc) zWAEij;R4(cb3O?dK4L5pXy)VZ+BvS&nyf3?J}6}3gL-cg^UM7xdB1UDQR2^;SEzO` z6O)N&gPdbEj=9jY6P#zsC)RWEQeP;@vyxwm(QG0w!_9qE&7G;!V}2!z6hBnHp3Wlb zV1CKhPpZ>vpiWQxq;~DR`D`PH<>%Wrv>jvoB6)`!%-#aV-Xxdm+|bl-zkAZPE4h~E zto4ict{!9a9{a7O&Hq`Ql21J?n^+XFCE4Yh8COJekZ0S4svR>h1#H{Ajk(xOew*@m zDzU4vax^M&mj<+8)<0opJU0uPOC*S23QAz)=r8!VB`^jO*=?73i}3(D(Kw zWCi@uTQ3Veo7z>kzOD2O>+Rkkw?cZxef~`A?Ob^N5Ae9M2L9@;xk-hm71Ow=?m-bo9V@>!Hg}OApANJ1JmU zOLqjUXB3ZaorsQ_gp76ik}gtz>I*x^^!1WHfv1%<+6MY+ps$;-rCaGs`ZGXZMf5e6 z+`%IDCs|Dn*iG~$n=CWKT3X3H?|G6HmNiLz45bfWKKi4=7aD&D`BPjMUR+$baKyPb z57}V!8qccFU!i~9=Y(Iqx5H;$sXWbU;OW6;>FLSds`ZA=$UwnM?POvP(&t9>d~2-h%w2I(;7{=iT@7@ zJ@*UNP4pb++FZ>Xd(W}kKx{&CZ{r5#gj?bHoFrd`uP|!h$8>suCW&>9+8!NUe{~b_;L6NKiFO~ zc5HljNd5Ip@GVt6SL+=Alvef~X)WWk%(3|5xz$8vIaQYTNowTW#2X9$VkEx0Lo=d5f*zTg#lTJ!9X}ma+9|D>~m}>t7GA z&a%2){W=a>(OQP^Z~Rx_QSMjkgksyiU4&e?4ZP2Ha5Bq3rH4N+9$K~khhT?(n&3sp z=P_{4{IqzWt#o*p^l9)wTk#Y;#K41Uu3S8HHiHMoorDMQ(mJbT3O>(d#jjmFV9zb> z8RxV8KR%OiF{p2v$noGJolU2B`6r=?cVA7=L^_+y+ukRkiARKsbTl#UWSTHO4?MKv z|LW|FevThA#q3KK6D`eQOx%yc@9|B3$?mS(^72Hn=c|6SY>L}&JNAu+@r_@jTA*9a=K9l_PpxYjS}t{KKy2IYL1^5y?LwaK_wwDf^J+cUSMlAI zgQ<4jPYP|B=(Y2Lj-6*Y|4e>uwY?s_+Qf4c`O{JKP(~Ft(Rsv|Zh+SKtz7CDI=7g0 zHu*rvZ+KAkcE0e!z2wn?o3fyFY!|tPWmTMO!e<-$WKWg$nfG@sfbX=Ye#Z^e5?_Qq zvaDL=K90+zzSI}&-U>b+pJp9h%ih?l`CZF(<)iq6>~m9Ub-%csJ&}k<>Flz2Kv*0&!{}4df#y3F80_%&(9okgLuMv=*l9y`wR!jw+wuSGXYYJUYbF1t z`Qo_%a7Tet_)%WVW#u2$Z6ueg7~0YAeAcpe5|5T&;jSSWyX5?Vp>FEvBKUJ!o3)%8 z(ib%@c*lotfgIoG#*MVD*@~>m#J3Qw!SmrbzrRS%kmybQS5Vt|(pqt~9V3jD!k56Q zHPf=|KB`l!N$ahN{ePF;-_BTfTiLbtn!I96fw0zI+A6RwSX+@zr(CC2#$C^R2kFnE z1|UYevXetgs5=|Yc#4RD3>A^?^MG@r`PDwLa#KIqANG!zJKwxw8fUuGbX|I45;Yy-z&3yct$57I{fp?`z__ zYOkL)pLag>G@p6+LaA#lvQvIB;$)u8^YEmd?{4SovM)F~Dmng9X8DeF;kVvs`I~FN zvG$C;s><5G`9#f{k*t?B!E@E{m|_}=Z78mxI7AC{lm#zj!wXv!FRrx6PoQ=moDsVi zN?iPY_CmnbPt+|6#|D49Z2$XEhV_%}tgEVx9NIc$v3D)HMzxVI4#=v_IE%VH=5~3S zxj#p94;^cb!qgmU?rWX7uMXNZhtRd+*~-Jx{7Hw1ZmO93BF0q@k10;+-up`j-qXRI zhkn?Beo(xi+{2GwWgi~t&Qpy!ip)`def)08df$GnHMlZQb3guNcodluXAJXbyM-~W z3|jlORuq}V7{ycY#+t8xRHyOY%v|Z&8^MucAcpqg7v(~$eytszGCn0^R$f9Sax4Cu z^$(eKMxGJvd*|d-uwR4^ch`csle77QZ(k{~6#LH%3zzPBb<-{k9+b|n;=H=&phNdO zt+&Z{QY_OiI`FR^X9_G&_2A~%i_XHLjW+Xpe@;huQ@x0~LnvxwtpU5q|L zt?;ha2)@GEEx>)hbYX;h-uRm4*TlMzUy2n~7?_q3_dvb?Q(t`be!kaI2 zn`H0F*7I4&7uFmK%slvwERJz@qHHxotH5jaXBdY3RjpIi<)Is2LH_4K$AzN9gbda` z3p=8F@quNb#WDD#e3xlH);~HQhRn^QK4pux)+aM=LTyZShPeHk4(r|L)Nq zsac`+UD?j{Z2Nk^2Y&25GnKC|TuG-Wx2qj`>ohr^(7_$}uFRMAW$M5N8MNl(x^ngh zkHecW2-H*6o545`i*(-ZRH5(mE z$b~X%eS^^P_L__GeK+mF4mt=8H48pu0J5NC31fh^RdZ#Z!OD3-j7xpByv90QPG<9q z#1B_9&ufSoUWIONV4t%`oS5M%=t6U^H7NOr_I`gk;c3jd(e?CC+;X4dmL1To^mt@W zu={c5vz_lP^rP!}KF*Lpj_RJybTRpbjK`K~6GBn0+x5IT;l+$&B<~4MjiL26bUpB^ zJ>?^4Y`KH8Ye!|8n5pUe72rjmT+x2y&V!i?Mjux_mz}%Eo-szYWrl|tm{oh(FI>a@ zI5<~qIx?=9+JNHjSYfd_8%(x^WCmw;42{rdkU5tuk4lzv??&dE_;vSs=KL1MB)!m& zXRF6s`^$-Y&(#{>jEh6_*aPdijhuJMJF?N#RurGawW)5~i%m7;`)2QydactvewN`w z(Q>qxmYv!MXgT@-II06D4};hBz_D?H*>3S=&=tCS zgL0B)WQFPnV%wpgJ8*XZcPDTk z2JSB4J_6it0QZ}~{T6T^1?~v&Mh(1!(IID^pZx~;oo}X$(Z&1O;Jw~!hka}OpAGL{ zLw=tM@6zS5JD5{=s|DQaoQ_DT=nuRhca(diTpXMKvchk!LI#yWv-7#%ha4(ER!9yF zzjn=mse6$_t6q8gg`5^6hl#Op3CjhWV@R%l%^CJQ*S;g@tWK=l-Di;N6tR6NC& z0ovy#Cw%+v6d6E!ZHu6rsa_e7SvxwDTtw=_+L1qp9U0Jo49Hq=(Qyt39%k?J;L3ok z@Ok7KDIZKSpk6Yd8M=H;yv|zKS6G(;-nqa#kM-ZegCEx|znp!KZUEPes~nj;7nwW{ znfxuk^f(_^Ghzap1El-If>)`<+|6GZv9RZ@;*x4&pdPX z`iPKn>gvZ@vrCBElvtN=R-nJDm^_Or`bPJ5Uvu9Fb=HO0ht65vH<24y?3_7MAiv>7 zTVMY<t}Ty_}R=wW|xoO)zEhh{IwFFxPdypJg(O>XBTm8 z6!%6mAKHt&rzdx-e9F=Z*6ap+7k!W6>ozp5c&MGHa@@le-UlDcq#y<0%t$7=-Jxy z!#<1pe?s=C&$oJQo|glwCit}p`?nr>x{}|iJ`b|EYX>@wT2$ln zNC!&C)!_52$LGNgp6$-(6T6vDr`80S(O6LPng20+ES(*^^=HNoZcMR**I8@N4iyYe zwu9e)?f(~cFtPLe&@Av?pRg;A7F?eFKZf@R@>#K#HRS3kULZf@HooU6o;e6RYY6gs z7;=3$x|=wNa!3_F_~*|e-v=R&hrl<(p#S0UTORgvA^i8pL`=br$80sVZ;AS&2yH2k zSh4Qk?EAQ`z8|(V?<>xt+~H9NKCUYvHj_{6JOi6<`1F6d?vHb}d}lrMEZeyTJ;phW z=$?!&)r1hl7&_w6&xLC=1qQR3I4`O`#HMr3$KhV#@H0&8~vM) z>+ltN?aXG{b@%c_uC6PXG5L(z)m*voMi__ANV8*wHr(F(L9!lDSi?daEnn?jgMGETk#TL%Tsz})`_W#T#l-Oy zOA8P)Db?N-_#Rr*sUiNLm?QmmYab~SAK`cRMeo(Q&;6e3tn)UyXDT%CPQx^dGZKe| zHt-(nC_^{$yM*6bn>oz8nbWYL@-Gb4BWKNb_9Q1h(_J)_vwS~K&iGKy0b|b=o%OY) z7+)y=;!qoH)dRnIj zbMH8(PxqM(DbLW~!i#xE{khLr<9pj_&=?1>#)_}BfwL2>1y-nm@iml>H@LFEi{uz} z4c%FM-_2f}nlsLeY$lG?*kBC@XI8f#n=(LKtYLIjkD@Ks`K*ZTLz(Z^RN|KS1I!_F za0S=)S;RyGToVm3ANxx9eK&Ivq+P3OV8~+anP;ywzc<^z6<3z*VttIYo%2HZBy*bk z)_~;aGwk0<&kwer=iSDF9}EfM2TqwwO^NxclBW$oAe-t63We?RX0*4i)rdlqn* z=N`4Ms~;m9fU9Kad7)z9;{LjV9J|loVoybof4&dzzCSvPy)2-+*uz#RAAi;2JfoGw ziPf%;_afbQ-_N?lQum&oldQbc^Gp@(qv<;F$1{KJ zeTK1G@Ti~p-O2n){%xAZnq>a4&^+eY;kk7s{8o<0Sc?McBaQc9A2XLwlXm4Ff`7q5{0#1I%xfdtT z1f2jq=7+xdB6Bo^IYK7wQ2g=e7me&L9?5s&ceK-3vfXdmDG?ojk5c;CL_gqy{dLGc zcKVRqG0$`D6;B_f^iklP3s$c_er4MWNqqzZefLowIJpn5{lwG9#Ttim4m)v$bp_w$ z{9fQn>Z9ru+v{BUz8PF? z23IxZ{!mq7J{n8-Eu2+)`Z&HT(FcC-x&rjfN#n3=Tp3%%2SsedM37U(L#-YKNkHG@BXFRI6m2_S1n@~3tD5&Y>n=t}Eu z2PBsiSC*YOnAo8!|Gc(>YYPajJm7Ne0O?K3^Ut;C{#@{N5C=FNd>?$~^zh|^BQO5e zVW;l%ThCfrcVJD`#D5h(|AVtPqhqU$e8%28$;C$u8(4d`2rs|&^eg+w>}>~r&h~Sz zS=)n4y@Eir62y642BOiZ${_OaKZNK^Y zfTczDIPg514j$R!E=(0ROi^mIT$oz=n9s3k@O2qyv*f4XOY!o9zfZ>5Z=Oz%GtS~$ zDmZJ?!FfIVoVjp1xU2WTnYtfnZVEpLe_zXBKCz?4Pp&*ZzB4ICv992Yc8o&0HHe() zJqLD|jpIlAf*l;Y=VH!D2S0e$o`(OKGKS@UOyK&r+;iuDubKbEew&6KIdgBjnSahU zWUqf)zSwZB@W3S;e!+p^h}+*Lhu%I;^!LUm=Vr+RhIf zix2(rpmUOR$YsdDeDZzIsv<{cmoJ4T&a&g?Q}OAGfUOkWFddxEM0U->$G)C*y&G89 zo5Ol=8SB9ntOq|(y!6N-_G>=k@{gSh_ID}ta-IWoul(B-F!WOIk$=DQ(96~|@~;v3 zSE6_WbgXsO&K+)_whWXG7Hz(MzRjzWZ${TTvai4+``&cs)uqpcY5Kd2{(|&3X_|8; zL$%$H`q)Vy$5Ps__q6|ZO8e>Ti?2za%XfjEOX)|sTlUxj;cNfR85?}7n38K>sP9eA z_(Y#N55j9tEce(Go!oQB_euM|WoF;~SAT;3l`r2k?Y&+e((ic6@20B~_g#4Vntva% zLg&I3z}xxczaXlm^!I7y$M_%p_vOb#&-|s6ALjgsH2iS8 z=oLH1tySSo=+R`Ess@X8Stdr1MPRVUErOo_B^N{DDsk zkF9SL_L=Y^dtCCngg9mqYuNVybAWyQE32%<%BiY6?pr*Ty5f`UcSo+gasCJ7JS3l= zcW9_^RE8LKusDqWh zR+|~hQyk2>py(5QAL-Of*WgpjZx0ghjiGNwEXY4@w?&>hzwf6lTOZo~w2K$l-)eDu zoI5=@>h-y>y_LHvJ?_evg{+6A*7qnkSv5P7$u7QXz*mGgbd>hVfjg>NhA#50BFJpz z)A$*~2*%*XX{s56*{96GMI2o!e9r^^UVLM#C=XPz=~dvpg*g{4GQg=9A2qZU#Xe9x zq8AtZp5@}glcU+oZ}^@rE~fN>izWvbUVL0*Y=wk{=F&wp5QOX_VvPlb|3JMcHs8` zpJ?CC;R+<#UoNbP{OV-AZ0Hbpe}7)GY>~YqINg6P{as`H=L>snGqW!?bmr1sTSgjO zLo*q_dB^61KpH-v|DUDwpU!`G_fNRSoQII8A5h+41~_QJ$2?l$3$+xwHQaVh+f2tc zm7ELkr+93n5_=4qRDQat2NqwzKdS4^V9r(RvZv^H-HV({*K!+j1^U=UZe{!s^=;4& zd&bwAGk$49_1Qa-nd~!2o~J8wv|ow#b<85~j{UiQX4eoZhpi18FtUWcX{U{TTj;Zz z8Z@sR6@gbGhk{eKf0#WfLjO_Vl+7*pGx)RV(Y9IBUGvVno%@&R(1rbu#uo)wvA|MO z!}6#Pc>zv@$B{if&njP9G%dUBubjDA@1Y6NgS%gr)>ypzW!1BfS`=Jp&$av62epFz zuI(R#_y>f6jfcGrwB(l+mjT_vZr>}`1Z4|bMO#ns>ud!1ILHPSc~ydW*1R&Sj=bB<!pZGOXnz&bw zE>rDI>l|z`aCibbP`{h72kPM;vwtu5b#Em1L@$boy7fznr5U`Jrop>&&5L*Mv)l1e ztp!(vqJyYwq+QLK@>=~bpK7l?yB`bv(}O?wD)7I&pnP)Pa%*up`Z(_*YjHlG%4?SX z)?UJT?h?k_LG44CmDANpo!Z_73nmxwj>WS@yt5s9Up`WqmEE<8ni{=R$S3^M+=A|% z&ZqL9vQON-Ms-orrzN!6c71}jHHJKBTKP`$uVnwLz9U)z&GhPR<&I~BFM*a-b0syWlZ`02s_|GqbEA9EDIW=~G=w}kVT?F0Tkbqz7tlH!1%@?o>XlEnvc&2cgBiGF7ADPOsQ zJk26v266T&6}+RZK=X^>xCNYTb?ER~t{o2aYre%fSE`8IcF7mjsHnE-@T|l*G=?~J zfqFR-qTNFyZQ9*NJE}3z zGiUM4DCl;*mDP0(*5~I5TYncu$9y4q!UOpAEl1{0qM45#M#~2+7?KhH@YOI*P2_+}HYvu?G|OkL(7; zVGO+vk?lfmLLO}lk)6++LlZZB@pzpNnaiHU2g|^(@LC3bt0WhAwuI+OM?&}hVBN1f$a~XhLphTpz{`yb z@+Sk={lz1BW(>RtY+jpct!Mli`%j&*?`FPbgShs`Le|&4_OERG82lYYZb@%rkDL4* z;XISSEdEq~BYkJ`c9>`B-zc&&2G5p3cdwGes~qwk@(#-Rt{fmeKO8*G{S5jao?6NM zCiKyGYH(g6K1rSD!KR;DiwhWAD`Q`Y9V|R+Zy4=or2UZyDD(}`Alf#C1@-M8q4$Lb=?YWY3$m=w8^2h z252qQp*7(<6IxTeGKcxj<^6uN+hpZ-bq=*=_ggr2awfEv39V&9Yii3K<0fim{*T%v z@1xi=hPmKrJ-GLdRqwPL`D)LB;J%i3|6h$o`&pfCEZWbaX)v{6skCtlTKkei8#};r z>X;=rPKN{4kDuBWDtmT4d@bA0ectUq z6MIrJ<8GeGgGQD^1EZ-mQ>{lkI&eNVfbgSr}L+w=YFd^a?NeeLysCHMYuNJ8ejaey7jeq(P3?ESR&j-*~Oki4IE zv=;o`ZFT=0cD(GPwTxGKKz5pH$5hKJ8%=tSm*p$3}|De&cs} z0rsk;`af(`+Q?DtU>W!BrVa(1Md3lo$n&NguM40{is*B79_Q&{pG&8d)4y~|0dyJR zopmSd^J62+^saqotC9bK3==0_LB53g?X|VFrt`DUhu)-4=h>f-w@%(+fi)3-1z2gr z`);I`HnB@&kBNTmxluhK{V*okKeGJ_$_DiU5uY79H*A+LjW9Jq)UP4`>IV(XrZ4tCQ9skIk2gW>(eK!^7 zYNa3D)7h-M*Rf^-?i&W*^^oFVI@4D+U<3Zs%7Mq9Z)MzbRTmFj<3$I2207m<28`38 z?F{5<3qDyJ_4d1U{;_rE{a0hNv@Nl^U0&#b7goUwT0g;#HMY5EU%AY`BZnf1UVu}u zTL+TkLoSZU7u~};X`8N$@}wRg?&kiiQ!Z9I9ua++oT?N3 zLb3kee=0sd*scB3&x61I(0CgDV%+I?R&5IBpG6*e<(cHzjB^rlY`-JF6rW#6j=tA^ zb8R=-ajxyFm{e&t@}Sz9^1BC-JHw!-z;QyMfvuA9E-$?f+=aw8E2;*Oug3f65Q|(W z>py)VA9?4oxb`))>qk3&`F`Cdo)^49WQm0=F*3x7MQSXPm)>h$cr>OVo-s)_H#1kV zP4&;UPwlnKM0_kV+P1r+Mqc_kpYM2`^1c;U^keS?uw9DbWAu}WKiYE5)+0?k8&Do0 z`JWo`{(@tlO-1)K3M@#mXG=BMhy<*-#+EugQODr>*iU<>JICHQl3 z`Y8D0UZ{(EiV@4t6VDmBQ+{cv=ER{@8SMF!j~uf2U10JuFAWVWf(G*7nL>P{X~?MH zUxef%Nk(W-8S-q=^W#md@&WcFls)8w&Y;I)3k&h7-VO9m+JE5})Wj4p7WbT$jmT6N{wnl_e7Y5kr-boH|4b&Y z#=UQy2m2?68u)D3@I_CJot-}-`qNx#p4u4Cc4ATP`&tKz$p-|_#2eXX+A?bd z@nP%%!*3U7dhTj;atrcFx*$~tXn$(#)P#=X_dwuOJ{A5zm3SG95erx&3SIyz6($-?=@Py+*LB6bH=DWAm5L%pR{Zl**aR+mUP`1IQIEzpbP(Mkuul1HvhFPc#-%g%wY zbCBk~pU81*>;vDq*wY^mO6V8idmZrzvkpTJqrtI>U)bxWD?B(3nsY+2>7l<3(5+2( z_82y#8w0R^BL#M?-x`?VALW4-d-A4a^SU(R(uYl-33+SigY|gHum;y`hdOUhwu$;+y{5591IdMLw$v4XZ9_UJIs21xK`qY|gDlR90OUVRhO|?;L zs{i~`JC9$!haVZhnrh?e)>O}ee!O!bd8#$liO{|5L&*}yrfhWgYpg;3MUfxAUb;qp z^ZP?`6l~tM=kd~XxEsQF99oPGO4wyyT9mx8dEd#0BNprC(ke#l&gVk2-kMB*NAdqe ze?it=g|kiAG8xEL`O1>9szyFQZ#q4CIu$wTi(2eGHOY)Q^5u^yig z8r<)LI{Dr4E$nH9Z)D2{Ti!t*^s!QV|Dn!*K6(G482b;IeMzXD z?ddt6di4vo%0`<<4Ot0(`GR2|)J+?LPYT^e%aEy$S*GS3U(euP`=^f>2`z3I6KXiy z1KVTR0%gddyRrY}!y!L!9Bf@#;k@9z8mbh`HkT33E+FnxfR*dF9DeBD}@ z6)GdXQ-w{lG=q2%zgzbJ<7-+=_0_gi!fyw$Wt;7FnvK|8kxh&RJrP@GWW3=o#p72# zOPpes>|T3~DY6Op@kz92OxrH@XtTU)ry1c8{1va{{%iE1=MM6@i_d1;W)hrn;Dk;M zoRtoo*QUaW-iZRA;FSLH10%Y}z*P=RG1@hIAvr#LDbJfe@jVK${SrjpE{FeF8VF;AV3QZmvBAZoa_W%f?IiLH6D~ks-z1 z8*+)2(1%MCkwL}XgP@B@&hh8;J<2m(gZid{&OqNZkTlLMjPv@F$C;sVUhf&_mQ#;& z@F~U_8CJ}?vn{J+_Xikre346Y6Y!-nY@+X==%%mPjNxNiOIQg_~XZIAG#dbV&xM{ zsCeIu1wMZ!`T{!8k&zK-Hwv%Yy2+-aHtz4h&eoc64E~SOhw`bFb1{-}w>*vhb?|BM z%X8nR7FID_+2P{bwmph_S`+u+aT{5jC+6Ah*Szn@ZpGZxPAjlph5Xh&{{djqcReSV+JOh2d8P+gH0KWki)c zq5~L26X?^~8qe9Zk$@!!ShBC&LuZU?R{(8y@u3KK&U zJP8`K;rWgSo*5Tfp-y0t{wnh2m@`3i&aQV(l{e5ryz>d*adG1It-f@&tz^FP2sFa)C9a12{XG=P0_?m4Br^Ybf|I z@h#bciYs{Si|>hM9oxw}e!*bk%;2Xy!X#?M)2hBmA&z3#O_!m87g}>^-zwmAL zAOznX@KqEYZl7I$d8%U$m=~wGHqS0Gg zdSKt}jy#}hOnTSIv-;+ZYPt9r1HR}(8}V!bEG=Rov_ zjrR$59BRX7LXFqGYjQBuUqABqR?}b6YI~iiXt8f`fpU|`p?LXRts(iEp}FRflZ$~d z$?gTOUVCzcO`q%JNB#mBTs@?BTsn01&t3g({iD32baX2^742*R_eJ2igZv`)^*t>f zgAN{r!)f5K1sqBr92O3pwHJfKN#L;7;LyOUJR;%nN5WmLjl0A2FBztFF6o5B;4TR6 zp7<2FJNGoW^LudjJrC|&yiEhwE%5I&@G=tqonq4@up63eEPy8aU-xbubeeQ6i)(g# zDiH2D_q~(ufBf~6-|6O>vAG=k>{y!jj`EBJOrrlaOseA9jM zP35aD$Z}-t^Z2I~$fP;8?oE>SHxy5i-7EUq_+j>y;>R(=llgHuG?I=VU!iZwKGD&| zK7U$XjFmz|bvy%Y*m##+k<5$zL{D`oyjYsdix-@Rp8Dd)9{}T-@?*zOPR);xKv%K{ z+re4Kh0_jRgKixA^YcPu7A`P0;$h^~8st@(FVo1Y@2YRdRuFA^%2KrBX*8<*@D~d4z6j9&=*Vn&q53s(DJlY0LEjhmP8eJj&{o zM;#t{)CT>Sb^QmtbVNQEI_)2UJ^BDPDzd!8l}AOkJnBFmS-z~=)$nIuvYZ&7bXSs0 z@O?cY6Fwv_E%ko)*G`rR@20u-R+?*vx#pD}u{7;R)4cclG}nHU=GuWY*IrF??d3Gr zcBQ%Y?`f`WOLOfRu4#TF+3vK=A7iuv%<<+bu zOrs9Ztf~FXT3n1BJeT|h{9@+}!r=WuD^Od{^ZY#%S55!t?EOo|Q>VNfTi%Bc%zhb- z1@HDZYv$6K`K*1w&N%Erat< z`QE8uI8L4F+(ZsQV?qAJQ?}*KgXUnaXAYFtYw=I`KUSJ;*5f+AsCZ;<(t2EUB6~Vd z@OAsqDJA)rn058(=X^k1&g#Ck{|9xO2NDaC-Ct&P-$Ty7r5HbQN%<_leHMJp3UH7&^n=*SXD-?4_{C*NW~Epe{l1Gblr|6RZLctj0ojC8i&rRCu(6x!;=P{*I!n+-J@Krj|kzf6{v9 zx}=j&igvKG|#N3Dg^KJnL$^rd{2 zm-yZKF!-$wgi4{C3g|}bHl@@U8oZzMxj{u zIpmea{+NAb z9UOG=$9s?WULO#Oy~VY6fL&`NlRp=#XI|puyJ@{4R+t^i+)d2zKE^lBGQ1=n>K!Ne zx)pqB{a0&AbKyhj5&bDfYT`kg?08TW^zk&fYvp(AZ{X!a@?kP-TW%m86$jqel|yak zkF{QJb?e-i*yx1KVAp$Qg>QWl-?o-Hy`FcVYvqu|Mq@+pj_rSE*2))N1`oz>0C$II zi)Z6;K6ml?y4C#?;WrQn$&ZYUBM06?7eA*?CLLW&^wLFt zj6dDjZ}W^j#@I&^bI{o1jJ=hy%YWO5Z5PuxN|}?#5@T0R>IB9eE#+D9GGmTB2J9La z&$l+6yml}(-T0gA@h>*xw`uqa^snYC#(bHzAm+zi3;NP0fH|@SxQmiu_6z1B56oLU zFu!mz%mdTG{DKYhG{H=bU3nz?$`5voWGi&>e{(;mD$qt|1F$RKKoiph)HBw2_L)#tOwDO-No@AmavU)R03 zywHP7@v@7*v5e*8L5X_#e>je9V+CzJQ=PoN+h1+4zI)8`{xv4wF_Hfe1-HuG@{^aO zwb?Ig-B{;OfxGS4s~UeEHqsdKJcuV6`zS;95p=f^`$+Oh^1+OIm)*ZRKGp8TdEa|4 z!nG*ZglDaDdGD#M=b+J4y83N)g07@TL{YYVXrHIIm0H1%2Mz130glXKPe5Qdx_Xth zILiEL4Nup5da}?T*;`}GmFzm|O`LoMznSk|*o_Qw&knTjZA2HzUc6+mHG3<2yJwO! z*F^h4>LOy$antR-#n}0?6(cJmCjTwb7-Lk-y_0vyectA$ZcF1+41{<{qv9bK`8~0a zS>Okmrx-kW#M}J5t2P4Y9jylxv7T@Z{biBssCL@Xfm@)-j!iylGIPwD#7(@@&hK_? z16_|5p@(=^XGz3MZ8@x1Wa~uq(k$N;oA(v_$PWMV33P*GGxlgJ^1p2s@dUMjPHfj) zJMdBG9_mCEw&8QDW=Aze`OubXd?Kuw2seVS4fxFZ7;U)gV+5~2yjWp+q`W*d#ZL)W$C$JJz2gE=9>8CZRHSQXB{=4{_vZ8rqcff z9{Mlw(7*DRw?Yfv{edIkRKCOrge%(RLyCB6^weVHl z_a5cFca*DzO{83z^ZD&#&0YD!(P7XBHbrze`%5_e{J`m_8F}5?&%5}<{61Ab_wrtZ zKBDx|A6~2{cTBZimCl-$^nqEUK~BYo*w3jh-sFS;gW`k#x(XYgcZ|Flg5DGzAY-PH z&zj25Ezn~t^J(U?+LqHg$57{6x^o)A)`|{Ge&$Tt`BOdP)dLS@C1hW%x-R|8^J9mo-y0{dq%D&_Ok2`py}8Cb zyOp+Uc-O>I_`QnX6~H%bfE9WT7z^P|@ns1-X<=7ZVjFywXX4lj%EOmE{MzPs>gHj` z7+*j%0?lk!o%^aUhvpLJh>@2UNAAn+pYhZ86E<*?EU;-Jj{b-uA7!76$Otqm|282f z{o$O)vC*Nq7Gz{AvRbl4IxPnrB`u3~8J>V_r`tPm%n)__v8O7Y1 zHj&M0^JUu1RczmB^JUu1;dkD-cAGCdZN5yKN!Oh=b7(W`?CfwE>jp9AHw*bMeK(qU z+QU5Q`c7c&z0SQIT$gSauZlW7BzVCeK4VEf3iBez!oY;z{M#^Weu`5dfx&uk<(jfM?Q%wHV^yZ>>@cfSyN)j7Y?ulbPL5dIYx$>e%NjhuMon z&)!Ac#G)OGc7FKz_v(5o2W}-^LoHoVD87VTUG7zIPwS3x;xft&lzpF)a zb{qbr8S~^&FFx3-;6FLLZv-%Bf};j%sPeG;cA)FcnL*6^81hjiZ{7Rib;Fx{wj;Op zAiq>+)`30H2@YjrNJdTLop=R(&u4Bbz%Tq`bfHuC*aE-m?81%kuxrOC4&j9GCBjU&Q6+2JehdZ!LQXp*rjp}ZNQ|lcVJIw zoEL+)9;=@@b5;2GF|x%AOAuJBK44MoV;<*5l~`X6oyYl!l3907$36sR!S03IwGGVr z#Sqcd=fa_kgiMPKg0_YPyMNJ#|Gkhgdi_V`o4flnJ_#M$c9HGJsqMd^ZTXL9`{DUb zc3%6b_GjFSPVnxx43BWOz~@8wsM{jUy+yp$su~lT3(Xe^-D!l@tn7k^*X@P1t} zc4kjy&Q>2hTR`mA#G{bg$j{%D@xKA*Axf4QKF>&SWe zl|IEy%GpmxaxZZEQ&DJ0x>+`aVzi2-_3qbGonfyT(C&(f$Lq?o?U-V84zd;5C>{CW zPwn+8Vk7HHE=QR3G6&i+H|*(<`wciG+>pk3KHJMaghqfI{llK; z;_zi0d9L$5THtSZu2FItnYGWz@Lj&pW1KxUuRD8E%Q*N3`Bcq5ED_#|@(%m0*J%%k z2z(i>FDqL25m{><-x=J;cGiw0!?&mzJ|^TCN(#K7`O4G#ACciSmx2W#_%4 z%u^J7l$Ms6U)5js(lWBp&@z0%`p-~m`_Y==&@=B2aEM?-(@h42lsSv*ikpOHn()omx! z3;9-tUcQiyUU)})sQE=Nj9a?Er4{cOQfXuyG|~y}jwvR`7Mg7@6#Z}>HZ&aY5ogV` z_ncXcj9bV!itd58s7q1&tOGt0%s#E74!wkU3A&zoFvTcz_Rs=qOcXO~fY(&t*Myz_ z82l$aq4#7TzcnCn7Ss{GYo0&6%BgE~@t)0`^tX)MAL60Y+Z{T^lr{g{c;Tt!eG_uf z=7EHa{V)HS)2rbJQ@@m`zae(STFgY9wb3p9TLB-&hS|8u7cc9+b$QzRl9%@UIDYwX z^ggtp{o=&O5$U_(7PaZD!#KSC7sL!==&%y-8Xu;(fxqi3(AJyaLuVnK?)`78hDtD| zv@xDG{)0BW@JKd12Y%$wxcI&1a_PIo__sSX@s~e_ee0~P*UQ!)T4dH83#2Eo=T;#9 zO02WY*&*1e``j9>P3TA?8}rW!m7^PFhsz%@&vR{K|M%*Q?%aNUr~o_^1eb4vk3JtI zmtZ4*1=fm(OncVnOxrFzgMp{sIm=|Z;K}!&3=ev+m_B_eb*=`U$bepW3@rQ>T;B&C ze2sOsk861=l_#m&2WB#pKK!-ENOP?^CwfdUBiVN*=w!*eCrocGmaP&Cw&s;@ywx zOy6l6FAp39Q7x)37qRHxHdmso8#>{TC1@;bCjmd z#)dnS;WT6C+I8vL4BBnpL7Ohkr?$!1_chd{kxN|rQo1&`+hd<6I32mJ5@Ig^1WC0H;&)u>Zjb4 z`r^#(*8WF`As!+ItG!P$iSwD5EHTBgTDPf5{O-UWw}=P&klm8&roU2KH!J3P6SjW? zx#C)%&b;t@2eV4xx2m&4FIkzjt=Mr9=F$3>ekbjH()pBPuXgUHmC~+7oH1R0vcu9| zFSMpeFYmLk*$abHQuo)e&&x=xmqxHfv>)qC?E}SkA9kG9wAo))XG1<4DYK?1_MeZB zL_K_6J+?tFjMa{vR2H0K4Gtv3aNZe|*6~ z!ESfG(>Ic}&I~(Fo_Dz&zt3Y|tGUck1Y6VIi=pa(yC;M3k4v5ND`v_@8PdBx8ePKN z+$Nh|{;=vQv}b2#*gu_^_Z)02?0xJsEo2`SxY+ zVFTk6l@U*_B5qxF1?!>u9BVDM^y%|2-U$s}wA_jPQ=6fh_m8NP*=g3F{Jpu78(4qx zWm@|~;C(LnlC9YA+LLq(efBVC%|ZM_=H-ya&v)&wo6o0c!}!jn*xJ+OpJKb;Kwc8{ zI(dvw?bOqTX^XLF{tHX2*<*67{g1NGXgi-<*vl_*#&+fXaVx7fi`vB9*b&;pLA8mS z*h@7=yTX}1i*ni9bB?D^Y*gw>&3bqYSjKXG;7yE?y?~v)tb+HCqFv!ImvQw2mb^^s zSjCsD**T0m2Uuq46IeO|In6mARX&j83*KMo%c;!)mKB zdm*rhr?7+f*I*0RVxwj%Mu?q!*Ch7Vg#L<=!Lp+p#vC_$%+}N2M*8xOvz@j#(6(up zF={Va*?H(tyD!hR9`XyeU~g@~Mt>O`E#TeF>^+suv!-T9IoR0l@9~^!0Mt(V_0&g~ za)xaF6=vU;m-(LKyF%mY4uhBVilM=qGkqD&WxoDhh1l0?t$wv@ef^p*VJ$Yyr`e14 zqcyAp^{ZWP4d}v7Hu)P`&yPZrF>?4HT>eg-=16nzj<5ZC_K9)&^Yg5DF+!fXfv4*7 z&}wkC96Sk*$C#hTnV&LWZdWt#eASl=JZE*4az6W|zJ9g81dj2(0kvx!c*4MQ3)hQ$ z0}VWqRcF(O;)t=p!0_!3JZ@io!6lnHLT4Ul!#=4w2UBR4UTbjCB?Qgc5d8uMfg@2Pv23|xv-rsAPqdnlJeZv*n zYtY8ia(iBitn99F;NW5_ySa$@iI1{ocUivLMLu7%_G8{n-fUYStNH4W?qW`|YJ05y zy>p_qLVHg7hbK5V5S%W2W1QzaRgVy*zU$4Z zGw;W3vp@Mg{mK6*W?ze1a8t{^7FEz{E&TnhY1YxT#W|sS=yL^q=UHd<;$Cp6&to;8 zyid2?9NKWdi(eE6^8OZV-fO}~^C0WWo}T`!i`jcx|I-i2WyMx7`=XVhdnz2;pyrBD zF+OW7?l<|Wk`=MW_v;k9DYt#YM%OpI2^yY@Y>^y_!N;Z!6M6SvBh;{LXCM8$!0R5?N|(c9)zDrgH1CJzSpy-?`32%R+BZKtoYmm$ z&z&MS=R0y!xRBftOwR+GYJF4TQmvx+T>ae*jc!3Mk7j>v=?2N@9U0b?(X?Y=LYAKn zrs(D~hw1*)!9;(8X}SZG;1PV%dG7bV@Ty#QS5LK~hou9xhrQ9qAF&<+O<*&!cNsP# zbkK^dZY#Eq8k=zdHY0SAul@3Jazi_^Y`V~zndbJJ(1mL=YM(;e77f^O^wi(LVXs*^ zd1*1j(Jl#l!y&7b7;MdtG?+UOS^VZQe_-}B7(;8SYD zU2C8%;J=VLP0+V5d~g%FtjmzQ*m<%8Bj{?aRmPBkEoG9O8C?~{c238N?aLpE(0?Uy z*ecr8TKx^+LhncJfc}eu+gjiQ zjQ2E04ZzUkz})KKW~6X{?sw-&cG*Ja$*jjPPjP3S+!(w&Plebi>&eAf(O7NfNwt$f z`gl{hWXzA|$;=Trm0mS_mI7CY8Andn-toZ6T(vG3Gg)I}Od*X)u)hTCnm@tc4*X5v zy&pcnPR`wECugV!{E5!o`As*5$)_2^dfLnxlRO650vf~5&u|P|FJf=>GaQ5R!Ovn0 zTd_6HbPU;NFour&^kZ0i24l#hR&xdWzo#7o`0s)?L|@X0`jqa`r)(*GwvJ{^4}6LL z4zbo!&v#u%#+qwwXOknqe2yZ=KUT;ZjOLj+?O;w1L6e%(82M#63vV{Op*h_R9kf9Q z@cdAn{g9wb>3Uyy=f+dhrkPjx&r6%`yiWJvB*q$vOP{Tyks-(u+3%uHvv&des<$z> zZ7KBmH-ZZuIYAsG&av^tmXl85pYWmhN0QyH= zA9-5=Pc9N~1-f3w4$-rf^fiX>Ez{vc;EZfiUTz?qtNK{MXzU( zY5$i_@IHoGY{`la=0m=du4}xyZgTz5fA#1;t$W%2N>2C{)2DowobVp=JuCc@b8VON zxx;+=!%fb8jsItS*XK??z4nppqSikq?4p17*h5-R?1VqO`6(twr~N|*lQ)755M}Oc zy>G|jgg4~cGb7Ns=8Qn-u$;X+^jmTeTHU|Vcl>$x-g4dJcd4P_09$KVvqxC|W_+vt z$gk#kCsv@s{k2icdN%(8^1IBQ^T~aB`xpQGYnm}W?iu4=@Yx%WCC2JqFH}CY@Kfl( zi#*t0Z5@9;gR^PYGZw)s8Bv5B*u)%~{A>EWo%Lite4fPf$jPgzM>6mQ>^QA$GY7)u zX<)4O!1$lQXnFp*@QPQx`wz07h(DAcIzc{GG*R!nu7G`SeOfyte@E+^^AxML#<=T= zz4fFU@sn=kUQPa(5IV%fAv*K$ETe8Rz!J-_<{Pqy}$B@y3Kn*`@MYP8XIWK z+%F%)vv!VxX^Y=~O*;k;yAo^L(;2Vo4mC`7e7WG%OK-#k?ERmec&=;Li*6@*@O3l| zzK-p3_D}pK`5U`(lIoRvhOmEPAvMc+?4L+XNA`P9<#}75dxW*p$E@yW^tpu?PagQS zGD4e`1Bd<3T5K=wb~4`BW2~t$*4P$4@sZ`9Yn>p@_2G;;BOiUjJ>`85<9AOr{Y=HL zVjaQC7#WK8uYBs+p(pB8J5>(v%fC_^!u7-B?>VsS-XFg`_0?D3Ubgm4Q$rQcUjI;> z7+Fu{1^6A*u2v4;ik;C|Q@t)9xW`U?mDk4(>i*8!-n+_jj|R{8^W0Z`|f(kf~MsMs0Pri`CpGOGLtsY zd8&_$y{krLHR}%(1)8xr2WW?@KNfS)95CizYiU0d~L-@Gs903dnqrrCK-LO z2^`&r{&n8>6|qkxF@VkRJvocCow%pHKNSaOKcQoDX`6i6?$?jpb70PopLqL)mDHPo zt0wBrmV?ileEh5$-{LC1XEGMW*w11-KH84q$CTusYp(~A@255M-#u^FODl)V+h+rC zM5bdCAg2}Y_!;yjo!_#=>i&q@@fi1HmrSz)&Fk0sjJH}PM^}vr zog+GWQrBo}Aa?tF#<Yoy@0JoF>>&x>M%*u0i}Hi}Cx=P;f~ zDQ#jC#cI7c&I*46979V7BBk_)4vN*fe47)Jed@Lw056*+Sd%mcVmq~MjE8lj<_6A> zcxgQ6L@?ixCxHuCeBdSvoM$r+7V{uG>d~O&w$&WhA9VqN6V+>Wuzn!=dFjWt&8Gg) z8%M3p`KIPq`Pf?b5M62xV@tsKXC==@pjR@(cWgVwKF{loT?kGmgjQ}K-m;$hH^rmi zPj`*L#DE+*WY_Xq;Va3}v1PF6IdOLDNX~yyUeQWBUtyg$U!j!zSj8bnE+}-)ZspuY zeizb~ORrwqxB}YH9L{A-M+4cRmQuH_+&*tIzd&<42wO2bbU%A-3rBPCO{3tRy{&5F z;QmH*U=6sh`HSPv$0}?(Dj#9f#By>{ML#}Z^~$3a$fMRu6H89)4Z!bia%4=NJTTn^ zOyn$YyP0P*o%o%f^#a9owC40C&noWM3Y~98&$)CMebT8dfQqyRfwv`K;O_;I;PuWADx5t1Qp_|L1JU2|I-CqyV`oeXnq8K(BL_M|2d51P5jowMR7cXzd;w8h z(pHpCoo>U)$%;`+T5CBiZGP|1{X9?d%Q*m_D!b7 zOqlhb&0C!{rE&C9HdFB(?34y8_BCL!Vycz8CFXlxu@&v7?r%b;WB>Fb_Z0JOU<~=J ztCm*Hjwy%cfA44SdXtrE$m5wMcD*&7pVG^Fy$?voT#U?~b07qNx09FE_g(CA=G1?f z^9AAmb9uJz9IWb1qaD zn)v1@{oV(j2X?}%qkMpF;`is6TlWJlPOmn)Ub0a#QfFo6s(xpEAa)#FH(bJ87{7S* z0g_Djz6;vO#diVL`*N8Zu%VyUO#0Q?NIDOuntu1b%ZBBH2`lz#`qMhrzCy;WST8Yq zgYzSWv5SDK+J6EW>t5STUt0f>thW8zXzJU$U*GB8SKsmpM*Bp5o(4W@yZRmE8G?g> zTNop>qg?w0daDn;HGmwGylJ3q$s5T#Tjsngb`!O_{ap9a_jz^Yci>}7N7P>(Ti1rX z+40uo&85tHLU}XA-B6 zIzzAjmYTcK0QbmqSKemwG5GDHn#Bz}-RXzezLVr>N)>y&)Z11+ z2EP|usil?C$g)|;=}crq4tsCF@pY`x^|o1&zHI1$-@DsbzbLTre++pZMLzZ}V;vm% zrF@_&6q#F+8%=yj0qrZ7==RUr>u-B)7f0?~LV%Llq%U>~b+{+wUH?;HE?fNQTpIl<&rDp+kmzYNqoY}g`$ww};*BF`^yRjj`vEqKW z5-V9-Q+1Yns#H6$3XP0B(mM})L$9(YyTExlI!0}oeSgqQ_m!4xkAuz8xv@sz)UU&Ka*6J9zH_=GuqxGhilq77VumL(wvuVGSH@_}TQk zj`ay|eS{$En<376%D^YNb`s-@mPFVCyeM%a^JXqS=Hh3}veC6>R{Q1GcUENJk09G* z2j&+FhE^&MTd12km76o+-W~f*8)xJwzu5}du>kx#(Y)Ea%N$DKSHAE#yKe{wNzGh%WcBE~&Z%1@uvAkzZGArIe?XkbPS}Bi4P) z7n}bN;22(U$B$ic#>!pdoULWku;{|n1%<~%ABMim?0fF~HE*|#2=jNJSKFq|BbSeB zQ)jOW_gd%4K?ddK(r^8OSO+i>ulSf-61@4DiyyeC)>s`rZ{F_4UE2HZ!UO%#*#taf zCtw#EyISAH{{_ko!-vTcEZ7Gmc&INI{yXW*haHt?Ei~}&2F9x61z&eI2*%L9U@V*0 zz?k3DXftP{??4i|^3&c(UFLxi!4x>FPKFn@Cpr7<&0y=&J

    E3D?40~Edxn8;1N7TcPs|_sbbaSd&?otW zsYYl}va$hPuXP;RvgZ6l=)ZDAb*prKQf9oI?>)q%%aGqua$t1EnEE{ets`?6Hqj3J zLu@P*|1+NT;>4X#nKPg7JM$SX^PBzOTc{`VT3OnDLj20)PWa+e(CH3%ojLW*AeZ6G z?~C>03)%94Ja6<&H+arFF*%kQ*LcVBTu1nwz#r&FPH25(caHRNM(n^>+4ITV2Y`py zpAnxMUM;tnTm1_K%tL;K;wnC5L$|}%-8*dgGRoKdp2M?I`S0}~ip6N(EjskFgHdi~KeF$`OMS0IQFN^-)&ptlfLPt zU*KinE7_`b!7lPOj9<%H&f3Em#GjnY^DR8D7)gMf9|Pmv=qG+3=J`HkbEuH(mzy&q zj2#!qwP}yoO6*^GCiDT?L)Heb^0bE@4P4>0SB@>i@2{yn=G#7lv!$=$UKAZm{}uEf zSnRZU#24GcbB3PFf=*sb9eEMK_}$=KpSPROx{mdHNeGnO~+|m$hs^WLaF~u*NjqDD^>yh1t&!Oo)Xj-wYcIL5`c{D=P zvd3DWX`5$4@!Oe?^t@slUOtt4k{u-**n54V`FwnW`KWFPrlk2d&YmQfV_ZITQy`+a zpzOXEcEc;!IY;s(v)>VWoZK}p?L5vLjI9FgBtL8G)6p0_Hp_>ZOE8zYaZlr3#BZ}^ zgMNJg`5c{TJz9wU(u{480M|ii%727-7;y6Dx>?YmZl31Md2HBh*H9!Vq#I; zYk(e#gVEua&<`%Je->DpT0d!W=+Rx0L�!fOlW&2y#buh>=6Ze3tQdan#hIlr5}v z0V9JP8Rf;3kwNgV+J&|}GRS|v4C1*Y&rK#4@3tZS?}fI@jU5+`MbqfO$Pn2IUKzsg z@BAM8BP*Mg;|9$4f!{)CzY4n94NfIL+_m~|@vQt=*)_5?ZJu`Xna1>n_qw6|GArWR zJlkJ$__!>}HSBqZ=3RRsiyZv)`arU`6nDb*Hg-I7L{AjNGVM8@@Ya5n@8M6IV*}&X z-mZ}Z`y&*aTxRb%Yi6F!%u~5Z<-8+47yTMvi)(lBo@DJ&V*1_CNfKHtaO}NuWJd8) zdreAwFFznp`(rpuI3F7#_wT5~fL~O(6x*M8LIq=A!yH6^q6zsKZp_z)m%aY!$_n{N z*SWBo98IO4XX(Ogi&+mGvk#5Dg9j{lK=Mtp?agG-dp-RKCq2m4L60nwK(ghL?VmkE zE{oScOF-vI?2I1iVDx=ZvX%KNt}B=-&MTNo4=1q&dTv7g;OXCLYE#|9GSlc-6$EkHVTg$ zn=V9KivRoKubz_~ml3bev>si{7?$xV`C5XnonW31GVUa8m!T`m>Z#)ft+{I@H$!Vn z(XEP^7#cHe2ID_AZOV4!JUr%dGc&Vz{pifay}p&_`>@OX;K9~?8MfXlvwc&=x*j~zxJ!9Jd-0=$*UK(FyR(-*TEJU7 zG4YmMY-`0MSchlRcC>4ofuzx&nscEiUQx641L z3&zWv9%yz5I(`Xy9zb6AWB(?hL&ZU)FSbCdgV<_q#Ds1~Z-n4|og1MV6M9#ew18K|<(6F}>x)nF=gwgwk#cpMC6m3Y}}&+E0Jl6DT~55dY~0rjlE0z)26VEu=sB zH~D-%PVI|_m5b}(M77U^lN<*pIpCzhd0+1eZaKg?kGT$lmpW=-dfTVn?aCuo`@+$> zsn)8!)zypZ9vR<`;bF$4=j*_cMSJos`9AE!=T66s7bX+IJ^?RIblt$6egq@IMKCEw z4&4S_X-(J0S4O-FT-AfCiJl)JZuAU!IeH$SH!_!;A;n!UgtK<;>ujwj$t!xA{M^&f z0&rSif-mOM<+8xp$BL0J$CzsY>+sF|k=xOw8kkQIw-esrp;hWbG_L)fw#*E~BaGD@ zXI}xj2|azjUE|WK>>6Zq8eQr6>yV#j4#@2*_-^OQ1>!~KyK>M1@yq!B5%W7MUSK|h z@jN~!l2^SKBd@cOIoNRnjCT;f`}6{25prh;`6HX4^q1$$v)+r58`6J3}VNr zF33yZYY19@lC>~b-W`BWy!O?8?V++}X-$%INU)t)cQrW{%tM|o<^S2y=EVQ_+EPAdwa+BkBG)>c-wkU z&xrqxtx8`#*}jOMF_o~sF1z9{(6OpL-wpjJZX>F>dVUrJ>0o?yqj^5wK{u$Ak%VXkMFM63|`H{7oxMp<}vEn`Z=<00MXPa(f^s;A<$mjge3}-Jm@ebY< zUT%H^yr^9x51jEo$KID+&(mo_a0>vJ zN_0wqSfWdRuTtX?U30$ABbX4|5UhIn-e}?*-^f+3_ne+9>zj*B7b*4UZ8vKx7 zl4EZLerp`~DV|o(d!z89esdr2YX^3h@i&02m3eN{)%tZ^oBQ-y2WcCbrmw?_=7sSpTK12FBLJ7*Bcd9W?m0_oYq-wq867 z@8Z?D;M@J4&-c7H!2gFPz&|}y{}C!nW%tjSfdPLuan z)9rP;0%GmtP?xf^^EmmG$7g&f){idN zx`);~=Wz!7fHl?Bo9{z6KFKrf;Sa_7kYoLlV`dMneU7!_T+&s&)Wo^+A79(KdWJQ; zml$&bxsgPUXnirsy`BPchBeBl_w?3W;K|6i$MF@Ix=}NTF2YkBW z10Qm`ggNKc+cj0fz{y`vY?gZ`$o&9j2TQr9`G1e!UYnqs_8$Ny;v?B&hko(ePSsRE zG@5^|e6;PqvGq*V(>#cN*o}?j52Hhn=S|2Ui+PK-M1K|7K(Z^+*EoBqWA4fs_4xpO zCNiTb*?%+rWA!)l$UAtgz>3ZG17BxMl1mnL$dCTw^>OmM$k?Z2@<-#l!-?BVR*%YU zbg}$w#eAOp3peLu%$D@ZJ=d<*82`o@qjw#_wVzM9SG?+sJBPsdIH0=*;?6<7f#wl?gL%jgP_Bi+ z0d(2spE;!3neJSEZsrnAeanHp=Ht~B=(tCnKg+EQ^1&ekFTW z>$$q7=j+g~FY#O%a-hwJ68JaTAn{1ofLb5=Z`th z%fE8{wIhMmKN77BTwuIfKNjtB&Tp6f?3g`}g*^7IKNrwWkUx!e5B9g{y-00r{I2r8dSmETSua4=~bb4|5FDq?*3V&GfcC#Lp&p0%$3g9Xm z#kNgklZWD8r+;|Vwo4diFEXKpPw{3We>wQV<&OO;p56Tx#``VLcrUb{=5(6>=E@6= z?Fc$pc&SZWfB!l4!CkrF9cqnLQO5f1T&^D`M$>+9^RDGqrpb*SAUC=jJ5DjRT;QYFLV|dOY_i9dqxXL1 z1rHjz0-m7v)=cO|^rLed24*oXzPDpvXsowF6Ye-QHtdE~y8bZNH(Mdb7BXWyz}Sj7 ze{%#}S3}ov#=g|UmFe8l) zHmAu~;d?mX)Eh8+x@M2&GoFD?dMe$uH#?VZ?H$3*778iMEfUSnP5K`H0G60?%0nO;6t(AuuEfy zUfi*-WbC>p8_dVpdl-8q_Gu+{1bTa65?n%C_PU+M%kQI%Pw@fCTiF!1TyyWqX6wjL zn$O*Fa%uIvnx$4|YfI3ot;Bb%x+Z$EttNP9BlOi4_21cuOsQhMw~u@r#R%Fg?&%tP zzUC5dPz+AQ8 z;|zMam%Rn{dau1tQ#}vEAVMA>b%q;{Y+Hc~j~;52H6v6K~(l z7>Z`scg_#icdnHGQ(_H2ekr~~R=9PDzHZ~Q?H=nu+fnOmRqf@6HifLtEm>CQ)~QzK zrj4K9F-YI?g|=+GcgIWEwJ%i{9YRmvS%RLwk7uNRs^|k43_r;J^~7_2Y)^Cwa7n)C zm+#xz91gY)XkL6SKU;S)JQIIqhSjM!M>X$iOl!zJ(3nn#!>#kD)^}!G2j8*UXUDD< zWZA##_+5e=ES_m~iiX^G^NFwP-9g^XU`#`dX+fyI^9tT;^G#YmA3b*~b9sfiP$#SP ze=(OE*M0NQ70mTz_E_Jr?tO>0-V@!SGoaTHXWx3yJv&zVe61^KV?MB$51i-oEb{aD z8+fiwFvNGc&1v)N)Vo@F&*yn(YU^s>l%d`9H;6nueaxR4nrC(Pyx;0vL!SxO1XVlb zlagi6l>(zuU{spwd4GLp?}GYH+3cbV!D@7H%~+%MHUd}t+p-b#&A@Is%g z%$n5tQg~A9%i!e(U^0JZedi54a|Pd5hlt}t6N9|hMohaNxZy9x!n|L^yo!92ZCW5V z$c0@NuoGN4%i-cC=2mG$0bQC1fC%xW!ST*bbe^_;P{s+qQ>!@A+uTI5BjCjU?=ZM9iB>%YMmTWIqz zwB!edZr_S++{ZX>u72oHyOq(k+VTyR(U$B(t%2J*?r5E>nmYP zoX9H=$L{`+?rT5!#*R;$XF1b=?|){#3r8C}J~4Vd6u;4Yx1Ybk^L>T+u9`X~eUzQt={Rv|{PoE*5d*LU^ zs=s`hIp710^Dm&G9};x zJv0E{R+7iPd}QRR16CMYC2J_4JTz>d)9^cW#cC({Lai%(p{|#p{YgvUulivki?YelO_!Z%oA zJQ3}+KUhM%8s6w(Eke0tT36}6F&Rn+_PqAS zf?wZzGVD9@lko5FIJtb?f|}*fYanFRTFjl;5Bd21p{>|91K@WMTSc`1p2>ZBSB}p& zeEA34c4eKp=j4Ivbv0Yjc_y#N=NqczdC~Xd%DXaj9*V!n_X%+c?A&!2;k0jP0-So* zT)xQoNAWpR_`GD)R_QJShc_aR!K3!%u2o$R@T%+RdT1*f+Ol*2V-lUn33w@$uDu^wa=2f;XY$vTn3DRY445oowAEV#FVZDW~$$Q44YSUq;prK zqXrBuWe$A|o-V4{f2hc3U8Pzj`N*(I(8Mj(^J{LM5^i0AjFpUfjd^BaUrz$ABhXnR zvDOt?nXSd(<`wR#{>x_MR!){R49%=k{Gf<_6o-+|JBY0wz5zIV9NQ)8S3a%TTX>wg z-3*NdmW$R!W4`#8n3tii+;_(=fwmIB#L$myYvPES-v~7YOl$_a>f?Gp*X{L4)+cy= z9(6elT^+OS*p{%rwI8|o5VlU~YxkaPsLrp+0|v#|_mhxu`OwXp>NPd;59LQ7TZbx< zXJht>YY*$JC(eI`enk7S`>!!{B|A7PUSz&YE@i|oGtb!Z+AH}!A-y@W` z*e38Z6{k-3Z%>0eZ#@9*?h?qoV!>Pm=b8c89PYh z+~SNglW_*81Y0+AJrg{k!#YFNc{TU(nLh6CJLB$plX3s*rHT32)DO7;e2a{~e*X9s zSMW3LQfJ(X`}i1dp84%J_D}`$Yjj|4xYO> zM58rMU#ig~nsnPg4Sl88Gf85rc-t;fuIijiVmTAEt$2poFZaylv@`zUvVieNo-zJN zXq-Qyng-fKs{N;m`5a^Y$CcYv$iE;t=t1gwpJ9$(A0uZ*(CqP*&0?8-@p-Y2e1kQr zZy^uAjl6pddFbc}$xiqCnSwy9x5qsL$o5whb5krXgFihhAEh5(Yc+iL3UHst-mp!? z{swth`dMc!B9|XgZ7tA_d=K*BGRdtA$E8=EJlL}96t-a_evRJEs=fIv`&Rh8 z?5y_F%_X+1J$}7CuFr0dM{!T-BYW-HJ&QPG?8QOsn$x^uL9vP$n`w z96yC@{sLoCzk89<-(g&m?N8@Ex$7`KW*9qQ1i7yG%n1Hh1<%S4+s)@_46n@Yi#eHE z8Sh0u?k%*QeQ>>{emo});a1*@L zZe_>U*5n?t?b^jAzp+8%rp=1*Qs%le)kn;r82HLIZ4ZaK8mEN1l(Skw%z-+OikEEj z=6*+kpLkfYE%8yi=7df>!8K!(ICLuf$d;Au;o7m^N4^%;RGw{y?)t#@AT}Kvxh|I9 z`Z%_PuI+~|2Z6)GHHBw&Kg$>FD#q4(>EdWd(FeEg+DdKn0S_DoE`MfMTcI^P75HQ^ z_o3W-PZq6Pe`qrEo5K8x?pb=WjylPwp?Q3vt}Roux)y|}f9=CAJ-1?q)^QVz)wW4( z8kt`^@6Z>Zjqm4vZ&w?Ae;xW7u%?*W!SU3{ssOo3b{uSSyhu5R#>Si+zl`r1gWi88 z_laF?&{dInH;Z?}!_RUa&)BDes|vfVNNYtroe~T#d+b9lMR!stBQ$t>;Z?YHEwhF4IX7Y6=n@B9P`zO zQ#sAf*m4`8yX@9V?p4-@W9P^t$j-B`i6+nTd$r&C5^Mdli^IfGpq<~5d-BK3xsSHa zn=@kNCFi z!gmpK_Z6ZOt(h^6xdc3U;ez~I7zIztl@y*zOw*x-Vos66Dz@sN?CsfoGR4PlZ--{o~8A z(WwiF+?Kp5;M2D%oVwN`-bl^u{p1%kS(&Yc{0{MK=JMsN4P*}a&Q~!31^?neXfu4xv=q9|~7*xt_(R#ovWw&Ls}bcw-U}tTMDl>ldsl- zz0_#d#zH2CS!-kRQwDBl&%E-3(Yb!-9gWk#+=(R%7n+avnrkEeVu1N%MpHirXBv;2 z|8QWwWa3!V-{c!eM=!xQW=>l+{>jNKp39<-q6jfNWL@)BD^E7h zV80c1hvso9IJMyUT+aD4Hen$#1bE&%2Hl_Y2KQHHMYqqdz2a;ZV=cO;Y^=|zcAt5S zQ8YS9vK7DGPwl0w=TwhytwvKmXyZxMZd}?1Z0vV}XvNgsg$F@T572)TD z=S96s;0^qGa(!EgUB`&InSBS6pW5f2%e;Tma$&giqLcN04s&}6S)sKySwJHvrjU&0eD?Gw&Dl*7<+g}>wfha z)Y0&~n}O}9cONGf-d=O_SyQKob1Gqh**QzC;cnv{G*@FJUipztX2#Wy^F?Yc=c2Q3Y-_PGgK(wGNxkM5Ff zOg!iL3}41pWXOEvNo&~3Xw`gF^K>$HpJ;8J2d>R;09Q*iSU*!S(rtOW!{cbtmTwME zIy^#LFm)8z3g42WtAWpQ<%ffZrg`-*eB<26&L}nRy>OHsDdstRfmI3KQBGbN-|s`8 z-om*lgW$D?_$TLobcOM`Gk?En>mDl;TZGsP^5M(0xf>cv(svnsFI8@xwbZP)e+(Ry z5o;SKE1a>qbhY#i=Kmx)RgH}M+k8si>ia?ES%KGXN2Y5oeOI%GNj4RFV9PIMF9zd( zkKR2(JsmIq)sBdazur)>B$2N=noY+wwVGzR9c@6Dd? z4d(mgcm+ImulXJ{-#6$x<5Zlj7oS7C(hsZ$;JZO!D7jQTmGz`kBdf|8_wKZDYaK;x zt}|`=%=er5?&=BIqucv!nY(X-c(^NnpIJFx{z@kVtCq9AZ#}{q*YJ@A&;apNUH8>5 zPu;^QAiyVx4b`E0<(xX!Z31<33QlM8T+c=~RBw;21vXZCY! zSZ2+6z_Bm7;kyT9(_&u;XZ7gtP3Z3<*cR?t!$+{sn$X!tSZA;j3uE==;gr^#WiK^i zFMXVRpX@pI_hUR$$urk;t*t6NZl9FSGRi3o4sT@+!LxzqMbmR7ORfqI$GH~5uip2r z@bd}Al%wlQo$JIy_chPpdR@mQy1vS}4lnKdQr`3E$qwyv%BcztKdW}|C%=pRywA#J zzuvtjUp41*&b`46C%^m2W^->h{mTx?K^MNndm7KuT+V%(W<8=I2JtBS2;Lt0ly6% z{Q9uTG;ZP7*xwFLl`kY4*`!8qFC`oHm>7hZ~&`zC<3pZ?7I_zafu8SH(EUr&3#8TfDDuNPa!wAG9q zpKm?#kJSFmBi8kH+y7Ep`#I!YihhIekJ>s7y#LhDl{I`Tx|f_pQaM`!;lZCn~lCUS8kxOC`o?4?VYFS6iK?U(37jw%;V z=Qv0n)dOD_*TNHWW?=*Hb!l1nl>hf;@a`n+rA%ac7@0o8?;i5SbiJBSQ~#26YUN2i zOPeyqI{W#w=$xDZ z)k{xeS1yJ2WxsTzH?^n4tbr0o>qq~e28NfBlcgNH40O&Dv|ETDmOZnPIBa&S4|w{4 zr+k`gU#I2_F*LO$81DmSLEtaHH^iJWfU*2u=`-kO73=du-*}2OD&$%*>!J@c|2F1( zIiI#K%-#ch;Z4k8FZK{M=(>WuFI)-7l4IF3#(d#k=teYAg&gxaKCoB*9))J*TOQSV zI6BDZ(Nlir@({T?k~RA7>Zv_klMeKy=_={izXON2^JnJ;WW@i*e9wsA!KcnhxtY%p zbbfd?b_e`bO5CF!{u1BGA5g5&!&}te{$T8lc`?;Ev?c^?Le5bHkWD`Bab2-5O8OEdQ?{>$8@2)eP)A;>O$MhFzV|r-R zmOrv9$Fb%2Grs-wJ78H|`$uj0Bj?%j%@(y~7-ueUyV!wch|e5sBG>QzV6Sb1?X_zN z&UStB6F4RAzfu3(tY=?3x}Kdt#v+STIgH1TPp*7ybWVu;#mKF1NF&xrV4!zE?diqDIX15kKpfbbN&5h+Ez>l-LWd^$Pd?- zP;7B<9cv)StSIkT?0eT3G#<4Zl$>|?P`@i|xjPOIYdm_boN;O$ISJprPX30Wk0v`F zQguf~?b^>()bcN_74Y9$>uRu;0xJ&#@JiH%CWb`^{2R@tD{N{tgQIg z)8Nz$4R7GjOJ_TKY&yFg9)+$(=}a^>N?&I0TR)CXVcb7bddIPNe^uWo~Mw5_^zv-p-=W{kqdwha_H31EIP@h*Oi(- zewt)=EfdFa0jQ z5dG5UDE(qTXbf+Mey?@$a?GY*(df;tbnUiEt{>-J!`}}6m8bF*;Hb|X z&gVZlpZA;3jQAJ%lpfQ4!PwOk`;#{RzB7$~r6*keU5C%)T|W~48v6kp1;LSQ71<_p zt>CE7C0ix~np|!9h6=!w?3IU+m$Fw%cux3ghOZUZmaQV2rwx5;Xb)NG#_hefN(h|! zJhIY-v1}FB=kf!mdx4J^PX;&OsVNOlK@Xk+;K{TBp47(eX>H_zn?2AuHW7a7B4ZP| zxY6@2ZdSXvao1R&nMJ_-y=ib?;lO>r19!pO)zOyo&xOBzUiR4fi`HFSU6_Zxpm?~} zQc9@rTLvAvXHRHfPBHSb8+*1JKRk&aJ|>?6@fp>2{UY;@=R9b$rgJg!5nHj)#TFN*oowd(Oe6gk2H|!aTmtjMcnR`5oO`+I;k3VmFE-eNf zm^^O7WR(6682co9%sxT3D`qVpI!N2H@8r{{4hVa^Q}g*=zEgTk*-} zD_`zG{D*;!YVQ`iJ>a^TJnTjErP%RPz(cuqoS&J>1RjIHFKcFW`#|n9yH3xGcFy&Y zSCNNb%NP}V>jAcPwDHVuM^^QM8}>7HPJ~mfqoT7q5IKzOVPs7fT4Qc%?;K|qjM@>5=R$Ub;@a*yv2Cl^ zYsFtCpGNkV)`v^)SbkogNb&ATuak>A3 zlkB8k_C0iSzpy6vtOee4qW)ppUS++*zF$ZTf82fImb#w^)DZjUed7G%?w8y5EpkIA zY`@;VkIp$`)rVtx*I#JwTm1?Cq^%DMNB5z8kU4AJ(v>Cdd{tk=&c7PV7keDrvov>Z ztn}Qe&5tAFh+mwr_-$leF8XGgb8e9%(-h;qg!W&ap#ALkHNG%hxn$@Vb&QJrGlsVC znf=km7hbDe()E?!79VKyTe064SkIF~nM#a=$wSFX^-j-9^-Ru6B{Q>9-S{5ZZDx*F zaBjivz?9CgPfA1cXn(>WW*Z9{9thTn2O8dI)UPi8b$S)S?8qrE3ewNDf4>3hUp zYbjujpl5G5Rlr(X&;D>K`=Z7d3eZoALwtbGGsw+h+WBB<=)Cc`I;`iZaOxQIP)>3c z^H{2R04tMk#=Fh+nVxrpW3>xq|J8?LNyhqfozKFU+;)VsLhOOL*aerN>ouNvj7R4+ zR@293`dEU^xy132em8CG`*%Ix3zvpdGogWg^L+AV5Y3O1h^q}uO%%Os3D|nXm z_t8CMRq#nUW04J@{#?6mHGRrX)ZX8G=DM2p1IU&h+A5%(Twu^UeMPE`>t@eIZuI#! zY}qDk+x}TASoaTh9nX!DvzLM2bKlnf$t#Gdg|Hj%?2wM@egB?$dF5*Qo@L2|*@-bZ>+bt>_g$y#wV>JTJ+i*c-^2VJ{ zL2o@&)k5vQ3tU6LKlsDQ&RqOi(OMn*(-p4}?vrECs%gp z*(Z2kvP1TfksZ7%_+CJEK-V9NRjIG>vcu3!yyb1k4*E8-gZ?Iv9S7Zd3SQX(ZB58; z$PP0uS9VzN9J0f-;mD2?dB_gMsgZ}0P3GQQ_-!rpTTiZ^{Ln^hCF$vdh;z z6){)$dC9Uyo>$B#dW}u)80+;uH;k~yb zL;l2>ul#z+k0!;(;K4QYw+0yGL)Ufi^BUmrpk+O(@8WIw&EoAf@b(&bJ0Tt+*Fv($ zw(abFsv1*P8b6DF3r~&l@4Ic?{-*pYd*T`LEWG<$>z!I6UnXCzfwf|v_OZ?+{`APj z#PFa)#-&;!`K*PN9{Gr=CE~(Zw8oqkntO?ljMfrye~Z>KfKSoz$S7XicM52)vVK;q zoIYejnRocDcT(g5Nq*&~?Hm4XGjpDWjp^(gUeB1l`-ah9Mt4XLHZ!j7SyA-8y+22` ztoGg}Y1@6y*zm|y`TR>+Z(VlcZ=D$P9Vh2j7uFQAKc$`fE!v-g-MG5O8tx)Lrh@kO z(0-oQ2Y1hk<$CA9Z_VLp`myaidq0P8_Sk>Dw)3lw9p?Ir@^ifT@20*6^*_qV(GJLG z!Y;BHL!R>M$$?LTqt9%2+ID=rK5B!x@?QOXg?8I{Tfn9T=f_$LY3hcTc zgA>?;qK^akpMRL1GwQ#Y`U0$tNIvV#CYv_xIX#uuZ=KVx_8ysjE6F*c)9<7A{%s%dn-OZ8H+K`z8w!7xgz`kgA4nO9ei$7|4o;Us( z#G>o*?_K;!Z#@W}HU66!|1DE|t%K}KSVEi@Z${Af5j1Tj@>H_n+G;Lllq|NInKCL^ilMZgs3l@A@%lK>SEdTnW z*d%_&mFMiGNnG5v%ii}y-T?N8o_FE#cIfA7&zMEGzxcULw{M4jPEP>;JAi*84gP-U zY%Oqaci^56KB|CsGrzIv*89Li9(X7B{5{`&o_Tp`>@jD4E{&>X9dd4Xl`*UY} zy)Nt>+354gMsK}L+y5Sm=P8$ZE^@z}^H|y$kL^n+W+J;a6fbqxc^uiCm~3^9!Ux@@ zF)Y*=CP%rBKAMjIgUr)-TwLqZg@;{#ea!#IuQ|~?V~TQcBgfHq$Ez-iJxLLb7HUol zAI)6f7qS)+7dYsyy(Z9A#QU*-so5``6}`gftXx;`@*95=eViY=lzcGdv?d<7f4lYA zzyA{E{*tTj^U!-G_dMjQ(@sLk$M#Wh`G=>z_|D_x9XNV(r98=K8Ix489Tz z48Dr--x{P#gu~n`V&4IW%L3T<@Upuex|{f{S9hCdkBq%vk38%R*q!1z3xyqL9h z2ktJsvy8kQgST?Op~-E{%&nQZH#>9h#%9+&=Dp3b=ep4Y?*(2TWLqh}C3p9eSK`IFi`z-)I&8W{dEoDN$oXvKe4ds4tZ=Douk$HFeYY0HebGo!$+MSIN4rz_RNMMD3LnF-WAeq7BT;h})#BKz~_{d zE)t)b*wL8G@Xk45d_d27#4+1>pyR5(mm4qVo9q03Znlb?Ajp+0W~oZ4-;9?{4Dp-SnpzIef6adjr3D)}?pF z4e|vi@UC`ydnS&vx#KeQ!E=`ZC$|k-@1TDbX9GqJz{tHfm-g3UC)ER^;3$l&_>Yt` zgN<+N1IC0-*BMGZ#4(jy>((e8xQ?99>&ZjBk^1mW{)pS|=(y?cOc{HwoBZeDSFttf zAEjPKXA;{up_pDb&nJ2Q^?x24{}6C`nV6Qw-Wv6pv&A&#FD&&rvB62;bxQmIW3G=f zzojL%zuq*>tTnkbZ{oqw{f?iE(Y@@@GKcoXkG|-n$VB|Pg`AW>OrJ9vA4o87$t~$8 z!L0(hrFgXJ(iF3w_9gNNk~jGx-N4Lu1##OCaMmm9!0tMD&y`wR4G)*HX4`ii_J&1$ z>*|8VCHQcetj&&`^W8bPvu)RD&dCn@vf`P)A6eKB+y^-?dLFjJ0J5$d+hKPN=c&-Q za#?%Xo2xVa?q;8o+T2}3y_eM`k$QB!t-q%c+oHw`eP0Hh>a&O3McIJTr6K;_?a)2C z7ko!kNB&;>GVL0fwmmRbhugJT)TZ~IZQFcw^qf}lQTj6(HFFP1$Lf3>7kcae6mUcis6U;d;m$?%PVQhH^LR(`a?Qo$J7ZJ!f2t&+IFS3E z#-Qh$@1J-+_S)>-9Y2GHBp2NE{;)$U_j=`Hz^SkBVdP^Vt-iv3D|MzR5KA_>H4pql z-)Al(4~)@4657di&WrzE4RPH4&>;Bl`7C?}-h{_x_pSxnT93ZMbKmrp zMo!(sc`C@IZ-)5(UcWilS(KpcCZ>;n-zlneK#z@eM`OvZiU8zte`HyQUg7;~{T z&E$_HZvuYsn;jpLUo$mczuL|#Fz+;E#rE*dgS;b~(yYhaWY7H-VD{=;fEhLM;x9vo z-L#$LJSUs(ZFu3wpm!F;_Q03@%<~Am>77H2yX1w8 zfgjK80WJ>#m;T~0xReMk#lU4faJgD^!dXcCO@1@DNbkT)UbuYtjo*6yCn~`Y_$+}pOC_^b8<=2&7RCOO z`^ieKPl=*WE#tRHrz+n(aSOBzy(Cvd3;6XIma|9Y9(@2;)5Z$Hm1l1`3w_g1^eW^i zd(LDpS7N7CV)K+Nw(YdiBepGj8#yj-Ro;uACo`rg{CVZpTYY~jc|C8WFWxGSG>$it zqpt2P`cK*nfQ%ad6~j5A-HoYwnqO+cv%8mCD^W zFgRxCk{Q`3opT*L1PzytC9sLY4Z#sL8X`>8!RZLE_ z>(bjdh!LB6*dE;r)Ti|9J>-@spEwl%+vw{%OS0I{3g75YdtHKzHB=w%%xI2w9=3w( zyYcITjO`TP8~C1M&fi@bDP-St4lvr|?3pZteye~_jsu_MmD0iWFZ>(%7+=FKkX~EB z^AGa8&bKdf==}aBcWW?fyngx*nf~El`rk(Xf=_x|*u0}PBHTSA-Nai>9g+fM z>Zr^M#%~f{hzXc?$Z1vI8iTP(B=gX}+DjxFYiB(2W!r&=d>+x4cRaUUU_2V1XlD;F zdeHTUMrl3m+&kyGKC&-r&+}Ok9&>S6Gzdw=p z$ot&&`-57)_k-h7a9l#n-lZGS)?Q#4;9ey@ak;aOEgm$_bL}GF>h^IzeRy&N4(2sq zdVU{KyAPM%^XOv_efa1jul%E8^%D`>7gt{543 zTEm}m{R)_%r-n&Rz}={><}SdkEONedN%GYOt%15>v0we|{hJ zZ_vl?3HspL7d?Gs(8nIm(NZ6K)JJgA`F&V#&`0hBeQ@n_o<3f=7g#xcG$>c);d$rx zapVp9NKDWN*KYFk@k9FP4s38?bs}$h>)7C>ru4X-v{d#BKF~I~(Cs>UIsc!i&w+m?1wr)>K`&m>6QD#qvMjPHcy~jXNJ_%uRCw+A}vl z`^csja;)qj)pa>mN=|G2MX_?$xP0(i693mLD=n_s^Kt6JIWp9}u2_xt`L-jBiM1Bh zPvgLpabu#kY=pSe^T!#}DUFFS?`2Hn0ne|q<_zbvr$J*Uw?0zHbIm+Qtj3I;eOdAJ z@vk99<{f{MS`FT@xMNHb3w}G-&zn<%IbpLGgZozWf)~!`&51dC=agjKRCD5-l{cJw zDeW7)O?h*?JqUcg^S1GJ@7tQ=e-|ci7q(A8XU))Az3^-3Y&=eU(BviXi;0V6-raGL z=ld+a>;6p7wQ0_^DSWzP$>RHYwgh~C<$sLn3B_Lv{vZGSKmJRTJ^w%8zk_eae-Y)d zp=Y|`zeS$!SMpu__d(CK_c_Jt_BEH$KJVJoD$=E5NQ#zgNn=8@X3D!M!!yTh6`83GOv=uY`L| z6Wn`zO7jaJ=HA{3?j^Z*CHIa^aL+%r`GqUE*E7MreD2NFz07;e{0w}YILl5QS5ypYGh>TU~Wl{kgyEsAFYe>(pIEy)2%sqkcv`pPFN-6=+pnNW!%T zoVkjAy>nL__wS*rbXwj6JY0X{e>-p)rROw%$*k4lhmWv_(au>T-m=4rU4yNdC;tfe zFd-B>}ld1r>{2eZ7m{3e894<>Z^=K zh`B`Cfy;M+<>}&R?Ob1IYx^}(^5(gJ*VuiX>#XPWy!yW>*!+oNU-qrLf33WjKwP$# zm$o0YVI7(1o_Nd6nROlem5*ia`{Vog?&TwQP5cKhjPa6e zvcGd^#--2n{I_zm|B-y74Zqr160rT=Jk_f|G#VS(=Ioy!FXt-PUp#SM4o~8$QTdn8 z`dKNz<=_1)xhdZHiI&?Lqt1qNX<47{_|~QIkNh=X`Lz*vchR?~%a^z~n!0pG$!JYq z!9cadi=VKNi5U^oS6V!3ivyF1_-BRLPcpt9jc}`60M*Ui15ZkphMthj4GpOtU~xV5 zN}>4>`Pi3{Z=F$n^Wt{+MSJILztBId`U9tUKFnu#HZ@PfCDiuF=vvA%z3^vXN=Yg+ zSVCR)Ahoq>JLdcBI#S1}BXykGP<6_=hc~r%NcFB%qr`IdkE%x0zM9u|_Q6*=qhtU$ zn>aPR*2D7yJRgPUwMSWN<^KY$^uT{wQ*R3Uc!tj@KCMZd(3-?rVq7igGM%T~67;3C zC%!Q^9P8otwcyWvPC2ZjGQP=;x2t}5C_aZi?09@_N665r@|iYt{Fe7!Iu-6Ob8xZy zLii_-;t!tlZgkGB_ThDx0fXy^PhD?O+mzV*Cz&Vvj|QLeM^1P7BQHJYj|`pkM_zu> zA9>}ozFN&4eG~gUb;ddGec`LD55EdrUL~L4PeL;m_3~SI=xvMEN*2QZ3$@OZ!JqOc zE|JXUdiJNb7@xirJT5Df?u^79!lyqzn|g5Q+2hd1QRIi7E5`SKTE02gIIH@k^w8z} z4sx&Aa?hy_nsch#!B65!@xRtEs3kyO*b{aw9Vd=EaIBR1l`_9l=2y!6N||3N^DC(} z>+08m@9UYzjl_sQiCsW@st<4vIo#4aHs6iKPIUhr)RRlUcK{su8RJeqeSCh=gEMdJ zSh=>Uv#ot>)YOO!X8IzhC;K8VP4`8HX89s7U+jy#a=%q8Jb(T9@p4G|!QG!}?`bRH z{Sw|U;r$ZcFX8>1bD*{b)Zyb9Stv&sLl&kzX3 z{pVyG`B;Oq&x!J#wcpD);=adOV!Wpu!wk=RT1W0#k1V49#A+)wgMQ8wYaQ3FudI5< zSvB*h$viopyanD|Pp)4vbPs>8MxK8R`>PjOmSKfs!^o!W`=V!;+-IH5@n@KQ?U$ZF z-Ug88Wyl41TkDO=3mE(){Ed9*B_~a1LTK$dag1E5r+krQmoL)uoG;RQ(iiD_(HH6e zg;m?XL~;N=)h9Bpe?dtkgWN;&8~xA^pB=aE*?tNexZhb5kledWx#X*(sSI=-_lCZY z-Et{5o<-dqU6(Cs?pxPJPGP5RrdCfT`fCvVm1Xo-R+sb_Im)dAx4_r%R|#iPCV|6h zWML1wb2VqDRr9Iyz6K6%*|ox&WX_^p@%t@XhbmdK_hoU`EVT&HeFIkmXQRV1;}-O( zzSY(MdQ5$)eZ3=@Cmq>uO=`_#?5D3Ui4+B_g;{(z=f+?gWHILXGp*PpY=qNgzQ_nV zyos90%Hc*HZntISSWcYxw|x%BhK}o?g()?+o}B`Y2dLFJ0*qcEulyxya<6W%hD#aq zlqr*1zmOG;wE42uXK_#c=*+JKx==D_k@C}Lnqonh>d!H(a97X>n!NI_SXzDulI~p8g7o7sv)qJ*L z|1@)!&ob;DoeTIRzC$FAOM$VWsO5xwRa=d; z)r$}E1U_yzeXAX0xoM}yX(I{ECud=Af%~4;Xk@RS^+CQ@qLTyAf#z35{rezv(9>i^ zR)Zh><5k_WSU0Z8KWpRN$+1R;$cB05$2z~V>MUnip4E6)gZJCXL0<~q+jw7i4{=sk zJF)1)R$%=W@UC{fct1oNwoksH<5BZHBi_a5cbxA}^Lf~Om;GPc@dV!|qJg)ggS(zP zpH|+g4!&&yd2IGyW6yZ^w*`Tx<4X=#qu-Pl(R<2@h;I6s$KzIrdWEX1r+S6d)kCH# zM^3Ql`uwkVDnFxzHrl~S3pi;3SBHU}Y~Qw;xo7uaUnfto&RLzexM51DH5Wg*o@XrC zSm4v(%UK_?>qu6(0&U>%z_!}=AXW9EaT3ooys_%T(nWt-SJY(iJR{trR{T{`P zr;)h@vG=tHHUl47wed&blWKIh>i&1bSG|(0%w2UtT)v@ZJhboY>Vx*}`AaYP%=}w5 zfA~jd4Ibt!BGn4)XRZ%b7cTCF2kM!tnO~V}YwJ9~+K!Ky`Pue$zIT3;;q`2LjyJe- zoD4r?*LPm1KF=2B<&_uid`p>Epr+!i$r)&3ooo|p%kW$SYe&V*I}HEU!RMR7lRMW3 zkr8<&PT)sQv}~*+wCXLc>2ov&caw`_L3_aUudFz z`74=D`;7S$ZC3VrlLM@_=b)>Aw`q5d#W~pGr@9^O!Mg4Jw7DC7o5%Gf*Y8kUUB9mV z_0C*kw&Qq%_(A&bui1H79S722Z(<1rHXVKE2Wc{-puTgDN8hCH|H4n}Odx*+_k6}u z3T!KZdjW8-+~|Lx642JX$ky?JBcfoASCooni%u9|^6cr$UPZsl9% z)OYR$ZoSZQ)8>GITLt$OL;10DA0N0&d(eBz>O0qj{au3NYT&pV`7YR$sJ1-Mf1l?K zEL@t*gjO8caIZUGWW!S)nsepD3X}gZCLhH6LFAF-vg{+pSY_+Igde*W{UBMEk50}& zb{$7QNH3IP2PTmfJ;({{to3`WhFzJAdw~0jG33HiBUZ-xLB?Ij^J~z>p_(=5pMtZ} zV~G+^YQtKG*Vz zI^g>_vLbt7BQcZguD08(JCpQL<>9w|@LT_mW@<22?RWydX{O&c^kfOom04En@2)cS zD!bgizjA@Tr_r}N7R7Mg?@7ibxIPZtG+wonfxgZ_UzY(d%}07$y6?;2RCd64xoX>H z&na)ovD3b1zB~Hge3w4i&~cpaUODB>tNO+F(|841`x}RbM(KzA0&jdn`HjSa4>p&- z-|Ro_B@VG$d!PBeM|+8P2V)Jtqut`Dp|dC0D<&U8F+x8!yY^!dqjdI0+Ik|7ITu5N zlc2L=(H}G$LY7naFV$C266v2;64{T;kp3EkHg$&8az4jw`H->6+s|#;dK#S#jSijG z{ucD!;pTwZvv7*I?`i0AZYUaQpMCH4!!!JM?#8Y+{UCQ0OOhV!`%N@5H*?M+mlw2d z@AAR`cKUtHS23y(b5Tvq)zH6eI?;dMCOcnA_d+4-YURH7$exAvWkcL(=mh!)--6He z{7$~VzO(e2J5C0Ozi3?|pxi<0!zOpIf^)y>->rRL#j&4Jrx*Bj`tghOuBq7zo%BFI z(#i5KOx#}gxPF${z5ASdUo|WB{626jKJ`P-n!n4Zs+FQxxW+2_`vv2(<&KS~Q95+u zJ$7t&Lx=L`i1m?6Y-oVIvjwrGvqYOV4bC<6sI$hcc)p$mKKhJoVUHX-dEp=%2(+-`wKDbM-2f(S<-gDu%=Wp#b!G88K5Fa#kYbwX`@eIt% zE$UN(Q@?V*zyWe6{vmR8T%6$Xo7yn%;2Dice-#$+XWw#T_{d-OzMoo@$TzpoGWO~b z$Ly@+9{k^_x|VKRI>RUX8%-uwHy=Fs*vqQlipgEh?;LEEr;!he#V&n^YOB2)d(&#| z-)qHAL30*1dvkU9S;_IA0}F#E$FA&V%zoN>j!%tIaC_~0ukC!y12Y$1MQQewyI$q> z!A7QAsYH)zB@z20F7p@sCGbVMH(8Nns}eH$Mfz{FYPEJJIg?=hqWhL; z1Rprk^I2>%)+_q%jz;=f$FS+jI)9%Wx>$2k+)m>@&bZyRHmwhM<8rF!k&gejJD+~$ zGWY-Be73*M`5Z9&|Hkaa5#W=Ftk^%rx@sghdS?N;Y((tl6lSYlLIeW zkubLJa^%$}YtEv97g-;}rW-hEMFyZfor{{lPVUA|PU3g=+z)RZ|Ger%N*yZc07mFvl_gj%keV^aH^4+B;ulL>CG4vSYSZ&pA_=lEH zjG%9iVP|H(lfI$fL1ewf`j#7~PU15!SXaLIHr{>tTUKO!D7t;6Z*qJk?Yu-gVV?c& z;w_)Z@nx@XVy;8qwjw|MbNhEb{4o$_y~7u49ZhYRfZn$l z|8HzPHAwDkh&=-t)TQlb@0|3i; z`b^ys|D8Qox9yq=AJjb(xU&g7KFpuFSL44kz;`_xz>crm#gBS-%|l+^=`e z<6Y@%ue|m{8v#Qb{-Mp#U#X!bdu-*5Z8hV%9=%fOj0-*brsH~=vA>mZF^5I6Pgecy zuXk$xyBUA__`G9Hzh~plAD=UdyFmP%6X5Q05AOZ}+7vyy@qOE;8jJ5E>sa$GNfk~Z zU*%_3tbOJZ}2hm?P{RAv;+1Z4kH#R)SHH{7UYX z?heP2O9Z=G_NQx~lO4>-T~eY};*)ZHs@iAoj%> z<89KfJZsCbyT{2ed+)hoXGa37f8?c~A`|l-qn|)EbswrqI0Kk^48~7#Ysv(MD0;N& z+UknM$Ah0|{lkA}ls(EsS6(% zsmnSr@=5%W>v``+=!@^(H5}r8CQsy#U9(9*dp+PHhkjX`x#0SZ?ko17HJodIo4IH? zGNj6~y86J`zG`ZGF!rVV-gldiwJ6SOLgryJrgRJ`_CBqBxs%OaX8A44 zpqJ5HE86c6aKJNieBXv{2-P8jkchTpkfbn{8cO5wX zEOzqs_^n(Y=qZVGSKc>Zun=UZYKS|wxu82(vNNF$F}s<_9G{>zubI6%l%)o*ZW@O`m0xx^RTld@&h01eZHLauR7~} z(-`{?ev`RKWBoDwt4|;Nt(qp9mvokLAhM&AV>;8?i(~j=VGeXce1ckRp_mW(BKfC0 z2EErwj>o7h=KiDnzAe+y`A$uOO6=C8&)=&3-P4{>4UK6-w*nve(GL>0m{wDH_Elu| zYUIk(==4{SDbI19+L^%gu8*JFw)F$njMm}GlE|;%(<}Y6TJL&K^kki%xHK_|V*jk6 zYGn6a{+V5M{^>)X?YMu}EY>4_=$qN~T3~k92mkP;t#|rowyI|Q5$a<0lv$}?z`u#W z3~Z~J$gk<~UT9V@>AneEiVu;^8pAJcjHaH4Hbt{J#F27Xv(Okfvqm*CGVQ>~$n*oM zr(o!+&Y`O&hpxD8=<4nZ)0In8M}9L#Q%9hwZfHs8Koy|-3&q=vO}s7oYEI{EXzxP2 zt+<(F`Nx%q!`u|Rmb|w86Q}+GbGKs_wH@ye9Dqr8U{*ZGT%QGerp2e2>xz%nc3fh< zYu#!?#~)}{u+e@p@$>v=Y*{{IB7SZPn)UtDb*fL4F|IyQ;zjrt-6x(EOoEKNAN^{} zp{eoAeJdj)#Gr1UZ>2aE7$=?22{k78l`H6>*MVQOJrZZ_s^iu$F$fCjTjiGyTH+R@=Av!d*Py^-5q$ zSNQi|+`6212jD@~1scqu#)YNz?3|&g(4**N@b9cuufSt3!MqK*gj58u7ISMaLs z_^jpc`V}<($#Xll-sPXxIvW`H2cxNXCZefdvzL7}rFNP=r#05uLxXo&tG?vV=xT$; z?}x@$Ss8}DkDvPzIb`o7ZZ~Tv0Z%2sot+CdJ^nu7>P7Gl4X8h}mcD~EbLhZ@gXZ-z zdgm4BG!;VN2fRUlrPlLSGsf1An_c%GOf`5A@&$}AKT}B_&NRg8}gg8efa|zr#HxT$iQwI zfZch(m(l(_Fo_o)rk)n;vBSj2UZm|8IlEv_by{eEBR3scSyxt-7P=Ey)RtQ&i@LI? zGaK7ZvG+shsMdOD2c4CUO*s%7?P#9&e1)W363MXV;PICj@1LTNUcsN0P3h*5l%*0= zN+qV0N=zx0m{KY+rBq@{DGQn($F77{(rMeJm*(uke78TX_0Ua)p_{!fuN|5T-8{_x zHclV27&pn*EZNixu&KXgO_L1$V5*sVqRb5pWvv#^mrI3JsuGLK-RWpl4JbBe)! z0R3jc)8@M=$m$72`5zF6&^Iy1zLSh7K^{an|E+{|dlApPv$r5bI?57>WGy&{>CcXpOL-%HT&G~D`c~`z=LmE8NiTo^hWkUXrbLU>Kn`1 zo^6bIWHw`m4RSd+Xyn}zU~fWBNajio+BSGv_?Orp<~`r8!Dp)G+a<+Ake~k3xNsO6so(66^Mbhth^{oHaO1POe+DzT) z?RSr`rnN2vwtInbKKw0y8cKc&w0%Uhz0*tE0pl{9B>zos8ET&~^iM z6LniY{H0>(dJ1$s6}r9&y1o^~np06@Bq;Z6 zKTU^jT80*qOO;WvjyW39oXcBYdUJV6``NVKOP}WlJFbDo41E`gb_bvroqhLf(oGCF z6WgF4_I@?8$IaE2-4?Lzwz}MiZMRA0#i9Ef$tz08A>Lib{WH*tu?w6!McXB!MdX-t z+EdiW84GobbJ9Yo$g)h{CFWRS(hprD($~)bo9uy1V-IAs=V61X{-tBP>W@)Bd%`uO zeX?ZPdg|Uv-DW(|p_=#T*F(L+=a|vVjU$f~pQ-!}96k4x|acV>$R{Ox1-odge*@z1%U4Wr1B(i#Ho-M0w*E;0D^ zx39zBRrvtFDq9JjL~pY;E?Q9q9k9;Z#Ez%)t>(E5o>wA=Mx%qk_fMeL$V!_=l`nFD z@5|AT%4un&9<9}}=N9dJJTI;VzuI1gf0M26hA_s^pLCI6n2hhy%K1TolS`LbzO>pU z^mQqHT?*}O<+~cz!t481*4Nvxr?;1Fd}zgb`k|b_k>m-jA*LqZrV82AhgWuZ8zCEq@tCK9{eQ`cH{nL4}5$qJrpNMb# zW?Td9W%#NpuQ;Rlc_y~NDtNOL`-ijtCi+(g^7WnKxEd!rhNie>cUgZrx;=#_pxb@q zxcH!3A9UNj55D$d#<@T;1HVCi7|FkAvl-efLl3&XfZYdQJAS+=k1c{l^jPcsKkKMSbiI?CC!>DoE+FFpG`Ir98Y#zD61 zef-XLuD{RkUCy;^x_Mmdx5V>I@AYhk`OOG_-Mkau`olBLGx0)N_!iG|eXsX=KFwS& z*z`^Fn;yQ-Q|_xyxnj?=o1JHq`4x>{ZQccFFC%=td6yBM;CVL5d3L3F*5ANYpzEQ^ zUod$A8x=eKQeX97^<;*#6W?cshjA?$AI`76$D!YOZ};&cQ`Wv7tLvnC$55}}JlB+y z%pPpM*KdE%v(Is@X9LYMJ09>i=Guly-wQUaFX>cn71x@ZJI=M}){PV7{EBxO!Hz$D zY|lZP_^v<2#0SPAtB(6qyT=Fcy_Bms06Xz8exdxJBlsCdi@p2m4lwqj;t0kM!FOoM zE6R`Jv$T$8UClVw)m*~5n#)*MgHQ2(HhVeZzr@iMjp&Ldbj5d$5r@Incz1eX$9wB< zFuuyW(|sN9y-&;vzx#dS!AIAn&^ET;t=`za?T7vQK0BvBavS>Rc4RQ}EROxri2d;^ z>NL6heqwtW#P<3U+sh)hH;CBYdBpazi0u_)uh71+Rk0UmWmuOFz^6J)jA4LmR{W)M zWZ2;ecC1g&K6p~`zO32-*q?i_!&N5PW<5-dYXCN@`3_z@d@tYNQ|X&-HY>L3_T%J6 zcG%SJD*K{-R83~J;dWoez(c@>AoIPexb&4 z&k$?lo_SfJ2KGQV*LP=y-g2+!WQBIS*E6$1Z@SmhvqEpU*Wb?yz3pBv$O^sV3oh70 z40+F*VWAy9)?(?}cYf$s?sarn=ymsc`>@bX_quvmXgk-M@7Mu< zp03uJU!`fG2t1+Kv}|}?OK;cku8emBp*0_Tq`4f$K%n!W#R&0Q=vXP+G=i&7})D!Uasg;l32R&XQADuZcU!%uIhn{y| zYE8S&@zH(Q9mYr3b9@Lrcj$lKPVA4C0@j0+*>Y5IrK3C3dtaaQJMeV?`i?{2Ezoy+ zQcS7F&s>F{xe7mX6@KO_{LEGO^PAsAo*`RX{)nu^_im=o&9`HxN{-=Im*Yn?BO{w{ zv!Av8w1{;|f!b!q!|Qu@YJ3vDcfj_&^_}8_^?bt^>KoZkvh_4)osI9EgN>4nJhQMZ znvtcg1@gTE70?hoXph5pD37e$>-vO}b%tiF?mmF~>_O#|IN!=PaT~T# zt*aM3{vF@TE);+D*ltyKzs9u7vr@kEGxmOHKy&5Ec3j-}7}(mz$4JMHOUKvayiaou zy8jeA&aX3ct@QR9e2fv4?a7XN9Xn2Ie-d^aI@oK+)hm}!vhNaT1KA|`){5>vy&acf zz-6yF&NTb5Ypzji((Jeyc$)&=rh>Pdz}v0h?KbfC5_qc!b||jd z**S=LuE85RU$Q#l3&H<0mU1>b8lOWSUWVPo^On5g{OBs#S;g2{#n@TJ*jdHcS;hJ9 zuPR(1{F}Kh{NyywSBy~3tfRmWL}eAR=imDqtt=s$hUBX80RORES|tWj|kH?lX-2Jc8?S&ij0R$2iyH`Mp@z zNp`^H0rfW!{){OX2oL60GRM_x!5zHM2zGqM*`wEMe?QWT{Vm#dZC}kb4^6CRO~MI0 zWbE$SPGff?zvCs~qzs(Q4t7)tC&&`%OwIL~7%Va(1DU5d)t8k=E_uv z_6^T|OCE)*S9<)e%KlDq$i#O%dyDVf*uZ<(R#CYEX8vAwxI5=Slv`?dvnK z$IrwD_uAcFd;AP+@F={RY=b|BoxP_J8yvl=c}`=4bDf~IU|Q%BXwAq>Xyq{agZWzg z+Aeu3-`>n`VuSZ8TP{Jil##20j%Xzpq^*Know?-d%qLd|pZ5K&LC$Az#vhs9R2=M> z^8vC2Sl)1L{9-$o$(4nlY_rE@rN_oM@~}A5&R0P1A206P&AyM$_n{Xv(2L}SFKDqB_%>VAh=yyN%sj*kRM!m7%q>pv_C5`GtzxvR65BGJ?E{ z&o4B2WL40)8+RKAjaHd+kgf_{H|JRWks9_7-`U4G1B$srop(~^>o@{#eKRb4f`Dfn zd?vPXv^X<#B<>4E%e?y;*zcmi6)mvy&tkXnE4Xf_za@^2u1e)QGe?!s;km>l%vn;v z68HD@wC6YNX^trZ&zo2%WnB2Ro<}){YC}BBnh#r-7WXxL9HIY$M|d&(?L40W4Mwqj zZsyn3hsvk+uIpOh(1UWuV_DGBpkT-S9@-$i+T>S*3qv2f&wxIZ8y3aRh!tBM&_`V| zeds))WZH;A8`^6^>#d2&n*Fsz8|TnhU!POxVWZBmy1=Ce`Yw9Vy8Pbg;TdoMK8YV( z6?(n=|2aLdhhBmnHo9|`e*rxh_`jY+4^J_NWYfK6&b_?<9%o;wB>M2u#(U&0i8glg zdkSrk+jMNJEhk*MsPxc;Z9m!cFo!jN$Nfq2qC)Z_9eIJwKvqQIQN@(XpoKE)g3ukQ z%qv)u6{*H&h|Ps>_-6Wjr5`C~0lzc8{X*YloFq4*$T$;klKeo%H9=oSe#~V)9~y}u zUmq3@;N>9evbIAn?pR;1I*_ABisAp7B>snAkMOPG|C%27-w*$ z!zna1tFy+tw=uOQ5a>fqur1i5pMp5=5$~IRNvaW-02>a6eSPN-1Z3()qJQPQKrfbxAO2E_FyRG+dNK!?!pzEc#VEaIA?3cCDuhs2=V^Rj zogbIzgS#f%?SpeK|9Ce2UC-|`*#}woVJChYsEf|KcCT@q-#m;9vY8`8v($ zeDSa3kmgSQUTf>n8*Ou;r_92Ry#9q9xoL$R7eY_tpsfnxh3sS4Q3y_DXUP86eKt5R zV{R|qN^6(|&b1a|iZ9K~|F0(|wBG7lD?5IXVq?goCTtk#CR@&284Ao~zqy-$M|umo zHT%sWXLOEWbgK57^VP~m(H!01DCcu3%G<(p|*7`T754q<3UNC6R`Ui}Wkr&`+F4v>VhqD)-&e2N^tIz%MpGLuV zqv1d0AjF^%_H79@vzFQPm%VwKkh{&5tgZ0$_w755*N>oF6E;P2C3Yq7y8RX`G09ly zz+Jnf^;Y&AdV2U858cR?5bcyZv?E4TrW1byr=n8Ln-iTPodmogY52ad@eI1T`Z<^0+7Z2KSAlbe+6 zf3y-$YpI}~TcL~F=+o^MbPAo65fA#<%6DT*_S||Vd!wYAn6!NQHfVZ|)~!Py#K#8f z_kZzw0D4=E9MJc>*(*VH90jIE=sPC5;>^0w1)M#xZl%xgM=N|0gAZf_b=wc?&-m{q zFYArM{K*5X%T1mZ^xyn((8Qg`5L+|P(1Ci^g73gNytU21)h+JKeOKJs$@zl5&E8YD z**RbO#v6Ao^;s`BbM9G7Lt#ERsZeZ7akLg_h`cZIZOF5MPdMv<{5yLeUcHZ*_bI$j z2?z9!7{E4oxu1V_ku%h$9V5vi$;4Y8=>4b`WpdP zr@#h2PkCnSrAtE9nj2zX?7M!+d&#Rl;lD+`xUk>d-brq?zkMxzztDl1eeI`xRdAT{ z{_wSw&vs&GUSGjoXWa}Bw+P>Ptkr_|=ls&v8?K!w{_VC8QyycMSD2qo8{PP^#$NBT zfxN2Y%q{)np9(gtO0hzpdTP4N9R>G63 zhy|}h&O8Gw&mqek-%>Hcm~@TSoYnl9H7DqaX6Dgn^|vlJYfU6SU%}tkd=7KYWAd1n zh6WD9&t_hlT*||~0cSQZjeJdxziLb+Uqp8W4zFnK2L+$U_WoO#4NfVEJ7`*qE2T%)c9tSs1f}47HoVx$@Ai1;XSLL04iFOR_*Vt<& zL=Vh~)_LYf>-KcbkJjz!njfv((-n`Y+tU@xsoT>vKU%k^YksuOGbdWNrz;*)=b1Mp zpWL1kWe&A&&vtvRRQCT54iW2MOoSWh;e`F;z%AXKOTUoAscX^tKJzE!ql-w&LV`(AQpRtK>AaRYu=u)AtH!YcBl)uR+GZ`a|btFTO=nFAgD& z=EV5SwL>rF+My$J?a-RJc4*C9J2Yjk9h!Pku{kH+XRg=S^Y7-`p)Ygo(2=>W?wWIN zYPV@hYvttg=vVWZk@&UwRiYzkL(jBdPfijIMJeO+v6qYNNa^@j3iAsFTi;tF{$<^o z>_6F%-$WKBe~T?zr`!f)xLG&a=|iq2J^K^Sgg3?VjBGArKMiDX;1?bl%sv{=dd?!0 z%ys>p4df|$&kKqURUA9JT|RuC_q-rzUgrhHvHf*k&TPc%?R7f~ z2za{A&H2pH9potLJe=XIQSTY9?(GY%iv?GYX8<`ifdf~MutxmzhGVysaK_J6{EySY zx|Y6pVbxrMU>ympr|Z)U>NS1hjGrF+lmxr_r2TMp4plO)d%}P6SoPG;p2oDNXUeJD zS;)TImM>I#-;Dc`>z3{A+gP>#BIUz5*JC}`qqw%~wZeH^ccb+z%lHkV_ZwgH(0dm0 zW)N%4lk5xmAOD^7PDlPn(mT2L|DU6G?H~O=nclyvyfla2@Ah2Z$+b)Gv$;Nn-l6r- z&%4w5_0YL1&mTc9d*yk-tL%wKjH8GcQPB_|{!hw<+18~;V>~Oozw*5u@Fx3jgo5SM z@AJxr+*hrA7JIf>#QR=G9(vzJGyd16pcgjw5{%ty>zzAY*aii87R=W6^vCyx1BUs=2T1zO&Icx1WW+nc?W0T4c1hy<~l(_=;pW z`)6Oc)%uLt`>+hWBA@R&8=Z6cU#W9uI69{m-EdlX9i8LCtMjT{c$4)`a^DtFw_A4j zS?C@+p7YFXy}neW*n-CFL{kdnjO;{cdLy6WmG8sPcuHuMWOf&VM#*rFVmeSr$2rR~NpgSnD=Dr;bHD zfAi`G-+QFI{Jy2+{`O%n{XqX<{#5k!A>vZ2e0|NnxY_*1@TGKL&hH!4-%3BUrmdOZ zLaR?hF5j#k;T!7J)fzwV{Vm|=Z~3=l_x|u#dcoO!NjU2%|6BHS8*9@(&B{*91x3jH zuu89Bz7Ra=I(S9M;yPNab-5X#9Okr2SzBST2Gz&>2Y&Ds=3OKsL_VOI2Z>R(hx!8^sNcZk}<#_$K zJ^Z{Id+gJ!?)z11Zl$x+zoGbR$Le>m?yHEHN{pCwgqZcVf#iSOb!lijdu_+!%!w0o z)!h00_ndIr>RJ!sjeV=_muOo#q~199e*%kF-#?NBkKl-Ym2=tImp9iM5Q;i*LKVxt(e|90UEX|35Q|1d_ z&KRh9ZfpDwzvg|c{L&n)*BcT#QgW=G`JE0!5AgbM#(EKB-E^yo%bM71O!KPT&tY73 z{!BBmpmg#TW)HMBw!C>sD1%%Dvj%d4-M;3Po+946xT19-lKZW4hfF?%r!P&!R+Y2aQbF93_^sA+zd$TZeTb|}30=!E%L{6W4IK6=Y*>(_s8t2MNuiT$tiPV)#F z@Abf~{hb(#&6;adTvBmz?^v@J&=1wm7X}z7Z z#&)n4SbJY@C1$vud9xPkiwvw;;l+*cA~@sN7{b#Rs8e(LQTR`7%pisugYU%ie~M{u zz3lc_24__kz*~8OL%t<=WnAq2rA3>m;XyhduZQvZIdiB#fX3A~;Z?M4^d0rZsL#+j z{o6(v@AG!*bNlU%r*acb+u{Y!c(=@FP7@v6GT$855%R~J6~>r<}|;28~ocsOx)DPy=bxRHr6h=-?!P{XO7Umw6iC6 z;?EcItd+9Y@oh7>OUGt;n(X&d;nf}mfywjN(TLJWnO!C zdHKYGE!Mnh>=b*xH4qm4=~}sXnwu^K-p=FxqZecUxO@`-&Z&G-&i{abD9a<>yaC2$c?q|M-luX*(Mn#deK;GE?)F*?-kzl%pT)ZXRkjyXG6G9 z-_0B}c+y<&`<#cVxgVV^BznA%^W~H$KAk#^JOe+a(kV9&V~zcTn^v$7T!eYT=xAtt z9CBE4$Dw6=4l)(k(!!-)>z`;x<;**1 z_zg$?zK;A=8)^$!HW!?IEmZ?FDRc?o+{S6MQSY&H}Hyz^ih{ znrYK3gT)6C_#grwh`w5&tv8?p?QbAH7y~^pr{2B>yy=6W_CDP2X>z&KAxi6d(9_7NzXp^KB6@DBttqKXy(_E1xlOtCcdZjCpM3 zH2;Xc{7`vcz#c{ZnEYtbG5p8ht` z-(Pw9JBt1u0M0e!X$fAP7qXuIa$aUf+R4tBo9I^)F#iW|X)esv<@C3S{wBWvll^@r z@tXDYcdPo#Gxc{5-?}{W84u5#GOqNs+qiQ782K>b>r}?|Y36Tt?aejgDmwR$t8jIM zIitzo?ONdu-c`PY$)9ts3(WHeH+_{~@ZWXzixqq#7awQGKX+~>pDZaQ^NZ@9qpT55ZZ`Gs>rbRKk4vYMz&Hu5+n=Ipl_U3)^sv`sD1ptsLsTjG5aP{o46Q_Im%eLgm*dt@nQ%JUt1X z>dB7+2Cu!A!F_=LO#b`u-5c-wTByP=fdr*5r{kvtz&0N zhDWu>8}!gV*T;Gge|vv)d>;E=X?@ATx#ZhnLp38yTF}$2C00k%R%?Owjh$4i{ZlhT zRroj8TAY!Lz17UVCbL-QGKzWfX3;WjN~WC`uzpxL0z2b1Ye7`{g|!LmEi0_LV!-3- zePgRt05|mi5cytO+n}xNM+YRE2a!s&M52V`d=~*H1@a751H^^uYFgAx+1NnXdvX?#F8o~Kt_H^5I^08%y8S`DNiImJ% zeqR}Iet=BsPn(BsVr&?XZDy~FD??G9i#GOslbm1heds3Wg*rcw%$J=*`448JLwxOYYeF=$G1vxIm>%{X`j+$(kw;9Bb+HU8<0e+#fQDp!Iri_W&kGfo=|paYGk z&UN(S!Q@mz2R{N<dP%^N0EyZaG%p zdwW*6Di8mRvq`*d$(}PZ!D;g_a-W>Ad8?r%FD%NfbI0jf)=2(Wj?+awjFZMlW91#E zD>Y8N;8WwKoJozD`sd>A=k!N#M;*F-7T!V@G-!{Crx+vAn9l5TX*deq^+aPac=l8p zOACMU4V%VPpP>inJdW(tzV4}(_CiVx_w&*h z&&OV@X(m6t1>By3H^xS1)!O@UrG;N`@F#mu@Gur(<_?Yik?yhBXY?236n0j!-*6@S z4cAy^?QDFZ^b`D1iEaU>O*}_GZCq?!5PAsxv>2O9_VgTVhHczyA3@pb+Ph3`D9`-U z6BM1kQBcg??Kct+|oA!E|XJ;Sp5jU<465~wVIC;B`#BhzB zz*_2Utglp^%5OQM{2b^)?WNJTRQ~0Yq&UBp`b(L^rkwINGr}L6Ypu6T34g@3Y@BZP z6n00SpLVyUnjJgJwVyIgyt`|CgO7Mn3jXpUY*=fUE!Wp#v-%I+|6Xx<*+)g#u7%)H zF>lk4op$U^aqtvy>L09q0omgX94nVQ2b&IvtEdPj$-dc`a;`jRr}%P{Ku|f z?M*g*2;ap9X`OpYt#1f9N2%6Nrh|W-tKsK9MZeUaN;%&UNB5v-3q*JP=0bOhM=UzI zXj#zm*Lql*|Z?mXt7j@~p1N`_aEXJz3Jm(|X z8M3>yZt{oJXK>=T-7R7>_L%I;RRP<+Y=nN7kaxD#vcA`Zec8;| zufs=|eW|i*(9xz0zKys|Wu{^G}(?)x7ckD1OFp;?gO^MT&?^yZyeAe&Z)9_R*aNFH539 z?tk_3BpM|4(IX8O+q~7SU(Ped$8|1FO~4voLj3h&O*ySYf6o)oU9QKu}{AOf@ax3kfrP-*S+^JaQ`ml@@puQO8Hfnrpznkx|wr#jSW_HeyEx;UW(jhed3b^K41GSD9#40k(*)RH? zj$C_c81i|rBS!~z=ck*_l78MGk0*vaP3WG97oRoXiyw?0M}FUHt~0~mH@~v=GQ!Ka z*6)4%_9XXKZ0s)gb~$<5CSK&X=l32dkjxvLnBR-cMy>_$2P>duu8rOtXxk)3;S=>1 z=YXXWvy9;f%WhxIm`Cts6wkru*l1M^2+1bB>1)7tEA||8pCh`ayke@_yIOnH$QKc9 zi^g8$i~{-9vZv)279vj~l+nH7RkrP6$I+2*v@s;q{&o17Zyfoy(OvUijV+-4A<<)9 zwgC5Kj7KB3fMS)C21<`#5=zAu5Uh*HiC27Iwv+hD+n&o`f<^DW@0w`8nYtU{CBd1I zS+!qhpUU13l#hEgj=e5^YvgQ{t>8-g%(cO12ce7F)T;gWQLe-qc=S%z3_jz_Y|z;o zE%yhXyuR^&@83Q9l@Bj`AYni-(FI+<%5O6P1@g6eumcAXWuvc)jK&0Prm)h@@30eU-x&W%z$=(o;59G4QMDx>EC|wrbkzNp6d$A9rh1s_`6RYTegR? z2RNgklzo2Mp~VP(qGBx30^*Oetu1TmZ-n?$lzlO;5&z&DDkh?sOK-3roL#j=Yw%q7 zmt!-y{TEGKHj{m&_)VtIiV)+$c*lv2Y0NF=fiu}3?rqMWdvv?C?*;bF+&U5)5c#(J z8`i$%+`kV!oWuA&n�qV^n}Y0X>8`{$i^ns-{h#JBHJee1k)ztbF!&SvSaaUWof ze-xbE!2g#Y=)dyspe4c2I-Z8Dz5(sevwy|ku}9|%K7VZ`>%Z@!jl;ApdOcEZg(`gm zD{l4^|6TjoiaN#>oL2N>&T%=k`WSWWF?A1E`7w2taQ@2+9~oQF@MFeV@?#}AL4OH9 zCiwrhv*iE3vb}fDvb`yPWqUt8%l5|omF?A^WqVnFVS5Lm$%^xTxWA$Bmml8wK%bRU zKAHJsSsiO%hh@yWhFqU0Yg-{Y5Dwed)?w#hH&yvt_Sz zY`6MuLk1TIJAQ+_GBTI4UjwIef!%8(C~on@i(U4?$DTPdV;?yAKfBqF^_2XdT4EOu z)2~Y9?f7dK19KyC*M{#(vwy%%z!$BwV?go|G^ZP@33mL4a6BLRTMG^z1_wNAqz|qv z)qIp>n%1dnUA1EI(ns-1>7$hP{@8fWGAEnOT#0afy@TsUY?X*?7H~ZYJjW}mw#W`J zZJ>XQZUT>O!Zr9;`>KOE_i1lY$13eBg|2HwU$m9kIJftWlK$@F;Qq?ckLcHhl-Kua zqg(yxjJ7iR!&n8%M@=lFoaR@Rk8zN3XyCe%SilRk^QLJt&>q7!()f0@6-c!81KMKF zy2rNE#s=bGnY1HYnsWrGLwQdNHkr9RY!TscH{U;mz8&qiE*BmTF0{4?Pp#lpW5%4$ zmiT=7e6O`dbAN}B?TRNn%?fuzL}ET1|LdQfrCf3PTEIRg{jo_}o&?8_gZo-*OEY+Wu6)kKN~hoC zM}@QwRC}E$KHZp*7n$KFTpTfsCEHLxz^3|GOb@xtb62X-@Fz$^OI_@yw9!?OXmp$$J4`-`aF+U$;zUs`Z5&)-8)p_w;M{ z+%9W?v46iyKlb!XuRVbMYhiQ4fBW`e1HOyRyQlxVpWB1|Bfp~+zGj~^?C}9%ovZ88 z$FIq$JRADB@h_y0Ec(6&dvRC4eV=RPoUV6$eHsq<`WU;<)GUxj{>Y2atoS`}staFY%t{*J1$Mx78YhUGsJVSnd z@C_?8$c*ct_82tL{IIpGsdDx z?>HZxix0paFoN@F4Rq{``*!fX2iYrw1r9j2fcDY2`~73}ckyrQ zmP z$X_R3((_to){u><-ru3zA8Z<3pYU8C<63^Gc=ZU^r_en1-RF|%eKP!H@#oU}BiKIP z^(qA)`A%Km83-oUcdiBABH%q`EzL*1eGzhbtg7_TmZY^bQUCl+Z+hVy)V03z!{;1+ z>}7rDBdpu}G^^`8g(!A*BQ|vmzdrry;`gf32TmBt9PRq5p`mAp53VOZsJzNza$vOA zcdOawd+D-gnV;!o?shD?Vtx56v&YqXVtreQ`;9?AY$boIhB=(3?8F!1lv5t1 zy}wr)K1O=@d~`)*H0AP$x$=#PC)N1ueKz0YJo2IJEe0Gdz)%T%i`3p!yWhw_)1Ky> zkNqt+$rNmYsei7`)UZXH@%MrY$^!GBsGJy_x0*Whz+2h2p`q#E?GEr3A>OR{F6@zM zi^&lbd?T0_Z30#T&x3WJ15Qi~mG9#`zk_m3e7D$2d+Uz!oQay(P43h6jD5zO(uwRr z{npdvBPPmMSVbK6Lh4Z8EbgDicbW|x_NCgBi#CTSO0 z`v0G;_xjD|r&33b=P@CiShba*OzO3QR|iJ79)46DX$o5jQb+){aUNb`zCT2a+$Zy zwaz!|mCSYUe6wE3%;)Bu@2*#>V}HfaQ`BSX%*ilyTFi^%zg}VFTZDSuxU$;e{vGN! zJnUIV^b7j`h9hfFmA75%iRz%SI&uN3IPXpQ56S`1njWpC7vVla~KX%4L>xs@u33ePW^MzKWoYP*2Z*)A*3Jp%drtAUUHlrW9=Iir- zPq`E$fHjT(5^^;P@e7!T>lnrV0q(cM)9$>!O(&`0;6=ykEuS?$jtrSjEjS|{Au>1@xf?~7C`ZL2N5#@y9`h~k_lx*G#`kZz-!mT} zIm|rXPa=#@337cMdnG7--H3i7XJoL}q>xY0p38V??NS6esQK;~GEsTE&Disb#oXhJ zO=*AjyhT>4t{M0Y6+9Qe6#*OiuAvM)S!Qyz{k19N|CssVD$C?*SB|jeZ9}GOoE4*p zk#AVccO#fHUPYNw;(n_rlf!QuxbO$tx8suvmgpt$Bd~}*)Lw#4{3*81M5ks`{s#2c zNaeOWF}QSKHTjI_(KvnX%BAv$fAJ$?3+F+Hw57VW{!4p>Mxama|E)TffwyN;efwIl z6P~RiK6!^VFD|8n*U;gks7gxk8 z8?kT9S|)JTg8sL2!oeFhfby(WpYYa)d5jytOW$hf1-z7pmadSkCA_^sy9dFW-nWA{ zy`SyiO}J!zQ^hvcCJ1k=xxij!J&e<*67#FI18L#Q=#Olze0~!;s4wtmG2ZBQ$&GJr zaP$yz!}a$*OC7HKXd~~`o1YatUvrBiLu**Ssd(h4)8I$(1??TuMhbO4{n;&OBrCUD;o0|%2aN;s+TfFg1Iyum>=Bq z#a_zLueze;mg)Q0-pgz(I@#aAlhaEX15aS6f#j*oSfbBxEHC+@5hGLK|9AzS0?pBQ|4grW%d?*bSZ6BZi@C&hQ4ns z8a$G54{rKxFJ(;MFU<<&(XV%VDP#KeixH+@yF6veu(!&{3q+=G*(v)6y526^%(B;1 zD^|D`yQ+x$IPYr7v9e{3?aPS&e(>z^`o#Ghe&;;O9PQ`ceSJ#K1@dchLMLuMR=*us z6_;JZy0_e4ToUqOZxQoht^SunJMdYGf?o_3@~p^ND_abF>ws^k{F%}(hDv!S*d+5! zd7j+?Y;GI>K^swcMQv1r!`!P!oZ3d!Y1&xbLmNDs>S^P3wb9j&Be~zrKedf*r)eY7 zLmNE%qNk1LXk$7tHTA=H4&xHM>eMzYyNyDvqh~CKgR8aR%HSpEi=m){EB9VF`z&p2 zQ+^+7{hy!>t*w=OU3u%VdT%|8s7JZZLGn?B??$c{A9JPObVpbexYA#?Iga}xqM6bK8-w+BjBnj?^HZ#{eTNY)PGJmM!8>ezKP&) z>u9=)SPS)UJ#HOsAP!wcovVR~F+76VlJJq%NSL|`AEvY ze1!O)cR%l*{Ea9$^7Ofj-`(DJ%cD>NB; z+yykSDZDYep}xrXxF)S;rIs!j%5G-XtA?jJ-JEV{pzF0 zuLyE16n55=L5|D5vDe)D!=-tWdtVHFHtU2rU&_ZAq(diDppzEp#9iy4 zd`jsDn=Z(=XI#v@H@ZRV97YUcKayZ@!K%y0%&R8eo4wS^*IF&D4^YffvOSG)9!Z=) za4H8%ds#^CvG%(j*!D;8Z@lHr+Is3}8e~nlmNN1gUAP*cor=OhsFk|gXyYK|wAOMH z<38hDYjcT})_xsrG(p$e^GRzegwr<|W7ShlKbO!?eY4B5YTbI>{x0g)-?Z=-oc=~> zOR-q3_f*>fpT*gh7H3-q8v1ayWjk=($vL;R^tFO_weU(`XuTF3HLzcU){@qO8y9}o z%AQxHcTRuq@&!BYPE#BG+M^$^PXYLCMpw3>3tNd79KRO#@jZwn{5=MzCz$~?U`J7eLB1z1TN9MY#7Nw!S^q~7jy1K zI~VZY*qX?Tne?%YzDjpT(L;8gkS)K~fs-6?@;W$K3{Gk&XZCTT?Wbtl)ulY!!aTf@ zGcHbERbCEsBDo_Rs$Cyr!y0sCsk5&{vF+PG0zLHR|E^fyrL$cB*9V?leKnRGZtr@B zLgdWFd;VA-hfWGogGZHLqq-*o$FJze`d}V@3-Hqy$r~U4TE}MOU$HHRGpJS%#=4>BLhyop?&;7}mTHyXw5$nzx!?;bWBO zoOQ1|f%$b{{uN{Mam$H%<$_9Xdhy}P;R()ItnuLg5rhBk^IOANJEYj2=C~wR27gzj_damQM|gtwemr@AqseNUarBR^)0EYF|IFPZST*FKdz z_W_r9(%|K{R}hN`Zn_k_xP3M4dt%zM4K_P%CfiSQda$3=2b-=;tTm)H3N-`$OFXA9OMXwTPtZDA zNG_HuJOAd(_?2C0}f)A=^q_d(-ZBX{@aek;KKi{D?+vv z;+vrp5^JT_AeXl*=24m#%IWfz>x#ISj`+$8j-BklEI6+L&fj}r6B#AoBkt;@pFHSC zG^BauYHUN2x%fGa6;6l!LLzYJ2r{UN> zl6iN?2C`Brwln@Su*-7!XASLJ=sIw1p93NqO{P!bT>a?l!FTe0BNi~fwD*r59y#^? zjimRNdG6hDRXvaF|KoYy`{=u>mowzdug!#duV+6?)Di5Mu&;aj6`p&y{2u3-S(l6r znq#FjXx+3s9=i=cclkq_kK2npQ+eS&l~@7Zu$dRngRd50Uy;Amkjh!^rB-UK=+>4m zwx9Gg^dSA<%KV?Nvt>&o^kC-Q)-m_ZyqgbxbLZW34wl-m*K^zbb>X|7Hog9u;JX>! z9C`PTr}$?Yvww2hJCf91HG0c!PiI8A^-ETG=~49$r2nF=82V-Sey5#Ycyf``p1amp z^33!zZufJ$r=Oa~w|m#c54)4rN1OfyXdk_%wb8QY@4!xv5`&kos%NX+eKY*`aIUK_ ze8u(h5%1Zgxq8;7b<_}#Du#y@yTm@*G7}!I!rqenTNJe8O{L_;xMhsZHZ*9?KFx;5 zvCHT613Q*pMm1Z2!cHs4eL_Vlk98 zbmDjPTn79LO}qR1T$+T(S6w`!%SA8Mti5%|PyVC@efC5zb9xxhOP%p-acQQfvBakq z{R~KgLpcy_E-cQNuJMd%vi|CcUhAOO8~2_{uhC+Azow&W9sOGz%s=e5wa%uWLJ!@3 zpnf}lF8%h_UU^ULk)NPG{)^k*psFor+g?xjJwpG)FF$qL>W+XF#LW3```crv4vP(is2*q@LGSm*zlzIBsCnD+yRat za1;W^fF9bf@U$O6PDnPmXTj2bT~WUgA+48=v1Zbo3CpvxeiK7+?CDrB|Lc5b-2UNf zPVIlU_K}fM_S z$M~FFOIGBQhvb&iT%r$|R)}n=R(bqh#YGe+^9gU#LgvGjQ)pSXE=1|^4nO}k9qZl>=$FNugLbMS#K8r02(>&dp1yxvJ&vX^A<%ieiMd-3rb1=kVA zKJD$f>thIqKVQ@3TfF4qX&0Yutfl@m>$8b?pypbt`?B^H zI@R^lLqBDI6Pw0k&=fGgoCeO>!>r=~I23-L@!+r%99r0z2N;iB#v}P1G&JoQ#-o$* z*arR&48iuN9KQFKg@+%#W#L^feD45ttfAccKybmr7azK1EBB?0i~3v0{ATXb{7{TJ zN6iN`7L&j8)#LT|11H~r=b%})E_orE?v77e_t6K^!BW{@H*JI2la)G-6dbExi(WUm zPVkiYTJw#i)G7Z;_NvB9xgbr{-Gq!Fhi9*KbtXLb;HDUQ(v2lfzx4!q*&biPY}>bX z+daW^>Ns}S(Hh6=JmVN*9F08o+wwTml^W_%Ze(ftcAdj7+e{oncU9?iJ4yzZ8J$@cc0g$U4kCb^I(pxcbd3f z%b7iK_-h6EGKxuRKv-4SZ2(R&rIc!q8Jqs?k4i4$^-sf|$uD`dIZf=EH6z&b_#)*m+Uwnwr?>5V24*+bUxSSh1s98Qtk4AN z`A@E08fw4uWW90+#UqWf>9Nat>i<5zL9XPly303DGG+vE%{20>x88#e=6)5p$;)BS zs{ncKX8(@LCl`}jS4+(P8_n!*s=D<~>#my7w?5z^=Pr?7zuHQ-+m~L324$N(LVgzdF29NW z2efCcMg1}8NVKZGyCs)$rIXk*tNvDO8sv`F{$Ipgqq~QD=e?GhFN@u#*k#p<7;-s= zj3^pdy&_h@HF7dGmtW*ZY(Bpw!7U}Ur9H!A>-_c}^wyA2G|wMedkwZ6bWnUb{BbF? zGZFq|d{+_cjG-g7N1sbK?i^+#eF?bqGqDHyxzwSbDw}?`kTc`%yJc*Y62(@n(4@<) zjys^Cnb7-sa&AT%8uHgB(_@w6uP%m$geNnPfo;9c)XRRU$WoUMUHY5E*qFWWDhF=p ztObV)p~FgWQNzFR^Dw`{5ATB6#QLnOL(!f7(05#Xz(1Oz`pgwP(&x-|r0{ z@KgdHRcDWnlGETLhF+1sBOj@fIP3D?bx!*&xeD79d$0nbx2F&zWgK#?iN*%SUf)<0 z$qUKGmz-;aMrwes26;i=#zt@6MiufxzRyF*3wzD46}}o++`3;*s+)M^MxB8HzhM6b zH;MiVp@l+d$-G16Uq?a#j2ynrh^^^ssY<~SmeK%yU>1)#`Z#XHf10``$ESVRr}E``48mUIoI2KAH5>{RI`tD z?#+J2206obn)?`uj9E|qmChb8dj*eUev&mmeHcfBQ_5-Iraa1(4YT*USB^|G<$gpt zGX~Clo%FqI%Afv|jb{wuL_BT-Ho4colI<`3DEn9RsF?rz$Uw#XiS3#_$y1AUMogwz z!yug_`ZIC^o*&TCX}9gfBvhAdJOfWsoI)@?=D?(Q-tUa9qS3c3(MnJ8rbmFq3$N^Q zdo2!o-LoEN^6e+PwcpLw8N@i8$9N27UYUNj#(`6`6&Vd(IQwcgX&vy_jqN->0xfDhXQ1!Y z_W<~pttnYh>e%D1uFT9iX7|yF?TH=?ex3V2*JqtK-v(RHuV){tH+wmQL&GoduxMDgvHaGAcv)e74ZgkF z(_Vv>*d*9K)5@?3*dM83>?f5^j`fiX?@O%}EH2J94zdj-H=m=8(EVFL=uWZ-clUKUK)fL0h6>HHIBal^#FJ%ubXI@M36C=NP_G5B}+&UD4GIdYOH#y6{q|Qd> zI8&(;zha{sD_>8YMo!){Ui%0b9haz+XEmqRxwq)efXUr{R&@fmw@z%*EhETNB<4_; zd#T^(S;Yj_Ap3KX{W-LuoE^1MtQa3j#e=RLUf;&+3Q zXWi$6HllBeGT;lxmb&I+N2b<|qdkAow_f?b>l@wW|CMLahxY&71J5M&LFd7mKE&-lY-hcVJ5S=(UoQV_ zF!Qfn@iv3+4B|3Vkz2PCKVfgX#+%@4?gLfi86(5H=NSh~o^eES(vdUD(^XDf6EfwS zx1FrtCK-fGjv

    86??g?*rc@hhzgrr?Q{@1^Y_B?A_(!YMVosqD}p|_}ZP6A0&L$^~d*Qyyb^hk*m^(F41+G@Ks|a;mgj;ZerY; z`Bu4bY`8crXr(ojpjV2~D`u@T^Rim29bhlX9M)NDtx&0>XBBr)JYQ|vXF+6yF9K&; zZzLTZzX~1V(Jy>AUc3XN4Q}!m<}X3dxb1I6&lIC)$X(`qk+g;u)?BsV`;wbjE7;sN zZ9StHVtV)-+DdL?wZ<4;Qe591W62_HvP2zbe3jdfJif(Fe9_S_pG8I~MtB~--#d#j z&pU%Lf6N{8GH1Ofx!UfS_oQF`Z{}ZbJ>SmvlFmK{WkJg`FHcl*Fi(B zy(IfX`D?Yn9Dxqp{>Y9|{^TO+UF_{EaWLg$l=3@+HXb;GzCQ2i>u$zS{CKp+jyLb- z4C_y`&P~i2Aa6ED?zK9O#EBmeqsV@+`q}IhfBQSErIgN!@!T3Nzjat>IC(I_v0{P= zT-P`;sqbMhwGJC<>P&vt&=`Ld}OUxT@LVq}+urWGd_LrcYy`<^7v3S?fv2e}oAGWXhf2PI3$J44lHHnHTg3jw zjmUY~CE6<#U%t-u@1M!%K#l&!G zPSz|V-@Eor$z5k`)b1?pD}B=1fL&GR+Ep{DUwH|dzf;}v-!4^dj)RL=s6(+iV=Fjg zshkEs`GzWg4!^D*5g+}HLt7PU+xau}#hF0`DFfTb5*s{ToWAcL|5UJHRf-k*B+uFx z)EwHomdWKO&hWDA;%eZDmNBmDQbX~0S~t3L`xN8d62|ltnk!B>ao*@khvuNI2xTXW z=D>Rl8Zb0B4w|a(ndV*zf`by?mz_#;b(5i$+k1vBN_oNM!uV~`9BoER9GZg`qEl>m z#4qwEqEnzb;1JCjKa%&&z}^$h#jqpd(7T}n56vz7HZ(_FqB)%zqIq){hUo3UbSpH+ zI5x4*uwo!R(j4C>XbzaV(H!?-@;6+XyAC<=XK9XhchlaP(A<;C4WWJELNq6sqw*s! z&^&i)D1+Qoe2hAGo!KJsMS%^YOS_UE)zlMvml!I%>K9$z25oD+u(_fh^ahn_^+BcW}#E!k*_fhrdGpvDHibH~QZr%ULsXvhbz{s;Im ztoDDG>=q^)p{#sJ#Xna`3HADMeA zoQ_=a%8EYhqZr8uc6{WC1xjQXd9l-(|2$9nsOx;#D&%gYl0272_$)kTag{NVOq z{^xM5KdS_fMLuk7?>fFzV_(abGCGDbZatUbBTCM>^)&KsG5Yp(^j{-mdW5`^cv*M- zm*6k@sJxRI(2Zo#=cr#gN;XFUhjQD#nJ7Y<^AMD7&+^d)fgsp zCiQ;?`a4Bu!Y@7P%!doWE&LN_9H&ERmQ`iacoo4kN$d2kFgbVDCwO^`e;zRW(rf2q#=0r++0 z*RyA$Gimo9XzxtqSDEs!99+0M)1@Wx&LW2wu5fsvm|rh1OkpoZ@j@Zx4E_84Mqg%D zXgzaUH+>m-92`T}CLihdX=a_fJ6?CQ_oQsn8RS7IKdMUejMkTkZxH7dP1N%3^4Kg{xm1o z$DJc`&g5~Pw?2$~W}aSqP1&+T< zJ=rwh>bR5l2A7oAUQWZ6CzjLwoSP{>JW;QC+bDjY@>`x(?3I2*q1)JeVo=nfIl;^l zJ8wd3xMuRq*nlPQDsq&$usZMDtYTXU-6I*GJPv*pqcAXxv0->~^@;jM&f_%tY_0`A z+GkqJPByxHw$)L@x`v{h&xg{OyUqrV_%oa-JQw)jyVz{T13ORpdj!6M;+ZcHOPb8w z<$&^`bL0Ff zr=^8_iWc@2IY>PX<#$f31H z3%=KRzrA;z@S6j^4;%tc@OqR)b| z)2l{@-U%Y(8FL@>mdn~iuf5X@Jlpi|C5zj6Ns(eS;DK&F=UkXLJzw%4=9@lO??305Zml9Ups^e+woze7ZHho%+oufW! zZb0YJ;cJDP$)!>LhP_V0J{$Q`+OOa|>_h&(4a?z`^D` zDu-8AIlLlVw{w<2?H@Wf-$gwa&$(;jR)<%%I=r&g;gzipuV~Ge#;23_xsBK}eV=T0A0DKQew@Oa8Ag8O$d7hV;JeU8x27IZWo2`zKjGgQ2 z&H}%s*ICBDoe|Wz={9~JGx$vnw?LO_r;Ya9yqC%Jch-&2GBmgwUKvY$W4C`HbfGV} zWf}ENhDJx1k4lW0#z=F93rwBTHU6+W?g{!~4YKyIEFf=jIk~6>#b9(#FSZ@?b~Pu6OuUR&Kht&}+FtnL@>>=@|DtKn zmyLd;z1w-FT+M3MZ?_@?#1nySzWh^g2K*h^?*+rGqdsyKwckZ^8S!m!_FBKkZyEY| z8)wtWMO8mkulhmUZCd6K&hB}~H?NxOR_f3ALice*uV0aVu_K?RD}Nvw6>XY>Gu#T=9^B+ zH$Mq{^}s>fvvN3-Zv?d7L;GgDJ?(FI+V7FR8LP(_tJf}Ge#_98)|>IJW(|8l^mS9I zW#=Sl@%5f*QD+e>{QUC$uf6d6hYLT?w=W*Dzhy4K?aR^!(JATHcyp!{b*6Jp=}K^7 za+8VQLjU;(BAj2#wQ@4d7+lSmzy~?>NpfMj{oR(|z5nPfzkA{N@9Ep^@MbgfjNbA% zfP*DZqE7jRk3DwF?eK)kt3Tqkh07l^ZOd+JX71Dby=1c5b)WS%u0!Z|0yn_g6OOYe zqk7!&apn1JN1mHAkD-w1iD?Is=d!!I;dLb8sD419q`GXivwRA+KdZE;9EnU)rjg7^>N@WC0;Wf zoN{i&4+XDcyX%0riE>&mUIomlz^wZw$z=n#?-aP#0=M$(<@*^Q+C7sTxL**=mvq4! znGNj%<*Gf!nhe3~;&?qUHv{8V_B7B~k)V};S=Ql2$~QCtzN6rJCi6>zH7NahC@(af^;d?@gP%t)r-dsWoQp=1;s3{;;J3Q)-sI4W z@E#qF{2(zqJ{k?}t@= zna2fBPxJg4o_C_R9{DoosG!@jx7a?ld|)$=j9nkVu21JIdw1Mg>G!jYn|LPMmubfB zHu~MleJix4=gs$G6Bp1o(cK7QABBgP-UgX zIoo|Vl;$v=Bk(Q85LZGLm-PDsXJUT#=yUA5?v7DUwAn~Lzbg+Cyfx;uV}qZ5W#~EZ z&>Iel?6KLHdon+?oC}M`16%nPe{pd_!wnDfcG! zVk_TtQa)14m^^OBdE?+E6&$R`27VeE*%cTSA|E0Ay+e-e?9i(Eo$a&b;y-%uAbJ?# zp#@i-i$5dtZQj%z0rK47Lh^jJ@Ntz#F3z|4vp2ao|1@|pe0aHSV}2QX(8WbFa6b)? zwE*`4ayTR#?*wj*o9t&jH@tNQ<9F4WjNgq{hOR#ioM!xhGXlO9`&%Rp1OdqbVKR&L<9cK)}^%VFq zKkw+zkB8^{!SHobzN9;e4Q#O>mF!b<3MOi+zzm5mvZ)Ge0H)!FR zvju0-Q$ zxpSqf$4{D|^VR#$UQu#XI$Ji9bhhF+dVkv-Yy|etoJ8zSIZBq!q~LnDD;qO*os$=J zyS{^;3@^?4_&Hv29Q-BNvs|Mb%Ws}yfA2W>yPQ6Eab9l&K9}&93)2EWOmjaTrmEw> zR6?y5VA>ZsFKB<|I53?pnDF&Hm2Rd=O#8v#Qpd%}?99C%405k|kb4^kxwm$Zdkur!yM2&* zw+wRc#zF3Vdyso82Dw+uJLxIpJUy?t&P+s+I}w27&p+;W7JmIB_-EVk&x+99 z!{PInsB!OKUy=RWi!Cw08jE!M0BbDO`pX(ifHfAKx3C8K-G=?8Gjg=Pb9M!OO#P|$ ziznr6>@EeLz+z30*lpA z9=|Tu9rP@~|G{v#1RT`3xC7@Mk-4XSEDkjGe<2t8myF#XqhHN94-(HPCqBP>(6JT{ zHr8hA?x~zzo;}uQa>nY>=ud2iM!!zX*Yf>y^0VChzq3WNnff1b*?agcs>z;$maG!3 zCr>~Jg`G9d!qe@2)I$tI*NSOuBj-l>+NrD1U)*cp9&0^C4LyR!W&hC zj`bMwIGpwAZ_LD2AQq%G9@+3I{0!wb7qc(;BkRjmZaxL;TZ$!2qOY^*OFVfB-zXLm z$B&%K?|IOk6SK@abhlZnv&OuHF9)rqb95DNSxanlJN}+(^jWM)4!CQJs?k@kIq|J6 z_OO=Fb8KMe%e3>T&N^_{Xo}o5nj&|NrpR5RQOz!`8_EAR=RC`QCEn5t9);H!?Y;ED zz)r1s#TJ3TD#-@tOea77F8T*zN{sRAj4LvXHU6ua8|*{#j=O$#9`9)1oEN`P&V^!B z@(D)pohNU;b-yn@g)I?Bt|*pa)?e_omtt?F@a0%@-dT=+Dqd9WKjBw$B?0U)?EKhi zCU3yhHBGm{cdCz@q#fBI#DHJ#hMy8wM@=4Dtcw2d7j*9AKY<%>O?w{r-v$3GHo6Sl z&f^RUUGJuEt!dL{`Yelw@ln+7`LsV+yIX13-%l&oIu}E5JN)d@5dHY~DwA)vu>o3u zrpq?Fw6NKwh0QK4Z1&NDcwslRFp+l5UTD72+V(EK(c1PdzKKCUyZEM+zxM&hHfVAe zxh@ppWSx0gmK=PTu@AM*tZx+a*I&hk^;h_H{yKc~7PuM=AHXzLK85HZTB2OH$@XW< zkmJm|&;wm<~`-T%w?QO z=34O$vkuFAEAK(Ml^*Xa*Y7tMr`KW)4Cy$}VrY_fK5i|xk^Zzkq;X59YEHB_S~(LX zqJskXVFa>lB;zMfb!D?73*#ebe6kYYe#ctb{Ws( zJU6t_=-l)F_UKr2@lW?=X!utKFB*+y1;|;62nXb>lz_v4ej`J>z(YAURlWXVQ>iwS zWQXh<<$-#5@qhm?@0#!VZm9Q-{jkT`zx@h6<%c6rPwyW{EQe>{_0;w7-AeF;PWEU} zHK|{O24e7dT>6k$dU7TBxn6n5d58Xr`RHa2D$woK$jA@CS1~nYqaPN`Oz^GVT>_1I z^}(9PvtJO~P-i&iRghnRUHC9L943z9_VLbVOq{X9#2L|%G3*rLjLp`M&avb9*iqy) zdbNJee*91JBaoAy!>;2QaDDcocU$yZJeA~nm}HqNZybJh>LzP{YMba=a>$G)aOgAG zyxutzacra{_D_N_aNgyt7-!>t!1${|j8$VK&nqoI%QNy*`b_-m!4>Cv9WbGLfSX(! zWMwz!;pVL`QSVstk6=divLBTAI|&378Y*{=Lz_syA-;( zoHaGcuVWMK3i%9M$f;nxS#p1+H(uv~{=TPi4|;A@+rK2Y zYGmCL{+d|}bK2IN#7A;Y>j=i`>f^gyoW(~*xgX`eQ{x_SmX^@v;!Jz(>=WY&eBh3>56oWoZ4>TzBOiHZ z{9x8hMnE+u%}adfc))y{CO>Vr~LL;EJZ~r3d_KpnWAASaxmBUqNA&ad z!^D>Veh+?7l0JLs^ALTO(`Oa%jE>4Ld?3c(wh{HOAAN!M_>E0s>cN>DXkrzXiB$v+ z9YBYcSnRFhe<~C<^?7UX5hO>yQu!{vuQjHP-^KX3*4APt&f?m6oh@#j0eHqnC`(KQ zc4$B4)(d^*9tZE}e4YU#^q&GZgVkGb;z^nF9_44pN`tf;6;(yVVo~n zc^h8h+1d{W7%%uo#+=Q!J;==c#NGclwp90QWPorq`pzf50o`@at|;p+4>&R*=IBXh zp2pgV$w9jx|199mo%Ja@Q68}0b?-^WC#T6a2=uK+=BwS;p8rz|#{C%KAP$Trz!(L- zd(*g}wto&j!2|J`5c5fW{~Ua70~fIw6=fQ4d}_4+pOFvf-;dC8w=2g_AA+8{k&$0= zWhDCz%l!P#*%M_Ee3f#mXk`qW)c?#c|F1RrI#WLZ`Yj8wM^?481Mq5)n4atiGk3@p zwd2@HCf>a-(pql+$LrZ~+k%dZ+WT*J~@cKJ%Db~`}O9mvsw1l?7i;67VE_pJAf^Aa6Wb}^VPjF+KK#- z|J<3{SW(s#9(VDjv;*HB*0~;QnENK?S$Vj__+QBX;pV?J2K_=#{;+gT{#)eaQ={-T z_MDf=#+JV~Pw_a{o_n6Q>ZPNLXV{AQet^Fm#n$xrFfkf>8tbhqIC_tq|917Ag071K zVY9zJ5D4!r4+IW{$dOh3*kRZWt&GO@-;^o-q zvtrUNe9hLe^X%Q&S{{4}XpbDC&gVs^mzLVn_a(Al&~wE_jK{(bMBXkqSG-dHdZm0e z>$A|aW9#~DO7(#p>#*?YYJ7bRNN-{Pd3~)mvVk)N=xYhM%I$0B3G}6NjXwLsOrBZ1 z3i&@D`F}aNHPVmct8Z;g-gJ~YG}9T*P{ zVbgpSy7lzsdU7}Y`mz`K6AwYJ1<>mV=yg7QUM{<9$G3IScEnKX|?Jt4|%N{OZ5+|GguXw_m!clDxIbW0m(;hJzc6 z@`8r~(ar#Tz`nRn$!5_Nwt}fGOkAp2aVca( zX9KjAK;~)xob+yx_^)JONcnrrUc8V$-uOvk1TO}RSWrKx?^)^Wy1_#`;gxA0_#)p6mVJedU-XZ`v6 zHL-vbq^X~7bmZKL(A0H4St$8?qVoANQ@=S|J|_#Ti^cQuMJlC7kI%Z7WvS z$au@cVKeS|;qYE>&(sUy@P>TwvUJ7LTNjf{n8c3V&-+#UeVAB!g0m({IPbe291%x( zrUE=Z|V<(}su-TYBGQL%~hLN*p7 zCkE5^eXhU!3g?P{I5OiedpHQw<}&DK9`rL0`k4p)Y`cB#rmfiJYiM&DdXKofIb%w5 z`Pa~2>}ui~$XMA%0|N#8FC=%2TG4fRJCOg_4&?Ed^A0vWd!RbyOUJKvcwRP@+HvsX z*oB<&c^kg_ZP;thni#fI;#td{fPI#PoY4FcP;na1ufEB&Cr)Uol8CwF`fUFWy2W4@i7-B9}-{PyzbSDX6|AKW6EC~P|P z7BGl5^1_xG%WjuOtH{4EXDoZr1@jq;_)zt6y2H*`mN6F5Xd^zKXf(;#^TFFT#-jeT z=8+2@Yk2m4`urm6sp|9PaQ?;v;)`JpUu-da;mCu_!UcN|A}>_?ZE{}0hQc$*GheZs zJ_`+B6k*SZFM8>(7g_Nr|8-V)oVH_W+2G8(vuD1rz0!=ouzi-n3H;CBi_C9_Z$4+9 z=eJKc_ww5>=I>|tFIdGphW|G>a=FSUbJP5vQ(rHHUALvsO4o{!TxES`48AnA2#BMK zUeTo|Dr3)u{&Hn(l`CVne2k2(a%Jom(HwfW1U*)Yd`+@G7y3)%hF0*{xT5x%T4c%x z_=fTcrEgnV<1{qq>Q2q6Y&QQrPtLw|zv#}Pul@Y?8cim=}U{B;MZVU4|mtd|=EZy(g9EYu=Oy_uq?7B^MIC zlwkfUnUhN9B$#Jiln4K6jQB@~txG>m&daJNPH2o(j_<5*jlc1><8OH1vgXq%f7bY# zGabLv(z)E$MB~S{p6&Bv>!%Ou$5Lmu6S;!#8@8jOFMKAo8}NLnY5W#leZ=PuI&#DZ zBmT!e>$@d(#UL?(EIH!I0{7cbGKcrBbLH;|$bx2{ERcNm=JUTJ531e$#}Vc2VT1qm zzh-oU^hYRK<3p7i<16C`uSrq_dd79mfT<15!9Qx?PX zjl_2E3KDM$mZi4izdvSmLMzytpSGW$&b(j6yg%lfcYeoDw=PU=tSpoJ+(f(6vU+2RLC+b7*t9|94^)PmSu2`=% zV&kR6*}ernyqt>RbFH$utlw$fRO>Gu9*`X!)*Sen^`$I4j0F$aYJNQQuwIqIe)qnG zFPp77CzES%NA|b)6v@ds-(q9+;)5O_);5uS|BBJ=4jz44w)7rsZ|RbJbV!&z#H#() z#V!=0}z_?l+e5#)x(COS+ka^)IlDh$-+?{H|9 z@z)0IZ%scc=mgm<;*vcP{%+yzA{joFt1~I|kSY-oK z86Q4d480uRf=x)im0D+tmIdI)IO~0~u}Y-R;rVjbGR=8p@O%!9 z@3WwP#|O#iZuqamD$Lf41B^pwOBvnGZ|Jb2GBpw#9y-(-a?bc3KY{Um52@UYMN@+o%B;PydtCF_gChxgUy*m!2Xu!pfznw8`G zDa{u$FDusT+QEa^D*LR~z~Da5d1nq~Z)RZeY!%ne{UkVE`U!AM5GieMzJi?f^LH

    mlJ=#8h%4QP6}HW9+-`uM|SBQ2R|3t|9U?7K{qBA`RIAJ8w)RYV&MVg zw?7u1nyGlIE5j8F=Q>KxP7Zx{SgeT~`i3{VSQm5c+GcB9cHDmezhz(`=+HO6&6>*t zpRp6@wIy0}K|iJWx6!iSD?JYXx_x~T+~<7)+&`Q{-$UAm$5|iDwGUt0n{6M)*Esz4 zN$f+9-~K1yc{~T6fBt`f=U~o$lpfLGd~8j0=TK{#Mt`%vWU^>8$H&0V?ZmFY)~s-B zO=PibO_Ouru3fHmZ8q7Nvgu?~$<|D<{@G;gs&G07{{S>z5GdF_O+ScGmv^yipl4>nHoH)X7FZW!YG=laM!#jpfk2*Umv;)mm&EIArgYyLRRp z>_DxzdiI}ZC(F(}8$0tY_6#^R(C)lX>#b9;Gg)u#>_yLbYp&Q-oy&C2J$gsBW>|HY z+_h8AoZ!rhz@bvvWY}K$*k!pkS?=2D73AjR@bf-aWwQJ@A1)4C56v?5Z~VBxkITqL zPfnwMB?}Z2?}op;CFu;3E8Yg+4%InK}Q_6MwNY{er10hWNe?*{yNrl z;yTc)r)cuI(P@79TrB(g=JA~I7=2=6F?kNqR2)21%C@}XEOO)SeBzFcPX4y?AM%jB z+iv}oy_L9r4BCo=5A*Kr&bv4AZZ$c-iWeI>&AY|CYkt@Je&6o=_RC}0b1yNjto%e` ztp0pt(QkmN`GJWK{Guj=)&(=c3jd7xVrr z#6*it-j8XQ98jlSFV3lNJ$d_zncqyjC-x-v^!3(lwVYv8i@#9=ZztX)PHyV*e%fv) zZbD4m)Vth$yd2agsnO%$m2r`4;Nm+fypEe?;%5FFyKx>~UH%eYh0`y&I323K{CZ=b zW$bnQ5tE~s!u};^px;?{2)2Ly#sO;Ssa9Q}J!)*Lk+x*>cc_u9oS*<>(mEmjDC?%w zegWsQz0r01v>ti;x$NN}e#jbNf4=X`MN{W4z2Aeq6ZG*J@_90KHS*fkW|+Mq#nk6f zO%eS@e(m#oN_gX*v2j(K5ud=N8|g#d%{!LFu0H{=EFx5_%P=zr}4_XAv=CU zTYkMX6fSl*y0R_@7lY*oPJti&_C0IN{SDV;pV5`o54hfu)4tA^@%U+nkw2O9ozz~d zMGOUfsT>}yKWQ(RaO>gvXEzK&o9K*}scRV&T|%E)|M$)SPw&O@+vy%n0AE86eE;Et zPqM@>&*R8C&8Y{=-wy^0xc@Qp<(Iv=I9Zz0XUerR6^qnA4?oWNWEp>6{mTy&ZiJ&R zaTfIP`uSo`KmPOX|6k5yh?)4{1p61%RFRz2ek=VourxY*-sCq&n2WgZl?>Q*ULFqk zF}3lTYw~5YYD;_a3G0C&2C9b_W9v`Fc_jxrc zKkht+B>4}UvFkqWJO+QiLHbi|X-{5Ydv-2EUgVy~@Tzhv;34hP^J+``=TbQZn~^7y zQIGSt$hW@yv(=9L$UToi_RzJ4zcci!IF3idF=VA^Lv*9_V>GVsu|HS&fwio^nLVq} ziuN(dM%P{@?ZfTmJyR3aD*yG6w2!QpoZsNWhW(Y6^Wtv{x|CjbxGlqP*P8Y4jD9q- z1o|u29!PSJCKU!YHj}HIzuGxlY5dyg(b;RQqea1dQ}yob3^TexEUm%w*Qf+yL}t!H8XS|zLzoeCaCwQpvB3%Pqd z2UpCU*RJyR76Y$zvQ6JxnDdb8)rZJEX$<)KvK*M{E4%H0y^gjGZuhu$8@Si{dOmaS z$iDpckom3q`R!KvKDn{bl1CqLpPZeXGZ$NYGS8ED&i;#xJ_v(L?fEWeuhweDb2j+D z>!kdR^|xMgG|qjUd9(zbG!Hzl1-GkjU3PR2_b&}W_te*lQRCVfhh=O)Mw1=(-z*8 z4<{WFueI3g7CQ88cu~(}kLsCpND}(;=3f4@c+j24V%LlXIlKa)*;4ySvmoV?bdnSLc=kMkGy@|ilCAaVwd9S*03EG&8Ju5tV`;*n4_SboMk8|At z&L`?U$vD0dJ)fE*EAqv|RUy`ILp~l37#=n<`)bBt4z6Zr=G4dvzIgz9Bz869nGFug zGqOUl#Z)cv4d%LmdG=(;Hdjxq_Uuz5d&BLO%ypE!4=ct#Ib`xnzkZK%YTUVCj7i#Z z^hTcHH_^h93CflJg1wn@#QbtWd{E-!vGN>#F#5yTn;HG#=?>8~F`l7qA6Nbl_qFfY z`3LDo@`eLD&G`oh&lbOBpBI$swff_4GJpG_t$V@gM(ld!;MJ2O%z3G;#GnT1PTP@q z6B@f;@A0<<|HqsqbDLv=yf^u`~Fo2U;?DC(!i)XkF`;qoG^>yZA5ZYt@E5 z0N)(gLc80e{p-h4t8kI?9ebh1Tnc@clMDAY`&;%h2aBm;crLXHMqEp+{y^}CZ{df3 zG0(D9yU)qb8it-5-rjH>@@O%%bv?8TZwOC4&~WcftmUqxFL>|}czz3c9=i+NLgOp% zh~8iKmq1@TeJw$rdN6OicIB+gj}^?+9<+mvtUGf)#9PRn9%xznjCyI~E%-=vXj4~# zgDZ(!)>-|50CSUvUBVi7E&gpavgDTUI(0I>1ibPKW6PEIc{(ihDX|s*$L&ah;}kef z{*?BfgpNj%<35X8d_cfZWDz0g!`o-I1~itxdh;nAIW z)0M-?9!}(skt@hQPp-u4oLVN>r05{_A9DTR*^XQh9h$oHw4-k);ajU-$s_PR{&|O2 zb9y_neICAb@A7E>Ss-C@UE>mZNdzIwLs1~PkCB5&Gz+h^B(x38AS>JchcE~&Q z_PYZMr}J)vcq_4ly|v^P)tZ_CAyfYXT~t=**1xD@Pk$HmQ0LaasJoE;`CLm^$@Yl9 zJFv5qcET%aXQ^fewI&vB=9^;ub?aZKW=1RDJj4VfSCO;GdWH6F^;`}dLQ!Lz2}M>c{cqG0dx&grk4aW&ulDP|O73Vm@g|)ktU4%{KtHNGIbh|lY(;)-vsOK^Z9?>o{Z`(}3g&M! zHsEJ~Zw+*lr#dgtjo#bU0sZJN^b`2Yz``}0WhWam#=8fx)AM9Q`~=35l~?S>AYNijb@&8-1rFzPZpZ;@ zUKA3;KZv|8T4voa*}m(+N4Y;NFJR7C7~X*F1hx(9n1pWapOa2K#YBO1-Yp_c=G z0d(NR*7Dkml;Z}jPB(wU?W2dF5$WYQgV4t+`mx-99(}9_e*a!w>-OmVMaKet{{r4B z!DS8n5~(k=Bh;c2A4^{qTTxeMIX1cI^)NY7hF(WFvEd2oe?)y}Zoa`VYW#mVGP6H5 z29GF4BwJQ^*17V_PU0+GD|o|}iH#3df@jv`4_$$bkPoN%)i-hEK@yqm$V#{N0&?K> ziO4tjO0^K>vkTrlw{1g{?tV?=8MbRdyZrHcpcn0T)c)0LsIy>dkVmF>K@n7sJ} z{q|6Q!IQ%}lgR5^@^$*8cUva&u3`mV|J}%m9_lRQub4DT@gZb2ZRMLf%$aubv)Va} zcFy*-qc*m)#!^5V%YZFKJvI4jlHuDgdoMj!={@!RFOoax3c(~kykLeKLv+XO#j!*q zPu`i4AwTlbhDfBAy@j>WLK6>Pg1l8*et%on!focBbFI15y&(EEz<2W3bRD>rHg0C! z8UIDsOVGoWvC(z~??q*gc8zxIpB(ypg}KR%S4w_WaK@YdN?u8B)vH#KHOtPQ{KuBV z$f@zcdabE+c(sax*xupiLxZ06W@OlC+A(+=)$X90<9&(S?8U0MHE|7&Aq(#1kW!e#ws2)u&i?9 zxbRAhXD2Ji23e7SPfQ#a*_XWKBXL|~gWg$+jJTfXH)Z0uUSC&F0naN3hbPYag2Q`v zqKWxN`{UQUaa`FOS3B?=)U&BPyBZq}I26Z?!P9!)1MCkYBeoz*vd+~-2PA6wZ|vec zSB6frE5UOTJ}p95tSCiSlw18C4Dpq~RO`s+AI~9Q zUy6?xA4v0rcwIc0psnboE)Vj1HG69H-59=$^Ih>3(f+>~>bom^-&H%`<$K?K8GqCF zU4;IO45yFcFFW5Uj#EQF+N(r+{EZJ%}40K_*D)cjTIlEgW^~D_{e=eBp+45LyJGkN8c@nk7!GL z^eA~KTFXh(^K!<#7(S}PSE3$`SqB}AkN7^#N5GWDM_g|P#~vS%EB*0&M8ChFKbMc1 zkH<&rG=KCjT)2Fce&6sBZ5cjV=;NbS=AQev@vV=K%)WBb?C0S}$?d;_rX&j%@mJTE zxz|_o7ycl|G|fiecSzq~^8DcXe&OwWTL63`z~xBdiN4x`GJ!(uTavx|E$r|(zJb=h z+V~xy{_J98Q~c$@>$17#Q_lLMFTRZ)iIBSznK;a@B-bOj?4xVHvJKC3;nTUjYSZ%< zuEh@a+hZ2($qtl0zvZpL+d9K-D>q)Q_~0wX|H!~6TTX2*rL8!&q9r@hZQpNK)hb^D zo3V!Ho_*?n?%BDXeRXtIHojwn+E-3}Tc?IjroOHCHjdscrLPk7(9$Z-H!hy0{CK0s z728OyBsT~>8i(JcE0<#DXbsHq<3jC+50PI0pDNBYFfg3h(uf`8;_!a7|0`$yv85Ke zQCuo1ors;L9BRpyFZ!Rsr!jP1j5w23eU{w@UJ_d*ubf<+##z9CzKbKL70*}-9+g)u z7y_De_VTS=I?z&4z+McV_wu|~{EwVVjs%}ypJpqjrM1+aY4i_`OAoA>2JYa0#cqpO zH?))!MO$&&{>8PKan&2z|C~LEeCF7d#NDQ%>yZlu>_79)zgvfl_vcL*ojN<({}A~c z#b&P(c`C@21mjOK{^zMdl#@4M_!!(9TQh#8=)>y20RAv-alM|l&et_#q(&9?)kooO z9t7_9OM!bn_+aco;0^+JR=$Vq1uve?Z}s;bKirpR;C|ra;GXZmE!}9~=6VrrIr_#~ zfA?ru{CKI4ezWR%491V-n@3)am>NpMneSY_PV*GC0q|2o)cQ1i*7# z@J=kVHIK$ms;8!kOM8CUy>IW~+X{SQecPsQPdfc$zZEVu?mvCskpnLb!v7}!&&12l zOz*WaJiRAS7BakaC%nX&kfzV!_LH^n5@!P?;Nz-d)&n@BY4vvpTDA>Z?Xx zE3RQ;utkh>EWC?+tI+pfzR+I6UdjiL9cfXHplos3IWcU%P{^8@+*46jOI?ieIaXhU zb?7j-fA(?CySwKnM`oY=uSaHI@n1(aTby@?e@w1S=cfN!!+DU8-^jg{ZRpbQxae); ze|q-Q)&-rCFYt{1g_dq|j)#utv7=z?VMEmSm zPcn1sf2aQV?|AcnGV>n+cbb22Nn4*Ddj3B_`-b1x-y=G?&ZQG%QQ2+Kil_ga_2Q4N zXK9`l4^^ybl1K9)ckLb8^RJ_S)oa_;{RdB={Up5PwNI|j(CcQv{`n!=?_*86JUHsm zWec=kR*-dGIOpV*b&m-2$KGeY2Y~m_R)4A>&_7Uj`VPtbeBw6+#BX}>-F3YJ9atD2 zZRZD~{qvd6UUaeUC$UeA|H0V-k@^d5BSSg&yV@%Mbrrl{YZbEI9Xb@1Ed#FNE$}?` zaZBbP>+vxL>c;ID*o*A7wB|@1xIMt~GB9C-C%8{Ou$@2`$4WzX)w9@E#D^F^IJ8w@=x>0y-N3*Z=-e}zK6uYU$NY+R>jE}=tNP>b^UZJEKHlVSEq$QB zh+Wy|x_z_}uTJn@Gzu@wjrKoB-d01mtJm_$*UCEpEfe*1aFD(N<7ayd*bBE#Uf%nQh z{)4kGp3J%tuoxZQaj~7EUT61abT~Sy7nyPZ{Vu-K8Op!-%)2dWL-Bp(=X@GCbzMq( z6KQWVXSD9dCR>VrU3Fmnf;V5;VPr}~_c#OY*%j-IOld>!)N&qN-IoKV4tpsuEk#D8 zpbyXX*~9N7Frsa812ytLf4vZk* zb~p8SB?khW0~V>z&yoWkzW;iNezeY>+T_VI@(2DLh4!QU|1ggAVdhiUF|K9X&H`RT z-`oom%WIJjS`Taq~hq(R{IXT{YDZ$41zTW#9 zOVEuI1QjFTy3+T)(Y1_2x;C~Ey2Cb2Y(Y;#4@;rfWzg-wzV7i%_{tw)Sf)r zbZS1L;|^E8P;RfvX>;{C)>E+-ViCxnFfop~{Pk?uo0$vsV`z&x^y0{hQHZzlTszR% zZd|`jo%sc}ItxG#LJ8OK%!4&vyz@F$bwI3$fjJdfIe@t)(slC(2 zT3ZGBjofj3$?3Lao93jNZ?HYmzT5pZ11$}l7o)WcAp7yFI+#8gO>{JFM!^p&xDs^jghenFPe*L z6UQe3+-jLrXe2h4wO_tz1xJ^#cJUJHt$Uzf z6QAMz6z|{kKE8_ke(UM9S5VPkOkB)+M><^ZUF&~uH1D~ziZ9tw$@;$ht>4DpOVj7> zQyqMDAv4Y-UiKh=qtJlmjwwE(qF?i*^{5bWfm(QOG4f5aBL!^eI+N#BgG`mLwtnmT zX*iLEhDOzf|9jKdtn9w@4r_D$s-CkRTKGHksde(r*hAN1550hY)zmu7#G_0sM?5c`4j=qvSGNBz+)2(ESX`gn zn@7QPzHi=i7J%jcOV5|dugYXhgdcJ2S2K<6oEv0-BHV#Es{yyyw}5fzu-MTT!X=_v35XXlEEH)!u1>9%kW5U zy)h5pubBN_8Glpx_vO@y9wEQqsxNCImt^yGfg2j|@fDxb^Ag5bS*=>l(I>t~j++%e z`g8(VH4g{m|BrX@Z{{rQoIw+t%zBL8r5=d)?xon@;#bb?re0*2GnLkEP`t8~ycp?l z;pQ9Z@w>h*&lMAJa5D5g|8wDI1^Ch5YX-s7dLN#24wOjJ!_Rt?Pm+V5V$Nd(_7J=` ze*K2mHw|w;^5;n}9eFda=SUqflNkI{&O6c-Sn zK~s-5v;H7?TRx7tL|zG}o(wo%-<8Vi;hPQ66SCy+HfxN%4f*^CIbo{xzP+9rluNA} zx|`QLXwFOGelPcb$$g!fly9$nQ12=4ZI_k5vYwo1XQ4o=rNyB0czr(a7^i?xaT z%cgMMeF18i$|m}kdGELEQ5*uBPjjw$ya=8&yzQPZ^|L$v)Us9i@E$F@IMTbv8`sA@ z_s?~!i)XE8;V?S+*&$~=#o3cHCLL3auS9m=gsfUle33CI7t=3WwbyLL6ff@$Jy9F5 zs~OXL@X-rC*h`P!sJ%qam{s#}Yvubbz02_lpr78W&_}FIB*BNy95A%ayhNCn^JzDB zCGrnBDS2%C4`{6ozS~GVS8FfgVSM$&I@9OKr?E}1w)%VFL9J!=8uS7arF>d2uo-~}=LQbsv zgTEPQDaZFuQeUdZYIv{~f30>xhHrKBw%skPzp;_{k@gGCjJ>B497x>*Ws_{YP`fVN6g!@?k`so@o^C!69My`0Y zu4kVY4MU@G=KpKOz&t}V3!O3NR6#cT80%=Wc2xa?!gJH8h6jxgD<2A8bLc5(Y+dm{ zm)RFlY|mu84Vk!lN92X^UOcTMlDj73+GPIkC-Z&8{T@1E?CH4tkl#y&h<=-IcI5Qe zeDvBEa`N5QpF_Mll)axyakKCh#wXY*875ghADo5B`$!>Q@{keQ%eS9A@ZHS&cIIvT zTk99B+R%REfHi(4^tf<8XGsU3Kc3w-zJ0?2-EYvloHa2(T(g>I`_bzS*bgq&JK3Bk98*i}L!APvfH?dInsYMt?XhW>PaDSc>v zRtw%iW=<2x zr>I-!K<7VJoC&^oPkX*3AIv_B#qbmIYBApwA~TbG6Gt~Jvx0lOseO0}dn{fgM|={t zu-BI6RQY#`dAD-bklIVo&OGEqH*HZ9w!fSC+lCwwJ*}0@UxXY(zU+bSll=Z2xe{Ic zj)BiOvL~?|xWIFm@i1>s$u=Af-s*|V#j23A#G9nc7BW}TQ}HUknH=pO^Zs9q>{`rR zMv((*rxH1!wvt!#jpQJGc(j$I?JCW;oM(taAvYbrgjVY3e~JqMC6 zJfFhco&t>Mw|$;|1NMtT&`p!ZW^{L6`)0-}omr=QeAml&ADMIXOM1@HGmXq`y1%Q4 zw`wopl{s^cO#Qeyf8h+~ocFTk{7S~|%{eytCz^BQY^gWrwDU>k{BPVj_i#Vk#gS;~ z0(i^Y^E!>+lDD4Bth&jOnNN{BB!8$c6g2C5!_Jbt3}>zH1;5N175mU?S;v<>S%)uJ zPhOYtnePIB@Gg37r{t(;O!1Y?A7<(_n0+tcM)?2}^I6wHUg+Et$*RvDC07U8BG}@* z^Uf^;ExSYbF7RmbF6b6{kRl%QnD*1<$S*ywMnO4myvyefeU)d`fYXdm< zXt_{yjO@&kUE`r6?EG$Ie_D3I>z=%k>^e81V3t1=`AlY>e^&OLZ6Q6&A zvJ07Y1LqK_y#(zTI;O3`WLIjwVguNX;62Ij$H*x$<6^$OaV6l3B(ilMb#x@JKI!;= zH*S#exiU`U`z5~gCmmmzH$K`q-uU8-sed}Cfoqg!gPf5p_tTok)1QORz27tW?eVu_o3e|(c%#GP@~aByTfVdYdGU{HkyHMB zyg0Nac|8$+({I_g@@WIn*4N*MpA9U`hv-A^dGnO1B-S=mYq*>B zeMiPkKrVVdZ(jQ`a(&ZtB;Aax(L7!7{Q)BnWZ&r=dD$d7Q(pUpQsjj@H0Z?TmXX7; zt$wu0>)J|Ro=lVu@V}>Pzb~DUn@&5P+?;&o;Br&%8@+<;ti_K|-huk^_mN9Gcjw@K ztB-d4^gjiAE^Gf9K5W@<-I#Zy6KnVMVb|!y4-%RgajQ{25iLV{XzODu5wZtK6n4cvs&i(IuuwLQ9 z>YQcm@O$4LH=gntjrr6}Jf#sHuhaVPNz^x>#=%Wo*OFIY)>6;0cax`O@n zgR94f60J%fDi6lUH-2lM?uYpIUHJD7?F~!Qp3xz+sc+PWa%$7Q>K-Td5od1X>kP z9BTKsJ^E(q64P!4_PZzZ*I>6Vqur>d_n_r>XvhEEzXOw5kAT<9@i95ud*Sb=yl2{q z;sc;lo{EKz{(PX0Jm9(!JF2w?{`Dz#1+{a(H1dxvmG~wmj{F7khIb zAU-ma*iU4TIWA|8?e z8~uJbrnNe&{eJM=25-izsE^_9cS>m8sc<}X80(&R(kBxuh_g>(&7Ju&wK_KwdvC*5 z*vj>r@7(kHv&(*bWcGEh9vT1m+ebFDCa@bh;I%0qiky*sm7_juZy_%DkF>j+bx2}@ z9f}FQLw=BKwK%dN0BsQKKOA{`reh=KeCxH@j82LZ`_ucJ$<>b?+~Kd$o5a=vM}`;W z6Y2VD#%sxEw#w`{cu3Sm`@c_4L=2rg)Z9AuvLkODx#IB766RcMX0^<_>`#yOqN2Sy z7n!pZe|n0cy^bu}!)}R}avqNVS%&tS2cx~nacIxi?_rPTZGYQ2G{3?B>|^>3omjse z)~n=~5U0Ay-?rB;_HVq1IsyJ?AJcDlWN2RV^qOqB-&~)uC+`0Lu-~Jv%E|A1@dAG-Ua>~(BEWc5U1OVsD>7ynwrtOwfg>k@xpt(tok(EXL4LuL^N&eHwx zMdZA*?QgO#a0>jX9N{Fq5Olwh9IeoIv{^b1U5A`j%sUQE$F>CQFY%phPpxBr8$BUe zpt`xnCUWJK)`%DOIcsK;dv)6HB7MMbi(HONr|Jx(z+UtNXWgvcAU{Rt+(^bK&L-Yb zZ5!$1IPi&A2L?v6EHR4zr}Ce=FO0K_d`-Rc+R4~0@OGr0b8pe3G4!dy1G$|4;(vA* z&o;Wx81EkcvwL}VKmXM?aQ;61j5;1I+~36iKl1E-)^e1O79M6dLW8NKYAD@la^K#V z`lpuNrPfo2+1r^QC$8wuhDVEnK@(#+47@?@f#q4I)>zQg4obWXZ;xW`b|EWASv!$a z`z&JKd&mVd>lxfn>``nV-e)dke`%h)x@=zkj0$9ZmDZem`dqTU+UWD>6Ut*(Y(IfL z5TC(#%zR0whT03?JEA(NubUV@Jd{9>??KOd?-*HB<>ccshfkGY3s%;1e(^5aLl#z& zBb?Y{^?#K<0#^Nf%K0redv&MUHscsfc9x)vO)P#9xbe$Qt_yF)jzRZhcix9AXZ}Yp z?v9iR<%>6j}RkWQ<2JNfI zz|Y8yF7wSSdpU3>cpgN?EB>EkT+00<-qP8KUQ1q;k@5O1Isbpiw-^|}W*azVN08jG zN@~X@t_QZ8hJtOf-6q&>aba7U;cHzKJu=3f0sG z{%+u(1pI0J@4}D%Ps5MiH}G$D;n%g`-wOQND-k2E-^IFB3OJhJ_chId*LK|<=$pd* z&C^4DF~+{RE8N%0UmtICUN~#E@b<5$t+g9nJs1yo?>~?2;N=wV(fjfd8IOmLZ;S*N zw2{R>j2#|v{3n;E2J6HBjsN#x?;h{osp2I!?&$aLOTUxRXY!91`*fP;U+p+WzDlMZ zqx=xX`k+PDvjfh0wy7r+HuZ$UcT8FIpWoPqk1sK`s>yc+U3?0YD2aedv!8AfeZ^OM`mZl_z?GC=eMdR_cZW68Cl|c zCOXSQhD5I=9~oayF%|i;qk!Q9=BY9ir9J1nbdJ{^$1gTGALO?c<&0Zb2Wy>gseH(( zz=cdrw<+Dl7}aKM2JK^mDKDqe%>jFx9Dzglu}zG>+vMid-MD508o=F8#~E&NZ}ijaxHEc--&ealebl{VpC=d)%{Wu)WbIXSKI|JDUy~ zeE#)8cq2DHrI-}+OrEOrP^QjMy_X~B#+b7D8SV77Hm5JGb9ejtn_}oKv%YO)3;I8a zoR;2772#K43#;E&;TBj#+i~n1OSQUL`(D2Yxx!p%E!(sC50f7%x{2VU1(5F*THpL` zfn)PSGYRHMd!UeShqdni0JWpzK6~HjICKH>)X@ddjA!pB`7K?rhJ!ekYX*Vumx2!(B2Jj`N#=$e_(VH7@Le|qe3ihr8eJt?gU>Sl2-h=! zF9CeUZUR2p$<^RcXXVDOCMT<%*5locpEks`-#r8tH5K^1@*7r%zCZi&yd5bS$#s& zZ&R}_R=}7>0P9F{0--U>_s^`iG&<`o*G|!Xs_gZa7&c#GGxLGn*A4BZwnKwkz=!m; z%iF)|`AbU!>m-V^c4Ld@VQ+5ZZ}(>6hv=J^(S0vro2(^X&;u<^#-8qlwzMW!&AsFn zVui>L{apdS7yUExkywN1MgM;ZPoEaRX5;-h@5ny(e#feStri$pF`uHhP0n1(?ubK+ z*i8E>;RT&<(CYfyZ>lEhu0UC=miDTm{Tro!7xO+cUHuV@IBXF!lVAJ{u_M_i@vAdD zR3sX0)ceHOy0S7Rr&?RZ#}+E>3{sGVr0lvT-h94!nGT<>UkW`O$Uhe1PR{J^*&>!u{kE)DTCg zg-^!sShryIx<_xU!*1A(ZROz|Inp6HBAN2NY&@`b^f~)K$AE`Aa8FK+Y{g2^=0g)~ z@tc2)jC-GCNdse*{p7PN&7LB`VC>2|N0t~`;J0MSrHs|sT$*3`In1y4Q~W9%wC1zN zl(8>m?26mfDHnnmb)!3Wjj4fgHZpeY@rv-fO0mmUr*>i-8c09`XMdAe*CODC&ttUz zojmJ-5`0IkWh?jOMe-oGt@x~yTMJy;i*|6N)jXx)H2W=LHuC@Cik}=CX>Hi@sv&?lcGLxAmPPEoxKn7$5Oj&V15u^snNQbN&;b`PquH zk`Q}--F9VXD1NH7JNY7|v|Vdi?ZOK;C-g4x2K=yW^Jp>H3z>wm7^($O| zhdpP;f4QFdk<51QuQ2yB`uHfeoSv4Pg)%qmC5Aa569d)fQ(%S(kr z`jSs+=8{=QlF<-j&%hH#r&@ z$08fYGZ#MFQexP%FJ+78*7w)iNVNL{%zqKQ${cHN&@gzh zdop@}TABN4rv~{Vx@f>ZVQgi(*M+ZkwsKFYDc1lVyqJpURP-oYRW^a<$IuCEzboHsxal!Vt$m{aY zyKsBD54S&Yaq8i7J!8tX7x8cV4G+8dtZnQsF!nlQ&{$r)=vd1O^0VA)$L@C4e*C`& zd+zCd!S#o4W#}*WJR76$tDNgv8?9e8F6XO7DEG1tcyuhaD_$HuRFc3|MC81kg&DyN+kx}h6Axju08;)HZ4?T0u6 zTyjP-LGolwEwtn5Lu6vAE=r8UsVky5Mhcm%c-xK4m(kJa`q-ABX+!Hh;{AGHRgQ_F zlPl%dAmiW}<>08cD(jBO+{xyh-&3Qg0lCr*zPCYhy9%woL--&u`mM$m5o{V;oIV8O zW&GAN-PimZ{R~dFfs+@(iF~Ra^u^0o_cOitEZXCkz6Wk}?`0P^z1Go-;{%+h1YA1n z{p5dSOtc*zh?d2}&@JPa?DNYz$)Xt=J2KgfPiH3+Z~E{wavK;!UNJb%u^CdABQscc z5PpJMbKv@W))TD_;Yr?X8cLU1WlgJSSK^q0qrwqzr@Sn(%WY~fXxxnJ$IkEu8B!6e2I9>er%8m zeosQ4KY~5;Ft+j*?BlJ)qKW+WaoF?7xQjL4Z3q9-5~~8Y$Ubs;nfEDnJ@c;hr+{O3 zHv89JQdP{W-&W-MD7gz;C!z0&M%_<3HhWtX*ya-Z zwC-G^{ zJM(zQ(g=IJG$bZmUt#m{ix8OU}gC9%3E@i$@#Y_=F#7m^*t! z+<8!J;8TLH9Qe?|9(?be3ay|U2c?zr9Qe5Ywhun#M135s_;t>LYco1$nyU*v`=YPP z@h=aK7e8hDmvQi$+(cZvQL$~#2G+R-to=&|`DJZBvSu6dwj0^x$y&*2bDbk+wTE17 zrZ!vs+ogM2zzhB4>Yl%=0p@$5yZfQ77Up6Tw6htWt{b@{kNO(h$bAxh$j9m4!}s5dBf&KRsbczhZ|KNG7 z1ldu2o-NblHBs8v`8BxALAHj2qabnBN%t!avAxo}6x5!3PPEilKNVSxEk!QQOr#=Or;1taA z0k#=93)>$C&NkqD6gYPP=YR{RY*ytp%XU|uwd~gJtC=_W^59imUm5McQgAK;PGHg8 zt5$sv@M_Kvz^@0d0)D}YoZkYhg}}O>^9s%bR_$f&=3IrI&@gjGzyV;rm3s>w!xsnV z!nKEYM_;>sWC8Guu(JFW*@{b7Wcb#v4^N{_kAE}gUu5SGmr`Xbyipd!LQWdZhd@r9R!TVZ^XjP3X@cTSG zHc|Xi<=`3n1G<)d7;axkJ>81o@FeZXcHG7of69KE-Rzsm+ONQK<>VkI#^~ME)lP25 z1oEAX@xbo1~@_mBEvTfmO zp5@VYFe*Obns)+R%YM@Pz0ix|WRK$8Dt;zEN@vVkr}EzE_|j)UYtZ&L(H*_qkCQ8t zAXny>z)-mRvo>eYcCG-17;B8^tuYDcTr_y#yVL`r{Z{PVBJ8Ys>0WRuJQv51*WmU8 z_{-ya$4_y6DtMtr@#WjkF#D$jv-C>c_;*__$wxQQezDn~HqHLY~!^!**}=P33^6;O2?$2?Ig6W+U-5aIN4E(mBd#vPsrebfkM_+hw*>-4&rOgmG$Fo z@kOGPJ>c+)iRE0y_sE(a$sPI1r9u1cXYt3GAH{|g2a{}=i##!MdAV{D!iP%a+tVL* z1NPuV`==*opVgu7=N(w}Mh|m-HfM268pD|#$k<1q;g_Hvo!RjcH2f0u)59D;0u4)^ zJpv6YXYFBV*rVBn(9^@vu;lYs_-*8zV1@Uz{%+_e6ms(2k)a;EabOk99=sl`O~5Mr z2v_O&z%-K&ZR=bl!Cmgcyvql#?DgfqyNfgFWJd@_$?o%9_|D~T99(tNulyOwV4WGW z2ituj@wHz5AB5iyhKB7eJh#DLv^^Ty91C5I zXHJW_Mz;Uvn!$NW@vWXBY=4)xEdF`%kZVnRE2BRu$MRl*Q&WQYuNgb>zJ)c6SM^*J z14^Hn*68S!^*;Cn#}8aM{O6SyRp<9zr?rEQaNpY__u$!gd8Q->%T&Ul%K%Y-y=o!#azuc}^_+EM)N=Pv{yv_5B!l ziym^@;Trw3uuJdVI-U3G%zLKYhbG!JZo5SjLw#+Mp~Q}@xo4R3nA7cFp}Oa8`?ErQ z+Amqe`uuh3=RD^-*3J%FSDa(co_4=GY)uHJ;V!z+d5_qAv-L~P#&-MVy2Bbb$BvJT zI`Bu`cIWuse-0f=tY7W&{yyv2Sm3$cd4FBV!54UKn@GNsp3f0JoabgdcLP7`b_PFD z<^f(QBCo)VT9``q_|Gr~S2o*%YSCFyxG z@L3n7zc2c7zB7(X8JFf`ZoW4T;86`(AKq>+PUEHM3gZzVpNf*YQ_$wKTu4 zTH{#Zw9_R#PtOPL^f)+Mjq{&fdI8=J>+MhT+@;T(U3kCid|xbjJA77}Ux2IGx*gkv zwIPG=Ths4#STCGpH@Nf8cl)g8CYroW^WFo%hYT!ga@((WzN^;w|Ls&eKH8x#OXD6l zEsdX|b@|Tx^L-n&PidF)&Oe=ohxePU3FO6jbn}qg{*QccT{tQY7x*}AodbWewqxLG zb>1`mw&tbj*32V(9P#-3w*`Ga7TrHb`x-|_zC)jny6|z`#$F5H>#!!wvD;ic&@TL@ zHAk1KKj*so>buAfotOTPCx&K9B})I3UBNKYh(T2 zjO*VDJUZ^Mn#j-1%=cmInG8P^9Vl?je7zZ{3?`6i(VXeC;-A+-;d5?ZO ztbLr5;`YmThpkc2v-@4qVYl74)9rRxTZg6R!%{zAzc?+=ijEfaMK#`I1%36BC&&%O z2Q{W@^|b;Sk)ajlJ|i=vm%M*zU1w|%Vq$I^-gEg(#FEQG+kr_9dwe@rX~n^68^e6po8L7FXVj$KdAoQeNU zWu2hZ>Yq4@_1nsg3!eSSV>fQL#!ro)`{wd)6X&xk=P|;XerhuI!+F>;$|Ebrr(tb= zU?6WtJ@@8@*z1nn9jOOD*jvgM=@PD+3hf5=4kl_d`3?X1sloDt9b12m@ztH$imIn5 z|D71E)=fLMQDbq>s5K9I_RAyKFT^!23gHX!pEVk*{a?w6SR3PvAuCX(81-7>Z+B4_ zF8>_tn)8V17YEEpzYz8$!4D0Dx2Ba_oOzJFC;wi%|5|k=9G4q zkt2mIX!clLL%oNWtjRXDR}Qtp6HUx7a6Uz>qFm&PNT%5qwZPqG4e8{;{(j?ZmoA8{tRm|(5U=uzO7)sDwr?)WwXD( zl)0`2S5f9nbK}_ij0-#QD>-AD%Uq@ykICD{2E6T5>jB1bu^%ScxGDOI(O0-QSeAto z?*EYIZ@&411*;k!cKG2`=%2jOCiWhPAKFH7&3oalK$*c|6yBiEEf#zM4I7#Tb}t7b zmrf^slunR;Q|$i=X3>e6BXSa)dZ$Cs$*F_W3GGd`f9JL5(8)*J8-h-b>5R%;I$^Ho zG4E@-D$3@;Uy=oD;jz2mu}he*`OMcfE>F&5oi~~i9xVhNYjX071K5YT zaMhq|{cs7l9$XFl_TUNwmtdNU+#%Px-y8d+oIcvrUe4G9Ien;IuMgR(>G453qJg>4 zj_~c_{`2nmbRFQnbhJMn<>`9)j%Ty(?B&H3`EoKmef$dh&HeG90QBB=($Sv>7+VeT z!vOObWFD1I9sysHbKd%2o#qjEOWpN9U2ANm%%gIU+8CGQs)5b*ZAIscp;`H;&{bcA z_e~ZRF?_-Toxpj+(H}7$EuSbX8`A!wlAiAHu6v*9&loO(T z6!?y(lOw7%!+?oTUu5*8rx!IRt9eOn2hpXHIl*FLH(YO|4aLGL(1CGcfm%yd{JTqa zUO5|WfV?r&W^~4&ZJM=5+7vIEHfOW`Pn*(rS_hs;-%aY9xKa=qX5K@FCAn6<&`*EO zxmnR4y;*vqU-&7Yt+J#i=OTdmz{ zy{!w}{NvvO3wpm8`*kikd`;}{kvv@uA8Ks7+&w^N4p7`UadM?^+onSD4&m9 z4(6t8V4z?}oIaFO8V80rw!D|uLVSCl>QE`CRJjDjW^JEyELcnY{Qzr2?CptI(`>V@ zRcpx>H8w_i&kngM-zoqXvenJAS@!qUH!-IG^R9iF-dH?3Q%sS0HghfAmgKsRT!<8~ zG_hAl>ttK`&Kr9xW50uOJ}kQ6{T|-EjcaeLf15Q{CpMiP*L=oBOxn;4v|9=tC$3~J zugZ)?`-_sqr)8(l%o)r4|HfE;@iAlhqHiou^6n*EGv1v#r(S%JV1E4b@O|bXp*>d2 zgLrZYxOpD_uf+DQgg%x)AJr~>EOBx4kF-0TcC|lCd!fMX;U>;PN-c+$X+!nA)_{+- z;G_F`;;A=f@R6Qd;`x8f&z{>5_z)k3#nZsSy3s!G%&;}Up?b5>T-MxvA6T6EaOSp+ z?;2dX*4&Ecy}7-fcO_R_v8Nq<88-2E)?<)?)9l@%$LeAByzQAYz$9b8s`c{%>ZJ^( zKauBt{i*eoW~~>Fz(*KKU17ef4B=N|Z<78OravYlnlKzcmG&_u5ZN&=Rlb&YJ+Gh0bZeTTMSu_W3sBvu!#U4V~E~=w<9&w~S zg-4&3+*VHMX6y%jvy67VnsU2nryf1M*{vzZGgDJe_l1jP*dV*GL1d3@rlwpCf6e!9 zO*y@1+H`Bm2@cVg;8-ktVp|}S`XltO+O^25g%w=SzUS`OpMCZ5Bb(0u-~9iBu?ZsB z6@sIIK5ATBsN8M8#xMw{Y*d*nqx!J=OxfZK7@DN^%SKwsKKS z49h(WX@awNFZRp#S^}IY5aS(-To1vs8`^>&I+VlzcA?H`Aa;gq@%jOW{R!Ux2JcqE zqw=}B#UEO;U>p_1I+gd=t958%9x-@D?F*(alfTwl!1_7A*Gxp#LCZbVFCa!^{OeuV zkTuw^FZyWN&si*BjeYjLnNxFt&Y_#43gw8}Y>sYx+nNPaSM*bD2vIzYb43GE(FIyq+-^(sx0@ zH|Gp==Iu{30AB<9KNH|03J(fzKR(ylQ@(}RNiAnENUqB+5&d3i*cmo|16 zIAg5l++U5cl)wHqTWHhhTjZTL_U|$F1oBL_<@4H?jNYmO=Z)x#?#rP&S6?LgEqma< z$k*s*Ea`JUSZ6SH0&|}}_hZgTyUU$xom;V#_`wUnvYNTo`f;(LDb9>!EDz@)->?Jp zUJdUl|1ODr=;Ysp%wF&W_v+m}IbRy(oYg8_mY5&yKXWL2yEL9P2ZP)bJ_SeCd-P|K z6BonIH2sw8FZ_#ro4^i8E++Oxjz~4*sevD5lRooTN!JZ}2p-!GVb z-s3llR@q$vI`nurDx{@>y121#*>d`&S*f=k+%^|LoaUk##@m zKEgL9@0~U}H|@B4!JF^=*t8o*hSAP#oBl6(?*boHb?*J|nMp`cD<~)k)?^5Xh>BJP zQ>{!UcyFs!dTeW35(aO@(`xm!w)QQ-1ia85v(0mR_iB38JW_m#96x z*_N41E+D-CYD=nZ-tTYiy=M08%tZ9`^MBv>{P}!_$=*W=f0k`)}dcC?KW~v z?cc=t3q1W6foJ3J>@;%d@650_ZJ9GKT@Oz4pdmP-6I}Uu%kYa+=sxX1qCE=iIAyrr z$T&^sIlUtpmn~EqdS81}_CcF0G2 zDqrymc&USHTd#m@^*HQJ+z6b{aE`?^_{8kZflrvejE@iVmf&x`Z`>`NWA}wg<@beo z=V68GWSaI2Z`63Hf5rb=qhR;m`33D78B_gQ^+E3A8<7`{JvgeiAv=kjDr;z^=dNKL z&@|*!?Wm0os|sSNPMuQ|%yclbzIUGcQP?io39em}f%3bOj^-NPHtiBS)v z`L&6h%|!0Bm%g*~EuXv%dD1zEMRiLBe8>C)_QTA>%jep!7zm$6euJ&ox;*56+5Hn| z&B0#93gg?%D%!h?SmYMyew$(v)m&0n@|wQcTY$Zn&<(B1fA(MD4E4X}xc!TGHpSod z)I(m)_g1eivR`&VwUGFN5AEK9BYy3t9A^ zYRb~k>?~-gvndomwL@dc%A=dmN!(M-z2QmvRt&=!OgslWvza{-GT7L2&^2Z~p!60x z$@b*|5kb&>ms4O zcul(EueadGpw9%GS^syjttayQp>lk_G06Bf_B06ke8!&($oOXXO?LCCfX^qp`IIl? zvYQTmg9Ck}*A;h3t~dT>cy$wTq@{<|n`_b2cK?Z*ZJa3q%#s5 zdnQbe(Vjh!_73Ek54E9Z;H6B6-ZrK*HUj%_{YMJz!{-9F!NxPDo)=mN<8#I2$%E0+ z6<(~1pExf8FDBv1ThTk7ALZ3y$tEc`DIVx%eEN8A1#)pEc&S1o>jEmm%&@f z;mNnXjJmC0d$McOfcsb2!Cd|w{S}PoGw5*Rqv4D7VN=rRV8uz^`R39Y-u^v`N5m)p z4iD7fn@(pRAe$#_L2lyrg;DFE{8zBwW4*uMW1Yq{zur*#D1-jl zvo+%O;Zu0Afwvd;F#g7RWV(ggfj*5nXEtiwo6e^0fwAvJXUTUjqyB;W1vL=Mv12u| z+tff*u?97B7VE9hhpMfe0j^r3Hb7hbv^xVH??+e6U@oyAeNlc?)ARCsXHbjKKNy8J zh4abF--#bxg@43+auvK3;d&ZvYj5P~&{+AzYTA^Jm`g({t0Q|qo_ zeB$I029Vz!{=QLzw6QaQcU5HS?Aywnd4tesS1Ww_#mL@=(GQl6`h7ZZ4O54S|5b4R z7~QA7F?^pntcin+&mdzRY)9)?1_ON$1FzP_hsQy5fcCku6kZl5;UXN)JII;a#25@P zPP92R%s6cUzHNbV+QB$gBj*F)_B6N+v**(Wp4kB|4f+Q5M*WT-y^S@c1DBb4?$&MW zVK#8NiS=5w=0SVQ-wRA_<}8@m?xHfq(D~odAD$l#&ldR6T>o;(E34ZKj~wK_kN3z) zcg39uIf9Yz_svO=mkju8TtCD68fWFbkzG^wEO^SvVGq#$80sTbzY)49lf8`3GI*xJZxQcZh0Qt;{7D>6+~HL1{ynl_+GE{TsrQt- zusBZyXY%LF_q?Mx&cIlJGuNwxGccC{b06=v0JF|45X_>5Z)Kov4L+US zj@%v#Z)`(nuc3Y^qW#`4M_*m0wXxoueSB_{C)y-K_(V>bxO>Y zz0>`c;Lg`6brsYp(SIE^1a)WRd9ViFO3{9TS{BLQf+p3ydAS7n1IN;r@?qMGT4S?5 z9jVQx$j|ehfoq{NbSCeuZHu~7dG-wcwt7kUEeF4C=%sB&FM%J|Z-n1ii{Ei0@%#K6 z;RhbV(eg+RKWJs}YbeC;kJLjH;75H_0e<*A(%);-yvMT+K30TJfu1(8n}0rm)!jwz z1>YeT#dw)HrmlFyeD@Lj+^XtW;Ti<|itm1?(64=ovp3}vMX@Up?2F{s-ue44wKGvD5wGLYIpnX9Vi!bM0`+TsCpRrfC ze#Z`(8l^|js~YPS_yEM=duQ`^W-5Lse@D=@{pfGSMGpb7;AhD(Ye??!QT#EZQ%D4&I%;Y$2z4sZm$o2gNZTc zx^d3Z3c_De1paM){hRdE6TolhU5Q1C?&)>*Xz-KYtb*1$*Y0WNVg{K9800+mon?{d zD&L-XVHftI>PqK^neJ`(J;VL6<&o!RasQy@toh;o`R?ua4IZ6%LC;o2D$KcdPvMsb zc_QflTr8fDe+FNyua49fqm}iS%Y44R)c5mEeM-#pm+vt9qvzL)rE6lfisM;}T-*Bz z{K^~QP3(f@OXD{N{ID79<0-zDd?+>$4}KB;lrN_FrrY4TbWMFNLNqsfBY9$ch<121 z`w0^R=KQ^7_z@Z2vv|mdGyDXHQTkC75VM_(ua{9Ox*qVVY32f3Y>Pz)Q^nJIz z4)$FNrc(F8Z=-YtMSl0Td-bn(2iq&whxC!rNy_2k<7y4YW9J3Vl&RuA`x9lbRXy6H z9-5}9&3m&jr&u$leVfeLi0pxwWZ$M{;9bDn^O`2-4fm2%?3?2GCA4$SHE+C^r1ETv zFFSaiIC}dw&Sb=YygTKLS=GTD;Z^jzgMJ$s7md%Kc~<)=+H0-h)xL`MT66Z=U(sH_ z#I@eTCuE)en9dcn$=bl@uD<4~Glm20l31EF9BB7dT?g9LI?LfeyMOT8RUR-)%p@OI zv7zEYtq)(BaNL>nGl>A@!MMbt8M7CZTQwt<3C)DPHV#-E(1=@J<9Jmi2AkMdPeT4%`$Z1 zbmn1{zg)rJ)YF?heFtq2OP;=fxfre0ox!?6uPy4)x&90F6geFMj|O$s(MRTW#NWsj z?Ig||Q^$M|K9X|E#GYn<48=!w4d*l9`7HPz0lf1g<-4~KW2w$nd5xS>E|? zzczDHbG1GZ-gadtMVH;IV}F1#q-Nu}msme};op|sb73TLcV*L@2SwO-ce%&! zi)J`x&(B4(9JA-=qSKw+-l@A{2X&5peR$*Xv~%#aA3I|i?=-Nd*D~Iz);I5@sT*0w zJ8gVx&(9!Us>jkC`^A3=*jjvS6K`sL%6H1$<(1f~b;{{@^PmqLRAdc=uLsjLPOWld z(AVTrl-udw>eMPPa_0x|UuxLr=U~yFSbPGsodj*SCTg1lIXdgV++p_r%-6G2AxB>k zKf&M1g^^>bRo;qm#a?UOAbYS#_xp7Q53)z0^=Zu7O~!HuZInY_)zwKZq+`?IW%Qq) zpVIv}@}$^4LtNf~9?S5|Q9Sz;@~ht!_sV8uV#(Sqs-N5JnEE|4$K}@teC*r;{RoWc zM`DB9b>_h4gjZ)2=o8tY-XY?x|Ml-H*4>6IYmBr%gX(VNkF9|JmcxJGyC-?m1XEX` z{k~rPD)S=bE&K4FTHrUWN8Jp+{fPaYv_@384)8rlyMwf=_3(Nx-0oV@(XY4A?>lH$ zan~B?m%vu_(>^-W9iaUk z%M+X}-^8;{;Ggja>K$_)+6Hq*^rXOfDbZTR;n1Nq$=qU=ct>*>d7dcitd@L3t8!?D ze>XSXoUBbVc76D^{qTX+bBtZ9ou7Q|oFZd~&N+&)yN)jf0n|A4JSYLmE^BVGr@78`{wE3JJ z*LrU}-OK&)tWVV5?T@3C=Vy!T=c|0XU{cOK3mr8U4?uhL$WR7&ZM^|A*H_-KR=0?kyH(5iyK{r0u`OweS8%PI)>kW8kcZRxg+Q`)#sGU09^Xm@(1(4|+&0XRvR%;sCRkuKcAwYCKs}_(S&9k5Ypd zj0fzyTZ6x$-(*YL^lon6U$Lq;A9dDP^e=rSu$Sxn^;jwBqu9L;n<%@NtoG&^YN@gF zd^>+XULRJ)xtfQ_$q9V&A>^cry#UtJX7H@Xs+?VBUp9DhdbmwruBGGm{!?C_Zw-zA z2G-yP_czJFW7^+j7~MIHEDkR#GkYGH{@Guy1>dW@3!9IAEu-H7^vM06OWgC|>#yCu zELOI3kaaAYSGB)A&K^j*FW>7y_M5w(z4-J@8Erg-&SDMJQ1&8Z;5>Ls{4G9*$1iCH z=J||aJ-m1xe0ULK$#`mC6(bvoW88jtQ*|JH_2lV+S+PwYaF_ioQM&+LQq7u2CviCW zA?DR2Ti~NuRJml~7u+8tjSOjRT!yhQV}pz-o_r^BsA>N_$%K7xL5#TDVXl$)^p4&Q zzIX3`U{6Z?R-khyfInmOaA1tA9oC+4R^?iG9c@35r=gjFq1l@gQM;d{-2>eZMDuU6 zScmraaZ~fU9J-eEBx;u&N(~RRmfWf~u*J;hly`bG!2g5Rc0Ow*ziU2gxz4|Y-df{m z^XIC?dH-+rt#&Gi?HDiBJjHq#GyKyQbggZFn{vP8_LOr&rl?Qy?EiY6TjNyi{xSDV zpPYfT9GH~LMADWw3@iXc|_)Yh8ZDoB8zVCy`n0#O5 zsEfta9p%V`+_7Mv#{m;;IdAQwWWb-34+%arbh6q0`?Q}m$LMKC2*_O zHQ^)%L3%^v&{2M!G98+Gx&B1c+;`G zi7%(Tjo}OAL_A#+S_>>&7W};!e>z3@^Ts0l$)+XnPhfv=$qsAxjo*)Ni7s@FT)_9= zxaBXaTaw-yNX7jtp@;ZpH}sk5ly9F8J+@*u9(E$DDkG8Y7ZA74;#+&048DHHosLtn zYBPJEG{6hOLHTxSrs!`Betu=={lDOh8}PS%@Z7xYYr`8g{%L4waE|5kM!{>HdH)s0 zy9(PUdPtTwzu(iN%CUIkkdmqU>_9M-wdv|f@`v=);$M2lSW3O zyBp=xN{5|EALu@hr^-981NQF2oOv0>Ig1|D{MdZ<1ic9PY^H7_b5~-hn)cUH*P3`6 zYf-tb=X!VMyXmcP9El45<6C$3lD$`jM~2k3h~*H#vmFeWK8CS_*L zm*(`fZ&zM##X4uch~C0xDPB;moc+y{9k0%08nTsSKaT|M$)5}U*5sc9|4nMD>c)7r z&0EMl#=kI;F%sW8o!!cFvIZyko)^3N=gRwg)s5DVcp>5Q-h1IY>#GLaEOt-(*M5|- z>${v9Hfpl_ukdoh+AB!;FXe^@k!R(>q=yx+DVNyJ_}H;OiM`jg{=5vIN3n+H$1ES< zhizJcUX@=he6_!x@p-s@MRf*T|C*2BII9>O_+U9W&~-UDu*(Jxc+|pih~Pl)891=b zMd855FMxyV=Y2T7BRG7y-?Gq?`xy5e|DTcnW}Z0-arfzS@NjdJW%c?BC=&RV;nU_nqu-Q~xI4slxb9WB=y)PI^Z3 zZ56chL-g4ox-?nDO+p2sH^bq9gV%>M#g1wPW?AJHGf%TgeZN;CtNYAWK)LxA(FNZ(Iz!%uEp0F*Gj*~6h?9}aj zoAe#+M}Dc;q_EF?LC2QOgbkSneB^x99=r5^M8H+)zvdtXV<|x zJ3ZIIbMrMfhuu&en_@rJMO*n)&gTqrK5gKs_{icZo1|+~mkbY90be_|MEGkCtN|Dg z*E9b0IR3sG_y&QGy{CsVA^7C;%1`lXf3QEmY2R(Y?@)e3dPThPSNz$8Z>LoUp*jL1 zpUqxOVB)|7c-r?Q(l{SfAV*iy*Yo<+h6PL zIoXguDF1vqGJx)FP2rz6Ld(U_GUtc*H9c4S&EH4fzb@vN{2F))auxU(8F01udFKZg z&bP@wi<5_?jyjjqcF1Wj$G+iz9#BqOa~kceADK=&-@{bi**Y zN9TNSNjdK4)B9GZ$6-$yH~DIPVB5-$S@xA z&$YH~dJT0F>36y<rGRc==CujW7wCYO=M-!S7| zpD^biDK~4{pdLZGPi^S^46&Ad?{B}{x4NOy%Yh^`m&7v(_)mSA7^T~bGin)y-2L(^exF5=#`%z zu=4`4dqzg!k8+bcD6EZbBVLui_!M||uy#T{2XM4HLh@(h zKjlkyLFZt-a+-JFN8TX<-L>8}iQn^A=?7q_21l=7e+(9q+FFD>{Nc_kicrXj5%FGHmw)jz*l*qfa>QUizQ9GO_>6mCk;h zcluT4pempZwg=f7-&t+y=f=2~>D(k>{>aydS9eRUs0q50_8W(XyW;+y4z~R`IwB)q zp64U@`jLA2P0VqteLWFXu9M&XP8~s%-;(?$fA6nc8yfh!S#;j@zE@U18Ngj6u=t1f z=Ul6`?$sx`$=7$>{sjHEaqV#3u3EOX6Wq@)du4SV7CX)!z17!G=xdkHuY0#vc=H$A zBkZ>^_PHzkep(G}g5xmrONlH9h$}+pUog(>>9J-<0>w z?T3WEJl*K&^hCFf-;{GeceW_XfvP7xGi?y}-W6lh_yeU*hi0UvT{*{`?NUv(Av?uZg$zPqp5CKs*+ zuErOrKFZjv99_9qABzKhyhtCJ*ez!7i8`%GJb${0v$v>jkQm#HNB1PRj`1;kMeeU2 zzFr4zrjPU_(}!e5ZF}Q4$-RI+?DMi^OOn{lrrB;YGH>i<_Yvgs81wXhK0jmM*Y-UX z>E3rNc63|%2=^)Olm9XE;+}0i(xpF>XQchEq;sTuN&tsWa46uvFHIUrr>04z>D1=o zkfRgV!ew%x50^e7tgq2nELT3_48IOGNT)<`IvM_NnB+DH-yog1H~hi;c;8GPb$K~z zO}3p>1dpmw@Te*r@3ty~#{hjanR9f!JxEoTa|i2)ObtJH>e~MP8aah5`-H~8)A~Bf zNpvvYPf7NEU*m#*^_v2t6pO76%JhoG9QEyYME!I`Fc1%B_pslRh;@)>h zw6*N9|9YdgPCIO5Tikmn+!kvQo}jII3EoA>uL$A+S9J}n^ z9-^1Q@vLd#wpvr%Tkf?*9*Z%7UTYbH2WV>@agPsIL0izir=#bc1#Ln5o)q^!9%`$X zeNXQQz=h83vU?v&=aSQGZFzl)i|x;iqoF4AaP8?hdQup!Jt^*; zA8rf2N~ta2D~4l-_M1F^VnJK$xR>JI>7ll?&i4}9s>zRI0bJ0&tK<4;L0jP1mEzvC zP+N*M-$h%a(*8Fm7qn$)&%JS>wieUY@oxmz&&mqgGH`M4b!rNb!yHfO-1|wil`4%R zygD`97Q8yu-4$wUEpU~UfNKUm5c9)b@iY9hWZ}oC^lUeK^ui;WtCXx8ICZy_EzU0ei@ye{_e@N{uAec($l#_x2A!`P=G(s}Ny$OM0T_H-gP(##dMwm3(a zzr*rtp2MGN^5u7$d?v0%r=_&-@z4~r*N1fbp{xZkF6a&g}k~>I+}a$qaV%lWogs4m02o(KH{!ao9K-aZT55=eRKiO(q>PJduN$8 z*;}een>QFZb9Sjf*3lb#I#l08QCSzNy%}N93D7yXjBg1WWrMUM4wTW#g*5=Fj zDON9s<={#1Y&qmz1$NBf&bCYx8%sY3UhklYHyxTWB->xv@r{q~YfXdN9tq zoa%rcG=1<)D}5l__@gJgS)Tm@*AoLiXt6A%oi}W6(Wioi;LwlN^3DT(rA0k74(z*B$o^9az-L&xnK5TlCkM}t69yb#2&%Z^yPcwKU zceIfi4B(!*w5REYik z%O8bce1g4Mk_~Y;S_;N1LNIduIBg^abzeV^iqiv(BX)}lK#mFFS-%gvO z`t~Js&)LOr?mpPPsR+(x=;%KBQ|!`*o+?NGcBJRza_`1Z<@Z^%X>>EcWqEFf?Sp)Y zbgulOXGEimL?dY9>pKspqulow>3cnTZ#}gKEzXGrHfJ68QrtTv&`0JXUxy;2$isp_vq2u>Mqh2_g)CKWo3NqXlEPYg6wiEww(ak#BmE%P#B{_d)$a4J>|4DhAJgqgPCVJhbUl7d z$39C_Y)n^x4>28Upr_d$=;Jo}Se~aSdU3nS?|bntL9T1 z&gYIcXZl<}`0DEU%rmz$$K){QU-cwwa;UA*T$6+TY-bHq{H7!28`r*{bvS0fF!{T8 zIiE2)b*i!1txnV1-3UBt#}{9>0H&;b-B-rsdDek2V z?#1c(CE9E*0;iuJ>WTLq~KkUs41S)M(YYs2z*NK0;T#mc^3m>V)Ld9v-9#U8zXo!xX!XnE zN8*8OmBgbhq_4OZ9=(A+uAmRAufU@xe$&(y50wfIqnKiW=q6MlSauLa+C1Mi+%>fMIWyIkwtuLRzmUh3WM(7Rmg-3J2i9#QJu zMCe_v_3jsW*N)p5-mMGf4qIl795*MIJ1oL~1-V1)jF&sSDbU9sRL9}-xRIlUN002I zdlcSChj@c);c-QvkDt*;Jda0fa*sE!Mh-M@_noPw`LB9vp{#PPK9Yex9v2?edHJ@i zD?ah8k^D#8PzRrc?S_$~^puhO$GusBKGv!a_8e9pan0SmyL@CHiK(UgXqY;(5AKZ* z^l=A$v6Ly8uMy{$5Vkm&Q>3JzUoT0Oe{jH>e76b z4)wvcX!S^-j~Vo#^9wcR;L#Q547mtAR6r|d6unkmM6Yr0ooaKAw<%9&h#< z9V(EI?os4C9g=gdg~w+DeY{K^Qrzb&gGXhNF;9%*>opYd^|;p<=;PP)Vf|wIz@HpH zl2+ZL*s^pHTgJWf1AS~!J(W+ZEt0`K&d5H9HA>2PTlGj89}laK3Envx^wAY> zJ#J(liQ;{bM_?|kI#-9Halj^FldIh$>0@|!BK0Rn@HvvtqzxN4m`@eZ#Y9w6YCA$6n6)|&GqBdh-~J2tEof5E_!=yD-U7oP!fOg>QL4_ zN?qEBI+Su-hhpB{!1*-Pp>(MZ)?NoW7OMR&Am7+fp6MZ>jn5d^WER zNVQPTj_n)NNF7f3RVq+sFN6yohJhN7P`Rl&*%!c4ItcB1XoKa}`1hnks_bfH_Dd!ZU6IDaf%XO0L zEWdr+qbYq?yMud>fpMM;#3g49Cs~?y`E#SpGk7$;m3~68VOJ_Wf~H+b?!BKreuH1L zoOf*PobShVC7TWl`f=u3@^e1#{It|NZJ~F#);nhgaM=hhTk`&IPjY|E+6nqFbIIi0 zytU>=f{MVJ_T768Tj}5?;p6~GoL7Wc`V91)rW`W5t<+FZVU7=pFZmHc(f+(&E;SM zV>-d`d2u`@1pN!zpJ2xHtARd_r4Ji7EtfreVD?BEXc`5Nwjy|N@7_QkZxgMUTa|xd z#=QE_BI9wyD0mzZ!s7^o$1Qq$*!D_pQlxmSN~U(R&DwEKQrcBi~kn~ z`gk$Whlyjmj~z*??!$_XxtDuCENnB;7l*kQ(8r#d3b#Ks*54bp+?*Tn6nXZJhvRPl zpl>&Kv$hgjy6vngci>OdPht-TUUr6VLna5OQ`7kuo_oz)_Y7ViaR-OBKI`+34aOov zxARQpi6^={D=0AJhmCL!=YvtU2O`Eoj%$elc zu#;EPmYv&a0p?&{47%;dBS5xyxWz+&uZW| z`2ZS!BiG#f=Rh9=^wFO8t9s(+k0~P4qv*eM5&g%#h4k?vK3mua=z|t54X5PvnZccF z!FL|-$d63$jDsH;!;f_EtDVFVtlMC{1%6~Teq=X(q=_FJJiS3A?U!DhwX2Y`Qg_;BEyu%XG+_#f_O)|I(e0fW{L z0&8pBnag>hPN&85QSfU6zbE)Dso(B$hI&tByze2-3*h>Gi$~iLuJ*3aJ%5}3{3>TC zi1!8d`5@k(2Jc(Y^PkpQ-m2YY;BD8<32$SMS@XtR=}--LTREK$-kLu(cvnv=#GC7n z26*Eaf51P>``qR{tSIfRg*S3OH}bbww1v+{_}t)Ez<*pz51bR|;|KInz~dXMNAfta zW9dFZzHFQ4%buV<%${nK+z$HCdeBJIzdhgBvU%SYr+Z%nm?PD!3lfiV#_I!ugJm>! ze`iZC<*0jkpm#R&9P;m2yO3;{ZDJe~Gi%)rzm2Cq`U6+#mC}a;G;*y3fj<7kxs-K5`*8G;R(4u_`D{%&ldbIZgyfStg~>trr2WZ8K0gxZ$5;9BNaT38pbvbJ)|LiOm)W&V=ui4M!abZm;6wAgd9J$JtZOoVJJs6%OLa-q z&`vhGc!95f&F^iKO-;A&%TQxE+5P*w^E~uvV9o?#z9~1an1{K0vXzAbnDGy(<(M3n z1=iC|cKhk$I^vJ?94}6|6+c+9xt|kjb(|C2O6^O|Tzdqahc3*mkz9)|Y{6G;IeAWj zFO9$3n&RG1XxrpXXd^QxF=X0aSj(ENrsrQ~FX%q}^fJ%a?+L{XtsOVbbwj>>Yl?fD zMz*;p`Ans&802?q6MsG2rthb7u3pUWt6=Gs?oJoZQv-Kbif7vB!~U+d=nrshW%&rk z!O9u3yeGc?$dNLT@W#Q?D$Y2!L#qhm5O0`la;)<8JihVdteHN%^~7Uc?K7oXv`gV9 z)e>Iff4`S+*>kPMTw4Fi>i^v9t$DTUJ;$=HH@Mza=kt!|EKThnki}2w)_Qh$aN=fv zZL+_P^nu^(%k9;aIT*iV9M4a{kDA0ceO*Fd;e8^smbaIL_hC`?pQ(wsYodqk-ohTR zuhcm1#3=6t)}&hao(-+{6?{GHkz(Q6XW?r0)|`GS0GHr6$%o_jw%>J*={FKMM_Bs^ z+y1=u#rgd+)Zg{&BbKSj)8fmv&#hjc9}M)FqXm7B3(-J(j~d*w9t@4_A8B#l8Nl7) z-yuRKJrT`v~l zWyWt!2&T7AuR?xm_4!HjGM0~z3&Hec379?`f=T<>26?J3z*B-(yrh4YpS)Yw|9r*ehNFpbL>0CS*`5LFgzUF&_9LwG}c7*SCJcgF;TlR z!QN_3hq+H3QogDmIi@bH)w$+uS9y(IWHC!lO8aUI{{2;KLB#C4UAPCBw{O9s01brq zBp>e|TU=9~PK*CFFV{cu$H3xyfzh{Bx&3*BulPZ6Eps%rNhfk=oHGWJd=@#8rK*uL zI=7tfact$4&bq8{B;PXb;H8^FG~2 z@B}orJQ1ezf$#%+9+`b5A11&L@ak}L2(ERW zoVEveQ8v%=Usyhkyg-{UO^Wf}?#BvwPx2{w*p=|~#appwvyA*6Q=q@DhyT*+4vbdm zbAM3qH*o1AN%y^P$xNS~GCZH}X2+|1^L8 zBlzKJOXsb5eJy^t@-6U#=yOp4eF}ME4?J3wC(tni$j%_L^N*05Oh9g=L+$ukdhIg$ zyAZanvNwjU7@tnE^c#&&iGv2<(Lp~BI* z;-S2~*8U9N-?FddzEOXipZEFyRD?cbjXdY~kCT2;{O4eYu@{@l#?fSh;2(CiH0AumF0B*jebI6MNbEhr?k!Dx=E>h0yVn(O!p`}2ubWujnS6%X4>0H# zHoiW(U-+wE7UJsqxaRbYZ}&#iH{^*w1Du~(=0ulnVU0u-AB_2lP4l^y4=BATf6M#M z`}5xUulfDIG=8n{cN2R6Mrcp%$S06rtbGr)N9PLRuJfRsx8-n`FR(606MO;WQ#tQ8 z`O3FXapU9`Jeqj>?;j0KjL+5V`Nm%g(cluF2I60jw>{suF2LKrD8`RwKkGvOc>Ean zk^S_9i=k1ab3+_CSX9P&F7WTIG3T_lX~YD?2V1BKh_g;k=aeiP?>z^qhqGVY(hJZ9 z1<$c=O?!+ko5)#3w3i&8ccGT z|DnY{<=OcyLwVWW9>D+qw0#NtKbMT=|74xo!9k~XCwhDreDcyi$Ol>;(B;}w)ar75 zTYdiD@rNGjD((+;oc-4Qp$m%mLp`JULq%v;%+`F)!aAC*kx!IjEUsoOusOT1IWPHs z(e=WqlwXu$FXF2cyn|na{do!B=tq`M(dWv`MFPH&;#=AKi@%;96FVM~sW9(eg6&s4 zTZa9JAhXD=IS)(wOMaI9^n$V4o$R}={G|0wlm1x9HxK&l%L9Jer;Dg3oKj@m9tOaG(I}VrNOL8)1H_Pdk^b8;_}YQC*L^6o#exs zA;$d;Fcst1U1opQ{C=j=&wJ#5c>3AUrWZNVd0|=XP;PHp^z?jkX6@7q#@V0I>SM;# z>`8kwzY(`#zvhr9M^~T995K0N=iy_$b0KTAj@;ALU;nGGtG9Z(`os{;``_j9{|h;q zd%8Lk;DMi&z;8on{DbtbgWfuCkeq@!4}?4dXYH2lUJkvrXT@Ec-~;i{*zs z`74ZvrMnX5j4I+S?A{;9ndIo0xAl9RdndZfLox1EmR9v1t$Kf6$e;K5@F-tk_%r3v zDy+N0GI9O?$MLL{kN=Loydos4Rz^SQ)8Ng-kJ2CWyYey;wm1J1Z!%u^pTK{Qf346~SpM5|)|=W??CxaRVpcAUwxXdXzh^}qVChV|D7{%20>9}*7-?4;(rtWC1` zhWF2vJ?f(GVm`Mio$@YhC; zM=AcBZ21rWEPe0Qm2ZXL_>oM*P=RDqo}6@gI=ij0gBqa}<^zJ^PfG zKf{ls#2!ID{RZbTdNJtec|-B-Bcekwy-J?&w_$z`#38@?zl@(feksh?XzXI}Mp=Sf z&4M@1)tvHuKVKB{d>pG+Q$DX~zQ)LRjX$3i8av5%;rQkKZ;hXPodd~F*W2+6$yc2Z z$D8#pW|ow%JbY>VKh5PQhCKbQGaVaFW)2X)x{+_?vUYv1FrSvw?*TZien0X6<*THB zgM1D6G2uT#&fX{=dTo(>pXQI!HSCQwll`Y=M{2Vdlk2;Tocra9FC)Z?+`BxnNjX6F z#I7AIkpsNn(#`T!O^H0dAG1m>x4pBpTn_kgYHt3>=g0OyTw>>sEI;lt@kmIYl*;!8 zXdl!oc3$HCM-EKC*ce>++wjrUe2M^+?@1{ z{I@w@J#hPZ{(j$o`)}IMV|-ZuC)&^KR}PH7HDTY81~ z`QJpFx4_T0Jd)?<5%EANe+>Ke|LXkNd6s_7qxfr~c=+s6eE0vuc=#`!#pB^u&v_|fv~0oaP!^am{sN8`as z_&M;Qtu>JTdq6ZU5kCyTi?+@{{zx!3-V*RtlwXxC(?5&fv!VPo^IJpH`RL5wX?&EQ zRvz2>tu{a1@B_}AB0nMjbus7rG$?;8AC~VF*Nb?skv!|%@4j)4^-75^Q%bjqI(3gmc14~y?C<8K%Cr&y<&`JXIv z@+r=cYlPN|p>-~fs`vE&!GXSWW6eC4;OO?@5Kn5nRZ}Y6;N{#sm`cSuLH_mfU4`%| zK24jtc8?xfTWInKK3x4h#d+}l5KKA$)u+*D{;Q?e1!jIb?|)c%m#jRB^w-pAXZzl5=VAjcPsLAE3)N#wbYtlJW=al0An{Dfyf4 zxBF(~Z)}nHuO}dXI+bo$cOa^}*JBt}zV9YjZu>49Y~V-Z$&PQ5S$i{Hd|fKg)l282S{#GhXpA zbP-IdNzbC&`U~i$&lcYvxn)@LTz@_EPfG2#yvXYcKC5H__(X%VP3V#Tj=E0lvST=ii9$R|jyD zJu-y${~L|onxC|^W{zRw6!>64%(DyjoXs#lbpN!7PV#l-zXag0{F$4d^ywO&pS18j z8{!Ae)oQ-p_#nU~KO&Bv(ERkVe0Ffnx+KoNEI0Q2nD4wXo!%3K&!>~^{{mCrRp?)+ z-bemLwO8ZCc}C7RrK4kfbav$t=q3FgJm0k8{KQZu<+$fkn{H`f_-t#UmO7!m@`ZE; z=2Ps^w2t=ru}wP9cpW&d2VZk$A^M;fAH~=L-yc~#3f(6K@$zj{uHMJ@OG?%ISp19G zr!L<hpctH3s5>QuX<>-asG7e=epES|9iH0q5on zO(SnE-+2k&w>r@uCY{9dPjGg1oLu^1K5_2FxhH)f|4IIv;gPL{x?1|~?f_oJ>f5~h zYhHiJ9-J(HS~+R2X2G1-+@~|bjsJAGy97Q+`FtRoy!Us*{yG)T*@Rzv8HXS|-~35w zUGcF1d{$26F9&sSdq4+|hzAUR6xLf9`+>d4P=i9P;ZWavXXrfgAv%}4ANUISL}znW zbpGbC*Sxu#`urS3(B4@)BAULv2+Y=o-?#b+)*qR3*BK+NKWb9V@pV%;*XVye=G7c~>+^>9_;qZ)&Iq=%u}C`&YNzrf z+F4f6&L2i;XKnFzx}4S+?Qp&;ylB@8z8Gr9`VdAJ`!E_9-c5};>*j*@HRl@EchYsy zz!+HlES_rf{U+;UTK?H!>|cJqD>|JsT;OTR9kt`TzX-i+$T2DZfF0Y;`o`_a*IVvv zaH6YT`z>qMX}g|xQch%5{d8xj>Nw{H)#ufnL3~!`xOHbZ{@Kl*t;=Yi%Z5lTKFQq% zpJv|%;s-oV?NU{smh-2ldb&pQT{(D7ek89i(#X`0hdE=piuF>+&q18!oUUprSkGtY zryuv*3+5lZ{8=9VSVLWHGwa(T;G}(RP6U7DTtpAm?!>qjEfg0t|E>W4?Lqt#;O~?< z&m}_me=>yQzxyzitpB9H;9Q>KE9pkzeHVDMZfQt+0HyIiDo*NaQpx6{zr(AN4F z(1r7wSLggddq2oS@Xn1sEH*xrKNaSeuzn1}BmYKYaBT>#%!z+qofsbemVR5yZw0W0 zV7N2{gVuWl{mW~|i5_|XvKPN0i~dN9F8G)`YofKgW=3lV>xm)pBl@LN@F`xJ9j$Fb zPdH85ccba~>xj?N#F=eokDj^i_o(r-d+e~@j5 zUG35${C%y_FL`}n{A=>P3H(vkdfXe-S?Y5oeeR_lW2@JB@lksq*SRmuzeb+(?Te0$ z)7aCaJL;-_oOL{$KkwytGm>lQ!+GxCbWTnT-9pYj*uT|lD}21e`I^14h&eBP)(pwa z#N3)o>Gv}9S-H`1<-51mpwq6FelOoXfPU|IedV1kPWh@RdA}IBKGoe<*8X{Q_u>1$ zt#htcaBn5=ZgHGd%hCDDAFiamYTj8y9x)bo7M|lc+XrLi+bdqb?apVMidCB{oxQV( z)t|cN>N7TP#71Cu%F7eAo0~Yt1$(i1I%{$CeVTJagTApNaqLdhah~3-KgL;Dh5p_7 zc51(6=aJp%^g(>Ez5MkRcRoemi?xr;CF1SRKW6g_(Yb$K&H8ShEnC%3thU}M+b(>B zhv+SxC|=aJ^q0O@fLl9l3%8Z@zk_}cs$iWEc-{t{vIEUWISX~al5dS+nKNcpJ8jE8 zK8bzoqd(wjO|mby?7jNDXEv~ie%OW%Xtx5{k-by9%Eb!T<@BxgYmRgl&WDy;kHFtq zHg?1CvV%6TW^U+K)tg_$H_!H7>Z5KK@oF!9%U0JP=M2>YLp^dU{?Zx7t!IL`7qkkpearzXVW#HKs!t+B# za1^hsq|X)f*8s0OPSo|}JZ9GG8k&d(^ey~FhbsEK(5Ja*BN$?D^I&-RkkMhNEdoQB z#`0~>KggqTcC38LF|2Q^*f4yaPvdz$jn6DXW9&*V_QlYc=l4S2J?kQFZ%x#lx-zl< z%$3gms%UigSBHleTKZp7g8t$;<%~r0dT6i!Tod452OZ{)xu0!GP1 zaJ=4!zE;j)KHu-<^DaK`=5r>W3;ERYIiJrwK56XCIeeeSr=HI{_{a_>_?C>G&9`v3 zy6nqA9n*7Kqt%T`5@ z*D`okYoXR4pIgxlE1d{>f6Vro=>3P$`#YfhZfxp<==~ki`}{oyy}!fP`#XHSzr)x2 zJJ9=$;Mj|=CD~Bk_FQ6%HO`pbsY9KGEzTI)FWde!?XOYWJiGpyhi+~;EAhf>=d8GN z4eKuZ{ByyS>(ySWPcrW{#@B06;5D`nxmiS;%?D#^_}&R$Z3)=FuwI*fJi2>cq3#}` z*YJ-F&5^P0*rK0{wlVry25lZjm-S*NhL^F9R&tDdF4me@>{yg%G_N$xiJ@1c+f(RO z@t5YA8X=hE+r_m*P|>U^B7UJ)FM<*N9820oJ> zXI|atj3)X^>TCkvUhSMUI=*X8GrGLTNf+XLAv`7BaE9TrSm(LsTe+y!+!(PSzjHj{PjOSWI z|EQtA8E^D;FS^>;6`tR_HRA56!LFg<4B;rH)uf)9WzY}Ye861B4H%h5Z6tpj{y zU-kD&^j4cQW>pi{ab#mTc*w@e&NO3N)9{^qEcsW`cVo~)zJJvk_OA{-6+RJNXmMBfb{rycyQJ}s?+K91~fCAwODt|QMQUbH?%m>16xFRG7#-xQL)9tZ!~lf9^s zy=wLcbv``FZD(IcJNKhJ^5=j5>gs;ldXO=D2)PZw&0hO$$_<_ME^<1bLr-~gOKSfr+7GsA`%)}w+kTLK2LkP1P^A5vsaw06 z&!_lkJ?TyU_hP=K!>{K%C@U>P8EP78m`yq7d?Y_?5 zj-GBoXRq<~^cr7JBlpHXUxS`*NB5SY%h#aS3v@2H_HA}**TY-w@SW_0V3qEbY*s+~ zMGpQPvHURKx1-nBI~9^q_N$LJMVH%jK$2fEAz}@(Ez-Rn9dnc7%FvVLou|FS$6s=W zd>J_-u92K!w@Ui$F<;+5?CbkdGIre?&=O;KUTdFFmC7jyXNnT z&S&`kwtxRAzJt8_tCKulz1-(j>)-8-l^OkhLDE_HN^Hz?U;gX-4Qry_en;u2ouOra z8(v*q=FIJX8u>jPxD?E>#M5DoKu`Lu&2I^RQWPe<;#e2 zp%LUr&-d}Xfwip=)~Z*CbBT+yJhK=cSpuIn08=C5EE!o>>*>gPzU_YC!w!yF4=>Lf zcvCUAHybMn?`z*K4)585_jdGDTw@ctp{bhhR`Lr~d_Uma(5+m;ckuC%35`uK=PjDw z$^GPs&ceoP7M~ICcAnFIdh;1u&HZ^}==(fAKU6(Jo9MzS^k5U;5#G`BmHyaYX~(|0 zaO~6bolWnoaPDn5%9)p*-?XW!4V?-vNLGsRgXnwBaUOkRd=D=>7}_4PVR$LDtH8Io z!l&<|BJ@r1%+)@9dEU@>Yt-$nFHPTdCFom^>=BQ;_4t5UeDtdI`1RQGQQ@BE!_D{b zF!pwsoW|wAseHzHKHS*EY3RZNKE4>ZFZ1E%c>_0bcJI28v9{&oe;FO_=LGkrejSBI$j05vYQVD=~e^XW>Rw_zw5fwjo(FX zJ4d(bw?Ma85xPlUUDniUtl^_r_}}<`gwOqaI{EwupP;|-{S!QYWAJbJoRZCN zj2&N?-%!3Fm&cix82T3Lz%rA(xlA+XJjogQE%#*e9rAm!`Q7CEW%HZ#jm=N+t!L$H z$FS!nK4mUYF=-9))v*rw3-ssCSOvMH+wZ&v|81CD#!{1`x^mPURRn*|G-L>UtJ{`C^I^~1z*MZ)##2=d5)-foj$`p z3B2AF&OMlWO}-4H+vKAvE|>v7Oyr}#rF5iJ=qW2l!^wdF9T%O~V!QbnhD7<2%Cm8(Kjp@qu!MvE!YEsw+#)!tcZ0 z^r1I1=M7OiY&Gx$2m*3gT+~5KyvI_jD%jQ|=rTW^ZI1jTUG0$yh z&M2Whjh#8@^Rmv`UHew6HrUinOrQ_qg=NfF-Z8^jsJicd+FO6kk~7xe17T|xW`Q&8 zdm3M^#@A_l4-eyK$e;T(f*GnJ&+9RLb zLH>_AxP=-UJe81dG8_KYp#xUrV?X1Qw)5Yw*}cAxTZ%4Ie7f*$=4IrErN9{t zt;kS)Y1qD90yd);tzWRU+~`HkcctewZJPV6@qNvnhnac!aA#ugmD{@aFgGr}y)N&= zJvylPnX`u#Lw^JK7$Ymu-pGyGO@pt?4M%KR1LT?1u zZ^e;;3qtewwvBK2ZD>BKkhtlVwz^hO=xWCE36+2#7Z|Gw(;E)CJ`Q$Ehr z2Tf8Q#{Lujd+WXWfoI91|9#wqT)sX13C8+HXXx9|q5B|g(v9fZh0fkOaL#_BI6YE+ zt~bVaP-hx?T;|i`0Cc8DkEr|lH=qZ7h3PTNm%~zUWc_hz=DR>QD$bkl!*L+G5xu=< zG~LMWFO-0>aLl|p@Ykt(+Rf*$e0He@3fw0B86Sci!6`A{ui)OLy2tkiM0=Ogv=PiDHz}7)F1*pqQJ0%JYSBZ!QQ|9wd(?b5Koim9dY>LY2>QeI-u&AvVwk^= zo0QiF7yG{O#fhPhi8j#SN1_F|b_+kQzP!w+JE29V)4Op^otOJsw6*basW&&GMh%*Ae~%{A=Wj{xwgqm%jI8*%K&LN^TF^JJ!Q@@Sps% zD&ld@Z7#3_Ymtwj9aszA1^LMH7~_k4-3Z?s-IyK4M@A35Ph$*R;W1u_9G0U0IzOLO zZ}Lg85%jMN(tj$vk6uD|_T=bKoq)|*)c&B;vSbkKGM_YQF+=Z}N%UOFZ^P?xEA?rJ%)?_eV=E`6$b?lb;#HC}r?9nLtj4|(pn$=-9H;JGTt z`D7NowS;F=<6G`K2Ut6Pbh=CJ@}6zL(J_AIeOdg`{z>o|IXWoqOjv4~F;hJF+@Y&m0oO*{9dJem{-C69=Bf!pXMz zVP|hV*ybLu&04j|THIV;ep{y&Y3ow|o*9qpJUnLk_jbQLy!zMZjkIdB!2NNqb9Ms# z<>in3T6%k3;rR;>&-D1DAYXI<_HiwJjA|cmA88-|P49&4W4H3U-E+83ZI}npY4xRar@}`Gk2h4 zOZhW%ecC(3ftpLC7TcTW0;aGYG`R@;MU#u*+n$+Vd))$B2Tk!6r6(t%AF5uD z-EbT}Bej(;Y@N^kAI@3sV&-9!Ww+eTnvA8r6>IKejnBk1XNW{O$32;z>$2V!y+xfR za{>SQH`Sl<_w1%ki;?RL?H=a0dx(6|Zs!JaXA7(PoEtJvdu=J#t@RmRdnXsP_gUKW z+Vh=VqY!NUXLTsTuXat{)@y_&NRE$?_ePXV@kUV0rzA(*R`{~Oalgn3pA==8n zPgJXxeS-T{)=SrM{&<{qKdj%_bSvv{R0|Yk{f_2TqTrF`dL}hmvTsq=#q=_MQO45L z?m-jI4jGEFK3;LR;+QgMqIfA-(-!=D;3Dc@)Gqau)bw<6w%AY>zqAqBGyq?mHmgOK zGtr&2y@2a;sN1~?8mZnj$vjdTUp7;3_zOG^p_a{C3!cRX=%d~FKYDp}Kku()ebKq# zw+;NB2EVJpuZ^`z!fkDXU~oG3P}Ae>@c}H7zw_XsdVFyDJBKw%SN{HUFEm{^{vKA8VoskLdq*QWWS>f`*HL0_hQ+x~UGtzzdL&4O-0`IL^2LEDJN z5Be%k`5w-GNKIkwSkpK+i(E-IYsiJC5>wp<#-~yILtJS6^AGkGu1mEtb(arE2AnKD z7ZC3R>-jW(!^7nU2F_Z_!Jx669fSjZ)fo>X;7H|jEc1Xv`a8?GY0rQbWK{d1B%tA3 z#wR>(Dfl?Xeff*mGggbyX_}|%1K%s5$yMOFnfIUIedTtfpQLBnrXV+*uc=yK@mj}r z&U!}P2N)M(tB1k9=_5U z<0<&68NN!-P7F1{TjJAO#ampT3!FxdwtD)|gN3sWi5=o?Q`}>gzMQjRR&ShW#{s?Z zpFV$;(%;vTYYXy+^mhbWXf2g+C!YMKfiqph`PEI&9|~-m&$Bc!dW7Gk$5p>8+I~dz z0bj|Pxd*;k-qC((qQ^f&52K4X2mQ_;?^~^$v|`}!c$Gn`G4v;Wr1LYf@JJMTNalzW zhL$j1Wzb7Dq70dp4lYCX*F#Tu;q+c$i28CLmE3c^??lf&8hPUUBtu)@)>uCN?Q~Bz zzinxUU9|kX!N_OcJ`4{>n6HX%$fQ`mDBm1?E*oIl^=*S~_i4Y~;CkL!i9HO%qR3ms-OZ&VW9W2gA?vp$|OW8yGvq zPWyhySizTl@NhrlB^#Tb&)7q&bMe8pv7U4r=W0E8&9s}RGal3f3{8VK!}@gw;~?3R zeEbKnl*2#TPf7S32R^qOd@2n-H}KpujL|iWk?_zM=k;i$^A6sZPo(;w)C%EkLaT6czg2$^Pm8&wWW0ehf zRy-vch7R?TPoA&$68GIGq<7+#{V@qq3fHG`iZyc`fbqLkH)9>Lu(mEyR7ujyV@e`a^s*9e$M#$-NJa#Lvc7IwQP4_qF5$g6qGv_7eZNOaAdiz^{A^v9cErpf}L3 z_sX_ZGv;ydDyB!i>Gu_0KdXGt2G*PYeca?+t~-N|rS(r^$f<9GALT>IMrob7;;Ke) zEU!lP@#Dr!$ENX{{96;VARj-c#zSW@B=Bc?k)_N<=yLoT*6x|TEvxX&en{*nJRZ8a zVSg2M8}CtFkuL{f*_T~DpRuaka*8`PlGt>uuLFX*><;K{^w=Su9y`wG|7p;25SNhJJcfd=6?>NTi`|zstp4P870^cUCy|M9P`LH~k0q<+ypRbicKX}ym`ab>o z&P)u+-_%|~1JF_Hx-P^H%icb8^Wy!)jk`}QK||@1kC&jK)uWyrj&#lgPVv6cp<_K- zTK%~gTIxLCL3CkIpIH5Qouwxc>a97uJtInC9sb>Boa<2OHu2Ll;Qj*h~2%x%uv?lKK36x5K_#n)8k# z^TJ!UrAaY4{?=!ofiF|oxKH47p%?lV;rsGje?5MmFZYJ8{d_e0t*~CCvQy9ZEz)zc zF=IRBn|zG9an)d~yt#4zz{Sqc)9BGBHWY`jvWw>$qr<>Ud;Rb=$8yUvYFWK zR_0@NrtmZ0R=(<4Utc(%nX&&d#!mk4Kk@vd{M`s#TBo&`J{5~EfmVuvoj7v<&Y|uz zz;9@R4YM(MAG|1gZTbiHEZ0fe>tk&K_o%7kci`ttY1Xy!4NPU)GlM-erUOe0IP?lO za58PQ(FWJ2&_?I^IQ5N=tp~FXghYC*N*(rC^2c~GTy7w*uCAv zRq|slX8ikkXYFy$h%s!d_HbD1DE@Og9dNMyX|H9)V(Kq*nb%L*bk@-xQoiau_-qiG z?t~uFL0fK~v0vwq%HNc3{3G=www zxF@qyc|Rzhvd7_g{_uP}-|95YE*j5&-*2y2JU^O0F%KSkEB-{g-(N9*Vi#-Og7Km7 z4(n#<`i8psUg(^G-%G|PvP0NE<;#LP`iD#&0JdMjjz*@(9K3P72vmJBoEbN;`{@?FIPi z${{FMq8!4lvN_J_e_-y)ox; z7pX5(E=lW-uVCG=az`fD%lpE=26`x8tNfnwDabMUuH5|sb$nK*H2GQt z%x^`$p7r|)%hz6i{%sd^xxx9Ia%eRMnm!004j?nqmGa5QGVUH8p3k`xU0hk`xC7Wj z>7{;bV;XxeTh4w?Lk~lH`Qty{qi3zf6FiU-8T3e9lV(F3HxgejGcVc#noCj zt9*{r`LDFEypH^e0pwy3+1`nLRbE4WrgCD+{ai@@$0HLj#cp}*_-m(~K~8$2{=S2l zbk_3O?l3qtnt7SZPER%~J1e1CJGDQ;U7wlYf1AO-!r(7I8vD>C`>-4NT3Q7Es{;7X z^zok!{JXJxqC>Cz=rausy1e{DMdz2HK|eHD3k}Yted{kiMEh;fK)H6|Zs_d){cif% zd8UWA&I*u!S`W@O;2dMkSN57|XUGp*`FdVo$<`q|MqkZGUp1g}P6H?C-WAMOhsX4k z08Yvg*)d%UE{vs*M|tPc!m%u9(~hNZv12*aA4`p$bhXCqTyQuR9F7GC{OB`Gj8ZLq z5$$Xs-!B~WTR-F6!Ly3lhVd;=*fqTH9OTl2$K)A$lzZsC(&#f_%-{QMk$b=7p2j?w zdl;vpdqNAo8 zx>2!{*rg^Ungr;^g^n@ACB`u`ENws~8PUvSc}-$1y+Ld2R+G>I>G%6P_ui^o8#E^K z&gakP(^S>H=bn4cbDsTq&U2Ewb(u$28=0Mj-wiZ6`C~=~ChIpGCceVBeBsZMCkSub za-{gmtK@E|#zL<6%F?v>isFLeX$`7Lgq~%1L8HwJa$ZL#Di6B!_Tl0#QTU1c2DaZK zGwu@oSxVd`f$z(O@6dqoytNj-%-HWYb5?EjVZ~iiaBdZ}Bb~Gf`qT5q_Xh8{)AWho z3*4y#hgA1uJ^NMMxQlFcm*-#O;J`g;>o5OTR(S_a{B=z7JcSa@~`TlRhF>&R*ofL9aYeoY9t}{&tPSl}9tMvAp$cIx5N=O}_U|(Mtibpf z&jU7Iek1sc_6^M?;N@#S!+}>6zBLuRf01~Fd;sDD;&I|@JK!bqHA){-{kkMykk7QB zeVNuAySW<~-NU+?*er5c@gw2&VuCI%mb^T6c4$?1?^su5VDJ3oIl>*BRZf5H9Lz+Lgx1RY1F*z}ziL-?^Xzdhc$ zF-aF+{+9T}dZ%wUKH>7eVpEeN$^TOH6XalYahiVO@T4AiPY*O9|AVccpr@eEbYXk8 zGGE!j(o=fiFVa)qcJvgl&u{~H_^;qKzJx95K0_C;U4Pf@z%k+P%1_l-mZGmDaoCO# zJpCfN%Ho8slEQ0T`R3JC>gZp(ielliQ@fFUJ?JgH(3a6v;6IXiBY3xTl~<5!_`{5@ zqVJ+v{iVZ1Z7wI@eD!W3<{ste5Cpd-o*Q z1*({+AwCKy=Zn|85t1eTn_i!y;hX45^N&5EI8Q;Q??uoX+_m<8$o@;j9~*Yz1dyz))); z|3DIVsn61pY5QyL?pU#j=WIZyoD8liE{Uy7j$zVPo&t`F4_APrvb}F%3|>1hvBuP7 zk#4yl3%>o62jAqoK9W3vzL3|+_^=P2Z)A!19kK+USHEQ)8~*vvk~(5J>$(cMl20Qg z2Z!GmG3Hj*%IJv5oD>&W_dJ;h^)@oryO(-UU-x`}fI-INaL*d}$`Hd1F$N*Zjo0 z_CkUz_JaH)!(0F3!j}zm{dY2M)k?{_{=pep*Z&93xV`KD_s|d4IsK;V2Qv<*A0VTS zMn8~VAe}&Xr@wSr*#PdL3$z?b7r0e$gBM4TZ_+mu2kAjqF|ja@ZZH$xun#$CbY5FW zXz}I|wC_mK5n5axw-b7mju1oU$*$={X67?C{dVo)E0u?X3{^bI=nEI1FCYi^(Z<#p z>^-6*8P61mGhb z;WBiDFWEW*<1=>t7V+o!5~CxeT>Asp1TU|h|8_}|ZvVlh+Z^;dO#Pt6)d4*Efjtgz z(Y+`A;AG(oGAfIHVA=~O*Z#ri2lzopg)b%N&7&W*xV|FUZeIQ1Me-&(IUfRfX3lRq zTK(V|o_F*E{K=EE>Idr`xJf^7`9-m@Ka=(N*nTzC-`Ga(hGLLDu}R#`>G{!9VQv7S~=EUIxkStXxsH z-}Vz)?bp+fkqsRQJJZFnJzCofQ}GU6p)wpy!@JlR=0Ys!Qy$!ljR_7u>ENFW&usqX zh^a+?Qg|0Xf19C3xU9z*7DN=~!+a+DX9D)$?56;#7F7>PH$LYx@|1uX45W+ZSrR;hm1J zG_l@~(f0=NSL`gUwRwm0-N!p3SHgc-cjci(c|OFNSHeT(D{Vt3bn~{WjjxgVG58wA zCyc#^d|8d(#EtRnV*Kgzs$*U@egxXP$hR>u9^Rq&&eiCzTjc}y%tiWTDRc4IlPPd= z?McnYl@G7dudyc`{DqFfS2Kqx%wY<1kUVKM<1aAdSKp>SC-n3PbhU;#D38ZNKUBVs z!C}|-hS$pW7EemV2jH(e82@&Ud|l4>yA3P~`x?;2>*;4cYwV4g3KklRZD$ACH!^Nl zwss>sO^yNdyc{0e$sAVjj%$I@=OtTN_qjg&zCFHBK<_Y=g zfnUAypj`RN+`5_bKJNDbPn|mvg^vindl?gXu7fWF*WzoZCFE=R+%Fi$+?P6YH*=NW z4F0u(xvpf+rOZ?Ij1v=aaD1dQ*P`}y%vEDjjH3^n?qzMH8}z~l`{1j!zQX25U7jYK zX3WYf9F}YqoRF>OoADjJY#mjbDO(G(T=QqScBm#(29G)^DT9Bn8W%a_FL_t+rlftT z{Nn)lodU)knPzOv!z!rRTidv{%f$r~vSe}2dC%=3+`7yc=ud)BdTjjWsEj19;e$(hygE#=-XXFfJh&Cm;sJ~}rG-hawj zAH~rh^R7`2{J)lc$cOV61Xz#wdTUOZ_U<4v|6{xH8?-34bU44kd5qnuNsr&b_8Y|3 z2j}=}IpZGQ(_rf3mSnXbKjO^c*Pija__BGn#+%d!J1>X6;9YU}ymY!4@}Ra{xn?uM z4|v8(oYL$w>V*HL#Q6C=nz3%euP)ls9*I2Gp%Z?VHyv5XbI3X4bIhM?%OQUmIY99G zA#xTZ|0Cc)_vP3QquA4nKDr*=Gd|T?vmOj9@83X8B`m8313B?|Pg3WEW3?zHWa?brRzE%OubL z>lOB_J91p|*sD(l?g&1h{Om?}gW5N;2KiiD1N}EHv*uXV(vurbunsk@u;yrgn2+cE zX?>_qd%sh@a~^|@lW$TlEJDqL$pzLkn(w14mYA9W8_~U`561%k`qbxs@%}pO=4S*` z`EI9z;~GbVF$Jy@J}m#9Z<2M$DzgrW_KV7DPmXgYL4fgW2PW2};313g1*}`Yx5Qfd zJ*#YqeV=&b_Uz_QM>L?QZ*CfO%(|qsFT_YVL8yz574mb@1c;I5I|wsz0^>v+dAW<6*p-?aN(@NQsiz~EWIyQ>7=GmbvT7**DUkgLmt&KAKeq|+;3k`~Gd*x8Z8;GZ*c5 z(f+kY`e>t%M%uzx&uv@*-_Sns9QfqL^NrLjT+JRQFP?8uKGIp|h09fE$b;u69R|<6 zeSS4dpAFj6yXhn0RoZv$=`;T@eKwfASEq#=w!OPfXA`VCQD=3rFBn-81?CkI<)zzp zf*-z7!JaDZ1E_ZRjqn}a)v-~CQ}TO&d>rw>SY?uagW6xmd0@wK#vyd{Y+{|D57C5G z7CiL7MHixdFF%Pu3!-#V^=y>n}KeKGn?@vtXV6sKyLIeYCw|D37kF7&{7Sn*~f z?^E})ATPH_UhX2lw4d>o_#5VwGhSE5`+U~f{%Yz10mG8C^O}rrjWsv;92nc~_I2xT z@g=a{x{j>hV%5&HWqsPdl?rG4>HCZSUik>a!H>~@2mA;Q6F)xnH{eH{+>OKG#|u|w z;>Rn;Cuwjv_;Ia?w$`TZnw>f{^=qkAD2jqU{wO72XChc=;mnY?mn$UIkT>&6@O z9D1c}8@F8yew>nP&hKy1E`fvFPO)*Y(biqWx5TGbIWXGl(KmyV75x*#=+P_kd9QFo&{lnTD z+f01&nD8dfZgladoO!JRhS}niCo|p{Ym_BE1y4IGt9_C0jMp2Vif}%JUCjDp>m4p0?Op$Ax!2!})xu^b9=+d9*1kk;7=8lZKyPia8uG(ahq>+>7`x8&Fzb$-k?v*eO!!2C-fPdy zy8dgNIb^dhbNI*iD3@aB-#?sx{95OIx%}fVb0&({Kc3GzZk=w|`IQY_2`{R<^~|t* zPg_4`UvEYK;(CAGPxHdkceY+e-R85&Wx(&j^*wcElfu%O^yl@XN6?$r<44bipOWQn zE|c~JN{6~ga7Kq$Y{d23D{m@}pJfU(zKMMYQyrg*Vk;HcYw}5IKW7qm?S0Pb<4Z5V z!|*LC&qw=)6nm3Dr5ioa_|)+?PG`PFpE)aB#D2bB_6!T3r?Re7pcPl1zXVTM0Z*95 zx+lk-Z~U&>pLIfF+(qWB$Z3wBc`h*q>5iWR2D|8Exx<^2efaG2hM9X|qL0FM#c-!F z-%iKpI-NNy?=u&u6}xYY+2;_t`#I=BPX=vN-Si#597 zyvdE5B-gWm`Q^6{v17Jk@szVhg|3 zpUg8iF%8zw8#8&6xu@eWc4s1H@-5zDVkX)4#ekok_IlwbIv*cOe*2z(v*Q5D-4*{Z z`(jv+so0@9vwEl5zn^-wC`YjszB4g=hUc1nhdVyyT z^Ha=2dx>R7QHycHF7&5q#5LVDEOhX-6nw2^4ez4OV-CI|qB8dFUuD(~oE45jC*rF< z)=z8ahbGOwWzU?2pARr+&DWia#;E*v&0lew2)L;ETr7J0L9ys@aQcdA`=!GLz)g2N zKIR@^e46X|jAJKr(O%4*%#(4OJtUfEHErDap{tmC+P|&&eUy8TGQVqpWw!ZEcIH>W z{9Z(7^3E^D^V+B4T~p-a=jVQ>)-tp997r);ma^BJfl$s`jiZ=QIWk;;d11 z8EXd2g)j0yDORX69IBxW@dU*QO${k$J>2!;yxfWD@B25s51-~eY47XBH|l5o0{I{Q zeZmjrGo-)sySy{~+PAV?dmziTuY0Z;JGX3dcrDk2C$3*XI{LT9C-sgqa>R4o^SkZ( z+sX60{lK{fd0NXpiW=l+5F4jP@{+tEW8WapjD0gvc+Hxie;fM-8E5Pp__VQau7F>g z+G3}N4|4V|`sp6;9*a)+x^P8&*$?~`JNpv&vCPSmQ#ZdW>UYd9tRvutw%4^!sG@439YlRACO*N!h~Zqw4{1}>Vp!AH#8 zz@e16asL!|ZnT-{&W(1{ymQ+yJ9BQ(k(nED8?$b%T?%cPxe*&Mb6f1L+pO@{v(4?? zw7K!Sh*ch_O$T_Pg@W-2IW`k*N`IJIeejkVW#nef=%2 zffME$d|TJn>Kd>#*WkC=_EFk&Fe`k1Hh2nNUOM3SGt4&u&xsB^OVZ#8T^M+RLk3rX zcM3eY-|E7XHp&+=@TA>$vcWUW&cEA%+q1yUg;$1s0M2OZrZ z1`Oidmv3kTI&&2|L^ds6n~u-*;O9sI?PiSoOGai!U; zDf0G%E0eV1?s+P9;Hj9X>!0`#>(6_N!e1HY`tK+IV8@Zxzo8=Q`u~2MP2Xwj-)~(t zgM4W>kNSUh{a<4IiS<8ycP%#>u~G;uUXcAtpm?&>%aLh z{BqYHGx=q8Unal&xULO{Um{!o$l1j%|ENHp#HKmhTbCcGvwpA0?g zL&%pA9(Wac;Fafvm#b%`!Rwu|Hr;yRmBXKekNl+YO6K-q@-6?{c~6EvDPW&Jv$;b4 zq@?~UUE1pdlD$=6`veXv19mA7V>$9_r6UJs!w1lbGvoj|hF1<8`mu)(plfK4R~I^% zBM17+Ex)N-J`!Fo-L`Y3BL`?JIk38nnCg|h2mM;|;A-e(4Rj)3!y4p)u{HU=p7F(( zJ9UJRRac|ec3okaSm9lHdCfZyUevtfVATUL#_WzycIf9ApFX8`ONW*mx{!0v3%JI) z-tA}qUVacKr#DXAi#=C@VVrT|hZ$_brj=bC1dcyMHeru#aeV=jrCvY8ml&h*Ls-=L zWE{%f^w#-|Dz5`QRds9`;}$zF)vojTea5L;7Ku8a=#a7tH#ZeIM04jjq#G`gPrE&0qrdY`^aH@$>0cLCQ&(FY4WJ_)bQzJa+@uR!tF zE#92*Y_|K^^e1>4+Z~%$ehKO89>0>Aw`}$=2zMC2@^QU=KgPH>FlIAGbPVYP?st%<=V7( zqOnJeo#AVL$7_2?-$qw->$OY6$ zOG>RtY!A_}e7FC^*xdW7ODQ;NuJf4VCgvDG&*;P+QG8W7N_j!MKILVaUjy^w-X-2X zSS!x+9wa|&u!=sGs1INx9xQl#g0=?toVdOP5B2_bW31D2z~g0uAIW?^)oAO6_lu7! zuTMFB%JGZggNZMo{tEJFZ=E&RTZ8`*U0gYF!cP}o-xRz;@_m9cY537Mmzs87JB{DR zF#ghmd7Deic*g?Z%RFZ>&t~Qsolif^Rk4AQT6=!We-{gkY`1vMmJ#@P;me)K5#`2r z!#_>k#~S?ob>xG?lMYdvEP{-&;o?iw?Ua4u&6(*cVea5U4|LFrO}-br--mpV&HtNY zJTx~3KFvDGpQKzeQv(59H?}{TMM|S_!?0N7mwl zG=2f*Q^ER2n2-FDLCbnpaT?`EbLPNc6naqYmlf#I(&;)S&+uXT;bYbRc#6qSyt?Sm zI*;Q=#Bdj>y=pb(0aJaSY+1V-$QzU%9LDop1Xw8dzDfQH#?YW~vF1_Wq%#@a zGwI};Sp&W|f$we}-^d@lyRHeD+63Pd4~~cz11H`W?tH?%H!3V&SVXu6EdSuW4$i4g zU72z&-#W>}g3bAk{%n%9<}*H zk{;aLR^h+sKy;xRAg*jAF7fG_XDZt4@bYxe4mEie#jgi6P)tE9nM_>FNW$ltGAxBdT)W&uTxB~wC`)+ zYEi!RTG4gv*%Ysv9i$y+l-F}s>ciA2JRSIOwy0p6|M0u(20A#qjNh@2%=1PgkFn>F zx;!plCg1n@0Dj+op6LyF&x$ST!>7MUe3?85V$RAx7}u_I1Sju-*U^vLNA&wa<^rsr z##gB^kG2MOP`{#>_Y@TuHJ?7ZsJUph6&|R|>>oIV`?=m5&%7s|HTM$s&i!R*(LkHs zE}8RXkFWR3qItWP_TJm!H}%26&PI6A-N1wzQHtfNhE$CGHSxfR_8(AFc%Tya&|g=j z7e4uBzL9A>2mPuhgyJ32jSM{n@|`n^N`J9a_M}s3Xj({U~JoG=0BM-lt8%H{yOX7(infv#`lMTbb6WIzi4!*>|m%ZT2 zz7%{3fG^51D5kFJh<1FDe;0gtgFK&X_~PcL2D0FcWa<~e8-p*6cKxm5V^i}px^F;6 z!z&W`5H;XS9sGGY{COoj26@#w(t6h408XRdZACtAfHsHf?Q`C|e0eG7N+$TS_%1v) zekFXFXD>+HgD;=SJ$O}vWKr#T;U&t84k>@Q-pHZ{UxxQC4>As7U6ZVV&%?j`@LA=I zX#bI9`MgQiYYpr{D2IQSPd_%Sys3M?j=ogMIAt3_hxm2RnMDFuLIJ>La zzpxm;ZM9W$Z_u(hTf#Cm?qoyj9i|2e{Tm+G;Sa|{-t)NwhQ{5wC-@pXt-hTz5#e*y z@HypBYwm^@FrG@DS|GjHbJ$=p@LS~)MLQ~S|4y?Bo zq1Vk14qDWFldO|`lP=({o6f;K0bHsz&y9c=k?1ApBk&k(m6nyh(s18$=wc;%G?CYRT<@z4g!_1=k39T7o*Rj6I0_wW z6n5Th;PqANX?~4*n%6VWk=T3ECq@UY@E?J1EHJwL9g~+bvi;QwvSE&a?~ZAY)MI=9E?G^CX>YtwqZ@%-XR%dRT z{+7AH_uO&yqaO{RC;j0Fa};dSpIPY(-d~Sy+sm17TARJkt$#>!*~h1gL-K!i%a;aU zwfBh&XXFbVh3{-+`@Ub>d0BnH_qrv%@LN|{gQtLVKLF>R1n0gE&ee~@MmWXxpDbNP zt`4v}%i!85aLsBzgYO%hJ(lg9IUUu05_m=RMC_AI<;ax0USsa+}X~&F6V=^&Q}s_8~nY<@gH5Z&8<&{ zPnYZOlE-3XEwp&055EBOyc&H+ybgawi`So}d!-JqQ%;EB7*igMuEXmlJFqBqc%68$ z+WeL_@@cs7Y56uvnVN>-W@;|U~5Nfpr;TpsB`@n zwvX|_Pg2L9>$;zQFPBZ1%eS#{M3Rqs_X*|lZEVKpDE?~XAG)RYyt0<@#I}6YRO5cI zFgSQlLM~gzmXNHyn)mfXKjZwt!S~y&@OuBaKAo-oex((j;75<)p4O7>Ef=UpYdE9ke*l@CDog1oDW zcfI_$N0%u@mQ?bm{>P%rEIJ{)nz{sW?0B=s5#0a%0Y{f{-lO#t+|G5@>3I))){Yna zQ}@p+ZX6tKJrfukeEyA{GN^-15-E zhtGRdeb3sCK5W_$yHlHO*gzN3rexQ;g||P{X4;hVoN2=uJLdhgiNKq@Fu&mXmW8)3 zHGQtUN8_K{vhan^Y}E5B6Ysz$tmikd*J?KJ@IK>1ZqzZyI%1op)QDY0n=)sP%E?hK z@RUpcylyV_C?o8F^}c)Yx7REzX|dm(co(r-y(Qt<@^@>ynUw6 z&pwmS*DhaQjB_5uS9M;Zo~x4G@Z#+7_3U*z3!IVfLHsJ!MgHdM{yTqJy}^3z)0VHj zq%Xx<6nF5m#&LdMK%R|shO4oCxK7-L*dlU$3gbn_ovl64lG&>pXbC0|NY43p}$yzjjTnzvlg|iMJa2s^yAi|HNc{-D9~KTTGX)?H(L440j))4p$B%h z-Ko4{t;K5AqA|x>)H-W1UhB|UkaHa(%+c}VwJ81q9@~CAo?*{H#=A4tfp#Bd9n?<+ zvR-{?%>6l@_rfLK11!qOUFEDDP#qYZuzBd!>@f15br=}M^E1YIG%$MQ8^9=(fAlco znRrL$yE9-!yS+L`#0#Ui-k1IP6c}v&4wIZGyAINs)chwVQdXe-9Inul-I3t#)*fk3g%dqVc-(3!r$%YcJoH18-bg+3ES z_wze3S@C^hUa!riHpN19EjPq%pBzBKZ z*-8#`0dw-^1*F$uKb_nn+pfUx#5>gICiufVYNM$h-INuR_fJ;+H2Qf2I(ZaYlWrYH z=WK+hyoV0Bx(q(T?~l;eJNzE1AF)|_P0)!sM6gY|xvzMl-huquQvP2>;a2!lywRV~ zcQy_pgEUX)UB9C*BO?PNjh?lJHQ5Ru5-vRgF0BEVW)1_Fh8`4O_a8kj@k}-!S_UrB z?&KV}WMVKLe2U@2Ou?f%uaC~bBXFgk>s|58dtH@PgIh1Q2ITMEdL8ir);?V34_CT8 z5FCtEX3DONG1G1Uoi~B=z+HRX#GmEgk{uM(esp5rm7JSi#aj7TZ*1!R>hBz5Y{Nvn zmS;oY?L6X;I&&(I^;3?7d_|Hsic=S`PWjuY|7LWM{Pz3Fol*?yLhv{rJPi>eyAZtA zIa`V6kZa~SXOlUQI4UW9L;8(nw)bbJ%|J3_PBD}#=&y%vhctz{h7 zY8et6#xQ|#ZCg#C*z!?k|{%*)N+Sw?@deFfKf*u`d_ zlI&I1da)TJ`?8$&%4;(AFFq03ztS6Cyv7kYH{*|`+Jm`FWz^B>Q!nMEfUF+-G6P1Ow{`QSS zj=w!*`^&C1{`TZ~a*-Q2r(3Z`_8Nqs;X3q(P2fed=oT7}Lfzr5<{7JQSzV#b&oNj=pfm<283f)C|iXH3M+1~b9F#*Oeo~4>@e$KelTofZ> zU(++y*je(IYHz&a&pz>*v8S@$=+Kq&RZ~BP=kD4+WZrAXsPA~Hns(L9r;Yi%%Do6< z`W!I!;_@2SEY9^>M}N||ALSXXxxHou?Y|?xLUy9!;xTmWO2g0XIDRSdfHG_q6YnHu zE}v#CV^$s(z7}()M-(~GjlM2?z6RXfiB8`QPEVzF!_L~t;coC=V_PEsyX*h1OZwnH z?Tr1S&iODdeOG{Us~NwZb$uE7?uQlv*c4AP?rgpcKe(;?kDB}0eHngmR&BmZ8{w+H zKg4(2zOnrjF0S2EVB^{~j-6oJ2ZhEyczLqygW^>CV44r#H@av&y6AhzM`VEP0?7dE zl-H!&PX~7Ll^;L{H+Dp$V@H(uocM5&p{Y9`Kn}oD`)L>J@apT1em~9D?_Ii0==VI+ zS?87adB(oT;Hk9x4t~ZM{kVMyFU*+HC8{}-HPB$&FE@_zH~XbWGw}k(1ga60jZv$<1+obJdw-ZhHfK@s2+y{&X&`J7f8?E%t+qRPw!xr9I zsx5|{@z|3|x!~eWH*+fR+8O*VXN|Q#S@E#t&<%bqQ`4{zTFz%pBJg(~JW#$gJwH^B zzFd#Kyqk9LvrA|*P=}u1mKp!n_+MiD#QwuCY5XC@zzc|#7kFUe#KBjB)8)|CSosMG z+8-8ggnpvXN;Z9J2K&#{e>ePi2l~|ZQNh6uk3Ln6Om%gs*-xNL(QY`p)bGiYkk8iD zr{)9uUGR$e=u*AN0PWeFhAveEOx(KFYoW=#$QWu<4l0)-Rt7)e_bc?J+J1t8HxELv zm<8N+%+8MQw*Fic-f_S5XX!lIaXrF%$cA!t--HdtGu`m)Bt8{n$9398@wKTRw-43e z^scwo*o>c?2tPWk@*(<1Ir$K6-gnsRIM5*+B_E>FD=+MOdtb2gAsWE@TY!t+rSkxl zJ8bKS#ZHbwLA%i}J7*DBt$#|qD33q!{NlgB*EL3dD_)xVoSoZnIyfzwmFzr)@4^$8 zcYQA3=3T!;)~5P5@(lmFWRmz-K??sGdI5gDix|vY;z~nB*o$NM8@qYvK4e?k+A7Co zio?r>h9=PNxXnY)IXN!Suf}zm))g4_^E=j-$sZ!S>>L+&O%m&x1Fji7jCL!vuJq&f zVaBO7WS?e6z5;Za#1&^9;e-8L@9oIEr$I`Kcop!l=!?t>T5VFSUzGHl9hV~R2+ z@&A}$icC?=Mf#I15Aws6z|o~^S01=`spiB-JoyrYygQcNI~Kja(!aIMjA3RCz)q=z-ChbPp- z6Pm#(c*1%|ziC3h$@B7r`V(n)(&nKz9G(y=Fg#&?7@p85USEJ-i;;t653tE`8DbXo?!Yg<8*YIeB?+|QC{>IDCruCiWR4?kEzoM8#R`*L*S3pjJQHc1b<_*18FwZxcS>Eta$9*m~(}b}IbQ^}kC$AIgEh>sr9ykn%Q< z5`TH7vm^7pl4&XUOS>O)&Waa*jcuCa`GGp*Qk=fwtLbyXp6oCG7WO1LTXAsYD#ebc zfeXm2&Juj>@J{Wutu14%to-nQk(=YLx%?WkA-h;(d_XB{{wdbH3;vDXY;wuvukWg~ z{UJ>*@05)jIHhJ^1*r_|^#c5qUCo*>#y|l8%t49%be)0JHKP0 zOgkuoTyk{ORKCT!^>%pI-PSv@t^0XeclvSpma8|oI?Ymi)EPPrYoA$dAx@3%K%SWG`}UD*lI^?8}~p9n~RT zBbh9D3_cY!@rP_$C11v;XM~rMbLiD;uXulG9kLo<-6z85fp5s_J+isnyn~qL4_*mx zObnafPmwd#imVoIk=!?Xw0M{Fngl*s&c1l`H1Skd{x0|6kYa$bG4Mm;fMLIlOVN>x zdrWZfdSv4NOMF^$pTkG~2k~hW=d}F)1fTkMvd_DRecq?#z^9G!Ax+0V9FuA%ZGF$+ z6FFi<;Z5XU4hNr32A_5u37_13_G$R^OP+Okk{6#2`EudY3AR49N&M-g6#f*i3k=3; z0@UvckQW>nJPz#oy8Sn4zs5ZJ+ExfDi7WtFxwn_eFk5lWD z;!lcCMDIC19Ic$_>C^Ei1w!mu5no`;*dW`CEIcMW&Vx&?9ns4?i@bg%em9ffqH{YU z$d$d=@bGnNv{B0&UbPo{su&(sdPiV$DK=U01}nVx2G`%@lfTLEzP<3*1055bwLH#V z%kTRK_rY`jg+12;b;qG^jP{Iur15iTo+Gd491r|XBd?d=Yz%&<ssp;TzdJQg#5(C-KOJFGa;{oeePiX9&c=eZ_E$e&l@rymFcr6GMbH zG*Z(i}v_N+(eGzZRAM< z*SCPHJI=Q*CwF`$wt}fQaGDuwi^j@3TgkWej&-@ldZP^o<`37+(1YVQq1_3bE9CH9(}%-D@ZX&g&c=6RSJ}Mu z)1w_8nngwpAlD?j`Z~O0uwnYv!_|Z9@vlmr&&Q_I9$#c);(g-r2kOQ;eBJ&WD)kRu z4qqM!A=A;#l03WE$i%&U)q{QL9reEAzFKU;+2Z@RSp$#bk6mqio@a&^-+G<#!x%jQ z8Bz}J`L2hTVB0*6kHXL^ar#PP_LGUzU&#ISobebV))HAxj$5hhmybXLit#GvJ-_`I zk2rKYJqsOBim1QWDK~)ft&E)LghKZ zmu%naNsdifZ2S_h1OE?8$AyApBRMli3rC*m4R~d64mi?o>Ji|Wu0O3t&Ppdr&~X-7 zKY(r^9iXqxI|hf2Z%NYepUBJDd!Wk1O_o4&1C1x}+?ep*Hm^Q!ug|!0e|QFbyV&HV z(k3)EW1Y0W!uCnJd8uQb(6bY&|u9u5O;K*N=Fa7!9Q34-M;Dg+IQmLEa2JU z=<6$+!8hWnx$w2ZoY*VC)!jzS8u-FASmwUWu=W zIJ@dP+5V@K!ryw-=z$3xE0-R4EICJBJ#cTxvG3006FpEd@nUqdm%-(=@aw%-^4qHi z^4murUOjMzM-SW~xl-fR1B=_|Y|5?&8r_O_dG)`2R+M=K}P;nb*#8^gitY8_~W+`8XaOL9`>f z{|h|F^&hVU&L5UmHrxxX5PLalTH%@QMsF^64qBnzR?av%8d|9)Pb7s_+A`lW5Q0{? z-d&kVN8JmOwDR;p;Dn4D8aigP&M4YL4T`01eUC3gL$~wCn&P`{DZgr}@!iJTh=VzK zXq~Fn$C`O{G=pdcE%0Ubmv71s zFQtB509!SWKjnOURq%CmH-hW59clE99~->4<0DU-@Ah?@9!8lqKk!^{_k4fMe7EB% zoA@rBS25>=?{d8D5C6qM;?srj4aXm@x+!};Nal`s>RMH2^~#hE(j%uVcB zjlz%3xoYr!>B#4J@$58k3_cv0MVw!7c)udN8k;p8?!3Q_xL%yNmU8T3m6pkwQO<;FWUhk0#453wrv=SB=d!111o=J7 zZe6l}%_zo8PL*QVFSDmgd5{~~XS5*?n*e)JISBae27Zo@th9)jFMcHbt~xZd$mC?4 zZoQ^4U90;+Y|(>5CSOwf+{pt8|AzVDgu-?K9LaJX9oW0P+I;^2YAs~Fem;7 za`M-V_f^Hs$OSr=Pkb$AuQ{?{2w9r{ly@D2JC z@93ltJ1*;el&&IhYpSIiQdiwNny^cQX>2o7}#(8!beF~?R z(Wmn8gwH9tuqWWBVh>HE@uE4LDS6IN{di)D)cZEpAS`(NTE@KH%ZGDRGMAoM;#293J)K z_Mte1o9l|sxG0JaR}L>wj*jSFw2GeCq8!s>Hkr6mi+7*3`cfPc+_!VH_| z32{*${=z8wp$~tdbWgpH&K^|#$Pn+D2k+5-f@|PUTRG2SspAWbUBPn;h(mlt?}l$6 z7u2WD8|frQ{`5xlt}7Bbo-M9_(CCGZ&e z8Xc=)#gzRGV*|~^{Y}jb#qXD)e`(xhnp>Ir^0j}4z9#Woc<~>^a9ujl+)`+TyzwCV ztZGt3fN5=d&NzB*H!$w5vuVf3fXilw6_1O@llyC4R-H%qzw*s3V5RdfOsz6_$p;-W+o-zCrS!~CF?fl3t#_#Sai1A&x+W&E69?z-|J?Hk3^1Nha zh;yFDz*`(y=|AAe%21H&Jcq12n*HSji86Awe(}M3>xR3({1Rl~U&o}@>yN@`!Q(yE zocW~sK5N*+9w}k$$TZ1B$;VD)v~{xZYF7AjZ6?>lta&2W16ZWwdhq*~~*_~d4e>?s7iGN8B|A)SB<2&tM;Jf5oPN`fiAxCv+h}vHxfCh{5O-_3kpywaO@2Ta5L0c0<7HEHkI@@x2m@CJTALyk`3yuK3dBa;lTf%hbMhI?M0!|#;~Y4AKU z#^Cwgs?&t@DS<9Z>F59(fL49m<)*?Lq3KlGAoKIZyCUcif{qG$G#C zgq(Es0Pnc(@{W6=Gj4dMo3CVeUD~+aoVN?Wcfs4`eai=J-uFp(pUF=O*!j7erN0NV z<>#W8)}uQdb8GGbpF4mJ@H|3(ZmNFCGrizN5+71*@hu7cl6GI={1+#` z(e&Zww-KMo%x|m9>~kQ1uYl{ltY7;3ROcy?v)^X7OK%f>E;tx_0lB@Eb?#t|cbPNW zw(Pv@1e1gGN99RkOPD-!a*|}TXuRdhX`{^u?ae?((>j%vOKu$>UbFGtb-kyt2M8P` z-qPa6Zxk1fUXC7vJ_wJrbK3Z=d?DG!?!MGc`ftSMTtjR)pV;pdVn0{&tha7*KhLZ| zXVf0lM)sh}ew7?fw1s|T6N!Ghl#di*f2#JKqEp^A8J!Cq>Tc~j#l~qwAHSD1yM*rK?mJc8rGQ6IUq)Zq z>Ms2|{i?o)+csJUU7~Nyo6IMAqxPO^e`zOtS@oB?7TdLwcG6!r`tL==)TBqM1{1M) z_HWtsLKJg7KVY86_c9m$ zkww=vdn8o{w*HvS5%kE~bbWUvhX+M@?2_eh3h z*VuIm3w7=VL|t`szdZ2B>|X(gJE0xzTbaywUSvEmXvFB03;4u`t#SET8|mn$(vN=| z-?=wSgZ}&t?fZcr37>|BsF6HGjb!9>FXL7`CGUFh8lOr+ z7rWlsJ9`Q`zb7}}-a}Xr{!tTfjUPEL--StHuNlu|%bgcbLGCBvO1nKed&L7+V>^P! zDPvZyBYE1|cX0Y>XTL#Xrru@p_PL&IPfO>0%pIL9g3ow8e#IsDsr=COD8?i_7HsfW zh4X-k{K?3rJ>|d^Thz#^rTD^P(1d8z&@8r}_B_Q;OVaFb*AI_oudqBcJI$fl)A$t4 ziiW*33;#AWduAHVa=nUv49#-y6MWB2v$n5#kT#l|_5u8v?_T? zbxg9pX*V*&?6E~=$1VpJ$iq%}xnzp=yv^l&$68=K_cDBuip3$9<#+kcOUe_ro)L~l zfSqc`SG)W6!Cjqa9AQ4uW6%rSefw?TlM^rbRxi98SgB5R9&5Lsa~gcCqkOu?#}Ke< zno8I6`s0o6S%TasW$!V1v+~uu{%p_L>!0tOh-@!GwxC<~RA#r2iT#@V4yPte$l0&Xb;;J(8lk^N>;itr0^S?} zC)fCLd%t=dzLx64LkCBnOY)!;J19wi>YMXBV)Wzoq4&BzJpZ($zcsO6z0%vSJr1)6 zo$J~5qjvtqrn_y>o!PG*B5t0g58Lr#Yqg68Zhbq4%KSfZ4AudmX(F`b8EaGo?ow+Hhp9p4XU$hS2GU*mL(LZP7*0 zJtvrWX57o;ZTPBvl{1Gb<{()1!;`n=+cheBMa$!eV~^&Y$DxnGZFUd37d*02s4(FHr1anh7I1#TF4Z-sjuO2bZ8oU(0WZAVd_s<|EypO&v zB^PReqnDQFW7jaRigM&Xe#u$%CEC(>-L?_nQOw*@@|>9COxl^e`6J-+$--r5GZ!wa zfBD!mWC_po!qbzuoI^&_?&ILH`f>a4j^B)3IZpW0mE)wktT(!OPHo=)ojj*Fc*^y? zmELu>??p?=#W{~WC-x`L2vVbooW#xSNt`SB@-}&Qz+@h<^2*wIz-kuPL$k>V%K|Ht z^UU@CS`C~+=rTEIJ|~=bCf?y4Yf3C4N%OROkF#04a56I2gZIL7Gk)amYVwUFcW-p} zcE-K$u<_p1aNv5j8W~-$+P)Cwgnbm*5~F@moSFfhv#JKWPNSxT_C0mxhkMvhw?@33 z_0zhE9z{(aXZ~^cufOe*`56ak#lYFLrlyvhv{uJvS*E6(E&x($1fAffx9J4v# zwd)f&$9%W_*k|%x?{fVEHGi_@0{&jxKM=C(ldL7b`u$K^eUj6BgCX+T%8o~-A^RfO ze&YQHDxDf6V|<*aKz$_UQSZdFmJt_QFW6paEt&_;r`FKRvuo(Zy*UZ?TAl$+;>f`e zu$X7?$fyCvX}=H~W6AQ_&W{dvWJqKkur@gd+anRqYzNDW^dD%m{LL(Qfv@TvINVc^r| z^$XhYIqfLm^T8_dBl3-p7Ct;fJlDgIY?+jy+tTjDbojLKz8ud--vB;yt-+w#$5$M_ z=)0LRP4uEzf@s5!KO)ZWZHJH%$h2;BI^yT#?~{LlJd+(?Fv=R7#=72(?bieB3-L*q zXJzy8`$s&h^Fb7E()guANtd!|$F8U0{qBvQKF)fnE{Wo^#pJxs)t(Xbq0Qiw>U>2AY*;S&iN-^y}{<;?p}~q@VPAqKHGe;DExJ;SBG?=BjWR(6kUjCxzNVkIjMQxx@i@5|4ioJ7Z|a7<)QiqRR27{9wEt1iyQ#e=qbVnSB#%d zI?-HTUSBJ|?tR!6aqNuXN%#ZV>#u#XI-6wvL&}r0_j8~Z?Mcy#(3PaSv~G|tW3}%m zcOzbdP7kfPYqSshM0!#$_r3GJgm)L?7b!+ZV!Y@!_8yc=(47L;&e$K6{Nnv_`usTG zw=?btIbVuxQ`>vsts*<8C5Wx6oEA%;T;GVE5M{g-#9h%%q~mSTo|#X62RXbPUm^4w zb;k1GZycZ0a@ymMEa#aT@?q-8yT1szL0$OWJ>=;0Si$=v)V_@pzm6S~xlgCyoz#6g z5mSR;RQPn>>4lkiLnp9F@hkDWojG<=Hy>CI%I}pYzY@A~9z4XYhw>uuX_8;*3iMid zjo|LD1@8QQi07-QS5Urfa`+#0JuRY$Gw&`d4QqYR<9Y)A=-Dp( z-zJADf{)Y-|Fc~9K z(^^C-!xQGDUE5F@9>X=)FVIiF5pY~Sg160g+jp?f^Sy`fUVUl&d$zvxtXn@YV8>Hl zKJUo!6zO+wIzB1%yw{}XO%cApBfUN;6CVuO^-e}MNEQss-?t~l-^VlEAurEL=9H$& zflxOfLS&rsNBc)Pxz=@=eY)|K?s(?C9{hbnZhWvUJ)UBZ zsq?wu;9bDuP2zr!S2*=ftaGV%a*f$%V|-BHU2H2lRR=m1^^&6CeKk1u@Tb1M@P#MY zvt^a6jFJDYn1g&>u_0>?c*?%G^TVfl@H7!GWWFi!LViC^UWRHX(g*%&?!yOSL%})F z`5f^q;%+V0wvv>(6WuQ$3mH={V;h2Zwc$rloFvM8I2U&JPWabO_?P7?XwF7kzkb`v zEyqt2o95EisIZSQXYek@n8LgGeLG`L@UC+m+NyMDYnn}43El;NNa0=lUdi*xxlK-) zTOM+1nXl+v!CkQ(!9G6U8q6amq#V6`VnT`yiT-+kyFQ=fvr2KUyg4Q(rxLpVR6l&n zg><&&-j(pp@vit0-t{BiW$^Me#wGY5yA6Dh zc|nu+H9Fiv{$>V$%(8|f%o^Td%OA-d$)AwDhKgs1FLu`O+behYeUQ8b<3mM`yX_Qj zp>~-qpQIP?`(4^4V6yF$6qtD7|4e%QAl4>|o?d4B*vE#i^33OObo49U*9tBeI+|==uIA#%!o$8q7%FyHa-ydy?z)x6_^w08t&q`X7xD?eW~I*)2-rs)38 zIKVsdGLPBp;)v?CR3n?s*_Gf!#K8w}dr$d2Cxv6mH}l}$DZ&TvKyo|=j>XXDBGN+| z#)OYyPUUV+ANm+)U?lYEgxp-2w!ZvsVvdP*1#i;%)g6KXYa~9EfNx|<%G}GPW3u>yK1tpr|X&P6I{|0Xps^T=CPE{9^H$|uA=e%8>M{A|lb_o8{)po8_H z51MJ^Ye?F78Dg61Q@V7ZHEQ3D-Kk?^;&C2ibtdVN@Ug+jH0pEPqtE-Yv z@StlNpU~^ipz}4*xz3^tc~R>3!yQzs^Y$Ix;F{uE(chDR@(5N;J7D~9Fhn77BMheE&V+qQ@87=x|} z$J!W6UC_clDQI6x|JU%ILf&1(yJaI^f-Td_wI1#bv4*QyTk%;F>);vLHTT~9?z*7Q zI@gVV#i8F$#?*BhJ}>Z9`1cmM@UO6zM&_dTMUidU##7IDTs-r}K!g{M_uDw z&#C;sm)Rrp*D;e4xIx|{K16hK!(SR+zf`tMiA`f(+;H3Nq@H%j)F}eC?z1KE0OC5; zKRw;#5B@uC;=o#d_-!Tl^3}iHrls0Blk6F_DZJD8>eJfvyJvfSpEi}wyVBZhseXz2 z1%>rbwbG_8dz+SOC$H(-de=xhF5vBFhxWfYb>LcP)0U+l)5ggYy<7d5nmQTtV(xbC z=%gq$|< z5OurpS=2#W9ne+;cvn@Un*`4dm$43_(`tTK^E=MH>Eue;vdPXL6%I`VhrZBz;o~KRDM>Pz$evP+yXz{0PX4-8;@;%7Fzpm0)O?s1Mk>4`!?@1^%v{xv!cp9 z^%wu>jOW9=Z(7>>-aLx;<%%;#;JboD&ijS-eRsSs!z2DWCV3uxB`}fvQG93#yej~l zC-b+Svx=hd4?p}x=gQ~tH-+yt$g^^;=fiWR^7kgcHzF&HzZ+hA^G)xrLoYBsJ_G9x z8`kdl1m}&;yu};-PZ~UDnDHg^qfNccfc0z{x@mp``%USuA6{5;S8)FYcUk*O{Z5^C za7cT1lw+toW$9+KUU1Lov~g+|dlg)MrE%1|<8arT_^-|e+X(-2&jyR7jjtGAOA7pe zm0vIehWY%}0JkONcvk|e0{-3<9EojIqR$ubr{7ET8y{2wf95_h?|@Y`XDWYnR>3RK z%l}0#Bm3O*%}ao7L!Na`oH;IGJ+w!vfzQ>vX9D*&1e|-Ui@C?=YTh}Td)v^l z%yamX%soC=YYg0ra0aZ-VX7@d7SZ=AJ}cmtLpQ#=&T{Wzi<;;8tcJ$-bMHv&Jk5nK z>#Q2nN!m^3f9s4eFFf5j`;mF#5%8tKrO2fyBj zT*=>7aCjp){37ddHGlezZn@}1;Bz%_+Qr`rzL(*RrRQ}1 zmb1M>-`4+j|83SB?-{qf*wcH_J@%n1CFkVDfFr=;aQ(S+_I5Xn`O9~eT!SOLe|6!l^z*5WR!m~I{9!Za$%-?$W*HPe-E< zt-Jon`q0;DlS?1k+LxrMbbTlrJ$dz?toL2s2M)UP*-TD?cfT|Ku05*1S2c1KF^Y!Q z7p{Y6U?<4uc|1Cue7%#|pVU-V9A0zl#-DVZYdt@eyolu$R)0^hBph3D&HnDOzUB_r zzZ*Y*+n;=*9n}5pJh$O_V%^UhI~Kb!f*)Y+it>R4)cxoT+56Urngq48 z!?j6&R7*9#8mBG}dX1^*Wy!E3qqb8tmHY_*c%x zcSbFe+2JzpSoy87evYx4HEvA$&Mszc*L!$^)?>i&$6s=~)+FhVk6doy^Uv$6Jk44( z#md`#5r4}6xclJU_Yzxd-b!rs6y!pDF?MPVvNSI^r}S&qO;zx|t=Qu~K;Cy31?RjO z@!bS07rj|a-A+E0E7psxjNf%aH?iF!U|7r_K7|Q--?ilW_*X1DZ!WUr<&*Wj^1NE$ zAXu3Bglzw}`WQzadS)%}a-Z4DJ90gveE`1(F7iwLH=jD+tJIg@Hxr(`cg2eHX0GwQ zcIiigzpT01x@pGH5P3t%-_!$GG;_OU-=D&Les__pu=OqLrlRBSd8pJ^(ARqcIXC1L zh4|b?O*Fw!F%88wy3sXy<^m_hEtpFTzkh(dq&T=Uk9BMU$5u(-c4*2AvUZpA*BS8d&O6w2uVO`;sGFm?{rMa07h4=8u9nv< zobRdum#q9|FZ|3q!4>D71_xsyg{;XVtjR{tn&`|>)dzhN_-Jj~4h^NOO&dPGT=Q|)<~|QBMC)1` z%{3jr6%$gdSaIf_x#Tlo$E((e&lhOU_vJO$SiZghW3K1(9%$|&D**fpcGm%a%L;Hm zzpoLz)|`5wk5a3!4;ot(J=YrSIupFar=|L%--iwq%jr5395Z=5`A+__vzLYWY7NWP zj?amPegf?u;d26iCFZ(nn&h{S<-6`5&);$UMW9jf#bf!dIFsO4Xs!p^|D?Pf`hJg3 za&N-&8Q;r%s*w%*R$O!5OV|$!ptqIKV?FeC4|ILWxZ>s+TzelLwg6f+_l~pgUCO;n z{@M4M{PYW;+r&NQZ0`M@HP<~)pNePBA|LNIKK50f z7mv9FpQOuUHe)~K;xSWv{@1qNVcpbA-;dn!l?SHHMMgDLgu7Ne@)PQowvPY@sgHS9 ziS_X7Q+y@6w;n9LX)SFJ9NK#9Twlq`Px76ObFYj4VM8tIhF?^(w&nbZ)|Wx+qHEg+I+ydwwcdTCl5W{XCuG(^Lvwe0sGSMPl_)D2X9D= z9}hIz@!h@0OP(B`h`E^jbod~Aucdm!>~QtLH}CONYlQe`i^cC~xpKrR!t*DR3j&@i zU)wvL9r%}Hb=I8Fb;w)Z9rW*iE+YF4|Ge_+lxMNxdyH{DxDCC>;4O+FDb{-twL-Ml zrgOgCPITYRGbgYX?z?PRY2$o>Ropzy=QF%iIB(bMDWK*~VLS11^3I_b`s(JLJ@nP9 z_lq~^9klPFT{rkH8m)xS&9{8Jdjo~LrysoM-j}SR=DSB&&lHn`u39eA9bR6skSm`E@E8wFs_-*xyBmNCq6cp&mw*L3j3!0 z=6z&k1JmF3-pbAblgWCFAsNt z6J795$*rBle|LVYG~5k7KgztifyXZD0`(M~67CT%M@I9zzvr!!!_qIvfw1pS=03Eb zGpfz~8-3v(^pPI+p7mT|4ZcJlMW>uX9dOz#HoyCemT<;U4Q=Y!pFNR2ttYhSD3WvpKTz5-RhuY1|Fe(`G%IDDZ@X2V-GM9uUtj{O}r<09V``<5HzS|CpZpZP<1E(0U(0vib%wh(0h>Ox7uTjofBW~SSyDl5 z1(WLqjz_?8jkjF&B^L$k+G6m1H%I21i99*GuRqYYt$P-=zrlAe&Bn$6-|@hCBKU>; z5FYqF>lGUVJjTPvCjt-T#{*gLW37qzCgag&-#cT}`IYkR)H!RV&qjD}9x%-3dObQ$ z1w8fYqCoRqqw<@ZZoPW{PVB%MtH7*P9D3a21X&hxx*7LI^_dRGdZ4b9s5 z?jHlr&=)z$Cx?UR#mZ-@<~`p2>kaJfvnuY$27BQBXit)73f}DwjC0XngtZbci36J| z<|Lh_jGTQh9j5ypw60%Gdym#txb4!ro^kQP%{BAJZ*2S6K96pO&Z7&Zokw>cc>Vx= ztYh8Uz^V0&@nPXS@|Qp5TnYCIOfDOH-=RTrY_?SA+2@+P$oHnmDeRl6e`*|gZ9Vs~ z#;jK_bL>S&F#C+bsW^RUJ*7k6#~uOYj78xS>f76g{T@4K&ikGZ`pB6BKcyF$8lOYd zHyJvHzcHI5A^L?Lw^PTW5}K=nr^lCr2P^pl-$c*<=Dl|V*Kgqud=w9O+I#QIT)&;a z2e`K`IQWG3UOm?vt-%Ip*gAb$c)RquN}VP0m8Ybmb+!FzT^I9**CXf9t!HcE;9$wO|76ao)mgM%;A+==U=L4{oQuFSWp8ggS$ngOBR{|&?xBu^aJoUk-XV}E}5`5-Lo?o0C`<>o!%lxYe!A0Ha}ypH)H=XV}A|2 zO2kl5^1Wo&cNf0#)i(7# z3tQIoy@PeAW*th&JKTuAr}}`)=v#Rg*MQ@7yhE~1GOvsE?gmE<9oG56x3O;i3S>F^ z4&sbsDdX6|IJBoi`waMfHhv-b$|fvj9Fq6nVJwCxI5I`}`DNBy^E{;W;ZxUc=9*|n z>m@$1+F6?o9^N1x;nm-+HTFzWe~W_4vAcP`neoF1hM8d9bfT*RQX_Hn3}k z7Pgdef6zjYVBXvt#k{4T zXiuwfwaCE1hDkSeU359Lw$kPWJ@xQt)(IQxnWAy*RiRFHL^Q+t=^X9r!QTXLna?u| z^qfDuO8M%)%L}){|KgR&`lwgSuH>B>yT+;hd+5Ild7$Uy%brY)siv~&;d79~!nF@> zp>^qJwQ+*?H6_9J+Aj^R;REvG@GySDA-- zSEH>TtKWO+cR1%)8+vQB{Rf-z{igd5V({Tk)B+}g&)fsQynWoa79N=Y{hLeiyGSR${ic?M2Y&OU`F)Rc zU2yGu?AHc@=MQ&sniHCc}iw}ju1!q*;S&F&s=J<|hki-XTG$zJ%I zaQt>vOnCT)`xm|tGvk~UWqqd8w#YY)cNFz)#MkgReLjk=_!#{fd5bO~n@#ef z3cF}CICTU4EN*#d;lt-Ws`)1SsrsntX9+MmTt7?54_rq-|4ct6yVfnd{h>C~&qnlR zGiT0N*PJ&{ui|3b+&;Hu;R~PHXkdFW^5Nm7;e{7mw88vd!W_&qoCB+8R-re;r?ym6 z>(=O<&|2#V>)Fqy^;3lmGtWg%HP3Bl9p#hxS)TRaxwO6D`j&;aFE#U9xjpfY(@onY z$gModKIpEAb==5bD{yNAZVk{_G|zfQd#D$Gd(Fa<7P}9h+XptM##sf9=zUYD%TS`R zd2lQ-C;WkG8-=HvIR%q*s(_Cut|1vR58l$mcseCRkRLwrj-P&YN6@Mt1LFEq(c4;&w(t&iLOl+EDuU&oA3_*1kOEspM~^Pr>1Snb{IX=Z%DPV^Ut{!}k{sMI${ zcJoj@GUf`yFIr~!3d4JWjbuzO*Lp+LeW4%4n0jfStaWdn4fdbllG%d-eUmpbc%ZJOSJ?ZCJ|~YpV71wpmY`k!sV7?uU$*?8s;bPf{Q3_gyD=eoz-o)bBQU7_$8> zqoz6fnDaZE+>s65UCLTj0wZKa>0$7oyA+v-eEdq9JW~A6>#vbK`ZW3dRU;W!A$5}u zxb%^fNnP>b*XN!=4FPZdON8-88Ex=9s zXX?4-0zm=6mUzqi{jI(C$v!9N1nBhrynnp;eDXQx?7c3}dY)%JxAm;GfV02~JY%&N zPB5@>K9QgK$+J&}6;w_TY=5P)oXghXDeKP)JmaShw(_`|0PoNfs>5?rPq}52sqf~L zEhYzkvdVtdI^07$OXjfN$J*UKjhAQbJkvQWHQ%rfU#(}?+5LH8E~gFgcg-^3M&2*B z=FCw1QnqQib@>e9Sj77Bd!xXt{^I3n%isq&C!2VE-Urwd7BPNs|F*r)IfA?}{tKVB zy=C*8;?a_`gP$dqt2F0t%?NgJ$5$1))Q5kA%s=G6`>%+z!gKJoiLKFArO88>87!T0 zq`|HCU({=M>Jh_f^-n%EZM{o8^qRp5|79>_ASO&iqy0PnbEb7}Dv;1lK-&30uOue=MBo3l`ubK8Q{WuxF%# z7;!ar#A0YEAG88JTg~@;*4!%Lp(ylI+%k-8QtauM%e3Abcq4Qs{h^QQh{+jR(yrn~ zf56TbjFMjmBS#vvj)?mh&v!`&PpuaoY=9Gm=dR~Ygcx{ z`GMhG$g~&GO^@>bIRD6Yjq6-=$QJCIY;11)H+)UopS%H^JIk@TbFjI)jXjye*(SEn z^lS1>v@R5tt%**Htbm7?g3~s1@$0n3S<72OR|Y%j%lO3fr&xD?|LE=g_nO#oYj-U% zoI9u^UCy&E&VA_uKIM^gQ6B%(*dzO}xB6>1bMyhL?+>S=kE`ix9(|(sL-+B$f$zN2 zcskp#g-t))`_eydJG9=|9k@K$-H0A~9UZe7c(&2U!*=Byb_buynpB%`>wC(z+U`U zxuZw@sjmR={0;EbqTki03(s?3_&|Kles})ISv!>f5n6x@0-lGdd26U7jknqbEPZGDqd^NDXu^dR)_v7D82BLv%rDINm<3N3$Uqm50mDc zWMm0tBES=YURsw>TvfJ*=$1VG!!@bLU!}8J0@H&L_AW*}}?yJ&FXXkxS;J}t_zW@tSjvw)w`a=8Q}z`3pnW!b8HWe@v`!|vsU6D)-KIId40f=5 znY-Bs_}^w6in9)DsX)ecPXbSKkr%U}mH1Y6H8!~Dx+o`+t}*)69MHL4hCgOg9y?w0 zM`zb|6MvI`6@q7U7Ec{K(*-X{o~UiLX}53n$sU==ScgHo>xX~P;O$#=VvbCyA-4On z;u*-AZOofgJTws=QXKdT@WmE*=s|eME9+WKLX_i7aJ)*!Hw-gN49@*4Gxn zhaugw$oK2`uCd=3=MAT9E@R8Hup6PN!yE2e@S;#^{!kp^R`}8K{JH#cJpXe)_e&U9 zJu%TQ(9en94|Tlu-$>E^g(ukl;Y>T8ay7o-r=!Njd0uhu$W7o0dPSgP6q;s}Z@q=M znqvpHCfkA1A+iJQIBQnRjPHoA_o1NifPrCQs9eY1|Cw2k(sOIhqvt~Kd(ppBV)-sl}4_!8JHa=h18R&D? zGVn>`YZ<#4lg=8%w%WOy`RV3aB(G&?E-BXZ-{dr8AS=w;2735E`EBR1NpEGfDAuL3 zqB+>Up!&GiOZvF4JC5f2mOC zvn8&lhd01$_rfp4Sv7Bm0mHC0Q-j0oSbwWx{lk$@%Nf7xcMON$q)TOc$(Gjo)lbb> zbx$5Sdkx?a`K`E|v7_#=`mVuKvI#-tUf*24uc(?3`Fg&rR)%F0%Dl5D}61OLkGo5+&ZCZ zU`8J7!-gR~v*Ud1$+_5*-^LdBBKG7W?8&=)8;mW`%RG{eaSG#=U75!}^C8}r_c`a& z<5O^MAh`QE{I-wz*gKnj<`vwNgFNY)%RM>FUEPyo)6N>_XC9W4d$^yxyfCa>N|jZeD@~$xP`t}F(#g6(8mb+ z%Oqdy%d}quZ8xERYjx&kt?u&}fo(UkWyU(r5QPW0Q?$>W*Tm3wE(M=W&RJobn(Q_0 zZgN<}PhGMN;UgE9`ZL064N?v0L|8|?Ru?p=dk-Va@Sk!1(4X^ajI z6tD)Eg`5}(ZclCbmDVHR!!Udpfe*d7^7iG&uFa$E75+a#^%&snD5}DC{OP+=I*=5 zD&;?P0cSUGhUzkd__Fxx6N1{y-?PYxvx!HLO%cgXd_e9+&r=cIEHe?Vj55O?-)T_`5di?)fvn^N<-Q zzP5wEd>entw;KX~O~j#7BFYBY=FWzp)MAL4V_|j1AUO7a&nggR!=*v@` zIGyz6en(&S8hv?c%WLGnNQOq4YX@gqee2=tyWs0Z9{OSUj?)_1est+jG+dQ}hH;sN z4BL->6y6Ua%UqgHdSKI!( z(X+&WSf3~%t}z3@yS1L&y)Q7IJpQ|}(YK&mwxC-ocvp>XuEefP)YVqYm*D~FYPX%( zwaia!Chb8gLRTx-XB~FPR!^?abJjYes}ztxPfIX=em zW{iG*KUYQm68mMg)Q$;mCWlqLJPVlX8D~A?%wn9ev-zDg&TRCX#%IRP_%<^>e9^cq za)vWDw{EPOaV_N^JEY<`W0URg9iQw#jmzE_l9ez%@$fw4(Lwn4AoA!vg!nPd>a-`^Gol{-7Zr`#AO__Oa8h_?Ncfy-So+HcoA9!Zs|b43t!}wqLX)P*Nma zM82Qk^V9F4e=vUQ#^k*9FncHbKRDga+t@tdTlR48c2T+RPny7-Bwrgnrnsd&XY5># z0_5;hv@6*Cl=a4anXAl&5y5kL?wRu&<(Ip2-n8$T^M#bP?Q^T;tKi<5^QIl`dkhsZ zFY^BqbKZep=Z07}{Cs_yG1znR+&_B^`OX;Jc9fH%7`t*G{_k?j9)mwbd>Of8)t(kS za+^&HgGZ12wfjHq&mPCSQLH^3 z#HNxxw3oR&`q@i@qcZ|KZ$=Ke@q^LGp|h80lwZf_!_}@ZG2s6@HG;A;Y%!_ zE%d9|M|K}$n1@|{uiZ}sn<91xe#%048yek>zkC6CI@s*&>tRo5ww){N>bRyO{SC1@ zh#NwKT4>;>yje3O7e)N1+~BSW*2dl3XVJBkekj`o{X?s$qjkVL&$j)5q5(f(18w$D zE@xz*FLzA9lnvu&X#Z#wUqgLM$A2))x?kmnpH3X&Y+~o1B_2e)<^Vi!0K4G;d~g6? z;=m}4QMRnsbbRgHsgcANy7-&?+n#OE@nM%IE;(tQ*hzjy1Rqj7aX0k42l};P-z#rV``seY zOF4F7=InlWq*J^BAIh%|-GP6&nf~FEH9lg-+2mq!*Kbb)u@z{R1?{q-OAYHARoIOY z+6&X3>{aPWt;fE@JNcebd{60q*?Q4ipcS-^uCi&Sd_no3Mz1AfT9sWz(@Q{$X%b9LQElH zeF7RP))A|Nci@+v`@sFZqASngB_m_ti~SEUPvNC^w_%UN&-)tSX~sASp6H!x^<9KL z^cwNs*Wt5QvIBju4(D#ZcYpBa#mjF#cFCB$4VUDAU+B>ZExMpX44L1F%s#8T{rW;hxxw`-rfHI@&bCiyA8TL48I^NT-s^<+Lc4| zI2WYGH>x-9qyB3a@%a*Z_mBhAv@xSL$iEm2)2KL1J?O1{%)R~0J;hNEtf0@E$p3WZ zPNpMwfHw@>KVq&Lx{d{JXM(@+;4z=E7BTKgjC(4$od%AlgTG>MI+K`ZDR`{_ud~4` zc$BVc{cq&bSjKTCyf!{y>`3iL?3~0{r-F-V;9@$sC<^f{Z9hV)4;?053lC?DxTfKyPJUPT3~)0*dJvK4>Oi+j0t`i ziHv?Ed~R?gy6#nU-6QC_N6>Z13}YK)!yhBjb+!!4YFS4fRp?&sSx1&dtC35{v+x39 zzRZ95gTEbP-A^2&I9iiY5?Vpu3xQ>+)`;0-SFN&)eU-;QsFCd9AO7%5|BaX$jBqYq zG&-QGLWhwR(9XyquCb^>uIa_4PdL z>+5~e*LUD)A30*azW44Z>-%M~wL`J_1JHZlqjnjURh=;Ok3jz@H0o^h_3eM$Zm+kI zSS|TV^9rqv2g83AJXBL=Vk99x!*$&2$y{1C>VpQge-K@N2wi^=-Z}&w``h@hIcvMO z?B_=iBjR~@7yZ3p>!n%5Pa4TntwPRMaAvc6$B^!iszis3LWjsMR{IC{P_G6&z7CH( z01S;~ec$l%&zn4doBs`E_FeOLkFoiOdy3q<=D!O6*nUci{kpsIjLwO!&M48In$QEl z+CZQ1b`yHDksMlJ(w#mte)!(ehA1$^fMFEtM1@n>m-1+t(Z8;a9Vs2#2+bLD6kdxm z?x^^Sv4^7B2|D)gzG>@N&6U_v)>)K4hdrV`3ohYv3Hiep5-Wpuo1jSx3J?3pfh#I}@6?dmf7}4KNqk{|c-TV67xaAjG}K;o0!bTpzjtS}*Xi<_Rxc3;!&F zH>!Po`;G?>{lEb@nSK=wbXkDJ?K0EuK$L~yrZVtVp{qT1tcZueffj{_O zZ~^mgKH>}$_$&9{{AzzSHP3Xi;X@BJWtaXyvCYAtH0nPu2 zoV}2q*vMXQJk+#d)-J7<;p7R)A9ve{Jqo;!!_$x2{`mF8L$@-YwfAugc}#8OF?Bk7 zALZl9hfusuc9hoH))`fv2@jUsy;i2EJDQeHeb$o-XNo|k78dAM($KL=YcE%v7WC3^E$c8BiH@H65oHW9 z#-gzmSsyf%=O9nuttIGE?YpW6t|gZBgko;ktK*d8@52UiM^^~f9$%6AJ)6tW)n(X+WqrNKtpg92p{vW# z)yNg_5@wD@Hd9ZwyGN&Z=R+pAs|I(~;7)r>{NT%s4O%Kz{nGb6vcog?$~5;5Wd=7X zKJ6J>2V*04$X%ov9t9)oyUq3;m8@YyJrzBokXB7h59_J7cU*v9BF%tg%MtS=YRV&-Y&Dse4|- zzkdz?{%+r?8y?|VcQm);-C}InRp7h<-)0nc%tG3|4dRzo8Uc;UhEfj0D*R66|o*02G3q2(Fwbu9ERCw)e^uYtP^?PJ7#n@kxrF?Q0Xi)3>I$xo17W~ek|FgD-MU4-a_tTBQMIPlA^mmWjNsb$xI1np^ajQYH9n2W1Do=! zb>2=Bc6{=?bZ{?^!@xaL4%{K&u82SPz)bs}_dfT)Y-~8mX$R&tl0(;B5d4~8rk-da zd@A=|IcB$vwC+dl6&pCe9f;G#hI1UaJw1-wK)g?2+(sJ@^AC)li9ZL%M|t)*|KP7# z@_X4O!A-I&i)0Jd7(9LsSVGa+CAGSj2D)j_qvm7``mqjp+ss$)ncv2Gdk6l-I?jk~ z+vrVDkJ^XjQ&#DkG}j*rmXatavjS90W${0sl;C)_&t0JJixfu!t>Epb`1AM z_RmN+%LY?S_X>VDAtTIwTks^G;Tx-&+ja0gv^IM-Xupeg)VA`T@za8OCtmL4o%+zZ zQYtGyJ6vjUrjxJtU2=FzkzXx*ZW4U(l3>$$O%wOhI^zxR*H%xs^CpI&Yx=ZbK2g$k+&rCc9*rUMh+H#^{`0YU7bk=*k^wT~J!LIX7 z3yEQIckdpJ=Y|nEd!9`}zjo-?0sX{(%A+xkL4U@5Q&)CW*l~?acwTc`Iyj2_=vqOajtuch=01naWk0A_ zhWOt_hBSavcuBs>Q{+f|bJvx@icFi1UK|^pUYBF%CxbKTxNpJZ!-&Bq^JJ)oHg6i> z&3w+c{37%AS^j%wgLmSrFD+Ys?B&tJHq6c@ex~`!Tvy(%cwfGeeGbnl_)2-iT!**Z zsC+EXob8!S>+UGS{dSGwU_t*KY#w+{G9}Y#uPKw#>bil8uss$+A)MQnGP0c#dN4 zo%-R?hW;A%ZZd|4I5T0GPj=t1UOzM}uz-DoWo*Cby_T{6A`2KRa7G!sWUA=+Ds#l> zCUi}h`QHN{lhbVUjn3iSN3OKyyLoQ(!SI)-_yTWS&Dn{f?G$)xe=#-;G`@gyRWHr=td+e-&cRM1d_*0ozI7Wp#daCG~vJ!o*A9lOO!e`webc`3)*3S>Y^VMX?QJ!72IXV$ zMHlUKArC{$S-scDwci64%+QxQ^Y9z53N^h~$YjthhE zYWyYSgKU9|>7O`($(>St@v6q4y2eLhT;h54Exc8Yw~Fi8%eEPq>VU})Jc`3gH`(WF z+VE@wo_JeEPFgLxBgQUcpA9bEd%V6y7xf!H!< zGltphFZRNa{Q)so_%93}YQNGZVAj5fB4Bp+McfLUlCAPV6(=$Clkpq7z&R7u9fxQv zya-RmcM^{HE<3@FyVz@Jk?HUdvNp;*jl)bFdkwy<7iYHrCEaA>>}$Yc_Iv`5u`$qF z1+uFQ-k>$KG3PTm@I|KcyU0VcX`-3UH!j}Rke}xAk8<2x{!wh+i>n#ppQQH0JA%jX zIc-k{Z^Q5#`;n__#xh@NZ{u4>8(f@y=k25B9>@?dg;*nytz=^I)ctPH(T1zlC-1Ol zb|{AL@{V+iYg@VHPZK;2->8mzMrHI~ozFn-X?)IRwrH)w%-I#_Oy2o^Y1- z)atJv87wqDiPq9=pJXI+I3if-U$FXOCris2z-u4G0^7?R{hmHPa6 zynUvdM{XS2kK91c8eejf{1Vx8neZQcP?5+-UDwj*BKWA9^%wVCpj{ckV(t+XUlnS< zwkN(#ykn!{9p`%X>uzz*X7I$fTa)73=pB2{_g|A&q`B_46PpYEq>Ja;@$Du5mwew{ z_S}%|mP!04#MqSQ5n*iJxue*)=DYkf?{n?JF2h&zTbBhl6-ZZJ80_E!ODR}(PlPy+tKW>Qp`6jLp0-85H5t;crw-Pyw}3<1=~|^R;#Zrq56Od-tzS2= z&V3&9#Q5Ko{SWXN=JWf+r?hW8Tmzo!T)xRNHom)GMmXs}&a#%jQEU0{u-|G8cdwAs z(W;z|mwn2^Ag^OMaud2}PmA`=Xpgz_HugcIZuZW4`;p9bVTsEmV1LFvV-3HwJ#*1p zUOI)@H$d*(M(wM4hkf2v{GJL7D}Z4cFf0d#8yy(5E+pH4yL4K9rhN;ZF{bPL=Sh9L zdkh%=)E;!ByB9~lp@q#O?8Om}kZ;XilH8VN)`HWue>?4a;jrhTJx*_5&E#$w{%bC> z`H$bLhN|oAoiT7hCmTok21jN1!Y6{G*U58F2lqFI=-b_2qrSt$ug5^2OP-xb-($>O z%*xew^R=c!t6SDi2;P#x8RdMxzkEXQe!gGE_a_!l2tL7g$(}LDfzeL>s5|!+2Z}KF z?Kn$r%SYru*!!P{wYYumV_jxHdcBt%(xbUn-v@bC-;q(s0(736E6V*4Ee9$x$*l}L z_8xrNO^#9f3G&AoL*OAnJ`nRLt>k<#__F~0Zq<$oj%VLvWoG_cnxAG*DsxY37O|%T zeS78KdHB=I7pclGQ|#j;%D0|m`C}(pJ|Mq54Llla;WF$2#v8!yvPM`>m@zE~n0P~U z9ykCGo#5f`hiE4i9$55E+iy-e`-$**UT}RI;E?R)T(4^+_h!on&t=_J^hg2Af+SdK ziHn$+COY>5?gtc~+A{kL?G-P%fp}LvWgJ@}zBdS4Az^P&QF-FtAnc8euB~ttJS|(n zZ6{WZJYR|qtNu&a3bvdvXFm0h*{--l0G}fVyRPdF^auFw+CYEc33?j;P5!0PEBD!Y zrA&I|IcFWQh`6C+^KI-g>xgELO|!Gd=E&*nr^VLQz02~ubRK*mTl4ZdV1T! z-5b;6@trOH-1W1U%=+2Dc_PL~nGOEtA_K4kGLb7=J^TA_z_xJn({r#p>^1oulh>uV zU*x|eW3<1WduABd?)LHQHFnM(oeEBjEuGO4;*6)Z!}vv$(4$4@(R}*Ef2n2<%d7o* z4v%3INAg`;)Ls|s@6R5{{g?)f)7dvI8#n7LTX$Cv>|rTRf#aWoyb5p1Pj4Yd#H?q5-{bLWr_HN}{FnRf zIF1Lmcc;MZ!ErPN4op7+}G{{I#}_rIMqzmJDc_M#=@GmKB&ekcV#;oZ+=oE$!l zd=1Uue8NOty*vdzA2<#^xBY*B&woBye6s&A8K3un&u^!|XC?dFc1xBbSHmaHpL_l1 zj4*rNy>ma-HF)mNJ`O$?oB%%eu}5Mk`Dt{>5IokbIm;eR*%ID4I|rOhN`({d2Cw2i z@GDLpFNgel3kJ>GpQpf!?>KlFnFcR|^Ed4H_VCHV(ct}2F>Da+k3>vcEf(J*UQw$Nx_DW6Pj(FKx?@ZN!iDjW<5p#=(AUHcQy^hSDj{j9#_}I_ue}=aQEJ;uMXylsmI=X)eCc`e-kpZ8GV0jMLZU_ z(Hn~+SF_d0HT|>f>%W6nq$AySV#I|MGt;_P(Q)>tE2b#D>gJj%PLr_r-Wj92_g-Uc zj*oG?8Dj^&_=D)=bxC{gC&E|Wz4y;Kd+&)k#>bhBKfDEd)jad;y?6bGVrOh_-57B& z#W>|-Rvc$+o%k2t@rmaK?Y(!#=k@nlOTDHWKJIRx$oO)5JBX270?e1-*H4#^&z_!3 zPO*LZT#rxh&gH|{}I z?WY}SFucln0peAi7oasQ$t&d>SE;Rw$C*8lZXS&6urJbFIS?IFuHeLSyNXVj{U z`W9_ewv)0CQue`*?6a?o3~}}!3s2tP0iE4s%?SF)1Fdq-tY$xdYpOH33&zVApBeln zbQ$FTfX8J?cueQ-tVjN(I&WTWRkBshQP_z@=GahJXSdb!z8e0n@5G^{xd|Hf{@e#Zva{>~6{-Dmr@tn=Du z*U7idKxb+VNWN|2nbEl|Q~%S>O^V`ocH*zv{+ONDAfI<3v6aGX*8V2Z4?HD*;92I7 za!(5jiCM5d8D)(}?VGh8?6QBr-ql)@$)R_AG~J1zdxm1uO|JQl+nqHg>C3L!#21zl zcbKcYcdZ@eyo(?cv~N}M3F8aj?40RQq;+C@jp=(a=2g7?-0kjqWG8i+Xrq~2)JW9F zxfg-Ql-KiLcYe^Y#F4g`b)&oHIv(7+ zYpz-4oG}|X-`qLA7JO7+VXwVb!nc}tIIH7A$P{P2(BAU{eYJLK;uMTM#P1wKPpyYr zEt#}gU3-3T33K6k+B}ao?KAl8b?0_sds=s{JB64UZP(@oW+b<7)*}@MaoT^+=UI=W z4r|C}Ji3$FkFHevUw-{)gO9%bjHi&kwGJu%a@Tj?<-Nugg4XAx8CP<@dxz*(I$Qlt zbNgk?srr4L_rix{!f2@CUc)NYl(AN=I)#ELCN+=)CxY%9*~gu862+F zSr)g>3`WVdb<0h=>-~l(XC+r#RuG%5??LB`7;;sO9khjY*)6rD!EAE)v{sf;U$<1-w(LDmRf2jQCk;sD|K6WlrCo9-FWX8RyW2~H zImzwv><_8h9nC%*+RdchS>|l#!u0JHq-d9CFQ#gjyCF8iQ}3=nF1)R~16DG;t<^kx zEU8`24B1%DJ`lD0c2c`3@Y}j2;7i6Y?fQa0OKR89?;1mqH&eCS zW8ik1#x&Mq=a`JZER^8nSck=F3-*y-0t4;`eDInUf{9Mp9s9|Dd6Q<#^81jmETRf zng96Mq@;FJ&~4+E$`tZ}X9vh%NRkhG%P+R+HimYQ4;$-iOH<;($emD%c6s(zs&=^} zLHCz_#JR&p?r_gW8o9%n?{DR?wFy*ITQ3wv2WUviBl%Ci)0{ zaRIh(6MDhDixr>fve22>qpT_VtqH*bh7VBdoNb&7+}-3+b+b0Q zlz6839XcZz0(aZMt-F`vMaHdt3&SZth4YQM|H9<@7~Cj_igy;c)w)0PW?Z~3&y^F~ zgYTd`@HxadhPpRn|6Kc=WB2Y1oh6dvY0vvy_Rmz#ORo7c_BZ>c_TwY$!v|7M@Ou28 z0_;@ni&cF)FZ>i@7{gosia4y<|4Y8hP2i-KeIB*!d$X)5!EgmQn+d+~TaMjyCK>v$Qpo8 zZDnXL682vJ`#glN=ic|K7 z2xFrc3fIs;xXvfvU9kiC&E+@S&%?l_ckp&=IsQxq^GH6gdmonk0{IdJU$OUN>bFf_ zd(MYkyWfeS4Emi5-{e^)M{km6Y_E96rUAO++s?Vf-ut`c>o-G3 z_eug>yB)6}3^39U_XjUJzU&?#= zovHc}4A=iDw|E3?*KlUv25?amvsOl5X#A<}7Lm`b+;Y3^i{tR$<-qT4)A;bf9zB{{ zEFF`K`{dto9&l*m`fcLxtuGAlcb$g^T>4KT=I&ju(p@WIbcNz6{qJzcHvG_ElfAwF zZN9&0l|;A;eHQW92l>=oT8Hkuoqch;H`+NcTk*rY;L&YX*RQ*+oDJd~^ZVmPck1`H zkH_E1y3iAoe8*-)klnR=(Z`18Yv0(@2CT?*BPVCG2aSFn;GP8eklTaDa>SAWJG(OK|JHghe9*w77@^@Mz6kULK2 zSa!ne$}QJ8h0hRU)%ZU|eg!ghM|J-y%{KR`B?eYUVX2*68XJVqWf|rzqBVY zT7f=v;8+a|K48cI2HktxPL7Rqsr0Diawq+E(tjs?hkhR@X;+N#Sj~?@CkaO~&HgWK z{c$)nffvQ!8n253@3>uli;S|E>l0drdw5R!xUYxrTz*^5{P5a8-utYp`yBhpW8b{B z`y}qOuCU{!Q@Gpn(@|%}YS|rlCQF9m`bTb;PvHei^PsIwe3w3s_ZL^I2gmZ>~&E(xlRx)3p>Yhmw%Cm|!$ECl%Kul}v zFzdJPjJ6K1XUtp9Va+F3_ps}(L04v*y-C;- zU&l76&>2jWl})U*>Nq^et*72)Z&a4`gyz52PFy|;mkOuo7{RT6_}xgK851>D+qcUk zckgt{Y`u=Tg-`M#>%48O-J1CaZlsT9(7tkVU3hF5vsyj|t}^ZiGwsv284G=!vj1p9 zCwhMicD>f=w734ik^XD`#qdhfo+5`vnlHvqW^4)b#Ch+|6YtnGPgXD}+T< z*Xpx0Pkx;ftRjCiQZ(S(9r^p?^APj9)yf*of3Xv(>-e9|ip7L34Yr+<=sy~J$C176 zzNnX<8$7Sva~Y>5&#z2pzi)x&*T8*n%J&YhV1C^KkFT=&z6Osjh6lS=fq&%hm+-j^ z&pZ4te%1eM1y_BcExAFH2z z3(fGj`l`jRRof38NMEOix#RXR2|kl8^s}V$J@8bw(}(P!espLz^YQjmkQ=v1$Jf5` zAoUEbAG|2o46VKL;?|+)m1*Z!X-@jsYoUF!nk#R!cRjwZ2woI#l_976z!-+NLN;%; zS`%{z@z!-G(4X4V{=!EV8@;mE+;cb3?ndjYmj=s{c=oCjXcwN{XpNgXNM;tFKwYiJ zYn{E3_0wL5hP}vvPU10b=);$xr(!9J0fi{{Loe*u$%>^&Hr(ocj=Wcnl%dTzrv$^C zy=BK(YR#9wdOC_;se)g0S41UxMQ6GE8+(A5S5KI|2-xYNThBYT8~NDHTc+%KoOJ9NV5Zw)`x6 zeOh|rC1iv2S}mWh?s!P{m?Jle9Nn?4*VS>EiE`bsi(I+x*gtz^ze}!v&?mV**#2o3 zpC2fMpK2cS+CTpYt=xH=Y=33$c!sY=4-zd;*g?_@gh^Ye(G zXD04fHD@1ffFJHdCN~gE2cPAqlaB#^gsYh!i|l+1Y=XV6P4Fb+c5Q+vGE%mRd`|hB z`ClTg%zi=XdFl2TcRx0b;7lNX7cL1H8%4g9iNopHtbu2>*_<1K%r4V8K@IXleZ6y` zSA=pE0lS=hBCl-_q1;4hpeO1Wl*On1GrfeC0hh&bi z5%1$X6JU4YR&K^uy)e44)6W;Z&mGtU^22`M3$8JK^#JVA?+qmrY}iE)|F>+Z?Hu>2HH z`;VPK`%S7F`dqMzn7db}Za#s!X1xNvZQH6@E%Nch)%JNb#`npz@f2G~`~lgiJZ#w} z(S^3$T;j-0#T1IP#}fS#MutbGQ-(1warn9x+!pw(89KjwD|{{Az7$#dFfvJN5s}$W zZW7Ov`P|5gd6Lb76MK3AWzY|+KjJ=F%5NQ(y{G$Hyfsk{L;Ap$9d7|{J(z2tGl8VAL+;TF}5A?68v&e^Pp9mlb*r0^q!R& z=o6pIMw5LYJ1q>o#oJ~sIsQ>8aIGh9;S;R1tyrZ0Bu?)(57Ur z^zwJ%w9bmKstZHLz7?*1!c@yyR6VwS8+s(gWoUC#{G=Gwl`ceCIhV0Ynm z?M*NIL-F6*j`aLjo#Y?Mo*ACBpR+8NzD18+zF>g4c?$7q^x=*W{1S$KuHE3$s*AbT z#JaF(QOnqBnfvaVekF5%4f9?(gKM36e#6U08qVUkaNG$V6lai3Qhc^n_6p~5htYlB z`0QWb@_~^vO|;Ki$X;*$Z8PmFe!0nM|0}d_a0UGBnTy`ioct^}dCoI-i$6C$XUEG2 z=XdXAZ^`ukb@pWJa@GcO!9gB47-i4(NlCcw_4MJke>HQ;8;=j24Sra2T|=&qeBKO) z?t*hH?Y-}`aiaC#&$0PN^)pk{PdC1H@?9!G-{?>S=O*GE zRm8@0z6o*IuA7K!Ag4Ph`z&(1oqCk+{#Dq650QnYO#I`Cecgdak^2eU`0opVyY0rf0xDP`36qmC;&EBlE=b ze5alpTF{?=x!Z=__N1I+Pfm9F6`j=QXs18l4f9tFf$E zV%M*kXwN_4Qe}#0Q)|98&e{UMOVo$T`K!$P+XQ!wv&O*to$90Jf`R(#qXs%QFLL*V z_v0s`P4FF3lv9JP<|D12%jLj zn$KcBYbd`tGogGw7WKM6vP!O`yvlmZbbrMCr<99YnJ-r(|0k(`_{fL; zG5ua)pQ|bOkT=g*?S&JNKhOC2H1r9;ixoC~c>f9SKB=Kj2fR{9`Etq;<9Vi<*cb_y2F<#35x7e1h^bi5Vj9{H2ut*XlsdF!|I*9Kf+=8_rH zr33u#;?=-(Ipg8(90%W@)KE@v`@yAfZsY@H!WWrmpA-~SP7v?zRQrt4&zh%czjB~` z$+{QO8Ojw(;2+M)OT{}2J z(T03xot=v!&?3}fS=>3tMYef9MGj1+uV!;IWo+VKLhl$*Lfv-JkLrD zKTy7GVw|S88GbS0l2fsxV%+?_}hAnEl+~=Y-{Z75lw~PgnL_ z4NMxZ)|G{?S;T9q$FNrCneU5<4fD?IMG~)g=l-?4v$UTMInYjBt?&5?m6ObUOVH8m zy^@>&$EvqYw1-CW!~Ew2kY^b!1^9aHob&JPQ@-lN7;hpY_Mf(FKnaH9_WKlA26b<8E zwhGpP6%T(qKs-FN_rS0Euepr=j4f3=C78~Z61>_=EBO~jE(?YTa`{Z8rPr+R@ zl#~6o2>d9PB)`3%^NjlYPupIJ-(q5k$nss+zTdEz-{qX$7`c~n_o=LMRGd7H26P2+ zqs|9-uDJ3~F0j{Y$dPvAo4>m$MJ(E}{e(x^^opr@Z9>`Ksh+3PQ(J&%9lVeQFX%20 z@xHzH+TK@pt|J4qZmabJm#&Jj#ikA5r<3&X3A(sk>BVCsxZ2D=F%0-T@r>VX=+cGo-ow0~YQNXnQlgdm z?|PK?3wZxH@8RVzH2S8u?I(Huw8@(}Wc6eOt4v;mXz@dnH?wL8THxdCRZQdk>)&S` z8@k|k6Vur1KkF1brh(q|_&6K2cX)25iG`SYv2^vA@5%K(@2U3|^{Tx6v1iMt7)px% zrg`eUn66%m{`{VLPf^c5&|jBM|De(DwPrdI^FD2bm^!KW#-VGdD_s@ZHBEE6!xjk7o|z$2a|ZV(cV37Mt@-Wa0Qg-^h;#@-?@k z*FPQgnSor&Vt9KdZB)?SY~)4_dpnUOQEUx2j}{rlK5cSY(JvnogSXHVMn2X#`BS;H zk%!zFMZF}r{$U8XexDS-I$UArC++)&U>qXfQ?QmYcHqq5924Qj^~L94yUYF#qt9by z?3r$#!an)HV~P#r@P9F~%k|BByk+pw-7=FXV|;bl<8B-H?CyKz!O3?|sE+q-cKCF!iSMRr#MJIcCCqnOd1>qQ4R%rgcIT*e*7x?d14&Ic{V5x z;yh1?gZRqaHte=kj% zSJ?GW#$N7VFZapV%Vov3y{z1m=pI7ke7)ysaTZ*Lq#Gys<+dhW(S!rX!CJikrPy>Srd`A$9e#zCCtrhPXK(mXZZ zj(MKWS8e7DtdsFo{gV=L`!al>_{WQUVpnr6LkhdP!p@^?1MUO(YFbx)2U+)$a&CDR zJ_mW_@VVD_ck$->?rZ$+m=b+=d;E#MyYnpWyEo^%b%*xdn}Ow|@WFXm^34pdZEO7L z?ciYzzt>`K#$&YZ_+6h~V|9Fbjj`5=mBf8|&bo4*r}ybOpC3P;m`K%x=tAOA^lN;2 za;*$59iLw9NDkM#K0P`pJRRAaFFB0t<$VMnd_HHoDR156sbinZh7UK)GqXxy3J2bi4Vd}Y_(eu+6bl)W9p#tb3rqR1(; zR*(Iue2%fij)=V!uOV*Wopb#)*lU+ z5hX9$+s;t_&XOU<`VxMHyPmDQi{$;V8bg%vXk5QxUAkHEBjkta8(&B3`0{ZQbcfDQtv&w~$?voFubx7A|QCw&Xal#sG z@O!WkXS3h8|0mW;ok_Vg!@9KpPRra?sb?MR7oN>pY`1kIIymh#_| znMHqhCiRCMK|Qr=&o!Ih?K_S#TmJr8WC(Ccm)^qnbTUUVhq_;QH(tDd zCu=c^$8?YKm7Flok18v%^Y$`UX0UI)jd}YJx~NTZ0-4c&BQJ@^!Swzd?{tMPNAH@#a7my2>OYAczf1;yzZ{9dE$%g z4YFT47jTXw@87LtZEd!-GmISi<=x!H##uJXztn(!kBtKq+7Vg-D zAIV_lNeWNO|I&Wq(CpfsHD7zbp~LJ)JvFGfoZ@pKaBXDWtp!Hb#Wwr6lY)F%}?M&1K-(56V z7d*2fy)Jl)eUIsMf%vp;2wgCncD2@jGP4CrEjL_ z?5pGGn~ffrhtfC8k;lpB=P(EEkD$l&*FD1s+LBG0xG#lBr zn>n_doL1%QuK`zXTt@iGLXS(|b&;PTS}Nx6KFi^r$~D*svMpq{%7#_`gWj7w4b4gB zgV!$ld(BTLj&lrJc4CV)1=tr+%)G=-ij8HCWAmAFNPumtlmFO_Ja*5@+J<~Fzd0+b zi?zh1o_oh1(pg!Q9mY9X**>dJ@knzg9?x`#kiB;yyX8{OQgQFa(>UEWbkB}_u}*Bo zFEF;P+&%ard9A~Jw>`GoTK%JUto#+{`R@Fw=4}slrT9%a5sro#+$8>1j=b*KRm^EF zcgtny-h#2{3+`g?!p3S}cJ8s~M`vwt`^R?QiH^Li+1YQg$;pcz2E2;Hsjlj|bGo9yG=t z>ThH}12odPH^M^}x-T19qq~7)+13+H`HF8`5?uJV$Qp22#a@6aXyoS%QSzyFu4R0R z?FFEncuL>JH?RNZNW<6Dl`W88#P}(@mUAUlei!AnpUK*Dfe%Kr&JVGu6Wb}}wi&%xzl4=xuu zxC|)Ar1rGn+uvee4`cGd%ieYca|~S!?QQx4ZG{GbZ>*~sELd%u9%+f93isXr!z`v5mv!N!a+z0JfDjuu(LaT!*hcR$17 zI(z@;c5L3Gb&2~w`!`4)_)7Yb5xT236B?51v_qe(!QT?-cRey-3+G^MVQpy(xb9@W z+-`OLdN=lD4tO-bIR{I>Z+FhY3N>&asda2da(wTb^g(Pb zNGKEAf0to>g)ds#SYNFrOR*`M_rFqQcHqbny|=Jm8)3$!r>AnYdVp z`u|Hk6Q?MKKS~3Ao!7#4?M8?z#i%D6`U@kh4L3M@aPVt(E`^sXZY?;bdlz)3{og%vq(ONElJ%hl z)LCfL^}`JwUWV5r3*l$Ra&@iNaeH}u~7PP$0^_C<$(zfB*O=kG-LcXQWZ{ypQQ z_}4y9VmbWly>B?cvmsjHgp?uRx&sPx@T|}3HofK^x5X?7~fQ@?-6Whu?ZMAC02USP=(H3&PkmPiT?*;ID3_hL6{feFN{8ntyF6;+ngUP{J z%V!o@DEpeehL==0Crm1`nP54l!QoPSN(m z6$5-6LXX)zYM+l$_ebcP^vt!P#Jdl0USlX19OMQ1{v7^|rr_TjX!AtnuQ|VfHAZi~ zQ5adE{G$GMY`&E(HY=CBLp~os?yiF;%zQt|^9Pr5{$L1sA=#lmYCZCI`@`U&7(75f z$t$-n>3zxMMtv zcRE`_WBL$2pM?&sMTZX1#*VRSo=V=@G_;?cmOw)%7K`kO>rv=9#Y0E=W+Zl=kp8Ue z94vqS_}Gcl@9-|?Je#?q;h4CN4%Z=jYQXg!*eKwp!XtBTC;wA%kB!)WgJcf)kINjs zOXhs~^pS>j>B_n?hqA8Bd7tvPC6$-Vkq)WE?u*sP9<$FI)_iqkPK~2py!{4;avmd8w*SRC%DYdJ!_G|4s z5>mEXkfL3l)ud|Ixg+7hDR?WVx*q2xOf>~?*@ z1%un&Snk}BaO;WSA&>$OJo|jAcAYyC7Sry7pMh?*_8kc+;jK-)Bf-GSvq`Dib?!*` z679~?-4@Or2`SsfZ^f=NeyntqX_seXQnl;ckuZaHpEGwa*moqPY!_c_P`f<)=&3>c zySMy7`;LTy!92 z+T~pH`da&rgp}=u67NVb?egrNRP8!j<}uG!rE1r?BjIN! z(k?uklgz(7t4h_bb4SAMC(>?HigtN6H&wgN9SJv|NW1MR+U410soHh!Ncd(_yUBE` zLMHk{_@c>p;90)f)tPwQA@q~KA@+fOER;SkKzE=Y%CT3=u~#=yAQNAq7oCzvJKBpP zKW-HD^9rzCc^=8kYsusHRBWLOu!AQO_c)ih$9cpyCK20+pkt%x*dFTbV{h|*&Rz*o zC!9H=<<;i?hF<#q_DF0%Uv0@fVJrA|^#5A$jNog&K*=xBzxcgBde9gBb-k5od~fsn zlSOyx_k*975>_GLUILRUT+trCafb_D? zBs8`jYj%q7X}oc}ZI^9(hbS|i{2j%A>WRB{&ZSMpF8^0Kiy``Wn=_!ubJ#JcF7M=9 z$M+ezZ6?`$54QrhW53Jpd%%;!_}|T}wP>wf>tR}VCr7r= zjrE!FVap0XFMY?hVV79e6M|JSVx8lz*iRXBY}a{C1(Smdw)Pu;CImfnKFWhB@@BM_ zRZsuIh4K0LlwU-D`21%Ce|gjU4T?{}r>*jbu&a00!(WOg`CNY#8btZMO8F|-UB+I< zCU0lGqy238Xxt$nzOF0^eg*qkzOU=|xMyWtmxQ|=Y5e!~=gPJnxF6m39~t=HT;ny^b^h9%V2tPWA+2Rv^6|`=VhROAy~#UGsemZ!Snd8 z7_|FNv72$gXnylv>mH-|U2u+QS`b|S4fYh#k7P`h_7u&zgt!#nMI-E%XUnu_Z>s47 zxzZ}RQbGTl!ORToSRR#HBjKIIdb@;v(!IS_6iH`7O$JA#}(4*6fXXmB5aA^NDa z`w)KPeemoL^x?v^>nz#bx%lF?k1C(M4jvCF&xAdA$Uq|p6od0kWR4SeE5Oe)@N)Nq zd>gl|gz;7Cya`)w3YVrl&)PhFchI-r8f(rm?#CAm=W7lP?pyTCFn!x+#G1Bhhv>U0 zMc+JY^7LJXec-1JouAUrybqsw5`DK1(Rax1+or2CZl102(DlQG_=%jUDY}~dXw0!e zyu%)zvUIo&O&QEPJX_}JBTOHD_8zJapYC<7|IFY%YKQ2fDMcSVo9F4{MfwPHF1Ry} zL;jmD9NdR>z8MF8ajRl+$daAS%z+N(fWP4UV1Y9S3{CkhKAk}yM*b0llKfL#=iEn+ zH0<@9?Pc-j>Vx4X-!UK_AjR`;nX8 zSbGQgK5nc%<@&9O=jX@uk>dG>(6u3WIfMRv^sT+3rtb>7@5_?KZ4E`sghqC!!r1dRur1)Bxd1kM7X0`m}VsnTuQdASYLgE!G`!7> zDHB-EoyWg^HQwU+j0-Zw4oPE~dS&@a}ly{zuQacRS;D`Exz6dGiNEAFb;*G7fZFoGzIG zD>#vVo!cZiD?4QxeM5s{(ZI-Y!46Fge0(mZo%1MT&zHgUSm=Q(T|VwhL%`?K|1{|C z@=q!_vrhodkEf-F^Fj}t-ur_UPraHvt5o?jrJO@?Bm8OBn}DxMdia7%gPXurn7(9R zsf_G)qU%*!7;pAFsWu4qaGXTZI11*kItSuyu?@8)ckRIqlY?4dNf^A?3h)0e;vr;zG{G zf**KpcF0x8A=I?3DMS+rJ`7nk3Ox}ER zH`hGC+H4rxSHIo4r+rpy(JN6C=dtZG*=CvpRbR68jPzXoH`rgvelF2c|Hfv=&cOF5 zsaJjr_H-w9@D}WNe40LEZ=;{Lz~k8Lmzi@`c<#w`2Lw8b-* zzm>Z^3*EbJC|e!=I)l2|zzts;d)>$w;8Lzk0&RHjjOcnozUj8DDSGl zdzE7=MffdWN_Mr$7s7To`#X>|72tgdcwfi(x8ft!<0CcVBRyxWGd_}XN9B(R=i(dT zKabzy?KqC>oHZGE?djKa*FpyJ%RXmEKC;%0qSz9^wxgaiKSGYLkV8AR-pV#PG?Sw` zJKERs9JXG4ARB+tjuT{GAwJDC`S|D;bCKJQ)NSh&|719MIvyb*>s7IUVd+I}87u7yYR{ao4-U+cTZ zjgQ$IgIA!(8%zF_J43d;-nnJerq;d0H@Cdu@QsT@58r(67Xvcy`}F7X%l6L<)^Cbm zD2`$B09gyq04C-6%Z_}Xe9w07QO_J5*!jSP!TBHk@0Rb@pbsXKNBz<7emwu_Pn*qe z;!f9$fAU}Ek3ZOCey?G?yV#RgO)Mc_HWYeQwnzbOE7w&r#4EeKZE4S?T{qX%?cn|f zZ{0|e9{T+k|9Sq*#~)1U_Y_k%%pU55x=DJ|JEk?PrP}@Gn7TfGC)Q1jm8=fb&%buE z!N*jM|D%<6&VTwpTaw@){-yDwXA;_ie%|qW+bTnr+Hedvbvw{C33ZY8-ntK5wtoJ# zflcan>HyxeP2DhhETJy3L2uphpZ}-%4}4;1=BYc()b&9_Z(ZpsZ`}|wz|B)?mYzT! zYOcHUTyuO8dT|%F!^g|)v%|ghA143M!UoluH@Wb|9mp)n^^oTMSU$};(K#*8!-L9s zP;S#Aa48>T3Hg#bXSQkC#A6SR&QuP|#@*-?H-}{nzNqv_J@HfVvGVM6-lSy2PI5#v zzqRML8l7(J50yb5NS{d8C^k{=HoR4{RP|T443HV?$ft&KbB%3ci;8Ividxe6q{Q zd&8y)PvS1csn|BttP*mUN;-?JlCC`MhoLQaMY^(Bc*o`mPYO_$^Z%xC|KRihWdoFD z-#4`AfrtLprAM7j5BpBff%}^Ff%DL2XtE8OJPb`9g(i3(RWdN-a=uJ#JzTI_YIUNRyW=o_#9En8Y=r<}{an03SOjhI*Zy^cKgMZ`Qd|3A#V3wTx4ng72}PEIa_tKhAu zAp}H3M2iYXY&jtyDpgvb1)>7s-Xt7NoAZk=N)ef!B3}6IIP@!JNS~~+6 z1)bC?+SayqhI7eDNKQfs=*X#;{662c_fB>WL4)J`pI@FQ&p!LM_PgHudf#`gg&kF# z#OOPojll=fGef@3{x55M2g(*$%bGM6$+UlKzO8?cb$~SimW}3j{&Uu{2zol7Jz_U= z^jjGRK5BbpmTdHBolguMc&VepoL8fV{h`o-p`Y$PP4}PRTs&#Znq}7?;#zi-+>MAT>iJom_KSg+NGCI1%XSa~wE#?-{)M?R=JOjm8VMEy}8~_q-0^>*mxH4Z`k8&%zgxnZN@Ns9sfm znQ##Iz*r895n$Zxfw2f&%N9%SnZJ^Jf;B`U;;Atj#|J7^1FLaV89A#`o{i45_w{!B zrE`sKCVZ1|7Vk(eMFlH-p!JXA$ma;!F+Q=zE;I0Jp^v%GcQuFWkXc`Z`JceRn6Xat z!vdNg#^3%JD)YJK@h|&6bN2fi3%MRcN6JsAVt!d!ChJ~vj7rXVFE(AV z%8bf-bXEdgqCB2(61gd4{Dn@OaITukqoOtPt}&n9O@PY?I6=<92Q{~|L+Cw!jU~QC zw`#2t&4VgNRep)U&_Fxem>bzh z{~ExPd`Nq49RAfDdmYwQmQ@+!9r=>T0x?Wz1FrMw-vyj2#>)DdmEt|})$m@X&3oW= zJ8d2U=YF5Rt`ME8J*+i1@Zcqu+1GmO2p&7$DtWY07} zU-_R#Pk#2Ajwk3$bY=S!-F4-Qp80~;g1_{5 zkjCnn{EKGtkEPGYf|CF-ux;?qen)2UN$0%E@5cvb*8DfTx(!}3_uw7b7Tw!=ffd&M z!`$BrZ*Ak6#rHkt+~j-Oi|zRhuV2Lc zhT`t?8zSqi)EL%|h?H8U9#;E9b#x4<*0|QjpEZQJvJO87%--)0pqKp@vPS_rP(DDR zmBD;@f8A8(%V+Ye9T)P~{A?EcRNfVOsF2ugDLE}S-XMSBKIUVs9tAD#y6d647cV@% z7T(&*`03T5#P6^d3G7D0BJhMBk1$_I{Gk8F6_N$(xkFX{aEFzXEQdZLS#PY7^TrkU zv}O3l73e@;c3m^_I+rz$`!UXHME6e#vMjqYf7hBv zqAP7%u$i_a%dON)@MC1T{Y-rsup#q_3Se7l!>2sE+eg)RG%Uim;@jdo9UF~|XD2TJ zZ!v5N^Y-d;SZ|@JG?co)ms6>JCF$1=`qe@|%6xs3`t~8-Pja55U%IY(lm$L?K6a;- zJ{|_n-M-9Z3?5WH%b~f{-e60*`qv*lo5%RDU(NUF=b^dOw4mn?!&j}c0~122R-Qk6 zJ7XAMUZv*qmDATa`X)|4<2;KWk&55Wk-oY#hy!aCuqFg6v=j|~0jxSt0Ba05WiMZm zeFD}vunMQbFZqNyF%OL204_Z%UYEVryrt+;-r<>H#x}9W1o-^hp5R()!zEu$>syq- zd&2*2^xR%xO7I@B**hPttemwQJ+3+P(&4ge^K>8le+9U6i52PhHsav>J+^!aI@4>* zn}B`4$F3~VIeNDd`R_pQHqqw(OS;aNaBlP@{3qNsfVXYnO}u*0$~Jgg!1o(CZ*cH- zHF~NMT#1MCeObxjz#w0$i>6waBL^QWtLBsI8Gkr@=;A>AkUejd{h0|a>95*sfSwKh zmCrOR9zL-zIzrd=tghv7u6TlQ=w6fD=@}pQ3bU-|q&wrpeuf*nlu@@3pJNsekIq_pS_%G(kbJ5c>ZGZ4f&&ingQIGT^z|#eBt%o&G>(NcRRPwR56oITf1=3={0bY%ceG}Y?C7XI)@45UeJ1a|_D_zF z#+o2Y@R_M_Gd{!1pL9G2Paep^k2}bgGKan6Y@D<_?rN)&Gji>u6uZqF3t`77b3ZIVRohb4mIc%7# z^-7#Q=_HR6q+1Fn${yIUyX=~$kgF2e|6506hkj_sGK+0IpX|C_gWxy5bD#PTHb&6* zvXzn_+y0E{w6Ues0I*(%1Ea=g>~F`oHlMNJD*AsuHd%AyYl&CBBD>4;k-5kb@GEZd zU(T};@NzPE#8XlAkA7#sTV7sC=jqkky7Tl6^xxvIGu{B*y#AZXUk>b+za-alW%v9g zIp+D$d6n{)Eho=kma=zx=^w_QG=JIgJ#r(&)8(@}`O972{ACgO%!1=%!(;!}?W2?H z0l$|~KRBQK<#3K$z{gn}jZ8cF%c<&j5BbY`d+IO#q$gjyVNJOK{BwbDY(VIl%1%7k&$)XYYVSiYY}b0fja-^Jt%8ky4ez|y*UUpytTe{G5Z^4~ zn^$(;r(ctKx7fga#5&GAL&06jJVe%>*7#s~8r*_6_KzKAuU+A56m3<3Bjv2zv4-a0 zm-DSvd@J93|8sEk*JiYGx zQ%M~m`%!mv!rL=KDf4^yknj`k?%|93&I}qJD1br}wG3A{bDl{nXe)c@Fa$f}uFfQ}-k@-1vkec_Z~CN;ZLXh$`)YPX)} z6|ZMXW2;*5_*vV)g>Nc3`!(e31!JZ& zCoi*v_!sn0%s_qpl==bpdE={cEuXa#RCA&A5T?<_TGe1+ivp~PkV_u}d(?)#CQ+R0 zt!ZtzIMa7roVQ^E$Xh`7robxyMzWQ@Fw)Q=0+f_Frm=Chv!X{@ukC#K5&sYBT z%RIXp9PHufrwx5aZ5kU}Yx@ai9tN=8L|Y-A%{|+CSl0@;R^WkG{3D$IkvR%J;NAkl?aNz$J;1~(qRs8e(i;P`ozW756yTevoldj=lAZL_)lobs}YNvr-txXz}Jcf+^d=df|9PzbsKv(~=w))LJA zklYaP7L&WxyzTPEg~uxfW>mrhZ@D~hGx(VY{?zu(;7>g3#>{7cE5)FTyGxF7go%rC}hoPqU|JY=VEh)=faZ#;w1fu zxzleGYr(&6LRSnMrnyCv!`EI%+#Wf748FP=Tzd21o55u!xO~ju(yI9jbsOd^xjLuqkW+l@%1l1Qk)fTs><@{xm=^?vS`o!b`(7y7!tdHWrbSFCr&jL{6Tu$%jS3hT>4l z?VlI+Nw;m7wQ~M8L(^5%Zy4Bpml)W$T-tls?;Z^7y{HE;u*WmPBpUw5u;28vwX=q9 zuwnP%Uq1!jpW1Q}u=h*u9RvU3U-TCDGw}bG{#$1FNoad!AN2(~G(v|YbZCPP$DqT9 z(1CbEBRW=Hch@HSCTKundEB< zx=~|8m&cb~Ypiy$e72R6Y!V;4oSdPN>nW>j9hr$-|BvNw*@jsk{o!fD z!-t4fytlMs)_cWIcIW9WUokxGBj49sp7?~EP^2_~JO+@*0P+|>9s|f@AlUFMeDDH% z@RBQ!0pu~@;e#(Gk1IWW*>bugj|CSP*b6xCE$rXzE7&uEJrme7fjtx0Gl4xb*zgdr zZv^&7UDz{$-OIyY4E9HF|M9GsVg~PHI_1$f%E)68>-U|aJZ@Ne=lF07xzq8vl1KW| zNMDllrH#HEqc0!Qmn!U8M9+~y%M59}}`cm{&)0Zf=?-cv8 zYiYqb^yNp-Sn5kDH9Cu^(OH@SU8vDnPL0kAYIJ7PmmBHJO)gzB!mYJlfBlQ~W$6Bm zvsOM*C3zU5c$d*F^9txoZc=$dqmxf!Gf&l?6rCPo+@5FVzYV8W+>JS`CC0EdG&y`e zV_W%+Cgw14Wcat=KDKcMdrwM75npBA;JEO?Mo;dmnEI*d)KATzerhK5Q?sd`y3q={ z^;2#wOp@4u#;NsN96z&|TB_;PQq7>2Y9_T*v#F)JF~oZzQ%mL6!zA;`!=%lhb@OMr z|KExEvuFi8xDFnyga_BdgAc)j8#9BhJT+~SU)7f}Zolel2jNSc9ZD@>9hCMefA~lR z>w3k#a+YayY@(_-xSROxDty=k{7zmasJd_VZdta)bFJf9e{i6#6DQk(u1`G6d&G#Q zurJotU)S1~SA~@)*82%!2Z`JvuAPz;iWl?;jRQ zHO^!n#t7ny#g-XMo=zL>g?2xhy7j~MuOfxT!RV-B#>>Twmx~!M7Y7p)iWx7{*6rYZ zxm&Yt$LI^NUz5on+(#|=p*!Xs&&8JI@a=qGe)8IHS#vJ%fj?~94($5U=*V!sFE1Ga zAGz>P0Xct-*M{>B{E;f;J=IA(Uc|hI&{$JPJw3$?y5>Ts zQtU0UOzXF&g;xcXGuFCo_PG1--!blH)nIgO6*k zCPxW<6bswLUO9^|w&v_Lb5nD|lkQk>yu_dX`)T;>0s874M{Eby{lqOAcbyfcuV!qn zaab+aO1YM()>=QTb;&nYl2bOahkS26d0THa{`R8uw%#h`+S{}x7~J+2sl7b*egh`& zIB^>=?L!yt>l+L+9`VAotCVYdoOaxPxb4lRJ+<#%*H}bwU;laExvPioaBbU3z5}6# zEOh$cBixr{o(MPBeoT7};IaXo=)k#4<2e`p!tU+va>vaMJ~r%o#h>2phElHG)dgp_ z_6Dfm#G)MhrnmRjz9)vKxA#^l*A}0oy^rAKtzC3C-%?Gs!$Z3oOHQEsu2QbeaoThH z*+e^u%Bew9tAkEoj6ZsQ25~Cnp(j|kG49y+os4d_gomxUVQ%XD{0Tb#<{&NV^+-&VAMCpbFa7GpK+4!HzF_T z-#7Bx5;Wge?%v2Q=kE94ryfS%AIv@CYRk5uzejfQZ#TX$xNf=dL|k(%rgp%S=;-C& z|D$%X1yRNg3H0PP^mW5{JC42XT&#h+I~Wc4l)7AJm zdEqI{ZBFnl;)SWT#B#TytJC@8Zs}S_R~udH=;{}M)#zu&T3-EJ{TceXhIhU!{rqM6 z0Lmq)ZfrNXuwmHPg%i8#+N$B>g@4_3o z2Ujx%`f9(L4ruH{hSnk%s#jVq+mEeKjSBY2$c^I0S{v@sX~af(PW2P$W1}mwS^N44 zzHtco*#{l=(f-}Y5B$5U@tU!Qe@EH;yQ`FQn}4%wri$<2-(lQaXTF`CeC(v(&aSzO zZ!7n#Z+rPPhwldh%vs>uukvlJ%MHID*>}xZ;VjnX&Zd22_ed${_P29tMmpb4kkgLB zXQ~_3JT}=#`7ziTZT?H3h5PoXb zv5kNKwa&4C!TF!-RjU!GIq$31!?&f~`yKc6zUcI?^u^@M$x%MbZHLHkmf z_|^f|OG~_9rLyovujW2_@4%Wn79C%Qez^x9RX*^Nzfw&YzB4iHd(jc2jSrk_eBf;1 zjry|sjf@!|#U9{8#^g&@F%IJWIQ}EP@Gg%pjNW0q#X5|{&V!lf;t!81O0DJlj6K>5 zq~A88-+1>R=T9-;j(iR@7!W>_+Qb6h{p`d_ z=uA73y#R2>IahvaI^S}il?_lm;zD3uh_8J$aNZ1@CBT@=dp8>x8BZWPl9`E~cU6zl z03I|}d+h?|$3V*_#%$zHp1Uw$9caGemg6%RA6>`TXfFKp`V?!b{@v>)4NH=Aj#PuY`Mv7XVt9>tKda!^ z`FyjKZ<_I!RT!QC&-u8ne4oZU72*Z6?$gNdB@REjcy#e1oCr7SU*itOj*HYcyT(%A zU%-U2dd3Z^cODU7%`)mDr(pX_&Vy&IbJ20x=&@XImQyoss_pN%-|)7rHXFgK_EvDe z-P|{~at3r*3LWBij6N=2i7`*-kJLK2&%83i0_Wt=9KPB=3>kO<-r`x!nb7Yyc)orD z`7`vjc)?wP*Ho^Zb&*_9rPk12vz%HRGrzHNl-S97#u^|@w_i)6f(y1IC=mFnuJ zYUlhlKPZNOpT&-qomt&cb{7939=Wp58~yB$8`x65Nu;|uLtI(jM;Z;Tns)R zLbn53!*u*<^l&4vOP9N_+k0tb!k<|+w|o0RjKS?k!$a!F-QD`JK+mGTr?TdT%TF#( zil-Xa%RlA&jLH8AT6F43Vk54eteWQ0lYCEl(rrWQQz=Fe=iAz|z}1sFm;ZAXG}V}1 zIzLMM!mB4Apxwxd6ZPaeuDh`Is3(`F=}FF|CqJR)#DzV%S9&r6K0@fl zEbOeo(H%D*e+?en2VWk9f0i&uBn$nQgC0Bx--{nLPjv~;T*x)@7pcjPZq$A0MjiX` z4F1O)-E(#0IoxYr*Ig%OpcDOrT>2M=kFu_!(TVF$)QL&%iN=E2#hZ%<;lQP{t~B5;+HytM&YMz3U|E3?p*MZAw~xjY+PDLpAYDE&}D8(uvp z9VDNw2wro4f1Tf|rM*f=WHZJ$61cF7f3!gVQ-Po1mm`CMOwpSYw@o->fw-=zHQuwHv5xd=$F~e>TCx*Wzc8ciW&mxN>?-Y`naNF~B{G zFEl#Y)DS_h3&6GfhzRl|o8-2qw%qq4)U$4de-44;d|x1WKl|~N!(*yxDMfz7clxb1 z|Jl?f*!21xZM*b(+w=QP&+lLJyVEz%LuU?vE`#~U|Nh`nbW3(970rVV1Hk8C=1X{D z^A>;h{K&q>-_D&Sf4hG-f4iyCmugP>Qpq-7DpJ*-xzPQY3*A2$-`PJ{|7`zY;)VXf zhWC7_#)H1pp}3E@t6dM>T6IHk_dM!?zhTWeTzEt9Aip#@Sp18T4muWA|q86-w_;5vk&%OR;tkhO`UGP}p)xoli0ZZqRXKx$D`KYUd z9lpU!qxe>BV>lmUpUc;38^`%L`+4b?w(*>gciz|e1kNWo_mS_m*+r>i?}SpcZ`Lt0 zwP(QDRUhEwj;Ixjj$;1z80ImLn?j6!3NiXALCwi%oC!b8cI#*Q8=s@SFwgWiy`8o( zHw4?p2BeZ#ngERRM#Ku6J!*9ILuE_4mtFL5_^|MrU|E*6Oyixl!kpk~v{lyMftT}+ z@j1bMx^^1R5R-|Fcitz>D@NqY8z$0W7k^dAQL&BZ@Myp{ve0eW4&k<`h&P( zo8Ma-8y*}JKk$>B(l*{w>&zAMJs_DUFRa1@5DPVqo+jh>kPc=Gc9`iHWc5uGK zKHox4yKN`uJMHr*et+AuoIh)y7wG&2&R=ler{1Q`Uz9qAU6Rfb-?kSD#w=jWKC$10 zz}N!~+6rm2&~CE`UTqu2`6&B*uk_j&&c`_Sbv};san5~c(l(y+@y>mnPvCrlb6<2l z#(pag*)X=T_n-2o1F)@{^RA=z)zh($bIfs$S5Sog(eI?A>*6S$j@4rsbII z%yrnA>##G|VP~$x&RmC`xsEkA7`x6bV$F@BRC}RiaMRiiH#VJSXm84@Jle>kjXc`O zqm4Y;$O|^C#8#DIt15id8k2ji%ER{b_2AcT<1jg7*(@Jx5GC7+fU77a8zo!RUe&ip z{$OHsk2LwHuwS^W%&PvV)Hzn!N9FakE_dZblc(HZ@|4@@{|=w(f*5zJezjmb`GOrE92hT=!%<3|<3 zC!@&wk6{k(IQHotA4+`-U)J_t1IB-?zC!+Mb~pdE#gFgW!8bo5me2_A7iSZ{&Zdqf zJ6Jz6n>vR7Uajcvep4ER1I=Ht|_ZaSUy+R&l5;s4)s@%^*jYqe|Oq*ren#2NrU zVGT}n=w`E@`q=Q6B4X{0)aX*D=gQDjC!WRlHpLp-CI+c|z*mrgF%gZaSO*_HaE3>g zw8v!gNBHf<(}8t5uucco>A*T2Sf>Lk_&^UgeHcp3I31ku{=N*=L1j?~l@*LF&7uw} zD_Flgi#n*RV8c7$|6Tg`p6a0B&C)FD)4cV(c70kB`%^}riwdndEgi%#)B3$-xHabi zr{6{Vj>M+~n}I*SgtceDNtE@ZVyqn%XPu~e)`ZgfPYtEeZxQe=g>K+x$+;Tm^r^Xp zz1bsiY5^Om1x!*4*hVejF=_!nq!zFic=rQuoda(?5N*=@F!fK%3jr7~ZSm}2Q-)x1RHPA}5mCje37~X+qy{LyQ70m+SmRfHe zUSB(BMBAT-cVjDQqovkc`)0q-cz@UE=s98WTM}HhfYX(l;~MWxeIRg=$7(6=8Lk$G zH}>M&B%skYz!@J za-WCyX8L@s;rG5ZPn+7;-qeqZ)|uhvT5lbh&F>M~Qw^|q{6cUj9={GAXRVdX{T>|p z>1PtYD3kvpKT`GW$o-em=P$D@$!>3SToPWm_t7yA8N0)*FU)z zo&SDq+WIHG&=an&H#QJTU7QxZdTj*<;$n@u~39 zRBY5#Y!o$f$EISVs7I>8u5Cxh@4)`tgbkh>a>gV*k2l9qE8xzDi1_>03>Pm^R~n_J zG`52|5j&X^q1w_Hm=m!Q`&WkjtC0P(>q?nh>G36PAGa0QWXmFq%UX#aK1HnfFgo-g z^EIA4-ZAIr%DVtt0@&_G&+lXJxP0nEi_i%Tz`Ygy`l|FRzfaJwS7jRg`cIlu#Qomr z*Tg3DYoTouz6^TJJC`}c>|Yx@hk2M*-|!Ol0%)7u0}UrTG%RF1_eE*A6dK;{(2#a| ziYKJg@aL=*5h+BckD`Wo3^mN-s9_#Y4f6zQm@A>-dT98NL&HMq=qpZ6LyNI?Pc&@W z$vjoj5%?0oXXt31*DE@jIoN%z@MF}6TzCp}T>ig8$ICnE_~Ce`9-TS<(a%}WQ}yVI zWl#A>^cm{_L`N}3_>46@RfqnLM~B(-sqOjm*P1oYyVhG}E@?29jqK$idjpWY!N}g3 z{-C?oYSZl+3uIAyo?XqHp69;Nk2T2AQ~j8?+B$~u#CW@o`y%P7Dr~IZA8sn`!LO)d z4%v3*knLa&*-qw=J<{(ixDUB6)coBe``clrez-t8A`+)X^GmN?daWR)JqR62EyZzGQ-D z*mT&u{t9f{|K{KJx{W%D7BRJ zoR3r#rG{pd2j|0crSM$ld~9y1mp^P+wU?Q`;?iKA^$9PLN+SNoSoYp;if*F(eWq2cw=@Oo%?Jv1b)SX%@Qi&7C_ zXoff26-VsN9L(B&#=q`y4(6LhtgB@`FF!{yQhmPFL4On)Fc=>*VFB1bd%^h0lL;h*99KBuBK0#3vcMkc%$ok4qf3fFI}@fi>|yM zE&dF;a^IzEjzd?28|Ky@DeV)kugY`yvlBNPv?pGSdsn&q$?t&rF|#OD&wT#G?4s0G z`j9BJSdY@~i{xSzZGv0#{vT(b$cvJfD1Nh#_>T5bQhXrJ`D6clY-1zm1}^-pBk`PY zeIaYno7y2STqBX2obVaIrFk!jLIX!I@sSnm1_y0e&itDffTR8+Y7SL?ZMAz&j*0t( zw+ZIm)B(8dGQQWiH(teh^`81F8|FU1oEd(@fjRMz-EI-OMD0HAz-Ml`O z`VZQUbcBLmhYqJYj*?v&`S7XP70rFS)#H0~+84jG-k4bv+Oz&JnX+15?B+IcgrLpTopx&%I$>l>I< z9vUkZ8bs9Yu-~cdPQsE+BJlIY94{V?0J&-OjSMjOudf9 z*lT&53VlV}ryn{s+CB&mb<)!r4_~WzbJ}>g`C0I=iE-s_e5{ukpU|Mbm!Y@Ozf`b)8?NRjAl;@#`2~G;{&Dz>jzH@CeEA|Y+%gU zxC46clz#4uejZTMjBj?sA#4>ih@!ueo9sPajV>bI=;{sme^1Q9CR3}zT$Z5xkB*K( z)p~v&HhGxQ57=>NB^~y&Zynv3N4;!&A!AVVT9;0@VN5TV`Z zOVE6GDD{uXX33ezG>9C|TvFg`pjqY>u$?};ik%?ZdXU(h< zt+iua8s0^liVOS_zYYKBE!W3djh@#!bRpW5U!>o0+Pr`^cb@FoVRpTrYEoBIpRVW6 z;rXhx=U;Z)rmjo+n_AG6bhCMn{krvDf8H~`81zv6T_4Uhzd-BF705;*lds+i4=@%k zF+R^3;UCf$(a{fnynV^Qe-e$A^V7VCOzIWoca>9vsC=$)W$L4O<_I-JfpU8tAhRAG z&nLNNU})-G?^G_uxTO4{7+6^WV`< zk{T#GFADF&|8e-g9{x|j{|)eeXUqluSMEXlaZGxxH?b7)F}fz{KapQe{HL29viVqh zJ4D%|!R)iZUJ3Q=caUJu0@a>1&P5JOkwfs*44&;VoE>Wt9@fbAVV?{xSobIfkBjg3 z&ouRjse1O>(%O*`u1C3^d+E`QtC_QH^1w6EBeVHuUV!!I%*_7xB+1;oWEJ_`Qr-uDpOw#baVMI4@u!%fi@SyF9rV#c(H3?;Nc3d&HSJ7>Z#aH ztqY(Sb1Qsz7#%8G`d;|dY^nSt#hP2;t;5Lu7?00n;x!d^yt(=ejmNvko11q)f7!WO zVs871xz!PKdy|;kJH*`HW!(U5@1ZIy)wI3KXNuMmzuiy#wvPDio5XM5A%6SrRGvkC ztB_x8>c2{d#6Lf;VDhK&o^uA&@?Oz|d|rTTHRbz)QF0KUmm8GrYu)HUZmYV#lk1o7inWKIif~zxGIX9cSuQ;K6Ql@!`jAbMZMJ$9t~- ztu>!ay^7YeLJu|Jr+$`x>zs@4;OA6iO|q4Fin4Wy{-|U8@h0PscNl-X%lM-VS*oCq>m*B=_=<{c+3QVe?kj%Kt~KSpu+}JV zzDaRzcoV*?$If>7iuU;52M^1HJf-z zG4&Lx|Dc}nFGGok<4?PB3;Z7Z^pR%$%1q6%$+E794rT0!-%+qx@jq{z$d28$$EoWp zCawok+ex#X~{X&|az<92384w9ogV$D+itV#!c&uH{==q;uk0u{P&EeVr5UihXE5zn2`E=HHN8F#C%{scpoM8Y0pPMVjYTBlysIhExxuZ^{J%1-D1jOvb;tkgG7$2Oz4 zukVL_#s@7zR<=HV^4cIfU)nlT@7s1gawE3wBXC-bEiiR2 z{cE62au4gSzs6d4u?hGO==YAY!F+#6b)K5dE1U3_qvSVYjER4&Isx=r6ulNhuf@@8 z_2{((dQEHjH=@@Lq1W1L855vOdeSxR^ilV^_|TT=mI;ixe0?jU#rQ#jneq2`E$gy_ zXR{VNeAP+}X1A~Z(#`PHSmt*e1}AOs)fCM`1P_P7;X(G<8OF0agVupI_Tf=ocQwyH z^*7dmr#Rou`C{_4t>9y9fHh8o_VWk-hT3Ur)Fb4>qwGC!|Gp14M!~OOI+u2}{-tnS z!F=Ngwk@CEIsBexS#{_0-{=q6dkq1T<;$)t)ExF-U&y*5KYYgBi?;1`XU}E6QN;Y@ z<$Ob9UiX`~d%mgun0UYF%l8aE=zkk@*zFszv>aGF=xaHBeS^Ms_Km*ky7c)Qo<8Rw z*Sg+Hoa-sp`N(81oxnirz~k1MN7T1X%;&jgF!RHhhxNp1+K0?nw}yY#Jg6I~eWvKw zUiLK*teRhU&nx&54t``eHu!rZa9eu_R~eEA!WMmA_W z)~#)OjpO!W+v>fypX+t}L(eF@E!y8UmO5xNJ{}N`y~(|I_@B-F>D-^eTt@Hxce(c-|5|7H zl>&SG949u-oO6wzzdz%HjbnLUJW=kfNAZ*268kZFDzoN6`mcGZYdBW&zgp*$kaytG zm?aLc$B3uNMkt3l+3K6@N6r5xU;pH4jxFP@)XpWhPV8uBo)i3`d4-x=t$ok5uH$^G zZ{1#BU-tdUs9W>Nn)^2UGAn;r$G&+XD7T&<>T;z z9b4~XYK7OmX7580!?qS#<&Q+iS*ZkVx@)W@Iy67hm#kussmO=o(?AV+enaV17l$8* z4_EMhN%rx7RqRl0%;j0xE&Skcl;`J8IkxeN$62G<$bwZP|K^umqgZQ5^91x`;q+kH zxz;lIT*@z$VXNlp_jsxW-Xu;=diDv|xKgl<#RBfN!Fc3eh=c-!WI`@QlG7eZ0nd-_bec zirM{vb&Jft1FQ|ed@AXjZ(oOO-DH`y-HF-Z8|Q_GT!AcepZ=S*-Q9TJ$_YGb_kY9{{H46Y(e@dbOpQ2-nZM~BdTP0+tH$Ln|O0Q8NG z!3P_M4+c#W(7Yju&1l01JH~#5rz=*{o7!#sCv=EIc zre1gf>n}2w>U!o7Keg)Y@GtKyIext#e8UrmKLaM|m}cy@_9BR(Yg8M*ncR8r>Z`G3 zr9IbI+wl}?oUvW$eqe8EOuhEijU6>(>$=)@$q z#(v8t4x_Qf4bbH`(B)5e-g^8S&_(mhj(i4PR72qI5#j1_?F~^b+VrA!w4FYjtj1ja zrq&6lrk2R8r5VQ;D$EWyS9pCP8^522ThUUo;Ki?W?)~6Wyd_*ONOv1EKkGHp#weRNcj1n@WQD){W+#y@LqhI_x*jk)eA20pkGUejScJi-@Hp~l6T(Y+4z8> zRF!IFcuwO2>77;jPCScv>j`x}yR^?rjC+>eJxDzMboR%IBOko4{4BDZildKY_YzfE z4x9l~O9qU)?0PBY*OOC}Z-yNWzerp4JGF-<`&2(`=Qk7Rrp>fh!T&1STn$Xif7h{b z)u$cLk!Khpc%@^G#1$8IYkTZ^Bv&`Zxc7U$qnvl5!ftm9Z9PU?+ApP?_kYj=E_m*z zf}xB$B?lMtRF71e5w5TDcdJKoWm!4X-JN~N2;ZakXMzX%5S?v*tB`LM@U2zkJIRx8 zP|jbqkPGp*D#(o=MW3uLx58uL$u@qQKB-;_{Z)_8?5%@xEL8Nv6-lW%bA9QA$e5p#rZ4ll97{rG+>zaPS9bm1HhoU3^* z2A)IC`a+`dYMzgyn=Rg1ce3aCrpA=!dHSd4-={8S<;k80zRu@2+s_~3`P)6u)2|m- z0Z$YdhT*5`dHo)~$A13LJa60BKE_Tk_BOh{fcXgpC6|Std+X@NZr6rg7T(D*skw>omk7K1G?{z7M+cb$8Yh2>r!xiqzanFecfng_#JuC*p>DE z!sDS^96M40t>W;vGYbN@H2@n`X#t;6iN zaeBY*^z9lli__>j>#C(yeGd=c;O z#uw=@{5cJVNDuUO*Z;5nI`*=-dpR@FiMCw)%fLpGKIKj+j@b?&#VcdkM9?qOcrTW&t3y; zicaLK@AOBeOU70o4Ag|YwQ@hZYQUV-IxKT!Y`M{&6||;aNSm5I;YGE?bBV83}A# z>DxARIdXM*2|0Gf>E{n)jcatI?8GewKH_xr*Th0}9Xuu`5x)j^jiroPfLFeQaG>9Z zz*{~zc#VD3sa2?Byk6Jmq) zz@K>5-oFeyaqTMxW_xX5**5)8qwl-}p9GR2_~bPDzSi+W()--U>2rLkm6}Gs8^HU1 zc(oB*cMW|n61{!dX5D4>_~`7j#;^AN*V#2+qt6Lo*Sk^rt2H|{efLqB!SuVNo!_*c(;Pxzc^y{O->c;rocmczHHyTPOO(vE<~ zmw46--y-1KioE4;z0ugg0DTuud&{@JNIa>m03qTwr=&utM7}iXANO1qq6CI_PcQRhFt;A zujHR^RCQkOAC8rAt%AB9>TfJ7D;(u}adL<9zs>#}@YisyW&G=}g#S48gN@4DXxul| z@*_XucNrP2hDrazZ=ekr*-)=lKTYWDj_gOs$5dQFMaz={(VsXGG6TXWr5pyWTIC^|#ag1NjB=2|CL9QzI~-x&z+x<|Q7!if>?hqocTvt?wwKK8d;p z`3m*;d(yknQRK(bajNamdY$#qQ87LF3VYZ`OLc1X=C#x^W7* z{XmWKx;x2RnLItY2jzS9uEwiv*pCi!A@iJTqO0yDxZY~ls<97BznWU|4m-)~&%hVC zkbl)Je2=^T3?e2K=Z-Y{emXw%t#h z)K6@<)SJ7toezy9Q*Z43U}FM!wpmuCborCWsc5tb8ic_2KJq%P(8#6vVd#ChA|u$kk=zG4 zrPbIL!8sXwYUZ98`m-iK_uzpE_4E;$ylm51_Ih-p8@|mPbd|~1yFR1OqMo3_&-ggA z=I?(+y~PUnXgR#R5_rpOzbXfRdpLO{+9Q{gS*KjmJnW)yQaQW!@Q3-PzP)e{dF~P9 zDcM)6bdB#o*#c|X>z{PY>CN}j$5<5}Tq(}&jc<#;lmk^=nh@yXZwY%FrjP&P2d&@& z>Um7f&mEV9bE)Iml4m_P0$K;4Eq1o%;4iFYtT{aA;1kv|#wl|S{?uCb8ht&u2AM-{ z4?b)yt0gBSn|p9GYq~nm7I5t{UE5_XW2`gh;FCO$ZXKs<&ru(U?=hKu5H`~$Ii&-_ zXA||PKJYntkF_k$JCp1ACdUZ;?8U$O=siDphi}j~{0@!5TC@hyw!SLIqlM+ZmHFZgI%rtiSP1=g~A z`Mvut-?9+Lt?<@vt~J41WtJ})r;P{=Y}!Zi@jFC`b6kDZ@~E*Q=`!+2NY5DwY z`mH6VF8bW?10#raLtpt5k)@#&ifM>_4?D%R7}wU=&phuwBR>^nVLEF0uk8Yd? zdBgg^1OG}apq%=UQb%J3%_5{J_QJze4rWoOrq7Q6Yb9l_eLp|`RABu+x?z!-L zKlTLmpT}6In6b_{EA0wAAod9$JqBb4h^iCm5Kj9@qDypLsPug#JyX#3pC+4zxF8 z`$_N$@3bzbR>7ACPI7B1(f^9~X-^Wx`r;39T+R``5xn}319KHHi}%Xtr{v%s@eSuL zFDi!M#vcTy_|oM`#UJ2H1K*9nrDw&D-grY4n1)$)yg@OEg`WYJVlMUIT(P-3p+O@! znvU$x1ut>-P@IBo-p7A~Kg+~c3M@Oe(m+3;;d70^eGq*o+}}Vy8aQtN_qyIdTdx3z z=KZK2hdlUJJw~2( zc>-9s0;^!t_)s`kjjb2w>GGdp%fG?%C!6WYMD`=}ElPjAaxHyxMw*Vd zX*VwH)1F(zXI8&%;x2rr>)H>wrZJNA@jpCZVm00F|DPV-`5xCKm$&e|ZTB;37V*0# zg!~s6-On0nf~4 zm+g)9&vRncH!C)UPPFYvR?T;*wNcDg_=#3&OzltJuf2unPi%WA^=HX>Hnh(}-Uh%I z*!*u-bob!`-ufl%Z~FM;kH2@uckEqQ1f3Eg@(|X=;m7EQyUxc|Y56GgOnLWb#-}}# z4%fIexU?>i<@|N}mp#DubKr{uQz^dnd|+CDA5cn6k+}!RDX}={gfV(JiVnmk?6Nkn zjt%2@!#j?z@BN()S8f_y{|Q{iKPtB8?=3lBI2+vQ^TzNi;_`)%9nssJnpZ8zh(e$Xz999knj%%R0MA8+9M`*`kVWL3U^ zuDkXn#IvqFDM5ZUetw63ciNmk7KXK^eCN4igQlEo=jrYtN4J(S%{JQC_tkbZAN?~1 zoiYQw(B3fi3wL!!(~Y52HE=XnWrQb_OOwucoA#SH*PON{^iwl7VFvY)E#Pbudt_fv zuDxkIF_b``O6fOOPs=uZ?*eQC@2Earx_thwHIGO)E7!JJ{Xw^Vq&hWpo}Q^kHzpbGT z)p0Twd+sp(VGfdk;UV5{<-C>t>3S>hPPO_~s#dU#z8(SI4ku66imi-|qHY)+($&v_ z=x^o82Gs1Lzs=~8)=9hv54EAoVx!2H@!pY{=Yh*YBUHb%myoeZ z^ux7Dqdfge&@XSFw2p-OBws~28|ddAzCVxt zMZvl3uZ!~tI2WH8y;E$@G4=koaoA;}e!E{bDp2zqYT?rFy}`ZoYp-!la`18w&+j#D zDQ^&{c}%r+=*VAi6rQ^2zQGoG0bs^vytb;l&2V!D|L(*HUH$wzIxF3N;A3x?GHk5z zk)Ot={@v;iHuk;ygN-B3B9?iL)&2xA_{dP?m|CML<(c7|oW0I{vXi}&S(?tJvA`)BFAgjm|s(2(a+k3N0>+e6nsee|PgZya6u-Ik-=PezePo@b5t z2WAa@&~9T7bJXyiyT7yb*GE@A*=pX=IFfwSi<54BaMsFiJpKK-e8;D2XNB&Z)bGJr zI$wqU$e76d)VF-gLW8V1-fvI(_2Dnnjzvtavz@hX9G&!r-OgU(bLzuO4m|2NbAaaf z9C&oTMe#b|nG8I8*xzl5)4xf5AAEc0gHIiublb0wPP*T2uZa5^lTT`W;O+NXw;sLe zw%;86=ncE?5%L3n%ezI48wy?-86M6&iPQW?HxBE=nn6R!UF&+z`R00Gu9xIm6Xb(V zVVpH3r+>JZ=YNnvO_-IRyr1#8^UjfiJNkvEaIb@Vd$K#*Vx2_$dW!3o_d0Fq`D0uU zWmyw0=Np}Eebc_z!o3pqCh5HXQ~P=Y*EeT+u1DQ z=Wu-v!4Lf1~z&)&z}_NEWbH!72Xf`>Ui6!{zT8iIwT!rX41DW%=GTca zmIT8Ui%Ta4@Ci3_EuVQz^Rbny7MDz%yvAyO4WB?U$!jx~KjU*T?{N|2bvvj8K2e2dTezboO^K z^S0>kR_?D_yzq|6n=?<^=ZXRJdCmnV?eoRG>GLmg!{6zl&!zM+V`TZ;-{M%rJca3L zeO~VL`BnPt(l?he;HLx5?(`))@NYU;W3r4C>zNUNcrH|*D>+{fG+dm$9&!Zh3&+C~d#JAXT z*_U5F2_3Li?sq!M0+4{3s!(=VzFR`RXfb;_1DERd62PWsw}wK&g~WOGDCTm}<>3O> z4N;Cq@fgKLuKFtZAlXoS81?5b_*~Qc)F=~!f$m&)$8t8$sK4%WA)d2%PS5CB!<)5T z&l%q1JKpObzl=Qg(5~c6{5HgqvB%Q*Z3(*m(*fso;(xk7-n zBh^l?38HPWXgj?J+EQcNjkdt#rLE+9TgVE^ZUnHk0oGYAC6`fZ1r08z4T%IOw?mV>s3NybOO;(T?U@ z7HJ&M`ZDK`b1Z=_oqXbHvm4!=HoNiO=RB)=ln~!jtyV`_R(0-qrv3)sWE^Yo(GSKN z*y|0}1s8^+@Og~5x*PvneQ6q>^Q|fHuVTVI!8I$LPhEH&KD`D0ioko{bNE!eq(7IR zK8s%~p|_C<55Hb`3F(_e^YCO zyldUOU;ebisWZ3b*R^{lHZi!%-@M4_w_9uN`kRVdcI$r{e1fe3U1ofC2S$w>6hAE_ z2C$bgn4K?katjW;7BugK6`HB$X?-tX)wsMN-_|J|KeB0+4zuQBH00akXG1&>{YD#q zxl11?_HT3oIpGf46@O>K|Bs^ci3#o6iq7AP&JUpT6-$t8zJ$)d+vxnj(nd$;yZ0V7 zIzO;fI{$7*=j$2i1vl5Q-{^8*v-)Gj?^FB^v9|UKOJ^D7Hul3w2o-0Sz%E{fO>y&)PUnRgT z*;0OMeWvETgs>~t5ZRT&9Oi$4SH*htUr3J8tZ#+xh@*Q-L{r9>%AcH5$GiZ(r<|B{ z*jjXlt6yYKrDI&(66c+I-tqsDoRw>{=;L2JdLxQ$QCk{g+k9{9F4@Zn??-w6qjNlZ zL$U%tMihU#?5yxS>5bwpz47;#kZS-Z>ECm8$H~4Y7+f8z_dE6M7l8N89^fsz9Ve{b~R zboe`6A0GW-@9lScg*~68n)OXS9dJgckI;e4#^!?io1ou~$n0)pSGKM!yZS!jyCvD= zUWh*!e!PkP%_WBP9~~RFu)e8k6NkflH^GB`%_&E|OObCs@@@N0p=VYi-&2iz`l?$9BT0tFZ^maPFy1q3;P-n?%~BV?yL|rc1@s4cl$?i-um*+qk7WKbJlt(< z-Z8{U$z3Q1o}t_Y=S8ZUf~VX)8QeAeq#s{aoAB)(9pSxy*AagEm5%V#FLi`pf1x8h zE7_A@H3-^xzn#H)bw^5B+oIT8muIho!+2)MX0y+x=9UeriSgWbCexnw_AEaw{1f`2 zm?rB}q%!D_ch619F>+(CU(9diUi#4=_qhoCD}Hs?FCL~fV698T<+Le&xevI#aIS_A zrSC$jeE}~0*7*83bs1$Rdv=)3v-Lddu3y~3^UKqof7xw&1hR;{b*^8m_nh^M|BLq$ z+*f=+H zQ-{-MLr-|Tlb-w*J=Xwh-pQVI>B+M$J@4T8j!}kJI@>n%RNLwF)O!v+Z{a;JJ#Xe* z^n|xJh`0ZXx|QhUPTt<&aMo1` z?6KFozLa;+IlC;Yf4GMJIQ-d(C(*$0otHo1yF%V``BP(&3g8o;F3>lC3%MR59zC1q z=GnZ-H<+&tE|fEwBa~E3z%E(^nVEvr^Fk`v1{0QEC#e{SH~#0DCl8R^4HL|GNGkKX_jo zF#g6jpmH}g^5u+2)TaEe!N4z`)xNpfKi6GPOKWpY{iNO45ZOEB>60AB__rAtwBJCSHI~lE z!{4Djjh%*l&@tzH+H`T=I03&CUakT5=2BlU!n&QRdvxP;Zhl(vLhqPH>w#*G)n z|537-0iRgNjAZaBVxSi-DVg}d$gXuEM^iWaz@=U1)x1J8%k0D4{Na?~T=p-X&w7`6U$=HGEtnL(1%7TuUnIDveafPvSPyXwb7{sgmu5V3 zX=YF}z!>__Y-FZzN-$Sr1()8nHV-u~2dC;Q`Xadkoxpw7j~SUF_xWb7_3*qwjJ?ne zsx1vsCm&m(-xq?oAtofl^sIgGoD8jhcVov7vm8=5@ zyk(ho9n56%Dn4+Io&!vwm&QeV9AYT6O`?&gETm zpBlsd+}Cw<9nXiJ(Y&R(n)71b{}DBaoS$Q#Z+2%oJA~#vAkJ- zZ89_{HZjq+taEb1tF*s;yeqcx$rZ#z@!^q=R77^0_0@hgoV6T!T3-zvY4*&;=kTs= z)QsNhw!RwYsuyx`p+1}S)!?bfY~(DhuU_3|)>oq+C-yssoI`H4x2-5`MQE!h9jUdO znrKHjHG0V5OM9=)4EC?}&f~K80!Zic#Dwm=u5UG^@p;tfI)BZZ^jE)MRXq~VY~j1l zm}`A%c5(codg#ENr>=)0p1DC5f382hg!v}k{G{g1HNzVbbbEA>FBn_u3&wBv1?!jl zg3|A*6>VgkcL@II=*R&7{%Y@CRs(P_^z1NN)=X?BffA7N4h~6+fRfTSsjitSl@&T}Q@`2M1dgYXD!gs#_Ew*42 zT>Mv?`4?UDvoyaxQV8xxf%`GwejKrbaeQ@eMWUpwqOjp{8nti z{mhfx#F~<_1-D`g+;iE2vL0+f3Ax+X;fD)(f9?mCnHy&8Jn*!aLbpQbR?!39N}<~# z_7hzif>%QDN(f#F1seuq6VAjY48@o7(#>zvtr@?o`AcZKo2_x$cHvESgV&Mi&w({U ze>!E_X-~GQcJ&vR+4?(9U1nGG;Lqp&zr-*2=A&JHx!3k{< QjT)2A{b%nrv){y! zsPq8q_s>1sYLD^0@h?_g<@gsi-@CN?GI`By^ULA~>2u9f_&Pix-ni<2z#D(}1$g6R z`wy^RN4NM$({%Lt4Cz8}yB(df1D&!Ho$@R?$`aExgGnlb%5EYpbEXh zI3sh4s+s|1$S3;89gq|NoiXBOoX!RH&Jda8ta3 zN<^DUf&yx5tF*S&_eUToP_!1c)mAh?f{NIhqxMa!R)PVQ^kQDBRjYjo7ePy38*jbY zzRqNFgLnZ!C5q<%`R;Sh%*kW|3DWoZ^E^D0bK86Eb=zyLz4qGfc}abt6EfnblWd`D z$x%F18>s3KXom6GEkE7!$JVi@$M27YXR{uCJ?k3yD$zw&ry~!i+S`zYHt3lJ?AlYc z(>h{hbP;PD*p%KoI@d;doT?8R#$@uz^DAWENE!J>ibJ;{r|sA*>48l4`lN5)p}jtrY7b@h$_ZBH_Gaw;Rm4cBHGqFt z@v8QQ$(B&wPxNB?1y1c#Z35PJp8lY^mG>jW7v3VTOnoV*xS9B#sm}onZP@GTPqlm$ z@6tNR+%)UVJK@C@R_4kq^164XW^KQVxIx!*f>_&VmjYW7cFq{Ysrx0&~k99WOUG$|K zpmt)UI^$0F9_HFxhg6=j-?qm-y7xfW&OVatx@P4Uk<;JAui;5xjP1b~3arDyVBKzVk#Wq+Dyy&~E5>!+Cs`bm1FzdFi47eoi)Q#PK&xfkW@C;gW>@8WmLYnNV@Z8}17 z!n2*sJDv_XT)JMihT?&We_Ysan>V{o-TGzAwPc-34^Jyjw+cN`On&xGo?WhaKqMixw`Lq8O?9W-zuP-!!8)kLDY_HwfA;Bp$qKo%;^^ zH@$bVd1nB*t}9s&sB_^^j9PW{BeG3^=|J&C#X9|GckfJccJ~V4ZT99a=03;YOk1bD zDs!#){+>`Eb!8scTHpHVFcWKGf74()ifn7$$>do+nd0P;3KaQ!+t7ydZ1@r%odAv2F8 zi_t3oNUUa4)R2!oF`~8j3uF%s@P*(`Mpay$o1M4^!;hSoIoYr(+V(-V!Yo#knr<7mg>^)bW%D=#0 z`QpIh2s%P=X%A2-GTy}b;>tyRL(jkOyst4RcSFybIy28IU@VGtiZ>M(er~8w&SYC* zV;MQacbTJnt!P}%UR0hZwvfqzbmi=hFDj;a%laO2c49AbHYq{Qxc->@jKdkzyg+&^ zO6*tbEAOGd@~Br7Wi6*$Y|@RF5qmsXe6m|?WV55c!r(KMX`QLFB*V~1G!s7O`|+tb z6uQFXlg*flPk;0JrrJ0@Z%BgANy6uV(C5PEqlX!v2g2XMaA#t>;Kpx17AuzxxslI* z8Gj$D?kT;Y|GFpYi{X0qLblm|5YLA=M1Q|(YsL6p{ry{>a{YbwXzZ*lDlli&aE{ti zWZ3X4u?6LMlyj!qQerwgQKcU31R4^J<1!X`MD8# zh0%BH`>D$1th!=!jpB40u3&wPI$`)Unq#VR|9LjK9?%fqpy@6A71m9(_T;xIr~Jm@ ziPhLy2cq+##Bg>}*XeNZPqH}1U*7Mk4kXZe;pd?BcMpNqE1-3ZzPYj;;`@hoT+AF! zjG*H(^ly}yT^ljG4q|ri5wqJv%8vm_^+;C#?ntwO_nmHXiv&Nm%f5rN6CZxzsTTN)N22o*8qxZ2qPAR|CvEKcM3z{#O3{h1mS%*z+NH zTkp*IxNBC3?_|SB2AhD}z;(BC&X#1fem!fs@MhV9LgUBWM6N6O;b$4U2KWTmM(}z8 zdjWTXH*=OO^Z(8gzg_Cho7nvaIZw9xyy@tk6aI~D?>t;>`*r4K2kt-q8{5`CZN+2P zS{d8hpo41sK0^I6@z_@A{(^g!r1n(@sCVh7>wMw`EqqgB1-8q6ER|0PFNu~HXbsBq zFY$ocX2p`WVJPY+5zIcxOcGR}+FJT$}68ylus ziyNSuu0zl=llo&DF7kXG;{#RY;@cQ{e>LGgzL9b*Hq1ijQ0q2~&B?sAE4Q8Vkg)L; zFYS1YxE3((taWnXC-XjeKAqAf^3ngajT$7t)I1-!7IBXKwVY#r{j`Gi8>bbh?(@!S zaPc5@Bh0*)TBoxV6+cxibNNh8{o73He`HasEW56acH5!b4r2B@sqxT39oal{CN_0s z$5BW2MC!<%LLJ#j)R8@lIcIwes z9odTW(4X<$@YPh4GS%qt)DF=s6&<5mHM7abnM=;vz2G+HmvR5=I#+XqYQz!$@cU(3 zM%qgg{IaUiG2}*ty5`;+HXQ<(d%xXzUjMI4i*~tlV!-wStjRo_3jyM4a@cZY7D2Nw5VCqD1N(9v_gdRV@kG=PB@l_+UBpBF!1x^PIEOE2#}>>Hu@S0DUhyX}%SV zF}RmGV=07wgYfwmvaY1s$EvMs_=s;O(8r^+wKr}O4`<0U>n-WO_e=B zjpL>8+j7IN=^ZEWx9q(11y>%l?X}dxG~@8vW}f;RZO;Zqa!jeAk!EUWG>^2*+0Ey} zU#iiHftEHPD9Rv^VHDd?ncePOY-BC$Z;) z{eNL>C!@<;ym<6{+3-MG-4^AE(e`@tn^sqEepBmy!*6eN{_C|p>3o+<=a~PPu%BAC z&$l+a_20-%wZNa&b|S;A&XME=Fn^yZSR>eb2HsSMj+W|UP8?+C5)<&>_x~OC^CEos zL;`%t>c2VlK;rprf^QSHTJb2SzR-W(i0rxW&0`Ow@=0smYfKRmwA+USN?SvPaehGNZD>r07v z{<^P^roq^P^wZb&!{BewLE1m}0PQE9_i60wGS-od49FHvt^30!>;B{ICx)|DgMAv^5Gp8#7o+TRZD!4lb+bC{4>Nh+=+l#cFAP2LQ#c>UdNM$+Kq@k) zd;yESOF8JPJK^KeR`PQJmgnt(uGTQ+l!W04YfaELd|Tq`Tl!Fc{(J4@Tp77jd@n)2 zc7E5j4}AKyxAQ)odI0hGjpniZkY%qKzVGQK)-pAx>0b0ge!-P|h+Aqo&xQ5z62_;T z_I7gGL+o8NwMJz-F^4f{nA(GyyXE(4P36a|pI${xpf>U}x}LWdx8o~!-A|r6`mw9h zT3mq+e(`SWl`Qf;b65k-=338}^4olbb!H~|P&p+(CeI|xw3*fM5^XM6uwY8|M(dRc zd{;QeJC`G~L-Tp|@_=*ynD~9o1zG6blZTJa!7kAm8ZS^2X)QI8)(j+HU;b-Q^UP%1)Iwk_u=txp?B=q7 zsoNwy)dKxrKY@4{>r_`lN5fa}jCji9q3h8RroJ9HXhG-ZyD&YyAfGWW#9g8mT-*a%2MLH><9T94r&BgRcj2FXYw=hy+=uEX}ls zKIz)%-n>ypEZMbTf|4=MhAAVLWoW4L#3cH21w55#&#vBxz5&3UVUnZCcg*gvgPG_ z>l}?S*l!zcG zn?MZ2pKmGqme^yR^ky+*E4Mh05Im_~!9wC18Jv@0^e6tzi@>{WRLN^yAnv4;y~A zmC-?6gIO(_PnlCx!=_1g(^SjUH`4ixoa?n+b{_Gb?VH`2vnKz9b{?XxMHt&AN^B%D z75-*EY({5DHw~sQ@nJ4DS8iy4;g8oJ!7k&TiK}tmOB3rxf99T%n`I6!3css>@5k<# zXEGmM$(YUgC!Fmv7oYG^#{3reO+i17W6W*OkFi@9Ts37aV{QX~Ex{M4eUW~b?Dpm0 z_kW?U;!>)=qq?8uqs-cb?$W-dHSB9*FVjlF^((;#|H_UvvdX=Y?CEV{Y??o3!;ewu zD?3l}S?2O4e7!vt+-N_s&J|KyKTjA}ggmZB<#HhlsvG(*^Ec;$u_m_3{GC$Q5WAOB z_lEh~IUhi|k{iu+wt4?|?)y)gU&Y^+tp6|f-V^-x;Cb|;at+1%f4#ap?|XTMMc~Ne z{}tfXzkf$H1kBrY%h?^))b8~K$tj-e)fa5I=db z(v$LuUO;yx)EBJEy*kTY8g%Pglz8(>YTccTy*RVt)gSOHy?C{U3+yqC{bw3Gach5l z!QIQ8`pqxhrZFEK%dd3&vf*~_kICfXsl_JMaT99>Jk(P-kL#a5=>G@m%fB4l{J_U&0u zmg*cp&Lz>jAlom6|ABl*K7&@_UudVXxFOB7+eDvU9e`T;#7}K33#Zw0yjlRz!o1JD zOX$;kKbO99t)aH++IE#$osrqv8`!h&fciImJ7;5y&S0%JB+?x3qn4!O^Ww9C9%D9%Ce?kt2*M@90({{bnc2InSUz$dnEx_#6 zhJTbcx6;N|+Q5#E)yMGKZSC3SuHu0Oc67k4>jxZSo3He2v%dK46YM;2@Zkx9^OmG= zwhB(@;D6TTO}sP0w~w92(kvV&a9?-yRZK5FU1 z(30m--d)A@SkZDi_N;!H2gO$jG&OwH01SzIHJACPc*aR~E#rt9O*?O&=(IDPwNKtrEeTH-#OjLhJ@dF~bU5SU`n!zb1KFAQguTITC+QQo>WlAm zXcnQ*JA3Q1FriPbzeb;bQ=ixhz4duRl0F${eevU??I^Xx)aRn!`ee@SHcqZ5)8}*Q z6ML+;J}*nsC*#~zyd~8x6OHKeE4}r}{N1fju7}g-!=4TA@I{O#J>7D4@;+nopgvDa z(q{_18^!)dKX*oXXBvE4S$dMajBCZ44BztnL-Iik&+<&~z0bARx6YoCUjM0JlwSgj zMkmfV&BUj?_l~0fC_0h8VmeW|o910=s3_i*)yq5R&c@3p19)^|-v-VX0n6^DTj zU-H9V-l4C?;@~9ODPR9i@9*p?4l71?>-y$i-l4Dh;)f=qzo>QF%R8p83a77EdwC~C zvb+CiyM*}UOTD~f`eKgMxEgwYr>gk=Y=iHodwIveGqI3%LhFCi%R8p8X9k+S*7oua z?SP+=20st^-eLW+N^1x6m}9muABeVwXDUvzi{K~uir#gUXLH~o?;Gau#$4-5cH}bV z@XO($%la{gS0taq&tnc>Ta#|Drf=mC#pZDC71KBCCXH78>2?t^DgKoot=dA9Mtx9i zzO~Zr8oo`O=ZtL-jN1l`37$#^AA!1wwENp*kOTSg$brFUO@>1|V}BiIUkuKCIvm}5 zoNfG6@$ZN%L&NjUJLR7J;C}}jg7%PubM+3ibZrd(J5|Mv4lhhL?O+2SbDoVsT>sgP z&_{6=Bk!yQNZy4bLm#g7tdksz&`7OakHltNVr2XwjSYW1QTKW8jiA3}HHnL9*e_M=7*hNxPM_E1M;e zCatuwHJE2-B(}@FZ3*q7i(_-n+tk83XuF{#?Q-wG652KJmQFPD=U@8LZfTNsx%XhQ zc3*eeRXw_c!rPFfUG6PUXcs&*7Q1#`U0>R*NzyL&u1#ncJjCYL`}@+amEV(Y-1}BS zyTBWpLvQU%yTK&wa<3#=yQij^xp_ff+6^UXmwP8Av}^dmwaYH)OS|DD_~qX4gmw)c zT-*7azO-AK1YYh1lC`_Uv31AxrQM1o?Q*Y!JOoc4M37_PjoBeX`qFOA*q;2ry*HAz zdj+`~oO|#wHR=v77fIS}7;A6n*>23fYVJ$B;Uw*HZ(TyWDbit9Z2*VB`g z=*fKf6X>(tiacAsTNoS~evw46^!JT~ z{*FA%{jm?UTYqOK^!NUJ2Y-iad>^)U@9+48{{C{9`#bjc-TO;P= z=a+~3*&q41@Ml~e&AKyk)`ZP}=?-L!bs8fR$fRU!Ilrp=ILEBDIx@8I9Y=;#gD@BQ zYvR3Peibv0utqHz3Si^L>Xas|%Ztyy=fWKsK)$SxpVt}qM#f^3I*+2BT1YjVv7TK@ zZOK~pc4P03jMe4KcJe%H$9Y~w zu#|ia#VX~m7@V{2ZS)eqI%DU(_T7#wCBa|Nhd;p^(?8@A`OhyfKCzW$=eoYfR`zae z_U(VI#a7Nor&l%{Z&zUN3KpZ|xmL{eXmX{z=QYHewcZcq6g6CGFWseU;re&gqp zgo*8cFl29a&i+(WUoJqrzL*+&#nw4?5wYpqw43iORIVL-sJOx-A?Ct{47(V3N!<@~zQ%Nr3aF9M6F=RN%HUgp#voH<@Nj@O4)P3A80HWb6!0&Xj*X^tOK zkO3Xj-E#}HR-d3pj_V6`x4wB@Vm~ z`0!mLms4ZL?Ne>FGB2w=)naG-RaqNPwN-1Zm3Ud}X4b%gwUy_sz?%`a>^p(;Mb@ z?BuL92QT=9T$`G=dE`FhD-IhC>{pPpqyB?IaHtqtZNPr+1N0xT4B;IkBb82V`eo2i z_2cu*x!tGOQR1fflJ#Y!$Sbi_cnZIj8uIw%CsdN70B-&D(H$Oh_Kv2|pVl2qkcZSD zYb^OjUK*{66nk5a69@I=a~^P4BA?BSGtHGv6DQ+(BJg|f>AA-80(_wJG9Cq|TNwxY z(eG^o|Ls=mGg+KzE1Jgcfm_{ccX10HCx@Yt&dB{1xb?T~wHy0(Bso;@-uPpv?+vb3 zBJ(F6WpyqB-bKKB!XPJRJ9-ZIArCwNtYZSyt4$}?i>;N*ea$J$m@{fvn<=Hfi{LkX z0zcy}z&16xXf5JZ#_%Ar^Ma9`G;`*M_I4{5!F%rTYTBYX=vwiM&U(_hA7;NYYrXSz zJ^i>mH{^W?SK=eZ zhNaKMy8{mc@7}!Zz`R@b`1`JH=k9~fL~aHk3+T%wSH|__Q||tkuCh}*7ACQWz4N73 zK?}eBRXZ2ZPJhmqa`x}W?HN;(8eDmF5-+9scu9P8p36tA@Q2n+JU(*HmT-9JJeP;` zj^^$(+B_d!r{WS3b%-(TtvK z0gtV$Wy*eFuS%80dC5N*L~OAT81O$gfzNa6j zb4^`#BPT{DW4r1-#+F8%^VoYAb4_h_^Ii?|#PvUvAA?QNbSXX{Hs&<&kdM8o9Qv5P zALr?Na^6n_{yd$h?CARsZzGRlID02u*wv1BDomW&s+eLI;e+qM){8xt-NE~UX&y43 z!W@upcu@KDPM+ISz+~(b^iq@ZPI%vu6Lm9!R|Fg`+r7KG340~PoKS@S-PbW{e5D5&-=BPA^N(+Z z8DCsqcy_sH5CKoQ=>0JAEIEis&cSiYMciX<4{Y=-Jhj%Z;*5G zh2~k))(!Et3ds+YO?n`o=tSR`UQYtQm%lOdRM9A&zY)0^IB$dpO4vhq2fSPkt(Kvi zk-?DU%o<`pG!Qw1Hkr6X(fUmEa`Xsu@pN*U+ph=}WFHl}_k_R?*JlN8zBeb3 zvuH+Og@IQ!a0Hj?%4PCDoBwLhf1QOMsH5Mz=$AZR)mSvXPD)5NN@m^P=rcvS16%eD z<<6j|A|=xbmWrl#K*wdK-u^I+EfqM*;e(CLZOZ5L>eW55d~dafOAmML;7R7}?W$*xaGkS<3AwLa*Wl?C<`Mb+@l-N*60_;m_8VL zcgT2q>k$>NP8rU5BlO+dyK9MwuH8Sv9?Sm8lX%zIg@yQST?5zs4>6q4tofMp4(B6F zi};_H8q@KSiVvzQ%=%Q&{^Nl6tBqX-UN?a!!P+j56|j%BaI5d^frpb-YQ7;9S+oLBmAehu);kI4l7 zZQ#5OoVNl09fF^ErW^cRw=C)%=MnHZ8omr_&ROE<`6kZk_23uGONG~ej-MI2Btb z*)x4{E7{-O?10T~{@+|+&qNmt2=N?!&zxpzEN%`JT;uIePfdTNFl9(b_C)rlr)IwL zi;oM}tx9p~9yXO_7KGavdxzEeg(F#uMdv7{C%qy5N3XD!Oy6zfk1aq)br46_oXIog zGQUHN#5|i7e-?h4_MYRL4e0jG*b>{Av$kVP{24v}8hd8{%AWH#**A;q?W#?;n>J_o z_RTtHSw)eP@Xd^6zUa)E5bPz^yYYCS^Ip?~=s`tq(Jyj8XP!fQ z&TiUmX}y8>;IK0z*hRTK3nK^8xym!?>NBiIkZW0<)+GTrKY zRd$8WmKA(^GpRY{z+(1l0?)(r8Pi=JEX?!h_$Ou4n_8^X!4z6KE^F%+s zl|22#hmVGip8bBizx_6xU>7Cy`(wA?^XXUoF#2kTHX-PelNRTfhBlX9+~>XV%Na4g zIK||hc>FRrc0Yk%_GNeDm!pj)w_hkbjyWS=TSk+#z!)Gax{7}g|$i5bZBOee_Xbmx`@WVGIs44=4j5d zk=tG+hrQKmLG~mScd`vu&cY87nrJ&I{AKmAq@>k$!*sa_n!u8BN|%am850 zUdX4;Gr8EB>!R>XKJh;J?9Gh*LF^pa(Z&{WdcOMVOb?z}H-Ai@jKxM>%v_JYI!Jh}bjA0ryG(5ApZ!v&& z!3;0`XQ_{u27`y8-~oL2;{fgO@&fdV<@@Kw1DyR4aerCyHO5w7%-GN|JdX5v*7XBV_@s|efD#4T12ZXyc+SIk$Q~YcV zcvCz?dqf`xcN(koje|F5{o9LYebvQF_x%wm#vWS18HszBrFFB1TAx6sev5tb95rz^ zSeCiv2F{yvw})F7Ju=Uj~0K z+sE2}4ulE@!}o*X`&~T$1`o)76MCWjEOfzzz&#!K(GMN)?BW!y+oaX~NO-S?$B+&Ai_u#6<1zRHnKoxq zAt&u;5$}h0RhPPB5;c9cQ3HKDXT-VVxCdIjmu}hjoMV}Fh?g1HZ=l(c(C8lP-Dlnl z9BF7~uA!N(?{R5%kJcT4Bf@!ZQ^oJVqW*j9dub5=Ge6XM_o$Gu$-BA+VVfPv|H13J z?yx!sp=XXHjyaf|kay;T_eECcd)G4l>%qy5;NoU*P!2AZfd}5#839qvGvqg_p2t6a zu(w*VnuX-8q@gdhmpX+u1!EK%{T?5`!m^&yyenTpb5Uffc+RQ|j+Bp=Yai7`9tkkW zhBR|?AWxfAcPdJnnCX zMyr6anf<0)z;ngE@_WPZ*2gR9FEwP&lPQh2U&{;cJ{D>FFcb-codiW6| z!C4MC%L8ZQz}bo5j4_CJIG3;U9mXvEa_j8A>6aZR!at13@DKd-4!Ftl=^Rhr9B94Z zLDo#1aXGTA{=Y>3{aG(qVb&w!`pkm1(%VZ%XdlJ#_REt$?sd(*#5Y#uulUquEPm?1 zA8$Vb{+hs_`gyvSwvGSBSWfh{FQ2W$*N2CnbxG=xM3HI5X>|s#__Q@Po*eesWYqo7 z6(3iJ(uo~G)9`R;4gQ13$Av3DWRIR=-Ojls%y;!>zJunG;9CyYPkTeniM~7an&mapphSP4jBV!(iP_KFypOt6&cDR7xAUz-eq{+ST0V z(A1gN^qq3LBFI1!I_KeDU>|ib*cGGdC+yFCPS`!XesI@^E}tf!tHrnV|F5Uq+>wOd zE68c{=aZ#?Q`r-eY3U%pJP6ML@EicoJ=SxUb)WyL-2PkLK4bhfO8v#{OWBjMab#!8 z7e>eJve;{I1?PQkf=7z2NyPP1I%JQ@#uR@DF0B`A^}mVWGJLDF!rrndw5{%j{QQc2iwThmKT2qu(uVT4g~3&Ystwu^e-FF*gL%64DDKw zhc(#9YZ&)5*DkN&+jPENqi>Nr`Ee)l?UVRT_)GQv^)lJHA@HU5W#ipe;e3(jwmYN=&%|F87M`LP)A1AK*H{QV~ zZM4W``kHVAFUW`U#+D0gMcTszPo&asG>>2U)!4+RqN{jS^)gZfH}7qx&6E&-^KOIw z21dRA2mM{a-+c3X{to0q$M86GHTYnTjMtk&Ac8iNB@?=r*}{pVIm)8Ma!d}7vQ%-?)7Dqz-C>dSn6Jqq2L zX9HIuw7C!-x*VJ9GHk9(vAM9ZboP*JNa^(<T@%WbSk9PT1x+=<; zj&ylfvK*zoBXnJ3*)6(OySi?0_&-&DyKs6iDwiiC-|D;yShpgpt(S9+Zf>2;Z_w&g z&76#|V9BV9^6Y)`4pJ=qZl1qq{&vP4Yws++JJr|TWn7P^J#6QUiEewLfYTn&{#R|3 z(jL#>Ox7N>%pe{#ANcM7zBcHZNjymUBC|p5WY$Hw_b0v`{EEq?>_*emps8qPK`+UW zY@IOg%ib|_^=5bNClmS%KrRPEcVzlkS9F)@f$qF)x&OTRIosr$#?QA=er#ik^;8k^ zUyRLI!u2$C%y}a@vp$El)4WjUjB(V8Jdv8f$k&CFLY)_Zvo8Zd0vXifmMCNy?IU!Yzxm~@K963pKq%8KpOl&Y^Tc0Ma%e{u^rW$ z%b?9x=H2niHynptz#rT1l-+>8$XLDpS{Zu^bJ}g3rBwp%Sud*6dQm&{T%frDewW>l z1&=CsO6QDy3tCF|&gQI`HkaLu%8o`GV_^=uHV|amA zr@||#(8{Bchx%`E$+_h}YvY_zeFW_?B2gkxqROTn1(HScB|4$$yMMpF~*_Z+q_y zNW$BSEA*Ehn-$-T@iz7E7?=8v<;J9T=j|(9x~%fiB&L6o@%Le-hvuW+_`B|ogYY-B z@zX?eN*;4B^R3ZCqiZa?K>Q6ow6FKf&&l840hhh;_t1mzx0hcufinyI`9;bnQjQV) zbiZ;VwD#SEEg8)T6s#fNCl#Bl1v{o0+cA1GXA}}!kliCc5P5vHRO?fV;L-Wml+20J zp~|^5`Rd4I8$N-~BiunPH=TRl!CY^~u*{h&wJxAs5asji;QgJv-@*I-8sh%tjV-0TtpKqf!4P|%?>vwEbZ@oh_a>f&__l~||H(bYZRG#TK2zN8xr)8j z&5W;-@yS*a?`xbD^r3o4tLTGV=BJcnB|CaG_HPsOlUb`R!SKA)c>&s0i9-uw&E&u3+`}g9HJNX^*skF`}-&lD7C)~BSnn2hvfBV<;qy1wU zTW@U-rENdo$R2FIjM(&~kg@ODE_ULiz448B&D8S)_buSN8y|_+7*hvy^!o7gP`8*U zbHlW6$L9vc<|g}ekxVq>f0a1?*N&j%XK392x*j~=2v1yVb*@)FCp3>-k8Oy)mTeHe z5jYJ$rPLW&fnUWB!EEcvu|-znR{W}M_*I+mt8%PN<5x+p#7`Mv;uPS-v;z-rVjec% zRAl%1P3K$PzbVE(Q+tw2)vId(mTvK-5=RbAOq*wtsksR`GjrJEo%?)-y?zjQg0CXT zPQ^%KB-li^q%gODfB7W%(^dXl7~_LrYst^k800s9K<LFH=JEc4*!DZ;= z!lbpx3UIR&+&rS18^fr}fvnzt=?B%;;C)YvXXf$@-w52LbUaR-I`W{X|CinoJ({|n z$dqDL^0g#e#vhYzyEfE$GxkaD7qmb26uXIa9QmcUmb0#e3@OG`W>H(4vpVpFwu>iK zU#$h6Ttm+PrVQ)M^H?)pOAeRv-U8IDlaDusbqm&#>n-aTdxY`IfTvYW`cx=gr6&qPMXaXlJbYi-ZX^{P_-=2~pp z<;**+QzZjFTyy;ZxZbFGli=4`iwLb(9+$~Elbm1b>S7n)N#Lo^J?9H%zuF|hgRYF^ z#NqjjoGG1$lN6r91bDdqflGT2mIKi~5tgOm!JiGbQ^@ffB3RJfvO_&Sd{eOG^#Thz zq8o0wzO)~($VN|r-tx)+>qE}t#6`pH0JQaJIU2p8y#qzM=gOS&DzKT)FwbhVufQ^M zl6NgVd@N&bpzey5Mm;!k*MI+JS9K9NOt}@AcJayNhyJ6hdTFNhl-FiHZLV?JtSSzk z?r+mvtIYsyk~<7;sM|K2^-}m%vC7-v^-wN;6S<$M@VfY0dMJ>uc`U`mTMTRs4y?pV z$!&3BtF^MD7^CtG=D6dK4mIy{ubCVQ;(5r~>GpqsD-YgW;9bqPxu$N`>2@%VgQ{ZQ z6})fotA9SRPg%tih*w~D5}e%RRyB%k5GzqzOSr#^ppM?!vi9^a+#A3T9;;$r0E z6frNSvK};+|8H@$*tS%nf7tZ=Ng97@2Z>D)CiX-GYDk_OTCS{y@gG zZlb;Mb9k2G;?s=7-816xp5U$mZjbL?@xedS#24c0SIOXC4LpAMb9GJMWBD(5!7s6X z2hK0`0hViguq5uUP0T+SZB;zWobc>yD|Jx-y9V4o3yjZ}TPcf{Dv!^_Q%caX^Y|}5 zlHWJ5j&)n?RD-99=x_AEa(?HW3Lo-+12ry}g7?$^*S7~6Tg<%2?`_y*bNDY^Uc`9E z^Pa`L83FIPtbaGrUNOJ@*#muwZ`@lF>{PZtBKT*@vAAd;3PfKN=Ch&JXeKl}ix}g_xV(7r{ZSdF} z{)-M9;njPAJ4RP{-@GRoKz459zem?Qc`xMcZ71en-s5);^YLx`*L$MtdftoCHR#fn z-~Q0`SsyO`+oh{Vp9u;0K%bkq(PZTUl80z)B;_AJew3%r(Y;@?(QEa^p>al^Kf+$4 z1U*<^Ryxiujp;#4da%BjdykOk;`K3-K8mp0)W;mz5&1{`y#6rK8MFj#uL@Xq@9r@8#s^+xoE zY|UK$7h0dv8hsUy$0#Rx47z=7!({tW^e(nf=NQ(x*1`)W zW{p0G`EJCgYOrN9(Urvit18K{Ue5a!e79yIzdZBL1D^i$@~t(_FZpP#`8ztadp!e3 z9{T{FcoIG3tVg-N<$>Ts*YpLxV-FX6(4t@Pf$zS+_wG01dLtSB*7cRXlKuYRFX+G* z##eYM;MQgK#hqfY`Jwm%(0NM|IREO?*`9pA#MuD;^>bqnV~0ku{hRQMg62H#)9fka z2!-)Ev{sV`AZ3fW;pz}K_6JM>#{Cs^OAoslnlxiaiZ1^z30<`Q{E&|} z7XSK7pT^JnN1qYU=efOyPM;~CgFe?BM*6%=?dN3l`4c&4j*jn6pH|>L5Pd%UdQbU2 z9Q0YxPx{nn@2S4@bI_-ee3?U)pY+2>pR0PI&)vPyNBMaNqR&tMP4uz)NuL?er(@5d z%g=((L7!iIa`^PyXVg_rCO;STLZ4#~LZ7kyq|b^Z^N;482y>7(_x$|R{^_Gxso8^mXnzQ?y}zFmn&z`{$lo<{riFH2)->dzfeZb5FHuUX!P2<{jEp zJ&o@Yk4>i6l%JPOZZzj?oYhmO)$}so^o1U0^phU9K#$<(pvN!BA2Pb^5a{vh$Df-X z#AJvyVhc=4LXXpXp~poBpvQk4K6*4-6{p#+>`y8m^*-CI-fx?I0eU?DzR_L8QHd4D zZ8NhMNj}tpY_o#C(Zk>^(Kh?;VWh{ORaZMfK0fsFL%e+_u3gp+%)QA+=cR{DJ`6ps z=_fs&%G^`^&CfxPH^`;vgM1{V#}S8-9*dID$lth4ZQZ=`NWk+^p($7>Qx@kfc}4@Pkg0AlE<&R^k?o!LgVuF zcIW%mv$HIY_h$ZK?$J7NAf%i%d?v=nSvz&!w;!vHwI@^fP4abK@oHqcIakV^AJ_~1 z2_LH6)Gxk)^`yBL) zkoO>Y_Gr>whnBDZVn674dlGssPeRY1G2UeQ(NE7OF6pT!4>vu(orIoWNTBDSL!jr~ z;M9}P^nTLw%g}Szu0xm4YYsxsb^H1*pGPO5XF(Er=J$b~Q~wX>*?MG8`CR*PclrD| zxb3gL9pR&=t@ad~>Z88>d-|U0C7*+yo#a*=NIuW#2R$Di)>GfU!+Gsa9M{QlmA+K!H}hkGhu`k8zh39FrQkRJbKrNii(l2`I)ML`WUfoE`^!g%&)z@F zPaEbz`CmtRv`MfpzuF6ZG!M>6LYG7IzYIOz=ydtLkM#H=^k{hR(Dm23pMxIP9Y%V* zHq<98E~GdCyZOUrzuLk4;qUj29#x7X zbhqWw>*_xI-1^G2tN6r#B=q=pFZ9Si06os=2R+uY7TRsUr}B7Mmn>n8D8w4kTyhmc z-nyi3Pp8(aB#X!S`bxHcc%fN;j@MWJjQw3Hxylt9Z}xF&?bXuWM(DQMoI^a`-u+W@ zjaZ)#lS`%e8~Nb7ENi0uCNxfQ;S1r@u`XTjtxIoaElO+mX*{nCo?$QZ)~2~Fd;YDCu7BD*PV%uF3-ilxOwH96Yjr<^b+r^;E&qh{#`==_@* z)Afw4(CSQulnm6N{euV$I z4San02HnwMW%zFuwT8h@ERUf^a7d_5Na-bS6XHfxIg z7CElO%VsGj99TFfIK3{N@68(OwZQ%~v>?~#O4blpkq0stKfD$HwEedZfBNGS9z1J+ zV~o}up9cO5ffYa9>#zN{j?dn7ZK!jhYT7TDurFgs>dJNCX2QnPM1yD9Q+URU#3-f! z&sGzo$RcN5xda(?Gr^Dc5uL^}F;9U0RGGLxfKfkoxT7qZWcYTDd^cdrq?d0=D z%J^lE;c9TzZ7=dKk#m=i#6wZ8yU0aoFuG%qeG~0$G?8dT5|L*ZFG~P zJ6t&;)}Mjg%tuz*IHQ%gk|RUNjbtb%5HR^dak)97?&;SV3prep8|~@461h>1uLqac zPb+PE?HakH%>mF_`}+FwZp-zd&d0$kd%JDrqw7qFGWfgYX7*Z&zo%NAp1el5CtljO z_xt6w9 zJ!Bo7)J@ir{gzdU@Wo|)sqo~&*0KutkULK%+mTPnYZLHE*6+-5bJXwYyR83fh||8> z@Y;>Z`aQINF|tlSM%Jl+Xk`6zV7?4le=siV_b89KnsHp_%KGKK$ohi`vd(pyPu6dt z9gmNb%6fHztaB|{-$QOkjHfkcF6+CjljG)_Baf(i{x$OY$p164zN~jyZ=r9$ta4 zBINyQR@d0z!SJ^ef45NYz0M4FU$r^!|5->vB1t>|B)GlN4_tChUqKu19F za+5KoatMo0SE z(tb8iM~)qszH&M^n-9){H;r+1q-+zb?h?jpeNpQgr`y}fzlzWvyk+vX{PUiCnx%Z- z1U%j5J+6yrqv=NOGe0$9@1;~&1%k=SRl6rRHGxaqT7dAm&fpk={Ae!H--Gx&neXkz zl1-ha)Ifo;|G(VR7x!YytvRYuP*ia4r=C6RoM*G+DES=2WBZk`smawJXnc++dbSvw zrl|ydulk|TwuoHdHSN^N8e;AK6Exk(9>AsK9i)JRsV}X#APBd{3Wnf2U7Ke^=ccir}>*_Fbx*)Ikb2UNey*H@T6g!9exSw^2u zU$WoQ>P}RDqv#Kvq5eKO;m%7g|D)4ifIi4||DncJ&X`R9Bj|rrU~vV{J~{dBOD=!e z?H^oFE9{3Fv&J9cIeXCyWyw*I+o&#;pg*FeRvv=-9-oY*oYd^=|&azjtU*t@lJ)-kp zhYY3PTh~8u33V{eQeJLOhjQ`G#|KePqV^}MzC$y36I`loq1q(B@zx(p;`IVJ_+NY1R6PFSXgrSk**5AF- z%~f6I;J>RY6Wc9ool`?Ez3u^>VaT2}Q_Ebu0&j$YMRxjq{%6=%+5=hxFIeqE>3>Qe`hTns{jW400j3E47&U_3HJje)Gdl?^heDsfC+WYj5B(SRq5uBU=iSWi^bsz8 zeGpju^f@jGOrMuNr}e;3`T9E#0+V>=1 z1@|6(Uoz_}@%>)d{8g3EZYeNhSJqnJ0)>d&;JTPdV3StcgLlVe4Xkf~wPIloR zti|kKot4cu69VJx34u`O3e|w%eZ4n=_qvd`ckp|8|A%k3EWe~MFme%cGb=0GvfHw( zSIoB?$Fg6a+BWIryaWH{W2oP24R-2^(oQSwy~jQjt*3Zx>zu4?_VNp6Z++&7oqMY{ zrdvoyFfhye&Dw6>Bk*LAH?-zy4kCHE;<%p8(A?j%dhB| z1HbxpjHh?!(57k^_}915P58X$Qh!2c6Lr@Gp8U#RTw!GQxY+!w^9-XU_}%!*5%C~= zskKIQ?Xb1*Lpke<*H9#5QPz_!=;&5x*G??rgrh>wzWJ~F zE_w6YzqxKU@)=>?y#RfF!O|1$!oU$70j}G|nH*{6$Vv7yyjQDW zT`O}Y^)gKE1aoE)x@j3WE<-oZLpRSuH;0%PRGaNQ=1j9*K-@_7!B}#m6w~tF*WQ^& zu|?Lhcm6!|ief0|v0is2?OaJa=M$5Zemt+#tB2^+)f#5nvFgkm=*9=U*Z^l1RaXF` z>bkT7=T_x-6cRgHFlOI!;M98ZW3+ze|vv(uJ7>Y{_yZ64}PIecs_9>F+1;>@I2@Ju354V zB8>AgU~B@$C@`w7c{4CBTQGXxZNR8Jh4X-MIWTH(YYi|S0gU>4Eift$Cw#sNeBS$B zJ07gUb250Z^TB(q?{CF0evszHZ<719vN0u>k5BLEJITKM3T^oLd8V;9;`KU8-FgB+ z_$xA?e0_j%ZNwhR-9N_UOsv+LEBf4%7x9*nU+^Kj;Sum*Y?hjH?FydBb};X9Eqwe0 zd{lrx3wgJ|Gym_+A$Ax>XEzfgvxZcfGZ{@AVW$o3u6k?YIrbWUEB9vEsk{@UuNwNo z#=zz{SM^^^9M1H`^$ql6WZ$h_BAk?glT8WZ&xZa7t1mGJ8#j!MMvynJF3E_Oc30Q1 z_MjY`!AmU%*NjSY;bpbz6qTbA?EXE z>hm?F?t5D6owKcsj`3OpE3}@Cyk`|OG4?j*vt}!0`)2;PrlxH_fB)@wwPB;TS{WinS*W6 zEzSl_-#x!OpZm{aG4VaKHWAm?P3Y*cqeAzQqpsY zYKU(43WwrL1J5!C{tbMWt9m1vud#zA!#^hnN^33t_x#U4rFOIE;C~Jbue~+UT3ke* zYps1xQy1~s7R@EhBYE^&L;wEw-x^{q4)g9?!(2G=nYzR2`dBWUr3v3xBwR~BrnA4k z75%=&O5ffJT{iQJ541gf|MI(9(PNu<-prg6h4!lR=O5EF=v*BEi@av=so`-nO7_o~~Z~v+UeX=k?pGa@q0{tT?`<_nSU-H@~ zH;2}jTO&KL(eW8Lg9v^XpQUASCM-O-)8RcM2h=KZc)-HQm?#E=u zdp{GoW;|Yv=)443dCjL|JpHhPa~J*RH_M)peIwh38cDmG;K6+C8u>lN{4KjRw&uV* zX;qwUf9q{$JzDD@n%`0vP;o9`4J#iK+I<`J&nJ)NK;O^Q_q^kMf8~hKy=$!>u1}|( zG3bu6{nKBoO|uF{s7-6e?k2T4@W5?OR-3%jTbox+p8nca`goLf%l3cewc0GJz@q(; z)+4WqUd8B&{2>SKW2E}voxb#O)mOjb^hZBs`@jBL?LbRsoeUcpXfXXfqW*>*xWBFr z`s1Bs{iR!hmHsjL`@8DuuRDFyXW9NMUaK8q6}+InE1bSl;Nkoc2ktwpzIo^K^nKNx zS2%Fcf7$-B*J_7Zs&75)aw}|bFjsJlIxrmnEjW1RaKUlanlc9_U@6=Go!4qdSOvEV zH$excO@ayg?m+zebHT(r{|=b0YWR)=A8?iJU;J9_D68Nbg3sDza5fq}oS%PS_!bL3 z-uZXKchx@^JFo&{+5Vees|{KOS}V^Ve_;4#3O?TXKZS4KO|O+9|AH}!ZB?7E91B;^ zx^rqb+k^Q*Hs#CHy4xSB-^6;$aJ{Q@zJHigUk~vziKtkq+XQ`gjG!vz+^!7cxt^6W0vjKKTm8-*el+ zM^xU!ugR03{$D}y-Ol~8Ebfo6cK;8yKK0TIiXV6GFT)m8-oiWZOzJ4^Z*lL#Ks$c!&lRv!w$*pg_|J+;ey&tkht}G&c zD%(@@QxS8S_c!yD`FrG$J6|1{_Q?Aqmo~hAc`&SRw&(i3N&24Uyr&rKf!b4B5&Vf> z-w8CB{4_PU%SVLyKqPTYAGmXjg&6-8xGkvGE?!^0!EzJK|9yRv!hglswNCDT=B%Bk)xAe9Q8Jr7kRUTJ zVTX9*n~)Iyj^dY?HTeszXBBsrpAoY;z;TAwUa%QeGa-jsZ{%3dQf*zqEdR(GmwZpb zY~W0FeP_m0Lrfzb`}6h%S5A3rgmqmhvD}smE1q4uss(2cxpX-$kz1iGFOj0U*g)B*q2S% zm(nAgNg1o(=;3GP7ZUt8tv%d-yuFmQ2hjuiQG+?PZWen`!`SWGcTr({`s3^q-*#dy zjJK0GOQSz;Uv@leDDhktu4~E5d6by*)`~H9Tgckg7Amk?c}KCC#}u2IPdz64?IL(LcO>JrOp}-06Y0;Mv{r#5OcL1cIRI=C_=~lHZv2)>`>Rb(+ZekU zUaD*;VBL$g0QhY+{1)L}Zn(e>`uUA(!M2aQ1tZ%fZk&O+xvh9l_2~)z*$Q;xXM^MM zXT`UxIK!}l^Dod9&yIHEEVGluSqgn|7X6(VXL0&>V%G!z*?k>q3$Q5WtopQO9jc7I zCn-mD6zz|ni}RLG-pLJpC09N(KH&nRU*hwF<_}LFWSjXQ9?wbV8^tKJCbWV0LWFNk z47NVSb-QMTrX7W4=7-etX=#kZWx9VL$q z+sNpbE_W@!#kc9>XFdCXU$Li-udCGf^C}8nO`t~~;cv9QI`UBAZ?yiDVb-So@aOl0 zztNh~vkwpcSqbn5;1fe1aD71fB*fbceV}Ot^Hd_8z;(U#Hfva3%*n;AOQ))}73cJu zPCGyAPAAjHKR@ngO|BqZ@qpd>sa06pXUBI&rWuqoZLal+nLtO`>#)C zP6@5|>j2u{Wj&Mhe!cZo+E2*cFz;JOB=2|plpb)_7`oxh_3XD^xdKVXyUS|mWn30{ zrU~%Se!cZ4)|3Wqb>x5q-t=@yk;`jZ+p*k# zo<8prKe7Jj@sk<{q#2XUmTk3exvoPtmN&i>E->K#uz&wq5Ved zqNMk$tUrxPMyEz=iKCwr+JUY~;cv9s$0zF-`5BUYT$M@31w1*);Mrvj914GQ&shR* z+tXV`7`GHX5#M` zX|0Df0QpR+k8NAF&sd8C#2v!;NvXV-Z&};P!=X+v zXQ$xHmRPAPoqaB8bqLe_rJr{FF0r4)>o7Kq8Ltb+N#wuz{Zx(no4#?sfSekfkng5g zj{MK^C4t33a9dItc%=-Rt9+idcpbJ@aa!P&VyeC$_(R?*7~EvRGH~ z^N9a%;eRiAR*5*w^x-gZJ=5c#myA8$9o{?_-ZFk`fj4bI*_2g2cvFEl%KbtswW9=B zwGQWpNAwPO^Qgq4yk$7*r}I6Kzt4ZV~#;medehfhJQA%lDo<%kFeO=X;eOwrTjGUpr!N zbqj0LweW80pF~>cTNY6a^T(spEphC-U#d+U=-ZtE}VXxYfQp(7#uXQw)!IY8oyxl zly>~N_EWTmm(_6_ZMCuX>b0f4l+CQaE}}iJE#=y%9kmzbUF8P^E!75a&Skktd6o1* z92+{bmP`%=>zBJXYp|KGk8*9o2sdimLkpWdAykDfkTXXqQxH_*DNa>QDpsn$|6;GbKF z(<+xjH3oKozlDlH1}exU+IOa-#~hfwb=JAkanL}t@c7W9-Dl0Lm55itiQ2q!fFmC* zwB1VEZ?Oikf|zP8u??+fNM0h@d(Ahqk&)s9wB6=wd#%?leW*qSF~H8pq4`_TJP(?0 zh1QQs*3cy0q1T@yJQf%TYX@}(-RlkEp@ns5BSO8lY9;4z#X384vGVPp-GZHZJAG^o=Ge1& zR^U9Vs@#=tkKr5htTe~geznuRe!_!HKjxX0Yk!SrT9>1*s>&Sm#-N<=Z*-7~<1{pTpOyhj`yu!|WFP zdEGyi`?3+iLt|yu0LE2r?ysjE*-y@zg81K^>%IBYU4Q6tpZPH{#vVPlr%d1F%CRTE zPQBCkeD9|(^o-LtAOD_t68duP%SpY`_cq`!cE(jz`Li=QOV6bVxZT6EsXQ|@#%I6M zqZhP%n`hY24ownh*}}7vcxLdvCC%W_&?J1k{l7dL>wT9%%fIq0hiBk;SEZkpr9u0f zJX5Z?f#pxf7=ANtHUw>K(dwg|XS*ubjD>f~9XeY%_9mW*ZhW_^^3)7_t;?s+bN_JB z?fXgSc7HGWcP49{y~<~XL%%L!b{AnAbfsB~L+C$UFXbA%)K}IIh|{Ph$G(ekxcuKu zZU=Jzc*fmDjI}{+k)Ktgw#d(_!RGSwE5?5h{M^9zIy1%K&5zSij(rW!GI<6(-RV@3 zW54UwH$Mda&r5>G^$GmHBO#vW=l>b$F8;t<5W84-Gh+q^tGVt0Z!p*11ib!vYp64> z`pTNKjf@)}s|ebsGG_mKTDzmYZa9A;p)Eg-yV=zJ&*+RHB*g#Qd?i~Fl^x}!EpL7NJb@f3|GR$>^oPEa8Sb0OxUhd9agBizT9zG^IbFc7` z&3)|EVO{v;VSPW|S$E-k@OGMgrTcvswGS{(9K5X=5}VUIxlb~*gXf1vn>k(W?&1DQ zwL8s)FNEBweXb+eA+*1%@|37zISiceO|4{AB;Cqept8P2sVKw}{ zM)VpsI0nxfynhYvr?GxpxdmRKCWPSmGxz6v?QfY9YyTzgb;kl+*r+vG!}ZFPYk+@%`-hm<{p^?n|b+9w!G__^5H|w#K0w?KD=FrpIK&=6%T& z?KD=-8yn+?mE4cX)bnS=`d!X_$y8UpJ2yPZujuyB;2v{>^r30@^^;Az=)wt)MGssn#9wWkhbPg^WDt$0JsKEl@TO&=~` z4ORB9=G7v`TPb|KExgjbOY(RvHCDcUs@+14i0F6^@JrsCrBBA^*)6WVTETrI@189UG?gyst^n(N}Z-Q00Af5}ZBRi@eM{0DnC0*=$@st+1+Y~>I6$0~gQO{@Gi-KXTr_}@t;D|-{(IUM-N zOM;I?eb6U-ARk6Q!tX{eFt15JZV}xR=CQMr;3JWjpG_F6@L}E=kL~38ll2Mj91eWE zRnSv+B;w<6@c+^T*pu=9O$qNDj`2N~WPFMIpKW6Oy~H~*UHuQ8Cu%-qUN`n5^bbnj zxu45@L#xKPe{ddSnc&gz^`m2UWg+*aKj$UP3kBRa`f~{UBzsIgwAvrRZ-Or^dx`#b zRX&gZNW4jUc>>=LirtUfmwDXJGowIq1`RWJIpPxEVKT#huq zZb>3X3xGFKXMl%pc6%GO#r^Lb4jwu-$yojK>rDKp-t580v--e4%rA-Kc#3gMa_ClH zSsK8Oa$8YO{arw-fzp@X2 z{{x-jT@i9cQO0uZeo*ed->cyRJ?yH3EtQABHueqzIt-~IpZMqC3tMC z9CBQYSFQ!-(GGqaD^DFByT6e8ql6pHx1yi)WH0(r_C~Yx!l-lXF|ObKExvbgx2y8? zu`xgR&3!T4HCFD&&UN+a8{9us+#QhwcTa)47{B(#e?;!&KN{X~?TM>`)Cs^Z9?Mt` zw~qVQSv}>fH~-PeuSibsnE!hK_&)@{sSnW53=RAE#@-_88|~31g6at&v{5dU#BZvJ>7( zh6^jx9_Yv>Peko#E!pV8)Oa32_v@6pr^s{akyAhp!L|hW{rj!GoRN+HA9Zg6 zUsZMP{qK{L5m2z8s8N#;5OAnk2S~MYl7NV`#j8|$OaC{4gMwmft$nXrvtt@B8NS$>*H2 zhqa#d%+Ir)wU*X2)J~3+Fo&!)@6o*U{oW>zk$;swKGg!W@?Mzt!sfkTPl$ZAxz;!- zd99jthUQu*^;`=z$>v&h>RK_mWOJ=0b*+}Xu(=jZU5gScm}{2j8urgzD^6Xr$g!Dg zjj3zZ=zVjoB?Vs#w#;0MrmmHs_f=Q*7-uWQn8R-|Ys$0iJ+2)Z^z~&mxpj;&Xc~pq zUYbm1KZY@!X`=UQPo)03c4XT7Z)!h=wD!+QyC1R^|H!hg`;ln+OXoS-q3&ry|K~yr znFc)lG(B6N_U!nyXEmmcX?>RUyT2^${?vZ=?@zm*J|?xlH0}PeY44l;nc=PQrPkIk z>pK>V$f{>ddv#8a7kA?KWbK^G^WM31`1&{>Uw_VP-^YqyQ}s=%VTw^F_9Xnesdh3x zyZAh($2#7cYp%hs?zP6z&b3hLIq|i5t~zxs3SXOREvaj@tf4j6qN!`FKeMk{scS9N z=a}b;Q`f5Db#tvTbncqR05;^(lHji~Y`==lc3`nzRpE zoSGBrk=I&(;fy8nBk{2IUAEWdeEBt}M!411SJn9T)*YOWL@wIUIdy%nHEIlXiB6rf zbG=s2vtMYGwsq+g7YhJ zI^*4IdDlyLuY1=;c&~fcIi#+$2V{S|xq92(Q{%H2rrW4Xeev03G!Bhk0)`TUH z3)ZJ`hDxwWJoGr{8MHckO=*9WD7+J;7E4FxE1+e*P2t+xb5@E^DN@VO!mi?my{grBG!|Rk^S=O6Y5|0 zhQV(;e8zg#h82t>rPt4iy!7?gGTP2V7o_9WU;paH6L$S@fBR_Q3#H__1^CRh>eRLM zCb#6QT@Ko~0^Y6RLzhI_kr(YBc#RL<-wXin?|kqczTSBNcw17iCE<;xt_=Y1-f(rH z!LQbTpW%b|z5(EE{2<`9Qm`fAElyn%yt1V}e%KmjozsKZnJK{g-g8NQFt+Hr0pR`G zkl;iUV9j=Ty z&-(Sk<%5LRA5XgQ!mF&$PRZAD!3&&%C&p*ou`RA`h~ftsJUj3hK1MGK&wrz~=0P8x zM+|`HlYMai$*<1_)(3kx;m5hQd;nhE8pei57d!?`H9nZSZqKX>-aJ2D7yQkmpPGz* z?eA~M?n+0-(3P^AE?zsR8SbQp_%i%|?DAIG#$K_Y@_z6)BfdieDFUy0Q^t-;P>j+_X9tE#9HG=IPjl&1o#b4VDp84)%z9s;9ore z{NMVJ;K$#=55nJZ;C~x<4u^l>UmM1kk#3#@{IBjy*B$c)fdAUVz(3j417y_4dpCJ} z(-3@bWHOY}Z_34)Yt^Z1_-ppHmejRsWY;_wOEk|Gabmf8YJJSrmy^Jn; z#5dl;0meJoH{Rs>rQxhwL9ZMx-kb%j-u*>f-SZP>NPb`cHwJ+B-a*1U5PywAo^8Er znSJT~{Pi_o`+oj%pHExQR2SGcEo)TIWK$F9*>AgVL{nlhd&#p0iq4#5UCE9IS(ESt zvazyua-@#63947z&F>0+FQATQCF^chY7f{d&K_cqgq6h5I^Qx;73y{0H_xLpD!uRX z`=5AUadq8Z&aorrE~z~>5}Sv8n$P?5QgDm|jt#(J+6hfgZ-?L0oOU9~c1A{GT32#4 z?XYgb9Zy<2)xLK4eYVq1RkEF_k=RVynN2&y8X4PZ@wLP6LZ_WCCEF>B#HP^>aZO^{ z0PRG5?eM$6Y3E|vS#I!yO(0Ivp5BQm1GHoL+Tr&QVy+8h+_To-p^D~aC z*w+rfJDhfu2f2o}b_0_+56OwU68HlP;T`P(Jl)GXjXvJt_j8`Md}x`>!lwY|%XSgvKr%m&G{%Va~^5|CL?6sr^^lJT}X++Xqj`fu}PGkFy^P>w4cPwIVFa?d{3{&r#8X zeLXVJW2?nJAQ|Xk_8=K7J)n2S{b7FhN;*9*_l@5=N_sSz_#+kHnf>Xr$&n%BwdCB~ zwODsUAJM@0jI6)4*X0ISm#g)WTJxFT{5b2|lI!W5H3K%yY~R1o19NgM5puHc+;m?; z=e2lwYW>?O8unXHjDP4|k8k7&ezJg-8lxy>Q)Da zm)yQL+WfQ2!$02r?OlGJW#XmOdTaH6CHTX?-LAd`1MB(BdhsxyT7Nw~!}{w|){9rO z?ojLXwFbM?3brladGd5OKNt9mfjYc9%S4DHNE#krTZ zKSQex&;Rnlakc}8^o7A;!sdkq9$pyed>AU>vk?BaawbRsm@VKfVej=~cTI4ejW4yYwi8ad16@3`}oi%WO!4IRqa|iCP>*KaA`9S6Uf`R*M`!M>OI&gmve;EB; zGH`$QA4PxrefcEU-o?nzYVTUv8|m$Eh;uYtz3sCL?p)g~PXF4ANP99IjlCN*JkyU1 z&zuhco+H|`%Lk^%IY&W{Blh>{f%_Z%Vf1(9!2SK>?4irAzh2+?x6HYRIAc5+uexz5 zb;ZmVZ`Hn!X>pKyojoVhiE@jO?(kJoG7aTDj&9HB1rg*e{PdXewaNrnfJbD!P-fOW>Xa;=mwb-L{ z2>9NcXvOaCP+dim8 ztW?A^FY(NZ+ZrF6!2eDwE4d%jo6tYX+~Vte-syok8F$j3eArJo@Vh!tbM}8s@{Z%r zdSa)3^LH8Ik8_DXiitm@i%ks3zAp0fm%Wmnlbz>*OR$V|VA=2XpRoI1?}9|b&~Gahe*96uL;N#XcvgQD z@DLvj7M}1&0T1!hVBwke0l+gWgFV-N_HMqeof?=9=D>o)SAt8qOx3y!7;8ED(R=>c z@fqNB&p-QbpY0!LKYQ2y4;o(LucL)`{~7)D#L>cgME`*JY_Rlh%>dU2?ynHP4Hlkt z9|b(bcY}pz*#`hmftepj)$=I+8->4aF+Y%lf18DGD<5}HNc*fzim)FcdnD%c?7}b4 zRBxg^2P>K5a%)b8z1i2W@3+aiqqVA^FZ;@C4QpG|8@#fKQ^1(3Cfng~AxgGDM-4_Mtj{FrK=drNxrcxXDol&ozCBDov{dBFOAAQW63msGZg;b`C2-E zKk9?wCI^P0@V9M$(&PCni9bV{e?u4SMlY!5hdC^>4lG&EUTMei-}b@qSqBEquNgdq z?HG8uC+-w{uKgRz_;2;e_pQFZ&pC?m52gRrzW(R=`X6}|{TG<^(&_qTR37@7wbIfr zZvMfqpF`wf%ry^>H=--eH4l$l?zNT_-!r#rKNn41OUg%M>Y6Pd>F0Mz)=k~4Q-^ua z>wOLXL=Mkc!(jCPjxWE~Fv^FU-%hf1n9iH_%EzulseD8$_blh{X!v6%vg+0UukK2h z(Jc-PLy?c6@JFey|7U&uuRev z7adHOud%-VpLO~lihNyf{JV7f^A)%L1O2xFzV_Q6;nv8xV}ssoNtg4VI&dWC!yFql zsQQl~_?r`v6|cT|-UmnhQQ%|9{Ph9I{7LXv^vQIYza0Kr=Nr$wqu{TC4D=lZeXR`n zbuUe8eSJ@L`cBq&IW*nn@hdXbcV&uK_fj8&EUF%^th2+RVV&*IEcEqzveU2XtBu{- zX!|n(PmPS`(_MSDCc}8wGTvI_PkHJir>D-*$}}Gp^1*TFbX&HQ@v$@hqsixc$Nw?k z_{aJB{j1aOV8=fceeygtU0(SK`ucv{>3b;pWR01hO0VBi-BvdL6VN9$if!?K+itg33Xdq-&DcpH0GpYoCh?RTCHz7@MM=J34zy7;_+{=Kwy=Nr`T3{St}XNx~qexCO2-{h`S%UY7kn@pQ) z9oz+-*Rz(kBswgzfqj||Z8_M04{=e9y7qCJqdGs-t2r~bp0)U7)`nT~LkM$4Mwhat*5sjWNRJcE1Yht<5B8Y9_DFaA3w z*t$e~>h7PVTJ;jn_lxR79J6-4|6@t^#$31 z`rsX*`*n}{*0u`vP^jQu1^0?MA4&as|677O``Z3<>0My<6Hi|c9t1}v;4485e{^E) z4*atQtw)Vh&(Aqb^;&PBy-Xwn)K{AQOvYXaP6@y#+6&IGfVX8!l(0!JDr+m?T4bXbl3}Qd-6PK^2S=9aK(##4ZAs0x>RRe zQ8%#wK8yi}_DH!L*=FB^9ok2w6u1O`JFu?eduK4G?Xq|7x<}{8MCmt5dpavgx#!Qs z`WjSMtTEQm&Maag?W>lgbDfX(oZpf)LwC>bYgAK4-f6Cn?rzP{bspNQX6Q#g`P*;S z2Az25-8y`-QfpsqHZ))@jCfacQC%=~BYZdKXR*dUw^@Ap3gf&A>b;i5E3%H>+I=|(N8k(Z)I}wUbe@aN4gp7qvvw@5XEjG> z!avBH+TXIIbgF7d`tAtaT*7{D8}J2yZ=c{P+5x??ePzVe*D)aNgp{?-G#&M=zB z8AhMs`x^F|$y>5`YS+rZzAkvGZ&5lPw(#CloO5RGjkj*jhu;<(JmmF^1J2H>Kv`y7 z|k5 z=hN79yy!oj^T2}kSyB%znK(5LUAuw>&6gRx<@TJ7?l(1=GUHitzoi*qfXXVbzRIkMDx?}q;rU)z_3{L zUf}9l^O@fqHlJC|3;6Ww*n7vPbnIl_m%cmboF}%QeOTTbnL1BQXNg5wwS(7km2S+8X*8FB;LF_KJ%xuHB*ci#f+jZL6;i=?qtg1B-N(&hl6>M&rop z*?_FY8Jl+;8iU}|SxW7Ezlnb0v?ZJgcIG*@hJR2Rxt6tK;ZdQoCzp(W>@)c}!#zAu3oNef)2HEwI{SRNr_qJ)jXWW#bEEU{52~;oi?I>& zp+}hW>9Kp7kJ*&H>U$m7j$C{{osssGmDjctUGi_p!$$1N!b3IBoBeQ-^vY`f_0z94 zNEgQEg?cMFld6*Qs47`s7iN9kBF46e^>rcE)#ZTu1moUMor8N{wj?&6cdMXp7~Cud z*VwRJ`kqODUFiCJU@5>aEDG4?vUOquQg|)^zq!y&Je=2j0ytKC+H-)p75EYS)3(lH z+Yf&i2XgBtAWw1N)mqSnz}wEVi-36sFmD3p&A@yYFvpL@`{vO(YiuM=NextM2P&Qh4*+{$M85a)Mw^aMr z0p}jhmOCAuTnKJD!P67atR4I;mY)uO`keE{WFu2>UFa}3|u8GthwLmv2%d7Q)x~Zf(eyS+5kfa_ST4mpb~#-)l?Y1H|zK`fBo;;>cti{iA(&V#rh! z8MgfpTLvx!POm;RzQ<_b91G0y|4UQ4F+LJHkA|b zrt5TP4eUzjxe|KHmz)kgRZl73Pk!)w)FSB2RPm=`1kv+yLr*J7%R1Jc$tTmAXr2Ek z+V$1sG)czd=n~11Sr-f+89F+)w-p>@qN8Z|hjIOBc)yQ+Nqc8vx^#P&K(EQ>*)bNR<`EIerq)MCp~u_gBa+v_o7P`1 zEM}c^;{-DwCVLWx265!1Me9D#8Wma39US(^oaA?~fA8ElG%>UR7niaB$ez!it@&Z>G;)( zdF03M;rnLdoCJPb&7{=&!(7%Ming0sL)nThon{4lHp0V-?^Yt)6Zl`jyZG^(alG=L z1pK_7-^MrMnFMx4@^H@Y(a+E$OdA3IGsQ>8!qYiEz80>EJ-GTcxN-H*nhf~}!578{ zn+`us;J?$Hy?oa_LEzfN9`VZhiN%Z#OYi0^EzX(mRPfz7Oa7NMwXP@1k{9+5Hb9Bk0j6 zcnmUr#gl@y6}>p#vf4V}Y1Y!Wsa?gRVdBwF@Tb1ie>U)B8tkpkzd|(_ZWKXnb#X0?^}0OkyW@9Uuy2OZ0lglTx)Lijn)N4 z$Y}A6#2T~*zciC$Txu<$2IMP&n-|RH`qkv5@~wljuOsi#VEoatZs00f6}b6w_GvBp zn|1R;$WIY?(Eh1K;31^XUDnO53y59kQD4BA@Oj$0I2*Og3fkTDySieBK9p99^h8+9vX^{<=BCbrZDc zW~`f_hhl~4^qZ*k#4z`VdXIxXvK5{6$mmm6Zx{W$zDSJwpL@!VXF8t3C#c8Qqu*p~ zgU(dDify{=K8b5`&~L2OhYl-{i=xj3ZvHLfE_#=J`Sr=~#v*I(jx1|T5j++^S9F65 z&foL!f6aXbRzXIXqrfx@n7fFRyH~^it?BSicHsp_f}xA}xO+AJd#iLWwi|f!fOiXP zZN4D*p#QF`;Addy;u<{BmX8eP2Wsxi9{_KHL3x3$I(T+xdjAFf{_Bv_ovFTGV*jyW z^uLL|kauK)d=5p|JRIt?m+vDl5#rHV0ba7Jy zY>#_jgU>R-HcGGo)ACtI3Cl8IdDOtN)x_oCZ>JxYWx(>N2Nuo($OOwP?*Yq>_kovN zf#s2OSbpG#I*6B%q z{q7U^X~>@O*=C>%(b28b$*;^L?ng!v?Ef7`--fN4`{c8X=bD|*P(C`l`E!4ee!K(y zxNO@Qe|o*)?Y?!-6=pTQhK=ayKFgZB>n!UR?X=%9Q~p_w@qacex81<`>Q-L;eq>=n zAg8U+`u=kTR$<$;K=I8B@f~-bXdP^uY|Y)zdGqqIJC^t=N8+B&V!_x6x;Ceq}R9_me^l0z9 z@W_9@4}Ps;Tjy%D9p6q?_Up)4n`!B-B#@@59@2>omy>C6+=J85CJ7@Q|_v@c``T5Rm z|N2K_sgu*~edU>sy`Sx|_w+X;dp`v}o)5jgpS1T$z5LHE?!FK1=KJjZ6py{P`%JU< zcY#0QTyp);1Y0L|3<`1(Me&R)Z;spP+AK;AF63z|Z z%^uQ;L~b&k{oN7TmtIjH(!tUpQwMH;Z^`GUMY6~hdfVTAg!YL;_8ut?Nse)*J;t#^ zgyH@V5(Wp)|MRQNc#e@TDS7$hkrh5X>wL!}(J_Yni-s=_-1gd%%S$71?3WkE^N-N> zU~t?Hk1Qv~tR>!DLA)v1oPZ77h;DqH_U-!?_e_pztMb*#$6iZrr#58gr)CVB?3L)@*IlZCc%c%|A1r zHQRo|=SJsy6Q7OddrtFa^BLL}01vwVJ@Y%OS@+%if$}xmPqlLfZ@rzWA2}Gb_qUuy zzT>@-V^Z@e_!zGJ6u$2S&j+aYO4MaVioUV@p`xr{&wupw&Fw>fE5EGVvU1E(?7Q}* zjO#kjzX(okx&+hq9e7kz@i%;XH-GdrvB!HOQ~9)bFssbYnPXp1Wsd}Fe563N zozQR-ce)SzUp{u?WV@z;>EJN_`c`C;U;g_RTH{>Q*kb}4|&a-E@AIN zD`)90{Hao{@%j7(k+2oIJ-F7ooyn^)6S%gCYieU6-@CqeL4=sSY*TUS-D-R@(-(Uh z=(*MO)%Am{e$SQjTmsnCb|P3&7Mv6)6V1i{2FGqqgU&Db&iRoA=m}Rglvj=ZA(bO8 zE+qF#j`&e(dp!B!r0lH%KgtJ_FHFl1p96jt6icQipern6H@tmUA4~4}R}&+#-1NS8 zW$61mL+pFh5&Dh}hxbOpd*t=RUx!YC-{Gy;$Pm{;WlP{O%k$^*n|+>Dir=F6C93Tq zPw{}}OeAIPpHFn&v_rXr_#aw~IWyh|=zb7WgJ zN45vPyAHfIjYo&^T4zd!oRSJ3yDKQJBpW-J~kb=@%wv2jN4+|x?at=%Nh6C$V7!1ccA$P zjC(S_UAVe~9=Mo;J`7xI6~DW1{eA$rijg<#ix)+5>EB{58eBehI|bI~3c*ZN^p zPS=I;7GN~^ck{O3KUQh;SG7X}=HScLd-NBz5$Lbf`V{G>*qQLE(Dhq6|5<8<~$aHOU`97a=Fmqp;<1RK_|Z~ zIFSc4#{s`w=)#IT#E}QpyNh2ARyz8BwqPEe(*HN%mj|=U63gI0cu{kOar95@7UItu z@n9CYQ|)XVzH(Q`@v; z$%3gxPX1SU&tm#f-ZP3$Rc@|PpPu}$)*tKLQsVTx@!z|#JFahkJ^8x*_|@aB-1>HG zQWZSCg7!LRf{*ise>+}u;Z<()Qef5`vEc2T34VAsS|$8ab4Fiwjho{9+~(P;!<-W$ z9@TTaGn+A1X+Bf&!7yakt*z4BJ#+ZL7M)5>oP2oT(*DTp*hcBjDXH>WIH zqMY(_K0D~A5u2d;lp^LmdW4I+Ide{*#OKJ>+@g2LEuUyV%YM*1;=t$6u_}gAEbWe4 z^#m5Ikxt>r>SrGH;s$77m#N>Qk#D`LYq$?W4Ecc zZ&ka@8Q~usvEAPsq1{;ytZH|G+6Dgx@8I9tzT_hlE;b*bec`(WT&Vq7wD00!p!V(? zpgk}B_K&=CoA5hqRLd87@ab;|3~QU6W9?f?PWg)7+4WcOefGN*_b<(Xjs@1iC1+T3 zM-<%CwvykX`^(HpuHg4e%ro5Z?mhQtu3oh6Mm97j^3uh|J{Xy|=SA|HZv?JxWa6cZ zkt0XWO#I3_o%n<;K#3eC!MDo;54(*Cgd@zS!gcH?Y zxnmQrzJ$z8vxfC78E?(KA`ocn2@Y#J^PT#8Hd({#i_mLD)O9VTJ}8dfL03*Gx+Cl6 z5&TA`cXZItgYcy{&m`G62D~R}$8Xu=sf;HnAH3(n5G8M>wo~#kfurZ``Jj8@<5fmB z@DDQbLr(KJ+MVE$4atSS?S~lmZ=qiS^m_^V%?cE>odM0R(7asl74?((eg^b|j*+V4 ztb-2~T62G#zou=`F*f~rnBTd+U`^Z0!Gg9c-n}-tFeyJl<7|CVZ>rGMS@d zzTM=eusNE$&L!Wx2N~4dW*7XNZRORsGaj!j$S#*7myO037;E)*wA%jU?@qFPdd0)?(cBuZj@D4wx5(wW{(XV*FH`%MYrRLb)OuGn zI_mcX&Zd-q@AWUErJ;9?Z&?)T+pUKgDd9IkBYdpXRI-`y?iM^oj8kZMm+}n9qdQC!!OOYg7A-FRpssPWVK1 zHZCuyCT1yeWMWYIts^#4j-rnEsFL_dwYkDq9q~~V{;qXmq!o&h_-(m-+?pOE2{*5t zn3BDI=N}&i9~XP@5&8h|Q8+|=One{s_!TuohHo<9qiFzq9Bj4guM5tTOdp?&7yGa& z_*cDsFbJ%Y$tC+f$0_zt! z#5(f>wO8%53U8>!mzqEg*v@R~z4)F5pH0VJ1mLeAe3k=UJBX{~n{GhHYR%gFPez{k z4So#vMY)&LE40Snu20_Lvi7O9KM{T+0-RnlMo(+DHPQp&vwdKS`_`@bwu%g(`H@{H)dV~Ai z3ix{lG+z#X-vxiKhQGVuZ}Q7M}KX2JHgxCz$Dn#fV-jqYXiWY)=g+{xc%TH1)rV!=>9eM17G_YxA14y zEr6SD-VqM9-cfN@j5y*==$gc#^ty0}{JOYF>UG+ZUjKqCyZpX~F5UhqH^_e) zy#eiG|^I4E#!_)qfgaf?w%2 ztx*wg$|rVtQ|q!^{N4vV;z_N$^75s4GKE*xKQKSBZiskI>O|VUfH53S?}&DNJR=|L z-G6r0^f)@n_#jT6^n|gFZ6!~76F$Fu4gH1ibIVIZ%wbq%TIcHeA5EvowxrfCsOEfA z2s=_+5ZMfFHlcrKu>Nop-#g&TPVtiV&My8q>z$bA+?YDcdgJez^AKL}VTucRhB=R~ z?@Y~kOh87{*2jQX;7QGS@cXr**Bi=go>`Avug9jW=UPeiry|8% z!`_YA!0!rv%f=*l_XhU$k8azU~(TvvSq}`rk$WF`ikWJwJ+1kCZzwxWDE1>;{Hef&rgO{IZbwrHbNl zz!2JI)_60n4$cXW@!Pbob>CbYho47k*nWG9J_m<`&W)P_y66!@5ck}m~lrZq~n3#@)K*pL!R(}FDg9H=hh11 zhy=M38GOHLb3U67}BO>dG({C0hVJWy4k5rS)~I@ddlsSFsEIFteEX)Z+6a(xIyv zb652zA~E2p=DJlIjI0oS{xB+1M}16tI1uSThp2Y@#^>HZhdcWOICz*g#yUuTVeT~Q z@^+!0vw-p9SMI&)g;#$1)hb{t(Y5^0?el+j?^XJ}9{b~O!#nm{82bk1N~I6lvBS#a zl&hZR%F;+J>!4^e7MJ(|= zpEbzrGWh02elH`&s2SB%2Q9puNw3!)A6fecXg3zyU`<6=TfO7xTXT4o&@X`uCT=2*!5@tB zZi2qyXR|KTl5fa8;rHs(h_Shs;F&A={%2q?W1yXJw6lVCbU)?usyUM-&i_UoFxj48`eQcb)UE(!? zvLJZTz9!R$TiX+}8He73$24dDW)?Xn`dy?xYtX&)*;n(iru!c`*nnSmAPoN{?&qBb z@&cNtoix>62UeGD>c_OMZTs)A-AjR!*wMA!_24`))5cpV_;lCft^^OAOU*o-@vnuu z1iypezHz*wvFarzM5<1( z9=HqM*aP3;Yxj187p>uicIblI=T4xFSeS7EcjGDIgOZ5)_&MWd-sC_<^`yubc(0N; zE=Id?U^HtH!#0j$e7fzcZH*(!GrP6l3hj(L*T!cEd>%(%)Y$aKR?}Zid07k3Schuv zi^9uqJrB(EVTsmt^tIYqr`Vcn>Tr}#l7AXFj{2GTv_b46-jSX*xRWk&_*gN{-#Eip zw3aMvVlNoYeMpyV9)*r>U3t~AGavfui_%5NUne}j2cB21yB55R1Wxyw@c z?u433<+0pz^sZ;$Pv@FhPo=#-&6ph?(wO^dj&JI#IiV>4K9^IASOOo#e$4nE=ASlI z6ZF=$gAL`Zfh^Iv?2mB$QLEQF7FzseOk@Eygz?H8dlK zteNwDOOUnY9v(A(vcqFHP{$-V#Yd+*d}PlV!$;>MyK_Y2T$hjFi3ySaINtElUh$Fm zu?yVyfv;WQPr3AHrQx5gF8`F+{Il2Pp9*Lz{z+7+ZStj+HvfR{i)2Fr{0GG!T#xb0 z(eg=O&2deAw@TlR1@9;Fe^L|et_@o!M-q=)MsFo{!aKJHBJHif4IZLT!B4;zYvXz) z^8BpT8*j~typfMixV5~jl{q;-FOLS+cs=9!Cj19aC*B87?_wWN#X;H=AOlZ>)8p~E zbDAfKr@{Rb>`jb*f%fM{Zh`hmo&F;7#{I;_$kEA)9rPZ!o=1Jg^PHVKR{m2`x9@dz zdmVhzj{eSufASbtc2b{bH@`?726n(a8>d|(3$*uup7Y2;6KBdg*NiMY?aG2j{*CSi zKIv{3KELjMm9v7C>%i~p-3`1Iz{~t-&jR+-7{~PqTrX8_gxKH2oZ>%pSLihKopqtX z)Bo%s{zV6Ay+8T1y>32jF%L9ivus(g*ZXf_e0B~?xioAL?T!Zz(_g;hdGSW$lJSQg z9FG*=1sdbY zg88&a92=xu!dC2-e4hYg40^`6kTFIVr^fgjjc@Vb#&=V4eCTC(NaM?P#@E64CNRG7 zp7Cu$Z>$1O@+nsEoN(oi?~7^+*eii8OgpSIVU78yrlITdtmYLb;lo;&MjqLEuwf25lTTJ`v zZ>fAtu4C(C6XCVK0@m^mYce(hyqxuOk4?qC%SVh(Lytp~3EWHCRP?HRh8Fp4H%>8i zrtz?1RokXs_6&ZT)3>cxPmY}WI5w3&yf)SKUpui;xk){O-^TB6K_g<5y?d~gU9-U% z_v6s-bm)2=bd5sOAT*Vqdk@cQe}*XIuZDMm4)5q*6nw?_9WRoe3^r>XUb)3rMq3Za zA8euBiSSGpJkw3v57G86+LmrsEvER!{r(mDS*bMz*lhTVyr<5#%`q`Y`!ufO+kKDg zyZN6U4E09Adu*v=m)VCfN`HzKygmg!!-Yi-f2tqF57#95vwzKWsfRzmn1Mgdegwpz z{_~;FW&h4lUZ}TzhQs^RX14^Z{-jv#SlT>DTgPQ_rujyDug>+XwSJ@2K12L9ryraD zvrN2JaI)5uXQ#(&^_JqMyk``&MxBolHXz&b^H2er1MS~crwdsy9f`w4FvJ6g*9@S*dGiE6efE{WC!B41~n zP@KGpH)p`O50tbY6S;+ZsxgeAV-6sbT^oZ=y?&ml*N*~QjB%WYoghcD*W^fCS)a+h zGef;+c<(u~F5Zp7@1@>*@>9d$1zS3a_$YtD`H}9W{JzQgy`JB<@Ql;$81K8ca(x*- zuIk0_J}u0`fs!TJyv3WjA^z zjxJ+e(mpE?tS=#lQ8M*okvQ#ypt1aT*%Z;P8@(dh7`?zazt8(o>dllV{~T@VUYzgR zA0VQ8{9YiQx#Mhj=8kP=(Voi#rd`p4cD}*0A#ynI%Yl*yM@5w9h(aGjlgp2Ze1+e| z@KZqiboT|38+AVq8Vv{bk(SAqeCD{6-BG?|0?!zEYqjNV)+Nf1_~dOPI{bd=aSQ)^ zB)<8vO)dDo(RH-Vz4#XLZ61B4{767GoY;3`C)b`JJyzCE%+L=1**@8n$Y!hku{~CH zeLixNcKw~IyLEl@JB4>Y-q-hw(*uVtDn@r&Tc?oUuf^h^Gw{hRpaiVc8YeY7(M+52qTX@6Ve8P%kkIQg@MT-W#>3@P^>jMSme zSD;_w@K(a`5&hM;@vSY(r(5g`f}f*0sXWz50gvjWy6TuOSPkz1qx8GUkKo6(za1*m z-VhaMVOx=(c&U5_J>%A*WG8*>6R^d)C*QK1ecy!7c&YKB_o+_nI$vD7h8TFUea-mt zwfK55a5K%adUkV0r()hk#ncERJMHjt%c;nOrG4YFn`a^e)toyTTMW#VR?g9UZ+(Tuk_r8bGb;w$LF*vJ%U*MA{|=f!(h|BR&h)1sY&?$LEDW5;7_^=A0exlcfpnXBNu<`p^ppS`M_75V@-+I z(e`Sd#U?9$oa}|Rd-@&2FskCcyW6~Mu(fBC*0ca8% z1U=mGW}*jlUTf$KoF}??1m3~W*=;uy9*c{_gHw}u+(g@k59c%PDU5r3e>|2muj=A4 z7CG3^Qefz8!-wB>;AajW&L0|lnZ^wt?lm&v@Zp`n7gF3Wdv$(hx_Ifl1Ne%Ek%zz+ zEMeX?Ixl3-jE~NQCfG0P3L{@s9oh3cPuwG2A|U7v#-K`a&(K@^XnJC-L4v$ZnsB!=C|GW_xi*5pOpQU!e)uZ_E`&2WmoST==-uNlJjb8H3BgTucnLNLq{h(t-Jnx5r z`Um63^PGXn%vsp_dLa0!-|gG3c-GtZAJsRy!P~d#OR|21@fK5uW}ZF8^Q;S(4>yg> z3z=u9dY*M+dp{nFIkQF2mMDh@48@1Rc`@^LapW@rtty3obeea3Kh*e;Iq&%HV9#&w zZ`mOEW!`Jb2YB15S375>w-ZCZd!JdMXVBki?cg7IpSfMnl%_wECM%=iMPkkSk4=}C z#OP4(XYq9{{*v-y>Mc|I{YT*wH}?_Gqu=4|M}|Kg3tMGpN`KNuEbGvt;w|NkW}q{s z;p_gE*bQ*#& zVcMn58MIx+yQllsb5`-ZauJI27W0mB%i3Q-`9XuTRy)>~p1GL1O8K0V`INp9j)a%b zIC$CV;KIen!Me=*-NvxPeaN`&`?Dt_ds7yVhG(k45BIPkTirZ`{Qi=Z-@kQbf4_h0 zrk0F;zkS{3_g{wJuiQGm|5mT>e`7ARMfb;K-|<2EYVzg#uU%=K8)?UPHF%cqkBud- z7t#8>Oul~(cs6rS;WmiTlb&je31TjGPg-}!|mv~es)qaAEaIReein} z*-0SFNxrVjGC2ThO%E<7N3n`NR?=5Ha@T=82)~DGQ|+nUOl@la*C;rVA9*!rJgi_( zf(qiD&2rXj&;Dgy$sCI*wLqHu`FEo2D1T59HF?!H?{~;l^?}{HQG#@5wlfHWO+S9Qg5h z>y_A3=emm@BNGn3({u!KP=8FiewgNyha=^;64UzI(`#sRDE4#~`5Eteg+B1#w~m-} zEIiL%mE^d#hCMm17`jEWTnatH$QHS;vIIVg=xFPfDfn`U$2L*Ru9!OQIX{DG0wd!R1-lT;w{@o zJ9%U7jr=;G{-;KJ{Qe# z&pGIy7rzspiROXp;i2BIJA9b*Cl2F(|M}AX`r?Wq@Spfw=TUg~E0G`EhfeH!5uE`} zLe$5gGqHpAyn*cTf|Na8o53Eh9l##j*M0W*F7e+KtC#u`yZ)E8FkZWSS2nnr0&Xsb z-qUPeG?puzS;%;*TWOiQPCGX{6+h3!ILh3Md2yiHaL3dD4tL1tvb7nKYtdz z#N}A0Yp* zhxA2Jcqcv+{-JMdPa6OHPZ0dTH?d0iXC}I2wszHvmgHu)GB>rsG#?ZCb6X=ioP^=diJ^o@f#N6GCFKTU$_>Crs-3D-+zrp^U6Yr`udO{rI*8mhG#}=-7rQ2z@WcBtJ&V4SO*1ee z8w0_(Efb9Jl^N^1eZMq)YMgGL&{;8f#y;VD=_u1DI(?u%zm=&^_|e;E$>nyR#Tq9* zKnxv_u}|?lHrw=x9vG<4+cNcuEVzBzy4{Ym;))sI*+t?5?2>3%3mlnfyf9O{*bQWC z-)`{tRmqlDMu;PBAC|7uKgTnYha|t6Gcr>As#sdQ>hf*hG}XN2HI*9PwQFXTJ6VAp zuP8plKFa_aCEypyxMD`}w$Yu~(&LaT#lN<%&VE?%Pzid~`0DUK3f-mr#Ej=QBZj zRm{UDsM&47_tPAR=-i4wR;^fozNN!leQ9U`jlHy*4i3nhM5eQ*O*k3KyZ`t!_E+@v zwdtqVF+O^I%c0ki;)i(|^w(dRgB+~={iyii-!Ad+1No2-k{`bJ5Vb*?|F=dlPyLOI z{P07~WqeTlKs;&q!PKh_jUR3qBtNXtJaQg)3QEhhp&w&X&7a$L7@a0(tp}o6u zz4;Kt814r7R5N7&`>(ota(6ZntJWk=*42uYeHnfFjKG1S{bKa z8@#AqyBfbV3qN#>`~mc;;C1!1X!8i;B`%}J$FBP~ehPF2SUYhaMS zQ!$cye`- zgVTAyO4}{i0ZVoO9((H+j~%!gdZ90DKh%!5+i632QR@GHaUtu0{P@@XTIiAkF7$l` z^?HJ11GO#63Anr$hZhp?!f#pAC_Z|ETy6>NMX{0MH`OKUzWcm<1HJRBrw%q0a{hEc zYj`|#Z^!pa%X{*B6@3Z@r{Aqs?MdWY?RJ~#*Wq=p+r0i=c)cAwn|5g5oex+^UNsK> z@DEL1HA`dS_m^nj$Q6ED7~5FMnq=vNq2lytX;Cs8yPAPUe!Ds)KV6SLHN^SJnv47E z(=6H?s(o!TF>cD=(mwWz4-)8ycJzbvpU!8L|J8|3SZw?*;w|Y_YA+ zu0Th{ku%lPnH+uhC)v{l9hFdy-qum|JJC_-z}Q5iqk!q;$UM{%nU&J8lZ~7E@Cv-BVFuJ#ZcK;Yr;C9;AELvmVm)jm>$2 zwMB0Isp3(!tDIjn%$ODIbf@xC{2_nkgu9NNW}LQinlS5x53 zrxlyIGXsP2c5}c@CG%;>kjc3)hGgE3S~}(JT)KJZ)0RAuS|72?o=@AFUU!n$q%~gc z@OSiWPu`C9y?J5TcE#M{=cJ#H9d8L%G1tcUkljYZHr7U@2ZZkbJ;lV7(~P`AE9^MA;s zkweL@Qk{2%m`&Nv*-MN2nk^W$7?kqWAvqk4`_hvRRLOeAxQotMoA#{jkJ+?g;wfU!3ROkA8^kw)Mko&Ld3v zB`N)Iz&dn%WEVB%?1i7y4>$h0zkaBs25%_(;c@Ct{!i+Mn=T)keyG!&>if_SFHGsL zA3jT)L)8xjoE_(#Z_eaDR8x=oQTPw?9n`=8tYBZmPnMEoCj;3@fK?1Mg5*+xFx;tL`bW za_SWu_V-(|n?K1OF7CR{_v5#?cJ6R~i>sHeMJ|V;m)y38;vE{ z4&9@7-X)G6j6bsTqW=2k6SOr{eKUl3W$ys-%H9m|%H9Fu75n;;N>ufB!~l!o`=Q9a8w(9m?iu5ykCb>kHmRyVHsr1P93_gjw;udK}!uY9S+mivhtjNI=vc@nQb za@(gO0qv#X@kcIyJWcL_{p3gy^^P97H~StOE?#M%_QsKWc!he!4<=qQd@`7LW%gx5 z(+gFqjqvD&p~fqZUf5qhoI#s|)eo8 z=JpliC&(qmCc3$ByOx9)*r$84o7{8857(yJQ@d(U?V4EFsZSBD+;)?^O1>*WzDw`< zVQ8EIKAr1o)8AfNF1Xa%p`6(xS?Tf;};(zBULy`Ri*9zqItPuT5SbpuX16o4_MB zTeKv1Y50NqDdo;YKhf+mhh|4pU%T#t{`%!(L!g(NFTLK>IHvNYZmzW2sjv0ZEa2#s z4}xZHeXXBnSBhqfk&C6Go2jo|8xFCS9{D!?Lbn8Ro>pJ$EpbQy9?Mi;OWc9} zI5iT77GK?VupyTiC@pWr^{M2~HBZ&5dNg=v0c|ZrFOi4j-Af~%U(Xsy>TBNuKF#}u z&?%w!@}?Xv_m_>yvlu zg2Br>b5p9B-t|7}>Cb~^1Ihap4$Y26-Z!4#U*1m`0=@okmiM`$nP1*5_HX@w<^5l& zF~}tEm!JnS$vZg$&2=czw>yvrxd%rbL z_+B<`d~2SP*L^he*!MJ=eO@&4%X`ZRSKhaV--ms#)?RUreg8W1^_k>7gdWHw@5I~8 zDV`mvUiZ<+`{s&)<$b5-i1YA)m@hjT`#v@U|J*~HLy`A2=6s*j`KdAHcGK3su>Zy) z%^7B%N8g$uFST`myp(-CQ(lVsM|b@TeqtIQ?fC~d(%dxjlX2ot`HIYwl9yub0=C2O zCA@UR^)L8#Hs7SjoZn{8Nad;*G3UITPsORKZ-^;w^Vj_2FS_w%)Q$h@Y=2*Cg;X11 zd^_jbL}>4SE-kJjKDgAw1DZ4a-VoxshV%OCk6}Zgzk43c_3VS?Jr5=ph6k7z@7rmW zwdCU;Ge6+Su?dO3R;(;o7APf(nQ?zbPv7X_B+S4N1V=&1F z(4n2RlM0mQGWYPfoqNc{2V>v^6Hf$L|5BO0UeA7>d<6IYg*p7BzG=1V;i>72 zj91+d@qC5W{!diApxSxXn0Vrc7R3*bdvX@QHqf~+gMIFQm%Hmt99W1uy>&N=K{six z+0irNu>`d?wMP+8ynSwee)}?Q4_4nCtaH}G8=aG?CsQq%YR6PhraFApm$`Lis?XJ) zE!C=jBpy^;@7k65TvP5O3!KNOjWjY#9!mADJa6`H)4EF4m_(t;nYGlPBDW^rqHD;r z>fufO{(L8Xue0%}b1U4sGwnH8iGBz}Pt{5!cs7BaRGXTY_>Ui$JgdDfd>Yp)`KN95 zwa0sJCf8^4uR4=OoTI56>_+O*IEz4Q#=CyuMc=>=Wc&FKKGnz(sKm zbwS`>_QUKW1Prxi43|b${m|^!x82&WFp1IXhV-+FfHhKW}uMyA3S zubyQi{Iptu)v!4{tf>R@V4$mG(`&wh1qk3XsOxr6M90$BS%kMR`Ujo1C zj27(70nH07=b81?My+RD3%FKN9gGyGU^`I3Z^8C;-ZeO{wDBvvUJqUe^2hg^e0#dT zBi}=OoIq}~owaSX@TlQu@yj&iU)L+`^;1RL4*tatvd^uyo=QeUxqHE4LVuh;74D>|*yzYD6zGC3Cn^AbIey>Z|-`@xGw1}~nm zd3j#%nKm{5L7Oem+24=F-ejhI?RDg|ABBfaySnD!TQ)0=E{d4 zGah4y7_VrrwszmC^MZOSoSVAXQ+c|4x$K%t#ch&s7pXvOSGrP%k7e4yks|sIjH0QCDa8_IR zMD}fEj~DHMyPmbN$@qgYbv}i@lbw_NBU7gC9GpbCo*cXE5M!_Nk3DGH;rZ)UU-kH% z_W3Wn@Kdg(zfHBr(qB$bHS3J-hTdKnm!q@nXUfbojqqHJo|(7us*9iei5W*Z^DOo= zBh520e0tSNpx4)K3Qdk|!XMQ*)W>rAypHR8swYRJhurT^@l27G*RzXyf4!@*>G@io zf70CJUH0lQa?jZ1XC>+CjID6&y;ptzy(RCl-;+!k8F2c2ytVeK!WTA}ego`5W#dBoi?Y`-&IR`f{F~ z%d>^PXY112-5Wl1Nu(WLbr#Q#@;!T7db`PIFXh=B-?LxhS%cF&DEoPR^GGtw$_JW#@ze674!XSPQ|E3PSLbXfi zF|9||I%oWS+MdAN7Htww*z1s4ZwPELtv3X|V%5r9C6R~eE5P$5Rxx}0n)y)n9y*VD zdiy*S)w!ju@!c_u(u))Mh_)i9|5OZ$m z-uSKDM-S^Alh;u@&iEDYEV%NG2HmTqy$ae}sC{kF*YcM?#<<-$L2;k#nQiOrH3`E1 zTVY@chRi&__g)wJD$%I@9&)fh&;{LpZLJkK7|x0upsm8YLWeHC%Q{q)mDBT6&P{l0 z8T-P~PUjrPdNr`lV;$do_^c|_tC};NA=D_ljXmu^HmQq@bRy3$qEmkIPT$xe9DQ}EA8=QvV%J`H|pd4&wF^);?K2*1?YV*|4)aHzred% zC#3b~TKBR7o06Mv)o&S*TiUP}tu9EgP61!C9XVsrKB3K{fUH5$IV8FWYKwUulS42|$6fpcGTk7^5 z3m(@T=ehgHD@Bn@n@5B|J5@8{ssrS}@_k(b^T(0e-gssk4~?^QJ4X^lGg zl4#2qW-xYgW8_QI_eexu$DC>QhOzZlxjF0XlaWg&Iq{T7SH7vayA1SH{ZeNAdq!j} zwPz{)Th>qiT8y=y{;jk1?;3MH$H!9qfsT!#WBZo!Ulg$QFTbN)kJrExb$mDa_u~eB zTmQ;e%IXQ=J82EFt$)sl+#tBn6NA;ian*0Yds=^}GqG(wcX4uUq4p1sm7;%v&FEj? zv-NLLWDb4V`uC#D`WJsJP5<(H5B*7hCiO2mN;*(}wqO6wN2j3Y{e;J>0nrZsixz~+O5AKrw%_ZLkU69-B z(8mYs{Q5W7*1vU}<%a&zxsS1Vz>4neM)$UdS&y|i)EhB4?$ z4duP);QxXz#S;U;Z+{+4gU2{X1&_{VUzuUS*$i90 z<-C+$o!!10IClYWt49YfWUQU=lF@_Y=C4_Y4u)QX(ZP9)MQ3+<^>C}Lhuh8@6>RIL zhr>tE!}M?TFwdRK88(B_!>R+6E`Ch&mp=Nt`A~d^4@Dn8rP>ikkJz*B`hZ{Cm%jLGSe{XKvwRxqg-O$tZH?#wOL-du^oWD(!2oTnHZzc<|BT8UJKs zk4{VSzuRBd1(IJU|4QE{llwWD&kA@wIu_n8wDp=72KPGaGt*%6!tqrP94~rsVEDVv z=I{MxKgsm@1+7uf(mqWNOeXh%e)8stOw76unkXoNdlioN1XkhHA|*yc~>_Xw5tJ zNjW>^Yk&VR`3v=jjFNXJAAE9T6SXgjNdm}PtlZw8p~Q_5rlG5d9hhsg*QN6NRQOcz zTdYg<&oP9|9wjA_wX_*UM-<&*HDM3&$4VphTr>7CG|bq;etlKa7ci)=tYY?R&~N$@ zUMk2@8JvL^(In12*B;tDlaXMAFEJb32uHvlhwce* zrTsDGmugLQZV3EC>lWY$k#{vTS;RG9D&|@-d~WhW;8eVn^8`2_O?&W(cxXQ3i@H7` z_P8Zj^(VD4Zo1uu#uv(Q+O1Bto25P+{%s*2>+Rzd^&vjR?z;Fs2YeGpa^B1>xeTIgQek{-y7<;I|;oFN(K9h2kdy=un01i0C6!^Ei}5AGH@F*^CSUhNAw z-N0?{FDTfr5&nSP#q|q3qkgm&W*^^OUFOYsh*wYX@T%AMzsBKP*WZ}zi}ws~!lUMF zI(SStRD33#F@-UFTexRz1L0mVix>B&JGjq`=XAT^9fNB(U;3Yv%z4M5eI1^4#^RN~ zCi1V|`NRY=r#;5ybH^@5{*c44^rvD@=rWG;+ACT{M`pkW=6mhvi2PXdebH#`?N&CP zXI55^Hs>Rq&i6e_Mo0E=eInnx8b?REc)lBX+Yg;yf@W%4exl9|ZpWw6J|A7^*DacJ z=DzOPIwpM%&pUq6ux)^`KgqaV`mOPecmLH^?@RO87lSc(p?A88C!!kzWw9-RviOe! zWtu~9{jF;?XA@ufob*!3F~Z5P=3;OX-&kIj*iv5B{^Rnp4&d%&Y+dN0Zt@zbG1~L! zW{)Iz!|aiyvCib#+3Y_#&{#{EvzTa=u@^*HVmPpj#P@^GI+3d`^i4N;1eC2%LfRBZj=|jXzPh~l6aMmHZL(R#KAUzyDQgJ+QwHysZvlf4I*X)^Y4xoWA4qT}0k% z+=ce@vL%hw3Jgc4m-5+jW@Q;Px@b84_hjc^Wa3%nI@vEp`*Ucmg4*7X9H{-5&<8!Y z@+|c1S;pr~K5O_yc6u1o%Qx{InRvmtL$Xy6X-uH2)yt>93DtO z_jc&s5w0lfgcrKth3@&-^T4z}eF7b+wyw=#jWf8*$v*T;{HwjzS<@o1;osOMo38m< z`B(q?Q|#~*@C5B$|LQY8Vm=%?YCgOJ`=|ME=3~s+vRc0!^!iu)ev(>@0KS#x!(~h4 zn;ZQTbaIBG0eFssy98s_dBvUJqzim>gA11yi{W86mQouF*e52oth}ro`n5Q7!Gb-l z?Hcy01K%-lo%gQhw50#=M>(V1`<(ZCbO^E`Sy=w&&~(HMkNzw$@kUBNNDsL3Kaj4- zB=_fX-bzN@KE$znc8Fv7y+_|2tPGm-IM;lN^8qV!($3@D-v+-wi`+eh+_fT$JK?8r zPFZYmPFZ|uPFdm+Wcg9}>2Ykqakgy97DVgeJ>=J=TgyrEz0ZqW`GCDn)f)p=2bdGC zNABex!AFu!`RtPYcq=mT6uh-F)H@memkc+uN1gSRab_sKEu;+*??Kh9j^P1F@UjGjWTNdA*C8EsVy z4>K7LvR=)6q{eE_ND{6T=Q+4?i&bS@`*jsLgTLO5c^OJz<$AW=^&PeKuM?@@!ze zRbzH-d~WmFuRApvv%wF#A$~PAu1-7PusMOAP@Lsn%VCU9o@Py{#a;@2jYWRBH$E0V z%=k`I{S)WQ(ccX^r;}%SZ+kXvs2%z3VfqSN!3h3x@3p|pyw-Nv8noV%dsN@325YTMupB$mc7;VQpu>`)~LBeRZh!KLW?pzbYDmg9AplWfOCF{Gs46 z&0WC}oFh7{dH=)9%U%kOZ0-q;YJQpiU!nizJnI3SBd0UuKC7{C-NbF&%QTM5saF_i z91s5=9LLw#Q`Q}a*@xYO`@2uH=KdZ0zUtsN0e;)TZwL520DkkcthR~B;=y2k+i~wi z?s*-&UYB)Ty}=hW>w#V_zM{cnu^%Iwe}^q{`^%=L9R46K4MwhmKNi9t>&WMpP#@5- z4EdcSUY1Xu)BNAJbJibc5qf!J3G)M;!0`kyl=9!jc~It@P~gbooX{Nny(n@NgMRO! zn?kvV9!#YdKF!?P`86K@Mq)6{zp3vXD1BPpceK z2Y!WOImHRCjt!YJZa*0*{2n@NK6si3ukviPj@XknWJ|?wlJ7InbA}(p`{L_5o~=SJ z@LnyjM1e)Vsl~Z6l7(rO)syv?zPVq3*A{}aik2+u`|NpGV}l(X**=GUm#H5cZ{B;- zLnX!BTk7VFj-$5qWBiY9I*qd}1LSASp03}tdZYLA5AOcL*<9tEOK@yR6J@dw zwbTYV_F-=_=j4q2aCkY~y|kRC)7Jmb-1~q>Rb6}kXJ!%-2pBC?tf)zdii$0@wBkrx zCK(_qwzSpz(w4RfMjI`*)Y4mO(IyxaYiMD_zPXkA7BC_b+Coul`FUG|v{=R7+EVMi z_1-#vl1xHCh;GPR?X|1P9TeYbEjWX} zKg$1)@c+a7pUM9+>|pdbeS|r$9iP9G`kTF8?BC<;mzwjt?@q^9Rb%rI_Vy6A`XILM z0Cu7eUW+FD!C2BCjQ9D2iF)Ly0ovdTL=)9KujY9*&*61=`~W(x4_)^FwZ><2XI^4D z?Pgi_ntK|b@a*JIhf=byk`dnp*6%CM3hkd&VBMmeDcO&D>1Oy>ZDm92Xm_S+Y66$p zubsy4@N*1){uTA``iVmxNf3(+2RwVH0kapBsH_flPN@!dO~wD7hc1Vod*HWT`aLiM zo#N>1gO1KVgbW&c>8#mx|8IAo#L?a3+JFAmKJIX;y`^J0hcf~JmY{kfz^L#}75by=HM(&#m&A_kLhVq4f`RWLHBY-WM0v@KK zTY*#S!eyQ{p^1M73T=O~O82`LW%-lcZ@?!-zEod{FLkigmpU}w$J(%nbwm;Ch@xPk z4}Liezr4o%MrViiHx^sBR1v@Sw%7Z1EgtE<;`W93Rh5P4R(y~6QfLleM)&YpT9umo zIdD9_%J5F~NuHrY;ykae^E?;7!N-2_nd1j|`D`mbj%XlS2>0?UVny_QF6~R~z7tE} z=cVYMJ<8i|`a==_i}^pA|6}-H!8^v*pf?rMlC4o+_WGsB_?NCN8tV7?=;9yyO7}JM z|6pL;zN_C_ea~~&*p_Z|ZPMt9(b%dn_!K4h4X3sD2F4Rtnt+WMho3OEJ%)_R7Rc93 zHdBN90_)LE@Ra~x^51)ESi`J?K5OvvSF!%0PvyQSR&xN|dB=Gf-}PerBCT<2t+9Q- zxx~7b`rNx>tl8qo+$x`cpJGVzQy%8;o@BmeFT zM1JQBrJgUu-$JH4uyI_kAs)RE+t5N4|#Q!VTEu#udTt^~g6eF8S761g{Iz zVdi|q;55+QISdR5bi*p(P+X(yarn0Z9M{8BkAUy(d;){fVZf2A!^B(Bdf?k0O35!L z-ZLS}-!cA<^ZZ{_pKk+w%%{%`Kqob3EgD$I)6%zU$~e z4_wRoY(lQyv+Y?ab3E0_rS<5;;q>J@`28-$9pEiA&@XA{f z-1p4L=*VNq^~1=ukx^tueHfcD%NeW19;;^ta<~qftqG-Ss8^FD7g>7(wZ5Xh5b-7R zEOcS|8ML>b)n%Sp?z4`}GwDwAF8RZ5e;vSMkCAy+!MjQ9Sn^_MjvZAjKyd)Y0A$x> zOX5!MM|4?^FA}h6q}admLu7|d&hT5aBAwJ0yN)_u7p`$~ugtn+S|oBQJ_da&U*sO; zn3=!Fwy)xE!-FI7XNT}#zIWur{g?gtxt8fnEQxrHzT*JkmVLDRrMKYk1ZBoamHp{1+^(>&9?e){F-%b$i$c4 z7n$_UMQ_#x%Kp^7XJv3Ne(lTHKKI5XOr*E zpUow1z84wz70-U{_!L^7xN$MtKeXeu9ah5+X}@D{`GwktV(s+BAIhgm(B6%i$glFg zWBO-(Jd*y?bC^J_PInHc4mpQiQS#7_e-2a5F>|o&IanQ&&-r`J{T;){P2od1b!IU#(89R9s6w9d|t z&fxT9;8QYK+r+;s0Vm zw%pB!PZn`E`$l57MxL;f;?n~3p@E0*-F(;iuDCgqBb*My6C>1_jCW-3@#;U;FPta2 z)~h>qGKa)y?j$V3Uf@G0Um{*~d1ILI#H(jCZiUvbj4S)3 zea?@3*W_;zYnx{7m5Z|GV1Mz5HM=qr8_zy!IFrBig@;&|%wp_m+&$o&xBXD7ozv`N zf03Ljb0)aL$=^~g0689pW=6m8{m0~*h<{vLRZ!0U0(*^J=t-@^z3>`3{5@#~&KDu` z1}`^f@DfA+$I<@@^#85Uu=zOkf0VUvjCGr0wuW~*E{JqMBkk>G)957FUGW`$qnGa{ zoCwUdz+2D%h8&n{|2{BR5a02_oZRZfbEW{pBrCOoy`VV!RBfGZ-=+%L&;_^tEHxFZz4f%Un1U51$~MQCqM3|6X<-zqHD= z>wgcs7_#l+Q@}61cCzi_-`y{%`}_JOqjK!}XHI}mM%@;=x9GO2{d=vd{oQZf^{lb~ z;5~}03h%?({o}Odxx9VxiNI`y);(1ade-QFa4h|Qvfw-(|Kxc02edEn^Ml8~uAcT* z&U!jL&g=&~^Q!VoO0)I@dc&s%4^H%_4o&i>k^z6Jr^uh`8}CmYDD|hh2Z;06mj+`E zrNl5xgNfICsm?cisjj2G)C#k<9ye%hefRgBwY7C|dTreqUK?DAU$p`I$o~Gd8}RQ} zpa(hw)u|00|6V%20H3mRpenTz8flGPj=jgXdcHnioGDyt*Vx7X>ME^HZ6=?qi8c0Y z;@T_AFO009j{s}z==f@rZ@p1_IyE_Q6sHd}2D~{a_V11XOfle%7geXq;K4TT#Yn6o z*1))3^p6dlFdUp-JVb>D^x-BK4<3D(g9o!t9}yn#8!~v9a*n}+W#d8X^g+15pOBuE z4L5f61aR?RTO3>vi*a%B@TlQ&k$@-a;R)?8MZv)yt@S-P{s8?}jDYsB$L(=fLi;(; zeKYdC3A)>U3H}GPX%gKZf9G@E1Wfg!`;%7c@{=&f6h8cj=C~nej?p3JxZ$18@kV!! zTdWitZNu{PaCGb#=^S6mnPbSFV?e%$Bfo}@FTL|QPIKp&uu@+d!5qDEOU|m%UyEG1 zJsJ9ob)GA?*psz;q3>?#KWE+v_EU`Rn*Yw{egt|L-9>z~lm0dCn+3zuc@PfJU1=Pg z4Bgd`gM$tm2h9B<7Y_yp4euNW+g%(GLw0d+#|UuX<#pLH&W2~{tU~(ru~!p&jT{(a zB}V@e8<8!OT{HTL?+@}_v62L_5|{3pqjCzQx6C|WJH|YZVGEDPj(r(;jXrzBO8qS` zJP&y1?;FdS(W9?FtG>p(`FOO^XXktn7f~!eHnG}{uS}{Q9A9a~rYe>~yyR1@)D{ak z@fDuyTyp;p@qPBu-|u{>1bnLVA2v=eG&qg#t1>c@$(_`>p~ChK>HFsV_!B%P?gBjJ zv^&~-N~E#T+WMEfP3&c@iM{N{?|IRu*vs?j*bD6v>^myAdtei>m#2YiiBGW?@{rDq z{E7Uj*pe#u>|9oTjl|Pc*}2_(|2VlozH;)da&x=AHuxRTIZZ3#Dl0hWYv!%EiZkyR zw2R}h`O?=?a%jX+6+qjA@0~f^JbS^2e{Mfj9k=l4e z;)*!ju((1k6^D0>-X)$SzcBui ztuva$&y9b7oaFOump?c{zi&^DPlQd>9Kb=^CYpKdImSFjxTZM(OvV=Mvr^aikIxq5 zn`8Az=a|fyBQYq=agg7aeCKogsXNER>>>MxpX1-%=ONzd+JEEs;q%JxYxelO8^xzf z-uc|W#@vnHw?5@~I56i67J;{{oW4Bk_DftG ztjXXYVB=uNvEmC}dr*hp7tZnfR<)(&`I!C0ewX3(LgHwnh@)*Lj>cV?&ziYA^l$Uf z-^lmx-uc{L1x6#^FIuT}_@darW5Vj4v&EdzIa$8$RU@7AHqV@i!?h8II}bX$>vY$* zH}l-~&gc1acb<<}sq;rLPlJbJ=*ZZ18~!`-K}G@p9^lW%r;^jo`BkZ|?Yd99a9`)d zD(oGf+=cq!TPyGB+EB%sprA!(D5}VTjL*k^n24Xb!IygD0rLEaE9f27Le&x=EcQlvLCuuHUU@q~Qj1yp-7GJ7+p_O_Fnq0sfiWglN@%iu(o%NII zwRMOdGnvCeXAXg!IkebwaMyo{HPjJL>FgXW==KCX{j?O@~E?TtTks&>zz3{ z>+_sB?Xu_e?UOpE*U1Bm^<{X@$O<-nH#iLB@>o4{>2u~XHD@l5I6QXP=CRmRaP$ak zk9uEfs>@@%BOd$CN#e0z3-+gTVDE6_5E-A#$j1U;f7*e)EC=>24($6J`B(sr%Yc82 zFZC8{M3x0G%RVw;8Fc*-E{W!2q1FsFf z)C<5CBhRCgHiGR6Vq9Ic-E8^xb@BU3K09ekZKi$azjfC=N&4vK>}5B7DBfZ83Gs~{ zX#L-uN$`IEPrkoXefD|g7!Lz)3AkJb9E&~jvfGiDKoNVab{xgXOBgyWcIZ@+L#K5) z^3wW`mzN7Pry0y?fOYpO=5&o`PO%~M+6?A&jWef#P__O{!)J3iw@y^MVqhAU3wj9`_whr*_DHt6v z57^rr*vIF^_c>wT%C8yy|MJ0}zN?+f-Pa$v6;0`_Zw{Rs#5Njb2$ zIj}$Jz%u59mbg(gim_8s+WM zN$InZZmq&PQy+`?+;q;DiJ!&M8+=7lrlV zW2*U;sDyUYu%FXIscZNxQ5m8Zn3K~Nwrj&Eb}4^cu}r%Th-K%{Ilo7XfTM)I*w=rm zlX(}>UrGLYNV)Za-1fA^=bkHd>6i8UFy}Lb?~8}Px3})n(+=(}{<-tD>qTbjmx?EJe|MMW%{-ILww zdgcS4C@ww8okzgtm3+L=HJ*MZ($6IILk%fl^^E}5o&)?(&R%N(#JiG^0`Hy;%5P&1WUKINmVM~kUf`Y^SJVq2<%i>QNB zjNf`U^(VY{K6N*cE2{Y~X0F1)!VopXID=G6+#X&yfZaJzgZ%NnsVfxb?De+l;0k>Y zR|gmS8h7^b>`cyv{FyPOm%;(!(ER3}p{+w7#psV31}&<2yMg;A+PSNsv7n%DEHU*B z)~Wr^vJcVxX5;=3vK|$@I(M(nD0@Xpk53TDCk&(LKLwSE!OPI z`z$l{yzr@zf9M?LJ>^@L^s!$7Z53-*zNT_GV`+V0zh}#n{r8#RQMuA{nU~IZ>z*8Q zUabarn5S&?U!Y+(fA6&#cXoph>C#tuCcRqj)J@Piz)yS!eF1*s%tdEerDqf1SM?Ok zeI$Pyxb~$(ueKiI-Ic{FTQ;zd`dxChg|ilFx$ArV^DFN^!0*HHp?I(^kzYS~<)xm! zBrE!tmKV-=y?5-7pP{scnw~N?}6S< zA79waekc4gS+!K*8QD~K53h+@_o_AYA?^d($hy$0zspOh8Ad)=Md$)kYb*+HHo=>B z%%Ywj&#I6?+3Iprle8kzBv_%p>W6lmrM=cbWVxQf8$QTU(Nu|!hd;Py+gFbK)1U8L zKHuQ;0xRg9<5Q}2Ighz9C)N21jI~ll%*`L7#wgEw`(ADJ*YP*Mb@O+~+yQ=CMDyIa zg84GfIIRqZJ9CzicICnceTMn{dTM`2m(D>>=F;{_*49tK zKW48LUU&Il_4dtKSbV@S$U$r>aDaE!m{I)%_1A^G$_}aDJ)B3^nL)(?<-6Fnqo{p6 z@)1M6)V>ND%ASXr^RJ+{TXSt757j?-n0cH1HhpJY!IMvK$S>W@@hQ-$jJ!ei*A0%)PhJ>Dq8mOFA6_?{<&Zk!5T3;v?DWs17Xq*0` zt$iLgKs|v1=sgZvp8{=4q0y=6=+oNYhpz8~Hy0IJsq02tspr7e>fM(_zUvF^`ZBbx z^VxD7=RBl2j{@Jk7hEY1R=k4kN!>}?8)$p3P0mRB?>)8H*m`(<0k&5#3&!{<^NQQu{*aBJ6t|_B~Y0+2RH0r`bG1uSq}Eael{~>48rq z$DgEbMSL+n8vJVN=3E25c}I7D^nf38{p8asEV9GW18Ml+XH%1bc|;u;HJ5@wHk{u1c2SdXr1L!|?bF%w9Zp^b z)&CUj^Z5NGS6;p;QoB#Na{cFk~ds32)Y-%dwrNR)%Z;Tz&q7Rp=skExHt*g_p~2thh|)n67tV zXo4qgJH{FXo11`tRKr9yo(w$VB?q2pEpyF*UpmFCZ-6baig%l-)yTVDHTE4fl5L~= z(CeyYB>(BR_?2ryjngU zuC%aMiya6B=dG<@POj>HNaLoJZ$FzTk~7_VN1XZ8_^^AU>vD@Nv}Q<9l2~>?9sJe`}B-i zJ7w!z>hlC$eM=lM7=PRf_CPb~Vd-7zVCh-c2YkIA_n($gk(QwAM)9ca%dWDxn`gmshj>X1z1b%Z?ax!Nn@4)`4 z23!F)5Z_{gUpA2M*Y&>Is@y--bSuP{I?t)ws{O@6{7BhL<2&+w0d2dU3MIZ4=;Q3q!hH~x^=KH0z$A>;594lt!Zv@Zin0O^Po5KBG-Pi*9m0WAS zO?8bKK-m$|2I4JAE-b0cIn{zf7}`mo#IPm zS3Xq~ou+f1U182lmQc?F{3X#jS2Tx$J=8_Ia#bkUyWAJNswEUWu*?^f|8@05d@pq9 z$H3Pic>Ckv<`wvPKKMBdzki~Lnk|co_sA~bH+8^+vBmHzxT*wC=Ypp~?8Ii-2?t-c zZ&ld-lOJHWX}btMy3Y2!cgXkVJ}%>9VV7)OZQhfwZM8qsBj20apS%}?XQ!gGYONBp zR_H?x?Q@nT_&e)b*Xb7$YbcAgd3_Yieb<%=Y5 zo4bFY!0L|@bLm2MbjOe4Vu~{q0RIH=)oA(q9>yn9Zmj$z`8c**jB4-s7kmNeB)>>; zA~Rpvg8+A5px^!ryohgC!uv65+VlX+2CKM_&7Ny7F!E5`=O@mi^|WNfmWkp)GI2RF zq4q{D;NMR4ZWrT8cdDj;5}aIb6}4y&D?zMxidC@h3jX&{C++UH?!KqkXSLkK`?IXk zeQo#%7lD_nsQW!&jp?h|z3Tp}obLyyDSP4H?zyLe_OpN!`+jYwGv_!m8)Xi0e9`xz zk2P--KM*{?;KH-gDr|voeqW1!Hu?V!T)W=z#_0A<=Ch!EgKz>pa_KL+@A%7Ly06Nm zceCG||Ld*g{9kiH*7?7l?b!E6pyL+kxD9-+=lgQvn&?vboShrcscq=kh4`NfSa&UB zon`9u+3PGHYnBS9uFh}5*0ts3iv3JUpZz-zTfLdRJL;ULqRY@p)Ku+&cg%D4z4Tnq zR(!_3Up2mgn2Ky}TPW2CZR%BrVLi2G;VW0)#rXcz%2!*@RXgcV-jQA2Xf^z>kn?_p zH%@-@b@KW~I(F5yp0Q6Ie(W}lt#&zMTcPXDDYVW%hw*>@M|b?t5Oc4~%suvTdycAo z5NF<62b_bP*u3p)-|hC*F+^X{OkWlA2KQCs>FXzMUn78PQ4PEdEX}u(g9Of9_}*yE zz;?ge-w0q^0e_5?zE|a;uju;i;}~z#N1gFTK-2f-p{eM2ojcw}=bmDRhZkLL<3{mj zo#XN1XS)YKpW^-47JP=4@c%YvZOOSu)fmARU#qo15xgzgh%JZy;CnuG2FA3!)*2wr z(yaS`c;B2^;r()akb!|yw|?NZ{?-cYzd5h63R!KjQXy}xkjeu1(>||q&G*r{OVO9u z(v427kc;lZAH=Ttuvfbs|Cbogt`*oS<(Czv?G-hX`2IjQK8DMmW#o>!aW(kDwpj)C zI?OYVvzdok_o4p{U(0Wy58>*I!V&uLT*WZalUhetD<%qzMy_&voW0GAFFPz9D*ak3 zdqYiSdI{b%5bFT}@T{7&HLLe>;tHT%A`tS=W-1&jYm z?F;NXb>R)Z;`oII|MCGH{M)gCZ|_uIwqT0mBYnU_^A{M`ixcT?!}r(|-D#7n+eCk_ zZfjw#u5Qt~E4rBV%Z-yS6Mu+L#3R-2ToyBz8s;)@@LXO<4YcmD*#BX!e%=3rzET|N z$2stMdGEhC+Z?TD&e-l;nx+0Xeav!bhW#CmW}k6s#yeW~%SSgft7je#&2ALUX4v*Q zx-gVtJ!9+b5$KcHS+)$CGlJ06<C%kL)kPV(ut4$r&T9vhYs=*r#i z9=Wa=4_ z5+gh7_WcihL~*Rs*k3|tG{cMB#cn+~DiSMY|1=Ru>&oK$vUDXeiZdfGugubwS!et5 z>Bm(Abfv5B+s3j_;oPbII%n~o;LZkTeMbyqTBLF^{UQ63dvDub+V03{ zd&UrL|3cf%Ic>)c(RM#=@6T!L&u)99-a6IXE&m(ZuE}ZpMnx99N8CH_e?i-oIc*Q- zwsr2I-$~nBbK1so+ty7oFl?diS903^X^6J}O56IJw)?W%rfCtO?Wc3vc4W6r&+RVS zek`Z$W7%!f{Vu0%bxzy%?6ybh|9C0qgq!~GRoc$TX}e*Fwl~oB;+(ek(N^|nq;VVf z{;vC9VqI|@@%wJ4=7_tW(@XueW9@%gW2{H-;Qj}EphpXcr4T2apjfr+opKV~{W7!8 z!#~jaZ6$5zlvCp&db#c~oS-{KwC3D&wQW!28aSw0n3&2l>`tR)^~uljIeu15 z{sXr1szv>+Y9l#QyWPYP)9dj)P96)-ePii|chq;Z47)f*@L_-ToPI)jK8fd*JTD`j zb}rAS*l}aUQ&k6RvYu7iZDYg*D=h2TO^lab@4MsizVa;Mypy2)d)z%3=Xc>s^H3b2 z*4c~0XZwTlp^U%b_EQ8rCBRdPuQ8tgtP{@{J&WkSg#JtEe|#wQeb$LCy>7~h2W!t= z@o@P+ij5aIccwOJzSw^4UCZwY>p4D99na&?NOx_6%WLg;82%o(I$US+08Flyfzyd4 z;`5;2#zs~(+cDY>lUpz?(yZ_JcrpA}pJfHv_otl|xt-^HUt19>cjLB37pLR4_z?y8 zv-qxd+?MaJC!Dw~uqtk=nCV`8T*Y+!#BCEZ$pbjm$pffkO~>;j@Aw%{zjg9=9RDhO z8MqU#Kyx!!eyip#!O7h3-yR8>A>K`nEd68$M@f8 zJmJ+H4|vRY{Kj}D)>O}DE%`1R!E>629Gq%D#pECWXSrwvzuLUXT}-6Yjdx_u@a-6QD#~-^A;rVc z0X&=iDs+U2Lrx2&@O$oy8N6FT+y8g=PIKhZ-5;;WgR{XpG>?i z4lWdT>jFp0{ZYM0t)G(Mr5hY6KGzBTO};2NDh@F}aG?CRjso__;Rmxn4v&T4m5tv0 zarogo*c0)y@-d|Iq$j06n|UtYO)zKaY}H?g(wEjkm$^DC?9APH9!D09JkhU-d(n^1 z|6lCxtGn%KXJUi23l1^<^ka^84+Ko<5R)$hP zbZC;+mxdOZ{4dFw;UnA+S z4y-13%Gi}G9XKlTVV)Zu*ztZl?}@&gHGH-%q;KVJ$yWG7wl4c=99_t~3ebD!q6fj% zheTID`cF2;&%Tt_qDJ@ed^7F+8+n)C9^h~3_w;?h&|k3Yy%2iP*6X(2%;*cpjt)Ts z;lAk@xZmv9C-;8KXG~5_=6*{PTUZPYmxA+U;2gYnF5vq$;22p@j$0gh%q@bB(5I#Z zT0)mAO4-vuMy>?!y~xN_;N$>uv=3W$(CCVy_CrQjjBS5KF+TEb66D(`uf*6zWJ|PG zj`T|Oi}be1pPm;oHn9o3xO!tO_>>K-sI%p#TsXUicNT=~yx#_A>M`*5QwM*_ufCA{(YH%8`@ODR7rwffyKKGYmc^^!E(V;2SAom$ zDsvUD#;`p`e~7o4kA8y>e=q*Y(BIYp;;|}zTcO%G;N93a?f>&$9q$=i5ABTnFy8h0 zjq!xHCVqG016|Oj8@f=Z&fKjhT^pZi=O0J86Fqm_v_BWH;W!o^|MDM0>wxXK`ncJ# zR~Kj7E7>O5DA#W3&ZX`p{0FyP;I@;wC&WAOToQgP)|%DP$KE*ljl?F(%ay-=Nji>R zh7W&U2;bMbFrwT#>EbfZp{{@q=kr`Og_wT1^Q^uVS73bTrZM|<|@bH`B?M=M* zYtyE%Z&Rgm5yf{6KU6#UpcVXWmDioKiFW1Xi_WPdHmC1;Pv4aXCZApYXxjg5w()H7 zdvxN4`@J^M!0yIS4eZ4Hxf3tyz_XiJj$m+e%#^<;A6NCHD=h!B?pgSx$fNOIgb{l$6T4>@}kxvM}`ZNya=ho5pkL=rVj}mk+c?kWDsw>FD2k zKcCGDMz_!h@s=HKZ05V1JHGZCc5KEvL%9{xBL8+au@2rBF1>BfUXasvZEn9#+y6z|vvbcug~q*X?qcE`*YfUhPKjQL+N?1 z&v)I6L+g9j=ezUm?0oy1Og@U|yb1a~QEzcx!`J77PxZHSzq?M6{_kwCQqrMz&PJep z>}R;gl6!CdB>xUy(uoIo=(K+<3HCH1#KzlWDY?v(vmlKC8Z2$c2_?NVkel`0S@OgqZlE-q(-=cfW z#Q%$9#Qc$$cn#}Z*1rkbDL=if$~sa{j?DG=rYrGHJCUo|tQjS%3I6txPvo|VY8>>W ze37kh3|zZ_Hn9f!T+EpD-22M+k>be3k8mX%J-#M`qu=0j#?jsK*`@bg9KF379AU?^ za8x!tjwT34v>OgblU*F4KaU4TKPL|)jU$cY!I5wxTHgVktD&>j|BBPh-}hRU{b~l! zy3<#CYTxAVM$h-J^LN=XWK2GN%b$jpt$g{2?){cm=GcuO9hI#VRz*d zM&U!{mc*gCiN!&8`JhqpGyE=nY+_T)*Z7$5U<`W6A2836A3cx5S0-i!Kc{0>;Jo^C zMouq{(vOi3-jfZv+g)GovE|bE_KJZqPC5Pg%WW79ERt*ZUt{X7=P2*%c~%>bZy;N| z5j`?6z`geaqqmw^1ax@(>;0`y5mTzR#zo>amRZ+Cp=%8K?(qILpWm)Q*0c}Y^Zv-D z0C~lgx-+8D)Gh42_x08XX)oS$?bq0|L~Hl}{_a}P-->;lA^Y^Qd|t=K?Pd?7BKm=d zkGA<}FPfi{hvwh$tUsp0JqD@knWzSt!ER^cCfm-C*{mtlJis`o2q+wbc)zt$K||6Y1{-_d$P{;l_! zYg;tu-@lOI^FilX@xAiJzl}bIh6NwA$8Q3bjht~k6aM%XpR)rzuYtDnLMA^d5w_Pr z_(Yc)IGh-73?4OcWqubvHgY%e#!2!?#zdxn+s$wNpdBNiEo-yX1L)Uk^eb^hljkbl z*IB3n^nzb80=_>?K9SMOZu}8A>geA*Q|!?BzFX%e1%sYBFc_H>O`xCRVq9n7>O=7fH ztIH!R3Y4=?uC0?}@h)WRx3u@l)`unyEics`-f`pcw>a|BA9nKd3=a*C_qlOC6Wc?t zX+1fo2)uw3<-RH>uShu18ijdvAU~SFxu+MLXx*+Dgy>o)pBX(GLsuD}8T`e-$7gx& zu5;Y8G46V2F|zg<*%JEk#t)mQ-#XMd-xy+?uj;wupP2Y`9dJ9a4T>?MV`Yb*VEmvv z{`GeI5OZnbT=r1o|6l4>7(3(GH^pML-it~NhqkrxFxJ>+~Ya#T;UL>#=oeQAf6u$!|I4$aayh8GhHh~e#cxmVp4IO^c zSbv76q_eK4Kj|C6r&yEDi74J=-xF43e2-tyuX1kgbjCLR0emSQ(72EByP;cPXu7%a zyU-A{Q|vk7q2Fj@KeOY_iZe@}D%Nc5Cb)BB&>PQEZumzcJIE9BY0u0WZQBC+l`Yuh zIs3~x!anohwFThjy#LOQ7t1G?U!{1lu^CO+48BjIop7ET8@6#Ud<=MCe}4WI4m!Yr z<@sm!ivsrffM?7e^U(3&gm_&11%Jyg>OzO>42y{e!=E*!$R)gX#dzYu;PA>4;=$nb zS@A4)YU=!$g?}P`Gqx6-h=&wcjv*^%pLzp4iw-uvB{&eDN%sHD^R!+;re!O+&%ITB zRmhK_uQ>7{pRyBP)0r)kn=GC~mZFS`P zW9|`U9QCKMj1FQv^<6^WN!sh~Q6mRV8v_shb}@%;%}4Wf_0S07(KjE1mR^3o$<%8( zGkxCEtbw7yhryfl$_mSR>;ZVRI$CMpIfZ_}H+Vj`R zMs}r>m0Pa$=X3C?bVUOCOQ&fKD>??u9V5=2Q{de2ZgU>qMc-bNGsk@%9(DJJw&uud zj9h>yXQ~p6rJRO1XRGY_jEy|KoV6r##(!h|Jub3`??z@jCK{P_Wwipo4ZPUreZ2d| z%;WO^LIyc&gdZ1-lVjkYt@B%aUco0an%+-_rghL%&#L9S@jb-%&+2R_{e&%e$g*0( zth+<}oh8G0>W|3&lnNhtaz%dO(O#bnTyihRNY6Z2o+XLN3-wfQ)v>f?76}TlMW{(-Tk(pGY==PoUoL%VT>_W2@*jGO` z&{EIYh5Fm(?yn}_w2bwu{;O?NJTMU%fhP|A5FE6If?5}gXQCTIL2}K5mDqQ8jKC26 z3TM~hkD5MRd2!Yr?wY~P$8h(5H~k^M-g_huKi$N-@a@vFw7giveXWfjArB^$GJm7% zE&i@xFQB5yA1P;U8<8Iif1l^OHo`aM{AO+RD|g1|@5y|x=KD5sLkyk6mdW82P45Rb zx88*IkFGT1XWJjMmt$nhYOgajA3hlQ`7Q8rPR$1|4;lS87W%<|i=ly|&x8}R?xAftzh$p`3bwBQs#*8oGmMMK7n4sG8VBzbPqOc!tjw%?{`kGu zTi4LuS@)oyr$yeFn7!^1Ek}81xh4;PUx+{UcInw^{&r~-M&@Uipp&43d+tqZJ$W_;NPt*-*A)r&5Qp@*XApsYGu=!dkfKyOG_oZ<4b1CwG1 z2KO$EL+H?73dTG-^glef^78*P#=d0ydBqjv+o&E@lv-4A>Vn;1Vhjc5?wE4?7}X&9 zE4l3*_~E07>)yrZz(4`9rb7OY+A2SydmjIpw|p4Mx2f%epD;H-EZFc=pj~-)9R~kS z-kIa)hG`?eS?@}wL?c`F9Y2_QSgLy!r~Xxfc3M|XaPj5(%0uAi8$;md--g1E$B$KA&F){Ba2Qd&fv0W$cU26?fOrmwc63^nVyW>VuDxR#16Fin*x1 z&5g!4DRA@4c4=)mS$cVv%~R#0$h*?B*`8<0yF$iHyo&iv{Xh62hoRT3rd^%1HThE5 zAahP72|fEl!N0h2(`?&K^{I7&{2Kk&c;)bm+NS%W55*SDI)ibd^tDpH4dYa(1_{1R z9G{6C`F#~*eJvIEOcnS{<@h#U`{9N4`F|ZARt&do;~iL$wIFr{ztjpQpj9Wd>Vj6? z&?<=y6}`SCdgalFUE_g&BI}k(+4-wmbK7#b09V7p>sk zS1^C2wz_`|G6 z!;ImjRgFDXbU(1E55=aXf1#CNNHoF+`@FWB;KM~Zd^j8a1nw+4tkl}o39og*Yu)f# z($Ndi-{tUGDYz~{=1So+cr6L9HF$J{>wnt0Xc>Q4xjn9rkeJU{^sjhBH##pl13cnG zu-+pkGd42soA!Dybhh$@tw;^uZJ+Q|+iuKn+Qq#?yRZ{G-1=;HC`JR%E2l5*6Y~Av z$XhaXDeylE>!>e*4^ntNpZF$)H}VPmg~V&lV-0Yp){fv^d448-vyu1>-?!0+u`3tA zbMkeu5u&r!gCW;G1RVd|E4xGBv}FW1{fUE96VGY3ef!+~t9|3rJoOxQ^5EyBFG|{*&=v#@6%Y{$*J??wRQuj>w3;et9EmBN#9`X-timORh zuZQQmfRBCseJjTnw5&uYuS6$Heg~~Ln}?4#7Kk=Q&>5V0W5tTK{U2!J@^|lhW&bk# z?eg;7ocAu~9DLavtN(&>VyNiV7&9Z^+E^aDR1OY|tUG<1_jYIA>mcXCJd0(XRh)Yq zeGLOw6?2bq7A~L7%!O@4c-VA78V|(3t{rgCcZ^`}vSW7bz@qjLwU#P*CtvKNoY;pK zXVO#NcYn;gacqjqqfyxy>`US;@*&Vk^~bO)mM5;_9mCuI_lM|zAN>y%S5d!1^>@i} z%ylIEu}OJxfuf5>LQ|W!GBm3q7Cmx)$d-d#{xE$H$A7Ha%eod$iutd_B&~RYfk%E zPJ43b*1CCd57GY1IqhG_*WSr@yPx)pa@s$Wuf3DU_C4DFQ%?I|;|JvUJrDdgkKYq+q8)b0@q2D} z^50DS4}Ird50PWC!}@TU$uW`t>&6ByyVJ3K_{L36t$|YV|Fqsz4bRO^T^w?lP3{)pKx;rl9bN%m4>U@tWWiimS2xu2<Jsy6^k)|6b>gUlhta{->Sa!$b7{3HN<$ zf4=draDV3%5}=q=6#+viNI}n$2yNT31W(7tfKt= zoaJpp+k9h<_q3@T0Z|CjD=V^02{p1_#P2$PQ?-I=6A;vnaHqcLP+K@lx zSk}X@d*D~C<$d^J6-^gJ$}>E>Lp2|@pZFkoD#rdc+y1}S=Ifq&we_#)28(}be=#S1 zyA~bt)c`e-(F59J+emIxA?Jif6@-FC#i5||zFm(|F>KX6E^6ORO=UBd6D$424e-A7 zSrKb1)@~-I!}v=X-|NFFSM4;v&U#vr4gS;m7O|Fmz0!(I@LQ>$z+BAvlLF!}h4}t{&b?_*ag3RV&K35%@H@8fyZPXE zVp8e-|D3rbfJ3<(^2c9r=T+%5^QvHt?#_!MFj@GgRu%d=Q*T)FIa0`c!r-k2{lfal zt>4()<_~Uk=H_E=e&*H>?v4ykAN4?gA)NVaAo!W}5gAcRjbQkZ$kQed zUp?#amFC~y?Bw5>9ED6gLO6I{b>5kKycU_N2Nw zTpmh2?&77{#>>)S@FKZWjJgLs+>3q_-6tOdPm)2MdF?^&dy#vcM>g`E)@OQw*hq;G?e*5URkAC~npGPYFk-j}%-RAIU zB{X1;ii;(htAM8pc&IJ8rYe|(U(H?S(B%L$sUUvo?g?q#b7iAr8=Y~D-(AAo@U^K? zN?-WhE!5Oq1O6v6w@KiinD7B;AsXy{*73nh7$3ho(H!EP5bu!pum&1n2YRpry~y_g z=)oqPegA`#|8(U9>HJLoQ*R@EHw(vsU<{s&FA*F8`V7!#fIi_-__GK89C*^YwZ0Ue zkD91$`lLo`qB0x|pidG@bhm)@80!t{=f5|i++BYLw1m|FMx=_r}ruAG37; z+DF4ysvlY%sSHHodjcL?Y;Y%H`ognm+d`xTR~VCMoQj2$0^t|`K<7h~5)Q)hn+I;jMmG_Ji5J#;-Z zk77r=80!Jz@@?eIY$9j4i#Zi)Z&*3o#NCz8JXvRAi1!lbU8_8$AAFU%OZ+CE-kgU) z2hPDqJC9mk(#^()XbA_;1LxAwd21XwIak_uip@gb%m7E=E(Q+n{5|oSnc#r_O}@%3 zp2M@YECh_s)cVK$T|BFE9p2x`5m{@IKP5XM-qt!!HC4QA^q%Xhx$V5aA1~hrj+5`h z9vx%!v%~)vPR{0k@z23Y(o~dAPd`&h3$c$WI;SF z9;`YI-h%ehHR3~)6K&{X@>_`2lS^|`o;~3ASTmyG*}*zzAL;$jHj3_!ie{{PDt~Iz zDGdKq!8^0zp&Q_fx#d;C4cPKHzDqZ9=<<#BWORN@XR3wL+-8nP4 zs{!AAqmzgEKofC%cwiSf7RpWOrarFdCBD0!ab^?mKmW$c%VNMJIfM5&OX82juK~UV z{BQP0WYc1-XJX(iMt$Ts{9awo9N?!A_?UII)n9>65aT>##hdSoT*rFvGxPde@c}N? zTw~!dIEELoQ=M&La2y85VQ?G<$LKJ4_5eKFwd!KU`Td$i%K2^D0mpsNi)&Agbp*`)x_;1zdNa>3>_K(UifK z2bX@`RlsA7SI}w_h+@Z@VA{9CDm>)MexwGg@VnyKc z%*aY;*oB^SVnu7+8p?OV@8U^#HxrNH`&;BCJcZq-4FSBiT-xO#Nt_nWytebI_%s->g_SpXBO(tjM-RT^tIJ!%=_ph2$E%I59 zO&9OL_uAi{Q;8iyhDY5ULT~xnJK%*l@*-ZF9SQ~KU@PaMZ)!G%f>%5k3SRjzxfVYn z*8=@hO`hAqTK*R?r+Pk1_yj+P;MG^a>tS?<&O#nBdZeJee^_2Q4PGh5W}ezUOMcQd z(i`SX=UO-3P!A2OhyfO%A7>+%<_x{*x1jwV=&1N#6*97k9Gi4pd5`VWMbo)n&UfHW z#{@*TiQomgTZyBnCoey~_ z{r1y`?FZX&hD~p0{9xT>CW2*2~dT$tTgX*_mhMW3fl*0+Xi> z-kP_ggP^VKPv;tJkIwPJKXc&&*`t@SL3eHz| zHOLFNe`Rqf^(A;d%TCe8oav^`3~EXy=)2SDyNkZN={rf^J@nm6->z*`{TbDsd4+xt z)30Pue&I2F)fV7^HqUVP$WSnJulvWq&_gat77V5EENh{-OrU4UUFs&cDM_AGPbGAj z0$rwphiT}t>Cj~cbeYM0rXJrhEuYPHJ@hN553YxP;1S?>92lMihCRT8toAJhKIAjn z%3Sso1j*${CEA!vWnr*uN@1{jYGE)rtuWZLjk#>+Y|Upxw^NKC>0`efzv=h0W?TJt zPgM;S<$M&R>$-H!qOOPK)XIQI6x-=w@7g>s&(!sc1`F*l#Vbf2=xpqJDeFg?j*}8-{T@1ZoYGE&fPRr3t+Mk+TY3D1qW$L@G{Wd|mB8K0cTC@pp z$e?K z7dY$IpRuRzh09B)dd5$~81_dda?Umv?vDcZO~7sVs$&TLjAr<=qSWTA7<|wMFMXDG z#jEE1Xf{7BqL#3sqt+MjgXrl0Fn^=>Li!t#D(j6 zi|5)yXx#Y>iry1KJAHNyf)9lo)(7sBu_@;q)E%xmU@NkFL zXMF!8d}Cxna5J|m_U|VEbE%8x&=7d8^WYiyC4a(mA@9mh^6}qGYgZnL-=u5T{Drz7 zn~4*OZ|%8Hi;No!A3L&ZVm(ehn*FrBKc}rfx2>~p{Tte@$!YrrzIIl>&K~+NXuC3} z?ZMo(PJNf1w7oT_ZET3PTWI^0oVI_GzrTUC>>zznN*L|bt=G|hlY6$i5q@a4QWdO0 zDxg(Ne%6K+!3yd|-|-RF%5L3g`Duzdey}(aWBqH_jkaqm+B$)+3$u_@)i`ri<}Sm*AUXAA8ZeE6xrfi{tG02|8bVSpaXxk&!BV zEuBqKuIG=HXERIv(te)$4(Qd0sV!2O4j37HsDt-#;;t$`X3oTxD0-1 zfgjeK$l6YE0DEnBka);;&JWb}yLa5#>#;07m2`y))iFj84yu zA1a^4J`bNcpK$ORcpbaaHy;^*CtoRp|Ka~rdIO#ezzVn?Rnltdw&yu^V>%LChmpb#JzHpxNobzzqJ}4 zw%T&yUJKx3;Q8LO$TRIjtmmtUM;QAQw)csTJLWPK8aVpU<%_SK1irYPwSm!x;efdx z>B37{4}=S|?njDlhwhI+^CzJBlf;SJh{vo0Pw+}?4fJl|`6_;Iwo+a2$-v9L;M}Rm zA^cD?1zAMTU4b6%sW)d`xHq19qv+%Vt+aiSoa7?>JoKmH&eDVbLhK=qyqdN8EJqK* zn}gQs^Lb~YcrAOae%qJOAMk+I-mV_(rfsazqX(hsJ?I(5XcVtCYjxi7=)vc+*6NLU z*6KVv8(v7S)#)co4=&HZXRpn_UzxZG zG4`v3wZbG{MEY$AZg^u}8^WFfsO*^2gZYz@_-xK;!tW$lThM zP3J^9*TWwh_`iocdElP}bWXr02L8p+hVN$z{>3)@*N?R#bDY?WeAWl>`8v@_s@0JV zKj&9O?`xnpaxHor-<5vuA~$mHSs&3}!L57A@0fC9|1zYa^n=m?SH-roC3$O zaO%>!#lfk4PTy*8#^!~Au^O8<`NnfEi-oywQTg}v&KWod$HT=quO`N+wUhSzGI10; z*6qf*O^mw*`?wIFoOOU=;EH`Kp7K9Op-HQBn3W2bTalIE%6o?+K8=ZG+VLwJPoHKk zX0MNN=b-z3eH!=gEJI(o{MumC`-iNrv__DeW8VkS+tg)|J;~zN!uFNm)zG`fLvQ+l z-p}vdQDXLn_MU3!{c}U_Q%{WE=X>dW#_;t1g6It#BcXTc2BQP|LQ%z9ZU_22uX3oO>G@Cf@l(&y6ue{JJ? zz}drku_|cWzCsgAjw0*P5wsggUy(w5qul!hD-yc~8`?{e2Ha(PVQ?7ju~cTX?|dt5Q(TscSMZzCSVd#Z_9j1RziXID)3i(|X}tkJ93vzLsg zR=?J2Vt_Nj@9)6jHua;}LuhBa?&G2l#RG^t>{Hx9Fg?WIIyagOjM~@m)~b7w=B zHrl$SX(DyR$62>*WRJ4!-PAxk)4}_x$He>3qxfdRJ8SieY~1_XliY1+aKFWad-mhK zxc`7~zYe_20QXyjtHzzb2fjFe8{E%0e%wFS;NYHjhs6Cla-YPH!aZXhFYZ5`gZoC| z9y~|!|C9@|QFGW}&tXVEbxD3d^-kdL;@xA(lx_kSPyeZz*`|QBAT7TPqz$oJfv_l`3pIf^o zazAd<>nEX#AJL{^Mays?lybNf!uZ`}TR>m{}6 zcrNR}X^|g{LS~FT3bfx#|79l_dsN)z{tm}iIG+55sqEi+VvXtjwm_k=_gg1p?*m2I z_CDZC^%eQ3MF1a!i-PgP=!Dnc!?vPe*Onr3DT;#0?M1bBRO zx8$iqeNM6-bN47ThQHhc$1?g_NMGofYQa()g1;Nnu;`iWjbO3YI~qfM7nnLNZwa2I z^f8M*W)dT4BwpQk>Q>P`@ie)dz}LA1UIEsPI!n|vl^mtQ_A&56v=O{5;rC{XeU)%9 z_B4Ch`^dX&M5b2}lUS;F1TsA{M7)+5#KKVObI&l|1naRQ$n+$CQ?TeMa+bsFPo~cR z6q(ple`R6h2+ukDFzB}=?>D0`&g+){8EEYwe?7)n{ee;B;-YsFUb+ViPt3HMg6O;S zd7?^Um)zBZE#O|wJ)=B)Ld>6YB=X6krbh8u@W-ggZ&z@B!QHzG6s6ZkMo&85bAQkM ze!Q_n>9+bOk6*X_d+z$koDImF->BrAPyzp`H}@=ifXcbOlyfzyN@78}-|#&CuEma3 zaPA{o2A@{KH^{vBs;G*(+no1^m$7cFW3R9hKIHSCW|M2Gd~BZAAqSm2zmv~J$jKf2 zSFS)EKCf^h`||EN{p^=}?%&yCug?sQN-X&8oc43wxtD}ezjflDiieNJzIyYah(%NH z$zBtA#~^!aY2Jln+AHG{O zw(WXs3MOI5<+xwkWz`5&4F7{GLGOwNA|Vx{6at z=Z1EkrTlKuV-oZ*xuxWM(#OxZ4;I=lsb zM@3~U?8k=q1bI0LcP`s0*H2XnW7A06QyYvR*YsTZ7fu_F9V;zQQzlE}}}?Ml+^ z_BrhqvCgI44(s)EBR@*FD@?cB?X;`1+pV=e_tD4$w5v1cd@oM7dpx(l^7A79LOaXc z<5-by_hZ^cxdXHdcppMW?xLo689qx9X9|)Xr$>^=Qv-5gzDG|tXMl-U?r`IkzhV8; z!#qdR{zBix$OS$-ch}GNYR=du`0eZD4=IKz`AEOZ^KSf&o<57uP--r*n`b^33SM+t z=-zq0TX$aQTYm2>U)kcDeD~ZhcnMRhyT!S899-#W|t3{ubR$UtfPO z_iK=wEx)0%AkufstF5znKMLMr%q5Y$O1bA*_o!a);Ia^0YzCK`!Q~C$(tHP(4-(V7 z({mR4A#gd0wtK|1KW8!Jpz@72r}etONY!zT5dSvXihQMNcDnCu;2nJ2+;?iy z?_}ikMfaWcyn~;W`_5+HV3~c^eW#Uo(8am$9Q5#;tB;~*qI;~SQIz4NKJe zD9vu?q^J+kSvc;-7wcfX<(_fTT1>gjs-xWb2xHGx$Y#+UqT;cnU;q%`8HlG(W zckzPsg!=P-x9eVvhR=($^u>L>#2EL0mnY%9rNT=n)w<9=_n0fo-T1Wnk~8~#C))aOR=SGMMgfm@O@7E<7=(6;2Y(=<2#Xm2W|0_qyx0x>5sqG8rudQ zfHiG9u-o(Cw-_?L0=wT?TNS($e@i?eT*tPFKXhKHu>Ei3!z$h-pIR|Dts}@yyteC+ zP--0Qqfdb6CBSLc6w@Lxo?l$=oY`U>B_5NX5PbsJ>F1$S{Vlug96?i;YYH*ARp7Y# z;BEUi-Z=Tq8f?7umaQ+X_7}+8k-n_rc_;980c*2Wcu$mZl)t5Xmn+5qV;H`I5^iuWW}-{th-gU5ETVO`9Zb4DZEGH*$72a#+0k67J*;?b-^? zxOel2Y<9WBm&Dr1A;4xcw^iUxd`Uk$)DQ2j)w{_Tq18+9)QhJ6% z=Ycc)0P$@CpP-YmyP!$5zBqC&XK3_U%^4`OMt11Fc>;OB*d?uz1@9)lS76H~K>rc) zFtGrehnHVBA|5tpqH=k7aSjik>+tXmJooagZ0Zk2ADef(mSpp8cdf&()8W_k+5GC| z)p#xZ%K9eFue|5xjm3G_@F(w!KjTHn(R_5odVK8-O}iQ`|KbYP76SukZ;kTo0(g|% z;I*oW9XkyFyk@29>8zjAqj}Uq2?UjjljvpfA$6E`JBOwtbI`zIcY5 z7U_$hf$O6QTPBZI+I*_H{111>rRP${8le)oWX>UUz$xi@l9w}u-=_LBPws&_I})ca z_YNqn85&Mtp52R1oTqZJzyT zQ@m?If?k5?%-SZk__T2 z=2GjOi^Eq@=KLA&^I>@E56g~Uc0PF$=lIt>w(R8NsU_02$FQ+aaE8chW4jw1o|*|y zwdL?s!!dY@_l&=a{)zLh;VIr1Pe~sYg3qVmnQC}Oac=3NC^|?nQ2EroCxAoi9pF%R zmU;b^tqu-#=ZaU?OD@kD28UnD#o=NHhqJ)pmK+=|J_ZhXFO5UqH8|vb7l*HZ+Qs4Y zyg2-qVQ}d2`O-Rkd)`6mMZ+z`*lSdX`dwrK@{zJys#+dlpGs_fT8=Dnh zi?-sMt;aUztR>@#u|cyJ$#03|*x+VoZOIwOBYT~-E&ORzP4jBi5cjFW$bmDddMG&$Ty6yuS#u(N207_2Jrg_8YgW{ zB(DyFw_t+bua_;SO%uA+D&@TELiR_f(-8$Gi`e_oHrua1ny^1t;iD%vo)t+FS54xh zCyBA*-#=gc-SS9JtuNJsFW*y--_*w5MKj~CVog>PN_Emt7rtRPIQ&q+y6+t3hkD#< z)(hOBnq-}xWWA7N%|7T|_Ds6Kjov+-6(So z!ILr83&Ks^Irw(gWs%Q;qbBN*#Fo;>bk=*U+Y-<%(ZVOROHh-be&czOMXayuOzpu7 z@Owu^{>+&<#rL&0ac-IQXy*cpnhUIxfHA7O!>AA8(jm+kb?~GccMoY@I3M0v18?w- zH}18J_eToDE@05QUojosN0E!a|786>NAN(~DEm=I+e+*;T*CRR9Gks%TLx`Ki{-u) zINp&gu81TXdB)l;+3ZVg(X*d_Fp^xw-|&C3B_F*@B3;C7MYCOuKauf|RyyO=+n@CP zd~$VpB-x?T@i9rd%^~j}Gt4Zu@Vv+lg=F z7nyhrwmlt>S#HN;REtEqrNf-@W-ZI}-+aNb%?mv77mBqw1Q60 zyL;M_8{N&on*Dk0eXEwn`OqwS7#VqucU}UQFGAy&?YV2-esa1^y%%J74RegY%-qp) zZftc9>yECMtkfkF{4F;yzs=-m6T{zCXzG^~MY@`cJo~GKW`Fft%**Z5u3J(R`8u^9 zzs~ce{O?`Ieq@yee8uE^6}2nxA+gR%H6Vk@M((aa4t0*D>};$5N8GPe_8zOhir8E) z<34fW>Q7Dj%GR&V@=aR2`vW{H4&D01#cMvL?^S%4EuXA-{8IE3bS|HXzW8*8?w5XJ zp!KK|YdKnP>*VXeZ}nH-!=1)H8^6R&qVuuO*YF>lCBRu1I6EI)JZX*Ud&+||JD#sS z7sb2^+dt~Tq1&%$CR$D5{Uo@&WrDAz0bIKKN5ux0V&t7v5%P z@K$$;HDh4l^sUK8X!1C+8|L!~cw>-V%E;~-&fMQF7%HgILtY;AN|soUPnV#}J@oQjVEw*=+`m}`)-BI)w%453zKncJ z>bk|Ik&__VUt;GZcSbZOy!eBWK<#{u!QbbK*2k zyvBW(`yonPSIun125=)H{N0lre51r?o=)8%Q^)wHj_s??YO}qCEG4E}(E&GVo zzlggiBuC48zWaxlzWb9`XI}iah*Gq?1f9mKnKQ?k+p=W2H6AymZ z$oVGe&C8JUANX#O4mENopVifm??OLj;nU%xdi(P_e2nU=@zsiasW$9Oq6B=Fg3Iy8 zkIy$gmysK{U-dbx+*HCx&BcTG=(<7pEROv7n?^SpnANu{Hw%PM?uw|;xpi#LCUkzq zoBqgT&QD)?8UDTR|Iv0X@KIK0{(mQvD|ZD&i<*RhfS_p6V#Jn7f(1oOE3|Y=y9ope zh%KeIt6jQHARtIo7_pnSv<(+Q8Ec_ls#&{#f~aU?E7sk1yKeu?C6fyQ0kvDlqWOP+ z=Y8MFJCg~5?LVJSJ~Q)P&Uwyrp8I*ubF9gdbsfmL?(Xw;x9`DcdBW-~@2Y#`-E49; z%4pZ%^!gs0*5*+kLh@8=9S)woIJVcO3U?b?olq2v{ssMq{D}RP{<@KY{ptOmzHTiM(X~@2y+od4{7gX4n9Db`HAD}L|1~ZJHg*9>_FzbA8?x(T1Aer zQ9Hr^C~OVouSKz|luzBp{Og>S);q{OfVbj{t;9NP4(*YYTv2U8dr!COE9Zqi$NC@s z-HmCP3y{9L$rQluOSw&mn4TasV|+NzO-E@g+6ECLl-WBpP|3$)OQL4kL=3W zVr0_PK;qp$zRh~CYB}3yE6H|U%wCc9DORGbnz2?2ww^N$mfu6@}$Nv_76QM}*CI%+HH?`v2K6%92m z!5*1l%^B&NF?oS??I-k%)=0I+sAuCm`w-7QkN>{;4{zg#!A}nS8jA~0;{@yE62{jE z9IUshuTu5#MV?=q4}3$claG)));Pe1xiKGHJ1{8*GKw5Q(MBWB+1G2oqxFEsVaeaP zS$fVH19gkbbpImjXIvGUv7ZX^3WoZqF2h48-J?%3q@UhR%oyWp`F_=Gzj z^$hh}IPVMJzB9o0d1@DY@4v*Fv%s413DM>duAL6=g1NEEI=Ky4MnebtG=EObX1#BG zq1o^XIq%U)l2d`lFNf}2|G+YPu&)m8or7-mZZ+2@C!hZ=*Tam* zx>)gzDaq^q#PuS{ADxlR{(7~4BiBq_82XV-GLQbf_tpOro(c404`yYcX~fe%ymiF! zt>3J%Ml9RL+{b9+d3?<^teeUw+eU6?jCU3?AFY!u&R+sA^DM&)!q?jD?E0OjZm8dW zs%*3Jf^0waI#WA!```W)?=ZmrTEA+ipp1I?>>)03Civz9-vZ=D74UU;58gd*_Q{4i+Nq|USPk;3 z&eGc7UMv3!))s0WSDlhpO!S6lfKLh7BVB7($)6i2I!$`)!`YCgJZSXa4 zW}f3rGidXW8%teGEOjd}RQ0Kxd--sy|6OrYd#}Z(X=@jG81jw1?~%`Q&50eEbJR`k z1gBr)8}r;_I+p}E-8R~1I{Neg@(+D_^yTh3GnMyi>Wh9N_$TsC=3}=YHxkB}-GN8D?>f5v2TR1YaOD}Ac^ zHQn9k><++#7B~*Cqwjif&s;>9hevN^jfDMz<BiA=Wt6KBk^a)e9#$5}Jl1te7 zjdvOvd0zcN&+yj7U>-2IdU8Gai>-<)I54#`4@P$6(Pw`v5gm+d8j746&YX`xXBP6C zJlK9udhCtC@WfDfVmLH10z04(+3>!-W?|P~ugTLH+C_gvO0?%8 z+petyZJ!TqsZC_ogR(Uwi&SHv?GEr@=vZ+J=!Ivtu#YK9pE3GwrC-H<8p-XBqW2=m z{&0nnHD+$?c!yoLzz6?CXLBDMi8s_<82KX`Sp3#H%StRHXK5AmN(||cVo1A)<=hQ_ zO(SQiYRRZ~Z64ElgcaKTEA~hsx7P4(8+OcL`1M|Dy{rDa=uWiu9yygo$Xd6Ss_-P; zaef+}BoB6iCpSK${WZj*l{;a0Uv^$(M^^9^&fjruCw!AlkZy!xRf2V=` z+D+AaKaPB?d3@(y*0AUDo+H0qn^0{hZBy_&@pSV=-+j&3_y3`f`2y!3WxhVie8s>) zwdR`nYGnWN&F^rI=SK3zm^1kS;>9sf*t|HJYlhzrIQ3?!!{n|1RFMZ9{h`0XwtkWR zyPG*Lw6eM$p=MhlF*rY;)2-Z=c7I;WOC2j;&wGE}hH5LXK9_6Q6;CQYtlFY&(5>($ zxw{V;X?%kNS%!z&fwdjl&>EQdNbx7dlp`h7q=qhB8o2@5h=K2gz@hp{wN_5c&CId# z=ER4l<~#J4&QAx~e-nfL767~6U4;IT&QJ_-r1oDhM-k|#*^zhN`kE7%Bhl{mGtfzY zdRFmdyPl|gY1PV(K(FH8Mey8Ocn>=xsb3B{`GPmVd$mhOzbku9`pxDMEA+Byk2Nvo zR6M9U$os^D|Jyw$4jy!7rsTA8&40w)>-#1?U3sjzzV~r^uJ7hqi$8Zg_+{)J?|F{Z zs&7zqv8mhdN3LekA2!1#>!ptyo8h|0;RRze*m;SX%lX_dzUcDcOz>;w)9*9$sdu*y zL+^!^7Z`Ya{Au33KJ8tXM!)C4{T~k8f?aIMp&KiJ-OIyI?h)K}+*fq5 z2$**wQ{0?NGY0tmQ!X6Neh$;d`YVha*g+e%FKdraW0!5`y_WQ`2SdAc_S*a{&KM%_ zP!t}D)dflqWf;%N3R~ZGmiE?nhqNa`dI~vNY*D}RPW0VM=oNXl3jT^>2b5z6Xzf^b zx8N!tg)C&OvVmRujTi!UNI`J#muOG)&bpWnT15WsEho$;N@VMq@CBba!#_XieoKesmm+Yqn&}2C}sscW# zLr2BnC&o#90ehA2QRv-*N8IQ9;HaARV#~qN9l*LAe*_%4wvuq9xsx9E865dTMt5N& z7#r8*{azegEF2-P${2%SS*_UHLd(VxYX}aG4pp-j06p+jq`J{HUdM-TB{HaJ=f z9(O)?Z7>HMwQ*isE;wS%aZ~&AYwliyq)EC5IO;0W2eDgTyhg8AS` z>(Kev8$52xf2<^!e=YZcKYyB)SPH(!{h}mT5CC5{8{F<42d)cd^v3O5><4wnBizmh zx8Ada<@1RKZ2eE3D!+G=TapD%%dNtoYW;ODgGR7jR%gJep*@4staO}Wr}%>B3a7|* z$tY;{M0xXtLFBr*_v#(^WNEbUBJjGlbw+rRi7D{%`(KjqUJ;B|0&g|&qW8}p-s^&G z4JP*2^dv<;h-j zGbU{w_&p*y4<8FgXE7#hQrWW~WggaOOeJY!dgj86^HBO>^HAcM2fk|_PLMy8IuBQI zo&zw?WFD|7&Qg9r&({U#3g$v!c4Qek=0x$rLfbcVWSvVt1JYpbh2O$7{POz%Fxz}N zK1iN?q8s~4dz#M%zlLUNOM(*w>j?Z;$wXuwuWwZ^eXdjy4+M(h{J{A-o7R%qY zX$IMxXK2QUtlOq%vh#yJWSuL|-7&uYkMbvNedFcjV&u9HA3ZW6pffrWVQ{m5D*cn6 zQp9h?#56}S?%&OrpW|LR_hLM^n%}nm&9?n8Y@HQ*-)fkUq27S<-(EK7Pxb82mArzN zhm})Xt#XES^4G*6{Mcus_+NvaSk1qD3?KGk1@=t#5Py9M|GKXGvaO4Gry{@Sp7*`L z``vS7>y|u-&%wW*-$rcD&;|6Y{&ipa$c)3;n=8L~0sV!U=Lj@f$vG<_{J!W={2c7W zY--n(@Sg*mJAuRAAE)z+azcr#@G(Ego7{zs5ytL1qEBpo`Q@?&$AO=49_?a}{F`Hk zcVZ``%mobx@E z*l#g-%OeImMNyva%|Lo z9?wUqkN$&&>>;X#_e<(ZjelGjNW@C4rx@Ss-TAC%)1DPraLGYvt=$?I4C60Y%_A?# zvcAf)eot;w9KS?oKiYF=`!VL7BKw^)dA=N(90R7IUwyj)+IZ6Sdj;Ejz-!tIkJG+a zQ#)6@ps~w`b^F&EniqzB#M{fTjajEZS$wge{M{*bDKzwW5qq)Be`6 zW{et}?ECcgy=|vIFB(4G^O~PB%_Z}*5+O_Fo<>U7)>P;8la_OSkrVD7|GSR??(WdAE z+iQ+$g@~u!K87uZA2^pax{UfHtdsIRq<*lt^WOR6}&QCJ+(Bx~V zf7K<>xuC>X%)V$Z?Nqam(~Z|kW>wMtR^s|z+K* z-YRi%7_f1unr>%;LziCxN+QhU!{i2MCcDa6L8Ml{`lOJ z4N>$-7CL?bd++2|u|KZ~o8g*vY-i+SkL}Oz(9`z%g_nQUa?bV6+R^yViaEGvh}yEx z)iY7$rlYIe_^1vd)P|kq`C3;GXj~!`R2Fr4vKv z=$y@mJvwRqh1Q&x&_nsFs59~%TMtQZyoels(Hf_{z{IU`yPDBG=2}tDHSlC~OaR?t zbdtY+a6UT2Dw==E^W-n89dmt0fw^8(RCP%@R?yo#+5^3BgZJ*L-5`BUx9gC3n$!hIKV`LZu7Rs)M4xb( z`(OTqIm0tkzxRHpJ0nix71X1L-W6At-}ZB!J4S5qImu^aQUsb7{l_cnO3UEYOl=#O zn|sby5UrSN;ht;7I@f~yfHHJ<>0O!USGe5|E!gk&;I^1pX#iQHcW>+C-TBlwl6+KL zqE8qDJ@6!9tm?V8A6wUj@w0vOr@;8I->}3mH_743bZ=JzWN&%eI;vbJk|- ze8F#W*57u1my`1lMP_Nu0eQ67nlRX$>lTf%=0e=96+3D2BIFTrJ%S!_<rhp-o^X_qx2bZ-Mw1J z`uy7`?fAZPuEoVX)0+0o&F(YKc^1QX=8d#xD%@wBb1eGv%v}sr>gstt z)5?Cd80~uRyJHdD*&ew6h)-htkvgB*ufsWez<6%*{JY3X=bsAj-acma(Z^?d`glQoFdqE!)N#OreU0P2TRr2L*+(B=?CIlY>SKL|alq?+^%3#* zF};sI@_YK&tUi96p$}vYeQZ)JC4D|#^7c`Yv5!OT>!}Uk%!hK|yT9Sb3T*7_VX+)#$nSJe`Y-{f#da#=c6z%k^c#$7CB1rv8QeXWEHZ z(gx2zBpVf(Az3Tkb*FL*;SY^TJR-kG>&Wp+cnDwRJn$vi;Lhzzg=9vw1~}`m8P|cop}wZJ;l8H!5x%C5LSIwo zW@;`sPzQR8l{ngHB~I+{1&@KV!tbqmq%dn>7kftL92>f->CNG*njZ5Fs(*8Y^I5p6 ziF(ZABj7Gl!#L}Z5$ghp@D4k-=AW=Vj%{Wi3pq`{Vb9fL#g_#i^KlLa>ovbEyEgbH z{p#$;V_Q7W_>#|@`0f0wf^P!TF*UQ24sabA@+PwC zI5KhIG_KF!`psOQ%k_Eo87Kok%k?>2C-?mrwDKl2cpSRZSl*=X$Ib&Eh86~ew)&?2 zK0v;gi3v^xet5Q3vH=;?hOAT0s`6Dk=K+5u@IzZi7t`)Ca0$(LX(B+3L^%i5Cr_gj zCs|ExldUH5HJdu7T1}lL%a0@fQLRsj55#kJzLNH(pK|FIAqRL>M=*q1+42e zh1tuaGt88GlE4paWeno+e0U>XsPjW|>f31VMJuPJ4OrUgGtT!o@VGU}I~Z#_H83wSJl~A&EIh|rVPW6u_bU7#<;|`iTicYMV+GfbwVL*WC&>xv=cHWV znO{&NP;2SCCe${)h|JqHfm(UAui8&>;1FDjz3|*{_8OTup=tYSr|qk)rjYJk?74TP zbMH#4X$SZ8{5C!fyws;w+)MB(CYTPV3ht)#<7sP?)7JfbW*W=)&TuR|H@p!0O?91Q zpX5Z>{O)iy^|qN8?T;G^e2Sa+bv7O2znl8-vVW-~-oo=O{!?`uTA7c-*xCcsn?>=1xy-c;Nt_tX`1l-K$dG-q%{FH+``8&3(une4E@QhtN zf15K_?P+v|WT_%gwNV;cM;$Yai`%?*~HI=o&nl<;t^p^$GhoN@hEAn_&q z>HkJv1^mR1@#Va*nRSf7lwg2o%8+N?dzvf3`zZ(Ba5}tIz`L*q-gNj~d@qHry!AUX z!TW6wyz>}OS&@ zF3x=4%CYYk6=uHQ?A#BG?sflc##@>`UVL5PCNJWmjN|>&Zks>6<8}KhF!;Tw$2UQi zMv=!R@5k6e_TGg9;H5e|D)`gmPJL9r?IWe|WC?PRIp6Q}r}Y_=FH%z5WanD;;L}T+ zx|;smg>NajaUTrsS?@CQzbQ9ZO?`ptP3H&6gDTCYmaM&&5O{nGafusF{dIkfKYLjl zdFNW2a_`MMRcWrzM~2>TYQ*|2-Q7>=nJBU(jGoG--PXbAJ@)QM@BQ^Z!5cCyIuu>) z^w&C=I4yh;x2&g*pAVm8x(`1oFK5@O#`Th0!?@|Z9PkZP$3m){rgD(HO_`4^K-?cA8JW>IS)$lxU z8J^dB=pA$Bnqt-;&iB`ymhS@&jPfHjzb-tszuqH1vzh~?aCT~s$*W7ftIET*257whI$-=)rV)J2~em_coQ_}lu zcKWNjIAec@GxT?M{C-Jr`#_j*C@KIG1{KqrE$Ev>pA7{g_PwT7+>1p)nhwv-$(9`Sb zIS$M&zgkvBM*HV%_+z67J`Z1#TXKFzdY$CJ@KO2Wj`aQlKF1Cim9f9!e`9}h)BB^g zNUiLSzWD#)zmfmb`)hXk3m0V^-{HTpzrtSq`R(ypnfp8NH}>aG@2@u7?yryWJ)EIG zJ0IAiU()nl%+Ys|5$Jq$UK?k=iiecDBR;BllJ(=gfy7k&*C;mnm+qSX?rH4bP36sL z@~F`$-k z^XlU>m47>+>*}gYgO?opaD7nb8DC%apOu|izMQ2#*i_D*q|@nxOB`4}OdnV$YE$H$ z^-kJvt1RWdt3SpW{grB;`mqBd*vrNE6L$Q_A9|j8IDTl+H$XO;-^ss7^-JE~Wy^<7 zk9}~a?f*>ellR~o)_41Fc-r?dUQ-8SfVH9-I`;uvF+Q)k#u{)HHnQ&Gnab4SdQudY|^5QhVn8=Cab{`!AK17Gnpd zw^QqF2Uvaj&D<1^a_V?+Z7FSsY17d7EABj{`SZ`a*G2t3_NYz&J@O(6GwoIhX2$4e zti+Tb^szrUnJ?h-x#Q=qad4|#HE;X&{PnaS?r$Z6v_;!bDdu2eY{&ufZ63@TtGToD z-80#b%RKYv(qDnG?|bMkj4un{S!A!_Wy-G`?t>y^7eJQ{wJjMZ-q0@=gZJXy1(cT_vXhU>J@wY zcE@?H)6Y?7oSIAhWf42}5ifTAtE{y6g*zX1|2_V+_&p20jG}LvRR^y2;^3b-|3v!6 z^zZSbr5oPbY0H3K{V$<^PkblYpV>ds(_a>Jjz9GYty7DCv%cljv_aPuG2h##YOVV+ z<;)PD(K<(#StnJTO|jMu4|c2m|5IUNcRItt$NPH53#)XeiKjW^*?*ex{2ymLeeHj- z`L73l26q57$52oIcOSAMqV3D@8Va!uk)Ju2SR>vLH;Hz{nSy9FqR5 zP5(Xoo&Me`$t(QQtRiCKGH?f_*2!KlWY7b zPn z`}?DeZ<%*|*z=kA;R=k{mI`yPAibo?#16*9X$^FB{T_4s-1v7awN>Pk%2w(|~72W_W&) z0iKW2-|<9`JP%;Mm3=mIf8Re%e+35LXJnrosty+iztH*N_Q`jg{?5ieap~S=FBczY zqu(BN@j;CBbo$NMh=DXaAx*!{aK_;3Hy57WXF;FqJn+mzf0Us=YE=(p>&T4ptnp5t z-uU3z&Cg}QH#6@XMoRtcVPZ|(EH2j`W5>*3p={x|I_;WKmDvHekcEIgEN+1>+iteU4N6_ z&zj19>#bvquT@EoM6-0it~K{uTjlrz^1H?3&05Dz<|w$_j{k`t>BDYG&L@7nS0<>x zqLiG4RDJ4wR;{}8eNP&FMwC~9Jwo1csrK1UV}JD;_E@Z8kHtc4Kka+u-mt8I@>G4H zTggE(`m3TRmZg1qZob>6(&j#0pV{)Ow|pIeJm_XEw!0>4cQ^hfF_=x&fib}t*92pf zJO#7AW{72S7oxID@p;+%8;n$|j!jnR;H&ToeyoAd<7a!}J3kG+|MtW;-2EH7*^}Yj zzfqP)ym&JETUZN@k}nk?eiNQq1+^u_6`NeXRRN`|*7;-u02K?yKD>>F14p~1$y8PJg)nybA1mm zzs|hK?zQXHaAqiUmyXvc<0=E*GT@8MWS=SHtA=*T5iqnHaNt)im-^cQ{HBdB_RI~w z`s-84doD|K&oTI2*n{^h>?b!qm+Z@_KTz!8NPV!5Kit%Ep^pvpp>_Ip+U@?XZ$%8- z7d)9-)xyVp#BYSJ4)W>>|HZeW8TodAIqz8GdoBOs!0Xg_TrmTjwUd{-p7-`y`Ca%h zbCmb0`g!f-g42w{=lbj?zVFfyvM*P`PoT1Kz+-mMbJVOw6c}w7eFg+otIgRRWjj6T$ijY z-1b((6{byF-kdyO=fm%&rtAlU&q=QNhHK!5I`W0;kv$ug7o5XBj$Hoj{T$u1sLg@g z+*xby4e74w$Jyci`5(alz}>2mp*=sU{TQz!cX2N5%>zG`%KM|u#ng+st-GN@bu~;) zI)9hs?l@%jW#|vZcil79=7awu__rIJ_^jwuzF8--#l^E^wXQ3lu9b7pJ`bKd$B<*G zToCdcwQt8hC#_%TtI(-xJ;jy*3-@Eo`7GfRm`_&wf+yJX(OKvB)S@jgb-KgVWu>Zj z6@~Y;Ph2^Fs+H4*3{X9{j#-XeJCGsI82Q+WeAFEL->tU2kkq}zgtcew$IiT1&Y$$b zNq@F|elPOw9e-|0y|VB@D-nOgO0*rO-MZY;OmnbUG)^sTbi|zP!~x1{CqS=RUGj0o z$HKEdCFj&$q=h+RZq;rXak7KxFy)#@c>a0(jV+UX%Iq${MxwB4mH@v_e)@zjKvBO{5E9bi&{BMNkH&aig0s4V< zPLQV^-{C#i-maM+t}8E%%muD_&`%|>RfDU=;A$E4vmE-l!_|wqCYE;t>pb>8e7h#> z^=&5`kW)sU`;kvIr;+EA!Gp%EF-i|ACs=qk@*CVdrLm4d2eRL$M0=Zt+2{Uhe?S{J zF*0X5dDuMn_@_>q{ZVRfN1u!ddbFZ}%u_DEJ2jSE)ERt3Mpv27dK`rF*MKIDG*L+-N& zv#<8MYqEEnKDOFzM395&Fmz9n{Li(YYqr~x987=CwA0)-EW%B3k&PSiYnG84PA#bs z;1?NhYOF$k!kuc$ehs}EWsb@vKbR-sNcZGhxq2UYu-BCbesT>pFM3Y(-Fo2?xzQIc z4E%w<;WziI`o1q)P-Bz~^aEctXXW_OWybF?^x_W{E|Cx z)^L<-cyTfH=ysP*;~=T-ij^kt!QL##ccLg%w=!IJoZ*p0;gHm z$_X}1r=|?Bm$A>>tuciRyXGWtYJW{EmgUjgej{JBo~v<0xgR#QelHH*IG;VDn>oj` zf&WQXQ|lJ;VcFvl=ZwqvMCuTiU|XoBYOQMPQ15Y?Z8Owd3B2&g!mEw_wO4*v(*BxY z+u{qVgh${Z&mlUg*3;Hx)7Il|Th!h%Z3Qy4MJ+Db^$VKqw*I8H*eB5g*I3h5qubUD zr>&bav_(BH(^ir8@mrx^tF4K4Tg@Z17cSSdb+6mj9H*@>W@ziP_8yc4wc7t}*A@LG z?a9WBU=PU#*B%_vtj-6nX016qK9IeiRYOBeXx&F}4 z<|3Q-+4I{`gWg%@?2~GwodeLX<=H3I?(CB~+_O)r>>6@j7N_o$+Vc ze<|%ofhqO`bO9Ya&;C-`ywbTkSIgcvnirD1jW9QYy$sl6PcR1HC-#<<`D>9c@pfvk zG6v}wBlGzEO~#=bN*Ys`zO)x>#_jBdn%_l#!~DKS9zpv2j{Qo8`Q;29 zGrydp!@gkV_mbW5!OZL1%{{oC}JM+8HGrv{N{8~Np`zQMRsPnsr{meD&dAu2Y zTEo7|VtCfbiD8bMfIcKAZvVoE$O)cPykiY=B88qLgFW=Lnf^@s7dY)tx7&Z^*52*E z;*~=@Ct0JInwMrJhurqRtFf?0v&gy`{qE64$3#e~4)0&eF500ST*kAAa`8OM_5zAH~Z*n-F?ytAped|7c@5e4s zeeXCt`%pNmw3Qk=Ly!%6Kg;VK+! z!?DAG#BIKT_395@{eX9_TwJ>ICD;bjXDj%)kF}7;h@XB9xp@p6-3Na5F=w|hm$lep ztFguIo522W^i!oZs0)9KI^cu4#`1YTcK6zES&7deL+`(fec}E=ErVPC`Smy7zkkCH z_RinJUa-gZUlshhFVOUL+OPYD%|oln_Z4CBf7ED8r)UK z**=AQ=JUA``~2>Et;8()+_=d~4Eb2?@6P$2wdJ^faLdFGHf}iJ8(g34Z@tqW`w`!I z=&c4ltNGSvH~oE0W5k|ZjXilk_U&Ngzv*wX(;uH3XK+T*Lr#B>Sc!A6dnY;lEl=-n ztEIYH!&bAu@%K)DdR~3%v(Q)A^&9nx&AJ+!^?ugb2ea>5eO6Dh`|S8QePZjc|CQ5c zvz2(;Z?)Vp$g0;EkH25D`S`%0W}J_KSIw2?uI?GTe&%ZSPCiZFx^8ge^snE?;ENda zQDYT!RZPV0!R~v^DrosS|Hu6UTgJV=al>)!z;WPk^S1(tx6$YFWhZk6&f%2z`*p>z zf%N_^t6$4f{*R$UZ+ic}4aa!@Cg||~d#MfJy#G4m?@oEYf7cG`L)q{5Z&_^hZ|UUy zrSIRf;fU$KUw!>U*cHzED|lbH>w$kj*8yVVdVi-iprx9B&TDPC`~AB&wDbOp%;UOW zVaqx1pQrw@b>ACNmI(M2Z*%tN`U^}#V_sfpZ44r5`VponxCi*fBYG2K42^KWp}N{7m6*n5(NYE zTXqj9V6Qkabzq8Pd+#EL{zdkjCimWBm-pkW@y_MgXY+`|3Vs8J)wP}T9QrHg&eRRa z4xNBjY@f&<$}!gm82GdJeyon#4&dd@hp8U`UdDizH<_nFr|#cy{B`UgJ&a^ z;ETR{;fub*$Ohr-SG;5J1--<#f-hhezM{g{9pH=pFFP-P%jxmeFZ3MezUs^})ub@^ zGH_U3(Z6)hk(?6!Rbi9;%HT^i7qUa!Jh=O%`QG2)?g_phUq>7k+`auMzD1VRG7j9m z4eo}X+PvYNKOn2KhV{Z-`z+hW@0x1kPQ3Iccy#$V>>mss2N^uJJqrFBti+K&fWvjd zV?X*XFnEliJ7NtUJXV88;OK=%;Be{gHW!cZZG1g&0DlsXcY;S`=9%E}TJi=v?*xz4 z4jv60R@Z6=kCFo)pnGof;Bl4*j|~Ni;d5*qRYkL6L@;z6L?&Fp6}ulIU4^4_+%Wy=X0XVmDGU0Aiw_fG+7YR ze*Mms;Bv8pO9O+|wZOrpWbzhpIoyNGQ#*S2`5bdypc^8?<~ z{cPv=d*=6`kY#=k3jHs?-{&7cj@Z=1ATgD_#Z?o7rw((Dm-pJ%iNU{Qxb{|tYsa|O zL7VOA?b1dY_vE{Y&kl26@nenSfA}sxcJ&3y&;L|#$z(hJ`P=_FX|J(6GCgJOVJJ2| zG12%BX(taKwm&}PVC2?N;!}UM_n|n;d&zu{rRYj;J%vp?%XzU+1$cj@yC=fQ^-|kE zr|px-hjX$5iFbBT3o7fJu5BN5&v~cB3bN>vc#C`L!>k`x*ylgId|B`FA0o&_BOl>! z<#ybN4K)rM>N0fwZRq)&e0ULg)Q|P#F7ObA?~j5Ptz|cnqY)+M67vrTBABVI0l;5$CIxBJ7 z+i7LDs6Ns2`b76vqnCA7Q#E>~t+KZ1FgeH;G(oM$6^b*qO$j7k!6#x5&+wys-^V9$ zE4xM({2iUlm?kl%Wqg90kplvWF!<3riOH*2#uz3c8zu)5Ce{URRzX)$aH-e^vGh%f zrI+B_5U;%^U|DAUUGa;l%vo$D?^p9a`bzyb(tlx^4^eh2J_O@ctYZoGRvY8ZWjw-P zoH&dx3o(2y_41rx+K{ zEW8N#fPwQRb*6^$Z#F6ahMJ`&r=k}8D7LejHBZr%aPl5G6pAH>p})u$Xl^s{ZRk^L z;U*?rk!@@}wQtMze(+BJkTrl9B=bd#FhM?)S@$q8BIwXPSIF%50hcjwsW|f^{h`OH z4n59<9+`&}dR*zyBlen0k7YU|bY3bw-Zw|}C~bOtgj|45^!`$-pkBK3CSO5I7yT{O zr@vpzGJL$F%c;%g8&H3A9`QtCj8*b$rw0-(%vC$%Itt$ID`1aY4t&VNKU%*dw2V#u$TW zEMK~fF{rjtoH2wfe~Z@Ack>xz461Du*BJ061@}*Y+dDUlpb6V99T>XFe7EI)rTK2l z|1a}>p6A{dJ@-D(ckw{F?Dwuax0fKp#@PB`{ttTV1Mm8CdkJ_P6G$j_BH67!Z~n)) z&-c#%P_Bk@KiXrq{2s@dn`bJ&Z-j==R(@aad8h4JyWiOB$e&lCXJB#jQCgqQEWZaD z8D9Il!F&$k{~Z2@@;_K|{UCJxG<5Ptfbl>BE%237*GjhLF?3Jcv*75}K*Am8k=OAX zr;uBK{5t`UsNS6F&Mo*Dvc3VhHUrlaR^ljpb8NQwp-1Nb0$P&&FCKe|cuW+!H8s)d z7#DnOLLNL*$%YXW=^pc}d>=m$UHXgRVG zoQxKo)0cG2FVHI{w$F7vcXDzd@pbs?D7I=FxxRGAUUDu3o5tV4xI6cVziXQW$D6?A!Xo$t zPYv)?s-7CWZN|!XGgh8AW4*5TSoeCz%5xgq?eZg?_T9FZsBP7KbKB;-X&Zc~?c0gJ zq~q}kZ`(X47?(SERQu{n?SD>f6O$}rUerck^w;@#iN-D3Jn?+cg|Bg?Aw1qXWiQjARRb<^i#>XW$K_M7RG zxZHkgu-)fqr%yh&5tkc$v(x8it;Biw`MWaoDO{N`^1STkENVX-CpSXZ-Eqpl*Kf6P zAM{e_8`2dk=ByXrkd|Ej+x`BQybsoGXea(!fR2^ltu^!C^4?+Iv)?(V%a4s!;X8+S z&N1(dao=H%+;@nB4(m?7GqkIMI97#kDDMn4?<{uS$!F}!T~j|pdB^BUf3C4%I+r1v zp!p-~SpOm}bE##qR_Sl)r?tvPY810p>6P8G$u%~~Y^@K56t`N3p1Kp+*NBW+hO8k5 zW9PH_L$6B?-)Z~1CT=y$GBrqh`MdPx`nzAkK5B<|T7f&x+;sqBGHz7~?!9rCr)`~L z@)fC-k>ow}Nfo@;S&2-V<@me?4t!qXR$o!Rm=m`uH{Yc@{Gqw#`%u2;hvx8IcGA7z z=U6@R)WOd&@G}rvd~=85=Yvx5gM8=&N77x=agu@JHPNGuw*la-z{Fi*_26qcc-sN~ zR;J=@t?;(e6L*;n-hiPO-hjc4Ukz~a293nw=MG>`#$Bqxn>X%q8od2C^;tTr8N+M` zZw3zHeQw+ZnyW^34DjIaq;iCe{`H4)&GmB(4*kO69S#mR_Qv6fhlRr-r^TTwyIfhH zj!VT{+G@b#!{GA{?6HlhxcsuVh%mtUg(hHZs;?iIf?-&}C|8N1gWDLoe%VJN= zrB6H-gf2J*9v4d|I(RfN^u({k@7dt--wf{TIAEg(k58KKLku2&VZP^v_VBsO`TjFL zcR1g7^SPD(hxxB1=h}&@Y$_)HvFnYKy{>J`aP7xjbK@l6H|^SX@&kOAPC8Rt_^01L zGg~;|oZD<$!?r!Fe6o9}N1I+BH;nx!zfZD7d4I}1Qq1j}NBYa_Whi z+N*2ipU~G1eNt<8^r^KQ+9oO%fX_eK_W8ATSV)|$jhy-Rsn|`~{?b>N|HG_t_PS^J zOJCrgo;$#2x=rwv&tMY(i|Z>X$JO}bW?cB=z=B@JAJ4Y^abS4?e_ZYDp*^Dm4%oR( zA2V}p%fI2Cc^}rtyemdEI>Q{R?yWnQN&n`6eICm_oEhakA6Wje(HY1+#im@F-;Fb! zE;e;8`BGlrW;C|PB5V&gHkCtc>WHz!a)>R7R`NnQ=AC|g?;j$TlW0Spw$r!HwN@;u zpP{YXkm~feBkx>zytLLj3z;#D+B`F%w<*Y($*J`AAakO91M)f655s?$PM#t3Wc&_j zvwd zFIMrOhp_oB#Rqtin8`t6CX2!IR_s6dAKOjNofZ1|PuSl?|AMD&dLVHT_oDD*1fCS% zM!>1@JHTtw?|=?ft2hq5nwS;+{|Eg?=~FSQ)A=0_r1jUvJE{XM+{fu(b(homC3p+` z0uIG5WAVLW;83vz%}E@dHFf4qY$3Q)8MnCG~SBZF}cti)0M#YF#d$ zbvdwZCPH(_p_1Z;~zXTS)Kzdc09x0Z*&j-^9O^6 zC3Avh7aAR1m*n?DXBx{mpZPvpelIZZIQ)*jZkq=W(041kKgsWlq1Sovd!6BT15Yx( zJQw*1O-1_?(}O=F$cq@X?A0$nfTm*1r{Qj7X;^ zm)F-5$4l}$?U}eT{fW<$ab;wPi7ShqRNF#(=-@l?pJah#Lkt;5KZyuqHGIf;lY9uj zr0^l*ev7rDD7bO>(46&~DR#W~$HYnDTbK8B?ngS`J#ljn-*w;*NhcaT#du8InDL~< zjTw*P#y@mv+i&l+TETp}^!#=6-KOVdd_Nm{zH{@L(eo`1JaoG=Vl!$=KUzKXN$cK%EMi;KXV=8 z=??tI9QaOF*!s0|kYF6%!*9^*YSu(Xv!7)j`-qB(FNL9lMeJ3HqaSvjs@Y5o{DES{ z380l5bbW-C5H54`In#|;{Xr|QMe+F!=!__QQ(@(DhN<=1d~!iWW7wID`#R%u{rOsG zVNAg6jc{{8OVam(vhE-oPBHOfXve*8*5l9vQD{&5b#m#ujrOP0Un~77uiP(~EL#UI zU_RWw-Sz&@l@g1h4ZYt69PRWW{T9RKYlko8BPoxv5_*x{q&*y>Z`p9l`y2(V?w;#4 z=s5A+G~m_Rfap$g{hcl7Ib%;)p)h?&m&_pEv;d!(zKq_eL#M>xyBKgtUPyLy*W~Vw zPN7e10Oim};K?vL!_Z5GExVh*hdri=!D3U-=ZfGn|CM1s#!%XZwqAIkHywZ1Lu;=6 zC3;&5jNbhj5y1ysG4R?7p5x4aca48{9K47IBoA7_o5t|)*PYr8b+)b8mk%JAwq}6I zje-Bk!%sIFczWu&gz3xO|KcCQ{ITvIW?smvGoQb6KEI27;N>yFqJCF9{bs7KbkbQL zy=Qpu_0jM~=#h9-oOw}fM0;!$J1S-^PWuyn4V~q3KaW_|R4cbDicKe8$;FQzb5ZV= zcIL5TVIYxTfPV;$Y0snR+n(2KBM0D@U=48+<@a>*>}5PVE=P3SuPclE?jwW0`}opP z{kDvMp{%r?J;?X7_wl!@#s#&;8)I%dnJZ|hY5bpSOK%@%y>>78b&bT0$6;$M<9kgh zv19C+;-$ohzb2c8bF&=Vm*R;JYVB+55@W+1^4f6QZg*_BDxLA;3w;vWZm(d^2=HnR zR=gyBR$N%)m7S!sJvwPmFkdV@t)S0ur}p_5x6f~6=<{1npIhxdi_Wso@nwO;gc|~h z%WuTSbMW-451H!g-_`t1_nfHFrOKNbfR8vZ^sBGf_V_|-S1wwDJ$E}}l0C=xichky zG3G0czz4jSh|PrVXTb}ztwbBLu6-VJTglo3`sYL}^S&e5n=8V;pex6;=RKRfN+);+ zAJDT;$=)BT^~2hWkeSveSZh2-er&LC&dDA*=-@qyF3*H};oTkgZP16U5Br540FSm^ zk{jB{cUK>ZH=YgJa^jN?|DE*P`2sgW%kQxF_$Tj8-QAdF1>Y~RUQ_Om_UEuaDlTm~QC4t+NI3cA97hCXM>)>96R){FB)!$hCJu#k5bfwQ~8$r^(b za3MNnOmX=gJo|0-DTjAJuaXDo70GY2uMWCxgKpcQ+YadV1Yo2Z`ym=kq_t zmfOlbv2}~B=Q_|oe&W753n+_E#Zy$jK{8PGgZx&_OO2J+b>50BiUZi zHIkU5Y!7lbnil2zTXN3hoFsT-8}YdHrq1(o&3~h|H5{ffz57>L;o}-PI_-)INg3xN_!kw3zw0U`S zlPy1f!t-{%k!^48#-8-ro3bsDpG{F{5LwzJe<=qzHAlI?${x5x^M$gTCHwHJpzG#| zCmWjCpI$HkoiYnM48ECm75iIeEbA>W`JyvdIAwi#yp+6R?#O?U&( z{XBCT=?_f~wq*M?Vf!^nM||9w<76&d343M7)HbbQ46g6u+LK9t<0H)f)(aJv?wS99 zJO4vI;{0QqrO&_OcwQW&&%g4s6weV2^uva_fi^yE?7N(<=b(W$mj>WbFAZd41Fg>Y zZ@Gc_|1^GxXrLGxP#jQmBmJd(?T61H*6z@N-U)-lt>jc&)bH;_2W}r{Ne8vs<4jHC z<}1#I4st^4;d@u+W}<_=8*N@sr-RiF9T@&U;J53Quvg}t134-7L-!N#;y&o>AUHVy zjkVxcEVuWU;@5(M>w;bX{#FC|8_E5p+omI%@8r4ep}VoYHlF7f4J&kBwx%p3Wn$z(!DRThV`6W=(i>b1r(@o|n7H&2gX8 zT4t;T8aNQZ7q!ot&$K^PdsC0VgLeElml$B4shiObZ>n#%y`%IIX71zIoYoZU$?$T< zz067+LEd#i8=W;)qIEO+c^3K^S!L|Y=`PLq&A!Ck8?ghHJGm;K!cQmHP=2F{8_(n2 zWx#8B_NHz|&-e=JJJ#8;qAkU}{F%g!=h;5t?U(x3Pg% zu=WX`)nNCmChy{g3;PpCB?s=#0COpsWaI3pY%reNiHtTiQW%$T8JW&=v(UAZm@8zb z&j0MJ0X|^d0xg<;?xUZ3=!a+355D!B9Qf_4<8ti${FJ_OLu<*&S8R9}eW@Mg=@^*_ z&t~dN@YK?m_(lI6v?u-E5B+|buV2el{I~lUdx_848@t%VL-yL|&Sr&vaW(Of#f*dZ zJn@h|_s0II!Nfz%{qV|wi4zD;7ca_{&7$up{g{2R)z~e-Q{c1bx7?12IQwmQ!%~HjnHQ$@eW_lzF5_Radq-=WJILehPzDhk;-IzBz0fx#pS=udsF-wr_JX~o4(MO zg+I@n8~U6MK4$gig+G!2&Y4@SeR7sIZGQuD#RZ^&pzz%xOgXt3+6Xno=66) zbNl*t`f8#tWR8(rL##QA2KH~cVPKA8d%a}WcZS$D`y-ydk}}1aGq3FWn&t~R;?3(i z`e|b0^K3rpV9om|a(Mu`S319Tmv2DJF=$~YpGV2-8gS~~4ae32FZ{l+Ka3k68%6-ZFG3;B{ULDDNBk#wt?!?@ix%eY76XcCzSK{j^ z^wuw*y+{N5kuMZ@{IW8ubO`)WczNIN$R|p9=LW0P&pT>gZJcgg7n^bULaXqrivx<4 z7a-UAnYs|aJD0hjjqULKJZyr|(6u+mI{^QwAMtJ7zrNKVo8-MGSOf8U_U}=*su};Z z0v;^q-}Z<6q1k-D)%;dmsUS4j^ZjbR&-DDh()0at^WDxlw%fDUE2eVY*>kclEkG z?wRj5vF*Q?%N0*ewf`bdAXky+t^4r(nggYAYI4S&MW#Q^Shz>*Yp=yQ7(cz{WCQEF z$@)I4vD@N%?D{T>pX&Seuq|hYGhfCgV7{VHBVV3HZ!p(=*>1Ai?0qFZW0Om+tA0p3 zb0=LGrft3N+I4N@11QGYu@bxIPHdw|*ltsSd7|~Cd{*g7nOak^u#&8D47`taIo=mlf1)%2|Wtr~}|mX=@qV|Z15tYmJ-C$QHl=<^O>LY^3V zjdqQ_22AbrZR|B*OWJES0oz^!)(-M;Wv5Lbc2Y=A!F+g6@-LfMMhqFRKB`%J*8aM4 zz?s%Ai_Ch?;9!Jnl2fNX{#L^%i{1>HH7c2))wLD^iu9TB|zE+j`P zT~A3rX@7(CmC;koUs6xaGJ0y0ZHMKDS{Q@iPwFYbJB#1Ux7KIU_0%7rH}6;($0m(K zIMceU@D=vJyGZb22V0!!Eju^>?|s-iUv%tBBUh2BecF_^&UMC;6}pJA#O4D3z7(5s zQ(yH~W`JK})8@XhmD1uar*4A|J)rX0=~k~SrMN%wSIoS_!S7WhQtYqSz=JFqEh&fOi~!tc#o zZ{)Lq>+t?T;%^<;lo5RI7#RA+XqtZ5cS_l%x=t({Q5Zd z;9C4x;UeeQcVEA3$>?{*GtzTfBUNpr*VQg^>}+WCSLn_r;)BE*6R~RO9#|HFhtgyst?6k zTpMsE?bnmr-Ble(jK6E-yJrLcy%}t$pG?Dcnr+j=3}R8*qm+-`a-@>6`0`t{SN#S) zJFsi=IrsiZ4e?-KzxqtPDcK{Qmi$>kU%BY6T)#CL{q^KlcVC$^mMP$&ow3EhpX9+p z?EHoJ3)mcHUm10ZOdfodW7{uq{Dno}MD-6OTML;}YKkPD#a6+d*;^dY8oJJSF96q? z>zvR}WM9(HcKUH_nv{KOUYq7Kv~9<{Y#XL)9kos7tA=O4kPDY!*4jfS?OjIvY9xM9 z2{4RD{@6BMe>3;SFItD5y3neRb6;x}(wF2{Qy1Wppya69xd(dcoT+!=AMj9#eSR}> zaOqdcZL>}YUSCAkMWkajet5Z?PdAU_l=*JkMG3ykK2EoLT8Bfg*gggIy=@<@Ex(b$ z{^`UgN?9*Jk9JGegLmm3#a4ymvV3xT#-rQESggleiHD%6*ce-<&mi|ETIlHX5@f>o zG@Z_vO+F8L)8vc#d*_P|lZ{Z~*xqJ6z{w4xtux6NosWJdUelyH+}bNz{2utNv6^0W z^oLC|xgqTl`C|qAKwm~aqJz#fAM{tWWoYMsz3$Oq=0x(zA9~O;KS6hX`h%~*Rw6po zo|hdPn3w+0$zb?rsJ(a8a{lb~0y`h<krK-wjz6I1~!SI?U{^mvSUNi zuCXD3tDXLh4GEk{8*(<|K#sPf2Rm4YE@b_-7TT3fwpH{9-A5)e?pcAvGtiD|Vmmh4 zrerLEXG|=C=aR7m#-Fs&u-AwsByF?>S7IN)cS##@?_pypL?d?dZ6$A z@5sQLZ&|V`ucuAp*K1Dk2b52${UKJV)ufykefRcPMt{;zl9NV9 znLID)sQyMr{h3&ct6Rt;Gd4?vHj146U-~|>+4kXffiGJ>`8{jE{?K>f$(71yL)NG^ z!(HaPtq;D<_rCOja+KPT&EEaDtM19HA51=2A!9FrzM!!;(C;bosm`vyzMC3~@6@H% zUvF)PhY!QcZ&-=&AK>K}c9B_onH)TJ6*0#@B-bD|rK~|Lbk-n>l;>ivK`a6XBatO~ zE_@i;jzNEK^zFw|cgv}fsk#U~dup|R>j?CFf_ftA|4r&_P;ZI-vjeEzkQH+KIBE2> z)+Lm`oagwz=Y-xi`D@B47#cc`yg31ny}23rAbGHbeSHncD)_Vc^Z37#U+Wlq9dhz% z_Sqtrj#R^wi?R3Tf)_J3Ke{wK^qY<1Ho+Z5Y1sUW;=K zBK(%#y=J208_xoU8f4K*`hEf$qm870w2@~gGS=R{vGFNS=Ntc#dE8{URVDp_0hEDMEB^Qp1f#X8p0CvGK^2?qzpcEK#Ld!VMFwS!( zj_Sc>mK7Lv938G=_l>E0^P6&yZr~mJJR<} zY;yc0&RCaRsL~t*o7YbYH{!Q2A8Q|kC(%)(@s$<pBa!}Cry*ZOCh}~JS6#>d08m_{4)IcMfkI-hd)gmBLjaPWNd~% zt1|G%7ajg+w(F?hB{=EB%b%Zv#)4la&kosgmEstGhxr-6xMb^eK-Z^TV@4Ol>xPcB zhHwF6iLGPKc+Xv9_CuR}#RI1?9`}A2`iek8494}N^2P(Nc4=uw23jIcW@2KNO-pfdYcyVWjOyFO1MyFi@j%97;(^o7JRbO} z+C`3d=h5XsFYla*{3Sq#FreRNA8aWnUeuuT*LiDJ{o{6nxo2FvH#q&-1f`lH+EYdd|- z;~BRP`CN;L69=rGwauGp-}qT|xyH|0!}&rc=GYKOXkAQkiZ{_=$0t+U1ihsk#jZzt zVufzo8k>m~(q~Gn@N(iI<20ZBjqO1Vszl^bZ1{^ku|jD4t2#T1S`2Qi@Jp(PIgfY6 zTj0x$6?*&oBd{n=c$hH=rUk?=Rfkgeb)VDvtM*XbMEr7QwqyqT0SeTv{NMpyQF4+Z zl@>W9_$uVe*N*mW3Gaa4c~0@7))d%e2lopdCkLr>2je_hTY3}u>Xlk6BQH=mI6`0L z|ALJA4t=e%?XGd9)aXHfO26O(H61}VuucGdTp7F)x-hz>wl`gEy~~jY&9+Y%x!y2Qzmxwk zV;0Ufc)qXmd|zX}+rIY?&3D`P{#U;D<$Eg@yK8M`Uwgu-9^YC%w!0qv_u9{YJ@Ukj z&;C93^ZzVBdnHZ`g?t9>1v7hh$Ddhzc0Vzczt?{LrJw4F->UXm8?b!T{rs1jxwK=r zC7yXL>SJCtr&nc|(@gvMwV&*x#@AnAjPCsXJ>u)vd**M+|L6F+&oe(Ae?xqIAAE1~ zsz3BA^WEmTCcYb<>yJzwj0_uUnRSnrH9X%R`(!XOY-r!{^`+Dc^2XPdH_*LYy1_md zPx%t6m1J_6Obo!z!MFY4yinP>)X|trzccB7I`NTei}fvJCw|F4YTl;Xv7JZQvlgC8 zta_po-RLwhE^ zL!T+}9dw9^?@YCG8@4JQjV{x^{^;C5;$`HZ;#h4{feAg(!8OIE3)oYUj7{^riB0oP zGB#ae85p+9S7XfK+2CNjv9*!wcD`HFW!S99g=CC+Hht2D;?uD)$o8~+w-=btIP$t} zDlj9z!()IGSrf%3%~W4==_lcTa3Om(A3dghCR)$b8r!A5{FY8|F`7?zJyZHLj~rm{ z`0p`#K=~DR-H2~VUecyw#QEOZ1hi?^pJ+3sHUVv#+63U&>?Id|->{lw!)X1fOur9v zo)LbUY*%mJvdNd4{%w7tcuJ<2Z})v~HGIIo8}t3E`EK*TyL`{Y1O3u?pqzeO{c_UD zM>q8o)AG?H2V~Ni0-m_n0I_i0+ZL{5P{B`JQAH4Lc)oYE(J_E^) z?nxG&ehguBX#g^H;z5XWVSGni#zlq&K+sY42;q8qMZ`ato z{qiV>w~KifcwO3C3hgPzA>Ljx-N|LDN1i})hR12wtV02#^4rDdabQcva%&iq)}ht` zdnNo%uImJ?L$Mwemfq!e1bL!05XlhbXYYkBlph@dAEwR$I7zPe)bkwts92-oF5y>M zzhY0Fo0H;0M)XzZ@Sm91I54&WbNf2x0U08hqnsLV|I(Mr#ob08iQ8q9sI!6^sJi^F8BfqqP^p)zBv!I8fOp??^M{H2X#tbsP8z!O8qbV65s$6T?PAC{KfWJ+_@R_o1MTJDOKFd;@uwBvt#>A4m4}kCO88{8Vw6*zSS7HUSS2ze z8LOPxGw+If{grta-y~y|Gez^zHL@lds{~I4;Q378J?O-`ym5li6m;J#TlYOO8ovq| zq4m+@%fS)rqQ{qkJJ0&)@fxj<4zBm&L^43UC^_(R`tZu4$0g%vUwUxHNbC&SAFUi{ z+BbHF+DHB**Gg&M*cp;L)1~b18#n*b;1T4^GJM`;`-cVZ z<@4TE{@_69OXtsn-0|IpVZD^}vek1{clLn$#4_P9#EEeI<=$zDUa1X|a=e62;9`df9(V;X+F z{_(ORD>3uvcVBmLJz>fCcgGLOs&{d&GkflbpM-nr;+p+n3yKv_pg*o3Rs^j_6Pq=p35b|;|<^u|4e>g2X)*!X=Chu-&xJ) z0NP0(pWDAXCU-1?u`fD*hj`ceJocP{JMGC({eI#9pWj6H^4?nN9_$)xz4jtDxa_%c z%-c@B@4MDM^XlrNlMM@?*Yescg2Ky!CFJfxw_2l~hD=%r4ytaqOis1~j9eRv?J^u0H3I%9L^hSc zA7ij>n19*9?w=cPxzW@Dy09nLssfu2nT>uMmR>(`wdz}q2d+u*@t9QGFnk?ybG&UE zj#YiDLdPyFf$!-*#V(wbnh!TFw|73=XRoI{U^jADwi{zH@fO-L{s?`g_#+b?e}w(* z@;`jYKchRRf`^ybSL*O!$1A?lUt`xC9*c~WZRoAB_`I)F?>wjbSEsdc$kWDu_)432 z#%=$Xj-BMyQx^D$0Ka^+vECSs!38xJfj?8tMYqjuv}x0voon|iXwZ!XG@0)#JkRlQX4^iF@>Aw3&(74B>G5%{gr418yL{C`5&z7Drzbl;4(%Er2l$lF zXM7xBO!_#p1GbMd7kHJI<>uPa-&XnB@KgjIP|QHI>E_yjqn>?xJo90>cF4B9ZX9FX zrP#yJYch^8llGCVF$ZVqag5E-qKRWLmUi^B7p4b+DVb}h{JMINzeT&P^b?0CjK5VG zNPPKNPktT#mf8PPf}UY5I%OT>W6(}teX9PVc*Dz=A1j3~kqKrk5L>MS{F~SbFq_y3 zxKD|lfOo}Cgj+YiZa(ck>*TwkTafqHJ2~0*9UW3pAP3Eqr%%%aQe| z`EJiK9yi{x&wRJ}{8xO>#OHnKg_ml2^L{41pfj?ya6fz}V_C_64Pyo;1>-pDjr{^Q5lg7>ksos>donMlE-e zp|AJvb$GMmVPGv_tv82twM={EnWr9^loe_lh5ZlSqP*vcE$rJEj>GNcKf%!Pe zoSzB2T^ZsF4@~aS4;}d6U6bweZ^pEV?_3TBGEEwH~EHHbl{~vqr0wz^;<$a&3YG`f>3JQwa-871~ zsPTp^NvQ5t5lP}ioftzhG&CxRkr`&aT>Zx~eaz?>x`>$mrSO}uw2dy2W^zv0gK zFG4JJ(-B=w8J?>}X66&iSk5?bKDj3)=$4gV#ii=b_woL6v+o+dn8}SB(tHXsq*$5u zvKj}TuXf5?&Uzv3AwB<-1CNE=MA_PRh5_(~=jF z^Vv>2v?o@OBayY!qCf8BNW`ea&ygs}%SHb^zyCKM?cwvH`RkA4c9`$Jz246EV)k0T zdFtlE_W3Bs9&7&exzK)QX>cYtKGWQd;v)Y3_R&7}x4#~_w)3fvFrLaApTW00yM~Ur z>y@4>uwH4`S(JyoOOAgw*!fh(XOd&hcL{^CW3x7|N@t4ccg@d*eYfwPnHy6LX5L%n zJwbWycxr*^D}Ubma;M+s73nwi*>wf_?3DN6yv^~S?geY^r~g(I_n&m8mcJf} z_EL|nBj+!zxt3M-ygq6c|C3NJsdykkMxsb z=klY@FGJR51>+}tFwJk~$=Z^@hr%|=htl||8vh~1+>+}2g%ov z&mo*Qz7*w}@e?%dq;C0B?a-DTKP`^?<0oh}b3_`aA-4td_!kB1+@}(&wCmjYP2-4~ z${^nr9ciZ?v(BA1^Za;+@88h~y%0^z}hH0HHecR_cUHVk(bo;AI>yz49pPSJ7 zTS1T*huI^WxA!p5MH3e~r@3^pVMxgZGN_=Gz;M0f#H* z$XeZxCI4OfR#C@V>Im$ODO=;hu)VpGat%fW`(JimmzQs6-V?nh-;VO~^6iGlO>Ud= z?X=#&jBW7qMrz-cLq=}PuFt(OuAIA-&!mpe=G+~v^|=@7eRA%QDdmlkpLL0_Lb9|Q z*-W@>G>fAzS9{zTG1UpVWpD}E&7!|T%Fjh8!`VGcHYZha{2Qv>3&YKt& z7<)JQDT-B@z2CTA%5~ltVNSgJvRyq*M;zYOgkQPWoF#%@>nsuSZTs9e;X!geG(Xn? zUEz4sYIJ@u@un7NuFqBK`C&uuejW!$Zs(|>3ooIfBbo8Pt#L}h5Cc}xnBK2Y)AP%{$8v|03x-wiN-vhjoU-}4nn%VJHAiGv>v-7us%o=%R z-gFCnX8qCK$l#`G5- z%rxf52kjidQ}FspJ{E&FneRRZ{~O~miEG1uY6ZviTWSja#bKH^J0y8rC39lqi51=CZSeQZI3_t+zfI&h?OU5T zDp}5Tgs@~q%cLZKyRA-6!fw{EZ+hFrcy|eQx$Ol04&(25{t~ljLoZ5*V<=`AmA&S< zBs`49`OdT7(DypN^ZW{ZPw<_0?%=y(3nlp5ZTM~_;7E=6SAf z;(6az`|~sM2i)saDL(N?+CCZ{j1_(SWehQ|2(NV>ish~T+WEPK#P;0t7-~i{1|P{h z`&i;7wBbD3H=~SLdTE?>E71))o1v$nWJ3@9CqHH7uhyY4-WbJdAy$jyQSq)#S~aHZ}Tf6#WN7|L>vI*yor(f3(5up^-bk zrv_RKjg)gPbe;#DGobT)%B!K=dF-W8!+L`nu4Uue@I$p1d^^6S_S=^I+cgV%X0TR^ z=MwlUUh3?m;!)yrgin07Rc(6>E3!#DKwjM&ggxt&)=tF)H3{zzgU70`S!G+)Yi zg|-||8&dT(Rp~2hzyh7=ka$7k&7H`I_P(0b*rPpupYUbFU(+7fS_|IW_B4Ay8(cSY z$r~$HpOk!t-=w?Z^^-S{pKs-Y=Udow4$(0GtbDK$F7k0yR{u(PZU}Tu$FE0EE}1+m zvh6#gO135VZ7KJb#p6|t=ftc0e)XKVMoF{u!Nm>H@bA!&qCYji+-hlo0$cxZQ-4nX zrT5bJHu}KzSt^Mc)qAHVzx~5tPq~;cQ+aw)>F+W9&rY3YPFs6SJ9UczE-ws2ituM) zh(A&I5aU_dhba81BsV0!p#H6zF_9HHd3X5|Yd*ICU%u?n*dFLZ?);S8c_kV2ERDW> z49t&=qYt%Dly_V*Qwcw(#Jj(Frf^R5ly#LK(P6~VyCf9&P8L%h?M(H|TuRNS+ z^M5{s41#fC-bg+V3}_3>hpqoOW1n*Q4YkPfT>3xFc(4^Ywf!O8eQa`<<_cD7uAm-# zXoMEUauZ}8!xKwu20JFZR?6PiZSZ9|Iak=G?lxpf z-`kO^r_q0n;r@t>h)>_S{*5Nh7a3jQKk=t4!0&~IM>+gvU%e*D>fZWDGQ-&rWw$JS zq%0ck{AEwiC0QD{H|;q1MSD|xFJW)W4D`-pJzXnphJRTb(oo`cz4~4cN6?jQm^8kt zsRkXW(OzlrEJgd{qri9ex2%q`&aF~&Pw~fs<4MZ`%pFNP(FN6gnd+v0w2q@As6Q*u z__VISm1ZA|%K~hP5)+7#d)LOE7VyF3rv8}qgYkE(cg!iN=_DWalB2J$drLl`e7kmN zYCj>dd6hS0(Rb+|^BcO@KE?m-OW@<>B{kdDnRCEm+lC@r&+NT<$4@!0RA+(Ja4*h1 z(U_vod_MYeFW$P>vcvo6i>!Sa>tp><0iV-j6Pus4ybk13cshLG_GM%J>W?IcZtmZ{ zL~Nb#c%b&h^1n|!^F|H`&+c4b9MAq|i7$7>@NA~h)d^X9e=ahrb2AiQdI-5YhumVF z)3pvcSc48fj2tS)w~W4&kEJb>L z^kXJ6?)pQ<7lk)9@S+TxpMei0wC9`!-+9XV02N$UFIdBM$)c-&Ryr$P(bz)#ksa{Rvof&bDsuBG(N~S3 zgsHMu<}dx-ijK=ZsIS{N>tvM|TeMBF74%wt*Gi6%xldoWP4n-M;tUFnZGVYf$nacd zI(@$H=1 zF}mULOug13G#DIz{v>d`mOiC_!SRh=;_&1nR)AqxX6~@+xM&H&vQh>&WLDKkFa&C&zs6N)XrI4-p zhOYUMbbVs8*1E|b&yb%! z$BQgl3Z9z#$WRIylK%Z|Tvt;ydqq?*$7=crc}R_dIb3OW*wa*@T z|3&Td(aBNUdfVsQ;nn{w`}_riy|L!c^Ec~bqO-z@%Y#1aZJ+&o#|_MNgy-wiwIx-u z)0~}X#zL~wt+nS=SzE1nk~Z#JTfOISVlCL}Hn2_evTfj;`3sh|U5EW;O+_cU#1p;$ zICzyeanYw37u1jQ&NStK)ooXDhL&`i=e~>Gcb}^~FnA8kmT%uq-R)p*J9gjVz$@4Q z#YEe{-!|~qJX7XrJotP&_Mh?KqN~{xR`&lR{5AF;o1USp%q%}gtf%Kd-+m^>GWL!p zPa7N9f37o&(VOe|$o|(xlP9|Omhk(HVf(MWD+2p}BKH4c*#(}n_Wwxi|BNE`|KgDS z=eiuZ>}^|1%vj2_fwm}KXY7AKf6S#Z@KN&Y|2oJ17of3WkTm|4{E%WaD(6`KbQ(L{ z(=&2IIsH-webwv-Qo(*8={fMGo*21&sCUOC)1|V1Ir=(`m96eCqWVHzJwYf^2@ zT66VzV_~j;-5-7O&lZWkQ5)Xke7Y=cSL*i=ZI$X@-*>vK0BxrXlD0?spe^5b^84Jx z4QstB>GwTf^)WeJ8?PGS*r%@A;Cy-VN%H28kwx}7Yl@)LiY-JL8%PII@aUT0cm1X{ zCvCHQ|6Fn1GR6;k$j5q`{DfwmmB4ikx&F7I_ZnB}ch<;Ua^CfqztsUYXk68S{&y@% zY~G1(?u5V3(C<6NV{ho9FM$Ca@KEQ_b#T7}9OwWCcJkg%WW_u?+kdu$*x*AE?@UuB zIM4wOm@>hEo%mk1JmJxc@Bmy${)WF9%F3X3M&H3E>4@YHJ;4u0&nu(JD*75fpY=-U zd7vjo&tuW#sqVd;jN(HFe!kHmU(bJc0(y=f;`>R@SIW=-zViH#{lL%Pp6BOZ7?M%0 zkIBiw_H4YSwm`fl_)Y7({%GEbHNV8)F!m3%vVkw5`PX9pbsGO#I%$1K*T3F9K>xai z_lfxw^sy)V`n1vLy7UaWz{g%$$jAQIQwHy2k8;Zw|LN-tK6V_MhPd~H!N@v(_R2zj z_AQ~hrC(26_eRryIJ`4FEaGqb@tWLxgc}Q6Yhqz*o+=avyShN%HBql(aI)Kl&g+){ zshE}<5A);8Q9q{8auD-;v=?2B;qTQGU#?{CFg=CbGW5p8nAiF7iOFlI3*RX{C9ye% z?i1(SsI$KOwWP7;(}{H|X6MGV30^3|4BeB|H5D?9!eZpH%>vtu(Ge~#eyw}L&k zo+$V-n(=09++PQ8)O6X;yb#`WA-bv->mu^HX>o#+AKa$;qZW|8u9QFE`(zxgW*3 z|0y^B1MW^q3YRtibLc7l{Ezg+#)M7ZZ7n+lkzcy+1g9Q@Vn8+Y~{5qkLP0NvSFGltmfS`cwWo< zt>DV!1;UM3b3$hoP+u(=ueo>2=XPwCJ;y}*lDrMxq`~|M^JE!pjr_6NV6Ibm6k{x* zwwILCZmzYz@D^yFbctV2+|~n@m^uESKf?8-_M@JMRnHxvdNiM<`GO+#JhLD5+@pG~ z&edc334BmL+5XjhmDX0Q1t%=O7-MbM7>oWhxg#0)6NO)j-A4m{eVwx9Yu5xewShSP z_quv6xihe(HP^n;bcQgS{tMfyuErpqOa5S9Ja;yG?=v5f!5??$Vter8t|$T9C`)!N zHQUdfo`+BL`skY<-#grUaP*HONy<%5ye->pVXRxorESnSL$A90WySe)&IA-Ru_(Fa2_P7d_1J%zsz*%gBf3Ln!~`qq>?r=_BK^ z*LgoZg#A(@n)mfO$)&zzAARuUPXv8Hy}9!IJ}54FdD-qs<#-b>LB zY5F0q8TRMPBX=`ZC*}oat!#a|!)fTbjRKcpp4{9gO)aeOgbfptU5Q=MSSdtOK7< zzCbmf%E@v1INDq%e0d!lp#>wKBu+I0%OPZJbWiR;$@fY-bWz0KM z^}L>~C*URZq~OEO707ZEyjUgdBhLVN^7kT%uwFP~_W0M{%Dee=@_CidYkYh^y43Ki z&diyfk?fuTChUX%f7LvH;)S-@O^*u${Jo~NmS#wE#T?e!F$UAzUE5UnfUas>>>a83 zwKI};k0$r)i{2CQ;Cyz)hcfi(ZTub|LH;DylW4zkdkyBE20w%;=%nUz>)}Znog68i zOe2TFtlQ^oVt)JQL;W=>n#)x@DuoVbcs~t2ZP24QF8lL8rEz%;xM%A~#i4lybV94o zWAY{fdh0|NIWsCJOh<}3Wxre+u6JnAJFmxXd3-c=PSA6<&B(FZJd?7$j}N@;x#6-) zwxx2^mY6Q=@s*r z!Ec+Wt4?{yT<@4#NYQRUne{D4~oB&ddrvX|Gyl7d{qpb2M0Pd@b>@8p~1A@;+WI^5wt&H&ZC}|?f-wF z9uUe_fw%t~4h_Zn|L5!-_F?;0|F8VMeb4{LpZ{I{ zXf1Rlb1Cw56?@XU-w(S_hFrhysUi5xCD&IzrFcR;^(&t6D!xDSOr7kNeo4voYfT;_ z=TKep_t2DKd_Ydn16{3*AB&BT>$%7MR_4%hW71%JT+4Z1TZiV4)mpLTjIm}BM>Xa0 ze(ToWW9wjijL*&ZnDVb=O=os|%=>+gkEu6Di!(mv_t&%Z1Y

    0+$6SNCG2z24J! zFMS<8|B^WSjWRxNV0_%j`1p2z9JuRV#>e;jlhzD9E^`^{qf$jUuO)= zc=M;`Z?t(Uf8AJz880(de)a17v2qn>TMQ^3t95~lxlKOO>QFus*Xepc{&(}YD8H<5 zJoZ;X-G$<@U0V+@1H+C?eu^XnBdtIZ*ligcC zEZJ5+IxiN}rr+*2aa`sRMkh11CCRyrhcyP(x=YPRnYk!po9&D7!((PkVy zSFta}^NSY}t<9HFQ=ZNx(^!}L z;}o0aJ%Uf;+KIzFbcFZd%V!}sTO~KqWXC#JeutX4(Olv?8 z?v4>NWxhH2Tu}C2WM(B};*xn@vWqfv@>^ocYeSwCvsRgk@#>u5E4aRr>*>s~9Y>rl zL9RfVH?*^roE)9ksr3dO(EBX(?t)&;Zy$}`YfkQXbbJUnpm(36e{5L^@(=C^%Bj>d zl%u`X#~ZmF(tHSibv-t?K8U~C|LU1kggi^dE7&Lg1Y!gD>y0gn7Y<(|;~gh^W^X~Ak7&!!K$~RcJoPQlD(zcav9zBqdZXzG zzAJ8K|GBYW{buoEw^{F*n?FoJdruE*I$1k2J??c~1@mk8ExU!%3(`At=x4hJN>X^uwt_&X0uE%Is zYCL?Nh)k4`U*xt?I?g&5+g{r~e}1lTen5t{&7BZg5ob?eFL9#3R)_em%CYg^dFa23 z!J^|H(NPK=BfwmuRQ=$4=KdAM2 z@k4X=sV-!nxVHA`xBpb!J{=R#R>(dne`BUu8*zBA{D`#H=T)-Tkip@@jh%Rw^&-7= zlYY~Dp<=_DJGAqK;~f3G6`KyU4F{t8DqgL}6|-czPT1 zARO1eG|O1){Okm8#jv)2-0|Fk1#hMK{dn*hc^b!g@b^haw8td-@-dgcW{$r^B80sHN{l`$B+M_v$tzgM9oI9|E`|OvwZRoqV-L>4~ z>;c;OP+pzdS5tKkZGI!j3$b;w#&Pql1gupTcBOk0G#Cuz`bXqx=p2m;XwUI)^*njP z!mG||*vuXuV2kqdmA`hyJ3UX{zTk?pdY<*;p3u(`B>k!9c=O&R+CHQ;Mlxuy>czXq1?zrLwBe*I;kFB`@1YvCb<^BvM94t^mY@^hP5k7V&B>sti)C7;d3 zuQu{5ggLfP_5SU}-Y4H7i+?S?pZpu%w{^Mrr(Dxw_^0~qJHo!7hp_L*?8#LK`&ip< zuupg={1f&G16}M}$5^#b?2`^T*!K(RQN){C4DXJn&Q|E1t2_j-XxUkb&6Za)k^SoK z(y7JnKgxZR`xf@|C`W#t)=688Tjualdk6~annPHp{o;jn4|#9pVIBF`y)d~Jf23bb zHoVAT@;&$@qBo4m@>et_5!PCIKMTEDb8(7t=)l;M_^bRqi?NfC=g)AzQ2v4J@j`( zMjTqg_&O;6Z1t(hJsbMRxAp}&`|^R}TMPS++xS5r{@ItlSsdT~E1<0yzCCAh=X>X` z8vhKR%JcIREg*z-N`%eG6-{r#JKzid4+xD>zaC&9Ys-=R;!PSK$~AqL}*{gid|%Im$& z_s4>|batEXk9`9ill>OR+(!c+NYD)W zL;l#&=&R1pt>o{BKzHRAjYl?a5mx9QZ7bxD^@kT3&ej!P)M*c&M64iQyb9f6yqMtV z%s}wsk(@uaUHeDb@!TiaTh;nOc{B_HFaCUGzW%!7xnlUWJn+d{Oy1g|BhzQd*UIMS%I{k3`$-^PXYe#)#bKbe?-YkzL04($^Zr+q2x-CXdu0{p$} zC+v?1-SV5G#8Z`nXZuX+NnQgF=3?9Q?va#Xa9MtK@Vd1HM6y^Bw5 z#wx~N<+^#X)*Hu~?X%(f{=wD-c16j_D#1>=^!_-YSM4uG@2C1Hw_2>%lRN*3iuQDL2Q3s;m~_#(4V4pG&&`};sE}>$?xi0 z`4y2X-e~%Ra!TBPMf{7IeT+v;y!eQS;>9bymT?7rix-1>-FT1cA8foQ?)n#;Rbc&# zW6VC4*?4h|jzRbrf4n?L&-)mUY^*OoBl*lj{oAiCq53|sc(Hf#fb7@I`-|JJZw0g! zvtI*<7vn=$8vLJjPyzb|mSx8ye7E-Nj%#vy?c#rb@!~8N^c62Yf_QQ2h7USkY})C@ zOd62IrOvqILx>j#b>?CdSAf3-$0y*4#wTvP_+)szKk?$f@t$HC@9;On$KuHA^ZSn% z_cuO?j&$M~<Ro zXI%d!gCFME!NfDb5A#l+@eE`%>_fhfc!p`8>qB0P3Aoi1Lq zQTKl0#YQhNIg1w~*#FXwlk;d81YT@$Xn7xav9iA9jAZk7`p1j)q53``yjWS&LL6fN zc=3^BalE)CpzVF(1^uJ(ZW-%KtUlW@k79dSe}nJV-?*B*E&J>Tju)f6ZO@DZHo{$WDV4|WB+!?T{_1h7<2ma$NrCY zUixxm@I%83$vSi2Hvai(uxX%pF&>@@FNV>MM~Hv!Ua;V-=>v#=wkwBDb5H#JIUkD` zznk{~;060{&mCv*Vy{w)>0P)d#+xnzoy{EqT02D}2Ux#1Gcl_?J`Hz(tM z*OR@k!_T|dDc0BK%JRHP)7g_XJ}nu?epH8IGb&wJ&ry#aq-dPPn{*->l*SK#I_PaL7 z>#Rh^CVA0q)jZF7yKVE{U3M31Ay?$*KgF6)2xQf@GoNr|>?KFW!u?xVKF%&GAEtln zvi$>pC+6|jzn|qlans7)_v6|3w|jL*=G}LBDR~NChvl)*b^bf~`trZgKU>Lz5|+6A z^I}~N0|wncoEKG0f5Y;b&x`+m@N;nielFX8er~Tx6vx9bKap?Z8NPhucdhgihvvzz zxu3|&KlnJg_x(EOesBHQSd+@?$3`zz-uwL)=RP?MZXcWa`*`2V|ICp6DmVKKoSfWp z6nmkNpM3a3x$|mHfVXc17-GtgJM{O)clH}}=Gmj~9ElJoGNts`rU3&1WZ1D)w$X^e)$W_aWX*nYFAH$+BYadZBl@*1Ju- z>-TRgIi}dViO{=T>)kuDG#{Oe6n!_u=Y-Ga8}zQ>Gm(bUVsaIFx6Xg}s%*U{BwLHU zyE^nP*P?lLw!OoXzj5BJAZL3G@>~H1Rji(pEO+IZYrXqP-ZlO~Fb zEB)ze^!MwT$=Q5wHs_`;_6{6Iw_3YQ5dtqW~PXsL&mE1An(1TBl9CYE1>0G_CdNo zSc}IxDdEsZ-`bnC+v4NyfADSgWAO5zXuSK)bwiV@q6c-Z`Ag3wZ&rFq9Jubs9bZfM zmBlNw_fu}YN+rIx);~?gj~>Ej4(oW9;xlS3)G>Ts<~qW4id;PHHK_GsTGO>MwO9Kr zoTX_qKe%h`4UB(>xTt3QIs0P~~YTMi7v42sT=PH<6*Sx0A%9ukgU3&bgZ^_@3 zUz^?gGLRS7M|m`8uW~zo<;ainNuM+OU*_6l=`7T)Ezsk(tB&{?r(>^+&leo37spUH62p9}8V~hOT!w*Y<2dmD|Pd`n%J)Z{=xW zi2sH7zJ_%oF5fG-w*6%J{_e|ro9ftODJ)NtCCSv&tT&mZiDww%6@JWYb1%E6w` z-&OE+uEr@X@v8ZJYP^!4*RXe!cwa$o$2>lRk-0Gr&wmQf)&AR^_Un38=z3k~`r^>_ zy`k$R&b7<$|HJPpe}!{j*H?zF8$#EOq3hE^*Na2fmpa#O{a@pE)wjsGZ~NQdZ#JiI zm0rB6gioUv`#EcCUuY~rPfFsO*?-WS851#mpV&Nkn14o$!In|n=d+44WrQtJbgELh zLVS+q`y62heSI|jI+V}LTuXOzGE;({#hMo*Gr|^=hmVXH+2QXz-dVss>6ZLv*ABV3 z()7jL*ym>uyamD;Z)jU4>4ZYm~UM?D_ov3vBb9<;iv+cpx zaMx=V!mDcb<96|C3mBJck8l6B|B3dnk5(A3T>Hm-$0Z$^y-h9Xgq{;l*|l*mV>_f9 z^G``^euxj(hM#rd)OYyIE$2*kKC8ez@$)y7ld$|NU+VLZzb^ll3jZcAt(wor{e25| zuHsnqg3n+u@Yi3+>4)+vWOwX8$xE#xFS?!`x}Fod9v!-#6}mnxbRE7wC3Js!=sHZ# zzRfwBMc>Jx=f{Vx-TPKvo(s!=0e{KIxSYQvy$H+8Imk;3{TG%O*S-nkKCgZb{H3sc zGyOBlcR{b={g6hC%^_|qA>em!)(Ds=r)=z44D+P!c28O~?Nevkth;0EoN zKI)8F;Yc;t);4%xi+nF|qH`(oEc}1{kNso(QBK=mc4XMnvzt0xJW#)7*l+O>@;ua6 z^>NlA%NL}+@A6wQTT$>$ z{{E}8eLd`?T;uQ8d&b{SbKaWu_rvjfTmJ^rzWn+(QvYh|&)UYI-tnP&e;w5OYN*}{ z*6rDPUki9Tkor>00l4ja=gs_f{$M}qTL^}_^B>~xmrJ}S@Fh2ix8kv4o|Qq&yPm)6 zhL~r@-%WU!GSwG2xY(^K<*)ccJ?44eA%3yRx;$k!kgZ zWIA8Ia`SD%BlWlBnb>aM0AI(4ew)#ukbJkR#`Iv+#&)2DvhpUTF( zS+gIkuMKpo$)QDbT(}?Y@3($pi`8JVr#TB^?k@kAgz7)}!>HfO&KVGUJ~XfXOGEXK z-jDis7tr_q?0r?J-mc63@7Vi^p?Y@&^$teg2BY6SZ{+LulOJ$>VgI5vRNsU9QD49E z9M8%VYcneH(>2up}L0!b!YMUL-Kb{4b{8nb3QhFSpLqTq56I`$odBAZ@k-; z!vfdec|533vHlO!-}yt4`tN(6_4g&;QRO_f`1UV#l(WA@V1J)Khx>HyHcZFTWE`e~0|d zX`%Y}UFz%h2io6(zh(Fx^0y|2>ff;+^*>j@-|1`o_TJu{-b=>+J*ab_c-Ak!%d_%L zPS;6!^8IqC?xy`{?_lI>YpA{(gZc&|UwzdV_IDl*)i-B9>g$)kfxlzqDdg|m9;$!( ze(-m&@^n?G&PhR?1C^)Yeft9|-5gaHD?b^kwwrI5udRX{@8xBx3Bub_VT4refRH2egE6z^G}mgw;|Myxj{SjXMEnj zJrnl-???T8 z;Zqp@e-Nr~QBdDt@V_5^Z?CCy+RGXmx4rj=>YueA?cHtUJ>UPc_9wzTfMh#0KC#)< z+vv}!el1k*M}m5@_9yW7(vH6;eb+pU{b%Q622?+Ly1DiLeW?Be-bejD|MS~_3jSU> z{;x;-Q))l4F6E_F{xMj)8t~z?5FMQthvEYPANrb)^6@;se&LNr{g(e}_+QREx66ZZ zp}Kz&)Sboipzi+WqxOgYe|{xj&mRry-k<&-4F4Z|IiLSKLUgPcB>y>s!apD7OFAEA zNZ$Dleo$RBU}HF?$KlBdWiZ{NXr6NhWf=8?&_-XXVz+>^PVU>yuTvGQcr1m^>j ztG#(X`S&_YLOG7tD);0{%3H+z;nU<|Z;hKh(3Dec-)Uw4pf;Ubv55PB&$-Z3d3KIx zawA%iy*A`9F@!wqdavqlzunuU^LyjoTmPO?9zCBj@@vn(lDwu`-Wlhg6QQ|zb3W)C zXdB5|fYc|FYn4yU`{`P8oq100n*15A$zwZn>wM0L80S5oCLew>XJWL)O13S3x8eRD z@!oQ8;$7{OwazP9@g3T#J?YtZb@LUpwURXkS4F*X9clyZI-NFWXw&8Vrt*JG{WV{x zO4deb17-Z;@84{yzJT-7M8_zvYc4r``hBPuzu}z&zH!mZ-o!-_#-^pi;#ED{BiGIa zr!wTHv_jXsyblr@w3RG#>*zgx&Znf?8{^UM2*Ew7>9^3DjAR}D?J zyficog}#?tBG)bzeVjwuAAJ>+r*=-C;B_gFk@jwW>7=_antjrvUs0RakjqG!H@tL@ z&w~oC)6bH-`AINnoBDkEi|XH>QD0e!*R_URt4!?X$JJkx-t?-E5yay|wg_dry0Ymz@~Ar*rXwx>RP2d%D*5y#An#>W}sa{lIxb zOVuuPWcJDTyztH^AA4ikE5CT-#`8Mfpv|4+0$rkK=90_j-hb&f|Na{Kuon+#huU5f z&CzOU(Qk!l`7yNgDhFPvoJj@B(Qk#y*{C)h0Y5m$+VtOv_gpmbvG1AwTS^;{*&80b z`nHRD=ugRC=>%l>XWq4S)T8$%i)RJ;)b!=(T)((|lHpv{EZ=#?^vUVAPa5*>Sw1j7 zQ?O4G0sTftpr@L?c`4Ke$>4*(xXtK|+Ax$hyu3YV13WvnP#c0iQGTAK)wIFN4reRc z-}Q`X!&$ZsPW!l*Z3Ev6^}&T|19S|94*k`74gEE3;_qDcfmYwlKJng*9{j%FHxcx$ zbPRp*i-_MBJa>AbcGLwj;pjnSq36Efb*WF~7pk46PbcT})XXP&A5YdI_veu7Rz}XG zeO~JeGpy5j=6Bc;%{%d2i}u|t&FR-9>eqAg96Iz{A%2Vu_^}3jdgqhhxagfnzi;GG z7&??T3!{XgHN0;y3aluGp>I*A%gd{1qg{t%?8pOW7(23Lhhs;Czv%ota$_?i16=K+ zj+d$9F6jd@lUH{6G*fn+Et~shtq*0Rzh{cB`jfTxKxdi^+4f9eo1Vco4fTeu*a;Tx zg4es@`3Uxb>7kwq@I|sP5uCm8Y9D8X#@@h@!oCN zX{~ds#V--<@-;3Xhep4pWw#61)35Pdn)`+BU88%vqjuDe<6MI=-t#+SL$~duPj-5@ z+*j(AuFzTZ(Lb}E;Me#yJFo|_hR0Lv4WhGV-dWw#lzEJGef6=b^mX`0OYnJa#OG+h z*J@;4-|ejHTfw@%ds)NRSd!Fviyf>r%&p<`&utTZA5BG)57E|VXe)ajZ7z*?XYA#j zOrv|QVAQNX)Os?{tT8>4+~I?oGdy?xSoY+g99u?Sdu7Yu&#B^>m64xBs_Mc2Nys7R zjcuzB2~bK#}6yrXWCMJmbbakJH}T8^J_eBn`l?= z>_gBz2Y;dyom{tI-C6al?P%EOUE7K*>UZHPIk+#>H5l?FMi(@=-wwe zCpP+~zcysfvEH@9o=A}6EBkzZvGDROmpk)cND;|H1zpJ^vPWfQ?C(6$==X8)q?4C)aHt38ddoD>?WMt<$ z`fx;K#J2OniaoJm=1iuU?ESxsv*mWrMh>SThxPK~6ECR!tgU&0GVrStFUa=XePn#c zs+%K*Pw*t!7CWGMjyJ56vjr|WapAnPUX6`vewzDr@N6sie$TCu=O5*rr!V)eJs)1* zz0`aD9^RW1IiNF&F6#`w%yibSat^&`*4lICGJ9Y8axsE2!U4@|{?gU-5#CXsx6MGO zrmv_yNJ@Gz8neRQ%x(Mi&?6$#o@MNR#MD|Y4D|cJJ>;7afQZ?yBPnct#$zl%W zOgh%boJp(;Zsqz!`Z$oyjT%R2T#>4ccV8yDpefBB*F8L=e*GJNMUTF}9em%#U)62b zi)mk{*0Es6c=~K2-@_#$;KI-p7T%fh_2d*84oU8sGRGu z*);*F#f$;LCt;H?s^oLRgGh4%Up#U|{Qe4bVfr~<*B$KLP2ME(Ix;!&`nhk_#mZjv z`|#wXTyvhIFlVF1t%uPC&dOO?f9zRF^udf1?X?*n!iPVS2O)W& z-sHFFhhlY%@2?K{o>vFgwvL}Tbu8_pj`#lD)zpq(SEL==>*J%{I?T1L2vyVD{pgI^Q z6>7&;_4(Dqv+c0gwvIZd4()SZtk1vIUmbUc>fqYeF~g~&ggUIuddO*N7CLY;@((Vy zvPORX)#$)==n*>L-4wsS8r$>h!}c|0PWI30)R~$MtOcqEobg*h2rW3HI!mg59{C{;zrErX8ynOnOW7 zD&8RbaR}{5L*pdYBZ)?hnbFf7(@VT-tHI$yG^U_sn8R1mHY1=-bm^T4G_*5rJ~||a z&p<~tbSxW*AAiaxlF6(EsyxLC?2KwP?j(Jz9FDReb@${B|GX5^}G7t$e#N1{9J#= zS+hCNe*Ep5zKrGfV}t2O7ki%#`f=?@_AaZ7n0|EW1&6oS^ZU&MrFTJ&-qeN2J~6!v z?WmRgKrZX7T;eMw&=dL6sSABMH1az?_kQ$rzQZ@kvdU3;YmGg@SLAo;C}Xpgit$CF zU>SF50uhMzB z(^)%SN84MmiKSLH;6duwdz)gcS5I9W=ULYIamI!0r~1Q``LSG?k>EKaS3D~}PtUH^ zxfswd9teYu(V(rioocgb>+)P%4PJvwk`37* z@vBh3gXaUrfgSsbgwL@od7AoU| z)Q#AtA>JmVw?Ry$bqPKy@*sU4-A_MB9wnEqOnxh9V_6B_Yz>S>4QssT(5EZIXxTfWXz?pPTQrFO`mos z_Q5!3?zf41Fiw@;=V7-uI(eTrcpN%%0Db;2^1T!PerMn}ooD=}W8ShjBzr7+o*`dC zK8oG<#hlGE7Q45p0zWbS_}eqz^w(H(etJucbGezDN{^)dqv6e1K8(9Ie6shr>yZNE zEweum{+PQyI5n1aXRAjhnR~5@F#fGzeQTOJmVV6JTah>@Sw6~JVdi8@6;CbetRS{h zkvcnBF=o}b$`}upu#SrAUOjEAqaD>j`+oj2?*aE+;e_zf{mu4? z+HjuJ7w-A&@25TgX4@mZ4{VKF|6tnlt!D?{?;ioyq@2e$K3gxDg5O$e)G1m-rhykhb8Al;{Nxghb6DH z-y?@57e(S#zu=j>=N^`9wBIj3EVb-zyGF-c32bN^G=_%QeLJ!Rt)$H|n zFwaDipV{r_K9f_w(yOzvNMCndo!-$Cw0o<6&*(((Jx@=A-+Fq6Y-oqJcKWOx`r7HY zx=~=pgjh1dTz{sXSQ(hx1~yL^_GZ(LfDY{aO083#mh|`DboqOM!(Z(`XIX0b`5b4R z7Q(M`%TKT@HYUEgbvm(Q=?8sl`Sk<%l!$pxv`%Nvy5hErZv5|uzS7`LJVA3O;&BX~ z)h7<-?0NR2<2T`1HSym#^AIjR=vf~dPfhBXf2G_OlW)@-%iQJZw|fu7g7Jee((pd!$a3&KuOEWnTp8T(KKb|e@UQ$s z;@>wuME-62bzsW^p19cH^0GhvUDgNxW*YyaxBR8RFX5JCa0vX1BMWZ**51k1xwKdr z(%FM;$dTgX$V}(a_#W%=Jyzp)EDd}Qjj1I!k>~T<*g-nZt*0dxjf-Hn;y?x>Eien991D`uN8UHqJHij%c&dWBdy7 zwT0hGcxE{~pHAE~&GkHRQ}bJgaQ2|-v#q{AA|GYTkvh-w@Z_>1gbfEIzq&J*lb7|! z@g1IVXw8g{cf0;jzd|&VJo!Mm_EF+}y%+r|HW)h>yFT9CTBf<6 z#0#^)BGWGBp=AH{jPA>yRV*m4AA)Bph-t~b{G9pAbC_efwWOx%@}5#~)$5M12bG79 z&AxQq<;c1A^lSwq>+9sd`7uYye{^zAc6xeBH~bCWG1h>eCnwYR7b$!SPj>i~Sh6C9 z9d6CpkfS2ZSEFZX+Th!;!;^nzou>A?jQH{CmD*Ff0z797a)v!4Q@E?Sf8q9*F7oHI zTI5e8>>3)M2Zh?aoHnnb&Bv3|a_;r>-+G8PU%|NbVSLyrJw2NqKAkguywVjLyqc;F z%+*a5tpZoky7{-c|2X02BR?^j;ojozy-jA0 zK^V%%*Xdv!&HdBf-rJO!!M=jTQ1;G>cTbEas-kPXWEZ)-xts?-hoP&Uy_NYrQyb}Z zFGW8}=dO%+4@4Q$Orq}@S9hm){u3qG`00!*6UQazLvtBeQ~qwxC9PxQ-T%n5wa7;u za*=qa$KU^Gt507Z--6#n|a*?~U#~KIuWWQur=CtGue72feB~#>ebS zYGSvFLkNEut238+COHwl?q0|_j5Xu{tvwXXLsyl@umzkf$G1vRhTqS=zalJJi*Hr4 z^3Y@r_w}A|R{r#I&a__6+JV{3TQ$D>&K(W0=%RM=928p)Kl9+bbIg5VcH_Gf?|87M z=LtP~EBcq99Gy$?`>(#y)YA~#5M`U8nig_6(6eRStKnV-oXCLN8QB5qX7B2%6gF1< zb21nyy2XRH(JASsbTai|Jg+ThtmtYA|K{@kQx5Of1~O~;zc4i3H2Zdg%kk29_u{Yh zj(HqTSzVNIP*nR?`+FL#arWwZ!ztg|kKN?{^s*lp)3@NL#-lwwwDFw+eatiTF)@-{ zAM3onwSFIOw|y+$qhD3<*UU+#DNA_n>a}EEGBhNRA;sHl*~Y)U7))b7`+C;4 zBc4h;vTf9m6*)N@+Pv;i{35Vv7jkUmGv?!w;yAU`-{I(w;-52%#j7}9qsBYTVB8w( zTfO`89dnpBUW?o)rlr35<`(aPH1@iDvK?dlKH@0rGd2c3qr-=4hYx=W(_`W-z42Od zME@1SX!MtHyyS$jWXILyt)ah_V067#1^vVV@YO`Ci_elNBa^53vXvH2qO*x3!2|Cs z@{*#>``UfK>Lav8&w~S-j)wP=pLWVi!2_e)lws>@%j*3Z$(`tTn3f878Kxx#|MF;~ z9hvds|0j~yXs>wZ`YNu=uq`hBzIt9xuD+!E3 zn@ebOP*+dGDBn+sPo*!t?h2ksUnxC`CDYI)9;E}?D!?1%%p|Z4dSCm8M>YOKwkq)z zTe07hu@P<9#R_bS;8HQdwuk>r|KVRsw+RebX@Xg?dAipPB0rnye-xxH*$;4dKy z=OPQxenw&xb3S9dZU%wlZbepf#-E)lKk~vinwBNVZ9sPp*Y`k_n|$b}Y9J=Sswf28Xs&oi%F<_yB`O%C2;4D7!5mruL&`0tgy z8{3erZ-U1fC;G4j+Z@!jn|I{%st)l#^6siT`f9_g@N#`5w(V8&-@o+kJ$JnZe}57= zU_~RpZ5`olx*J<%@=hbsYmuc(9wk5Vwb%jMe)YG8`+pUQ-}epgz!i)6?KtRQUZgwC zcwcj)4a2;yZ9IQZNxX{Zn_uSr8m{j?EPmhJM;@@^(P3^m4SqTNCjX_Kz9(i(UsD#b zM1z_1*`FBOZ8_krCtpDhrhB70haKQuvKRUfh(@;E8;NY&3tgwYyYj9s+Hg{I%nIqG zV#2S$kJK#ATA|$6DfczX-HW^&bSSyrBjVk+{jGM#?Ze~uoz3;tdu_+gq+$m`?`UG62Q()l(_g%m7`Nzc zfZh#n_FO{zWn3F|-%9_iMOJS^-fX_+?a0t-WOWU)s+h%EWL0H9ZLo{;*NF`&-t6w$H%-0#|Q^HXBbq8cfYx>SOU*_A{$leYCI^8H2a9`vk@nCMLl% z=R@OP4PCP1qngX1D=r!~4NX>;$Y=9of1=@!1!&l`pEQhcXqXbv(0zMXFvpggW0wCk z_FUi2Zg?*@zU*s!GZpOfb>H`aR7U2Ufsb$GpA9$h*4+Nf>9MkJ$U1het&I2xc5W#= zSIp-aFy#v5LH12JG_>4H?u5_E^VtR8T3Pq-+NY%J!RNO$_W2>I`k?n-RE@S_gtx4C~bgfg@diAznqx(CsAHQSW z)Jv?JdYLsWt(=Fplk?CzSyNJ9TGiE9n%vtugg9lX<7fMHwU$=!s}j6 zd)zhN>&l7W!}qoL@&7>{Mo+_m8+sZ>^BJ>YEqq<4zCw4?*v`bAjM=bdnK{r_4{cXM z+ahRNtg%Eaxfh$(Rv&X{C^5XTb>0d_$PX0%$`AK_Cgbn7_;~Oy)ZayaHS%1{j2&Xh z)=GD6SdQ1LH9qk^8jKxc$zKlXYHDR1Apcc)Uu~B%w$)gP*pT9KnMQnk;?MFE8=bXU z%b}+YdP>0jA@IT2POfi&7TLu{@St@T?L=1AII^O?{148EOU=M$PgMV&p4>$)0=!&V zj~~uoGnZR}-B1qN)980Q`rYwZylTBSv>AV6yX$YHry>K`4EY<;IQ-!HbI{=Xu6~(2 zXqdgk;)l%kG$`t*w zfo>cb=(HD{iA-5mO~5I?~rSueplYXkKmED|EqZp z85y@$&w+hiJZI~<%GTo@+pC@*Q%{C+6anYbu|6)Q_({KGpTN%bI~4i(NW}h{q_5r&cAt|8KY*$Ovr-4 z%F1~6@2{l}r{3L^dj#c8$l0?{&-*i|)_Uw%QnF(cg8J|FwRM z#qaYV-a=eeIZsO&$5fPmH2E%Lgfb@%XZ$MqWKVUjPcrcJ+d;o%{aZ6XpNns{mqn^F z_#v8al6_Sl`23F<{%?_t;NyLZzvn@xbVF@0d?>4~vU6=MS=#-0ul-%mn|OkiquStp zDRqvdPevodW5K@hVE<5l5&1A;lkmU8~O=9gR)J&;ZvOe+^Q%}}tUZYITMNH^9eHc`oY$p1$p-dU*urm>V08mF zu@#$G&sq=7(={w$j|XB2lOpF&o#&l(rk;_k$`{qMZ9Ln^v$ey$sW%Lw{__V>{~Gp_ z=&$~DtlLka(p&ospEhg8$h5262XI!DY2;)Ch(of^#-Ls&(kWR|B zv@AjAkXI|W`kVD(&@07hdl+-c&dERa``4GfJY3sa{I^s{=gQDId@=0hnaQWfqnpeA zD8le9tZ%Eh`)q^rnv0NcA`B^)FY8T99^|~&Jc##Vj*d$X_r-nPo*T%YU9WqbIpaIG zUU%mTf6su9hDcT0jp+9h=(!GG7~I{3Ke`jYRBL+A1s~ec{R_~qJr{f3v*0-k7P~)* z41Wq4wlNyTg*F`+d0^)}cz!8mU5MV|I|zS_OoQcp$@G1Lkg4<-@_zb}>3TXqm@=7i ze+*3nrDNV;=)h*p^UgQ*4CTEVbPU^V#-3KUq>HIbj$)4sa8LS`T1=VOLF*Fq?#8869juYxIh!@}bI4(?#r_lfTLw=0cE^uB zrI$pikc)^Ew$n{{55;zS*-Ue!+gf?Z(sZg5I^c37Zi zd2yq437(Jhe4OXu85px0Kjf&8eI0J%D>-`vx?an1&I) zo|QB&o?-K+{TNR^PUXjaMCWLS&Qw5$7yPsK>CW-8PZP3pFOnHEZ;1RTcUU>tn*Wa< zu3W5RlFQ(23LN(7Jt=vMuHjGFP2L8^Zai~#@&%Gd+0RP+IVTtQ&BS-SJTj6Oeh#^PiYx8?6??mMTb1%hrmtLQismae;S`yiDOO_UN z@C^A4W?V@b^6^c4v79pbeVfXUYtIT|liYun>vq0(K;uwon!GPD7AgW z@3#kZh!@LMF4%&<$r_|#NyVycTf3FpX2y!+3f9pJy*0~Zxk<;U$1d++f?vp8ghXi8oY@GesU?#jr8?+#&q7pmPwC4RzN?x z8vXIfhSAcIL$f-fm`w_sR?B;>VBa~|N#$3bJJz?C%7f^DH?jva9No?kgWJP7byl~l zhm-G4-?XAXng^WA^KEk&zdG;y$$5UuP;ctnw9U>BrfM}t)LbFIG5&FLn4{&i-Nx&X z!!-QKP<9Pvt1jiXwUOtPVI9Liv%Y}wa8@tC_%rlOosHx0T|Rv&d^T&urze;j6euwVVTD6Z<1qS#tG^pVIFg08RS9nmbnY;S|4Ye zqnJ}{&WnnXRLtic`nQ}hh1<@ao?#m<;!M@0&{aXsujYU>Z&$8)n)5#nw%+)-@(f#p zxuO;C>}xuY=jDr8JM{hK1?&M>`Y)fz$%@8J*B6qPt-id>#P5D@^dVV!*?A-OqrvNL zzm9&!H`)nJyXlWz(ARb^{@0c0!V2sta+R*f-$Jg8zl9uiB44skSHtf|9l6jPl>DyG zI`Wa0d>|89`M5YIABn!?1KrhlJ9Awi9~V0EaizEUphEJ&Gg! zpP^AcO(FT%gKUim%Ll(*9mt37x5Y-7J$lmh==YWA*uD5BEAUNbVP|JxXOW>{%5@fu7Ew?{^{_=Yu7?=$Dzuz;3Xlo_5@o*Z<_;z?T=vTd{bu2LG}Z91^DF z;RO5AROP=ZE}-y z{*H;0z3f$)@i;hq4*YL}-v-O!qrr0er4;@ho5z36rwnWUy2Jl!vwjI3FN6Q^C98+0 z`TTDo)*!!l*~j328T^OutuK>{5Vh+?e4fg$b8S`{Tr@nUk9uR?&<%&UJVs_@3-frq zF300f!{gy09$y>gaS+#-ezTXJ|c%iLX$<%8%2R;#-(! z%=K-oDL+0NZ_`|z;#Gc5MoIH;&t(0%=*ONlV$ZY}9r|bXVXF@O)*AVUyi-GNlaD*T z|1H1!Am}Z0KC;bsTX?YSLoVJa{coM^^Q5N-UiHNIlxz@PqUnz>c@KE3KeWEM)?_Th z@6wt#jqmurvWB@h#p(RtqpTYYzOQDk44sP-ql+-sQ<-z$Wc?lEirXmTnMA3{+f@$z zUScBbPwdP&`TGZIu2*r33^FUYt3tPDxU%Qu;tZf%NxF5<^4|Op_{h63$x`#_N%#?U zeb%W<`>*glAKG;>zR-pEJ~j@8A0+=re$Z}g#ksUWx#q?nn!)eJ zPt;n>5zP~zZx-~)H!?9MYC9XG89>rGr7-I9-~SbxQ2^lOHX zH|HphgHM#5512)N;F~Gl{o6&vM4ap2ALKnCzb5;^3O|)*wj8^9)FnDTc+BI_&-Yn z|HsIeiFf4Y6O;>S=+<#papELbL@o_BNLuY^=?PvGJMRq4^8N$(37LfI9eTsk4Nf;&yV1 zzvHnl{iu=^%gIGpe$#n77>li_V_$mLR#`pH1hh1UXnDB+KaMl`Ub*=Ujf30J;a2oi zeR&)Gq&(A0{!AX;$;h4fC7%>oz7@JV&=cm|p?wIp4Iher{0Q`$vHKKX2h^|U@V?$z z&O3@Dvc7*a0 z9GQ<_!Y4bXTTcG;D%KoCSQlW%cVL={qr(%8^Ey^Vs=EL3UQ_GPx1MZ;S9{RsSrI zaJTxuGuC3v|A{`wTIQJ#a6Ihs{zFb~ECx;zn_X^mGs9pXn<%srLK_<)3GgdYE?q0GxUfz1>P|=2`ZhK)0WkZsWgn^hBz%_b=r>dLBcsV%1HMt#`M&S>7eLGkKzxS+wwi~IV0lwXcKhdZ; zymP8vxu4werg-;j4^n1rZB=GQZB^^6+N!q2;O%wv)slGk>!zQCxysEA@D|M8NiO(J z_=FM0vyu^u%aQE3b%=@8VWW&JsJ-%c@~|W3Khr06xX%>Bj^LTBEem13WF=-W}AW`f_*z<=n3P3FBfWucnm)}%8;*Eb(Oonk=kS9 z?LKDZ;_a>IhVmnKFF~e}%KVkiB)=JUiUx zIZm4&B&I04h|cUnRuxk;bDFcEi}qVTUTbWuA1{6>U&!=pV_+jop<^VvX!~_M^h~4= z*k5bsKCcSwtJ;ms?4eIOPliT#b#!06VsEXT`x3lY&3ouGebaezyqjP^)>n1q;knRw z&f23RLT&#-yzrRL&<#yqh^Aua(LNXQPi=k5hwmxL*9Ganl`%iI;WZDvvd7FFcqOso zHg7Eb8R*CVoK-+~(T_hA;m7{!$Mz8IX0Jl}+sHvkKQ`O=-5~VikwWblpne?3dQo>i zs!#o3eqkqb3mwGq2cjeQh1>1w2yy+66-%pj-dkN|;_m3l9!F1}gbyF4p3LrxXGQeH z-Ji*I;Z zY5r-R))BRgGx0aRn>=3T*t*T{%nfJ2CG%ZzIWWwP%iZ|8AD6p=GE7_!eCui@F1Jo= z>I=l>z){79l_#h%r(*aTE4g^&wu3koxf0`($y6{u%Xx{!=S-YQak+WHIzh%Dn@wDf zc4`hd8<*o+ak(MNcdImUFH_#l+43grS9x8^Qveg|Os?*<yxtaIog>QpX2&xq7l3{eWUo?Y4EMGH}A8#WJTpovD=ypDbio1M1G_&_7|T`HHBMc{;&aCpnXgm~E*qm;Os?1> zf3DKT=)&>2SrZeRJLkZ2Cr)<~bk2p&vH`~FrVb)bxAX&u(|!Ic#p86HSLDa(ULO^T z)6D@77lDV1!9$IuF9r|s2W+hFIvbY?#>vF$(3dll|MqfTtZrqISlxEzHI2A=@UgnC zGkeQdu~^+Lf!yW$lY@`fZ7L!E?{oW_9)d^x#p_7pKm1>X+G2e5!tuJ9 zq49VcoKmc=W+YgNT;2tp{|TKpiB9ylUU5473;8CpU0S!Ky-|es8XNyfH zw+*A!AK0>>kKKH3JAZbknZwP^pK0v9a}ijz*z3NFG5eeYIIjU8=_=a5=HpMa*JIaf z886WGU0|B#*A-K$CdBoY-46u{X^bUQFKp;pFIt?Zcj0C-%m7`LuCz ziA?Mb9ME{)%&Rj`p&UyyuE0;)1vc!S3Qg3tp1EY@;MlQq+Q{69=3^eopMPh3ys~H> z13p1ZtoK?^`O3v|7e^H0b&)v!I>#nie3)4%o>Ycyz*iBE+wo~62fuk8c`B>^z+yv* z&uE;0?BXYA4Vaa;A5xF;eei+$l{byUT77-}*%<{e()!=T0Dj`M-Hxwp{OCCH!TO3H z?b?d0J?nKpgDk$xei=)NAMNbP#gBF&ce|0h{JtO3{BTzgPlAt%(8PeO)vRnmvZqQ>#^vraE2Pp9D{ z>`3rVoOj?Oa;h=>)rI7%)}JpOY<|FRci3@=pR22}h#6y)`}qNU-(FMh=Lh(|`}qOp zdtLARfXiNS#v!Xel>7iQZdgq2ou3~t)c421{et5VVla8*5Uw>2X;pp-I&J;?+1c_+ z_N%;KtGu#Yc{6NztkX8*q(Rd6BbA4oSo%)00D^q z!(6~_<^*<`ShLQ6`TwXpA2_SZI{%;f$IJ+dhNgxJh=^!KE*XyQ#)UzMthLgj)-C=F ziiW#v*{*Ev~x04~(xL!>6rvtwsAg!TPWN{9J#P#9Z?1(fF-$ zwwM2IGU~17`4s`$H2C)Jl?fKl@lV6@dCQc2&+S*{retQWLVOiuS!NQX_fGQuQcHXX z@tWw2_#5*U&E7u--^RQfW8-@KL~;}j_=eISaRzG+t9?~b^J?ag{ajiApUgmRud5& zz0Iamz~?sSlbZT>t?GZz^)n~Y)nNTw-t{f#1xO8CXVTe z4&UIib>51(`iyj`k6#2&??n#l>4TdFpXJ?qKLXo2nSbkixBgnc zcklYi{2saBd5Rz0>uGAXS23elv-RAz+Oou^W%P7O-Qej(WA@jGKB&58HMoH6^7A@+ zq`K7it2Rs}&sHzJUwm&K-@F+_+g>t;}|?0r{d8Zo{4^x!w<>1%K5eui_2aIK@-vc zM!}AA;L6zt^trqm2lMC_z(&!7?bd!?bgZ{l z;YAJ)MSew&1sA0UN6t8sGu?W!>*oDTA_MHFmo+xAM#0T7XNc~XtMgB@{T5)zmB{y} zYB-0OJqK$en`cvVXWyfsL3zkofm7%ika-Hu5Nr{8O{2$0`lPzS-5%&Ac?`kc5xhrk z!RvybgWUKzlzp)Wi5-P5jTT*U_A*iTeaoI_^XaNTCO@B^22Xnzf(Hw@C$zc>T1h|q z)zE6U##WiNdKql37i?vXJqysYgR4 z{SiA(Aimue=#SV8AD`t}FW{@~0^?IUzNJ566!nx8yf(j=Sho+p@1E~vzK=btI8OIS zTn@d#{Vw>{`K<1je8JDP?7xOwYXd)@#qTebnAbl$N9;hVsiH2mls^Y2*EK+M=GPa< ztb3}3pCL1;>yX{~{Cz$3k_ygK;{2Rc%I=}?&$?M$jh?9; zPpwN0o?6$v6k4|+$9F{cP@Hq&!IhKce0k_4@{(*wuz#L^X(DsOEI()7g+A1yGxNZJ zi?Cgj(WA}Uc1hhTbxF>4`F$Gn)xD_S<97-7L-y1eelxi*_d0V(Maz6_SDIe3KI%MI zVS`348m-=QrsP}Mu0b2VL~o7Azu2pbuvgt&EB0z~)?RV85Z83Wljf*Ck8OURhv<~? zXL5GT|6Q~lv#trXWBxUvx{)Ggr|xcMcwYuf1mmWk>#$`;Pg2C})ZF{fdzs@EoC=kPzvFXU;h^?zGePGY<4~8mn6aQ+2Hf*oQqgK(*K^|waey}&tmohnoN#s z^M;Yz$L2|2yqs(HP8B1R$FgxxzsJGGhGoQsz6?#i=tva_Hes;k>v2*estzNOA$h6|iB%d!|4e&+z+wj}? z+RA1k|Fd3ZKlR*;`^mdXWFO++25n~BXRw(f-+V`53RwCPzAK-z{Q-P0eWAz#J#wtQ zi#=3-=-|qROuh{ie?{Wly!fUBTlkMI9wRHZEnH&wT~Vpd_gjWN`%}fByz~81FTnE` zu?uNz!X9}4>Y%!=XW{qL&~+v>*~#y(gO}H0AHnn83%PDVzC0{|&Z$>#t!p4J%vrLZ z+e#l|@)Ev_3?-jVa1UtqEH-7&ft3wI95(Y3;w8}^ zX@|Ys$YUG78`$fm#1hcVwpY@ln!J{4uH%}STyrt` z3G{3bf9!ic%`9n}II9Ot@5L4y|Iox~m9FctRdKHmwObKAV_zTdz^)UuT!-|+Ot*YK zgZH~tJXVPJTV9XGdYN4^IBl@^cM?yJKt6`&k9|64zoh@ZqLR357&$O)qr^uOTz;hlJ9TPc z-x3FRW2d$S_-X2+{=7o2J}R??GIOl#m0;DS=qk8FPZ;>CXYaw-dZEu)eh;k#+Yi}Z zp;JBRT`#!B`xcJxMi-l~S3m6|$A#@`*0w9(ZjtN79te%zg>2^8E^JTMc0pV5DSH2! zFIy_6o5*z&&}W{P#P)QKPh{G8W}f}Q_N6ECd&~aJ{~$HSzZ!qakHMVwr(XZA8d?qJ zSwp={Y8W&=5nC`Ex}pOn7W?kIBlL6xYrw~B3)r6>CD`>}ic!kYYb_lvFTZ7!lnS!0uwH>-#+o1-2 zhJ1BhEODE|4*ekzx0Psz{)II=?GXG`b_f~UeLr>xIXhf-Xv@SB?GW^reu`$XL(r)c z8zlal*cfGppoxi_3hWRv`~Qm_`pdf_aMSksm%oBUEbzBG8 zbBlFGoZpX`KPQb0<<&t&rl^grk)DpxoWG;*cXIZA=lgZW;n})stowag?l;zxeoW5h zs%ops-tRpBe$rc6Lm#Z%m)rn-qlNe7d?eL3I-B@Juk$*&?>V`3{^1vT-<Y;j_ z)I;;V`Z2@mp>Mn% z-h+9xb^l;J)bF2n*F!%vm~-}qCNlpxxN%bte14gH;U4mZ-Mo*XkGNZ5+|ea^o$^(^r(D~S(W^?=jxeI#!Zryel(uilD}Q|EU1 zmXH5at{#xOkU9}PiN$jM7b`zAUe3SCrU7zi{LHNeuj_rh-mTt&mGdvfmlWSp{7LDx z6JJy1`_V}|->-Z?Y@qmnAL_*iL`UVboOz}CJtd^EFD-_m+0xqJCf^l@L4pTD2+cJdcZf&BeO6rTy8?dU#rzDcms*1GOL8gu$W836CqJ>aFrVK7 z=H=(}^(>^xSvvxjUx{}S%Yy>vdmwOBs?>-3xy%je(0HQn&U_@!!Y6MZsy z4kgD;5&3-mJM#JMp>=8dny`GnzNR2Aat?9M!{7{9njS%(%`r>&v2z@@>>TXp!;O3o z9*z)w&Yz__SL2)H57r0rA)R1YRR7B`!FJZ->VJ7{bz%QYWo2b#kIMsZ7VmL6+1?|z z>N#uuzJ1E~C**tvIh#TCw~W{QE%X*-Jic81UT`T5w)9=+Wz_i%U|<=_wHm(tRtfd3`JBx9MB)-%V7F zUrFBzKX0K&$gfk^M)s}T%ysz~;oCYNFZ|C66GHVp#5P9wteOiaxHO>*r@a2rRgWwqTYRSLfhjz_R6_ge!ZJJ#5$Si-5cSq~` zmgJ`V{RjNbp>qGzHk=h$fAG98dSa9f8AZ=r*n1*J((|#U!hbK4@yGr7l3ag{?B@#Z z)w9d1YeL6=pThUqm8g4#zw>mj!m-X__;M%abno?X;kp+#pFTtN&*aWK7OWJVn^(oT zU)-PfC+<53xyE;&1b&;|g=zq=T z0wZL1y^D?^vin`_=ZQZdGBJgBU&fOO|2AUdnc!`$2j{l@;<}8pUm~VZ)Tk(_wUhi|L&0e6!;pJ z-2X$w+JCG0W7gxJ^_j1KBJWdckazr+fs*%+U~g0SGh$OFSMJ{^@`0XbmXv#scCz+v zbZa*67?!iuzxo{WhJo{geu8F^;kFQB$WbAPdHb#8d#onMj7xU~q9jq^o-z_d$X&vma zXd{>*`!Vm2*zpd*jNJPp6a1#mNJ4DvS z7n1(#)j!*}QgRCSke{5!eD`+xown1%bR|7ZtC4%L8NP4hZTKktFfy~&gP$ulUwSAy zp|?C|9(mZ!+D<%q)#>Lu?F8|u$N=)+8XEW5*M!NxzGfc#?4F6tuxIh}u4K=>_$X;; zvdyC}0N+&gqKl7rq4YX>$H#g06t8CIDE{!y&7IY6F1_9Js$1mTrOq1O1;KMvZ3o|1 z;(E@zt&{nS5oNwT?!zZSd5-VBlxNQZ$FyCpfsZn)F^TKME~nvR`jncMKJ2o@7H6_% zdFPbs6PYFZVa>$Eat2fyI;+|UaqYJ&_HQKiYTM=2?zsg_@59$lPq6vQ`QY$K`lO|2 z@+|l}j_W)5uH0Mhnnmvci_|}BKYGa&y7Fjh|CphOii%e!Q1mkvsGh&Z#3GF|wY_a`N!4CP);Ndby zKbc^m;NUd+Is^*^7sWT7-U;4~hL>QRV4L(|424fFoLdTJHo*Th>*@oitIMi)riWCw zq&Z71eZ#aDdc8p{i|Kim^^45BhkMI?q(5IUSDv$kdx+kTljmxjm1oQM_Vfc^C%AZ| z@%0A|d{zB}%3kFA3lfK{qql$E>a#@FRPXj0eBfEgvE*b%vF9%KJlQMTIci8*%P96d ziapQv%KS5Qv>mM<%zKnRay0L+xapxMnJsO3%0F9swe|~My(au@0f|u#p6Qag{Cq=g zp#M?qo#evB=1ERO`WS`Y!h>g%2UgxIGYjmC922<(zn66~dlP>|{0!;qeTwT`JXfrdwEvKJ=r*c8#_AugKIL-ak3OTNG7*LP+F-dAAyhq`8Z zYCcYK`cm_;dxzd@Xo(-;qNVh-r)FZCvB# zLPPMS8{SC{GD}Nr|7?$bNH9m`awLa?FJO9qr2f;+Gi+M-O!Bd33o|h?ha!Hw|BmL0 z{9aRC%gN5|v2L3e{|Yb83-IE<7KGrck$q&&^atHH#(}W`?D+;fviWnh^2c-aH^ZOw zgo?Tzd?rO7XdygO^%wYN^J)ipDRF-%yh=@I%J!o+!uJ$$Y8qZ0Brnq#;s0f za%bV=34W#d+=V}Q0(3hFel0-0kE%-4?O~2(G1qi)&DfI@clPmb@ddlUu%ozE?j`<@ zI`PJT`Z(BUWQP5!`VV{E&tBJx?~V*hE?wrE#Gfv84ZFvaS1$AL zR8AATtHqx;Je&)Ey5ZmPJm2{7N8!gC z{@ugx$HBjGrykYPt$Fue;T6x8dzX?3S@nZ-YkS*W30YYqOBGNSlRz+#|iI&^>Fb#7?1u zUGO?!t2%63mBdzw4>MWE26F=bDE?`S)EyGWFKzO36yRsO@k>u*Hn`_USzD%J_z!bb)wObPM~J$G-&pdl&1ITwmY+`98PULRpXa;p#cqQJGUp@_Xso zZDM`qc}HU(WY5YLv+qv!9p||oHBOoDbjg`MYu<|nj+1P&dzLoYhU*VdM2d;U7 zYa(?U`WXAWeRPB_LvQKN{TFS2mA@YzuXU_T=Hj)R;l<<|63a`7)!G}pV^ys7DfTon zu&3L?_M~-Ug=-(^M6h3LwQ3ZR$7?`Mz67x3o0dH9tM}vM9VbaWq|l#;8-HCbymG`}TgWAi zK7#SrB(OUef8A3Ge(5+ze8oz9d3^k=4NNH2m- zD>f$Ud&Z5k$_6;j`VG2LEY9jK^W!XupA5~{U^_}M{oQW6H6`2__0)}bchp6 zeVTr>NPjCLmb!9O={Dw6%f9bW_T3#n-2pztiJy+c#suT1Zt$_F%_%i@vTTj`!2OP$ zw4eAabHZQSoR5D8u8g)tN4e;YE&6ZE7Mc2u!MkN4@srdf#SR&}WapUPBeX9ee){om zxZV*zodj=+#ZOYVU59@#4b0h2EGl(->OVWT4;j?5o!ZEDY9kUmJy{StQS&V&cCz?4 z8(-m_tW9F4Z?JZWWu&%LFSrNBne!d)`i;xQyH|c8< zTvHvmW?`7@IBe&lkr8^U<0kw3CvtO}1S3WbNIx6>yc4}mQZu{&`lco}ZaQD{ARC8- z^^(Y5w)r{n>0x`=7XH4K+K_&>GX}Vy?UOIDuVLiN$*)O2n~K9i&-(II|G_-Z+vMy| z&@q6zM_BJcSe$?ltLkMb&QKxm(T7g&CigBih1W(nWFVyXragc!A`2oD6u zs9Q6ScuZU8(|cD=4$KI;`q?h0-^ta_c5j%TXc>vrHT#+{T?)gV2wghE#gh!?c(c>mg>wU71kUKG>6_KRP^OJ+o0;BV7cF%bQ0FP-MV8?AFu z{cAH~^skMi_SJ(-4^;nJpXg@;cp&l|qkk5n<>g6>I*lz01@FnKT1w^oO4hxM(+d3IRe+M2`Ix3&oW#pzqSDx_~M$Itw}wJ*Zg zxP5C&7mayL`qgTwgGs+y99nfDb5_4vdsM&LFeNv|`_+25&KciD;Mv|&9l9EVXD3*A z7TT|-vF%X%)ox*CVxaof?t0PBoyF=`10x&2=D7W8&D`6>6xn_??jd@9qdXTMyNUZ9 zO267t7mqZahV`q_qgmi@>3+5Lb%}A=ezh&skjYK7ubZ9wS*bOV(SzxY+5h)#-PP2p zIltwl$Fs36e!%#)`iAIO_Y&9sh;{Ar?tcjj z*s*et?Dal=zMZ|&V@xe>&>p)+a-8O6Ha4lZY9#PcY9#hvf6a{T>cC!W!uINj&5m>J zJCN7h67a{f{^t>_myEza(Djmd=WFR0g&bCU8XlBbFX>1h=6cD)r#LXr&^>OwBqE>n z5<1YIdWrP+KI!GZ54@KgMKivj^m5!Hc@bn#)&Gg7B6`(Y8=$+Xm)z{@c&q4m3VA}` z)o1DX7=aE*Zh?Z5PGLNnML*30&tL+oXH^B1a~lI4Y6PXUKo1&5wiI8?nS(T^I7&7bdaR>F+| z{`AZV;g180em^`yCv=|ZtMDz4Ux!#4dG!_5-|nujOa!|Js=ng1QP`v(*}Z9Eo6zf!-n1+pN*}dtn|d6!$?IqDnvIPM znK^#nrhMCV_v{dCBvz7~>4tYW@DST|uVuSTe$&)n#vSLbH=DjSsl!MO#;(6~fZL_i zU#|K&*Y~sjBIiR$-`aFADJ;I}1M9oJn(*E=cw3}*EtJ1W2Y+W{_s-SznRD5jiKXfT z^_jEzU9dj$9o7=FuPtv)QlAO>K#j;*Sg)HcOaIF}@7l-mWoa<7WMA_F*L*W@O?jBS z8Emk6rv|%Z&-ka>7SGjkXxD4%-&nkSZe{s1an2zS*_HpY@dUJV<>yTv{+Sn`KY8pW zJY#KTMaPhw zO|V`ZR?mqmJ4Rk=)%hIx^@b~`6BVoHoF9;*_x3}M>RtQSa^yIlL!VdR*LULX)7Ori zek^n9M?#-pkgNB2f&IPleCc{JIAVYQ>##pkU%OhxPWk*0eQ6%x`p+q%FS`D7b9nuS z`0$vvIrQIA|7jh?EUtNHx2yj161@(t`p>Oe&$cT)yY-nE^`LOw&DDd#bukRXBJ!uJ zPjX;dh%QR}6s!ly*#Z|?^`QH~*PhC%XTo~R?Q;#}YyoqwK~P?2IQoaf&Nq`{Pzi$sq_A43>O;}eZIkJ^x%pC zJl|k8`fTb$H#_P>-$q8)VGC-?um^A4_Dt}+gGM#OOD$B_i{||>S1&rV$ax1RpcjW& zFDiP@0eRBaP}@|bUi2Mk6HzZJ`s}cJ(Wu(Pch12p$Z(u`QJ=0Cy$pZT@b`o8H~q%# z&jims$niJ7e)RGarPq&^>GKX0Pr`agG*9gM(U>CV9W>ED6X(2xk0Wo+_%#CmW}g@z z|Bkls&#oT{2AbXygN65jgHLH3j5_zA1>BLojkxC?Wc?S_ACx;ER_Y01=N$}w4&0-L zVAqeN7ctNO)wP19x_;Eh`m3v|p9zbz%((}$eyLgfvBUQhWd72wBN;jf4(#R{gTJPp z^gusw_tm#Mc&2gpu@L`acSt>H2{RNX*Cp?++d{5c{fykEITK;4p0Sy7!{X(W-?;gi zxU)9IRP84Jd=oSE7d`67UB1qZZ~M+aN5}A+T>B)3-)Zg9$it2j&PP}ZADY>Bw!VZ- z+)OS*_I@irx9dxD^b8I$!}4bK-$cA{o#u5mcG9wApPOLseG+>g6xjQ}hV9)EPhRJu zgYX+a&YYX@LroJykM$w-rTK?p9%m`~rRz(rvGT1tW~v68Yry6-{vqe&JaZegubDiq z%`2l;2fd4(sX%?IHCBE#EJic5j>zks6h-@xyxuB@eER%w=l3RY{#3Dgli-y-pEC_v zeDaOvXJk&tnbV{0L@lbMx>FPM57wOw7Id;F^V!s$8pG>OS-o#$o_YEs`Fj80<g7Z7w=wjUY9qAjF{&ZXS7d`9SlEYbd zn#D70UYNSmYUpk7$<&>^{?(nb{5c8!?0Pt#KhwkbWAw$!b$!Ies{l4F59ov8-;R^r z`PR7eJ)aX^I_ggeVu-azaK2|c_8_GG6b}yr^`{E9c@jId)@9`C?Zqo*NuO!~!)KT)glQ*Qfp2N)8k zJ|$;(OPrwcrcHitjy?ZV)TWhCrvg7a9JZ{(^iW{S)MsPMwt%C8_obe(fS=cDeB7s) zOa9VBSuE|49*aMHD%#e0F1}#v?D<}Um+SjcpE^r;BN#a;zrP~ve1$DP<$6bb>K)Lg z*nE&(pZWm)iTHG3@zbH!siOERwTK{pN5bC;>_O%bma<2Q{UlbK3Z7oXTG!%B+4Dp< zaZP{gRl&6-sZ9mflZdWYWo7C;$kc29lP^=VkSSa4#&XT?1J`^aOzsR;ST=mtun26> z^{UTk8&3Xn0OyMm+4-W=p?7LxV$(>?n`~?qmeZAe=(^PSu=Q{I+s_vzewJUKQgLTk zZb-)|#p+Rh>^gAus9kS!@INF6?w&779H#lAMA3TGil3mT$c^ZA8=v!XIx%EtwQKJ> zmy$nUlo-JIqMY2%W6dJ>bNjLO&qb^~SdTqY^F_^~$GW~0HeW>k2itgl+Yb8OM)8jH zV)dnZdTU(urDFA@NL|yi5vfaI@)MCy9pd6ih%SZC7tQ_~%@;M~%@;kf6JCx_Y9nSfp+3+t;y(nzHD96wI`p{hXI*vMOoO7{*^F?uJ z6{rt&M9mkyPQO8%`p{32FK7H1foH!u)}gB*couKI$j7#~(tJ_VGk#9bt`CKthrOtw zr1_$2xVQKudFNqs57F~0OJ`o)wPju~%7&-2IQSf~1YUqv*(rcpU zi}LF~?c3R_anc7j5IriDLC0`#d&$-?O9YJf+STk)LR9fbRBuk@v69Z>ub9Ptotn411Ve`V&d6IseN8ymE^CU{G^RN$< zBht8gH*?lk1o-pQ%i?3vFOMmXMFTxwltHFk^_?Sqe%rI)zN@|y8}9=39oxoo1_8L& zzw_H-W1*v-^KNXQtDaNpp5oSX$_BWe^I73Z3G+pU<}zQDs;GtL?)r^6zpYd{#Hru> zj$SLL|7~o4ME&M3M@Q&ih)s$+Uo=AWOfWL=eumY7^RJ`MZ;P~1rPXahZIjFw1#QzI z%ok;C*G%T4Py6qD+jZ-uA=s#G*PSkYV7mr-zUVP3WT}#gB8%ErDxZ=9)-su^wN>IrG#zq`tS^&+|UQ z-=*fqN6q_faUXyX2`=etJb&mm@AG+2>zmS|vNWCV*d2o-K zo?Yp`jXQH@`T=%?%+oMG^r%Z7jNF{1<>t(O$jy1Ked|2OZ*uiX^M2DzoPC-7M4tzj zll%Qo`Evgk{&wv%>MXmei1q)i>NO{cyce(6Fb_1e?bGz}QLiaF5A-5E4I%X!x1Qu` zG2~?4@1C=>uL;woe$;DL4|ZT_h%QCcYxaBOg3mnS=fO4X@5OgC=fQncWD|Y3guhK* zaUkk7GhH;&diPeV*US@qDXm_kWZTqhuKAz5dQEFoz2;Qpyhy!fztb+{YBAyRZeJ57 z??vi0k3x%xdQH)1|1Ih@e?oQ-v0kJ3nP0E@OM6N6n*H{9aDJ{h1eY`q0`;2KsCvyE z^sB_F*UUk_oIYVhz2=&u;^SG&dX2)iw^F_4#3#Ww@@z5dHTxUD=CF9i%<=5hb37jR z7P}s(*X$QP&uq)#>Y>zYDqK9$cp6r(Sr$IOlRc}(n%`09Lz(##yIaXt+39F zYGYRTli$w9GU(O#wk?;0#3?#1{z^}L3ebJIY(!` zMxDcC>NRETRs5N+@SQyW%u%bc_xcI;dTL;=OTzYQ@-zN6q@1 zA@ezh<9#`+kZE0?q23bz9i-&ITGO+$^_hZqoJzeWcn$*JiFfAFA=GCkMA14V7Z$9~ z`0p!n_cLG4xnITVGcxm-oyUoo!RbeBChx2hIbVldgwp43KR=>Ao7#-j3S6}rTeep* z=X>S-`Fi}be~i}S-_*GEI2ccgJZJlpRgbuP9w+R5I-a3*us(zC2kSFxwvw96${+do z@2t(BZ`s-mInBJ<47m|!ZH5|7ur_lO&!9Gw<%OxuNWPJI423zSHX}KzQr~R~f3h<; z6XDN+`+WY)*6)nIGK@bC>{;mIRRDXwrsHFqUx)gB9kCB@h5F2Vus)8EdB4sT z%)!Z=fY?vFHY4Xnt9NHkiZ^eg@H0-W+EJg`&YnW*GbQcmZ&jZu7oL<*pD{F-`i!Z~ zP^a|ucK%i$Ceq|T0E29a`T>UHH)IJSwdf;)895a7g3-2O0@$ojShy`B)dMd zKH~hhjo?F^`iz_d5;|WKW~0E%xM#mLIOanQ-+I9p^V!&@kzi$iW@>C~+{kJEn8hyy)!+e zx+TrKcGA3S=TK*8qWCHEzCnIATD6$(u`d%RnL3O*hjn5i^B}+LZ!IRcCaJ{~tRrG} z#+IEq$j(^-*=haIzLoYhpX8bmfoqm>O(YIjet+wr2)zflRDFu{cQXYl7BaO_J0%}pxfr`pATw&l`>cJsj$6KrwQh(XN0`3XWjsx_jb)z@_W|% zdQ@B(mNV8d#u6{F{NBo`&%~(HgrB7o7OzC)VrpIV3&|~iSIdaVhR8^;J`-0~jC{Dy zcS~f7)n~SB&X=1X@bA1hIxNR7HgcQa*R``ML?@7&@bldgs$LU!pP~!$pV@Ep`EI%T z&254GHTPqG%Omy|cD|ecuF=Bt-KGxk`EK{3=cb-BIplmdKgJl^wwr#iGR__M-7&Cz9 zyY->JrrtBzb-o)iT2*yX!MScm2Ta}P_ZxC`pFu^=bz4R6&!NVv82$Tj_} z`%DA_!sA={$_@0s0U47^m*@ZF8<0e4So3z2H1I_}U@0>Q3fCyU5u~{VldY~WkJBwXBliUIRQrLNJJ3{I~#7Z5(^W4p#u4M`H4yShm;p=hjEmha|=^H6qdP zVekPR?QqqHuH@(Td2W;0yB!x*YCdPG83svn)a{G#0I}u*l%E;a}|`p5Im`yp&ujyi84Ks%rqx7T0*6 zOOgw(KZ57Cy@*`6>PNBhPuCAj{ip{VTw6K)8KZN-I#MY$q}cdq>KvC)E4h?;%9)AG zdDu2r4XM<9#jPQY8sHh9&k0|O)Q~FeGuz69?lZDJkcYniZa6L{v>22U=Xg#Tz4J)m#6l%Mq=fUWa zv0X`Uv!8XPEO!1AGs~k^<=eJp(?YOQ+qSQ|c!O-{tdHeK!0}z~8@P{c@($DeO<;FzK(D z$~v1^r>Qq}O-y8t=l6$DYsy=f=hvF@)-pSy)|5Ib_uka)%u{~(?yNkuOHB0Vi}tOw zuX#ew9SB_W3fDwpg%vye`QW~l$!ahRAF698zO~drj32A*^=wNP#a`R>rZ_Vm20vPu$~aDD0L$dg@PQgLOG`ckpFk{_E6 z+<9%+y66{@;|ca_iLANmOL1gFcw+d`@A)4sH)r-kZq9SWZTq%uDLg_ z4%8kw|AU+#VjZX>MjeQ}W{B-DwIcFt-7|Ur33W@}_m{b{hMw~az09M~BBBmd^x0u` zpu>4y+n`rOa4lm{|VN2?t<>t~`5$s)t!d;ajeX&KwpjB&eCP1b|3uL`Bu5sk=S0r` za4uJ|dd}gR|Dkr!8a$f~eQuTW7j-U7eKxrg$%VP*e^lN<%l0bffUo>!R*zdHH}SK{ z(R%!w*WG#?j3*@?H2JRe{ix@7LTl!9;+)T>YVqjP%16QB!+bW|O+3Tqg{kAn{12GZ zDrZERI?n7;>p1Me=FddX-{!$H)R7{yD1l*6sg^Gm+jx!jSZFe?HHQd zHJhmUA4S`Np8uiW(dlm+or~x(_{v`$cxiMn#3sd_{{bK3)N78w{7Z=#}{K36$E)Z0Mr1K;j~w#QfPTPfFdP9Xl6 z)wrqZs!@+gKWtt+v`wE~U5)QGm^ta8+-n$EELgYA@7eoQ*xtyuKdeS_Zpv9 zKa;r6k^eIE6Pj>+!TVCq zjdkVTqupb@O-bZDMbDV8Gsm=@Nlz!WjiP6pt)^#6Y8y#xyX5kSL&)(ZGSoKmWLM1< z=V}(@E(&Ena80XA&h2XoXd00R{H%+{A$5)Wt(t2&Ib_i(k*iT)NaBXFyNs^cc(q&g z=bn_qtLb3JO#dC+J>;IR>+{Zh(duMu^%(-U612TFKb^0LoCDgeI7qs1QcMkjHEb~0wt0-5vTR=w( z^G^?y-`-B_~W+79&b5`iL1WepaFIxh+-HeQO24qy` z&jlN+G&XKQM(0AaImnXa@25heUEq8dH0gmBNoeZt@fdm+2W^pSyCSxm-&|jW0uhPqmS# zylxGZUHcjbM(5o}Y7`gi8U=EpY82S7FM+wLMuENSz8E?q6TR3i@nz#Ydx}@Ra}?I4to@W zCFfgMB6y+fGjeUuv)2FVrWXWX8klSEX0E--tJv8vq@tyPx%LL;+UM4kw~X}4TLgEE z{jOF0ANhDAxGOkwYnk_mV2k(&cv6%_s&j+BPyz9QEjQ#NrQo&!T35w4wwqX!|aR^{P~%t#oX8+{oE zPYw*tpBL#Q&noYzSj*W)6{jRJGP66|oAk@nIiibRn|DLST|Q>}GE^Xwy2f*TG&GBd)`ja$I~PV~*C8z26b)(v#cJj>i~JG4zgBi_3N-c;nraupT6UnBZ*DQku% zw!W-l9`wo;`TFv+3*+m{i+>KmA4^|u(fXqJU$6b6VZ#5y^T6c&?()7A!5gu!DQK=} z4-afv$jDg_)?C0yY`|jla1Op_ntdMBu_p1K(nYcFY518&AG^@Udt&ONlKFZcb4(Ba zMex+j(WTH&`y8l7bjI!jm;NbRZ|(cV(Ovs`kyFVp*}c2<*szdXa8azW?;ST6ytOjt zJF%}jYr!J%RcoPZH*}qH8hhP?&uqZX6|=v>>!WycJ8NWGr&3A z;|~^*>xdlgsZnwslEa;<*{<8M83ZDZSN&p(S@@k-CRm5Gmpf8;u| zb5xDj(gkKGys{SiJ7IX8{*yz0!Rucbyl(RKb(zBJx99M>0ltFMN%XQ8eeDE0yNGdY z9X*!4D7*$+?L9T(lL=-g!O2drv}+ca1eSjLyE)%%9iPP)l6PI%*X8*~O}<{1Uv=hV zyd>UU+0*&)zFh*YZ zg;yPTA~FTt2PQws`>}Q2`&%XK`OR-Q9nzmiJw(03Ic9!R(dLzvhmfDtJq7j5tsm8z@3Vh? zVu)OyNFGFNq~)_;A4X5hXYX%*ayog9nEA<$nyorN$vaA;@{{VG1DKz@Ue4q>g#6?= zF8Y;_pOl=WqCCSkg5QA{6|k6mAo zpJc|!pYb@9cL=NJ7tvk&`KI63&QA`<|8?ajOWoTM$WJPoNq#cw9l$0(S?c=joN!n^ z_!WApoc@im0}=VjKmQ>@&Id3*IUKpR@%M1&CpWwHH9+~vKCq>f{AA<$oNsm`pZ^B= z$##R`Bgi#MeTm#*yUc&+{G|FEJ3mRhO%9=5@@{s1@}aM0^ONd%<{8=iB>CmY{G`V2 z8s^8J{c;w&dCvH@iRTrOam&|9xOm@>{G_YjZMK(qB00-@LV5y@f|sIq@+YrOjol8| zIz_9`YWhfyGC3>pM3r~uY0g@8jC@&j*dEE31@lP~_cWK#PwD%>g}r4F`AX+JvB_6@ z&`fAlGjilc4ev(I-voc))c!lpCYwtr3KH;bMvk)Ri;ANft<#6lghbC*hw!g|+zi@51#ics}aBZGQc7 z+}njF(fydSbw4KaPIQG~vMcoY?ee^QXM0q>^A7rFRKAlwLDM^C z_hYX1#-28E(dj>sc+&L3D_PaK$}r3?xF$@V^?kx}o@23<5joFrUDEdr%XvnGylS%JuuqV?i8+%&gqA@>^zRat2 zUuGQI2J)W76yaw*9Itp?Jnz}dbz)}=bRwcJbKfft9SOmh_vsq1vgJp(AM=6xaz6F9 zKpUtgrG~S!~_2WUF=@W)!zKOy~NzpLVeu|joVgV<~BJ4@8|DpyBDmg;+%n> z+@6gEc*gj)_x@doTnp9*@}Brq!=`ENhF~uPNs-OTT7N&Z2rZ-(~e~roes4kCxKA`K5ISR+6i1ZGewr?*e&I zr8_z=sy>J1MW?v?HkBUjYSVfIu9;^|!S{7qe=E@6{`PUk(QSJjt~}{;;CM)$v?wOo_l}zOA`)# zkoY&MpYvJt)W+x4-r?=%ywBEA@ig zuKvy!kp#CxtHnhe46j)`L<2I|72tQV~-qIx%jqxj8Bg* zBJ)=Mbnos686P2QnOt|hCDSTjH8M9NWb#!Z{hj#f{!G>P*ZT4Q8GLsZdFhb;PDQ8T zLL06Ve_Q-~@}~PGPRpZ3jJ)Zlu)UFcE9md6)br;fo%83JWW|kY{v1EL-IWUxzl{D) zRl_wgxBN_9?}(#~AE)9eFw&lHvuSMTyDTIhNPp)ehQ@PBpz)9Hh)?5E>3(?x-JSiN z4tc5#*{?r;E^^_^)fpx1c}WR-E{LPWUg+G?=!pFV^YMm%q4Vd+oti(7lDpvi`7khy z^~n6WABzobyR}W_Ka0+vd-OWx`}5|{sc{J|70#dYo<;myGk<>lJ^9$D`a45n z>i_+U)=TMe2;#qqpNUz+&fK`cMK_&W$o6;Y`8t38JU3q_aaxM_NHA%MJ%5gjs`+zE zMy-6O!p6w?b7&!F*o;&&_Cr;F=RNGR=W>7ke0!1k^GoT+QTa}IU~)4_@^e$k?acG% z&-WMPI`vGO%6o+7?)|wpbxo-3`q!vj=cRi7e4?H|$M1aw{8711@`~M;f=d&bi@=7< z{CS*bhvhoe{JExgVE#Pg&!68|Fn`{MOr`N}dRSlACCG^MAI;3sJ(%m93=dSUlev== zGcK}rnNjIO_OiLonb7!yp;L#|3(%> zK1;!pjp_JU605&+?~T#(=R^8Ae-7SAy>j6id}6SriRWA+pOL2?{%x=*&mL<`VE$aa zr!as1ykWo4YOM0Ptod`~MDWSacjo5Lef{M8pD)wjDgKvW5Hew&FXt-sC*L{KMgJ4o z6Mk4hzSHsrB&T5PXVm<8H+raM&yjnnrHp`PvhOqKRm{HAkA0Z_&NKDAZ9#vhqLcPb z1Ndxc^95+5d{bzn=g$j$Q-jlz=Y)5XZ^CD9Z`l9$ZQa$0hjucLdFK+}XZPb}yr$uIR6etUGe7KjSlb=PyS} z{t`XR&Yx>tbj+XQ=iI2~&*SK$o!c|{%Q5g;-j5`?OFL&->KUYQbk}~qYyNyKcpQ?q zEQ&Suz2oLBx61svrY(Jx_WU`1&5fb+=Z0pIvoy2kt}{ff{?3xtA17b=1$wrLCj? z#$HOvSJtf3`AYUz#b@!wV$PrMABg#LgR2scm>i{%TfuMh+2knKVDnXe68sLEKR5Vo z=O-^{@v+=I&)nC}Plok(+SuL7*(Wob^09mK*+pdB%1{2dJ3^+luTwC8&R$J^&G-|= z@{@PoogbsS@{@*6uimch9Dd!Q!!k1We!Uw`tGm$~Ssa{+IG{G^gq$sv4^eOmd+$ocbgklFs` zC!=N8&pk%VZghU~Nia7oKN;uQM<_q3=pM{Zo(vEAo1cucw?KX}a{l}wdST+^C!3K4 zr~e*-C3kc=@Hzxb{-*g!@J8~J)4!GTfv3u6;(gPPDLIWidt73E()45Yf=`b8q_UIC zZ`1in{I6_&60GY51N)Po9PgsP#-xGBPpaG`IZ8PrQ?TW=yR!L7dZ7z@GS4(KvH19# z=~KU7An zi9-)DKRK4XM$G(VM@?tE{G__)0OluO;>;mCJ}xys+2W!f@vh84NIbJI#`&0G`N>CE zTR-N{_se?<|pImuKj#he)4*3m@7Y7>fVk(ep1maZhn&WcND`)n>KOslOKAyh#iQ?PkuZZ zVHXB4KY2a&%f{csou3@x+E)qr$-La;%>4Z12iQv~`N`xra=zLB@%e9%pDdU^CwHi3 z&UJoLeU6=<#190&+k^AxZ@bmUa&TNd&pacWpTrl8$WLb9QF;|;pNzjLi`_hDeA~(~ zMP%Iabyn|+km(ZgldgU@=AGZ<4AeKp=l(3bl(<6vMDtz9r+~5p)||H7S#;j~ zUV1h9kVch#bVfx@a4cgXmAcWy$mA=Oo^&M%RkvG_85_Hf2ropky$lwZuRa2`!6Hs z&B@zH|D};#$w5qEzgB)Ta^Cz^`X^L=leov#e<|~L%$vUv*0&di@xDA~bDU0Gx33B7 z!E6C@BXXP(y5v7QEXO%n=FK(D!+J1-^X7f@)kzPg^j+rlVQSn6<~Wm0AvsQB>tGM2 zS2q7{=FQ)*=gs5LHjw9xoHt*jcwM{?^Ml};*uzq4CLjMlhkXjcn8z@BWc< zFT~dxx-#cO50TGSelvXD+{dbh!g=#I&Q!UHz`QwF<>xnZ^X3MNE=MNhI|cLRU}Asr zo3H(^gYFue;^sGZM9iB@|7B_-^iw^hy#MEG+5BdEcIJFyUjJpgJ##);&ryjy$)7y` z7QO^>IVu)-8#J=>oPt52KCZhTv(?O<&*yBCcVC|$1AOiD5c$Rj2=-&H3Zt*pU-n(? ze~G@NW!@Z2?~Kup87GDpUpdMCxwbXU44KTE7n?Qb+V*seoTu>*qxvydaR!kcZw;yvbwF@&}Ze%H{FZ0WXI9vYbuljmI44a)hwCBsu zoNLb>rA<0&Kz86mH7FhTeQxAXXcsa89zckW1qiC{&cN%Zo^9E zl0Wmstp4z<@on2j#n+!_Ukbq|OMhS?L!2+)hu+)y&xG#JyxGi`$LP;g zdPKiX4?5S&xhQhJ8G60J%mC7V_`IECGx<-^S8^6=o>X$66^Afe9!Hn$HMnx17hvZ? za-i*{G zCI7|d$uC5%Z9HD>Ip)a+us?IxZyfsT$baq*c|VZkKg}$8us^egy_AywT)iUayZslR zCI5LGxE^PoyapX)mOQdgGwv+8!Ph{aW_Fg`=)TE=Zq;}$`O7Eq{er!kzk>fVOKz~- z?$vy@(Z_Z3OmpvSE|gihAM^dZx_pyAOK#)%7|uF*Wl=tkUpBIcoLjljPrKwGP{+DK z%dzC1UDVD7IA+d7%q$!(MHJve`?fp-k?UaIpF%mK^0+N9Uz&(aqG{|e)JKfgrm z+3uQ!_hWYJngPsHJ^5=F)-=|sS&meK_rx&22(Na-vqzzwp_e~DmVch8OI})+=j7$f zd@fa9URhjRUQ~Z3^3%yWlehkH<;XJceMRNRlCRXM)I1tF8wlPtCr7s_ddHBne|OPN z$ARC|a%SjNtKOGBJo_#;k$aWbN50CCy%f6eF666;+4N52D~Udd%)N*GY$^BNr~Dw% z2k!qYGjpOB#pLZ%B5%lLfxOlGvLyGE-*vJ7DePa#uGzo7CQ>HtYrp&QIx0!^+c_Z~GE>+f%T+wJt{tw9z>VY^Sq zcHe^SPI3Kg>~|IRTkuwFcqP3>l0Qp=#hvJi?FU@_C4R?sb9shf^IGl~<_r8$dK@CK z8Qg6R^#yXc+uA&UxV!a52Ofmr?%e@?_~&O9;zO7`-rknO%%yyei(Bw2EKg!iXq2Ug)Bu#??mx_R8q<)klTP^BjB!k>@eUb83(;&qjXFl6_Tq z?^8ZGvZrb~WyGgSZ^yU&oIbiZa{Z6UqsX=GXFSTxT3mU4e-U}Me2rG|HI!}?`Wi=E z<||#i3X%D*!aKq53h=eb^B$2sNn9fMAfF{~JSE|^C8-Bq#5IGcU5o|ezfByryW)!v zomEz|v*zfUmYTA%wwfEKy--zF)zaftwcJbmw3xo+cXEENrl&ApY?qwtnPb636fnaX~zwm#P=%S$ZKlA-WONi>ZRE!gF+I zT+<&{CWviiHe?;|Zc;^$|KY z2^~YvTsrpK>(Md38%M|Ppw}c%$0k8~Y#{e1XEQYthx>UK zf7aZ!_7v|aKFPVxMBQ)ongk#AHTm_dT2*7uowq7E@l*r7XY+}HksEoxY-&1xz~tVq zkQYZjC3h)j@2YpyUyK|g2Y0akq{tdEmB?iZES4N*68ZWS-*ft|$hF^(kjsG@dpHr< z6bzT|bwMN11Eu%Kow0}01gp^lXAZQws$ln8m;!#NpY^7!7;`o87Yak9w!rxByUXF?lGKV*W_bDa$ zw@u#ydg0rOUHZI>Ce&5adTi2S_H!M3zZMx>2$o}? z?DKWLF0{c$$=O(Ww81tBZMv=lJFmsIEKFp??^S1WL!(Nmv0VaN%*44mgY@VX?r9PdLvslOF{2ZRid6&rs=r@Ub zVHe-_W!5>9-%sH86WPNoes?*)gXWJjLodFe@K@}svZoXH{>((ClJ7~*;SBiF4S(fq z>n{A;PFaWIjkX=?9E=Ov=KUww#q;Dl%I{@=Vkh$A-+I3|$)J^wbM| z1c$Qy6VUix@LlX~Y+Tr;?Jj$@?e6=T-IN-X(mD9vz+372aJRsZMI?h+Vk(TfOUZis;qN5@Y@J#uNqA&17>gA71zaRW^`ifDs z)pelyFd9bG%XcVWCMWMA+a}iAD*1QxK7%gTOTLnIcOv&|JnzwauyIqox3`JRD12h? z_{GW(5ueScL)iv$mK~$G?i$%Y*d#L_U6TJm?z+((@zGQAZ+`B}sL-Nn!y;&r;(GN? z8uB92r%+FxWi9tJxp;DS=XFD`sirp1=VPRY2zfX5MexIxWprb2Xg*%kSX~nqlZEji zA~*7X&pBi}BqsZ&mT4oO>s9QN&mUEvhZm-wV?H^nG_;f&=6x->T*g{HmypZwd1vGl z8j4MJ$?0(-r^v13GP>Z)f8J!}!{Kl1$v>4}MuZAvz%W!4c$ek9ht6_8i9loX@3V`~=~{o{X>hVuuI z=l7au}o{9Bgq;_;us`>R!an~zs29}dRPCol3e zJsN3bOZow%H$X6doRM4Tai+*Ef5)urv`gM#iSSJ1mhXjO{tCez3-jN&pqc9 z*_?r(_&x)w6L&xBz@`wL$n)ok zT_WqVv)|(NS=Lu-eRkrqobUEtK9{P;%l|!~$6!RT4s{Q>d8qZ-aW0-}-OJ0D*8BN; z|NP+-v-uIp8Hjy1e%KuHC#ib!MPOHonv(cr;xp+uqdhOqAV-0prSvTjXS7S4@iCzR z_B9)4kf-P-Zz1nDbHy2-5qi}7wW&GC+&pkr>P4%l$K66LWc3LW)5yD7tk;}|hiTEdSqb<|tp===cvEUGss@Y<^dMuVr%v@oAQRt)-+lNq z%T$jmh%BG<+IZVL_QsHzLLp@zJUC}Bl(`xgTxOE)`YeSmcvi!bCz7(xa)O2 z7&%b&VB}Zo!PiJV*xHAhMPolEKR^ssXivj8mgD*NxCJ)I@A6nn~dCHL5w)nVc&=pb>_ zze3AW^!J0@Gp_!=PEW%?>TjC+Md@#(4Y&0-%&)bt89*KX&QIg(_~(Q1MnpY%Cg&4G z=JnByxb@^_=Nb>ap8T<;lc5r6F)pyPoB#6O2v+~*XFQ8#gFJv5IY_c z8(?8Tp5NRQzn*-)i(Y~O!>PZ5n^J#sV{5_aiFTJ`Wpv!PCBe5g7 zLS@5M>a{R4DKUE7qc$=yucp9EKghW7mHW-xnnAnyfswMzV< zunUX_uUh_E}umHCbe2BDBS>2tK8z^Y_K<2|R12epe;)?_17l zlR0jw!HUn&DD^tQ{Ym^xa1CrMz%`Bk;8eWXbo=@^xK_-*MBv)Dc9xE7_WMgzywFsk z>g~JF@h)H%2H^S4$(F>vLHZODV;M>+8JUEO$$FHya zXXuFiP;?aAB=%w>HKp17{Bd0e2b+~GhbQ%)mGE!@C>bvkV_}x*~cUf=SQ1iWwUY*nmByN4*Dc*`?6YE&Y z`dZk>9mvIUFSBo3dE4HK%C^p?%C_ORCiY)=tG9nddD$LvU6;xHiNq3P<+}^{?zMdP zI=*{7-(AdiNAul=inh*FMd5dmug+}=MT-=4c>a9ufnJClpMH{0gM`okJ?p%X`;O+m z{H`HDpTsHXg;&+K;acXTxn~(QIi)+qv-QNYDyPMBDv5V%$e~q^bje%#!ZRp~?RFx=ilYh(if5vyje>z?GgG?yiiTvWDO?s#Ix!IikC~=0I zog#Zb{S2;S-*VlxSHt^>`FhiMvdDT}+k4?FJZ&A-cwU?ER`D2Kn)L~fx5>J=R|UM1 zUeHSTqj;Uj@%ld5A91>zg|n8=$-BIadB*VUGyd+7p7CYt8Mn(bR^^^iZk~}i>yV!D z1?w4~lV_}jCeVG9ru#^P8=CHGp!@ywZ>PN>ZRrPmzE64&XMviZCkLyaOP{~GZlr%* z`cm|ocbOX+J^y*bhcolmPdzgGj_a-PAq^j@;e&er34EyLzU7(^7g=kcB5S`Ny}m1v zNv%p`y4NN$J@*p>Jb-SjL^iNf%4cq>Qtyrm=7ywaYRog-qnhgnBZEV^&#**h#R2zx z{tOil=K96NSE=W_Q~2&wzS}L>3K-k5Id6qpN4?(%W7Z+h@7a-i zzMKQ*@t>bx^82&K9hcvql?GS)z}4PeWpzDZZTCxMb#|}TZtQVi1GJmvWj@H7UcT7N zT+A9j#2S6SVlX`lLpI#c8k3i^Ui>k!IWO+{qdHTe{@BEwDe!XfN4$M~@ORz^yyrOg zb>D8zRFI!-;b$L*AB#Wf?VBM#`)6+-JiBZ(_F=I%Vo$1i)i*hJK)qjk@m1cw$;4c@ zRD59K6z}}^i4B>=HQij(#5LRKYfN4a?Po&!`b6e?tRZ>iOeh0dEP?qc`f(64!)Kf{^=erYt760dC&1>`S(nmOkUV~Ut29Y zGN+uGc<`x{_sfp@(gnV*u(vXFLUKwYl?}hJZSK&Jb37t)o--_YGxFXYQq%a1C6CfC zxtp1y14Hxcd!5Km7c$q4-R+rGRyPedy(_w4fOrlEhk(5X4-)S1Y=%+aYn4CpKUEJyGAqsq}r?~3S0_a&@rSE8<0 z=Ne@WucH>-#t)HPJ41o|FF$u6@BXf5CQz{H4CelpFc;CwY~WK~)y{Q8s#?~0Wo_$j znD#<5{iqH6zI#N1Tu4Pr5*kPk)fZkxPY0vB{QE!u2z^+`ybmzfOg>s-0Q{beS`Rc# ztGvgc4SlM2O5P`2vtc#%g^3gZ8Y3UxT=A`|NQt zo5pq3dpv$djL@3iGOn#p{j6rsY;dTCpUJyHYRlxh+C73(wft<{nsIGstDhaUXDj`T zJ*@Tn$1*2Z0sSfx4|PMkEn@FRLtpl@mHo&y_pzU+xo$f>y=nF%`CZeyD6^GGzS9F8 z?*nIU6`bL_5Aof9`3wBv=i+|~)<|!dk|&=@s5Ro-1lK6KFa0IrZ`-*b&iiR?cwKg4`;*fm2=xZ zc}xgSoQTY69cr-Ub|`Dd4t8rD`iRB>u}$)yvQHJ2empatc&1`dUObb0+RLO~@G{*m zdYPC1;AQr_>Sea$OYD-l4LOG`#m^u2GQ006tJ|~D%e-sZM35A(eTz08nidN?Y` z!(juG_#0gd(8>AyNkLcmf{n_YaX#z2pLt~DxM!`GIWvLGHF%i>{F)2x6YwWBpKBKI z`v>HA@Nq3Tb3c9#IzhcDe9pIGkn$JQHDS4Eea#2ai=Aah?QG)D%N2une(;UkZ$GO1 zs20JyPGmh}=J^Qi&(xy&t@7gg1P_kW;+NUSWT;ydite8ckkczPG8f1%Kc|FZ1QH z@}0lC*vtGL8a&JAKU_kcqhjdJkG#=(`#$LLp7LW`_O=j%K!6)=#{E#)I-B2Xt)>}PK1WnV=u9bpNEdGq!O8LzAKUW$BG1NJr*4qx*^5y zy17QqS?sM?{E%Qk-yM_dc0Z0kvJo4LUG1zmdc&5oNxxhtx--9#b>Cbkaf9sVcNZtr zy8nP4?QJ2h(QE8x9rp8Ig*M0@&#c&B*7spqQ?YxXlYOiSd$z&8hrJGSzdEzWlLLE% z7TwT9>M_0G$dTNmV0z>p*>%$`-yt?Ors6sFp`A6Bax;A^^5*iLY5J@#`o_H)e9q8~NTR_x^< zWiOL=fESO$hfBSTT;I&~OTfWq@NOO7k(`|Jk*~vlx?bv);NKn4?QwWqO*cIC7Kn>e8c;m9fZ5eOcYhN6ho%?Us);l(i3IohP!+;jA;&$aj&M zvB*q4KKXd?Vgj-d&pgnT!u0_NOn+TCZn4(6oCa_UK{O_#kV%jx|46 zR=405&TSDn6WPC(eJ(`i!RF4iZ`5HWwQ% zc4&3kt16D~yo-Cy=b6yG`&z#D0N(+tj9sdQ{zt+#CDF~!yWszPp6#$ryB{d4YZ&1@ z(!+jJ?7jD5FOyyhouEMT&2VfIdlQ?~Hxiq)5Sz3Xn^doD(xuoW z_OEQxOovUn!)=p1ZIjBV)184Yu?qW?#K%+i34G`QKYE*xnFl7<-I@S!;b2efpEc8V%?`JuwgK zcJ1dpey;57$pIV0e!JPX_={N^#CmtL-j`YL9@cB@>=j~X_4?#l#nx!-qR>;>S54oy z$y%cJ$DV@UmFHz`j$Xr9Y|dHA=2Y*QgU$I<3wGubWDMK0`+jm8E8*4U$lh|1H)CsR zHmtdL@5+(J)^J~CYgV%VHg{^*qD|?=2hr$I(ty~rPtC0e^T&Edfvpw zJa*H8m7dIDmT>>9ZRtLE*);C&@-I7~rEO!x{&eCW#iv3I6qhVVz(}5?S3d zsjRLKED>B!BflR)N3S`?d*o&C^2`~;kkE7s^z0>uG=6+`h7DZpoX&SABKQBmY!C5p zvx;f`c({k3ts@>@r+!wY;$ihO;$ibMiHFtCh=_(rZ5 znK_615byR7?{dD-&gLPNEzQKc%__H0!Dp|fS!&I*xK9K3L7t>n@m};#Jp1ExC%+(i~ypw;ABgn&!b%i|aFz-_wK~J6LVaGa)hjXxtvQP0J?}I0+q1jU+Yv7sW zdBjf^Ur^Q7vBA=3BG-SDYcGPf!ZYEW;iK?QT|Zu5hYusyb=Gsg3Ho~OYp&}aFZ0V@ zi_OFL3Z3N{tVOZ-h>J zn#$_LuYKE-5m+>WHID`}$FhH9QTeq^lj}OcA>W_X`TmgiA@uFShg#@mIv4PK!60lS z@qT7K`NBz`_Vb0y@Hxdk_kbzg_*N-!%I+mNKrXX$0eoBtEw#Ptfgin>vo>hmw+r7v z{G0i#vCMnq17+Ss`}^OoME?b|_Udl;qNw zkrsKJ#5ylw#`^d4kyd)|Q#$+qs5=+S2IHlcwxYJR+jiHvBm|mT zgSai@h5Wz2^SjkS0bvKlK*uBHit8RSX z*LJS4cH}8_q)4?l4CGzYlyI3 zZTLhxaVzy+#oXROePD;y;M<{7J3L2hpeepNWJgS1`DFWF$Kuye20MI*)^JQ-NdxaZ zO!)^nI|<&1@>y$fvavi`wu={-lRe;djDE%OaSi>e^Gw{W1HMu|w6TRvnL^Wly%&d9 z6bn>rT=Bk%U`q!)ISC!PcOf$QbT~PsoIX*nGj8n}Kdxz*c<5T*g;(T@Bo@-oTKWm! zL~o&wH_=CAVx!{yzTftX;1RDcrRe z8Wt0Cu||X+DjsX?pTxc+;(+@D*yRc6%z9pVEsImqv6A-+-mjX#nqN_1SL=|_u0@nt zOdU1Mfz}V}csGK*As_4YUxPW&gS9_+(bdl(N4FAV++U3i66gKmAbwEL9C>b9%CDt4&*&(tp8%gxv+w~BRUzTa-f?zYeOW;1rTeZ6nS&e#IOePf@P zIrc&4U`yxIHvD78e-8E2Uf2r%$Z8pXs>ZOo zct`y^jqk#hLG&*=8~iHShTng~Bk zMSqMzr;L+5JhvR1c-9xm8;C;hDe#jQYc?3+t{o@PLrYZ#K9fvnUGEfhv=y?<-hGp= zfPOJ+t6r=Z+g>_JZTGges<_2hraQiqeE0Cju6^USo2xHT=3Mq+Nq6BaeXis4dGCVV zYKt*Fc58P-^iXC!9*zBWkm!AdkKXZN*b*b53$)qf+BwGFt#|zG<>1JnVd?zXI66Fr zKCfn+b4sAA;$w{U!>?P9oS9I3f!~><_%ug{FQMF0%E|uoWU`C0Whx7ORhN7oqnF%u zb?F7+>UsMZAMZJS4daAvt?W@2|0Jf#cMU((22X6b!qH7@$%T0y-8Klh)ie2HbEszn zxiHJY*$vbma*>2o{d)H{24 z=Oy0BCqG8ENDX6L#295?ZTt}X#FcZC`*I26=G{2`{Z5z0%y)N8KPSgTKKy9vclgfH zO^Wxg`@N4oj8V^mvVC}8=P$`W^V>cquH&{dN9+HT|2xVzeq1=)U$=(~S1r%N7B7#5 zdVP5;23xijWXi1JC-~^!ThekXKJxF+@y@T>iVi;HJHIM^D|3ErPySf}Pkbj%zpvtV z*?{nb)+tl`b1ig({<4#6DEqL=VoR$o#b z$i+X*X>a^fiJngJk6X_051(`L4`cN6&xmaPxr%Y~u4G`S_=hogW4cKEgZ#+mGjmLS zYD;M0ue|cc*JAwg5B9JQC>^tx+_ETjK1Uo$GPw^v3oBQI&woVTQZ$7wdbX6`6Bly# zN%ZVgE{I2Jv>eYl=?k~~v6oxf*v4Em>K@1X{rv+f_G$Im-&=!Ksdr%$gKemhX7a?!`}mt0TzS%wZgA3`oxpoI7bzbQUl#CJoBP*%?2Fy;e2 z`ToCW%IEGZ`4m0~w>^3F>_645n2gSJ_y6w5^H39iy6nrupIV1!#Gj%IgUR~yh_zxD zD}OIc?vd_AWy~Eim@>p9*r}m%9gxxJ@>}i zR-GP~q1h#jYn~a`?k$muR9|w@?AjcC5zS)M8DKuTvBx|fWFL^ZTSk2dKVTVKxQ)-N zYx0bKy73k6_F^6?@sY!#MgsQ!&4cVNo{vlIFAAFdGs+(_=Y>A$vpX$v{@OyjD^X;}>j(8{M}3n1ir?eJmT#oJ{ndj_zuGeT zm1lUNZCxd?>2$ks-cM`@C+`edkHiXTdoXPeqwSHjJtmOcGtO?!vhgW<1i883K6a@S;}Cxa!T);f zN1dSro;v5JK$kr7{beWSvG+ytnBdu3dqFx`bqfYrz-k93xH*%Hq=1cat(K{>f9gzPG#OLm-BG&vg@&I3C^F8^* z&HKwN_+YplYdyg?53Vdh!#Hgun1eRvGYXbfKY*?DCUtEtD33o`P@Z_YpuFw3e1DU& zZ&CKQ@Xjl=x64WpWRA`Em3uG$QiGlDyz!ZO}8y4iwfuZb`EM%Xc zpI2QPJg<-^KV}{A>R+ ztas2(d;M_VJUDw5ix{`317ehmQ|?6We)8&QXI?hlMqCG7@WhwcLwBe44CR@#ib~|O zSu^Q-LDTSBd^DB4le{|QBI9nFFIgrAy{R!|bk$DsKcssUtMJ-U{g2;fC0`s8TsIMU zx`&Dr^r!W<@$OwT$P(YT^X|q6Si7i+G&}kvX#b4;H@X|o<6Tc4H6G+P`4_|wjh)8# zO}y`wyM*U4`aB+;S;8Dwo$Kfn^50nhLWjZg;tRzb7AxoBCg|S)jc&D)A?YCLPk186 z@6w0wU^8i*7C$E$rJR0?-a=iEQI}6oMToz6vXRJ;jgYgymOjO9p`FLV$un;QXR!?v zJX=IR7t_!17}5PK`@w6;;YByfHdLHFC_Z&{VGDS#cb0q`{5j9sy#>2(i)-6i5qi`F7as zS(svP7{MMdwaNQSdEc{HWlvbLCE$}{aN{`QZg<~SbMR&6@a?d*aw;-3@nGGXZ(D^c zc5#DS$Ezcg0$sTf=KGtAqQ^k*;qxi7-{@*3td5a_(0er{sDW;}OqeS!MF zK>ZVMpLFm&%?C05VZOTG;n^zYN4Z#~@R6`0I4V6KT5Ax0WYhOMqVL=2?Yfhyr&%d3}whXvNN zl{M^>$>;BN^v?=!ue{DmMvQ)&VSjE3>j43DV0ettAIPNH+bNrK6Ju6g(s$t{?!Hd> zIXruf+=;~{j!gfQ&t83VQ}vy6`1)!rvu+b~>w8Z1Ss`0{vZbHD&v#?fE@NCFukUpk zeV^jB`0|AShO_Tw{X#T+$ng!aOx0JJZ;F_ZQ;tNt2?_J7M~$L}6)VtrBa&`*aqg%>sA zM{Hm5BP_c0SDyphnfFrbcsusIm5jDh_h9UtpPpc^$|D~ukq<_*$BH=^cH4o5pHN=> z7L^>5k8^e)cfBn+>LrG_-r6?9j%C%Gy!AlCj;wl5re1IT|6|5eOuWp*9p+i&M8W&` z%oCrZ%q7gvJg{*-IQvn0&#$+B?%Y32Uw3})rt8QCzP(FXH_gIFs2w|>T$m*Yo>>WotnyptfHLP|6=tWOq;_v*D%Hkz6beUdE26crRICyis)PJ z+HAdhpOX4bf4*t@6KeWKj{a=)^~ZmolHxJW{>^kerjq`I>31pdD)D4|aC!~Y=nHtJ z^z`HHC12d%Fg1%u9=0655HGBu%?=paa{qbrf3)pgN_)ey+Pl@)-m(F1?{wNbaCN3^ zUF&P_@?P4@zF#TWGN&ADo)vrqn&w+O%B!0_zC2bti+x&aV^ool)2PbhWNrN z>+tW2hm9|x`hD+$uuhv-`|4AhoRLwo3p`Qz?B6C?E5k3lzhRT~)>ql^=6x{8D$!8tt@(?*|lf|Iq()II{k0!sL zwjCMI(RK}MBDvaFbVk5=ewex|PxsU9LYHnA9yQ%u{9q0)a_hS2SnGoK&vSX^yaA}| ze7COikGifNv}T@rn}f>IBhNu;i8BXRunsdkc%gj>e>)lnVh#-5kb|SATaU3K&l^ul z@eFelbm{3o*XkHC1MFKhCe;SKROIrKKZbVfZ7dq)Z{yQ$8=oFHzCagMj_|iJ)oo+y zz_kIbN{9N}nC`YQec;+)9D%|9HfFkQ%pABju14RT>*AOXucG*E=4?Ie8*>gG_FN4% z9`;SQC{?U&iyA9bl0e>4Ox^0{|aBaxG zIb?Zu8nRL5wox{4ZOFd)Fx3V!K1gkB>uB_^_w-Z#vS}sz=3uG~#&N1Uj#CG89F_m= zZ)23(#;Ad7L-x&k{x*iWZ44W@He}zt>$KtMi1S<>aSXW5d>H#5`3NIV%F#ZYeG?|` z5X+uJ-l_b(f9w~yW53|2$DXzyj@=f?)!&_M1KZyoZAd@HQf(kRd7=rj<3DHf*kxzc zf2G<$c8+uDe%w*hy~j8tpTG6DG0AOX(!jML{rGEt8)vv}oH1~1NI(A4-^ST)8)pw( z8`6(&_}iH6wlVwY+c=Cr|J2XPYdS@1MB~%?uDYi`zvyTFJ{da=TW|pFH1u8NPyB6+ zcE>&X=*OKs4rp8YiocB#w~dm4YXf~3crn!mGFzZFklBKPYXd%vwWQiWX2-eX7&mZj zFpix+^0zUR~-M}I!{ z&pqwq>{!9hfAZ7q0+((Bp^pRZJO_??p3}O$+^wtpSnEPoE!BmrT1Q=14*yp)N8(?4HTPd1!DPDSs ziE#{UyfpR?{x(i?+c<6D_yS$D^C5p5Ty{$DUSKYtX;I;qPy|w>k+9$8a6(^Vd5E2)fxMayqK|R`;N6`6VI5Dj%O_Ts(%ji+&T1* zp`U(6b{n$q?(nxU)@_4+rE+?Yu?^XGxB1%`@3w($J5X)NzWaNpjhk5)7?5~kHmzje zt@MxM6n7lNqy}&tJHO~}W2D>0$boA^_T3798$;bTh7MdCvhS9q+CWDdy@rlF2ECR& zAB4e95<^0zU|ZDZEaw~_5Pfa@DSn*-O$HHytXJg)D( z!o~GSaT?dpcX54o8rL_@_m82#9m6sBqS#HvJw{eo&2KfO;i&fceFc*t1^S3d< zZDYc~wE?bIUhK5t$oK%n!Lr8z-AEg* z>pHeIeWzb$j9nd#M?XfLa}|T0pPTRVIe3=fnS73?S7Y;&W3F?!;tkmRk74s~z~o-9v=VtUq5{gxBc>7+Mh3<=SkXsn)aWe{qNEK_i6t*xBaqwJKlQq?Te?fWy9nl zWIu<`1E(CB2gxHe>x#_Jw&6iDKiiIFeq6o*2MphU14qv{Mt+nRyEvRQqEgR(`vHY#^j@x{T{TEeMf#$x{Wj4HqIQl zHe}zC>y&O|hTF!Bfontd9eaz@ZJg`2arAj!!U=z@;)6tYgYxF%t;p*u$m=fT^))NG z=S^gGa{+ORe7mjQZ;Ltm4%MeFes8Px$F!W^;yH396<6@bFHByU^n;tP8kIdc)wL(x zJXYmBurIJ&WzD@{l$9=terT2Z_l17Q-pIN-Yin#O^??Pia~Hs(u~wJa6Y#E;j2@tF z?kg&dTwurk%;)Y%dFjb_y;*g>)m0T4VRH}4y4Z*86&_2jc7%OB-IV#zDPw-qzCrBb z63%T7=7p1S_Gz{g=V@oJCVLIKtZ!O&AfLSk?0ZXa2A1|3yuac=!!z_ldktDluJSZ{ z%zt;W|HEqPBG22)5BAP2Ql4??p_k7^HloOvm-@=PCb=T!@ z?XD}>+6^uJd#7^d0xtwhmCsx2*ck!sHJ(V$ot`Ui*L&{EJ9+BwtOYHn=sp*0C^xT` zGjODL!B6h}j6=XHTB?2gF!+H)kAyXWDmQc%jufJ0e}j@opXdT*>~{@hP_s zzb)C{I!<@%@cV=Pt>Xl@4u5WGf9p8Tt;4_0-QPM2-8%eo+OIm+E2hufa(0|Qrr)nR z;E&VXe)!|l{jFn|TZcc_q`!5HaqIBsVE3yI=y8!t55IozR~^t}vfB^8-s^82d2Sv4 z7-)a%ILWQU?+f?0j#Jz^{IS3O)=}ct;a}(OZyjZB9sb;~zSUuHPkJYfd#U{ssXY)` zm|0VNc)XlMJiy?kMZB^HUUKiM!ArlN(zm{*@p6b;hkq@)zjcgq>+t7@^|y|xZXNzS z&;Hgi!mY!CZ#zTbpS)AL`cOUz6x>9i!bk{JBc~ssp}0Lv_H{{(QCm)-lqp!@q{p-#P}n zb@=_#{?<|C*5S{w?|U87SqInNh12-ECF0+^(6>6oPo--deIuX7v(YQri|fui^q%PU z(ZBZ5xBAm{eA=z!(?=_N^kcYNhd*}O-+qjB>+r9o_Pq{=-W4vr{V}w@*MXnHSf;rB z@aHh}w~l+t8p^|y{w-8%d^v_}Y^1^?x~Qn*RF?bf$wj&jB7059thrIpR@wuKfFUe*76@ zC$KLWIdSa-&6kO3&vWKc`*v30H+t$WnE;Cy|SyJox0h(om|TKCtEmEhC7X$@8%2+ovob5864(}9i3Ie z_x0b~Z_by`8*U{Zr`(G=Cj}k|a{gBwdIpEM=XHcB&+|2u57zLR-&XNC#b+&pTt0JR zJ3Ypywb-g0;|up=eAv~|&-QP8SNC&#m;1(dnSXqZMTZ|BYn!Xi&oRE1co z2E0S@#$N9PVs3t|M24^CpL;L)`NfDHB`j}hH5V}GG^9Lk)bfM_yRtCRrn&i zTIZx7t2(1Zd!JQaXEZ%Dt*aq2#hT^N@3>y*H^|V>$bEE>-AY}((b3_TQTECGq~jy~ zq~pClI zA2xT6VYfVTSi11uBGwOk(xoVcYlqXpj!ati?0(YanSRn`vyU!~e!4`DJ3L*KtHiou z*7$b6+|sx4IeZtNjlTXlYU73cT}hhTy}TI_r7 zjMq9|aOr`DA5q@$oH-Y8ntj?IGwpl74Se=fJ#FBXAE)j8`#7up(6AFz_HPW|B#sTK zGu379$FX~3*m14&d$V=vY@Mb4(kak3dY-MbGt%c4g_`d9FYesI{?d6}ZP>o%UZ4uy zD-uo?GUn$w3vdCb-=xVTZ_ATYj+4bo1i0o3A5=PD_lW6iFV60L!?Cknzk#}2xVNT}`$bylw?)5Ymv?vPF(>(3 z!;H(KZ=PS%PJf@^yUuc)%Wt}WsGYgm!#uTcACR@I!rmBSZM7^tC;zzQK*QBpbJFq- zb41^@zN+zrp-rNfb=Fs(>^Vo@?8V-Hl{NlD!^WlOi++h`JX)yVy4xv+Jk_~(tz3LQ z=Y`@|whqZ(SIoI@FOd_rg}WOlTRxYwoR@NU!xqk-Lx=2sIXc>Y2_1Pc@}o0GUq(kh zfsQo4fvxaCQfHE5SM1i^4Nq*_-w@)vS4TU%l7MI08S`Au!++wsaQQ3T8MD{Aef!JS z9S^;26|X1=++*%*=zu<&#{zSvlg>KloK5H*Vhqk%b-LrOplK2J)|ff1cIPy8R#vE~ z`Z#NM?G?v!rr}q&Py4$=4S$-ODI0&oJZQ|G@9US16*=hsM3#T3`=|~LOZ$iN1LY(7 z`F`WghZ<_3VJ$S2eHG=r7>5UQ`+D;8F3-`n_ygC@{PX;~LFT;up6$1?_Fs=Yz5q{G z!P7dUN`9)pUz`6^cVIdECz^`33w`#V&fwBn>pBB+II<{vPA^%zXmUX1xz41>*Uk(&LEfhWAxx?X8DR&Wh__XVE?5_fAmiWhm=vY=Pe9 zSxx%cMsQO6srwZ)&pW}jQm_%1fxtk6(Y^J?h=-5|$%*)aCK;z@J@Lyl?@yAp9j*q|G z(vx@pH{jzK(W4*uSPxD9pW`F4EPNC;$_8|Fmt!Y*_?Y~QzT@L(JO5|!aroi`4ZFA_ z(=UrNXxopE-}`Ov_;^7M9{VKmF{1lCd&S3LM~#o8|Jjd^!|YE2A77954IejvQ`cwB z$>oY$7Fh|=1jgKSYzrNyQWJ=%h@oPEy{z>8Et4C)) z?#|`kzV@3V+bPO<)!O=;FzM%8gIah6TFdrgajnc(G=Y@5=FrOdLwdwKc}TVqpt zci3jyl*B&HxAT#aESqxoG5XoNbNSh=H3u5LT9v{~;=0r9J^L~-^Lpl}H$VH`%{}Gy z%US;35$s9)=CtkT+LQ1~`k7}>j-sC~UT({>CwFg&oGZNC=JU0Qb!GV4+g`@E_Suuf zhMap6fAZZFUYdG73A|kU_7U*1W}NZ2uLQSF%9@YW%tvqb8ac(v1c$@wdC+pqjb-|_OC$$iJm${cJNk3k`JL&&ZyhOfxvoSrq zteMw$ylme4KZBRIE z!OQYb#J(&iwtHCr+r`Vmzdh9ObH?e~{6>GxVm^Aq%jz8TKN`HeeT9dY<$cD>2|3yx zXuQ1R*L}y!y%YP6m;b%7C*OWjc)6T)xub|r=Cm(oiylY7%SGg8dGX23&?L&;6yhH* zK3PXT%SJaQS!0ENWVMVx)x;LbvInPpG>O!}T#V-vn#Ztm1E_qCFjBfciiXl%kr$Nvn*UGz5x8j=;6GPQ`d{TLT} zt9Ok1LJnTJ51Y`7KW{yJd~x>{=$92= z8#-$!6OJ0|s>vNouf=4>UY~Q3~g_$@iT|+kTvT5_PEI)X?=LZ*UO<|p>=acY*TZw-i z2J6<>x>#p}H&nq>Q(TAhNyKTMs z!y(DHYyxrtj<%%CZ z|4ZlrEzJ5ec9_YJxg;|`Cct{XXWvbQCK2*u%$lVYus4HUkF)+4u4P^LC!)Ox!?u|8yy_feR*2@H#{D4avO7E8SQyF zOkpoyhV|7LxhL)Pzem0d`6zqHVIp59jb*+Zrq{1M(D1;8nOOFI8{ai1@eA#J30n1r zWgma1r~Ew9i~PK5@|)846`DH4gJw?Y|XBQw6s8NYCmwc_+hO++Lf!qytgyg{a$ZoED6Svt7T=ga2=H?u24>aCM-ujAn=S=83-c{!4 z`zL{S`|F+aJYMBIoI}G#r!ntZFmEAzbQOQyd_ZAeYi3ShPRv^^n!xWFIX72jV&2Z8 zH0J%Wj2K`M``9Tn9^NZ~_bQP!`FV4X;+S54tvAmNB^-W7XK|W?aA}2_`kXG6_uak z$KOk_VP?44(F!Kkf{C?YVl9|B*W@RfHRhwj#Jk8P5hi-|d=j?exgOSgIf{kM$zbGV z7EAXg4iufFoU>$*JU``nDWB8Sr~QNHJNPF%&XJi=llEhpeTm>OYY^+L$Sk`; z`F3DmfIPIy3dNSrvcb^i)!JhRzGUpNUBKm(nBf<21WFmZ?YTn2+A{NKp>{$d%8uwfFpYcwka07Q0hpD3+tl+(=#@>x z42@0T$(GM&DI?dn)*5cs;%`PL%+8|!2I#MG=gRH;?qfaW@yT5B*oXZ0*b-xpudjuc zeT_dnkfZ&h)JN-ki$5e@@4G&_qO|Y&=<_-H{z>Sg{jH8YzV8ItQ0epaVzua`8^C>R z@&x)wdx&&LW0pOh6BEB9nt=U^i?)$ZY+?`#GchrS4)kIW$3d5xv;$Uiz*zH#x zXgH@l6N|qc<-2blPG%l@!{RNE_QZzkeAr;|Px^X)YrwfL{&ex@h_t_04^Q3$UF!Jn z!>bKoRFr<}Jd4cvIo{que_Qf1=cgsl+96&s`ylWK*5D81;SZSa(b4EhY%%uouEEaX zx8}#Ob3A;m@;r<2fF|B)PH>N*tPt}*E?eWuf-3}>aS$S zKOS?w2Ye>~v8^tgT#JlH@TIrlb2rN8M#eYdW5 z(*HWfwVb$J9WjKMVhHrPjDBg)T%vHpqxhb0m^{m6*8Tu7;KkOZvs7j*@2p z`d`n*UwXHVck6k#mGe(tfIgf2cnCdIUUaztx&$XcQ{Iz5(1?%i{nq>(Gy~6KV1V{v zdiBWue-T=&ffkB&OciaX(sl({?$LyJY&$gOY>niT(AdzGaS98y=Tdtl{{fmsF(eJ% zQC@Wz8>2O3w}ck{O8b+0U=(e1cMoCDttZ-+8|Ej=iybOz-hOKb}ur3Z6?|p;tDZhnd??8qW)r zqlAo@vy$MOBjO=6>=T}YE5?s!eoK(ePYTc9QqBYNE$ofK??>!Eyn94EpJa(@@;_|QIkn4OM@ZXQUY{BjS3o9n_353Tr~9;6GHm5_dTnSA>*urUb!3Y3w~Q^eTejG! z!^p|fZ}yavb92}~iWePef9@v6(VKtr9OE$bC_eJ~=p@FZv5AfjR`tu|HTcAUgp2c|n}Mdh1)$i1!Ws0dryY5IgpEl;2 zR;Q0Ko_VqSstJ0ZGsAc{`@Pnz_k>}Jn+DwRyy=?*um9QkKdlDv z@%=e+K(x0wk6gV8*vo5l_6>8RIG?c#-Pqp0P)>R|atiULlH;A&UaPZ)*<)-Pr)$G_ zef^I=WcAf5vd8wbuj~8R*Sr0F4G+!iE3_+B|Dd0E*gNwf4$Z2tQ_MLW;HB(V*;^em zyBeyzb2z}yD0ZY-H}THlC`+%Klq@*V@LS3oI=OpktN*ii-Ft=0Td~2kHHYP5{S1u3K1wj}DSsb4_n*nJ(YI%5=qX(dCG1&> zQ^u3?naGgVkYl11{5PT*nL<}6rrb`wFR|9<@Z@p!cPhA3Ks*JHjfW?z@Xe~>HDVJp z+rWJIEZK(c5pQbGQi5l~z){R&UWs#-n>mkw@80{;WA((`*Knpl9=tk-`j${%h`68adcWN7HB{#Uf(^`C|=kcBPfoXb%ZeCCdy*Ho>F4HqGYbVcS8*FfWpEdYC zgH;B<30rx=_`s#J7hC7fQW@zlonfQ0?f6NLQ}#uRvm<$S=fAmePFH96^~~ppRb=Qq zt#=Ry55a3be_(yeA3(Nz{=ja3C;NjXb^84cORZd(R=i=HJAFlCCWBo63Hw>=vn{e$nd{5yT@_!^; z`#I$^a7}zATN@sbKbnd;dg}wO&9uX%$qVj0dh_=xxfcHQ_z--Q2M$R7JsnbqAG|TO zev;R8`?s99tjCvs-wTb3p%Ld*8QJsOBk=ajwk#USj}d*87xE8TG_v_FUFE0EgdCWE zPk(8HEa6*c_yH%(NMnF(&Ffvd?dXO7_nG|X-tz(Du8oGiOP!bH(KY+Ltmk$i56odk zZVWbyUpL2m`Og!PiJE+CmdBH=%AtdP!nz*xhCht1rGDw!6uo&~?$Mjy#FH~cZ`wT) zy{Bf=8+$-@fqY5D$5Xr*>Y2ad@s50fqsb-A(6O~?9sBQpd7$BT=Fo44#eTzgGdAK# zw6_R4_oici|42{lSj*gd^0FM9&WZ2XyfNcfgqluVl&M<-=te)b3&Z{TD_ak(JUh*U z**POGz4_OPpY&bdT)`M*pY%mvem+Ovd($_|v(`^#m!vD~WcjIyLz#ZG z=MP`#w%?J1UPtnW3v#scYA@}Sx$R{5!$yCk?M?aFL2O9r4-u?)WQ$K7Q=)?q&`LiRlSQDrngIpXZIEq?pMv+p&SGX$w~k?d6ZCHtx1 zhmP)&E$o-U?0GhricR@Na?m`Ra*@u`@?y-HHsv&HE$64LAy>$((^77a!JYi34#O)2 z<*2ta9_2YH=Sk;$ zPj7W?eovRUWAgIpyz|n(;v1jmS1YF}m;LJb*G^7iZvQ$~LBHv{)}itkZ$9HKFyqZ* zygIkCpy@9euky#04<>!@#YeTKb$wRZi&Yl-DMl*a*_8F>)uTxTV`l7{bJ3)`j{5`V zp;xPU?-JhAXK3cFL4yIL!igS?{5_??*#%YYgfJ)`7!KaG1$WB$fDh|JAU>jrkcDG_g^cB6L zd|t!9t_>R@w^8dsrTFEgjnnOSew`_2A3x;C*;_gI`99O%biTitC;E^}-rgpEHx<{= zJVHC^IL%{i#yp0aenDBS|F+TJ$**M59A1twce3SHr)b_&7GHDwEm`bUUx15;hMk(i z3!R~8L2un7AetIF)u&^>n!{$d-gk4*V;^?B-+t*YUXRUz*QL;?0v|qx56@@g?+dRt z(s!+sYOP#nOIBIu&hpB}DO*WdY>tfhwTHXI&+j|#F3;kJ+uiZE<{1B0L(jCnl1zIv z&{|spIa-tzd+_vZty}Lq)a%(J%ZG}dX}t8-pAuKX=kvjg%fg20wO>_LE zJfG*pgHt>=A3y#&o?q$gB{BXG??zpIx~Bsf0XIzCjXJ6)ICa$cWs5qhYMeU4JWti( z%GQ@vhbxDT#66S?^DMbA>Qlgp8}H7D8`H;(xG~?)Am7Qv?tF1$6T|bzjp6??m7`td zlQQq-Y<0U;od6hLx0e{R4w5|M6BDPoyV3og!JNA~{$zS!)OW7rSId8E!fjP*eM;~!_IycohGds-uTi~(Lq3GMg?Ki_m+?~oz_4$Z1;ejsB()aVg z)$oAdNBp%goq3k*XY<6O96WKS4{QAKvA+0=Kf)I?G^#n>!~&1xFP4r&4|2}HCKI=0 zU;mlC^Y5%2eLWg~@y2ToHI&h=&WBLEGIn@>(af6{uUsoy!hh1Gx%|cd9^HR`(aJHd zf%X@#qTj+##SA=qVIgC$!Jm-7;6E?{eM{we^GrgI*UHYwpwaz zKAqc~UUU6*FFxFMx9z>X@avKM#joUO>qot`)!??}_ZPFr^0$oLjqZ@&m4_{rFWZ&B$}fwcYoy24f-iT2du!;EY-!mA@=0Xx%P%qe z9_iOYY@R4~OfFx`uS5PS$9(^~7y3Kv2WkJXKmENY)!#z=L8rfa-Tt=W7q*9rnzqyL zP2@S6aSFS!Be&pBX4vD5w-H+S$0dH(JfvfKnf9!IyeH-uZ%+TK+TCAhe9kc`8#gA~ z=_-88h2VQFbA>)_tLAeBIb>jdA@fzlymgp)D{6|;*OZ^h+_qsqtYvI>YiyKB;A2Md z(_+==w+bhZ(UkGeGyaxnCVF{(UHi0fa*sFv_yY4iTfW+jXJ+XJ`JnCS{5|*=vK`)f zu&12M7i~vJ?*UVu_wj&dPdf2|w7=rtpPZ9l=~p(t>fHPygAG0TR%h#<;*F!e_c?qj zN8fY#SC<)oqNn|n2mP074H}+@43sMrW$yj9CB7s! zukj^!mqw@C*Zi_~-FZU}8f34ZTxR0`>G?ALC9wieU-;uWGj=<+xAcU3-A>lc8wZhh z$>%QQ()gS3>r!D7GU@Q1Vmp%M0>hii*-RkE!m5-n0Ke5k$J)k8wsfrWpTgkYTApnQ zPqvl&Sxi1{BecDnXD`=GwqG&N3Og;H-NUnvmdW;B^Q@?|1|R8Oo)yI=+k*mncTi^w zI`2N7P2M=!o?@OI*ICM(s_z$S{U5q7(VR0^ed+rL$Xj(tbLhl+jK7Rbm@(t;bfDJ~ zj9IeX_@~0zW)59`^?zp1%kJ8bD(tqw;qBl1+@XfAaBqQY*O_^a{~~jKC71iZo|en6 zyE5p>-|}pKn=x68>2Ut`f4cSkFZH)s51(b9Lk{X9HHYB z>_IQ@nQE1LwmbY)zGrHrSG zz+<7oO^!`IxM?u$N~YIQW<~5g$_(x-1q-Hv0Y*=PrwM%hJ+)QT9j0!{>fk2rkw1;Q zIMruwy~{6;(a>>Cl_xXi$VvA2aXJIyc>7133ok6s_N7w#GGUc>FsFO5$@ZZa#8X8+ z8TH3;jqXf@DNmok_;L#c#nuf$XKrK9kifF=ulq=lQ*>D8IZw_g9fb@2PYXRh|aYohrO{=Wmi zYA*r0Z}%Fj!d?x{>){>QSmFnVp7|#CJ`o7)8XpYo`eP`x>&%b7et#f1blu_$tR3$> z7AXG%_E2ZNl{}MuFz<$jHgyMrD}&(IO?lSqU7=ySh99bXcz7`U&~$6~y1(SvnY6jE z$lAY)GSl+H<&7j;=vkrd0^Cras2Y2qh&|2^Z#{VFFU&;SY`ZD#Sb@%^aGxvA~2CvIWFKGGuYWTLE zwHtW%oyRK6|0vrFTEFmd^_y4H{||4f+g=wO*E#8IYr&g?!VlG*V67~fZY}sD`u1IT ze?KzNwT?cnu##8mev~!gOfokfs$Q zSi>RS0(Q*y@G8c<3`8H^fqz72^+kR7GVMQIU_CqX+vMb*XLXG&3)m+@lZw#D&M5wY zWb*OJ){b@7$aUXZcFVzU-7XtCjrId@K1Ndkn~X*yhDAHxaMuoCiN4 zpONKL59ZTG{8nU^Ha{Y-L(jeOw}pl@^^jq2zIn%^*WqaVr}^RJpYKWcUs&snWraKM z7l_UqtmKUWjeR&a&M@XT$Xt(Nu8WxW5!iY1-wLp6hculRupZI8tDi?r_YLW}*F1V- z5&ad<|08pHhBfs5fvDf(Esw6>7;f$O9y0K6$iUmdk)1oqpZ@b>%vY_Id}jj~wvhR2 z5T1;NFUK(cu}v#a;LI0y4_8z?0w2fMF>lD1azFFqYu@f;X_q@32y90J7WLXmbrX z(T+TADGEP?fBf(oE1x)kY|^}@xfhc=aR+%M`_#3CKYWkSCmcR6~jDFUVe~XV`a=kkr4kzc) zSII?!&$H>HSH}2L(AH1a6n`MQDLv=ONCPsm5bW4cS?3ud`<0?yqA#)jaza&!Xs>J1FneGq`Cz zpM|+OZMGR!^PU_w+hgm}epQCeHX}m$Oq=Zy?wpjJ>;04ewLj$8Z<9~OehX#VZ+ly@ zpinnf?gjg6Lv|OxC8|Sq_HS*-Q#0EtS0a9ijf_6KlCs7=$}{q4eAyc!&GKcdj>ugyx@ETOLM?&0`9Blv&9)*o_zKq+?{mtt?n z(2G&*peSvAndgh3Luq8X9ea>x;Dz!kYS8OJ+7u5e#vKQP+tqKdnYFVn>$Y-xXP)l0 z%(D~R6{bAx*Q(t8+R)rG_b8uaKS8ctdo`F0&YT9m=#JGb;LBRAIZ>b1oV3=bHiX}& zl0zgNR7Ji(73Wh58&kPAA;;!5{2uPbE_TZ(|3$F_;{$=0ir*?{=F#fz2A!=Fht5%K zgDCU4^5X6W;v<|#G1;s^Y5junFZjc}a8l<9=}H_!03)+vN9aei++i8V26hW!!uxkTx2?4HVU4|fdaxb&4S5j~C0LVod9T$n8YrcPeAY-+SQx9M~~6!aEV(3G+^vcfz~_t*3^Q z@4Nd{J^Vm#KSa*h3gsY#tUB{qIR?To{TJT)ee7(%KEOMEKi`W7O*Z)>>3jh%_CUT1 zvU?$ZexC8IWy8td(_hiE1^!w~8LjhHAlCu(y8JxPXU6Vw?s)cM9`G`L^LqKsLDt#i zH^0ky?xydB@WfzvVi>flx5`DYa5lZ_!{xd5!|gNuPp>C<{%uJ6Vm^BN-VnTl4_qE& zUbH51=4AX^XsmT){9E05xZ{OD(X7z=aB>3n)f(PYtabx3WHF{PE3{7aY_<;0uEFPW z_{51TkMzbEa=xeKJS*;8>x^lze@wOEa_wpM=GU7K=l-U2JVbprF<1B~gzw<>QJDHX zeUx1wojQcM5iJA9TRYTe;p*un7XjCBhRwC zvD@w^zWUT{Hyk`EAD^zfd&i)e;p8fOypCe#2wG0D2CW+$s4BfTWe zhA2J~!_Kb(Ta?>ZYgy~mUUolpKIb0zy`vahfDXY&&=H32!OjSD&u^Ji4#v)^EXH#Cvv>QWk!FX#7VT z?o}Nz-qW)(z6%2!JH(lbtCofb~shs;hUX4Xy2TfC#Wa$;sh zOf1_I$RC|A{lqGsY(w zA4%WF&^P!r`X1{9Y`b-;RmJifk94Pnjpa8jk z89BZlJWvjcu~D$0rc444&`svN0d$b@!5CwEab@}A_@xEN+(dApgZIt)L7~S zyl_7>|NXyD&bRD}KvCysz`dW`w*25VgB@j-`QRczlpM2zY5B%{qIv_%y3i9TbUz}&n zE-rw?nFEj=jy61}!qdFz%!Q=OeLN3??m*iz&|=XI`zrdszRrk!kucO6+g&mKB$ ze?vRGM{FD2f{lg#(b`vna>_?7L6)^%EuUZ zKKb+WV=FoX8W?-NI%wjt_mLz1esx|(Ja#AX^7z|Uc`4&FHg_Uq7k_otQ?kW>hAr;d zJ+fIwa2AkshitW!4yn#_&L#nGW#j#VGRo74UlmSn0t1y--*s&`IW8C}4{pNdC!UnH z>4T2Fp9t7pJdd~b{4I)27psORE3qfB^TE?+Reu{}i=q#ry!Tsd%>)?z6@H%s57jbn z@&Vi44wpB=JIZw{0pGQ5YIwryb0Kpx*hv)YCQO!=4H@>&m;%+;7Z z%R_A0=Hi!+&R~AALleU)lZ!M*Wd(LyZJ|3yd1j8{JY$})Cr`JZBKD@ai6JBLTIKp! zqx4Q9^-gMDO?l&!@%y8^7ad%gj1^Xrdsay-!;$G~-tUz^TMM1J?+pvQ-@&+8HFUs)rVntwLlycW;?&mZ2_!Fcs2l)ma zH&vEL7eWUxZLj)R4OWOR&p*L?8w87jdezo|vnuBfd z;wtFu@!VVN%`pCa8Gbu$rsvf4=Qrme-<&bj>Ys1tw`c>jc`Te9syUq}`iJa}D&}?@H(EeBwODv4L>}u^S8xc_!ZY09(xL9f5wb zSMwN`+Kjnp>yb0EdkbglVRw|D#@Tx2J7?={RGb(-+2Y1`wh-SjzriP)_)Ree*&ZIR zJWlS6Y&5gq1AWj!KaX29 z-0IPgF~#Y#{5a83d4!^6M7|yTJ0Jda^nQ-MA^Ymz|HUaGbsbq^PabFcy|@={@q3R3((U$=cZn9aMd%x!AN~xi?1xZN3qpw zeDAKNAKG(&+F#Kx?7|pviFgP0duO1$4O`Lp&)6S(uo2}OwuAMu-BstB3E|{p%%vZr z^YP^k)?-@<>m&4g75!K}$?3}~`X4<>XGfLV@!EiW>m}HX&_4=2Kfpc2KETZ`e=0BZ9<;H(U0G;E2wR*tqYPSvCiqCf{@03_$CeQ{=mxXmq&$%nz^q z{nd{A3^I2HrSp^J11Lw?e|B(``7yC2e1atFpoonLCd=GI)QthZS%zjSU(NX5*u5;0)ysPt0iCdU;#KF`NLw3CNVfhX91zl#J zuwsdI7P)5VU%h7`&&!BCR9S&t=;&Q#AJyOAM)`-wN*+W21U;2F>67%wJTz zFqoL7k3T$p?aalAsa$bGJ7_QerUpMagb%JUX)H0GM_6OFB4^nSokC4#awp~stfv{@ z2pa4$`iL<>%ZS+zH^kn5I%m5~Gxa2q<=uW+R$NwVT{>?yzr;JAD!*yj*SHJ8Eh}Fp zpY`^O!Hc_*|2XaFOf~sE!5ZG-`*oC;eKeOoZ=ugoFz{k9{^gR{cB{qs!3M1*di|fk zJ@42ev&1Lji$>)waYxNJxF075{SAFv9XkWxYdz3wix2$IWsCXWy+`k2ANb4o=VGF7 zE*gDvVe!wKkIClz{d7Fu#NuzUn&FXV>6Q?>OR=c<0m~N8EMhNjDgMV#xvy`0fi>Hq z`7rwtXdb&I(j2g?<|_JMMgN1)*`sMSv@}=>juH1Tc4A(by7{hk(jp)IwN|OM4FCBh zb9jFVbKyTD?867(HF)t1?s@R~W!5S2HOx8s%ykqRE`?{H={AeK$1$E6deu9$_T~fs zg!!0apY5Lyw~V2w>zlk$@A5ak$umBh=E5KO583#q{W2EVRf?V{0Xv+&Wcne^ZX5o5 zWUciI^F03t*=!chX)g6oeBq5z&%OB_lx2U)&J^xRzpAe7|NdTsy@h?#;!F6;?CnN& zYN>ys_PWEH;;}e-U-rcPTYK8XlKThTKF3{}82csUoF_hcwCtBrX_>!)wpLhRYz~>{ zxg#^vQ!;-Ryk=wvJTUx!lH}t&`xWLrhAbKyhC+@n2X4n!fZdEs{rwyIYw#X@>|w1p z*KhNF%TVjth>=C?7qDOZ_Wy(DR@T|&I)82hF}Nr>wr$Yrci1VR38G=ZSqp+rtY3ES zL)XX-5nq$1V}92{ zFNWUIYr-m*-YZ0J^g#x_kuSx&{Ll8lW1DWf{-A8bkgF%vZ_&k!0~s{*fX^-_h9tUZ zkB`Qxb@sPe_v`$)dx2j+t4tL+q#jLH-?sRmLzAGPiLcU+FgM(jc*jJGLu6Ej}^l*i{^8xQ6=?G-hIGyS2~cg&$|G?}*o5U!B%* z7yJ3$wKtZJ6~FhiH)LaI9x`+sGT_X^v=qPp{ZsoJHjT1o*O;~bDfWfrUrSGdwO~}S zU9Ru&BX)mkkML^gDdr}Ky(`-`7zJDTzFj#z)yxrm@qKtjc4Q^E9O7LsmrS@CCI%q= zCcV3bcf8+UxO8*VTj_*3G`h9?+Jgscjw|$KLKWKgzuh& zuU}-YyIBi~BSY>3CSPP-go6xnyw00||MO?i32Kv`XpEa&c$c*}U zr`lpHUR%yNDpu1gwDBbUD;-;~ZYl4+#Jd%DT3ajb4Ddh5|Ik*+kJt7!+_B`Z$Ml*0 zk~hfub8+W==*K-^MwNkw98AAU{0inDCPkWX&T@##*Bf5ktvRyN`*1lFK4mRKwIVJ8RjoX_{^a|^co1Z(A` zd~QL%MF+E%%iorK=daN>)$aWj=DhQfX?=4O{k{dg_az5^4E7j2B`ztupk<1EZsdTY zC*aHYP2lu(l)WX4yy^@FVQ;$Z8I)aAgpEx(kM1?-3ys(0*0^_D%pv|}zPoo@-kL1#YN$2$ z(VcH67Fx+@E$fili~muPT^Ya+N~AIKvlktJe<*`K2_hF&_&&l@t?SaxL(%zQ4>J9` zI}ez(h=s^Mx@CcQ$-nmM;q6Z*I%^idE{jvlqZHep%< z%$A*!kNg)R|F2NzQ^Zz_cUmi3v8{^Rt(EukSA1W30&$oLlgv7@ux&2=H~O7AgeyijBa0p;E(PN@u-5X2 z4_IeqoUFH|&N+~Nn!GBlpU(5?C)uN0O+H0BUMhRg%-=X@1f8^=Rl^u{hNNr-`7q{p z==Ivn?uJMZz8{z7`)D!rWsYPMwG}H*rMT0}n`#`s;n7w6ms|*AwH~&en2m!Mj{WV| z@xeJ^V;@L9{bf9#CO(Y*jpRRL?24qv=;f-u;=>fb{W<95-1cW2T#(In-$~YjC^o6S z%PviT6>Yb&7RNk4f3LMN#{H=^qveOru&*H>Q}z_OAz(^48NW50+{|6MwbnTF0scOi zFk->`4K-TBy}_~bqu3oKjH$bO5V@YmZLLJU$n{)ray{oe{H6E2`j+y0fOVeI$S^yG zyhoAuh~y7{abpPitCjrK8Jp#rbIIw1_Ojg_yY?jeEczH@E&}kHXCsutYpdY31a=hq z$mkH`EAf3RxhbXSno{yP^-R2M=b4nuyZQdgFMWENAg{J)ysEnWSors z*`8x}?l=u*n`+Gk}-`t0A0wn%AgIn1z(WAK)do;y*b=G z3i}FN_juxgD|_P!=UkK@GVT;zrZH||s*fk4`rY{6@C0(I_@bdpiYL-^`Q_|1Pk40s zZa?WV;Rtj|Oq6bvzu%K4o(=F8bx8KJ-O#$p?~Xs+bZuyKCa#TQ3G^qR-cpyl_173 z!CH?_-1c6cwVVH4@2$DB`mrVC@vQl1{=;jE^496|>g(`Pm=9;Jbw^F)jmJ+T7YE#{ zn`G?|N}nM&;*B}zN3YzNPg4f_SpJ^j^XCF~6~9jwzM~KHzRoewJ->VCk94baQ^z!( zS=O#k^S>jMzpL=0d+y&$`8KO)T@+m^+RJ7WE_b}fdR&n;^TX~9Z@f)jp!Ugipnp1E zv&v;xOW*6Sp6#JbJG`Z{@fD9&UgVw?*6n*kpKjWFlXd%~QI@SeoOR^I#Tk>)q2xSh zY~GmSj9YCh{%Fou06$dsUixJ8IkLQOM)kk_o*bG%%S!)kGWj!8Mp)&_pDH3Z;8pgz zO#YN*@1yT^e#23ohE&hzF#d`2TtP~ORi1sJG>oYtvYcfdy|aM95m~s z!IE$aix$gHWM6U>xG9@KewaUx!{B=p+`+d?xEwXik zl}yx9H~LBPlA@i#+2idCz@r4bEB(0!8(Mc*twq<@@*g`s<6b`Luh>HVV~+BxK?shQjY+Lus6!U)2eNVPZ93GCZWA^ zZuHmge1A#vO&#Is@IH0;V-uCy3yv*U;o3)a2?H0&p$M`l_R+U-RWK8U5_y+2mP0@hmurec#i; zfpf4oi2>H~S-29v0e%Emutj&Qc5y)RBa9MX3j-B5tVVvt+mapKRaE23&2f|!?~NCa z!_%7gpj%d-iCJOpX(`c>WPvk9cD3RCvu>6OWk%$XiNQ$ z@=ScldWl&B+N5(}z^|6g+@a!=SB+0tT&Z_tyIjIJ8K30M!M7>)`P|hKg)SLBk^9~Z z-m5X#OPpFfdI{^NZh7&JeC)ChSi5%1PfV5nRH}R#<-x$r`rVkUXeZlWvgKjS=u{np zQ+1p`9l6FOyT$N~+ZV4Nf1O9nF{@tP7b^QUQ4I~i>mgkbBIYj?z->F#LrY_TN~MQTDs!(8+hNIZ@vy*`0jHA4=^n zM>d>2Zo)0K8wL}Q`=#X0ym$dP);Q6wN54)$Cc(X#A!2ogSBVW=N0~PIR1XHP4P!Up zYn?{9r7DMirE(hgXO)M8o~pk&(j1yje%n0i?_!<5Bv8Keef~}el;ckeDxi}i^k=H6&AV$0m)+Cm#GY5t@eYt`$gR$N?)yLJR(@)x{ zhPP_-Bv;Pb@UFALEy{+88GAUynuQr_Wr>4ZbLfW?<8^TNRK}xmdFAI&uhvV~f^$oG zcP)Kw$1dQm857T16Aq@|=lRfF@1qOWf^~{7OJ^unayM95$oSSoeDCx8&|0VcO8l~F z^k$36U)K6?sA&xNT;s}|na?2_tK+-DW3#1u#M>jNSNghCdY3vS%ld6GbG-!mRDhe* zv%u5Qk_jia6l!|((7O#P+ZeKDEu#El%5S308l6`fJ}Nb?2I~O=Bt8)Lp zd+!;B0TdJz4Q*x^6cH863r<+qLBVPVa{U}k8rgVR)W;xZwJ z@p=@GaX1|Y$27B&w6e5vU*-a$aaB%<{N3|4z+$EZ|)`PZR4F9OPVu!m&N)qkFi_6ulw|!*4JGb z@O7T~XZ=%K#O=BE{+#_z57@l4eKxz_zS-=@X6s3@{ppeT@h~{l@OuM(J2HRHWeov; zjxGK6$k3rDYsvdfWN)mJ*pxG3&sTFlKIHj1?=Jl&6|&0>ja_XSv>1%8IouKhv9%*? zeQkx0V`3n-bVTD;)hlX^9)v$GAC|$@^UQjK-ceCxz8aYiekUCDyzE5wdM^I?^vM6L zctZI}+g~y_KbZs;@m1@av&gY-tc%3dGfrceoa-kdv7d2{#^7IT^NNBeh;zqc%U6f9 zYTzAj^!tB0|Gyq({-=*Je?C3(Kj-r!|NHmyS@BkoU-_T2--$xm{*m^2Z~4!E{&+s; z&gFUepG~|OvFB;-8LIvQx#wx(-JV%nj-ek%Vh^&u7kT8`j$zVw`3G_sA66W2QS40K z(^{ii9Q?B4uksP{p_jxS#}*{8%SMhOC8nMrYW7^m#{Q_fkUci1n%K*4Y$bMcrFzx4 z{9>}(#N3#V=t_Iw|O=;oA*&aQHTCZSF_(=5{q;n zXl@$dJ#q7gy_FAz&W$}3;v7#T9HW<%e~#xwbB@QHGbipb?_nq2`8f4Aze*Iv-kL{` zmW9v(ANMBl;#V9suJJOE6a__@eSQxmskW3izf^$I7nb`VQDUS;?PE#-q=6= zcjI$;H%YuB4iECq)QC;Yy_OpT6}A4nja)qTOmTvI{4;!Zvc5^YgC`kVG8p_>5B>Tp z0b4Sd_orh^oc$PsZO-p?_tl&H8oc&wosY3i{&+vh8&Cc6jx^qa1xFrlbAj=MQ&1n> z__qE#d%o1&{$ufSUpXJI=(2p-cE!MQt zY<{9n`_o?7)>5MnvK88sN-z(4X4YBPsV;D|a9|w9(wZ#J9G_kn$SaMGrvGEKtDo`5 zDdCxc%uT^Zesn5V+rbF2l=#!!V_FMS{)l-9J}IlyDt>w++GltpW<*L(x>wNu}*l^GS|k=`g=opB<8+* ziuqcuS3O?zv6kzhn;Ey%)Mkjk7ifI+FV4EY;P`d^`11qfNB!~nu9flam?fDpPiM?^ ztZ9_n5ZubGBa>UGZCR<>mW{;Ug1;E}H%9x%I)M4En`|7ezn2o98Tk3`+l;T+R@b#I zjUo#k_Ez$!JeuRTlZQ{^oAc$M0$b8c4j3;e7vf0`y;f?xkHix6au0s~6Q6t8abMOy z`{i6)E?K`SV1Mt)v*&TyMd*&Fy}VY0DNd?9>1Oib~()q{xiU>?uS%-4fcV#|0Qyq>VKMm}jC zIy^I){u&qKwkvUh?>`deexaN*}`-fdV_<9+qpx^E6^xnw;wV2pacPfd}%YJ5>W zN40NPd&k^E@-M~Y0EFK<`4B&kr@c8dcCE?T$CCBTJw@xVyLC2Mo z9AfNSmR9;sXBDv9*UG+WO>gWPbo%sP_i}zT${F)&`ptm=TYmE8~4 zoFZ!`?oGnOV7=*Qc-OO$IedjLbB{{qUf}&G3G93hPy9K9*TUsl*n4_Tq{d?K=3VGK z`{~5~^wV18rQ?hF0saJV%RXejYv6hlYhTqEtez07pq?z*!kJ^gzT$nC9Blrru_x45 zn{(CUVjupmY>fDR?3;Ye64vIjliGiLlXtu%LH8 zrw($6w|@_^u#Elw5d)WBGh)vJUs&snFz3l++a;SF@0476IW{g|r#|cKW0SQRJv}FE z);-P-Xl>DnJapb>>T*|lzdtuNTYbw|H%RtWm%H`igUz?+@!*d?>D#97Uew#BZ^_H& zxcGOssfWrt|A5Wu!4CB_*t&t9hN8_qLlvhIlM#>Bc>QBZzE1*Ql6!*rdgmXshoN{% zwGQe7qp_NJ&qllq*~iByR#mNoV!X}~PR4Ca_PzhWr*og~(f7Jv_vYW{)+O={4+e04 zF5tgP2Pr=5jh}3*!Erk{Hbgd;vCirEh_`PU=LnZk_cV!EOnmJG$1biv6FoDwhO>k} zHD?Kn7It$^P&xnndtNnX3X4oX$DjIV3U#lsR`=z-{LY(1YT#s>gx4jc_3mA{YE~3e-i8ZW!^ca58q_!)BdJ9b?$d-^Yz3k z?w&^CJH>M~JX6CnTEi?*Em_|Dmnp71WQ9fmOPJfbk zcQ~Co7$%PrPAB$+t^LFfC9p$|mUrRL$iMGXoxFdhHg@$WdOC1j@&1y5-uOlnKa7vv zOWju-n^tGeXpN73L!Vn1&*#%fKd0OAGS3nVoA{hKIK}6X__G+A@2LTv8sMr)U#5K} zY+W_+xshAqQs6QBFW8n$&Gi9lGA2hkXMs(<|8nG*J)L&oQ;dHja-sTb<;qq6+ReQw z=1GBP2Xl3R>ty6)BXY7nfGh8Ch@Hk>QayQ`daqo$_8b`QV%!9$Mev&T3d`l2 zWmGOT;wrOxNP8kiUuWh1In|Hk3v!#Rkv@Vzy@rL#E zyq`FvY;z@kwtmovSn3^YAHFtqn3^8?b1sVxiFNewH~T@@vvjGlb_uF$S z(Z`-!bD-J5RK{N65_Iz{?m3(LWlO|6@lbl*MGUO-P~E^LIClZ3a&g}X6N?4#k(~&B z?!3kJ*Xg>=_8uEVt@qFI5vos4J`0@icdpOhYW5Z@zI%FX4zkoJ|1<+0&xFUb;Bh@X zo(GQ?!sA=u@on&U5j*HTnBt?hj-96InRS0(099J*VaU-HmONAYrF2#JKZtO?Qwdi{XOkP0a>RnZ9 z2YLI?foJqx*)Mx5o@#BR>!E6WZmd#Vyq0*_e&6_I>F8Q&%KXn;#mBYSrX>^Y^POXn zt8L)%BzV+=M=AE;^W$S3^gWp2&p(;@JArMxKmYc;`E|W|LUw+|MhrG*xR}hns)Zk#}zwu|6J;GR#Q*0l5-~CwQEJuY$eC9Od20hF1%XP@ApHt9%@|nNnykD>ToX_MQV*?lAGZ*7C8}OM; z_{_WUnalB+EAW}C@R`l{%r*GTwfM{yd}ie-Rr}jdL_ded5|yU}^wVGK9YoLGsm}44 zx7~iAc?UTZ6Kk(P?)-aL>#eN0zLGxBUwiCx+@s#oTAz0CeJ5j>@9(wWt9OQCxjOFa z*n=MLMUPitTbCn4@K&)##{}ZMFtKuWuFSe}8e^>gOV5`0-OP6py2mr~ zkh>)HC`o+RE@-ry9ENx`F;ujt9-Y(P)9LU)>)%FmK5!(lWq;F{9 z-(Tx*_Sdw|$-*+E^<%ti$&Hhl!yjWl_?3>~+|~KW1~`p5lfC*gi1dtv0Z+wTj<=Ty}!8i9PW2@T9b({H`bjUn@pbEJzLA(rSd>mG^!rN zp7|W%KQoCsjQB$2yo-44S>g|LN;NRVsgD+lQ};YV?Mt6@{4hhKmH;|oO z&~85KE&0+pthZDfmg3rvs1Xqy`aWD?bu@HlG(F%f`rISebI7-*HoyI&>$_ZoS?SE)-2mF+qAB=Row$SosZ)4;o$WHWXBH2C*= z6E<}UJekQ_-~pc5?)Y;)HdOJe&R7g=y%j!-?k@aCN_y)pm%L%W9bU;YO2bnlK2#O@14x3Z6a$$(;OC&Cr3 z9&14BNk*1Jt^JwvHO`j&;*fZuwdz1%DrudpcS(S|{w@Y@<&0k=hN(ct?uWl4KK`w1 z4&V3i7dYRt5MOic#{SVSAHMnP*KFr=NT2;P>McCm1w76#Y?55St8Uq=m!fIeargHd z)Z<9z-LvjF_kB08PUL+qA3fZ2?YMWzYnH(Cf!OT9__3k7Mlj}7%Jf} zxXFf}@j>b|BIMLspnJ-Tou~X&8L(Bd|I2rEVS0HDkD{;G#lSv&0{O{YA7yQ&nl{8&?MK4CZ6)`&P5~Rg+(;Xq*ru|7Cn%^&sD05hJ-c z)8&-i9*^S5;JHM1Jw&ddV*XfcakzD)&Y^LiY9DIxrIS94j;}k%^#1QuP8Yo5$cB42 zsdR6*Y(F+q{#$)+mE)`^2M+F&4-Mij90!A=)}$W)Y(BBS$tRY6O!>qCIr+pc)}o!P zN#j#kgR&+~PGgNam9;5r)zoy>q^wcLAeZ8!=I&MVPkz9};p7Mm{^nkPZ_m~I&!Xm^ z`%KM0_X+>9{F?tGjZ^N|{LiYcB8NDBhid-0zXH98GoEN5nTT^O!Do}3GO{^fbEA5s zG*XA%5{_*gO#XQWz8u*~O{9LDxMZ0((&TXB)2q|f@9$}z!?l`5)vbs3?5M$)k^@m} zJb^W4oR}>>-b;^O7m4ks7w|q}ff1Q^-ISQU9ur4%Ujo_Rh0MrDD&Bkwd)PhQ#m;9U z3;kRFG914=9lxx2E?^($A?NFmeXUtH;5Q}f_fz{JSX|63-=y65m5jejwiJK;$)b`q zyBMcGcE1$6UrL`k^@`rzUK)stN)4RZ*!fI+5H;%D_eQX zgYE6v%^Eg5s$|VPaGZ^PT*dFJ`8}5RGHTyxA-^A>UiPC47GAb?YxevL?`iz@Sn6eO zGQH#n?WrBldoe=;pI^ZJdm^RJFaO)}Z(hxN43krddx*v5gC+mDvG@S;ZKbUrJd3z^ zs)g0T`8qV&4Nrsv>xgs_G?)u5uO>by1}+;@4``h(T5{i9_*Be2H*n7+XsCU-$@n|h zub|7kOq3XW^3&B-%rSoQ&#J5LqCVX- zG0D)_L)3GGJZuB!$@!hJb=aJ(8-Pjpg~20AEwx|^OBT3R$=Gw+Y@9CHC^K^rLm?jy zK1Y+u^TDyidtx$Y8a8s)Z98Y(mZ%prI*>pI{`i2k%YXe2>rZlGF1Ewhpf~5n?i@nR ziFyn8_kaFP&L#jubUuC#S<5*Oc9WMr6F4W;DPGlD#GXxfhx!P!hVkzoCS1@BXGf1T zp772eFO@f*=6e0-_}QV}6B?@)T*M?ra3-IyB|Z(> z6Q4QU>kRIv#6Aq}_~*XQ<%kZS&(fhDzSYCG>f62aoxoj#osgV83A}gk*^Wz%#WdoQ zDfFXc{6@X^3fh{z2lycyT6V3se?9$e67X{*X9-ky*Qj`&KAq*r%)S))-Bhu^7ADW3 zzW(jP!QNlV+I`ez>WgFhQEb5W)R}r&de`|f-ND-Bx2Ix%cxJ<8#{N9&;xl7^Sj!vx z(`eW2UpF+jXXKQJkX;*fG55T$@x@OLDq4dqn6rU5K!al09bhCc8?Za}-2hsDM$Ne& z!Ghi4zDGWYT?P&}hQ<`$XMu-wc@{QjGxcoYVMS|{UsV3D3)(-+-#_E;-PB@?VqC{x z}Vi=;Pq0Iu18R*MIwRZux6)3-VXAar~Xg zv&IKU2AG&}4EAg@_HV#~1((eV*uPTjpWcgN&OFz8=`q;CbFqaz-he%|)T8Y7N}nIi zv%4cD&tLVod%k&2h;!xm39S*nJ(YfttN}(6C$$I8uXLjSnVygns1>e6*J?AdQ_dL{ ze5YB9$!44k%(54n$s!4NgPgTvk5niP9Zs+*9u_oV6yU(&8yBNdh$Cb!}uOG%1&#X>&%u>&L zyC>t;;>It6|5Mcc=s6Q3@SI`<^ISd8&FlNQEj%}y`nd}B@nlP?;Xg5`p<@N`E&<*+ z<42L7CSoij1AP83;B4TteGgGd>vy1+{K%dBj`QA=1U@Uq-*@mco3k|jS(lYH-es|= zCls!k=wMBu8ig*_6y3zu>H(nmuKAYU>l;^x&{an4SV`4d6&A_R`x1k0B_72X*p=1oSv_E??h z4_vi2=6zH#?_JVkWKs1>z2n_t6YnY}R@|vrH^F@d2K*>FgkynWXGNXt7rv;Z!NLFz zHJs_gzg~L9hrLIi0gh*YL;5_0&)s|`w`OSwtm@NeSfu^rjA3sHS&`dU>kGAr9?5)(_tGuE&$&L0fW`P4f!vY1&|XYu zBvNJk*K~M+EsOen2i^h>7Si&_KC~Fg{FufaApVdVd)E5%|Lo;X{-^p&u0dG4BC61-*mEokphoy;u3YcZ1B%fMa$p=_E+S=xxo|4U~LGGN$+}PmGTIwallObmW zdf!-{Tz@ukh;RqiHoy1HMbyiwez=%eF6f8u!j`z&X33w4k(lQJYDJU}6`a)T(l72T za@;eo9*5IH%VM%_FjpRI-9~( zUC2WBOl%Rdp!iX~Mm1MX4sLRC0KP^J_|Di4a4~XfXi^&M;y%_mykfq1vuLB*Qt_-4 zK0(`k-Wk+V52cQ)UixckTP)gYJoxBn`$y`}I^kO(+NKycf=|iNme1FUw$QX!U!iuZ zvqi+EdWVW^zxrq>MpeAi==%@hkl};>OkaG+x7%Zmz>}cerr&!Gf1G}*X7xz=nL;jA z!)0iM3_7035A}0=fnVZ_(*b)=No*fzaI7W7+B--rQS%zv|m-VTK`g~^DLf! zp2g+W7%#zCQyHhP=dV1{^FH3fcTND`{C;u5_c`GI`{3T^dCn6K;H(6OOdhm2`kMj1qSL5j1 z|7Ym6Av+-(F?*Ecv8Yu#w|!Igy6i?AJvFf%dU)>-{65ycZ4KrLj7=$IbD`;rH|6Tf z!@do5{94e5{PZO=-ycvw?(<~E=qqzSo;PFV5J-Cf}wUfp-`P#^+WrfkZO`(5cOUwBA$vO!e|=R4Z%5K+)7cdHQEKcS zt$6pc*f-1eH-FOc#MCN{i*5b4zSq^V!#~Z38-J#CbfNb#J=aHnRnesppNrY6Z_-%+uY-gy?EXyw($O1|tMj|psR68YTExr89@N%p<- za9>&R^qH}#;GU63ANQ{u1^2J_fqP%)N&Di@&yEGg^7qF^0^@Ec&pwQwJOYftyoY%8 z=|14q*$Wpt{}!2d_M|U(e~<_7oZj-Zui_gg$Nu~M`HQsmq&l|Jfhm3or# z_lxEH*s*f$)B4MycYJh=?@ezNCtvpbM{j?wm~7KZ7sKSne$HQS%EL4N{bGt2`id{j z`6YbOsjH9BYk)Xd@_1j~JgS4()rbFGU~)fMd}PbqT*_CsuupQskm%OKi<_<)@%DpX zP>siW=xS6a8@PRA~R|ca~nW_=6ASKF@dN zdBzjpn%;fwXO+Bzw}HIB#&L6K@4$_vc-8&wzE{p)Il9VXdO%TcSs8%0K{Y9iKM^>W z;A?6FaMl3lNdee&uVki{oLW7wP1Kopa5FLmY%Q#l9c+R_^D0(LXndDmT zP%h0gd3nWI*0+_KHPA-(jJ8wD{5tf%@s1k~y)w+cLtHtZXW8$$(kog1oL5uDnUG7b znm_N*J-kD_HX&zCvPd!y6?HR|@2`1?+16y&+i&$L5>Ou2eIK@YMQ42qtCx3&^E)1iH%#= z)2BAFj(3))RJ&2&y~g!=S9QNwswsGe*MG0^Bh2+Uy5qn5xFZLyB2!b**$j?rBy--L zb=V8(yzGMf&I$1Nq`iBaunc+&>t_yORCyClfnvBzC+X{;H2+9b;>iZ?gw8l^i*I zm#oCmvHdCD{miq4=$~p}jHYNh^_rLNNHIq@^X)2ipPiw{ zhH<`7b|t8DBiS$B4?jfvWDf1^p7AZ%FUf0?@9C?!)AKHhjpSWBZVa6n2-*av|CL-{ zr#$_&Lt+WeF1z)#>YKlL*1_h<(y zJ&zI492&*T_|5&YSIXPE{H*kPzw8&^r_dd(FXZ1PE0xr`)wi7!t3%EtOGba)TDAm! z4&=VUj5!pThm)rVM#UFj%%h9q3%3tx-}~g(pZWVsyG_nAw_ki>I%DBC%-#~PbU>FB zIxW}|*k{#St${8^-?3B5OKaVfsEwxoS=WI_`Q8Y!t$e5P55Om#)Be86X%0sg@iod# z>3ij_=92H#-nnwv_8mo>GnG9={!{EJHFBS7^s4b$acHIUBoFfLE9H%~eoG?b*3S7k z;Umy#>=EenVQj4Ke13%booxh5s>xrq*23pCNP7__A zNdj7`)-66Am}gKErR&Is=$b<>Xf1l32ECF~#M|DoGe@$64H2(Iztk*#*8>AIy$f2N zjSM}54DCRMk~5hT{;U(N;n!@@5PFG*=aZMw-k4}>cmgfOlMNRk`^cqa|0&KhN%sFF zy+#(wO@9aFrL@+tGQC6RleuS?0RD^~^Nz#hxYMmF1D`%k0($g=G1udAT|s zl;vLgF->;Abc}gNc=r9jarmJgD~2xf;0yHEIkOIMP@cfZG(74C*Bp6<1_{Zut`BF7 zKIGZh0{A0dcYw3#o`5IXtCAcm4i(L{pRpt$x91aY71D!$X1;Ja&!RU`p8Il)&y49l zufv~uiaSJ8_?dv78M$vdy4>G<1e)gOXP+ZR`}^SD`;RH%ihRrFnAir|C>Ln_33cnU5 zh1?Jqn4D&kzook)K98=VC&stHwvGj)t)0*J1qU6+`Q~&L?kYUEjsCKjqnC-t{HhHxl^Efxp_P=PT>;_8_E#;y{BK5 zl8>!GzJ!a`%-XwAEy9mvH;^6EpYImkr*k@?J+D(g)PYP$R&JorQ75t+g`Q46gZc9& zXsb1gVo>>{6ywZA{zg%|HVGMapA*QcWK;V>pGFozV%RXz7@bdG=gfV++%1D|>h0Eu zor;*ht*>|c$6AM+ggh1nc`+6Iu#eBL_`B^hCO?R8kY5-H9FkS}Dy_HXg7;+BQ`OK$ zYt*NZN!jld{BAURiKkP~sQ9?J_3lCTU1(Yp2?w)>B|T%Tvj;_%KZ}mK-UahnPnO?d z*OAgq(N;0W2dTx8%uHf!rSpFs=rilVORABDAHq-Br!m|k-(%z`Qox51gAL1*g~os^ zIC)S$snouLQa6VOj`s{pf@H_jy1m3X>9aOU+8koIv zWH^QGP4Jw2i0US;l`Z1BsoT;z61~zovK<=btRopG>ei9`{W`T02Jb>~D0u(whFl$Z z#>d;m+th^S>?a9V)s8-mofYmK_>)fX&d1Ni7$<_8Y7i7loA_b`vJNiFHw%}^s^tL} z@$RSK;%ZCpf`{@YL0q0Z3N9^qxV#YHq0whQ-nhr~49dnEl3(Ga{s#AxgOT2Jp`(iB zlq<9JvwnKl6xNNirQ532P)%t+*8e5+yaEq&Z4={ckSt&iBnyT=#8%Q5>^#Jno!q|x8b1S#bLx|k6Fj~Vy}{^K`1z58il0~Amf;yX z8{`>l>r8L^D;U$P!=>lw^HpX{@+8=cXBe-0LNwjOI{d-E^ju35k=(Oq$m9p|_^5Yz zRM4{t`(D)+vGoJunXaMd( z>CdCMXC~|GV4N@;nT$H!f>uMFJVpw{IN;GUH&?d`?O$9~z@7*<{eaNG30Y=gJ?LeH~|4&@S_T`SDb zok#K$bq@DF{KQA|aPQ5}=++?LeEs}K@Dmzb7TZECj<26)o&Z00x;Q>xKgT+p`rzmA zJe>Y__<5P(=at9E&riKae!f8+!;$p!_w~89sQ^Fmf7pp!drMqLKli}(_n@Efb8sx0 z<)@kFSory*!>JE`w&daTzr#=7SBZZ9rt~QKNuQPt`@Z^85}AB2`gw=Ly$}7In}_@V zEyDA1|Mxxev&iAz2S4}CIkJATkNy*M z?s8^Wo99^c^9AZ6jLqqTpWE_q`v1*O8{3UC z{CuPTQS{UIpMQlf??pdXI^6r<=bd@D=j$hQ{u^xiTY#T`v;3@c{LFlJ{QTtHgKD}g zKg~SH!q1rwr#|>OB@d_n9e$o=_<6_C`03l*ufIorp5busgP;BLaL?zb)3>WwkNtgc z*`dER@l)yjS~(--i$biaSX<=8F67=!{!RIecd0=zx>Q@Z_GQ=XT>H=wSnKAIeesv(aXKR&35%b@=go zcP5@!FIkq19Adq%vZ^=$gnYP^FKR$wEuca0GAhiJe>U6`mt<(8tu75qy%6vFeml}Xr(US%Fnj*n!&MsJ*aiAjD;E*=La~tEZAXqs^qO#IbXBeCQ5`b< z$#t&ZeK*terVg3j)U|$Z>JI9@;w2$svQX@4Y9;-@JR)B6)eqSHL# z8cjb&UuJtB^l1sc_o?^2Yu9sjnrADJmn3u?`R>|ph{u0DEE{O?v@+Y@)OES2B+42z}ePxWiYBBp=Cz82~@ z>QBqL)?P)993IR?Zae7LY<{Qw-+RNR?kjaToZiG5CSDRrZ`ALBk#viG500eQ>-W$I zJhA;VwLcgokE#8|#3JOo4!OO}%D48PP0!48$<6Uy?K$>4=|;Sso_zG&OVV>MMbEvC z+vv$h-^{MX^yF)xCtnji`RJSZI(;+utWZzBVf4rx9NQNeN^wU!l)?~hHmW6q(vNZId-z?pX%yvREZ4jg{?7Y8QX^yY!J-iSRO ze&ro(hrVBY!F?~zeB{9ci_iJRfyIOD_o4SwTUQ>fTDv-QYm_>>H~f1KKYZ_t6K;Cw zz^mu{^1!xx?Y+ET`P!l((J!yL>08$@_QDE2#|P4vd2o%biHU{{?Uk=CBX3!UeMpqm zrnPtd!_K|U$n>TAQv=XF*3z{n1@N>wrF$n}7n2S29D;92#!fMIvKudn78FyT$h*95i9g5lL)e&d=64_O$h zb&WCB+;^`TV+VUFMVI+75i1d=8JWt!^ecGa!!(=uijaZDZ`}9d;a@y-V8X{GSg=DH7GOEKkZeV1pO;btyL(7?2LEMjpEue&Q{)qOfNOER%~QVKL5_rzt zYh;`_hh*;{`uk2e{WogZBzuSXU7<4tx1Sw*ihb#y#i>!`oUDTl zcz4z}PAn)>Z}99NJA6IBFC7(@;lP5u%E(j?G8KuWU-4o2J-_2a(ZAs}>8I#%;`(*A ze3n@2ByVSafA{l0eXw~6v6SkDv~M>(M6I0vd{WQ*?@?LB^Z52Bgzt9d=onawf3`Is z)Q7HApCj$@r+J6A;+UuD_u<}6c9yG6?1Rqz;g9@MlJBGDJ!cok4wvt1c4KJH4a}M1 z_grew>e&bH={cG0qoJESfpH@}=sTP7iF)758up*4SKLSs`p&iN&%%$+7B3yA=2UTs z_NLT-d|gz1riKxV56$#tRIJ;L-M*6ZTK(w<*+b8S1a`G+0%H?9nR-xsuIlVk+LOcX ze`XFnx{0Gy-~7Al*t36u`(7eOd6|1&<=)qLHpRY6H#JMdBfE%4b`y`-_eb`l-)iqz zGYe;ZWOcifpzPr8j1p00FG@P`#XBBWQ z=h_Nj(BIpmY12de*(iI7Mf5<3n*Q_izDOMm{LG(6x}w@Bvxmz*pK7?Z5BfHH{;T`3 z&p5#Loi7s|7edE6^|rKh6iq~%ecJs<7Ab<3+ zrzaQpv(6i)ngHSa_7pqkU)aCg9v-&m-gkSh{WCVR33*M`a+VMph%Wny1?2k=Hk}sm zA4BbXgPPHWHR$YG{6-7yest_v1C`T~F4ecWF3 z={KLRNx$_%O?vN3HMaJx{WKG!DGsbaZc^YIM{W+P{%IPu)AOh`3bQBM4_Yq<{|4y4 znEEl`tU;D)INKq-L{sstW)ytnS;N24+&dk5D^}oIhOgs@7cN52$D`j9us0Kl7ix(Y zrVuYoC0>|Dyg*;y*Jltf%p_h&olFm3dTQ67L|?0u19b3X)7OY&Q`I>(;fJ3oY!lA; zC*LNNSvk-;;~@OM4gSAfOD#)y=$;4P>A7|Tyzrn$5?Ty}f5YJ4?Z}k&yHDnsx5q-8 z8PEfHir>Ny_etllEA;HHiq+D`adzFoX7hd~tyR!V)sm?e@8Ash&sz9L=)!d3t%)9U z`uum})bM;N@|DNl9%}2SIz}U}=!5zJcA^uB!Lm_BG3?W$o_9ekNi3(j71ldj6GLm$ z)@}`owGHK+iad*dNjsZ^A2I!>4>HzJ@-=PX8ZL+Td|pkx$ba%#?@gc&(aH+mulv*p z)f%548*_MXv!#i8O(Or$eSX!_sz*o1OlX4KSeodp0DJBMnw*hOlS*g;{k8vY z_Vrl{v_Kc?UZ6{n(Ti2G``BNN<>>M-bV-z0J8f|F2FC6J*MEe4UPTSMqm}IQhv<{! z*43uYkNE#1pUKTr^;0ig{<-zURVF`_+kZjp%P=%E>p|9)<=D6={Z6&68QBD%E8#10 z>DGqjrWeX7v6gquxq#j|fm(lm9@?226y)pn0sgw(eOH352Hul>cz-Xs4*bi&Yw~H? z^IfU~4g;_3oYugvG+Q_iEzRaNR7-xHo6kSDaWXhvY%y- zq<ir_Ucx%F@TwHR1=?y-)9sqW?~1D0Ut16;yoV>8yWwkv#|A zZsk(&RQU6XH^K26O}?u%_H;JfOkh!%i(ut1+c=@f2URXcY7P0j>^2735?sJYEKt|nlr&3NH#^mLPU4BsYQzn++ zS=B?Nh7;5IGP|yj{04B1<8#GB?RWfnuur3i#mm7N%oXOt+QD4HdvE}6*Z*4QGJ^8_ z4})KPbMZg`{$HK+-r;|3X0GjZwfGMH{q27Jy{SPuC9_8npN@>TK=)0GQOSv=h(X(n z0`Y`B%QcRCoclhJ^SvK$Ovi?7f)6e9BZ(aQy}x!jHs=W`K_=g{d7jR1o|uzwiVqH_D|N1kwVrYhoTXS}`CNm##%->yX#@BH(M5udwTn)NQKYBZssI z7@K+KHuipe8P@#?zE>XU<_rBil4PIz%vi)X;!ikev&jX?UK@LXkN@!y`a?B_V*8b& z;CeQvY0rWso5)S+EDyZVn03S_(qF}S3BDWYe-{ntn*PQIyvV!Js&=RzJpaCc4kjbS z+Q_r*0qn!Y`tS?94>wd0E-N#2#86(N7yEI9oZFMavpPMyg0<-*HB}Y;{W*mmo3dZ0SJ`;qGO z>*Q(n@P3Lnct6FP+pE)WMLu37e>b=Y{tz4N9q6Uw;44|)`#5pwKyuOa_fF8~J4t`< z6n(xs=>OeGAMh^ve|OXGdl&DdBA1^z6FX9C;3uQ$eYFE($=cvMsVqI1Qp!qKfCaQIZp#|;SB2g}R<%*TiO`hm~CJ3ONQcsxEg3_K#>!JbEQ zAb1Q0kD=f(96UyVM;Ulj_JId^aQch(!sDCycyQlu&e+$y%;BM!!65obOVsor^p>G`;E z-@ky{$GHBFfccqIfq5G+ZwKafV15>up9kg_fcYh0ei@iw?E_}*)3gVBA6vOPJ0E85 z`#dn0bKS}F)1}ON3vzH9a^xxl}?`P=`CG9sFxfl zN0p)iDCzx{bSFFxLM~PMq!f_vpe0^9`{oGit;DC9^o3kqae*5uryP@ zJ3})*KM4Nqd^Y3^tIbva-iyu)!DSJ24$Q6ZMB9g;t=St2`t%0wUz_XG z!|e5HpJOh(n#CIbT+YoV8W>alZ>`URN62Gv&Bz_sjwW}H(Kpu6_+oNxjN9=@<5r#Z zQeF9WdMbq3_gQx5S68W~f%7*jgXeFq;GIO|N9eC=`@~KMclmhHS@dV}<>dQI>0=y_LnD94 zQ6?Vn&W?4Oc*Mp8I^!@+@7$KW;ZG~0)N)*D&rygLYpK0RvexfHCOz|hm5(4RwuiTB zH?BiwI(c@(mF7&v%A7M5QG2Fh1A7tD{Zi=Eg-i-oeO7)(d7Dv_JoC<{8_4r+^g^*4 zpzmDX`IJxhuakQc-Ipr&L=N>Y)E1ci@V6{gdP$3ds<;MKM1h;%ae94nn3V7w%9R|Bm-4bHNUcfsc+ z;6W|J{*Q4ElKj=mW#wm@_r^R;Zs2Ts;J?PX$MgB_?*7kwKfbcxnu+wGxQBIW5##iu z_GZ)k8xQ^K5N~;;SiO&m_UMdBBiGl@uRHXkAw|pYDT=1o&p-Rndd}LYHvMdD$c@8APRhswDRdCz&**H`%7tW|4IwEZv9)hguaGJZUBo_kzu zhw_i>J`kJsLtWUV{fwbhTpwV@)(?=pTKiEfjkeJ$?#atmQpd z(ACtWXnms`srTo-&29|kW#o%wzqAIb;Jx0OVOx8=|<-43rRKRQMdM;t_oc;Q9W1)|FY4i6w{{95L?-(mw7ml^?eLdeF zqK+cWUXc0BJ#X{*dd;VrDQ`sVChDO=kgdWyCC2Zxo5#fo+QUJ9&6+hVJHqD_W2lG6 z8sIt$c$o8&M&K~EhPh>{Uf~`$$8%zEk&^ZuJVbK&;hLxmaS&50KeOB{@g=1MmWDd0$Cr* z9OHfQ$%# z&&R*W^s76!S?61W9apcyGBReL0CEcA3jE%r%>=m#{&L0M@BkAe) z#fK^QiK)o{v}pR@^ZdP>5w_1BrU%m4{ zb3HL!z4t-hcNW=G0X?-&3c?}&1V771hv`pH<9#Id=E1$08e8efCw*DTuczN%TWs=` z3(i-*vLrWONzSIwK8eYvPaw8te&s85ZhVf`C!?VO{xVsXmv`iQtx--GL!8b%%3rE? zLme?@9NUwan7c+vlvNYgn)U5YkG$je*0NOk#j{ zdbX_Z$2^)t_ik9om3L+CzRS$P37h z$({+ncmuR0udB6bYB_eFb#><|awN^vlGsm~fY zh5FugsIJ~aa;G{m1KXr5Y;o;_3CFtZwcr{egKzMA;qLRJ4g0J$h+-V=)0Trngn2Zd za7v8#((y|0VUAjVj5_f&Fh&`1w)%#eoI)k^Am&m`W8jKr;c64#^Z3F1z4&olFbNL$ zB$x`p@gWCCc@~a3om&9sgzy4y(~|?Z=CYR7SdHSN-$!obN4W+*QH@VcbR+R+92^r| zlO87cTXfSs<=kV|X6TXVH^R;B!>BRVfv=;j%`y!SxER%SKfEv1f~DCiTBW}`owaiCO341`k8vC0Z-?+5~ zos>_+Z)JQ;1_olIFtNeovB?WUp}d%liXKsgcF3$y=LS(H=LTs~a&+|=u{ zM|LZDLB)Corlukb6W7Q012^Qfx~FH$zIxj)GNe9{^`U_Owf1j+CH9)@mw@l4 zc3`ScYhozzFwXro)BqU2Fd7=;OHw1yhe?(Xjqs(88Wq*O82=8>68My4Su}m9oPJZj zeK#_OEl`iz+P{{JU#A#=_j#!o-#77%e_g{GKEku`HpTPi%nb4++p#rx<BouKFWGvY)Ve|w0 z5aqjad{R7MYyMP*t)X66vR}vdXSipiKYcvo$vy?1QSUS}kMzrb1{j`*qdUq?2j`1v zK3~@~Ut81F)6YRR(oc+xB8orOZwKjiiEwh;V6DJF@EoJyw!;r&o9ARA(;o(a$qQAmzt0zf8CckhgzXMFy@v$iX#Krx&hDB(#p>$ zUzX(isNM-p57`*KpM!cW7>(`$qvm#Xtx^6~J=NCzdz*J)8!NmMVv0B7_-D>At)!D( zY_`rYA-`HzDK~Xs@WJMXxL~OE)CD%mHo}N-{!~lK>}4ZY>QH19fy6FViwSv|Hk$ByTCO0HpFMcoHuKm2Y1-onoZugSGLD+}0P^=G@v zyq_~$UzkJ}%sDNi8}Jn#cA_KO@nvUoR_YmI(`SazACaFD=-9uA^)Gt%8ad;b4| z-PGpN>+81PQ`bwqMZ6YVrbN@D%e~cg>Vt;N@os5kb8u_`wZFu&8GV9|mn4xn;^lO5 zqKzkIFBBgrR$5A(Qjzkce5d`|ukl&3UVbL}0BqJLg)Hs4r@Sp3`(%Z;y03d&&0;4o zs_&fM!KdD-ojiL#xGASSnYG(S{#G5bdX`6}dmih^!3~ckE2Vo4M)!uId%xP3t9zIB z!JkQa{Lz^#`9=57>YMcs&zTy~fPch}Q8T{UtxM|6e%r;dN6`Cq1F^9aqUoFXzKwS$ zh&SY7I9GD2@>f+w)FGMA@l#`s(3t$?PM5#@5wx%5-g<9%4Ba#9u91AM;j?lCm8ubw z?L;<2|61auxz|Ul?xN@B{oa=!TjnkP_FAuO;nUt--`BjNsd!g}-%(6k%#U(U`mDco zP4|7B=U>w~Smb9^=*sbPy~{4WAG&MJ)W!bHYsjAZYLaJs@d{!&_4X1k6@zi2e_ipJZ0mEMw7R%Fz~i7i%1-nZpD8X2A$zh}75omK zgV4I5hU&IYy>dG=#@0X3w1k3$CEQR_X?60-!s|9B(UzWSRim!n0tI)}2Y`k(d zZmkQyKSus8!rptw3VNurw*NZ&~%zEq<)?5*A z(037XhpDL^IR=}@?pURKtG8$UY2?n|()d)ZKed1E-b-3!^_}}iUJh*B z8-<7E!|(;VHY9s3n6rt?#vvz3=C18e-#GYKUoPB=Ox$C7(L#Ume4-cLlfdtZZ?b1+ zytKEuZV==1tZEolzgRQOxABTMrt=(g*NRraQwKa+Z&v_|@Q+Uy-)!DZ-=V9QwwYQ! z)|5OaeCJ_Hv?d9!6iha+=X5@^7O2hQZsJs)D`!0Uy9em|pNSi0cxlxL#MPJnyOG$E z{=^L}$^qNBq2q*u&1<<|_&Fa_(#(1oSc2om!OQ5EPqUf~&1{UWvpw=}^0hrZgEk9K z>CHESu*?FEdVZ$y-8f_-_}x6NFQgV+?_xc4UTk(h;7kclYh(WdIKP+&=bygQ8_u4d z6PW)*egrMQ~_P7WwLRk+~78a6Rs#w5G%zC~QXITaK0 z`ZV%H`-=z0*5}da66V{-{l4sCSH{JzW4{QQ#isV(Aa^RxS5 z_i(QG?}Jav)_Ozd_;AL=PMLR@HgM*lfi-9YYf${MS&v~eHt;^3n!1u$5}LOSSAOP{ z*b9gJ{hp}Zb5>3wM80eT=RRGnbQ3-}1rN2isJv%Ulvsz)@^7{O1ni@;<88}~H_YrG z9q)MKG#)bJ;M?TJYdrZqjW@Rex1i?ZW2xbeKf?+Lzxs-GC2 z9dDrecP7SjKS z;x^vdQjhLyPpuK(Yu62aEDW5+jsvUwL;m~SD)c_X^G=9;Dzd-%%sgGX>z}PI3Fa>W z^B;iK!AB#Moc(#hC)hOCk>`EEeXJT=;OWl zvA@Z_&uc-A^6|Ov^GZ^B}{zpLA`{R6eyam5Whqcw^fuLHUk zQ7e1{^xXljYhys(V?Kg*61M*yl$pqNA*xW=#1_!5Z|P5g*o$ z99V7bw1E|Soe%57g4K`r+*o?P6IhFZ^$KA9x_mNlMSNKM0joZ%pZ;eB>tgJ&$?bhG z_PhV~VfAc%R)RRQkdN0|v1)Q ze_}Ju~+@{VF80W)E;&Z`y=J8{!N%r_n2L(RjqU^=PYa|^iwYr z#d4~H3v)d=kL&o1&V^>Jy3<>EfnBR=P3^A<2M;*d{By<+u1h|+inDdBgVax~lixbW z&R#h3W%j~Zdz~Nae4S@{!Q7v7UYaD(Sd+|DUZV&eS4gAlWwe+j23|H-i7K(}9{3voV z7~3%vKC#A9-q`GcS0X3C*NrUgLVtE+UtY&9?wJr}oG9Z&8K;JEqUoRceHRpq>z|9S zjyFDQ1(slZc8{qC&(_Q3$9KOv&7CXH#(3Xj4DrQ6V*eLB``c}Pc=MTx!L#R)Yp0XT znnB*0d#(VNDbwiB13j*S9#>aJt3G$Scj>y*ye%EjPC3+W=-36FtD#NJSk>y4F2A0$ zb1VL@Uk?JUlh9x5X}#Mx1rHkh_bbii{Yq;&8?YO^bghkb$2x3Y1Nq#mbdC2b?ciD^ z>yifSW(vE>8s)`-x`%fwt!I5bhn(*m@3KpEk8-}si|O7D?rq}UdiGXQ|}kk^%7xxBxgdyO6v!99D$9%bb1>X={8YdxKW*UCRc7+2q$JPVm5_-h#d zSn<4$@s5V4@}36IQt#T4;VZ`n-vOP$Py4UHk^r`A=x`ga3x3#J6?#;1xbUGWQsuF4Ou_363{{GX;yO!)~DccN3;8#Q}X=z`+svB+W+ zT6@?#lV3u=6t~<(&Mz?qn2;^Sd76J6_xFMu{Ys*9PdK>!&l+PHd)Vfk3?>IkUWjoT z8N=@1*tIgb-bZ15Y{}buGw-fSloAKJcUPgq^1Vh5%pS;u*efyKU+h13+i^Vi3!WqI zNo+hW#@^ba73Cj@Jd>l#(s=3C0}lDV8c{wRY^2GsE~d)`Sk(AbL#^VGrhF(bCaOiWaQ%t zcrgWDT*)})r+8aB(O20`<*1C^M8Bo8N&H1Mwy>s5I^KVI{psH7@7x@y`9c;lvX5Oj zl8)n}k1G34$9M2Pu;bD3TY;%B9q(fA<)}K2zFhn3JRSFCPdffjjDM_nRviPLPRDn! ze|1zH2eyCudI25x;d}in;s^TWf4%@%&*w)vwwB*USFzhk_@kUtJ-TStFYrH!9GIF9 z^deqJACVWue7|N6n@7mivrW{FDgUhaE=SLJCST8}n#t(d_m1Pa11o#$*_&K*I+4lM z5(CJWzjC$J59P>IKcl(?5(Jri$AVL&8`=HqTIitj3dZ+w{}gCKOtGb#c%l;>kY32= zRb!WGpr7aUTh9K{>fhW1ZDj-TbILPh|4@Twd z!SGyPr*(&T{q3Dr56oH$e6_bO9r!L|A1jWR90QI{2ddG5r|{>6{9FV-r}bP#IXpo| zWmB!aw>ionjGqU-TlkUOC-|M>xq5s?2ewqt+Ow%e_FdxS4TA5G4vx7*bMbxtT+T7=z# zk>3vFIBUm?m+v3$tsWKRCo+5_nZ4>5_~~SJ2eru~j}o6nkSFO*5?xXLDg-Qj$?caK zk8Hn<+``|E7p&Z}A987spQ_Iy#@w=w_^*PR4^u0Rt<=80;uo#0BuCdXkJ~HN-l_Jt zw$noq+0VvS+-II)%zMA=+r)M&i;mB8`rEoj~eF^&+!Z&EY zlB`3jxo17HnAvx4@@*Eep7o{nbN=^Ej&@R;Q_#*}*Yf3P3^L=Md+Ioz8<8h#1ASRr z;QPz{O%Zz@YP9n8#X0r!@h9QgHh8xk`D(|;Jd3}4p7`+v)`u^#?tYnd_p7YCUt`^! zV%^=%x_b}n?)nnkv8}CBKE>pq7ctHY@CrFhy@bC(W^?lO*OIRM>d)CG|*HTN3Y_&Mjv(4^Rhu`>t8 zVv}<=FplpHDf4|n7z~4P*^2NxJ^2JlY|8C{Pk*5ebR^<>% zloRK3l3u2tRXx>0!-t(-<2kY4QL_Wz$>*KW3&$nksC{MSh{HZj3*i{Z`{v--BpmUL zZXA=(Wsf2!p9^mCp@N84OxQq2o9NtIsZiD4TAsmY|6z*t*}*kP z$8g{p0p7sdjm+%=&fU=ab@;OfIecS0`NRq26I0cU6HTwn)S1ZJXZ`*0<`cgIEWv!@ zZd1RTtxpNY3)JUq`75||fR}7=FlLy0inqFXK_F&;21kk+K7dT+`%vYTg88IO%t-EO zPNZ<|N$*zw5x#UTb*Ls@gznn2NdSPgorRxAmvD;BX<3w%}| z;$HbAc+lw97m>_5cct=4Z&I5S@Wt78p~Js`FUIChh+Tm!Ik_S)v{HGYYOa+9ayTFG z$}15hk9+*HfxPn4GnC5qImh2;q!y@4>XH!%BRmJpRM<3 zY0a(mmTJNjbGMTNHtQMel36FC7wj+c{sDi@&6uKRFkaQZNH5*tzKrhpaqjGL;PY#v zgU`D>=I4F9^WTR)2HE)g;9Pv$*jvlmqR8@U@Vg!Sw01E07ih47HQrLzcoF}ctbAHG zeFG#zc0H%xk=CopgXG8+I&5M}a2W37%Ejuwe{gy{Ex-Q>t+4o^*_iJk5 zSCqZBAp9o*|D-(rRKTAIFn?A&0cNc=GG_tX?cPpit>Axlv^>*?L$#6CTUdYL;`giQ zHPBc5E?e*qjp30i6T`!koERQCtf=s7Ymhg`C)L*MP;3wVQ&(BslePT4ja(bN)ESLG zeV;ggqUE)V^OHHTrLB=kt>HOzp-`N!*r#I#Hj;5WXJQM?d6G+GU!tbW#@#2{_zU@V zakq=_YKd`NjCqu}J173C0A{=X;* z$_n~_zzb8uaU>oTih)g>k3Y+w?a;GsAlI^@Lp;F}ZY8~ppVej$K=urB0i zasFJM3�>q*l(v`E8f?!qLUj#}wyd^YU@LM>t}~+&CTJrn;$2oDVMHV4TnA%LU&p z**Jeo20p)T!|e>8`1y6J`yMtpR^2bRmf*?I!R9Y8PSDT4^38v2 z?ElK7-v0b}WB(Yjzsv6(Z@m9~<`2gESDAX??E4{u@%}peQitsI@Z4B`!O8U986L== zL+7LB&m(?*E6-;xg}yHKk*1z3&+KN%V;r zcx7y2?d0cELyen5ej5W}MZ)Dd%J2-oi*;B{v z1lB&%^jSSGms9dm?uxY5PK$aF9senP#s zU93oa(0N1e*jTYw4>@AR!6pVq<|`D#VpDp>ziE)ee@ zOZ>Y8e71l?2B+Nk*PLBc{5zU`+x+|axihFW(xxt73c;nws z0{^l+9=Q1Thw$Kdik88<#PJ>}F>^);{760$oQuONIp-w1s2u?fah9#dl(-^^#}L=s&A z-zwo52WN{vxXOmGf0kSeEn3KHH50#2fZnV-_j4A0UnP0^mSEp;KTqF;pFuwh(YK4S zx+cOK#_O&n26~_JxmB^RQyYk^uUzJR$mZ$MLzkz&i?hlbgL!)9P2|iQs7tr;^vX<* zn0qgx?~lnF@r+_$H(nPw_lt+Bx`C;LxN4K1^GyOjTlFIaliHy+i# z!l!}P#DU)UUU4At>CT*-HZY`e;0@&YZET$bZ;9YlY)x!r=tJH9N8EgE7uxwIWa9tK zTt|%mf#1PZF#ZR|&Kwv6d43y@=fL>qB4AWJ4h=));VPZ~Y*W798xtGqVD--FMH}K! zbLKx2BQtLy88W$WY&|h@&b)1!*T%?ZoDSwMf`=W*H2WIaTIfnX2YJZnTcJS*bSomC zpA%CDYo_r5^SCdu9lRRBOL3^)o8_Gp`x7-?mgl2$c;Ik4Qfz&V}q0?1OHC0z@4r(Df z4trI*d%UU?x|4)IyRakb-C%0ouq_E>u^M@(LDxNR!17Ilz16SO<1Y_KtMH?y58EVi zYHP8LvpEkt^8c~-F7Q!R*W&+~2_XrfKt&O;CLt&ww&2@{HIqc^tG#lS`_oo?NeEUf zwQB9XefY=(P)kA0ss2hUZ3zM@vD%c{Dz&Wve4%ZP*w(hTCCMZN#7CgEC2Gz8yY|_8 zW}lNY$xI;J`~Q4?em;?zbN1}D_ImBL)?Rz>G&yUj)0BG2$&#~12P8KuHlTG%O!;q} zIxm$x%L827z*};g|9u1Vy7m2Mz;DO4wqc*dhN@afYPb@j=g34GV{AtjWS;T)ipZ;~ z14VwTrO)12X_3mILmxRmf%&Hn`z~#cBljfhd#(C6zaU3!e!Bx(u5!4{KVsL+^Wn@N zAE&=oXu~{n+Hm$0KHEIp-GV>+H2pop9(U=l0@$+Vr{2d3`n*4r_qHD!^c%l;N6P20 z|v~0t+B5{oHUuwcu>3Zhd$b~ly2i z4atSCl6q$1Gm{IKHZmtmto4-6n?FO_biRJwNCoE@%ewaD~->Oegu8~e2Y)Qn|(2lH{TENBNP9Y^^bes=g!xG{M+kT*9rQ! z+o&D(>A`g51HEfU4^~~TWi5?=`|9l}S(7n5r^jIYTVsEAalV9Ye=5;KWqZ)uk0Xy& z)DL!SN2btM@dZ;hW%#mhGPY+JTVgvh#TgDFQ<>DruY~8p^)%)UUrmZxUx`SKymS6( z;#&^qcVV?DMaY${cT%sfYz#Kh;8c60v*TWXQ-II>qe&e@YgU3xY0T_}h0{Fg82KHa|CL`< zb&UAYZPeAM@uz7QaX$O~VyFC@l2%Dz&$uQq|)sJRGxBIl1uJn;hO<}bo;P-iO0oFQ`u z`c`E25iv(~V*4e}<;d9_kDczWmNUIdQfu7*dVlYVC+J7{;hdW+v3wD-E&jUf3sLh1 zc7GM?9mjdwSSLX7ARIm%1VR_NI*E3H+2GyuU>}UtMI7^#sOutb4qH7n|Y1LyiQV4NJun$gFQYf$y@O z@cr{uJfZMXzISjvp}%+nJqqIZg5ZeUN*qDV1CFPOU78D))Q1ea#x3MJ%O=A?ezq{PZj(wQ!x*= zW31a?@N+(#k(@|=LDiQjIt^Th|nzoUKqnXx8gD1Pr-pWu5$`kITrV{Z?3 z4E6i7fsIdK`>5H*P(Rv_^?+{y-(C+`%KU5J_Y#c1em0`-e!|=6BWypR#B*M)N_ahy z)SsuTCz?IVxp#3DKAzZNY>&h^Qqwb^IIxD?>JpXz(&shc`);DHT>O#*ayegoaBM-) z2QOgmHa_@S$dmZYvVI~ycpE-~#8>CwGp)i0Ffp2(CnBdGt}pD z+DmR&o=Z)*_z%gNBsn)7TcGy9F(*r2PwHvr6Q9Z6SjojmU5m^)U6K!D|9=8q?h~t_ zU#3>+AMDu?STarnS3aAXCFxUQFzG}2FFBsyVdm`3)V7&grA-CoOw8UlY-DiGp11@( z*Zu){`WDI4AHg%Bv#Bi@uH`qZ{@nP()5iGy;kFw1c{TBP8Feb>`RkROLy-yQ6SKdp zOZZ=jPs3ci1Akd+ms0+6{<3Ge2efA{a#BV+=0qhY&^Wn|N$YgleN5nB_D0EmsKiB{ zj8!3Hi;=M^=vauHR1=5ExFy%g`ETEBN51Cj7_X8TPkdmJFL`ESyt!Jw=4$y8IL03q zACu49WFDC-b>j42PMvt2$QA8GuEd9x--t|^n(;bfJ=-r;wK$R&hUZ1#Dn4TQpWj|l zXU@7}-jjKuNY*@`Kbjijn>c4IwXXBEclWM1mG-tT_`StyT}SzNr)428ck{cTynKUa zMqYyP`IkS|*YYJMF^-1_*>YK`ui7z1&gI%MnE`pwRZBmY2 zyUar_iTf_lc-!~Kn0!Je@#_Te`-I3WG9)=~k=grG^-1bX8OfzQ#d=FZ<;ulIc=bt> zzT!Pg=7!K)6TiOAJ{ct&srXg-_C|N7SiF#NjMw8Z@vG2#S}-31y^HeENpMW*UCy$d zBb<9D${5hgHhkdr!=Md3NN1lTtZ6F!IZW%%`2O{0s^~>ffAFb-`XgtQDE%P@tkyBD z)Uhc&qJ2`2_-yMDv7r~=>YRqeP~x+-gWvBW&b?0HeKL;I?TtPC0(F6*_H=w-d-~j> zlr9MUA3w{J|JBI6s_(2EuJ%(DkUw~*GT*nXWuqDVLhul{PV+nRDqQz);^mFYUecC^_#zVk*v&t(QA#{w{U;+#j)rGmQOb zrt7;877us3c^7uqc>CYr3G(InwbR`XF=pbKreb_Z{#87a_(I|t=uq#gho{dD^4$|} zkL{avyR)w_>a8Q0H30ltY@Dw7r|nZ8yscsd(~qJTbu!4@#!b}hw=wnzey!MCbfV`H z=%(u8d44@KQ}Z(8zLw9@=0e^pn=kf+HbTpG&I~c7xQx97sq-|)%qg#YUx<!HgTiJ zH*bCn+Q@;vdv@$J_ru7mWkZ{iKB;9x9ep0df7dDB1p9ZIJ35QsE#P-D{}{jZ@>!nk z{X)Rsn8sZ&_Wgi%Jyh#(T@S@vmy)gAWyd00muJD-X(7A~&TBG<)#4X!VqR;fZaFMR z+a~u(FkcmmU4}0;WFjT=m3p-&-7?a;xbvUcEMz!Z>oM< z#drAiD#wki&FB7C;nS-5&Yt{Y^0xR$Vqe;s!*Y??b@3zIC%-a(UsX=w@1a>~avopo zjjMK)vuCR4Y<@C_+%raK$@5J|tGsln_}sN)%=`FPB?lw9>uR017M+mXcKJkU@A(a_ ztZ&)ARqbSF&qD&|X!E;R&p7!VwHRJMu~G$>cIBM6K|fzraHl5UZ&YwkNPbs!0kt#1 zlQRg?!VToF6|QH{2RVIc@h{0^i=Wd6-?Ka$MjMqMFCG^AMKO7Dnfq&FtTRzlC%@;p z>SMLz{G?d-CAB3Ii^yD`wAGs4;$vLOyC+z)C=7us?@tyO{n*+g<$b``n(>=B$*f(h zhUNpUT?BD7vYeAnmYJJO>}%}ImGSNsl80Gr?&`zOZf8!HTFAq%_F@aEO}`d=RK8EY zf8ol#E6(lhT~YKw-swsEr)kw1*xM`l%|87zZ(SwpKfDX;|7?8jk7U@t8TT_%=cmu% zAm;Bbo~movL&kj!<2JvO`aqxVzf3NWcg3mS z)fa!MDDCgwsZHT|C%>yp{jQ~Wj;^B!!E*<{GxI<)9>vFar_{4mCJ*=9H2do=AjY@r z6Qr-```e$Fxi!X`b~(1#vlHH)4B}yO&NEzMu%_bH6WwPm_~P6AUc;4h+Z^jZ6HkW0 zivSOQc+*10=K!w(csKr8-$jxJ*4+VEt2C@#mi^y_ zzS#3C_vqcL;zx;Z)!lH1lcR_>?)(Ee33R}ov&`JRRQJ2vqM4!BH0Db?e`)x0zud*e z98!)wkFjnib!y5VSNS(!quZC|1@1Tq@b0p}_^#G?v{~aTQ2B~ulIMFH_>0I@RC4EQ z&HLNGzJ^$$6+0p|aG(AIYfac0(@ydLvDRq6JUtaWf^s!8fLl!C_9smvLm$ae1?5-x z8wYNGa(iT;|EaqF*Mt2ZA^oT3cQdX<wZ$+jM{i6NCn*VB}f3H*%b#>6(h_Lpy5GI8J9FZMbU7uJ#UokISz%Za$=KANA2j%#?#cMA`J--1s9 z{O3bQ&ggusjlQo_$W3;<^{3M*PW4? z6VBIiZcKDipVa-%sr?h;uS%{(`pQ8bDv24yf1QuaFG2UI9Y0moe2HHRKR^8{vJdZ7 zoj7@Y^E>i>kIDN-cl54sqRvkgZnTp=Yp^BCW@1CWX3IakZyz7)S)b54pndzJw9E<| zv3a&l4btYA5ZX)#c{VOUFSQ>YnoY83CN)<-4cLdRtkc-`KS-~f0qAvT8hWkK^qL2~ zn%Sdj)2jq}$@!l`voL!78hVKzd=zuH=yoP_`t2=!O!8~oQ7`S2+%DkUrVV!vd?d8t3)5q zL!U1q|4BYccrhFux}CZ{Su^Tj%}Cao#P&Uhj&`A=SBsAF8~Lr=KX!xAunZloM8D3% zj-#iN8|=jXnf^XY?T)nF+==gR^p)R;z9vLp#V%k6eDWtT13GE_s0$*;?tq4al)H@^k-_oE@SoEGwIau|KdYnVDxMXM&^eXeur%0yQ=&uvLwF~f36kZs1RDU;yWExgwKmzbCR;-#R^hWEk0;+ zPT1l-56aYcLdJVb}<%kRPj>?miHSZ|efqPR1=`Xydu$R4ZTaUh%WvdTYIg$CE;M`(d8R7^T+F zv@`zH5h3lzrjdohfGpHnHpBQ&-u~0R@zUlr@zSBfe|#LFkHp>W$oHo|;pwx`!}A5h z<+$snzPjAbGwDnGKCyXwPxbUQZ2zfRAH`3$<4e(3`Ta0(SpuJKV-8uz9CB4aS0%oX zHRZql)~~N}rjq%62V=Q!wrBU_W-MuR^0APy{LmUpGPi+EmvQ}EkIUpY#FoEk@k8bA zs7Ywf@$RgWGwJ1ST9eZ-&yD{Z;XU~W&P$o0)@%$vr>Xcp#ZQNJR}tUYd@;0Mp>eY7 zkJhXBG_{`73Vjc^?xrM1(B#Aqck_S8+7k3q{Z@K&VO;Vd=(gBG`?-O4lZMyHxDCG7 zD0nIRE907kEhy&Sipf%AgT6vTv$mN$0}}dOloQAoXc?;3aMIs5l%kKon+2Uk2IOxN z@`KKQojicf5kwmQU1SECH*Jf8`2h{L(i)%8-R7AY?|OANbSgeKF}d*j3JZ^5j6PFv zz|M%>m9}BAx#YJ6$1`ZK4lids=AFdh)qyzN9%E}D9+$CJfq%@#AK5=pF}cA@=0NjVVsi7@#NrGo zI_2rO$6x!i=%0zH?>i;s4_#r|A0wZ;lzr_RPfHA)17B~lWYqWu!I=8CSCCbFArn)} z@5Fa_tsUPSzsSVH;(N!mj4FI}yli4?RlCP;KaD)gd|sq!EqO_avtQcokF(7HAW(K9KS^OuU!QwuQxfpOo=h zF`vx!YZ_xLW4c(+$4~sklLBMdrfrtk=RKAB{&4Os{$OBNEfc1mllXV#>daAWn#69ziei^b zV@lRA;9l4-(-kaDh0e&^~EAxiTud0sA#Bk_OpBS#v ztFu-yoavW7RqZ-`Re+z|30=cj<&I-BP8Gk=U&jpQZPsSP;y1NsOZ@iAj_wr~zMPET z@M~tc8@@uU#+cgSQ;?TWo#eMycZbYBy8`P$#>Xt|#~*#%>=y;qYF$=x1!Yp-pkt)EQetX+^a*b{{5Dkh6MEyBQ7`ly;CxjjAa?;h(OURYN;Z$Gn)y*5}zLrfj$EPft_!x-eN^FcCXB zADote6K6_noDZCc4^E`<0t2VguTx?-PP5?H`3lJ)+cY-x4d!+@NuTk8%~fZL%X&x-G#&>1qf)=l_d^-0 z)TyalD|5ovz)kj6R?)BDo<+Ty#ofd+xTAP_gnhx$^}WIpJFc(!h&QAnSb>?mf_YBLsDgN5} z810yMwv`_u>+rO>Jk=(0bnKO~$<7T$)E<{jb#7=Njx0ODxuNY4Z?8MJl&ar+KJ}Zn ziC$fPOy$rHU54_b6i0bk@p;HX+&`Y00K3y<@i8#ZCDIt$Bt z9>_npvb2{COnxx|f7;XrbgNPF`8? zSuJBVawIar`ir42ZBI8jmlHG&XBZqZl$|5A?8v&oTx8|*z&jQ>x=rM0WK7A-82WsQ zcbnv$=A+a*OS`Agf1&xg`nky0Q(C?{b8b<;Ka6MX$X7f3H~2alU&-?gC_nUXkI_-AZ@8+LRjsBGrhsga6&3|HV7Ireh zm=m0x(}oY#zTI(6yHEUuScC)r5+iHXd-Gg!o6_za{eBI7$?t>j&(iNpfEV`u6!Uxd z5cd8A10OvLdp}vfuT0bb(dPHqmayNCGw(--_dkmFGB)z_r5(tXoG%m{V~*WM?rsig z^Dgpg`bp&69E!^x+DNRXU}5*d`q^o>p>0^3?N*zTG<5yFYE!FW-5T1@udO!o=_d@< z(^i|xG_anOHtHTcx?@iirH)qxy6!~C$0`C%>owVa2xneP>Rmp%R0Q!8VB zvvw@!O*V`af4uZIYBAT5r|JALKF^utcj9B+wWEeD>v)`b6`yDod4V0o)z1=(KR0I8 zeTBsJ&!6SAL)^(?1*TDjx0U#6#vXA6My5O9FsonP%J_oVqk{RtMlTcyM-73t{Br4n?=guK3Z(@!(H)E$aiP zW!k2)u<^9yx0TuBX{l%}Q{(wfA2`RlU5hO^cK~N`A2{8_bzyM2^NR!gkvI!Ec+7(1 z$-xY_>n05+HpcC$1g^RZhmMR-9mI#`pIW~NIlz>tK^`I_g$^IZZBgM z-=UrF70sLvOP?3er~1zO9B6rN5JqfT3PxRiUl`^2DHv7xei*TQ1!Jax!Fz#mLJ&rk z1tU_>7se(FMr!~@vj=0mfx&x$aaa&WvjwAWL|+)?Bdl?Z2#jNd8pj9JP$*hejZiS& z<-3ss#gA4CMr34P7@I5@tpOO#9*j-{gZDCywjd10f>D>(7e;xWHIBT%IP%mueq~@( z~4u_2tP}kDA}= zhWp@obKYDs1rfjMYx1usXZhRNqj_0?EFGa_@3GA5p%@m=1YzogjI!qFq&-Y_!U&XmZ z&hl|CwQ3veu{<6!mb>~Hi@J9*KcH>KyQ`_$|Iw4Rgv^r(68Ij;oo2YLdQOeIH+LlQ)MhW?r!1v@B_L+{GF{ zWQ{r8asLX8$?SDs690(XLGG$|E`49&_3iTy%cIH$^y#xI>hF{9Tj|rDL$7*4&7nAP|rO7$8zRw)m9I@xn`aW}LYsBx9@?GZ8hk=XjRB+ZF23?(~EBU$Ji-C8M z2k${WS9(6LHzt{@pG(O-J}vaE0r{ZO9 zC;dqO&(Qxm_^o{UhBD>TC-sW&(*I2Xx{Zf!;-7CpR%@D%kl3JfEo;g18RHWC5&G(0 z*LsBN%hve^fP<`cKTAHT8Tb;DE8D_%k*jLpm_7vu)1T?1V-`FrBY!uGvzV#%c<#zr z=}yj|Du{e_Lzi>YH}UBgPKkV7#SUUqulhs_?2R zP$$>eIF#j()h0ci1@ z^VJROpv6t>#1jd681&c zu6k=GM?RfeOO?J_=&Lo4`#xDS85@oDyi?=2tD<9fmw(VZ=baMA<=~l~u=SJzwLX-p zFBN!W*pK2sE6MfC8k(w^yj-8-r`K%uZSliz((q+{Rl#55!Qb?+6#TILx7Vn8wp9JD zz`s7%`AHS~7z%(t0{Egs%dnjb%O|+=BC#Izxo(1cwfP*G;8sOqrRsV01h>X~zG{Ly z-+aDif_s(ueC-7Hv*vU01h?AsvwDKNfX_F~)nl#na#gQB%evM*R1{RE2v|MolUNg_`%V!fW*FD zED&itn;IV*uP<77nOI<&#!c-d4a}pP-cQ8>VfEhG%%_)Huq7rQIS6^k2HxobcyAv! zwDx0S0NyJ@46pYozdk=c#PAXUcq@k(-g5zXwL=W=;Q+jvA%=H%0N!~+4DZGOyy-&> z@3H{A(Sv|@L5TgEO?)52{)zpcS1L6d?6KzaT)l6@ws)rmaCqxj&j!f(e0CnL&Wh{p z{TBV%f8duEJ2AOqYGLv|tV*5#3&3sBaI>9%!tB4~Tg3h||CExm{^ly+%U+Zkr}mq* ze3rWfBqt|-t<>t+^w|4Lzs+dWcqQ{KdS2{5-x8RQz{m0U0X=F%>G9hD+~tF$hj$)d zD&JEA4TkYY9&TYBvLbucCi6E*_6P7M`8lb>Gxg`P*Fg3K%z2pej=9IMjWs=~(QRkV zPWEw$427PLy2axwb*ss}&sXR%$h?{Ee2Kxz&({O=itQJ@0{j{Vzc|}Ma>wM5OJy$w zIm}b*;9)V(DmX{I!WqS0qUi26Y6(|M9-Z|*WF3DiN6|;tB_tOwHKX#c)STLKc6k8* zF&ck4ztGmZP4A`ri`RH3xg`0|#Ou>S^3OBLKlk=J>w9}6>suMeaK?}a-ua9})g$-j ztlx#)?^?tCpAR~v&!QvS(Tg4E#g2!a(yocrk+ZhDr^Mk5cE{z;7OQT2`0ht~d*`&4 z#7e0(EM=bvHHfjE4(c5{$pw33^zy2Ofib>1*|RNj|AIG0olmv$&SwARBxouA<6P*u z2^vR>uqFJJJCPU2d8j>Qvd$s-Tbmy1l|4+!zvMfc@CQx4Q})nx%y4>&;HB_H&faWS z`Qu@YGyctg*U#I(NZEqqo~*<8{dlk5bB!L4@(Xpnr<|et7c;(u&IejP;$Jln4gYqj z{7wqr5_mLB>tz+=mNAO2I*%H@iywGf@1NN-(bU*Mod!UHgdBumt zDLE8b*gh2S*e8?@-j<<&cVv2a4-N%9?j1=tzGXuJuP8md>xKf}EYct z6!6YZ5AU*}fX6<#boO)BP{3oqR62NtLjiA2dU!cQ0gruN>BiSpJOuWIy?N>2y*L!` zs?x*z;ZVSvpB~;lLji9=dU#(R3V5GS5ATYhfOma*cx6KY?@Q_7l?(;EucU{UHwbva z_)_A(>xs8aJS_2!?1!(pS=MU&XDFFmj;a0WD)RK-#Jf`8qv9+b=T=*BR=WE=GR7x9 zFg{xj06qi8S4-0KV~vKNTyH%P@zvMU!@FY;@H~3^<2m8K+{dBL{Ugs4C9h}pL58k{91Uh@F9lI1fTN`7Cyw-nc!1$u<#)U&jg=d&i;`a z`abjXf!23o^i1%1?O@?U44(-;j~^_2VwvG{&%wgyoXqgK?qK0Vjvy0$U39SUA%~C& zK2r`BKI9lO!6)Zn;X@806MVLR_#oLIauk{1^W?$8ha5&G_^dcs_*7+v&y5EQpZS^L zbMe8#ha5>J{F;8S@F9ni2|jrT3ml#>xE2ch1<9?>&6)$tA}$i9eq2uI3ESV7=KBtKVMHz{9YSa+bku{98@#Wf6Z*aYxl^?z(%FcAS@>+RY~qBIma~z`xt6V_VJLlvU&+*78?P z4&Z+NCZMU;1Cj*==*?#bQ0H&myPE-&#J;mHv6Y z_I&PTT`e({&D_Y#BVO*oz&d|p=HdX{SsHFKKU*_! z{Y!zew|;nIbp7W2oRv`#|Ck$dIE#Onsde+lJU;;YXbn5tde#C}kL2G^KAU<(b*?IV zr`u1*-g7=e2j?TO|G6}I?*(T$${l81Wt<604qyj0oSmFmv&hx^dMmy9EniMw&jFoV zI7bjZy>yh{UYL2Hle1H$e$%emtF!77|HwPTuW2FkmDG0`eLn}>)ZT72PszQ%!y2!t z_wPMU;#lM1wcf_7CRUoP?@DNXT5=Su@7k*9nY#Z;)xS|6Y0hbtGg=ds(33MXIxC~4 zJ2r(0;IU_{Q1eH4y63|r6*XTSCx>i<{c5xQ$>z8_T-o;+?ojD^KFJG?5u(*FZ z?;zjaRYLzVZ$tAh+GDe72!-Z5(Dg3#e&>`}&#w&q*Xa5>t7h`o7X3Z>P1O_1cxPMm zuY~@|JH4oTyuHO=^Jr)~ncv|C;vB;Q$c(!DK=k^IH`;oTZ zJ8&ONrua5xiSODB@cnTH_)b&yBPB0}j_rB3Y*@I`q9HU>G9mPX-_`sDX;_;9PIp;2 ziT^FUmj8@>y(U0E8=v#QCn=+8@M%LvKV#DpnN)c5?;`xDYW{+F|9b{_S6O)f&ay{K z1NfFWas0=)=RZPQvmZhBBFLVEbn-gW#@QO1&{^mm#CdWCIG=3c%zYe5THEyY)`$K6 zfbl<)zLoZSYBu=&o{75uZ2XU{svg`AuSM_o7kILl!1lF19)S75k)94_y5B!rc*h6e zwPy*hKYvojhp*fyXQ0_*JR|_~84YtV{$#e}ed|Ylo<5M}c(aAKEdcKuS;Fg&zV>-Y zHhq5*fO+kH(06@^{HD{F6#=*xYq;6yOE&Os3cx#gh~do*z#Bir@G1lF-W%`Pf}x`4 zlmNW#2N+&3z8e{Ux8(rC3)=IyoBX=};1I)mB>->P5W{;s0Png33@^yPl>vB{9$l8%%=l5eMsY!+&@(_!2YQ$>}y#7)<2KP-X3H-e@zO&{F8<`RQ|~D0K8ugF}&A* z=(h>?X9>^q-vjk;lb@@s{f=$ZDU{zH|R0E ziVv(}=rvwmrP|8zq>JbJoqxx~H`;#2$^hI;HQa3GCojL@_m8doTz!QzD>OfMa{%@! z8g{n%xoq{}KLc=&$WmUig;x=P_wM1@#RE%2?2FJhPQKOVHOEONBy>7m4=;-Jn!%P@}FD%^ULM{PG8eFWjeoj_@we3CCqPf zr=aYKmHPx`KXx%R%0ah}<8QmH`;gCSCEwgeF88<<1Lw2;!{(8WyG?#$m!f|PzFn{0 zj0`&9@UI+y&hj>E%(g7fvf+?hO|Hl39A@VA%KhW>$Kif_s?*>z{s7>!HAFrozw6Pa zZ+_tHG`PGo&a(?fPm}rG8qfBp%kS{BcCI3A?FEqFb{d> zz2-IUdB~sRJvtRL8O!8!{c$x+2k5oc!po*t?E#=yfBMhe^DV`#Q`{n%gWs!N-&^U~ z$#oV!O8+$;gVF!})xV>({xzsG#-l#{yD5O@$%bB8=-<+i`B(Du@qm9^Wx*0230=k; zc${OBX*`^bzHeXWm)|lA2Z8_34`r|KOV#>UApb$UD)$oDwFnOOF(0`oz&?&p^JzZ! zLl0~0V*Z!8zmv7zcGk(o7ih~VXuRC$TBVm48E4^|lxb{i2R6178!Pxfr|~!TAX%R< zk@L$94{LP(#EM;g>ro;66aOj5zi!UIDwOlV@>sWqfA&3(>q79z)PKr`pS=NozG&ej z^jJIyejW&avMHK5Gp8ao~>)KekrW03WHDbEJ+8;LxIRNahRHcyY)k%eNN%#21qPOuXpXC%?Z| zkG~ez{+jsrk^`&%#NHLXwcJmREosHBv|(4;1HRibath+Rh0PsraNd)#2O>jjHNJA5 zmx=|n?^bU4Zei>9TSMYou|KjOTk^?jFE;Dj1MS6LqTw4`n6y9Ihf5c~O$*VdZr~^D z2&mH;27IqB*E<_6K0qC@(4#7VkJx5857&;9+AP{gKEmUq_kY9Bts(Qx80MR1_}R<3 zb%NJz@Trcw3X9`WSMDHdg?2HiMZ7ZKmAil2p@G-|sW1BA*LzjIQ}`MepS;NNd;&f1 z{I|u|w!@r_GM0~+u^blPm^zQon^y)pk8i!=uU{V|eiB^}-d0d&5i|7Ex?tuQfqkff zjgOGjN39EOmM)0@5Jo@G9{Ayly)^s1bAWGno0PEt9%jG)?lJxxLDF7oe5x&cME=6? z38P07^hlmxM!iW<2t9-rFKYP7e42*a-}z;pe)-2Q_Q;Gs3cUVmrv>gK*0{5^M;`tC z`39kXpYs-|QBKl-i)Ry!92oj9v+$5QwRWdFc0@G){B z=OM-oPr`7M*cUq01n?7`mw46I`AwG2hnn>-xil^Jd*lSHe;+=h8 z&tUP{7r-YLg3mukr}Q~fd^~;f^GD*HW}S}-)+0@_;EIg=NyE%E-pLl;@BqADW(jYw z^^?p0uT}epe3*LBboG;;p#4Dg_;*|UNw?lMSbVFp#CJ{x_|^=7@18BWFPBBf?A~=J z_uX&Fd-;3smaShEW&SO3UT!NX?};Esb=1@sJKov3^SGz7qUuDqy(H4pHYL*I93^?R z@$Soyb5Hs7a_$c+?`c1o-*LBBl)Jr(x!<^$bNwf=A7vhQd~r^yI@e$B1Up}9ZECPn zr-pr--raehY;|1mGuv|xX-x2Zs`LjQ<~P?ewnvI*xNkDH zcEBZ`w|B-@2Oj3nM+Py|JFQ9B|4j?@5eg9HSXW z$)b%rrYzdnHGR>>oii3~+%>Vh=k>z!p55U52KbMt`CvusQ;cB?{_S&&|3zZxmx!TX zae8*V>hyHIM(z1_r)O8f>3O}&>Dj&8>3QRAr{~ST$$7uS-0noK`{v?2>%8AXyz_qV z0GDOhcj*5nym;##_NYXnyC1sMnbUDzIs0r5-M#u2XHFaRYrWX%c@+Eb<`quQTNlAA za>lE2oN*oSuan>IppPzo-%D+B{uiA&o1MHD$q~G`)bGvy4D@Y)lTGV>nP{t<8O)GGdD7Pcl(jfoN2e*dQZVM z>z}yBDOhHnZwAf|#{N1qkoWn#FN}=Xeg6^8oPsxRer4-|YxX@mCV$zp_=vl%2IfNk zu9kg3g}WajmzCdkrdu#})qT%$mnSs=ZYkr+2baQ9=LXjNLvfjRSU4^f9}351(pYEC z2yl5}!RPip4=(w+>~pvddAX6l>!`7f6z*;WmkYt=0&p45pWtHfW3$n?M2)j?^W=!T z7`d(?S6D56?-AUg89&k;{p8y#3ivK-Lxu4Hl65xG!onR1#G|r zhd4cQ7vZDTj{COK|3k?^3~!uDT~B+?=tjZi0ciGYQJMR|Sf@vRcNf2V@NlQ+kqO?t z&yTLQf1B4hf#2TG9l8l@$q`mRUBoo!U30<{uY=>8;5yeCu{(JgV^*$jG&w`?lB%!ijF;mJaHl3-rpp6YR3#E82U zFY_9IO1(yV&dA0t?9uL(Vk7c)Z@$o((*>M2fOp7I@oj595?v|J@4vvAb6#ZBvWKDn z!bp+3n>lI}eScp1X0B0vGuOPK`(CB`9@UtjFTq{b)+e2Z{VBt48=excRe&pZL)I6! z&QLsUI2Zq2+pzXBe2>f6n}q)S7~ea}{z4Pql*OGrReG<9+%3DQfIiMYh8ne-Hk@@g z`zRgfbZYUp9nHHo`kOS9-(nYI$W7T<&YsoCmgLypd*jY+@4fkhy(=I2)!x@~-`cy% znW*jzU>$7Z6>r^n$;!7L`6AC2N?pLPBV%8^;sxAxw+&i%OW9+Yi-p`D4R<1^V z*MZv<>Ye@&amI1??>DDV54Drumcjp$vz$3om{;0(-$gxC-oNhn#yTf&S?esPr|cAG z&+Z}zVI=$m_c8DkxLg&rCc`|5kYzVnj8 z$i#&a`93vPTKMb84Xd%aZO~lsy8jH$r$;su@S%FaynXY=ILj))ul-V|C(hm0PW*89 zdh*+gONl8p6?0XjYC$Q|8)HoXIV^%&-zH1HT?J;B34YOMMj z!>qs(X$IZNTb$iuyMC2XgSozUAFM03Rk9<+&s=A%A&Gh6d z!e=8_73f(%y3r!KvECa~Q$=%9uENLE>f=XK1>c1qpEP6Q_hDmt1DjHI26DxIbu*@$ zzVPVYS#SJm?~`xrQgXFP%hklY?z&{wn~x~DDwb#1v)8V@OXfB|uAefln;MsIyW%&D<=WI(BER?eW5%NR^E>#X$0Bmq_S+PX z+VT4a8cWQKB{qQERR!dZ?=qGSY8}*A_mps*U)8d5uNZ=MN`8=Qke3XZ%Cr z2jw3&6&KBPPoxjIqsaSxp7JB7(oXhhOPu!>bK09%q+*P@#HPnD@11iFbM)G4=I>iK zHo8pYsH2uRa|UW|{}c~7io$K76RxEWdOti(4XzJ2z{C@}%PAAFIvYw^dH zK*u}y&G|cTdgZ|dQ}?YK7hQG-zJ6Ey1ouIFKm5yj@h=PT0hcnzufe~306(w*e`h^D z=IhE2ENJ{Ne7GOKP~wK8_^j5+fhn-XC)|u*)m~}&gybUE0;^p4%ctSb4Qmu%-`Us8 z-Qpgdcg{}Hc`JQ-zI|Tfv&ql7ja&Haqb>gBpZHx{&Y_LJ;$0!@-;%@IHDb?-8&dUYF^JS6T-J*y2#Ou#5c<6}=Cx6-bjH!_4a)aPxs8{q&l3CQHqN%`#5z{{c<3`4****zhbKEGlKWw-J4=uwc={zn zH`ch?$H!@lJ{*RxJs$a=NGx6$qiw8b1O9-+e`bAdS{nN0KtDO-Wr2@=#50a8=h5;b-HUBM!GfJ;Wc@j)4c>c*l{=csWY9HCGoND;!!!v68FGUY?jm` z3jVUzSuqyBVL`EL`i(t74i(e&lDdRXNxyxpyjx zo%%cV35&78HSt5;#2rr0IpDMeoH~{vUw0rk8m@uWhWr4(yP|odJ83`QzG}n8Rwvmly2{eZjChWq6d4-(`X5?@ZyIWXR)ikpkw9g?daB%N0#;f{6_E6;gWky!X*dUadld_O%+Ru-NyZZJJ*Ig*P?R`be`J}o#Vys^8J8Y zo`idbo4Cvx?-h*qvVO+c zy@>IWKS-lTO%+we?n(Orw~JZ^&u##>%o?xwGG%GU+bwr1j@u8oTY+1t?A2s9ak>R} z7I07R2X1V%`;VUvUVk4>!adea%&_2|4BQ$0z{RfqVL#yB3EUdyh8pIE#1sX$r6xAU zm395Z6dzpTZRQxyKDSiFbKIXI$?A{jwe+l!^Fg-5~1O5``r6tTu9eQ4B1^;Tfb5qqKJ3X?- zBlFZn;4_cs6+BPS<~+W8dGBE=?=61MY599re3AdaMEA<5y(@-x(zQUHDw~`F{3(D>++I(SRIuCOB-*^V483^(w5-`22H) zkDPx-{g>K%f&Y9JKIS^&iw5z+sQYm&MF;9bd!)@r9g^DfM&m?;`&F zJ7+fa@%xaKhs}7jk35+Du?1>80r}$mv7Ok%U=5DkOWKL8*n!RJ(zZ(EPvr%OrQ2EO zk~q(kX&o!&vDQ11wcgR_+F{u9@$@l~KF~jN&e$%o1B~a(W<2XBDZq@ zcsM+ZF}@VwVYS6W;jhGX=0C&F^#OapddbG3BPEVK*1b;ZV`s%TMjXf6*S$r{;7BhP z-##4u9~s{$^?Ig1iQ{bh!n!bX(@4oz_tX&YN<1N= z64!i-nkuEM8s=sVGhIFDH41(z-Y4J18q7$y68N%4GZ*+Lp>+`VST_6%e5pSPFWxa_vx6`RNxnYuqUc3scbj^7Z2&t`tN-x<75 zHoOSfAfeNh!k0W`-m*0!kHPWmQv6Ac=dVXO_e$KW>a($D4U+qFX1FcX;k4!4x&hhi zDI_*+!)~=>zY@qqM^5dAPI6%47ua|T9%q7wU0;`0zMT^Hae>i~d{2=v1>}2uKk{7- zAIgR~dz5_ROVr^<82Qc*$agDi``f9fvSoXuhG*k{K|k^=`6Gd+tu}C%6Gn&@2SZ52`TxWz0q&KThY-ehQ8W%U#j6{CEvhP@(nyWtJyE#wHpq# zWN#MzXD#3KujJc_q>=C14Szp0l^dS~i~}OyGA<+EjO`i57L@P8LCbfolJDm<-o9Kq zHdbsw_pr?5dzZ2gDf#~5gm8O3A6YABFGjZZ`ZwTV%R_p3p6XsSfIL4bW6D;ZM`?LJ z19?6xCC}e|A|TIsu?;sGdTM!IrQzB5Uy#P0ivOYPHSm-?1Fsr*K6wVlr!85#gZ?v+ z=O*!QlJ=VZJ$tR>xjyKFVAD2~TQI%=j6uqC(>mM#kZ~D#W^B(ewxB#OTs%m74bEb( z4>R-+vDaq_F9zX%{PIY@JhMK=KK>bQ6E!1kdD;6PM}dbe4{7AN-iaUYt`Hdg_#b&P zrh({E3u2?|eKU&-hkP9pd*tcISBTZ2UvyS;<>co`I+28F_mvkE_5XOaBA;p5bm6nElB2#WKch<$Ii# z@5_@&tl?!P-@sGy4ZLdL+43zg-Wrwi4JOim*78mNp1ls2 zZ-MbU3q}+e2SmPQTt>bb+cS(UDBrzxgOhK;S>*dcjdz&;(Gtx}zIUnlH06I>GCtg1 zpM$IwQ)`p0|M4hz*z&Mm#oMX;fyCO;v&kWllO`V8xS5=E;mywa!kZ)fMfuBFFZpPx zgOGeh)dZP8a@~8MVLg|aRn^>VCzkOSu>7{D`97R8;@iL2k zVm}van%U{9rq&TF`cb>M~N6WnIv@G`8kq<*xXcx? zk9qkQowxF0@kk>z2KB}9GIyD|dqBT8bnh9d=SA$Y;D4;fU-H4he8$p%d^R4@M?PB| zXQumIYPbA3j9A(nMgj1G`)ixY+sIzt$dR01bu{@!$(gB~QR<8)o2Dio=gCKUd5%V$ zQ=_a4bwjhlTk9Swj7E3=nmX*luXyV$My_KMy}IVVKJAxl$$NPMjGF1)z z!espSZ)GOq5zeS8re0**qyDofg#P6L`d_Q@50mfp0r}p0c({CburITdzNNmzFXy?T zdAixal=UK`Pa@w@8aYI3)!^KL2n{O=+ESV^+)>8Auf*)mq%x2 z*!~pSpF#VxGHf5C{W-M9zZ^)P6+ZZ&k=eALlVN-2^$7ENv?{~)^J%|;_MacPeHHX^ zu21nO$RG9oOX=Usc%om)oPS1t4wOAB5_?9R*SKW>duH-Ou@TCi{o_slTrGL7YpDwp zTPJ>w%opErhSZ+bFHg5ngkAwaydnWV~dj|c&?AiU$)6Cgba$ZN8IeXJlvd3+N`~63P_N;cpAp!cA zYW&0OnfMO&dde@y^|5D7GG8}6#C#2J#h>)sv-I=!MBtkHsFZwXY0qTsJ%WvjVxuy$ z2iUO)HY$pZ%BVedEP{=SVxux@j~$C(qoUZTjM`(zBG{-XHY%g`*s%yUDvFI7sJ*f$ z*fBFF1m#iaos)(AQth!{5p0y$p@HBVdEXiyAF!9jix1jE;)B8>zc1A~fwe*BWOv!- zr0uD%AV$!>RK3(us61M;0sywJe>5Mh3;=HDXjBMZ(W>OFI>{a#`vV|Ubh=H+znWj>L(BAa+5%G{k* zd*=B}+bevT?`?b~zhTCs@WmI%w7)9G=ioO4>E`JF8ic<13m&{!X|SEKFY5=GKQ{;G zPtIYnZHt;a0?ldS>>dc!K!rQ``-WetXh@3>F9I{z;90CiZ08*l>ID z^t!iKtfucs7XJDS;11SbSNecG3Cg+A2P5wXVm@t9p~ycp43qzV?8;33BS*3S z*ZGLMH*hAq@Sr-tgF7|;naKZ#`pQ4P)=YO8^4~_^*~tHOz#XjoH)HR!@h_FWFh8c# z7u6s0;ZWtCXOw-+JzDFcxBtM4-PC6jyB)1{v9(0$;sWHxr;8)0 z|D%@3*2R%p4*HvarnAq^#B1tvowvTDKI?ex1lpK*O?}q+BK2A4i_~YGFH)b2z4aaS zd3ADqr+!-9w50yMIx}4V{_>t@Lk6RNHSFK;<%@)FqJPjWO#hDX>t9Q{d{G@Sc5!^7 z`=OxzLHD`<-5=5TXQF>6jp;N0DE*tf7X72|Z1nGL;0{**8pPk~$DdXDhCiE5-;6$_ znV*vS(2hSAr8X|OK4kl3=tPUGd0zHQZ+=Rv6Gd7lxFqq3oq<)M}qaTMKNc|8Rihe-DF#Y&9Xlms%2GEa5?uF*A2~*n-4>nSFWZR|A zcRl^iL_a<^I$S@lTqE(`Em`TubHE*}eyI5b{m3+*s`RCw`N`Prf9$@j?0<_D@3)xs zS^TyZvp!4A-eSf3Ev7z1Jx|5^Ev7z1Jx|5^Ev7!CfclGRbstUI|JP0kxBqSb?2CUE z_P@m!?+g9J{zJbo`+pSlwCsOVx_F;_8~NrF-6H~bXbJsq3()^Z8vjh}|7oNA_PWl_6MKC|y~n@m_x*m@cdVvG_HPquyg<3Bw6kcoc%=g4sV zn!QT$+1afRKMCA${TgV!H;sRk)UPzZ-;a1j>37n9>I+}#C;n5W^;&-U_Sbvc`q>^_ zUuFM7us*3-?O{06t=Tw$Zl2=oDc~%JiH9%RR_;t(CNl77!mpnV*vMl8^6~FlJ~E7d z4zhlx)>|h|51;>vL-0?hpG*7ZC;aoD(2z4ngof47Fib~31x+*2QEHUX(OmaG*7#!} z;lb0?B-uLJ{dZ4Cf3It>jr?rIR@n8C|2-mHKNozT_0}xszgK{1^i#<<^IxXdCLAATfQ^Rzf~#!Zj#%`xqe%J(k|!sWZ^d$OLB-FoUoOTLwT-w*#z=?C+VsL3pGeYUc)hXThXizse-*g>yTej_a`5n*p*z#rc`+r_PQuV1Tr-kds>Ja<~tsg=| z(GO^tPCx$G=F^Y*v@wvZc{(3*f44fIAMoIu01vL$V;IQ(|0BPTez4Xz)7|-9^n-r0 ziGMByrm_D6>4%bk;-5_S>-goTkN?wR;{Ocgzus{Q+>(_1H(9ZNQ?fogrscmrCI4T5 zSH5-roSQdvQfFk#|JV@u@#F8CADXQAKe?Zi_`k`D|C9SUiS3)L_`k{Q4^huk>-|k; ze~5an*ZYb8+0U6;&wOoaxcs;Mt*`!OA^%Oj_+Mx!@(&Hu$^V3`$(Sk^iY8|MZ)U{NDr2p_czN{!vo?v+$45f$8o%&g;~3K)4Q^qjg|oN(UZk z_3JL2FgSz*6Iy{j4|94)v{a>&$wckF|^^aG8nW_A%`5~GA>KlI_VE-to zA8LMR?wh}|>s`nVcN2EFE9J~~FE<>n8|Q1?Xiw?Jj_rQkh{^pR0p2Xtyvfi%I=K1~ zIXRghzI00X{P3v|{0BWh2n|I)pkX@waG_}?`auq>sn|Kzy>pdcKZFPGQ=?<+$J7k< zx1;0&HOOZ(hnuyT$>iB=vc7NWRO~<(SHK zjdUM+Yye&Ugx2Mei<7yozx~y(%T@6Ea{)Q})*jE!W>LR(koEbbq(09*E?l3l(qpjg zk>RtW|16K)&OQe*?8mww?TI z_y2PFu1nRkJa}xld_SVca6sf+=qU0H9n;Bo=U=js@2K1MJ->VlA7%&maI+r6K=RG~ zM!xfQS-=9gz z_hR^9$LbA?|6OWyZ23Med-<-n;`QWyYU1_eerjUwEu>lNeN zX#x2bK72dCho|)z29oa!hxL(f@>Mh3vyksj&U29SX$t$Cy&HZ;&4a)+^4)-c62X3Z z>+yZ#5%oTq@9q1(O8g|^8ISI%eVC5^ZvcCrULOMcBU!scpHFbVv>|El!}Z~Etq-@S z^x>&L`}Lt2KAaZd!#vH0Ec}^+s}FT4eVCp`A5J`w`XF=^eSnVX^x+!lYW$i0^dX|w zH%7Tveb;aAg%7`_X2`ZnP8xlXwSIg3?)IE;efY|Xls<%?2N|vt?VLX)=jADR-w%B_ zpz_XHlTZ9;0C~Ss%li*g@}3ir_g3iqwE&$Tkn^^(I8Q^_`Eu|4J@vURxj$=Y?0;Qq zf8=!~;r9Q(^cV)|-}vpn&{5S`fi`~xuk#7F6+|+ZY)<8NiU+X|*Nit`1JG`=WpeQH4?O)XM*g7yRM1K7E`_|_UvVW7x*Zi$GT>g9H zOrrzk?+Xn@{-I$y`9Cp3`EL_{-#OL&NI?FD2j30w;CVfUf#m<+BH{Kv_J33Pnr!61 z5x7SFvpH{7^d%>YdJUytP5t}=t)s`Mbo6_F^y_F0`4|_FkC>K^fz}U4 zTKnbIXYG%v&k^r@vr*Q5dG%Sxtb=i&>T%YkE`?`z;mz1Rn%3-|qNF@Gh_%Oj8v zg=3|6x19X;0)G3BuA6l9fAaf1i*wa|+SeSxecFrjeD`UWvp=Ue&VC(miXQI#q@DY< zE1b!0`YacP{QpK;q=J;+3j~bJ&H#~h3+}Dc>sPr8!L35tWjekUJfJ?09n0 zaEyBgZPwFf+NNXN<7x9SpBL60<9?pcZ#+)hC!Le#Y<L(V`j}y`l&wd>22OgyG@jmI14s<~7)x8b+t%H8K1>FDs=M!AXhYG%OHhvDzYIycv;A{G5 ztBi4nUG0W?`l{@&uXFPH_QkV#!M-@t@|J=6`gurSJi9p97v~3lZlEzf@sYlG@$9TX zU-v`D%Lc;h-VnTaHZ9OsJ9&n4=qthgl{B<(TKDsDLA;u3cy>gvFV2)XaiG4IhxEm> zoM2y^zi|wGm89WgXFhj7*B|M_E5WlGo=LrsEfbUIVP1wCCAh0)17`*FN_9 z^ebPV51~EJUI_FxkG?wTt6$o`5kfDXJs#+*9sX?_2(P0<@Z#CpKwtNR*HiS>FTIwB z(2Hkops#l7(tki-{qpg#5I*wk)?i=M@P3EB)_`AHS^fMhpG;sUnre8qFxVIMkhc%i zS3^i&Ji9#5*CcG)jRVmuKZIU9J2%i*1$|Ye>FZeTzfiXD6tAxx*gNLW`Y!J0+JS8> zux%r4K1$!rSM?RVPtf*wzBkJ~=bSxY?D4PhZClGcdmP24R$x!KDYE~qsESH5S$~lk+#8pR2y_& zaNfuH$ntMUo2CkMS@3zAHqu{6oB9fLRDQpMHp*6n(Ffg=-~WX+YeM=_<3guOc=ucB z2fYk|)l`A5$nRg2Ht1Vu8+1V0Y?e0YQLv4Ig>2W*W+QD%kZIk9^}Y|gB0s7PGAeDF zXj7@%Y+?Vq#0>bP8=n@Rp0>sKg2fHTC*y`me6Qepf_MK#-OBs-Aj7kKJ_Ry9!@Y}r zUus_rKE-Ceuip4}$}X%OD?YXIDa?2AEvo2~`9t;5#@*QBQ`|&fie~inG<^m9lcsg! zKGfIl@a&VpzR&^Lj~3RK=ywErRs83%%I9nawi;{fcvt*WOTU|HXmc8UoA(LYp2YW! zLW|Rr`rK5(7zGx(t7!ip&|0mbc`~G)A*)Rl;41CfPRI9FZPfaM=zOXTFio3EY2%&w zy|Ed3IPfeA&o;xecKRrRM>SQ)yAlVA&!+I?dxCfQ;CZ*;d2(N#70X^d^jq$n4f1SD zKJn|;o0prou>=WxNk}5jISKVvuA{7 zRl|HdQ!>D_8~gNCyWy^Zc=m%2c{~HQ8hdjeJ*%&w&6P5Cu{pd?(Drh^Z~rE=n3CjK zcLifiKm)_Go1iuESCU_CQ(`@ex8N${yD@~PYR&+j;uq~dXY(|uW4u>7)*8?;z9)D$ z0~~)UIF|I~*ZI(;7`X}Km(qb#@W-_bnD4@`qihFq*zWUX%oBjT)>W^o6efp~1 zFey!6qGN6FzWDNS9>0LC_~H0{GGzi|+~EZ2`v%1xLAGKA>NJ zX8%q#^J5slN+b?`{-`9s%y;3}qx5NXw2k}cMZdPvmzviDc1*|FP3uOL`t(c9i#%J| zr?1)#Kc%lqXcN>`&9Cm_agN6?U@Lya`|zu~hBiy++q_TEHqQ4vp~ZNQ7L&x+WQ;Y? z!0>AgwD#%Oc;%BeRe-CEZ>8de-)5@4AL8EuQ}F&~2)~RyOwiwCbbd+0ba%1MFTTsW z%fPW}y!H{$`*w0eM=kGWjv$^UZ?uG*mi$hAj(eYN-)1c~SG|jkbmO}J3du$BUGkx2 z(!Z(~Jj<;nr!DA!~0>UXVH|IR1{%k*#Ztt!vhJkl+)`{%p#KZX9iTxL||c_g=U z1m~CC`CcmD>g}&jA8ZJxl01Nh)%chyLMzs z_|k#>=*$_`=N`Jh-Rh^^!y50u7`#g&igv~Cr)c+A-Z}i2#5a)7R`^E1SL*$spC=C< zon8&VyIaG1)4;3o=v4ec3f@}*c(T^>!Dv6f#y}qj`rtooWPPZ`cONt|Bxl0Mk)b+d z=(FF^YsQ*)B1a!Xj+z3vEzr2N8{9MxH(9huXxwaic=b4b`R+!ZS}pl5XU(7j886eg zmB$^|IT{(OI?cPUb8$+>j{vu&0o=+pZUWzy@iq&$boUi!f}iML1vr{JTB}&!s2=6l zKUp)7Ipr!VuR%Rm>$1aN*{<1G57c&v4?+~V=}5cyl5g+Bi6mVo|inAzy#v=Duq34Mw} z^sxq+s&xu?D}6+!>X4~L-}dXHk*mv*s}}?KE!Oz88JcLFTy4=r^fe28RCl?{y<@h# zql@)HT{L)|1YYX`czs6WH5h%|8d!e}%!dlUMuOX|0o+d0 zxEIdce` zF_ijuSODgW8fG^7m%)74{~vd617=lK_W$p5&b;y>ASf!?%rGD#DjF(`SaW6u zM8ndQ(xU&vz<^*_L{ws^GcX|9RC3audD40qKtRSy9@C7h08x<8#CR&p{Bd4phL^Df zd*c*1zt4B=z0TR^%o$!R|Nrayb6s3>_TFo+b+7yVzSq6hzT1QCJ(s`!p8Q>d{9TtN zf9U&B!1mu+uzkXV?cXkc4HraqH074RyR%@p+=JoW$lrz>_HU!-k3RAD-14_daC!2V zs;xf>8+d&d+=U+8@0C9~CTqM-ox_C8zo+sC4;lG`hZe&_&;4hX{J}@xrar1q7HrRZ zu)U}9=fPIx1ar$Duzdm8+81T&hVOc?z31{b$dkWYkiSo7%3llq=wx8~c@}J6_F((> z%irk8zOUw%zwc(j@No}@cO!qt^FLqtTWI2M-zfgNGKwL-B8A%AfdX6ZKaYX2I5`GkDMq@2UKGuvInWmOsJvO<>E zZ11`J6?yV^KJs^Aru^wU;B$fP|9mA=H~gmu+rM4@__kPK5Ayf3EEvAz!SL^vzqkIH zTmEAAr_aVeS^slI7R=XpFu#}bw;*fGQQnyEsr82(0(?aOyfQ!Ak-YeL+w`>crQp*|-<+m>8 zUV{9m!NFPSu}zIiqm$ISqt=rXc}_&N0kKB(d??f!zZo3%r#*S{T5uh^Ih-tU0-YE2 zbEd>;SJQ`QwAHhCeV`(-C{U3n+R(m1_kg3OG@P99zHoBlFmjLdzu771tj4D{xS#8Y zz8gi~81QM#1n{WHUp>r8ZvUXOaXYl7Mt0L|=H2o>7q6?MnxoTtE%Vbn zRZH5&brjmf=7y8A7;j>!lU&w6)U*m7@%OWwerCOS*Pezs!;chrxKr(~`nlZnM?dvd z6#5{K{O5$4+TgW(_)vTJJ9dPVo1x)qa)t5P)YR8G$&U4w7f*vm`K?EmAv1Nf zUC;cWQM-6!Hu$1_Ol^yTO*8&-&z=~(nvYIQz;A8!;bbGSn4n!FJj&Y9M%CTSf^V0> zZ!!8>j4lzsEs-wa`eA5c+r{>P$Jdp24s@KzW`RJL}U1GoGZyta5^0$b; z{C8?OFF5cYL zIoprCO+ZJK1oAqA@bkWvPLlH}80T`{FKR7;hV3iS@yJRyor#9-2HCX(xh4=UH+vqiHQA)3kg=g+?^_sB* z*N2mJ(raUx!yTR-ydK>q{bh9d_ zM`uSLagq&utHg17VK-#&@~~O?t$$eR*}H3U;3Dkdg1m%q@pa~6?VWHCeI%Tm$ruwR zX#Sxlixctnt>B?_Vfm3?pwsoPYvb}-?=pQjt%Wgeh4#X|{ZEQ3g($El#H7z{zzUPHJ78T$7EH zW)CMfoIFm(X5$3frEsFUx_LgFO!9Ct2As_Ea55yp`*2d@;bbZ}S?=MaCJQIDN#TTc1}C%?PNs5JiNVPna558|+@6J#2iOZ_WM@z?jyDv zW}V3%9&#n^o8{Zwy=Ps8b7*_RfXE9@epCB4CmB^=Zx+!PwmOlI?g&5GhR(VC;kTRP zKLp1p-S3GU!RCt1We(i!uaukHo52#4~K1Fg4n&#b?NdYM|6D0-|+djzRP z9(pGAK*UpBzBn<~8(T;{%#Au5su2F@&06SDcdgQ{S03J$=f;DdA|BjUkQoo|1#gM8 zFYw|raJh$jd#QuE4E!g;Zalarb6&aP!4Cqvc@KZuzBjCpco00sh%uw4Mrd^83C75_ zg>Ceo5f5@blK$E@XkG7JjdpRE>-ss+|!Y)tXy$pNw zOm3MP*N8phz15{TWC}ZLY_o|moz?@?J7n0SXFQq0uAi(udd>9V=^4=!SW`Gb@5ZnZ zDV)@KI6;@j(DNo%t;^Cgv`OKFc1F+8Rye7$I3cF1!WWou;mP6T&r3X<;LmmQSB6dQ!U;Cl_$`yb2|CT-1UsJLx6meq6WSS^&{jAp z?dobae1a@hG0uc>SvWy&5nmn3_FH~naWc-}WJN}tjz4Pn#PdO?W#iTFw^^LvkHIIII3eyZIElJ^qVL;f$j%cUPVo6o7AM8o zI2q)_$!Ku0$cK}gJ)DdNCyP9s+?<6I+6X6~?Tdd)JCo<3t#A@A{`VWh$@TcFtMCKYV6WTov6cH#EE8RC z{4?UfLD0Ui_07eeZouE{Mss|6L-VlfmwneahJ|mR7tci3yW>2He><#CVbe9hI|q16 z7mhd*@qBp2Ghg%d(Ig)p{0>ECQ?gJA-Tl7VO&;AVp}}&^mHggKS#+mON)~8mWP!G# z)lsW6Z$TEOAPb+)l7%(M!dcP}BQj)Roy7}2XE(gy*BiXFxOlmlIc3Pg8c!B(IeA&Q z+VtVGBfy)&$#`&5?~{e=J)DdOC-ojquFt{=ZG@AHdU<&)=^NUnWMOPt7S=Sv^E;em zd~T*Jd{_6kaetnBzlC%DbVg${_bsocczuV*>)Wz;o%_PgY0S^?I?sFictEy#9e(pF z{N^>chm+5Hy!xDC&XtxneV|Q2Yn7#m>n~^Or!0T@ZE6rKj2)IoSGxT_YJBE`rb+Oq z;_cFf=N)<6$D;|~yK6ljErWMNk5YIlS_3_reDs*?(W3@>GPt^!IR&GIr#MR){eO`#P^w((2u}_ky1~lW#6Rvfaax%{PDB^yjp0;lA?e#;@L1;Q7`0tuboi z%NnkdU%gv?^~i->)FRlnE7b;kwwe4d}9`*zp$M6I2;n789 zk)QL9rGxTvLH5100keGgHpa}up0r_;@~{Q6D?!;6o?iycM$Tw+sea2w(C%V>w?S)s zePXXs#@CNshK%7?qVcQ4mm*LibY z+S6R|vr}W1x?}G2kBR>4Hm2`ht}*ZT#+-c$V}8#+=7s4oodS=hemV!8E36!yBOY$- zE=N&paSXpozH5m8dHl~eF<`^5UV*mu{a$(>8)k4RUFzZ2>)O2rsIqq%KnBby)XRv-qRYC;&k<4`?j=f7S4Fz%jp}s zNk=^=xn`Uov@`NeyeZuzy^!F3UrWDQ7mu<L=vIbow1^2t*E2m*D1s@{PUH z{L6-=$M5PIu%WB#^bJ$)Ko4WT%ACFt#jVi?`41jVoqQfRZN|R`r|pm6s}$iM?eA}L zVDUQb?W{L>tL5K%ySbWvl((}uY<<7{yTBS75kS4UM)H|yr*QAGyfWLZ~GdYSMTG!%}$Y7-))-& z{_z?2-4Up8$GZ}JT##B{QvZLt=TP(cyb~J(KTKk6;*P3{4&c#xVHAH_Yo9yj3>&92 zxAvot-ESgm?}*z^!PkMm(Y2wh#hJ6cw08HXC%ZB5JQUd#{gsRR2Kd&!VJX?oYrUU) zYuL-GwZ>KamCqrW?<;?TF$3hY${I@LCv24eaQ2tG`w6$dmi7~p_z8A@(``kW`?1Xa z+)>m_Xl)X??`VLBhQLE3fK$4Cl;;-=apz>=$>kSJ)m(Vb@C)yW_o{=~@PYI<*hx0% z+bj)NL|$eL+mGZ!cCU^8GxBg;PolrJfviVS&#|`Q5@VYev&L)rS9=u$*!w(iX>2>! zSMrX_zkyU9ld-{9ehObNf2ljZN`3fx8axYMhqnccKXu?d;cP(aye6Zs(fJl<-xkgm zFvoguCj9{Yr5}|0mM>-JnhR&A31@mwI>vkNuK{o-orNw7n{QJUM;dbBjQ%rl#`Qm_ z-D#Wc;mjH7<}OR|XKwQOGstBSyKC@Piq7HsP2MwbT$P5y>|;kir}8f~o<9$5W0R2u z#hmEZj5-0@q+(9m)kqJ~wibN6#o2K2o4ChZbLKA5Wnslq4MQ?w&SGS;o%dGbpR7Y3 zGICNL{Z}hrfIR(#d01cGtOuY2XCluN@CTKDSAq(!8+~ns?#ve91*~`C-w!Cy&q(Hnh4?Q*2jV)asJ1yeq zzU<{R_r5Djqa*)dujXpzr1Ly$kR|ls|3Av4J=H=rP`-2R2Z-DMJr*eg-{glZrWMXXrs&(aP}W zIATs{J`q{SsBw}^VneLlXV*AQvpB&w>V^|^zQKvn^G<7j=4JWR#GJ@%Y?2pq5^LBR zC#yS76muTsn`yF}Cgy~WZp;}<>A))QTg%pFeC>QCLq;19)*47>0KWjg(C2#Uh zzw~*@=1dM`!s6r;@ME+bJdO5rA^dK1Vfl%5;V$N2`F(==De?M|ZuI(zm5A=dmGoaN z`{dn!%t2?$ZeeGlCLi;`$Qb&t__Kak8*rFdk$w~_Dqm<~MD9P%_(m>x_87lqlZ@?g zF34?r&?%y+i6sYf{s-?Eyw{{{&sKfIop1PBykDFH?~8qSUx)1x+Kv5bbk7UCc7Skx zX4?M1?=j@j;ylS-%P4wU{BGIDy^jl*@VW7CO&&Kt5@ifO zE{)Bm{|x)X^{0e4_}I1Cmm0iHhi4?Gsd&03%l>eEod-vm>?d%PB8!H%klmE7h1Mqj z5A9>)J=uo$GGv=JDf>e^lk=plWV=%KNAlj2{XuWTJ0{N{yXAqb?k>RNeQattT1>I%&&0nWw`Lmus(^Yp#=g5KL zrE}7}1YKg_*z(e?;wAh+#SlZ~_k%mbOQTNAORw{NG4q~mpZ6Z;4WNTf{$sbzf2=|V zg=wO?m)1PUVVtzJYldJwTgv`mJ0M?bh(S4Y*z29&LDgYazUi&Pnn15O^Cu#pneG z--_#RS-eP(dGNNlu{Jmv9VrG*8*5uzEL+})El&)Fck$I!2iC^#W%Ad+r+BQMerw}Xr$uVO{erkzhuTaGIyvtbP+e-qwRXA!dBa+LmA+=H$iP)M6Z-O#Byc8tyE+ zD!gav3(Ib-bcW1bMGR7ZBUusMJEU!dbg20b6Jt|Y8={1H^xGNU1dk>A1rg~ zzZr4@O@5qA2mdw1?8NPZh8Y|LT^xA&-H!Kdjpx}a|9Ek76QY&!3aWuzRYX1Epo=0u zyAK@!KlydDXrS@Jj2B`&y;qoPO!~>RG3+m(T}f7+_|5-K%fI|4YrnJix1-}X+1k4X z?>x8fvJWNXAQ!~(TZyYxHz{AojO(2<5wB_3qz|2xgH3pyXH z4Zd%O=M|@G-A!=CN~$WZKXfe99t*DC^xKdA2O|5(Z9Dp+BjHpC)|D34-q@CYEf?sn&1z0AO_8pmL31lSF~Ft+$`2G47F zE_;3~++VA3*{|)(>_DHr!dAxS~8Rcsd@Ip2$Rl-Yuavxhx zkFfrmG`|~8SN!Ato_Ttt+6h;*(PnAw>5--U?%? z$3eq4;w|M*3y|5u){YwTKlm~qf5XFhqo@0N;3MJvw5<91d1zY>{kPMcZ;?Jgk;5yG zHFIeCLs9fqkF@m3i^lw4-#<9)8BG*0z!`Ni5f6h0*-p}*;tWDnws(*N1W7e{k(^LPyp#PBkEZVN39gR>O; z_SDZU^s|VXq!f>NHZ+cYt1ZH z3@ZvFt2lSee_t>OhGGu}?bmcia~$DeOK93}?6n=g*y!W*_*Nf;JzWsI@15p99zE7< zuRpci)4%qNC7)jC{8d^n^mIO#yB|AkzbyY+8y1JJ>{toL^4qOyVA44=#ukhZCtv4z zw!Qk$-;ZyvgrBWGI4zA{^WjQ35`GRhy7|~*_N%?q@AR}zxx-1u>%ny+x@|f7W08{t zZ}_{TA|GIHvG%`7pTw8D`eO}x#eQ?c_}KNLvFo!Z_^mlS#<$f<`WTt|X0Shfa&HT3 z#7@Iyk>P*;XY*p_-c?_?0iW*aiO5_D{#Uxq<&j%H^mg-_eCO#yp#Q!X)nlau^o4Lk;KYfq2X2|Lis+842(|HWK)hKgJJ@K-uZ z@I^y?TkHA0ck~YAV^KJH==1oX_#I}iAM=bdkHPcNtL#NABgRnNyN0#Bx`uwNqY#f> zrG0uAMB;px&*fP+SEM=BFgKlTWPO+x&K7iz1|zHT8GD;z0=MpX@B?o*|B7)nZ+u}B zUtD?Cp=S9y){gh|ZV~Tp%X)Vd?+TAS$@177d?NqsPI$%2&;7>Ur1?34-jGiwzBarI zKgT&|$({emh{ewz_+DEu=!}h`)3o;U9bmK1gzq(Hu$DtDwCsm{_d$z0PnXHZuR<4; z<((U;&cipQuQvMHy6jN%eOYroG&uKMB@f45P0Ov7hZl3mgW{)R;?L}OUjCE(Cea|u zd|$Yst2s~SEtXy&UkLto_u9yp{@jjZ&9!-~DWYSooNG-;>s)bcbbN&SeU;MpLEo(J ztH_SWv29xO)Y{+mnj`p`4*v{?2jtIcKcXLxWyCRp zeGL!PvTm$+v6!90l#G$<-U#_8dQ>CMJKB zwN&Eovi@d{n*#lvid9C>23m8D?b%opM?%8^J{n41Ro7|km0dr)Tr!%uewb)Nc4Vs> zo#egaRnrr1`<-0Z-UX0IW%xOJp6c3n}p;=GX#E?>j1 z76zO__t8($;!q?MAa>7Z?WZ`LER+w`2(FfctEMnD8x6l&+~?2DG4$d7`f##15Uv;* zaK>(hM$u`&1m5hNBjOd>e~G`cclxboeYm#t)IEdSZLa+|umIVf&iXkpYkgd?l;Oz* z`0dQCeUj=%h^J>e<~+u}=riH61$>x`eOPj1Q)$p z^Y0)Z3+$`0%dE5P&R7p5K2Yv$wc-Qj@*}>LCjLxJ)z})BeT=-TJb~iADDcW(KFIjJ z`eK(ui=MpTwh`m%xR(CXb>e2$34rlYr?9CFTU`u{y@9n7I9C&2?YrI&XKxSA;?~!{ z44mGW`>qcsI~nf)_Wc0uJLe&jfx;%YZU8$^U0>oR@BnO$_#LX*Xk>ngn_al;*aO7c zW#<0YdEw-}%vW_dOPH_ZKEb^^nX~5J!MwLKkA0)V$u8=pFZ?s#xT4KB;m>mF#wwjq zr{cr%yg*akp}Y6g)jF?+*jp{zuX7DmcM&RfD&*fuhh@`ReGLWfgWxc1Xbz30N%o46 zyMk8XSw4i;#@nE!p?{4>|2lA59Il|w^om0I{w#A4jt?-;1K?YHARJE%6n8!+9D{eb z4jm(2usH6;IK{1tg=cI~M;&wphr;tgU>1%K@}3{h-vHh?IF+9_13b6UekORH1^!ID z51(v@&g;STKGszCqZjTY_Kbno>EK%WQ}{4Be(t>=T*ttJExnYag> zfVazAyjVCsS2%ZC|M?m|1$B9S8>$?8l zVR&R3GQm6h&AbX)zXZQrz?`gneCD>1FzuekFU*w|udr#7NlA85BS(5rI> zvDv;c>G`>ID@KO13LI8yRTJIO1t#m0=-VjlNBog^8Rd`6hdN^ED8adOGk)!=p=^yxtNoCkdzT_ckv zc?F#xMlWhU6S${2XfB$Ea4ny}&f}-dBNq?l!tG~;TVrp)-&kx9INJ<-Px9CLDmG^- zpXKAPboWmu^srvMv$t&D*{N79AKSGSnLm%(uD$0w^Q(}F81pn|mrxtbv$6TuwOO>0 zz9H{5NWO&T%YAcxiRQbSIN8os`QQf4w=z>^$n}~1(vlNDFI{Tq%XuJ@n<($M!|OGS z5d!b4z&Y!vd!_+j934o`slwVj*Vehd%X-=u(taQC@0c@uT(w|?PSf)8JAVP4@`3wN z?iKjp7M*S&(I^vl}O*J#$uSx?Z7{s2+v*(PBufwIPxbO5rcOX52tA=yvX+<{slMkK@-S+ zsumAD*v@+$_!HacH^slabB1ISoTv`m*izn;Y)byDe9i*5%g~{+&&xbLn&5ZqZ%yr; zk>NPDY8m`GYk)I$89X_Bfa`1h0G>2+oSB|uka`gt7o5y|P3-TJSJw}4=lk*(Pi?-x zgCBCux2L&Ue?jy8oNvCG>kG(V2{E|l%Wvabp3i(;|JhxGUIHy;Ll#5Bd!glC&O%t? zlg9))QfDAM!aUlcf!~hxB$L+xhu*Pt4AXxDvK2+PN|8tDORXPi+-2Nv=e}&0bmKCk z8}mC4B6GQ5GrDn9nzt-`3v$5MlgthC;mHrDa?7s+m*D#ef0u!qbslb(gB$r>aUX7s z-+&)0|LCTZ7(b3*BOR5OHNHLPM`PU!KCUio_|YEMuu4~D>rwgM(xdh0(O$sn z*Q137r>?zABP z!~PxK=IYl2=Sshxk+Oj?eBU_nkK(Oz=3{lJay5$YgI=CnIfkHl9%$W44RzT|g~T-S zJ@0<9mS@qMXpjC=3|#H2EwJyH*mk47Wf5#$jovoz;B&^%YjJ#KlXsuZT=9Y9=mI@| z`@dLE0Iynu3X&tNCTCQw{I{`_LHJg2sr=o%*0;zVEh%uGHoCh6ABjHA8io42o<8AS z^;!IF`b4)Y-x7zv5+$_LywK?erV%{DE`+??iteetOJiz0)sHIAF!nd(y>+&Y$u))| z&r-)5>knRT2t`;w*B&DB67DxsHRmYy=lw^!OiocbJ*_Foj%)40+VgZwT1PdaA*%a7qJ#hqjPwv@jCa zX&(*oeMRIN3*&!{7A^0DmUp_etWUxAIDPjAuA%geul4Fs`nK?{&vDfKiFEanz zESX2%wTCtSTjY`48ZqKn`B<8#Ki61!opZPreiQBUc@|SG$&rgAGdLHw;-knxJvgQh z!-x1gA#f|b5__Hdd&9{;ywlYjCeIV)ncDhwOcZ?-YeL@XTXjY@_vG6A0=I?~*^V{Q zmt=ohrmTvdroQ=o#8T2L(nYj2vW=cI=Nf2@4_*x;+gr#*CU{4BUi)ui4}_CvYFz1^ zJHRtA&%8!sdAtq$4ZLS+;ve8SvQ&qi)!K)~@aqlJuj4e?epBxNGx#$(Q01@87{Hl5 z25Wu4vhN!I6F7$+DI6ONr{Qk^x8{A#3D{!HA3pf!0`7woqpyAA>G=$ehaagmuZDrjkBo_Y ziCVen8V8zCN5I)F+Bf-m?jchf%eEAoHTKoMJ^78;@WdK;26+;1<&_eraxER-@xSOX z^mO(4;iTj-y2zbFoabTeLKU)DgC8hdE&9w`&0SrC*dKJp2K38{YUDb;9(t{WFCTYU zo5L4)0^f~y+kXhm^k-p?m*+=H$~eb{XEpSzb;Th0&IEqm1o9H?@b)@jRxV`U!1^bN z8wbVb;j6&2cZqj+Zt1WSo!=9Eq^Gn$q8+@aXwSQS$RTfGy{-h`*NlY@?I0dqhdi!F zUlNBIU-(0el`H`(D4e;AR>}Fx9K_=GV&+T=bFW9-? z+JEW8$^&dACaomKiV>5dk1NFM=b(T5aw>T@dr;sL@!D4Mwi$K;xXv!3)I*FKqd2MEn zs$DzS%y;j%DxcenSiPuK`ydj{PI6|86FIylpYtO_twZh&9~pnIbEG7gXTDo+c|r4> z==lKpjeJ+E@#Pp~3lNM{jv)Xqhwx4Ei51%)bWCn#wU4&9_AsxMAN(M^4qq$Z5chtc z!Tj7DgSFS8R^@mKz;Q>vdrXc;er6%C&CYY!v^L7PY9YzM@uinkYTN#zl{xzJ;U#3ndfHo6gX|;Sv$|hbKV#G zoQ(|WzH$fcUQUM`NX4zlknlY)2flqd9V0`1-o^Z$wew5KQ+jTjeeyI5c~b1S7J1r? zJhdZF`OG)=2=iJHPHxg1xAA)ibKK?4k!Lz9F~}Ti2b_40PeT7(H1zY*p3mpj6UXDF zB{}A3c}a6rTzoZjT;KoRhb6oFm}3`n+{YXX#beNPAHGu|G?lIs&oSQELQltuKA-9V zc6^E{?eMnM!`4p_pAX<2EBoJl7xTJ~d5y4o2mM|+r)-?$Uobufj2o0cBEP%}`LsDt z;c`FxWyg(^v%aT?v1fa6s$VWgGp20Ge)vWCW7(r}#*qFk38eM!9Qft@IU~oJy`>}B zXAdqP1GfEhy~;vg>(lUE^sm5oQzm?WopHoZc4-V5_Gq6 zsGQ3>4}Z#IRFcQ|Dt6Q2&!5Lu&LwuUAHMw7mwSNE&%>*+PqH)j0GH?~xs=Y0-Ryqj zNi>}dOvm#lwxb*Nq8mEk=XJE#`qy*tfXOE}qW{PfWYpa8-0qt*W6h=we$;3Aj$@({ zpI!bi@5N}>fbY?huk}BisTw8@Jdv+89G$Wnx$m~tk?d0L-`I&Ir+}+5;L7i7ZGxx# z@@f4o`EDE7Gc9>|SANjcG(A6c3h?#Lf-gEX?FaoFShI6be||AD7M+%L{$iK*SClCC zl&*)e^?lWa_}TriZ{<#MLT~(SlgrOD@fo@N2g~}9ySmCb{1`DE-wq(I7#bO}aQczj zP|0uF%T;p`POimISAI`CQ9Z<&Qc&dVTGzi|*B0(ShaTHbo5HJ{75iGwH?`JX0*9DlO>sLPPhbJd)s8`H|n|--0v-E}wgHDhe%y?e9X`xEcI>L0^v`xI>#WwlMvcDu&#=56Y+ zOUol~a9_IA>IdbiUfPk?4acwpX1%Y*%|~Br&VU%4%11}B-!W{Y>TTM{lU$8%=<3QR zjxXSU;RdTSY)!D;qw^ecv=uqp2JcBn%ZHzVPu4LC{b#;0JUVjD=diV-B+t}2W$)eh zYHr?Kf6=!%Y;Lb6M{aK*b03Uvh7J(^?(*T!)?l^`MrR=V-$xg_>!)5l@&xJFbUm_i zF{(#yBcIdWM1R=PcpW$fx6wPmgVD9@VZugA*H)7I{W^7il@~hm`yel>)hbh)CU^bR zuC31KN1m0qt=egPIB|#3c@>WmQ%&^Z7;++0;`knnvnf6=Q1R$F&e&P_^|Q`#a~BjM z4#J-AslUXTUyH2Qk8|d4WpA+=uQWYg@G5?z>y$s>yp%)L(eusTnzm`wbx<=j{Y-or zZ(TyRUhTG!muEfp&|2CWyFl9#)&*Cw-?Xc%&xR=Nmd`?N;oY(Z&OM$DE{Nk>_~we! zK)o3AiI?j&&ceU#9L>WZSk604(sVCX=uEPqAI zgOP_9x&D*UC&2J?d=v77gYt=yOnjKfSu)6r@l`ZG&eZVFZwoj#^DcGon>n+mQSJ3# zV}_mC|NVM@XZNBt#eAnce5|yz_WjfaOfmODz0EzRbo%@ApuNMhQsS(cY?b&zpCPR~9`IGzO#lVA4H;}d>*Fu(r*|H|pfKX83Bx319A&*;{zmuK(so2v+XrZC_7mo4KZW)~vf4M&eir^Hw2Ryd zJ!T^VbMV9Wqc^+IebusiMmO7Yg>)`?Ve9X1M+Y)DjJS;WfAi02pgch?FY7hU0>rMxo}UFxUX z0&s6~?!+G<$v-k*E1Bo7!KwCxQq#K(JUFU{W)5Z@?PhAJ_*OLe$4&Lb56Y)2wy`>+ zj_+w^{M|NF8+@r&J(4k{)_x!B# zvCjeHH0GlkA?#bljb4n}Q_Ro`f8>JAthemIr4$<_zb0|w4YKb&rjmvq5z=H}J~xnld}z-V=Vm46eP z1E*>e1S9KunQ>v3AM=?P(tcpJAM;AL^Fuvv%Q|zvUyN+*-5YbLz&)&s6T?G2*Db*tAvD>6$qdk(USl zV&p_JB7au%BNe4?#jyy=ArRbo7Of7J&nCr4YJ@+eYw76r1eC>{8i$Z58w8I z$cF>rJ1@9x_`*EkEx;x$%Q};)7++a?LEP^(-Lvp}9*$4MPp08_gUNt#N>STh*X8|_sd1P6#*$WxfK9T3pEm~tjHhr)cAS1n4 zkIv9ByKNnP%8usHF&6-X)iLelqAiVdZrK6lq&->x1#t92euv+7-Z*@eL0w(FHgo{P zcJSAMKefDqycgeYY45|gTksDXkbP(7#gSF$r1%=0kM71f+Z*0?^`PuC=Z{F&XnjNZ z9O=&0!~%-Xm5Wu4RC=BTtu>-eB{m;DBY!J;y&K~sXxlN_G4<{#Uk<%-J^Dj6pIZMm zb+PcF>SBqj&3;&X$4%(=%iAZrHL-EL*=98Z=}~?hMRpzCshmS`j4Ir zr2UPb^Z;uve`78%8oJ^~ru+?fMfA2X7G(PyeK4m>X%c93E}bI25 z(Ed5an4LE}ut?txmkT%Sg(~Ar)NI_u!G+Z=G5Y&I;Da@xP5SN>G2E1W++$BuMbVYc z*!{#(FIKp*)L-%8?6YggDXqe{l^j2Yucvl%y!w|_w2OPO1ox8(bd~hf5}ypmsL^QqW|1PC_bMf8FyI6;nUk45LD|P_hYmtKk=+^__ruep@w#cC&YcdaF2Y)E2+t0?~v+s zX2UxP_-Yn^+0V$?Q%k<8ny(9Ze!uus@&=6BLon$c&fYi+KIB?BzUKY-ugJMzDTN0b zi5In>KaoQ|mQb%*U3788FB>{{`QSZoHz$zqHej0RpWJe~i@*C=?@|8P;%{9Fe-$Uh-)P}) z^vUCoO*+`&z8elu2RCx@hav~SOVPP^@A)dW_`{0_M6N+b_xtq-@mP?v4XW=uEmFhT z9e!N3fG58!4$Y#?b$1_Yj`cqBjBKRNq~1@yMYY=+|Ffqs$G^5Y!d+o%~jM|A8k>&4TM~rRW=Gx|e<+pUjPES{i#O^Cb-)V9Q z#ini{7Ygzdyr&t50J- zeOm3K(auwV?JK}$b*XZA@_9PI&8_6vl(RB=6x?W!>V9mJpT}nH*S zJ+rjTwu{%Y-^bd;(}Cw*r~NwO$sv;5OC;!9j^zE4|Ti$|J+M7f`KqxUZ>|UQBGGGx*Dhj}{Xj#hGUi*%2;+ zrPSeY{T*--Uql_nIB+1IK`)#2GoFQ6!>NL2ZJqR`)2NfK@8#A=>$}1DmFhE&PpNl- z4L|;}NW3u^`TZHxMDxtnL=WYRE!N~r-E%+2$A{^*R+8&pY!YjVEvgx!hC#6+enbM9 zo!&qV?Y3Z64XwM5sy$F~^nKYd7pJAH4Vc>YQNYVH`7_l9-=S7BSK~uFtzmPH+AYrE&$zyr*?UlPi}R{{lLjZ$6w{uQK4(Xs!^d~3 z-)dI-7HnG;ZKmOyt>!(&-a02kc|PqCGJA}GP3s)hVV4H1r(F@nUYVNUx%ggRW8Gsk zxJLiW|2vC!<&&AZaGrPY{yyF}at|yT_eGtL$6Vt0PSxlj#lGwT>b&l+T~i)~&yD?R zbZwdTC(NKtbTngP3*z{X8Ff@Vmv8xf_Wo#}ld0>coz`CL*vfrs@00oN#AN#M;GiD; zA?H}vQ~vRG!h79h3%TmtoGDkMffG?O|0GYU4;qP2=Rg0^)CIw>6QpDDIh9|Dl|yf2 zHBjU<&7cNodY?d3DbK5Jch{$5$m>wvDdS$ETzCnXGaIO>*)+W<)KtSeRo*+(?K>q6 zo4~=`=x@Ec6nl0k@z>Xxk90;;*1V)E{?j+7SF+}FxY4a|*ifuFrS~((@s|?#O`=0o zGDa+wfc|ap@x(&nEo7mOH~0qsZN$g>77#Ta2b-s^{K|Z&DGs2KVod+dbX!66@oA&Fm zgUrJ{PdWT#tSemc&)*$uZY;zGj-Wm8DlekEaHSLKEF=G-ICdzsmfe#-5FDm)+&ZEL z&LA~=4|(?O7mhVIcz%KM!e>Y}(ZSJCPBP3lr5wJw{k&@5(5v`iN&GMNt)=}h=}+o& z(*76MSAl!^PDW2SP9#1e3_iX6!|-DayczioxiW(8*}azU-L64bKPr6SAE_Q*zLvjT zPxrImw{j@n%y_>LT=mBG^aED|q03z zwShP7skUd?C7?;$5Y96)epy~?i+nb4Va{m-_vXCpA>kyBqkEok$UVy>7jKFmfB&=G z{HU`=ENuGg>VJ3rn7kb@rt9JCxtywfv$b*AeE8BAJU+x8NH#6sbk!GQhkNnAH~;%= z(Ak;sJD?Lheqa&jA>B+aq@H}~RQLz})?S1T=(ztT&Vfo)SG-vlPX2LrIQgf!)FiW4 zygEEEG7*}a-_Af&*Jgf4PmkcISD4@X-SeZLr~T44_x$J`{N7hO(A4U_W$cvBmMcU) z`n8_HK6vt_Pe;jR8y?5TM4#`@GPe#}E2>oa@HznLO^=BiHA& z{O7-C?PtA8>8%zdsj1OJH}?ln9h2S#wgP{ zn`h;BA7jgL#)#$^gL@bG##qM~t2pOWV@%f=*95zd;T&g-(i~%OZ;)?{uM1a&cN<(0 zVmNT+^n25XnpU)Dvh z!ly=;>bLVj^V{zWi=W8D^3A-fBBdTb(f6ThuGROG^ljw9i#NpktA5HlVlI7F<@US-@ufOO)NssEI`lJ0|z!Mj$VuAaem@FQy)Wa-+5{+Iz};RKJc%?7pXmiwJTzM z+1QFX_}|#j+B4fjh%}FdxGmFz@M1Mo(B3q zw1%^I6G886;gC67m~mEUoH)<^e*0U^s*yW3oBpxau?1mc=T&PP!%oOvsy5obv!4Ci zKAXEjHdpjo0xWTKY=%DKdK$3UIlMNLGbVuFZ>ME*rP~zy8~C}t(c-_x)mu^E{Pt(x zGHViRI5)HnA7UBySasO9GDn?PE1M~wr2{)B`<5ti=WpTG92Nq5VlciO<7MM9hP{(K zw?pG#DLyyXmjH*(sZW3t#exZN(o^5l)i=I~zi-7|jp8-%puROn(>K>=({~gY4WHS0 z_Mmrz@LseKdi2Jo^#g{1nlHJ49QWcQ zUO;{h@wI^~7$iTcGDE{%hj4nC30rSMu8i0tw3sx{s+{9EM{63AItvfeN< z5`zcihZawLOJ{F9t=x$C0{!LAlV{2;U0y|=?4N~Wi@;6D^L->cdZwIE!#@hg$}VQl z>qOVx=I!yIblyxKO~3BZQ~Y(U@h{Wo&&Ti?<73b}(65yF2L@G>-*9t!2FHz#IUfYr zU4PQM))HH|{?*AiW0<@gJRAp)A?PSxG5a}EG^d^R2+3eQO2W6F(@9``MNMXs&ch4}Xs}XVFyWD-7lP zMCGOMPoeYFw4&dw{1tRf99l{@weha`{)*YVcxj}m4t+Zi zok^ZUdUCP(zQP6WnK{(|mxaej|C+p-a+wKJGo;v3d6GPn8&ti5eEc*ocyjHH@r7Jt zaHf-V7IyOAGR7x!jS=N+^?&0S;ap?1{CmbwO_QrH(y@^E_mQ8tdhcUC`PgaBTld9Z zs_CdLH+v?~4aj}p2)RAtjLRZ*)O7ruZ;?~yl3Yw|fUV^D`yzdrOB5d0^AI?)?a_^* z$%-=iE8`v8-~Vt<^$-q8vi8;5WSvDX|3JFI*jKK9NIbbV{j63aUy)&3_i3E)#0Cw2R5Lu-|3gu7b~z| z8_{*LL5}ny@>L3d`gMiui~6ha@cT#l91sjA|AMVr8641AhMfMT+=+1bbn;K9Ivz6I z(|9A^#dtf-{L9i~e||!~=P>@OhH@zXwH`BF z>oM4N!RY2e^IMB5-)e5rxn9`lT5#2d&0fY|ee-7t|Fy5L)?25PuYdGIZ}I&(pHG%0 z_tI~@ee=p`7gk8zrjzY{_U?^n@2z8qNR)4h~Wyo^?vzA?w;a; z*60cJvdPDSXXW69yZ_DwE54id{VM;iI#^??Jbk_OpJ{!qvsB(SebL)C=XoN0ekm7> z7OoS}_hj+eF&2EH*R8MlZt?lyT(JHN_&g=}u>=1q{OA0C2|sq@UxokRGdXm@zkvUf z)mK&MOzGBKzDTyd+L{Z-e=|QD{eT_%SMm9uxnTVl@R|L+suE(yQq^Abt=dv@J$!@g za16V{_i$G@SCvGjQwwACLyhZ~cXfp}y!vr+z0@A;jd zG2i#iT%XjLRt?0>TANI*pIn38UL% z*SobeyFA+*uz3P+olouM_o%&iQF&K;wuSb~ED`R^c>)(jv<9j*O|6&R<-dZuiLopGCoQ*TVg;@NPphQa(wBj2DVD%OuPXo>q)u_vhPFCQ?m ze~esg!w|)XABq?{cztEW5!k1{{U}qO?f2qqwZEveG7{sA6w$)se<$_vet*c(_stu| zMs5cVa_q^i%9T^|rg$^{XD?698KMsnquQKd9G|3$dW7lhQ&fHze`?cA;>Q|lSd^QY zKplf}9on1td+J3Li?)r$W{$`23i91v`flXE^14g$sV0`PCwQ3q&1};T-`_U~Z%i-LT0RMyh4{ewOZi>n(Bm4W20|r0s z%$t4484QMqAd&@t`WUk@ZZ_6CyeP52di0?D@D29oht0?F8}0JVF{>p4$N`pG}Y4LE~J zbp{6C3NI8*?ttfkV+MQZySfH!i0-LM#(rCsylU~0=C%ib|3QZ{I7&L>+^g=t*qj40 zV*+wSyXyW856^@~OQF#+XheSX@)==j;2C2&`%YXMsisW(NuAbt;8^>%OG-n(4x9R# z%OV~B0e?1;=ObS*gTCxK-8TA4?5#3q#J1f*-U0fl-#q2hxi8vJrN5xQPtNmO_#Iu2 z43o18gq?~8^R3qrkzdk(+26a&`i#b~Jf)n*YR1r>9j!Bj;kQEiH#v3gO`yLSwQjvk z6~7xyjpTUvBK+hme0S|9s?|3iodJ=j83W&ZgF&WPse- zNX;Y6HP6rE_iYy(;+%~E8)Cbvl0)V9zEWj$PgmFJ@Ylc%>MypExz^=HVr$S9&HP`( z@4Ap#?@=DJ4PBu+rGl$jqw9wrdyugnpq8*NzAWSXSK=SdhdBfHP&qYD+q&0r9ZD3k zrqjz?>j|2C_+joH;+^=mLf;uUL30L9LT7s497w9~#V6?dFk`BpSVli?4d_=m+byiT z>{R+P=RpjPm~)_^dDj$TCUU`B;oq_?<02Z1I$HLyfQv;=(m6-;xFGT|=waJr(|idu zZ{t1fkCH4{dcR0*gz7Q#ppW#;Qt`$jcmuvL?ZgXQ|D1NFZ`K84b>Mx0lRTX06*2hQ z)~g#{!sgp{=tNGizL5>m8lcM)4zlRh<7!RA)%)&v8G0XmW%ZPe zQ@;3grX8^BMmA1)jhb-B_s`mc+p^Y=!sxM@!mz1Lksi?h=dlS(qXQ#L&{M0>zhzqn zMoMGMJ%-KFSx#2oKMr1xEAPCQA@5wjMEyw{GL#|j*pUo*=lVI?S$WrbyJY@wq8NDx zU)zei;Uz8a#gWDvk@tBglJ~yudH2#`=n~;`W8 z1s3BANOvy57m&`H2QIB1GxMl%eX9)J!#qBjHII}$*SPh*BiZ}*PQUbda<$lt{y$Fn zHXG&J?EW+|j32$l_yL8Hm$*jWup8+b1Nn@=mtN1{`fBk7G8D!CUUnHcujC9RYPFZL z&jOq9l=2eNr5|Npit(1PE*KxhIL1F1ja(Dge3Cv!qf9=7d1|0%Bx zerB`=`i+5>w2}U>Z4#B_f4pHIG|LV-bAowsb z(|9+pxojMBzRF3qdo*si%%gFO;uEL!Z`2pG$cJ_Yxp75}TmQIL{tfkO>*2S@@XPsD z-r-fuWgp+(81j*OZ`68e3)i!Od!u8IaXS5s}Hpe-90r7VXJ68@p zsHHr#G(0TQIH&GNqQptA?XPceo*h}uH#6_;A868AamQd{2F9}E=$z*NWq+=zM}f|D z&^e>7r^My+I5;x?1J_>zPTNkkm3EHAWt*VO@XUCp)TcsK95@|(81 zw?l_DJ{nkkalq)Cw7yWj`H;@`LY9ajSJ)WRuMfU^9cP{57g!p9+@om(gjN*MiTU7vP>xnLaN-Fy6p-*2Cls0?{C6{^PGQ?;)u( z|6SWfY`a^r?bFm-MA3s5XC}7&p^0q`AG`tmbHuhr7acFQEeFq{m*iM`K;CU^JHYFw zL2+M3Z0puURb}Bj`J^jT+E3@^o&Ouoy|D^k?-1~==BccFhkn&NwuRK(Xazx~$^gSiT*`q&(45N4bd8jRF zlOqpx-@ME`R9@Dcf9lOy`6ZXf0%p!t|47d{d;gE>SKRflO#a>of49Kjny;U)_f5{^ z>y_S^sr6BhuX|dLK5Xru$+4vEpKyE$-^I$#L$rYNB4Ft1$|G(}pRalwayOFv!~yKr z0phj;*q+aD@59AcL=Ivz4`BO>tJt$Uk$PwB-+t_q>%#>ioL}bid5TQz*KO@*F#L*+ z)B1(>54bpR?ZCP$9Q=oe1ATAa#e2};eHGE3mF-{f%<|WUto%|r`Y_0UMet)YPb<~cEnUEeYLD6lckW#k3fGpHJ>=~|y- zF8W5e*5;C9kaw-!=^634dB)!*^#3-`9Q%wlmIUwB@|S%y$xfb;AAqgB+~>AT|3^OD zIUYWg58CFFF+2b4^~PND&s=YG&j)^qv0F}Iy)ioW#IU~gKWTrnr}aiRADBK5ybC+n zwbH2|T1=|O#Mqz}XGZF%h0nuBz`wadx#ML{;>T;*lc_wNxjs7WK3y+6I^@1*ySkpv z4;;BdwOgS}9OHAz&MNjfrxlpcmtFNCL=#)Sg*+>^)zBAwYYkR89P%d>TANmEDR}+? zEyE$!tCh2bfBp9DTYrJxS@*1M`hkao=Y6!2y|MJVEz93FvWk8P69X5vd3LnX}tsw?Fzv2TKXCeFDbud`r3F_pRyNi{m=gi{q$@)y1X44K0?20ci=R>O$Ds`@u7_$49soQh-q$i zOm6g`{CMdg{Y5YRY2;y3%Pcy^(N%Th@WsLvk-DRM@2dlb1hjUvpUTl*YSnUwTF<^2 zoniGK+G@D(<%aUu|EO~~6f4Fn z`Fj?B$Mbg(-x24%pmIe#AH#dWE&QgnGjVv2SFR z;2Yt>7lSX^2iqM^Vild|CpgV`To0z-68bZBTJ$GhZY#cA4BsIDjH<0HJ>Shg8o0RM zi+6N?XxR1N3j~|$v{*an*Tr{fZq|M)^1p>EAFknBWr{DP?^L(_EZ?SyN|yK?r`@yx zUQMRw^P6X!h49Jj`~J9fAn+oC;{De*GB$GI&xNZtc_KV-oCjk$|2Rcv5 zZ!~e}zsU1`9={bH+3xZ93m%W_`!<%x?eo`tJpO{m<7zho9v6IV@U+&T_K$!Tli_#x z`2*r>_*m;osuxi`_2uGm=_&mGIDFfU$H7-NkJo;}<*8EfxHCM`Upxd&a`HI53Evpr zF+9%oebkPqF4^+<^YBf4vd80NUEWrFXn2kLchTPPGtcf+-3jt*cviA7g!b?u{EYwG zH}c0@fJJ^(BYqsJ zbpd?m8wDFRj^gL3e3MXkmd#YHv*2BAc)0#a{f_hO2mPIg0_Y9d6JrDLcN9lNiJ^6_ z$GRS#6Ibrm7*8_St?4~O8_V_=nYeN~ah=(h1WYOWZ~N{+9tQUy4Jn*ooe z^fY{?dLhHh@aA^?md=KUx2YBbS<`s~($kiYb{>O|xEF^ntApr3d}v*ZXWkEg_I(1#cU6y$V^>J`$rVSWAoF49zQhpt(Hq9r_L=+7CHqMhuurRfyW6dp3VLG}&$k1)F7o+tG?&a?IX zvUG!2)1dR)q#IWD@Z9Q#$C+D(ZuoIw&$_|(-GgrEpMy_iE5GdX4;7#O|C(R;*6=4z zkzamE9f@B@^u#aEtKQ@|{PH5-c+BRPA@EBJa&Gx$NDusA+Q2UZdw6d7r6ikQZa9uD zIRU>c{XuuVl8avs5F7jJ>+z2_mZ3|~rxj(`0mV);xL1uG7>^yOGIk&^H{sa<|MRKF z4g`!HsPgQ9+SSpI^s1G;FA10MZW+4Z!{E^9PcJ6&|F$vL$Go}dyh_Dd`e)*yZQgm} z=V%V;d|rGxy0wY%>XH9O^v(mEmrE?)MK0<#>}MCbr!C|ay2v$^@%<2;n>0bOVO=1y z%KP5;MDj{&cYh$#fgcbD2YuKd8l6Ue*s-WNzv0rz52+=JE+9AiKscEo7tto&HVxf@ zO_I%jefpv1)#ROa(0-rJ8d<=Zi|8|AsEx|YlM6TJU4-$I#m@noFYRx%>{eqIJv#ztqm9L35dx zHJ3W(f}f*ye-x!sgdA{#=^o>#YLNca0kV~wbZF6(LM$Ww7k~6%6$IGZCU3#sb1RXQT!X_d(MgCpTk4r`EB$Fd{10y_O>RlyXE-#`OI$^Yk0cW zdf0UEt2|rS>@^-2QGM8(oMqtUk2czGG&Rch(|5q{BXIpO-jCAPBaH3NGc)gI*H6c1 z%};0EyV@n4&pBY$9@G1=5{-e1Hu*L3Z$>j$<}0|Od)>G?=RAR_oVZ0YK1^{6*P7=D z;Iudyc0TaZ&qQ!Di+M3O?FS|&k=J^z@IkK8;DdE0#aoZ{fRDszY6|@L;JUBy(O6Yc z3V ?KyC9%ee{k^)0V2bkiX7+&>n6P#Mod=r?TV6)jp*aL$NaZrhUUbm8J#+_XKj zTibIY7udFbn$lM1Q)Kpgc0}v_1_tt{E{vC(ew}V@2b=W*)3(&YaD{36SN6MS_Ip-D z^%Y?gvz-^2NbO~e@x?dNx9*(IjO57%pi^bfS2NFQ<|%wOC`Sn13N1f{0&a}xmzzeX z!phCs?`6qNW0+^*&v`vdB*Jn{>1-&D3b={=Q4RFH6Cs6 z@76YxXG~iMJwV%gy0y*Z8MiGwL)!)2+Gg^M3j;hu+d19Zrg&zf({Nto$JC~n*fPyC z%&8mCY^-+9$>5o7DF9XBLp4PXoJx#t&nqR~t;uWipM7N*)pA21O zc%a785dJ799yU5xaj(ZOdEx_PE`>k%-~n)QvV8CtYB+N7!Rg)b+A|*%c5B-+9~|X8 z2%n5Yi=O%5aJRNS^Fc?qwwZiz#YywQ;0!)E0!>cD2hERX=?(Z`iKjDcKJ;Yh|G{@b z|E17xI(jrE6VSikDbW9mJ<$J~-SF8n{g-!Z+cW*|>ejYr`p@sywrBd^+O2IS{eN`R z$?Ac#GU&hXBs-3 zuL6J zp3z!jVc4ukQHDOPZv87`od%Qgki&J>?cpp2OfphH7i{09K zysx%?eAD)4-P(G*ueN?%)Aq@3Z9U#sTR)y@yS`i7Oy2*y>Kkb%9D9C~!Er({v2rKi zU3^k&YVgKK9^f0s4ts6*6Y&Lp9ya@o$T;yH?_|)0_A@-3sJ+|v z9QHYcS}(Ni{j{O|C%Uyi+q5sW?fvwj{fE1?A8gvI7RJEirxEQx)UEwlroGm5@o$YR zd|h;+t?1;!d}f5W(Cqbf>-?xC^JsLQXml?71u9*C(|&g~ET4C>ll;a|)}|Ei;A6xm zImrgqw>!m=FKUcw_!8h!>sUc@7}npMfUhx=7)Ei3{0zzCo76ej=flXiC}(f#G0EGu z!BctUX!YJw-b+j(h9Ot0ck{G{%C+L4*Xct%rgM{@ALu+3XZ#v`_PR5HAHLGLDbex7 z0)ic$v^*eQwKD0>Kh*l>j2`r1HV?q3G1|)45D&O|#itL|-p>QH|8=+aK7FY6ejcFx z&Tj2}`cUotJV5)Ob!*>UANCP_Xe%D@>qE0H!kI~&W4>wX+=d$$ZQt;PdS}R}80++F zkcB#Ap^}=JRi=hD{G@8Hrfykz+Zhd$9d==$sMgRMue~@#JDycy}0F46+XC4VGEI$%lIP8cEn`b|f%T3Hp zI`J9)mUwlXx$;SSAIpR>F_66F;BfK{PrsY`x~%gGjt7svi;_Cu+shy8tetOp@H}_| zc%D50Jcnxv-Til!>?f%y&e%^fjT(usffv^5ch^DV8StTeuuzz9k`i~@b=bA&471+q zwEuWJ>#VA8GS}qrbbTxNJJsAoM+cILC*X}S?BlDW2Az7R>{_S2E#Pl7`}M}K@1!nF zd*s9$OW$amMcoeTc&T#%+sT2pnC}qu^J-)ATW|a*eLRkA^1k*%sK$KBmd1ybcaZ$H zm>Sp9BG;(hdfG9b@1cPqRuO-T z`QMBGz4?DSIJ}PUsQi)kf1>?c^brg7G2gH{z%^(3l&YF`vi&Ik5HGyU>>f@sC_&A?HI z%tUD~{;<3j<68SfM|gBiG;1!v&b!f-!aX?Pa0_5L;Xap z?8b5@c?CH*&a2*^m;3!# zBXjokaXIfJ1cSDi`j<;07v1nyv&GR+e46L*X|#rukB`$nkH4N>2{vFGxW5*-gDw2# z*=l~PwoEt^E+wDBnQ+=yFh1fWqo+&eLXjBve*Y0y7VLQK@VEI^<0HUGKkLBR2w<2E z3@zYF`bYab+;6@*t@kpX;TdSToiU^EZhWOn&;9UJalZ5F!JDY{3KVy)>g<~G1n>Lp zy!8D9Xd->5+L7nccX@pGto;d{b>D{0%WE<=)ZR0CFRy8xr}r$+i4QGLO83R41uDdc zIwSpezr*jF#<$9WQEP4bUiks$b`bn@E)tGPI@?$$X>OH6oV8|ZCl}Tpi9P6W<{thmx~`i4vS+f#F~*5subQ}EXEE*D7;o9a8AqN)*Jtx$ z3%;!8y0(^aJ^iEoLl=prTYttO)v<6>VzQfv5 z_8Rg2xx61`ePG(@&O4DMM|S;o8Q|I2IfJDx)i&WdKj(8q%TTQfKs z`oGMb4SZD9ng8$1zs8Hh|QL^cd?>(UjvIZwf+of-?;{vMC^S2Iobx&N9hoIpV+)1W-mpac_2|f7Fqr{d-#<9MPEj%RnzL$Ik)h5$em$_qw z+I?d!_Kh{cH`by^*UcIWpCRj5i!;XJ`)}N_bcc}c$CS+U=_7%KWd4{7W;_z}g^d=iC`g8Yg64!Q_ z?;Be_@M3q&eZb}Hcjr0w$VBXs9R(o%-P--LM~bjVkiD@|>=9&d zHhbjRpMaAh?2%IJk=f7$a>E-d7aJdXOt(jnl5USY zd{p+xQ0$R2w{}0_+9MWqrLh?j_eZ)CTaf+qEBj4%hqgWrtl++lw%k>3uX-1Igx`%l za)E1)fb%xmvhL~j2>ls*1lY8O?chH?9{JiJ{yC04Li;yqe~>3E3{gv1wW!NL=>=<%?FY+Zm+3M;*FC=E6`&siiwvV^If9K494|`-5xIqR^Eg^EbA`YS!A=4*7PBXS=TJ#dcT?4(aE3w!;#} zGq%Gl*LHx;j4cR$_p<)RcDT{89m?PAp1A^8`(-<<&tg01S*Gm(jfg({w3D$;aU+{fJZgP+ct-ff47XFGWB!1v}I>~3Q_koORs!5Fd~7WZO1Fiw1i zYdg@smGMs0b~s;a>e&v9fj`4`=s*{5!FG7Twee&-{2qNF+ri5tI>qfn`3*gE|BiyB z?tg)HQRq zv20Ss2j)#8CmVfShux(3Ku*N6r(z#@`MM9Gk98JjmDT=qhm~jI1LixluJ5b7_`vJP z9b`|u19^yi94#9eIg}YA_~Vbj%j@6;UJMzT>G;3MmSzjR_!zYlBsaHHPrMpmDS>{# zzj$&U&w}tLw)-BP$3ah{cfGhlPSccY=@a?ZIs zAcjnc^W4CKoabkZg{MJVUQGn~TB-O!Uek_8&}Yc&YGl9sIIpdqX^$dG z-))R9Tj|9d>-YPvN45tFI(1Ikj|1aVfFJ4ROnrxMw7VK#xf)x12fQD`FK%5U8S9*X z)VRrK(6;{!WD;NaxWd;;XdSz+=``qkui!gfI2h>0`U;wEobJp=vPgNjt@y&#R*vzJ z9k}3i-qV*wnZy{^sZ zy_?W`qg=oD%Z#UY=Ni4Ix;c4G*PC~t$;mG5l=*09ainVy?LC~u_^xs81ZU!14?e+V z=!ZT;KVB?Fbn}GxnQ^XQoMt{dyzbU|cV)}~bX^bqbq4&4J{i6#U56=rHr$&~MJ_sh$q2gl4X@@H^hQvY2zcIwK=G9J>x1jlOke+u?n3 z$Vwx~&QMd3^K#NxB|4i8{h9b4G+2dA9G!rkAvZX-DU@bU$9d-I7{zZsMJ#VPYb{(< zKz9}JUj=YK58S}8Hi4|4XT_ghVFgXBD)|if^=zIC{|f0A;8gwJ%m3i$7Nbu>IgSm* zxbHDmD{>)+JvPaWn}EG-yv6+%k}J^IaAP|)Tj)RSrC-VX62sBePTXX7THIuOhV8`n zACe;?+bP04RBJx~{ck{ysW0t2l@nvkWv($kkEn%*cz&<)N}&A!zDNwYdzx@JIy>%S z$TvU!-eVszBtBtoFJznBIN#ic`Q|p7e0$D!C5H7fw{aPB<9oF`H>3aEm==EP71|?{ zFE^LCsgVzS-q^_8c>X!w5#P#RnM(XFLhMfKOl)rVPS$xR>%5b7<{b0d4%V47&`;~E zvt(ZK8SCtxe>QtD1v+a!&FX3^Le`n}E@*oCzrf)%*0P9wV8$pWHt5NS5v+lHvR2@# zMTQCg`n2WG=o3*zOKpP{T}>5U*hw*>_r>?;Pb{7 z=z{0>@s8mSc;&eK!MuC$hn{8Q59EmM(25$I6f_-r1^Sx^e+=(~KY%OAAAI)s<0fEi z1HOl#f&TEvKhnN&B={JVg+J&w$sc?k;qu2Pc_+yq-kSONW6}nG&u4w%kFd)hisw!@ zym3yl{+Y>zL4SMp&NlLAlC}=>e_uQTeZ-;bOdgr@ukZ+ctA>f8Yj`q#hQlLQeZi5j z^N<_5SL&uJ_S&GiJY>xFJnPEdbY2Ivu@{|J5J>4f^USPuP_-b8EL1(npGxmBzRo;; zlXY%~Ker=mTabgQeVkPm4oj`Ibh-SUPI45q-!B;|Th3c+*>Wq9g_3b|e6mn-|25?` zz;h0-IeB6UU~zL|(4*vUgNt|ASC*{kYtF6Ac_nk+?9=n+8FSV%uhxik^ycK8bDP4< zSvp#EVX97W&X0L>=KcQ8c|(>t_qLAW@gDL^&$7ucvxYfMxy&aezk250eM5N$E-!o> zUeK8sqc1Am`&Ui`eVdm$v zr<&7jMR+RU-(%zZVCYD;BKo4)tJ%C6{?dK&?eNyGuoaEI;Pb{>M_&Z>4)&DjjX0G# zSH2k=>Q~rM)U93H!Cd!}%Tf@?H8xc8nUNd0Nx89C{A1={&~!8N_h8Vt%1axCETd18 zKR62h{}ued68^sl_;$Fq(DTT&*T~V4|5yy)m8WElsSS{{iRiP~wYy?`9)S#$y!oB- zdpw)S!@E!BKf69f=b86&TF4SFS4#A+dzk#+gTNF39>rMoya*p#HB-vuYxB3l3jKOx z(3%*rtf!#ICxi4?%KsYnk;|1^MSnVbuJ7B46DlXJg#X%Sj^V2-7AN0G@T>nQ{*^O6 zH6{7(`GN#gq zONjF+zfS&CM0MW3HiSCwoO>-*O%108{pDXg(h#49jlo>Je(T5~t)~8RLcB_!9rU-6 z{wj3VHPv6eHS&CW19S2BS4@AhF_ow3$c@YG*QX&j${aeDog07-Vxnu-7CSh(=HTlJ z(U9tjDE}q^9m}2%Mp$>A{{!nD6g~6Xr}=Dj$BuM4=bZt(%0~l=BRBcvoykWt^^8;c zKOx*=`^2zi z-pBm5o&fzl(Z`$;s@LAjoG$L?oJ4>B(#KprNcuawkGZrlm)_Rr-Glw(B|rUz`r-aF*)Xj7C5h{a$_!Y8>yv-tWzId?ogi zUd~xz-EICNc_;&kF>AdTzlE5I-;R&wgP(!mYB0D$&WXPM_~V|kU^Be$@%!E8e$0&X zH^>rjyjyvSp9aU$DN*D`sc(MrLCV2#4;+EtT<|*u{CYUr&irH-3P-2=`jBp!1D<=} z2t3PAFC;S>waafAk^`?>6W0)A0jt@RKgH z^IhC%ZrD!fu0YfOOis~}nV*jiWnUQ@07qti;K-Zbw~jZzYrs_@G5(R*=fhO1B7+8e z^V8fu@6N5a`+nrFIQCDv{GV>>EvC-HRhe2+x%SIb-Ma#IIC<(Cql_{9^%SKaUo!QT z((R`N`cb||0vksB8{{tDDZcX(>p3s647t35GvX^aFEN{(r5N=@a)@7>m=C;fV!hC% z=T|sq!*ZJbU3=@$rW@}y{8|m3>txd)8v@|}b4D(ZC&%~m!SfA#_s(FXkA03AI{+*> z#7>Sk_PTzIJ<&II_vS+ls>9*&))H_kSta@NNk834cKGOK1oN3I+2Nxb?=FM=^r^cH zqWBS2$U)h`vUQc?Fc;oZJoHZ9ZHGp`?BgrhSqYx~k9ptfUG}gB<&r%w2khl}S@-AEWdI0xQ$FuPi_T(6I z9s6}f`0^{O0`_L=&upgt%uV=kRn)z=YEQGN$=$_XQrf-E=6kf%_F}cm(QD|<`f8rN zOAd@5?mBl}moqo5vma+?fUkgRj%2~*x$wZp;d}F2##-n4-^=*zRNlMPd(THpTA#m> zPqN(`FXJ~$yeK&E*`4*L_6hI2i%dM%>o0>g67-jZKjXIpyr;8qrq2xe`-5r(K-1ZN zdyV%LqbME|=~|NK*1mGr+>cjp{nxTLDw(t*WBo1O_v^#qth2=$W1G}_^}99zgXBZd zialLn13{`bxIEblA65kQuE@sK2an)?`f>Q{7U^9t*1 zqrc`5|B!wNflucz`@+&`tfA3q=whQ!ktGg4UX88h+)>{Su4TKr`m{c+HV`@{054ue zztS(-Be@p(y;9%lQ}=ne_Ia~x$LA`YIAIk1_CVO!MfHk}NDl*}?7n)hhG}p5?W6Sn ze)QW2^S;q<%|6?@IcZyi6Qkei&$Z(xsNcHTYs=Jc-*@TCTd%?_`Yptmo^JE-e-U&n z9d?hWce3cPgm1jP8T9Lo=h$yO_1V|GelzshZ{0q7=rj1!&ktVzHyip()k~2+s~mtn zV@{d+tgeuIDxk3ta$kD@K~JX9)|vMN`!)8!`>V5F>Cv`#o%Ldmw!Q1D|LoDWcb&DZ zN85Cr6@=#d)LF>i6V+KaxofoEx8~k@WYbsQ%cid)AB?{GG&weYxmxG0?Q-UosjudP ztE9Zo(EVRSC-tVU{?Y$lhQ6B1d%fwa>v(T_FZyaG?`6|hpXPaQ`f8#djtqSj;l1AU z)mYw(^`fsn%6mp%q33ty9A96xvsal_U-7=5KaIX&jo+8P%JTmE)mK|hd?7uaW9|S? z#d3_UxSU)~6Gul^6izxhU9p9n45KU1Uw!&Qm05fto;8^F`_>is;PoX7M%oqmS$v_o z^caIb4)b+)9b*IGlflSC{1)90<9Oex`0MnHc!Og4_>0(LD%2wJ>n+RoNhl70ou`<; z-^Tp{IUh!5Xik2afvs7MZDM4Ge)G!(e*2{Vy^P;J%X>y<=slnA(VoG_dC$mcUnEM>nCb2WUxd5^9Z z?Co}NTB3Nz(`9x%|2x}^UydK17H@U^3ypIJ<0${r;yu4S_UOMK@(|7`NY6F5!&B@oeS!Sahu)N8%a$2@gko$-nc>9F6?zYmUt&Uk&wJ{vB&b`2p`k{_R%o%{lNzhWsCFCzY)*jw?Y2*9DYy!b|&v-$UlB_>Ylzweny7;Oa7M6dp`NMTXiWkR)FUj z@{iw$|M1&>`b)y^$cN-_Zy|Rw#9`er_o3=me(YA;DqpcJBdbmg19`X+uoY+@mkG4tqSFie*hq$9RL;f)* zH}=&J`S*F3Ci@}(3?KB6f8S#NrXTX}fJc%O1}d+li;7#ZG*C z5t(B*^kZ!Qe!x+358V9#)_j7!SobpHFGrDQ*IeP#0ob#C`8J}D{eX7*d_VD$KbrTC zs{`sw=8d-Jo?yJ>iSMW6q-O*7dp|%nkBL!*nmoL}j?6Rr0ZDlW9bi}gndge7Q2W@a zg`XvsQtyMMKl=fkZAq)E@5K}EaQn%OpCt8vmiYfB#s8U4X1qjuPTAuBCDcgl5kqn8 zDI-try}pN^ZJsM0`+abc;b-%kvjzsi2V zDpPAdZ{c3@&Qw#=`)wU@-kMOJxz9o8P<4l!+O$rF=cf@nWuG*UzT1hTj-f74l-!{k zo`+|qMfeTde=>P~?zq~|%LiB2OtR_=%ENZSvDfbkwji^~l_d+K$?qQ7n7F%6=Lj}7Ej@8^>5V(D9!YWujnsL(3^^ps& zeZ}9B+fn%u<=RQE?^vg%_Q>eOiqbl)jriq^$lE(yrNd33zx=t5S)+X+#C7i=A24tvfffo(-Pj> z2pw0@ZX@$4VxMUQ@Ak-&esU8TDe-N09Y3y57x+&Ve7bcdEQP-L*B< zch{Eq(fiH0U&Xm+OK0lDkGf||cS6PSGsNeu#3$fycrmAG(RT0xK9&38ji|440 z?Z`phajSL0mI-enwuoQ4cB=1=PxGDi*ZEfOeBerp^#^X9X&vdUe}%UPpx;Ixx0I$JxA*b{h$|`E$eD~1!st4e>;0tA?JL7Pw&cCe!?BgJ1=SW-!t|T zw4MR*?$LcE^9`|{^23$$vXu24Y1T8eP#`i|IUuM5d-qtccmynBW2Ke5CBA45zu})uw9eA+=h`d5jqtDEL*T<}FFFD@yG!Vgm_)Ka z?GK2~iC66QVmiy2i}H?hcqbRyF#D@~KSI8ObXFttv#JVh57))CGjoR?1JL6J-Z#G$ zPq0V2eJp2PD)?^v0s5IQ{{lXc+z-M}%&%U&do#RCTxOfr(xYGa?iu9F6{XzURQ>b? zHuP%X^1chcUG(Yo5rZz{toi5YD?wkv12S^Acc$V&`Wi`JE1o{v_RrDj?`-?&9(~np ztE8_=?laHU*A(tPU-4jGT3?kstLE9}%)ZE%yi{$Oka1HzD6=f|5*@o&()7kv0209Is(_BYM#|(^tF*S7~t#6!xu9CnNsdvBnS0S z$$?W1zeT|>>$|%oI?~qKOYUh6Oy9IwK;NwQ?h1aF{XLKGe*PC9%((whLxsy{9{umj z;P+DKRP;^WQRg!Bmd<79TtyE5NAY7vhFlzxZ&sqVP4H_V;U3Fpq}z_HZ*>1{rEoc);;Ji?7~?nW|RF8^n%)-yN_6-T-* z;Q#A>6)$O0ZbH2tH{1+Tmv5U zz7#&Pt#5$2czE*GZwfF*R8v9p51$xZ@pn0XuzX?Rpq#mU0ocr1s$H$iC;W})-@a`^ zKh|=t5AJN|15OtHq5Xva!am>+^#lHo9tZyE;MVV7_~nskA)7oZ;koKHU%-FS47zZp zWA}!dUOVIXv~Y?Krq`ea*}bnp7Jg^^5Nmw_{|&$EdlDY_-N2J;&NcmeKj7JC zr}#A!o~`u#-r%C-`83JH=79B7BYC4bQ)gs;rQ=HtAD1rcUUB=CFJWX|wIl0Fs15yg zsbvohazA{={2hBRWq)bBAvxAlwd6d87*D#Q44JkOxK`rh%;s~P`7WatYZ+_Nvz~a+ z=!;tA;kog=+xdLx!W69XL(SefI_n`HF62l4j|clE2lnkpQ?S44!tP(cKH&#;>9sQX z`@nybfj`H*!2iwn3I9ud@PlNf)?g(6 z*MoP%AJAPXbeO~cQGA}w8W{c<0)6s7lRwVt2R%;p%|ZD0{mw$vFmr|*xQMv>$ed9W$!<5%`vmrDZiC`=z6R6 z9D5AUcn#dnzi(VbXc22>xz4Hc4eMYsq|dZ;kRiFCcENS`-_Idu=RE z`4<(yJr}qYJIe!48(UImVV(kR#pre*)8wa%-we*&eRs`6xb#2s=HkhXANb}YxsmO> zYt{7>;;I@*%cVK3>q&@$zDOwdO3)RrbqQ9%@kA*i!Ib z2M$(6x}pm?XF3C1U2k=Lf;;W=7L-hKXh8Rma^JPZnR)no{(?D^x~?gdxTh1kx}ZFjA8%XPro{k6a?*cmgs@3L-b zq2Fh_*Wb|1zFPU;yJw1zgj0>b>2ho4Dl4$7gV^)lQ2wqlf4}RV1;l^%&WEn4udjN3 zv*F>nnm;hb7*9Cx=B@g4_cC{lt$7QsICG9xi~e(0OAoiZa$dE)eyCi=>wtB>+VRdb za8(^KG@v?nG3whH+95WkdT9yzY8-7n8LwnLW-~r;MZu@&+0h@trpvB6+@SdtF~2#? zwTyd-TSfx!WMZh`<6)i^fd|QxBJdJ84|#N>^^C?>Og2&J$f;_6Z=3DZ!1Lx81qX|ELpNH17t=B7k^euX5WW5CMH2U`7?5(esEPeTD>!&WPg+p4tus^hP+w?%; zt_#_#xt2Yev0c}$9?Rzok5$}%Ewv+OpJp8{ILn&ZS#bBRd8gnzLX(}uJmwbOy=z}6 zxNG{cyYG=67A)fPI6SS|(CKr`Z(0XTs_CVAz8)RM;m2_?I|s?VeAA zYsr-e=P%?3?qI)lvqf!gWCV3LcIEy3&Ukwc1s6f{+X4{zR@=l)s93)%~(s=@dob6ZKgVsp#Y z_9pD42eFT$jAL+z407yDr=H18$OY-0rE3(~oL6I=Vft>G5x)bH)QZb7`MQof2>%eX~#c z=0@OVJ*98Pz1?l}P4q4P!c&d>_4LgK^v%CwPsrw5ryMY&3v!+OJoCA*>3in+0C0H6 zwzbJNIZbQ$?BAR6@@ZR5to8h+_4lQ07U_7e&Osq~_UsqOK21Nr8!fetDX&)c%jrSv z7v|`_UzcgzPz_VYf+`YfK*e}}qyOVqvgKOVDOLQRP z4Tfg$XKr<2jt-3QEYkJI414;ep|V9%=X+FlB!=#@imT4IuoXrQ6X&XR zwC98($BG$qs>U3HOkpgI8)V#UV}92iGdcl28%OMyF^FF_mz+Du+^1JT9M`P>1n361 z;^SO;cgHs4h6b8(t>QV(xECFN+<)n9+!x22apyAb?V_n(#tpPooj-O%7@0(>vguBO&Hyq&)#k-6tPcnj+H|12&ZasDr{CCsxO z&a+5y$@vR-_8>A*e!(yKD?3boTgw9BHrdPAO7QC1Gp{?`&|X#^e*FP#72qlxVjbQE z45dT3uMt0QI?qB2swdUxcRe5EKIgM}{-kwFIdHM|PJ2G*(0+XjdKnl>sI{Ae&6$Io zFtqBff$Ys6DsPOxKXCtkpTC(r7(K%}mT-CS7x$*~VDyX#zmbpKi~lv<#2Zue9V^A2 z6OF@*;{(f*6fp?Kim*6!=J#Xn1^gv-t$y^i%;NZJO>@dnUiSE+>1BbC%4fB zo^0%x03SeSiP6X}cvE{&qJuW*Q#lqptPt{B`%|(dLrrfnSH5Z)61+1ZRHmI#(@-F0eiVrusa{FxHl`kW|Q}j?p-w|k_ad7RPVvkSiQfn(&-u+#N z_H{pir*F2J_=1nVk=>$i*<3O9$G)j~Kwo}+qq`9e+{o-N{Jq=MHue1Fhk%cKmu7!1 zj$khU_Ps{-=b?`!JGhJIdzwQ5p9`DhN6zL>rXaGS6?#uV@9pr5WOplVJi7PrcCK&* zTz%mx4)183-!P77UbX&4FwREsRKaAV}C`n|ztCS$bS*ox8F)UTq>csF#= zT^S5_UvKsY>o?a9x7$P;Jd`cqfW8Lp$f9e8!U-+wjXYqOBudX}U|aa8x*aYT&5N z0!JoqdgEVa*2a_5xlNUf9b)V#eo--F3$O3afTu$E2Fd&aC(kJloUH>-uY;#XYLg5H zf5O>@QP#{n;-OQlyw$Dv7s|&B5O*~ALbr%lWCypwyYPsCS$@V1f*U?*mpuWVj4cE& zDAthRonrcvty_gWNg#V#!F3(^9?EU2BM$^!V$M{{9#h<|4I6r;n@6&|3SGkY|3kil z*KRrMI+gh@V_olLU01QL9jxo?$h{Hpwg;P2XDqkr!Yp`wfwB5p-#`1tQ_MwodU^6e zW3L3)Q_;zzz_s963En4GxS-I;+IVN{O`-M^T~XdPyD*$ZpQNPB|aesz|IBUmGFjeHi|iY0{lIcV}-H3 zhk7&^0ghbgPIS243hsK&3Uux`jk{r?m*eqI^9jH=Clfx_RPcFgs&56j^Pt!aD4nywKHtYy2qmL4yN55y0twajb!k#vT~5B*rnso-fjv@U+Q4EW3W zo>$OQuJk777W9IjzW87m)~BIoA%R0_x%FyZ zDin}PorLY8V@0_?u5^@Cj_4vJ56zx1m7P6M^mV^ zvVuL0J9T!Cvmd{tjox{PcgTThu4ug4j_@p3G~|AlPFv5r)Mw!?m|=E#h(Uo$4l+`2#7``lv8C6F<< zCG^jJO}+MO$U|#hL7ZqAZ8iYg24Exqr@170waNcU&W-PaaRKi-F&@W8)mq=kTHojM zHx7r~dc(+=_XZD5+9&&Jtgiia=+n|rSh216B4lk{DBQX#6mDA`3b(Hbg*%q8Kd_YF zN-M)baxvnIut_ZIsUY~MsJ+;Z>piVE?|S{kmtecFH*N4&OwJy(QqBCTi!ZPf^cSZ; zvu{CPXLofslnk<-iq()qIDnd{H3i($Q^@}TTf1k`4xM)x+vref$d2y_*~9OQyfc~0 ziHd^3&PThuXO2KtMeDEu(ErA6D6I&$UI$HHk9?}D2zRWi2=8585#G0^B5dy2nWg(m zbpKB6o;Sgt_H_>$+h2Pws_my-@jPsveD*I2(20fUssY&A1Gy*oRPMYS+%z12mAJuE zZFQC5soUPhUFj5&PFKGqON z?rB|hzhShD=g3a8zHUFFJ@0qzhbgz(|9hj^mkQfof(8SuQOV~oR}SKB(A;f?FX=ZM zeCkU+P%HguuS&AW-*2>(xY0n?Zm?*?f<`Q8#DYewaK|ucWH{>&fA25lcWCfucO!3* zE1s>-9ueU`zL(#s{G)6CLbrm9|Tvb3u$5pjHNv)Q&Rxh z1OGN}ZkZ$*(zS~Jl1q2NzXcn{+Q9&05es;i^_4tIu&z2|A$u(f-4u(ifulmS1S~Q9 zGSQQtul%3W{F*a>gZXRDw`tD#yzlxqUR+Z5#YxucpXBS|O2=Pt&d3c*@}vBK*bL}_ z`NW|6_>Jgf^s{28Rlp;CtH+ z2fFFJE1hnZWYWtHM}FVT{X*{zJ}pTv-HYM3b?o`9x4I5&vbx^b;`o}nubXuX$5%m@ ztD(>8oN(LxoN)WXoN&jYobcZJ;nfD(B4^7_15RXHF)$|WkD7+T5S{WKg(u z>8|QbYhr92YcIN7@60Xe(wXMDfLdI&r&0f>hTpZ`#P%l=+Yk;#Tji{0mKcufXF0J@ z`67S41RIlgHWr&0PSRh^W`}RF(_=XE;DagHnsbTaj39;+2Nvm*kVQN%ayok^&>*}O zuM667a2Utuj^j(#nlq)R*_z*6<{n=(CA=KkkiVk2YLBG5X5d!cgBzd4dpwKJ#@;;# zeARx;j_nBAGcVwdQKQSp*zqmsO7c~^YX+guPT3l(wz{J8S(8oB(L&xwXBO+eHDUqy z*7j8IU2BYO;$QGL_{Lr;vG-p}PA2lM=sVU{%iOPencc=S7GM96O4l;hKzIYw_P_LKu|H7DuVS~G`_0>^1hao$}k zKLwtDc@??b#bfN{$XM})bdlu9Yu`QApgvdfe1&Yn>!3U2nXz3Lv*z$lE%XsXFDnng z@WT#AHxA;RH&~-sXbLn-pR18U)l;C^DbVZ`Xm$!Ti>_!uSAhFY@cypG4V}_d8$hlw zR*bPS`)wqT+L}~im#{Y`o|fK|{C~C#d$f#qCK!7Z{GVg51()(^a>=pD1&96|n|K-a z4EU8yh%;`2?*qWa2+l%OV6(*;U$R@{YkvN@{nxKqw=B;++uZ2WGr-j*^ywD#>BH#L z$E~nmpLULhzsJGf(1Y~M>#I_>yy9p^&ul`sZb7#`jBb5A!uu)R+BrJH`{0;$I^eVY zllrL6(MQwGnVhqd@P6(#c#75IbnW-Hk|VzA#ALaetGQOZs$xNc%BO#=dcD|e*I0@z;m=NqE(~615Hij z`H1!wK|6zUt*7G9@Il6o=CTImk#PJJ@NybsZ2&Ku!OK?g@+f%u2zWUUI+_d}L9Yj( z;WvQuO<*i1)_9P$iUzE%A&fud`OEAf!N@aTWBgdIyZ-Qmbih4~9}8gfDgP3>GHZ@J zX$j3XcMSNy_xL>@Tn+@6gTbZNei(mQ*XiE64n(ea>pG13L>c-(_R-Dw=I;$o&(FLR zn>&&p=^6(vo$)OLkNW;7eIKSDlmF@FP;T($fBNhBdiKf9rY2^}KH0wzU9$)}TtdF+ zQgjb=aR7Sg1ozSFnNwXbEV-JP#hensa9c+(+};@scN`3c_d-Ye=Ht_pgJ10EVrV6j zk8E86jZER$Qinz&n`G~88oVQWb2rC9<)l_ZTHUN;b!lQIMmZR!@LQb!IRC(d!2`D+&~QWY+&4|xE->w za?POzE?pU#gn`_JOc>HNC~!?y(kW2V6XOa_K8UTG_qy^}nK(ZDg9xN19j41K}# zHoC%trwDisNq4Z0v03mTINJCR$Q9NtY4f62%KuMyL(93=ld&ztB1W?A4@Zb)mXWG4 zaO?7s2OH*?+DzR2G8@`No?%}!TT@Ey*csT5i6C=#;$53QhJ7&u+GUQ!yNrGD?Muin zW{RsIYT8m@Um+!`R8%Koky!{JKw>6IJa z>VfDNQ%q_d zxWPvqs`upsm^cn|j!$!Zs(J9ZawOziJ*Ry?cwBKNKYw|-5sl-po1jDSn&`{y?a`0n zvrElApU+&dp!8|^PgAq-dO5s)9ka zTKzL^FVATEqh8w1rR~^^wl-~}&jrFg#cg81q8JsrvA!a5it)4M=f|+C6(^0MZ)40) z{6=hNsPa;a6$6FOV@uHm$O6e4$!Gnh_~&oPGm7(DrQ(zPR>f}##%T>zf)jM-LULWJ zE5m!|SBCd3tPJm8R2lAE?D`gU*!Qa;2>2D5iCr0D?hm9k^pEAVdjlZv~&&>l}Z??29m0e>=5N zTYtN!cfvDS-alFTmF>Ty?&N8Arq6fv;tj|1UyuH^r~kSf82atM?r`E6H=i#5BE=u# z3Gs&Va^$y)SN2bI`DFG<@X2`5;2qn#fmgZ2C&DMc7z>~9j-O9t<7SI*E+XG3E1$UW z%``q~Dap3D{H$??-_1T6W5{N!Al{UK z&*I`Ua3KDv2)QyL3;*o>)d$Z%Z!JH0{>he4o0R{i#$1ZNjhwG`Wjy-tU1VkAI^;cb zZ-d@HF&g;>y-yp5jAQ+;DP>;_UYPx9C&n@lT&4V>oTiuXhZ5kcDixF4-B(QRSF4?v z+#K*8$ai9LTBnjK=@iG8GBz6HOd&sOD*Fnbz>c2Q7ztlP%y9ZoBjIZwiG;7ij;%m; zo0tl+_D$rhmtW}JtLVvB&bc)0zfN!~Pp!bnTgCO-kHV9{j@{f9g3i4AEUKZca(u8n z=v2O{Y;D=(-v@TZcFTc1EvC04Bc|tmm(KCaT_axyLT7`)`5EAR7&sr!XXNJ$Z~X@X z=irDFuN{W3J3P|$-II`y6Id5Bc3mpIcNJswS3a8k)v=O|>E}B~5)YBTfxaEOg3k|H z@BBP>!MsV&Jx%^Nd+mCjL!P>xm*Hnrj@Fp~CudN9g%f_?v;J!9@CI^Wa=_)$1NZJZ z`o<$i);;?2kymryJhI*zZt93|PWhQxZ{B;ux;G!am1he}@L8yXc-yQ;?z=(XS%aB5 zlOo~uKM34X&S$Mx66YZ&*P#L!Hv-E%&a$lc!APusZAIXnpGU9-$~YU8DB&yvc~;A4 zk6*Pb=kF`-sj_lbYd)f@va_wjpTsX=&+zaD;0Ul^KKaFal`pt(4(C_`1(9%BD>?Uk zwiGAAw=?*6;V2tw9WEy)kN2K=_NVvWF#Nv9Zq>V*6MkZNHt%j{4(8qBv1#wVdf|6( zSof&YKG4Njv@avSf5SWOSolt9V*%^-ztN7dmfmyU4YM9|$I`Qc$Zbo%d!K=O18029 zc#Y}rN1@5Gk=Egtxm&8NI62?0bw9mt&#X&Wr%Qfw%;lz=8CINw@b;1`D+k6*(&P%BzTBH*CSZ_S$kRgdmlaW>V+?}{%;la1 zGYqx((XWoVch9rmee}q>M_xKI`KwNw?T5N&;*W>R9tqqshtCFvNIDGO80*H~yJzWr zkEM+vynACL@m`z${<;ep_t8g=EWPiyM|& zi>$-TIt>nXSFE_mt_BBBxj1;)hl6$C;Mq^R^nc+2XB@#dBy!ujNAJ6#20Ae~8ROt2 z${q~s%36T8H{cofoszwb<-P+R7jEbPR^AbYSiA&&e;{yJy|M zJalB%&ffd3V&10RZy!3c&fo4Y>3x^*-OyPyeZ3EmOXcXqoTfkXIq3@`>m}R&UhC?1 zWcyb4{Mq5UJd+PTz1*7lc3r{mfBbIQ*7ZTlK2~b|zI$MxYyX5mSLZ~yeLXhkus~OA zM?pAV6zEEn2D(~H3&U-r3&ZW>3d0@a3&VTI1-kZ)r)|xdX?yiS`8Mb;`8LMiLGK6U z(-@y5vdui-f_;j=7ss}$&~MfF75KX5w@v&upWh~w8@n|+vAj!uc6_1Z6IESEO&fkQ zc^tmqYBk<^-d)GLH-ZD&RI6{b*~I(vo%f>+w7H))*caM6*PeQu_}P?C5*wYxZ`dJ; zapjy<<9+nK-|nbljE(u6{l-Q~V8?XVoX`Gw(bl7(0=uTh+B$-|2o?DJ@wb>W@zIK6 z^3eXqII|cBdt+G9!G^i`rsn?aqdf2CKlTT9Oxit(jM>$;2tAx1=&DsL_rN$iHt>#Z z@w$9FL3~Db>7|o^S9rvhikiA`=h*pU*(<(2xmQfyQK}w;_WaQ+sl8&p*N_)90=;4O ziXWz*$NB#-us-hkZgmCDz9Dw1;uBtM(X11;TWpE&80m^O@Xr1CvBKdRo&%Hip0zhW zubAJLxOp~O+ttF`Fz|Nv*0}N;UdRo{!L`W=0q@1ej%L2haWwdfK8MY+3O{%Uu4`#7r#|DLOm;WBdpRYOvJj`Ye!^*p&OTj;W z;cahWgD&mUFU0pskDpAs0KbrTT)(inulUJ6@`kech4b(WM-o3t084kxSzC!u)~|>V z>w5xP`8ogVa_t0iC;?q0j0`H*9q{!fPZ!%8vEOzbA=b~kCawrS9euOAfw=aQQD`^z zIP1(i?+z?ap1a6O%e+sY%_YqPO`kub&v$2oix7BI-#e~B=E47^Xo^@q+%}3yubGGKfFPo8RZM(>GpmxhW=;3E%kW)|V7YzUI>AzNVz7Kcu<(u_mYvwxU&dd|JTo}37g#pB@tEG| z;P=~+v)SZ+K5(BvY*}{4Yj>P@OySSOkiGo=zVb)b9q#F0Ze+X@@h_e8kg59V`>Tnw z%||{;pK<0*wQ&+N&^epP6WKzZ$iw7`JWienw!uE+X!&XIi<_6|w{?2hIFspbB6_ge zv2o;wM(3l)j2)yLBb{l=G4*GqCtEAY<3NwKqfa|Fk;k!x9Fm90A$hza+zFo_Kt{bW znK&=}{(j@UzaoC__-<|t;Uw01-bt);w)+Cdn%u6``BW#y&pNOkCPq}vI?QJs7P1bD zSO?Z--;JzS8S5}Xe09gRUqKhja^5>fe-i6^;Pw;eHk;l(>c0&$YsHsu9%=&vn3ad*Qi#@SJL;bi#8c)(6j>?3s+9m-7}nd0xBwB-WzQ zw-y%v{(oK%d;0&o_4p(E@$XmmjrxGr<8Y;uZ?=`3k@p6lk<4%1zZ#vi1{t>qnZmiJ z_!49xwtH)W{m~BgM?2XcJ;?qjHqO3P89HeavdFdny*v|RLr2cQ7L(4oW1H;HIDS&) zHPT1ur8V$?(Mzc_6~%+GC#A!X!@;kn`Yhrs#4=)Z3Enq8IPYo?Q~Xp*ztx;~skX+N zT$>_tQd)?qkb}{@xj2<;5u?^p5qsClNwcVRGKW~mtc*G@zvMmh%vXcuSL~5?cXR%V zyr%$mso7sg7X(yOFnX~aLq{v$Hd@L3g~Qo{=gg7Lu6cP;*rtc9)?9m;Y|~B3i*okY z|LJo4wdh?;$b~Bti}2w} zYmit3{yD4FhCk816uqBdf477E-A?v*53;|D4SHaetM|e0`_=m|c=34`uI}za+4sAR zeUIIPec!yf5j!3o+bBE!lNZ`^$Wf11r*gqOGrX6ee^*PBr6xxorKl=R15>NgnoK{;l6!HP+T%hxb|M+169DD>l;M zW$}6~ZIxT5{L?_GMLit$JX`MHvo!qpk;#QEM{=#^QUmTfrddrdLh`TQs z&N=w9f88@{@s=Y~`TfBqdt!z4CJwa*c<<+b5pv=q-t)nByn$!y_+J|7iu#|g=h-H5JSFe` z;}pAu7}X%WEIhQ{EmG`AXo^$(DtU-OYf$L3fp9UB7<@G(BK81VXQ+*PD zzj6a@Rd+yrE*DJ1S5$8*4bE}EN$sg>%c5S=9Uh#AN-hoBd4h9X2Arl&l>;aJ7&tYi zvFVv#_17;Zhm84d3fS#B-}SiO*E#?f?NI5gw{pF@yHAxa+HG{vBBP6% zOQ1u=OSOmlZPsND>!`a^6)#l`u1d1?m&JAoxt{UrRG!zfAMHt>YnAr}jsi}8Zhe{_ z%0iz5`k>G5?!mx2Bn5Ac58gVf>v}(|tAKU2fpxd_ovWyW2CRt`to2!7oqvL`zE18; zZ@lE-KeuTk^U*prn!j3;+@>G%IiYoP^A&HKO1u}?)fc&6Mo;{-g_wqN5N~8HkwgCW z|4jSKGur=%_L6~Szx)Ja9vi4jc%pjct69%G1&w}riT&%h>vGcd%M<7qbc)%(*ufb} zcsv1*x0a$`Mx$TGpL#^;@Bfp>m3^*c59Z~pu2SB4*2vuE;O|NY3bjJuh4+SK;zk+rH#+RZyr zcr!L%`lEJFooXJ=Jl}p09y(_av{K1lcc$zu>RtB!{wOjH*>7ZTGfu1gPjmV~z#*(-SK zxSx)C@<~{aBYQ8)0&Bqu!dlx0te)(xL_SOQmYcth?EN^O{j&6&DaW`MI9>Kmf6kS? zGgwP_)ZhM8+W#S={l{o89y=M?TXEZo%ihi2et5{W=PyLwhBEB=9mv}kpoJ~aL?!k- zGBtq=Zry~u-GaP*7g!@W+_t zkISx-9PsqqAJ0$K@z;3)*_rLgx;Y6Qe+tNi18 zk&7lbQF?*jB-d+LD-(m5V0C?-{pOZ@>q@PYsj;*uLT$5DT>`Imht9j`Ip^b=X28!; zWTEVB$w9A8E}tKuU33Te($JUkw6CG9^mG~Z6SkjCu8wRk##sCAn+?ThQwL)rd-Tjn zbJTe;Y`>Y&#oQZ8KOQb(d_T3wsf})89lR455?n1Ca}@Ry=ckQtitl1-^OPU>&MV3* zpibaBPvGY{bkDvX&z@eUoWVd7wOodIHadI9~#{yfqzWT`$W8?nf8%G-2wxrA0tsNOM*6pK%dKKN@ z3EUFn&O*!3Q$dqzTAy;bd*%xZswPpNzp3bU@}zf zqt^QUHN00t-NzB+-D!^{KEvwjm=y>|+%tZn6V-oggpO4s(xa`8S><8*Lt01q2J%x^ zQFBUns;EYr?&NxC!RSd9q6u=^MK|}7C#CpL9(i{!?2Wzi>GRN8}+JwG5 z`#r?jl4|HMQ9}+XerPpxNbMVk4uSFZvko>?FgN2ny1JxRzTjszHY$qi56ZR3i_1}-B`S|$qW|l?bsq?i4JIDSSpGZk=J@Ww+v~z1SoF`^-GctsIh#q|ticm`h30Ip!IPUuEj$T7`R@41`?5AUcTV+nU)D=m#v8)=M2CTo;piFn zylBLmzi&*{g3!48zUlHK>$2aQuRHd3-0^Bc zd>;yZkds)PWv#SMHSYKyD19)Vx1W?rlOBD{@y+`~qYrG>fH5L zehkZi??a)F;@;`wZ{KkE_yeU6#ycK;{Mj8hb`tXAxbkvj@AG~3!mNFO0MCii$F2oTH}4ark8JjDJ@#INJZahDIoRUb z*K=YWoT=+{^I>*4Hu<(we6cv!{=3-+PrGOTB^=wc+-LvEUU#hVls!Jy*yAbx%lHS_ z|`XBaDdu!)96Bf7Uw~9t>dc&Hn@4@H`u&G}+2G}V*(knDCd_Tb)$)PYPuKpO@Mu5h(T;B-`)zO^ zb7?33|EJ9P`0kqR?S4_m{!iV9D*THcqxVY%M0Q9MCl8%+p@zsLfk=t1l4_a&G4Xd%XL{r1nM^e!*fyJLT#@`CY> zCoh)y=6s^^qTlugxnjq&zi0d4_|WwU@c3z@_Biw*+L)LD-^u8cyR*oL-SCsnq2$6( zdGM3&1lN7r${ldx`*}@YV;{@#mn+jgKd7gi9qfaz)uUHeb_INLw#`ScFA>}H$2%nB zNAf=xICS5!_E<}R*^7TT=hbtY{`Z|X8>-wp?B@cj?ubv6a<3eJ6|0%edvl24ZhQO9 zjGVf!)nVda8e5F<-jNA#=S)pH7TM^X^zcT9`>dY$zv+gqtHLU@bD(u{x8FT~W- zN!7bFd+o%QS)V6Iir$!u=dr&0+RjesgLM1e=IkHdk1~>?KRJ{}*b~U3(^XjCgn@bYA_%NO<0m$l8_GZQH7? zrE6=fqJ^8R6+hJ2x`$f*czZpHjeDO1h2)eHcQ-Kd{&SzV4hM)&C9G>ER$7y;Tmc@} zli!t~UbkqYPIWkCCotED*^?b+-+CH*i_}$BAJK7=N!F7A7YAm~NHIO)=sy_!UPBZe z7ej9ci&HZ6p4*N!6f+0KNfnnB-kkj^w_bgvlc(K5+`j|6q#GUI-JQQxxj`}LD$f44 zH=j0e)6V|I#njd8V4r0#du#DZ_{i-y%KnJ%;WRYn_Uq;3#^^ud$t?G`Mw5G5Y=2KV zkHm5nn=V(a{6|jpV$-Jny@~nPew_Ur{~g-C{BrCzFQ)qLEh*lVO#TYAZ1K#4+&a%#y#7k>igMXc9CtE*)w@oeiV zdj@!j{!P!o>!L{4rqkK$uqK#!NB_hfsZ-w~$A`LzuUK8t`LwGpck1QM=Nu{hAKl@c z%RL$@H0N_YSfj%OT`|rz>pV{K8E2f^Ucqi0ZO+{8w*LDHXRm}lygj>zOOH6bykmfK zF7|ZoyA8I-3eL9}pSeUAmv@~v#MuvL--kSc@%Cr`>8*ygx5%+zJvSE64j%OO4dA;g z8eQJgUVA$!tIEA#Q{ zudHM~apsClN}V<4`#jy}2@vR8cfbH@(bJJfnW^+CSN z`6=ZRNylSz<26{JV%X>*nD&;^V4{7#!4*YZ0Vx%uGQ4U_rs`qA?WR3|KmAoIxOR}WLJsK832p;%-cf{9t3loagt{X7%%f|L1Pe}eStNc zExLBj=_l8O_Eq%Z$xxk>YX{yA;5BoY&3e8N>1rOB4!b8iKS5rf*|TG<%sJn?E;6#y z-Jh(tkeg|928XdPIdk^vmKgl$nOnC+-&?3l^G47bsv08)u61gZEW5zG*P})W?K{iA zNIu1lZob^J5woADc^TYblbBrJEVzj;wYn;~lUaG#l9xr$d<(YARGujZn>|6E<#ld& z)ak#1zM`gor+$L^*E8Wybd@c?g#MeoJa6UIx&1e*e{2S0FD=^&%`82B{`NKJrt<5Q zzkSq~zde^c4uAf3B~dbCLH;Hv~+;c14pZ!zh(`L&dOCKR&bn`Sm=T5m3H$eKOygF%xdBhQC}yzV*5+Ie+7O=KPttkR$zHhsmWI53Oq* z*Eu9$ot8_x)S?Gkx@PzaL_>@f1d1vVZ>4nUDch8jW&8`!gkEauwzLi}kWa{pz zz_}UQp$&a~0r@#Qxhta`z1@b69>w>~(LuIs5wo{{?wRBa+)j;&lr3^sNxCiK;rBJ- zcje~X6Zz&YZt0`h`j7E$UC|V7mt^!I*|v;&-^l+SHIgLLmO*!U)IWM1Jyw$hW;S!HAiuc?Uug4Hq9-SxS!c=o zIn6u0oaVvU^JhR~)b`Ok`rl_xv)U@BnfJPRCps7#;*4^W%U2Cec{$B(JMl3ZvdFh_ zz00>B9YSu5bLB=uPx-bcbmH=D6@4b<8+~TVw{OwsiORQI1*a$9JUD&wt;&Vd<3II( z9z2LW?&uP~d>h(RzI|?7KjhmMSH4ZmF5iAX6!|tWL%wb4UB3MV8FjMq?N)M7ve~@e z{F8Exc_-x<^4-Xwy<>XFpwAVj%Q49Ye=V~BwNiu7npewg`N20$JvY@dYeNQz?=owd zy)HR~UfAN+CF{n1lkD0;U9xUuS2Rm4GrhBc9N354clf@rgzuYqM|Q7jnf)`izc;2= zm&~hWcDyl}e~(&b<{e=1kGYI-yfGW8W%e1yWd8LPZY{G4cmAqn=E0I#%goG0^L1;K zbu*VpmRe?JeC++rZoB7bXVLEj-#jyGnPuy{3S4K_GE=(}#`O2yr#{&A0qBEWk*=nK zbbTNhC%-{4M&%F7eo$;yF(c&>R{*=~M;g1~y)(G)!L^Z0?kVree>AjwX-M{QSa;~= z;46mk6Lawe+pl)+a`);-paV@_vU6{7F10^phXk57k^d1VCZv1*+B(=ff_6KAE8mUV zP2-;48gf)+({x~)c(#o4xK+RTPcCe29oRAMm>s|-d(MOPMQq`Mf4tZ(2t>kT7L1&f z@51SaO+KtS`vy#R0Fz<}%ZQ1^@v#!b6pYV+&sCjkJrE%`&G=ok@sC?(ajzbE!HT0P z-sktJWOoUs_zd)X8M(GMx^=*wb@rKJGvs5CbIutaql@M5@|*ml=q%oO4j)*44e-fc zz(09P^+4JPRTR^XKH-cJDt7wT zc&1;=TCIMo7$;g*9^OriEXEjuL+~V+M=N8j1SbC&jT$2XystyMOIJLK7$Bomy;k!6Z1F1ee-tE^d48 zPQhCIfAibC)Njn^$r$4lc;l={{bt_dEWg%JdeW2WT2Hl)E@l3&Gv5Sz#u?uez(Y*r zO65cE1;#I^|4ravy=7{$=viTaHHP=b7Dl?J=Q?reLOzcyBwzXz?kUT4_%8_D`{2pe zniRdqsGk)lr+YZ`9@~VkTtjS?KKH?w`#oBp0Bq|cUAv(7h4v-(!a(G<>uw(Vt(-#m z@)XWwz#n6`UuKUBM4ow=_|1S^#!#*nymJZgCK$u}{-5MyjOCf&H8AG(AI2l6A0Nhn zL#*8kpDGcIVPKrp9~hO7>xc0HV2rco&i--$AI3_>MUW?2`#Sg)dU;A~DS9~{dhzq6 ziQ9na-5GkrfF{0OcNWSeAu5%PbzbdoFcwa(}P z1CxB&&$)1EJcCd9vdlY%A6tsgAII-Cdwi1L$aeX>$=D|IabuhH@?&pu^T68D_NeN;J*u0);WA(o9KzQgVDe;@pSJhE3N38V znWsYLUtsPEPP_{4foValWgo6Av=4#v)IH4w=Dx`}$T7*5S@fSNx9-l6TLX|=0p!-~ zKu)KTTT75Bi;diJ=Um8|4rqGgH1G~Qt&3f`wZxhCeytTaP(3>2)^1O3ja%TztpSeQ zs+Zil5c>Hwa}VS?>tbjT_%8!aPi|@dNjOoy&^VrJeLVTqUs#{-2dv1iW>0VP?#-}f`yFd-x&O?5Wu3DhzLokz?+xyGAE@@I zz575DJ5Jv~4nfXYsd;zZ3Xd$=~t( z#lCDKPN92a+a{uCz`+J^vB}jV(j6nPVIt;S(M9%~LpZ~%cE~bp^z{3IlY3&iZ_H{^ zzK~~6Rw7e3A?GR!f~zkZ6k5&xlabNvgFh3}{T4gee`cRJCBFhjeu>AtvCSR1w0r3y zbT@XN!FyenePNfTgzp=C`1a?|J?O)|mcZFBcIs8VG+p>l-S-?r_N#ucWNl(KcwfVP z8QRxE-WeMi{Ids@wy)*c_p(oA_nI1=*drz;zY2UK*F+=IBUSwVzwnFk4MsB-_^mK@ zwrmLYpIke}t5=}DDtKo0KGwj%A?6Z*ev|eNH163J5$Lvc8sk8h#+T&XcqMs6=;+P8`@L!O-J9RrcB|;z^?Mgv zefzyWm^>TkBQ9)hi?JbGp6UQLKdkt@yHCXLZ2_j(YUa2GJhQf~tnHS7^+55Z)>CcF z-NbW|O|l)o?E2@%cEm^b+l_N&tAX2AAKY&Y2A9C6emofC;MUlV^_R$Yybas&TS?o| zCnvaT(AbP|=6V5irN7eg4*>57z83+LXTu&3j$OULk%vCt$$8)&Hf%3&n0SE;$F0Dz z1$tK8Vhed2f@ce#_kzcqK>q4haN&omLa_`VZbS#0flKSBcRc(gXcJpxv7ele4U0d+ z+B_lo2;OAF&PARIr|fMd?L*e+nLK1;Y!SI$#?E$l(BO<`l8xpb6<`-{CU{l>{1*WK z3&6Y+UMOI^y~zCaoKcPo)^W(~*}y`3?P)pwRzcDR|0b}v&u0GU1cyJd>3~u5P5^%u zu>@!DDZi;s@R#}Er``L7|8(FN&hthRcLHas!6h0@hc_S{pFBH2o>8ewpQ49W{69Y(7~E#?iD+Sjk4BTc z&Db7Y{9oeU1-z>2%>UmfCs#nBf)}JU2>}6bXi+iZl#>KRr5!s$$98BZflz@`$7${S zZAaS#5=0BuZ0$_iIvoQMm8do2rAp~<2v9{!|5J(`d$Ci`B{v9i)3Kh4=KuMwz1KPW zoSXo*{XPFY&v~*hYp?aLcfI%ZuC+9l{o?I=&QnY)Id%DzcP!u7n3jAj>mU3SIOMCW zVT{`u-%Y?0MQ>VO*SniP%(x&st$fvf1cm%0FC|;Iu%CA0=(HTj=|AS6^LT*H51i`B z(+n8^evJ&sog1|4WrKZadD`X;+F3ZF}yK|?2sR;@8ih4o+)YkD{s+@5f>Rh{tCuHHcSuw z?uTwnY`YdY$T$7-iMxaf*3E-n;*yKl(?(uXR`Txi$buIc6P+0#o|TT%z9W*^Ce{cI znznfM+kcdA;LBd>k^Q}l{`3QXA246*6tCM?A-Pv#&XbjH=`T&g?aAwsj#0pCbWEv7 z=f)2OHtmNZzo3j*jnOm6pz)&f3dWZ9jO?SFWM7cZ*8sE5fR^l&UNL%!`yT+WEvNm) z67|%x4BrZ#lKP=PA>8e*$e?(duN9gbi95FaQNTL=MaDDd}5tLE8DY= z+`GOD&QrW3$$8W76rd9efwPD1?zBR210T0KhfH#Izw{q=#A@JGj6`vYK5$z? zU5e3i7=zK}*P>Tm2e;LV%LZWdXrT~VDCu}M3(mfIk)&;ZA8-cY9s!SD7dzFxj@ajU z#CS@4m>0gEnvOXGPl*${l&x(L|Byf+0w*!7#{<7RM<86N*4CAkbz5V2_y;A!d zW$q`JxF0@fMQ*I6{&h~WubqBAhzyv=^V@0bHrl*b{OQS(;*v;m`6!P@ilOU$;zM|E z1av(TzN`(E7`m1%mB#HzXs_7Nn&@Tepp$8eivBA0essJT>FkQ4lmFj)t#%}e&F2~7@H{lkdHJ9K3*R>#a#~{e{scB z!^b0#J;lhLe(?G-^2f$4*<eu}6N||+etl##b7Qoj_);}- z;MK*><$`VEa%>#hHU9B3@H_*0yD7%g}4cX7l~h^!Is} za_#%aJ+vkNiF5bXY5ZiPJ`DZJC*CMKns%bJ7tg?7VaHd6Gun`RF#a)Z8QY$6z0kl< zj6U(_ACXzjl40Od_zNTR65uo(&?&?kwmbx$`Wg3PaHafqgu*!e7cHCxuI{&eS(xsN z&L7o$$x`J;1OJd*ICObzirP!laWEI|YV~6ZZ2*t@Vshc6*ZqEE=fd6aC-eikp6W;M zKOAl)#_o;Dq;x;bzF@?K%$O>c!B}fdZ9J@v^JN_868G)=L#_B!W=>0fsMZqLu_TY! z>R~)IW;*jaKNQSS&+j+_EqqW~60R&QtzitTykPFp72Sk^ z)y9HWL-#?sEq?tmFv{PSoVLE0kpGcut`gQ0N=5meAQGANGM_7Ca9Nykw-wnWG+sK9~)6ST5MX?XlRP2o9zMWxx z#46x8o@^zzz{`sd=bLpNA@DE!<+9&xT)wY@@yC`w=kvMsa*u3_QgmMhxeIpx!I~m( zzt``epKD4o*54#%g_7OmA;)I04reBLd-FocKII-yCnpbi+kJ@k2At&7i1;C|!wJoP zwXMM4pO3kf;bKJHE1^f^o7K_P!Yy>(!#5VE@nw-DF`_*$Lg(2rqK(M=cpvf(d9O7e zcOu7b0>2v=Ym47~H-m!#=;jb~4ZV!lewFi(OS_11;%A5X<@0-$eEJx3KojTC2j+n! z>l;r+{_ELi)6Yzf#ctr{d39aj`Rml#&U4zZ?Omj{pzqjD))BE@$Z5R9ts);!>vR0M z>^+Xd{$D&}E_+Y8bGn(!-cElq=Ca=;c1oX&%%RT-?w_V#vPr6^(l>ZFy3^B7TJMrQ zmwipxo6EL&ambcE)m{1CoOS}dFsB{g&42Rb^nIKhIn`-l)*Sc1mLrDlG*@P1K63<; z_f^Q4ZN9!rFrMAsca*AF>Z0j zHvvs_LlZrWSMNO5bj+_xewmyF<8L!R+ZC>Tb)M=&rcUu=i}Sedrr)C58o%$-)jNbRFa8(Quo&f@o_&+ork7ReRAM%)PaOf0dFxeZ{C^I!e=%@_T+5%i`ygyS{9pEK`(_O(y5h1153 zMhWM9+e6#Ez+&;PHi#Q_4ih&@t&Np$x+);ko&hFH+d+EW_bXzO+mVU1m7+P?G;>C> zAx0A`Bi63mIoXx{zryDxPvJ;?G5H9^fqaA#GoN=Y{hSoSwu7FogWl&eX395^Zj4(BqZ1if}WIQ%&_JT^tjzoPtr#wb(*t$B0SzY`q?X^rxKF0HKu zN1`>wOJ6+Q)9r=uMlUw0;?ySAltEvGDf(&??BLMSdha6o5uh`T+b(#wkJu^kkIH4s z%dR*V*)<9NkQ`AQf3wfK6^xr~xp~0T4<1E7@{@!&#f?@6c+{hJtsV4u^&7yUwpFKX zzZ>{H8ZTTYK2OlQoPDHe=hze`1nilD&r$wRUZueH+t}k7J8qi-!roLwIqel zkEG1E9+5Je%owL=C zC+WxZKtF&rS3joE4--Fwj*Q%)A19JK#!iN|BzLv~vt8p5KeH)Se;?^U3h?hlld= zBk-_n56i=UOWRX?o51EtlhbVW@|{Sm!;jY(eVfV4MIGyMz@a#fX1+VK**)jy(9y>5TCNa+yleHx!imO z3web8rSby;dNqd3n+ZNuzK^~cdy2j!DANZWMu~sKUV%2r`I{>mq<<;dNVz{(HvaMp z!{`X!e7*5rew@W(fQF8-Q*{H1gY{WiLVJ_L26bW7iCWXrZ}nVi-w&#E8W=*Mhev^pAi z<%eYJmL2K~@+#GrzW^=#%`km2x`qB&-O{@i+MJc$kF;)SQa`rRk6D3!0Bf#(w9pUZ zPr)}vx6qGVx+RVtQM_L?71S-0fH^*o*qw5fcEPjoqT*fAL%=sc`CGspbt?yH4LsOv zWK6zmXu{Yc1s&VQQHT7fL%=xT`%ytTgP(Oy9yu(p4?dG2E2tNFX6&-7eZR`a2Q1%j z7>4h!1V_fFqK=deP2ZWvZpoPk4Xnz8Wo2? z2K|VitUp!i+iG4OP>IQTw|1}MNMn82dL@U!gM1$oSA?fB=CYB|WuimzJ^lDg`BqN? z^U3&D+DE4Mx#8(BRtOzF2OZ7~&>^tq@~sX+N5lA5ohRd4tp;YrX@vU|&dI||J&XxB z@AP5|UQYM3z-xRf=s4zH_*o?#}^JF5l{8;%(J+CyuvG zem9*D>&=}{NS(DA#r}+8M^_iYo1?*hg_E2!k{FNX8Sn`dlVYCX{&LpI&%Vkz@+kWq zlyTmq!`=lG$a}2|m%iFl;jJSe-+=g>r(>&G+f-QW?0$Gm;qES;?~qRfk4<6kg}%0_ zW)63dvlMjJ#S(G}L&Qr?VO*lv>(bHjGrjLO@qHWLi(kc~`XM^dn`MwmH>-A!Y{yX$za_e-d6E%vR-FXf*3N|X1hxY82VT$0;s=1CtaF4$c^ zCO_l5ukoE?Kqf9!%J@&-mE;IUwpYL1a!IKj=qmP4|u4yUUu!dvdRPa?C^UfZ$ z*IHXNI|S}nJ8AJ%&9(4t@%3;3Uz#6czL}UA->?p|7GE?vK$EVZX6`KyVejJ|Cyic&~ zbjrT1^YH>@|DLi{lvTYuk?Hky6WCwr8&6H5>_Ar81(dzquQynBJY}OLjo)y0MpfYMkT__-H$Pv=iFX8Y9`!OYl*8&qs!GUajMt=iXF6e)#!bemM4iXE5H% zyp(4%pxb0uow*#nz_pzdtD(-F=uvXScV7Z8GgoY6ekw@jSdC#mac@P#gv zeW|mR3{S6`W^(%)$idvsnqiGyo^UvZb$IwBA@FK&iES!e$HBQb=2yC>flr-jWOY#V zk%&3-<^^bZ)5T^Fye+KPecsMdF>leSd5dQJyQSDAA@C_XEl)9i?2;cX%hE+*?>wFE z`x#^Dao|=z`gYQnd!ZBhRk2jMBG1fc*VT}p{TTDtWjuS*n;&r411kJvfVt6fFTGlJ9DrumV|o7nF!?=0cct0%7bDSY71!M5m}Vv`RAjqBW~($kPz ze4m;Rhc>e3!(-_7XoJV6mS%$U;j6)y=Jl1ck&3Z2pbMd~-gSzva26`?2$!-|zXeZf z?!23JjUT{wz8{d{#U|)V^V;$Qt^${d!>$vY}q>Jdp9g9`oWjkci{Zx$jRGpzVC*u*L(Nd(SJRxMcvdm z$u;|T@;)!*j0=9Voj67XwrPE1C1p5&7@LU+sBsT`;(Ir|_U$K3y|R_OdM2BC%FprS z%VhAs$?^8n5`4nH>1scw0zFBmC?`vKMb*$jjQRHR507#WK|dda z_JU*6Jj~b-Z!>+9jb!_|y_`K})UUwV>qGi=!HN6z*m3%`#P;i@>F$<4qhEhLOuuA{ zi*D4f7yRq(BH6=n{Sx)!sCXH7h|J%v_9ID#ot4CbzcJF5STvHcaf6d8V@uZz`h@n0BTx7U&{Md09{ugS^{4Ts%JJ_O&K zpwH3U(ChSDarmH~P@j`|^!fZipKtT}Ed8KcA?*n+Aw~^ zFE3{g;l{lmL56p8E~EGWTtR2k-H&f%E+nhmSjzo2t6a5TPU9D>vzW3!&ni1JyR0+D z_zmwd&Oga2djVz5dC$I{F?IXpk5K;ktny`)mz=gfLNLEpHm}y&+MJ$gpB>)zwK+YJ zK(4;SpX_0sKez89Rgz&(54edF1?>sjL|3vUMu`lLiCvP|N9KXPS+1-5X&TlRy&q4gEJ^i${ za~u0^UVyIDdGY1IwA$ahv=*4k*_(eg`=r#ecWD{A=zs7pwy`&9Ien$vmaUK8bHjvh z{ouaqKMntI+bZGP?c_20Td z_jQ~*y^ZowXd#9Tskl%#G_j36@*ZdX@wT!Q+(Y*Nnubk^(d*9)kZBv~ib?j}m?E>(|Ih__CarBhk+iRW0 z2R@*MFMDq<^=*~#;qTM+AY*0l!#-WP@bfj=W}Npfx(J-U0dJglz{Baj!G$$`9n`sU zRX^}khwxR-brAmL0eofe`}INL`4n~8I$pc;#S}cNx-;Pkac|+-kjR8*4s}@k8G7>f z2Ak#M??8~Arrx{vfgdnd|Mkkrl&8IVm=7f}CecR`02B2NO}Eq)!C z{Jp|z#b3YAgzKCDp0f816P`}g?x}pAy^ol_+wfXuyXD*m$4BzgLDsY(o0f1cZEZj{ zA;<2EAe-`xY|0y`r|**-XZI?~<5%vkKGyur2tJdwyVk z$JeJG(6+Ws!BBUbtGC3F5LcG~-+)92ruSBRdHOhJxslq|q@Y)6)p?@Wvxe^C1u za~~Q!bTmXfNbTrn-z(N?cm{u<1{v}r%D>CJ@9jHF+&X*^RL^_EeuJ%D&o@ulZz@Kn zzUgA^uR~nKK`wUTzY4$QtY0s0JKHS-4$aq0T_e(3q2wcua}G7lJ1`tNRd zIe7j)aTP*^I!L{nCe9uL>a8#@oaD7LwD@!;S{;;^Imow9iVzh)qj zSNRxltXy@WJ5W!qn_ywy>PSVNdpMEj4v?#n#_>p#XE#t$U3p+WeY+k#+EiWHy|%it zXI*t=@4eNPeK#^UzK9$;#%e#dN|YSCSa?*&f}anzrf`ivkb!IT@$vfk+2i!HB)gwQ z^m8OO2Q>Q4&!pwbq5zE=`fT#ncTHpNPO|4QY+A)Fn>e%n zIdTZMg2#q@_CO)7-9TJh`=LN9i3i}V2f;}N-%a5jpP;*)AGlB84<4xrleZ`u3dWhk z2B#tHmqv4T!)!NBxv|JP#cs9UF3h_G_LCWto%wF}&Vs<0jYXNvDRe|v(y zkslu#_$G2YdZv?H^3}R`&_T%jM+y5W0oB&H~vDn zit^AGH1w^2ygU*v@Xq5PPVrW_C}Taqe)iyv_Cee1$-93(^fAEr9-_TB8K*xmzV9-= zgN$#uxU!#|@_po!4-S^VBP00v{BjHB2N=sk;PraGTfldJz^{Fi-;G=^5>1>6EsW+j zhTn%a58lr=w^H^t>c5>b4U8dUcep;!P1FbZDoq1%-dj4jufV4PXvfgNY~stv^X?hc zLtNr;O_AGEQyid$f)p*t59tL*U7`hKqKSPOJ}V{$5*qlaXabz4XaZUlP3-%(!Pbaq zBI}zdbp>go4u8VX#wpIiI%q>V8KFr|lC=P4U%PU2;VN`tY%FJNO!empBG5kfor|sh zD>8ZO1}Dgw7<7}CHQpXQ?9YSzALW*kFBqMdu74u+Ph|fJqZ5X~gVr<2R*3UHGG4y+ z8SXE1-pD-W0sJ)!J-}T6+>@zq4e<5=UqKeU&A=N6AM()>;861i_2|o<*{toOjfl=N zaflaj|9{>;)H;cBsrqT(ta+nN)gd|8Jqx;+=_DT>mA7sR?J8%l?W+^tk&mjmMER-9 zXfx3Vzj<<@({Yds(8l+X3yQagiH|2{@}Hc$cKV|Hg?j2j=Uo=7VJuSfVYJWvf-Ibm z{eZl=9~vBh?!=>)emX5zPsF49>GJ?MJ2PAUvZi)+-k5=D%&)%{F3jN9=q`A4H$3`t z+It0j{R-ZB4IX-3JX%!Q4=?Y7hlBHqgM;ix1z#q1!yiA77G>7>`3gVqt$5R5 z13cXTPdA_g8&26gcq`v5pp6@;e-UMB#iQ^R^Lz>TG)<2|9?chznlahT8apGWk@<#4 z;VHwTQ^cdl`h!J z`6zV+d9#gp=j?oZXWyoiT$X(P2)Cis?DFy`EM84MD&r7C2Fj*2^iJJ5>78~m=$-pka$Afp3Ktp~6TDsuFRbME z1%9&kj~mCz(og?%{3vW7VUjdEo)hOj~I2 z5a(TY(IFGd9l`iXk8AA9ecK?)`$vn3AELYC=zPt4#Gr@m?+-rf>EiVKw0L)}5C3b~ z{Mh8pKi@q@_E144KR)MxU%?p$&Vmd$<2X>Z$lWF%MtCktnFhg#9MF8KV2r|> zi3aBTfm5`poS3rl$WdhU;bX{X_%ZREC;v{=?!VD);zsJGeuuh*C(S{Kuhn*)+Fro> z*&dI{SJnJ%5A7GQcXJQ0Y96&0`LPMSYOY!^6;qG&N6NQt^5(P4;Su?@qUqVplXMVs zi_LSAd&p^;kk?pQloxW3>%KIqXx$^o`aWbmYsa<}o4xJw-2RoY1?>_I>Z~Io9F)4qx*m2nX#X1Jo|Yc^FeRbWZKWsdwqIohu6V> zkgnrAv-EONkX{xA=!G(G@@@#dFvdZ8ag4qEF?Xrxg|SZD>(k2#+8rZ$5j_Oy1so+9 z!zkbWQf*t@fcq4^(7vG;U^VmteveBpHJ*K(i(Ym?E24*f?CC!2YSBeCHdQ|~*vFW~ zpx+>k*uHL}ud**>YZw|~?D`nH{s66%9Ju3^Wy`0%vuq5x*U(FFZ-IX7hTk!Ueax%N z-b?RqQrvMJc|PL91p5rU5*Yg{{IOrnGwa_gKC{B){-n>xjS6mXXmaT3hq002%6^u zKhyGklyQ~qI`ezzN&mUZM;SZO( zOM3dT*ABL-9<^iJHS%?*WAuw;f#&?;l55Bh*?4AOfG~XrC)(#neAM$P_=x@pM$w;a zI5Rg&o4sNDXYkWczaQ~&?eLeH4>7u9d^-P9G$Q_{e#7hFyazt$ZKq9anSOA7q{+dL z54rI~P#)zOd6bd~lzHGye@@Dm!S}vv&$d4PInuoer&4o0^5N9KC)B?p`ZtpPji!HN z>ED^q>IC|ih)|aPF{YYNP~Y@t`*%0=|NiLGRR1o*=C^jV{0Z!t%R;jh_nGXL`Ej*8 z?yI?%octbnR%T3UyfG0xcLPtZ^Fd8~kv+SE@wEzMe;&U{=z;=%qRkE1F%`thvx>n{!O!Dn&g zV*-Bau4mkrG43@rm3_A`?zcvWVL*@Je0N_s7{lDS`eE zp+Cl;FAzWY5%~E~UL^SzI!b4p$NrE$U3oI1zpSVxh-x()V6p@=RY= z1JQ_IX~%_kVrRkAwPhI>0Nd12E~l zd*McZRvt~uk`EJ+4Pk!LMcbi+iSV~_EOlR{d)B9f`I-0h#m49Jx*WHHpY*MC`pcTqAShb%dVcaD8W98dARI{q)A%`@;JqXO`yTtYMWr2J#Ki-a>t75&O zeXjWTgZPH`U^h%-9$5Jz6R}n5mM?i{$(Yc(YWlCeWUl%Y=Q{Ci4R(&|Lq`u>i$A)Q zvOTo%(DJ44bfaS*9ur=tbpgH7yU>PgdJ9{OwyMV-YR%)ld>74~;Jc>sisgSe{u#5M z{3HJB3@@+vVSn!f^0~aYOe&7z24o?q+FYw*0E=gMPV`rhC(+UxRR(FC%LJcZ;Yem&4x6VGg2G1}gG z8a@LwAo>t(h(^SRbIG;n!Io*juUidVapa-Jo!0!kkfbfj^F7?y z^`NgR=y4}wli>RAp`R|UJ-I@D8FXUxrF6q}{+NCzFqRrKE8q4Rdn-M^Dt^@bsz-Nu z9e=kFKFsE;36bO%IWsvAd@1fF+>?#83x80##i%zdEiqqhdl7P5x%U(cdmxFR|}uuJ0otyeF-=<^yT*>cs*R4 zNVq<9Lni+O?cSG$!T-xM z=hHHLkfLSqXX#J0e41#Pa*9EwXc>A`97(i%4LU8sH!=9(q-Yu5`_k#qGWAJ*8(OBW zAT7g>Ce9v(-XqYmWI=-K#}@f`Z}RBJ<8hysjNUBh_y%KBdK`OD<8aS$#$lsB4wn9} zJpuiHFBiV)&okhASh@g)FJ{5eon!ou)cEp}`N#K1k4@1)^cL`aD|qp9`L`2iE_Y6I z4edrN*bjg9t2OA~dh!NK(Tm&ZgT`kuGFpC%Y=C?tqdh$$9es?oKazEa+mWyMfx&o; z{OdT+t!#XmdG=!Jke@4AZTeZ`%Ua6a!`@8ds~zllDqmUa-@2iZ2yHX}fKTt3J(lK! zJJDne`V&3Lp0Tti9pCx~Xcif1Vm#1_Y#9r~!Vl2~--vgEd|LzUnE4H4pZHdB49P*s zs0q-|uesM+G3k{IxQl3KB)r7f6a>cR-?Qn#*!Dy1;f%3p9Gf{7XOKhh6q&K8LSK}D zgUR4zB63lFqhx%yg=eQ{gIe5bY@|OlUIt$Oy_GY9_cwo&mMgCY;62jh#cN+CH!oMb zHnug3hK>XG27FA>j^I8QxE1G6POIQ5;1}clQs`?fWkg>^JQHnb?#uSY!0*RLr(zRL zD-P}6JgQ{(v;ust{A=0YsJLS`>jcgxwjG7OO`HOn?7kk_@$E_NlOUXYQuGQR!(?audT_up=Sc5j4c z&^b0f8l>I+x1rsYyuSrlZiIH>2iu2D=tg}rEbXrJXjinVHSwa|FOo~692(JXBY5sv zpfY~^nKS01v=hYdraJjIc^w-W57|2B%08b5PL~1iBK&sjLXFXA@Gz0FD8)bd;`@UO zujjrWo-JY@L;2{vvm;5vFX(_E4&}2CGFIpDO&nWY`v4@cVIs@x->Df>v~DqNE&xZ; ztHwsB9@*&Atc_0H#zwCX*y!l7A+`kl`iyJ|>dR@P*QWK=GUP>1?aA5bXMxXQZFF?h z8stjQwo2LP^`4C`o7~vw+!s*S)7*=$zOOOz?em?=e}Z1MUZ{)f!NF5EN4fq4XN;!o z^V`tfxAQAzUgKxvke6Vew=;)=JWww0!>1f=T}*lDUQ1su|7)gwE*bFaPo`x+2pFvX zDj_HI{n2Ur!Nej)>WmY{3w(EBM<|Z<6Rj0PF6)`GD~w-3?DubS+Y@h%{?qJ<_u-4< z*%STP#?n=?DNfd&_#8gmpJGq6l1Jk4Or{NSGh_AAzT?N0g!9`2IM0qFwJ`=J)`C7% z+-TKX>A2Abe|)Sz^m3Lzq%qnv%6Ybnz2zOo#`;HZzWb;7M`g;7!xoT#^jjylf7C`C z^e{_)hYXf7iaSr+8e1B?8y;xxA&GeZ53-9DN*}oM3nRr#&U(wjM zgyBEz9%4Apn0x?e-P-Sk0e(y2dIIyI$UsA@VUJeJ0x-&MF?mzK`s(#*IUt(+y@k2L zqr)oZA>XQS+;MqMGM9g~IS0HK6T1|=jpQC?!~5G$rsYEr-UFjf?Ef9=&%tB#VN+Hg z6q_`>}{oJUMj{na|t3(bO z{N`xu=wGM#vCpSf$p}j?FPrw#^x8(>Y@T?O_(R*-${U~ThJc~GtHR7_6{?@Y7x(SF zujhR?IU7Mb))>A*+r569?~gtwXtJQorU@UG|+vPk_|c(ZJdbVvm$VO&UM`td9*I;cHeAjBawqSn;L6aqcr&G+a>$m~ zK9QC!igToZ|Rg?#L)_>R&%;Nd45a$BA6*ZeUH4ryG1f$JA3cq#o+;bmok5%i-;;@}173 z(_Qg=@Hy@7ao#y27yO-0bJ*1$8^Q7ho~y1J0uS{Zb{;R!1%Icr{33U8Rz0Ttfpc<| zKkU@a9*Q@{Ot3tC=8@Ko@RVeY_B>fbyPHN`$et&Wrz9UXfS2-roan|Jt4n=+jdZq1 z77czJej6Ft^0k0GT48**^!no%wp{HP=g4AseljxewI{xH1M5Gv$ADQ2tailLLA*Ge zogUotNM$}7I^0?f%!%;rPhAo|(prVjP&&t9d55!ba4@|2ssR&2=qzV%4#iKS_*hYm z>mAe0xGE>q#t{Dd{Ug3@;Ppqbr-Dne$1u&*A~Kb@@B^+}Ol1Xl6C^Qr$8V zynf>;%I$H$%~KDY&ytRNGyw^B{v&w8#T`zsutW(}#$}|iq6IVTq zZw;_~M`f^Cvg@HtXLVT{PlT)iG%K$gxEJVnFc=dF=uz30a$)1JGY&g!rHm8*A` zsUF(QhS}h`%)|2qDnpyuW#Sss<}q#seXmd%@U1ee&%loN)@SU*PKrWD*h($s@M2lo zu5791Uh6~q$3L23G9GX)lIM%h`YEB%}Y_ z{~c}q1fQ|l$#)eqeW;ANWct38zPC;CeCUm3$`5fmu2;Y0f3{6PrxbW`k|tj#-piQY z4~|+L{PlA>t`MEv3#|7?cos?C;nShD@$!H>gx#q;0Qp;@&m&DBDkMi-o=jbvGN-QqhbX49g_v;jow_=V%o{IRzmu)&R;wEUE-+HPs6R1 z_}npY${1^YF}PNu4L>r5436GNUl=3fgPQ9|ayEW#BlfW2$tEvP=MnY_j`1FvChmiM zU&h=4d03P9Up|TWr-^ff%^8$tE&&{O5f2I0k)hMT^Y5>tuSMY5*JnQn@cWVQ8D4(P zT&b$z(FYhi_N^%=-fQUcY-qU+Ul(4CQ3rb^ zqC3OxTH;XUT$ghlf57B{rFggknyiN=Bk-f<>gK?IqDe20gnTD*MI;xDy#m~8fV&VL zc`_U3N`@8`b}jHObiMn&c|vtms*` z1peN*1TZXR-oE=bhj-9w#R#{jexzS-fvMNhX`FWli8qK=&3YO3VJ>HEV)NC`2={5| zSULXj`5v8WO?ra8n1kyd%KSBrlMWNB7q8x?7>d_!BGs<9o=EN4w)fDkSqsz3oILH1 z1V8cX`F@?(_P5pc^|ZY%l1wa$z}I%IN~mK$FpSWe8Q?W*AZ}$Y4Y+&eK^N48d>;p| zJY#dcF5+Ie+CZF^SP62i%za!rY3NAN46%}y@@LMov;@6;%+=UyJP)G3jI4ANQ}EV@ zczW?HFXx^zFL3UBjQ<~$57lqM8?5gD@~x>{`+$z<(6}a$fnQKg@6JMUdc%Qy=Mg4< zen0I-#%IBh%ZdAI?M(DRC%JzaXS}t;Q-0lv?gQTa!0VmqQow#gg~+fX&SNO<=;u79ec-0$ z$YAUKMVv#&xiAAWiGzej3|#Q`;KDnRSLMVS&DtpNH=8)Zb?jFYLw;whjS80pWXuWI zMzv^7Sl=Ok-OG)lHDJC~FhVE55m+15(idDCMLYfB5rMV>Yok_TCoFKt4Rf?M%CuqD zM)A!{*lv>Tn%_>WWK0*N+hlE&X+yE_gKJq|4ZXw}*EoHQu60-s480_ZvU0#j8G4Bg zLL*`JpfBRQi;EpIRj%KXJCvl{77twF;%_SGOh<0w?^np-^Wkz z{mX|2TdPlXW{SR$+w|)qch8YbyJezXHw~P9iQxKiZ!DDm6K#U_z^~3yv-nvJUZPFV z3h?OcvVG84@hOZ&q^i=C#lErmEXo^+LN7X7PxKsvmh%eO0|WZ5Lq3e+Tj^N#+v$ik zILSAtvyDC;Jc&N;2QLFgzn$j2}0XxzT+0dTdL4 zxukG;&xe?IWnKS4e7%FU%wGbl_U(z+!1K324+d|SxU0citj3E=E9NJ7l~=(3BzeLu zcK_kE=rXNu;Ea{@JO%e}le=T|7CMZ4;$$&8tT=X|*{`?nnn-ek;>16j>@F#^af`@P zJ?P{pycUID4?u(K;juTM@ok||1M3eAE?lNFij~vh$Ma+4b4_IZeXSqQ-+>*okuj;x zcgUw^&#_a|@%)Vif#(HYJipeD=Wh%J-i5q)eytzR-&hiOR|1_w`&&bem69#xiWj0! zqu{;_nC-f;Tysysec{@#$+UHXb5LfVhYEace_uH3?|6Gnr`JCfT#AifK#l|Uz+~p! z1_#-bgT1B;uE1X4-PO>U$q%36m>l4Oi+N7j)br^)pTQn4%Af8&!>wW*;>>#`uqzaU z_{Jao*vd}NE>`SgNZqB>Q2`C9j^}5&F2BLY;q$(o==gue{tkQRV{V=#dolBT%;=O5Hm+ya))901rR+N7b!-Y}N1`9% z%N(lx4WJFBFwtvd~3hpn-PZtKXKmwA7UutpK0*Mzp`#bdqKwFDfAk$r`Y|E z!|>2;*wpaMDu2%fbhYsVyKA$281ARRGY>ImVtg3jkq=W&`NcVWm~$xW>2L4+!`Pdi zjS!m+jRM;e_T7oiq(8HL8)_zaJCwDC)L-xR${WbGTY10Cx1snxk?Ol|L-7omV*1}e zzm*56yeakH*ie!m=oPh%^-E|N{s04|LU1%2v% zyyOnJsKK9&z;E^ZV#tI#_)X6v;HW9E2ZU_vD&OC$E)zY6I$j~qA&9F3w;)^4U9w4x zy>mUV-{RXltk246@2D+g^Z+^_j_y0K4&8V!y77K=Kr4D-=N#6Gp%>bL&$o9bAH?24 z&uU*3-`;^PJbUMlz0e)>BAa^u0_=_k|C;{;w6*vnw1XZrIB%TkzDhh`1afo(XSLRr z5Qk+xJ^^hd_&&k+3BDU_7|*^AXY-rD@57r12Ur8i9t>J@#{QiFTfp1T!5dHF@!(T! zz3{&WTPHY;l@^~%p}k2~UsBKhn&4gzo*gKCY4jiOJ-RP+pDQ`kYU>~dG|pb{hZc<8 zG~KhCeny_j-9fvFagg2AA-idQmfeK^kzPA?e7ni<>H53S^(6F#_Gi()QoZ%yNp=%( zSi5O$_L_3q>8~gZv=y+Muyd3{7DsN{HjLfGH~&nZ)sBfN-w18YOSfs;klkeE*Ti|A z4)~>XTHw#fuNp6Y@N$J>TLsoXp02HEnA<`t#iHFu!ACw#_aGk8&a0{_$GtjFn7UQow# z|DN&<&{fwHTZ?I3j&p(8BW5vir`3F~{Eaz$uNX|7@9*A(zpH&-q+>J|2dG2#b`W-K zg%;TgPKZ9B%Z#nyRJuFRQQh>#*a`H<(EV)iAbi(=3&wQ=Ye+56C@-uSz6rxOt4df` zR_Y`*Prr)Tq2~P_#BS&!wvkWVP`HpjR}4hD+{lX>FWzx7?YvDp%Flq_S#RS!qjt*C zFIwL$ddt5wjnigu(hN?zXY%|CC#n4p^Sb1FffJrRVsH}bIE&{E%(>J7qv{~xc$|er zdp;!Sv*hdItUixq9$V!Fk75kjeY5ZK@sVUVC|;&@KZ)}_nfq6QM|<``ONyIBpbr~2 zk=#|x#M03_tjSdURnU=qc+K~Oz=73wibbfex#;I+pMJJ=2k2)y{egb$_g4Rjel*X$ z1o|;}f_6UVDLOa`KXLikSm#{v}(oR>__{wjyIU>E-K-!;R z(6=dfVNBFX63mi5_WUYA2K8H7yBQogQl*$)Ry#pW05gGJt%C+dS)H^>% z|>u*!es3=qc_-%@KVZnZx{Z z9_!%L$5q4uJU#Sb_iv!hsDYcg8pg+#mk$%8zH;h=zBC_b>ib{nkp8o@m$KC+2!CFD zR(f3X6#q#Mg=Cncx$?Ra{{KH?_SJ!ujV{=#bYnzy3xdp$GQ){!Mr!aQy#g(!~-o2O8#w!hGMi6 zf`&B@8$xDCuIH5zJLdTW>dA|6&AYR>UbH1Mr`FmW1wJ0MhSCs2fF88QIG7JI$e0f{ zIF(gJk>o6RA~KTs9qIIzGnC6%S#dbu&11e?@!xJ@AB#A9Wa+VY?`jC=t&|)xb4&ia z+mF?n=aNTDk4?Difx*FNRi>OedXQC`C&PXKr=gB(zJz=^Gr~Q(sUf@>UTvw4T;;~W zukrzycXLILnolBjQpq~KZwt;pLSI$kpzikg>Cv@5E^5;J)jntFezPmG_)GJN7h@Mh z=zkwD1!+q>b{};d0gu7C!wrGC!=nLuJ3R zjok%~vAZe@z^`IS%H!Ayes41PEm+y-*xgI;XOTJw8f_b*u)ijgA@j z`<6QK=bPEjN_rVOxNj-rtb2_yYrUUscAQJqj`FU42oB@OT-k&XWNsBYz{BYX6VEpC zIC3HDoUx%FF@A3{_MnrjI~`eyFa7%i$ntIU2OkSQk$td7xw2M9>%5x``;_}nkq7lV z?A+*9eDbs8yB4}Xqn_+y6xnr|iFd%%4GI)BsI&Yn$9zFWY2=VW;D z1$eS&8}b1i+_RPc%&QunY~y>LU(WY=U0m~S2G`>GHIff)`R-ceMG^A|Q>bSd^)wKU(Pj0?8P<*a?Wub*)&3H3cc zEmX8lFr}WoS9_P9mAvPTPxLYTi07PS@6%55WyY%KNqCU)juE@Oj`8YwQgW`K;}*^! zJ`7Gm6Z7388NQJ>M<)7_?R=zy{XcjguL;JTy?s8S&{zC1Y*Kif{fk@5%ks(j#FixY zzMJQbjOiNsvWYR>1YSN5URL@3#_BTgsPD*mv35g{c7z8@x8j@00lw)27vh~>pLhD< z3*pz&x8A>N?DZwBug&{ZMNkcyrh3{4c8y29eXgjkKp6xkrc76Pp1q&%{Qbg}pu-nN$N`6RYSWj~%1#Uci*k>nTGN4F@+;0X#YcWNaZ4n5J9>R7v~6S? z{DN#7qSx;nMz22*kV|*^ydu3`M}2F>D-}-i*gt?<`mg=Ci9L{OMIIG?y!a@=7$tyN zJedGy*@}zLVvf9t=Q}gk!V@#W2fEaa^R9@P_!xLL51DS)vUv31t%VO>qkl~fNEKzv z#AkfJQ@J}ch^Jr!2v>isCx#IA_%Qfw)f#J?dG%VpTI7$-_Zbr_kB-Mr4af;oukQ=V zK0EIN@RQx&s)YTs-yfac-zo;~G#}8-nD^YuxG&&W8mg51GjgBt+{JhnW5=S;rF-}8 z1J~~&|4QDIEnKv6zc2sny9wxEJ(sN}JuF*TWumpT1K%c~C$*`zwRTE%@5f&2XFO#~ zHEO(Tp?Po`UlyS}yd)lmmn}?cs~@>3SOy!4H=}=At_yvX_^p%dpT{rEzM1r;pZERr zM|R;)>Bmp8AF^SW{V*KN{m7dlzU_nFI*d(O)bZ()fUoa-=G$jtqacG<5ML<)-ZN-N zF<<3kgn3>Mom!eS^DV^U?!ljj?<<4-&+faed!J%y;O1`nq;@nPJDE00&=J=XpG&pH zeXh2??6!EmMl^g6&ZGFmST(z@jSKxl)$lTY$_Lbs>*!N9KVMG$C+lxXf2=U;!_)q} zcs4&EhaU##g^aECdgy}>UV~@X8aZ6JQnsIL7W>YV!-a-t*ZOi;WeTZpx#%9A?G--o zQAG!>H-iiD22Txh=w#j#`LLlzP< zdX2Hz1?~(E+%t6Eb!7=-Avv%g9L@TAv9kWtR`}+F#wBFCM5y!s{UYZh(oO|^KHScJcZpEOe0#*$Q`jWD z6RpM=7x`9(Hqi%?QQds6T<3@H(p(n%0b+->t!JJayReRaMEUkXa#@ty+|GX6amrWc z=ofP`l@B3<+4tqX&pX}E9Llktl|dPi&;e#4z$Z4wAnS2Y+fq@l&n4>%u0w6Pc$o zb<3IG*0XYA(3+cRBtED3$y{`ra_sJ7Z&2askLbRta3Jot)8m;n&_g41@KBjz3$tIf zW#>><_h!ueva^}%Sw-85@2agjuGPlZ0&QgKN3RWAXRdeOTy1q{ZXOozZkX-K(;)AD zbr^a<@58(4wa&r#>^#QlU1UK&V}Ca^ zISsje9&(#pj?0y|r}LB+A-6{wyLZIO1HRn0?>rlFgpu1LeY;m>l;7TqeWF|>(UklZ z<;cetImw?%x6ZZh`0rB#&{9@~~+?Kd=4Y|ioRH#Ai| z5aLW{!G8g8KMt>tg4a(89eDnU&?v*}<{o=X_ow(VvYTaZ@l7mzO2-=U$Z_Bp94y>y z+J^S}pgrXWO0SwcKy2k0_I&ji{6gx;(k-1Y`o2UF_%!xA_>?XFsNwITmHT{r+IL$G ze|vt!qdtGDjM;w!{f9oCDZc)Sa0f4IEs5GikD0dAzWA;I9&3c&#ap_LF)yV2Wx=}i zEb!ePa;+Rz9QP{bDdbP$YgVehdg{3yy6}D6l&snWevw7@-Rbl^{~~)oivP_$aO+cbm74!o;R0I&2~E*qpb z0UaRA{^4VcT@iGa!w%_X@AKZQ_@cKzL|UF{4k!dIDcB`3Q)VJ` zPzD`TjSI+qU-nu3dz}wYuKfp1d?{=H1I;NZ#-#llvg!FR;VWn!)yA-j;Z4!}JzoH4 z=-U|jR`Dx*1;amrVX2W{`KJF%jr__VScNVWpUDe=@mI{H8~LYp;qapVN=8UuNNuPP@p|`{p+srt6 z?dEs9M7w4j{kk&7aV)rkZ*2_V=BzOd`Xb-V8sEFK>>2TXim%Z-WwsAle7(?bL%BAX z(*U#*^)^?s))rf}%9~RpSIFCcX9GSr zbCP??qnEg4Hupnixz}9W$F9z#Z^^(5fo-_`D)yQFruWm3{q~Qn3rfiy-~W?tlRi5h z?~KjDvvP~fJaoca!@4-IhtqK9KTLxjgY*4@=dkv}65Wgb#RurR;5>rn5A585V(*$i zINrR$aI_Mf8;D+&DF=cyV{_q^S8w`P@9p&!`(t{I?k{~h5H0A>%8wG$zf63OVGTwf z{pzP*Hm^l8S@Ck&p0YuE)pum1V(JSyx8Qg;vXxX zm{{PCE%tVw>}}RQ^^n(`JvVfsF%}+lzNI}w?*RCHgE0_p7M~<;bl#;sOYZ>k_6_Jx z`B6cdsNx*Q{^$c~0I%QOCW@q4{~>8=Na1AwR~puh?+$s7Uf9cu{j)G4K@!UnXwU9&($NS7mcC zfZ68b>_E0F2SYl^=4B{$pL%9wd{%A-ZONv;eub6sew_CNu;sHZrv!N&hCj3qP&K^P zHI}(A=VL}!iC?aavu`2wY$P6F`i5L(uEaZ6fLsg3GB-vvukUmWkV_*x1aZ)h9k`Eo zChrV92}f!-pBO{_8+W`?zGBillRi|u4!zr=II4}4u13xis~Fb|&h0wtSE#>~Sm_RI z85=8Y&x)0{gCEVUxBEJT}TFwVV|e+}~Yv zmj{gGZ?q_XV=1uZU=W^zB9<%pP5 zapq#<=*-4K%F4#^Y}Igvtt#9oh9`c^uyMe@@)gR-my@4{?bcDqwc3!plkEDaKjwD@ z#@drP*k9pv4s51AO53x_PY?|ZHsoy{1lM_p_Uf)PU5%f7p?Cv%@_J66tB<{Y*J|t$ zhwB*j&{oNhhDc=w%syPBe7J)1+46U$nfdgzzg1O498|s#P4!9r{^ga2TL*%D=9^%DL%>Qr?MqSUQO|Avr)Ak^(!Z>iKkPJ~>n=-> zqeZ{#%>7wzJ@^bc*mXQm|^IwybA)HBv|2Nm!c9ix5Uvz`61Q zD){MKoW;5y6WLP1kNcIYXftnIY;J%i5WfAJ}_PAWldOgW-tsN1sY-jJ9@^6#JchK9@vx>Yp^6kv{Rlv{n z;E{Ne$(5Va=E;A%_rVIrOEDA8o6RXh1~G$GkoJi35;xxW{Qc+ua^NXwG&m zfY$KMTWoIH8eoZ|I~fxLi;44aUkNOd6>ZvEq;awvY&*kFYH}*O*E*Fw>%7=WsZWoo z*hy1__YvMlDzoK_#ygd-VD@kuny-+k30HQ{3s?5c4_Efy;w1ZS#lE}ENw$rE7HSz= z?7jFh_Mv9~0M>5K)ZDQd>t)9uYt6CAKhXR;0`l8YXiWBvIe(Zl!_E8wdU_@2POSom z<<2Q?Y#!z3^Mjsb?<@_zyPoF@9K&M~#nIj&kE}rJP&qr(kE1nfTxw_sJIId9BE}_# z9Vi)KX{#LCTBUKR$r=~#Um+J{$hi1(+)>VFi_NR4jL)yBOx%KlaZLIU7k2ifJ zl3Z3ENiLsEE(JK!z66J>-}7aPXDc0#raqMe_6tN)z@C$)a=`x3@nA0kFV+qT&{Qw_ zqYqy0hnFSq)>dZPCy4-k^`41+55M)pYb$(tc%;c&f40Kp!vy97ILk7=E3Y!KJFl`E zI?`ISUg)Tfbtwh-?2=Ih@YI^I(AkZ&4GzQPP$#a$#wk0`ML#E5-@2!n9Cv-MSbvN% zad7LHJYVL7p^v&T&NJ~F$v3Co8e)8Ns5?yEvVUYx6ktP0{>V1d{xWU&%X!eY=5vkD zgP-0U32Ux0*^KP1C9WMp)=JLUZ_e9>O;hB|j6<*TV-?qLq`iFFQ(x4c`l2>%Ox4;8 zPjhx*{515n_8y-N4MU&unS=+)d*MMcAr9>;Hq--ET z`@Cdnd?PtzJ@88|I?DI+hp+H?u!glT^CFZ%#$$u` zj0Hbu68rLP2&>PhnS6?&`JKeDo)Mjfq0{^aB<*U%(chjh{!m3-yi0K>6yj z7qq5QvQ>O2U+vN#F+VgRVsdsHh~I0TMz)yh>B7HROdT=oOZldC*#EVTGf;wEw0(Kq z6|;Zrd`UKsU^KK@skm`O+)40rx7-cF}X>#eI`P?>yJYn!*P9 zwv)asb@F#NQ64*EcmA>FZ&njCPe32W*7s%7xBhUfwF@6!xyCVIGyUJ`+1={D=r8z8 zax4j5+J1`0PVxJf>wHu&(s4&`&&eL@yP36u!8Qy{Tm3@)|2s2NkL(NJ@9wO4 zqKzYN9_{RzRyEF@8j2*%b!eRCxV-DwSoVpGRGQ~KW8F#idf!-gvb`=J=T4#g4hx%4 z1KF_sR~BqT_Rlx)rTwo*fU7Su&h166m}_U8+ikDA$GUNRN%K59mVHzG>;AEB!d{n+ zb9*R%soiHV?Ax8l0gXk64^PzRYsdey{Qa`=htmF-e8DCDn(1n6nK-tL&Qv`NZ+UxA zUxx2QE5DxP`$WDE zBid43f1O23|Lns*Tzqw3R{ZfX@VT;Tyt{<4GS{odyUXl#XuP|U@qC;z>lcrAo9y-H z$Ggq;dc}BmjlI5kynCm;E+6l%q8{_@hVkxQT;EOXep={Kmp$E)IU_r2zUbRz0ou?Q zTif zoXB5!w!hE6(r=P!+nGZyZ=B{fbibd$XLbzUAZIAZ&*Odge-)r1OFwr5OE8{vgL3zf z$1!Nb$d%I+kGt4yc^z9>w1Hgl{4{@`9b~lOb)Rm9ulFt=dR}y!F9$=&LFp6^f1W(j zb(eGzwn3;2y9e7qGB{X9@;``k3x77gYp!G;$g+usUgvP#9GU1!=g;MOlQYq6^`II@J z@V;19ZuX42hU?-`x$;Ak`yRumd6I9Rc9MoZy2@AsK`u9Crfn!wE>dzn*DF_*xnJb^ zz;nzwY~`D6{NUw2~QPf`gCjQ9X}w$-eNzMJ&tn~^9RrbIQzkC+C!MULdK|>v1nRJ=16~Yo z2J3Nh)Wfq`+4Z#L2jKCqgY}S)p}Nz2_E=h9W!sZ^ z?BkTno-Cc}#bT{Z$vWx7j&q6ow)Ue=*_5GxO&Jsuos=Fja#gZn2o6bJ1ChIHD zu=eJjEPE3O1nMhS-~X{tSDQIl?on zz9YtL=Fw$uwrq0F7^3e2_GU|U*XdU8wY=DNy48Cv#j8%wrT1EzBd1%v*D|gAbgTDT zR)$U=qW7>jJNxQF*52&AZdJ(Io1N>cLLbQ9ylT>5>ke>Q4NfEI4D{X}<*QkHvx|44 zixBUuy=ltx>|e;QvE{KRTO9D?+nX&8c+1jnEe<%-vw)st?9L!ZA*&wnm8u6k4ymWn zdzMiT&%TshPg$UzNRE0O@0qVBf#q~#Z`M*z(8dg2%eI>j-JXQK*%`DqPy0>E-t25< z?0kE(v$@f`#@@`}ckIp1a^!iLugBxuS933WbEbta!0+b*lk82&zYuXn#R?VE(|z8> zjazhY;?|Mx?yb4?k)suNgdb@B%s2PWS^4zQ{I^~>n%~-gwE2#j2bzz4_WtH$O}pok zA5!PXWvlQVS2^$eaEbHI<)y?aerDpdr30*8SV-(=<%RrrLht-=1M$k)ynllCj&t}v zPxc-*`)^q}Z1wTA#ve`F6LIu`>ejrzhi^~UD-I`|AN;7N+jH%&WY?cvYvz;E`x$EO z8L)o4lr=X~ONdXA7vgB$5BH0?*SyQ7K;FIf_ftNiYzpQr4?E*dajQ5x$D2#RS0MKA z)&0z+RN#*in_(`6dDyev>tACog&4HvQa-QsnD7rd)ZV^^#HGP~dM<_gUF1;6erY^g z^T7T*uD{+)ZFlKBqUKU}Rn}a?XL7WC@ds@C(c`tvo^FlI3zV{!vQ2mz=N#!WV;P7K z`*3PszZCAKFc%@*o$uj}H4B|i=Pb^*VjikOH0$ARS`PS~4+#HPj|0EBBTDKx6Aic{J9ZhUxWvLuu@X z9}uRCjsuhBsqsEfO%K@oCz2l#*0xXRx_|HOl}{d>Rnm2Iwlm?emH66O&j!{L-+FiU zclRzr*3>u?*1g+s-wj)PfAHl7XTr)Q@V?~4C!np>&O0-a8$XmBxtaSmWLD62i?WZn z?xU%5C%y9~qtKL|TY0iMcf8x^GR3=h5c4R#!`WPVM~GkE=2G%Tq(7`*5;12z=ev8@ zXVdpfI;*3pSa)ZA*U(t^M@p@p$n;C@2lt{mi|1{Zc(RLwF;ek>9R5gWAihnUDHY%D zTp3Emw>tyz?auY-_;%;|bbPyWeLB9~xjr4=?p&XaZ{v@o-V|+k;}61zSxKVWc-o89>yQ}^>0qz zADK&gIsFmzage4h?)1M-{tEhexc9^1m-r|4=%loN5t)?sFPurnznJzPzJFoL`Thmv zmY|Qa?TsqxE9bj1-`+6(1^2QyCXhd5baKGn7(ri8>|bQWv+*xXJbO=h*+h5a-~0Xr zZ5%J2efZ)(-M@(O?eXGix%><4F7S|VY<@qU-C6BS`M>91bXAzP%y_m{*mxQ~V#V?O zi%3Pgegz05Ok7W6MB8o#E(U71}E z_)PL6tb_L=N@+9sy!0lz^%#e>ItCjY{NWuoyf=21`3rwCrl)|~;}o`iqV z67(s%~(S?T2(P@_7@h@7cxfj2eTKEF|ekw5i zPe6a2OguYu0{+Vt&)%*$dsjN1y~NBXu|KCbpM*{x;@>kL@~6!wl|vupks`x?66OHyW_>PZzwZ-w5J-}48upnIWptfJ2XeZv&YEW$lxRTnWlg5I)jhs`w%|j*>|(+ zq5r9Rz{^nj_nuil-Qxl9kzG$&pdRowq#nn6mf|DsH81o})Dz^L;I;T@@${kb>|hQ~ z9lBR}PWWeL{!91yzOSsjyk>mh3HZyhVIOoR4Af)OuEA%Xi_ctu&s>1dyy=cP4{X9` z-gK;a_f7cAMUK@vkf~p(Rt_hY&{QS3;(2Z&G(?O&P|Qy%TG*Bi2nQD zSx0|x^tDje(R$wBNxQw|#VChIIbO0Q^}8A$yXlUG`|FR@zB1wPy?bZ9{iCB>{cluu z=T{>4CHPKzC`OsLRi2N0{z3Toy$a_SvN6=h}u*;+5%YFzvy*vG` zy$`&W%m z=_n>fz*>VNQG5&ChfK`C_;ch8Omlni=aieMu_0d2;#@P6`Ni9x(w+v^=lx=D+Lw!% z9MrSj8uB{>@q*41#S6BQr{Tv7I#cn2a7J!oi}USbcSBaZ;1fC8p7a6R{TbH;S6kiF%2+DH6{D)UR7`|>f4$OXx zz=MYvLDY{A;Hw>Wm^WqZ$5X-hz_Fg815)_rTc7!RN+L}OALea6*wvy7CkOT$N`I)13GNaQH zKvZHoQmSpyb_hg4CM}|L#_9CJIXSsukc--pw9x!M-?jJ7+2|DRu;C(qeu zpS{<5*Lz#uw>plK$y~n?;_xQK<9{;x9 z-7@N)jP2mDcW-8_r}1yMl;wWNn?KuP@qOWi z%Abvoyz#lCHf;1!ii{0auQiK)-fRABD({}He~W!h{w&GAtuL}JegEw1=E({Bx^Z$u z^;(98Rg(wU*KYpI&?Y=NVQ1$~PT1ML$%EV3&65&#_WDT)JA37%0d_X|v-&P{pX1-M zcj+kCzpek)j*(}TKfCi{H-B~t|F&@u|CW0%QE!oCmxG^#J#Akn+2!C&zbD(%lOsP& zZ3leyw-X+u9cz$wxVJvFoyJLtcEIldyS&Q2*Ke2eU3U3{wBxnKz1OnKSA6L7{%zFM zi6rW^ie9t*+ZW;AT4*Pq)?8boT>ln*obYcApEIZB@|@tq7dl$Rcgg!=7e0@?e+HO- zdzSv~4ZL$I`5VH&-I5m`ZDd0ATKKnHimD1+`D0EV;NRB&7yR3OdEsHM{Ov2t9p=j4 zzD?G!0rH33?JH`|a^-H{uEs1^?)GJ_%odZ|hUyL|d%V(W!BwEk)dWn;Hb<$UINnWuL`39sb{EG5!?3#SXIXdE{tc z5%*%L?J)lScEHPkcB<@qN$qg&mDF}}J?(@CX~(kfIdTLnSw@b2Mmt{F@m@=gHcuPq z-@5jqy}swd{{1Mbw3j&kijUeC(4$t@vVj`)|dEot{pi| zt;Z?j?3R4XYF&swOTB4p(TSS1aq^hAv7bRe{u0l%^Ih$#O||nDc{PjmI8k%o_Cuu` z>@nDD8RQ%2oX0S*6av@p_Z)86>8^Wod|E!Og@BC+hsq+H_P{C24Q&+N7t?>_72 z`Q#ugx0<{+eJg)kdYboC6LdBD!E4{%1fKD6d)cV1KYz2??6;8cSG6aH_WZ~tKbFq= z>t6@{{^nc$@%vxK$DEc&+~9ufzFo++_MY^SFI$N}o6B67M;$i~^4J#Q0cBOAjJ=~h zM&(NxTseN!3y(c~^SGzioA!L<&+PWDHto^Y{7Jl{_G0Y2YxbVOx6!zz@3eMWKD64@ zTBaxOWN&%PdhR7;WmEGt#+F*o`x~ey&u5Pp?OCJsJMxW;-FkVrchO(7$3MQV_NyXS zhVAH!ME2uLz*Fm;HQ8pZHfsg7=dAkL_PfLyZQ_qcKQsTEJv+5VJBxA8W{tLe-h9xU z*Jr`=s?T+w7hlcJg|8;tYqj-$E%D1Z>miF-t1a1^t+m>G7wxo8>Mk+lI@h zPsXK<2YYR&7sv9&wBA*+_1dL2&11w-YCJxfD_?t3)^o7FuAw?$JqI1@-LkwJ1I@Ef(F#MoBk1jfJvcct71Di8P3Fdy^`V{vx2Eo6rPF7FfMC@M;;nTELpUh47a4Igy;}Q?RM7!pHav;kO;^G1UgIJ(D9=-;$$!PG`x9hHASAe2BiH ztJb3#d=%Spk2bz*J+AmvvbvLXQq|5L15x{M%KIX+@}ng3H(# z>Up$Apz0%$SeX_1C(fZ0kKnJ9w=76nZ#9@Kdf{#Hz&q4_ZCdN)jYYfg`DZ6+;f1a7 zJb0^$vvh&&0SC4!RIuty}h|8NU-S+=BnQm3*6MMBTH@FEWa09+B8WK03I}JQT(#ONQL*XRn3~>_j zz>rFxA^Z2p>QMdnnLTy}=Up#NK6r}$*O>DPllKoddK6tRy(^s?M;FGa-6=bM>wtWO z;^@-vapcP7E!h=%Px_PEa>tIyj8wjg9f2+)_L`In$+O0_>I_oFr}D^c_^z6~KMejeB!^xbED!-->i+S`!Q-e9npcaINz_u-Uxb3Y(mlp8q* zx@oToY=Pb#*y(vE?ERFaH%p0wSyg{w%bx?Ucu#Z23J3Sz_3>*=J!oQmqV|id$6l&} z)`q^t_MEh3$KfQ~yxeI^`*oh<5BI)D?!R-$+RB$vK7q}Xrj@6+sw7Y>jg z!|w27e_*dYTSWh|Lo^p}PSHE)LB?p$7vqt+9g6)iSIAZp4~k}O#{QEX=(p{c7JD4` zrHo^SGmd|E#{um$j+K8*>^ta0N`FT18KJ96$`NQDJ;hP;N5_}WqH_Q2R`G2#)S2F#! zAa6eCCO;$(zR7iAsj+$1mESt2|2N$}9bU=v$Xx3FxqAlbZ#49A?Lx1u;pGeU>H1`M zdB*)lO5Zy?eBs?c&K>U=^9THSI{ujJf#ZGW4`;r&edIIakNgz)-WUELUNaPb1l|w+ zpg-3R9Ev|WCMD+d_l-aB+fK(HEgm@Dcm6Qz*v?LWJeC6Ad*P3)LFOOHGciB2*Qe$n z&6%0*zABCmX=Yz6*?_JtS?<7cw)8r!{+ci}f8OHs`DfK%^mjV`{J012XFJ|A)?chy zJRN_I^T6@G^QT!ud3OBy_QZr73%>W0Kd(8Fe6ITiDg3$5f#rRp*A=Iy*E1>jcwg-i z;1M66&3yAf3ViQ{UZ<7ktA>{6#ZLc!R(Yns)5-GqlynZ_E*s?@*;!S zU#=~5si$w*J6;<(=COqid2BzKfXVhyvi&D}*|o<4^zZUPzdrHUfr7*Jr87LRB^+yGofvGogP&d3u%^PrPr&wvU0cz>g{|C9jKMuS z;&<9Zi5!k=(~C#lGlCV5GWg54_y1q$v7Lw7U+dst@Zvuz_M8f{&iu##UKgLT^W((0 z+lhmBC|`4iVcBRd%=N_IIto~&%|LM~y{!<$8q~f&E#bwLj@QEjc!_N(YL($vo zN3HbmLX6*Be!U?jUTOSq;0qI9?)RZ)+d9h|r>io1P}_0b5A3vK%*1iGq{eZ-_OoO= z>BA1ZXA0jL+Y8s9e*Vc$!PWaZ{{WAdrd6k*r)b%gKTx*+?EWx*daetLM-Qt1-A@01 z*7?VY3xo&h)13o0d&YgX^UoRauM-3C@-H#3dN<~EJ24w4M^c}fBiZ%SWd6O+f%Q!J z_l)4fHx^BXg74#}fbY90@O|bC;cFzOCix~W`fTnX`;0VmUvs!(Z()4aLj1GlfcERR z^SAbOLIb<{WJ!uXX;d7Kc8qSIuJFU3CclZEDB?PYnv6X3wdBP3!j7&>#KLXex8r=R zmz*9cVx4+X)kh;QH7C>LgU*--%g3xqiH~aB8rLE|ix{_`Se|0+8~oN)ifIuOK5A86 z5&0J9hZM2~-rY}sCHdbr<|Lj^tbylyI<-?yoS1r?bCdEkF0Q;|bN$6b>;0}uicc4@4^w*e4Qa; zbkkfuujH&nbiLY}$orNVe{SRxjNeBrUomlW9@J;EOwH253t3l4JY4bMemXg|9X9Sh z8u|DjxKmvN@#F;V`2J(+Q50Y9&v7{IXy4|QVdW6~O>y!x+M{1JA>;AIWzYZRyL}BS zIipBtoha|D{PRZqv)N`Z*@y8VlR-Rw)*67{KmG1|3a9jz0 zf3LT1J~ai{c_{rQ8gHAIZLoZc{k$4(E{iS?^Q2fc)V>6JdBJh_xVqpp%SGAL2KMs zDi5JLLggOjP`?7*8>veQBL|A@>TChgCk|XXUkCY^-%$|mHF5yYM3D`5j4|$)FvbZy zAA`R-XjA+Zg-&Ycxjbs~4s1~ewm5KUuX8VKsvDW6;_OB-X=oc~zH2V)z$P z@qtrUHwFG*e=ho#z2bFNg7i|e>NYaTxxjf9K>BTN3_~?3V^-Out}E?s%rA z#Op0!eu)|%!?!8+&jZf;IuBUSdFQzP_EP3I)$J%Bd>i!@wdjBC|Gknvocx}4qUGM|JE};dq3{v{m-?xfAkh>o7ety{j_tzo$|HX zlRSs`rK_{|QM0J|uavzBw6ERI`QC9$cw5>OYg-4o=rn57uJ!B*^Ad6qgLXdlpHLn= z7u}vI`ZvRe+z-QxnlB|IALm-U*gwy^dDP+7Hm|OePviQz6Ex=GVSYzGvuS5c!q45| z8ULP4@#~q7|266+2OEEV%J{!^it)2Q>$Y982Nmp5F8V$b+oOwi2iP8GfZJc>4vpI;!~2Q&%2b2jME$MiRn5oE zoQ0)NeRtF{2reqMxBE9H_;>Yo^+=8 zR66E9;SRkizWlL+D~mr@KiK*BMEu8%qgdqQJ$ORKrbQaSQ?v369(Wqzk-_wBzw87Y zod=E#+|KuY9pe7(f%z{zFsIs^o6nK_BcYL+z#X>X zM&5lkUnav1zZ@ouva*+fV_y0|BIr6f92)GiwW!rgPd3c_^gIsx7I*2^1Nzu=JvI#iTO>4V_ z?;`D^!MT1#oEK0;oxSV_)eg<(er@wbky}_pUSrPp^DpgSPqpEWjp2RfF>}tJ-<1z0p|vI zsffLLfDhk8HPHU1@7(d0IfqT-_yco5Q9ybK{l*++WYW>W^A;W9x#WAoo%G0^4&Hv0 zqHmX^*ei<1T|qoOjLv!R6Ye?++b>o-AEO=FD<;;r(T+*3_tY=EmD2wICVDia(!;vo zJ<-Fr_{`{WWZ}^C$b1jtIF8Dak0l821s zAtQyzh~_i#XEFE7;M=Q_kwr#Ed`sIM8A*L+g^>}Tk?jOf`~WW<$^E1`#E!-s6- zHD3~u?lFDShxB6%*^qwM{1}7x*CQL+#|pSi9V9X}RyB^}`JT%>QN+9^xv;E7-+e6G zs$aog@e2dtlUC-!OZ=n%<`OG+(Ir*zs>bQcQW#mXY*{+#m8B}1c1icd|Br(2@5AHn z{Cg_-+0OXvxjrF3Upz~CZ8r2u%$Mgipi`u$We3R~LZ`~UY^I*npHfd+$etL&W3#D& zPK&%vt(`fC7#*Uz&^+kqXWxw?_TA7~KnsKZ$A10!pS<>1^?|ou*wgct>PT;0@>YXw zJ6&U+sZbS)Xg;hZ&Ti~0=7vV&OXo&@P5Z=aSSK4Yu^XF~ABjMpZP=sJway`k|EL&- zU;ZQCZ>Hu&>t2GKB??`)#dt2p{NUsKQJ3ERb4V%g@Y}V#ZO-IbI~QlR$dL~mR)i?zP{G@-^qDG*k&h7 z;icK!D-M@l63?(sPQk~srj%ad6Q9jmcnRlpo(u=WIqaQb_%AcJ^pZ_H-#@q2*gRob z%fIXGQ~Eke`>|~PnX}rMPc)tr7u)k5J_^6_kDk_9QUBtMv2>@XNSy7Tr=>*x4&4I*zgKGxK|Lr4RR)t-v{?w0Px9j_~)<`+^ zU{k&8Lp%27i613mve3ie=!XuDWGnaAKjz!H$)V~W_n3O+MEt?W82p*w4SyqAVD%Qk zA4TXE&BF__-foEVT{N`yog0sGY-H&wbeQIKHxAKOAe}@!n>L0MJKu0F^SjQcLvAEL zQDiZO9VMUca(*u&CZWCe6)%&Vmuel~M1(qj(u?x8RSQlA_{B;ATeELTC%Ti2BaFZvGb5?dc{an*>q+ya`k@yDjTNoRB zsdl=-S(joZ^LQSAN9WLY0(%!ckabR4U0#~idn5Dyjhy8@*B9Pahko8fe9&4l(TPQ8 znOJm`T86hTe#_CzNr7d3xoGsdMjyEC_yBB<{V6Fg%dBR~Oe6Rre)L6Y$I;-?I zAC1I@AuAgL{j&0dy>9%@rg2~2NaBNOP4j5Cn0Cv^FU0Sr-Fx7BwXvEQ{utKHmZ=SU zT|r|?8?icke_(EdHu-#tE;^&T9ePdVQ?(1|$KDupi$ddeXe=BH|H5-W4IUtld$RAj z`;m`!e(Tt-v%XE@UyNs!n^?d51 zguR!fo7ER`P_g2f2X9`-nhN-PelzQZm5)69B5;*~L!Qw);=^CbMdXfqxCCKV5{x2W<+*@nW47%o*+A3YsfUn7nRMXVC*!wd@68 z2?3KUU*5LkC01|SoCKe_^jXi?(bMGq(9;gT$)_)stpIH$^TK%>yw_0z&EUPT)-ZmE zeN57mdGFj5zL8$keC5{KXl_rtDB;t(vB#hMX^46g)|7kC7bEsiUt5|VSqW~DHF#iT zWIS=~qQ+5-{l2Z^ku$}HSF%(N(yijQm_vh6pQ zo`UaT?N^k6j1T9$^Fii2v!2x0pNV*#YMyk?youXo!x!k@z7qQk`k9}Sf8@9QBa8D6 z$1sM;w0}O&VL$2|dhyG6_#HdX?Bh`6&?bs*&mC>c!T2iM*1i{7(U_-^rxPyM!f#^}=HRQ}LL#$#~j*uKKqB-%Vv|JB{Eeu?pk2Cl!B z4(==F{{ZnGXx&$tzFB;0^aK7Z`La-Y*y7Wg(ShFCZFT&l%Sx-04m02JS@nH4{^|>T zea~h1kIzs}FAhzVLyS$fIQyLZ*A*6awrxXbjr#3lp!-eG1=^UH8@SgQ>3x+Mq_@yb z;R_?04`fevV3%pHeD&7>oN4fyMZL%-J{zG&6u4u|y=}}R8pj{7N3Mld`Ym=PdLKU3 z-VX+k#kRlmuU|l4b6>xw{+2{T_@^D-5#GBmOz^6!b5z&&M2dW!ik=0Z97xZtw0oxX zlsxQ7$#2OHFtUpbkLQ0K@|%|=zdAoYt*Nn*dCrmFMc_^{90vyr`7GnRk$dF#YyWt9 zx!vT!Me6yaQ&Zq`^++4*_eyBHUx(0VJN>WXb0PGs=6^fq%zAamJ-~cA9a8OqWzhN( zlWR|`kFuOKg(s+qTgdu(ANo9|eI@>Vr0s)a)2n{M=+>$!#t(FL1vc6?Y>Md{(Zgkp z+HcF&<(kLM^W6I)wJvTSan;?C8&w}W)W>N5z&@H!(MNQUKDhUno<9DCKGrAdK=$PY zhYjo_e2P9w2kC=*vpjwLK)6cuQJ?qJQ&&9ki-%;&F_gj&XFR^b6dr@ZM*T-bn@VoA3vu4=z<;)N6Z$AKr9O8t;DYmKq zf2IHE@TzTtt(RMJq3o4JyhZWx0^%rBIdcSA56MyhVr{qf?yO@D z_rjD0OiuvQE?_z!n1FdBFvWqX(z@W-cyeBXow!D50?*a*+&Tw#?J<)I|Dx<<_}kcj z)eDOY<4~{&B#m>9EnOl{1;8dDl$I@Q>VXy4Fn#Odj_0sIc6 z+kJnQv7aeU&K9>5;ImrztV;AXe3ncrA3XV6)ljShK!zR^UWQxm=gon!bZ^IABxBRWly{)rP)UFL$LFUgOc6FfXE%t-j zX%RmfLkygF;i{SJbw(YgTz=-fem9y-)(u5J;-0%LrvHZ5<>d*aNsWZcvn=7xf z_qeX)Osp!!qSUSxsFR%?b?4p|dyK-j8ME_UF|H>D!TmPy;QHC8iwC&&df#Mgn;S2W zK5Rv!hvGa*jBv{vIdwuQg89`%Kg+Q)Yo#(UR8PiteT*|Zeh?0g`rQ5 zrUwhZgwgRoZ(|Y@fRcmwcsTFg%1>P!w zFGgZJh!5O0WCN*&)Wo6TRnbH>BKX7)ZFhLB7G7HoFJ`X1D3Z3s<~8@bVu)*UUwRaK z@YuwUta~&o7_OM=OKZvsS{0As6HWDvTU!u;uGo}W*qj9)w2rl5Yuq@~I(p;EnUNbR zmK;Aw?B(E0^WNI29}n-}Y*|-zl!Zgs-=R(5g?PaE2MfX#6MboGH(e9nPYmIzj(ZZn z|B&DHoSs+zw*+f%F7S=}V&m`0HzQZF4ZOU)!NzrHu-|sTcdFw^eMk4ikKT5SUK?;P z3tOXd>vq*)N$(*?Kjm8Tn-mX#Pdd*_$dcj!Ut=6z{Q?f*&ji2V3lcZZjg(SLRv57T z&Gp*D<|h}rJ`{0!<8Rg%S+<{+hfZ_j#*TkepO>51QyTxKzKHMgNA^+|;T@lN`Deg5 z)P7(~QshVeg|GCw5VAYtnIL-}5!1MEbYX8{fOr@&6yZQM0|hV24@nPslr5dy2?7{hv(Bq`06Gd{pSAk@;hcx zvmJT~xv>2h|FNgg;|F*?lg}7&J%45)_1)>Mvw5Z+`3#IG?9B)kQu7*&91K)!z0{Z9 z`bJ<_>#h@P*Y2`1>nf=O-hga&Ajh4=s+5DQI+wYp>SM&_Gn#(-Q`RIPSDn+?mjyhl z7Twg#@_ZN1hmm=ck0Q3R2VPO0UHOQbOrMFX)Qs@;nz@O&>~{RrRm^1_w6!YeGkZW) z=VnIYe7_a?xzGL7tK(~&94Wad#c!^l4}G>VmWvIaD$l!O>$x626)pb4p+%#^m*P$R zx%2H3)|Yte$CbM>^%2G3U=H-0OU#QHUdKGf+2Rj%@Aiidw)#VFyy6e_?DvNbz3vaa zdAF~^?Egt!+}G2sM{+Z*>4$F#_Z|i>hZhuvK9x3lMmyg{hxT>h3h6@Rf4Xw5I#WY= z#1BembAQ}|HO2=mf{vR)nmb2Dp1=p)H8%XvF6P-?@W&4Hhn_3ISACiJxR!fW+|xWX zh3`RrtF^4wN&I)ALo-f1u$FUm>Qw7t<18Ke1)Ex2|D2d&bD-qkx>|}DUlHRgVthr6 zuZZy#F}}izSTQ)RHJHr<`INTR{Bik418RH8bI^P$1^FgaZbbj#z$$Cih zgS*aHYje8-g}h(L`-Qw;$oqx7U&#C6if_UjE@|noz|5y3pKhvy7s?hZ=KKA;p zN4&f->OJs=pSkBucw;rX*UKB^YR{NAWZ#U2C*Lbi98ck`*$&M=>d<`3pMmCc{tGm( z9Yi0v>yhj;aX!$$hjXlqdVzPW-bu_uZcbHev2u>u`>SSDWl%eyd};=ENPsRv1e6S<}sT=7&z?Y?t-ThYnx^cRIB_ z(tDGLzeh`0lgM1hZ#}=jZn+Q}&&sgx%a%01Ti1mSV5hF8J|ctps~er4W#+FeGk2+O;k!$o#p)aGZ4Lp>f3**e4B|cwIIiG!2R!`TKHILq44Qo9Z$ZEaewDTWxhQkEu_!uXm*LG)Hz?!|F1C{ovff5OMzLSzJ#| zvm#m823f#-={Z(p7&gMeVqd6_IlShrKI})61ANG~QSAInLU-EVg>%hiCGf(CR>{{}T>B`d9CMZi2_#IU+=WraiQd|6Ag_)YzksYa3arE@+-8&Td> zdvl%Zg?xV2Tx%|^*!l&o2h+dOtA8_gpkAHs)t6>J?u30OKS2I~_E>9&CpzH2E_kOK z-Z=>GyaDg@z&nTFoj2i~0C=i|wlAZ1C zmVIBb^*3A(#slrx!)H1N$Cby-K$i>$C)wbGF`nrhOkJe$8)Td5&z+C=V9$8#6@uW? z@gkwNvow$E(EwoqthWr=dBL2_R7C`S+w6O`Atb!)1 zpw)J8C);=3@`=aSV_&x&2#2c6^Jc9akye+BpIpT=mTWBOY3SwTGwfP`6&e2Mj7$~PAPPc>r;V((8h_Wtd&y3k8~$VoYKxT(QK zuG*zr8GDCEZq{2F@V>9L1KzjCuX)L5#=lYHM}AbdwSD=7~t$hD@ z4SAgh!lB!cxs~KP3K(}L@>_|VuZB*pj@W>X$TM*QKYC)-+A76`ewyt6N#-X4v;2fH zo^fQRj6=HaO3xSu+rQn^UzmE&MEym)jCG6fpz1DEi!rY1+ppb5-E%Fq(YHTT``W}C zwsKZskh2PJd-!qADr_fzwu;~Gzu^AY?qB$mw|0Fa?Xg|_hOTNwS8f}ZTm72ODm3eB zMX#Av+Y|@cguHi_Rc(7IGp#j-{!<=lBeKy!d!pxt5!S1d_$LO^+I6Dx;jUo#p>B9R zif{KM=hGd$vTECeNXEFUKUDo%jq1ALryQq!U^aDKrQq1KeF1Y7*QVVItXDgXJXJot zDOmYXCv7$|-{x`u>bVcAt=5sWlS_SRl57w^Nd4Yo*C}n?!RG*7lW+6UYv-ouko>A` z>pk<$RCKd9o)9Yr|L~0PJ|0+#z-<|L&j;^i-|#O2B95NG&RV+OTKQ-OaCh;$ zVhp*+6m_6WyMeos=NB;-r!8N^{F8rN^O)ioiYa7MLk+KQQ+!SJLBsjpHktjF!5wGK zw^n|_TDAec5swA*eZIAfIy=rWuv*JTSaoIZ+_%5>hN{=Ga1*q?oMl28-3j7k+;W@x6X%a zTSea&k(*ljUB^6G$aBS(RrklMs$W~gyKdj#8KQ6P9pJ*E7_NJ*xQFn%6TAstwUf?# zoz8q+48AlT&D)y${vO=P4oKFkwr$p>dML+EYd6=<{BN!`pRCyWJFW-FigYCUD#PU+ z&wQJ@KK=&s;okU$YKSJVF1nU_fZ7uWR=4AikW<)a@jdTCt&bTW`G*4FDhL}sdy$$& z`4Ea5`mxzn&q|Easd={Ni9E(!01pm>&kDqU@N62oyaT=1kzW|s~g_j zZe{db&u7AxPct_8rW0${9%RmjM|%#!&mF{ux7P-i#o)^W#C;FKmlM;%p-p4&duaP; z|FTBxdeaYjSFt3`gB|aNLlZMDnBmHT^31L*bYZ98&v;e$n#Ndk#zhJIUq$=k|BeUj zbqD$_EzO##b^USKv+%xbh?@+b!2i%&_?gT1w#%!w6D>xR$@7>zU@hp2=wX1lRi1JR36iZF}LvT)X@$p8ec8wtoLCu*%MJ z|6F~y8Jc?SJr{rLziQXZ{fRXW#0U3z&m41cUTWEE+R26OD}n~-ou(V9hjM?XM^m4C zE_4@6`WKy8KeVknv-xwZFWN?oZkyZZEu1Gn9CKS4zajtIRG;d$73F%|_iIe7?o#OB z%e5l&06b@5v)7iF9+w{fEx0gra_q`p zVD{5i7oUPrcpCxU23x;9HN~EC^Hp9StS{T@jmA}DO}v!2%wO{##TSV^V1?T1tWf+x zE7bllc4UJU>b%LSQ0}fx?~uQUEe?n9fkW}TvB}6+ble*bb&|)h`N}eJ!=#)5x=CYl z_eJ>K=#=@Kwq2j#6%P-%^grA2bTXES|Bd5mI?M5FrWVJ`&ss;!o`n0K9ARD6mm6M| z&s?VZ-Pmp`6m8}I6)Ti+&Gq}cUbjM-*uK}JuO6^2n9=n*`7vy|uKiZ13*PIZohWv4 z3_H0EzccdH}(DND*{NhV@XTA^Vb zUw`Pvi;MQp_1(9%=f}WNVpXj8_Ntrvm~UIKGc!Iw-|%lYy51tc<;JPo@R_GADV=pE z?;d)_3N1|wKXjvSc+-uv^9Jo?^6U$<*4&)q8@IHEvG)AX3jO*s_V@9~M^`5K4i`RT zXFPpProFDGt&rl6b7-%NcBnh9=wd!Sn{l7*^O6VQ^mO=C%=$PrYx?|8)vggI)Aie2 z8(lZXs!)x-Fy+Xu7;qBPH} zf!JvITC4e2{(SCTgjaD z52KUcRgPM@{MXIcbRBH^r8_p+uFlxHvJ>pbK8$3e#T%o&W&&L1V{M}0$Y5c*Nq*838BKMDUYBXc&r{DxkQ&}$(y zkPkNv+EV*4tMVyo7nwIypGb}qn>pB2+3a5ypSkW)?GIJ?Y+zXpbbN|`^V@R&vH;h5 zHh>*pS=Q8q_=WjdOFqwBXUwienAKsvL65jCltcL%J3@_QRl>%D{aLr|2 zDRbar9z88wF9Z9Tz{MD5$UeCf*fjn|;7^6m3v23cHtqaPSM<{^&~(`#vN27wDNK;OhY2760!-@9YLH^A2`u7jbsY z5qf@iIK#yJl@Cb7{WDD5|38TP&k2Nkqs8H*xWD#4dkH*5wT@sT@%|@?_diX%{~6-_ zKP2A&W8(b>i1!l@H*xv-zTOLe8CG6oi}E6Fe&a&$qkOjT6AxV2bdXvSH-B!^)`@e2 z1KGi{Z-d}XxDt-0%CF?NqQ=aK)+{Op1rHkhDVFt}KlU}`$d>>YvO{HaMz40(G_=@l zyZ8SNx?tOGk!_2Ab2P7UT4dAwBS|*tbE9lMc5jjnv)7WTKjlWf{4>?Wyc7HrC@<{w z-&WWgytB~pldQ3}PZa23)4}=Il`ovNEBJNtAO2-w@-D=HOg=|^5r;?8!Br>uiyh3b zCg%XnlslL1Sc^TZxKdwb=H|Z2tj&G%@JHtI-c9fq*WMhC)<~+B;JxN-qVQfETIA3# zxtSsJH~L+%2jy_C`$NWz>(L>%SyrpovOQkzGiyj@^ZoHVedMBotwH7}Y{uRebPK*G z`=op%QcEt3ccyQ=&1c5{cL(0{qfnYek&O%QNCP>Oollmsm%b%5R?>g5NZ! zjfWr19L+qY`FVyz`_)Obx96{80egM%)QeeP97tJT{3Nk`=pLVgj6?gj1(u zES=IR;O7$X)K@tI+Kt@YcMp9o0LM$A-5h9qH+J$|{8sLF#S25RGW@_Ua@0NKvW}3W zew!TiyX2_*!WGdc(Ji#6oZ4RZ?45 z{?Faq_ZYnMFfcUGKiB=dQwI#Gyi?=Hw)A5Q`LQki*p_~5OFy=yuc8w@(FyOGPk6cW zX*=I{nEQvXq~@WaFtpc4zR#Dl^stlf8wKop-_4jISbv55>eGjO$8G_C{H8feH4x*% z!y}cI)@Cn_k&Ed$@Cou;pVv4(;zPek|FyvzdhbiHu0ksrN*xW%aDWycSrvrEt`FB5w>j81vQ=Wjh4$Zq}giTbry zSflHXl@*5GMozEvkEy%olJNdYKXGYd5(WM-J>}@`d;I6LR{FDh?%w*~qhrWN{L*($ z>pOw5tsnW*BWsuWc$kM3z^Pw;rL)q4c_jRro zj@%UPeHGpm&*l(E${}YV7*`Vqb=NodJpfHb|4N6iY8<}ezTvBThvqAnr<&QT(&edU zcuM(T)>ik(Kbaue1~$pI_^UQmw&{B)*;d?4y1ZOJ`>}_t_hkESWVGziO&4vu-MRW7Q41&vjSO z5BKCh<@mCCGWo8y@APH1@_g%?ff22lC;xWs^}O4K493tm-8t5?ms!eZ=k$z(AH^r# zU$f@FiHsdWE)T-{-N^qayXh(En`9X$RZJU-t_H~hWp#3R&@eSo;#n4Tyy6@_+oEm(Hb zb)wbl&>bF7e8nlDtw?t% z{@5AFYC3HAY-E%B4z#5{t77Xxp6Q174+Taxy~*78Ci0yAy&FTFIlj;+=(L+!hYakd zQP`aad>K98118DBWNK@*AM9b~*ngt$QP@3uW8)*E9K9)B8Q`Am)@oo;U+y#6w3SVp zIoNiJy&qzZ>TZB{n6uKcDMw?Y9m`J}x|T#b>}h2D8R-2(=A$3u3(2M=HrOn?vMfkU zDM(ByNK7e6OesiADM(DoU(xv>b|t)$PTwxSbmkO>-0^fbz&A_7y=z%BWb?Zq1fWU4c#gd27CO=#jbhy|?ETh3@ue*JWcPAGsKtnrGHvqvh~jYrGVL zJp%t`Bh%(R=Jz8ri$X_;L+G7069(mM)Z=bd1-zneDH=<|! z55Dzi7P58-S^dz7Z>^o`8&M}&j^ejPp?eIv-zUAum_-BcSiNKPjxQ5jW<7OdsKA%L zG;qG`-;quK##;Z*#a3@ynd5J)v;7&_(x2g+okrPmGsC@I$l%LX1~B-KePSHG2K^qS zy{W$Rx`WU>x)|DFgIom;+WBo2uy>#*q;sVQZ5uqT>1Ws<=6Bv*kI%G{cUKv|$=CA> z+9kHw8)Ghtt_%0hpnvuxoUXp2m9$?ICf4n18b=?(c?NALrj$t=S+r5$%j_BXaq6tw z!@a}MLDfWADSo3cnUL{*O3*9gb-JtuM=i2wDLdyal>j0-)^QX|BYE)Irqj{y1 zJ`S3;(|hikz+NXSfbCvjya)M~JdLA11>Qa?-fr>ocBb){{(!%9eE|4h0RHXpb_?{{ z4R5z%H_^7`gRhI>>pAfCT=@DX_F`b0xI${FGL~*6MOoVJmC@638Typ@XbPXiFIxM^cXUuoHHYi2 zKt^lE$p_YUVW*ID>xn`iTTYcbN^AO>qZ(}Y3V6+Wj-CO3{gQhcWJ_xL6Bt$JoJZoM=U4;s9} zZvh9dULO1>YDlziQB*htmtElTLeVtk-UqlRnhn}E^ocudx4C@4y$0HjL$f$EYexqt z{?lgkoZ$C2<+5*24fLqSep>}SZYO?Rf*;tDBN+(vOyP4jGEl~UC%iw28Y!(IxENTf z!S5=A-$2hs{9Qet$)}#J1W)3(JGN9mS_L1lF4@G67xJ$1Tn5jNp@$|j2Z8TB@K*FO zn@3eIa)9^CnIBct(oQ>Ct7GRD?Rq>ft_8pPUWa~_Ht!@=#UCmfm!+YC#uZFeTdcT|X;5O{+Z?)zAM>jDJ)dWtYPG~(bHTgDG@Sf!O zJHV^9C3l)5#c!*?$7=AQHuJ~WZLU5y(dO;6nZSeHp70vRR7#Q&zrsR-iF6r1uoZ6`kxDn&Otpy8cvr zJ3uDj+k@08_~2U~e49K5Ur#Y~F0jxU_zfDvME=E_o$zKE^PuYs*kkbZ;K!Ti6_cL8 zv+Eq*TnTTwI=vm8UM8Im?Q*5l;Z4P3Z8;A#aIMdKJ@@px?tR^SW;A`t{3f{#G=0e#>aO$#d`X&b^z> zy^#j41zZz5rGCN0PWLHx`k9+l7hunIGyC7qYPyPR@%YF1)V!@e?ceP&&Nk25*M(fC zwi~8hy>qE~PIlW^^S(YOdhUIcYu%e-?%DBx%gnV6lit@nto0@5oBLTNH#dT7@vR#t zn3V+`Gs3-p_@iBiVB)(0zlje_MOVEO2qwn|@V!*4I0`%QFn*!@priO1$BF|UUucxE z7Zpb^eh9upSAJ0_hR@PHnRPYOSXXm7>uRoKT@60Pn>mFQZTK&7=8AUaiVo(ATi+%Q zgRSw(!ouGDn{G6|$}06|%OOLbcqd(n~FWZQDRQcO-n@7T#+CuPxwLHZA&( zeH-ze@a^oFq+MUP-tyI{=1z5XYtd6B#0-`94pJl6PE1AmL+kFOKUSH!HOC*dnsNnJ^U29EYp|Kn&V6BN&CU7N3}L@4LVKh6S}B{QtrptNW=_H z9)$U|qd@kl#L#lTxbm(9R&m9hJy2DbiG{%@5bPQ#(tOV&Q)8q zD?RmDuJtMXcdfZE*{#@mv$?kG)Mj#BYSsuE{jf#);ZvVV&aK>$|ce|KeUR$&T!CuW!$eyzE{t%#Q4KufLid`MG;t zksbMkFI@2{_Rrb7{-VfEU%1y?`!0^WJYSQfePw{!*smVyzSMTCuqK7(>Tk&%cnB?1wzKR88 z0E_IZu6K(DS=v z0Q?BHpiPHcc|Hg~xjvzz>-LqE4)6iYy}wgEiSw>(Blp^k zr^t@nvdus48Ch+WFcHE2Daa#M+Z^tnQd+oSqkSU}4E{8YJ zP10}O%-yH9<1&oCOJ^M7yUrSCF0W)R&mWuzl`HSw4G*@`&nxiYet7V8mj^SOOuoDf z9$X9$E`o%&@U}GEtGH%g-x&7s9lN>j8LKzG0{lN|sb;gc{b}aIE3uon-<4k+imj8KRg9fg zjGa}ComGsTRUCSAU15drZ*pDu$!W*%^Lfs!b+D|SV&*tz}`pV#uAY6pDc6Skl5Ve?#O(}(z!&T;3p&!*dU!Ka*kYQ6UNnj!3O z@wRLGD%U)&e?4moPLLsEcP}`F-HrZ^mw=NpaI!euTP2)4fQ+KslLo3h5?)FFV}Lc^erF*mk&k zuiWSh+ZO*S*RCzT$lSO6-n-4Uod=)Kb*c<5ottcnuSm0H&fRay-4AyUaiKqDC-%dQ zGCw8R;9mRsOziP9vBAA|x7Qv&0~fA%E4nFOh+rt&w zL)XwBo!(I#?p<;O-2yDTT^qmHsej9`$opN=^Z|!1k9ll-qYsO-?0N;}{dbCoC)xM0 zdwk4`8O)2+g+Z?vI?t^OI~cOIOkFu9a%mdt(S2cRMuzn)B1RZrL2cH(%xS!vTTyyk z`<$>R5q#=5`wz%|V80M@&YUG>=4<(USxw(&&x(~N^x!=u&*wWmxdQu_VF4M%JIkyy(x=WGLVht$UP zmHB#)f?MAr3!fmeg^h$G2n_7*!5>^3;4VoS-geumY5vW zzPxB2?{V#!!}Ewq93vhrSmJ@LnrBt7&^|x zo1{O`aUJlN(I0n{&xc1;OZtFtfGmeum$d_aacR9!ZJ(+Uz*Il`{SnFm2AVp6Cyl-JC-Ln4Jlnan zkaZp8Qe^{$d6w@Rcvky~{5qUz>K-Ta>;pV|An5CD9_{PBh-Y`^W=2#u)WEYltCWAU znjYa=Hke`#w*6r1orAP>X<>RK?^o=9{#$JP82h1jgnK6*#Fyf|E|)&=Sq}6O{8fxg zunLZq@W6Kbzq^z-VGdBe3l7{P8doXLStt8`)L)YyaCBV?49cZmF$52PE|9F-ZgzNB z{Hyi#Q%yWDv7Vw3{a3_q#Tm9PQhY^w8l_tc#K# ztbMNvc&?6lsDrgVPvHBGppE`9IO}El@#uV)f4rFSZsPMv>M&mBpPcj3sjS;uO#6M{ z$WPzblQ-MUZ;F+T2WP{u9aYyyZOYOpdv*-$M|D5s*`c3_-Iz~%pN=@!uH4HmIO4Z) zwGABE_JGgU_xJ#R${y3dKar`MVSk%aa2LHB*}RASXZmd!ubgDrb6Pk(^2R*m7yl@Z zAJkrg{Ne}6*XhJJm;6c(sYdDVw6>0UZ}KytKmJOW~(!@YYh|g&p^> z?+!SXogw>M-*dou8M(c5E3I`lIM-T;IleTL|KDWxBO6{PJHA@6G4xT#P4?Vm>zR*5 zayPTz+)covc?-TZ`^}+e;^?i|TF%2_`Ijf}nkKM!y{seC+p z@!4m{Ys@3@pC%!9laase_>FDw2>Z4~I$6tX#>?J3I?JK6lC>4g#qN09pR&(-@4%+$ zti-MaUU%GrrA;~(K5*AAX}y)5Lr-t|D-YkumJsh$IlLnqVwuA~M!ta0yMID7hdOrX zF55%4j^zC$G&keTVXYWzF=T(Z-<4bMVGIHG67;dhpr3sO`}4!DEM-6=2aa1kaHO6` z;QAjoP@9zMe{>U1>sm@X^WcjGjOi8&K7~)phzI@A3b`>QJGY+2-YDrNCM}=-AUwT9 z>(=29;$vg=`87Tdz;BJ{0lmM6y%N-h&YEb4zuUxDeOBngOlME5d5jtP=teHukOSF3 zN&8`)#(y_;S-T5E*Nw8SGId(;f9D^=Chk0i*qXV=9H@I;_zt_!Q=Pz-6nEx(BJS+e ze8Jyl@2LfL&6nPh?sDVKrJP&V*+-kLg&}aVRIx3^(YoLv>b|JAA#a47us1*TclJKK z`n}Ek?&o)ZQ>K0+2GEQw5B6>sa@n054&lSj=!RdrCtJPU_)#xgxihBmuDO@bz4Hr0 z*Qbr1*$pgjfQuV_tZ$)z>E%w@IpmiP(qDI3ap*zl5Q8?%NnehRu6|TGL0kSDUy0{L zFYi6YD@FHD9%D}|Xw?JF4xoc};?I9^$sMyws0WP0tJRVf#+>@T;85Rf{O(?hM+bX0 z%5%+(Hwvx>z((7t_iVW~c`?>3OpC0Zqj;F~)v%@|=oc6EyL$Sltq$~TVCHO6KSoAgu=C(17KTikJUH@stR?8N ztx{rPk0F!mhy`y%&pgR|^EA55)LdnuQdf-e=-1Tvt7s~@65kX!vZA#ktZV7{KJ<#c z5bpg1zbjr=g`;C-k%fI4vVAh>xL+%zELwEg-U)Xp-$ zs_yhJ=*RGWjlG^l{6J20izh$2Wp5%sx@B)7Ke}aaA|A74Zz7hnWp5%sx@B)7Ke}aa zA~v&SZz3ME#gjMPve(Ipl0)6HcZZ!TmHq$qL&Q3uiEyKNxZnP9;MUxo$G93LOLLt$ z*7=QRAM%b-zl+{!*bizmoq6g2bL?H5htWYh$7%uw-^$@7@SVbY_W;Yi=(iQ%w-Wr; zkc)xm?3@k!wwOAIrPM*(O&!EN)Ir=!9Yg`S2Xvh567|1}wfcwouC+~Ge#=CUoBQZ- z!*A&EGv>D|X>Xck_J?)j{i*!cjP4e1g~eNOYCaa6g11Ue!CPgFeKBKS3UA%bxWH=| z8d$&Yd)A9@ho|a2JXP=EmwFE$)q8lY-otD49-gZA@Kn8rr|La?RPW)hdY6yjsd|^c z#8VwTHcx4-oO~XADxVpRUmL0tAHf^Cr~P_zQ+O!GGd>@CxyX*x9RK6OP{CO1%j+e- ztXq@)CmZr}=)%-@(cxQE`()~u(c$M`cSJGPqgHH0tL% zQ&&8T^SP|NNa^xL%TwEy?e5!B_1bLJ!#UT5p6kEh+HTisx|-`GUeC6S-ynX!tq=Pq z0~s5RuFXc@jA4y=ihUvfWZKmJQ|tSgSSaj)z?}g8uZ}z0jH~G|!Xuc`dypuBDaL(7hT5DvaW_j82vzc#hIg9ybku%@ap`*S1 zrOr2suSkcpfA*!@t@F&@hh^Xu{k;5a=A5hki*wE*XU^d;&{M+=lsviJuUD`S=FQ==AJY&_iW0LEZWx_JlE^Ec4hG&xgH>k#H=*; zymT^I9yRyO_RKwUab5ZRpXC3?&SL)g@8KF64*8dz%K5Oj>#FkGm*1ahnf-1T6BAUusp^F~uLbGe?F)bD6IX5tmx$8*cW+&Ec~RUrOK0 z`P@zW-HbzP+B*3xw1&0j@lN9e-#G7FE&6%Ce-Rul;opwk2b%5}0%!FpI2)|~TlVxp z)~5X_J8@oIsceSEDdY>u*BSd^O2p!t^Wy6Bn*EVnoR{s{Ge zb{>Rhi}}RU$<|*cE_gbE*wE~fqypz;UZXmfGzAvF2-)E~{Gw(Fo z@0jc6#QQPe@Xb=5H7{a*tFnJnezsch@IAoq@?-vr_I6OynrDqQaGC4ySOeFK+^@|Y ztNn#~+4HV`lNF3m+uUo~%nc5NH<|)3-#35R?S@Vm|j4Dt?qu`LST4L@)X`qt-Fo7(Kd#(cobP3P{~diu&$SbK z4F)Z<4kQhIa4mU_iM+dscRP4?Q#2={+SO1b{0w0O};=OytN6p^A7ey|9oZ6Sk#4!C;As0`AjkwkHU^R76n}`?fn_G72}kDwM>1p>XTGE@M%|H2YhyYk{hp*4-Xx`;*7`j z-}gD=(pdD@KOXGuKV>KHN3PsiUteHz{2vZCEMmQ25izqiauQK;65$N+a_1G19qgsv z76-4;RkaZp{p6U#OM}4U*mXChz$ClwcMe=GJZnknGv=({ zWJhA0yY7YK4?j+U!#R`s3iZvI)Y9$l_>Z;N`S*jfg@beY^Y5`5aLE1-(Msyx;nnAf z*{g0Ujeo^2he502fa)g-{>`qX@{>!{x=z*Ckyj=z9WS08$`~6CEiNQhInOfr$O%E~ zxs1`OW3XoI3@EQ>g{sa|{oF;7`i+Mha^P#1U&g~P)sl^QChl(dxQ({se9wZ1b-qw1 zvA%R$SnxWzRvxiyV$jvcwJ#FND z#DDI)stq&sE}pS;5Ia{*Zr4)c(!}SrUjO^VIyHvqMt@{JXX~*)_H)r`rmp1K4sak@ z*5?z9d6Htbz(p-jy=r+hF2Qg1AR(5kHT5noJ_#=LtPgy+&liJ_8V^2HmoHohCofTh z;yyPNUIN-52RyWclP~aY0rAA)`0UVh+qhT$_U0EhZTj+dYuwTf_BYdS$`gs+n}A#U zcR`D1l}lCJSvti_>l-)|Oyg{$ZRK_1SFrwIG&wfb8WeGMLy>jgLt$!`S8$fxPS$#B zZ}aWMgg22F?V`Qt=$c2pxDj3iXB-<+c=`x!s%9gG{Hc#c#K_x_J2N-6Y460Gp0*6m zA}t8>jNnl006v5+_Wt4G&0y1&I{$DG`aDmL{Oj41daCx+^etKN(7Wp%a@N>bUH4cf2Y;|6+`9){h>wU5&mWd%y;{O`jQpwYEt$l= z!RKVKu7$W`Pv3K0@SN%g79hV}1bsT)^5i_x*$R`&kpT@9^STeZ*@Dx!29J z*Yj>CxJ$<-eFA#cG9GsyzgET#f6Z{e-^BM=8RK6Jp91UsJljb>fe$YGH@N>*z0rQPk-voA;QJq`-LU1l za;xUr4&dH|-bh1l_>qqy5lM+biTBKAM|{=a_@=a#|Dl*+<%$3)jK>lBe3y>=!Z@TEWAcM&JLa*3U+ZHCI9_o-@C}!@C{* z`y%>ReW)*BdA8t$m4w?53AeN%9W+2E(=IqM`pt}i?~jAq4&+vN?F6s8z^iHlJL%J_ zgCz%1#P z^eWZ$0ecMnW9r|<)8JWkp2L^KXGmxlYrTGu{ry+yDL_?Dw;<&o(jM z?HVulG~T_u>&ncJ)+c0U09_et5?%TJVIwoxuF!Q7`T1S@@(f)i<6gQ7S4XvPm-v8x z$*x)B;kiCwuJ7CWdp^N`;%px){7@b~?9PAgdzO09kZ5H=i?>cvGm-&qha(HJ>uT(n z@X6yT@iFQkf6lYAYurEAp0dxwP1vid{k4$4+uk7uD|_>N^6pXQ5b7b?nEPaF#?H5G zOxZlfKN!Ns{B3d%v#-1IU4z-n$BOO!Bn}p8{YJ`u5)XpQhoMu0d=stDPS}eXTxas1#s4t= zhx4yF3D(byNB`l<9L)@C;Kum&aiAhL#?r#U31Jp|#$p1XalHwyHO z#Ky>HUp1{?dgE^DId4JNpv$_j6S_;#?c1#ia;3eGhw#hrpQ`YmuC+LWdjZd}Z_XX8 zqnbn=MyF(nKBZI7&$J#XoPeG40=Uuq#@d%nmer)T+JMKkJB+Qk6u6PU`>7|?+8I47 zT^M~KT#?TD=?wleM}PC7J}YPGuF?YbJfks8lE#AymfTFaio&M(M9M$u0P87FI7 zLM7CSy%G5O)*fhj-8prSjt572c0Igeo?-33d4_y!PvD#88TWY@Z*0Lr=dAYi*0LS& zhTd_1@8o&moVwm+d4u+8x2L{kw|d{Dc0SZS&+6R;><31$#~V3&bo*5Yf_8tpS4h64 zbEfK9GI}zh%^}vFpBY zVKvi`5pb{ASSHt6Un}~jL;o&dX;&={G>a{^=^3Yw3iv?u)VZNvJeZnY_~6^Xs+zhS z#yVvR@xGXIcKbiCLVX!Wah|zv|#WL)!;(EyF`bX2FBT7Xwy}O|?t1PqWa4 z2Q1&RLg_i~p|hTiabG-WY7T*6-TI>q|MKm_4MX>5HRWDNY|om2ZHazx`Z9I@(g{wV zhnaV%Ib0_F=!HeKn=YN6Vh!$}lTP3J&OkbeMxvFMPR~=jIMnz=H`U~dW*VQ1yXP5? z;Ep+b`xLT;E@;&rD33!U@tDqpba^-i-wnoNZOH6E9!qQbrUSd$GyDLb$I+cSHy~(f zudQIyw*)t^8UBL4{rm-u4S!*m_VX9_%4t)3fT!};(++7i$MsR?zy~GhngIKB6j{O6YmpU_t zfB8h!&Sw>$mHht=|8|{kM$-y&t@XVArsZ7A#!0g0ushcNXRDY0u{g!3&DT(zn zKH^b+{Pk*VXzL?sFY=Ri)`7LBmghJ-$81`m#xYgU7R`nXP92!+Y{4obVi1*sYXdeZCo$mr_+Je>( z7J~l(?FRVn*C*`b$TCuU7~^4!$nqbF2qn zif4u$JU#E&m@a;%n)r0GeXFx}?#I9L#%9xjO*m*n?-${#$IU!%Y_x|&uc~9m8nn0J z4($A$qv6x5t)tp=xf_4FoVXLUo5tVUsaP^RKSlLXyl3`5znpQ?r{dZ+O>9|O1uZt< zKX%fVd!7bygy|NvT3McZTy}=+E}dyRmi7!z99vtlxc%H4jAu^%KAC5J22Naj++gxY z34RfcP26ZQatR;5fm|?8%#d#z&j()a36KFfaaW^kMNkqC8nz3^0%#Tssln1YwqUGPv;eCG5opYIo}RV}8jFghk- zudae#()q5QzXKg_=h)Jl?jr6~ILvw$-g}7ibskE?&O~o4Eh7eS8#dZH>@nGw>oRTo zvK{_iMP1`|%ldK$_GKru-$;x=_NAU(&m3)@!S^!HU|-5!)HCk$vM<+_+VNF?J|cPi3-?uORP4(_ve0|XXcqjRoQKX` zYAUp*)Dr*wDDttK?+wqe*3d^e^*Q>ykk2lRTY*tAPQ{2$2hK6sa1I|}Z5)`$(V8*g z*LgL>3(Bcw&4yv+8N%@H`&smH?x|tm{Hss^oLI=tSh>~r7%}8~EOQ?0>V{xA10S_# z2+OasVJST|EZAquRo@n4&4qU(Z~pMfND_XX_vhn^Vf>qTFXMW*ef`tUb&KmJo~3t; zVNSK-<*u(j2ENQi8@Yb#Laugjj@@)>5Zpeko6&1AWTIm2)4@{`7)>1bM~$IQWQA&X z?Ov>$)l3Xz0qd%K5;ApE{)AbtKZIPY#iwdQ9&Y5{Zu)r8Tb*-nA6~uG;=Fq5wKpTz z7B5|V_xuaiUcb>AQ}1IwMbtP{Ug2LRef$*flYgaq^kK| z&UMBHBlmw+WCd&dFmjjuuj?v(zTPe9)@>Kuw=R#qya(j_mU6a=;&V%%ns$%XL@sR1 z>M>T6IX^*TNIuKYRIO9~5Ucrx3mS=46qvJx^zTCC+LIR`pGP@zba;xNc1riW`ppb} zI+&q*a`633LqF{4v31Yd>S-VK^8L<~?l}eDiyv%z?Y>=qGM|g0e>DHf)+>k(f@k&b z34Y6^i_iZ-0B z;+(l4G1CNouyE(bWSr@pds=>B74js;J^HSAm2G?2aeU;PS&w?H2hTY2En_{@e-u5IwgogEH7@Pg z0*aNkGpAL1E{%|vH~aL+FHjeIm9d?~Pu}rd{t_&*t-RMd7{8Nux5G<g?(Mm^_VtPQFBSJyrS5^3BkdPklaCC3{`@X$ zP_y75RzK><;DYADQCC*n1Abk6dZHSAMby?>l;>N=8zY8CeZxn z_jjMAGc#w6v*xMKY*(Gt+CATDm3_RD_3f>t=9gHWY{57+Q!zS_k?$;f2{nBgnZ_^$3AxpXU%;2zVNz@*5KYI#(dP`%nJT=cE#V_cmKMd zy}xGl8uo8~$=oxvH&AZPi&#V3D*Z!xKf3GD^&jJNJ@>sG7~1xw_a9sR3ilr742%Wz zk?MsOWB7@RvBWEhKQ6Iaw=mxr@uxU_SAQb@xdC`8S+_aZNX{B&!+vB*W2^Rfy6~^T zW^m^(n)m^GsB_V0eT4O3y_3YowB{Ch=py)&y%DetxB0pFoV^{jKveNH(fo&7UJ>ps+)@+dgF zhQGhPZ^(u(K}&+4ePV69eM5V{Lw}Sn(F69ozCd#W{RM7ijJFwE^m=Tm6>0DdufHxp z{CCS^>({cb;Iw`)InOoF>SMg)74z<)8~)5YYdK%&yC;k-X!!A=4QIxW{nR{s7=BFg z{~3;#{42-1_6)~+@vj{3@-rOo+kfSFqt9@>uYSn!jzE+37e4V?Th&kAx#hk=8)m+L zc_13=@ivL8aY8d0-s;`#LA+6pq0Yn588wQ-N?$(Dv$ec;A2~myFI~B-IP;y~uw}2F$#~xl z$l#iA-y6s)BXha;AHeBRaO1TR6t_6*owR-MXHSmK*auGi(aZGvJ*obv8N1*i=G9>J zjSB{vR{^umhqU4QWJGg)wFUj(V8?*uBPgewXbSgzUO2v!xi*7?hrj{9wKE4-mMR}5 znWjDn+PAM*y!27BLHfwwI|Li=X>!6Pl z{}}lW9(#mq@UQXpj*Ib`e#$#Gs&5&(t{Z)!Ucth--Iq-Idys?sPe#rL?-z5wp4S)| z??-3!)G;5{s&MH=)9ScS`CZk69AO>W_}oA&;Jb|Tk{PqGH-T-GIaXn6targ7IrE%j zX^b7j!HO71wlwEd0I%w30)0(`K zIp1ZqD);v$vR(0n2YvZ%^*nn({EFN^aBuO3N&L$>J-fc`D{eb%75A>emOfw=HEX;X zJY&zJFe?4{`)yhJ(W%3DvqkGz+&hGRHQ!xYKW(?Oj`hHJ7Vofmr8qj5HB5ltVFRZ9JYqkui;;vX_f%@u3Y&o zHG5jWoVFu0nPEHfecrogsH>d0R?;VD2sTOAI&l0|aNlgTc7o?`FTHtMgEQ}m%v<}6 z)k{b5>GqVoD2krt;^3>`0Qq2Wz`VQG!Q-{W(wm+6vnIVRZQo|ob_2S5HT-cvYxw8> zDYF@44ZYoau#I}5mB-NOi}~&FQft{F-M7jYksa{UrPMl2w3e+TuW{fXtq8SChBx*> zvz_;FPOssMLdRE3^ToB$YKkv_*T8xYX9NpYtrs>|FR+{S0$$Ot);E9YglP?y-}s6* zL0_}5eP6=%Exs>*Lp`?dP47QwY~Q8#)xKWnD{jum_I2-R2wER6WnaAL^p(MF=O3_! z8vFNl=JCql{N}^hzZNz({CDUTY`|Bsd0!dw>iMr=|H$v?hOg`g!uoex>9$D6Fyqx1=S`!=gJbB#x)To$|7-gdeP_I1@vqyjWsf&L zYkzzKo=xvp9RH#BD}MQZeZSTK@M24O;XVERisO&3gswl#e#QSU_iL4#euzT{-mf@e z#cRuvEz*fTK7YmY`A$Ad&x%)X=krN4kA1iPXePa14L=d?PQ|+)!S?a)hpIf`J9+w-FyyU1tq7FzO}WZTiSRy!vVK zGyUXlC!#C1ExpO~P}@eVZ#Qwj3FwF2)NeJBB9lHDS^G8m#}PyAoP_RWJxrdR_(GEVRL5!ekITcy$d7(Y zYgoa3<>9^r&zN{plh58K@jB<-kD+%RaHz*p1MscXcysJ|+cNNz#1{&pcQU4O`l=m0 z^_anEBV#6C4==APyz}vfY2js?c;{B|R%Z>3ECg?h!JBI9l<&eGnYW4>MZq_Yyl4lo z5_le^@1@|x#87!Y$?uD~uY>1SS$RKQytH(h^19h`dYRg_f}0miqsRGApISO@ntX+g z#9=Sy9h#fP_owikmH@|6vwl|Z!|M6Qn5r@Fg=Q7w{E=$l@GG9>-)GF{@Giv}^?tKA zfO~$(XO}0wZSJwpuGzz9!yn$dx{=^?wAI%EzU2$O`Zn+P)Yv6QhPe)YncqP9qS^mH z+fVop;PEpCucGBZ^m-Ss1<<*NukRHu3!qDfuLs&sxC5E(-MklzFH%bU z)_mS$e~w*={wL?{?mb(`ez&s5N!ok1b5*0yyZ3BoHQ(#BACBuc{^@ATX6g*f8b_G@ zd*<_=5oZ71ld3=5#GX3n?nd6TjlMQdGOl@Nso%WQBFB#ZdWDg1F&}#!?YJ^~+;&#; z{cm}{;o+L}KDDcu|BH^SJz3tS_cN`9#@12`(8zg$eqc}yfc6w=FUPmnyxmfb&6Bmi zX>G3kP3_UleMJi%B0uTWbBMOjb=E`snMU}-eSfI)MK=0J^j6^;{h{27jPhes=76`y z=!bN^z8v`c{IRc&nij?X1HDz)806vlF5>Sn-}l1PZeCw{OL3Jwx6$L)XH7{WLl#nt zkVNh+;NL|&)5Cx%Olab#31LczZ@FKQcbDnf+;s zcie=Z5kvk+e*1x``pcI^w)z@hbMH&g4_LJz&|Jv7FVb^~Se9yt^yKQ)$J=Hyf2aylGf7f>g zxQATR&gu#0a8JXotpne)wt7K6FyFsx{Q&m>^UmrumYI8G;Cl{Mzc<9d^Y8%o7c3t2S%hd4&7x*Ijt{CSlz$7_4?;FS%o>5MCth2`{f$b2cR!j4c9kH^} zuFcxZGqXJRYwxY`vZ!mo_c>kaszhJM(mNOPi@LHbk}9rzr?B!-^*SNbij1%I@!zBe8z5FD?9nX<95utvnFk`#=fd|pg-ts zd@p&+T+cmsisz`=+Eu}`2kx~Fv2S~nTbr8Pfc>@+`zY z^;Y2C4BRE}`Hq*P$8wGRug=(d&b6~uv!0m4e8+@$3GV#&e1}wbp6mHXPVsyx&wi2T zOmE4iATeU^dGLeG-s|4L^iVT3aYqzj4d;@5}! z)=+!DW`**4gX?>zZd~7t4({DZ3~wFqx1fhTIMNwe6n}vy;)=YdcVkt^LYF4Fx1D=C zxVIC0c7f0E$Klm0=#?H)jcsxC8StxG{IV;kmkN<{z0z8H&EAhkuJMIiiP2wC`f;o8 zBfvd&1-yfhq#TeC$(aRY1j8V@R^^6f_4C1z< zs+}>qsD0>RPU9xRS0BYk!PY3_-D82f9Jm|VA6-U$a*}t}K@TO^F4%eVYCefy6fTM^ z#J*XCt>f0<+BRO$_-Px-LrjETE+P+cAhz7lz?1OG)@kq#aJlE}5nsJx^JO+%Td+x$ zKi+HL%8RO3mf5q59BBj}FP+Pt6yNe)6Y!A^yf^c8`FQemJEtn%=Qs5Ekm0F<-Yxh? zE>GF@1qIQgk)tgYTsJ-;bJBhfmtIAy>K~GN-oumb^M^m+`HO%{Fez?F?DX+`WT)Z( zxoQ5-M>cfgn@a`^#7{3U&N$%gtW3jaWWZc#%frhRtYt2KdiE60ix;&vMef>I_n5T_ zvNrU`P_64))w;fj%w59T_*k1i5dZT#Yx7ywM*HO4bvb{4b$3a*7zynWCvp7MQ6y5g6N*X^dAUth7B>D*roK|pifEmGaZ5I z&=0u}TVSecnbDiimQqK*MKL$tRn5Dqkw+Fa?zSv)Vn+Ciii3E6i{mqRzq_`98w>a1 zBytLz{3rPJ;=|srncgqypB`3Dw!W%y#d<%sfj(CwLuFSbfWeQ=pf&Mfw`^rkw1LTq z3mTY+8OV;i-Gza8fzBPUkRy9IN5L$HXFbH%-gu?#He`?)cOT*VvHp=51UD6q6_S`r@Ao@V*b?fB9^B(|DFmbW8Ievpc@I&`2I zOfj@MjQ6{AKL!{}EOa(|1f72EXS?$*hGvH`)=1trnsLU!^Ci;noF7fU_T3(wxctyV z{PZuw&P~?}f(P>DeLXdts|h}m=mN=_j`@sRt8oLNO7=~5;Lmm9uW9eQ;;yPQKT!I@ z`rVfA_zRb9T>q5fioX2b{j9HxuLSrqXIH>;x$t$li!boe0nR$%tL`P_8Ea}n`QVPa z&^BVYkxN(y_nnKh2FgEW;l9-KF83XUyrUyf6S~o}ww&{jv9^`Yy5=oiIBlC1h~{a{ z<^xY{ddd}^qxGyf+Kn`girSKrSPCd`u2YNm>!1H-V=jTTy2Xe{~FMU;r z4(u}l?(G>s&U$H#_;F87Rp@5kE&3w=XwI7{;*8$E3_B-HW6)EwPJWSHD_Y2UZfCAb zIpbvZRO{eG-zAX=ocFBwd$3>EjzNepuTiwza7%fiJtT{|i|2ZP@>h1J~)i>wy8@CEEEC@7M@j zb-*>=z?Emq4c1)zpAFX?yi51RJ#fh<5&b_1Op|%v>AYt_j`sw4$5U3YS@uJ%m2c-E zCV^9j28E|I9p*)^CY0qC<1-ypz!-Z?%mUSchq-Z|Rxv}5zD zR!IEc$@{QT;a{8oWv{*XfpdiaAG7D^r315<`bub&@!WUp8*rZa(Zi>BM;`DAwgZB_ z;AA}`9p2ELo9DIH*wr69n2&dVjcZRSP8((qvf0OhzS5pBOTD~q|C>k^u_bR0t%=(* zW8E%1g5e7u7?OU4MfN3zD(xc~Ox+bw16X)oivxj19T7<&_OQR_MScTuz89eYrY zu{Cbk8Mo6J(}gLei?`ArtpIvQ&TV0y#C$@P-PW==eIH~e$bOTb>DoLlyy`ddmtp6n zWMTVZ`dPtKad&S<(?tc&}A3XZSjK znEgELK~sEo;qZ;?1K^d%!t{n8TH5`(EnG=8D&fVi#N-WLAmDgUIZQ_6Fd<8L|R?$-UT`g*w3!Z@jUiZD$d7eH_rDW@Ax~< z{i!$~_oU){e0Jk}Kj!|#mEqR0(-eyg{L+o}{Sy0uyrdoLb8{ob%&V9+1CN`9$Ko*G z!+oy3?jweo3qKPL{ipkP$`5%Se0bv(J})ky$*%#I?Mv7=ch^Q^uk@^;r{+i&Qhmf~5!H{rqd_U)&P`lU8{_1pW&F+Dy{j-wGK6(f#UYW$kqnC)$N91Ox z1Gp^mm8afrX}_HNutmv<+jX(<7ICRQ_dHDLh)$k0x=gZu3E#0P6jSJcuRHD{CdoeK zP3D~+k0iGGBDWK>Zl4r3?}>5U&$x<>`0xqY7ijkXSF^U8MhlL!Bey&9vBf#aNpHCh_wR;!61Xzcm`hW=X{sZJ06*ooQr?UUX*Hh+w9}M%xXO+ zMGH<3uN=Ck!}0A8cjk~Mqro%2eXjFtl`kkV{$1L?mmJnUjIo8j=GzDRoBisC2_2?s z!Ea)+eqc`WZtat;!$ztDW?*mg19KVp)Aay;X#@Un0>4!26=1FKk9$?K9H919zT(^T z6U*?^%{us__p&CE0pd0B+0)M4UUO*P<)7K+EbX*E*5BZ#rvbVEnHOgd*MsD@-8e)y zFmxFh3VUB>-t@rXdtq}W_7gFmc?IMfj+gr)$FRrJ^QDg>wlwuGeO=Js0iL0bqj`_z zYwN5~tqncE&{6buY(B_-qx_TbWuK2E`K6qO@+->yw&P=VxG{==ZSU!t?$a75P8#H2 z^{+JeaqhvsK6Ickzxf!oo&Rr-rJ9rTJ?r4g+Zi4@`@cNv;rcH-%pUi&|I&|+c72gV zExHqbrXM}t-@y5}@PB_paL1kz;@it3KYUF63@l>NtltgjhEj0soS_>aELF!nN#sNV zIT4@9ze!(2d5i?OOvpB%F@a^3MV{n6KJG8GI8TUoxjIieXfJV3(QObOSC6tyrIzU# zf)0#mZO%JNT@k;plrDr8&gQ$;!Q}FhU5Q%O5P5|xc%rO`K6QfgDq`x>4ga>)QfKuu zXgmf?rRYuN^|hwwLGPmJ%B!rt%IW-t{h>{!Cv9ouZs0A$&hr7254*4Ia}@^e{)W6A z@$<;5HGV3h-e9s9OV3sw?{Z|2FY=#FMZ%Dt#r$U3!FZvc+#;w6}{Bv+1xhkHukgaaKPx&LQmDcV|-si$2J0$TT;CW;M zat#;-v)~o{g5B#YxjNakHzhMRbet>?|G`7AM*bOlDP3Qu_?F^R^4pToSbMoYG@}4L z0xmX#lda%GddKAT&^H~di7WG8ZH7*e5vQYb8mUKdb&mAS)>G*l^j{49k(No8kxAMQ z>5gsm4fjR2zirzpO{ca!C+EOTJGN(b|Bl&N_ENamj@{OP6E9CKgr@@V5j;vMjW05b z`FU+7t;cA_Jd%a~n~nZS_XqLAM*$BXJxYCxc%}rNDS>B7JUsL5M+e}Uet(*0M#D2> zJUp`%8NV`G;Tf!e+I>CbsB-{(T3H=rx#qbrhr z{3qVe}n;Hrbqz|j#GZ_a)!*<9kI$yzhktE{m+ zA{iyUhh1T>X_GJV^a@)>W~{064tFo8p&|FT0$@PK|7X&s?I&~Lzsc^;IeWCuyUpy+ znb-&nEzFs9kbE%fVEEbYC;X4BNBb!HK|6iX`|o0&E$}#g^#kN2IyQm}WVdjp&%5D| zPW4M=-8%ndg-Ve(iWw!DYr)Eb9g+nh=yVSv)JDGbs zIFKJR)6YAuvrcx@Ag#u+xd-m<-sS}JaQAZM$pS2%=;4fBhI>) zkux^EGV7VcZNPUYV{feq{l}kKXW@u@bjGXt$aicdXSam8ct(bNV8 zqc5}8arCxmv%}|A$#a_+mks=zeap!&Z;SZGe4)&H@m?8Wu{;aG^#bSmVPY@kJiml{wO6U| z{f2dgzVPD{h|A38H_;(6uu*ka z`ln49L@u@Ved~CV7*-M*OhALele^|+j9s>;BJ!&S)=zW@{TX?R++T%#)FFTUBzUw> zM}0htkf#M7YEGr5_mJ5iy0&c7#gP{)92>Np+)FWVN)C;**Z&uBWKlV?+{3R8Iponq z6JJaFXOc(zh^witm^~07laIk(!hUU81&{V%-%OmyA908h_I~%UwiCg}#Hxx&g^&LC zdG=bkwzPDI&cL9C$n+5P%9~nZYYF%H6`9YcpW!@Ra4CJOcX^-hA)iAn*yEMHlKLLb z-#~A)(Sx9E(0i*_kE2h}48E&RVgb(<@)ra5-siPO>AtRcQR#JeT#cE^*9L69HS_!s zaAwO@@#n2tp8{mFXMNQBU%r9^_nKC#C!6s6 z^w(^EHpzO3pOWZ2y-PBGBXDg5u8qLu&ZEr8TkLFf{|x3Nzfy8OfecTg%j|Wu<5_yY z?KcOak1>u5ulFANJb+;If2a-8y<^EeR9l~lth_(Hk0_FlziXb<@5!sjk5vm)s4QTmP#H%jty z;ka<<`O)vRXsxPC!=dEHaA>LJZ_|DOt)tdY@mbk}8n=h_=#p$if9wldlbe9)9&%Of z^z?iXT9R(Mxa`1sVjah?Mt&c-;J(-Emfm!t2^n+~_g+K|_f3pL%|!i6#9F#GTA{sv z?tez{&3tIHnwW_45@qxO$Z0#(*!*p-Sy^_KbIng*s#^4;-Y+9GgAzYAS$QUQ`o|pWWq8g*GaalMwKsh|tm6^ZOZ7Uxfe*}F!@2QxDm-M%MVIHs!wcE6QT2P- z_Vn?lVRk(geLViqG~&>=-mToR(QifGFSia+-*V7uJS(#PVe$=={C%aP<@*LBU*|h^ zVrm~t0$(FBshZwA#PPHj2c8J?Sv6SF9Z9YYq1H=s%e`L2cl-TkM^@_n<$m=VjI5n% z?Hs;xYGeg9TV)FhJn>v759shz89YT@-SJywS#^l= z7pr*I&|1?7W0PLY`{w%^L$hzLKjG5VL~I@Rcli2HFVDWovuml&UJB%1oZ73!(* z_w^z>TwGUX;rhxfT(4AK27KbfJNa1~zt2)z(q2*B_W<5o0eX5 zLh(wiK~!}p<<+KlC_ZOv*Z0FA7f(IN67_u%K3zP%0DW!)-)~Y=yqjKp7t^ce66U{w z`R`^8w!o{84#{hN1)6w;y%w*s*WxzdY+644#5+7ok9KUfA<;FAtMeV+;y05g3f#SG z4s>AjA@cj~!$(`@b4|KH|GDyeBD9%ZPuhM1GJLL;s`r!3)%*l!oV_4%sLc_*Q}TtnYDcBbL2Xsha0Wq0rc>J;o--- z#~oNdX}IdgihKRgS_itL3wuHJW!>lw+cqm^es-NM_T^6PVfxwwM_cq2r#it54C-`S*pw@Z&e)$96-jh19C{l)kjS1UWSU zIn`4V-ZgRj3+oGfMbQ_mytb#%C4%h*Y8Q9Yt3Yyg2J(FzIH`5^Sb5_RF08iztL_o3 zf=#uGij#PCzxVTQVgn0#_qf7SzjvPA%RTOUlfgZorC#~&?04^`zw2JTk8?0i1!q|A zMwQ<4mJnPnVjBw3%edg=N7j^r>aNksAGOhOwGtK)uBkPy-q(r z*{dDU;{#S6XI9at6WY#aoWsE9gSXp(VFk}8vY!7LeZ7UkHu*LfSX zj$BLDa1A>l7L4fg;k7!_SVPZ9^D^FJPZl0H4nB*PW zH<6sfza{*8E&uYag<0?FBHyLBw(J(+N`3T&zd~&I>C__};ID$ZjZSm(4C)U3R;> zpXNrtHC1^R)ioM>7#dEF=K2`!tAw7Q7un^qr+v^#f;@~%cV8oJO(eBH*`|x>&_zG@d+B0H z4!Zb?2N(OH3)uqtFGU~ZM!fVv-0`4tbH^UQE_Lcd%BV|qb906#s10##Y;3u{eekKf zcY7;*TCV+^3o0TDxF#9w*s2Gs`RxnT^0;ICiZSB!IPk%farVcTT{X_GoiX_eXN<;* z$be&P$}tANsb0t(<3BY?0a|+8%;L2?DgO<_P>_?jcoQ49q{Z$ zoF_8#e9i#gb5$gPU)qVCz8{+HnQitvge0&#tdw|a?KO{51|J$Q2pK^G@<%ikWrCxqezZkc_iR=vNa`E%k$T3r! z$NV~wiI&cv&QUx6*?-Nfoqyw>)A1d_@E9;iZpVPb+b3qA{wAk_&vIb<&A%8KLw+D# zUypv-nXA736It+mFAKh#&JeywOg08vLD6)n{96edgI7eZ~vNw`rgQy(EQcW zv#QPtzqX&8k!VLb7u&xHMvK2Na8H{c*JM{nhuFH@j%B%eLb$%%nTukazwpRHuRMIj ztbaQG?ClriYowN^#>%SKw0&teZVFEixYxkIg)gW)%)Bf-4|ZVtZs^!aEEd4sWUMx0HE#Vf$znY#sk))2Q}$7#ek8i+g(TwCBL5Tc2s4$&{|o z6pWV@u-BFxxnDR1Cz&;{cHTSD#F=H}iQPKx{{BK!OAyDl3q#}VwIHs{S@h`G7`99d z+grKCkoQ_8zsv3=kKEwdYmubyjl0+4qu%?mjkS*oem<7kYq6DFowL{Crf)d>jE$ys zOnf<$pVvFM+T-GCtKal}+DzZ}Ka|^jpZ0Ohl{YQ7nVBYu} zu6+=1-0HwBI#vwLh3{p?^6nRiA+vqdyoh$H!}wLmR^`{XCtf>*%1GX(?@1Hr|k}0EO?Ddems1V%j^Z2C)ACDM*OT(-2KF?Ttfw8P{ zVrnet=b-h(sK|<}vECS9tijG$?tUiWKgB<$=UtkA67!+wT4W=*T0~sc@=N)?}o2Z2S=IX$tGzFHvhetYKH8Ts4QbeY+;>-CC3QF!s0?GxuTqu|B*1Z+m^> z!`RONzLLnaU96Q?p4_B7MQwVbc+k`TX%cb&xMz{E5CD5YA)nC(=Z>jp1vp& zr&og)=2{o#{f;l->=`n7P~ctX!V9eOOMd0R>V=KqNgIsTJ5#$TZEzjZ(GV z(f}0vAP(mm$51ttHx?22fEg3oDi8xO=4^$ zyn!uH7XF*a7W(#GJ&fAhBx80lW-nt_GG-0%V6#k89-4nQ7dO7Pb2#_$+1Od=BeMp? zvMl^~>NM!F)H#yyw}gO{*Zd)x35Fr zRaCPU^b(lr3z3Umy9!!c0bSX;_oLWYzQ|Vgq`I_*%}%^1e@BY0&@mmCR)tbDH5i)0 zCbOgmU7C{aAdaKB)+lI7wGHykSmQqBUX@$#9QsZRIj&H-&zh{?_iAmvaaIKRzUwg8 z+!)bB`IGCyt=LAB&E69}-*cBo=Q}!Y&v~*PCP((E|K4w>nEr(Az|jF5^cs%F8ROr+ zMl419SH4Q`tW&&0_wt^d)z6$|dh~hUvx#@uHneRQTKK8~c%h-xTDI?9dh7DJoiQIM z-M_wp9IbL=oy_xqmA6{?N877fWIz3x<`7#qr)pz$=c^ zDB(bHwz0q%2ELgoT;NA$;d6`dSsGwH@89LcgK+eDa1pz_ihMb}j3$Nqeu8|+MavzI z9{>5TZ8?%n&mHKio7@$kEB9odoUdwfIH@s`b;J*hcVjv{Y`EGZjBj|_4uHzSu-|JZ$9__>~;>S zZWF(Mfq%=Gr|R#FOmTFfu}P49ZjSp_t$||~cw?qdIrw+w>yE7bOTOvIzE9)Z&!T>3 zoONhS>896qTVr}xgD=%qHh{ZoWTEygS@U}3+iJw!)>iK+$*f^@uEoHa^j*1wBhj;qkC(Id--yP7pJOi2QS5BxK_*1L zMSbLE_StxQRklM*jSKAfs6MZ>#7kE69O`?tru)uQY>mB#{3eoy+=S(<+`BHoYq^k6g?6@^kI_vCAX)CVgALfg5XX z0tSsqe%ZhfbYPGkd0sUevf+svUhx(DU#BmF@?DGAqwT(@nz=0EJqySImw1JId0y6$vNsP9`Zr&=KE#N z_h0Z`d4$pl5#M5B7E9^RVD{>kL|TE-#}vyNN1sI3n;Abo5 ztzH`QlLJ>CQL!WaE_yq@-|k1%Qzjgoo$4P^LcZ6($%<@q_9{NbTyA16C8I3m229Vl zmjwG<=&}|*9!%XuVYqKQ_D!5|l(#KK-o$Fd$O&IWzLM-%=|#;~vhhvrulfPK;(kO= z;vZv&-HBa%m(|*}|LPOncTv{^jd#~utuw~Jn@g~_dDjD1VRKtnebaf?y!8{P`A6QF zaVl9G@d^Bqbt7Xczabpb8;-bD9%s<0mM0&4(|45mHLb&x%Hu6%=b*zLs=}`K zg#y$v*DXldcsniY;z(kcFEWjN*qTF~Wj(tUo~XlKzlHB{#Y}m&w;B5jIH@6MeG?cO zzZmX&@I3TEB{mH4(;j&5U9;}R(Xg-bjg`b=+u`9=u@E|32+Z+op(F5}z)qk-~1ZQ)}Hw96ARd* zq|d>F)uAWzttm0!ir0|aJ_r3Xhjn9quKxKx^HW{(DfJKU%FsW2m;M}$rq#MW8~y*5E(x;OhC_cwQcnRi^->kH|-Qr1`;sU9UeX=r5eotbg?=Y9$Pk)21J z9-~ISG}-$BA3?rk?+1);fL1m_gV1;$^25g(J%zmS_OA6iHbMb5f<3o_XjJD*0#9HS zKI=!=Gu(n7j2u!Od>QYNd^0kEeN^!mku7b=7UW7hX9C8rgjVhew~FQxb$o9@kF(#X zdZaZuxuh!8Fpjh4vA2_Tc3+biXY=&;7gM7#ct?!ib~9%mc1>9$F>d5utd95ajxg_d z&UQ3Oq1MSi2fAM(K9Zyoq+0e>67A99#Ir>*gt zt4}0u1AqGqP9z>8hSbkq)&8OU4dZY4jyO2<6PK@srW3c(E1KHGI^tam2m6}icM4zO z)-QSSbQizf0}lU0FHoMV!@{SA625x@sFX8 zUq`?(@+gj8aB=sPgKxa76j@s}_c_kKZvc-Q}7aYii=>#%IQc z+x!b#wzxK24>HDwua7Q!ypppyg zMd=zM+lIGoyh|g-p50U#`QrI$UtTuleGWX{eqgEb%z0kv_()eJb7_K)9)gdWeb@-Z zT;Zo1hgg$Kuw@(ZpF6LluPE!%jSkiQmZ??0B+^SAS|>8g*bwNC9`N6OIXNP146RFE zA$*D5u_}1(lv%vT$oa-1)sOV8Le8tMSo=7%_i2#%vqll`K6E5d)OHPf->zZr+Y$Cj z74lmbcu_1Q$lnZfSjR|YD)#O^-eoB_TY9#J{P_ObeAB`U5$LGo>d-E&Tg#u0hznU?1RsX#PQiWm)Z6X z{{OLRY%Ix3&CNR>jS*Aac)`aa3&}6KW6<{o85r2%jx`o}U;WId%vg(LFJz6?b{b=8 zf8YzuTeM;LpoVz#OybdVtPtzb+A)UnRau)Z)~0(5bi=$vlfQo5;Sudqnn{d$4tw{A z-FJ+kUp;Ho#Ts?vr%-p@_Zg4>^9ZpbZ~aYjs{C?$9}xRBqvv45d2wN28cAMou8EQN zwF65Bun2}9xiAnLPs}xOa;`(KjGe1qLH&6q8vabz1Clf7>qIxI7LOR@6OH&3w%l`k zJoHqE{l6K%NnYfDN&A($z)v^pAo#v|3i!0Ir3>72ql16r;D_21v%h4=7~yDi%0Eip z0E~53UloDwh1Q8Fd5zVf4rI!9_@@88!13=O%k|rMV)o*xeWGdnifU_IX1uG$w)xDp zJs0J?CLN}++L7xTw`&PCT-JTN4%7c&+whg^3qKw1E1FI$X}onD-(=ocd@S`Npl?TO z2WOok%MPlhKMq}qkCOO3aLzLIQF*@GRN zZCdHGTE~x2jBw9q$N#9tIp5CsJw?$g zskyQJ-Qs9Rjn(%cx%4^2-b;MNy~M%hd0`ct?d*lP12{W?V+&(pA0Bk=LwwCEHZe{D zxhS5M+;BgaskR5WH7B$0)R~tHr(oz2Ow4;0;}6? z+gDKBJwNKgT_RjEp75o3d<=NnnX7nifn_zv!IReeqrhrvl7Y1eSd-k>1gu+u(e0Di z1pd`WVkI!9aL@OBz~br#TW;7iz70J0Q;JIDU|I#iGxA?X~L9Jo`@dXMV}wAK$6Ich-h# z_QO}dSG}$}=x;8`^Y{AjLzI*1W?co7Xv($=u84F{KNT-$t>%PVeb@nh>;UCZq*uw^ zQV(w80~x|?7@6ngY4-)~S24Dwq&d_IS)UC8{#SUb-uA&yjpTz(f>TOGi^F|}D| znR*nj?$4NKtT-jK8}Yui|k-p02+*VOEs2@aiSk6Ak>=d?*O;KElm zbm+uqjs7}Kof>dy>oj!gty%PSy7sBv|0&ZxC3iMOvf2-?SHm{}Y*g1zz6sj78rr!U z+PNCqdGX#E8#<^bs4aY;cM!E*GoYXCCmLSwX77^DKq)7#RFaq1+r+h-gL&+aw{5=} zd3me5&b1;BEWPpW2KH{3BY*q3zln9<%6_D}tHQ63=dYqjeHjYc3f_Nc^{S;yp4)8& z>KC$)wh=uL$Hubtuwyp^b1JUTWd9aJPO8u3H=s5BE8qQ5(H)=F58-k1yZRyoq7U)e zmQ`un`?1j;Td3SxE|G5V z3yp0d`^!^m<`l6wC=$Q5Irw^RyeJS+b9Vj$CNAjTe1FY*RL+|-!-PM~!^q#;@ zY+^l=^P#UCu(jeN2k?)|-z}g9(xrKOKH2lL={i69Tk4KfQ!lzcq#7hXi~ip*zuSD! z#^;j4RlP@mL31LvXXdikq0t)Z5G$F>essZ1<{~~+f0T}(J(nAqi)gfo_@Zbu$=vh7 z+cxH+@nkDx!*_t|hZ*x4YKb-Gi^2TnZt+Et%@Md{&G; zKl+%to*!Lhe#?)p=HC_k30BE&!~X|u{;%=yOp5Xi|AziIU*@YuAp?zuW- z%DX0K5iq{?rg!^oAIQ;RTGN!Ab@iGfXFp}|XVcf^28Xtsoo0TwU~w-!W7) z>FhHWPisB&``ur0{E-@LQhqn_Ug8}c*s3w?O7cF-*}EIk89Pr6wnFR?Zr#m3_#pOa z0NXSlKLi_kr)xtm#Xil$HWd#jzb1QExu5fYBOipiCuEmw5?zn7hjtL}(H`arH;;d= z4!WqNmf`2nQWD$i#$)%rJ|141K(Fw^yl`vx4R-(fBK(Cx%&(Yvj)Q+1h;{g(fsXCg z^7I@BF|K<46h|wWV+V6_e3_jm`7+pWN!OQgKEJIR2;j%3@9WqeUQVrEUuvE=gj;){ zlOxEOICxWTeiCpLGZ)E#88=V7+sGB*l#e(FIEfQSYJqbR_3>#Ki-1u$9~3?3L%{fg z2gYppR5v4E%Y{$5*V%t^{P+C>=WU;S)#h4&N{Woa-lhifXH1}Ws?9d!I7rm+8r4l-$e;l<`_wQoAwyCKaH{1$UUS~a*=g=B) ztDWAsmCx~k{LrBCM=QX`aCeSP={ZVveaV^EN&5aY^G<}%k~{OBQPTWKz0#+AbX9mH}_a4ys@`E#K)}C3o>l!lns9(Xlht< z*zn{6j2}c_?@T*f&k|GHX%(IwDf7hCT-k;VpMEyWhdL7*{w$Y{PQ!-Zo`b%Mj6O-r zw^$CjrkIQ5TAVu1G*6{vTa`;^<kk?^H*kJee29^MOruB3`}~Y=$3zPjsPJ#O9@A zPq?x+?&OdqUybjNT$PO7&-mB>PZn=u>&EMd6+-*pe+8aKmk?(N4Wv&7jMopAUyEI7 zY8c$!l8)bzrOQ@~O6xL>8_~E0#I|y*@6D$F*$4B}40;!erzT-*$tRaTZg>w|#4Cso z1c`Z;Q*%L{)Uqy&yhjaGHlM{S!mVZK_A=@a@zqJT|T_|Opcyd zL|Yj)Uzv5^<64Uv?0<6qrhg6j50lFe;P)$EcvC!?H*(Q7RAn>_sFaGM(dclvK+#5$0lv?Df zomlVh;6cStMHd0am0c!TPW&`=9=zhGCRXRlP^|}ie+P5&{n3%30o%tke53pZ`Jd!4 z=y;@+%DH^@=Z>AE_$T?E5XxwVbzw* zx{$oiJ-bdz2G`hjsPpVW>rFeJ>pq(xr>uNwLV44vc3yLV`pQ`BcSCP{lOFx@IgMRr z<<67BH?8*iT^YGb>&JTOy{Q=WrF@p&gMVa$%l|TVWz1O*4~&*#&bN;>b-yl*r?d^7 zXU{~(G@rp*uJzas7XP{WX5tXhciR7$K_9?B-&OJnYVzxq+jMe+Qx{M-r5e8fp*Br> zFMUDkm8fkl`}N06O{{RTNqc9g)wAPe_If4m0;k9q$*f%d^f1|hcTyu_YPgl>OWU1W z?{M_ioyc~6H@4?pp_9OF^%kaV|S*aY_zW`$gusAwvt=lL6Cir=iD;u#-rMD*O{lK5v z$HbVb;atHuKICi_uy0;E?zw;a{Q&u4$xrOTA?~_6GSh263@9Iwji<0b*E+Ej`e9T? z;v+KUAM-hWwl%rExjHmG@7yWa^L1*4-#{LzX$OrxuF^q(W>%~+z1bTsH3?Df;cK1C;fVG?P;=m#J78gyJ zQj4q|gx-G=xYakyt(Ph0x?oWJpkg>Z5sAOn6AP{P-T!z!@Ln^*Iz%t)R>h4}HzT-% zdDgSR<>AMJ$T@0X>f5PJ3Wlu^?|)YB-^Tle6OEz!_5MM;zmvIl(bvoEf8AvjH_xIj z=N9mxcjxK8=~ieuIrH|>=zn6FE*?r%14l0(a&5aZ@PG}FEYHM)dU&bFl>00=+-Y4k z#O!I#cyUY8i=VCbVB3-+$BD;M!8{kT3Ep?^q|*4%uTV z=6HztN`9Y-ZfgJO>Dw83j{oE4e{P;AeoyCrx;T?vd7StUz#IIYgzwF{7My9`IWrLI zniB|h|B5|xb%D^4C4o@#2jSKlYFp~4Z3$4v(lnkk!8vO?IbZqkno#=?+|}-SAcG+kr#*pQo_TH_JYE{Iyd2wc+qgaxU;d1Fl|?O(A<- z@#OZ~ZQYlgTg5%dE9pFBitKj1v(kz4X}?wl{z^Hz?;-R@1-fq&y5uSB^(}TxIYakt zMkmSFR-Er4>WLC_kfU>ILOt+B5xtAG&Ozl^sOcYz-s=YU_-yD$Q-^_`_+;cKz$O^H zI`2j7yi`rg9C(jsjGyLwzLl|v``WO8Q#+qR9W-NY1>OluOQ$7SllHorP{$J1iuGv! zJ?r!*Ux@wNt^LKmv^MfVyeDtT>bkZYyaXXYf2aI ze7bSru71`fZ^Q%Z_u)J3Wj*$@F4K*U5BBcE*6DyR-L+WtA?A2FbL^N;y&7Z7j*$O0 zllQ;K{I;<+HGi19~i{A;U18RIjK#%Jtl8drTN zpTyTw-Hhfh7`o6Wf?*{(qyt+GJG!rnID-pIm0+35efWc-Lt}?w8^^gv^>%ih5PPGM zjem!%Fm*!Uz*{H8UYxZ$H%xnR@>L(iyB0!=srn$%3BM_yVd{hUZv0<<`yF)*`P84$ zKQeLv9aO;Qu08Zy<+EtF#FyVY3txlxHoJ913Fe|Xs84K;dLl!|#mq}{Qa@PHYer2G z&q80Ei>_Q$Vf0+)Wqe}hWqe}%UB@S0>#Zr$ynL?R=gjH5z<V9`xpU$kYQSLv6J^0NfW{=I< zYI>d}utj1OrtbWhwdNy{D)rO^-XyYBvFSfPaJ)tOATbwTM)4B(Bc(@ce33lf<@lC6 zPpZM)Z_itBYrPbErnas%Y-*$@N48K?tK3qe*<+txOZ=35-_TKr*tLnVj+Ot6O{QKM zacnXlHrYuw$R0Ppk@l4>*;a*_erP}Q&^hD@`O198PB>WIK8zd+yssWLS@Zk(O&>fz zLx(l2>uJ>b{_dsIw+-%h{8rareVN|7-t*S0JTKzOc4DgXx9#XH;X7BXRCOJ3 zbc*Z&?1_}jSN`7C!FJp1J5;-X!x{kc)5?lU!(xpYmmrmA&xfTvB9w1(# zGY!4*zyb4@_+*=rMQ*&y@ZohsBMYgk&k+wo4wXdq57i!`%siu!7vyJ%OYO9*Pei_c zJMsdbD5G}L$;;%3P4Ub}GGc{_pP9V?mz+OP{v!=bR_^3Xc)b0^)8}ytvr_qw?DMz0 z{5@lkHRW{UNiJP_<4MDy&GF;VO?Q4kJc(Wtr-~;%1YMs_Jn8!f;bZJT)q+bFWyh1e zFuL)i&M(@wmUwwU{+VR+bBo@8*9XUwE_8XQ$<_-w`NX-F!6(=Ycev~5@WNbAE=#azzKtb67xcJ!g&)`xtq z);^dg=wUS4qQ(kafOrG?9$vz4Zn7dpH>UIeG`glxiA@#cWwgH~h`vEwQ`c8u+=*l`elZk4ll@xh=SgOyL9 z7_DNYiXFGJma9yhG?QO$DQ~n9mt_~S>x(J z*zS|oKE&7)C&fLn5A0Z^E%#j5dVp1XG3BEwep~6pjUT`!(0)rdo-3FY<5k@FBI3q6 zlg{36dB53jIgz+AzISUEHm>5jLH>x5w%$nWxE()5vEv}|)krCz^z#vi>x)d5`3#pd@NTU%C}N%^Skx7?C!*; za^p#DPJNGNL2@Qr!{LE8VrhR*^eWcjq66^xWLFM)ATG>2e{mSe4qJIl5 z$-YwTUi4`}Byzb!`u~&IHFxTpZ)KiXK$c;rdr@T++aV{p8~C3m*ceAzqlU zv)tI^EPOn{BtEVnHmUKu=A%oU_@KM4-8ZD;gW5;fg}&>?j&orO0aF)pQnJilPhvSH zHb|_)sV%YVxUYuxbL}I10C|uRALLyNz41Zem)}zHLB1PZ%x}M>euMbnK~H?}V3!*o zWUU8`4+2}R_@Fzlfab;fbH)dG)*BxjE_(nRh>pGS!IShg?@Q@xXHMIIfAX7-zOJ!# za!!4H8rR(T;9}N1C1YH_cNqLW(w2Lj`-u+{Bb2?j{CP*VI5xgl$9EDJ>>@7srV|IG zbin-Q>id^XJxJQ#Ye!ae%!M}4v8qcdKrXm>57}Va+na1b{>-GOXpOP&4%+*B3!K=C zo&R|97RSD;q2{y&9|yd4VK0$)H93%&?7NxlTgL9|M_%+(w-rZLB#;$1L(e_P3ek2x zew6IFB41wf>a2af1<;orb18^UXANY_^+4Og+hNXzl|9#uT?Rd*U{oyFuBj@D-UEz+ zOE7d}&j~)|XXM|gt}4c!Na=FLMjmE82C(Nc_N3;jsk#u@zSEm&&t>QiVjAtNt$H4G zqSLgdL3d4EpJFsP90sf-u{+Uex#~e&ePP!Od-MhC8Nfc!9=_+<&z_LpV4OI=tENRV z*R5^w=0NKTs3{Q)WWS`{bJxm zz0b6tNbB(6jJI3DK5J?WJeaxwWLt6!G7p^OA)`0)+^6Zk`ZIK>_7|&m*gL0O^NbNk zm96(x)+xnv)D4@MJZrIezr$a}&@5}|-d@VlA%`SA`O26JXg96V_MVUYD#pQB3ll{^ey zw{VtG9e?A^d0u{Vp4SV5^Hw)ndB%tF!s+JvW_s`=8lCUp-ra`mrSC2N&%76~!R8k{cKwxWzITUe$2Mc@zd#OS z_a@)6O{{4ZaP?nc$3$P!z1ttX{>R)~;u}*BjPqVD3@;z^)}z-~@_hyPeEHmPs50VP zwg>*6zvQv&?-~5vjC+6loveGm=3BOaIJxfK@Uichdsp!6OT2f(_a3|6jHBin89vJIUGvBOd7@i)59Ngm@hiEHdO2d} zW1Se4y&jU6+7}TKt-#-fT7$am^G*uQ8gzsI9@gQ=rJMzZJX9YFpKRC?=z@Hf&I^xI z>mr>sYx>(QdnETNkZH)f#0GqM;%+AQ$N9#c$XWFd=>q0T>YOhzdm!_p>d_cuj5uQ* zUEqP+D$9U7Ll$lIXVHu!>yh!txYkkbJuA_X_1Hq4==4*`qOikv;tlcLQs_jrbXW2F z1Zv`3*(=#HeV;9JFA^U4&*)26CZiMDw^|{^J~H@mzt8kbnf(dLp!9i>)YY(m*yJ}k zudir_pWbbWq1IGlft(R(^@Y!69j$XB->1e@`9b29rgyY?7VLy@5|$TPg<+i>ze-PF@N#&3B;UCjci$@k$3ql>NzcP zJizLm19s3A?Z6fcVq>sId4*PACweg-UtW4x{(KkfS3vEQ;#vjtS_SELA5@-ui&`Lm znElZ5$9TR+-xqM!rM~l?4t5np)HZ{%vQi)wfdpkz*G|5?o8{r-p7awRy~Oz%4%^WIEMxa{7s1~=rn)mL_H8SjtJVLh&8?dF90V(?Sq zTE|}4A29OOynDg9<4{UHn5m`Un&d%@`G5Vl{Vglbr>A(i$pQDN z&Q z243@!d%N%T@4&}R^{0_P&DpR9zgt+V05a_!@N4e1kafVio!;6{Pe*20g>A$J%o*#V zt=;tU-HmO%JM8q-waO!^$x*G+_67cs^i|ae>sis#R(N?k<1Z=ToL%NuFv8-@Pdi^2 zINP?*{hO`G=NQ|-H{l%BfP^lh*N4u|RK25~$De+ti_cwiS#Ru9ljFK|YNSkkteVn2 zm}OoOGFc|TCH37O|T{E!RKxGdL~~_jUKYAsP^p^ z;d+aDZc(EroQnoroL7VM@F{Ta`%8bzCg$70d^f>6F5caFZ+3c{Zh;RJzqpXO;~yW~ z#@x3t_ZykJZ0TLF!I0R;Gk5w|64~x*Xj9}kgPnJZ~b8-(oX{^RT#Eb9$6Yto} z86aiW$jDfF*{Xl&Ja8deUmZY>!}sE^Y~FWuj`Y!{J!v1{Mto`4e|`j8!h6<^(Ia_TjK8t@u?~1>q&kH-wHND?G|M=$d znflB<^Ozo(eaU8YVO=mZgZn$c@734_o#>F6BjF|F)vRIow&;tNw zcuu6Acs2V8r_4E29qP@qrW}Fxjt8(8lL2a3gC2jwKJ$)xGS=?nkq+ukrN@ZhM8eM5 zzmvgd6`#vE2UvZXs?b5iPIfBSLCvMf7QPj;|Q(pg=|)$SV23H#|G?5AeQNxNr_g$-1~nd7Um7e9UT zf@vF9Sj(EQH8#HQTULh8s_!xIy>Yy?Y!m-VF2|dYL(Bo0aIo4M8%Z+GBIdA?IjH~q zbY~6=m_reBxRE&semkFJMaMA*_g?Y5bmK{IGEOh!G~`*w+kod9Ut{PR;_S6O*0Lj< zpCcKdxczGEyd%i5K|U+w!nPSX5r>y#pU78er7c$6a@AumZ{P{ey1^E9&?S$ed?mft+z84CuXOGum=RpG<88l$qdCI5t z&JFjyIX~Q2?;G5VvCn?~;`(xYgqgnLwhH>R?Zd~}i%i>(kLAW@xBNfsy$gJm)tT@A z?!9y2A{PsaHrDJAu40u|1tYfX?4W41V~cc{mYyMDgP>^D+EZ(>l8^u@w&qo5G8KCW zV6>!aGgMETp&bJ#YEg@5Z{y5yUvdHQ0<_bz70v(qTkrd3zk6pVsMB*kXXgC*e8S%E zyVvDe&wB3bS!-d}dbIM1tBA`ohnvw)$j&zJ90KXAX5f>q5qzSJ7lBdtws98nf4bB6MPFk}`j;b938vIl5l*pck7f4(>Z@ ztqR8{%>K>)4u8eybkWW!9_?V)eOTK0JH|K=?HKw79&h|yTr)1oo=okPe;uD^$nwSK zmj;42UIRVpEIY0F{I?&0Umu@%ZR`i12cb>Lajn^(@SVuL@WkP3kYPLddvk`>_-I{$ z{m9kVp8q_#xkCyAFO@E}ZoD1)M6~vlvBlYg#izlM`8=T&e`MPf=wJBrWM*;{vT2NC zr%UEde=;LK6+{ea0IAJcc2>#MAiY0q-T$h-6F=9T<@vz}L!Ay>9wJH*&G zCi|_7^_dhfEWrlpg#Kjn)fM4GJaD49$LP^N9&Xa_y{n41R-X`Q|NMW$55p%g=QtyC zB};4NOLA|K;)k5gekgj^DbW9SwsjI0k*_Kqs9#At{2phH-(9hB-om*LJMh4J1|H5k z6Fi%UNAw!|g0qs)3CI<69=RImfn+(k@#q1?_l?~HT*}G*0_)Am$vT6f^x$>SmHJr% z4=)A34OZcvjl}A9Kx3NYRq!bHyrfsbBfkI^eXb#fx3uKwPZz`cS5a>n^>p{U_O$*8 zcp8Z5;m^M$x()GMLmQ7#SN(8a!;iUhc)iBFp>E!+F%FHDfpas5yI-v z)L(#eafRQNR&9kD<8;L)xn~f0G2(;Z^7&Ky(d%#BzRy+Pk2TJlb@xMG7e8%cPp(6+ z?)>uH+bf%L7=OdJdSkBd!!hTbUjd)UE*3uE&s+WYkiW3d`E5M(P|g_*;7oLljS*`7 zHFy%@RqqbCDo4K@QVx+DC#b^)QC`p6 zvQ2Z|z0SLT%Pm`dD)v;i{FTi8!!I&2_lEb zURjGRQHWg|Z_*x{Q0pe$({^jvUJSkc_dno|G(~PvPO{EvJG>CyU_WRX=TLZeXvVLI zw2$)7C-Pf&`1Z{M`UttVH(Gn5bJrR%vo7*+H4hgt55i%9KPS%Vtg#VCxg{}*b#TV| z4;t&32+xuB=g>=@eSQF0?ay}y_j|2xlyHY+WZM;A2JRB*W*okt`o8>h?)|-OTjf)S zo0_eoKkY>B;C`WvbQ>AXHd2}aP+6rhjo-KqimS6<~w)O^nK^v z8hv-*cjEto`%d7_x^EV~^zY|Q%v5e$2)q_--QdS-DflB6fv#z9*LzQ&Aot~?5wmTy zZvVJl#{48xvZb7Ri#`o54Gi@T41OFg^WpGcjjp%){sk|@P90+1ScaW2n{(rvffE^W zZZouMk^8!1q~a+fjgPZvv{SBxvpi>`FE2%IW|iZtPWeKM##%Sl&>lSd5=Sb}d$+Xt z>x(G=9I`yCyxXov1FGxI?{j8;GxBOo%ht zj(dM*{3nrHX7}NhJA_?)cj(NZQ_eT%mN=cYa?BT0O6m z-x|2Ls#bi9+)45r z_NK7+tG<-)Z$ z#=C{NZ9!MxR9nE8Z;We%uS>>ewN=l%81F90X=^-qiqTeiW*)QPGPu7XnAO%UwZ*&h za@va0))#1NP~89P^sKhPS6hsC<8#`Qe*Dbw;CiJXt1SZ;??&acl|(n4L0hqb#|W*K zXks&PjT->2iL4jw05@gl7n^vwp`i+V2&>dqTu1Q_?fEcpQl^Wx zkuTn{8!nLrj~-#!-A9IUQvUP3__XH+pydVMCo~WO(y< zyV|8o$u3i#chCCzs8k>9`BER1*m7kLoZY_<)=vlQqq@9*AH4gqua7D8QHFh}KCl-X zqhFZd$zp64Ba7Q&wSBTUi@%V?Z4J#?vbZhEv&QrH^ns1nXmV&uiCtrFf4PQS6TVaL zP($3Z>lwfK&N_*{=kl-lt;6!m`a@Bk)&6Z7gPHeF+Lg??WP6$XXME0H);lHdlN*hG zgf>2DKX$d`*KK+Eaj9hV-fUWpNk;Q-3H>Nem!eItKjmJi?eD8iT2S$sg7dt+gh$2oz*6A zw#9h&?k-qeLQ^n+nj(Lbo`v5MxN*# z*aUK}EK+KR;X_Xjnm%qFYHy(rBM13i>!KTZp2Xfu`8gBxshAZ!lK3fkZa;PS)9?y0 zEya<41svj0$(USO2yPC=&iyRwc#e+to+XFZc=)2-zV`4_)yF@Xu?;c@9Ut#M2fVw1 zHl4QEYeQUqGj||In}^#E(OwBL0zaM_kkyJ?1%M43!nyyC=S8&9jSb5lV`tnyVcb9I zKW_UYj(e^dH+)CCed9idanr}Gv>6+Wmv5MmHE!k*TVR6yX%Clq+FbS#arp_;=E}Tq z&QqJNeeK8TgWwd|xVHhB1y1|yGUnaLu_3hCZ+`HTK1+Lf=LfuG%@5CiCdcA7%@1n| zhAw~1{QS88{7j|I1Tr%pUB(2@(HVVo={<`sU!(mT7~7)NW%fw}!AM*>3r3z_q>V2L zMtoWWXYx(-V_qB*qsW4f z=Z9$HlY$SwTlZKb9tMXG_s8MyXtQPj-rnNUo(H4%ELgvn4@TBcpBe~8Vz^l_^86jz zC=iUq3k;0p&KSMV+M~xeZ66W7t7zNEYTESLN|eKcw7r2gJ=;DHZKJcZeU5tJfp=fb zH|CDv_PRV{CYSEKPWls%bRws^kk2jQQpIb`UIO7T#qSr=rjgD3mZIGGULV}A>e)rF zV&lc}^MxBv-kC8`W_g~z#iL7z+c!i`&*IUT)&_W2>gz*y+?h7v(Ju|wR&AcPcy~g+ zwj!hK=wNMi+iBVN{rj*SzcDYa!dZS}W0Yt0 zF~rwLo%-PZQR(MReh+UVK5MZKSNarr6mH&vVzV{0T{gjqb1#n}OBGv}y~~{@M&EGH z3i1?soo=DI~+acfSNC#j;bh>9v(0E}x|BUUZyi z^X1|aTk255oC#TS2YquW#=9rfrhLLYZN5&MyO=-uT1yz8_B?tqIAThBTOJ5!*^#?s z5Aja%HEjj#fLKd5h*jU=jD&; zvfTJkqwLtpzCN0L^~V+O{*^vDOuqD4_Lnpt zk`+FlH}ruXh`4jvs@YTI|pt{XDb$M3ZfA-a#IZ$14K(qSgS#^Kxt2C0I2`bXjBB*bDpj!Tdtu2eekZ_*T)0&vB|Y9Ods=S_3y(P zL>`3m$OGOD^Yu|rA2r2}-mlYq+&;5^A02~?Bc5j*ygU5Q8QQ&uJ}NWgXe&FKN9IH( z4m=;#6Z6dZMEiHXKE9|vT)HaLoHvZ^KMrdUnG?<ROjh~cMtjcC{-WBojz7GA5r#a2cgr|*kOHku{CjET^630t;={8pMTfaM-hFL zW#*%?Y)GCtuN{QXoAdBF@4n&d<4y8?YBGIbPmb=7D{Bxv6V9V&c(>5k$1BQ#b8%H? zWQo)c^EOX3ao#@L zf@jUgRQfPE6je?hiq`p0dE)J+;YYLg2b%K_$$jvjH)is~gVqxfa)=7(E5N-iL2`+- zM^pC?fbV>-ooW%N`rF(g%F` zFV6i3nfwU#Kb>w z?Q`=ey!?+lOukI!eur|#B)pQZw*t85hrsUy{x({n6`RO4;hDQQBkX}9ca%TgAFMY1 zjB^*8a+|a#_pS>#Uy@k1{2BwZJ0D(ttL9>Z3op4u>D+u755BD?zbYI5ZQ#Ed{OfMO z)T`{_f6c0RiaBVAl-hOVrZ{uJ`Bkr3_D=R1dig3f?mRq=9o52_eO=(c>(xlbRWq%| z-Q-QNe|Npk<;G`gw3dI?+==C%k8_SQA3yqhHm$|n@x72UA7#Gzcrj-_lkOYhKIMbrx1S;ko;QU1sUT_OL`p$UiH@ASctsB+FXsPyp6UU;1^YUn=Z(0!$k z?)~RodHBCNhyTixe@Z1p%3l*FNw7K zX|U3VBhg{{Cyq>b&BKi=6KcrY_V`A7o-N-$58mf;@FRHlGG86Yr(8J6vnF>MxK;vJ zIdB2<>Hm@~uRfjw+ddbz&K%eRzIhY=a%JQVz~JF57mg2tuU`1|y>ja%<%;>`WR0(1 z$xsg^9zJsE#mpbDTFgiPp02K2BV0S=^*+PlbEWG@PIW*zP3InG(Vtk+c}XEBeQ8NwdocFyR| z#@7~yzjT+XM?;#!Tznlc^pm;oSomryI6iD~a{m(#1H+GifqPjxfp5KsKVZ?k#mgDr zWX3m*@sa1*$vG%p>?`PIUqKH!o1*;-gxhl3noL{MXp8($?jNEYV+NKU#;*KIgLijK zW!xX_jp;Y;n7sL)icIj+qRtIIaIUvc#Dxo8oPbx=|Hs|Al@5424}OLkd5}3@QTQ2+ zJg|@h$o2LD_ShGW1#af9^JVsB4sZ_hvmOi~M|VazKV5n19*rH{=E#7gH`a1Tckb}b zUn&oLSLe}BH=v)Y9sP7mY6W?W8D1;@RHGc z346(NauS*Zc#h3p}ZVjot5#A8asRC zO#ZWLBguC9RUb~sXNNzvrddmjEMK1PCE&!!d^b<`DbC^c&-bk^4n)5WZ96!q^wIWj z^UU{9b3RA5ejZ%}Jr-gQG8Tg)H_vyGo9DZlJl|T@w3O$&iT#_(^F0;YXq7L|S9!aa zA`7z0v8JT+8CJP@zR^5+zFFmImo-pha|JxRtIFZIhMe(V=#KxF-uPpVyxNh@@b(_x z`29TX$@Kq|`XyI>e*qbgSAIiF-6_s?>f!8npUXA4hr~WmF#Qj`(3~D z&k6fcyE4y`^U^u~eRbqyq|3~`z5VZD%B6SN;C_042phBo8?+l6wCe-fpwM8pjgT7H z2G8w(y67EQn1H5}(6siKbjG+FgfYo3)>%=1NtibIXk9vy^{Vt_A3g`8uP?}cVXhO* zbrP6Uz}#8RoU?tj_wIN``NlIiedN36i?bR&aQ#TXd%isUZO!99w7K@OXgYUJ z^V!WKJYLL^8@t*Zxgr0+@QzDwWj-4|_r8g#dHk>Gn$JA6myhQ1!PoVhY#%2dt~HlU zF1)#OsrmB5zsWb3|6=CSvalu6v%r^dCL5yTw;A4-e9qTr9R4q5PmydEZ$6y;PMPz_ zr0Wi8{Eoe1VogctS@EV6IMKc$?b}kH4-=26@%9+H_6ai1zqGGZ>#{l{=G5z4+hvzytNz`k86FUxKJVh`HlH2yA^qq73iP+a!(WabD*K4^cZHAs zJo)U%uZ%tG*%`0A)2nkWXDFAYtRr$XiLDXkQ~TxnVx;wsjnNmAcAq`nAYS>?V-BxK z2l?e!Kl*1c?_a{FNceQ|8?G+%`x6IDJS8(;>7zF7Bi_c{{8sZ1Is^SkLQaY%Kw~YwfCU2_G1Ga z_zU@-x%Rln501T-O&^Ls4d~zHz?P4WZt?Kw@khQmqI^62jvoBF{n+{kT)%FTaGg&c z%C931-vj;bhc^$vr+x7!mo5j3KmAvr&vFm1yR!ZJ-#_}%^mFkb^!Z;=KfnC)hu6=m zh1-1e`2V1OuJ`blLw^+?k^Yvwl97*|JQ_$pzj4&n&+vX3=dmQ=|0thXYnZOQ8B9Nq zbYVT7ewGhCkPQ4w=U1KB}tj9WC<&Dn8z^^GsC-It%^ z(&Hvy+$J|a=RiJrqIlFmwr9#&`|!&ZZ+$rA(dTjGix;!kc(#3j@qCc=;r|Nu+fQD~ z&)-)IN648E%im4=2IB9GJ@5Iqr~Uaaqd!0E!g@UZ{?DjCFZ1T-IP@*LKGr%gpZ;gk zpZ^hk)w?%8JwGAbd<1$@niI|5@{Ge(d3IFnY_07yj))boc+DKeEWf zpU(~vZ=UoK>91-K`Wron4c-k6dhwdSgw3+UXR~-QM9)7MnrA(J^kDHCA8h$_`bZCl zgVCU3HPE3Ks}YWWzI9;v*9|RtaT?hp{&n{qK3hfWPqLl$&l}$zW_;P}JB{GJmh~O- zSJUKcvt~vvG-peeT=G`aPR{O$vL>c=Vy*L#d)sE6#yRusHAtp(4uEq$-2AJu*Ln6v zv)9CK*LaXw@^Ad>Je9t=P=2Qa?MH+6?YVj3-D@5Fgk4F#zaQQyIq*K11MgS=55T)C z54;w6{MG}XF!wzA;XSrA8^7Pmfp_}<0eGA8z#CUC_VYtHXYaNwdf1x-@8vo07JNi_ zhjO;A-&QsBIC`R8#{Awp=WtV$b;#&fXV}_D`sc?Elj9!Q$9~bqSmb2wOQ|sME+231 z#9WtC{-D47g}(BCEHmX-Ql5Q#ZPEBS-hLqV9e>KMVqJ6#dn(vx&=%`BCu={DDbKrC z$b&F*`}5D*mFxvt?zI&@ci^@-FS**?FQ|PPrY+v>psi-%{ru_XoW?JCZ8Z861AY!C};Et9p>OB6-^4-3HnUi++y=?H!EqY})eA$Gv|1e$~M*I5}iBhD`Z# zr~F=T{?@tWtJq5!yTmD9tM=O_uqMB1+qj(aEB)o?IOWaQmX9&~KRl=W_5Skno$|oH z*Sh>vyOQ(PdaDfleelHm<-g#Rho1IY&qDv9mD~Q{l@FI77jN6Pfbvmbk6wPV_Fq;2 z%U7O=tRKtz@pJABLVR{>sFAN;xn4QO>7+xAcL1+yA-w zNGbPCJ<56EJOA*5eaTmTc4YB^-ABfMYX6bwt&t7UW0%|;`cCb>s#`-FbmsCB@)8*L z{3z$^diBYpJUC*MHGlDjwflDd>7R~7_r7{$am=ef@7~ZQx9>{@nvWc>jn8wh=#FNcD{Bbx&9BPouCz5A3b(8ZQZvoH144z zyO!r~OS)EPw8XxChs**qN8>Md%bW3^Ha=@C({sv4 zWQSPf>X4IT=-b1K8(X~gVaMM1oJ;2(eIFQ>P2X|W0CncWG-!c)qAMEMx3lr*){UFU zBi4Ns6FAeoll8N%P{E!S?r&`2{>Em@S|4XUZS_db2C+DQ-ON)#>+nsSs~kM~Q>|^6 za{t#9+AM_j58;05P>4GT*WKAeoP8%}$7`PHf1mEii*xs{e@tQb zT#_fRAV(>44rE)|7tS>M{gg|ra}RYd2j}&)HE5!?s(^m4boIOPd0{uRgA#2k3|A8PW=Gx1UKvC|XyE5z;`&ma4i z4%QG;^Wvu7ezo|SZ#6ZOKVaggqTUMqGA7%{vSvztXpg7Gog-!ZC9&16 zoigyAk01E(lAC|{QRnZ54>^BJKEV9lMy{+zt zrNPia@}tS$^qV^R^H7pc(IWCRUT>xytEs+_u3Nc#;L&a zP>1C_Pq1#>N?T9<%(_u+KKZzHV_2WJ25yX#7o)t&d**Pb5c_3~k9amdB4;5Q8*Rc+ z?l!_Fh$(N<@ezmrjpxHSaLgWU9oD@rg7rjTRqk{gnXA0bPULd=XzQgA_X{Mkr6dO` zb?%52w0|*~eb4Z}WC45hIC~pehiu*ar{bCQf9l1Ll{~b@Hbg9)Ws_bDo^?#R*D z*&}lh`)59hq2qL)WUp0p5Ir&fhs&3pU&`G{@XY+ubim+3WBhXdF}7L9MxuYdoi)aN z3$n*3{A+IifgCGOM#=_zs>P8#-*n}UN3V{5o}pLrtq)nXpRyz5Ty8S^lAW`E$-iza ztDa^DIJd{xe~}qBdw|kqj5T^DxG^}F4$$3w+&$&q7136gS?XvED)Z{@f|aRImN#(2;(7^Fi$s zt}gfX2{&4`BW!$#z0u~8#-?uN+$H2&x{kYvB1SKsW~bScDShmn>+6+=2GW~ouZ;G} zsKdTv)7}p_2T%D!mA*4tRx=j%p_+5{%zk+0EXDIxKT3K5E(n1=M?y#Pdk2HEWA{Kmw(Qg|J?m~<8|f<^zNUtI5v)_XFu)I zk#v}Uf1YSTx>fRRhj=U;sVL*G(hB@Cj9$pMAM9|wdtSfs0Z#7Q;~ZZ=e+#X2^%(Bx z;#1EZ+}BkkzB|x$t<4)FU{DRt(M6Xlq`!pxBsJ9@J?lAX(PPJ22@U7(B!U%U` zK%@V1xM|ZU?vkX;cyxH2_YvqbK7#$Zrp|fVXFyK&Id+orO_;xC)p$5``+H-Or6>cEETY~dvz@C zc%#iK#y1BXUWA=NE(Eqo@Zc8YZ0AhIg^Xg~W?E;9vcJUap>W1N&HfT&mwaNsW*T|5 zM?9K9PMPoA=amQr_Ea9LyEBPQud)K`JvxL&+iRdB{F`d4s^ee}447k(37&H;uTysY-d2wqO0kG}H4iOT2TWonsUt9G0X zZuXYN%gtD2-+F!f%gWAG{`&%W%#*Pme_Zom#>SiLlX1J?)tFUo*D$|}nPTVo3N7zdr~s;ubZ zKElncwLDG#Ew$rq-4BXSk)9Z~(iiCtP2>spg|_RixJeVN^nB)MayVe`H}bo<^#J2c zaaVitHITIRhO864rqANt7(v9#^ zW0@shDrhY|_uVFsE|$1-QHnnz`_R}X@cBPaeXFS!+t9;>_%sf0i{HCS*pm(JpZ3iq zbKAZKShW}DY2cJ^vJ*IEyZj2cw0He!?m3QtyDo6O33||;qKA<=&Bm_@99)hLPU1I~ z@dv-`DLl63&JL?^J@R0m_`yF1vVFv(I+sK+>W(P?@81KzeLPadzH{`@rY$ayR7EN- z&e2DAoFx66*>7_OzGECaO>!JP+ZL@ZGI}|z`)6t=+PfD^#&f>Iu3wKblG|OeKY&DqqUzhu~X@5?^$^@w}4lu z6?nq-5%$&ANrx6-3+QaTr=0Vh%)H|#?}QJd$bm{^uEz^i^s|M23@wDS&l57`^^QI| zjIO)D{ylxjUuCaSx)k}2Ji8}=yrz#sWwk{{c6Aur<2?K8$kPs^!wRL34n_4lIwT1_ z=x%JF9afO311*|5$eOU=kPa&k*u%U!$m^#VTLUtt4!DdQ1&0$D z+k=eF{MMW~-_wkXXVK17#%6x6F1PEUMe{vUZa47V$gRkDbN;Z`mZ@7ko;bKm-@+-+ z<9zeb2#zY%3_s+`nEq&(gjnx<*cj1uT=k2T1 zTBaYSfpW9__!v4O+x}*+YPxq3cgZib%wD}Y@LogX$(s9$!fMMdAO<6u(+!VrxHWR` zL&x5|eO0JnMGt2T=!{+Ox9!IknfEo=o(~->xqU-#?-MFhKpWhlI#Y4CPS!jV(z&Fb-eN)q)cfSawMl8W9yG`?tq)=%{k|PG!8)D zSLfM}G9CJkK(h;e)!#P@(x&cXHgvPaq2*0JT0Y|TkI7w2rON_DR%hw7q?;b7TlUEc%M~Zcdj~2(D`;MBcN`uQ`3S75g6+zgbgiPOqL|y*C8<@_uvb7n%B2L9|rAuYx`o zLqieTSGnNm>rby7Qgga>O3mptV#F(qcTJNb`CFK@F@48odwFgsqksSl3 z=#bdyk#NoFKZFO^ul=4CUVM5b-^Cj`w<1oQCk$Lc>sz#88J^MmtBqgSyif0{XPj{MJ@Jq^XkESDdzR9o;>0)Ete=aQ?Lf7$+oLT0&#x!L5FlM3;%fE_uah6t}os6VSbOpS0AQ)Zu`fp@5zG$249(YmF#45{(-T> z1ID*I(X#Gy;!v(Fy35h6UL3>dHRh(b*~O=;)0D4iP{Ds*e^WmpeU*_voK2HX&9c&x zF$KtT<3mBe*w7V4$e1GV)&nkHMaHZ%GNx$7epgp{ziluwrpU;cb*_w28Ts~|j7ROO zpCa1le5v&9=&uCwN9!P;eZkOpIw9W~+dnl6`3LQKaCBqe7juR}G5ga+>sx>e+j53{ z`88Gwo(iomf*#DX;ipg^KedRq=|j9U#NnlMfVP6CIR2`izBh5c&0^?luH+u=$q!Nt zNNY*&KxgugBk&$}#|+(%JrJxV)D@h@cLI;d^NL+Ayp9}jV3r&Z%;sGV+-n3k;}+ci z0)9kWqIdZwewYK*ibq*9N~<{sYok?B%y|<%=n{?N5_cT(d-o&XJB&Slp8Y;KN$B%7 z?`&nt_S5ILkXzD;OhCsg&fkuVIIoj=DZmFP1nyv%yd|EmS2^&KL|Z@jT-AKa=k&@(=u2hQzRLZLTkfyrKefxjZayJ1K5hy=005AAy>QadVI|!<%kj4HRf!BA*_kYZv|%B zTEH27YDe>}Pt6-Tw#~EGo&vYnWA}7Hj}KX$Kih2;82R1zj(O8N*=Lg95B1GkQR}tL zo7#+TL@v=zHMGPW*=x^!tBJAB2+*fwM80{=;%jU-$=xA2yqy{oNe|D%-$Tt>Nk*P{ zXQ}x3yRGFf#oy2sXRbMXjV=1D_*(pqPo;jvdlx?se@nlB!zA`;3Ll;G*Tmlj4&~zg zCHQ-^M~L7R%*TVD#imAFt|NK3-)E;?=h`*4#OD z`~OS!^K1I)Clm7N1ebPh*$7c0^c0~2PNN$-20r-7eiLO?&=Hgw^za8s?ZRlFP?Mth01iJ z6Nb~~L1^b1`8c8Bt^acmu)BS7Mq%3P&ui--G&KyF{>!n}6G7zP=a}c$hY%Alv}SYx z2lj1+aQ`~+5zv`241Rvzdi`g21%?^DVV;3U&(FJj{JhZ{!;$$Xw0>K2O8;uBh_;K7 zaf*d2hTc7woYUDBb06RwXYPRDuakU=cq(9@b~ZU?f9icAGET9DGH2bR_AL7d{;+s{ zF|qY%?PMbpHJ3)NyRlor+X=i6y7K2~WKRonMtV-N=V?QO1?!)7;WhdKT!{w%%10Ys z4AS5BoI>o#05Wl?%Y(!;eu%tYj=Ziy21^#E$vxcG}yTFs-rB>izZBzE&B<_mk*_0@_s^ z0=p94#^3lQ@G-YZbc5HQV(6TAnJy$}JePOM;hjFdq2A)L+(9pW4GrTH8#=8%#ks3! zX$N^4@Pq6&*%Nc1*S@;gb4!sGiW4_bZwd7MBykSnkK9dIXzT;g_)O}E-p|XbYqct_ zu6dPhw*?-R9d}WVEqamR(a?I~LAHUzqXmXXmol%;96Em1Zv1TWoF0D)c%Fuqp81%y zw}%{tjjRbmU*sha_a&zA;Dku}!S{O~=UjrceD+-Yyb28{ruh}hMMI)ftF;-Ztw+gML8gmlQ&nbNs!i)s(=SHGG42aEe@U^oW+T^&?KAYAx$vGR>6!WQ z+t{0-FU?B?dJRIKifzcgUft~2#L5>6La$oqzMt>LR=3W#$EYp%#oyLWw=M9`It(%g zxvch#tf$R8sb2uirua=Z?pmHB#K{pWwq(@bxAmI!2l%AXsvTv&a}hMdoTxow7j0fX zc0K(hW-AV4k^6zatu}eq+SQG;>6K0NZrm3bZM6r+TEtjbU*I0G1T>-eeS&%6w{&8b z>@q&-Kfw593kHzKi7GzBR(cHW2dinHdS9XKU@hONyFlNY`A+@$`rg5J+W4Zr$N5e> zf2HrxQ;N1OKg;>-$~B)_t2SzEgezZOI2x%sc^YX)lT3c?VoXLT-GO`PQ9nS>vay*4aNu z*(7Dnd2b)2-R+#Y3_MkgNBT&5_y)!^9=od=+2J44HpYZ4V8*n7F(ovN!pIgbF@W*ee_Jmc1Ljwl2b1`sDKQecwYv z@VBA$PH5?@)8A?e>ls?p8J7=Iry+ipS=;j3+>CD3*_T@T-9g@N<#^V7wQgS_`7)Dr zF6fqiV;71aR&A?BH-)hm$<;z8eaikdc`A|-<&;qjCW;=3@?A3OV)ml!M&Cb!tXYPP z3L&3Dk{@BqzKmQR#?ZE#K7c#@FyDLPGwmL}?>-k=HFw`}hab7SvI(@#L0&TYzPPmm z7~=G)HAv*Gxg)lWK5FQr)U|!phwOq+(U0LXHwG&mV=-4v%#-E*^XBUglP{g|#~Dxi z&LP;5;8MPF033$R{p+*rUwzRzE1R6+8B2JtxC8UqzSb(-a~1Nm8=OBgmb1%QyME9r z*t3zm#TSTEYyLM5u@2YpeHE}i1@71It_7QMJNBF(XX_Zx7G&{KR}XD&=FC=dJQjCY zw)i-OzE1Nj{HP5N&r7Kz|6?)by>f56{i!L z&G!!ft(`eYc=$(H!!H^93-1%4hw;E%j@>1@ zfy4XntA)nQoVxHymX;xV!jv2FeE)sKT2B-Vn|&~Ndm;V(4?R6wpGcP^W(hy!Ly;xQ&zV5oG@`=`dx!;pG0~5p!1r2 zvAxX^bTRa@Lgm5d)qEx=l2y`i(sB$%KxkY?t&2hbB4=1RXqQ6eY*9C66 zp=0TaSpnZXxn+~!rZVjOo(fv``SssG?M$T|f4RZrQnODk{g@mv*?_WVBpVcyUtD4G zO4&bjzOhY^7yaZ%HDfot10FqpB+S^AACymC#U-yUVO-i_DvV< zZNZn<{9i@+dh9yG(&4WutJvWOrNie`9y)x6&%x;M zNw?fD_!NDK=SQ;E;-?M2ym|QkjJz4hpPqVRHoxl*p*hTF1N(#5@VOScuGc$sjQrMh z;8S|63c6vg#@-JsTZp@O?-h3$%KIp^Bi(ZkziW=X`dWjLf4B>tj=|GUDjy#kK{7_N zhWlgE{~{YIq!>x0U4CG55q=r#9U)+u1Kl)WD`>5`68#~$xCNaa!&bl_GqTdt>#`LV zVN>7}WZ4RneYV0RVyfEr6Gtw|#}~bqo%U8!wPN;$iU*$uK80<4Lh8z#>O z-ZeuIBb^3lI!r1*V5bP}wKRD=pyuNX=kVFbSQsg8V@#@t%$)s_#ceJ}DW7E{NQ zy9>F0LGcg#QSK-Hl*Zp)&)i7HFgGUtW&A9jr!x=v;PAug?0*QguKpN#O2laHo|&DG zBK`3(A5C5F(_zwI-u{O>P7_UK_CKU<2DjJa2izN~NTfLXXC-zKvRUstn6r0?Pg$~O zt_LS6&LX?Fsv>nW@^mF@2FTJ?g;sji2>$Ar9-bugN6862cs4HpNzC02vt?QUR+h79NKQ^G#MI!{WB7K(24!N{9-S@W$nK4 zj7uZ z)qm)9Y?LZz|3?=6x$k7lCaALn`qXEV{MIk?JnYvd^OkJs|y(oDD9k!0BAhysU~= zXuT&z|6TO^)FZu3&B&MpF@5RG!E|i3Psjd-{5$bGdi3#0$Q#jAH+mA9%(DGu$Mz7T zEk-`}*(^MNj(i+Xr((ONe~1q-Br($-!o2jLQ|pRZ`{=OZq<8)tL^ISk1w$^RT>nKiJkamd;d$0q#5_gy_fUPJOq&UYIH zj>drBao92?k@Qg7@a)q|P5dddUs$?U@-v@J_zZhkWH%C9nUSJDWB<{or+3$ZJHK9E z432W`KjkYKy=zU&w*SC+fghJV|C#&@#h5;*-aV-D$ovC*4yJb#Zn@X^RGi27FWADH z;2HTZiYYea_%NQ`nd`f}NE?egGCs*K)u!vac(zJD-=)JX=lL$ORhNP%4G3a z$gxlJz4O}%Klq1?ov_xG>3#E!-R}3_vC%5V7g#fcVf+ztzBI4GiJKGFm@g*`dwTv@ z_(E$g;;$sS_Ouhp&q7yL!zVT1Fsyw==rD_M@$S6Eu5Gs@B3m7K&OEJRd|Ja$?uFJE z0_S-WuO{cjt`v4wE05?SIK$cnyB7bmM9ty`AOOeF|96rRS|W z7Tj7)nZ<7V(y0?E6QoYL$^!Qia+L~LE0vwShJKpCdkys$bKlAg&bz6_Mp3*NT%_xX zmsN!;E2^-cw1)-1(hTZmi?k99(|HM-!+r}mt#P9b1 z?w{9#O&L1A%bi!t{pZ*x!Ix$SM<2WtANG$`1uy;Jo!MJA2Aw-#g21?Q6n5s_mhnR* zi-M;bUD}?w7y4wpmF!vn=Hf$Ue@+6qm%P`BDb9g59<;F2Lbq;PLhgIRu}SuD#w)(7 zQSS2zC)(r5Nnd#x@`gI{qfA~0bgbC3iB-WH7lE%9@YMn=@b=>^Q)=6VH`zPbW@o7X zzgGXqTeBZY{ZnTbWn;oUpQ5E0`cAZ=xzt*hXV+fw4eLJbMNOtc?q1ZO*^3$_Pd<9> z$+mKylH}tjXYmPaT33)CldK{~M`gbHaa;R~lEv)vyaL*W7gJaA35}!{Sm`Rp8vC1> zc50E8jsa^b#&5{w)G|KBn=5!vJF%~R!cN^pJ2#_iS2C7Wd}l0`#8TpSQw|tA*#oLr zm;8k!HrjIHwbjs8igHVcEf{*FYy3`OtO}7m{?OpDpy`?^VdBDVTGUo?=d`cw!ariWj z+>C~>^PvUF6nuy$lE~3WI8c!Vd%c@GM>)wg$6j~eN!ASqx7g)p`ug|wBWt~M=!9(l zPJWi=byJ!3_(bAY8-B8W-mHZ`{`!;Thsu_n^}+-5Rt6t3&qMI9w*PkHyjf2*o99aW zoTpj8ZL!X>XS2>$SE_qRf~`-p2g!lUk+lm8HqP6yZBtI2X{JtsTn*KEgZcE=@%Os} z|H0|!TvMl#XVv*FcM4?H`Rcv%Hr)M4c0aYBHgz^}ZjkDn@osjVl56js_wJd_c>BhK zAFA;LPIc;hCZ~=cM~QJBY!{e1H9Uu)!D?u*5*ZPN4nP0P>^|SUyJ6nS5nBc4wA=A@ zOFq{)@7-%07_jf$v3|z1mtZ|7EB36GwLMH&2~dkb8C2AAnMz*mKAmF_=(_rN%<#1}L4LQGNZXbnMd zO78?B(wo87Q}EC8!Lwo5_ve*-$XQB63FX4H=^PHiNGadNI;Sfz-_kK1k{x%ZW zOAhUR%G5#r&zEkABD*BVg7CNUPS7t|dNGWPNmre$EB z<@AsI5zKex@Y}-AZTN6(Rt=AgFM(%oyF!qhy>8Sk;&{caOYrY$;!WH9r z);h+aE!dW+K-ReoN#1$%9%DUQxf99rwQp;({T1f13YlFXf70Y#6tq^$9=w9*E1}Z` z=&mu5^zV)B;afwfa`wT-Y5U`xsivHf2jy$xtCZ6wx+^`K^^gF*s{Dxr?M=w_Cwz9H ze92tD;%DT}EcV%XkMr#L6`nnq&#!28%Xxmq)9}0JSG>YFR@3Gt%IJ*b+;MKyJ68w! z_bT1-ciD3+oZN13;#p(PdPhmY?fVYLW*rP&WX+dd_S_u!cI@r@{urCJ$8VbrMNb`w zSm*MYJ|lq7d{QJmwNP=3VFx!stJA>EiXES_$&KraeO!8KBz-k{wu-Xe@7D$*?bm|4 z@{=69c>E^IzJ{@hue>ssQhuoFQNOSJsZQ*8{0__hTgqQeJ6F@rqW6MZWnV{WM|8P> z-=dWH5}$WoU_E~6P~ZgKGl5l~JJ6kF__4DCfrC3PwC2A)JIvntaQY5@|L%xL`g@cg zd7|~i-N5jx(bf|~k%by(9sR97kr*L;IJrv&CjQfdT-?uJoR~@N4$dPUiG4J?I*nbP zo(o;|5X0@^`xNjq1pEwj;hu}EE(C7JpD1pf3cR9~hmk?Wlv$>+L5E%(SLM`qsasC? z^4eTR`#tnEcc}IF0rd$j|B`Wjt`42b{6v_aV(K=-r=1I``}xU5^tUz-Jr~fIpPntZ zZ>{mE&Q;XON6&vEUqWN?=(&)x9zB->x9Isz%7ppeGdFBvuu1I66zyiM-vH|#?2TsG zWpk^YH5=Z2^H^_F*xZelo#QUL?TyV^-w|5$8!w+gvRd|v|F=$bz!Grl$#L1Nxn%~c zkFC)@2U>|)1$$NzkNe~#VwtnT=~bg6hm*uKV{NPNFMwYZAFuDIzrO)mT4jwqSkv~s z`x9qle_H|8VM7OF9S!#@@44Ybd^%_yJLK^#{2khb?L8)9H`ID^vB3BUvuS_GWNUr{ zG&-BM8#?OlUjuD+Q(o)#9q4jz?}GI8A?7O%zI0xI;F2Gpvads*@Y-JS>l?GGS!)Qe z$GKq7MD{qZ1D4x?WfgJAOUj9@(9e>#hWlHrqV>J#b>@OTlp|Mc;sL+S(?@RmP#{pmv{k};%2Y~a$Ir3SUqLs>HkVzV0LJn7zvJvpzkA?GJpjWP_wd%W9nj=S4xcXr&i%AkOl)=; z>+Qlfdn(#{tRZ`fS�azXUMvhqez;_I2iB5whop*sRm6VS5e|V___N4p8?%Xy~3x z-@D_^DS;vDr!qfNnIB|r`!(>{e&|(lE*bXL1BbMpX7~)B1bpmAF29c7d5}3?Mf=OK zVb8RN?|EaamHu2{_@38KvC^-HhV8lLy*ux`g!cQ|WlhesTbpUO$Zc10i#;??yn)^1 z$+LByJOeJ}|9W!FS)(j&{WCcY@~!8>vy&;~$uad2bzzqrd($oF$*$sI*5l-Z8`;&$ z+J|IUsZVy*Vi(GOSPBjstU{B=pm|sBw0Jp6`|w;=4#On+UzHwr+>+{pHfCSp*>Xt%eB8xyE3gRBh$EJ+sL%RJr3>6#X_YBdZuB@yaozTt zp9DYHw!~-KJsbpvuqT^1r*N^^;DR%4*ykBzPp9~j`Mf7Y+jnlthlRxCze z@0Iy<`?kV6|vely@&iQH=9W~q2RFt*;5`Ts{+Jh{7nRRn)%GZd8Y?^A#zgWH{`mmR?BX@wu-Pp(_ zuir6m<(;ixe+@Z^FE&4J&LRrie;~K5hI8S`_tDuuZDspUGVy!a4bf9szaV}u->`2C zp(3*`pgy}^wbGrxbzn&T3Ld)2N=LBcE6w`NFz)TTZCm-b-)V|pK^gq0*%9EO?-20K zI^lc!O1}5#ky+P0e`MBOZyj01nb$jzgCXFa_2zf?z4~U$k#{eD@kq(n-Y~x@W+6Xb z^RJlTL})_oNsj9io12(n?Y^Nr6F+P#V?8O!+S0opBOZtiuQJN(Q9Ncb>uf_mM_-Xh z#i~cF8>^|i>J970GWsu{!&%0hJKVrI#x7Pwm0*U{GJ8OaJrE64v`J zV?K~2&E_nl&)CSpbaGE5{Tbv<$0^q15oD27>+D^Qd>nmoJ^8`3#rrm$X*5gkR)EJ- z^n8-Np7}}A2IEW{`+)UcY>@UU_F#03O*-T>5mCMZ1@!A zGai8u8q!eE+>^Hu8@r72p=eLxL z@cAmAb29Z)FSAB>p%aHGj#Hm!)!$A1T95AT`h=moHMhLeRKuE9_d?nL4^Llf-B&q` z^TU`&y?dHHqaFBCy}hH*6{ELa1kJXvR@cS4S{HQNRnI5m>RQJqF38iCbW29kQ&`>?FUv9f2NaBmZYn zcTpt$dHU$>9l5mRQ)#U z*SY7Q)kuc@@stl#KLt)Z!D$ybjf1nVk)z|sS?X?LPw;-6a%L@&a$38c1O7VCv527% zJK-;RrSdvhU$PH3#bcDM;*a(90{noD`>h+H=lPODE184YXIh8fAU>!V_zoi*Be!gL z>@IW8QwM7SH>%7O^Z_!B`swXo``*6omp^u7`^4vuy!*%-N3e$v2DElGI&#aa-~FDc zXR*$PA7R=qw+`0agxWnd8Oh3N1NXWc!o^#`t)`E@vTI&EGV9SdP1!Qu%Qo2l#&_p!|K4L?m;G;HW0D^_ zHfvlh&mVd9I%ix4PU^h--Mi+^df`!1hqa{n1=AVZ1A!YYzL#ihbF9N1;C1#_t-}fQ zS)FL@ff73j?JPRcIr}gkgEy+k#iYFV{RF;4SJ36jCbwZeWt)}%>Xy~qN~d_w(lO)7 zo6|hj2@Y_$aPnRI7|)TCH(xli@GNJn3E@!l0S=#JoN>WM9itmv8pt>Qs^_2o8lDA% z>Z$KJ>`rvK6UVb!3r*QTYd5-KH|u-{&QYwj=-{>FHvW$FLdoo?)=wFya!69H%-*E) z!XF9Po3R1?GW)sfjw7?NtsbFI*~P}59ga*JMZ06b>o{;+!gqYtm%r!Qx5Mdo6gVCO z4UGdwC6V+c#Dpy0zrOejJmufdBmbtiH?TDrz#ffYSJDqMKOIEZ>5T2w;Kbs);y;Ui z?)u9}`s_CEblcS4Pairg;dK*pW}%CaI@~7~anGxA)={)>l3U*Y z&a4mDyZ*yO{D=B%|Dkse_Rrhe^Ez^?aBTRH7~B%{O<^SPA3n!0{#$6`HFVgkR=R-p zh%wLXgm08v)&5V=1$JKIRp{b1)^sHU=(`i1>0LEi=Nh)P)MAfehjp&wFNB=}ys{}e zfq542iuNYl5VB*yTQB*}|%MH#SoXD2~(=XC>T5jLI*gbb-Qw3uoC-9YN4y{Gp^8gZ;(cWZY#9EI7#;OaE zX%WTaxg!BNs2sUZ(2nrfyJ}R1zmN?opIl|7tKcin^0<8$JQm@5VpqssyPdgHoDTb4 zKA&tr(a}45p!<-sc9XbSzj=E)ij2<~M?Qxl*rBtK4ai;DJ<4ybK_(@xq)+fRXL%%j zG3x@|<=FlBv^{fadj<2(-+X)_*+ue~6tk~2XUm>yN10FmoJk&ZAu|h^GwD+^M?C+W zJPO(JEwrB~XMD)YD(uRbrF(bKN$9I))}5rUT9BdAS+B8%b~*P2j;0->mzfJ_?nArbw=P_!3^Vk1@_~o&46hfib_=`*_zz^aOb5 zo@OcMHLZNct}85ae}&gxf-(G5XJ@0kf|Mop2`(b(&S{+Uf{)rY(?VAj9$bw)N}iL^ zPdbBo$2mIhg*In0c27So0te`cMb!Br_C;bL^FqC)oX6h99)^q2O;5ANIFY@m_%ue> z$q!MiO+H`v3vV^4J^2L}q1(D>>mqQDZ`0=aHfxy+>F`SY*Ilv+`2H2m)__N>5)+xLF`7pbNnRv-o{QE!dIw31w5*ZG? zL95X*zzjWAqK^{rVpX~BG_htbVQ*oazJ*iaH@N{EnmEa4>`&;f71pxi%vS^&Nm33! z+~iX)=Dps<;TzG!CirVSzb%%&b@NeWPxbbWF?UA(6?|H!yoTB{?8HVZ9p3_vO2!}k zB)q?BTQVh@a(MrlOI=?8eie=)*pJqfNp=nX)+sBAtpH;JI%ziZbAi2zyx@2f@1R}z zQMr842@Sy$hA)gy#`B-ZJ&A~Bxu+?yQsYKXGry-nYm&E$F(|%}JFneM$VGo!Jg1b$ z0uDMDdl5Kb{vUsabx!V1ArHwKtK3wr(N5C-G;B1Tv-8cX!8^%-jMd0v z$s*|i(TvgY;WO>OZ-2ijhQ5#Sy_CFxy7RQ|NzBUSi!$;)CQX3XhdAdQN~ViGygG`x zNH!~JI@dEoTa_E%P-HEK!+)r@#F|Hxrutu`=N@S~l z-g#c?;CF8>4Xw|?Z*E(OyTxxldgOVY@OwRa1YOX(3jW})w|6XYnv?iDdF!EAu^o?{ z;L2Rfv!PyFH{>J!q+eM`TD*1s_Ze(`0qKszRG&OzRE`YaRHyNPpqh)uOG+P zKNr}t#^v+%H}SjT1AbpWpm(mXA4eZfpnlf^;@0^45quKk@AJM+aW2>2kBxBmu->FO zM87V8ug{63M^V@4GT%Gd5H+gn`Tx|7%m2@*n}lXXOS$hQBNo3|JoDl=o%@>Ie4Vj7kRxZ?4}J=JYn^13r9C>0 z{yjR)eLRmXfqeebeTr>*a;vaaZ5r8w?<^Z*4RQ$i+1TQbnPQ)GV^2(4KH(_x9^bj3 zRrW=cwmPrC&XoOY2`RV}otNPb#y{ zvxA&D5oK?{o!spvy&?bi$vfG5>H6)S|9f?g|Lb4B4*jhE`t@V9@nP1lx0?1d>z(m2 z;A@mQbN0UY81OnOlCJR1d+_=F$SM^}Ra%{pP2v41vx3;W0AS8P0J;R3tp9B2`_ zlssE@sv+SQ)KKqC7;^FVmUmp+8<{f;Jg0Hp!Z;t(wMMFvCS zuaKydCq>!sV1J6y&p5N!I4*%E3YK05*t`gCssDz3faWi8Wm$(LcFYi9JT`F zkYY<8>AX+qI|-i2ud)?KN8ij;TyNJCL2PYeAig_1n`K8RHo|YeBc3Cl zFwXZ)7l6A(?CJfO^|)d;#!iOTjBZ9Q_SwnI@BeQnXRnFKZ#ar(B<%obx`{PS!nYk_W^I8oeCTo!H%!yGQn7zdJPa z&dm|Zx0GO|0t;Io8L42+h?Nl=50n*gXNebeiHLg~UdRw)P+&yOEdORRMe-a26xSr`$O=+lwhm=D#^E z?|MR;&KRh3&lu>K*ted5-RYh&z}iGdXwh%Hxy@bk>n;WUa@I5^GiUeUS~Li)lms&ZQmo zeF^d0DXcZ6N}wHZlN`sHLF_?_^LvuIDe5W~UWjd9gswE}0nC^7;xwZ(bv6mHF0)78 z{03bo=_^G)-tTq%u6+f{->5bBuztqAZxZ+J%1?lYYH7!b1vxpR!o>~X;+b6kqdw%s zt2smPkM)IF@#^H0%->Iu72EkVwl4R{UvJ$PA&)7s-O=ktuE7T(=+(=~u6NhM=J?ja z<{;0i+_f;)e%dXghsW4|;I0aX4@&c{h4tfupSpZN|5<#%`z4J&KH&Fip0n1yR)|hV zK&K$~=rojf-K**Y(CNuJblR--F5uC6S2O}YvNutAPg)DpnwadK zVepquSDn{qF8PeAW7#`7dJ$mdqs zm5Z=d=xZu{MaJQ~S*O}f!naShtVSMmErJ%2DTcq1BZ^s{2=2P*V+*$JLySYRXA<(` zD$0kD&$63>VaqO7Iq1{SDfH>CX^~GcZO}EXH;%e%TJ)7b9%xPLb=J8O%Vf8Ou-m+x zFz4=d?6x+?ZVTDhaK>2?{fnQp2KbMX_0*Y8{#55G=s@dP^@FZwnYNTS5z_hB$b0Fy z|Tx=!;l;*)vSvlcRbc&~3gYXNfyf98v;cy0B?Rgl5g;`f;KEZVsU9DD0oeqFd0 z{3jOp;wpT9={n%SNiw zT5QJ{JMk{O`e$sA>Imn}Vy9`n*2w2j>zJvBn#3nwysByZp(gnu3FcaQFl_80C%<<2 zC}<15bY$JB_Rr2@?Bo?hJ4Uj;4$Z-bUfd+4GtK9ML*_m8XVD_M13D;xFO|a;fY+q! zWjCF{dXOTg&HRe5Za1>5=v=3) zc&>XE&(q!VwUp=iSzmeC)N9X;q}L%Yi)*d)GWwA1TXd@{SL4Vu^!s+|tOg!0KWEwm z=HO=H0p@(&q4wF}PUop)qt`Fc#CVvGHyO4sazq zu{f+eE#^M8YhUYgJ>Y5oa`K9~BO-}DR9$4 zb>Q>LDQCBvd3+lA5}!ty1<*G6x>4(64u0b0_Jj1PvxYC9a;VAq?WD|aqjmOZg{`>W z9DeVvVr>}PcV{!Y3%c)tF4;$F_NMN@R)+4$-3hdQ5g5cr<>)DE|Qp}Z^lD(83hBAeKbHztjp_Rcdre!auvnx}$@ z?h`3!{j|o<{HOTsY#%Plfy2X_?wBu7om!{PM9L{|KL9P1SyOD}h3-2CmJ#;-z)}YP zlvyRl#>&RzrA-EgqX7{v#*5i!nVoM{yU2CYvvD>TQm| zv&5!C)bq>0$s?ifD?Ax^vVAkK7#T?1+Ajm6v=@{NL=Q>^YJDO|zbX1-Uyivu+`z`~ zuakda_?v}M;=jDt`$Qa>+&Y@M2A1)(6Q<2d zY;Z#l8VhxHlV|JLcg4omlZ{gzQJ!dFYaII^wTv7j3)-GcE~xY+wxS~s#@N%qmtyyZ zmZs1L@p{Dx{j{`1v_u)vuHu86!GrN3PQf>X_Qpelnw$7+@tEslfSX!q$ZuO*MLTuy zfN&*#6d&A8TS;(Lh0Ln{8_qrXY9#$Wdt4>6pml7@(RL6RleAX_d~<-W0NGx^{sRA< zIU(9bK8-DG_GD3E>$lW4eOyFNZ42_N5Fc|bbg&jUx^G6_Lc_(>DYB5aJUcS1sP!7R zUe$DRwa%p+^r3o!Up%FLiomZ|{%_s#U6UO<_5Wk<-NUOY&%FP&_s)rff`Wj?nuLIe zSka>5E`6JwZ19Bd=qNLG%CreYM2(eNoUt8j69{-H9$0E89eHO6L_ngg)Wcwgb__;A zORH2nb!K$RK4d3>h$PqpTh#sge4n+}&dMgB_Sg5iet-OOUAgu;JnK2!=jVRz=YA@I ziEL){{hHd?RL4#QHi~_1hBjn(ZPeP`Oeg;8zC)RLk{fxlGYi4R2@IXG zv4iPUM*!aA7urkl9rh!-_KWs%YbE=U0<8z89&FOJXh3U2vQI=?(#x7_u7Wo2f;MHR ztGwbgoN~^XONceNj~L@vIsIY$ic{BoQ}H8@>l~~S#yp++kbjX=)b?5SN@9}YB@Vx` zXIM13$FpY|!9^$aKud<6RHtb3$bBwtMubn+uw1?pFWk8p-xT%5O}l~KSBTp$v#j03 zqwLQ6aOL-fmuBsSnl9SZ7+J3cN0rRCY7S?f%Z16~z(nO5fD8NVi1*U^Zm<>E{YU~@ z(A-QkE*>@UcSc9%wSJX;2sa;q^QsUs1DY`W8+CjSn+!c!t#@ zn$B993~i*Kl}oUVt8NERu5G+H%o$PG#$6WA(FIl5#^N3MDJ0*#GwPHlISxGI$oV)p zQY?w~n&^zW`1{s??8HV8{oXp}VABWSP%>Ke2!`?<#j%ach_4on#i7|av_G+ZAjZ0s z>v&7RF8GNTW9{HWFbV@Btu0%=zxL4a=MUa|=kgqUICM1KMwj-LHBYn8eRW{{xq^25 z=WUa}*jc|d=NX=qg|}jc;*G#yF2BH|kr=7kNRez{BjZc(Q`W$5qJPpyqs@VFjq0O)8VY;l+*uOtJK7R?Vzo4WaK3BY)wYToCzJMUHKxU z*Yf#SY+QgCiWD@_$==%}ej3T2TIisbGv1}6V#Ezv4U>(X@>Ay9A?jRy0&6eyS^YP2 zJ9tVwvygd0)df@S4%XN1zqh}sz3}ih>B%zrs3|U;rDz~#VjaI=-%5OXPk(Y%}^+vh8K+l{_njPb_Rx zKOT&2;Eq{v@noK2tCv*tbEJ!#XS^DE5f5FHJgjopu`eYWuwU2Qn`e3Oc0u}i{zRrIf=bs_{UT5!uHqhzh>46PEO1?v1{w_;q@YC7O~#D@$|@>FOVBW`9|~{ z9GRTB*i|#d>#LD7*>XR%Zj;<`W5CvweRHgxAfDs@T!@~a?{h+qT$HZ%#?%ZSIXXGd z*wlu16+iajaC-xNz5g?OJBP7;V06FcpLxax^w+%+`@-}0Y+GPG;)i87blgL~%)Sfi z@cLJBg4JKfn8>g8owc{#cTGj0xNbdqW?xYxT(Ki?TP4@$um})%l$jd#G1-}^Kd90m+zvJy<;)TPRsnku^-&;Wmjo0+Cn!!PGO0o z%RD|XcI+7FcRci44E>fsztEi4PxeIv;r-B9FS7XEmO%KxEGzw91@s8-e0TW(?;LMk zWnZ+CI*5BhM!wrpNgdE2GI_GgZ)W`sJI|l5Tz>92ZN{L>7=6*T#;mcnlj}+65Z#M> zD<#jAx#x^F*^H9QjXZCLhhoT22ZxSt(XW?2&2tYv8f%qrtZ({k3?nZ(PBZ#{YC`e; zrw{TsGM7&$3-i(krst(&M?&d%CX{|}MqaveL|!^IDlgqNCNJGRJ}=!=BA z>`$H%Oegs+IWtIndNAEdna<)sI#yd`U;U!yk|n(X@))LyXVa%BeTvGTvbCxqPd*cT zcID)fW3JyY&OTgDdvDU-tUx+BVs^T7)a-O>%?5T?UFZRpRSNfb7 z5oF9Kn|DXb$CzI;u7+9o0~r_JC2ND}*y13uaT@2z_&}kPXrXYfqVI5UQ-;*o0Y(!GF>bj>;@)_ zH4Yd4(_Q#mU*vpA#xjlnOZk@PNy;SOq>tqVcHa&c{-ww|<0l(!&!8^>;Na~A^K1>p z?XA!pih2h5X1H&qKb^aI&YVkrn3XEGn0w~IvPpt9^qu==^?O$!-AUi`nCnlb>?-MJ z#zAbQQ?{A1-2Z^Gmi$Hdh)(qSM2=$mCR=N(XKR^0?aJvB_p8*W)#x4ilx=4j?fCn| z{W8k^`|q$#c1OucSkfD``W~vZmOmO_29LiUW$mP-H)Q?O8_D2vhZ?Q+Lkq1HkDC3W zjb9HZOM>Kr>U*eyz2h>lZTY_Ax4X`#&p1Y;sr!kQ3nHxwiKgF?2u@9e%U5Eah3*LEd z;vLbaRhs`aR+>3sjeMm`@Oj`XNG?^pzPnGiw$kj=jm?MNuY&H3U0aGDsWM%ECi`?L zAHS*+JuKOc&X`Z%spnGS1DkK0a(FW_$3?*0pZ_xsU23040=kqgk}f<8Sjvu)zr!o9 zesoe-inctMX#Ky3aVU3UFZy7=z89Pry9WosV2bn{IP3&Zo()n&{994k$@aU%n2rdL zV**$xFJTfn(1{$-*)ehGOEi_@+b+H>4X}m{->2aF*;)&I7@cu9JOl4b2B?28k&i%q z)SP2QzQuZqv#)CzG9xxV7*6b^&PKjVR;H6nBnw9wdCJi^`|PxQW2af}zQ;Ianm+ellVtT|?Ea0!D5MxS^WO9ikVkR)8Jod4 z=(Eu|9j6;x<$>e8yZborQqix4UoIf7;O#&hGehOMuBvVA3^;af}J3 zn-v>7??StboD>PldN8?0FlljNl5}BG7-G!}m>l6-V3$e)6YN#&jCAU4V8VL?6TVB8 zPdF}2t~mxwq<@YD6K5}8sPzc>t7FA3{_l42zZCqpIAc8u|Krhd#b&H~tVhnYD>YWi zdSe~0u|_92_-}N6GsTQ`1p0UsV=D&#jT6GDyBX_v?w2xF-kY)VU8>{wV;z5tv7U0A zv7UIGcV>M9-((Da)m$+)gMQ8o!C#?tvLeL1oIYL}N_Wi-rMs`9pN*&4eT}CgTTb)g z#F-Dq=SS0tYGmq2YEP0yW0*lSu7u~yXFOK;`cb)`Kk2}JbLg!tF5m)n(n)nIc{$>-Ct*=-+w=vUJ6Yw z4eFc-YwVcP<~QD7ZMDUr$BB}|Z@Dn)2sk?GOXF++w<&Z z?ELlc#|C^K3$pNY-F7<4X240+ZdJjf10?}&W! zp9rL9GUttLrVRb`>Uu-pwFJ`b#y@g_J#h;6>ySGpkIhB)8M=?s)~VnVKWzZrAJbXf z);acg-U)sItsz7#+tcmx4TV^L=>(?I;hi0h&CprTFFIUsO!96uF+_O{=sVsk=dJ9c zyLc9?;TdHcxz_piNo>GQY(T9A$VRyyyTe-p$ZKW~w)^cJZh7sO$=m9)XJ*pwla3!J zuZBGi+`zGps6T22#S&MFhH}byZehYk)@JlFyT-(O)Y<{2N_cDH; z;`d5^pWyduD=i;Xp4P!BFBpHGdV{RF>$|gct@Sp(ouca+uK9kFt{b?fjxw%m%>MM@ z_M^mw#UE^F3vf;+KKiYLeDv2s-(PXoU^}^9)z0_uv2ZwA^||F!i&;acVSNHzz6>r? z^C|nc@c3qaf9kByt%~t2&-HD9Z&$>?8}C0RrXyPqG6cUsZ>n(JqpM0oVdV^4bqn<% zQ&xS`slN*uB0Fy{cAo52*$Jy|bk?$0MOa7YUTySHuUF2i|E}Aq>kjJrHow?7t74&W z@~tR3ESm1#8%?je$4cLQpVQ7F>TX==jD1xp>)q7(<`8wJkWs5j18vfatL6pTR*hu8 zz{T!wvr|_-xJ|Xt&&OzY9l!s{@ATQ}Rqt3P#&}gJu;9Jg_&3^E(OzIDDYs46F|H~5 z>`-kBPF7yngL^Uxk99&PGiIk7V_x42Z9P}rEvk<*TJ^q}Yt|8&^9-|36%Byj^7Gs^ zL<|0RaXZ`N&pdbStW;~t1twm|D^ni9XUtl-;=nGU{0-vgk(QZ56u|o`zmoROM7~Zz zzA~p=Q)QWT_^p~#J~o;?!di!iww#>fg{?KEtjE)*cG_hveyg_@e-CxzkU#7qE zLpgoUZ#~!T^NZ-6#2o{=MmpiD0%UztKGrJ}!^7x2_%2XN ztf=YZ=j|JL9#_mXYt9;rzrP8_n4;Z$_48q93RrIXp=IV_LG_Jy@2D@l+W>qWf1TC( z7SC2-8>p|p)_dUI#r4Z8i4VBP_+y{#UhBksrh zCe}D@ujIOPtazc&{)o6H>cajw-^0}!zYifn8$s$5e|z}3o$t5xapsSSp_>JaB2PEv zLkrc|Hll%s&)MD7i!F$3IgfQkBg0G|Mdux&bLy3CldOgoks(FY4-Fao%ZE6hHi8lE zdH)rz*V5jRTG!{);`}=OCKtw4%!lwx#joX;^6~5VrT+MQ{5yP;cnZ5JlyCpT&m6x_ z<>$$>!24CD#8ylq-t1!HvWS^^5xVF=ChkC1Y&=VA*zAjPak7Iv6p6Q?bakF|r(IQWd2`S~&Mc@TWQA8^iN>N(e5uYAw71NgjI_-q{O;IqT|&9s2ehrwr) zi_ea+4nEhp_~gC8C*P$)ryLibHy;C^Hy#I{N$f}FY;P>Iig&LlBwsPGz8*L<00-ge zqaSmIpK_|yL&xRLxNDG!`Mek0r1#@>jJq2+^%`1c-!3@|DeKYka_D-R#-4O#Y`Hu3 z2N`=kV{dfFUe4I-Blw%RuY;C(Z^q7dsoJr}9s4xK?)qy6(eu>fj2%6*ri^`yWy~$( ztg%Zj8QB;+om{x_!^$l#IWy?_ht;p>IeQ*nQI2OLQ+tSK0A>;7z_71ck2G^uh9fUW z*gqjw(#Rdf?m4>6$V=KZYtEir^UKS#h&`%1=-72}_|fx){sDP(EWXs(Jz9PDIOS64 zydz1+zkQ_Kk&89JZUJ^sS;I&>UI9*`{I4aSlK=UoJe!N2(^+GukF%GXT;}+|iJOzo zeP$;3Eq7&At@E4N#y6Y6?-Tq3+j#9MVS`V~#asNe?D#eCzh!09wh1P-acddAH_24_ z-ZaMNjx)9&ALpIE-E^Gy$p~?_u`i8IEr53NTz&cs@g<(#EyuQ)gl(buc(%N2bLZ7K`gb$sJ8PNm z;4_l#t@s{e2V94q!VZwGkxptrCt^e32XS)#%6?x?y`m@2zJ7$d93R41`vmnJTtJKA z1oct@B%nH`!AQ{hBkyrQ@22^+2{Jppj}T(0dL!Fbprz zhc4>+5wUW~)eby${&p8Mms;(>vzd0hxY}mcNm=K^9y-T1>)FhS?}g@K$QS>*p5zTN z(q;`hPMfA}=9g;w7vxKudL%QxRCM{D7upMo9NnVW57FfbqRU!GcOGeRb?9E`@^xtP zO;_%;jC1Ica;fC;b>>OX7#3!G+1HHA3HCg0p5B~6d z_(b%Em{LXXoQl1Lrq*abwGoWh>^f=K4d$)RM3DolFz4 zAZxt1&sDO=rm&uJmb0d&>xmKkCD2Zq*o&W1zFBALO~Z~VC-yZg-^5I0Dl!uM*D~K! zJ~H{)YOq%uOrD1G?HeXSo8`o!f^X5h^ow_Xdjak5gubNvWhZw{W6tWgGr9k7+P;Cd zcG4E*(!{xK?T*c~ySd&8AH@|%P&(4yfId=RWqW8|pnPHNqHB$#lyOaR_#)yyD+LzO zw=+#<%$E@-jqPgu{=|H=hpK-g96k7*gH5gO8nOr9n{w8_BO{y`J;8YueOkmicV{s; z9#70DXG_GBmi-gveMw-TeSw|DI;VQT7FI0vLdM?6xI@5Z1+wLz8FO+x<$%|6>J;p> zj#M$mi#HhP;|=ujzkKWS_hLW!^OGvS%GIpvD5fw%9}i7->u~dmYMg&X9evbsQZSPK zU5jO}3!c=woHHDMS8my3gZOxT^&c-Da>`jp*ZpPc{n?=1Jv!{=19f3!Fo3z&hn<1?V~>EN&43Relgz%V%m zxla3Yz)K3;UP3=I^`R|=%x}6mFQglsca`wpK`b(LbU}w*`hGM%2k24#mF;ydv=FDh zGH5qOU8Ov42EXy?JX74+4Ck5J{s5YZFjmVOD=|auq3Yl4+wR4%I`{tghs3v$EA%Z+ zzjODG3ckm~-|qkAox3^^&-xnmeHQ!;BaX(Ok5_m@PZ_*bG8Tiw+ru`h=nW8gjxuB$|c@Fu)GNUu3E#2JepFL(Ozvd_m) z&Ui|)^k?Xty0InUee2l(zaJpi1UDxZW&lo$-SLQ|1)u(?6Hk2aIl{p}{JLTkmFFZL zMPFTKnYcw~-tNR)YzfE@#d~O$=XW2Q9~OMc zDc_~?7mJU17U6d$zh80sQo!1QzQ0KQu<(~rW`?figQwhi{(4KP7kyLE;OobomeUXR zmZ_de{_^;qE(W~?PX`XjB^O7`xr^*sf-7>$!O=*2wQvM| zCPLqQI>`Eg2cN9J1sM}S&%}{20qn`FzlG=Ww`3X^PXw6r{zI-U;~zTT{yXa3VdA}K znfXo}+2QTc}=;4g`OTgaM-@E1gvNssNLu7%*z^W&wsPf>0|gZz&8ytv0_ z#5`fL{Z-lu$QKnkZOFC^ozRxP&u0wHu8-5S1+BbBT^fUFi!wh~+xRyXgD3l7C-+@Z z@Pn`POxNyE>`3!i$L`tCOrN>`srtk>>!A_Pw$+}|8h6jwdGs?*{r){;9=v7$KPFt# zKketxnw)>n*hcjccqDnZfotzO?Kv-x5TnBPX1+lmW%K7XIP-@l^~r_PXb(>0@&sOK zKTd-9gA>3)I1xTfKc+DMr=0e(d$4L$KY*3WG^ihx5sbdewS)U<_8*8r++kv#PIB6z z-ttc9#pU1ZSk)Ha*Fe9bD{qc;Gj(Zy(+cQWb>F}}YhBC_PO$e-sWEfTcPRo^J<$ZBWLgQo|)_)TN~-$A*;h|$wt zOy+}bt`mztPv6~Z^v^&(JK1qjzLT64eg3Ow6T13SZK?j)-#hh7-}&py)z8kk_t-Yn ztNl!lADa0xW7R(Daid(D&R4(oRH=SdVIE(zr9cD|5uOE|E)vxzrS&uiQl|8 zqy6F&2E}j2hzCiQ6MsQGNTP&aV3R3iU49HcEaqs5@~GJtHyizs8Xq-z5;ntYN&MBF zwZuLwCcX@xSA&sx_%f2i?bT!9@semdX!fw;H;3l6KDLrFD_Jiy>tn^y^go?SoZ)=h zd7E~SqscMEThxJD;fS_AUt~S9{Bq*8M&a||K0co{owsS*EtjHizoX28OUczSs?yl| z<>-B6_*l((Vbazp)s&*G95!mITv<#I$r@JL#j`5An@vED$;UkK_H2~vy=%m&J&UuHqSZe;k`-3pCktEn{QN;vO@$qTU32FS|!$Q@pr;e1F6E z&Z3;!RUIDQyfOAL#(RtM7~`@=_ujvTE_Th&KM~_OJl_M z6MysQc6w<0NQ>)pbbXH*{E5Suk5B!Nu)S|)Fnu{W2lmYhrdy%qC$RVTpQSj?ubsvig6SUeIQC2-HhCKBSkr@P)?T6g;k^@?XARJY z&afGv|6dg!Y&!cG^r8AZ814sts|}ruSiKwA5i@#WAN}cVJjq8VBMj^`*4S0h$?G|E zLiwMN<0W<#bn^NTbmF$RU-Uv;qhjQ}_`pm_Fg*g;)uoE<-civ180Z6g{9R(XddCOT z?-mEsvt3#Vn(+=lidO!Su^L{_r4?Vh9^YRvY&di>eD%*6>u`;g{_H0XU?4xj@PV<; zWvsh%#!C6W*I4H=*4+-@=i=Cd@2A1j;!lYu(YkOYTKD5?E@LqAIZWQoNO8^>y1$~2HB4vS=t#)HX=X$) zZT1j;dy<`C{j-WQf)W|@T?n6Sq1IrrYoW;`dZ6Boy;l3O6|+3a{X`d^X1$JY<`e~u ztWKeuJb!qBa7X)HQ9teqvOKQ+0-d|CQ95$)$2SEU_oc+Bbb!BI(5qYTP({77`o zTH=BCiL-WTdLcBu{{`6$N7Hrev}4otzFuVM3-rg8h1yT)mxo8udHE=Nf6FKzZ4A&k zuwSFIBaJ+y+`n@^ibof!*C!MA$Tl$g7~WDJ)P5^tdy=tz1HbH#cI4SV3PjSka{XF7 z&wh>T*B-Z?eGmQlZWLemLD|U-Z`2S&F1hLGwxHS5ExG9UP9_*X&?mj0$o{q?jn1B% zBOT6fhV`U5$j*%ya2C*;f%Gc&vZmf52A(xu?QQYkF1@pV`%!Q=a9H8O9i2L8y!*Gy zo(r}{jSLB`?m&hp2D6VoBtm}JIyqKOmb{EYhuh%WXAB(bJTr&{&f0I8((zcGX#I`8N{Eo-&K2}kLG;*Spi(0 zf$Xo1*UnQNe)r(&@w3M5lYxU_Oh4isC-`9O zthw%FE;fj-DfbHJplHv%V3*9o&dJy2!7M()f#FB2C;DOJ!LB0*rpJX{#&TeX@6m(Z zQ-WQ~NQW+y&TnQjFv|e5CVsEwcP+462kcrtJ?wt)r@)SW#LGVg>?rpg7j{Yb?|N(# z@n3*_cx4Tody1T>VoulqKPE@RUk#(o9{%;j%S?i1CPOpYzi<3F$UN<#$>$&c&~xHj z@vnIIOVH<~VeRXkV8{4Qb8lyEQ_y;Tx?W+1?Tqvi*S9r0=U+WaBWiOH&gGz^~zGaa|z=bK`g{l;CcseUH0kW+Bab^ zKOYmWw4X?h@WIv5A7<`3llIpE*R?rt<(psY+?|=gbuDmRHvm^pS4eKicM$`&-!08F zL2ok^7j9?{dV3XmODv(x_yGCCPO+0M;|As4)_fwt^9ExdOt%lSj+^8=V-HY|*<*mr zOwo>Mld{_thd>$W64AB%XYBVfHhb4oRruP8yL_e!oI>+|w9-BBM$b&v%emhnIXjpB zkkh+>*qyz;Gi)EGueoQ~QpTKNtJt*C(bl|sRmMHnhIdDuVXOFb_EyX*aL=&ScQx#t zU*^_bM$R97mwT>_zN@61zS9}D`fdj~hzmH^W-t43@OjU>S#{)`Yooey&#+ZpJCF;* zeCOI|uX!nJ_Stsbb8Y-(y>o3;mh(IZ%DU&;sB9T$=@wA0cZRL{S%b|UrEi1A<(_M! zZzASq+~&2%qeQPo}$ka-8?Me6pK54WAt6n=GFkr%W!Nn7ItH z+_OnEhs)#NKVREFtulQD=PB!q#%|^<3H)G+E%Vk;VzlSygYIeQ(zozABPXQ?v?i)E zmCw8q8?n)iDeZ86GmY#U<@?U1_)LLS>JDPPmf=^Zcl-*MWc>;S=ImwJQzMWCSsPe- zi~2{9ANoxB#nczU9Ni>cb*b?&6t3>Zmh<+t7(XKY=n45_R2@H}d@8Xi$b`GWb7PKf z=9>e`=R5`7+(@6@wz}>HuU`FcMbbt10QQ07ia?Qxwe!R3cdP@Iu|9Yfu$c;M(ACfG zn*q<4vqk~Th8sDBTxKjK4t#4%9c^bFMWEJXLZf! z-ud)x(70SZt8bR0-}Q~BXZ1~-Z+?lMec_)2w>6`O=koo#v&eJMZKbO@L#~-PvugC~ zdgb$jcG0ofbK`&2f1oKQeTeRgmt${T1uculp=H^4T}PlbXsidG)Y;zq=i^W9#{V>n zSUB4GQ@$(Lck~0joIR8NDf(dr|FnLH-pty=pD>0Kp#Kv_STmiyY1%_G0@*RLb^Kgp zhZ~1}gxGTVnlnwv4&c#wH?jjbDGojMAhP4(Av?AX zk{$G;r{x&3qXgMekL*}R{DRkx)|L3?x91}}N{}7P=(F2aSG|!Prhef&7q^-xI<~fC zC~FJAR5W1VYkamNTmR2D`~o=3~~!8oEH zJyCzmx=+3rgQGjZ(b60o@y*`}N5$Z1DSdX^QVvw)yHo#Lu6&<4Am9D?dHTc5c+{zvGCWN1|DQ|N+c&Fz zDuCykj8`(oSuYsWuJK79bbP|^Mu}5K_PhrimY}2d21fOsLrk~MboSSGyt*`wBr;-~ z`3BuL0-ZGqe2n3r*n?MYJvx5kkAFNmzH=Y)(;p9=cMHB4;z=jrZ+HnGjNqwtbH|o( z;wj_E;fd&7`EQixwR*JG&m3=_%F3=tOtHu-VEw9rHF$EVkpoRJUEh1U4w%JfVarU> zcf=I2|6~s3bjH9!zAxij?LF5y5T*EpCgIDSc%t^lIs0m4U;V|6{Y@o#)=!pGzMHyY zlnL^kt`l6R_^!kX_TGaJo3{JPo}5A3oXtslidzvstDk=heGD2C&#xt3Q1;nh@>^0G z`j1$l16RTGb{{-{0?bW3VJK+gErv}X-XfH9ei$}x0$VrvFmY4BG^PAscRTl;%oX)6 zPMJf*{>QO>Cf-OK73CJFTm|o@J8J>*b9gwA-D&z9$}?*K!b|S6IJ7lUF-zbj5w*;@ z1#$2(8+>(ww;K0s>sQ9nZj%%5hL4U|_45_0ZuZwI2L?V(CuWgr#k@p_$LRuZJArY0 zHP0T5Kxe*qa^NptR3-7<%ITPF@$$SmK2*nFLcEW1p5cFf@{ISIu4Qb(ORa3q>5=q0 z^7D@5+zj~(;?O{1rg+ZDb9?pw&NS`Fw=NQ1pd0x>$bC{N z7qjrrLG85B&avu_0qe=ccqtCF<@cFq6W5yfxOC?Xa1D&A7+0diN-y9yd8=}RXdi9B z$vp=ibhi2L$$hNY`yerDxwH_U0gXTlUC_MZ9`*gth&@V3?(l8(5b~#UJai7vZ2rd4 zGN^NWBz=Ak|78Yy?>kMQfw=Th+L#?ok*e$15YCAJ-#&z<*? z54hxCKQ=k(lH@svj?mxAXQa@$f2taZMWL=@8n-tNo=L38x()y^y57H zFV(JFw_-5Sl^3dRXxYegLucIYrfwszPE~)AJI9b;k})HZ*OD=fA=dYEWQ=5sku%8b zpMPTr8G}xGhg`b}C_U%tX3yr4%u&uy$(?&|8CvcrCOYB9kPeO? zJtMonAVxiL>hbTzbL<3XUqQCrS}Ux!ZuPfS8wu}6wpsic`=G-)zh~Gb%BMN_{GQ|p z)=V<+7;}L*>!>v*C%`Z}p_s}HF~sMg$Imf5Et$N=%Uy6ixC|kuwdPn*s<`KZ*1r*~ z+%n~nPtI-fzlC?~)&#m(c};_C+uL+Q3BhOe8)+YrA>$C53)cyneD889=Q4qDfBPBm*bP z#Hc%nU1#Fr{}kF=Ouuhn?}%t; zVa&_DSkU^aDQhv;WlvT~Ae^bw-mVE-GWDl!$-HTDWUzS+{0m`(!({ z85^S`&+dAH@}UB|n|BTKz;!vfJD`m!Yn;9I=b5I!=d9-%##l48ceZl0^<0Mj#_K3| zH#7=en0#h)B}dWyjo^*8G*>CV5_+j8cNKcwzvnEIIgK;)iupgC|IclaEgnC}ca8jZ z^IOmFUg-NR{#y$0-v-Im;hmrIJ#z-YH;xcHpnTHghAzb~#hFL_J2(?gbZYjo(I43& z>;9T}>j$ZG*#N(EjUnF#^sll*^31Xvp5gv$;On^j;_~9_)LlueQCag$Tk+E7x?!gF z{vXxW0#~jGN20meh9)9Uhdzln-L{^kt=JvRH^S&QXeFjI5y{^k90vWPU$mz^aR+_K zkqc@!0{zRDnoYZ+V=uo^Iejp?3c8Ha52Nc`Ibme7Cm-BCJS5tmh*!C}FF9~r9R%fwY$z0=ux&i%J{Po@eWNYt zBb-2&M3D{J|B#3L_3I4m{R?$Qm0+9SAbBgFYJTf7!53MZ0&Xqn>rLqE0_?iGkhM4H z8&}pA#4Ov%D^SpStNEs|wdG>UUqJa%U-?N+8wJR4ulz!{yyTkB`BBa?)xSygLknHt zRc8i?f2hmY1AoOg!5Vmpch_*8!uH+B_g%nj2fr^;Pl$Nf?75a#$rr;}L9-~wT)eBo zIV z^b`Zc`Br0)(>(Xi(23ALhvx^|Vd~3)n|ys4WPdsPJ@>Iz;Xgk{Iyw%WYM+qy^(=aX zfBY_s$jh*ia|4v)XFcl=(i`LzO$S^bq~em~--XOAn@w||1&krexHLz;-`{t4&v*xQG(vxk z)KQyf{i;!Q(1y8g=FAFcqt?(ys5ihmoHyTCF|V?1B6~^oTUBJ)E6Ay+_SW;vS-Y5O zAK=Wi_;~CP@pW6r)Sd-;H45^M}M>J(kJ;&y>`$1Dd%tDdk}s%(1#5=SCsSL8?D6iwN`Mo_}ARi zrtTYQPkDo&qYLDdxa}W(wBy2mAuz)S!5kutzA0#(jZdqX8$TU_p9>T81so2{W4S*S z7^yF&zrdx6KE3GnDM`PNI+I?{hB}j8;|9i;(?5KD=_vTGhsI98ml%aEI_Q5ybhXa1 zYYr1jKpO$Zn&p3YEE=Q72VW$g zwFF28s%^WJUu@yjM3%r;~5RsN@QUU(U@P<3vE4pPA8Oe=MG zrMLe zt9Z4cLE2gd{%g?zdACO%T1lVtBmeZqoTZx&O&XoQ_U*rY{*ARO_8!{)YVVm+Qb~GrILvzL~n? ze0y3T(pHDeKl64+H%@B~adv|f&v1Y-%g^!XH)Vs5BtvsG;;WdQ}vOyo@iCr>$f-NiO^M)afhI%5Z{S5mqAaL7u}D> z-2q&^ycFoi3p*Ku@jdaad{43$g0k;;J{x!hBd))R_Yv;3M&HFa3u>(JnY48mbtK^* z#2y))?<^rz1Ev20BQt~^O-`wZ9G~L-kKc;gIAn@v@ zZSwpZAMQst4Dg>v=bbGP%0?)Q4UQh^2~~!pL&&o&W_~l^KbF3h-GJR_N3k1+v>$3M z`|3XoVLvoFa~tvA^Yp2Ei1vmN^X0dXHHVRYF!>4aKi_~J-vyq#k)J)tvLa|tJiib6 zDgJKc;a3gq71ix`WtsQxZ9{uShW1`{X-{R6*a)e0R=5j1)wp)z&De>Ox5W}ZFVvWiBZm4f0yA$+%19UGt@+Iubl|H-j zCHkuSm*}VLO5zo;EAv|4ra$V7>h$*^MqL(gXs2HmdVdyh7-rxwtS;`t!FyM1;4sX< zVVDaCm5H;Cm`^NM4f?p4L0HgvoO-eIogA9v&a5Iw<|*(&oN))y{kjjjx?izI*>7ux z{#HCR)VD@XyEHA@I3L=$(?=T?e`dWQ6mrh*nymHI{6YC2;!mJ6o&sm|Jp>*-+rYDl zJX`Tku_Kf7ox0UVY%@Mx>Q7x|r7wj}q<8Iypp(tW%O}vsPeCv92W%6?iWNMMzX6-C z;S_7$X))v*JYFgr4mig7uJn24DA3W1;LnRwK*wHK@l(g|F)5aBONMH{_qZhoo4j(0 zqbP5aB%enCpf+C`(-rb<)RGR`U6c#IO{Cm+Uj> zL(f*Zw6_skD8?8x_nig(nf}g;q;KCv?mXK0BL1W*#uH&Yx}S&~E1kqMo_o(qe~k>? z_OXG{iea4ROYYfBW(5A|ky~QGtOmIk!WV&T=R9}pnQC;b;8-jD@5D!3nfG4PL~>16 zF-J`-=6N0e?9E|Kb5GejrFMecrOBjX7j))#UhDO<$yca)Eo2qHwK?a9N}j@dZ{T!g zpQe>=XU*JdIM4nfXP|p}MDyI`(g9J&_bC5>vA4K?mUx*s^1RHfE6S%EYCV(pqJfEw zJx2dE{@7e}7y4CraN78SU8Zx^X%qXu&te_*bKJ)ni`G%idJKLwe;;Gh*U=tr_SJGGLrdPEy*{4YibFdI-hagU zY8hiupOI@>IrT~NpOvB&=tQz=D?H)YgZajXv~MZCrT}n(MiR5=>via6;BWYnzRPy& z;kykwQ;0r1PW+C}uetnV^6`qUR^oHUC))@vwH_zCTzkj;Z6vP+*T^lM(W64Vmu94H@>=#b(`A4TYG@GQYL3vXz73~k?O*M0~W?$Y^baxrLFfmiM zX`uJrBbj;F?Zml(_Yt%|3Y;O+PG2-w2miudr$w}xKX3l9kG(~H{U>>rhrBWKHh6dw z_>leX`8_np`>Z|@*?R@lc^UFcISXZ@$e&kj)5q!Px^m9QMP|qc(}n&kM1B!l)L(;d zC4(GWj!hui*x;j$Px6g`H)x~4*z!|7+HhrlH#}R23@k(j%Er}xFv$YZgxc9iJIEpV z0v@`@NioD0|MuXk|0+NZ;^_%-v1 z2?O&(=uzv>J&U0gbV?_DnnK?sq1*0S{NKpJVc6KOqMv6$3%PR+a&}xag1)_rE?I`& zKj$O)$41m0aP_|TZWi+pJzoG0&tX2Y7P~@a?uP~@vZhrPnQ2FWdnG*L@RZ~G_1c{J z(cXJrEwCne02{?_5(xS&)vxaK^>F7y2B#8gSoY0cOBuDco!}flDa41nO(s475wd)Og_4=U`sc0tOs6< z)pGWFDBxRnl@235{&$>@`cdY&N#JKC_`#M*ucQvuFMF#qRJa>HC9lvpTRgG~9(md7 zM5pJiW)3p;WuwdUR=@1>hGeZ|?xJ+&Sx-(6>NoV8m04q;#qrQ0yd)XXjf~Jav!d^P zwS#4u=FN(GQ~ZhKMK|)Jhw%?JpSV0HKe5)ZG}rgpZF}U?`E%H9G2p8>QDd*s_ip^( z#;-t|8h`m3boi_Y?IXjbv!O#{m%Yh)^;^*K+r+@kvf4T;(96;2Vam0|feF5?HpPIH zA+HiMjNOmz5VnsHhh~8z$t?8u9xo3)`rFv~iUsv_sBA9T{^l8YlD&Vui>H?)D)sx(9ak!HMnXV!k+<7R_5U3F`w*_g2~Ds<8L|IKc)Bq&%d~8Po^mnqz^N#Hexjx z+ZXNMjey_jzigrab8yDr7T}x(`CrQ54`kz>D(f_tHv+~NwfIF>K0@2=A=Z&R`YP7h z4rjDp=kIfIr0p$VpFc}~=ltsE{=V`j^mo=L^mp2)=%Inok5L-w~xE(P&>;2&sCQGCAV3%D1VkwgYgc#!cS-!$LvD<=l2HkfNe z8yS$`-RD_%mrhE+FX+T{1m41~Z(I60`hxfUyw@Iqp!~bwnYr4YDrBDY=Zl`KfZvaj z6?&Eq|Y8adJ7=x_1a*MRYpKG=Hlpg$Tg^XZ#7hxy}CW3uptUemE9 z#1hf>$?RL}j1D`DkA&aL`Q^T&@NnvG?i;yYY_;Y85Ss}dtNE11?dg{7FEB@33QaDC zRz;Uf@WVmpo1p2P=%`K5?Plny=gz7(O9HIvVVkfvVrYLew2w|}OF{SY8wgGtdDd+e z?A~miHN0^bGOBAnv|k+vd%W>;&X11IcWIdRCPIs%PZM+F@`GqI0!^B|PV_HPT^Uv% z7m~N$>)(+5PtQ~MqUS7AA+W8Mp@4#7zgqrJsW&!j??)t{B9 zxdV*-awj_`qYJR(+VR`dH{nlhww%QJ5^V)Ik2%h_rJaty=`3{IM9#geYJjiU-x4Pu zgTARi{#0N?Rx}Xv#J$c)kZmyMMEp|MS?N{SQ!A*ik+=`X7RzrvrHMT>D$Cd!BJjp_ z@ESOm59KfB;D4Zw81F=z#6N@s-o6VXAHQIS8EXvto4Eq=@qGJ2?$>Ld1oQJU{0xe7 z-XXukFD@`~&VJdrT=wm?5!Sq1`N*~C?{VTu6jyV3*jh8SvdEqoU~a4H1x0o_*M=79 zlQ$>!>ptrL}QTu^+!2lF!CwtjHlG( z8=r3PkT0dV!v6AR>7t<4m$z0~U$%FC%vwNBnF}eC`|LcP2@al(A-PwvV8Bj&X^8oD zf1{f(-T0ix4ah&iFN&R)<-s%TtL2wC5gr8InrB=;GSas0bn7fGv4#9g-*E=tR7Zf*h7(K+9ncg0tc6?Ym52!xRx-HHeMl>`LUMn3t;NxpS=O&Ob@fpC4 z`OJ6!OKoZI6nWX{v*y(C8OYgL#6!P995OmidP;MAon5T5$?LRsQnW>5EoH2uedE-A zCHc`}*8xA}+Pvo?d!hV&EM0$29{qwA80VWuNvpy84qn?H`XiIZHq6tqIqj#9Sj83M*zbzRXHD5PNP} z)9s1EDKwN}uAiwNz9j>lY22B5{Gs(DwaC5ffahf|MxdQMaG-19 zpq}_8`GG^&pTdpmLayvl9ls;iO7rtL@+@(kk>6&H@2__u_3~{t_Op)qWDg>*(=Y41 zF=(S*^9ifej!_@uTvOIQ%*2iR>v@rSQhb*W9jET#7yHx5Bt3~bSHJoZxHV=b~v(Z zLe_6khF#>)n*T|Df;*J(zYb3@nA9;**i(YaY zj27J%fiGmlz5`j>Rei|Y3*+>)^f5=j>Uv@+=ky|Hg!gtLpOLv{oxa)QJIblw>*=@7F%>PQM2p)Z-;rGz zrJW9VAjMOYRtN zq^&Hk!NY!DdyFxP*Cz8V^9aLhT4!|f8(Xb^!?%jlS|=zulDMKdBs# zPl!3A*2NRW1O0oP{>6)(I4bn>R;}w*F+R!2(nlP*JF!`3*;=h-^ilIe@YZJf7INmv z>eG8)=bcNxCVq}sppQol_-{BvF1!%^YcU6F$9G=V9yzT2U1~dCh)ws?93RXS-c5to zw13C?U-tLZPxy?s!`S4u=B&~4g!4de4Yti}>dPB#9qybm$Pc=;s=@R1vbPY4L^noob}vUTF)&Sw4R$ef?i}^C%>S9AM<0)AG8+Y#hb|H zQoPA3H{PVno#V^S*SodMmFq)JyouH`HOE((PUL@F`_tH)rnO?tm(Db6xuMoGw1%pj z2gJ*J?Itf}9yJ&Kd7ksoS^ub+WX+pAI@0#SIqb8B9wuV*9qTN#W^jYewMRA=ype8) zx4JF>9@-0i^+EieJ5HGyw8csLVWup=D5E4Vw#m!fAmzLduVA8;*SN`vUYz~=mc;O- z*-jfmZr)V%x9U}W`ra$2{>J4+)Y zTK^sxs!xflm=hs~#zBKx)4KfI3l5)++`nS^OvQ$#&mjic@d%O?3s*D^=UfmUz)jRhiZ1Yb^7qNBj8G#{(PP}=AbaMJ{2Xyio zIs3)8FlX}bXVUqR-*nH9tim>qpv(VbyDMjW^MjYDQ|Bw56yyxaq;rPk0^iw-I$shq zD*NZzQ?HWO?c-4c>){D-9UNT{#>db`zPQ^e(XYbUMCrMa)MthuD0GBP zkY4-V{cjvO@Wi3*pZ~?7w?BXIP`z@SG7k2;wH+Dpz%{de`J->~tS*kOsG1P@&XHRl zxTc!>1>8$!sXecaM3Hq-412(9rfLTmFHsf zfA?wm{yiOe{i*D8M3+>)GGL3#PNmHYBQH7jUsWmc4Z2)UY{;3=O|k^uE0;gOSszxL zuld`YPMh$cWL~@+nkyk6`RId9`N)tmvkz*zEgp_Rf2G(L);sLyEu>$y>X&n-^Opzr zi~0A!noe%NmeDUqJ~*~Awm0(|%y*i_;*!Fm?Eqxf4y|i%pY&Or z{squ^!IzN7uka0h)%-O!UN-CCb356W8rD9CIDBMaiJoc?RsZJjzsOI^8Rb0Jd;dGZ zPJBAbg&PED=C88Ov*)0@HV{6m zArkJvhnrYJY&AJvQ%i`quCv-MW*!wwQty&T8@`RYIOR9wHM~(}v0p;xE;N)Af63f~ zc2_Y6xQn@Ufoz?-na9JM@{^-;-cW8&#q5maUwIBs=>gz9_M{ge1e@@#{ueA9i#Za%e9ZhpZN9Aw_mV74$<#tpk3wpw$8Ud;C{Wk z*0G%aYrSBB);d0%;jMKTnE~vKU!m(6Gw*cPg1MGF`v&n(TI-;_XKVN$=Eh#CZ>*Nf1G}tXTL+chReiGJ;oV+g19vI`ZE+m$W zc6w?n!?AVD<6e)X?+!KeI5{ z=7Ry(g26d|0u0s;1q13E1Ox6*`6L)X%ih|H2ZJkfVBm+xf-%-bRb#B@?iy}Ahi$ZG zs%slfMa~Lmz0}u7eqzOykN8;eWy9+Fk)w*=^1mT6>J$S=job z`M#*NnRV%wF6LBqF8|W+Sdw`^{JQ^ra;NShry=X32Wy=+q+|9$U(;4a(&ygGnKz%~ zoEvyKzBmxpJmGBehbwk(-$7@6&QEV;qPLa-di$K8-m0@}bXh)ok@4?4=&sSVIJ9Q` z;qCbGcy4P9JlD7$;QF)j-bchhdNl3%(z>W`5Z!TqhpGEGyyw!LpZ9)zXfW?3=A$pV znI|nFp6rN~X8+T3&Bz=1_sUtnsV$vsF944V1FSumvt07*?-DPewKHtsZz;aJcJ#_e zwI-Qb!kmtIk>XvF-Tc;CZ5yahGEq1Xj*6+*vs-kp=ZcS(thn342SPnsXCRJ_JT2!d zzSivf>7qW3pZ~F{+lec*S}!v6!a5pr8LxdKi&ziGcl+#1Jg;VsvjN)cT5SA*#y(P; zigCP|HYd5?b}e@L?|naIbiwMBuPE7Mu~tAF~E>-w8wZ$Xz=W!H&~+;0Hq+RNa{{X4l&F@}8BxV2|N zXE6I=vQsqpmP>=1b7+v~eZ-g~crF?|!1ZUP!M`1f2B~il4RWt|A;pFsQ~nP@gD2$B zU>tdaPP=Gip0mf>(}lAHlU)NanaRE4ElgZ~?O?tXpX?A!kPTWp-?uB0E)DqB&UyZX zV8V0387(ALiQEJ)>acED%;e|8Ho?5g8ns6)cmlE{eRs?W<{Qk zF-QEb{=q!um*vT6mFYUx#?(%HF>x(9^6S03*%!)K64ax9^pg8E(a8RP+LIr25pAY+ zqw`ryTn-<~Mj}R{t@y{*ghbt}!|{qh+x8z>6XJEth=;6fTV}3j9ZpOMv}HK2B*y>m zu>qAIUHtX{wCS%W(F85d2(-nU=);W4HsuIS6!R_TO2qi@(zoO}*SC}Tw$$wP8)yHT zv#w=(2b9ZXe5GPfouTJ)8Vz(+Q6 zkbf%T=Cn!h?g`dir6WC@=jxHKW7o$h_YGn+Iv10_`@_t$sXF|d@)6H+^15sU{;BOw zZWpg^<$#VT=OKBdgOm+nO9m*{iO*maz8>~;vM!b1y8;=MST-Pobbj#_8QP*8dpa49 z>?UZk1UN0z{)PPB$C+;@`6f>O<3+?Brb79 zviN=>lK#AhZ|d>md!zP@_;hG4z8B}kbE53=% zh>g&91e*~X%Cj5xV^hWJ0^!t{K>B^;R)4RReh-=5&AQ05;PLn5QSWaYZvP=Px|KBu zUtXHA=6uNCah~lTud7UF&b9iVZ-!o?(8;pEse!*SWtfTCDcxdc!%D(9M zuN)YTB<4?hO=OqgXKkrWr^ZyKyO1;QBXbU7%lzR8JXu#6-iI&p-8UnQ3EwBOx))vY z-mZZdw%^0I`>U}>4`TBqBk3!c3&t34oUvD7OC>|gp6(;JVc;hAyWD}l$k4+`yOH)| zz$<=-WNK^!Z1JnC!-@Yfq>&uG)h1NdCP{Uc{P_zZB3Uo{;EpC0_0fnOQ$J61mj;fa3v z@g&<+He+sIW1KgX`2uG;6g&OQJ-0&rTuy$J9}bVStv&a_Yl?sTs6n57NIr z`d3or?7!+qU(Xu(z#GL6{OHiEZ~WrWtozVSSqJWa`%flDW}n*uhHgVJec-q0}7zJr)MPhQT(=9Z3B zEW<+l#yV5olWnU$LVvN|t2l;D$S}=2v-3vyMD0sAi2g1j9>@5U)PJ5`PQAm>c~eIR zSMP@p&d#^et<-S^YZLhW+nzx0U5@_jg-@p4IMt0I8rGWRzFe_A@UI_^f{(^Hj(_RF zWAeigG@4`QB9LyDZ}|BNdk6j_&tIM3yKQ5J;7f4! z2gW*x-gD%VM-RF5K1uz#5*oer$wS_GO@_va=YIqm_s&~cC;6&#PFx;D_CAse6Hh)4 zf(L!;rEj9IWA#D(4vOzCa@Gq5$p`n07WFBP3`gE)&uHOUT_w*R`2sTHUjny5SM%Pb zfBT@b_n6yfzD^Dwp2b3ATLX$obk9G#`9BXdwa>)23|`f?*DwEgK9N_@1sxbkW)$-)D4D4f_qZsm$5P9b|*Xzx~z+ z-q?QSj}L91{EI_Jo_zO^#=ip@^9b_s?fV}v-@!xkwzzf2sbdh_+%tRhT|n=Aa&Hzk?;9NP$zU6{5eHcpiF_xobUk$o>C>rw0dNd?CX|Z=UTh=|Z$KaMa zL~q{NcdK{u^~8dC^w10qBcH}*F0uMqYndl{SWlg~^w9N| zIY;B7KPNq$OS^y0`lhQs=ooq5=bgFtJpFFh**3_sttvlM5^2(n|9+#|4_Ux#-h{=PH z&wNgO!I#vU!j4M)5!)SG3L4vEy>h0#K1tmXn&bvw_KV0F5i27 zHZdOP%E$QL%R9XYJx8ph$+2@ojWaJ&-X_&^6ZK@jMP|p`u@<;vRs8J@%*F1aADSn2 zG3FcC@2k1l4a^TT$1*-Xp8qv?2b6?e1*K&$Fw~{1GdKvySfrm#c8_y$u6mzoW_+p7;O~I4X$X4+-6)+n$PTC-m?L@m*4QG@+5u?A zlQ&BXIE%;{(|gN(nRzY8=}(R9qc2t1%US>O_h$+HiManEgxV*~4gm zy>E{Xc(|~O`Ud$@xoyMN_X z>>B_675NMTSL64EN97+V`);Ob12JD(>(A8ZZ&?Wc&dKU2&UY@s=QqttC#R!>#5Po_I2%8=MmapR_hkcT5Ngf`{o?bQVjEw0qqDCf#rp8Z<}*yb<1+Mo><;D$^yehj zLcO>_fB8&(-j)bsvo!8<`Zoo7l-|AlVtWC83uJFrHr=A})E5x{S7`R|C@x2_H)cE? zfw1X+V}N~O$M65Qj?;fH4&?s-hqX6>uc|)t|IfWQtAL>3)~HDcf`~0r7l_p6CSh@F zZH4}{#Tf!Ya2g$JX{(lM62hjz$`L!6N~Z)OAaO&4sVSX50TiTYi`bpcaMuKg$kNW# zE5-cZpYJ*6<|G8fw!B`va?kc%p6|1NpXd2ba@KPx{=;tTM-8l!;DC+;;}k#L{rrti z@u^wBxt%o|$)4mm#kHKhHbh)YrFFF($Ig$j&M{yW<6Xfe#(UrGB=(S)r^qb)!TW%1 zyY>La701X+%YKV-G|=uc-e2y}Z=^xA_rZT=^{DT;h5DXZ)brdp?JSS4mbLfTH z-RgO6r=I72+Rr+%{LLshFB##*QL6ta@sq*-KGdM`e+XYJ3lV>Y95-tg$~JrX8sAW2 zS@#kr)LGqc?GB6D;(y)u=0xg!JO>ZV*?GR*Y2|cStp85xj#J0v&GssMjQ2abPWm0b zZLdPE+#gQ;oP431YjgPStPb#Dvi7)l(%yFP!i#%80Kac*0=^;QoSROr-BA!{zk;zT zMszT=6z1F8z6We8fggAtLtl$e;qM&&R^t!k-TA))$r7oQ79XMz9 zfb$CAoC%y)0p~2>JOMagHYlqboL2$o2<>O8b}F*cbJGRTWDDI8%vKO;OlPPxeoTSa`{%U z)3Z4y7R!kZ__`a5rFY`cdix}+rG|DRw^=FtC8OJJvsyk^P3{F6;-JyjOJ4biELCS|`>Qd2v##ukQ7T_0@h?4z=~1`er%Jp&E3{iJY_Ow#mGo z3LWa)5F(DVlAO+I^jYKPbH*kS=Ss|v{CqQ5U)5#F1ZMEAmKyy3^VkP?7X8N(Km6JC z_LiXH{Mid5ez5=?j>0dL(uWC^QisD*wxqt?8!DUHm{b> z>&SKGC1kMwm@L=+m1Xp-j8^uh%^oqiYCM087^)c0ySQ&+?r& zw}AG=C$$Hu{ds4cSJ_92N%Ul+7XzdAv0GeU8T(3HSJ98`7*DrQESd6_{B!;v+ER|I zH|IZa?aevLoE3lM?`tb#lI~~nl}khuzCBm&e^GPezU2Nb{Fd${+>f%Zv60*#D>%p| z=!%h9tU3R0WGOS{`?cak58_>J@5BDzKi5{`!1jFzUTYyHht&oUoy;V zQ|GuDpBeorrr|F3gk_U>&*58xmMyEjeeA%OHP#W@*IV|pAKX6npmUubJM{(pWB=~q z&W0&`YvyHLYHMH3-%h}rGtbO-_;WPp7mjo`e8Kmfe93vge&+VPZyDH)NcUH8aku_{ z&fYw69Zr9Z7uk{lc`q%wee9E~&A8M3@l5?~fj6nYBYZc?_nkLhZ~j5mv^qtObp^7l zz|FD#yzs5kyQx(*~gVG za_4pS3gZLFNb6QNoh@C&IrpS<8+_$eWXDfDT_m%ZJfBo@GuQC@B+ri)W!XpSs9_n( z^5vNH(5-mqmczt5D=*)xjRqZE+R>So$KylJp1EHhmp$#pojdZ`ua{2wa+hAZ+jo|R z#Xm0|_;m5DW6=d1eXT3Lbtr8fMK3xhh@Z5{i9286i#tE&>P$x84LS8g*A73qeyCz$ zh+##qyuofsIXr3CPR5IjmTx6i$$#KS?WfdM^quk^a(EhYSo)%3V8Y)Dr>re}3$GIo zD?~mQBAHta5$qdl&h5(!TNVnlM4Q+_N9Ag zfopBZkBRL4uR_*DuoW7?C)L#K?CiHT3NMV_4=&8&e^IDc9px_(_5&{^mxDG}qcgQJ zw|02sJ}bLpF@D@gXSlc#nYw=jvNn+4aWAy@6UL_NXOY)yp%29hl7mrv7J7hUR~0Kb z1wEkN=mBR{z31uy-ZLjB?<^C0U+?MxdPn)zFVg0rax3+g$;Io}JoXV_$QTk6!CS`I z1}rr`_3!oVwR;G8^8)#K%QLN`5q#M%pffPu4T}Q~O)H*O&u(V#=Y>dlabM0hjxyF2 zHCe@tZ-rCqzKypZdP_-fO=I^fmc+<{EuN*WY(@i`X}~ zCc-*Ku;ZfGbnWi^K5lMmD@@Gs5casK)XY z#v)vjKClm&l3-jz7(=7@EB?@F#QaL8iXNpi9qlXI^=#;he6NMf=RwAa-fnC?YCIez z$LmNFxn4yl=Xy1I`HsBv7jhWkr(OAu%;Dz;Tz?97L~Cg3Z#3`0tjkK)g)uyJW_2}% zPod^X;FH6Powj1kwH)41iR}_bUQNCAa0B!_TKB{753T1}9#3`qw~P;Yq`gAptjM+h z@Pn>=4&@{qyp46rhSqwir_x(~LI7T6!J`TphxA@Q|Mu+LU%PE8e@L>x{3BOU@bE4T z|K8@DN4@h?iudn+9(827m9k7c_zm_=oLv%Kj@=5LPr)uMWA0_}w<50Ra9tU;>`JbO zaJ`J{c@>sDkL%00-o*8)Mru!SJ(TOcTyJl+?Co3+<65@m<@^=>Uh zJwK4wQ3-!}?5mIOxvA>aW4V8R<5+IP{$p1>a^td_Pu#Wi<`au{_2J!Hc=z5FXD$0e zruEKp_-gYjk3ZwJ@kAi6{<&8cKciUBp6z(wisxO)7?v@H#Zk+?Z;Z9>#o7_}OYpkI zzVR$)JWc3pBOkeS*81+N~?-0Pi4Cy-7aGZbwD!6D;CUTycXm$hT#CGdf5efi zl7ZB=M+P9HMpI)1-bda^DlhWmJ!6l(bZjqYij>n=yo7k5a^k1-d{X!4aXp8({27^E z`6$nk>;CVH^t_UIBV=Yg)aQzL6~2>tD^+w2{9z2dYc}J6_KU9M`YNvB0f}m3ldbb? zvLT##sn`b1CsF6;2N@>*NP8Mlp39fy;p;S=p9H=ZeGZ%rLocT0it0#&ny-JKI{M^^ z1hE_Ciwi?T%KHl6+tqI+c4sB}Y3VndJ(F?7lq$E<$%V{l&b?Fi9)588z%F?@%J&7g z!pC^W(BrlY!+Sh>Jo-h4#*2LP7-Y@?=BzeFm!7_M6MLWjd_k>m0Nfc1-4sGcD^>fz zt!*csCO=b=75l(DN6B1MOJ3JSZY}xycF=zxcx->xf1oQ1`kY1_LACB3pS=#fQ_#*lV&*h6z{S(E~c2=v_50(=&UB;q@c_2Yne@%qIp|_AGkfQxWDbID9w-n#3NmpwGxK zuZFVYhmMdZcP8%@oMC$hmN1Ts-cO-^;`wts&0v`GBeIalA6ei8X9;{*Fgaz=yZdv6BPM@;k}*_zl*a zTwYV7u<~No(yXs)L@R$>b#taN?JL{4VFOOrp)7z}v7p`0mJdYKX~}KizjreBafeQ+sns5TlzUo|YJOaz0B< ze5B4PcJ#7-j?a2cX{zu-`g^|A=tRef0k5vM)*i2P{)VwzEXEv}1+1!o8RKK@8#1^j z`K);L#QpTcn3J=;*nk4+IB||CZF#xA- zH;1&&%C|RDj|t!K?p62zlFTjQ&Q0;#-u(P?OE4#Mj*k3~FB2ERT;+41rbB8XvhBuk z)ICJE`xoXz{(Xz)lUvZZNA*Uco5c&Vi5bYjPmq_>K*FazI1|IG_Y_+Un?UMXX zhQ7Hz$#s(USHmB+!ym+h#7E-j;qu!mw@`H?!d^`#?wjX~OL;Mi{=~jJbe%cCdbo}H z0Gu(}av8CFCZ=8ZwFcPG{+fqsT8?)vzrB-u@%^34_p~=IdS?Hc<kXJeDfoz7LXzmzdqvzZ0vWzB7PNpXM-qkKh~C+w86HgXG0{{V%5fL*!lF zch8j%-P<>#{&Bbe4%%w|QaII2|1-#`aQb)VuKqjlPk8h1>c3BOp*!zW_1kejx|h2~ z_a3Eh*4^p5Pr7f-L9sMl?aJqt+59MbFs(PhV}Kv)vS&KFK#W}9IB=}sec43U*04V~ z+Ic4m+y|3$colN?=(dp0Ulug_Tx<^YN8wpP>&R2u%MlLfccNN$uC+0Sei-5Rv%}E4 z_*-aM^@_8O))}9p^IaWyzmR&W7VI9~Iq|x0V*isi!gy-8E5Vscsjs3OU5UQjhc3$mmV9Q6>93 zpAgE1J#|-ZI@XladThEi_n8>7nLUpsm63sF&qFkfez{?$%YT%A6_KsgI?!IJ^H6L0 z+3Y3oei1%N&cuQTOg=0f4nFfFw0{R@FNoi5=D*}4u}RdsckUyb)Au`p%kl1GovX3_ z1)Y*{dvkb1_x@z1_Wp&xhxz7p`kKYxO6JsIr7A8!7qPCfcMxZ#{ZI4?bd&4sZMtqC z&Iq68_VDF)7BNQ^rtV0V{WG4m5d)lse>WJm?A6T2^Zo7+e|ZwzAm%B$iN9`~Q=EIB z{R(H5SKtfgzLO&uX#OO> zgV_IZz6oppnRsWzBLd9>y>B{c_e$S4$GN`B{RZ5PbM1YT<$W`ScgVBV*h;ZkqT9G0 z!~CFwK$yRO;V*kH(LeFGz|whog95Fz#d}^`eH&bGMXden^gjdGgg)o!b{P?LLf-!)-&rR2>n!^#tW6Yp4NxDA zy`XenEOd8mVp%vW-?Y7+u-dB1_WBvw`5wZ zo%w74ZVmi>%~{X6_(-+q_%z?oZRI!5YeU@Ma9EvW-mKo}qKNC%7=s86MKRv%qudTHoempSd!oR{AC8aEU+Wa0~sY?O0qqJ<$Bmw7nHuH@2^f4@kDx z{0iFL%O1!Dn&)Ti-NYkCmf~x4=SGf7OC2za?gd|6J0Z?**$Ou~@Y!t<_pp`k{5TW@ z_mfN6$AC`T_JIeCQDc4MMl02qap~F08t|HSMhi~BEY5q^@LTU~4GZ5go3G+Jf?Td) zZ^_|5BkeUB<8Q%v_(kT0e8n7$4Kh0uag_@umtA9K(=8&Y_OpW8WzziB(z1T|i zV=O`S&9n39E6KB!k*@l_1GqQ0LiGeQoBQcGG^Co6ZyHFy#2S-h$9Ol+I>;Zog4nhfvOh+*yal~My5-CK z?XFt_17dg3EnnSlbjx*Ts$0rGe7wlXOFC)HuQKL|jQJMdn0ePf=IW0d^KI^!Up@7h z7kt7oA8&GX`?&M>4d`+QbU6{2w?jki4+5h(fz%sUaUUN``hGR{>&Vp*{9pJKdMR~$ zXv@>>Z)GmxT`O;NbRp?_t;YX(fi3!fXxT>%#2hYJg$*qoS$xRw%5~0uxqdIGfqzJk zGV&y=xtcg5(MuFPpPbxO8#c`9>#U6iKk?xdQiCaq4@dN9=+3%?nv79=Ie~ilE4$q{ zJ{@Ykx;~w{pAip={$GGyb?tEL>Eqj+b?mHEt}k^5!>V`8`k})_r}CHaMR^wEz1TAT z(x>YDPak9LF0(GS%~@V!!DmyG=z8NTQ*7+{N3f0Gh35EPb*hWt?eQkwGrk4tHZj-p zsDT%4f;YU&v$2wAA@(jp&HL6LX`r_LhS>9bKM|RN4Y>+i5cs9muvR7PRRpm649%sSL(9kMYgt`8?W{9i{fPS0nrr9!uYs{q)=~S>s*wEByW? z^(0*1qvBYSz#vQh0pz7;=eJ?cZgzbHYA@Tgmq~kB%|GbTR_uIhbdvW)9}}o+okY)V zn=0PqtbIGr_VesUa3Cj>y|H0|RQm|C_Dih94fd8?VhMTITmP?q+}cld*BoUxvYIa40>c6Gklq z$;ac459n@S*2wzmnd~*?xF>lxS>(d+ccbiD!H@Sn_~m{K{QR_X{yzv_7oTH2-734n z>Sw=53@77VS7v3}{5@GG0S*D=d8X#;%5d?jqT3HQ%>1wS8=Q7B?PauMcp?6K{-*T; z_^x9=xb28`JYC>i+V~1>1TI1^ju3a--{qYH@#nbqphvf*@PGpBFVStJe-|I{`)@p& z_r5t3T0dUt<{U!L;)_oJ<0kyUl{Ni2YngSs+FiTnu5#9n_r0}yCiC=s&%btSsL$h# zZyS8B5}#DO2X888j`9VbjyHL2h!5&L=|sXqKOEvaIMXIf9Szn=wO*4uSPytkbTsQL zezqK4)YMQu$Nscpcv+h>(YZ5Nf7v(B61U>%u0_cHA;|s=bm6p)?&{nb70&zr&inF# z&qtm~_onW%;{#bPm}i;T4$n7*T+BQ zo%!zU>8QO+Y41$qgS3CW*6ek3oku^8u_T5$y31U2t-8g?Ds+)=HFq}5^W{Iym+dhO z`XUxnbgtinTOGS$IPh*Xykexi5_rS^b{Do@WN6%jmlsEw;JXZ$R~Q=S`Xa48a&0~~ z>L&KMWFKl>8!vZkrgo-WYcdu=ZmyMH`~G6T6CYng1#m% zOL}KlEL^sOPl6dbTLJHufsbL~821W*`<-h!OG>{B!l{;by*RLd@uzE@pPhKP;Yr_~ zhlekZp|5?^zpGwi7`!UYmLHD4$eIZkpNum$ZS|~I+8XMLMX>nyao6hqXsE9fpC1me zA98m0{g6%QQ%|ygR_)X{H@Jk3Js%xA%gVAd*;CN|M?1K-iM`AnCY~xY9p~dc+iT*g zGfh0z4mX}kaX!&q$njsIH@yq*-4Vdv&$6Fmf1?eZN@t@cWb0e|Q!i-m^??ib zQ!l7(bf9GpzuTx6w10GI%UJV!><9bv11)X&r7dmvfmKs6=Ui*_%s!muzNoZCXMqLD zrOjFtXvr@K{aSVf_W5qBro?^}eLGUloX!Jhtz7#T#3;%?I2Zi%*8+-`<2UpC0Q{C7 zI1&5|qlZ}dD_iy5W_S;NY~E`je)LEg@-qld``g+EoyCDu2p*dF3$z(_>?i)(x-Y&s zigt}3jOU->cZI0|G~8Z8A5q>JJfOBEm}9m0+pSZ(n~_zwI=+|$zvsKYE9tKn(@xVd z#)#a}8V!aoQ-9OM^2F;H3-4>4*y})7bYjKpl34FILwXD5jS^1sPx)j1!R%+cX?@U*x9%;)eVqATFdU{jOKI7P#st28X zko}%Hf#UYrf#O6tZG&r0p1@#u9ro(4itTcICht<`PkVUF*+0Gy9a!`11FXDvqdV~P z>HWw#=tqyP-{E^d@!RFk%=nHqI`SYsrf-s$J*Tud{7q}L|66}wuesmO%d|H7-|@Hq zJhiqmfWLe{S>RTHbI`O8o}2`J;kWXC=WlyOCN+g7IdUp-2Y-QQPgyAc6mqa@zn<$^ z;DNtQ|5%>Ra?VUV)$_$X=lnYA_+$G~uk~5%Iql;mp@U~5&VHAEM`i;Ta%e=G70hcI z^NN*+Qv(iwgFLUm&)0LT)9}epM{XCf7Bd^A^JyQ9eGFu-@V1z7uXJVkbq1F+n=j4&Tnea>Kv3H0W>87F(S zsYMCs@~}JRnu~02jL)(!H4i(%j2(S)J7ex`omRnHv`)$ckBy~vm*CG|lNZj|clS2- zTMO)XpX&AhOC3LN?6k8{?Rz+I8SR{EE(`s0sdDGiVWqyJxpa8&&+C0IRpHdqQ_SUV zcP`?S{y8jX4#pqH+9$!S)tnDw)(gFW9R1=PbOP-&AAoP<5#P4c=ma@c2a)&6wep@h zIzf)n33j?Vf!;wDr=FwD{ky19V`8jxnqv=055Si2!9;zxjV^U?MSbrgFOEK&e-uug zb&IvJxe>h_++;u3;HG5G^NZM94)m#tm1EoAhOcY@F)}0BXT~PHg?;C|gOA-l=kexm zR# z$b`$lx1r#g@%JDAnME0{C1 zu@3dyjv-$rlbe;tg~4O=;u(x_9%EF08H`i@Bhv=g!)ecZPtTpTrN#j;M4#@WZ#S-J z^Ir$8ok@E*)NSKak32LA$8?cml~%-8?i!9l0?`W6=l z_1-XKOydUaUDp&_1(vP0SGYdqAim@>e958vutz>dDY4$-&*k(rhrTLnEIWg^z2li0NJ#HJMv$m|vus2q%G_^WD6E%Phw z(cmPy;qF3f)Je8lOlwX1vehJabVgm{WGf{eA7oy_&F6`o3WoX3^XK?Iy^(xogJV|n zvs{0O&Mn++1b0_}yDKlJ1~Itr$J@D$mfaifdOZ6n+L10(^d<0rGW_!kbYJZFQ95t3Wh-NkZDVfe5wV}hc6E3_u$A@a{^iU;_cgxD_$?hn?Mt_pEn0|9 z6RisrV>{qe9BThN{RNy_fi2>T>I0tGQuICEt)YML&Ff#fH#Br@2wY6iM+Uwl(U9=) zEcyyoFb3{t^E**jT0D=M_RFbJuX?i?oU1E5o_8Z{f-mU9=oIIne`;SSqxt_osH1HT*}{vQw2)vP1X;@6jId5b#NIL+u=| zb8OBCH4(lTV}AhKuMGVrhHpB8Z@N`^8cPP-rTBq8KVpn;7Fuq7jw!5x4>!kwbCt*m zC+4queFfvM@!{tUT5Eii(J8#MH=G(ppV&Fr3L`luFKy?f*Lpgz2EWsGj(jtM*URKr zsMbMmxN7Vi;c6y+TJ}>{qEjW{aoVSCWjunNhkF-kJWXA=cOKU(c;Db2W9$|87`MT_ zrXIM*{l^$rjQbkn0)BVHxrJRgcbr(i6`wWrDO;klp>%EoxF?(&49;Q0$~N9DJG%^= zW1StGqisLV-A5k==eYlMekT@wGMxJ=I43#z48AN6-~9HNcdsW7_Qb!}!M}Mv{Cgez z)Aj2v{voej{L5&b_YG)L@g`QtZUGKv{`dtXhl~v=+IMWob%m`b*^tmocN_9@<{;Qz z&m2la4xjPQ!MpeO&f!_#940Xb$(rxdr)MYo`}FSh?9-d~oZjZG`Frzj{P=kvT+y9h zoNAsG<{YoVwrt*&vNK#8`7COb%0^DqStPR;H@yOuML{jsy(>O9gA*$01~3QvWX%tOxMn@cTV zY^w|}QEW@~`o&aKi-no+Rn}Np=%h;acPjd?tk7qTH zVqA^jn|EgIS9Sq&_Iw?>>T9n87OD>w3w>jK5T4@kP{k~5quuB*e3i(P=m`G8W3`tZ zKz2JdsRPXy2?k-Vd49h78VJr>qwFVXcN#erh2gQDewvn1F^%_m){%C@=mX*l)4$}z zG#UMrXCc~}j&9(|ug;r^8{)l{HHvA|$w%+nXGRvJ?K8$M zS)ajJY_|-xS>wF>8{T#1Kf=Dv znLqsa95a8T2fxO;xH3xp!5@u`QZ4w30@rt2;Iy@kwi4W*YdPzDWYF@2v^y0CLz_mo1TSSnc(9XvpYFmggaX zpgS(|j>at;{3eZiBK~#c;!tpRFgR?+yoo-5nRvM9+4U2oYm5nYwfG6NzVg$^M|K@; zMbOy;j1Rb(vk_FICpv;N4VE(25u9nT5LzF|nFbS)13NU2Kx&Sbbr2QV)58fK2>4hf4!-zk0RbTF`>|Hx_y_{vsgF1f5i8GTmRA)?G5VP z1;9{oGFi~Ee0Eti@G-9SO`LC%tc&Uwc;*@zt@)GouZkS$*aLXo20!M?TiQZN!rpG4EPS#d9eUmi)eq} z84UcM%Nn$@Z|cNOWj22eJShXusKJyvp#6J`8J;;~KlzIALFwPb0dqjoUQ&fz@Cx1BZvTw`~_hkEykG~z?U zHry>ghT_gz;ce~kqNwVXzSYN$^?zi&e01vv*xb3nz^$dCb+!!C-M*A)9*_rxv=|J z>KL!ZFa7;e*4wQwzmNLzg^d5j@zy)rW2w>gi$LDvivwrZYs}Kayg6vB zk^}zh?_1VrZykuODDde&;2-?d}0tPPBz zc;5l1zWaNOah2%h(@uT&&AHGcbh9|%)^}$dt>;kJOYgv|R)Eh>Fo&M?t2b*7)N@}9 zuQK)B`Ocy?`x9>4(`ZBArRVO}ch`5ddXMjxz4ZOtxvs(&GI{ZEYT~~gcpyTolRywKXD%EepkH>e|`U$|6Q-XyWXuh%lEEZ-(Bxc zqm9KrTv@L9QJ-CUR=0V%Yiio(`4hf1sjkk{C>zlm!pTH5F zQ2>uZCam-7{r_t#b<*MMC*ePIb2>g%K--`6n?il#@W^#uo%S!%f8=lIU$~`OYoBxs z;(u4-J59@Y@XpW&Yu>Zo`aaes%9=kZ{Gr}@Com2}E5cPH2lzV;ob8FP`fi2r+=s6< zTzkA0zBh%_;?Zk{mI^n&%ALD&5cK@|M z8o$gs`FLZUCKfEkzE`@A#|(H~7=9@|aa@68FN()rM{JnKgVxXnzUg)HO~+|tI{Fs- z%InUgCi)QCNq-B^Ccehm??)yGHf{7Z6Pk@`RB)T+_kulYXKN51JfHN?X9j9bbEhJAoxe|$6p`A;mPeFJ05W?lM(O$=;& zAbQRJnmE`&R|Wt)|GURGUXrfOQOY;vd@H+Gu@V0-g^f61azs z)|nqD&bnCjK>DuD#z)gmE?#>jId||5{3>?aQvF3|;XU~gOwHUou$kE>+sl4(XLX-$ zwT2f#_r2B{o`M}U)zO#I@9=H=6m<5f?kH|%) zdi6ndjcqj9tNW?zE%1AMSx2^0_fvUS)}K2kBLfC`_a5OldzDAZs3%%NUXgV9=-6=T zKQpNr!I-@FyxP;MhvMDCo*d-WLRDV@WRhu%+A;pNCW7m|we<*XIqzR;4^&%jomI6Z z9n5>Cwj|#)uE`m_xAk>jTi*C4(56>smNu)Vp?^NhT<76yE5SynWxQ%LHYuEngOkZW zv)0%m?pVpQxybhBeLL;zeqZucdV7Ae)Bo-=a&v~#uUDs5{km`=9x=ZgTz;6=6&E|o?%mm09!tv1o^@vPBhSD;=*y!sk9U-VvvKsuN^&mm#y=rn zd2ZslD=~dd}G-R8#Jg`Oz)XPry)b9^IbaCJE|EMqMZrE zuBs-a`c?nZbFZ2OOiG|9cu|aXj1LRLYctofwoB&K6xybSGQ2U4{uF1diW`bE-Viii zM;xk&2g9#i0FNPmyg2$>&Y9k86;orf1^&xctj=n zQ$cVBS$ACwI7H}!x+leg%ZJc+IOOCmkSkamDROJXQ3Fr9tOvJ$^t=BIE~zi|>ENK# zpX>lXPJIhJ@Y@{okiS0lI&E*94!@SN2Bwd?F8uoZC&aG<=sF+uzc`Iws+*@gwxV05 z*XpdIVDmq%=~PY3Yv9){?4;pOz21IHF86KLD;!_jX15_sU|dBE>Jia#SNJZL%tNN3ixhkLXR?8me>T(5YNmT&lRmJ&6 zrb1)TKy;hcl1baiJnHI5N5xJaKNDP=ioF8;94UexD}&wk>SEmUXzFY1q00{+V{O@! zPKCjP=(cc6BlWI`6|gTQo+ZW_2Z<+)aX(JG)2X48kG<{9XPzsgk)cl|p@r2};_qeS-0NZBL{BA>deIq}4JQxvPFIL%+f9YALk>yH@;l z`63S|hiQ!&Q*30IcZ0i#6=;buzH;P2+ty8*@LiI3%@t02dwA?t}*S)!O!(E&2>T4c48E8*&13(BN>Q3H>0 z)G&^8|Kw!Mp>Kyr1k=8P=s<@S?k#rt!@zLMeb9lix62)TI#4Klx*&~D#>Pe$1x~5U z$OTN4XMK>oA3j<>fxldD%lIJ4IVt228Qz+?m|Sa1HPk$vLh<_<&CmZEF?85C3HYwj zDbPzZf&Xe?ZPtqUuVJ41zgPCIat8OKmu%*q)?^K9vWjO(){wVf{;UR+ARlq93bK@7-OpSWRI2{|r z8(**EP=7w2wOoC9eCjlPo#*zI!C1zRLGLXXW;X%buC@CVu@f21ef(p>2jIl6Tx6f~ z5pX=mx=wVSSrf9U^}lFej`ctRzI^0Z%ZjtWb^HX{*9`(+&GmcG7iXYsRGt_7Ahm#X zH1(G&u`Nc1Q*D)8L*JZ1(8Aft#czZzyiPEl3$3jjfc(Rb60O$tMekG}R%q8=+N==Y zMy7i3{%65}cL%dp*l8_%XX2dEV^2#byBmlRWo+tG{Oaz$)^+pgE0f$L*?tAY0cpPH zB9pdWp!i{U4E8v4ovd$4pqCQj8A^zM*0np&;>=v^BJ_;;ImE)yULCOsj?Xx=x%0lG z#*dd^yftCgzC^aAQzw25dBkcX!n0&KILmM4sm&u7P3`-6Q3m>f^!YaYH_PCys||0> zNb^?j*(SqVGmIW2zO)P;C*Ddt;%?PJ0oJKHbX<$E2p2B!a+%9r`UMWgPaqyatxL6g zF1n|oarYhV6-q~M;+dWcr*nI}g`Ov!AN*fe$T>A% zKGE4w3d}WEZ@pB*E;2Hl`o-BEJRBWBb{M$m#Pw_oeLxISOLQB$-$ZmjWEi!JTUy;* z)0ZO#cUz=ywgZz3)3IZJgxCA=%>UbuBR?PAg(Kt;q;*tJ9~*A;N1s1D+gZ=p zK+E_>Ra4vo&!xje`dF#2Jyh{QX$XEHy}u8%#GZMyKXV=kZ?OU$oCU?6UwFM4&$ceT zb`j%<_tO7PQ$OOuE__7J5r6yec-ovm`x6;Y&ga7K=3itz5XJ|(68arSpR2*SCU}lw z09NAPOR_%1BBI->4t!SgAOD+u5_pUDNoE3n`LM80O{`aAk2ruQSOej|_K+fL!Vl{_ zt#bNkV*Sdg)!KSb(L-DN2J1_al{Wx~c5tE%nyHWsv_{$~&iwqCRP;u?U*1isb!i(i^G4Y|B>AUail zN7p$=I5rTt^$)i^?xR0*zC{oFr1S##0=i%s>ly>c9X>b4eokj6<~cPHdeTe55(jpJ zYgDh#YA$3#@t z+Ow0K_oD0}L}r1XCXVz5`##MT8e#m!@CZ9zg^%tk&SIiZ^v}sNXfI=c^+945x&-tu z*c{uY}AAEBMZ9q21X^#pJJs;b} zYfE(&_S0T(ZF$d5)fPCCA~!Y_!IoV}n``l5i0+c`V4dA$Rf2QyTJV7Pm>+XQZ*pjz z`LshDiyFi7Pj1lJV(3aH-!~r_3Lhw5jjs(q=TmE~w%3LSvP{mExkiW3^;*}ixe4Fn ze&mAsjIwXJy_bIX4}#af&uHXRqCA z^w$H(LHvUFoKG8XhtIDo-mZ;!JLA8Pe8%{eL#$~A|Ghk{h#RN*+W%mC!Gl*Q*5j=! zWKV&&?)7_Dn4CXy_8!K++7h_Xdf3qkvg~HQo2FbXXgNymx#Ia%FWBQzvde1WOVS}T z{5+KF{1RfWz^{yXFDK8Tm9Ct;bD$ODU!2nAQ*!u*L!Zlm_vxPh{vq#-Hs^i6 zd_8t;mwb);bTCi8a)<-GCqFIU!pO<;{`fhwkz>fWz(eph;=}y&ohBWj2Hzd)7qsvN zeBSjFm3PV04fNaIi##2UjQps7mwqSRPP}O_>rsSF5<^F0ZO*L29 z6Ic&)V8dI*&+zj(wjKDI*3D`>J;bg5;qkljlXbIZAAEZHgO1iY=gS=^V*j}=vs=9% zY)ooLLw7&1Qb*z;J5iMB`aCksSvQvQKGCa9{X(8!Ox%icHWQnmtIh1+0Xx}e+N+3H z(hl$JTT7?-9gkCtrJfVbA|wWL&##C&(+TL7JiE-McJ#( zf`9DW@5G$R7FbGOC09BzXC*mK%o*}O}u zZaO|u^MfCiGq!H?^5O{jrk3aWCLKq}H&No|vaVuoKMFihL9FrBd>==)wj=Ad^A7{C|IV zpL*BWFdBnk42|jgi8;agbNXi2&q6=;YO3Ur*K?#iWbfbRKPw=|#KoKWqqnpn_v7%e zbU&eUnqz#kk8^J#chLUT^y~K3hTKoLkBrD6_UHg>S`x@H_4XW^Czk>}@&ov_$IJck zM2}q4#nV+&FFr7w`jwBjTl_QnWu4>C%QbsE=cjpm6gbC#d1#4Se~Nl>mGCOFe@*PA zY6g~Jy97CBPP(1ssobMii9jLsU_ zDjoS0dP6IIJVy^0W&bBJevu+@hIJ{VKgn;|%J=NyEI)JwQwysI8wA||nYX)}?-ltj z-{W-rj$SRSp~N?dKX0dh=_T92-yQtc9%F>xs)c3rlQF~W>EyRdAMkV&*)4wfIew{- zd@t+ddzteNxlul!iopSFh!af_1B5ybDMzU0^W=C(r(HSmHO z<YH~XQ5)L(y{zT{7-xlsO~VYV|aN1n^>89V@+nz@wnU$*sy`L3U(&UwefQ`tDb z_Koikt`6YXJB~cvDS66S_y6%>$=c;X%RW(Ly~7?Oz76))ILB!$e!dyN-rKtv%HFuQ ze<2-T`xl?Iex7_O(dTu3K*+uaU0wEg>}B`|`xoa`08e;p^m+Ks%h)<@-?GmYPsW-r z*^b|-4LO~JmqVj=lJOclg)v`-50>)<7j5oqJz&LP4`mkt?S`HnDkRwB8FczNCR{Ggx1tIJ(>PBJvNuDTf zt$_C;QyiK;3)?M%j1k@5MSEs0_!bs`=QGjU2G6iqKh=kF&ZYUz=MFbq%yla`Yqefy z@)j)U-}wBYE3L_g%ewSZ(T#Yw!H!)?%J4YXh`ra=K@r`^iysK~g@9*TyI*UEp zh38V&lKBOgAN01N&^@bMW3Oeb!dd-3m+`STm_sQ{(Wc(T?{4&YY)q3Q zsPn{1n462!yDj2cdX6#77_C!`QFwSJbC;b|3qOh=qorFNRD9S-#KiA4qm2 z>oQ#3Fw@fwmpHj=oa2k1{|Cf4NS1hOHJ`PbuQ`E_1+15Fhj?bqJ5H|K{boNU)dr873tZuwsU)(=_?6w9xhP{DqFRLI@CMd81h3Z`B;b4F z*)vOy@a4J!XU_q>1ALNiuV&B9zhmy`MU}wLJHv7YI*iV+ zT!;UBz{*eAtN6RBAkTN+i6fhxnopMY#nzQIeoC=nrrj4ggCqi8d2J@+;28dcXKVOx z5hF@m^h(upAkRy7jp!Erb9Z6ibBz9}v#)Zb>_^wPH84N;Y;?JmItSfiCUik;*tJKXC(gp~jo&%1MdSCz9F-2ndyn=ucIrJ0 zrOvxK|F@Hv+$XKnYU;RbF9_Og)%?cZZ>!_)7|sdc-L{43ruB>i7z*BIzm@$Ludjar z=I4;d=%-)g)wQwB+WgIx0JPmlI@}cFw_u4UI=9@2T%LO#m7c z9}S}C#JN7CID{%ImCxQE0qn|VBKui`w4U{h4CG2OS z$HZu_{7dMolYtdyImUpg@J}*r3o^ygse(eke8wS>*pCO@MuG> zq-D}AJ!BI7RTFQeIFoKN3AtcoQi)F{jqNUz9{VjaiTC7RP0OUIz#sk1%fFV*gCFV4 zWYR6zpq%NW_7vY?WD;%lDwC%8WD>sz19!hn`jBhC4ln(<->5FRv%r-(4!_TK&fC08 z{64oEzwe};m1_8lS4uxNywr_Xl}?)hEeMYl!*l9AXmsaO>_Nv=+dy@gsSP}Y_9mhu zC%|XLA$;MV7;g#rS>@zhk&o~7EuUs*^`N!z6>`#t+DUkLVh#V{%?ZXUeK*0FhoB$N zclBedl=$d|E}kcuB|i3}->~mY`$g!^hTkzaPluMCJ+mfhbZGONIo$2)(2=E9N_sT3 zJ~@HR@c5bh6H~y&%b>lx;RDixq+e%pe>3{?z4&{)cUOykddNs(XV-1-CLnS4>(x;Y!f6T#aS9P|AxH2+^jBG+iR-QsehRK`qzSCZx?0>Jl&dy8FMK6^;nxg*i z?s>?_#9`pfd=q~Hum57DV#ggBNgPQ_NV2Cg+m6MveKOKH-%#T(5YLf6L^6{1Hu}cy z!qC(h(7H&bYVH5Xo_p&kYoj+N|9gV9{5NrMqX}3er&I8w4clFPo_&iw)F{8A6uElr zL-vHK^N{%$ukGxBA4qSwbF>}X3(w@a&IyaetyHv~IYD#d;7!ZXs~5?i!+2DaLt{$M zfot*bMc~g6BOigAY#Y9f-Vclzm-fZW@$HQ28>$C)O-|t5z{$vH_AYpAKoytrQICJI6nNu5WVZZfrWnBmGbF*4gP3j87}8o_(}+ zUY>EWUX+@`(9^Z36An#-2A{t+K<|3 zWOeK3(z1FbHq173y7-gK9Xadxd#<*x{~dmf^AtC7t+)40{T`>rqhxFwdRCTS-{JZd z;x%GV5_ia2$`>ZSA=s*BykzYHeTO{cj9Eudl5FO>iSM=(%j5F{?Uo-%{(1R7a zae%!w%d2ate6I}f)rmES{texEFcQqi()a6QR1f+>@k4N3cDq*-Afx%me?1C4oew=- zu(op>d*#s6JbcNCSAhe*-^5RV#U}7+^O@t*#$P+Mx$$0_vM zD#i~!>l{<3&d$~L>zqrT;Qh2-3tk$%794f;S_4asRqGY4>Y>+iJz8-&Q)wId59*V-Oq+_u^y{{la4)UfR-Y%`c8Sq# zp9e-SySi<8rX5qv6?S&!lP13Sy0!-JMzMWXepO5{xULM=9;f<{EIgb1xHj(ZKnLEA z4m=^7da=M=G&By}sl|sIT?XuyYv(s;!>;EABME2Gy+Bfk4lZf-f&su4H+R??)eFZ!1@vM?A4oyfG zzY@J$@nR9$@O1Gj@OeicL>CWnURHT-H(flUI5zNyy%yWT4`_68e(&UWB2?<=;@NI3 zq^o_p_!LJM_r8zP-;b!3th!y@bn&ZQU3{WX7cV!u_&U!&wE9=*;=Gr{o=EHB)xf#j zr;E=K%ulI{o3_&ap((%*5zchn_4bgVxJx zK5Orxwx489&I9;Oz}u7PA=^s%^C~X=OqcE+>mN>?ORkPwHfQ25Dw%S!zv$qn&&*%s zwSRzmJ|Fe(ibqS_0W87QD7Y=ZuWZhCaJp?OaAI9$D_o9FopWN}B4R*HjhxHT$IW#= z>wy6N%A@dD$3N@r<4E=n`VhXGV{Hr@`);s(&u@^U;HT_+jGSl>zkclXJfp{MY*pH77bZBJ+383y(H3-`~D!2`2K9o1u(dMs8v!tzxeM z7+sen4`LPm+f3d`Vk7By(v1_6ZTLF+jLr)Bc8~RLy%E{Sb9^i7%4!DL_bq1ajgH~^ zO+pS{bn~AMgg0KmI^}_DtXX>z^8z-qZ@&UgN3x-%KCBTmqW#Il1!3L=MvT3^2$%q; zTi|W3yVKdP3_1SJo37UWP28D2^C8eS^JC=Z1s#zg|Uu_d^4-!5{c_ z?0)(k%bp;4@Z~-7;HQxXul%Ffj&Le`7q-NI@GUeH<$7=hvJ3qxQ}>`9a}T+odzS7& zXUgA~&oUt27xA~zdfvMuoYJ}IG2!G=#@PTI%83PJ%yDFNoH6TM(n|90E7`lspkDnr z>eb8V-PAXuTh01PYSv5FmCcaFI;u_WFPdCWXij|zhmv`;d9{@qhAg|0|GE4>$Q*9z z2d>GVie27`t|8s9{Z-cHdGd>!tW?J`){UH#$Ts<&gSKd0`h;|e_Mg4qU=6i4plM(ZB?P}C!9%(O;(xVQ#f9ELBVo%Zg57v#Kh zp{@A3>=VbyD{^A>WWV{J=bcc_krS_%eZq;0H}QJ3^VkM-;6P1rGwn9huWFWz2ps&N zDsYyGi8I$HroO4`5hwEAR2_2p3cK)`m_+FFwR-Xkn9qWH!9!>u2@L15wwsA*ENz|t zOcdPJp25~1!H<|*d>Fcv71|Y{zb8dc;L}*)8N4+*i?yzDY!&&*TEVm4&nv(;NguMA zDn*y9|0-aS#rjWR{VyAowXD+0+_m?v*Y+%%yYJYhogK%7pBhIa<4~->^f<)~JPNJk zV+Yre7p}7ml`{>@|8Y6f$cqZv)IRCu_Pxz&*O%~8Yd7sV?4uWmUwjr? zX8yUUe||Ub$dh}<{@+iJZ3?s=8y?83m)&##+`TDeZOs3+_00f#(~`9-S<98ICAjz0 zB5Hc)1iEUBuG5&y5ZBo8ZU1LpyKtj^TAPfG7M$cD5z>@>@2& zcx5>;1gdq=Sv_EFv<|*D2bgSQ|1ush=a`tYo4^b4lV5K_m%jH* zxcE8(9cNhp??T=p*9Va!+@%csvB2#!i7+4f=|4-h1zSaG$$Yb3<#Cq&ZDyPQUCaU$;5&=DB&A(>dvQAnipe zpWCBxY`nj_27_#eEZV#gULtvwC6-a_ zykk4GO6<|Pw9g41QYw0~O6;wfp3f=V&F5t1xh|Z#_j?~T94QLg(aMl(QwB_|LfEaB zVeD3(f1TKiJjVD*VP5Bh_a(sF!S|5kb3i^@jQvyiO+C7e&{v*nx=mzVkm+U(zQlgp zWNc?(6-S4YY?Lq5-&VW?SsPY;w-A1{Kyw7SF27MJ?MKm5<iV^| z@Qi$$B|67y9DE5IM*Cb($(A@N?_2kb{O-#8ZWG>Jz+9pAYIu*=mc|vPy#inzkv>Bo zg`9(x2fPbRUWsMS(=q!WzUO0UzdB@90iVeQ@Dt^5Ch*PS54RliUjt+P5(AZ;@ z;o^Vt;p0x?J^l3=gg2s@_*86s@FxMSB%1=oI`?D(Iz}tJPiqnZ7XtVZJb0Ed&$+Bk zjJSxRnwZ(EGrxh?VBn;9w`$_!ppD6`ZoQjHd$8ZYPvPNUa01>(pQXh?axd9;HFa;o z#;28U-^jZG>mAMJ6{_IcPjW!@D*;Y{Yzu zvpJS1K0)6sTjcpwoOLaL@kzoH%lFS~ZzpkwetbymqjpLUoDeQ}{$AmN)~}!! zT!<@2xh8IK!TbgnLM|?d{}8)T{8Ps0;lnS9L6skc`Z6uRwj~ZO;PWZQx75PkOG~+Y zrr}|>_F=THmB?$?&I9Iy9A7H@OTPBc^?-facOjY(yz3lTU(p+^>%zr9bK&fPC^&?^ zE|-1~Y!>W1cpWhG({;XhC$Q=SW}<&TZHUJQ;Wgro+83V!pP6C!Ot32H=C66r<`^Cm zG(2X8%VYG8VjzRGgAFrUelm?^=2xI?^rsjytg|{}EpS^>Y29GQ(NAKMeei@BW0F6g zz13pn3&t|6jWtHc%z>6__FS_5ki!?@&CqcRbZp`&3;rG1A$~*qgIk^4#)HHzIO~;V zSF&D)Z*n$i0NN8@3b2o&_uX8aC1vb0o4ss!x%&FeLUNrL$A_$QDg2}WeqwO6&Y=_DOPtLYn?(jEwaW{XG$?wF!=|3-g33PN-0KX>mu@~4m?OTR#idQb6 ztuu+=^VUC?I`{tiNm_TE%}tE|l6GX)KjfTGcyLtuGkQ!P+U{UIzm8rV3H51io6OwN zd7|a$D)6X@%3Yve@9fYH;CvQ1^B(;9E%r_DOr+~(@~!qaWgjoR7<&8RJ&(^enTRt;@c zn6vl_?Jf9L74x1={j6H{t96F7baUyG4!?A8ad=I*cqerz)ZYR6TT6erjOW(Cf!7uX za*cgqu9<_bZ*}KzZ+Z@Wo2QFDds!cS=go!v;o^m~y~8>{t+`y|zje;m%T3pqLw9rM zlHL3Tx6Q0Ddw%Gv(A87o9q~U=AD+L?o^n?6-melPmt}2KZc91uW)R;t5B{lrV&!AFiet0pHqT&fD_AGNwsKy$xE#GxYf;EL7qGrxQcX`{TCF<=+ABg1yv@EbboIdR zkFe+B#1Qm^w{+o8vOb<%74N(QKZg7$(lcN4`BEf9#V?O;bMldPlCS5lSJgQQnb|*3 zEZs%Ewldm~%(ATdJ&~Nv#~Se`7BnbsC`*3#C56;=jlvTp4>@DgR<43%59h0(t01e8 zaUozZ1bB5;XXCRX2faFXZR{3s9X^`CZjWs9?Y*F<$p0N37_f)_H(PZQIii4d|7Ic(_QQt)1Olb8ED9UZ1iCT29By8wB} zxIdhP-5Cm-GnO2>aQ0lhXWiuCHs{&ifAQ)HI@el*-wZw6unIZo$*0rBufO_lC(FO> ze1E3$@94ImiC5hDDa9*hbc2B zYe(p;o77_8c$PDsCiIb!kKDTKF#R7sv3S?)SNbpeGyPTv^E;kg|75z~Zw2$}7q4H+ z5jfVM{Kt&eq!mas<(5OU8{DP&)W5m zrQ7{B^LcfBy=fO2v`6*GM%+revWJ!bXzg?P!SjqS$kf~} zlI{%+L7%366m-}Q9fr^=;uEb@UgXDn#vXg=*j{M1oWA1F-21l?U!dpEssDLg&+o8O zf1YBcDj((f)b7uV^t{qa9hya-p*~l{tKbv$)DFB7+P(^zHJfof$n_Ae(aq(PPE_OL zK}LDG4?~DkQtpH1lc@8@;%At6H_59g&!s1O`1-(p2VaY>0cXcx^PVeztm?Lens0uC zTw46O%BhooDUALq-8+15SHG3;>`M4R={FpCI1bxLz6{UDanVTadE;M#CKlk&j`DrM zt?(q?acDmyZO4nI1JI=SYEduxty3?l%l^}P2EdiE&`BY5QwA*LJ3+5EI+*N$A}jWR z=N~oKoXf52BKKVG+8@(jA9!ki?1q8vJ{P?Cl>1zazl=Vo&}Ui1vMu(xEbN;Qv{epm z6!sewj1ZH+^&U9fkZe#*D9OGGQ^%{1-TV?h73k3d_F-Uu`wxI8G%7g=FIiGX zOo8^sWlO}6fiY;$*oL%)PZT`A-ahp9p#}p-pFNnsrpv%5&Hr?M-7I2Z60_JNz7gFI zUSeb$ve~isGMlH&W6zc6^PrU^wh3_xjKh(|%CD2(UvXA#$lW&hKmuN&oN(v_nSQc- zF4^epD`|gv8hjMpyjhY89-&UzyhRyqw(&sDJXqAMUCB zVau`FAO4>IsbhuT3ok1~@sj^=@L$W9mi@J6SJ?;E?}~Sg$YfvS0@nJkwe>OhK|$ZS zy9^C`?YS`cHDeaP!snNUL3;jXeBJ4{BqMxG>)C|dtZco|hJVU$f!(H9?ojj2KOgPp z$1?8`58Ly-%{|`p>!$16F-bT5Z^q?~=O(ki*S#Kz@~27$SV!v_lYT32q-cQk4mG;# zOO@BgS(`CpC@NPUQV!B+6E84U@<4frA%};TJ2qsbiFhLLT=D3$$er|$-Q?l$e$vd9 zbH@2zF-?j&dhVz@XRjS#Yka!!WbHKy*XH=<m|s})L;sCKzux?0yUCU?YmeNNKP0vYJ3u`TzyC#i?QX_UC%YG2Me~g!6S4i#Malnv3;sAl z_gIr6Y+&|SD~VAzYXMDvX68o?5ydND!`1LivFygb`DN|{E7>OnCJ*_ub`x#In6uZ$ zRN~xg!S8X(ABT5hXSd8l4~PRB?13)c$@PWANPQAJOE45}DK65$58iFy4$f?$uAJiA z%i!ONY5b2Z-RlMjSB?}pG%5Ul#fSfEP3_?B_^&+XdTK_L454NW{>>p7);pQ^%owxz z*1!YLp-*ov2$*~u!UpyPFIatS>piW<;>e%^WW(lbyl3@$V%Tmg(F67DB0b~#6?`8= zHkBcpbbp}kZ{R-sDR|?eJ+VNex!+IsUkf}?%YDfwy(=Aj^RJwH!AG>88D4MfEEgY( z*n^3Idx{?~BbOu|`tJIbdx>LUFG~J>j+on%$9VTL-fDQFc+T<8xqFUhG#(R=JY;y} zk*B(?i%WkM-?NtWc0bKi-S;}F(|8_r*r=JhTd~~6PYWJ~buRg@`r0elhmFOxw?J+b z>-qg(_hO6t+6wm4Rsl8ZtuLKr7xrjt&d0QM7`*5?F4NY%W9`x&ZQXO4w)}kcYd*ZH z^3kYApF4ZVqX>Lq8onCw5b556pWte6+La?^?5UOzm-Phe6S`;mm>D(JJM%6Mzq|aQ zzytTNM%7PS4@9Zs$bOkq`_%o;--dsTqkLoRR*%B?h`;@&_ z=YOM{pm(GK1@QBU@U}{L*;K{dS%b)z+l9|<*WG`e|9Bhzm~EUFVR+?4cnr9>QhBM! z5cwXQdO5-7g0~e%gg+lWIfAaEn45jd-G+ZfkvXwjXdgZyf1Yxx6+ckT9`joEm>=a@ zaoGX<5bDR_2aXS5o`GFP#}mLudw1E;Z8iGRmC*5i;Fxm>wJINmj@gIXPu@xX53C2m z{1(4c9N{9?W~!CbQ3LGR=Nfb)yv!eeQ3fBAuT^zwlpoSYoQd|jZe%RT8vAC(bqo4l zbs)DRNIX>gZGqxOlk*(00$9g@pLEFt z@2F2*n>{@4y{VX;5(mBscyRk|oE?fBJ;=BuZv{Jz=O%nK6aVG%F+T-2J3DjNKF3&c zYOlBV-)5z5y3SfMy!IS>SikK0_DRSHd@~mQb*)7ia=t7)z>a5EuTNA`mk@d-=e&9F zz9Wu5S2EpQBlW-XAJqO?r)XbwD}_5Vuk_BQA8D5|-a_*9@4n~c+PmKx+{N$5^Q}jZ zY!G$Z5BVhYc%Ms;qCaYWOfJt6orXI4@q54-(&86=*O3NBz6kD^iTE z>fWlJqgN$Cj3I{w2v_c@H0*@Vl-FgU4teFP}Em->LeX z@G*Us(Wmqjuivs>`c+(u*LMN^s{aW5Me%;dFL6gW1)wj`7}}WkYUbU}Joj1IX5NzX zfn0oH2lL^hm7W0@e*kMLH=sa|37=@ z0$x{D=KXzglBO4+EfiWTkesGhK&VJ56|^S_r6On@KvB`JNmD4bC?Y!O6iw3f0u&(| zoQZ(iw54DpVyG|}(IIW2Q0pZY2V@+FbIGNpT-u5bfkM9Df9<`_*=Oe@Z2@O|zUS-n zr049j_g#&}_ocL9pT??)B=IPmdMOmBA|2>85lq_AxUaw;0?NH=4 zHSv0fBX|3p;d@vgzqH30zGFW4n%lbSu4$3sJ9bBh?YQ90n{J*O8M=Bl^1TW>Olyk5 zVHbR3{Q$-Fda$9i2A4uV{8F%)2M)l4^#jaad+;aP=ozovr{X=tye}O}|GS)_tA`@b zYn z@S5GTslA>%d6YUl#qOg4b8 z@sT#+#*2+kLuVGX{NyqGp;dxI$)1YlHFwGOO|O@R2~Nn5kyoE?sgu4t{lD>atifQ6NHtGB(} zv=@3vR_5j~s`iGdH#`>D!GmVKNOA?8qA?^d#||U*le&g^@+`5h4xM{eskJx7kD*1i zn{Ei!0F0XWvFtxP&Lq#J)IYT^)UItu@nPM=z97DK274~B=hW}%j0;|?B)%d(u=DWz zyhzJs%t!WMsrFzwC2lcr5P!gH)NC^GX0r!sQ!jFp4iGC!__9dwbOx zMW*>$@?rJ|!L#jV zAI@oR@~M}a@OfM9Ik`_j$I6Lho+j>r9cb)iGbVojG;J4QM{7@v;vJvh+T?2@heV_4 z=$AKDp6j&9#;v@XxHtY=3Y~`EP5K^1~H_FJca|$Cgzo=I*q7Nb^8e zsjc+*^0vxW>ide`qF>o`;n{s=uSX^KmJ++RbCBP@P&VkLUi`kg8QjyBbcA%qG&5fB z+T$@l&R7h*Mlk1*&^>YnS=uIE8}0L&d~YjjkfCk);`syR<4vG8QpE}HWgPKMcTV1y z&70Hjan38oc2P|7cJ3vS$<@)<9*IX^`&Z#XzSL9jpJG1M$bIF?tzeFi{^na3pL67o zzxct+^j{I-+q3>1n>B;AU zmX14LQ|+~fB^M*Ww+Oj81lgrAB(V=x1^Vx!|8jmq{yjVdxmkqVR6E|jz#>nM`F+~H zN|`rRW8EZcx1OBz<(>ar@P3N1DX+}n%D*qUaR+!@#-Ejo!kzH7p~RDo!q;8CPO$cK zSRW+eTgm%&Q*Y^P_ataD0q)~k`>Y%5zK83z&|3r^Aa>XoyL6TtfiIHqaRi>TbQ}X7 zo1rLjFYo>U>&unJIqS=*|HdD9p1(9UOmU=l*T_h3&xi>20(EElz~dY6 z;ZorEXYlh1&#|XGQ}4^)8;9&}oVNK)SNr02mle9Z@8g{x^6rnhriRUK+TIPn?dIKw zehFT$2hW`Et2L5)p5*#E+8D@>ZN3h=2)4&{G3{BptJ8SqGoBITZ+NuU5j%C9 zp*2g3*Yix0ec(a5GkFc@xSl@RgYL+??WGo0Zx7>}i+!TlgP}j}?;*dVhx;j?{(87h zC7?x~?bLT{t{(Q6_h91{b9TG_2LIL|&ot)^JMoR6Tj`oa zL&W{w(=RvO2VM8D7C;_NzP6sKcjsZY*)Dsf+Q{5wFvy>K8^@s!XoONH@7C-uqwF=Q6Ps`c+*-`E;^J79bxJ z*BBiQ{!e#be4O(wuJO*dI3HYTpT?8mei68D&frP0e5d7m1~zs*gY(j8vj`kb8db1b zHM;KQd$5iBXk*TcH$2^Q8GDYen)I4SL$t;9&1wrABwmR_+rVZiuz!O(d=cl{RrsoX zeWN$V#rwcJaT{~L1NxV&y!vFf9zQQtqdZP8_IORlUe0G2xiPVd=T>_>@_HKI5IG_n zReNG&&&gJi9cSbQwQ|~t_ctG{S_9a9^grVltQQiCQ0%z`T~jUFjxov3k<3y3j?Mh0 z+?m?K_`W54mz^R`8IwQ#jTX)Rcm(uq~=JgZr z`Q#&fKFZ&ccyIDCKIuET)wk)Mg+6!|Ta5j80h_J{n~rwVTZ8pWa%?&?t|ZT;ci>0ets08yHGHlwbW_jsiOx(R)8x0zFOBYV zh>e*2&d|lJUuW$EpGI>?U5+e(56T&T)z3}rxYfk8nM;DXn3(q0#=A+yjstY{+;4N~ zDn+~M@Ac%{Lmq7pa+V(Fx*BFAdUgy{7n*xoB-X(|o$$MzS$ZpBYQe-06YslL;55ADk zBbhE8UoRbh32orZiLVQ)c$VvL^XyvXqQ*buCTp2r19+r1WrDFM{ISOwyAv3@y|!b| z2fK@_kbyp2^<0>bt^Uv0tYe|m@#xeNbU+#V#-~6#=|-z(SzqYL7_udXLnS1@`{H8Jg1%N&I!%pH3K<7B&UpSLxOJ9)|DnDz;p(-gn~1!0so& z@KNCRnBnDz^trc^Jgu#Te%_gPmPX%tr}w<}sJoAQdx7!zmGRfkS?Ro1QsCuqCDzau z&v-iN{m9m6OXH)mb?{vu6WqPM(~7$#XydEvUT<<(lhJ;OjIM;%lhAsOu8b-MMp^J$}od_4LqLY`rtG;Sl0 z3>(Ls!(`7#Qf-IuIZXE6KxZe(ChMBbIM1Pvnefv4@w4ee`*IhXeGSDetsjQQuy?fX zCEq?hGtN8cQ-2&irxW*tuWkg7vhB9``E82htPkz~UGMJ;Sf8^mK<6bzTmI<+n{(sE zTnn&)S@X)-a~#D_Q%q%8yY`SN1~9B;DtSIy+Z%=~A&12HxyefAGM71BC|RI5Wr4fw zhvbO(XGUT>n0<`Mp;=qVLDyInqglv!my>^2EPY^qW6b(Z`+u~TVYza}nX_Wo9}SK9 zU~tOJhp|p%O>8)Ne*`vqZG^MiSPvqO)8W+NOPlq%Vc4uATF%^peGB|qFZN&_v~SU6 z(p~G~o*&vpzJ|q75I?qG)qr>bUNo_H@F_fM9EIq>iNl8NIPb{99m}wRhqA|;^~V|L z$leC}knbxPYu!tB`VRW3@cVp<@9zZf2cR!c=XiJz%RBMs`tkkc+!+D+CVjKpoUM_~ zpAf%D{}Xd-tbt#MvCS%E-o7`JnckbbIe|v+v70A9N0QzZ<-pbJF1p z#X1XVxAPci(eMcJelFvKCQ@UGlllE=pI{OA9RjYmQ4g^IowuI9d$8d)@Vm*)DS`ha z@9@#3vz}|g_9l0tleU)ejLuzEZI_$Sd-K5yzG&kH@K0R;Q%jE+QSW^4Bc70Ky~4+f zzAxbWO5R^ZJ2ygO&$ITNCMLd(Skg-HJ%pU(mCzJ*19xmYPT8fV7#AXwX$gh%I`>gU1r+Bo{Ii4IP`cjT>1MMq5{{{LK ztQzPms_`+dD-7NX_mt!7s;&2wV*6urivMIUVe^_jx7LnL(|#@TvWRgi{sjy7d-cdyOJkXJ5MmF?4O)?qjPdf~cF?YBOHMn; zdm2yhyy99jAgC`U(0rsljVD^vtwZgRC-GiR&p2;8d+Ks-nbygDVu@%d*IkI1C zp>7yARMow)}xKZ2tEd0 z{`2`{jL#!7eJruY~5yLisZ%z;T!S4 z`dmmK#*PWd9rWGp3mHpL<|L3|tiLn{^CqQ_8jvrNgZjQ4`68Jjo8T$(NaX)WMyOBi z(fUBC7f+D95-$76E1t>7E52KK^|0Dvy#3@=r6&)JA5kXX+wz0=djoQ%1i2l?YbWEe zKD1wppPDqk{Y@JkLEbJU){2|Ux+ zS4hf6(MHik3Z0XHK7~WcW6Lw*moIKaPGB>e_h_e-_AKqMFNF4KPqm&pjlE`blRcO# z&uis_zTgH_G1IK&2#-WgZ{eOy8zu4JkK(Ty;N{6{$qf)7Gh^a&i3q#f_C|Mk(M)|0Z-QD z`cX#agTvAg4m$&Lar6(}(jLv$R50?d(%T=m`y~0lx%=aU*BJR5iqY0(^=XqG_t+yE3*5X zhs5j5_o3x}Eq2+O%bCBPS6fGm$7eeJ+Uj)oi{yy*CC=zv5zh*R$4|w(Iv%6BlVW=Vp^j z%e{}V1}?uqZDj0oV3!OWG?7tV-bR#2|0S9c0-Y(>)Y%tqqQe&Ww zZvxp_!0!h;3ke^exUhE?(w={NXJ;YVwj|G#KcO7^k5FGJ-&shL*vA#L!Nr5+*x~jp zq~+kF9h#I3Q(K=^p528Z_|6*;zQo!+`0i)DaxnP*EAa0JU-VA~zQ`XRzNXD2W4KB1 zMPKE>w}f>D@`1u^SWc;{so{TT><%0DOh-V;=a^>3!^s@|A``|FRW zr#}>*do`M?KdO=G6Od;G;7M{Yg|Ba757c^QZ}pA%?dJU10`{JoYt>%D4=-?{ZkhJS zzFV=0RoENI&O+Ml1kc;3O{29$#lIe_1TL$<-)h+>C#)=_19YQM@0(jU-Yy39X!uZEoM^_IrHbN7(> z9*uKPakNKR51&Hc6M;w2?$kO-e4+2x@_kvUmrHaCbWno5HzBa6HWSB#ANs}d^jp3- z9`vXFFF((VIfUnyV0@p22X!{WQ~MhN?Y|I^=lgtq+&K2&{J6mK`zkb51b(C)Tp=umYW^oUu-HneZT)sC-Zl7k(@bxT%d4@-B^jdC#TDi>RkJ zOXdF}vr1`O^~P)*M){xGpEUoQ{+eCXZ;Q4!k0yp$_aS%P(d2`WzjEosZ)NAIHVe2{Qale}4ZJqR+)s2s;WTS)(9yc!Sb%#1_%~}TzaQ#WQ&-6wi?>GnM>`fDR~fjg=HM~3 zO>9GBJ2D7+YBi>hfd|IMd!G%!Ki|6vp0zlz@EwLt_twb4=ObTHep4NM7NiT-e_iDv zq|%YV8BX3gadE#^8oB=NFQ^YFyTHp|_s<4D$Q*w^CMzRSfjRE<=a_eXz(IbI=4kw# zN-uuA(d-Ay#?KWGk(^chd_e#F)@E|w2be|7=IOiQ9tIR7+^yn<}(^O)snKQqCSaat0G-H}`m~(zO-<)YHXU<%oKFFLc{feKD577F> z0eJ&|dFMCJ6^~}~D}r#jJp`9qxn3)JgBBJ*YX#6k0eNl}mrivB3w)2v-W1_feo&oH z4}yhY5@Fo-Io&7TXXv5Grw8T1uqJ9^fT9h>&@DZDF#sF%jrB)HeHD65de0W%GddYB$|E&^_|b zZs(r%zxHqQo10b-@ZLJcw0wYj%FX`9K=;U1|3~%5Jp1?ejZN3+9&-ubo4}l}8lcSz z?o|(PZvpo{W7^C!KhEB~ME4j|xW9G0cTu2C;sqVSy-o>WUay*>@kwr}Pvg)x`^P7_ zY3`i}PVf0Qa420M9G+oth#V|*@1=%_;dc**<~P+*nZPq^xF>rj61um5d*9JL<@$&2 zE#sc6d(0<%Z{3W#oj05JYIE*w`4F}@eKzE|m-6r3kni5uZ*0ltz@kQp7ztIFJZbU1Xp*QqoT$p-6mdE&VX6l z;QB$vB-@gF+*X~x!T5>2&vdaXGJ1Iu^J5)!h9}2nQky$N}O=YBm^<^1B0n08ptDW@GPt19VZJ$;z|OJ};xejge6$!{y^qfT`` zUp>{Wr+vu>$#ji>rt+Yv`_-qKTNnB^6E=;ZX@HKq40JI&p@ zm9_Os&R@vnSw=Fo@{r4ojuUg&@~mp;rg(P4?>!&N>iR$Z4BTMzSQ-8t*OFz@X%(tP zicVX{m@CE&Aj7eNa%4Ey7cox@mrkyiABIkAqyK(*rw!qqKM(I*zn?xdPTNoAxPVTp zo7rEdHP7s?)A-Hg3;B4zi@wW!yjPRQ8~gAmvnQuKi1)aM_uv@US=y?aNlY|ATU-nO zLm6vOZ`KLs_$L2aa|l*b%lb*?dX*(!Mjvt~z+pshVWQX!7s) zUH!dCo`Tk24DWJ(7uUuHZ18MA*+I{aex+$k=sd)Yp?F-C>I&CQbuZQUXt!>x*3$|+ zd(w}^sjbIpE4=<8e|wr5BP|!86S~(NsoyqFSdEa@QwVO-;jGJJj$NbyjL>L zL~*?L57?0=_dOjkx$pIFWOLu20%Ov6HKfdV48F7R?K1q- z0{$kV>x%fBPd;FT7)LZ7pEa4k8fVBa$(7t$LtcT28zGl%4UC`M{!$b3I7@jt$_0{K zRqkgsak*vum9REfg)gnxoaE$_|H9rl`3hW{d2Q_tp!Kn@e#76h(2#9kys^e_`y~sn_1?aaSYTgBI3L7|KV{(+1xA9^1YoB4oc8u@ zW=vVwh^C8LKE+%eU?aI0BgU2jHWhrT#zT@=nBbsw8|7OL1dBTYu=vjaEQ0u4Y~qL6 z@s$C0)eF(MuoW`nntDl8Gpi8HT3#9#$F1(P5u>mDP4^H zUOu0v&1&XaRf@mDU-d-dTl}pd2P}x^;|~GPpAF3I*UZh*=QP7Ff%%|cu-)32&l1~* zY%QnMabx_Yif`C7nt2Tb!-_yZ`S^2jm>&ZD89peCw^37~ZH*IMQqS15=S@6Q$loM` z&mx2WBItfHf6oKMa$r`iE|4gOrR z8J-f)#`x3T{A_HsZl`2dkUoZ)cx4Veu~|I&Sj#xIzQz1Z&i4f7!#p#%R6N;}(M2tP z_~(O59(dMDn6PJEpZ0M&XliQ&7zl6N4 zlDuV}%3V(3riTiWmo*3cPow!8( zj)=D%j=c2jtHJwwZhxph-*%bl&+~Bl8)opG+utbgjqH6W0(=#R&9`5#E(GJV{l2wc zYjEuAhRp#O3;yCQ{j>7w?dpd@_$i|w(6dHA@Ja2|U&fFZhoT=w_+!>O_CWgKQ1J2Q z??d?T@&EKue;fRlcZd4(@&AbWLk=7c{ud7-PiFpSZahHq0(cgAMFS+<^1fOZv7Ni#?FQ^qt{2+gRM{o`F zlmI^M`fkQQNPBoK58ySQ{c%X+DLu6D6#q|+XX2raCw*kr9(cFmqcyP%zNQ}9cpiHf z#^bG*X6eWJ1M&sr6UgqaMkiVMVC|zPN z?t8+*E2Muc{yM>XaBs=$NA%~>;NB9|I}Ylp&4IYf9|JUJ@q1X~N3Olo@&EFFbNtA` zcRK#N{+Gtz$=XLTa`T;z|MTzC`0;PQjx7Cpty5tA+cx~$HvHQq;dn`VG<$w#*#0gd z7Fwse+w4c!@et=rvc97=lXBHgJK{sx*tt{W>byDP*o`rrKS@qik{By7!dZ$VnLLH| znETex{rn7{pJd0qS91=~zV!$8HTe5=$TxYlAvfPzdlkL?8t-#AFs=x-2xE1HW;|vL zta-`DUq&oldo6R$>E`+ba(-5_X0pvW&DB27RebL$JBsJY*uO8gG)_&6fATlp*_7}eS_wVYGfgI&ndH0xX1$EA3**6}P13O2pmG?8c17ZL|!E!N&Q`{w65 zz2c)JFdIU>tvOdser?VuXZ2)gDp=2JJ>!=g-Jp0CvB8au{~4~6mFV9~s3ZO&XG5^A z)@dp{R|hYdH}@O1lCSG@KFdqUUpoL!65 zp0l7$aw5FYapB;#QO*m@En}k)QxBhSvfb3?$;RhdOKuFTCBp}1ExEDc%(14<-U8O~ zWp~zlYsuU{!F`Y%KU0S_yOwO8htIT@+!)KQC7bp>@ypCwa^?(b@xAuhL+9DGWUfyF zr&{-^W8K7IE!prAGN6>_SS!z*hu+Nlti825$OPL4Yi+F+Tx%`)2--0)^w&2e$KDwJ zO4Gmjc(?l7ThGecAEpoF?LWeq5aNd{P6|k?9+@-eB-wozO%%Za)l0~hqon)r!k z3`t_w`S?e1dGS|9u5i6IG=^Y~Rx4vsY(l>KpBR(IW6z`9ZEUtZ&kdnNm_hJ$;fBX~}^f>EBcwH$TM zS2xd1=Q;MNH&!%H&eSHAFQB~5I_<-8%G{^PD^-8+*(}!F+5eM0f4UQWf{f4Nm+K3` zujHbYD{;e9XL|B6>cLy%^7LLIxUsq9xwsJQPYu9cweAf)RQl(wv0wMCk;i0UoO~Ku zcozM#b;zvF=g~!J?Drn(qwR5ecfA5^Yk^k-JVjhuw!Fc|SI%O-oeb95~eA-1{rG?|m_{64BZfy6{)Si$p@+|kEY2^pX<}mPW zKgP9uZ{cp_P^Gso(8!d;G32dapODkw@cjGkh1bx>NpxbW65jUD8kc=mfM2XVzzLII ze6oA7XaIVVjbLe@65F9c@)Y`#EYv!NXi|Fem(0mNCm&ojgwEsn<$4|%sm@+8&lkqg z`CM!7=P!cqT*x!zKj@vu_0DXr$&Ki&S$Lc$eSx?gPAApjzzQ|6#BlU{*LW z&`D}|@}?ZkP{z_hUCyK1M3Ywq6}Xh;0ex%K>6h3%19o!7^EO?^T9`_7rv z({@I=4d~J3z_yV60UGl{#vG+4LW#!NEPJG|WksO9C=o@1f8yhji)1RdMJHPRA6SUUh#3#CXCLf(yz7Eo!{Y@~)@VZZz zs?nER0{vYBoi{{*EquEazO99C8{pej;)9b~P96rWE&}dL!1pzAo~<-^=voS2z}Gzu z$h}qZ-q-S+XKdE128mzK&D8(!VlnFP<)Mcbzjn08;8*9E`qu5y`OoN2der_4Ut9fp zQ)oQSsm!g$ajU*VK0J0Fy4By;>y1fzLF3xRxTGJ$>*rp4GiyI8?qur%l|oa>b8w)C zQs}_orXjc8oqoId*0=U;_4hNI{Ql7yd28zRgQvbeXO?pIR1b!6-oHnPiQg8v-*_mlRQpN(Vx@%{iyTp7;8zgGt&INa3XRFzj-I9!O2Z{rq=cZfYk! zC7qB!@2G9Fr`~UWVy1mhhDbNz=hD7+7LR0k3OS!h=czYR8F4SB{klK*nHqiC!%)ds z8}M7>rH=dKLi7`Od;PlX9wtLWTRq*PSb%+}5*+HCbq9H;%C8>~Ll-G`^Q4b)o_FZC zNzvrEs%LC%8{l$mI@5cU!di63ls$NJm zw_fHj_8d>EKF*yMiO)T1x$2@~^Su zS~svx-i>{dpvGTmWcD*ftYN31jWl+Nm80_0r2C~?yd0q+vSnH;uA0R;Sn*BIBF{ua zvMoCCwe?;m|0`N#*4}MfvWXR=$oPK#{q9S!HRO+@o7Dz+s4a>!$gWe(qFQoMzCaC} z#3j%;yskavUGw?7j~o`}JNIiN%Q+bRvlNxeb1lJM3uTJ}# z>W*`boHTYsQA_iW{5TBn8Jsi5E02h-9(}}+)fPYO;c6=;4|y;A-?KG%R(G+H!PL_l zqgvwToM7Zmrl08OmK5(a;M*sp$7x$<#&yjl*5Tv6XC5+|@$Nc@wVFuro{L`XyHxm) zZ6h3g23+>l9wv}e{3)lib-H)%VuSW1dpVsaw(Z469Gow# zY&i;fkSNBU3&@tBe3?eQzwmjc!gGrGPQ>3?j$SFz8Wr#s|485IQ$9~QvT0I#d=|Vt zbJFASSx-=l!SbUg=OTtj>r{8B3^MEO5DO9Pns-SLPvn8r@ERYD;(y z&R@7t49)uFlG8sJ;^9T{0qcuXe{-yGqko=%=Z(GEl4bWvhVhqz-mFYD=Nlj!+tKsryoWafuOxU9eOYNv2a5k3R`$9u@q;z z^E+g~jtXj#Ruq2ocJg;tdosa`CBMKSxAL_sCt_z|`_+IiuQpmi=GehQ$(|{*ptZ$@e8-D050QQP~SpTjH*vlWg5_?C!m=|YqT9hwj zpOvnt1{ddpi+jPvWbB=7%_qB8;t$LJT~H-oF4|JY?=}2>fZPJn7;6y3wrAKih{hgx zC;_c*`*6HBsWq17VQz|ZB0L+h(CAUoT5xXSwFEfX%6NK^r#*3vQ)gX77^~zdzM|v? z`n8C*hrkEo!A|C)wiIKKzt+$OFPuU=AGzF(Oi}LTEv!2S;r}&w(8|uoiaZ`Yk>5Oi z^ww*(AA`LVs;{QHYDMsv&J)^zonY-F%a`^XwkW=~=uhzqt52k_B~P#a;mb{;wYBhI z3VmYv??m7$IyL%;xoB=dTYP3w!E{y<#YS7D*yhj%aD=S1(L~H7fvHn zWUrZc9=bs1^vwabUGty;;H&jyYqNcWSZ~EpV*0mne<=5uzp+6AHh^#_T$~RM`f86r z=O4-6QT$;CG|*NJeJ!F-@N=GTuPHae=y~+&P+(x;mE`&dz-pqNlRd{fbB-uLw->E8 zvI*M07doYG@r=FEDDlLgZuk5v)peE4r~UWZho5O%x}A4!p&p0!RHvag#cXW5-N;Va zlZsEOKIKJ!m0tJG$-WOdQS2)L|4LT8&;It-PLFYK_!01erh{@FnKz^424`c*4Uvr{#DN4$><44B zi5~2`NnkB{*Zr533jt1TJ61QVwn!23C&hT6eQN3Z^s|(9mw?A>oZhbM%vxllQ#aiG z6yuTpk09Gj?4EaRn|9qajo#CEun97I@qVNJ;m`C^#>4tw8v0lW-4h3UNOnL0&&sB* zhXxX(u{Ed#Al|%+Jvk=MX!c=!$UR%|fJdUp+8XGQHoTZ2v}S{S@^HpCaEoVs)HD0B;&UG{Jc<(6(Tl!VkCa zEB?K9BykOAqFL(*!$ZDrK|l}7=Du0*FlR`8$c-{5-pSMnSO$L6@PlA@f}Ic7-{75b zT&JO}h3)0D3RUj_9@zo?+4rqZ*E(qxIz%y7+0e_-BhnjJ3ns`py(ify7zgQ2zQVrs z#7-)K*Vg{$B$fg1GWdTVZJHX7W&NKqGGz=gWX>2&@|@~D-b#%iJ4V$r{H^o>aQ`-N zS3GAuHce-P)`sB=WTI$7HPWx-vqo|e9HfE0;>Xqe2JAaTBf`UVz(0MA2QTQNBS;s? zQ#@K#?o$DJIL-Abz#z$W4QCV8fZsH2N3|ac{0`K|XXs=7NOUkb7GA>r$R{lX$AY)% zhwIVwW1q{+o$*VaS($Sn>gmGn(0MD<%z9}5dLVz;`q!oeJTrTgv#$z2VRqcvx0$s# z;Zpv-ooaQr!-!@c9&KI;i@QBX# z>i?edv}5q>?5WPao3Z>V4PQFW73X@}#Z( zF1!6_J{)AXKgK=T>iTEnHM`B(yt(UTiid6Hd@_9sZ>Am{I`uZeXc#^|GC=gV=r@0D zDkSFJfE|A2*{UBh!+jhYdIGw#@RF?}yT`yK>e;-r*`qKSdw;W2f7fL6%Qnv5YIo}H zlAKa}CHSn`k^VIH1@>3QM@MHVR`P#<-yFuV9NE{2E)b2Y&aYykcAULyjb8KiAD)g5 zc|U(s;A3znA4D=zc3CI#Pxe+9x&^)0==_|$s^;vZtnc>uhdsR~`$X@^K9T&Ft_hAi z-(2i?WG|-~d%kB39P17Zjuy{BKkY*Se5Xdz&oS^mcsKUoR=?gj`u44nx$C**N8v|d z(@5t#=4`QJ-Jftahine{KQ^W-e7p(FD@SVY@7b>Er!RhHUsIeK%!(H!(8>6;9r9_{ z^S>X9!nmQfroF8FM`HokCT&O?eW&w zm?`Xqx3LAU=8Vk=vNUM$velzK>7k9Sdz;olv%&#-&d9;7j8T51bfDr&lHVT)@crq0 zPcb)Rd-?NQ5}2QIe?&*JBl$d}`8`h#$6)i@%o<0md6c^ae?vMZob!}#e))b2`U^o= zEU)wY60N;o#!|$t@QxE$3MqsoH_za6+*A`J*2HCI+J{t~-)a|@5{Z>;18J0rFDyPEi4SZzHU5XKEU0nKFHRQUGCEf6N z53rN%1Afi^5Vb{{XLa#8oHnuR9=eZqHZZOySVs`A4`mF;=^oGE-|w75OsAW1%%R^} z{G}IP>oYQ3a4F)s&Ah*b_jSGJUnP6xk9ofAzrrVyKU(AI!Drjeb1(4xY-iY>7&#ET zkS{uKz}P9o9~CP;dHG9C?K*FSIce-U^Fo%Gd0~(5Lf#DJOqa(v+xt{}IOWmjdq>Y} zE{dIMZY_K&{&@J;1m!IMTa}Z@Hc;1{NdW3G_^9fv0b!XS&e2R=?a7 zI{#xK`{!-`k+Jj0KPq7S6|Ci@iJ@1tXY-G|+7KtWF8hKNFVp=fwt#(Jd{#|+Hvh=B zH-j48TCcLUfwiCWnP^ zJ<*cAmfiOv?X>$f4X$9kYuS$q?W>kWN9?ojGxn>ob*W`x-m9BoYFQAk=um8s$1}>llu1&_xiB&5FFOg2RPWfylRG97n}#z zk}*G1A2VeGPQxCHvo|H)*33Knw$~{gWo$J0A7j!w=(|exHBU<=ggqj=BhZFdh zp$D@*l)GQB5n0Sw{Mu{Y`e?^pxqB3Eq|HRJxBhDKwOO;(nRn%Zz0LXRA$aS(2k-Bp zP=8my&Hi=|mu}74Q^_B~Bk*eK$Ix#>(X7r#oZhZSo!;)pkR@B4-d#_cSYxB${p?2Q zyevz1!q)`(1mI zXw%s4j79Qv8f_^qu2_NA&!kT$S3ye)k?qJGvzCN@S5A#$T}eNOmmCLt8|pgIm-Me} zte{PGs5uL7I`qE?dAx-7uZaWq{5cDE1ZcEW`2^(G)O)+2OzXEpbIv5t4<(qR)IUx)oX`2B{eBi4T!4 zF21I}ePxCC^hMY>!EYzV<&E8(EQ$P!?L7!ZFl@qJs`h4g_zIiq6@2wf) zrq>sTV>PCq6!#t_KJzukAUV*kKH=MH;`Fh)b6u^SM#w>mB~EdZm5d)gS6xhWu6h3| z;`ltAQ5R_v@qxkdh*zQdfL_uO}|4}l41Ec)>-u8-y& z6w4UZOHXjNcoKT42d1n=wwn4fbAi)^{@U9u;){@`9eU&~wHjbvoZ zP|u%l0;kcayBEABiECx+y?Aw0Y~D!Ud?O#h$7$~3z}UsRF)OoaCtoaAaU2uZ6byNW zST5}x=Z;s+>C@qzdA{t#_ex&|tmna>mt$AW$DUkL?&Tt013xgIcGgu&$Dy0aXEX3a zHss1qe_r5sB>89Q-}*73r~Q}^`o_eBN&+z3E$jm5F>{W3ANGU_bOiYODd&w2?V?vEJ(2?SkQRt`!IvS{tf2R*GhIG1(3FXkaa^Tbteq@H0ZlNE` z4++M7tL)Q7z-|e;_ZsFhNRHdJeem-k=!@S5a@-1li*gL)`yZCRF!{;Ze0=D?Lp1b< z`@lUmuBrLS+>A|+%n&aDPw5iqdy?!#Z+*?ga>uyd`iK|Lmwft1>gZu-?v0f~54?+> zZngGh1AM5OMzW!$PYT6{Tq{5DT;=rmV|myg%UX1y;2cw3uA#$Bds_lyLHDEMJ>SXr zQT~`d5gLQ#Yw<=sW3X}Vj4WUbC(wV`jvN7Ag6HL$dJpFOr)>Vd)o18$lf$NKoh2ck zE)H*OCjKeEY=VA+9`)O?&OQ&GrDgqc{f!Ud9OX`A4kivCkY$GIi1Hwe0&XjPruPJDSs4-ocM*jRB8R=Ii@5?5!v>KEcCwZk1VE z;~vJDcYma@@3Z-k*mUgKh-73FeCff-&x4e|;L_GW=T#3g`0gLCRh&gS2%6pNaDKRh z4k#riAlc`|N+Kpt+vsq3v@rfwQ#-bV=ii;{Hbc8>;oo({JPh9ac&=(&cOiqjpd;n# zcOf60A@uPgdsFbYR0GWFl10Rkg8kXPg6#!ydszUtPX%x*99#U7yN3Ueoo@=gZ|iOw zoq0#&u3+B5@tFA`Kh6B`|1!e zE;ioSIhL`3zgS>iHs+{3w!wPo*g&n$t5N)F&%U)}>6lzM#ioU83lrG@HZSfP3!kXxi}z8dDkxuqc+(zf zjdfE9R*Dzf{n6rY1Gh4-7F;s0H#%I81wQXk-AikONGFP}?LUieZ~t^wJ}8E#xP21) zOgK#7JG^u^vKO0m0&P~*O*S&f#>%DJ4eWjSk&ha%l~1Tr~=O6-$VFME z4)#z`W(2J=BeM%ML;hclfwbJ+w@FgU~}Y_?TVj z>@)O0K5@N?AA9uhl@L87(AO7+XyJOlKiPw}zY7MykMLja_h;}=f7SFC#J~DDBY>Ov zv@dxt7}@p*qA#^A|5@|d4Ski@Ic`20P#?;l6HN;j=hKJiYask@58?l`0r3BGa{VO# z-YJ;IQyde+K{bS51Gp_^;ix$?rqBd7kzU8~?O#@UQ)Bd1Qd*ac7{9ZS*l1 z{&$D){{VZb^YXuN=<0$z;~$9s7l-Qo24QFQsboYm_H4m{=bs{8WNL2-o(;g$oRP+Oszi(N z4|@8@*W(_q5qIH?qL_1*TYKM|d3Eqh zF08NoT%SDp>doH%`l?FyCu^4;+_H6qtv)mNk@17xNB$3bKVH{1=>78szTeFF3MLX$ zM$XunvbC4hW*zq<+}Am9#NJJQz3lliXsE_1rq)l??0JgABl*TK`1?cO+52_xu>ZP) z_iyl1RX!`<+#LRy`_uE!UH2`$9g@647Hf}lj=Y+hE3c|deTFjk|L8oXfV`4jXJi-h zDo4MUk|Pa|wRGpoEa~@Hh+jSm{r=s`t4LN}jXf>DygD(@_&vM{6W%|Ij{)Ts_L0^^ zjeUfSs0M!dWY#Bv=b^}~wd6*`@KG+lH&d$*X4y`{`FB zuNIPXsyr@Y=^@=()RND}?x4?L{nV<1$g5__3*=P=-wYSRZ^!TyFkemtbKXbOvpgdx2p!jgZBgw8XkJN7ZR0v1Q zeH^LIn8QCiUXQ=C@e_1-M?jx<1oU~wlB_=O2UTeAARhq3U ze0@HQb+>8t!!!DP-h1=&$0z);2knu=;E#?P*+P~-1UvBuu*=6Ew*t!mf3yyy(_`!_ zh;iQN%^Sk}QM;*^T&N&_Od5ngWLpH!134~rOuyFu zF!Vc!KDYF+JrDh+W_kMwWuK;?-+cCIkdBe{jSgqJq&Y*!r{j(aY*Sy>cT`wee}r$# zSB*4ue0rFU$zQxT1k0WO?a7*f;*tOB^c)$Hq363#%}>v3{W-iV^eh;Po`GRLdj5~j zL!)QpJ-H}HyU*McqGxb0CxnA*{qg6M_hEYe47CJ;{*}z6kQcISA=-;=O3Ji}N8vSoPi2m3TvVTPXLEV83)ZsWK?xk%9(H&!a+HXGI z(0+3|m-d_C(Xk=8SNd=do)7lFt}p7d^geO`dO!Bvq<6th^bXwe>5Gp6$3wS&j&nb< zK387|?rr2D1!YdxUp#(26ng&+d(HFF`)A2lSxei8L+?-0ucdcG&)7e9-~PKP&sEPa z?EeO7+Q@U~TzAb+4?@%9e41`Q$?sJ*lx1lwDE*#7<6Ls|R&vXk@6^UwKn zcvs}PU?}vP3Wy^0~ z^<>N6E&bOQW$c-zY5D2@d;T2W75WzpMgPDsAN@a*%%T6rf&ANQ6aP8a-MKbI|KOlJ zgo7{m<3AMn{z>Ydh2%T>e!AQFUFhFmUpZ8NU>^Ni`Cg^?59iTa8$D>7JNz^JF-ZK! zydNLf9BZ zwC;HJyP5h&rS4~-lWOv&W7J%btkhbZcYUNezoCR$6Xv>Zgd3qINeQ)Rz3ZdQImIP9 zw^+Hm#30mm8S_=n#O~u%|LmKa&QmR4)$avP_DuFGfLok)l)qfjtbA6d<>%yP6dVn1 zoDaIG>&X@1`3iV0wUqDIvnL38G;2bM4=5*pjMgTU`x^O*=Wmuev!B^V-HGYcHW;<# zWOo9es?9z=b4Ip*?rSanaRc=QL>Hyw%$N=R#K)PO4?}0pIMu`H?OsLSs~P)kj_Q1} zrZ`qLpnA9QeOvQb_es7##rL80W8Gn_r|teBd+L77^FMJs+ASUHuHu>PJTt9)ta~!g z?BM&7$XNGkzQ6bg&p+z)zVMjS%ii+Vo=ZOLJ(7t)TKJa`w^?3CBZ+ZS{o_|*RggBQM`1Dj32VmmW?fXmm&87H_UoJPz*OH^6S8|a8y#S)-_(xw z8X36q+qvO(fN!Q9;NGvDI`6lfcKGe&a66@ecH(*3alGF$vVm)jYaH!(zJIY<3k`l3 z?P<;UX`Yep6i+(vWJ!Q0Ek7?lPx9kEncBHGV|QzBqTUz%wwwJ+r@JSx$FbZ$hup%G z91tVJ%GeuN18$&uBg5>q)%hS;G{+I&%nPq8$Q$2q(e#{g)$m&lzugvUD}}w;aL=QJ`-{kKE zo-y~qz3%Jz>&!F82G6v^GkYt*spvq@d|uCZam(Ciz?FTb+O%V0Gnr@f?gH>o0Um_A zPw|ZJ&*nU1`UAddYo6&VcRXrmg60LB1ncwljAu8s8QqQ?jKGJR;T=6|;8-`o?46g) zu-9qsjR3B<3$A7T`FkR`Opc&$Xg?2sH`ZKqbdbNzwQ%@Xau+iEO@6ibdo*pWXKz%P zF2vtOz<0xoXXemYR5ZqK>3(h1ZhDKoR{7czjYW7bRyxC@G5R)hZO)}J(>Bliini_j zG|xW8^*q5sxvn0KHC8akG%&Cf;kWDiwN<<6_Jg%`AWvKTwlLflJXbqFTR!ev zW2MJ?xMv;)x264X-&(^nAEj-3Kh3ks7wW*SwCk`2XTU2BJT3084&$C22A*rJVBUh& z!aTT_A7h?jK6>WzAntv+m3fA7>6wf5jFm4weOP`@)82W|$MX0Dx53wkW*%JY-dN^Q zXU@Gj-PHNl8pVJ7%ggA)_$F#tv@XY9(|hK-Lw#euTmOUn;kJ9AL359M-a5bi1-z&H zUfH~T&$4614mspp*XN`2H+zGCy^w0nP(@nYK`DcGT%6Bm1 zNqhP6)q$M;f%1)~nf(#j{AP`3I{E#j>7fVz;9CFD7$$SY)Ru0y%b5si!IQqYv} zVr#dC^DurA8s`#!oZ7!^##!d=gIF7YTgtaNt-a~x!{+WEX=VRdv;2AB74#*WLjBG2 z`%^xw>959vODs_1Bz*pa2ajC*Sa@LHwvqqWSOdKW^Xaw5R)v zpxtXi*&E;dxt!VfpX!WVO$r4#uf3$^>*lcdmjGl(0&z< z|IGNrf6CWZF4A`G1t9K{FBkmBjBP?_Z2$3!$9v+hAn!#2v>wc-U2Mjai_b8>C5{0; zhu(!#eU{ zw14Evbz%Oi-Sk1|s5LaUtNgM3P5IB}L9+gupZ{t%9mm*i3XQGYAKTmEKTp1A^E>0J zRn&QsyBS~nw>Rx=x{G`bW0O;3A&!lU?~MKI?d@2HeNAk#!)ZRl_$e9xj%&pzr;wZD z*}vJ?`EiU@_LP-R(@Z^-Y`&&y9H`zw^8NHRlNdF!3I7{AZX~sIRP&*b{j1&?Y&vu8 ztovVT+Fa<&>|}4TY8-FC)^cUFTo7c@qFU#8k8*n)47i%=ivLp7yU3wa_n zXtbAwI9Y4(?2Xhp_&~rxv2*#GX|7+Q4aFp}hrN1b{{9W^-A>S6lJ-7z%S%lawnh;? zxndOU_|i^mnY&pvX0fGgU5VeV8NBX-{D{Y2^5hzPo;i=>hk5vM@e%Sb`omYS6^sk9 z0f8^}#C!9?_rItE#rdKJzV+CQ78e#y&u~8jf9?zZ?;8mI)HKh)KkmW*`+|R-b{_|? zhYJ619RmDcTb&pF9h|7))`#GKZ3zBBJa*@4Cn260HP%gr+L<3}CtRyQc)U0d9^C+c zY&Z1;bMY6%UG{uc&Z6+~c&%_UWMG^v=6*fr`x>4B|H9ehve|r|iQzlf!`p^uSbxgk ztjfdL`-HOq-B?<<%*WZmc;TP(zz|-@i;JT|Fbv|NAx}F4;o`ve2jMC3u=mAWergWz zl60Kp)xNFXc^Vf?V|{OH?)m45HOQ;`;HmZSwvkf>E!WNIYg))zLaMFX#afo}N2!bc zIreKO?%>(`SUX!E@BIhnQI2ddXP(@FZ-IQVxL{4s)K{!RcB$Ug0_2uG@8q}SOPHGT z^ZM7aUI?#E=G~Rxv3r%ylJegNhsu>m^V?(QeW&GoWcarBGt8MMbNSwrIKxd~59-|Y zwa|9#=SOp{T>mpqGV*R~p;@CzH8A&D`jvBDN0Lv~B2OW&b#^bYp2ix^=q463 zD@~nXBR~0VIcHX{aMG`BaH6YKYc1#Z1M{EK?<)?Bf9lb`zK6SJQ!CEwQyA|4_qV~z zQpSEEc~!yzvO6OCX*Qq0v)$CHo8Z30bKs{jN53pZzgS-3`!b(bt^~##IIDC+Vx+sC z@tg1MBh9%?D|FTwH@CTc%X|dJU%ISTn9WVeR!PW!vh;42#<^M!Q;9BJos+m z@dR@_TpIl8An?eM?>_J6`z=S`A!D2Nj>sLCrazR9v@D0 zM+jEnK)(rI1Buf*o9bdlpo1tpp|wB#ezx*}9BRtLcQw@S>?~n@gFTt261&r$@Fct= zn-3iTU%$`&PtJKxir0t>hHK+@!(%zM@!^S_+W1_59Q+`+TLW^N{Dm_zwejndJB_+j=(!Z~Ue{&F z<=TgwYpXb~v-SthwJ~s8S?K%@{k3B`=ZP(M;{sLwZlP9R`f}a}*L{7Q zm($02gUBoCfg6cwVLy{Qbh@j0j^dF7IIjYJ1>gaj+}PvFUFo`|y=u7c_J+@L8_}PFDM7?<< zyW>13*)2G~KpujHt#nTnYbwrFlilRV+D*zgi1H`>{RhUN7*Su}5gU2mJ3DX@{Vg%$ zZgra3UxW{qD$}^V+NC=}krQ}^T88d5j=Gsnc&&Y ze7XhC%La$%hS0cFQ%+}4s_t`Q9&>_cQkU=@U6!Oq6xog%c|i=fyey37sVy0{ko?{@*_2@L>9np|RWkUcDXJ zQbS(@^qHe?8FM#t5I#Qeec3UQmUKT|P@~<15)`G`s@HQ9T?*oSszGueg z^YTCE8K3x;HJjFo=BXyH^Gpmr&yG-kJ@XxNCP%mr#XI}qdhP&xJb!RL{z<6MW@GP`y6=M*k|Vz1 z#q*_C8qYQH9s|#@_-)jr&XGaI@XZMDIT9IwF1d4euHOGb@O+4&x$%jlWCpUByaDo1 zC(5=*zxuU4k(>YaPk(Mw>{GGo3#bh`6#rrv_V8?CXN!yQ=Be`KCYnhk)(oXb!a9-uX zd7<|uL$5xJd3D`2_`EbvJ1@;UG&jW!Z@2e@_srbta_9Ee*TEU*?}+}lALY%h2%O_8n{y&7nd40KHuNj~YW1$gV-fR>4RNR`D&9gSVn>O8WP2CFKN0u`yYykfUFYto zR$eE3DgQ4Bw?BWMcCd$1;vL$NZ6mtZT!Qm3wc6n=)yq8YFyMOILEviIML#PK$)Vi| z>@5%0fRD@m%R`4>Ka_T%r6jcU0_Ps&ZP&_!vTSYnnuD|}cm`=92qP;GPTDWo5Z`oy z|M?#Oa~z)~A^A|bD=SwI1biup3F}X7A1B$6U7r;F8y^PRh(R~PmvXlg$2h$^s$OY& z&tq?yT#0jteQyculV3oLqSVhBpFoU4HrMIVRXIHkHbtRM}6Ydc<-c%$ZPy;&VO$EVy}JdmP2V@=SZr3g!35e7wAv#7wk#0 zk6;;Nslk@kc;F{99{B|4p^xMnUgiHL-=UKE3-6^>ky(l#8rsHee68v=ot6Cq{Wc3bnz`xRi#IO1b?5jm-oO9R6~Ebk`DrhD=Uy-_ zoqMtL{#!17bdG=S1>@)$7ytS>zy8+6eZab%HNFj{+DA}i&ah7W^2-itk-Twmy)`w=nq*OK@w@`vunJ%f;eZ;-QzKm&Vkx zN4Ffh<6hh4#hkZt%L9hzHluHbjEc{CzBzJjDc^OLoZ5@%ciO)DqqppQbj1Vv-}u6> z_doipm-f@BRberGIS|KqoAHDhl^zMSRvQ_pv`zx2g#?fm1n zc<)!g-hcN4UFJRF-g=fSAl=@btis=YT+9iMjysrDV|yMN}uxnb~f-{Ty;^LGIttu zwi%h96A#B1E%fz8f%FB}>&X-8yf5CXTCOY56-CHA8~=_XQ$&9S?T&jV&o#h1l5<59 z1J9KD&#*q;sGJjQ+hxc+)dc(za8ul<{aD4<3f)4+RR8Ilca|^t$^OWzPwbC0?b@Hh z&WYVnad+&%XYYt8-X6bmXXSPG?T_6Uy*o19X$#Lmwq%^TU(#7Re`Q%*=YTpb*V4Dn z%peX)Uq`sRZ-vj60K*Ur^geniyH?Eg0^V)c{?WSG?jLziIEloawj{bEMjf{Z^X=Ep z653%LT60#dnl#rR*BF3hB{~*dn6;1Sc}|;Ps5qCtSC$g9Mqf<8W>*}>`XnDLBGwkr z?aR>Z$$9bKQfe|5@xH!KsPpD}mf&plQMAa|>AM$EyO1*pJMpJvVb+W?Pf zok03fzR#cU;@ujjH;KKiHOpqn8upEUk9mu}g!9K4huxR9f^jI;R0M8{HCO0H?WFl_ z4CBz+knVS%Lp&5(=$^?Z@LFltxoWtEri8D8g#RwT75VRWLxWqOm(9@ClfdP}=+i#V zW2}I7bna(3Po@CBbIQyM5HQUhtGfKZU;WdpnB{*uXw55C@&9w&~tA}@X!Gk4{ z;yo9=+IQ)9u=Aul#Dskz8Fcq#?I#*vxD;$iU?zaI-f=y&nP(R{b^ zb2aUl8e$pwIW)iga92IMi%swpU9uE{9J!0@1on!{p}-F`;WSB zkzspeb0*P+DSl6L|D(|IWcKiCtq%Rs+s^OZXA)=8xvhm`-3ddzbs_n$U9v0i71Xxk zDT<}Y-a1$Oz^8aX=lkfKVo%Q&wETLKcec?SVx}9~bI&%a;an`)>^fs5h3}sr9;9{9 zxPONA&&W$t+_Rc>pEAvpencn8dg;6ltMgXDqdimNy~X517(1jC-sJi;U~T8Njk!%> zo|$z>=D1n$;vPjXifAQtPLR-zbM6o6E$xc#JX4con~DHfKB?<=)0v6&uEm z!0tNRU9GY6Ze*&{7C}cVZWqBWK(=&PThz!F`Y1r}Do&M=E$xh--`^tdN55-qZ}1)2 z(jnXID{5Q&mORAV z#$|cnD8J9V@sF)u{A2sM%D)T6KOS?8jMn;v^z_+V-fA-IADo45WnC@fiy`;y8Ks-$ zbCphWBgnKEaw~>>o`4LK9IQAM{}-8{*o|_ql)I+Aq>@q1ikG5~s)&(GHY-LR;XU$4 zIP30I_fI3=YQnc+Z|14gO^EKPKMVhY=ab|DPM*k_n0!ihOP<^3tV~bR{--AnF3+{* zE1Mv34RRg7GhLgN=jV$~Y7bGKFA2$Wu75_}$3gg~Blew>+zA88^J|zV{#gq7Cq1Ir zf%JvoWai7K#&2@GHU7u&^MQ94ej@fE{#S{6EOU_EW6of$p>DQ0H^7fuVY{Wu3gwre z15S63A};`4g2@7*eYB@vbLhOxB_^a?#@A=1hUgw+_5DQ5y4cIuP z#Blii3EtE1vT?TX-OB587^kVxmeDC0|0!cXY3zD8$A99wRc*q%gT|kTvs4hro1pm9 zeB>3fO)-w|kt>4#)M59LsE_3Qc-DX7yY-*`g?_UBlOKP&KIA_U!|1%ezyEZ}zwqvL z$V&Xz6#kpB8;L)?N$!*A#E(C9u-G|Eb~7 z{ij*}czfph@h5o6#-HxRS1LEP)MmI_R4=OT40roCbN7y&sG4lW@!n&2*75&Ydv-AU zLHnUue=#=B+qECwN_c(evmfN&4I3l>E?W;MfnG4WRDKaYQo^jAe9--h#&QbsfjokV ztVP~^|FVmhes1lT*ASC0CngW=u&??9=G=^OWT||ig~*I6&}ENNgExT>_!#keZaPc{xSZCT)+`o`EmqVYkox(k9>BIOR_%=z}#*cUi+0YxK zeaVE!k$cPUDRtM=1ALoHAqDSnyYgRbX(ocnR^$7gl^ndkqT=ilJ@ zK4(^vwlp`vE$+h&xG=_AGe*T3tC_#*xxL!-*Cvyz&fKB-R=Y=QA#<-{?uw}{VD2`i zx}5nNdxUXl-Mbo@C)j}dpB&Ds))DwnRjs`_l7d@!Ly$TGg84 zr?}^{ivQvH{q0eEj%x0;<)>*!i=MOlvnP@hyu7N+tp`@k+Ba8sq?;;)Pk&l!>T!IY z`d5YAt7rcY`iuJ~xNYQ+CB~DlOP)^@Ti8BdKnwu8xHU$5&{d|r&rz#cd$XXqR_kXQ z9XH<4rddNUc|KfE2JXstoda!esQSOuy$g6%)tUdl&m}ntM8SepOUEQ63W%+?RWNFs zlLSSiQ`<^wTiPZe;U-$g+KyPMxe+d=tsHg!>A+BA_%m=x#2BKOK;AEd^cW!i9mi+;z`PFQ<{uAgXfX+K~4r&e@`*^7t{vg>pK zt8&JwocE>gXoH->;z*G9E#-0DN-i$+`_c2gUp2z}T>CS*7UunB_WQS<@BNMu-sf63 z?*spKYw1*zM|SP`-mf3weXjjlxgL3pe|sVDho8CO&qJ*SKVf@cri+VmaIq0w7Jy5u zD!nh$Jj-wKz%JS{vLIl~0@333L&sZ}cxW(1U&tkI{)qfNv*sOm^qD2q#KC;5J>_F- zqvyNf^JYG)(ff`3?X;|Z=ECGXh_CDBA0uDR8ZY0+j(?&bJb?BGb$gT?3=YwHuFu?UnuFYfJeMXMIt0phlMa~NO z`_}l4(nA4%Nyiw;iXgO?75!>6c1bCA$qW-C-0sE*ja_o9t#>xY?DfN|p*7hcJ@Tb_ zCmtv-5e({AeQl(#$}`qBSB5u3zw@ErN_g0{xi6&+{FUiGjRRPft2Py#Tbx7wBXBG4 zvpDE$S$^W{uQqpBuV{bQM&^HcmGugA(NY5qR6+yagmz@RE2gM?w(xkZ!(L7=Ulzhwy1DGFiY+nCZEHmaYx@G z1GkEYk!73Br)=S1bR*yOsXZh==6k-I<5gjmh%bNsM~5FO!X+z5;LluO^VSd2*$es0 zvbO1bz5F&`Nqz@^;5z@Kj2pS}_wE_tO=;dU{O|OWd48dCY`yI(7f`X;J;8zJHu2ZY zpO3k6b%ASt_`y>SxbPLQeraMSzUUFgn8YU70B(}39S6W+Pr`FH;L_mEhHQ~;Nlv6tQ?@^IAj{__n^mmlh`cCx1Tw4;L68Y z*i2siE7}r`Nyl2EL2M1>{)lGsq16uL;RfPHMZ}wG!nu)Zo}0&W4P5ieWS#vT2gU?2 zc9=Zu9CCQ9$i!vXrO=mq?fvH&pT={`2;(`J0snp@Pt*2;;MaPA#vq$OwG4%;m%z1f zp;-BH%ik3PC$f*VW+U0r&pxL*KKC#_rjd-0#u7B1Ndjf8Oa%E&(L2}xTG^;}etbW3uYFOH*WJ)X7VYh% ztqsT=e=%*pmv)GgP6A(*R;VAjH>Z@(JNT>sFWTo-d}jIM%aNN2>|xQs2f>f@K#=#e zcD#Z8U!uuP%)@ePtg%}gflE0;lbmO@#lK)Z3$8RPG(&!BHO#)Ap$Td)c!;@sWiCab#VRaewM&@6L_cHNdPqks6TgID0l0*+qbJ4F8GQTU*7>4E|A zs^V8J{&in?ov402ut%{Ab}zMI*Yj6j0CwR(;}^U+zcT|6cp@UKV-vh@-GvM_( z@NReDb>YawaUXcoUX4CzZ#^{i(UU`SzTnV6JTNNyI_LiB)6kX905q}Y(a~OWeYCm$ znz?T4*?oK;N$yDIocu!u-y!#l9ln#S(Lc$XlNI)Ui&>Y52QN#l5hv%ugLfhG!F%^~ z@rgguQvvNE4`lC_8=K4D|4ry31P|pHo(%OjVyn%>1`1si>gt0=8S5(=>*L7M1oUgK zhh|58%z@&8&G3YBo+NYo<}!ciQ>{thFO6?xopBZPbBA^LG_4IMkqM2!qa3Hz%X z|4?~Iw=j0(pm3701h!^i-N5)OEnj~H zGQEN4lZ>&O@%GTC))RzJ>Ao27sn&_+{%6pUk;xVI9un*~a=Nhf{%dH?Dsa6TT-Onw z*bOZ%$_aE$z9^?Fm$*d^v5cH7>y<;?yXG%LbN1zA+xNKsI6llZzELeZ;pN+Y(!4gO zEL>9R%kTdvyp(e`G|dlwd+EQz(3jSSa-!F#Xe|_d-vwyx(<9K@V%l=`*%V`MrPtR2 z9c3kTud^4DzJ1p#{$oXa*mhTf|GEL|!FuMij#xw)pQ3MH0elWG2I0x9$+BOw`inH@ z$izk~tE-T|?ts5*6LPr<+55p&Z`e7@v>oJkEp5-Ijrqiw=R;5Pt(@ug*x6NFm*1rJ zS#KYdU1{)6%tkSa7;_);j9Yv)!5OP$w>!SoBkcFmT2Krfq#VKS3SVS7Hlyt1t>{X8 z<{jP8)_QVQtC>T^IOpRdytazm{V)CK%R7n3?LubFCy#h1dBoLxm))WqhZy$Sw6m&_ z1+O5h^sd?xPwM;2#4k5<_G~^lQrlYhE3kMLx-Gz_?O>m;>e*WKR|WkSVbe;_P6WOa zMXX_&Gclo!4`1*ynzBiJf7IWl@%iY|;63MjPv+Mfk5K(j)z>UTK8J}LYz(poqqdk@8|(!^zIbU=H2G=TP1P4m zzIA=gBk110j=4M~>yE@5(1V0*$9+F>o6j z5Bio*UW|>n3i^jO2G@tJlKeCHlZ+|AnB=GFy<4TfdGCwtr8PJX*zz}qOg=_G!h<`P zS2%MineC6?{?`U}$K}wxN~G z1+=-DGb?)Pc%}&)wFe@qwbPU2lQy*1sKp z?Tx+Qr%rB?U|kP${SC$Dqi|)#F!T_vRokk61Y^NA9);M;_vV+>9QU-6ES& zx;QsFL36wiU61ZNjLz$44v(S(kMd6cL)KuGFNfL*@;yS)$>`wt-N?9B;%^1WQJ$|Y zHZfLm!t5C93TUJEA!-2;GY^4>c`>IJ5ZC^NybIOl5uGfA4iD33A8;?c7Fo|+R-sGs z(ano)(Y_`NJz{lXpL7MzG(Fy71zOrxphxJt7W!RoSw@f4GWJ?@h4v9NgLBzL@QKww>n3Z?WcVcKxo7xrAPv!aPyjt^83B65!YdZfD zvgLn5=l)DOr_Yh-d{xoNbl%&1VLI=I#>Fp&&XE_?u)gPSS;VaSJ+@0W7wp`D+ zx@UAv_Y^1Fi4CXg*zQld*ELtVpE*a$Vb%K6uHOyKap$J}Z&-gq_Vl777D^TcLdc+% zMh1o8!+ln$k4-F>m7e0D2+G^8xh29&84k(^ZT7Ltft)M+ayfS@wb-y^!Shbmqf{tWD5Yq2+J! zp$o)&acKP4=zX;r_s9;(lPTa$G+BvW+=Iy!vWnR2as{b9|k{< zx-n=wzhAzP^7!_EzZkp}2c{0b>r-+5XZijw=ANDlMql9j^Pbe{ij_r=M_by*;+ir}i6Z|DD*=Q!@IS zNR6Y}jImbBX5e#eyam9w9=OHFjRiJ*w*jBxCW#5*L3b=M+Wjp! zv2AzTCsRD>uNsSqrDa9mbv$h2jj_Tj};gtl6yRN#zJ7aXu6|7;5^-g|EV~6rv ztY{u>d3`;XhTQcY(dvKw$GN=lONTDp@#LC(`*gk4II_EUCh`T@s+@=K0Y}cR59qwP z7Zw8tcsAowjskHN#)W<)uS07fdRO`3SI^6k?0)2WhpCx4C2~!@ojam) zU!*50mR1i4&Sq$Pg@vwx7Tmd82rVpR{Mpb#7O;e%1>4rhj{Xy{_CWh-I*?!Ei+)jK zhwc@7&!h##fy9rZ1<{sE3#)0%?K1`}$^%edcrP#>!iSM>y)iGl#f4|n(yIrwuBSQt zn&;hTxu$xv0qTm>5VJ`_+j}lkU815$vWPh%exTTg;5_r^6RjGz;#Pm-#$cRShkWA6 z9$xaw=x*?A)*)%zU5EVJ5$II>-UAL4FV{Nc9EWZlahQ^4+f2P+k32i$KUaQv^t|NP zhZ(cvmtuQb*ZEY)dRqKf1>a@zakaz8^O!r?Oro#%@xFMl8lP+)dwz6%hT8^l!*klW z!Je;qZRs}N>$Fj~EVOMo^C~{63p>wQe$$s=eV6-Ofxl!Pb1HeOc$@aIi)I_3QOU1W z@{hn7eq|&M-c%<}^Q3X9j>XTR>uTOt?GpL5Ma10UBlep83x;YZK}G#yI{!q7)iKeo<>+Fa#`G|C%+1by}|LzH%UYrdno?nCQ9_zU?G` zrx%(Gp?kEplgn>=4L1v!A(@q9_D0B0I63o;*0A527K1K(r-uhS;Q2UX+XY{4MPBw{ zXHt*k1!77!YJGAy^hca>{O%aCo8R9dr$u&=WP;kzyLwJ-y>u&a+HiPq&rRXM|Dd0? zApLMX&U2bmy?>F;pypZ<9BREl>m(}}=OM8P)q1-oe zqzQTp07E16wiK9}pyzt%S+zXkx6ofHJYnXLdW`hb1PxB)d3~=3z6M}z1lAsSG#S7L z`zXF5e4)J^X1+aR+r(Jvl{>||ikVc=k8%ave(E#&k&kG`?ZA$Llg^%*fr#=mY*)Gy=W3>tTyc&QW?jtfvN=!X{7L15H6& zN%Wv%Kk>V58tjGcM2CIo#vF%tk1&qOS&B!oPJB1Gz6TtlPu%sNUU1(BpGf~)gMQL_ z?%t(~2Kq$5%xj$X63lS|ocG?vzD)GbVQ`guDLzTAwIerg|Jox~Zr3%e`9#kQJ*Rcr z`>Asi@L^l|$Pq%vJ({<7ZPgQ@b-uqrZ(Si<&FY^5{REATRy(kVJ)c^q&|b>-T$T0% z67-{e0yE%~9_B?c!CY)S%}*6J+JdoJEnYrY1Rw0eCXfx#iH#;1s@!<_F25)LK{kZ! zKaE4VGlE4h8F-L4wTo&8YOwpN7-N%Y#=)0pQ}6tcxe65Eqae#Advx8%HD`^i8QQje zlwh=x?+yIj@b0v%J0E>){r7Y2Cs!{m8-YGdzO}Ir)A}g8pu8lTybPmnpnE@bAB1nR z;F|zEbg$y*;7w~?y7vsVDth_dfgW*j*ayGLj@X4Bk<8wW9uW>(z}+Eu(ksJV+jXe} z`|lk%CBI$z-B0W!b3J#MtfV%c=s77GhL)8ZBN?f^zb}E`m!Uh`X4V`^Cx)Uwxc!aR z4%TE1|3SxQk7)(57vS~IMKAQyfsT@_+f7@0Xlobk8XD$vAJ_7=Mv1%@?Fj~x!v-9^ z=(=9`%j`ksx&6E=8&q`&l@lPGXl+t<-45WfF0!T>Sw*`IJm1LksuskEz28_*Eo6AO4fz%0{uX4sasXFSZ)GO+RzlQU2~lq)hx#gaP+#R< z;*obYOpV;l*j2Y`C491y-19zoSom4Sb+r?-2L3sF;ES(LIPt{6TmJI1Q!n~DPIX!n zTI5T~-w%By{AAy<@KbKPo$t+Aw-We67g;-A`~33<*EJqG_2T}1z0=hRFLyGY3BWKH z7^tPwUj*-D!gyra?dztT{rpo?&aUVh^^dvh$SZuMlC|E&KUuxjeRsBRLdyd3-DP8D zzMl*HoxtRdvBHOb!4{to`|iP8PW|ZAYmDJ)-d};;?&4`b^ef*%cD!PO|4H6Y9-m&i zkj$xe_gPCx3L-(RRpQ<=)M-R~|sO zAhQ$vuAtu;%(3dw>;xwp(JQjol-ty_bpC*JYb`kJ0f)+$k^RyM4ie%XINzRp7C zWfAkT9ywCZ@55t*Ey{mb4UP3JT0GFlT=pVcy7R#S{b>!#mS-Vjvl_cYG5~mtPR_Uc zlkD1bX6V@&^slprY`N>M1FF_@PV^}BW9yngw2$vb9?B--`#E#S{9T+ee@}Ylb(5Wc zlgs*>x87;PsDbAMcPaR}mih6A_zg^z{3eNry|>VHB{-Xl%u+1@C(f|<5ny93llL&k zlgTT%*0#X}ud%;$9o)Nfzn{Gp^38?&81w&j=l)af+|!)ER&E<0q*$~_}$1vw}t#(>;h03R%b4-P}OvLiRb3wy`rv?%u~_t>&mJK=>D@InAt zY16;rwKfkJUqiAN7~H82?wf+%puf zf$v!dIamN~xiNr3a3wk_0RPf26R*dYzJZ($UB4`RR@cqAoES&X7-*0=+O?>9U^n(| z7<{M=^ZuCd;8o1I+R?i@7uw)=f?yPU;FW8tJ1?1a6y4$42|HO!DdMb5TZV+9zhOS} z9oZinZJm|O_c{29jSip9%+FqJ{PT1?Pq{`Wo=4oK27j>>nSO*=fFFAE(Z9y*9hWPw zp7-?Y)j8hyjbQoX!Qpe|^`R8I@!FrVkL~zrI-fTNuZf5K$fE%AsGRwe&J2TZ&8>+o zAoG(I;Env+kIj<3=8r1&Bwx_13pp{VxcrDx{GSVrbI)*}@v)3?YE0WaV^XfJVoomo ztv2!ebpDZIFq~~_$6gAcfns-U#E!?i_W09Io8I$mQ}xSO-^)B-DfxZo?Kxz_U5vfP zGVu&^<`S|^`0A~+2K!#Lz?E!X*A7=qmYhW7%)ScjBF>46y@F`_^jcxiO;+Ee1K2%ec~ZLEBSm_IWJ?8`Il^~GWFIcMB;k_k$hm8$M5p` z36aD~U}@3#iJ#X5BA0vbJ;C*-tiiD0y!QG?A!j)ysF&cLhw*>jI6s`PBf}cxm(PXX zzzzG=!HINjR{y=&B8ne1BSW;-*@n#70?syK2dN(IBKWEAOwKyVdHF=`cf8RWV{CDa zi!mi-2QUXFHUd6m{|FDOnXB-b&~&Z48Q+$BN$z!XPj-&>UH5^P!_4Io;5v#-?dK1l z@M*yr=Xy$~Irvtr?>^vrA9|T zoXg+cKeqXooWjAwJE7P0@H#Zx1HByG%e^Pyad<5O&x!w!?BNM z(tf;#c4_~o<@i(3VGnIDXRnB4Q-@_uH#$Ro3m*D^H?kwAHHLo&p6)-;ouHKbi6IT=Kf`;8%q=o?8vx^t+ojw5M5ga~QlR4?(%< znlnRlPk~Fu*~_>Ur|e_gQRu6be6=Om8fG1XK8Mj2V|RVUS0yN2FRgr?a! z2DYE6HLO`0H+&L@Pei|hw;5Y(1-7r^0Ip69&=2%FO*F8J`@6Z{!F~DvqH)ozXi)me zT_-Sd7@F#Vrt*2e?JuF}z3te)yw4sz@{BZgV!7ld9;MycSS@)LT*+(qX?0-Nf48uM1+3oZdq^~Mqm5-YXe5qJ?9diWU4L^bRUzWYm zn$14oPQ|8*7|+EzQ;Pe0zyb6onvt!pbpT@nJj^)3eH-=_b2I*Y{Xb8;u_0;{+#-Ao z?^Ce+LHDU+kh%{IDUQ(t4e9=^niFh_-XZD*Sk{+&xu=}Nm&UGKdzfdBFxJ2&tJfao z`F?PF+a)b)Uw<=PvfgKXSvvUG67=vT-&}i~w%%a82QGPH?MdMH6JwtEuBXTy92+fC zA9vFSc>g`~Ff%~kvKv=2e-GiW5}&)B_*^#exoqNdeRnfo%Vw_2A^w$fc4b#Cv9ejj z%0l1CU1#~`eK&5+`|g{0)|yA#b0YHs;j@L8&%4r^TzzHVJ;UGA^FE$W@_Y@?6i%+W z(z?9*O4;`1_*1b8>ulPm!Zv%@j!Ek*9_1ayD#B;|(2s04*}3t#;F$TUz?bN5K@Koq zHJUG;Pw;$|#snTxxc1Ed$Cw8z5t_D(JfyDQ9dCVXEOH@`XLxHbzrV)sNBGNs8+!UM ze0v1`)gGpP_*u4a@2}okZ=3mKeve+qTz&}I4lJ&{yv_I{X?s~dnD)~af+zQT5jsga z+Kh7oX`4FblK|ttX29q@Z+US>{*7`PWZx#nJoe0V^rzsB|`A9YA&+m8frSX4rfZ89UnTIhJYh8Ap#}Bw>dH(6SNuF!+skJ_;>#v*{x=f#a zr_=A~_uX%%e|w+*tn+*wpKcd=ekFNX-ru2&`|Y0J#-1W)zSKXqKX<0`=d)k=&gs%^ z>-|>bY?1X!>_6}s_VU+d4aQ$%Y=^AD7&2gJE@w1IPR!=|Os+q`b*JXda}OVDttM7q zXpM^$L2L8)ULGD7Dd&4F-c`WrKdAJ-B;4iHmTj67JSvl4?* z z-MmHh87A&5TR{47H2t~vMHicRb~)#ekb_jxgYM8?fGu3>3{R&HYtQq2Aa)8A7(tPz3g??#M;1z^tbY>gp*EkNs`F<9%PaFaqW2Z^%8h3CYILBCwA6$ z#nZOZ4r?Ir>?0Fi zhg}D+y1vE1>lPQU)^uW$+0n~=_#MDk#rUhi#XN8@{eFAT6fp(rDvpXwC_Z7H(RzsD zkZohMm+Hg3?~l%bRzxG+wBgAUGPH8OJfS+q%nEX2-1y^R>_p8&Eq&R!PC3!WYpuaOtbzW@ zZ#`{z41O!4Z}FLMP>Y{d%KR^$V9jaH33lCPLRFx8P-cg0~=Ta-AF!z zO9!0}EN!fpiVil`+jTf*(7)`yrW>$>ZepCo^W;x$G3R;Nv4s#}oj&X4NFVk>Zwqwy z1oH4HK8v7lF5;8sjoa^p<{F5(6zxU-ji!*14W3IdNTc3Q9Gc@!&tlu9?|L(xQ zxQX$UvJY?<-}U}$lUIFm-QuWuz5%tOFCzw2JI z9*pVpa^B}t=WC>%`M7J6# z^OeZPT@M`H?9W#|k$ey@KMJlS{3w{y{FsCv)8}BPt{Z*~r1&x0H!v+$=_|>Ub*Ep( z-l;5OTgb(zX7&M6cR7xoz5#hrDBgV(J;I)=IJ(BN>Yh;>F=%8)F0q(}+{0e8O#S8$ zMILf!CGi?K9D^K(*2GKlGiH43P1O?Gp?zJ*bo)G1`5jG`&XYS~T~2MnEbJ8ab!mJW z`^8(+| zk+V)Y9r~|(M@TY9DgmR7UL2m+g8Frf1UTnRUhtBgwKlqTXv&!&=loO)0%k|`! z`N>&n4hCBm{JtF<_zwEy zY}Xx%OCG*OIIlmbHDt+qt)*;bUesQbe0=2Ldaa`l4$UdxnWL5LqpH@}w0B`tRK9p` zr9~b-Js%t6%Ui8>cuDxyBr)hgz_T=^K7Y&CvFKEc^$F?VBL;mvLj<=o! z-b?({m}|G~#|^AQ|GCJDjQ3lEnfqsLdo`W^toHxTX}@eVGJOo^jdEUq*REDSJLpID zwCN{l_fzfZ=LGjG&p&rOxyZg@`GylLTh`uW%i6Df?ld)Vz}GnN1)szw;FnW3tT1n4 z@&ThOk3_eMNf;Odc1&+Oduih6y$);OIb-{wqf{>>AH6i1dA`uQarzLw ziceYZvG?~n?J8EN@juP@W6Xip%rs1Qd{a#RVmeG>{U(LJl7Pi6*&G4$?qu8Ft{xsv|_r2s9DgQ=uAil`PCSJkw z*cCS>u)+NByx{XAV-!pJBF`V2f$amHs<5l8v8$26X5YDw_o{hso|E5P+o7>)Z6gS7 zebKvkx6Rn@R~Vhqm`8r>m$8Fri?gSQN!A~%y>&R;^Ce@PyeZ}1O3r+kc93D%Qn%3l zqh@{BQagNCepge0W%kdYJJ!fX+zec5M|)=&|MmLMx&za}PSf9vgofbfWvVF35@=3acI6%R zvopee&$Gek7WdhYT7#8soKJNV`Sb9v?ED0ChklRv<{oPe!;9D#P8@c4{9$#MEi0ZF zVLo%s{`_>l^Uzdi3%#v)<kpRiS~`|I)6p}L@L$AmA9#EXm_v&Psl$d))V zO0q`wSe$o#z*^W*5Sa+9_;cG;|1ODMGdwt*^XaIY36BmIk{4PqPWRs(>3xX(5YUwS zZlT7>vwF{M=12mXlrB&3yvY#)KgHms2l%9i6+^KYS3b7h zz4$Y?lQX0|ifU@-Wl?Ve-NSz1Y_lJDgXM2QzI0)uz0%7y_Vz^jc&7KvipTeGZxh#D zJjRWC(zXlThf^EMlqy%~9? zxRM)Zl5Jsrqa(cWCDmy%Ic3;6-PkxQ<%i*41gIq}Us3TUtv`QzH*|InG=WWFF$ZfMV+0<819wY1N5$*R-e?81k7JQ`IA=%8I>WGMDOs3ZgpY=H)PnS;Yt@AEmnY-3-V-_U@5A9m~ntu^bs^(1p< za!b))hl!76(!gb+fd`oLpvT1mt?5c^+iK2Kes#} z8Uo(AJO>>mEBU0oTIi!2x~btE+1sKIXllG-hHcETp4HxN$(K>oZ;C;u&Co+ng)OJF z{~^iTD@V)JPQ`YzvWY`faAqpJAwHjv4P|6CJVLCpWGlGo1J>_Zec&c!aASTO+=N=b z=inwW*VYAbXuqdYYt8l^ad%AYvx&aKxDt#-V^g1QKWfj7citviW!zUG_u0d_#=D18 zGXG_0OY-h(hx^SkQoP|8MLkB#i=fme)u_-j+2+~Y=z8qs)U%GgysBgPvu~2OqJ0zVmj%<$I`;Ca*zjjhq@E3> zpLOizRgS&v!qDS9D>=7*Sx)+SY-aJP1cH3NH*8T+tBb`vKuF>CZi_EPpras4H(zsz+vKcTP0S-*2*0r;`= zm>=o4Dn2DAhQZ31U7fHh17=qzWY!0pg8k#IS1dnV@a8g(Ea3I$1zH5>Ea3M6XLeq& zWu>!6QTvKkLUX>QMFUw&i=8-}FZxw8f68IYihh~zwqA2^%NRc3jN!Vs7{fj18H1Z2 zCH}MFPscx`d)@elWOH}BuSB}M7k$ARLrJaj9MIz?Uj=y`pzd4^wc2I`>JOF{WZ>KL z+#b%4sQK;nk?t|!XKu`V4q8aX+cXF5oYOFYKJ(S5uS7b!c%-qkv(7dF+X1@l3zU^~ zL06(B{d48l5n~Uh_g`pjYl!g-<)cd{_)0c$HkNd0HtQBo9(y{3xA4Ao_CL)PF=mv(I>sY8JrOw%({cvPFS?<%{R@C?*0h-50U$_oqD&fU)#%=G`7>|$lC+N zRgK?PR$^!fJI(MX?Z$Y{d+i6KfNw&^bD8r3ZEG%eu^u^+-e?~I{}-~CE;~J(w$=9I zwEcGNWzlc0$wwbPzu7m02SYcJ6H3f6h)hro9oeFpxO)iP$zJi|K{kx`TO`4MAHK)F z%R?=F-CrYDf8l^^*l%)9Jg zU6&p6Ij)O-E1AEz)>)9RUU)L)lWtvmA7^|To9fQ#>`$$0 z*g1YaO7YeoyqS2E>AzyQf8@29#hZeobObnLKZqw|{|oTM!4bKPZyTNo?+~7ouDxyc zW2WuxcvGN6HgfMuYp|yYc~r-EABDFcwg$h;d}$p+G$PwM*#teTWV{bEuaCmpb>YE( zZ90KU%prd|m%mZ`joy}!A2pMAnE!;ayZO9}-%S-I#4SsduMn?|?XPwGDg1#4@la6kmOn{1(@qm91@J8N_)%aJj!_Iq$mXSY`RF z8&4GZiRA_&6IO%=ZdqXsiidAaND?#XM7)J4cD@s zHRqLLk0?%A2>d?2Yk!dLi`V>|SrO;#+roPG8I^)Bd;)yR?bg#Difm9md{VI6>veOP zhXnmpfR`EIM{Akeup_In$C`oPyPv0u*p6b43)<{Bj=L82q`?7eVYE?38>Or(&*I#Q zJ>)mi0Dv)ivkwICx)+;^i@85i;?y1ezBTu$lp_Z4Zk?Z2Mkh7yS zryFQ{3vHKv!*_BD^FQJ8rh~7rpVh^))&;UJFjw-?-8S91dXl+v-&Y^@zL<)V2GtU{ z3z~;6d!S2S7@0VOwITYb#-<5iYibVt*qUXGU2(P+=-8Gmw$D<U72CugzWy#YRx)C?wv>Gx$<{0^Wc@gto?i14@5um z;Wv;Kfo)CXN>-3786a0OK(1t9S;e}VGoOE|=1hH8kUYs5e27_E>8>{83YXm8l;iT~r@rA4Y-p;yw0EA}RW|`Qxd^6V803WxepX-x<%Z zMi|d5qi=`DQ#;17eo{X7D8Xc)QYBT2=zc2C;u5BQnrqH^9xFU05`u_SeTC=*E z^Plh^4*L4E2On7mjZ9=MrwG0(hOac|tj(}alp85V516^1L~iO4o~NxC>(W|BAva?% zNdAsRTp^!W;bG=Suq_PDrvEv1`&#rc)+&wS@SVnL$AW-G}$Y{0~V%x`Ra{cd(_`z+b@=-^CS{uBSIxxjv>UN!3{tf^2- z7x<0Np1`=;iE#plWLg|pq?e_iEo6QixDxQB=2&ogW7)>HX0GLDduj6J5dCq@z3;sz z`%rZHhnH*_l(`@ALiYFc|2o(Hj?&KCwZBgW?0nE!>~a5dV0b<#ymi7F`+Np zO?(T+i<}!83i6k=?L<544DD_Xqu=B(CUgzFY+J@yW?CL1#%)~qiF4OGi^6&|6BOO5kGA!mg0BY=GscyO_K_s*HS!Lgb$7d(6UjlWY_ne2)41M|dTre~kT~&PM@P2g+lUBjslft=dh$ z_58N@-5?nqD~OyriLIG}#ic_#_MrC5Y5$0)ec3|Z^=--GB6tYhuk(n`7NV;Ptg?J7 zXq}Y|;`;c)Gj}{y4&I21oaFqPIrg=(r^-#NFTbC)mpK*KJr(RVQ*5p7+t$h11>~g{9oop`(KnhS_K@n^qmi^ z^T7Fxr3C|Zz{8lIR6d2-(}x|RebQQItV2&FfH_Qz2;4-%#DHx1XyaPXKS%rj%%8^K z`hl8*_#T_rB_qG<$VGR)r%(sh8;_D5Qwgrh+t#l&>znkioTx1DDm}P>nhsi5DYvpY zf5O+_0`51WS1YkitAS5*M&7{qGUm}g_P#3%a>Dsmc>a|^Yw33_?x`K|n7-R`$%bEJ zk}e)a{?Gzq_nT>7b&9w?=NkI(>3l8ZV@1KPwWXHtWcBsy*K&@;t94fXlESfk=lzBJ zE-%=-c8L4s+^=!&mves)`n<-<>XJRQi$CrED7SoFg42c34~$`Is(RrJK}#;@U6LpR-1Yze@)1LC)30 zu7F1a{bk5^Ia$#C?fe}AXAO*}0p8bHX&(em(QN>FgO?5O zsohN8^Zz$_?^^P2M&iBQ(A!A7mq4#-3{8?L@Sl8)_W+}0gZSb$#;_AyCm2%$JW&nZ zG>{u98CJ%h_8~#LXNCK6{>r%TL&h1r?{RrHEBbTb>Scej=)HMq;ece3aQJg-3aBrw zjcPCRMEcP_X60DUU#; zgON|2$9%>wniO6P9x5C>K!1``&p9yk(058cnYHcV>phwDR)|ffxvC3VKPh8ACAamA zOHas#XEW*O?-u>{WcXUfB08#N4kW|p)30PWIZw=wEyIJz@LETPi;hG;Gx(FkDIP97{kvwk;JCQx5NzbX=!43uxc{Q_v zW7GEKYi+sf?}8)x29`c;oxB&_F$ukL7(3z!cFZ+} z`_|_Bd?)X~j_Kpt5cWvu65H<&Stp+CgC>dV9Z(&r-!Fz%@m-0tyegl!wqQ5*j_+h6 zwoEbC*7L6HE8trLOjp2a}*=olIPRf=K=5jgEnM^;*R!OyVg9d=#9{V)}{rY`cu1#I|_fw z3+btVx58CdvU%e&*~u1mX;?L2xIYoPsdVh!B5++SJi{Z}$1NSUkh2N3U!dF~#tLkj z_jw-M>S}npgE5uyC!11pW82BLO(uG&bl#Is8>9Bo2A-Wm)|(5NBz}L@4FZ|(($nN{=4=yQB z`TpB8e1B}ZVZQ(Na(;^!zRY}kZG*B5-~Y~RdpCK$o9qZs5DqkN>50IWQ+KgJ-#3 z#`V%X>trD^jF{ykb7!vnByq|m=;%54#wC^7--eD?J(1F4p3`-B>6Y799DK8L^Qj4) zFY{-|HsO&ufdcl%@lKfb)*bui!AGzC!Krl@{o>S{_a8r{_^0WIXDZqMwu|Ruk}2TT z;MB2SEO8*-zCVini2xN-J91lJAOq*<@yit+p4+mRg=vU>P+575l zj$Fdr7#oeV6eXMEJX`or?Hm5fR+M2)+pEmYxWu35_t%`VDD`&gnx>lX=1h871y5O#2`5r!j5Ox z+w~6m$#-y{(Rx#|;*OHQedJ4p$_C-b9kPuKPhUGZk{Dh0%o88A_eDz%5~nqLimUma zti+e)y%_IRO9nXmsGFSU!}yS;|2OQT#{QlM{O&&LS4%znsIi@DoH5rU7o{^|`t5NHX;yt|AN8}sXLXg0&j#UhA8Tc-TU_^l8$R(aID~3XUDX2YH*~kv+n2JBQeQ8FpYJQ?bh~b z$b8#BoAb}eQQ#Po9A^fH!S=m-CJdtZ1O z=a<-fI8@hU*maYCn%>K?k9`|vEZ3)Lb=$KJjf5QsySvuvp^^GfB*DGkQTOCh z`iVaU{ec7J$QJNf##rOTI{s00;Gx|(V^QoWc}p4xCjNAHc(qbPL=o`N3pkiX}ij@j7-Pa z8!uiht1T<}4D}`qJrIwYhu!YVp>p~qo^WH8;vYOeuMI!IiE#~)+n{~af8@GoC%~CS zv3FDdxyl!DWe72{lFiV9WXS?*26eIqq&SrMZRj|wWr4eoXD%==u?82Arx5tKFD0ua zA16ZtvAN9E5|d|VWTM&-AMTw@?gHZrWBUzFwoVqH--oWXPS#@!2rkJc?1J&W>zV(B z*5EDVP$`~bUmN(1OJW9=)KMNO^r0)WS_m$+~IR_ z;iw72y&CSl2tE|oaNj*2ydMFU0I)m?9I~@j>q}#tba<$>NI56xfq`|+HJkr#ih)7A z*a!^mT&v;QKhd|_??^ZjT!M!+j#S@9W;=c7(6?-GPv7j1`ar}Tzv=sio6hZ&V^e0=3p+~Le+kb63R0Ds5uigJr5@?B$VUgRrjKz=krKTXh&(NoCL`HvhUCyUq~ zu}mvozQYq z82$h@!D7~Uhz-sszia{V<=z_Ns-_kZ=Xz7?82VV#*D*HISI6}xcy}eRwD6e>M7put zyMezOTV1i~YTB7cJKyIVNk>Plv5@gkTw?2p-WuqJxpVPN4uR2CYQrAGG<01z^}y`9 zRl}|`r@Fq?nbSU7=B@GCA|Kdc*Nst)91FOu@R&&KVPXs5$3myY9z_PX2O=?ijzh#k zW8{^aS~-tmJ28e!$5L}(Ncy-;=U<$tY0Du#_t-PHQQvB_RT7bm*mSE~ALpWUOzr`6 zz(d4=RoB_Ak5iMbk5l(MVsej`rR(E3{hfXTnHkWUH9k1^JD_Jv^>KjZ^q=s}xo2_D zju(WSJqrG4*}Jiw?X}MBTI-zsS$mDA;jixbozAl%;BtLlr(VmqUmWiDlBZqLno-YA z@v95vN4-HT%o`_?KRu6j-)?@C+TVtc;a#s9sb0$^=n{MEmKnSHxr2WGJM~&tn|NG$ zKM%5fhvFX9ieWf4TP~VK%@*Reabk4|Xj1!mHn7H_nl0JfQ>?BW+tv3LHCrma@tEYsMR}{qPID=f>fRo%!s{h+nMESPyj9ilxUm zTjyzuT$VWFD@EUJL?&3Qt9Ws(zP-QIUy7EPhwKbGN@VoE-^_0s-&x2pA9j=Se6&tX zjj%zjT|ED=v*zZE*&WyMpV@T!y3;QFZ2qO;b$#S>$y;k9Y_{T$EU z{vm49K(1y%z4&~IuV4!dsV%b&6nZ^tg^E^=^bZ0GFgZ(l#&s&~4J!nR(OPnB&wYjg(`ot8teekrb}1!`$8jnJ^_q==qd}G8yUjyYnd;-Cm0mFb>aRpaBED;zlhUU zr&Cu4`+QBg$N%u^TyG7@Vb={F(={YJN6^I|V@}O{;*V=SyXmu$&n9<#R(52{(qpZK z0c*P85iYfk%bMU|5*gfP&LJ*}d<9(jluI0bAG8k6kde-sV9Ne#02h*F;yu|t{sQbC zejg!+;oA4x@pN~b@sJ{JqH?XTAKaVDxXH6~V6c zIQ(I`LBn$9hsn%wvbnB|KL0|7{v8({?4k}^rhHp%Po_c2Q#`iSx*;%Vm z+YPj>dS%|4X$_uQX420l9viUhDNNx!y}ynbpUTgVEhL_ju@B=9*R!t+eVAMboyW-W zM81lKKEl|O=&o+AH(^i4kZHf;n&H74?40r%YVhm6)~tw?V1tnl9{7r>1#o92c)%Wa zf8*aC{LW$Qm|*ziVa^@Vd-b2e*5vu-&kwh8o0)Iz8EBqk&v#=RH5d4OKl443Y;fWP zYt9otu&*=M-dYf<`(Sv-Bd7lHC(tx-^}x5A;r|WL>@b=}PA&cWW33j~1xKd5Own9; z8vam%9Q$)+)O_I3b+>j^4{%6NxO^=C{>S~&9nc-H1mR=tmk86R;u5l3K17{6^{?v{ z1;&RyN0+^&4-GFSuhaR81JlA|(?0ZPz=7-{$)orlof~bDXP~&x6_LMvRAaYunG^77 zn0Qt`_Qfb{5!qDR|1;;e;itM?VV?y=lM{0@bdH6JF`r_LHhh8)w|I?2_%Ps!SEe&yaxFe z3@fMU9qi>`o-=El{Bb+*fZw6I0H!)Na0fO4b0}KW+N*SnVh-BJq5VZw*u|oI^wD_H zfMkZ?I}J`;KZbk^+rGsX>j+f-=2LHi|BP!cKECAOqvJgISUiG!yxx(Idyk&$pWIA) z@5DdZpOL>{#*GZud=JsS(OHZ;L7)GD?O4rT3pXAhePnDk>^j*~M)y_OzW5As$)wX| zUls9w_!7y*k3oHFIYE%1< zv6t3tuAdm`nF&45M#r%Cwg z^$-J8Ery`}JRC3Pa^ zves$&`tK*l_%&!mGWTWtpatNr6S=aNx!KCRXn%mWmW=srbf>3Q5bbF#BTkz=HOe3N z)(X1C*z%p=CILQ#AHnJNqxQV(A>H6kwTx6RXc4e@>jf24FG#eZdO?bNim&b?FGVpg zjVVU|3HsN#;{QdyBu#1>9^g=aNpPUP)J8eEN*nX67FR|>_b=2UBiqSe{VaGM zB5&XxJ~dwkR>6sUh~JIPaE~o7PPeD^Nc?Wbdyk%R^+}e|CqH5C_bD$4I_NZ?f#?s+ zXLdBIPx#<^_@D>+zbf0V`~Rpz>+}B?X?-_*oUBO81NniYy!2jiVR~0h#QD&TV!Cdv zB-O^!TAyOdKLuapSr5b4$38Wjwm&G^2A_%(iwBe7vm1Q&c<@;fklyB;m-FEB{z3FJ zICk$FJyc=i+VyRuhnlnojO`*lRPXU+@Ifwn9881m)M;3V3+-IWS)RxKlq&>^yk9_q<;C&K!!d`w!=YrsqEC+XX zJkb{=j(}|uGQR33(d({X;=;wVCjO4^^`yB5T$yW*sq02YrS||EzXW@*N-$aWy5nl_ z7@H6#PuSYgKyLk6a*qwo1Z;axcA>2sopWxT>t0$qq4hb3mRNvD?T>j!`0Y3kesw(q zzlj=R{|_SDhj!w3c;LDPm{N69!<@faM2r%;C=|@XE%Pk;HU0wc z?t)ee!J}e6hDO0(@)qb=aZ7xstvb_~dvW#yf5yq7cHb!!ee;Z-ci&z26+1rW>KC4Q zK{mMTTYQ&ve2m|<|1Y*Xw!+(~;xNNd%*u|yrc$){07?uWyF8(egZ=M)I z-n@&p-if@yDMQ|*^Q-Y`x67yf-WNQ20H4&rj=v^Ym|%jD#l?``igb85cVzbm4-swD?ZarhqA zhqvG-ch(n2`mhVK{}VrXoaECbkw?|ub+m74@f1WJ=Jy8W!^SQ#F+Xev_I!^vd&}oR zSMHwnCiz*{Nr%~SAlZG&LG7mwf!kK?NNrW+oxd$&h{oTbo#q1DXOn&T8&8{ejnpRl z;{CikB7EcorP{>5F>uo6E>D{`kJM({1=@6dOTp>*mV)yKo;I%RM76kdcLE#!+ci`iOr|Bj1ix{pSA2O zJo;}jdxgC9auokD`PuO0P@P@B+8-wW^)jv_M}N~RnQUS=#Ln46hrHHWqxRtqi{J3B zf$dge0b#9g23jh~eNkP3^2ydKb$pK_Yjmxg7*t{$F?!~)ioMt%>}mJi3Vezp@?9#4 z_m%N(Dc=>-(0dc{AqsdWXxp_1++2lb@h`Fs%H|5=RI?fAV{bj|wb`W0@Mr%%$GPPlVrZAzuL>o%d_GJ|DX4 z4OEo4?JIs*$b2v4Ua1x8zZW}XCv>nI`+6ZX)W;t51#dyr-Neh{*f+`%>chs- zd2ey_iDC-f__;3Z-v;){yc3rV!WhhXZouD%J>vGSepE|BxkaO)`TKzD8@oOb`KB-Y z!u`;EC>6ID&3W01TZEz?f##Ee(Z;7HN6L(Uh&`Jd6t@6(+G9oSm%+qr{5X6$Q~&sG zSB_D2f*zB#1&2;P)x1JC>L3DkT_C?DB{|8;mGw$=Y+)3|ujZ;5N^55nKDwm8{2W{MO)TkGaI@#@own)9ml&fXnLY(8X29I znSWzsrVpAvM`i+tCHbTrBI-!RfJrv7SGL4n43~K2%Ua<*fLA@RO zam)z#ZG4;fEi`cZ`eS?7ua!;c_GibtJ?jh9Bx<1cS{b$1eAHg^QG2a$S(r7E&$A{{ z-{q(FS~<1X%IkgW3Y>kRFKRz<#u>G$z4qG2-96as^G5%~&|OvJS6PeLBTOA6Z|$`k z9&q^sQSE6azB6JyXCJUBCsOgTzmo4W47ZHoU!5_$_!eVGYE9CK83^z07+&%6lUdJ6 z=Oej3e*!t5MCO}%&RcyYz2EmC%c=X1KI>^OE192B*Ey*?*$%s|^Zwinyia1zvFYT4 zwCg#iuJg{!=b(vHE|un@ox09jE&8@f`moau!y}rTAC5GxcH#+J$&3Gfm}jYfhfh1w zc_%i#59epae+D>1ahIuwfKBM|Vh6CM>x9bomHrAuKk=oJd2yu!m$!b2y&o~{kCOYA zva^esf5m&r8BXOu1>m~|<~$!iCUqY_Np_&@Slxd__o)}3x{uv&?swStA5@MQWAMe0 z(cn>hc6qnGHdji0_tHDyDb8ywCFiO1Ox8Ahvtj;8Dfv#NH`(@iao9dvN%7UWv^$aY zPQmaQ^#M<8bld&5^+M^#d2iY1RD0!&Zyw_-b@CA=w%KPd&Enkx@~h&bAAROy#3*cC zYy0BjN6qmK4laM>$Te3!*z3I+^_$604_*7#^_v5%L&%;o{RM2@F1sc!S{H2-=MP;( z{bu6%eKBe|6YGDwb(~)({wnz$ht^FT23mb%iw2k{l1eGezU$ftf`8cEAVToRrOWu;FsX58dG0%Oe8s%ek=LA2V8&;t@khR-ml@_LUKBEo@U-hsF4V+w7x^VSMl9L zzdX@;=M?In)?Gwj7xPChb`$R`0k#LM!Nfy+e=0l}tK+kkPu<%yqa?OBz#pGod;;GD zY-7V4cXJ=!_(T%kSOPo`Fh39R9?#UOUh>1VyT^XV2YvaWGwmw~-VjD71^ZPqxfoqo z$M;6`Q-^BHSeHh$?rG<`aUL4D>!H1k_`Afi*;nS-{{)|jZ#TkYihVSZr=%FQaz2V^ zH$XmOQJ$~s6M2Cy?7HpRFMwV5LO?ZnE8w3%@SOU|G1_apRIz8y4^#bQp8Fwj!{2kg znf0pXGq<&1N58V=OxaVV!RG#4YFYP%n!Eb)vRm%R3$^548XnBKg0tZ{>-tXL)sa%) zsQxg%W)5?%n)6y4j`KU$7apWmP$bu9$-dt{1v|c+J`OWiImm&Wo1k%MNqEZzZ|ZCD z71o?7@YmGlaLH)sP5avp-(?LJ(qA0=eIk7;Uo~v%!`>Kqk+URx_)&%7@h0AdZ%bS) z9iQmFi@89a8rfHXeCGED!J*bggUC$D$K}YM#BAmcd1{`k;yHd#=D8)s&^2?@GZSA6 z-t4PLk6Uo(xNwhS{J=fxQhd33<4>9K;!nMRAAV!t3a&GD|1K-?F51<5djIFlVW~B$ zUuQ=4BUA2+Tak-=c`X+&zHgvCH$3>mEE_LJ##nPMeq_>sWY00iGnsZ5(QcA4sNF=^ ziku<0KsD+Y;@hQQqwW2yyXMg5Md0+C;PfaseH~fW2VVQ9qXQh=`n|ZdZi>{pxFsG5 zj-`{{61T4b!`s2_D?B$o1Gg@X90kYy)5E}M<0u3_89XzVB7B>^U~|`1{2hfxj|N6{ zJ%0A_$M5vzv~=bOm)ZS$;JJ<5>!qHx&Ien#%NMcF2Fq#LWY@TMXn$06A#^X^+rV6G zVNN!~w{5&zYFYh@u`{u+x@tJ@wuZT>LEb+|t(LdTXW7h4CZE0fAim7q;lck*I5t~F z(8QNN0Zr&^s)gorRCK=cIor8D%lSRi`F)%7S>b$^@hP8M^73PRKgVuuvP!yF+WzT+ zAJdmtN3f5fdu6y}>3P;4_mAMOu2H_wX!7R9aNYoImE%i?@uj_XsC4vH`cfX6H?OkH zlUF%XJpF&t-8v|4iKWX4of3 zpwD6JofGH}{it=GZun98FtV#-s#R-U5ox@Kb&2cX1=}th#)CamO`eL8TW0N&->09m z&lb!=p7p>(Sz|df3OT2kp>jX7kQqkKAu|*+JkIlRWO<=A#pEPPcWcbC3E{y%WvoMv z!2fxF9)owVci&u5wZsxr+D-R@FoA%z<{lr z1wSheEc-Ue^)~P(xQ_Ckm+oC03APpwPX2Hn`1WVu!`Oo0L~shm05B#EjDhHN!ix*j z44%P0EV~1o0mr`cz~TDXi#)K%*NdG8o+BCXXntH+y!gr!EW!t}b0cf23E--v4$t4B z`zPWz2&VS)z$Dzv@W3N~-<_``#@|e@rx90E`#WOj{RFm!=u>lH^P(N=Csv%JbwH+t$)ehK5gu&KveQ8hFzdBCD8Zsg=^5y zmBbeEs5z*7J$G&mPH9Wyc$a4!t`Dso6L&n@(B0nsHfBz%{1Ng4w!1kFn~Av+t9;U% zTWo$4hu3~xcYkhg9=1e*FR}uAd<*aN!XpdW*WHI+lD;v&%{qN{%R(o1pG1~v{dpm4 z^Z`#kvSJ(`+5!zvXRMR3XB~LduOB;NBeq!rS?EJA%HQ=f&k1N!_H7azhE=Pk{)3Uv zksD@gu#W3&J3%?U;R1JkXPCUwJ_^}gDfz?iUy?7Pb@?E2O7cQ=-o$?m;y>tHb;->0 zRqz47ck_JK#F62a-fILmjo@Y;dydM%ooHpASVM@$yPwyKU zfX}1#k!qhc{oQAVT6bx^mbF-|>BhmAS(9f?Bk&p2?sp-w4C1+;6ZwI270yL)vM69Vqv1WPtmUScNx8!w9j7mdGzWrPk%>@{!Yhl zvd9nejmO@-92tNgu}Awgow!U*Rz_SVWYhR(opJQj?m6<+)ay>~Co}X7jk@&I3?4<_ z$`SR_xA~nx-=b6PJx@Y+nY6lUvoq(=jN5jWVzSKHa{AarA3?)I-Rxnq&q6o9O&`G& z4`tJSkLcOVe>U^)k8V3;x83vqG50obR+nY||M#3TPduZbsFchw2%`9u2~Jd;nE}z% zY}H~5cNrKIjmk>@*)Fv+Fd&+ie3f=~rOg3EWYlDRD2>tqd|WF@Yirjn&eJ^L0D`jV z5pn+S&wYRIbH3*=AXNK${dm22&G|mv57+a3UDtix(ATrbG6x?ISbcHa8=QykQRb+m zAHVL5z^}V3@7G;f;MZNzpI`Uti;Z7*V-;s=B*mZTe*CX1>>g{*)Tq{a&-#*{x-Re~ zwG`6Uz6ULB71!$?&`RE(Rd05|#b3qE1bFA$88 z8OgQ$WscJ6=KKO=isXrhERk%HoRMGA&6xZ(of(wxb%HcvliLO(7qm~Z`0&Lv(p6CVe0h}py; znyB^mIx@oeG_gCyPhmZ`rIfld*thSU3Cxj8(wW+GCp|m}+3MQ%xPHDNfM4J{%fuEv zGVa>y^QA|dSW|rm+d%sCLTY3l%eOJ^OSXsK)ANUTZwLR!UE6s6JssZHJl@y5C9jPh zMrP}G3|%1kt=}HM-PncyNdf-v&dIFEZIYj1`E|JSCJa2;$1ZsO^345afAf)^H!);B zj1c2pLeH&M^M zM()Ya8X*@c+;$zYo4Rr2hjUKKc-p>~wwE@K5^Nssbj z)llVs?!TxPoEwXi8+m@dkM;}dO`81E{QBS{the0U#$tzHd!A?J0_@}AxpA$z{gAme zsBUlbd4A;EocHn3U9H9VG~-EB=3t}mOq<;M9^W5#s6OLGeR8dD7xPWUp}uJ-`i5(L zb7O9tST!1f)SlEhgbX5;J{(f{ke#Sdr z^m?9{h|fnhuenCY>-xpOzPmMaCNK4OviMb3$glb$^Slmx&H<0|n@NT#Ux;-}Hunts zRD0qsirZL;WQ)$!9mji;b#sWTTL!2fz4%UEn%r<`F-hZ211T*GKc%Solx55{ViAqxkRJOeG znJ)iW-iA$Jdzv*n>q7^3!S`R_N6Wv~203xMr9^=Iqr7SiW7>i@@M-eYC-R}PKJk2nvx(?e|s?-=am+eN%P zoLjH`9Es6Iwlj32T3}xQXI6KWwa?=Be}v|c^B*DinuEEx7`Wo~VOU1?=VAFx{1W_Dl(J{O#PXYXZ5q5a7JsH{fG?+J_8hM3m|qL?Xtud!xjHz@;Ext+Xy2U6 zwJC4E+R%}5ddk}8@jEOBWItsgBt;JpKyZL$cSFeAA ziT~%Jexj$19=IeSR@>G;t2Ukhl<(O0hCzZqk`-oL>Kbqt!R4^#pF z?}b11AXD>xiVEYWNMP$Gv40f@mv1gZ99=%Vu4#-dR#&s0J+hV`Y;1B$2*w)Q8yhSi z{=vbtF>3g*_Psnzw+CZ(^s~e0*E~Ec2geU^e#wDK>W?pm)>#7`sN%m@IrroU*D+u< zj{kx;YxFBq)U^HABY@ir!PrFKVSkVH&*l3M!zuzVDn1>BhUKS|z8HXPPM|x+q9;Uq z_fcCaiM*;rha{nW>SB^#6z%PGIVS-Qch(ikj(dag{L#TG9nfDtuyXj#*WWoZdG&Hp zpUZ z)js9#n0c1A@8$RWL(KD}qIn*zyqZ`fubeEJhb(&Ov|X)jl0|_Gl7DO&yrp_zOZfjZ zYo-QxOmwex(gUo)K1e?8zTe6K@tNcG0{S)M$*)h1zC|{*A)5wZ$LwW|SSXtYSlPtb zlE|kN@=3naObfDUd2LPCZM8Ms_{4gUQ*Zsr?OU?)X;=uRl26YEW6Q~>YAc_rLOdsa z43D>1J~;SA1DLS(@trSV4mE|pgN#zHHFe^M-9>LJ863NZK=%XK5zbXXFL;COOFMJ-3;JFR^r9<`$^6O9k8^EN+>XQGcEtEq`fhWb2I{i+QH-Us*JM*o%M zG=}@VKGd(9^Z3x5|E&It^kp?L*SbbI9<_{3b-GlGN4D!Ye$U~)^rZGqy*%-Q`S<x$$_jK0V5e=PmU*3&qW^ym1*`bSFJx1C|?cTJHj(OSXCoH#yp*+KkG z4g2;Z>lxpnc;WYN4$-ve@ZO1|luuN6UT0!f#Q6K{+Bo9BcQ*bb{8Sxg z@6!4HCFHis=T}#}F9|uq+RXU;)BKhkf0n!^*N%LMJJc3_FV|L$+QPm&s4e7Dt}TA6 ztw(ZgaRvym_)oQUu4!wd*IeR{S6kSN2epMghQG?h0ZS@@8`tv1{IICKEozT=E@Lz8 z9jo?OYZbTWV!HCdMARNKRcp2H&|Zhh6FSL{>0A7!wb~Qt@>Ii;E)f-Z*zlpQ6$wgcn@wZO~-^4!>mzkLENcno@x7T_k z1%D}js)2saSopr#-)_!E<=oe4CEnLMjzz{nhqXhz$HotjKRNnicV51#;lZzO=bRAs zn_Rj7v>#kPb?yD;dNnXg4<%pC8%)kl%$&6^b(oYOTJQ_T>B3`n{WWlC+cJcN+Pd8H}%qF`N9F`R}(b47E$1 z&&cpNt7ymdDIJ<*+@kAR+M5*hR$dkQ_H2G{`t5fw-*oarW=_f6oT6q<5nYGo6k|N1 zsrJVATR&yn!9RMw{~>f8q%X<>o>t!Z zT=HC;JX1}%3*f3Mgll+PZc#@r43cqjs zn7^frvvT1%ON%A&9{v>KKcd4jX!$v4Y&$fT?CHCbSj9@qm)6E~KB%)5%ZA4$2YhMu z6S-W{PsYbv$S?l3Zx>uTmB9+(e3CBcz7lgh}7 zlJ*y_d*41|UQ3y)`0#4Rz7D)QKFq*}8Tc>*A9lir;yK5Qjt|9?2hL+I*yH{3AMIcI zMfeY#RjL*#{kN$;e{+>Ta|XDCR>JU+zR%?}*IStNcQ5SY_=Dnkz*1|7uz%O(5AT52 zi}QyiA1mOu0r1W$moTl<%$9Ee^_9@q z0;`F@Xn^K&mzUjvjo@Sx@mq2|nqN5w`U~GXnd_xja<54&bb&O{De zj2r-G8SvLR3t!4?Xm5^qv7-HsdGEKz13#nkk{f}oi)V>fuK=eOmL*09jDr`dq4x{X z$Ev3T9h*GNvG9)82dYi2@BfvYkl%A%QKdR>gYlaUY#$hju(paZ&We!VXP{YIy}q@+ zW=^U1HNod%+FnT8uhaiz@hx=H1HF8abyX23{9a9aORuVB|7iS?ZsfG= z!5Ff*@n^^TOYuu|rX&9EOOY`X7%O#*L#}<|+Kr=#C$x>F1d4cXVGP3Dp3*OK<~ zhWA^s^&U$~w!$NB%x-KG!ee9n35^>bi3c)3c2p0v+ryZ9fSdHxi@Q+JMVqzg$gr*fujj>) zDYBdE;@F_@>8<437`hDF3IBHdks1aJuphsEZ(dfXhQ+g=3uxByN3nlbYa8)J1GO%d zUxmKQ8anJa&9CQo9Wb@EP(+U_68 zpBeP+N5nIEeyV7XL%UATI-i-rV|`$^K%=d!d9)^OGy54n>@UB>*dg28T5k)qk%1md z&^soV7dok6jApIE{XTLWqR@=VQHI9$bG-_^xU8YVzkt0vuKrv(K1Q7v)C0fo|5p62 z``_DtOH-_T;SToT%Af9@Z6c1U`@rMM`-!El>g#)4?`VBIkzBZD+O69Ly&)5zVKYvR z&-JwoUR{@%?tkt`%Y1 z`@wdSqi@4&BcLgCi}Ibj(l+1wuC;}{=k`x_j>gVN$7@uZ%?tiHek`t!skoHncnh#= z1a?{v)#Bq3pXxp~Dz@Fnd@n>BIU5!E91DCUW*%HCUrFou#+;2h2phz%XU8mX^2zeA zl`Dn3?BvQ-MRQXPH8&Ui&CRFCALiyG8|7x^^qiSfnK?Jp#tLIb-)QgZWo|tj$df~k zCj@)Rn)8ar7KZzO7s9Q2*s7! zhV(D{9BpV^!}=Llu|FF=Dv*cr5np;@&~}mR+rP%rm;3{=1LD{fwcu5GOvWCG*?QEs zj#r!cdeq5<$hF!0pA)GW4WCViS6!}gDY8H|wPe*MWI>sc1*HqS16kmnjW)8N)X0Le zKo;no^bNpn0knBN_745bL@s>dWyXn3lUx|*e%$PlbA7t@R9Ay_f%~&O?cd_40@`NYYq16`bEF|ajj{GFu=OXiG zvJROYsreprYom`+=BN7ACJu}2>zRp7J-fEX_3hf#7@tP=eTp%C3LE~@*wkM^20k6g zz%|G~t?zvDW|r{oY;aRg`&Tpeb>y}Ht2@6!-tw;^_KYTT4IXs;l_0m}N1pf5xRHTF z+qVYeYNo9l$9XGd7s<99%XK}lx)+_b6unLkZgwg6tS?wJZf)-6BWxX-X~aUXIj>Ai zE5u=jxthIi%=P2PdMoE*cdGVmE&5V>W29$Ovw#CsQHWa9y+?5Ha9>ArnU+8fb56Gzk=S;dm57)XD90{*SBh#+=A>g zz7FW&7Upm*bP$6Mkk=!l(7|xVJqDlE7RI>-+@qK7TuW{9MlWjen#?u0*Y(-}_i1pi z{uN7@E}mlyu7BB@wfGDg%)X%s{*B~_MvTAK*8g|<+UbrY-)c`$&R@%QFS!k89#8!v zc=28E5*J>uTa8=}@N&3k5om(^fgIf}f$mzkw+q^F-xcJv2W_s-1aXJpx>)Z@wmz}i z%0l@hWamoeKONe$=Je5ZMeL){k}beKz&U(_4oJ>K58mu-MGKpIrH8#qzLSRqYmKe;ono1nTWhcm=!OS- zz?1$z))Z?puHQvV-GdB){-rS%(ON%w1^OF4 zZ+5=8VBTqDPa}SEttpehQ9csAXYlS|gIzA2S8%T!Tn%FE&}Mo>Xl)jP*N)TiSDwW_ zcg7;vO*lf>?Z7AWI^*hPOyT;ZIe)`(2m2dj2lW9<$+fK=K_SLD5TqAlu zhRn7xxA-HAkl7_hX2%wG1~S_{vobqoWOhj)v-OT_X7wYx3wv?OoL|6KmjO3mD>(Nx zm2JSjSkcJ7VbQZ<<)?cKf|d>5=w$NPVKA^eZr7=w>OF=ob*HFL*?!~gi? zGxB9XpYmlW,InBq!N*>T+e1$i0K27dGGMSiP))m+KYzv3pH^u0PXW{r3MrM7-; zxSyr;qdl_HM{3`!i@AP`HZ@Q8uGaiIFKI4qR^gAH%eX7ep2n&EDa^&l#h~^9GMKou ztt(-CGK|H{gLbu_G3S%v{@t1fJ{iT&Tlp#hfC zcCut&_)bUIBViN=|Dj=t5nZ|f9kmeHUylyC!OISrRGS_8(c0{=vum>tlTWZ4-S7rF zVi&qXar4*NTP**qlJF#L8y+Q(0~ zHAj+Dm6IIl?V(0U0(qCZDNf8Q`qIrizxC>~?=2%Ou=KX{4bTm`#I>fr}ZV2@#hqdq2 zJI2@MVmU4@SBkDILsyogD=W~IL)yKlvw5vQcn9}hr;T3P*m*>43~sM>{xj!OMlXL3 zIU;&3;Pnv!55XT@@R748iuL0hXhU|IlLu*dx|pvag(tA^Re1 zd&%x9v@hhFkbNPz>5PnnZH%E`@>U*XV_borl8pf_KhVZN)~3Mo|CNm~^v{6dzXL-pYj_Ty$#L}9E0x%yoP5lSC;Ts7fZRh*6zgm0(G2*Po|8Y`=xMH%ujF*-G3Yt$8e4CQzKD4q)Q@zd?1D;@ z({=*32JvFv9o`^&L3-Ny!dPoFvXwVYzlPx@!_6Ivz|);B9J&2|nd z%_iP1$tL%gpbtv3slJkIUuz`0KRwiMYVtOm%X&8PY9za-@kG|WmHwE2T73VQXr%X- zz-u*ja8-Pqj}Ff!---eIuRW4{iN7!FH|yiAC)bdpxY292d4(P0Y3t=k*1~y&KO8tG zS|VB_=WK~3z&Q0XxqRp=V++V`;QCfzY`+`mNA=xH5d$aJ{sy)EJZ+n}QHh@=?}M|C z4{rN;+7A18xc)kAcj&yO=HY&?zFVa{%^AiXA*W}f+lSi1*wTH|IdeA1d2C>8Tq{;Q zH#fc^{(sX(cuum9(yMCmn@6&lS8KEL?~P;?W6E%EN#!6D1Ns}jUs5^5PxJiK{8s$` zYl#^3J0hkg*E7mP00)`+$`CyTwLDsA^IF<|iNDSKZQ}3kk?gUeGu26M9$;yV?{As| zZPV|(_#j`t&otkDg#M!Bou&EyEd6faH*HKZ`p*0s<{V`79q7dmOi2k3Q-@UO1n3|hei zn-qWDMzPn#$kr` z``#9f$^f zhm5(IHoEwx+}nZsyz@$#$@R+nYbZUme5e z#(T0SW!r!5^PEw>33vf_%a0NNxT5*bW9+KeX?Pqy(mHPiW9}RTOu+vs%ulq?xv2<7 zT;Hts=u35*63j>QUI&f2T#ohp?k2{T1pix@hZz^JsN8*^RWQGg_|1%m5Q+sKF zCwpm)KYA-;Lhg^;!kE59KdX0|Jd?-Q?4zxL`1rANR`WYaZdM!pc+HdW^RaFOR+5{^ z?Z74-$(}>4$3!bMkgnxktzC1pOfbH@HsUp=4aE$|uc~DISV@gKjm?c`^&b5B^o{Iz zT<_`|_pWHAj_;)3<63(*Mu~Amv#EvAZ2J0WHgiKX+j$dkSrpB7H$}61W5<$XHNsD( zM}%ZY#OS=_#dX=#Wp&v(m7b~158Sg;fBD^47X9eKHy1tlt2bx=Xy=NOzhxzXJJQHkPyVkC^Fg9bo zq&7RA_)G_L+6;cKn(wXDUWBnTyvIwqr`*_?qu>Q}{?pWlj}!aS`F!vgc|qs+>!FF| z&|o)s>AKMJn0}|?;<2*!40#xx*su3_wb}KR7uF~ScmMs7?0pYLvg@0N)U4hH4x7vT z`+kG%OulnwP}3v#{>I3=6_R&1)Bb(5-$<>3#*vl&+HGF;MBwPIe?j}lNjCh%$}i=Q znrH8v>1W{EuUZeYRlA{Ejo(r8KM^jVyyLPajnhLE><2T=@#?V$vg})`}t7Vv;6!QZX+Z{J$_;+=i$B}2cM95LkxCtoYC=`iQDp5^Z) z?Gtak~*l{6Vv3gcI+sI~~yLQ%chDqYJTG<(rWTsb z>DZ@hv+Ygq=e||{f?0~W#vUY3O?zxjPVWHai%}nCsz1JldJLnKM?S$fw!niX&)L-5 zm`>mG8F#}*e7?+gZgVNRJi@v|y4P!;K>yf8=3Ut+(w!fv!mW*lyGai`asZ)AMm z1CgH2Gz$vk*mOiKb=l-o$ckho`eo8(J z&sD=mw3VCyosZ@}?}#^I{C7Fi$;JwQ<7v=WIb+zKr~7k7_rLqg>AsUQY!bf<(f#(B zHA`Z7x)-eC&^`8zwQ~cyZv`KY=7;x3^R!t&^IU(2Z;EMt*FTYqNgwPV87Y`aHwtFb zrP9L*=rIXBUiODW>j)!PYU3ZGp^cBz`xrXR#O`vkLH3&FRIqm7x{y+)zeaWA07{Bp*fQ+*X_IJB|DaV4ni^wdh{QXPwwV zUFhlyuz8+?pSs|&PHf0F?T`GyH0qkG##i2kEWKn;YZ#BxKZnxwi95hGW2|f*>?ayTH&<~x94QgwyP1|esLkJmmFqXN#^T(1K&K{d%(B4q1M#S zYJmQY&LCHLGkcV(*yB_CckdgYoY9Zi4Uo(TCrTF-caWHd&iU?M>s{ zskV2^r%2Zcm-UC4lX!eosQ+f|&){Cwy)$a6=tJM1dzkMJC#Oz1+;{Y`27g#`J$WF@~9_}NBCo% zJi7T)dsn1K-|~O8JK(?TdKlB<4{( z-m$bF_UpO!%XnAw7aYFCx9&aH53;x4e&+J7p$q)I9Wh&z^la#&B^0A_@qk;4^09

    _K(2^Ertp%sQF@UUm2+bLXl+Sgqby>0;YEVEx5V+aj7ilLkh6lmrkakkR6e9m&HazJ|N4$A zTi$KV`f#JM@3j#>znhq~oVl&!r@|HF{rUbgYF@grO}lAxH-8hvv|=00@l%W2w(Nm2 z`yzbNj><5(7V2T~GjF^4Q(La`OA5yU&%?jAWrsqaG$OZEDznu8sciNBJ!!l#?9^t0sTQBOy$9d(IdN9IZi{A(R? zRDWGhw*yS<0OvBt?_~USQeW|M)Tu#f5I^bEE51FKx()P5@-B{V(CZzHRpu`9!FA0r z=X{R^g7LbOnX^PBmbmW~>Xtmu3}Bpt96m=4K0m2>=FZ>6R+{HmORlL|y%#HLKe)r0 zD^;>CK7lh%!eCMPL+bY~WPNP`7>($iAu9KxK6fZGYi;iT9T0=~2|Ce~}g7Y1lS7F#LGycl0k7Mkg$T$USMe5^pb9^P}W7K#qmp(qwOP(KL zv|SX>efs!MY7$I+{5#)W{dW1Ucod+I*Y=X;KO21%MYB&IrCvzUto3ob(VmCq0DU~C zmo&E+eH2BrPam6InzcTD*J#f}bAUb$$xkzLtYH7K)agTAFN$VEAHVF#XQFcU%tOw5eyB-ki*oJ^`Cejz5q34ch`28E zPTke`8fyAlqRk`h3fE7`y?hrtQUl$}Zfwie^qmHca=x|L3HP6hcWRyeTII*de8;z6 z>#xK%-T1V(iAUa`u241INwYBc7j~g zGUg1+csG))kFP4TZh*&gni;PXBURc*$nOK4-!u17D(JtPm|8v0-<;2n)6Z|q zK7TIH3ud~RN2=%fo8$SGWv^P!d@7QiPd&o(i8rA4uV9qK8LRq1f8-Up{+ zaX0rbc|3^)&OJAH{!`BLnfTn7k8{^WfAeFWMQ3GAGsU=L@;;LISUb5iWQYEQ?8r|n zLFa1X!)=9uM5TQp_blTcwSIqbEIsruw1Mu+{9ERNCePIz@RdPN7X}I^c!@mw_l(`;zPKXt$ zorZ>0oHIBC8b5nW-N8Gd@fm1*4Z9^YuFKHaZ^ICS#+2ks#+9?)bNfcuKK(iE>aIhh z>whL-W0#1H)ijFzQ+WlxKLma4uVGi2=Ox-%9|t>8u%l=OJ8{WpfS(5NGoD)Ddi1w~ zwaiLv8FiK9Jt7A6o2luS3JCJskwfr$KL%2y4$f^axSXOD_z^w zpnZentUdVe!?m$0W`%&v+xeFPg$1?s7 zo}KER^|h_PQ-_m7e`lW)tiKnT`m1sg+4>Soa!lx~)Zj}^hwSmS)OmJg_Mik9Mi<4F zE`YZU+#^0o>SEn{WWFzPjns;~!Fy}ex-QoxpLQ{4b=Fe5EPH%XmGFYOe5-mlbJTt` z1t!MhubGQWeOZY4xQmM@{B0CmFt>;>Csw#<#-{WAc=+pypWvTU3n1sPM9BZ?nlj_} zp!+3PB(~w*Sq{&B3Xj}aM*h0?uKY-ex3cRGuDz4-NxS3&_FM6&-TE5uS(}Z#uwz1p z=)33=xKS}qCu@LJ)Yd)D8doPgO@WO&(S33;n;%A(7F+$h)}U*Ozwoky``xxDA%_#V zM{KCHFL@iO0}=7pTif z(RMrg+x}PV3vzGAw#j~|TR5+DYnioKYH}{5FR=-WIiI6}*hTgT%iLIMRa~0nw{FHf zQRo5_LXYGb<@rg2!z=EDCfUdPEV8^7nksIYa8PnA(!YZlYr|vE)6RDphdTyYBUQ1R z9_tf|P8n|qo=^)$`{LV7Tc4CR^cc$+r+Lkj6GYxiw7lK*3GAAZyDRU7YOOST{+;qi zqQ_u3iGDcvooFAVCM*G_1;cBo`;~PXkuN-)BY7cgTRO!vQPCOvD{(qFIo;kPwPd5g zJ8_bWch?Teo)ECE@Gki)sg;@!kCxH?GONGciJm-!K1_tC3*c!px+A)=rWJW{|J71= z11|)Zfj&S*R zru`kEZ3O&-PpaNJ&e}A5sfI5uKgE93!=D)Zk$CVz%^#^H6#Fm)8ic>{Jtwc49bP5D zzxc(V``Vc&HSo^$dT5-FoaH`~=Pvfd&UBoewawRnIcL7)tj{kWCN?Hp4=ii!GOuxM z4DU*BvEozgNB%;+&6TnAR&u#=W|dqQy%x;N*%EGyA>U<9S8TcHn?sWm7p;p4Rt6~h z(vJRj5@X7lJ`Y3xBaCAJHsDTlx(a(lyg`kioV_c$Cua#*8(dl}bYEK23^WFF&-J)bvz?BHe;W#H!}8X z>0_QXpzBiVTT{^6EcS~2rKU;jnkyeu268=P&-8ts>!yDPJ69Rlk-D54G=5~i+Ef*f zXZN>6kfEFrDrb~S{Fq{0SNULcD1{wLI5w=wvd*xdmAa`B+%G;@Y!W`Wo^eL8+Zi8> zE%W$bzMl_oJo*sH;e++>uCJ}s<8ar`pg#otVO@hp4afuA1`;0B>f&EQ)4A8E|P>~&jYgfgN${FcmE5l+7_&!+V3-5{L(zWvL1^CjAJ$KrjV5|B- z>`EoqCqU0cp-0-FpZV~}lQY8hnCl0BqvpZANA?L$Bp)$}9BJ7^=HOF|96z+mIX`tg zukyI$igxg<)W)&0TKQq&@JLcXJGrn1<_Woq!K@|%U=QHQo z;>tmA^gJ?9^AL&Uz4VQE?%>Q_o0#jkr*rS!p~Yy4e8F zYuT43ep<#*#d&}A)HW?Ze)5j;Wo~=OxemFA3_JL|Bw1c))T_XNo;+~fidskB9wyE=6>c@F+!4&pktg}MT$$Ib(YWhz&bmu)gYpJoa z`mfl*Gvg11ZukwkG4W~22SbbLgVotq^LW>>reA#UKcHXaDShmqEr}o0JYgR8g?1{g zn{f6^_%f*%5St?QPJH8})ZUfuGjhMw9m})Na<9Z#(zZN5pvyh~Rp)%vef>7v01n0* zdjur@T4u=U+uDC-&U2Og&r%h!CGNIdA+pgQsrbwk;A<9Y6MJ66PV&78sNeeO*A^dg>146}lr8YleALW0Zd5+W!n&ZXS(7)d6G|%n7oO6@H zcG&+sIh-EPbGC5zV&2<9{i4*J#?-k>yxV14$bR$pK7LmW>-ju;J)%fF_gR?eb zr~J<+j_Ucm>~r(T>kRv4|8oIywq)NZSYY2SHA~P4gE@zmF7OX7No2Rv;O-??r6jy9{Aa|E_I&1kdEi4*=kSDVC03y?i=hC0Wp41UH` ztx?XkPb9DRChy}ymaJn@U+2n_c|f2niFrhpby8nv zO|iH7WZ6(amUYA!_27LzW7^Ldjt#C3Fc;$8Xz6R%cj2C0C%BI@Cn|&gODxAOUCCI) zMtbJzuD+p5lBbq=ld0$8TO?jO`%K5LeDPgxezchR`mdoiV7}fa@3!ASeWJ=ac<1YF zl5@y6U#}1xBA*6qfp5M}yA$jOq+R4t$@PHwdRxBvdO2+~Usv~(I$!@MwGbWP!kw@G zo$vq3eEomUaQL2UzFsKb^I3RbD{C$z!0%}640_T$Tzvdwd$!Aae2bCqQM}KW@7c<$71Gt3ei6!C;jKyV|z)z-Anp!4xqmn{PzpSKQicN@A==};lECB zl?VSXOS`?q|0T5DTl}BHvnKv$2%XpziLX4Esm*~I{kw~qV+-M5y-OvV@06TVT=L`A zY4-i_AOYr8y&e8aYJ?|B-VIwBCT?@bcp-5XKJu&xc2w+TS%vI*FWWEx+AD}RDv1Rr z5Mzmbyzgyn8E36Xy<8(UYY8^iwYv|~&S%B$N?uUxu8!0GM!kXLq{LQL>e|qXqlovh zQ=bz#VJ~`Pr(UC7cMJvX6!e;T#WtQ*HGet|eqLx~%(AbdhmUaem^M5zroFpeJa#FE8W4WKR zTDEa!M=7$pNBAJI7(TYXLh>-N^e9v2XCm{n17yw|M#-GHip1u(=yrl+zL(mj-pYJF z?eeezoGs}GU&fCzTXTvK8``M_G{ z$Fi<1H6vn!CEs3$4C|4@eB^MU@Se5AOzj7AePsjV)9k6jNART9ov?*^-N_RJb|8Z? z=I^3oVX;|!UnP8CJ|$}blBXBDK2gt^RSl7jf5Q_0p2YrD?)Uhhr8#_1f!|%>0cR3cUPt_|E98 z&cF0Se$wW2+IH^|9hd}GO3d!dM+{| zml3j05*aam=6UHb*pQr5BlW*BN0GIQldvnS&#@IalFeC>uSqc%Pf%BA?LWekNKRRcmS9_3F@>@Vm;|5|?#@ zc)4v0ztJVv7HHe#<+HX;Wy&^{Z5Rmst}NVGqKtSUW6R)!_#(+^i(C##Ed#im&>EW+ zCjOZ4G=G=z_c#2#o4?QV_ukN~R2A#r3#=^@h*QGN{EqF4s+cvrVP0D0bijMr`dV^< z4d_EVzO)0oZ%J-HM; zke{UH6WPETcCv_?NS7wT+|Qs(Y`1B*-I_@1j#>)U9eoyh+?q&t z3}UmLc^bKS_$lN45wuD!-K`@My%St0JVYGZ?b!9QOpTa%O=O%Lgl!#)f5)z$r)BNh zb!yU8951oF{B!FUruxpO6Mlt`ar6&9pnoImC;nKv{!L-ruKu;7Gm#j!4x1!%^h)ef z1pSkF`BL#0;t!a&uA(m5@fT%Te}VqUx{}hL3w!EM|2+DGzi8=E7lPg>e}Qf-(Yo^v z^&Nr!!lyqwPjU1|Y7Sif71EzNl_wZw|KR2KMt|J)hxL*E{0v^?(x01()E}27(Vsnx z`(M$YZz|dRf84zZe3aGo|NqQPLf97p5m8A9tEiv|f~ZUql)AL`TkY5Orh0zLs@1{qgVLE7o_%x4q@;-wUz7$lkxV zKxz!wzxN#V2j$e7GWU`iy+*r6Zxu1%dZ|q)9%dHvT_HY7{g(GKpZym6P_UIr4$eHj&1%1dX+PD=Fd|5EH%)wz7|twZAQ%fkWZZXUI{nBBGI%WQ$bK)08Cvl>$8moRXHYe6V($9Dx#K_kCHL1%BxXJr zJ#B(kiNT&Lw&sb8p~D_u+nbD!xvd(X5j?(k_>E0NYJ9VOtjgPp__p~i!yK-s)X*y{I>*=>irqcd%@@SNRisl*XLB~T_WD|mO4jqmJ;VE zwQ{afVlw9_P2hYb&R=TbJf+Ujp;=P7e}Qa`i(9M*lIp=EV%*ZHT`88EWP)}}YX?^^iX2<`{6`;zwJoOu+( zF0^otQ33iN4I9J$TlTzF!8f_Pk$r8)L3?6ySu(_Y$d11%knJ+)Y@5JygRR=+f*6?P zz07@{foA)+DlVN*u8O|ouAz3$SCYGkB$x97ZM4&OA>(c5j3m)R$yF2z{`p+uh6dVF zddc?>@ETk~7kB4XF&CBnj_1o+npdy=|@H^S@5#fy)NAb zO;W2YIvj4I58nTnKG?_FQA1r@K{0j!SuDd2LsznpGpY*5lCOfsvqbL1uuAUCA`nUMDp~L%x9?KQ_n@ms{Q52zE*M;f|Cuxd)iSvq#fa_>~9Y# z84C@ehC>-^I10b`{t#Z<&nHgj_wZTf*fq4%ifxV{18_1-;f?o#w-TONRJV0yrK&AG z6x$zreJ*46%SXl^)z6C@md5B4do+aSEq?V@&rauAn+6-}qC>^#fZ$VJkFB$wmHtC6 zn%kgxEMs)jT*?@Vcy4SZ&uE%IrGCQhL-}HjrIt};vlK?~_f_2A5L0XO$C!)YvGgnX zN68VuZ_!7^XX$H^;0K(Ftp#T)2l0-p51A{aeg}Q(cTwwiuepCmj3K|fU)qCimA600 zd-lx>{9bB}msVP9BI{kx+w&fq_o?xK;|*hs8ThkW1K&55@hD%`G)DPq`}elrlG>cG zTVHwq0R4P;FE!8bVGQFD|1b5R#pKH_xl3~S>^bCa-_FkA^)09I{jZH=3;v|#x9G!_Ob5Eon*|NSB>B={(2a5)c7ephyRncC*hyOTr#he zI7aClKD~wSEBIXYI#lsbawe60-`Tl0bd2DizEAaS{aa|9i~hGhjy^qQBrA|*>$CiY z@2wk*WVz^jX|Gvw4@S$YJcEC2`3tna0WGuXXT$}yvG@Ni=p)bXa>tohB3qVY{{*0?8S~zWyxqn_QAow#Zi8v z^HUM)d^S68C9&vF**_-nPJ;P*=aPZ-8`M7QDQ4@%*mmNln)m@`+hs=bd2C`$-Ch2~WPikz-dt2v|&6V@X zzB$@lL*KnPpR94p$1CM5M7b|I)%QwQ-**|w%U;>CGWFfPjCZv|Pc`(|G$=oH`2O_I z`NYsuDraA>E-)8EOXrfoPW#K)L*9oP+2~-i^*STDfw5IFwgs-Xus11QPyXPem16HJ z!H(FxO^2`O*lUrBDh(C8shTqyQxO0#~@0XLdt$YufYv~ z-W6ALuH3=Rx#@32A4^#1G%LFS{P-7(SWQ^+=-*i<&K&&J6+A5YQwc@i4UI^-ktoHx(f>Zt^f~$dBJ}3W$<*FO%xlRtms zwkL~`t6!(~rjLB=iFMzevp$yq1G0Za<~qHp-TE51EI0@`O^t#j$!keYtDvD{1^24#DBetS=V7+<2=*5VcN#dmB(%BT=@aN4^QX!v!cl_`7AE7 z1Y`1fpJQq3czLc5ef4fw%KeTaZ+v#@Jf|9o4R+4Pe_yrsMdFauxxUEvxSPAUCjj|= zG|{Wa?)!Y~{biGmOy6JDLOjv_5We97_;Vc?Cbm%f%~l#o=Jm|&4mRh%MvS_G&mRJR ztc$liz!=eKnIE++BR&V?@fGNf#6ak03-JZ9y~-ihh;Ji4l=C3Ow#B9!k12nMf7?iV z@3ZG`>ldA;%JYSlWwV&8&XBv@C3corgBVH0(2_T(qQCW=bx;!9+mzbsmeW~_p&!xn zn2Ps{%)^D&C5GfX$W8C7{J!M#B^I#bRy+1@C-#+G0XAb;SoD0cu@>|Hj*y#Dg>pNZeF&e-nF9R!hv3cjm~4l!pbx_goP>)WuAKIXG_ zyAYZrewTZzTIV@5Su*W~&KEUY08Qihz4(B(%ZPzawCJ*FQ22$miT#UKc<5O$#GH8f zgwNzYg-yzSxag@IVh&gI6e)T{SM2tze0foW)K#^CC*jvd_$WMU1y@Bgu@y&g9|86^ zz7qYp3xBb>bEWV`>UKm1?eK0RytCVs9KGb{MK;3QiG7VnH&tPKDr|fenm=d;Ul(h9 zMfb7rRRO-xfpYk5=TeplmaD)rI-_zR#qfsrf{8e_5KVe-?RRM}AG<@=Vo>jV~ z@@l+)jc3(9LnUu(9v72(nh%aKdp&~PWju4ae@f2twsXZY7V)DpA4uVe&%(%z{D*~0 zcptw2`gmUUXdlN|?Dg#j7|W)MIeU(Cf9jx9up{|CwKtj1ABLuK86Py&^IFa%k$jb` z)!8@}*;qLrD{u2sBYa#;EJ_Vf6ZYF^nq(fff%)D!$Pn9L!1}rxcR#Q zn%Y+5Q=mug6fPkDA-Spop@Ywb&(}hWiWT^Nnb4@^BX=Y6JI>?h?^tDLRnDpno=DBA zg+rW_I4<-LnBea000`gVr*%;6AUYIa9MD; zex{BXi}&)(cihi_#pU?dXN}QY+KcY}d0{j(YuVxKZ{#yiP0LiBCyH4$E%V%MoXl^d zu71zq{ZaNf>6iD??~$%&)LcC}%v^?jRj(_D$r%gDg0ETaEMm-&xrWYtht0`6D>~jJ zxz5;F(~3O`)ZW>sUe5|M#~MxDp(m~y3NJ@sTSlS3qtRXbaQ_KjKkS}YZ5$mm6iS+k@T&^!{J9C-aHz%lfJHk^2249vR>{?=bNc zYa!3F7V;2lBaicUK5HWQNZJ2(1LtNem0bM9Uh3@BtJ|@OcC7YzS@KQxyD0yR%@bLb z%Ww5rnZ#DjHBXnQ*h*pwi818t|Lbq$9z5)>>^qMzcc_X^Mt6*4936;bKgGT!(CgM# z_C7+BnnysBw14In-QOI(r~gG@OlqfUh!<0IiGM$%fhV*3_sisWQeK77eu z^&RA<;*kN~b7keT736<7LnuBdq|R`x1dpD*n%JADidPOW8E>}sqrPg zNzR1^cTLG=>>N;k2{z+Cq3yz>%++A}T7{2nLTXa%SfaEznmmZP?7^(j^~e7YAT~IOXC4;+NKCSo*n{{?#U}kLWeul) zLnY6*@VUfGXS&*w-^TfVD?D3zG%-t=#BE@Vu_~JZf5m2;O}zBt2PNhv&ZlM$-qCye zFmp5a>HT4V(R@Ov#EiqEi;;o+m1he+)cnWJN!vGth=mKI$zPR#U2K0V{i^spGO(cz z`=V?FwoBGlI+qN^KCn)+WH>egTe`t#U*)sa$d&Vc;&ZUC*qk&QF+YQS#l9TRS?4P5 z3bL;!`s^$3hrq8+Y~p5~72BxBh<(mzUpF{5;#=aUDtHzeH($VC+S`nM6D;r8;Igk5 zAcqQgbFsFs6$35%ifszxnDQj41G7YfR=Z{Ud)sMSkPCK8QgT1Z|ve%1R)9v*X`s|Lqp41I{-5YznQ0(=h zA?j||oh@E_eJcCCWNs#T7O|(uwAmE{HU`CjML$8Nof1o^IRWP^?_=3(Y>Tqj_{mK6 zx=GpVe&(Hjl>6xE6Z- zO8<+5zbE2DKi2Vdig&KLNEbHxRNMS^T}Cf;FZugQ~l#|iJmSBi}mUkU9p1~>1p z(T%Bi+T|;++g0A>X`??rD?b|@DNVQ0Px{U`>8^d=nMk+KFOA91K1=4s~-aqnYFMW3DrTze||w93e4B-}+hX^Fn_b%bU0tfx9dZ1}mw#&Is;%N{s%kDbD{rSd1SL%jJDvDf%9l|O+dl|O+dX@3A~W_G@&mHroDug;SE3F~qx zx|k!9KWX;lPo@!9&XGP{IRNZLJe5DwIRN>L7NJ(p}%@sS#lZe z#QpAk+M_%x&sg<@Q_XMwVT;<6yc*fALAHhDo$YvN4f=SN%r%*JGEY|f>tB|-6pdHG zu8chuBWD=loG z?~}ae-Q>o(`{Z!wk$7|=aiiQ}B6X7$|8(g+bHD5Uqhqeqa@YGKk+UmiZmfzH<`**? z`?W{Bk6X`Jc8%lG4oJYdzoTp>_SHkGLySybBUP` zM6Pzs{1ka`HRtii%+q@=W`65$=vby4Nv61OLxE{<#$P@$^UKtEbT?-1Bff~(EtMnb zp_qB4@RykRSYl_DU&=FPzD{`8Ma;~)W`~|{r0znN{QYm<_wcUKlfP$d9{|9m2PS5&4T_nc6n)+m-tlZcd5tku@Fb7C#*E^0oBbFuvmI|`i`Pco0C{Vwb^acl7X zm`~9z_F8@4ogBwQJny#G54hSBdo5!nW>Moizu1$TQFM>!Cfzr=`pJpz0p8rq)i&J= ztoh3ouJ$tdnMLAfz*;-GTl`G3D>u{V%FWc;xtUt<=+5bHBc6X~05Pb{$BD->wRbLU z_da+Cx&3P-N37brnzroc21>42@^mhrrSkgY{65Q-*H78q-17Qzeoa?CE70!Zvrge` zX_wE+YIjG$_Y6MEt(P4^d7d+_-9@`Ac^-FOU*~x~Bv0$f>*K#vUSH=?Y`LjeL+ABb zkE!k5XR=w(T;7(M;AD`-I)N0=4VQ}u=(zyEvI=l@RsG=Kj$u*T>A zjF~z6KXUwy2DztuUhHzdlGXnW0iSOF=gRRbKeC+myW{^pAHQqao|<&?^}N~- zEwLRj`4Qyx?bx~n{#RflWG`?Pb+>Y6i0mES$XbbYE>|z=#yKy8b`86JCeJwgWX?*; zVr%hl2bg1I4&FB1TupqLAkMymbC_MWwl-USqm1!pu(h>zexrtYM^K!-bXgDB+JHEF zFud+6&Q|oGE6PXeIGedqWABTOGV56%Zx~>7$XshVdGzV%jo9t$x|wI%#`!5(>~^{w z$TN+|Qx5M_?~%c7r{vHk@qu0I=vtdC-c>o|X}7QcUVe7_?osJ>`?uYwpCRAW9F%Xm z{U7P}dp>=3C*H1~nZNy>i7ke<#`33!us(3j+Jm6SA8)t*-D|&>Y)`Y_DLF3^IS1sM z4y*RqZ}Ls73tomD#ztkUsbTGi^K1?<*Kgq7^YmJp+H85IBfzKFZOPUAU@W!6)He>G zzHuPyOuxd${s0@>AKNN5II_pWs=?{sFiAgW*WkGFQ^fz1%zL1x3p=muxY%%i&E-(q zb=&zaYc8?F{u-PJ&%5LEPU;8j_FVZX#h3G0J9W(~6x|nelkRp`KRM;6Mtbv8Z}PmN zd%cyPdd<~drg;T;qDE^7>mb)ieyY*VPbr)EgTCfw)`M-EDf5XBz-n54YNRJWmAO61 zPr2HAGoY;oa$OG%i6$Qzp1n=-Cyl+wmC$BU!&d51SD{<>oabBQnQfnJ*EOkp*ChX( zr~CP?AH3c@KfIFjkn{1w^O0kB{cxSwgcZ^VzjO5CIPPfpCnmDH~y zr{>;YAFJeKV@cz!S!!HQ0SE53WItd7`+y%}4fSExQ2lMXeR~Q6)Hh3;#exBz|3v4` zR81`LRjxI$pS{*SpFSo}nSMz9Nq2qv4)T5ZiuJC-Lx`nz94&dB9YX-r}JZ7*t4o~XW!EW*bUY@ zof__;R^1LcoUOUXgKI7_G^j27pv{*|w9!^a?=On6t5>bHX)}V_D#@v>Mtl9pZfhGj_K&dv zzx)vX{*nE2Z1ao3YE4S~^Ezm=$Mk*j&ME(lJW~5iXjknsfuH_;CJvrm>ru=4vcF-V z7tiw9Y9qP4xeNbn;hA_%&6Ayde9V)7%^6`fp2zz4@deZYTt>Z7kbfQ{^KWNAq_dCD zRd@V^=y^qk8j4)-Jdd0txsnL6cLA}tU3YvO{B4J?_CAx1#JN8I+#z@u|Ew_iCreJq zzFFqSDLueHF9rwhwq(yr2LG(uRQltdd*3l!?Ol;J#a_mF{)g0fcx{xc9=f8J8L#N; zm8pET!blDlnP$qBW|Ap$?j!S*X;@?$kSle|v`um!0dww(U6m<#NY!?LfmA(S2AlTK z{|oZZ+TIlzY4v!|j!5^uOdQ)BG~fR3t3CeN+Q*z}zU}kR6Npj0*w4*B|JPr#`sZ|ehL63H z^O5thXBE``1o>w-U%-AxO@M!{xn>vbSy%oUnVx0&=hU9YiQ)tGo<`etiH|u38T);g zyN*Kn)PVMaY~kdfw*0<6pslY7ZH}*3c6Fbiw*3A%pe;q0uJ5qNSs2h(M*ke#W@B${ zo5erBMtin@UMjiK#n=w17jgS%;*y^7&-ZYqNX9&NCR>hweu*=E^TG2i)R%SFKR1h> z@2Y<$#*8qRl{2ku|NK4p>-MRB|7_z^&z~Dz^Jj%4tp{q4=(0DxZ7KiEoc$s8Aw4Yn zG|&g>*KX78pTTIY%AqiSmNvy+ihq`RA+L?f%|A~RnRdfJe=AR!?kh6wrhh(tS7n-~ zf8Ow&{QUFV!*`#5ZvJb!f4+4wsR4&`Pszgy~uytcX1W4uE|{4Is=Wh!E>b62)ZQKJy!Bp zGS(_1*}~XUYl+y7jBAPLwyY&4=nBNT3Xmsln`9AcfWIq6_0cfgU2g;b1V7mw?^`iKY{7_Tg~^?So6LZ-gI8T{D@~|AHL!fV{&5vyXMTTs+?TGf~&y5 z$?|M8xp@hHX>ao~!6Exx-f->lSptuk*R?Fud-%zRG)3mWm6&HFAHICSXIrr|+mOY5 zN3&mov7s+cooG&=HfN&bI(1E-?WaWsVp~Uo>#ek7=N`75&OB-W zc6tc=ZJAfwW3$_pXWVVOZS~g3fQEKy4_jSbXqY0~_RB=3(c~P?VVk_8^VB}nB#I4p zWXrk7`izE-2=l3kZ;mCO-DM;n|0A-UlBaB!6_^Rm0nSIZ_0(*15@T%U+0Fd5$M2SH zn|qGM9WMd&U$I5_(Z=D8Dz(|7c{W!7DjB=mha`v!v8~&U8 z>IVb&J5|1sZoenfS3dSz?Kdry^JSg$I_2&~xsPr+dpXy{W|-}xjpW&VMH zZrUGq(f)TAeUsFEpkDe4pzmIxgR_~#__I=piTO8<*Uxh9c8Jf%72_-UC+Cz_b4Im8 zZ-F|y;XBaO6oy`*6W`hf-PQb+I-&pKySP0Tcp!HM$N0OHeowH+DbGd0tBjYwW3aIm zIgIm%u5rGk_bwXzXXBw>onP&Ymox6y6|1u(jyAVE#X9!v*t(Emtn=`(pRrElf4a2Y zFSgFUA4&A{6@@RSz14DNd=vLYFrF&LvxGDLCei0IWL1r<Hih>l?zrD(7zkwcAx*IPEPui zF^-`>H-0mOL&IqiWq0b1k@MpLGo~!-7x_!Z?jKluVmd_1pJkEWszaMAZ9v_7+ zj3CY$Y9#Aq54$ndjESs9z)$p9Y*L$?6@{L}N9i#}9NV;Qugv#z%|7`b zlP-VG1fF6VA{*L9SCgYTOU8=@xmP3@3*V=IH~%uqKQ`0c^kmoe;501{w>`)z|K3{u z6OsQxj{Ik)$)EitKKakq{kiGSDu4P@@~6KA^yiiTlC}R!jg_tYrL>>7{Apjw-w0)p z|B|)ux%%i!A6?0RlDhA}rT=5S`roAPRqAKPkd4GNBL4(24L(VoG33EPQD&R)!4T$t zE}LrOJtH2B*=AK1JiI}hdE0~j8V@tU!%+?%9(}=Q4;ae|%}3iFJg)o83lH?C@IZeH z=+A=(`uL$sR`=3=-guyW%N}IF1ATng)yK8;(G?#0`0#LK20ZLs=is58KID8UIdjT` z2V$up|8N#GWb&_@)%_Gs{3z$VjM01Gv488r+;b2H`yKe8(brTzI67>dQ9F8~brx?N zzophkSO*@WxbsWE?{B-3Ub=J9x8KQH{1=v&DUyDxO_N6{oWtrEX_OWq5Y$`r` zy5OKF_x?Fo6C{ z{^2|&4_~~cd1uF4ui!)Ki0{KY-+%c&gIo)-wD5Bd{EQPb zP=c&VjOpg=-+vw$qt)-LV>HeGHwRn%e>=dQ+~D(PKPmOvGdrF+3H*Aon%Q=(qd)(B ztxcSNE4k|seqPp@CC0RPXx$eec{(>w)$fb>{aAjFZ^-t0+dlS`KE&i6<=BztQgRWZ z4{CmiK1f_?%{49ENW~Y$g{H{x&tG_TLgI^Kee$?S%fme%_0sRrhgz3D)Gn@0=|k<} zP)Z+aUHVXaqoWVCH#+)Id!wTdwKqEYPqKlAHY$Totmp2R65~koN6&b5LipcKU6;tlKKE%z z7y4kuM~;7gaZH*%P~$w+y#5K!$DwU<4>{TJPX}#Vxyhw}m2y7$#MnAp2mJi2<9nIg zhLo;^J-Q;lRo`pi)rg<`dkx)1{u+aafdGA+jh)(~~7@uk^|30eB{U<4yQx z(;MI~zGD3tlhTii=LY+WD>U71{m#UHzrRS+58<2W2Yd_CkF`5<(~mOlYb}WtnvXo~ z*N-J@_xJJrcujwhzYyQ`{e_K>8?xXT zf9v2`-<@D%Ii~KkonaPc!?GPiRt{2F{x4+Uk5gaX$7^#w9cW>hiyuAn*Z*@oho+_Q z{A@)qo?pJQTdfh6UpFTRGyDn4S3K81ox` zydr~VsB3e_Cz}Ukj@SM6_ZP*%_P6qPVt=p63$L%zuZ`Dy?Qf;TGsGi39&d2&pgZ1( z%N>8@*Y1`(k-EbEFpd4XkqY}C?C@g0jyP$)kMAoq-}kI|V`>WTrce)Ndl??w+iO$)+J6s?KdPPl z%e`g6_+F!F?-6_p?*!lQE(qWMOy-7f;*aK%SdsaUbzXc6?~nKK{!&eUF7d~K>G-ad z`R3L~CH^3foJTx;8vWY#JPSV69$1<0Wsi@;=Ftv5o6DV?NOL*!dbQ@VpT;M5Cy8IX z0iJr|4r&AqACC^o5uYb=|FxYDQLlAAM7`Gekdye0oexp3bv{JB*7*?iTIWO5Yn=~K zuXR3T68VNn)kmc4?|-7f`23=urCZ&^XR{|CBD@oP!n+`R&hX;1Ia5Bw!e_C0m>-|; zeie0k?s(%*n*Lnyx%7ZE`>XIdSMW*O`QY={^xMPutTkdsnRmz?JXUNFjL%|?Ph*n8 zXW}y-KH1Ci9UqTsG>@{)-@bZ$9-hMI$rf5&J2;6MVwEAbf88PagO*O3jwXz4#Q~ z|Cf*VS8Munv7d)!z~`rHx2!Co?R@O#eERKq`#HxvHXA-CYJ5hgDSVpn)a~D+jH9=Y zM~CmR_?(f#XXi1&_$=&6d(I49K0eLXeCjHHO8nXEn!h*O^$hBBXa3&on!h*O^$g6-o9%iA_1c-gH{10L z>T_rQ-aM&#atfbC8SptE4}4nrJ*U2h^;-6Xx#}5&chrOl?-szjAdDXC#b{#}bNI#* z&d)6KVN`hENKKO4KD=8LY#&}hSKRBhx9;n;pEf>E1)r<(w4cw?XV2sF0CNp@4{84% zjL(@GpT{`(?D*7+&p79wpX1}vZJI}W6h1j4!>&J@e^jvjJWJD^i~Y=sPvM>56W(RQ z=RNS!<>R}?XDn>~>`|W$h4;OEygxige114G7@rUSTJlTz~kX*VDLegS>!&BfnS zV_RFop5A-bdhMymp}$WKGjqi2MRek>F%cf)q3WG!aLDFc$Z24)^GRdUu_rj z!P*jIr1{Kmy!t1+Kgh@X@8~i3;~B}FxaWfdefnq32d9|L4@}$Dsaz{YlRH?%Oki@%moG(z71H ztMF0q3Li7!b$E_=Eg38|G9%0(KD>$?Vm>)MtjFNTtI*=c>%zUg{=&xVSQlQ^zS}(Z z+}=dr{{3}zS^S4>fBUHOFTDHj$j7Ddt@hu=0`}j{^wu>t?In4_BJ*tSlG1TeFwRfa zI6u?D`ENSBIIn}h6Mg(WRrB}tEcNHaLtibvs}D`ZL!&d`dt6WATlgpVhJTsxeJ1>L z#X}kGaT$BWN?7CgZll*83;$oHp2=-zJ`D%Q?|ysSFgzIF=Rf4sH>Sr!nfH^wMZaQ? zE2TcSi~7bUzL!`?_8Wz%QW!SqxJDxM<4(6u~#3Pz{6Z09xl{)*yHpu{XD<4f3rQ5zrSe`{X{oI=w=wb%cgHiU(n4=`cfzU4ZRJalNt4~F0;O=_V3T~ z{exM)e>ltc=V!48O_`t1%O2#gKfZ1+@)oiE%xj*{Vh_&H_Tbl!J$U6KuRVx^$EXjF z=YxqjdmZ;YdvI9FKOZq8*d83MY3~txAp8@10RJ-CgG=FOF7_ZqOjTm+Z(j6>*B%J} z!EeeSGBv%lWar>g0}`gESAy*v6;<=bI zF=vk6MLm?;Cce}OF0$;uXTDhL%7>)Rr%<0e^&F}5DU?1q`H=keCp0nTk8V3WSbu(| z>FyEz5#EXZz`IQP^V-(j^k=>7SvLBbe|p%fKf?Q?e7rwbkHN1$et&d82K|XYAo)9M zy*!`!;tBNY&fjIoZ=~?4@*B~B{KnL@{6?c;9Bm$w4XfvBtRCoK^$Pgw&f`VlR|hpa zZmjO7`ISTb^wr|E+QI9lX~B5iCg=Y6&PTHRw2}JH_P;l%^*5*fD9zpr{{*k_FB4wJ z<%n1E8?`0Kti*>`;eV}<|4-{N`0?tu_dgsGZ0`?u;Wgj+)IId=xA)3^caiT<-*>T} zQ+?k>ywxQBgt=IVm@1d^iBx;cx4MkKn2Tll-j;t}{(|!Z+a3Pw=GWI}@fYW7 z9X!R+!JlsN>R=@p805piY>j~|^($Yk{)L?Sm7)y#H=rl=Pk1N#2k$cJ-?8vAmw1c( zd1Fazpjq~i*Ix+l8>ww_+rM|^oFr_BU;q66;?}{z`giIt9e;>2Xddoa_??-GcTPJj*nga<>F$wuM|dar zg?E|odk4JC9lyn<+2F;m@ZRw8{-7N3%h~9j`hV7c)O_LoHQ-n8Kg}oJ8R*7u7yiPw zzZupuQ}IyRdZzEZEXxKLn_HjFg5j$)hX3PW_y|9Shep>vLT!`V4*WyTgTfBvv7Y(W z+T&^m&#Mm&#&f+MLyzED_$YXWkD2hC*qk$-sedUo->diG89AKflf&hD41Rm;kB1IP z$1`#A6tm-g2haJ&L*J!ue>|k(l|1IZHr_V}*L&64^V1f8y%%`*pI1~&9BCNC%_$D% zn_cr%=iGpp#(eSe)I9aa$i^M}$0Jv+-AH=Le|QI^UySmssbEs@JQm^F{l}`2nHnDf_)?YB1in$r(c3kN>^r z2M7-Z@9;1a-p6_I-kd4lQ?2T~hMOgRyd#5JpA4SXWANkMAAkICV4D3_ct2e5uJ>o> zW50hvzY>4c$$EyycgFRMF5-C=pA*k#i(h&|ADW~FGIp4``1dIv5UdY1S|5&g^x=0O zc=e%}duO^Kc-mw1q1w@h(hT}ADS&=UE=KA+;&H$Ie`G+gK3urk(T9BP|KI7`Z~rUN zkDgrrxA~tT9!mL#Z1Iq#3$x4zxg$%~0mxeh>%#R~7k=pI!oN0obs>rzzVDNRId8!}mGoBjn>B_NL#S@DDwOcjABME2ZYvr?cSwMveEo9K0Xl!+RxseuUa6 zx83=NoDZ}o<2`g_Djr&WNHE^(^%!~t@4`pHJABN9_r%8B@J>F4_m)7df2d zlf&hD4E}h?Z~qU;fcK774&L*%|KFu=zx{8@bN#EQ@UHATH91qW;k{Pl{douPS0Wd8 z>>q>ApHR2s#`^(#I^L_D^F=lt9E|sEa%NIb#s9)b!8?4+g!ged;@ygO`kEy^yo(%a zeR6nOkHL?3zkUBpFYvZ`XL= z=HUI=b}!!R;PVV0pBHLA=bGOko@ut%XVq(GzT0fqt21X!?YCF2o%wERzrFh0neV3d z+pEu=`EK*1kaJ$%JLgH{5Wh2?ea$Dh zd#Fpi|5W3B?`u=Jorn+bP4M~0K0g0a&O^#Cp80C=UhSOEbHPEu_We>lhHl0)Uc3t* z1@G`N6W)K-mLuLJzhfL`*5B{NyU1Z5pB(1uF=VsvJNg9U{pow1^Lg^I@8jurciZ=T z@J{@WeIH`VeNJ8C{cer-IS$_EAs2T%6Nk^gr&h^rS3Z>UmG)%3hn)LiemglB@9Xp! zdIaynN5MOM%!K#ttvTXd+4tV&w$)y|iyY4I$>DlE20z~Y_WhU)csE>l&)2@6N8deV z--Gg%ZoEtWJ{(ZL)u(JLg;d=fGgRe;GKz|q+~@TdB7I?=RLC1?$fx_c;2KufKSYzWx59 zvWN5iO26{h@8`u|7X1m>AM5r%O=|r(Y~ITqJYDL~gIa%{boA%Lgjau}$Zmm8b~kC+ zx#JZt{T}^kbj_zz`@fl6r}lp{Cr<7ERqV~szOmmf2e?$g`PX-5N&>z45 zY3b$FpGtMU;uQ1#yV)<$jr`F-`t1q-qx7wd^<(vY7yECNezE^1M2%=z?aAxo>wp>Gj)g{fo)oH)9|3S?(0l`d919X*p*wJgoJv)zQDcKK-ji_SMu} zxozjKx@ASLqU$Ntx)a&F_nj(a{90}J<1KjqfPSL8gXJysu`^D=Ln5Uh_s3!uN- z`Y1dUeT0XZ^zpU#bJIusVPlCg%ly;5UVRi99OaY2xq1wKef0ao0}6xvVf^RBllr{O zeCA^((C`1B{bA64CbvJ#bw5*7>EH}=2lw7|se_Md9h~my;IZJvt%G&QU+U-FI{1N{ zv4aj~+s~xp&NA!1boIJARnNGa;!)@R+ux24*1vU{c6U78ZT%DeiT=UAO!~L|pSkH@ zwepA4%x%B$>Ywoc3?Kim*JJSOpU~nykLZ|!VEr>(`j@XiJdeKjG=He#%~;R)H~)Ro z{(9j$wNI(UEX}4{PiWoxo}*j;0~Xx6)r4%@sR459){p>v?m6-1fvNf4JL7`&DDR~{^(!Iyb>foYKK&9I)c9o3sK?;fFTZ~~I})s46Mu$()93Bx zT8twU&@+U_6{A%<>@BUar&9VBJXLC=L_>*$i zUT*c;-pl>8#{6{-=6~~^7xQuWJ<-SSQ#HSH@F%sd{6=a&H@>CTRWFd*&rQA}bsmCx z?bOHD+UMJ;&r4GE@wGRuO4Y~LP6|1AADsd3<8}e>74XrM-w^%@-r-*+yq^g_?fgcR z8vacA4f2DHB}PBXO_x=TkYu2%Yug-S1Bt!fALX)}LaY|5FF=`TCPL z>D%v56ux(%US7?Q^4R~{)B1vsXf|SF&7X5GQJ4DCr1hoI(UR`?`qn+6Mv=Yi||kM1^#8y7ZZNwqA&P|<`QGJdDGoKeS!Zwsi$%4 z%ft-&;`a~#3W_mG`?{t!hLZ&HKgwoRb`Jnb?1 zQ0?f$t7C%o;Wat$$*0fV)(7FC=mR{=qz`>^)CX(+5HbsW`XDm6#3zF~JqEu%_~WVn zHiG@bJ}!O8H=e4dZ+|?c@Q=T+_!xWL&rjta@;G1B#?yJe{cWqK5ziJ6HWwJtXES5y15iswpru9)vQ zYk$~%yf5c{Ys6?cg}NN23mXhm#?u-(prM?x{~iBm(^s#~6L;2kRr~P?X4TI3uirrX zar!fOpBPFlO7T$hANy{zXrqrxp|yZLU%jJAx6VmF6X|CY{TTW`yFa;??8`x;Kl@@C z|4NP5`XXQTY=uMPNS^)F^{g}@&u?E=_}ZNC;4PCz8K-`_tmw6ScFd{2H*A>FP8s{o zN}|KfG0?;vFOR8pMQroUcTl%DK+fSXOu0KlY^U`;VupJ2zQ2BNgiY#)lcR?jN!sct zVZJ79l`_61bJ39z#;I+br#^RQ-{f4QU$PCp)F6lD$l)yb6#cBP;{T}MFMYk7d&7kP z|DrCUWq`4Kf!o z28FHIAoG{J-gq5-uP~Brw-`x;Le@%KBcTRQL)J#Mo4Slg0;wwdmkKmlC zFduud@HK%h2)0#!kxm_dX!AZ_`~Uhw*XF;WHg zevXlhvfoqA*SzUA=G7C7-nU@))ctm)_+$7PBEC@k{b?^1 zZy1B*ER{ayxwK20wIxjlC?BNykTX*8J05w-KlP1iw|! z!iN^xi}75mytZw(s((G&bhjlu6yAwlmwS)g-^GgAD$zg6|YKr1kWGISv+46o+oQO zGf!b(K(T{o8Fw~3yT=@W=fk_e^BnbR;zDMwUWPq%9mwmpB zF^YXAZ-jjw;NV%tofDq*m;>+}yEe0ZPRMydKAr6`JabmUMP|Bvw(y)i-dM=9`P%2d zOFaa5Ua#%*dYO;?beIRvC($nUIh6;=C*F|z?b7j_U%ass`=aWibH?-jJ%ZcO+%InLSQ27A}tb7UQFU^|X6|F}Feo(~QfV^82YuIhM( zo6ppy<2fqd#fEofpKB$4euQUjJU^%RrArQ`tN3}G#&gJtH)=~RAFJ>jA4tE%&p)MI zD}L_hvCr%2BU}7Dz=!8@#!@b0$!?!5SrapUP4F!DX61lqbiYyVhI7Zr-Ho4Lm$RLG zwrh9cd633)8T=`MKdJax#+?n%?lF7qv%>Q}UEukOfHC$2o{2Y@d+lrX3BWTl;=9AL z;(5m{`Q!N_sekd#2b)U@tofjg=Qi54;^z^0K;n&;BOd!a)y8vlOx}22L;G$#FJ&y{ zGL}5>9LK(>d)9KW&&rn>d-VvOzaJp$-G%1|7^C2sx@hKuM>}|CpISCNd&V4q=f-83 z@jN78j6H$pI=xSH)y?U6rbY(8AIgg7TX{C$c%zTT^Li&=*Ie@8ksdr>MZ3yA#}3XL z&)cataN{}5SjuHAdEogV!87$4ImH{w&yDO6JpWG4Uh>(l-G%3WVM7JaA^1}Qe^T~Y z#+}VRyT=@W=bcM4Y=!c&?Z8qkKBs6L_vuI#y!N3c#}!KhMmH=L5TeXLY}wAJ4@z zJa`^v;kmKID99VnH&Aclw$IP852BoX5INwP7|L2tc^-cmramYa``kqP26ePOF(3R! zfUJ8M&(;{pZ>(U9VxQOReIhA5%eb@P*)wJ@o*N~O}aZ~Stalfl-^PXt zp2=@C%RNmgJj=MV;Mp_g06fQIneki}Fvgy+&&9H4!g|VUE7I{?r`DZEX2tV!Jex0` zXK6gU=7WtTU&9Vt@rJ_l!?dgL9NRZkV1fyUE4E z#}Pe(=Z$h!k+pL&znz>`i+sP z_58zRt|#mH)DwiMBdDWRQ}#|yNv|v`Yn;@+TYMtD|eGft;X}TW!G(v3mMZBQiE|&slsHO-;a@+!KVFH&0rsD zE>xbD-&FCNCA4jSFEs;K@;)r|Q4S->No0M)^vICy^>e4PhPwi zTlFz@AwLotRqo7-_uk!<*FR{pPU}p9+8>eEzu7z0%H6Sk9&33uuW20RmsfKYpS_gU z){?a?(pKb}Ol=|iB7a+rRebiSzb$H~|Dxzhm%XN|cFh^H{B6}%@!2YWThQ}#wzf{4 zncfzk-Rx`YKIC3cTOxlyzceNrOI~K}2@J;Jufkk34U>&k{N^&+w!d%Xw-@t%hs2hn zQ}!VZlXr5Cw8uV-R+wxqM;;=>oB2Lv9~?|JmcwI_OM>4oSHIDibbeD?4)0pwyZq)V z`3?R=l#D7);kS0U^bx;tIISL3hT-z;<6E8e&A z-4yuoJK+a)TYh`>HDu5od$q4yp2Tv3|LF=F`QyJRt*s?%$4FbF6~DtYr@)n4?~A z(ED%LSF!GXFt5IAI>wAS?RS*(UiN=nEbXhD_EF{nYQLrZ8MI%;YxNv^9a8PbyzN)f z{%YDUfezV=QtWP@_tO69w6Agq8=RW@6F47g%@@x8o>zSPduoS9lg(k{v8IsmC~{Y{ zvL4S|G@6`KU~GTIFix#xKEHsRtCgRy_T|LUs|fn>qbrXO6Un0v2}?F#6c2^Qb%(y z^+AaVv2|jztZ`bjeA`FE08NAJH&QgTS~M(h(eOcr`pX;G`{q6mM(C-H7>~um#-opa z(rMW$YFJy)hp4`*^a`O1eu#dly_h`H0-i)BZILBwW$!~AT~ajbSbCz5=D3_W1>gQ@ z(_9)-d@I}O@a=sU%{Kq)efy_`-o}veSe@+Ognz2f3X4zue0^@veQvY+tg`r2@}<+~ zN4ihDKWjgpS6+kRj{$#(*Vhs6bX0+N*=Hns!30B_!B7kgRfD0Q-=_C4Zg6mP5x8x; z+>4{THEk_6ZCZxwUHoVb;K$|we0PASxC`Hc?Q-a|X)9wdSbQisxXKxNj_1&J0<=Bj zqwP{noAmF-c)~@Se?Otkzr6IXzt+E*@bW01{$U48q3uo|ZQsze^}PPgHlL;bBS`-) z_0e#!rlC9fS0A8%jo_;ee7(IrP5(NKSU>Y;(4}LLWIKE*WR5eMTtmX6hlOc6IL}9S zr<{v}4!&p0RqJ4hORl1y2LIXe%t!ww`}%9u{q0u$14Byxz)&?9dh%AE{=qMkda(i@ zZBJ|3cB}qr+R9>~VEu!(??c;rmw9c&9h$c8=wB}OLHu7iHe$XpdW-UZ>}OrT8jZ50 z%PiX<`y3=5Du=$ueDwWb7wF5`AF{sx4)rTR`e^#-IbPG#9etb>ppR40$71yHUma=s z*k~A2&Buf;kM2bSec(AhI!9|d6F&W0<Bp?f=MEE;z`me{tffDrkGlN88PswjTF?v6*HkH5Wnp_Lz@`A7~o7 zqi?SS=vy=T)`Y%|NY^*z|NahLw*O1Omr#)Z!!bMN)xW`A#h+kE=^q%X217e)z4|9OdX4&}xjx!<${9%L-fs1Onzk}( zTY_{@XlsDB{e85(scGwu{#o|H**~Y|3-C|kW4(8~HfZna-A`rSTmA1#9sA(l`_`ao zb?@)XC%(!?Z?)__3)qW%VHfni(gnTO?0$L!_r}ldg5G<&p!Zw5pWcp=fW5~1bV2V$ zUC=vz_tQ(QUi#kdtxsmg@3CFbyF<>p5g*(STcG!+_9T86WY}xn)CIjGyP)^ayPw{` zz4^CyLGQLpGTVpyz6yE+_L`sD1-2AuYssA- zm3;=(P1Q;*_7T(wB_^=u$$t7V%zaL?uE5{^?fPv z*;wMUaqNvN*oU>_{n*EEKf@VJz2r=VI>VIn6jr&OlXZ#GvC-tRLgUd^){)2+HyW{N z<}jg!oU2XCSaOd-PXT!$yU$enE}G0s;fJ5*C%Z}WR97E4(G0)cG#A@6!*}8Hey;XBG_w~z;={&G-K06<>LVwb zi;ZM&Ii~{}Kcyx{;Q~DodOLV;)5$u=>*NkR=OM|N8M2=8kH1^?rC8@ZB=;fz+4HX; zeQZ+uG-sKo$T;)R$5){#h5bDA@fp{1ne=gLH+lX`SKB%9+^3Is^1NFgZ*{e2^FNb5 zM!HG!6|O#VqS>d9=h-xCeU$s{Y`J)74$#N9s=H@HPIC2;6U{z-Jj$k7>*GvUdmfqt z^s&C1G>>-mkrT}>eH?7ltM#!z?`=A}(#QY(Ti5#7$9KMCY@qm~V)H`ASSIzo_@D(6 zgWPY`HLV{iwWi0Iti4kAJY3aDP}7?_^JkT{=G$0OJlrhSeoFn8_hLu>Y2U}C*VDvi z{0SN*f1?bA{-4;3?G@H}iGB9xyu=Fcd5MXCaV}3MHs^Ev`Nu|5>`@roRbF72bByqo z0r>sG%NKsOytDIBIdi9-8okcW-u0cGefZb6zN0m4##?)tqpzucaCF$%@+UcmP(C}^ zNY>ZFvz5j=sizB(16BJ<)mcKEpF_@5o!L|xHp9e{7)AjI{n!6*|cq@-{RrXq)}iz zdfxnwl~1_(Mox|8HN(wiuD;KuZ}xt6*mAnhx3}N!TjV5tTXO2ta0q?dzYU^cQYf}= zPN8v8C3-cdk8x26>${zt<+T~SZ02wLbIFf$=9Tc{(}=1|S_FMH5ASO(N8dKKhRjW@ z&3_OnYS?tlCo9pRVV$$}^Zd>D{C@iR4bJm#^SofDvqC@5-we;!*1T(&$4dW^aH{`` zIiIYIe+<3<0;AMxwnBRwv`;`+)!Gv0RyIZEzZG;|mgx1{Z>P^S#JBZvin^jkPgpq7v+?BH49UEmPmW52oFC|W-W{0}La_XEF2I8gWB7RfD zZ`Ao=^ElV@$Fw1}t<;ywnUHRtj}@N(ZMb=CB=&kQbg77c!t+~?X3UILYRJ_X;fH&S zGOkswas64_EoHAZ6sYrEZy1if+R)2$zH7@S>=kyZbqnJWnpzp>`(l%NVULRV*So%> zDr~k_**2+A*`#*)4BXV*0xvJaCJAj@uu0Gx;UD_x*gQEK44YSj&8xwFh^;8Wu2o?Z z{{x*8%fAlqRK4x$kl3&0^4kwIH@NiTzB_Hb=&$UTjrElMf-h3Dm9k&F7yUn%8W#Jv zQrp`Gjj|?FsA)tm&3g@F%K&IR`|`@qu7$=Iq49m}me9B+MPp$@y^F>%Vq^E~Lyh0n zYgG*y_UQ^AjjQyT8Dp?dOR-N%a zo8Ai6-(%hS+gtS4InU52A}^25hT)r>ZzpFHMpaBvU_Nja?V*ceOYtSiDt;qAN%pYV zziEfh64$gv3L94ZOt8vt_+Dzy=5e-s1-bvkXd~G|4YJJT4LO60J5c5>!6uBxUo#g^ zP`espK5pZp1pZbFE|^KR?$z zdqUd{f+SFm*~zFuFg~}YS;`tVtW?DyB6AR#V@}j_651OV%y^Mb$Ms! z%Jl`tV=c5jm%hX%EHMhUR1v!*kiX201bJWu;Iu~M@gJ-Hu!7zd*-8w&s6lbYKYW6c)$ zQU+gaev18A0Dq$JNBrJg%^x}6O6)^DGzfp?eMVl@S-eVsf3Yn=zoQnhwu*C#7C_@d zYOXz=q zaTH+#u0^NkV2_@|9;vy4(!E~lTy2|{yP-vFlK6%;^s&7HIZ1!eSJb~Cz$T6TY&tZG z4!6+1ZIg~uvS2=fO*)wGEWBs;?=X149#n7c}6XTJwrP(L!jg0*q`j~GNZ8_=Ro$#txL!HXu0=9(UH;Bgim>EW^Y=5T^F3dS-ApXkc*L#yn8;7$fBk4vs-DbKd?+0r`b#712sbSj@1 z3A9ydagVn5HqRGop5G78?bt^C+VRbKivLbLsA56leC9msY&i&y{wVjN5VxpU4%}BT zuDNoK72nBOgwMKVze5f{oc(_GJpZdSqb3hJ7~PYa!MzUW-J zfLiVQ^`6WcyFKJwiCjd6ZM?`-j8 zROQx>G+({~x$79Hr{YPw?Sp@uHJ)tFC7yiy-OTaixjDv@Hcb*w7C~2<%?1zJW;bVx zCw~h)u6R<7VRy%qKY7Dzo89r`_6p0tztS(*zrPyWwz4i{9MOu8SvZz_8UEOiJs;?f z*w=YrK>U5n$(A3HJYIkCk-V4B-9AHnkBXa#|2BbjYfe_gx$IyPf7(Xda&CPK{$Apq z3$Na`aus&3eKz|PjKVDwdl{#$F+#7l^P7#4!dJ)dy!I!XD!9MJ=(S=a&y3y~y69zc zW8%}44~7=E50>~NKHpep(=R^wHs}|5N*^0(D>YA;kA0z?;&aE$l=~7Byl$aAv3KG- z*I%=3rTvV|E80{nV>G;^^oe;MzmexxU#IsY>Da~|{{ZxMH2EWU{8j9d)6Zx}#b3+9 zPX1?EfhYe%J~^4V%SaZhd%O2CtEZ7uH>R5(UWiRwiCw|Agocq@j}9~2gzmeb2^&;N zUZQf4afJ7|!_0Scc#eFD@43UxKj-jVyq|GIXJ-L9slxhBcxVQX!Sm!jXcHOxC{_BqYInn2Dwr{ZT zecqvx-}K_UX()d2Ud8KX!#LWE|CsqKyieR~&0QB7#$!T<%=_hT3q#dl3^U*2ccOpH zv1Wzpj9Kz~HJ8Fyt;Vm~>ki~=rx)NyI~a$xW>cW@qob!9$uR#0NxKqH@ICTYG)%h# z-J+d}81<@Zo`4<0{vS=vj`U-B+~RJN_|9(g9@;Ep&SA$1o;DA1wOMJ!3BxnBNsL5%_$YA(`CsB2_!;9q z2ZQlR%q0AMggDb4*CHK{v_Wr-m`K)ZaCi{R7e)Yh~@v+Nb=D2qtyLLar#wQ-e6-n zy`4&F=jn-NHR}-Wc3$bCowT{MZa)sqgQ%%#J13faz7KwBG2@1B%aC;)f7uW6nDC++ zU9)-ETDxWCC=Q@;%jqm+&tBo=R&+sdDf6#i!8h5DDeDrg=-@cyyGr)#iC^@!*@CZ< z`N1Cp+7?`iuL{xrUv>L37rle_o8|pH@JtLW>y@3I{puwjrgEIv64suYWqq#YG<5%T z{t>fQA{RARLr$UxiTT(E$?sJu84(8zH5Z7CR*Q_5DEsikE_f^0SVT;o4Rb>>VUGAb zg}Jzex$oJSqup$ndxJG-$#;q@?*@NaWl4>aEz1i7_#Gt6Beg807E9u#wcPivWJwM~ z$X zjEUxYpDa6l?V2d4f4=nQN7M2R=%;(G{vvc%NX~yK z{2Kwzk(1>+ip_cK4_3K5Y?~|J;5lDR=EMGc!!wM-GlocR`G(bc4DNhG8vWQ7cfRD# zjPwsNM|6|^o4QH=#oeI)>;U>XJFLSnO3h8|!3^Mkqx*cfApW1(P5LVW=+7nJGo3N` z^F5X7e7wWV-`QjE=6lo_y2|$)#2A9|JyyH>n|0DIdYmEO)99%&_2qkp(>D1Y^_zV2 zJ-v9g4b0p5p0Ln~PD*^@!F)vq%z1{d1OK&sfdnWalxu}ybl$=eI$_EZH=fi_I zI;-l{u=i49J67^m*qShLk3Gh@*c*Jz^ayrH>`g&&NY%~0L0wQW_MntlY78-o*q7%% zN0vqS?h*KIWVRF=h23ftyT$#W>&_OtC3!WmTRP5JPdk#+sX{kPb#0|Brx_wA_|+Xb zJw&_q7_!Orzvu>b9fs*LsotBlhuCEA!Dj>z4T_p|QI% z&w_=|{%q;(HN=qy|JnJ%8v^vz*h|*XXP6h;ctDmSN0F!Gr^D!&J?50IY8{gttN8p6 zq$Wo25RcA^#J~fX5?vRaxAE}C4wvp?1D0X~(sWnbfTh>~k>l&Mn@M-)?SdSird@kX z`ReYkc-Ae)dZDqqa@4weqn6j5K6%yq>MJCl9`VH(W#r0NGryE|Vf#)&$yZk*!v)A; zA#%7xc+Xl~s&<08vSkCun*XL&PQ_0WN1+#b-Nxes+tA4Z{FLZexQ zE_rUT>tpqtQ|8$b9Y2O8e&qdpe(&)?%QE<&ET7xHX^!UEWAIGn-zu#9=;pnH^P_f+ zMX|0KiClu*PKhSlB>#!smHBfa|76ZlE_p_Bpt1&k(@@D%GM9p9*=j88w$G()Rb!#s z52&$d%q1tj7d&&8UdZxTJr58$O5URoIm&a}T+c}j$2jc7a>@NNzp*g2zga2tFki{X zuiA9I>1sa{U27y>fUefr;w!AZ7B+n^@Vw-E?~7Y=&h@VL>|Bk=<9=i;F7w zojG$0NwnMjkw6~7Jk*&erd`1P%(2Y@x`u4mmkF8)AOMU zN1RdmHuY*D@llZ{ZfHYdI%}w(6(37t-_wvQyMwBmvV=CiVHAAyrw(>mepRVlo&o1B>$ix0&ZG*K{PnNZd{R1y9h8J%}e}0j=w}ANS(odS+O!(?) zdebZOWWFi#*0C4qC#xNq>$$C?BEPU`ZL0?FS5!S)YQEQX8StLPIcO>lJK6k{z#Cq2 zWWhkP$*W|Ox9zvow>Y?vJ#kZjgBM&R@M6bJy>%8|Ue?+Nq0dUOL$-jID4&nqu6RzsWEbw5_h~VEu(E~o}hmDs{ zG%F-lSt+)P6>tCU*EIS^CtC4)i~dDNu0dw41y>n%4>C;IueQv3Q0jYR9>6UD2WX;F z#i>1QcR&;Hro@z+Qh16nvgMwoUMMS1*}67Y?)erQ=hPHu&G%n(oO(u|qJfLeGe6Jx zbI`SOh4!pibv9jlSgU8eg?h$(Y?kjKr#IX6Ln41IeJH+Cew)+(1N5)-E&a;X>3Z@w{liSdQIcSz{%>rsO`V`UF3@;u2I&zL*YmAJXT$!@V(eOivB#7?y&TVH&NrI|0Xh3 zuMs-1*Wz_YujIo2Sw*5>()fS8#sB4!cWanvev19QS@^$cpcu$+sd<3zRU5^tK6n-S zml%P_0}pag;sTArukgG081>XOTl&hI)K~DUwvsv%g;?VOr-|Z@yCwGKUG{yz-= zes0N%y-EfVY~Y_m-|71c>+Jo7H?gJ~bf?Q}#A?u`&i=wj?EQt`0olW%!vZLaiQEESo zz~@n^&t?y#j3=;3AMalnFXwr!ImR3N0ml34Fvff5^TS`?;sM4xsP>bl*1Jny?Noe> z8jn@eAa%EXWch65_?6J`RnTxP_Sb&kDRTS(dP{7CgDPiVK`cCTn^V@o;>kW}_ z^=D~{dNm9E-bT&x zUrSC))Ka@y$Gd8tt~OtyKEpnL6@CyMD*3MQTHkVBm>!>KRWaFQeYVtQhsdK#F1Ow=TbxH*u_YC3`0j!y!uXf7 z#ot|!^mnD^Th&>CA4BnFo*Cj<^&OVXb^4b5bZS2aFqVE~KbqJ?5%lU+hwgrDPpQ$g zpV+{*ThDmsd!yYO&cwgF6<@dm-j;d%tlaX$_fcEotnVgSAF%_qz7A`zZ2J1*ox9mwlz(){d-xH=zm$0_y{5cS{Yx_ zAT%m;D|<%@Z~LnyhjRGsO|PWV9{Xid?CTon(p3jNsJ%#rp}v1I`CZYIr$E)4y)vJA z98Xb7y;*#MiyA!_wR$f0GP%np7B6#EOKsK`$pdiq$Y1UR7t4%TUuQo1 zD+}!!5SOa2aW#DNH;?o@`KQp^`26f^mOK9r(tfejuLZ}N;?t?WJI0z7{4I3q(2daK z%@U^pW*%VX245P!Bfg!HxO}=)%uwok`j?THW)9(&LUY2szISHcYrIqDW{(s5 z1B-aynQw@8VcKorP9A40=`T2=Cf0yl2v^lWcMZR}!flNGIksmo0RH7Z=Y~S_$IRV% z$KjdibZM{g4Bszgo>BUf^H-uX`5c*yZAPVko3>?55x$=(>smzHY5az6J)O1R!`i#2 z*2MBgTYbA5Xv_CWw1pml{UkFKz`v8T=Wo9Zee%_vwVchZ_U8molKtB;#|FK}?k}_m z80%y6y-4~~Ih_;DwX841y$gbe=h@dOcNm4(Yh3ZkN>knodG6ZjVm{Byowx55nR5Sa z20WOP)KClWx;vON-}`=jsCk{*Ut4N=%ULHlXhi-puUH;u@#Rgi*1S~kjcu;*?ZY?c zJ@KK|cKE8p6I|76ON@)r*G;v-QqB&*c0qO+9i`@(OWCWtkoh6=!gHVt`d>1|7wae% zI2EY+rnheZm+*3!-)hRyA^bl3OlU#zp|@?qxOj8CeoSk86FCdH%f=`(!y9NXe7%uA z=lEg~evA6OW>ok?e0F%DLESqw-K+w3>b;JMYTvu#fB1oYC+iB)kAfln2wY{~y-VR= z=HP1E##-Gz;KlEc@wfASXd&%^v&1ge(N6@K>;VVJ>9Jm+3BF5gshM~F`!eoIC>Foz zd}MyZZ+^_0)A1wg_u20Y9@a`9$f5PTZ@pWn-rdf-Yt#0%3-6RepAw^#zo%@m-j(rJ z@xIeO%ABXLMt#netf7GSrqm_p{2A>X(ZOr%y}02CHPwnn(DQ+ON&6^sUP}x~;5S2i-|^=%)&m`PPBt#yBKz;ycltfn1Ftnz_$DYF?X-7fOPK!M zI=}LL664f?XMw|H)+2gf>Qu{#L%uoVF#Y+c6B933LFrW9(dy>-=_=&A0c9z&Lis#Vf zVSe}XT=rlD_%FUd9lyupCo_+6{2$N%Q(EJ%+ijWSZ1_L23x0aei21=~WH+C{J<@5! zYK7k`^Q*(qQFt%!pjX4MGWXY*3w=r_qYw!7v85$Q} zVb(|-uhRn^SaG~3zH+2FxSYAJV9wBT2MJQ+o%(MEkr(eysEPSJKKADUzvVvK*l|8j zk*d=bSs-%~8}x*`!O2YenF@~UPiT$6+X3qKA}f*Y$i8*K)6D29=2FGk1zRpKMV^N7 zhiVUvGJBXyhsZ~KK#AQ%3RdroHhNTE%1d2u5Zgz5!L=gm3eQz@N4|8eyS|JXE_JTK zH_!ORk>+^(L~vJ{9J^T?`(Yz?cqwcUBkU%!)@{DX;J^I_c52gR! z^F)6QecfWmZ$$=Ldm-8DE&MzWUIgB97E1uW7Fi?w9Hb6gcv1435$v0K@|z>MKjVko zxssrFXxfSmTJ-#45j32I&QtuUQfOuzInoK>8~^8bFY!(R;}%2DCCG$QAHU-}Oz_2S z(C&9h_pju9-}AT+#K*hafQOn#qvc;ozmL*yKLTltJ9$^jBij8Rf3odpC;o6yoxhws zU!;b))XJQu5ffxAKjTPDzXF+8uH+qi9ypUj_$o95Isul!fYeuK%G=GKIMm#Lz4`7m z;B3nS3vO1tRp$F8=KBZc-C%*Z+@5WHS{HONnd+_zS8eEIZOH5 z$@>V^epf&Ep93D|V#6s}?rLjLYqR!rs6FU&8JBejE3>cdR@Nr8^6s3pwRKv)w3?g! zcRC%&x^K#Y|JQ8X82oeKasMdsuao!*F=wG&IrApI*}zZ9YZaZ)h+PqAI@t^uzG^SD z?qRQl=)P`bb~4{e5YN${N2Fc(w4ukx|Frhe`uP_iBITR z;QB7Q!=ba_Gp8xn_DxZHnjsGlqPd)#<3I6uOdqVR<|F!Vs zM~MwvG?nD_ZS*blu6Uh2EpjhYjmGOov(VE(@+1OY(|PKj8Dl8&q^KY@-w}caWIv1e zIEB>0T@77&&jI%5`Jg3d&phYjocSl>;+9`QzP3NE2Bd0uoSeO)8(5f>v)_HF?C8hm3DB+i$5L2QEe zW}>(6-r0kme+m0T#oEB{PtX374U_CKvRl&d`%?|S{f*XsptCL|{?M4ZA1I6+(Y+m= zunqXEhla5!WdB>R89q>Xp(^wB&tjWy;Q4mwkGy7h8*7B8#V?9BvIb~8xB=b~+Xwy( zV^?6)tC-_i}2L>g3)+&a0B~WggaEMBmO&Er*BZ0|!|n{CN+uZmV6-dawA4 z^#T{GKlxkYdL!vi&3VhoD((_mU`YK!Q!Q(#W$se1H~hxmV?w`+~H& z^Sz%si(GU62y;)LZ_jGznfda6Y=plpyToYQM?d0c_8?bZ0#8%w#fC>RkJF{UMeGfoMl5-zjBCd& z=~w)l`$pz(xF6V_#o0DzbG8iz`bGB<%P*`cHShcK8SjYR;QTY6A$_F)OSu`KKoPW!`-B%<~P)QBrZOpO?ZX=x@1jOe7vAd>eQmplfbJ7 zI10=n&{e@D$coE+u>;88U^D#lFnGE*-Yl?jaL^6xdVrnNr^pG3#|v%*wr7qop57lo z_V^Wj;nSCx-M2$uD;0e;RdkHD=*tg%!2|gAU6SX;7PZbl3_#29jEa4f!y9}Tnz)HI zIeUG7O@ASI-{P$<*-wz*E!y+0;w=^5=KD3gtM)xAd|Uoo2m0DLaE1A`YmvLGXLccD zu}&v8ENf9`5Us%WQhVseDcZRUoDui1=n~imS1>=`mp$Y6vKA*_zYW^izml`?IEQEp z^Ay^V+?(1f&GRYDsaDp*8#`n*rL=_1(DxI z$603EBK*8%;1JnB{FAm9n)d^r@OpFtaM0n~$(*7s=oID?UCt+Q4~bEEWga{iIRBM; z4rMFw`!W7@-jA|I+Qp*4$U8;JSrw~_0w<{fmbi~MNI!g+eh%sHLNgNcjKaqfHfHw3<-5H52mRfLX>*D84s_|g(0*qNHWuIIoi6u&BU>Mq#) zojjkby75BxTk_0Hj7P>_!uX!^EE(j~Ztd3lKn8hz+PKU3ewnjQ#^t+=yHkHheDn^^ zkwm^Kf1McZI{x-vt&KU`uw&hBvxRpRkC#e3?+p8{KCg-q`0V`EUHDdI)N!WRRi(gk z9I|Bs{96X^VrQ-EOtrIgf2ya<7n^ABt1|3=j&0RPtP^==$MoGQrXMdRA5Z{I6&swf z>NWc+(X*9aEw*B)n0tpu&Ox*O9k)N`8)CkHul`g%q_J4#Ls}<_Ju)gK9};?w+{bQm zAKO{`Ehet;D7f8$-^KG|u`{v+P}$eeme+ra%YxrSm-q4+N2)BHu#rbtJ-GOy;Eg z2<9aHSNGcE&Ej{)UjmIu?b$l)#l*ZsKOv6-_SuEc7ZUG7#><{miN&Zmc>Rg3eZ-`K zo>8gi+{&{JM(pTa&{T;_ohexdJ*Mm(McyoKMfPF}{~&+X zF$cZ=>>zT4oWEuJh}_|Oh*}7VZyw~`gM11MBp#{5F)IGm?=LpDlC$U`*0~?QPT)8h z`&6BOh-^8CjU)XZT*w-M)w|nkV%K=Etz5JIGqeD>Rso-dPR-pY#b;udyMdcW>Ibp2 zWn3A5tiX7NFLo_=R0-?^Zpt^3GYg2*NvyE1(`yDh9p16e2$pB)x-9~`eb#xLgNB{o zWB!~ytwVv`HwAXs7YBLwAfMS_H(Sm!{YA04m6%sgWfFF;2@OKy2Zswgn?D>_J28%2 zu%4L*Ou&Kso`DBj-h@k_=~7Fk&HGuVOglmIFQh)>8dWcmtS6B8&}ix&9eD)bHr0Og z6z;dL-zm0y9{(jac{Mz&d_BMA*N6-)WxO{Xe==a*SNptn$8K+$KiTgespQF7Q;{eB z6H?{LYsiz=kt3b(?iy_$+|PO2_wl^2f2?_sJn9JY6xX_{Oo@NK0S;9h zly|!h+W4E#eCYcdE??|{JYVelV=NghHowySjJ*Z-RdO=%`ciO6ey9E!@o(+?VuF@YTN8M&PzpZWe3U?sZhAnzXJQ>_sh znNvQavmE*SW8xY@^9PyZ!4-Vc-@%ov5xRS~Q^cK#4ZuoiEbMT>^xrc<{`rFY=Is6 zNa;2{v%xM!K6fTzxBP>`4!Db~abTU0&pBZIng^JO-NEk}c*r83_jhE<=O3r--yg1g z4%TPN=k1I)9QoWjW$5yGB=R>bcFow+)%n+7WGSe^nlZCf!d3plBhu~$YdCnqF+f!<&HF>&@ z`Xc11`u(`_6n<-PrOMMU@P3%*B1`Yo`Z~n340#Iw3g0Rl4tTz3$mU<;d%D6KAO#9I{5rke`CJokDMa$jlxua zgnG7c89s=_cE<5pk1sL<+!5cnfqiVyO;_!ErQDNWOC`R6y`PM4 z3sdEJ#9~~JJOvJZrA6=edgYNngv?M-yRTldhJ(E@5<7bCB&r0*r zQ{_GOWQzUF_trho53*GG=zJ<4-9Lc5_a|l6o2LUu@Fe%wsQ8B1(dZ1p-@C<{{fy5c z@rtBhU1-_QGn3;R z>#&>Dc>*^9Ly6U>^Reu;JG>~qTDG;9x#S(z$L|?%$zsn|!E3<++85Kl1ly+67dv~1 z@rGRT_Z)aimk}Z#-v0NY$zLbl@X9da4L8BVVbKkbpKSWcAG~mPyjg5YIr~BGJdt|F z*Y48z9-npd+wkFXLytimm+yaG3B9JoAgEhj1s^YGjMc}DK~VE|vH6eC#sD!0MI+8x zKHe-bh+k4$k|PFzOv0(L1jv*vGH`$1s`+=mi_*cr#)MIQ||2JzBQGG+EN*vwA- z*zw{Ix#V@n>P&gPfw6{SFFW%3nhS;=e>n6%$|mcpePEo5UEjof(&hECucXTBD&9$x z*G-N;`IyL&EP1F;PfnND;|DFTgC$b0a*}y?i7l`1cC}`S88?YeA4py=riMtD*H0v4 z#@Ops=6}%t0P?yiSBzsW{UWc`@5haCWRcf1d0&^;GqnChUdvjsS=9P&FHebet9fr5 z=Da6q;|yxvqf%otqnvp!w)~eOt-oA)2Kwk)2d#CJCqd7&Yq6OoCpPmYcau4>?sDi+ zkC`6^e%nW3hoOVS-pbYAPj+;Nr zc|FI`S=b4unKz5QfS%-u#Kd8>q z<2=~;0^>hM;?3RIc8^l$)8eygj<#ciEBMpK!JD!*9yo(I{#SS23LFZHrkSny4i3(Q zPBvpNivDZGml%%zTOfECSpQ|>0sXgTh(ce#yfpo{ z^3Oxpf8Q-n(|??MH3Wa9$uMS`=TcKUfWLBF{r3p9JG%bUa;8d;oFp~7%W}r}bLzhh z^!q{d-)i31_1`M3zg&6*dDgcMoY^t{-))_4o6=1-Z?yZebNwN_Xp}Q zhAXd6`=GEJqP)KMy`jnL?>w6+uZQTbWR=$semPTKFJi3W_$x(c4&7hrc+0M5SvOkU zqkRtZNtf4=RjK|;0q+deU%8+xMP9cDjQl~%Ys+7mU_QUtme<7khvTnY1bsU4TF%OM zQ@e6A_W#c~Ybw0Vkh28(MP*T2zu>q;MR(o^<>_?F^JY-LA4{;&u9I$-qx;ejsevM() zr|jb#jp5kYMVz@k6j}T0=Z7zAPZa(CH?Xt4zrPn;J#(f`iNt zkUJtjP-xyz$A0v*+Qg;Wo~T=L)F$qsen{lD#A-e}#TWY=`NUDw51v4t>HEmo&+^_# zWNW_UoRFnfP2b#da^M2lnPc7E^%jH)O6zZFmcH7Eb!{Kxi#>VL z@%y|_=6HGqeHOGG@|@6izQ}W1CttNMsgs=?jf!`jp6>GuKi>8J=Z>p~Gvz<=uBn{S zJrwzWlzNA3K94RJ(0lFK;$7#R_5tNTdG(aKCOh6W8TjgYxCcGD7rRG`cPToMI2U+o zFT8Gw!jnTwHodjKL@X@w#nirJzg`>rbhnd3eS#cndY{m#de83Lq5fTSF?)}8n+HHCEoDqBFv*2w-j@oVfFY>0D@{HQW zw>axf&Ybd6GcXu?_BrZ7;sNreynB#OM`r7AQE}rsxA~&%t?_sgb?@&@9Dw!%waI-+ zE07!HJCpU+rHQ)tL*OK_CjmJVvhpf@>%i%iRt;@J58f&jH9&vJ!oI?P^P1OKzKGJRE!p}?&G}@V+vC`Rh3}UmSMQdbkLs%_TVEB&pBH^K zY5617*H^Rj)rMZ)j=q0#(jfbMf3(U;iGIEY-gR*O=|5=t8GOh-4yB*zSJhAePpj@Y zsh^XwT-(RdID)+hC#2G|JZmvxCkZ|0s-eh5&*dp=WCH()V%b^qfmSU;RPp zc@FxSScwPQ+l%e(?Blo;_;v$VCm+>Aydh0LE1D7=s&M~H3r`Lm*?ge%?6H-peRb1U z4*jh9)b%rcw--Kil6jE4mh>s|GRXTEQ{y4A(j-o`+75rd8T5}x#i=~o!2ZA62hh*C zaEj0UbIxNMij4XuHDo#TbC;9*M@A+0|7p3c*F<*vbJWEQMn>^&qPBzfiF&*oGHvGD z+4Qq5?+OgH-#BIe-_x1;`O=~5=ca7__SMizx_&NYyrIQQhp(T%aKzTnhd8qcdJBF& zQ$IKJOxMrP9nR3t2^^!J+q3!GJ*TATXZ-ESgVxUz{yUxa2dAGyoV9Tr{fz&q;!VkY z!|2%JRNC)4UcBiw>Tz=D=LB3-yeW%*9{WLQAAdvFtHrv02B%BG=`H9`$4|XgbYN0H zw>y67ufVb1kJ8WSIyFmw_lbT^%0kuObJ_Yz*Y(-^>e6(*>g(}reO09C((HZpY5H09 z^-z|+a_Z+SeJZ(c%VyEfi{V{IKYs}uQrWChgg zEI%$imkB***Ut%hMn5-Y^PlTZ{eZGu^fNTsv>k&U?}~{L`mmDEQCPr^rju&%dFbWjOlz zN1r*ae$K=x`Z>%Qz(c`l8}%8()z7^myZ;yU^ZdUIO+PQ&`M1;0b$4d!=V^>LB>miJ z?a#kP@|m4!`|~60huP0Q820H$df5}RkH6#i&*F#1OIjZ|Wb5a5CMf;<&K>CI-qd>e z9Xw0u=Y2J?*W}EI)z~rEce2+3yE?(Qx%Bg2$ARNGHswaO*8%-pZJmj_ntFNcNTIbT zzjar7&2HwZ{AcE=_Fu>zQDdt4jejB@&fN69`ow*^j#qc-fi_hh6WO^0+x!-6^L*mp ziCRtanqG;8`y@{5ZF`&gpCI#+Soe5r1GUzG5eu{SL@tpySk7D`ye+xJken~I0C@w? zdyqL^;%BmlRreX|d!!E=Jm^pJ zt>oELM(n4zG3Q0Z3h=S(($6qisbU40eD2RP4{&aCbY&t|kSe?J^+wre$gN>&RF zM7Fj<*N5oGi9H-%h#xfyIX#9tO#EtRZBD=PPFmjyS$)Ves_l#Lvg9e&QYoaN&>f>M{J*g(C5LQ@}&7#^6X(FHb-zfeTcYi^qO}L5x3QX z+vVVecMtOEtY61%ijTz}vHkY>GhE_kA)xYXnktx5QW2~XbZ?)f4-G7w4KTPhLl>7Exxh3Fb&m|YUtn;Xo=iyeO|0J(9 z1zd?vTx589YnY=4-FXK8_woIC&WsMi2eR*3&O4QJFJC^tw;3E?9I52~73}Ls8TyaU zn|bGXese?93AnOnTIg8Eb>EJpT=*{ypJ%E2VpHemWqzAw9-KApM*quM6r$5l=kMK| zAMWD$>E+lK{FifA*Kp=`a=zAGn*Yk2I^4`x=7}v5W!`J}l)9>i_$}zH1sKSk(hYpB zW!!&u)+z6aog(Yyb22(<{UFx)Lv5XVG@1~4==Zo({^gpnLc?PdcRZCD z8<~&XsdrWP__2l1{p##oWQ=o9m37~poI}dlo17hbE_ZVp>fYQDtv>slKe2~G=x=b= zWV~EW?ZN7u;TFz*Lyw5OYFd26k~!oU1XtaDU^~|6f1dM(gY`AlTi7En`+LPs61+|T zza1(Ma#qH9vafucGg&#ibgMDRM7D|SYj3C9&O-X}mK&z?%sT(n z+x7+OVdM_u3eGzf9VPp&Lo+#-MBPs{(>$=izW2hg?!8znX9H+^?R$t3=IiIc@qH0} zhOiUVxt-`RIdf9(Xp()#KF&I}WPr8)f!8eeMKz?Hq5FWdX71F&YC<*>;>{qN9B z`r5*bqt5YyUfj@2gzvr7FG+5M`yslF;EC4xmbMHRxwz}eL(PA*=j6!W!O!O`bKVf= zvqztgF(zX^o3hO3HYM*;&(BxqYa?qPEo5(*!I?hrsC~BFH{WgLJXUNFIg275&udj@ zq$86ia(3%WoIfFFYxhitZlIky;_}8j+>gOMg5iMNF=O%iLv=@*1z-C{8vQP0eRwM8 z{vhjGkQH(VOMuT>PRWF3*5>XqJoPru=d2> zcbrh!`>tqbf-m;(n*2{c-(2?Oiwu-=jziSHMt}?FT{K(r&6|{O0+VU18z02@GG{21 z)b9+V3!OFJ#G2Jy8*LpA%o7Cy-6J{_$svL(v!wNgBh=A7~>uKzC|DUc>R9E(vONqQtvB_pv%;m zE$~4YT9bPd#4fp*JI{mANCpRB`i`<3o!tjWk%PF!)^iLR?4fCFFjMQJxG(*tHcX&_a7PuTn+u>QWicKuuk;f>uI&K-OgDSst-K8~DWvzWVu zl&;|KCl?%U7CX&*&*A1UG#*0UFEU)c2jFuTXXFImGR)fo=vJPKEi>Ej?B$%{y*IzN z_Un=9!u#$GPRvQ@?=#N=T~X#>eAMt)30T}r>;kQu(80e zk~^*foV^nP$AZ%>V!K>D(R{wp@wF^@R`D5|x1ISEfd69fl?Lbe+I)2V^#|tWz&F=? z`oQyG=kxw;gPYIvh25Gne9>TYUuV9x6R+#*BsmktmXl$`Ph}yYhnkuOK?B3 zAK$Vqh|ku*{Ujlt2YK$?QR6avzp0q$do73!6-0)HHxg%qRu-X~EjeSI4THRXMr=;G z`zgdc!t-fQ+kewxxf$HHVB?6qdQa}zyK84S!u@#2D2WNS0ZX|jC_1wS9;~rre{znw z>?8299_|~$PW&@x#>hQW!DiO;FnunoiHQ#wYLWA&r7w5e+~2TX<{Tp4Gz*#k4S319 z=S+OmY0T?+bZAAxNK@T&ww->Mubg2fb6>&l70{&I(-7LhZ%;Y%=I%+M$;v$RjqU$4 z?=bU@Fz;w$-fnx|a!+z{?k^5v?h~224%@>UxVLdlvW7Ua92{<7?ZEpQbosUTVsp{u zS94aDoT+nYLQU*&SxxLnCG+9Fv+ilo$RcnZsG+`OB=Z>sEKg|r`b^H?SxG;0kx{GA zy$i^D0n3M74b?Jdsh_p#mh;-){x$GiVCm7&D)bICFdiBZ86o~(5V+TI;ELQoA?MRe zJtE(qk?#`o2(7fwb)K z)+uKe)Q9F#7`RRq_{T<9XD0k)yo(7Vo~z zyT@2xoI4mi$ch4FMR856H{gpMTI7rUa)i{s{x2$#F@j*o+a<8oLn&o5e z=kA9C(9fIozSv)gK?YZVmpRN+-4`LeiQIv1J|{FX$EJ}L7QRmdZrNz0gy*46oQnod z1h-;?`oL|S7a62IuffJC7n~c$=Y^Lm$FBKK0`Jh6;QfKV_>H%N_sD9EcEE3Fb#~h6 zI0o$i2cbVXYrvr$E+8ByvO#G67sM@f9t`@eHOo1MazBjRdC?8Oh)(~}cI+9y511f3 zm{SCrmiq|0q09U2_-B8k$FgsVM84;x)L#aV(wB$4k<1x-3`47tV~i2!p4>(cK4YF; z7nE;CWwTK5woX@V$HnS?Qqcin=qmz!MWL@S zbR21BtcQ8-xvJWs#qL-6E#j?~yL6)4m>*-tmx)cq8L;+eKk+Y_U)Z0g(V=yRZV>p& zy%%y;R^%9C#eqkq$Gj5x7la;_yk5rd$bks7vaidLd3jd+Xcn*l=3${TU>*hL-N0Pn z{YioMEcyrLVPGBs=5mHwH!$C7>-PcS{T6){q`@0lN5R3c;ca|G!TWp%-rQX*GWzcV zZ(tn-#scqy?*ngmKONqU>F^$azKsFs`|k$th6@zD|AVs^6@B|={-1#NH*&yx>JZ@l zSX*v+GAMXM$K9OEm?BR~T(M~B@aWs8?tA9W8sy18I`D3|{O%G z>3i?1Y4QZwA?M#K*@}#fB5S*mVTckh0&nC? zlpM`)A>5E@Ami7m*~nUFc$irB=CmT)9HKH zuhQfRc8T~+VeAsg*@*Ad4UG$ZUnua#E(t;7VeFC!vLy3{ot+9_fmm( z7W$6=a`5zhx4`>2^qtHHCF6anUVu1J2l+}5exJGn3Ljj2Xo&+#Tz3refY=-N8zf_a z#EZJJ#R5-Tni_liPEBf^fr<&jkJrn53*g6M__4$n`yD=lsy7H&x%@TwgHA4A&ri3i zd{*lG&tv{u(&q2XJq)e~JNKhYQs=%r$J{H@<}UNo=l+N`_y6WMgMSj=bn?x_1XJ?O zf`fL6)onv|Z70skTJpg~0X}#kxKKWw_zlG6Cfw_LXXd@eJ7w-7? zt(1Dd5HW(TcT;nVmpE%l(@7#54{rk(X}ajQ&YBok?%l1>)+9c;T2H5yAF$SQQX+qz zSdaLxn{%uu;x?t;YOw1Wiw;n}f2S48_d4sDh0JG7j!!DSkH4g))Qbofx)lm zX=gotYdse_>%m^qeF9m}!SAu2G+!XG9>&eN9*@4BWIatn9(;)M?f1@lJl1*)XFXZ? z=NVbgaOB(Z)`P4L@5q6lO7KIBaIo^ti_fg&o4uZ2%(CS{noTSCStIL7)Ab4bFm6u# zH0t>I+w#vj&UzXx{CwM4PZs{UPS!IV{_*JR$wF@*B7Sak*5k3(v&30X7W|wt4E$uv zOVa|X3(~K$gXp`CJVl89XOfF7-$MRr zGqpC@RSptlZnz9OCziI$w2|cWUa4YJE<*{+7H`s2N#+y%S-s(H8tp zVABI^_9GvJXCK@Ojc;PSW*_ZC@ISYa6WUHrXooMh(Y6&0{-x%_ll5C7OV6Xe zb_+Eo?gqo8M#Jo5%}F_9$NI6UL$tMIid84D>x%5Q_-AEqnk^nm*nXBR{)kpr8@A{8 zf#)}l`AtZj-^LvCyKaw;El)|^H|LNf(fXy)e*ZWveOyo>!6j-T|)H2UfHSoy7@a@Oxj&2Nd`iaZ6a zVqz5FEe7T)aIYH=4^AbQPjH_ z9&aVbecJ@%!Y##8mowd5Eccktw0Jf&9eOW=-m9n?=J$2n|DpB|P4mT8FYRk4uKG;( zOkeB~_;Cw-dB#ZN*ZasNKTb|A%)Y<~^$5>=@^CZbJX7{wLH}8W#*Naxg|?6Jj^r`d zP`gm^M5#HssNpxCze#in{J4O+erm_I-ag)x7|=b`k4dak?kiIHvX$h4)Lk{yA2qto z`)YfoX0~rD^+(+Sep|-6XTYD!`K;t~1)o#-1;_-r3>XVx6`XtU2KFPe@&u_En6Zmvvvji*MW+>uH)JhmXxAL}5yvpKZI}fMn ze*Jm4DFY^QpNs54S+8Kio-+$3ehVgD3MQ-gZ8h^1 znAGzrFlppdV8VL}CN03EQupZ+FllmN@(~RtYk;@F#HVujCz(@^1C!@o$qf_PYv$~8 zs4bQ|$&zqT^f6_o*}EV~8!l>@DxeLi*H{B>NRHRJGduopDjZzQnYngVKpUYA{I(JL z0uG@~d;$lN{UP8WbuZvQvDUZnQ62oJul10?0sISpi2s_7|Aqn9D!7$8P^lBs@t^B? zHrqn#LZz-)cwBg0n=>CPewK=_J`GbEj0XnXby%0rh0qO{JJUo0^7JH+V{>LFV(&+CX_?C5Do3^f; zG>HD#n^?1j$51S(3x8qbF&!U8Y4z}ekL!uOMQ2#Jjx-w8&iufSCCkBqVdF-xEe22g zes)Toc?#`meaYHN)7RGMV=Uw+c2FYzS!t~$SN!v!qNh}Q@D7O`0>3c2CQ=1_SxYzk z*JJZvF5E5qQNQhTX5pJOJjwhcj}9y!UU%?euVJwkGnDl?xR6hW9&gLCo<5sD;=nH+ zcemjMU@SF`0!QbcL*GSN==*x+A4JDx z205Q=l)frU#D-;Ge0Qb4dbiiO zQ}zyZQ}29_VN|c-EQcD-gmCuY;V)g(VDGW@6VE-8;!hdAgATVXOsM*m78<7y$U@I7RQBYFkN?P7TbdPUYZ71 z$-n8jx#u;W6@E^~|4`14!PPdA8h)w?IPH#rM<9h78 z2I3s-ABc&rQn8~5wf>cQ9L=lz*r>-}y%`#NguTa6Xlw~IRtJswpfQ7eo(B8q>!7j4 zHjUk^XpEQ#bry=QI=zafZPQlY6tjDSL7bAd8>L?_{krMb zlhW^t)UR)Sg0>5d*jDygbuW^B-SlhFuRFah=PEDO=yhW=MyI*x_XPSaNom^+ z7`I-{ISX$P3ueD^_dZ~;{RH}zvlyK7SgiWztC;Ugb%kcnc4EiK!=4?qoi>Voi_QHl zBkg_*6wLP1@BWv0zM6jPrO#seEMl(3DdS%$Fqp`5V%0qotDZKZx_lJ$*KodBL!G|p z_dl^GBsc-u0+(Ai|!t18d-Xg>^F1kdzbls9(3*WAA%0vyF6u#u38`WN^y3TGsg9dq5MY1U@u0@ z&lmy5;I8Xu*D;3J{a(h%BNpz3cT^0TXD939Kto||oSS7W(MgO`pBU%jVUF`2H4Mr1 zc+8izaVE<+cT@qhEYq$Nqro6=C0In`f4YhmV%#O4Rf3a^>N_0I&GY_iVnuAdw87nJUz^D z?$XDBSFh5>QS^3W>UzF2%yH`Uap3iHv~kpWE<7n^Jq>B&)WSb<&jPudXB##CDX{rR z_M;0AUBx&~+fZq(%KOOuI#XQ6MYGr&G>bb-XWi}Qzo(V>QkQYJVV0xUPN1K<6Nxt& zSD2^Y+}j-HUB8dB57d4dPn(Cf0os0q{>27%#t0HSEayxuA7eByuOKp~9DeuGpTy@P ze3yD5%TFDx^i($cbmZntTYesKHdLAVm$28<;uqoviLWnlFejJgN4^GL{)qV)&z}4k zdrfEhVl~K`D}muwU?^wcEM=}f=860pE4JY~)G%0c%;HO9Lpw1Mu?a)p&77+f$B^0} znXuBo{t_$yGDY$)V^Z|*(dC?PKEuuaSk5<}>1K}}XNUXUv7R~Z*#5ch*nxTO*unYk z*qaO7vEGGl_D8v6hdE#T$TD}V{6z3(l$vv>OADg&q*kpT9opA9#ta2c)ME0^elO0O zVh^OV*AUydOYQf<9(e@WBXQf%M(9WETx^qY3*YPc-sp?T-nZxmo^Rv%cI=iNz~U+5 z-7T`ejJ^GhdXC>3FSLtypW|ISPt?7~7wg$e{Pb1gr>_w|olzV6`3QqExh^t$fqky{ zOb>NjDz;Wt8@sUhPtB3#wXxO24VQEnrmAgK?o+{qh{k8Fi@o(}LlvW#^uHzY6HZrpL9SwoCA zT*=w*Vha%ioU-sp^JMhA(2kRDa7n)5M^nu)(462z?MYh+eTseZP9--!&F=b!dbF9hoS;i(Avi~X{!Cped}W*D)SD$(QP%>XvE{HAj7w2S!JGr9a|b7UX%67j{l zUkB%Jfb;#}yce7wC2#l^XJ)+3UcY0$*x|S@c7z(xKJ3q%U9i> z=ZhUJ;_sHC>i(Io*wI=1M<*ZkjHvFL%X9MheKYvPJ~|p0Q7wCtL*(p_c8;i)J;|~+ z`DkTvb@y^$u!6rEi>o86c#hq5G*Vo>zY&Vq4B%O?JA8Cl)?uq$?GGk<$V zRUh8wiXGVwtOBE;_agQ;j?(zcf|bLMA=>EOBwT!Wv(%5jmlu<{n7!}og(jTf9sVY_*?6c8AJ59y0$)WzVf$Tbo{O91=R!iTwNJH z*N(jETz=P5@zMUj-*sHS>p}LMrTbmG@bw4syNW+KbieC2)IcQtlzj8MsbggLU4L3Q zJiGo!`Z)Mq5?^xGqU_)_zw39y9Ot|GIM^(o(Z-pa#qauQ<~U7*@gvtUPJ^;%&&4Kk zo7ZdOupaJ#OZZ*w;!i(jjnhdGujq@3O9Q>|}Q^#r7{4O=l*M~XI_4+vYT@zEs z>C*fzHO?Kw9Oq(v9Q-b~HqKf(?>Cz8yVN+J80I(=^>OgK4pgVmTUTw;?^5GjHq3F{ z`Z)MqztYB0>q+`uYMjYwA2i}*OL!t>h$ZJ^8x(U{)XFB4lsHCQ3!h^ya1bE zAvQ9$s?-bhU@z~-UOuqGh#kb{eG^-^7d!V*J$6JRcEoyVk8QXJ+c1D_xD4BHIkw>n zY{Qk<3#+gfR%0*JV=pvfFRaJ5tR!CI)H(aDeGeao9dl=vH9P*>VC|S6X|Y)G_f$NV zS_bTyrh)7kE8mmMXKcYot;07ZuH59rmABxVmLm&|-(6thC z5H@?FR;SaNv&^xCIZD0^@Fnu$Rz5DRfA$GJ;PfBV`Y#{2|F^%B*}nzZ|0epMVozx1P;A z>wlUfj2UIjh(G_GXlMRA)Fd_;4VN-+&f6p&bFc4Ev(!#W>{wzn-dj((#gX!9&!o(1m^Cwexr z-gwrTuS;@@%=e!Ln(y`Yd|%5k-z`RexHQXrc`oyP$eyp8v1GoHe_+1EH$qRP&i97@ z`Ac&@vZ${T9}Ao(YaT8C&zZA2JBm4R&r5%ba;GbH;YDVSJZ@ z@egIryO{HH$~VVm8IQ~W*7PrU5P$O@mmO^m?xsy=>bf@F!Ma-Pb$MI^tm`X^cHW*f z0PQe8wJ!S0zAksan{)IsXvc7?b)At|*H_fK8f0C2nDgGWbj|O9OAonKACua*Us(sbD`bG?dS6M)&s-H%3-_V||{J&1mB| zTaH-yzW6bBYzeX5b@+VISKYDM*cH*&h(}7CYwpR_eU)R$i=C8`mx}Lp$6iEatDM^= zx0Q2i=AGqZtNZ*Xn%$kHsqGt8`*xLgBc7@9Zp1XB8%`uYHrnitj7e=z43z%+RPJqp z+^IqkuXBXi?RRo@Rvt1=Oz3p+i6sxWjJ}B_MT?6i4~M;YxfvoC zC9-t%mDsQItXQnz)QPpm;mu0)VxWAi89^2{Qo|AWa*)^S*pTr3(i>lGd^ig5% zrtT`B#=gSI^EIX9`R1nO`S^aZ)c(vPhDcvw;%Q;V!vAEgoF&Fw{(7-BFF7ZpR{Viv zZc)MGV>c=Pv#B#iGn;`Q?fQXTU!$Dcr^lnMT)qQSf$y*E`O7#KoK7>p2%IF&RzZxn0lGGx zo?_k#{MQnrs@-y)8JVN*xsW_*0)9)e6U1&4+hDQEUy|!U_w`V}p!fZ0>Dw>-UB9yq zcp3Q7H_-PQsfVZUu%8$-_7eHg1e~ZfxX5SsJzMoHXZ0Cvucq}qNBW*c-v#wMeG;b* z7Mhppea{+v-#?;n;L&9mBh2&ZHw6B%jbZPN1g*ooXzut3p$pTobE%qb<_l7oNGWKItM9`hHP_4P*U zu}14NP7VS-?y9YWkBeQx$4!clOI#Komm+7zA-`y+_?Y*jorT&uEIzjOtBf^;kAHs= z_(VR+m==CcGaG@Ys!OE~0e)yQs7d$|>%CcIi10D7XzZt$j<=;b`1sG%=IDLjE`3*7 zG6FvC6B)6HzQJFg;$vdn!pAzia`EvW()#|m^gTVn$4$b=SL=OGAAH|0(KmeDE_^(T zezWnhK1aoiz$Jr^dG-{22_HM{v+^@^+9*D*=d%$$ z#(on%{)o`8@Nu9FpQt>QkEhyvJexZpk9lH#;^UFH$KvB{WeGlx%^Er%-yw4`YGI37QZoN-xeyujw)2Ke`FrH3v4J!b3SI5_gazqC{Q+fqPH-N5{N=tA(A z#=o0@V{jULpz-g$tTVyC(+1DKUV9ymY`9zco|?+PE9g7Hzf%X#V~43#&}G9?>AOfR<8T`w$r_kCGRTtoFp<2VioxxdA*O3%Y8tzualMR_QU@Hj(}IVlOGX zkY_Gn;=JeRvL*DhE_j9M#kO6FO?nS@fb6Ty!_Lj){k%GPKd((}u70Wa*(P`QzS5HKs@iX;bhC{u3Cc_1$k-*&-uf|^DmfF0?+YNkkg#!ywApS2Y7x}!}Du4 zo?i#gZ-5)xDLfNDj7Ic$NhY4xX2bJ*8_x^qZ@%E!-8Rv|bLS}*o`05S;kiMlqcl9v z^jJ18cn;4>;(5$4@w^_G420)|?*UG|HlDo-&-f2KTP1j2ZsU0cpDS%Vv!+PngaPq< ziH7I3qK|)@sOMAs{J@RFt_}2Jd zo1TKu({maxgaSw9Nqko)Iyet{!H5K z_pwfJY1!>%gV+1{_Bx!tzb1W8kiL_;`A+&y==}+U*Ud+%0}-Bc`d;SLa9aMivfKYj z?|YopcLhF_>`SRc&IHnYd-3ZN0E3EcjNK zCBQ+~^T_Tl-51T~Z{I6(m~QL&Dn4f@J>O;EZy%$^4!pNJ{x*0~`-M2~{aJYSBB>Ki zse9-9=cT_&kqN{Urt&$>mI9UZ)HXQdR1b5U_`hm!BaXaR8wdP1IkgSWIAy~er&}L~ z`1236anyS3+6HHwykU;BS09Jib+a~(T8~}Z;EdDzu~d2^-h{oS)s)-xmZ&M`yU3;= zFpkqUw0d@;rhImmn(|rYYM&yx?32^#8;Z@1_@rUp_xqA{<&_f0rtP;GLvn}CI346o zQtBJFINGa_^Gwxh~5boqB|n`ohj)E5CDr z>~9;Dn%^mJzypl9puo;+&H-RNGcUVO=qs28XGWNO7L%k6sc zr>uPiXS$5BeQ&U5aB`m6PYyVl|25QJ!8O!gTlM1;ll9~HR?%MWz>}DNqJF#ppVz7% ze{i1cbC*13vVMFqyioC8zPaWq%g&HHI70Yj_$FOj&m3uXzs(xZAKk~Ketbe}$7qSy zbB0Tx!2I@kz0FJUX;l3<_I(gPFZeoik9{w?OY)`DSfk>X&QTUkVz)`&IE+0PW_?l* zAH-LXns~_-$G`Qqm4n@7#6Ee&k!E*+@pP1S4LWz#}vOJgx^Gj~3wXYw)Nc?^bc&iRR_QfX9u4fXDt_sqj#1yO6bA zl3d#-WNn>%-;3;cj@ugH*L<-zE*$zgPiCDz%g9;w1c|H8Q0e;;Gzmo5aHj@*j2EKu;f%DHp0FI(#WUogr?yXY)Avl~imsJ? z3E>6sz(QZ_Q;GV(Jf)AWk@MC31u6O{jEo8)uOe~eAhBV&+op%y&wg?~2gvsvM3=mY z9_dAY972B_MqeC3UmQhWIQpwZYEPHj`YYfy`_N&bMm?_V>~9)N{Np74pUnSpt>~++ z3NN~58~dBc%}f1}oNE|vVI4bIA96jkk?)&WPcuCIFwc>3;^Rh;g;C(yUnzTIq~1&S zXKj6jj8pOeJVcQL-QY;=b=gNPNrYOGW4@v3tG9iz_ufZe9py|o+217k3jb*!ef6Us zqOWM5qOWFJ`sx9(k(S%?JYdW7S=3`9mmjMlhwVFE_WH)wiM&TISo`LPb)g%tIQK}i zQE1Fie%mb8dBKrp59eXrzF)7|Dx_ws(5l&LHlA&eyfHOqE^Icj%?@9jtP`5ST;iOs z=6Cj0tpdKQ)AXX$x7m8}SJ&l`kG>1c=Vse_u^#+2D!tgW^@Yn!Ie%@d=*1197e^)a zBK76J`G}?$SD+JD@_!ll4iK-j_2N=sY1xqlmRhJ}Ms4tPYJ;nw#TnEFL$8M!`-q=CMss)v zdGqxq=2{H=OMrhV{5cLDn*fiM!DE%wYfXj6rom&=sn@EaUTX$5!!xNFW`0Nf>@k`{ zePKdAS?53ARwD8#_58<(*sWs6B8QMSO=2&_A)A ztmoYgyt@%NYyu9=z~N!wuo*bC0EY=RB5T-7IY`@h9Jcv;$eOa6q^tq<1Ie0ydxmod zY45@|c4HgkTRt5IcXH?Ei9*Bl8D<{nG0qe~kInVPIwq&-G4Qg1ek^*)Q+%dsU!X&| zLo)&$grEarF)4TN$sRX@GdSd)^sUfe54hfEv68%LYuziEMGg0$n!GuT2YcidAiyVZI6M zYFy+lWv?7IR0TH0Vu>T>S^jWsg}~5g+w*NpJ}UZ+_-f9%=Mf2MpuFdd`x;{<<;JQj_?;Mry4+wTbWG_{MM* zbD55>2`Q6mm z?Yy#G!?{7Vx6XZGAHAwSWiNenFZHJ_#2YJ5Ol{BJ`xg-js{XXnu0Neh`(El#JE=eQ zr`4Yld!hc+I{#%qb}o9hrx!n}xI~>5vp?XR6=T<*zOL#|tutWotGe;4)LAhe&YEdV zt3SmLqyE&|kGO)qSJHNFaWyeL@Nu~*`}f_@#~orTBa=n0$p3gf`~B;&i?@@jkvKbN z?nWLqVgWhFLF!L8+x4d{@Xj`PhjyV(uW9W`A8W2VhyG@erzaK^!Qa#O9>f>9tU6Yy zKdrLsPiNpeiaix5k~}@}rwX%-nmgk6Ovdor@psXuk#v6Hix*AnB`V(RUB&LGMdk~7IeZ+Xk@95K(n%(w~I z#Ydyt$F#+nQA6?l;U zqRmI_`6uMRahmxbQqxog{K--IME+Ah@-ppimUT$o8Zv>nvDB?4;I|a{pRNA%DtjFk z4o)+FDt%9cSiSQK>zKcH_*w@`nItf`@Iaw`cq<*HkoPT%y~Wf*6fkJE1m9J$hJ zMD>1DPM*1E`G`=kvJ$n|>ZL5gYe= z0$=2QzrVn2LS~I#TVyu!8SoWral6F64MnG4WGw^HX$bmoK{FD2c0)4}z90G)a}fKH zHAoCJgb%A=PM&Eo{Q=)5C(kq)*y?fi2>K+Yu9NQ)XMbJ##6MQFkB=-hk^RtoA8Uzt z^th=tf1NMBJiwUo_b3aQNaKsYAj} z(D|a5IVAW3-9K2qxQ)IYz6jIrp!kBhXYd8jK0#l{@D;x3oMiFE&BYd9lxN29EErXoJ6Ow5`Qi+j1GQC(FOKs0mdd|k=T0^sroZ9v z#Te<6+A75t)NqBV-%@tizY#iRE8b-uVpXcs$I=Znk0Z$e*SyAGBw zer&J9;fo8T?+Ma(QWu@B^98oC@P*@x3{=z5Lf;NwNWJQy_=34-@CDDB=*#8{@`dM{ zS@i{T%is&1t>IlcCrRngR{fBX01-0}sbL5gwt< z<>sg6D&0YiqP3?7ovmUtXBkxs=U)}Ed{HjnHD zKd-_gv{O9dfk#sO*aVLNd&{Q!ud^&3m$BT!;|8(4Inc1wBF?2R{3WSHTq)}m8R$7x zWMKQ~+EM0Ov9Sz2Cu+e5Ug}e|h<;Uz*c6aj#5s;EJKMY!9MwvjWG!M=n55Jq0;fMd z$T&%x1}4VZ@K0#%C$jZ=$QoW%2ys#H8<%Qfk? zoa0X|$jDYBh-RUEceI;Fp>ug( z=rwU>i!;uQVUF`Y^%jZs5HENob)3YREzUTThB;0|ABQ-@j?{4yXSO)wc!oL7EBZLZ zCmzzqQFLIR+2V|I@S5TA`3`-Y$VhXwHV*hnoY~@x^Xf3ic}O3Jn8;#n9JQWgU6ayJ z&!mmx@SPuCYlPQw@#t#CaoUE82UXY9XY^g5*EJ!Vip_r{<`Cw6Ke23)Ka!WNB&HRh z?ahoKIUZ-6U@zn*qeUm?}zR5#< zQyf40m@DQ}I_*qzz0^HoFNp5x4^ZD!NqrOapRCWZawx|t?YgFb{Yf2?+MgJ)K8a!U zsT>YDYGpH!r*`U@LgJ6(i%YIG{1$M2oA~fC;Er!D`6J0AMe+SD8I3)a;-}j=oT)X` zLQ&r|y@pySY9nUU#Cm2@PcV!6ChDCI##Iid=~~x}!PPe%tBKw5Kjd&cT747t(?B_# zb9Rs~rhQ7jxW&pBtNNzB#DsrFt;2xzO{XUFxcE0w{F*xCa-zNoe@0?}az5rKuga`% zsv&+R^-b46V}dg|+eFSdc~N4mw{o^Pe$nZ2K4!1vaZiyvF8oD(QzYN4YLi7zA0}Q@R&FVcL)=6@qu_oAzEdbi9YpI6mIL zn6}O!YYDNIFl#yE2=z^?;NR8oYd!qh2*0i;=DvYg`bO$eHc^k#Og+lO)T3;s9;HQi znfj)dVrV%tHWHyWF-mQss&4|GFK%&Hzwk*Fn^itvqHgIXyWXdRd+n&9iBQY9pISz# zhuT9uRHEGyyIr}*d|lctpxr{+4NwR5OKG==c2X}jKpj-4v~%jE2B?F2R@yoBQUlaM z?T~iPItHk3+Df}1vL=L_3M1Rd3zL7CK@2dz?a~Qpd0}`sFAaZ@-D&kr@T$}(4p`p= z4XgU5mMry6ep?>QgGcAn*8=>Gh5Sd4e(pZzIuCl854|ja2NwSA>zmMDO-93+=Ihk% z4X3_I>8rnUebd)R7=44*SLnIawG%PH|0-Bt#4{O%c^g> z@Q=Cco9fiPp2_;AXU;u-eUlHHBB>XX^-bTJomD=zS5V*7IMbGo_0VY}HBFM^{5|=} z_2~9e-_Gt0R(;bJ=iW~0o4#{;Z}XMJ50qY9flge>|7Fm#R^N0ku(WCzj&^{{z)G%`eKVZ~AoF{Pejx^-b3)d1KW#UCZB6e^ZgL#s6>BH+^h9 z@}?O4lpt?PkvHSexf6y~Z!pyQCP&^pHywF1m$=9f>YI=?U4QTTrXk51YLQys8d`nR z(kBL2-_(fAQ+jN!FLvK4X?kpqFZTbad)pXEvNf-7?&a>iOqU!(y?ux0N$;!&A&gpu|Tbb3}GhID7QJIl1U6~Qt5s~%MGXs~m6)bqsUE3@|7VN<6 z%H9tMA%iUhcy*E1G8PDfwIB8azI!oPV$p*A!2-+d`uBfML{{GMtYu^i**#Nn&WVh- zbK;!m`9J^XIVb8|$Mw&DyYWqb2%@${rILe^^O0B@@6`|$$bxUD!%F8AfD-0*8i{Lnf~k7e=we@ zwZeES)-&|!+wi;B9{ylFlQ7)B{v-eFr#}BZw(ntwzVqQrcZ+pQ|NmYt_?$n+dX~TT z!&mK(|LyKq`1}1YedY9(-~LkL%go(*mALM&@Hb1oNvve>+g@szzwlMC0UWd9y)VA@ zD?bH}So=r6mw4k3-?{sb@gM&z>HolWh^cFw@STBAzwyq$`jEfR$Twg5%CEe_{%4%` zz2BOj_w)IAq&n}F-^zK!hki<&=!g7$MqcLy#8Vz~p7-_qJg?;LN2>FJ-@U@e#`yqdyk=J>@%(v6uQT<-d&--3} z9_gQZ>8q!|%s13en7{PtJDkVgXXJI>E9_rZ{l1o;_s*t!PEy_Pm9KFgaoL{|pZy_! zpOM#j0Wp8yRQ64M1OBM$_m%v-m&)#bqb!tB!jp{iMx4jrUm)KkmK?68p}0cD zvHZ)g{>o2%nN(%dS$TZm=gY;sMUAsp8D|COcsvyw_!9pn{gd@!f5ZOy@BRk;^LPKB z`{&=|`F{F$74`dE|NK$v_aoHr8`O`#N&jU3cRBBSzcWAY^ZoO8a^4s9&mVcI@t<>^ z_apgv-sk!!W9|$4C*$pBIq$>Yo}Wj*v~fhL_x>s4?hE_pH(qM|Y1OY7fAmW`k5uQ` z`1_*%$@u$m)vp+TpYNXK|W^Zk?Y_p$0%jK8V=Y5hgx?~D2;<1bSEit#tqKdpWm ze_zx;8Gj$De#Q8k>Yr9WjlZe>`I+@kH~tP)zheCTeBQ4~b)JpCZ&SaIdGGvvM!uPk zzb)0T7=PZDYfn<0XXEcraNZx~JpMi-uk$qi)>OY@{Czt=k90Er{xs+PN1VssXXJIB z#^0RkSB$^!<>!%3#@}b0_tTum-(MjA`SJI=Ise~u{FVRk)%g47Z!rG;8^+RaH2#9$ z^~K}wQ^w8b^~1mTp{a3%UYOPouV@_o2=)8i_zM_E-{-u^IQrc9BlhPD$KR)nqyL`s zCgaHa!SQF~=mz(jqdoa6^usSRj(&mjCgX^4H$DDr9Npo(RnFtD&=1mM|E20zjHAzu zKhtAhF#e>+eopl(#?j}-pXsqL7=O}Z|B32XjHAzuKhtAhF#e>+enRyt#?j}-pXsq4 z^=nf<{tEpdJ@#$YuNX(48-F&AGR_-u9)HF7lO9V{zhWGHZv5Fe`hxMNanx4*igDy! zjlan_`hxMNar992E5;Gy&b_~>aWpml{(_CaAJk*pod0h+j-LOat8uiPkE4nHqAt_p zrx+KCv6kLEVGhdoz)ZgkUTXg4m;UD;rw-+R_VGXXO0V@VU*&K18(;q8U*+!?zM}am z`X19)eg(fr-#Kp4PwR zspr=B&ZT#Yf5r1x=`+9f!@pTV(|`DT6i=k@-~FZ5JFE7s zJia&jmwx8&{m$?FENejjPx1la%fv=wo!TE}uH4st?r(kPSIz$V18{7wyz`^qnW28* z&wusGZ>BAnr}K~054iRp=Gxz8|2Mz#(tr1lf74g~+n@R0fB%2@GcSGolfg?r^v5^Z zr+J1i{l~xhQ~x7v_(xuP=dPXez2EVjKfpQf5Ucyr&;O3^d|7ch+~aTQ`F{S!cRs@} z^s~H!!+-GWKlRR+^sTn9T=`yJ$F_Wv_T`(~zYOlze7SFYn%fe8C|`ep{a@nzU-}cy zh7_Lp=YQ~@{nTI1+wmKVFa3+(c3AmW-j{#xFIxWLRQ~;`{0CF{lc{`XD*tRMA5G4=O_f6&h;8gy{rt&{NmH&yU{7+8h|I}3e&rIe2>{R~GPvw7hD*tm+`M)@o z|I1VPzdDuwYg75ZIhFtJRQ?yH@_&0O|97YIe}5|fi&Obun#%vfsr>h+^8aKi|4*m# zzdDuwU#9Z^>s0=Ko67&%RQ}7`SN-9uQ~7IC`QJK~|Ls%xADznoo~iu5Kb4=E%D*<1 ze`6}YFqL1P%CAl3*QfILrt+Ip`R%FvyHol7sr=zo{^3;q{i*y1Q~8srd}k{EY$_j3 z<&&xW*;M|;RQ~r(<^SMR{>P^BKR%WJiK+ZgPUZj9RQ}IQ<^Swd{?AY4e|9SWb5r@h zIFHYW1V{uYJ(`u-6}^EqDtz7n(P3-rTs^UtC;VT70~CvKTGKi|OLU@~vAdcNW*Z^_%M( z>rZ{}t@*d!dTZmYnT=OBHa4!^^X_fjyLa!}+i#avN~@*4@_xBh?v&$lx^uA8*lp|% zc89z1Znit#d%V}$3-_Y^_Woc$K6r3&RNJeyYVBHB>(u(SxR%x%^;Z3~KCH)$_Zwj& zez^2-`QggLTMyUX>%TvEfAoI(Q`tjWH_2V~==Z_bTZyqlm z-#vc&c)spQ%{Sh7V}XCqQeGYJZE>l&`1Nax7YmCQi;EXa zOAE_O%eR&n7nc`TmlxMo7FSp9tgS9Ct}d>wuCCl#TwGheweEemKHFZud2@YziPw7X z-p1Q+Jb9b9S$44#YSei*h~6C!-W^A~4SzR?cL)A%=I@nidt0k}TetRtWG}efi=(|H z-W&V-!T$bfydR(KkNtz~?Soc!kodLoM(xp7t?$PYJ~_VKzUFz?e#_Ut|Ls5V{cryVPuJgix_&Ka`9ZrK zglW+6gKiiM2EiZ;hNB>A2O~d7hOKVgZu{-9+wLdrC~c2NVd#flKOFdB)DDv*%zEL) zs1pq7F`YQ+WTS4y@3y>d=y$t*ci?wNUN`gmEx+IQ`;pg=*m7*vAFcH>|1`WDRQy56 z|Iwi94+j1qJ|ATMFc=Mki(x++j{M=+kAf%){U|(-`hL_OL~$04{kZPOC(q(eCmv;S z;>C$SYHf`A{%Gir$Y(rUHwgzxI7-6j$%UV`{Iq?VhFRLXOp{ic_OjL}8>CrsIbK{G zw@2gQV4U>F$>1zV&icXm$Ujf~i@tvuM&JD_>EHe9=|BIk{)R_?^<4Jzw-eaeGm-HSV(7gOd*J)YA`N9+7;%r2~TkYnlW z#n-RB_Uc{#H5%(R8sPQg*I%D|d;R(xulKsQ;az96yg{?QN#C2--$_53rzII5>kEvH z1?scV?ROS>*>K_6sJk$HmM)CiorO`U z#hG8(-|-oKeue!N_Enue4L$-#(~vOqKoBDD$ga<6X+{QfBa8GJ3-Ylpj!j(2v@?mD2WZwcgle-!A)h z`{{T$?fHAuWsiM(?Az-H@m}2S?+3$hpMCq`d9cs^eV+e-@&Wk+?o+Go@6-*#92s`=sxaKACMleKPwT1u>h>%(iD{4j#-L-+c1)nBj5l<>AKH(Wg)8i%${T zL95~itu}v`e!#iB@-BZPgolsx@c1L``oW0fMxh_1(Nd6Re!%mb1ZjA}c_*AlH*TNw zv-E`VeL_Dvp&eUXs1=Mn{>Z0G{4Mjh!rv-?xAmF z7PjI++KNY)tvCr=v{#!x$6wgyzU>g97j`xfYkr$^+x=kB?uVpjew+KZlXw(XMzxS* zLw*mtDFP3PH&B{}A@vIBn<0IZzb-P+52;rt=np!a)8U*>e-I)MhaLJVLNV=(qgJ=r%k$X7I%|TtH&|Dez(`7fA`{X(xdM% z)CavR8}(a5{^F?5b^Gl>*za`wKF9aF>_;jiHtz7}_p{)n&vQQGxM%$SERCa6@~7la zc@KjM5}21Z;28&ur$O-Ia=`Bc+G)VE4tUl9#|{wjgMM^6=%?9$=N#~ygE$@y;uroP z8TteI?J#I12yqGWCqu3=Y~T74jo}aJ*Ta6>k5H)*S~FrCMI0BMq@#%AB94i;euM&v zkcCk{GX@_(?THn#UhU z{fjXfRN>_rznvjJ&iMT-?zhi_Bsvd+({sw_{j7IR6JC(Ni00=nITn5CUsAs0{1=p8 zkbiOh%tvX?rrw;iBWmlKx3_r%U5T*pT2Z#)(bYFRv_6}ZA9%xP$_#Z$x83k~*p1ot z0?5A&q?>)dF0JXw2=J79gMF!fNH=EF*Ir#(^w}(Fv#iYun-%3&R<%LTzPhS?YdYla zn*W;Q7Ql1n^*Qjx^*1Dnq;BuLp$55uHeX)|&QPzC3(~Ozlx)}qo5so@PNt*c|b#r5vJqb7bw?N+J``rQ&zs#R(af?+8hb$oDWe^5&LQMZ(~ zP_t_P&0shlZh}L|Wx?sDWX+}y-qazR<6ggAzE9gq=lW$yt#U7Hot6hdnwH~sI9Jxe zWgWa#**x0WlH%KvHrbN6-wG1x+-?$V>9{Q&S1E&oLBI!x6+K@?7p+8~BkAF^qT?z_ z5+@ZqSRGPI+22O1?{4oNlp5Os!f|^rPJ7!rcsm{gq;>F)ZoYGfO|+wn?&#N@gb}c# zU+*^>wVU^~@4kxFtqLGp7@#VJTGg{uby_tVjk9W$rR!B4T#adxYKn5M+G%>0clE=& zDn3x-JkWg~^oC*bKtDXt54+m8E7i2CHrNfaeze;ko{V>6^vQ5A=KoU0}{Z6vmwc{d$n}FN1>=&2XUOga`cE{POZDn_FwO`IS55 zZY?j>c1zX$n$D={xLTH^>jDG*x3uqD+ILtfZM}C`E3bQpdS-3HLp}H*XnlC7;|}dO z25hT-zcjy8SIz6SN@c6w2ouar4yiv+GQY0l>KQ^$n~Y5sHtruB?l%rgW$X@4YXqlB zzYz@kgN9CP=nSEW(vfa?q^ch2ha-u?BmF9T;Xgd#q7Tu;{zLuxP(M5hvR3brijNZX z@gwbftm0$k-V>&LPvGo5A(i*^!+Z9FuJ^vG@V?&p`|9`a>(}@7>yz2^>G~7;=+h@N zZ_GTMnLT@dhD|y%^ZHvGAI@NB%^c4zuEfXV<;CTfF?PTz8{XX0b?>cfO{wHSRR~(+ zEDS;hVle0jDQF`;4~FfvRb-J+OZ!aF1G>yvxOI9WrFEiS3R?dc(Ng>c!^~m8=K}wX_NS zmV`oU5TkcuE(KEPYLjLFqz<_e7htTS9>)E4D`~APxAYh-=@T}bA@K!@O8s_;e$c+p z>u#$@v_bO*t>)X|$+!!s3KP)O&~HEEsoJ`HTbE)(Q8j93N#AcvD}-CrBjf>XLxofv zjgZBJXLH?cL{hiKOYZ7fKxYQegwwL~c2_m(3aS9h z_#r-7M`Ll7ZW512f@t$yUQomaG^a=FX04XrJp&;1)M~w8&|#yThD%R~wWkXR(xp9} zCNP)w_2T-%o_$rR4}x0OWO(?+8>gz}X+$47)gizZ;GUj-pm#n9PQbyELxTVS zG*D$|SI}RJt}^A_)hN;sV#Ad)xDa|I_dV0y&V+Bz1aQxUYR?2!Wgo>F5ZbgbGJ&e#~(>;kAQT-ye&4|c$DxKMoHY(Mn7PcjC7;tdaCC-?YR{}#eSmxlBmBV z0j-g!v9$>kb(%z-CQ*M$)L#&yRbuKQC#TXr8tC3@b1N>EZ9pOa;ZZuWt7N>@L#BLUPzn1&})35Ltf~R7v~Xn z#ip@w5A~SvaKGj2_dE>zWW$rJX?da>Ffjnd8(u5B$kx5qIO%S99mKtd4DVxrJd01# z4NnFw*2nxkxH~gMJQzqgzKGWXSIscNBALGjZ_Us+6NeW>8?zn~cz|DGarv=rFEB}7 zHFLx)lXY+QY&L~k8ETsjXV0|fbr0?1y*~5WTlZd?!y3YK!FyR+({^Q9+qG4*J?`A_ z`e2wFW)I!)co!aCjrsX&3nok#F#9n3g(tf$JTLvWsQQ7cGS=~(x;OQ_Z#{+~|IUXXJ%P|aaw;ac({SY%H z>$l2DoTeBhY41#oAn&KHY|K2{M@b zc5u0KPv)fQT1Jhs9&|`F=NE9+VfQHd8+n2)fBEUtEP__5Y@3bm3Qqr?^^yrfRWsP5R66v z)=2#9w7(05l=XH)c%5JuWEi%0FI%+R?j=es+6zVxLU|9U#lE%q{&;v2CI_+|{R4Xv zGduhPdy)ftl7nH`4SX{~(t{Mp*E_It55^f7p;p@3s%(jgT=!~&akn4UlAt>bYKcT* zO#*${wkwAWd6^f_Xq9^Ter3z6!)5MP>WwXcH`{}wM!j)Z!D46}@=M)nS`QP1LmkQ~ zz`T$I$9KW=*Ds?ixTs&!D_V{1<}PkCnH+v&ueMb^#PZmx_zg2z8bQCg8#eSVvPO^q zx*8!5I)>E@qM*^!=x?Y4nnkkrSZ{H^eq^n2bRsUs>=XaU+T_UEnz!Imh3u9cAX`=&XQec>8_m{*w(JO)Utfrws!p`yFMNy?t&9ZTe|{I zB=WeAwB<-FDz3?vYj!#vd6V$s1=ccw$rCfKV1zRoUE4FvEi5hHOfCFNk~4s~Q4h9Q z(k8HX#1>SV!|HQ1AlQxI~3rjle1YnBEH8_Rw z(RNi^=pHk@FtHNcRTx@ZyE3=74sDBZMIMU_du+?LN49O-cC77@9e-rUAKCFocKkzU zz}c@4?bnB9$UU@U9@;T&`?YPqwrxKsl56(tUOl^4&+gT;dyVb*u^m6Q1;{s+buKl zY=<%G(j~A;SdbWx?bcv?g8gZd97~ds-ZB}^78utuWCs*SlFM}DUIunrhHP46+;Bcy z_*!lPP(=wRA*fq8pfx@Z+kVU5EQTei1|@7fFSX_4p+q8KT=t`|9Rh*0?GNYJA`{x! zRM?elIR=veBh{=O;B&u?RXGf}TATsh+wu5h5Vq}kWQSs$8Z2s$IT?F&3y|Tutjy9D z+`sMV@RS&a>b;@$ShG?++xnsP($Ijky5X50KBwu~j+IaB3f3|hu2Jln`Ip^OlxvyQ=Mqwkf7BSTVxCp!b3m%kyK$ z$O5G!V8dd5VYQl7g4x;&6RQx`>!>w2k-dtq!9X!)D<(+SS_vT09Wzvu&xwyU#S@jj@<`hAVozOzKFMwqbxH@3)FwvZ$J;fS}-7M~dY z3Ud+TUkEufOpxF*fBK_0qY$UDY>@tQx>43o-w(&BUUkLH+tjvae&2NNGke-+cKv5* zIlGv923Q}3&+OMz)5WL#0o`Fx((?~Y>&dolJL8sZl3m-bc~TY1JJrG-ms6e z+T;%=fXr2ziF4VG*&=)Jk-*AF7|c4?S+n*Q0K>9&V{WFcevM@UU>MU62i98#iTdQg zEFKxh+>tHEV~fO?#(GBsdq=u3zgmADS|6sz53+b@dJQL4FK(NOEWZl_0Z5C{r)?I( zF$2$|fMF(k81siMR96&aNS?@;r^qC&4M<-DDP51k63-lkdU8f2qb4#gh8IMP09*Q$ zENPk2s%d2WN2G2+=iM2~uy`m)hMYdZDB>~-6d4)ILUyAre3G02guY}F2Cuy?T7d9!8~ zEZY_@mg;Cj2NPX&Osvl*L7V6d8R%_irn6NaQv+jiv(>MX00|11{Wca78w-hzg~Y}} zVq-!6Fn~0AKE=4qXg?#67D#Q>!v;`yqXVRt`Xg*%)m_{GW<6Vuv_70#9~LhfwNo^U z{Bltno7&JUp(4Xb>;dmCHDs%f_S^^rEO{6N+wzVOLRf9uuC4M)d44)0ct&JG3X#A& z&9qH#rTA`P8lD?}@mv;i`kc;cTk=*@f>YXYOCc(p1>peqAhKaD%@lFNHXgHIK$b0f zf$f+lAD@T>Vat8TBg>DJw_crEuQtxXOL5w@dN9`@^At-PO5rlaE;BO1=Z0YKEQGMb zOW0&A6XJuO&3Z^pw(t@#5yIhOCU_jSsn0c*Ry-^y?N9pjRX9yBd3N51fsy2mJ7XJD zW5eo3MfhXW>|-f!e{7>ksu=GhTlSa~6<@KmrtQkIwri`fyCNxUe2o!iVS8*kVr=6} zghtONkO%2HHu=C2h`F&zOYs|!9;Ww2Zk+jNTN>BU8(f<$0Yqmu($V(3Ylu1SbtZvg z+mV09aAIp$KDYh`c0re2SpLEY?hBK67gmc4lXVx?D=v)ByD$lMVek6F2p1?2q%kHS zW9|EY>}O`XI5p2UX3uVTb9BwlW&lvLBp)!K@5*!D~GD*6Dzw(+VB8n3FHR^iai+Fg_ z4`;n{?Z}%mhpX?+)k^!-^2QskBN|l!d*NP_C2OlUj9eiQ^Vy;?80sktH#~KQjitM{ z6mqn@aBE?8VZ|kRY0Z^xyX1~b?%ut;T;MQV z*Jwe|da`ym-Vx&*Chy=I84p57fA}TL0Z?Sg;bzBx_@$IV9_1{DUpfP01QA_C&~y`n z9cK}IhcLq?fSSHhKG@r<>^I5>`}>u0qipZcFFS1Q7!Z*k(N;fE5`_aJL10SYYyd?h zgbA=S60KH7X7Who@u{@Hp)pn9tZ)leWL( zT4~3b1v_YptQQdOrSPr$xF;)zbr_U!6vy}7vs8C?D?6p#>YjJR*sSh9B)?TX@Xp~u z9FLMyD1Oy2Us}Z%RT^YU@UB*2$Orv))d?8_Eg7tr?^0*(_keap!8~x!vg?|Bmq6Bb z;P1M+@8-XO256pL_egtN%kxB75}IjAa7u#^q6w<$x6IQUMte}fVA4GUOz9p%2I_q8 zGKhvjvhQxR@9wbg?%=4IoR1;+D~rX^IFrQ@Grr?tNQOa#N7&VfL=v-xrssYTFlW5@ zLwAQmDdS*pi1^C}1cTYzJaqRvly@ym4lyn0n)S-zL$NQod~qyWa%)Wq&SfRHmX_=H zEkvMxu&oHOy1PT&U9;}4Sr4;)D8f3Die@Dt?lG!^6Y*z5=0vcK^*+dL5Y%I0K>01c zL>R<%2sqpw^|1jY5>%Dq(kwX#U57~{V8q1ThPz+G-LKJ?Pc&-ulioNB8X8U<>E00m zt|^RBgYjM3-Bof>YbdET4wcjiF;H^&P>F(KNgh3@AMHQbKX|n7m>?f2NNnVhdk>Bb z@{c0(X&vbWuU|WI@4<*4oY&9-sGo;U>Wj*uSsxLqf#`F*kN>`Fy7ygG6hQp;+fSd^ z7NjUDK(beO(N-b(vFWV9-p0rtpK?xR2;)c^t%EnNG6L2?*k?|TY_G@Scz_=gd34)+`>&bib9TV zaS=GL047P5d!b1vp)@c z=iPEUZ{L9^F>ccMk~SqgSHWf1jlXWooN4eUY9$i+e7o78#(TgoENn_*zY(&7WkKL= zf*Fa>#PXJtUty-AO29piF-b`h^lc9ZdY>cFX1pT;sxx{4m|7yJXVxHzX>=e4`66oOW^AelU#j zO+lo@r{fWDmq?ejRcIC2-3s!t-_F(63O(Re8O;J~lbXqEMzhP3jQ|^=EO)CWI49H9uS18 z2;*Ve6$vm*GhPF0vxHf~GRGW#9p~+#G#5}^tP$tRFiE_b#DUuOr zuctPCh0|kCj2jUQ(j8HpMg$HU>ryeoh0#w;gUo6pTg1H30_P-{MC^1Xw~;UKH?A)^ zQUzBjmSGI7VzyOuc3({wISos!L&-{x$H6YuQ=jYcbJhi_#dzOX5ktf~m|>{c2N74I zQqUT58^T^G!ElX}ewVlyN2mCXPf;SAMPr7{zfhaNXDGvkH(-^!gq;5LWVqd>N9aejj^E@E_Q~&rS?ZtDq)N%q3M(`#*{F|lz<$e zYBa{+XEeqv;YinCkhAJ9#@9fuAf?bkRN;)CM^w2mCJ7R~m$(s^xDjWx4d=NrMorXd z73WNwDo}%9mc)%CqiVRc8$gh{dJps(o}~?GBV?7jih*3(fCkK3sYrrn^knciM%TCw zEk=eXLr4*(zfN+dPz@zqB^0mW6G$!Y8^XZ_dEkVEGZABRrbH-~3u^oU#M2%;OWaW) zw7era9ov@&G*ZSAMY>=HJm<7<2f8zJhk8#d(Ta*Ffp#J8oS_veMrhp+vZFZQuq#U_7y?~vfkY6!qVb%LP{Wfve;7~isZY3yg7(&DmlG)qf)dVBTGon^(i`(B-(&?I~(S9mU{ z1Xd+sN(ZLmCRV)E(59Icp-mIhG%Lc`W1<-2P4U|NUPi#ey|&8%!Bm$i3`)+AsAJ=p zDAT9o(=fEy_R{`)Wx_`Y*UCtF-{Y`6#+IpW&6Nowv@>Oo=fdj1Ln zRRFuf@QRsuQ@Ox$Xoq2*Cd?g8L|JTO^C)6`CybLW?XeTr8DCL%XZ#FnJL~U^li~QZ z*T3H<5`z#2$dExFIV2in8|kg|5Q@8MZm?ibO>5Q>NbzI#TkqB(p1A(I0mF!Pd_cWU zxy}P(lY7nGzMge%wtam!>}0CfF0CCT%~GCj5_lp)KiVrDK2RG$j=ZV%*$a9B!5{s- zU}OyAp2IWg{z0>RuuJg9LDOtr(%Rv{41?H`y|D)J9ZhX;cLhWaKWw{}=PIIK3_181eGe60tE*{ms41wEf#*09jv zyZvvO7ch$g@&jpcl@4wP#%e|tub zMQDXwwavUEh|a`u2fk)zklu8&nHi%NX4aXtr+Bez*O>bIpML+_|JlpA+-T;+NzOJv zAcq~|EHstRlaesme0CzL;RR3Vf-ulq!5F162rf_PjnXTMcSp};C$L0}%u`N)J6Kd!gct=8-K1uzkn%(XG33zoL;(*X$wk7hs3-)bCo&CMg%|# zh*W*S#pL(FXm5vv*5UUd7+uo?jS7GuzzUF7BQ<%U6y7y$nfC#5!BPbzn4Ll@5Je0- zeOc|$K5?W6VF<>?3dpClgQgLRQE%tZrQid}kv8)R-0mmw)K5whR3*|JckER#C zfTU=1AB{ieQyIEL21?G%DU84j_~*GHFF?Pwm0R75x!Ju4!j}2HNC1IgJbFKuLq;?4Q(=&ja0$!$aR8#&Tb@V!fM znzs{k1Uah@CpQnJ_oh_Q*h=lZTyD`u%s9}*27@#hcrRe-G1!V6thV#Y`34(_LH)I6mwec)}}u(mk)F!!^&Y!`JBY3ngiQ@cl>Gu z@>P(8g2v4dGhY?YG)(C#VP_yRua4pR+I&VBPW=R?%E5x2Sw&g zoz`j3tQ++Qby~H%Qmjb=#0LX>5G|QKwqL=6>)-up8UqS^jO#fTo0R~WX$Zo@C8v4* zWYOIxSt?SuBUy4glBH$)A;FQTf63Bnp5DsSwLHC@r+4!7u1nqNUb38DcR9cAa(>&abk42L%$QIEabi4)JivkGRxS7ZDqj6jB91*d! zKv=yp%Vb_H0MG0zbCt(9P-q(__Ns}Lx#0h6WSRTBc(*;bSFI}^`TAVm{MT742Fd*T z&DRN$cZSmq586l;)D52FMd*Cbykj!+h0G zE1gbgdswN%Osoyx+p>7Vjkf|%>TzS{t^6_WVf~=bTbFaCv0@|`FNDaaLGxkI+k_rI zO~`_710>6ss=)D6GxO~j?gq3b#O#mxKvAv5uI;A~Ce)_jA3K_;^a0L-cN zY|cl3~EO&P#8t9(qDN^|qzVAnDgTE;Tf+QZc%vu2s2{p#aJ9D5Zw>C3`w@btLl{nB1V znfvlDDzm4|ktDWs^AQ5ij3zwo9(B98d=$2M2+S6$M2FXs9_t_EhQoTGbrP^3$Pm?O z8K84t84I6Q1|~EaC5EWX6?T|o4$SxHqc=cAR}JRfEaO?F)KuSSg^?L zF&C)zSk$;O%++;2Sv0x!$Uh3dbatW{yugwRP>6GY#>pK~zZewhy6l-w+#09BIr@r< zVbQcs$#!$o26|LB4s>lKX37ynihr|-TQXxzU&xLzCW(yWlE~x-V-O~nc*C)240g&{ z>a?{&v`xL8K;Z!Caf1aTLZswk#P1F)?S`^+JgH?~c?*l;&?fhisVmd5XSU#M7N)?= zLH&gnYpc}2>>b>ncr(QnY4(#AFIwd4+(J%Ql+>jhyRD+`?S<&VjI?`fqOSwPPlc&n*pd~qv}liTgNNyGjsZ)YeZx?CPt$kdpVK*lPVu4f26G!nanCub zxB0faVbFmL1@M4($bcNkSS<2Q7Ef{+R!maHu$MBr9Yzh1TV8INJcb-pJ>UXi$Es)H zYcqLhdy+A{1}*^eZxl8WtE#Onz;*@;{n6Rle4mwDGy}IO`)m+c3!PywrJ1KiUa*K* zVgS>a5Ls6*P#KLc_ZKEi>ypmEQaRA8c%L-OR(%{hh=pGU*uB*31xk7BQB2I}4E8oJApRd&^u{v8wBy zOkbh`$c%C;O-?V11x(H_-2cMS))O#=oFylJfH|p%=}pLLHfiohH``8~-;6uUXhe?C zUtn9xh$i_3tb&%wA#w4OG(OWA6p!fdt-Kmkkd++6~Y-nM1g z)|M7mZrRc@QdJIH`o!;9)CG|AK7j%U*o(fm7hKGjy5YuK0AeHmSa^ovPwNjyC3q;Y zO#w3<=r4*pXK9%>$4QsxF^mA~GGpI>CA>S48ThuC&S`3Ai;-(Em9^du>MmDzh_%Zq zLX6O|i>2W%(H%ry*)eagJ)~l)6lwXm{CvRt?)lOHYWe{(JSKLb2MX?Fu13nyNf71Axf%%{JCsXkVjry!6yB2?jLWeO z4Zku5Xwy9jnHu8;PTk9!dOtRA40Z=lx$L4y$>m|5$Y5D zoSc#q$ZcW)^q4k!(6Od8Uf%r3TF|bvE90dm@J*LW<}7Euz1EBI`)C@g9?hN++zn@6 zmrYm$uu=hr)M2$&+1r|5T3ci`Y5v~e}$yV;U;nRg&!TW{=o#Ie=x!5A51{{2NRV3!33s%Fu~~`On~|aX@S%~D4_cK zMR64yC3A0F2fn+hFL)U~a;EqvPxIW_Cr@W+lgicMFHm zc?*`SQ`H540+36BWDd!DLGqTt>rniE6&!@JR$-Y{6seCfx_p;!%v>dz+*L{3)^Ze zwi1qG(*XnXNZ}l{YKoV`uY!P`OHlw(jD{ja3Nho-Nr%PP&stesWR^-EC`)aDBy}@bZm*<=N)lG+1)^JGW|pAtAm_`y&}PTI*Fo zCVGP)IY7HYSq&EL3UgS_T{%aCf`h_^ynZpD)&xaP`?3W|H;>h4>7YP4X;X4ZpiVe1 zG47-k>g*JLj?Sp+Ea3bO=Pb7?Gr?{tur+77Zi^+f3$Xay0y)%qnY-mgEih;-c|~v5 zWEriu!R>@0XnsXDvA%7`k#0;@xk6JnJm5Uueu5(^Nm3Rw2s`nh?`TUv;2~|LpSYM~ zG<8{9p@T|>ED6{(>%ah+mbm10El5R(Nm@?954=+aPuKzCE>&T%mz(waAYwy5A0{A;c(-dehyFD6Js zU}r6`T<{gfTio0&J*X_7$b(&E3H>j!Xik?+?EqSLhc{1%t1zED5>~gitkap$fH=7r)hrn}fodB&2Nr0* z$wJ;c2-Eqx^#b9x`UJQY@eyD+ctGfrR#;`4rRm9jtBPfBtV|UibDr3N!R34-7VTLM zM!Z`h4_x>~DY~p)p~>9<--661mI*{QK1B5h!d=P9J&+N+jc%T28;}}%u#hYd+Xj{7 zFizFnKLG!@c^v!bMjl5UcJoe^~gE6qnrd8vYIJ7Q1ulHsQr^BI^bwJdzPWOSw6bf-OpITyBA|;5W z(`tV7>pBs1P0%`0hql*hf;`-?*dl-(0y997!>wAWao=#%*1-{7#j;TO1-eoecqJI- zsAJ0>T^*pT@E3zMhg~9s9TK;GD3D%i$Yu)UM)zqTaENfD)&&=p`!p-h)&DazV7j4nR z!WlHhPBj&1=}a)z9AqIuC#58}&YO%krX-=J)9hQaV+%`J#tv*%QT2MZ}M>#sIgIjE0?29ED2CI$lxn%1F)=_-!-5jY+iF zCs3B`xhBi_TJ|Di_t+t>Hi2*+S-_R(cV^rIHx!Xe{F~@SM}f*yuc^4GTM0~#)ngbF zp}e2tc$0ErbVBF`b!eb%o8AufW;TRd#Ccid17h zy`kHhz)E2-#I@G1QFh*Gi5!{PUI8+P$Sf8j2VFN~YicC85q6?eh{Du+$ay$JOb#+x z%&dY296RTTUIj2fqFDqv9WTP@!6jmla%bm3{ao}z0NfWYWs|^5V`;YGm6&9kJ@N z2c1rehD|Q#gN{Ir95Sw&F8bJ7(okEofNkpaENvtr$Yr}%*^yK8Z5XpYGha^UT}XuD zcUeo?Jf#k@85>wobpl?B#4zZkDcG%3Sv7#a0+0nJ3fo@OY0SYkrBVG1HB#mMLsnfvt$*;tK}OvrLxvh1uC9233ZR+}xTK zEY4i(?dVGZsm%uWK9W;-?)!iA$3(MvhP7;&I6x8Ho7G0EEKg|-$JXX3OkzIF^G|qz zqD8~@Q#Z@FtoT*&by#s?fmnB0{VZ2$O81suE1sS69EMF9z)r%B)nWHgT&QXEP zfRpJ>Mblox$zqf)Uv&^nn?NghmbG3UxN`#3oX1(9O(Ry!pUq--JfC@)A;MUE**ThB z-od#?)vd<;>o}MB_K4eDpMr-sG-A@5vN*kYJr(Q1aj$Cz*&rgQ<#1{F_QE3nEfJr$ zbZhz6o!fV8@wMA)%Xe4quG-w@b*~MNui)SQ0Q{e{@_gYkCIt81CQC^*%WfEyt6PVK zpofnmX7Q-hs2=P)6t-u?vdcH<>tHq~lg+J}V=_~>Wm{MWjZCB1n$F_LK#7w)FmaMc zv!g*-aOQ+BU$CNclH}Axt!yZ5-&V;;bLb(0ij|uYk~xa0zCQEoKgpIRY<4%J!6D+^R@^3jhHaU4O~Wqn$G#zU&r02sneM7QOoO2Hkm{cMs7f+ zv+k7U+F@A3%1f-OhX|W38}+xbG?ic0iVaLf2jYdN1=}STQIS`mQjzBX%rL6TqM%F; zL)GSaD9wJl&muikE!sve1d8Q^EkKegp0O2f;|7O7IxV0ZULJyS zm=n$t!|Qyi$SwWj`cg7Jxh&e}3Z0EMCV6-b9D9@Tl1_~m2g~p%GA#|?!4+~-QxVui zX9V{e1Ekj|@Dm6uYB~{lx~l89>fl9vl`nkd1}Yxm8RYUTi-S!|%ODGjn87`~;zgeO zJ)uXyvs|BWW%QXMukonqUWFVxXMzF^WsAuwf&rPJ>7U+5A8Dkb z>J{%tq(%XHJY0-~D-m!`h1WfnzH?FDv(H%@W>Pq_rD3{QaF}5R^sZZ6AeCe3TZtYd z8WE;IHv{ROzTQDW9@wz`ND+j_=jA<=8B9=ZlL$V@HXCm8`R7o^txBsxM)(poZ5Kg= zf@_`T(2k)iGf!4_m~(&{RwCY@vtXbxop?57uiUozG&dvV)Hn;wqSU-7tIGmm&T{0w zO0?o^O5_kQ>KZG}T+w^(q4G&m4!}9lJa^Ni!%f_X@KNS;mD#81ge!NJR@d&{Ue4E; zDP9|fVLtg{aea|5dQ703H``FeAJJg*j>jrt#RTn3=WZ+Iddy^9dAEv#uz6V8-#XaK z{j6>R4J*dIIhH?T!oMggdX#fqG#|DO+Kg9W>V4s7Jvc9VE5(m)Qy$;`Fbvp zG_Xz8&ip=iozG(iiHN~&xRf`#YFfZ~X8248;HR($Sp#;ba@ch3k{85+RStI{Am$4Q zCP--2RJB!@RND#(C{Pg%Djbap9*$+vy)7W1*aN~Lp?8L^K6`?A%?JI{;B+j84aO_T z=JtdA>-)G%L1)f`P2tMDOF;n8wOd|r?IzmoK1+PV*5U1ZP_8c(Zvjx0^KAr3g4oO@ zw$F$G!XdK@Z>@><0`MNnjw)t1bp+nvSOL_AbdRLUB?B0#*9!QytGM<@gi9PeY97^~&?-;1 zMRDI}3?T{$6)Zh0Rd>ZG&orlW|AJd+*3Ca5JV+j8#9{ltgQKG*Yn9Xi|(tJsP`PqxzUdBHlK6Qbw@y4az&Y7|wx` z9FJj+1|5PT1X^ARJV%f+Iicq;l&}nDr7OUdE3OQEQVeGn)xdBbIBkkUim7I(6WGX@ zf{Zcnqm5uI@IkUvUkB{I=#OsDIQsGhfyDDL9brC!2kJY#$wvX-WMTFK;n=$^3W7&C zSFW%R%LXLTf*}xI6EV9X5Ez}TU@Z+=l$Y5}ngBlmvJh2QdO=JSZ-B3$aP3?z3|Sg5 zxfGYg;~JUfjd~*sLP8@TUGeGdg~O7qC7c(w$0Fw`2(%A)$UdZz8)kN*3Yi#5!VBf> zv-S2of-9LFs@urZ3$t?tKEmf$NQ4S+02^Sk^G;Fde%YZ3vfl$11p~=Iq7% z^#2Y^q#ErFqGNFiSm#&lHG-`#Yp#a zS*K0YRI`(vX4^&k>1c;3R8nVkwg*vC&Fw?ts%*Bx-lp#eKqN}rLnC?)1Ig;3WS4Ua zl9FX6y310{qCGs;bhe~XWjm{x!mN=}VckwUJBygsaKAE6BMD5S&6w~mMeY7%mP|6og; zix|tgi4du8g||4kN6Gd&g=N}&f>o?E0V}SQO99_X6S#tQE^Qv7sx4%uZr4Yynse4l zhyjEVja|=4Cs*5|yD&!iT^B*T6+BWaq~bi6&eNUj5j^R zXISLFd9W?ix>K1sUU>73x96^Z{N(9JpM3DmTn9r_XdIycVpeU^$_Pko=~~-k6mh|n zByDf6RCXnF0MS7;D+%`JYMHN~JHOqN)4bu<0s^bOAUZ8b83AwOl3UfyQg>qb_1tw`| zg3S~4=LM)3lW=n~!-0~QsMv_`qM{^3p;A-7HO1f=>(Y&x&Zef zocTl@C6#l|N>dny52pVBh*>YpW`|ZLB`g_0O&&qS>SR_zt|38C9K-~Heu7T8P(#2o zFl@nj^;PSG(~yVdc&9KAi@S&%(3`XgD~49|R=9nbd^Am!eFAqNssklV@9180uz50a zMPQ7t!Uk-$mcY}j5`lxc>u=qA=Z3$2Jj1t;-`=>fx3aLjuy|vSFVHjUb50?b+KyEi z>YZ4#Ew1t9j^(9Wi>vPw&AqsEYkhHbeessQ*v-Gy+iQ1LZZF-svz&i_8_*}nLM6c8 zQ&>he_FKj1e<(zFuT(ErtIf#_KBtK13tK)f?lN*U^}eJT0D!$vif?X4{DjPhoWzE%Yv7*%tE1wiXv;3(ah~KOO`~LE~wtYS4UY?8cZH_O|wj9 zEHW!^64_noN8>Vfkuy0)sT2|0PQ~W&N?yY;z&USGIELRMHJz|cB_|-;*14O${{v4vD zwZ@3}fx2cKIpr(xG<`0`>2u|x(B0gXSwE#t1bMTvz0LB$^?h^T>w@~z>M5Q$f!wC1 zm{+~{RcX;0{5tK0p;#z>!My_<3}r=P2nmJ0!(Y347=1i#)u<8I!q8)_mfnD9R5cQnD&AnxX1Po8&`n#o`5a@>vuyk_%Z`ss0|Xtp00E5;&m{iMQM+RwAw@rmKfrM=oF#t><3n{&5pN78 znNh$h0@YA0iPi$lArmfCrq46wNoy%tPan`v^Dm|lJ>gaia6HCIF$GcvuKw(JKD&ZG za;;{|FBt%^`PYU>P-t#uU(*z^bX$`bWK+t3>6(^75P>%*6ZE>^($v6_NqMudDX&0L z&Y=`?5m2PSsG^v!QCk#+r!dZoVh(1CBEh+$Kqp0~iPQ%A%PXkt)KjS_gVq*_(fX1< zFxV$Z%FZB^M>yG0_!!t!8y^!NWf3)%s%R8QUZbKoG*0U6Az%FK#<-BsT|~V`>IwJ; z0dXCGM!v+OWVv1jY7dG7;OL^NDB|xhz$CH^5@;S;hTw3*r-E+8ky9Ab#a~Z=%>~S&Zye%n!{)FwEpvaZ!^Z6Z|v`_<|)!RE;h2f6B4>D6yp8klW*yf6x7@e)isD*Pbg1dT*2i|tk$lToJ1mGy z4JV|KLb(lKiDHrteFE$-LNZ_2e+qDEHUFui&YMilb9PjLvY2G&ezhg|H0@4UsrWTF zN{XV6#G&znMffRqF7HVZ6cbeDI)gs_NGyIar^1i~ok^^vR@V2-u{jm9qn^equ(1yj zJmHKO6!@ydN%6mZ2^>`Qb=G^B^cD5C?9KU`SFzCxVa54)t}vQ$NhWpYtTx6UiTxX# zEg<4LS0|S?%UhN0t8#GCf+JlkUrnT;U>=$^@SkO`4<7!bMNy^^`SWm%>m_= z`3@ivB6R9OvjqHRP5r6hX~4+-?k=)&`gv4t z;;q%Bjrr(SXz@LOC67sq^5=2W92+@cc2#yv2<0DeYEhnkB%!YYMc5il2lRT2IW^X3 z-7N;uENPM!%bGE7j!^;_;uZJ!6p|MAzZCGKe>j|2n`pW%^H$X4CPM5KYvxhDxRfg} zpUY${6$pcX6~|M#a1aHa7^bqO&`ZwSt61Z%sbDI7ps~8Mf3RP%rBTrKBST12?Khz_ zZD|l3P4bQKv`9s}-&DwUbFWl?a5ZC2z^QSNyLcw`Gn_Pa{Ubz-o7Lv#Og=h4pO=wP z0ITeX*VpHc+izaK{u9z4X>tnb>FoURUnORLIg-}PWNl&3i00JnRd@1l_ zQ7!=Fq?{84R)%6IybLWUvt-Kia)krw__j{Hi`$iBMRv9-k*j2TzKLH$7QFLbnGaS= z@`&EI5ChdOH#xhwBCz_;aiE*?A6~6Tw1%4z1+MAFF|5>0LlGe6n|epoo_PgMzseJ} zYpZ-8XjQWf#rx3N;hkJ0B;fdr+9AeHNYob&NpjX1NCG=oE zbB#VACa7rNqFls;73G}PLS?z*S-98~aZ#pQqiSD0B2q@Ef{-Sr4ib!@M$FsO`iIKa z@)PK3wAUoc!e-tHG2k{~sAX4W_qnZts{`Cv%v({m3jkCLglWSI@@vS_Zr%wY8nFu` zw!reM2Vf1n^C2d8n^$9OoN+VLzsK}LfGI&}W|jau3C~8P;3;x(OVK=-q@Yx;35Ql| zXR8I*mzUQj6sexYiiiwm3a0OKL#4te<;EEl_eh~{-{jm&%HEAeyh6~CkeOG6%Y>$NKFf4tcJ`Io)|}RM0F`YpBgk4} zvbr-um|2bsT3e>olUU)cT%k;dIv-!{aIo{@iXU9OPF(9E5U^^H9B{WPMz4#Bzl@bjz*tR7=Bg+t%Ew?BCZ%!kh0M z91;Ih+TE)>gd1sE5U`t4Wq!}PjAe%l{B1E6Z6Rv~@GyJ(%8#l5eR=@vo7M8sY+#0U z&TN{T0Y4+l@*P(skDHv>Y$(3O9GkY_!%}mpDG#80sl+uEaY(p+HFGefZHWuuhK}-_ z+EKT`wae%)$x*V23rI0B+Tr4uC!jVDCdwbk-@^!Qd%}izG+8Q$r5m)$MWAXqN(mfV z!=wQ6rxPG+P2R|RyCKyda1IK(<~t@>_Xk~sie4fJ9`6)r{RC4~JMeN&?O>!NO))@YOq%364_rjN&nc;cdq>$j^7U*3l85*3F|j za-vuYiyipJCB&c=aSUXdDo-y6n+-SVdEnlP8SECsztGsNH@9(=Yiek-Uami6qUe6z zLh!Z;DLOi=H1LY-$wwk^4nLVT1nY44PpmTwZJLJjgg0qcKyxyGH1Fb*F7HpAsgE>` zACp-zOh*mo!ZvJH?beKir9Yj-roZvcX^bg+^QJ&!qaR(0#VRW>Qaj{kg_(z~12zEH z2pKopLT2u|H-!@u18UGLYA282ALl=^*?9ALY`45Z7PC~#=yU0*>2hMJ3BnPo&FPqS zU(666c5Gqci-MU#d+siJ3q^>x#a4zFguKgD%4{Is6g+1hzBEBx&@<*u0WcFDkDtr< z8uLXp2WItl@f_3n+xRi%2Vtp73uG;cI9sqKOuM56xnw2wiH!yAnaefDHWu@)9k!^# z;Ka=eGT`XqymI6SiUI7Nx`}FdH?N>0jtduBQQUY zDDQNuh=2#%)C!%U51MuRHPP;!UBL!5L|%>H~$aP-gP^UE4kM7Z;j!1s7)KE z$yTFqzfmpOATA`fh|2~*s%^E50iuc^njiq80FbcU=e7LbPjE4J7dV15(QLR5Ctz>f|>l3BuiWCYTUqY5gU}l zWkoA1Y=K6DDmX9RrJ8Vlnnr)ZJD`=Sl{r~F%&CYDNSt3ru7w?yd9DwT{8Xna4__*7 zrDuLNeBie{P@=$jKy!vJNwfsy)RuNE2p#crfq6x6v|p-UK`7HH6%$C)^@2eXbfzp! zYNgZZcEA!?0pX);KualcW8vW;8+72vtK}uz#I2C!3zf}YlkL~6RP{j*Y($GP>%LzF zzXB|FEws|5e7t=CxX?a84k->i?+^fZ%9B1T2PD%r$+VVpO$lt}*}oEFdZpu(8AsFv zQw0RttZkt}X65dCbl6!OnOjJd13_MYEeDi=Zhb@sM+dYxgGdun1>~r%!Ub!xP5i|h z33r}C0+dl2JS)j@y+rX;XZ7CJ;K$zwS8Um-84OrU@8Q(Y;@@K0WZ1Z$sjrj$6YQ21 z62}2mU&Mj;N2rH9&q=)j8*ACX<##e+1Zr7{4ec^QFUz02uE<4l+b-g!LYM{GN3ho8 zx`(_H!nK9`Y5}pPB5-Pg`)jq#hyxaxRJ1@fpC^~67cAIPP3&LV8U9c%MP zLtnIdE|`o48@^p1s)|ePY|B5w`j!jIDoXZoy@Uf9^@@*9^oU=+=YRUI{&zRg`!D@7 zDF2|Q4=cf^{TfRP1aQ_$_=vqn z-)tPM9v;z@B2tY%_wU`nK7F!bMH|LgJB~Ez0QC#oT=U$-30n` zOt@{e;jYKSSyFGm6Dgub>;)=}8%XfU5uxMiemF9kgdR%Ma!m$Cg>rzo95I~P!0X{) z>BL~~^&5a(NdAx1Y@~o*P?&3&B=$=XDUpG;MpaO>4jXz&q`_?s3*LL5PDg5LceKUe z5PC<_XN;r<;&!Bk#Pbmp+x2%y`W&QH3mvK>p>;SEE}%uXkfYyoOf{N#*cKyd`(;r) zt-Cef*BAXPgQaP6bU;c}?Lu<4(@Yq=p#CAh$}Um~ucRzKuYaQ!TefZP(dz!oH_9MC zVSiRYn(az#orA8~aHD650u1UTJ_TKrj-0cH8%mJ*HnpUCeL3wozw2z2Y32uz8bIKz)YYp^E8{q$WLZ!+zE+oHK<`KVe$-*HowjnVxy{?)-*G`XpF@GqX;|; zH)`*^F2OrqBw{=-Juv);JXIjVK$Q?*)^q(St<&}qH5!Z~&pXnlII@&I)DV@?DHyM` zt13r~T7VpXFGsXCEu2N)jBZJh1|pb;o|z2GPhJSt@MuCLvtQ6Aos zIAJJz^sTTa5zj)MqTX2!ZJrvoYmgl>yOAR^BS&UOj?9f5nIAc_P(qo?+n5%|f|s9< za(|v9w&Es!MsfQWtny0O=+YlA>}2J0n(-up-*N3_`3_l zX$#7O$4C>EIl-skFR-p#dllvkGFBalluM#cjezR9C+_ly>|IAY5UJ8cTqE=bvOm5) zYZTW(1n4HDqrS~VcAj-c{gr8p7}HxLfLi!}Y`B~uSqt|UdY6Y5DN{Y2{K@-6${XDd z=%c1;&eox++rjk|O)92Xv~*LMI{f#knfaCJnVH3znH6&POIEna77j&k8S&Jm`Gx6) z=Q8c9n$5pb3cm!1z^EAEU~ zjB@_}_#KBV6{k%aESu7F!*wV9yfgie-wD$hE@_}%In-dijTBAo3l9-oJ-(+O8bT&H za3jX@+nbd15)bp%e+y_|Cd!v2Wwsy7-X(n+L^?KU2f^@SakmogliZ z%&<4mM*nfBhX3VIGbij&K6HTBt(W2)&y}Dy<4eLnRy}w$9h`&SEoLW1#NdZEudrP# zs+V(sP#RxJ6o(gJHFkq1>!jx4TS!&^vbM3YuC`};8~e5s3n_;6jh!tH{l~9=?frG| z*XMto`fK;E-%lR?`)_|dBJ+gKk>zlgNsHs&--r&kAfcyX7W~{vAfRjR8a&O*rr(JGwXL#l-NL4Yv9CRNdvZjBBSF2a z8yRGiHhe&iqf<%(j{|`(Mv~gqusIw{o723LlEjQ4@RhVQ@=+vnYhW!sF2&oWqQqXb zWzY0eR6bBfMKHxNb&pqIJ7c4zv-m%03}!o})M^a{Znc7k5*eAG9RbNrl3V!!7nM`@X-b9dp!et{mTrGd`L=1$$BP;^3Ia#yPpX zzyrb%m@YjY9g1t&@N)bYiTko^QB=0JBfk~AR=QMiZ{fsH=Ok!8Y;?AH=*|A?j_r2Q zgmb;B+U8JRRRL$~F5<;Ds6+G;O398*8n>9AnpI&@p!0KSQItorCaR%)(V=UqSe%O) zo>r-Xsf4V9uLJXl=KkTgKj^!ZzEAWH;la;XA4%(0;sQV49;yFhDG8d=8=2G~BwUB{ zp#NkMU<)ogUWi_tn83J+R5QzruVs1ipoDhq!92QaK{48Sm6i~L2BFKMpf6>RRqkLZ z0}0x^bV$wAJHR=;4j1AQP;3s_U%vB0DfcvTV28et(6Kl4RBxkw=$Rd&Fa6miDJxt$ zbEik52#*k~p!klf`;oPs=p8@;AhvCw@{l?4uI(4qKD4Q|GIU6-4BCeXhV;J<9UAPM z4Y7>)#XF+ht@WrJN;)xo3g)ZB#@>;ID`jhiAzYnkq-9W=LoP-qBwq@ra3&1C9JYEQ z6IT>S#u6wXf;wG=QLT5cLnsv~?4Cs1op(LuXfHWm{LFQ~nU%C$F+ag5g8NRuz>KIkr51 zeaHrOg043b@jLNS2#j8QzC#@=MeCR`*xg$9L*R?1=-m(H?^>+JO0b+f<2sEUhSH+t z-dTihh&q3}d?(rZ1)cw(H#j-1T;_?#{9SURD)WMynfi&e)IZp>(%aF9dtfb-V})Y z3ZWT-wR<)y+)(yY1&^Q$*&9_W`>`*_=Vp+tpZ*uqI%`uqJm2&j|6*qe;c<{%8<5i( zK)oWR|D%?j_~WUqBD+(&LBD5(_Oer6)@rqmMG#XJ-JySYjnvZXy6KJqZNc-ID9CQN zC~T`|OAuan+yjM2M7aq7bIk56QL1JCMQ;(AK`AxSGL&6@_ zc3fSlUQICl%kKWqhao&Tf`rqz!S3bF1$ISoCFAKEL_BZqLm}JZNWZM^@36&+mVRy< z^W77aI=gT7QN?Wh<<;t&1C1+8Q?W*2MP6o9JI9(U zu^k_42bdk+P%uLatR8;j{NsR%%-%1Bm)D>S}E*8zy8$Lp(#D`FIf|F2}N? z2=9QGD?xE_@64g1#$Dez;Af#cXkgPPIGX0xdEI%;35HX+JeJ=pFPO*FB}j^i`k1Ek zdbH)r>u4{5#0&_cbb7=+Y*y%Q(1jXi2aBSiGVy`33F5HNJ8!fLDii$N7S5Ps&-_?> zwpz%YV7p-w43w;m5XrSz(SMO?u6fpx;BqByp?U=25fYP)E=pw=&gm0 z3wrm!Iy-3G4D>!kqO`Jj1JDd@?1l}{eipZ%6buozNbys;0Xwo&E z6QvGu!fI&SA~qmvkDIlUnu`2;vqXzF(HDT=Kk5*P;v^CK)&BGw`J$QS#o5LA1!D5E zbJHsezH!~k+zgtLg(U#^!u-;*?_swJd_$by2F+-u2o;|X^<65RmKvNG4VT*B@rU)S zJnpa-J4&80EF0=``j#ToTBxyM=-hf>LVA=V#ly9u?7Jp~99VVUV*0b zc)4q}@_z+xL*D(~g3K7ih4iG0qK|E%{`@Te&$?j$=97q^WCwTPU$mg*1sF2fl zF3uR0aX5wHQHzFVr-1S*vdcli>;&ZwaXFaCw-G~-4Df~l{>^pU0L0+1P&WOvm)65E zl$md#dci{uiYo5~*Iu*K@jmlVz90RkMe=MSM_jz!v*@6Ia(GRUn0L=JL8I0|U)8`i zF9du})!5Y6p&wtD`9)MR*xqiM@0dQYVNrO%T#^4Z;4C!w*s^Tfi_FyeNAS{n{9 zj8~JcqBBG3sw$$w+5$kpNis+ffTv4U>fN!uF5L*b;cG(B7H>BDhBd&3>E-B3ei)-S z@Vz1{}@kOwbE%rI%9oZl;Sh<4-2)$5>y7OTKOZ+A?*^E)dfs~bLI#`1Ttx8NcZdh3iH9_K&f7L8~;wQ=+WCwX7 zV#n-jLW66CZ=-vm+?ma452p^zrAl0jRfyqZ7Rn=PBZ+jpS0`9QnuxN&O~fQD$AGc! zP0|;Lz5zU6%+dr|HeKkTq}<$4>~l{P4TICtPhe48FrjSS^*tUkf`nbRtRxS`@~j9H z3%;N)EdyYi?R!%Wl680cAhRG|U~%<4NQ>)o&`X52daeEh9@JLwPR*uLML{Af$A$qD z{>}+8-66^}qh$Mee=^bz{8yn%ZiAPzvw7fe3385nm4nyX5L(o$>Ttk8`zzBdcgy8U zM66owvhBQo%{q6KiQJt>GSOKTPM@Rf00c{R+Er1|RWh>@E(ko82&rRE>DjA;W@K4^ zeYUCet^=ztwiIu@vD952G~nctx36`}OtMl?OY2fF&>h7MI05R+FjgZ6XYbDF&aEyO z_7IVkasZYqH0NFA4fMP{q-UYxA;*83apM>-yO zMcNFltd{55$7E)1ac-eIGtD2nbMvSv7TINUX>NLHX>J7wr%E*MalkS=BVr=1V(?{6 zK@sb8P=kf_jTdiT9x28-d-QU5pNe$S#|M6eRz6X8fgzUox$ooq3+=h~2nCUWKWKI< zv7^X4{3w4Y9k2HmW@r2;ZHP8akPBF7VLew$SahcnOBjTEfy`n5-yFtmy&i|*Ot3c$ z;wYH{xN_s&1Ke+ez?mrT6l)!YY>Ku5I1p0oqv6cWZZnRmJ8nsI1*cT&)kbXwe@9{4 zXzqUJ{tW(yzJ2eO`E%R%eMk0>$K9`Dst1RA^o;J`zq;!I=!~u3{`rFZEa~;C>LKtyCGYkg*K4)SxLY zsE;-}w5$#%g2rHH1dWhH|I<61lE*-zh)Qf6VUw&WsX=~A&g))BtuZ^k-Vfr*&Q<@C z(M1aE-D1;?OPjMP&O%uQ{qdY82JXv5Nt6VfApFDvaAQccnk0P_Lp8Wf`30V-kzhS|rqW z4$~GKf~b>3wpy`JAEsM%sOcR7eEk)|R+d(Q zY>>}${=i`mvYwE6@?ZC8C{=tm26;4B!h7mj&&#!Z+$FxBRTh%hy3e)Oi*_N8#zYA8 znn#29h}rNIhH3qc9oaiSy1jY7?D5U?=k{ zD;enlpfz#?dWI;#cLH=M9~ZiAWDp{O-YrH&Knmz7imvD-p&PXRXi-HlD1EX%=pOws zYmho1W>a&t0C0|4{MGCYxJLv+iT{8lIaD@h6A%+^*kTqb+Cgzl9yN=rE}*tR+DEz4 z;v#X>I(PZ?ioT2k6^$`#2e9}wUBL23i$7(bu*B7IluO?i z+15~uv3x^=tgDJR6|rHO74N2-!k{b5<7@G!vO93OrZZWUM_Ss8AC6>@a$iJML6}C_ zeGO?}KUR6!{kijhl=>88+R>24p3u!vy&cEJkvlIj235W#>efA~6i&)v1tM%R;1s0h zVlvJ;l5KVw_s&fgf6dA8)Qfd{&mt;oUZk;Hqu5<>r^?F4?TH#!M&j}3ZIblm)|p@GLgznqPVE z_2sFm1&^%v50OZ<&SZ75uVt_-2fx;wihs-TuX2+Gwv|uPX z1lk|a55=Mf;G~R`)(Qcy109)Fd+eL+a4k)mHB=J88Fv`iJnk?QXUySpzj_;1^k+oJ zchET+9yE1O*v0pesl7nugF4h2;d1!k-_&VAc(iE_Ittzo6b*RO(02>t?khksxUtGM zqKd2MgG&mTz4=dn@Z?V^_U)|gy~)tfcOhypwoKuk=b`)#2w&Fbk0I{a{O`W7lst)` zjJYQIOe#m< zrcCHv6Y)lS4s(NO2hc_+)1p434cxVzS_rTZLUJpO(LbI3PVp+M;co-<5Ec{+XTSB_ z>!OdMbgT)GI%tmI3l+{iFDvuIl#+n8BzR>^)ls3~7>t%&MMOnLi_om1`}AZTZ5R4R zQ!WTg5-vNjefK7L5I77yBz#?>WgZa?xXv!{aPSw`N)mALAZ!Gwnz0}+7MiJ<&STq!Y+c&EC{jIq7+_K#M%V8Roeo-|TZxc}%rIqaBIlQcFgN3Gd6@ld zJ#x0iWdE`JWCUBbcPJxV2|wA$^FP-mNm)&ZKlIrMRjIOhlxAs zPdLH0Zo-tYf8=w}H!)bD)3%^a>1M46UtCbA(+efU8Z>Pfn_n^EL_m3q2+L7xt3Z}X z#vL{3*>ywOT~OYA!fdOfY!G!hoS4*;0(saR99IL%q`&7d%v&oE|N5Rq-Zd;x^uub4 z@bzYo@Sogh!SJ?-tlkr1`B~_A%&WSfJAqMQmnrM^1s;I>Q$7!EuZ_+ti;A+Ha)&zK zHCDcWa*^0`xQYOj?5hIZ!e8;?FIZDTeH_NBF+NZL8)7HF;uB>NCa{siAcv{>;mUTf7p+@SoHe%S-)s2g~lY#1U#(*&moT5z~`OJK=2^a*Oj@bmIr z&gsxGf}k8WjqFghUkf92Sqe@@+lNV%Y+L3z4?8wA?6rpfjl&gR*fL$Rr~yj{<&%;~ znY}I;-fY6C@;Dc$O|LrYZu_4PlZK%k9l8d7E&JW6K|dNMYn;|rBU_qtXyhjDQsY{~ zb~II0FGI0NIa$5oQQ&V~eg=xlm%x5_A;`lB^cU)9uXSO63Z=iWpMjUoD8^ii1%*)~ z)fEQx!>zVotm`YImvP%SSaIYD&F3ZQQ*r-~F!sr1JIq#L!-w@qq{aHwcEkKTf9}{! zwjIxNWTdLVU!Xvc3r8!&zFeM+8FZfhG&2nmK^G&gq;}LI_5La=c9Fpf4RUo@sm#=B zRfi+yZ)iTTw3Km!!KI-3T~~a@A+|?0zG#yrZCzCk2STO9XZq{J*E}4JVssaLPx+Fx zY-al9++I>Vsq%c8EP@N#};VQzM2d3JGyt+{6Aea~}kWwErl zIK47M5@Bh6dTG|T)Liv$1ceZVjbZx;?-;~dY>|qpoky?{*DP1Z1MvFst%!FKt!M?| z^SEGvA``eli#%_acvFy9^ClCYf%#)q77-LLn^mz{rP}KqjKELSV!2gSRXc z1z;(~Z^k|Pi^?QcVP>~jl;pf)H$cMaDsXLehT4WU^#(gzPnZ@-_n){glhQ* z>=*yc7D=#{h1{Yd7kaPS81db$Z{Ek>KZn&-hz9@3WQh#~tK%N7kR8W;6G*3IO`bZy zn)BE@J1#e7A#?Sux;*Fmzm(%t{}Z_}9i)y|^>@*#AY$|``m-?2%e8|q6ha*+gKJ>Z z3xP4Z(4WXnI!P&UdSg%e{-NV$7F)-y^Bd+WP@rF*k^SaA{Wy_+iFg&j_vckLpR*v7 zLsvA&71Km$r4wr~zg?z}n-{P|g;Dn*YIA)?-Kbh-6#S%DU3KRSy0SCESFCSvQ`ncv zU0BTrK`yn+M}BJ=D$(a)EX*rHwYslh1RuV1bL#>&B>Z%@d~|YsGB^7V9^0oLQs4nq zxj+Z8ZiEEvwTi=*#?SyarxXTHKUgwH&{d!lIz)y7PFgFI85dBtA4h%wJynRrH}S~h zWyOcxF2}9M=42!<8ilmErz{0!c4zdx@jLF&Sn$8PZD{Xd0#Yx^5Ne-3g?nz)!j`9I|4Gjvs<7{j~z3kGv)A|dxryMBbDL^0|@OoerNU(jKwNw zN-GUI$|sG(j#5Lp6%#VSo_|9AQ7j67fVJVTwT`OefJnB!8yv^+5xixXx~_9;sdz0g zpX1H*ML+iuSften-EBvh=`f`@qdGvDgj70^vLdyRx*f%%ZZAw7Bx{L3!RqKOtFl7e zbc91ZbDAz~ec<^4Q2?4ysGG&)^vvY+>|yR3MvLI*)6}%hOwSR|onKg7nwvvwyNJ$K z3JuWI$;U5e=rM*Q7WzA{a`I3QTz5M4(5&RNl7?0~+X`p}0NbXc@aoHr>O>&02Tu@- zM0B}d_KuME){OB^_njxHrqx~r`x{4xf1yj;{{HU%ft_fzQR0h20!cVdM!9?shh<)Lf8UNKqJEq2-pKWjo@+4djZ*@P4k{_^uru#X_%~ut>_0 zx5c3KZCokTIrcZ2-eM$aC{lfv6?>y6viF$pT6M7gvv0s~w7z<{dbGZ^Zz9%cIm8k| zZxKP4At(r~^YGU7&v_Lx(UMiW;kuz15lVeSLbP2 zxjc{X9V>&FgF?LuwedFz`g9_`8kSlSWjo>FzBXG0LMgJzaA}1_vjN^(#0#ur4G5Wh zgw>)5%vm78dbtDjv;ggsgo)qHF7@Y*k2_Dd=`}ICc=O>;tg_kZXJAESz{=VTt|$|~ z5OqWvB9^VC z!%bU9EC*iV4;E0?FVs=xI@nx98myk9JfYZH=y(0AcmRk+C~5Pd)(vhYp&nRegz zwy6s%yS#2kGg?>D5r)U>40GB7+b4LveHWHNXSkko$2?Ci> z4g%jat~TQ+qv()t5RJ32bj5{i0_v`~ZKXx5Pc$=MU2=Uxize8N1#r2bW%}-#6BYB; zy9%@AyiSBL6}5T7&`3>&M!=?f213IGdogRxSV;k@s&HmK3tb6w^WUl;)WSn3cA1R~ z@zn%)3*zB~b%8R1&AXfU8VV*(SkDRtr4_d-wW)bxWT5PXZ?l&|6o+r}i3$@+A+K(A zvRL-w>)`Jf7cg@iBftZa|z+To&(|v;EN=oa)jkObk^lJZc8fM`iEbwok~Pv>J#2)W%Pu# z)GJdZ8C3}E&9T^P$`kGt+||)DziBUlNhXq7}L zxN$qkNCeBbbiN&F6;T-0Frv1=?2XWXfK}(vkf>#v1d=z*qj~c<_=ZOdji%c|h_-Ta zHo|KNHIh&ZR@)^M%qy&8f1cH!r~U{K_vchvD=s0UzrHF`UG%^zMD@V)UDntZXH*v=u%-}c#0!P16rqaZ`SevpfA zD_l*?{%cFpnI$zqE;}=VvlAr8!{DAf0lg3Q-$wgw`yM@4OvwWl_cbMTZk{Tcd|uZ*}Rq;IPyaww!T>+F;?IDZn`y7eJWc&E>#$DQvn*7+@WGE4MFB;*)ChTff96y`d$>xlA3nL(ef%lNC?O4H0sciX*s2^+fOerzjmg3SuuO3Nq zZkLS|u`;`KYIB(;@YS60dBMBTv>?IM@4*viR)XEA)vU*0p4+Bg_#9lJwgL5a>vu@h z0opoB4$a<03(O5caBf`LDC|yzTvHXmTWZc^uoRG_BBd5Q_b_UVTyqBc5PgOBiiiaV z)_H$11h+?kxYxG35;4KJB!nJzw>rFD_x(lgq;W|_F>aDKY_HmM#x@TEi=SSiJvi-N zUY|~(UAKiX490bNpmE8$sOz#a<4OI6<)HZAU=)rsA7F0)TqvY8bASGkn&Z+*PKU+? zSAFbqqUS6Vf;NRt8jMZ=>_GYQin-d-gD7INb#XH{Q-ZQXXBOwm8G)w2I5Fe%+e{BZ zHq|q-s?W$vmF0pgXq&#E3>Iar~#L#KNP|{LnYlA3TV6~i~u;T(SQ?{ZTLBY6S zSip}Hy;7_v4sQ|>>z&4oZqyKINm`F8dT70R){m1SF(Br%b1ysXDzdK z9Vm!ko@yPTpki-g!oHg9)Z~|tyR{g(!+`XiVxz9@Ws3tfF9>l&>{sxVcR;&bwS{`7 zv;<#G&P2N^l1)?6oFV=GPLe!jCg5GV5*klf*EXjxvS(H-!q0dFSCzG)@|xB4jFU9D zp5ev4f=2DnB<{8{!VJh-97C!5L07}qZ|eTC7N2nRG5W=7)3&OegUb_BSHKdYp|uOP9$^B#? zwJeNl^*JH1Oc+YLAf-Qw8bQW|kF*K}Q9pd3CHT#U14;_Hfq$aan!c8RzoZ5s-xUF1 ze|1+P<)Sp{=xgzX>tP66uDYLQ0 zpm>o!rfSj1h+F>SSCEb6o~S!F`&p-m8JD?{*(9#eB7@G*l%h?auzxO%)(27J zXt$-z>h*gQciv!yok(N$LzPS}hY z#tYW)wW zXca4UQDrPIgN*E#)R}hT0nxTcR;pTro)>)gou6U}GP?Rn&oOao@ZHO@F02xaml*}H z{ay{Mfz>Z|4+^q2oIeu1{&Ds{W)^Wki}T}S#XGB;m^?O_8h94{y|uz;bZ(Xz+dPyIL8o%*um}YW z)<|}qoLHMi-9VVxz?q$`x0R_i{K%F$yeBI$bF4cReKvVs;1IpSZt2}!!{A68Cf*@l zVSOEBtz$$TfJ|6}2U4%xC{NCU5(Kb!k>TTj@0RtpvJhr=fLDnWG~=Qvd~ zYex; zUSd<;=bcG5+K{C^QgI&`l+Yl5en<#iL1Ok7CJaP)NTXK!w9^ww>1_CwQMhVpGgVDE zMf{hR6H|9H@h3;PA3pZpi#af@ukK@kVNMkT6~raDj+e@jFFY*JFK@&WMz*b4tG`;# z+6XSMTXzTgW;87zGf2gEYil~WHPIsZdwR3Qj#rAN)+s}^vC5ERTy{4V-^~!Tnn}iQ z$?&UJ_o~OLHZQLa1ki-r8~wGx&|2-QQx8nG>J-1d;nP|^ati(@Ama5G+rNcVvaNzeG#{osUo7H4l%&D+RmRW6%Y>)$Q`M=9 zPhw%!r@-J|9J<%)VQeLlr>VN**Z@m>nx9wGMQll*?K%k!Q zYy~xdpVS!$`-)i=fEaEIYi!zMo7A$SbyXXutd&UNoEOY7PiM&T9)9Tma(R7DjHxB7 z_IH~LkU{WFkrts&U3b*4bwoU93S*Op@oYrHjNa|z;=EAERK_@By6f22877~=evtYR zO&9;l&c<$SD*Sp%hKLQD%1f(-Bz%RuqD+VYVx`BG7G_kF+x$!wuX9oXnZ{f|WSO7r zE6}kX^}qjaO{D(*cP;(_iIdLnzuW5Jh`aT%kVyU!wryi0OCb}1DBFz0|N5tYp7?*B zKKtYMlijK3Km7T}pZ?`vfBo%0j(-2IzyH4&kAeWfAxvGSeTMizhr(=dLA^bPBO+Bi zH`VZ_a*Hkx_%dxJ#&NxqDY?w9yUeCv)0DyX2hRPXk}T_FqVYeULY_w-=c=E{%<|0g z%JRzm^xVSy!t%o6{L%vA7vCLw3|>`O-nPP+nO~ZoSz4N9N9|b%%*?{HZ=&6V z+0~t*vu#cOWA@q2YM}QbiX3_m*@!v_KP&^OlrgDUUVXjErgyss8yg;cRAKu_DBgL- zy0oeOt7mtzkq26ger^LOIp&;ouibt3H$sP<=7HV{-fy0LWrsqW5`prqPFTr^Sz{=z z;J&0b`zVuNzu1bgZoY0^GlLkwRD3s*V)o!?FB`yuU1>yY@JhMlRPKmQ46Pd8jr*M z<9AijB<6^b+fe60AHQG2XL<|;z)CmBYgV_Oa)?n~TO0l0O+)7f*C$})@#jc%Unq}e zO2$%TY49Bz?Mv4(3+{rY;08FTi*GY&#Al2qXeR;>h+}<%E^toPzA0&|1O67=(~nWc zF%;;lDGla0_n0=9JBGMKe-AMi1y9`*BuUJivwgUPJ~2)9gpw#EcgZg6O~gcY%RYzQ zim+ikl6P579S&~ctL*-*&n4^N)^L<}x9o$hIc*y!%GNdKnAprf!aSe#R&Tkhv1OoM zn?fyU-6k)by$2?)T+W#ZcfQPu{@v`Kp1e5KTEmeNoKlS`W2BK`YBc;Ncg$=2@2Nuj z@x+G8t+%viO6^>eGqDj*ykO@t*5*hSfW*UH-CS4MfUi@6jCj|RewVB+4X|+mylFy< zRcW0{ZJ8!<4&QE@b+~_5K$mktj$(To-l^5(d5x~lHJm=!(S~g$GZ@us&#)0N-0)=Z z59zy-1nu;{xCC&B1*I(+W-WVgod?fBb{;w>X3Xqt(ZIYH7Zg>&I_6ED14n;l$L^?> zai5y!0#za}`tV47 z6n@Tp_Q*LN?8-W69KbGK3r6+`?u%-aE_SjM5IWVb-O}Zm*{rB6@d1tx_fiwd$#afw z6d|?vxBazBd^B?QNVl~Jj%~=Ng(43QFQU%&jF=uk&;%xu^Wr2eKTw@Z%2dd^;t|B4 zdgh6_m0*`oA!5%O*lVy0iih(VYk@zqT?=4Wjk&N@1rCiO7pob6PvNJ0CY^gF(beRD1i zeIMdUNzO?JKgc_2JY_gJ)&OqFp}`@UJBWtfRS}(JyA6CHpJ+3P!RvD|zOricz9q;JmN}Q3IFf95V4ECo!C^@cZU@QpoP)fja z3~PHwyDy}{ClB^oNe0)*X98k%o%F-u*1-nHx9NL)aDcLYYXsk~U4ByFTu44oj!+8S zT}xTdaI_$|jD3kd=2TBRw7tH7rHSnUSRodg)7*fls=ZW4cH`;9;8{WR`aRs(V0*Yl ziwo=>T5n%o{HcQ+>wn{3H1I{2)p@yn`0&Z?gFHFOCnwvVcGf%xH6+iElUP+1 z7v;&2=io%WT9t>N$pICh=pskKo#@0%o+D=A?*ds}-O-W?0vjTrS> zeMYP;Sc{g-t;0*$fwAxsP}YE#`^n9iK$jq@l^8ua#QAi~juS5!WtC82{bcrFEm_q= z6~lGswPld@ZFhvhfBgR8>AyUG{`9ZC@1H&UmmfY=fBE}A4{;OBm&F_55ZL?SlLIA# zRBELv)S;6SLMhZU_9T@uQsQPFsYgA0|3sPp3b}=MLD9u3%}sjt z$4#m7O^W3NMLF){T@p%REn_n*F_z0I=*Yt-uTSP5Iq93GIRzt`ZRJd&H`W>6(T!Et ziA_j{!$#-CTN;j$=qK=C?-H8LHhM3ULNcjrF`Zt`{OHUm&r|Ys<-TzgbRRP!;gt zC&&G!f`WQXiwnBO)t=KNbUMKl0&EsMtuRT^8Zb3Xdwhcp$|P3k%Du~1&J$grueA|~ zRQyOreSEfxx#{gLhf`Utj1|t6D8V~K7^f%RmWL@qr&aoVoW7^uXRA)N6I;1g!m4KdSI^c=Kd~RBg)~hlqJHKIAb?WnMIg@?^#=#}Xq$Vg~W7d{qjE z2_UxLP=XH%ghX6@uZukC;HPwByMfTy>rvGRSC z_$6Cl%$?ZsbJ9|@Wa(Wpt<+0X3X!rE7#Ix5${~`J>8lA@^M#x|K4;OqBbD;;WH5sw z{Ib_$O9zxqA386#_rd{?XSr8+P!a870us3J^*1)8t$GJdajcG=L;?lHP!m-H!3EPN zm3k}R*WJa$sy+j#RrRKSZg5AGAxBT6QpnU8qQ(0nYkI=uAH%eole_-bhBz7>L9V8< zGO3MpEnb6Rh^>KgWmrkoVbcY90&%kUuO zYzrG7Ec!wE0+O$dKao!aSHH7ifb*RmBAKYMR6Jr#`)s^*`* z+HL!a!3}%lb=Bup;^Pw=Xd6nVt-#bv|MAHDFu$6(w^>vaaHsxK zxQ5K;acQ0mi(7uoiEou7TPqmBtQdDqT}I@5T*1bSgJhF@-&)u5@luPey+$-|h>fM) z%ac_atPyvK3M2XcK!6|MOI*m>Mx*aR9!o*);-d%M_k0(W-xT!It!Ge14PrQK+n?*=iC>eCh$#D8jVAyJ;~n@RycUd%Ms#2m8d^RQ5;PLQida^u05~XE}>Q77@eqm)eFv0lk(Ru-KpQce>U|LruNq_-#`1WU;p^q zv!~tfpZ&`)UHcpLd-4TItlpiK;4E2S?-R}--q3OeA8Pd}vBI#Y+&N1KLu(ew&47&` zE7ySl3qa=q^o*`TsLF^Fa>5&Pk9R3&I3F8-?# z9HLPs41JId0SAx;+gs$b!!;vgKP&5}i4LYx{dQ>~RA7sdT9rNP9Tn>0^*)S`eW2`fOBvYsaaF(K|f@JQO zAJ05RrT{AwG=;K}P-gZ}+|TEoXB5zr0!TV*Ha<=&ut`wI z7{={5XKAvIg|FBXaXU8884_!Kws}Tt+t*5%i|8qKAB?t%U-7uU9keI}wZq6uNjypB z+2#$i=Chp@+~+%7%_&>{9D%rrQvg?SHJiw4Fqkwwl5{KzPgX&*njw88(MizyVex!VM9OiF6TXCD0YtEXE zKd}U}2eVkZRLGQn;1=vp#tGzNREM3ED_p7fB4UycAT`gMnQqRT*uO3<|`VV6zf% zx~)VeMETTywaKp-sN#HB%IxM~@<6RJNUNP4BObJFrwoE<69=6%Nxs>Pbr<`kJK->Q%~3r@t2&mI;C8ua3h9vA)=ISWxx zqpa>hlYNX3fGyV+UYBJ-#UiUNf2fX}*u|{yxjz2VuJUojf3UjK>FpdCMZh!{cHn2z zT6)!Vu}UM=J{TxEe^GIajo(`T{rB*n{jtJ5vV@NqN}ga$3a!NK8NSFCk0}~b#zaew z732}RL{HwN_<5(>m1{Na7LM0eA8Br^YQM*+@1~+@ni589KmZCf&imI>h_i3h(?DB- zEiW$5p`M#roLQvn6kCCzp<7;t))z5T6S70W-sm-g9g>*eLUbw$(pHD8JrDo}CfIix3J zam?HSV?&zABFJW!ln@f5e#K>|LO0c|YS45KjnleiD-PRX^bde-gZH-4o?Zr0Ox%v1 zBR3(@BU@!{c~_A|)2I1k%Ehyv>H|XpF*?|I`4&^tKNV#13>F2xR2GuUIsjd6snG~O zMLR3`GObJvi*6v5K$@?i{nCb6ZUp*0*pI%LhgVg&V_WjzkO+$hv{GP0sy#${V^6pD zDQju|r0a{*$a_eHMOcGHz}vggZVtB1sXbV8+R`UXvU}ju*~wdl_B;e%hc)!-Ewbs_ zN11ew21jK}&IoU9BBsbhB9tJU!9uo}Q%Ow(4RXmIPPt@)z>$l7BH3#F+(pn6!0p(Ttxu7T9XJfE6KM3(347+p@)=j#Q2^%l2%Ic=`T!N_w_Z;%AXcS?fb{;3SWS-KY`2bm`qBN=|A8bWy7Sy_=uP&96LnJvJU$m zD~(|iCygWm(-H{hHT_oi)b{H`G>)CoNO(9F=0}H_+8Ymh#jlK7ZSo9Dun2brJsD>X?nMhaS%z@B{ zQR?@aY6CC&V0g770=Lu%3d3M1caC3dYYK_hwoh9rvzKEL?WxX{nW9;glrXU_*Rl9* z&U5;Z7Zv;uv&3SJE_a&ge>ndGtqC4JecL)sVP?Pe>Hg!VuOB~cU(Q4>EioWGz&R~f zWfTwx=DNy$K@6=ZNse=#E_xrumYYaOo*reLmPdDOVY$eQ81hBc+qqd>Rc*tWa{N5u zRR)jBj??}=tOQF%eR7XA?1`CQe}f$;Gi400l#J=VF)z$|)oT^qpF3GHpW4FPi`ym+ zpFMhdFmk#El_09}=?$|YXn+dI!vsEqewx5*Xtpr1t?Lt~tsM*G#T}q~$>ubT?^u>> zr$NWGlmQS}@&5EY2ybapV`!pDCKo?%dl)GqB;WZ+s9b6Z)DK=qX{lofl_Z(2X0UkN zH7Utl-dcJ1TwW?-Ss10d?TV8MQpYaKp>tuCB!#WCfrThF@<7x)MLJkcGqi=KjwP`T zPu;owv{hJcr7vW7vzW*$I0f#g+gVvq1sq@7#r(GZ%)0md{r(>^%Q ze|zNgbN0y@T*_D;UV>MPVXnHPJw%3$J74s)F1d+MR|XBk)vWM;lQXlEb2H_%Ok|v8 zbKvP|Ye+kEIzs-OrCF{1u>@4(j`SML&sg9afsWd!u~aJmW#vW&y81mkU9Y>wD#;?3 z1eViZCTu1w<>u&ZR?)yF-o~`o(z^lXV28zt1J#h9Y5IC*N~sCz%g;D8k`WqCD!o(% zs8wF{4tb%&r_npAI47Cn@ada(Ja+R_W+j^)U{LT2xllmVkzxhn#6#A25 zeg>Y5>uvz4IS&)Zg?VE?i)0IK$`0`2zKl~=imoJWDCZZOEh4^kUS+9!kvV!;oEcq> zm*;0^=q@o&V`Kh*dI@^DJU_p(M9T?DG%1#^x~Ub`Yyt}z*myiOsuW+NmgOJp6S%9gwSr zheM1W$+^8+WvlH+&TqZkl!nn#8@wN{H6WrMyYoRH4-a?gNTI~L^#8=Sof?rFxVgEH zp?G7ipGoI*#gL*YW5EiK-hY!pv-r)(78{4mbsq`CL7Ms!v1HKf$)Q+IwQ}_LUtneY zsKuchBDfYjv59f)v4)!S5m*?CD?G7aO@k&3)R2hveFi#DoJA>hU=&M*ykBT6syKih z80v$ZYdta>7HT*{t&*55kl-7f?{V)1-ShF$|*&>C>^NPmsMm{^H%RN&ZGHZVJJ3W&=5l$JJVpR`A1uJAiWaKScmw;&T!YbG|vm z;^h%ha0=;}x#(JFxkzvmU4<_$sLT#u2f%}j$}YY(>TlbCJ{|5x*8uG75Pf-i-fvn* z+x;AUG7>7;4Z*;ZKGWfVP|V4P7rE75@XUVCS*X9IFBHyLM>QqHd0l!x6%}N6Z!mmK z6^~nNZuESc433^}Q_a!y1AV_sFu7q(?4rVSc+{vcMWkpx==djJ5~M7L#DxLy1ad;- zvXr)irBD}v7SA>N5a;KON#F)b;#s7E^_%B~yGX|a!0Hw7=buV29v72EONrWezl2Y% zkz#Z~qI5G-Hks+pvbC%fvA0m{Ib~m7x>kxsM$QA^D1FTkjH}2!-(njw6lSPMSO6{I zNSjALa)0uxA5=#K@1maxe-rI34|8EJ6!njDhLl)jp4+sMaCLj{+F*vDBrP$|=<7uL zdt4?Ejy#c4=!F+Ya)dAssz=Yh`^+Q&qm(`v#ZvNS3Wrv9YY#}x--hB{?b6yNhf4-l zL&kD9@nKh3WRsAkifJ)p$jKyvlkzphiQ`#Z>-@NMrS?L;qh$Ocm4AU#dSjRHEvYVV zn<|Dv)hH_>ta^Fkyw`4!H`XubKY7%ZWU>`uByB9`p^x^$6GK^i_OvNGv;3k79%Tx7 z#Y5^s|F9EArh>ebTwVG8F}g*CCLcSmMof>L$4uWzTxdV7Y##86@sILgK=>79Y$wc3 zNPeaVuoF3r6%+0~LN{Tf-=d?BpLf3c{)RoSR8j^ukvb!b5IVLcrw1;u_Docrw=wki zi3@uy%lc-tRm=V_v^MI0^(<@&JN!cS|0S=1R!k1;jnY<`Rv*D!OU&jrBOXs`heevz z)>cEL*Fgvi(V981ih|ab$LI_#iH8T@ov1sq&{;KuU;<)hdygSudh5e1B;g9(I(E z3tJ_QAZP5M$B?{d+^`vC?P_RG;FyIUcYl>Sh%fzP^;Ys~1>KzcG2E;224@$}o*(XL z?dJn!`rE&Lf3iF~tGplg@8{F3RlGZ(*3fyy3)BmJ;YGG>YGiJ}ba~zYY)%YOc zn;9tl^fHB(v`}YXmFc;qnWcI5LSJ5(Td-b{OEc38^GI3gmp)BAX=Zt0d1+>5c77IR z>yoxGsyNk1W0nme)HScYQBQ$}m6~&32^hZvOYYW0(-0(Nc1}-r~Qqm(p+E@9H_Th(PbTC7TVG z$>A%l7?p@qUnjqO`7+6Z{xqrmfGqZHyZhLLDKulEry6Knw7RIWNjrx6QO=|4Bw3>+9b7myRZU!GITJ4u$`YMow|GZ{*zGSC zUhtX8#ty-HaDd0Rw1>d-o^(DDHE4*Vo*!H2V_ul!UCkWvtE1GgrjCzXAdF=BeO{iW z2}_V9Zzv5O z%>tR!O@pKhh8vfh@(O{wO{Wp3aIM~q07ZHYc>Q>O%$&Qc6Udpb$?w z1lKC7S*G+r6)YhzO;6z+=A%W1Wm4mU;J>^9J#lRsU4&}N?=6&2X{vB3fhqlh`~|ZX z*z9nfFD`rcenHv!Tx}HOj)WE@WWMITv3!df)og%`C#QTCTSA`LZYkLD&oyZ@Eh%|? z*-Fp8xggIf2?t|q+dNR+D_Os;9${d|7I zY2C|_F;{8$q@E`)@XT@~FRS%ge!`EzSM_qNeJH&`b(4P^tlfOwH#B2^TtBW zEkV`ZuL&X!evR!)e=C15F*8iMw4ih8w^fK(LoFp+XPMy^&SbS!pp{RdGFTN8VfM!6 z^IBb8WQki|JR^8>2|B~kL}1YF-ww~@OXBT84#!AJ-QJbY`V#8^3jX8zvN zj&GDgicF52fj}tC@e)*_AdlLHG3gS? z7;y|@$qh3)KQZ~$i$`18{xoqn#0*Q)L(ra%-_n+qr{`{!r@@RWxtR;zX*$Qek-PlVQ6lXlO^H1&`$U^ zn%r{5;zL)=EiB9~Atct$0n-c9(<`$p99o>6Vc**26>Y5bXj=CZ%l5;1QTytbJKkf* zd*!F#*CvZ~=o7k>V^U>dM2H#oFP40L`9Q~x-wp3QDcm~}td;Oz5$s$AiyJ7SRs-uXl#5L~W{Gw z6L{U5{g-$bt|s`vb*|tRa&kuvW$Dax=l%pjfCJWX6XI>Ka?xNRE)i1xZH3^ zSIc*dyQ1oe*(5xhV%4@dwzUcw!R6VkgdsRTEC%0>6pGXW3RZbo7arLLS>RE#|y7P2Q%$T&;t>giU`fwUWp`|d*_|W zXO@jWZCj@VCf}QksG}|M2IH@otgi6Ykx5H?(Up!+E4!K-X2UfErLyRs_f`*IVV6B% z0l=%wHQqOP%3-+zc0?zoD6+8xYl?>RJNjRbPj1ve6?>^IIm`=6r`qJZ+=vQwy!v^4 zlNtBUc5oduS9o+X7UxN`e2urTNK8ve*w<6kM$`J#jcNCTvK^QKp{~kh%=9SSEw(c4 z9Gr1b{%1hJrdsD7DL!3h-&RWSCoYBn}@PJ=Yt%<_rKb-xIkb#SP zsRCC`-r#19#na{fd!&WYgL|(&{|+6M1r3UwNZeXnoK0P}E6U=c=66#gtauka*^Cqs zC-UAhijK%m{PmU?!B?K)MBQ&Ja?Vr{{J?fJOg6$YYJGBJr8)821cAc?VOVNpvPbq5 zCJBBmy9Q^!6Ptnj^oy-S6+mw7yiDbx-nbdDDDBFfk!ct+I8_?`d8bj&hE~#o^CqAr zYuLp=5}l@n!4=W}p$?iY)>e%<>#;jK{h8vT;B0O3p_^iKSAl-V1M>wq|Ki-OKaU4G z0EbNXWQ&_*>XeZz@R6B@XN9mAs)i9A%jNPrp2x=TEi&iA%kmvgIfD%bZ7_pVuGsbr za_dXltW-)*bJWD{CoeBl;=-NLDz1Eo>1UXTy7GZ5T+2g4(&PqPv1$W_3>hV}U#120$@A47)a_9+P#;?|VddXB*2>8e2f7HfMv z6-X}8h#f!tDaCqjb+oI27h|d*Q!Yfas0Qo-ctVt7l%~LPxloD?lwd6Gz2Xyf#4z{- zvlYIO9Nui)0daU+%m+3I0uq^!v8ll9CO`on%ukS-eL;b}$>i_2G$v-{2Fikhj#U-*g?3GKKe(R?>PV6al zvHhRxJ(ri4XO@=dXApQ!llY;j$=n>2U}0`)$T5s~KyEgYeGfO9^og))`%rm8>CsExT=BDg2YNP<9uirO zLDj=89pNt7H{%3=%wD>U5E#R(2nt4pe}p4hAxcMBZ6U74VsYk{EU6**Xb88|)Da7Z zr!3A3IR%pZ)PsYi@3FK5K@3)bAOoE(wRJS^75+CWdrGXt)^Xg3hB9;q5l(X?+jJEea_91y#9{AU?8l3H z_csfaMVfaKC!uE)T5H;E6sxGLiVV6Q#M)>y^WYUFhHoUxc zJHWHSzEnV8Wh(;6;p;SkZA26&j1=`gfDAJ10%>9PVvmYa>wwtaUbYA^(O%;@ zjny^ZyG*>hWP`^Bj4`6NrY9y?0iWB=^Y%B_Xe2wol!CcQ-c8v=iD$Jo7gM2b1lsYC zz@z?EK~&EBEnPAKsRDGV(hY-cvzHxOU7x{sYqM5w@6jWvLzYTYE}5Xg1(v;7GH%mj z8=8`|(es>;;6$JM=~ z9<35-w)66Z0W2mHbwRQ|N?2*T0Je8cK}o{Erus;%OuyzxMbo>qvoMBX`&ooxjFhbP zv=HWCJ!)#p@7k_RoiES>>V*_fF6gNhX=X@RApDCUXaD;CcJt=)*!EwULoM%Y#t;;+ z<%H1i3TQ_!(_;(_Z&-Lby>C}F4qI=?@Sw>Cl_y4HC z-O`vN0cHtstt(%TtfLnE?S)t>OF@d&n?C#1DnJYeCfM&CFVL^z^(`-2WKwOrUit+@Ptr1#@gli=@+G2|2t|h|PvIji2>@{zp4cU+sSmS5S(D#UI3^Ms84MZ(a zt+NZ(wF%&txPecAScT_J*YTQl3?KzCZ>|3bgagnh=BPieBildyae_UW0^sAZ!omvn zn+r>}BpG~wJSc>_BJ4#1T)Q1Q*wLI^R6f8&ioHwAs1B$pLd!4HzX=PxRD>)Kdqyf6 zgN6@L5UDQWQLI?pqX7-!kVgA_Yt2WxDlxH?Vskq=oJ~Y|^crNC#tfTlh&pdK-NIRQ3RJb@Mk<#xm$9sd> z1vYqSe#(}2Ne8xyE5oE6OZLkbo+;fYDp<9-xR1E>}_psZdljZB9Ky3SaP758lcaa;!=R;T#%Dcw_Y$I5!YrU1jru7g{{@3R|-2_XH^^*3Ks{yqNXxd8<~ zVOl1`r#WApW*DD9_W<{F{QD|DcH+6-LK~}LdPlOXn4ed z{?`zh8LMCg1nLRowPLefviK?em6%Q`)4wgt+Mhb~cD$u2krHD2Q6G#_SUn9d+ zT|*iI=dIDPX&`((=o5WQI$U5`rC9-@XW*x8|r6&#nl0XxlO8 z>;=-bN(iR^07l6u#5HDrBJOsCQz3-! z(f-EEEmD&f!nX~oUT>`(!Zx;cHg_TMUiT0&7_V($RlmCgyp5p%Lqr0;@W@5&25^9- zy0^BzNpz!W1Lx%uu8jhJSThM*>)t4oj{dx-R!xQIgWE^D*PXXvHcd;f)Oit7=*UT%D_Q z%Ob6*O-PQD!A3=FWZvQ#{gnu5auAL{-^B>Ur%x`)kcY{a^}cw3Sw+~W!;~{Il2JXE z>g28E^F6G^3A7IlFsUK9ER+{PuC6868F!JH)B2*?3mH*M3g#El4@5CmTu%lRS{LEh zQ^ToiY~;N$p#BNKS4xfY>rP)Sx`h;v?V(3Tp+{x zyEOAPz73}A)g4u;w7JMF*<|D~+Ejej&P6}> z?>!@%U>KvLFdnYO=cWu=$=rEVfH!Hd#EVk(3M_)C(7HtnEdlT+e=KU2ZX9T787MsA zEepFZRPSaBf?qSnY-I@Fy2y;*BNt(bneeiZ?Tgmjsk2pu(cD~lanbXR$W7i2)wdLx zqB%No>1?@ZYw%W;xjjy3C3E9rswp0!aEwM2{_AtEkMF}<41beVFx__{!Pm!{n%%R@ zDcKbG_4U;h=@pa-$>I!EdpyC2W$l2>bv0`j>JhC{c zF)snEwzh*If?9&8K5Q)gxf->M%m^ep@6&MYj?arwgh%(NAG7v|d;-7~jp0sa7^;)SZa z0Tky2^6zhR9L0-tm7K)4>Dkz;4kUP~`Pta31P59KZR}Oe?FU2q##O-M5%xu_`>D;V z87eNJ`kxu?FArZe``A@2ZdF(sB_T(DSx4djm%WXBc7Weu&!eM_oz)kw*?5+C5&7XrF4k%3hNx9ZpV5?#!Z30UdTAaM z@D|Nj8*9I7e><$NY7WaJRiA0mu+75NGPK`2?r4_vFAh{{ zcJl`$b4GIrkO&zHk`N1}X1!lj=<2a$J5{ZNIC}lJ38V47G!#GqRl1+pRY`^Ic3ArsGb3kkrA7<7 zU8j2z-^L&_om0id`iV$_M?7jwtA@Y7xgx_MUT1>Fr9HwN-lOW~0|n+(&?Z?n!p%b0 zR<;A;HBtzJCGCxA(5*2?e3Nc=IK7q+(x_h^y~+hk_S6#yjTmkoeviH`%FJc1x}98Y zu2N6YZ(hYd4F4BbEzGhf;J3cZX1bKnK5wy)dLyu8`zP<~@&w`9gXzCd^syFYZcK#! zhQZEF1Z)|(e6S!|>k=0e_PsW(!XdGVJJ{5F)Mm#wmXC^qWSCO7N%y#K5@4k?ZB=8! z;ek>MWHqvySl*MAWL$W97XexW0DJUU4M*@4%7L!?M{=;ozJaaYlWxVaWzXijfrRe1 zcW5Z&Zrf?Rm^4efP;R#ZV8<}^&mdRL`ZNdq{fWH1bG5ASm~l%UbB)=;vZS}ox+pWRR5opAQUrrLI*X4mR0eqDvvApf&*iDu+vf&X82XjaC>-iLp!mR?r_iJyK*2K zJ)vI2a3U_R%7k8a6cK7N8}W|DNy1eW1uD*^Kq|K;!5WMGzQZoPQcGCHh<5rmmAs6S zs$}(GPj221dLI$_%f~z*94yZlJunN=tmx>fx&c4HN2|-W)Y0)KuQNJUzOACIk9}Kp z*_dx@>QOo~3(u$LpHDAzvm9lmGf9i_>CX1S;q1~96nAN1Q9O2eWrnV0?6f<*v@!$J zh3zg(Ta&W22dL|sg_%JSPGBFp3_FowP}!}AF564(yQe81x-8#X$LmzSdD%Ml^X9<> zWBIoK%OCYP>q9>p3kNO_G+dn5W#6E~$@#x=ndq2aBPH?HV%;o-X8x!|@@4ME1p-V+ zlvxv->z-|?XzT->T&?(tL9vcKZ#_Wxr_LFjj{7%%D!zC@sBlr^s_GFdNw#3UK%oUW z?U--G+C88h5XB&;CCOsG7r~K3IXx9N>u@Z2ek>VUaqPToTsm~Qx{m%V z?iaZ~2A9q4TLikH*+>yiNaEUa@Ca?5-CX9G(@ZhYlg>6A{uT)p>BgcJ@rk&qT2W*D z425FD?RLX_OUZKIF5ELc28~4U+J&vU?KWsebiaEjpW}I!L$r5;XZQ@vX9xx5rZAlJ z%m6%jw%9z%+G>-`%Z#6ls(~WWW{J?11FUm#Y0kYBy!RG>k%+7se?0ulp&n84b9`O; zXZ~2y5Tbve4M>v&%OE<~y~U0-?FOt1dm(sZ&+}i|wg`ip-r1#%(4VAu_L;~==Jy4$ zsH2`a;<2?$COH^z5dK^yp=F4U2e6V?LNN3_u-OtIHd$Kd#kj$I_sBJ0Vx})Eh`O`?PthM2YU` zMJz#$MzwGrV{Qgq#d>(*32>FdZm5y146q_fU@dOY0HeYq2NDN-f0#mlVLkiRphi)6 zzcVg;kI%L*NW8=Ed8!~(TiV|6<%5cm6X*1Mr`63-Za z!kk9EJCu$cRbe@-<^}{8lNkYaJc9KL8?8OpoFHli?4^ky6y=1A5tO!FPD#9m$H&3sAl&!KnAdxlN$>5iG7?Vk-xiEst=Lpn+%D*5s z4kMC{USs3%6W%?0jAlm|k|m1{Z?7-p6fLX6 zzb%PTn{t%xswR4jg)8$k?96#;eyw+?yj$HBs(|teyGPz+KZI}(g7FVk7^RNxH7lAyuzRPXK8j;o6;`MFDkcf|rt8KcU}hFVmbW#- z7<=6qiZS*&yrP=TWQ(f@e>X?BA{k@9uUyx#jK{BQXvX8$H9TYNbJaGf6^p->E8D&v7)MA_*k{Qm#s#sD(pvro#2Wn1HB9R4U$mR4q zf0!8jAwxn#xk`2B4Lv0xJGClTq%pr8vrHP?nGZ@mU{Z?+zc4Q5^$HTVc%Z75L3M+U z8bNpTx2|p0qb5gzCL02v;G6{LFWVck0onOycDfM;=8z3Z?7WkjoJ!`9!S>*Y<`r4c zCIWjIQVBEL3JaMt3UHrPpy09=?`%jwUI%hf{gpvM!9rrr%rOqN$%3xQ(63Tg3{(69 zs$@!?uP@oGzQ@+87ifBTU4ovDwkR2}OWNg8(Yc?R!ctsKc;DeUe1VuK@)ojJ zZUy4|V3?a-)l1)4QI6n{nKRfm*AM{{;AZJlb zUDLDTygMDPOWBF7Zgu_@F>6Bu{|^b*c4VYE*eu8Bi0H zwn`<|?`Ku7c-Biz6tpBgGOFXYl$c%kLpWn>w{U34p$`V;3`KA=iegZiuhJgOl}jkrQcVZi}J0J7AQ8~uF4!@@AEDFS$l+;VXE-h zW`e8s&Gd=WUniz#zp{k1+Z*WD2%3F~8DahkIq@AMalFZy03d{ZgccNx_fN_kq=tCh zbq?x_Xuv3K`#J#EsDN^e>=8?`54#5}S@tzjpR#+!~*E#9A zOBTmwtgf)6LD8mS5u~7o7iJoCYgH!M^)QQRsQ`UQg4bc6>K0y}EG%yZnpyZ?XdFk| zboq2B*R?orNsuryigWP1DXf$s8Y+47Z!!nmsY}U*x>ppA4m%<#ErTc9Qo*LS|2ULB z#b{ePP1kedorE|sG8Kih>&hH<+FYF`sOxr!wU%XCl0n}a;<)becnm3B9F#fgf?s^D z*)xe2T9~(dy-Oh`2HlBZQGq5rEkkM~nzv};#7c4+)mY!+fY{FuNe)XO6j1S1qm^;T zeAVgk34sewrb{ZN)t=3$eR4TVzg2_>Z(#RdZd*R}0|1cvFU+()EcVAQV;@dFeg}o) zW@W}FXe%S^5-DY{sE%dknxv15OD*bTQK;&qo|(VOGz`X(Jy4$F!D;{9AxJ z%A`OpZ}hhl_Uh2&ocaMhbt}J;D}{w&S*Q%*aA8kYiyKC>!mh_omsdH2>ge`bf7nEB zt|GR`v9!IFu$9@r!{gJ{i{5M75TwNdHIS<9oOIlwU&AK*t_&p&A@g(WTh4f?gaD`J zRRB;g$x*$6AW0*7=R?w+5&70_Av-ezlp6<`l|QWZwzUKBQoNd9D3lD1f9yiWN=a~L zSd)1mb7RmT$?aQBQZM&U1o)mdP!iC8>}4zrXP!qLrs(o)v-n!2#zI*bIe$8&coZzvWf;KyRj#`&iw z*2@eXt8UMV5amOza2{Y|Zzcb7jb|` zf@4wbalfDh6S!`82O0px2+XpHdwX&3bWM%dx&O2t!Ctz*P-OC9*V&+#nHlA{ zyyWVEd`Es`5aFEtYMJJPMtPRDVJds#7*b)x=u`#ijuA{cqo>Yq^ri1OL*k>dxmGA5 zbKlav5n(@5w@tp3-*~tuUXyzH^o?dFIwF$OR2m29^&)gmd0o60!2lH|X~tNlmsj;ve^4(9 zYa9LyT*@n^t|XgXBeo&UvvqMZg@U7(+x5hdKcC4M@Jm%m z+)`>Ll7K(8z)nVB$FT&vFvsI{q-Hg~X0G`@bF16{7wW;XColsEARf~X(fCAT`^>Wy zNiMX6M1XivNbDrE#x{QJ8&uXiy62W{&oK4a@|ec?qqARt*4T zYfRIozIsCOx4BnSJ0~PAAfc!Kbo~vO+-yr{$$5s^zp-IQ`KE$xFtw~w*f#3bR-Or{ z8_%tEt(+Wh-SN{QUt1;7awskb-3>acKb?M-T|}S?H`Rr#=<8#Tbn{)BgRE?vrRY>Nlh(*LNS4d>z_>h{ z23^|-X}Fn3EiP4<&tkK$2~%3Ieu(-!c4Z<-N0Bp2uppY^EiJ4pQBt)u4P}~{S(%-m zhaauXkmg#NTehBe%lv7P%a>M`m*=PF*iCa55!xbh>uER^6l-pAWyYFPjM2lDDho$| zrsq>m0OJ~$l87L|FQSx z?QLC0y6@lNr@&RhL`s_w0nYM}ho&f*9Sv-fwma>|SH?t&F-gz_DT(p*cfY^4s@7V2 z1K=bniB8{pI>!QmJ+7hZt*W=G_MUBR?!0=uxwpBoxApSH)_xMU4$KhTKG0bH>}>U? zF{0M&Xe&%>Y^OqiN=a;ND^@jTnYMa567%v7N4iBXY|?lh@zp8U%yVSYz=2j+UY6T7 zx|eJ_e;&yiDRa@%$3tsf^R|{9p_P2MoUMf)yqJm^wbg^?L z)?4$5eD36!rS0S(bsLvix~jHgUR)K6F?}bCQESdU6L}X@j!fU#ks7W`jhrdB=MK+P z6~l@={f9J*S0R)w_>!isn`S2@TOyCHi*O|ihShj5oJ+C8$ZLksgjNSw8)~&9>mflK zDhb@Aj?o|twxDfzq+}Hlg$$x@fl`LeZw1Xv^%9Z! zVx`1P$G9`$W@565Se3$Cqbz{4-`s+TMQ?G>vt-7PtWHe?%dV_Nc&%ZU_&C0$8eZd# zvJs@V8*q#{fRR>MC;svd3zvuC{Uh85)Q4Mml8WAt~K4+L)&5#_b=^ zP}!Q~l22Gl<0&~-C9i-KBS=YBjgAiu&?le2h*N2>8?|d+~pr^oLe8)q){c9JE` z#heoRg@tB0lDg`~46|??Wk9sp&Cumwyfx-W({Jnt{Km>TB@kct{U&=kzK_*1$$4W( z^nTX0C}(ph4g!caS|lQ56(~kwdEssiX9wp9-UThvc8H9OnrwEJ>=s}N?z0LGF-Il5 z{#FzKfx74G8}UxN)a{a{fk3f;Su?^kG^_{du#-7sR~PGUbYrvk^!;$gE-UqUbH_ zcX)z*sA}J0GqdXD1;yS-j69=l>yq4^Yeu?{Z!3;Xr7BYb5H)-ZPMj6GpZA^FK;WtWL4R1Y!vW7NHnB^m`J%CmL$~%o6tR#B4vc~ z5PC5|IVA4G#UzFNP+M18Mb|Ss|Mc)r$e}_`z&tyAb7%!l*qI0{CWjGiF0_9k{7ojr zazm&?-KtY^yJkS{ebg;7f-QIW?kfDB@Q}q`t`F1fB+YH$(a_LUSFM5d65Y@mNgTFh z)YcAlWA;{8brhmQr$YPuUK|%;Q^yV zOB)b$)_-5HCybj=3y%Z`gO>-hiisoWYAywC{N`Hnn`Pk;+&r=pez3z1ap#J&WE8lw zfi)sP!pMIneh+)jDP*x*snF~Gb!~PH|Lh*F;pENL>zo|KZbAoNla3M?);C_LHf?&l zs1esou95wT#Krhy{*{Pn+gX8do;x}6cwqP=8i6|PD|tsO`cabnT?4vTJ6=kw@hojs ze?SvRUYLZpvAOj1>XWN2AkHK|XbMd`RezT;fB zE%ld}4t=LltfwDpYEk0LXt2mgQ&9miSXS!ssa^oMWO&Q%;oH_cg|8AcY|ZNhs}_pe z5%@B8wDEde7-zOIGPu7x^;nv=sQ9~B9cBr2;JabWvQ^P82v-{cjXA3)fPp#P8BBT- z$wX?L9-h*gO0*yH3;@;SyenutC#`9Lj$jaqDS^dHDRCZ1^M#l^J?#B#l$)<7IgEW(T=oLHXe5jHOOhP5jafZ|)!e~AP2jChpjmyC)1Xk8W zx~ifTZVKUy@DB%#`yPjI3HPOeVaL7{)_Four^=1hlGTQ^<}G$;76WBd;!mI2L{L&e z{$%!NYA`Q5#J7K}bUgLN0l!P^?l`14_R(jSz0!4gze2d4Bt zccr`#yGU)k_4&{tdxGXoigW>Xu;g^Gee%s#+5^hrr(vL_FFP`m6r57H1Tmu{EYtP7&` z7=dU%g#!UgdDxZF$Ow44;W(xSVEhhz3Z?d9gqjtxUV}LEyD+TtcYK+>_my-O2FU#U z#o>%FK*4HTbJGd1S&pkCxM{~`1X)hH*^BP}j9ty;RnJfZhBvW}@_ac1;Y z$LCXztvy5m=r?%J-{C?upKVO04b-8h-Vy||pLa7$Te)+gSg^40D?!bjEa z$iY%5+V6QPvw2*QwILa2cBqmczb%&iHtJLx zGvCTCCO7_L0s7%(4XkJB%O0-;OOXzqs)DaOXR735*?vxZa(p`N*a|>`DVF{NS%*0ZO(9G1boJTC*S()F9$u%H(Mbt*>j!n_O<11kT64~>Ev&9|GM@pYrnbS zsCLXFFPtN<{FE&8T$pvN!{!wQzj%_Kb?&0~igEW0S0)S3O$`X_p6wAwXth{T>|f~n z_$HRe_B4X;gbe|Lsbx@T+9ZJ8i)}LuEH#IBh4G_puHEHJ0j`Wf6QHup2B;j1u2*qI zpiYfO6m+2jN*UjnfsV5~1|uI^Wl>CAn`J>KJ;5~g)*Y-KODAzt-`29p%5A=NhJr2Q z*Z1K(MGk`G2%1cRg>0leadMMT*%P8*=CkJcn8)n5 z%*PtKlm)WIT>rHsRYoO!F?aK^vWB8sw1uZkIH-6aTP~Upca{W@tkVqCl zL&!^8Id+<1qhNNiY)pz-Si_P^eZPGMT2`_hu^kLKIyf_X1OAiKDT)~Mg(-g*P1r81 zv9gLK$`f(T)1MZW0o9H3L9p4 zjD^A+r(=DsOerlL@`>>s>*h1UWMhq$tlpv8iqs6YW1&3d0Qq{VRG(NM+6J3< z%)7{lu8I<`v>J+aQ#Xku9VhIkY>t$(Zs9B+Gm55Oxn_`rRa9)ysq@+WS*cFNOlIFCjK5)8wT|06{kfNFUYzG59qeXO`994NDAYu0jhQon z_Bq74Mpqwvy-Pkl#;)t+{CHCzW8(H^r(1f}gt0O6tvd=BI>y6HT?Soct6q?yaT9x>#;tg4nPQea)TprU>rhP z^(rlx%g*ryjb|)Xm>CStOgcEC-(Kux{iJVh*g~68h1I71Q=Ew6M9WOtuw-)HTVThK zu7wktyYl}_+3d(i>JFO$00_PUS*}X>GH0?I5`vb2;U6Zyp_H}hCSDO(ii*K_u>g?g zF5(;U1ahR66%vp&Q&dhmSkg`>5a9!|sV9)UgClEbqGl=n%@i9Yy`Y9n0dsES0FsbE zBt;~6=bZo{S$EzY9zy^K)qS6G9S`E^B&({1U-5+VQazPgm5}nVr6ju&(0OY!n=JZ( zY8BJXyHm-Y_$9WfbQw%WVS}U2KQ3`015Pd4X$P3To_#}#ty{>{6!L5|1f$AjrRzG; zKx0Vc1j;Kla5O8Bp8Z4c%1rSvXsVX1g?l(2IgoZR-;vFouwBYG(E`7QhXaNj4W1j4 z08Ku@1v$k~U^FWghIwTxv!r!r>g(Cgm%hyN&Ru z-tJL0yo{B2Z~`Pzz$(^XZf&C_%Cus_H~y>+V_PS1PHubf4n;DY!xNHijBGn$hSU#E zN@~NF<;20sUP!n>qtd8$n6c$30Q&21MkuuUY02sGS>vVgmpezFiOsTMagn)W0qLf>>HG2|DwlTItoSFJ|))0 z)JAOxtyY8i2SY4qxke^8m6n65{+ck=VrJV9_w&KFVD0hPTk7;_A-Y7^9wM#mF>2Xn zjU`sJ$sHS_tTsq2CAN@A)_PMO)P=4?YIebaC#*(5G6Vc^QIPO;tOu*RmJilSwAU$& z52=IZI%3pocJB={Y!6_2yh}L@A;+70+_yL77TqJdJQn!kSS-i)SAHtTe|f(TpwgvEE=t zcs%1)c;juUdZI|27yxaReGE-eG45WhKbaQ(sJHC|$@oPQ;wJ$R5ssB+u@31*k8b20 z&>8)Vm~vC1!ss$i83V+lB#D-52Al67RBnmR;|G88&zY)3j?V;moX}lLMG@;E@>*Av7q4x6g7$59g+Sk zU!M6qO#M6dns~wj{lmt%C7f4;E{o1;rySNb`tMp=zC7*I2={@}eI#)E%5~#2?yhU( z7%L6G4I2z<_3rNX*gL!5tm6VMe~`If{=nfIw&->m=Slz}eW%MLo$Yg(C!un5`fl=Q z1J`1rX}!t8qQZP0xaS>A3Ut&RgEXgK9yEdaay?!5mhPanw{#oeHdJ^WUdt!`R;9v8 z?31^ejawrsn@eiS(K{@VD~=8r2#`w&@4zbURVV^e2=5LWw?@ybaK!xw0%6x2Z3-C$ z47(iCgU0wVEz9t&qZjno^UewEfxdm|;esYHg^j%(7=Pa-fNsDCXMzIt3bG?*{()33 zVTFYKOI#s+lLHGzG?bKaJ(~RwU=P2hVZ>-EYxv&D3{txJU{>l`opHqMyv24il?I!G zkV)q)Yt0-vN^9s4WMHX;ckqA?M+5INGO2(WCF{f@Jl~-@o7wr($x%+hECEJoT8)WI zr;0nOZ*f7dMm>!p<+g@4y-l_P3z3aR8REChPYz#TY((sCm)X4WXs2z+JO+N5yI6*g zGQ6{KXgUQogOQSL$ykhb=UGOcK>g|;kFTab&Q(ID$8-XXk8df zYESa6k*epQ>VxoM7*O^1|S?+D|!{kX~RSkYGI@V@KV5v^{Yg zZ6({@5)-UNSK^I5xMIN9hc*Cl^qve)rw^wA=Cl_)-6X?j1U1E*SX*+^+aJk5o#v*$ z3T(6WFQN8MpKR&RJ(wa?=e}-Zj#X+^|%Tuqt;LC4^BgM^;M5x_mR! zJ}+|Y6GD^AC=)sA08QsTJ5*cdms;q9S7Dm~>SK9|Y9ryr$ z#Z#*KM%s}Bz^Kp&ygs$J-FOX(l%{i&rPwp>(yjte4=aS*%nY0?%H;l{o2B_$D2qfD zOC#Wbx!iK71Tu(}4sk?*V~7Kp#g5AcNBiNafc=OXNZw0Ddy+5c25b*bTOK!EQaPo# z+t%ZXaWU4~S-}X;@AlV1lT=L+7v(9hgJ*$KMFa^MvvI^DjvbxfwE_e=$Cjqebj5OE z?9iaMHeJFSe1q+hLMwswZh17ANpE!R(P3k_X)jaS^^&sMGj|cSW!rHO0gLg4a<<=F zZMV%e%%~u_%&bYFkaBeK7}c}h-NjT7oQxk)x~8~x^rH)j&%6MTpjll77Zm%Iu@objW->eH8xH^2V&>6f~q@&~_cJ($H}fTDqqM`~4u(=m>% z3pFUSX{UaLbf|ul(xr{w0FF;eFL7+`tN?hL(qCqG#ENN79uDBX`f%AiY?29+C*knq zxDWH|s>2fyzvJN>woTC(9(CA?80c6=!Bw_NI(#gv;HJa#yGo$D8V>yESSu2UeK$mo zX>!$N^QxN3f~DJUzQmm-W~@iTN`XwlsOC2Rsb(7e{>`=pj(Zf7W%O~Ms2Z&-0#${V zqS8J`nNq&q;KR1*H@1qUyO}dE94`57`if3N=RA8fGqd*^R8*j^)&{!Rw;0EB^mLvC-R@P4iHgkz{%ojlzX70+mP?B$-d9tlOCd9Mf zIoAFVj?XbwIU9HbcLw?aw`tf>@pwmKh0H2;Vvd1iU$jL)TxTds0)mC-Tx12C5og+1 za)mjX&Gse?!T+k|eiP+oOe44)VxTi!%6bDDnXp(k;e5=7%>|ms`WE8SIU06ZJ=(s8 zD}08`zXEsOy0E!gNfC#}Ig>f47O)`lgCH8EGCvvg+y1x_^=G$EfJ0L~wX}=)Ardcg zD095nvbgTAsz##!g)QTjPSP-=dO}H0G{d)Miu6w5fT-p5i^H0B{QB zh6qr!ht-bjB*$2j??M!j?>Z4)U{AJB<-zal~?Tn=eRMP z+Wf8Ng263RL^VL7hY5oqAFdT+mZ+v;{n_@5tfJ~yC)R!bcG&m^G&$Unqfwzf8J3|V zBrmuEYkPDA-}erbtQ(gZ=p?Mlc{RfRRbVy0 zR+i>U_M5Oyp&y$Cta{ct(wCnHI7#ffhhCg4NmUdR3=gJMTVc>A=LFlC~ zie<2RMaWAm9{C|gvW-|2?!uw$fVw9BSUrA^Mf-?~Y1bY9fB!H)x3)g_Kb^UM{CNK_ zkIG+juYUY>{5n~%R2;o?W5TJ%%C8zuETL?iw-hzZ27zKJR^v>&&bqjX--FxMG@b#>3|}YRQNL&NVtvaZGL6OYZ!b zoUrnP=p)O849+~R%#v#>$ZT5Q%6J8l#Q9&L~P*4oiy05g8sOKtf znEka=@Xpla)>J<}URC4fxv27c7{@%>jb@@>hj_9#Gkb|=FVR2@rdXr=qK_MzAqVsRnRrRo zO!$WjdP=k&KVJ6XHbd*(xwY_mM;B0O0JT}Os2cN|LC)?lt1#uSjT-muCA@JX%PdkS z`|4|!>fRSOmvY&m;mZ=6i+&Mg1SzSd>fOY}FsG4F=#1<6MhXxgs6ym!TlTy>HF^hU zf-&5YvWW~}&6|s`(e)i}Tt!`AFDXwmSI z>uB)jm-HTPh>Ql)kB`L~B4g4UX@kA7?&cMu+Uh(D|0!XdGCGu+lPl=iAV}YKJhfpy zQ?G7H#3-_wh}sMcxIdNh)V4w&O~9XG|BbocHj_XMAFvJKbuq$(P$n3}S3#6?Lb#2y zYwTv`fveM-Pr!`aDDZXzOZa>saH5wkN~01fu1w?2?I#$#CBXBEAO^ysEO58cJ?K-0a|4!-3_(A}&(xy+- zA1WQnN_|Q!$o32>hyPVwPGZxbF%&NJm}Oz9y(E46PABZbLkV45 zv0~-u1oaYw8fdZde2~NbevEUbC zk_bHtII-D%l>{`2k(TjZqmJi->ATxoPo8WxAn=1~EPsaKl%M@*$cEZ_tX*fbm6m%% z?Gx_c=n6xb$IFU%iVrTSAD$iSXTl3NomaeH>t+z#GVvI=hz=NFqe701zxd9zxB zeJQEQQPzah%>89i;v-IkpYbz0#drl-OR=}3y)$o?gWHw3ri9*cV~#Dsk*}>_9paB0 zs+8TRDV5pVP!|TR-%%4MAP()uAOFaP8w|Fr8v2*zhj84)dea(WOR7MVK(;xF38!eE zfOd#voQM1%C!7r$2 z+7osWsO;!S%so3Hrn};tyRalpTyEUZ9Cg{zOxAT_wy`-Zd(Kze54U zMmx?maTHa+z#>bwEHK_7qSY0&mP52=;-y+yNGq@edNMoUKw<eBOQv=Xb8*yhfY#fcV0iG?UuQ?Z{nqI6?&v+lA@hn>CfsBuhl)`lir<}U(y(x6 z-@q(GgC_|&OG9gE^l+9y{)?OgiB|V&s1dMC=3Ldt8c7xV7THVQJZv$PS5(9m)YW>v zJ=U#&;EK6cz7=Lf&RG=}7tm(=-N|8=&~9?g-i%%W7g8@W08?kaXnM_-HE+HgVfaB= z*Y4oI5nS57NbY6LNepDjWWa*Zta4=>n^X$BQA^aS79_Mtvo)ww5-8j~9+i3EWQuLt zo^x?Sdat{ZQrU={7hK1rIZ{}fkQRVRT_RGW&^fA`z+HU%i2^03I9lKDq2P>|t~PG` z_SQ1mou^H`2Y7_6D-f^5-E?v#@AR$PgC75J#-GDxM-N)7T3s9oh_&&rcPR~jvR03u zkx($w%vt{K)52^uM$4={Rs5DcI5)V7ToK7pgr6ZRX0_;zb}>jWzs}`DR2%z5atKsb}UO*@BwME{z;C2pGr)moR>Y+QlFCq8gL37F>=dCUd6W|2;0hRNsy|J9VQ%4!mI4o$QgIqY zCF3j4NGP*-BI1m^*ed|H;;-0sPe3d&!h@P6IfJBS)55!Ef4KTr<=}|D0p1vNmL*b9 z27*d!J5eX-$H{4RD}-T7-p>gBbYp$@MYH8PADsEQrSNRy2p&}4s#4!bn&23IlVuuf zm0z6Uqe$>WP7jPa#He}o&9-M12$l!l#}3fX7Veijg((JP?^F5hFS{&Sjo*Ok6vEz# zN3Pdq9lAJZHbh*~&jQ#eczlFtzydCyOYvBY7}7u(WUM8eWm}J>T$d=QWp$JF1_3ot zO(@(e_(Q_huHAn4F_nw9XNubK*o=~N3k8`Zu+mZ~;2uexg`5jZcxuT}mdBh@ZbtK-4v@a}rQ1t|9 zXz@Jbv7F`-qA1OP%;woqYHbde45rP#?mcQ|^pu!!n2UlgOh2^v`n$?p_ndgvh{HEi zVAO~|gim60Ju)0{8F=KC-r)KJ-!z088Au8^YU`I{z`F+|91^QT_z)|=$aF}CVCIF) zHB#BsxjNxB>YaO~*hwh_!4q6_iqx`TwN){6z-F-{SEaFRVi_i2ZK}e3ObLZ6bd)A( z-CAr_w4KG3Ce)oK;b$lbU}A)~RVpqEKg3#NedDi*h#I+-(W!cq#L4rfh~ULctu?Xs z1!m5!thnmR%AUwHmi1{%j4gabqw`Z-Lp0`MDx6Fk-PTwhb3kR-2VyA-8Og@*jQcE! zXZv#kk^CaT;yD*4cA0*AL^hpgbc812G7mN0ugc%AqUZa=@>SD-cc7!BmRTt1l%3tZ zSG#*Vo9oXVRruQV1bMjrfwVEMWWW5Erxrot6=0-jv0Thfvb4Rwu)CMMZI%VTaVS z5`y4`P)llcW*X>GBh*W$_j0$|oLNmqyiKC&1ji#JtRfu@WcG z!HZjBZBx%N6@XVp-5KmD>iRJuD;qHDok`QzX+=i7Y=|ZZsOfzR^OBL6wH&>`ZgTNd zz#IPd(3?DN6~Em{Gif#9kBf8Mx}T!ZY!IfC7j8PIPGIPabg5TQF%ZS7u>Agm)48ww zb6RY8D|CSDXGB3Bkwgu&zHF9y%Wfd|Ho|;OJN{zy0u(YX+?7skF zR@$I^yF~?rnX$-|Dcp;bQ<`OQ)gtDSY!sL~56cM!S78WF#_L5t$m9<@C&@Hz5EH-| z3R$XTGGNlrc23sW0=+d#K!5`miARTI=;Pb0=s1p_q84p3bZ)edM=GNB6CIA874iqumIF>PcXWLPyeK8!oK;FF(TxsiSIq~ z_NU^+tb+$a>}PTa^>MqP1RqKOpY=l6hV4?!o#JRz+KhWE43GHAvpq@m@a(`T^`wmJ z<4zQPoFiugH@|viSW2`HmuU&DId{BP+-xkMjJtBWMoplaT&-|Yk`-X$cCRdJd3XrF zTF(Vy#Q^dmeO*g6#Iv81BnDLjYd}U*9B+BL#*4$+G8U&U#WMuK5kZnXZ?~|PD8C~M zJo2RU@j2z#D0d-tb}~zzzI?X+;_0jHotJwrzy9{gtDViKTYzSBM!v!``Q+Kw#-0cE zRf^xp6^3)*2q3PQ4;5szSObm3F~C_L7zh@W8CpxdBEH90L~Jp$itj&uc=7^!f71y&}f4vEAF}4rKTFg-c~DDOb@rPUpli^6(Jm`1{k zeIXYa-W}{~d}(axSa;T@D_?v4W`_P5yIcZJh)$`3Gc*5ji?cK`V`teOctimnD>(w( znJDZkXOvuVX4jiMc$6|Ni&nhu#5iYm1Swqwc1yuEqls-eZzCiPA|OFHl%5E1VhY;k zgrcaDF%>VPK^(@gbD$hc3k4u4l<6}1UG^O1F3P-zSDNzni&V%k&r=0a%@7WIJr}Ei z7{OU@p)EXMITc~_H?}r6Hys8i7Opaf#+;cB%ai-kbhS~M@d~g6tstCvOPXI(QbRCQ z6N+}fIg7HFid06q`Q}?IiNPh(xJA{n+5f=76`QNJMcswXc;gC{p_H@06GW2@&r?#N zskfkC2+iP)20XpEIhvv-`^S&FKFYrqFF&d_@{7 z@V9@A*&y518kM?7n;MClf*quluQqCYv#629X_k$Htg*6^{T;mDPTu-np;FL}^F_73 zrR6EdMd_o#*#V>)a~go%c4a9yB}2K5NxDaFKn?6cr0Bf0biam3c7k>$WFpVAqaVX5 zXBaa$f*tYxQacNv*8}IVMahnWGh7DPA$Hc4X+w+699axYnmK%`f5ch1 zM1|;N1FK@pUr}!{CcNBagKozRCHz)VSqWff%c&%%Rgnhk#M0ied^=~TJ<}q*{}oiG zvPuJYM-35YA^`d%k~Ae=ktD)_?q^K$Z^9(zcH4j5*!}$~V+z-a)9ndCvRHqzF)rk@ zEXHswyu!r^yLKwtNbF-g*9;8Gt8reXHD67~^}A%~VIw9x~>ofMt1*^%s> zJgas{KCxWO&&p0H)2B)PLm(O@ET4c&fnEWK90E)l#HH{?t)Hu(m6pK`q$+zFo^Z6W z{jK*Fgvv3LD5$7kLmFUbqSh319-O>6#H2K*Fw%5bPqTBaVa9IBlR~s2izN+@*`1v6 z6v_8$Z<9d5%NNi7_Uh@&mrtKYu&MR!8Cr`FEUOnF0+1%KBx$_FV zfmhqs=^Y*0H(twmKasRFwRq0|g|lRrGHqwBp3oyIqt>yI~g zb{*MDn3{9W3YQxGj&sKboERIRv zw^5Bt1&b8aJ@Ni;oX%!VeFqa0o+n3dB#$+2W|lvyeqbdZrC8#Ft<0LmBOBS2DW&F4 z-vhX4BvZnn3|1#+y06Lt;FJa;L!4ja&9mCrc$yA}{n3M4K^K|eW7s9rdeY#VN;elZ z>-O^oT}Vv1F#d=;z_orK74Q-`TN{;<=nS1JwUmt_C@%f(+%qgLz=s&s*(3mV+z&ke zARM3?xTe#A{pcZ%fpq)u7a5{k2fHZ`QnCOVpKi{IX}o;3zP-Kq;&B~Q;0O|X3gV~) zN3G>$F?&^5A%hCr!WGZ;*dvIrj&JJquy6X!wD0&SvY5QER}?O^eW1o|9aGUq?jr}) zk+Aj6rsv)z)Xn=~d|MzcJRIgiF$M2>ssIbiK?pjiT5`(h7kvZvrTzdns|0P3jEi?p z42fuWh55o9<>mX9LY*h-{!oxukj;tD}jilWNudr z7bZ^7l{j57{^lO{bcjHw^&ve~73;P&A(w|1HF2P-r6?+q0;J!s@4U#p+_b%M8b-K( z(Em&$)6=t+m8{vrFF9_vK58JQGrgxw4+|eMOjJ3dgi(%?OZ+fRbStt%q2fE7nqF2r zPkK?-3Bh&?1p5`Hp4VNRUz+c%F3tDm7rP6c?*7tZYk`uwOY@71-TCfHf2F(MU+s3< zEA!ojwZ(<@!qU?Ies{6EGC!E_b^FU*KJTyWFSJ_=YxCW;#m@Xfuhm~zTJE)5t#*5X zQu%dOTDU$&}r+x4*Emys*03UD{u1FYo}p zcDuhnSnl-~7gm-!^ZajRabtBvDxm;#<+ zub zRS3#7gsu4|p5qPXck=|z-5dN3yJn+vbX+n!z};!FR)yJ>WbQj_q!cj)PvH~_k1N^? zab?x5n0+Jzo66s|?3k1h<0ocO!sBwVI2R`*kkWLzM&$G*=(8BcP(r~tw2Aon*!aCd zPRg}FQyXos7kIwzKS(FyX7|JtbMUzPf=aqbW}JCEgw@GsarE&u_6TlXR@7-UG8Mlj z&kjK_YTO6WM&7>ceHcUJ2E+}bYlBppE(jjVF^lU-Zj9c~E`ZYtmXwye3r+6tnW=8P zo4<1s-f7Y+Nub^>oV?GFQdPm&o?l#bq>Mm{ePQ8j}NL}XRAA$Ju1v(TcgP5 z@=G`niAJUtp~8eByH$*STUbhm2y>o)N?&!%0$8+=V7mwu$Wf|1rus8lD7d%fS_D8Trr@jcm})D322pj0sPj~aliB+nV?Sa66q8v`9~5-ug#l^RqGIx$@xILZ-0FrujRePy{XTONrk zqW+C;PcvXqE?mp_(2|clG>`L^aaQB>G`@{*_V%{Jf#)kJFAn3?xw8-Vt%yv5 zy>BAW3-gRuO}gEgb^76W)M*#J-#Jt7tQ#Uv4h_R0Yk(>^@4JI@*tsD*l224}*6U-< zzP0rJc-ep})dX}Tj~m|N#u=$SD--qF%A^DdpFHUaXK@=_W?tVC&EPFN-e|bqZ%fPQ zPeCD}mQ%KEl8}ML-GI|BWr5qBS-QW>)Yt}zVW4CZ-b#~q9#;zDhigPzc-6fLZZLLp zZ3BB$3a2FD!dgwf>>hh$fw8tDi>Ab#DInE^b>)qYQH(yu`b{%A^u5yra80CRVW}Gl z(-&t)+mu4pqK}XGX8-Ggb^-CHeSUccd*>j&`PNemr*CXyqTaBx{mkS(pk$m00!3I- z9!4d4=Zgi(YGXT2VgB)O`4C0 zXFibMl0qVY@QZWW<(@R2zFhx){cnj!VwZ>oTG0r}npN~@jA*i##CHV=MLCRVIB1DZ zY$=opq){x`ii}-dR%#Z1%Vd42ic`+vqjn6G2fJ8Rsv(%NuyV1KPfh+n+xpE-sQJQ& z6&=p=9iD(XF(KW5ePbV@XNk&lf4sYTc10j|q45&h+{ zyp=#3$3=K0&IZQF2{Z!-^^HTS>wqT`jBlY8 z8_sd1M>E^r)At!DU&*ybFZ2|LfKWP zCL@oVx5ZUm#pS|Dq)pplN0<7b7Eq=v^S;&59%rnUnAu>PvVGMzn?0|qcvl3 zjNNzjxnn>?+haNsQFG+36mF zQ`c!nB{L)3DzseKhJ;QRd+SFZce1sJ1L+7zc0735{rhN2#K60&V!84*WG+-y##q<@ zEPq9^FuEg!L~%I$;L@m`HauP!B07m=Erji8F^&kZJslz!G`>fyhM5xYOX`2as^2sp zr%v*fNMXQ%EL7@RH2JBfZz+QaHE@5?MdYa0nyV?miZbbF-6N0^;>v>_f1VgzTiW5r ztg;17Bib5CuX7dQ$1P+ANvbJul^FwN|H$g@!bm`-ApAn@*`2Fmr#auG1nomN}IBF=UW7VmX=pm*E-!Ej_-rlhkyV1==fxK z`U`z#FW$U;clnQXC=8oVo_@3SpMQP!{Kd=d|03V@+wZ>r@4x-e2Z@pyLcyL8BgYzw z(W7D$R9v^U!_qSw)=ID#qvpRK@4njn@9oW>FB_ST=h+I+G8HN=|rr%%Z*Sl{E* zi^s2?y?na0!H<+sdA0HE+ugm*oy_HRF{=PR?v&eddJ9oTiXJKA01caUmyWV(8!w3| z&rS%loe+BVgZt+MNs?vGjN>*m6nkHo@eHc~Yt+*$SdpE5;3Pr$gW+GSWJ+7cwpZH= zO+OLlIVFQ$D4|rbk7$nxcw%D{3H9c#DhkC+Au-YYae2g9JOyOl4bG~`-~Owo+!*Od z%UAd$j&1mtqoW~vz_5Uxy$TAp9k<_z>zyhoUw+-*azCOJwRn>+clTavb3ME`ss716 zKqZY8al18)bD30OAC|3D#F9ZzTsxMmJpr{tqS@g(avHEUP!ye;2T3X=-$NG73K!kl z|KP%*BFM6tctPmw%*rpZrzA>)lU_MC%9T~VsY$_{yOFgxM0F9ho4Z_YaQ00#7GPG5 zEm`)*WJ+$-{Yp=Vnbq71@=7=|xcczWMyw*7L1BGAsyZ{{)=s6Ffe1N%F9- zPPQT-Kc{*7+2u0{x1WTX(3w3(&i-+tvHKLo>Kwg(H1ov%WkNgWk7i~^Gv6wG#y@jT zN;l1(9c<1@vFyO!B0VMNk^uGvAhJf$)gl-)Qf-t?FG_%q&KI2_su~fO)8XoRb+YWI zloLyU*Q>p<)W;o`wdxLw`|vW_gZBQQ)mhnJ>#hz4D}(N0XQem4zcy$sx4XT;!ot$Z za(AJ%gx{*y?Jh6QFRv~@MOkX?FD-R?%L_~W)lO%jv$il;=`IYq-To3MtgWstcYDiA zt^WLScfQwKTIkO2FE8kNy@f%0rQcqL<+9vut@K;_?Ln*ETWl|`?5}db@?dFsp|iL+ zzu#V2nO|7xueRFE+`>XW|s*g-IrBrAxZwSxjs9wbtt{_LtYzTD{KN>PoxI zv=I5!+qqTGaau-5I8*$z2msK~f{N9u6%1wPELqAtQ0n=hYy zb%oajea${J(?zHqLxMMv$-2I~u?0%c&KOC)g6txI!fWt0u6JBeFcid>v-XuJR~y#; zrH6o$c@%tE>|YX_kI2BvRHQ;QFvW@Z^@8vC(Jd`bP7q_LmDOn4M#CBP)CFOf5!E?H zn}*ym1mrr-R%KLr><)SzVcD?D_^B_WL_-^w399J?%&OX4`F$tQ#^c1VW-a9>#t~u# z_Z7Xk!v@O0ETfKsGVaaYlMR&5Rjf5q^$+mbH~~~dkY`KM5wW@ zh)+o#joQiK2^?3$()~46?6{o=)b%Cx*^h`*kx5h>qNF%gdeE}3EHU1qdvSr$h*+by zGRPaqqkp4|uJ)(8F$&11XCu_ zK_gsh6^i*1ZE*FaxgA5PHpBgf^g&f3sazIwI!<&$QlHtDwyi7~l^_*A`>~@?2MKA1 zf$ZGxv6I85Q;b%@Que70TXj#r2J6pJdM7oDclHut6>{w`9D4-frLnRZ{z#d6?}7q_ zif6%7^k77`uKY^w$#z@DJVJ`9We95BS>gng2~AtoGGiNl3qeM1qQM$Ms0c;Dptxcd z14d>)hEYCi7H?6#6JyqAmOLRVf6gz2z|9}R;yLVVfoJ<)sd(~m+&&)YG@8b>3c@gM zUgQ&6!fnz#IJm=ZC$$OXevOFKSA37c^L~XQ4P<>*_bwYXJg=$*V8*zVPlzvB3htiNaf*6l zYFU0vQJL8!whg0z#V@3KXldFhY<45=QzRqp_Hs{zoqN@oeMtqkRak7#V>yMVy=ig0 zv3zwcOu-x%=?CV2k_b!~BW1Gl5|+H46R&Ho;Z*%lx=xNIKPoR-0UVW0b?d0QCOmZw z*D=<*7vI5rO}j3;sM1e)WmGO<=IeCtZ}9RE3hdphI3^jvgsi%Q{T4ER%s-Z8Nwox1 zUSMUPY*I1ehzZSWrxNI~hu}AxO4AH`*s)$%bUm3Y$yRMIuPv>uEiNxFue6rtmlxJn z^vB9Pf2{J~wdMBG+T#4;(#q=m%1UbyOK)MVwbE`aueMjnOITi=UvAxajfMH;6*3-H z)-X$#=jYqY3-hb3#f7ET{QUBA8+&uLb)yDDEfYi^(_xP>N6rUnRZH(JA z&Ksv?D@a(A)LI;Z_merJbXqG6l zJR6G9Dj>W*?!cjh0`NN3C6NqGv94kh05AI&q&Si%i_a}ISvJqO{Ck^diAhMIki`^4 zNNNb2!#!OGi}c#|eP;=$`Zi(?H8XF@LNsige8ih6qmu{Gu#V5Go=J_1)XFAbDT15n5W`9YD&;_Z;EzngB zNttn^B3M+t+L6_W3NI5Cn#Rq*P4ioe9o*K#UJIg!`H6)n#>uQfP^>~_!Vnh)jWPyKPY0m&#Mc9d&)~wy zmJ{J5qm=rN@}M&qHR`nzJ_E&@g0LMZ1=S-Sgt*2awgng!eK71SPA1~}?o$^C4i@CH9}<#_y>MWTDKBC z4n_`JNIAR5B>%A{ayuxi?W|BTW9nQBP6VR?5KIJs*2;ajq@=!4_w;R3n}?8PmH?DJ zJbGUdkS~H5S^eOPSdIPn^cU5G)DsIfq1mg}tE%q|W^msNn!$!ebXlntTTgivn@mZl zU!d6B#z<#{xacd7f1cKhs)IEpXdTjo#Vi0bRTImU@!7G92pl*OBnc)CD7L@Lh~xoC z5S2sNp!S%rJtRqQ)bJ19s?FUEvEi%rS*QMnJ}E6H%iW}l)cws(R} z?mEB?2_YuEN)hw#Q#iu7SuFd!Xg4Jzq*JiiW#?Btpp^w5Vn8B0K}DE_ib zYPTh%n`%*kNZX-iDJt{Tq;GhsFm3I}Ok9y*;yO+0QN56O8l5Ztng38W(%$fYkktD0 z1bL*-`uTvZ`DU$gnn<7@r~As5oE% zT?=%eqiwEp&8BKks>~LgWThd)E_%vg5W5spz3 z3^|Iy@K5IEv(_;~K<`S(c2%6#Ev#_#Ld1Fb==6CWVq5KgV-50*|` zg~D6!DW0l=l7`>!c@@WhW{!t7U2E4e*3(74V6A49mSj~v!#xPuhEKA^<63%9_nAwT zRCA)n+O^z>b~t{|%X}Kx3F5PpHt)}W)&QN)|5)S7>dwN_+Sqr?1BjFglDB=mR$M)M z-s&N(XPh~e%9~nQ2xL`QogJk^ZgCa7iC12wME#z!ZL|24%wZxDMsWp!(Wu5`{!09OF-9T%t7LSg|5KY@`WQ zJ@dAYlgBgH=qXpJDjjkQ#VOG;Lq5{FVPkkqW~*f-x~74ShaZlPyz*C&3exGZzYSkFg6Y05b?yom9r#3mA${)A0-A_<-i{opE%KiGF<(Z=p*oK=#UAdHc&KUF6Ek2-{6XRPyr$=Bcc4xKGz&DmGEds?93eb_D8~b%|HkaEYY1 zyBw$(_YTRqxVp5mRBhT_^)&gF22gIuiE;O?kea2(nEcr~+3TEsW1gq7Gv)RNDaybz zi-t#Ime@MDq2+tP9P_$vp4UuDFnmh-Z5In3q045*_`_PYoxxVL`^kdAzs9A!pNoOq z&)J#bMb;=_khur$Rz*ij{L+h+aOYz204fBeYN7(9M!*Zk2G7K6Nw`T=Nhtv=oOQGN zw-=53KtA5OXR%NGlpnctMdgXOcCU?4yHQJnj^jd&b zrkUVx?#5(dS%Xqpn^|~SV&+E>J9eE9kUNPnAn~QNfcF&24sXKinlcjgr=X}?-Pw}1 zIJCa^tof)yBD6I7%N-=o-o@$B;98kc8TT4*P9noCzT&VeZdmv91%=M6xlzgtt6nfv z@q}e*SLO~SPnzw%w?2ioKTiKI`%9*Q485|wGK9gug9S9ksJp(+im*TR`>8di#po4p z>DF+bb~g6tH?f!i9DX99?-K=|bO6q+wSG zvFswz8nDw@HWvM4$~52Go6pS>(dPKk{PG#R2BcxjIY<6#t2fXJi`(9<`r?nWb;~uxhy&n?g(=&rN%0U=kvpC|3@K*Yfy(>9?8*o z6uvkMyXmATCs1A~4TGfTCoMFNf* z%9UTohn)WE@2ixm)cklQbPsl}^T;rRv?-DgFVo>{`8<%z36EYl6+gGXj*KlTvL3@iSfcnT~H+vlt~G;shb$3q3AE06uEDjgx#5Inj}tB zH7!o=HuOrxY3}+_o9TU2%lm=A{$W3(+|0v%V6Rvh%Qk&7-v=+qJ0{DnLlQ8VBa%*N z1f)~81KV6K$G4rMpEHgiWCDeVorH1-BOtr(`z-V$Sw@d$ zW;P5#OJOT3#*-hYBj>;-4W=<>2zLEq?x;RYn~3-7s|vXahtd{yP4fkY5d0xL&N#nO zd~6-Qwk9yjf@<`LI1>I~sW`QcHgT>CGh#y`)dD7I7 z!_u*Dk`wSh-po{%?bX|!-?79ycm3m=;e8q0dibDkf>M{>&~?w2NP!VfK&1W6ZwHvG9$i-Q>D68 z7NU5a72Yj{Mwl0;kmaAVM9DfDLZ7-b8%DFy3x=_*-@(}nmZVY#x1yJrB4OXzT63ZS zZks~-3XIEDntr`RC^8vbyjoTc6L?UYp%Bi3XD*G^;6ig%S9jRuv386Y z#cv0FP|_`Y6HM> zC@r9%-7}0pIXq|D)pjx`3Y!kkLQ>qupUjyGBIT?Rjl8;kh3lEY^|36%qQak-g!}*$ z_%#iZFrvM(8irW#_<0{~!76jSabK&}rq%!#eOZjxW!7XA7?wx= zYht~0a!8K_Hz(@nU+cS3Jt;Ha5*(@UvGUT5>F!WNQEz6(cNg~&>g-T zM>;wBm$iyHDDj6Ef23?^M7P@AREpWktyiSjqOs0Edrb2 z7()*0SVReAE-!^mL;{Q4Z|e6l5~WN(%i%Hbb)U+d&|6eGS?a0KD_o`7qE^ffZ1`Zu z2;ssd`=k#Lt8und74XQ8(E-qWZ({hmewf{(YPwP!fHFc!rSL0nRO`^f8Zr^X?p4u3 zJTR}(TjQsY@}rj{(;(^u5R}jB!gOJUJSqL^3CxHuu5?-vz3Nls)I%yJG&Xz$e6rq4 z*h|QRVlC>WDw>)t>&5q|VJVlqu1r4(KOY$hlWc_|;#0|K&=&L^pH`N4?XYaDj=&5d zJ4^(Hkqrikdh?FFNor=Ml6#W-3(^?T?|Xt=)$kN|dOd^;JG&=cI(qbw%;zwSN6mxb zkdR{&2jjy;j+*nr?xTk!OOGBh8{RMF;lc3Xe&?6pOFCOutvTrc$UeYb2Z&RPN?1S* zrBkqaC;-OOd7~}XE|b*hSR)Fza^n=iY1-;Z(_vv;xbJu{xR$kg;a{EHhi|Uy>vP(ITAGB1JsS%Q zqan5M2V1v}H{?AU1K?VPp87mXo<(+59ES!me~y!{NCyAziANauq=^>@%&D zD$z0&mvtskm8;unnT2I)Hw+d#WcMt$d&~Pv{k6f`YIlFFz1HqioIzy;TK#UnO{J;U z;!1C@*6%E|S_`xdneVRl=I1-h^W9c&(CV)YXcN+3=`1erxwkey=*$n6_MgL6X3NQI z+ctP(2O zc(z5!cb+2dRk2>#mGq;wuB6IB(EFBbu)}>3z+WyL7YcRjsURrE-7FL&*=G*)2r9PE5@Qg0^7CK9d zOM?aKF5q(Qbg8wm&}#2@RtD__Rqa?L18Ok8wA>vm?60=_t+m!_tH0J;Mwyc)MgJH1 zR`ICrFU_~Oh$?qbW@BxY;vMY)hxgmGp6RVpHGE;vYj+0wW6MY0>yNsAo&%qxKg#Uc z#8Ou_;#Gpg774DF??G19Tiu;@5V^^lgQz4~#B1I(UkoDzfCotV7AVL17x0_cPcF-M z?j|dLZ|y&oT-UjFXn*{GaR-H;+LR1A8c;KB*EvWYKIe59L-pgdcCO*dNy|9J zFFyN*MX5N4w0{Qc`-#NlRrHA?4I4+bcdI7umO7JwnOVkcibdR3WDStn;n znJ1m2XVL2W<^H~QMpzb!$#1?DT?6bNxpT3Ubg=T3*@s|6hSdC7P-=KQ%YPBuEXzGJ z#mvJdt`+EJS4pDH9VN=-Y(0ASIc3y+ZhA@HBByUgytl%$w>SVB8bTg*1KeEGxlLi{ zz2rRJDA%AMC6C9WKag8KjiiAW)6>awBG<2G3rnk#J7m9xsVRfP)^kXByGC~JS{bLN zbGtl80ADe%IW27MSc4o=L% ze3boAa*$D@vG%K=j(=|*&I~>pY_tbz1;}AS0dnT?d)PJ*weEEi+_1M@UMAM&GzFD4 zpvfsCB5!?}0(xA9S$S8H-~40^@wBZmW|0*!o`t;>XHl0o+h*fhG-4qiE(zCbsPt58 zOX%A0DK0hzIw(9h@1ABOA=$9M zY^!PGsf?&+Eoz(;vbPA8CItgq0k-Vr9J>S(Dp~XEjz#T>a?k>LDF{~}b<`x7`W-%a zQ=Ocbi)z9r8Z;ZXjqgqh#*aVysPP-$W_NJ@QQpQIcPK6=2Q9kr5P1@Y0TYTtPSc?M zeL1{PHiKvU*#u=NA|tKC|6LW#AW4$TXBnH%OX+UR7tV@uUwLjt;pWa6RAuGiAUmst zDyD4SIBX*8eS~qNm(IDMiOB^bBaV47$#Th~0aC?8Rve;Gpqhn1wJGvpzS(LUs8+cS z_5jxr!MSpg8(+u?c^~1GI-`>o8i4L#Y$+FjY&HVVRJF-TVVV)DIT8gTAkAXI5v46F zW1Z)Y^+VMvGfY!ZF<*wgEz-mFTL@)k`TldKM;F{@&Z6CKhi51<*hg6!acuo?te|oGJ&|R%f~-4g_)z)EYhA z&|SE)^P>*9Ee7*u05s3&_bb0fI6dsLHT5zr>NM@3yqIKqWUi zOj5ybna`_h*aMVQfY$-n17-&&!NY)ivDjW-To_*~k_Xs6&akiSB;k@PS56iz8KpAy zSAx^#`@iREdu@S=6K!fvv|Fk3Z} z&{{Ktzj*j9`TE|*=FZ+0t-7f%e9s83u8P6n6?XtDPU-UQR#0zYOF$JJ){Zu`rEQyy zMAMV3)Y&(CQhjdeCy*#SspX_IMpk1uOKo2}0YOYMtIc!y+0}pYh|9t#2rJ<(cI33> znU`8R!^+X%HA@LByMFQbS*crk$RZljT@|B9oj)=NFm~a%(X?x{h2~g3i$zutQ;kPp zl*F>b>#xQ=9+y^UU(BNX#H9>qz)_8yg3tj;r%h~i_B2rj-KWi}hp;4$Z9#||kc)$V zZY#njU*3jG2kTummkh^n->nlY!2I&X1d&x_QKRe45bPW)PXh(*ZOuG+AOM9ookFZg zL!=|utJpx}ghqS*yeK1jA&(F|RZS&te{Xwd>pPZupy35OLm|a~8!r-V_TvglJB^t_7HVzlYYGBQX{p$xZGWu zU)U!Pw$)li9>8*B__PdMi9(7Q=eVXOc^>=Y`4H_Q9vb@?_>Fjs= z)XG^|7%*BrUTd%d0dI+mBbDcSc!|1ecy#tV{rMH-{?bBk1wtK7g4?~e{5{>l8qIju z_WP}6IthRdXz{j%LQ)n%C zepV_wI`ZH>lf4 zmYcM}>##r~IKi7q-Ct9M*LbL=#g@i%nc^uW!8&qaYqi3>l#fx4e{C z(&FUX^O}(otSYlm{DEie>YN9ch2q~cCILkr)(WCUt=QW<9@ZdRb@%aKu|$&FGn|-d z18F~?Sp9HsJL=Ir6ARw1hU~}#NdtHi;XCCm{Um?QxaOo-DXyI4NDaR;=BpReR7qb( zVgpZ})#^2 zH|EE}Jo*$>i2|e52nrNaVgcPpT{vP67$8_HOG|62Bo6bNsK(Ob+6r0?&No+UEw0W3 z7byJQqT=)_H{p)USRj-EUs}QN0o%8rmd`IyY>pCgAM@eN*jd!2iO(!7=*3!VD@)i7 z7+U=Ql@`QwzU4V}UvA!NQ>Yv}0&8PorOlJWonM(>0dJtiZzH%0L(mJD1xI^wN|RwQ zE|}hXf8OosLcsb){A8cb-Ls$G<2e=Mlbzf2cvkE?Ynl+c=A@8_b+Ij1br!&PRtn-^ z&;j~REN;*K*AqC}BFciosKG~9bRTVN>{W0}a;JYvfLgg-~5%oVCz_K*8yRXn&%9S{7W;Gx+)t>;VQ%Z5%g_ z+KTW?;)U07m)obeha;E3wu8Zuf59WBn4?dx6YGV6JRd&=kB8JrdkaJa1KLD_^_X^n zEs^y!%Pf?iVq$(W1d#rErLfHM;!hmES*ki3p$G<;uo*doT=~GTZDBlRrquh-v)uOo zs&TxVz)6b{JHl)p^{V-&%beNK`#q%mJrOYcS3KtXJ!F`UpZ0W9Ip$wFlur%^aQBRX zSPT1k6x_lT7U;k{f$>T70~ZZ;47;4ht)De$;A&g>)#T#5+6uor{IBZ5S4#f-G!^3e ztxFT;pS~cHsf;KOQt9M;e{|cxq+KMv2xx_Qt~*OBXbsApbUaYEN}dis(cm5aX_?ZF zFODvoGZDRxU))Tm|0-Fte8z`?oK*{JBkgfjcL9Ji+`%uXF(ZaKYnGDrX5aHD7t}Dt zaU)95<;(}n`oDHSKjcBZjM}FyJ3W#a87ZIUqw-XddFQDU-b?$_eAa|O1gneV^3#6S z(DDD4$94N}+`O9JB?QCLSb@Z3lC-qPJ4q$!*6gNA}KWMRR&LQJba0 zl&y9}j3dq8M{_sa?TM?h;a?>YWQS_Ylpx5oXTIICsQH(o(#yYSY3$}^0vqn7&^D#` zIdCQ>Q-*dWXTzaQr(sDfIg8k{l&&_hlTmHU_a`^jKfuENXE*^qYy3n6%sVT*VnxYi zb2rZbtaepzyxKAFo`W5zGi7Y!?QjIN^1^&-j){`rR z8p^E?{>DUJKMKdIDOPH-Y#DsTC?c!*4|So7;mk zi^b!mFr0v+HGAAI&c*dKxBUGG=3g9lMn69=@BqC;lqq@YJ)!yVWTx>0fem=vrIhWD z_fvZQ;H3HX5XR_$3UpQoM}Iwh0v4Hb8o{fQC_Vc93%|}QJTS&!d4NuQ9O)Ucaz~Ay z?kNg=@24iDVL4i);KQw74Hof;it&(YGMWx@8hVQ0ob(CK7>NjC3wX&vk(K?ju#n{h zCEB(BI8xpnd?%|plT^k}GYxKvitI5)IePT1r%tC|M5QTi&*t~9i8OUeJ`oeA(rB8_ zLOwMyTB*2a*UtV*1um7+4y!+>oD@SWQKu@3I%nLCC6*+c?rwJ9Ri?=pXfE0%u zv>@}+OBzxSBz*cbLK|A+fy5A^ZzQLYd$4xJqN)a~BS=m0RcBv)dIHxL*7sITFa=`K zNV^CslglQ3l7LJaOz<|f$U|@0(Z)n&*V>L1!(K+I!@+dgboyo8uTt6W@8wCEc$4QT zWP7VO(b1pCoBXd>U8c@&r3g`!XYStql(pf+@_MEK?Cp1o9sY?du)5*uD9qrz(PI;E5*6zo(2UZ)H|k94h92-Lh`}hbf|)8#z0rN<)%Ey-Lnop${b0Um+i$w zztxV0dNFupCe%GhhrAq*w(cj9GN3Ua{_HiA<&agz(tL`?&ka|zq zpuSfhVd3dAAAjY&=R27I|M1PE%X~8LB>CWhucfh?qIsn%99{v3yAsa^1F)hi_ zby8L{5JVt+q^wek1LAz~Tzlk9WTG0{ty~F<_3Yy01i8g+sp}|%f9`^G*|8Acd#=7M z@1K{U5|?=|S#H<)WY(YUsgJS%KdEiy)fGO1030vV@UfKddoDtJdDIv92=C<=`ec^j zuKPVdT)6v%KArcf!M{&K#Me>adoIMf?eT#x#>GCF8G8bS&>E$Fu%M4CeKK!01_?iK z&OT*i_<^tXDQdEhqM|=BWj2neK5*JT8nDXFi||l@O@(MXUZ^Zbpa?pu--oIt;iaJr z=;25?zlnpN`a38KO8N03J!Ab*GAKyU#^kTYi&Ly61-U@Levf8@G^?lxf^QU)KDwYNvCfK%eH8gWp|C%2@;))WJ%O`6@bx}1xHSQfKk)TF zF~Ksa!$0u-KB6k0@M6bY7!Iq&NortNodd=qKXGFAXj74-LtT0K?aHa<|4lRmyT{ee z(~4vp()CSt#vRLF{xgEs(XOgWWn$dBZeT z=@K?suo(xJv<)-)ooNW=lA7MBX?$035Z-G>KTIF;9x6?_PWO-D#eoW6XT7GR>>;IJ z;aG_O63%;RFspu++&`kDoZ-$?_Ba$&>KO97)^u_6Ck;q8Q2Lm%UPoqHLapKU%Acz! zMXH|9%si$_mvpO=lThY=xoKW$ZZowK^|kv`uOJRgOsXCpoKV&V&n*U%C`Fc3&+iu} zKcCQy=ijki$AeJC-UijysE8HnE@2U?%y{+m=pHw4Y`|#ss9YMK z_uHo46(ZMI&ntCGfk+tITEmz7lm2A>GN6xGyVyqh#j(x2%@3!>~q>o)LUr8lSX{AOO)hj~U zMI(KNwT76ZlIaDh3CNC63z1NHs}*5PE!}%Fzsl_jZ&<)E%K&G|f-~L-80nBJ;n$AhAtID^^ z`1?MJB4Ng5g`7(<3vT1w2zIV3qM4b0Pt`T6zT4^BQ&+S*4-V*28gy1oV`1KF)Xw-o`(zNsu+>T6-N&HoKs?)FNlzQ_J|kII^*Y&>4yThCXp58v)QvwwHbdh9g&_@BG+&*NY4+{EYI z%IBTI0Xi{$_*#wH(;fbE_ZfRO{k5^{SK{AtDgG$evR~38*e{hoDj#b%;kfEuHkGY% zo5fU+?!UUc+Rnh*(e@MWPsFy=-bSL5QsTy9M~$Y^_1-+Dei8=Zw?PIq&@ej1f|P3h z$#B6>K$hOmodd3?3&|8o7PEa}vdXVpda#;Uy~@15+Ftm#jiOmm_Ryt6(Dg%D&bZU~ z;j$^MHE$lz>RoP^du;d$Gl51630@^S+$5Hg^;^oUSJi7axx@=LMOq4rS5wKZGZ}Ug zXK%|MXV*Aj-hLG0TuoQd-H`YE2S6zg%Gw(N`fy9c~YpCsxlxm`D5~9Rs6*&q7<1-VAs@n*n4V@onQr&4cU98*N!`LObnGq zecsW*?jU2ia!m6Jjr>|g5NbIP<2zEUw<%K41Gc<6u6{O;FZ={#t2|`tk!;Q3YlW;nQp0lfFJ*_Sk@fv#*{H@XGbM?(456epB6Q-SV~0 z%s2Eibah=$H`c!x!gkrC!M?KIPR_q1G&bmel^^ClpY~+_t)Cs}-`{@wOiyZG?U3Ac z>0eTvUaFeA_Q$Rq51h^+pkmMW+i&Gq*qZ*R5H0Ni`6=G~*I(niFCM0$eQ0BSrzQQ~ zv}O01)Jj_XQfDzD|td-Waz7d=+eX#b+pAJW?u6rTsnQUXupS1Z(kpVV7ECk0f; z*PR2oHZ6L<2o2faKnmN!#<}G|)Cr11s^r2DEjHb%@Ls7%?Y2;rgM33ri{x6#uN*$D znHkiMC2W>oGH>~)L-qh6Tz-0u@Uh1)LqH?P23>wy=7}40&W;WTXI9bD!YvlcO=k)~ z(faBzT?AD`H)X~kd-IYbd;buqoP)W?ofGfU3GwlewlnVJuRrN$=9;#2$t3RUr$I2b zSns5tsaz-=PA@evZ)xe4HN&kOLpWV$k_5304~es(9X~q1JQ{p??^H#};atu)+e?Gv zdtYscO8!Wj+dicYdc#@I@xJRMa%oS__Z#6L$~qh%SQ9-i{8(eOh}_&f5o@| zhc2HqdYpgNfHdaye=(RpxO5vkRynkDCU76o)9Lm3=XnnDi46ZU^(#Woe!wNZ#WTqz z9(=$hUZhcbpLfWs;rGo2Er;#i`ES3?zW>vVUvJ~$Sk0F}#8a;P)ffH4H))l35rqe5 zEbTsB&5u;rze^LX&*?0$33$|K4URuYhV)hUhOvKo);WFsz5e{|x6ki=^~FOj#eb#M zn0{M7NhPI!`PP-y?qOG*vQyhkDf5?S$P>Q%`tp3ROJ|6$56``uCLi?o?)mY#SW8U# zY401J=(P6?d~ku0_n5N!XZ9a6_`f?G9d_x&eSVqXw66PXaB^_|no{w{!xJ25su}+k@t}9KF+93BKG7#7sOw+(2lTJfHV_InL>j|Ql3^s!Hs1k| zXqWbc`hx@AUj^?GF8-K z^8`?+#i8M4>1$5>aeRH}%~F zXkd0Snxomr;r{3RCR4*!)9=ahnv*qoLFAy{^rQXsP=Ir$4j(nzNaJhH6gb5RVmBT; zQ*!*8Gdq2ZIsi9t~?9W*K>&sH` zx6?qN?|*skFTB;4>E-^|)kmIXV)_1Y@b2`>R=#psyXo3La3a@bJkkTZy#DRCAGK)8 zjURRx%ZgcVI4WJm|4qMZ&cWB|&kU;qfj2i*Dd^eoKvM^FZ#)Fbzh3ytCKTDjqcr`q zri~wF@`-s{PK-l7!^a|~@weZ!0{p3e*u6MrgO&G&HqhsmdJgPZRneUH0QoMP(wm6^1V*M8MV{@ zfBZ59gY}zf3w_e~CBtdoY*iqW${(-+fikf#+1U^OtUj&E6Y*Wx`13>dPGv(?H=%Zw z?QBy5dD+w;5PJUu;143Cj%C&jh+~=da53OEGk2&w>!24(U-6->b_ zhBi%_!bj=E-kI`^3`y<1E2y9*=NvLzHLqG!_*L(H^~3Su2`wdl6r$oz>E>M3{=E8p z%!>xsXteAq@WjvF{~B$(1|F}@QT-x;O9cg{>(SbNt!&JRO&iLQ6%h;C7Z`uv0nZY( zD2RxUb`6Ei@K279)Yb6z2mA=wU=I_zwV~$)4P$Vr@!ykd3Q)~M+^?h32k-eP3HqiR zX5@R-6XgTO9?2ia1(Wui4RL+2;*ovC9_XN3kJum2&L!;nU$$7Teu4VfX?6JE{cimC zvU2i6O$^?LJenD6(;hGnm5pVxx+WhqA6K3?XX0jW4=j zX%h&(4gtqt%CDrj>?f9|pJ?CO5RRH(Jmd;s?X2*|ZFo0gdL8p;W~umxW}008H@%0P z-X^Z&ncHoi@Jg8vE68=kw;G{Q|J zBP?TdjH*fV1UblYVFXMyjrciCqa+&*BJ90<{PGe0g~$}u0^NH25Vz0C)?*hwlBI6N zj44pfv@;Rx-ZHJzo0-flkNMFJo3b&riVE$=wm_i)u|J#5ij|Y5Tg&eUyrd}jK_5xY zpE2<tuycW0Jmmntfvpe!BfOA}DQlEhwPi#1|z*svQD zsx(DVz+Mm(kS-vCSYru@Vi#;t>GmGG-*pek`QCqy_x$FXxu-re^USk)Py;rVmGl3y zQ0;#!S3K4Kx6yz5f(QBkeyaUHMgF}jw!U9lOE4WJ%YVvpYFJJ!lWQ{lwoG5e^t&)= zJEq@(>1#86cc$;f^m{UW7p8B|bZnRo!X8Y=hv`_etY<9i5zDG$nGaazLzdadQZKO7 zzgTJolUg#Vg6a7)JzJ*F8P{c8$+!{YdW>-cecqpc>R_+Ana2YjlJyw&2Jsg>`Qb$#-tZ^W zHQ=#NFYv^t)qMNY(}>?e{BOjsa;c6v%#v5`-Nh?Yck;@8dwAvk-Mlg_fmf!-^U4F8 zd1dA%UYU`^E8i6J%9lmF@>L11e1Di%{u9kB-$wDucd@+kQw*>Cyn$DKSkEgzZse8U z;&|ov5MKEum{)!cd1YM$uY3^BD<4Mk%EooPvS}Nytl!Ej8+P!@$J=@36ZD~Z zC$HHY&Hqk}Wl}ZgGE*)yY|FJZ9JyR3f!V=4V7^?g(S^(9NRw;9Y+-I()4Lnj^l^ci zan0^}FcX+H*X)6`9-xN-*X*X`nqKx?Q!Rz*!<@OMYX_JNrskS%9bryf)4e^+pKIE} z-%P?aRoYy$qa~~>4DEE}T(c9(86e))mTR_a!!>nmUr;YYB zP?rYk)IfcjNYjMB#24nkHKlei^jV5D-jmBbJYfnh^Yq{{I~N$Vg9fZU%natsW%f2O z3of(q<}!0B3~>VoE^FfqL%DW-T-H_w)8aDSE-+1)8Q1Xj=Ng{AFmsqC%!X@tbb&FL zCfD$C55SB8AfVQ7Q9z#O?K?^-JN;$XpP2gtdcFIRls}%n)V-!wHOj zGYR^N-GS2>249SkaTU@z3~3S^!4m2_jiVzBJ`(JI|F&GyR|VqS=z_DsAA8fkJFFe{ z2KHW0>}P+*>Z|S2{VV;z${?syDs{! zi?Qk2!Z1!!eV@Ui9k+8w!mXIHLoWW)7+R9s)J z!}YX$xSmEguGiU;>$gKc-Edy0bwTvS0B4iB4VUZV406Lx(RaidWys|?Lo_-tF4M-o z?(U7aHP_Nrae0R}T%!y2r+p8knQ)o26UNqw%eW)g_V(g37o43EM=o>1_)L-K(iQ6; z>q5^9bvknm+GqASH@m61TnBa7qAzZk8#e`)`$=&Io8a7S%jH&BL$0n9_|YJ(<#jDe=zoXG(9Tv}Z~ergUUVYo@eeN=v3RV+wPoux1J? zrf^^iXQr@c3LB>IW(t3%@L-B=Ord6qHcVl}6m6NJ3sb0=q8(EhGDUl)(BZLPFY}P6 z=Xm6U81Cd&$Ae$ggO7Ps;}ag&*v!KlTlkj7=Sceqd(Y$Qa(HmvCLUE6k9a)dTM$p; zQQt1`xNns_{M$vI@S*~~r(h>x7kE@JC6DW+;2R&jL!BRa+=EYi^Y^zr{P{JU0y5@~ zO>C!Nu05C($Al%et{IL1bI=^G7DEMB_QdNzh2z~wn=4g@I0i7q4wiTn6}I|Z;ec0)2bQe4 zI}T86cT*g7c6MB;=)@I{8Yt_A<&5Laz?Ca;6l=QUF-j#|>4GI>iPxMAN2khyE4}@> z(m=u$E=G8yID(9E99p0*7nJkz;7WZ9)CcQ{*P|82f+JDW53kd9=(jhPld=Psw?lb3 zmb;X5McXc1(*et=E0#p(o?KH8N42~Qj$ut~1uN8n@i|(-A4|Lg%KM{_SW;T;(RVCi zWm_Yz#F4EqFyo3Yc+LA7b1i2qL)(t%mx3#FwYZ`kUYqu~8u(%?+QwYz+#Y33(H4$J zl+n`i=1OZf%#jUOs8P3_2in6?Y=XK>^x0pTZa9pb}KV}B#kD4p7^c5X&v^e4lpyz_)1g|k?yr#V9 zZs*3ex;S&Cs~ls(5r894u6DpS#@6eM?b=0?YdNA`KV7uf1MT58q(XaUmw@Qr zYm3qWbt<&c*N&JMyt2Arz4_rar_|+IZO{iBHCJ>+{a$!Z9r2uPyJ1V?$nleLc@I2G zIgXHy{#=10R&K^I_gG8Tcs+IY9{%WKPcHAI z#FxyfP3!ak|+HuD-*TG)F6;6TIibAhFmwRIU8{-*wz|~ZZ`nWOn z8eVY@I8U_kytJ{8akY`-Jdiu!7{~QiyMrmli7`519xc1W@Z7DfxE9T=8tc`S)`1W9 z4W3~q6|5~+Vt*-}ux^}j4mi7Ur7xbFzZqA$BM(S>8Nz+P5h&b6`TbTBtMm=lhxq8!&w1I&v7)|QbI z&Zn+iiT){Fl$Z~!eMe2iagI3oU@g*lgY@p0n;uw~J+a^2t+}!r&XI0-2jDDFYGNJ9 zU@FY10f)i2gEv>$W9_?OzC5s&EU>2V{!rN98TV*|{ex%kkGXO4fg#`35r%c)+8Jva zbBE6wh0+#tih0#=;tCbcxh|OZ4tOowW1eiyxu!KfFT8Yc7GPd=@D7m3@gBg13ZGk= za;#aL*_yb5Y08m~{i3PDy8>sP+}@STov^Mf@P0wtaW;JN7Z)Q0K6&`wW=bhPEKfT4bWM;PU`gLQxz!aBoLur4rTm=O&AJ>lO|4<>_Y za2?;CXiEY^8-CFEjM4E!-8kEI{LrSKCae<-b@~~=Tw(4oHOwF82J41;;ODEs^}3tG zEV-Vy60`xeK`WRe;>Ivj#O+~TFi%(ym?6v;<^i*XIl-)9Jz;(@JD3Zv4zlIC=$o#C zJ?7H~)&tg)>)PpZ-LBS5+L1}S(p_BN%AD)t;pltlaeYrL23yYc6}ZFdns7ZgRMUnToT}+H6Cd&~I#toB* z`@W8{JJ-Wz#pg8FF~B6?P|#6f@;f0P2e-c3pKCk8d~wj@j}xw$L2N1h07Bg*$*!WJTNVP#3lIt)5m7lhc90AT1Ge!Oq{Tp zjj^$D>A_uAX@?En%^U|ZUYz(Q)}a@uHx58=Ka2+pp({4BmIF31HZtz*N<(+NjNosK z!?7bSFxJ?h{x}pha6mF_R6|@8OfZ+4UAVpsn+|t>%^vtoKw*U66XdvyW8>f(T<(br zfc7PPf3fv$~6)&ko0%Vzf2;5Yk;5>S`N*ii5$8sD1#acp*2A*XreZ>4yXf7)Rp`ws3(~&sE_AL?YG5z5ZgghyX~QghR{?`2WX-ZH1(q+ zG_eyj)oTn*G?DZZ{pc*2CD;X;>M?~Ts-USJGiahYv@K`>O|+Es7v-!ZvjwfOt}vm} zu6Q0qJ80^sJv7k)n(B3gCOSb=znr0oF3{ADS~5`7=OLLZ=qVW_+Uq8nC+H;^EauZk zGGDMeH1($kG|?BD#^(o3^v61<`TqgygZLvf`TYb<>Ufs69b{K z52XvBi3_1=T#KNIi=pZHEP*BlNydtPE|shhT!wv5{a%iJLRwC(8S-MslRKXiN9lBO~AdFS7HjilqX)7+!f=$A^9SB6Pnh;Eofp5H2Kv+6K_Lf+e`026YomSh;sKO^@4vh{A!Ez z2h3LRq2!$4BT1uR9rg>=(}?{-Y{EJwHe($VThL#c&&TL5@rm@YDECzQMDUrkMEE^t zn*?8AKTx@ssF(Wt7WER}Vf|A7K4AS4KT6Ju^iPro!O!Ry`F%mZh+ic&g5M+`1nFGU zmq_sF0tD$?Gk~UZjmU9sP`(W322lf=(&f-ZO*{umSKv7imC%%~1x?h(I4NBR<0R@r zQ@S2BQ6Kw*(%WEv5DlOyy)87c9iAhlx5slN8bVWg2WX-Z_JyO!Bd_-G}#}@30@eu7KH);Nvz2v>1gXD&wqvV~S6Z%i(oY8-x z3&XGUpqk;=eb5!_pXi4DKy;U6&^+@9o*=l6CkaOJErQW}n_vvzBeik)F+q1#@_bU@k8e%;OgX^P$PVlAjg4z)y(uDroB0MP4CziQ_Mm zps#`Ce_dus>q#a7p=DB8JIcpjL*Nq-)RY+utt0Cw{B&jb2@L6a(8NyoIg02b^A!2R zK`J)_w>+w6q->1PV`bfio(O+xZ<6c>QEswqDLrr5a+!GUvK2CX5<;KCulmH(GJGzA zmu2`Q2CqO<{a2xh*U)cDzlnB7qo&N4Q(wS zD720IhTuv0DZ$h7tAf{*U6sBP2`h=>H1dVod2kX}AR)V*|YVa=pNBSQ0-{Ac=)@__6k~TIb8YZ3+iHY1q zQ&3@|6x1@&7Su7(71T2^5NvDGU9g9Vub`iazhEzuo`Sti`Uw7j^TJvpF{Sg7D3$b~ zeQ(MnQw2G+CA18hr~&N?%AtvxlJm5_O%;+RK_%{WR9*}BI-)i-mD7PH(!Gz$(Y=qT z4{Zy!fhHP2JArMXiS49qIrfcddwlW}4WX&M4$wrp2a+G%1BrAGRD*O6B$}|Uv_DKc zGdsa9lD?u}rjnV0bPvROH8sQghG>rSl=^Lf^OQ*UKUURY zq8&7zm#IB8k?w`m54sl;og~$w-_DX3f-ZP((m2$3ZxUUhsU0_HqB}IrlLs`>6Zbz# z?}qyy(aW@(=(o2i{x+tG_f}{)!PS} z_ygX*l>Q^$zr>%QDZMW=u^%+G(;u2R0Giqv2u&P>_X~|{Fy1f3A<#5$L!pVoq=Pv< z*WuD3f+L{G?`LS@NXc-)QIbW1qoJuEW1xw2|0L4=lQ<5V`ZXS!IKgzhn3svB69gwA zpZYl&`9!*ZQaQSR5(A*A+*D}dG^x1PnNF8Z5cxBtQv_#9#rxHCmTBugnQbb*b4=&p z{Y>@D#rv5!51Q(k4^0e&rgj%V6Bk0$JS~DI(tXqlr28l_2%6T-QfT5bX!2VQO<39jROot}F3}|8|G%`#NLKCx0_lo{zo2Cfn;3rC&uUz~* zNz8+$dh(%(1<+K_A!uSDG}TiCO)N%zbWR;ceZ&%+W0v3%oMXgNXew6*O*{%s<;tOn z$0Xt&WqMrlShRlvn%X@HO*{onA>?2|W zG?iS829hNzhQIkIa%ikOl?k9#g<(#33F8Ge1@@kOEyCO#A-BhlE?$A`u z1DfawP35{l6TR^LLgl?dD({0BmG7?d5$pj?<$R%ue$Z6TADY+`-z`+W7f9uMBSz)> zsCoylatok|3$ZWAe-YLvaS7HD zaVefBaXIFdxDw+hu0}tJzhR&J1O{WD5JOZi8(h*#*(iPl*fAK}>aoADBjabLTc&uY$0{)2uag)kYaI?xv zFi~YKn5421OvZ{Qzb#nD#I0Dz#BC~j!R;ys!5u0`!JR56!Cfk6!QEK#N`~pGcu0m7(O=#jRoCoAr1Cn1YNPf3f-vsZ0RPTL|{Qt)KB>x8>`9H+( z9OVCqpA!3{9;E%zfPC_AL_VS2Pz)guIdR*w`Mr5-IfMm<*W7xg&7@#+bJ6V;OhC#!!I zoT3g8oT{EKI72;CaF%+u;2iZr!A0P9w7*!rMCc%p^iuUQp_hZCSEyGCy$U3~TD?Z- z-$2r9)qRCdRPPeptSDpe>Jq^t>Qccn^-;lc^)bQY z>Jx$|)u#kctIr6YRi6_)ul`H0LR~F*8Kiz)QC}7M8c6!O`i9UqLDIL>HA2^dq;IS5 z2z?hMeNTNr=(p+@g8!&r3Vu+(68xxsE%-_ORq$JzZEeaV(l*=M>=4}9X1`#TfvbV7 zL~7t{;3nwOu3tNU{I%C0a4a~ueQA4?Ykw5X2g|`@;BmtvhI#nwurk9^!K0l#JE`&4 zU)~a_88@qn!e^;jRk+j*|De^ZDg>4;b(JpEaD5aK?jb@q4R?z3IaQH-{%QP6`SJzQ zAU^%1zR^$mBNO^Do&$p$8dA%sA4DQCF%&0YV8;(VI3BDdAmMm05(--r3ja&^FMX4! z zo>gyP)o~gR%Y!eKA`B5>s0hPE7%svH5v~(qqzLzlFhzv>M3^eVG!gC>;Q>O9d2UQ~BeEFO@Pxu$(W3qPil=DWM>jvQJRg z%&In51&c6*!i%BoQamDwA~CUw5)&ygACai4VCfXpQ;sUCqbZ0J^`IH~qu@jMqih92 zBoyNh5(xOi%*|QPo~)-iGw-SMKQ~0AYN?0RQ`$}HCH0p2NFAhp(ysXb@hk~qXVTe% zh0?_=D3C1;WYy8^&;9IHJiC>^Zf#<>HnZwraR7LU&__;3f~#5xcMUfPcMJ}qZy8m`=FDMpmb2w^WXtDJbR}CkM?;Maclo2J zEc{Wn0wEG|@dpV6{9&$Y=IY8^-I%L8bM;`Zp3JoybM<1b-ptj9xv6DcUDb97Tq$s) zz?}jQ3Op(3Mu8Uv-W2#Ca8ujq{I5wwn4h19P}rOq<5y3lPD zY?s%CM%9JJ0EKm7Q5szzh6meG7%IXr5k`n`od_dE7%jqB5v~_uoCr6HFkXZSBHV=V zaX!`gBy=l#410NmS3% z)N(sT*QZ<4p6(5AjXc{yW$TZSXMGuY)*qpMHtg6TQmB=Nh#Zkl<7$Y=qIl^pif;%( z*tnDW(-cDKjrr7W<4)>BOC*h@Vdox7*|ML)y$31WN%c3S9Y@#@zk%Y>r3jl3rBHmo zs5yq}sXv;Eupxm)-H>yDa(7TleL1z;Tu8Ipuz`Bmv|seFoLX#-q*j_E3+?kRtof8=rDUOA@d>8`EJy&H4) zV(#9|-G_OonTIR$aAO|s%)^6ucruS}%)^U$cry5by~>>_A;;CWL-nXhvOVX$|LcsLe`CUv#t9$v97Dq- zbT2YX#1Q_S;G_SW;MN$r zB*uig<#l0^@CKsM1b`6~0x@-Aaqx=!ZwO%M|9#S-|9?%bPd;3yE-YR&k6FeX zgeB7R#zPcyf~uftu&5g`YGQM%A1##so*14qEu2(QPZTOiruH$I&~!MXk|g1Yi3{6G z)rFoAo>VE8*fBV47te7MVp~z7E-bt?4HJQBq+Cqs5yZBM*a@_^OAHJXOtZ366pBK9 zJ1`GO*d?Ye8Zjhb;;9p@u|kyH{of786XlsDCdy0MJC#g&sl#-g&Jx$ka`tr7~9v+$eCTz=Hx$3c69?MS(X3 zJ_vARh>*(Q$Pgiw(r~3>8m?4M!<7nZxKc?CS1PLED$2TvvTmZRn<(oh%DPcmHa&m^ zEMp6ovqjU`^guRenY^L2urVrL-ncafr;)rNExj=(6)LXr&`}*6;0@&)>&v&}^k$0! z*n$8S7{KP?&r}vTmCc$en>Q_BK3g=CEttsyXR&#+*zDCTa6X$ppUs=kW(Kkafh;hP zO$%i65OHIH?izuQqLPB-B6QPS5-^>l;$OP4ML}#q5DN@qiREaHfIqO6-J>n6&&iL!2@teYt7Cd#^rvTmZRn<(op%DPioc4a-QIKV2h zS> zgo04{t<0O{w?bMGD!UbbvxI^p6qL(uB~Y-5g3S~pQjkPJG6h>H*hay23U*MilY-q8 z?4=-uf>a99C^$etIt3XNpl#W$gA^p)ETz^?P%Q}3D2PXoYYSNIQC54L-4158WvuoD zt1V@>)7b3;>~=W29ma02W49yO?G5bqdUiXG-Hu|nx3b#_>~7VqO>eZ%O>Y+O3R_#9E#;qESEBJNfweUBw0w67E)R<$zqBfrrg6M4^!@8 zN-H5*La`$hl#)v+#mXpFhFEO~VhD05$VDL1&@04ZWVNA`5lU&Hlom>9VVF1sC>BP! zVN@)vHk<VggrF9yB7BQRC2Gc^%b?&O1;y0!aKumoK_vAzhBC4!D5RhW<3bQAuMMt6#|h{;0bQqO zjrCMQBQB*_DaFbtRz|TxiWO3yw(CJMTr0<5>NocqRN2Q zL>vU9L^;aKm1A+x*a_rI4$e69UZ{Kx060nsO){ zCasD8&II+0W{?I(c^Cur1qCpFlt+^V-~gjUoXiC3AQEXppo(k5?`)#>00kClIBhnH zgwgg^pbE@lO`d`rsUM1(0xYhm+HeI_IBi8mZ4^>4CQ(^!v^lxfMw|Utnc07iX8$?r zqv>!n3WN`uE4Z_sqEbg`cd5Cwr}S6p8tGc;1nDHHrPM}hFLjdoO8uo1rB+gFX)hUe zb}R*P6l|m*o`M7lHnEx%Roqit0`bLhgeM^t0`hN#jNHqt0`eMM_5fMtHGN$gw=+!+Avld&T1oA?K)N)$!en* zc0IbkkAhSR_EV59wUF9MU8Iwxze#^*r}websqAz%JAHti-miGMD`E>wM7B~y2Z4xy zx&K$>{a=y)e?`In6^Bsey3&8ETvzsQm8~iNR@s{RpAfzfRR8~S^4OUI_E!nJRKPA3 zvrC8BCB)0vrK9XpIlFX>T{_M#onX~rtU8=kN3iNB{wOLE7Rsu3vD#dAJB8KeF|{Le zb!2Xi%-xZBI5JO1*3FT5IWliYhW`_H*8n@-bt-HcY&vWPY$j|LY&L8TY%XjbY(6Xy zwg9#ewg|QuwgeUgTMAnSTMk2u<3Kjq5o+ggJgr;tgrrd2@OymBi&2Izd=5Veap6^HVs#67(EP$q9kMOu6*Z!AybjWJ2Q zaYGWv4^^;e-VzeS8%ho!o`d!ZdE@#>-dvoIK5XVq2SRvLW*N#x@y4=Xjvt(0QK+{N zZ64wc$%lDM1bz|-PHfznjd4;8mHrniTmNsYA@{#Dd@B8$h6etPHSO5)pI_{*|8kQk z4Wpu2$V2ar!H)3y(hy#MY%i}ro(nt58-hc5LkM~pidhIthi&9_n|AYt2+T-CA}kG7 zg0xZ)`Rh>Mx-?#Ylx8a%R?HhBVNqecZu1@xbw;m)p-dv$kBx*y!%$Bw+F2g~L;iZy zvjOQF5@6e5n2`;~U?+G}2xfaDW_2U#+n5C_zzm`c^(+1eZ%BxOWkB!a4Vw@1hQxT@ zkhB?wr<)uO!&s70E*W)h!T5G2^Mvo`?Z1gGnIB&=cgCRW+`FUtR z?*wniNBR7Hyl!_0Zz$LcgMVQ#Z#aZDi{W1kU5x$~mt!TRz~H+#55#;N!8q~k8cH*H zT?*1u;8TYADMQ_582eGo)6wI+ISO@`BR>`6I);88%R(IUaU64d0_~i@*iT>uhlcRF zv@+OE#Ic&OI~pUfIwRJ@;$UUGaUHns5DdFyT^?_Y+zo?{Jk0Sy4%>m%y$d^`fH%gX zjtxj#e+=<*#4~tfTo`ZMh_dnfzzAscJtLPlCS<~n^Ttgmn}GF^navxMHp0Lysl0K= z5#G2hn%8A-|!T6AZgGoxC|Thu3d}51wb^PV{9bcJVIsao1*E zmxCR)2V>Zcc2hR-#(m&EjA!p2-k6ri>vGZd{!rd{0PUq8->e=>+sH(`8D5fQv;-A>*Vl>sZ} zP0{hZDJB?}#G5vh@us*~URRb4?gx+Xri4fs{1Xaz(yV-`jB$axjd(h5D%`~DV{p0_qVI($TLjrPsrlUF$pl_#q8n@F@<0OjChPU#~y&~=gsSP@#YPwyg4ohaU$|Irt{{6 zElA&tcnoYkY$vZzM4g*a$7a-#n9Q4#aMmU5f~CNaw=EuqHMkAsw`KC??PO8Bd1oAN z-m#B2?M0E2%|$!#Rw?1lC9%Bua5v(Ez#w?Wn(FCiBIA!$#}j8h$Xx}{Qz&-fwSlEA>OhR&n6S^gG{`Q_Tb%c z5NUg3VVS%obsw+KF61qEYqlIn=Pl`>F!VJqj<;lQ;w=TiyrmHDmclq#4sR(=2hn~R z##EflTaKb_oKG#~5wMLgq?I4VKhXK#f4=QAJ6=~et&$#o_Uo6VvSn?or><}a`n>Ag zXs`Xte~s^`H74oO*paXAO|0)!R)1t*to0l7dr|9}uSQIYvhMhOam0|D_u5?VD~VVe z>YjG0ZtlU_`1Tv{|K$$q(Y@NQ-tFl7{SS`^T<-Hc!&SDpV5(=No?u zP~`OU|0S-)+1OPPx>B<$vcYcd%Ntc268h>E=PwO9WqIz|f#H2$Yqe?4&c3ZP&nUn5 zyQx8A4`f}aAN)Gmso&e1pB9HtHFCasui<{T`SYe789&%(a6$OHfQe^vV@!^(9a);V zefraQozu%NA1v;i_?M+dv_`UKMVnz|O#^qRpEyK4X?QXFY|w1g>fa+XdwF(fx#Dzm z`QD&`GgtU~_4DcF|9rm3u%)@9b5e~a7$QqK zcG?;2nf7Avb*s0({-ZfCFrgxCSP!GULp}Ry{v+|d+KydyP#m??DL&}`mixE;v(t#O zc0+be=&8Qkuj{=v2PVCK-Dg%(?}`<7du)C&OJTLZu=d&Gjp^GGuMB==JKAH%!n4Kp zedm2~d};qOext7Cj6mecU=g+q(Zv$F)Hl`xILBs|cuC zzWZMA%3cmSisL=K6QaAHx!SN}#SEvlzZMVd@nqEY#Vcj?KTXxLS^N0G-+wGf(yZTA zY@EHpFzt;hD1PVkSMiJdqlP9r1Vk)1{wv^*hTWU>t^KCwm_{Ge)rmV|{m@dfdG_oT zbFQWvm&n}5dsM!=e?M!ox7YJsSCv*{9)?|5@%O`_KTJ5X^m!%fD?YX{wkLdGhnXnbr9dQv2+y)7mQf$G;Lqo@XK2R;&vX9PbJ>H?Uk1DjbNtQa#SKgRi^pK!o1=F0-1qZM zlUJ`JXJ`-V^yi{(yY+r4=rQ%oXtPHzq=)`_HhtGb-y0XYD7UOJ(#k$;wfxn0r*DqS zd|u@b9lLtI*2L6Pk=vR!_jO%sp?73wv--p`jiX^5b^ov$>T>zdrEWHDZ#-F@nKS0E z5&pmW_ln&(B>Bt0Rd&w3v--V0aQjK{LX%_TXLT9hfAW%J`)2xT58IeG(SA_bnsAdp zHrdz=@nIUZ=NHaz-acc0S=-ES3sN3hmv!$pJG-~zvK1ELN51^IrEAxTqrT0XGx%;( zOE;&pD>6S1w37dFN|98zWAe<1HRIX_T0b}Y$91*)Rl9^OF?Su->2F-uVO&|*)k(G6 zf@MQLPxyBD`ISeLB;hN2cYYC?d*S#R&77PW)AMXV!sQ3w&OVeqoUAzHdFtt4 z=P_&FhV`3q=;2azkDlY_54R8eGIiFex3!O-mNu+=bm;o7*8#pq!%pVto21!g|KZP; ztxo-;U&X5%>rO6LFLd!VIH$keKB3O?)1C^yvJY1yFdzt>pE?5;b7JV*}~33!7bE&RHI_ zCa7}q*-7K}M0(X^cS=pmpEd8p?b#%(^o z9-VP;(6)}jR$U&puMSt7jhPx7?KA$}kD0%&Y5Cgz{CMXp>R_X1Mc*E6d28<|YZr7P z_g0^|*KU0srg&0ub->*7|2PlYAG2rCs z^B>a>n3m``^^cuBaOKax^!l}`DAVoX%nNgiCQT0hWs`3AEUFPCe{I=if|x-oFa3AyQrWrusGb>HE2d)Cb*swpEb z{iNGB`upfvbA11K)M%vc*YuC?J>4n)`0kqhF0Lr@OTmXT8xpslqXyF zb>8Ikg>TjQ`t0eapZcvClF%IUrY5!SZ1tD3H7EXF)oXD4*W+8HIp2Pn8(5y^HhRvA zMHW8q`nJHm*rwHg`i>ue@8!Hb$9QM*nzYjiNtyVsS|NcwgIdeX34D27c|3YcaxzEE5 z$G?g9@8kEoWAeR|NhyB6#ZLO_oBuVaasQWHQKw5}ng=y3->H7N^nT>zAqh_g?D83T zebbt5zg1YBwApU8Z}I7?J_D~rI}CaF@<-x;ro3{4Q`zW1-LMW$y<*u~~WZ$KUi0c_n*gS6^$}c2f5T zYa?e33$Qup5d3AI_cB8(>s={czU?B5ixv!zFI-!DWx(LEw|Y$~J0s25Hm~ige&v>m5&@?=$*?=c7h`>a{5F+pTXsvO_DkRV6vjX<2*w^n}mqBge0O(Es~~#>>5vV>*_t zc<#z>ye~hP8Z%ViV8C{_8J|Cz9lGiC-YD$K_{V?#-20jD?*n&^UE6-Ho$fF5T@owD z$IkXioHXEUwC%z!!v_!7xijQOdR=z8{*bw^p7frpv9Nq$$=RC|LPwvDdUWkkAN}MN zJn6?Z#rNy_`EEDz8vM+E|4q--t9pLby+Zfw?>?$QV~Fnhq9XTupO4=7DemeY?SiUg zpT73&asI_Q`*p8P-?_f~*t6HZcR}S}9^CNA|1>Vi{Ka-hCl|M=mjc|wKI)b&ahUw| zn$~)!U2aVgU#=gS^lDjO%S+pPI=yqw{%7u{87KVayc+G~9jClCzpA2OSkDB7+3cTR zC;3%84tQqvc>bXS^NYNnjmWqC;c@xhsp}5fPg*k3E-&!*-Jj!JmR&8Yx^1Lw-qgmz zE!6Zz+f{$0KB??=L#KnpKFZcOZF2jW3qKkBHNw5~Umy9Xh12!p8lKmE>iFe_*~bm@ zA1_u;?qj(sJ$LVgLwD;Qd~u2xI61G&iF@6veta0RXjpaV@yMGg-)}6Leot?{c69W# zl~??Y7wpS9=-Ypqq3uH3uPdgw)DGU%=)0h=*4A(78Y-vwg8anuuR8C1d2sAB`SYvG zZL>B+j_f?pZD{V`CB=?EhkbjH^P9R|@)(~{E03}lu0swNzHu7o_+)Nuxp9)l%gMG0 z^FohL8S5y^2#xAy-mo>)_F`VOYi+OeE$<#^ZI}PnX55oEg?F@$#2uV$n&iKAWn7U# zamKX9v#)uKZk20?M~fdBn4Vg(?ES{QOM9P~q|olWe1ES?Wx)f=PT5vpkX;=xC%E3t z<;wKB=D(#D7S}Ic51V*-f$xMKCnZn56o#BUH0Rc=dr$pOKZ@VpO)=5?ko$)sy-qvM z#@hvF$DR8rV0%dWy=R=K2CiJap?kL3@tjZYYNxXCAx8ULXS_?h)5ms~*-`z2qw886 z@8mqJnpSKzY~hOTMSJXL%^acHb$-~&UMr8jJG%6r`NpAzz2CCGFI``=?{E8|M@ol& zI(z?O$;(?8v=g41j(6_gtFh$o@aPVM++VEsPL6apy40olrJ0w_&cw#|PcLkKm-lVV z#PIbEU!`Nd$F?u5ayIJyXz9wB?SlhMUY5_^I(XFNI`@5_Yi69U7_@nm=`!uY#WRvm z8U2->Q0?;dOw?ZmcYiNmX!YHsYTVahYFmR}b~bDnGVxFIZK__S->20C%n5dO?%#gG ztGrvWZ{`^m_ALnMa-n{*iD72fo4vDB*6f}W{dMQY?i-t8m+q}7wF^>BbeK7LzJ0nyv*yAj>hU8Z#xXyl$SX3@jIKc82`DUb4GQQ+u3$l zpMT-XduI=w^=HGqT?2|rID}Y^Ez7eI{oU_h@r~m?nf`Lj=b2%qN>e^b6c)d+l{@s zX0dB!j7Fl}>;1W-%?+1@YmPDw-QM5nRrtg_FRzcM)))NrOaHP*I%UJOWJ`bj^SV>^ z*owzr7C+hE%kt@&(V@4>hCN-rCMMw7xWXv|7e2EYu(WNRQ^KG>HkdvdH-6EVapT86 z(kpj*cK`aTC0CbhDIH(4D%ra8#e2Uko)fy_&$~~4GTSoz?}|qY!tS?ww%R;>xa^(J zp2M0Ca(id?xVHVN!X4R8YD+fR2=;Id)*MB&nJ^fyN-nKWF ze|omuMg8zsU%$`Oz1~jsT)`_OToK(KDZ#&CC0`&vQ^#L;jLk z)d!!ylTL~45}Y()RsC-pm)s8d+}r+{*}z8W(_z;q&fb$V{Cj%Uy<7fYx8M?cRlo1Y zx1mpL+FNzMVSekz)UA@>(3EQvQpdXMq+Q&%x<|$v+X(fC_d}avis$77I)@l1*iV@6 z_jbgTuJ>!sB!BE(b$8IvM-R15I=eP4dfs^O+w8oB__yO@46EL*wAV;nkYVord+?+o zK{xjnx|IDe{!ovNrEf;qJ@4cid_rv>kZ<=0}|Cm;KYWFkRLjqj}&hGuZuK$S9wdQM+0v6A=FSr=ic3P+D4~IL4X7oG}R5jCe+92!q-c`-H zx#=&uXWC_Y1xx1~ z_tZ}f>dBMrHjJz`d79oX!^drGccs;DSLStn*Ro@X&9u$^hC1p;y*Dc8v&iU&=MM+} z^{B)r^KJ5Fi>ALWZE3u5{6cQPY=cgg^IwjGj(!#r22ziyhd?cP0`*UujsYCVb0 zR9Sre*saIZZ~3cE?s@ptvd1W!7op)vd#5jGXZ?$E$6~Mdmd@={4kzEJZm*p^-u>Lc z1CwubQM@_Uymy`bDL=`oT}OURbu+lXV%^lBeo+}N(|>QfY)a#R3F_4@oigYCVDQaX zZX7LLJZNlt$&w9TW9{$v&HOY|-MQ1Wi329yDOx*k#_xk1+R3I}UVXJL?a7!=okHst zjh!hUyli##j33{eofB|1AmLm8I=#CVw(lp6l11Ci9d~Z0z1yTc9dG{dvZcc$+MtGMpr{7?5k4c~h{)idbzxK?{;>its_%G-9{);D)RMfi-_ zeM+~izm}BKZtAj$LygBM`$qo}^g1^!arfbsoxRQ_E_-)B^I50b^~=X!9bq5$R_?ao zMe53RC!5Dyt4QcMD)8Ee%|Faiq`h^0{jK6${{(~WUPCUqh2HJ*OR;2-IlJ{@$?5}} znv0CyXZ{rMYLCUQwru*h)OoVI8UFc!Rkug*n?Zjqp0FnIv{zm3px_^3^Up^p;!9Wk z^jE+EQ&q>6(*2u{-m3~O+EeWpHDvUV?VokeF0NeuxL2PC4(&&r-u7knC%*$bqEjy( z-P3kL;ZTq_37~;F>22UuH=4cTXB{Y}X%p4^|KD zYPRo1nyS;(?0)ylrvDTdx9E($Yh(Q1+fCCyTaO*KXV7fF+|j?b7#1a(7F7MyPkK5h z<9PqC!!zW6_mXt%c*){Y=>0yGn)8j9Ta6zvf4ZfM&+J1V5~};IYabHweQZhnUKVgw zd+fc$;J;`1I}Q2M>Drk4V}8v0*3n`W3uvC5RCxE7w5}6pAK7P=ku-JwiHzQNuWYSc z+RJXu@pcai$Az9r9P{%qN2?poMNjwqc6)eqoVv@X`L1D$Sl_Cw-Ph)oYy5Fn=k%16 zPhLmlyRKy$zlj|-!fb>j>8@*7_CEW(sc)B#Of9f~Q&bzY{L6r0H?v1PJPU=kM`dd@7wAdoQc^{-b4rhkIy*MVd+F?X?fJ&!6@E zpuavrJF$JNp~gS^??lCPEQzi8lycz9w~0v+aqhAxr)MF`qTfGgTb?}sPvoGLudevp z|9=24K+wO?o_}^=9i3Z^Kk|zvkRrKg(}p!nkgbB&`zi&NWZbc^Hx?872&|p+grSJk zpWm`2_&gO6EJiIMRmBZA;Iqc;s)=me!)3Gs7t4Mbge}5c)xX%Jto>fN(Og z?Kf#_E>h)pI@%a)&AY=0$!S*oB-u!w8z1+xOR6?b#y5S9NABO-Pg3_b;}tPQA9rtAXMrYj3!1Yl@c zz2il4D=7AA2g0Q3lpad*VXkBGb`@Ni6$3{VS9Cr9_$nEj;VcL0vwnq{37d#w8@R;@ zqw3Zo?B5wQ!_VTNwfUg4W!s##zi^dJQa@G|>~%0NfZ#Wm?d9N8#{?_%=W1-!2Ic@l z2_~f6fc7~rusYf|J9DX1h?{CSU4^bR5iVhy?TF#NsMuN5?SsIJpf70Q4=qt4O_VU7 zE`<53e2TAwt6smRws39Iu3_3xRmu!pKGG7#wF19{k0uw zJ%AK7Gv*0(w*zm_6umU!UUa)8z)6Hqi{7-?HSgU|Gn}-tWVa}HWdAYXA9c*c!-WpC&b_-!|UsqW+7H=ISJ3Z?+;#pkpvYP z8Qh|PR9uHnOs5LY$a1sMsNTW)cYhslpJ#BjYHhUux<1ZOBk~|l00>STV2v3?MQhb} z;niB)3F_IpG#b*D$c`-mPrImv66!yzKAHnHh}OackTCcpUG84#{}Xmg zZmFa`BE1s+-waclbGGF!T#o`ccD<=;K<%MDFlC^I6vD(V=Eoi>u33`87I(uY7(u!rGN1w=ATVj;+Uzqi}X`XbJzRYC7Jn25_LLRuhROjv4ksHZh> z+_|AnekPlYRJqR;I$84)&`UKTZeDJakBn-}G2h%l!nFiV_=<-6UNmnCnPbahxw&CZ z?{AIdqTxn@#3NkJJyg-=74YdDZ75RPp3zosg5UOs2iD_R6de9t9d6ugu%4uu=qB6y zp%lqrl>+s&)3Yyxc#F&Iz9O9ZZN*zUVGA? zO@l(+G;ABUCal>ulQNgI@#URL={e6DXxuP+*KF_1fLzeFne3T@mq|6#Ik{d)^lL}K z*M_TMKE>S~VEa;ll-)?(5j8pM#WWoD<^Xoa^^r6m=dmTV@iPb}awQ3mHulE#9247M z5)-WVwE8p&^!?l*vl$AwPvy~F>36-=nb!}ZH`|64$BPN6@@=rzjVl>!eO9k?Cc z+3xsLao#S=>rxS|3A(mFgy9viL8|cPOx>%ZGxL+!d{(&`lo7o(1)nf?R0e$OTh*fYkkZOC`f@;bbZNcF|};~RVp5l7v$tzJmvxe`G=aSMkDjBc)0J#$tA z;^8N!UPP;Fjpn4GG|B4r^q#}<&iF@F72vGGe3KDPR8W~$0VE~7JW`jtX5dYU67lTq+Y0CKQqB9d3jr8twO8R{O1ZITK z%9rt}M=i3nk{)HzPB+%ziiNoEdN6N3mrQc&5Q-y8Qg7BtDC?<`N_*WN=`W75DW3?6E)PqfoVh~eL%sh*|@W3zZa3)-@xh)OTKZjmcVuGO_4?PcaI`qhV-uw<(t1~=ro9GK91Fb3b zBgosOzL@@+w}Rf~FP2s)k5==M#bDbCSqxaHC`uGc#~(~TAhVbxW;;)e&WPeLTy;G> zV`V2H*T0s%4Ql8>Wg7q|m??g^1cV?38O!j%&*j!q)=>^%5S!y|0g z9$mk)Fc~8IuAXz8p&|%tz$KWZ(@QE>sL)Yk*9||=@`-OjD z$-snubW?H{z8xkV*075I4ULt;gyjWeB=3v#D^)(*MNg$6oWPH}?mX;+Fv{Y_Z9sg` zO}_y!_NQ%PmJZX)7OMXHseu3!I%izUe*S73-Gb0g{7A0@w`Vw^gIB6*T>zTPV!@u!WJgm(++oDiAmCFb(k0=_?L(eQ& z6eOtW?qIx&?2SU8nsNf4$5hqzGG*-59N1ssg3mfIa;E?FbHm~Ty|Y1M{O7c&sDR&l z2%y$dDYuTJNWh)DJb(bO_{@G~3eO4a;b$1YRE+#aw(uqp`H0v{|9w;P4V^;O#z=t4 z`%W(OCCLE7oF+d0_PlCDTD8UHXROuR0n#gOD3@y`#{$N~cZhSZG9n$Sozmz@uo@wdOUabKRV+l_09+CukhxI{HtzANaEstiU|DQym?JpS1HAr*#d>c#HGLJw(~M>P z@w48lmI7Z>9y-+RxZ`65oN=hHYB!(9U%cGXip|pub<3aIKQNB47(_1x{}do)Ek4hL zQ1=PdP89g?y?&Tm^3(G0JM=f$RHM&vt%hCqiiX6<(Anz8$VLBLGS{%|fy|Z}N2~25 z7-92OUH|T&cNsxNF}}t)AacdTg;15WOZmSwQ!Rp^;>f1hN{KhS5iGJa0#u`POzquf z11(+h#qQc@srf=Nwr6M%U^djY*Jvzl%?Cm$gbWE!_o(i%Xmif%V*ZJKUrQkG zlo_&F;L#Z4ieqUzWhxMmX)jpo)o@Dq^$GVmmnSxpd5b(|q+RPbJRnW+{rxTb+o9a4 z*fN`s)OYaDK&$P$pN9*dHu7m0o!W-3@DD|Ac2-%}QBwTS=qte3gh}uS5YncV%zjB6 z8akj;oW2=Ur41b+ob^&UDG|ouBVA zy#Q)YN_SG4c>$)54H;4?ZMZ?~45EB0|9`UoVlX$I@p>RLPa|v4?2F9w&K^9vc6R-lndotM+CCk<3ITu3}s8#;j%g94=6X9&5v0Eoo zG8e_8T_Ao1T2VF{T*I4Rl0wO35Ab@Q)weuj6uml(Ze?-NDy{_w%^G8*;=o)5wxEh? zZvbwhWh>VcMX$Wo7S_b?qoV7&bYw~vFLYBI+5k9zP!DC^Fc!Z!AJJ& zXkp{Z?3SZyq#T{)y=D53X}Ed7N;v9wwGoHNDyR-Hx zI4GyqdG}T#(`Zg8=NU~qLLgJI^Eex-8Quf;M1;b&&~u~aWSmH0VP+&^B{w&GSeauL zGhzOBQg1F$R;Eg=ba8P49@xMqE(?4ydJ&d&dZw8@a;7MW@E4;HQ%HeUr*Wxlwy$DT zMv$E%zWdCVUKqlUt=(#18fwp%$FmmmF(i$VGXawPAMBU!$+BL**%g|*Z2UsCg?L@h zAXiglzKW}8?9|R(aZaNooF^1^rdQ8lyD=)&j(7v0H}pg#sH-xRQj-xt14m*sbTHj( z5Fg6eX3b=o`>WNhz3Ez=O_L%$j*u1Dc3Hhw;3zLPN;I?ILsZ<_EcrWNiSVtL5&$O@ z6(CQ7nSTZXLz1>AXdqW35#iUDkgDty8+S}v)9ssvA2Y%v+veLV? z`c$0IE%w9@V@zuXL{MPPFG}=BI{KUeN|0a*TnwD*fx5kzz?Kc_~o8V;f+Tx3`G*B25ybR%`aJ^QC>JE#| zK!iT{COs(+&7c4tFGKk~ypj7OBf0PbRdOAFrTXq!Fd7bY{kNYI+87dCNqF#)=k+|g+P?G2D z(K_6(aF61vkMK;Wy9z54_7%t?nF@Dp2VHX$0&Iu3gP&H1x5L-nlr|1Xa^9*m1e6NX{s z-SWuUYvYNAc8XDk6lh1V&X3v4W&WWNi$C=)hu$xM?2kPSx|$t0pPDiqpA(IhhsD{h zAqU#0_PJaEY6b?KUG3wWULKGZRs+5#^Vef~n^wuw4!H7~eBMm$$Cb_f6{F5zp%5tW!#N%$fGVTo7?OH{c+8JrjSJ zQP*);A+7}OhO3z@j1LpA8tlR)ckz#w=wJ(&3Y3$jq~Wp5=^(Hb?G@|`pk&Nc*LQ+* zXhAca(2!BKAHyx+PbpKblpGq(a)ag&&48l$lpv=KihHUuQUp#U1Dv*jnwC}Bn10H% zlM=8xkJcSRF&2W1bHgHJ5TN-_Ecit@^u>?$pc=lcd9*ul!Ww!IH-)uV$ZObGlC;sx z+PvNr-&ZMxuEf`9t0d4_PIJ_?*nWV_mBh$EhhMX~9VuGfu7tjoxlj0Dvw-?`8m5iL z)m7Y770Mk%i&>l}J9oJwnbZ89zcxG_Gc%dvjVX?VOf6P_qM>(=+s|;TxL4{`$dtNy zcyF$q+uS&6V}CXWPfW|zb`G~cl%I=>wy3%gHLxFg(4Go-M#93MRBaU$1w6`ucVIC; zmBJHL+1P0;UX|m5(tF(c0JF3KdBS56OQG|Nn~C5ylKl$W#>?!HutJy8(OPe;9lLJ# z9H~2l9x>mm?g*?;qhvYvjsK86ECehCT+;T2^@ zg&BqlJc<>1bg z!|Ovhey3pGVS|-r-p)X^A`A(2kiXPt!ndkI-Yk>Wuv+c;7`oYDMsB7mraNk>o~wKL zOR_Q!w&OyU16|ddO?(DLYEGo4)P9~@Y-X@Aif8qFdxs#lm^rQi1J#zZ55UD&LUX2a z<^-S^`}t9bb?EEZi~mHrnO(-@WFEJZ{e9oAj!TSd=LDE4FS@4orA||wemfr>HcKsxv)+KyLUm#_)lY>B>fU7S`?aSZ}_afw>n;5(*Y;!uba2W zSFYVZqPrp`lN<6vQ#7MWZB_n&oc&?DC1tt?IiNF%A^+hJusC}WQmRz8X29y^@{}MM z6ppg;G7ZXoqGpo5tNS6b=CXDGGvWJC7$_A0iI?nwH3{{1|8?!%v1tWS5UY=|@ON5t~X&;vNC)JOw-nt?d8tbokU7jB-&$D4v3z5|PEb4IFOJJdq= zCLx8JrQc=;N(DvzYZ5kI4V{mQPdL~6_@T`FW7YM5b}=ZafbvyP%1F<6wI{NH3*Z!` zlqne5st~}IMc|O$ zKpq%YeI|>H7d)*pdC7ecVvy4tF@aJYAflePTfFOD)-}-dT(_nVVec@?;F)16aKY#b zR+(#R)V~bF9AW0wYqx5cTXl=K4j#Qrku-Oo^M2}9m7)Jkz~Wai)oIR-i}z&&;ih;d z<bk46W;82(D&&>bUC7iK^B`2h z_0%3oNV@U+Mwx~~oDCpGt+#5M1Qq5*4 zTI92O4}mgAo%)mV1^>}n$E^KYl%eyvk-A4Uchny6RD^fQiQ^vDh{!X6^O=>@i{^E#>-ZM zw$pe~=$l~PiquT1eqCkV-K_ppv7W+p7BVfLOw6EGywX$3)@jl|}csO{Y z=5JMxRE?NZxIeEmJbA^Vsz)iSS`i^FPD$RZzEHZ(tBYR=$4B&3 z`%K8U7)$QY7^bU@_^`;}m0SRtMnB&<7}4`663>`@1-(?uG9QOm#Nh%O1$oOdc6}g} zg{&cz1O8hki_S=Bepx;Zo*x(qWa1R`0no_}HHythH|RtJPkSE7-44*H#zl^l2zs~J zAPnU^DYtP0XLKo7T5&){a;})?scJ&Darx}))p_%n)T+C(*KcdoX*v0}M*mge(kbJb zIM>XIBq9StNF4?#W7>;LS>< zUQ0hlwo<2M%G1-H{vO>1R4~46dg50ZUEP1&w~miZeK>Y#O7-L|cE<^nN1S*Evzc96 zO}>IQd2Ut=I3?pi$J+BZEnu$XW);5b4HO=Rn#3ky?&<~&PvK=dPXZVGo5twzqfvol zXs79@!^6nb1F zG_F%oIA3I7T)Rks2;;Ao4sTXOh<6nNYQLurF=>owwX@#R`UI6i$rnv+i5KPYAmFK? z<-3hSq|9f%CNW?Ahk+(o5J)X-Q00UEN3S z5%za5htf$pFMAZSf)Cx;umi@+1M&GZ3`QBA*BAp_F7x;oL8!Wjh>Le7a=_d-JdY<2 z931Hz(h$a=_uy!ReAM8;?5z_b@SARX{sq>|`%~Db?&b4+@_$%y%4n8{98v`uZ_Yat)w$%p z4*gTjP%Rh#O!qUP>lE@6xa6CMGGg%?|oMsfgSHENs8VujAU4|u* zCxg=qw?3=d>@=TSJ-n}6bzgq%xj zWtY>T*nNre)On9{z+buoHNA0;U}vCp-n1ki^iJg^Vf|j-jj%sd38W=RNZyqq%w?F3 z86TqG4sLNbibBU<^R1$nmQTmS%J+FZqyY>>u6$dKCBZRuD?mYuz#$lihaIrW$yJkI`+9Cz;E9j*yO9Yugbf(L za(vvwwVC^>rKzy4L^vG}ill<%XSUt9cyXGgBW~%1IYp(o^y=VEYN|30#!JfC&uDO7 z(SHF;ie{a_eez0a@Y&6aaJtpX!}cm%xm#(v(p--VR zhT#ANE(VA@>uy{vBn`{vK!E`b6^d?V<=u>t+~WXUs63uDV|TynojB+ zE5nVr4W-BdA3ki6+63xwU9diYW!MT0OL6Y6dEg9^MOhz%iD#e}ZfNCNO1J2~W?4p! zB_5)4rZ|-x6oc}?9KD9*mJUzPE<1Sq<#d*)I?a0ef+P&VUO^D`!)`HJAcb`Vn9>wV zek}d#FmJ#aJl;g+x70Wv9NS7Z&RumHDgNVIj|Ds`vbT(*{x<@{(kvIg7cP31FeyX| zTcKWg4+2=JSc%ujH;=V-wxpZrw`1xW!w(D$`?M|}|ED?TmF@c!mSLmyfS9XMag+l8 zw%*&^XsC=4#ar!qpEQxnm+>Hk%8vkAD?8Zssw3!L7ksuduQeg`+*BS`)+Yx;p$p=% zbcbn}xa3i>aqEOT%H7GZG0=(3}_e?!cOC&R3x?WT@_%{d1y zE1o$*>EbHoU;>-dXK5ufWsuB;CDc@T${_{Tn+>y9?SXd)qEEgHO5^zN!C++X_Jj-s zuvUYFudyU6z9RqAR5;AH)@Dd zjxMb;ndfhKSHv12Q7q0({Jfz6+9&CW_v*`JmNPEGe6l^3`pyZ5P6}?BXHEHM7a@? z0Sh*>3xtxU@+5ouX{OveHGBZW$=>|dAlesCI-xJVUt%b8!P^?Pv7#YXQK`RWi2z3b zAjUZfX-ORE7l(b)Ef|+MZ0a>o&RXvaVZy4KB~&@xfIL6D81Fgy!(Usu5NYn3;6o7g z;{0V+XQ!WR)y`qta@ee8;t*-hpRO)}f@zoufX>DdzA4#Y1G!QcyK<1#N?MmO87#ot z!JkO=qATF*kmS4Wpb|H_1L=X!mvPu_9Nwr(ea}p2)j#xWuacn(Hh|CW zCM$w!Q~)p!mc9Pin)O3GdqBE^oFx9`%7#pIVuf}mKLdm= z=!?;?ULNl+Sb7eBmWlcy>890(_Pn|Ydeiev?%!p^leA@N@RTsXHFg}Di({W&@MdIq zW_Bf~O~43fugv_+k9Lr@F3MuFHMo7#0`$)O{o>HT`VNrUIJWQ2$?uDrX3=sh@hZK{ zbXUAK#WN0vH2Vn|vM|b8@_qNBkHhuzfxj#8#dLv1ey^^jB?YcjJVUyw(ul=YYJl5y zm+gJC?ZAq2Ak$GF%x3Pk{Uvq{U=SA_W~_GY(Y^D*9+UAy?ipeo!DW}7f?z&;)m-T2 zOPHgPY|_0`42ubqjqvK^7QkDcyp$_F)Dbyok<(QXaC6sMY={*HuplOOH{e;ifU4}t z0e?}BQ)n7NgD|fsf#~sY1D8v|-jUnGTw(_?tO0Ch`ToOt1=V-esIvE6zLJ?@@~|X1 zH2~$vdG&hjK@*cb`nXA*wWlm6BSNIaxPwO-%RS@*6YT*!K~By@e&HvPnQi;6vom$S zhVIIiswL(xkoJA#s^#QBHMfivN*j9}fHG;L;wPTTapjls*$}{X%RsKcXEBMw2*dJN zdF#`i@20VN2r&F@BBwS6-+p4V&}{8~!+UJb`%WQ{X^jOc`E}!FC3ksDZCEzyD&ZPUkN1u?|hqV(e zF+uz3VrBl$@$Xsck*4-c`~`YPFw8yu4+~)=W1&`AHCsDx@u4K_Btlb-6k93*clmox zgWSBG#dDIIeCnT5c?EAO)QLX&$- ziI(tjj(qa19w7WaA4;E{NAm=iDsV!l_}~nr>$A2*{p!%*!NDn?bNOCSonabBkpMm> ze4Un@U%@lJuY-khOA&<{CuAdqc4&@{D>cmdQKFP{zd1eE!|X!XrqXk{g}KCHXTvcm_-NU_@F+kflkD zEUcir2e=2cK>Iq6|7k5Y9-X9Q@5_OfKBKa}TT;pL3h30BI#zQvazOG{ZsA z;;AO481CH-SSf`zsHM&0eVu^}NAsM|VjzYk@a?ee5WxB(HT15rq!TqkF)&NHBHJq9 zlE+)5>Y?e1J(*)19?jEit%{0h&c&ykQi)Tda^38u;aW_M?}BiEBa>U;Tk zvrTg!jdO}R{om9MM6{Hj4B zYbOWXn|q6--CJUV`Rd=a{G;;vcUfCYECugE(7y1Ibp~;N=%2?<@*>J}oX8uWO6H#W zH+>Hbbqa`Ndd!24R8Hg1x;X_85e#;WK|P2S@v%&*O+No={9m=_Gbbl81(Li+@kW&2 zBG)t|TZnvX{N`m(L~5vR@xxk18hRYj@vaF|Q0ACOL` zmPy#ygvb?^<%+jc~C)3H%LA(HX=WFNTI5ja) zWyLp({&5;Jn`5 zCW=Y(F#2+v8pbrymbS^+$&}HifLN&PD|wZf1FuC!%)J?6w;WsG!d8BMR&kNPzzz_} z#9@YS2j|%Yyt-Qmd)8{HlU`W_xu2RO-23XmCUv(9-Rx)6L=BbJz?~PFIh8zYd5q=w ze$IO3X5ECY+L|+eB1JyoN_bc2g(|qkMz9}aH|(xZs<&7NFgwam+`bEN$qIf}f)CR8 z^-t88KE2J+@R znK6u?!4#V&Nr_h@*{O1kMj;U>8s)_Hp3u2w`?xEH_BolV-y)5F=VYvkuwg_{5PLH7 zeM(GDaB*7!{x38%m(UIZ(+EVb4y$^(W9^=hu_){Y#iWD9%Pg1vtkHbG3EK9EalU|;#V+SuOPUT9_98ZNFGmJFB)~B0QsO;EIG5SG3aJkZX3#w zT1>sDr4YH0@Y&jAXbDNuk;=i_XFtA^YK}~H^!2)LuB@OD6w=_vV-?s+3fg~o`Y14f zjF22jB-ICBc}xzvR}y@Jf?=r3Jzr9Ce!bmDq|p_)ll1(Sk1b!R3OgoD3c7y)pkqK$ zp@>FUoN8XeWR=Rx58MxXO;bs|)k%Fbtz^n;)|c}w;zZ9>1$KXO&$RVCs? z@x%sgZmD4oh=<*%Xh+rL2;~(xR23Cowy|>O*9o96Fs#;{Lt|?QVFb*Pl@(EL=9QGH zm9{a}-g#$~Of7l7!iliLXt1H1l789D+iRRQ^;DFlj=t#tHyLanfP)qlI z1-2_bz3-(wV9qV#gLTJnTrBdjpJWq_CbTS3}Q+NuU zye&7`RFsoXeHa@KfV7>?g68OGUKZGz5~*8wf4()B;tyKmdTbJq6)SZz;N_uJ_&}KAhG@L0|LKnow4m>@F80#514i| z^;v*kthd)zBp}J{07+lKsO5$p@Nl$_zy!{i%^f7dO846^=;92_cYbR>e#z=U0y{@<-l2(J7=_ftwhkYY<~amg`qaHZL`}GUzBF!l7*xDja-AXN zfMec%bg49Q<8%`c8#b}~$xrWB^E`7iwda#T9GNWLqH21PaHrDbhj_~*4Z^eu7~MWC zoQ}iSOaQ(Lm#M2;e8&*inAK4OtRSRKI?HB3EGHk{ampJ0g4+*E_1N-xZgiVIS4%d> ze{MifOZ`Sa&~<80%%13Op3!?`(kpRYscMpv8yJp(0OFlk$7me zD)@6DBXX%|XDb7qEh>`FZ+|+-{u$be9j%4Gi zvp7Y8k0dlhAiQK)G_@pk5*@s?)@IXk^%M;V665Qys}`pf?GwIdsoN*c7;i0A2=6B7 z$(G<_E4~IB87#FpJeWl>orR0MdSh%CPqF5E|H_^FlP6kgrZr!sn0*QR9pQu$;3tm2x*oUQyn-`G`VTs&4>UTAXmq)hMG|#>D{Q#HNBNM z1mg{tRfXZf2zFkRH6^LvXM&5PE;3gN#?-a=PJnlLzu>jol)z}}Ghz_bXxT0XeYY(D zvsk>FaXwg`#63OT=V(}7Isrgef{hzIo;*hvF(IqAnS7_Bunh8u_`8R+Fl;~)MLk$wcS+hPpk{LV`~<*Uw&!)pl)Qz@zA;m zcXOpIsS#gvD3*GbhMHJ;^I@N5qDN&4&t%IBI5RNx7!q`f*$?F89sIcMp74+C#IA#2 z#g*Z;ZQh|4+y_>$2Q!y&)WC+pf)r*tOi`>EgP^nKc?n_tAX6g;)RX1Y3mwe5fU5ik zzzP*50MZV|*|Cxfc(2fY4q-9Qseo=ozx7MCAUqub97MyG6&ayz_jk0EKus%KE|*{4 zmR?VlNlRG`hffORsBG_zrbTav;+_+lL&WT003*0 z3P*BKW~wZk^P2A@)9<7&GI%k)C&QF86+N)pDKT;K)q(XVfb>EPF2@(=Hif*+K&lU& zHZ6K(TJ+|0f9k})JFxI+eDjG1w@NL5#Q}KOCNh`w4K_?d=TA@#iC^W^uAaszH{D#B zjv({u4bWV@L-&1zVet?XTK*+J8kC}S=QQdzuE<&0h=wyNj zYD|%{=o?<8PwWFltV`c$c&*B(?z%_IHrm19bqMef0v^k^_5H|)H#$vz41OPU94jXE zL+~xvbZr0|-*%~6v^aC$6a{*DYYIMm&#pPF>fMF1Fkai^X{?+xY5%>}=~+C;>~w;J z3W7I#BWEM}EeAC)I+VD*NRQGGLT>cO>@F5{QHXySDr5A;1q)0aec4|7{mKPpGNUrG zCXBy99qw|H);RhqXfzD>OYJU2`E|X+pC?YV@(roScHfR1unnk;X z%ANoXzfiR6qCL86!3I8jRWiFFTk{cT2QU&Nv6b)e;f>2$$JoxPV+n~Vnw3A4IQ~B3T@php#jJMD-_8xp_s6QWO8~|;U;76weth~OIOg+zC$l^k9Ig7d34x* z=}fbq7?CjvCXRdoBXV;X{fs zecYXB_{$^ZP)8aY2k>&BhnT_rOM!Aeneewf(Fb7z%{)BkA)clRboUL|25%ar4mf zzNy7F9;S;J(sy#-0>;;;*1HS5VUGf-I=Z2@&~EL8ko1^>Zm!lP#)}=m>7pGAD}$iQ z(QtxXw8B@lN^;Oa&P4rjf)lJum{-UMHp?{0;AaE(Ra8a#h{&)4dvdh6#p$FlaeVOb zKHLl^2}`5Cs$SP3GZujW)3e&7G1b8%vDzK z7$o5|q=y;kpWMu|S3f}nh41yDV4;_&%8cITOD`3I(vDbo6QpOXQ)9|$& zuxqYv+4jhuCEi;&@*fR*_AqLLu=f8PW(Kfj%miEyBh*-9en!*NzAb=^M$V=UlJR0f zn0uc`Hx)ux(lp_XyN8UZid<@?uT-IE_cG;#@%p3e9;Ik>jA2B}&LF@nhKFC#G&J^I z^{x>(JaO>&eD2)4o6Kbl67X(l{-}I zW{*bW;l9js=4P6>^0mZg{%X@)4k_lr={?#i3Nf~eCyYBX+Y5xF4?>&7BxHG(Z)C|q z!e{8;i1ZhHKt>cVV_Uk@4eu(XYm2#X7go)m1)4fJEyB?qgo*hBzp;m6cPrImKZZK zj5pC!{^8DZP0L|J3=R2Dr5Fqxje=`4yt#tl*hQ4xWIEv-+(H&An0p0vG9OP)40O z%8&PHnnGi{2LjS3p8kUMh=J&xV?fZ963!WyPoI>gB4>)-Mq@}@q_FZZve=~U1>Kg zKB0$t1xoN%w zq7}{-h$DU%TL}@N2I5IULW%^o5Ip-Vb#!O-qsF+~@ke^27Qg#F8q=CDH+(8h3&OPp zEfQxcW(@V5W&i2P|L7>eSM7s#n4X0dyALaxF-P(Z*R62mOE+pj-T$RdtQbCc0%2Fj zPjWx#!;#EC;h*&jkMPLCsFL3HXOI0NE`N71Y1lJ}0jrhDK8Cg(Z6+)4wJ|Gmw`M57Yenc?*Lx{sTZDR0%hK%ERpKi6ET;tGV5B2l0#ZZ@TYW85 zt`OR;1(Og%QK;y@OQH1@gO&beQ#d9VHa|d6*=B2_v%;e7^n5h4#}b_pMCZ}8MWyF) znu2MulT5$-7h#N$yDf!1TC*T?$xQ`;_-lnvz?2`nQ5()1E=BV?0kcs5K@22*O(I3~ zdhlvb(xZIkxxHhjMf2B2f{I_e&zNm0y>r_H?S@|H*c}T(AHYJ|@^;62KxA`N@P743 z^{;=rn0`vOF#YcPdTYDVpcch1l24g5Vj670Tn&pX##cJeL6U!F8~tHvUN4syp!EyK z6xjUK|AX}8ce-*39^$RV=a&EU! zcQxUO^!EToK)S!hF@5;58c`UR8^(Un)G$j3A1l5!ce70~k3QR1`c~!PJHTG$tGx@DtU~tfEpT2_yhkgN}xJR<8 zFGT5RJq=Wz|L#;7zT?WP-aa22F*R_oD8-ehz`T~XI$g81nA2YRJj$Eb-BS}~v|wt{ zQ5+h(7hI4V`CNa21fwSkzt*1f3}(bu9iI2GKd`V=696{xJE7w$D=QyVP;#1W;RYcE zeTlS;f1psC-@Ap^|4D2;Dq}*pAO~Q4UWm7>l(yd7f241D(cp^p6h=6+N)o*(y8L+R z5|4DAJrTPYFwLi#?;|{q{oaEH#Xl^YNr)@|MSA&ae{M7(GODgHC-YE*G)Lz_%GM9N zxWK{`!56Q2Ac(01a^4%J_caFolZ5lo6R^V=_qqp`t}LUvvy~virX4q)kU_A$3LFDq zo*F~GZOjpFkMmo0l#zZjN-9Qn@JGHdxIr-A$+I(sy<>Y$P1mQUJ>o-E#y09HmZ#-^ zeS6Ivz{(Rx_pu+--YAeo;SZ{pAXgbX$|JFNhJ$o%bf_W5%&TL|di)%4Jq6_gGi3tF zzs9&*<1;+z9s-&`ODw14CuKhkfE(epH{7;L)WMH*I~C;3a(n^}pr61&HAHGWKt59w!r}b}u8qrrcE~^d4|6!&ixT zQ3|2Ui*oLBQ7pC*1g2h4yx6oWM%9{dR~e}m3mh0|DnWQ0{?zM?^xwd|K?AO4=mT)i zMZC5fq$G;!Z5r{yBuvm66$eykdt2Il(#c}>i#t*-u}}&d43Upp>j{8}brwp3uQm0( zDk}S&UxN=~>-;J)DVy~_IGq+M-0(4yLJOq~Kk<$NmzCL*}uy>fJ! z&eZ1G^wJ5wZsAidE4foH^bZ)up)@Q4%$vo+Ml3@4)&n@As1#gJ_pcZzi=YsIzphoh zL$mb|Ag@^dLhc0b%(6R6X76`|c8=x+i5V}3dob93iLeP8SVC1sw^dGtS+r%rERvLn;Bc5ojvhi&?Dk4|bL)LBG)| zWlaSI5TcUQQ4tE?4-qqQIe)DW5MUXMl9h~NGw^#Q$dPR99Y5?{66P7&coC66@UaIt zXG)OT-agsQ?duC#dKgtfoighpN6`0?vvBdA2}$%Q_?gOSdNKWNm!vc++rvm5#ghK$4^C>sXqFgsB-Tfu3F5QjEq7D_w+u^?7s_sy;ms%u)PQRH6&|*`7In1&qEz{} z+?!|o%$0%f@XFBHP0|dAXTS$R ze1!s_o~Z$2FZht;d1cr)k{slUW#F-S9{rR3`dns$2821l)LvX!xhfYjt+6%goD6?N~(u?uZ>)RY6)u{vVCY3Ly zuu;C+hEaBikj``T>2_0E*jrl*fbHW1=D|%;l_(@$(G#2PVEpVf>{`Acb|Gr0JENXd(1AD9g=^TWHSdIj?jJ@xqe_u% zeP6Q4G;y8Kh(7My&zW`P2cfsdQ5#|C z=UpGFs!;3s>gs9?_w7(G3|n8NW=@s8wRuqn8) zV79oM##LYOKBu3Ecp&fW8DGbq5-TWRE1R*$Fh{@cC-bttz;nr2_MPjP+reeQ6G_pW z8lCslef5ALC^=?t0t69Bgn8ljzC9%vRz5#BG)p`|;AAY;MpauYcEwkDGPSMqjg^w{ z(92!Ey-)T;bVV$6fj}LC!>hD;*BR-X=PeAqcrGMLX@nKYb`$oLZFQuWC)_l=r_B4I z@Qn}|Q-@xii9RW=0qo+Da5a+eq$tT{&@T3eiK5lOqv{HbE;=y^Tj;BvZS;vceW@+I zo`}-Aj6V=+0)&)bJJ^ScpA}M-0`IZbAR^n(8o&c?bfCTCpFtF-vX@VvAXO#zHUzBf zb0-#}W;7uFS&pJ?TMk{SZ zpt^-oUGVL`i?6u2jgN7r$5V#g{{YX6wEh%8;i+8P_q_bK{n**)?6h+snK&l; z=iFWkV*$qM_~&{1xpUiyayIm*yGZ04S2eJ2LALdxk%**Sj~kev`unv1kd^@3#u+xZ z+PjPBR)cbLLe$1J>{H~}@OJ$vio&W?C0uv#}oRRL{EKZKn$87_fzt zdcz61v&fGuu$iID>yLGeAUlsZMVnmkkh=2TgoS+L%$2ho8g)`oU(~_tKHYC$=(g;t~H7mE&`FmzNhTw%G)S}*2I!gFwQ{D?-F(;*940ouAFZ++T6Kpg;?+; zP23Iuc|wK1=JI6f-wE8666if_@|!n@L>ttpHSuk2EVfW8g9XrD`?3vBE(DP~{a#b&j)78#H@Ssy&SQ_X}z4C}}T2Y|e%wvz7$St*sDM9KHeh`n5~vXHLL{ znOxy`_PRVRnyc4pB27|Q>H2*Q2>_hJ*inZ$^`#3fCb&A?y!?tg1fA(ACplL-l)SDx zCQ|#Ha6rwnDv3LrUt;oEcf#GWaG@RJ>1l({6gtVr#S0zTkA-!PU zYD`peVE+Qo2j({1jM<8*EPbR2X7%+R9Y?>Qtz_~eX863eT%M|j1`M}s96%THB!S5_ z6sFW)V~K&Lj@hZNxR25;GRI}MFqK35v%#|g%o5Lq_HqG+0Sm_+IanJa?iINt+ZUrd z@co*^|F{=f#@>fe(9`65Sw?^70A&E}!J&ZjC2#@5s7*bzd6oN&V$bjF7B?Rj08LzO z5dmn#>nEIkcA*`i4!T}fOaMnx6czrrb0duQZO%HZH@sc`-@|oD2a2NGN1>u+kx}l} zAZ#QR2Z7VE(P&V)V1aau0q3z||A6!QvGoHUEX(uVv48K{r;+@qIkoCxwfXZ0x7~x7 z8xVlmc5=054==d=g9vu>@54)V-q(phtHNDF2DSsN?pxsBQ*O=8B{RHY=<)Ky15bA$ zc@Nzi%u+=ma>|$LM(mvMN}A`#n~PPX|JWyRh-BUL=6QSRDPjw4(Mg>3D#U$djvkZ0_X<=xLuRHouB@~Slp}e2<>uGlJ zi?JHrCEuGq_2yMn(QM1}3(N$7km!|3?^{{Hno1C;S(N_pJ`$)FW7bJHRQcz$EyHtE zc%BUj(k?Cs1)rTMlZyEYqG}BGJk!Opn;vU%3*)lMSG1)^22?p6(p z0**_%72&_^^sJY&ry@Q;wy0hJ#3lrVl9o=Ul`>v%R-~p`ys9F+LRnu-aVfd&f-(BN zXknVVQb7=9rWPV-W0JN5jgUrAsLOvO;ES6c7z%=ySL=Zh5}+_5f%2dshNI+Q6FQw}yJih75&*M4z+d({G> z;k->GTQ1V|+)OHQ*Gm_>1%f~Uxc#Q-hZA0Du(W4Fq>%-o87nhp^Q_Dk+3h4yij_1) z%rw4B7#s$fc3FW^iHT!e5ItqB{9b$B29erQ6sC%%S~H*oy82Ive0?+akg1OT)XtqK zSBxgMvnV#~A*#ZOaFh9w(`G&%ZuFzFX=8oOGN-g65G+7lxWkz)lT<6d{LFpg-?3JE zs@X`8HR~8jyu(Bnd+dSAp3bkf74poM+Pv> zgsr8sldQu-b$bD47 zyt=~1ipx@su7UnY)JR7Wr}2P4@I+X|O5gahgtt95{_!mmkCCmw$2{}7B@g6PRbD&i z&;UpICNr=I`Y2pa!kt}%6_~`~+Us+f z;}fKH!j|a(@Lx&C*SAK|mF>Eh&<^In`8aN@1c<7;`Nl;C44INqn32Faq~^-<;q@C8 z|2=WrjI%B>i;&Ud^=E)W zu0s^F_95vzS?Xkx?a!h$df-`Nxrr6sVy6uXIlIP;CfPC^dmfV1`gTH=E88?M=S0jj zZN(0^MP&&_I=)$II?ra8y#47@n@-T}gD-pMIY0Gh7*7lVs@+A)R0+BH=HnZ2iieMkWN7Tbr*u7?V~^;GQn;ZxqNg zql6Im(b29mnPirbFji3WuWnY)IWDd6S5P!0A%h=V_Ky?|&y>&9i7o`QSPW8x?3*zS zs$o+mb|xyVhrEvhqi@J>X~C`G*Jf+ba?J{p;P$VC*i*}11i1{K{UlR+R?2b%>uZ$XmxeUXT$Lv4+Z3XybsBn zTF9F+5TW6s#B-ymlLM`{GD5Z~t$h}-epmIfino*j^8^-)G%4t>l&T9tLuEnT*!y=b z&8L*KQTA_aGnod_|8Z7oiJF(p(qC`yj1<_Yljso;d(UN|28o!3gbl@bakhcpvo(q} z>kWLFm(syi$T~s@hhYifX`gYi`Gdh^gPzQS<1W%cY_bu+Q zMG`0I%AB)LKjfFGq;MYw4{(VqA5;9WidP_0ehOT9dd@u;@Xhy1B7Uu>z?9;T1 zMR2i(xtqbpJ}yn|1Ou){Nb|)am!E8)m3EN|9IH$hbAN38r||p&NbxZqu!vNN2mL~r zv{IREjn{DjQmhBraS;|;Dr)i~G>JFCikFDzx(J?G0@pSeQ>uO_14ee=JsRRgfL^Ter8qNoXzcT)kH2U z`L}ZvE0#{SIWGIZ{Bibfk3fBj&)@iUFzTKqm}Zr#@Pwk+KYfN!qWrTSX`Lotdvze* zrMQzIK*I8-ZNTeUGx^gqoO7~1DR>d(hSt1r=cCf@L$7EollP*%06lPyMgmp!VX!Zc zm)zy8704(`kfF(>Rt!gtQ?JwQj6E4&yqXpBju0SUBsVH}aX%s+2p9S~r}FHLZXha@ z8C8y#V`>JXQ;oTb2x>a2BoQrq#^($?5t?;z#?DCkXKzo_bF<@nayI>W)Kyf04LqUl zD5T|Hy|ETw>i%of3gb;6@K^y%e<4mtpnO*JHnvEYUtn!pn6~C0TlcmlnY06HT0c% z*4SDQ*kuo?xX(<1y??6XfX*8V(g>BUkuoQIwzRaesp2051_J2t4bj2aSb)6zt7M(K z4=Qo8xkHHr?>##d+3t}4b>~c?I;(|1ki2`!)L&rxUB}{Nr8J8VHiF}PpLHcySigwL z1>3f4)L3jC))y&y%OL%cVCUQ|8{+d zQi`go%BxMup(C$~49t-X4kABlEXOoT6fzRu3&Ok`-VUPLLN9I=1)y{c@Ik~&j7xL2 zrAEJ`$yR#)^H*)&U+o&Z8r&GjmpsVL>o!+kO>~{m`AT(Fe|R+G{v?L9JNA5GmO7 z7beZmf=?1~7isT}UN6kd48yokC2)dTSB@I$YK41Ql&i7tFM_*{<0S07C|L+`h`Emu zJw|~4YR9|7^(M;{HsJf+j;qw}EziK4SL?_@t~<#UOaRQXqwG3euKPx@njR0&H4Jc$Swq>RH zlZhgW7=tX5^~(&G;qyJKFnjo_dit0LVY0GLs&nwkib(PzwAAl)r8{NQg6~4l!R47_TwH{S)W!gH#=>m+lfanrt+V+$+dD7xcre0nvZOK%SQCI?6*0= zCH6=XfkZHO6nuMDhNI;18nuEDP%$rx0`e==jHqrOprpwdSbingl|J?sn^Ck7`i|Yd z5UCB|bBXP#DBB2PmQJB)=`P2G=Z%;|e^v7mzhuDgj%r_26=h!$UcvZx>hUXJL4; zN$RV&pO^Z@#^Mlt(y_F9-mfFX!ePBw(}tJ$6lUvLbZ>uafn7>_4mJr-q%q`7kqN^x zpeKyjiD2` zxV~l%&2}^~_192IIgPMo4n3yEpGQ-v?g<(~=b7}8n683m*r!|&xmc?-JKH+qXDL{` z!0OCLM6QYTYV~`3W}K1N-1T6w7wnq6t;*e>duiq;RV zdj632G8A+?uLc#wppoVIWmUVw8&9-%8q^S$-b<+DWu2fLY6|k$VDLicoPYBDJ1S+L zb3Hp;w!OBWu7B*d++FKhZnp0fCtsOTT|{Y)UFqH+cH#*}Eo>VW*C~N99AYx6!B`3L z2|2K1uk;%Ejz*03&87RFLM#?>lRI@oBWN$zoF89Ww8|-#+eNagBNkVgnb$uF+Xuxm zYy+=S_AX9bjsXRD%HxDhTjGuT&q>IV z`UBg$X+h|xLoOtam2chjQTpVKT151JrzL4gi4EycD(B{qV;?KyNM^k$|8mOE_3{g}=l52P(0L9|!XbeFldTecPSy~u|x@$SOoi8|WzadbSJyOrLQ z#S++CA`f6|rFAP^e2`Q%4z`W(#XPAQGlTlpJU(>EgBJKfT&;b65Hy_G=fQ9X3BIN| zO56_9x6p<)aMU(n`YR^`+IEZ-qzDh{2TBW5-N8jEO`d7B>m4JQSlr6s0Dq^){7K&q zT0W=0dj*rxOnL&%ev2;}0TjlwG)EC=d}n939iZn=KPP@(zS)WI2$%>i%O%nWL7vrp zqWAI1xejSEA%8J%X+TM zmRXhCiZfap`B7kXR_4gD(6}hNA8}@o3c~`qprv2PGG5)_{MD~|3)^^x?m{v=kS}7OSF6;$dWCB!Ktoe z&h?`GrBsozucFYV9e|ZgM=nT9!V$L6a+$$V^Qd5Djz%3JWY2qPfOYGU#QTWu(4Fiu zE^L**(pg(h`Q6-PXxwvUcJ90(BVPT)2AW>)__U{0_<(ZV7^(Y+#;%KC!m7JM4?r^y z@Ux@j=JIAKx-C6*lTetH8uzx$Bc#qB12d2N<_Ad7jhg^WmD^n9&tp;O#zD^)kIVyH zl6wOxJn->+Legf;8Jxr97;JmGBt3#p3m=dZknb`s9F+L+U_)pw2`DU5|GEw@lWZm9 z(#|JW`bv6r)0RI_!Gz?)6bjxW znY}pcBuX|SbQk5Ijqx3uiqqJFk4_hn6W-?l#+NSLb-|%fm~h24P_8ndL6DYf2%>g7 zQ~k^S=)%_bapn=evHcECHRNgv-^2MlRK>{K}DuHk^k zooE+CzkMorK(9Xz`~<)(h7sSMF7UFmx1pd9UJCJm>^6xbrmQfU4fFy9zdZO&iZLu` z#DPY1CY%l!R#%uV2}c-4(0RV#0ljz%NFJ}b9i?*QS<`K{y07CQIL>03F>@ET<<7;s zpZ#ytFpJ=~5XLr{##?UBV&a_g&qMRU6uD?MPA*dAvyu_;WTz}V!(nQl8d66=S$zLSScm-DZi-xw?flyn0* zaR8B%qQk|N3wq;EBX??R$zir3n!*BM&mI)k@v6g9FS0wHP?eEa6V)OFbXh52?R!%q zI0zf?iE`jIZhg)FZrE*%#FQWUoDb`QAG^qXxh@;#x8R;JPS-Rp{!&`Dn)f>p!&0M< z>;9`+Z2y-9bIJAZkG{VMMv$lG90=A)qWr`(w;WkBF8&$Omrb^QivWYI$Q2_PoZ>bauyAlm_?;%cpXSrY? z@FK+>bN4N0 zzIQuc_@@{0eFWSs*;!u2)Hx)LP3Guzq}4Dzz!sVrF2I|_g$H)j2rpP~^-p~e*_}_X8&UHKW9KpNQhrIjDdb^+E{jGZ@ zjzytX!a3k*HnbdF{TFIdqMS@U6M_t(*a5VG zL4IwLC8erTvD(k!tzR$oC=;}Noe%5x)p#95i>8}za=bO3J8PivA3j-C z0#%|F!M@);)Gbv;@Tj}1r${U_@e8e^R{YeOF(ke*+AaC#sFmQ0()R;}A$XWT=r5(b zO~NVu+HEK6WO^NzRLy`wz8!yw2sY%^(l~^7sDUpwkQRlgQcZr*wFJ8F9P(mPb4(%! zCq$Yb7sfMemIuGE76=}ZsC(O~MK=Rk>TfV-kEg)k_pB=U8zrrSII6XVaJ?q!?OHTl zaakR))#DjHn26V6r|QQ@^6{&%FsJ2%{p0$CfUEm2TXs_+4drD$e-iqG;MBbk8+$o) z!1J8bpS7_J3HVtMpAndS;T_zjHjGGJJT-LRBaS^f^Qsh+^}2Y#b>J~P%F#wTpnMO< zV75oBYnm>Ps$XH9{S|xdRE3s6>!FW=NThmxM6`P{|DOWU z(6TEpZK`Z!DqaU0HRmGUdAN>ZY*3m`V%5CdBz~yyu8tvZy&oi%mPD*05*!F{vB_s| ztZKC(kA@Z@x4ihHkG(W@9BH;Qy|xB(c^WuoN0MyYctE90L=tMuQ4npZkuK0R`rSlF zXyrFY_p{o?#m}7dZ0R09-@%%X3rIVmaRm%Kdpb+iv%W8xyUkr`Ho!GHTS2ni^`KIk z?Gr?_S$Ea=(=!Xed2T+vOO^n+fV?eKwrm}J6WLD10X<0D7LXe*;wWXj0mWZyWUXw0_|meo9PrX8j3raC zuwB=q>eiFA4SnbhE1E%*g#OqAkK~~`vIxcY`bYOkHPtm5S2yuExcU6zSYDs?JpHHc zY#7Hmt!pSR`*vR9(aN3U@7cNp>BsGmQRiT#wd@Z*25)M^tk|xF?NCu{uOMx_&uq2& z+i5JA9u0n}5Pp1$V)d)jp?K-eXt;L-ExCF#i>BjZxTS}bmjY28)L}Zq1_od8CX;U` zz7!}fJpRTM98xb)bKk6eO-2_)et&n<`SlR1q6l;uWFZ}DktkUh)m5(QUKaC8Xm#IN z?@rj&WP?*0J63QNAWpUa?@Vi_yV-Qyf(Cln%f9?<5tH!(qyP?mv!5nwVUEt_E#`d$ zIQObkLETSv5uvM_v~V}NSyxeEIzp=W>j{gJ`$5g2MIu=?iABc$oVu z$s0FpWp#p_AEzFn00SJNl=l?nRO%*}=jsT?R2moMR9Md?*YQhV>NBkmm26Mqjvbr^ zuXm%0=T21N6QPv5iS$(Hw=bDA))9|KL!_drr)dEI4g!_0)JYu+5{}>^SCo~8IJ&p9 z`wA$iG>JAoI)DhParQA~-+=j%M{*kKN{NtAqaBT@W?NLHQxieI`}CcP2$-WhbW#-; zS1q{SOu^BDBGaUJIODeG3Ia%-0&e3_x2ZS#M_Aw)IG(aBfp+-t7dq086Rm^}m9y}G zM0;)Ede$%WuBhMkIx|uv>OPHw?8Wu{I*qcep9GP?_G*n99=`woWO+dfc^viXp3b^? zDG#zXA_77II9+xrw*_nG<85sK;tsw#uK^wb)o!`WT3xYqAO#J?TYu;m_##$IIhFrB}1C=(+fy9B`>YRZdokP9d!H!-Hg{24lB?lzRR$fV~f+bhq$xbufX_ljv9S)tJy zon24itmF?otPfOuN{PlKo2G+C>u;^@2V9f-CG&rXy)57hIL5r4jPU5rMc}3n^naY# zT=~UB5^J#Zm8Yt={ zMKVJXr>81}xS?S*J?5}6?&nXdPvxm{1z_}~wdd6|GfBWPNYw_C`-z1*RfA>B^>C`? zNmk-Y33&)oMg$NCMUc!-98>~rX|U_2=iZ_|8jN*>B1>~TFW%g(rmIfUMWm~z;Ldhv z_Nq0S1ghn!1PgwIJ`jJjwnbB@&zXdk*AuM@;T924}TQkpw$>gadCT(w*EXly1rR!B>oIn@B@ux@Z0) zohc49FVB-;2St$+`TUouUR(6q-Peml2;f^y@ITcBK8!W@9_d}f&3wP0!Jf9iO=zu` z*&l%Ne110jI3vs_(*H(NVd9XfZ~uvQ02(uS2UotY^Wg@?LDEB`Vw>K5xy}9RFs`74 z=>}?j-@Q+O7Qe~FV`0;xaRe7$WfL*3s9XPlF}PPNZY=t~>fm=7CrBKZ>VGp;#q;^g zfhD9Oa1S)&5ce3u3*OTQ_=l;drg?gDCv>1AY;EEf(B)PTeik@(xln#isEX+Cfo!Ukh1{^W^Pvnb zpBqYBhOMp!xMhBVfS!LYfna4~rW7Kuv@~?mo3>V_Qz; zzp#_PTQW`8Svg0!6k(0*zF{iv;!Bd0DrY4OJ;L(am4&1@7$Rzmgm&a}w!t-;=0oQL zg+|z!B(y503+d@p0IFgUDM-BW6OA<{fBLs^8C_`PuHh>krDr~=6w#Oog+bt9B?V4k zpJQ1V2wfFPTn927OSWe_G@>eMKJ{lQUPK$<1gUcuC;Po~jff}<?wm$4Wz*dz>|7K&sqi3SjdFQdi{%>cqG6A-85AEd$mF8 zsoap?m@_2en5c@oluC&-$Orazo5{kLz6ZMklfoEhx^`uZr~~KB?|D52(V({1&RO!U zXdj>Tebq0>aAdIC#@t;8bF`^ZWE+6=8&!7W$Wd#l9ZuBu(F^YkU`|aP%S&;`KxGW% zxqHP##(Xlu9=&l2PuS13GtB_q4Qo#KXr<5eNDnRBPH7z2egFQ<$44i!B#f-B?Ap%d zr9uZk-YMH{DUdL`k6q(RwI8wftBiOb*iCICDS+({&&PA_ATd7d7*;ML7x;5IP4 zB?yE6_NH~4UiN_mCR;8y_yI}4Rsl#ew^z8UhJRHNL|bzX?c<0pb2BOpXg9+j!O1bp zznP`P0aB?^_=2*P-%W*z+CtN`?VUv2%@489N+i)j0EsLYaQw&0axj}e2I!oHrp+4l z;!%G*F+GI1&dP`y5g!!;sY6bZG_*>cWYCA_zUS%b5W z1EqYYKV1|PtBQ3`6=UHm#9FOkr^>3$Miy79k9! zKi;=F6ljWqnse)w!2@*Jh04uNU_%g54p@A zln}=_DxCW5&Ln3eIBazz11%X?B9JSG!Vjc);VfQdU3x2CRL%*>^I z>GlTWjt)_bst&Nlk4k7WzdyNoH8B+<7i;#WUw`I|bcW9MfmneMi`D8F)6T(@GxPFW zcVdR}Z-adV$-sJHFOEvDEAqpprfnDAp3-+?+6NXPU!_2i<5Cn>IE#f=JRAOJ!qW|U zB2|6eOTcCcPC({W{?hxr{G94Z&w*Jo2Z?xpBT41iwER=~zC*;;fHdo-*o2sdu}CnX zwl#_hsp(}FN944?1~6p}IKM?ZuIWz=f%JW$^0=*q-(+VF1_EPL)$3Q%ATu`MB8_=ISN+-TeYWfMg~{w1F1l8=qRJ7HGHck;dowwXB_=A7!pM2Gsl`p^LK$?2Jwz4^KoR)(qRDFxPV1gE zX`F#eAq>uQa=zh#6}E(d`V#}}L{s$+oDY{+!~6h?Ei#Fd52 zVh@?h0N$hJI}FMb(!SaC>5Sis2Zne=MATg4e6rnwgYG6BSbUt0W1Tg{+!xP1t|+&w zbAs+i@FDmnDG?oX8c9%hgh>&(-{AdWr+;XxHKcwbfF&$He$J7U+ly;fEBjNW13I#J ze+5qGLE&uKkmQNOC1rVaej1}CSIG+o{U8#NXT=`Y3yVNJI&N{P>+9(EYt1omw&uR3 zY%-_ULGqbaHI-nUG#UWc+e+?{q8yJU-ydftL$%Ymx4g-~721&-+Ro|B{>-`up(kFcUEY%RXF^3VH-~lSwJUPvR zVZ^p5;|O(S-Pd0Fs2yk<$^v99C!fxSzB*u>d=@EOLt~RdDq6(B_Y_FY$|9N~Vr3Kz zM>{exWKy&k3VfI}(Xt_IWz6n(#KB6teGIyAVpsWAOu+3E~Dta4FEMJ6an6ukcn44v28<&-8jf zkv+a|rZRKAw9bA?$mTLtk0P9!r^M}=X)mLm6qzY-VHk1|j%;mGZd652Np!9L=kJL* zwLB{^urK5e=AyYHNDgNW{aE;IV=PI2tIF$eMl93(a^OH6PBgM+YI;Tf+&7OZAIRR- z`9P~a_|;)N1mE#?C#YO}XGZuQXmlYc7Hv^aA0&KFHvu2Rlu7jrArIeYgFGc580jGE zzD>#JLAGK9!m1fi&q<5$G$_JtT3wDy$LL3D%PRET3>J8~Xf--@WK()^>(OjS)hJ34 zypN1OykGQu%ZBTa*#7Waukon+Zatj`4=#j8q4T zvT!Gy99$_V4>^~^22#sIYA$E^+PaQ&D^O+!OrZIW{<q2=K`7NA=rm`LQU z73KCaoOSZg?iGgk@#3YJpY;)>8#D!w0@?&p}Ii4+dqmq-eKm_6w> zho8VVq4~r8IV(Q#IDvjIEgVI#ixf8z^mxPOn9uYe{M>1T0*<)ezyXT4oil;UpXW}pE_ z@gir=WWyLt_aSv{6h;KNtEit&dUrV|Fto#-!7c9{v&-UpH3m3Qw>@8u`3dy^-*jY&z3V6*U#FW<)!wV; zn^ANSM7PMeSknWk*$@s3u>eiCQral7u##g0$#n~uqC{tG`S+-BhWyavbfex^gDRHn9y$f8BWL}VZQ(O z2_IlOO5&i!iLQq#tOZ`2PKE~nUMxBNo)3lI8&TqaW}m{3DKUg?K+pAE(7<`f5DWPd z@HhY+n?C!Qmy8N}PQZkQ>ByGU0%5mxrfnA!JEq=gQ}x~N!mls6W2_`^@V{`~YLae3 zHyR$#82bIKH#K)swS-w?>Jic;?HY_t?S8RmiwhKV-sxRe|BH6W0VQ;ao8_}nT0`W? zp))~MIbjo7?h8b7Y4nHW0mK0K5Jz#zM#R?6OV7Y)Q%!8vf2!a&{Am0dfnDBLpu)Fu zz5Ze7B}cxIEB}xl0D)fizY1~l1ndM2?GpNDKR>#S*n0dO z4>Q0#z-30pKZ;cApM~n3rXb z2R~!)QTI$q)Q9^J?orjE;$~o`34U_e@u-K56ag%&i_if6GfzVC|)T^m(Se93fO_K*}#CSt$H2*MFbjrruNlfg41Phvd@tS`(kd^k$qgH z4<7H$a@#Yy$LB|~bbR^=ynF#XPzv>s6_Y$ds%v3jPsPd{So9m~e1({1v8Swt;Wg&0 zB9~<%-Hj&)fVLe>JdmIQ6!J)kMQ%2ty=u7>oU}2JF+ku6OPn(PL!Z*4d>NOq;s;Az z-E(mvqMnV*#6-~)s|69HPO#|l*ns{*rQMR|+yl?3FPQ24&mtOSsa}i3h^;?=>h$+q zsatA3ciUpeR|A5yKfM^OSQKxrIUt##O0*@#^BtOjQa$Zg19&ae)OyEFe$QCMPv7~N zd79K-AaNbFsAWW|RFY(-4(^~evXY$W=Bi7flR0Y+y*sBd&^>AFU~SMGh*ohMxyl1e zSF;^2h85Nt2D@a10b5809vGmANkb=B$H2kV8rCdI4M_7G-r@rq&x*Xq?bz^~S}AA) zGd}WtsYbhahd8Ic@2A3>_<^O0$>i>) z3tEG58Y!dcgW-ld1muaZhgAF0n|TTEo#aivVCS>IaHyR*74C`C9Zp``1y_;!NjMvU z4y<03;pKc>KMk;;auz%swK7x> zM8Ja|C?MDIvv9^y;5E?>kp&{>D+SvQOVQpr>S)C$J$q?OarPSVY&tG)xf495jt_U0 z|BOugLc*AlzMz#1n(SxK=Z@=IGw|*t#Bnp{O!H#}Hb0yGI_P{HN?v&` zz45b&%FUsE7}JG4XhAhRPUID5K<$8>BaABT2*tlz0_MH##qv8b9%Hc*q1op({!M^Snw=w;*}H9R0E@13mFuk?3V2*83T| zN+zAOqDU`!uVOFkx*3LFu&E+5GDX}4kn-NoORO(?#0bKyRXwc!qgP-D5-gBiaw8Y) z59>20#xb0`V?4Xt%o9mCSTF}GR6Y@xEetU#=SZDcYcaS~C)L4Vs~>?vqcxN@$pT?^ z!zSS_DJ4FY6;FCutt=ffMe94h{SdM!)Kri^b4qH0{M)x$^5sLf+$g^(c+@8 z+imuHQp&p2JTZWeL7PB}YCMPN8cQo*DU&M4Ug@}Bd0H-zQ1%Y`YKJd~$XXTy;=v`^ zhsuyPdCrrkjS{^1oxVBNn#MeQ)3)p%nPq9C|FyWk04+e$zX9N64FNQhzY1Yp3_sf6 zu*FXgWs2(d@H`BEAb1(8)J?p#K#7;s~9Fnrv1TtBMe z1gI*4V~#XEeeCVE&$9NkFeo+yD!OY44a>g>1V8MbWaRyd7fwSQPcA_FCd1B(oovLm zz_@HFJy`Xu2yzF{#>!G9);*vNgYRKdv_=43Fz%=Jg+2<)mRyD;iF)6QM3Gr>gCpel z+gu$Y3EW3D^r{_|)U2-53)OHcVWXx$V3OnCNwW#wlaN$%_Yy{!0y~9gf#U6a19#CWw3~o^@WfUp z`)dnDfGhBmy7`~QVU?{QS5#>}$Ko+FzVLhu14x|8n|yLYUfSF#MgtUl7xp2#Ijigd z!SA~8ma!|fbR4X6-UHQEES;QF56&$Jhm}0~iVAo4eSTb7dRmE=NBjD2(rMc%DRf@$ z^69w*0|M!YI34nl6{g>Md5%BNH|OhN91{77y#u-i25DJ`xBhsSa(coV7+`WVJaQP| zev@$ghR;HL1&c6I8$v`3U-~1oNUwvu}&q8cku=3#|oPcRO>EX5AGq z@zsvcG71&g81Jnc?fF0ZnwwcJTv7HHtKh;YNu*6j{p7wJQbaaSq}5?_>!dE-g?J71#&5P>N*<1OdFFl=c9>UyOdU+ zE-q0Qw)lG&^GU;9KL5uEx}+{6T@(@Z7M)L=!+EnaqY3fMsU+)waE0Pv{S1ysP5bS8 zxXoF@*Sj8asgPs5Rj3UMa7;1Y+XPK3M(8qZydS^Kp8R65t3HD>w>sUhi?lhJx!=Q= zv5G6iRDl-Hut}v=k_NTG=SXL*%ge=Y4|sJa$k)l?xPYrpR?XW#;o518&gyBI`?Tgq zTFV8eg%B?Qxegm~A1sNMRJjUx$npib+mZ*O31i}{CgFqzv&o9=MUr^ z!5Z&-^AVHl} z9I&q!Va`8fI5tci=H+EhU(H{mjZkGk>&je7jNfI6VyWR0P^c{r#2nATlp9Cxb^8bk z$eZ!bku~0d^;k)8h)?f2viN5xUz(rlgp+iQi%<#N<1pyARdz9S&(ik#RRd|?>ug|h z*51R=vy!_=lK6aFgjBa>AMn-H$$HK9X&pe8Sqj6#co>rHP=+Rv)o3P-`Cp6UWf|Cd z8YmS95zfW~eEi58HUwph;^w}~2$aXL2=nsSgcbUc>)!LD>CTD*zxj!VX3>M1h zd&r8&^i|_b?aXvhX7!{~eM$M$5NNfRWJYs|A*PfBblTzgXdD5JlWJ6gV!;~58Ou5! zJ`Js_ocj1uL+ZD*BV{!eC4peBVXYQgj#q*I_-7z>eMCi&P$6P?Z>j|a&o9EjcO30& zrtmNjIoAsx6`%4kg}&bA$BB6@n0{xDat;Sv)gR~v(|dsmnIhnSa%zDO88c5Q!pt>e zzQsjHpBErFZU!%sg11NJiu=j}-bpUP%qy(>!R)foQvwA)~ERN^|T{kLQb_(uH;f)+;G2y z;8nUDjid%Yx_SvBslN;9KVuVBh?7&{g5bviYn+;OFmEXR`>bmhK@eD!Q{KZneDHwf zFLzCdb#L3;Po29!xI0|e5ikhbPA+WRjVYYXqKSv$g3h4-91!xQKr}Q<Tl=#&`mOnEN!_XyfEw4kfgqM-%>)gsbLW zJWwQWIcyKBYu$!K`#*kw_5K2YbZiUonJI>+run}}CZ5>7Y@p?Z>luVSuMyLR7C&<| zc&+m!s-kaNUhb@%Bj(g~gV%-zT^J|}3XO6RLJ1T;3fr ztGW+s*0KkdnZ2(Et`S+hL=A!w6ICEyI!DBY%o}A4?+)0TD-0tY@RaIyk_#Z~|g7yPS zd&&}qGCM(%ve1=5bx`NIBxPid&@zdg76vT7 z@;M2$Nr+?7j)joAENL_RjsT`FkqSyHKslqA$B+TQ5Iil`{S^O-!HF4H2~EbBy8h(= zDC#7F!NsZh47og!pB&1bOB(unHRa`u+`$W$3d8Of^Vw(OIDI8-?}_^cZK7n;nwcmg zSgYzL%apfimZe*`AFC*>l&a8H^S|5$0;Zv(fS%VBuhzpNUKmgO$Y=JqYo#wE`0757 zk-X4JNaAo#QV=HC~Y@WdfVy-rx%ED zX|6TR1rGIZ-haGwb^Enr#0dW9Q|ZZZ7|Mh7)W6uYTpZ{{f_RPII6+6?Jn8kNG8u#L zOJCR2$&CJY#0qy_qH->VNawXu{xuy?f>fmGhq0PULg$l;7od#jZBTMr?=9;AvfO~? zogiqs=A>HOF`qms4;E}fr`KfYGh?-mFuJ=w0%Q@s0;AP0wp$p+~@!WJm8g1`wxI-uRW*FP+a28wASZ@pkj2=nE_1F7{tFq!N?D!GUom>t+ zVCTfQjX%S@Q7SpTk(w`XE$K4Bm8YbA8x^q&;|dEJQ6l34$h!Vic%Dvaf>1i@xIq5o z!Tyis3lhXBoiw=n71_|hA32ntQMwRRr%wmO5m^cq_SRi5!yncw^!LnXmTrO-P5ENYpDW-d}Dq+J4Ow2D+9+TZ$d^`eQP#V9YlR3 ziJs8sNWX7$O+X7#eZ7R|&;y`S+keckko9V-Z6OMv%OTHJX9s($@n`f~U4ao=>hb zhNg&|2eWM<+3o)T;E3IkKuEn3pW1-3*Njs>k%o^&Q>_S&Y##up{}o-o=Ek^E-4zl6 zq%?w5ML=6UEuC8bkU@}2w(kG1i+^B9q^zS=DrcZDTxPwDH(7u4b2WdXrTpa4eQXcw z{IH6wRHbDptae5xZ1wvWAlLV-*=sK@W=A3rh>!e1?>p6nvlMz!(WiEOr6=Rs+=5>p ziCkS#o(ExL*Jpp4FjJ!up4f)3}tAnXrPs zgZ`}+n(#1avDw#@!5YLv7k@6ug59rM$`9IK!4wAHtv9Zyr$exGOmlIbp|7SpE)PYV zenZt2u|nc!{)1Rb!c!S6!o5RL`Snw4e9oz&nQa#vm1QJk8wgyvHjOE<=AN1zxLZ(D zuyDHaVV-Y4Q`Gv3$rgUlYD(+pyOb86j=Zou+0N_V3pw+#^4E68auT+sj2n8NsVCvW z$-ll%zn9rv3{V0_4rS?)-}aDMf>$7{ddKu3>z4LUuXD1hMS1j5@CHk4I>f18$C{vh4+nxmQMR_R%tz*cY2k7&x|a(M#Z4fl$qonV??1P>o+ z4kuym&4S&j(-`ldW6A@Gy`yYBHSV{c1AX+XoS?L)j^1Y+0ovM3k`{}AY)vN^Y5Ka> z8#MVV(;h0isntSFArm~-#m8+iiAt8zQ5aFm29|Zvy?f=)4#6(5wZfn^R<_52y=NR2 z&DF=<%rZKzg^4cXDODQLM3lOE8u}+B0_|k!3U{F-EjcI^%`e9iEY4D)hY`j2>Yw)Q zr%fJo>}R_LMMDt?G7sNJv67d&2g~|aAFSJ8>TV8$_o4>cgv8h*TT{wVuoP#Bn|j&nL^h4ww09w~ z`uT1UoLx;*Wb~W&3pT5!NuxIzc78iH1a0H867!U3 zrOD9|{V=wK240M33dS|usr!bXPn3(muu64k(P7pkcA7$O z9nK$sY3GckU#MunE6QG7R9wUD(O~wYZznP8XL0u)XHKUm|CnVA#ZeSvx~JI9BMBwr%D_ zFNW#kQj)dz>@r+tS5bJ|P%k#F*Y7WI!?5oUT}MDNcKl?7pwb0kc#9~qT6d%C<~6--2E!YyzU3+zjr0{Z8OscB?;oc zM8c?IXXxCI!T_|UqH}iWWs7%H2!MnmKD4?89z^&M zzV9JM68;hTdtGROE_ZtbcBwSKfqn8L??_*f;s|!a!_^_B`a=slgmTJbCi@e1H@Hn5 zv?*7AYf?K{m`JgQ(bKKFrZTqxmg7huCiDW1^G zKcy`7(f;cfQ%L)~z8h(qU7&bkYyTHky`IVA#WWivY88YRE+l09-)CKEFGvPL5x^(z z4$fz}T?@z|Q8(LVpv)elJXU%xexNu~PW*4>RM^fkW+`kvg}8998hxGVS!8G}*}B88 zTe`>$M!$HRqgs_18I?m?6yxMys28>PZ;-hB&@=+(BO31L5XJ+j7K9Jq+Z~*R>1JP{*)E4Q%l-{2!`AGk!Mo(_RVyAErXr}Gzz)G%z-te z46$I7xSnHk8>i&qA2Yg78ToR6lWYBNGLUCw94Aw5&T>NWL}VamG*~mTqcr!xU}*1< zS|BEs4ZGq57w3!1`h)WV9)}ntSHXfnfp!%oTc{nfl-B0Sq~ z>G=8brWDXH(n;)3BhEgS*{B7U#U&tynv(b#MMQ@=YDd2kW&gGTk$ukz*kp=X%2vLU zNq6km6*jZWg_nsCt>f+j{gR-#a8eX7H9c#nb+!_P#+W@a547uIg~y9a-kd){R39*X zWLB#yPy6JhBkaE%EhQ@*4H9?ZyLQ$5G#Yb*K7B$2j&6hPjsm$We998G_|IyyI>*`5 z@8yrUvrg*m#%n6RckGTxGcmbC;RbQBX7wNRGWt$sa*>`!qd&qy1P@5GE}EFZur6`5 zr<|gb54y`dj6xaK6kH%~h8ASAS9#lzPK&HX9ceNIPyT{ z0N3;jP0m!Bl|rHMI_UJ*`P7B7T$OK;y4wGl;IMn;Qqi#LG%%zn_|B=gqW?Au8U^gR zen1yha^`62mSB0D`*%G1`?WoV8l`0DsY^#8iyMk=nRX^@C<+pkCN_e6+ogkpNSYqz zZ6So815np}h0Q~)2Mq$NS;i9DNUk@Otx{Cx>%vK7!PogL987%7tL2sMYKR~c3>U7x zR*-wUV%EUhP_m`S10x;5G8EWOpLPQu5^1J=D40`({iVk`0^Q6zl-k-9(XjS@A;W}= zB0rOSdPk{Jf(u0bigNZ|UcKaOS=c*VJ}oTr^?-|!#caE`Kv0b~9HEsap+aG{aOxTB zI#{e=HzcbLn7e#2$W$g?RgA!le=ykQAZ0E7lZirC^GEUN@ofFl6n&guu***^WYFxR z_d#=x@cx6XToGeBpd&wIL$_Myt9XjjoXG7pv2}dEX!Q+KE_K*Fg2o8rc1m3MH_wXZ zvQ?Q(g|9NJJ>Nv7lk{Ao^}~)!>n~y&WG9bJNxaeTeQ1y`BCM4<)SQ~Ps573JiFfmims&`LS zX=iCXmgtrSzq?)JF5a4)XQQ3knD>!_-e1-!)Xne-jqiH6ONrDyXZ zsG05>#dLzMxrNk~oU<@}Mbs2*f$zb*3#tCP?V?$vdNE&oCqnd2br2x|mh>RpZtZ)a z%~P0xB;?-==PVxgm@;`2doaG+crYJ4Hks~r4#LrGAgVko`P{q9wadSY}i{Z;5HZ4zCr&J)~Niu-!hv_PCzZPap((a28M3{JquCSOxr6hT@kt z-nz~KadRLLE2u{XkmiS9PX$1a)DDi212~0w)HC*}QnDyYnmo~tWDiCkcJ?klHe=8> zn+uauo0r6otaETQmsQPP4h}ekIXwQvYb>(k-|Ks9Q-MmlSu|-Sx3)U+5i61ua5ubD z+hF`!tH?!0qw={RRU-nb2gMK0OqHTi=fdH9yD=w>iMWsC!jW)l2Azs~6D)`(;-G>X zV}?nhEfp9wHrGys$0u&sZ$~dE-0!ah%Gyq#P2(A1yly3ni`Rz-=@X<@P`-3p9R}`# z^>3lx#DN#&qR79Q9>}oZEq+uBX-!XJEoP zl@(@GQ_+ezEO@|CFO}fNI>n@$sNW$QDtP86Wq)1lQNoFRhd?=y7FLf8vl?me{2ZQO zAq%qUzW@U&^!gOBtuIr*(e)crxxkMy-ZuO@Jo!<*U|&vp4h4zX!rRhLJ&-SGgDpFJ z$XU7$HIsgvO~{>&*Cw(KupygYu6ri0l+!!ot`#o6CCrAZ0L6}KefA4aSO#PHM5;zu zc*5Z4IJ$;sZ!U{i&WFDVI__UaB5*r$lp|T*%vy(!=*jtikjim%HDn;VvG)qkJV?VQIrB6gspYB=d4K%cqpp5WWg# zB*0$5?Mz{7Nz`_+g}B>dO>+bbhqc`{##6T}3^dIY=71cUtHQ@+Oii<|gzClO=MY96 zwMsmf8*M*{#HCx5>DSGp?iWM`gGo_fE8lCaJhE97!zTA!LBp~mN;TFpHI{-p&F62x zmR9!Z6*~QzS1<-q?O;xwNrfVePxBTMb3>q3Dvxs~i#fUA*likO1S^EYN zjugT{6c6^G_0)Y-F%OnwvQnGv_$%lz#mVCwDtEgLLM3KR6mr4YU|QlCRr(@#O!&ML zr}v)t4$6umRn$KHFHY721j**z^^n8yis5*6rcxAhShJq&!b)-HaY!o^gv+hU~c z&+OI8X=~;!UxN+5~w-9QlkCCaF;mUl>4hkZG*WW?$*#&K7LG z79HFdz6`BJRiI}nwtjDMmoE<8kvqdJ^M8vo-gfCP^{)2ZZa*1A9QPdc<9ER5#6;v3 zMym;Q`v8wGvWen==6HSu(dCG!ECS^N;^gg}8WD#)3q}ce91fdX$E(S4Qpi!~$sNqc zC{C1%2>Lu7`X3-qNx+{EE&h058qxMZP?w$Ax4={gmzu7JdHVvBoUqRHKd3S+XaO%! zBv5FvaVIq%87p~a^7ajv{fCX5yU+*q&LL+$T#)<%OlPyu+Hft^qz!=>%H_gcncZnz zbFze~q+H&FCndRK#NJZKa+n-13EtzvlQpmyFWeKD0Sng|vN&Tx&OlBT$%v|!0I)23 zCHYaU`~k_;5bn@^Y$3f`WZ`}ISJlIFZBaSl+|fE|dQ`nWI(v4sf~oW%Ov1CcDIMIV zEo*>6MB#Dx2>=7rc9Qg}Gqe7oOTY`qo;z5zAYW;fc)qY5wGz;Y5g3I0Ll*W0a`Fje zC^3lDbV1WVdwf<1&7k{aRQt=K4O!~Ra}8}17I$xE4WsfnNS2^1sSHjJBt@lvOSrzl zr~xzYD!F334wK78>dUs91;2zxt*QsP-)3~*K)7Z}=v#6FF(R_<6= zrVcv+9e1LAx#`7JOH$wcfL$;o`1Td5?XkH^JcQELSSip@i(uf z-Z&*nETYTQ04AiKmAM=tiI@g^L0=HfbRM|f8PDOd%D7iii7hWjg}9yW2(WJmG0`Ru zaMfHkTK>0YUAm_LR$cuCtaOHfS6UPVJg|>wEQ8gTh-JZcr>jL0*xc}->Gnq$s(c6C z(5*BL6jKBF?LD_h5q#q!Q*geby8=rn)~307#`nA2Fs1h(oK+=6$Y+Nb`Yj)p#DLsz zHI)70AVGNWV{1(iB5_tz!7EvRcddx_MiRXC2CxdZYeWA19U7S!8PVrgu)x$bC_+>^ z1cbFR)Ex;XnfNLv{B047cZU%)hurv4yzr;rK%?-$-IuLa_NB!l>D?6%1xz6Yf-7GQ zsCIg!Vk_ukFij=9?p4V?;9sB-Hk(qNZuGBy_C21D0TZiLn07IlapPmetw-9-I20xQ zPKo>5^CB_f7)vM4_IaDW->O*3<(;I3QFBNUSa+2qnUIsaVecIgls3^ON|$OKJ0<+n z&a`wyUa?(F=7khG7;n}d?1tX!L(U)8Ymi+cP1nBY)(5Lxw_1fKe_`Yn-NXB`-KuD1 zTi@-9Pe`@xtuN1Q=pc`WnO0w6d`T8H;;egc=&o2%Rvc~k#uSZ3;=Z}TT=DA_z??S^ zX5ST{VbLxiqw7qv@I6Z)hxS-S1WYEr?T!wKw~OA85Qn$5X&xB*>^}njgZVMF*G3RE0oU2XbtA$J23|Mv9{QF}aY^S-jHn+AG;1s#U&7fxL=RSPZ6Dvy*5_{J_#mq0#HVik3 zr9$#Y&+OVxt`>|Q#CXq7u&a)(&zQxYx&`Jvt|>50uG2Fa76lZWz54QN9MGp(Rs1b+ zW@A^<;Hp0V_#ALZ`3K}S)Jq?xb-(FsA-h}& z@Dku4+VEr08_cetux&z{xC_%`E;M7T01^o379BR6gZQmAjo}fo|=0AyaNZt6o#yTbJ+}f=tC=$0E9B;4ccW z&avZ&6?-%AclozfI+v6VqjJbQpzaNKgV{=A+wY|lWHYPEM?wvH0?-{f)vglrT@6_| ztYs55$pR=-D&nGeMS?EfhvvR6rKZN1F~`AH`djwR5c1w~CllyMrL}{AK^dV=CAI7S zPwL!1a=%df8S1K4477zR3f#V5pYlY%RM~G0$^htzF|`ni{RmPN7YzPTH@XzJ)4)TX z%$gW94j_F(z~UC>PvYJM!BiOT$n+(gb1F2Cr6Mv-QpqQvPk;vqZ!(WA__x2h8Kosw zBCMS4so>fU8k`XESrSrMm2 zb8ga5GfF|ah$i=SltgJof)7=(U#jLZ zy@nV!L=9elXHUKH#TldfcCwBIN~M2)5|KL7t1T*%w83ETzuCumP9i$aBPgj0j5x4w zfp~anigPiIw*bup0_%n?8LO_X3salon?UFC@nin#i z2xTbx@DBoB+8moBI)+I`k45njk{fZQZ8e+T?32`el!2{)f(H5IbC)pw!Fq;)Jdt>< z{+8Y8wYTnu6t!M5jFg>2A}r zhslgGioo4(VPrBoEX_L#y4w)gox}ri#H4sjC>q%LnF|=*=-AQzNjW;xKQoNonIpHk zE#KeGCRKQhKINvZwBfzM?Z4lkPStlLfons@=tVN;LDuXikj$6h@pq55W?W(`9%7>! z59R8qu3g+nSfNsV!mI{YT%wVwqEQtJ>$DA*Y6Mh9OMd?~O-;Tlxi6*|=W2!7j?${+9^(r+Jy~D*D2)#tz82&!ENhH{fr@q!p4%zwIBr%stOxQ9r42j!r z8-%-?<~csXZ9c9CMKzDZL0Q%0t!3yvhd?+mUi#YJn~U*IyGlWCXj1O_Lh9+BN?N5i z7OD>>xszW36r~yKm^GZ9((Bhzju$c+ZN)!Q$nnpb2;Ih?4YnnlFRbVwOkCO2t1u}d zdr-0!POx_#>)M2*G?VH#u#%0G9i8(Qqo4TNQEw<< zqwL>L(mDls>BTo4K>Ao2Fb=2QeC8h|@0JSCbiS19D;mJqbxZvWI7BKAEb_gDvd0^T z^dg2lD3t%7K!iq&k1}qza1X9Am*K@=yqt3EchPP5qL=jZFg1Z8=l&pB!ICk5cp+Xj6fe=0H;6(n!?__nzXCK59&5>S zp7T#a$-nn(me$brS)?t>P8GO2o!0R@wCyld7MnuCb<@xlibuxNYd7S5e+DyNVp$-| zT`-I{npp%rou5GAvcXq?C%Wu}v4Fjz=d6;pk}o@W-Ohda;x z*u2DEPHAek6LxK`7dmOc z1M(LEPGH2c(72fjV;Ns0L@Xi3svz91s8SD7R!;4)%^C`DwhvadftH#5bNwUey5Y2J zA6=2!qX52c7y$zf&8Yl|$*@m!3l7@(+W`%iZ`Uz-WX0GDYPnhVzc*L0+9Ka;oO<&Z z--6tbFGIZVQ8sX0j_)kRrGc2)pnHgd9qb^v+MVotJB>c=jIyx!R+WU?ePAD#DW>S}jD%?K*JPF}=|1wudrh{VIXb^Ka25jzy8rF{t8Evo`FV~o`0g^X_jg}1Z5uM zq6p9=3TU^S&(5dY;m33`P$L2ZCTvSglZ@_R&WV#50450F``WYy-=f2+ zYFq!^00*x{pr0L#By?E{i^d;0eF#7nJ*9upK|Z7=#arWailiW?7 zY~5omjAT{A%pN9VUPFMN$<{YRE~Wxwpjb)DNotXi)742anOI3xJl>I?3j&Qda8c4t zqdB-oSn{_xL4_qK?0tSi_Y_;|ozIaSCmrMD3bJ>z{nRzfClg);MIPRCbv|$?8{?QV zIWqy?H*yG7#sSeI0rSf;+_0+XBDxL7xmy)IJz`QyM2`WmHiz(Z_0UGN7c`*svZf5A zFRG+w?O@xw@Of4t?@m54S{ZRT7Aut?!$1j-eP5l2Vyun+b?BzSBetAmLvD>TLG`cf z%+*0fbKUn=%80y{-X_$w!=lrkYfsrooG17$yQ5TN@@E(eTSj%&QBfk5|FD_w*Z@WO zh@Ii{2*ExRhmdNbz`YVDpJ~NisU$+tO+S#9fP3UAB$=f>TDsf$FL4*Q$&q7qO8`=y zoFSde9ieIFeZbbyglld)SI=F@tTpu86;zMNSXOjl2Ux`yntnDWZ^e+xrFYOGc23}; zSR(iP1>^>9K3$f&RQcxPZ_p%HbQ&drb<{^b+v;y;YQXMaBJ*jT#hXO@m5ADWUVDul zrxY_9!A;d(z=`N>uF?@2*(>c#a(St;_Fif*iD}PnNutP%d({yZ_k#Q2Q31NR!ir|q zCI=P`uo2f3SfVRp^5Q>#SM}X$HI$rd93F!!y(T!f3I;mPi4P%I|RD68dt5}g5A8qdSf7-)^qmx7h-*BEG%f$yP97mR@8*>!p|$jX9pZ)u<7ccEt*V*En`I+Al5D8XfmjhqDgpSpUFOv zf`~UP`u*7L{)}(#KJ%8ZrKmsL_8H!DIFm}hQ#C)l=f0oJtI*~sg`H$%#%O9!-4R9L2;Gq*30flo^ss@^4~dR@EHdRMdN!g?so zI{*^)r;Jk9xBwI^@wWYnjoqR~(=Iv?ITPY8O~v@gAT3%ok{bb!tnx+^pZvywOVXwV z@IqkQXO$oL)simjaD-`1>Xpk>>w!$*D9b8eWbDrP#J?UKBXr;fte<(0g$(*PnO`Du zMBDT<7KY8Rk&rBPSz*IomieR&W8;wgLD{jY=&1Pc_wa`q`8UOsOV zU&3x+N=zaGn-nB%OwZrXLh-Px?Vz#x83YaF5VP-5&h`xrzV(fjv@ToAS&kJpDV{~v zHsfX#x#FsVHl`XuIf`ZbGpWGT#q3gXwC zGl;``qF#hOu+&}vitwSr;Xa+y4QprT)BRy(7hrJv|1}O`sQF~_PeRT%_kkwbpFzXK zNEW!8b}{$>&>%5og|wd5V!X;s^mTpFvHVH5f`6biR8{-Chxa-x_=DnN(9~|Qpc9gz zpNJw?w8!(@UI;4|dJiz`+6~z@0qC{u{C&@zOeEEGXtG>nqB@Q=dG05nyB%LwQ_PA; z9v0?+g?5RgOcS}7J`!$nSJJ~ALog2FAZlh=aJ7|NQXnlA$oP&SB`ZR<(vvB z_z8VNdP+Drk1%S4nJaU!w5-Fb8CZlD2@sT?176Oj5uwYKjs!c_R1rZ0p+?6+ z$BKgcymJhpDJz$qk-j-(t^1-wu(b0_Kp|tRKFl4?mRdo#_M$o#E@*?}81gzV)V=;j+q(U_eo&y08sbvUO{=I(bNhT7E`#u+ z$yCEWQvQm1%B_w!e#w!pyD~ehnZ-$TRYn{Oal;v=eyE-IYD_L^YS}p6hFw4Z?7#>d zLJu;<>|N}Syz-`!YvT73WuI%Jqc})O5$Tvk`OXs3A2>$X6q0 z5B@1zVRZiG%~)|;5K+7Wj{F6oNFJa!jHH_=N_CxffFT^!;ctwI7TUo+&=Gi7=o|_lPXV zEaaj^dev!yj7GV4(qdjBOnVgO^T1|=-M)%_% z9bD*($n8_Yww$0mNDe*SS_R{phxV7bza2vd(3+AALfg`W6=Lzu%_xWm@AD0{W=p+o zo!W^-1S_1`Zt*luuXYsSpJ^?C|A{)CI9|J@|STUmqt8+=0CS^7T^xmpxmR(b>88Fq? z#_OWvr`!5+7M&(_r4u8gE|LwkX&U;MMJpi6&nRw8kqZ!L01>^nU24g5jX^HpMpb~0 z+-{!wK$v5Kc;?{1J!HPOq*w?;9$(KG6eL0&uSxHpVhouDG9ANS&EQ5z)P=vgs7KpI zf1h=#@yTXip=|1w_v8~0aVU8oD%^ZlMU7=#a45H}m=0jhO8>$4Ijw9`~Bvk-W&nI4VD;tdNwks2NhCKk1RR2oi6X?OOdmzg>OXac(HJr?!(xarbA4< zcL7X<<-2pK>a!{aO(&Zvui9#bd=9!MxUyV!l#!bghtr?Eo97{WaSR+Jns$%0lUj0% zHfZC6;g(w;RZpGopb(iVq&acMc3ufiqR8QK^0*l%Hh(W67ZUmaKkId$wrxH%ZjKR7 zKbf{ASyjE5h59bD6x9v1q2nZafK@Pl!&g{$P?gMmu)&)w5)oqs>D;9P)rGEZazX1f zs>wg)_c%!opNwHgo^gZRX?@gK%w!t$BN|NCW}kw!Xy7Pa_GSbjDRtA>_)ezAFBS1B zdTP!YTu9Va*WyU__0kJ%A+??Ov1%>w#_bGc{2KH|ao>s@mUFzZxv{-|%YPKoV*?1m z_YSYh#R**5^BN2JgGluD)W5HKZJUjXhu~zJh}Hb7brk*AhE@NS+$IXQ&$ zfnn=l(-uAEaOwq=9;fb!oRmikuqS>%~nY#!zTS~?*TVpJ|EGV&j z8r>+kI+sSiCU%XWvepRaK#i|!^Ruo^p&wUrnEfsCFLSYljSzGg%OWP(%y&JeaG^xBw@s0@HsGF^p)Uobqm+!59eTFP=?il1<_FV zr(V}NWW&03vC#93DHG5kO;)G#{65V;KBP*rnvMv#G{7d^>P9`i$xZL2Z)!}6Se^Nz zY@{78Rnx28(ariA&iKP}cm>pw?oJHZlsjU|AGC|o;e0{o(vl}6_2&+kalAtR9;9bn zZQS%9SSpAhdz)}~EPo-s9dlGQcOkc1&8YG!SY3J@(cVxOt$uKFq!18wS+TCg% zSSDBE1V+jM`!6(w?M*-m);JhMmJjxfN*o8t9BI6p11Ll^M2A@YfeoC1g&Yu?*pGOm3 z$j$oxsUB9i{i-s9pqHYiVw-?-wTlg#Zv$ft{T%wzsJ&#pRqGadCqBU{ijL&>^{KH= z-}aP5VhSIa>x94U@Hk{sGTgdJadl4sL8ZP>?vxzg5PinFF}x?Yp>sVYC~jyl@*L2! zJ6dWmIlv2~8#;KF{Xq&&)Xh@@n$zf^IEFaKCcc1Vg7bwU9bPu>He3trkByBOf=v$} zNE+`nn$m});X{uarQHHKd=#jqv~y|x2KUl6ennTp&+o!o8({#4)JQ**vc3{Yh_7YC zl;18E=1p3EOY<@ee7Z))bPx%$^J*+(UvILTGo$tpwuMauj@yMERDKzh2zqJ5s7}kL zz>MK#ZvJtkP*04boI?{YdUP@Hi!lelx~9ZaJBm-mDlq}BLv>)Ex{D6+fP=iOR2G7B6GhKuMis@pyn#Ax-=0^eCwgZz>eewxh> z`@rfe3Oh#|xc#QENc`vzZ%iWNiQ#uwMaZS0DJXA6;Jy&d)hl+|R$SSNs2$nq6e2Da zbUdRU-)0P{aCTk&Q~X~dt+=(duF~H6bN_9t&q+0H59Kq|US`euZ)r1cwEPjy zto>VQV3>TbQsNGQEW258;SWV+do_!7zP{i0a_XPfbbbXZMHh3DdU1u+@7H#-gm!I> zf!ftbtOCD1oD+!~S~#Wp&Zi(~h09G)CY>7QMIo5LuO(fqGHhJ)!m}q%XQDf*#d>U? zprdIn&xQ;09b9UVhwleX{AO>lVIl$4+QN0I9yYuW=17<3#{iivHZ`E4532Tj;XEoI zhdAS*Iz-ig-?T?tizM1=8ge|{2)myjoFcMDe)*x3`+mAHMy=&eqY$q1rCh3O1OjYy zKKy}w3kI4i@Q}=&r;KQOFBVwa-@#P%nJRbm^h?}ld``0MdxA=;L&xOHEBMd)^>UOV zn@TLtg1hf5@qad1xCU-Gb+65%cv&Pen6U?#ZPUFi=@Esu=aqCrC#T(aWo{NU&#J0E z!K0+MKw>PN!b#1XW1%agJ%8cCGa+q!T;J zJ1Y%MiYcEX@dvWo&tR8q>n{1!KOn!zn@*>G{qx?6;cjkNZ;Z@D-jd$ zzXVcZ2+6JQ&ah(HYi$gW zJ7au9=N4!w=n+g7cGAG7I1Yp z=BldVY1zk%WEhn2OK&`J>*>O?TEbFp3|Q55Y7zio#yq;FXLBG60QAl=&r4d`K#kntkJ#kLN{PQ&Dp@Q-B|dL>%!!{*c3> zU7X?hAc}3h+Arp5A7#6$CoZ<08@0Q;JvW01yV^1~g2{+GectC;r}K1)Y;1>8JqUPZ zN!ZOr;JkBWwMXYu01kfTT~mr2R+44Y1g$QA%6QWTYTH@(6d+b%v-tQK6c>@PPBNK0 zU?oMr(3n`Eoy|o){1lBcd2yfUUJQmd?&v~ni7mntLH$ke+7m($M7Ouw8tRnOAE96U zO~DUuHu+>YK=n{{&5!Hdm06j})Hr zC*M=Zzy_{ldd|h^ScB1QC8d(k-h$4YoyWJ6Zh2X5%qO0^F_LiP;h-s=s)H~Kw?yWJ zH+32qzaBpdT*&Cwj(@|4e3B%syp6Zxp1WfE{YJXZ%Xj3c>r39Q?y!v0H@4n(dFYtL z3;Rc5YXnS`vI&+S_ccEfi_p0O6hEP}(__ecEW<%GS8hIxSHvDLOMdm*3dG58!lTZU zbp0FWmR1z_8b3>2(2rn@YKkh#+IF%f2lfZ=Q+QcJ$M7TIx)~1RAc)9Pv9E9X<3$!E zoM1kJgu#_va~D&U19Np51C>cT@Tmez3jjtZa9Q8&YGg$YG!EZkX9syCPzSHP5? ziRX#VN#Hj1C$$WT%sGXS7@;aW*sBSNFw;A?8Y>jj?1ZcJvsu4|YR06#@@NV&JRek~ zZ8*h^t%ecAx3Et0>e5N9M%Kx-rm1=pgA07eLO5C?X#4=sBnRo?FUZeh50xK8#v8EF zB9BCl>>2kseY&xKcwhQ6o8MRg8KM2$l*$?kNhXuWV*+bZL7d%W%UF_^qLC$cyGD4~ zNN_1wKc_n(e9>@g*3{0R=(X#Q!ofHL!7&(-Yx5=nzlq~i4V!3#wEiw6Kw`o=QTEey zC34%Q49GVC^WsZ}n1asy$t^ZX0sj)AgmLLg9D;S_m2CK2l&Gd<%2%#42axyI>6G1k@LZ#1e^`7*O>7G`^ z+?f)k35qd^ci1JcvIf$$fs$9~`WU22_V>EitdAv7K4{pVq0{Sfz&qWI+Z;$PVN%#+ z8dTTew5!C%#H^L?07h&Is_oJ?6_7`FLxw;pVG!CsH0UL-RPxp({f*iApQOHdRo|A< zO!3<8T*zAE5V6I)(AEZwTYm1S3iF8=%{)2@U{cXrfh z10pxc*zY!MDG=TqA$Quuf^wGVe%dy8rEt<0whLCboH3lu@R0sh~-lNYdnzoU2A4$7>Vwe4%uVQA~Y@ z`3kj8|GUZ=sgR9V6t=Qnti<>jg5(w;R7b_kqlJ6w9&D#R<6ijGl3}z`BfAyhuQbyE z@uPK-h?Ek%`X%`@Qozk?e^u;%=i36P;90h5fOUJcy>z{g`Q8#<9J}4viC9K#W$2Fc zaBi|Nh_Dh8-dz14L$d9nWD zbte=mBEt+eXP`mY(3wiZ^07n=hOAXszoe`HJH9us`k<=zs|f5J=E^ z?yy(0|2cs2;LRk-x#at!Mq0@>3vAm)UZk$7AOET-8N+qu%51sIa4MEOCaEORyec*{ z;Em-fJSf{B@dwrR{z;9ax&1)#AA&0VvEb*fATTc$y-67*%haV8PCXocPlL8;+i2z<`8t67>+ z0zT|2w7d}a#2F{Tz{=CV*d7(i$>a$F#+;_1*|kb^dXImT6pIAqZ3L_p;n+AC7t$7M z96$;8edm;pe`B_;rj+n3DvmfX!F)4sc%5;!&3!op=h7U&+3zo0RUkh~4JlW&r2iMW9zi^2P@XB?>d$mKJpz(?N)MT{DLq`Vr&-Uu zsR)warQFP;W-0mdLlk@hNVKnv3A>|2;IE9-U=SniCr!99I(1enRM)=U{7~KV%P`on zK^7kaB_|#X%N>R6r`vU|wcw8&tRNx92v>DXvYrD6)^QHIA4Www%@yKsE0I7lQyuWq zGMljq7zqECx2nWfJcfGMGAEkEx38S-DwqvpF|1y*pQ9i?T;Gh2Ge8O0PK!1aFx}2? zdREZpXP;M>%1MkMeD;?$qJern{^Dv0egZNeUS^ZCBz?) zd4aRDo%<|0CQAz6)b1@hoFC={edz{`awU^QLcHG^iyJxxemU8}ZU^_;X2<0#?yJWN zffOFPfOPRN^?2th-HV-DAbQy~1k_e%1!VBJZVn;%wu_4B)#}-w>@D#Q2Wp4RI|Y@5 zP2)^Jr#Mrm5?^6^rwt4Hit)5%G0ayZhoeWEa9t|F#?aAMM zh;>n7OCh#tmffEa6qtMX_EyTGh`ja<7l^km{`qsH|MUjx3^P6G#I=F#LyJiLUU^va z*$++YoeyG47L;>ptlN8%#sd$YpZATzMXBM}{2pd#DDg<6|Iq04eBd~RIfTO0YZ-=` zD3PETCUdcIW?*i4?=r@akmW{BX8ZVN9@JuhqfRGt1t3avY?KoxspMyS&>#-nYqBE} zIj02*>+zEr32t^`Pf0-vfyPOsuatoQPuMuB!xO6ft~++!%Q2q}ad&W07YcsiNFb zuKb>=n~*`iD#3c3RrKQ0**bTh{839U=p5*CKqoM9r~H<+`>by#zzp|JHA?NQ!m)<<(_}NDAWikZe=jO-I z-H%L=io5e5DPYVia%gim%C&M;q`@+0vdV&eiS}l=Y08F$b z8~)rMfe+Gy%nZ73X2E_^HZ?|d6qkXNX~L;(Rj9Gt{IW8qfoDRKr5zX)r|lFH>_M|< zU^~H@U?1N_rI$=g|7!=*Gyw%9p_j@D6eA4!ZbOV?AgIAiCCx_r+^=Kf)F&#G1H-Mt zVuNJlR`8vB##Uo`Zu8@6{2nx@PV2`L9rRu5UG@0DcdC#yOQ2Q!PT{oc7dUKpB7H{HXQ8<_0K*!7LlYtJRjETYO4I`-~5$~6>p@? z6K)%sqtLD|G!-OBd2m^4X5L%6^WC;;vb^R}9X;I$hUcM+c7|mK>MGkXN%|Vx=M-00 z*%ye#_kF*|A8hIF+0Cp+Yd7qS<@F>P!h5wDHDZOH5>>V0K}F5d{nfEfW1uaV~Px(n)fn)+sj8JYZ%mbvzsAs)2f2$ zAt+H(nSa^h|+f?Lh6NO5=l zAd7MQ<)H@%{e9=?xjk^FnM4m>fAcnuVGfgWX})`aBe-{bD^UL@%LOF31j?>B)Gj5S3d=j4!)uj8-D52)vjEC58W?&(T(~oF*2qHi zE|5o#(0~bCCFvT=n4fb>D}iI!OQA(d9^o-uS})tMoc>i^9x2TAj|LlNbo8XS4xcz{ z0wj!tSfn9qQ?PQ}f$aEOF05*ZtC=-sZ~*(}VO1pHJ<);ED|bTjL{uvu&7e zU^8jF8l5bUt&_%Q*x#nsSCmkv)m36HmHGbojQ@(7+WUN_ zJbc$=CRlbw;q|5|S$cW#W2?CS7&bqzH=k zyxRMb2^{1;K@QROM< zrD+obok6Mx7W~Gv%fW;lB&J!cb?)FPh`;hfz=h$Zj&+Ztf}g#7*ttO3ivh-uEneqk zp0kivqjX6IBPo&!gLvQcxU=pdQnGi-w{Lqjbt1nGUH7*SW%C=PVRX3GWksteZpX zh!lOAjXxBsWg0KbAT7_}|Iun3IPrUXgiQ;`iWIo@R`RdTH5f!21n>N%&A^C|-p;s# z;G0os<|R3wmp*tMxTlFsuL=|W9{Tqi{X`*LQl45S8w6=7OSWa(xiprJ?TVdQ12Qhi zHS=RNKu@Ko+N(G$0_MZsEW9FsP9P2bKsPLE1w5m{3G+W8`TY(Q;NTH!?P_*#yZa$~3cQK2S*-j*?Uh-_fMQr!qbn-|sfLsC?bRh{wwuBp zL))mOwaASgI+!{XyV=p{&j)HXTir-+Fgj?u)WJ7oEVbuqJJe6MRH4DZ`Os2S?Ya$S zkPlN(D3v}xLV-;uM+TxY6m$i!efab1%o{ka63&$FHIUlOhHMvqI?Cz>Mt)^F#@__Z zLx7{@nnoKX?G=sen`BCwYB1~MP_4fZEo|usyT7*O$2NC=UL0pv)2p(n; z@g%yFo&@U!v4qsl?Rd2$^r4&FmT8ba=(lE%zZQb+*Yr&-htIw&j(771zf?Epn3>pt zLI{Veio0LP{#!W_MIAvX)86>aHc+>uC`oMp#V~_ za_Y3BF@0}PyfT};i+C`J<(De4gq7hICY^VN|_^OZ}>re+1z zeejpRsGgva3*}XfEFkCCI_<*TYFg}*07xTBbFVhbL%xq4`sAmmq#U@1+|Z|Ab|SyE z6L3>%9q?O#S(w{^LY?BJXX6}ecW;qXPbT)=GavR(aRbqXppGL3LgSu*<+s#O93AWU zg$+fYnI-c%qOk-yUy!X>8uz9q(Cs9+);1?pL%3vD4C;s@RS~ic!^qxto zN*{8t4{Iv>56|22EqN?h~fV>*GHp2vdCq3c59S{!5v z!RZFO1Tg!BJb&>L!W=~HA5$9kf~? z3OqvZ920iTY3g=7lykSlh^Wqm+`p#a(o3%NK z3;%Gc%R94Vv5~hbKMw(GuQ$t5d%9=0m_cRu{DAWfy-ES0WK{E%Q6=^@OfK@lLL2qF z_u}(#noRB?2xLJuACeiy3$*Hk6`zN49rntQbh77a_w(6`nfF%_q)-_c9)3F7=;q7x4jWU{c>dalg3Zp$kNkt zjAZac-}TFBd*PJ7^r8%@J>rxo@%SZE8VlAJd2D|}3SG;|mWBl9nb^a#{f=Ax^0L>+{aHoWRggkjU8F+gj$cF@7lV@r0Zgqif#V_1o9Kr*$pzxyjE{^i z$x=Z-<~`J{FsWjca$4|!$wRU0Vrc0GJLOb4PqFqaB&~HF{$70nA8tWci<{|mc9t_! zH=v00=)jb1ZeIBo+5gK0WZiFWnJMk zRw;Wxzdpy)U9l=fd#@Ue@(z(4E|-Qm-GtZZqCPv*ZQ zU+fe&?FM(RU)ZreHZsg7z)fJi{K$odugAufU#bC*FV4up)GBFoB{IHC#Au+T)Oa)i zxZ6C+F6G9Le3{b(>}#d(b1k1ohtu+o!9^nX!3b~`pz!`+U~7H$oK_z(B;N(iN4 zcGA>-%W_m1-A+W)K}nX{IJBbv7XYHPu2z%wn?0PdYLQ<%p{8Jy+!UNqz;WS1F6kOq z!uiZW?PIGk%TI;KwRXkxH=&Xv#v2*sW;?~tYZCTLi`GV~H&pKt>FWT}RfQs$X6k_-*H34m~yI!9PIHnwVN z47lO=OdckJ1Z-TIkp@W4<!Mi7Oq+EDe!nR^+f9VPF+8|L@R~X-`i1905@^ZX1 zzd-7PVj^lG4CELt2Sy-0S2lsZ5o!++5gUf&)`Tka5HWQr?&99T$@6)-dFTrb{_6EFQdU|_$4*gwZ18!*N}r+**8~)j zWN`9n0+HoDMBss-M4=b`CT zOS8cEkCbn}b4(LXMLqDYG+Dq4In`FUF5eOp1Yf=CzoXK8`nX26A}fwHGSoLF55-xpED|zANkHj+^~|gp<^iBvuS%3bz(h1#ZJe>;>W~ay!W3nzS^Do zVCpJbgNMsSbglIl@f~R$={6?xo8)`Ik3urc3y`YmX|7x#TVD5^IV*B$Z#64}+4y0y=Hb^X9Pisr$K|jC1vgBZ;5iyLYIB7D=LmJxfB5Zo$7lUH8H$8l%W!;z z(9r|lT9H%rPd>tFMrzM)1s=kO?qz@ zu=E#$uI6;?&iCWf`~6FY;H(z4{iE}N#u;FQJ+L4ad|d7l3jxJrE8Vncx*o-7W-`qK ztXsj#^3GY9st*INH2l=oy>v%ZQ{+<+ zQM{ttI?N7DgY|Lay7$)=LcC*!Y`<6i{2d#R);&1V-ot%ZwY2+5J7QmA2aTXa{bIN2 zomb}a_i7!RP}&<(WeupXQ$!QiLHIf$Y2tAcjwFS=3-> z>B35w?FFODcj!IE5;FCfzc4xE+7nQiw2&4;zVm29Q)iT9^6-~)?~{% zh^2PnLagF~nPe+?;zqhoGWAe{;jgNUJ<4>}_3|p%^BxUgR_zZ7!Ux_^S?}OTMe9#m zc0U5}vXE!-IWrIgv$M#fVI6pqrVed~GE_Lc2m^ZpDEkG^zAxdiqu`_307zi3&$jNbH@4k{OYz_u{H;PIoSU?YtQZp5x#; zdwyrGk%~Vl(;s2TMa!^b(>v*!FwYzvzTwIsIp+)bqXFNJNp!lbs*tSpvPvp#9`R5$ zBR}xPU@rYyk`a{9)TZTF(!*t2scI~cpS8~!8faXt^*RBDwDUNYmv(1Rq9_ZFqtLW6 z5>I<-)3}63rk18=0-mAIe@pwrlKo^KUf&sQP!UO$ZJ|7RY2lxkpM9t&BaDqmeix&C z11Qczr5IH_`F0%#>N{-;B1rvTSOX5%=baZ-R&YhAa$F2}KAZwj9m})=!8z!4@YTI> zJ|ei7wD9y`WTlNuZEWCzCe%QumdR7DPAqVVWABTd!Epb^!i{n@hczPH#V-=pdHHwZ z83WMuBgc&G-6c-wehP@qW3aENkzlWMHO8ktKSF=r0)*WB3{s&QvoCqjVpSG9?y^Uk zm0LZC?A^JU#{@W&w}79(Ex0``J&5ROuJj7$B`;oG!G!<>1U$iE%D0F5f!$c91;6jtR_$)pHweiMJ@l?;+++a8ReWiPi*f9!P(sxPs zXv;6{O$R`Bnq^0b@yGPs@@cW1hidt4(baWLbhYoyzN+>8K*!f1HtFqF&%t)JQqHL| zwkKe3n&>(}(_~tB=nVx5W-eudmPgj}5CXouPv2g$cwI61wB8SK$@w(`9-07%523gq zNGCw;FF+9phOD=8zT;yNU~(oF)ar2zb*-Zw_v4G)uRw7$0&AvP#wl;+rO1yt2W0HW z^P)JJ7h`7$6nD5B9B~f1PtSbMd@m|*+GXAw2~HX$k=Xok9>Z2B%)=Z+5`2ERz^Wwj zOA})Ny=!4@lXRE94I+;qOV{~f^m0v5S^v|LJ z=te|gBHxThE+-&5`m<2Rn3@bK5ODuz?eygfv1kyZsW?`U<4<(ECE$fP) zvSGyFmpBb%y$)}WZ>C*GLE$1ZnGTpmGUu&T)&Oz_fmfFGrr~Q7+rA_G$O3r$k97#Y)0bkf*x?uJx^=i{BLBW$^cG)A0$bXaERPPhUsni zbD|u7qnMb8D3YHUqu)v%3|P8z!tjE;Wv@654?E4K__d0%*p5w!b%o%j?iDi04w$(@ zMxQjDDGC=Ex4N}9yek$gv!XoGONDba1{Hz!-;!cM|C!shOXEDFxw*lx`g5+S5woj>HlwMQsjohl0v%U0DX*Jv|L8z`B_V;U6q6@fNAX81gHrEe_znLJNJbJ9zv!H);KV_^A z&E#^T;=Irl`B7N9OXEJI#9)>hdg;x`q0VQc<>RYya;b}zoy`>%J+^-T^ROVU_0A0_ zqTKkDH>5;kCN^9=NIH_r+@KJhKfh~hE%UwEfy%`ovy}?9NB<}eVsSI@&H+0n9^)PCrlLi*KjqFHSQI}8 zN$JwhayjxUJ|j}#8fpfV9lmv*02B19IL9%{YzUden;q5*wI00U^^8iJO00u#l=sDK z>nN-L>->}2CrtL(Ol0hm#8G>lCy>{oSXNTUAH^T-3>Pp%kL`+OKI>W91um3f3nDk% z4WnQ^x`%%*bkQ6!d~O@C_U`|4WKn!2cJCSGJm+`R7}FS7Z@}$ic>^v2tMm2Ii-|fw z@X9k_NuZ58}mkF^dY^j38c-8+C?W z7W8*yU7IG1j*%NeMBZAB(z;~ydBR>B?IteQM=a!JEhhPAo^<7yfkb|EG&pAlK}S@6 z?SODmiRc_7ta~LD3GPC`B8McS4B|)gZo_Y*XqxS{a zOpZcs;F_7=B%DQYP2AN@)jXiMAWt%c6eqcKG1>AYc~IUu`M<2VLI(viI0N{PMn0uC zK;KRC2Bec|jX)aBa3a9vLzfj=_jO0$9WvGs$Pi53D3RJk?&a(%7!Ib^H(7VY8;hOIh3WY*#_sg zq9pIDSE8{lE*^5FKbX#HQLOH0Jl}$c!bhE_|9e*!PGg_ey=>IdX$XP4MOrq665FEd-8y7U;AY6rbkwsJwO#q*P-Uf{aO=?*2YNMm;b+Q z)_Hje!W~l}>bb3!0`SPPN)2-}qca&LdMgr_uSGK>!JIV5Hn0HnbBNxDRG2FvK4=VC9IP{{28X5*+#%otaOZLfl3DRHtZ9J^2w~!m)w*YGM zCpMl!>CH3uXv^ro+<`_qmE*z#K_vf{hB z+c10-s{`NEMEwjxlm)U7^e{^lm8LDn=rEgFLX%+v~P+Kc4pF1sNlI9fWeT7zrLB!4PkJ7Q3|qN z5rg(EY%?_ecW3;@&BxtvXoKE|3y1|_vA*5J*~)}9G~!EjJseLKvy{l@!8+|R2TYJ_ zPwag%CRI2b#;$uNDLehaSe-)u>$sB(jKGH2B2$UmEwTV!%D345!xsTF&-MYFf%?Xp z)Kt9>JiVscZO@`ffM_suky>_gc02}Z3ctBW1!T^nH#4TOn8=yHLSbp{1r30!wbrbq z5m`T$@naAmMpt3(x(XqdrAemQHjERe8)HMzu13w)Sc=`o6w)+ijIbh24c!AGkZwBXU%@3!yN5L4~MZHbQFtO=U8s$nQrGF^>!$NHi;$H z5zG;2iWpZSMrD5d!_C_-$e%3Vw_6~4-BL~+I~3%iM|hN#wn!1F?~~W$1$CA#{YKP& zv@av`>*CN3kKHaR#hwrN|Jz@+bu+Y@tq}|^(}7*cny2wrYlMHc9y^vB|2Zg znuz#I9xJ-=P2eoF%^NggQ2kt8lOU|Df-^HPiVm=tQN%cuLL`nKT09t;Kk!x3o%$HD z{ib4n!jOxxxskzcIrlR6=&Oe33z02KQuUz43h%8lU6l4Em)6u%n~Ay*1;%zN101nf zS6N+~q(Dz)$df3A3rCbUQuOvdwhU=r5Gj3?)Ua7)WMe}}eU6HFNjxX0^r=+NG`MU) z?wi_g_zxx=9#BV>4s?0FoyOAnWQg7&0WKqj*+P3+E_WA2Q^mu!Rr|S|QAg!dyA5C{ zgr5O4@fvx7;C3-bS_lmLHDe+^FW__KXTCTn`%A=xK)D@>1;xU_mU9y^kxN8a*+2U0 zYQa@*<>}m>vp&uhDs1C10e z4@Ak7CKB`$O5Ff=IefpX<2mn6Y>|qna-2s7M%(yFv9r^{RI9N>{|P;VOE#=^h?`vP z@Dg{)$_-M10*_twdN*Q|MmtCM2G)dc{!z+Xil)ieL2$4OHt;!Gefc+0c{1Q7osVB8nM2WcF8V_z+h)Ah40Em%!U_8EkRkn)p5C z%%UrLTTIr4{F$10vMQ*)TKevkH`HSOlerPbjRy7}C^xV1X=$E=Imkx!Y9s7-$;WtA zVs-^wy-X?IsKBJrd=IbP;?(q&PjLK0f)W_#P}-}-lzeKt12uG%0u;ZGd8<>Q0!}C| zddMd4_}rfP1znOnhTS!rK<0sMmvE8k+?iTB@8%s7Q|y4esx`Af$z*&%8R?g9uk}tv zQJgRq?W~(Tb_7U9flU`};+J$8HHJc3pb4?+PBIXav#x%zUL#ubUYB- zveuEi;p4*MlCeEmzQHA4w8}~OQzI{K3Kr%$Y6{m^6K>)Y0-Qc#jv5?vbF!I}jk>Ad zR5FZN3_uJqhB|WyumJRCUoR^>OmfM-eW)J; z|EMqEkRQ?2&r@8{^!!aRNUl#nv+rNZw4=N5wg`~X590h8N!%*Y8;#Ml7@UqA$cQ>G zvPmg?%q+3>hJTpe1=t$)qHuX~?Q$V>X~#}O*N!ZoKD1ISA@~kS(R*6A0P6iOTcL}U zzdo|Z@~XOQX*nRYLzXnY0+ilcAH=2aIcuH1I)Z)&N8W!RDkv$2W&Cu*JH!MAR2>e~ zHSKRmIy$qY7NMj=?rceLk*|uBt>N2B7n$EtR0^X^ij)ani=M z`jxXDR)>=w2nnHWqbOLDjMspd`xUT2LdiLrHE{BL>SV|@W3n2waxZ;$dLgM+Riw-=nUbbqRN!~xa za#VSn@zQ`gZk$_dsGosCZ3uNYhYDp)2lSuIdN^bRZ>OYR^|%M(UwH4?vLiztEMaQ3bt5*BOAN>Pk0=9YM#H)l%r zaixF#%Az+?vTC|PIGDY6@P2O5JVXMl#DaF6G5Y~gvhFXK3Mnxuutc+A0=db-QTlPy zzgvs|4l~Ml0vz3D*s)Wp<)(ITX3wG%V0pLCl{lpuzcDQ#rZGXxZo?@QLO7W7^` zn(8GVop>xYO6vgfASkrZODvy~Lrz^IIA$k-=a@2XNoT!c9LQT2KMZDggH7G97m48n zO^gPpg#i|*GKHG5lHuf7+dGO4$A(*`=sQ55m`-mFU!I>V=;k&?)I$(D!+f|MaRuy( zs$&vEZ>pq3Ck+z+Lz{PZt}ltb(}JJejL8iC@Vv3b@#cSD%5s{LM1rPc%-~9iKev)3 zEY28Tx8?Jl_0Y;wkJ3Q5e3TOK#QTM{J{R}LGKLJ=7fe5tuUmPH>(Wtt_O(CaPDz=F zXmxcM?{EK&vp(81DClcr>QXELzW6uYVT>a!DceGUk3UjW4%h{112(iC|7VhR44b z@H$=p0V#rOmpMcQAUh4c3pdJt1`j=6e`MZ0_LZodUQ&>K6yI_nmmbqiFI;uT=8oEL zp;%=Z&;KT9#+5kq45M}$AA1SIgWv?#sSXY~W(k9k;s0L9vs3pArO(Xwtrfi4b+F-~ z-`3@$fquc8Bt+ynj6?mWjs^Afs$kaI|7+5{;#O4_E{HN~cbV#d#81;3S(O7^6m z&@qHoZ>RZW4UCES0(`LP%c&ur{_Cwf~)?YPGWvwTw-UpQ1gqS)WTxp8YY-r~y1M!6v>S4#`LE=z?(= z7y*H~ecOC!+4fK2p-m1_dUDk^h`I=vLdNB(-Q~e5XqEh_%5ppnPDJV}ciyV{7sv?! ztBgYUUKa2VMtbB-%*%mNa=#L7+R~~c0!VnqL?~`0Hu@?wZjN>qZJ9<*7Z>u2Vru`y zpAAV)6_i?VcY2vEjVRrgoy2lo&e+-FcTaH~!KB3ooj#!Cc{Wk10*mqw1H!Y06T->P zi?)VgxCWmKX!%X@e1VeE!0JV7#1am%2gNJ&|0k3vO+Y**62y*#w3!%RJq& z5g_XiFe&xLv^v~C>S-;cCXWHkt|G03+)D6pGJ9;pCGB$hP)BXLMvjW*lf}_DY>WsD z5-~?PqS}UT%VR>m!#L0;aW;KHEYMkTux$}Noe*M)!GER)u6Y%fyN6B4kJgPJ97&!4 zFc~Nl<07w&ivP4a@_ZTk&xh7sAVfM4SfXd`4a1hVS1BS6M7txU%mhvEbE0!bGCAxK zJ~ZDtuhVE*-0{~oVJE3mu$d@(dd+?Yu3;vsKG~di0?4^Zh3bVf#Xxx-2IoBKvx$1r z*BdN4U3I9n_lhA~C7@`YvQ%gHihhGLwJxilR{%>uw7+v&u+fD>*X*HH5VRGMUPN?~ zHnL79Aoawjaw#j2qN@Bsap2RM_T-t@np6FsKY^4#MW*+{TQ^8Njm4Hu#$By%GP6|U zK(eXIuR5vcp{xT58y%py5fW#Y>r9{!7sz=olwQ=W%qKQVepL)@&r4RkqH+wl*Cs<> z?g<$$Db(rPaBCQA@na@T_f{&j`!)BlJ;Fc$;cE812DVr&1BXW5v>xDjEM9{>PsJne z1YPuvfd{lfJ!ig=Wm)Q`@tr9*dyT zVVZ>$i>_mj{>JG^EPm`m0~cpOKqIAsVdudXv(mW*;1>44yF)>?8BXOc{_Cp^7>bC9MdawF!-_ zK)wowQ0JQs);CN;zs3l#Q*0N-J{{1YVWzGjBT-UDbeNbWsqB%ZObF{g%N@y`yQx6J zw0KoR#T4AH3}HJe)?RCbI2$)FQ3qjx3)7twF}@p_ zCva0vE=G}ld1zV~PHPI{KSBq$*+PEC@`4+I_e^LP$R%C5TLfMJQ@#CYj-9?q_T?Z$ z1RFC258IeC!{D>&{r0ZU$Yz@$^pZ=Ra~jOA(dpi}ilSeqt_jfb#_F|SHx#9Mk8ohM zAY?(@RAQV-uAY8=gL))6DSoFU1qqD6u5|KMZ;cs}EBM9E0u(NmJW1y;FZvhC7oW>{ zxasJF*Sud8Z(0C@n{hhZv$)K>W>n8nW* zWVW6b2qb9efp z=3L_zb}j?f|Hc*D!V6%w5=9^9(vCCT!Bq%8Np0Q?(t>F5-&@ zo*I|fJpsiDd5X&s^cM!z9fp{!S691QlO7Ep-i3POO%=2d{ob|foHml<*|@$W6Ly>L z)l?>a@pQUDV@>4U!Fb5ypuqhY*@uC3*QOIX$^sQ&hi33tX7ijrF~@!d_;DQXGsIeh zY8yskGKEYzhJ2V)@W`RWgX!OlIsY-aw*z8(xJXS5qG?If055;X0RVr>BvbiAw*wZ$ZzUN)7$}Wu6k>O_WHU!h2?Dg*@4k z8oc7)m~I7WJSVuO`pp>R{Ar)YVNfI3YhWi{_iCV()IuLRhiwJb(~fFevT8vnRj(sO z8Y{>Dz{Uff$sv1!7^@p;G>}M!4hER>$CD5F2T}{s_=3xpN}uET&^md|aozP)I{eZ# z^n`zSGmcxu150y8IHq;^LhtaoQBd~;bN|AJ9CX~FtQdg)OD(4$@m4HzJ_S8Hg8dfC zH+AICyb)`eS{rnnY~T9BPmsqlbM9(maiC~Q&v3S1iz%*)1GKz)z~^#Y;os!VI8D*x+jkRp=dx1$mBit6AGCS0d@06 z9i|~Q^Lx8xvk;CU{|a^L*AE030)Zu|v!sgsqXp))J)2+WDY*OPQ%$9H+-u_(C)EPn zr3At*r0FkEuZDu-FedxxXNa4K$-Zt}guji+N6Ye&^i&cm40*aA38RZ}55jo;_SY9) z-mEaJX{Fb+QfSbY`Os9Z2}ZR`9pz!rt_>G`qd!6WxHN=@sABPC`<}h5qM7pHNMv3b zT(@bUwL%(|nfm7@J1>cDm2F2-huUD6aP*_yf+TrS(K_&geF5VTLDu9H)cP!qk`yE> z&@NbC6)W)@g3B8e8c5ppflqM9;}U^`|DWYuoaB_qzFRUf1rfxEO-0O6(4ZSrjvt)3 zZBIlxR?5~t{xrFY+E^7LTz{ePbd+rYMT829eam4@(-#>)M;s72osRqNEY&F{|H>;Y zV!<*#&-n!!2kAUsxzvn9locPQy!+qYssyIywjMx9;b`no zw#!1H(--o9hcN0yS>5FIML1#SjohQxBzAqe>T4eHO)&kMa2{3!7Xo%eHkD*c`N%p; zAirqJfL463Q%-bs#^6c^CI$8?+3fhv*p*sz(QJD9x#r}6#sBS06JP zE}j1Kk?1u&2CP2`Fw`fb6IBwMrR|ULHdXU9A>4)nAzUo}QL2n(s~qmCXg`v2HTesm zBUrw=ST`OrpA@=&8*&u)?6E2_qcNE9ec^%C#MSK9FWa-B&W~@I z0{u_%f_OfrpW@ug#s@Xr_Q}w`g1B!j@7|~mGMHfL1c!%X|)- za$()Bu>8MW*Y}>vqI_ZxWN)$TkM%|w^*JlKbmBy>h++i%O@HMn!|E#YkqR-os@6*< ztwZ^QXb(UZnsFc=`P%j=U1(CB%C!CqOQR6Ca5^f&yG_|6eHX14 zrkA2ha+r=)w*6a(@GzE|iN}hf_xTdREr-a8uF_e=!*j|)2Kv^>-{*m8DHTe&wI5JK z&1X0L-45{_#}3Ecj+(RX<;N&c*?~QdtO8x*uyAtmhyddsh~cXr1njDRp4qr@&tk$N z^5Cc5Lr_9d=5nk;oiH%X7Lwha{*>(ghYx+6Q`XnVDnopw#RCx9e=_haX>#6}1}I<1 zDD1I=!hS~kF(Y@RSLEuB6`%#&ZSLDwn9*?-#26$}CbL)#EIfYv{Xg1#?j}@HIy$Js z0^ex}8#KtjJ90w5BcPEcMHDIk6+JNe?S)J-_g>ob)Q41MmnDV_wcNm4FEwnbGDxr| zX^%|#@>ROwj?nr=OEj5pnQC1{s;G_2GvW8ajdkoH2VFTeDkkaY%JZJpaAqByqIoyR5ZXBl&rj zpq&3B2qcy*{1qP25e)aOWsOxF&aez4_lyU&zY7ITQ(HSW77i2f9`1sknY4PU;3q*W zHhC?q9nP?9yOEF#l4m5}BO+ssWF9DwF5~Z>eGmQgmICotRd+VDQR<_1${hs=mHS|i z>GSdT9E0jI|1nE(ERFGdK4i)&oh~`UwPYhL+-l66{i&N9a?I?PBm6WtgZi5DLuq1# zGNvLIl_C)Qa6#2Q)`4v<%&w26U!Oagedi^IY_{O*gk$PlBN0mCMOYZYs0Oi<(Cdb> zHvxUcjBfkWBT_~5vt#bObg=~?;74*mCH(vZm$J}Ajl z$oqwG+^*;S1TD+H+(%`1eFb0ocAAm(y^U0$WPBP5_qTaIw4L9;!41}9{!!ve3T?lN z41Y4?)!^vPek(QrRsRT31zq>%pgvE?O7btZ-Y~Zoab5jsX_I*6;SH4r70|{j_vz zDJ9Ru*FC?#73e$R$S6~;jQP>r?XtuWUpK7=&Rl(uYzqJTx8X0(}xy<5=vlhqS# zm*>f(C{@!aejJtHBRO}qYd?@TDY<`6giY;)$!UU$E=m`&RMR#=Ec@L`y(Qr$OBCMp zE%*Hz5azI*s?fO6o8+qRMMScb6*KNm#a#>WO9{E-HTu%lE5vGjR@<(YAG>H|_-&4| zLr5B1{tiI0d1D2;8(NhhG=6usyYHDiCo;Gt6OVk@;yYrG*oyPuiquR9P=jI5Tc|*B!+=mQyJ2xHKgj zi5mDB@W6G~OHT}!8McA;8NTycDvT%>?3e`GW0bKEcP~`wo!MSf*GwSB!I%8b2|q~0 zw$u2uV_FrjCD-gA9>7o1l?)#e=bDss)8Fj3ckFW8ZGEn!Qv*Al2mY&`^8t9mV(Y4; zvkEjh-Y1R9f~g>N(fjSjz2w4vfmjo)#xdS_EitApAPIKAgOuUe#v-=3O7?W#faRQ6 z-`YAy=rW-tX@ZV*FSYn+Umz)vE4?CtGr!IgvX4;kJM z-jt8*623DuErqxm6Adb<+`rt*^q-O8#fPK>$0lFJg61EloQM18t=Z2S~)q?oe zx~~uczYVw?UmiUMd7r?F6D3xmMkg=Qo(Pc=aD{&0tU{<^KpELSd6b2u^w-ut=rB$H z?)hnQ?4AXHoeWvJtdP;Uc^+7#>|Y*gP#q^!zK^HRIV6rOE2G|xi+x=ijT!qltBnT{ zEc0|Yxk7ErU-5)b`9V*&-I1~+6(wqsm;>tyMahJtFn0+ zgE%cb;PSWrRPVP&5UzeT#_!}ZDPbu|aOM|VHL=tM1EN-;v{-5rsfg@#(zJz{H@u58 zuWm7si*X61Qqg*vB4O!z6-C7N2@(2;fcvL>8PCO*+)YPvLIHMhcQ6W7(xM&r3{9Ar zMpMSBDmu6~>1>;g^IF3l`RSP`zsQ5Fm?ai$Q?fo_ze_7-Ya8ziUssJxKA+> z^+zgK5PVL8i5Vj%h=)p6;T9l0DX4Zuz!>uCxdG^3q;Xk1FS73w~s^l&EQNCK`gPLm96p4 zr7L1X)n}+To50D2kp|i5AVUscJV&j`CB}+^q_(kZ-*@NB@o#iZKZ! zNOmD78OqFF>&31j()%YRR9KV^wSlQpNLjj!YT^SjmFh?RU(DsAF>Kpfx4j2h}*kPpN^e z=V+ZxB3esuY%yP1CQmr2PvbTimYC@u7lv#}Cpp9$nV8pMhsIjlZ_d`1p0fP@BnqQu ztmUTvEyvkva2~ZaZxY|@sl&AEoVk#VV85@4Q>R#%$i`1R5q7Gz;+L?F-hc!Xxns;C z5Pob1%xnd=+B*RG?XpC%%QIVw;EFmFgS4hA3+ADZCr_NO2 zK`;$x6F&B_zIkmrkZ8p}s?4wcG4-rho0(NG7vI;FW2+DNa{QMae|zRiD5lwwnn-Jg zt!XjT=0}%*7dbQK<&%KxSuBbyT_Z-t>6CYA-tB`!lhwR+Litlhg6zL>FRY3^&=+S3 zQWVk^_j++;7sQrI6VR0P_u^K`9;EMc7%T)6f_L_`=j2K^)rgn>$mLr-f`DUQkt^bl z?y^(~PVa<2m5`G~iI}xQh7zAc`L1Nbl^A5{c%9TkX(4w8p0&TlG{kTiDMTg2- z&e{R-dKG7)rV;YI{lp1|oWwx$-P&bJVChnyr=$r8uZZZfZZiL*xy9;^% zI6u}F95xoYxyJ^HY)A}v zw7g8IXIh2%Ez%PeVcrbj8%Ualw7MUU*|^1|>Mu|N1wotw34AXTRvULh`qbq$658=s zvh1&}Mrv3geqpXYWz+!k?_~ihRs*dQdiE!9$8d-Gf0ZvB!A6k8@`)G-)z{VryuIR4 zzJg%E-xHOXal!UF3vqRX-C;vU)e9-$L`Bn%ilKeGKitpK8sUm~=y{vhcd^y+LUiB& z_|~iA;AYVWR!2ub#WJUa?7kE zM1(!+&8I%?fNQXgI))Sa({pLS~HWF5dZZ9A5jYDF?D z*}2-Bj?Zw;M-60{0c>71;~DKEQ39+Q5Pt>+t&{JQZt>BD&qhdz{)rBej`zz99piZR zVbvU~tGqKP$%n}0F>{Ufat;nOtqk&WRv>PUh?&}<|PC_h?uGIDS5fkwNjIVaEIu&=p0$zhm$u2m2uJ{MQ&|Z=O zbUj>pux+z#<6kPAUcN?9>2`Y6xz+L@x{l{EtW;8?xp9xm5${;0nEyUEUNC32K7s(D z<^Rv_jNAaow??IuS%EE_`}P9CG?$b)wHQUX(aV6kMi}f?9QcnV!}MZu~~*a0PutbRJ|AXyW4XA9BtR z7r#B|6!;kkMe5ReY3&QA@FzAuYY3T`HjvxTM%(;A|LMe(eqI%4QX9Xs0GGvUn7Al0 zj0{jmSi{ZCD-3lAvV1hqBXPlAD zp;YBb>-#h0@{;l!HIeH<5rypMRmTK4pW0~Snlzj=WTE~C4@afCVui^}FV*u6DJzDa zO2;G`M?*ELq0(Pc6m87j@i>QRb}oBJX5+gumv4wBCvO;F4HH2=!nwSevH8 z7_^j;<+RlNbiV)NgFLG4c=4O^mg1H8QQ%6r&IUMABhYL95#i2A&RRuP1RO~^;Z*fLM`@w6xWCl>OrJKod;bKlrmmaC2qA^#iC8@FJ+Ki7*x zqN(1r5nUh6l|`L}HAtE=4V+ePyL~MU4@ypolHXpA1IAR*T8|-?LdibgqNF>xgSca( zPb+$>>GwM+FBH0 zOC1$E397Ytw(AVE;?qRmtPYlAnhkQ zl+NeG*ASseo1z!9FE<~3Vn(xnrdRAa-+Ufc68RU8d~fpRJo>@yFL>u|!34zTItd!V z;{LIa-aUnVdNtf5Y0mO$6KFO?hK@v=stPY0s{T?mwH8&`Mp@C6^yuSh6+2NDF}3I8 zQNDfs>)kPE0)IgKB@5ACeOB zu9wrR@_TB)2y2icTK9|G5=w;SqYsiTKk{NUA(41MxnR9&AN2ryjN6W%p~k! zKrN_bar7H?tm0a3T@PtRP1N(V3C1%_mJ5Ka#5e`TL%|zG`QC{*e)rH-N1<@Lx&# zmQGulcE6NR;-j**KqhoQ$iYEl35&xDR{Dg zHaALe`5gt?MWGv1ysNL+xAi?TL!I4I;_;HOucOa4%iDSDr^F+Xs-qQeO)f&yO*o94 z|1%65Esqz57O-LkZM}Wiu4d?Fq)x1MF+h915FQMVO%+R|(O7o(bzcQJr85wivdICl zf28$uy;l2Kzx#xSB{nOBOolk!$U_5%PW6&yM)AdX2GNqkHxY`F)$rbesD{up5G_s8 z;f^NhcH?5E2SMdb0g{kyD=%WbRE)Y}prFJI~S<(qJ!QpK7Os!WPZ-=R)cD0Ge zGRDZ)4QcWrz|U>1gzGZuRnKOX1#&C5aA7F&rOyynp!*uXOoPciT$#m3$L zp$B0MezLv6={i`Ur+Pr*eB+pHui&&et0>t*L*>et90~_ex9IX%BjB%w&hID^lIm8t zxH0@^910Q{Dg{}suH&Sh2DBOQja8mQQJ*I(ajd$e4I?C47**pLiBV9Gw}jpN&P`fO zeWbDv*{7ZW4zs_StW|T;?sQqhFa58N>f20$Ew_o1eebohom5%@e;KIMfF!n)1jGwj z)nPFMcyBJXRXVV(o-h@G>p&&O<&s+7r`}pUYRvF4)?{Jb=#zY%UY*@5$OMg8dK>+n zG59o90BC@f>)5qbir#_BTaDU=s9sGADkT95Q|O_f>NWnf{~KeK>DaL-*eZw3`IYr< z>3!wkgdRa)Xc?1Cqps70+odw6b8s2E)%n2J&udox(zyD9>+?2WcSTr>|NYDivWyVH zbc0{ESr(dj3^O96w7A@Jsea`_S9C6qh#+vv09^5${YB5?+bwlklu+pdTICCO9@h&H(nuYGY2O`P@Jgp&1) zZ!we4ffZ8p!8(Vi>^}bQYWwN@7qr8T`|d`7k);5XAOfry({qb>g__zmrEAnC2EDEW zAJSypbLdBmp9y}+jsZyrnlnqr7<2Kxyld; zP%ReH98E-?-M&&H(CtsRG}d}ySQ6p*V7*FV1)h6T$JoVRujgjRCjBPaD_DWGUG$F25zF{rag5MJPHBIdk21%Y~)MkOWNb4Y_xdpb&h7* zo2BxY-lT+4gF$Ge)=rWi`);=EWUtR`qOWx)*GrdA1?F054-{Lg%e&t1NaLimalB*M zmdw6VF8mmfU0z?m3KemORs^Om7`=m^GjL(Rv^50=HxaYBK}S`y30?Pc`bTO^6nd<2 z8ac}2wwUz52nYZ<<$v$lu70{OsO6=iSMmHxmnV_HKGA)dhYP0=*LX>cukM=ZD2XW7 zByK&YdhTo$E9b%oP)r?)K<&j>&tC*~1-3b!ai717hQa|nG<_{T5PnM~$}FP3G4ZK5 z>*f&|AkFO4;V0|Ba;23dG&7Pq=@$}5XyuL?_Gaqy_UI|-j{o*Z|PGNzD~jZ(_PJV zLVo5$S1}`lw6P^I@qu-YNlo3cuf*Bf6+eBBR)n~7uA>{K1JN-aoubG`={tUzX!HN_qa+Jt81!PFrnxZsyRv%~hF^lpvYH`4K-|PJIMWgfHhR z_ScdgD&lHwenCNTOv;6Swi@lVnkT^7vP2QiSNgc{3oWq$ZBN@6S3scX5s$)aJm)(a zS)h!&5v(yq%nDkX&=T|$-skRg@ymkNPXy*Geiv}BNF2*_^<{j^VVRO)*NPB_U zK?@lH;!4m~4uaq)g)$$|JjLbAcYUE>F}*w$YD2xmpI!w=w?o;+gIURHXz&+}ex!#2e!- zq1rT++YX#4_ocRhL2>4Se@__*S z+?ilOJ-@ofT$o<{y!*G(Wsmg zn`5pmLQi3+wbTvF-0sbebk{Z(9aJt{hI{aMC&QN#E?b*{(&R@Jm(=ZjBbKC=@vjs?-=o+|nU*k@^Dj+WQI zxP6gAg-}<`j3W zCmsyEn?I&E0c}zyA4tHH1$$C!eq$@9U+_CTka3e z?haU00rzNu7vB!n&4XHy=c|MP7ooK;U{ES#Be2bem}mg|;iiz#Xw`oqSpvr*8C&E* zF~r#%gOhIfl?;b9%HJsHidK3B!rpDcJdq`dk5*c5qTy{@ycn*T^!2_Iq~Ce_@kjdAwMtqCUE&{KTzdGo#Gc#Q_)`aI} z+Q7J$m4w2=A;7YIi~jkRcSq{st=&P=2tKM>3^+@JfqMblrQ&Kh_8@p)j3oVs;u2WjS|* zqaXK28xT(t+|(Igfjx?~ZnBlGX%&YU`;~~{&BGyobM(6}#(u2z31X|I+t|LX`K77X zwIpcA9j5mveQ@fTsmcpR5qHewk{nGJd%7*Z)EH)~OFVhfi|c^N@VLK`26-}xWu2}z zw+4v?VeM`^*1!ZWEOC!WJ;v2<@LWNTSlO&UHkW=SlPhBPn;*`~dS=A`(W%cK1`4X7 z^c*9aQNXfw)+pmrX;1!?zn+RpDWYe$i}LmJ3jR$iQH2d^v6-lgl^CZ;b-D~g!j%=~ zYoQPu4YN$QzlE2(>*GZ>=CWQtwFfdn$b?7bSH92H6mk~AdDqH1ngY#fd10UzaEi@n zcG2j5o4%USw0CwF7Mzm~{aA8}meud{#Hb_6{nBN)?tzu~j?4(|6OPqg&fF6MmqG&3$LpDTC)doYjjtygNjou1s6hdPaGH@a`s$TLYsEdb(6NbH5 zdLlO+C=firwnP8kK`)hhvjVq?JLa0DL=I8;KNQ?oGH3LoTCzR|AU4@eMAr7~?qIDo~9rn!9Swgi3mqes5*yf%o~C zd%{H%PMMPS;Zg2kli?QC2MF(qnfvcth!Yoz4=?G}Bhr8Z(&!K%XGoZ=ej{N00&nMj z+M2DuQOrm-A3bM{=L0~NWa?7R zmmh0QLO#okUKk4VZLGgXcTs@sR;`o%kwed1lkh+tfddaFYlgm>d!M;SAbEr>#QeI!EXm{JQmn}Hphe9*>@@e)a%B(UB- z?OGE$dk`|&G$2-);g}rP#|?4E&e*cxF|rdkR_6kYmaK)+gkrW0L+*)SB{5cSgZ9{) z&aOtFh5JkVOh~!1nH4NP9`3I$5bl&a|Z2peP80!X^}X@7u)im(9sY}GJ}%e; zbCZRhs-~y)t^pvqS-F+;0!f9~qWr!6uoL?5qPFMR%Rz?=Lsk&+z4^HrO_d{}1=rqB zDwkaR&~)l|DUsIx%ge8&S7^{AlSCjHO7YqDz% zscDO2Nr}AEUFj`qE0Xb~;dcEjht;t>_nFS4GTWLID|Koki9pbs@$?H0Juwn&AUm?I z{sZ$3=X2oi(VOd_+X)3zPW&>}e@uFKJ?ZWLlGhMWB;?}6EyumPW(0lI;O9eJY*tar zg>FXhmo*v5`Oiw(lt~QfRFi#@MtRFJWK8sU`S_H#I#8^e*ig?qJE???-&S`2TiJFjW6 z-rj{aH!X9m5atz*x&q&DIPr1!r;N7kHv?<~EVf7YtmJ`CxwdxIA=%4zJnqP&2J>zo zD$^qt@jO=PV`yZn)#fH#09?LIiaRH}=A5M|)!c8f)C5whuf&acBY7rDVz8@!Fl+X0 z<%Ja1orN@0K05Bm&=^}=N1WAB%?BS12xBHgi@2uHz{zhZG{TXF$r`qQh?Jy*3M%rP z>I^3oQC9T=NTTSbFjB7*>AXG153S1wibZ=^o{)+R@YICb028ccM72oJTtdIt>5#s; zoV5-cLq6LU7McI-8dG`^s?$5%^jXuAuaP!fL?8#^K6-RpOp7G#Sein zE|}NzT+k_T9D57mScmdqo>m~tt^X}dR9P=NU9eML|DVD27QSPoOiu3)GqPjMW;KU$ z@4NsBc+bkxVbOhpR9iX4T@%I|zb7sQk7I10-v{s{q7d34Gi_~HbLo#P6(%@W42zgx zRk@27LvV&T9Dv`UkU$c-XPf^3n03e?CL;s`Tt3R~+;B@golA~n9~c!pExTMaGj2E7 zf%$qV@(i0OCbkb=zB0W`$DMT(pcl8ib#$?E*igxLghM^n;s1Gf#?EkzSJ)I_0Go?z zyLhOXt;q&B`w@-+nP;=gM9no6=+ETR@}9x|KM{ZGpw)hM_8SUJaRXlW|5xtmBML4; zJfg3I4^%B{U)`rh>Q#Qi!omm=DrZJQYwLPXW3Km^HPQE~gqW3;Xo;psvj^jwm9d9> z6g*cBC6@SM4Ba~W4z6A@jLKeg0PS!;|Lm3)kvtvLnlWX(taIiy?+a zxHlSKH@DbrDK?IYj<>PYEJu^Qk1$iNMeEvc!vZc^%|?ZTq`Ht!J!)W?zMU@SRo&<9 zfhwSCK%u8jC;1fJU}%O(pQ6@cgWmj_7-8x#YJX1=?^y*^J89eqOd_>IAtsRwwSlw=yDLw~sH_RsZo#Mw zg|eLuA*R+;%L#h+jcueE2~gnn?vYn06AytC_K=GL)%Zu=&YHLe*v_ag8V7h3e`z#f zE+W6%{HtC47TmZ~8xp@RkwkpLmLzmGl&r8O{2y!=qmC@U-V>}O;_Jl4i}0 zKQg+(5P^^50RRVoYWxzcyp1Oa>#MC{>E0E=y=GMnOTNAPAdlpnOm0;W^h zRCNg`Pg16=HNNWGPW>qoh_)#;zc1XJa8VW_gBYg$e4ed>7aHNWQ%R~LQa-= z2a()_C}3NN$->W&)}V(`nmaSvwEpggJQbLgcwdl~@D=CWg15;J{4Elji%`a&*kwzr z6_5|R)z-J#d0wJgcWm$>@MNLv$2ZK_3Eu{#FYjj)cACcSfm?Q@OznJzuxA-@gF7Ha zHk}9!UXA1MFxei=+)}T*Aiu}XyYCRKV*;!E&zXvk(fnpUkFI-K|oV%`iEwy@(fWOeZVIj@a^OsF@VhJ<|Te8|6I&7tmvBei7$p-7kPX7K% z9IcSJhqoGl-VTzQ&D`jINp_rJT#F7j7stj5D_!Ae&rh~YAefS8ykZf;-U|^BJErf< zb7{pI-r$$|n=`>B|n`s?HR75YYG;jp-uK1S!FmdL_PSs@H|;Z zax1r6NUl1@)Ux4IQ9m3)nG}XaR|XIX zEGy{kJ{)dpC>I#uU=K$w`6V_Ai7`f2T!35Z{#O9@K5#HFJgrMKIkk52OMWT8Ag|&*7&kkNTKTot8%jML8Ah3wJE&LkhkM<~A1H`*5L6Q^ zj?pWKW-M;Z%IFW|(A$O4 zLlcZOs>($8*X1f0B$?#59U7Wlhny|cOxDQmE(Bjud$Yb@7JCWQO-=Lf2IAQ+GW>qw zw^;%~?tK8tHiE!`q*ZmvKf)4Ih>UwF)&&MwaTPh;j`xm+c%V{V!~@_lYn7%md;isS z0!Ke*ehfO?)ySA7FMhNql0kK;6ihU>H;asj5sTJ-X3*RvK7c-q4qi&4hq>I)N>A*@{LW#*`7_qM-*A+r!cU^?iOH+9V0!03GIuL+}b zhFKFP;4uK(MtxW1m|ZAan4OIKA^ZzIgs>I?1j#W)uxY5Xu~RVE*M;y&7TxG4bjyd# zJG+CB>|8a-LI6@!o}h3|yKbvo2*2o{RPpbJQCno@d= zXek4d@xl!yf1LR(E@=BgFcQ2Wfvx94mN#J_PDC$Y$0_TdRjcK}Q%q7E^2{&kO7!0>CKmo!X(1OvUk;y$^M$--co`=}HVB{}{wP0?mE$I84VzcyS+r`u*M zR>_MrtwtL#O)`E!aMlcBMxOyXbK~*Us1D#H!>}^dmeb7_!vhW)AzL?l{$C({4GG%P zM;H4(e>)k)PqklC%c35aYW6Y-B5pv`hP2;c!QEvv;Xg*~&wo+DOmCEKzQcFC4)3ENm6nT-s# zV=zrjfB?-@@&Ii(Ye_x;iRJbk2d&t7Y8*)*l`C@gq09a`*OImb~Nh?>%_jtG2)VStnortP8*VThD&z85g|v$W!mU z;Dig_Kd@!ws@J~r&%SoypPlj>Uwq>)K6%^dUp;%{O;5jm%P0Tw`rqC5!)HHs_`AOP*bxu> z!6!aAwqwf=KmNV3L;wF?DRt9hDZOqqO{MG7)-;*+q*ta-r)$#9>EX09txp@%+tcHR z(!u*v+WL`{I%%kv(s()|4UDIB+A~_+)IF3^e@cBR9i3A9-~oX{DeV?se-XLYJv7-p zbbt5IsHBf>+9>I1QA(#IDM~L%>1Prm{VBDskSJM`=A`tEluk_P~}cNI<_zdb#6R;&B(h&}3+X{(a)_O$ipv~@}v)6$fFC8ejObV*9D zNa<6rObbU-FFh)2A5H1`r?k4eT3w}tl%*S9nc7pSozmkeZM+bHr>CTZPo^}H(nIn^ zO6RU_buT8WcY7NCbQ(^N^`(P->9mJFaqZ zt&gSj{T}vjPwBZSosiPiDZTzBt?sc%lUqhonwQeDl;);1|5dH-hE{h;t2;sLx04)> zpSc&NM}LvhIVqi#($iDgo6?18Xns1_n$zlTCC#T^)skykNm|ol+^eij|2d^6Z)$a4 z(CUsN81Pco)B*F;WxEg-ABe&5igI7+;;np1?lf3;Rlx7k{equ zmsNW9500*#FS^$J(GSf}w-1OswLYaXIQ)RJ0Kalzt|N{&p(#T zAM1Yf1sA5#$1Xyb4DKqG-FaX5^i$LQUwUeK^b1c_(Y+wu|I)LuUp9`8ec?&xrrke$ zO4_&c-1IfsG5QzhrZ4LGHKp^1y1&*hJ<_@H6X&Jgo6k$>Zxt{6#$P`-?Rmy|=@y0W z)BSPX59t0&@%~izb^4p_kNnFn>FEqSeCs)>_qm1Cn z`KELzM^q&SSMK@7nQ718pP6>QOI0zgKlN6{e@*GS{}Ysh?$IxhKa{UW{H5@!s4xGF zo(~_Gm;P8fAN_Ch(!)QSmwJ!QOM3Q*MTR0_IBq_pm|&)TkW)tBCDH$JS=n9lje!&k4-vvv44Epw0Zdicf4 z@8K`X##@bBvQm0Zm!6@I3x4Ew75v{BO1CKdfaBXL{e24+-+%u|J3YEV)jGA*nk<#> zQR!VEKePu_wp4!g$BENiRlY&l)DqvRvU$(*6o2v;J~@z1kuUarW+2`Fx4OSRkgog2 zKzj6B18MSC2GW%72ULEijvmy<^X0$0pQ2Qrls1Ux_Fq3KeL=N!^!$_3!;hSp_MLNL z+W18khcvqM(J%AtoA-0^?47`G!_qx2o5qh&9a1>GuBD%4nEgH7>Ggm=Qq6Y#O*hEQ zF4a!gzwx;ONk0>R`g!ZVmNUB5k2!x0Zj0`88=*~9@YfLX&!=E}2z!1-cY8o(K0OTX zdHlSApNDnRX2?nzHg>pL-1I=-!2@o$(r-cXGk&I8>5;x~Be@TGdvqs*%FmQG^YbK> z_wh5r4`g&JZnoWA5-Vj379V{4@dJk*ARPw}9#HS|Sl_|EE${~-5r5uxD%IQE zl0!d2;3KU&h)rF0TIm2B5AtKL{wtOqg6@;*)q-Sm>&FQA$fGUCeo&D#hi-+HR6;nC zwp<~2rwAzlD%|{R>Qki}JRGUF zVb#6-JY6@fa7zCH@Ns^Ai1jb#=RfLB2axwle(qQ7)a_8KsI`?n-;9h;?}Cjxo!(Yo zL06^*oF8!N(`f!b(tX$^?JY=tJwMy|`7c=7#`I6DN>bqNgs&sQlE>Ohpw$v&Aq)+AITYZvhVzmgmFoDKEu96@3lA0eAn!K#?KPYUr|PXQN&=Tk zzAp{0d@*w2a;u>yRh)~)m8=(J<|7Y<3 zSg#m$!A~74^`pr9x9FS65Bxu~Z)W`e8*D!w9PjqJ>&ZwS8wpHycXoFZ(D=tKBF(un zS?z4(o?BD3<%`_gll^W(OPXb7<=+x+rn|HS#V3WPnKrjSRy(Tpoz9P2^Lbkm9Tj{P ztdWkRqCiqI6+5c-|54O@Dt)T;jaDXB5217%v|tsJRzDgj8ol63tx+b>>M7J?REehV zkT+Um?j(!t(fPJi;4OSKdZ@1Ew3)H9C^L5Ct>|Hb_<%biaUHOaC0v~=702Cc1fuWB zW>3B?H8~9a>>S1?f0)DQD)Q}T5fvL)3@KqvC@Wn!2|RM%knuvL zRXI!?4H8do(!dk?@8mGJ;!kYQ1lD$x@dWhX7wIm%59ToVl6Lf>xX?3RDfB9;RruB% zwq6N<2Hq_hPx!PP#?E_k7@s^Xhn?@aJU~Cuz$1?vn&MArj%wf;3qgbZa&1LVn!!WQ zRcL^VOl%^IJ!dt-7w0f~8G99)OLG{$yBc_=CWYoHIgFlDa~L^{#fn}EF=1$q&3M8` z=P>>xJw@g@jj)2oLsQa%{pU9D@Nqj|6j|gHnea8kn=?Ij(r!Udd?`zo)4*$dUdg19 zf*zSCXFT-CD)=LF7&~_~!c5(Yu7wT!?i?nr*nrRXXFTCFRm(rFfq!2kd`k{fcDRbJ z#X0PB$x!gnlrrYDE0N$y*D<;aFY_kCq>sv1Xc)8;CXHGX_XUitt!%(-u;m1KEo%nc zmooq{kGXFj=^TPr)34y9T;sha>|3!W>5r~g4Kr5aKIy|%BXB_NArM+ zfMIM5qQ*T&>*VB@@fIpVaSZx!MRrHk*WpcY)S3A*p0MkxwrdDe_b$IE@YGv&EWkUg zj-sL;8*|uouQgPKN3u-hJWn_D(2OWh!XQdmRlW)<=y2q>7jn!yS8aWvCqTHsJWa3V zWWu&{eZ)JwdR0ZQEsTn9UQ=ccBd0Ih5AP{jvPUNVS*XU9Fm2I4+!D(MQ_J5~ zSRx&^4Go!T&6)~-T&9PHJ`DND6nRC%KnXlJ8o@#{Btr{Sw3-TuwxqApb+V%9&;65##n^82PL53@e*NdOCwPx?Vp^#4rjf{ZDo4n z&p4x!nFgaQVO!F`yprEK%wg!y-w}Ayg+6Go8BW677+=Eu@&I9Y&&oCve(Ge{*iY&iGtrkaMegS?IBoy$8a!C#TUi?Alq&R0tZUQCmlZxl5jwIG*@? zu7nY`Ooa-5o^XYBi3(0dv$n=lpelT(2Oh|Na9Y+zJvCmb;K@z7;fbANx%}8>VG9jT zf{rl~SHbt^v_oIy5SO&g%F}w&dWT6D<7V)rcTTQH_NS2G33Cxf=Hi?ewkOjd^H>eO zpt1Z;=mKWTl&9lz9-#~4D*DqS48GWd{NNktpvb`)gptq2JYi%Wp5^OdUlf{o8E-lf7W(mQ8@_t* z4+HNqkm+r|DggB65rU`n&Z*mf#=qdP`6X90Xd3Ma3*?p|nz1Zj4_)Cm>uvZU_0?kl zRv3!>=V-!57@Ju{Asli;4tck#7dY&}F%i$&P}C{&Hf_@+siMh!jcKL=Pu!pc^K_X% zvga^1)1y@Q_GX943)VZpbK@DF$h<{2VSG48{|JYiXcGb-GNIppR85~W7=j-8%xwre zjoAk98g?0P`$Yha^GgGf5}qeZ2$Pm|4WAD;!gF)j@>OA=cR1tqFs{f+*`MGU^b}nx zCRI4K>M;ODRlFm0{;CPD>2(wU8q3VQz#JdpNqT7$2~(Ds(-9_JYjqcz@tj`hHO#DN z1UgK*&K6VQWif*=KD;xh-M$sF&}_)*iZWc&-;`xSpB5}IJ^t6h9*5yixy^LG2wTZa zJ%`bIOPX@nG$X?f2XFNI$Y*U4T*wKZ+gI6d_yGcFOeaE~;3u-L4Ck~H#uuj5bH0=i z=1%Hts&FU5*uWYAcL_IJ!OTb>w7t2Q+t$QsxgDC!!DweJxG-uXb;f!Izcv(vIHue`BRYYP3b z=bkM%z|51Y0cU;Q!jN%!Qu=t=1JNOXyi>E4l!kmeh@FINhG*hzXB^CFCKz+s?s(q5 zVfHTVwSk$Sy}+|!X7jBj#aEgE=M9aR^cM$Zxt$>$38++bJok?M3^v|k@_j&xt6=QG zu$xlPvZb#OjN|yiR$-abXCu8+BEQl8FrN8K1t^~`-@+1hJxTN1Jl%GmF?lB8DBnRt zc%cT=;Nji0X_L#Us+X^to|#net~hMWH0pxViCHgl4jWBl&~P(f;z`*bR3#wnI+%6Y zhEBT=Jau5dZo=Gi^AmekuU>7O>D37rdKqnb&~kxCK9d8&reCo1Fv8fN#I*{I`fP`h zzafXiKW97-n($#-U&&F2Q_0bszl3>m2Yt(aMlW+w@U}-CBVo(mwd>qMzqX$lT-eE2 zq0nn?W;ytT@hf=SKUn9fDn-SsfaRlisoJSRKQK`HoCzOzZu(}PZg;vP6+Qgm?KgGQ z*iQbg%Qj&DIl3!3^Ews%qO3R4Tg(6byVFEPpXQHL;cm;mVf?>e{V{l_QT<|}nXmo> zd5kUZQzjRheyJ@q!$V;M{@8{HiOu~wHd(^TB8Tn6#S81OMuR0SSIQ9RZQGi)YY3Zu*}O`QFqmZg zvYcP=v*uiMvDQ$+snc>jvJbP(mbqZTf{LbZz~u^@<#!j}pcP`q~oaI4fcMP2(Y+(N^4HJmukzT=tw7^Nt#Zo*PG3VNF~JW6Nci zjaK%IX1}>yt*Y%|ZUcSfMO~g*FRNsB=Gbr81ZknysJ1R+I^75!+m4)I+fv}9 z#YmnGcZ1jEc5?ebTS4H!pT!Rr>#*dEO{2%~o(mu}zF!F-8&PUivesL%kIoN#H z-lon?leF0h!%X#WDuy)NF=#jJk`YH2T=HcjzYU^r{gj%&qpSl7qF_Yaix#mu-oF7MZ7> zdaCIIzrb?rADy>`#y(G)pebyh{6_fMx^lkgf%{#4khyvD=E?>orIx?*+@0`+&Hau3 zs4kO(5>(sV&^0pO@~tl<%G}v?3 z-n~vc`1fTz^nI$Ci%jHu=REZ?1zvOG}wRXr4c5*t9v2S z^l6~xZS|`r#aSXfs&tW(B45?3vPbBuOwxxz6aMdW*(1F&&EqKhP>Xg&4s=zx*#-{9 zyvB005DpFZNS=R%Z=>IFx$VRljPl1upc4Z*8+m1bFV!wwrfkP9>kccJz~9@D%zqGS9sDaDjID zEkj}UGb);H%tM{7Ua!K>)xs1s;P28w2Ey3ZpU2_o(~zN-+31h7WNN(2$;xF8=d@J# zC8J@FFmlE+J@6bAf?|)VX_dy6iYxSK!NO|Js27gh20DKi)M=-z zLl6Gqiy~}4@t*a>~ zms|9)r^pkT3ma+IE4j{Vud8TL5E^7M^5BWyBXw6cry=*zwyjb3S?`9%HtcWsL_)xG zr@4cc$ykf4$Y0dRuYR=%|`X97?98Q>Ng=IO|w9A5I3pn-m|M#<0+ zK3oSG2wRsrA;Pv(6Rjd=z6KWsFDE;__Jag~r~ItfP1rW%dJTS)5QSHf&I{{m_I=ti zgNB>E?Gm1!%WBwD`+2d>LqOwvzw{D^NlO}AP_{N(M7`rKvSxzZ+)Hcr?CtKQGCnM!Qq zcxBmb;?0#qyd7Jew)8GZNcBcaV;88}R?&VM!pG0vsA_R^-Yi0bj57&lizCJT>zq6QMnt)dj{rok{WbQI%e$&w7Z` z{m#96D}FnoqY0cY=nbpQ0|D%W-gMJVZ*9isDoDKb$-mH5^mp9;w%ar8_<5`hM?5qO za;H`Cr`8+@3OtX7yg`2$i&q)8AO^A-w!JbNJ@7leUHi|l3P4E@G|Lxx3SZfKS0AIL zhW{N%wpX3g{~EJUYb;TmHyOd%Tht#liIEY>#o2p@J8-IUQTeo9k7ffGKZliPQzJ z`F%R42}l1xT$tK&0S0z?7^bxk`bcRsidFo)I=vxZ2Q@Rj{Snz|-IhP7&4wKB^s4EO03>1?J38lOAi(L%gHzeCzGg>gRA>UxL-c z1k=Nl##i#%lwsS~sqF`5ovQc`|G!{;uWAp-Z;cbH`t1CVqh+-`pZX2?=vxuu>v%0o z7x}iQKhCxj=3eYfiLiqjFA43qh;nmb*yW?)58Kn#;!dV_d>rwq_4jGwljBX#qDE7` z+9QFcxBs@SJF>u$UM;@l_*_0V6gc~{iih6L%Jk;w;z`eCm+h|F zL#J#Y1_;C>pYyd`z{C%>HBim4<#&hX7Jp)2pNdz3O{i%X&x#*{4BP&Vb^0AKQ1|cf zX#QQ(~s!<_z;HdBejVLL0WD zchvrYXTgH#02};vGcW;~v!W0E>?v>&?}W5GRjJ{=8n(Utd>1O{gH@Bx3|n3nh&=A3 zb&{q(7^6-rPkpuh=w~m6tMD&cq``iMUEcL=jsn}>&W!xmhqy}mOn=3zUf-m*O<5lN zY9A~AK!1tO&2m8pe4!4W7kMbw__J!S&ELo$=yX@~PDyvJw?>iYjD7NHs}!vLD{NCf z-G71M*W#!>0>9<8hNh=~VCMMH?3MkgeHG#i!#{6cUEb|)7N&AM0qQCjVHB~)!v%~# zE(XvA3_ts)T)?(3wdXK^DDm2qoR%J?i0y`oehw4;48x;Oe)&=Ob9YnAi|*bqmgV7` z;lhI$!nR!N`%Qn&ZKMbL$u8`M-sPn;VRYdq{m21!N;`FbXSmV+L!-+UR`hLF1)BEM z<=yrvvdFh$$;S@(L*8H|k9f|}a1m$vSn{dijt&|$;|H`s+<>Dt2R{)i{#Cr|^XB3p|Blto1&qG37YvO2c^pOnpKs34a+P@2 z(+X^RqdGd?<>QpodL^EW(fp*!ALMfesKg_4iPnA!4F4&;t!&>^_NhAgD)z7*%vIoJ zrmpR?GjqJ{YxRd)g|j_0XpMN~x7~_7w|~yBM{6&Yhbf?7|r61x7J-A}8I$y0I1q^P*41IZeP}5JIIXRi>ofEB( zzer2kmAy`5hH(t#uk>FoAL`JAuH|Wu?A!*-{t6eiaOdoC7}={Qdit&PX>E~YIX=o$ ztP{g)N8|;QB9Gx)@mJ1R?*|g^jMTZHBF`Du8rWT6XbvB&`vc&l{IPHqkKn6?;F}DHN@LqYpY?}d*ZllZ)a6iUTx3t{M5_wPT!CY zPd4bUol%}8zVZh$56cry!r7iSPhjLRd?~OMt3AOE;_*w)9>dt9v#K_u@N19PZUH8s z;U#R1^rZD58u8KY2xmcaqsJp2{j~Rm-uA|EmfD_d5%l&?(&n?mz}(BmwRzfrQ%jqF z8Fu>GeP)B!`jy=!{X8FR%uk??)P`*HM|Wpkh6g%`s$mVci!D5tH^$Gxg!1eUXPfKis=_Z-GtUsoSscH?g7L>FEwv{R{NQ<@n%t_S#Ig<9l$N z*g+0q?uA;eV!^7wY5-TV=T+dtqq{SVd?zNyhoNYSMoRK4!F{nv%J8oB!dgs{)+CW zlCSl%D*d)^z{6$7!=s(ZDn6&*58}A>enu6Ky|Ee+aYX2@;v@a_dY>aA+Oi^lrqk=p zj?F0gw1-}mA8^YX^IP-ltKULb>6@D;D9}27n_d>l@lHs)p8wjOFv|QcKaKTu(x>j% zXyk>zJj60RIDMLTB?N?>f9igC*7`S^4cPRfv4BC?hUbY8cDP2WGSvKN26xH11C zK2B*g^TX`chkw@Q1v+HgzDD}t&)Zv(H-h8Tah;z>*gF9`KX&bW%1)6X&-RI-Ie%NI zLoirCybW)Rufb__?rf{<>5mnX0uRRWL?xed(_F*{f3#zTUem?OU*UgmUsn7&8&>t7 zj@N=!vCs1KUHUS7j(eZ zr$1_-pkdn=$J7j4{?ZlIe8BWEy{yxh>hfXvL-qX8j^4&M-9tY0`wee+1EBed-w^Jr z;4xwXHOlk*$#F>@AT>2nr3^fNLL`@Y=2`t z0(iB~o>;EJ*4G$sm|lPFp*i2DyTf4QxqZ9&<~RLDhQWDrHp7+|M}bX`ogQ50c>E!E z*dy>lui20%M3wx`39E%Rf5f+|{vem1>G|ER$G^_M#{9kLEAr5xOsV$gO+U|8Tc6{* zE35G={#e_nAHc^R)3Y0(4SQzrFBxA79r4H?_WGW_Y9B{c8ZU3_Xo!xZloKfVb>954 zx8Lnm&t1LytziVORqIXP<`EXZhAheDa7%gB`(S+VD}TexUve$)d;4@u^`)=sm1e)l zoL_3@t#96juHP=M&$H;g<>fxyqGK?mD8Fm1u--N2^ZNPyZy8JC%FF5H4Q7bqb>_+* z^BnYdU!AxE;);Vk#XARhGg@T&B6)SDN1iR;yUkuHX^-qF|bO*t#nz0Gh$WRlDYyc1Pi8TsM};d$d+hDHLU zw3G$;IDh61bHd@xv|BW#A-wN=aN@#mctGEqs~kdl5FPKOE2Z(Jcae2WCVqX7*Lt#@ zY0d|1CluRNG&zQb-kl|!sFK0W6b_QM2nj=xYq zy^1;>Yb?OjKCdCFvKLrgphua+(f*v(I!nJ1Pam*rQdfql!>q~rsW9!?{yUHq^bT!| zNeSWHrnnJ9zB|W^uj6CTO}r;Fi8nPvo&!22uu#1cI{D6UN|XMDp3S1C#c{p@@h6|G7QJXqA1Dj7mQKBVEMXzcQLm1bMXm zC--gAZ^VPsnzskN75&_iDt)<+y>NG?x4o@>Ud65KKgNH^rPenv>|-LtTYe`7Sw+6y z|8_T0;>#LZ4P#W;haoHSq8st}xa>g`d2*urNZ`niIfHC-0CT6UC!DxNkJ_J0ZvhQV z{@m4xMI30s4GwCRUr%8Cr!k>7oq?@C4|;&@pYi2OIfnzxtv|El@>=3w^{Q8;Jvq+u zl^tXd@yORVd+b(V+u!N;ptp+8gVH*_oyKJ{u;pd@u#Lshv6n|FCLUaj(1Je7dz~Km zS;U-HUevUZF5<{2XI6&8UpKf|75j81a6XHM72Fam#po{M2?gu;;knbxM=K5u!0+^r zjxRq#8@a%C%+&2~ze|S%i+u8<*o%#^165n%33X`=F{{k>Ud=%ykL`|=dO zvVTF#Q_5Q2$gsC%k%hm@o&j+9BMr6mF{h$0oxb^mp5iKcYp?a$<{WQ({&6pV7|Qyi z{jKY3=!+7LJnYpHf+Z5?%>q5SN<7Ukbin9(1=Ugc0giGJt$W0WKZm_10e#Njs=Wa> z5yhvLuRRI)(2u9aE=6+4%lwO}RK*^x33*Wn*!r{vR?1(bcTL4lJl_uGD)idot=bRs z&zbK{Y2vMKREy#&5WuAO`Okm;c0CM(JF3^~6&Opg2fjkDMYgd8awIVFX}@U`fSs~V zOlyE6Kk#P6Q4WvKYpjLdXU0TPVAZdF7Hxo$KQFSQiqGa$@!Ep-A)Z=atRWSC+M`nb zNk>`JsPyG`i3@#hUTr(y9J}bwHTn&ENKd&7eHw{bcm>ZH<`b)xy`I76^w}SIJOaHP z!D(aLyFi<)uH~ zIRwUzG@v=U0tL1+LFZd*Twdj>`D2b)!2>ZVu3+___#GI3{mp+q1F+Jcx9qC;Fa4(} zq77q@rjRxhe%sfLLxly_w`sy`#TS1}PS*Nv z7y4V;x9GQF@4!ISzu8`UH{y}8VZGLsb)(OVfw|i(`g5*V{?&lWi;l#j`!W?W%T*Zt zNMVr%*-lRyutw-9kGU3EUwGm*qpwkUE%Yn&jS(*BY0p#Ij=QV)=sg0CjBF33DEze}*Y|gi);eJ5B$>e8`b_>u=4mKY+!?`|`eu z{r3*uTa`EaV>}jl(4CL-RPtSZ^asD_P>TGrCxbl3JAe9)zPF=*cx1$EsZL)x!%jT% z^o^ihdQ|e1q5+PD7Jl{jZh(Q&q06V>Dp-3W$RRHB7m|P@KhH9ZEitl4`ct>HJp@a7 zpz)rg0)_rWUUY*f;_v+lf61Mz~ z&Y*}9S*7kMXj*7=dDE3}@o4>JVdfU^9HP|YCo+e~DzLX!H#6wU2sfWYl z=k8m98u~YF-dMh082$}ADtlnp|5~2ABg6RPFr+u)RlKY6iGGz2H-Lp-qZcO&82?3X zgnau`KeTV~lK)T3n-ImGurA`G=Ekgnc>H~io!&^_9Iaw2VZ>YU(2&p26#e$8;;Q)8 zd~Z8o3;lb!h&Qd4sEfaW89(wY{KF}Fq>8@7R|0~Ue7w&_1U>aPU4O$}H(VcZb|qNL zLk8&`QbS4D^ndl(r;9#pq&mS@>+5%iSJ8Ke^_FMEf_Vm70jAnQ5^{`@_Ys^mmmDsY|ot^ z>_Oktpl^(?@dy5D<`<*60!L98_8IYFZ@lqV+n=k8?Xf<+t`A?Km$@!qz%KfI@hyxh zo-LK^58|KmoadZRy&>NEhteFqE?&z&W$UTi8u6ZdXBZy2&ULo%Yc}B&19O*6M#A>L zw3j&aY0KYk0cZVkP*)iPE%~uOze7Mg!9Tfl9u< zM^Vyi|FCDC+k4Avb=-cUpY{eBT<}AG4&9X^fuYfNr@!-bv9BO0{QYqIPCBQW>6b?esj zav1sa21Ot84%3CBDtWa25)AD8+A(>?_OlxBQ_jBPx-1WVO$U8U7<%N(+UfHbwI>{s zCN9Pk=BnWH`_8Y@>+-Oy+gYfAMP-l7VZc)4vjr?x%QQ^uSeM|>G0i#dOv|7?q##;*3{^;mTp(2r=>jTk_kMtWfjLfwvO)MA`eSRfR zh7_3Af(8*7nSv{O3Fy0!wx`7FJ4~pl`MdpYU*V1X-ajK={f?O7kCG6Z!oXIfGbf}2 z*!C;?Pza2_-ZoI%1AloZvZP-qUxgnJA_q9@>*L%yu>Gr_A|DyCno{f2^5K2&&HRpU zjHhfboQ!9J(J8!_qFJ}m4V}Ja~Om z-U%%6LqoCNM;!IxJ?SQ>D*h4Pk`f2>wucI@j0NUSy#-^uCspLl(}yrXdA7$j@lqYI+&yLo)EY ze0S>oDH|#R-ZCoo=I*kBqjjs})x1>wf0W<$TzHFpN?q085wH1xlTAG7U8Qr^2=G~c#n_X3TLD*<_Cl6V8h;6EeQU|uSJXbXh5;YgB=Mj`e|*j3)uGS zo1^sEz}!da<|1r=$8fKTPrZrFr{{R`=Z+~|8FoUoKE{)qk>4)=516J^Z5z$ojQH4V zueQ-+ul->DoV`BKFGRcg;7N5(gku9`YrcvtTm44(fJk*(B=7zEcm})o)d7ZbnuMWy zIe}208bA%F0~$ughfF9>_%Obj5akQMX^gjuTqoXj`uo59uRl{`Q0P-j9~sl&1DHHp zKE%Pn(F!i}Y~qoZdRw{_s>1Ir1bMN*a;a850>;~rEwR2}>Urw)1!uC1NbzpqS3dSMOx{fpF%K72=Ry1P7JN*nQvOQ6U z#>Wm*yif+hZ+~>Qop$=V zfV2PPt?-xWmyhaQ{gn;EK6-~u|^($U}r5fjo zUxf>Wz%DOCI+wpMVB4#6ZERZ*Z+j7{3)uPF8(X+6*MH#6y&j*Rt>k@8D>$^G(A!fI z(#_?~_G(B@qgv$S4fGUP##Q-c{fgr%@_22JMG0VTotwS%5-B2#eCC{E`r3SfwFt)N zI1OX(k-c6|55vw+b&@0zdY-P_3IRL4t@hlx*&oQypP6txG^)S$BVpT%dnE`s(%dsi~Ru;pzVnlmb+iO>4IsaELuwiy>N{$UJM{2BgG z?U09wH{~b4^U?QAH1tp1_=cN)`!_3nYhl&}J;4kb&i?fvk9h7E9u?hufz$ZXabE5N zj`X&4N+M{Tp3$+5e0iXbZ@1a=0VaL%mAz(stHU9RLa#k(Q3XtT7gAt^A|810;>BKL zEih*c*ku4F{i+`xWB{WtX1KL{pD_}icyq64&e4VM$i^Y-O0c#4VNq>o# z7rcl9Y+ECFReY4DTEB#Pj9vJ>fG=KP?9qUrZ@wnU1ukpez%H-(1G6PQjcUsv=NI~; zx`w@mIft%5;b+aP_%G8}F!C8Mlz5jP$;M&uyS%Z$FHC{g_Uq7r90P25d{{{Wfbo~s zjO4ATkLI6P+tQ!!biC7}Ei?uw(A!s2zx!8j=>?2lkA`yk9Is>6ya)%q{k43>%EKk7 z(jV$;`5hHlDX!?%_xCM~`eb`f+qQg#CVRx&-lXAN)1F6v`De#v`NYrTk|EG@vxm4n z+XtMwlc}SH)>>ZQ$h@pS{4L@v&*|xQeJBokr)M8L44V%!7!R zod zDkf3D@N>jrRpzxlyr!>HJj6RaDsKu_^r^FE%erHZHEjQkFI{#-ZvRcF27^OmMW0eU zhgAe%;>#LWk+0FE-=qi5NpYaS6xLGS!KG1cVrz{TS`7oLi#W%7jd!xrr#bl8B2Au% zbNX7HA*Qv!q%SY|83uPI6*T9+)6;D);L~8laWhBfP-@|)_bm2V-puwaj?9`q@;gpd zz#sV=n^eH0$*Gk@g8Z0@&5CB|N{p(fD(Se*FT;)#^v}GDN)P z(AhYBnMJRDG}3D`V3y45$+5%TF5@9o={ru2jtT=Y-z@;e9($=N0*Y*uRRZG|1fs#HC-vj_he&|p`i@!#k`|nNZ zluajYJh|2v-=QEL!4|G3@sU2AQmg_F)$mJ8Va^ZX{(+2PlGm*`5~nBVdZIQ+RP ztyVnz*pp5;VbyWRFE@SUk2Yy?eB}2Dn_v2CYpV2V2a*|y>0^%oeen(SfcqxflWDS& zpLB+Q^U>x<-nG~CdcF1Ww*kmceP>v|VGr?_oqhI>9g_h&zxrBZ%ZDPrfXn=`_=_}i zRr>hsqh6B%Hch<3J27dHCTYBP!p(`0H2&dfMs* zcK-Cu8!3Mm1zR?>dc-@g^4Jow<}dlh6aoGkj&El>KXfL3-iG-587}W>y(oj;`Em7* z9qGbn?1n$eo2!?`a$TTa?^iqpy& z2HC=Z&Qb#ozd?_zb2WR!hrpFQ2`u>q6?DMCzg=#g)}9QHyyy2UAA9XQJ(0(q7%xj2 zX=iVg>(<4ueGc*>eV=asW&5-CN96Z_^ATQ`r|w)8kn!cvM}3G74HA!C7jEBfmB5w# z3IW5TwUW6A2gW~IFVJi!zJ(FK?CgH}v#xQx^9LSXgp#}(f)aU)1_G@+#aZbO!b2l(| z)U=d8Y1WrbgFfVq$S*5uedCilv(fR#A4rd5KMd z-JEq|#MY4K;?^i1^<2D^*N;55 z`$g{Ex3A*=wX0uv?F%9f9h!ctN7J}g!6-kmhYo#|pV6VYn!o_#KcCsuiXyPYk;@LVwgMdW(ROe?$mzdcwbR(oW&w2QFvcfWx0D^)wDf z9ybZ-?rYcmg>r*KUBua6d(!0CGj>+}qawOPdJTtoWTwFpB`NZ+D*wu&Dqhw~gAdx; za5Xwp&Q0FnewUZg(dA>y!arEHu*JVddNE!a;17RkaH4;}l=o}fFSMJH2ab2H z^ss#Ar#5rPmK;9mIN|T=+-ZMR`WG!eoYobX`(4*xe?2`0LgRF#0=kNPg>>pG?1}z7 zP5$!C=+B)VE$_6nKwHr(Fd&nFvFF7I(*<0YpMdQzoq*_T>#tWS9-D{5G{fP~iH&K& z(#6E*^5F3XF#6d);%p}{x2X71)xMfu3%2@K{C9req#FR@oqsF`%P`_2eUHiPNH68< zzPa~RCA`sr;7a|(G~VZd$_;Nxf9}ZdGgsa`0c-~?R3mg^hdVO!?ikpUKq`d_1V9a zznp)_Wc?F7@*LlQBR^$LrguCYf;?{ z8XH>f51hZ`e=eV-_g5SF>3HXVUB1$kVb1FDao7Ck8dXwoV==F^S_5R4q z`AM{4(yPV+cT_ORrvgCFogRI-tGB3E5w?HGUR}U0Ujw5Xb&S%qu=PjuXqIk zdE9C1DI2#gKf&ReKlD$6`Q=) zdXUAQtz|{W1P39AMaj{Y*M9_h9kML69_+OyrY$YAcI6eNyv*yxEz1bRc&iec5#0*m z)w7dUwJuQp(ro*S!--u+a_$=xD45Em!wNa7qrJ;CLDa6 zkJCjK`a+(|W2=|iqpp7DEqP3tg%CQIV+vKi3NB;(02ley8k@JFe+{IS4t}=mGL$?ye?Poe)qdqPfSb@Tj_oBw&h1GjlWz4uK22W z6&yBjW^N9Jl(23Grq1}*chCOb!Ggp0M^5C%L1Apk$H7w%Ko`7D8*P+_4Yj;Ox4rqz zZ@%%y8>i8cX}Su|dLMq|(LevpXaBn3Y@Z{*ggi2^k-gR#t1=~JL06^MoPo2SN9U|q zF=w8;C+y8-?K_#QlIQdBwk~+Fg?9?F$xbh}FaszTKA^nBzI2_outj-*3l)!EZKLMP zMbh%Hk24?W;wtje6??|h5qrkr1!ui(%b^Nf=%~yy9eM^i6cXKladzj%HOH)3yJlVC z&3YF}w~tt&gFIjB@=OmMHft-`*X~Q>30=u^>1V8HIG@v$VlZJ}l&i^Jer?ZmQJ$d~ zbUq*tTgti_F$Je__Og{af?jYKrPBZ^zy9;WwO{07Uzrz%Jnyxmf$R3g;wry<{j2HW z^zg%?2)+2=^p$CaE)U1BCHtP7bOwXVzR#H8wSBHzBG82<<^sC*@AqHh2|BkgZPom- z&Lok@v#(A%`NXj$bJA23H}&wo+i$+{`n^qD+P?Pgv3a)$WnOHa2)Bc>-dtBJEIOb| zy@@qjPFiPm;IPFrIFA}aUQQb>g~K{*v;IV;dUDOK0!O|bafJTtmVW|=;Jdi=r>U6MuZu5+b{M~v&&o8#tbh$1#8s6fU;0!wQ z?Vl!-hC;fs4)m7&7X>R@{M{Cn^MXV0Q9jAD4&W7t|FU?VN<*&w?`wWX7R4jp}cGw+Fi91GG8M?GvKmr93NBmgrNB z{;ml)=eb^V+1>5mK{Pn{DZ9X24O}1^xY%C`V~P$Pso@l!r(4L%Z6`rr4f`q_y!KV5 z;Q@{WoV0FLucs#$45V?t7UHr?O&96t^zYa*RFwk@Z};glWswx*kqc3z;3Xrba=gOO0he_F z1uI-N$jLY-d}yerR;Fqrz#Us&T4?aP|uCJj&yjYu^*a)V!q4q{7QYygaoELhD1N5dVu_T`MtT?N5ZjzMwNq`1dpkaVjkDTR zFPr~m<2()r94wQw>aa(S4;l4N`+83BJv=D)Q6NtI}Lx7lSZ0!;<4(}uH!XA+1PG;=vK++1X7uD)+}LKcq|Si zG4Nef7Ctr^zI&HOjD!uN{MF2 zjgv>ya@Xm_4ke}XswkXXe@b>Jjuh43iS7C1Q|4(n5swtp^#`a;V1&LPtB=5#cmDs99Uq4|UwJobl4ECIvXrNR`U zv4-ou&5cboPPCb{C4AqFe_V8PrgQ5mx{PysJ=xoGl6N(NF4{DYg!59>d&!F9_!1JEp%b_E5%zoi4P30r_NN1W^EGH_ zuUQ7u!xwGqk-En&-G9mXfwC<4wf<@hzrb$HQ<{40jcMxVZ>-a+L51n~ftGZ{>&P)) zgV#RQvs~z%$Ut~Gc(b4FW1``WwY}xqTd=E)3!mQJxubJe=WSAm-spFForz7S@ES^k zcQHdfVWRI`=TJ(${De1Bu;+QtpICp)at+o?I=osN9kb;zkekZ;M6hFDtfgbyJ~Ni| z#y2nhSuo3U+Nk_Fpgz&|wcbI!~0yDfTIki#X%(!KpDOi&47Z z%BN5^c=e7sZ{2&2hrj5+DF?Ue$%WoX+YYsZ+jWOtX!BN%1p=?u-MoqqC=KlTa$&Q1 z12hi0$jf%RUdCZx%?liP4h#8q=bBylON&kWcD3*9tf7cm2YI<`XG%M{G7g#f&kQOQ zbV!a#RX7IwltdZX>0gniMti-Wi*mJb{nlenv;UA4WwMo~R=yq%+Z^e5d*>aUw|Cyz zER#!5O|277Sg=?X2p!hTDw-|?A}`9pXFH$me1_^{I`GOc`11n5Q3uzw)@Hwe zL*^aXr&D^?bbaYxqY*H!l+*BN(7~%+JpIN6Z_sVj8U53Zga+|3*D|WIk9W9Y783HZ zIuYspcL^%?A))9+p8cFU^GDu&x3=(u&KanhdPJ_P#TM^_hFa@&er(iPwchY?BgY3X zzQ4Es-t>l_95zQAG1=~HUvdgB zu7QJAU-FGB!`TOmNH6&T9X78`YoW8ITF0x>>swKVpo52FiuSg`Mej8VmkZt~YY(%X zVl+5tQ~C|xV2eC@3O5tNK^J9rdcCyX{7n;)IKPi1(72H2eCs~_*`n}Fs^~qgZ&hnm zrY&^)%ic)N-zd9}j{JBeN+rCdAM8uR6FDqAuDU*LQ^zp<$uA*08vTI+|-rd&s z;f#xXkh@1D1WpEXsmT0qg;fY@~O1@>AcALYay@H%dSfCZ;GZ)2fMlP4O@7T z?Dk4eF6c_Re`8()sd?w=YxDiO!xrm(xSc-!m7o6o0U2GVOKH{FYVVT(0IWU9hS()(3Vd4$9CUY#8W4-|mIHC@(R(+9f>l+y_K* zoqh0vXVg)~aNu&Co{ZC2wcgb#Q#omseWz^Q8h^}Le8|E-9(3jpXd^G`F5>(r~q18)0#c>t;cD1*wm)>q%#aj%?bfq0<#?=y0u|?tje;Y)B) z&)3XZ)AjVtwvb;(AH8A2`d)9thG}#IdM!Ox6-#41gTDYQBQUtUsRL7=gw=3^LM%&A`3(R$a0 z=?fg4LgoA;J*BEpS;$k`q%+UluA<|5ZXD&ng+Wg)=nAh98HcAek4A*u4jnkpPmm}< zh1X3tFS-g{=wi1dyjE4m7IKN7vL;;3$vftRHyN0q!u5w8(+LAurZ76wn17^3q0) zpEjPbdFs@fSKp4*+s?W&oo!Jg+14oR{I}%sb6j8Hexntw=6~8oasDq1mZk`Hg0IqnDqn7lw0NO{yDB?zFbLG}dK7 zU5ovBZQI)r)tk#@0k|w?AAAC%U!2YwXDrU=os_(DqTPj9OqQ&?ArZpZlBl*d^4>?W z%j?#KvF&um0#Z>VXS;d9CKAkldl&G`~T)*?FVEt%<~3WqC6$c@ZQZahRIb_ROB~Ptg?O<< za%#`y-Jg;k*6#rVmI@L9JBe=Zj?)9N{8fY+LIe}U#JGHrzf~`^xUEQNOevxYT$Oy zf_t%WuNK|L2Hop3?wAJd@r+yF!10|7c$;+Fh5NSJ`$D%%^qff>)KG-x68p~6Q&XpO zk8s#ja91h(Vaa=Q#?c?K-ta|DRyfN8okW}GY7O3BqlUQPJ}>;ANkNf!v0w(*-_Zbf zi=NPF$tit9_g^dG6B#$E=Ua96WXt^x+^EuVrH1<@9nVzU*}Ac1x8jhuNbqTDn@`aJ zlaFLxaPO8~gG%(v8n{mgw^=*kA}7m`Q5{Z+Fv^-b$Wr{3xdj#L4`)^j){_6?;9o@%DckwAWK7{^3+1JEvQg^g+T}pct zPkN#Id*KcV_o4>wWwHg_jt1@p!oB^-l&)*wJ}cbEL|5$VDegBqDgDX@%}N?{-xcl# zIf(e8_a2pRA2cva9_{3WAua<++y)j)^=x{M5m8R z?`LI8u^Aj^*(Xn~(|fFN{EeBjRDd7Lyi#X*o220T8HY{(S-#qSre^Y@M=!X)mJfC) z-zFP$>!tVIE93nP=#Ez0QR0P;cQ(Lb`vtoHgVz0S%(%^ZK8gEW{pf=31U*;j-gRC| z`x-cb>8f4RaX%LB>xy_~gAV^b^L)K^ka0?8`iX9Q)x^;rfWt2ILia|c?MCrWHgJEc zwEdl&d~*Z$_Zioe_v0D3WukwEWW7rZO;={#tMt@q$aJeJ^2Ur))+Fu)Pp``h@ST!( zrdG`L-}Y&mke;Xe?&s8X72MBszfP5`_!-;*-IKzV`U{S_`bWa;(3AAyIXt`={|UQ#_ed(ygv`8-MuQ`pOcNvbc`IH($8NU+MK(ErJm>j_XFLp6Yh^1 zxTlKuyTXk(aC?QjMZz9#;O>zvZ+=zX4k1r}U)H#r8+5-X+)4kwPA_yH7jCC`RW&PH zz9-z{(oxa@-4?Y?dqlS;)BUQRFVTJRt0k`;yk`m)=)Ok}%aeQ4ixp4(ooe8&kv!U$ zw>NN~6^?RHY~GfT3QCmS=}@p__r?z7~VtQXwRG$6tU3wPW`!ep42HnllN7=nH>xK7A8TUwocZ+O+?$L}pO?02?M42pk z3GR!t;C_^GTeDv1&X8Xo*ix4RaK9rQJ`mbApRFf;?rK4zq!--Z3CH;5(+#>^vX8p( z&kfv^^wO>s-;2a;-CdGb$^kgWFW_F2dBL$p`0P1#UeZ3FE8N1{qu<1*mkaj^-EXP$(;D&h1c&-BP|*1X_)!VStGnQk9|TQ>{cF|*KZ6K?%g zb$Qt)-Vex@Uss{-89P4D%%H+Jfhv`W!zbM zeqJ}}oy<7O)qm0b*;8s>Ra=iS;VpSCRFZk=C8|d~J@GRaxScP4BJO=^Q+tYo4w}E! z&->mVXATN(O!mG1gLT@V(`&xQmHYrVB^TeScEtQCBcJPWscD4jiwB{EKisg-M%=PP$7s@`|s(eO320!j<|4?z_5= z`m^|sK;iwKaL*8KkDlN(O!KLYqd!{b5jfi7nK;Vl@ekE)r;1KO-a`*h$E}mi;69>^ zKnFf}qwd`w*N?7(`yJ73le}I7_a5OcpMj$uL09Sr@;;R53T}mP^egDyttUFbottqx z8@Ol8g1crG+^=Wc(;K`uX51wWoSGo(EoBY8`)0xYLB{RSv)K2=jJvLZ`%cDP*}(nR zjBBP%ukJn}y=P=xGri3D@JmxK@Ac2b%~yWS#4XRbY4T>Fd(kYoe?JTE!C7#d)##(Q zspI~PYufy}PS7>|a@Q=l_h#I)8~$6?|3n>sG7IjNDqPso z-^jRT+29XFqT@vkx}6!<)O%UR6~8FUeCBO~27HAV9DUyT!j*Cg?kP&!N7cyeQ<$;_ z?grtYYs&jg;TDLl)FZh)Z4&V#qFbXUyx?|bT(5!qrNZx2XVc_eto#L6(gE*k;clHl zcZP72!YxvK(eZT=uazxj%n$E2+4qw#)pZ)&?u_eYUV+xPT*zeZxXJjFmzmEO{Ys}PtPXqUsQ=_;@&(9?)PWGeRUSx zpU;A8&!YG7FFaB2KP%s6+VVE}Zzk>+v(R0n{Fq5MXBOPYX5n2r3*852p*yXSwpP-d zUqAGhZ&nzeg8LotGx}e?tA5`%>wb$dO;`6Tzg6cOyc|wF{M+^X2pr|PiK7hBAD#G* z)63eQNXIvYJ5Ti3A~0R0d;Gigyc^uUj4S07+&jhdR?+>H!tkmI@?7Jr@73cHa1ZDP zcZrw^oy;|EYt{?htqOlkblV!ZKg~E5-->sQ$L}P%x%Ekn0bfv z9M!${2lW^U+_G74M`c{;d!XAg12$eIer}8@yl5xE&4LBeUSXKMOB~3;UXS z`D2VTaeUZfChj8P@Jq={Y<{V5_<;N?X?wXU7rea&?$%jw@6EWTEkhc7{?X6swGrCb zm*_rL^44d0;8rOwzx`OP1Keie?)_n1Ucj9@3*8^cX6Sl~$7bkGS7AV2$s=%=3pbPQ zJ+t8cCgUz?$op}Yx2Az(Z+fP@?SrAWN%y>rD}KS2_hnqKA@9q=&6M}eS#Y0_Prt47 zZfx-KwTL1Vf}zNd9Sz*qgoAEh1NXg*D|MQ5{3zo}83K18 z{fBr<= z9gjZ|cgieu@1KS4le6d`KYB6(pK@XIOZ3~*vxyr~-I|Gexjv*e6Zei;aGPhrJv0mM z{j=b{Hw$j3aHVX>OxwIrA8ws#%Yj*Vmo9Bp^_O;ISa-9Zrk@$fxc9cE``|w;f1-}h z&Vu{LS#XavaOg!xb3P63%er4Q(W=_Sj^Oikze|JI(vE}sj)-5fzNRB?sqWu7rd7?4 zWV-kJnrYKAZ2B$T-_n4k_z&DYx_>rarw!aZ3HYbYwO(+{i8pA|r?j!)m>+*$xKb~{ z{Xn>%3U`UZl%aKcQqPcA+7h0s;%Vtgb$)=O4+VFO!tjE-Q#gFjRdB3D+NXMgBRvas zlQwt?4&Thgt(}1*J(PogmEIfmgqQV1LMk25IGwt%}@ z;n646{!ka5?%2IRN>=#O+a^9|frb2-+hrG!K-Cqi~Omr`6;0|V7vwgl+iFv<-7Mw`ZGjt!XjTn5355QfKamDxG zUY&7;4!@kJ8(Y4wXYtN}V6z_>jg-+$)4zrw;r&#bYyczn^h?GENWs;V|h~lX3Xq zHr>C^U|d)6)epq`qVrqTz8bMV5e~nU`~XLtp^aGI;N@?vHQNp74$rt=gYJk~=+@4H zQgr6~Vnu+PR9wmP z4HED)~z=PH?thvFWkIm)qYk{NvFxrv^hhHLkGCk`uVBoN_hdtx6)tv z?7HlNo1+Q=?&%7{OZ_PI^3euvX1$cE^fcX zSeFfOFA?3E7wJb=@yn}c!R^hsQZM0sw{U~k)cFDKVc~8RZd*g%U(JI1l5jt{Qa=qk z%FutO?L7djsLr?XnS1Z<-dz@0s*8Zk!h#EeELK#MOVdR`K|!&vEn*FJY~fN=G)9RP zqcNaZ6BTRpXCrnKjXhBl6^$*nVAtp_-}9U@=e=i+-~ao!S*WB1I(#INr+43cZA*b?PcGb*BZ=7#{KwTzdZ!y|*={%=1eUiR08HQ*! zJYq{w<{P7YZJBdyG2iH11cCA>e-p#Ax)9p}*v%*pn-BJl=OgYGust`%r5$@Bux+!A&iIK;?M`9y@jXuPUeQ-+Gh~EFX^GTlHfpF;=F2BUSGMLqm*e~#N>Y2_4 zfRwzA5jVjxb>>EHE`W6kjGRMAUJysmW5>9}jzSm%%-WRxvI^naIh8(nufdjM&$#4m z1_3?Lu8kGgsleo%j=W2NO~SZ|_O@{spu8^p){Q~Pn~a~|ofk(}8F>Zl6NDF_ANPz) z>>z{Lbcy{DVH6gat}+y2+iPl|oyoh) zU~(+b23+?0OQek z5V(FI`%jX@bW!eXi5Y zH&{LP7a%a*qXl+N0Q(LYZQmkzNWLO2`fidohhDY0xd*m9IH)4Yj)_T|`z~=m^lD9Rm=Yh3h&vY4g5<=S}l{}6eAMmh! zfo=9^CGT)xHv*ILE(dnl2hLBK#wvs_-mb*xYg<2FDeq2$9g4lx4_%SsT_Ui*80;&9 z^}(LyIUMDi2&@6ea&3-0+JH7)fj!e8Hrrq)3hV$JOP?g~RD=~s!`AbSaDI{DSsx-s zKixs-LhN1y=|jYxM3Da173a$lShp}mSNaiq&hXY@Po0U;uju2}*NDNy(LFCXn|8xF z)1h6Ov1eRj?;^0ySby%0^MME~kMpr7kJzsfs9(uo9K)T3@a*4Q+XOY$SS9z5O6+vt zZ@lLGp1gAmW_2OPx=NnJt}s}FJ#`_E^^!bmdt&qe*(=D+1%3_<#>!7et~w zVqYV$z7-6Hm@i< z^7fdSO?R8!v-$WD3&aWHNPm6?JYQ#~;bX7umW_L102?;L@t9XC*nR(8MSsrub(2fGu>%g2^7o&c}jsrFmSb}4VVY->YZZQ~KFy*0HSG-q6+-h8>ysret^^Kzs z&ZYO1nC`Xc{Qq`HE`1K3*kiyLcb19EKAvNrdnUQHC1L}SuEYSTGMavv%ZJ4_4`4qF zV7Cbj;?;WRS95de8Vb|h7#H^YSuT1RC$tqY+I0Srx#&cJaUDd)3%>;9U-k_j?)zb}O(1x=a%oh9nA;X>c9noOzY< zIF=$dK*U8eoWUjo>%OZSM^L{TfN_3q$IrxCF@SvY_*}XMK#c#H9kFJS#_#~PnZf+} z@d9qbB_=L*s?0wS7_zFycC6>m7#=Z>wSA0zrjHHtum+sN^&-|myH*8ArThNrE+0(e zB!vH-@BC#0oO5o?v7XHb%ZmP7eUamF{{IWZv;BF0oKxPpmpdNIrOoi}#h(5`jPoct z2IkzO(dazS@QBgxZeHQq2lWK4ADg;5EAOE@vicnX%#X|V%GaeXfIV<`Hg5NO zvRLuHY`Vt*^V5Ckk6GR!|C8nQ2w*=8#ASQxr@{8r&)f0`v%C)j*suPS)$jWNcGV+U zd0zwb)4lc4EbmtjXVZ8Kn4b^!0TyFl%RZj{Rx#GT!G3G5!P>E>zYx0`VdM3=bnTkh zEeMR;jy-wQ^CgUFTJ!mIJ(k!6ENl^*BY3+Rtj%CZUah6q74qrWjM$9`4*^TCXBx!# z{J4+dmZ^HC_YA}1801ofvug6`b2r3L?W11!FOw1+Qywu?gA9ghkip=#84NC!!C>|b z)_`%{AzkxnSu)*09@YwsW2sJ%PsE=3abupZ29{uNZNRnle!cSPw+YDMI7wn$J3Q84 zwk_s*$83Zf@BxYe*vm9F8|u=)C6(@l0%IEe@WV2nVd4_&gYXg_7?)+47|f2T$s2C4 z$=EYpj%^tC1H9a8;}S~@X5$iLT=Hz(Q8=gXF5b$;CDvpx8<*G!gUPsu0lNw7qV!Md zas>9YOPB5Q>9~m)$7{C>jL&e>#|BMw{)|&?tL^gXc+Fzp17o>LJMTU&%j1Vg5|4La z0Q+MAJ8Hc1E1T|p!2EQ(ma^%dihTII7l8S?Y%?i~{U(6XF4m@2m;B^x-1Y$WU;x{2 zN;d9%f$f4swnEr_X4aqox?4Uo2HAE-)&`dXv-QL3{PR7s={^jMz9`GG&ny?0b@o7n z)%)h7lHn0M6k+%M9CjwoFGM)DJ!`9R`()Et1U11 z+yPnrb_M3^vI3ZImnV=npEuy3th_}5?Ck&+vQ^u`S$Wq6u+9Ls_aWK1cL%V3hdLhD z!mdX+=;!(955~^K7RMS}YB20nd+^;cSv%h_FN?i=To%g<9@`<#IiESLvTb62dhF>A z!>LMl&Z*h*SOd&2j}0KtFSq+4FM%BCLyc!-v10?+MrS%(SzV3<=BN7rFq`fHAhJzm zTWm3yGx`{dKU`<1#|d@W99S7)gI#m!x0;AOZLqc2Tiz7J@p%^*%<^c@8Nh~Zf=(Fy zHRG}@&qJ7wmztJiFKsa7=By1~|3eo058@^!F2t*M$*2p*6O^}80GkGk>lx&&LL~C` z#`%T@vtu*P*V$j5@IS8anP_nQ(MI`0gQ)%g#I#58!H(qg{O|M=_ww>nqj!PFAcvw345aK=9>$ByHH{pqbr>>Z_E4<6u^zug>(&%yb)M~?}u;S+jfZ9 zzme$+as@R{vT+N@w2v(TR>0!zQlksw(*H(vFQ|9P85iQ!^8(B8AEPHYCdQ52**yxG zvD8xmY+wLe7Qpg7v+}kJU^fOZ>f8*Sq<$v^cxwg5JWNE`sed88he7NKgpCFiq7&i& z)_z=PCAJ@~S?mg6zrg=A*&whNfxQDB>x$(ah?DbxH42R1?3y~bkopkQt%0#uinxH3 zorxtlmU*ikn8lc`&ttki_BAlyR(m#Oc@GS681di8rXo5$QuYYzqILiUxJw0lV>pc6`!41uxTM3+Y)O7?=fKPOBlBfdw!p0|1pIKORXt(I*$JYtZdRH4@-_2 z>`7o(|IV#Hv+f^=a11{0Y}*ZDFC+XN82dV=OYAeq{^wSObWMR+8S?n-?N57~ko#w%Q%% z9J{lOY&*$u#88Acw}Gc&7D9=&l){fNDb@Z=7KbnZ-SIpWmdqjR>uB=!!l zexuMf;n>Edt;l=KU@(*V&fv)<$0K$O!ZpCG?TM{I=rN%Xm9VEgVs{yAKY=m7

    B z7xr5s+ysn##wE58p>bj%8VQ{&MmrO0F&M`cO$hRtcVb%yumOm(@g(F8icww>oC6SE z8s}_EY(04OJGweejL#R32WHEI*zUlN^RRiqRsn0F9FxZFz*y#M4Au>M=5xO`SGS0* z31H6{%$5;(uN$m@J<}k@GN(L=vHv9|<8BzhP6a0IM|s_$^OsXyJtuZ8Fus3j^Tsje z1_*qI(zXZ0XnQ`>Tf(0D5u1#__b;t39Cz9>N^nfx&e-$%oztAo#F(CsZQ)_t;GE;h zYLsOed&=v9{eB2+H+m@jBPQor?983h%Ggkt<%IVHQ0&RTi!J| zJ{NJX64=cKvw36O`w(P3BKD5q*|<1WV}a>tpA#H24Q|L<^oHnbEq2w;S>9sQ%N7u1 z+-*0@@@56FR|4330qhoxBZ?*s>Q+MFw=4=doi4Gn4c3mm)aBlvWp%k+V2sPUy8q#> zJlJlr?h!-Nq2yKJ{4oUe{3-TK1IerTDs`cs5TiWWL-L3XMA(i4G;EeP5yyKTS5WN{ zFsmnb4NZ)7xwlPB6@fZu> z8g*fQ7vlKsMXoLoI~N%9HW|m{vCW}x5nFatcu3q8BqQp)znDtX)Un8*GY#U4L1pM%uQ*&`_)8Ml+ zBd)2OAAJmr`Mpu_dgnCuF0R?QX8`*h;w~{5OXhZjqgLSv*T|zyPe6G0I_IavRw8V7 zeWmRuKn``WI+MqHK>Xg4wG|*`n^Rze1jkH+8)(rU0qh^pg=HXlC83LrI}n)9n|?zU z8v!iwXX>49 zEJbVvejfL*Gs(NljX}se&%>^TJb&>7fE+b_P)<(Isz z5$56}-?n^-alA`x1@??f>@x(uw=FR~*H^cOUgvl@U|k<|`DI<*2Z6d=Wq8Dv8SDXp zJ%NEb-|x0M)BoxbWLrY4>|xaJ9E3k3UD-~K0amlWd#9Sb$sUGNmA{*w&6fE`0%P3$ z5!OHF?8kgujSKmg3hDcP#8@v?dqqC%$Fe*Wq59=Yn{w>rx9uASFwPGSySg%OzW}z~ zt4`xJo$EI+}(lAe5bN)p8|||lXe~sjL+OP zV{g;l9>7itVB>^5+KOXJzdYE+j{eN0LEajJjm6&DWh)%>JAAS{{sN5owfzG9g?6TI z*m_CqGQ(Sez4fb?4c0EOFAa96!1grQV+Nys9J7x5p;G668O+YR$$J;U?;F1bw$+cW z&NSit1=L^WV-Aj~AN_**Ke67G8~uj;3wiUfC$As&Gm+3?xhnN-UW@U0)^1Z>{Uwjj z1M`_rYg1x)^Ba3Yb)C)&l1>oAhV4~1a>m=ac;3n&0%cZK2;bu zyge!d-{!y%P|dYW&Mx+*Io#G|9qX{F~4^p{7=8C^f?M* zgYfeVK7uOkJQWz*9P7JWgDSwLqc*Ba*MW)k1jg?OpMhiQLTq9IW0bA*xNWJPhzhIFbwlDaqkcC9yB~#f0-_Q!%z2yK-{YW*!h9D z3j@5P1K6GcyF3m5^L4?aW*HlB?bWx-l?I!Sw5&}p4Dgl#^V2vdfE|T$_0zzu?hJ-o z(;0cFLRp@{q<)76c>4sfZQy!~;Rka>-gX1#>&O2$iP(vTHyZnwU}ySnEB3St`!Rl# zchIb==rO}1#`V8wc2!hw{24p-u0DOd(eQ{J1UbYGH5lideC~vEXWMoXn`y9S?3pgH zy$xplnb_e5lf0LJ9kEYU+8%6%^RWmI?^_kE!k+So9gi?=zpC_p8L_g#u#A`T{tHaz zgFN0tU|f6Og?$_AI_+%BXltDBh;ZP6uARiGYTx&1boJa~d9*_bPN*NmtLNEoKg8AF z0x-(_<)My84Cah>{Eh1`i6tlx>fDSI$|E)om>jPWW1GDmH-}i4E$;we?;Pg*1(%dQ zFF+UDu34-Nx-^@(7W*u~YY{xSnYt(O+~F>796$F!kanhiS0FrobY*_;1xB6OE?Awn zgu%FOYkduul+LSG#*;v-}fw@p)vn5;2)e>m5$+9zU*ff z{?hejjQa|HmVmA4HP;&&!y2#oh8IA*XsTvBNdyfACiT?EE7IF^^bX5;c(Al#TP zH=f-LEWuu4hXQLc7&&JnP#*g^t25V7xF$2!VAv^n|6P%-GhNJQg0akT`^9^DHi&@^n0Cp2FKkf&>?wsr9bd=Y(Hp}Y|%-3a502>m( z9t6fTUKaWI%wT1K@jJM_e!YPC>9z)VTY9_($Q^_r+fHIF2(q0dwjFWNwi9DN$Tl{? zp5;r7bGl`JaM)y=(+~c9iz^S--`Oa0-WQVf{8C`sA#NkCQyzJb2Cyx0VgK8!qLSdP z2R07(j=vIE6*_g!#bp`;4R){K-2u!`_c*u|>x{kk371m$qRF%JdIF;#FpZ@~9=VwtpkGEp*`+-C|RKZ4K;5zNc z4M`~9NU)dKsR7=WH)rF1_4_P#e*k+mfW00_1tkJtkN>>FHY`m2*ipS&4?@7K0sZ~gQIgS82)0ddKb7~fw#^A+bq zl*jRb&%4-QGL0vIMXxzOVB8OZ{nNvK48$D?vY*C5z`p%QrMz1B)x&R8Vt6$mI_=F$ z43B0<`@U6)?Fr0J<5$3rSX-IjtAM=>OxE*TfL-x+CH4TY$zI&2fh8XH1~5O}{{Y+a zUoKsoMkR#hz@}l(awGN_0{g+c1jhbc>P#Nj%%v{G@EB)>F2q&<`{VmnXlu{{j7AL1~-jEhHd6_0Ja z#g+!Jiv!rz0qiCZLl>i;BfuEWmM^ho2wYd0Y|`8n zt4`;p#2x~6AL1^>G3`feOW5GY`s(O0UqskbT8qoL_?QT<_|%%^~)O0QLzm&bMY6oyp_9Mdrgk z=S%E6gSF`qJw&h0bGY`XXM*V-Aw{2IQ{=b{VMuV4s$K6{bhEFp@S8QLMK95OkGO#{7RAO8s zqdYs#A+J4v;g)!Y$N9n-#I-sz?h0Td#<{!^yAId~9(FUZCg_*oI&HuWP;|+rS*&XS zn;F1LW1Rn4dCNv;;T5^xiH;vxMtIxV6gLryr+OMT|3qTJ^H)Bq%Q9oOzQGY zfR{(ZNO_Xi$6!+4-~f;Pksp`$A&A-jm--zDjCr$t88P-R#Lyh8{BkXVYyZDLv9dg# z1a`y8=<^JZ{n1zmI0-yrZ_)+~c@?O+lDh#-Q#F(ew0-Fz=SZ>6qa~uAHJDXo(Rk%(}mL>h_$rhI`PSsi; z+t@8oR+Ptne@BFImsO|Z4Pw&`X7fgD_W;J{6b4-5(jc!Vu&X_c_ZEMDQ?+WVZMt6r zD_+Xp)ag~Fvx+}qi?D|nkDP@Ww# z5Zl>cpI}dU#6Cq}8WKCzq#-eUT0rT{a%Nom#&86=7D;Sd1p4HO*jpZ-d+>Qz2CxqT z80TevT=rXszUanWOc&jv!j>abHr?NOaXH`jbtcBSyi9`_pO5gddjr_N16a2}x|;_u z43jI;fGAaGx_#x!(qcdVGK&ogV6y^oSACw1`*abF8y zT>{vQ0JitPvhtcf$YO^Fu)9CX^7uky0t3@uxS=?r;{v?npUm>M3}Bc1Im_EqV3fZS zf%nQ+W6yMnaU4r*KY{Ioy|V784Q51;sq zMs8J;&JBp=(3TLBad}UPSR&+I1nh`SD|KeS>hm@-ShI-BwK={|H_~8RV$XTw&fB{* zh;d#)%*G{l7{an0DtWwr^z-qRJidF#ah)wU#@*gvXW*E2A$A)uj`i4ITkJ_-=bY}^ zF!J6uym^Ahb%CoVSL$-K!E77LxMvw`tcZ&x+vuYym2vMiSXuCRpXu2hEA#e70OL9m z$ESyixcdX!^3=+FoMLz~9}B85cHFH}m*obN`M^@K;>mpc1=#*GD&xLuFqx0_z$VYE z%ttM{ULQLS7{|&oALjx)-pdES>qnl%d;wVfr~0k=3^&=$$T6HY~Ae2xThIR z=HpUeFX2Dgl|K2q09I4Xmd7Aq|AYT5xFpJG8^e?Nn1D%Zj{_@p*~efqA14@0=Hpku z4r#B9d%eMAKK=x3XJlID<1Ybh^Df!)*ag_PUOo;pJeiMofE_);wY#hfUjt*E;b!aG zHuc)a3j*5+V+B9%7+~~M8TTY$^dT8{9}L?3xVHmaH?NX+83t{mJ^gM1Mjw)CdRxs`Tf}4JLK|1F#vM&MzCx>c@H1ZxJ}AZbyO8e#F>U@Eh^tOg^^4 z9xfRT>2Q4%ibvh29eP@I^dWqhaT8#_LO6MOO@!NbDRvz&uE+Aa)-yB1n0}I2M!gh_Q_Gi`;r0v8f3B zKRb`c-pV@?$6U{`zDC}B1exweI3I#g-|F-uRzl#Ia4z7I|BRt5jb|V`6bpKz$lNr1bZ9zOdQMg@sT(`9D(_;=@R4Eh#2$8xMQ&2 z-e5lp?0OtiUaP=3?`GVw0^0}JYV_UX1hxzq=b_Em+cY>IB-So?Zve}|eu=<%PmX2T zA~3#>E!W|w^Jc)Pi;X)7SQ(-Fh?=zjCAJcQ?Nx$3bs_c#1hzQ?3^oz_dIXL|3j#xP zuQ2RXT=E#7V^JA*C@}VUGVXALVVB0G-8j~had!a5K2OGFI!8$ujOWz%Kkn zWnB82kKGN7{iTe1KQQ)}5_>p+{S}z(2g#@HrN0oHjv(s{u{R9QrosKY0qi4SJ6-I? zSLFT2!!WFf79qTlI3BSx3|7RRK1u8bge$;n6d2{PjaVkIO;JB~Z$^KFJ>#++X5Lso zY@H!?CBh^OW>;fxd7tB$y0i+6>ucmK7xJ#PnBd(DOvc>;*Qoc+e{aiII0cLg&4%z7cyWfN^Z*^Ckqa1p(~A0QNqxWAeqc|HWzaF@Ct-Wa~aL zK8Hdc{h$6vYz#1;htJ7oc=rW(&3Vl$3wgtV`SQ*Q@XinLIt`C)nbnW)X87{(`nb|h zraLLXJKyl6yk7@+&jjSX5a9L0c-^-jUSY}Thewt&yq5yJ$FUya%fs?wMjpD^3~ygx zzFlq)@a_rl{$qGcg`K|&@W!Ii^!3{wn4j)x0p5ZD?;*omD$;#4z^kpzrrQmepYDZ* zC;i}(0PoQN@2LRqs{rr&0FTdd(k?RHZGrjv9UtJG65!n$;N2PEab3kPkFmh~bk8+B zY3B<9yc@cP?^nD$$+dqdD%DOrG$o5YF*%D}F(Hec8IZShVwSgaTNW$qoW+`_X0cfT zUhipH-k4po*kJ+Q;k#yehfL36eRs@aU+t8|asuNRWM>3EYw!ss32f_#eTTs3SzE9t zhUQQ`zsq|GGX!=JjvriIOxME6o9AI1uW^j@%I(FppJso}c@D9W*fR}cHz7QES23MW z6Z;I|;k%3J{|~GB3SiIQS4_XbgsP#&iU<6=5Vhl&@`xn}{&OA-@`#;}pEXZc^7sr3G1)iry=|X& zeE?f+uvsFFdkmHs3|&XW{8C=Kzz#FKaRNIW{p#H>7t``ZHC5#=?^SXv+8;sM6sIbG zJ>SgQrPniA?DfAm3|)~bcg~&ZbF@_t>~Wh&jrohv(_-7<_}~9_`5=$?W^c!X`Ey0w zU4ijAlsN+XEsj6@tkTZ&f$hG&vOE@h7*18*HiS3HvOEBIuUu_9S3{D~pAfp`Yb(AT z$osX#mSQjcYbqmo{8mocXG%PkYfISx1MhOT~-ho0M?ZSKIr&QIZ^CKj$?gcWx z(q9Gvmt{%b3qc|Z4bIS6>ytt#uxi3YRn5cQyrzW;Fz)W;}q z=W(@B5$%>Owj3tB0K2$Q`7RmL zc+6mB99tW_3(VIK!>CNU)hKwM*9DlbA71f_SiZJBWxDqp%=Xj7o-o+aMi=aq54~_` z)(=>|iN|BQKDKOL78`U*7JK>REcV|3HvO#voi2-@n2C%Myy!}J);MVG1 zjNg|H0q(bdyobi`Wn2QkW|=eYo(Qr%#Z+HC@BR2?wdvX`vF#A&_MupNL?p%~HXGP0 zm)EBKG%F-~W^PaXj;D1esrA z98({8Q*E>c$JCGh^$Eh6eQMMDdBpl74Yn^UaBO*e?)8;Fx^WnJ_3-;Cn7G@%f>@sb z_LRZOLf%ODGj(ne*k-^euOzTnkZEFUr>V>F*#8!GVO-lj6I%^T>Ozd~a{Jg23&_7ASAE!0@WG!mQ3);@V{hd}k^#JYp{( z-1BN}I>tO4=NRTio4x65N{r8L@!O>HaZLTV0g5*Lm-82k-4Vc!4Pajeu=iGG z1_NL9ZEgDOGhV`{z| zGFLIA3H99am?@Y9tFm9X-8|Tr-1qCa@^;Sy}JVQc_qUu3wcul zymJG*3j(~C4bRp$s205z;PJg<-+p+7FQec10B>@DhtJ_xw0}remHD-Jqdvj0tVd&W zS!{Wn#eN;&ZBWSa&dg`AV*Yngy!u&qA-;rTX{&|cB?cq!VFb<>MhYy!1s|IW zjNeO>Jl-eay4hVK?l~r|?H6zw-GCq2m$A>g6QTe1b?LK%#GWb|G)2!K|%_Jz+5R8RQMaK0#QpXI(nqLRT5#(=QeBi2dG^N9^_hwh`=nfw7NTfn%mijL+LXy?~ z0ftWsMUNll%97Y*@MQxI9n0pyUkl%>&9!u z_%2zW^IY3WYy%VudE9Io6M)q`S&SMW!(w$PH?CP)TQTlZV2qnUE_vLba&!?M3Qn+> z*m{AHGaiBcsz#g-M<4RX zSH}YL$0a8K^YvqS_`GWZyibA2eBe~+^5|Vo7mFQtPZoRf?ksla{aGw}z+s~ykmJtW z^Of(Du-;C2ye=J!(gqhBjK0KjBev3Ds|`jQZ-Bu5{40Zzw<7{=aE8Ek!Le^EmeWU1 zRgN)F31GhnU}pue^8?u5fcd)o1DLN%BNQjEjB7T(94q_0sla~ye5KAa0@z*w?0^8q z`$E2ce3r>i_eH~#`u#n?>w-G!%VWLu}YroPE^Id=5(F+RZK z7|G`y7T_Hj;QcbdTNdE)dz-YM)DQpdcP3rFAMf-28Q^sUcsW#JKObBV^UJLzz?&N2 z?Hb_mo2b4#epAy=m*Z@o_nQFk{s512CSTs$0p9xoUJV*8KV7b4`tmk6Jn4U913df} zFwp^cNea8vpZ5=7hX$|z0?gOtkA^38c_6^Ur+t*Xr9zi=0p1jhJDKhh!P^;_ zpYCeIlk)Bk@V+-ZSqJe+ri?rcXEOS20?beM7ltS0Ee`N*3GnU+@ZK;yncsH;yk;x} z_;$gox*7fE26)E=c)v3|S#GNWyjKFe*8{w&qSjB!s{`iSZ@U1m6yO~d;LQv0Rt9+2 z2YCN5JZa~(0bUcPLB5@b0rT^5NPvgilo{S*0p8OAUT@6r{B-*P^V2=i@Ro}DacY2f zUqIeN0p8~UdEW$hqcJF=elp!Hfcg3zZg|qpM+bP<1$Z|Hc&{0rtZ#1ycsUHZeEZb^ z^Yt5Rcv9Z>0p8(;C;j>80Ppeu@2UXruZAb>@=}2JWw*+)8H!nrYnJwNV>pW)(?5&d zvSAjRw?P(b3CKIGG0Xc~AdN2uW_bew*td^oc{eh zfw;4t%%;&A(C_X?v%Ika!;nrr7s>lzhvL|d9f#vsen;4r+c#^SJak3s{r`Rc)g@gs zBF6Wvd~8(!!*Z7TE^#xiF+`M(@Ky$Rj|6y626!I^c%KG%-OPMO=7VcNzJ6N-c-sVc`xu_IAD`*)<&^`x zvjV*91H9h{c+UiQ{QrggbiXq^=?5JF9{#)R=$py)74xmZ0c>~xn+44G-MxYNx}0Hn zQkR7R-fF{>D%S6;Iml%K&eSz&vW3 zz&r|%{$=Ey9^m~w!24%_w=p_u)(@#49#P2T1GnB3Z>jKu^8>tR0`gu6@Cs($Bjwcw z<~x=3Fy~V@G$K8e?1<53KQNU1aYkQzZ;L=^Gba>9=Bs}8J8Hx z-o*T|H!*+gP3-^gvG=++oJ~2V{y!ai^PXI2>^=QWClBIO-3pbj#8^fn5%~Yq48Y!w zsW}(wKRuT|2RaAmoG=W!yF8S?tyT_NzbT zGWWs02ZknIrD5YVQ1fZ>CBmyu_2G(lnH!3Cl`en5;#CWhf9pAD+wW-**ceX#Y2d-ULa zE+_BH_^^fqLfq`)ThbVgjcP+4N$ad1Lka%ltz`BO3B2eL`=&|3eAP2uyLWKAj^a4;-8X7 zdvOgO##0;5**5i+3`yaVbqPCWq zjcfS{N8?xD)%>^Shnn?>WNjM7`Ck2VJvZb%Rr0uA#9g^zocgAe(|Ka9l-oZy6TcR# z&C!6x9RHZ6@dG><)g@}cFVi62#cX*Ph3E9$=I^VTzb`a@kHgdk{0dAx^18z4qHWO9 z(9$rx;l_p$N*?X1Dm^12cRcT>4*643N7RpLBbDM%_19dqI@2@R!cuc$+Q<2QvT9WV z#Iz4J6nYi<7X}uhf{R-ZJ2FL`59YVWD~&y7qcNr3m?q0(YBY7~)Cp=UxioT!*-L#h znl_-XVH@&tame3_NmOK9WE-W(f>ejfR;K>GJ;?Y6j$;Zt8{q8xC001t#`u!#UqaY z`J%XgaT5L}IQuDF|5#gH-!s=!)egWGvow~9vq3Sgi;HnB{)lN^3c0Sis$7A8z>J++ zRB6EwE-tUu-I|9zF6#1#MZUgmHv<*aAW%1D(%uUnh+P$e2`UBh@&Bf$9!B?%Rju3BjVb+ zX)&E&Rt`$+aaFr}X=9H*qTMCll^Lv8n@ZQzBQ}CCgtmd!nf<$~3oZ@B2a~$!y0C~% zF;dZfrEQ?bezb!tBOKd}aVc*~JjH-hlrC%!dfa_*kGtEWsDxuzMij+O>!Bo{I;YI8PJ_B!Uzful+`KNQ`e|(gTAeIi z+gVp@;kg`duwpPDme(tqTs0XFSvb4s@lqX1*P)U{dU8DYg~?DyG2* zjV-P(78{D4jYSo&lSrx9v7S675K%id5i--*DwWn^2ciRuvrI*8D0Wzlzy-6DX$eS2 zPZQGVlqfU9jG20eR4N`Gr!qTK2DGMDPhk(0x*E68YcPz)PPf`T=Xi$R!}(jEJ`D{G z_{FKiwbKw%8~Gf+-OT<+9l-`TCvM6HLrwPh*bL4xAAuk@@|ixTbb2<)11-n;DwF2M zc&U61!J8aT`B7^@Do z{?+J~x#jp{_}p(kWXOCw;- z!JYA|HsaO}NEh8Hk~e(Y_HfdMP4ywvGiXsgB|7LpR`7D5$B6 z(ue6{Kv&RLs+pX$gA$< zI<>^2rDUt7RO)CAGQvAr#Qn7G(Q&cVbki+lcBTrY-A4yHE)+-{ z=P-LKU{qL*&b1F%!s26W2XZd3J;bW*cb*a022>Vf~apm70cjNTGVSKO+{hR(!tb#Z;JTiiWvhSg0@90&mgYqO(!a2iq*u3#=RH=&JIVqE>pE#BB$zl~=W_AhkpXP7kE7!&jgI z9mbTbwyN#u+f+KCsyAHHf^_RJNd)5igNUP4oxHex?)X= zoj-Bi{5C*FEz%;wl_nieHK+>FK#Ie$HLMdL&OS@`F%1z`Be)cyq;c$cRGt2_@|-?r z;Jf%csBe{x2aj@6{VmzxrVVAoi-6t%2|76uW~t0smmFuD4$tGbJA&$x6i$0isnUPS zI5;PtrM5>zXfY*0}bQ1m(&1EH%sKi!lz3+M^?} z0&^6OiR*HY%S{XOXo`?eyEb6{u2&*h3fgb!S9a6- z==@H|O@I&Wm79&dv%em}k3`D7RNc1uWpYJ)8K+8=FZ0`4oA3`-(;NA^eAjg^Mn87{ zy8E{(n-1r95c`3nXQITl-MI2lg!HcJoH*@vapB^^;=3FVwJ%$f1I4fN)jiV+=y#Eu_T9d=`Ga5@+15&C&w2KDg3-}uv&<7IO8=UI6Jfb z;d793Bj5T}f@6L6(CPpCn174$=k(EbSR1{K|KYY%{qL8WPk-p!zi%FYabM8;qF|jq z{ZLLhWbJKGB<#x}_$dyd_YP<{<(`1gNU!`7>+D+HwYP>sJgBUlcAtuw+ zdQt-9Kq&2Q?XT7z^)Q^`m7XlGVR1A5^qQu{b-kF6XCGr|uk~?u>kYIIyu|ql^_TZ! ztQ^YcMg<%2)eXvU_R;G}OVn3#G_LC%-`hR~-_U8qpVprm$mWFSwjP=BIVN)eu~EL2 z6GsWOAE4}F?a-A2ZkUI?1?Q1YA4CLLpr%HS)}MEi_B~bFhy2*@KSx$1O|ZFC|~(3&qM&CO@P4dWRzM1`W!#VZQ?dpUcP3mU!AT{fBdalE_n6|{d zwXMO_eA*e`HiB~%4>+kNZF$!_* zS4Eg$MO2tvGnp}nYd<+T+9jH#Y{HBZH}w&>N21zEwR_Ya1EST(`7@8L}VA%z<4kN_MR)b*7J}})I zMFSd|7c2mpBPhN$Qp2ns4iz%9pus zf)vpz(@C*WPlKbwdSpB<7P!vq$w?iJxUN$iq~e4MV9&!Q1hs9k&sQfI#iacwNAYC+ zWsXWc5eIB)AFFg#bk-CSR0Kl|i#)#!&j0`>_>%V)ZeLYbKgbm-$jR5OoL3YtlZrtP^E=l*2K>=B-g{ zE9!&(ZB=|*UkbHRp*F@ZHlZi=!$wr&w9`9-G0lVc!HL>Qdx8lOQx#pwp%yfjmZR2O z70#+KwXIabF5PT?)p{{Y6D7ktYgYd;P#zgjTY^}ro;0h{Q7f9_N_Ca8N`vKM?zurF zXrN7`DzqRz2q z9Z#_5?upP5>H0C<2GV6`0Dm+jxj~0=jUStdz z76PmRX%pJRjfKRm&ju`LCTjgy6+_8+EX-rI;6To5qP@f`Vk10N#2L0CQD~BGsnO_+ zEF`7W`qa~Par2U@MYf5ER;*vYz8zBLAXFXOkm5H2XH&wkY^lT70#AT33_8Z)t-zlL z#;{;sLo_$L#$Jqn>`>2gf}-NLVb5@akTdot(!CdWh~EhOL&$g);c%pDn!f16&anRT z!B4|4sR{mIEV}(8+c7*xukh20@hE8F(dy#Gej6upTgI@;5uz}#y&a{0AVU|dD zp3$=iyj|G;`Jc$wQ{c0#GJN2zz!^qDJ~?d5_w3sj?J~AV|1zHHO4fp`ID%slgukoXe~q)-Qp_@lT~q+|8T2MAzVX4i2O!NA;!XMO8OQ!{a%x6vwID ztemO2l7v+njDxKlmka6-Q;9NV+vkZ^HBXJNLja`sdj9tmj_ac%fYsr7Y0B4lD|~=C zuVOyyD4W+FpHi_Y-TBP8*+40&Lvk5MJ_p7NQXg>Q;$=zP1%Z5RpGWhL(kt zYW%9luugsh;_V;r9rsgXRO0OSx#glgXYW3nkJsddKiJgyuQ@&`9RjTU8<+mRB z&PUhgRw|DmuGbsN@T)b2g@qproe)4d9J6eXix|gZhJh1o#5u<4+c#Zl;`)6xaVBKa z#1YT++OnDVcZ<6fx}V+s{qCK}5cy2|mYZ%`i7i4{Q7%hA8DBrXTmNGJ+P#Yn(Fb4afEB+W|426K6K)pFOrbFYdAB zBBe4;6`yt()^o7>Q@2WRZtXB?)TrTVD`H6(b`|-ho$Z#&Va#_2adg~G*@b-CZIIjW z5X&I`ckxEgWrbfCF2UbLg=P4&IMg>?(z z;Ka4x)+6^D;#}2E<>$KG*Yx~X&(C}QyXUh#>(K}~IYrp26eY+9S0?GRC4`lD;Q+gI zb9yc+sK2PJt`XPu>+I+(U`0rxO`JXno(UU{wN|dUCRn@D{#+XK^h7y>SGd;&Y zevx_#ey8LD_6OVL_hLxA7=K(5yvh^KpYY2Gf1a>(LR7kUf=zdHJOsH{e_+zu zTEC$~^{f)LNNv>Lz7L@005~T`KF?3x8`}gmtyfcf%BTP1*=qc8-3uq!h--^P(VD0Q z_m((w*8Yrk*Ur(^)S4&cvh4NkH$If3H!J^{>SwA!uzyOv_QPB>p=wgqgsOvJuKoB4 zBjtx!%*0;<{*?LC^6iHwNabevQPdt)$35fa(3%XZ4|RfOy79yj`P!e6@0wrM)WvP_ zrZwBv5T_ri`;c5A))9pr29yVt8_E&>>dW2AG?RT!9fwi;vNjxlZNEc3thSV|?b#I~ zXe%OGAKfqL`#Go^3YYR5G1+C{MqKt67+%yc4XZz1-N`lO68sHDXjaR!x}Q@0C8&2t zUxRJ+T5ZNH31kcq;~C;JfVCkE72}_!z~=*-hwy{oe+ax081s1VIc{8M$E%dJP{>&W zehC=IZ#xJ%9A8lm^HVX70^SO&1!1fhU)gjSr=O7XD){6wGzh-UR|)vBg8#gcp8#KR zmeb$r$+R~U{I%ed%OLr7Tv`HtxZqp6%>{mru!H6McChJE&H+NsGNelzGstoN45JTm zX@ANI@ykMgIqtP~^X=L26LO>-q#Ri;tA#%>-7<7!SSj+g9FE)$tb}m9z`p~|_f@|G zzLS_QBsgcjiU`tARzv;_U<}gVm~IIegS6)wgSP@_osji{@)@L^>7NNO2ASU?aO%h~ zTIjhPcu3Ckz?mik+d-S|x}TUYuv`-G7-YJ%Kg)_?jj*#VN8dilPspJi#zF=IABwg5 z(EcI)OW>~ok71LayZVAth57gj@I!KF2i8%BA)?&dfv*6z4B=EE-{y;a*$&(bej6}` zXN8=(z?TDCiqKccc?vl5N;w+~KJA|XYh(~OPSu=y4)zNLKIbRw!~C*r88{BG_H6wL zzARta4pUA$;xjB3?S{1v^EOH3YXIKHBn1fd7==N;`k}6Z#NugbWpg{cXCwK5M~en!Y~7LUK{h6-<%lr+c;`R1T;_sbE6T;{>Dz(%4cW)qfp(VmxflF4U}F)s5_&%M6LQ*6zLepo zOU&YO{ICLY+HtLfAp2#je*(O}NEfHdH;dTIcEIZ20=z|x$Cg7rxjx_e1Nn)NZ{^S* zA|Z$Qr45L4jLho9&Dy68$CnB@Qhrg$VI11Q*GI~EFd&Cv=CuVujuWEq@Kp^8 zLFjvetEV!*y9qf~KJy^;UkCX{OogA%1HKI0r3fX_?n!@>$SBH<;Zr!rt9-z{-E8+qYPgk z+S%e#KJ{mrSiZTR!WRrSjQhv>#))Xp%ix#6pO4T*)EAuUF$MR+p8S6)DBsuL+MyNK zHWmE&LQiSuWxx~4Mv(R0`kRk4y_NtUPz4@(?N8mO@-NuiVD9mM+}TR+JMxB?z42CY zuPVKO8++a}P3kt5fB(weKBK0%$Ku_Db=U1{AGjOHn_KEJsSfjkfVroq@4VT&sOnxn zy48rm-?%J7oUch@2@FSOha+BNU%+R>xHyKxv|r#g#n#Ja`qyCcnvrQ%p|s3OU7S{o z$2G$d+_;>i4%D&Ig=PB+w%JprOqc+55GDXp*EmPOf}DP6!Tj25T(_Ir))uwtt<=_5 z;-w0^I4#trG`(l_azCEk#9FUeoR|3%*-vFsmtI`1R2$wb(;}5j+OxY}PfOR-c-iKC z)Tk&*MvknnFGl>unbVU+WR@wBthOxUaXpdG-neT#(eZfAWO zrMCCRp#UB(Q1|rtETh)fSWCa(A*1!YUB;)1qr`bee|CC%<+;Smv=KU+@BLuaY-0@_Y(DD_ZD8Y6x8kS!Wx;H5Ko zaSrA-UZhhJ7YYUA7V3GFiVJwtI(;#Xo~U0x>k`+;UBydi6>}IZOSSDPhIwE_cZB+3 zR9H9NQpL^l2Wk6kFEpYLP5p~CC5@^MEX|rKjc>|{E@EE`#2anqMKvgudQ}<&JS7d! z!t&VU=;x+Nw_`~?S_)qb>@mFXb-L*Jc2p(=`#CygE#JihoI=yo1 z!qz3N%Ua9$yQXz11~lwLCaTiS{!pgAPs;m({ngtvGowojw%u1R(yQ(kiBM1{_So2d z4_8O-M_=);=^o5pV|x0&U`v$XnD6g2t1s*6{ONmTV^P7X)pJc{(?dHw%dkrnm*W-D z)$#9?SYBh`|7_ikm9RsjgCUo_vc}E*D8BawWeP|aAD6;4-Y_QX_19nDXP?T zLcbJZW%4^5`db`o54M!~IKEJHLv(rFId$i%nSs1k=5zk}QoJ(%K>i_`OX;X>&38sP z>&wI9lhhcJ>1n%^q0=L(d>f$aN)u1#kGVS-xjZa7M*YuKTBeRy!dp_iy2gQsuxmW`3cr==A7Q*zjoeJA{b3@t6nB2e4_a z;gCvS0K8_(=yMYIAG3EhMqlvI=5J5b@@oDmHm~Sw+Lv;L9=yAY-#+--82?Wr#?xg~ zrS1*4MG5}29j(j=Rw~5@$EU>K#^<9p;j)r$Yz-;+WZ1`pqVH8P={mhBN!$`e-%S0Y z60si91{jYkNR9H;k(SAMD>kT<`!S#YG2iV+RUK439&r$hDs48!Re8|$mgUnJ)z@^z ze>u`!-TG#FY(LX`@B;=kHa0Xg^2ROgY5Y2;_o!>VqiP;A@8;PFJUdlY7**(6c&kRK zuHu#H!;_k_Z|b$KSd}d{3$m!*BBQqSA1UlXS~MW z17*0e(%0$I3vJv6@Nvf1ej;oJ?;5BiY;T0}n(-I>$E-!Xw~62NJkWXY%6&j1UUFvP8A!^v&T2dfQv=Y+<3@2 zhQg3ePhZ4fE=?;t5;JQC(6C|%%nw88Wqf4W#Hx65*o^sDFX+4c%8LHQk#==eXLMV` zmt{c0#?R7VQ`ZP}$ICnRITy9=0E{wOa49a1YO}_4Fs4#>(v0O};Ioj@32FW^!u7vE5v}Zv23mdNvfD0yd!wvx{@1CTvwuGTB?* zX|^~$x>H@N$UBT+EFpAp>d*j?ZHMY|_GwDU_({c_QTdT^W%KAa+($hhZDU#Y!utSv z7JtBsfLQFeLcDQd{+iDnZgIVFd zm?EqxJ_YTbFTPsrSX=zC_(SIpKXi1M%Ihi{<_;=XZB}`w1ZEa?+04}_W?9WsVr>jH zd(zW*TLn7RdYiIF<>VAIHSB{}F>78;|{_ zzj5B6=Zr%z7U_@wOp_@glg(lb2D zWZwEUVw7mNs1Y8>F}i&wHmMz4JFIp{Z4>@l)R!Q5P0K_p2<83|UmxEU-;J5JPEXqf zq_MfNUB}jsD{i}HoAzyHjFowh*X7sdKgs{+(f@q;pY{LI@$^`U?I8bDTdnrgljDLd zx7?CpjM`5E$!&K|Q#HAf$p-vO12*EoKDplS*K@Fnvl#uN25UB?=7J#r1X zp81}+Myx0Ffw6?lXl?%Ue0%<21l(WEf1T$wT@H(IbW!voW}_EGw_)92k&4IbQz4^G zeI3^Q64yQvFU&8D7Zw&aEX1O~!nTFULSAE-l2?DZDG~qlMtjoo-K`zdy^dq+k*?fBQk6w3aI;cvcIhpFAZ&*+L!?VrUYO;_tjiyEo z9H{iv^Cpb^F&lm+z5wmPRcNyk)wbAgS*xsL60?&@l6lv&7p)WPH!76cq|H2&!MOT4 zMnlDpExX<*Gi`UvNgN|Y4A`Vhosdl})9$9F9-DTTx{ag|Z?g-lh2F7Uns1HK?QnL% zeq4>McuT^J7Sg`cjIL}XJML2bABQ1k-P){-s?L|gAr1ia5;nfEA9H+Q1~%*)^}r!r zNmh!WudbNsq(hq4!WM|CuGwLaNz?W99DczRnHMCXPAEO~uAUwn_`29WUFDB@no*Hn zLmnIJk%}GQm=_rNg2RZob7Y|vYP!B(zd6Y@fBnHXUUPO)rm{mE3=^fz)HSvI?8YHF z({}V#Q4YqQ_%5Oq$^k`N44H0>VTYqL;?6n6_R92<^leKoJ&dQ!wRG;7&QmemPH&Q# zXw17FbF23s;ZNx;V&t&0;8RyqaXZ#G<~%KC!1mNsjVC#e;@k%tRspcewtRuAUl>U& zAjs=x?G4Q^Yk65!n);|6$NIWi^FnL!om%kf7!-BtUR1BmvEE^AD-ySFafnkB->g?e zt%LPHB#>5lwr@<()l{5_jry53aIoq@hpPXxRCTPR@w$~Cjfo$NqQ{~f{_z?&5g$!$ zu`|{&YdhmQwNlUP#y(Lg%1?^oNf8dPjZwe6&bAR-E~?M7y~e+8IM!`K+ZHU`8qWx?TG%<@(}3hbZMnO~?(MU~T4P${Hkn;_(;99EGpq!@;#%eMy86Z%7+c5zX|!x-}h1f z&_3&bra(phz=qQ621TC_ioO~|Uo!Dc{;_zi-p`;3X+`A|jBm;(AwQZ|8@1O*t8&Iq zdENMLw61%yuKT2Q-8Wp<{k$*CLMClLmhtp9vvLfkZKLxS$Q|8>qb{M ztm#F)=71TtSR+U;HUxT8)r^a_TD5?--{@GcmJ3W9sb$;tl^qq95>#M*ZEn#cqXoo8 zWdv{LtUg?XWAmRe3>9*q<@x z4~z;Aw>`aHGNgU1g_uu&jR0MtF<*trp=#RQvBzLLkGp?rlr6{FbW&c|Sr2U#DL}vp*4e;8!mB|1i%`V|Df|)YeYF+@6q@ z&+&K^O^BL6#r-neWotkhWrZ^T4D46eph+voD{zOyt-bS_ZuS2;_|3r>Uk@$}!HUnA zPe**Z=`$7fDS^pv^>YTt@9Cv|g|TlLcAAQ@KkYaJW7)aj>$I81t%YmU-y*(+in-My zbyZ*2k^peNw*n0~{zIt9~aWOl?=d7bof z#aaOKNcqg)ws`zf-$3Wokbio!>GSLhpj}Z$M~oOgqIN{B@-G{I2uzP#wMzm#KwyFM%+hQ9bcm|>+I8rLdOf%h=i{{;4=-{7QC+gLrqbmV(%JQu{tWjM-q66 zyWS3_s;e>cTScwRb!{Jb1OJbqd>Ov~NR*(qjsef<-xlrKb+_8xx;$6A>;Gcz-{ZBM z@;`q3y7#{KZtvP@s}RCnZ7RY>Xo&8znGh-=giRqM#KdG|+8q!wau{-)jB_$Fnvv6p zX~;Q;!F-%Th%scwaiqSl=epMWzSezp#eV#Le|*2I)?Vv+U9a_izt?$P>pI-EpVzKw zx5k+r^ndmeRWYT&RWa$~{LPZym0FAN9na2Mg*sbG^8a4Dw+z_3hQA8=<6M%ys6B); z^sl@2iO$j&Eq}xLaFXez{qKCd%k8hh{A{4xiXC-VDIC4sq-fJ(JU7O3hlY6ueVe{) zFV#={MO{sD<>&R5t~71#_j==HgeYalu zKFORM=XdR|2PJ9k`k5OBfqkkFBqwK+1%XZp|FN^q=2F^Ns@553a7(7N%}8XGphZGl z3-OAGl}|Xe$5Z-`Pxx9$DB0Re0!v#aF#hhm-ClG#iWd_8Dn0&?kt^1W>vZ2TtoE&f z!loLujdiuF+`wFVd8p!WcY}0$X}5Tf!za#n)>oHe`9H8^V_~IAa@B5|G|rr%D#+4h zvfr)App`XCq?8Gv$ZT1r)};#kA!NvKbtbOg7%bd=E4@19IPd1z_;(O(i4pTP+;BcG z@4lB8P619%`_g&)uvrkghqVIz&JLF>_``WdTZxt@h+~R67U$U?v&XvQC%fIL(s|~Z z;CYj-?hEemPs)|&pW)MT7H>e8>{k!XaQY6BQcyltFg}#24lA8+6Q4-&c;(Gs75J{D zHevfwZc!cYx#Z$?x2s-%1wh@qfg@i2hGU)GdUL1kN+{m!QuA}$NUq(*=k3OS(7xO# zyjmrpTMPLL-~auOM5xuq4a>D@4W(hac#F!Lrs2Z>I+3nWN*Pc`#BvhqmSt=m@HgU#uRVA6m6E zKQupFU3^%6WPXJEP1Sf!K?mGLx;E68X*$Y}j1G^APM6=G`D~7wcl4nfU!I8c3?B|# z{GN)`7J(u@+fvNQDrrgd^Sv3r)^sZ_o_L7Qqra1y=Gy;a`Cfm68#zQ?Gyo++wfI6m zdo~T353UZJqbDaCZs+yC(X6 zO|*JVnfy+A;CCZ=Jv9}5ERQ39wkDrZc~RwWE2}HpR95M`B#jm0b(In1Z@?QM=jDh0H_kv{Uo5G9buPa;SEbEUMUwnoQBj%kFFsEh%x!C>po74feev+0{u`&~ zn(xki?i_Syk$*n13-2sqf5Ahtb(VaKG_??_UA1tY`cHrJieo%;Nm1Uu)nuU{=aT-R z!=6)nM$zATMm_WL4Lx7(c~Q@#ep{kNx}&*NcP+2V&5G(Jm>o>Y&-Xu7gDg`5wL?L) z#<;yD_pl~M z=_%{I+E&)|XdBkAYX?e0dB)nq^a7PX%bj|x%b%5>&dL>BSL~%2ZL(6w=#Q_-a$K-= zYUx<)Sm@Z;v2A^IeFYb9I!_(Tjn~`LQFLH|d!9x1NN~v4%?RhnCwydMD>foOZt;tB zwb+uIq5I6UbPv8oPXx{pf%EbBQHTmUo-J*8l@W5ZG3(^p_}n7wG41pZ^j?Q9eLVga z8wd9r+c>WA^v34C%{w*kaNG{>>7vl|-&uX9`|V7%M3Om24Eyb#Cpyg@?8lYof1=C( zK0*FD@5i@Qx%zRr`crcC$K~paT)6TddC8tgo^q+2RXMD3Xq(2$Mk%LkDJNEGS&sC0 zYKxDT7orvwK3`hXp^|XU&p+!`bdb4qE%}_Diy7ZxqMFHs4%EfABzJBKOS@>A`x_(J zpNv0C2T*yB4Tv5e;Bp?9PdL8v%tbr-jpcFZkLxe5`kNJ9COZdeU!>NjPwc-~KgK?- z!?e0cmpwPt73%W3gp149>u+Fwj6NHH*v|)0GqQ#Hq5sdFI~Ox3F5es#Qyls9he)L| z$hFA>^!qGF<&Ka39u@OLO70q&j>UQ^^0Pz zpf84L=TSQ}@$aVk_S31@Nv||^s_9hdly~u5r;1Lbk4I+S18=XrlDxiuS?6`@6%U>F z1Z>q7|+Jlk%&Hiu(53h^BpX&;J$8<3;gLbcKzKPm0B;m~w(${%Lq%9TOQo8M*e?W4bOK!iojMvSh$n#)oX=X zzAGfNb;a&h!dmO5}uNOqt>+I_*|9E^rVW=5+tT z`?VGnh&B#SH>aI8jNK#8*wan^kh@3RlGC4(p~B3;>Fy7l$#x7>q)gCDlp zFwG9}KUIr&!(7ODKL$rF8iBbZQFNAI8#cx=Jf~Vym>5%3$pe|ADthRBM&tOkNVF(w ziFmVOsxAVixHsFBQ8j+cm-xI)#fUFm1lQBO2Ju08q3a>weXbsaGITl=Emp7SDw@R+}>yR{a+rIo-6; zr0Fh#;rMk?x5{o6-3E2ruiG!WZQZSHxB6~{Zc(?*yTx+gDZf!cb2IvRBv7kf=gb-bEy$@0?s~lB&+#IRbDpX4gSMv!+ z4}9v%ajJ@BkVd+WQH6d0lw8`~1a^nx(Z4itYD3BIN7ZO9ith`!p~O!t$;{{{K9Sg` zE!(MKu+WJ0<6B~G^6^5@Q&?-`3PwxK4B27Rpx5HIi`|gqv?vSS)a*5cWilT3${wBY zvuI$3pQeLlf*bl&YLvTQ>-VdV_Nl zUt}z;xmEvGID%sc?>nqE{y){IIIM(^8SYse67(_x#j~yy7z|^0O=Q(<}0hqPuHe7 zW?F1k4d5BAQlD7k z`}*2rl2K;Yte#VI$B#;xQL}nh&FmkgwAii3bu042fgAobENPA89|^W~d+EX;q1X*7 zy>u0?t?gctADYU>72A3bS7LtMuf#)9Y4@|rhNiVg;&`A9NnTNSA;98LBHj9sA2}{v z4V14Roo1)_hp{!|YbNI68WAZ9u4Z%?NC?Ksc+g*a%7_as-njSkLNa29IV#2%Ri&#E zn}3q)lDOO$kQw-s8-ba355#e6fOs9yqLtWuwMy2C>Zuh&^~Lm#>Qyf>Dwgg6=oc4j zX!G*e=FY9Ak$}ab<*@ zczpw+!G9>{-9CVRA+o{&Nxp{G4Xi8HHLn-dAgicCu8Er3FK%CKpK!DcpP?5NF4XJR zE$d%6<-*zv2VPipVdaJ0u7ML@KPY{^IMKoJn!-4MTNfAJDq&xTV#GwC6(yPu`#VeoLOUftwzkYE zjvRPL@r^DVU+K!Z*ua7DPmJWS8GD}3J+F5_qUhP&V*OpLztdF$Ejsh8TPbS!Qs&$v zv$|0seMNL3C)O=1i-V%Vq{6ui&uu*W)^od^SvWM5t0Szn^4 zDCh*|{Te#ID6iiY)dEJ#`iknx4OMz|?w4Z8mzE2#!9A<5$5=l8%Mx1c< zPXF1qP|#19IH!(OC={ZG2L75u9(~4tuPytUHJmJyC4ir2Y=$pAi=Ydspger`ei+KE zX~p24qKa9%d{IHTZN9aTa;A?vNGAd)zvba%pi|BQ5abUwMYpqH@YRBJyYlbLYyg zM!OajAQvCTf35w^%`s<5wRiDRf(7N*9BF35iLIt9GwPk~&RoXnt=-w=Pi&}bVI>gW zcBLal_KEG*`$cl`Ut($dvMe;7?-%Y7WPK#4{nVPrYbt9hwANq`gdD{4NSWSvh;ir0 zM{H}-uGT-K{rZR0#s5Vr#n(TiM)A0RkTbt;U9Cc3v??E~I4|Erp8M3*{BfmK;bNsj zoySUljVEi=axR~YS!&{H1XoP9HsZ!Ahd2_W(u*@FVU1B# zbpM?tlyfXEmZZN?QL^KIi9GVLmArE_cPRsz8D{ZcVyvN9ia(`b>8T4bZXb)~;Jv`~J|(FpR4Htx4#^X{-0hjDvhuEYAG z-UuJxeP#D=yMNJrW#OxxzS!xj9^dr%YMZZm#yk~>Tz#&-U47;Cm9JD@sXMfnRW4=c zv2A@t#T?F-x92#Au}RiaV6Bx8hl$-{%}Z>TjQsk3er&Gd^jyW+xr)kMMH~HHzhbX$ zm5S>Pk651PMT;t(k=vv#ZaMcy$Ln-Pyv$#+lsVerJ zQn~+>%G#DnJ&PXq59;}FezB>hwpJH_H45TT5MMFSzGS>f5I-5b&h4!CuzCiAVklD(|0C|lfCF~}TUFk8#McT=4??N(&9qBR#uEdc4-B4Rl)=05}N_aBj9bRO8H*A z1p(IJvH2d8XjguRcT4gC_DA`BWym_o-?BYEQkY=Y;7^3D`?Zy>LrfZ799MB7PuE(bP@>3Gm?ti;Y+}3sI)(G3{JRH*jZ<_o$GS2J+J74}L0izV61MD{W zpOV*8oJ}faj~dew#c_Mf-yq*p{pfXt$b|u{tK6cbOzO=ae{_0zv2eyr{ z2X}YR+q$%1gFQAP;PK61cr!e9&3xrpl0s;ltcX0%B4(X2R*ak7W}bHc_d zLH)9@G_ARWgxC+!*RAYl`P4OZNEC*)OLnggut;hiLGny~2sZ(G%O&9O;7;0+K~ zH71z@z__}ZAZ$gD_TL^`6<~j;)r~*#tiO>~`ybI3qmw!U`%KtBkB{dH9rA=^^k`3%H+`#lD0wGhlGt4Z?@vbtI=A6@9=SO?ZD>=|Jr0{ecciwW`;mh%K*tY5-?4uN>L&vjvgQsG0 z*q1@tR~0|#^kj^H*G+m~|Aop_eb#hbDC{ipS`->~sp7?5WlKejX;^pTBmF~7#<{S6 zSbpJYm~-_@AH;?AJ4?stC@Lf$taq&+sp*u~yS)@Q-XXFD-gIHOkY{>X8|4%NX~$ze*+jC> zZ%Ni%VA~5TsNYQTdcj_jeO;#}?Zq(aw?XI83-)jEj!yBw(!9-N3uD-rAZ>S#%?q%; z!rqcR#w{E=wiOnxv%&helBex4CvOD8O8ODl#=_oI#-=N7yt7s3lvPWBP4<}ekDYby2l?|< zKLyVN(-pA8Y&$VrKk09(vS_JJpx5%tSoga8Aq(UDk`J(VLL(OvSd zK9H0%n2IDCE1R($9_3dj|HUJTePE0UV3Y+sO*_&4@?FVWfDKiA>xYxRx|xpuE&;Fp zEvZYeXM{bvD7gj$dqf4B=KW1rns;D6=9ym79wH3hbj7g`tXh2mdA$OxP8dAuz*KKzfxHQ7L+GUq<3hbf9h=_EJdZNPg}g8yd>{WF)lrD`7DoAfsdOf9uMA$3 z=V=-!@!l3jIX9qG4!u^+O^TbmHR4gG@C;+4I4paea((@I--b9w-VQ3$Wx|SzlNKi^ z+D7sU9LT{Nr11)~tbyK*x{9f-R<1-j_c&xC&3QgV?itqP9(hl0|c#8Z; zVb>y#Im6kFydEaL6RtX#XpJdD-E%)=% z^12G!B&GKvjT^^nV4_TMq+2> z5Ml7@JWs?y2c$j7^FnN>=k*KZO%^t7Rnj&{+v3ww_EuIGc%F?V@Md`4n1FYA z2Jeat-VL4?+IOQc@;f4scbDh&3b1*e7uxqg2Jb=73*|kZ!Fxd%Z6lQTMh5TA4Bn<{ zyXo@lDlDCk9Wr=33QOz#ndgP&vYY3H`FPG_g`ixX7nW`ZuX$c5?{&`$+rg;zT2Fme z-iE+vyJ6a6h4oJHz|y>vGk9PjPo}#$oqkR}aA7|mrDNJ3PF*nCQ+f*=$kG1T%cY#H zO@hN~kc&^dFk?- zlhVs|R93z9(D+wCsT_Kb^y6Pq@vz=H>q5353b2ww^02f z%f8Vm-g>@%O|OOrw}$^%pVw?w9Gk(uk^e!Mtq&x=#Ivyz%y@GYCv8sQFZ5?cmt1MB zY}hv`jJ9*|=DE_oGQ4f%|EG!6#tksmQmx?)Y6VZr3U_af>;0~ZV>8&+^3~mwG636K zet@u|LLAuH@@Eus?%Im9YToX?#_J8da2U%2JI3=S2H5i&DA-f5vWNGIup9cQ4=SU` zQ*}q@$ls%1k245u1W+dBG}{CnbAKESvyUb9oKbT1mLPHEcef&_WEt>g#D zFYlTwU6a5YE?d&_4iUCMX(#AB_K|j&{7=b)cd>jZ5A0HT?3=F83MD zWbrnTA;#NNoIT{xi#*bT4V1q@yqO-WS4h8nSr~D6hW$nD$}lyb=so4>?%k8N2F6^=v$Y_AK5>)MNv1eV%N#S#wbJwyd_FoCv1FxJtyp(-6T(;@!nPZjXiSideyLZ zJT^Z_`=o?+)5UkQFdRA#6)z`jrQ(+MJ)J;D*8p4Yu{#26MF#Ja4BnqK0FaNyAT9GH znAumYa|g5?jEI5_We{<*d*!%JhhVN#BC^FJYUCXZZm8(qmTVU|;*Ra}+mu z$Ec#ZOWs&vIG0u-*OH4B8t+A=4X-cZv8M%gz31sLIzWE=Cf;O-(}E3`A0ljgfSsgx zns>VA<&_A%w4rhG=oq5VFw%nE5@1t32H$v-J!bh}jNMoMx_xp{gVzDZSoiqgT(s0< zH9E%T_4ZBrCDSK9RYTo;%5r8`h|Cc{6)fMczFu+ z)oR^88Y24?;;?Uh`FEG=K1RSBqrw??fYRz5dP#eN$G#1)nI3BjFz&sR*7`YVc`gks zthYZ1TOrKy0dKL|IOW$TkoSbJ4r;)Zh1oJv@uee^@szZTx9cCCj1gepdtN_vlfW0C=RoHYLfaP^e`wZJNSh_ufP4zr$&tQ{1wpgL%<7mZ?KDxYb zWnoLjJ4?J?3USIRZwf2uIb4JV45|IQJHv-)^L z@fU?PI5e&|`U3lKEddW5Q}p0;V}NN{>oEGe$!k(t^pX!;sJD-fjdz)N8y+98G2zi( zj*{;wEUfdno;MPbT*#ZCW0UukGWwSj;&tqgVc%x(vatWE;;Us#A<)4`F)x&kE0rnJ zF-zE`dWh26fy76bd2EbN+fJe0rHO7iDHpW_SfjAX!ff27t?egIxmY_5^V{Up!uzMv zQg7(R!Lxd!tgsIrdz;jU$y2gYI~Wr1wvgfLk4eTR(z5Re_PXbx<6!v-r^Mx=sMEW@ zLh212=!N&D$HoR2YsaS3WwVSh-ZzSajS6^rJUm)1%=Radx4HhHqhG-5A?y)dh%q*r zyzMf0eLc_WO^4Ay&$BWG`?=>W59E!=;2n|TZKSjhc$>L5hb>^22)lZM<{2-KH3Mrd z%CA9joapY}EP1o~fX9n6@UDa;7xEVC7#-AoU*u`Sv=Crg);i3}Wn-NqpTnhtG^7RF zTmC=|`qtmLKI$*e_-s5d*2-YlDo4vg2L_;yp0YixMaJ+?q` z;|*5^XH>@PSix@XbB!7y`{QE*o_@9;q53M`wSt^_8CInlj5;Y!#IgUUV5Jfc`u0fzIb6; zurJO_`VqX}N&x#bV-&|B&-Q6XC{7tD+pdq!z9gw%Fl{|Y+X^e_zeK2lVw`+I53DsQv^sxUdS_ji%t!DjKd|N??fV(LkA*!g-bl}5jY*!~y)#}DLY7dh4UmuwN@qosabx^FjytGnLlr z5^MwcrrVS2qdFaLFaI-DXh9+Jz$kO%^$V~A6#xAGIIW_tZQP=Ubm=$Av-=%|zbQXL z5BL-mA`k3sk5Lw2dJNI6uh9`=7YPTO>3P)o3-a`jqCy<))cQw3apb{!S-v&A*ILPA z{n8qF?}$e~FDk@gpY`*C;%49binoUMQ7d`>Y9;S;@z^hJP>91m+b=FCZuYVF^;10B z&pz@uKNa^kMP2=(<4s}K?%|D*-%Rabf7;*f_blj;Vjz)iQ-R#t3Uy%N55y zc+=$P>7u4rfKBn(43D)}I9i_mHcugrvCjJ2c*T*op2ADy=^r*9f!!)k|5)t%8yM~H zzOl(357-j`zU9_uxr=9C)aPxc_+$KF4%$#%f-r1!$`D;{_MUy z8P~uD>d(z1bERiyWv08A9nPy@$PDLI9Y)~Ke4OlKGQR98f03{u3b7duxvA0nQbV2MY6BW_9^nr)7GBh zJt5vnr&YLe)S;V;dPq^5qmp$Aymw{u{TFI4S8?6m8?{-+l&CMv{%X$cz*epq#`5FXB*zA5Q%n+Y2waPFLn(mKa@4=+e~*gH$S zV})6JF&=swIFJkVHt86>1%<37!f^wPu`L`oux+yZ{&`i34oC||e>+XsScQg>&%X-m z8ertNrn<7!4(fG|Yc=-&j0g6<#|A4z9@sBcmRGf{j8+BM*&efXC%hHHMz^ml)j8N| zVPhZ7Ma$KAOx`GE;kgc#rS<|3?9aoJy)W7n?Uymu>;v0Eo_(_sz6>Zk@_zdPxoD9> zbbuY^vH8*u#yEVk{6SqROZ7qd9R+Wr%F^>l*h1b9)x{|7&TOWwT_Y?kXXcs(dI`zu z7kim+^SWp)C?st+kKNict`8l$_oK!uWKLP65MB?3d&$$D*&8%$D`A%&R8iWW+)~Hr z_$hh4#Uam(yR{Y>v)*_rKeW9^@gIZJ<Q1+INGi87AbB#%IK2QE8QN2qK-%3L*8PA@X*^?J{(WcLA{0JsSaKF{p#0A zJ}AF~<)0O1`7qvQ=aloP*HeWV?`R#9U*-y{OR(Yccm5|AwJ5|su;b(>-T_E39^9=Ki$-6`tb5D~(!!A`Ey>`7%+PmbL^FsUPd0vY` z($c1QmhRFm%g4Iq!gdr!Ux0U@!aDh_wn@eVFv=cmu(yx$+*|RUTgB@?(q>`Q+y9r_ z3;ScV_i!u*W6iPAffdmrh2)Jo*wkZIAB3c(KHgLaZy%3^^1#ya=&Q&hZL>nsf^8*_ z-WESj(jL?Hfu-fK2H9M`@qx;c&0sy{v1N#t$F)%xkF_X7FIYhy-oqaIf2&*=Gt%V( zmM#~rWzyvWwytuS{oIe23uQl0e)b#Mx78XQ$9P4*d`lblqw;ZCjni?u{J;wGVfoRA zekRZU-w=g3RY7V0uc$a>4{xY^Yj})ft>H~=CGVP6@)*-wqxacX@;+)MuR`NXYxHj1 zN*>n)t&yi?XsdXvjann`(pK`cUD+ymkF|m)iu(r5jADGhg0=>Bo;+BKLc@;KiOt@u zbn76&j<=_<%J-7}Nz!hr27K)sm8JU{tjFmKe-t)bp~>4pJoeES2*c^Hw2$7bxbbwU z@8pdXh70A{T!!8w#S7R;jw0D4e#Vu@}{?vcU>!a ze`+OfNh^78x03f|D|u~I0j(*&LMwUPYio@>U4piXH@cO)vs=ltapT9@RgKE-R(bl{ z423w_pWV0WuQ=@<9&>xRKMpUwj}EVm?CbGqa$O5{iv0ewjg>=t3+dv}!8Z9Xl7 zF!I_6dqRHtH_5&a*i#;}aT4tL4Bm?wJl#rm@~o^#%U%IG<|%G^Pn0d(*KHJr)9@PE zeci!|8&6wd(cJGV-JUZ%;sRPebqXiCjZ}EbbrR%0(PdyCaBCT?Py`Nzp(7b3%f@j8@GKQY&qBS zs5eV{zT&II3(NU9Ve>cTbGQi)9bh<1d#cC6yq)H;UIA~Jly}ufDdN;|xx6IoJx$gj z?-P#|g0x=lFjox);Yjdsl9A2d1C@h zP0Fngu9SYu?=!->_9$;_i#_klAZ>-lxC!FvR4FakP10eQPPz6$xfD2%lPdQ-D|xf_ zZ20}c3LMD6yGDP0qk8MBIQHSdFOuE@2XY*@@p`ST8Q!^jIqw)5c9C?1ZHQ+LuIZET zR7~y}hg*bMpJ9x>SpFF`pn^hNJNf&RmiMOzD~^5e?v(GdeZDlOfITd~c)NUQe+X=l z(!M6%SjBN*%*i+YKG{P7TOsW9M%k=7H65#kRmhf=G8SwT@$QkoV#mB&M=Riu_a005jtTbtQarGN;--WB;?DZ$*QfyFJ>0Il zs!i$~j_YLBdeqTUg_c&^2~KZO7%tRn?S=7h8~Mk7#xJDC?f?bIWDF}RL>@e@r{N7% zhzog5IyT+_#o^J`aO>icrZw{RYb6i6kk_mb7wWZkPd?bEfJd3)LLOyc`QUtOc*l9( zPn8R85qZoNxKM9sALBE;pOQDBmAqejUb8}6s23fU-xkH!WnWk>%soHFW6WXRVjSwK z5EqU^eRPaoFyys{H@lU*+gr(--%8#$t>kr3fBak@3N46ldFv=_6LmbB-^j1F99@1D zbuKIy%F5EVQ~#x0x@7RIzmc{m9%J#uAg#7AqbFrcFX=LQBZM(-Sbc=!Mrhv`Uf!ZW z-dDo*Eau(2A;{xC0&=jgQ6VlXALzJ39$sfiav`smj*$m%w*0zy1<%`4;nwoxjc4FU z3&z+qd^^3z5@5d*hCJqET&UOj8)^S2|B&Pr72@DAAE0BNLUhz9p9`f+sREXYD3K^ft8|@&(7@rM0O6N|N zr(arr!+vi0g~uLBYk0qECGR}X8?O)->SfHs=JgdaH-2x07~v&npCJ**D|;JZsPJhGfV)NZ1m|>+92YR!DvPRC|VZwEVbXNq++)pHqdc zQb;~VD@6BCmGg$;ERttkht0UX@+fC>VL4MCX&&W*%i^JPfBARxkv;22td+aTSB*{9?eH#d1rMtZ z@;v$$E|h2aU`?pU5u%f{_=JbeU_bX5witGmu(!`mp7n!wwa2dXJWUhPKzZ^pQXwu& zFT4Zge~L$Xsfe0SN$P{Nv=_dc(x?#o;PjBM8y{brD(d#7=rg+uv;4xFDnIy)a%{RV z_LT`u-fbeo3w6vD_O;}N$a~OZHeTs4YLQGY>LN5=m5Q7_saMEMJ_5RTo=aJytC)^_dKv&JZAQR?c=eKm&RDXPzLDjq7c37 z!shBc`LMjfyUQ@253pLr;aT4TYwNM1=jDZ+CC@WOlhppu3pUAPcX*68*+Xgmaa%Ip zgKg=taf*``>_%Z1>4lIH0mi-s-*_{db;_0X5t7%yfgEXXlHXmJ)uq%&!Oe(IN7$ z2`ebHa+#v|Pw_~5m^}U5);?fI$oG0aUwZFThpzmdelF>6@S5a#Uev~7<6V^E?U3S; z_HB9gGOX;uKJeHp3dsj$PaR_45??N0+j*?6GUhRE&==kqgOu1Y4!x|y{|KXvArIai z^60g)2P2LS_IiwWyW*#wn$)FBEA0QY$ze8Q3-!T#M7uJZ8Jn1UR(VW;E5AEliR;LY zJ1df&7X}Jrp0ReSESBa~$^soYnG!wwYPr0ud4_&?{EbQbBOTX6V9g4VhmPaq_xVM# zA3=U;vtxzLR%m&vSN!Gol72}UkPk4ME5NYj8Fi+v3N0P z|C_Y;DnX=$M>`F_uZPW3??WlYxM>$Q=$jND{vqO?=5+F zO$yP0gNM8V2Xdjjp*ps*I!% z7VriNbMJwBUT>YNP&p&7PYOGA%c?T0n|R@O14!FT*im|*q`%hz_HI6wXMMpik>)>g}pZ@7RHHzXEKzPYbr2Y}rB|MxCW|mbOXQwwqU# zo*QNyK1Jsr6t>*+z{V?18SpJc(lTEDfXtn%N_`)!N@WCQ?GJ2s**s0yOvNqjp2FZQ z@YwbWf2Oq07LxW?E395+^|>%BKX{MJ7V=i_>jUg>9$Vru<__**bsbt26&1(98z=jB z71pdcw&>7(Yl!^L4lwkQ-%(y3yp!b*dp#Lnnsxje`Q3%}Q)u#74}JMryzW%g-8=uK z!tI5PR0t0z(b3C?Ciz9j0rKc=PzX=ickegsqYn=(^0t6YRUB-l@@>3niobV!Qugq; z7tNmjD}lTX6>mB*88_gqC%=_$+)!W0Q}wuSyRxn;2G~&P1-rvzHrIkp53olRr*AFw zHYVCZ>#ERrJ1D+byv6`yzv(?;w|J~ZY4sR!G<`xeGr_ zKA1~Ro0!-q5fSZgrZ5{P!IsJYMVO6iV9X1&7wfBFC(4h}NASBS#7U)FA9NKK)<;1& zF%-X1B^LzlSx&j`&;PH>nc(Ib5&LfE$utPulY^VSK%#_e?u5~G~Q>5!y6Z1 zD?QKZgS3qOAGaj^1FXINygj+9)LzINZI|~EO$XRtJvKohdg-fUwi}l7Kw*5> zWhm!lA9>>s^>IspF=m4;3$WJ}zqhI?Y6&pfE`55bY%+P;?v0M0Q{FEbv#%7^-=|gJ zbf0ijTrPHens_JQlI)vx)(O7LzTfRhn*`&Vx4#rNU2*h+@hw)~1uXvE~hMDG>dhBaee-X9-y*y z4p@yE<_WT|S#eyw{4n{!W0Ex{y!FJZdqCrX;@AwnfSx3o*dV-DyQV0>qc?<}%rhNmFvsQpUb9`E`9ffWBLRGXV zz<7S6+w)bW`_AwtXYi(H@UHNfwO!KkeJOMlbzt`0D2(?d!~O=w`;vy~(7o$%^NUIO zft@J-m%Wnrw!tRIe<@yrLUe$!X6W)#k`FNM5e$B{oTpdmqSJ(}2-5yl*!@lMb(vtd zW;jP-_>D5;Eo&ujGu2URzfOu>eb z-w%_y8;sxnf%mLJ>niE6VB;oo7reC~ob5#`??EN&V_D+C+aY5jH|HjHlry zdSXp-?E-I{#~5pk$NT5V>lyo8MSp-b~sb)PH3dX$@OdS6znv$@6S3gSSxFlkKZZYbmfZmAC!tt4rfE*sp}4 zqu%Q%2zyAr|N7OX^#<6x^5kQM}gbFlsN2m8KM9C;fkWS^(QnbmHNSJb@^H&P+IZxzBL?NRb~ zO-TAB*eUYxmgxW<N!k_VhrIoS+4zFZ4f=!4T@<&xZRIi33$LI*tlJq= zjMrTl^YmbkF$WBir@tW&#~5M#tx0jx!aGJj9ACi3$TJQtQE0r2760U#>Zqs?2k$!h z{#PY7gIy^Pk8;L^yn>ER-c^djW1Wo)c~%BsSIf7C_nvrvyuRGN{|QUmx5D#6y;;1E zTgm&RmArqolE;`yK7PtREpb}KqYt*GT+UG&>Un2*`Ed_2U4GL%FSIX+yRIqyvv4_IC#>8f9*+;xd zJG3c1-w8(FKWV!*rE46pGlgN_!;0fV`^M|o>^sHFqkrH+dDM~d?h+6CCOKBQeRBfd z_u~C)mo}xj8+l&|W6f{v6pZ^@$Xld1ZgY9d?{dXWFYmCyTLMWg`%?W_)geG3C@dtul|8-lm9Li*f(d$e)a35InR#=5vB;L(oYSzVGAj4>j_ z26~=?l8(I6=$#l~j1i~l2gUONcDdr{?HXW| zCA>m_{a0~#Edf@gy5!oWkiy`FSP${$%a&rm1H--$(`_OrFDxrC_t^+Ks z_f?OL2=s!HHpDusZCs!=u#LOa+YjP_+53552Z(oLQ+fF@2cS1>2j_U6l9cL$Jy3X^ z1B`otpX^;O?;6hw+X3HaeQuv}-m{(;*4tKUyYLEu4xULsZ%cp;5XQA+$OB84ANOX# z!m**bMeJ>Lb8-jS*hI z04oSXUQ>YSaePB+*_qX>Cm>2^BXV3~ggrR1yp12? zv9SF3JwwVbwC`?VwB4|;F7~_$fnKn5KYz>f!nE&sd0~J1Mi}KB>iy31ih+)LZP3AM z39!z>(*1lJVbn)Mz}rq3`4|;oHwa7jL9ldR{j;!iKL?{si-EiseA-DV3>_i1dt1Fz za!h%9=`SqZPEYbYi7U0!Q#>zhr{@bB-CQp30?!NE=|W-q9b3+O(DTA}+PPiKD+GEs z6^4B+0k*BMbUz16x6>m$7Pd(+(uUYG|lN!v5J(J|C^|ys#bQ zRUq&hgM4%m#(Z7~uuVL#Z-Dg>#-4Q8o_qSVg9BbsSbCn>%gYPrqe-3@>YeU+ErGn* z!e~RGUNG`8HsIYP4EsWPw+UlD3VDzCw6-V68VL*?uLts03R`quoK|q8A=iBym--zO z@YZ;F3sV^KLadW6zM0<&0dE6g>3ZAU^TK*7dR|y>BZM)(h4K#dys+Mm5tgpE(LQZh zZ;Dz;jh%oF6M&+sLO4>#b23^INEQ zCoeCow{e~q>YdkTa3e-G-ocKIDF?1RbW{kN+&Oj@INfOua|E3dbK!Zy(QDy+9r8N8!2co${xF7>>A zL4Dki!TUo7??JHh%k6vE^ZEz!-pt^=ox!W?tUZMb%H?$sMt)}m^7>@(w)ebQ0dKf4 z%9(bG3+L6Mj_rE-1o4jeb=-#F=~5y3gZyk^6BHWn0?%s_h6{NkbZoq<#6#~;$12ww z=3~B>H_G!uc@GEj7K``&Mdju4gs`EhcJOWn?|sh;>!ZU4Ys>2_40&NY*dc?ri{}*s z`8-bgeukqaG zv!17Ao-1qar%=DR@IJ{T9iw*}g};*z?+d9)OZV-Iio@Gp;g0e%#wWjF3AT&;l&9O2 zo}1f2$K)-1ZVrq+eDbkMA@acVv&L?}*vc8KpU2(|c;5*_p4AaNu!=3(lwrNqKEv-K z!rNLHbyV>3wou6P8{zX2VgImk7v5=}H&`JqQ5Mb0VZFgvZy`gxTM|)56`sCK;Z7VFzyElXPrwra3!uI-In^GUd<`o_*RK)pU zOxaX^?yE_D4cqv;a_kE6R;^kaTcUnxWkuR=<-zI{QdWjh&W7ofyI1^0*SP%b_y|RI z*({k;4Cnq}fde_lmLBrlH?^?@Tv>~j|0Cfs9`GzX^=AFecx_)S=e?!Gj4ypez-DC4 zkl%SwO=9~VVu@@*LWUffLj-DvCf^*R4#9cu(UkpUwEOsEM88E=I>K3k9&7% zc^y43l$XWZL%i1qm&+TNAy1EnIbJ9)i^uam%l9jnr=Or)%f6YO7s|`xJs@7Y1Ipz+ zk|FPD&kN;c@xB!AbG7?^DsQVx?qi=)SySrgI&|;T!RsIJc2~QC*A!rn3rq8OUoy?( zIrubBKb^7`?{^uzt1@_X`L*S>7nasLB!hQA2JhMo-gOzg|I6TUA1tl6r|uP{^Q%{D z*W$gI!Fwx%_p;V-X?d>*OY0q@2|Ud^URavz`K*2_JNH1Ea?-isN$moj)2x<`_&%2U6r;c)8WrTU$yI6SU{kcWLXe}J*( zSf&>wCn+@E0M9eM@DA|2f(jF!x|Mr=eC}gO`GL)nANjYM(tR+|qt)`ieInt3Nkr7< z$(qu8{$RW74_Ft@ivYH#{yeL+69SBRaFIT?JtDwXdCb;{d7b-4*q>jC*CogU`_}V@ zDm1LK=DakI-zh{#$m6}h@VRj0T`P>|!tFUru;(&(ye|tcd>3GpxWnJCDLvDnsl&y= zuGazffqgEYevhDD_Je)tc{+6Kukd+!(vFk|o9OeqzK$=Jzxuu3i!4dJEzI@ZY8SFi96rMdT`WDNqwb5QpzuPI&c>oEGe{`7b+`34Et6CShn2e!5R z%RkhV_LjhQmG8K^ru6%;VEf8nD6B~#wt(#~|0iK8>JoOa;_$-ua){@B8Sswwyukt1 ztT^&kcuaxQ^RHa3>rZw}+D;X7HsT#7oVK#v zZ%6)0SY8dv^0r)f*#1cSi9GG@lpjuzmFaL&zJX^J)925A===6TbJH@#XF#&wxQ6<;7^KQC9F$;eVoCgy`*{TWt2;YjB***%5q^& zX-&CooS~OCnJ$-KwNkI!{|nYRS@j{)T>m|xPi<7-Ku+S_`&<9Gx4a#&rfI)RZE3Fn z9@t(fjQR1Xe&yolKg_fp}hDMxPSg?OWzg&t5U^>-{}C;PZO7Yrvr>`#_7+{xrjQ(l7 zFY>W{g#i0j7&@*Du+y|qLdTl{rce7gUPFNC^AFJnzl_USuq)FigzbN1ZSABfsA%A7f8Q#&OQ53Zp^d6*!QC$NT$_o>W_^H*k38 zrsRFG4te*ccweP>$U07*xt4LCyn&r4|H#aE?gpc+U9P-8cV%s~(w70)G>?r@+<0$z z4EqgxTi8FYR-JntjM>y-xQ+m$jkAuh`rS>(yyJPtACi6v)_LJ9b*;J2X?$e ze=;_qmurJVh1vKFHby$&*;)ncm%`vpRNVCD@^QHo0<2P4xc(#U7M|A<@OpUO ziU8B+3!bDSJ8+zU6}@U$2c8E5uEe-%tJkVa*ERO;C8D z{08?_mFxq%NdC1CKSReVM$Ib%O7YkJLFF z_jO;F=lkRR6dG@^;`gmA*TJ@jCxf?*1f>X>rDQC`$< zfde^?t$rI64|&vYK^P96)o+?d{T3j}!L#}`p3HS?;IDhMEsZ5$tmS!s-|7f#l>GFD zwxxUdU<2j(CWk(!QmWslh4DRwMuk@AFDU-?E^SM50Jd=&I5>7T!Gh z*6`S?BEMb5C%>enJs&P?et>O}!RzLE3j*GL!lpJQ{jx^q{;hmGB&-nde&yx$2{6{# z?FO|i%^%pp`j2v+74WjK+r@kQ#qxa26UH}nmIP@Z6BgD7I>5sE$P4?u{EMAyOM8c4 zH_4y7L9&ho;~Hnb{#w&0PWge=3mZ19ZRvUojAuXGyr9r{yD84R@Nj^=?s*M?yth5C z&hs?gMf~m|@~oYL@w+XL9Md-9`>W^xdrfibm+{oFe+r|1t?k15myAT7wF9t!3&TFz zlBGRfC&Kv+-bwlc@6CXxPgOZyA;4H4z*`nzO~QEIXNWKy?c1LBVU9&_L1ByXe*MX9 z-5jJthw-hUzYA;DF}!XH_mmIq11rj-ccwz)H7PztFOXarVEZV(K$zu&I^a2i$L7_R z`T`g{blf8S$O9Ycu`UV?J5uqm{NNqqdHn<4v5GHHySgL5PVqeJAEZ6a^X4ct9TOGD zmR8Uvf9wnGuxK-C&9*h ztmw;Sys+CP551NTusel)GcidE)}XZTx+;ziu-?KbzrKOIDV|pdc;|bb^$*e(^I9+O znmivSm63+Xs8)+C%P-G@&<9v2QoiT~yIB5(6O-|jXTI)}fE5?DE!7bidD}qPn~IYb zY?#_}U#&5h>s*Kpo2@hOW)Oh>APL}`Tiez2|qfLU1QHT!asCxNpu8qfg!`2tZ zH>RlvFjb$s2b5li9Vnc2NipE@d`YEL|>KBc|7N^E|Ifp_OxQDGJLkT(6Dv zJO!>!u&=;@TxcICq2h!8*S0i&fITGaTw&w9 zUIniG?kM{T9LQlG^Ba4IHur!lsmn)!1Gz9CY2Fbjc^8XMevQZ4k?-$v4KZZvIBz<1 z`@mrHJ%&!(7qD>`>{j^)Rw-{vM7jJ?$K0=|_)oH?0c#O2Se!FxJ`$M3+T^{&j|ZIEA^x1q3feg|go24(PW$l&Rxh1Qby_YB?>8NBZ@c>4LB zwd5VFHGew4BZQ^%@z)IAqZzz5n!wZY^hx5i*Q_sb+2aItxqNw{Hedj{~m7J3E8- z>kQsK89Y7qwwAn)GkBk5@V2jAJ0Fe0()l<&gLg&-k7rWT_4aZGue%l}X`Z%8*U~#R zgEuXM_hbfdNd|9C29E`4I=_1eOWU_+2Jg%a-dP#E`!aY7GI$?l@K$8->g(3FZ+&6u zeC(6K`*{ZM%naUH8N6FFc(-Nn-pt^=mBAa@F~0uLGS0d1dT^N#<}I9-0&d+@;6RRJ zTQ@Z*9`aa+6@=kjI)$v8(md8z1xRx6Y<*=s4X^ImTHfs&p}83yVAUdnO$@Lbh4EWL zwoZh1yD;vR4^cd{@2lnQoGpT#yjv6=`F^`-nZl5_sjyzcaLC(P9^P_=@UXdu{DSV4 zZq2W#yMEh1VZKLYY0r&kc%GEM`+x1+HrC{+7Y}EQ9xX29I|m$wz44Hp0?+kIvv7lfj#w!8gpA@=R~qK7NxS&HFlo_e}<`t6$fJ`QC*XqErVB;vHq*h zSpV&v!P_T;cVPxkuN<$Hk3|{0$1-?dXYjts;BBR~UOK-$g{8}HR0i*;4BpHP-X$5l z$1`|;%iyib;OVjWwd~X5o@?bpk8G~Ro1VctFN60%2JgcR-p(28MBQRvOYiS8cvofc z{x5^~Mh35A#`>>Q#`q_e(OaG6r z5_uy9ZY#h4*L9_}p7A!RYhPNgp?7on9kuy0R3UozSID#HU|j;NlgD}q!)f|-Zq}ML zYgF9s9@eZG_0b$1H|w}4f5s{GKgq+^s#D8(=*2I(pgy`o^5Ed#59BQsZoG|!uSgx6 zeM^Lg_Pws-f@G;1N6oS~Kcc(CO4!w2OuQn-~%7vbYQuTi|-0q>60<-A2Yo+A!^bxorPiPb=qM7o(6_2!*eqB7|g}k)AW?z=PEc@nryE#XHTa-FBc}qQR_F29xo$;E* zYm_YfwrU@g%Xr1{cLnW$_EIklkKTo;W0TjS^aXM7^oKb*ZdOQp3Hv$rQE$jwsQzW; zV#g-W@?m-{9|ffg`S`tp~_bKFtkEQRot z*12U`)31={S#-Xi{XhA!pKamJ!HZ+DMOsFdx#2n*Dz9a?yKiMD*YgqfI6@cdB@LSc zdHH?itK{3r<7BJ5cY1ezW`0J#CNBkfcLG&$%wh1j4|(VYhich+CWyWSe-S4*>KZm!1FwW4yw!+$XkT}ZF3$>}y^ zWlg7=%DT$7mF+HQ_hh?)?T(d?+l$rjO0oYV|6lnRiu#RGg^T2INqw~BYCHZvyuAy2 zTvgTnzh^Q@CTVGh(n8QePuoxe6bM)#V4*_^P@rhR0!0yrd$|Whtb%k31tO?a#MknQ z7zMTP0#-$>+zc0?Dri;Is;EIhP*Ex`YJpOI&v&1_X7(Hs=L`~>a+7mOTRAs7S8glegxY$^c=Zh?Ip&v@$|p)g6QgyDb*ft!#C)}m zc}V3zzwE28)2tV9d25yLk_>gquKQWOL_E->NH6m6nLP7VENAmZRXDOxJpYxIkLRJ` z>_Y~M=QZ@A)ATYg!2`wi^$3sG!4=9g=gtvb9o1tvKhF~nv_$j$qTMm}0Re!H-+}KxKRICE^7ngZ{*h>H%IdN}z)$^HO`ZD%OonK=X zD*m|a+qjX^r1;g1%ZkhYv+@?Hta^FNivz_Kl((|D>OU)QxyoB6`ltM|(N|N3y}HpC z8{G4Ms&Bu_s){}pwa0LNp&rmRZ^B1e@O^R<`6zFrZ(cRns~d3;?fi!AR#v-Jq@ygN z|I&ZrytVHt;fZ)UL@TwP({H;%KHfjmFX1VQ7>9$(mzC}oF~?YW+4UCR#d0;i%s#|r z>@dEn@RG`am|vESz}J!C>l%SCyZ>1&JCa}{^*6n=Z>-nqTNdx}QM*+#da$=D9@=+Q zv=3V&9A81xB~K^^dS6r?e6il4P(B#-H~W}}V!w{WH&S`X#`WzEdJG>_-t3F(+b2A> zkA5*+f58ulbim6#aX|Ts(q&ORpDv2zxgH#e4?NbpGL&!jnqTO@G2gSw!{aIP^MWA% zX7&vRzC>j(zYk^drgypUSTBC>7C%IL8z1Fu3g5C#R%R5w%uHYucUk;J}6#Smq$43DE7_~Pg!(cHm#8dg;PN*v&-mhXzdxgwdc}5Ff1!RRAGZf>T#Dv{ zh2kp;gP5NOl&>gV7RBQYJ)6RpohL^sZ;{ILwnz`{J`!J9d~y9o;#(H+z0tfuf3|j_ z{|+gi$Ob6(^PH%>*uIMRz8m!y?t8@c6(zS`JkYMu{*?BZBMf>>^7t~&Tf42y=p9r( z5ibNIad~Sq^~m1eG5gBW+pV%7UCWNxZhaX(#(~Lg z>byqzrWbkYFkF4(dWglZ9q`g_#Ic-}*B#dHMCXy8r+l|!D7KG&Z~cXFP5Z=oD{ml! z)851J;TN+B`zXI6on=ux-Y75TLvNfny_F1}E#LTh#7EsAuA>$zzg%gkKbqH;Wy%{= zJ`oQTUze@P@C^k%Y^0x=Ug{Uyja*kK@6F~v^B?y$tvs`bGVx!mmwc8l+g~hieE1=@ zZ;|pQjDBuHGN5yg8CLyXh}hc2@5y@g*t?V%}M+y!j>W z&ntvm8PspJ^4*ew;_*RwBk^$`!tBF;F(2(=<;8sc89wC7DyK)py$~xet_OBoJ@5hh zGUGEn)Ui`I0iLX1R!UDI9HKmv!^U`Af}5Y|AJ2w7CCB|>KscD;ls`xLvgq{4K9e_l zh>@|p)r0!Q=p5q#e`25IjSv6F{)+t^?>AOw_=c3H zEM#N86~eK_>Sua;gdG_91wY4pae49n&)UPv%lgymF`WOfEo&cqlx5|u3wB^j+`j19 z6h6~y<(Yk1z0@x*4?c8e^}-kXWhDDX;xjwUFM}%2{6K%k-Y)5dl1zITAMI)N$l5nj zeY1LLH!#DkysTdqX7&e*l<(L4R~5Y+?Q=}8*<bR|LJ_jE7aq&q1fCKhoPFJP`(E=jV7`?a#C?c2Ec3*P{OStkykrn%r7nTc07G0Ew9C?WTqemA0_n{T(NlU3(s#Z(= z)zU}R<*KDimz9MRCSP-J@k^U%#s9dSu zx~!)T-0 zlsGrXmyS-)IbH$vA>x%?`bUY38b?`r_HvMpWpBaj%GHO_7E{JGi`|bGyXP0Xs~5Y^ zE_Qc$kaB4g1#R7)%i|&czoU@9<=yjn_e|am)#|pDXZ4T3lq%=+yk<;+r)^`J_zeK~ z3a~`wI{i>fF4^BDm$_s~E>X7GCHiKp&0R9tDeHOloRg4v?W$hRXH}FOQkEjyEk=Hj zuBHA0xZCrl5_%|6CCk2+XKo9~)PvqA3!!R>^!|EOt{bl>e+4(8P@Pa1oKQG%e4%H2 zp)kJCJid? z66*Gr-E1$JsJ`iDd6z4zJnY}!?O!}VdR(zIkm%`QF<;aJNo+{VEj5jAx~}PQ{9f#6THds_snpcn zw6bYk)3~NBn)v-`c++Q*MVC+V-TAJT;&sLGMLnKwn^v4!Jh3=s%#_g#m6Vt3p7HGk z{_?N?Q-%2(?uk|QiCK6Cw(*r$UjLk>tJuv$n2j5I(kE*EX<6E5cE^x3gl-X@Bqxfb%?I1kl!d{YN09QD3i|;gdl$t!dncn zfKcq6D*D2;orkn=DAW!f)2VQ_(CCNaz%)H|8aVZE9z9k08G|aHm$cB}Gw>>ktDLT4 zU$yz#i$m6zTXQxXglbw?y~xyXY^A%(Q5*`HkPcepHL&T6VNO?RLt3vkBKqjYCcXWB z|Hh^VH#QCCc#2<5pPy}`lOg!W;;L9l?-P`Smu96yrlfIG5?*^RWqnz_S#-4M2+=&F zit_v1uRf}e6h>TQ#=nQ1tNP7t6eyus)^trEg+|g4i+6P znyqt@9}<1qr`1hubwjPLqEB(@hY7U1YV}Q0&LxfI^11XMs@zLOKfHgI`?2VG(JLYX z<%a%C6ZT$KBZdf_AKFBbH}CjG@~e=*-*EcF+2{LTse!~F2>X|DF~ zPlUdsPEzYc_zQl8B8mQD|EQ}*t$_IBYIAu>p?rCvTrHF@EtKndv`uoB8aJ(fsLMJ|Bl;;Sk4PoBnb-L%HEv zNL^96mVx&CK)Xx-)d{=~rw-rln16Oi^Ezs_Qa_yNm=-7b<2L>n7>XPHTSM9iZR{u} zdLbojjC#~met$G4?2q))kwow>zEH>&a=p2Oau4Tvn;*&*np{rfeRC>X%5~?GTo=yr z{2H$Ace8#sYulcQ{ByQUN3MkS+? zl%G+4NPhoe{>pj&I;AGQ95iwfIn?-qzn2hO(`ek-OD?cJ3GsrZkoQW^=3E4>C!=qT3SABs}WJ$uCQIp zcCDAUH0L+-e%dFkn7TCAn=F1MAdH?s?H5=%;|o?fG(uCmU2rs<}Tfs zOSSv*8LtGjtjbZB@|@+IOLDybsHQuNqP%HQ2B2 zss$C)HRs)C`fqVhHfi7B|I_}3{h|CP$GWG-x+Pm}ESS}??$WWoWHHKR zv46asI#=G~e-?XeZ+(r@%SHWA)wh*L6O2{-v3r#FV6NV?fwT0*w>9N* z`p;>^)As%tIzfnZo|Jf5N9%Kn>uJi*Y--xCsdZM9(#0N*;^^;bI(Syo)cu;q%~Y2D zoz*WT3aP`=W7N<(gPt%qx_PDYypoRdjxL>lv=W>59bLNk=u-9Q(h`5H>eMkB_>pZ> zFUe0?od4n_`Ei%z+b_vqbxA(2|5Nh^otl66)O=b0Wm%yASdUcpwB~2FHtpBiI*ZMG zQTuuQQ=is@XSGhqc zxVb-$(~wZ}GB6ZImJwe~hHrDJ%j_sQZ_69s?W>;^|1kB@R*Hgj9GsOljMBQVS$J?3 z$5f`?yV6y%IM^9RfcmaakMhUS0jEB;{wmp%E6&V~-Y>V=EdBIFF5kmZ@TEPu!)N8D z@0aVCschUn-jLRun~-zb1*>-~brY&?f+mdeJSP55Hz5J0KHZ`;q|S_wF>YLpgWWCT z9ZH5_rtrDMw`pUGrhOW@JtixpQzzU>6kNie1)XFZAhYv!+iB{XJlPMhop;`>t+`nP zj7J8!o!fQ}6Lgz$ZEgNuug!ajWT{(^D6baLFZDKUDH}0-d`QY}(Dmnw zr9!E5^Tg@qY?u19>n~hYxU_I>^Rnhrv)t$RF4Q>JaE+03^}n<@@)pq3CfXv$tguCH zbG2~#$3}c}aax{qDye-_ZC>tE`h3v~q6b8?tBZ9^*YWo#eSqj_5i(j!YGHQbH`IRp z*iGo(+SI5&&Yzr;_ff2eAp)7@+sw|nj~#J1COi`3DQ#$#t4l4e^h#^TORWoDYE>=tzwG7K>(;m4 zxgI47k(|7M$NYM!y|%1x&$DlQOVRy7J7PbbGW>C&@2gWu5NL?h)t71;=`J0#18`^p zza44Nhc%ksbyO(O3(6|q&*fUOi}Vs#ExPo126j@!=0|O|`B7Nm6B=b2G;i?l?VKWZ zACU7MI33cyBAw|eJBFFc`^DBx3@sIkrSYRnh4xajhJUftGN+W^zf|47eB@M7g|wrnz&2K?=C&i; z_mAMw@b@+A_?sj$P`$b-<<`+st258%d5%wE5bt;J{6Ef{+?>pN8w-^0k_=Sjp}g`{ zxu;L`?(<4DeTy>X^=IVO~Bjzp>-((a$Y=EpWXi+tM0^nKXLe#M?~}ffzO3Dp z0Z|TH47*;YkgBMxhnWRYNtA?wyA+-v64H>S zIo@KBkJB7DTc&-Yb2CGFKYx?2eqvV0+j;b9Cf9GzM1Sr;{iT6anzK}zdtLoTTm8mZ z{n{$^`W;enyIkNV_W5yR?NIe9mbg;Y!&P~MZOxLLQ|s&D0e!1lNc>G(+QIIJB;LaU zmMlhtD=99BxCK^JoEMdqCN%WV6!OoGwf>STvG;gQh}=?YdyS)K;;SEP`n(S1*$WZM z(peEDN>@coMCfT3S$~(yG({$Bk6k%cad-=Xejx>=QuC{VqPjMKTm1(ZMU7? z(_fa!n;h#{EXVvw+hP~%8uJu+PtiO9A3Vl4-29g4Jj8qbrmrufud2N9F`qDRRTP&+ zyoYLX!`T_zy*4T**2laT^9@FP=%ap#Vu*aKFRmYQaXIn)N!ytm_Q!I=+1)LEC@UBH z9l1C^lD=gbyU?GgY>4_`cUdv?zQ~{58M(6ZmB5GJDJRZb{Yn|RB$KDyMCCxSKUZY< zs2@DkF@9f@e7tV3AN!?}DaY*W&&Vy$$gLbfj(uX>e(Zy+y@vbV1=GiPi0v8* z|^S~yzMtpI<+Elq!uQbZ7Rz6Yr=Fc9zpS)1{1)}XW{!Jf#i21A?z_4?z z&UY!MoVXn-89y+eRK!yj(O=dn&ow{9_feR>!A$)|sxLlZ-ZDA-8T$ph;{3D9$No0C zIl^Q62bAwt*%132^pl2%{h`Tis-5OvlPjyd*sevx=&wjuS@dS}SzMnXm6J#&t8bxj zFm&=Bd^PaFOZyEdUr}5Z#rpb%$9|#z$N7=keU;j^sInl|gH0U|D^z~$msQFqDg%o9 z89Z^jV`uCK>eDSAXt${SEN|_wsro28?$?x$4G?zVmqcj@JFUNv=RI=M*OQU!i|nMI zjnoeR7d!dfnCV-Pv1^g?ar=#=Z!p+t?MHp6tL29><(j@~2B&;{4#ndrQ9kyI)8`l} z!pb80Uq$&vO81FgQGPxBNpr+{|9#pj}kI)loiP-?QxwUu-A(6O{qQ z`|e0R`?TzvhGJ}ZyUWvt2MpUvdWFAIgo^;x7mb%E#~%ayMv zT^42AA(k7ieu-qDxS!2qy%7e{?yOJnK(tF)`UVxR5*-xX*PtKAaw{|W!A#!jH>C0_ zDyuBQe#(#YlpE(wF8ld$`hTJ_AnaTrxjBjjx1Jnmkqm@B##Oh{(2mNRKRbluW7CIS73Iq!^x^L~Z*o=PvA$)>Cz65C zw=$Ej$z}YR_3udfC_nDk)HlwLBsZ|3ZWr@MS#lNGSQfoe{T7NZuHT|eey#GpZ>pSl z9~twpKkLuPVRuC`WfA(#FFnHJ`e0|Qf28{1XY04j}A5uP%E+`&<%uBJpB*TaP zLCHXI|LhYU+f@y6=tTd3@)f1aqPTut89D0PEgopN?_n^%tjfqyzgYiTGjw;`%)skp zd*NTw&>OX%`P1~#KT48;Xb1DBows&a7L`xEu^U|w`8CR0edGJ(CTHa%*CiRtqd(4@ zzW#u7Zu_7w<{L?_A~|fL{Qt}K-vY@YQxws!7lypqxk&k{&h?4-z7Mmr9P}l^ZC=Mt z^311ZCwbb%18RxBjE41EL#6x*}KTJ{c$ttB+ivFzpBI)bT z>HfEf?@KVbd6J9yHdU@an!o4|%QN{N*}Yo22SvGPpGCV<7xO#yi}PzkeG~EU{L}1& z55Jfk{UDa3-Q&E;!57QX&T)QSCU0`pfWyoDwJeh#P`;vbWl`MjR-VaWFKNqTW1KgA z*blGOk8xbZ6ws89DTINd}wPH(32vtKY`@7&i_15#$zT^exKd*Nz}({q~1EyCG78<8)X`okHLlGTFNyy?S*2Xw2*%t+yD%pU*es`1bAeZ0f7dP>vd_supX} zp+Kr0nw&n;q;8`i5HpUM^j!OZqX_G&9O5iyP@D&YFM8zet+p9#m2WNU{utw)8xS8 z^iX_8#J5lwzr|R618lC&eO>g5?4YeF59}MFZ>xqpKQ`44{?CiB z)09T`<_J4c>G|R-2b<|VSBdV?AlVT3z^)cOrdP$dPm5l#&xqjb3>Y?Tl=5%sp**(2 z=j{~sg0O`V)}-DAwme|02mIdZD|#?LU1aRM-q_bAzN*d-%J=9XyjwI?^q8TYP#tU zd|-U!0POJy+c#j{!4~G~6Xk=aw@v3&bby^CY;XAhKO1(cuw$Zr1>cHcWbX)ku`F1& zJidS8{_V5?s2l<|uaI3o7e<>a>9JoZUMrd@GFx`lSnJs}wOO$D({YNA7e+u zWx`5|k=;r0Po?+HLsCB*_Va+Pi1=O<_L%sd2$-7HeM)rK+v|M|>{bzc=6kR|28<~X z9Xl#NRq5{@k;*FTu{{+3UXH2)D8L7H#J=_UV9$VmHS`V21A`B&OR-@x&7FI6{WsO& z<2|RxkEz!e?BRgnbCU&oMtp`%(YfP=Rkp0lf>nfFzDvD5z)lx-nfO+Q@;sJL_0pE; z06QmO*G1TQ!p1Fd{|jgpPyp$tjvEBECa~wVmWYIbXBo zFkz36PVfJl-hEjd-j|LorM%4(g)y(u{|M;VMi}$oT%}F+-N74SRdwyEtG6AS+@`Nfg5eM*m}e zUKL@q|LGTLyarjh!;g=XF0Rk_V6-7~#5%>42liVLeCq?o@cx->X@8H(i?H7ad#RdU z!yyab?}YKa1iWuxn7-%9O>?3TsWW?%a`Ax5P3F}hc_+ARK9TE1bF!&Z_ zF!aV)OH-;hmgRTg(YsW#QrDoDxy$r2XWuS9b-^0OZ)$!|SZ{>Q6^8F^eC(%l(}cz2 z7mRl-S!Wg~jox^jIZk=>!pCpYzY^M4SAG+Ah3_I^ zomV+`a>RFWz!)|Hus@#C}~ zNW{1AuM{6Cj7CE*e4o|fl{NJ>8SHa9P~JkNjSuX|40eS2+W9I^&F%xTKNX?3q&Ta$ zTbPx1%p1sd4I?`zl07-d(r*Z{-kHj0^&Th8^fLDMm3`PkK=$h*{6alqK70_{eA6b% z!k3l3eG_Hj%gSD$xn!%KHICm;hVo)xSv_K3Jug|>qf>PwP+#i@y-HhsUliZYYP^dB zrmX+m|LmXF`xV%yG>~F#r3hRpa{-ShV zbz2+p?IOQ0$My&#Fu&LwYyDngZddVr`S*?e`2pd3JXODrr@ns+*v&yNn7%^O^G#G4 z*atRE>02c`H{wIby~4&ve7h;#^au67fME-JE@ZhcVfFoWz^1Ek!!*6RC&jlWV9dLT zi1NlOh7W89(JfEb>j9?io98<#*avo|$lIsbWSK{^vR@8-7X;aY@|5%NpVU^enLzY@ zVI9IYgnGbtuCV_RHZj;td$2Bi`PusV0d`)%=)>3oc7DK;fbo9+JkjQVN$>k8=|36$ zZt2@Wn2PkW@SPzV`m^{W|6MQanZL?sDwjaCuMW-6X-!sae!fOHSUJ>#F@2ioLSbhq zh7Sz?{ZSpHFT&1NdY|X(YbbuXL(Dh+L)Y4Y59|?P2mVug$DkMN$HFSY?uoERiu!`p zf2Vr}^uqUpfX#`@_aylb9XCX>?-6#wOZ9mYUzy&UBfc}lM}4~@>}+A^7>KYl zLwVMRDDQaksYG}o0WwxD?3ftg+bPA0W&_c<@jN2 z*=ZPAuuYNe7T>1S7d|V`?At@wrqma{tn7ipuFBLG%=oOncZ4w*`~EQTVRJ7`3UM0^ zC~x+?Bb2u)!sZLZ=2+I+Xl2BAOptvv!p;*$A394I0ln6T;<0sp;2Y9;v*pvmR{gE9 zU-5yqY~T2d`0&9KK~|CPuj@5_6EX_u9Sma?zYxImMUQ@*+t}Bza$Biy@1QT_I9X|I z0b_3jc5#I9#n)g15jI2EyM);oM0SsW-4OBZ8L%}0(~$IfJGQLr1w${G=>mWO*G$GbIJ%v1Gdi#Z;S54;c zujBiU2-{w1FzXxe%?=ns$TB_-6}@%$oa1Y$3_DEN_Fyv1u%iRET5~Pfmdevl{vf_Y zv0)!ndc82~8}Ka>72j6x&)B&}gpO{-$bzjEwX35qP>j9PM6*Os=?26@is6I5Q}i2k z^on9aNpy(l8DT3F8{eKv|F5v_P+u)O{`(a0OOG6EHs3ECtQvfS1J`i}>EI zdYn|wxxomVDGXVz7qWWi1-)W%pH;egu=s*3*p0#lg-ui%SuJD!JBNNN?1CT*zEKDK zO#2eFR66tX$x2fX_)7BMZLc_2j<9bi&9$@D7e2YuUpwPxljT~{UyF;uunUE)S&(a( zb66KPKek>E%DY%JQ&_BndeUwkimkkz19n4%abFKUDqwufImaKbuic9H&I?#PCt@Fb zH%ELQRXNln)_aw(v6Zx+nht%Xu=l}GkX5&JTx0)5e8)xD?*jICgbf8OwwdvL&IxH- z>NKakKQ0nx;}UEO9c~q7{Xk9TpWFOISeMe+2lg(}^TN(jOi&l~YtOZR*0rw6fR8?O zn$pjnSnnHPzY$R$?Sal%c2Ief{U4p&T!X{vi|kj0O%Zlo#J5)1l9Tj3o-)j2&rtfv zQ_}hxcCN66!k&m^dA8UhY(v19pWh~`EX?`!0a-BSaWL~K*j}Qg!YYd48>N`^3$m{& zR>RH~_8vU|9j}TS_W6JAw_qQeEcv9(gZAb|PxS2`95LkHLt*?O<+v-^Zw3j4C?4sN6bKCu54-6w2Dgy~Y> z%T_~uw^IIbo$u9+6dN;O>_MIqX7@M1ejBjv;8W(r+2gj=xg|y@j;;7tc@to^jaIu7e;xE_er8@ht>NF z*i;eo%RP#XFA3O-0oz(JWq(6`?PC$PkJ8Alky2#gVtPu-r9?^%D3Q%t~Dw*Jl+hAezfE6w`bA7Q*lL4B9$yz%`)*taza z4rZ{`5mwZ>cZ+_qxIVXoT_(ExlR4KX9oP$YyJ-2xRbJ2w#{6=V)&=?jdclT7tP7(h zXxP)j;Oh+-WqwQa+V#2GJtMI11kC0fu!lrH7T*(`3;sKka)b>;*n5PH(qU$Vohl4j zDq*s`J-1AYa4b7k*bjsaMzVYd4t)3kS!JE3SFhuOzz3!&$bILAdOg6HzQE=MK4ty) z(!Bk1jn_gGgkLBuQB063&v%C~`k~p}r2>4L!=!)?yLO(TwDIwkBiwgf9$|A;Xn#4~ z(-_~;0gKz?UBcdaORo0r2W{Ce`t_IeT_&MCF#1^US2Sl!7v+I{JYX*dY@G5ZiN1SR zu6F+q>=e;8cc*KBSpEKdO5j_qnDX!me%tGNx!Q9LFy_f^?#qWo)RnGsy6@08^mx_>`9%Kze7Az~fF4(NdKWBRG$@<(5_FW15 ze37oBBEFRY>(IqNdhx*|QGZ{3Ujmkhn$|b^bh0q)v$+$#V^tn{pHkY&J3$z2v?AC% zRp+dYZVPoo_9x=|$IChQTqL_z81+3_n34^?8Xf9^>?oy??G}^i&7?=0gGfH~i^@`6G7S9{-fpscI2LbtqrsiEjMqxA2(V~F~d4GS1^I#tp4GEj8 z7+F=@?IatHcwfFYrop;}Z6ScQH*hp2pJ zzV_}B*xLj4lwxGTdPUzlK>M|zqon*s(U&e!dqh}X>04f??{na56?V-#{ZHfh^0pPm zehAq)iqQe~ZxOOuernhTVaOJOPvIM*^I6$(L2oR}{lu*74nek4<(S@`gY3zQ4bv?U zFI$TA_6Av-@3Cc0kewUJ9v)<$3)tS`+fRhe*4Myhi>PlU;yYLvHk)4fjuplA1!FIj zl|4}yvUC9Iv5oTV!`$c8UqYLMVZ-4!@~PV+U)8Tz zDTa@|A8XIKtLpUygYUj?*Xs+$x)s+KjQ$tb7px_;rPUYg6;WJY*0=GZq_wGbjR?kC z_@HhEFH($sV5~`C{Q+Zq?4q{WO}~-YAzcKpUSXH3yroJb3&uW&eXR8t)}FIOdvDWJ zyB;*`k_>i^_y&dbhrUL69};alsmU!5z6blb=;gOGxkV9nv9O7EX{`;|ROKg&E>Ih> z{$d~4TSZ4~mG}EB!>BL5ss_E-hp)0WgXOy$>w)b4!pvsc_6*TWdLT^SAb{;DI`W97 z+PVOCw&xz`0|DzQ)cJG??`0=OvM&Wb8(YZg zmX9wliDY*ames3UdY-RCZEChKzhH~)EhvxuGqUVsjPIhr$GeM$T^_JXr1!QUYwIuN z-4poa)|xEuFr&9OlKoqdjeYfM;EQc;RiDV(yo)ewo-Tf~kN02TOCr5<0;cZ+{(rWa`6g>KSk`8+tj(&9yF-WD{!pKrz`m}-fB&Y5U*>V-+eP^F z4q-P7z%StIbwCzB8paqz_AJHl#Ik(?jBi(sDb@=5mti{wj4@#ta}9i&Qft_)!nihN z-Z#Eg!q9uNWV3oN4&{l(?IKz{py!e>DKLl65?v!~fns1V_AuAzdjAH+=s@<9qKl=Y z9AUQwY-xnup)@uR28=TA)V0!mDrIhjtqPdwfbX7wJs0s^r4wJ>tl$#GR^LwtY+Zz1 z60o(A|Fqn>wr%)bthy}wn?LB{k~X#SI)qh(;RC~X-z+Q3^+#5A`yd2WzvJh&m5$gJ_zn^VpXt3**hJZ!2qPf-QytJdM``2xrudGZRH*GO;QL;{SWArW z`@;4R-vtrI91CW1gx4YL^TJ9IAD>IW2XP<&m9SOf>y7xH3Vd2ZTYLPr-hXx z*?S~(`{YI)cMJQpu+9wM(3D0#|BlzxMjt%ftbL($B$B0G5Mvep^(t+Cc|v^eku38E z0lvJj3xrMgNFDovWWkUn!23+5jd-sV9rHa$%CncS&xz0amC5d&ksVTjwE4nNHsxEJ zQ(mkWn-gIK_{`>+9;sv43}*GE9e9pIeGS`FY2NuPsUXAH--8upyJ3d}*`7#tUf^39 z$+G4lOMfugim(IjP49OZcA_wB8BlE4X-XqI5X#e3;Jzv1-P+q!9$}Q|8#>RswYCnz zcfaVp`XItRx)`QBFrK^Ycu)OZIN*f=0uI0MuUmoUI_+FE~r}rrMYa3;q zx`luLo_+QV&IcVi$voCmsJ$17Ec>rtY7?35lJgz|>6~+A? z>@g8zut%}+{ZwhjjOk$h;IlmF9SD42%|Y*A&;hn((ECutr)B$fvV2wsn`7D88QFtW z2KOkgKUni=&;f>z@KvIifL_Ml&t?{C*H-Yc&fsVICL#8-jW_tXuDfaHLhV@s*nt7F z_5hnBqP%5_WllqR3zf%z-1~Y?bljYD92xe!uxWZA&6q)!YvQX!ADogtJ2Ae03(LyB zENoUr_7lQBlabA<;H+#jSVs0*$=)5w9;`g?E&X0TNR%dk^$L5(E(O0A7!Jec<8&es z9jTkzCo49rGho(--~;2`55qQBp0>HLT%U`(MvVN_*|Exm8`|TeP{`=Fk z)@q!TBGW z>@4h{Gg7_qY$oauEfiK&Z1p`tY4%)mBWyvy9*VH{Dt+{MTH{q1vaQOax9P&VUa(Ek z3!mwor?i!4dRIpndLNb!yFZEl(0k^G>w3XVZ?DqX`YsoS4*0Tq!LoY6(7Ve;@?WSg zWzr}AB|j&M&42V=uyTaaPr)h?M*sYGg0w}nw&htf(mlxMcU$Gw98RQ6Dfi_cwA-?vlV zu>s>c*lex{yZ6#U?L7+kJ}vBd$$m_O%J^0U?AZwWPQcbl2)-7{(nhDMza)wcqm97I z5k?zv|~< zyFaI7X(Z!{`)GJn`TBB z@hmL@U!$Du3_&ESbrpYimM`W~3R@d=ePM-R6cv+#lW>pbb`iLhmXuNd^=mlu`BW}EB4^cc%yHw0O* zf)3a`BgiV^WALv1tLd0g())mRW4y6HAi%eMz}6{k^;o4evb~B4@R{sNk2K1b#egif zj8dBS%^0f$Vte1r>I)zD9eICaKxxzaEv4xj%$EfCtZ&3^&b&h3NEDmwt4j0C+WMc0 z_xC_2svj(h_}II>s+$ORDmK||m7Z}%qb&EMz`7#7-2-NOTV);n1-?q8V>pcar!&7( zUyqP|PPF{NLc=rvzX`kfzVsRv9(=H?62B1^_fz%<=MENXdvtigej70I$hIiaF6=m^ zsW0;Z_qrxLQr8Q1nuxw(z5+WdU_*+{S4)(B_m3K{v9A=iL>PU;_&%caXP(x*dg%wl zmYYPpZxLgRZ}f8AV|?Ei*7{z(%c+3|hAms_Jn!~!&x634e5i=`uU-^JeTyR2LEgVA z1zGTJ5qp&diV0kkOct>pvOWnPb7Jx5h1$C*VEc+TMYb%yaz^$<*>KUH8|SN&gdH#J zPVt+sz^4DD5nCZ_>^ti3LSV~EVW0hLx~`h+w*y9BGK}ZupFJqopyOM@&b+x$dnQ78 zS!}Yf&x^kIjr#Qm*no&Ovgg20^f@f#{EfT z>2t=%x(~Kgv0+>jgRKtO*5aq{UXyF~<48&0*EYzmyM#?wUaTJDdtzpOK|TmJBl~e- zlvjw#8xVF%b8`dVO#xe|7+a9NU+EjgH&bZ>*Lc4dhM$>Zjqed*UlZSo2s>Equ~yhn zq*s?|Zl9KB|Cv>johR&AVU=LBBDYak-{|JryQ^SDEi7O9lkS^^^1xJmUpKqIAv4@L zBI?_r*mT?;Fl!@Zx%UNMp9UX%`0!&Q_UNk>8^+lG>Ta&BTkxGM4B2(T zX8JmNmG$}}4f-VIfiaKnBh30F7~hQnc3s4GqI_`oH`9AOg8j4j?G&&6n(mD#w(?FA z-=Fqvu8kSy;-wCh7z?gGxdY^nB`~r4T;IrpU%KG;bumxSng7N;rhjcA|allknw^#(9 z_4|VICyM#(vzu%8bHKQ7@oy=ep)}=zeM%TMKcpC}DC`5WA76C_KCnf?w*NqL?Y_Bz&k135UU>^{H z%?_*IO}s;aAqP7*ex z*!b8t-O=Cdk_bCn*z>|(6oxFcy{Pw!=GwdB=y*UUkTpMpJrZOYTUl8E^nxEE;(gHy zalq&sv|Ba8?D~AYDqwuq==}cL^fJx}l($@ThA{fO@i7)YDlG1k#|eA>#^#25*X(J) z1{9m@@c~OBo3~N=qUQ=OiTEZ9`;@Rb5w@K$?n{|1<8|)PcFj*;X|8?#9BiJjiMOV< zNW{M{u|gQ{I>+nGhjsFuU#-ulwB^OZK5~=hFwHaA45n9xJyzC4VAy>+zr8-xK2hfh z9~NyPIz-q40EH}OvcHn-lCL+{?oprvZ2Q|%44X@$F45mLY0-yGwoRSk`;uKLCd0-E zdk6lDY}Rz``D||I+O)SVz29#A3hY2(k9<>oEtCg#kTCASTl<177B==<^)U$cserAC zWIrCTRiR%|H~P!Bd+XQE1?4Xi?J8`cVyg#yC;znGhmd_iH0$wt`+}_#ohFR7GTDC$ zTPAE-q<4|dzxa!EEi*naZ0Qicl76l;TN34sud0(@`emanU=OQ2+C1jFK7(=p#dL_Z zK}ReL-|@d`wC@kXKB5O-*k?Mxth_g}nP(l_{#dmVBS<{y< zhtE0Km;t*&1ZH~%!}#n&jOpVq-WFsDMUlN%zes6pM)rL1QQ!3uc8@UXJ69M1S*!1H zN}KF`LC5ld(TA=S{iC&|_6{1@rJ}LL7T?#D^mFXn1NJeML3xvu=b6nBqgrZn6BrG3 ziXN!i9(_2BeFXPL-an?L)|OzbDZdi7L9zb*9J`}pY?&zly;GGxR`g!I^lf7m?1Q4q zWXnp$#y1@H-#Y)D1@+H)A^SPeSM*ZrQ<3bgfsg%=l}CTRcB>YbM11!L?1l*Yq0+aB zZ&{F4 zfgjf0;>RQ9f&D_*QeiWdMh@)vfv>8x>FrVa)MHv2*7$vdx!qb^Rgua5U5POo(~k=? z*#ne5?AWvq8FsL+rNSOnCqouuzj3cHd~1A%D~;^L2xE_g>;)3a%1#%6td>-Fm*}x4 z)3In6WrGzXzV8a-^T}rgOp)KWJUP9kVQxQ7C#L?P{%)vD_up#@7VpjeD4b{I3lv*D z(1)*9C?<)l`D##r@g1WR$j*smj~Dj&h3Qx@J}~TKd>F=cOjefb!K^G;R#vYszfSh9 zVPwIwvTd^AjvZRuopQR_LM6X)VT*sa*D&^uvuCx`{K7cbt!Lk_tbM`gJ8!$B#eWW5 zBK{dO*Y@Zglzz&CZ)=@=MSRyOO<=D3ifCW)X(-kB-YULx7pvbZMs{>@Wbv~u zRo!zR(%h~z<$>{DE|`rYu&OZn!9>OIZ6@r5j4T+}&ao^QYiCyWTWV|W^Otp=Fh!(G z8UOkH3zRk;@Wr1ihgZe9=D(%$GkKnivnD>ExsGcl&das#X(gDi<||Ek1kUZTu2J?q z!Zua**grSQvR=NKEIMx#QD5c_!d4=yZ&hjRGrs(!*4j9tKXYH1zB?oEf$bKsc@egk z()4HBH^FzVD87FM_Hhw?cY4%!FALcCFwQ3^f4YeM&?3dy2X=<2b^F%Z_w*X}lcW)2 zd_3OOTDzAE-wmSD4y~@D*vh*}>BogJE)9ED>Eh(p+PZ)&*x=>qT7jRqr|_^6)Yp6f zU%Rl=cWJHlXTy-Ck7s4AZ@|ZRdswp8My#_PqLy7-Yxjo1wieA57R$2MPT#ZDB|2yI z_?0m9mW3(VU~^S@<2zh^9Gl~MfFTQ(m9_T8=Ih0W&F~Roo8x+z&Buucy?ZFe_vg;4 z`wHwQBF67h#m2`x3HGcEG3>vT-f?D2Z7+Z<813UOG*Bi<5nKStAjQGIj@7IXU z3Rq7hyQb;&vS821mbg6b)q`mZShM+$!fxzst?iMp`6*#nEzw*T*#d@rF}AtJ3bF+A z!31H*j?ZAo#@H_6`^$lidU>xI+0l_K7_u=|5%$+{Y~POt%&sLVPmiL!|B^@+44bnUdSi_DEa96U$%4U`#b~1#+n|9B-<^>x*yMd1 zv7DL$ENdrhRHNR11lhPBfFT=WQ*Le91-=U+Supsr7&>C?zELS(+?HVUgBW`-U~&5%D#tO7 z;`&yEowZ|2?fnS)!I1&GCs%LF^MkBT*V^}k!kC{~AH>=)x6g?9uFwXk_lQQlHweq> z{Y1cGy>|pz6<5>y4Pl$2_nq1pzHm-`J)&+$2>VsFzIQb2lxNawBI~Q;&481*(j#a|eNj7eyy8~Y};sc`| z7f0A%f~=sL&Cd(l6kojpe}_rs!?b4d-hvX>8wSVV{#t2X-T+`w0jbbwJ_ z+^=p7vSO>*a+9!4@zshTn?$lJg<)UZhrrMqV|(i%#=kCWoZI&ihF%+k@g6wtf7Kux z+q^W$ju)5{#jRQQ!wHp(^&!)A13_0ElC?-SoE zS2fChH^{zOeVZqwvMR1-OPetCs)*O=jq7`i_&)RTM!m-d**CJ8YtES>?kiuQn7~?) zy_XB$zM`f}>)$=`7Uh2e>6$4~OwiQg4iudz%-RyZUy9(nK{0-2f4{5f;7`@BkHFq0 zx?X(PWPCG}M)s@-`?}Is>e{MLjbVKE3cGt%Ywf-Y<=r3ndbJmZPs@(~TnE>UOO-YZ zTfnNJJoxqq*mCXP;oA*s7T;JHfH9ALq*D5x>e^xqM-@gjml=}W5$j0^kqcCiyjj}f51JnD1GxhIm{Ll`y>2s6DlAH;ee46-vK*@uE`+(ssQLBz*8j^5)U?7kqoY8btbM|`&i zS^Bg2;Ep$tJvrhV3bL`EpA53ghS5uZK?imGFVTh#^?qd-bC}rz_L;zEeG=@+fORRh z^1zUt9%1wYbj%N!BHsqw8%fA0Ft2rpxSvy2OaQZcBW5$Ws^%&W)Ma;4{?nrPUSC1^ zk?t{0=`GguQr1JF^Mz42^3ZD0M$NlcH)TEkr~Mmc`-Sf@yHWOIBgihB()l`2aC$#`XrnCmfu9l<%kmD!aI)W?+bH`T@r^pXQTE;uWKTS(Q8p*OmBM1Z%^6wx z;S$j!cNS~w8yLRIf3sNIOM%g^;F})SGBDn0{KmJ7wP$x=ZNhjTllQZw&i4^}AJg7} zlgMV-IR!BFBJB7VX^Gh!^rCE ze*8UT#*USDjWC{RE>&#UVx{-ck3@Vd@TppU>}Q|TEf)?}k}hQ7`;v&~bQ=Pu%Mt$> z4xYs%O2Y^CQ_(-7M^f`TjzY;DB%bEVIl*5=zENFJW_z|Z z=%w#oEUY);J5yHqgs-k;P#P{Vsrx-r2KTZ)%oz+(B zFJK=CSo}`l)dA}bzJd?mXJzjkM)n68S^C=DqT${rJm-M6*S$~p6=6f-$7W=Cp7;Er zbzgz;KH(0!QTC$J)EC-b^wT+QuX~>m*-o9a@*WAY>w{b@OF`z--{}0E@2<md z8BE(P-#2Vu0`{s1S?e2M%~>N?09mYu>Awy#30+Ncwfywlg_NS5m;H+ zPtI!d?*>pF*eqcig<1Q8@!lbIGn>Km6(YX8KBZ0eiBMh=?1S&og5J?Nqpfy-7wpHv zu%$baT_X%zh9WFcrRPXC)-g?3xi2kGYP`*t2#ep_WG!Rw#OFlJ2Vk8d>S1jO#`Ar! z&R}z^@?3{9Z*(Z8ZeU{Z^V-S?<2?`NIyIf=Td4e?+U@4s>vc2ij1`U8e)84(@@?)p z*^UnQ3c}EPaa10^&xwvZBaH8C1uILJ$?|R6|(XArIODi*hhNP z-vv<8eOYvZi1$xzF95!m4)iN)bFi5@oTHaeo>NSIx`^)^hHte1bb!A{hyDNAR@+PM zENn;7e|@Luzk3WGnd{fuHNxzf7kIa5-n9Dr7GQ^n=)2>UF&)eYV2dKGN7#KYrR$}V z{(i|6#ptzlA=Z0akcAgLFX*kmgp30D^F#;a+8g%3tc}C%y?>i;l)XuOJ2f@Req{vN zuNN9+S!Z4nHb*gbK))Bodeuezp6l1s+WmM})`4-qWXtW_eFix&_MNoR#mbofE*Ji@ zJ=<&R0=!p<{w1uU*!WoYPg-C9?R5CA6CJ!)du=TP)3(C(30tHzdFTcmt`l~#(pDaI zLw2TO0(>S5Uskp%%w$>Pzx?)g-|q}NSJ;lz+iUm3kmtS{>&&A;mT|s==yx;QYxhRL z=vS`^n?bC;3%0B1t^2mu_E++xJ5_z0_r5AB7e27_gz;YZ1rhdsVfP%;UYo<p zC~dNr1lj%wTPo~zZJGt=c(&N(I-Uz3Vq!8{vp0+ z_3}UG4f~g{$271{7KW^{POsFvwx6ZU!-uJcFK0^fGKZUJ5sogyq@x3aHdF>t}&6%@2Imhro^y-6Ccp}GIO$~^5w;hZ-bCrF-cDhrcT4qM ze8qfe*d$^2WsYnyY$su?-Mn9K*t>_3Jt@d8jQGwCvKs;>RoQz6W-%|CRw5-{JSq8R`UgnWmH4^en?o{ zzRG&uhqr2!?G?UlN24tLWH{OK#75b#itjdIaliUTMpjkuYccKdF{P;o*ux^QZdJgr z!GN)b8`dT4Gf$4H^&w=ZiS80MQ!(|Yul-i^xUl0CBg@b|SM;7gj&eg0_I{<`Dr~L< zk%f=FF?@Fhz2lYttI~z%M%6xJ0`^Z~Z~xn<+V_isy%I1R(}H}tPi;BcC1e!Dl73Ee ztI-X<8mWy|zqL{JPmKQqY{L?uz8JVCE0yB$R1Tz;2b4K!oM?-XALDXkTwed%y8Jj-9p{#fb9pt&I9C+g7B1Ps6}EMSagLX2 z6v`s%+bv2%q6IgPUL9qHj-CEE#UI62I~xSNJhrBRSuMTJPHU20-=ueaQ;xV+AXvh< zyY-VDw{D*Pmu}s>{-4&^PStoqBDKG+pAyr1(j2P~b>?>PN8OWAy2Bse;*W)t)$89p zO;0Scl8({$=5(6*$=iZS6r9tUYDDp zMYpQkRr*CAV7^BQxHdN$L3-V?bFI+(o0k%P<8^IT4SwEEvU zKdMRlvlOG=Q47@|0)Qey!Kv~Ef9oHaf=kHG^VLOOK1qYvv`XtPm}}zD>JMPra0XX= z0-h^8BbeVSPF4JcYda6|TzOLd(BiQX4_@5MZ=WW0r2q2mC$5RZ>}Gdp?oBArSp0d~w>EFgcDa?Js%TK;%8;Ib ziY`CEwy)FDWj{?m{FuT&6n5Qp+JA7C-!~nmbfHTJf|MU7oaqM#Cn@AgI?vjb zu10#!<6!!^xtTkPRJ zJHvfyrhC^6cfd@y{R}sCCWWQtc>xuaC}DPVzLeYae?OUc8+}oX=d@29q5DVaUpn7d zu8tu^F7111e1x!i8QEU>#y!${DTc6&m_PPwbNl7=4bJ8JTv^9G)82xktNXd?eXhC- zO_=QGlKWgTQ|7pi{rDv(%HWz*LESJ{aLxMnKc`f9xwW8#equ(ul$TpCc)7Jxi6$q! z<>l6+b<8`S@TBhuS|8O4CY9=m5P^=PekenHhdN7|mG#&6D-`b_Vh_%&8m27YFM5^N zP;iVg&N2CHC!!qA^(sL;pLA#%`24!57)I5`<$NLR?A70z6^p7WY^lx-i1hDe7^ARK zMj|5Q-C#d)hkKyEL+PSuB602kQJNpE_)wicRCv4S9U{swe^CBXE&J?hIz^-JpXJ^m zYE!yRYcKr@ApUEMbg!7bkt5?fice7 zeb-UnJhJ)!a`4iWkoGZ|?>1$y_%R^a%)jqr^fN-0p4>^hkd?i2Bd=aAQpoL zk=rxTy*_n9%7^gj6p;@JN3UmqRKj632OpMk?Bd`J^)~dA#SU8&a&j(h>08*xMR!@Q zD6FW@0T=bYP0?*5d^1RLi~}XTJhqI-KY4k{54Z98g8y^js55WyhaK_WgsS94+&6C0 zU}#dkSvyL~ck36cXNWEk;fHmK*NUu<3GywM?zovkWGjcunQ_PG%XxiOqz>~r%;4a( zN!CGOyeOyf1A5s|C>2|D(k^E_q{f! zHz|%Ox}%HkLjAY9yJ$#rG&J(>KROy0^_yRosHXO&N+ z0b&g(O0Fy9w>`V$x|Lt8{3_A^Bkyg%tg6aB?hOn$;3$J1iG^}dR5aAl)JQRphK5Ro zMoETtR5UEq(X6P{M#ZGE#L_~unu-d|ip-2kpC;uoDlIH4O3Tr($Vkbos8HYEZ|$|t zS+j-mDca|R7@~2VZ>!$AM zscp5L3!+@AFQGn@ebR66FX{PD{YiS0o}P+7+DrZ{yS%fooi%JrJ7GVyOP;0dPkNU8 zV_=+@QJ04mRdMkX( zD)oP-H|a_Kq;@E$f2nRf^7^_;J?W{@-Y(>%y<_|HdJp@TvQIjgao2^Om6WAtvT98z%hF1HWBzu*D^1MC&-991qf+mtp5*jbyQ#l^a(1iV*WtImNcvM$^mJ0Mu}^Zo zby1%~J{{UI)8n|y_1Ir|eMP0dih2zll6q5|{~JBd|D?xwI98MX1(o{JN?m_)etl2J zOoP)d!1CO=c5JbY^ceU39_RiaSP$g2%v3JMkA}{K<~%eOfpVN397^RTT}P+uj%B#HcxJwI* zK_%SW8jf13al*($i@x?i8}1x2WW$~9o;N#utzR8e!n#W=*9O$^o zSon84yFj}`oNz-=2NzyT{@Ni=4?2PTXVBJ=`xQ;+p8b>?km(`lVd#lSPm@bwB|~md zcw?3$YYnKU?5{&8?y=WbKi&S3mkv!ikST>H<-wHYu~7_K|y)k3s~M?H89hDWtQa=!eyrCtfu3xE%UThziA=kTsxBM`u}B~ zj?L!RDvk%ap03LJ*r2`;8w;R1>t9%BXj~`s^X}F>eJ=AoKR)#1e+`|||8?Eim>#kG zI5-u*#f-nlPutN&S#lj+NWDS14xLARQ|+3EpX!j(c|mU9^|;19$#(Qnuaiq}$l_e9 z=yCnc_1393qMZJyH?OCDA6=1~Kt1CcsNeFsn3CiXX|_s`BJ-TmAZNw$kd^K z<{7u~QvC4eU)&2I`}~(mJ2&X`N5?w9Z@KF^lt5^yG1! z8QWEZ&;GGLlO5%HsW-suknK!y-k6?Tt_Qg;WNJ|FW##dII%VnNEY9m`uRN0W?Y~^l zbB*&%^t2-{Ip6=&@jTu5qeJ>{=7s&0^f)iND|O>j!-nK~vyyrjWoe%*&bB|-Go8A9 zn%X%h>Jf8(=l$+DN&VHmVW6I#N_`>q8ak4mPV}y$z6LrZTgUSF*e>Io`_~=&GwJE0 zUPp&?a@MZiO1qZEb}8q)SW&6>Q?Id4%GX2Vk=t)n>fKRJ9{pWNy+OGS<>R@((vGm+ z!IR{QsHX;|ef^zEF5Q#0%l^pyaXy7M!DoMHzeZWA>iJrxXHiAZlBg&3dtarV`h5a= z_sH}Zk7VDt=KfgE{c#-TdL|LCG=6%BkG7NjRh4*!b&LHeUi#mlUWf8H_k!o~F^>9| z^rn7K^?vr(*e~Vhz1`rsKej8c_hfRmOS=tp)S=v;I(Y8S^h&)!y&At7I;4CYPOZr4 zPtIpNx{#5)zOkKoy&30E%8lRwX8UgUZ@D|(Zj z6_xAmRh9ahcpa`T*WKcur9Z|#KW|wNp4)4$tYf38E0gqeRo1oS&&;g7W9W~(zpUF| z6VQ{!q4BFzm-6$L=MvZ4-*uaaPfzqmUe~GKN?kiO_ND#(m3nH|Lh#()f2wB!=e_Dl z?Vm(Fp9j;a>rd*RZt7D9wfK`i-cQN>sk3evS7|(Po+)SV+aWt@Wo? zX;)XJUXSspA(pRW*7JGlx-OP*$7^0!Z=L;;{oGA`A!X_H+5HX2M<}X;m-I*PiH|CFhllreO+86UU)L*Hm{*o{E zXC?Jye>Ckh<@;0F+&CmXwTj=KH*~=x*$$5<3zdPE5m)AussW;%QL-{(tv3BKp`zw0aRrIEI$)~MkZ%w7HT)uyOrJnRSK63jW5AwR>C9iA8 zz7unOOnN-u%K40IUSCK(mvem8&>`jHaAV^)*Q0;A9^;q?vy|~rNVOiaPB%q!6R=&Z4t7&_)9yx=_EFv`LZVGT zUAtQ_tqU7wU-;SD;*RnsU97rerJEH+?_e@F%5zI$9k!T_7_d7msr0;wjMWkwDr8ZxYNyV+&tliq^?~on0nmIcXL_T^beu*44V(Q z`MsM5Edw&KjTo(cY^S`YtgfD_uqV1{H^&QVi}UhkC&4Pz@U7KJreem({Js@*FZ3tK{*z3(F5~Ca8)DuMk+f;FJBmg*T2~O}K7f_DXZ{^%Ico=H-;Gco zsiSXDN1uWn^`fIzbad)>M|;7aR&`ubY<)@5ajBmZ=;$f7>hYcUX+f&Jr-g$0&=eYLHK^>ig+O;~E zmvy+wtjMm=2wacu=_+eQ=hWrCMNZbOBLf^KG_~Th)Flz&0;qlgZ|DV6H8Ov z)ZGOATe+hnR7)lHt?whmR4a4d#4$xfp9!9YSKBe%}K&hCJ~( zKYg2bGP(NXYd|CLrA{uN(fKaaU}3n4p_j1lMXZb5B;Qw{x5D=TzVLql*1&+WENkID zQEeOk{+zN&>;&kAU~|Y5pMCc-Fh~5q!d}7tr?8vrdp($Ms^|Kgn^k>P%=LT=Ce?)m z=X}bhBcYE&e6qaxw^H)8!*?Zo^C%m?*Fcyodck_g_1X2$HgqzTfsW_D&LjThJ1XUt~d!kVaz`tM!>j{D4e~=Y>Z^WFx>J#(tN9A)IBBx?89K2YVYWb@1yY9 z-f3V}|E6br--K@;Y+Mg!(#Ca={!M~RVxNHK!>hjJ%RSWZ-OA&2iE00bj3NE2Q8wlC zEsaU}_-V7?-xSJK|5E(q`(xCntSQ&0U-}~7<58coRei~4`7UIQ+|+tdV}H`er+$Nf zb+D>FeNKFQp6=iFhjved&;IbZP}Mgt(|2m*(}v0RHXx6ywk_FxW3<~1mh|mP+2gb} zw_qcSYo5xh?()efv1h7s*Xxo)%gS_hBY_O!yzkl4+{1~6{`5vqK>KoB# z+tl|Ga^H{kxR87i+Y;>0v&z3WrWnq2|BO@e*|voFyW?UV0P5R?ef+s~c}_?jN*WC-;?oulw*MU7J`{_U#_N} z^j#01`tAm+>RXxd@yX}nwvN`fM|NS~`@!znx?H=HzK=!B@46)H<6uMS+}kp21=z<< zYpvtzyF1F>lG(jC%C5+;pMbp*eXBF<4$cj1uQ4^{?Y)9}@?`~lw%4{*+k0QecN*H8ozmef}RGv)r}=bO{_Vv&=QU0(!}bN!#uPBRZh#HPc#`dc?~qek=P$JzK#8x^sn?=bWo1$j*ACD#|RV)2XOL%b- zl*R$Y0kVW9$jWyrB;Wbu)&5P#%a^gw>yP~UNURaD4dnVFroJ<|FkYNtvnhW8EcwTf zFa8AaNu}m`@0|EJ4om@?NLhXI*+=30Im7-=`Lqj&e}?@6*+V%9d)<>{e+2dw4w7>- zY$ezkVCQGpufTo=)=94Hp6DIX_V4GLeEjWjh~Fa0h!2SK_0-j8-;N%FT^f{PD)s`f zzxTARQ^a9 zTJu+|5A5UbZ=I`%{RnKEneT3+vm6Dme{rtOLJfBd0_j)=NPeV zVmn0aiin{;924L2#n$<~vG$vq3&C(F$jWy#B%f=OJUL&ofmqSajxXHQT3^J@2YdZj z%6V>G`Z8ERv*Plj`f6j?(-B_ZL1dcBCrwnF#aOuICvU5 z{zpYoCs$UCEMRH;iP^~d4_o7JQ&>BERec@<#BzO}cUJXn413;2^lb`LUmaIdJLIck zb8%c>mSlXJ!j!G@RWZLEd3?q0U0{Aor$4jt1NpE!JHzeYG{NoAX4; zmt<@3RrQSrdp@$czC$*mPrjj*`M^uSH*^J!CXL}u`;ReFYwuy9^aDe_K6Qno}6!G#>b!S zhOyDDGLn30Y@AOy>1)7epU+?{C4H&S)A3T=&uQrMq)c|ph)vC~oxz-2Q!`&)2zKOO z%5!Gz(yZ{CO21jpe2B7QAE)0=;o@v!hJ6BT+sDfJp&#;{0y)noXMEe!N9xOEM}vKs zwk?JacY>@R{qgsV7G<(K!sqYt)T7VZ@cy&djEqmr7>JqV8yxkeaVpjW-%bB$-Io%Z zLY!^K8piDuC z!sQ1DsH;>EQ=MIU98vfqb}2eZ#jVn2Y+1552y_A|(?B}_o zWcP3EI3K>n8TK^T{b1=htqs3KqJO!*%k_-{I~OeJ>qOsHknvkaZqmOL zzwrSX7{4AceO7i9bUYVM8#2u6?Eh3Bm+Qr{ioUV`g}z;p-DBUDfBO5MwpUr{gPFc< z{tJD|s_)MgegA3v)Mxxo?rODHT|Lmle3#X}wBN)ogS_6FmtpUvyf+uTbC?r}k6ScF zJJ_lW`y!b7YUGK}Iq)|4oHGgg7G-7EWSC>@anS=CpP1h} z7gHZoxB0#Ew#YXO%aBH6>}y~z0PD#3zCwAI!}&fhx%%XL5;D$>jPF(Kya~QK z`}9S=S4V74hD`@kpT{GL1N1o_lx-)UiQ{XI8Pq&i5jzp=tw*_9u8sO0$n?FYjWrA#X-(Abf{68GHr^bu zZgeEOZwFg)?4V*Uxftx>euXi0OeAa$WwGlsY;MF9N_-cf=i9Gr#R^l!QZ|Ro8r1x) z2(g>loWl=Q)F~?~_Ek2ogpXm~954S1b_smOAn`p4_A&TU{FGhGrmF9cU|)tW#ZSI} zvQb}(pY8n!bmYmc-?$Vz0rIz+9NVdFwq3q7UUI%XE|;()|CY9Vm$G@{4TGBZ6FDs_ z9)(6SaBJ*KHs(|II=-KMVveKxp@U8(ei^3!uK-Iikk4cCnP5HS)+PI9Yp?|r)kpV) zbNyePP9J4h_`L%7Sb7x+eA>PDlu}k*#_v-UKJ17xjepCIHC@XdnB-Wo{uH#|OphJD~O^w); z*j~qh&kSBfDP*&gkOrLW=eFuP5{ac#(_syuUE7Ny-)R(v8R=x4_N>%Voa-W;>jhw#{=NpY3Qj>8oO}1bxYuI`w2D zVa7szJCGX;jr!Ll(M}EbKHqtkHca+qC=hY=d`Yc#3Zrhq?huB?2&gic@9I`8)6>cR)VGZA$C60-^W}f*JrVF zp*Mjo&#)^f?|&!PwHfw7%1gl9mt?*Ez3qGty8Qflwd!DfIhjeI+k&x6!wZp!sdq^>^sjDh+(viK!^PiA~KQvP@StG+Kp zeQU|9{-ySA#lE8<*Nt1q^+jw3Rj6FV17 zpVOQcI}hw7e=mv#W$lW+70mIM#sSrEJowcw%HP0|Pt1Awv0w9nc=CjKeJ$O^ZyVTaAde}FBA?hS==_IT$6v8?A~rkP5VO6?wi8h8x|TTZ=X|?$PeJTW&>^e2 zhTwpZ_{7%UUt;!${w;*`xeev=ZB3o5xZw%bt7uoOo$|{b7!-cXOgZUVNZI6ze52T* z?37I3&Jp8MuW5tZ4uS8!jE~z?#UlKx;au|1wJF3twpSaT+y3bvoSS9(Hbi}kDwypR zOZrlKZ^k#eJ`P`zS$XeIOYFT z-^(_l&vRDwxt5r6|GKDG{hJDw{Cfpu{Y&$bYT&m&YF0?fUkTYClVV*g^@p;i#AkoV zrwuXJmmOxc;wScM=peAm#-}ll?N-ZISukGX^*B zH*E^rKJr~3ZOB)}*yYF2i>uEZ9F8eegN+l(Zv?wdfTZj!XgOHECLW6HgJ3tYPyf8v zcL(&AH}l&&2qmm9Vri|DZ+XPhS|WB=#4e!S${N2fLEUGy=Af9elZin(*Ax2zG#|eE zu&cke?QrNiu;tMgk6YXZDt(Vhw>`X9!&!{8nqZ*!L zIQJbJCfkwbzQ;M+A)oSl?9MpNWcL8uY6IgX@^zB0f%)d)Lz-h;>@hHpp?7C|W6|UB z(s`*3`L+V<|2_9~qYbe-V`smuhlFz^s)26`*kxM`Y4)3Z{5(`R_S}N4r0+!$TOY9z z@NEkX-LCc9RAS?ykzB+rAy-z+^X%SkVudX36m)4pn2O86Qorp2wgY5L=aVZd_Cmg zpNZH7Teh$tM69o)#BeCW}XlQV6xeg`FiZR#(QFApGBHepxpK4buP4Ev4C zlIV+kr$<>_46=@kq3oYFp*26mya(z%>2Au}5bFeUY}BGYv27y8@)Y>?2h)z{O}>9> z@>(dJH?56!xudVb?tOnWV(_{aN?E*Px zQhOa|&Kcu!HMz24wTP|Gun7^H5N*h3+muaq&!C?4EuySGu^J@bnhZ<&CPsboC4DJ= zbHI|m-Y6?pgVeV!!;-!OqCWYOzMhD^2`sE7S$oCCLF!BG6?6WJrS^*L7qQgd|F`;g z@(=(2(Z6pbp4I*ptHn5{{uQhCuUNHz&jd^Q(s&lDL3#g*C4H%X#ge|%zbwQVWt`|?_Jv;H&IV^-wdX#eQ(NT zCsR*+o=3`82eS=1U+(j8cIxwnOm<7KFkTQ!`aB1B})->T~_0I6&X@%k-_JRRat!rRx2?*i zF|>?wlD&-`#{S8OZ9%>_j@#aeluda%JccPNpXbW*&B?HrfW7h?JR{5ESEn(#x|B7?N*3W$lWshK}Noz4AWVo*fOaY3NOS{%wZX z%naKhVskUhXTm?LwKb2m+7SErP6M$Uz`l+?-=V_YH>tv@^b>aUdq2v9D9k{d@n|f%<+7-zUNBUz4&w0W$_O0#aiBt>7~F?DJgTy%l|{ zqij8sT@z&;lO}Ea0qhZEFQBYGvE|UU6WhYy8&E9h#_*o`Vz3o3Y>W>z1NhSQmil&L zGkkA;oRqRjeGh}}2zCJFq|f_=^34TH`VwD0o==5O|7!4=a{ubolfKgWS|{WYwn)Q_go2^~84_d~IEf zU6dt^M>xd`z4)6Wa|s>P=DTS23tIq>z8%ctL-o3A{tt+--n3wv9{7H62( zkn;6q*gGS(D#JdHQu!uj*bNbzo?%~z*xU^JV#Lz*Io0C+h%L-~_V2*8u_VJDj96cW zJruF~GVHrdc4fKE*o?vVBF1gJCia7fP0X-+B393^`xzVRo07HTR}pJu*n<&E_i`~` zJQT63Gd{onqQ1_|=YK{ljUi>9irBP_@0p0rju>i-cjN1xZ{_$A+bibZJ&8@quuCI0 zJ;N@G*zAZoPIrZdysbPQrLnsknB#9AdBVm=zRBbalL6yzapdzjqrNx4v!zcg=}Y}9 zrat**kXQAk{uOt=?MVD)lBcy=}_32+#pZ-<#>7Q78 z)MuQH-=E&q)_jI0rhj6K$n{xF|LhMtBVqa{mY%W5r+-y_`d8Jbe^q_@CzhYf?+teU zY@S1qn;4qKPw?RhusY?`A0AT{)CV==2TS-{%UihcY($^MJT{!pA3u#IPqN;F7i(mg z`^D1ORd&aS^^+&r%PBAIZ5>19`v|1nT4wjEi1lUIhrxcsdujQ+d?EX9{akr0V|O?g zxRv~;U}^3 z51rGxE<>z174rSgIpoR4+bR2A-x?Sab}`s<(RbNK^to=RZ*8Wp4{YHB<@!f4oKx4x zzYjKvJlTDOa>0Q#KlkCbVTon^`(mKa{bG(1`#yB^Ev@65*u9W;YtgRQ-4RQ3OKe5N()uFyF=UjTN7?p@eHv`X zr(5GntT*yarHvHBI6Z~(0|+Ynd?;OWswnZj8eG}& zOct@x)Sb7^-x=g4k9leSruin{p^)RC0|QC+U@-OF7BScBC6s+Ot3LS>W}I_uDSY-v zIws2}CSQ)7%vjvwq}Du=&%bFAOUEs-Gr){hnpJo3zVX;K<^6F0^{RjKGi+o2UA&q7`vdw$cMKiyt%J1@yA5Aboc{v$V))YfY`=*) zj}o>g*gCLp?>V%2&qK^>Fz-R7V~KhmJdHgl~xB7NM-!EzJ)KXp0 zH-obAvprS+mSk9p-(;9ldw1N-{T`aDnEoceyTnf3h$eVcQ< z{7>|+MsCW-b2@&ArTNiAnJ(Pq{QWBXHfQ{9K;PzU?^T ze{%fz3HrYEwenev?e)BFH^}q99`ZC!?}P8{FCE%^|5-ktY09@eGO9_jtc}Jbhp?_V%6qF@e0gUd_v}v|i=s zMaobaS@X-+bAe`tIM1`t~K>ABM*8 zp!WiDV=Cr3lGm_P?F^FGT;}DA;af;K@qLoAnD?R*_E*-wy>~9Jw{mQUpOoLPP^D|d zRg8PTvFi9kBw#*!^1YTt;W`E?^0x)AgkANn= zcSNj%jum67h3~T-IcMmAXJcm|Q^nLX9lrabK4q)emSEGNAM()3dkNYQdo8pS+1VL3 zlk#`K?#?jx{~XM5uPj3}+($q29R6O7vgrWGcRsym~_Ryjy!#)cp---4ad08Nq+Y>VhV#iVy8l1?j9Q6mrB^_U>m?{ z07>6a%JyY??kBI`liC0H@^9A@--w8%{*`YSn*-m84SY&`{{a8oyUXi^gtfu7pkL+K8es>{uvv&NI9S<%X8oo1@+AG$1 z)j*6t11$~#yMoS9pX0OxzHYDsz>@3(?0n;gh7R~!s7JuA1{=dX(hsuG=idfP@5G4v z_cf1#^~d?P9oPZG`TNGt4{g3vE_Mjmm>bJJQclcoVfr3ax{oP#M3lW6CjIl-(aYPp z&v?_&F#f29_h2TFKXw}JB~N@)Bi{-z+uI2xz6T=TYsh~E4PMDHAleXH4ej#gp~VaY z)hG7bh}C1;#MVV@HWN4Ty%U+YeY17klJ7FGJ-#%w=%s9X-wACC9Sv4v-^Q?{&zRnY zzFXi=nC}USEzGbdz|J5pJzx|=dygZZI=gi*Twk`s*WZ7pj6KzG9KMkJ#fw|loEK2< ziCBX?*?m5;Kly5TjxMI(-aozShpqk)`y38DbWf{45}(h@(z+q$91y!L+7NS`jzixP zD#^y6h%L+bhD0ov?F4(lkA{Y4xJmZ#h}riE^BJW!7H2k&ihQ|U-|?3(jRUITdwE}< zQa-Px8rJN0k?#wZ+9u!g&@JCu%GL>8_?=Pt95?zR?sNMK!CZ4p@|^<7H;+8=`5ab# zGsvs@W`ZR?W2L?ZvZh?$Z0d<`FnsEpwGn-dOrPIJKb#+*Ta#h8g1w3lo=%B#fokD1 z@VCG>4};0Z2cs;Hy#fY%co*TUM_3ctC!g3~psT?aXV_mOc2kCJ0NV||u1w!j{JO7y zX!yI1r0+(sv8!26;injEoJ&3xOaPSuJC^)Ru<7JUmQP0%*FH2*-#7k4eZJr1_{_h* zA?7{W;~pFMK6M}1X<)tN`Xb+Q$iJ_!j}q2JS$&RYQ#+LYHsb)wiEn@S{QHkahIx!t z-xU!v4lALN?ZcYSx5PX~?S z6T2PS05%7q#P{=vjmc!602{T{u%erFKk@Nr=0SFP>~rI+Y7QC zcY`I_OQS5OSOFUe&%x~f(-y;;*Q?4N5@j7P%F1^beA{h1teB1t{s(L-*f*ZyoB=>S z$L>48d=@w-%8I=UEc`ACdE(Po{|>Dqlf5irj>*L5_}l6$t+luVeJ3Kb6IgEJPWax) zkAwPsDgAT2><*25Vo1@S={ugCp0B08)W7r|N_y8`?DWXDhCKN)D`MxvAcoqY`%8P4 z@k`hr*|EjMVc~scd8BVZhk|+B%CWbCEd@)m-=}=`Eu5EN%d`*lGwgX>=tMB*`^3GAqYs+j@F~_dwHO6WoxryN)Vr5*ermS80wukyI8y40B+zEVlp!6`FGK~U4hT!>XXmEagy(X*fy~jM2uIzT6Wog&aK0m*GKx|m@W1j7S;_! z!nl8of-&`c&E#|AQ=v2XgQ;Z0dE~o(S1oI;8)8R*Ifl}2RfzG*O>r-LqqDhs9N2c> zz;1^980^ol8y2pM5DW2q1^KaHGXzM+_*Kw+Ft1^BU+iS)cChoojLTNk9lLAaF|7HH zoY>6KZ#UjJ)Kw= z>-1$x#wX_d5Th90`%3d8*LNU0|A4-94WYh$z`jpAoP)R!#_q1<9bH>A&$H!I)^_y3 zlw$9>pz)i|ev@%Y@tYZt5=*g~1(sx8Z*9l;Oy6Ikz9%!;q;G8|yAD3%(v|Tg8|yMY zK3x*pyEwDqdmgs87rttHmsezM@4_g1Ap0JK&N*z0a2{zp#2$fMhw9`B`yFNbV;VWG z4(N|L8DBTLmomnUUy>Db+~?TqBA>^F#3v?Sj=cwLugSxjV^aUb^e>H5u?1lIw}x`n zztx#9d$Cj5+-I>FFCB+jvU54l;Z}*?^v*E{9Xa}T;jJj%I2{W8+Yiy_&pZ&{k!Ba6F7f+Pl+9x$X8-2c z(x~s>#cvfS;B$GXazPfq2f!Ss%QNf;k#AKtw|*4))@RsuoKRKujRrffqHl}Hm+RXy z^5yzEIeB{Qkn%h+^|{zDdP)oz!~IylCphHc@?E~1?{pUK-mD!vBCCJ34BHv(_SLQL z@wlFfy^Fr=rtJ7*c!%dGPdrrq&1SN3Abk2akNqb3k}qSjxX7n3^5wF&Bgftz_1&a0 zQm(Hn(2N_s0rOtgHI&2K!q@-?t)P zuJ7BCFW0x6o1VsRQq~T!kJAp8DkJ6kCT6nosjm;7)Lt?5 zC2Sn~ye{#c$K=Q-Ha24Oqdu`+p_{%?o+G99`u9=S-oSZh#&;Ol<6m!m&tnJb+&T^4 zn66RQ7xl@fzR~1WeXBCQsg(6E^{=u=N6h;TN#C(x>bruxs;@ocv%mbVi*`-HK8Fc^ zKdMGO={twA_lK@0SD$?8J0eRc%jfy!SSa^TtQN7k(XQAo& z@+Iu$A0CK}jeOI{?OzTZ;cqt| zN48Em$(~7Bed8;b`f}_|k#9PARo~1^b{*vn8(QZZ`X^S^XaCBV+AE*fim?N+CnI0( zir4Ex|+rGLtbeGj@D?EH-HZpvGHx4rr7SU&I39tgHR z<~fqGp5u9M_`W!2#CWV-d>g)HF@9p+%dP739!gc8&l1!(6QR@&zZ)QSKxV`5#Hi1> zB|g6squpCF>}OGSU55GH0QGIiZ2T_j%iH_=$hRVs_4-`d+cH_-O%Yp2o_z5)=BoY; zAs$u#yve3)?q6HNqK!`MkAb{57jlY(B7CdFdvjALYgaz+Q{2&2o}=SJ;Clo;@~w${ zR13e)<^AkhhPgf--8sDZyiq={*}cd8WX5+^#2VzOy>F$gzVR8K-;YpVZ-)7;2=#Sl zvTu)=*X~K5_r9Lt!Eh~;ZDW7e%Z5Me`Tp5p9=mO?)POz@HZAJouw8r(dePM3&2t~I zCD5s03&~*()J1+ZnEMiTDCHl6JwUF1%H9iUcf3rb+-^D!%J&oK%A-qk zGvQfBS|eCi!?$BTaSCIDvPtYckl)IgK(2pcCqUYmkzp^3*mN3|+HpQu{{D;Y9g7cQ z*GE~gr4e(mBpdo5UpfbIe*S~~zW=f+%8ES&_M17wn{z?TV2?PHJ|b7YnBNChUpj7y z`F+_{XSL>n*fn5d-(1E(U&KBNcJExqTJ%rsBN3ZTIq{8X;~eWv!<)wn`9^`&c}Q2I zjCjy@5raB^e?va+?<lDw;luge$w%yD`S`}6f#>|8Kqms3uB^CC7W>XXm4 zSiatf>GO9W^^K0QVs}FFx&En7?8gyvz9sCZ5liP%2U9_Eyh?j7E|4v_Blk8Nm(7!Z3VZ2_r+2W_&w{Av#Z$zKhTaM=m zu^nP>h8(+hXPCzsF_x^*Hu>HevE{M7VxNchWzx+iHys2y=cj;83rL9_4CXiSr-KnuC@#@Oq z=hq+l;`zpwN8n#3I|3OouQ`(Jy2y76^G?hJRJ{5nBZ`_8lJ)zcm%n&K7;Dz0li75G zxz^cUvFq7f4R$qU^%2_QV0PZJJ?DQJ_ENA5!Ri_2dwpL$Xm~hQPz>|w6!NXW`ZK;^ z`0si;6U-!UT2HU1tRG@GL$0T;!KTFLdMaP?Z+rCR$0L2-0nEATd`f&Th*&!Y66P~L z`Q~OAuf{%0-wj~$rFp51rEL6t;x1(MP2!c;VmNK<$@JX{wz=B-d~EQO0L76Hw$A^= zZUZy+cT>jnfY{@9Xs>*(Q=W6xBIa80aWOvPG>NilZzz2ac_w9JCEq6^pJj>z_#8ut z?{8W$%|vz`2C20Q)7feG&7%D7Wv5BQ71$ zyca3f3----jc8t5iG3c-<7)c$iP-1B-u2!Q#pF!ipBY2Py?aFS9*TUw0dq{=LRnwL zeiz5uDs&|5FJSuY-_|5-K0bTS+LrNM2e#J&*1rt%n!5L~|YIky`kD zy03Acb#nAY>{RI8GWdFT4{aDx)HCc#%KrqLl3||PZuiuP=5>^^*Fc`{UXbzqp7J-4otv$wmO>u@oB8$;&GQZU?1$Uo>x=rtUK_D=55Ru9 z6#D&xTNaIIL(FrPZTh!tUeAcV3-b7@UVTY?$7X!n!Lu7=4C>_aiR}-4c{zITZZ3ZQ}#gWCqlPAzGZk%J7Fh9EFItEYeX!aABde6v92MdFJiX0 zs_#7!%k{lCV!6I6B9`Y}r5Bt-W#oYu+pXECwV(D*}#9k~;d#6SJ zjH&naI-c0Fd8`ogI&?PJ)GYS9fPJ3xm;MYh_HD#;R z7vkkIHo0i{G7_O z^z9k>p3L+e5V2g}jY5Z07IsU5p9Dh}Pjz6)ak8TO$Z~a-Dclgt{c&}$42z+zY%>0Z$#fw8`0;O{P^Po$KUiQn~%Q} zBbLUW$Esr?e|x1b&S|j|pzWCu@;L?^yEW)1{0KuIm~%_M*F)iVTiQxY-s7MT!8e!O zv@5hdq-=gXdNr7`^AS>?va=w66UhZ)H09?(A$4>X9qk_Sw+;_y+l#iX>#Ild<7dU{ zk;QLEQXM~NtF}QSi;G7Vhi_GIYr)iUanaF($de;G+dH-a7!%;~`9^0uxfe6!CX4>f zpvU|zX^;0Y!$S}A8boTNT!(6uai)3AOA(Jtz2y^$(*N=emt@!0m1}KMSX=YjpB}?n zWwO1-dDLsR3jf#{*{+G-f*&c)N7SM&Q)Pc{b_KH`$Vyofp?Zvcd(il84SO_UZWNWNM>`Fxz7SyI)HiO*dI)40qYx-#S_}%zBPorKTt&a5 zrQd2#*wozNrl&T2s2lF*j-z_7cT;~6{*=tU*SPsG6w|ikwN%m8uyu?Pa^y{IZRHnQBeLz%S{sn_$enEZ1zy!NXnWbZAr z4_x9Tsohg%LrXAn`aGC@F&k3WKzv`rYsE74jICK1?e>hYof5X=!nVZYc1#yModKWj zq%0PcvKC3|je(=o50Qe^vPc(_xBwwN?522_(F04^K4h_Yi2kBy!}d0dB=znYN@3%^ zpd)STPO?G0?koid1?L8h3CNCN`+~5oYiW?jF=dUMsqxG+&(z2r0t**(7Cn`EZ>8Q> zsrOgvN$&!1J<;I?dexKHmsRR3EA=&%deW<$I+I@g(f8!Pdh&YmPuoi`?+kJ?Dc7Mh z&gyK&p}Qj2Q>ibcUPDIm__H+DlV0t1flCuJy~W=K`qN2WnLzMOsMOd0bsc z@aJ{}hd1fW$WzZYWYx%1`c{?{(eCMH8-%@D2>c&6czl!<<`OC$7Nn$M7@D*9Xc=bcPVkt`T8pLuBTi5 zy*F|V>T}RB9oq41`VGA+DNE0s)9Sb0iv6XPdS9i!vQqD-UPGtkI81TaSi5rn?YF$X ztWsZ5smtq8HzYeLjM#Dk8(s9go0~&y7P-UQBjMg_ao>7YBU>CE!-X+WOmf+oBo>nA zGGSG+#+Yu0%pLEJd&l`Z2G<9j8Hnc`yYP+&*srV{P*!hP=g3{+hSb^A zARD6px&dE-vpr;W$o6^u*W3*_2r5&jtONA+a$KwR@V7@&KjqO-Crvh=0c~5p6L$o1 znwkP>)}$L8|AJ2Kd0y#ZJEdAIbj4hL)50=qZV!$nuj@_T<1igiX2IWd?%;`S9coBB zLu0ug44n!!IA!jKR=*N5$Kgky&qBMQ%WFo@&n1&SA00}S4F~QrJx#cb*Z{y?&jL#R za+}6)n(wyTd7S2Zs&_L!U1tI@-yH8X>XP%odD2BLuC)v>6u=scT-nJo}JL! zTdA+Kj*~TL&|6yb___LP+&up2ufC_c>p+8g9m?08MXV$Gn*3ctJ(ugFUSq$Q$20w? zQGn8+KA0j8CrDe#q-f zD|%MMx;)E>cR%$SWhq~Oi;AAkiXP*g%h?`%)8{_)_EE1>mfn#0yN2UV-man&KaWF= zDCam@SgCI+zV>I{ZsVQXF)lUqO14w~EKAn=EA)NXYz zTkSR|*P(n~%&h30Q>ojY+<*JIhK^*{ezh*;{pS2~>`IQ`rIq@!O8vQx-}Z`s#zotb z_Vqut+bgX_mHLXTzE3tDy1;XP>(ujjt2d8BPppeM&a~5@T!-@bhH(O>F4y0pqPLTJ zE!(dj4eE6$jJrxbjfVvlJ=)LxT~etpqpq*X-<8yB)TOam9PF1|&x%TY74-%(bx8jv zp(n3zDh|)ZzX5hD{`ObuDGrXaTu%RM_$E0X^w+Xvy&FBw6KN9tu_=FTS9Lt(^{MR7 z?ariLL#L#jUg{0mAdWD2a<*z=vUg&S$?&lf@$9>*!lPc|YywtEERoBhY|A%=o9X*qxp5DvK z^Rc{cKi1hVok$!^xnC*1&P(^EcK1~33oG^BN_{EysmOOh3-CYbP4P{7(|AaA<7+w9 z(|EAHvGWqIg?4~Ks`ERPT!?TzGNq@O&mSfA6yv$QTK8#v+cIrVw(9ZpbhWqIq zZ3Xu?hZTGXr(@V)FJid9+O8NJw1wY#no<@AZp)ilVyRh$x2Hl%$Y2ImnVN+Jn0qWt z*D@5h_C7FA1WGk`mDzjl42}$o*>^*&t*o_`wZdz_X8KYo$7N3VCTNNGgel6Ob1<>* z3EQ*6c3RjTwHhRI0w3itPW$FOx)fOvt* zFXV`Hg^Q|}hVnK6KRA@X6}DFeWV-Az8Iu>KN_ktHYwvL7+`LInPkKRaw~)=B?mgt< zvX~toYV#T0udo|?cZVe={c&EAUe;fHx373rZ}EnQiZ}EZuj(&G_7<<|DbDF}`k|k} z;(vPCj^;l|&Hrt+g8vQM-BT;t>qYz2V&9%{y}JioWh&!fS;>%$G*{7X^&{N6#10%{ zoo?!GdZ1#^^Vtmc-a#5diu+6|OHI|yz+^iumOT?d!y41RsW2e-9`s=u(ih8j6khB4 zesh^8d_~-!@`Ptj1&*%Bw-Nv29<$wB<%3$qRy@O}s^X3~FxwgEpiTm4Cor7#ETiOxI_0B;Klg{#?ROA)e2E4}B`}2XnJ!}WD zU0ARk%I%|0T-3(IC>OJix`mD-!uIg6t#fjISjY6Rtrr`H6dhB;797ro?sqhXxSbM^ zzOZ%Uf;q4qb>>T$-fU}qL)q?-AEi(!TU+dWPUFmbal5HEq!})quXV#5FH7xK+ubq2&0cOsxOtzO zu)`a$qo-P(>1L3dHZjlaSWC1)4Du9Q948V=7aQ#!Hv?0Td*9>c4mV5P^x7w%a?@*d ziKX)1-cg|xH-k!?yOODJRVrMY3SUWu@1%l1iyP7-UrmLCl+PS(%XM!WeBECDA5p|Y zSzYLhx2^vrSR!Sa?ZWIos>*6}Z`tR2M$=@ru-t^dRw0f7DH(iMrzq-S>#-;ejsbC` zA4p+4;o|)R*MM@EQ*XG)y%;n+OpfqiIf^BOYOXB^>=QT?#is_!^pmK#rN3*nN zvy`-%+m5a#P_}wV7}&ATdg8d3XOJ$f2zyrqnZB^?VY^MSJmAX%(igTpZpW9;EnRPp z+i4Ig$|j5oC2OPj=e8_aEB}?et!=^w=1Q4tM{B*J9ktzuU&1kd_u=)h9nhblNhQxV zVQ(#LJA)MdA%!}&Q^OYafM{c1s7yU|^PWc7)?3^8q3m}37C)Z(>K**pkAw=DP$1TYz2RUpI2xi}=Rs z$o+P8yC*#BM!Gujen3n%Zd$5@d_uF<8Vi(ayB+Omqj4!q+cir>DW(CDO<;Jp0Pf}s zAJ2aOdJM&`ojPF}u zFM(+xn9*xMj+vvu7Lg~66Z7I6uzqrFcuxLu99RdoJi}fEHkymO?GQ|S$AR&=wPI$5 zy&CM399)+(z$gZN-zJ|1mi`V#8*gS(9)><qGgPjC6g|g#Q>?E+8k)4%c4KVc` z0G50?8|;10FBf^S*R$_zlx!{=>htdua~t~9y%}w&?=2M@CxN|hGulv}?@#CL@Z@U& z*dsfaBICFm2?ry^(Ks z@-t}LzgtV>dn0@&(y(M#>`XA*F`aU?9myB@e6MU02SjB}w#_kkGT2;lTn+wRL4GM% zH@R(7b|JF+^ALDlhTR0VA2C>kVB-5I>yTr^zBHw=;TU?LgqoP+MJ&ns-t;nTj7FdB zQ1-XbO0e~j&qJ$!*V1qRk(3o14)%jRTjOd|nD14}Hzt$yZ*ty+zDXJODA+!Gh5J!W z8;?gUjc0BA6>Ka4qDz{5{M2-iou6Sl&^GlgjF>vk-lFXD*pvZdm#_wX@|^>pV|Q|f zb%WXG^T4WoenI3@hhu!#V_NM^*lS+inwMg4gC@bJ&kUzV&w=q>T80cFdxl^zkQH#k)^yed|uyt5};a<3gQKH~IL}_2SyCTYncUpV*&K zb~j~hi2a#@vgo_=l<H-S}c zEY0{_!_{{Hm?`(UPCfZ@2z);v0C~S13Z{)U@KtTBjk1T5|AL((-`V=6f|%b=7!Q{7 zJremmXVI>FzXdx8zR`nQ*uzoQIU^t8ENaNuj?t7&c{`?2PkdaE6{lTL_Ibkg0J9y7 z;6rtgZIFB3em!~OSLKp`4GAHAEdGuvrhWWjIuV-dw*h|4KzOXf}jH%yoJ`~KjB)eWi=%0U= zNpXOGX>FeZ&TWQb9w%hlFr5Z$>Y$(-*Oc z(MA_#Q*OgPH{~{Z0y5CXGO(o2Z-Q!LUBo!0C>les`JR?tvGc%;f#=)&9}t7|w~+F^ z4L-+YA50Vn^pV$A+I=bb&2-==;Hy(ModHn|>!j^We0RZjFKb&Glgcg!^H_03#^*b~ zp0iGgHne>Y<%6#zj+9Me-vK)wY$j!j0rR^9#-Kr6yYl@w@-2xxVu`PpvV0yxxeHe8 z|C-hu6#Eg_F<@+Ylsdlc*|Z)9zU zUw!iZ4a``jIEy_6W}Ms5X&dr5uaB~1;ae@&eW?{IF?D|%%(-t}n#^Y57h7wI*vV|< zTR>SGIbRQT{lk253_G?)ww7Vq=(x4ir<{DVpnbvW7NW2+rv=Ry9h@Je!J z#oh+VXUr1zZZN+wFop&sOdl=;OY6O|`k?F>%8AbyXu~m?uvbSu*M)@f8IfS4GqYhI zY2&_#Q4N19;oqQ-j{3wHF5&Oe(|i*f88JIn8)BUio1J0a5mn!ch;gYBG5_{Y8#_?n3A*Q@*6}D|t14IxzTbe&B~P;BC_e#~j+e^r1`T<*bsbfs z&U6koQh$hbLob7G8oBz!)V(WMn)_mJf?f$WZ%{cu+NqC)w2{W{2u@3Af+ zPqI1YJXdyblwB4129tX~?{XSbqihoUJHC7pEUi~!kAQ8BjaihnA@)2r@-3jOjhwHC zdg42wgKw&=ZC!)O_qvG9p_2Gcj@YUUYeX!4^Fi5DBIfrhl(lUW8HB%C--?UazF@}h z7RtCE_)`2*tmN}OYvY&3f!Kavj@?BFCL1TP!`Ro@pRieA+dkG>ca=Q_s;`AIzLO*0 zVzAU7iO={Yeb>TgJH}_&$H8v;M|tj(_{83Zjma6`C!>uXu&Rye8Qy%5%6(2E3FXeOLTbN-UyPu1VpTSqP@oTWEjR(Q1 zHr7TP`fM^*sU5Q^r*^E1Hg3zX_0h&W^2FzHK^u!QjJNbcJGzlI;TN4LWI3>sx`(qwb3~bHKVNC%!!>zXeRY z`k}1XDckTpvkS-*pX=Yd;d4HTxmM1m+`)y*#Koe@ph|MBb*0J##?A=deMpHI% zxGR3b{wKi3P)>X&z&DHrPS3Cg*z>@Qm2H(yg7yGgNS-#itG8du^o+?~C~Tr8TF9H%h6MZM&cRUIM$CTwmmS2Yg?LFO5mD%fKFo zZyq`SgWXTzz=wX%^#Zn(wQUcA**52S!hQ>O`9Ih7vSwq_L(iV%o^D4zTCa4)0fJV_nt`kE_~XDQdPuOdC0N z1i{h91Y}Kltj1GMahb`E84LI(9y$`{w}5VDY%I_C{1(tP4CW0Pb~>0gTn|iCoBfgZ z`MKa%QEl3Aek9o&*kP>tGwcgsq0h6niG@Co z7}Gs`H+|6u2CiWoDvQ0r@_SGRMQjc_w5x1AV(A)I?1+fnO+)2t2Xh_z!$Qsl$P-4` zi|1X%ChC*#ipXcbB)*SDz9lG6*qxCt{iZe5@Gbvmu5BHo#C`_-2y8C7vSPoCSbv87 zE@J5zCEpVfOZUyhPK4fpzS-oaanLIuzn8e2JlU8<*>5d+uEhVqcbI%&b5KO{0`?Ly zWEX=a*(H>J`B{$f>`T}ez_$7v=YJV?Gguw0Ba{6a<+p;(&9K`k?~A_m5%U<}TIiTO zpWLKBerCvPKij5V`Mw4@hUCvNWpiv9`<*jA(MAXLtD)1Ewb~)(+Ua;+Ob+XS@jRWn zHsrINj_0YFzH7ns<;jfi2Fltn-bwb$k*}7?ehEyw{p9wC?M-W^ekR#FDQmY8=ZC%w zMNhRI!@-_QJ4V2#&ucRq+kj~!^^t#FVyxBouhuL1MncB^HgbIy)5o3YeFd*ufsH37D6cZH{3kwtTsAQyA=tZM48;y#}l8h3Ia!^d{ za*N7tSXyIIQBh*4VN#7nN&XAViqZ;=Zrs#Fvl|)Z?|If)@0m4Qyz=#9_qRXu?zPsl z-*>(1-(LIg+2cJr_4X!xE%J0e)U#hLpJCX3owz=n$E!XzXT9wS--GCPLcyH7WYI_J zb!XO@%O`t(W{rZ)%glYovg|;57UJ>THg&N)aXj}};UfEEKAumZoAqqJ4`nv7XjAvC zod&k{LD`3q1G&H-M`&7c zyq^ne5W0k(OufkO#l&xfEic#!#Gg$cQ?}y6dGy)zaq3olcpTJ+^>v9hu&vx@s%;hH zIrMC+*tcY7AhuN(VYJ^&;`&g}C2aNK{8IH{TeyUtK4Kn{y%Eue`G${ki9ee@-mw)Q z7i1sq+b&VQXF9IlOCHs6busMOtj8tU#~4D}%DM7JF3_a%q^_&mf2kS`aErqGKJM1*1^dWl%qHQ-Js{L#ikPchNsd^6*R(-@g#HN(T z`}Z4|@-gjvdI+)_=6tRX+383R|J=thWc_8AA?smN30-8)0Qo`%2^oyd3E<#YN`4_GR=&STPovWnB&PJR#uwSoD`oV(OJr(m{~dYugB&~rbk`nW0EmOgs3ZRz6+S+Df* zm8|CuqYta?F-jlf34^_qxaC_|Fz?gIHWuvVnT^l&H9z+i^%iAjKikfw57}$7UhLB{ z&$+bSKxkQHwx2BaX<1ihmuDY)lAex~K4i`>+Ri03KiQ1T))mY?S8rUApJkRU%*=iA zZp8no6m2E@FU0Td&dz-)`&DLs^H{&Kzhrh!TOVUn>hpNV;V9D1f7Zi!NL$%7#Ikf3 z?B6nrwo=bAu3p?5kwqKCc%eG!H!9~+INMSmvfYsHAJKPj_^H^Q=*<~2sMS{L?TvgM zHkX9?ImW+7{M45<&uxR<4m*z<9?>7_-I>{S#6#}~nLSppTQaK?s<#Wsxhc_EiUsM z{eUN$^NVGXIp3={H;)6^#H_cdU@w8qWW0>Y2BwS?Ms!8#G=7w7R{yA!|kX4;@&b>ixE6}F?Zp4U-f``paN z<+^o|ekvbRe!gu!)T{cCg^v;V=taJE&!B$Ki5)v$!^S?N-nWo>=q)F-%(9!1Pr}?k z?DOG>Wj4Q<@722}v-VtH*;=IP*2gxZL4XpDD%a{t3I3usy^NitNOSQwkthRH)rTi8q33U_ya#m-`2>3htnqmB-a6*#Jm+HOAMgLI zFZ9kuPag}n;$s8M{4lF^A(q*FC)gW^f0lm;IF3*s$}z~zuaza4oSauRF_p+2-d0a4HKZ(Egmj%)Q~7iGN}gf69? z{#|5V=l$k=16t>fvh$EH-N(5ip^MC8%4+=HOBg;bC!Wee=<;+vv~?+cIQO`eJ~omL zAJ-6n@t^wIO1*C&`dvs^ZL4lr*j}IY9Dmie+EVDfk?kMhh0{4O7lumh7u<96`O#G3 z`jExDYW7w5crzOvS1V!FvAZhk4I^BEc&~3Pp^N#&y*|f*i!AQ-Sr*gEClH_A_2jh7 zG2y+wWrUW+GWz^=*j{|Sq+r8fU8CCi?U!3)+oN|sdS?{2JHW0YKg$w67E;Nj^|sc% zYyHa9d#up=57;-!&)OfvO&NYYx~=uBTs98oJBGc5t@qz#4HUx1{+TT*7)_G& z))nmMgE`*fXfpY^=;I;uuFmZo>`~Yd%4c6jTWvYzdt5F%M!(f zX)fuNKK=Bzk=XlwbEy(%-upJkDG{if{-LKoQ^kPjZ$*7_gqFDCsPEGja)T>cMYhA%LL?9+VXx*n71U-WWFPE9eVX# zUu~x&-#fA`{gzQ5CnMJ7&pZ@ejlN|$i}bFDecnkJY_F{6F*KNC=Bjah??!36CsK|L z*=R%`_3Yzp()xY)l(t%((EMa05zA+N2OwqnqJP!1TJQm&nMMD~v^@vCXakvj zB#V0)vOO}JNI@*K>|mtoV_asXk3+I;>EqDMN*~@&)NkoyQqC{Nm3|%j`YnAlVAXmY zms#ntTAh zXINRVCB!{v=p~GCdJz83?d=;^Bx|yznVDAhXZ5-7w$-|bm$tvodiqpv2&>_+*@fP_ zVcUPd|FQObn0~EWnbq@L-gBB+1zV9>_*Ks`m*-)!DFd25oKqq{nk4z1Td-*`Z67SyiJ5tP2-_1f zqf1(C;Bn)N)OTFAWm9_ZUpBsAcV@jt!F*P(-n4@KEVHhH@!D$bk2^aH^!atJk#!X8 z$jn9+>_wT4E!a_+#lGb|J?}kT!9R^(N@#s$D~R91*xiWhV7%Utj#0gg8~)PouR00c z7wQb;&`b9Z$d7+_(PHbd{cl+8m-_H}-|OGDJSJs-&3bniY&YWCu4D%a9|yvg%i8%hV3x1^!B2IjrP4)P7gRFIDQvkLYDnBySc1+y&6GK=$F*)Ej9{Gv@|d%#|{ z|KQgBd)eMF^P67y*fX6K36*I$F$g56>C46ngu@ z^t%c@ny6nNJ(g`f9{WC_`Hd);?fmHT2Dh%A&qB|AP#^ANmPOm$(bI?5c2ys}F!kIg zeuw;ue{9}O=;A%v>Bw;YnePHZTqib$i21E8nD>EYQD5`hfV}94!L4^|Wp6{~lAq(= zMIX+c`lu6DeatRc_=xs1zqcd$SVb81_zIP@9;J_{M;*PYk2wVkA1XzDp7-ga7rkKo zo6O{649ul$E5};Z$Gn1tkM_dH+sRKKYtRcH|9qBxJh2rYFKv5v`{QNgSM84zn3Mir z`uyqoSTFXg{ydpG_aX$Ub_D{y2ht|EBBPTJJhLZudvlT-(;VkLj3v0eYvL zG`QA7-2F{M(ru&~E;}`0I$fxSz!T zi@%+?g(<(w#6 z4|}>f(etuv@Vn1+%7VUSmN}2=V*=wa*v&BWi(`~}-XE9EW1k4UA7&PFqI&L^=Jz1+ z(DU7C=iM`4n51*ln0FTzdcHfYk2xq&#C~)8a+vv1%=E5-?+8!Jwz5wk_sksJx?d-| z0{JV<-{XeuXEKXcvDd`D>+IOD?XB-Ii0?W#P@-!RJ5om5FUt9~lkQ;S``*p*Be$PyIIIUY zg}6RskFZ@Io|EdM0|_6qi0eZZK9&==%-Ys-e$$D&l=)31KYf(>%_JQ@BEMy@$Zt$8 zb3E78eiy`k>&$wx-7~wgVBQN-Pp8rLqce-+xwiXfwx-bg332~NyK_j`u7~}ef8c5V zm2Aw#{n-QPy}o;J>)s8?n!gG8H}pmkYC94(n#LLY#lfw5$o7T(1vWPOknIPn^Uqy- zh}%}O!(ji;1>1~*jfZ_>R^L0b>dk;veY^^$kMV4evb-9mkL!y3!pAuU3m;3et$ler z^5L%zPS4PY);@!Ht#K=CORleaURV70=NM~L!g|a@-iN$!>EPPbf^}y$4QBbYZ6}`{ zzSeghA@iJ3wuyM??Fc&nHl9!)??HA(UIshoDVVnE-po#S)bi#rD%hQ{jh)T=n8EIW zz5Kzp)^8}aT?b2JGM8EQoy=xr=6$3qhc)k6##|!18upSK`i`NprI}rq%PgA+bFN!N ze&BRJEZ9W$6U*m4q+Qs!d1YV!$_|Fjzm9WO!q785;zs(Yu=Tp^r{5S{yON0|^ct{P z-yM*?;UOcL=7!OC4sQJxPxeYyn_*`VhTf})9}inqu#<`J$%BIK+%6>3b+T-I!8|74 zcSrMh6#4bSK04ahHw_V@)2hIZvSyll~9H`ql|8pX{n&h2EE7-jkV9FzI?LbiJi?|T!fC!3tvnu5KY_{G}|N#|pscWP$5_SCX{E$kEMEy`?1(q|!F*N!37 zRyGS6x$}@Tb}3F`mjA|oG>?s;_r|Q}xUtW)4ZYyXymE_)&Dqp+pK z^&uOV^)4qKwv)2n3Yb1hy_koz_c&c1qqZk~0P=xRLt4N8)!zPHIH>PFoa5jM_Ptq; z_Wc%5y<6qjdQ7$~`Zx#~dBBj=A4Jobajx4J)*uYMLy3F-a&N(2NPN7uMShcD-gEOf z9k$27?i)9xb&S$)BeRi(-m#gjDA;kCIk!iC$7dGjaONi)ijP=OPwzj!3l{rZRZpE# z?+ntV4{cp!w%>us8)x+8Cp$c|S-H$IuXnFRZ&|^dtF?{iF6#L_KvvdmzKjpPEFg@s zTtxiv^M|D023dz4kfRaX)G-u#Unl;x1BayV$^>)VsTY17&woY!{{A89+?HsXBfdy@ zGOlt`+2bQD(rn(ZxUhHUYOa!3e&b^>)3w!t^Iw-F0Zg(X1xYs z__!ytMHQxPFsfSn0OIk(d|f(`c*ZgzktU1dhvUGuQZJ4ly#-rB+~da@Ld&9$k0Sp{ zAD**+1G#(b(AIMo*)>SVfkRu*okLGHn{Ad)#;JJiZrI%gTSa`wgNC;5^Q-5(;y*le zXnJp*WcqfP?J(r9p{;Xo_52RixEBmcOddg+TY9xS zP8gc5(JY^g+b6XT&L7fx&m)-QehS+|@0;kke>kr>mYt_J`MQeyWa^dd9h|fN^z{C1bv~@x zR#sbw(8_0%lsA=^^logm07-$?SY;?Y?o?VwH0+6n|<6}_>k$N%JfmPL$YmL zbK1W$^-6X=6WODD(7Rsvm<#&?N@HLYCw;GhW=Y?)8(-+nL+_W}Lt6JE^dWo0ADZ)d zjG^zrHu2$a^9!~PcFsW@%L;Zc?Asgq+uoY>dW&|sGwa3iQojd3hwH)j_piq|*i+SG zT;X>-dRI}8=@s_qea+tvM48`>-sRo>>#+!SSfw6|VT11PUyt`^y|Nw`Wxc4!uK52O za@;X}Z7O>l8OlGf*g|MoWdB4QL!K)$h1AM@I?k!pdk8VVxc?$M9UFgRynwiib5;B{ zd@k|u;dPY1Cw>g35B1_V)jh;R@73rHx~T8B$aS_YL3}55V%C#=3h|xAUP4S#etQz} zoz%-on_r#q3PjteuT0w&7Ys?Zp|>LIl|G#BPr=7^gyG}!%n|yC<6E6=*CP6e>nNGF zN8m%-@Uez?wH~*@w#CPfvTf-@+i%V7?_+(|E9>z)*y}6x*n$1GT95m(?E)$rW!Cn* zNb(T8KwHYj~)``1c6JcsvqZeO}|B5}^JG?6BYa|Y+X7*}!5Fuq_*u<@LM z%ZOIp-jsbfm$;NZCN@!G;p0kJ)yL|Bg%A5V+V5g~RQvn`ux;sc+o(FOwDlY_#+BCq z-mmjr=X&-ldl=@swKIqlP4$R(Yh#`aJ@-rXEVFDA2Kt?u**=8U{Q=H5#<5L3*~byj zL2SQZwt@4@(t>@GxaT>&1v5YOI&*%{Cw&%j7Z1SWxF9Io*R{9iUD--x$Lrf`_hM*&$i9Rmz3fBw zT|_;P75XUk#=5vV#|rlStmpg@K5of+_Y%rRqW><7Db*I}*W$5?FlK)fGuH(`{|ckU+bHmu)$Df?X8 z#|Ry}rR`#vwgmnZIYY_i2H_68kx|rut$ZKJ1b6V!SeId+zT|)00FKFuNgY45ByFHAqYx&rP zczLf++ubv}ve5H-Qav+|@{P`HX2JH)Y)!$Q>Uq@fUNY=S&!hG{p+EEZ_Qm6ewVsoZ zOwXf^M{iX2VZHxK1;6{|Vd)rQ`DB}6cfEC3Yu}gs4L10kVYMFOwux*o4OBjllJS$& ze$S(1hr+5p4uk2#IWGMAu9H5lgH?T;Q?T&iaWiarbY6S>EyG&#u73U2?mqaKS?G1a zR?VhvMH`%*ZLciY8(?=)me`LdS{g6!yKGpkE9WPhfXJ2>?1hG!6@t((keCw{|zb-_I6zk`30Gp}H;&w4&T4O?#QCfjoegZVCmJ~|8A z&t<(vq4#CtC;jKJ)^&hoxdG;P@;m6D$nU0XyRcwKQiiX5YFO)cz1kjYrFj^(pwK%S z_6k_M&!C?F|Dy*MbCb;fHTXDe4WWK*&yo1G9`->nk2CZ52vCf1^_-h*ze$Dd9MK>n04nPZRff&zQpYYS?4gI)?PI z5ZONK&B}V7FPzNA*S@W9pO(EE_7cWWj4RojV7BS)h3%VRwqLxTsGjedXgiD0@_7$n z4mMx-6~_hQ!OnyEo^9i%ZX8x?NT^?2rFVs{7}tEKoMd{ZZyn)M zSnO}=eGQu_r?s{2MatZdZhA5AXA{yi$#w(bEwHiK2SM8RJ!hyF>^QjR2jzPY$HROM z8~ca0XCQB!%J-_;nq`)qg_vJEJB#&TQ|+Zl@5_g`+Dhi}RJJJlmAwqPnGd#KUa%80 zyRu*>!yd!dXJp~yoou(A$FeP${U)1L*j`NBcJ3{hpC(k#cT~dmV_9!?W=zAiuTV(! zmSrEZufo!pB-B>Mt81wZVy=_jnDu&dnPtAKYdg1R=5hO8nCA?hKe_ZEan8_yiDhxl zKylL2!&*Jh8Pv1SZHu!I&l$$SET29u#JTmT6Av~YW<4lQi+wD!DMk4{1e^c1;jQ;*kCAriL82b&RqGLLx*dAAvfX#5=MdMg z%yX6BJV^Np_6u11L&ID9n|ki6K6l~<#mD}zyN34naeDRsz73`yOT#bg=R%c)nZRL2r;`bxc++OY<`j}euxou>ABM8Ix zd6`Wq+RA$r)v-H0Y>WJ6WW93i#&|Br)oai@=@0$K?whl1cTo?=^C=tq`aH(2^(e>g z9Q3MV_dS`FWB2o0@!@#>k3aVLh_PGsv0^JeZrF+s@4r;XuH*UI2m1SP?C$(v|FL^} z&aWK1Kg}%0uKjrkvggTs-zWExY+vM4f988og!ZNExyXa}@y+yt9Zfvh=6+Mpb7)x) zzIHQ?G#9=LOHKoLDn6i>uxCK+*lxlOqjqE;}QZ&BeMDtI;Ow{a2=HX~X~1s_7@0q#SCsMy=ivD=OBgJ*T6sQQOH? z%~iJth^s|-M%-gMQJt4t*vE9j?I4Ji6=B}N4gev)D~9KJ(cvz zN_uT2y|I!GKOK)Z{phRnZ5_3-m2{($o{`g0uEqa&;)%`JZbW{3F6I2^6Hj;!+Jy{x zM@PE;XH%^k|F(m&nEEWPlxJBb-CIeoBRv*dWg_-2W&1>Zy0$d^MEPb{(%qHx;!3)w zl3qc&j<3isg*q=5hI?!2i;wrGPk9-?tS??G<7rHXRvB7D?>9D=y1@W;3D&6<2bdqb zPg-}6+=*SOcjui*_j=-)eqF}C;|^2nZmx?0bSIrAH#e`9hg1Rjm8hr?$80+CgbOFs)NwwSgVB&cKebl>R9B_tSd* zO^bDN5l z5$B=KN_u?7?=;d~=r)k^sLzT@I{Y}Fm422~(#{9vcH5;a$F|OIV=MVgtfZ$@^6jdm z=aL>vUG%*>_30tqMZAGnzo^eFcv)WU%JjlYdI{;WJ}XGq$y0GWTEFpx`rg0r<9u7@ z+fzxesHA&ImwtNakEl;C$#Wq~g44Gv{Na zpT^(&kBe!f%Y3^@Pb5#JfgjI*x{M?G+2r{TXAH_0&+8j+9hG*n9Xqg5JWgz_-OBxI z8v1o~73a67YPX3MKaEOyM#b-}N_sA7eJHl;Q~BANU0I)nm3+;o+`g>vV|~_;9#5!r z(jIYKaQ^LrH4xj^elFA9mGt^b+WMFJJ(YC$QLl~<%V>XeRnpy+wE2|!y_NL(N;>@5 zzGXXXOFP9laDE6s`re!N2tTH6$MEBLDgAWi@`PS@CEZg=_ZDf#!TOv|Wg#7YX2VNA z=3Ay0SJL`14|Qzkl|_1Go<}XCI@Z_sgcB?A)fW=NV}(4Rx9$kD$vqWp2V|B698Nr|ERULIGTK&XUbK z!h9&~+_a@!W#x>RLW+fL{%9{R-b?RWwrljooA><6wDo#H0h(p#ZU(*0V0|;#)C@K^ zgDuVApUt55&(YIAI%e2_W>BluO|^oYf5lg`E!uOFj7UoDqnf(SRJ38E33Cf@SHmUS z)l;IDi_uK5#(Dbwb_?{2Jhv}ZRQ`ZI>IGO{igxz`Y%7Z`@BNggU3Pk!WkAQ%DWrS# zt#YO&=qr@>B-4x1wdoCFr=?___36e=w}hw9XEkzfRs$V0>w~im3BIb$|Z$(-<1A3Y+LbVJX z4K97kLA)<+GhBsS!2!b&8SD$hzXqF0sO7%M%^WFK!OkGAKTCcj8}ES4A|86*L+|&n zIax=&-PpJaK9{&Y_8@!&dDZAXzp}q0JM7c<{4718gLfwZ7(g4D6e9!@5H6Tk0_h z#Iq@FS7p|Xq4~KRy%qLK$}&0I%Dl(i%Spr{LjKbK3)zqG4p_VgqTau=@$ax@gqGvg zNEgDR%vM>{o6mOJz!M1lx|Ih09YZQ9#fqe_xQt!gd#uROJ zX=bwu=DPsqcXz?Q4EqiF#kd-eFW+0cdH=rYQ0Dmj8O()fx{mxg;X0%Pu}#%G2V2{8 zQo;QGnQUso&W9a(Q1f?8+IF(d_jfE`w5jZp%wk;0R%B-Xh3z7kyI|Al$1y#$-z zPH7&rwGH-_t+1-z2eDOeI{AdH?3APbcjo&+U!eT=yu3Lll1%SDT}x=2PD9L3z2)dR zm)uR9tozL+8wOT zil3eZA5G-burY=0W5hi!Q0!D@ZHJ+^3BB%u`EJX>yx`E2nb*`0(`ZM$ra7)irt9o` zVCFZW(A$*t=D}=dZA0(MLhpaF-bj4e&ZSIYrn~CgKPI^d{CxfyAr?T(7yIlZx5JbXdH2UI41W) zJPtZvgss0ZuMcDXMk!bw=D3;-v%ckcj(uMr)0j*2+bHsz4(sB08T*lXXTmOq^%Q!i z!~T3mbDtxc>h@>+nxEq)*khT^D9U$rw%vlBi$21(!^*PA!nV7xy*%4aA>Z&3ww`YU z3tQirh<5orZSvhW_MJ=VLpJse{n-~_Pc?5i$3%Y1(6gN#>(zGNTedz1hXGm^!pHa{K<1GuDa}&|@&hvAL%!f@S ztq=7^!|dM$#3^FG{Rq{hcLL$*=nZGS8dEUeVUm@4OJKMCJ8hc#NZXHRc6Y%(l-YPf z%c9<=GP^u8s-M1L_QMbL%~!H-BDO&{AzAio1M6Xa>iq)w4YsQYO)EDe*0-0iTHn>M zu>A{h{oYOJQuNTbs^1ma_6WiQv3=fY&3Tt(dLPPn_D_V3BCTKbE=H_>C!$~3^RjI( zaed0db}4cFmbR8p+ew6uQ|mj1xJy~z@LL`i>ga^+A=p~qF8ph!+>F@2Ghx;G&Vp%6 zP;=~lg+_^b$j*Z8eQopkQt0{pblDkf59Up6*^+|2DYI1to0-}A%t)qh7w9+UCfP&C z2Vv%CIb(j zx8pSQewFp&7^>~P$Y;@u^9b1=kzc_YGV z30r?h^V&Gr=Q0~Z7|a)w)QjJ~=)?IU*%p4^Pu$-%&S1NXdS6HUU1PMptQ);yKkb{t zWbpF=CyBX$p%_bJ?JDHtPuv;@*Qm|Vxi!$rO z--Vdp`a*Bvkfz@;1-mS>((lh;Z{Q@tZ?H%CN@o6w_f;-IZwY$1>&KQBw$Ev&?f%kK zi2O!o)=oyj{HCU3{JMgj1bYd#Q;YmMv#r132-_Vqo0E^zRH3#78{2s*arI>Xgnj$Z zeb)i9Ct%ih9`S13y4{{_hvRPtcANzTdj#7r!0H7XKv}A657^FsYK|qEEtTag!UpA= zQrKFz7co(kKCGLzo6*BvKihi?+hd16+3%}i+v3;zURA&Rgelp!QQ)fIjfG!-=j?a- zI$DtFzvMT;DRkiP^8?{Bq>BwM`#H)AKd&kvU&Y7qD;%RFnCe zYnf%y_LIm9>wJ@$ZL!bX3Og0HgfQ4`#Lt6mA=K7(z-8@~H1-*UE|%{%h*r z!JL0&G1km)cf|bMr?qt+^1I%zKDPPYu##PHTz@tiz3pi1*pIa3Upm*Wy1(yxOfvuP zhkDBkA3J9@HurfuddCpojY^C~&&A+m)i&~@i<6#we==EjU;p#x17Ut+ZF08TkI*^#QS>Gf>O)(9 zA9n}LeLvU)*zx!GT|=mM1WendS&u_o?ZdEnZ|VELezFshUD-({3}}|uzT>t-?Eskj zqCV97Xtte8s7`6S2&T`{*4Njym8~W|lZPskhzGj`b^|-&tb(n9S(Ys@qW$uVdCmNO z%0|l<*I=@r!@f=3CJ}~@85ByrXe;%OgU#WgkI(7&OFm8_RIi@vtKJFOc6GsClUa;s z^)7_zcP$MPe)%_MsUDp=U{NpHbRqH3yBR&(fNpQGJ7A9j?k?E6oS)YzMEm8pF4vda zjp?_x+BUL}V84E6e`ei3`rm!`($t#_`x<)D=Q8JK`(rL))$dZ6^>BXi-p|>zK{sKr z264yQy@aUt8!wwlQ|x~A@OT)uliBv>w{tF#>!y$6GIOkl-fh^}muIle#deOq98Wy- z?m*9acx_tsJFn35K7)F_gw^`Gf0*C)=yxFp^Pz(=gf6mf#4$91F!atMuAbZUTk73S zI`qyZuHKUDx752X`*nYFettLS+4|L1)_~n{U*B`_V9qbG&&WNmLU{$|I!Jf|V4(M2(r}L|x=N5k7ZY81ZX}iSt?N$)C z9_rZ+`gMP=*0(L!cSm%ruh$E8LKpY9xL$~Hpxz|pTR-W0e?z@f$k_WEvxr*`87j38 zz|JAmugv>HUVkhijIl9|_^*H2_f2|=RQtEg9(x9Qr)S$Z$27lJW_At@rQdea>yV>1 zFit64$(G#HWZEen&n;gk6$`zeWm`V~+K*`~v%aOR*ZA6Q4}TMK=3~t{f@ornQ~$?| z^OcKw2O{@wYF>v1JBY| z_hK@395}9{Eb}v)Oc?B4na#^>Z~5K}`~3R{re}wtH!tfoin?8x*{aO;!Pfm(Tl-X7 z*(r!+nO(5ynZ+1V@8ry!o5FTRW?codKg@4cX3kariP+8?2(^{ngsi2VJ%8aZ^_%Ac zwzJJn2c3e&-zq02cvtVZw%sy7nHn4o^?TXw4>n-%` z6K&%giRzt!RQ<}PkLvH&bKB3uO2045dZpiEVO77jmA2uRBGrD*>cjj~+KIV*vWGJp zm)k|wPF%fuuA9tx<+;2d#lOo*^_3lz+3k7GmU*3^?fN{w$h;1fMVrdro!Ll2+fVl4 z%(fKF?;hya_k%+3+RT<0e!rh>R~LRaWLDPqADNZ)-IaP)>+3i9^y|Ay;df$YYYV?8 zX4{R0-?wHqlS+l{g3RLF+xlLWS$z9Jc0EkLmlr<1n_0}+>fM!X*KyztACG1hbCY`8 zah$Ynlc{&;jR}T+ut_leHVVI9tI4{Gx_N9jzlDY03oivdv_i1vFw9{_L0oPU}w>h&p1-pv&tNP_K@=1PuZ@B8$>ls<;_nWY)UoMvto16W5J~IZ%=oPv3*Rj)0#y?XkUEzRszq{Hv!#Pus{AeN<`^OK!`XdCz8WK%M`yU>d=$GNh4 z_Pe&;+tP>S*aPvpY))>2U|w6v$TD3cUrOk8ndj7DYninjndc2{W!lPc)6e$qTwmLy z>NnWa`Bks#H`vqp9f9pti1!M{5n2z~7m&T~9h9CyT3_YGtOniR_dkEs`y4Xwo)$e1ls^3Rp+v4|6S?_=IYk7`F{7&DjTo&2!i2q~3V}*4ftJeQm zxQ=+R`2Pp)TMU_`_X)!E+`eG8hyPz;(!DRD>3+o9 z2v36b5C(e(@!!0U`vQPq=fS>oAI}2{_Ac0JY`yLYAEywn`kevOZ!h{p`}tj3u<+}? z6?)-!Qo+J+SzrIBMAa|1ag*Owg^y>uzBJR5{4U6Ty~oI3zxwtRWr_MelXm{tR{Xke z{VV&ITOaBB!+-e8pw>0E>@A4nd2Oy+IiA-QEXH$#a#qK)^LVfr&$D5UD^9)AvB_in zMB>4Gj`QWe4@&n>QB8VY_xOGoyF*LwKG=f44r+Zb+5CKFBb&kw8Tt8cvbJ{@=YO9i zfK$i8!~hJMSeGCHm_i-GFw})_YC3L->|mU{W><){sFTM8if!36-w<$^yb27wp6$6 zXjt_Y6?*f~dkcDN3dX+@OnM^wB=W znXJBx?RrATkj(c_$HFF4IJ!8oJz>d~&~~91>3+8Jb0_g&#${I)Z1>E}DD*sbtEc~9 zduFz#VD_PU<#pbtU?={*c~6q4mua>6$PCz2Lh~bw^gokA&vq{LRu+05&(-sK!1|VY zQ5N%Skjb#U+FHM7lKCvAYZTv>CLVsbmHF)ber#tIwkN=@!bf+(&e@9JbGPDmc4iX_ zTdyH3-}HicPNv@l1v?*h&faaUezR`7F(5`!mNN>y-C@szErF?{tY@X(2I6Fs*iT^k z*g`tmgxE-lc3bzjF%P%V7F-TxqAQXQkdc;#I%pyzxP7 z^*asys^2A4MLT`=FB(Z7CWXTyBgCC(XS zi(yM%!2jcBA_%?ZuwP7QtF0>7U9jgK!Q8}2t$L?o>pptuk<4ps3pNvW%_RDW4x%`z z{dOb#3nw(wVWD>#>}K>XFW4(#KZQ-D6GLxC*7Kf=>^Y>5Lu}{qgf3faXZ0o{>dhvk zi2d{yl8*dN$a*UXDNaAVHCgXSLid4*l&_J?EPDv~EMP-!d)Xt%J5O$_J($}?_CJX4 zD6OZk`ju@)I>>KCk)J;HEqpkhE!XBZ(^iDq%C1Fz`zGp!U)z~(NzZi$&!YWuS=74` z+2t*5>Hh`UPO>xE?*F=fkg#Na>szLecJ%&9`5Rn_uil}LX&_r)uz{IvDVW!|>UHv< zC-U?EjmRbxtUa@71-qF-syC^~@B5j}DA*4&n^Uk`GFx1*A7!?@V7FzqreH%E@A|!+ zx<{FZWwxPU{M+rMXJ3Wh_L+?=+Hc3q#usd-%%YEM=L1;jH}3Js4$SN^!til$W*zLf z!4Ao6T)})#+We*z?C{KH7VL5cjd~MD^yT-TnN2I$lFZI2*e5evSg%E?f0$B#usc=W>X9Hoy=wxtT(d-1^ZrRJ(C3XnjH?%ZN0Me& zu1(&DcO%`WydjFpFrWE;&LGLE?x?ycuZ~v^fCF>ES>j}@P zqu*q=BVRnV@4Y^mZ6G^`&@#(@l9~M%>}Q!RDwy@v*1Cn>YT`@3(^jh!x>y(AYrY2- z<5?d+K-8OGP@l{#({thfdY+Mp%^ZaN=)&JIBF-8TTH*z2p&k zC&2uz))|bOU@wN<$vIaig$UNjdJ_xge&PQh*_88hUpNMFjMoXZl^u`xj^Ubuy@dEZ zGkI4WTkGmR^Hbu!18LpD)_p-A^9mnl!rXt$dfWvY^%>4Pvn}fB{jgWx**xcudfW?_ z&B^(x_j_bMtgNqW=xh78fn)L$Y?xlOf&1VSKkl0+&F@3V&THG!oMYNHcmZO4dkL%c zy&M+h`wa2f*t(ww`!wvsFn2zg_KrLAYY@7W?Khcp=s6~As~F?jdfsXIrjj4s-miT6 za9ox7wHJQ(BL26#`o@*{?F;+F8=LhFzjc`9Tf%mA%KWY*UFvD8UNGka`+PE?j3E7A zV(+Pjp3J`XywfohdR!VMR<_@FG8zcRnx%qA6je}?(LauyPXkH?5RcSf6P zyC19R3pqwn+0g5Njrp&(+C~~Q*e)>tmsB}+{XUX<@f>k9`JJ16%q7%Tc7A48q91Gl z>}C8jCGXP&yCmx^&-=8t-I;AH*u2bqR__VD0K2hmaQgpXMAN%)9;Zfqi+e%2%<6e8`x$y2xy;EgY~A3#|EHS#W;P0&@cS6- z)9A@CPuD`fg}rqtW3uq^IP6;VVxKlYZgnOW&vmu`AJ`)5v6i?#Wa@pM{^%~)pI}}O zZa_huy^wW?*XLURVf%-i-@4qU>fV=GH#>oPQ(-$(*2{(tPVb77Oz&fvpKY}~*F!z8 z2|kUUZDn2_`!-~~G1;$rj;n8=*A2sU(%Y2vF3)<0l3q&uy9W+#-OrI-4RbvA5Vw3X zpC`*=-96ZWN?i~7Ae1R=)HvP<~M`5K4dS;Y-PbbzTGm3 z`sV!9n@;>iM+|N~Cy~7dw*N}*Uln?15ZA}u1@r&r&Aq014+XRI?D7?a!(meiQBBOb zLE9w-J0LUX&?xg;$nRpxVi|(H2WD9=FZ}jC%YJX(ir-te;`fnf*{|>WRO>sG0amT= z@vvvJohOrD)i0L{Px8C};AhwGbIGsjcLJJ$alYc<({1*>yonNWvvwZbd7kV4fJLROoY3`(X)3`pKupP!BxRu{nPGX+T z`W{Gr)pq7zfIq37{cZTO>G$Vb@w>j__b}@3dp>hd8C>fjZkx(p1appfuwV_CbK=C@ zR_YxKJ9zxy);rd+so6H}S;{74Hjh5g2g!5~Tp#tEpUipaTlkn#uw#jj<3+S-D1@!Y z6m1)HWUyCfwyf~sb8Pk6^6|)Xv(F$NkDQ-fJkG2`JRXf9G(YvOMm!!ZCuExMcRZR) zI`lqA+~biGtmDf3;&^m>*4vJ7Kg4T|@dZ1O_zHf|J*!~Ow>QJqR+z{54F#J({1seO zpMzh^qK}s$zrc25W|S&@Z{dfRa2^43F-T>Ac~0nJa5OUc1C)h?`DyDjg2m{qE||Yd z-Rn}e(kRxKWV+A#hxZMxt%HT_H`t(G&re+p!tc0(h2NR5u)T)3e%BOi6>Md>EgtwcJ1qw z;V;(=ZjD`;ZGY7AzA+@b4t4-+6LHfW$XMi0{14)>Y}1F_XTs{;O=w+9z4ckoYt^%f z&%bVP>pDf|*f^ONHLbV#$}$)nuweIR)`S1h+mM;ZhhV(U zmTWIC*sn92ko%Hk?Psj^{PE!0`pg`EUqil0qj=rp;#lyWs=v{;4fLVjHHdmw5}Gdc zHj)m#69H;J%tt-1{lahPHL_p2rM55e6FAA5g1(FFEy$ZU z3~v2zO&LE;sZD`(5%QPxPRe@o0QyzWYqZCBA)B8`w3xpk@BGQ&+RV&!brEvoKRAyd z)Hc|<%uFk9M!tA*^S7I!cPUIg_al9ldOf5=?}NnkF&l+oYhk{7cZM{3mQ_ zB25gWGFx7-9buNai%>m++Qo?9omoTZvMX{0$1A_1w2^q|Eg-HQLp8N&sW&s{HyWJ_ zvR*sSjkU6eoeorZEKLFEqEMc&P zS#MePOOU?*a?MdgTHn-`{Q~(Dtebl9m)__VhW`DUKZ6u8H%_Hu(8cEq@+mpT% z+50;~Y9q-g*sZWXziLRWmjYYgk;uu&NieTNg1rK^0Oq|a%b}k4*1rv#o7+Gi-dq0~ z7i_+Z7Ct;q>vvuI9tH`)(SzVD46lCGz% zuXXu75yw^Zo3@7`+RkH}Iy)d?>)h$MDs5-LtedtMBihD1S=z2<8>;-#YJ&$PZ?!#>mcx?eog`q~fA)UW5U&(trc?9bS* z@8UcYzjgY@XG+eU#_e-MnRA$NvQFofF^5elSj=I|V2-O!B<3*BCxR^@?i{v`FnruV z{15mYQ(^j*RsBvcSomED3m@TkeZj)-23YvLlX%sy>|gEozwj~o=>GMU{j2@{b1Qyj z|7yP-bfCwmiTH}Pcc1p#C!Qlk|DMV5)Ng?-D)e>=Tf)-zy>o{o+ctDLjV9;4 z!Iltr|BbR7NZMntK1LC`bRscFj7g-)!pB0G=Q--dzG@o;3m@0PtXuf-wpEF&? zlSG?FJG(Cii@J5fteZZ5ig^Fj^Ag$fNxuuZt3I@KekFT1;UTon*K=F_&MIshFt1HL&kw(GO}wDcb3U+qvCr5?FNJw+ zY98TtTJEE1uqfX{#PvI-$j@sb^V0{>e*HVK(0erNc`h3JOpJq-h2CG-Zo7Dmpx+5> zyAj#4WoYZUX|R`mtgr25JZ?yO(+R`&CgN-M8QOXWO}%ety(G%7vs^1@Ey~_zBKbd+Z`%%^_{mQC-y;iebO21y$R{h?Q^~$=*s`d3+&HNgK zQ9hY|Cl~A|#MO)OH-WVCf%$b4hOO7)>Rnf1>Xq!5S+A_GtXkh+WxcY#_rR+4{dLwW z>np3)_rJ5A<&QGU^c!Q>ZGX&qG45p#Am+E4Fl-sNwQH!a=M!zj)mwnr1~G3qS3IBX zo?3?PjLz|y< zIUwuJEZBjWt;x)5)&Han+K$U*VN<%E{m>8FTlalrw)4{JXH}u!@|IbYMQ+w;atv*hLnV)^+as+ZV^2Qmo72C) z?<=$I3I>I2BszCsP>$!PVt1iej%W3@#(s=mIiA(4GK)R|@&4K5Gu_VLc3{U{Wji1C+KI!`F@R{Q-{FK8!eS1y&I=Irwh-c` zpI+Q|RPO^>?{X5>R~Gq|`~KeWmvdn0By?f7t9=y%|0lyt;@Zi+j`)qiDTGm9ZAYBd ze7;4rW$Sm(wJr7PSx-hcr+e>b^COl~I$$vvk6aG(I?u)6XyhlbStP>N=ljoxtuELb ziGTQI!&0L}eXqs#9mfuP((`@&dY*GiPdM6f7J%uVKZ3L6)m)K?bSX|TgyKI}=)_s=?Q*pr^` z4}w*n?_UAyA|Kn?KEE2-4_1A?uWj}DzP9mve=>H?d&A#6EPcO%WE$6e<}dA+(WdJ8 zzmC+~Ldah~J)c2Z7WEF#dR@$o)>Rhy@kx(XnZJzQP7DyYM?F@;*3RgA#$w&R2YWRy z-#FHYruV;jjX3GuTiD*3^%k>Dzb`;SFZLtz+nzG`?s#Qc)$%QTq2 zJ##&brb%U1&-%XP@?ov_b7XgB7WH**em^!34CtG$UJpAH*?AyigU~im?|k&WK|Q*O zlTCWIcov~;a5-V<`M!nuwG-OTWqu=Ip?59u)#!~WY_Ee&zpGi6(3Ab{#{TS^FxzTH zVY?D$nO7C;MwsolgwXs5(z`36gKGs(Wz1j3%y$-eo zwxFoTBd|L-5staeHjsI&keN2WI9Aw>rj@TF9xEI#rJlzH^<32B6`u4zed;7E%W&9R z*!}?j%w#O_U~h$Ociiw=SHa!^^Ec3Q2}AFl#QhC)oC}zrbyCmgYN59<>%}`Aw!iIr z*T`YDI-z>9%aHf&GOTq?Ec2Z8I@n^u(0d>8PrqV#>zzRL<|Ds@ISxZ_5lq{22xT5W z-pk4{Ii_ImgO%qS>itJ%qjFoxKFmtnc?G*F>-ipj`1m-?bNSV|EPG(P4jaFXTPLob z><=*Cd7576{TJ*lUmBLKFGA1rs?W_BQ0po59?G_32t!Xc|5om0WHuWg`%;z**Z0k9 z!G>HoJk51vnSOKG#RRqXUBhc@NC!JRv&RZHGqV`G=J#BDO!(Ze)_1pLe}UOnGl*M0 zna_-E=jBED{J!3o<`1uRvMu!5Vdl3fx2d)xU|w7G(%GTc0s9rUGYVV3@%KIIJE8FV z>C7C5Vfz`F=XDb(3xBm9B+l2O-}JjC>oo`+XQiI+JV$;z&@R3k+J#QA4w!AQp+>$_l4PZYT@_9%wjxi z>-oB6E`6My^`bv^NACgZ?r~vM_95E@`!Q|WAnq9IL5@Of=ka9g z5aI_vGQ8GH+(qU)F*9JZh!ais06$4MA2zpOpCaz>vbqa)Wo8QrOCO)lK7w^p_~$(| zymdWD*QfV4{{5$YbBSfy9lcA?8$;ass`p{UZxf6ojQkE{qy0OzV28mRlUp*|o^W3( zq+VyiCc@NPN@#xS`CgiAL!oyx?6S?n)487IQ1894Rj>(!!RBQaWAZ2HorJ7^czEla zK{g|^Iq2(G_6FqnJ8qZ0Z5`|_uq#Flsddni!QKjc9eVK&i?-eim+^D%q&JeZ=iF@% zZddCjuC45Yuup6^B8^F0r}uS66W;LfcIp2(1sjvuEcCMJYj>;F`#*4O`MSgr4Gx8m0}=zOTpZ`4;G)%wcH`aYO_l=Xcq zv#9Th)Zy#MvI&FI?|+G=a2LWqz#4?Mi+a}~ers|jjU0?=y|&xS2ey9KtKN??b1;XV z?WJD)rqHqcY2@krs@H>*eq~=kO24w}GYh}6?`Ni87pCj9v_J906CK2q#S1%Xouuo; zm0gjEq@72ViEQtxq!(7wD=O)Am2~(u-*)m;y2y7L>9QR9Dbuq_JI{o^e(R)_z24SQ zTSnSBK>6<5I}$JR55J3ZzL8H)C2jfj8{2y;>9v*g`bv6JB^`ceXCCd`UC~=y*&gKz z{S}q%ma9%V75m9@7*|Y(-xdGt-;TYN^x8^#J!$h$%%_&~jdIj0e!5A|Ma_2q5$zs+ zyWrY{-BZ;+wp;(sLf`%@)4i3n7-|xCgy8R#h=f!T)Wxgva>Gh;bKbxMy@5YLsO_lV&%5SxP>nnb1mY+6L z?Ej8R{Th|@w$}IQ+IchODE(UhvYjVZ(%b5HTBUw7D(SfuzxGS%xAPhLT~_h4qLS86 zSzqg4`W^cW{jRC_skZySs-0I>{PtGTn@E@Sb)1#;9bZXrYyVdLRO|n*^1Jr&C!T1q zk0@s{zjXY)e|lOqP5q~!t6Y!%l1keBu#0UC_QZ z`ksGyysZ;g(s^sq-}@Bfc}XRowWP;lV_u$@Y%bE~>wXp6O*;<;GyVzd#=Umctw#huNTaxQ<8y!G>dr3ElD`h(`hL?VND(MxK zwE2|!wqu!IUrBGOq`5Sx9f-u@{l2#GX`Sxk)~t?mZ@Jjo`!m$J9pb=b9(B#&>qj zFQQoU^&swI%xtdf#^2D4w;3PV?z)+O^L>hSzipSuFxSmx?qK8d(z^M*!Tn=X`U-aX>1!e#je+b` zu4+nsnn`~oo_;CbZmj(bR#T?P%=JWL?P=8@*{q?lZX{`dRP1rJ6H;6clVWM>byKbF z=4P+a^*3U1~)0wM|P;r3{1?g}{Ag*Xgqu1P zV#}cJhHG!1v+iy z%^iU+iVcL#@z9;aX3EVeR?i`hOj|#~27zI!b@S`xq`QGE*4|}IGpJccmu3?+|3Bg$ zO~iT#+lR1C*#Q}z!sCb^XS_bV_8eqjeY@JgeYZn@I1Yx__GSCNZf_r68-mmpB9|rG zffun2Ask-2sAG8TgUChG*q)Yp`u~i5{=2D@V%>UKujlyHOWlk&Y6IIE_%q(@=kD5C zes6kjZNNbIz+NoZA@^c6jZpawx_6Qpl9nIWy1Rc<>u%gzYp-{6aO_UsBzM4FfbepU-%h6Z!S{KMww-1{ax@v1OVmzdB)nIGe zT+Z%X9p~1DdfnaUv$}{?%AhuY4YdKNj8>(d9$p_yth)!5#Ut6Uusvmp8jI~wl!L|_ z*yf5Up*GOLFtB+lM66rZyo2j61!~>@wGYG4RozuXHjUMQv@&_Ds{sv%R$39(hRNDo zjds=HipBeelT$2KgK}g*MCM22=7@}rNUaqK>%2cjl5pqH@!ue%Wv7T79+Bqz*L}z3 zrrrP=!RosVOY!aVTD$#|^Zf_BrF&>?|M_WspX+I6mFRJ<!Qr&g=0q-HD$v?KmHgZ5`R#b#pu1<^T2mVkhM^U&V1YrIMaYx{GZM z#QLXt4xpZh&j(Wb7U?L*SjLrc#r<}CB|V$8ZKc>x-K5L*a$J_>@_uER_P&{Ah;rC| zWje~yfn8aS&PsX)>9QQNNSEcXT&3R?mGrijV=?zZ%W^EKq}P!y%dwGkS&qfrCoRj- zTS;5avi^%J?Gx>>1iP{vJ(aZmR+eKT>9QQtD)rx5`;_JAeTs5yuK2ByZ&|MYtA1Hi zDaYDMx>0El>tD8qAd$;^XalmIaXHE&Yxwup6Y!8b-W)|uau)fx{GZM$|o3$N2GnzUL#R_2)bvnR4nwOqLLmH6$_0L3lr_AsOY66rNp8(}X~<6?Z{J9Pa;G-rXOXY+xxwqt2HhwPnECN;k$l-|9>AX0pwG zuxonz1*tFdR^5qg^)0e~zSWkFO1D9$k{#ry2blVXZ@2q4R5sbSR^N6%#5Yrwwq)!T zxkiD8z6&oP4&D1mtMfi&+o;ryf`x7vpWVCz9g4z&Jpua;7ZgSl2YZV2 zAigB6DcIAbwcS*(7c-k*Fm1H;(nOT^^Q>D`=w2dy7`oxvzbg3^q`$F8?UIzXvgb2f zN;=qcu9F;`D*7@M zpBjA`22(c}{ZXVpvroQkNM7dLj57%Xa(OcUn|Q^r&TT{!RX#^p0E=}~_kMKy5@P$x z{7|FeD=Y<8hr3;Qa}dV3HoZywWwy)twHx3x(czr$i7Ta*95bUJ;}d^Fp*JV3~{hyNbkH~Z9hkvbnesl(AQ=Zy0N6S zT~x3WNNekMYa&=j*sdiVb=aQ{Mdxo&vZ3TZOWOWoySSA7rAj_@bJ5xM(Vw+#CvU&k zC)=g$_u~uOJJH!+tiQ3pOvyUjO55m-d>K&a+(uU)Rr{}KcetPV|D<-^ zF6CG^fqd95%(ip0EnPPKx9HpK5B4Y9Kz0G;{fr+iT=!u9fA4Kvc(M%|S@@#uRp?Gc zx1!M90{h8foqa={|G)VY%%Az9yn|`n$47OJ8|wClS+CnIbcezo#kQ>1=L=ZJLUbh4 zdQ8l9%q(nA=R^JLU(|a9%zBq(#?X-dgL%twwKgZ4ezzV@d>^bztS{=0$7Z*aI~gwM|+?Xe=(P1Xv#bGMrBq5B}r zJ|6w=baaCW9?z!{hi)o5k2BF=DxEZA)Lnkzn`0cA)Xv3f;Y#MH^V&S2LTOec2u6aVH(mNn4)m8kp@8`?<{DR&4{i zei|dnZRB_g=I@@YOQOD!3 z)qJ+7U~6Eui+#MYU80X$-qoz@iIY3`U)ePe!5oHs=~Q%vP`oIm1n5-ips`)g*g-DHjf z>Z~Jlf6Hu6!F;Z>x@86XM`r5_W<#orV-#*xc3{QrFXOUK=I3ss)`GnSW*?dYqv$Su z$hOx%Z3m#UT^5pVY?noaZXi1QT1RHb5ZhL_)5y_QvV+lG`|r#V!}liZko}dgpfo$4;+lj5Ch1g@L-(5Uj2m3u~+sbjUaX)G=bcbN8FZRQ*9R<_Y{R3&2 z{ujrs7Wf%i=lPKPQQ1#p%u#oC*4d7YzD&=)u$xvq4&LDXFFY!7`t8>a1C45_Y*ZF}L%d(r93(4xF2s6#faV5?wPZ|)pRtm7%z z*{|2OTloA;wq04+{wJ(_j)S&qvhC=?mshjSdk8I0zn$Y{S60k6aIvjvrpm{v-Rk41 zI?r=Pp<6;aY(EA2!XDk~=N9U&g)N1xC${K7ZyHWk52!_6wLo{zX)^RQpeDfu1(o4 z<4L<%Z?ubT6*~71+huXV_94APN9VbKZ58ZZPK%ot)Pr*ky-NN5QJ-WZqWlIX(pJ7|IbUu$(-Nwwi^xe#6TD3%@oT z#q(*3@@{~=o${h@sQWbR2k6!pI+?a5yAifK{*9*&`&9CU*!i6tV{sv|Ul8l_!t6^k z`S)Ub*Kw?G!H$Jpa%{Is3!mFo>W+gwh;C9YPj)Np26XnXQukEW>5Dp_%c(BfCF)&Y z)QhC@AO=3yD#l6K1F)^m;8`WvKiMmpd3>{8*=yN0_5~S_YEHKE$%O9N&=u@O*h0P- z^H|TMBdWZcw=2)7?MK?mj^l0p2YE&c_3}#WMdByV?tIpjy4GyFlyumh0`qzGQ!rGc ze;*+Dy!u%%w~_325;y%9`$G1QLvf`qY?lvpOY?47p3LtP|ABuCh=XmHb^Qz5{+Y#` zC)zsKndMn;*!taB)=nI3tIT-(SYjSCy}t1aboK)m*@c7|u#v=K*>MEdcN{UrbXngi zqG3!`{Qg9F}BX z`tjMRgfn6BT}WR_o$XTUmKOe9fmmOLWnVb;t-QeJ&Tlf4w7$sx3Ue-#_G~Nr9ckNT zKDNBNv`fr!rOx?GeOCK$9EtKg$JEyAK8@R`8KCYh*q%mk|7ar)X1{l?$Bhllc^ymE z%IDTQH~VaP=Mt>fa{=4Mwu=2|k}JU?i~VRcgQ4|0COU7T+o*+fFuw;_-c%ULF6GTC zbR)BFVb+xOMt`vmze`%)2GWh~(t>~1YdxMn`|PIyq+N79o)P7K6guZ`RW~c4BZ|LE43{MClnqK7TFxv${X?HVL-Sf>_jX ziLf#jHknu~bDL|so;cRSKBVm`Vtpxf&%i?GG4W(h{KprzN09zJY&tR0RL@}I=U~yt zDrZ{z%rjN3yU$lgJ)j;V$2V3_62f$7WE_vl#q;iC7ljNth0%&gQ}WPBID>b$kuB%R}@vnA^yDpC^om&B(f4$+wJJ zMcYPSZiW4Ke3_4~(U%|nzwkxdMqhsX-}L3l24A)z@Aa26Ie@m1c9GfU&eP{U<|5mh zux3MTd1pw>tOJWJ~%U1`qpl=-9;*i}_nUZaqhEUx;lf`x(Lh z+(L{=8V{mBF9rmQ{%jp|!K91+?6rzu(VttgFV^vMg4?JqvytRaB-l^gr(GO}qMwc> z?RuzlT+`<%1@jt*+o%=iLU%FDIwlqD44Cb*wqUI==Rk_o3@9d^VK9^avi|pSsi+0%qwiDrtf8czBSYKp=2yV+I1>2MK zZ}~F1pr>YSz5;d1lJ9mZ1*Am_RN~`)AD5c zr!J1?vYj*YxDYzIx{XD7jt8=td3&g-X4ao$TG$TGY<6Z;pN_lE-!(h?B5NZ|^}jN? zUfI_P55wlwaN4iECgbyg<2#PJI|-JzAp0Wwd}d|6-+|fo{hDk3T|oXpLOTuWHgdU? z;CGzsU~%kL_anlML)d31oR8Ca@zKORU^4;1j)W~AO#cJmPSTx1+)kn6VRY5RJZ`Op z#kM@2{1xg7Urr_8=!?2JgwmJ(#ct>$CA??>ruZRCaV(ESy$)=W!=nzIlibH!9EkZ zy|Zp?!5k;8V_a^li^w9`E!;Rwb0a$n-^B_#$icMW!$6!WY?onT0POCg13b zOkcju544MkT{l^kQ2HX%7j@x_tkD;lzNiadWcnftU;foL`p*|Sefd}0NL~1%uF)5n zzNiadWcnftU$!PM_uOX~v27sxIANDHJ<@qeH`0c8@z&$z&fl@seIo1D6NjzmQZx90 zyQ5(4k6(aQDZ_EMFTw3`A8aH{TkE)m@Y2tF)bI0<-9b3vXRI%A=)OvNKiI~CEg)?j z12CcscBv!IEiA8{V7;CLMR~Vow!UEBBfaS5+I*a$`##KdE6aNt=DDc*2d@<3Tyz*9 zY@a}9y=?_s4%26k@r~``HLI}wIxD1Zz6Uavvi+99LU%hl>*$}yCW^0IlWkjIjqTD} z=sv=SUTa?3z$|Y~W>)_w!E^rQ#4fm5{|-AOks6D0ez(0EgWK2N-xd|jamw$oONd<$ z>v){tdHcG8c}&s25v)|`o`u==BZ*zCBiepA=~Cx8zq(-0lRotI&ij0=cQwH}<`z1? zKRJ%`s@wjY^!Mqfj`5ba4f$CF_apbkU>=XY#)EwPp6Rw|COl1e?WI~j44vl@gVA~3 z?lw|)A>nwK?Go%`r0>CYOrg63wj5n6EXunL*67PuVE-LoJP!VE`Z5H+8hzOZW*uXR zd39OeW#nT$hVkL*S9_%U^+NYiKL6R}wckmCMY~J{1dDd@xM_K|>0^X*=)0qdUFh41KI&3MK@WtoUt80fv9oO)^&Gn6Kr0p!2>+ASoK83s< zW5|c?zoT<~*Tce>Sl@+(?lb7t^kIghf_)Zd`;|UF33Gi17P@C)t}jD*-IrKj_nGiz zH9FVVeigpN`j+*+h;DS>rux0QuG`OG`r>wr@@^-6`@p99*sg9%?Av_sGP)IoFW-TE z2j>18zIct|inle@ugQ?Dl)BhPp|jtIFLT+J9zP}&b@;o?6T5b8(=WkZgiR`J)osW+ zlBo^-J+#+uUDww+%dKO2VLLms3B=(`cUEZNE=~3OC|r*oFxPi}E?*YwF@<#4HlgcZ zZK|v-Sg*|Dn5S(Y*gohM7rxk#+P+e-@vv6v9a@wpyBJ-`d~TjPe-{d0Wa>s2Y(mye zqJ2UqQ`cIs(=(evzX{zknC;>@h>Pp-6mRwo_oL8#58Z+2?9Wu4bZgORyNWy?cd=bh zK5QT6L)*C=U!t9(zw|+W2%-JJrb;#2$_^#;e`izuIZraLYfXUJPxa*}!aCOTR#?=l zPW~KhB|1J%`F~_x8%+Py9Yffehuy?B+K;^7bsssDI*46PAnZW+13#`UBi2@(=OevF z)yCLho*VUpIfey$2(~+{tV1?(3#`<+{!e6`+tl)84-oEXVH_e3W_cH%&{TiUqPj;2 z`aFq-3f*IwZ7SFgVER0ysKa{oCF*rw_d3^GKGc+sQDoB?eJ0H3Ryc;0tTi+1)z*Eq z`-j=S#KF98$@1nByN%REc?%kt<;lYKV$v7Sq+eMni?)tU_gq~&UWRU3*3IT~l1XM>mc*>X2DputDVA&s~qjStmO_Gy90P zGX0vpnI1sl!E6_8R~GEuum$K^k%q1%>*$tsc1~t-4}oLOyJ({eIJxuK=yD!`%d_cT zp=bkjN2BwZUD5w!Ua!!$4WCJNvGx2)U(}7^!|(3eGyS$*vRN&)-@9ddqx&SjUOKdA z`fZGCV%O8DzkFNwN{4_&o$T}Ia3|Fvy8>Ik501$7%C3PO%b))2r%}fjVHd&THx_kw zWHuTZw(@?$9)uO&V7w=`Jaw<2n{`Cb`hQT>Ip(NaUg-S)!Z+U4Gu@X) z)yeh<;{9MlsXxk7cjpN;oos(Jmh-h?J?r0@WR64jt7X|XnEkJ0zd|>VX_7pq@Ji)P zA#n(-Ew`1n&k}5dp}AdT-^*-n!A_>WKVdtP&%(dcVE0zp9tAreW_kVcHnO~nV6I1; zOUb5Y-2!wjMzdhwW%~}%VHTOct36ELh`wtZKg|b=Pws3N*~_qfX@j_49Bd~pe8e@f zf#^QVI{8f5<>;+Oc0a-A1jZPvt^bFxP2+b-ng4S*@FaeF%IzZC+CuOp_9NL~nEiP* zdfQ6o|L$Z%3w9*T{v7AA>W+umew&EH_QcF)7xg+`sf%l59%uF>yfC6?8dpiC-zNON z*!SyAl~!V!GO;1K?L8g^+bgr^la{v^VbejK+gG+vW(n`(UCu#fHEGOKIGfmefSUNsI@BGWb?wA7Ll@nGLg#vX z`)IDyWMBHD9ofwN2Y2_Ze{YnHg;f{!tbcEm?GN+$VVg)>udF5OIw+SWPb_rHbG_=0 z$~ya+{+8v9%)XoqKZS4r&sbSOY#lO>c@w_Vvwk0*>{7x3OL|t=z3RG8!Y)G>*ICuI z5w1kHy3k#h*;K}qsN=@W)@Fw5seK>(QP2831hPBu^(ELG(%Q;;^7c1a_$=$o+n^tF z%p(rnHl&Y+jmqn*u7BugywJThv&EU&u4iNO_g}H^lXj6^M%Zl~`wX#V$-M3}2DX71 zlf*o?xBxbW*hQUV(q8`w!_azVlQ1~r=Zt>^J3q77M(U=)the-~tT%iq>y0|5V>|B` zv|mw&|5H5()<(w-oyV{Xf7v-+S?|@bJz#clb?z_Td%pcPz3R`{l6jx`=YQE$sS=0I zu}NKf!F=woY#wpwwkPc~GZ#@#uwP)~c}_c3^GfF+agMYh_p9yU`?5}BKFu@Jv#pF< z>MQ%dqgVZzXEOKI4}G9l{Wk|0UyUkL(5=nB$PUT680%z5!uH@t`;EB`Wbc8!II&lH z)}=mg1Di=WZE3Ii@klnG@Q2f|WqmM7```)0$HO)i?ESErFt-QpB;A?B55b1ydM)qk zgk8T!+Y?8<9xLwKyH}cXRJJ4e9}wpLuvhY_WT$L_{daUfq&#gM6QjH>G55!phV`mn zV|)ww;|TudVE=a+K#2PUhm*EEb?+mn+wA9rQWx7--HC+Wd-bm0+Y{``>OV7oI~hg8 zM;(V_YaOeIUCKJ#ep}Kt`m%LHdDdZhVcSAl|6GZZ>0hw7qM1nW|3aR-sgqqu=->k9 z9Af(mLu2J}5|_}XOG$_BgQSmocdz>OHEk~-Sns;*pX|c~%i92RKPt-`lKu1AhU4iT zpQPU0*JN8|7U!oj&$-l1-KOS?%=>a>tsG$VPv&(;*`k8!pKQR8PTfZ`o0M6VykqgJ zhtuy#yU=QBK93$RcV17d!jg{mQ^%^LZ5j96wH7RXe_IY~%DP*K{r!zsoy{Zd?{6E3 zU5_g9e*eOk@r}AS@Wt&M{)I0cuts0j7c6|yKYbZNd?exC=Xhpt!Hy=q^Xt9qV`u2z zdvjOaQQ3AJvE$3Ogj)%}qr3^kQOA2oTgNP7`%9^tTIi0=y3!YqJ^HesLD%Su9F1Kc_nGLrEDT>89Kig20Ig`Z4*0ru=8L~vTmN=1v@|6#&wX% zly@gSdwpYQu0!?}nE!2=My#!DNoFH+y|NCN&qJO-9VFAe5N=DKhdeshtL_m#^tsLp zVfL4+2nP^81?wnu&VTK5?Pv3u3m?^=L%)V}`10+n>xVCDO5OOvzwcz-)Piw(RQdL! zv?+|{=wch!F+T=B6Gz|77jT)U#C%b2JD4B`=D%JY7`qp71Uvz@X1 z7B=?X38bx8#%*t@@5cTndl2@P8+dL!WrXfKS+}BK&%t{Cpt&-YICQH?f9X1G3&w3* zmG^z7=CeAANcUsv%fRf5>;Z!N(b|GNO!}qGee3u7se6QQ;@|q#?>Uw|L(q0EjTCjP zhFOQ_^1)upx&_(4=g99s_-60U?`qpq;09QEEnMABgcm+u`yY_y1-pQYQ`7k@nEUD@ z-{H5IT(7$K5d6+Gqp0_o%;sn2arSqFqYv&;|33Xr@^2+v4Vy}A9qN8h@Ls=}_!{ib zu)XN4OA6+9><52U`(4QXatguY+VimJrdx9#TGD%u zb4hpa=6kR7K03WO)!r-eyo_YHsdP*46|SV${`Y!Te468KR#{tGwpWzXeTwupJv(UC zw6uJ>NcSvk%W}5rV!Kr~tzg@kHg#HjvW57Xf<0EG?<&&Q7U{V~y3;MLxfcBHB3&lk zM*9#tpZxHD{Va&u^Bn$X&w{8~O6!ebg&!ScJ&JVr^r1EqJ5 zrd+FO^L%f3f~8&bnSZ1!GgS8 zN4&X5uUfQiE$Ul~Zn%!K!OcC$8C_L_Yp)xsL0c`CF7Isa(Y=-fs;uPbTA$5U=~j#Q z(}_9mBQ@&B7U*31ll0gU%eY#i7PZx)tHvjobNy;?hZ@Ye<{E6S!JO+>gH5$4ebr;c ztmV3$l*;UOQk!Q&gHB0NH@~sfT6|DSrMInpw|g{g!zy`j>UK?fW54V+)3>&MNf^2o z#NCsHZ`~GlUtQ_8*0*-vw)d@%Z#{j3VYY*BNBP#Bw>IBee5-WlyKl8tRP8raSbCnL zH5#1ndP2i|%#$1P(;M=$8uIfR@(UaCOB?bl$d9CM!&v6!9zfjL*LAqkk0UYf%yG{9 z0FQS3xo8OQ{0iiIho5#!?^Tp-Z>w3Q?;!n-O#J)sO26+{)B8xSKlW4kj(%4reswqb z)hT^dde0>^$t&G`w|$Nz{PSYdrlp=ZitNHW=AGEh6Q{Hs772?<%MSMr-#U$%o;0P! zqr@8|?AU3kCj$IadvS%I6Z`aWdtHcpXAWqGmGWr$A z9+I_BlDAd*7QgpxpWX+h_XBG0o`WB_J>9BuVA7CasaB@bcx%&pdwQ=nXR>iO?%guI zE^97T*_1wQOYhy&dyDUblBQ3s(DdAKH=n`z&wU=P-W%LMM>gbrzKdRl-sja;$;*6B zLL2$vqzyg~W^qIQ&7OA>e)(LHDrM-0&r$VxCFTwGT%UJQ*5h+p%Dm6JDDzXvw_?{q z@Hqgh8lJ21-}P%i!+0{ZAwRMqKZbml_G-vaCtt-UgX=Y~A-}XCznZ-L)-pS2muRoa z%)c+IZwKwjsZvA-^5|y`NAlb9&@V_ncxZ)8#ZirZ360&ttumy160Z#nLce}eA-k`^{UtL-Fm8fQHs|g(rA}TXz6CuQG4gig8eb2TawGQPo?~~ zC2`(cIG&|XA4%kqZf$&eRGkd1EKhuS;@%m;{Tz^?X$E=j!Aab^vKY&ga#bSZ5~)3> z((lb(mw(iZ0d??*91J8 zdTq6wuUd8sY&5P-BJH&U*&VRQ`C%@3mzlq(|3pR{x-r>yB<&FFOxSDa;+l%(&CI%) zZ1vDxo7w!#JT>?%Y#P2yBkdx45ACgg?nm0n=AgTCx6a?*WH-Z>!d8-Yv&i;@&Bk^q z>9GAAtT#L2>VkPM`W@)JR%i#;_F>XXVO*w3w)VmGgk|jbMu*Lm!y!-;OZ8ET6UncKq`*1?oUIIHF+l>Xg9(EDT`}adP59a!= z$!swBZxJq|p==s;vIhyb!-f~^d!*HkELaC==g7D1!*)4ob+Zfhc-GA?*psANX}>iE z`vqy|W{vgOi~N^p+^Y|%RH~$1P9^B;XJPhZmtePLrZ3vwmu+ol`(Nm^o!P*&m4)s7 z*e-^J&z5(4W-GFe)vWk`i&he`EoJ^^M;7f8>~l1pjE_^_yqs9w*f(JMqV3%nymfDm zS!`ciNcZepj`Og3t=j$LbV4hk@7BaHZHJTpBer8&I98Gl=6r=0z?Kwj2O4N0Y!RP@ zZWC$y_@+Yl7udT8<5y8f1zXwtg86%rY<_K?^`A9;(B0~=A9i# ztS{=GL)U&(=lCLf9%dWZeiYrM4WjMU{W9CmBOT@aD%-k!8{2Pj*1ethEP{26Cw3{@ zc>;OMQzv&l+K5@bF6$BfO5LXjK8wY1Eo`rbS;sh-+qbM^QlUFJ+fL1l?pgV16Z^u% z+I1AmlX2;|ayzW8(7g_`4u3xj|60-7Ut)V`s{^h_2O>Lo`FUC#dcer zb-QE#)_(Ly`cMmLZDj*s9xGxS$p*u&VPmxyx-qZ^ISJajdu{t3z-L#pp}j{b?mg9Z zEIMxwS(MjTb|UQilW7BNqu$9d$Ct&0?wj1)({obizOU^Au*1*poZCnC49xa(yHRA9 zZ4_g%x^?K@es1T!Ap0F`w{sZBF$`Ze=kgZ7qWxOYx;++VT?_fI5PrgsYXgY2m3@QY zyvz#=wv4p?_1l7f{qy>^pm~h&DCLbSn8yHZ9XHslUDhr7Ukm&NLZ6E{-e%iv$v>I< zRh6_$*>{JK*JpK)p|fALkY@F|^s8~?L+AXP>ZZa-cG1l&bU)`qeRd3MY`>*hM^{Pr zm>+gy?Vc90X`JvJ^dy-3FUiEdNy7cImAt-a`)ioCa|-rqwzci`PhHry=e#WHSVLO> zO5FzX)?wWj^Y(@NI{lNmZ61b&f3i`$&G}lVe=>gRO19yjYzA-IhJUiKZ6~cCvZy2c zD|O+Y>-Sm0U+(SPKV+XL_`BU`j9d@dEm^m?V7J2VKsPP-XLX*xbimdXOkZDsO~tt= zuRZHVV-yTG(r<|4GSlZ12?wpK9Rs3GkAl4<%XO%`D(m9-Ci@)WUUc!BpX@W44J_*L zT*~s673`YKVqPk3znIxjHn_e}ePtisuKQi*_LaSk_%_%C(%Q*9MmaxsE9tP^FWbiU zRp<8wZDaeEw(WfG_LW5)v3*NjY+w83g&26>))3OxD|2qqk06@Zz#jTTS7y6?`S*OU zD0DNkZ4>Jg<;k=y*>$k*VB1{iuFvI-E!f9!=ogzh&pY+6jkg_N?HvDPSMcV4?MIWw zJgvvs#4W7bY~t|c`fLkM{Z`x1Z7g&*@_}=sk1Twd1GB9rW=52LuN^axIkvN{>>~tO zGmUP&vX5rAvS19uN#_^r&|R8Yd(qdfgPlcrQyH8?=eeVGY>iLBE`WU;wmkbs5ozo? zb&uK{m1I-j_!+VDjNAXTRX3k74IR5-o!v>=xyJ_*<6_dijl`v^_-0(x@fALE?(u~M zyBp@*@%W3RK0obT$}?ZGS71>dQ-xG^pOh}A)Y%>sI+%59$1Zex zW!6!!e_*R_YEhoQugc~WY)6>uyR2Y4Wwxnc{I$K(1KVo%TD`8zCrMAckozify)x%W zkWDYx#hJAg>|>d=z@iO~C+&YKZBsr@JecE#i`rm*mlT(57KXNqzI=@j+(zR`2lJjA z|KDjJ*H+ze1n2GD42XI^0Mi$KKdsxY%(hiNqdB_Rw(yx{5!L@2I?)V^(e0Gu+}@Kg z)E7<>(|k$4!@nh@gN-BoI_>AVxBjWKfA-@(mj&4u+3f`9?4DMXcSmMTI1=UEnc3um zEy&E@WJBkEZh12^+lf54xODlCtL%8#Mfg0NwEh{~moI}&CAK_uKF*KyttmD&ardw-&nVz4ZLqvTW<^sTiNfgVLUCEb;!y(K0u*Q z-@x4W#d`St_ph99ywba~ytSE)Zti5ihP`bg=XC{p74|#I^M`@(WdL>b;!ldxw(4YW zhi%VBY1^ig?FM^b0=C=M81ANVYWn=z{F`Lc_T51IS=e#`i#ps$Y-wH(*{?E->#?$* zW;Twx^iSrtw!F;+dnB`V`cmjTA6Hk+>q}M4eZ#r;UES*aO7=2u+kB<-Srf8f^40=d zLE7?U>v_8b)=V7CG4nTfcb*HVdo43R3!QyJU3rfFr_AE}FJINu|A*de|4`@uk;?r; zb_A^4KV}UbLunVVs%YF5yKjEI?!oRJNxNg((KCOQGv(>uTH;{yNbBFoE%+DvuXQXzr+<|^?lKHkZX^5qzi@t<`@QUTn9nAela=It$*eP}s4ztg!G+1Kucb>uo^w%=N8ZD;G1-2-e3A#CD#-75q0 zwp91qtecm0Z-X5`@Ypz(SXr=kAofhw#p7kNTWZvSSIC!aRqw{oYQvgz$cDsP{Kl+iw8D^U1q+ z>XGKaK$>*t2FvSl0r?vVOGee^DkYizb9gfGR!k-^KKrN6c3alM9He>OWM9Z^eo@|S zursmsJ}UiFcRJx4u()m}TR^b9m={BKZ)WpY3Ad5k)N$yHGivikl1%I@;>EBD**|q& z*Rwp&`NB5pXwUwsyNA$?FFk&*&_CHE!b!04fUvy}mex1#AL^E5Hb48P&({+^@k!=6 zC3cbh8(}5v8Dh(meTHCpv2V%dW;U>BKi7Ac%a|LJ_0T_c69^ZpQpbWdXY6 zb7mgXK8KC{v@N%l>>(NZQ9ojE8Y7M-cHf##rNNGbxv$z*NRux1)iE$$iCs_ZzS;_K zeXZjz44nJfyXS&A*Q;!39-r-J`xBh|xs_O*>|lbrWd(CTlnu-4q0aLM*Ue*4*zN)I ze+nKmf}I5W)0dc&llp_T!Yr>j`)qk1%xpaHa? z7w8CL>yXVRIH&GnVi#?X;m!GnSCO{;Wbfjw$IG4HnY8^h!Fh2VBWS`d^WwI{tV3Ha z`6U0W*TrnqF(&6_QO7vaVawqz+0G-PX}Z`hBH!rWl0p}4Fu*ccjDm3*SFgjlRh;8^ zG@nPkb70PKZ2#BJ;5N6d77~Z<(|lkXDA2#YgaHKGegrIZwvpqm$L5l0D{E}O)mhg} zSwA6o?md)PTiJ^Q=aZd8j5M*QiC=q(>;J@|^Sh99ntEQOf7)J1aBkZ<#KFAIdJnb( z3*99!=PGqQTo?kSG*QPy3bFm>(g_;dZyrpY^}K}-Z|mJu@AtA@VZVa8okKSWHi(_ga;YZSE`W`v zmwBEOx*@QgvGqHcWf^v1!>e1E^RnGCTUP5HNmqrPO&tRY|NLI|`|X-4t=PC|+eY~M zHccsxdi@SIlsm2Msd_;kL}lNlZ1VJog`U6JVk9^Gjj20jrdByJlV4 zPd%6E!@P?vd=|E?uw(cE$bB%F*PHG~w-!b+mFGE>b4ogv1oK$pe2?p3Vf#VYN^FPY z3x|eeyH~ayQZRoj(ze{Uye4h;1#>)jmT>a^^ecSVR^~o^0W8k5WxpX@3F}~^g^u06@I%kBLX~g9 z))nk8*>-VZOI68sRH18P1+{%9v;EMVMtE@d&gbRGJU?(A$9Xh>^~zcZA2@(HB@5;; zV4Hop_D^}X)oz4evYtNMH0I~g_AY|ubrkj9lG!RcU)154WE}(Z@z*l#_qXzYx!9Jn z)r1AG(Zt%yyiVAghfXfbb;#ZWdkbu3q2n={iOnJoTaOFs+VVEi_QcGllL?)3G46)W zd30sX=-hu_8QqkA!zG)TWjgE#Y*%5Vf5_AS7&l$OzRG98{C&%LFg;h{m2~|4ljhYN)xeww zQx>-C(I12Dl)N6+;lBLy^K1VXHE(|&MCdu0eH9(uGJVJP*f<&6*?E2aE@c03KF?vq z)*@#8e-fT-X$@ZPZe?r$r9L#l+%`MnLnJp%Edsv=x8M%F9eD=6<5NyPC zwc`TWbga?88JEGX0Y+Bo3Ya$(9rApStjG z43*04r}}r>4Yj$3$tI?M>n^SNqJLih)4v^=yt0+Jw0$(&TCe5l-;dF?69>~j*^+|k zpKKLzlo$Su&;GeDarwA1W?|>tqOt|Bzhdb33vFdy3sTpwu>ERgOAF>Wpl(L7|9&mA zDh@|^4`()~Wwk9*Om8bOQd!5H$``Z3|@FL88R$FyXXPx_kno>8OeCVFZI`_M# z2Hm7W_iWZpBX--C<;^H`FJxVn*rn8!{&`OAdThzR=##F;8p6@&CJ={z_Mz#pR#>dZ zPf1(e6yiqz^f`1Jvu-@GOX**!+r(#$c>d zZ4kPBvaSQBZ*SzE$3)k6HJV2MJoZI-oc1K$Mp&bNo@a&5@38il@#tKvH~NcxD0Gvu zZc^5ix~YZk+^n;YhksGt%tFT@Ce>>jgnywc`@vh#9m!3K1JSvVO><7)a$e_L*RmPB zIoGE3y2#ox8%iAO;dhc9SJnE9{#m!*onK@Hm++ZmmE-->qXn{9Krh(o`LCKGr{Az_bF^B zZ2v9Su^^9$mgjdI>z$d$KiOUc>zzWzHjoX?Y;nO(fZ2XJ5xVzfHmP9m&um4(7T}k* z!*DiiH)S@bV4E}Bm>Jp1QMtUbuZ@BAUfuQk<*}Ky6UVl+t<-fC%oy41f)i2Rdtk1I>m#E%D}42+T(!0~o(3D7*+f1MHYBswg6#!+0NY6g8x9-w^Uh}* zScm;n-Q+@NUsE@_U?X5paPcDcw?TY%3C#JqTeD8~k<8o|^iOtKX6*(0H0+jNcHS$b zPG%d-Ar9Nvw?@%~!R*KC+H+si*6#+grrbANx4*)sG51UCzn)J&L2&MuA;i&se?xaY zx;B`0>Kxj&-5yMj_5QQ-#^*EpG!s-2}=|w=enMlXlME z@ti~jYr@v`D0N;J=*`U;vkKc?vo5|fS>AhLmN$=+ttf9M%z29Ad$PLE!G64N&q{Nj zPTftpys?=LL+A0$`GQ+WyLkTQSnYhlqlx)AG5cTIZUwXd$zuGoJdbbA7rZrf>7UFo z@i5rPf>pC_Qo;7fI@>#Jy`SH?xYxs693S=|ILCGeap-2Eb3W}R$_V!FFz4r93?rFr z9gDS{ROtLZrtR{A-JF?YN|bjC>{pamEqs0yHl4N_O1Un!pFY}tt~=&k+HZQnqWu&_ z9o}1JdHQVsE6a=Hhb*>-{;`WBU6f~kusqk*es8~;T(G}qHn(8*dv$9H)}6F$K0ZZx z_FdWLg7wO5A`XYnKC5n7!TMyjzF^~E&YeAiC~UpQ>n)5q>sc|}O8@uyGx5Q&X9}Iq zT(aLUCk|Wh9rRcmzi(}gK902`i+a_0j8_-7Z7}=un!IjAm9G+3Ry+3(b{!{tsQeBV zIBa09w^4_A7oEp~vb>Glgk^d9cOl_o!v3)3Z=iF0E_E@UB2V?K z`w+*E?6d50g7;~a_g!BFYx*$94=U9cb$1b*6KoTW672J^-O+h3c**`uBbUr}dE`K@ z)8u2B<=sa3BM0Hd#qn(#%)U`2wmjQrH^j091#`TRH503IogIH$Itgn zb1>U}vgL%KxAaW+DFk~Qb}r0u!?M&JO85$FRBkK#%NGfcO{vYjX1%i83HN`qHm7(n z_m8JxaleYXWrW|rVr-HhRbY ztc}mCcOgvMlgYn}b(+o8bLnEySUFXVxvJJnc$d z|6GUMa{$Y$600e7Lts(fp`^XvY#{x>{-^FTg7sE&-yll=EB~L)(>{+noRfWJuGjKz zCT)4s@!2|M{!Zt7^W*uqE*@nmvckxcw*O0b{E0l zLt|f+EhKoKjOW6br|)HPpD#m9-B#Vmp1tb7sfX>Bm~~iQ)Vl~<*_iC#w&Yjx`45;M zzKygx*;AR#$+of=GK+PS{SvmGKbXvA<-_)km~}Mj8rg3tZ!_f$VW+n|vS|(h|4TN6 zbg;3cW&IEYdmqgCBgYqP9Bk^&z3R`hvAk2Vu06Mb%Y8?B%;A{@rGL$^ z9xr$GPd2K-zb|3m=-;2&D3-UT@b9lM%iG+*EKe5xMR`s5Y`eUb@~82+_Z-h8?J|Hc z4g>E~m`*x$pFrn*`Ws=GCtcj9-(Kh(_j+7ad%j%QUI8oT*SFp+u{Lzuy`y*i-u+$C zokno3Yxh~pleH6^n}02xD%jl2T#sPxD}UvWdo8Sw{m*u|o8bO2iA?Ce4fA;n@w={d z+(x*SIyMo9j<4o5#vm@+hy3XTkG~^`U3MbG@i%-{*Gll%7-P0v^ z&O4R<($rbUm9UlrdR5}SC3UW+_0GT-*Q>0zJ^QyC-0gWjbB_-rb{R;p-WAmAF~vo8 z9>F=v=M%eq-B)iVINy9+->^KjmgjolVwdtZlMfcZNJA^j)vHgstmo|BGXQ+w`M^#<}YK zzTlkfD~PoXUE`eWAIrA3eT;w6rV|R=OGrQUXXgLU{#hPFPO5jz7TRxkZa<>R@w|EL z8A@7TWMg?dwjc9{7i=8NB4=cV#DJ zT}R$8W%~Nfo%+;&Ym*(8**wxw@4GXL?V(Qg!?*TH*Trl<*YRxxpH~v+H0qAxZ4`A3 zDSYwzq_*DAYX2*3mlV4H!)Kq{qfeUXDtwWx-2!ud^L~8h{;?=IZzO#jrmf7}CGR_G3grFs$d%DSj`3e584j^p;B z;iQAz0<&+dDcIGpPk*jYI{t>vd)d{^CJr`}^b_btuoA(phdD>Uq=Ma;ZPyj7Ewc%^ z{~bpC4-oXvebDk`%Loha=u=r+u!l(h7S>j<-;w@fd!KYXvj1uOS%TMS<6K4dYr=>- zDKGmX`;DPnpUPsG?Q{;|Ou~-c`_%WD$>dk_x&Aq>>YwZdnC)VJ3HA$^bFD9A9fNtV z(EI3r>tOmvw(>Q$jnAeVN`_=&_Y>Q%Ha6&5eq7T8e&I+*`M z)8};s+Z~o{vwzwS%4}%C4$CaY7j=hcHm0bTOV717$lFrgewhtq#q`Df&hzmz|Eu%b zjqFsyWv~^wUfBe~4_@q3zxEnz$3=X%r(WA{6k#{QlkC`@vql|f!9K+f(~bxi(tX75 zCcY824(9g#AmLEitz6H^KC7Kg7sx6r*n1JXEr(zex?^E( z%VUi%)}L*^c7o%E&#st5{kWLe0mMGL!t>%%=d&=>*?x}CXA^ub zLiE3#$uB0@@2NWZC;Jb=ZcF;q?`7Bas|0Q1yOp}H5%g~^ewOv>-$*KL^lxE*Jb?)3VAtV2($;(tk7f*|RcM9dXz;kyaPq)!vRabkYAT&vU4$ zZG9`NdUx9T`~Fj~mAS8}I~e9TIi}DZ#Y(z;ZKJ4nG|X)|4}GwUGxL7nVDBegS3q4nR5w0d!=usN~|te z^Kbu|9hezKCf#+!K6_?lgYD^Ar+=3B?*#8R8{MG0ChOe3>f8s_jmx@ih;L$@)U}Xy zDRouy`mFAY=xpaj1-l#Ob=y_Mq5C>%+kSa&7j5r?edr#J@rCZ5tQ%YC?uRYg)HnSX z+Vc8idpTiGjsX*iUG(n@thmR3cG8$6c0aMlfGNZ-q4OBfPCm+;N&0)QZdL!!nRQ%C zXnJL<`u9tjZF=}`x2pfYR%ZLD8$sbw9;=_muvK|I)Oo(v{k6XJ=Z?z!O?cc6TUD0j zzAN+h+PgWa9MRlao=jcIE`|Mue`L%nbnk_E?Rr$7PTQk1n_sZ-Z^ah;i|>P_e@nLD zU))y^KI>n}!oRrJKwbDZqVOgBo159e=#D1%%nZjF7ms&tL!aL7pA33*E6HW#tdy~B8kM3btTbQ4hPt>G&v8#E$-pCJc$hS1)$K^bS_B79NYeRl& zL%yvcKZpDPYz@xGypa3^(uQ9!kMU6AT?zNzd+$O2FTx(!{*MAxTX&=FKl$SN+sBJV zw;LBvw`+?#L0YOgChF{4cKx)t9coM6Anj*0)@k5xyS1gQ$^G1=CB3IN5BX_{?OtWR za?6hGJd3>R5ZiHHLw;dHerZE~1^IG2I?s5O@(j*bU18qs$nQ$NO1_oP3|C*&uVO!$ zPI@ZguY4YUZa`Q1RcYuy{TlLB^7;|$HL@W;t|31;=dHu}*X^I$N8WkLhmx1sKRd{` zkT#rE__?0>x6Ah2(2(EMkgqZ?yJe<8IU^h9ai83fpVyFILB1aw)$sh(ewEd3k0QU` zb}RDHo-OdG*LmzGkdO6qzVx;tpZ3Qh|NqB)>UBR^zgF639N|j(M|(rQ!upnIQE z8uHQKqCD5Lv|rnhZ(%!^pSL&UJ!gIgA(pn@{O`5W!TX%bTHY6@cRuwdlgjk;Uh&2h z7T;&o2&v&*Cr-S{_wH#wz7(>!!*X8h*ueXSjt%d3!+y zO*`#SS-NIZ?;R?O=gAkp;QNyATSDzV_)icwEOzl?u~!s}ow-=X6zP9XdekcxvkN<0 z$L|P5wxQ&Kg<&nJCnHK)v+(#?YrGVthT6R*+r2h)=FY=ebCs`DZ)>SVIakfOWbwAz z%I9IWSFM7pYK2`@8%j9=ap_?T*6znNVwYmcPmW3H+BN1gb2_57ceg~cGN(va4(#NW z;YE66YhB;=sZQQr+77QvDy-iYm$rvn>b#?{js40GJtwOY^XS}4l}4Rhu%lqkQ@Q}= zx}HuLOep7Nt&;aQUgs$tipZ8y*Gh1n*EsL1l0PArHwv9Tm*us!YJNwDajtes$aqY8FMW-SGKoV4?6PbIdUwY{9sN@C?3 zu&Be&tz$iLFuryrwz*)7GV^$$&g&+gq+hdN=k*yGe^2Fq@wK)>T6;DqPOT#@}rlF8P&GG|iIyh6v{KhxaEn_zT_r1M_NebI%_`mzT)=R6*geP%OM z`jT#bCxO_--==zzUUeY7%e6U$E^-e*iYOfjP&x--}!i>-`Ru`Fw%s8@t1tchdcB3~85g{}@Z&deu2^*hkOi zxKXgdurFh~5JocnmPWSnb>7;E!&aTP>Vh2xbKf7CeYTFnVKHB_{khzyCzZP9+V-s$ z<-H5G+c~xMh&sl?T(>rKta_Jqn_1YNi0((*)_#)++f!irvKC#88?B@rU)B+a?sRl% zZvBFtnOTfOuG{I9<=otEhp_!1%=xvSX<#Ru_s{G@TVU5Tu=6Re9X7gXt4m=I!yHSZ z-Z@#^|CR9*iPW-}pXlvJ5tdyzR`ck>>QWP3Myi-6QCJ z30s&o>UQG8W$;C$!&qDQ!8T^L6c)B$z}9viQk3^4m~)no zEZ8?;_w3L3M;W}5{zA%eoNNI^c@Lm-eHXy=cXvXp?|hhjqg>yGg)Y{23C#XnuCLb; zqK>ckul3U^8kce(97sNN&!QW8E@yMa`o02tv*Y0Il<||STY+t3e_mOX_g~qUS=r~( zmqmro?_+Gym$E;f1asdXU-*17?13q@Yd5hTr^4Jzo>ToFnrkqcF}gV-&8P3+xI@0eR4MWV2d-G zTd?~xTL6plj?Cpvz|eNK?L#-bU{S}Ef<+x|Fw3*g@Y8GMU=F_Q4s~`o>||KftL`}1 z;*ZphGhypEa0$9ig{{AvtLsl3I)CSW0yeN^i9Pb9Lj0)g3|X_Ub>q)}P6yYkV@toY)7|od(+% z-5k<1Lt5X1iT@p6rV)qF-UDSFNb7ZIdrY>~XWPJQiMCZ6armO{tgO>#b%zmbmswfI zkW@L3${g2P3g%qj3pqiH--6Y(!LEeOq+ETL`JDSBVDn(sEBid`0oYntQ`Y?o19j^P z_F88BiNkgtwky$%f$6j5_0Dy~wS3ucDfm1RZjZ3#??9ElZ1|3Xd4IBOLE+zyuv4$7 zo!?V*`oI6pl;?Sq`&N|q&a4}NFC@F@Y=F=mnd_KPu+cD|SJ0l>{@63+Rpk#?*7~Hj zvd_X?j|HTI-H=)ATk336bso1uw*YoI29wBJhqi07t^H4*Wnnv? zwCyYl+r^~A_Gh_{H8A@|se7i-?Ld0mqS`$bB$GckV|yWNn1DqeKL@)3rZ46VHxa%H zv)*7glm0PmDRKC+Bk5OR>xuPQZ42dX`!)JK>Cg=(y)P`z;q-YJ!8*pFS4WhNFPrbH zRH~$dozDmH>+F9l?OxtK@S=dH9%fdF=S@t2`tRvdF)I~e* zitg=%AHCGspM$M#VDewUCKJ1E=Botn&2+2_wioHaFL&+>>NrFv7Hu!%Yf!pha}#mc z+RnqUZSGd<8=O9*c@uiTY&dmpqk+6V^1IGC`!LuSkL;Y+ zR^7K@yTgVP^Gdpn#MaRUunu+KAiY%!bNCeO9@5&rLhL@ME^K4&KH0We*MhT-8>MbB z%sQIo3`qXxVMf7TC%qHQzDskZa00RagK%30JBjpI*aqS#uV*fAB=wU_+RKQweFo;D zeXzEo-agsZM$zX|XJOW1AO9}F|C76&T_~ddfATS;L-!zQ|L;DvV9PQaOW~n=9`>mV zy4CN+vX0f6ZN`_-{Tg<`2l+2L722L@btq?Bn8)zYvAa}GfGx{R?O6nU8A7a1c1~ut zb1;2%-DVS8K1I~mZ2{@feU!AiHtMHoy6ED(#5y>wsC@F0Zj~{GFP8JAmpNy{Fv`0N z=C~IBP1N@Lghrnq%dGVIDcFC<=clvo&3yhjx*?q0mp*$fNT2q*j&-4n^7`jKWO=Q;HO|p~4$L{)+xa}! z!{e%RwD%(p=CuOnXpgohoBs2^|6R3bS%l7eIKPT6{*S8eI^KQ;n}Nfjqd6xh0k}+lOgk1EQ{-eGW&^aEOC_ggUlAu ze!)D}shif+$$pyI%7W>`kDfzE!)v<@`A-r4H|HY1f%2RWdm-%;bvV|@hGn0v_m<3- z=4~#!HM1BuWY=akFRzE}ILiLtoS*z;%5(njR|=m`A+68g`g)vA`V~&pr?VdRXR_(L zrgN6hF4oQafwY~U`-?s=gX!}q(k`;01m}DoDPWO#Zswfta|A3h_d(};_m~lF`UA?- z=k>(FR*{~Ee?#%beT!`R--7$dOS<$Qy$Rh7Nb+4dBj%G*Tz5t#d%Wf|1T)akSAaf0RbClfwLd8_yg zce<3fo_wjZJay3q_6g6CrV+bT332{1jCAOZBdyN=5$ki65W2;rLpPeVI`=_#n=ZOV zu+Y7i&raN_d;Pw4+gYY|WRpV3VmdbX#JNzj`%IR@A_O5G5c{>jco=RD0b=>Tq@zJvh; z=g4k{h0gD;vH=K!olU{k(N9NM$~yWNK7SaUb%QAC32zGg9vkUgA%sl3W?#j%T7wqcHY{$@DliB8iU6@Ph4;+1P^Zm6?4!>fJlDnFZS?v-X1Ro7u90?Vs7|f*p|A z#?06(>6o|8qn-U(b`{}pSaaTPvQH75>v0t^n<<6;`M|kLpCPZ$>e>kE))Uh+yXZEM zS7We0-}!KD-rcah8n&RLHs6-}p!Mv5SlvWob#&`=4zJJArm`i3Nk6R3p&WG_t`@cu z5X^JJA7Z<)U`J#Y!le|y@Sx$V8?#5b8cUm=O`V2XMWj2HxA}ph3gCEd5bKr`)KR+ zSef7bTsPTvq&*iHPp1g>E|~NG#Cfbb=cQ4%q`6afVrH8d(6rqT-AY0#FZ&{UHnXkK zht4*AnECuB7Hm&!oZ~O94Qp$=?8~1yhte^^meZqDM;w3ExqY2qY#N;+bpMrgE3?n) zewi766|d_?P=|B2ML$*NaZ>*rBci;MV6L0z%)#u>vRMUtPi89%){>d$G+}#qX5$NX zaAxxgc4lT<=QePx_%Oja{v7{Y-cN8JbdJA;#MYtiLc%BBMY~W2MJC-o#OemZLiZ7v zEX$i;=sb6P6rFv@eQ+4z5Q6gq+Bc)TX|Ov_U@ol89CIEZ*jB9tdjj@%{y-Gh z{?&PI;rE&OID#~V_^#HT+d$o#tZTs$eO4Pf&k6NK-CBa>ZA7QfrOr7+Lbs03zKt*a zav!4GRBl8(>5`uH-+*LuVYAqvlSykUy9M@XbR7k|6}A`bm4bZ8^NB6bbK5@=x-Y2B^A*f-?JKYrVya0x$E2?_ z=uaRYI`>Pr(d>f#IkV*jv)`$6%nMt`x|675XkHI}=}TIjjUKuluouw{DVTlH`N|wW zTxJk1Cpd4I`=E=gjUaQMjq(O%+rl$SXHc<^Oc9v$@!gVnWR^lxtarQ%QgFXFV%R`Aq+0{8W+V zFl*i9R9^SH%+uFmi52X|wxF8UBnlh)%MB(xos`m~mGJI1L|ysGts&&Jty#ZqHSE0iE}u8Ih)|`e$&y}_OcIV7VSKU{0@A+6NB#gdqh)r z(Jg{mhh@6&zxRw@=^UM8VvcnWoyHt%0v2_$Ip}0z+eW(eYVIM($5nOL5GtSI_Z}KE zbZ#%}*i6H@4pE+UR5`~inRUp*_Gt7kz-Db*V+WG=TG|Jzz3bN)WqT5wA8Qn`wz9nl z&dW8vV8b(ub2xQ_2-{u4d|Sl&W}O~8o!6(Cc8u~4fH}X@GX;AmOk2-^ZRgT9&Vj3N z&-Ls>;h*fR%ogVIWM`9h|Fz91GM%4zF5~=XOUUa>m3R`m`_buh$+o$ywjQ>r{@hJC z4%SlC!R-STbu)?8l)5Qdw+sAYg6%w!*g9k%BRH>AjCC^mq-{TzICL{e+xBe*yDl^P zb?9cnY|}VrwLI6|@}?EK&%#dO=C?)J=eLpfJFIoY`N4MN9kU%bY-g7NgczHmKg(j= za9oIXj&Y--V1Dk{w1QZlt>X^raNO8H+IF_Q7&q3FE_II2>Vn;gt^FXzp%Hv$TRNxL zz^s!EC!{&O&}$ny+rHH8n{CGvvsb9m{`$ehSoOOJZ#>^*HG^gtVWRuSQ@*gmLu{?G5ap#AL^C6kPuWIW!89s+?6&AMR zv(EFT@Hup^6uL7=AM}Ifbnimgy1zM3OPou&-UHZ=Mo(mp7b;aJ>kYf%l0NlkXI%h0 z1lxyU9v66}XQImfAL`x*-m0q3`#-=%FN%3hO*G6SprWE(jf@iWXi$_`R8(YS2g5=m zhl&b|#-pK8F(Va|SY)?i8cHfGDk`d5!xU3w*ib{0)7*-RiYY28Dr$c3_d4r)?m9ay z=k+}E{GMmO?mBC&&;ES>tUr70wg0WVCu1RdB(iUReEWY-1omLCF|TN^Efd&yFxRtM zPB{Yee-`S?Qhc#&7ZbJ;9*u0PXP9?AJlAgCQ(#T7onTw=DfEdQ%$WVzcC;Oid3O6* zU|{pWl-*XyJ|Ee)UNa^=U(grp#d`ps1&g`7*fp6qz&`s%$y)`cFOLDAjqcxmaCEIs z+HF3;=j^T>WWNsH3&76bz?xLVfn7uTLgv)X0`r}Yx4w(Dhzc7o1G^U4Nx5FM`%?-X4{92Wm(@A3L&-#{@%W*fD>$%LLA%n-#&Q&4@LWemp8lzie_NjFs!{mj`&|0BxWN7jY$gky>?^QM)VcNSI34;v4EDWG zjOl!Hrj1X6Z5z=ZOM>??FxPe)SNQU&%+u%KZ3S~Jw$kU%gMIzuv^hQnPt3j{R_zBMWIWarC|NcT?zyDDQ8IgNkHF3i~U?6cT>Z1kgV zEp}<@v=*Yrk@q`ed``0PT#wEU9{w#P{ZwQFI|}*zgt9-2dCx;E<_BUU@WFN)$i9dj zBsi|cxFL3U=0&}TdEa8*&yT3B%sx|{X-)qd!L}6GI&jOeyTIO_F^^Ttv5ou;!T?XJ zrW3nuBK(auUU@{?7rZBepK$n*oofhXXA>?48(-*q8rY3saSY0PI$<+djDKQ|?T5hX z6d-Io8|=*9BRj{Xyyp^L4z{bO%{zho82t19!AJiS^IO#mD92i2^@&X(eRhBQzEogW zgH3R~qkMeGa~v1jR$xoO9u79xJFJga=4y`z+dOs{yA90si6+xHVZ-MOo-3C2wdb7Y zV556u2b;g#MNhxu_#K;OMq?AQINhOHo_=4Ge&;59Zm<0GdjwU|8tK<={?_{Z?Hj@G zjKm4e&}%(2+P}#bt;LppZ%WDdQMPBm-?rap#tvgUTH4y;?KA}i=eNC)#wWHLPi&29 z)^0pG{hs3Qh=)abQSJ7G+~{lr^9ZoF8|jTaC4 z``OR&dwW7|f8GG;w%`54v7LguJ?U+*!_qIgb^-W3JRy(gcmL5(&cDxlFzMDQ{x-y~ zZ2Eg$N?*4mF_)*`>Ha=G{a%`mfJXawx<>=I84EelJ#aPdDrPF_xGZw%-1XV2f8j# z*lShfU6-fSzp0WBziZ&ub=3ELtrt}8@2~J1mAvZ*mHcKUzoe26zx8z->+9%uoph9I z3;9{(rx6~-esy~uD7MCM`qKMMHiywgMUsw}w`P$HjAkUc`puI(qt}O%9$Xn6mP&51 z{1`-gJe9Bk*CL+yA@JE}Eu9R0-gg=~{fySTm*d4uahrS+C_ezpC-*l&I> zdD}STU7x5g4-L8_uDf=T!2oyk1d*{V!$z5cxhDz~K5$X&tO0AAa{%{1{is zPp;%$XDZ62-?PYt+AmR0f|4-NJiTpw$Id^6`QSNOg9 zx7~gWRPviD`9bofpSvsh{p9P|G3aMM^%s7+Zq>XZuiv$bpN)#2_vd$=@|N}2pYze~ zjY{77k{|n|T8 z$zNT`Yq#9Lsgl=^a{taseyEb)U&(vl@HvF8jpH^puW4d)ejeNFi*&t6k7y5Ti8iW8 zzqUvpTcnRE(xZ#?%|-f>A|3XPy$86U1WY>_ifzO(4~`@|j`5lxZzGPe5hF9g7L3f8 zQs$@!cUrbK;%~~#=+aJ?(IdMRcy-?1P*7wZi2uG77u$%5rOUn>7u$$Yr7y>ndrmyA z@c+c)i_Dl(rpy21yA>2JpLl$cX$Z>zh>p6cu@&2Pn93Syx+WBK#{0H3r;JvTT z)=H_K+5qw1743)W&Y(ACd`pgVexyA1pTE8xKO)Bu&T-Pi{>Ho8`x^u8xHsZ=<^12b z;~M!(dHfb~wN@MN8OZww(ooaW%K6iPClii&`Hy#f{XTyFPV9gEN8_#g`bp~DkvteS zbYH&QCx+y)gv(XY+3Lfoo=7&+b1!rCfYQvQo$2pj!+ZVay1h+^L=n^ed27~o-_TCh zivuF|PKpHMOz;+rh}2Lg)xJmI@p*{w4o)nyv!qyhzli%(Q%QR-L2T3r-i3fSr@&mR zOKb+?okN~H-(_=c1+P0p_Kz8}I|k-GrH9d>_ZOJs_1DlhjTjY4-_MC%HzMw*XyZus z?}xXQIP_gXdiII!^LAi9pA##~u@Gz-*edi`<*Q5&G#H?>O`vaSm_0_X4%6gC7wT((&o&ok=><$(@*8tHMFAGB7 z$rR|5%+e?~cvhi7LYysPteU^73JJsj2<*<8n#V9d_MPcGw%%cP0jTZeMro; z-K_hKSyt=V}_7I1@SCW?JIAb}K4W5+}nB$MKW5GgSU`um( zmG$}8x%jf0w42!52>LdK;3jqlVFlanX@KN4C%QG=F+O>m2ZfVEQr+Y$63;JrfSL1N#+< z^-r0={tN7h2rMcv|391SA#Sc<_VF!Xs7y9Kjy;dJ!Gd=RvhoHBUnYQki4M69%uWCN zhUc5dQwN2Ahww#NpT&iLCmc>$!K}-`P6Cr>`vrC~*dXJ}TrkaCL6}Hz-P5vc=fXR; zG2E~8<(}-b{mQ-}_BAlewwH9+=ttJI;^tG=B$JIMv1=MOa~mmp9y?vrFve`LkAPX; zQlHN?!)L_1e4a->?0zE4mgV>)n7-IX`fPcd1btag9I_wIHgAAvm+>+_6n zJ(=?yX*aRE2+EBk1kdBmHktxf?N`w!m3@2WEhgPVusx#xttK7%-T}{g9srB>Xp%15 zO?|!(DQ^?$YJ0?S`B3(~iLj7H37^G0FWdw+i5N9$y`qaq+yOS3yuQf0lc4O<0^3Mh z+2zERLte3@Y=P&yU-nU5ahv#^yK29%bEv%o+t##gi5_8-W z+nHs>z6kc-vF-PUY>x?qA8_(_y}?-p?@O77cq&K9Yl5*m+4Z@}&4k4T<~w_jq=Rk) zbJK3{?oCJ=3tr3_y!N}6;F@>Q9%8S~*cxKXEB1YY^Px33646TBcp$d3hY3}c7tg{-g+88`aRjM{@hPKcw69E zj`g`5%6=ZqzPld`m0e@gfr9tX@LtHnw|?x0zM*V)4Oko>6Vc%~zP8|fC-XLd#qklm zjRo%;jKlVgJ%!KT%$Q?c*!{PR#TYRG{=b7+2exmNBW!pL5whQg_p-CvYt%VjDSPkn z%qPKS!?PS>pQ4{SZ*t5F+5bQ`jR#;+jwakR9%P=+C;dM+w)qUw%8L0tjOWHh1?GEP zo_n?x*u|N5pul{`S>7Dt(Dy>p+E`v-z60iZu)7M(YawN)=6cqb8JV}fzTAI}*$~T~%Pt!)^1`1$GqJUmADy zr8o1eziNAI&-$R$yms;Z=;;M^CD>o>Z=a9!S>6J$JAU4N4iMP$!G43R{VK5Qz&;Ld zQO_`Tb>?{-*{{^c=fbrI{U~z+JgA>?O z!M;e@JokjY?~&G*s6X|+7@jufLL%8^V;NZJ^Lr2VZ7i^>GIjt=U54)wwBdO!WbIdC z3&HG@B`>ZAE#Ifm<2&|H(`Ixz!FTNAxRm!9cKAO1eDt}=V``AzyWdHyU3ptG&$+1m zN1o@^cxOL&pJRvLkaSyfkinyena*rq_w*oU#jJ375@DS-VZ5<=kAal!T#4EyBEy!ITY^0wd-JC!5ah5 zI#`MUWo@V9z?L(KZjyErdlJDl+m;Zk3l*Jp=2nmn*@tA=-H_yzvU|ZSM=5&{Zx}KCbM^8QX$T@Fr$#N#XNp8H;jg!*z*1#*0kTNGp4PnB&?RmM!}tZ-5`myE&Ib z?70Ma+X~)?*m2zg>W^4|*_FomSA(qv3%jmiyOft+4-nfPM77HZ>f2uMzDN4g)WHFi zDeK&DCgJc!^aJ9+lzqfZ>}Fr&JtOntTq|~6<~f#x>_@@$Wd-#Y?Ge7jIuFWj$-K4r z;;~!$yrb~%)0sC3lE+8Mn+>MjBf!1R@jdyu#DQ6-zE8i2*t%2JdkW>Z5z1agXfT=G zk;^M~B|&}jz?3t*mI5g|Snw8t`~8IndDsIYrvG9jdEp~qSXFK@H{x4 z*iF0fJ%aV-CKl(xwWKkfus9D67MS}z4{j$88<#+JYLC8>%xtr0>bBSWS;dRb}IQ32yg%8@cNWu25t1>U+_)``%fM=)eG#A z@=hC7n?b>XHx10SlBQ<=)O7*je0a?Qdt&DG7QT4ilDDwHW`WI~JgT-mmrZ@M39fk; z@4!BV{Mnf|k62&C&L^CH_NdPNPO+&O^Ee8gK3m=xpXG5|DcOi)P)z@R{f<$c|AQgc zBxqwpE}Pg@85@^<7JDH<8~p|EC158!nPVZBcMkcp2$na>A$A_2EQgr)zr>;(Vviz} z-}a)?={>Wk|mG0y>FQ*u3vy_lfB_jl@Ap8@Xl6eE!uGr+vo0jWO zY(mCjToXGlV+RYK>snaeIfc*Dz-)7#>?i+hTgTh7J;WYCDBDBKV_GcQL(F?lWqXKu zOwC zMuDA~G3z^c=YXYtP+%T2>YJX&F!fp2V)31U*s}@R=*#|z+3&@oUx`^SV$*Zoi#&k#*igGKC9>m0b=HHfE4^jk;~boT}5DbsVwl z$9Y~2p7+S)InUTIlNa9b{%W1KhK+ieG|;~D1H7e znC-Tw;0`;QpfZK{hC9yZAv=)^Y-Mc^G0zp3 zf!T)w^E~YuS36M_nCFW3eTVs8fjQP~Q#O}F?kd7HIO$wd|HS?#V|J*({u<2tQgaII z6&c%9VA_=z^F;N%nQ+B5J)QeGe-2w(;k_lx_7y&ht%4WWgUR1Yn98;8EMk4WKTKJ9 zn+o22VQbiLImYL*sqd`>*DIS3W*Km)v)0+%`{5m4;jJoox3NzfTQf#fyM!Oxasz40 zA;vAUgoV#yjzjW1HwVx4KE$RL*zAlo3e0=(^4u4)Ec=zPc?IS;DUTv|c&au0JnsucAIHtwbC6v*inXuFcwA}QH8mIgg7aQc4$m_${%KFGLF}gNRRq8N zn@t=xE+#FnNvy7tw}^c38l>edC&q;?-U{-;yCm}li5;&>eY?m9ZwBd`(YG3c<&Za@ zV0)}3BTqlAH`nf4M(j3^;Cajbyp&kEu>`-ZbL~F;3)#<;em(!}sl`6)*z?V9!uU_N z@0SE`8`vH29CvLGd3!Q%8(8qZ0QM1hE5JNHPb^_RSr;YA< z)^=jnXXgtWCuMz;3hZHESMVTh2AKWI>p748^lfax^Z3=qc;e7ECu3U?6gvmm2P1ps zIqmhk0y_uHx@u;9^0<{<`vw#0^#$hqO5TP7b6j)%y_jb!>p4g4I676>a7_ngW4$+d z+$OEv_5#*_Ed1k^Xu_J*J!Vqy|6qKQezlhdQ{NQu8R-7EsjL@8+U*g9xr8G=)RT@M z)Ff;Y3CC>5qrlF{Sd7K$n~A>1JaTkr{vyV*c*%y(97uNAu&!(m?S_qw1r|1@)0e{M zCubWmPkcDCzsHxmX^&~d^2E+V&+&&?hxVwp&lACZL%0BJZf;+BT*{<%7!T(96T3EJ zi;o!A_xg;j&-EwoRxpp%vG^2rUCYk8T6g3y<{IewH@anG&F>#guO9Fjiq-$3qN z%D3L6wIOy8%ry;H7T9mWT$gZPfmtBeG_?LGN|KE=4VM&{+6sB_l28T+l{mv+4g;1u^H$Lm@ffShU3+!4oy0#n4GLTJk{$u}UbZsc} z#J+;*KS`K}Tx#J$N@I`%9S&uWXP4{QssmR_!NY6ir-Hs>3vx&(GX=5?p zT?S^o%e#%>e0P92FwZZ}cQ+90i#A?IuwHgoFv}rkIn)>Bh;u;5rnLYI**B2390R!= zN0Hx7+O@y7=m;A}Kxd6G$1r`7_XT*rWPP?C2vUzDTu!(Q%r+0qaeD>WX6lT;#B&UD zZMS&mB=o)Gqiua*<15&B*k_Q%MqoR^K6obn71*c2_Fd0&rr?0(*ug%xvK)h8 z!E^mW%faP%$LA==QubBLaS&d$9P7bKeU?LgfqDM590w2#%=T5)23 zpLucYi+wC(vxq}hZ2KwQYnb`$No+^K`w(gES}!5HDf43d(}u^HvN5)cy)R=P6Uz3J z|3}hCf3&x@n7NOen7l8tK=#Ih=kXzL8?o(C@^%%xA7q|=&H5~PE5X9?a^0-_F6g55j{L({M z?})V9nS_%FuFW`?Sbg$#668%KV>wEm`-0~f4TLZQ|A#Kcg#Mi(igsk(DpFL@Koiz11FHv80 zUZTG0yhMG~d5QX}^ODt19`h&jlI>ta7}S>;*!5eAPb_8KI?{o$WNcc?E{;oizL&8N z9^ELlhuDv@>=5aYmG|}MjOl#8Aa4{{A8X?sEO@^`*1qAmAF>z0d%=}s(sNzMtC*~N>~Gf-Zn@})TAets8%S>g z+lxN_60b=t&oM7}+P)XeeSy85^l!o9*wV(jjK#Pnb_YRO+a+Xg&Ag}sd4HF&R>6B~ zmR(U`t_Su|^wrrH`c4AVXUDw2rhw_+0C8YGCl)(YVD`HwU3^3>=2H4{5t#LIfcmqZ z#hL_d3>J0jv%8lgyOs8nV|W?iPB5=EY!9((2+GF2r4z|-LyzmnjU%mpV&4LD{kUfK zPwd|_Z)<^l59~|-F{X1)mglplKMW18A8*_QQ-#;lK*)>lt&- z71$Ru=69WeJ(cuKd|6zSFgapz z3=ZI*Tky0iPw|ThVYd$;Y}gO9;r&cZcVs=z$ALLsl{VHOTk^Ca&wf?fi1X!<;3wdy z{i>g|cEuhFW}6=@uv5TXZ_vJGQS|$51lJo}QeYnEK67Xln8&%;O0cj|C;j)xZZELO z%KYMp&U0sdITK9(8o7PN&IZ%Jtr_#0&7z6ea&x!9lzyJUTK99YPDe<^d(FEMz^l$HH-2TUp0uLnXhZ zlHXp*yKY$@dJL{hv$v8zSjoGNS;-$)$xkNlaWRhIxZ@7K zoum!_MLx>0_IKUo*g)R8@R)L)xIyy$qz(G9zml(059R)yCBMIt zcU`U3$Qo|O&%d;eR+OWU^7SEOuwT?G`Tk12QOVoxrF^rJUsB1p$d~o>m)5h}Uf~as zuj8vaTwg58v55M!?xX&fRPvk1mwpbCFa6kE$=grM{jN8rUBg2Nt}oV4Y_NUjRq`t< z?ejp}V`ZgZ+0RNpHdXr3P$l1o-=$wW$v5$_LHIw}ul`T0yH&QQ{myzyf%aHdQ%egbNXmu=esc;?(0J$=PqB^^>;||AR|Hb*&FoS#4@cI8YnW zy;zj(a#d$%cv&AtMqXkQ=56GtdL)@boLcTVt<0P^IdzJ}9eLhaMdp}N!H6<*&ajWQ zk*AfJE<5K2|+gpd0dVL%7_-St^Mxw^un!LFZP8Hm1Nw z96ijb7ffYi(^PCxKj!T&H^z>x*sF$eTU7;CJb5+l729Tj(`L1XkzdRz0j9l6{sb5% zw^Pk3@R#$ycw)th?c}|qa%&ZtGCf$}WwMp7aN5X_g9B=cv0s z{H8*-OrAhyRtYrYXdTK&d~HvWXb&7OXkUNu)>2Qp5aH4^5D0Bf`?u7**rnp!xQ@*U z?suk^=A)c8(oQr+)Ls$D3nS6q#j&3fjsYnFHzkZyqJ4_7T#qAkZLPCXw&Pl-)}p($ zf<73Dfk<>JzcV7Oh+Un!{S!4X+BO@(tw$ooEk>En5fl}ls{%skt92Yr^XCO!I^=b9 zkpBOF4au$rB`eEQPU-mGy}G0&cz$PJP7D_tfM0#HgIiWd(3L+Oik!X~XW~X2q~`ZJ_<@wYS?W=EpX$!Rxj;mHbNb)`7w6qqUX% z2J)UWL*DC(I(ad#Plm|%lQwvr&{w%mD6e1Lzoc^Au#m4QxgSAuI!;_Q~hG$JC8)B^<2|0N} zk>q`aKp#1r9R1)9`iuf?jLh6x*XFFjdwLIi8`(u|b>*-(d|AOWtuohj$-%wK;sS)H zOI^(J+M?EV*-`7d?x=NLcu?$83(s=#ZE?lFKc5}xEyT{&>dFBh^YYHV8C|)VwN1so ztGjYDyP1O{3+5$VxdmOhOS^h0Gx^iflaBZh0 z>61lnX017Kc;D4sIr?PDY>h5*mvrS8bmi!i1+&qWYu{^jDDxZ3CKvK^NqhfUYyp_- z1+65l!(Q7=B)CS@D&pWV4@~Q+&MvT5fw?A8KZ3#Y@@*6YdcDAwgSlSN5-?BY+GrAv z7~B57C}e$h;+m~97|H^>Cd>Mq$!pG1wv~COgZnPA*XV<1!J9(fvRUpOV87?V?KIM1_w(r6g6y0E z`!d+YIKHO9?gqOQeQOKs9x&Il++D$3L-JlQ4+HJSdX{B5_8@yRc74VizMMv-9eCJq zyIHnF1oc@Cx4<5BN*fE=(~-4a>TpJ7Uet@_?IGw()QfG73tjaxi+rii@>7 zZ`tNz`nMXM(}l9UYqRVb#BZY!?wUI6v)FsUVx3uSh~1Mh>+ipdxdxs3cIG-&-vh;d zi|j+r5L;V=(%fJlAp6 zhV^H=mB)1SKY2G~eb$TZRvyzsWg7smmaVkm8fDhiHh9&t z#dA*eJu~ZDM_X0PHUJiOUF%AHKIe>fn~1#Q_+Y`Ci4uAG?^f2S$6M%o0=(1@z!2|h zqi9S0n+wl#iqB(1c0QQr1>ZLd%>S>aUEjUr@aeLRQu)0dv2Y)y37 zzP-6@XOsT`dR#k|LoV4Zv1lVP*Q;`^)Agh+o7j9X*G^qZTA#&!1on(4P`1K`$C$4z8COfcnhCAJWh&zlCYa#JGhB` zhG3suL>#hyuWQ{~Ho8ey-7hP6K8u#O5v!l;nnJ$kl;QRDlpPCp3U-gf_t1AdnCo&*E3gy59tCesft>vJ95 zZl%xT$p`Nic&>Z75X`daORRfoTaL{*$sgAL=h;e**R{fGGvG59||Q^9t;bnYXII{tL{yS_>BK7VW#P z;5i|%t~P=>mXvk1iM(YKi@MrII?Coh=CH1O;!!PIUoP8Y;eUe)-|+gj4YFx%hF^ni z2V0-@$@@1jeI6ujyOr%5cIEMze$wX{VcEn&pJR#siG4rY;0A05yBAEKSAkXAZFRx( zooRVPVAZni$vh~vf1s1hqO(N*6T35G$C1$&F{>65KYlmS zAhu8HV|-sR4=nV_Q=h!RUP3ypnOU^kt1`AT*RwV}SNPq|V8IhpUx_)_Q{QHU!iMt# zd2xP2ZTi+bt>wr*d19|8J@^FP1tT5U--4YmgLNUmEF0O*T9~^F>}jND!<$s-yOp#y zTEy0gvacrio!4eFY$Y}y1Li&EUP}0PeA%7LtAB50r~3S++CEvzI;YlWF~=#tOR(MC ztiSj!VNyccSbUeT6wI>8yNzJ~Q%7L-#dE+m6NiltkoLQTJ;atx+3I%*`XbNo66A&K z2T9vs9RKW-+KK*B2MgX^;P)^oUy(8G{1ijl9Y@-&v>W4#yq~e-OzL0?Y4wS*)JXcK z#_|UC%dBqz%sMXhZK&`phrE#eU6!4Lf3{gE+bn!O#17ZSjWJeV{tL{taeXEp<@LJL zcR4LvV5Y_5e1zKceyx~|9lVn=Z()HwJ7Y1oRrXBmDLWfgChy0Y z_vhNJ4(}L(Ycwt-wj6=E&fT&CW9psOORIAb1aBhPPvF_-sMd5GFwIM2HmBA!PCkiz zjM$LDtRm6g^hFA=em+{ty?GW*dP{jGck`F*NgOVlCmDpClOrZZ3S^)`mF5M z0=qP0+jAdM_Hu%2vdzu?K7Hp9^N$mi4wVs;5TxN$a3F&d3w{ESPJ1%`UKi&RCqgE%%g~D zob=p1iL@JHojJo~(%O~h`1jbK4qv~C*%v*BE-!f7!90iVDX=eqy+T>y&^Ji>4Pa{u z%<<3jc^^&$&vDds#(al9u#aYJ934C`zaw=n>bDtUWNS~N{hu?jr&cHJCN>gmDVS~P z7TCME`BJv8vOmqTq3?1qdFzn-bJ!esV@~er+#lD*m0(|Hk(%*jLRM__q(8;>-v@8Y zDZ@PboPGSJ>Z&!gmJM*S8aD~1rGOs^l)|GSgi8u75=QCte8#$JY zUDA{0Aad-djzbrMIWDMAe07#xMcVOCEM(V`_IN902gsMQPr&XFnB%0fJPN4&8XLO` zY-+|16xbs(RvxQ2qriC`)0Jd{CP?=NK7CV9=lMcl->F~=;9l_Bp3XgedH01~1+I;H z?g#R&C8)0_A0J{%2g$Hv zP0YGq{_^3qh8(kOw>!b+5r?eprtAP1E+%~;yNSH*R?5aWsSRc4A=^W2-e9}E;1xY- zo*0C06a>nm(LKV$s`wlHIJ3he5P zEh(@UWNdYTEdsj||8^GGd@#!~HMcoYx=;6}?{R+1JTd3mJHQqbTMn`5gfR?O_ZFD< zP%j1RN7m!bHn;D*49s~`4{7Hw`tlDf@;JA^uE`k9-r-%Fv1JAJqKrkG>&r~S>U(?A zxA4xnJf`b}FM%zD5Osegm}^+M&rKg)BgM6|R+0{${<(J6EbOXZo^x|~9_PV(1GxHD zu+OrU`gVZ@Zy@vLL$Xdvp7%q7_b&En*SVDSRN8HT1@BJwUC(v*{=&uq{QAz1n5(ca zc>eDd+jn7sxt^BT<^mgoo)@jBE!h{c&IMg_fWx(ed9FK}#r@(wHM?qDRwdqyq8#^y zIo7CeUBR0GrZ4M958F5)V?!A`2OG}Y<*m*>i+vT$_K4$1%xC%XR%V~Y{NDN3=dxB9 znDr@ULf-CzH<)E({FCQ5+DATobo$>lwwu^yFzu?tx)R%)W%uSb67ySbZA_sYVfXNC z*LN|LJr~|v258iv({z~pJS^0b?L zF7$~d|1xIX*yfkKg>@y_r#`V~5*C3)-HTmFcq7={TwbvTVKdmmTvuY3XRN=l@f0v^ ztShjmXUu2ZVfWIEMcLGMQO5QaJg+6yHy=XCdi^H0KV#0N>>IazfB1f}n2jgaBB^X( z*KtEejN+yLS>Q8Q+jnoldnmFimyAej{)DX9gcniwxenCl@p~Tn#^>?|c4Gy51iWW` zV03L)!SfwHc|Ezj%8I?Yz{sZc;a>K~(Vb@)VqfORdnnV1&G!=Gxyw`leHNGJJqme& z?I7)%V&(im%x6VnxRdn7v!eCv3oM=$S$X=a-P;I0EAsdV%yG(RMV|Y@uJc{K#OPW( z`jzl}1~i4(?IDD?pE!eb$iA9%@{bsmU26g^DzNZx5R9tsS`+YKfrWooQrPeuV4cne zvmD10qE6>kc-}LT7qU0NwN3{L>~F!!b-~mZbvl`}n^^d~jC7PO>U5yM!siWOVfR+j z_`Z*EJk{Z1uZb;)6!^M}}kjLjidR%~L% zRu|Z$jD-z(r)8|3>rd?Tj4dj#GcvZRz^qGsIapw4W~@>8d{)Nd`G+<<=P4WKb5x{v zQGa^jVd=gV*;HQ-XUC}Tc3=0rm3?3N&hXq!S=&f#4RO?;^OxOVn+ohTq|chpI*SMe z@3k4bx4^9XQ(1g#eJ%&PYHuXWee7Yip#rmhe~7+Wd2Et*Cn2rfmU$jqSF^)=n=44W zjU&YWOISu)U*uWm_JaeY5l=kV5A)rC0rJ7S2HvQfm=_ZV=K0e9ku@7e6Hqs$0<~o&PxY)H$ z<-G;(E_fdMb>fiyFzG9>;h5-HV(|XU?O+QF-sa3(MeLlb?4L8{c|Ght z6HI+^4prZCGH-stdv3<+#L7CqZxOUHx4>>B?XfjTjCj|vwUm6w%Cmh3D_F?(fP4JL zaT&g7_hy3Q{rKY8igVdi!!ed&a+87<_wWmR_uz5S*L+r z1?D*9d^WHbf!)E2kUNPvyi$AcFLcticyB)5)aTeBZy8v$Tkz%=yccKQ4lw(f?HjyJ z1@C$A^yN4zFMOGwv27VU4%ye?Yya^n2IA=@Qe`**@i zPG_A(VmGm06aMbBF||6eo7is%Lty>H+7SB=!8JHH5#x3`e_Gep={Dlv{Re4zF?T$h zeDE453f}iKZwSn?mAnH5?|YfIggUiPmb?|Yo}s7fw{JXkOnRp%Y~0`V+aD`DubEDN z8nU_m)aP}XSiQi!etQa7_4-Y_CC_%d9$sAIgg)(-Jnbf*3mam|zl_m*>H2NdGsgVM z_1i?SHSjI3ybB2zgH^BJ7JyZ+-^8ldZ`!C{za_i5uW92_f>@MI?4pcSuixZVuiwPt z`fU+%zsLWNet1mhcoTaN?fSE~jY>@DN2t9PnFz@LZo5UnOWG~Cu!V}vV z#j5e|KWo36azxkh;s0YEI{S#uI>+*SPO%wY%wxr-W!a5+j1YTtmR(cymkYs8I)`=X z3T#T2_1a4RlszZQ_S0a2Sy##q6xb88?6v}XO2*dU%R|w1G2u_PW*}N)YqjHgj?EvL z@U%CbGfeeS*C}pC{8A9Nm9>i#f91gx)5K}(&AU5!d`sIuA8hM?eLEhR<4o_&dn2E{ ztX-1DBky_jaT#kzjmVkM+mQ`^lG`Lg&P0pjB#lxj(Zg_MqUE^N-u1+GVq``TiCy)S z(7BYTM}oMSYhi{wc&2D(EnXByZHrOdc`U)oR z_|h=i80PYTDk^*!OfUK5?30MEZd0CIBqw#y>*}4P&n7b0>dZ+}8%(y&*MpQKHrbAH z-RDeeWJj#y8HZ|ZL69RJkvp3C5vN)Wc^lES)>L<e_dBckcAs?~g_#ZGDHI(Um*B)H$k>o08WfLb7kv8D(z7#8U3H zU2>1>%Gq*%shp$g$+z}T-=8bz=&q6-)t&1q=TTkdJgUp5(Un|TveAF0oHuvL&Fso? zdP-Z1_4FLy46X;_dVFPmHF@jA;CdhfK>qDZ1Qx|2pS-y(Dm>_-mMaaQ(6%lk1(ca#P%`856Q* z%JT3z#E*`|sKYYH|5?!9A~9IYy9Q%VXa3k59@+|Nv%1sP*+uSHLNlSmKOG66mBVmt zZ8e>z9_z%*bmpzA4R%hNTg!CcFn*{=?<>;V3tOoYb3V<9bGr1ipm!$=(y8n@uiTp| zZ&EF_7$^H10JG~uEXh-c^!AOqmY4O`&LQ2%iJ>b$rs*g14OKEnF?6Yb5fcSrG z9WYJ8c$~n|k}nMEEoW=#ve?LUjt0_uhU6MT?T8adGM#|V&p=GW8)@k2Fnq>Rnd`O* zZAni@?X9;+dP6&-UR$@fRwU@v-r;I*M+|ej*U1aQgN6wsi{yhl8fsSswN~$>(z}H@ z*BD0Azlm&T9c=P8tg3xocRKh0;IxOg&)?D}66O=G1Y1n3%p}4p!fU~n6MIdl>_&FJ z4{QZ#F8318`zT*NvwbWC?*p0VG2u0d`hw^25WKI$y9a&NWne!geb;H+>!o)D_7$-G z@Rk+WDAHmZ3e5XTV!I0LC8P&AFvero?Fxcrb}a%A`mnJa-gQT}`vl2!Kkb7jw7)4{ zL_V-h8Cz0dAI_Nd68dgN!0(Z_7TD{+{3dn~%==pU(j@q;`ZnT_eIvYQQE7V$jCBo@ z>^REkGpbTH?yFj!AHlOdqHM}s-g<7~pCfQt&nv(}-%0RpCG04$Bgmh77SE##yQhFzS3O|W^3E=JqZz~2 zKE7R#VdF?Jec6E@nCbFmXW{eFS$3$vPR!Wa!oNuwTUyvX2P}Qx3>M{WqQ|z}Q}7;^ zdE+S$$*y**gN4t1nKuKhTHbhmHv#!aV9d6pdn8%0sbH=hFtxxg0J9FJgW*nB9n2|s zPlp%ZY4>DalQ@+l*MT;!gZD!ERop8Sdrh{n6`!L&PXtfveB`ppyCK_f)c1T<_T6|s zCa(q0H4EZCyx48j=Up!xe)cT(cCd6z<6pIX>xIwjvh0ikdl#6;xzDLAulnLRUshmo zoZFv+7sq+@4Q1bhKI?BYylVSy0keJOy)*N6fmPdgcfq@x@mqa$WZcTSnnXVIeFmOu zLQVS%*k|EcR}0};j`Fx%TFBl5?R>Au+y!XO$thKzB?FV`M zi?KxPAG5wV_Qn1wW1dGWM+5Ayw~Yyzu2-FxyuwWc59G;mZNA(Dz-^zenHX zT;9hb%jQlgBWy<4ma^h{wKHneq zD0cWh(@?>CB$)3s#2i!Eb2HDmYxul`bDMQvXMbQX&Dit;Tb{8^1$Ilw7Is%>Ec(56 zKa{aJ?~4s&%;$Y!_x%}LSzvF?Sj@we{ba^`{uQ#H%Gk65`&`C$6qwH(-+sx6&hvcr zod&iMthXq~{|Z*m`qmfv9w>GyvPU*Xbk4Q<=l2w1Gl<>9d@eizpS_Or{3~{V;5+mC zz^oU?moo@6uWYYdL$ZcT>AZR+ShTOavj`sqn?W41o^M|Pwx)uu`R?$$eafDnd2#Lu zYyrFy^PL>^_2+t#CnitKbGQEeBSHV>lku1?F^^y6O3b;4K6{Vjn}mB7wCg3XKY;yW zA!|(_7}#&YmU5BqwIY8>=Vioa@N!_B^VIjd%$tNP-KdKeMVk}+-7Uhj`d~<=tSiBX?O_0{v7=276b zx$WWH+s)%4+GBdIQ?aPi)nHP^qE5FJSk&o`TsCcJ+xO)5gLw=p8}G>-DtHZW&x2Di zV0o2&G$F0$Q()G;=RuFH;5n!CJlM*0rR=2y*Ckq-%X8+DSrnx-3(=(~Z5sw0E0t9vm*fu`Q84qClK7{a0!T?J9!7Q)X>j^_(v%&OP z8;+;iScT8liM+7kc_y&1aRAU031xZjuYG@zeQ_*_wv4*}-_^c!z5mhj`h4N(gsqKHHM&u1bFt@XmluiR zK9|@FGq#&PWZw|;UV*$txxa`l&scmfBX(29n)x^qTSd_B3_5A(^Vm=N7?=VZ$XL8L zrtF4{t)w#t@1q%;L}w1{QyFVzY%KZb68z`OyNuarzS`ydxSq;BVrAvcCHPMDRN}zA zSL2#3TZ!G2<&&h^$>_V6G}Vx>$AXRe?(qF$^<7EO?iBVpK9{nd%RE-aLe{Y}c;Vj` zu<+$Ma9t~=PP=*h8paVU$F$s*RAcRj$Q;dLYO}JenD+%N+Y-|16C28yWee=v8H;(R zydQy0+&8K-=Mwt~*c&;atj+yE?8ji+;BCVf>qYFvgv-D@J_36Qm}_*6rC$a1Qn2@Z zho1s_Ia&3M%l%J%-^YgK-Jk8UE3HR!JO5C)PTEauH(@>4G-AtE<>5{jZ&8K!smHeU z>7TND2wwzSQQ?K%`?6vCmcFdRciXqbmV=eDVb``T?Ru_|=eg|_gm*XE>u3bl0(;rz zJ+(pNz}`l>kC$QNIz`#{5+;CcMtShWrriftc%i2!Lx(-Pn4Qbw>tZSGoCS&^=^u;wymV;R~+fG^6`IvT8`}`}W ztZRgLPux7W)jDg0Yy?wQ|2|2mv5v+TqQD&2#O&9Br7;QYV1a!)^Ty?JsP8iwn^s_- z&DgvG8_d|U0{dLX))v@5W^8wXeH_erdtBSID}DPRwlw!$v5lFxvA`Y)_Mw06sWph* zehik(hyJ&VBtJC(F+NX$W2j{T)h za19C1DIq%<%ylm|6xi8du6xmkAct!zpXW8#y>PB8y!s|cdmryvTUp19U%P? zZQz{al{WTg-l5Dpll(b2@ObKUOMyKE?E1;9L&ARGbiMA{*mt~hWST#h*jwSvfTMrv zb6xyrY#DyeBsKx;WNfG`coV@cMRr+%U66V8+?L9U?VLBFv+kMLqrlz+wz%L;%lhJ8 zuDsK;Y|JsIfY~<7SP#VZb@P6p$B}D<)QNE?VP}x=SQwlAQ}%j->w)Y6bG%a4>k4J} zg7KHINhFkAL7uMFg*iS47B-?kYvWY}ZLG(D?OWQ|05+zgk12Eq3w zjjqX@$n@DU^6doe*5L=XE@QI_>>U|fQef}O*xCYncgD6B*n2WIRAB2f)|2bNb~+vZ zEr)$mU+j|$Gq$e8NXzpiA&(|a-{y-gEU?qT#kOY*Q>h((%cA_#NxO+X1HU|0tq=7D zZ~G?NsKB1Vj-P@#j|ko~No!+Yfn7!VsJl4MaST_}H%NYSdNNoGEM#8*b{?4hI53~X zJ`rqHE-%^ip4o*PN7n`mYz;eBgZ0xfLUt3_bCI>d#VA(I|1!jwjs8hpYMES zbl3d31$HX`)M_1Z$i6OP&V2$K$e7owfxRbV+X~F{jCPmOe!+WR=HYe+yEF4*?OL+6 zn=@~HZa1;lX5NNeUa?natT&ez^R+9%{`iB@wMnGi#9mD}We>+7v2tRbyJvwNBDRjj zoU2>|HjCIzY&qeKA2PNhXgS2Rap0b|jliCl?d~SV?ZgYa`@lSYOS|5S3|`oXd;juW z17RHh>|q(sQM@D@{!N3R-8%S2g7?R#sf>-P?c7J7lk2Yzww7=Lyo1D+SDtek@3%)C zh&dnfe*;Jg8*c;C#t^Wa(uU)6@El9zO~OCRTk_&rOdb3^1by+ona91n@Wr`BVBw4Z zH%}YK!22=5buYFOyID7mf1|!zs|}J4-VaF2>uDFIi`NSlysyD?jSJlAVBY{c?Nx`> zng#Z+VBY{61hc9iLhxMXH^n;(9&V(yFy`kr(r4!pu7$CF-w(30lCnLtB zeqeczC3r9L*pXv8&y$t)9iTs;Z#(?ZCuY5rnD6$y@w;5(5C?A^>5)4*Zx!Wu2bkrx zY?gI0AXmEeQ`btOnqV=tEIjT`B;_563OY@IEw@3;p9&z z96z)F1CQqCeVv~Trv95hDEgD_zpv%bN{nG|a`(^tRD9@?*zoAI*ZXj8v-s|%kJ#XM zaPunpMV0)rN`7S}zqXR!P|0s0KMq^H1i#Dk`?E5?mwcUl2FJ2qzN;}E{P?~s@_t`t zJ4b#AdFm(058T{W8zA2#-yrzio#nos@Za4=&ghnCRr2ng;R|1Rb9b4a$!Xy6#r~@+ zdG=TNN0#!JaBHc|bIf+-+21AKsN|!)$Ni?ey(d@l(<=E{%y)BTen}4(`}vki-tYO!{kzGR<@S5cGT*BoS)bpB)^olW%zizslK1=0Qhre-->T%- zR`PxiTFS4a+}5GNdi1z$kTzVI`#H(l?%bZ?*WOD0V5R-~D&I*?uH+k)e2e^K?9>T< zM``;nBfW^=ca(c8`TyzfETg^qIPS~#tXJ~=m3*U;pHs;_$QJQ7&nazWZV2Y zaf{F5^2SY-q>}6@1m}mt+x~`Wp1h>^xZ0rvuA(O80M^SIz*NOml_ZRqT5fnDhL=)`2Yr^L~wOcLHH1 zX=RrdygR^GflWhi$o@UpyTRsy9hqf6i_8`oqI&Tu5@cQVnNMcPg5vxM1TP2%8< zg=cx^6qxTvei&Y>z+5*+-pT?y7VN9=1`5nIsJ{cYrNB-Edj|vedN8j|^yMCc`gRkC zFTTGiHZ|9Qya`~(oC5a2htCMSM~$3YCjOG z_5=IC`w4>#nv;m#t{_Y#_#M||V*8c6jRe2XT1?Ea()C^467s?O5NY*oq_6d4Ug(SQ zMSUJC>f282c%a=T!S5z_6NkRdr2T&EP=Vo6vN0VSoW8nzZsb0$jgh3aVZSHpvavYx z?4yp8{!eJ@NV{U*NBY2-?dM!jQ=PnxM0~4VV!wdrIUulikmx(BeO@gwztN34(8eX$ z@OyBNRqMbucrj^h%pne6yvOvb3AJ=T(=oA5@OjQLRP6qO=lRca%p(q2@Avy{YqP-S zlRl3FY@;{EJAU{*J9%e=orA1>L%U)=8~OHyoTm$HLgwu) zF#bhWlAV&vq3k7K51QV-?;rY}0QOXDtSor5z^(;b17<&-2gUvd*fQdf-Gb~d;n_C=`z%=Rg5h^gwc+tN z4s254%MLK>c`BIYE&J89g7+189{VwFsPC&_jYqY=wF|pn2eV!rpNYEaWmBQ=4}I(4rn$B>(NjzjWB5Z^qK|7m_VV=-}HUemoD zZ0AwKnCoHqP3UA~*qzGkg{|L&4&rdgdOhYhtA{Y!lX>yY>cHv4Jij%TH=Vx4;hppa zZ|S6Ap1$0fed*1-Svc-DuqzAy{MJ~X=RRmyR!mtj>%evj*@Yz!ec#&0xr{i<;W=I` z##6F2pDX_c%&`R3DLkA)`oH8S0fek$(n(;eFc_HUfYHeAB@WDYn$CyUSMWZTdDFqH zKkZzYZMcSL$ljHCQw!{$v%XdEgXgn3Uc0R=rt<~n*dXRJS~2VOR1EnHbT?@?D4l1Z z4bs8$+SF&N_ky{}i|3+CN$aoJs|h~K9U=}{zmZfn#$xUAsZDL?&1WU1$=9leYrpE6DYm=CByFv%KHGA z-vSO6vL6Eb^tJqt6k`38=Y5OkT*LqF$i4)oY>9my-VAK)FL?X1zOlL8l>J7=e2y75 z?#);|_XBy~%~-taAoe4$J=hq`eS>LVS_92*gB}0e}hn|MU&snyW@%@%<7MNqAzQng|9&drgw`?oH924c; zM({gj-$4m%Etubkd#(?=r-13--i-B;Kbx@cJG|$feGxm0pf8Tkz{z&_vZ27jmmWy^ zp^xE9qrk!!%cd`3R~y=;%DZfM?hY($^x?C|P-(;aW`Tu`Mp3qN;QOt~iUK2EQMS0(duhv0~8`k{|1nVHay%2N$?DtRGNk_f-j-LN}XDl&)$;bHLJGO7h zQ=h!RoZlzTKk&TSo(yh(XnlXp+%`L3b;pyVAYc)q)>f6YABDJz!F6=2Q} zO4$t<)#pcp{|?^K9~;@ZUn1uEYDX}TG}#xto{TvT1$H=T>mbG)WxY?W-QD+52kUYj z$V>O1;qAJQI*74dp7*ZRci=wiAl|{0=Xjyd^K%^prmR@C4&r?``_C*}F0a@J z#TbY^hmx$JzVp57N_+|I5^%q%^?Dv^;yshtZ))d(@s}{i9KWgM^Pg0I+Hn0IZFt_Y zACxx6=Xwzf8}~x8ABcqwuVp<4h=mQWJ#8axycHY%5Bn_$1~!nf-3W>umGwDpOeP)J zb4h=Imw261Ba&?Y3$g2U3=#+LO49PE>JIiiFu&bf2xcAV_lpUBlee2VWSgYr9i#xk zdnwrau(70&eL0xlGZu4nvC9dT*Y=2VgfEsOu$Peb+a%9EK%j{eOe`2O%f!4p$9-UCE!x`+3q z?=xRC!^YuRyOA&tEauNup2uIw^O(_>;AvNVfjM4`;YG7;1@=TR?KV(myOsL(R(R@@ z7y6!r?03iWeNn-?EbE&~g?hbE>N`}(%2S^_^>K?K{Xglc%`@upT3}BDvmCw)9%Xxa=It#ozipV$ zhgQ?r7d+elp4Sb3@1Whk1^dFyqtmr6E~fs{uMC*uL0}hw&A5ecG{8dNTGEHDGX{U##1*fAW5wd1arpOzHZUI>ntdkBDo(4Fwk0J!7$} zZ_a6MBY3^fr&k?pEtuE)@%@f=4`drHc*+^V#_9qK8~-0~?*pe*Rqk&;;Glz{jY^3| zISM8k85I>3)o4_xSZLHiK(a^}Ks6&M{78R$ogGEJ( zg^7kqMMXx%vG=<6v+if^X9K5x=l#6z^O-e!t!sbp_2=Ge|6BW?+dB6Pxr{D0EWx6T zQLt$5H>iC5+p}&XY}+_|U_ElV6BCPam&3vb(YAraqTKA$TS^)E_$AurF`U~&%Z)PT z!%XM4c`Oht%2)x5wta{AQ->Vb;IN_94^E<9w%3h=x?{-mbA%(=Zfs!ckGZY!ME3#y zWUgC2-{J9E*sg}T&G8&I*yjuDMMp7}ZES~Dz^G0eo1SdH$h>#*Zu|wQ4B0(3_9d9x zSht-X3t7MO2ySB+7a!QRuM(`^RCKNj>Y^^a#Rn8sUGF{nG@jEV9{xL#xZh14QR<@Z zg2JYka}wE{!d4}AA?#Zd4s3W%96q=g@u8IAczcvFuh=eNK?Zw$VXG5c2=lwno#X+o z#`NO5&XZDpmV3!pn&sN>A4Pa2;ewe5Hs+5QEaM{BC%(-0R1aygCzF1NynR>HIO6_B z5#n7@P!VSCNb=Sf5Nl)_^D)%KNzjVkSsonM&y znaFQ;VM|gwI5e%wi17n$y{E%+uP*DV?2^K!l=aPRgvSSq<Yf@xjTb^X)+9Tdq2n z`75V3pQob9)&4@iE`!yN4}JveLm#&G?OEhkKR$Rey6C5t;qk$V)TMrWV15I|r|LXD z_{(X0|1U9*4^BIE@R=TU9v_%r{rJHA;`qRAhvzsKaB#4msdbiZF3fc-*j=!b)-g_9 z%2oF(!a1*dYiXaK z$n$sC(ms!q=Z~tTeLlx+yxaEyo{N}H+HJYv9-a?aSxcLjzd5z%EBb2b<+b$cTH5C~ zEEAVk&tLdlNlx#srMqg+Q~2CT*84rDoSs=r`&>$QDsO2m?eiKFm~Zg=U_R%xoVa1} zC0&g<_`!G|;R@#Khqn^yKiBE}TU1NudB*E{(yTdczk0fDW_MePWmvO+N3HxH)zWUK z@~<|#@vR!Tqn3{Tu&?j6xol(kF6aAPY7O@5m9=zyzb*9p`hHtpzKvS{7*$J8Al*$_ zhDQ?eb4)H@`|AX_!L#tpW!zm~S2 z<@p1(^u}6xYc0LAmTr{qa7B4twRE@7TTvH->-VHudOGQD<{9+Uyp(w{Js(&O?*T}n#+{`RT1SsbLm^v|7Na- zS5I~yUJ;Kc=2Wr#ufJ7ADwPwBoao4jVL8!kL(Z`kPdT?(73unPnsqn{5BaL!2Xn$X ztse;w^qaq-Iq{C1U`~jbwj~m;?j4w#0hf#pXmHSmLnG1|k&cKslu>DtWs8(Z&)vBgxM>A5>*-CH94Tbr8Bh;&4x%D5_`zrWvucBx{P98)Nd{Es(y)mmAKEtxDO1S z*QM31OY9rOeI908V!tHrvmpP>FI&;o{qieV-7ohQUG~ebVRgSa4p#Sz_v+OB@>|&c z{4$z((cV83w|+5BqW>O*>6ax*=e25e>l6Dsas9HRuyNSB+y+>CyNUZdmoSFla{*(S zTCO^M;JuVfiMxWT>m_&}|1zeb`!96fpSmWojj*pjy?NiW=Ljbf9w7Vxwkhd0q4R$0 z=m(bjvy$IDrcuVviCgDMOgZdstMinkbD95wGNvcy^0ghkOsRTXJ7y={ee4^&H{JbQ zl>0l_F^_Ft_Y3wXnBRX}kaT~CjmP%t#D;Y6jL0*a{XT3*z+QxIW6}+Wy$-e+#%W7+ zztPv3egw89=^mnt@508WIvUiO!MeyCOYm8Nxx_>FVVKKkD=hlU7~=M;ZAs@f_x@9x@5~NcpTBS! zO<-zWa$mD;q5BMR?^lm?!Ma=yv)o&mb{5+xcW1JFCvnTLZJwXyGDfBLUWx8}+B+pN z$7f`76LTEfXCmj2mp}VWJQJDy;(OnGCermN+A)ND^y#|99P_drUFcb?ZGC(sENrd6 z?QmJzUvfJfBM2S0a8eLdQfbZ+Y`!($XCZDqu{y1sY2qF?5tv)pIH zo=rc!aPi>!A$umwa;Fo=q^)f;Nc&UgvyPWzOO~ztPQ_NXA+gg6+n(6zuCWyl_a9r3$HYaBrae0b zpT97_2aD}E^5d^fw>Xt?FrCEuO=h{+U$l+HO=5s)=%!Pb&z#A-Evy|CyUAEZ0A={Cb6KkH{*T(E9;bABDg&(_6nfz72Ii;@py-m9J2 zQxR9bw@`jaTE35QSo6D|u(*f!l`{3GE|$kG%Fr*e=o_QSFIX&(v9M@|`%|xH%z^0_ zZR2{zw4|fRsy{D=@mJ*;{kfBl5&5a}nzp)NG_|Vpo}@bgcJnsIK3R!E_c+)AziKqP z4{b8*{WL1%eI=8KtCKw)=6&d~jgYx6d$0Slq;na0U;C!So?r5#=vIDHOMVNPMj59R z-F)g4?72l3`%ue$G0gkl*Ctz;bo1;PH;p@83sgjkOz6SvOlZXh_G?EW{{8dzmZzM5xSuPKFYRnfW5P{lUg)}*_s z=%$hxU9e5J5*GQzHP30ZgRan~o1fa|@!HEd2^m%VVmrP-u+CdyZg+E?s8Z;`#XXV_xs!bt&6$|=~tFDNMaD z)=tG@s@O}JdSC2F7$y~aH&gG69S;lJ=feDUjmI5Pmpd>xk2?E)v&`1LkMB(+wurd* zyN+T*9J>EgSibJt53{{9%Qi>`=JC~7;?~b~^G<^6hud9$>SFzvKsfgZ%+!d)Fu3A7OrDB>JTFb0PRmkV(`%YnBb+{o{jFzY<8Ft=^PDc9q=iNyU;RO`5I0dZ~B9b9zw z4Skn&wwW4x{bbSFyY$AH@|}r>`Sl{p2R-6kVI8`@vfN~@Tk5)t zpJg0&H*QC_kxJ+n*(<2aFJaqZQ3g$I?1D|DvBBKe9l^^My>6+m438#^gDqfTht7Ur zetm3A?E^0$Ou_br=+^ItS&yunh*S2(EQ747cdl5D(pFh_8UT zPOC9^55%3YmBd5me(;ikj@J30Wqgrv7i<&>>!R&}#1Do|U>dgW_m_X0Z+#^8<-%@F z>?^SEquZSrt438n_Z9Y+T)&YdqKwZm&-G|lVjnMTd1C)wSTEDCok{$JEi8}3UP=5( zXH$_>m-7qjNNjdtor%4wFxQSnT(iRc*U0SD%LNHAUw-5o~T@3lh7y zuvjn6@3n>XCEeLFe6_2vN01&v@V?GjOf5t9ctZ94fW*cUSGO#&6AIgq*f`>rF)5XC zd|^>%%W!*U8EcZx?Yy?z6YD8D_ghiFr@^d?_v8ih7*yNoi9N6Ama#&I?hM!xY}e6o zgPmGzc2+!mNurZUwK}vAncHwz{y1Ohf0rw6=F=Vs{b0k&W7hWb1r&t4e##Z$0c* zbl#ikahp3^r(%J09K7sH^Yi?;-Bbd$!!J_zi$5OmR)y`~Ka&1oIrs zy2L)&{C-Y;yPq#eBbc;C|n> zYWpIBb?&5%(YCG3e+G5g=DebdGG?L+7G-Qtwy&e2oo8@QGIo*Q8)0X`+)wKR>+)QJ zy4g%a=lifvem3ujPwefm#n0lM?if-`Ro|yF-SCBu*7XYW>npZ9&_#alg}ssd=Fpyl zitXcyZR~5c^}a0Y*H`?K>$eCN`F*gIu{p7;U|*n&Y4~{rd1?DBg6(kMt*z_x%Lpz@ z*H3@Bzx0sSFL_zIeF+wR-Uf^O+)lYHrx(BEWjO;zwc7H#IU=)&h3CRR%+WlFzXWACUq`D^P9{9iu&CLvo5hMwtep--235St#N+Y5`y;u zyKm8Ue@xp)ex%*@gM}?;N);>Hw=tc9ZhK;v7Z&?k%h1-kXzO|;`wU?owkv7Wz8GD< zt&D!s!J>>cFn>9}(M_}$i}t>XOdOAxU39kPEd<9g=P(W31x06_%|GkrQs>aUrs&2p z4fbl{-oHHqL)Rm1&m&mIOql7M-?(Hux8!FZ@2u%~WUN)jh3Ky3TML{@wb;dl#eUj) zUsCehjjh|4T<)HdAI)i8fY@^;`-tt3x!vWBxF-|=xu^1P<8fM>6cNM|sD%|G=bJ;j%z5y2H`W%?;u)Y5iTV8Z= zZ>H_*FKiM8YI`WmvA)R*4s7%h4|YE6EwKK?&V&60Hjvmku+?umu(36$L3hYo4y?`t+)wMT&k# z(=%Yvch$YQ=+@FV`D@c{z%ba0n70VqH2~W`lJIiE%`n%KC?j;s5ZO1f&ilb_o8^9z zaMOwSzARtaD#8b7$3SAAhusdF$WAM4Jy#p~)dT&ELW_A0b`C7YuZ|%7S;9+sQP^yz z+6KG))^_$e<}X9HIO$~SGP5q`w>s%$+GghYrEF8u$+XSPcKB@$ofq{pAK9&m-2^kg zd1aZ~4w<^l^q*yPu{&(@I~HaVS)kF@oibw9R&0S?20qSadsK{I%&ulx42Y zV@B&t6|1((qRtzVjzhIdH?#B&bz=&fct~?Uoo%PXTt=6o^L`)4XvY%|_8{z@uMV&F z)4>j6z3>|?ePun;_P^1syoTp5C@XXw=zjmP!EfBC)Ap)+8*R3p-#wT7;<}K!gJBC{ z156{ohY=t7IKClMe6P-P;_qHNyul}YTDr%=th3iS!}f8oiRe}pzi8{Rg5RlG2pd8A ze1iJ`zf-fU=v;QMK&M~2iJPD7Jec2s;jhKsTv&hcfx7-;8{=WJYl?13@t>@(=yoLb zj-s27Z=>9I7q&SukI9B^WIxX|bRR6tW13*jw;fw4FxdYoERNT#%TkzaTa3fr346ylb#rPM{+=fNyv zV`9%Qwqwh>rOx|g-pb7xYyw+loB`8U8xorivyA93+MWfojK0!`WM{){M_1_^vKg>7 zlrf?($7;@I8Jgcp;E*D6i8)s4w}=-d zc6DJ(U{Qw0b>_E$DT}Eszg>w%ex1}kbdg_-*IDN?N`9V8y4_{ci28Zl6fE*vpIGF# z3164Y)QJ?;Y0sOxwJ9LxCN&FMp9=Mds};Z5{ve_>_Zprot@fy6M0nq zg>@&&@EA@uudo5qM-guBcvv;2K(u-<_bTf8or?~x&TF+DfOiufKsTB?^H=Gn6x}kW zp?eJT9yRP?)w949Q|V4Fx)r6p1MuSs&p|h*)H&E|3UhyS8o_>ST~;OCV_{dJ^SXVM zE7MkH-^jLZQ$qK6=G}sB=7G)a?itz<{2t^S*wcuQBOLaI-)#EH|F{1>Z1(@}|54dS z-@g7;**l|Z%wR$P+h$e!Dc6Pl{a8fx-_$?0Kj-AGjUU(n?D`M9cz?Km^gh%Z_O0%& zOG%UWvHQl??i=reiWcP}2b=RqX3egf^c^GVYT~}t^r&VA&1>H! zx1LEUx6YDqgHtY%E7NYWq}X)iM0HjYbGr9(Zp>+uMcta^j7?b|z$(@%XH1n4?EO0$ zbXGeaaC_4H4Ge9W4g_QS(@`2=w1qe3Xe&O@(aO!?lk(f(;b8MO(81QI`SZA^{4USY zR=jUf%x7cK*K9RpMBjhAdGg0a$r2sP`#gd^uNCb`(O0!-_h1g)qX#paH5hFi-ps$T zfakbej)tSkb6z>UvNnI9mfl=T@2sUed44kI*Ii3bs->sb(sOF*zFK;DExo#y_PN8&NL zz27Co3+e?$~`@{#(^)q!VcrIZK z!DkOvGmZQ_zWEg_#@a0ReuDRJPbI-_w(VZ`X|S;UZ{{7#3DFb^2zCeT8J;Au2D<++ zzqb&44kymXWZMXq;n*0HwlZRzMBQygw+)@gZMLJA;4?Q~^R!%#Cq9Pw(=1T?MX+mO zesf|xOka&9Tuj7oPPpttcRf0NH3e4pm3<&|pDAU`OKc_Vt7Nt_v2Va$`|##9O*b>g z5pH6T#&^f}P=2u0g-uQDi-pDbhi&@~`PmMS|MgXF2Zzb6`u!(5eR?ab?yHSS_X~7a zoZRk%dkULG{?XoHIOA^Gwk5H9i_S7a=Q-8i(Zx8sb@p0f_Y>*k9fLZb6?h(O9MiCU z1@Q}D6B9d+_fVM%YiWU7gr(N;`HW_RGS0OTRjf zDtw%cjC~_^x_Lc{zNYSz==6OLak6Rar&CDVUUi>G_iFmzoWy(&jkXJ56y0XKFzG&x z&brKi*@tpnmM7h+qFV)X9n8AbNp~%}pUob8_R9KQSL)(2r@OY*CHlC!&lFq7{i1Cb z(C2SDwArt~ReNtClXb9hr0Fs)(#F$?+yioOU!lhT*9p|s$Z4+ZEj$ZZzQd+tV^t`wl`R;tGg46 zb=B>7l>27#a#^lNS6>HR_ti0JJTR1T`c=(-73?2{MSIm9hck}+QnPO`yR!WXGnRgC z@R=ZW$D>>IdHhTw@;jlh*hZ*x-J3#weMz@3b|Sh9(Zv|4wi8NzaV{+DD9nWxGU9et&zLNc% z;5mJ?S2hCMXTjVil69r~V$sF9zq&(88GF#VAIxQpq5#*yT*hRWZIeA5+w&7*G2cww=yFdI=m~H+C<$8_M?Ug#&5ma6_C9$W%{`}{` zex>e4{`vie*yhNdj_wjxgy>f?KHXli=vOkwRX_QMK|k-0Jqz8ZX+ZqF>2I z6{bU?9Y+@y{Yu@VV3r&GYJY4rI?K)dYB=J5Jgfa#kl(Vb-|~#Xck)ntgY)9Xh{?@y zwebD#i%tgz^Vwo`FrrnySCW^=9{Z!Qy(e{lI?3B5hr79!SjXyw{u8 z!=l`SN;`HX=DWtMOWc#ptcK51%EnP>*#5b+BgReD{k7OG#Al)N*(UumHI-q1w{4@* z^Vilk*VSOrHunMMpW8-LS}fYO3l`;ChS!%YgX&baaeXPSC7Gu>uUDxH+h>(J_at^2 z>>_-yCo#t_ZCfYPusyS|{=~TbztU|_KJa-ReHvrx*6|kDs#BWxd7Iz=4f9w}+Xcl3 z+J3LFRsRciYq9Mt?KQuBvD=Hzal)wcroy%*c1K~e65CRk+r+T-7}IvlNbIMD#Ws;F zs^_rZ{UYugDn6BYzVJ0Rj6FvqUvschQ=3)}m#ozKbH zNDN~?cm{gwJR24|kK5Hbext9yXgfbK@7Me(wu_mDZ7*^2Tb#6JStz*JwE-xz|no0*2~Y~t#yEY+@b z$1*iPw`;+|wi_0Cy=?m%5|PjVnkslmHeh8U9@91%>3w@jdKW(=R$(*@aJ+n zlkkS?2ltKYyyp4G9}ix`m%Wkjn%AQ%^^?7s;C+rBJKC@GL)_=MDd{}U_!6Bju6b(v zR)YD(wnXOoYknRd=$D+|!qg6zm-&sLQ$*X|P;5uR^i{SUopdiPy6IHdewB4`4toOJ zzTx+9W-+x4Sr1|8okLph6p=llu#Ke**}oBXpxZ_d!MX*`ka4Ma<82-}-IAd13o}*mJREu~)~Umhn-7 zW!ze}b=poNSjH-xXTMSxWlV=fer|ItV;Ulv^|514_w_s^f_;w+7X9Ub*1J*EeZR2L zOhb2DVT%&;cwO5aiT${+*w2_B)oolzx$8>bkkPElb`rjiGJYpR*Pqx!MR#@av$j7i zY*F!_>|pY~8rvO-jevcX`mHYhQ#TIgeeI(U9xV5(s>*yHr^H?eR)fo5)bkmq;pJ!I} zywfvbvtZfQx@hYe3C1{4T@Bx~zglzlyqe+~GRNq*a$~#nw9N zs}0=X;5z6}rmtpRIp`Oe^}FCQo=ahBePz~9wjnX=C)>u<`l-`b6Uoo(@%l<;{T9BV z=@-*3-$xTZ3!95R+gcZG^^4l5i+vY-62Pr>%9-Rv+ZLj7}`-;yy2QQI~13sEfX`E}LQcD%VB7=&M|p zuHvhs;7`HEdrYShH$T}kVL#YNndHk~<7h(MC$Kx|UV_f`+-*hwS|jNw9*4<(QrL2s{Ul2zEbDB;C2_TpoR8`D**h z!s6Un#wP$OofjaZjLQleU>fYL#2@OUeiRyvM<6O&-)|DkXNN3z5)PF;jWT>r_o5X% zpIPcB8v#=nb(Z;juxx&*i|jGQc0#F(j6e7eQ zeW|oIMAFS$b?$u3Hrhtq{AI5rOoh44rg;@RgXwEvQ{=<^|02xw^7E_ zpEk>|F0wC@iRJE~0M|j8=j@j2v4GnWS*zUQE7_N^y@dQGF%8=&*X@0j@gKykv&YYL ztt!8$^GKN6Kl2OLlgjuywzgw#Ssurt8z8JWjQiE8pJnWieG8q>&8#2~{;F-@c}#t7 z#&fH%y$R+!hPEWeZlW<8onwp?U4?UsZC9zE<=#&4`5*g`zEZ3IEMtAr{S@ZAh;loA z2D1#$4cxYC8)Ym>?fp62c1*;{tcH~?+A#?h?YNV9zE5anVM9nyBYfjI2e!tGWitq0 z?BUr1rrPe0O=tcy(JevX^09r_5&ty<#BQU)HtTFd*3C=07c%c3)MXn?jlp&KB=Xy^ zAD#QRtlO1zXEX0I>bIQbX1`K*BlC}CV7jL)OOn;MI6@c4SD{;2blvDY|8NX6j@w7U zVtjWFaeuNH16@lT^NL-?)N%Q(i7hAY`0jS5`l_4hPf8i?GxSw1V_afUhTA{er7p_Q zXThS3m9Qw|XT-a1IH+}Q)s5|DnD@kopM&`fh0K0+Bw+=W@)?TQo~pZ}*y?A?cp_{( z?7lA@*ji_TttyP!)i)*|AmX<@JdV*WX7uIx?^+=tp z_tWjH2j+7Xqms`3o4Un`O)WaF8AUtJhS`n*9GaQ!klC-EPKb7FF6&@!N4%HI`k9~Y zi2M$NJw$jS7g}aBwG7##(ftm#i8#?}8|Zr;4)|5`m@0Hf72Rm()pXsk&rve6X`LSn^P3&sdmg%Rg~h$(>c+x) zDL0-el^p_eyU|g$O)^|j>Eam*W;HIQkw5ta--saYPxc6GXYowIEaH|cyA0i^PYyn# zAbUG(&V|EU?+}%}1NMUt4{z-UW$%Q&54MziBfl$3esRpNj@Jt{esb0D)_WOb{je8P z?rf%E`{}~wBz7}#>*D?+bl)XzUDlWWXMP)C)@3G%(0w0f+m{rEnA2h-X1`Fqch zM)zrlPdx2|Gd?)>w3CiK{m<@!#y^gG3P)jea zrI**zD{JYswe*HsdUGwkowOZ1{4<*PS%iQ7Td;45jj8{720>4?m#xx09xueN6?KPR zezleRkxlFqljS$ms~F8+^9JlHe!!xDjYeN9+Fc#;RLSlZY+qFei|%VFx(3a1%PwyT z2Bp=0!;bH9+EX~d?I!NNMCQ1-%(?~J1M|MqoiH^Q5IoNDJ?FcahVCEe24Edbt>d|b zF$C|=8VL*C!^y<^PT9S;*nu$botlKs;|y(k3Eu1JxJB4L3Z3_u4!~k8%k!uFu6OI` z@u>MtWXhy1KhHlSzsDC{FH?{8bGaUahVB&N$5O86UNV>YM#4uK)39F#`vvjmF{Uv+ zvAc7Kb_eX8_XpSwFz?HWa((_)wl*=Je_aRj-Vps~e|R+c{0O!q>2?#h-02<7 z^QTzLxgw(no;O1jq* zf6viPQP^Hj(r-1aDZaOi%LuMpTbYK=zNoF|N0~hZTbccjsy3cYo&D~{%$n|+n(YVB zR^NU=r~kCQonX1QCfm2eZozhYV(%`x=m*w$Wns(8vXp(kFt-O$XP-CMSFwk%+;0-B z^J1o<^Vw+IyDTx!ZLHsl#7>0Sjx8{n-qw!INp}*u$B(9O!0dmP`*T9w&+26AqArhv z>4O+gv29N+x>%27JuvGsz|`$u_UTGk?n6SHlc@63YN`=9Jz z>3{0#{ZCf!f3nL6*)OuI3Az6T`)Bg zm0+J-&y>Yb`9AvO9?~v1b+-}pL1$T(G7VgRrzPe-O8;$V8nzD-*LFtI$@HHLc~x$# zzq4yP{g-VYKyM$~gs#5+I*t_O+Q;p?yA!(yX8mIP$aV~6zRc^xVe2@AY-(cv%KB@5 z_4QX)Uw>u)%KEGBUs-=cXPsmHmDSf@na4cpmM6dXz6gD)uj=dX)}(X%NZrchm-Aq* zzm8Sb*WZyv=Y1h}5$u0`O!c$uZi4;KzDYK1{ZA0OUop=!NMPke_UF*>|fu zzOeAK%&|p%wUD?!x0A81E+HQI=?~kxJhA7&^p$=N9YgU|xpBN^8IDWZHrwd&pJl|p zad)zv%6#`J9&?5Ne$IT`;n-Z1p-!eQn0-jrnS3w{X1Q}<_5K&vLag81qVpcB$nPyM z`=8g->ius~DdTb2dOUaZv)GrFc4Rgwv0>=^)(?MG8R~-dB<6X=&!5peZ*c#s&UQQq zo0D|jzoTv&%>8fH#kwlvRpX5hynySpj)VW44)O8x2mK=B(p+^O;IRr>H_j!D zA$Sh9f~jSw+l}t=mYvw&VbwVkT>oj?OYj`bZB*DEh|@gRSO(L7xs2F`S;lZ?n%@9A z{g?AwpYl5jopqTobg&HH+hG|VmoRB7V}8>8xYYS-n0+mm(Vuji(7hdBtxN28RH~O1 zYAklqw%@}n*FH&=+RE)oIv-+v)T^4$l85b~oKV?b{ap9o%49nVoyYQGzhyW+*z98419Sb&eP~M3 zU0if4U}W2-TbXqKUUZ(L*3W+(mydEcQr}0ux_Q1xcGdl)uD?E`I*xScevD54Er8X1 zH9hIP_GsT-0*n4PhPdng(xiKk^o>tp-;@0JN0|QGhOX|v?aB6mqI17bGuwRNe#Y&= zVT30TzA>_Sk5{zgp<;V0y1M`3e4l1E{#tZy6YKtqeU!Qnb~T@69ZNjQ=!acT=5t{b zQ>|O~ag5`5$-<<&0o?#F|Cw%v(^ z?Ic*#`HR@P+R2WN_ZaO69o71<4U>ebhzVs%Mpd`VTHwUle%ZZ97|h^ zLqqqh!sa6g_FC9PPAJE94zhWL<#%t{pBxk1Nzi}R@ht?8Y4*S(KkwaBH-qsnCT+Tz zu+aUOd1q7ZI{X;S<2u)5NhS&8i+emgs{ z#fiDREF<=pmU|ma+wS6L+4f=^_e07KXZ~ZaB)_uFk^L3jwa2iG68js>{^xeB-v8Dl z-5zxIt6O3EFK;K^)dSNuDt$yz7{gt@pp#u+ZIv?o+gPL1JGhY-3?es{4GVvqD>E zfA)_Lp}QD1p(0K8Vc2_MeK76ReURWY+-np25b+wg2Th zyRCD*WYQ{k0|}Q=)_JZmqNZC(g`*7LANbdcd2c#KuD?eRTpzpGp?UwdI(@U7;QeEr z6cFr(u!pgNt!EnS%fz1tTS&RVz6pC9Y&2yB`%lnA)r1pR5oag% zSy(SD-ie{kIxL5+wDJ7Nwsn77mrmg)i+j)94u$`&BJTZdOV9;#yYhJ0vee!^FrV=q zfZ6}dFP`yTn{}Hu{MNI|cSE*Z|BnsCz3xon-~{itJlp zBLHFhhGIJlBV5yF>phae!Zzw>86PONemltim&@InSlIe)(kS8otpn^@S+ zgN3czHQT#^6;a8l=7sJ!;(q^ZU1E=u z@nC^{ICO5`)vYT1)cl@ZbXya94(v(T4zRGp_W7`B<9KeX^hs@BK=Au)I}a z_T^*LQO0dh(8jFNH`JX@c-xqvjrDA-XkN8X zc|23Um*=y3WLYr|d#dl{ZH19##oo=-@8#`Iww{;yy*&F`)bBO08QeJCTl$9O&LwO_ zH-QdB*Q)Z<&z3t0rvF%^jVN~-jK8*WXD8b;nP<6+VU~-_8ds9R!aEOWjTOk=3p?`{ z2eigYWlLZu!}^Jb?NXTcr{0>_O|XxV-)N?;t2D8?7JCzH1}toEATC>zSbt$#6ZoUN>$j}vmclGEm+P@|l)Jd-rcycmmvz0RkDH&zQI_lZk^7IV+n98- z5kLPzp5;OxWt;&!<@Sz7H+JS_cr*X5x}fV=(~tf}l~C!D z{~Rl|y;sBZU)GICez~CJ*PYmF3e)#d?w`rW`{Z|8C_iR3&Lem)em~RD4Pl1&$*&`i zU_)WvlN`_MFspG0%=~tdFfT*ow>#NBoEbg?V87OP>O5byT>EvD@d##A_wi$E|I7I; zOny0v8P;!0V%`J&5G?L1AdAMZlHVex`j1JgesL_N&ifCn-*%?lMDQNB>0`?<)CCWuAR4=Qobb z^k2?zJj}kA^P2{X{QSP>b@z3&-a}@6K3v$Y;y>AE3hPMieJjkid0eOea$P)zW7F1F zmk}`im+LYPW?ja^yKwB+zsz?DiTisI;dp}Ih8kcRy2H@TpU87j#eeFi6S#q5{@YAC z%Dn=KZ5y3@@UBwE%*1@px%C@CU5K{TZy@R3Uu?Tmoj+FCoWwp;*oMT`6t*idzfq^3 zmz4HqKQBl=U4_p2&0|{k-x64~_ftjJM?bayWj|jHQ^)CX<15tRE&oA&#aA-lb9n!? zgWoli{bynNIc$FfyI>W|7e*DU`%uqfI(0VRS%NXU8gKR3`)M4Q*-wM@6=q)px9R4R z4i>u2=%U=u6Sv%%6v|;uTe;Eytn+GgN1$`;%j1_W!ZC!~xyYcOBR`J?Z0|CB=K8yk z5Ovny!TR8~V|?+SZT4FJ^J~xGT?qHty2VT_BXqm?R?^tSJZ99^^-_%?Y)6*%%DgV7 zZVQZ}+jMaZqV8mLJ~Ow8I=lUodAw#_M!}*kJ~QI8dY!2qo=1)P5zhm{^r^P5BbeW4 zGSh!Kzu9FQCYyxqtEt}_bWz3x*z$X5TVfMo7vDRqF@p_B=>AHZtc!l}m&au1@oP9&v;<)+l*x2c#!#i^Q0^JbPw@m)MZ;@ey89+Xh-xR>vAOj zzIhi;N&b68(K#*<W!-p~I`<83 zf2?1BVvcFaJO&EgM+%#hmeC)uw=UUNQRg|#)0S)-e$#BIlF091;y#zR zrufu$90t=b>x!>rk0{Jzk+7xNm2N`nr?JdgT`S!q(Y%x3GieK$YAah*n0?J3^6GoU z2mGozR!VVgY%A%oy@L4WyPNmv{7>v%MP~;Moptbew)y{rEkWnA?VO6XY%hoT>{{%n zZO6XYo8dms)>-_gZePr?7N1?4pLBIbHLLHt+yBN9_h}y%) z>00P6DY||{YO-#iwAcLH-<#ib>gVxa*3Bz*R_8uIo$HbPFYCsVh;lD2y3H`x$*kL* zbgwVEC3K1rH66R^R(|t~ZW5LA_$B8zvur01hYt{{=Ps=*KeZ1K_xaI2red1YdVVy{ zL$$qyplvsqtI4)oF|^EVyQla?+iw%@;#pCT6ZN0Au3Mw8;Tw8P^^3ai5?%pYhfe>g zJDmBSgsm*gL*06U`FWhJ|8jmFqep)K$-KM!53G)Tf_)EW8CKR~m0ZU5Wc&SM8-4N^ z(kBvL*?mxJ{7-f~;RPQ$sP&F)*#v^$2y?q-xw0n`I*&c5(Vy5v;_6l>HmR^Zi9MD0 zN732t$j@U`*@EIf%a~4hDHn0w#_PYM3HqR_OVW8xawT;MpK3d$u+e3??T@_xozL3F zHc_3&P3AX_P7w8zoy|)(f>C_qmxO0No9}@YKg+ffTxT3JGChhA>-4lz7x|q8ZS(r( zzF6CSbQIlYyE)n3%e-?|9oX0ni~jdMGX3lg2R3?3oh{>j!hFieV*oe8ETb30;ly+O zVti6tb`#b5F%`$V|FvJmy44Gd_4i)H)i?-DUupYcf@Li0YTD&8yk9{blZMAqZYQ@A z5BA8y;#^JLF)-f&=Y9}ZSNF|v7~dHFNSn~TM$BsK-(f@pQ#P_+x{=@qDo@RB+sGRGs{WNrO4N~2hqI12}e_3~H z=|k!sh0f=zCoqk=j4EtvVRO*A3}1*3T<`qpo6pg3-*4PUoN8C>i%cC?na$K+=zPay zA8E@lKgVL+sy<)H6%w)TUv55S(sO&L9@ejkP1{H@`w>jvsB zgjr|%xcx8cVx70a^q(y1yt<~d&g!DhmyqA|&r&Y!4#wl^Rh?HR_6eBZ^osMIODW@A z=3AG^#Qo*EY$sj!-`q+ysIxBWEZ6)#PJa4jWbu{klQ8`OGPX%v-jzlt6mdN=j(KHPiS$JSJNt$dbJnV6 zKF%Vq&QU$x#VR7zGiS_h>@MGVarye(Zx_$?jv^lEakX?$Ej_cAo>xmRuBH2H>9w`= z##-9vj&ptJU~TD9we*BqdTK4*TT3sfrI(WKPVHY^(p@m0gWgD*4pbeJ`2Ch6iN|_L zwER>L{<_+dT{dU%*EVkuS222X{+*N(oz)v<19Y^dhP9>WRr%MQ6YcTtp}B>BN<>X`LCkxkol)L{0dkiCg_c(wh8N>WwWxHt;a z_8aQ+yzLtABx)xg-w*lz;PM%&<_CnU%A_R44cz|d^f)MRq_(3Pz$st9%7i@0{@ z-_Wk(a+3Ja!}<5_8f+$q)O*~JV@KA6`yeNdY;R0s$cc}vli_>iymwj0?^V{Yy{rz~ zOLNr7>L75innR9yWStzbm(|{6UpbE-%+(k<*U4kRXSJ)^UTD(QTE$wCcJOb_N3V$ZQgrV35I0BIgvx7d>XAXYdVT( z_h4y#gMGQt-z-?$zFAcc{Ojx+qyvM|M3*+JUYWI)MMvKtJuLEK>TyCh)2XZ_-d}1w znD4)@?oCbX^um@T)(gAnu^emT_OQLIuoy2i-!~TKae3(840{{4>k>O3_90j|)6jj0 zxbGQ=F&Fc@3U)oZiRJi2b_?tqu&s%G8+JRa2j511zK7oSE==s#Fw0$=n8)b)fJ@&k z+uy>za6IkhL?ZIrS!_op_H}H$-~4Lo6}p>Ymg}}8GoSZgo0#AFP`9(j)HRZ?{({c? zchxn$BQ1jeT=xz7&vy6*&l1{6U^^om*hEl=wv6uVw|m; z{GL+EjdLQ|bl9JdYkvE}<4T$5Y==>S$!QtQfa&KrPF433nC`&nLom zB;62n-iJD)_{F;P5`5NV7A)#wUwa|8ixS%ki+g+Bjbz(ZN%v=Tws#RzvTbYcQdpGn zSK_v9ePVwjZW)`HKD<_jk;_>qUJm8s7}S=83?3y!HUIm z42wxee)CIy_Iupcmfs4}`qVNaKl^>K$Zr!Y@>@WD_VMWV+P)R0Uq(=o;iUE77=ry^ zbn&0Mw-w!37_-`R6O(QcI(@YoW)ai ztb>7y0+cyRj|pkh%V-+d+Y0>oQcgvXratoBZ>7PA_F(-e3{5 zuABAIuwZdLXEV$;sJn{bb+ZxJ23rpEx|#P|M!A;Z^&HEvpK2S|bEd*v_hoTCrzhEd z3tPv}#=-cjwplTTxT>b}dXBm%_w(55gGKE2gYnA7$_Gp7!!mazZ0Z|#bK~hArv4sD z@Mz`XHx6kGFb&-kh~Mx>?iD7FU{5bB#*@ zmXVqLO5OI-H`K}0W%e@I+2}@<<*QDnF0=DsKVe5UzO(7mlS$iNuQ&O=>u8%gZPf*v zS6F-p#xmYmSlo+?dm8T`+`&u8yP0Y$b6f4QoK4)c%RH84Kk?9gpy;;4*uAvrx-ksh z2aB#3hHKh%i;~XcCd>8s3fHvhb|&4jq8rCF`f1c}HZ02haM7(|>blRQ)s9_B_mQG= zAMd)Kb@O16pT}_4&waex)2!Q?bZlCxYoObh`eRmWor&!!&8fz3y#~5Et><^beb48l z)ZS{Fh;9?i_1yf1vLas(i)*UpXL(+GjcYu)T+e-@9WJkD|Bh`|V!wf%1)G)F4%qpy zHHqB^^Sf13QhSj!PUPR>#5@+X9dSHl{r*~**8rj}Lz!{ zx@VByKse;7yf2bzW+!kFPGQ_DSu;C)2X=xdK4-beVq z{dIKLEdEKlvo^o0maYcGa+ckVzQw0s=WeF@4IS5>K44s9bDn>|_*!}|eedO2KV)1j zJ-(K%*)t^8R-eYPQM2Z>ue&|1U;TCcx&6I^-L>?DTDqr}o=$oc`E(K-U!7A+_tnzN zYw6XbyRkKo)mL^kR{y0r{^+_fiTrxY_oE}dG<{EcJmZtyd=GjmT7%z{o>NP&uBCU^ z(ml2BNB5H+MSnJYgzrbM-P4}l=y-CPUya|UbokZpTDyHPIIg;(mfl=TZ?C0ylg@ta zqTV?@u9ohprDxXC^J?kEwRC?iy|$L#SW9oOr5pNG*L1af9Q^ zeJSm7Tur){c|8Qb`@NHK@h<#o@H^g*g`Yy$$FJ|5X#DlLgRXw9NMDomRrf16tEZ4g z-+RN#-BR^yMJ{iWo|aYLKxj&YwLi@JV^)cDRoiYe?1@=@9}4l(5SIuat|+7@BHczD z#~Komj)-)H=I|038j;4?g$!wFriXZOX->l{DE>Ml(wJIEb9>D0pur=9)%jnyLVo8G z#t=OJa~*WMt%=+TQu7LSmd>2!8n{CgneD=st+fGGZTReU`&4!}E4G(iad&R^vBolkGL=JU`vRK8~W=&QEui z{hs-8nBCZfAkP0}*Ta0r!N{^dlR4&Nev@GKef`%9SIBDZ6!ZDQLy`9 zM;twP{o4E-vy<&gx<3}%$xOrcPsE>u&Se>_fq$)wV}Xa%>JrPyGQ97=cOlFv%R|;x zY?m|D&$4L8twl$7Z20}rdl}&FA@0v@)Z1ZG=oI6LTNiaNgZ&$LPTOF*UJEN*UqjT*ii?JB~6=U;+Bw z`)=aaS@w9C?`54voN86<7S;p5Sw4j{SvNWe@m|*H#6$NjbbhmZR?(=7_pCP;=ZUpw{teZ$8@_S*?&4$tBHr;}xdr{G?gpH`_9OH=m zTt}_n4j8LvTYfqqbT4M!KhUj%brszuOn>oK`dZN)OL`;m)7J3)J(hvCGW)6DQ;WVP z+X{0mZb9iovdAQU9fNtzLbfQeorUd8?C&t^GNtq@%NR<%tV>^F9fhq- z%x4NLV{Pew+IsCkwlguWJIKbB{-^Hih3#P55q17@Veve zEMs+9e>ntb{P&RNnCw*I{!S&tJ@!*7(qu6vy9!1&mF_C0j>$T15X^q;n5_NOx>!aR zGadJhYkIPOP;NhLI#c_z$A7Y@%Q#k!$ghL^v^C#g!-zXp<8evYMx7_X zaA8}WSCU__sB?_XTff6g8II4{pHC%3{kEmLj4HZ#zDwJqVAdtZejX1yiJr3~Niq@Sr; z!()rD9mUv6(p?Py+GB=Q-^Yq_Ws7?lmriB4ty9Nsu&w&Z)Md69W;?n|AGa>=Az0@H zi7kOu`6YH)(XA=#g0^lWw4GAc1)2Lg*^&{>y0H3H$HhLkHIcYK*@Xn3$8tH_HksE5 z)#+z_l67l~??d+po^6WdA^Tae_4w4jmTl*dh%!9(_F1m@_MAG|)ps-*o0!V>45rp^ zM)9+{yV2c(ZYqAp4OJb-!+hR&e(`KqSO7iIYVD9gAtvFDWhX2I;cwj=VJz`U?k zr>(kRQwm#_bT24uS7PdXek$wCTR+dG6C6^?js3#n#KO-zV0Ax_WL*drejZiUk3-4x zQTWa00XvKTg84jPo%uXqW-f;p9>VijOsQ(MeqB}a^ZYk6^Q$xSi}Pg5HNQC}Km8}; zHvC2(Y$k0B=KK6)?w5kG8LsNG6`g%o+o+4rlxAjK>dd;xa(>pu{DO_4j8DMkl9@iW z438tNi{ISd7t{8M=)OfbdKcU5(l=z^Be;E;j-x{7F@^iko>H#5tpxY`%W1DZ9Yu(J z^4j79b@vdw4zwGFd8NCKh{qP4rETiA72RAIe{H(ONrzcg=Yg`1(w6Kiwk@&W7uJCf zq8)!MY+>=el5-F*rs>=s(z(DZS%2hn@>8=*DlXDJvhHv@ZkJrx;0-hzt;R_ zak7;@b8m_EF;RKZDISQ@UXFOr+m&_#A9m(%GL}zKat37;$y061$wZb=kpG-{-n; z*ww1@JBa&jhd76@ZHo!kWhUi6jQEoXQ5VNhqPQDA^4o*1n~mqT#C*A^*LJ*~7rKYT{07~e#7=@) zm({F9Zhv!K*1*E{WOUYLBFC&u+Uhc?9NSvwN$AGCifbi_^}x=?FB4gZBfn?D{7%Bo zq?37ncX!fFh8=T0dBR+0EaT;@8<&t@Y;&Fqdw{Tj!L8Ly{b5oqKflRlzwsx-Rn>Re z)(QB@T-DqT?O|&D%gNIHSO z&t*6U5G=}Y+Y~Iyi0zPNxV?Qc3uh0yXvZ*^Wz0CB>Azft_YUh*S(MS6Sd`&4w8-xm z@^f3fqqKurjlc2lEzjVXpSU`i@07b}GWYQ%-9(tWHKl&)e13EUx~oe+koCZheGd11 zl8F3XT5Ojw4d!#Y>Kr=^_8yq!#`%%?y*F%2zmhG7S?(e>LSgHBzO3IkoE+=}h51g+ zU>|~cj^j8Xt75hPiE|vUe`cNe#dxCST7S!(&2l1I`Rb+kXbA1tMP_09>Qb)nsmC>K zx)Cfib(mH6aXN-FiFjs?Z)Emu#OmA*;r=SW7#rE1Y}Gl|65A`w_)f7M#S~Y!+4jPs zTy@&2%gl0RxVp`DVbVE<_Vm9t-?J6AKZ9wzimBTi{TFqP{>QAwo&2-hJf7n_`1L`o z3+lEMwyg9&nYs`Byi==7DgE}&qxL))E6cU`e{+$VIO)0TF`zRY%fiO~ND-dl`= z?e}i;-%aqHy#uhYRrkx|o4R10bDCd&*{+$N`#RsDyg9L(VZK9oMA@#X`(|NF61xRv zeglQkZL0T{dtIZOxaG=55@hlIU>UpA=Jk}aO_aGUw%@OZ;jt=2zu#GO_VF`{?Nl6K z88o}PPNHou83(%vF53cAW1f-Uo}`;wbTc^~peb#-1+d8P;-cFG)Au>QT}fyEv)t)N z4)*aVcOESAyQJuDg+(6^-HxOqt17=`k8U2{=W@5e%uoM$j8a`^O3T9;vXzN>&$nzu z^1WrqVhqpxJZ6w>N;;1jWRr^T)%lE%?CQi0D$Jc=)X(!fb+Z#2Uf71j4lZmw8;G!d zSYb;O8&TM<#C$%;GG?az;GuNY3qHYMFBi*7qp`+U~zOuA1M-FO5Z3uIjni72<3~flPbgo=GJ^L8>`H6_ado}q z5xUC@TbI}sFt4ePEq%lMWL~4s%=P0z9vI%5bXUPFV^ZlG+Ab+9j?HA(5MJ>_Y|**B zCyVO+>EAqYSoMCasNWj6_W`WLA;E5dSw>e`9_IJs!e$nq%6>wy9rF_VMbWKI{@YNP z&yFFj>arMrc#ngFp257c+xo32+i{Ao&O`5f8_$#ww|=tSg!}sjeJ```e(1_!t#2jD z+)ggNVpw(kH*DRmeOHEG>;oj5_vFF$B=#)$ly`BTLh+0F?I7Gv85>AMe$OiTEv6B% z&6$AiALQpbU9iY6`lR`tSn9VGQRFurX4@v3M``b*qFYw>QQA(09mvJi?TMXUY}b^1 zl)B#$)Wx}#>^B7c;V~H;NGFA5lMb$D#9CuUJNPhFdG! zN1^i?Umt19RW}yqwZPT;VfGEny^e}&>;5ZjA4}Y4$KpJ|{4%rOYkMd@(soa>9Y_2! zZOgi)ZDu2i?aNEK14(xhwmysIv3%4eGmmpD*L%t=*YT^+xeq&WCP$1#s2TtVJf z-OCtB(YcHqe>v?`p4Vckt!y{pm?=E}m6-khFQ*OPtKUC)>hQh#{VQdZk^B8JSiRr> z2v+a+C!aoiuYPZS^?q-D^?q-D^?q;t>iyofMZdDW_Iq{pem{%4)cd`*^?t9e-tWz? z-tW~#zn??7w-esDs{Q?J+hMoBmQyE}hq@ue{{&l9mYZx8%=fNMqXD7Y443uMnS=eb zu(;n*+sW8I{&T}y+dtV1*j(7$LkDeV!dAdWmGxYm?824pY!>WZbOUrqR)OlfhNm)p z@T;ATZgzrEmsg-W{HEaz9@lBHH^I(?ZDwFBbRU4(j_D%@*~-GYS%E@#Q(>d%+`)YJ zu(n%SF@hai*v3aS*&)>J4TLA0+x)hYI@vh{-`Tc-X|Rik`_4Ac*@N{KT`&0tyP)V| z|7(8d5jNtm1xfeXVjJhb>gEwFV{}=*vP%fsZb{|79rm{y88b?{KG+X7a@@$urtj^~ z@&34-Nw*m8`}dZX{fuS2l3=;9PnMlunD-OwNc>ii!9*tXSRqxx&LDhER-)P5~1jmTxFm>A@n?X2| z2ZGj`GWQHdVF>>fT*g z++!^JG(p=qPM2Lv7|H__Q_A`;`xe3cCYNJ!+4{nkCbj`){kA5y5~dGkb`G}pLxpvh z<8<>|SlEul?kQ}1*-xpvjbNRZCibJEo6m+xpSsk>5kABTW;fGdrxPCmTgp_8;n9R= z!upwp?lj`Rd0j_!-7A>3=BKR;*H&d*{5IZMOGd%eeG;||#-_2-S;lR!6-j3qyI^tb zX@1(8pSI?Q8>=!7xU8f4rc5w(3*W#v3VjGSR65J}EG+gv+FHiBZ=~GP*JRq7pSI?A zFll{t(VIJ}Yh1z9ZF^Hkb!^u~T%Bbcfo^i?S2D}^)>}GS_gu)dH9wCF&5!0ZP9cnW zJHBG-Pd0|&^5`jPs?=H@Q;BEW7Zh8vtZbjm^g(PFF%9OipUiQlU{5KGT~#Z;>4hyW zezq=W6&A}#<~W7*8z3>9c&^`uWcw=S*wK(OEMO3dZ)8+0*trq1PIxol!ub#ZyfrX=R_ur9M;E{|N7 z*-016Bd*0-Ml6qxv>u%T{}dNrWBqVF8bfd$^w^5#RqJ}JgMFm+l{#&|U2G}3VlIy# zvJP%w8qDP(+nSimL$-%$=)GSi~W1ibu$gycM`A08dBTTS(mKam+icwi+zgaI@Vx*lW}mAu@q+g9ODgk zX|auWPicF8=tzWa5$vRESoi4^!QKUPd$p{TaV)lX5&XVLFH?207%N~{OqS;OYE3x|vyE?J^3fq#{J&|AOSC--UjpeQ?KG+|7T+zibm%4p1m%nxP z+$`!mt}vf}2zFFqlAJuNlZvr~ES4R^fKgX-wF3BRl=_$XXD9rC0#<+~_JpuMmC(lSR zjdCXzT|6tNZWv6ztWN$rps-zuZ7Tj-LFFR99~8DdvF{Z&zN|AWvc}8!=kr=_J<51URYOIzUtn? zKkqS#WiIo%Gq*zvlg?*Zd=|+4g3H6Y#QhNVjbL#Ia~haFaQQHEob!J>?Qm_D$MN6@B!JFxkz9Lb7ZPr3Se3Tf++ z{XCg;*!s+=w))oPVSZuD&{4I1WLwAl!}eHg9S`p-KGk-A%(3sR8&hm=rO?PvrmoH` zBeRo>?d;MIEO%dQJUYkC;~Jd0eX$AX+|R^%q;6mANu_=>IRJ|~*V#yH4?ySlXeJR? zC+mPs_*-Xdj9lh-1!Vd;bce$HK9wUG!F>KuoyQ5m?C%vT{xd(Bwo_~Ds(U%cNUVBh zlKQ#-aM{|o{HEXmzv8+PEXq)K+uf`ai5*?a9Z`I5xuaozLu_k}X`9)ji|w|g^G)&E zhVRW!wi(;ZJbtjft4qIEH@2|2A4lf$RkxIe*^WzLA0;@R8^<}a2j$-x-WXZ(lRZGF z#>h+kLifo}@vZHoI~ZR%&h5Kbq71L!-A;b-t_f{rj&o<`eGZOaPotBC?N88Jzqlr# z?Z(39u)ztP--q(WC9+0$U!x*-YO(_!xOx;Quuc52aeu&{$of%(0X0T@|U`_=gN z%r2PQCfwQjj?2cH&hM3|i~L?t%9xSLb&S{gO@=vs_-?}g?$^;rR_(uikahw6dtfiC zy~y6kvqvS-SNPkPA^hZ5u0B#tHOum6X;_W`e?s`maTX(%bQ5FkK+0H+Wj zK!E@S3KTd%gaAPUwpgG@fPzu02CQ13$|*z%(yLXfRIM7YUW@i>)pD&^C3ve=EmE~= z)e1qYR;=EtRjXEgzn?j4owH_6dXf8kpXYs^-#powJ)iSkd+mR-XJ*fwIV?sN)R57v zxPVBPvK8}*Iid;09H~i%DMeq(>D0_ACbg4_w8;WDd%^35wBKaS=t%?heiJp~N zYDm*ajb>X7NqeWIbHsBS9@(?LG5AW!7!k^tE@d*lhKy!4!;O;Es;;pJSXnexL&ig)r=34U|zfIFZAA8 z46!3={IIipaE<6iwWza{9)hE)vovZsqeO8fuTejT8kivv|_1b%5>4A*EG5du3f-Qsf)9=D7cX9II>=E3rzX z2>VC2iMvK&Nw0LdrO+#ovuzuNrM5X;saR{9-h#{N(jQHfG_$PF<~Q?M-1v5_t`3&> zvGIy%RgSN(Wlf{`-B9ae%qTwSENg4MR7rV+scu(dEtObJr0Ju3yr=DwO#gCC<7gk? zW7H4mNuz$y=IPnGxUB7xeTg?@$C#x0L9i%Hdv{x9#~iJN5`iB8}k28OFw1CmL>n`qcwUbsk~f>`2Pi@@UQ!Np~{fA z{|EWOdnwk*uIg|s=hGbHZ`U;&@8w*sxU(ON@jlC5?Skxu=)SGM_q=+wcHLW~J5SH5 z42vn6>TZ_z>%>O1O-8W2PLa5D`(v`G!9dj?(4g~fwV}pTxLUGcI_oBXPIu5m--q*$O5${EP!*p#b zkL$i^x}Lz+8Jic_lg9jh2<7;erMDsIz9&ZhR;n+#59Tz;%W}KE#`Zb44eZyZ+Zota zWB&bBY`2Ty!{6ly`>nBdozUR-OffZM@}^RKGF1X+2Z;GS7n!8@)O;SYU)!!bMRDd0 z7YD}uF8ne_?z#>!d~6K5V-?4CgS7{FImUGClx};X81s-zRacycX*a9PLsEave2$QJ zfH6mf?m-3SA&Y^LSLPx8xeEN^gS_Cw{c`^d))eaH2r=@qLWy&w67#YqFwaYyGRJ-t z^U@ud=Vh9h`^5)-@c~oyr1$oj(-h!Qr6SoTc0O3Lvie2mns}^v*!4< zR<$OoisU*4-rqT>wWl{-@jX7(kn{(?q?6uDv9=`5t4+67jB??d%LLk-IW}j<7+Wmn zKJbf=K4pY9infd&uDjlJ-frkTJ?;gJ&)E*BP|jS}s&=ES(Z{+_wwIZYZk>;~&TVH} z8%5iN($SVNFYPJ>d8S_1D}4G1-CLEw8ONRvm?o6WW>u%DZ*JFs6E>j`YD z*w`;ORDN@ZylgQxE$Dt_Y(`+u8Jii{uZ{Hv_D8Wk{V3f?V6@RInsuKjFxu#0v3wiB z@@<4|zKzi3+X$9#BW&|+gf8DkuzVX~n{Oj@`8I;(+X&ly8==d$5iH+EBVw~cUC~Cc zd>g^?Z3N4=5iH+EH#O#E5WjiRw{tIKAq#Q#M zu^rP}5m-r|;g^#mx4lV>JU0kWP(1o52Hiq^_Iu4y7c@4x?YoW52#n(l_jK3V7)HMR zp6&**eYFi^Y_%g+*R@i40upQ8v z#dXY$qa)9x$9>yvPmD{)P<(1LIa`VFEH-WAI_~K*U%t`CacmE~_4R?ZiSdkegS9Vy+r{qh)AuF$=sljp=<>zcEC5v=M#d1_gfa$nUM*rtLEn$V)+M zmYA32+Ez7We6%9c;yQewQ+6^w=u6ZUKF(6W2iFxGL*15gtd;{+N5%(ZV$|US9c>iL zu}lmfTw%{p=s9|9GAu*bE40n|WO|M%2hMnRG<{<*Fy0AG{y6TlAI1EY#Joc}6uCfUaP@g76>%loOxOF@NjwwoAruu6PvCcIdUMLw>_NOUZ2|@$!%}TZ72LLOvo?4=N`8Ux$TbJHoxy4^*y=m-rRP7 zZo8!I7Wtl%Kqy5pq-mrECEIFIT3=?{bj4*SJX&Ah7(ABI z7@-yJz|izQEghu9yR$&>S_v98m(3tZzfmr;raPrujwNH z7ZyhI{|gHT#{VBKjF|gO9&jdL=QAS24YTp!=t#H!McSMc1o9 zdTWAiyL4+c0CLW=uRiCvbfZ2W5o;FXcm?~W!bSz2fpVr(s&wvcp&0GK@%ePcX*Zdt zOU&P75!ZD|ch~eJDTyhX+P+_Fd@N9K-Ffpz?!!vY+X!~Gv7z8&i8y)Q8Q2H3OX2a2hW_k zUl`BHMs~b0e{K&S9md)2ml%v1%qZo09Jfn9F4i;Nv3A9EGz^@2C{ z32b5W6nF<$S77M4o`||Hh+(_P@`CM`P1j+0c7`sp$4%$Y=%It5i|pUUwu&v;y}WNw zFAEiTznITOW4laYv2@$iX*s^3yH^2S!?arX0>p*?OB z<2TZ`Yd>}!#{hiz_xbSgK?Uk>j?z_=q~$n4Ysx!SKsZz09x?I}%i9;)l0Hse7AY^D zp4Y)Z(0y1szUR{x82b@*KOEZkVKMT&RT=TN^!AvmjA$3h=(x72KHNHBZ1L|?^M0)&|1T1qE-4mJ=%za81)SEKF)U#X*ZbH!6Y%ay-=J!>BnjE z*QC$MUz_U6^VedGI(1es=I^A!_Gp;W({*-Q&oO_^ViTl^`D+)W-D3WV!S+IZM*e1t zx!-f-;|A5~Ozl{at^T($8TP0W<@@CY8xzUjGwqx zXJI__^N7Bbl$oDLtP-OP=;-&HM~rCgY_Z~;M{LpBeSFb;a85|OMIY^fxex9QsQNQL zh5~aR%f#Hrm3wr;L)-14_6<{m0CNJ1-k?o80%qsxnzeQxjna|7Vqklj z?P4+7tzW@y2ZN5^MA+|(s)NAT&v_@y>cIA~^tOs=x5=cpF6j1^?yAp?OUEJ4-~M8^ zD9>E0Ib+;F=hte~^MPU?P#rK1p_?dnjRN;6dbM`;3dOlk(PMRmj(c6OHI^6H90lgZ z+r^Y*GNf>}0&~{P!_aQ9lNGp6(Ipmj%!{LAoNQOPL4o@ZYs5S+n({mr| zWJtRWDYy@wKZ!bgpyOO1`dB6AJ~*$#M~8e&P<%+ieQ=M6{SD?mx^lX-9AdOv^sz?F zeGKZe!&mA%8p_7#nnuy?q03$|8Dhq0o@;^Ym{!I5^~#m8NdegnKN{6 z&FOd^h(6S(bX><+L!SM*8y^iy@A%*Ck@gqb4aWC(W{7RqT8H#BfA80Nz8HFE9}wd= zTgL}RUBP@`B|W~|g^zBPgLaEP*e5tIp|0Eq`;0U9!8Nus_c29GT_&}Cr`FUn{ol*` zXXT%I;d`fyllX8Q_tWS*7b#>H^_W6Z6stt`fn1OzrIaX=epFPX2(YGGRnW0DO{cJLdN3~VUw?8TaT;mx2!w~C(~pu=qkrXy)@h`^U{*r-)~ z4isr*qDcDDM14isG;2K4(6FyrHKgJOB|xO4bkdI$X?D#ti!?PBQgQj3<`R`IEc(Qj z7LU}mIIL@}GVS8&Qg?8bsaup87kK4ZOTESBhxF=Or#Mq(bnCB_AHKtUo7IvS}Yq0}cJhpo^HpSWARo2qW zuB1h&RAV?TvvPz_EjFeSs|zvvFsZB5MtQ$IULU+#J1W1CL)O@rVe`fKO_ue6@tiQf z1v76HRtoG6>ApHu^SGn1K{2WsA6zH$J4?NaN53bkgGIkQV@zIJq^A!>+XgYWMTadq zXKyrH&W-lW*>(oq8>FLbQv$>G5~VjojB)f71w9g&+$^S{ui}Gek;$Kinhd*3x-HVF z3#GPm6kl<1`FT?Ik64b8kltG@J?8mo@~E2(ue$d0@k7MN$HxbY~*E|Li!s` zVzgz{O$xf-nQoTY9yy)QFOXi;jnC=&bLsIrOQc6z_9}EM@H8_?(xwg;i7_V@>tKQDIL>}Y?YrzR9f{a{8 zI@tO-E$Q){1K8@IJJ8s$GVHd8i#?|Ln>?<3UaG21pBH~h%;#cAkNIoT^LORLCWt*J z-4b|7l<(j zv?Q>ZVqg8Rez#b8V!u2|;R%I5=?e;jVs3l0u_;!k_;{tl0YhVw-oQR2MxK4{9o>+^ zM~~5OVyN&cUh+wWeuc9)Yp&eR_0cU?z?M01_xqUGEcqx}-J@HlfZqkyMzHk?%!%yK zfbF&)5#ybE%!fLAS_~il8v@w=Q~@9SMvm)#FGfAD(~j?qeHu1p?HT$zv%pT%zqw+aio5Osv87_u#Mn2`@&1D!i}fl#noiA>(aj0E zMY6^3pcs9R^xW^FoDRR}RMnaEmImE>lmNO_VzedcdH!ev&)bH^%(8 zJz#wA2VJl2N3j1eR-8~x?~}&X2KFgqJ+{ALyTVwj?OU)_#^yCu)BC)!7Te#@J!Wia zV5^M{>dJ|-^+{J$o&Rs<->^MjwsHOqcB$C&&A*|$%xtGBPo5W^2_`*12SN98G3MGD z)vp@0-LK&DWjllI^=9k+4_m%dhiyr=8WuCQ{nk&>-69=xZ3BVvyJ5_=Ee)*C(%T@W zCds6?GU#3@9dl?SfxT9Yxwi4v@A3OOG3LAyG4{*56;4)Q&WpJ|ua|2~w@QrtGV0cu zPLlN9K+H$AD$X*b;PX+-6jybn%zdlw@W;YLT|di+082LIr$mQ(|ln zDYy^%D`PCoeYEFv_(0bvO}oMk3e06K5py3e65}3pr_~>RbP15MWr1C3%m&wPLz^HqCP&Q>T<733ii!Filx~yz$cN<$8 z*rj6lATjC+9qon>-h;;RGM0CTnCq_AXZYx~@flmRFrVjy(dPJQu`wHVvjRR^jMusiRlO4)U*qI$1eCT^t=k`1uZc@rK)k$yMy0S zNOAElcu(L#p1ub=ZhM^T4ECAIqJF7A`=@L6bffZV`b>VhwFkXTi#=_uXOq*-I@dQ| zkZvc9#qzqnysGzgMQ7=FdVB4Y&ek@0}hHaf3 zUEWT|?UHnCYh5tjo30POx?Hq_uk&?FqxP$W?R0&;@eemO_P`HsNwa+L;jOlA8YDjl zA8xvr*jjd}{!LAd>`(`5oo?Ud>wRr|-!z>=q$iz2uHPqJx7hZ0Hf4IBbB)%{xL?8i0MEYBP0;yuf2)oAFwRraab2h(Go$Oau@N2T zz34W`mNts%`Fq`9oYSCNqBvu1)U62VF{j1#yq^oBdxh93ztOdvjjOQNh;jW*LwMQV zD8{|*p}^i{x*i)Zv3-vi*Z7?GYB)>l;W_1xYy9D$dx!hjv+ASC*lIg>B|V-Uyg{~| z8b&=Y%ny-gzT@QV5VPHC<0`ftV$2y#Q+j@F;&TSGf{!mNf84X4r(K2gbeKr^UD(&o z(zAYwJNuL3SBmxOGiS$}u1&t29b(Myxso2&MA-J&F%ou>=?d02U|%pFI|4h~bn~n& z(cL2Uy}5PicfIMFCn{X6!1J+uH_h|%RWbbfvwqnA!q{SKbJ*XE&9nA}U28seimCcD zJ{lx&AKx_F1%X{=d2X^cC%prVEe-5+V{@$^pxe`!UlYNOHs-&n1N*T8Wm{)`1NLiU zeoX{pUKU-ywfUjiK0x6CwK@9?3;T_~FTl@T(H*2f-&mzJ<%Jz=Ym8^KO9-9TXHny$<08QlfOyzXI_DRisj zQm3@9F7Z+yJZHqa3)z2RS1Ir;-8wNFUdCq`+A#Wd$h4FL3gC$wC@aSUvwv!&gW`j$D3}AwJ+>+)A@TcV3SS9GX$O& zZ=)`2OLRrk%?a$qV&r+q+8157>6%ohp5AQJt!}EaSDB9IN?rFx(@j>zJG)zqXT0V% z>l{UK`oZ}M^o@2g&MIQxD2lO7@V+rK*j^}3-xv~eA8!?-Z!~LXbT&_nvP})_4l(L} zxiK|C>Yrz3i;80l!#B*^2u6RMuF0e+TDz{OIL|68hTT9mDcq8 zEn?a=Q|4vcDdy?XUndA~Z1MC?5~IBB0J%Eq|>^+9@Gw)JAPZ}hQQ%xy2!XZRRz{ggVr zK!I^%rurmh$Cj}PA3RT}CeHXMim|UoAJfF#*2j%`Vw9sp+8wH2`Ud9&&R(v%ge|c; zMORe(oR6v9##eQWw`sq!Jfl0<*z(}xFtKT0sIQ#opqnU08*%+8^F;0|ZA8V(JY`;g z&0>_A^@w>nE|d@IkNG|71Rq`p!>V{^UZ?ZKB+dBcow2kLw(fVCfcv;n zK2|?kUpeMcHrU?(nPv3j`XP=dJo@Nt3y?W+eB()NXU9khtizA(>A zhnU;?zR)d3{^&#dsE_?*V)-{KoErqxLtZAz0Kc=Pr+u-XuRz(B??T7^8+BZ3c-csg{E?os1I6&ssI{s; zW7{Mab=abFwx8nI_Nz0~zS^whuhsS~%7zYGblB4O-=I4B(AUyOa4L*zh$qC_^||Zb zWV&Kt+&4wn6WHy>dIP(|Z07`ar|C+8%`@Giz}{@k`w)57DB~RGTr*X z<{R4-*xhEkEwFn`w==K-(=pfK^}=`VsK2(r_-za7#qZyf=X*_847x$nbq98zF+Vn9 z`*yRP9d!4bZf;=QE64AEF|Cq= zr~5V6QPafM2i+;A+bl-kQ#R7yyFj-k=uQ=Xn+6oFgMEBHS@939x-{a35Rb&G?JV>f*Kwc0%X^XOI3D`=>^jCP*Ig{#YPB2ZvBxVuLm{`&U2HkPBjp1S zTgCD|pOoL|9JI8CEk=ta(+bZ|wz)RYQqowZ4IY)&64J_}g<{2VsaQ9hYPaoODkfjH z=s+Jt;_>FaXNRG?y@>C^IZzjs~LaZ+yrPvxQiTb~#Kp?=r2+LFPIDzF80#o~Fw!JQR~# z<{y~@X)^nxb1{YOao@X?d9!*s$4d32d?HxR39)^Nh_1>@H({fejk- zIbG`S9mZA%-L;lK=3LyzmBxI|EIX_5p1VXj|t! zmGoYx_#wLJS{7KJG0t(_FVA{^^Gw-VyHSq2OgASmu1QF5sT2b182t@)9Gi0O)@qsFy?SbZ*5>F z8pFS*cdD_4#tzc<{>Bzt{lO>?>Fo@Reh%xkIzUJMVQT_|!`iL9swXoU zyufZzfNcou6~<<0JaJv0v2}s{R_q;D>o#+C=hK7g*E{(+7o*85dQhiHVy>nD? z@&e;oYM76^u=H7KF~2T^9b>viYY*75iu2opYXa*qoj;e1?iAB8zPR7BOgCU{gzgg4 z^=piB9navAzXqMKIOEwmSkc-I+gBS~ZEXb8D|M5jR_QmTt?pspFx^yLRC{_q6r&sk z?a+R$&2#osA8JU3RDaYlw$7M;l$#7&C8q3TSf_Sg6(z$qtI^b48PFhbSK#a1XeYwJsKdn4+ke2Tdu`yzEwRT;v;x86kr8PdOhr<=nE!Em} zGZiPjEn2JEGU;s$I`*wQ=Z;OE4^|VW^{`m$-#=SE26%exTT`XuIHD#_bssccx0vgu zi~U(TAMYs}x{fgiHbsSS#+U;e2#m23wkfdJh+T8X*!1^+8QW>QhZPo! zF<^Ll{bCdD9Gmouse7clk7<3WnBT7>e^)5nCLeyk4t9>hz0ws_d7fUUv4w$MB6gZ= z?qG_q6$tg8Sgut>HN1qc^9+2Ri1z zqYpn9zz6qa@G*6_^8Jk=G50Yd#_9j?n!2V zK73wK+An9aBX5!edJ|GsQBV_P(h%4^1Da}08ncR`CUG(*!^xy9SXVkJ>t)^Wr)ohP zz0H?(BT{6*`n<`;JotJZ$je0SDV1g28Ywa$IWd=y;wQ6UxJGe7PEkocMCdbL3fr~O z@S@WAp$?=g;?S{B~ZuCi+I>je7afXq-K|%(a7sxmaz%#KYU*JB(#5qhxX6#YWrs=MXK$e<0a2eo_qV}cyV<7^R<62 zla=<*b8r7Vw{m4Oqk6LTujS?TABCsos^#VOui>F7GEvU`Kbs-{A2u2a>F=u7q_9g| zqZDW?BoD{o)HS2yro!N;>W=j)GB# z#nr+k9bkPiT(=9Xw0EKQ1Xx=l>9>UgcRX>_8Z7Oi8PanY`oYY4&ByEHU_f!sYhb-% z{C3qk#ikN$ZH-6J=o6>Mwp3%kDuO0CLJ59DQ z&Yxkr#7_N|LVD;P&e?Jgn%^tiBpv5_*nV3f{VlOz`&#Mv?Ju8KK-VvZZnD;%zgvy@ zwE()g#^wbb_y75gumypY6#ur^mcY2bj*p#zz2DeWJEz3Q2aFX1`>+^3`T`pgquscU z@H{US<9EZ>1@=+XZ3yhsrt{~suBB|MBYv}uxmy+#~0!~2WRH&b5b>`1RoYtPF&jkO2%Wn(>oeZ|;}z!n;t@;r?1f6z~t2OV=i z)WOEU9#Ne9aSz|~_iF()egqoMp7}03F{okNp5fIk5G90Anr_=KTQ1cfMiX4`4%L zu^+&en$G(H?4!oKAHe?InD+x1`_c3D19ZM`c|U-8-FrWP>2cpQ&)yGUn~ZrsfO#8v zKiC!Hd)BcZp!-j;*biXdmfjCwUp2qp4`AOl=Eok`24h{;544${3-G);=RYhOQYzm^ z@bMlU�}QruR)N&Nu{{FSbc+SaBtpvX_YM6kDQg*YUg;%rR^YuPDoVxnRbo8%ydkg; zi}7CDR;y=hmzwQ(D=+L31#JEP4y>d=pX4DdWibu@9hse0HgxwX@NVB0E1R=pRWEtQ zbI&m51(}aKLxJatJH0^CkJ)xKR&_A)2h(kVO#XC9n?Cm(^EX3`Yy6l$zNg`~o|hpp&&z|-r){J> zJDV>?f0?HfYS=_=U#a%m{W`tR+1e8JQZeoq`S~;KW5#%ArQ1GitQgo5WB!aiw*2lc z>8%PnyoL|6>g5t+ z(*ir!*uuchH0JjM@q4PVMs+?fTZggEz$O_h1=enCbzpo~fO7czbMSGfvB~Pp?qj7f z|IRnM<;G_0Rn`5Mu@+5ob5Flpp}N!&ZQ@@VBci1muS<$4DgV>%=}SSw42xQ&yrhZv z#y;gp<-_u&gnc?_YYh}EMTLs7dB)ILL2)fb{uxW-+Dy|o=DyNRW46N5mI7{P zuDe2U<{*Z(ri|zwS6~ieqt>pwQgM8&4U9)3I4{}}*bLKA?{0gw80Vxdfl(IbFFFF_ zKB%7?YB$SVD^3l%>-8CR&@0CAA(qXLhop~=JfrixaNLA#4UD>iQCF_(P@MC?7FC|J zb4@qrdDt1Ii|2-2#)gCKrN(^z!rPa;(7x`spg4K)V>r5F6wvwg1?Z|n?ALuIOK2zAf(0)3-3u+?Jpjmd$1QH;J( z5X<+CV$gBFg*uoemhT(!dH@}HM(5?AoG?G;Qm51vEcT6eiqRfARjAm0&~&BeVed8F zP|$tM*!sX8G3N7F$d>sRCdP0aUm*f?XIR)4Uk8$-AK>RRL zd&Kt1>81wVh0@`7ZD8zEFdq*{?;h1CMFEsCp~r|b(V5P9)&2;Eh(rMw&i=m)X9J~p9ynRIV^g|6MD^E~&8 zy;kSi>&56B=sqJKlx=a)ybu~{+*~-*aDd=vI zj=EYH*sH{-gQa4vvgJ57+EO~Nl*gqr^QfT~>E*zA)u?FVa6b8w8jtn0$qNnS4QsPn zS8G@psmXm|;U1a$5 zIi)-rCHXZqX${w+wO^@GRb5qL^tFPv^eWusOGlUE&W6NzHr>Y!bj(%s>I8mBao2rU ztXl^o-v`k>jZSQ*?MJYmTY7$u4tq}QpYq#peHZpeu{&kkqN;Eo^@=|vrbkaJjCTyP z5ArwrCU%e7s5>y`Ua8aNswmg-eD4AB(XI42rkthFqd;Bti5;vsb=s@I z@o2XBRgsdtHJDNNj4dp&?pw5t4|MxVmyY*}tBEt|%?!FFrkf?EY-MzPL3fID^vU7C zCR<*({!o!Kd6{DUkGz~^KGukNf9VycY-@w=5=*aH8J4R|dfsm`>SDKB9lT zL#Wg840}-j26f`vsko}4{Jl8s1AV{OwSl(rfo@3uu$?85vY7T&fB(=5Z9DV#4>d}s zWK!LOTBpAs8rWj76SgWZV$lb4=lEzeTc10h7j&^4I(^UNWubJ=JTIJgsv0wSX;pcg zd0sddU|~P>vds+4)0?Ev=`ZNKY}=)C=IQMe^Rn@*1NF>#B6Hoe=liUlXIPu#YMJR4 ziE&;Mbt{AJ5z}oDE^vke$@}iuU5&W3J2U=m-K0a{z5xlr*MpzKX<|T z)FBGLoH{mrUpnP*_69wdyhxFLr+!lr|GREZNq+1qr zFm#cfAU6EgvFZ6F{e{5&M0A^i?Wy9A>!NX+7<~gB-#6J^I>rsg7ue?&&Jio-80k$F z^E{s{9e#Vn7+<1aKmVf+PBI<)4t*o){MrQ_?Lz&r6S)r9^gEZe%k+{b#c z=!1Ka_;7ZW`5jV4(VwE<^?|wHsXCa`XQSU)fw^CPRk~p+IQ_m`2i%O1mYc5+sc@lq16_QEgN{8ZI>?JMPsNbSsgOl*npZ z8cB{yohPd2f^t!;E7cv9?i{)@Ju2<#e1t|HB}XyMR*tA&R3h?T@N^1Cl_-s@Dt(jd zk9kk(T1Ovve|gd{4(yqXF57G6Ax$X$*&Jmle11Nc?r+h}?O0hOE*D=?4lh~phyG?9|PU<-> zVf!70w~1{O^Ks^fmR^enXHV}arHAcoF&|UhwohztOV4c=1Y6!mMV|W(tBy0C=N>Wl z!TZL@bDIwE&X||Q?*{2~Dw@gjdNGdil*9dQ&!va$V4*tBRPrp=lCxbV=6?BZ6YaL< zs46>3?1M@#Q9oC;rlZE|dy&}ZI`w;n>OAzHV-@aHI7w`V z0DiIUQs6zZe$4^9Tmf6o-;{-nEroa6X{KwIh&~j3%oU5ek98|Afn961yo-2T&bC*~ zZC`0RJ$j$^q3C0(?K9;0wF-Tj%^F9ngsqeJI)vin(sCKKoBi#Ew@db#|-S z&Jg2R6>a@DiShe-)2)$?V^!3(se^lZb4HN;-cpH;iW|U#6Yq7um zLH*qN2I>7xjB<3VVVT2G){`FF2a7gNqGRrrvibX+VZ5N~;O*6W1u#xDuT}oISK)ct z+jOlH%EuIRdh{{5`y=`-Dr?K4*d+=)Q>D{`)b@O>dyLVcNDuZ-W6YyETWD;pu}*FO zSUyN^!@gx5Y_9SGn_}lpFuq>`TN2nE#yAnc2Rhy_iEfs$E-}wv;lQ%)GO_a%&l!r4;kv&W>kI7d8l*^XU10Yc>(I`N?FmZ%YAc7I zufeV{wj=1SH8xWX;a4AGt^&TZFU|;de<5o4D32%TLU{<;~BPoZiX$-bi!8J z`4#LTD@V)W)x11xY@XPS(j2d_&-CfjA01o$e_9&1{|)fd{^$Q`3a2S0mVZHSsikt& zjh6WT1*Gt=`}%*S45fPks>l&ov*fuAyvBuU0c91cCliqE4Hx0IaP9k}-r|aw( z1LN7&J&U@|P)6LA`)$|`=hzXdQ<#SAwC;6yNymbM9g9fs5VPgn-qV9&3*#Ico!f2> zy1y$g`0diz;kGbrVVoC5+ofV^;*{;B21GZgV;l3$QMXf!1?D<_n}TCm)D`zC`z6g+ z>fb3>)>WRtf@z97Wm6O~QmF8p=})^CjCnd@#f zHZ8E*jLit_^~PofHpf_RV49Xs+j3K2+!JN2FKF$4bxE4s_mhUCD=@wb2WwJWxsLDA z!I}f(yKpdnUQ(OMTa0yU?Y4Ir>j|u6Y+7LRjm-#*>!qtye}&+eb7xp*VD}p94vgz1 zbkhR6&)Ces-fnDGU|cU@J3Fui#@Yh=qspA#qtTj$KJE8t`V{v%_>4wC#3uko0L8sH^ zG=D9s19rpcm-|$n-cHkT4^z8gMzKaw?o}{jy?yY5|QCM=fbW~zk8cJcqqNA~76kYm2Z_Zpz zLzl`gHLN(gE^n8N870qkqp&ewmT9hRW8OUqlkJL}j`Z^E{81S7m)8|XVaoHK`Mk(S z4U>-=CLc9SK5AG&e)9|cmHvLW8sYiA4~uTTbUf=xUuA*yit)XL4#hpad&J`RVbQ(a zZ082u{l*3ZTVQNaVDAv)x%Q=jz1wul0(-#N>cF_xC(mmGdr*w$+S|1MF>aB+Z!4f{ z7V~l}Hrq*oz0X)jV4IEkm`r-VG}aq*?>AO_9=1d}o-bb&bW6o}PlDf<#)qa~(t1hi zt9f27cDt@6eJ&2&=f!xoe{s+~W$7)m@fY1U#i)a>z}6Y_V=1}~V!VsNpACUMZMp%i zz5cidLVBbDQ*jcGtDjh|x>wxU&Bmq#HdpMlm71dq?9Ij+l#rrndM{O(()6sZ@DX(y zsx!K#pu0_pJoIVJqdX5=BHdlm737O^dVI`N{4g=*sJt9er_8=&y+Ns&tr^FWihuTOi>L@QdFKY>C*Z(zS?Tt5v#ha~v)x&Z26poR1Y1cildUquZ#plF8_H z1l?;C=bU*+nQ+@L8EcRsjPoS|>Gg=ID4F!A3v`S-u3H%x{RZ0(m7Bg6^V}nbE!SCm zhHj}CHc_|Hbo3cb^QC#7EdjP{!?9fjt*gVtmEC+o#>V~bJVQ(?rPIXux!@L|@L;aPc`>x8?BB%5*Y(J|&c?)7* zj(fy@CpM@~@9b_dY!{39c;&XtBXEsCdS6kPPI~ItZhNoT-q)!;0$U(P8%@#9;$xGy zrGIyr^d3+kFD=Tjk8AE@ftdS{!z+4(vG7`MDJ7O)|D7=uT7|ADaU^$#jh> zsQW$Hm>+*h?^FeBb=$k5JI!=HXMpYu)6EV#_Djm^`wY6Xj4ckjsb=fvQs~Yxou5m= z&NH?-*q$#&{(NjlcY*2r{0i1-%#ZP~ixjZs7~pkqvFZF6fbJ4w^MdX&vt1Hcx9Nrh zd$F;#f%TZ}&cLoTU4tBYUZ$DO=P$_1RSNX0HmzMZUGYyp(U89P))~4Vi4BLkdYQ2` zfz2?sHn6LWtqW|X7(UhqcAe?Chv|M9WAVE&u)60(-UTxR2-Mm~D&$fHTf5C|m4nuQk>fbhnD(V|-w@nXW0Y z*BfgNjBx-Te$Gmpzrk2*(7jh|?3WuV@1jBXZexX@WBfzc7T6+VasPOau}MMquvp(0 z8I&Vl%Fvs|7@K6C>Tb{)-LTfKnBzGVU77U!91h(XmcJQV>(G_SUz}?^%hKb%_4r(RBVwMv zqT-Y{p0C{?J>^}gLb>j8OK*EPo?jrg{=&LsQeeE#WA7Jh&NQ$~&6aZk9cnUVn=QsM zIo6+l&xP`GUP}IWPV@lNdH$A(dH$|2AC0@0=fq-qZDOutj+XSch;crL&eK~Hbi8Yu z_ARI}T1{8!FJhkF%cSF3qs_*&nJ})sqFL|qR{_w$7}p*a%a3cYH9^O?2Fs6Yu>81& zkNmiXE!Sdr8EI+Q@)U;b= zT;rVSGIih|O_pE9Svc>Rrm)AS^jwVAYPyuQDZ=&Tg20Y3)?)2Tdfk>DZOOh7)1xib z0-5wCYrJyi>8%x`-;>@nOOLsD#U^`W7`h2u)7n8e;Z9&X! zpH`e_t9;DCc314CoR0Af+sSh3>A}$DSzh-W>E1|s)?e`ZD>0t^nyG%}>5ayCF6-^m zEe^WT*ndlh-__lYR4&pn_Ujr~!&*Qt$m*s%;9&ysO( zy=Z+6_75?hYa4hT#`ukGr;NO={$z~vtI=4S_<+JFOG&0-X}K?K5N*wanfDd5l9u~w z(kSE=5$yQq?k&G6B!%7H5ylAk3xa8n+rt7T0tC|myz|HmYC8IwXDOdQjcRp@19 zSx`5olm&&|b0!+&vWjH)oJn~MOyW|E8;bvID4RyXgpUWwy3UMhW#kg7SeY64;B3`8fmZB4b5WhUf2M zW77ibGS(N^CC26jcB!$2fn8>7Szz79h6B6Y*v7z)5~J>mHa=@J;dlV+3+z~9a{@cg zSShgMjV%bQ!&tmmbh5Ga+Oxf0PBG^5)Y?o=HMTM6coz)$+Z3379xP?^wD$C-7#j(? zGmULFcBy=vs4&tzAsN(XEY~PBD_pq$g!J9Zq=$~VDs*d9fBMVl{G1Ej*$T(}Q}4aB zI)HI3hIzffn5%+q2|DJvmdS5t$lpa`_#MzOigUP_zd<{0ksg8cb_8~rv1xWbgr?ir zioh-r!>_-m5*^o3_~kj~y%djrd&In6nD@ai?@Mxq7S?R%FQj*^vHrj~m%;D4z-|%4 z?|3<-9irbRG57HbeU=Veg)!lEbFR(!|%Dcwccx@l4@U1(lbH1>n6$5TBgB@pVX<(BS$96cd6BNhC=D?WWg>4Ot`CV+s+rEX5Q%uLc?S8r5!Iu5b z+399GBQW+ObiS{W9`{{f997(w{RqEH17klzw>GeIjja!?Xtq9%E z(sVxOi;rohW3J58V;+P$?GB86kp9=EH9D@ZZdI84D&1=f>^8-DU%+CmRn_SjNZEK_ zz;fGGvX%D*tX168o1-|k&E^*$?1Qj%N=&Eene;})#)`%Cc8WFRbd>94iI3ZjaX(%|OeQ_%(lo?m(&IT}4Otmo zkJ8g{lF`i$J_hv}odyHU}H9Q zh`#l)@|cGX#y-fsqS;zI>r$NiGxRxUmza)vbVlDrM}Ky9nd$uc2p{a1_*fHkFHs!Z z&4KlpZbx8On66cQ*L}RybZvogtR+3pD_zIFn%?&dY=*J^z^*adg@JLb#dc+2+;@Sk z4(xif^>LE&-e9^NL3fks{CpSPEYnT3aR_#cvChEy#3@=)6J%1%=)J4 zZPl9^D&OgZF~;2|HdAqYz_`*e(j}r>66MitW!# z=f`;1X47p9wm&x=#|1CPFO4-=n`6uT5P4|}>^akQ1-8{#Phh__+y20qA4uffRQpG`MD^r63)&X1SqmrKu2l)oDQJ;i8W6Z}%*od(OTD$H~#uf$kXJbB|V*6Kx*UQI{)^58~ar}CJ zM)!AP%YyDhihoSc=5NX|Y&Qn>Vbg8SF?1t=kv7cxGkza2#x<|!?<-=Tl#V{>$LTkS zJu9{@=+>HUSd8(8^jzot6oy~Qk@pLWe!nUmepe~IX2oNA>x18~nT~P%fSiu~-OKTH z)2$I}$?4c$)FG*P@H*?P9H#-W^&~r#k|>)0ppa|DVb$98vjCC$WUSKa$`0d%%cSt$=V5!WMo%EdYBt^#jRP&|U zj<&ylw));vY|pdwW=ron*bkK+Os+HOdAqso&A+U^Cl_{_0`FN`7SiJyhj%$qf9~TX z(-l<*&Mq{aj~k>1qim5ee?WRg+t1O#$a7@Ji}B7ZpU**evBFXMjc1-~b-!I=-xpgW z#q0t$9dEK^YvTM4OLr?YrG$;Gqh2+SdVmV8kF3}sbb`LB(M|2cz2aQ z>qq|1R!HAdwR_bTM%k7JcE0Ia8>>1Pbrspkrt1zm81Jr%jB8W;t_V69y2xHGM!oob zXZrI#YFD05EGW*xKIh*N>QtOMK-VlC-)Ssp&GtbGTXfF-53$*bJM-@}t`SpJr#jB% z`A*}Gz!odccN!C=7kxbNo3am8S8D6`g{A~uo8shohSs`d$mDr$&>f~Yc^=VPS3k;71A%#-7l?VD@p0lm%0B1=)XTHVJnya;4!Vh!7w&1&Phqk$5F`EQV_{(KgYO+gAI&N+J{V82-C*VQ zxl$E7IoR?ttbOY+(|LchKy30y##P>XkM28W>*wvT9~+yZwfo@v6(3i6TLb%x z;xBq;Tr$tv2-`iCe;Dtwaoe5JeMh$KHol-^;7)(DT;-sjwkzDA!0)?n3c5X{dz;c5 zvhfAm31XyI3_kWYU0+~_iBW%>wG(+>&K9E%TI4jcWd0tNc~N}4S-NEDxTMfhem>_I zZN5`^{dL{AWQuko`tE)Tj5+)1x0;J$o*ut1K-re)M1^yKShhhi*Igvth0<*f>~gU+ z@-br9*yQCPvG09uT+-K6wVfeG{&s5OfMY_;-y$*kZp_~jG55Pjw$uynI(0_BBfX9L zmyi1~y`oqlmtL2c+dicBrB0jV6xJav@BVn%9=Z-w+}S*d!^U{F|G}ov`yKLQv4D5@G%h`?}NR1V)l2%Y#)R@BSv~N1G_ogT&}VZCbnELlq}Io(FMuloz z6l{!muUMM`ziGBzYiwa7#{9YwcE7Q1?Gvs$-I(83LwByRX;$~Ji;Qgy>{7A%A^8pL zF0qe`Ew*tITiBNS#$?z%V&r*=wGq0@72a}WeL8lk8q)Kc6SU^{>AD)r{aMAY{yv@9 zc+=gdHNQ{CcQf3Ub7g*uZlRc$_oZU^^>G)!*BUEY-NSA&wmPs^i%nOfbcecsz;ttM zOvLsB#&!nwVX$0oF_$|LVVvNP;ysj1mTk4*=@_SVHSf)T-wKiAtx5C)mz*ZUC9@wxL zbv0mPG3jkF-GDOeb+FCYh%t4Wbl&tsUu#GTilc*lMd1mt$$@=UadcgQea&>!0$XdW zH?XfOj_sVlzM(iiN`ZY-ade9UTW4%}U{5NJEp_2}{+8+12lkZdMgrq=d{94b`)$QZ zZ)afNF;g6{HN#2TJ35X$$T)9c6CQ1>10x7O9OX#8EMdYS#^uoon*H( zB%4y7m8x6y8D;%mNwI3Dt&oauoqUNB8X0S!mA3{m%7MLf-=*Sj!CrMu)ve`w)wN`{ zS~FV*SGRU%QrXGHoi8IhGM_EmGx|$UVJk{~R##1P*`D(=TTg_1F5C0`u+_fjxXjjl z!LEH=^jA)E=;Nu&5pBt?x`nc`mD>4MIhE>`o`bIBy1g!XNa|u4v=x-KTb>Aq{8(qn zVC56FUtMF|N*W7Qsq8XaT^VIDvz4A}ED0z^E9D7LcMZZ;Iogm^`eXR4Ru?|3Mn|d{ zufV2CtP&YTRlf0CQDh>;OpeMvvTT&>HFAQUUp9}zu;oG^E|y*ogM=?-wtt3|)5|gj zbS)X36(GaPvfTesDl4a8)1RP>AHlMfQmgBkK7B%cg9g8_z|x2Q152Z+jw5wgxG|Q_ zB34<6K|Hq>M#j-QQI1ML$0TNG8}#cH%1s}sq!W+AVsJm6pbprabqNhM2_ z^pruBl)T7O?33!MV%6--$&iCeI+bqSWE#q8OPLfyNp|JSvYXnqxOsW~kGk}7K0uKs zHhU^eB#u7fA~DS}L0>6$s>xX)&{8ROc{53dJW^iQS`9|Q$lxW0@L88fpD|B_3U3M}&gr%oYKEUL8(W)lTF{Oj#d5@)8 z%Zupe>2t_7}r)j z12Qi#?kj)c*6O`xeEh?7tAbAMQ{6~lWQg>(2d0y^Eu0S?SbuWjQK^^ab1fob7s!CM}`lsr=0C8M*ijowx8Mh z{UL3p_s!4^1>OFp)3i$^J>H{}mNzi&=iqm9V6-8+9f2KW>5W&v_WW`Gg>n=EYZc>} zp~->q{RCKdV22r-WsFlj`Z&*Gcprz+$6;Ms;}=FBhxG+UALkj6!NBO_$BV5Dj6RNT zZD90qbl#uwK_5p)Uvj_n@oU670;7*(>-`y9`Z%mN=;-6v`usOK`Z&75preoDcS&IM zaoCE$$QQP20;7+^HU>r?$JYBZe(B@nrP10KHr`lkVDxd)W1imYfIbfE42(Vwi}M5Y zaoFsjqmSd4iBFCeH`Y`5|BUoIILv0oC?y%dFHuYYw7?-ABW8dj6M!4 z1x6p|8Rcbx(Z?SU+Y}gm9No6S=;P?xlqdI_D2{GQVD#}Xi}eLYAIElHVDxd=P+;_N zY*z+GA4j(~F#0%tHw8u?PxBlYeH>ek?Ve})IIJZw`Z%_e0;7+U7r*aAJ=4cwGlPyk zPI~=;(Z^u}fziidivy#N!F06l;Z)YVey4mX{*xjzqu?lenpy>t^z=jm+> zevdO<&$#mUkD}kHV&tz+_R2=`>DTF*1I1bT75M$%zFWps-gS+xTe|D?GIGXPb(7?7 zg_9NT5}Rs$5*^PR@Vo-Yb2Vq$-)_*FXEFS^kFL|wo2tZAt(o+SVxGSjS$b>58guEb z47#64$MX~&Gt3SPDq)+fpHmn<*zzrD51zT{=| z`{U?7XX!PoJ@(OdOmDKa5xP~D-Wsv}v>ns)@9v@Fe(ldbKQ39{Sk~Mm_HqTD6`2+C z_jBo}g9ar;ACJ2Aq0M=>L#J+pZ_`dmAHPfCe1#8Or0?n|!(J~uQ#4Pyt(xqJ>~lGG zzjXAC&en1tkL4|ix$Oe!=o?Mi5$NNwygP$#j-|)%U`&)Qrng4S(|d!ZH|?-;ACKu3 z#n2rg`*He!-;XaS?(9UdVRec^UHQ878hv)8!joctZh>uwbo{<%ypModfj4b_Dp(y9fjYkq~kY+=LK7yci}gN{g{mI9-eY>dTroEX2oJj3=G7|&Xzbr9HL zV&r*5jOosp=gmP^kcK=nkQ{8fUaiTCzheX+M@fT^Ht9TnGgOXWi}CITb-}b>{Xsj~ z`*de*XV4ujTXa0DLmwwS*L8_`dXuH2yto2?%kVVvtw&whOgyTaH=NbjX$`1NZ^bkj}OI;L8-mzmD58_`{DI)7dZcCG1n z?#%n&b*5Vs*!8Ac8`uq|TOZg>rrQ?S&0_TNHm&i&@%vp0Cmp9}-vfJ(;$wcARIVk_ z!KTjDZ$oRXYDhF3B_CAay8|OydwOqFe74f-wKm804uvmnR=wufok|bJISuJ8Rv^8l zL3g>>W75sEx+gvA;Ll>5Z@XXinbU69bLoK%icvP^p8$g^?btO>ydd)TJdU*7By&U~|%2tE`e9_23u0G^bxM&zZTS zBO-U0zRk@)Xin=~TZMW@bfMmKqogiTS(=j@EAdLCIXykEY?dRVmOZB_Zyr$Ut>uDE zH8pX-a4!e8>~g?RZx*oCoTgdGeo%&4mNYl@rew5Q8q8>$8_UWpY#0UZUq3pe2W6N2 z$MhDmL|g9}&Ab^{%4t)WW0i(0^TNa0-Iy3CmPg+*E&rc3TDR#ynP1o+&JpC<@)A#YwNPp?uyM)8kmfm><*gb6L`RgV{D| z&}Gbzw#@VFpR?t9!~J4=k^Ew-Q|#3COwv?6Gl)ms^`<+>bescTPkRL2pOxN2Gj$yi z*k3JwT;sNyt+x@+wI3=L%T~(Sl0R$@H(Sr&U`|K=&`mU*=Wk)q{Y`m!t4^f-7)<^B zLu^xzj!kxagf*%S&%QzPU4b1acA?6)%@}okkHSkn+n5xzrmkQQDs=p{G4b<9*!LB9 zXXQ4ld)RUXz8^Qs@(245V`~C?R4n~Hh2WRt_lI`dE$LUM7f!EXo>Bf@y;S#n#5^xw zG+m2!1onj^6kO-mVfg)$={O%?tcbc9VxHdP`i!#qJQ=oY6etJpW^~Z(VKeIb@@VbDEkx*cNd3sJW@=)PsTZteK&3sJ{+jNC8TP5VKx zea6_9rmF5)V+&PSw>_?|Y`gt{Dr*qCMRh+*l|=cet5Z$aAJ}QenpId&?|5SiR4`{J z7@OQuWd$*Ow5nijIUntTxsMHEq}MO)2DK&MPgN@U5c!;h1cIVWLV!R51Wfp_v?e5h1Of>mK(OkJG+LyzB4R~LYgDY5(w4T^Wn0?D zib^fEsYMqp-9?L*TDGN@ZfQ&5|2+4ecjld&nMuO-|NHIkuNQ94z0Y~xk8|!h?>+b2 zkJ$oQ!Kw^)LFxNFGU+qpuK0H~Iuzf_+lD-i@x45a<$}j|=4woTqc7KrEK-pjYA~4} zA#WV80hmzQWBQh0d{?hkVY9)b4XQobHV2n zkMFJWy}U!Fzfrav7|Yvk#=OLejg1Cncdn7$t*`~a@=*@LRT#&Sv~f;h{eaO1+Z94@gbkl*SJcb=K#1e)3!AY@dGAELm%4fh zJeK#g!k#z!&MRyN{9E{S^doalp)dShF#584kUf5`1Sb7$ifS9|m%NX0=sLSE1i;I~ z%KI4G&;iAlHt={Kqi|>>#`_q8v9C|V%J1p6BBd;`Sq3|)F!K0LeJfJ9YK?W|I{>`j zEV6TuM}2Z_Ao?hK5_#x05wZszvgA<~p*(_D3QTOQMBbUV?eF&sRsxLgfn}KfOS_8< z?|?a{5L=3s{$(hA#Auh;71(CDk+Sigo!Gb?IBleueolR#!%BUp9N6m!GER&(h@ojk z*eF3^#YQZBZ*7RJkNrdY%mJq8dlY&6X2KX?Xj)di$~O~yiuWDlu^h)t-)GtG!}|Gq zJl5~IA!J$eNsEzE-{33kw!-5i`Z9ot-A@6hK90=_@d<-3s?H0QspE;HnOnlx34Bt3<3de1j!FFP`~x)BsbmRO*pw96>Sqz)n+h^w#z0&6Rh8Q3Bp2%;7SS( zGbW&CsBF5DhKAgUzS%cK@Q{G{edtvhlH4I>$x1IaZGYi}C%lQ~E``sEx~as%n~C8~ zs0(QbZ6?B6lIR5&!6r!JP(Gh=p63K^S_J&@x;)$rh6(m&uMjtAZ+eqmBm90#44XsE zrX?2gVJI4lSo31jSo7Kh56G$3rk7$i!P?9SbN8A})^BRErNP>?^d@?e@SK-yy6jCq zN?^FwrY9`6+1_NEv|cR=TEjF`XYH1!mNIPOzqOecMy+`duiMq_g=2siOGXjKo~}VH ziE%haG#EpLhC6d!>Cc|8m!RGWZMTk@AKG>$2E*Gix4P!|t-Ja$6?8kJ#crq(d}q0Q z+oRQ?UA-ch1YFbiC z-)mj#NsU>DmO@LFZ+l{-KhbPCIhLgH#~e7G^AL<(ye_-=UikNnhgxb+2JF^h2bb*@ZzWQe<0vrE_fz8^ z=fXK&qpZ}+eqb1~Mfi6B%7iEWodi$xy$OA+(*kqNM15}o`^9Pdcc?fvgX^x(0Q)-T zfm;;s7si(ps1zBSi7)&eT*1WdQDCU9h&tdkj`;E);tS4`7$!xOqsEMP>EAiXt64 zuhdT_Cf}c)*Prh_bY4;u?OKh`@|n7i&+7koWOdK`v~F4CooO!dy-(~G%j$-=}E z9H*&>B_W1Co)~yS4E;O@MO*yQKw#b&c&te0_Qwzi!M@Ozwc(dtpKC7%39|TQ1J8kI zJPb$RvFaz`c=Y2N!7t(2#$F=oP2;v3(4fpbzJ%EEKv4Zv?lADuPa9^(nN4A@6L z<_^8nL0&bmKDa4Vg>B*00qa;C{w6nh9J8%~zHKloye42zfwvQ>VE1BsCwL_|k#g)t zS)OIclV?qckw<;xiR@>L>}fR4WQXh&Gd7|ud6XqjWFIoJXJC|LJZ(1vV^~c<9CLxf z+iS2wGoMG^QwH;404h8_@5OSIV~$U-yMVF%@jVpwI?9IHA27|MEO~-eLYDK+yqBag z@&seAn}?NipCw4iBX%oR&J%No`%o3S50D5zc+q4zuIKMvrYoLc8NfK3Kz;lTJ$@%y z-nGK6^=vkO+w!22EdwqX<1uBQh7!sqVMlzq9e5>VkHx^yR4v&n(T*vbYx*kfuEWaT z?MyR$(1~4XWIt}~W;l2agYY{+z!>K#`zqGY0xMV8PYfo{l##a{D}VFzh|;GqPVKO~ zUqwEBmg_OfZoo>rW8f3V@Y-&=!o+SiFsZ9eMz#qUub;GRox((x&yR`hSHNd`X)-Z~ zvcx#=Obk=Sme2CN=Y0y3dFLd=u#7MCpO~Q9pp;JFIx^hR5?E`x|``ea)tC(dXx}Zbdmd92k8e#{Q;drN2@3RjlNVfx}lg zcs|n?$osM3Ee3X#gLhQ%jv?<$@CE;^XBH?6^{%hM&=J#iiM@{1@(&nJ0}=jVN+48M zZy=A)#?_#r24WkgLeIvv0Aqh628#7;9G_prX~4qXM9OC`_5hQ*r@ksUM1AaUtd}KN zd5q+H-t>>M^lv-b=|5px*WXUl7sz`HEA?gI0I|PmeexbCc_*+^AKNbbo7N}qc#-$- zhR5IP8sgx|+zEN_7~T==uy1L7eqd7G_YJQJjbONgcSiBh#V!AmFlHF(;K|qmbnCmM zEJqr6>~GqxydOp$x|-`-)7-AT;L(@G*dK@WpHX*PkP0>y+keA&LHZVXAH~Xhhs}yd zS@I~GfK~H?*cW}Huua}Jq-aJFyzPpYfo=M7RADT)7k2j{#bL5!7a<)D>;O`+L0R%B z%d*lJ;T^)Z@Y1nOUI)??teSUR@rGiXzA(6mYyozsL3WqoMZ<1JKFeDLStOC=Rr)lK z{f)jzJ@0hzXqWoLms`N4e=~EUK^MdBl2J;2W#Ws&yso@R6{<=i_ePy5F5o-o^2O3wQ!ZrbG zN6aV&2JwjZUP}}YpTw}7Ck--ea3jPFUO znBzenJ|$t z2?UwlN|specpC%Vs;8w$KMpL2fXH)RI@WDiKM8C*FwvI)*&m_t>`@qhuY#C73q!jD zfIXaR_jC3^#<{z&mScn8yo-j3jZu*0`_wXKpuW+-z5*M2QEv9ZVOSqSozrfq1N*>% zeF3~w1oJAzBQ_3LIWVz1!Pwodut~r&$KZNPVf+@wWIBa(1d?*BY}@?30I$O40ILU9 z4oqxRWBX$h(6`hvBF5vk6c}8$jvKEzdA%;rN7Gy_c(lRqFi;zbCdwVJ{i%h{9gRHf@|y81pGB=Na1gAy$6dEDby2-z$d4Yed0* zWH6liL)cMZv{9ol4D&1-cPflyN7~q~FbvD=awv@FN&45Wu%7~>jZ+GH&G61E>}SAe zBgOO?WVwzRS+Bx4?j)~3VQ&DVT{(YH_FoOgIV-7y<3={9Fpd)`yHjBt6Vhkt`_%Vy z!#k{a91~LZxWaw`jQ*Wb*uNRfg+3_0{JW7&Q`kv^$+MZX`?kU4+g!xnF_^?5V!y;n zyH!fxDPSx|v%=mrn9R9R_C15OD&DVvv21*fOng3Vct;fWYhbi{LSgS4-dTnH#$btP zzM_w9n>Ge1jN?vzM~~Mt!uy@U3KVwMU`q{#@Ne}?zN0SvlGqDai7iG-eZ&qMtVLn$ zm;46WeucecFt!_!Wxu38>4VhAeo0yBgT&Y``8_u2gT&Y`t?#U%(nTNpC9%Z{W51-0 zpu*TM$=j(g_DkB>t1$LU@(wAC{gT*mg|S~+fGORF3TW51;A6os*0 zk|*OU>SMp8zGlT^za%E-TJl)Glx3S++{c3xrZm$Z>$ z+9d6=UlQ{wjQx_b*$O*putJ5sZLp;Zd&gi63i~B6+GtVODPSzeE`_mQ65FS+_YBsq zF!oFOC+B^ZgZ+}SrxlO=l6HCCm$t@!NnR?NuVCz##L^YUen}g-3S+B6q`spHW4|PJQeo_uls%^~ z_Dk}TOuJ%v*)M5#u)^3c$=ZDTEHsU}QW1ISj zu}^&oSc}328eRcX;SDm_VugJK+mzjtl$a+ni zq|d_*maVXHz$m*|VLTTTlk*W}`Q9oqxmF{_cTb5)pCOh9jAa{S+6J+MhIdBQ>30m4 z)+=0BhYaRZ*m_{IQC`k>4uGzySnt8Q7}z#oQqLQ~ieeQ z9Rlwo*eCW!tO>~puE97E0iiwviScOLh2?0A4h##8F=ImPWxo9tFF-GZu`3wMW5DM#0WT!OlCe0cm48Vf_ZW zrgW++{+N-o{-R=@C_GPZr);u28V^mdvyINjEg8qPJ3N0B9-9PYOPHF)oe+%Tb7w3s zwXRcpVO(I}d>ZE-##OW)Yr$?PuKKVoyze7}_xblZu#cC8?@vq6y<}t$II!=7M~qd9#8n2~NnnXc#RjjzXm`5<^DM+Y zH()77b_uqJ0h4hh_3=3q%GQ~4sbJH=BZe?)+5H%J%YhwIydMK&9b}txE@eA_@p*+7 z2gdShjL+4Omut?$lqJTpY3!KcrJM5{dBj)_jq$rU)R)>PTrb4vv&P;6MxReB-U(oQ zPC}l=rVV1W;l%j+@*3kaK9oIza45%v80|W-58jUCy#pS7DZ#-NSzbHy*$LjW6zpAK z)^T%S^yQ?&-ZMP8XUTF9BTr+ejSW5*E;fD*j6NTBV3yAct&C_nc1Dc9;ieEl zIMU~2jFLvsB6bS|ZnP|Sb{4ow3$iuL5-XY%Nw{MX~rTF#d1sk5s8ojmr*U}g5_g#&cBQHOWT)y=M zg;;W95Q(DaO^YMkCofYD_O?psa=79`-sYHj!Pt5JILEKu ze|hC=55|!*d7PJUF73fj#;ngHt?qbvoc4*j9NBNnMYAV5qv!Dn*XYZUR#(it_F(M1 zjxDkC3UD0s7+PCyPmEKao;Z2#*m*LJs6k11J}-wsjUBuP<6VWVHoOKLH{tQw0FKdH zfU#e5mAQ{r#oGZM^?8wsET2_>;7_=$gpgpLCJ*{*6t)dm0-o2uQ(^a!2Yo&?c#&-c z#<`vj*kxm&FEZDItDq1jb3IkScy1!^5v-i+;rG4-lewOqz{Ex+Y>b0l`7RSoxt=xH zE}Sof$M0E^w^w0jfYE0@D<`}}7`Migs;-EUSE8`~z*tv&j!k4g42e~;@|bKkp};AanUo($R0EPm74h^9wV>u zZ@0pR8UJ?T+I57H75{cAO#Dm4d{>6UzcC6E|9oa%jCOyDW6u7;@AZu~veG|lfJr%c z9mRIPTVcn6aZD}m1W?~eU~Df(6z@%g6%P#SBgW$)7@Dy4{g2uec&;DYv>OY%9{GI6 zu^B1USnDT{@)^-%NJZ9*?Yqc>V?6JWTY;6lJAnyr2r%kvM~dzcq3^8XU4uOO$7^Ge z<$Nk-j{@Vck2b^?){pRbTx!1W4&9Gn*{ZPe8O+lrMi3i=l|C=V4w`C&&)L94-vs1s zfG;kzCBeoT*@J-5JR)QdDcNzzV>yaV-$$199WR!n1Q_Rsbvc$Q-bCclzrnDJ!x>@2 zt9;2dygk5JZ`3DszhChd0H-hV%s73y2`ha$gE++c)xP*mY$9(FR{Fx{$ua8~VIv!u z)XS~NqrOAH*w3}TcEww2cxi}DUI%XsFwysMYqh&gO`3j~}QeaY!xyZAQFR(1b zlX_tcW1ap9YqyuZvrC7!^)I`>t)T2l-te)P&_>kkpvf+IIBqtcj*F(eJ-+gj@w2yE z*{yIjs`AwM*<0c(-xfdHw#^!fV!N%sZ98T*Mmc7QB8?{-<7daQT{_&J(IlE#YieXKD66S)xem>`u}MI%?@89hvQvR+8LwN;|S6 zrJb1$=}y^Nx^rfPbd>C{bhJz*9W}d4knx1ah4G!=weus@*aIUHBCs{c=XVPaE8cwu zOEu>>>bnjeHwLRS=Nj^UhqV+hRc=vOIx-3m zc_O||M{MQ&2@x3YbJIVcIVVxy2Ut7OJ=UD3j2jq_4-fOWPJxHeZN>M6NLvSbtlzOf z=(e!?k)8yWiu07n&HqFo*UViy#aWUyu!6<2$vAoaX z`0DcBWn{OZ5TcLYieVij;wG|S4;!ppVV{N1^FC*=T?%^)n5Wg_I-szh0BZxb zcxYIb*lGBuv7Z@zONWJdUjTMD>iImdvDjukGiBX#@H5U}Quk@V#v4rPehe^?WghFk z5SWzrDPSzyZk!AR`?A5#E9{#FYZ?*eeFvD;{zlr^1nmD6E3f}}UB?B7C3Jl%&qa8F z4imf;-* z4@0>K-dUxOr)Sp77!($dK}7J%fl0kEUXiyC7%m?pc$_&G-aO>-cZ+-`7JIQ@f|b9W zBk%qZn~#;hlXG72c)h{j`&nw@GkLdSm<)6 zu}@#X%07J%yi9D9Cvzr86(%-v(QqlJZImlaZ18)mtb;ePcD)qN;cuZvU&49(?zSxU z41V-H1ReC)n0Zj)%-gcJt*yQJ(IPEhqUTBJ znHoPsawabrC(j=zk6EJA+IIetdO6AN7+T!cF^Qgsu?})$=0S(b^FE0~fS`rN>sIyR zf<2W7jo~_T@wwWJsqk*t4GWVJpgHWf;Uoq!(U#lq-|=H(gL zCZr-83!|*&O*67Qk|G-mqpaplhb*yH$nvzI>*X+Z5auK5<%qJuYXr*f!#E35O%bvk zz&Jk9bt>;+(8es|vy7<(qdtxC8o}}z=YXpnHuwz^o|m-^d2X2c=0Ua?`UWF(d>H#I z%V)9jxnaK<0|}2d$dmfxbqHlUfbqPnWzRZzJm%zSS?bf+B2!+u=A~U?7SD{Sh%GU^ zL1z3U7F3@XiC1>pihM1>+)) zPqbY>FsXz2rflUH$Bc2GGN!jc$`xj5?y|?PkkH{-vq1#X*5}Mxd_?4*vDYU@Yt6Cv9HOpb@ho&@H!>qUjIPg0-M z72j#V;fyG60Wha*3oyneExQXCuNRPn>Upn{%?Fv~Jq?WQO3PjVCb3C;PQk$tyCPc* zjALUhTMmq|N!yio;>Z(OzN5oFsAYN0%h;r4CB|x5zI(&#AuY>yZ=~;w&$+~2BhGD&PeWLXZ4eEzltIvEHSUI*?2ToZuRSOf@4(#KwN64OzAxmA_F6)*y zwcRRUVwdrSKJQ1$*ra8T0%L5_vZtcR`cT1)OEz5h_j7?hh zR1{esDvGg5%Q9{-Hfh-^U}Bds!YVH?#wIO$6c}TZmOT|k)`x?^*ra8PfiX5|S$Xe{ zypUb+7@M^0QDBTsTJ{t$r_b!?j7?g$7#L%dmgW4J$TBurU0@>}vPXe2Hff(vMUmyVPZ*n!73xP*fH5{{*+T4yUB;%xXwTW` ztBg&QWuNA|!&4N-K241Cal&Jtw%#!YCi>WaSbzMDZ^kC=OByi7ChdzCn8-3VQI_{# zXiv-D35@o%tjzC`M_HER7mgRVZu}RDB1SaJb zyNnx*O`7pZO6_$!^z5^xS1Hi6}&#V$Vt9Tr@@cBh~|BO6h z^jTwb3^vI0U-IS|tW{zBjc)3zGyRP`V$`Rx!N5|cxLqlxjg!ZFi+tvi->{PM@|jwz z{uJ*zgS9Gb3oss|qX^j7Ko>$(=(*=?G!)Ud6+FwX!WILg&t9|_;Z*{&zR#*K{%#(z zgAVK)4vhChiTPApTWxH}@2O(fdVZSvcwb)ZlE?CDUL!F2eBjD3Zw)Zk74KDvY`u}) zsjzjxXhZJRW7qnfJL;2X-iYy;Z+^>`zyBxtvVpN)_}d~Hv;0%oMDVC@5awTmcOx+J z??yT5-}6S^kC}{oA9k z^}y&~I~t4d_#24iHQ+=hST!*AK_5S8G6P{qB40gg`w99iE>#7PVd9kpW$p269cBy#f2gd&42L{#FxK3hN ziQ?rWZve_01cq*H@hXt|&!Ard6T2nA=*xD66#}E(bHLCwE&u#TX?Hg;j-?P5Lj7`| z;)&f8z|g%S>>dOrcK0BU?X={IFm@X-+SrfSd8Lt+vK=t-ly&tbtc<&i)1psfXug(R z`Tn?E`%$(PE8{c!gve?P&C-&U?~k`A-jm2<8{&M9$ZCx7iuEGxYMbKi1~IH9zDdbC(E7y27Gq-{YzX#gV2pp;(D($?yipDt$GVWM zG&W>RLtivD&Z*CwXUJQQ)$+xhKVo64!DHXLpm=M5@tjg)&MB0QgN{` zFv{*#7=5MB@|}F@I|Pi+>FhK8h}h4u^0}Warhf=_#(|B3jp2CyW|wKZ_{E(czp`IJ*K^o_qeG88E+7K3K;9O)r>8Oy$_7-rOvb~V!s8(VI&C&%8uGHiW8G()F%7W}tZXmm92nb` z#=dT3JIvUJvOGW2?g@pludqGuF=HR{{sheG(+cwdV;$Uy6O`0Tz{uvBu@7Z=O~*Pt zr?6LmvH$KfV;}N}vHudAh<&y{>A!~+??v#ec%U#m>TAW9EeK}f3o+~2HefdzeG*?< z6_3|#EZa_lLA?u~Zg5Teo;|mYT^F$&{AmVOjBVN=#(T%)Eygy~MDUg>9%Bx9b-)l# zB6tmo$NSEEzzYIn45N+l`15mME!Y;jw;3Mm2VFgaw_EW(3Lfn;7UMJ(VfTRIEj9WM z14CDj(04@f_zW=hodt%j9-;4q;@xg|=Ygd*lraoRsJve6NO_lGn|2G4 zqANw%WuFjUmEm!`%NT|vblgf6kNuqW+=O(H;YmF=E8Yrh({3wLH1i03+Z3!dq}>u=BOLmsDBe25TMR72!CR_$>y6zzfpHv$-O%w3D&7X8kN0}VIP~pQJRTeR z$LoM`4xU^G(8eA3!}4-I)@OK9-s4K&CyYK`Fl9OPol!hKzfQZH!^w8=IA0_6%=kyU zV}LP+VK-D>UMmVOX!I2T%XR20RJ?l(kMkFdVbmvah;tC4Z!5Z59gv*_zT#ZyaB-o`|zc>*o`9yr1u8f#A9p1WvTNwKy z7Ix$)i`O5o-FibsiQ3{#^#ye`+BUqYA<520y-9I0F`>~}o#kc z9HR@myvAl!Vabdx%XrB12hZEzc`ng)($MB19gg+L*YS;6q{6EKZ_CZStmmf~M95>@ zCXc~Z^X`E@j^pSSd7O73PsRbX%W=R9&?ncR#3o^V57;@SkLT@i_<;x>N3p?kC4Jcg zjD1M^a#->1Ha7Mmu4DSZDzDhsXU++US#_^l3ze2@( z!N_h=7_VDsEz{^LM#}cb_iuzZ13cEj zo~y!G5ir)@X80YUUj%>xMqI1O8^1*gaxoQ!$?~ z*&#c|%rQ`Q4|wcHRk)D3$?&8f`GASOr@>=6wkYfyz*gv8V=3P;$35SjJv|4>`mac0!uMG zUc*t}PQ|0_eDF>HL-VloVfw=2$+Z^ig|aKaV?SnH=3(Wv9`&)mi(Sgz1zssI))9G( zALJD(9%UZ_Z#%Fw!{ap}c`b@Z**5Tw0%Mt|4^t2puU+vd`#gBO_Mori@!FC4E+`&l zkAuf+3i?1E;}Lne<{XfZeaik0JYFkMH+f#HGxNzCW_WVng#IzF2s}K>X~jD7(haW)m>dtvE(4GAvm>xg z-f+WfRXoaW0`D}i48tRz{_)vZ(MQ?s;HBdnHOlZ9FUga8;`EQQ&w$7CAo~~XQZIRO zZ-zX|eh<9e;ElsJd5o*%$uqCyQTBE4j)UjJHhHv9o}5F;qwE>*($LwmuuUH026;)q zq#Tq@*nssylucH8Xn^`c|paaY$kX|faMw<%R`<#YfJwqTL@kv z&a1purGMkGl6PL|qwMYA`N8A0DtRn7dD+0E9F$!T9?#Ra7#`z3c@2t3*-wLa5SZWa zatv>u;!*Yq@Xi3EuV=A#xtw*oV{yE^{SY%3Qso>$#$39{9THFWLTtOKalK;hJ(sB& zu{&OQ{kX{zTQhPKV&{6}X%5DbJ$n^8a2&6Kd9m%Dy(&0AZf;53+}N6NzHN`6J1eGU z$Ohx)`s0?Dxv`Hga?i&(MxJ;zi6KKA&1mIuG<)Lu%-q;M2XT^%-ExA#c)6~i>ryP) zvsbxV;^(^K%0Ayk?uRe}kG9b6+m{kz=LUZoPjj$6Ztl@Ix#)gzdWtLf<2bU>N}@5w zYExfx8Zx2!&e@j+)dlfHWcn6W9r$_J(DP9oUoc}zE6sH=C zC-a{j*cZF^7~UzQh-VSJ(~7ql+bqWgq#TRta&SlVeG+-Jn+hz&@WgJK;@yip>YDS0;kE!;|vzxi+!;tkG8tjAK!)Pp&nHecA9z!Q)s|^LS4~^nC?+ zwA&19qTz|%I~DJ1M&EW|9E)mwI~8xg;q3v&v8d*8-c0O%-S7?q<5*Plc-u8TUWej+)9_9L^E-H_6z@6YvAjtLYWapI3AxUg@{=+p63^yzrI!|-%G6`qc#JU{dJ>Ub)4bv*r? z(Wm37=+p6(ZIQ=U$5Y|yc>0*JtK+HI)$w$<(Wm37=+p7^i-xD;sql0>Z8dgvJQce- zo<3>x>3AyobUbB0v)VH{o5WM$>3I4jV^_yhv8&@L`>0ia==%~+MW2qRZHA}gsql0> z-Dm9Tcq(>vJpHQCr{k&U)A5vXm;UK^Dm)!e8F$Ik@l<#^o-*!|r{k&cbUbC;B~Qmw z;pupK06ey59Z#ja5>I)4ybH(cEzBX8Vw=kZtlaMVHTxMJbVCbE$41saBSvFiu#pBk z2aNHG`tCOR%8{37WJO;UFih!0=-aC>(I@?q`tC9M>X0Tm^s&$IvVlH}e}@z%`clmK zgZefbeQXCQ4t;C~S2*;wD@^pIqF_?qdyT#pV5ts$TY&X*=;QpFV4`mfDn<11oANj2 z^s>epf_=u=;M~_hhYdcz%<-wNgTXjK2_`n`fQi1(8XI`rF@!y0Y@}c=h~rb;4pM<} zZdTh^sxYx3b4#q}UB*Tocw+Y{W1|=c@_L62z6<7c*x0Qwv2g~N=wpmyUF}mCzk|>A z%x9m|9X7TD8}6`iLSbUVhZC~cXfrm>fG5~DjE!U9-Qcis9M~v_jr0$NF|pAEO!R%z z*vMAczZe^7Xrzp%`gri366XT-@u*Um*f;=8Y<%0;Xj0ho#zrX`J#}dti-Bc3Z0u2( z*faff2?+Ye&&jJ%0{7tY=!tN1e<2_^d2s$*6Imcr? zTGSVyTn&OJT=p$3Q7L{+k?qK|Tz08Nwj)!&?5YMLkV(sB zKQ_fLl-Ox`?5v*TFy6DVp2i=JcfHsqhSR!>&l%mdrWdBkZ49SU*Xvlx+l4&xh`njB z3kpj?b9i+Uey;&34;j}=jNOud7QRDs8zIO0LU$VjE`X~*&0w^GF3-ZV#_PW71 zz7i}AHpt^UF@g;=7{93@*p(Qkk>|z0QLrx?tVLlQ~lohlFLl z*rx1mh5c=qjd9Xe%KOxC8>>>-9)le*7=||1^LlL0DbPXL0$_02YNx5`_Pi~cRH&VD zKusQ+rgbl$zBDV0&#w_X3R}V(3No=>BWw)K!u3h4#P*D|F@}yC43?A;#(V~=Q`kg< zbtvp6gJnYr?NZ+l&@U{z3cJp<$qNc&zhE8sF@O``e-k_ z>-Yh_rJ#5djqKvguq-jk61&+UyU*~Z1Lr&w%a)R5%M$yA!5S2XqPuQ~e+Lw{)Rd!i zLRj`=20N%Qen)^d24{zPw;L>|uyTW)Qdot-3Q@_d7y7r%VEYut?-$TUDjJFKY7N$; zFuspV-f@M!k!)kzCWU2xh@eki8ZJ_(56#=M%lA}^v8^%dcdisB-#*v_A>k1tPh%T_ zQQryFxA2HrzwhS2D64sQ8QDQN&LVpN7~c!`qK%-KF6@ThJ?C>g!sC1t?UpF)UktX( zfzcNyMqf0>xvWiiDFm;pg=~Bu7hDfqV)rlL@iz?jE9|dE-vI|kUz`|y(bxx&LWJW)QiN8^9qx8dIomq8J@JsEwC$?wB4Zbg=4VmvA*8y4t@88SUOf7qq9iqGqIsq zHwN)rFmP5d3~wynPILYsZxq&ln&WXbpgh9E@WJAFajXQ(1V+0x4vganVmSQP{ZAQ# zY*#!C3#>Zj^QQ>C7FX)!fWo9+cx{5PXz`>DrYKD6ir-Wd|0aO{7G93r>A>h8F@&86 z{|+f0$4~65r-7mSTXyA}DJK-~A>^@b>_=hIH6zN=t}rQw7bjYDIg2Mgb3R)zDO({h zDaWUc4So|FO+UiM7KMq8Gr-V{ES~7&^_yT~caS;f@tA+!*cgm+87_SyY zqJifcp6F{(nAmLsCN?%18-6tKn;bR@6ec$I0=wDpMBg!miQNuhV&fCWMiS05eus?| zg^7&@VEKk8`gSQy?Cu68Hr@r_il++uKCof$U<`6inD?r|2AOjY+vG2?@>m{6yf4JI zK9(mHCjJ#5w$C;^@ufjw;&Yuk2OKmuI3F>`VWUN1V&gP0wlUrAQ_-OX6T4}^qz)z; z8#TZdIBYa1Ol%wnR%&>nFUcFmq#Q0_Vj~xP)>ZQm`!|wwT^$2&5%P(N4bFKiF__q> zQJB~$2Syw0uPd?kB5p_UGSa~-y_7O zkA=y-=o1PP8)H0S8ymr=4LMJ<909Df!TZ<}g=u@c@tgp8BL5?ZD6-B5b7KJS~{m;CGKj-8^*>dU^hB!oCbE2!v^nd3nn&NfJr_7 ztFcj_uzxo;($P_;I&APAe80iuST-q4Y#atAHco=ia&TNC*na@yv8=+_qQK~rV_5@i zy1~T80fmW;M2t5?-*1h+24IB_eNDh-IrJS=nCMFy5Z3pB(Z_4-Vu!vUusIHWM-?Xe z2B(Gf{Q-Q|!3prh=f4^ohrpZfu+a`|fx|`$f|_7rV<|Avcfr_@cU9RYuf#cm&n|FG zBRpQq@!5rPU_3WYz&Z~r&ofoP78^|J{*c1N?x1VJ`UXNDpItbseBrZTw0jo3NznIU z?00+VlIzu~PBI=k7mv%Up{N|pVrou|ZOyqD)ib}p8=UfVS9{1p3_a!Et~m`E*7Lx& zsu+42yj^peeXiqO`P1y}9>g*qnHOy`jt)4Gf>w=mzIL@!7>+?~A&4dv}A=XGrL{$JEm&+%{ryTKfzQ z9rxIraNCH>*=`pn9_OuK*PJ&^t;EvfmA3Iv>^cm!jV?HrsV+EP<4>%_4S&oMtASyR z-!(^+bd`GD@foc+?k5Z-RvpIIVCQ=Kc!M2X=s{ccw|BwuH+#KZ_V)&FqS%Vn-~HuY zkJyUE!LXx?+Og)yEDq0ov6eyR*XHAMx^1gGo>LgAGrJ2;up1mpPpl#t+#k;si^DP6 zj4oNqjF;Qp5g^ej2L<9SUSyu^jz%g8@=wGvDq=6R6AW$rJvO{h5-JRatT7iaazaGE zoIj(`!$h#UL9|)jB^Go=#Joe-8q@8>p5P4*}OKk5h@oaaAG3v1#*IxFrW$&%ejH8dyD?CiJ=&^}L zog^Th@2-!ByG6ty^mL2pMbJaP?z&NUT|pB7Y_9m;Ddm{Ahmit-ryH@yW_62L(4|Hc z$4#SM5Qn08-6Hx)#M+Gor}yqGqwu^+w@h2ad%IDXQFt0Ncu%*8eYd}YkKrH>%zkdvqsJt~7pGc0i#3Twq(xI*ob<@XS-|m%ql)szx==FB9 z;qt~Eni-ZZx&rU&+C-a6k*JH;3)*L_QyO@r-`kQ}1RI=BTQ{r`8`jU%dDc+#$j z#2!^dNGLI}`&Dj)dJlH>T&UOOxYrBaz5DK&7I8U3?Uy5T_Hu+=v5u1&k68ycxaG$6 z?^{99l&L#H;U>|AP?)HMc`6ME8Wu%4a?*&)o$uOM~5MOZ>X`_oAxr^_65 z+Y<7N5Gb(MsK=IE=Ct19v%3|LA{~go$BGzt8C4$a@xeta_xHFNAsTt{ z9A}TC5$mDHLXc_4q3Xe61xq})ei=e4ENg?s*2!|{`^TQeLqt)Qs4c=4io%Wu#S%i9 zaGL0Onc!K^YtJg}f2HT;AofYkG zFd7&iJDlpb2t9HyB$Vpyew80iEjN~WBvf)a?%6_Yd);mkEvc6+WOt1oTCzJ~4}|=2 zE5dPG!&PwX*;}t^>Ehrzg)9qQ30WlPpO#eK!0vIGN+Hz4+B=-Oz%t&WgB#?h2(k32 zl?S(5GL{gw>_cTkvHu3`RwP2UTx`0@@!6?Kx}+;YVxOcBrCf34RjK_447&E8K62gl z=_4{mjmgZKkUcpszhHXdtl4wt%`aWFc*)X=W!1}9u4!t%1Cj^!y4rnp!nOAg^`yJg|2*71ywC7{!_$UO9{%_U z_lTqs$s@j;;m)}7hJ?|xG6!YO%1X`dmE+FoH92AO{2ME7cIUbCJk#CNdrj{@BXO2z zR{z5J)%~kS)VgbXuXL~My>j5Xq`UhE5`z8iN!y&>l6tTE-o*PoTisg|xAxll;cX8* z&}X~nLHC1+4<_wM*x6@i^25mw5BQvSSD#&hN0T1&d@~Ja_ZaecM{$Syz73q&$}Of_xg7)y?@0Aea^f8lJJ*af9dnrJ{S62bYJvbOt{$V z;*g7TF5wH+m-<}_;6ciZ3BBg@PwwwcF7PA=6Z^WZ>X+jgINf*kM^n;AB#$f%W_;Xz zLsqXFmZ#;q2K&o$^7^M2j&K)#;GX4m&)Sh*Jk~w`=-vf8(iiO5Q#vBCbey}iETOcl zS83UhvXowBs6ABQS4t}ed8+UC)O@+`=3wHzqulq;^4z~QVMluM&Sdw_WY5mzUOSWf z?z$9sY`>?qZPcEf3!mQU*;|~kx2^YHlpmGQme|(j{n~o>a|_(xZY%!o%HkI)l3w&C zzLf6%`L|a8V%D59XFmLaE9rwviT}BC$VIp3;-v&vhTrX)_2fVo#9i3$H*ny?{nCdF z=vP+udcTKf5A?$Mp;$)FN>9FF)-v~~lowJ9hCY~7fMwQ>J^f3|+@8|1O9^FZ6GoK{ zy3bQKE9t>9E?+72RPRV1upGvp-f(;tG#Lj-{k`=%DquL(wCilx(Ff6C<@Mr&J#1B2thX18yq|-{-z=lLm(7${O z7MI7$L_z5=t+3$VTK#j+SAX+u{D0w76@`QP|9I*R{=9U{sQb+8A8{?&gjP84zKX(; zqrUlM(&uiOUf|`?STGxk1~h1fVlUbv;mjC*x(g}m_op0O1efazHHn$Y)@ZP^Akq>oafqi_>rnF2<=Ok?1 zk^X4v(0lJodn|QxTbr1B!c+ZZ@y`3R=8t%#;L(f$D~+c)JRYqoqk8C9+a7Kk@bHrP ziA9fp>NB5gYqR(wY#(a7EY@Esm_UJ9J6h2hP@xOZNj9TN)qsp5}q+s@gNkeOh2g8#XH-La0(-yL^(sj{m&^;85YzgG=h6>#_yhzUHy(+rkTfrx|~%B@m2UT>qE+sEu&Lb%7MoVhI z;f5csYd32ODJ4~Cn#J*Z6pl|INV4IMAQaq2CheX5^%VYABe1t78eQ^ z>51dG+?R4gR@ITzY54qrW3(EpML&M2c467GPe0t&wmk4kTib$L%gVlti>HHFlLFRQ zLH)6Y4IDbi62NGI%XB*_CT;>HHk6f+~Om!@Q zyB$m5f-FZ$)42o+9ZO()XZ26DcEc`X2>e&LM2dsG``+C{}L*wpIhGT$HG|NSX z`z(jG2w;2(TiI#|A(4S-;r0?pGmD{!4)N>W2*>DNe@u&T{!194vKS3dhOBgA>~;Df zjDb=gLWs~|UucBtBZj9=Kf)D6E7mmO4FOK5S<`9ePeAW5FVGs1f5Y&ALn5T(q&cC- z3Vq@8eP>3VWa7$Y$}QiWbYD*JbAyUT{_Empm{tp5$_%UZWOooaK1UI}^a%iWVf`pp z`>~5e>)UC(RQX%P*YbPzg#m4vF@|pj5uJunZ z?Z0KrzYYJ|%7y)=UU>HRugzIjGW8Q_U!D2(9W7G}7Togh{eS<1sgJ+Z+>!j)3sdc* z_2SfjOZd^}s%E@A^=r+a{m6@Jk4|0k(9oUfvtFCJzT(2xQIEVfb%M40Y--|P9>Eml zn^Uj9_c!woUia?Qhb#r}PQ{}H7xTxxH}%z<0?WVHij-5BN6$=s4D3fA{k@U@!_<|%XQdp^t%AL%u>=N)qWw(ZDIkD5}r=qG(y*+1dr(5FK76zMBE5p1?6~Ooz45W_-bk%}%pYa9J9H8_ zm|C+8_O^bko!g+=(ZXT@v1LU%v>1s{=Kr1z#>}29>}ytlM;eN$JyG!A zoXZ$H!T6|S+<$YoyX_v2pWP+8E%HB#DCYz^{lD?}A$Ym|>3`G_iSO+H#$%*QJWlWY zzqcJ4j>-U9t~2DkgU=OO3qCz)Epi1aW8?k?w+1`dPBZ&*y&%^Qyf)z?Z<@;W2EWD0 zMf!|fkJuM0_V+fKe?9+T@mhaft|2Cs>zH9?Ki#CmO*+D)GJMW3`!|?WzBn`5?DKnk zT*lgo^}R}N%JqsoQkZG-vrH=IBz{MPOOBm{uBZ5YJubO+V*TbJH~D=?E^^K`7xvb- zl8HX&5KDj!wVSvlLo&Xd3~|og8d1wcQbr_7yA|1XLpIMO$<&vHrmkDGldrx*M5x54;ZWb&Q$v)bgBn0#mbN$k0$*a?64j@W?$-C(g~*Czkm}R%O&;vqVZ4aU-l*cC6h15LH6gs4$EI{ zQce_epT7^sl;<6$2h9F+f}8Yaq?zzzAN2D$JcNCwJ59RPq(3tGpEmnP&A#|6ehE+H zgeP*ojbBUI(Uj!Ld;9r5@4YeTy@raWn&cI=O*QM6jjOC*J-(^Bv9V%#edFq}4UP31 zYOAUn*G0j`*41O;ukY&ms>_v4&Zw&1P+fOJa^I@z2CZayMN@6f_{#da`o`o9n5&#H z&X-)1d1G$zyd{;HMN3LbR&Oervwm*w{DoNsa~CX{yR5i=V)1Rh+TwM&qgU4z=1kal zvs2}Y`nrlWE5@ThP4&yxFQ?j^aaq*5U|va4{@fYM=dYMoHm7!Z;ii(&MN5`#Xjr+d zs(!}Yb)zeaCKW8MTUqNX?X0z?VqHybWqo7A_!aeIYbxvNS5R@b?QUh$`b9HlHrC9j zsmRS=v*wQGwbct|)>hR`ubjWCU{i6<`rO&MO*z$hnVGXXxf`Llp>F+(+BLT3T)I51 zaOTE_<|PI5nwsX%TQaF|-l7%LOUou#ZCbc;-r_sf)GjVqJG*kp?CF_z%!#jg{rcJ} z>h+DAK)qQjifR{5T(WR=6_e|i6>nHjTV20k=7!qaW)x>lEU7FVKdnAD zj$YM#EXT)MQ^OnU8&}a3{?Sy)vNh9-3fIjl%PlG`y`%n)ro#C%SFF6PY*F*1qE)%; zXErs=oHM5~vte|7yvm7fYV3xJy4tFWruxQp$s2s*GJW~w|ZU4#Ceq) z>MIv+TD>tRt8R&}aMS#pdCmEg7S64kv?_bqt-hX=a7DdkB-^gWHFaxdXU<$)R5fSg zx@oy9GUwL#a+->=urp!wg#6<11^M~SGp4Vq9lf$gMy%H58<%UBq+xN^!ujJ%XBMp= zT~?OaIIUunZ(iLU_3P#qRcFt=BeS8pp?LAi$vO3#Hg(TPWA%#Kbxn<%##U5SHCC^) zYt1&bXyWWu3ny<}wtn^K)j63H8>iLfjGw!*sCn9^(uEZjW%athl~vO>PFT2d#_A2@ z*Uej5*i<#WX7#G+3$vRu^JX_~DBCb^c2>!ZyxVd{H&hozak#drvZlJOu7*xGRj+HR zU9)0r?Hcr~5B{2PpT?t!aHA^rcIo%K|rve(@)dDepJc`K@FS2Y)x7R_CjU$wSiPVu^xB}I!jZkSea$C})k6LUIytF<>( zKzrl5YMhA>M(k6@iZv_i7p~7Azp8HK?3|6WrcIwduc3KzZvEmpi%N=DW@XKsIBDUs zs?4<|Yb(uRw9Y=`>Kj*#Zyvv<+G_ff?9SCVyRmHT+M1Q?R?KafRJ1m4R%KSsy2%Z< ztyx(%skE%}R)qJ;g}1G&T9dgVimr8=td5#v>zY$mG`?(ncHPR%rp)@16~4md>lYWy z9e-Qq#tjoPZ<{@SNo7gx%*x7JvkRom+OMYSX6;yZ{(}7M=G+N&OBQXKlvT8`xM2L+ zB?aqC*H2nIxn$+76)Ori)UGVpIH|I@UL31mQCB_AKGRxdT~WQpI^l-<9ea9arY|cq zJ12W=?!?Kt6DMX)%<^SVW;0$gqjW~Y{F)UT8jBlOH#gPJT2nc@dB)=EX`9yOX4f{a zFIu#4TE(=y+R5`m)!NBoV?!m|Y!1$8R5?Afdgg}A8KrCMi)U4>$)9%H`sKB^7Op5- zS+{oP#N|aZmQQRbS=2PAv?e!HBTkii$dHw5cZDk7+~pe=tSD((Q=gNcxu{}daaKXz z%+W=)8`iF>THiEhd1hHn)!b&p7c|{v>uc+(k`WMAH=xBf-n^nxpr*#!)f{}?+|;<3Y3^sFK-hyd`H&-;So|qki=G}U8RYl{*+BF8*P`U1A4C2Cj z;~J|s)UKYEXnCye#se{N}J&W+gr>vt6g4OU1huf=d5X&_YLwkx;E#h=3RaK z1N-+%I7jq6R=%C{1Ei^#TuFT0?P|yNgBbI266RKnV-u0)0pcwjj-ew5`(uWo4XV`cs`(Dx|t&tZKS>myjRuztjg`}kNVVY>-_@LFp;)^S)pkV{26 zff(|>2;YB(ZC)49Za-Xa@V6d&VZ93L5a@XV_$hGt`xI%w`hdF=w)>zQ2VD4#bC3NS z!R6TIZ_*w{{tU?6g#5k4y!dTdVDy3eKSN#z)?-+y_dF)${(|+-SYHFS7rdV$eI4s? zY(Io_0Q~wR(tfa8g6)rE{Vw(wBE22!^VnX5bPxE?V4F4`N7?v-@@%Xfu=_)-*JAq> zq+?NztFfH~ACF)^33C0h|5r>Hei`c^Y)?Vn!?3p=KJxnS=nxzStn0A<2=E_4E&=#V zVCm484E_bkwqd;)+kChp6M0K}2D9F9+L0v#^I^qS>QP?j;%40DGa-*^S0BfZe-&@2w4*7og_$bPe3Qh+0dqdAp zAfJux4`cfZ$uEqA1;N<^*?7exITvgToTh%r6JY=3p zXCe>;GC)8;$qa!EO$Nef(&?^F7wN95RCT8lM9nKI;6wmL9MB+$f*@fAnF2C7Ai)6@ z1Ovz?JGQk{PA((lCu8{ zy#)=7<%P(77MUv`)nhj_Kkj=jDasj7UDo5zIp9sm4nyZ6xYA#s{x#fRi2MoAVrT;C zTI2_k;y`;FHTZ1^c{gx>7uO>u#bUq4-i_Srh7N?Pp$$+H%0pYA?NBfDE9loy4k|#~ zpdM%kv=6F--hkeOUW8tPE`MiRHSj&~)o}IA2~dISXW`?Zo1s6FJ{Wrrg5Ck0 z5ht#x^9J~PptGP!;3KKuWs|%g$-YaVtFd=9WuBzE!>?itxeR_WbP2Q*x)jo0&o}VP zqwu|fJ_3I)r2VJ&!L<)4e++@1g0$arLAZV%UrwgHTI@IwswRC6Ww*zPS7{+lWToHwt0-SF zpgr6?bQ0GmL%7m#rC;Xy4(h{g!?eD6iR)iNbGRPDjW?lXT)&0=M>aFZaQy^yACyvA zkYeNxNOH6A!2!r=Jtx|YZOW^)-7WCB@GkI)*!K|pxAY&ymW+r)6;K*V;iUVxcPo@6 zt+-G-*Q4(ZNb85&p!=bRpu3E~#I-z$!M?hbq>@PyQ zpfgFI291V>Llw|DP%HEv=s0L9G#--QwHCe>wRh59D@jM~a2D7jl>aylI~iQ0_3}6H znbtF+O5)*Q_#&{S(8-s`(3OzxH=+Bt&_m>Dqpd}H zzq^KeBE4Il2gSM8cq?9kK8vC!uR7PkD7e!t_ir3p$i| z`yqISe9g_2$+hN?Ca$mMek1sE74SGQfe)8(ZxZ*u1Mj2E-7(@Cf8LB7e{UL_L>;wW z(>(Yv`9&T0N~Gt6=aBt9*q^x;J;t?Y6}k_=mU;;H$JV0fXBD(5_fCP1hK55|L3#$0 zjj|ysOY`|e@H*&j{J9o=Z-EVo$6~)D&jYl#`re<&qq+QAXgxCj#{a5^%6Oe}b6k%j z z;B|G5DksAf3XM$CvCu7^^kb8~$m&31sJ`24{*~5_eG}oVjhLIv7#C<#r$o;bW4yaIkRe!CPq*MY~-`y=RQ zlv@woN4C}IyBEF|emZm}v<5mAx*vQU{4D4+=nUv==snP)X4Flg-_c&1(D`xn{VC2E zirtEnkC2{7dIB^DJ14<2$mtnMTzT~TB)SgT0eukq5cDZ%D)w$hM$cbIO~Oue=$Y$M z?tKNi2FjBDC|q=5AYrdUr;&dH_ScZNMEaB5-wC}N?5pr|p`U<%8o!^%wd~!-wJ_PJ z`lvkR{Si8}9+1EE40jT?djm)uN*TJuc zPUqeT>BN7^KRwQRinRLfn=ya3`wjeP$~qFdifh?%Ao+gHwVns-u<=lI{v7=Wlb#c2 ztpN?;x(O1WMfy%;ZiiRFQ(ypj ze(aT=ze0b4{s{d661K4!JIHe?d4G%SkzBu%>*?q?s)E>pKS2J|z}7(DMDKp+DCCYI zeGvDL=6W&L`u~d0BE1LsXD0bG;5cktm3=4L%f^d(fq4(Mw2+e;Aps zW5-VJ{Sul8J^@l2d>wix*Cpu7N+Ual>l@*9@FMx&OWre~kCDC@`ULduIKF`NjH~;{ zV&`1&@y)&#*~In9&@Jd}$4-?k{r5rlLXSb8f*ytRY@+!2E^^O6l2_gITr2t-^a1F9 zp!1>2Al2#VATJ+m<+=!+N11xYJ{X?~yM%jDndfltLyQBbW9vEGlMNcLH-rBTd|sTn zfV8NS`xlW{bU`3tuRy=XC;ud`p6#P&?0;~r=WO}&2I#}+JR2JhCGQc?DDr82{~gK^ zX+3oi>C52qfyRCLp__CAK70WAcfuc}-FJhlZl6HU#gN)U&!A(W1##Me^tIsIA^Ajp z{5G@|UGD|E9R4lJybVn2wv$MAK*x~2iM$KwtIgOhx|Xs;UxluL^lb4B@*IqwL8Psh$_iiV@o*B3u+s{dBm7%1y?$UfW1MFGoK=KVE{Z;5a8=h zO{LDCfr~bR9Yi__7af94Ti~KzC?80+d;|JD`f9=c0sRfq^%>}wy`O`oQBDC&*OJ$D z4(bW~SMXm$Q=#>gbptk6b1nKa^cGYX=wI-ELI(yKPT4!S-Uo@xH=hsm2I)7U|AAhB zzJ*U!hVssb76pp17fHVaeF(ZRkn(;Qx+u_g`0uc98$7Z*D(61hicpP>r2Iqjl*Yxqdf3)cW+4IPpR~Kg;#K$gU>+0Q?>J z>e&kXkL-h_Z-=xWa~N{pMDP8i?}6TpEqmb0$@gvUKLFi9`f}tppyN)i?}k22`XET_ ze~asP;fQIZ@8DYe58(fVD!4wL zdeLp{`^=fm^dqoY@I$fXQEdA$G>38??cbo(8o!C650u!9;cll?S1L~JlgCi@GLZ;+38kvjEBYrJ^_9s4XbCY_aUb} zvcswKgW!9hF0cpj$?qW9Et{fy4|DxJ=-ZI&{2n$wQ{n60=w2h`-i%JsZ}8ol*#0kM zwKw+>bhlB~Vc@ns-H80R@ZUp$w8wT1x);JlU*vihbS3m9 zXbIRq*}LEu);n(f=^_jt6hYjt$r#QrVY5pMoxiE*Zdg za(yWj@vHEmNP8k8we{opUS+GiN8xF7YEMPaK%J_P?B^fB)3fh)h{luwxMJr4Z{dK&r}_13!nvvAQ2u75!}Bk{q* z)cH1eCQjT!3-G=6Mn{0n!tY0*PjnY@PX#)WwAx#HtI_qp(D(BSY=rOP-Ym+U32Du* zIs6*;EJ~+&@maCZl`_p>>RCu&O$!w3%>?e`WW)O6MBMt$HHGk-?wSc zCD?o>vcJD_v zOImf;o}Fa>f$pzj%a6H!jXJ&#eGR!UfGI}x43Z+PSk+vlv0mkCEK^@p8{GnSD>R!r zei?ocbPsd}^c(0r$`H-Le#vfvOONt=7rQ=3S-se`p0cNdoeqtrj3bcigmgU*O!PhE zAA(2wmD-y;5*fXd)qAb`u}AN?{GdtnIczuzxw&A^k>1Sp zljNyyW<3WzN_O-uXb(H;D*Pv)`=02|Ph38_IsF0Xw~(GgRR@iQdUnwB z!Y)YbVXZl}KGeEU>%HqCt;zlZY3-#om)2TZ`&(zv01 z`gcfuP<`wlklJ4Dt+xHIhyCH9&@x|h@?_= zLxv3>F?!6{achO~+ZgKYn{%FpGz%F3a6KnDg| z$<_QEi`tL6nFRKj)rwCm*6NJql=W@H+%YOzl8W6JmXRGuxzlO+oWnrN$sNU@4pl>r zNTn)k6oblZs?b$cU0tI%=s#RqF`*+~foo(P?o!+8KpVwYR`bK?^|f&T({5Ge=hCZc zMmi=LJF2Q{YbOg+R1f>-kie>ZQCY=w#1p z)|h7~V^zT1#1uKJs8jg=xjEjz2;b*eh;ezZ zvhoqjixcdy$|S#Ia^Btv`IHuBcyx6ZFI2a-u5Mo>r}|gb*7FnhLw@i2D(G(VJ4apJ zzazPHTD7RvPvJLJm^w;T2@0X=nsLI^x(cZJ#zy+)$T@~3l4%OWpBzJno#1)BUe;=r zl`DiLu#0$VKu|xUv_9mu$f&BWQ|HQ?oE%!I9!M#TO&>6Q3H(_j^Q@eUEw2YXy|b#O zzP|nohEX;19O4-LRm&@1nG@8Ob+;O3T~keG$K3%_1vw<1+GF}OK9H6i<$u>O5TaQn z$V9E9h&2wWB8J4KjuQJKUinh0e`GG-nYHImU$MCatIDx4I^Pk131(ph_scmpf zrhw|GtQsYZf&pbAH!7=|LtcxtaGGLrh-zdDHJ%YLGDo7xnUOwe!u?dE=9nn2BEjsb zu30QhDHCFtA7&h!p!-V%A0kcA6v`qT5m*Ey;vf5JLN2%FV z3Hew7qHhP)<~n4X4t>LAg20v44Nb%7Z+iD1OJPPsQ_~Ot9eM_^df){5<&Yu#yqnfq z%!6r_S67eh&=I2w!Wipo)B~AmM~)sl{u9E|Oua}oBE@t&@*2}8lfCOp#m&NGV0A6C zC;vyr#EH#M3rkhk4H+@EdD_8;96D?6{1Ydoz$l}trmkt&2$e8l;(TEmCh0*|G~>%^ zlcN*h0;bua!$yo6-6hOD5PD@gUGls##oD8$w!Z0n!{lbVrH!%G)gN~`?+N%$G59H$ zQ%{ql6;@5x1Uai3qa*`N)9u1Ak5Poy#zF?2M?G%^pt}(8Y0pc`rcw+A4T`TfEU&pr zlA2W-|L$^TbHJMF((VJ*Ba$2Mn8ry(bIsTp$Gqz-VLmvh7&}@`&Z1r+YR4vF^6G#i z>zLh$PX7zD*xYRT%KhFvp8GF(|2L+-v&Hffxm3a&O4D5+OwsJWGuXhqF#O7>jHLRd zyxi1uqm>bSW$ji|dzb68@s`R`x5~-~OwN0&3|1u{a*WLV$D={6-vx=}cguNIKgp)j zKNO}JkHMej8KSs+Qy60y_3$n|e8i}9rLYPGik1dLhSImj8y2auNxpuDFu7jYeLNU3 z&oTMZ7Mg10lPs?~wGUw$7FU@Zxm7FKN2S-foDd6Kxn{lV^V*wt(&-M9le!QDD9jC% z!x1XK80mA@srY1{$;oUln24+VKqMyzN{Hip*XJ&ED0zWnWTa#b?X>7+!mKz|*^kRj zPQK|s{=Z?eu_E!=NS`HTQZn^LVe-m=<4gT==2X?~TEpUrG|L_xv}n_v!cMAB&0Pp>KguH zasw*CmzhGA8e9C013Htilc}Q>%a)2CasMp@u0oG(`9iGf|k=R{(=kUHzfL ztR-#G0j;SyI>MBhylAXnG7wY8L_>=(i+fd8qSZBLnq2UyW^Z~}Ho}srsCSLnVHis! zA@o5F_*X=jtYht`_2f;$zq_2*TTJSq$yguK-n-hO0x6}qZE2=V_?gprkLM%AeOjbr8&133Lvm>%A! ztXfi&VY9?ue+R$Rc=W#d6UV> z5MZiUg~t0MIcrOt#~S1bm$Qmd9VtxzIFbvsRTDT>Zzwpik!bgIGGf)Ukdcu1<>Nf(O;p*9gPu^cHnj zEue>W3e%cZgNS#9`d-7V1RSrKu)5|0E=T26TMqPHWEk$SE=X5kP5${vpE{Qm;=${M z$z1%a9$niobl8I?hoRPkH5S*_KH*r@x>nE+42xQkVkzsHAcrlQ$!wy2S(vqwW)Fia ze;r|76`7vg?|DOG+BjYPx1digtE$MBbe(Lr6jh)S9K(fK&d8o*a$e&x=a6qzbO9KPHm1pm#^lkMtqvM>4s%EN2aDssUfeWgW%~d=XsG)W!6V>hFZr=wwavyAvhymktt(Vgq=1y z=78l-rn(HnDb}khs}wKi3X@ri03W2Q&ky=6v(+}0y0EOzvg5#N{?|d}RYPjPuI1Tf z_{i&pq0M7OaamV)N62ec)l)SQ_@L#LH#EyyCuw*x$c0*%)lWHQb&XB|v*tA+PCxuF za*nCK=1z;$pIN!q49rO?xwh_A%d22f_p37C0ZT@dUo&)XjvMDRadPA1D!Dx)f0 zFTbd6>IEKG4Tgo91=i?t2wFbOsjeO^j8L|&;k}`8dVgN83gU-3hQ-!wHk=$AFd5=) zSyQvPEC)vCQ2$tNn9S3tICA2o$y25lh3OfaEi)U4dA9msBuCw?<5S8f9Ah+4+uHP7 z_c>wZ!~9rrrOCPL?$CcMFReQ7+@S)$+Q!+SOwYT#`eI`lP{bA{4?g5R4y@>wLibgY5AR;q+(T$N*(H&G=MsC+X< zn5t%-1_RMC#V{UB=?454M^=mnlDEye^HKT&tmV`83vzCdVXWA&)IooaQf zC(3!f3{~^{{g|S|tbAHnq}-6os$ZBsHF-EF`^Emek;3>(128j)(qE0RC@=gC$0*Ye zS@~OG+;f*W{`-Jg)^Oubkv<8B8-Ffi9!bjmw|>m@O7lM)3%SgNiGLdg6cx-MlWbI# z9C9DB_AsnmsEOA)=Jj`D;&lTtX`u;+3iG8(w3jjRU}5sQh7DF5Y-bF6mtpFE25H-E z_^KeMUSyq@s64BjS5d~+`p}W1w+Yj{Pam*ZpFOe*T`shy^_%+78D?Eo&kw8)nwqW` zW(G!C+fyPkzisqsKmPd9lQn)b=aBpGUCU{!NmY~TW|NurPlYv(7FLnu z39O#g77vo6#*90{FzSoZ>e4!n7dG&~uk#I~J!n_TvB7eg%cSU?0jK_kyRzh4VMhSq)~#G39}qgKqnHH8|G>A4mN#ZKwbs2rp+&x z^O^!XT^;0je1AYWud5S2DUvhD&75j-E)$)n zy-m*1>1BOoQ(|w&T<)MCr-wOBqD+lLjuWOqsH%z=0vx=MS>tj^y>-z3L<8RMaE#&1 z4mDh5F4Ctb;t(8t5$1><&#HF>O!Xu;F;rE3Q6v|4g<8t)6c(r0x;nO_^#*e2uxo;x zf=h?;UuSXzn;(>1RdsV&P8&5G6#UIHW|<|O+GCjOLV;EManpzLR2APJFzB-X{DLsw zN79~@pfUe2OfN~bi>5uY;Uk6(mCe|qkrGs|N~Q~Qi0;wY#Ar8qzG0@&B3kbzP7QLJ z0st-VIfki!qm40K`||G@VZdR{l$)g^x- z%uDbQg6GDUO`o@=noW7%bbXQxwN0o0=vZiSXMZ)!o|=@^GRKDX*UB6wcL`G$Fnw-J zrOOE|AJrxo4G>;Neb5&P$)?7Dc}d7q@(9c8Qj*az%Jq4HK7CY9w7k}Cw1;Y2RdrCn zEFQJ)WOaK)$gAF>Sy|8V3rsGmiTS4TBw_x%Pc93g;p+{vX_|=FW6=T zPe0E`a(X34J#@SwOoh0cq_^@9CT9ba`hxBAB!){a2zuD3svQIL%sSTw%%sEV{~C*0 z(iPN~^+h=CJ3wEAHW?PBy!4@wTt6Hi9$~?9-5Sx4ky4LMBt|=?+g1@_gjPDjYDAiWE%!FLDF1NO+pdMM*1udVk(Beo#La85%$MZJ3)sLzr@vYnDhH z8p)Nl#p8zs%piA5VwSLQZA&8NnWIf#0M%(Y-fek90bx{F81xNv;$q7?pinNCL~?GR zb@-FYa;DP?TOQ;F=3e1gfV})uB7MGrV?*}_)2Bg~E^f=}Awx@sX?-77^7Oa!43i-Q zfChG|_rVA=#HBA1W``yl4kSP6a%Ec-Lzf0QbH1reCNGaLE5k>fT~S_@?CMh2nw-={ z<|LEX50DGlQ#S=Um-5`Vxtu}Pp;_47YjSTl`oWNQpwSO|UMn}4oP6B#hTeiB@XM1S zukZ2LGj;V(BYl)?jYeIb^Soi;Q1w#jmt4*&izHE#-2Wy9F45%ACbm{migacTr| zW*8H-#$uk;MhlBvXU$n%J;^cOJXN!E93m_{lxT{Q_h%bsCCh3ZiK8rUSi9(fh%sV^G9^O-QfxA6k*iE{GyE(9;VKA%usocax2>nQ*C|0p;5MI`pgG%u{q{E zVZ3LODh6ZbmAbl%OwM|i%tasTHIp;@%{JBT@*rom4xw~~VHQ=&tLCWuk}$=YBUbQN zJ+Fm^iBZZ8hJ}{JI?aRkSY8UVnbM||`o}%5ie>oV9>zaqav{=qz>)`l667LO{HFu* zngULa@y%<~sL^}|JN^K^sQGh$UaFxMNhbf{SQJF&veZZvNO2@YJ!&G%>TI^8hX`}Y z;E9TgVUF1iZpr5K7{k03!@G#8No9R{e3n-l8)pX0U21Kfo@;rv;tvPi=6I819MW`d zYs?`-R|(T-CC{lA9A{WwS%@xH<@GEYx=c>vnu0?+WHmKggPf}Dt(-_~cR4B=lo8P% zayeQ;uTkx&y;xYtq_|KAyVCMvvQ`ZK+IiF+12AnM=&P~s1$~Ms_e*u{PYg3VWVA)_ z3&PB{a6>zA`JzY^2aqg<7A znGhw_IHnSS4NcSsImFBo6*F9z`6Y}A*f%E1OU_Was!4_otXw=kSy(jn(0{ehI@|Q= z`6C=O-n)Xn0UrccE;39WRpePPR4sEk>ymP)mS<;#yjDXQN{06srl_}97WTxy$uU(_ z&sw%eRPwx*$!DYL>h~FD%|T5m7}1ZoT)FAw#*18^8EAqSbZMlILfq_J_ixOi$0YYOQN{QJC6I z>amS#RKH<)%~R!K-gJHTqQk^!roTsdy%w54YSN?0=e4!8d_P<^Q+K-QQ#t*|dSMvi?}N3k zH+t-Qg;gXQ8i!AvJ?F@|N4@iyW8Za;V@UGZ=kU>dbvUv4=Z+~XR11wnL*5h?=1cpl z0mAiW9^!WSkd207UiS+sN@W-*sYEQ_#m(ee0l!@P2u&NX+RDJ*QX zSX**hALX?&{8YvU=-cpLwh1HQbxfebp!`w%*N5?mVoGh%;jKrqQcY;2uhlJFn(|Zl`6iJy} z^Q>WS*Y|u`U+@%t^%cjc8@jx6*8JY}@gFqW=ePP)w|V$jOl1(VxiNfWGewwk+Gt}- z$GVv&r%~BnC)nfoal)d$WkWihN~TuHJ+0j*N40UIq+4g@)nZ| zfFzmh?=(5h`Zn>{ocy?BHucyO9sTub%WF29*}O}ud)ed=^Nr;ZQ>PtxVBPq#Oqe}V z>0!e9i?wJN9WXOPCmb=suz(;1l$z}NJa;%xG3;$ne45Keg^S0hM_4FZDrb~2z1_AD zubLC-3lXgza*QzZr*i2?rsq2r3U)geMf$9Q3f)BFgeb3NQ=6yL%Uw=0I)@Fr>9xYt zGS&;+ma~JtD8^OF`hclY(Xm08>~n>R;mWMZ8RmgT{kD|z_WP?;#`>FOt1!i_eYUQ@ z^cXtqqrzk{HBg+XFMZlDbh)o=w)kRMUx+^zme(7`t2cRBf7QhY5f2FSfY&IYE?50{ z$Qz~)YmvQ<`2?)tMDvm5O>0n#j)vDmUbJ#}d%W>B%g|-K>VPp+cC~Lv_QXhKA85*Y9IB%~)X^<`p-uVnQSrwH)qkHaYp!4>^3Q z%SC|2%#281S+b(y9sT-j4AN*aa{z_{v-AjINO}Nz>s5$47jhdN3pI1r?)tpM;Ihm>On1OL98+y=+?2|^VFuZd zrP2M|fqA*5N46cp&|w|H=aA})43p#KCG$k(&VhMVE_Xlem|SOvWIyMac|P>m$}bz{ zP}GaB6IS+|JL^`%tnNWyDs`93$re2h$)z<9nLf)Nyb`Z?xSUr;D*)5!?*uuS%VDK` z&-LLdw^{Z)HBinqR{SW!EbTV^Bw(RXtM@aGMG!@&)BA+^G${XZq|&cM`aH_bwZ95- z76zKR*{%7T$*FP7?+U-Fg#D4WHJH>}P}YP$-1au|k+De_mV^e87g8fkPSy8AcSn^m z)=3)3_!{vrVYY12g2;~g<03iL&JC(wY;qW9cKGS!NDdV$T*q=@Hfvi`s2-JTEw2Ts zrPb;i2IMv4DXP^mE!WCNhhgSajV(N!)zoY;jKZubO=Z=&E*IyIp?G@p*UTRiri$}K zt@VKxg;xZ9vNc3P;`1S|WAcAh)ztx0c8&V19vf~kebQ!K8cS+w?k&ry;Z)nIs)tPu zn@y8Kx3>04$E?+CaS`S`>M`1|1b>0d zPX>$`t8LZsN0#-4br|6_KjaO>(jcdFh!4?%-qkE*L58=y~hmC7f|n0Z?b zmHI(HW{($&-yaJL%_uKumGr#HQ88+w1&fZ?2jnG(9sjQ}o;Iu}@Er9|>BI3FHS`CW zwEVbn&0zY=P5#iekw0@C!`}@ZD@^$i)T5tvlGYd|P>sexyKQhxjU9E%M7yw1eH-1W z&E|l~Nt!?P)!BK5`HDk6AVBIba!j39Lq?tKxhi049Q9Rgc;4t(cqBxOPi6K*md@{n6IdtHk3iI$(liASte30wEkx0BC%xXnfb+PoTWjXHo5r3_j3+n-dw6x)$ z-wHD@_=UjvgJBV_42i^_4YN-~nnq7K=*W2|EnBm45;CcJbxJ$N(lyT!M!ggn3KqG) zSD209M2sKl_X@*i8#e;@KPE?ZgDto!FAP|uLE-z+fO%DfR8)N2F&l5>KOLVE=EI8> zqdI@CAEQ)rL8X3cvtPfAs;t&;rTy>YM$7A^>Z}3y7Q@{6)K^RD+WQPs%u`EEif7@n1M5)51|v@j@hLh)PN%erZ?; zEQgY>340rqNW5Vf)!SFB9`G&zhS2}Qks`Z z+Go-Cz%K~X6vgHb1sO&Ja~Z~EP3IicQ~3(A;;6)maM2@$4H5JUx63NryUh3d=xkja@UnPQFC z>T;G*Ppk4vUKqM;8&gkA%mME;3?n7Lip!$Bir#R1 zx-1vT^BZ9QiN!x7Ottbc*Mj#dmqU}h;>R^1uVE6#m>VN~D$_lay45fX1Jy#I(eR)! z&uAS+u6fKbTYMvCV^j50!l-Rjs9gQD=e1fzwmc(Dhpn|uW%Bt5^BdAqvG47e>3G30 z87!~b@rp3gc32_F)Eki;U}a6yF#REL?NsE{VH!t{nb16K`XPtSJaVD1it75tVI#*k zPd}Jr#vwUjsavFlH)0`DB@4+@%RO>g} zHJ)nSsi{p{{aam5!J{F}7J%oQoFT3cyFU@hQ4#8)9kqrp7-rVF8|c?xwY&&va?%qb z_TAxm6?R%)@OxMF4G#-bO{j;>7f65KF|*KC=(OtdhN)9>XdI_e-w-CiXLzboSN|8o z>`kSrrm10Q?etIve~S@pZX9ozT<PBJ-qnXmX& zwIOGjoEsB{=en$6X0Ek{-XCoZd96Lva~J{7H_XSxsNpXbrhu_S(v_8$yPS2)fG0j1 zt#%3`SE{`g%JUELpiTn(~p}BQ;;jp>{qoK z_Xtx=@qkHBw};aoxtu+)+TRN@c)aTR_;Cz*Ku1;8Z-s@0WSB$i{%IKM)Qz;*!1qlD zsSII61&EFVgmIX~S|w5XLBb5c1=hRjo8D=1@kE$oEQXeN-r#(%+frev+J*^}CQY7p z;PmO!51KKf6y$80_h}~C=a>~ufY@jnnm$;t4js-P=!`#L z;#I;l2WUECkvML`#7X*1V0)-#)YRWO=4)ieaQP0Ux(++2*W@Yu;MD<#fSC{M$F%g@BnK`r zESYAd%x1)xu@jmnP0a}-Ug(kR7y0o%VdaBikQ!ZRaz4`O8&Fo?W54`1IWo}DR}aLj zkHzEH2=g`zfuF9r(e&vNTayp7AmizMQQiSP?!gEv+Y^gFYJpc>cylSXn zl9dWO5+lo)nQaD*6^5PoK*PWNt;NlghhCjQtk0zp<|w!V9K)$+QekK(D+n=Yqvby(~D&E+hP6c>7*l{!?_ z4A#jIB58;)%bC*ee5#G>Cz_lsBlJnC{&Z>hk-~fdVGTZnzjIyga#R9c@-#0*-y@8w z+aQkFtb2zRgwYnBw5~e-6NdSq$jr#2ilNqY`j^R*P`r~`wXLXse@*3 zZALyWOjVNuHU1O9KMHd4vd`XCRX=xqrqoaI_;Z%G+_Yx=OP<%AWqm81e!Yw-mNjFh zDu3ttG$=(!)!!U5^`-#Xe?@r}9wAcgKW9)%2I5;r>6+TZ%BK0Jpj2k4FvYS~6?#oV zdmJbXJ?3gvj|QE0!!R3~)JPoZ^eka&MCBHUH;(eWYLgKAm6h*~FiJ(}hFnlt}A&rBa8@-W4yfnPE?0xR+qW5TaZ&Vmh5axzN) z+2yRh>b@+>I?GmQ03OH;eOUH?mr#@gN)!+H3mchVoJIgCG|IQWHqsK9lnv zB!6<$yb2^V<)ZDzJW z|8Yr#S?@Ou>CZ%1zgTPl=Hmn=em0U5;sa0RRROaO7*1C^CIj)l8+g4iwan3F7Ka!_<8V7kii-HKuBg*G(^X?8gN8h2~~qNb%*Lew#th z>{AvAlTU1M>yP8>%NR>y^654Exx%cyWv>s&7n_{=u5}j`RQGvda*M)%0lI$3h>^Eh z-X#AagMKD@jQz0Zvz`}=6}7foF#1oHmz>@?i08WciX+e$9U3R}Lr%g%T!k%|`U6}} z7KR9~s-7-Po}(o+HfgLp-1Ewz8rf{UceLk~tVaTka=c-d*F&6{W~t}ZBO-^oenaEw zQQpW#`2Pb;agv)J*9zvbV*E&y*H-QthidCCb-55R zRGIPR3&Lm*^-^mk_Hb^D^jS#B+q|=m^!3*xe!DQWq&$$W)webypD-+4Wm_KX+%!*_ zHvKKbG_EsY+J4T2=21tIS6cx7`*XGfGglaO(-x*4m_`wS>x5AUwQD1*-3e2tO+VlA zYD(})`GAR&rd?-wfyl{T3ICbMYs$MhSW~g*l`C;p2~zi zd9G~HEX@}g6pFqnCkkUjRo{&?SzkEdfR2D^S6zN*iW+vVurO-S?3x2=KWv!CxI81@ z?ljCQtT~G(oROohbGZg3jQ9ulU5mc!lFRNw2*tF+$rHauf;Ar7of zDl1=bIgfIW{HoUjM!bZ+z;{~Zyg`Uy_**1rO{|@e#>VQS+!VKm{FpejA5#EY$)km- z7iqkb2bj#7P0m5@NvZUKAul0lhhlg}zy?6c!-VN+L9g^i@Fc`u+FHYsdOTv_7{$Ob zY0A06*x|Mxp75Q$@mCn8flYr_s%^*d6Yn<6){c!d?}RB+ryu&N%h@0~oDkww*0hGB z(TC4*FArtJ(8T7+M+kFU^!w(c_* zb;4LY`hUUUL3FRlsr%w79HrKLT$qiM?oUP0_Z`D%Gf|tMV_vho7)T5-Qfi28cuSb& zHl5a>|FXOq6xBj@q*L!SDM2b&(N@!Fn8~Tn>Ge#*1Yv&A6E%%gS05N*rcc(TD-R2p z&$EW5=SFfN8YF&&;x@W81%rP2L?Sb=z&2G40>SD1A`tI^uVA8 z20bw7fk6)pdSK84gB}?4z@P^PJuv8jK@SXiV9*1D9{B&A2jcPh@%Vyxd|^DkC>~!N zk1vVGPl(5t#p5gD@s@b}lz4nqJia;}KQ$gdEgnBT7GEEWx5nZdWAV0Fyge4r#Nr+N z=TotGXDptL#m|YwH^<^#v3PeZo{Povv3MaCFUI1fSiC0|-x`be#p2sy@$Iqrxv`3D zK30)0#VQV460ewFf_mZ=i}Fwb+7ho=(jKokf%FO6pzZOB6SMJ(rHh~zh0mR<4H7v$7bkXjvGmXq^SkhT5PGh;mzdVig;^paN8cz}mRq#{ITVs2k#5 zn{Z^?w#F*jH$up?V|!)`M7|Ev9qmvKQX2UVKWB9jHn zk}r!~mV8-Zl(V@N0^1DMg`O^S@F(OIU2~u#Aj<683}HtXWpccZ^sSTD3a zR*}Qz9OdQEmD>h^<&n*kKTjEXWb>3;K(2tE0{05w1?0C-_7=)6iYUKG`9;bv9tq8b zj)KTnBu_B|ZGxyz5xa`yFQT{D7po|tw}eay+e+vzaj(R^9`yF0w+FljJ9>m6--DgK zTyH%BqMSbR_My9P3xr%B_qJtYiH`1`SfVSxDVE4(dg6)s8%vzp+BmhhbL#5il+#sl z6Q|M<@x+2GatnGp;)#U|7jimbDW}!~r*7mHcI&EVTRgF-bvvgF3KnIya>^EU(p4`a zi=}jNj^yGZHx_RLJ7M7>PMMrelyO29krP`n=)`tJmge$0abu~nEtM@xOLOCilQR^w zOxc#@F>+a{GoDz!W-TXKwY(KumS?%UJdeKRB}A6@V%3TaS1VM|icBA;ysmn?8HS8>h{j+S@thbRvQ{A+oWRegKbmqZ&;#YtE%SM3>u+cPL=&vbFh3Zug%+UWs_c0w}I-b>!h z=59_ogfp@#lP5<;R%M9fL}r^rwjtcnn~Nnjwe@kzkla+l+)i25*^Y2F2bS%jpv@U_ zY|d=ww3WME8M1X{u&RsEBGE4<-78ne65WhfoRI5glt^?lBqX{^ z)Uvx5rMZm7J%#6FeXbXq^Bd3M)PcEq`eY(cCrT9L$$~soV4O-67<4$HuR!Nj<6&de1>8{*Vq^l;1s(!H#xzgMtI4MU-awW-?809#jwA4u% zr7T)XTa+wHu87-9Dzemz*GjU!wB1e!_p~D1qekxOQc?}tvz=3K5v5yOby8`4s?0V* zD%sIRmSks7cULS~$}{jJOWSF{WKXs`6HCsZE#k@f9Gu(fkjeQpg3g=roQs=EoJ;hE z+wKI~7GHqyBL?Cg_(k(c5ba2koXOoMH`2y!&#-ZfmE_z~eG40BETLGJwv}TcC zlI=orNmeB;$rg1@-8turNG>U6g!Jane?l?e7f&(>b#l&^u=&J%FM5{dI;i#19AhEp zQcty=b=`wcI8(2srG@zFq}3}|#FLCsASY*4_mi#MWv$Y-EYphR%Q7YIF3ZaPWm&`X zt=P6K-?mxjO~^2qtR}# z5yF`mw=))Uy_IuM5pAbr8KaY@^vXZ07?(J=>+Y(I>a{A$+Z^wYjfFcT$>L$69em7Rl9Yq zMQmHwsdCqK%Ae~jqSj^Q&(kxE*vT_8MOx$x;xm?P-AIQ^wzh5T<4ix|j88ZhS?cIq zvh!BXJ@oBlYj00yEV+?B#W~x93}<9E(x-IJ(_1%c;7M-W-h)gV{fo24_+(qguIX!B zXH`}kk)Si90cS>Loh3=XtFp6QQ+gY{k8=-$bdr&uk%2QB+UbdQMo+s2^JF`HP-m8S zoE_P^j%%xLJN=Ps`lHS)iIN#jLdgt$lQYrCnf{_PBUqBDfl_E9kdAhiV95^Rfir!! z%FcF8i5>JK5F52v#w-Bo?pbK(7CWC}=hb#TjWfNQ^Op7;XIk9O)QjsaoO@a~>dX+C z?C6!>Hs#e)oANB_lA9O@7#mska9*rYu~V}x=Mt^csaY}EY3;}v4V~Fd!s*ML88Rb}8 zsW{o4Z>LQ;OGfh}=N$Iu7;`vVyye<93DLx!%xNO!Ecu*yKBw6&nbX{r%xC+sJm1B_ zB$;O{(m5l<>Yis@(zRkBzqNzf6|~CX+&;_Bvvn>SqTW$x>q4Fh8f^u}4bF^OoV$9_ zP_RByuoiDiGqcXbd7;SSH(9XODfFr}w=inOl0|D@&gdz&ZN&pcYhSXGi&-7b zMXhK!tK1@^8D~x2NoI9w#F^_7Bb%McRccd>N{n(k%g$1!3s06Z-L!H^D=cOFgWNIIEYH80(m?nd3OOv8+q>WYq6^7|(T9yYysv zd`Yq#kc{<$o?;fwy;?#hd$sUO_7aGkwMI(zZt0~>drRtroT+cGmK(`li%ixL*v}bD zwzd|@%URbMo%X& zZYrBU9IvNl*r1ovg5+pYGB%#llB5Ldpsuhk%^0cqg+kZ%cxr*-8`hg;WuIEWFp1>C zR%!$5WC<&lk;uYM0$eQLNA`vEAW71BB;s0NOjt@;_I!q=M`~fdD=(3JuWVUZ%(R!P zQww{GTajFp+1R^DESK*VD=;sl78P50BuOpqF0i^uEzb26jrDd@-r_C2OoJ(&i==b$ zww_{ZJhg;j7jQ{7qdI80g5;8}Jkt)0xP_H8`N1^TrL=xQgeR$`WYDUG)Y5jMORT7h zEzPxOwuyD*sl(D7D_60eIkTM2Ha2&Tvm;<7Js*n6SxZZcROa~h(FpINQ8CLD27zrqL6~TZq zt#4+=Q>&Rz$*?+OF@YbJo=S?|j1jB5vaH5Zs|#H$C{iq8uFcKtfsT0 zdbO71Vp{v9c!KPppfx-vky?}A%pwG4@v^4aD%ERq4Ct^zL2g}JYL)S8T?-GEtn*T^ z-b}SKQrVJhS?3L~F5528uPbI*VWie8v|w6qRHfGQ1g8`e5BC^E7%0T(|EX5>Mwoh| z7(EE4P6;a(Tg7@7uUz764IN!;QJA`#x;-5h*2gnEY&(l+F&a`#%((XFjH5QQC&Kf(G%Gd%crR5PNFnmjr zURxB?$NRlhUIutY_9-V{>L3cC=&oedbXFHB=3OdY5yMW@gh zB5Tp2g%edN(VG#`;s`BbXki_)6-iVr)xA!wJW{Nd)J8BlQY$5lD0O8tPLxY+somZM=gZ4JT9A-x)tNtH4S@Y&Y6y^8X!?p>BwJc*EEgpQ^9 zHtHz^*4r`586BaoGphh&Ge_e~U(wp3&&O-lQ!Foa?8v2KarlM}#~R=B{)xtS?_cWa zy2Zx#b{^&UB~`{-E_FV0;z&!+oHWDuhT&_B7xE2`Z*={;^3G=#94{0+y)!e{i{IZL>D^lG`i`FB@?&Dg_gy#J_};tSo<09K(B%T({Qt@l`<_{b@3`0bo;}W+Zg;*r@V)yEHMxB+1pcD)J+C<5ANa2G z-eGcuW-oVN;7t>PUFQt3`%PWWXMS+9rRROfdEo-*JI{AM^TW>f2fjPV$1Zey_eY!; zt{rN6cHQKB_chMvebxDn+nn!t+Uva|=k2rOJN1^Y`Mb{d1its%p5ArWBD=r${o`Ej z1I~B+YNe(3yy?8~8|N**bv`rPkNw)yJMI{7@;h#KzW;HLr@ecf@9gz>oVV5a{=j$j zd3xWrz_&Z!$$w;P@%&!r&F4Aa8~CpGd3t7u^ZlRpc-#G1=YkkZzy_wcJ?`MKF@jV!m%c|>r&@??{Qvu$@$KY1$+6= zccpK~PUlS@5BMhnzu5WCOP%iu_nR*Z_kVDT-U>URdjVcaQUyb=Xb$Tk6f8x> zAb(US=MLvP?{wZg(aW28tEZcu_jzZ-%g$TgaK7&s&YNFwJ};zq@AGu*Mdy3N{iaWN z9Bc@D|A#%j<1Y7K?0fE?=Dp5iPdaaU&h4Fdfy?g>e8Ytyu1C@7?XZaKH0?-*i4R;QRQ`25lVuj`Q8$b-wEs=lcV`XOE}%-srqA_DIWD zINW*5kSZ=dr0FeX#TWvz+gq;e6l1fFJLC=E=?rCkFng*K_72bG*Kfxu16I zao)^-o+|riKIDGi_ki=}z;`|9>B63XpXBR|-6uQWAJR=Pd%Ns>-TA)2H~iAmO|Jy} zRp+~3b6)85cG(~J&T~8+3+Y|Ca6j-J@APz2$$8;}qs{(Zfw!FR>Dc3=3~y;o8{Zq& ziM!W(dPAG@=IDOAr{|sHd}f#PSf}%S9nPCJg!CroE#dx#aK8}lw*-B$ZkLON^oEeH zDah|1AL6{X+UzVWYH)iOIB&k)*H61H^#0Ovf%E-=H=hvNf2H%?LGR924|RQi^zwJS z<$Uj-oHqv^+fZq8ErIV3eD?!BZtm>xb@{wa&S!>o`n*nGSMSU^-^G_DilhBq&YSbj zTMEu&ZO-SlJKxal>*@VH&Uf@WZ~2w4D|fx_eCI75w|j4P-tr;mO&@l?ug`hmwk1~n z&M?mI4&z*GzQ_0O5HGt!zF4}gxV_MmkELyEqZCW?B(HA-(mWltc4T7d8NTV8o^j^c zJUx+a&22wy8{9I$eP6&h8w1AK8A#ji@X_(~{I)i>Uc`H{Y|5tR=i2qb2fU=6#xy&{ zJXylEE42n*TB9wt^!y%sras^M%zk)O|Jw8ffU$XmJWCUE0Q=Qn35-*%XF zpNDJq1=G9>XSYhci+v#DS@w`g>n#ABcXOFyb>K>GUCs`7dQpBMdu8I?+K7hdG7CG! zdwHmhrx)k+a4YWmZBH7#?D6J{9f2#o74yZn@nno%-m>d$Z(8r!m0r@?on;Fi&Vw-d zmbBS^ySR4R#kJL*wta2%@J>FndN-$9OwGx z2Anq;C+sdnH4DbLULlj4ZaqUkJn-r&H(p!qO?b{PiY}~gh-r?4caNbl^ zD{cKrUoS|1OP)P;%4dhagZKDwy0`KvoTSILXyAlDF9gypws#UwpA!7bw_f_HD-E|e zUqw94#}0ADm2*q;epbBA?17uV$eh=>!z+SbjVr6P|Al{6v%A&Z8aOy#Kooi90cYP? z_cOe8H@qvucW9*9_@X`xCJaT!&7Y+8-bJ{LH*kvsxQ$nEeYmFk`c6%pSB!AB&diQZ z96@~QOAB7Wr0tc&oWR$>d4I%6|Y}l%KJQ!8_D*C4 z+~y;=%|r0wCfW^NYRmF4o8HJyC7bB!jqQcS?69Xd+I$4J`3PQQcwye$SY&v@zKu37 ziECbhZ`XH7;+mhtH9v{3p{FwcV#v}(&e?7y%}aUe(bn0k&Fyqsw$Ld(Z8l$tGha!r zyMSxq`EG5A8_(ye0#`cM#%IFf%xB`7$KXBNm`dR1+HQ234=D6ainw+~;hN8kGoOju zTkW*IHCft1+U7O!O^lo3TN$E^>upcEJ-<-zo8kJh$T%Mbifg_T*L(-xo?F99o3viH zu-zfWBc#XKWr6*F0#Pek-ni zXq=(WII3gm4g!a_OmNMUaJ`~IkG^e@zv0Y>;@d30y_g{$^b%$x>mPm7BL5qwoDPOV z%O@^9#e8?mY&frJ)V`bA?A=3plg*Q)ZJrdD<>L0{Al=#8wN?4`l?$8P;+y1OUgFSY zjaxkEn-`VWY5hrD^J*-e?O3AMf@y{m)=lu7y%~bH@g=O%-p;C~)^qv_hRu68!#m~j zwukvvT=TJULfLqR&!f{>MpNE9rL!e{%V%8QGLT-X?`hzxU2p01OlhIgaO$76`Bz*K z5KC{)Y&XB^8ydy4z4bwFm(9a)n}@}D@gqFnrY~>dnuohJpANA~K?mFmwsE4qw05k%bZl@A}l!F!4f znQ(tMlHL;9L$9+`j=uWIckB7XCrP3v-T)&;`(Y(V{iZ-!VG zi09fhZozw`k6yxhKwRqq4dvY4xur`szjL2qOa9Zc zhZl5ddmA<@@Y&9JKMAh+-Z)JtP6H4}rJl_;zUg};vlFg<&AZzSuN%enn%X#TyVHD1 zq?fMZHc#>nj&(pR{eQ@MlitX(EYHu_6)Ku>OsFNGAxKcFSDg-(MTEzYkwOb7A0s?7 zd?+WQBGIKlicXr7ET_|$W~2|<5YT`ipf>`v)KZ^9fWC#6TJ}oNN6=3C{r>0PXGX6? zhVz_r?|b&%9nL-TyFOzic~5T}JaU0J?2X?ieu*W?U&J!kTl{U(7s})Q{fKJ7U$g+< z=O*$){Z&5{S3kVD)O+jSM40{cP2>mgoe;K#n{9gX@d-?la`}?f@WgJ82`VX}pH#slk*54#62;P>7WoBi0og0n%-t<^xPShUEUSoC*Bl*t@)5xr%fZm zE>XV#5QEU0HyPM~jn<%|{nUSE@#vrP6a1KwZU2 zf}Y8p0TjRm-kmSdV>S`e9%x_?m@m+fHy?dCzPJg6MX0U_<%$>*eoLkQ+5Ei#+P{ z-=^QIdkOqV&})DiC@4|OZHiqczzju7-~gT%pw^UKx;fWVDVYDv(8;{0702)}(C29kh2`@C$r> zbsqpv7n=AtPbgppSttiH23!i!N&?64TGQ)VbuVYHYcv36gbLdS#^Ks9V9>xk0L&at z<;&S}j>rvwUGM?foSO$QZh}DoVhfPMk_#V0wynp|9ANAqP0OW*5(bY>IDTcA89 z{v<%{3nu-gKp#i0#~lg z1LhH113-yl0Eh(D6q&%L7zGXikOs2j0F*nWpkT}A$(4J1BtInDu|^fZqitgog`}=h zl?@MfS!#yZJe=Pka zWkmQ&;Di@>B|xeG^6loUa||iOd~Igqd1v!W6y-K!T6q2kfY=o5bMx9|FF=GP;^(HJ zXzI-YmI$VsP7P_B1t_vXxpesfoX(N?>{I8d00Eocr_2mrc7SIt3eRldCTFfd&fEeb zLMYg%Z6P(WNKlIekmvjf0J;lYUc!b8h|~l{TU;ox+H}5(Hb`d<-#pJkGrKojK6-aS z{NW~s3r}Hyo5ej<8-aJqn42fEdxTy9pNJ*^PgsGgCnp~mgcJ8WQCt9UBJZpowU{$3 znlzL-1N`(bz)6iW3G7qO02)7e}gqz=WJdvvJluR;Qb7ZhPLVFZ_|O0u8We3Cio~zsR4`BgFwI9Rox)kP=&%0O@YL4!}z@HUyLp3(#I9B?hw1GL-P9r*lIk?L$gX zmfvYpt~OcDZ~|_Km85|vJv}Xw0UvX=XvF~H;-8_UR6>Gx)lp5yiOnsi3sFV)9h5c6jub^*YeW@ zV+5^~N9>vav2IDJ)dFDtpH0|f{853YBqMKLULX%TyqaW;FyFkqDx=&c#utwgDDjH$ z>+{QK7y>y}1ZGzTvTu@3ps`{MpeaSl&Gks4B%t!0sy5Z zDD3L6Zh`8|U}o`Ol|V(GH>ccz*C8TU$qJw(D}gJe;sA%7u>m+m?ZfuWkp!Sl6pFth zaPDayKzU3c@)*GN0y)P=1;}OuILUyUo`n)Y6Tq>fitXsJS#FyK*ut6x-g};oJD{3; zR4*uy-6ViCTusPq1sF1$&K&jyz;+AB`Gq))sV9`+r~|JhHPZyLj#$AIJN zWQGEu6(zu>D`9y|WHxrA%_XCw!3|)RAZ>s)?*bVXfgITad9PTPh`pn;W+t8xBc<|> zfZLtX0H^~IfD9d&1Ay{#fS*mG--JOXl@Q=BGgK5P$cK-V0R#rhGfeH9%aRxc+Gv=J z4(owZG9Y&YKE&C~%r$Y4TBHVEDQNSQs=mMb-k~e)cKxQXt~xSc6IR zA%DJ>AApZN+Ps!Ex%`y0PzOG<>cao=X96vte7Ft+xkmELqzGsk+r&~8Q|0FMocVWY zU90#I>;Q0u)XZZ5a4s-no{Nzs0F+my%w`8JiR;B{HZ>!E&FNFW1wfIAqQEXS@*wj$ z8d!Ti=x^FAdlo-|=?K+{`*1cCp9d(e?#yOR-u{$6}%727 zD^Pof?@D6P^i1IfLNG8y0LVo8H?Kh0kJ$F;o3^x);+1I?FHtrA=Tn>d0h#zf=Hz?fy9#iU^@V@fxDOjfrO|4?PeP1k7z? z{NU)a>=-~-N(f76O7LtVAS7boKEuKBACFfCLRyve78Df^nqEEM2uKBv(SVD=E>W4sn!h}agz)BR#v8jD zVp|L3D-}&a1BhexJTqf_i+!O1wSM7tSS`lr@24>@jvo_U(pq`fddu&Tb!QyQ8)G45 zt3VHA6oDSal4xsNS3s3WDy(4GO^mvetmU{dxtdo{vdC7Uw3X zj-Mf|7FPjkvk%1lI;%kK*Pd~dc~VIGkhh$SO{A@TM9^HNSdX8T*25F9T^^wA7i6)O zg8FaVWMMdz<1+NgX^iWsaemG*qy_{HNMrTJnCIZeuE`h3yvX6STA`%&rOKP! z5ZauBD?1+O+8reA{oT9Y-2Dm&@ocuB5E{_=oU@71$O%k_XP|e4sCbvf{2hL2M&s|a z$>n}%ry$s!#z1YXfFg`T<9X$a1=a6LD-I`AdtXQmv-*8Jc)+_syC(naOz8Ms?SPjg ze;$WpzGOqQo_H!Pgy-2u%|sYl`Ri<5ULpK*=Ytnd9zTABqhNdhZ#m#72Euzd`x7?1 zF~Y!2z4-wQu70f<4|x^@jCS?_J%ZzY5n5X>(6HK{R=>vip=E2PU*&Flm$rruU?lC= z&TfbZ!ood1hzHU=co5x{D4g-ZCDVLH9OSsHgYvrCi+K;kHMW+&Tjs!mVmpBL{v65H zGY>;x+m|X|wVDoXLdn$Tq04Y@UiO@w$DIRZT_tZCA#r2e41})-i2JD%Y6bvecxH@XgOIi-MI*;@ zWBkWI{_#%{KF1Ybgi&dHgrP7A%|hYmq2<5|w1`A(>q2e|?cyT45r}A_q^tsQ;A!V6 zNUPbHt%WH7xlf2$LY5n=FCzUcftvI%8aHF%LI{7f(*O9?IZD!v5)YDWnF7YI*b!0K z0>O^?4QWabqj4Pg9JoRk$Mu##7mth|l6DczClE)<_tHwr0Ae{13BgmvVpw-k^3ae1 z4QnJK50EB8<0J~wV?NfH#WQ*>0-3%rA-(UYpFjqrGzjLN`!%V>)~k;XRY414X9{5> zRMa0IJC}=dTW=7|mq_bCi*Sq4*pc`%3Iq^iru-tLr4V%$=orqAo+9WS<*tdEz#V7=C8v+ zfIN8eyI2L8L(J1-t%0$207a_e&4Gx%bRC$n9?d?`Yju1eR65PO<3veu&Jm`?&Rl@FmYeX(5vu_V<& z$4HA5Q=srA(0M7|fu3u{AD=gQNQiXz7Y7GI;r(enU}CX~ODpgDn3emsMgxUdw!yOi zwKb_x&!HTRg<=&90?fmuZ8mUj{ z@{Q5TLM1@~!KLqozX-(`1?`l=W5n(W`2ajAP+N5shec!{w34qnM6iK6=kXbA1jw9w zL@S{4%gUA>Ybv}S&hU1rra>9fF{N*K07@tbMV1P5eSSbyrm_4#cFRCDe$rz68(Ygj zKBk5{J4qcIp!fF|glI~8pVb-Y!CBr2TBN1W8mER9_ho493A6w`X8lUTuE^XK^t9cj zB)6g|$rh9fJ7a1A#J2+ti{Zio4dY9+3C}vAlHmfiQv;eRN&3BglJX1obL`m_LP^vg z6C)Psbu`9YS#h91-&ceo&<~jXiESE}p%M$o7{f?AE3~M+*4Q}4R+&RWh;x{;u|bI4 z4brwnYe|AY$66jSl8mkSH3Oio^)Ce4``PJ6|s%1p#53j71a(A4GVzR-HO8F;Aw>&S-2+soFiP zi%5~sfMgs66@QkdWLY#N%LZAaELZ%PGsS-O=0IiHu{AQL{f^)DRv`>+q4g&?{)m5# zx5R+yE)4YNRN9diJ7s7sPE6WWzh6n9>4&!AS<6X!v(NxJM)>-(ysaQ(Qa=045sC?O zym(LiRc32>9OlSKYQ&78J&-y`(Q1xtt(6UguI@>qxw4)`sNP5@t_oXGaXmjMD|N%! zl`G;l_tyrV4b)C6Ab-r(CcOfkpDI9nF+g7iB39n_T{ekU=r8Sb(XiQ`o;R%7$5wI7 z;qIMTsC5#P zDWQ<#G`r%U5-O<~s7cMEF^;#!39t22BdtS2`Xf?j_F1aAY2;+y*kuK=K;FjiNxu(e z2Obl#H@~I=5!V96Gd7mP*L(;qk@jhQd)4?KP%3OeTfAhA_(lr%@!J%{logHYcI->y z1R~1|eI$+mpThXM$?^r&S#fiTb0Hjr{%|DE=^IXPbBKTva?49*u=O#Tu0LEX~y}4Hght?>+p#Mnh|AgUX!ByuDY7j64}g z`+L!x!AY#95q>6`P5F;Ha1%lS71&{^lRGUQ?>oU)W!4mgxf*6QfS4{P7*rGJXJ2Cf zZeV)>?|$=b?5t4Jp34fX%kHlFe)Z+hH?e}%_p4QhufM23L2mZ7P<8lv)uDbYKm5&# zn!8rtZ&%dsnvIv6B_Odn1gt0fZq@g9EASTuwtw{-U-K7@w8#g7Y$cbIpzn^wxPx`y zP_Y6{?i?*Iznl_Z0_d2=n^B;PiOZB`f6YArajq|qrhi$`SC{wHa@dpDh81NRh)i@z zUmwO@+Q3+fCwK7rOdlvXOt6QWSA&fjkaBKQL>52_OJT0Yk_&jToVJ?@T0?YWau0E~ z5_Kk(@JKuXR5V9~BGLy1<(_2Hbnq^(*{B5L3Bua(@&HoUmo<6z77*d# zuK_M2+7cE6hzfjTgv{h#wmOVXkdi@cPcH*Jf2E;&qB**(Fq3=l*dhrOo9L}CE0^H; zvAs4Xv1=Z}I{=gEVp7}$uQs7AoKu2qH$`JWf&(hxb8>%yYm?g6c2My=;0)N9Ja~DS zr{r-Q<<_?>h!0TrC(*TJs10;`H;_9B&I!p{9%Cc`RJb*^Q4nv*O{nnb>)8V=`;!N& zad@b@=V`t%d6>|UCq7Prnb-oYkvDnB`S1X950CTkobV59>a)q@;T*%8wsWZSupLZ8 zlZT`lacmwl7i!NH>NG*S=cLL{6qx%yB6b5$!&}}B@Ogz-38D#T`<&$PQ}_VX2>v7C zK!8SZEKQl6APZh(GzBkDBJu&U4>GEN#%1U%2ke|05ILn?hQT=V#eD&tgC~rnU}d=q zw!~GzCs&C@6#V^CHlMzj6S4@P@`xrw+M(q!3O*}`h2Znb78Gm-V8Mgq~n zBr?zfX7d$Td1{mI=feX3e*UWFiw^TwHN+c}9}W*+l&xs;L&88zYYRviCK;oE%QAZg z?2q#Ut9X9Oz->&PXn}~8AMo|O3Pl3C?zPJUa_*{3PF5h)rFAW@pD?kQ!(-5ZYZ!c5 zp}>Gh(6OBY{-~(}!zqe_Q4)K_#zeFBBRz#1lNa}gRq_I9yscEgKcN!-=?glj z+PGyJ`2EHFRRet{KmvB!cEW6Zj6)Vb)+Cl3Wf4Jqbf`xU1725}v(yh!-=W5`RWa&-rhC$Y=cm;o+{XgROTy66K{ z(Z}60ni!U=-t(rw_oQoZUt)BzMQ{^A*kJ5`lUF)=T?tT|!QH-HHUjJd5ukNwxiN|Y zI)uN4h9!vQgE14tU>?iiR4E605d`6JrP4&(R=KB)hpjP0nZ*ekL#xv3v@KFnn1;o0gms4u^JtfU2G1x1S z0(N0KE{3JU#Mh0H~sCk0_O{3f+t$_xd~NL1^--GqJY@&zx?px z%h4nyX%mDtIZaIjgh;44Bw*Ja%;K`}f4c)J5F$_>hgmp@EH|29!LMTmFxx6Ge>VHj zpUkkPoXMlfIlLjVGT>_#I>FvNFJ}+di>#gVOJpv_pCL(Bv?8D&=6#AsgsOk;!S}zH z3JY4?5K=y&ylo2x2Yg~0ql=4bw-p&682hn%{@iRFEEL@A4Wb$n9676i9}heZrCvSc z2(dQ%L`#2L_JTR3rIv-Cz8ACCJekFf0nad~fB)biV43!b!0RAJs|n1gr`?~aad!oji1->XPUsP8+A2kh)M;38o{#7hdS4Wa`qRfmMK0wt1b$UCdgHZ=zvN%MM=7&2?xVTrB4KG+f-^h zIs_xFRNon)$xIf4xg+d4!(M(bPIE!xQ#uv5atb#`dA-0kSyJ0>N!90rYra!4 zS+Z379kiAFn6-l-ef*}FF5seU*pq;D_yAtdhQ8S1!mDwOTpifLeX+|&ofCAX!o&cH zXEqFavgE4+y>F$e$s94e!xArKj@c7#Ugp?IjcvUOc^8n~hw0H)acWYqoGVTnF~j zdbYb?te)X+H|Nvm?%I9suHEPE+I_xSd;YK1p8u=$KDmAU*4JzI{Ce%4U$6DASFirx ztc}Arzg<0N4N3L+cCF91Yh(3ocL4A%->zNz?bkM=2;7y{wMlGlBJhq?Qu`&jG~xbB}G97h{lE#e$uSXiHeELIq^ z_%!PBRvZkE_15rPaVwy|T?m&=FZaY6z>YO`eGAXd(P_UALh-bC4Rqita1X5igMs)B z_aSj@iuOX4qk>Tq_`vJd9T)oa2mTR8@j9LUfEW$@=H&I%e}u_DoBEG1vhCFDQ2L+G zr#Ux#N8pz^=?ebY4ZfhiAFP@pDx5&q?~wzn!8vIf{N%+m^rz}WKO*J}wgk$|K1it3 z*v=aKg!@A$(mtk~3*d0fDM6rtug|85+=Wi4==25uNT0o(MgS9jbN*o(&H}81e+r+4 zuBUBE(1p*e0x+8rWXSVyEKiBhm#d4|)BW&rjU;o?xLApL2 zj(zVRIQEPNtI-sl5^2-S5k3qPGNy;n^P@2VH25z_YurC>AkTC9m|swW!q$`kzBvcQ zpS~QeV0hX<|7s0pUkr5kFEJMH?qk4;&$4r%5M3_}q>us`ipE)`{%a;we?x(t$^GKgmH0$s+ z38H4hN!JmSFYRn0@pemj!Bu@@E4Blkfr#0y@(aZc1&qBS3mSU-$=-j`;M%|5kZ@(I zW=cl@{P5-7?|?a;(dbb5fp3r+DkEV_6W2jG>$b|D5K~x#^_pxn_=y=H4R+o;{1Y3y z!y20lZrK;~M}Ri)m3L8+M=oLAPPQ;UpnI~MjyJZn+3{?|(*w&|!b5;#Kd9#^xSpZl zdWM4Q849jvV6it%#rvEzbre_;r<@vF=2rMqI23`e!u7Du3L_-P<_%0Zy#z3d|4S83T^3gWUrxdo5#V!DS8Yu;$P$IE+ap#@h=YlUc6! zrQnJM7oPc58~1NjEs1e{%UNq4g01gy0JZFdzz5}OD!9En&M3Bque`AZtf7bS*1)}h zi*&eTYNiMe<0-r(Ez@@depVc!!Bt{IdWqt7f1OSw4Wv)6nqeQzO>zGS6D$Z@s{ZxJ zE7(dC>CUOHnViuchYMr**g~_F#dnr+6s)Sm9l}&kGX4y8-=!2WWT;Fb}P|68bQYtoNhlQQfMwU%Z!W zlvSTOCLR<>@)WiRn4{vHelFn3PC55nes-{Wo}?dTAwp+i&l1%o{C?Okz>R%{jyI0; zlzTqo1ZVkND+8d!@LK3*z|S8Xyy$x{Fu@e^YG$aZ+LJBxIT#CK1^t0xjWV4Mmn;Dt z7anB$z(-A|#1XTFL6E?J8QM?5907(qK!;7I8e-si#f1lU)9H$$4oD() zE$egTjEC+wm-~2P`Z_+tk1~gM`4#5AmckZu0d)0}%zT5(eO>f+?xYV+R`-JLulurd ziJ6sTtk~94D@} zGhhlb5Nht{4S}6h6@tJ`wg-l3v#a?v;gs#u%_*D+ujhX#7-p--Cv;#$+X1$K0(7SK zUQDtDH(f0BZ0^w(OpCd7H+5K9TG)&vGBvn=s}{tafYBh}cl_JnND9F7Xhr(QfZrRY zuRm)mPQoZIz>(+cw+gP`f|a(j!#;>&RcK=i#xShm^7;L6`1D8m#QztsNrRK|&|xzZ zwh%)|TdB33Z&Eh+wUv#-=SN$C2}e_p4lI*kF5>)a^ZQy^J&XjppQC(`?6)n<8wza{ zgM!ZYzDv~#%tpZ1;XU7WULCjvO90OaG|tfz_;}XF2YQq9p(_HkeH!=x{=<9eVPw*E zgltt6<#-c;aZS8QgaEL%c=N63Gn^NJJzleBpucS8LhRFy$nWZUwS;XK7|+%f6;v3*)A_sy4q(Gne)inao+)gwM8R=o(jW5=0fMo_Zk_Rv zvrIkoz?`#`{UU(P-=3k7z{J1!j$rQ{yKXfg^io9X2?>O9=qP9K}of zyi?KEmcC^P5ZR=A-=amuX@s3#nXmApo`ELZWOC_5%lRWd&l07}2hDxDj4l0Vn1XdM zM_Zbs>iimQ;Q{rSu&~9J&Q3>%FoCU$jJ|BD!*L}xy60)9D@%{In&VMtcZWF`KePHc zaTNdeUy~sRUEia!D6nxTInaQq{H(9LYO`|GNB{cry}p8<~~1DX7_fzM#U19_lRwjqdN>!eF9v z(Qo1kQ%aRt;M%|yM^JF%nW49F)2rBgXj@g5=*prqTjcnBtU4CJ>{-kjW(9Vbqb)GO z1$9=&q1f+Pig3o9+@AZG4zecASjq9odeFI2-g{wW^7j0J4cz4U7lZ5#%swhRK*1%u z7To9EKFHSA%1Qr{X9}*Wlm)91x*zR7BU3{@Q?S8S1-~2m@SIebb3LP)ytB7wxA4!r z81X&8sZx~lWs!>3b#?e|I<$8fooiVT>EP_~?UPzW6K+| zd-{DoE@2Blqs2oH9B;2Mol7<=xMTp$$v@;g_^f@oA`ZvD=G^D&J`Mgr_~UiK%7iyp z1;Z-{K_B2pmnnhtnHA|dM~aTqkfka-+DbMM_B7XLRr6+h@%%1^;=|*>$~N*1>F@}Y ziGmkjDB(9aoKpDmW5lcUzck&L>4EN7ciZ|24Bv1JJM38lS3I6QQb=j=fyq%TnAn=? zvJucyfWaD zw*=j)N(qeHVhlC=pa;>Px&+TJ3|k#-acT}{7O*EMdPwLuY}4#J=r>*VW|3oWDH))u zmDhUKSqtyrG#qWcC-R5XVGIPo=vJMtk`{(pgB`>(o3m8<)OgDv|5rD!&paPn9VkX! z7~QI^^T5e`X!Hsysy?bs%w77F_rBobY1_@88;4Uz;IAj6jv%~zIUpat`Qmq@?ZoJP zenRx*>(RD8mCsA_8EscSR8&3?+_!g||29Z>8j1`aQ<1?PDpIaOd~hPaTfb)T3feNb z1%uqctdXg`=I-E775S!nIfHaJq)7J}dd)Y3b6I4)<=ZdfF0RL^%iHgmDCN(7=MBCa zypciH9_N>M8Q-)?~D_{^ybVi5`ah#dVvPIX;9J9@_5R0Mw=t|StvWP1GScn!($wifQr4OFYl zjY4r2>7E#otD7lGj@xDX&Pl5hg)bGvWi!?71fr5y&qg=BsVsHHeh}TMze&DVLtdeZ z{Du~tt8xKOne97gTIHvg^#lwIQNzjBq%9JZ--%L~=lCz3*18YkzP$ZbU2i#5bL4?Fnbi01NJb5#XaTv z{-bx-fAsG9kKSGXoxAJ5b9eoBzFL3NuhxH5wlO@;SL;9e)%uTqwf=HnuXp=)z2)2A zZfvs&{BDFswE=nd(~my}F#*AO1i7RFcnPi`*PsZ1oUtO>IGz|!ys@oSYT3SL2(lp2 zgJYL;pKVKCoFf~c!-Bx7aNc>)f`nBa+_08GJXjGA(EUJQNbIusz(5TAYi!Vs(=hVp`vtDWHttIqFVCnef;V2DAR%si|v-PxFfK85t z1ovx0;*{w~Im%kgPw=wudP{rimS!e*v8DXXaM&QoX;q1Dd*yZZ+2C2cpmsTtlv`@A z(3mpP&53zdwHNR!M#LXBxjWNi!zX=5-Tj=_L928FaSD5Sl1 zA?>vv!Sb*f{dD-40g3hY9(D-o3vNgJY*~zjlw{aiuxKEnfy9({61({JqYr+quZmc0 z$Np8{5uFqg*AD{{5vJd*eJw);gKiqFnpb2S5!F=|_oaxBSK}tq%N5%4d(Ig(pbZh! zjW$^z?1V?f6N9v}b9U3;SNu(+mz=Z3JE6?*aw5I7oXFt$6yfx!f@>mrsdRSanr^TO zQnhOEeA#U%C??{&w5RU*my5%V?NVrxa4eDv+|>=F#8`ZDw&0Sh1mtao?BW{BA|~dI z?K(Z#o4Db&btRMfg(;>Gr1JiGVwQAeKP4|}n(P4p##_C>zI(-GZ;LyHQ^ zfM^O9K_Pz``$R+ff<==?($F5mfPlbzaa!R{-fng!Cu`D?TCjO(7-3lF$}7wb$}KF@ z4U%%(C1B_PW?9ure5O~beFS#<87}nfAvZcUg!a4M07r4z06LOST!1`(ap)nDuU~GH zGTXC}XhE{TNKHK#UYlO4ZqewAx6^_g)0{vcxV>SL7W@an6f^A8xQQ<=-OjeKK$}y2 zy9!n|zC*^QMYB9BHnw?7HhxtG-FD2K9GzA{bmkg~1!DX{_>u^k^7G1z20`p;pGFm- zXbZ`}3c&}@SG5GTQ4Llv*T$)K7K7WZwOnKNb}P{;B4e)i0fC{k^Av>bl6o^-!;{si z%UHKhgtTk)hqjdUZMNRx`uVGT6QmGURTf44#R}m;SxDtpieO7^2UsQR_9sZ@u5aLv ze$<+sa?(LCHF-EOyodJ>JmKT|-X=YB#kfd3Sq;b`4w(5xo1eqE-5cV;(c@0GMS9@L z_K;mkwLg%n5~zKJatC%ng;2+5hVW3Y~hZS#lRNA`O5sUO_XD*N@zpcCU+9fu+Rk$ zLQpzm=H37yg79T5opv+-k&d_}K=NhO%$x`&GK0^t;uP|1p7gVAmq#6ETqDv%LlHiG zL*;x7i6AS{5QJwrM__pN_<;zAOH}A6`QuVAz6Js6QyGdmJIDeZ7~i8`xe)0`Ll7f=+&>`8YmCP7EuT$e97a8e zAW4?|@#q!b0TDqDz_|Dv9o@sMDJenBK)yh@Um?h)qwQD@n%NG7=%o7}J$Y=oJbBIT zBikeh+Iy`OufF&?wH*6;!CC=H#n_`MH%F18-&%t5aOp7Sv_bW zsZ2{t^Ja2Ju8^3UdW(sC+Z^SdY_UQ%q(TFN#9jHAAH`oOGpX4IVZHu<1jC4)Md~QG zazny1N89DEX>(dgTd*WkA6=E?NVk>9Cc=t>|Nh1GR*uU`72DP;c}dKPZpMZ%U+K2| z;qFgYECX#%rc81|KjA(gv&(yzCkGZ52(sc7xVgzYk3vX``I4=29?1NSbI8eU%OIt7 zr18XRX?w1DBIBap#^tC~5PPpktvx4eK=9are0)Xl%|8;H+z{Rmz6zqBGJ*qd%4uoI z=`!{-q;?i=-w3#vhv{Za-!iLwwC%b<(@FHeHYQ(2DIyy!70Oo&2?QV^7HKi62@5$x zMGJ23#-2bFZ_Pqai|()_9@-5jRaFw)zFc!XZln9G4i*|#-SCy-In6OP+QvCHf8Ci7 z!FZSW3^AOuv#>8AyI11bwuU|8R+aEaAml*8dpVs&@ZywG*OB_V+Ig zAa2UOY57f$>0&hvDgH)ips~b6xH1dWjXQ0cP9ZXvH?!q<`wA)Kp#gV%UTPZ~!*S_6 z{!Y0;E*X*7_}b$blUScvPYbn1<_kYPv7Hplg91V_gS@f@}w>6EM-B-xwUjkI_=)~=7o zv$=A)#`7+}^I5)AbMN9J$(!5F0Se24E7x~_+bb9}qQ*|j04*TY@;%NHqs;QfuoCMV zz=yTsm$7U%k)V(RQvta_DKaXsB7;mGB#y7V0xey6NXu$tly@_-GA(g+q8m7fg`~!{ zNR{@kyTK=Wy7_i1a|kozU|CW+r3L?jc-Y)aq*_BxZ?LFg8%#?OY=a<#iQKr?8q#+b zC+ImUomO3241s*Us3%aH?Xyt)r;=Cc=JDHBd?6KAw2ePic9fFRBAmR@3b=KpY3i^X z5YuKq^BYgf`*C!N_&te2%1e58XpspIh}!Xbx37j41@=M=0_G4bgiL7o+p-Xrn)6c# zN~0khBBO1MXiFC2Tba=H>uV%DK6c>2?-ex;jbRnxb zDT}T1P2{eZjJ9tO(kjoBfv*aR2O4fVlIZ=>_B%a~j=RU9E=Cvy+_E7tmCxQ)OF2Ff zao(R1&V{d^(FbX|Or$gsULh4ow%@CLl*U3g5tpbeAP5FDyd(`dXcAXiN@Hm)s$rxB z)-|P|b)-s>?lk9P%K43UA^|dRpX1?K!$=|Cj%dm@swFFJwdtluqSZz4_dYwkvbp6%pw&yRaYJy_@K6w^8 zb}ylA@x^7z#WYF4i100nt&#@ChIGHQ4GDi8``Jm!bN(_U<)!V41sPvXVLj0<*ebow zU*H8QNiJ9_%ku#_;BU3#sS6D)P>6u6TwGKs|vtd4I$7Tj+_zr2K;oGl&!(E&q^Z~WK zhM^FM(bG2mYjZ0Gn-H_7&a%cy8>ZXw=>xB`P3&O6BH!emwpqNPe(x{137Z*#>%=@r z(^ko(l|Hr8QcIsB@?7xi)fPq}W=d(RQQ5Gz(HnM|AlKIOZn9pND@@}zPi+z2=?sDI z@4xKWJb@wf9M&q|Werwq74yqZ`C+jDzRH*}LjS` zql}OHwzYvN&^8Q9+*%u0gx$K!qB%+nYpj~5j;r<06}r9CKO!Zgr7cr1WpCy=;ms^a zXZqN-+EX#v@7(benU*VvwqOcSnH8t6i&eCNHG#pN6{9tM`}_b5mFvsyYzC9tPs8(h zKe6SsK05?vI&02eS4c3wZb-SxV5YG?!JoClUM%>a_0Aow!Pz{&_xG+}R~+9rd~$1r zeT#!$Ovh~h^>)rpk-XD(?WxCNc9a}Tp6=~cU1yop_JLN~zz83Rofyn$p=m?`?-DmI zGA0^Y#}dmtVCexCPcC&i@8T5Q89bL?e(}{h#u>BL_T_JHVQ}HqbzlB&9lQI*#?C$d zr!F0%^G+qza-wPP++js&kAISKc49A7JPwiYX}h@iyI$uc*gRHnv{`Su(gTdDqF)aq3@I+7efsD=>Ertvz}%uh6U~U;)OcW#*XGHzBzzY zhm8}=oP|oH09%>L*wgXFD46q!4zQIK%(nU4S7?PNdIf^%AOmAp!Mx_WFiux^q_D52z#r1XV)PPJ6XSx)>%Miz#$t=Lxo`i;Itc zNO4rKrij9cY|9U{RZ!w-ojMykKN3Qiq#`Rj24lY1-<0*-sn3`7`BRCQUHbCgvwU?e z%x9fPAU>&3Qh&)L+(sK~VG>f)ayAcMu~ z(0h8Q5sN{TqIVH%uQg!47H^w2(kcuA4weH z+Zxt2U7!t%XVD8veTg_(wt$JI6+C2fAj6yayChI=a<1K$nSt2+LlJXhRb#r4M6kMxv5G3~c);+uVArLMjf+v!=&sSu2}Z)scfl+_8pjAp24D*P zRVZM<%HGl2qD1$$MJ2PPt=6uii*xP>F)A@f1D2&2tV);?_$ro!#O!`Ctfjb~$v*gA z49-omB3?wF8u_p96)^aT>%$K?ip67BhD5M;u)7;dK~PO>hcc*EG%eT9&J4G()-oeR zo5f{@FragxtTDs8&mujsBG=pU?&H?8lI^)pmCg0SeZjD?l9XINq=r>F8QSu__L5D5 z8EJ!Bd~`M5(XUo~8Dl6Io;WO9O!|jxp zt+|*Q)}Pw8_}NU-Nn0?^60xOu?T@Sy0|rB)9^lc3j6B$tCXYA|ch1V1UrxrI=551* zMiN=a+WM@vzCLxh5k4{ViLP)qsfS-UP+rHR|dPN@JYc22OC0^Tqyq_Pk{<6~gQ z`FvPX@OI8yDaN>Oz}hhar{y}zc0`yTu*+`GrVaNEMF3)X--(r^g~yF{h+5Crg5qQY ztIwY$wPV2I1KFWss^+mAfLuochzE7t0bo>GZ2?HODf9JNA=cEA{W;EPR0dmMg;l|MbZEPM;Y0)pRSkZB96SQXDP{E&+4 zZ7o&GVdqP@B~3JRqM7%FemJv+G3Nz~G*<6N%~VuBPfg0E?qI-50I(wAXa^@-KH`9* z{5=@_ugklIt=_@5)su;>Rsnp7BQ8sXX9+e)7lrlHzA(9C!yktJJH!-6ncy;b~t9CFwII|Facd)GY#9HkP6-haLM?2+o%CW*d z3wseebjMn1=ML#|2Zs;8dP&Z-Ju#0xMsQ?I`2~Ga*qml@wuNh9PJ{{)A-?<{eL|l?JnX_`y68|=GW1#Eo;}_`PYAg z^xJc*cJ)YMBG1?_MnP8|oS-W=O;D$_JTstozp2WhI;nzwJNTDCyU(h%ez)eCqV>Bq z_ft^46o|N#sSL^*Zw{fLgAd5oUsiQB3r*&hOtH{gxB4aC5C*vJTuEI(P4=is*?8y9I4|B`KY{dq+Xu9@FQT4M0u!bJ-yK z70Or)k3lQwtB;Qtvp?Iae=i~yOukS^UcGFnPpnX4XOiVAf(xAsw0wMb;^Z69C?~5{ zRs`UnT^I-qv_>h3KRmm!_ozR)G(Q;9O4>nNmHkXmb& zuStH@*;HWdBBJpI9(^>5t)q}))!A)czWY(#8I7~!3vwBo*P){xdYD#LsNeMBR@FId zH?6t|TVlSQMcYBx(Qc`zR=kAz1-xR2c0Jm)G3SG@U7wLdBLDpsQQSu zw))rn3=6k5^s;4#f>JPc-aoAplqx#WV{`3%dTk(OJa4-_-&0=VQ)R0^iVADzps&g_ z-_dX@PSDnh+KM@$ca|^2-?v+dpwA96W!zc5@MCm{{E(<3L`+!KYGQzlqIDKUCgq69 zwb&>ZUf)p5G)k(@u$UJKAp_-%_>oh!|8B9EC$AgNNzq;Z!E8k5a_&t_uK?xHn!d)D z!^uQzlLn`Mzzea4wq@2^-KjiPN428{HFl&%V}&MRb%n-k;hph#cHvHxZ#MQ11Bx~e zXoSlZiXX)DsJD`szK;5NjkVVPRP9!mnAEuQ68qBIqk%yYoNzrwrbpCBYs_4&W-pzy zlb6#as)X0_br9Gj(dwDdu;Z6Mcm5o7anbh?s1DaYDGd#S@>UhtWVD2L?$X5c!NI{g zN^oD$57cWOmZ&m>oWe=5H9px=)q=_qz3~23hRh`FQm9=0l4O8PJ0= zX7$#xW^C-1r&VzjKGji`{s$Du-DSV%dA)yr`UIy&NA+-E#oa9*DpO+rpcfwx)Ep3j zLCr4Zbcukmv3s9b_A^B&BjrGyyB>@OiYX9-_s4s$VLhN8l32@9&1GXZiCSGF04*O( zsVAV?xcGQu6;Tw`;&^VXJfrd81{E3?&AZtP{3N>%pB)@LdVtSw{vLDoE_xKKsk!=Y zp}t_XqUad|TWG$gZlVw?Bepv+ugf3KVk+&FWHXeqzc;Ik=2@s z@OKJzahCNq*J5`^F=YMoyW9#C^%mKHp#v=!TbvZ4m7iA63>qJ0xmImO?!b3Fv{t?s z&&B)FT9F&^^#l!XsL`->2wJ3bcZ(`zh`ubPy4~4*gI6;L(#CEbm$mkJL2Q!`Zz_Xk zw*0Gq_T=GKHuQh9S=I^gG&5H+xyJ*9R#E9p0*}6&|6>$u8zWSwxqD;*sQi zD=dswLwScaDN6nn520&1t=46VO;9vx5{MJX+m;4qD;E8sthXro>%C=FcHKRk zQQ=h&K<&`Od3jvh+Blq7j^lv7ghlIcv8wPc6;{LMTI=9_Ocw6$fF5#6Z-824tC>|n z%Q@M6@Vh^mLB?)KZV0XU4*K<6?!_CmaU)JKM_Yc6W3Mg#psusHHtmcv6SU6#=A&$B z?z>U-x^-~l7Rs7TYu^D4t)x~Le_B~h|#yOnNu)M}dTMx*UVImVx%$hSX%@a|xZ!sV>wi|pL1&-+QBFPg z;Apphk}whlC?mton*SISGo^c4UDDPy0i&UYr!#@vIZ1R@jE)6yw|nyabQs;_I4k#N*W=?Aq zP~}TlWk-iQQ@3-m`d}PJMJB%=ciI@2$dAw4hs}1$t~p`*ad;T4-_gDpn1Iz$KH6>0 zB3j{qq8|q--YYf^5`cLT1T$q)TH@7{rR;)M1U_0hZutLzR*p7k ztj|p^1J!77IKM}^I6P9I^?k6M9-urvTle6M^WWbkRSBEPY*A(hjJB3k`UBBdE+mRi zJ~6j}H^PLyOSG^|zK^q8V>sxw^sZ1$${qcQ%V7ngPIg?mg(?PACRAD(^X63+z0lWL zAFl(|z5H+FEqRPej#~N=1_o!LAN{fkY(aa1l*TSvhYEnf>L>v2%n#O;jVTH&>3%lIT)`7%;F`=*sK?Y1*Hy zzV#W`$pp7b`9=n`80vu5+!ng*pOzCX)4e8@M+8PNRta0q13$u{znd3B?5|uhQOgxJ zr!45X_Oz0p?R=i{?hJ#oaKmROFJO2n=`WfRg(VXXXy=53H^z`hTigEj++RZvs67jM zg^WH!5@&_;%)9$}%EI zh+Nk8zrX#>XvD~kMxPa-LH@EM<^GW{?pWy%Q6MXj* z{D1lc-}?mrUp~S2Kf(XkPw@Zn-xi_2|Nr($`+xii?n&$adjJ2V&;kE{HjB{PN8{W0 zfBH%P|LYU{Uwnf9hso{h|G!V#YZ6z_^Phjx{$G58|J5h>s7*+J-d}&x{$G89|GO-j z)$jeQPufSnDnh^CuRg)Q_@w{;+XlGzAGZPS_?Msb|BpVwNB`{h?|u78`*)w2fAI-E`gIZd^=3`Jl z|C4>@)b#lu?F~*=EW#uq?lmv#?1b8yBvkCZMScD}@gl1DqrGx}9=!^?Sd8{`c&>TV zg42^UvKX(yzgqX0f#bK-`W!!z*Mm1d3f`#|j-1-@HJ4)A*L;e>m7JSXG5DI_Fu1qB zMnuJN7#!)MSCS0ADt&1C?|xY;Zwda(dKt>#I$!XE>s|?7?|X<`Qh4mhaVZ2}OMq** zj_jns1+T|_KmgP-cxIx~;0j-*zI9xaR^%Oj-`C^6oZ7*)%shK(P}Pj?1T| zeg#Kl@_T){K!P_zw{EQ9+LUuP6ENfb*3x|nk5#!+d~9D&>)A`S(jks@1Kh7RB2wqz z6)(4^=3f#rZsEA=2E5Xsz~jAi#VMN7zxgXU_K`Tm6DE)^8D@T58vOSl!KJigYC9#v z31f*WT*J+eO>iLi<#LLc_~2}g!NmUfHD27H6Ir>&h zRC^x3S78nhV;)%HkII*1yAIsJxYKaHHGowj>m%*BZXU(OS?zaqYQ+xT@n&h^dE(Ud zpF_%sbN{$;UAyglDmk>i8sYe=*b=2Mo1W_@0-sM+(_f-3<@p=_v(l!|-=Y}Gx4XhA zv4rWX;rRUPdhY+W93>UYLAwi6Q+n2S!=K2|Q--$MUwwS}_`$coC9SY<_Vh5`UVph< zmTRE3WY`rk$X%p3;g73A`K~%@e=E&wMAY@9h+g!pO72iA)Q>>g}Y7^R+J9<3nzijRB82 z#PhASQ_Y?gVt?!}R0l32#(=+ka=-1jAzrHEpYY@EO782S;}zb`{hRmrPck-tzvKOV z8h#q}Yt;@P!N{}1&pde6@O(049oPT9hNBr0h_|{vpBY%ghw*E_pV+>&c2&DSuj8*^ zVT@06e^*gM+A9FAr56`Ypjb~grd|Iy8>H+M;GP@$h}(FID?D9Zq6K^Z;7x~Y_zgM1 zkVzk*-4tc#E@?f%ds;GI*d6d;{+l$BW$k)uILnaY+v(5gMFa!$cPanqe)T8wcer%- z?(j{Sx|R|Gr{e5QMb&9)A+6y`iMDgLoRVCwuf+Qg?sHsp?zfKj^ECl@!`E|ZN8mLD zJ02UJSDZ0KmBu4+^YssIRH3C>t5;*s5p1KzDtK3H%B1HUlra`O7_{Na^I3ER8R#|Lq` zcslBd+SAv;(09)xc=_n>&)}&%&jZ%N@<0O-fn{8;HIcG1f5Em!jIKDgeccZ%$MkQh z%;gB4>^-2S%ly)(kU!HOBfJ@?49I)ugXhq%kDJ2%56)8dv??3h#-2vwIva$*bMVIL zgzc*1F+{K7tMyX`qP6>-v%D84y{_`!qqii*IaM$`$EyzV)%^=!-M{eF{R{6NEU&+L zD`#)M%RQ2oy)}#9^I@{5l)2unpWka*3M=iG`N&&Ux!c%7)SThaYVtsE?CUtetck>Y zXtOHYa;*pa=q}V=y?YP5{~XV-5q$ViGVg2q9C5mRl~Ei|Q+Fh!{r7xDuO}(n-p+>N zSKvkjAd9B>fbH(}x7aRu^jxnOnP*6CSljXadN|=+sP>mP)a{2k`vqUy-6_a-wO+&{ z>Nfr${{H+mH;EtJ{)a@S)vEM;=GR|-@rA4E{F1Ls2LF(fys#f|f&%qP8@VTq?hSdM(3L0LitGF7>Cx%=aa90e2X5>&-#vCdUwIu* z_zCU(%d|TFZ0F%A1hyp1o07uf{E#0sZMfckt0%jLdH+OZ4r>m)d-OlXtGR~zq}7h= z5MN~ymG>A|_vcCH51A|^$5ym=?{_w84%p0C`hhw~pSenb1a zc6JnhJ>YOVTJ!{$jXiE^<$_ivGx*Ed4Rt$>vE=@=M|7-r4&L1D@&xeC`r7)8!+l`j zv||XChqo`o?{RJ?>9_0^v^TuV<1BV9^^j9if_C*hxCocI-&^h8VSnosZ)<9{IHY|Z zZ+1`m-E)_A2H<`iJj?uo&tEQ|K8oNJ`-2@lOVt?OzpdpSxiH|>Vb$Jh7!U3B+-WZ_ zIwFtqEuJrhJQ4n?~(!E*vmM)JUFaz80{UM@TK)5>ysuqYELJ?W!&<9z=HM) z@^V|SKfv`<`%wc%?Z^Azs;X=H$dU5WL60Dyo%3?_1?$3B=jUkel_6~0t6XB>)Y*Nq z^eJ`uVV}EoK8oXT<47$2B)*^$HJ?E~I%T}U%|ZFelwTeS`3-#SJOvN;;S|8^UzM#6kq#9 z=0aX30hZ^!cXM(+Gkv(>gCBM8`1%7AaZcD$zS_2zl-_Kf1zTnWe*EMVos4in&V%6S zSvgN%5TtE8IO_e`QKhg0ciJQde7mfyi)7%yFSSF^(= zl#cddIxxAd${_8jb-2=+^JlN6qB1-+pQpFZ&k^l>Kfvt6^5E^EhLi}>-p8*}9*|jc z{=uC-+G9HLSo1B~lr!&mJHC0JYUcKXsf_)?b(-o(zN zmhQc|dg%E_Y+#MAqCP=xO^O`tU2ux8ko$M;(&q+-Yz{P+#L`VG&gvmE>s z_4t&VX}K032G^*Jy(DmI!i)S`cwJliJ&%I_T$j1$m+gs^Yck1zH~CKd10^rR?DTc+ znOu3F`O(Aa{_=~GOND^!T5vvevX-L0m(qnp>44E5+A(>@@tpHD@6n#=l69seVRA3J zQEbP^B&_e?l)a2Ok@=U8P;$Ko0PGTf5dXmU#ZO+Uhy-`JGQ_Y+ z#&ZdmAH-9}Q@l++n+*Kc`3e4U85SP3@Z_^C9>=u@i;GKo%e25%*~!m3jx1O0OAq1< zc;T4B+E?)6!`{n%5o#`uP~Ui7mieWzv#eQGi8!?#P|gt;VS>Ty$c?-<+H0<9c%cab z;7e+KW{VKT1pj?!6x!PPrJa0revbAuOTbv&^5OsD{4hVS7(u&sz8oK4`4!jw?oYb7 zI7duB9_@#La>eJbm^CcKYlNh?jP}DKh*S8yfYJV)Zq#i?+x?z&*OQp`@BG8pzmy_g zZU_jtm9iJ6hx%oT5ZeVqjiV!k<|{x(KP$qzD<(a(Ci7p`QV8qLlp?HoQ$kpGkA$%9 z4}tK@dVNHH76+3y+!ET0Q16m|Lx|I)j-Evb9xHr6ZRS!A!3Xv1ODd8#mB1A%!mWH9 zdkn0YjGWv~%daBsX0Wp7*xrZ`h+- zWQKd(N@7TlwY-Im{c<6N%ev+ztb9l&M-Bw+45yb!f%_D;Owu!h9JN3~*(IjM*CgPx zWIS6YY!SZw+A-w7_okM^e6=!dOHi)T+?2huU%shTz0gKjC4e>pJcF~TMqPRA*V>q- z>I?je1k&+VOS?;K%|l0zDz?ct2JR^m4usR=w~cTz7zARp+K*EUBY4kzfuI%DNNLjz zmJATFHrb%%>674lGrSBL>k7i)xKdvCl7aBp^K+e`Y2a3mM1k|9+Ki_-1(j{Ez_e2-*-9EF|`MTN5j&VP^+?S!g#IR5}AFTqug3c%zcQuK4}Oi zC>l9VJ0W46hQ)OPcjaKvRN5{HQ;V&o2;s?({ERFQ))--Z6u^6g@MiWg%VP;4?kUc^ zS$>vF!qylI4k{fMjSw+B5?mv&AT7F2Mbk#W95jEu-lM)5i__4XmJ_Q<0Y!MpkKQ6g zbu2%YH=R!tCh;-?^co@EylD~>2i=(-A^1;!mnN(>>ou3WJvx4VFnxX?lfwEgp^B;w zD_KGz@^gC-gm{7|rxW|>Lka5+wA`Z+a#Z_ZLwLtjYvFAI!uTx$Ov8zCMQTv;3u(CF zI{`VdF9&;AxrnW7y^iWpKN-(K2rbR}1;TONqYl2q#2D`1p`z1lG36B>d1lk2PIN6x z@s4$ZXVfi%h%0%x#PIK1J+x!oA{d=0fhVnB@iQm42naTnZD5a9hgl=5obKukxpRY@ z=sn6Ur#Q-p*h7`tgx_h~Vt7DKrVB);Do?sUc-qRm%02pNd-Uqua^n(mxUwqF*kasN z>Dg@5I>jW!o5luwqrB%Oc%xYol!9sFVV>rTgM;oMp@)Pr$7wNy&^%IQlJXwiWtI=o ztP`*jDbo!-WN<`@tO%#aoYOA4evi}R6gOHCE?!^OsP`Uk>s#Eb9z?Bj8gP#aUnSj9 zmDe%tzO8cpN{I97Nh?G#5C}7M2RTu-SC-S-rV{jLY1=4;yAk{b1Paypr9W#A3Fr(| zfDIvup(YUE^OArXf)A@Xc~^udFP@t0z9KL)gbl3`Uf#%-)(A21)vwe|eeyr$_1mxf z>A|0Bt78(X4K<|-hnEb#vCdEi!tY@rE{B0Y3c>l?b;3U`)rZ%5IF>%xs+uq=g>T#C zwKBnZiQ{| z&D@IM^z(8Mn2`EH=>eZ(m2l1aWGEtB6#=GpKqjo#S_qgP_>3JI@I9gaKWde`8RyId#qQH%_Yqq#IGIYR}{^4hzxIALsM@%*&mjDf3P2T?zy(Q zvJh_UKe;^iv!624q&!1F}x+u-fBMzo?)7~|9~xE1ffj22(0H$=w|5J zzpS9!-Y=eG<^IZBL1>orW`Nt+|GOJ3a#T>etcA9*pC!J&w0$0jyM~mTN@!Uc_i+bE zsG7FJg6V{|KQ|$4pkrJ{`jhq))LAFQ)yZuG#{}xOnaC~xmrPu0DG=4 z|8OFE4qu-9NK{EqtI>Wpe>BdtBJ|{-p+`H!>46~kfFKf_wOU9aSWlr(HMYooEEVT2 zYZN|KKR=75C-oR`e<;aA@cMG6l#*EPr-5nM1IJIkwbSIWl>-VcMMMle@JN*hinS)8 zLO@JEqS(045#_fm!W!Wr+&W%Epvv29;T*HpL(s{Ax{Icv&7k~HoX;gI-oIyY}FB`K#k{N{%;;^VghN)yJ zR<38x*>ytmZ0+|VtAy5|u+!s|gO8=D1mzYe!dcvpk$Xab-Ii5X@0^#oE?i&3B?tGO z4Qo3+8b8QN{%rlrYyaba`B$S`g#R7FXrG@%UqHYsHqi+yr*C>hR`VcK&&Dfu`)AK! zbF)Q!cJce}L+Bs8cKWee;{v-zE%TMXchO;b!~(yz9CVG@+A`efu|!5Wy67QL5*h<% zB8(2+e{=ibTPMtkNoM9On@VtoF&kw-Yy`JPBgEsCf*$$))4ndRE~3CWMi3TnRMXf% z$}%A^92Y(6XdqzbtZIr}f<=~s4+OV5j*gNhTj^j4B^nNd1iIi)IY4>B zceOu{q_Q?*d|Vvo9gM7)%4k2DIl_}(Mc8H|xF7L1nmA)VH)!w> zaHqv3+44&vlrY=QTY4-=#9rSo5cp*SjQD8j?8+X=GL2u|97YLon7eAx0#}4~c#if- zvZNACMF${#j`m@bJha@dK0X%$^N7*o`QpKY1AEjl@3zcQ!11QK@3@!#(g;ls;Po4! zEu$4-F|cua_&t<%?t2O6zOz=p-3ZO)7UoC~KE>xTmy>C|`+14DAG3MkBDE zY%?FXgw-y?aE~t3lneubSVLysNU4kaE^Rq-N~m@o)D`jeZ1jL_`~6k53qF7J8Qf6Q@xc)iYBEY5OJ??}eu*JNe2iZXAg%1WoSGxv6|N3VU-owS(LrLJl66`w2Z4j{3 z=yGhUZnPgC<;~@3|7swFCZHvkmO&l}eXHL@VrxRJD~RR8R8ysc16xP;ek>a+S*j6+ zlYpD12WjH$1`UX#Uo~H&{uR=7!O)QnIsaygFqYCHDo#rI<(5}2l>A;Ra_4=%y6t3x^7TKVeDhBzxGssk>7P*ZK2Xqqsoj--i}LAj zeV07E5*1nLxvEa|)8vQS!pbHqrWr-r#_jD>P5M=O-U7o~z9iY^T#vXT>zE)V--|>^3D@y#4F zZ&NO2x3ALE^W&|nO4MJ!Du%@+?-jQ#`@2PX7A3V@d(jH|a3~OwaHm<=?b9jxHt~>t zLcz_tqI5s&CzMb6c%$#uuF@m_B&)9fR`cu} zm;o(O`B&wz#$hnK7$}IfQ=FPFEAx)4;=@MFWUkr?8_Ii%$q#!O|8mKnF)}$jaUa8b zyByXiahGa|aMh&`!3QgDOmlY_CpzL+@hQ6_zWlc0C03O0YNzm9-HF^(x;4t$ots}7 zRi&*2Hx07vnoJ@E$8@J~AC%;`_#cgXOpTsKsW?r=Tizml7#|Ev2LEvtF*RIc6`6j5 z7-drqvWzo*>R`CfReTHr2T`ZQuXl@*LB2(aQFfr<>|MDicpg4lOhIf)0D5mM#ZX!n zCKKP@y`T3@G5r4td$Z-Zk}FFzqA2T2EyoKiw{GKnIP z(nA`J21W!xG{Fc|9Dsw&>gm4RZ@6E3*IIjU_Y((fvrGcm+ue^JKR)ce_Ta4LCSkpY zYQ=ev9xb3XqMe}NOx~e8L!rP3?5iot&@2qtu_}Xa>oQxESzy9L7plr&GW5!vL9mN5 zvM&Sa)2OPJD3k%XoYX@%Iq&PT4N_!t-odB+o;zeixfc{{0H*9d!l&TA!7afytfasY z{p`V$UAL|9=`Q_ncRya7^eE7&Dhh0nv~pLJljB!Vzv^1mXn4zh!+KS#8VxT)`_C)* zmT!as8U~G1+92^3CXI0ewJTg}3dgX^GCPZ1%kEuK0E6Ke=7?E4&(6aVM+)swnXQ;l zrybg_je-MvP%LQ|R}|Zcti)Kbuk|g0VnQ1C`JfOUg3Jd>D5I0T)f9pnT29JTSZYmK zDzuWd4iE6Txej$r3d?w^Vs|oS8JdQH#JFDwDamw=Bhj1Gf!|R|y21VyBK1fBOa}mxEo&{Fxb=ahmBD#+u!nL`5B1r{QT3p?_ z!OX~of-DuFtPrt^N1x7Pw<*%|j$Ft#%(i@*o)vhOsWwDUp5yT0TNp+E+Daif{*H!p zChx=q9B+Vb>5{Q1Kxgi&H z`l17J01O9t9^(ew@vos8pdFcM2&KAj79+HN8hXleyAK#t;`r z3O3AHfDdTr$p_g1XFIzZXi$KLh7s@KM<&kRfJHK;a+9AyaT^RR_8cElC}TnDwgi`? z;15|T)wIf_HOu;gGPe78@;fUd_!lXdu`JOamJ!8ISW(&ppc_=g1RZ1O2-1x=ki(as z;XB*LxW4=XQ}osyRW@i4JE>N|c%zEj^AW=lkk&+{$3+<>mp4ZN*z{40S3Z@a34Qji zDyRb!3Evb}Oui}X#`bkVkx{Vz%4P(sDZBIes_GzG&dzvjOHFYjT2&_IDyGi6r0s>tt2z{)bv4(pudWpr=Vz;;n`&~flDa9xy+&)pj5Gck6w>KnF3D5YVwP6 zNICU*zj(T9YtLhfk2hkfs29);NvZPaVd9YjBR)3;d?rdMqT~?S_d*$sJl*4IS5TRs z7mys@@XlAfvM3Vh0tXevBmUfbh|h8gj3YGeZ)6mpmLON9$Nl|BUR%8ZZyn&+rhM8M z;*IH~U!to~hC53A-4QF2Q<@Q0H&@1~2rS;maJKOh>2QGXlg zs(|A#`-!3u;F$q1Xj#L)%kUOhn{ZRFQ!v=Xb-D-BH>BXs0o!CHBaSxEH7qN9PgoVO zq2f$|h_QT+>kGMQ{=EMK^i#98R#4@JOr<#8QBQd=fmNa!w~UOe+L)F@k&_%PPw@cU zGG<33+!b>-~SWS(C90dUoJ^FKcB$Ki*SL2oG zJD^k-Tbh&$3f#ONe&qHq8{7tC^Ws3EtUlVn5oIl>R$`Q&rQTq?(dR;O8*4>zBkKn2 zp)jul{LuzJdvm6c(%B)qWTI`DPc~qG#7E^6)J8J<^+wTfZNdWUmIbmN z=QKg0$BIV-LXLw{TbV4?7#|E3FmubiO^FDUjuWh&&&PJgVH#Ov;bn}i8+a|{+2gvzK8=w-^OG^oK~gZUWj-@UeNsL`hN}!{q`>(2{voWT$~`vPNDG?p z;}s?K@ zHArT6QmOt&gUPS4L9ltV0v<;6w37(z9AHnw!dMsySOllxL?w+BPqeIJYKwavE}wd? zA5lsq%N6D%2W4LJle8qu$YpH>yo1}dkJ?h4V=E&8P@x}x^+ZZs*XxP-%L|DM*h^sw z!befX90;92ElD;LBLz_Z5c~NXk@U?tF4%SfeXy${y-9Zjl7Qj`LW^0YQf(lNNIHgO z_TpY>q&5hJZQ&rQqfST)_{YNtNCJ{(YhHl_YD-J8`1Gq37d{dDC)hbZs#NQ7FOuY7 zUMn-9&wY<1gk@7XL7_$Q+>z>zQb-Xx$uyz7?!HI*^P{I@keEDlPoFI-l0^C1WigbB zU{4%>80MpoB6+xHgg~-XM1cBbEhHfZ6#i@cM84cb;y+bISe+Ctj#;53M5ri7R3$!? zrz4*z5=Luc5_Cf{Q5f%7N}(iGJCJm5>g4CeE8sswwl*Usv;>kSDd#FGa`I9+nE2`A z6-9C$OIh@&CZ$ADkn9kiKqTOGu3Q~KqHy$)fgy#2N8-hsQd(1ODNF-+Q=Wa`6D=bv z1X%Z@PEyIMy2*;p$t_Fem~aY&0q zt5Dc{QHq&n_3^3AX##}V6?+KF-e+5oZe#}zQ*56En{FYc>9r=YDcFnqq`KlSFjn=R z_)FfEn-u{Ett{LwNzkNT!+QdXX_8=B>%S04l4`jW{Do}4#T`^N$)f-ZN!#YWNieEN z8(YNbds|So{nFc;QBm{Gqk_E@k9>(8vn+*SxyjQB%P%Twq}qxgA+xSU7<*eF-S2h6 znlV%KX5?3(CKgANiyVE@IrI!3I6{3k z*FAxn`rM>2mRcgm0-~zsG79Jjpsm+XUh4!($&g!}d_hVKP3uvmAg17}#dj3RFpmL} zUfbJ3u7I=`;DsoLXnMWKDd(hn-?t>=WBH-DS9Fr#ilW*vExgPs!4b6^+`Ac`Xn3zBC&aE>lAItb-W^>VxNSHBH@X)+0Yhbu^~x% z2)%TwIOQZ6nlD>*RJ0Y8q{e*B^HI^t&#NoZK!Pyz76~69qg&?E9trvtE1C)W>G_9; zt0gVpNitZqDaEK;8eytZduOxbB@IZdNbvDs@_30@jz`N=9!-)~Csed;_f;tfu%Rsg zYY&nlsqNK4T1~(23lCA}Cq!Hb?m;QneB>c)hhdPoS94oqTULr-m0hCSl2{5|b!`O- zqul_cif$RFCJl+CCKc%s91GdT@c5=+26Vm=fJ1oJvw2rwX4u4#&FN`HVpnO4?~$S{ zuXx1ec8Zva(iYW_=SYoJk+7gK*sFt@v|jNPx~L!c(XU7-T~$0?uV}k~)?-xU$L+AU zVQ@N21d|3nlHjB3ZZ67KOcGS3j`xd)`Me_SyZt;!7*aTGaU@i6g`N1_1d}Azw)Ka> z-!cMmaDs#*jCP@#gk#8Z2B6ft>1(+CO(Jg~E7BT2#k`dj)hb4y_+uh}uzIRg-XTm$ z)GCq$iF_pobCm)dhxqZG-FNpCFwTlbqIr_qbXAJt1^pJ(mX&(RVkgK?yNP_sq08kO zN@G6HIIJO5OcI7j09-|a3ZUGFH3^S_gHBx$7Vur>f?%l+XSQO4swmMd8e9v~ekOG#spAEW3LwE*;ll*Crvo|+6{+atxnmZR z+io|jXnFJtGA6!|9DplmJ4jDHF#ENotoBls`3jv-#nbawDD~t&k&JD;iA^zAy01qf z-S2l`i8^AMkb@a^OwWsJvAJ+g#JrEFJKt4d?A#=>u!{o=`l}8skhBUPJ^wK+qaaBR zJ6{#sAxVm}e}`P!l7>{uw7q$`NlOt_GgiR6(|x)h6$81`y=F;h-Kb{55a>Y zOeALGbU6p4M+kc3q4WSw6}V8Dr2x_*V^1coHd2K6+w?^#47`QmVIzkF089Mh)(SAG6spqX7I&$c?|jU z&1qya|#Wl`L*gF;4UkN;)x!K}3n?EfP)j0n+N2srCWavGX zDnBZ6iS7bCWs;ChNCG(Gkg}X_3Ec^$K!Wao(MdO&&Fm&z_RJo>xvOYFv+Pj9Lq*^N zz1+T=T!R>N#Sft)F#e0=)5u|EbL@F?7*H;E=t+JvTHMpTk)mqP+D(``nZv!2ry zPz>4S)s`vAha^#RRFGm=A3$0`%&N@OD8<#gH$OS#XiJ_bq@6>~A_(*F%!5;ptksYc zm>Y6)w#1o);E~)3Mw_9S^1QJdDmIlu%nvVRj2UenS)PH9=!l17Z^k{Yl*k0RqEy`F ziZMIH*x(BR5pDMzkop@8tXr~^H?K`YdGEE4v9~lE49#Njl+~UQ_F|E+GRvM5#xpxp zeVWu+Xa%~CHXWJJeyFLOB%c(}tw`!^Fd|`{z={j__VN4#f!3RL8wF3goB+`6_WpBq z_8pGQ@3G_4#O9>CAl-LTTvnbt6ODTBc}?k^YV47cv}Xq1#DwQI0TpIu8}evVI;{TC zOY?ISl5Yx50-9dJ39VGD46a%)1r49mQ^(k^H!~rV_GpArqm-RqmBY*?u5ScK^Vm1BW*+VS3`3?s1dx2I zAu6C$6Th;XumYK z`2xIQ<^1zv6)WtcE_VjCp8+kTQ6;Yg)1=kG1T5FM_~T;3H5x!`(%yw`$G}5aq_)f^ zEeB7xKnLxZ1$s0=+&vmn**{pga5>&8cIi-jYZ_g0rD0X&=o+?0TP9GQhi1%JMhe7{v2dUqLQ!uPF=zmWA{(L!Cn&bA7& z-70&yPv;KhdMg!%){4esm)Y0w3|U7HQ`H>$8h$=XoQmC_b5CbG)qM= z*^^RB@fkGCY#2@dfMNB_ze&TK3*%}{)5A3P>zP#emT;_in`d*%rf@$arVVV)UCSS=T0bHOJir#`s?NN z0{&dgXFFvS_-kiF(6CHh&_nRAmorh*&ZCyr)>S4P>U9if^SXZP%sU#2@NRl;Y!rmp zl2-L4XeYFsEr@FCOjcbiZ)`64T>E5?7`mVRt3IP?$>@t^?Jx;5WDq+AwL54TvVTUS ztrzg5&-+62lQ7CbKg3u;ueE(maz+yjsj-(J6*{BKdZIyOGVIXy9MOoqPCqJ)h|d)bM>^z03^jJG ziYBiwKNqYVgO6y?v7 zY@a4)Qhi?b1%?3L`r_f`I6pwcYlX0DU#g|q%5fV1fQN~d!#CoRbaR!1o}jr`W3ibR z8hp42gJ}G?bltPcGW+2fq%AQVwyD{f2b#&E(6pyaSBB@B-=9WafG^jU(e$cGvyJo- zAY?2-KW7RJU}4Z|D=$%Ww0Bz5h+B%LOJ$ku)D68Xmozi>w&iT6z`J?5)myg3nhCJ~z zaFx$6Vd(M41=5*Kd2vb7W;G4?(+rb}YN{dLs2knI3Wh&3lSUL8V7|Wsh0&Uha?)`K z)>P$A4n6_`v3VNhG|hdzIgNru>WwwcE|cYR_H35(Aa3nVkB_BC1r6&M)&>N? z@fieA{NoX3;OlSc4^_uj(vVdny9PeRCn`Ro<v1NGJ-FOQZKJm)aIRk=WH$oUJX;2E%EGYZm z)=mct-y49bCC~O2HMSfCoFuTd*EIWlpcMlq#z5H3cq=+r&(mkCBU}*icTGS&2C@Zn zXs-~+X)h?F+?Hfqv-!i|M<=MU(O9Siu5a-bVz97N(gMDP9_TpdD2Hs8e&r8NU=#vC zjP|%6!Exi~$GcqPx^YCb_}U?(TfZJ1AUq8r%}hx%-h%L-CSe#{kCzyG&|vMgAu+?C zXdbAYo;+K*Osl?lur@j(`xp(mTS4>tv-Mohbc;ESPcCnZ@s_!uc#wkcIVEgbVzK56 zraGMv=9IQVR?+n5cCn9dpqTFQ7E>T&#MM%aX=69#v5Nj_-`Za` z)VxG<%dDajS#y6jngHOWDKPJ67@$wsE7Pq)W2BAw-TWCM6h>PzgQC;;b{^IU8pECy z3(L3ga(&wpW+1gM&(RiM z63TXCqXw4GwF$%gVG5vR)is)D1cz8x>5A_GGKz z9rw9!jJ7NlEA|3THM7NSrQt14zR{Lh-s(MKwDq2LHXe6Nza0n9Fxok6if?WE3tAZQ zv|)HT-;DfwY*Tc+6>{b+DVw8h7~9|*-riF~B0?=gtuZs25qmZy5?}OF%{(9?VJ`MVMY`EqGGY(TH=^be zqy^*~ko8Q}Ma1qE_G}Rcx>QWM7SLM)&5{*S!E!3uk9u>Whp)vU#OgW5++887wIw6$ zj3sT1tyB&jk+3ExgC*DECTe0vPSnJRozT-8M2lc2OEyHzJtqp&GCV7ZlxeH@0+rq<6iS>tz>6sq*e0mVMYtsE))jP;Bh=53m*@)($y6Zv%;SBCMH5^T_@? z-Y(`$IDF`i@|B2~$ClC}A|qI`bE71YNp{{#a-nw!lImoZY>4=}I-?pQKBOI7Xfva5 z7fU$KK;uE@xnQol?rv)y)iJW^8jKJG$b&}YaC->v53oFuSo|+158?jg#MDqOgx=)mXPOI zJuYhHP2kGTMxw>7>PLP!CjtV1$L|xCz=LwRmfUPLF|_Bpq_1`uL#vWOyi*f>3usFQ z@ecZ#PoL9aObQ%`a737>e}AD&3+;s^Nt~S{fE%M0U(?K~l)}yD5wa6X*0xig5;qIc z1F7~Ym1jvyK`61T5V1ssf9}CMD@(c=T44c6JnVE$CcNgVHY>wZsjd^z1gk=%DFJ%f z!339cW}6Bok#t$Tkq#9mSke)x*OWmQ+Pv8~y}F3c4|+sB-0qal0jcq{B&ONaPgp%j zc9%3H`hz5$oN^vAU2zb@WKA%$BGUXxGYagVrDXaHWOeTUVJJwVZ7h*Z*{cUp(>mHT zLroY}y`(*MfLP40RY{=LW<%vnj+_nko=gij{`Y;(_oezUGZ7!vD=9)#S(|`})2X%; zQ{K^e5iu1Yg!D>!v@1annC-pfDeqv&J3O4&4Yg_FPiWLp(o!1a)6FF6mW_Ss+1qX> ztqq%aBh8`!d14QdkT-FS!OWOe@(!{V$TLtxbe<)lkiljN*Mp6GnfEQli+R`x*&TvU`Wi@7X5;1C1nW89R1u+yxA{t$v z7>9lo(%+h&czO`cs^;SvM4JyuEcP-2gj%q*5p7Q*j@nd7sA0P>Jpp9p+Vql6#4z6nzj-RL$wTGA4NsE&## ztDE+mnh3xeB0POBN_Dt_g9zy8bwz}<3_Fy(5lTrY_COB^LR2N+1F6H%@lKyo67V!r zCNl%^HnJvH2006P1Thj7r!d8mP9*xrz9VJkHtb-ha4Vzh2TX?upxrV;P;h@9XE zUTjN>SW05(WKN@eM5rt~4_vFWc*V0$VNHBGT^eQWVYHafWD?=;7ipD&bhAwoRZ^f= zA#xuP7KlI&O&gX3!Up#NU~Ktx5b<=3e6PApYcjpKXjE)%0GVX?=hM?rN20?Ng?NVV z3G3Q>yiwzPsq;ug!e_6wDko+P+qSsEh{BD}A^pTNaN1NvbrJt614uayMLg}g=G~2W zjw|z~SerbL#@o>HXvNbeM>HH}V!s9G__)+$d?FORvkf&`JihR#UFKu5MlL+e;0_1R-PCxn# z0r5xq^>A)LpvCB`B+NDtry)-+Og|FQ!>aeOn=mWg%!rEI>6b*}USRAcO)sBrrj{zs zkHj=DVEh@Fq&D~aIbyd>f{>3o1coE(u;c9=Mf>p>)-7eGi2aD`UCj`RF}F>1yxkBj z!fm__Z=5#-^<&`mbQo&fwL_Cjfq5uN>kR;(600-bHvO1(Cdl_5Te@xfagS($cbps8 zzpbJ1wh=LkmDRKmE3@gglpoB9I=*k4M-ab#ZDauvYBAoK+Np=fj<=!WqW@N&`x>)u zlNjbFh}D*if7@nCuk#*v*Hw`7c$>53LHTyOy#IPTad|+;&?K2eaJAHLRvts!av2&C5rVY3SiDe_+{5?9&C-VYkG7%c!QTMFIHq_c=_C!I!|NDp0 zXd5dW8oybi5}FHQ#7{}n5267_zNs3~=8HdQv<*oTDOc@FJpio8`vDsw2OLJm(KeH+ z^03ESGbEON7fy8eVi~746R9eg%m9007o%+$bo#4<#1B3nO4!%7#I#-5Dln9$H$b|0 zdoH7#3;AY%*j~6Pomn^4D;_A2*|FY{bsKA%$%0|W7;P_K9iGGDrGC?~^T82`4DWDj z5(eLnGf0JYw+GiJdH_*sv<;#xHfH5DvrCU?c9-oYcnk5W$SXK%i8j_Gt}U+7wi(c$ z!*}gyi7;EkZBR}tvC6CZtAC!lD2DR&_=EX+EEIj)$0;2fY$9=?g(N9sh8yqKz&eVg8)I0($uN){4zir@N#7BRGqlt?lKHEcVNp1+1hM7Np<x9Yh`ggS`Tq$*$T?^PbjL6a2%sJ87(ORsIc%*%Bq1}QHRRP@Z(*0X#qnh3u-@< z1ysB*0mRzaVAKS+Y`Ys7Rhqt0cqY|U+XX7Bbki!p###tX5POuAWur<8ECQdkyJmAx z*)$~tGTBmN7jtUQ!XPSNxG^yp6|)|lDmDgDD|><&8TwSSGKiW(7Ip$r4MwR91){p5 zxhs8>i^8Y_-}wIE+^ML|IIN-YYS*Lh@Zt``iyEsqarl-RK)g}ikB%QzyBes~)bTmQ zx2OW*;z($z)JJGq5mlo@u^g0`4=(~4*p0MRR@U)?-AGf_QZrMP+SRr-DLJRCtm&v# zZX%WKq!xEDAX#(hrj?aD|6%2(A7!!i0Q7RFe3h+CnKpW&;!G%M zw`lfQr^1WqFk2F3Se>6r1`JoLC=KHYasBiyC#!4U{bu z^(`DINqv{5Bq(&cf#LEuaG#>9DdL-P0OJM-y#M$zY&_F9%fmxnr-g$bSORiukcwe| z_UdXa&d5bgrJ)F?94#d*i<4LeAr6&NvmZYGfIvchrZ&zo)lk}XfPt~VrsVRWt zEwTlC>^QZ_sI?40M2m#yt16*bfk-YuMEG1CwZ#|#9xr#Pv-)$Q#D)lU(phNZVh zh4eQ08`9a&4zj=B5JTooV$gibIDCVthcUAk&e2J0kY#i9o+VX78T}Q4T|(cytmE2Y zesL-ucJsP|fT>qT3!qxOqophLvhlw96xlQT>X`u5%Z9DTexhCN>cs50i`be8YAiY) zr&>cQOU)6oCQ{G&3J`Vf)@rwzc)J{WC?4U4nUlq`!Ai%7d1oZYP8RGn`07B%BdO%=uGSvd)*39XlfWac5`bqiB`jO-cv0Hss< zWA0~aSH}w`srAhJdxutWxi9KzYgB=GN%iN$sou^)y_Un6MY%y6~1yFVAOiQ(}Jno-9>T1{B zG0S`q^_?BQfE?;R6l%2Ke&G||_(BKq{YMxxX&k`J;9U;`LVO|0DttAwW!bHumlZ%q zkAy>ctkhImNY8NO?#ybcUX3wye$9imV9WRg)H4kTMzWHOA{{h(7FtgNP#X218nRJP^|}cqsnE4-f?@N2e{*G=mQUaW_bK@xqNee`V2P;@*9InO9o$!2?05h z=$Ur0lFDH3Y);9hk>m_U>{C6{Uau_nC@dtEl{1n-`BFwU)?&+HqYLh%wco@r4 zq>jvsw#x;zF>P?yXrxJqDz@)5)IGT(m9otHwfZRU2cF$t)~OsEQe*SRYvH?_<*`s5 zI&w@Q%6hT~muZ6vvnb5t+PUy8f@)tg)}~V_+D{f(@bm}FvZC_ifvTRhfC65+rslX) z8id-jn8CaFcrjV6%u$I{hX|CJ--5C#DwaL{==n7(>Z#pcfemn0QL)iYaizfFE<(62 zw-&OLJ;NFX1b-KJ7+n(30{p9_sjVjX4O<^HK~lpWCio}TF|~7jrO9kbBOPWno>tT} zn@-pZNQJS-hCs$1?j=D@Xi*T8Q!}nX`Wv+lwqVCwZYWMg^8MEgWX1===Gi&*HJ!5~ zMh5mOYr))=N(xP*t~wr!B_k)Oss6#xm?v4G(#jcUK%o|_{xYmiwSg(Vn^}Y2OuO3| zMS`A*x;mWRxqs*OQ{b7emXz8=J$u!_=$93dZpa%TYE4wE3mwnU*YW;D&#=$n#<|M~ zp5Rj8Qq3@z-(2RtuW3(chyhNxlVE(AD$|Mx7v>iZELgUvJ4N_alZaB(QrXQ)mt8q) zZ2^~IuX!~6GXr&xr`{1fjZ|3>FL zmOt9hV^YtWd|>Ru`0{>C-$z9Y8(;o;VfKL;vsORop78b!P$fayVvRroQjbarDm`N2_WRS}gbAwm+K#0o<#G!nN&S7I#$jJ!Q z^Tiuq0q?L_Y_})ay*P)xhM4|eWJSTw#bs*KNe76b`hBXw`j_p{w|A1tjNKD0*j=;D z8Uoc;7Ct_+fFkcWcITuvWq-AS7iwahF`Fs z9Zj*-$iedfZceK=vddgP8dyUpyEGwVXZO)h51u}8S%awrpV1VedCGC;KIszQ1I3DZ zTqvo$2Np6MpKjyHvXk z_U-%>(P?88^$qI;BPlA(ohQP0pD2(CR2mG>H;=H=;u&4W2cHqnXzsEE)hDjJpgaHa zJ*t2CP8u7UL-xp-ucpyuqy7yN+I;133Emj%6+K8_UNeha?mW95|HN&y=8Q|~%I~kk zJlus`i2QSx*DNqhtX!yjFu~+%IbZPYv?;;{8|#8jF&3Xj)65Ls1pJ!s4=`E&0?p(0 zA2XZ~R0ig7JwOKM-G{ufc68-v2}tZ{vRobA`fv+!=&j?~;$U7o|}b}4d-7YPx9j0@D#A1y980J*l0xW>&#)*&yUhxN$5 zEWNaP$WI(Nx0Tk!t6^#*ui?~2F0zip%q=-_<|MbEbW84+jxBs*YtZ`55uEU!J6Jzl z$A#>dh+x;iYZFuP$O~kmI9eAO*-T z(l;!V0c8DaVf-pRtyU?95F$;Gdp`Ff zS7xQ~rDxlT#HG-r(uEwjqLJ7Ad)bIwC*hf><58QON;fJUL^q@XVCmNDPp*I>hY7Rz z(~-RHYNkd?I(*K0rqLN+@$1c`I00}xu?^VChl~ot)NvUarIpyN3Zjt6Ze%Jw9pQJs zy~#@(*_2Zrw+-2}(>1akwifJ58NZUdn2)hH{zKS z(8P1_KB6Zz935%US-Qwa6KEI|mpYYZyu}1!wV~V?K#~F8dn^IZlLa*T<0;7{E8_$7 zL$VFX8B3u!3Jq?DMtezy9Lx2pC{nCy=50SNTs1cbM_E?M&Ybx6MV{kMw$Ku@D5ZMg4E zPW#x8f5I)z)N3(iLDtc)^l{o84VZVbixhu%fe&q~G=WTMW#$M7ayf_(xoH~y=VWXm zNWw8aqu9labw<83dA_&5C;h~bgDZyp9w3nj&icp?g0=;`dhWCUPlIeD2NBdET`z4z zHAt=j;3ysGlwn|k>KSdn)2)hJ*FRuUb1OjL1Md2;kOxCS_Lm?F*Tn%V(X(s?6gTi~ z;Mnr&cydvh*vnCew1O^WTQmnxWjUc(XWQ&+E_itUa zRmt8oLz7%v{T-D-PaNvSXQTdPQ=g?Nlg8C-u6P9bm|)Vx<>|ljIBG=4B4}g&&L*#s zcjdtmwDcU4`0Df)J@;y>&eB&Bop(+p#?;ShYM{oBIEv{KI+TTw#hZwmah15(q|H$x!* zud_p3BKD^nrXSoGUvc2oaBw_C(%JaRUlmodJI6a#4wzSf9>sUV_Yc3IEBrM0^4JU? z&JUNX5JdFF`txLT#W2}|-S2YQfs7j@jutw|F$NFd`VO=Sjjqf% zt?g^tO94BDXmN!5=2mYEqC+z)t^3gxM4P4ksN}b~qTo}!pC!n3;f&}O9H|c&8Cp#U zkh>-V#6Ich3SH!}0Rm*!hU8B2S9roT3xvnr2xQs537bRxc&N=D{RYGeByNr<0pE~p zyhR3F%)F@DVv@WEP1d$^p7BNo5?i~r+maex!E=t5>u)K^VkZnlxeo$uK!bD7dz@nu zWM)YU{}uGxPiShWB_?Ndg$E#`xF`wX9pOHL91SExrlpb9{)N`gd%dr8NF9gKgg|~S z=XW`3fUH67w1++jT>n?=*R{xv{R%aPl?Tzxo*b+&$vCTY!H6$TAf%?ej;@@WiKAU< zNzR$5je2y|;_`1nk~J{Y5UtVG%FX={J%4>mw>E&@2UCU54bZVU!_5}umjG80ahVt_ zb&SzfI;+DcoZn+QInA6Spd%MUdRJ!R572>nt|MqhPYEF*G^YzJt8-(D9?Owe*WrLC zS|)l0Z3HeRda70_Fthx>y{K~lI2Z?d<$|2(2Fus{sO!pe0~?F_h0 z89iZLsfOAAqGduhaK|UMFAXuzQ^OQVA97%+>FSreu#iser0H)7 zs~n#2WsQz)6GNhQ;&Xu%ZX6BWK4W<=N^7~Ln@hm>ssWnzw4ySh9i@*!0%3cg>!&Oq z%3W8o;&h-VJ|fTk5M?U5ZT`E|)>d_S$Twj5!Oim6@+7gk*2V9r@wTIj=kJE9kXGu9eZPy$2btoNIaDt6^3hcISso&A$bD*VR_N*q{X%kqkThH#(blD z`zr4h)lN;9Q?fs#rk`++i~Rf5a~ThFaAJA+`P^RC8xy3je#2#KQk1fNn|Out70d}4 z)yA~LbCd4I+!!Cy`Mm_w!H*ohg3~(6IZU4lOVk3B#t7&~Welflxew%#1)= ziNSxpkTDZvp*FE4s^_eWEHPcQBAZ6CX~ zb1lk4wV81ve}k=wIb+d(HBDg4_29Z40D=fbnkk33IXYW;$-3_H7v~GxF}ecS7jpjb z_Kp7MrMxTryGY8ht4n`6J_()Ws^R0ZKRK-~f5;f2+7;T%i(X^lPUl&)dq#hLN7S7T z`H-n)*XU`rb2$OyhKU#Z$aO#f^D`VC+~0tQ*V%k>T~u_V2@zNMUupr`+?|bHxklIR z{6YziIw3vm>hd9BaSy2J{y@us_5;$OSwG|MlCnFsbdI+9YvX%`l= zmm|;S@h5lyniI-99k}ipVA|IhYN9Afw^bMA(H}1li~z~)JJ0dW@|C+Xtecj)NOYhZ zF%VQdI2e8U5AcPPvjf^W1HYS;J2||(Hvt4_!aGZ>U+53CWE{A-YDHOlp5hgFt1;;g zWcTFBq}xdBX;FIl3gI>92k_u@^rsJA?_jcie*yg- z+DV-i_@-7K4>*+XIXUD!>3KO+bnHq>i(_s%$^oKwj2@mgg>E1ILFfmZ4=UfI?=oox z`(yOt3AuyZBA^$g^4Tk%19DAl=q!Ty!~E+`KRbAPieNFGkQm>$r=&yM0X_u35!>Qp zza?GH&KUOMtZd~05Is925b}|S$Wu5x8@xyU;rw%2@-EkFUaL%`7|uFwwKW8f&sZw=+Y7nJSGAfsHQEc;uVUW$ z!Ke}7m&95aUyb`Lp5T6q6I#geDfr!)vEtbRzLA7CU^OvMobgov);~Za>7lct6ZY-{ z+$>Kzwh+)+2B~ z4k1uOTXdX?0$Q)4FRf2HEnO(TMmKlTt2mzkkt_3}oG#s5bQRh)+yQ=?zi$R)boIFV zGw?sig)$Dm^pr`Xs}3If;A6BL4*^W`@8#lZklB{w(-_!MU4-BT<$r&@c z=EqS1SWUzmU86(k5TYi=5F}-c8hf(EU`-8xMr0s!$8e4Bbe(GtW@3%+FJk=bMU2`V zH76jOY8VN58pHJ62JPl4!C%T z(aZ%Y-f*X4QxX+=4iI95G}SmButqQ%9|JN{u9;F-cWeE%3NDOX1HuJshIdGC!MJ8{ zcOo@vWFl%?^tKdPBN?W5VjrN4T{G%M-Z1Q(x2Evs1o^I)@ueXgVg_m?Z0JZI8U$|W zHG~hM))b~BgBQuLoC8PGxB7f8N1-WhsgCUNGzn1v40>LAR=nb9fTk+A1Dg&`H3>^- zD%Ze1gh-r+7K4f!f$m8mB#tNKrOzN>*Jt4D6pH6=i=`mVxHdJ*Y1aB(lXJB)zA#m$p`p}c3c#gDSOfP0o{Gyvyug2?g zTbOM!(NqD-{87Px(8G<}Clyu6Yo2WYZP5vlo+k2|BO?ze+mI{*AM4yc1@@eSLB=is zv|S`UJnrUFbFxOo004II)*0HWCcvj45h z^{oR>+~V-?ieX!pK}Ktg`+i@w7{BN`8mht^rmDs-(EO3v?E{op0whAWtVWf{K44;J zP_e{i;#g2E!^Vs8@p-Yh)rckY?zlTXs~>KYJwi_QnVjEhI72=HlYQJ9y&wY{-M7sj8+R0?sEp0nWM}#TtDE<&};v=-vVtsyELO;fNIlNws1?vBRyR zaAPq@B}-!(G(mrho5mz^W(XHo$46@rma1L&Ya8BYQo_e z4$G}SLyVz^JHy_?%;9>tA#fTAEGL8R$pA#==&Au=eU&v54tq5_eS*jW_&CBbwPu7!{1`h6diAacd^uuOGw{9deP6yusbP?q zW5U-A;{w8fDT_qW;nazTo4=?$&AA=JkWMZh{y~^N7cvhCjF`Zc@im9P`u-DQ5dXS; zuLpp!1{rt0zku=GotAOwA9c1b&i>h5AE&1O+!$Zu!0c5h&bj$Yj<3;C)OI3BX>uOj zVZvHt*fQ%e95&;l;3SCsd++1hSFkT!14AH=VHq9ft^tK)6j0@F2-N_Ff=8(aJV_}_ z@JJxkhwGr>@5vf*C*#hH!+5-4NWu7;XQzFPD%c4Cv-pLt*94x~1N~WshF!}f&OKQ0 z8dJERzxv-0*fTW*KjiotvjLyYAp-UQIxwKUPH~0b$&Wx<5YlJkGrpFA{_c|az+?Td z{oDawq%B9=OQwn#T@&`@uCYWyBO3hLoRIQ^S1`<@@hY_b+FU`|9AJ!m+%$Ru87}Mt zju&)14-vEhMi-vG*!0ceo+u$1t{S!;$)jt4m60z8{-{s%uz*HJ*XVAUh?1RwKhWV4 zj0KE#xOxqjS#tXknsb7^9o8TEN(1NvA~l^;`eU}h(Y4r#*Sae>#wRd9OC%>(!rjre zI8ixIY+o`!aDZWm;I$5i9Byo$nU@kS%EXxk9AI>asG`g01Ow3vd zuXqo4Wpv1y?s~qFVGG1i^ale-3 z4xB1d_rZe_toxZqw?0~~R_CWs`(Qvds~b4(4OZa_I0SFvYp-!!VZ*0e_I5DjpJt>_3`7d0o*EIz4JZO@^E$34i|>t+$*ZL2z5!*x3D ztW#?z%62fw;T(NALE&I0 zjdTZ&Jw*@79%~zHsl$jQ#IvAp{#*7seg1GA1(WAzoj}jv(B;2Io#gOVpNYb(ya$P} zQHpNfr@GcIkUy_eK>~e_GEds>t{Ix@&i43El#WxZkYMC#oQuq3XIu7J9L#a>{e;;td8R)-SP9h3V6aDl$G@0z|K0WB(+`MkTM-T8< zCUR|Ci&x>iZ8_0lt4okDS~JeK*WvrL!ZtFNljkX-l6FjKm{NjfK_l|0JK@Y+Y4TW9t1rdPmv!`W(~VU9Lh8TJ+KJiq8TXoHUpr@>^WM!F`?=aBv+UIqq3!^jME^E zuIyKwfEw31rp1M-<`wiZ>6F`<{1?8QCy^Vu>a*ZPmecr%HaIVP+*mBZgi;!$n2m3sdBe=&-%}K4*_k(u{>FpSD zmm^v@w%E#kP&hV}L!3QH8-*kJEQRNcX2n>Glin&72PeLeih~m($wUE>p|+c27t3kU zyNK)3uOHC~3ig41;>t_^urot=@Z$ELZY)pP)WONO$PD|ZKi(LB1_5ur(xq@6RjmE= zVEpXI^?RhC+rqa|96zdndMIAkIlx5FobQJ64^VVJ=8krzJp3w;v(Gq8fbXDAE-?In zsF=nWkjVHmOfJEkeVlRh8P?d~=!`xK=@sdknELS9%6Hh&XH)umz+us1WeM})c*0fd zqt9kS({LWxce8)tPCojK!A0DQIW!q8OFy&EppXF&1J;LT%rVo@8FISUz#>fxug;*+ zXU7+eH8@?qer#YaZD5ml1>K)HN#4$%;(EaO>N#>DFGin%BTq2}#9|G=Q&IR(a_loS z9N&8VB3*EUFyrBj|5Xt4n9aXgoo`Sw1GTNMS z#2WUA5lhmXzcHti%`&klGMR|l*iPAvW}MPgs9OA%I^OnbTbfwfRo3kbY)~xAWkcOA zEDWD3u5!ZDiJkKeUWe7^05c#rVGnnsOwRam#oBdEz&$*~>gIqz*3cMd*-2u%D;Byz zUu+PYoDLb=UI$q=b~P&@E_@6jAtqa3Gz>by;Tx$iVFT06EnroE75cAZn1jMv6-#0) z_Dr(S`3kZMk;CksU}3AUWX!PKQ&J0?Z;wTRtgzC_>7m{tZT)ywvgrSm=QL!$&r3Yy zF3kt8mnZN~;3F?!@sTylB)>RYI=nLXI=;ZfH;L6lTy)B7293p!GQ@IV?HeRY<1^BK z3blgeaK!+N;ytI+086?&kE3wm$_CNXUed}w3u!BT2D9_l4X=fW{B@ReuuA!=YI!7o zxiqUZn5?_^WN8_wm6vL**UFo<3M<68yc}zt6>?m8R_*U4DW|{e9UGH?bcR@l^Pxek z?}%C??e@K<)_`vp9Hv$4mplgeNg+H6Br;ZYhYNp&*o+8mW7$@N0i+(?KFe4RH4A<+MO)8_zPg!&FdVE<-0QMGzW%>^#rc&|0!D)1?=EI#w6CE&REN5%%pTcKm;DLYBNb=jrJHqGLHgn$}| zIPft07`0-|g_Syb* z81do7XvAY$*z3;y!jiKba|l>kn-kW{h0V%_WHeFXur zW}(3%)9m^{n_AbfxOehNCX`mJdxXdIdDd!~FI&GBXX3lNgSEsOY|!+L0&49^B4Rgy zT{U++`z6?XKXBUb07UsG#YKt$ef|27_g z{QJiEbN5OsXnZs{{@iYn{}~Dr7CMXLe*tSC(slH?0C*U=4PdLLePLO*8W!HZD-Lr&S6BY#qtDG7>j^HeL4wG4 zz&{peNZ7oJ6qlcz*FzCD;OyU`a_COJZW#|ZU4y(M7)yus{nx6a_}@WnS2&cYDZ z3Kn0)73va8`4))ZbR^@8)@!SQxq7??=Q7?f&?O#wV=`KUK8c6Ju^6Qa{3KqUSX$2E z%Z>M|F+3M7aHtW)Bkv;5FY<`hDAw$G<8`EZ)u3TMr(z@C1-3xr)vr)l&%UUjCf|Oz zw&Z73^K6rO(8cZvUV=?F1^;qzawsJV&nrAE{F9x>7MD&*{J72voKd+=tc?lMJyQNA03SEEtdJjy#Xyk|^8S@DX074|y`EDj%h@y(nmOlF;O z?phKFEG&*0-aYUhd>->CNL{t?DpY4~p;gHXaZ56lWyeY$fY4e%hDcSO*W*Fft$CcK zbw28vSB?uiWQKV*0fu?DHx}O1jZ#$x#(W3h%twF(kh6;^G%?)RLt@ODbtaeP3wYZ8 zgV*z8G7Q4o6t8$PwY)=Jh)lCb>q2gj1hGM;=ub_M0!h;i|r=>1RN$HBd_;(dEPkR9`-$uUDcQQXBwlRoRUP>cCv_`5fN zO2j7yuinzI7I4tz^Fn9QVD;V)vH&Jv4@dGggIC`w9Q_O)@t@8u+%3=Fj=MWvIC#zB z*6T|TscFW=G;2%J7M@wy>)Ov+Uk4$cDIn(Oz{oq>xloTYy1i7H$3H&rAkW2uK^}xR z2rDbRpW5`XhD?QUbdLzz3`APx`$e< zhxcV|^Yl50_xmN510e#up1r5n^Ow#i9x_z5<)!_FuomSPw(0fS>DcnBVzwSCf+W!i z&=b43+1hk4$&6Lu=ZkOK+l`2>?n-$euRanDGs?5S;qBC6NxgaoD3yAaroN*|F|}xy zQ8doj<7KX&{j`Lo-qYfv&3a3ctYJqg*I2{bWx)`=lV@2wbwM;-19$*hy&ALu3LD6m z>h)2Zdo@`lxf=l%c` z3jHkEv{a<<(3kM*3G-6o;1w_IOD)d;lBDfA&aZmL({b|yLbMsL?6OS{BJqz$Z~}cv zz`$f^Q;XsK(em2;v*GP&zt4Jn_iQtNbI_K>w~XiVM(L1mYIMSsa5O&{JkU;H#bS|X17Ov^ux6kY4ZH(BO?uH_UTSIBycmBGyr6TNG~Vb7o0eM3ef8XV z(i_%z(Ba@2v%Bncb&`@N<$BlNw|}rYnx7#c%)$gsJ|BJQx;FO9I%E4S8hb}yUZ7B) z&T$%l8Cr9bM%|Vmn7_dIae-e3n0H=OTeF_+xnx-rS%&I;t!R&A-oH?l74srpR?JT{ z`yy;oeIIK+69MsN6X`pU8nb|{&01}lJtsji^Ek(}lS8+=afs=9-72=#m@H!AP3leB zClurv_BN~7oNAe68*4#h)hzqi0P`X&4>c9jg}a+M=hI(8!qE83;>SYN(>%9a#X(Je zumAZk*9YbhYSt<^!$Wb62%tpCCoR)OJ94mPqh_U`_XeS5mh;G*Nl>#^-@%5bk@prg zQ!p`~k$hDx2mfGyDAHbP;$McwNn5f9Kddt=)SgbQ6b3Lt-fS{~z^^eqRH?U+yyh=2 zEJ(o61nn%P*`6A&n5BGXk4d4WuBp#Wdrkn!g*hNVRm^&IKb0bN0dr5eFbb1r8@{JY z_ss~|`nBUJ15cu+F@+6biiA$&?-@P{R@XlE&8V3HJB=5B*K}r24ZDCzS@V80djMm& zhG(!c9@)i=-fXL~$Nq?#WrkGg zf6QIhn0F?xCHI*g0>LN_0M@kG{5L!@)Cu3l$wV@S6L=IHpFnBYUs8Icl8$HA4jRub zBUdQr&a9PlI8EWKgPjJiBJJG6qH>##4)s-c)e7dD`TP{;*t@y=T^1n^%@(GOeqo}w z5NSf|FK2+M=nb>VN6ppT)~wX{btYDd1s5T;3L{dRW^K~FfcS)B@JAYChAuAVFI7x0 z7iNzM%=u8E4KJ+6b}6ORT=Q2k2+Ek%JMdTh@5`P-UztaZ;lpZ@iCjh$tJgbZ%;M6L ztBlRs&=j=4lcHjSKxVEyzGOXo0W1_x%s3+1tPiTZ-yrHk8mL|+nAKKI9Nb>TnRZdk zqU-jg0<_FrqCrhnyvcAX@aS#4KsAa6hx)e_n5`xzJuJ$V7@v2P(oPv ze$W!MCdjPe4wR?4*meFMGfc)INi{XYXgtW=lcE_q8UZv&=?lOy1a35&M~bP<7=}4+)x>`6TFelJaJ-nTR@G(VP^`tQ^D|Y3 zRWg~&{C_>#yZ!F=-N$wfchw>HUD0PoQe}h)Ef?DR_)KTciH$m3Yagd#9!(z}!Q;s9 zj#J{qQqyL=28bFR!#N6*XWZ?3pJ0A>=M&6(-`7mMCzp6ZfJ|05X&=wDj@T8VF~4+J zaQKSGX4Bwhu9u1#piH01`3Gm0HOO1dig|CCd4@S!U7y6Y8Ur7gJz&^fz_1>B>62Pg zZ;9pdDdOiRnNUk~*Lt}oQa&;0P+~LvTr?P=!VI4i-&(td39l2S+Ztptlc_~~Ip*`F zxqL+OobddJ_mmE~79wGrlxMcG6f1B9fMkN)F|=~d#$RUYA6A#3gHd%H!oZdcTML^( zbx8JKgf(Gh$J`iX3U%tIC^sl=^i>~rsx923ud4g~KHP%+>z0oGThe369l8YYmSnCA zxgFH$ZuAvW(9M>sTWb$Eo-GbWUlDt{5O)C=h7uQ`*I**!UW5~gdm-E-?x&x7A#9_% z7veVHCU|v}anTW+M=nGVNlI&57DuB6;&!>Yg)~BL>{_{dhWMenWq+|Xvmcw$_^UST zDXVh{;Tu`-kd3r;u3QO}Tpwv{JC#!;T3$nbbmW@Y(QqjQurN+-^WFuw#eQTAjFYp+ z^<{Pu*Wq3!3p-q*S1B&zj1OaC8A<>2e~^2lonVO$p{@t?cpeb8IKZtW=K=09Rc$*G z2e@y2C?-!IuXDedov#!Li{Ps8@yA#2UiBa%Y)NowPj1S$mD#v(D;X9aaiuW0!j(K* zJOXHghzc3sgRm%Ik-6f*SK=;kW+`dO_+m+*IkQ{y2;3p z=#_Izkkk;j#7VVW?K;yAD}`>0foa5Z(|s6w+{-=}@D_TJ>QAq3;#-c@PCtDu88>-^sG^ilI_AB%;zdpBh z4{NzLz8LBlXicT)a}d925VJlv+OVI)-2Pri5D(`~n=vlmmyg4j$xi7LHC&8c8APG0 z-1*~twL`GEQ2i@A<9=QotUj)5mNnNZ?^JrHabE&*gF`SJVLU0e6~uGRqX?qhVg}d2 z^nRl!GDf4!Qye#KdY*<`3wDO}S=|QfEAW}u4Q}_0cf)1#=vBebp5PdR4o%_O@JH0e zfe-*11{-;AULDVl0mI>r^_Cl3I|T;0oiugro4=^fl&WRt;)kO^O{G#U!arblUmn_jC7HXl&va1SQIKZ_Yt;5S^x3)m zdVMbToaWS}GeOa-``k7tqR%x1H-h(#Til@nP|P>V>9Pl)0R4iyP#9uRms|mZh9gPm z4g|E~*2ti>jQ7Q?(cX3ahwJ>zICuW<>u)J*UjHw&9MT}o#O^jqS2D(vfg9rOT^b3| zC8$T4%e>~omj?QtK^~gfOf?lMPkV4>kA+olU_z&Uxdo&wt>;tyxc71s6OsWHgK8P z1J*zeu}?WVacpU*LMs&eLa2g`zu=l_W@p*s8+HK3E&CJhOsvgwch~_&&t8KwFrO@l zR&1UUMV4y}YHa*s%Z_R{qmrvYhX`wT7vk&Vud9$7JH$=Gv^@pvwSEhR@x2l38focI z;;%!=|AP_{?myZ^vn5$cVPnVBT~qM?L|7qUiYe5hhFxhlF0U7MOb4ydP%)GJ&HUu# z7-_qv6Xdjd$7Iw8Z@bcXgw0HvFyvCZY_oQj31e7iHy}f@d!UMKOXb-;wnxfbRNJ0k zYFA%|$ATSdgSGbE#?*EFUGe@v;-oG-RhKUOdW1M zc{3frc3+zK9irDdyAj+jU=P>k`1*6~ zhu3z^y0V||X-#4Q%VrTqu;ON;ZG`OFmnOAmSL?uLUxjU)Vg4fLy!JHNhgYm!%do8; z+x6M1S=M)--3uY;vs*=%QV*VOnr?c>6xji_{aa%fo1_@Y{flS`YE#!0aKc4`7`vyQ zn}vR@sy(C%r>w}@(v&^ey-}6F?sEfMYg9Y(w_H#=*ca3`k>+l3 z-Qvu9Nkf?$54H`3>G?URv2c*IMP5fX#E)e3Z)%&y{jyfb`C`_1FQ}paY@~hpRO7Mi z)*JUli>z@+3q-UWPxr6^Dm$&79cx;LWrL^}c75;6Ky5sGxHgww&q;?Pipt`XTMx*jPV zOMrsJN*jHBOuM9ko;d?w2GlkB?M2XlO(F1?m?TG&7rCG! zNU->vwftN%IpWFpMX?5tMEl~ed#0&Ahv&Mkyx8Wal{^rxBflMV4&nK3+7kHg0OHp&95caCfkP^O zof9vOn}whHi0O>jPL?qC7Cr>JZ?97apFG7Izc%ft<|A=JnhFNmx1+ZBnV8wOw6CVa zg=C<<_*5>u7yPyE9|f;_~850G)n)m$Obm|nvdso%(V_r7d~6R7k&?R zarv$AHA$P~{W7*@|C&jh8f(;#tRm3mnVJKW&~;9)A5^n2SBC!J+ja`46^ZEV5t5+W&MoPC;%u*Nib8^`%Adn$Fc#Ti$?R%f*6BqbYeO{{5<7<(u z1-c>6tG|D!-bGq!$9KJ|11Vm=;9@!bLW z$+gh%n<=F2A>VI+Wl)ayFJ*8O2jh6o`tjNRpos<_kw8Sfe)97}xBG|j2jaQBzFsI6 zKcd^PzO=~V{gU9kC>s2jHWb0$AT0j~ms8Vu0Q+lxTIPkrm79?C^LXrxKLo3|Ec{zL z*L3OV^c~{lX)2-l-Zp5|*Xad5@0wiWqkrP#kWg4+UMu-j*J-X$UpkX*Jv`gw%B(Cm z`;awJAHqeVBWW*(1ZD_E%Xd4nbrfftAm@#}lU#cyskQZz9($T(n8%oN*wQdy{R>6^n7#D)|)MV&r?8J?D4BFD@0962H&yss5~gfr9P01o)BebV++0LUMLj zOFFbl5y$)E-PUyI#mDOegs!0m`S&C~U0ff+J+9rw;0kIf_3dQNq>_I< zhQgFlJD2_m8#-@HdOEwi-QE@b^6l*I4P@FpKRF?OK4fl2_KV*R8^O^{xkX?4HNqg^ zK0SPw&Fveb-(r#Ek~33PheSc#+vMW-TT?Dmpe?8r-V`S5-wwtm?8Fis{q`+VySzR) zv5I)030wep~kOkahBwoLn9gcoSEw-ppYxsY^K&9$fpc)HE&y1-mIJJUx+5(|y_6xW! zGJ}BWs9XU8)q?tnt!v0g(JwIE$!0t2ZFg!RMopM|4^C8pPXaB!D|!NVAm|C2YpL*! zf7dE(tvU+fuV28EP4a3ZLr&0#P}vj}n`cexJf*-P^LsHP1cm-$#O@VX*Lq5U;;_Y@ zu0NvMemxk+&ed$8D&SzBT@bil02}DX1x~f;MJ>dvdD&~BK{(1LUk0iwQ18;EK>vao zY%j`xnVoc<@9)@S>#LJX3(d4Do6rRXxLw(1_K5<5=DR3hG3U5#9dpVZf#ENVO(F{r z&qA(lWL=!EENaem5PyqrBm@WURtw2lAYy26RB(y)Ker3#H?O-pzrKSm74{ZVde4&n zOLQ^|pyO1siapv}D7jYQ^6`ZBAk!#rMhlwzEq5BciY=u_e6(Ol1nRyR~1lnQ%`n zU!+b~dI1PlIDgQ?xO%w%nj9NlQ9`>YK0`r;yoLM>fAHTlu27$`iKQ%R zdwfcyo@GJ>Om7051xdFrxKsu5dPpJ2A-PlqC^(gaVxWM<1@<0+`Ov!)H=H3n3k2SR z=S`clf*?3fg_o2-1`F8XY3XnV3;Y>v#^fF>UowbD~;Er9u=CMYd%_eU5K zb9!*RqWq|Jp(TvKGHangF>8q;`UM=Tf!Vw1r1p&J&buztKl>xNo?b7zvmcksH|M9% zxM8;~Xzf-o&)RE-zDCEd7kp=UX8vVMC|VSvB;0*1wxR;4iSlm(T7t+Rh%IQ%=yu4Aba_H+$4trloX?vZu2bXCT4Z7 z0Fz@Be%CL+H3R!mDPaZ7tcNaUPs6g;=lk!vii8#@3(7bgTL%>cYXuh1 zy1+$`2wUdeNjN6cuNmIu=Jou$N<88&7SBni>AHYhsH2Q2sHH%w01mX!YJh_UE`Edy z_H`%G5sPhAA42kPl+3jPZ6^m>Xge7NFrx^~L7|E}XZ#`U@Dy%KgN^-5$o`>?`>Htt8j`zJ~?3%#$Asg0E@vV$raO1uE7%qTY) zWGCzX!XuTK)n>Bt?XcK^5~xI3swu3b!MR_;Rhe3UZQ2-eU1-}#Wv1W8r|p$|%BL-Y z*BgtWOCy-FO4`Z&ZG642f+9t-+Y4Vl(s6w~Rm>`42TsZmoLv$wCBlgXkZL0%mJ%r( z+KI8=MzskxLyr-2RX0oY26nK7e;oH*&NiB1<7a0kR*Xk!qi^KOOSH0$X0BFOUsY|e z-jVRH-94Sg*9;NQm({lW63zAW8 zHFF)rO9+1`+3v8Hq}?e?@Z;m=h|{0dyHyd7t`(6GB2 zjoksN+puQlr+HPPubQowpukY;X6q&T%2}3JSH7^hE31Zp0gPDjAfM_4dqT^I&l9+t zqeP{b(8u)b-~%8WUid%_2Qq(Cf@TMv6S764zARu(iIkI5>PBE{Q^IUuPg;N3ff7Y` zpd&-u2D%1wQ+wgyT8Z_W6q~2m8~`ROlaXJjI8;LVPTs3HRKmB#U2{AfDiKps>QviP z??-5Z10}da;C0(O7n`TFBf+nN1cWN_OIVK-e!2^-u2Pk(gm-{wx$CTX#&{diMb|oU zaX41`LcY{qBD&Z}kbCBrd!3FmHp-^Y?d(1{IfLLTr&ODTl?GI6Ls1B8uGyQ`)S<3l z!qt@`$MAgdHazb>FI>QN6Qzi?VH#1K8q{aFs9YUU8^bzNu1X4HYdTR0B*jy*L|-Yg zHqcXy_?k`cxWgfVPkSFe{Z$FS)pm{`RQzgz#IXBaPlnD;q@JpTJ*D0Zql8Qf7iS9_UzY)DALr2luXn$j zGnfJ@vB69KUAx}mZ145K?aMtw9V9;leqN_?@_halIZ|!r_O+8s|G0Yq5&B^EnI;l+ zl9$j_mxq74acXorf+8QpkMqUR*EG zddESZ2MUH;lZsA_e$gU!9qJhlEsB$Lh^EJcYkPlz9Lu{}u74_Alz~*E-+w~WqKE70 zt4|g=J;UMJHAQM|%#+gGdiOnw469=lQjT9CUYM;67x7&a2k_|kiZcDA7Na7cRt``^ zzNFPD)d#^?#P^BA6P*6gmz0RA+9rNqX;b^yU#Bn!FOKRjHvWC9W0;}q?|Y1b#yzl7 zGTI{hp?YJ|&9JxP!tM^OR9azwudtqXWs zC+ru2RhrTsE{uZyZmr=Ph21TDK`}uU?w8VL7HRv$ZhMzXD{T>4*Vc>p3|YUCHXoEQ zyMS2glKfUM6_y88SY2DX6lrFJM$oKNn7i@PO%aW}&zw>u&iJ+6DT>tMD8|>_3?-jt z5%)2Q`_!;FAVNzJk0Ns5G39PeG4bwl@iht1izOvmnVL31DY()qOg!;cbmcpcX4gt2 zcJ%sE1kir+>6`H&y(rR~Bf;9^Lwer+uk-8FK%x9+dit6q)?1 z^rfS-)R_3I`2Y>kOlkdb zp{$|cADrs^rKHEr2My>t(F&IR;rkCR7HS3YFoJ0AyU}vR6(BvNq(ZXa{&sLS^{Y}* z#H9Y&IWKvI3cK6Q&u2@s;6N2Xe8%rQt_0AWk%hPkZ1LAfaV08kNR+ziZhv7oh>L~{#`r<`g zCjfk60lK`9>-_C2WPAQS#C4Md=sB^oI9u*Oa>K>KXUE7c>&ItylBfNXH3mD&^>4JjK&Brq5>o%|d;iBG-`)8?7PC5DUMSM5t zYZ!GaQ6vTk>yk={id>)`xE4~1^!tLgWM9G16~)t_85e|8th)4%f5kmfI4nQs>G-D` zOXQYV!X*5y=k5K|A8(9)4=EhNJF^MzLFfa2A1RpTXHZd}!)SqwETiAQm0K|kZMZEB zV^>AG(1?LuVsyj(#;~UBN~b!vE-rTBb$d515O^yDc61{GpX!}1wmP@is!TJ<*Q8an zgC&ap?)(vX-9O&`?vHmTeZm-Jir6`M)Du^=Xi(-8!l-{Llvxus%WB(|INB@IbBI+L z^f@KT|DUs~fS0o9`b)Qfgn%MT_oa~#T{0X zod~BP6b?wxTT8AybmZo%lC- zIfmBxjFU-YnhV=z3vLgXG>&;@mYfO&sN^y36_zob<$S@T37$wyz>8zYsMPr;#wB0`< zPENaNNY@jcKKzcm9MN$Q%%s5$0ni`foQ>n*BZ9{AVKE4B(^#Lg4(%X~=;j{codXPs z9PtLyxWWKTlRJ5VsBk7ptZrp04KH0(;+W$FG+0z-P%A=1x2Q2SXoS3Q@S(cbnbcG? z(j^gvFVHvAlQBolq_K*m6pq1pqfJ&9QO;z>x zG2zjIgUb)!ak>29$-_OUt%t?O4!6ET(hRo81r;2%Tkz_m%(Xy#VU};fSlC=w+c^}& zla@W}qM;woaeT*A3}U}YY-AWq)A=2n-4%a?|3h78lg9`#jIMSZ>T&RrBN0|BMbKDV z9#p$vU5M*V!FY?R>9O)1RADb{@&Jvg5NwHl2aWtTT*Kl}j?V8W8gaD>Yz(M(cgXL6 z>!og#fd-J@algVteaAFGaypXVF}!`)N4M;$t?ei?{GuwajEy6MSARo0*$c+(JtcXC z)2Ov=jl1({W%oz%JF4@<{1+7$B3gh%adL*pY$J_Rxw*EoV0{@Dr$@XvX)-b%-r*2g ztIWjoVexSyzUC41N&XIuMfy z8e)^henSb+2u%kiZ(zY7(unE|iFGE@)Y|ustxXq;#vL-b zXvFLosVZ%x!)Hs8<|wFUpqO-2(N{e<;H1v7mNw>*ZC4~6F3gPupP+)Lf;@yoB#j4) zFN?w%4{V}9`Bq1zz{F!MkSa0h8-^#iSyn`AJ9JzJD%= zFc5L9k!aCvrcBm`0WtGs62Vi^5n#!^coCwSHAi5BvQ@N4Sk^9>wf!SXDuKuzVwrxp zk@LWK#Z4r)CaeW*$PY59+9AgmC9#TpETZs;1t^VT1M5rNneaX?^ zP8Ti$k<&j@L@KmE-&1%;w!`}<6RarpxVWKUq;^mazD1-i1d2=)cGsXiTd!oos-SAh zycjCkj9HPLSq~&@RA61$q9OGqmvinacEK-&5vfSUFl$I8ofO;ClCUOYl3ZP2be>~m zY=%I|1VkckvHTRNvthEpbsv$5jJrQvM7CtSsWRRDTd!S`5{d zOb#MfT7o9(X{7qZ7K4+WYhWFJHNPYc0|YVhHGtMo>YiwocA?-V5%j9**txqv5~YfQ*&Rf-=)iFyePsXtp`}~uFo7G+!us*saB+%@zt3enmxhkxu+>XO9SqXKizs*d# zaV-WY42(X+-FZgH0k_YkK}o+Y{D3dnLX=i%DR8G1?1rReAf@!>E86^7Ofke;&W|+3 zz)qFx+AhwI##q8qJr+^K^oI2%;-dWUFEuugrMMF%Ig0g&9|=v0v*iWT3p;lgD&(sO zKCktPq3lW+W#Jf`;f$xEbdN2Y1TD)*5w5!EBDtOAsVL%gK@wg#WIBPKN{-vygwtyn z4%q0ZBN9yTJ-C)%P(`@YO`gfGBaZt3O!Qxvk zDyLItbPGX6#1#gW;j+rzXzPg{djcw3r5dK{f|+L4SsQzHZAZdu)-e#j09Bmb=N6;r zI7+4Dir`P%AF>0vNGklMa=Rl@84ibe(A}i6xzx7RgozZEO2vMbTsW3;%hTz3!^~0A zJE&Y9RRk)ROBI1i`c&!=w#l&u)JMgMBX)5%H`u(ZOMS~M*|5B4nE$4~gwlsO#L@%9 z#jn04Jz}X7(~az%!zIRV+0Rd74&0VyQr`k0M7DYioKAiyO9h&W zBPP<}gLulkW!sk4!+{o+(+kHCuu;C82s`M|6NW{RcR6`mri=Y4+Z+-x2PCp8+5KcABA{;Qc2cQPgrQI# zzLCInP+88gJd-OHo9JgJNBccoj%&Le-x4caz8rwtB+B86KxL)p!{w6NLVZVEpNf~1 zJHBP_E60`I;Z)Sk-VQ3&U842I31_uI;h>W98iNM3+{T$MlFG^~nzkd{MK>*s&34dK zMs`u%sp=ddC71Hp*l*d)o5VT4h0e9D2BfFqib^U`Mg*rP9O}ugc#sMOLgOsL5JwHa zlgi2$fy-;F0dZ5Qgb_)l#6}+(PMAm+8J`D+^(Z!{;661dvNftvL>;?zKUv4*jF!n` z1eI~@BuY5q@&n+ByPa&HQi*qHyODtxX+`C4OD`LwH>u3@yyc3k1ihOI?&V8|>y$^v z3ujGfDUd6y55qYMDxr+2kBu9sbs#$ctGtI6jvCUiJ}tM zI2+rtqME}=h0k!huWwF=RD30KDOji1%`m|%l(JJ9oo|1*i=F%ppltd7dec@KG*qfSin7$BoV zLsfE$r|>INdn{P^CjT>J3|!7gl8I_^^Nw-x#OQsH8CQ{47NMp#rt<(NM-RGxN^La5DR)XJKTnSW;LMVI|Dy4O?mkPe$53JeYEmsqa9903M3_ zYgSsqIJXO`$8iW*H9@+areg}|IV_|KUsIM7v7_?ThD5~2K;WirA z+E`yRD%0%gLpXHjZUSuCs4Kjrb49n*G4L2&T5Gksl8qvh0hST0l4Q|h>ft9bSj8qd zz9ts5BcEe3Rb6E)UQs^hD$d8R2~WpJT4OD!`)~=8nZ4ky1H^FKK}H0b60cgSqD*ti ziG3*HBFdJ6s^P;-w8=IyGR_PqqprYF@u>KkiZo5Zgx}XCCKbIJ5o$&xgP9zG%shM| z_O6^EX=O)9+CC*(9_$tU0cB*e*TAQ%Y>!Fp*L*oIJa&-Tc9dNA9y`cj%|y8V*iB}J z%3}A*{EJgIDKW%{;De2TTyf&iVHr`zWyp@NDKc|=Lfn03+=)z+gPKkiv6V>Ee0R5mE5FapctanyjHx%f{HHFqWE;6Eos;f=rZv*vip_UXmRW zUXkT4TC;u4mUbH`Ut3EMwf07^E6H2|m#CX^MqHI6ltKx?EtLea$*xa=^Si(!ElU0s zufJ8P5=j;ok7RgN?})D&(-Pp449Z>|*Jd>L!reyV7l<_~+Z=%~4;y@XbDdhIFWliZ zeSiDcKue1I#I47K>966sG$TAAK1LBv4u^ybpvY>}#iwj1@QZ0UaGM z80t;zJ3&EM0>mF$x^%eOCNterg^Dc1Mi!`I@qbCOL^v{?aEXjkFHk(A$9Sr!V>G-2 zFX&uRgUlvd>mJq#oTjeg^x%cEg4vg8(+?z_$c^CU&S3H1BsjA#5-PwqAu%Q+Dz$$7 zhT_?mp(#o6X=B=?B*B#chO>+bACs;@ll!A9OeI?0aQq|EQfUi%wV-m?aSmr$uKeG|HC`r=y*Dlg_ko@~DgHrQmTFlg$lYZ(nqX*nteUaYMq0v^-($M4zS ztC3Erk<3&+s@dND1C=>6R*~?r9Y3gc#5zx-iz6Q~8R=0*@d5myx}q}%#Ss-@4Vx-u zL-`CkX}4tq-A6YR-6$+J2|F0&?3YCG^ab9d48?E8Um?#S50irPtK@UiIp&Vh0VZA8 zks7g*EM*j#&bfhVqr(zN^HIf)(OuHwpL6vK47r=GGq|DRs%IHzVZRu3B9mh@A*xHq zE^XyjX*iwf<+{!Yx!Y^fxu(3lv>EvtMZz#O;TRXzjagS5h(kfDy~b>_Qs?+&lJ$d0 zXJ5T$Vomrq&hd4O6f7fKTE5eV7JV0kPhI`ffRIP1lI~yIW$Q4St5jsNas2#R7KVU zIuvPp+Xc^%^b&X6!1oM=i;Ew;QP8+CBT|ROhzD|0(v+72{Q`Ewe6L4N2kO3LicSSc z_G^T9Ai;;yoB$ix%YIfgB8~IfKD3x zkxJFU1}wC1#26TcZV4tK@KtNTexU;#9ZDDxBd(N;8461j!uyDHV(o!eGZKdp=@Q)O z0+7%0hlzOBjPUJr9gUN?f|=OUHVh0&7aq}CQMvtl%s!J%J~H$r_>%8Fk#zSbUt@R# zQp|YceY*I#Xq-mEr#9@2in-xXefWD-%Ff7k2s=NrQ54aCBpq#7W#+)>KjV93zYyOe z`-P-q_~v*(M4r~0cMsvVWdi&<7;eK)N;FCf;O07@iG|%wxDoMTQ5O!E+L=GpN=Zr- zS;mYp6+BgKd4aGSx`lR5uVYX;2KJ7*K&ZB7z92rC)YkbjJj)fEs!W}WH z_-wjjZF<#kx>b15)x8FhD0Y!BMW`HGFrOl5Q{glG)!0_FCaw_|JK7`SPT@vin5@2N z_!JoM!ZNUT6&T4(h+wcW;ETEfKi4vgOz7GMwh|%2(!T77{ z9_9NXO*l>wl6~iR{25uxjT6Z9$T=vrj+i?t>jR3^j4pw#k&BN;y9;zsxujCw1RNXDU{M;kXpCL$0OUsQzVCZSB`34cLt#|T1RFAm1!ot_YCKVYEJpdVp!tF(o; z?Q@wiBj|EiCt=^deHAa^Kil^xtJTmmhOCc0#pBC^q)s*p=~`j_Fj}2?^)c^7`$Bl$S|-k#ujV zFOvQ(O{iyWc-9eay0%n`<@(DGvH1t$kE-U;Xf=M3Vr@F%7NK%Ev|ohiBo$s&i!=98 zjc`nTF-K8x*N1U0GK`y%fv2urfXnKt>AYsKVK459(NhYw2&W}u?~f9mAReKo6uJm9 zg)w@{G>m~MO2c-Ew|@*hD|Qow+i`!C(2ePyYT=OpU2>PLTI90 zm_0bU*EwcLJjiKA4VE5lZ|s`D#T^i1Sr=ECl*G54-l<7xFXjV-lngo`Eu*z{ji1Fm zTwL`@dHu6R>F^Z@_eN0~XUy^04C~L}qngiYI4Hqn3+KVS)lK}tdTbS2Wc;&njhm!2 z?slUoW!ASBJZ~Op7eIYedfZYy(k?erx{Cb7lLc@^m!r#_@sGF251JY7mSvgpai)b zZm^9~xwmFOjTLoH|5kjHr0i;VGd7nwB4yZ_u!xk9+`LcjJ&mz&a5wyL^m6PwJs3JG zV+cKOb4g)7JN7h27;t5f(^FkSBn&EwYGt;alnxu19lWy)+md=of_IodtE#*Gm$ zD8?Cd<2(&Z2^)_($|0$+Tb>LzT%}vyJN->@`$9LM7MpKy?KS*yd;~cSU6Ae-9+2F% zj!Zc^!|?KrZi|A<2)NtTZ0>dhFWOw2RxX}=W5slj?cb#QKhy1n7Fpj+OgC4&nL>l| zba|_mO-|aUq`uiW>OQ{7`_lHd8}1^MY_^(y4NuQM;D-_7N@KT1DPda5O+%ZytO^L_@598|Q9fAv(i<-j2` z4zbmU5yR>XO{oo!nTQ~wHcV(~QGryK+*S`W>Pbx}k|H%`u)|e0-Z}SF5A%QtzYYct zj=EG=?keMiqQ_{G+PzRrtvQdpSYI_HRIx1~M0zArl|8e39Fx>|^gVS*R2SHE9VSlr zfxBTI#4yxAb@f%t!;=+v(NJ-R#dW4jg3Sseg`&IrC55^>J!!JAU9nL@1S7^{1TaY( zHNIa`koJB_L0S!|;YJ#+?$d3Y{;;#N&>u!3mqY9(HHXOk2XnMy)Dwob*9?W%gMDjc ztnjN5lHhVJV;USu&DuZeWD`1@NGjYsu|I2^Z&c@492Z5HvKpj@TWD5gK>L-yXk?Mq zB!u1!bKhOh3q>YH*T7l^ic~qV)$FUW72NAQ!n#lln`M%!h1k=u^MrA z^!5-VMV^kgv2cD>4z|2R0QOg17uq@maMq!@?zNR)4L{YPM6u09 zBvqWPH7>(lx!olvn3L4?dY5xY1%`n2fI$E--$ua)d^Oz>6B?bK6dwoG+VQPouc#*!YeK?Vw&*e3fvlqacNyl97};xLza63#LiIM>RZF z;faIcGhEgPUrmUEY82S05cwZ@13vh{^jC+;RbJgIO8uic!2gR#nh1|CNhe&Sr$sGM zMAGy`udz)in;cFG|13QJWYGw*;Gl2=9;xmi4-|nXUft#kNAj=H9kr8&ZznrWv|FSq zX>0s*e4Md+6p>WvH}I8guPB-xzWu9;)am6qNnH-H^Q+44$R2Q!I=`w&bL2ObNIH7Y z!dI?aD@DC@qI~EIo*Fj)H9`$XTxJ?vJq-`e33THe}zPsafrm` z(t4bbO}`XfSfF+P6i$miteqBr3Zqp{tc_Ov6h^DOSR1YS z$)uGU+Bj7UMo?|>+bwBzMXSy(Sk>ZT<>Tp!)(REiQ_2TUP8{vX9OGD+&aQN)k;>&N zyJ=03tVXa4tYnCFpN+5+sd{|;uHnpuIjl%T(K==@CV7Q3p~^wjcb(@X%)EunD57hP zwD!^wmp2S|`x~yP*}rnwTvV>Smg)ypD=)>Xrv3^GKGX7pQ3g@_5aoPs1I#^Kj%Yvc zjYaj zCKJZi7&qvsu*|IKK-SmOLXEOe05FcD$ABv@s&gWK7if*uiVGiII9gtybw88HeAmb% z$G~aQF;<2+(svEo1bBHl<34HAAz2u&qa8BBYlRgupol1MEZk>~T2^R|wALA;Bh#iN zL#>B64+ahglpKSb5RrB`tc?#gDiEvl|q((_tez;;6{C3ModyF5YtY$E#Ctr5^zHW+|3n{*su+vhQfxThz$kr zaM^{I3~&8ybfEO_6vuJX%zb%uZjnnodvLN^wPtAr+%6CMn*8TvNH%PLLV@ z7}sK9i35mXxID(?Ee>yAm;e`_$i&Vxf+197Vj?!Mh}G_n8GA}gZVx*Zao7^B8WJ-!aT2@9Tz)GOyAM!_ za)val@KFb-tE&czJJX_~#T%Px#&z$)ynw5S$rbz;MXdC%u?$B;8r9~;o7rMT>?o)J zWeQoH@C$VmvE3hal`@2>$&?`iD__< zH85CWV+@jW1Rc&TxOeLBrsFL(43!x6RJ2)NV*bH3krc6!&=!X;MKtUth6NkJg_Xqy zP9HWRv7Gz&Neos8hS5O`4YYZ&&`s<`pAKT#+iGWBOi|~3pA>P#Yd>k?2)BPah-GgN zRF`$Fp-axwCM}aEeO8NMb?^trw$Q2y@lL%$NJkJ%!_I4y4cl;ut2J zqYc76QRYJ2 z_CisI`zI>NegD)VAZ4j>ZOH2`h2OwZi_fLk8J?UnDp}m3nK~p}EvIi{nFi_5IDHj2 zwcO)SMVfHI0i53i*E4oZXDAyS;i;uu8gn&p&V)$~?wDwZJpTq;2d*rNbZR0}yUyac zsEsjE`owIUP#spwmE1<5C#*ThmJNYIP{*IZlHqSAb$C*=y=@;(884LEyq~WPJo^Xd zoohLd$V8$>-NjQIex$k5VC&6YP%3wNQ4)hXa<{1T8B(h`Z@Nfy875Lo+hy8hJPZ|9 z_~4>eC{+y#z76by4o%>HIaRCN@9H5 zktb3*O)gU%wc)}hnD^Z|ByqVIVb|WtZ-?*7I@)VG!az;A0Ks%Nt;9wwxy@*9teTv)RTA{>TAAb+zT&#oQ8a)(>jOxS<$XvvXLtkF9ZxiL#bwgBuC z+=rMvRGLg7=6@g;hf@CoxmYPIIVPT^EJobLl1uw-w~n6LVRdud_8>t{WC5%l!rID& zyN$9m{g%;$848toCb?Zi&sGP^FmMVd(!)GXax8^1!R|j;!k{Ro#l-{!KKzNeaB`Oz zt_%wb14~h?7Li;Q{{?ywPEVp1WR za%D#hp;S|4hk(ctuD!wvv~2KobAycB^l~^O@O4`jK*cEP)}DbzmI?3k5g8^YIfl{V z<{qKf2g<+OZ}M?`-O*r|SvMSN=hr!M!=u)c8edD&0x`@8%`RjC1ac->Q)yY5Myz=oy*d88x)OzSwYX>O$vX!2OtP@y&!B77b0 z14)l>JxuP3DfZ*RF`>T>`F*hoEDrt}Ll-4}7!#2^$$9Ys?vh0$2f@YkiZZrl;8Ij| zW*FvsxF-`$_$KJeP~^(hu$&Xqm$Aq>@5D)dAFhvGnEUX3&|QzR?R!}F%0lhDe8$E) z=_&v2i3)dUjFAy8hcw$V>^3f)Ngd*e3bWfTV+!pQD?n`~L@7%wPuqo?0y)J^wQAD4 zgXsvi*rLBbW9*_Qf*?rA+U~D``$Fq7aSx>^tYgZm*aS0em{40-bn(yOrC3fhGh z50Br~_m#QtqFyzU#w^@DP~UfNR{|qP$%3-rNblD2U^&#b0jhfNW5hj*ir%=RRE6*j z>Z92UKP`atE-P!E)P-04(3oRBUPtfxkdnt?7^LBJZ9N!<)0E#qFYJ!X%&Hq0)c2K? zt~wXv^=I%LteZPPewV2=(}!e@NtE5zI;2t}I4^;SOz*Ou((?uRRdQQC&E~vgPyS}N z&XQg>_kJE~iMn4Cr}PzRw9I;ors^8f5%HsqeSY{pY2<91d7!#L`A5Ty1WR!r^rPTz zi}>!DP>C3k-e$K%GQDfYmA-zevSt)QI(ROAtq!w8DGo1LtsNQ%TO&KEnYseTRR54CAbV70Aa-e zriDcFA>&~Di>Hp(M4A~~`NC8kWi#A1FOtzP0bxc7t1;q?!g1@tBNL#vO7dz26JR+` z?8!!GG}=7{&>V$S06r?N0V9TYZ z%U~l7(X2v}e1c=Ji1gvWa|KV``?GOFQ^3R-F`ENnzZ?{ftQeQOq}k#?d7pCKa4R=7 zKG~SDXaHkU6VvO!286LI4KIlh2!mWijxM_>Evl!kvJv-T=cE}j5pF|A6a_^asazAG z2?wpihzx>0lW4WWn!Nm(sBnb2qijpRIcn5UDyeJD-F^EKRr*z#3Wcz4yoW2lN2JK2 zFU$xU+YF}aM?{$UlIjYKM}MqPzkh_dv!}H!{!uNzuYxgYwo$74cy`y-a)){q6GYZZ zxgt67583KQv|*-eCc&zc8HCg!mJw6gySjEOX2@pWfW#FN1quU{zD#X85ONR(LJmM2 z+7o_|jNm#OH<3ag!*&|#& z9GP4FB@YL}F`B3`tz--EfaZpoOEYe4fSVt}i5K$`tQn1nPac|>93KrYgVj(spU9U6 z7=)R_G_HV%f+1*&(ICx33e%6&G=SuNVA3`+db;*yFAS6FCzlm7u?o?6pzQA2Du^x+V@Ye3}#p!w3gr)uv&P%aC! zg*B0I7lJVgQ8pW?fz+?>tuZDBim2gSpz*E&7)c!jEb)JZG-M%>)26LNDU;0QI0cIg zG3vX$M*7D)K1X3QGLti?yfJCW&`c6k@YMegv6=C;k&XTzn8x>u0Y4Ff!1TD`@CU$z zWiG|Ct7DocSvze06|5D7QJvt}4>VMPI6MUgv%W}pS|;g!;&LbEJ|pe=$}j^vLw`h2 z2KMqr#9*3HI?q^iQ_Cx(l6E69!BZMC0``223>U~|~RT0xrukPA`P zQkbe1G2v(1Mbr-=2$YJ$OE*U4B-nWIW4hwwGBt)y#|js?4P|JQI6sgKsq(~Fct-&F zNEzJuJ!b;WCYwzU$^r~)+Xw!MI_pqh=uVB-?@nP!j4;Ob*Sf9qNtjXZg8s6oHih<3 zN($~D6y?QURRe{8H=OA45io|UXv5&&5z_$X=zq334V;MzVJ55)1SSR?ofE%-#A+=QpY=DfF>E5VSD;9r;r?Ar1O#%|+ z_@d$JIDT<2+XmzkG(+injlDJCs7Mt2A53)ho|XpG06=27MagtEObro&(;%3scv`q~ zO001k4BTaq4zGJbS4RXTh+=G`kO+ftnKU)p2A14*TaSuJ)f-FUH})72X@d%$hWBU7 zjqUMKDQUy&#K0|j{~aZi`hQ0W3j!$GqMPxuQoeOkW75+zhQWmaLjfh;X#TIt4^YM; zgem=BbdrUNWTB};1}4g#=Vgn6Bcj;aU_{C3DPxD~UfY@Ns9w}6a&D?b+$486Rbrkc`jJ*~7M7Ii9KFclg%G=ej^B(_ktI4U|m-x_p8JvFLYtx{bQ9sS1U`ri7YK$7%zCOBtEJ~$5x`- z%P!<85<%ZvThR!!cDLc^I(EO~H(&;tM6)9i=2~PTJB13& z=A(#HBl5}$)ixK*z31)rz!i*HW_ZJobDg1(juqorXQZd1xH(|NLUXSfiW>nlN~Eo! zRNO@H(V)IrjℑsXNp`0f+Jg7`PRzr6Uf`tP*f?H1?Fo42v|iLst+ z@Na=damIg-KPLX>@dVcoGyZP;1^%DHssEms^HfI)KWBhMWCeNrTRpo}q424dk>f@l zU&i{kL1Ym76I1CdB(R_$}w!)S~da^JX{r`QG9AH@dTC7KL9rN6PQpKZcdRYmZK( z{BL9b1&;Fg(K$1JrucVlFZpL};N@>yY1<@3*rwxMd2^w{P%0{v0r|akHY64iTv|F%l7}p6Gbji_>zeCYw%A_ z{}JHf`uF8*vj6-AdH!!)`)fOekNZK&AJE|6%(1H}h0pp^;zJtzmepfkr|?ZzVE+~3 znW6R$aX0_*HB!`3Gw7_&L4q)ui}O zUX1c<@JUtb{z~EBMg145!}Gtl_>tTcelg;`b$R@V=vv1peD|NE{N5Hke&n~q_EY$8 z2IBgAlEuR-CDDET$`a_e@trtqJu z@zdZ-^{sG;!mq>m7iz=HzpL;scPaeyg=PPThV%HRik}@v;bV75ymthTPuqKUEQSAM zuEYm2czl<=`APlpEZUEd2ET7Y)g+4l5hZ`C6xM#_e6P$d3ST&rd1E;$KZC?SFNY-~TJ${(^aC zJxs~J8T}t$D}Mgedbdz{3O^gyZ{S;g{C4*Eyc2~_RpZ}=$M0(J*-Z-X!~P3t+W*Ym zMF%N-I_kgRf(&;34%*I-!e2rC>p#x--_>$+-=XkhpOEbjY4FpMPbO0Mso4I2Mt=V%ozf_L-X1v(1rq#+ zZ~uue`;qhChj{-z9v|N;e{YKaXvBN|a;|CP~GixOO zte1Fv=R0|$D16Z`B|fCVSKHj8A%$;>c;8f>|FIvVo~Q8Jc1!!`{~y2p&+d8b0EN$A zP4=J9^Bmj%6MuhuAcbFBS+?K1k)J z0Zsc?m;azGCI6Z)(0|g5-;8~CZ&CQ{HE{es9>w(9CU}m_eK7`!6VuE|JTtLe^B@d1+o2` zH1n_0P11g~$&L1_06+d~x^62(@z1qW^7j_x@pGSlj@-Z5gyWa>F+YFO2R0!0-}a*Z z^={(rSK5aU|4Yf=tD0&VT=J zy#8xc@X`W`|77Iv-^}-4<5uezQuvQ?`~sTsyRdgU8Nc39_FvX<7EEFi|fZ%n4f>Yk6rT&)&6ZBTt6CopC1nOpzvoZqW&zx^N;SDzX50ENGe`IC?azwpaTr2V{&^7~Kn{O_!O@(RU& zDem9+HU7h-v@xXr&?q7O7;q&hwjimQq zZma$04!r(;f6WQf|E;(L=dXv?A6IvFBJ-F3JR|Wzjs8CS>$85U{hJ?`c+VYv{ZHh_j_puxv|AV~zt2b6A_n)E#9{%U; z$d6y)UO(-m2my>ICe6P5V8?;*V1JZ$?S^y*qjT>)BN+DpL4qSpVuj&Cj3ZOY?4}@Y%#`ZZB-g8FwUtk-L-@i4@N8vB3`kyg; z{$}8eHc1rzCgS}X{B!BqJ5qQr${*5{@xSubq)QaOuIfL{{9kl( zYby$08uf2T!++?)wPgG~Q_Y{&y#8+7Xy-bL|1I4A_Mhe3pVGYz89(M#_VZIdez{Zk z5Sf4WVgGrz^YibO=)LzS`QK9QAHv&@%%#;y`&YJ+od2Qr{QRBp*`{0+{};V-{&-LG z_-9_;P4@p3)PMfJ`TlQM@(}6&{e2Mij|Tt01Gk1!@=rkfl~sn<->=87BKNNcqW$nb z%;Q^p*1HVFf7a)+|AQL*(Q%i?Q23uv|N9@|`Ijm_y)T8&Lj51?%J+Zv??$zx@EcM8 zdb{!XS=D>KOW}V<{g_>uSI z{0nIC(Vah8Md6$JasF!X+23Be-l!LOss*DGZHr3d1DKlA!CSA{8*{PkAh{L}Q`N0+;i`P(NEAJE{}91W2A_uB@T|Jud-j~{e=tpX)~ z{)Mvr9uI$hrps^h$5QwyTe1Ik^5d85MA_aHen~9iqj~(J%bz6k|MM~b=qbzV&u!_I zN&PY6u;d@w&G+BbuV#Et$sc_|j(lh?Tgl&lgJ1vee0J(b3V*N)%CDI} z7fx?{hr+*u;}=@a=kMOT@H(kKgIGV4b&X$t|7@ACh2lR2`#)<1A3tpBw4gABUxV@o zH1lusV=s{Q^Vw{eKYx^;KNbDUPE-7M;QaG?d3+y#K@WvLfcgKR20v!&+RYUHERMf- z7r%aLT>oc0g&&Xdhcxr=!SR>L`jP4%%Kpo0&99%h_F1I-uQoybb(5d}FTRnJ%-{A@ z>sNy>So)pjRQm&OO8x;&{`TZd9E$hqq8Ca19e+dWpP&ZcV9bY;DgIBQ|LLi~%isH_ zk8V@=9LFVp-(4O*^Nn*;Dg62}*#6!8`gx%GL~{LniTxMQ;A?$VlvPR zh3*Tl-CI4%aB|f0R zR}Z{2oWkF3FZ<8$PiNzwDYKfA^;`A!p#R>M*MHsed`GUo#a{c*r|=WXNxbhc-~UajTqNz^Kg)3bY1*H-|0Obh zs*C%NS)cR%L+`%j0+jqeg;4(SJibWMFRxPgG3zDXGl9oH^vM7+f0lL+`(J~9ZD1J|+r8vOV5CSIcO z4N(59DLnt#54Sx*;eSN_zL$7>lPx>_6n-G`_e|ySPn>x9ZwfyZ@j(s#>0R{x)iLb< ztZ6*|a{CJwrTE`g?SGlaH~BE{>lA*KYX5W|?<-cG^xt!>kmK*)%iE7nQf9qJ@gF-) z;=Mod_*Xw#F^Nd|Cz^c$jBn|FVmjK z_V4HMp+%+NqWE{NDC5VF#(w?u$G~GY;w$obO>*I!7}|83jUC;g{vLnMD+9MAvhom-!# z`hQ^x%Kr;L{>xU*{G7s9K>q&E`TX4{ohFj=e*^OOAK>|a6ngGEihplhzy9ug{Bh>& zV`Ti6@;dfkJl}usKYFb-#XlRaKi?O;{(3PqBoBp8#PJVm=HEX{my-Fbipu{z$oF4N z$5EvJ`#QEic%5(mINt)&f2oS?_pIjIU+}Z4r2p3%=TA_BU;XzsGXHU0&7Ug#`aQU) z?`o?5(^|{%&sxLFKkJFm4-|fTFNqIn`aks21=9Ys!~GNQK0ba8zT5L7ihmsTU+4xu zetXy4ApQ4jskr_R@$={C;EUw`>uj9AzAyRyd++m%gOvQ;mH%IrAHV%2vXlM)NeJcF z;4iLRR*B-j3jOzhrvEc{KSr*f6+cM+-kU5;x1jbeze!H<8zp-uBs_|=sp zKJY8QexI*Vc_fA3i};|%elCCKRvijop{e8_)W~0ZfR~IP2CDw+!Q1acjdo3^_!lcK z`TJ|~{nw{c+pQG-xj4*U{mPGj(ogB+`O|D0C4WyXp8veD>+4bcGt+VWH277oH`q(z zyW#$quQtzr_o>kXDf}6=|EcN!wbvSw@&C|Evj0LF{x>^(OZtzo3D|zk`Wf)r$BQWW z=VSkQ5Af^n!@Hl8^+%OgqWqft<%K(kNdH~se*;7K{O6QAhqqDktNgFGBfoxk#AeK) z@Y`|y1T^jcc|t+5{-X}AAMZiF|9))q=Q)ahTf9FZpuxX*G3Wm%{KO-&|NTe#_7Cm1 zsR@NYgY(aOjK^18Hed{ee-rtKH26U;+#%!N9G9j1SyBA@%Q`iX?f+fP9}R#1j)LbY{8MWF9OmW!=}PVH6n+TKAKw?6__6#E za{fP${pb0L_dk8*mXP_!O{;MJh4}t!n!`ix-+qMme|Uf6@%!^j?(Tt2gHlqCuXz(9Aw)$nN|5hpep|PJ|F8P$qAC*P@5!8(T zx&z<*PVxUi>Cd`+|6Le8mh^v5BHp{2Uw=jSZ%v^1KZf#$H1oe|*5jo9nTGnyQ;(N_ zSn-z*Q~b~LLH&1vAOF}BLq=2hEz1AU=&zZV&y)Vo5#@gz;q_nT{fpL8{FVRUkLCS` zc6ToAqwvaq2x|O?caze{^9M;-{}|B7->P`kq7?s=9@+m{OZoE)1q(N9OW_|XhWbOJ zzkm7osS6bT8v1YEU-|yu_~2x+{-8M4e+8HE@;92-kL2H@J+}XA-u{$2GNdvk|7Tdg z7|_VycIUc@6utrWpJxRx|CP17XHxjw82|a!^73Eq-)0qspQP$%kMjNh%AP~y`n`wq z$G4J~f6mzb4hs|AZy~Yfs@z zXT$lgk^igVG2JQrHq3u`kMaHg@tTeEDSSm0|9{TQ|9gj`!zg@xTt8Xs`2O!VJJ^B3 zA4B;A8u{04$iI%l`%r$*YF_>|8GWNEd^F1MThGhCYUL9TQ24iS{&&fSj#w3=>r0}aMVg0Md|7g=B&qWG90Pnx@hWPQ{c z3O{29#*g3f<9Fc4k4XRfrDLeSH2fFL?0Ssi{|4S4<^7G9|Dj29W>ffsxv>AgWG_3Cz-!f(U-le{N*`8(H3`(vGc=?kPXOi(lI*z~Zf4uzL zc78$bKVHT46VUL#{M9M4eqof7{|{dN91X^j`hNz>@7cu5KR@=?i&XzTfcN(WH2mA7 zY$n?uQuF6eUjDCh)+W!dFT(i~)W~1G(~_=~{QK4X(eU@|+eNPb>8k%v^YTCXhW~kr z|0mf0S>N;h|9+wDXDNJj)&Cm)3&(s*<}cs=N$M|OHa>oCza<~Jf7mC#)ZZZuzDxUh zB>uqfX#cYF{Er-*>80Ag3+4Cb;PLJLZBOdIDc?%|K@I+!T4ntd|Gjwr#GjMr-*oRU z01vO9PsjfA)#vjc2fCLSMB%Ss|9Nup{Oe4ZK*oRPQT~7i-y?0$Ns9lE*nhsv@%+)ItzC=~o z|NfKw{2N=~I@$jHs{On)%mkY6H@KY|oH*@9%v77f-lwo#KBwOXB^F`0?)+*Nx1d z=j$i&SzGz_bL?&}a{qnVP>By|zy7~|{VF+ss-yg#UVQxAcGzCh z|JjA|2Q>Vr`w*=R3;1oap^?RKs^S9&G{BO*U|FmWQ z%SQ39cSZKU?=c=Lq3}KN z{+FOe{=Vn-PoeOex6AqKZ_eM}QSqg6n+-^Pg#3-`SVYDgw&rCl>ATg<6o)jwwx6I@}J1|`%?J+ zfAQ7>jVSyn9KWEZ|E4@u_a6#>3&+pjjPL)-kB0hF`1yYWx)jVXM4)&5kz z{jdIWj?AAITrK-A_&q=WQ%A(4QT$t@|Ki)rkAIZ`heH(p9QrT*zxno0+c2{zg)cBk z%I|5;_y4W#D;}Zn9s42vCtm)m zPel2%H0x*AkxDx$e340@a6Z)`zJiny#8MGLM1Z)bpYQl^ZuXDPGhvL5h z{il!ypE9spVG6$x`!8^n@4p`^75kII@2oEU?||n1guJiyx=Y~;=8^c&X8!%VqK9{r z`GcqN{^yW}|N3`7Am?v1?w@#y^7k(u$knnCC4YN-|I4qzw?46BEQMdJ=1+Eh|NpDu z*U0>>?+V^u*MlFwxm)g*qWGUz@8@La>*tnwA1+JbH>myZbNu}wo!_kaA%#yKE#>z; z&HJB+Z~2N-`0IH8YQV?qp9QCCkmq+ZKa~0-n3LC^3$hO<^Pj)GD)Ct#^Z5J~TYf~z z-{>alujxGg(hU0js;BY(JpVmje+=9F_;!ka65>M|{JecFs!;f~xc>bA^8B-I7l@0W(0*O#`|pvW`^o*A#tm`(_Tuq3 zvn?m}um4Ttuj&6+$MqujZ(bgc{kMg;pS|DnsQ&AV_wV}K z@bh&?yUzb;*`ze@2>Quf!w_kY6l>j4t~1NPrj{Q1Q#ceXu7;ZGHi zc<)UO|9e>@DEwaZ|Gjy6|MBWS-!G={Bb5Kpmhb;_lPZ$_<8kai-#C8#RSiCMl;WR% z9{L}e`9GvUy=V&m+fdnmA_2}_-v23_`=x3W zK6oD6uUUUp>)&Wf;U84@|MutY$Go)ir73(LyuaRmp7*~pJJb2|!TA2LZvfA~;k~-k zDgFs~|C#q`e*RCq`qg0y|J-0)KOOk_`@s1ovnc#@B?~{ifg{e*Is*zOxpE{~ht3PQ3hmpSd}P z!vDPq^_Qmqis!0cjl$1qE&YeUF~0qG-=1=S!vCb^kH&s~x_ZY{3cnNYpA2Z$|IEra z%24=1-^=y~a`W@=z}XyR{$ZtRzh?bCu{iA_#eb!Ge@!!gI(%CxgTlu(kp1sF&i8-W zi5JNFi;ZgjXXn>X|8|8)|7kzseO-9|2W}4QLdjozIrhJ1{-(EFHjTnh#`Xs^{>#PI z?H5z{dAU%3_unRvjy+|ftL z|H?Uu59H(L@3Q2-hf(n>__|W@5;;n%)!lM{7 z(Uko2asCH2>*x6%gWFR0MmT={{CxjCxV;JKKXpR9XB@x&voEjv6U9FX?XR~0&wuU4 zbAAe67w1pbDPI50`EA!=3V&GX|3SR|*)u06x&8;M`LCHjeSRxV_W#dH|NhI*zxJm; zBljQAq5J{O{3-Rq#bZ?a6SB+s@B4%Azx;s@_fhzw{UtuAvHxH8n{bH2SH}ABKpx(H z{=Pb$-2X~=9M`|bevjO`aU#V(=WE#hXny@&+`O+Fh0ntJ`H%+xXWLiE`lS}w{*cE1 zn)Sn@r2VUm{qH-<+mB*}r{AIE4~>%T_vhf}-}5(ylm2UmGSdId>dyDy@FzB3qWCvO z`Mo`O{OCdR$@r@bj$crN-`ez#-zomN@&5dfrv3Zl^Y5qdT~PikjsEa0`*Z_^Ux@R^ zpOf$Z#UFPj_3tQLzy6+l|20~=lGMLraQ%2ay#IcC)l1VT`Jcx5>*>Ywf4s`785DlT z3d}!g_|KiVCWXQ`!}r&{*?9TKogLMi!vBr)KcwmZLnB_?O5tBs`bWdRL&5=a|Njc+ zzXI8L`TbLy45j#|UXuM6()eHX=Fs=wPWVl(Uw_znB2cTi}uSmn75ykdt|hs zi()e7+|i zSxe#j5106WM*hTCN|X7U>fI#X+n1NWcfFC{Q~dkl`6=HS-u{nk`bHv!|Kt?f&!_qI zzrJPl*kfsA{mGnzIDY;3@&BMio>Nr&d!qghY39#6tyaWQ_zG(N z<>mS37~Anf3V%-V*Win8sYB*(Jo{w(v(EABcUpm!C<%R?7@M&UcPknIm?^bFG(hT4-z0whZMvT8G=-1D z{__^(cn)XlX+-5k%{|vU@cZuJ>AN*|N zA1QoWY=59IKYp*5IoONBpH%0+3-R-(SfhW>Qux&>ex1zE-{flj$o$_7wBP~X=6L;Va|%Bm*H5r3kAK1+BJ)4HXQBTS!~373js%~e_`j#(R}H?< zGi%BHOVfUL@R6y7r*^@m3OK>qHfD145I67Scnzkh?6u2cMHpO*2X z=Q7{^BZaR$OX1(IBG;ei4}SjkZaywIgK0-9ud|`8Qzu zLmK?u(6P=G{%x#(_Fm%quSUmz$oTJu7yXao{QN)p<$1Dxu$QX8jp6(MR>gPEQ}P!t zFZuh<@%nez&zqAdeEGw&|Fh!w`QNot?^_hU8RA14eBK-M{om18{~gq{ztq1ElJVzq zJU`(d!uMar?+%41`77?m{r`Br{X^cJ_%DU8sqWt|%u{7|x`yb%t|KVtT(tggx_tOHJ@$dG=$B$C|w^Y3!pwS;YA1+PWuS^{O z;C0@AnDgYXr2RUI{-?J;-~J2b_f@9k&w3m6uO@!GTke%NDSS2b|2+x(`uRI8&u0`q zCLZ}~wA#>x3VhgzZ-o2f8VpiWs3iDd_Thz%j=(#Tizw} z*Kwbt{F?duM&fgoDE_VR{R4kte*DM3_T4cG{~r3^0ge2RUs_AXZ+ogq`Mm>p{&WAm z{u;$UK0)GraeV(J-7G-nKW5|pmoJ*vzx&Gu$o$cu{E~k_Bfq!&i)8&|yAC*h8u=G} z_XX*{biwn_e$D!M?|)A`NA=&BUnT#b2EXRq-ZTmykNmwu`SqLGaMURZ{~Geo(%|Qh z`H9@W$i(`6Z%KaqX8q_VHp#Kum@c$&|AX5Kc+k^Zs^Zx6w*xyc4{Kw<@74Jj5|62R}kEH)sygbgo zTfF|PFt7D?ihmWv2Oi?bzf#pNPf++Kh|jvs^ItG1@7EOmQ`~i@8yUOCGqmV-hTV*6#p3mB!BN!p8wOsyO8(a zRDKfWPvqy%(WnO}Q~Woe{_tGm`PUnmJcGh-Qtj91-=g)NAoFhr6<#BMpPRpaL-BtK z+aJ=%-?IMZJQRKq;<(ZBsWz1N1~Up9#2Uy9d11D1V3`ftA6 zh#$_&pH#9b>A!Z5k$BI)y#5HaJbsUo|LZpqUx;7-KVCmOoWk$lEb;!9JbvAC!^!>k zxp;osUxc@R*}iZ15XFDxIgG!D@&3o?^!eoe_YypR9k|Y~pM5FcPo?;GSL2t;>yN|r zau=iUo7DO5SNQ$64mYNf{MX?50e?}x|89KsTmg#z7@R*L4L*C|FY^4=V630;Kgjbx zSMS@36#pNve%<#R-+xcN>LvZhA=v*R4gZV1gH4?wD;MZTl(lf~Y$I;k+->dxi zZG7zES1JBS)%fq?+dpPwy(SbsXJuS}!}#@gcT$DFDSXitxc*0J+W+ixEaS%X}^eQ^KQH<};+4Vyk%NA+Lhg|hv@ zt^EB98((_9AceoxR^q+ec>FhA3X}UEr?z7MYx=KLo*h{f|0($XQ9xrq3KTrPg~I=f z{TCR-kKeudgUV6(Q}}+9zZ&oV&MLBX6@@PpC)*z=!}}kvSGaeV!f#XWZw=z-f1wLc ze?j4Ax5xccP5$JQxVYUE{$Ff=K(l^VaY6vDT;qPb$`++Uj74rwrWk`pGAC7)BcRH7ZyiQ@5BwoZGA;{P(f-x<=#|J~$I$@q0qF>HSi zzW-lZ@9RPF{{{6&P=n9RF^@cd@P~RoZU*l^^d9svDgPDZ?|qn;|Etdikoo6Es6V`Y z`SG7Lx|5%3f4O$3zpL~5>%@%74Jmvy?tl0y^6ej-eefd`-h=yB{)c$~>D}|=V<~*$ zbktux`TqO!^@j&j_=4*FYfb;381yt5zbwJ|8=S!F-(2Iylm1hAY`?D;FaPOQ_1aSM z7svXcpa%bXP+FN#VC+`+ZOI^6#43^frb64%e^01h2mr)SvV& zg>QxZmo<~u-=7{Su#m#nQ}ah7zdx!#X9}OQshodVyZQP1<=LW%6#fGCzxNNm|B`pj zA?pujqW$p3@cq|fL@JrT`W*58l03dam$dej{6o=xhBWwcRryP>>vu?OVz(7^7)Gwmfs=u*ZTG{|KZo*j~-Yu zhT^{*^M^qVenq>N$@qEXNZdbomY4sXQFBTEBY^jhW@+$EhO8v>cRwKipl1HRI`UU? z{r-mM2Sb|pW8Axg&QtvtH&@y}-*!HJnO!82^dGk3{!2*X|CXH6l^p-ZxPRrn!tdWK zZFG;c|8=qd{Tlq~m}_MGR2%ny0y=z|$Er~M*B0-83u*9uO4TLj&%grcfBeO_|LVBY zw0e?sB?IR3tzy#2lRTJaGS zewo@ouF3mvLkIRH^Y?${#`S-d@Bac1RNO@IpIsUCmj>UW$+006{!PROH29i7XGBr> z0OCU${PSgE$@8}_6vp;ng|I?WN%(}$izdYlQ_GJEVHQrwu%*Bs?%C(O_ zrTFhi!}w=7ufON*E>f7n7r^{eR&JjE@QGbcQuutB{|adMCzYC8hQfb{@rP$N@4u}$ zF$dt`??*g=^-F%u_zmbXVH|~Ts_Kt4_{=d2$@r%i@(*e7?|;3G^nY@`BlTCHHotyf z8TMfXO8)K%h|kH#Uu(Bs3Q+h&)c?NTy#Lkt{KKUGQ2IsGzfrvWHHv*l?jMbP7xClx z{N?#=1=myZ@4@|}P$}O38_}Z|X@B0p{I_=qkAGoAUQ+*ukiWk)kN;re+47Y9xmEp# z2LIBDY6%qnGV%{-w`KVDuX}bnxqrO^_YXrF z{K5I1Nd6wYztsOQ&p+vlV`Tk85yXcy_|I-tApP%;)%=O&`Hxxq0Ga=&ruKgx;qe1f zQpo+kuaJL0!#^;q4e38Vs^*`D|HeO_J57!M2DSfNmY080t~RA8eASiG{suMr=g%dt zWKj4b`<}ajWPbe$K&_ZTu$1LL%9At`FQ(% zq~?-?6#r44>>gi}93Ed$9-kxTiLDg=?Z>420S&%c%}={i_+=MRe>}wVKR99;+5d?{ zB;NBdkI%h0Z7#+C%0Tqr{^tF+z_fkYDEvZ<9|LuH`_-iWF;f5BMgD#b|7DAdkol{3 z)cr4U{QCLJL&qPf7qI>1c>Uefm$`^){|k9!|NHvz_^DOaj->F_RQ+Z=FMs~}FBPZo z4G^C-fX`nyZ+hf83f~y@S3uMLvVC$sNa5e!CHpVn<=emIRNzYrU#Ai3uNQg!lXLP~ za{e_zyth2hfAG}r$^7$|IDXzjeE)q>?`<;vE!aWIpOugI|3B=o>?5lEoALgAZzF#F zEctz3K?*-5GRc{E$j={&*Ak_J39R{5%R@Vza~ts`Bzbf2SJhe-y&{AMbVE z{`5W_$fWqM@=N~yO1%Bsa-#?J_Gwd zSd`ZvIi|;w>u(13zyC2_f2_=1SDEwN~Ki(#M|95%q zp;{zY5%4x{jXX77e1P?hT`viL&_iW^7^Cr zLv4K&erYw?|GroG_48KVCglFnVAX#$`TB{*3(CGt@vpD?Z$6*@d3Vl8^8C_WtpDmwyoNoy+52eq=xS{!35X zKMy?4&;Jf}YJX12KLPg-vr6&pzwukQ0Tlj0mA`Dk^M5`^S2BOu8^=GO8NVj=KdDdg zUy1QUNQ2+DuFNh9KNk6WZ}9f-ndu*s^FN6E15fhppF3?mnSXp0*N^87e*D`%_de-= zFGPIkBCmfMy^yC1)&6lxf3)P~pO?P^8UGC2hWcY3FMq=w@#z%*^=kgM;`xtB{)^l{ z`Bb%E!$10RVRHZJGLB!?d|v*l6$y>o;uI7&h-@Mr1=c)Pg2>L(4qP+jHy3c|}6h2D%PYe0}t5*FZGJeaB z@2>`K@$V1R=(D&N#lJ`u>3{p%@$+xfU$1;m;mhQZ_>iXm9$4Cfj9+Hs`VUm#*Po~U zYvlUP*B9f5Tm1O1A8@M$CI1!WzdX$QFNdZ+cAUcJ#rlV=xB2ng-113s|H_Bs?|p~I zN4;{3JU^TZ>mR)B`SB~YBX%Yw|4p3#K@IpV& zKK?t^wQ6lj{s+|jFCz82v_>9JUi^dl?~KcjlJ;*u#(%y?`0+11u?v|$?1uW&ubF@Q zO8!2Sl0Q@FKh5|(9BM}9kH#SXKnH&OYcxAf#=k*af1daF`M3D#zNGz$!|@Mj+F#;E z^QBb#D=7b^4)1?fdaW(#KQ6@n^S#E~|NX6cB~ko`qx}qM+W*y_fzqQyz+Mg~;|GdxhZ&_kULyCVH^glzI@$`@L{D5!&y60lQqU3Lc`ZK7(2cEA@ z#t*g8etK{7_UDIhhLZK?KjZxMm*@TGdjMW{bKWqJMg z$l|xj`1?<#zck}_=bc|j`*|7V_iOs^?z;EL{96lLe*q1C{i{bFquTGeBxh(~Jnw(J zRinu@3O^0!Z%D(xa_O;0D10Y1f9~+}C&ypeN&Pic`EMHh>M{LD|L;Y_2Q>J?wL09O z%C!at7s%UhSX9~(zbBiv7o?IXodv z`%Ao*N}fNM*a7_)P5gUec?)v?X%N~!|6;!XzJ9p-RjU1U*A+D;aBu>@{(pb*B{F`` zNH1XEeY<)8?a(7X^rrZa!Sxr?=&v0IUiu$}pMiLP1z!J^+>-5K3je<1ufhLRur+Ca z*C_rKdHzMxAKpjt->&#;@Kt}_L;7Dw75_>+{~>wSlK$Tn#b1LTes=-sKToo@L=pHeCOu_aol3oNxc>gp|D$K4(X?9~%6X1ve&9_&<<;Xa&#z$wnPX z`{Bp=7pTXt--X+nkoxm$JpUJ*!1vz^2R|K1$=^ujj~?RZfAy}n(HulKu44Qi()8b**&E3DyH@2-p5y)Z>Mb`_quRe1&7_x{7r-&+3+BJUq+hIr2xy!=0ouF{j@|6yJ^|NI*M z1-t(50EJ(R{TG_Z>+iQccgg(EOXz=vH0$TFs0Gm!|4q35f?nQ!S3EO1nZi#mY`Bk} zfTsO7|9pEIh3_QdKloorgAY!a-hjgQ1iTO8NAEp;{72U>*^$BzK>mIWK2&H8X}=e% z^Me}vkGJQ|qWCw&`qz*K|K#UGexdNM)ji;v4e%f0_!s`;v!^J0 zix|XL<^6}~c8wpU@O{<$NvnDNvusa)k-rVwKc9yBE2QE7MAb{=`5lkS|5fAV&pBb> z0~G(W>imud-)CPGSwG-K{sB$@H{Lw+CyM|7v38w-O&m@8z^3=!;eZfqV+0sXGsXgA zz*K`Np*TpEWm_OiMg?qI6gq?!LJa{#3nih19ter(C7~p=5Spl=V|s^g?`~Jtt>#uH z@5c|$I_a62ot>STo!z@VeMr*3D~sL#U)%Ebhwv`Ef7(%t9Y3!hczGYfm;6-X@3yk> zj~hkqg7Ce`{%g|y#v%O@LXz}WoyCxDGh5OVRWT-eS{u)eIE&e49w6N7uD9wfL-a}A zwWbt3*EmF%sx|Q`mUP{KRK3<{OC2zzfvUauS9GdgHwgVa-E6Yz2gD_r7!pGvm8~-O< z!>0d@UwBvpn4fs}KeW#uPN{uWM84Y-eNIZ zf(fo)f*qMp(@-QX{v*Vsx2a;|S|ue}5E^|M%8UQWap;!bBJkpej}(94`6PinA4AcT zv}U7+pD3h7pKR3YY^t^fy)h|UFTuR*+g@6uT^L7V`()pA(WdFCA9vQRjq6`iy_f&)5mFTsqr>_x{sLh_GN_EZ>EYjq?pj4wCGzIQ_L2FEj7(cPgr5W zl0p%`G;MmnM6FS4(&;U#IEy*Sj{azEHyD%jmV^+&5vWkZqs?}tx+L;F!dYz=yUxZB z=iBl^7o^)P5xh!kx0!8e=>r-ykyJk*5Lrq?2;JJ_zb+K_QuY&{HVdJ)(7<8kGs zwAZsw;?0ClissIrzZ|~p*&lbfw-jHvZK>jZIr2S?Piw$8fbeam@|=;0eJ5Pk#3bC=lomZ$dgh44F?Vfp>wkC{SBLinXsBs_PS z&A(dp*_jZ2Gsg2(+4|4-;NM&jeje^W$9MAlh}M7Y-VJv__?cLL>Z@$||9aoBHiXZ@ zqsAE`udmVkcQ*^K2jLIYk?MQgLpJ{ppBCE=;R{s2>ob1vU(c%42f|msF7=o1s%9}_z`4}|}-AC}(_ z{$%;6&mjD#SpS+-`SYoC|HmyH_zJ>LA1LwXC(G+2H2#mc8-GFg``7UJ`-+VpJs7cjV9A^aiSe~wuB`)z3X7p{c;j{)0{dLr9@&d41E`tP5x{?svS z|NnI28c_ZSZ2zwMZ2MiF=kF+}{fDvqTo@bw%lWKF5WXOeAADW5{c5JgEral%V*7Xa z!LR@K%wq`u7~8*E#pYkwK4B4rk0$m%m~H=Gh5Yy@gg=S<&pDNCe|_d{9tGj^5&t!f zjo&l9v>U>IiS6GN#>UtCFupm2zeMtnZfyI1xis?|2tNtik7FU*{yT2?s}6*JM(n>G z+y2kR_FV=11mnLO z=P#NW^7<0Zzw@Pe>mdHln^OLzZq4RjwqEI$5WdVW*#Cad&Oc@jK2{UL^CW+4!{#5; zq2M+Me`F=r|5kZ@if(_@`@w@C{9BxVsbkpu2bXCM#{ZJJB>t{NZ2MiDRTa#?u3-7y zGui#OJm||~ko+S*!}{OOZvUCBjfX&Z6S2Q`?DijaB$R^iV=$iUz{Y?2cF0@^e-zuV z^Cnw=+6wt~5dL0yDSuGMvH4$7)s2AgD(t`1-P!o2nGZHVc+GUozYp90{i&(462kY! z{>NRF?LS(EbZiUZJ7WLm8o-vnMDI2YA^iFRIRDeI@q1#PgZby(XW0I=Z2a6td0s&L z^Wyfq6506ZQcn^g{L()q{%Rc?KXS5rEQG%|O~N~`vHkzUNuQsB@YS*W&dc)k1=|0t z33-(a;aiaS<7VSyHpT3N@NMw;bNj((xYtBO_?=jPuIudf4|$V*8p1cm{#&z^ZNEob zWr6jJ`-FdIcK)^SMbUB)|2>Z-`*luZ=U?F=6_-Q!mBjy4XUm@}^7;h`KW?XFKkn{q z|23gj9WZ}hi1CiT?D_NRJkv%){4e7Al_Q3Y&%dWLnE&M_^OqOw_V*f|)dJ$*2iu?K zHoN_mN*_1^;UAIu+Y~l_V@mX02w$G~?<2kH2TzegN~gF9Rg~yXUjzpV)FbSpOQl z1?zu1TmK#FpE?P(KasTG!0!L>cgxp8_{jYde`kBP{H5RCn+Do|^H*h?<{g0W8}R(oRf{cuLWddUA^fhH(s*-TWXHda zCL5SPp2YP-cLKZpuV=Qa3-SMr^xsPM{B2#+DWLuTW0&N2IobMq7;ESX@xO`j+!8i^ z$;jED|2=~B=kSA%AKI`e#6K6F|2lqS&;KiptPT3##p|T@yA5ppm$^6N1H``-j-Sr& z+4*17$o-ul{B_)Zb(SCh{l0t~2!9siT?5$mSHDbU(0>`Q{F-%a`xzP0H3Z`Sgsfks zvH5es4?08m8#w=TS=ji1PD=_v_`J=fsK;+$;}?&kpxrKWAb4|D!wdOoI6Tjr^~pc>t%`!0!JEt$L?H z_&eBtJFV>Tb8pYB))4+3nSUH&kKgVKcY^$*Nc&f?$Itg~hSi1mcgJ}34z~VZW^Df* z!s{{Kv6GGek!N-w2;sM2`{6gU`4=?Z2G>vO;_>J9gI{`lfD7X9 z!usc~vh{Z`fA5D7{wS8;xrHtN^}UtA`CnaJ|5hJm+uzhBUxWKUzQg_JI?k@&E?v~G z9VCAYslRs|#GHRbb^CTRh{x+^8bA0VCyIgVkB@Nt<2$kW|7tA8L;Tm``0tEk<9FOo zC=KBgaQoe7+4|pD`y9Cb{5!6HIeprxk1wW#a&0fznh+aT5R!!ApB%soPWCg;LH6w7|j2_CgZ;` zn}3@cDlmV4kL}MH#l}xA@+(+>xrh6YZ^gzRuCO1>Ukl;$eKgT*d`L*wGm!q@BmKEh z{CE4oH#M~Y^Z%?yD1VMX_(5#`C!W>;^S9f0{neeu#y45~{vag(!9S$>i_^@;-|gQD zT)+DY$8X-k#{d0iZ*c!z682wiD;qy{{)QEh{AxSSUu|ss>iy?H`+I}ue@;L68__QU zA^vB{{KpUeo8uv%|1SQoG=EY*XUC7jv-^ST&xyEx@AiZ5SHk`sB!970lKvbiZ2#SC zN_t)h-xKTK*_xgI_Fu3HTz|;I@t=RmZhzIlj^O&;D!l%pdBw(GdAo>%B6|1OEY+Yf%{ck{vh zD}&eL@z;_)e|o(8!48Oj3H*K-M_%^&U-|lKFn$fj`r`_)@f!*c>kjcxs)p@%1v~!_ zx7WQ4;g<}R@J>71f3DlV;0p*}w4#*1I0~`l4{wn>2*THUA@S$;vh9yMd-E=Y{}#7j zQ-sa`{%0d*LHOuk@qpIN`v z2IsH6$o{ohHoncq#$Q4FV@UmXHQRqYFss4!;~O~t;aaoxcRy(6JBWWOmfz(Ezrg)v zB!usU<>!82%b&kZWIqV6Ci&NCcK)zx{MTj(AB64K=|}%j$rr)>f2;dQ<4-e@J^qVq zPHh75?}_Q}{DseC$B#iX>(zqr=(R$e z1K~A(@QbdD0{7o8$LD*w+p+ooJYvgph<_t8{?@SZl~y$a>!+n~{NR6N;}g0){R`qh z67N5Du4m)N)`pPrZ;>2?c@hnJ_vsbkAHP6n}1pN zmHrU^TO5D*Gi>|sHgeJe2%q;aJb&xc|cogL?Zvc zZ2VW9PL_l4QwaZCZ2ZL4|AP7ZB|QE$ui5$MSZ(|Lxw(uD=|+&=ag*Jj49m zZ`l0j9cT{L-yUK9>f>zw|4a-z3(3!iO7kzi8(V+P%~|guJcsMgTpT<8UEjQ@DunNj z`rn1-FWd!o{;~bSy(18Q4j#YiKJ51Y2U!1Hg!4CzAO7D3o&f9b>6pLc zCVT$Kl}WD+$^RvpzxlyuE`jT38;JbL?EK|@qq(;s{{;Al0HEr1TV>+an0O5Dx z`n9?vJO5ucy+{azuR;7r44Z$i1Mg}=co()m^=bC{-{NQ6M?v^iIR2`8vGHL|?BM>Z zKe7F|-mvFy(;5!3K>Q1k`Cm`A{amsS0{2f>A>)T*?{{V)7#S|3RM z7$Scj_V|n3djOn2W#I9n$;Foc`=aBTK>Tmv^=GaFTmJN62e(4_M!0_Jyu`NOuij?N zhVXre{``!;cWqw(2;qAY{=L}k|Lw0f%^`d+uAizev*o{gb@WRJAB*wMmu&tk5-pF%1@<%m?PnPB-!6oAcVp)d*Jdr;2=UKF_8;_S%inF>Pt_p22Io(j zKsNqlueZA(d|Aw&=h*r``TH+RA$%Poe=at@>gB7)ApAYDf9MW7ekC0G23-GmiTCev zciH$$g`;92{>||ILH;wg{#w4>dK1Dg!u2~oFT4F6$L-66@OF}a`N6+l-0u~He-wF3e*Vi@kc~g}`zo-0GW9uLe=ES&U%z?n!S?@4p1=3ge+U2h1B{Jq~6YG;8{0dTk31`ng{&Wo43E_8;`bR%@|IPU=xB!Hoi~T=$kiGs|+iA@W z;Z=D4td3)kpNtc>uOa*lBL6-1_`lxWSrEea$N7`_Fe1MxqJ@s5FP`9Dnf zkxho**{X2E&sBk-NF35DPI3^R%Z8qPjy4Ee(uKmzukV?Uvp~p&XD|L$ok`B_W0YC z@UAt4uZio|u43%*Q>RxWF#m3f@!SJ;{2pT+Iv?VnfzQX_pRnbxk-rUCKbh4|%J(#W z@T*;yn?n2-A-qfQpMLPY^A`j6Kdln@N1^$nAACg7n{^@nuY~7c&_DhuyZu8h%`XDs zGjRNHJY?&?`=w3b^EU-?{mzw#9l!na-%VdK;9tODgfzC${}(RqoDpLAmQ9}xdZ`28!I z%WQn3a_vF?zm)9%e#XY1>HnrA#D5pApJ@uP*FRk4Lcsi|IG%sF%d+uNMIH`;_y>^u zsT><0KC0b)2!9jTFS$x={E9Lz(0`T3&;Rky*#2kM(IxL7{MM5q)-17t`M(wWANOeX_!&5OCFp;?#s1UDv&ZlKWfj2vBUSMFndTAO|Na^=4V*uW z#`5#w?D@;Cva7)Mzr*tv*9^A*Et9`KIR5tF`7fWq&cAPN+m#RMzdLyT=JM12+Rx$l z=P$?h>oT(K_sl^pIDbvUuh z@i*i7gR?f<{%S4ex+^`FH%= z0M0+dvHbi(HvZPgXfS^}NbIjYTYs9J>h+-fxc}5nHh-(>?PdtS496eWQZ~Nv76&;0 zyN>nm?!cD6%#+CjA^x#gf9}`p{Buju_h9{Q2g)BE!uN`h`yXyKTYm*cRC@#Qzl-to`SdjZN(*njfbeQz{~Bt)nmS*c#uqEN3mpGu zJb$6jcc$@k|4jqe-$!FSPn|DIpO)so+cazh?$|08w2EzN(MuIo5R{__a0 zMtJ&sUK+1g2Yw0RH=_ET1L2*1_}}kz4UFG4(DR$ZKl*%Lntx>YDRBL39QJ=s>U>@r zKf84mFn^kl@$~t;H2(eNzXw6>--+zUCFq}=FDf;MqwzHoHQ@TkKs^7{SlIKobuk^l z`1J*uzxu(KW%6NB2AV{7b4za-Q=O-@pFZf$$Bnd3(-J ztb+WXOON;92wyfyF`HA2dR2-Uot&AXGFwvW2}fmSA9YKP)I_(@aiht0qjjjkrc33T zNC$(Wqfo^&cJY~_=ThO~5} zDoty#rfQ8{(Gkw*c;{f@@LU44p#w@)ZR{4U@D;}3(}IPs(5a=!%v4AqE}&roDw;RSm;PO zM{-cF@J)hX6Dj6Il?{D}O-cv}5k4g8bulJ%Ix7n(MNIozGnlol9)dCYvp3b)~^wH`#(v zL(P^!^^hRq5dU~287*8>bR779JJ`FaUw;)tIzs9tkHhkh6iiib=`J0sjBE>^ii@Ph z=JnCXkYl8;Q_4P=8VzyZuY(CskE`pry^1^86bZ~^!uQkD3v zcnq`X(gern(U1sHI6^x_aJAxj)m}$ed)g`b5#hAsP~PiLL{B(%9P}haL*lX4y^xCMSC0`m2+XptYa_#m5QBW==8RMRj(UFypNa& zp*%o3J|1z!-HS{nJAH~xOE+6=2qLBwVn#7Qx~ESfcR^@l)yF_RuEg^P8kL50mEcg~ zkO0z|?(*~MvA{mA0a=*VW>s~Mi|(OK5yvG@{e}ok-9}>$pD8cpA$*XS7U4VqI|s~F z)RjE^Y17g9Xm3%P)8b3KoJ#- z28)<1iZ_JOj&5|;rpK6Umds8Ds|`UR2ceT?eQ0c%tb&b1XQzT_oWoFbu6t5vZHACJ zMexazKfyg7EF5NUwxEF?5MxRT&mQDMv?y7%g@$F1RlO;x20zehHZ`w-{tPvz8Bj8j zZp*Bp0Bw{5DAzn^Lp?j?5NxAfhVcK#W0SNttu&%?ibZb4*T*!MhOB4IDE=YFM>|qu zQ;+kfu`;WSvzTpW>~EE^)bK$+Ode_#=U6Ifsuk)J&x1M4m%^feDvjD`6mS%WtrFG~ z$~_98^9T>$RGTe5Ox0FM9EH?3l*c!W+7xRjFQ}+tm{&d`+9Z)#rlRb@87!Z}#EYJ? zlNp6tl&^tU=_heoTdF^-*U%LNRf*Diq!$x+ulqtHa7K;zdSPXf3oa)?c87Ku&B1Z6 z(%NliTUz>n2K5{AAt+!<<6e?U%2Uz6_lIqOvkRTBwHDO{bb3o~i#9!7k4CdW$C~#K8oEJ!XslkbX|4p2+#}Vul?n76m*bSOJW( z>P)LnYc#6j&ALH?TbGfOb0#Gi6&mqLcGMZI?FJ*N79fbvSD`rn3np#$8N+Dwc(qXs zdOjY2fYEOoHxirZxge$}_Yme_CcSZ(D8Am-S&!0XT__HrxXp6wwHu967!8u$7viWi z#^r66{Rp+&Eb4{swx$)=)(L14Wp8;t%|00#sLrLx9ilf6>r2B8*xx|A{t z6$TPbg}=SSX`rB10PM-PP3U_97XJ1R4$J1u0CO#J7L8HjjZ#&i3x|ZGzruy`3MzGd zJi0MLHzsI2qD`nf^*U8tSXiStVHW5W7J@>2zr;q?f<}ioW}rP^Dxe!SW$@1aQUM(v z)J{~P_7IJdENeC_S9uo%u33HxOljQpF zoKE%=X?DZm9+Q1VWdf8(#M2_du@iK*e(gpyVbfY{VsRcttTfpTH2*~IjYyuWg<@&H zr%9-+=+jVC*C)}{FX=Pl?bVwfT>xtVI%A*M9>EJ!EGhmAe+l|T-dF)`u|!L8ix+E% zVh2SC^G*{=S%d*4{H28U$x=|{l9EcVS)L*q`Z1ba$ul2CH0pk_aw}eerDfv{P1{NYz z!!3q%8!8AVidFIKL>x(LGY=5LKB`Ozkszr%T6oeEI4Y)VZK6Amk?ac@DSZpAInlQ$ zIC8o)Jo}aho_&jgBd<%tvu}Ce*|$7!-+<#2gAknll`q^Aak77lZ+XM_sEDbpRWIaNR#d7?$K@U086&nj7Cc^W z`$)JaiRObmwHRrR5N|`(ku+L(gIU!byH1Z9be2qH|EhRH3JM0O*o&5;P~t3~-ecj# zF-JlJ$yd?OW%sj35Y3$+aU)SYmEA#vWSc)V^FZH0wwAC0@-7F1V6DNA;f#lP@46E4VS*|dp6#oytd zllIF7n9{(*6*ehT^YDkvXJ`s4kY$>5s@__It)0beN7aaAK13*js=Q`@sCt@5OyQb} z{AIz`YsRNHdJ3q?2K2!z)&}GeHOs;e(HiZZS)cg93r}{1WMAq1BOj*ktyD07{xH6! zv`^o;EJ@t2AC7nJlk?BWJ4k4JrQ7Y&AiV34#8Y!i+CQa)f6~@C55nKgFFpV5?kDa4 zR>E&vak?3VU-gxQAkU8~;dd9`#zXk( z8~z62-~B4#`ODJ&GbR4XEA9Otyfp*k)201aO8Dr@`wm0+eMJ7QlKm>-`PmJ=f$$6a zN&H=l*!UZ|Gx;I>FrxqN()pE2{P!K~84lt9!0!(v=YK2V=URtFKzIwXAK@SIA4>Sk zh9avW{O4rC{Erg;pR)R55Pmh;|A)^XQNkB)J#GSoe~kOz zom=uBO86f`LtjGptT^fXMh?F}O9@{g&++9DzT-*Be#rZql<=>f%)Afb^L;M$A9;U) z624mZ6QL0PCv3mO|0?0T7MKazf8*fj9~}Rb@P~h|e-OfN z!{e9izgNQF4*xSA!mq~fUm@{J$_BFc-I6%AEq}+Z5WaW-9)I}!SS9?rYS)H9_%E^l zB>qbYZ$45I^j~^>ejgb>O861iI)MJ;lSn-N@bjxmcvI@sW03q!2p-!H!IL~f8l4Oc`SRy4?rI_BpCo@-iTt+%$X|%w34ZCdhr9Cy1{OO+;RmAl;mQF%f2pnC6w9AK zH_3kq|2as0XN$s|2EWII$W8O_|Ec;X2%j04n{#vy;LcbjNtN)y%a2Au_zfM=^9ykS z+_?qP^iVgPq4FPndbM!G=||NChC^0f>3;A#Hu zy<65H{&{KpDTnxL@)Y!oH+;Hq9kTzTL6LI%-_k!9=gt9s@w%}yA^yv&BmQ~)^Y3OZ z@hzmk;@)9^B=nqUiv3p9b2V&6v2_J#!^ZR;WeoL zz40yu{H!U*g!g|mB)=y0gA){g^){IQgGU#I_jmf>uTgl10)Ao1mA^pv27&VSyA<#< zA9k({;agL9ZaXZ$v25HX2!9BTKX3hUKg0Mc-wqYtKkd{0e<-|K0pF`{12=@fN8ud` z__28wr$G1$33B;eJ7D?$$)DB>!pGD4+X>?XoEL@nZ}_yoF2!H1fKTi?crJu*Md2L^ z_)+^hj)w5>DgC*Ah234GN-Ef=m z{xTo?X-kbC?iy_WYU6(4`Dq{gXB1wofIreLMtFaa4?d4kK7KT*QXPfJO|E%v7ak7b zb8VC3-3AyxZt~C~5Z;v_$GcifbriyvT$417h4-KN$UpfI$@HXta1Mm|9~ik2^xp$3 z$@z2bVgB`Q=8b~*yD9s1#KQPlgBxyv@K>nztJlKz_f_}R%^>_1p5(4l`*|bW{`3E~ z6W+h;qrdPddHbDdFn)^rp78!0AAD`veg?z%rhmGhLik|Xek?Hl)4XXB5I*>9}Rl2La-zRc z{+_wy@k1R6>#x|LPQv*!KKN;4fZAj#J}JHIo|aR z%)j>j2^@rPNZ}n-VEv6be4zn^?@HM(KNgmMR#@#22!FVc+<&?i@K2XN1lzxn(!b*~ zc>F#*Q(bufkWc?joFUhra~v%HoZ!tG2;ZO5pJqIa@6<19C4@gi$?u#6_h04(z3~1D zANi;JDUZLJNictN(P0xH{C3Lz92#jIlZ+d3t=U8e+K+atTz?KNjIU+QIsx&YMB@`- z{Pq$3!2EkPZ4$|-BI_KMcVEgw|^9T20*nTSQtKA-w|7?cb{<*gB z_;vqiT>;^LqU}Ek?*9z!MB)8AKI6ag6FGl=G2DMEZQp|R8+!$L|Ecvb|C{Bi3Ga{e z;Xk#c9M2`g_#V49oQ3dhDgVdcg8RS5?)zZ=^6*c2`&|nBlSWT_4Dq*JkmDUGu>2zn z?FI9X*Hr(j|ApgcY`1dNApY}d|B(vwpMRn9PY`|+KEI0-vqn@4?*!{FZf<#S{-LAd zpQ{~gzt0242=8z5>HnJ4_~#6;{NFxW4(6`|ss7h2f$jIrQQMKYn5M@7s97g>j&H{ zIDY1i?g7r<9TZ-zfS)rjzwrJ+pY~raByYdw6m0*g@l9eNe3eW&-mz2K$4LA(xwa_O zRCs@|5C3zt|NIVafAjnm!1{eps(!6L4abkvVWYtOr4d#CabAS+wMv$XhvdIZ#UJNE z={?@0-Q@bB!?~^yem^~bNrUzKaF7zl5t^zZr|*5A6QqG0|qp2Bl~ z!1(x#7gr$u%c=T}d!Y0lUSjv;`p4y-|3LUx)cDcheT)Q0uIroMFAL%8sj2=~4H6?M z!I7(D;nPeR~H!Hx8cQ>5Pl%-Kl;G<@4}KsLipEI{B)m(^*=5}CA>e^$A7M) z=CAw(7+<>MA4w3t4ORcrDB#PDdJNXz4pQ@1rvlzuKC~&s|2;nch2%f{MOgk>4a3eu z__I{|H46Ciw|-Yc_^M;&@ymS)=D(rQN#Xt1KKkbl%JKYV82`_Py`cZq)B0Dy=cyb} z6XKuyFZuk_seljZvjkqhSwqS1hUM=%aeQfre=ya4jRL;uhXr8&-Tqh3-+dkC|NYT> zB_RG=YRl&@np-gbd0f;F5PlqOKX+k#-SaKM{=e0o(!T<}enQJO5dYc@dDO8;&J{MKW4!1||g z78U;=!tI~AU?G_Q^rZ4H_ahkJrTCbIQ2Sfc`NumLKkw7Hs}O!PCBL&MoIhE299azE zFVXo|DH#9aTt0CAQJ|aL|MI0_{F+x6szdy%QuAkx0)FKzYczy^L&@({zz004J`BWD z^H;Y5{ft>I{}aXE zt$;uK&b|@C*Zr3oKV{+e|D^l%3kYAnvRr+semv2r0`J)-;R>s zt$^>o?&nMhU*xo$KVJ@Rf2yJFBnaP?>OYMF{#$!1(0>i0@J*o_F{(O13{jZ~=3PJqWQuRko1sI=yK@jMFc2ncuT^YtN+3@8!i2tuYQ2kdG z#;*zM6bRuUJQ&9eq)co1q2*#W1T?l~qKc(s~n&vRxm^Kh>{|I{i9R=eH ze{kv`{;O#H;pdP@-GE#NCokLp;T=@{hsV!B5*)dz-^>Yv@ZC1Z_iwrt>L1Ozo5A|o z3QGS@8{GbKGwXu;C!#3-;c5lfFV9??4A#G9)9rr=<4ucy1?O+WsqyEIgzJ|b?)DeX zFY=jxPod(Ea|~R+zI<5q9fU76T<$*{!=!U4NWYQm#bG}`fbi=n`MHVGIkW^vu1otZ z2J_FK>Hdp_*DsUC7Y66wZK(afj2gtf2Qo8&xGw~QgBfR)czwBUZa5D zq-h7PfBr_o>D0`*Dnb*S{8orUgU%Pt)=58mzww5qrV)4>h%Z!{34X|Cq7p z5r}^`YX6}t1|I)2pEWxO;ghNQoBAIZUn6MG5D4Fbo_{FFAG}Zv?q9M}^)L5Zxc}34 ztq0eSKcoC7KNt2t8A+!vLh^@G{!85sZvV^3KrnyFpxW>31+QP+ie3iRKR46%-y7cl z{m=DzVEytal|Q)8!|NBd3LUuvwf`iQ|MM5%_J64OQxb%KK;!Gd{rCKv`MDtcc&h%& z<$>jIT{CM7gm022_dl)!@c4}y=LG9Vjen5ixsEXZT3bti`F~_ZdHu(!fY%=F@&uCq zFUo$@onZc|KgREc@O&vbfA=fc|K59EVK9X6L+MZbC#=8B?Xh6}D}mCVqcbf3fr2x> zg!r2&{qbF3e2M4+Yasjys{Z9tz;|tR9P~d~l>RkcVg7%ds`MV>-;L70<_)a>m&coa z4&ncx{eL$&e(kB99t+{aX3O&@E)JIeeQ?=NAbiCiDf|W4{~X-d2J|1lQS&c#AiVyX zZy5aiL<8D?1i<{&@vAOC@()tW$FI60?7y;>))))nGpYE=$HV#?aJg;=2!D>Mzq=Ih zNd*SKhVYSr^6{(b0rQ`8s`@erUx*q%nmn-mtf{#ctiOCs=f8L0{N>1(@4)!GjOu^x zE{s3?Xh}FE|Kbbs{&VMr<*%P>$qfkKn#x}sZn*#Z9@(gZ@SUjqgZ~WX-!^m#IDQAw z`R{Gmf5v|PJO$!k;V*gn`75ye_2QSgAiSO0|4H7%L-J;F4Le!W4&hf)@z$+ z?G52?Q}YLRKREvx(dq7C2>NF=idS{!gtRa8Kd(@9tF`oPX`3@aplf|9ri$E-3#TDt@US!TIm6>%IZ? z7fh``xaPt5gwQi_kp9+F_RkN1_1_|(4w%0lqU=u-B)x}<*e$uX4qP+>;-5mr4`)Sq z{KW3fy9>g2?nFY`P?(7-46yjfS zfSkX&8_a+2jXPldsV)^ioeKT;ebLaH5dSpFf4Qc@{_j|Y(ct>W5z7BNZou-pJHCm6 z_&=lYE`|2@o8Hb1;U`n^LtO}tzY|mTEP?Rfzm@A>69%4(q>d^MpeX{!eQByA<&ISAO3b!dL!Uu0Qouc>iwc z;itj+(ZkH=)adx`M0JV z%>Ro0IynA^Q~RG>3jMd_*c@>FTZWqdIu-0^b=ePK{&JX-U)=+?pSQV|g7vrURR6mb z@{g^D{tANhf4;E1|6B_EPpnA>m8*%X4-BgkMeh zA59r}{A|2&R0H8-srwRg8K(w(EWcAjvtk`{8kj=|B%{$91qp{=aA{|8Oeccm39)9mKyVHUC!kgZXC-*}59S&j^vv-`xuMDhrB# z1>sYv`mamDes-mvxdh>#eIsALB=12bc{90c-VE;v;p3_GE9Vn9{~XYJ{u~IONa5WI z_%kcNIs@VVq2@p2J*-4-a*d8_4$i;dQSs0H5T3tv`yw9Pe_8GpRsWg+=dWdL%d123 z52yN1QxW!G)%(8y=a17Uyt^`tf6NDh^@BCk{M#`KuD^e?VF%cMwJ87P`~dsUF9KG? zK<)2H;WZpw|6FkC6EOenOXUyFLNNaMoQA(c{EJfg8&?>{ubuw>9fbduieG#Y82@b2 zvj7OMqvDrC0bixV**XyZFKYg&DGBpmwP<912;YgyAGk^|zTEX~lOX&&YW%6Q;PI1X z@6ZOqYpL<)RKRyn?eGY~JE{F6ydJjy4@X9U>pvSQJb8~Y@f+k?f6$r!5dRs}^Ly@B zaQ@kCV*_yf9i{50?kceSb)G)cLi|rr1ekw3q}IPRJd7{3`!HC4x$A9i?Tm=DL8*A*KA%#h<}yO<^EeU0M1`uA6J3( zhr!hPvFj;p|0aE{rx5?V)cOnm492(GvZF49uT0_9b>Q}2ZZZR0KfXupKj6wq?>8lO zPp$o8a5dRYtUh^K7|Hn;J z7DD*JRQ~N$z`w0@<06DVPwgLbE8ttcHiPqrca;6}A7J?hYxL<5|7leG<}7gj(tgdB zFbE$&*}qePfBB%%ogw_^*#1Zqah`zv?~tn|u>R1oh*Wp^!|juOVqCnwf`3iuigXO z|CmS3!TQxFZ$11SLM6jl4E7)ICeO)&_(xHAz8Z`_&G!Sx|215HLsE$R-3s_Zm2ZIg zLzz94{0jT`lkyJ-$A1GHe5LZy@~XZ2gOZDD9sQ z+0g3&gfG=f;_TtCu>ZUCO&*-Tr{VmA;Fb1&_vrKmxPFpF>0fF8cBT9s!Tmc99RCS_ zx5D!eWtuMn*T3f1k?NNO?-&o~Ukfjd4Tki$y1P97X)eIyZ{gdfVEh?;NRC(k4!^%) zz-KqW^^+a%s)-BYe}MKM*WmuE8TQT35Pk}!fA{aO{DtmoJW6Zc>b2VP6<7P-$vzMn$vLoU|qTs%zy5M$@Qe2=kBstR49L7`Im5eoZ{w{)8wa`20$~Gjcr7!RuE|uT%r)-z7Ej z_G|LP`QxSfZ@z`ve>h%_cNc>3=W49D2jR;^Q~3L^{g$2g0~mjc43M{9Y5&@(<GO%kd??f;(2|CIKR&HCchA_)JsftE|sVe4%1;{!05V=4rWaApEr-<#?t26M0X(S`OiVSR}{0 zM#28aaJS+r2ydkHr?h_{wOs622tU8IoWIig{mI|TOn~s8t)=kO;PtykL$`tZ*MEK| zAO9|e_46XL9?yjMZs@2m{_&&T}}!2K8BR0`>pCl^pL3g83Kx{Rp^z|A6A}C<*(I#y7tN*Z+18lk?|;Vg4h}wp|Uizvvu! z|0%71H2=L^G=zUa`9G!giz(fHd;#I7)AKKd^@~1pU#@}hizvKO{doLO+H(+oErnOA zA5WMy3|zl1eutXBE7X5SCyxNp$NeymnCNdEiO{GGST^B+k%j!QcC$tCFg zzp*^(|KtF!^A5=liemt&TM)dp?q97Se66GC{KnJ(PSrxPLxLw)Lg((6ovT3S-wk<> z_!@lik~D-n$8Br3UXRXi%uk{MjP03HUzsF(2N~rzm z50U=Q1#qKYv-LknT_y!;|NefcrB?&E>L=uQnt$)yrSe1k1HM4|yAi-G_JjX&!g^5t zn-0YP-vI6~g{Sr3^`GM-ApJ#LLgVjt0Qcm)Tz%`o|CGSL!^3 zZ(bPnAAl!sWhC}rdTngCVu67L%eR!De{268we+5U{(tP&HHY}`666Q)bpO@->66n? z|9$r@>OX|f3X}UETK@|MmzfUf|Hq$D`?FB|>?hYhjsNy;!M6w>K*z6J`4Ru;0o>Ev zZ2qf`oU8!x4;hLy{33uGQ;m&(R(AOt2>@R_T zyc4pY#-ow^C4BKTogQ1?-G}(s&qDgk0p2+2AsGMbBLD5k0sic|XT>1?F`H2PbAT^D zt<*~hpHK+3zoh^6zq`2W41^zx;;XaAb;r{#~ncxFD5-{<^sC&H@%JgvV*cm9b+`t$KWV~U~n1Ndx-B>4~Q zY?=zm-|{=u|78QY5no9hiTpJGW$~B4fcmeQ9@#&Dr}-CLdH-{We-Fgp1>kA@_5GXs z0_o4^{P0H!NPkrWx#q$-;OL){{G@sHaNnc zmjA~Ezy1l?Z`@rZ^e2H_8%ll}Z@n8B0pW|>L;A}B{!&W19>Tv}fch^ukQ>`bRG&wG zbpNfYe98p%U$5H8e(Lz*Y5U=}3|;`~Z^M0LzW|=*-@S0$CW!wq#NP$rY5r%=&g}#7 z-&7F&QWeN8JtS{G?LWF~9*__Dj{>y+SbYNZKY*wCM?_R>3Gwfih4fcHkef>BpT=vO z&8iIHgWDl|1ONDwcg+1E{Qd%{|8sy3nqO}Wgg=AuT)P53^3(QvZ&s_Sko{E*$j!OJ zeC4P6U;Sp~2-N>R`DcO8Q2yA^7frb7f+Vgxa6=0NH(nFP?6HL=D|& zNdCxVWPdrp54vCZIHbRcg8l$JJ^s#*tXvfue;rW!xfcHAZ(MgjWN2+J29? zjB&_*3-MI`Fc#q*0G{r@?ME~6LH*Y%9QnV7+k)zPHmv^|D-h1 zU;9ArC(8fQ___;!{TAVU;(y)QD1OHVaz782ES|KV#v97?`3&N}9L?X<9sJ{46nU2f z@t=(HFLlRkZ4v&o{eBaqI|tgY(Ek8Fo1)Zz*Iw1W4e37~;avcpZvXkZ`==xMeeAbC z!gHOnxe@tk|B*S#IvesItAzX&z|;KuzqE8m{C(`VQG3*W2A^$SPmKrU6t!_hw_`GdQaGeYuT$Us!O1ahx7OFc&Lgs()ExIjW^p<*7U8+7!`|$)UdaK!P(dqv) z0b6Fe-dZnFYt@T?aZw@3c9SkBM4y(9ZX~K=gli}-Nv>+wJuW)lmSivwh__kv+BEU+ zc)ewa-V)5CW|}R8K%&8KvQdqE9yJbv9Lu$)485o|Y&y)aMIPls0;+&SFSM5F&xq zW-*vjLV2;lsd}x^mMXNiz4%vjs$Ms!yWW~^Hd*xp1RbK^#@nOS5hx%}Ydtd6W@1wl z?a9q+4AG*-*g_kIn$vBe0*}Z<;TJXdfmXArc@6PHs5#AG6D_AkKtM-*W<)kTG1I2E zhBnAX57K9bieEP*B!oL&1o9wdSZux$c+s#5zaVh&gBJl#{jsAFwNGy`X^r);-anp# zG>q#F(Had&TEP<3csL~*QUt3F@Ue*!Gr=D4kl!Wh9L%9 zrb;jqWVycgf`NNp6ch)PWZ8-%3b%qaB)cXKMB@D~6p%+jBj6(`c#Y~%UhKbQtxnGm z9~tc97>FJWW>t5+7CBvy=8+~XnP}ju+UUhU^p>vaHY@56PZx=<&C?gM@!!^NG` zB*e}Y250h694!AQ5@O8aT1mrG7lC<&mSSyOsh_7G^*mwxM5i-(pZZX!iV%V8f70zLJ}+|Bm_n1 zEm9hV(}4)yXs{x8gKi@mQ*|OAMh4{Vthc3_lbX|kI4snnPnW`Yn)nM6MWs*PVYIb! z2qRG{JFE#K$rItoU%?!qk!;Y~RB>Tpjbe=YG~}KT(DxQnGs+U_`xK3aO?_y1-}0uB zeV?Kc9@c=C!~2#ujqLj#8YV%@Ijqt`kG(5K`8u-2s4b)7U zM)oZ^4RYUy25KfvBm0(|2DwjY`1lPe`$Yyp9JVT6oa8_mH?|LP>LH7wRP;mP-a9E5 z{YfyNXf_)?HfBgmH>%Qw4iO@Ji1<-wM&Vv06>Ca1Bj+ppCQWOxrfQ8S)T1DcqCG;O zwxns(Rf%@pAib@hj1>v<3HWXb>U~S53e8NUC~s|@DJ4;e2IM=E^g1+T&51&eAxIO! z>rE(q*2me~A^Y=s!n4?>gl$&vMmXBY2y%OPZ~UNn4WXu>3qYKwTwi$-3_ z=Dp^5SQ4-1n8aB#kwW_96<-1rX?RUF{nCijq9L2alp|gI36VqkB$FdP(`3_Tc+tQb z@oI}z{0X5Uee$LeDA>J^PQ3^SnG~f{@m97@x#*8guF0iIORl_uOo4HyD#V{xADB2631O=m$f2UuP|w@({O-iAd2vK1ZWJ=~A^OK19f> zqEX(Aascutk%Z)tf|f&hTe2wGkZ_cQWjk|W-bQ|h^G%$cVoAuCaw3g$OypydOI%v< zWS7!s)Ep%uQgWAF-jSSg_GiJTO7{>EuUI9iS4>F}G`k%skoH0SPZ5uCjjykP_3wlo#b0TILuBGNDiL=yQBuli+c zi+PYBh|XxX>Z4P6(dvj6M)D}wM56%RGCSB{m*y2Iga}TJV)0h?C=Lh|CP@$xA@9b{ zNARYR!eodz6ya}~JBiclEnY;hL-LX&9sPikM7-rKNqoB2rf17S-S#I-_RmrA2BIR~ zrl{oDTMM<~?79+m*SXp#x+dBci8X6Isu+s}a+E`R`KC6YThR(Bu;9~$YKRbvBKTAt zn!@XiLfKL(PKqDfq9q9A5@0H6+6>8TtSE673SbSxlG8h;P9kz1@o<6|Wrdf1uJR+e`fqRGR$1P-*&6RD`@1)xTKU z6@m%+3DGY8DATTB2&i`EL#1(c704?6giygBy{K?8ADfq=;Uz7nkOF`(Bl{o7q+1L_ z(7Fd&=dtPkCo*VRFI;G#-txbaY5Z|yQq1){NozfideAL#T{t|a(s+?+>`SIG7bC@4 zPb~HPfmou*hW^L(XYnt(Ozo+oVlp1r>{*CKd1pT|!OEsJn1mJD%(O(a5vdp{z-JZ4 zEQJyj^u0?<5j;vjaUY_xzLbn%d`-j6U58NaHETqoQ)U z)khlPp0_mO%+`mDmozAMM7txzuJkOhOZT$LaBU?=L5*;{rW%uxj&fjO1rv=+&ytN5 zN`sZ?WGAq#Q5FSdu+n{!!uqEpENwt^r2CjouC^aB$R*4Gfk3U2f!;-ncFU-<2fAlY=owok;TM$sNcX(# zhitS`xPH-!7vA4hf_zQ(Up=r&cgTCcoCT%#-;m!aUbDBni9ebAx?rDzxpI|oYLmr% zWrY6EUrQADrxINae!m?@;eGf}-)}qFEEb|)eVv3P?=5xX^WXi^Po)@U^sYWtpzosO ze~tA+%TMDea$Fp~L9TyXAHAm_(m$`4^iyfFwEwMqQ)#CgdGDqBs`UQ8f;2(uvy=LK z>U90G0{sn%a{YhtOrr1jPI|ACJ5uV0oYJ3%`8?FOND=I3`#inazhkic2XOzo@p}uL zQ8}aU=^xzB@mWdh1o?^m@Y5vy{EDBeQKw1o71unG^y8q~@AHwepT+Cbzw)L}?DG_+ z&#jQ&yX1cMk@PX2%>$}@<4vE)e}~AwL!!$+&l!EXef{t4=_lA{eX4&?V*S(hPvdF* z6sB&Rdv++lK)*Oee^-C$hqV3Ec#0fHe}8rGyze0Td2JGsmY>Gc^xcut9dg}&r9yjA z|5*M5UrYA07C%?bkC)zys>vnU=UAE`^?4li`F_o@(**hBDE+t<^iSg{a-5p7&v6;M zG6eavDF4Gv!8>6o`i?DH=YJ5+nDGFpWEZEmoxefivEZmfseiQL;Ul7Jif?# zX`DE|`;(vkeog6mTZR73Pd$Iqn#hmeTSM{(8c&Jq>0fexP7U`zko@&F&{ky2~)tAtx^iSg{avaG^$o;d83T6rVnL*JvqUSp>`UNjB1&r$@aaIKHW z7ka!({P$h`ds-p?apC;u{Z~?ad5!Ip&VT&Tr@w#j@|8o-&k0KYWCi`uc)A(n`3rKL zaQkvEq@M=l`3v&=N5TrJfolBTc=uT;KcUV-VZ93G&Rv3jKKK>s-(k{wft@*|&tv(CA3qd#dV{z8 zCzeU_&#Ej*>c}h2kNAL`$xrAL{nuaoOnASdM?b_qwOBt~0g1jQhxFTH`N_5Q;lPf9 ze=Cmt^QMWC{7HEJ$gPmxTj|UpeIhqz!?oC#Fj}Bb`~&g-t#SV8v`cz%=a7C7CQPo8 zi#`+Hzvt0U2G;*=Y@d$el75_da;ATxm!_D{^tz1?d($6^^;3uFXQlLBK|Wv3=o7mk z*F{0w2MYB6j+EZtL+qyrvHuvHU*Yoy{MkQ|UybE2e1C;qpnnL*mz7xlukdqm{NIxQ zbQaH<{5+;h@M@)WzjsT08IP~(|4sf5VXh$%{SBDD z^Q9!eCWrLfV?~o|nJ~BT{`(StWBV+E^M|q|zTo$slk-P%+P|bfo4S)GK=JF3M$#|n z{NEpaV)x`~;s-_w@;mVSk@(NiB!9r?#yW9*`(x>Ul5+o7Q9o3CIetizpS+jY-QeT; zm+0r+&F9}j`iaEzQ~sGm*WD;*^od@`HLhMq;d~yS@!OHm$LDhL;W?upgazmE^PIN*#4X4OnyQ)KbF7RAl;t= z{o+wl{y_YX1<&v3`J+Gkq4l#cY0W5sz8jCP1e`xCCH`|G&OcjyocyF6qZbSj-rw%i zzbCN%$+?Hl9MUKKO7t_oS;wsc{aaXmqMx@||L$H={L-}kIQg;qxfxNh!uyv?WKr?a zj_0Q?Udj)hIiydOZ@G-PxmShy3H^S*QMiA3T;I?{=S+UO|Fh!9eGuvc^!pPJ;rcvX zKd13T59CVpPCjd_L)WLr_f>PcXWOAogD7-=>v7=YM;q{1^vWP`ia2u z)B30J6giGAkaa2kOPC-(hv^T&>zhM`{JePpr*19PWt>-}tGLMOL)7aAE?{M0MJ9Y@ z70xI2#K(l`lKv|a{b0XC>PvprbXZ^qXM%TwjU4JBRcuQ%oy3VsZ=mNvFo|QU(7; z<0*1n73#*$$*l|meFsHLHrQc07Ka?QwpK>tp`tlekE(?K0iM`O+T$^Af+`X)m7t z@;^%Q^M$1A$I}0M;&xemkI;V_g6Hq+CAyj%(pO{s)W_FX$vUzAgFkX=T%R05>Kjyj z%%A)`CPc15!F#U?`pHk}zvKx#zNq?=Kl+sWjS(zkjTLTDPw~5|aNC$)Bn9 zO@H)h`T6>5pFrdHHl|O`RpN1dz#n~LH{@FI$!6jFyb{GJ`#GXefAB}2$WN{h(q7x3 z@!OB|Z#l_7YjAzQAAP6PZ5+A&HS`m4eXTr}KLYQ6n2hU_j_T6>D`$(G*$>f6dCaHR zoRb#?`FTt~3;UlP*gwGi3n#C~vmC;JCzJQmY)A$lh_R44!X z3$mY{B!8ynU;gO33lPfEbwsgI&jtEwDt>)H@~ct)Nsq4y?qm8KE@~eA%2*K^CR5) zJ<$iq9pLys72R5z;*SUaX7~=`XP95s%!jWn(yc?JJpYLDWBj%V_|6w>e#B7${2V7P z|C0ayHEZY0mhEQ)r~iE_@dN*Pp6}5=oX8elzlyhhQ2qp!^(T7y5k(rLyiGr@SD+sl z|N7%s;(pN6iRY!Qe5LgvoPPdP(GUN54ky5NuAakrx^&MY%kSXUFI9v7*Tu~*v%5)n zKJN3x2uGrzj0;Z~E}r8jw|}U~>F1nE|LBj;udkeHICf3$ z9}98g>%9G$1P-o$^vACWf@3)@qP2T|rz-g8WYEtUmHtaBzbbsszfU6LW&PI#z6Ij9 zb1MGdAAcxt6QR64X@3`)-vIbSVE)1d`A@@GmOpes{?i|y*Z+m{;UcB~8z8^PjUWB- z`SUpjeRx`KUo$!TDUS8a^T!4mBTUyrj6 z*dy}`aqai9ihtlgj~pyL6KQZ@*|ooq$b19G&z8a7z~_JX&m$L05uRY#?{??jvVTVZ zKM?GHDda!-^`BgN0kNJkx91sq@=0{mb=kl1@qa57|K^YH0zQ^=E#)W4_HO|DuL1pg z8|a7(Ct&>#^pF1dg@BL6?ml;y%J$F4|JBewIsfC2ZvZfsW8b`z@84ax9mu~N^nY8$ z|7hi-{PT>VN8I(x+0P=l{=&JE&A+&sviLzOzX5!~vgZHE_b)9R1@iZR@p}QVPd>i& z$LIB5JK?x{{K)IS4DfmX*4o6`Tg#+2Xs*(~@SjI6mJRU0_#&*6kt z+<}#`^LxmA{`!dFDt!L)98M_39k^WP+6}q=^5eT+*uJ>MjviuHC zKQYMX`d|L@JfDxR_YP~ZLvCM%IQ|rDUtIs?k6(cM!VC8!9=P)l-1xM=N_@*rA9FN8 zu)vW-D2Mhv(@~DEjNqT!gMXd~^~=Xs{`dyqV%crzg*aJ1*nT%b{CP_y{^!CQpk)>O z`AwG&hRF5H$NzTe`WN}ZkH7fOvv+0v7qgzapBekVI4s*Ij$bgpvO?aPem^;5&X|^MekJeE$2}^j(}F>pzOSzU*fe|H*%z{~adoKn+`LoXj_J{KG1I z{_`A8Xa@(d+}UvaTvwhk>JT#Yn=kbEbJ|>ic^7he9du98v zfc-p!@%2owA7@U;FTwngKR$oH`_z-}^*;tqKMPgtpZ`4n1JHi4j5%*9A>E&=Hogzn z?=2lF{lJ!4*(75f_6~0NgCFyh*gqn_&DD^365q3I2>Gw4N%wE-m0iH=M>@fHUN67$ zuw@M?{*M(U`9I1oVE(7q{=no)*MypB*WKgaOm^7Rou@^2ZcK4UzKoDL(T5F$qU1?0a071CxKluutXnbw2#%gOu{S zR>F0bI_r1znyK>oF(3Zxu}Z#>%+`77)lb2~Uyq~sBbqAt&ZU9r|JJL?J1PDYu6_;I z1LIdcldC1g|Na>`aA;qKyMeW@>NzfiQ2Zqv-#HNWLD5;i->%&!uaEVq-w*mL^^f@n zz4be@#!4f_Z+S(jADkcetmEVS4!%UcgJruH)8+h$kNo}B_&W7dq2j#h6hCGyC;uRb zuXOUidG_}$ieL1&k}nQpd>4EV>Vq#)FIWzF{q!NlAHwMe`FiVjYSWb76u&=bKgc)S zW$TT2x$!m1jivM6EBX2wpZX2w^kWQAKiQu&2&MS5IQ<}BuYP8HlsS>&f6D0x`FizJ z`^;ha`VJrc^bNzINi z8 zZ=HBQN4;SAvh2KF6#pV8zpF2+SH1T6TYQ;<6#s{-O8Je&1Jh5rdAM%IoWV{6lAskLx(}@*57_zn$WnIle1E`4bb%eNFL4sqpc8ymjvV9QBT6v7c6v z@!=va{zR@`|2*$`I2k_=OT4biMW&vT@nxl>9Tf z_Jw>A{E)X#@P3Yd0n53+Y&b*lcXQ)wM`U33^W}S6>QnsoT>CQC4=g|6>e^%v#lOYb zr)wJx<`B-|_srPfNS1dccnYNpf|7*^E z9Ipb4KYMp6Qk>!s;q5;_{xm$p3)oY^&Giaepfm#*}jT%@;jQsbtF)FAr()Ni=}PaJ7jztUPCEA^7ZyFrUCc9 zp!Cz6li%5l$&aN%Xs;J2Hv8baFt^=>p@um4=uW#>Xl{)rQmd{^1P^#5>3z6%t;$Z#cJxS8no z)OzLb)jr}j#UERg<=;I1ANbDq**t^7=)GQ`-DBBga+_KdKRE}@$Nhl3kcy|s#nP1) zLE7hj&i(_PU+c6kjLa`(^7ivJvwyw%ADVM0onP9ntY70aHa^uG-@fj$Z#AX=_*qK6 zGlI?U>y^K2zc#HX{xps+Gzg48^=Q?fDE=C*eHk_d=6{-7zI0Lishs^dab3U(L>Tu1xXQk7tsjevESi^Pi{6B;2R?*&=L-=;SC@F~S#n!?GyleH_o?f3J8_hKpj4Db(VKgMl=>1Y1D3iAHO zKK3)?D!Y;f>sPoMSpR$ORIUmXzbV(h*jofPKb7PAyJY_!SyNfR&JN7~I|eg7dAS6| zQ}hd1R{74o|DKP23UKYqaDwr%R6xC6AQ#JHy^eoJ>8IVd%KinpddDxnFTT5(;uqz{ z7ml-m$$zBnSb2XKAN@pf{Uh?R^iql9De48wNheb_QT&c7eAoNzcPOA(&3Q_fK4=QXaK|YoWsMibRV!6A1 zTy0AJCY*kdt5-k8?tXNK;!i!H)W1-j)vMnA>qhDNdntaNmrB0<>%jW=%r@n%6n{Ba zzs>;p)AnB-PVs}TE9J-aV_14ssp2WtE0zzJFDOOv2Xp?%o*dZt+O_<`NQys>(~r1; z)vwsg$N%%=7yAg-@9M4J z>0LW+rT7_H`C+?UeYpR;;{=OCy{c646zdhsd$}ifrTE>ddg2GW48Z;8^{$UvQs?^* zDSn>rp89q3jj;c`@tMB$)kQPo$@#|}S@{h&-vNBR>#xT3co0v?|9)2f(9OsF;r06G zanB7!DE_mo{FR&Ug8kcZKX*apf%S^z$c4tgDgMt{?bpo@bp7ft7p7gM_#3kFGYY=p zIE$lI#OJsF6haLDk>mGPoc>XMz2obrf9{`1$^TJS|H$Nr`!nk8U)FT_uQkPg{Hw?Q z-Ky}^FXSP#>SxQ;_45ASKK|#Y6eZuYZn!_o(`e=AeEobp#ecx{UmiZJv(U;fH8LmZ zKTmRe++Q8zP_6vMb1Sc<2OCeBl7)qm{Kg$l-$@M>dz<+w|KS24P1pWFyO8y@>{X1-MeTUBZ z!3sIn&7=4|mn!w+Y|i=>dv1OC&kW}&3&lTJ+cW-ks~Y*Z54TqRueP=)#}{2H(R|#8 zTPr{Nzzzo}`D;|8`K|)29<=g*vPGAm_+wP$cfmMYEC1L}SIiWDiyFU(KKWh43g@Eu z>$&!Y^^1N^tNizOY#l=JdvpE``Fj0Bx6olNDE|AYwEY_^vFiY|%D-h=(KQr*1h@VN zs;uieFKMuXld@@r@e4QvB54l=FkAALnhB zC)TR}c@?Y7qWJk9(fV=Z(-;3IXOUpce#CvH(ue!cmVR<}pZpyVG6_RoHWv{wW8 zXT9yK;``D{8NzX}>VN9xiM&qnw{iIaygpqo|HO-& z>2>L<)X=usfXNS(~zaH!zL#`iK3-yb9^u@O` z7jF24(oeS=jO>yBX<+g%7*OgbirO$dFytDgNTJ%JH4OWnk;~N;=Ds z>zA%``8^z0==El;TlC7G_jH%$l>EK9 z_yPHNKX|S7KYCWk6pG)A8=oTI*h}C1-DiuU!YKal9N*A7u=Saz&ow6V51Y97(>{{z zf2CLdyI1cTM9KeK*7^arsznpK&#hkm$x_4bQT%G0e-PTh`VgJ@tBDI|kn`i2oPTx( zsQ<7v4?9!xkKz2Y;Z$Jtd#LV@v;Q}%y{YrnYeN3Z;CuMTQJ@q_-StY7;-f%&&B z5%bCTzwCM?U+fmx^#wggB@LkDfA^+R|Co2vtDkC>*KVWur5`Kh7tXML3$LTn+P?aS zILP=R?`uwe;OmutQtOo3nkyshplVWD}T0+7yL}|^H${e zzXW!D){_Lj$}1V$bvgWd0$E%MUw_1$O<# zjn32Ul>BWu|6`12@rhph>0oF`t`EP?#XrUqfyuwAjYy8~`X6BS!~P3`p(Df(un&sX z_Iu~MJ|UET#&Y>jM=$2z^y+6`Vx7el|Jhol{kx(9+aD?9*~beg{>Fz&{fN@e__9Yb zR@OIu|Gv&pQvap%v+*73ANfKLee*9nZ-?}wxXMJe@U+Insh_i{|36h;(#Bsy+_IaYAm}` z1nS4|VPN@(zhZCyPF%^s|DGuRwmRXRZEiVf2}o z6#oR5-$428`}NI_&vc#snBxDTqJQUEefHDq)`3$L-wgBb*nb5ozvY+gWdF5@o4-cB zUimlteVZJ=T>MM9KEYU(`3L(Eefh(E4KH7#^b<0N^Pg}Zd%gDA_^Sa0DgGfYzwH3N zqYR5vwA$y=#?=o~{Ht95j(q2IHjdZI&pl=SQ;NTB1gD>Y5TEGGZ}e>VUL%VC(IlF$ zH-7%M?`?Aa$i(Hx4EX}fe~!r8%Sg$;18&&i>ED5`SN?+YQz}sWJY4^R^6PD1!}51s zMe&E9XYI@5A3%O_kG}Z-=U&;#{k=b_qm2Ipl|Rq1OA(a(myRp#2m4*U?f1sh&j(X{ zp@-7{AYZTkC$C&i#7w89!X)?Q?oy`~Mty(C-gQKlx86^=|;aUi<&O zmMd8 zQ`)DaEaV4t_FqH7*OToxFN}}S|07?o{pY&B@)@Q7;aq;z72x>g=TYU!{97}we?h)| zfWGU~5B)QUoWBb_ru3i4*BhTi*Um=v@83ZGg8D~3`cakU>vR2Gfm_YU`IkHel;b<( zqaV`Be^4NZTz}Oa{68i6D-YvlOoyo&zqfbzd#&<5bzlmP` z-(1^vC&jODlJjrC*E>EnuW3rI-_DFy_FvfV>Xl#Y(TN;i^yA_OXVr79(V+i#WjgM6b-{(g&#y#C^s5M}<{!>^%l{P^a_=TVgW^SJfl$j9qwwfcuI z2dy1L@&C&~%dfY6jeWK_gW~_CrXQW_KS$*)LynJPx%pYtkKXk^BMbBud-yQVthIi3{dQ(GrT-9aegXL+=IK?w0LOJ$&Yp88mEu3+^0&y> z8$b70{ChgZPlEYJ^l!*_Kpsv-e4qGs=+gO}DE@5j`Yhz@jnA)cyGgDO*~85bB42NO z{vxR0XO#S_C({1SzDHmF{Ap%*Z;F4En}0<4^~UE{a@`^0^BLUw4dmlEQfvM8s@##x z-xlWbW60MV|7VZ9+l$gqyGUC9IL^>2|NBQ5lH=3=RP4tSr>lGcwp%Q(+$==)@3*-5 zBh-)H`19R2vE=&X7b^Cncl`3%n)T%PvC>Xj|9a!k&7aOB+3x7SJUU8`#ee~`8m1u8_3ri z|F8LbaW+anqgCQ7`y;jvNNfFm)$~O!ieH(#z7plvd;RkE_ckn}_!U+3gZCNJD*y3p zi^%<}U#Y~;cpojT{NlmS$o&WULHm`woLy$2esG^Wt^7t$uji%ovl!}^dC@Gs>zcmt z*WH>mo>2TL(7t%SUjKP<^TaPHeu129{KE55Pg?cU{swb3NjXHx|A&hF_&r+f=jS0oWc+iKyS^B?diRfNGIt?q{|&kPqzmoG$oBEoDu4At zHAw%knTyXoe3L%@?r#q^p!EN@8b3xKKli%S-4wqmH~)+B3$gn6i7R)L^Y7cZ{vG*x z_ou2o^LB1Z{s`{+9pvlXe=_I9?$s!MYZX53gRa$n3akhUrTCpV|AX@D^*@)dd>>Bn zFLUh|`Fj0N(wh4tDgHARK7Nl@{cN@VGK%7lhxi%$FAw*UzV%UUA`eca_yalp2YUbI z65Zc5Q~VSzzQVk=-ug`+IL!@K&%7cTMsT}uAl z-1rpvdgGtCLBIV>@z-(rG2~;Z)jkt9e2|0UcZU2w+9z_c)XL9nQiO~j&T;mST-R%T z`SZioYxkq%Z@{g8#&NG+`+Skuh@8JGzekxrHKm{&8IX-2Q1`*9T=z>`1n+ zIo$l0{UlrWtap6cWN)r|l>A?F`;XziV4}|b6V{K*MaG8%xcso=E*rP&jZcC?o009e z(mueGcni<&2E;FW9f^UEeaUN))+%uRgav z9QpQiefC+tezo5y`3sKZ`d`@BUhn-KM*UjgJBn}S{4>h$fcvPZRIktclws2TaTLEU zA3uQndfV48kL&HD`0uIdN9X#Jwts(Gk>U^J+Ar!y@BMN5)jBea;&12j!^qdWzNOZ0 zC09`VYkd9+?MLVSRI~1MTu1SfRN9v@4~yfp+E4J0dCB=}lS=y%uIS63=QXb(um26Y zN&5%A>o*QM|2#tJ$I9hrJoT$HKIu@e6Pe!|p=O_x^zA>8Hmp1;{~azqLHRMx(ptZ{ z##|-mua9!`*U0zu11evD{R)=%9?c~CulMHD{?qe48u7V@y zFZp%yyHsp9lajycSmpIcs2`!HzU#ZkcUU7*{HZX$;N|yxk6bCl1ML#aAMDl0_&Kgz zKKG|FKCw4savSF8%MagJ7)y??Yya?$f-g1#{%n2xQU?p4rSwx6>>uSfK8O5+&ig;! z>zM62#ee^`vi;(`zTWuZ+0zn7DgF`8e)n2!4p+6|UH zzw1Pf@2XT}mg&)deYpNn=lzdH_y6)HrJoyI{EzZusa5{j$J4t|{Py7AeB{@;f6=DC z8-JkqE4cgs-ZxaQ{VZwyeSeBSijSW`ZoT#syZK5Pil4;k2j$nR{|&=GT~G1naq{E3 z7QOky9arq+{`OON`Qg4z&KCOo&#ByJ$o1O|`S>6Bdi8(khS-eK&vwp!a9&^U`us|{ z9+sr|T{!uXuUG!BUhFwc@f&gR5Aw0p+J668z2--XU!tz^`gi0S7wTJIbo8q|``VO#gDox?RmH>yWrZ(=Iwqf%>0pF{`{bE z#VCH;4ncz5i@&jQVEj$DcXpxpV=rYB4A-&?&OGeC3klf*hcsc~7(pd_P|z7t8PSI+s%X zI@1~7P=eL3<78m`&JE+AQ+(kHlgxRB$uIsL82?I+awNYH@P%`XZw!#1es+Sq{?n*ShfNfJ1MtNPO#k9Pf$69EgP2nkKR48`eF?LFV}ShL|FvvS@$X({ z^=r5Y_8B05S?}kcQv4$2nf@JNFs~UPziWr^s}z3?_)Fmq*ypLh^xysOO>HQC&1%da z7=UjKkY9Y(=1CNP@@mjeRj{AafyrMg>3{P6CqDN75%BHpVPEevf${e*i7f0lv@;;!{0haR#!&qHyBJ^G#>S(@i-GB9(#@VHDgIxe ze?x1=bp*)&c~b0XivJ$?ALlYymlGhrZBZlXAFSz2Kf-p<&!xchv%{E6&OiIu|C!Gi z-`N)Q6CnTbw-4m;uMht|@P!VH?+TDVG`jL^ioX}^({Y9AU;H;f{fyZu$LBus7eW6V z#kj@*`IS!RuSM~Tga0vf2mJ@g?|-=1C5qoH59?oC6`21KF9)WdH7RYMQhaGt?C#*5 z13^Cl@+*Ji7*6qzu44A-xWw|Rjw^x5e|qeD^7=!c`V9vCIL@>AI#+=FefpMdgrhWO!HVESKEvHSI+x{zDwUe+K>6jllF@@rsL#|6hZC3@aGl7$AS} z>dNx`rjLFGLHja{VsbkIZLpo6Wc2K{L)ok9~7$AS|jgv1Zet+N_*R%1F_#iO(KY4JZ zGR5Bw{@H0|{?id4|MHG)qbPpyUJzepf_@$bCV!QRSH@EOAm9sD7+(j-pR}VLncrhs z87aq|0sO~-$)E4sWHP?>wBOgzKRyYJzrFAmXDR)JV}4^T=s!UI!AoNXQT%Vfe#9+| z?+TEg{oz&l`WheqUmNV-1$^;oVEXC0e(hz7-wRi9U4-}{Kz@szpTDN~r$9f3LriX0 zfc%}e56Sb(KKf}1_3J#s#_!@YefnYEQ4qdLo8!oqBZr57Z6(Y9k6X{)A$DT(y)KP> zCxACVS$N5&1aJ8VPG$UgrP%n+ahJ*Mc&<%;o?mXq7dt6_2gqN!z%RH0A3t?HDgPvFU-g*$;>*C~ZycPj z93}rOupeA+ZVZqgmG@Oyia&og(+{rK5MODNpU+=fpKi*REhxxSzi9u1+X5f<+cs+C z8`#GLEZd#3k^ZOKA8h|sM;g<=D?t8+E^W4X>j&rWLZN>Ytx&(Owdn`t#&X%q;g2Z( zN@!oAjqx2C`F4Rluq-j(dCi-DXbSTW+kx+B0r8K(zK5?rz8ZN)Akmp_~)Vja!g|Jtud!I zzR2`wW(~07L2=*hi zVEPwx2PXg8^_Tln{1A}e34EhQz8&fp%j4rx`grrP{Vs<3HJo7W%cYSo0w0T|-Rk~G z*{2cg(*gPy^JvqL6Tlds{8zQ3V*U&J_nbCXzsAYXzBKX;C^(dJ|ND2nw|=mH`4ajs z<1i+-F|RiHk&mS?**wdekM?;vi8U1QTgDah1;)=<=_Kc0l41VB@g2yokuQQ?uxN8* z#SE%`zXkg-US#Xejrq07ZwD}zUEaSXU*F{M4``o#!Tudl(0(=Y4Zz2;nC)|NexdRV zu%9R3|26VaZY;0o%OkI^^O3(T_y=Pp*f*g-VES2+FXLZ|FXH-^5XN@|$lti4rXqif z`u`O5V`TeHiUk9cKe68qGJg0J=1+~SVf-5)e^N$p`xp+cW(;0^~oqyvVnIIv^7HQdQjy>Gv|n7GfcnwMH$eQ>0Llrb9*XsEMu^|0LjU60!{RqbDQ)`U z`AuFmRpf_}{|(N+AA$I=v^GBaWi0=670XM zHomCD3vcXcDOCK>4)kOE2*xiO`TY29&CyN0sqxnjAiwV}1ts zE{%MCeRSH6y|1!m%jWUVsQ0c8$kb9&W!u^ws-wv{P{2BCmoL=zS77? zyMGGbv&S@2k>BVF_W#Zw5MQ-|_@}%^`Ps(=1C*1ZOUe5ic=U4v_=Uj!g$`h!qBg!A zLF&ryo?SLi>DnBVBd^dp7@#-F=+E$M%{fPXXQfc6_8|Kz&1#k}={@(;%RkHE%v z4vl>D&saWiTvz1(KLG##8R{np#*Z5LBIqBB8HID?p!|aY$B#Fd{fqBv)4u`1P+tG1 zk-|S?`+6VZL*XX0FO7UVaIw7j{ms89{Wrnml%ZZlgv%>IKV$ke(MP`HN+;0K<_N`d^KF0}2l1kCz))^5$dx zZi4v>C)BU_zBc`!-@$VIuW$Bw^Xq=b`uFyoAwYutFdQ2Bs241+S>93jPi()}VEwtP zFpOU`^0D1w8M(UMXWsH-`|S??(@_`Jhg8<4ACw!*-%GYp%>SbNi5Q>sh5kh&-zl&M z=6`-Z^;J)A`7!?!`Z4JLSC;>AY2=H*$6|fnIW;Kz{{ZEO`}r8FXwwfLpV&&BTT8_c zE5JWE?l7)HBcJboPscVa;jN$A&_6y0|7`!5^^dMlZSvcp-^Fr=rPMp#{25^Xy`X=0 z_JjC5OdFrqe`2Nn2Pyp@@ytImt_bsZyneABv9!YzEI)m{B-LAfw9imzzj)thV}Sg6 zo2p)?_`ztOaKA@~PX18%9oE~qwVyRTSPYR1DXqe_nq}-b`Oj*=Lcj z8DBI)e4>$$ddD*7vqcf!@}vGMk7ex_?|0Y{H}RwBX2&& z|Cx)J{#_+l{kk;rdHZQv?aHT={p`T}(tV~EM}#*0pnt>i_Nd1$Z~4Cj|F#DFv$G(q zAJ)j{qG34*7k-|A?m`z6y|^_k)fK|Brmb zL#AoRImQ=j2PXgZVh6@k`f0xv`j_+IKLg|+O8!%ke@6N9K>T2T1o{t0UqF6ID9iW`jeI-UKbBVx7Er7& z!uHz^+Ar=a?W(I!e)t-p#ko|4e$c;JFn@Iq{6DP2^6MWE3}v&>e@x!`LB1LE??irm zZSsp8f8DDqnUw!OgzFEJA-}4T&;P#6=8v9H{&^qHPr<&}jsW@XzA0Cp;=d32cj3O< z8u@&Fb#BtN`BZ+jDew&spne-@)4u`qkL9kdPs(`LFZzeA5T84$u>6lvBOl`)%&#`A z*G7@Q?F;=&UC5t{Q(%0jk&kl2&k%0aDyLX~i1zsrv@a3vN9Sm$Q9qD2stRSd3hN(u z>*o~Y52t|s1-KueOC#S7f@7J{_=L@ykNzPU>F2>IbAV2?s zHohIWSavhcQN*`6e`^fZw;Iqtx}Gz+jj*pJ@4t|Pr5&E& z`0<@`Zxrzrjvr@dus7m+KMt{nGE<^nwzoj<5$jNW)|Kc!JziWUm;=WEA`38>P z`rN1vlzz4W-w1q%Mm}HvQ%Wt_Le=jK9Dm`yQ5yNY{C^yrrpSL{{cgbZ)xZ~9Y12RQ zu{>5~Y!7e!c=|7}AMp+2x-{~6`{v_kyZTATblKWNPL+7$m^;5&hD z43Hl@tbcxrzXakRF&*MtjeOpIT%#5?r|hQ*%ug9n{~Gz||1o~3T6acg@A~EEXI)#E ze|EIdrhl{>0Um}LBNg+HXrDE4{QHvmH)C6E{8GS0Jz0AFFrV6AYh1Bxg0n#m!2$L^ z9r7u>eW09J^8Ad2A3UM>CndhnC69-{Tq7Ul#&T_&?#&A3&RtJzI^10~xIbH1C`%-u z|G$!pN$8QkZCHFpYHZbXn>8slAzXC72oIzxEPa` zmK-Xy4U-rdu{Lpp*hb8dK5wyE8;cR93|pEl#WJuyLt8UaBTTV2iRN{#f#^9bj#2@| ziea|o^oZCbOQP8tosncS_vjQIS-Y`l9%|`qN|&UKHpg1cHnDGi`O6!Kqq662J=A7S zjWe5@TC8cdw3v+eMj=xEutkW!^Jq0&6J*&VU0CM zbT^yg;O*gJn9qrHOIm8WIaHNoG1(F$qNIOPwZ{)hk4-eEm?E0nBs+=8u$iTAN-`xx zw37a%rls4GV$N`6h`cy(8THj@sx~;Gma#QX_eJx&I@nj((Y1nWb7t z_W5n^aS54v?tBL)7eEv)?*fd_3quN#T*O{uBoD#-ChSpXeI%u@o9nEIgx~7442~DHfjLSV<|C8HOaJ?h&Xd>S4(3tZE$=ti`E;9iRNUB*($=>cI?%t?0G!jVaRHcEG({< z70pUPr8!mZJF(mG9Po-~-^Qx1lO=TY^3I8-^u(mtG^@qiCnsklB&Al5w@Oj_kTmO{ zEU%2wX^r?HLs^`vfCc92-Jaj=2!xKz>%hPw97h;ZtxHZ!3`-xDE_D*g5z%R}gG_O8 z*7j1%sl&!f@D}&`z*PhQtEUFb9^72|K51aklCMdxu3r{OdJE@U@o1KFRfl=?+4wQ{ z_jy7RJn9W&{lBkdwX^Jk_4T}Dc+?vPzWZ%IGlh+hxSxqf6|nRKiz#-H56r7ON?~u| zVQ|zN*2Qd-jnN0@RRNMY$Zz3bc+?vfWlb6^MaOT0S=d`R7#`IE^Quk!n6ftUs5eaR z@RMSFCG*l*I(rKz86MRJ^9-i(V@k>Jr~;Oel47zBdz;SE*;{zY;HWpOhcsf5;zl2s zSNtoFTBNsdFg%(C6FTYjXEUq=ZaWv*1eIhBZ!6y!ZF*G1fVISN{h32h}h!#@HDXT*#PU)h_;j0Rbo$^b= zL`G+6Oe6m`FPiTue>60N2wxg;${#H&rfQR%W>Oi$drko@d$5#EOG}MQZ{;>7ck0YH zYENhH;o1To&1wtTgFiG|yG(`&Sd0glE!p$ZX`nP zd0R^3t;S+(hSe$!-FjHXtl!WwImvwpev>q;qjBDWq&d|cNXm!Wr^Y2&W%ke? z(&wILD%GQE%8llQiwbYnUYT{H&Y=TP<)H_X3`I&OWmvs3i&AB<46N5Ve>~5R^ZE?> zb?O|)W18|i)9^ucIaeX3ORX$fN`@yTB-*3|NP0%H6mqi(hc0B(fYG}=W|w9RsG)pg z(H8%qDOvjO4(}tR=NV>sx&Ym6>nxv#w&$5HNC5}Wc`47~EXR^PcN8f1Z9J?1j^{a? z#lx8;R^q%59<5`TGD({M$%XSjI6oG8B}j103>NIteKO>G@Zr2qtn|dyIj0b{q?X`H zsD&6$iSNVj>C|?1h%|pys!%iK{E}g=G`}=Uop1P}mS9Nqn7jk_;@wY6M>UV)U-}OzT z;Oywj=k-5iv}q`%pM8y_U%Dt*m@tdBpQ9(L3xI2L z#iP{)d$fQ4-W`rL65pr&ZhI0WIF|+s_ukO*7wTVFFn0D_*5UabY*#tYOJV8EszbbqZC$QL~R$0e!c z4LqVQ`^t~{$8z!qWpYXD3u>bvIKTZ{SF~id5D@nP#QUeI-KPz?SYGZ}tv1DPeH<3z z3yhD~QSc?og(Y&ad~|5Le18BR`G2Xdlpndc9!#tJ-9q>MO7X9A`a!-E?&FKEQEn_z zZY*a!{#d@g+(-V-WtH+f9N(`OAKsFRzdGkv}v_$w$3= z%0cY+pkA;{v;3RqfIUjyG5f;FreZo2($4hgUKj0GcRM}ubk@GaW4+LML-myfzV;Oa5 zS`x)y%JB_L*mcN!iCip^>nW|{*HHX39N%>Y?$6AX$i>pbg#(}dP*vXF%cp+J{;SlF zaE|ePN(4j6^UtpwSc>AWxTxeinlk2>xyXH<^DkK8EXAuCdae{G~6o+)eQhAn`Qg`&%hwnB$iL$qW&IjkGd^B#s8v6=QyQM9_=`b)v`6!%ln81D}TKTTeg312zI@k~L@jglRzOWylM*a6FdMhs_|EmX_ ze(*j_ec65vTIC;k=N>c4cQi$8M@_&9*`xV8%WY4M8|7GxRFIcIS zKj*$tzJAe1{xAMi>Id&j&X@lD&*;jZd`$8045RrNKjZiKaILq1> z-v8Wim#xe8$IpMRN)t-{KgTQOM=oFbH|xy^*eHRW-=vz8P0zqmoNRv zAKI(hNQ$3lsZ#%96}XQVXQ%%7kJ9djQT#){D*5)W+5Y-^`^N(v`;z{@*)b*G86bb+ z>~fnZ`G4c=N8G^LFZu^8{plyE^7V%lKMDLZ_AiD_Oh2CMeKd}*4aIhlEJ;J@LPrFT(yGdi%$if9`+^0lq z|1zQCA$k9AAOCP-7PBAp&$$1G-uUX+$2Up;b{N_(`xSzK`&*#iwaP#0Kxjuw{)1fn zkNG{!4`}6=3(g?p!zU_y%nxYgPZ*nUm6AW?oKpWNKjsOv@;BBxR)FGnR^elQKr7!q zrjEQnrH}n|RM8LS2ek4xj$A;t-@z(;%nxYgzq_u=ElU0sDtycjXyxzT(1#o!J?GjN z)-U$ESh^dx*FQdf*mkYif0X=T4^`|3_EFU;|F5gBe?swv@-!d)zE*xln`83z%|7;X zl+O>qxE=L`rI%{lPkH^Uyz=dFivPL>lOOvReW&h&g7l-}UG>-3fv_5-=;@?xL zU$h?)?pNhc{*yT)icX~{r~h~XSP%P39vy6#-GmSuun1gHTy`GXYyzN)p~B8P4Vxa@WkhC1oH8I7FzlF z9=##$r@%FuZw!Mxt48^oxBsI%CI6zyEWgC-$6iez|KXXT^C`Z049$0h>*Hr{o~HrD z@1mj~=Ocamb$7?g`yc!Cj|*Y`i`S3%L?6G`?xOPj4Se|9#?$(7R@cYhH9eDzf1axF z?N9ab4_`k%iIV?s75%tES)N0y{TKUT>LQBYXacPtSA;(KM_nydlHwQ5#o`mbe(`=5 zn*GlwxfW3TYmh(Z`S!eQUPr5bvR%wIl;UrC#5Ppm`7WLOiaWj_$6vRXspvnyKKcK* z@2fkM{9n9gkv5Ls(SJGx*1rfrP;w5MkI%aS@kKRD@4ZyW)W5PiYqaEyZ5}`$zKnF#y-Dkzd>J89BfIQceHJ&8|)UTC=Ci_c!zLZ(E5g;S_)B_cY%CT)Rg8$tKOn z{O6%{G~bEbU~TdbI5nG`|820I<{N-(*T|p#a3?vx(0mkaKSCa`PbmG>Z_VKu^8SlH z^&9aQiw|*pivCluF}~+D_XWKFoE6&l1ByTNPnz%4$^WZ)NpgM8SZ@4?^6Jgsel%uR z0ww><=XCuF8(G|MzsJ^FaO&~#52fD;miOoO(f`bebp1Mxu>6Mofj0h=Av+gS{IYhM zFaE*!!Xs_`t%;ZNQ~YKw7C-R*!2$PMv}@#7KD&~P|9`)$!jFP=EswRyKlVV&f|UG= zw$uJ!{1f!Ak-u->g~1fR`(s*uF^tW>8#K1xRcTibQT(lA==ybbWBPGwz)$iYo@64}_U-H3OvVSapf!4qAEL%roD4>lWzW5%QUrkWqyUsDbQzQT6$-$(4 z8cd??Q~U??Ur?L;?G8NMNa;WOeOf;b;5#+)cg6o_rue~QY55JC+4>(tA#L)nE>q|x z#h>s68z1rh)93>IYvh+nNFwJKHmcPxv@fBkHu?W|b>e%J{4Z4a;ufYKr$&C6cH=8h z{4-N&{R@%cKZ|LT|GN@3mr(q%YX0FAv|o+<)0Z!jx{?q;~%RdMuw8?+kl0dG1 z`&T7?aIRx~r$+v#$M$DZ`pKr^--PcVe^OGL{5$)l6sGtID*7>OV0=R()!>+NEYSi{U58`&ZD$ZxT6(7}9{ zC-Chd+T{QC$d^qi`P*No?Z^HL=>J`9{Cz9l8$|KjaP#jtzQ+53;yByi_;+P^BXWK3 z`!|&Hv&h#w|Jx?+H5s2|ufrlMKEHu{t@-nOGZ)^Y^plyN=HvV_{vLn&acqBMr}(3f zDCh4C1KIUcde_(OeKJJe|K7(x#7=Z%x$K0pOo{G)aLV)dKmE`o;Bv z{^~cXc%d1T{_mxF_-=%;7wZ?1kEK8U{y(pi`5#LUrTvKASiPeCYpvh3u%?wM`L`}- z@}vIoKJmD2Kr8=$!KqUze)XF)U+?_dfQr|@qxhRcl=g#M5$+SORenq2%@q`1{8lMH z-lyENenX>uE{Yhmh2pQ7&Dt;eH$xP(uV7|J&d%D_ccpIIo1Nm%iof+ArG4UkzU>28e#r&<;rp}yE{9!zQ+ylDU!#7o-|{KBFW~drRVHq2N%2e8 z;_Rmn(~mu#^}Aa2BiJj=r1;lfDeVXELyYZLYyX@1Z}STj|Bu5;{Tn8-_4A%`l(zVx z$+h>truaj+_<`qY)z6_%c9YjnZ9mWC_tY=kN7i{3?suuNeKkB#L8RoLcbU^qG;2@B zs_cG4TID}dVbv9ipL~kuI|l0Of1h8-v{8IvqOyO-``~)+=c{r3RhM#ezM}XAuB*sj z7WAZ%KdNiN2NZwga?Zbj{_%db_ofmS=5EYMihsBoYrkke_66WKb=ptj*>nF< z{LWneg7?AI+duv~Cy1PX`4{3V?0-G$KH)x;TJ1Ae@hfD0DR_j^{~+I}lmG1Ai~*E> z-if67cpoXP@(-`^581!utU&Yi>VMj$bEN!({$l&9_~>6}d^@()ALR8B<5l<$;A4IG zvwv~dZF2o;TZlh-`CUczUEjT4_+K5Wet%s`>)%*epMOhyJ)B%0Qv5f@$M%c*z|v7( z+x{m7j&CLN!%ye2`c>m=?SG3`$t2rv$#rk%YqkF|Df?Da`cH-UQ%!zDM{V)pcV)(s z^Dnzbyj^~*2Y>e2yXuU|l>8sGczgZgbzuJZ2SPrQ@89S%{$03}<~!%G{E1fmf7s^2 z9E#uY2CW|)*J>G;!6Sj(d1`h=G+nf&M<9Gu_LDu0D{ z2i&6c6V2%d`B-XgU!xZFA^lIuS4#aOmoNS4XZts;$m?I`apOA|=*KVs@+cbPpXr7Y zNu?&+}Z~V6D?w;Hff4)(ve-B@0 z{PyO@TyYft)ohxN-=o!krY|^Fo8o^D@?-rXSFe5+{Mv}j5B$yP$5jsWuTwvpADT~7 z^6%j6ANh`0eeq%NyO%Cf{AZkgkgr!iBfDO1OYsx9_!Id?xF5aN`n7Z&ZJ_w8&MWQ5 zb02QphfiaEV?p&Tr2nrtQpv}7O4M1uafTwNDETi$ddAmww~xVni{L)c_(MkH`*p4SLfyY|QvB0%Xuka?mcP|%|NZ*aGEw|dCYo=!%knf@`77_< zBG(TbT1WG7UPmjxVX*~oDEagBp!s_JPx|T!jVXR*7tI%Q>dU_+ADP{s;_u+DfArYr zbeMW}hf4Jv^8Ph5LPcVOn@tcQVPM>~`j%Y*X=cQG}Zr8>0 z_4?1HySvn<so1C9`PqlH z_l%_Ywpz4)@ONnSZySeKJ3#Sg10VYrRqdSHn>`K8pR(8_QUI6%&we=_a}ehcb|~+ zFVd#&?vMKLA^y?2KZC16wLX;mC%OC;>c`_BUTT|Pi}~z=mEzxm{I;t6&9vn|Yc*N@ z8O7hAV*mI%u=J<@vS)6S{KLR!QKGcxKkO@wrB?gdyzKU3O8yUDvFmrxKRaiG-+y1< z_~P1=oaFpe%8&23e>(ET+OTeHmcIVw$QPS$Q}Q4EgY8|9d}np$mkszkH1@wAl;3rj z;uo2u^q<0JHh+!!$I@T@)_GL)7{$K=^IvG6#`;Wtw12Jn`LEs?HG<;5I>6>1(SCTo zxJ8@&_iFcw>|aX1>lweeRp8nNaXFM)^XK^vL? z+6kI(pQbPWZ~Ju`nSZ;<^)Dztme^1FYhT6w_$P$YkEtRpKk~KK@2r=H?G(RGOQn4} zFz=u2^XzO*Xn2mPlHUt@g!>99&RO8(IQarOiAMf~^plmF!Bv&sC@1X#a^^5edl zSgP4S^XggOdiu}v+o}7%yt`3~8NLb@B0iA6A?yB7c>fniN?F0#zibu=o-wP)I{d#H zJ98Bb3d&uTyT8oCia~;Nb+Ax8B0I^CDqKP^7Albif@ipX3{Qky&(@2&zl`OYv}fkm z!9qtBe$DMAghHEq`MiFLMf@^=($CNi*#wuwZ(o^~Ul?9dD3n$a#q^XsKQ&_XB8uPR zNH#%Sqt4&(X+`0v%|E~16^$9i@CU7@@%^S*z6iE#xcQ~a12lKkJP^P^su z6U4{<`A3@BA5;9*lK!1<TcZ)&|aNHA;(7R)>4)|=IS@&0Zz zyR{YUtJ}r1%TolO);d zD?j=lXS23~E7O>Q;@_+5CAKw2LS<~-p%KxvD;uELD9~q|Xzfk{z zqm8h^;-5cs(vI^K|I2&Q{pofD3-uQ%`9Dj;Vn^4U!qHv|=al`w zS6RA$UxR!?QYY5Kqh8k(m#&qln$vTSG!E~%j~eQ!#SbqQQu-HeN}t>vEX?El1GX>M ztIk59E1h|~!29Pv9on1BP`Yw38$Lx216RM_)d#|9(r`@1gpaTGIU`?Z<srF^KE5)}bgN2O!^!*K8)&_#HZ+*Y~ty5in6XG!Vq0{`r+VUp-Cnr?i*+!&~@K=?#QJ!~FA4JUj6r#UCxnFZ`n} zzeUoIrGT&f@cQqQ`14MRKU3lx-@+Fq{TK`S=f@`PB>m@il75_T;R}-dM+f-w(a&Pp zaCjbhf16@<7{46-GER!71mW5tL2wq!YK=$l(DyUp4G8TXkGEVA(OGI=!F>CgCEp+R zl+=GsQ^s%T-!?4CC0H_YA;wek`p=nAw5O#1?ELtv)bEn~XM%-BQi$UnA0pq?tguk1 zWkC-YpYZ&%zbtM{)$gVcB>!_(oqyC&STKaD-`^9zPn=U*zJIHaep(EXEq4@c8N%ns+SZJl9e>M5DEROx6lz)CJ zN%gzw{3e~NKd}qacn$Qzfp4hOz`FS-!&wc;L1~1 zu>a$qzv*0%gW@mxLW-}h_{xv=c{g`m!TGl@pO61vkG*1|;{SaT-}M%Lp`vw#nnE3K zRk)v{UqCwwDjPF~>c5WNmHhLKU||l|zo7o34o35qT#{1KxUXQTMr!X*2-87x>O z5xwmn`C`Lx!Fbj8{?R`C*n4J*pRq-%-?#7`5?{RL%SXN7?=sH%n~Z;6O7X4XRq{=f&|L59C^?NT^SjpKB>c{?l zN#W>K-~1KtpKn#UR)lI_&O4I-d<#EnS4m-JvakF+|FdV}0g4|pR1n1b>hhzGcm?tL zk879zT}l5w@#kK%WIqprh3Rhl$9hRo>g%(#qZiy@(+=D|IhrcPu~re z_&)cqkCFJoLzF)&KZEt_?43)nFXg58wa<5N@0mr(KUwCt&+~tlzm)UQ1B$;}=6C$R z^UFkidynGZULx^3>E}zIQap-f&RS2|=k_s@e|wAmXZFb@9PPySwhFZS#fKGgT+SO5 zR9fKj+qES7H#E=s{M~1P#fKk0&sK!8pRT#3_~dD@u;UYDeCU$%4_$H!QQhkajv;k@ z1m@dUkILaSDE@pYzH$-#8B$8XCGlO|>IpM7@RwE&Sw-%fQH*qWc#}C(PD(Q>kr{OR;3w%yDhp?~cicZxk}vWR(;X zUN1b&Vhc|-rI?$k+4ew?0`+9eUGslTs|n z5h*5XdZH_Y`}T*Af@K5I$Fk#0HdA_9hBekKso!RjUuIc0c@j-qjp%K#ayv{n z+lE=p=@DIHK9(xEdAdi&xFl0TL@ViEYFfH2DK;H{wU3MzsVS$V#U;fj$?Z8KCB|&c zl94>=Pe#Rum|!YIJgJKqZIi4sL4}AX{SwjT$n_E(n`ln)su_R0D0@j()3P#$ zMM-MSl94>=k0?1e>4!@GG1Y8~=+QDtcE8G3k}2Xz$#tfBJgu7bAW;U&ACNwePs7Dn zsfkGrC`oc55zRAfiS1M4(|BTn)e<`pJc`tQ2M&%jC0i0r5z%I=)IoG-u0}q=ACO_} zSSa&ll08b&_&D!)n}`mphh*4|#WemvY`hreZk4fVQkT&t$($S~!zJI?jkRkZ3lFo! zTaq&pl2YqNMBCCV1EE@E<@uapb>jKi-AEx*6mGt;m>6dj!6h^nEv8|~X{NZW19CgZ zSCYfc)7&Q2YmDS_+h%#(m|-?^dbpQ6GvS*!f0lJT%b`g~sk+jvNw#4=$l6&RQtB4j zn|P$>xHqy#Qi{|8n^G)3$jB_D4d28evyNvWh3*MSw#1B>2&vPkk!VU!Oo~mjT53pr zmemxWW=*Ni>Zp3WRqAktq*({mz(!Le-Q7NGFzfa9E<$%!2}H zk?h-6uZ~Bv(vR@!LOf^vF|m3h+Na3zPqfWs^NRcEvmDdifY4vG$w*G_BH0df=tHEC z0s1qk?iBBAJ=A7SO_$u1>|#7^y*t^~J<()6Pi0AU#Vp1vM5`|*rA2f%o8o#&&CuL3 zIW666m0XfPW<3!MfB~cAfGsvH*$Z5+z9_rsPD$yK%rY~3o@iNkThd^2yDSF+AzS^d zwwaFa;@W1`aj&)+t+Q=bA8blal1wShnqI?goKh$U&D3*7h-Qsbp?V0fsADYDGFubO zo*>5eZ4#8~HaxWi5qex|y5zp(AUHyfCLsP`cPPchQ>+GOcw4R)l zE_cu(^AHlWhe~&p6|{9WS={=N?9=Ct(m zMyfoGtyE1`rXnf0_8OS+uOcEMm>)DHL*R{p15l+8*RJLMlw9=fAD@&g#V_fx5v@}* zQWOVZiE!CVBACf(9R)uxQGFhmwT7l~J?bzD?f3RLU@G=DVkMblNyiU;e<*S5- zS&hN#(^|0a$Q`ci4DZf*E!(7I9_~9GAs3pjM_&_d}mV>YNQv7@y*e48++4VL|{;WK#NoAf1xmZTe zZhnB`*I5htS-`G`;rSh;%irWYtRu0OAphY5xmYH&_+lHyf7lo@wZoYHXQb2mFBDcq zkpJ+3TrA^e7aBO*KX+5$gZztB z^1b+r7h_%K2K!v}J)w03A1Lh;T0pnk`* z{ie5W72b4pb~{=)}yv8?gT9!&AGwPx~*6W=a>)Xu7c{D%+ZVi~o3;T4LX zu#xedf3o&FXck?+N6&-_@*h5si)HaA3ujXNwVT){Tux^HYW%y$!UXvbAIQbBTTq3{ z6u)&FkRR;-M-}@w^sOeyfA~NymM=O#TTJoqhBCgPFS~B^FE>BSzip8GkMVj=p=QSj z_n#Vn(16vXf2$?UkI4^lIP*V@Pt0>?MhZ^p4<9HumYVQ9 zWB*uaZKNRo;RCr?9{gK}H^yBg)zw4Vw={f;*{<-dT3RC<;2~fY;*mcdk{OJFq zrbYS$LqfS&8Vo`-59DImVCVKF6n|eM(9a0g zzSQ_fCE4Xad>|J~%ccIL|Ji*XY$4`muE8=XX-5_d0&JeU5Id6hg*? zTr7K(UHLx6Kb$YFudSTlyN35VkN-^p-#V*=Qh2nHmW}u~il&nOKS#8`irAM#=HvM- z_`8w9GA5K8%N6gfe1wv}%qLua%dk?- za~%xYPxuH}hYcAMa&Ubp*fAI3J z=(}tP#lKsE^X+>)^`rNn(f;#3tf;Vz3H6R;&!dOlrue<;*2rvj4yF9Zh~F=TEv!6z6w4_Yco#>(qVi$F&5W)qso%?FP%!pC)vp|H;n__bH_Z{WUQ{^C%uSQMC$i{(qpTP9F^ z^&KJqqujss(4Mo^^-}76_VE{fer5R^^n>yHL!nCHlzv(^;;(8nm~3B`9N_ZXYtr(+^`4^G!%8ZS zSNmz%h(9Z?%Zrr!EdB>ePOLhuUJOCA77c`v-lq@sekkSmA^P3EEWhR zPQ2MepQso zmQ>zbLN1m$j>Y8sXPOwlJJ<34p%LE-va^f{xmYfk?IisViyy<1%fxHU)k@Yk+w#oa#Ih#$AGL??;_~$Ni7YNB>Z8p@zaTCX^e?jRWQ{ zq4%b1Xh<@dekUZD6a{u4`1Gd{$DiiL~` zxmbR^xj_cSe;57dW$xds59mMN$!xZp;{SyH^U8nY->k9g6^b8LLHN)A$WJ>P*PP-v z!t3`Q_n&hK|LFk#86G=8%SQU2ck2Ra|8?$g`?3GX?{9uy%{z`s(_DxT^<+sU?|c<4 z8}Yw5TCX-G|4`xI)N5S-GJo1WX!{?9XGmR@wQR&65>ogU#qS03vg9z}qx@0lswgaD zLc7Fr&O`IJQ~b30qJ0tjCd=|?UI+OvK>x5@RV^Fwr$vt}NAcgA%C9fQ!u`V?uqV&) zDbAn79*I?0#)NWXIWupcsiW$9d2H$HI~dHg2?pR90BVgj_6_wc2!% z;;V)H8}`neUp>{E|3m_un-@x$_J3TpZ;{s*ix0<=dXoERe{teitT;?4H;`<#IB_gi946#qxuZ_>0ZKnwd^q@$%YcvV3yTxSGA86=Ij8Ns5){A1LarZ- zS1aqMO#^5fAdZr=3-BRhLN1n5_MB))@mc&imT=!{nUC_bICLyyLN1nvD*scR;{S^L zr+NQM=A->b#dcFz#)MofYhSQzCHWBFjwQz_|MtV;+_8)axmeCv_WU0d|AWrLK5uaU z#^u-h|JlyK=4alXHj&g1i=U^Z)BfdWar9WmgmPoK?5i2)DEV3ZJeI5`d=^KKWlYG$ za?vasdH+R=p9f!Zn($d1J(e*c7t01O#*_2&ogqF7OU^@le$pt8p7p)13d@*~i{;GU z%1@{C!{YO?q@LmWH{!E6eOeY3AQ#JL+pSBc_$)pjOLoEc7pG5))n~vDefte^{;Exc zkpDcN|C}PNzryP`uU9XHWlShHmSG>f`V=MqQL+BSvRm~3CI0`Wf$xL+cbVzEv~0w0 zuy8iHJ|rxK%Wvr_`p*&{4^w~}Q9f3Sb~3sQS2EMr10mJgp< zO8U?I^ZXmGeSG{P$4UGeo|9+oZ+0QktCq+1!cC?+W4jk;`!sPuB~~ z|NPx+X*_j)*H0GwVSN6I^L78WcqXi03SfT2wa|5s;x}5!`HtJ%f6DT!SKzWL1?#(N z_13bHej>kZNRE$^-{O4rjxpZ_{DR0nS~lV@UGpu;-yq_zI}G?=ZUp;p5A&;wz&;^k z!t;t{&23}TDE({*5&A#M{hO>GY#;Nl_fc5Jgj_7IFUZ+K@k@#J%hHQqUos!Buly6h zhl~liSSAe4zD@BzM*ZLQ)W2>&?J9wO281Zq=DoFS#4oXMz=ssS?iOJ`e)#IZ5LkoK zTgyiL!;gLR6~#YZTk!9B%CFylISUGKwkxT)2KLsn5&v4FKblee4nltQA5Xrwewh53 zAV15PQ19+?OfPc%nCmS6hD-FX%fH-Fk6fQq@)s_Ey+7|C8ri4yejkNpOtSndBX3Nlv^SI&(6#uQo!u|(x{meQ^^DW1Fz#Kc=EEGxRSEyc0q4+P><^50B zNIt(I^S^-mQ?5=BL-JS;EgSLIjqa09@g4U$UoFPenj=mYT?TS1(uZqZsc;y?3x-z199;w!Uc74pk`Y#&*i zWi8gSs6duKepAz?Q_|&!0fYIpOEtu|Kc2e{aXLx`Z>47`}+O7 zB?vqU)>bU)qGchzBFleg(KqD%wSBn0u_WhjKgjsH{O#GWC^SULf32sMjrfO0-Y4g; z-Vpj%L;dqJU+$@}j7gUN{;R#RDE*w;#r0#c^Zvh){DnC^6_zo{{JFO>u2KBDCph0e znEOv7eyqKx!ZIeA-{9R|pdw>`tWd&Khu2vwjlRnPm2F^h-e=N@&4OY%|GbHg#7{BWaQTz>my|N6-THp`e~zV)3^ z6Dj>v*(vNZjn5Al>8J43ZVJnoWd4fQLw=$7X~KS-iTwI9;@d%XmNCivV~Zw}?Ym3p zUoFS&--vGoHp`e~e(K3eQI!1sQ@H)B!@2)7;#+{tGA5b-(!n>^Q~WW@#r0((e?G8T z#w7Dsrq?||@sou8J1fxVcjzn7KM!F3XHexVQvQEX|Kdu#w7D&rw*A!@jnpuZ@2pAyWrYl8I#N( zT&6pDf2w{}Za>yay#K)MQ}@rfKGyMd4~1n+GC$#3-AGFQV`oZeUs1#P`K|gpTmPf` z=WJ*X0}YuFH4;oqVXO7k^l4kwWR&j{#(dj;lIh>wL@F7fB3_DLjM2ApYqQ? z%PIX=I>}@Esulm6{6j1iNc-7$mFvf0!2j}cVCQ$?w96wX`9BrsSFJ?LA1MDy-|8DE z{upt79siMEx@y%j6#wH7`T12V|2O$xedB**|FeaQpI^sNK7YusFa7%c*#YsFV_=`N zIeoQkbp6&(F1Lb`zh`&uACzr;eMp~S-s8LJr31UaP;PD4H57krH_mqr=KaIBqV!I7R>JAKt$T zz3Z(XnA%n>eM=}&bK7azh~KLI8{bjbpa^GKu%AAiv~0xhQYC{Ne|;&QpHfG1`;_@(;E^oH5LmzT zVka#d@x!WhC;KOCeGA_atXe_eV*7}PncwW zu|}K7`|kw@IN!dVUtdQ2f^knOEMt=S?Yf^N`zO6i3;B!k`3-p=DI9+(&$m{zEGm%s zO-}qYjM9%qtpBlG;MbST$N4d~PZi6UWPXLG9-2(?+5S{4IZXI$pDLCy$^7T$*@{wp zwm+4YF8Y_B?Nh}vCYe9-!wZ`zzP3LVe93CU*Y>IMqn|y$y-nUfV*69E>*tNn^2z(B$p?l0pXdF5nUB}6Gp~fgGA5aSCVx5UpNok3A7wJon^8))9Qm6#w$)Zz`>@ zj7jDfjk1yPPuTurELjSGgk7@;?^C?Nh14=l33z->lu&Rg4Qjy ztO*1E$?}I(>syZEFPS3zb6u_p*Hflfq2&K^3+LO<((>c^wYPf z^$PdTvVPEh*gl#pW0LuohV_Z2_-y}7mh1+6&wVu6UYeL>e(g<9Jx%f1{+TSf4ET8c zvVAmJ#w7FqT#~(w;_pAl`IfodzsdT+=OZ#Jwp3WgB=gUnc%=))-zwy{T&4Ao^0R$9 zS;i#uAANkao#G$D_3gs{%kty-EvOFu2Qns^|J>Fm$??~-V*RaJ-_!o}_AA>N*!bwn z?Fr=li%h|{{*S(X(SIsQaP6`zk}Us7=gcQ5{p=L>Z$0lRzi;~$+pML+GA5b-(>I$^ zDgKXEZa>Nent$2>wmT4>kBe%lWg~v*rn=<%jrt<~670zU?Uv%R&n}){%kmZq%a~;O zD-O#b#}^B+e>;!c|D@sG?IZH-i)$+^W0LvX-)iy}rJsQqpSCogUrGfL+3$d516ryB zL#{yX@4U0{i>4HR+Zq9?EY{CU{6(d>eY)~sehD%rS$?(n``=T1w*M_l4sreZ+Xt8J zg^Nk%NA@Wo+xOw`3j3MO?O*0&`(pVP_SuDuN#izM?~4;)0^-z*UEk(3d9{=tZ^g6u3~ zlKBS)^ejf{|0z3{-~JlEeq}!T&+w#D3d@*e{>aiXzfpX(KIbbFJmuHzKMF(+#QtMm zZB?J*?@r=;^>t7Ab^bGO$>P|El}7TnEd3lge$TtWzhT+N<4bV;=={Gv;^!CZFyfb~ zRb(k8e*>}pTz!hqZ^-;B{R88N=5-*SuV?#Xvt$?c?{A-MfBI=#y_dP z%a~;O<7=-NOz~IS#Pz#~pI>>O?+wtTqwK6S;z$3|z(MiZ{^44>$@MSujrI|j<&Q3N zX&1#WF6`4@iTh`n-xHcF_WWkSG)2os@^2ZuksKds`-j7qoL=(l`bYa@`-roQ3FXK4 z9d1596y&dp`*)oFAW7>dTtNL~@cBbo{yaFPf#`qb{Ep=Ft!)2omMmglY|i(UpY6lV zGA5KC%Zhm&$oNik*NE#kmfPohQvbF_S-3V{GGBjt@@8x;>im8p`1VV@f5Q2?{5XEe zZ(dGe857ElW$w%Wyif7x3jbrR%zTd^f=U;gKRWGAMp{A(zOqieJAUOZ}^lBf$O>LKJ(+l3F&B|GVr?q<wUm}#6I+FFM3SK#d3O?ICB1Zpco%n zrgHtu@}vKB3}~gWj0w3|wtgY25+y&|-<~C>kl)`v_iV3wO!x}Rj*ovp&hH&*$o226 z#{GlL$NrCN3ETsKj0w3|Uf=i?IsX~;JO74ym!DsmkNSzShbk;%!dF->AJX$7N|j|6O%F(DVrsC^5_`QcMbdHZg0_}5P! z=!a!Y$i=eJgenRpfA~fI4VUmgTz=jDOGEq+Hh+SBTqAx5YkP8h5ia_-YAbI4M*7LG zSX*Hk6UvR{8x_AK`wzY6@o!k}asRyaWAF8`ufgd-*;#4Czuu*E3Zdh6FmB9vkW$IhbcFxF1^W8EQKQ-Dj)||`sQ1s>Er^Z~99e()+*?cEOkBv8* zYuj#$J$w0Pi9=u;aa&dl+kkxv=)o_ywY1x>drRRq55$d66ufxY6qxPT+D?tf4TbTe z0XbQ=_%ZF&#GDB#?8%yAn~)O;hqBU8-bCc`Jw-V=5y^bF&wv%Z%qifqfs?r%%9!RFRU zY66&L5L`5f|H{Sv#M#Et?bOk>iTyI+RAwYZCfO4EWwujoX|^%aM;YUi({Q&}yq@K< zn)m?y$I|2boh3s<-4jT-KPTIt&@r#1;<(SpfByC-v>%4Snn8M~*w2pwzXJXl=MQF= zE~+?t7E@f^INwo zoMyy#`-r-J+5TOY#b7_9Mr(HOZ~rdG_C|uLC^A3q$DBqKzinN3zNto-TmIzj-uJiv zT@2#`h|gN^K}Dr-IxIGmg2bY}vV?vDORNvyYX`x9C^weM==XL}`~rv<%u-SK#}abz zJmY(-iTo3e^}kE;dr0zI7V~~QmMA~I*MxxoP;M+wA3Jl6;+H$@EkANletd5x{}-Q+ z_>$tkCdrR}4oj3D-y6w4q(^=T#qTZ2j~tXA-)m-xx#s5y?yDXfKCGzpT5r0tU6Qq9b@AI~QYZuP9pX1|MyLj%zO#idP)>$d} zXO-dp4gG`T@I=iM8I?xzFMX_1J&OP5J??kVzZr4yb0dDzy6*}oey2G!ANB6|NA!!t z?=s?#oD|l8;ulWlbCReZYdy}hKh5>8Dtz2*rvFQyo%x93r?LgnkcvPHz!F|pD8Dm} z&l{QXTMzv^nc`14;-7En#pmtJ_#Mjjji>nUpYhMPj|oiv#h*4=OYx_F=AW>S1aP}q;mN4p7>f1z*wL5ly2upgO^b`vOnM$HYCDgKWU-u?~sV;#?*w+)nE zuG#B0ihsv|?+lXv&i;ezDSp#;xqZs|!QT<6{A;RgA?@c^aejF#qx&D^%cbU|;6LoQ zVVPTdF{%IC;{2ljmwB$y!k>zE%!ofOuH1{1em)ca!AC!Wi}jh=f6sP@pP~5cc6+zK zZeA79{}2|M1}>cPRdG;Xh?Q`prQ3-JgFtf#SD)h3j9oPn>T;KAv|Y`<(x;Wdg_^UptaE0RU-N0uWQ2)rc*W>d* zPEnfitBw10IK}^PCCyjrbG}8CX8h|fZEa2Q%dMjMPQg_g@OsSn>D%|dNAbIUMe{9! zYY&ibdCc08;_qKW^Oc4|KcX~~zgG2QYbgGrLYi+ETxWp%x6ZvVhvLWo%UcN9ek>7O ze!D2m>% z#g|H;{jY(0@!|^3TlO*OTJ!x=Hh`qq*Ll0m^@S zU&S{l{(umguSRjZadr<(KL<~j>P+#g-KFivHJkI5W`WsfUXi%RDgOJ@yyqX>?e8z# zeq3pR*=NVU!$|qRxJ2v6CFHjB3`{?jN>OzX&-bwSF zg73%-jQ`A->*p!{mj>;-vnltRN>pI}bEy4bQ;I)v6|H}Z;MxP^Z<^;gP4SN#@Rep< zZi^_*{9DtS9kx*XIvZ*E?SktJkRScw+6olE>sp#`d4kJt7p0l}gJK7drTAM7`X@?r zp&wD2@mFs=nnm&J-k|-1U2vTN@{gQYd!6FHV!*ew5c(0Nnf#YeZY1wdbvZ}tUuh}y zBT6%Vw-u+z@%0vi{)1g`odNPUoa^&2rJruM4CHSmk{g))oSt81H^r}C zNZXIKC70XzbYS{f(xf?Q|6d#QAME`FcYI*-Z}_Jy>Hkyi(ekSkIM*dgGy6O{XAar^ z9yQ=w25|Wu69bdK+NL|zDE%Lv$?wm~<44OHVfT;o^K2&nuY2phOz~ej#aGH0@nM;u zc0baLU;JD&dH=NgC$#=uGq_$HGXv94+vlG6jgr5mh~F&BZ%^Uvi*+4;F4j!`{1+cT zN%5!Z^LutS_lW&}M@K$yt~|omotW`=+*^2x;y-kPoLl;{UpW<~tg5zP)H*@_)DGFgZRAFGBO3*EwG;78rkj{LXJE`J?_vkKfgs zobL>fzhr4TY5%!v4CHUZ`PSlr$>02bZ}R&6-GFbu#rckq!1&kyT13uYy<(srS3~X} zEF}WtUt3awT;I}UEv+9{B$wY_GBAFt8DEp@yVmZa{ikw>^OahG`Ol&)&XeoA)LFED zK)%~gnE1~uYjtvd>B@dCKi>aB|AT(VeSg-3U#V><$sc3q_HV?uJi+y2=6_aJ3n$0F zrylpdzlQSTx=i)5XopSaSNlhNH;cM{AFkz}Zw-+DZSAsMDgLM^|9nSF-p-q~@0ErQ zdX?gbJYvEZ{RlIDi%TE>O!1%FL)$;QSU#KTD{8qLl=vNae-pV_n#uo3b`EL( zr=;~)*1!03Zpg*;17`f3tWLuy`BTOD1^=n_|J{7C?%WZ@{R8@GqyF==315-z*Ti|= z_Nl~jdr{Bv>&o5EnE20Yf6xCPCI4mvzT;AG{Bu?ddH?iXas6WZVtIwHU$so(e&1D( zk00?o80qKFf7^aa$v)hBbJuVfvvwC7wh_m;`i9-z5WNeSUP_QtpCvGr#SNdX1hQA^OY@u@ptZMOy1ug zYa+iTKz_oR3NtDF0t^QLEF+QvCJh{PXcVnDKY6Dy%{Af0EXBAx|!q zhn^Qt;P5Mej~euKj*0b#zew>@2LvX+YaRDXM%UMxhd+v=_{q)u^KqS;nSTC#X3-&v zKRccCaelxhtvkf`X8b+5N2gHywk^E-pUA_~aYFcMTo)%4BoQ`8V{%V+Xry}hWf#AkzAU!zppjjbA{r6vqI8;4Y96NwC^fDZ)Vc|KD@HbXo~OJ z!R5#G=hz>_(iOt%GdsVo)<cd*w)O6pnDLuTJ@X{R|5KlzB>8yV zn(;?%t9gv#+okax^0377YR2!lI*;_vH;#JiAN#eIA-vskjo|Ch&G@mCca5RszanBr zp?xCXHIDmb71u$VTwgzxzCDlP7i-MVFZ>Ek|HwD$hiWze|H;>{^4Xu{^EGwflQ~Dgwmw_JXy|t{c5U3xvj1F{T=iZX8Jk3WfMJq|Bc(fTmPaR#P$&V zo8wV&KSP{g*?va0UOA4^Pq~@i`ccJm@ThMbhndOm>hwbf#m~M$^Q}X@$B}0Iu!&u- zQv5zo$olslKUy2m{#kxL`aqYz$oL6$?i5uVt08usc)sHEYV1tt@uiyP!t?7-Lj3ac zRg~DCmGScOxqdq=kN**#zxH`Px(w{^;oQiX?8{Gy=Ot7@vJ@BNF;R+-eTw=+>r|xT zGt6S~pT0Ma&oJ2_K7(vOSE>xZO3Ckp_%Ze$b@@|!^Ye}JTif&d%xFg_xUB!2W`7q_ z&!@BfGo61x{D&;w&k1z@OqqYJt(r^m+5V80-4Gu`^b`E;4{1Ny3B~s*KX4SgPU*iD z#83hl-FJ3`;iubcIe#LDT{{i^QCwv}EwRrmhBfhMk zn6-;SDE+Yg71h0Z{1AWpE5^3c_g7T7+tPnVRL@VC{Em3<_zcHZ!JI&NaRvR3RXh)b zgNeVgIl@Ojs*Yx_CZ|WvVf-j5{zK9{&_D29Vt+_$B-anxw-F!f!*bt^PG`aYRNmKt z>%ZVb9-riG2S0x(P2mpSAK}pmc&ttKHx>rMnu$>@^mq`+pa02=lPG?~zux@VpJ@J; zMiA%aF=Kw*v?p2r*+>45c6#&k4fw-BP=E4|ywu%E@mrqv=7;a3b|_6;`bN(Gqdlolxe^((Fg3fl`;R_W!2dFA|L%UUga%+fdPNUpYZG-#QDX9 za%1_ly5b(izZmV!kNTO`&kg`vni!wo@t1x}r}!sD`;Kzu8StxYfb+}Z$cuz>W7)J; z1=jxh=%KMz8~ zuzeaZp3;Q{mqBSYluT`Jp^V;2oJfTIN@oKV= zi{;4dAsZz;eXW6xcs;-&6*+ctA!WQy_@g+ zK<9$0pHch@NnHQx7o3mdQ#DiKhZp$O|C>ou+5E7N{u9Lcbs=B$-&``^ME=q3r>PWw zcD|55hxgm8EBScNF;4|Af$wqqE?O>&u$O`7Y7l3s>^oF}0WvLcf6J zxu5&9^_f2UnRkKPk9teYR|);7*^>Mw`f2sspKN`X4?lIV(2w9N%f)z0=6BC4>d$_P zpZ{(K(^lhPki;!Q;6zz+OT-5(~N&fJBzx=f=_TQ)Y1JM3^aQj!*^LElYLE@Xp|8R8SK#Koa z1+E{5;5!d-zB(~DexvuY~FR1^{+)k~NB)*CM)vcY*QT$f5y!CI{&Ha!%S>l`6&uhKjA3*V668gva zY)6FXN635=`47~8^a#bDE!ubFWBcWp5}f==ry4Gz_(xEFF(2tT%jXZRFG&32v3{?w z#rHm4Nb%nj=hr>oiSzR>N_-Rj|J(iKWs1L4=*NCi%zFyHOYj5r&&oH=aw-1X-*WqL z3BKcoXeaGlem6hVfB*U3v;A3o2_O3pz2(hU5Af^P`ciQG&rZkGr1+V_{!xCkA9bq4 zH)+3KT>LB9K5i7}*K$heAMY0lejCxg6fM%gul+o;GL)@9@zKv~LVhh zTAbUBC6>?QsxNcCyMGm0;J1JEee|~^{|(W;U>rI0&n}r?WT9XF?$iqxDEY?<`$xW` z2=||kS0wqn7Zk-gRi-4=3zqelR%iG3ee^SJFSmc>E9Zp&nIZ8_^z-X$tHUV%o7jE{ zzlQozXL5d^{hxzxf1FA2Z;9s@9HqqgC4=|VU4kFz`R)7rnoAV_)B>&_r_c*tzm8d4 ze)ss@Wc)I2`f&Dqu8;mFEfoHzg3!0Pey#tL^lxH6(_VUSEyW+ykl&wjv=r;vw{icb z&gT3E;`-`dExedN`|0<4NHvPDtQPijp4*MRi)eoZ-+g{f+TRr~T#cvr-(B$L$Twcm0wS*OYs{$%Jna=2UK5|_$KY|@Qr&bQ2fWm z`9;1G$=3(Eg5*CI6G6^jr77O>+r@nh#~YIT)e8Ok|B&x4RH5YWIotdE;(bnQp2RoN z&-LYHc2N91e|ht9pHX#=#81g&cd^_F{U(-+PVDMN@zW*wEscc!Wxk30mB&q~v? zv%1Y&e)s&_TuFW<%CG((8uoet$rtUr{W;P8HWl+6^Ef{W+uv#he%s&H@4v*>-}=a( zD*7kLchA4QDe+C(_j+6FmZJE#YY6{VDExkZF%K&Ef%=EJJ65y!!#?t#Jix62*Y&!p zivH((E`PO-{C-?Gw2%J!CoL*{^#R3y=VyL?k?*$uwG7g7D%&#kO^?D;Go{ge^ymn!&f`HVs`hO=l`S0$jnMLup2>VCA^$fp$t&4->KN{7b6~#Xz z=|_2$^VN5Q<99tcl*M=Tv7fz?ek|_`{}UwtbkeKj{e=on?jKM;7CY~sIF!qvUGWqUnqW;54nCExK3Ea zrL}$_@lE;-{-!vgp&UN-ao?oYJZEk7$0%Idwgedf2Z=fb1D8oiEnXnzAH%nu`@@=`*)w>{1w`d;5(KFC;zyHIddra_lo%+ zm*6{(3;ll_9RG!zjYJ&MYy7%(b`;~^&p6-RKQx(Ny_q#;2*v*w`FMVR z6Z8KoB>7FQul>V^+bMpb@IR{HTW^Z{Y(es`e7}SA4_jUk_wNKB=jR=tOY#@b^xJ=4 zlKc_b|KGow4>?hOEUhagzKMRqcf6iW=_eA__p*dsv`=-F#5b}3f|{<96#pM_{{qJ? z&RqVywM+14iuq?YKJquew0G7twtmc~f3-v0Uq(Kbj(je^n-BdHfBd`u{xyo?Z^QAg zSYM6TmvyzoH@W{l^HnW=i;w&@x^n+-d4uak9V+JE)^L6sF}`jPn&(&kp^tXXq~zZu z?!O@4h3n^oI?tBAvpeLqu*rf1AXM5kNpQpKQ5VXqMy~@I>%A`Z^ikwTow99`~Ql|@4o+Ka)0gh z^c!s{{yHJQn=kt3){PQB-2eTx_JhCgN%7m_{NZ&jzl!S=zUF-Q^<~n&42p=m+Ij#5z!Qb8!4>%l;+Thde3f2au2VM_fVj??pHGfs((q7{4PQ*9SVj zmE^A$>$m-i-jGkOue&bV7v$spL90{Zo3t;9wNH@um)l|cE6%Tb{mFL{-=zO=Y{>@p z{GgBjX(8EzkvEtaUS%0Nq!UlU;mDXqxf%#`%}ob zJ|yPfevtSk`kDB_o!%6GI~=wKJqslBIfsSUUi)qCk4q*Sdf34;+Iyu z`IatX{{PqDPZN(iaKXxGf zXOX|X&#yC1=>L!4_=^%&ZKmWuj`PF9{@v?;g5=)|>&BkH^SQplr0dHyQQUw0GdTHA z z=lfIqOQQdS_Nn~E`HsE8$)EdY8=g-kU_ZD$g z_6Ns5TX2RP{|?6fmEb!Hx%@7f591?$_a7^F%j-eO-&neSU5$7@&T&AJ--Q3sou5`x z{BQC8g^=Hh>wgXg$3MP0{3OM1C)vNN6_;N<6db=@T4!?oRnbM>{Wlz+x`O2IIiEg= zl7By&|9@2Pf8z6@j>Eypf7e>=MT(zU*IRz~`1gp!hw-mJ`}u6--ZK`J@FN$BMwYUDQR?f8^503xUp~0knwu$E--TLVw+TRnw z@x#hL)RdCHhtxm8{RCV=@`wMvf*fDWmc}niSFz6hWN`AIy4P+FCI2&$f53Rj)>Fap zOO+~7o#NZX{08dZ70EQSS5{^Da@n!pQByg@PNdAP~7s>lyvi+z%g#OP2C;yf$ zKaP z#vCE%57$e4%Wq=+)p<#N6Mnzhoyqkr$0YxN@sq6=B)*A%?(AvP zK5LEkqYM)5?=^{UqMs6fc72uN$BX-4ZvIK(e`LOi{Y-me9*f`TGyhOR>Yu2?xcxY; zOY)o8&*rm3c2oRDQvcSy{`N+2{DM{YN&U}|+uti<{B={}n~X0;{JDa>|7ex;<1EkT zXIwJh#J@!!jGI8|=LLzcT;%t$9k+s$zr*F4fc(!`28dGpWyhPMoeBo>3_N8 zpIueOI-nr=Zw((+hvHwC=AUuDILH0qD~7$AsKCKjtXT;e~|CqZ!V5 zt3FGtMe#QZ|ATzjH8KA$^G%+Qu3L822NeIPxPFnZW{LUFQo+gJVp`?O6#sE-!_=^AMm!FQP(}&{U6nrcCom75)U4kFz`oy|2bY?;<+ie{>yQ`TYi)03ueWK+9>`3 zd_G<9@%b#Zyu>$I|GBA7n-?hl60tthnkB7&7JRpVHu0Zt#lB4TAHETMr^I)JbNK`1 z?;cid2_^qgjGvb6Ex)xwaQq=v67N#{S>pb(6`zX}?TcEG^WFAivOalziOb~u5saVX z`a<;E@H!Cu?zlcpdcGc?mB9E0n-BLXO~v1SEC%8hyY%?mY`Zki`14T^*OkQ`{#PWe zGeG=zKq+5>ich}U3jK$=(7)=2evOxii0Q^($?;dUpg?#Kl%Zu)mX;3`j_=*} zC5Z1D1$?0wHAeJ*#CKn75g6Zf;;Zp2eyq%&v5DGY}tvC zUD9*MG*&%6=wr*yjvr-fsAgtmy;Z$w}VeuBo=PBps_xF#spCx@aAKy-5Iov8v0tVdF)Aa03EVFe#7(n} zkv@WhdZZ_%W-$fw1Ke*7!4tiIXrFjMoBVn}kIjuwQzH^GGSbv3#Y#lSr=|5siq%d< zLT+-~TI1rgK!nCmG|tG(X`CKE#?~Pb4v9-mYRpuwz3GwESUbLXEeI-{k>0iz9+5F7 zHODq4GiPG0Vx>{zsTt|Lbb7+X99wqd<~p322s__!m<09wOQ7Hu{|THLKPo*VJ0~?U z+ehMNjk9c-TpdaJVY0*?fANx7|J(=s#Qzt#`TrNV#eV>YGH1XpmcFt{cu;L{Ok55e z#4V1!WnV#K)Bo(DV`FejU0nT}nkfeaF3}@1HX|#?_X6>-;nd8yOgM&%o2nfzSq2{A zDRE!8wqoP6a(q<5Y;7#JHFo{QWx_$6&EB%Fpepn~dw@&FW@U^^&4vrgmgQq^&GZWd z&Hx@JN$dF+4{)e<;y?r+iCgJZcHZKcTwG%IwlBOxiSfwm#W#Fl!u|wQ8s~7&d~vY}1%E z2pL%ok?j6h^Xr)zaEvVrh}v7N3DI17kM!gWXu+889}}OIof4ncPjgJ!#^l5dKuySD zVzaWbnh+1|2mI*l$R6oAty&C@Ps@dtt^x6Jd_o%hD&|chV{`}Mmf44_ofT;9B7vEj z1S;XG>JJXxmJKyW7#@(FnUS7tGbU%*vNLkC5^aWL!vl0O)l`qlPJm`FD?ZVdoST+C zJ~byXC9-pTT6}sUYqJw`q0N^5njroVMX+!D6A%d+3s$lLcKBw<1JWz(d|K@tJXO{bfz$ zqQYD4J9u^Lf7Z#$v!haTQgRa_6Ens%h0880J~<<6OcONLY~r&fX&KO?XsTVM>F{Dq zMiO`dTUK^cIM1o+qwu}*EO#6}mr6wP_-tF&IJj1#;biC7;8bV^u3syL2cSipqhp{K z=NBy>5IDL&n0HKkPW%8PspSI#M-R$muEUQ)2H8Ufd z^vh~l6 z+2ol_QQJ4+&J?(5Fe*zOm68KaG&?s9MkHw&8KZMEyJcnMW=1myo~F95I_+&&7z1kh zrr1f)IHl!|N==VUO3lu+L1Q#PyFA;esYzPn-TaAmYC5M`iF`RM9X}m|!PEE0;v4({W#^C7g{2j9sN^WpE!3_zsQ+fA+!&rZU zH8fpdxW{`fJ<@Y}`}kLno+SG*aAX{e2IJt@iw42->r#VIk{SP?thD|*)u;K=`dqnL zX?l+gz92a0x!uQjIPPHv*G@!EGC!LwMQ<%P%N8eGD|B@X{>=S|yJt3xRCr{3Zcawd zn9R5*TBzErg4@X4{VN!^Hf*Qr2e#A=kskw=Vg_#=D7;O;a1eAHKljn_3i_?AixZ^% z7)l-_2l`gN(tsg`^+?am&0!Yvv}`UO!~IltkjMB-d(Xavw&HPsZY{;a`Z4z$V@pi) zfw$3zV44q)gDX#1qxPPC3E>_G=x}AYfhp>4ylYxUJlWs&_=Ax{G@?UG8E?`v_Hzg} zoWmnnV>K!(Gchj37N3@r5;v|{WOx2*NIdk3xi1`{`Cjs{=oDMxXmG?@Cozs44nA@~ zPJB*oHfYA}xH7ZiM~#V(?3*zt9sGwasW(iAQ%mwDEt=MjK={UHZy|TOcwP0(pXn;V0_jn8;q0OA4F?o zNw{3oJwEK5n+h)9J?wKI4C>b~ZU;6pV%UiP&l5XRKd~OOpK0;WPmBidqUwLmo|v8( z*$Y>$Mq&USiI`BwpJtHS63wdiJw3}<-+viJJR}R^|OR}=kN6Y zS65k9pW@$m7x?9MzV!k5W359AD1NOYz^|b5odNRkz7hU{1?y(m;Qm)pRnpJFD{!VN zhbb?^2CzlpE)xEJ)VJlgCQ3p7CW>Pq-~SQs<9WuKV0DB~OALYiZA(>?_`lABKUN7- z=4yQX{FdwGeP0mkL%uBkw1zb*Q}X`<`}5i#fG^u;T=Tk1DEqXu2mL=3rVQEcZJ(#> zfj)+WC=Mk;QNL=a%zzRCNx&^M^YT+W@IPNdGZanZG_QNj${Ea$4zhs1Bh4;wC^6QIN`UBtR z{^Oc)isBqzOzZ-nC}%$B7T16mie2od<(kUZMdSKD@n?6@gpl>HB^4QFZuUjxbx z#`sb0FNzmfudEl8|KWy@XHfFn&w~8`pV>Z3$U*t7)4b)z^<~J#a^&^&QxtzQ=tmi8 ztRLrL5l=*_2f0|ryt0Gs|L&vzY*?RTvFiNf?b^>!8t_7Kl;Y20qu!lW`8ojcXLoUC zRolvx{xjkEO-sD4e@hJQKe1jT{og*izBa6X@R9$~2Ao|~Sdi7u*Z<>sUw0|u>R3~;EQlq?Ve$OC zNr`e}IrWb7BE?q+a6Zcap#0+x-)HMXeDr^ByMOsnKXSb&HIF;pa~}r&p>w@EEIy|X ze?fryw-4uj&q)9CdiE$q@!KB_Q2!!6s}aA}u{!MecOUs*KOGofE$d(YCa*4XQT%0l zIN$9b#6EtwU!aQX)x`QGBl(M`Uig;cXKv(IIG$hoO}?(q@i)KDoHxXK@!XaXe?+f2 z$0+{H+5GxN`Eh+Fmah8TE?o_HX&=egW1-){^2fGk8c_UwAMqmsYQDnYX{lw?54KQ|O0PFCmNqE)XiDgOEETz;94a$9!u_66S?>HmDxPwe?_ANy%B&%1wx@}t~X zs_Ei75bLkeZm{f>+jcm`?|OsFkM{5O2f_~VJYb3PYfAO_&vm!hO{#xuuM1;}QM?Uc zhpYYQ{_WFZT_yH!JgFmO}e7gaE#7X`;jrcd-TwaXgABXj?77xD5 zfdBRu|NLi$F3+R*Z?A>%kq6%rOY7&@Wp6&eDs?T*IJfFym>&p{=Lh-~f$!A}Q}&l) zSC~FOV7UtQUIKEq~G7Tw>He zmS~?XX3U-j<1e4_^?+!2z8>WNXK{#^{5YRsZCFEb{qTq~uOgrCD1`UQmPcgqm5p!T znn1}vcqYULn5xU~G?4%G8T>j#x#bG(Uv&IU@qe!a^3T%wYJXZk1Ag|_kIb*s;g6pv z{)nP*e*dTQ?GMP${NPkF#Xke_2kf(TzUu+`-&R>tf#R<|2=+5q=UWEQ`gu*#584fu zP1ml9rpE7|{|)DNu|9scyv+L(4TOTRziwa0#{>2nyd9SHf2QL%F_io*-iG+7%XRsc zfwcTR>hWWY>}PvktBn-D;j>^rpXq$-1M>Tgol=wHM-48nI6v3@C%@SWwp+?8}O%?=)YsZZgPG&74&cULg%|4 zkpKF=9(5`Gq=5dF^*Y}&nAXn}6aANdbzM5ej|crbJ@^g-zE#pco@cziwwAM9r~GqW znEzKE4^uv`#@ZKsetS3o?CnY@QHQE1_UOvWRu}l^ZN=TssUR1xvro$0WAo=e^S6W8 z{RKb#!oyYI{)sPNmOpFN@_#A$M-~VBsbwsGIPg`1k8)$#W8&9mDgBq}UQ}_FD}{$C z>NE8D%|7A(`nnNa?L5W52y{-kEfX;ui(~Y<*VeyB?4qwP@F46u;qj zAb)vXKbB`7Oh54(*I%dj?<_5-xq1mF1~!O2N{u%2%Ix-%k=h&s~ga_RD5U|9QZ-57+gt4x`U+wU7AxFnEyz+q4Aer*4?SzVGRO@cyQKXji4MPFH0En3(5ta;SIw0VfYk+)Mc%XCWL> zKTMfopdV*OFU8rdm(sKE9OY1^xW4%dd`nF!_%ZokHs8KnU3XE}d@=kdJ!8a!2G> zzrp$SSzpm-7})2YV##}eQCBLm0_=iZ{ejEn;119#l?_~MQ6#poTU)NOUD~YuH>m&JZH1ZGA zN*wut;y>LB>_1B9TMhVaiu&iTowR|}Pia`6V?V3w-)X?VYI1#bX!u4wO8&GEu+N`8 z>_3UtkIY9sVf%ZxQU4v_pMB=XUP=M^p9oXf_dVzL+CC}f!*=yhlzrXY^LzF`dMHuw zUQT_F@0?A^|M&smU(ogAGLXOVF#p%rAJwO3QT(>RcY5$GHd;Ss{GRJ;-KY4qe}n$# zMO}V}0l#=P|MK4-y73gnpBE1Pp-|^5$+Y}cfA>GXcj|>==O}&yXdj)Ib-vYr-^WD% z^{ys%q4<4v!1Z-q=Q|Df8zTJcr{Ab?Ur_vshrqvi@YPYYeoXmaR3-Ie1NrS9eES3P z7erO=O36PL;3bqq8*X@=QzH={yK87Y}?}8FiQTHi-3PC?lD?RrR6_n(tlfa`v`geXdtv- z&T=~6YQXPbjO!5nCd!TFJL}t!^8?>7S6E)>I}P}ACH*58%kyDvzM=H9awqg@J^1Q# zw0_Ri^e=ynA@|Nu{Bf}U&F;as8}P$Q`{zGdW*K>Y9fdG|=)rdx@T=GN=Hq$5^3<3s zyWsv~<$WFadHb$1GL!^Xm|N{hR#Nvew`SA)&ndQ~iJI%ZrXt{IEo@PY=E#_Mz3k$zPfA8y@II z+UN5yzvrr@&yQIR_|v!ZdW_^B`b!6LetQawFVv;9TU^{n*ZqNb!Qu|FgnV72{PVcj zx?$A((kv_J)e@$#I6|KDGdRDbmT9Tv?{027ztkoCg@cs-yJUi3^>u0NW9aLv&tUKK zi@yUc=~nx`7peZ$cS-QQm@s8J#1ZoBU&VpBtJ6v-u6m`Fg78v`9UQ84a7o2pzqArn zK|fzyJBo5^?)z6M`KxvVeluNuOFAvT94ASZzu4)j?EaTe|M2_8aNTqbQ`q-C<;VH4 z*j^=+@MJ}Kdn2EpFM#(7yqDA1WiONC>quxHm6p2vN=9Jv%lsD$n~?M87i=*9d`<5^ zTLa|F`kC}s%1lZ>ue116J&pB~Hv;rCO4m>LNYD?w=hmeEisZkiJ_YC3=lP3<$-wW0 zeEs^_5C!(qK#$v%GFEZl8)0kobuxeT{n2WvFhA+@{KcT6AV~*Z|MpB;|MP$25~E&Z z{*OKOkmDouG#uGSAAh+XkpKPS#Ez8xKLYosl>R#3GM1MAB&eMwlpn8K{;8rYUe`DW z^yBmVMQCZz|9~*%W6A#aMR0p}J`J(eN|khvkD~gQRPy1yoYuP@A=jULRS5pSyRLsl z#L1Jtzj{0W1m&0Q=UUJCX_Wn(90A`O9Hx{#=7v6lc=SO7z^LbYiDgHp=eIH1^FLrG_x!)>A2I(Q7cs2O|LYT%aRv_=>(NBI*>Yl8)Fg;K zGaxYqB3uvwMTleYNnpbY*i*kEFbxZv)>wo=Xskv?Mrwa!QQG)Jsqlb3|3rIub$}Mk z#{EpHVFmESK8xxyt|i2Ch)-hAva)zT-p}ll2S`ut2T;L)oQzCV5?O)w0l`+#%Ip`& z2LxY%w}4u7B@xy@Q&B58Q=UK3rvmo_*&fgBy5kkJQd1JsGDb!A&KNa{g$Qu}p|$qN zZTlwrquB00wNXnG7oz$-lqbOPzwAq z(;kWEr-6UKzJ|ZR^ANoP#maq=`@Cy`HQm8bSUAnh(Ww)_D8^-swk3Hy@7-9n;yafAo$3W9!PBnxYOzae5bAeY%OvESOMNBR)la(Kj@0&4RJUb7DTB=i8TE_TJ zX{qtq9?www#+L-&mN7mKf||t(W7R&;zK2@!JVe)0u~J&h2?&&Fo8Vi+llsNLgG!{b z8$K!rGCT1O#Lyq}^ZkX6J(AT8~Bi%&|*Vj(Gj zpPQ8hv493X=vD_>>MdX2#YA2!9R-}V}tk^`qdq-M>QIt z1#R*P`{LmUJ>wdIh9P_jzYfLc5YLe_MC*Zp^uj=?sY%^4vU8r1+X;^#664rGaVc;V zhidQHm!!7H<2a8iJkj(D@06LDHqrDFCy&Bw+`N(=V_0-TtVN4bLHH5!DAP*3dw)KG z1v~6X;>WTALilB9V&g0>34hu*Y$_ z2^TBfGk#pWh@>+_uf``3*mH20cPJh9iTENmgkA@ERw9B3vEGqSB_7dx$8ha<^s2-s zp4}?1gFGq;(}Ei%+Il4URaZ6(fs|--2c;J8ed1Dk9OqF4W z+sGBCg@2-b5!K~&kY0(Bq+6HAFhB$^*BTOc@NyPE#vS<1)JcO0=#dlYS~Aj-M2tR+ z=qKW+vsggJaeT6K6QapbKBaqPcbNd;8(BqMK%7PnpFRvdzF{@kuan(5)$JmV zk$k>sHL}mAsv(Z?sRk}4pLqWeGYzI&vWJKWqAYGbL~(=wSbDFBUFNo|?(ykKX|^nn z&Ji8=w{%QKE`(mzu3`@_1NLA`YSp5#M=a|k?Lbclz(4VF0A2@qn1Gnhau+x+hUJAl zsu~s=+6v>h;Qed+Jn@yq{5j%??cVp1u6_geKh+XS!LE8*E^NlZ^wvm=m9v8f4*(hPXSeAb2qu;6eGsF12 zpiANNfIn&V>(5y0rxYDmQXTdBDEZ7{X4EUYE0EX6XH*?WWUFs4>PJ?h5A{>`kn0}6_$+>{%$Nk zXji!tRlgR$3m_O5Os*g2p;;U+ErZJ0I(IFO7kp-vuwE>C#;yH?s=wPb{`;Lp`T6Jd z>-S+scY^xhIZ{`zC@uey1@=$_Zr1dR;@Lm|tQX5i-WpJxs(;gEUccpi&-3qFe^mb{ zg=MT?O^H%iHcD78mbDg?eVM9%eHCthmXCN`0i)mVd?`v{8S9UF1>}Kjl(1eb@6MQ6 zf~vn+il~41IPDIBQT^74D44_2>sPzL?}u!ZuwE>WmMpoQs{c*)d=w;WG5_b^nF+ri zGXDP9@lguPMhWZ1vdP%#Z&3BG67?$|_&@)S*-;A1Sifa%l)|!6!g{f6J38V6s{RvL ze{ui6KW}1`!ZOycP6GWyHcD78mg}C0|Cp+Onecy>5dZaCL*e{G#`>ee!Tul{C9D_A zL2pHq?H`Np$CBeIeqYwe{$eY^`G$=3=fi83jS|+2Wo6sr?@+(Las;p6W%Bzili_?r zcGqu*`XL)7tQX69EuI)j)z9J&YDvTeH2VF@0;mfz)*lP6SvE>oFP2-6ylA89U)Gb? zua@+G{+*y}ma%?Eb+{fN8zrn4%VL*rzev@;SNLD2N&U*3P#0vZ-#H)TfoznpUM$bd z`DH3qf2Cf+|BW#5e~*CuL&o|ob-^AW8zrn4%fWBHcaEx`#fM}G<4zi#e-*BMma%?2 zyk^-bVZB&>vv=nARQ>OW_SaE~Kj&vuf9&?A3d>l(^Pi>)%SH+7#d7N>c~4RGKLYF5 zS#pH=w?9id=o>QDUyu={uxymDUMx>u_@W_I|5w8PEhGJ(f5#YzTM8NLSH?l#hh>9= z^=#}N&*{*~2hm!s;xuv6Io9e)0K{d)f&`=8-|Hc?p4gZ`%@0@kI#YnF`? z{%$NQ{PBAlRlgSB6dm#O-%WBmrdALGQTp-?~MIc!}fj6baq*Og_X zg!N+C^Gj=0s(u!qmL-=s|MKt0`dOS>ma%>oru4twkpRewQEq5l*9f4?IH^bHy7kA=9uEE^@P z7t8i5UV5LZ|1VL$%cOpL=?H~otUsy@*dOHo?WPi%v*!w_im-~|5CZHx1Imb!*cwm^s)K^<)*!Gd|s^37uPq$Eq~zo2iJ1^ zS7Cl6hR_aa|0(c)ZMC1`zidMXfkN?L_7)t2I0dqs^o-Ab%;xy1N97ef&1C;)D|Cmg ze2V{){j~%N#eWb!qc{cPlCE?0ghGygO9R#a-Y)$*o`Ufpj$i!2Kw-#9$bT>%DmD$2 z;&21RB|W!$0z3Yi@RE#w?L)~Q4*n^u{4%^i^EgrZ;#fmk<5X@q4#6>sQy?zskv%8B z$k}iBuY-$_U%c}C*r6{w>VKdgI~1otT++jLEzRWk=zq=#$}e1be(2B_oz)MW;fv1U z28c_#B=>zb{lC0X#eatE|Dhi-Yy2O~gt+M)C$vQu7;;H!6%n{3UX;Qyic=siY0q0J zZ23Q~_#wqdKUy5$8*?6v5uPWIFM7s9TYR1&Zuz%t9>0r=f5X2NT!j2qmFH&)eNAl& zL0w_-Gv$_l{@&6{IX?QIGQtGe{yXu}4;9MU^3Us(K7`{N{;A*wycO`#PZi49^7ED* z|A*t>s>Xi;KAHcV><@g|NT8f8|Fgo|_j3HZvSj>wCdu)4$v2-r@%h8sH&%F$HZp|D zzxF-&?E-NMlJk?CFqKro;*Tr4fdZ zy>?A@lfEZrvCi>FsQe!sDgAjn`N1kdzgHk(KUlLziewO{KwQ#S=uN)m_=f*2xQMR& zhB@&KKV0C8E6j&`L0?=>fw-ife6c;-{vEwSw*SF++5bd8Q}_*3J4R^T0OGqQ)ITRi z8=`lFui-cZ$0$yLxTKd4sBu4Me~s~y@2yb*{}k{+!hHA~0&xn&C4G3s0(Sg)EBKc( z!Z&jKQ`&Eq|9d_I`!is?FErW^st?2=V52w$;*#EfW9$W-{f2)oxCZ(Cvh!bs{O|1p zYxstbGUR@^Ain?hj2LBz13t<>TkM=QEja!L^go9DFJ${;PyZ8N$?_M_fDclCGMo$j z@3Qkp8RC|Iam|KXIeykdGX2GOGXBxembL%&!aAsLyTkmC&juNCbrP(HyA=B4dj=We zmcL-f{?9o6BQ*Y%AnV_$w)%(SKl$rH0)^r~_1i%L#VJs_lU_Ka-Exk<6LePwmS=0>vp1m-G)!(&}^kplbg_OM$bnwdOx^w*7K9N@lB*^$jKVuxf zq%Ooi2=VoX(EkE)3dAM-{qOxl9N+MNh8IzO$?SYe{{XO1DE*7!Gm29nF6qM6)!6#y zY4Bf+A#|0@|5-NsY5dRs&|rZ=^>5k3g9VCHATH@I+O=k%zk9A$`TslF{@VSVEra}z z&l~!(;fB!oU*PuPFdqo=phF-o>Fv+`-k*#AP+O+IdPFzKkgri;c6NGc7D%(k^D2ZWBKFg|A|Yw?wVnKj*tH3Flfr} zn?3&N`L_)G%%M{1760P6?El#9$N2Zoj18y3XJ0~Ioeurc z_rY&5h*Kag>D=l!lyUrRLsa^Am-9c-&ziOT8}B~{#ll$gAVbLhBl=T!S z#T{gSAON3HoC4Lmq|3H2cYx-$2!>ldf_vQQy?zsUpm%f=bzoMR$ZaGtbgtN0Jv(x z_AU{gLs1Uy0`5?F|6T{4nLwNZaY+Z?&-{Y3|DLL{{~L^vw}%~n zYV?u3f?i9Gf7toq=kHw!q70;G4T%4Sal*Sh!4S9nfd}@n^G}|;S6(4>o_zm;eh97h z<9Z{{2`GOLwl;+NU!Ik44B`|h-AR9NQ5ie`#`B}Rf?i#wzny;<Yr2qxh!&Cmp-x|MW}|JN{+(pM{H%U)%Eh(4sF|s~=kQ zMe7vEZqjR3ZDQx&-lyh&g%V}?lYBG({agK?!u)R%xcJ}GO6EV&T*kkXA6rkl5Gdrw zHW@ynI0dqs^g*q8XO8dvSzaMfEX$wdoA&=WF0%YB%Q?I9cXVC;O&tGu@ZW2Mjxzq8 z?AOLan+rnr2jDY`Qy{xZ&z}4V`}~dmgE5d_VkbWO5k?_C`VlsK2|L^Xap}*mys>^5 z*x#7e{~viQ!+77fN3DMk{4V!5w#WaRnvwCps6pg0UEi*WPkQv&SK0X&0hRvV(R}(R zO@#gi_+h2;K5H&s)ROl5PsIonr$F&ex*)m!GA{mmye#e4 zuao0{cKh-DE5?5@v`Q#v`~LNzCqCQ6@zFmv2J*Wt`DXi1?H~HdMxpYLezFZ;*$xpv zc9U*5Fl7wKe@CUi{vW4*+~_aa_7DAcV+bn08F?d|PdIQtF% z<8Tr3YmR=*t^LnTxB&7?q1>S?h4DW;4#8&>r$AiN4=-QyI>(=+#y>-&W&i(vn;&t? z|KdBi5(xGGyhq>}9Ki=!$_@6bDaTuB^>%T{AeCqFN2WktH@c7S{a17!U zh)deHu}&L~f32#2v{rKdg`MBOH@q8!eGpQAsBH-HwfL_dj#|4Xvg9 z+S4-sIq|ih!CnyJhstUT6sJITlkVw{XU88lsrTQ(3iyGqYYP&|78ALz#OiRbOx z9p+(o7p*RZx^gu5(C-KPdVn|u;*!?RIWUV${};+6KX|X~|KRnk?>`@eV{MYz|7v|( zx6u?&DyNe?8M4;s)L~U>^v>AGYTKxBRlW@Aq+h+&=;X?MqSK zJ`%W>1dYexJ`yNSf$S!Iuz&C|j^BQ`>VLc>^PipnFkB!2>z)0_!RHmouP`1S{0-i} zz-JVvKwQ!bzMgq6$In;s?;UTAe>49PU&j7F{}7*!-SXefn#?}`k5ucAyxnE}gZpS$ z>pyCLi^pFg3{mg@60f{Opg0AxoAk@ETbFY7m)$3?5O_t#|Bn!*R(>OxZx~tv>m7H- z8L}GUAIIO4KY{cIaSFsGosm3@_5Wh*|A7}#`-+se4+!oBV%-M>_X2SW#3lXLV@>LE z_T&B_7`%#K*?mIX@*j9JkDdQ+>>mOb3I50Yi$=cLmb1T1llE%`vj6j6**|IIn(-Vz zy#A$!%>PdNkR)ey6)0!B{-j{dRabI+TK}Re`4+=^YKU4btY+smDkOZE*!AE#U za8?Ni>Bg2F!+hZGeslqTIj?(iuOy4_eyf*$%P+t?_TYKxhHH7_cZL(-c0zHa16p&- z5IP1A%9G{isqOt~`30~iK)w(51b{6?EPu)dr{?*YY3V-g+J)!`+InV~1DA<%%L%?U zi*gInGJVoNXVSPFaLC(7E685p(~97#{zBN?0z9K@?ZJa;jxW712X>=K%12-6@ck^m zCV!ojnrGYsZWk~xColaP^b%Y!+3v)+Ysc`e5YzE2!@IEBEx`D~_?gXFvh_^UF=tH8 z(Z0eNc^PBC>uwas;<9{}an>|+&MV!&$}jL|Hjed7D{=ejk7rFQC`>C< z9ODb)XEu)YOp`DdFQxKMzkL$GS(V>L|4&@fmwa>V9FD&a_qVt3gD&~EC&D@p@N?i4h)X){+vfE-{!hRc zLoN1y>CXO#E6IOrT92a~zYEOo_gMHrm;Cs4FeXz8`*$7NGnnJ20AIK8Jzu%AzbWuN zy{Y#SoeC81q+4yg_6*1WWghT{#fbf#RQY${?|(ruDE}3$gYrKMI(rU*xTKq0{xe(t z7eN0iXyJQ8y#025^PXUTUHAE~^?J`_&i)cuU#h3Zh&{(u`FG%>-#H9qKaD%dZ=?Sw zyGcLs$e*n^{^z*9bbO3hTu+t%gS`FdcMJpZ$?vfIHu`_!l76gU`a2wd&q%P}!VmsO z{CKhXLXQ8{@4%lJBU*1(_5UH>{?_VMI@y2UZg}qasd}{G>Kn3~^bLQ#+Lz-uIH#%z zTKGYi{BHGOol_;se@y&sBRT#bpF;Xive^H%JNs*`s+|2_1b=&+m(*Mfd{`YP1Nk>c|7v>U8iMxUw);1V@UJ$nU3h!}eXIH5*eTfgcOQ7* zB93qP7i(HW1kT9!t9HKCzgXaP)4vk>7AuBhr(oyroc&BJ$2a_YH3R-IIls?|kG{P^ zZ<>7c?WMu7Q?T>b*O@kzc>#f77dj{gY$FQELAV^X2cTt^NBmt^E8?T+*>q z24en?;uiuxXyJRlbH|UJUb*t$edATh9RK@RupcHdXR7{Z(1DMBuP{))qIGZb+vxwv zZqm2y^s)WV-YHL&iDD)%KW5m`QRr`08w;%m(VIaQ04W$3Y?)yKV>6;#7`SAP~wD5y2 z`LsW-ysPN{$!^kb=G{D+<2NgTeq4sd{_ow{pIQT$J>5TluGqBWHjaOKJEXsbA9TsD z==qb{Ju zf6>!D;yC`1iIN{9WF0{9PkiE%-4q{{wSU{QfA8V=zuhMLuoVA+19F~?Tg@cB@fD>z z>6iL9s>1QR++04N>?Uo$FSq>7o$hSG@r%d7f*A-D|HL63%#q{1)IT9z+4!H6xam!f z-+gQOe9uTZ?~=HrE6dN$9Q-}UKl)+$e0|oxWB;`&Pv>y_hD&AoJH@|uuB?a1Zqk*t z|CU9+tmpU>D&PnIC4T*0mtVp07wnetPvwvDT}8UG_P?><<(?eB@6PhmKXi$#_bA>; zSC&7b(Pecw{=9wV^S!O*a|v-tSC-!|{qV0GztGnHP`rDV$a>JTFxzMuLapWdSNeNp z`F-|(Dmebu8)P5Cp8mlDa=xoqJs1A3{Ecg#n#1v{{uXY3b*u-215|rILfQSNYIo0< zS{o+c!&cUQ{|lRUbNm;JoH%7)k@k7dP z?+97{k`As?=~Bu5&zc+J@8$SiZkK%Me?-JT@%3YJ-WlnTN{7nE|NA*xKI8b$Df_AZ zwcD>xk?RgghpNl+SP`H4-K1-um^X&&|1Q2B#(y$nMB2$L`TplOzW<#zNA^$Y`QtK} z_ol--OQ%3w(!U*gHIw82wilj1Equ>Ocl;+{{7+PO&+qrumrXc+{6)aejuA<3Df=Dx zNtZ_2PkvY2+COJq|2sMUXfMS7Oq1_9#oKS^-+eti|Mj5WUG!bhUr29!bN^D{cc(LH z{4F>b?4K1QD8C0%RegU**0)XjFEH{&Vq#(yoKA}Vk1X(x{``6!_# z_}7*Fj72v8Qc1(Xw%#ze{jtU(acbl6_-o1Ijlm}mh(jQ|NjLU4>c`oCdS6xHc`-&b zJO3J){(tcHH(M?Hsbp7s$cH%3*(ng0^xJEv9pm^#IKOIbjJRToZ0CXw{42hYEaGcB zVca6tIsZ|-lTICV>$|`YFUX_vR~Pr!dp-_qhx>ql9Q>>qN6;TglKlXx?}_V~e3?LT z3S>9w{wI#U!P!6hbIAYy2k+li{0IN!sI_4RIU)f%m3=$Ho7N5x{>vM!fKV zs{j7x?MJ`Q7%2Z;TmJw?{$~fE{;}|bF8PfXLw@b+od1bS+L!lj zSC0SoD{!4REcTyqXa7auXFYUM)(Ko15SR4cagCf4jjQ?EBwY!1q}Ao_~1z?fkx-m?GcslwZjes`_>KCsR+go_^?0_A(s8{TYC z$nhVX2KjG`$q!b7uU+Aue?yo4r5yja_rU(GCf`%lo&7`V!9EW)oXa1zyQD8{{PFF; zk7|G40sHms(x)XxCB<{HidT9bqvt=;)E+xTf4F~4@xLVFHFo|}-wlwiyW#!E=PLbU zc>B@sF$T(i=dFhPcZvJ@zfSGbExGs)!Tv(Jg&%au{}K9ymFa)I^?S`396weA{vM0{ z)!f69|QXjn|x0#-hMlu{LXW1{EoP! z8{aa79e=G3^IygHG2%Fte+NGLUB*E9@9Ps)jCF3tm&|{}CB1OLokKbMZ_b40|6?)Y zC-wa4smc(#~(9c z&qU7t4D>H>JVx9^{lB`r{WsbAf3=%buKhne{KXiKKM>Zpdo28*OMai%%IDK_7wM|| zUuX*asOPT>as2P3`TX??>@S8PS!FDG{t|QKI2;{U_W7%MC~yI1|2^Q}F!(o=f2#iy z`S?e_vlyuSdyd2SdpYyZ$!^j!oAt)^2T|`|d}$Dmjlp-qaaI1N$oHLrN9Fq$Pe1wo zrCM@H6)b^tA5^Z4n_~W>zmrZo(=nB^f8C3a|NgPqU(cQWkM@N6ryTo0I|bsBE^X$0mE%vt_m38S&?Wz1CfHxj{CDD#e(cQU>p1>& zn1742|0w@?8o09`{T`Q>|Ae>=^{O@L*{|h;b_(7NapPvEyVcoq`ATH^xPY;{T z*?(R-@T*o6=TA}nzlOa1=YJ7d{sgQ)3|-}(|M&O|oPQoQ|GG2qgBE_U5`1qZ_!l+) z^L>v0Esj4|t0oR+D*GGp_8&YPX@Axp=zmRfZ~yE@1L|=6jSb+swW^5@cdO?g2Y!e8 zk9cn^e&DM}Cs`#9{50SNz^CKOW1-(aDpqud@n`Sl?)gV{J~{&8 zKg#~nAK*Q5(`sU|uIB$YOp`sL4if5Y+X13zft2VL@e!lN(x zd3OrLCH;5mF?RfIE%ZM{bBq1wxU*k?YZI*z)o#&uL0r-su9;uJ*)M*C{Ab|@UGkel z{tJw9Z~vqFKWF)gz}GE&&$;gGPeT3~_xZ2ni7fX0L)%u+{+?sTf6yiWNC5gDm6-pw zc|<1r{`q{!f4YV5QGWihSBQbMz5G{p{qeg?{@%i+|J(TdW8nu~^2yJcyvykSsh*-7 zdi=!eYk?ot{u}!n^o8|*YM!n1Z*TfnvhHsXs?sXl{^Q;TrBz!+gVi^b?@4bB4rlv6 z#gPAkEvku6)%vU8`F#Gv`@%qW&B%oE-`0KoyX)8GtGW0e{xV#&rOEeP;Eun#Pv!Vi z*Cn&%&;KEmf8Y;N>#u_jeDphyf$YcmkChpJ`D^F1Wt{yt0AIK8JsNMno$vL*@8&v} zf68~Hb9d+afgd&gaNR)YR~(9iKBo-GvCjX|TFZW+9xvyk6E`rqn?P|2lGp!H)m#LjSV8tBGaG|4Pt-kA6=v5Z~?k zH~A}=VpC=K@tX1R&FucI=YxOQV83eN^|#3_c>6o6@=5Ct=(%DW@bNpq% z7yV6si37j;|HxmGcI|5%|54z3Ed1n_y#2lYNB;J1GbeKVb->px{1OL#-~W-nDs{&1 z9DggOzlEQC5pVy1|B)Xbf5D3!{{W`H$CCaI{K5Yt|Ndw4&f)mKVESA5$*p+%hgXtM z`JQyfrS)TLR;kiVsPRPdFMq?6RP)I*OC0!dA4~rvff;gs8eP{(Q@uxe^8TlCx%%(5 zQn*4&HSrAje^Tp>sNX{x{XSx#`sXv4|Lpn0efzt7_S@HR{3hsMa)`+fy5x7f3i{u| zx&KS`59t@X9mV!9YWyJ``NP0pvs&*$&)=ax_~&o*|A>L&RUSqEPk$%9@7$fuIs5zK z`0JQz;==A~{HG0{|1Ml7^9jZO#W3|dG?1*TnE%0p=j`VAOQHP>0zXHszwor>`8l@r z7j4@>{8wW9F}~$X?DMa{{SC&N{Gdzz2pEjfD$)O2S#2r%{^fh<|9dQaPdj(^FM$4^ zhWqShN&kZBdEmNlULm>|L=El)v-17v)4&~HPT`Dcb2=vtGd`uv@TFgKxo>unub>be z{FQf7fj=*|09*tr$A4MvEsg^5Bm3KF6VeLPXN>dZ&++9?MK6UKdz!iriI|3`XXj?2 zm%E|@u!!?8n3?U%$rziNS>P+wvS;~olJbnteYDI1P5Bf|8fSPW9D--|(eg4h!*3w{ zacr(HFLRKuAU!|ZUznG#Epz~7`3i^UX69*`MY-v14U%6vC4~609zqlwhv|74zI=m; zKWhg!R2aS?^g{@~3~LSYWu_J76keH@Q{=nK?#=L$j(PsVj_6siZ-zW?+8jJl`WaMT z89!~I%`C{v?cE~sG}HNCOwBQnuD%S!PO)P;C!3sH<21uYWdv`Bt|zq46nJ<|fJhQ?1fBTXSXn~_#%#!g3HZqcm1n6s0nXXmEn&(F!rN`gW* zAR_}TDVT=WBGZhYSwOW?XZX?d0zdfKjB*9p%>wk#@Eh@AoGGn>ufo42K;&sw(&d&! ziXuUN2z$|tjDE~yed#MVsU)(UDxu7|MmEV$g8ZAE0ZuJb^Yi9pLxGX5P*qI?MXACQ zWmVCx5-6}fuP8s=S0T!NVuh%}Oe3Gn>8?Dw7UhTSved2Ro@J|C9V5`Z$WUJ)Mc%md z8NOL*EQ&d+vZx-etYXiqJc_yBaN|U__ef&Sib8RXhT%*$-G}vkfi`)nQDC8w@TJX4 zF}&{%M}N2S?|roNqWpXfegQQ&l<6FKo-f~Mz_4k7U%}BrF_UedpaGsE8z#ta(D=cH z@j{hsv~r7ba?+;f__XPHc{$K>#HBzJn(NCcw_?I(7S2)ioUEJtIYn97xp3PV*?EJ~ z3e%>k3sI#(zcH%|ag9?UhIBBl);&5MrbTALa!#|QSA{Spe{nGWw93Pxau^TePOAhg zKd&$kYK_#KwA^r|1BsXAi;Tu{POB`ehdUU5S`>^cV@YX6g?Zq@d0G#xy~=f?i{=f? z&$|XoK=`kh7=EC;cCmcbGyH>D^n+AiZU*!Op_E<2mNLubpukysyb;$8|1B*y-Ip^2 zdUBRO_tG%)Yh=qpM;KRojK|i#;>u%q?i{pV)*Z%g=$nNx37GuQ5iQKmn?J3*4u>Dk zo0cI@RL#HnOIxod;#{*($JB;=W^~jp$80v$#7&=H=qu>hjp+mAu&3?$(~wXURI7TiL6gDy6fh%0JN)xdF6H5L=Kx9 z|D8HN&;GpNK&y0PV!JT3aM5iPWd2!B^?p>J3>%Vh?)p^Gr^?EtoiomCW}@pyt~TcC zQ8>?5X*pU)IIimBa1Q5H0;j6=0e*kZe7H{;k|HZB_Pi(@wF%k~bJv1!lhZBSTn)WEH6^Nn>mJ>}nJr>g_!r?8 zE~a`4J{o3Gr4+8gEKh*x#>1m?6*ksim<@w8(^Bw(vm*=(^i8H(TK?3moJB5<-y}^h zO25WeNLxYtm%})@Y?TSwJ)>Yo+BLqE!g*L9MK{jJ#Z5bQ{j|a?%#eAD)|CD2H=kbOs*03(~TD7-5i}SR`qHXtenk=(*cQk8CXl zRGU064>}xL`-1to=}BYZV}%!Tc|$melmgEuzT85i1gDv~MmFS@p%8qIf%B}JNT{!j zpV~SOk!PFvC8pNk{QSIp6)ENMj8vJX;#Kw=jIY#BZM?{{Exd+9vUBiRy)Z317Y769 z&zhc>Gs$jeH?w)qg!5s*hkh`v!1#r{0sNc&TJ(GbxhF5PMNGp{*#(8h$YZ*%fSQdc zUJsL(1Lse}&J=8IQZOx_8X9A?1pj8gmW@{nTeVzY2A_VGLXTZJIM14X>MJh&BG0zO zXZgIYrd^R&Fw8kS9&TL%yPV8{7A7jcSh{6$;}ZBEPn5}Je5HPB%P)~G> zZ$zAM@o$3li+T$9 z&r$C$MGDWS{cDJSFT6VRHi12(JHmUkmeKQAh)eq6CL*J z;`n~Fe~7t%jPAg1uil%I{Y$6G_lFA}0KOI-|MvSC7TBF$mwA6)|7v)DcaP;g@L*}b z{r9+k3C=4bdno^fGGQM9U-Uk8bROv|;$OUqv;Q7gKkpd<{@ZSl@8@;Jr+iO3^pCtF zvLDy41RBJNz%5k_ZNFdQlJ3*&lg=DJ8|F{xz`t7UUm}L^>3{WIk$l>}!)YH4;*##P z@TMm@e%S#?|Iz0DExH4r_HQBkr@_SXU}_vLeG)qC-)j%VC0&1g8+QHBwpG9%WAepN z-hMm3vi6^R=JaOH{;ID+`j0jFx=a2w1EAi4^;@6jLp+=tZNEJ}wAzCXa{2$(Nw9w4 zK}-H0#^-{Bu=|n4tDg5X1TO$9+98XvY6S(7qaXLH^_BF;I<2`o7v1G=ubyn!lL( zJ=8x_Vg!0E!$A8~^i-VCjVe8w$aRD?e~#8qhOUw84%O*lC0F}~4@J8Jv$VR^s#R}l zn?F?dUdTr=H4QGV)u8zLqdzPww1k?q;k?n+Me6JpBDHx7;Q>qVI0(mjvlb>ueWL4- z{WWgfIS}k`nyCCylK;HzFn`%wt){^JA<%~^{chwX5U*vxd$hht_0-gZrX)hQoT#Gm~~=MOpmwXt8yoKjgn`Bitz zf4<~_l^p-7Z_bWSe%0Ob3l8S8`v-jV-P!TUueV!%;Pky0bM`;5zNV3M)rD;7Dc#9` zcHo#S-{ePIKPA@}i@D|dai)Anx@pk`2RXj)h|Jj4pzL9w_1QF^%}ED-iS(;z{Mhmz zaY=vlMW{c=?{r$8LH2vq`W>1_r^QP9L+j=I?Xa$39}D7=4z~OL2*>~Eh)n-jRsV+6 z`Vo71qhng<5TN}uu9E(&Ev6eEiA%a^^^vUq_|!?zfrbF~>!_XLTg1wFo8E4!zCWbq zvpe|Frh1Qb!qJCb;_APY525~>Y5Fe~%6~BRJ4uuOVhwK+0`1#Q`=!fo&Hsr@`kZRL z4srZ7xPCY%MhxE}{io>;eDYhYDMX9wpxxXYFOon989&m*C0&|&X9JF(`V(9S{3jD% zT*lY`cK)!|@VnaaVjgt;wOF(NLNP#G(&xPMDm#Dm2Jl}hEdD!n2R``^CHrw*t==bA zYzjf1DaVf&-A~Us{qwl~S56z~f4ywE|I1Z>gMO$q@~!qMc|86;n|xiXul%uK&tTXOAWWXrEu(p zV|$=@Cq3n%mlC-2_xu9Cd@Dw*SSs_M7{{mo3gy>AQ=p5};r@n0sa+&>Mf^KTRzJ=0 z^W&i37c~8s>JEJJpGkaLKjyTKlk6saWcj?d9DgzNzjWaHl>bU`1#iDk`L85?NgJ@c zYjrUY7PfHtkGP~~Wp19!@q2WG_1o{5eBCAgFYsR*YExbO@PC3`$35^*0;yC*=TSEP}$@HJ8JMhV`CB=X1 z24Hv1SfRuClK^cG#3j9@xXU%@;lg*aLA%Ctvv? zTmLRb|D_hbUJ1Sj)~`D8soo*oxmNLe5dTrnUnMC}|7|m$zsOE{{-S<}cew0t>1tn( zz!cRUyKH}(dHd|*(*OSIkp4R?=|90;{67je=mr0kI1Z#Wwbb7#At>HS54dLv>%S-y z{MUJQnf^1yM4nInOEqAz5S;FJGI;_sUY z_uV00e07}n<3)CpJ{hz2XO17}3iZ!{81ei9xqd=S;_ZL_57`qUeks_mw~rU!fgckQ zA07Xc???yYCO*UEzq`PHjR*V}((`}9WXYlYNBwcnZslL%UFm0^`iV}@A7nS_YuESB zAz51#oJH*3(0<3zmM&Zo=|c9lm6az)_>dJEx@<Tsi4mjstNyRzQ@@+^Xq7KCg~9R{*cLBRq5tWo{AJ&n{{qKP^FjRoYVySt zKK<={On+?m`z-=}b;b4n*vqn8aQxD?uznEym%a9^vfqLKTKmZIw`3&LKd^r1uP5bw zM8>|^|D^ce`@zmJ9RKQ?Q2(AV`C=+>zZ3s{m;ImK)h}cHM?C`Xzk=XDZAQMVe{=`_ zj9(+|r*TIoKSE?T>Go|N`#;Y9%+rwn{)!Rt*Q)yOYTo|%KO_0q)Pa1nJznh2hWZzD zMWMmW#9dtZTL56Z^9{NqQmOsOP*o0V-c*6iuoaM2f9v(*|`^BpEtpApO zZh-U$|4kWW|1{qI44eISe>V0T0IMQG-kGbrg8eaVZR4+RR;enyT1|m|ldR*P^t@9t zvX>~W(MwFi_8#(k$tXCEH~lDiM)wkBaBL4`H|c`Ejy=z%|KH%h$`fn)j}l(qe)1os zDG>TE^Y*STK7?T-eMEHqZ@1s?J-&^z|H2ID$CqQjx2TuUYMb_#!f{DW(|+$9hz~fn z2Rr|r&lgqY_{$%H{ClBu{CltJB@!WiDgHf^fgNY^OW`;bj_rZso%DIxb6@A;e>wQC z@__%Slm}J$PvhgC{5EL{^zdUZ*J2083}uQh zN5#;yoeJ>0r33HQb-?QtFDlDl_vFFqoc;I3!gVeFi}dNd{fpIYXiC$2{~k9%JJ`PB z_UDoQQ=aAcW#B)_WAPs((%tc?|3mMA)oq0p#XISr69%m0_)mfTL5u$!-6fy==L~dd z|E@R7k~seV0pDZsA0sj__l}FD&)H;@dBS>2Iz7Dc+0s zB#5$i6YQr))&Ko({*ZnDzUpQ8=>^q<{|oj0$H&|6pCS>OA{~K*4Z!;4De(NOrB|H) z?%VX?TU`9Nh4}|T;FJFv-GNX3Ylz<)svPY1(Kv*v#7j2XS`;y?bx$^v^N@z=3hXxy38iBUjqi9~wgywQ0u$v!WC5KhfEyh<2T;0Mov ziRgW_T;E)|WR9Qo53~J!>4nVSV3vIzyNUo--%IBXbF=e(Nn?s;O~JhwwNF6rX-=F@qcg4k8p2;jcx(uN zt4_7dE3PwmUZF3y0M>CBOZ1|E7H10J*h8MFmfjh2wZmT;Kd0p%;cuf?=~W+4bZ%K??H9s$-2u_2)PuHfa-z3qu z1Bu{zr+ zR->cJMLeT37)%l_R>Lk}6cX25K>otCRK8}+Hj1lmxGKCmTQR|zwhE_0BwulHNXIiP zfmF44DtOLFGo3y_L}X@XvDLW4nNdhCzZR(6hzm=M`mInagf+MD+x)^L`Q;UK47H!( zp#aJTeWiRB^wH*KsTD~R(y|MO=I0gpp<p3CYGGbi`J*(>je^Ddj&WaIr{x)o>e6z;OGPXf zpgPWesuf8qWHWr|5Xj=WLDmJm%mzgE0Su=#)3V`QNmL6%!E+7%o`_NBT9C$4=$xo% zwN&UB@2X~T@?A3&yxEM(%Nm?pm_L7-(Qsn~6W+Lh1zBf;FYTH^K0mD2_vNO~w^*st zv~y>3wf9^&7Z$S9$x(!2n1?5CPYk@S?3sBTXoomKzO#C<>L|}H|{OE3hrR^$ECq?8W zv+f_1otBlGS5TOp4j#Sa<%k{r<-g19kyJ@$ZR~It6%2xPU)ebY8D^0ocL-4Ur7Nxi z=};;|o~cTv^~bh`+IGIhPQ_HqA)}ahb-Pc)gLpyDT3wl(D1YFOLPHL=nCgYuy2!KPf-Q%1i>xpV5_ z=%vcmTvq~04|mj@>Y}>Cp?b%Tw=ds#o{6fAEV&oldZ|;b&qL<7 z5f4P>*U?Wzbw~Nq&@kQ+r`vPfydK))2CZhN$qOspQIb- z+FioQZ=<}zMV)Ng8q*k;TAR;ska-MOkBoPiaCK-bwgz7`%6p=1`7{1C`g+t%s0G)t z(7VX;<Jm z&bhYIS_y1qxi23ZbuNz$*A)Kzw5(ZaNn`TH=U(HR@5>mK4L%jpatiurszs6GBsLca z+Cr!nE4+rbkRA+U;?VCTl-TIBwbT#jN)pbANL(`!q))qPW2euAv7l+{dZVEeOi4>W zx1_CokkxWbBg&-rKY7>u8u9Tx$p1L4AF2WK$1v!pq@QB5w zh2CQX;4=yZ`b0YJ&r@AFe&{>-i{S5)58M7k@M)c@9@j>o;JRI0uNsVRW61mJxETJ1 zLV>uX{~9_bm*dCb{<9DQZ_9COCw_4)xIPH+MIB&)5I+EaL!m%i(knk-`w7SId5`4l zD+`VBaa^ZsjeoM=zpb@Eq4l~td`9UHub;gWstf-|@OKaj#3ii_Sd+@}$0)w%q4N33 zo8Ubb2=P7e8HM%w}X@64|$1hfV?^|-;rOPyIyx!aG&^o5ppj*7z@hS99LqVIAFVoejY)S8(2XXl-Xh=sk97 z3H%*|0&z)SzpUM}9DnvrD*Ydq@o(qPg!~ZzvRqOZt~#J?n7% z2Z*0G$0&bx{yj6{{T#fXPJZk{L*4+smQ_8xwsSAMy253i;)x4|A?gN*OZvT$!D$>H z*Nlg~Q4HD$S^t&0juh68TGx@{T2gv{ zn+oelQ790X^vIITi#YyeIDY{`U^CCBd3u3|Vcjao7`R|?P@G6yRo{?jVg5j9My&9x zhIOnU6o^ZD;o+Bhar`C=Wd8HcmFvQAovO9`<2v~e%u}GHytHnWj>&#HcH)o8@6m?i zubU$If&ZBQ?iY2MbNnYRl>E?t%s-{a_2u}9M`es@^ZwiTUo#^qljGmqU#0(l%zr8Q zvFdm^JvWduV|iD$^6;^ zB|KkiVQnEmMoom@!#;pz^J*L7RQ^&nb$E*7FG-R1d!Cp4G}vbxci^OX3b;;$$~NkW ziB%$w(T@av9~wGHpirQChxCHOvoGcNopAm>gusWg|8uj!H`npwJkb#BGg@-vU_)@e zDDFENxM{E~vs2*>{o&EX(BJu| zxgo~-rHi3|1ji^8h)X)yu#l~PuW2Cp+HTqY3|bY*M_#BptP}H`YsgaQ;)lAzv(JEY z4GF+JCap)jC>?mNAx``;w>JHVvp)^?|G?lqE!RUWO2XJT)4vq^pN(Pv*Q**Ek~ADn z?j0+NA8Tv~wLc|~!{0$Dklmz5+`p;{$A2;&ds`6J$^7qG92dcF{2@IXJI;{Q zB`|Lmj*G7wXUIpLApdlU6Uht586qzROM27?(i1=E^%}fe6hoIE=dXGXHZnwEqxfGRZ_$q9ue@I7e@`{J9=zXfT*+_7|7o0G z*Z`h4m!D%uMjY^9-Dcp1!Tu@CV0#_$3+tff!l-e_tCPVLzpR;Er(uh0@=uX^EU50 z&heYV`UwnyR9XMyI%RAAYXn_dEd%oR%?%8p`NE!#4Fw9VUk<_FQ790X^yUlKzsT{m zALTE!Qd$1({J$Q6_>PSe!MKKo9EbYA6Bh^HH8kW60C=tiKQ3^LLV>uX+k}oa;P`2{ zejCFlR=(N(9)jfYj)VHWMngjqGT?p|#ER5}hKBq+9{hJ@n*DQmvFQ5e`%nMSIewKi z$=7#DKCaWomHO2FQ+*TcI~3-54i)DCPn!}O?gJ#<71=*<;ve|6|3HqP=9PT!Zppt6 z)@fPO|Fw}|Kdf8vK03q@+z&JW&%cR}4Kakue+e9;P@s4xy?buk?>K%T%-_VIem>D3egM`R&Hb^6&Xt+K=m(t>X{fzJTk4 zpTg3OBMs?t1>8?}7;oDEe2_EG%k)ovYotJ-K=DpGw#&;GaPhCH_z!-=^EX40#`xBT zjWQ$v-Cpc(mh>GZP!?^L$E7_-2^0#%C4Kjz;7E>NdxMPsz(2D8v&~lj80~KYw0|v9 z4A}|wQD`=lcQ{7rl?CZB6578DQVen8?<-!qo#QW1 zVo2<0D1SYmzYoVKnXrB*1nH4DIK>br{@#*xu^fNV%kmeY@v{Fp@0mzGtrHJ68v*-d zj|i{VPHjE{{CJHBuOBak&nOfq-bp8K8&#d-*Xt|eU#lbA-!(Qr9ytD>LH_f$8Y~4a zi21?aa<3%3g=~268F z%|G}(j(^3MGX8_x=R&J1#PR)+`48J4v`fEbs6hE;hCD90b*Ml|o-B{?91KqU=k6|R z#_@;J`1h}}{c>OK4WPAr6A1+YNf$>88-WwP$P$-byq|=`7!M=YAR8i?) zQ~JTWzbe*#X8QZvMDnpd5(B_*rwTa!U_Ex?-~Pk9V>tWURF(Wdg5-bjAMt-)y(gdJ zFY71MU-!xUzwU5k{Y&|e?4|rh$MpP1$4>U|y7D}B{BfV+dsfK&hwHSh{XfG`Ku;L| zzwc5*s`%yjPimV>1`ey)C#vxcI zocPYAhD^uy7mkbJ7=`+OiSNSSK`0QH^peTz(m8&^dnG?q4&Mv*7sIttkdMcS?*R{l z_{H!Ug#vL&$6h>p3&;QH0cC%#On+RbZf*Z5{k=~N5GYqZ41B16L+}}e(m(ad0Rn{r zaY;|kU)+M@f0wB8|3$L?xAO~Lm*u@U6IdYlJZ7vH%K{b%*{{QA6bi&8J$68+hdF-h z2c`X?);vG)Q)#ch0Im-*9@Z^ty`WOM7FZw~_sYK)!)Fu<#3lV<;FI$>{-HCH?3HIZ7quA~-gzVS0dIZYP&p><(hWr43N1;Gm(qEn49MAC&sOPUh8{U5M6Hxlr z0D+<(hw+$kal-pH0~l0EGf^N&5!e@i)gu{{M3r{14A3 z=*Iws0&z*-dA#s-jz4F(v|S^mo4GYZW=3c+U-3KZ|8550XiJN~o#1{weQ zd}+TEKa^ifpb+0%P)nc?zZ5>BP#`X8|G_GMa`yM2_y5;P{$jX*wf$=ju8{)Zr%nGD z;v0m<{}M|R1j>;B%1 zpX6N$0)+x`NmreI;$@ECdWZZ)Nb!rnFO)U@!};$U$bTS|-ukzY9w5aXAbsHdgC9Pl zP#`YpdIx$P;rOTHrTyN{(th-lVC9pa1aJSk0)_k~B=)N-P;}tqe3(QJ9D`6GF6o|q z9&F3;lYf-I@Z2c#pOYU0|68pD3gv$dd={Wkd?dnW6bi&8efZ&@+3~MsYW|1kUOE59 ziSOOeN}v!wbz>_SZ!q~D_>4k99z@Xp6+mG+tymMfFNp-kB2>Fc& z#I_PBR6m!%XA}y=CB3n4%b^^9vl{>QF6Q}^|3YuJ5-4Q97t#WS;y)EWqfj6&>A$`S z-OTaPe+7ns@|)ol|LDg8h4|>l0)_bK#{z`{aY>K6xmpj7zgMNd)>76#l5h5ZK7sLO zYkRl;mdNAAd6CCX{L6ptaSz9zFi6=S!8h9XG8gu+qRsKYR9DlRNKk>aEwG=4C4}8*6pb*~=e?y@_T+&H{FJi~PhQs?!4Bl?C z{;|hDjXx&`A+LkfX$<49r>ld{+g64woe2F8I8J;Q%0CDN;*wr5{v^vU@~Zf6Ez^I{ z(8&6a>=*If;H6Htu>Hj~y21OPZejZq;cqAuh)cT9Y9Cww|NXw?iyE^2k$kiNMdh!g zX?KBgw(ox)9^Ls>F8#CB{JY?-vi#far}od&rMp0(_OAp!qfq;o+O@ktp+I(%UcU9v zeH{N;@SlkxSX0`+;}Y!unf4PeIJc`nIeas;H!%L3IH#*2yB@7#JdY>C-%uzJm$dil zy6p4MgP+J>czetImk&v3ZU6kEW&SEY1@nJFsJ;!tXOur+%8BuQ06zOcC=i$QmHsNd zIs1pTR{8IC8UMG!1+08ZfA1pb?}1Q#R|cO^sQnMYXA}y=CEaGj)$IJA25SCCpuNoh zcK#5Y|Jx;2Xd7x7g6W~daS)DCus?{$-i>g7AQXs8`i^fth~w<<0R9^>XdNVfiP8Ts z>tAEMf4cd86`walmgAn#<*>dFb>c7B_V5oJ|Bg12?|DGxKQB}vFys|}|GG!L@1i!K z7mRn~=g?bC1j@;0-PQlS+jMQj@&9j#O8<`1e#vL*|AMBX7=-FyQP@9w?n7#`E>`vi#fmUL5~{eX>enVj_wc zE*OC4{Sx?$vKY#r7v6sd;WG*a;*x%F`HTQ(|Jb22|9MYI|HStAhpINB{{vIOB97gT z|Fk(3YQ^y{cvnnNw7pn*qeBVT65p{7Ld91;690~=po3#GU4GTGbqRRi? z$F1>imj9mpB6+7bL>`~9{oRSbwB;an{MSS8zedaQ7lQb;*8f!gw0q%s7lg`RF?>d$ z@|S!cJb!{vAiGIla8v1{oc)W-WSnWKl8=7EtnYuwPgwA)+5!ci_t9Tiaj3Q-@i6{_ z=}@}2wm_jkT+&zHJSc(V_nRkw5j;0)efk85tzW>%fgZlxY zKwQ#0d+%Gq@#`K|`M;aY|EG=jpJxAu=G$Q$WANMBqlbYn|04f);)^@4{EXxKo>l4J z{lDesR&Ahh{P6svb7cG5=g!FYFEsy%Y^3=|bWHs*I(D-E?oXTgIsUCaX}`Wsrhm?* zk?-Hy!uwAR-Y*1?v@j(3DR|#}!fcQ5{inB~`99Q%fBW>O*!hR=s{Thn#lI8Zf3Sr> zIa~gM*27nE_U}@BZGHLn>%c~F;upi;P$*EoCw=oHu`h7^F*RiThbGDT$I1S{=Pd+^ z6TbxhhC+e3q^JM==sO($PhIjwQ#t-E`R4c|zVF6;8bw@7LqY2av0{@vX4 zej50N$cKH%@vrh+@RY)H!Er!N#@Niv0$-t)JAEjoq^!QB`etb?n# zq8#uamgCc==jG+N^4A9L4Ahq4=&vTrTwNaJdMiDArs04~x(YDA#Gl)odYFHdzcAMx z$JB+D%IOw2Ez*a?^rFn(EhM+QswsGYPaktdo2sD zX=88LLff*{cErzZ_S%0@39e-kzx^uKEydMsSB5Jcfn-2BgOjZ&do8X^zy%I^<;uWK z;o(%}3n${|cCPIgroBy7L8kJ1Mf(qCf&bC)0|u=h|9(64hcAG4FDGUDrGLx!pAuJg zfqrtAaQ{h%V?P{I|H=PQ7m=LRg{lu>=O6r_?;9L{{e@M8N2{1$x&p54Gx?qex`;$L zCcb#EiztC(3ec@Gf~Iu6HD6r}{ATJ&h{-l}dd1ojjk`y{oUo%FaLi#3^2IUsrs4{I9gd|Ar4#{CAT3!Psy@vwblqWBtp>FG-K&2l`bJ zferPo9(xkD^=# z`No02&6fT}6QmuqFQp9^9)F^8aAL@X_jCDw-75mt!JGR}i+B0_Py1g}`cwWVe+uMB zf$oF2q>ny!p1|_Ix3ApCxb$(E|92(8b9et*Vh`ni#kc2wJO6T({{q!yzmvG6iA%ch zhhL|2_J>vhX{^Qm_uSb}ehtW<0QnJc;y?KJ(aSjdm)r#Pf2#!3e#NiI{_cxq`3qbi z+b!afwzog?FZzBd^6Br?{#{=S%HL&X{uA%>`5*WH#z5(xQXuOK+OJmr)%@Sif8e$a zxc^)f|NAe2e}&1{UGhuTNc%%y%Xt?jS$?8)C;gjt>P;^GJ2Zzeu~l*A&p+Vpr~SXl z{?M(G@97}>{pJPaC%gU0Pp^KIv)}(cl)tGl;%FyXo^=O4?F&x){QFe;$E*EdZ8u=& zXI~lcA>Y4J{Z5s?$F76=e}FmeE;jM@+xfA7$m?kJ+?BukwqH7%i~rAeK%IBB#eSE3 z%KvWnKikpZ@s1q-ZLO*Zt+u4U^5bAHf0U_ONN?#^do#zspdPfV0h6!) zOMH9!cbUHj_aBMs|Dykj5DbEOd&+!_c5>r~=(|FkAL+j$^@950{wMmbNQA#rAiLw$ z7ytLq^+x*J_kSNeAL{=n;>5%!Wq#7P@cD0|dNoV&?^pFd?Sn^L(!?j-|KZ=+{U^jx z=zmSO?Ek)1@~K85jea#S5P#D`7`K7vc=D$~<4E!>bNr9^AH}_a`!7eee;(j_e6auG zjmmz-x92|^nkRlm`JdvQ^!-)m590Q}etI>GO+bhdQd50Sn)(+`+S^*jm%SVkm-Ltu z)!6;#pZh^ZY&8J`BM^v7nz-J%vY$oAc3lyF!^%I0arXc2k{|pZ`D=Vl+i?8zi{zL) zuG+WSA3Pw-qxPeGuR{C4(>!1LyVE}Kl(V zothEZ|F0u;js{gzGoeSCh_tpVFm}~OIhkW_B^S!Mhuflt@SjFuLRbMDWmLa?c%J-x% zdHQu7`v1MC|4;p|gqPs?7vi7xAJ-M%UjFU;r7x@Y_kF(oB`)bN&Kt6v<3HOI()Fph zFkgJcr@s?le~;%=x|3eFs1v*Y?f0!A{`1WE*A<`AowS`#>&p7Ue1hQ7>S6|Ht-7kD zA^z>{U%x9m)yMo#`GewrQr#G#&n61|^<&=tFP6$Sx~;lEax>LmyH2jVqU(|-yGd`q zbw9iR-doWB6b10cY`pBp>55NxM7k>Yb-+M;@@qi;3?|KjejNA_pg>&G>o?5mf%fZa z|3P~GTHmp%@Blv?N_qS3{8hb_{l{ee6#l*XV2}U5*8Xq>7yo_x!Sk<$ue;<|HvV_s zmZEX>&+d(o|19w@KHg9wlQ*HJ7<8T-$JHJ9=+_AYrT-td$^0*B@Z%r${C~mf z;fsME_57Cx3vz;;VQ$C@+26GLZ^HTGI{2#!JknSs_HQhn?Fl#0I~Lv_G#1GokPfmR zlnDNuk_VXno2dRH{lw#!bpn1=|8F3y-wiH}5#vUw_HPeg|Bl;He*32-LqDp$+5S=J1pt{8K3{{e9C`r>z_})9PvK#jYNe1DE(IyK>cUo>n`~f zl|PDi(l1`od_EWdTOs~E%VNYb75`!{AOFiLi2p7S|A8bk{)tO^-MgM4XurMxadAT^ zf54}pD?XJw(sq7j`yW*gwrR}8|6mw@4_f$QAD{kqzT5bx`fpF5&zH!zxBpl7g8X-< z#eSFk*IkZ(5dX;ep@SU%8%TfM!WW;rv%j+akG^}d2XXw7kp4jnUw6r`Z2#l>nH^># zKmOs!{>LUL|N6aV{EPkW?5}M3&wu^7Rmi7&PUU|;l>eZGue;>C&3{z>+Wwr^1o%<) z?=0}2sNWYO4(6$T{1<%rKX^<&TT%OCfBq=_4J^CZx%_9Zo51e>e4+%N|L-^X`dRYF zjfMBv>a`;zX+q{H}|3wi0K?`3$OMVFAUrTn5 z|J84<{*&Y10`0&4fW`hV&(8kZd!V0C4nOO2FFXFSWhJElgC<`;Oa8Oq$1zk6zxJF~ zn>hQw1in~l^2JwYXa8Hk_jGoS|3~($x|8Ft#Qv9sub(CVT!{ZbIs6;?#W&#iC%}IF zA&dQ?v$LQ4C{q1K^$zJtTP8ok@u%SX$A@D?S&ZucI`GSGitPW|>z@nXg7J9p<4M8Z z|LxOb0QP^Q>fa^s{?W6_QvV;6_EW!uw4Gns`Zw;=AJaMe?*spFI`G5xD?Z&3X*=I; z|CRM29?P-+?GI1a;OtLn4E>MQM1j~l^xxPYdv(f1oc&wcL;M3jY`@~u9g(ic{sViV z{_EHqe2$bSK%KrDRw-`Jl&a&;DGf5u3Nf8dAnzv9y!k*>&o?RR(&(#<*lPxN%Tg|q*7 zbtwOj5(Vr({NLDr`9))%diB*cxbg25Bf$RWOup`tU(xtC^*hP_(@(A)hw*P8fB7g2 z%D;s#esE`hda)cwaC-k?w|~s&UWYjQ$NvInK5wz#C4WSz9RCj-m-kEYOxm9Ru2^}R zZU0Z5hWh^nlP`XBXMaWc&(81u(z;kK|6f}Z-oIM-`oF}tr+=L@aof1`Zw&T_o;B-D z@e^-Dk{o`}3gw z30nA~%$@y}t$*sAOlr=h|Fcm3gX_%r*In|%^^ZgPQ~4vkZ_KvtT>JOv=aByEO}_ZW zo&D7Q1v~QXpFRI;`=@w0`{NEn`(xqjF8LMNZ!iA^E8cmWtN&I({iBtb^^f?Kx8M6e z)_(=B_-AqT-!|au7QXJ1U)lPvgQgwh?5|NTMuaSUq1scbKSIF)^_U&XUJ?r~?1UF52Ho8{SZ$P@umP zfA-qJ?Kdt0|4mf$e;ykM zc>xxhLmo)Bcf`P94^-*cR*w4?uqj)D>@8df7{<*7h5%`bNzfl^LzjtC_ z_OY~&I39IksE3+&93%Z}2M){fM)Q*c<79l<=O5F3lHRMY#QFDO`?Hk&&wmKdt)jMQ z+Dh4fickNhPe$5*`@7P9EtX$@QmpQOsnY2!Hr2H9@4HRTzj~%O%s<&vUtH2$)<5ER zo`1>8$n+mmS3Z9PH_3QWn6RRJM>@81n}xuS%75P`K>mL(Ml7WCSA5EMq;X#r3>2Tg z6TUEvr)fe{kCobttzx6uC^*;{6`Wx|KjJS{NKh4KK-B(+6U!UA8(?56x-~S~p z=~v=MC2;%>;1frCD=y3zf4Ji}Tcq+|UAga=x~;GxF6oZd4v*&enfF8bTll(5zF*b< z-rxBAPh8S_uj|->&sOU-f_?b@A8|=P+;Gx$kpFs71X2C-4A?I= znDMW>#t!~XLkIJ+C8$r zO-%1!k#A4`z7YS~Moap;|ckH}T&(;2Dhe+s9vaVfp{m%{|}$R z`nS(j|3~quMj*ZQsz`o^9k?UFxTJEeXH9QbC(@i$UXloTMK9G zB?^45BFi)Vp7c~(|7Y_#<mftu&$^-h}AD^HzpIGugPM!WM{|qmG?RJU$_jHP`{XOmCyYEo7KmJoR|M99h z|DrqKAGFPXp4C9)d*EjE{s)vh$i1Z%9aQ*J|3~8=3qFfir{9i0J5!`vpB~-w*Q4W( zk5%EnL+N+FW=VgP_#<2*{hpQT_7~}fy!WX~u2Ay#&-@i_+f3$m$ z=YIK#a{b{Gi>Us88ppn+@b^7i2m;52>zh|B3FM$h*bVK(1e)(8c`+s{Jwg3C# z*b%h<5+95pkJ#FOZdc7SHYw!K@XI{Lw3cQ$0xo1$pS6cn_}j^UW59yXl0^D}3u(tc zjrK)o6A7REn=|q!aVsgB?*~NyF7$ukPnex za~`@#fa>~x{7zoZW*xuyq^kehOYMK~4O4F{S)KnoJ`2Z>ll%XI4)cF@{LRxx{-MIZ zA%*JyngAK^pqNdJ>@HwCEtN4$S~nDF(~I&8;9a{i-Ebm?C$pMO24)a}0}fgz7= z+Y@GgB}>l#oFe^eDfL76dX)I-kIMf4yQ&ch6U)KX?=6R8~FKHdCfw`msd* zL2|#AJfQp~){)~Mhxd>6{&!KcJ|9r|kJx|2{bvT7r?8;BPgVXiU4`NPGb`vA_RqNQ zOpT5akpGZBo_dt8zmAyyJu#g2t?V@CfBi#5eg^m1=6_pe8uPy!Ne|ZfU+!PlQyl5P z2=yOwP>USp_;;5^?f*A%?9(N({jaNTe?GO1Kek-S*ZU>2%p97_++BxVM3NsP02gNt z9_y=o|9vgluh)ClVFRy{`7ixwBHtkg))p;c7YX2z`_D0N4qQm!LcVaB=2rDT+<&L1 zWeR(*uS~xKKKJX%1Mo5bqhC~Y`3L^X?M~mS!uON?X8p4UA$(R}UH_f%-RG$Lf9MVR z7?Qhjo2vaA$=CmWD|E}R)gAD;Ur!#8{$Z;`{da1AaUJBgXLY{+BQ*Xk-XzBV>Eu6D z?^TEWjP|dAI{kM1N96OT`%YnZ*C1#4XRrUi+|j$E6(8g8U}qYC?Me#a>rvt_lk;y{ zYjyjJe247Q`Lq+N{GazA&42GU@ma&@(qC__)PIQ@-=6+1PvrioO8-epzxIxauSbbr zUHVb~A?wwD;7Y=ec>eC5LGPcB#j&G!{&%U{pQEa`Fr8}KZo8bcsjK|cKqk}1&sA~cKrOS z5}3z=&l;)o-;V#(psLruAl;Cg#?MVsmB01}5?R24uSbc0?Et|uaIw1mv!{RTlJVUB zU4;H$+nB(#_e}k>#?hs}(Ya#WAFcj>xM!`g{>QHWCWqpgZo${1#6Q|lJpVc2L+_B8 zFMi%qrT@J@(_Ur^K5G(P`j4y^*D(kE0~fMG!WFlx@V8L;bH8uuUyl}Fu0M0nROdf% zA$!kxpot299+f}81)nvIF8!BZCh}if6W#Oo!x!HAg$jT3CVFQ2z>@wb@t2|eMTx)q zf%n@``Hz_YymUQ1KR2w;CVVEIzgRPM`X^iz-v46$Gq7KjLrd3Zd_=p2^YJB*u2J>> zFLj}Iw6Ep;zXSfZZsGVD(*A{0|8K`X`PHlYRroshU(wIRXU)~=j}_nE{;l6{?eb)A2I$oBS7WN?9 z;_DJ0B?7X)E&cGT41db-qYOnR%MXw_{rap{wLdSuLC=4CX#9oeU+Kpf`h(}OnZo??`PwCkRG#q+OQ+KY;JRWLpR<9gsaLAvbzoVkv8u#bP=TKt!C|KYq! znm0SQE<0ngeEvI4UH;B^FI@jG%JmOeha*tU|KJCCi|+4wCzI<^lP?mFE3Ca z?-73co-yf1S)|sqf4@S& zhwx#45$gcq*I8Z`QU7mDjX$Z%f9}88(;+2BQZpy0 z@IN7Zc6OZ*K9lyefeUHJZ~B%je-8N2JLK^vRw&;;6!ZK)GoBUi6Zg|4zFq&^uQCtF zfB02~KV|q)7FU_=Gw@e5RNKGpzmV{?c=myuPhpz6{C^;t-w=Kd-I%}cm_zSfxE);h zl>~mW`~Z1s`I387{qKf#gg>xJ2w#`@&^x3Z|0Arw=pgt47ZT})YH z>Hp;#S^gZxzrcn3a9|6sO8<@M{deFDQ~#`;NI!5P?fBK{AGnaqr}SH;!tX)&?#(8? z{{MuZfA#sw=ii-_|L%MfpSAyQ(r<5n=DCOP^*<5sKe+$sV3!o8dBwPk>zUVml-sKO zN4xrVWLE#t#r>&J%3#M&n?LP$6+ZVL?deMIU;2shp1?Q#S7Lm@eMc96WcqLBzN3pj zHvKnq-_bgKkAQrKJXZdCZ&m)EOV5AWoD4tVeX~Pv5?3ZCe%o zU@CvX;dMj!tYdWfA1nSD>!&YL;UA;%w?4we*Q3P07yVx~?H}~tq50K(ZCbI{kRpU=MU(^KTYjyoE@F7RN^x0C5Z-4$D zqtW{p3%(vD{7+P{eBpTt|J{r{fcBgy9v-2s2Kyb80|FY%|T{ePj|LHaLvBljVm|Kcw6tiDOS|DE8a_P3xO^V~1)$D|)| zq#M#BhZewJjs0iC)$Je39q{A7{qSN{{kusgghCTvj}_lx{A*ADv^!t^hVUcCU)+DX zr>AB9i_)p`f5LsIv%gLM<=l6=i;l7Wg!@kS)3H-{fA(K5@%dLK=hKk?AHPdu{^ELU z%~L}Ey7XfXy+d-p+B`u2>5q%+{eP(KuS4(RSB%|p{rk;0zGlNeMEIWcln_3XezbuL zX~&=Vroh*7)#cBQf5E32$*TIVAEWx0Q8$FIM~UB5mVfviM>-+x_@@$gZs6t5w@L7Z z{<;5fPj5^5d#c-id-``_|Lu4&ZU!zS^oHXXUfh1KYX1F!;<*I=%ux@aZ=@g6&)myY?f*_{{{z1^V230=>!nUV_v_6A@ME3--`;F* z7heAC_K)k3|4H|Rx@==3IsfN?ztQG@Z2|gA>`N5%LjR$6$YwV`!}s4r=-<3+*pH{P}{}~-mzDs5L zB|hp8WW_;oXXqc}Kd12z@*RABt@WTwRsJ_q`q`Lx_PCsXWqs87|M-q@{8=gT`R8wS z{X@DT&(6wFj=x5c|3RJb5%ehWs~i7mxS^D1R({Zpw?B6OpJT70_5U9>WVe*a`R~5! z^xyK6cs_vsQUCp!>h>S$hCFA>b1$j#|3&V9V}d394)_~4hvQe5e&9k4iS^HZm8U=1 z*8ep;MD2e+dU=5${ivhdLH=P|e|SQ+7h0M+{bq{9jfXFG8TOxA+VH(w==sxvuSbcW zBJ00@Ms)b6U%q}KPrn`iRr25N8DL3&e|7$Izvet3|6i;I-(LSVpSkEWRsC}?z*)<=)aV zLWt_((qf|H1#n!8QTYY@M$(J=$VFw|!ctRj^9%9|XAdu$H_uyGRvO_$y>Dt!aan3%_B`)7W%61=6&DL6 zoW?ESLmlVM%T3?jY*DvT!{@wqnKnw}`CMF9GFY4A&8BQDy`Ut&j1nUq(9bEO3@FJi zB%PI%rImV17I;fCvI}zyyd~3cdazb%y@>qTd$Z@!N&0DNS$0`@Y1&jnXjibsqI7Z1 zMPzb8`Rx2c=SFg~Lv^}ZC_5+Y4yn1`ymNX%;Ss+u^&RKRET2`7pEJT+>@Cdo7UnFT69L{UJ(Ya1 zi>xj-uFlF0T`oPj+in8n$jdFz4Tl%xQ_&K6LPaey*_KkBV_cg>g@ZDXE|#edzk`wN zbbv?v#DeXb=$)NimcPI|rm&2vZn-xH`|!wQOW<{F>rrW2^WGiew& zssAN*|FjxoH=I9K-LyZe$QH5<}FR_Z6?1+UYb=R+E1ZxoRv3_%0Y7RZRj_a zbh|Q(O7pAEZ%cz#EHAd?-=(ERh3DYBJ->0@a=it+A*W0IQt1?LaY1&DSCQ^e{o={x zmr@#xYel+oR^GstZhRa1jTL*U(JWR`$NHN}7fqNs62vOIKF+`*RRp>OdUi`p+&_MmzB-h$jod3mMYGBIu{GCmL1 z@=CQ5Z(e~nr;NJ7lJcA~W3V(>qkeFKxRP{2Ju8i|=;B;4%)&2>Ye#rXb4v1y%Zf^< z7rmm2Ot%%o)J$zO9sDiKN`fzv}HqnSNJFlo@-uX0Kp@G^wGv`Gc zXX(gEqvF~uQZK()zIKA*3klfZ>sa`uz& ztMG3gOV8(%;@C$&%jb>Z>hyn9DiRL-hO}PUQ&5L>BN@E34r}o%J!j3W!+Mbnk_0Yf zySBIR{ZSF~Giw(R-(1r_wBG?A{-J@-x0Glz6Io6!{r=|!c8t%@ki376ELG^(Av?AS*2c~?foFCn+QT(5pHS%n?G2b2QK8EW;3R!^dHQo_mhhVKS|6p zXrt8WA9sy-_YQp6MKt!u4oGCLe?YiB#5&nv&xDBdrz{!E-w#KW|LOF8CP4lfw@Uvo zeh2)m%fs=v4j{Zvi7b8`&F^+eWN)5D?Lem_)|B+1^^es5tkklbRrrVQq8T9aPY8T% zv^xEE{BGnQ-in`cRn_=+3>d9kAMphF=W!GMGUUGlKKI+m1N6`J?jDqA_-pi#zecQ2 z?c^g~v~HEYHUj2pHmqp-E2Y1s{r&vv0JUR1>N0-+cxJ8(!u=~QZO$sX3BQmW$2Ye* z%j|CYg)A;;&W_VDaQ~43xRM4-8T4~wnjcEEzn^-X@cn7d`0hNyOEvM2)3Hv+NUwi3 z@uOoqzCHcV4ZLi>D*YE6p!U0G75Hb#Ams`8gk z>qB*G{*O_YKUMzo{K)*7%3WGQNFU$ht-sQgud?^#6Yqx*;O7gPEto9VBl<6=6tryux`(^od-_VFUxzj<#{{U`gF zu+Qlqr_O)a=S-Is>MK&4e`W&vzM-h^18F?Qk2jB}Uw80;{d_?|_rR4=BJc9vds{aB9*XCe|ed+lco=TE=|R4%J1uP71h?AH3M+ zJr(|*Eb9LVKathaIi3?f@L-P*GQ>yn06z2%`P=BF%J!$xMTAfG>0qBto2V{-u+Ikl z*PKLfO75YxR8Am zZIU|uu#b{13Hc|}IG@u0eKQ*O*G*t&trF$&wkhH~a3LFH9OL_=Bg+4Z*GX@L-*luL z|2g0{eS`Ew0rSl3C)oocx6G^Y+kBzp}qd|7qt^`qNDPYnkf$&+U^~ z^^g3os5_Qv$HuU8son)INnl#NvCKusNH=8unP0uEO26+1#@xTev29z#{#?JrN4Le`(-{z{2In#TW@{bAZANK_hvv zr>W9^>Gf2ul1zMUO7!Uu%Jl1seQHQIZidZEAGs=lK2$tH($Czy6hBeEuV1{LyR&t&errWxRaxRl3kuWk;$P z(-N6`;viPhco3U0kjfeD!(o#KvC4*nggr8M0*#FZF;AmG%-5B^KbLF`WDa63x*qp| ztasC|ZdLv_EG7M0_6KUyqDwz7|9;}f_2BkYum8~>wpI2&ZS$!7)wSe*4EXFkfzPt5 z$M2Ot^A1(|o9ZdLr8xra=B=wrS=FrxqMTtPQ%9nZ>dkn?{R zsMB9gcsu}~ZvgfGp1|rh67>@H0r@^*ZFD65{?=vnRrt%3DE+iQ&@b0V`5o~62gC7s z|I6oFu|Jb_Biv@mY!*-dIcRmnZ}|V-uU@lB)&GAvi}25-AIYFi7wN|_B;TK7?f?W7CcJrbFAUnf>U$M%q4l=_7VKTo6bH_XKMJK#S@>(j0HNPqFl(af)p z4(TCC$2uJ&-yz4h@Yh!9{}8Q@ad(bq`I!Hnq0aw&+x$21&q|~58`+1uqJZwxIFUU{ z<1c^x$nnRdJ4U^$!aqUytc!{7j}gB^BZ0q>?1TmzC9>R4Nb?OM@k{P{cS3E;`tZt4 zVtsht8p>Epa9t?UkF$`ihwRda?Rr^{MT&w zu9-DUzvr~7@#ic_J)y$?)~0`74e{BNRqOwnZO8sr;mku~nykQmf+& zRrr1G56Ab_5Z}K^*lBVqe>t04J*dLpX{&#(OKO&W&+@9%|ILw&-BtJ_ZTk1s5MO&& z@ODc7`i0NGt-`A%1XAc>1wF2J+w;?|o>+XR`hO zFgd*aad~Q%{@^fm`9ss1*5kcmD?avT{Ay2s4e24@jEC&k z@UrWz_}Qz(_~V8X;rPB9;ZP$?bos@E1${1K(Fed@ZMH{FQ(IvR{Qi<7=URtbcIj#+Lpm(97#$9^9$^&H8a~ zR~7yRZAAM6d|!-#5 ztzB-}X2nPQ(~A5v^N=m=^ZH`MPkLGCKk!0$`qAz{7N?w}9RJ5j{R7`MC${u^~uSozv*IR;p~C<41M!9n_`VqNG5*lL6ug0tdJoy~{*G5!@sa<%W%&cXt01=YU-qJ$H)$mmw)FpV zvrNB({-qk&-~D@@Z^g&+&%q4Q{y_h}81dn!5q5%+e&jpk*7ys4w&ElI&pRHD?<$Nf z{i~#(2>9s)KJ*TG=ed(>Tk)a)=XVSIPp%dHhc8C_tK~jTtcL(T(hYg+#V1=^@sa+` zUyA&nI9rTgT}82_|E>|D{qsDg9{(c$-+S!L<5qm+|AHQ({C_6>P5ENPZ&D`uO-=5T zMEaq3$lXn9Z?WRr_1~(ESpVrNjxGJs>VM!f`;_f}%kzZ(r_B`l^Tmk20R7J~_4ot& zzdydQa{l4YL8ANt-!(tB^rQcE(m%@IrsvP^Wz|2*-?ei79r(T&@$G)1obvz14*yKG z;v@fWl=Tnzu9Dc&pCRp(z)p}8{){_Mm8tMi|2?w&`C`P6w*1}j-HptO5B;P3-6YGO zt2DOsM_c~Z>&un(ALS4Dz8LYNEq_DCf6`Z#ew07pyUJoqf3)Rqy?4b&R(yN;1HLat ze5dkXObwxe4U75>2c zXicRB-*rW7=?A|5wW{&ot<(QJ75*=B{Y5DKHN@9ugy+9zq{^Is`RVOb2qcz8d0tZ1`w*Aou;cA#D7K@i(5o9+Cb@U3zTkkM{Yif9LCis`S^B?JxYJ z`eMYtUiN>13x%H~)PJNK?cb{(Ps&i?H<#ld;JcQ^mj3>S<@i(DDFr@oA=e+cV~7g> z{f|Ze5C5FL81d`$mG!Th^;dDbH}z5BkCo#O;JdDhE&Y8YzFy7xvmS>YRL(zlmGh6l z_r-`GvXl8t)#IPf#@AV_N`J=|V*CSq*YeoXkN1DorN7C-KQtBo`8IrC4e_g6e^-2O zyN6Zyb7c94e^A%ev8Df#S4H^`yrdp~qaHSSd|+7pNBeWX9RI*SmoG;AeR%&eSM0xY zs(;tKS=30C{xtdi6Zozbv85k=0`!sL&p${vDhmj2NDcU%2OzC&J@J7=FY{lI@%_W!{5#fU$B zt4P0I4gMK#ZyTz@uUsmg|1bVl&i}2BE&Z@l8~C#7_HWOaGsD&&q5k3hKk$7q;$!}| zy7&JrK091rmHw{NZRx)@w)CIG^WV*4e>B=(`}lwM=hI(S;r}f4e>vv=V#L2i;`@76 zJ^tSM#^2>C{N}nyKk!}G#g=~H2dlw<=c@w;RrrH!_`VwAYw1;|zwl(zJu3W@wEv5T zQ2MX0S^7QI;4fQ#?kFX`?Eiu9ixI!0Z2y8Is!so-r`?*Z!r!{ami{%dr5}FU{X@d> z(e6R6eR{`>D*Tt_`V07{@x_Rb@uz!!`122NA-`Ml+~+F%_oV)>miwPvYhz3Q?Q;E{ zdtUhX2e^qd3@&y(d0IKXecM&SErR{j2E*U7t-<^NL}{{<}gz8d0tYKPDNLI3EF zw|~0rcWe4X_D|&dKcvTXlREuL?~3x_pCi(V>)CRVe!HJuv0FEE6}xG`nl&k8f2NDg zKKcP0zAr}nr9P>Do1Y+i{y*E~n-U}a_lfIK{`%b@=HI~7b#rX#-@Z-U592S~2YScx zBX^c|NTL0gcKcV0<@+yO=Zg`)Y_-6*mrJA{_x-KI8)xzKcaiDG`lH`?|2N+B&*ECA zPJfGABu<+69{0_a^}=ske?%q~!b0m>1Cx0AE3!p73gOH5525zY0pDKFadY^I*1CxG zOVB&YKV(_GuMhF`r_1zX{QW4Of0|7GVX^-I7Ipdqt3>+!4~cmO;KNS`*8fBA;DPHp zrOp^h_OI&M^Pe5(c4O)??tjB-{~?EN#O)ht6O+h3Mp9^hwU3S~>3B|_*mtf?qVH3Z zLjGBObga`cTdK4GD@^rHAp_|}^E7EgpUk`(7PReWr9o1|0DG_gWG}ruzsyU9)C)?} za`KDkcuS`86N9yR*<^saWU4o(gv`pydumt2wHjJbU^9VRIw_CadG*@up<2ujXBQNh z#_FYE+tRF}ysR?%p|Figm#FV6jikbSeWI}HzQ{zAhSV+QSB3p|{LnD4O(wZ>(#Y0) zLD`(N1-;TTj8DVocys2G?ODSzf7Vp8r%YzH#rvlkZ>W#>*SA&&** z79h7Ml1jR1dAV3zoka$C#pNQo@^t7XHdC;XzY1eeQbcyCy}1*;3prb_g@G_dYq2&? zx3cU--{xe-I3E1voClL8FlL6CfDa+x1ZOea7ZV8IsV2xZbWaEemV&k#d3$iDb zQyCpzkX>5Jy%iLi86ng#(9DKQ>FTT^etA|7t`~~n--O=>d9VD9sf9S#crqTJvzQnD zsf($$%qunt$U8%P@ZaZz!;3>avhi zwrB)-oY2nhkuxW|klZqG1Jv4OR~VM2yA^uN(kPA^F<2wR`(!P-yts@iqGnu6hec$O zn(n|&Ra;#)P$}T|48J242D?@6Nc;P}4MzvX**SB)xx(K;grRLi6``}S8t0B{G-e+6 zR^iQsG3!!Gae#&BkTrO6N@840mfeMYbm{B?=R-HK6$gB8`JGuD*j4JhNXsrSD=M2; zoYhY=+^iV?487-((R#|1uBlYB$l*qgH_f|%95-|wtc8BlU;HNQa?95P!hcD2!k5<) zhQg8MWLG?U_Pp%0iACoX&h;+#=8mThrX;(dbg(wTTUweu+Z%3qT%H`PjVj2VU21ex z1GOuWI3lqFfU0TZ}@Y=&NvRnO*3u z8V%1G?Je|{Ys1oL7cX|uMzQ@q z;WSjgv(RXAUZGK%i)m=%%@vM<=9}3fio~EngG}Ej<<=i$k$0SsN%ydC#I4YMgnfk{ znKUqlv`UOGAusKAWP6?DIeBa)3oyoKYOk_dov#4Z%?Ps zJi_l@@m;+ck3m|l0~@bgin~Yt2d|K&Bz;m`E03YG zlxgC7|E%7ON2d_do4nwihTZ}dzthf^`g=*}Z*6J#bHu7FvI|9a^8MX98*y!a#&j)_ zY&v%~;_LD_K*v0`?8=z?tYqds*2##`@;mkF?}aLUy>FIxxI@fO+WEnbfBFxd7>}^$ zU-@$<#v|bnbRIjQSnP$Eb>=>Pdu0UjQVTZ37kpKi5{|l z=|9rVh+)o03^v84X+@XYjl%8W}_B5itjqFs>vFDMVM*N_J?8vnyJJwJ1G@|yUs2|#+ zbUj6-1@1Uj8 zF-50f=hx`I!1XGAE2aLl*F^af{LK8tJV52-G{z&I`zxo=F~tpJ_mta()af&iKC*wx z?ZRpFnMbE!=NDI}(yQXvZiCPt8!GHeIO#9*fnJP9=r2g0d4&G-2YWFdL;BlH`lIL+ z?EK!lx#V>fzc&|(I|NsX_uu2mPN21a`|fJ8uQ@e=1$K8gBJ5UYeogh4qIWNq4bm4o zNQ$Facy-PCw{4Hy`@M?a(KuQD7K--+A5#Bmo#)|pB!kpG7Y}G)#5c*VEzi#Y9rM_q zSEi-(qkavH2>w3$jz_0p*Wa0Qe%z(vcUZR1{yAd)jQbg}*5CVS0*$w4=)d|?{l;f5 z7s=zm$$E^(J0GR;muFrdEx)gZoN=>?--=wJzrbap|G0WV?J)h7K1cd{E1ujMk2K;9 zbnG8O{T&_i*o^E#^Y1JQhz8`eUBcNwKH1VMXHDoqamv@!24i$K{D39Y@Qr!-pH6R`JW;E$*PbE9$S{ zXSOeEsG)ZEq4qcTbR&W<%OidiC(UL|zaf!%=rfOp{iM%nNvwiC^XL@p`b+Zv^tp=P zAm5 zlZ+TGzjo*Td4`JL#4R#^7l{6Y`(d%xUq1~&_&lxtH2Eo@$opgNkA*!$2JtDvFN^!x z=8Q-9XQ`miJURut{?45`cD&hMq6kFQYitN6v;C;0hCiT1^b zpC`LH*-JM09jDJcf}cK%>JP=5^1JVcOy&5V`wh8DT1GmKJy5ES}xUZiZ$i8K5qLnDt_EQ4iACq^hbVj z+!Vo&`^n)E{J5VS9&5^PVVhesRQx`X`5UZ8e}2*pkKmW?C2l;@u#dOj0s72iP5Jrv zT=$`h-(QV|{`8Eh^Y=K_O&-BdpGWn9BKWaF(jUc|@|&`w&p#@D*&{{&;ol>kKScdC z#|PXFy}udxeL9=U8^yFSG#(g8&zl=bpAiWaX&^p zf*9z5R?iDt_6LpH{n+@tS;-1HZsGQy7on zmwtE(;}QJ)^qEKS%cN_0bP9HUkNoNGtK#?TY}vky6ze9qAE|g|`tix7r3yTsJV(Yd z9-Gtn**HE-#}s|^Fv^cB4vu9!CifP{{zGFKk50kP@3)sv%vbT7N&c^R@O&=nui$6q z?>^$kpFb*d#~Bgxh!{IU+;)lbDwm;BflRr6zW z35z25RnTW1!A~m~$9M$45rnP zv&cVJZ}JgF5qv#8={t()R6qQ5y{{Mf6{F}B?EJdrwXCb+*P)Z-_pR6;l5ad;n)8zv z%n^Ke8ROx-rs2n1no-%H`55u-KmW9@AO3x`{BFPJkaB#`$Rqj97WJ3=|FX6(71aNF zPLN-hza|**6g^r7$I$aH9rLLDMC}RrpUU))HzI#t=JS6+I_A+S*!5TWbfXtk`dhzH zj$ghK?emV$`1840f1l!hF@}@hhxucTcq_Hn{)=fot8AAA$aU>K}d_Ex(&K zW;Rsu+i;W6A3G}M54fK$tN!@&n!6s&58OQ5h~(;&`Dwl_la6^r|K_33JaYdXo<9 z`plzKu{ZM;mea`BeUBey{kA z(MEL96mHt~iUR_X7wF0%h^EY=qbe&+ld{Ga&m zAH#V3h3coLX%Y)OIL3$-Cq;c_TS!+FyIn88-%Q_AbP9HU$Lhb9tm2m_-w$ey<^Hq3 z!pmPVwRgduG{4sUY$F=;z2q;evfJ54yphTye?J$XV;*OJMEtU-y`<}TbP9HU1!dW- zRQ$TF6Zz{tCF)1A!Ozs+G-_h`d~L<5!A5*xNO=2p*mm6VJn?<{>cKR>K`$R1f}Nj! z#>jmtes7(U^>>Zn_p`13Ze2q9qxsz8okNZ2=lUE^^Yw2JHR5hwpXqy@j(JR@@gF~C z|D*4DbO?5SKfQ8gdlkQVmEs24X`=rMR^v8)d9rS``EB7INMDS#K`13yhTSEavS9~XDJZ zqCfLL-;wc%_m`E=b!0rEf79q%9-RVsK_0wgz@;jF+t!IY_z#QnC-|A~_tE|qKirA& zi1BieKJ$q2vj34zjK?4!f6?;*>PxizKEEKLiHhH^hko&-HXC#v}N-KJ3VN1iy6p%wtXYbct2KJ$qBQc0hAM12X+XC9pb^aeTjz)R~@`s*m$KTmy8f4QGCYyHLZMDc9{ z8ISNcrrk1-@d&?Tfpr5JkMKXH(|0^N1@MB*-8XTair}2mSV(v z>4wI7lIr`U|@ug1swFQyogw=ev9-}5O(jF#V?-=Ar#%HIJ`iaU6Qi~PNJ2iKq3 zK5y$vcz=+8`*|&l_@|fn5k4zwVMIK?RTi{hJWd%|v+>KO&mW$w;-?=I{4}}mX^o*j zb9^pp5C1+|{S7~J%^xa$wen>9GDhgn&aZD1f#-XqHsdiP zRUBtNTAT4`=f9uQ!+C34Ycn350?Hk}Z`$`5f4*#v^{3e1wRN;?pLdG&Id*;{sEBhs zgc(DrtkU=d$H@=Tv8BI#dJFY;mh~vWw@dJY%xExfsY-v^58{{paccc7JU1NQuCHq- zKi%0$A-;pCSQ_(%hibD*icSH%AX^MP{D_KQL59rVNrK--qx_lkFGJ3v`a$bOwD;>9 z@vxtcha`vicxC>l@2<~yd}EH_=i61E@#qx53-Zpcxytt0*gr@&3CMkm{C?Kw4{~P^ z*55A~5uV>?&j>&6MEQ%n=Q3J;A8cCJQKdgUMd;5zS?KQ&)lX~t!sjRX^I71_L?iO? z70q(AD*8Ge;kqW z5^;(i$`D>Z+_PxTh2jcok3Bime$!_jjqxgt{{lH8MytPVgXSpLH}U<6Jh^-Hd;GW7!^X}$2tc1BEjj@DDsvHy>DM*L~5_`aC6XFRfL;`_|{^gK+_DS#K` ztM}fad_Rc!d;i~Je(mVy@cjL^^Y?L$`F0!H8kk+2JuAN;zbrp&$BWqEVcB-W_uBBC zftJg~wj1$<^)|NsSgKz-@9}6U6$kwce0Bd>gRc+ww5Mlzx&PgFFueWX z^WRt>?%LmtS=WcBf61J}$0=7#C4Q}N;fZ^NeXDfN zZ+jyaTq^c`>+g$pPSgrUH9>?Rwe+>RTtoG5E&|NPaW|HUcDHm(2s7xUjDR`zf%G0{bU! z?ak{cel31${SUpN{AK@sW+K<0YlzSv%3r;QYBB$MvmN(*sMg;FJHqw%+;ZfvSQia! zJkO=q?#3#Ls?T5WySw3M9aa2#@cl7&oBY_G|AwExRyXG2FKZkE^anY$&*S4%`Fno_ zGRq`|2m#f!_^5;1m&JX3!w~4sj=gbd!gS@`{ z<4!95ji>o3_q`@RUHWN7y9XJo{wjWH#CUWH;03vALeG0u{4ODWehWWM`f&v>$XNMl zDU`nyodS44K3DPCWh#C>W>NpK$<$vUN`BiaMgBUKKYy*pj7O)S$uA(|H&1zSonFQA6n=Q(yl+)Eo3dlyiDl6vVQQfY4Esn{-Rz$?k?3<5x=JP`tj?* zT1;OU$Hr|H_6gaiqW+>~faL4ic|iN(?mLxm9to^pHjR%nXnvf= zF~Oclot>RIz6HNiho--*;y1p191ARsV~ysD@u&MUwf-7?N6%*zRQx;^e)p}Uez#rh z{PwxB%T)aG8&JOKCcognA0_#`ZqexprMu4&C;*aW!8Xvh5XG^vXJ;i^dG}$ z|Bh#yc^^%#14F%qyu4fOu<_qGIeu~KKRg>p(SD>+R!U)?TgoG}fA4QO+@1JEjPLpS zv_Sv5^zKuvf2eAGTISKQ4DYk}+O*6c#)jT!@wI6lI>!4fzBbKud~6se>w%r$9YeP? zQ1RpI(>w#}vcQI_`SG=B{tR=y7hjvEjR{|$mQKgu$JeF>>DVbiZ;*Q$P2>G<=z$pH zmm7!IW`Uh?ERogL`Mvo1DjqV8|5T=iit@i|>wG7c-+w)!C zE+oJUvgMmAeJXyreQGoJ|KeB@tEKZFJMjY__&J0GU-yJ?p4IU~y@2c!cVA=T7g0a9 zCD8cg#iWpZJac&?UztY;Z-zJ3gW&Z%Z;ry6Kmt0Qvvm)%LU3FS* z=6T($zd;9nUn~o+zk@Ci&wHNlM7s{0#0k_s_ow%%qldG~zQb`kLPBql*>k#Qll~(5 zx3Bp6xqWf$i&~=p)xQ+_L(c@s`SF1M;{#e(8Kjr>f71H8An{?O5I@Nu=aR;0KjAb(8u_9gud!u&kyhqi^ePd-!Stx;K1*@*TeJI^MJUI`;b^y1h_~0(Wlw; ze)Ue;4|>N)oQ{ylSICRXmRzjL-?p^BH*g@1wapay>p7s#U%oDp2jp)_Cgo>QBI~t@ z`Z1cneRDG9H_iJc+)wA}xqNew@|}*I0(e2*y7a4J6+eAF>F>ulHsLd2-hXZSf!G3HTmM7hIv9$(Q%4dde*q5L6# zkJ9{5@N|0jcwDxx-GvlvsMynbwK)1iI)~D5CwNu@bG<_A<@%q^X3-FyAN%OIf{yV% z(Df>$S6)i;lt1 zN5|=O>=ck*$Pu@^$m>T$`!ec!>faLMS@)Yn`3oLY=PzG(#RJM;%T6?GoSMiEXORBJ zCNjP*QKNN<7(ZYgVzm7F_ZmGx#qa27%E|gBKmAa2{F*#Xee)Q4uSGmP(*?gEz2B%Q zzjv2EvPs47?FE!VS3FCWc8s-e)clfZUY-Z&4|YNL`*B`R`MN4TpEi=JEPtQC*Ol;f zs7?X-igK9xSC@;3U&Q>{jGO7cpC_@i-jeODWV&fi zb{uss4gtI%-@mQKEg?s@8wG&h8KzFY~ou8XaRi%GZ7c=r~AC z9?x(7e6F9FiYkvofZiaFc3IO#mA|PSsNFx1#9*J?eMHS~gsuF!W&Ud8#kv^KK>oU4 z?aO#{3eX$m7aJG!Q0edK*Qx)o@C!!CZ!yZBgZ}ih`myvK(evAWG%iWS?*@AR=l|N& zpZ;BR`h#By`#2u@J3go%^~cWqkgt%hO!qyb%HJFL`s;%xKkfVI_}zV#9A8Ph^TB1IM(@Vc`!P?Fv;L5;kc(QbE?4Dm^9<@o_cvjyWqD`E)cjVH zB6wTVMJi;`bs~TD0^!$Co@Q?~q4t#CJMi|82b{M{=nZmf&!inH{Z)QX>HXf){#D7( zoWHNG{j2z>9&>*zJ8e5TItDMu-EW+Fm-t1DukL!6#!0DUKjwZ}-hUAKqbD*WKzcfg zV~h{ne^CG5C4qS;3*C8%?9^O3Zj#8(Z$`2~61$d6_qd0f>6W((3Gjk^_|~5TD*Zk5 z1hvn748WVHCEstJcLx7>c~Sn^7aoYs<@u z%ga(V!vc2K5FeWr>{O}{r9}l)^wXwf4j)sPSClGjG?N);!?bh6^~Tw*L?QIU;f8Yn zs(0S(dBCggd$9)8+BDzz#^rSz)~?;ErOp3G-3n?qZ%kske17!*CfZ-j|3K>W{K$jb z_|Moj**^qNiuo9MI^+)q=ka@d4~c#Y$Je~Q^0TD)_*RSV5d9A3r#`3kh5E3#5I^_t z(eX=tMfS%we!Jwj3jQ)^x*)2s^l4w6hU7nm+4NUu5{-{f(d2^+LCFutkbE3sokznw zK;Zsl=D#XAv`#bq0kW+@$5^N7r{fAbwg>x}&+2}jLj8Y|eSYtU$Ecq?hxRtm_$Yz? z&>xS=qI{?Ek@gDh%L#O1spF`>>`MDy=~&<1iSd1%!4b5Msvgpbz(lc-X7BB2~El;;~##LkDqWI-ronmq5F{j*8VK=OZ!8ezuayu4{qZ> zW1Zyuif4Fu`TOH)Ic|~XF;5|X781|{PV8(`d;{sPRkAIAZzcO~fzffSTZWil2{`cU zwnN;>EpNC1{N%bo;AnE5%OlU*^D%Ut{GdsBYW|^9oL@zb;E}aTtbgzyCY@x6xkY}d z=TEi%9ch_+Hn`7ca>kpY+Pe>y( zBS7-?hdj8A|1>2-4M(t`4%f*cozJP&NoS7vzF2MHzKtN zUXX)Fow3te{;)o>%j9_GzQ9}`>6iQn-UyI(ezQK3`db=a{-!@J&b!YN>y0CsiTi>V zN=nuRg z?flNKCHhIbUp71M>iFUNr9ZT2XXS_Y_vy4hQMd35M#-<8t)GP+n#=Rx4SakLiGCUR zo4MzO{XBp7%JDPuclT@>Ki_Va552Zpe^|fnmH^!)5BvIh@D56UbHE2L$aMKZld^K@ z#zJfP!}xFXa^ja#C$zp^i;Iq*wlch&0r%N+WWJvi@0*|}d=F{o*Lw2!M^yaQ#nU>+ zdM3ZXzvP$lNjUFl`R!=9w)o{yT+`aags(E7em>%^AFTY4zo(Ny6TPun z{#Z(M{G8gC1#(^iyrbo}(zW=IieIazsC})S63SnHl>9!b8{UpUfA{}Tv+|dE{m#yu z-*H>{+eP))<2K8myKZ#)yZqR{D}NrDpiC(z?8<6q)!*r>#r(^NMCu`?nB(W51HTot ze~|~b@t?6Bo28x(gztaqv`d_44~lggPWfxEH%~6|)#ChIcZ%O*{xo41jqfe|^m=Oj z+4;5BL_G+~c23e}efo;`h}Dfx)8!8|DKFE9DC@^GZeMV!sXwiLbo_RHBI{{V`25St z27(`3CElAm=?}ahhn{#~pf!I{e_cQFb$W3j|HOeP`L(I1t{)G*Eb_;bFWN;Xe#l?6 zfBCl+WT>7$eAGU>rA@r7{_CtPi7N~_W1*P1Aq6fE+e`ATFUZw{9aK%9w2_~ zd{cj{VRZbO$o>Q4DDc}R*FEDr^n~vrQT`zRsQu1;Tz{@ykuUkOf72*`1H=!(A0@vd z2W0(yM$D7q_a|ii4a)P-559-=$PbxP9(m}aW!CbC_GJg7`f-8D&+Ss{kNaKX!EO9! z?7$b2pRIjqf19W`)wM5OoVUj zsk(gzZ|JXHPRRz&Z;q|}`G}vJ_Lql3)9Cp9*X3`}FCYBH`RO)(e&QEAWY!OVl>8F^ zl;up;C#3HIIWOp!^#gjs_mF6pHF=`+p^^Kn`HTK{1>gTP%;e{87M=c__$~4Y-u}H+ z&kun&@^{k5UcSGwmEWen&SW3dz0uqs9dzKw_aF1%HvTi_v_3rZAzA*anP2N7@1se1 z>YhH$IKK+X?;_d1eX7y>X}@Luuen-(c7AAwSqourLc*}Y^8G6MU+4+nLsG957V@6= zmh<=LF5CN6&pULPCoW{)Kx+{lze@R@%|1Rok{JGcE_%f`q& zg8Y>!H2D#7@wr1E=K4D<>j(6gN&NIP>V)|DB|qp5($3GR{@T}#Lq8@n@d>;j*@8cP zs{H+c)^GT?G+`6Y65}@aY3lkhLGG({i`z52ht}$a=kM@WMgFo^#B-8U{-(?Opq{+) z=ge!Z{JgS#xsvK{ATN$(|0bUo9r$H05Sj!(%wq&T53e5qIj@iNPW-@2lRO(O>-CbA z-zAdY#p~#T*(N{zbhZBM{1W9lA(mD(Kd1b)>u-JE3l>=UL4P+qL1mu!{eD28{ zv*!%8{CiPbk-u?yT{DD>? z&PU5{Rl!qPDt;S2rTNJRO#KC;K0kj2<07TVU$X-61;tWo!}p(>I2XU+nzcl80TO+(ACnxcnMb z`8$;u$K1Nb{*mN|5(5eQOu)0&50(9>>g+Uu7v#0~{BWO&U!Cvi{hNiK-cemYV&zwz zou+iDP)*8>-}MihU&Hf9KDY6`+{|CClRAIbUL&4ypg(&)N*LDu9Z~-LF46uujSs*J za_NaoZl5k<{lWesn%}+JiB^-FBLEd1PE|DFD> zd`FJEdW!ov@q^wVzZ;at?bC(o2lRI^hx(5P&GCKEf!~O`!|QL;F9i=)C;a{I+q=bi z&vjMjubYVgc}-Gl{p!bB@%6D0`fE3c?59}xY2BmahyKm;OZf9gwB--{Q2t)Or+*jDuhLfj znlz>INA~j&0#WjN>0O~GyZ%nR5Plx|!Tlj|9&+Ee0sej~VtiWb71E!@zMm&m=nwra zq&djdx{vbL!p~nreonkxCun@Gu#-4lW;DisAD(C&RzEQQoBadLZxBBOcUo-q z!+lT9#(&^7Py%0e;A_J^1bATl9Cw`ftu^@t9r&%0_9fl&1{eqEH5@-9Um+(peX6A@ zf6KizKTbxA*1-OyZ1+(wAnpA0PBd54o$Nr6^poWI>q$*A=B2eBNrwGPo#gHOxsIeg zc;typDOZ29rzi0XwSSZ3`2GyiAG_JqpO&u9Upqgve}N~e&R^uCogefDx#7TFuUYw_ ze|!5gdVaI;3q;B9k~Xsc7!%$;AC-3h+*`%E&uIJKxq(|xs^$+?Wl;OF&eWf$S9JRO zN%ph4KfM1%xy1O-iJvAFitpEb)8JRD{_uYP@eZ_ib-l@t^;Yw9uMlO(E$?gZ$K+`? z=SHd5YSy2UR>DHoSC@RKdjD3MLRa2z^7A|JyH^h%zcgqo=TB|x!+!UKpLcryhJF|F z+Ce?nbNywk7yTpVcN^Y8{2nyQ)g#w}A_-T1}bMXV1)`43YT9cc0d_}x1* zsUhb#-Nvu@N$Ni~oBV=N@^cy=JSXS1Fm7<-moE8%XQy!w-C!+$c)ncr8a@A7`00J4 z(;uEAgP)4`9mC=m+0Jf*1JzJ?kbuehIaIXkQk7O5>M@O#Ny7qT?5O{*d_y zTsuG1Pkaw)=XckZ_x7sz9o9*ITTFg|DEXlsK{*3%wEUnq$nLH7h3!wq`un!DKGwh4 z?0-D{qtjn#94gltfZwAxi2CR0D(XkH`txW>YGjvt=GYpOq# zOUN}}wlvn)>9+dY>qjbo7JmLH`8m~JJRgBK@(=oj1TV;4oogBOW0j4cUW?|}9yRsn z9vGee{w+UE5(U4pe}DcK&tIR7->@;%{yk>$3p((dwl92s_pIl_pM#*6bh&P#y7mve zAe-L##QB_`-^OnS^&jpElb=3Ft-mW`>^}mjvGpJQHV%4~^Q*A&J4pS9{9ked8}`ZMqK%I8$=OWkFZ zzfYR_^9+toe`uePkH8JJ&yt^0`v+c-fdS>rIzC1F+?U#C?NPIRW@ksoue$a**dx03 z8T?1TKKcTy{xCj$>2n&PJ!bOrN6GJ!KV(1gMR@*pk@ebhP>k=R&EF~eyBAvdVSMl| z^&jr1&HQzr6P^Chf7CR8!5gytv<$}i?X}h4t<*m27Jk7f`8m~J^dI1j@`dsVsmTxc zeq@jMu;&lxZ{I=E-!rEE^mC)rAI4YU0o-Wo2lNKn;nUj2`q-dNfB&QLpKjr&4T+B5 zf2BY0+wnn$vA+GVjh{~ao4(D|U%-LiP5*KKhWrJ;r{Bu!!ONfP?(pZMjaO0o@}yaR zJ#MxB{%j=D;FcLV-!>14{PoNE-Rk;Zlsm}Bd*ts{)!*M}{SbSR)+g2#&xLHLnqS^^ z;z<$wy32hs{w?9_4;Fqe((m6}_4|G34f4-{eZuw+Vtwb^9cljRWix;M4*VXptzX0b z1^fEW70*b1GsL_C^aK4urpphSlvi!IKWu;5OgVpl;hpq;f%5l3xxUUlOszjVzijy& zskaG#KRpZkf8}#~7Z9>Z=ne9lPu=O({KfORcAVzFEaflgz^_%ln2~Tx9H;f|=gIzq zonE#6GN6$`j&!YK8T9+ZLy#DjgGq&SSSB8JzSf@FQ zk>>SS$ARC22c#xHAb%g2wq^*|-|e>cWjgui(O->Ymv0gEH!wo2KklE02e3N;fqRZ@cl_z1eMbJ_dq_=w zfSfsM(`qX}=&vRDVPOMJ{kcc~JN=7x&JHO`Aex1F2Ir^;7pZ{dl`}3eT$i&f``1-X7{XI(h(|4Hq z3rK#@8>F2d^agz`Sw`*i2vcthyyEy2o%dW4sXvrINd2)^ORVJ&>x;i0O7(ZAsXx!y z==Ar_HmRpG!^c3|U$s?Gw$B(}HQh?}cbCbJjf;-oBCKEg zA>2Ml^S{IE4f0RY2?^*8{2niS%h>;c3sC-2xPJhPe=UEM{Qm3q&wuaNeE&=~F;P;CBY)FRL{5r%#AZe?Q4_GWOBpzW45t z@87DiPlNIYnZcT0XRW_;Hi`Yye~|wC0aJh4#OV07d_w3cFhyJse)j!G$VYq+3BBPs z*!_5O&M!meFYHI`A^)HO(jP(~N`9APe6={deQ6UX^yiW1lW}941V6}yrQKI?ewnuN z*L*kq@I5nsJ(Hr--=!bOcEtAna_A+3pFTm%YdP^7DEX#Kd803d_aCk1NPcdazu)ow zs~?#BSY~wmZn;YE(~`sOv(Av?KlZg)KMDQV)EBbzi|_ZmePava7tz1P-$eb}hqOQM zQ!&2xOMd9rAa`CEKE7W|>u~}Nl3C?P)PG$}{;#PY3sOIpDc8A=Y)s?cp^1i{GL62s z2j~y-_DS!C&Hw50`B(p)#s|a?!97{6KRdsAa-Bi2X(^)?AQXc0W%-lsAL?i50{H>; z2Ku|=&I#E(e;3)xUk3R<4D2!a1*7CQuchFjC4{fZ|A4U6Oc_`=(UaW z(HU)PH31(`9=ha+5JgyZ$OlB@f&Fs5Z-GyCeN}I`M=4AP-NwB9rqAr9;+_ z)2RHpE&Q~p(dF;?a{fwV;rd%A_n!y%RsH+{UXXjYzpitBtEB#>%ksCdHu3w|)L$S< zeucY){@8cnE@HK<@Y~Jb&ZlJ|47l zAh2CNm*DvWc5Bk_x(TS-UB|0 zYJdMf5J+f3L@6TbNRtx60)j}S(3oTf-E+~3mOX+yy{x8qfxH~ z+g&^MsMt~0js=Wj!Tx(bbI!A6m`yfb{`dPoc|AFEroQ)c>YO=qW06m-svB8?p4<& zmoI$2+I|Ak-&a{`=Lx!gi>2Y)=_>!mn(u|FyHm%X9>@4?q30D#SH8H{k6)U%0N>Bu z?fcx*=A+zwDJRYsp5<*nH(wdwLw0??;u!P%jrDK3@2Aji^gkT4ejhLUJuUM;7qp1; zStn-3x9=KL4lGC=fAFshQrElfWRk~j^;^4J-x(q4FXSp;-UXlfIuXCo4Ee4!@yL3N z*Jb-f8E)E#+v#&X{c|4P-rLK5M}7~!eof={3!GFx`$Z?|esErw_T&0=_S8~8=FZ^;M{i)fR@%^{yFHvIXU-r`N)_u~xvdwpn*gohX-+52si)6_6PtJqn>ObJT zY}Q=ee}&lbbS$^&kH2cAGrl-%(jWUL7vcF#I4S+vfz0f8%N;r&M5oLEr{YoN!V;SR zd>`JLP{h#LfmKD_P6ds@H{n1Qw0R5elZ*ayRL=9gn^Zv}84bi^;K1)q9 z_6rnx+i#M~exuDi)R6(H@2BwjG|TO=1b6wC3DeJcg6V(Z{Wp1+ z(Qfo-zO~qSKOi?^j*sZ}^V%a&e{^W3?lb)xu{3=5x%xLkuJ=5YaqjXt9iMIXA7uO~ zM=q}v`jD3+NJidy=u6l<~+XmnNt_Y&G>!n zgpXS%^D%yJyAAc*u0;B?=4HmmaYC`jQ~QU;n*Oy&jb6{|r_w1^V^+`~J#w5gzLWcn zH1|gjWr6SMeYjdhGvuqwev!v@y`0W|0dqx`fA3y>;T6gDJIa)Q;e#>%P_aykr(Ixv zX7;O#&)TW$m2`Yzb3OXMoc^#gKGCdJpBTQau%Bv?;8VqWhR-(VNyq0mAoQmPyQF-7 z@D0P)^+=R2zb4XOBtyP*>CbQajqKI6fB%j7mi`OReUZX9+2r51k$=O#CHU-{TsGCJWcF3)7X#gtH{?FpLlrU zZpB*Y9lvhA%Vy~M*FFC9OjB-$Pty69_Hpxdck#Xd`Gnt-%NNf7mvaWjN9?;-+V%W z6MU-Vf5S&R(SN*OhwHqaFT4!<#X2UQFGLIQ;z`4^ryV4PSC z;TnW1@f=vjkNGzY$A|BS@icMYo&NrH!g1TZ?6>`Cq`!6v``M-c8~eHW0+Bf><0qN^ z8b5>d*FM1)`#<74>d7Zk#y64gQ^c>eUxF_j`oFQ?s1`S+ydO%wUnTt|@mY)iH++^! ziS(xpUM9~!_FLvEpZiMr*CAoQ=zqyKGOX_(EK?7qEC0wv|M&Y3aNchWyZ8=}^tXS4 zFHrX1*)LN*<`4RVBA1RA`<-X_=9uRnJ7oOTe!21bLzQR7x766lJ^%PtbKg$;v3+8q zGw#u@^jF>d^ATSCryu_b`yJRU&KJp$?_|SgpPTyqkM~W#Omuwh{rBXepZEUFMP7Vo zSq)X>r`B;kyCO6D{kMFyEB%W)+RprDaRZz28|B#;AE6q>`C=LJeYivCgRn~NzpCW> z0ngSx{*UR7`Qy_APAm4RKVHQ6(^$tu{s=G0%zk^ieQ;IT#J#=vJ^^3kfCQhl^#6wM zou|%>dhz`VzQBPAzUcpmkNJY>?T6u)IPXV2Xv!D%@9upU(qDr_`V0IcGyBao`PV(Z z^W(0%UCsWXCIoQ#J`-j-?EU$p-zVFT^Luw}g7Pn`kvede8UM1(oA1D_sr@e}7{2fo zsr{2I7ukMh{&e9fa#?1>$(v(mCG)ZVJ$41`m&6yzkZ-Cf=iKw7yZPMlNKV?1eD8fY z_3UImKL7o07Sdm*MEle}#oK--xxRn2hW(_2Q~QVbU5kKOpU!^dq~EbozZqWb=Qm)# zK<5Ns%<%Cz`e$!OGQc10QHTW@j}t3vp&~WS)%+seeh!qkP*H@h!Fv_bo~}l?3SqY+ zH`C`=4}VrD_RGCam#gewE0Xz}-b;+n37_h1ztdgsU%JOZ@cKjfT_iIupTCFO>2p2( zhyVFrO8oNq(Z?%se{MHdeY)!BD%NS(xj?};_a?D-Mx zH~#!#Ta)Ww+V9kBaNYKar`*vre4|}_A@-mCm74x8GU<}#4zEvs`ix)N@4CPXPXALk*ulz9(??=Uw@`qZU8ecqK_>%KS z2l?*D#2giVrMU|Hr@8tOU5N5MklgC#s`9bsYFh;7ospxe5UxVl?JTo`{uOnlFJ18cion(!b&e@-BZg0x#)<4)$Nw>2=^uXQ`zL{KxBjaE zRY>z48>uB`ULN}lZ9n!~(O=R^|6tqv?&j$7m-3_0;jrVB#_DV&G;2)b_&7lMj&cO= zi;hRqj=^`kM2gp2N=~16H=ge|Yw!Ag&q(lD^I9mmeq;Rc_wf4F+nTHJr_I${b2N|t zOT-_-9~ho$gsTwd`>OU=*#G0^&b;HoTZM2G+uhDGD|o&4$4^Y@A7cJ^W(`2Ezy37q~Uwr6o|I@-Fy!1e*cos{kfj;XAX;d-OZ9^{IW|M9G{#& z*#5f+^+)uZmht24v%Kx+=6jUo@Gq(D=R-~Z0r_a3_yx>@&-j+{&+`v?$BS<=#zzDW zN!Ty;U-B(u`|1FlKhp8huFOB}ih6HJ=41P%?D9;{*l)M?)fd9osZrd15yQuJ6@7R4G8pYDxqoB3 z#h;IM5ZY09uGa0GyyIc1Q8}vrX!vLHEVN#tUCA}859zg1+RyIqBOcKO@%w3x8fDrq z_Icj+8|7-hupJO_joXoQJtn)RW`*?}p)&Nlv8Y3Ao*yQ{A8f3zR{ z8AT7CnruJTA9r*|`@VZ4b*^dON7C?}>uTS}pA%K2_HQuX1n#W8eZS27&Y8yVJ>l7G zNq=t}`!zjZkFRTaNCOoa(_Ecx-j}e~dfV@8lf-F1_5-<}AB{ENrM92dhz+OYo_ljpBUPg_-f)Z_1Zw zS!(;`7!$vNJ~~~d;~Qj}ob;!U`8{R)n(qRg{+3~Uv1+kzoG+Ro-%p%hU`Xow=QBhlsUI@C7O}vtM0&k-XaZ2APHf{l*tA zX`LLud#%y-yGp)av3G(`U9@NT!c%JJn`sP1f6cqAu1w~;){Or<6#e6oeG`0df>roXuAs)5OT*BSdw zg8c#=5`3{e#21-UyZu=1(Qkh5-NU@#=*_qJ&#TdPycmmTK)b9+(k z{eQG8{j7VR`83&nE6n(a`KaH*U+ohwU#v?r<2%~4QvzdB-|rb=xXI^p#Vdp4qJQO( zd2_t@_6{PW*ChC&|06!eEB!V7Zgj@iwZB2P&se{$c?Es8d5u(HgI*t4=WV}0SN+Rv zV}Sk6H0?ZB{Z?+;{n3rJzdytC(7qS`b=Qx{_A55=do$Vxc4-T9Rd|(_{@#t>5l^ z!^DHBf5-BIE}wR@%=$&I{~k`ZAKTBjA%4S2eD>v;*)L}1N1~m0dEcdmZ-{OmwC4tw zZ<#RD-G<=1({jT4v32g1DiR@o9?NGB?-NW^D^uJi<0NQWoJ>y?bj$h{A z@9=(4IKPp)-rT=gS7ydnbb-mguJ2deW8Qy@)zSVV7yY*HoYBpz{FL-{RWFFpsi~17wQ&(li7kW)|#9Za`9P-^$JD=OGTc2HZ zkJtOj`MCd8{SthU4EZ{k_C4Q&Xa2b0KPFuo?nKWv_t3t3{Vi>Vohf|o=c{{dXs7~x zo2hkE^!Nz-Uzypjs!DT&L#fZV_-%4KJd($~{={KBHhaadE%AG3f-ih^X7=O!iIHDY`!`BhZvU#+ zyW^33%ohwlwqXC1@1N6tyPBf>OX9Px$&8Ql2n1aD$S_QAkJ{06Sg%zpmU zb$?-`BsG7;`=woWrQPVe?YHUM;6^X|Ex`Bv!iOdJR3tOLkm)A~RHQzC`;g-j44>Oh zCaOFOnf&y8OX@nOGh9!$(l#-@fajC1StaxjJ5$KiBj%x@bp`;+fomM;+E;2D^2aN=@%B|D z4d1#~P!7S_&VQx;+xC?!dexELUg|6H>#pBMVg5<=W6L<7eUrES>dVLcVSdhTo@LfB ze>CWFi!=WkcVzx(-vi~}h`rUd=Kd&_hVNR}{SoKiu%Af%zQLm$UsuQc%I!@8Y-0Qu z=YI2K^8Mwb7wZ1g$GV}TbxPAXU-)Kk`?>jMAEon|I!fmQ{_cyu*YyXVPsb;c;ts}V z{-FIvUDs}f@YR_6H`?zRncpml&$=ZuzQCQD!&;KsK4ANv&(+=OjF{wNcjXjQN6t`bAL%!Et&rx}uUZ#Ah>-nmiJGV{MTCeuYUF(#JV2u3d=6O)Sj5jph z>x%y8W(bCDK=_>3eg8X|{R(y5za{nPIcHq|^(VuGFLzFA`8<9Z+NV>S#`)B3-tp_^ z<2Vh=)een6*EGM=UCza&wpRTkIewY`9)bO$!yCo-EGO`3;VBL zkp8PBiS!rCkk7wG=ih)Uep{Mx-T}Mz=a*r_N6z<-e58-?jlEHym+$vn5Bu3867d_p zBQyIQzD1|wsM+6KPVF%HHxkt4BCpTw^tqn?uH#o+Eqs0#-|bsrza&0uV`h9~&3!KC zY2tMwrr$Sa(lO(Y+v#&XUzJ7 zT;%QXY?p2_e#qTEcmwep9hoQv0(W}b?-p16d&?)9BXV47{Z{dD>iWc)NuvFIQ-i8> zd&8rp{ENBDzeeNGei@Z?mb>c5=bj&gd@L6kk1m{e{}t_M|9EqUViqQzlYCpyfH*Y1mR~|Vmxo##;W-kgpc0+{V2Zy9c286 z_kT0x`!lB-`_+Iid~{RwjY-$)-`?^2jjMf{Yo0?#T<;&n$1SeV{i^BW*D_r6*PYtf zc|KTU;+M}?KYAVY?{7KkmqYdY$&oaCzx-Rbq-}HF|91X5axwp&^?V!W{xWxiE}!`P z()s@2pE6r!$=WV|s7pC&nmHwD6nZC@=ihJba_8}Knd$#{p%k#H^&D6q2%)Fp! z_!bUL<@>|LFYkkR;r7heb>08+0OQXNd^twS7kB^57K|^69hMk>8ouA#er`U#KjW@{ zx0!xba??I8oOu1q^*NiY>%GdqHq!q4Gg1Fq4`jy2_bbT3>qO4d>4)pn*dVf&hs$+Ip6ntHCJu#uG3#M4d3=#QsdV>j~UOK_WOPpH0W7gQMRP8!aB_wZ7nG- zsR&h+4Y7*Kte*2LDnkA8N0${W3Sv!h$rpC_LbtSA^8EWn=S z&ULKiDh*JmtawpDS#hx3DhXEP7tEboHnF(80-yy87tX;I-RsLiDtnfnQa-AqO7=N-pKjE!UacH z6b(8pR90G1I%i4I;7&_HRZ@}H@36emP(@w|j5X|J955TFz!9?x<&fD+a7^CG<)tOg zHrL7W<_3#~`8rv$eQ>8V2bV4?t_Us)Rh-gEUFaQUWud~6r6onh^Q@j_!Sd3DOM_+k z)BGd#I{d&;;kc5bQvA@wHd!&mDk-;$mXs8BFDxyo2rjG0#}VS^>9sw2Sl#2tj9ge8 zEU5s0uwYT1<)nljFwwq~g5~7}^MccZ6~`8r1xJ^bEh?y3zMGBuCQP(QA27Q-STXw_ zIAnH_bBwl;*_d*+R3oK3JYl7*eWwQ(FA0_u2FJ}kwzy(`amh%elrwf?>YrdLHwVlv zo(m>9WOgBr(M;T!e6~F2Z2cK?+{Jx-0!m%#9d-EyODak$7KLW_J=E%1j%2eiShTQs z-u#OEF=eGoLPM;?4g*{}2x0Q}ftF5q$?Fa?F==&2N)4736%+=o)0QX2U%QFOgShM{ zWJe^}xg$##EkZn(Cq?0$Q!0Yxc?0vxf+3yA7wSW1&o#%)E;I*edzsDdGtyS+k4~}{ z3$G-f2H|l;!J!?47ya> zW$hZP8Z3(@VCqYG&qbYuD?x0hSy&dmhIs*Ei?dZOmPK@2qJM&K_9I?=uNXcR(c|pW z@r7?`qC{~%EZ0Ef3*6d7iO5%ZZ4)ITU*I}yhv>LOe^TJmcfI(&y-Ocq?b7q``Z10% z*?yz(omP3z-+H{8qr3@dxAuTN5f;4!`^84#J)tMMIgdseI>wPp;>i+RITJiLYlHp-;4zBl5)jy_D!E+^PjSW}{7x zFvNKuLf9svBNzQK{RfnL@oi~t(%%#MeUvxLz4`18`AS5-N-T@WSF>Nf5|Pipf4< zFNS?ZbmXGH&l`8V;>FiO<`;nrG|}xI&DSX2e)xcVuY_G<$h>l$JbI$6#!;A05@tQBztaiR|Yg`{9Utr&S z%-4~x$XAJNBJ$N>Swy}VmPK^rqW|Hgdp+vKH?6UW-@P^8mm4L16XTawV{-uIhqZqv zN6q#^`kT}kbLMq&bi`Ub(_4~_xa{QU+;-T1CekayBD=rd-`qpM`BA^2M-CL`N?A8*?5U<;8c7v0rT8+U*x8 zhrJ;3g|I9lU!+?nB_dxK+eGAxcJGAu%+m93m`$LB#zNI|kG3o4g=DWpTdGS43X!6J5 zdK~^ZeCIp4d=8*UmGoA9?i5F_JfN>#k^3frZ~C=`C0g? z&Y9vU9beh3WuEoN>qlumb*HwU=1Y_>qF!TVOd0;N-T?x4uZE3<!rSx_u>dd#(tHX+A7g3+;GMQWUI(SZ5_P^ z`^ECX^Ke^72TlQB9umbPZ5=JfJX&J^+(+9wO2>EUrB5~T;u|-!p>s&!bNwCG{jL$Z z#5^~5o{I8zdt-bH)$gc$leULKSac!6kt4A`mPPUUrG;NrLOxV!!e{U0ca)Cr+vpLW zd-0XY`>$};7q#=nvi(X#J`2kt^7*hVB41S_zY>uz(Acj;bTGT)=rQk-F|_7 z`27(1B7OZzM7}C4i^%8m!FD1OzcDO}=*UIC_spyQ@Z$TT$fUn7Yv+r!1rJ2NSQ}gq zB3})bMdSsKQ3S=c6`BNzRt1x>qn@eO!c^I2cj!FM|Npg7-Y;Dh3PSgwKMe5ZmB zit}Nc1<{d<{=7FX`N@lKwaLG+I`{&6BYq+BMRLIlk*^BNBJ%lKflb8t#c~XyBNzR5 zw>^8a7vKAMJ|Qmhb?x@EP*#Y@7ibP%h=BKBH9njF^G;_^xG9(`l%OR>%k`dZLgg# zwm;$rBAflqziz4#b`=CC6 z$mhqhh-ePS1CBex+ym@;>@s#YJ}1Zoe?nl8AiKCaCWq@>OG5L_U8G zcp>sBY;$A`NW0N*{g1=*z3g|Lxql0MTRWfq9m;=*eBm0jXCU%bVp&AK+;35zK;(;J zSwu%J`WqVl^9e7$R_~kox2AT!+)k+fA@cbThJ7IN1+Xk4U+f^HSBQL-7TOCC9l7Wq zTYZ5iUypev{nf#z{=#pE$Y=ivdqU*%V_8JLYUFhh`NDs|-VhzR=vxC@zvX4WuddL1 zk?(4^pN+PNhS8C@X9z z&etA%P@E6Tl~A0o9r&O)AC{vK9l7XVQq--r7vH(}nDTFD?R=32DE}ey#T3#PM7|m< zi^vy3S`d-X!Zr~dx#)ke?}iJ!_--}zZ{%mq7f927_Ww9liO5&^!&D_AUj)k{@>x5l zDiQgru`Hq^7ybQS`_Z%i#b@e|z^>Z)LffY*5&5dVnW{wOi(*+sKKtvbN<_XIEQ{#K zMgQ#lQ*ZLJ-(=Qrztqm>kHLNr`6@qz{UGv1uq+~<^#SY$k*^xdB06%>f8nVoJlprf zZZhRd9em+^rzsKnqWer!BJx#ZSwud6>uE|vK80648FS*e0SQ7yayG9*B7H4L9{~tPZ|h*g`};|F_655cvXF7LhN8ye=YNl$J|JZqbo)=%a;fwrHyZx%)g1sQ}G%3(=8_ezy^W+j`mW`mpAUC_SDoUHx10G0GE&d_F9T$Y*0& zM7}8M8WH(IAEEq%=*UHXVc!`sFTSS@U!Xzld_J)SM841$xE@5lFqTE+Q=fwcB3~7j zMReq%KliAWmwWLw#QZkm!ZY=IqUE1utK|N_1_5mBfqC{eOm}qY6$p3DR$+ui=TF4= zVQi1yINi~q=syi$dkot|V|$|Su4j(2Z<_81M>~#O^w(eUnrHd<G-@*9{S8#q&Q`vO6CL$kgz;;`vz6ta=qMfE zfhR;B^5U~@Gx7V8e!l;~%GBpaugmx8@en$C*hojewgTTkSlAw^1p`D7j*h{0=(`0t z-->KyW4q{%y}@@R#wrXQ=_nmv-s9_=dhyM_Qu9UTYx}kQ-kUFUz<4DhpZ~z|N+bn^ z@Ks}3M83*{#w!u|a;@=7M8|lgKkejh)4cd%7aP8&+I|OD3tuArmEo2(Qkty-SB`Yl z_Xd=2cz#vAex##kroz66|LDJ9KdA8r>@UyDu`IeJrqe^sRj?mKM=tt5yg9h17vI|d zXg>Q>{roK*pYQgON<_ZE9pHuHe0PBlBA-KI&#r(d-ZRpc=2s8eAZ`m z@ZnlMD9(2`_@Fr7zrhE^`R)TB6z97K$3t}FqQClvS3KK)WtO&IxRtIy(%KK#@`e>))O4rKZ0@MKHb*7?`X_vVpE@BYN~XC8z6 zu_jUe=Jrhu%k%Q&{R2%Jrqs{r_{JVFX_FVB_!>GJ{X^I)KEvW zvv7rzke^2mbyO_j(b=jRVbMhh%Xk1kmPPYWeg|eFKjU~29pjb$#rwSPd4In07Zblf z>ijX##dplLs1J@n`|Z2ojuy1U{x4u0*cZbcg?FO;Hy!OiY!|&zjQLcsJ+y7Oqtb`K zHwESO_c$J+BNzSF&ANJy-x&S2=8JVU@#~a-iRb(Bd^#`~h(YJrVY2*^Z?B zY#|&#SS0U11cu;wG?qm>Zqey4gk=#Ox#(ZDenH49ey=NN;2aX@q@VB0cVv^}SNLLh zJ|3-xeV{vXU@ye4{VMDMJ%Sf3A_2rNmPIn2O`fL*UK{R6zP~KtYJ^2}c(N%tRipVV;m zZ#wMTiEjWwc0XM{`hRGyM5B*0?Y|%K9UzE~cB6lH`8kDNd?Ty$5#cj*`CQv~isV~G zZ<+fe`A(52`8!4Ots>e>zEdQU{KD@P$+wE=$VI>G`D-h^_~iRK;sRmKC*RR&tPh4V=|Q=ikU@!k5~9cIKg<-cQ-kASplaovvyuizjqOSIpXvA>drYnH;(O^S6Tg;jzl<6qe5v=p z)&z|AYBsGCffUvBpSN)+eA zawU|G&+0J%JA3OlhSJU&wuuYVy{a*X% z+Kpa(>*W1IxY$x1zs1h@_C)?2jHDJGf$_L2204=ZP025nrw?*;s~r3?#;%_+$kBo} zsp)M-OPzn!KTr{hjAOo_Umkwu3@^SN_n7=~iS9p;?;s@S-;ZJ5z&WVTUheCtyVS2m zsQ;_`I&$i_vyeX!7GbJ2XaDf4eU+#R<&S+vwu-*i*HJpYFFpz{_u`ur)O?X%`u;7@ zRrnJ1hy4q#hx#MZqrD>;pKll8dOh1a`f~xc?}Pdo+eOE~eu0)b=u>O&=zQ4E9+{(J z-P=1#$CrI(&8c2|%flxB+PZ#A#}~+JuN)b^N`yt^3t?GAzA%T zr$3ozHo5+tjPfop72}(8w7R2UJ-_ zp<{IX#`1LgMe`-fm)~2bp1*Wo&C6@LdDbq(_N4agB4ml=usePk?lRy-Nq=qmeiYyT zZ;JUH#05^%^@p49n6ndnm6$7FX;OZ$Z&7MP`$T&sGP!}ONlI_kqZ_Da)+F+mHBnzn zuE%so|Jv}0p5yBR-^$)7LkH>hm9&SF>kqcCqL-n44zYdZyBuw0XeQc!kwVlTSQect z?JcyY!dEnR#P(P2mCcoij$HIF==GUr{O*PMcf`f&;H$>DMdY*Bqx}v!d@Ip^dsTBs z0=*UHXRkNkLyz<8}%k&ZUdYwNsU!r{~ z^}qB#1ztd(3-lMl(q9#MKHJfU=s%LYV!wzo5o&1iYwV?LCE7YdZx6hT;~_e7(f`Mv zSIqF@YmE6P#0945`d9NM@^8r8?=ZhM9ht~4vaYo&++ilp6-xAPRrgQbKONs+T_&#c z;*x!^-35bD&~(ZdMa2P40B?(8Up{2|Yasu30~LpX|Xs0;Roa0ZM^Bs)+A@WsYS(MdkRIt3TtTA8uWXD`6s`kmjTwQ>scdURf}WXYmo6-A+iOXd}q49M4S zzsnAM893=UeYV6q!2dI@fqR~7(Em^EwMV$>X)mUKG|L=E|G?7*I^P#~d)TQ;awO-s z+x`NcAMT4v+qmejx}4LwRyq61rgQKdz9Ig)oBiD1sWYopAui~=kF}+@iZt%6Dv>|s zez+Q8I~$#a#*vGDhrun5^_u_Z>7fmjeL|LM7&i0&{HFPE+wC~|4Grm7v!3M&^XoGx zS0X4^SpG5JGQTpPn#1Gc7sz+dJqHB6_#!gCd2yC{=X^bXi2B`|@116-SmDTb=s?&B z?abDLQJ$f`nvW<5H_le4u0(k@DqEdl)-Mg}@Sj*8I7#lDwIdh(F^ksh@Z!t*uz`w} zWvORo==bv@Y51Pm(#Sb6`T8trhj_l0{w9CsSm+7fZI8Lz^yaze5qM8#rb-y0^JUXeWv~PN9y#No15DJw~lJU zD!Kbew6Dk+{iOrmFYDm&T7yu3{MNyd^xww%;CaaJ9USrcv>W}B@+m)i*>CFO4V8^X z@Y;#mez8Bi<9F?gsrI{|7xGm%j1%exJN3#@mGC3*WxP-zFURRewR-0`#D$w#iiE0CZ6M*RM#X!3u&_zql)^q0gJP`aJR zltSN~{@nH>pY-2*rMrC|!TKJF{L6Glf8DdU|L(>2_>D+^Nqnlo|2KTOyO4kK`D+vH zZ}M4B{&0^M-@jf%KD;4IU9a>!n2|Jm*N1i4%JNU%Lyn@{Yu{bUyT)q!9PP9IXdXd% zy?>7ScOR602crKGc8wg8-hK_&UnKL7?l!;OvCWV_lKAX~-uA06U-W0>?|Sfk^!nTK zec;{r-ue_Rfg2O{i|rx4mmWsB*fDea^}P9s$zFUfBYy29zHru_v0r<{Z=@c4AKzE; zo)_Oak0Jdf@mY=b3}5zHC=UG6~8Yb{Y8`bB72ChHPWAjaxc^JuXm>dmLXqV@mqoT4cEhdC*AV-0585*@%$kAWR_Y! zSkF%xZsKjfqRNeuU}Ve2a^3=$vF3mO{`a}H)z^9PUET%l=bT2W*TtGIl7_EW>(u-6asPtdkIPn{=3zV^?$0|v zh1a3lpTE4}5ih>g$HFd65`1&<%U*AHXd8g9Lu@sb>;mX5D=!(8Y4CGP&AHZS8m zLlfyQX87Fs_Z*x!IsN6{rsru5bkOr+@wyxzQM0AFs*E;|k0%Pef#*jM9qmT{vNq4G z_OjpoIVhhGZlqp6Q(rG^#tHFGfxe6z5(hImjvRdoVZU*WRR@%Nc5V~3FUq^{>TLC> zjH`#Q(7qSHD~6VaG0usuy;k@x{ zC1aPW5$5wL8M{2Bqk)4QuoZJ$ z$3ow_WIoRC-p2GxE!bO^XZ}|8<9qZ;&B1zvd=vS5uGaU3OlRby-N<)yqb6S^^C@G$ z4j<||@y(t3IyLp=8)-PyQ2qRYd~?_7-84Dqo$sG z-P@URuA{CeXuknwJ=+holfl}pej7f1pYdLNvs`?YZR%&g5o!3Q)WOGeNB`bqZ%D}> zOndKj$@P}zbH^{k^w+K$@J%uw^T&0r_zktIpZ#o8|JtMU_$=D*v`39y%k*;} zxBVEe^e?#gv0ll1jNj_db^c}i=C-dN-@*JI>tfA8K4rfDZEw-zdg|g^-0itlL+AbkyxM|9tLSyJ$I2VM{DZIx3s0^2F)NvQaW0+xNSU*7@V|^K|{; z+rNH%SD5<`elLvnPd=8z*4EVg z`zOn1TbJ8zKH81z5A%;XD4CDrH#)zk?RWD}nlIF`e)ePgIdWWT`~H@DP5JkOclqb$ zo0#8xgBM@G#g}_P{rI|_WAdq)e}M5@7a!x5{^s{e#wGKye7<yT2)WJBiicx z8~7wOekYjq{C*+hQ5i=r`Y-==?{;Mb7UZ#EvU!wa*7{AQF92erYAGzqSoV8$%7vKB_`i$#L|9Is=^|RmoCZD?N zwWaE z>>=T-Wc#svx$u`%`&HMIFWx>qLciao&xWbYjQv!R<|BujkDRaM*W8uN$MhF<#c$}~ z`q_^h?)YW-oGyMX14{qSsja_A=41JC$Pc>yVEpEGsvqAkrhOXuJhgrLlIee8yw_#F zw-4GYn#@Q0)!d-lf8?v$Lwx+cam>_vb@5p@hu-z#>v3f&pTF~-vEPKKu2;hIy!-!{ z?&zQ0=&^mh_%^+w>tEWhW)JbrdqVTY#(0-62V z=Kj1SwSKEU-`MY7-S1Xc{C;@K=w)7fTQ}+wq5W8WeqY!6@y#^tgYdf4^5qB9FKCbR zzCWVf=;!YD(_$~a8S+8`+`)crzv_DOv41ykS?c|7mf^Mwb-h=Y{U%=+?(4<3`as=7 zKf&;Yy4BBq6W5w}boKADe<)r0W4TAa`sagF+NUi49{Wt&Z|4cxez}L#kFVXK=Kko@ z)b!WYtPju9=c~(p&t33xxtIMuS*z<`@>SK7Z#X&Z)c)rw`?LNnH}y)`aMxwOUE|Mw%!}_g7hg?1`P>}jD>MBsk+(Cm-}}A$ z`Mvmtuh;bl?N`~Oe)dbp$M$L9e((Fsc)22l2i&dKOiAf~Vf*Urb5r?zJ@+tQkse1~ zSNy7{4u9Iqeyd#etNxpOfexLs_Mx%&ctJ+V`}^k zF!fvXBYj@m@X&Mf^dp zH}(tPX!5VAe{1T=SJ_3E&*5(tI?tn6{+(#jR=L|5qc3(Gr$rO3tguMAmzTQVQ}|MJZ9H}d)V>>0i{O!~8o zUCH6*Bj;Cre@-d?Xul5k=olei^&aA@KE$+Ze$nM$U3|Gy+n<|kKen&Vk^v%cXXdJ`^%@z{V(})`__-Iy?Ktnb|~|QGWH9f@7;c8 zywd-?dC-^4cf9GpKiQT3s_Mz-PG{t+ul*)Z+j3$uAM?jfbANf_m%4w~->-i5n`g>r z`@7Wguj~TT?l=8zb;a)$uZ|hy#W&TAA0l7P-{cD)tA7{m*Usc$yL0Mu8%gWpm|w{4 zyX4zl$$YGTdsplGbMjU8ub=(gb|RnKuH?{kyYt=O_lA_`=j1zgwZ8x0_%+|5_2Xmz zWbBL7`y=*GTIIF(uaSHBN6#MaWxv-h)%6?ss_V%YWk2&)-Oob%y=2yNToyTKKg%r8 zA9ekaDg9S0|61O!&q%(|fcn|*3&UaGmdf{oSW-_e6)WzFFt2}m+}_z_kYvz$=ohAIDhi|E^2{mewTR(KAGDk zvM|9XbGt;bKOOlP@24NI$Z7vIxlyMxme1#y=QBL6`f%^`m-C8g&&}86E%$%qL47{f zV_d(YQm>Dg@wDXNcFQc#-}KsN_euK8HGIq;l`1hdTMh{gt{-2G8K>>$>%5=-JzVeR z8)W$C|9D#EFy47G=9Zc@Q28L|y-S1xSPnsSnaAaO@l|$fpd$See9=9`7dmO63Pa?p z!g3U%BNzQSuMA!0#dl^Cyniq-!50|1XY5y905%blPXzYMoik8bP*(FPn3`l!@u|Vl zrDbb&pPS_H#9SMtX2;n@rDb|v60X6adNPuErKR&02J<ZY?P;sTgD}7r6K_qn)*(in1Y=Ou1t9oL3eqlzC5r1&eU;!XZ{6SB_j* z94x6ASz1yu#99=rm|r?qE?rzQ4?*lx9xPj0To^1YEh#FVhhHE&U}pq|SfwQ+OBXFF zuCTOKdSFecqTD*+MCWQF3l=WarUu-lDJxwP8d%=L zE*xSN%}q7h=;GkQxf0zn+fOOdLXoVPQdCqPtgwm~g%;+QI?LElj^CmaDG~|NwsR=r zvm(BJ#wj7BT>QSJ`cN1FzZ}UOd|u8nE9oEl;tAiQ{@w4qD|NZb`lHh&c)#UheGejs zL~UKZnAc@cB5T)kv%IT^cWq2K-`rQmwx-s1z07)dyNdG$hqiZ9(QVz#SrXns!xye; z)u6$C>IgmG2j|c0bPe9G@0zH$1H(06;z+&pX1P*wr^kA#73QrEENrU$H}%DPZhcix znaBR*rYeSTO^3d!-H#|&7c^Djn=zr@{(V(ngkuO>w;+uD+nWpUe7;d{wh{ZO_1b>B zuGjsi`Ddg4xH4fsHNx9|GJj68{TjD7_3K%w_1h1t^!YjNh3zNKs}p#&xAHaU9p~fr zA^AuBBz%_Pi`=034#4|S;j41gX=Z#~Bn{tbuun4Idh>jj9JKc?Gu|^|+LN>o`DzyA zsmg-9csy|X=bx@=>)6kni1s_?F1&wuU5?`Tc6+3^{feCQr{d{vaAR%1@W|Bk_v&NX zeq2xc#Cj*@fwNn+-i_~HFEx7;e7ntm&;#>Z*rCMyJ~6|`^U~-1K7RB2_^%XaG@y*IZ4lT=4ZSK_fAK_8je&nLxCSN}%CLiCQj(&&s)R@L; z=lOBJKfMm~{X~{vzBO0=xUS_0&-e3!ct74w;+>)VIMRds9=H9TE9`T*7vJ#4XelqtQWFecV6?aWWL_k3dy3CFS<=6XC!fC5 zt9;Hv{!sae@>z}1d`X8oiz|`-8sTk1{%*0GeK_9ZE@+E+ecGzq&=3v`#yp}3TL^QW zmGGRl%0{?bCG2M2bCh=--RJLr&;FkE$MzSIfBPi(BK71`h2ZI(;HyN~Mwooo+_s3{ zy7?CN8Z^wye(yx_e!MTiXOFF){UW%&uTO%{7i_Ei2$L_0a0ubL>=(T2=Lfy`erw$j z_iqWlSUve_7J{d5f-k%XJP4Cdm9$l1gx!2hC-n2CJpX`K{&4c|+AKV8()l+$&O3it z;XRu_$VI(D$-^Ho?k6(olj;FtvVT64+o_rR5Z?0@N zrn8Ly`;;%ndZoV&NPp2g66w#Lr1J;U9sT8dDE$R~?WiK(bllB;lRxP-+sl5>N&5S~ zg_7^8dZoXbN_@lm*{M$Yi@<*2i>9g2Gx(OONq@N)Pg831)VTek2-jeL+Rt~%G!@1E zv|lyCmDui%-^#tt|HzB)1f;*f59#?rSAp+2&1Yq!4Ez`Pz(c-Dgw^v2KKp9$VSn;f zAsog2`gOLmJ2LFUi+#+knlIf957F`*tk+pM>Bea`Fu*c#;@zB^>+?W;n) z_uY-})#o2MQuxku@x9yy_m}r4%9ltQKKU+e^8N2ba~~cs?;Vk^z3DIKeKGH^c>nA3 z;~T9vkKS$k%fL5kP7=N**XZ9@WBLzbUmD z6feFNowHP+>0V0akMfFN|5$wYZop*S{%eNsHu`T0NZeZ+g^~c~jt)_u*xBjb7u4t^H-)5<{Q*}8JF?`H-^xM9w zW5jPVYI6To_^Z_ZE45eM^K@C}JhWp?=V3#|e!GnQ`22kF803#FIf~;??PI;|cUi;K z`;Yk@bpKyqU;SPM%a^mC@h<N22l1T`>BkV~dwj4O_GBU)duZ@(@q5e3 z{U!bF7QX}LqRefYm_IB$Q`?X6N}uzGF@CGN!X9%PtG!=Cxj3@1^PNk(Fk2lr2a*@ce9bo3s~joIC%HI$-gyUitT`SJD6SSxYr7D^2-)$_Q2Si~cTX zq$SGdQ%5Kt!py%hge!j=9?!p(r;SimzvA1gy}&UE?Zwkapk5mu&%Y6b{n+m2n-M$u zH!r@Tr;&d@PtRvBAEB(DHD3&TF@*g;CHO*Tj8M^C2|jDZ2o=Nr`b~oQ4L$lBI;+wDx{a0V4x1ay)5h~PhguXulUku?Y@GyQu=ZsLfjS_s; zx!}o4@KqwLa6I{Zt4645gx!2s-V?mTi|_IK8Y+8REqwpP`F_{-vvR?Qa4y1ezBS;7 zJz2k5YmpxRNQz&C1K2;#cLCV3-OYE&&cU0#_;%oX!|KcQeAW29{>IvVG4KV>!}Vb= z^3@<*lbx_%WHtB^j>qr$upRa%UlqbtI3LR?`afKAgtY&5D_{Dbgydi)=GTjv_pMm2 z(C7SmEMFSn#PZ#TK847q;~K~3`D?gRhttio$98^qQ^2zRxZtE`K9c%_LG3 zKgvnW|97Hy{ULnG?dNLq9EECH7x`k&D|GeDa~g zmwSC``(W$k4V3*wqJ3bQ@ALr2arEW8oXPD2-hV_Fras@Q>;9v9KYYjY?f&}5@<+j6 zdC;vPbFrG@c+}?msxLi5>M!kF+1- z*D?owT(MZ@mygFU`zL!8!0vzKsDlTX``_8#@p~}xd2;+-w9>Q#eo1}4de7R__5tG& zUF0e@qKT@yra$iSVZUn{^u)-HU|CT?VGu)2rUmB}mm_!-zOmCiWmt)>$i%fjS9>00h7_b8Vpb*{U@gze!SIWUMFpX&k_PF_Ii(_4p4Tt0EEviw zDOeO7R;2eaUkKs=8?H@^tzIoLx{dclLZ7tA`uOE}p06@2veCiC@peo8+@xqrYOqa?kHKwz*p$WSykb+5Vdq z?o$%qZ)7=W-Pccv=3R|)@mSO|H}`YIaS`FW`zcWyX{VNBKI0p)9U8bsw+q#6{gmi< zgylZI2FHuiIdan#@`UW8Q-vlE=5rm zXovg2HBB5%$kOF}=t6w+9%4TCUxaT!L$BfY#4tauh5bdbJcK)E7VO=hy6xoj*0KxEqS>? z%5&1Ye$d}~tBg{(y^Dt@tMEZZYm9~HGbq6aE?~4?cMUr2o-_(a?5#uNKTI>&Piy(g# z;d~KQp1$W8y4ohy&?;*S{n+xsTlfA{obEk^o)$X|(Ti^%W8HWB%K zT@i-JZ)2MylYac&Iw?^)M{fEDyu4S)i~mjY{m;m-uuXvY*szm7+GZjbs4VNv-eo&Kw~Pf?-^5sn;*J|`@Tm_O`q z@Jtb6`C5ZzQ94Jv)9-xj$iZIxkB!qU=;(8`^Q&Y0N)+1(Uhs#pEF!;sv|owH@5i!; z{L$%tB_e-#29Af)Idap#=#=*k@#2@~+m4%{%TF)+2L{8Qc+M@7er!JHmS^3(50vNJ zBHpLUb8ZoN6`pI0cpoUwxkc$5x#?fHy6O)v{#EVJ0DucWU%UM)2Z0CjV;q#+N2$Yc zZHV@-KFp8#&J*^JVOd1`2L}2v4nFaFa~j<&!3LhbziAz+6l z6d-*!M0{XbME=Ub_}?=BF0BGmPP3tx#{;@b%N!^FXIoyMe0gFcrG7> zB>iw4f{aCorynfGpm_ShID|@wyb9wEMDg^4<%q0H#J4E{{Y!lJ`xmXs_{^3r@uMmHa-5JM2=^VM~54dmPY%hKpUm?z( zSbP4JaTX%yITXiP$U2lqPWk!-##KPHzl^gGkypl9h-iNqXCX@G$W8z8_0K-*#owiY z&cD$*>~HyTJ&5IJ1j{1YKQIOP6Qcb?SQgR#u}L@<;_rz}#_>=(M{fFeK6vNvUi{Mx zfB2=^(~tj5i=(gH8DpeNFRw zjq{QGsot3CNZLPE2egL}7LniHf-xZw`TbZHk-z%2sY*ot@at2RD4ioW{i?6~`@Hx! z-ec;oEp_k@nx+&a_78wRjAc=r|1gZhf#UpF_CsyV{Y`WL#sNWb{((3iO6SN;f79Y| zqrCWKe3iJc8TaL7e`){7I4hBqpB!f;W36mce#$s25z9{*XC)%9jI$E4{FHH4qI8bj z^v|C%siznJm!|!r-l*OFRUI%62x9xk+JBl7(f&32;rBtbzrwyE+CSVL_J-oW2mAV< zbdKC{|JL>!y!d7Om^f>)=|4#`&P~RViJbaN#%am8F^Kk;abzOeU&fJ%$SdQ>M6|z* zBNL@_ac;B2W8H4^w7-lm6Bn(EALGnIkduCdALGhIaegdULUI1funmgyW4Q{7^Ir~r zD4lcje|6kGExhc1bA{orBmIQ3zz?zgQ-fs@(@#}H@Ig#JQ7ns?etZq^TSVr$Uk#Q; z>71MYn3i|;^5U2AbK(M1YEM5hj!q=@=QuhUOGo?5I64vSFXQM$cxMq$-nknweyD#01qVXpO~~iu`D8gRY#;Bi2PA3i^y-ItP+vG2Fs#! z&dndHx$P4#{&#A0`d4q)&Tm_|K1BORu`D8g_#l*z5cw;yEF!-;5UddSqgWQDb8i08 zJvv_G#ozcllYi^t&jUXc=f`psiu3mZKNRQ3awQb!?+I2Y&X47&tV`qE{LQaB5|y!tx#Sz-!YT@w?Lgr=}|rzb{?+!gM7X z+Y@y=zH4sXKHU+&bMC92u0-jaoB!(LX8zlY|Ee1`zisBPPsbnoays540F&Xjf1a*H zbWm?@ox{9`^SIi=Pxo2HCrX#ljr5-_!Zm%}?H{8Q_Ed$i?;1{}bAR-vg1~cQk$rl#V}&ZKA)+f5tUa zMtbodc!lOy%XR;4I(}>R7$q9iUGqnkH%p2|K_U;Xxa0uH)cbBwwVHG8z9iraL5d8}wO z_8YCXnlPWi=&SGk-<^Lip8D@Yz4)u%GWj>A?XUS0&o55LEoxv^BEOBe5%!;h_UGlJ z9rawO`TSRnRw8-6k(__S*ws2JaeSzs-ru(#aR;SyZvK-u&S>Ywf5%Ju4A#$j9A*0r zspSvT2kmt;zIV!H@y{sI;mXdVm1ycn9S(Fwd_gUbPu;)IN4VaKY*jrJ=?_Zh-25-x z`r`9m{2h$_137x0TNx*x{QRXCrd$zw=B}CG=tf>lIIKk0Tt+79z*W2e#aI_2YC%;==FhMy=^8?)cPrv?kV=w-j<^5i9@9O#a zG=C!f%+E)9#`Djb>+$_yXk`>(JWq`kW1KwHr9_9V1(TGh@hHs~TaWF~`z9P-hwl+X zUz+qED4C>0>71LtzunRA#oyJ`U$OU+`4jC2jwALxGf9bB4@O-P!t?(vlN_D866t#s z!p|ZMonf}yFHFLFL6g+dpx$odSka%@KX4MB7e9~R3#D^z{?!i@d-ng!`vc;v>H7Yq zw)Y6+T>|I+w~2m_K;9*=aX%paLoqCic>f~r5r~+7KM)s~QM>(}_Ym;zfn$I39)i4!Kz?}-K}3Fe4?#qJc@IHEet8c;l+L;N4?W?d z>%I8DKgihs3tj$ur5{Njm4jhV=r&w3us;g*Ay|Oe{;xh9?@2&x|HrT_V*5WZ2)_^F z@5#kBQ99@5|9VX8YrOcI7Ha)p8f9w-WJ@0>WP5U7l)9trOL#6$Yc>Z3E@f+cuO_Y5c-U)#Q_0;u&U4$^S zH6P{gIoT>)FxgRe8Q+fj!k&xm&=;*i*aY`Kv+&*sH0c$+ztjQZGUab{ObgHc=WEW> z_E%qN`+L3TBI&1U&}2tDP6yv4lz)d$c0~Kv95z{rXn%$MMYMky@4Sd;e;@W0rE_lk z&pWB0yI16Jce}9a+<~<$uU4Z*7NZLnEe!T+sx6pJHO+xO! z6!$aG{y3S0qib>h1+_jw?=S1bWy=5RMWZkE;{U>o|BRiW%b&axgg?>#k@sxuv(dhJ zd6c8MNIwyz|3LL9M^1kP?q}@RMmdu4LiQP$2L)jf$D38XK1zvXe2|>aw`G*0O!?bZ zFDmom|8Lz$#~u}SxtEYzaRBq^;HN%>6|l8J!=A*QE1*x%uu- z-R%GF8;W22R62jr`E-1e+mBcGFJaNKNx)ySg8YF5{4tuB0{$SKs}%6((mE+#lg|HJ z!EIyR_|N<=$DcYXevZ)cZz6wEeZzWSKtdAvvoB@hd#GYX5}*Sa$546WkpT%oehocL z?-`OL^6NmV@7_BgArW~$pzY1aD8G|I{ia*#;)qit-lleDQ{%LRw z@r|ZQ(y|n< zN$0Qqa6{MUcYj``_+yQ{`D4T%T+t^X;E&U?ltll^$#j0pX_*B4F`AbG{?Pe!J|y6` zXkLofr1Q@_Y3%_w`!D7G^Wmet`NLzXh@!cD5(0i>ULPSP;ZH&8A5ZJ0fIpY!rGP(7 z+e!g{gyyAqO*;RTO+!Dr@z?Ih{?p8xUyP;u*F}920{;Aq`v@tLUrebY@@c&k@S8L* z1^gwntrYObXkLofr1Rg^@61hZ{8u(-|1rGzgT!x~OZFuJe}v|xNd74CN0!nu3HZY_ zF9rO8WqpJc@S8L*#cR^}o4$6)wg36e>_5R4-uzMGFS>yIhXnk_DmovMg#S;a^P_cA zz@JO=QotXkZKZ%eLi19*CY}G_2l<|LyNfoaLYR6pA+!s64cwUqTK| zrSi)%DwHjvf*nbvX=MNL6n_@>OUQ1z9`b$TD6NxHZ#og4NBRHkehKMVO|6g7Iw@Y0 z&j0A{`mXKIx1jxhZt48d>xqX1{Gl8A2`S)@|F@rz0{*~_{e%?ohpwgVNx+{^>!f&1 zI{#w}iZ{F2zX{tvTn2ycEo6TZ@Qd5%*d*Y$ZYBGZfImv>q<}wu6P+Ik_+zwAir1v` zKQq5uH8=i(DV%?ERr|B@o^M3u z@^iFIBB=f@-}?_dWhO-4kF623|1-2sipQk$PkMfgYx()>=a_$9>HcF~O7h zx{A(+1pI>LrGVeOx}T5&{vu+P0{$Salj1e${CB={@I^QNPdNV?q0;${CH;gH@EhmS zG70#@OUb?@;E&NdDc~22iIoKWVi_$<@tAb}HU)pa;>Q0g^GD0zHCQOek9d5a1pIMYCnd?hi}*>vAAE)KFNxQr^S?UoUf1_uUcOJoA7fGJ_BS_@ zzmtGJbPdHL67a`25ibe&1J}~|k$~T#SR)1e`Ls@o*QE0|YgVwu&Hf)Vf3yt#&;`Ux zlH^}a%OpwuRm4w{(SY!dL7Q!B5=y8&6XFqGIX%fqXhP$s_xyK0y3onwJ9p&?p*bg#`Q-%}W7)d<2biLIVEC zNE*k4#B0*|YdyK?Z8!eW)fK<>XX*UGUSvNK_)iJVO96klC!G%o_#-qg1^h-28b^o( z{4tuB;x*~~J8u~5`uw8fv5G%hhW+!&c2Y{{`CaU2$`3Rz1^h+B$-hXzAEtRJ;LjaK z{z3x&5}KFdHR=3S2i)cQ{@3mFeF8aIuc`L`@TczMCzwOK2r2ThqkR4qIlfCmPUGcx z_bx&T##6}c-$h92vtPXrZ}y=5NmezW<$3hHqhFVVq|5)*z!Q&j^PkmMt6zw|uK49R zGxqoQ*HBZTY!AoO_gbpYyhvjWd;df6RaYS;(uR13QT#cwTSDLuxix6q8IlVw zr0YY^PjSBJe^^wrn~;)e|FK1t&Tt+7AwuKp$SGPw55MRtLL}fX zp>SU0Z8!hf@ulJqpIHw&+NqbA*ud*Gbj*9e+WI$BOymnmmP!p^TjXkk&vy_pG@`# zwP?MRHL`u2wlAW2DVujX{Ym_ung4&ZZOjL5_HVUO<)GkXW&gqif9m<&e#+0m3#t9B zFMZd9B#+t~%Uc7PV}Fo{*{P7a$F}lA1tX)&s*z@OKPa) z(ChW-{k{5L_(JFZ@YYqX{ohKyQ9ohURsG*?DVF@H=Py-;lKrUvcKqu436bM5OP+91 zeIX^1NA{QYrS($!Q2!ITzG!28AqDwcrpajzy)r0uXan(+cunBP`k(jQBkPa#3~hY< zw+mGM4c@5A|LYU}pR&K+A2rxX9bYmO(Ys6C$>HQYrpHX>Z&=Rhl3H&rs3?9Im|B+G zfKS)phd!h6(XQo(x&t}>ysG?Pen-&We^@?m500er!g`92B$rYAk>3xDjq9Ee*f+3_ zVkwF2pON?;-uUh!m*jc!7o#4PS7~1<)#?5i9!tx#trV{b+|cu{s95ag|HtMi{&2_A z`Nh3-EE4b+5t|h7=ig2DHxlqiXq^=B$M5MTq=4U|ZKZfk;D&x_)rRZc`14?Y{!XKp z{Y##q`zs0f!>4x_Qox`4B$XdXlKiwTLIVCM?JFh8Pup4~UK6;X>#XZs(T)GKW0d`^ zPG#7?n2tpP{t~jS6!1rAofPoLX`PfLKdp#2N90)C6;r6l=j-zW+A!?aF{*930p-t9KW-0Z)C{akI=l7BtOkZNxUX-Ltitf*me96@wNH|b3+;a zb0hJSfWL%}Ed}B;e1bc`05KxS_AzwCgE1{~3w<*S^yIKld?; ze zsQyX<{y4Eo0e^50ttSD0fW8eZ1^oH6uN3f?(6&;%CU8T~UUgJgH~XKB@=v$Y?Qbn7 z|0V%{h}fhg`Iiwt3HZabP73%#w67HK$KJzNWh=JiR?=P{s^s;0{(p3R|@#Uw5=4c3Ea>t+V|e$W`Fs8>BQ8h^!yvxP32<} z@RyKnr6l?3+tK+X;FsT%mID4D%}W7)h~}kuP2h&!`rxQ;Zv0m&a_2`V3vB>8DRmjwLzw67HK2WXuXuL<1Hbqd-%IYvB>5jFeiHB-v`z~6gS4-dBtLB%An}^O4INs$XNnttQC$5(td)vCUs2`V-hUW; z`L$@gRg&!Yob^N5UprWj+M{!6JXn&PfT|ycX(lcZsvjG5auV_r*EbU#FJ-fFN_cvQ8`}e+F_FqcXf93m|sLM)y;%!uaw6!nb{Y`A6*Ox6iKgo~v zcz+Yi9{3`USAhS%KLQ)=<74Cdz5`#P`e^=9V$D@*Tx;tIm5*h&7&$?&p>`5EQS)(P zN`7Za`+nbt7pmVezE|U)V|?siU*q&SD&64U@lrbf#|v&)<;FjT_{|ozlKkej^!P)T z;)!YeW09`$?|RdDUS;tI`NW`qe`#bjJO8U|)%O$S_`}A>)Ry+J`hD@FJHH&4SWdA2 z?+4WO7c(BJ@~I%pneJb2qjUCSKuLQMpiveb9=?MtHxoG$ubp6Nv z{6O*tn18|=W&g#p|ML)dIXy?(?r#4(H2&7?C*k*%J%Ny?r6d0}(bB0Iuha?L&=0IX zG2q5uG@ycro?c6I>!rT?V?O21-;LgDmeY7X>UrQfLB(B87Uyf};J-jiFN;5jA7ouJ zvgTEiKfl1~KerOU*`#)oU+gF!fAGS&4p#s_(hWX7_>pdMx|f38p`SVQ{F!d{f0X!R z6I1q&mXkl)&)xn=*X@t=vg{9T=#%!oy3CFLMdBA{r1-69`RpGv-T9HO^CP`1euFOz zwrl$NxR{Kek!w}l!1uH6rso&dhHPk!eSE}C^ zTU2{Cjvv2_Li_NN>n2#MiH0%!D=eozLy4nAfVHN4! z{S?3XYV3s#f=j7{-J)8uck zTJf8+ocZ_T4^%q%as99RgwL1#YKaFol9zD#Ey%j}ggS%m{DUr4{{Mc2?qAo_LoS}I z=iTi;yos~?@JTae&tT9Q|3CVQ?acN+#J?LjN2McQjAt$!SJyo_A&>Qkt1IN#`Ip?P z_@AfxyEQIlfAfX(_;+$ViGA$+K2qBS&hIC}{(G%#Q~LkHHDb^e;;eml<2pU?bt z|3`)xpW+wA>G8kXOW9M8pCyag{#?$7|4-h?=ap5y`WNhf|FE9DB!7?VlpQSQf9V|J zZ(LQ38={UI_23^@tPC`s?X>w>_UGwN|G(uTl^!0V?#tl6;1Xv#u8U^&MzZCanjbA^nChpkD)Bw-nIy_jRLPYXk z!~D}Zey+Hd{HIA(F@ya_yyVV5qgeeQ{3o_n+23rh`c2@#`gc)rpK4Kq^TluJ`M=3O z*n{;m%RbyC`5$Ng*TO3Py!RII-#ST|6E7?WwDkH|JlOjQhaX?_QiSY z8tV;SvHgWFXGnf*H;L{4#5r{TodPeX`Ip`8|Fh=*us?Y4yFWdqu8U}_;wtRF?Q)fl z`!CK5`{^3j8Ty3>>voa+QMUgh%>S@_e$=$8`1x3Mea+qJ@jrSg^PJ&~Kgn`Fmn%#L zJIL)?G5+585FJ=s#(6{kys`5mlK-u~>UyL8a%?f(f2&qY?Y&3w(^(}Z=+%oWQd?Z5 zWV_yJP1X5^8>{!u@dI+af>=N5uX4da>PI#((Vt#^PbEzA(K!PX{paPfxq6^5=Tc`H zj|p)Ht52MEUvpW1ImGry{pG2yRQ^0G$Mo|Kj{V z`%PW1;Ql#@{8C2sMVN`B(GWJQhdfdEz1{y8u>VZiP4T~Nb5oP;0b-0MtlfE_%v!Rgrlj!t_w+wG70Zx^aR zhN~c#&`z(q^S@n9og@5b_e<(}g?~~00E}BN=5mhKuKVc--d=0h#eTX55%i5MZhnpU z|Mq>;totj{cq^4et+NzIl=-O}SYm>%^`(3&kn;adG|q|DGh4|1eB$^j;;~044p6_z zlJ6=1lKzp#8IgJdjlUB-mfkn{fzmrDPY(w?CU8S%z5Ua6H~w>J z{3y%DZ|zm~2RF1|{N|5zy<3)_e?o(Ho80)@y+rZH#&7QXclmF-h}!F0l%Idr{u^Ze z{hR-c2vfd1KjlB-wSSlYqGQQ_T9u!F-s9c7x$!R`e$&Pu{g?T7btL`_?EmzfeJ8r{ zuQ`wW-^Opf{_ooVmN&`&)386{KXm;b*R~@5WcdyC#}n@(|5<5^|8FRMq(EPGv5FOl zpMi!do?GXsenSW&&%dnhFQT7HN1T6rt4g=psP=XPJ9ubtLuY;1d#oG(_4CR8Hh%Hu z;mKdvZJ(q34Et{dTj|+f z_XoJaY;Gs9ma2Bn9A5F%E6RURU+94yJT&|Uy6KTa?soH^7spWiU!CGN-%gMJ|F{3Q zu&Q3|#$O>s{(oVLU%Yd8@CUizJ%sg*H$3flejVoa!{OIc`)5{dv977AM@2pO*WKWZ zKQ~^+@u#=*`DuJ9moxvGohaX$eEjPkQ0aIsQ&#(-&i~Le9d5VVAN*5^Uu4%7dzs&Q z*WLbm|3C91?jrxRFJ4hX{K*$KP=0=d+CR;wYS6olsvfwqqx^no>ir%0{({ko-XFQJ zo`{dBmnd&WdsPwPi|Pq$Y(0@xqk;%`r1y6&t|!71>WM#xQ61u2Du>c?(W&*sC&Sfp zWKBIG#??#q7YePdC-Q08YeN2pu03RHBfI@aasB1tRuq5M+Wh~0cl(ciS=IQ)^8t$r z*?+!qmjCs9jq>k0ZZEZXd&Ctl{vsTQ^^G+qChCtdj-Su*^P}_MCI7iB#UJ(HU$5~8 z?@;kDdX9>d;P`!wO2_wL1H9typ6YzDeGof%=zLB$S+_kaPuT5$56Az5-;n><_^l7z z?XUCeaUK}BF9g@A_D}HZ*9Cro{d7Hx6QEa}@_Y};e}L`(B0oR6hU{ZT!|p>Dj-${QC7OFMq{VJ-@a45BQId6aQ5y` zXZyo{zUA@{^TYnH2UWg?|Kq&)=l-U2{<|(c_hvW#!W*dkHYmk!eeQ1m|7-pWA6j^p z8~+bID~hm<-#l=5^8eUy#acK1+ixfTADptkICyyS59)t!9XI~ZXVCYfZ2Zx~lz-Dl zr#S9k$iLn8Q2WD>l>MzQ4o~|}@47DW{2dt`{A(%x7(-M1=9h;j|0mz6{;N9w`$MVx zVB;5G9iIHHzPRuMH~;TX<%b}>w33YfhbjNQvzv@^ zfB4?B7rXI)OXauVsFeMqhbe!PtE;~2#(&X+6#w&6{MPq}hyBt1fO^cm3tv0l&X4+U zODaFaj;oGhg)o0`=O6Q)v;Dly@v1&$M4bJ9Ugq}aU;~wo`qxHI$MZWQc|`Xa@MF7< zZ(aGEogeKFU8wy;JZP)`{^-uXyqxVPQEvZ1JyEZ}qh9MyPtQzv1$37;W+dAGAJ^JX zzNGSxcqqjm{fGQ$KhgQoeuDI}_M#W4^R7F@$9}o-R$3=>Mvq!ir@U>@Z>+Oj(Yy0+kXM^hi&}g z&%=}d!@egSa(ZSJw5B`5C@yBfZ)?bIG{hM{1KfulYEgquy zKQ3i|Q>gcjQ6hr=zb-#)dh*n`8~-g9#sBdseo^7@h2k8D=!}k7HWyMc-wZsH{=>8nX`(K+LWqy872gk2R-v@}b zrT%@Fjus`CjHYiYQu`z=2iK1l!F8j>9_s%ux?~IEve6<=%U;tgUIBei*3w_)_yf@? zs@MX3j}++T+W0f?Jfir6Go0_=wfb14n|0NActef^lqsp@^t zpcgo&U{RpWcVqmMu15{GTf6@qgaZ`8*vIQ}Lc7zdr>#?tEI= z4fzH668q^I`@#NOPkr`%$^VvS|0AEJ_UBzG`-|-K`0M@7JevOt&CZ$HANpXRo z-Ts2#e{b|Ay$@93$fW(FY4Ypi%)oxX@cV<|&(ydIu;1!$)cHo=bM_0ue!9l>f$nhJ z^D`y?A-4Y<_Mh`MlKttUOYk2nCq4VW&hIlCEm7V!FaIe}v z%>EB9?5At^O%AUpUa(}iI`$B5`oTvwX@w-m@SK|KsG41{L z$Y#DSr#s)DTFw3Ui~{F%@xV`x6M*yoHD~yFcKf6LTdOaX59?MFTaHuyW7Y7m|HDrH zli2>jkhA=+-`8;cZ+(*eC!n@RzVPDj!7JcLcUL~t+|ECZ^Kac9lz%@;l^@KS?)=T^ zyV7zR&%gWDi)?3(lbkGW>c)Pejh~al*CqIw@;3uJcxbGL-rGqe`ai@u|H6L;5`T1m zil07m?b`oe=ikcqM?X(sG=755OM8F6V?}jd)>Oq0zrcRF1~>GOZ$Eq>VgH->_qqS- z`cEnTe4OHsrpbQ+*R%Bab2PsvXngJTlcFu^xYo4t@x#y7ymQ1B$!{<}#^3loi}G*% zYGPPE`#;BXoDuXe&3|@Xt$4zk{~%u&^dUC#%;a}~W};lDjVq|z9n0W`ZWQ=Tw%`8k z{qgGcsQuw!CGq{~9RF)8|G|6v(BEtErvm-3{7#n1`r+5;z2ra@k@H`bUYB*nm9#vR z#v`ar>z~aLJHzyjM^3hQmvoS{*OVHONNw@OJL6Z?r13*?rz$_h_#xk{qVn6+Ba-~$ zD0lzY`TyLY>~HXRhTz!vyfYo+gcRne`wO;5T*7|3M%;leDtYfnd;FQj< zN&aY>{ILfVC)ycs{1IHgj_r5)|4=TMrd$5e^Y?eBT=k*kFJk|P{eL#df4+j3Q~kG& zyZw95cE-=AdHki|@v5E<{u{UPd2u@IytN9C%c0eav7fGCcj(BDt|!~=kN2e;&{G zuOIR#N*s?|N$C6-0448MO8Z5Nnrov_)%$&A87J%pda}3jQ!I7d13YY8`*zi2PiJzOu-r3H*n|A z`OWD+E%^Rx)K~Qs?Efn6Q=A^)6|Zx;xkTj)*cbch+T;Z6-{J1LBkcZT^83GgY5Z{O zgBl`dnX&OWcu)2h#e?Gy=Xy<;@3Y8%(Fc{?!n{5F0{iJ2+|W~ht1!=ve+!Kt zZsZ=BfDD{tc#?e}l{kz4XwKMEvAr@izPayyj&8UsB}9|0TMAiCF6XYZ>LV ze~0w=5r51tGPD27`?fgR&%u8sN=-<>L>Q)Be#k?T_*i^ylF-YDoK=eE%K8 z<)0qpKW6h(`AxJ)kH4(^8=I-x$>G1qzt%F9e~}J<)-~2cuc*_rubcneO!+rvvwt*A ze&pY9Iqh#8OwWIY@Cli$D=j)$*Uo=C$NyY8{&26V;(N6Jv~;)s_gec;m33SmJHt7C zOYwaw9pe(`^6}ALZ5^$)H#pr(p?n9uaBnCveoKh`2hYC-$?=D$Q~L??o2}C0f1S$% zVXgjBvXRTllT|%8hXGr2dkfC1ffqQZ!(osX>w$eKg#?lQ9$edqx%Us_C}TcjkDDAN7(NPv}1_L`7ypg$S6_h{-r(-YrM$MdiE$$w%;+x$N-J^oG?ahw_8j6bK| zMCI8NvPGbcnGoxHYOfugEn>%*37P){@sFw^ELtzcYl7cF*ZBDUYsi28*8cn{eZL?| zAG>LPrK-P2nIA1e(CuqG+fSC9OdKa7tETv^w#xqChSvGNs!7KW zW{JskTIMNL#B9>B{3>DsWjN_SSJ1LNuV&;wa(xMnqh_2$yfPl0mL<_J- z{r7UXp8&?$1K(e5)$gOd8eCYfYkmD$BVPDM_CL(g;(vb{Kiryegjmh?H;;AaU#;06 z{u9*V|41H}Mt@Fp4}Vt?>H706ogaQ<@QU`$wj|zvF>Y3N!}H(DH;`TH<0%zw+|ixC z)9p_C7xMRmbUUM;DxMR;j>UJe|D@Uf0saI3ySK3GY4-0=;r`WdHN}4$f7FA2kj5WE z`}1GU`lJ4x6db?iD)zTD;}6aoy5Z*H#Q0Hq`Lo~sbpLIY>VIo>Quar=6Z%5BH1_gm zF56RoekY%+hTGA7Yj1TCj#d})(MYfkJty5)T@;bDrXpu_1l^xst1cq6-fIf*3h3L% zJ^P2uzb5-ne=ffr^D_N@>lD8kaQB}@bia}l^6#gdfA#0@d$sp`VL#okjKr^b|AYVI z`n`GLfQ0?A2mI&y`zik(U0L*cL0wi44_{Go~JK;YlZ9ntzTx{^R}Y#x#Cr@WX6zWp(v@*6QMJ|0~xy<4>)X z>U?8!oZsK6!u<~sf54yo-ip?*Sm(wv_~A#puXy;Nogd%-s`McF|1NfJ+S%;t&c9DR z{!04)cKH7<&hM91-_n1>Na!ZZ$|v)ODTSF+~L6wyTi}! zta6@X{0)>phn_+9Z&yw1yMX;aP5wgm^XOz}{{0npWEP@99@ zasHuc;}Y#Z#T@?;KUdQC`$UTrzu7%K{>Qhd>lNJWY(LTYaeSR0^&$;Bxrls&^Z4ew z!v50#^KMbcMfvmC=cxYGzp5C3_KSb@CTH#c@gNXEI~2Grg?$FZBF- zm3h>0ZuxgT@rz?p_K$k-k2uvCKd-o4@r1iM{YSsg!j3dQ{^&ovmEw=prm~pL-ygSnxZ8iW_Wki0+)oDa5Qp!~_hpo;as8X{b9rmCs_)>u zu%E7Re%S8U>dhSWM|{8g>7jK0omX32h4Oz-cmAu2)e*+?f$%+9{r**(+eO7$s$LBL z*S~j<^U}Go4F7>Xaa{&nu|?%BWgLtY-V0ecbt1YyLBq>$$6X3Aiqt-bDx2mWz2g%6e6e)sFEW`t$pPqb-X6?J6hvMc?%J7x48m=Q_&| z7k;Vu%^#fa@ATqwg;=7>du7?*WNuuCX*Y(|^WR(5@2}$LN45V;alL(tKbj{0juVwX zTMeA;w?iW8_u*FtbNr9vC)(TL7rgp!3Vx6Cd@JwulkN3)l;84*-;8G`?Qflsp8fIu zh`HO@|MO9u=zkkk8s=9olqyPy7A%PPYFn@}KB;Mm`MF-Km%3lWFL?Fel))*`3r;_MwB*la|2ducqhHg89a8=y%=Gxb zW&by{_LCpAbl5+6UHE&cW!WFx*lt_PdWq*>2J@r*ww&xAoJ;TT->&Qy_23V-Rt6cb zl$gt$vBu8wTfSD#$MKIq{g>N+;NSdne^Wy^1=nfW>N_0q6YtN)$o}DZDSoTJyZv?k zHOv`q@9aNm@_SxJ2j_c&$^PDKpR)2V&KoCo?860Pr2pix{n7rgYy;I_$bVpe^ThP{ z8(zS1Mr;4P4&?_fKci%;+aG=fK3(Jduw9pCzdQPGqyF+F`Hy)ljzYh3QhNMHpq;9> zv-~`j>t%?a@RJ@~-$A;e18d7V|BP+3<@a}z&tJfQ{6kcKACfA+MLqa$DOLx7|AXJ? z^Y8G(?$8g{4dhY$|J(D&_%~F3>r_qL!sTacfU>`;tq1`v`R(nWXLA0HKE=;%*nW8K z6`EaNNEt~0(E-`QnpHm`cTvSLHjAD=(mE+#Qwgtt-u1?<8}0T#i~GM_N&Ww=@3O^u zlz#@g`_Fo<{L^kb`~Lu^{lgsR!+c%fKc8i*`*nDPdfpN60_XHR*0BH8XZ<|L&JX{2 zhrXX80+o~eVo-Yg-=qAg@qfbYDlsiiet~q(??xH?`ua*I-Z)s6A0k@&N$xQ;en^)T ze>6@0JTA{fZ*YD;eKxl%27gxlClLqH-@`bh(s5n9P9vXJn5^@KD3KH7%MrJN4`-FA{n4@T7e8rQ|k{_ub3>vsHiqV)ee`TiBURXx96 zx{~Z~;}=8I*p#22)51?J0x5s&bPuKeTZgqMl#&3^m<%h-c{iB{K|FKR^ z&;Dr75nG+luao6`t|x;3O7?%Wi>97f>EvozxBqVkF8a&O{-2ZoM|-9C&0*>B&*0~| zsE>f6J;zm~ga6MGm4A`0+ZX#o=V}{t&)V~q-&JDE}B&)AQX8)sy9)B3h2msxDCe3DCO0##Fgc=MQiKbjOCn68End+aK+R z6Xg4MBT}vL=16z{*{GF&_Ve?1#7P|g%~kB@|FHeg;2(q^eemv2iRWJjm>=bz`PC@? zpHxfS#N{_J%ANlvjX#9?qt<>n7U^0)fn9vRL-}8iFF1eb9z2uBdhGVQ4%o|YXn&hS z_74uLp5%|F$*=eG$8k|F4$pMnXLI;{;c!1yelW0uht6jQ#(5Ooebu*i{?obtz=ibv zxET3A>~H0#XaCx`AJuWT{|xw!^99>~2=h(l=kKvWD*ohqa3eX79j5{7vo?R?Xg_@H zGF5)K@7?wR%Us~qb*`2$cVPcS z`?-0WvJc7+7Wsd8cy;j^w{M95xbuI;T?O^{8PnqA0d8m3<7AxE4UV5>;0weZ=uZQe zZL<5%d~UzWqW5QG3y(3o?&U`J$}n*M`PF@R@mu`tNwn z|Cdw!EBJG^xD)YzYZ_Wi(kLL%|CnkZkc~Wn*Dpz_iL=dl|`h0 z>qn=$+duNDB1HTt|uw;d6?I<)RzFU>zG=oUY3BYrU= z^=r{`^5cGlgM%OG_+{`T9e#oRblrm!4AyO@FSYFVFZ6$?O#N3)8^1LnJ^NSX{2SET z-)eArnA71Ww>44u3x0+Bs?LpNtOx(&6HW}+`O$xPWL1ivJyP`-^E7w8ACewUqrvq=TyHA7Zgq_2rZmnxWG7lQfiyg1%-DJbDO_eS38cwh2gi*L+kf!EB!Zi zt;#oo+b<_k|CeBeYT}LWReE%i@?XSV=r65$%{ggB=yc28=9=fGbf zuT^6FPHX`FAGZ^K{S?1B`QPC`a134NaaqF1X(uAP+9u!c3RZ0=!nCYU1}EVBS5}yI zkF<4}3gP)vE{C|7@?^hYW7grKF*{Zx9WqzCybk4+N z+`Wo;>=CL*j>r-v^uD6hKfbJ%_a0Bn?X$!O%ZWcPOLSSG^a-q&(>Qf9U7x@Wz53&M zW8L`IpGW-XR1(9O-VnuzaQuaf3Q+h5&5Y}f?xE= z5xJF{irCLhlH8a9H+0huSDl^U=keE3eqZ}7@wccd?!AVe!_IK$zqf(pr@9Is0MDOA zzWQDbCks3$!Fz#-e=^Qmy{m}u2X#e!KppXXjN&Sdi|`ju*dH4AT`Zs3{I=QIG=67@ z`O*GleM!IDD&;>>5B>uBeuCZp7{Av1Ts_anaqwOv>UpUD1=_3of;D)sh&LWAUaC#^ zjdocgf5>1_)P!FSz>knNcpmrP1vh=4X#Wl~Kl(4nX#4}wx~gc2Ci9w@dz% z{r96iKzshMho9f-_upw`e|cXEOc*4BtpBb_Lz3dNe=npnet}6Yf0goSy@@K6e zG4-sT8vlNlJHPyXh28#M<LXfg(}va z{Nd=6MS#-ez`J2uE}`X;CMSz;&!X#meic#F>|~Ko>+h*W`K}-3UxSuuy*}ywf5JDf z^p*a9h~K|~|KC9Nw@jP=Ge64x(DMBiyZw{?|9$!VKTxNe5Px+|`oE~#O@wJ#pT=_n z^y+n2om9~l|BvGS*R#he!W?cl3Z1F!k9-F`@Oc&2jp=-!=HI`F+x0{pbsn(Wl&jVD z*0Cym2yc&mC+N4DuY+sc;Qy`GOJ}?B4;$d*51f@DexqX@k@Lp}GF@o5M@D{~F!!8aMbi4eWBQ8~<7@{|4q|#vk>tzhC^@p1R^pH~yI+ zr~TtT^NSIg**}+V7jl9gKCxPJJAdF(_58Wvb|-&ierEPJ^W6PE+M#rQdi~sWD&bV< zoASG~wexS|{_0uU$?EJ9*ZY}?Y&i9u;Q~RUb3_W^p@#S`Yl%HSJ{3l>##vk^u zKlpRmuqeO5e~MsmO^@eg=#{OXonYs$&hckrwi>Am?a%QH`NawD{uAYNFaCUu8;jtE zez*0h$GP!;o#*6_tjx^*Ui`6<>b%O!e+{1q^y>2#cd+xrf1c9g{{=qtbNSPYzX%4` zG~yMK&!}+q9y>qc&o^5B4XnzHKj`5@~_U1{0slk@I^kiD?+!NIl>YDFW~mit$O)?b!PTA`g!Ev37pP6us`_e^()t@ zgj1o%O?u%7yZ!rd`_C1hsV7{BKcNdV<2Oxr{un=(S;IU!f3YjQ5V$VT-CtR3Jg`^+!6{NTl3%$)jVfZsr` zYINv)yZw8!|J+bli~kq-iV_vvhEc8~ih8|2)=>e?=>2{EYj|FIxJ;U+d&qpSkhp3MYSL zy}$MkX2>7m>i~Vs!RL;(^P~M|{!5zwU*<1=ba3hRzth8izztoaP0f$o_@`_6H*mSX z{Kk;X_~U$D&?i2;cafdHF~|S89i09X_nAL2XZ#UC&K32|J7ZuU{5x9t2saQvUv#A*M~75?&@V@tRHEaucN1N(zTLsK3NBM$pF^86F)xSd5`O6>m$^Iu# zKHt%P2>)59wI2qq_m>~_-+yZVS5`dk=)VpAJzD!=+-H7^>+k=Rzv0IAE#3U*MLqui z*I)a`eB$r)a>0FW{7-296S~1)ezS#&OaIjV8y{%8*p2@$&3^(n`pX~oiNDRY7diUx z!T%3x_K*9_ALaIw^4cHe9_V0fw4?rr^3TRMo$V))oBXvu+8@05y~;oO{cGYC$C!5i zS;ytiu-^YI>@Ppc|6csXxZ!HLgzLr7ecz8iYUj`8@&ATt_piXsKJ#<^*OT9?{?6s+ z258UQ6|7n@kf5DCGv2)F?o_2oJzY6vK|332@lic}H|C$9rO&9Sp zbpO|Gz1z;;lIvfE8=Ur!+@6{J@t#@^9~b#I*i`Wk;dI@9)@a;V1UK}wDt8yT@n^m1 z+Jl9|7*1VCvl(o(f+T;PsD$uYq-hp1drzxyT8eE zv|pkB>SNGtiC3--?aS@_=>PVj_Wng6k{Lgqv*$2JGXAtt{tr9D zf6C%Vy9xBw&5qn|=l_B4zr}j}*Jpm5mlwZR`$-Yo0a{$XeTJPM@4vUx%5RYe{Ix&s zUtau3*W5=GalIb8QNP~~+4+mP{oxzUe?kvt#&7U@3OTy}wBq>5Ji7m^;qe)OMQtH1x7A-{Esvh&~UUq=7cqmqZtHk{3jS9${=k#| z@(20-{UOW+|AGD2c<`5SI`qo=LC5>csK0E|+Rx(|@}r-UZhwrw0ZyI2I8FZ9cfI_* z-G9LUq{biFo|*l<_`^JY$Uo&DeZmMw{|)f}qWMqgDS!DfF6cky|LWQ&N4nX+0lz?l z=XZe}KJ#bTe;}Xh3(%d{_G@kDKZENp&uHb(xX=6;KhVqmsMqM(0C5$%QSbZP+xc<- zy;G~dM56xMANMaWe#A$eKbP$f{am+?9PQ_5f2ezlv-}X+=`TOVKk?%CYJZ6E2|>Sn z-^-5om(S(rj~{9AC-Aht{1}(Xi~mmD@ESMxmtS&sL%aWgf2{WYLfmJ5yw_G&&>V?KWEJ0);wU__K`f9R1(GpRe)9eddqy_;vr3KXk;@jc)dTK`;Nj=&${a zy8hVT82>?2H~xF|^3N`R`NQ@6;csZ1dZ`=#6pcUdlE3_-zCZkjwhKr5IsAX0#vk{Y zKj;&G&k>y+@1KJIVvRrYvcL9^`o#ayja6&A`Ojxs{VTNFU;Y^P-}tBT=a`=gzH;O5 z8`0wb9)J1GhW_~fxY+Wjl;H$V43`KR{pS8w|cH~w$5{!5Y9{k4D0C;m?s zSF7&EU#R&{=na4Q!>#>^KStO7uJuRVe*$m%%OA_I{~O{y^x3gdQ{3#|_Ecy5jQh+V zTt{QR-T+bU4u z`FrF8f9;Rw7he8T|b%67XLr=nZIjh@dxDw=u@-Lb-aIv`_}@^ ze*!Uo`D1197kk(r+|U=_S+$zo{-{3&>N)!##(m~Dk1O5&>GBV$x#z!b{A2X@-#_x# z{^1PybG7~tXKpNX^#8>871wI*Z=wDE@(20-DX;vS!<@Ps>HJ?lJLXxt{lR~q_WU~V zvA_IA_tO0*UH&s`eCc@q0{ow8&yV6h^IJag&lq;|>2CI~y2%+oBcJ$d|Cmqw*A>it z(~bW={riuf`pa(~?~ni7er1~mZv4}=_LIP8{_=-?;{WM~#~tr4!2dg}aQaW&XMWMc zAN!y1zkZY5?EisQevW+Zul<8Q@qhKa)!U8Vc-d+H&;ft>qdxK1zkc5?H-0_-1P=Pk zZ}9v3|MdR#*6SM_|H9kHI-Wm*U$=kc3xDlz_VOqHPHdjN$<2Rs z`-i^tmp_~#e~HSL$?vCZ?lU9X&cBDpuU@H@KLcO+%P)GDZhz13r)c~wJ8p4&{~i4I zY5Z}Y`GXnq>*dcHqpRI!w?F*<6|MXb`PyImN6X;%Dt{Jnxf*)Fuc5o_{BLmk;rn{| z|9}4S8+}UmpEYTg|L0Y&?09|z``@6IKLg+R%Wsvz?`40~d!etW*1{2gP=6n)xBvUh zA1j03v;NE1rG)jY>A!5T`%g8FKRdMN?~%CA_UG?{dEI}D)AXNPpLnf?oge;loyH&f z)?fZu8T?-U6X6Om^t8L0e`)7`iQC_@20F`cf$#j~$M_*$_PlvW$=6X58@8==ZDs{v-8*H_%m34|LaG8`2~O1$;fM zelPo%@O6P6|M;sN?ffXeZP3P#iu~fQ{W1QPSN<*b@Sg~$LpOQmV@LlP#Q(|K^Xt&B z{_=;*c>n885B^;CE9m2=-{{)@wqC1$1%C6FKhyD};5X1CcXwH8_a8j}I(wV*`;~E@ z`OQ(K#~&~M0XKBl*LtmR<6o_f9}@Z9U;BrB;y?24jT7AXkI|q1{^2iwkjHN+Z~led zp+EWHm3Q6vM``8fz@Pr|M}6Xd_>xTzx$*y^_kZ@8-{5hj%4>hzccH7k_t9QE|0jI^ zJx6OliTvfS{Vg6>#EakS{+rM76Z-Aj4i2^RuVMae8h=PE6mnPfRfCis_ zLL+Qnbg4@BdVf%yT6+8$;!%Ep-Jv(PU3;pX{}tx%sFfcA75wFomcj33|6J|e&nepdo z=d+{I8;++6&6+CH^qx}}+Uv<^&AIZwh z{$BjZzdAq0Uqby#Gxy)VAHBO;{APRn!TawgXx}dmRmqG$=wbgDzrPHBfc?QgO9$uW zkfsZJKfT+H|J|Rp_Rnm8`OSLD|Nklf3tx_S&5i#r?fx70ncryO4}W0dM=jj=o89WP zeg_*O{pAm5$RB6_hYq~-Se~69-;aJ;FaK2Ym*3?6^Irac zAkF+c;pVB2+4&KFHfZH;Lqvi%)g-{{N+da&5IxD8t&i5Z#?(9cdxPAALAb$qwxoh%#0u9 zoE!#0`N8D(*I;M;{WLZ(iv1pGb|&>>u;shyQ!of0ho;%SD?0{K4H<+W9el(cRkn%b}Y7 z^5eX`_}6&whdCYk^rPyIxAUX?nWvBcmYW&BdAhs*WLo|NH}vy+^G|T&AEEKbGvp8d z%lxBmUi`Bge>H9V>PW53>@OzzYk$-WpnD%1?qui3_>Jdk?=OdHXT~2agI|w7DE}j$ zvb!f0+O44be0|_zJO2gTezH{`|M{rQ_@f^D$@>DglOTSA->dy9kIw|UX4h}B?EKT$ zOi#3<9s5O<#Fht-osn3Md+@KfxSj3KGac=3CHJcI=zFsg={bDdGuNy1;DLFGblAVa z{VLrUIzN$a@bUwq)?U-JcXey`3~=Z~JK z&dclm1#akl7Y(xP_6Pq}PpIcFLtmbmIG<46^6~FEq&Uq1=Op%r{omnqgRd9(KjU=q zjXK|S`Dgrk`BXRlhaPhB2kMoNA3VW*@r{<-Y`pZ}yR z2K&b|QZX{0W|=?5wOIM2O>+c~>ZL zU2@?M52^FDPAW{K=1v_xFde{f&oJ{v9(>*)LvBe)xH`zp^vz z4?nkND!ahW@HeAS9na9gJ@|JIjD2UfKm6zNZR&{Nk2ETu{VTtt>>oSZ=|8c1*iV=r z_Q&T^b zuV+Q=x9#>ngY)l)jjJav-SS@Q{u?hRKkl=^2b7<~|C9H%kCk7+e{j8wqg8sk{xh=4 zBaZ%Wuz!P!>WCYdKhm^(_Wy;JGn^tLaz2krKs!}ibq z!^s~y+8_Si2RW`@S~@@cqpbYfYJEG$_lsfwN&i#v6ZQ`@D<8jkiQ+U?s{0ZAXWK^R z&!6qMf7QJ}r3Wjk@8Gr-EM#Ihcy3*my^FC`-xF=siXXJET>y*o%gRy{pXk4 z&MmR?n|%Ko6>-`>VwBJR%lmUV$8g5~A8=i`{0~1lc)Hp?I$YiF@^r`HW%xaG;|kY( z>c+pG@4xV$Q1i_Ajppg`S27j9Iihs_9(*3qTc7Ciyq$k6*S~JAM@CRCykN@Pj z@@H#?@^kqApbJJ(4{s{hfIr&k} z4F0&p;s2LksQAN%v;2AOGkm@iRem>ga9##C{A+yI<_qlnsK39vHaoEg_#-XLXMZpL z3pvijYN`H2xy;par{a(Oru@y|bX|cTI)49Wj_)7A{*QjC^6&SjtMYHCRr&Y>=W_nt zq~am`=Zcd!pK`er{QI+<>0bOuhu(F@yS420pUC&G=2e{hf!5{YFIuK}Vp{#>LiTeJ zcE-=-^?FqKn^*h?H+0szcQ@PlQU2+EpRyS2A1^2WiX#+1%JZ=QaTl?l=cxMv?4K$B zst+D^lpny~hKqar}>dq<+_Ao>P#oJF5IUgwu7kh7&@pzp8lQhj#w{ z%wPN{`%k_)PNZ%5?EfChIcKT+tok(}ir7!Auheq^_`xLbPf~Ho(7|~b{LrBu%lq2- zZ|3KBtsisphuW2oU*`nB&I$k5&v!|h{DEUWE^y;-bQi}Twtt}gzsp~N@5`20lqhec z%fJ7pcg}X>zl8n&d*+Y-%lx&N-)yh^-;4hcUl(ZW{rG-6|M~p=?i(I<`cI_8zia=c zsDI5Woj<_*(EToayQ-c4Y%V{HTBXWwuz%>-^6^jM{0Mu(|8+YzV4kMfez_`d=Xv-) z(xJzW8to|mqyBixlbZi`EFXV^*SS17*jaxOZPb0ry2M%k)#E45OFs>8L!UnMW=HuS z<>#Fmf4rRh!}&Rv^{RRvl*1r8C*qHOUWN|N%kUfUKhkZbqyA`d`Qa>XKbdq;wO>U# zmCybp%KxzQOq4gqsrn1}^wU5(^m=QIK`@E_>aE%trj7JvF|R!4;W5{D10J zSWH^VgXf?sm450D z=5DC!^Wd&PGvRhwqU5-4!tB;f^q@lq>tu@(nh$pGhTW6e;5q1U&(0@HenaEmyS}2Z zZ2Y3zKjR-$!spf0$q(LO-)>u^uf1ucD|BY+d&fJaz!wqA<(fe&oBm2ijWQn4&$BUu`-9=G*bv<%VJzj`~ z-LZR8!|w3^D<^h4O7b_jT^%=mi{g*9BL4AJ#T$32`OCe}I_)BOxM$46&jGRAu;gosPrxZ>fP_STH;q1`D z`Gx(bO)FTiV1D6-3ZcUJ3+GQ=G^1CG#ZwAr&s*4`ONaTPg&pQinOo3z-u%f6c-P6( zllxAd!aH|3bHV(1w2}AEcbHx*vAvf&RqO6~rKX>-Rg1MoEOIuXR9Xg%n<}WOm zH*M+gg2e@MZuvWC*W*&8vs0T-o+GzcY_{aYuXHGww`gwPne*q*oKw&dXWnr{!NOVd zr;iFPoIQWug30=ko#$ZtMLtl9T0C5#-GYUMi>56!mKlSLMP$v;!ouFh0;Ao`!qBvi zqYDZb7s%y>g#}aQ8toPqPMNnLG{10R$I*$D-o|v}^ht8J9<5$DeV%nb1E%Y&ldT!+a+X8TiXB6%A$mprNn-s{g28P z=9%<+BvV(?_RrDp(YzE);D(<1`V0Ns_*Yg{{Ng5+FX{7$4*tt1^cpYch}`<^6C!zo z#2c>DJ|Rb2#P>pFk!#R;lDCLA*fvX8v|h?Qx^-Bzzo8f!)9k8Wz=nIIn=$gkaFEE z6%y-n2Xz)w`t~Dx(tSVHzjH#GMS1@Lv_HwiqbrDD6MCj|Qs;zxak*L_rDZ9YV0Y-} zfA7E5jX&^(+9O&^wT~Ut{AXKDvTqxz1H_DkTt_Dto0=tz4~&FdLBoqnd&WOB5`uC- z?)!$2Qe`Cl{-0SQpVmvMTbuT$>lLEklOnH&{Jk*!o)k>rhQ9g!&)d22x44uXoF?l5 z)n4>=wMxS7|HqO4#PYI4wB5*r)b2(04OJ0=_9GKAOZrC^-FJ+U2|0HqozH+OlqYC= zk`=tY*{;_8b+2h9l2)`g4dso#rS9Wyrm$W9{ zdR0Wx=z0m6PWCrCk-aahmyksM?M36NI}*>u^%C;uFuL!4OXW&hmh#DP zwH#SfPe=(+wvgq7(As(l@#610Q_OO;J`)}=Haz@!w))IsB*7A}T-kB%`0%C?V3`;>B$(j$ z(67~hWQH66tSyS)Tvi7EX8LWCBtOl^Ns|0`55YFmNpDo60Efuq{|O z5B`As7e`!h_G8G8C?BK4q5&?)w%0A+xY!o3{49+|jezH{Bf!R+aFy999o`Nuy$$_U867;yplo6n9i0`gBFE?^*U z$^%OBR)q1t;C*X<_p$Q%M=yju0e>6#HbnV}xWN4m`85yaBjN(`FP;f|0_5)@E+GHH z8Awln{7VrRFpxLpcZ()Y4CCMZS<652c=`O@Gr$#Cj`BzRr3`Vw`PbX+Qp5%1@0||5 z0Qr|7E+BvBUr{3~KKA9()eO2%mf zeQ-=b{)x#^BOw1$#0BIZIV)-eSyeuNrz`jZ2EG zmT!M^39b#${vP6j+fbeck0LH0{{(aukbit3eh)B^H|5g%S3Vf# zKMzU&6oU6u`TWba9c2Wkp}chZ<9Xvdl!pMzQx|ao`4{0_0r^J|7m$C+7L>OD`Ny^% zWdsc5O}X>|_m43CjW4tIk3U^LfA4(Q8=(Co(_mkqY=HG22XO)U`%`f)K>lTj3&`I+ z5B>y@zk_1}2J)snxY}o5hw=ZVzqP-cD4)Oo1L`Z_8sUrbKK3K*1+>R=w}1LR+fxPbgk57-(Y{{-R!2J)sny7gx!jDPGW>p#x3~PVTtNQCePC~Z{5`}4TtNP%hYvFX@-J>P%m^6BoAS-I&tDtH zzu8Bce_t%0f9Y#OjezB4?De5W!1iYZaRK=k;#>jwJBSO&zxb7*MnL}2SBDw_19?+k zx#-+e!}x!~_S>5B`MXEKe!%iVZNDL22GD;>5f_lZHw5Vekbeo{0`hkT4>JPt_YoH` zkT+$mdOh4Q{_nH>wzho!@nhg0fRsOOWAy(Vi~9r8e)F(hhGPQqPaHkW2*|$_aRK>9 zh7U6W@;5jZKouZw%1s^DhWgK1t$)o+JK_JqP!k7O|2iMS9{~DO8IB2({NEpH5OO&I^(2H5zP z_YLr?^jAs$&-Z--e2M;C7yaweANm9!UmxcSX3xX#(VxXW+8zt-c5FglBiR26{C?Pu z;+xg*F2mX`l|Nrtt_%p`W${raUfa5VGj}A5g;9rTYNS~F118{t% zY!%K2IR28r`GOMozjs8wi99?wz{J+r#(07I+~5G#8H}OdP~LdZXU)R+j~#9K$E(@- zX~+Lt@^5M$LnUdi!GGPKdjR+A7eu>ehDy;H{}@%Z@4&&|KpDO|4a6LhYte& zm6PQ^{XhOqeQEzwm0=_YmKBDAWFfQ2x8^;4gD~2k>M(xGD1A zg5CiJ;_+YdV`5(K0INFSIQ+|CTkvIF9Ipm_5f4Crxwy9}1ODw{e5Xz|6Pw>VKra3R z_W7wtnEkh`()|0C^`8cBR59uP!~7ea4SxZKN_~s|ss!SKDs@nPNPa+EK>shEHN*($ z{~qE3`o9w&Vg&U6Qp5!ev^(W@XV$$wjQ<~dY5&RB?eY zjnLmO{9}j6 z4edPkf?qP*pYNP+{X5pSvk4&O=b@;d4(l91#^=rGswP_0Il!sdb_QVn1GWX6-w{Dv zFah_XCn~4?pVwxXwf-<*gr9>s&R2lK>j|C3&`JXh2sGE#}F4VkT>PK zExzv*#(&^XmVe^cbo-~;KfA94pZ@TVqu?KagY#hCcOKknyqF!eEt*z8wxPDozV}PmPC*u_*XLSrP1^W2d zj!*6wU?l1JK)){a6C>>Ww=n+hk!bIn-y^_1 z$PeCb=x>+?`vMX4N6Y*gA8|py=15DNUwi@V36P(e4sL)C|93m(8xL{89L&%1_d$K} zbN2wb_^&x?W$5_b_|=xbJFMM!-Pclzp#>_YC9z%`cX}zZ3qYu$3V2fADt~ zz<&VpFGE~F{@z0P4?zBf7sG!5@-IPLK>kiu=nF8AH)T=f_v(i6|6sP|@BLPO{Z+O% z_yJ3${{-!ScOUQv?wF4BsEhIjaRJNEBAhE=`58f6!16QE808s2{bG9|{Qw5?ru=!& zQ6Gl!FKlJ`N3PsS`QHj}B0tWJ? zbibJKc^LmIKDYecKgzei8G~yJWWFBSHy+}Gx;p`W~ z@lmM10S5A>eEOwCr7-?Ad)f9|;vCz4^ES!+|GZ@X$p@Hk?f)0;o&JXhxc)}FZ3Y}} z1ci9y^ZOxFAB1gS(I=HmVsEtnk2*ZSuMOG=)F8U*($!wgsm=hUXX9vvgS70N#)YG~7m*AM7qWsSpu;S@3{&gH{f2Y8f|GDh%wt_tY+CKqX3uynM zU%*|U{hL0{738vitaUq#4_BQ3n%aAY_Wu+tQTtz>?*FOxr!Jmv%e%rG;m^Q3ZPEV* z|BYSLHo(?Sl>`4Rp4Zk0yp7hM3opa@z_G=6Ug(4Vs+-ydXmPg9AJJ>t8o}9k-%0X< zcR79wFtFUD{I%ITQ^M>Y`^NslA87e6!X;3eC(HjDwc)?g-+70{YiMFI?}_{dRgN4l zywf7m#%>oa1!tfR$`?7W_#U(|fD3e6_DNVa+8$5fTmb`lQ|^0UH1zrX``7I+;_ut~ zE1SRbGx(&H7kQD)^5muUna3}`Q~9hyxdhyRZ5QL)mhB&ZJpNJU_R`gv*UQEKm|nf! z46}b4WXE>Xic=xM!w5{i<4h3U@=D z2rQT57;kiHRu0gzjy*qKqp}e&(C(D82VA}>jDO)~`wMrF?LWNwbs2w8jUR2qC22d6 z?$)er+(7zsc+LYiWNyzxec((;9lz~~%xziTiN6(@i~k#wUn>aX->b6Czy4BN|Az68 z6yyCh*j*s}BV(Z-;sO`^#Xm}GngGIIwtZ|1gue^^Wrz!ezib=)Rv`T4`mS6{_GzHq zDL?tB!@My5Yp=FH@QQ5z;b%zi^!)3#vi9+wsA>djaF29*U3qurc9kP+`Qto`cin*~ zEGp-hJd8efAg=kS`gg<4*Q^TTe|l4E|HwL9{y%n>_)n_;R{X~spKrX| zP+tKjLpgT{>~|N|WB@K33_D}HaAf-cEdR@HNBs)O^OlF>Q5+Y%up9iR0n%eRjsrFO z;`lLm9$Jd}1z@1vDKA}KbxRok-s3EPwqOu+Zh4*J14X^g1s8s@{2x4{ywfHApc_gR=_~sl(8|-pC87563Q_NUL$M&pB|F_ z^A!Kp>)+#qZ{^(5rTd!zsPAOEaM}Jwz|c%1 zl&x1CIYZXhD80_Ee=+qoyS~QCm+*Xat>jo6{PXQNhV9ighEm?ku7p24E(PJSIhpHd z=x)>dNV^V=d%Rumob#YYTx8FW>$cd z!oT3(_BzMw`ff)wLp^wXH8ZcS+Uspz@Dk!WqP(R88#@)G9_`lc1u5VJR{xk1nDSuJ1XmF-m{x(;O&25-_Ze`?(Du({J zTGu7=_O|r~f6xAhq8R1_oYp(p|KMRej&1foxM%go`^3GI`QOKO@u}FSf%;MZ7gpYR z82F?0VFTBH*sCk}kF9GWy)BP{S?`ax?vMQ04&z(TG(dUZAb5W^(jME-;{9=Kn}d(>M=l%w!(fjuNxNPJ1 z475At$n$Cq0{=a-?Z3{ijDGz*Q}Tl_)P!9+hsh<7#((nfl`#(^#oxJb*Z7ZtfyC~o<2?W$>F`(C z|K=)Fy)gd2!GGdu{Qdut|EusL=YYSCfB!#z*fWg(M_Ikf__c@ zcmMyq=lN3p?2vyey$t`qAmu;qtiOhTULndkq|g7Fe-EveFk$?geFFba$2l;!|F`Q9zdnrrtFV6}jlVblpRxb# zu)l+L2m|vi<-e{Ob5j`q<6(a@BhCLW`e*phhyC4h?EiCo#ZOKg0i} z*5F@`{r6r`_53jY8&Lkl)A;-U5dT}>MfqQj{hg6}v%;#y=NW#V#?$Y)(QhcXeF#58;PbD%mm%*xwOj&OtE!QH5O>dfQy=dGxOksx zi9FY1d+A$f7hrs&K*j|i>#KZg9JUWBFqLOPVtii4jlJhnRwr-D>31DC0{nOAKY8)@ zN+!~^rs4Yj?jmb{_M1@3yxjEu6Mol)>-y7hGGEm12LD>y-4q=kF&^~r2f^AebvF*S zWqz)#hZV@lY`M9!eUha2m7!7&%i2S_V0Be%Fn7*Op7aZz4Xh%%O9DS zD}nZ(D)Uym=9|?pkj#JB4ec-SgKJG14WpNaq4T(KPCG+!;c)<7Jov2)?)D^NLepa#>ZH$HbnX9*UL9D z4(#ln@}F$`&)PC!rr7^cwLjN4KMnJje7~CE`tr^d;r5q#L88G3HPFP8%yLq9o9!!f zzplFt`avkXCv!jRr-`@Q^-q}wyv{@|I4JY(e`I6eKYBt$zfZpo{^Na;;_sKsKjlBC z#VsGxG_(JFK^Fgh%46Y{AmC94F{N#HV5e59pC@GplUh_mSpc9C+nn0c1T>IY08yVF5}|?nh?g_c&j`!2Cg3x9bfT)q(ws#@TXm zgpR+IeTDlSTH8Ff#qRePhudGqCDZ-qn^&xz&Cj-+Bm>k*7G;o_q>@d z9M4RQ!gwaYK;D$|p832^7=QCM%CEyx{JpFH8UCeXFrExB(C^8A*-IPW3Cf?P)(#xM zJAO3^g5Ro{Chctd!M!G&e-q5}mLg+>-k{~B_B!-C-gm{K%>A^p_qFcV?^QScU>y~M)Wx4&?>*qOD{h!Q~zoIGW@SeU32E;_WI7XmOtCQlxJd|i-edJ zhTmynd8oV1lXI14)^|Bh*7DZT@6FP_PpV(}d)x0x6zPR1>3?Hiyi)p~8}UBOziY>! z{rPC2iJzkWpM!sVll>+6H>LfRC$D?c619W!WcoL_HgmtDKiF`I>Z|EOy_zZULX~4a z?YbeI|23D{^0V#T7{9)vT9UuFB;5Yl{8wl>Nqdt2X02zR1`CoRnWk~xk*Ye!Wvj3u9 znvQ)ef7<_|ZN8iCe??4*`GI)JXF8uK&Mff2PO&m!Er8I{(wuf8y{TQ!QnG_l7^m|GzoP z&o4B;(@&bIUoCz%)88VxpZS3Px8V2%lZ1b<&OhP&hehBYd8{yLf9J-E@h{VICfonB z^C|D2oloii%wWgX!+yk;J+fP{NeLs zWTd?>?=xNNDgOk!pZxh9HkP+h{XtyQ#ntk2gzhg=>8QN5(!GW0{&S-G&(~{E{tvQ! z3v#M=Q@H)*yBHE;R+t-=r}vRV>~e!}yq*Fzs``BTZZdzmh-{*HPM zJ?drYKTp=bAL;j5<@+6xCom~cgL`wu_%Hp`-Zx&!&Ku?LchBNao{8o5e7DTjU*y?q zUt4ZR)NVz3p^3bp%3Du~JRtlN>i_hg|Ez%jKT&9=>ii|g3+F!-^RFbttT4lrr_p(0 zy4z&?&mMXp+kfaM+5Y3|`7Hk_?|tIO+UfRxPW@-$!FT|vj_*s+|8ww{`EL@)|I?vb z-~DFoX^$Gy{(igPtDNZ%+n-QB`OWU9oxj!cDxu#Y@1Pf2qOw@!+Jd6K>HL@I_i>-x zf(pB4iobVDxc#&FJ6ZK6`8)foKa95X8R;jRdfNT${~@pTm#JRbe$!+&)T5bRxaa!A zW&TOh|2hBg{wlD4?G%4kzXQW|Gi62j|8RuuMMfq#{!O{Jc z{Qc%{AD)%YpU;oM_iI+|mh>Ozwu;$*A=@+R4|-d(=6=hEvg z;m&qDe~o7RU(&OfUC4`p}VrCH1-L*Wxwl_CHDamkIw>g~|D=&K=?WW&W*%m=)$x z<>^<;{9a|*SC)@g#g>x=dVUY(@4t0M&=26~{yTQdESJa^!zDp@RAuFHn`Hbn=|49w zvd@pt4TS#;OSK>T3i5BL<#uFZrv1J1luvs*pPl~y$yd6+j;*hw%Bx7vcTTYVWhJ_Q zgz6Vj`Qt5>x~219toC1y4&KP{6o2o|irJs_5z869jp<=B{han+Kg;&d`2Vr#<>(K- zAEo0y%D;o|FI8Eh@{D)#TBP$IuKD+jx!`|Hiod(8V*FpfM$37%r{2bVHa~N}s|OzW z-tMQq3EjVSrSjM3;x)S8QAu&SNs>HjOP z()_FU<$Z3|dYL?F|IJzTLZSX(eDzHKr@t{BD3?F?VfA$TpR4|}>J>b{kI6G%w9@P3 z;Qz(F_J-tNo&A|TGV||B?dQ+tf9%y(U-wX(ugU*3?XP1$STohj$&$D4`D>n(pC#IV zJ6ieA>yG-Xa*ZT^@2+tBXY>C_^RGE2v;EJ0i9~069om29o0;iF{(G~(aklNpp#6)K zKetaiuEjCw_Gka+%dmgq_>}$KyDP?@_IG;zIr|^4>B97){j=rP6=M$<{tMLq$Ep3l z0DoD8i~i%>Q!)N*|9Jf~`+q*r_JCP#%SpEX{-gVy!)!Z;_K&jPb>GZ-VXE4nGP352 zd(!RynDTdfRx;kjyPNTvfBhW%$FH#$jOld??@)hu+^##KyUm@?+x>k0r5y|3v->@5 zZ%ou5jCxMb-)i~u`Vl?eLFIYVM)wx}Yt;U8mH+H>QU9KlDnGq@!|nf;o&KM!e{+4` z_sJ`jkB;Zi&g*o)H^8Qsqr7IW%{;$I_tWqB`|-mgw*7y-J)iw2E#>|3<~2?0RknO~ z?+fSOy0fhqX`k1${E56}pHuX<=Iw(r%R}CO?G&vS^f{%j{@}H0_I!7vZCCSo)5+4~ z!fAOje>mBGFxq~;w>SFVR@XKCU(x#I{&4>N2W9g2bo@7a{>*mupU5`bekf2L|JHt5 zZy%fAsn_f)tUZ}uXm|P@^|EN9}(C%g+zc{y8({KYj)Iw|&^&m(Q(A(+s-L z+S55Zvz)J{=etwve)8=6nfg!GxD5I8ygRPzdYkZXru;`L{|CN7`{9t9N&9;x6|?`* z`rPWBZuyY^&n(Y%KkdI>_dAm_^_rml7@n3_=-xw-_`Obah_dwf&BY4wDvdq+w!wW53E~Y?d%?B$Lk}yKXHzx*R|H) zM(BR}7iFbizX*MQCxZD)aV)Agu$pZLJ1Z>zT6!JIffw1i739zNk9IbHZzSepIjt~X z<2&^2L00rVB=V+g_v|8>KeNO87exnvKi;1re}5PGUtSCSkNEy(oo(QW`C!k#iSg-v z`KH}i@P*7ZFERPu2Fyp1_o@z=gWusgmtY=cqB*{AsrF-fJoZD`6XHKH_5Y{Ue=2#H z|28}2Ki-4k{&QKD{U1}m%^p9U`I_|;=TPfEwBNd)?S6iz)KPvx-!FkEkqC z`N6SwZ%Oz6$(nx;7XEWm{N0Bt#=oeM_1n0YC1W$MrIgKd4v{Mf3a=8JCj`i}l! z;uUtk`;#qKS?-WGWwULcJTLqgsQuSy`QP&-lz0%Bf=H03nuS5RX^4>M~))fB5%747te{xUE-%I1~SCId`?K162`)B(P`9J!Y z`cGE6WboB}m)U+UIXB$?*?Q5h z_#Ex)a~$nHQF$}}Ui#^Z;QedbX@ch8=^ZiuusFrveI%U!qE~E7IHni)Rm*d4YG(PL z?a#C$?eAV<{imN^Cp#ZSbwBl>p0{tQw10a3W&3B(-QoY&r1(3JhV%dATiXC7{}G>B z`@4r^&L1Ox_TSo8lQG%+3v%!;)cqZ@^myxti{$;IWc!WJFT?u6f71B-yU0J@qI~}3 zlg*!Y&9=XjgMXsI);3}Ms~(8_du_`8-ebFFf3M|V!=HXnKdU=t*H|&Y%9@7XA~tKE>aCa@Y9# z&276~Z)dX0Pug!+{Xe1?i?HM1poI^{QZB3KkGsA zr~gx4deMd#()qux{LkKs=jAm1-n0LZ{k0w>f7+e=m%NaFSvvnWSpI;2{Fapc-RJ%p z{;UVdKimH&JIy{$=THB?4gM3kHO1d~{-5E`dXW6H?SIKZ>px8APye|S_BXes`1}79 zf2{|}Kce}znabDJeVx&Mc;I4!3{*ruH1xi!Z!lpT8o_Y(I(KCi$Gj zd6ETsfbAUb13TZz(f#`^&+J$4!1J@Dchm>L{DJ5V_P(d9|BrnT{(onRzxzVP`0uOz zPVxU_zJGDn6ZZP-*CKyU`%AgMA^GY2y~qkXjzD`C>T${&rd<67{AY*$!)7vn>8?D} z{|+5Te$n!0zb9q3{hz_OcVf>1Gg{WoX;@$$7z{f=)|GV}AX}Y|eATGHjCdI1Q;o_JLkGuuH->bm4hRHxjpT|FXjFHeXX^ z?e|`9^9B8fcBdTF{huA| z|CI3mB4vN)rN5WI*Ua|cxmot7-_Xyh9J%Gebp9NFzi7`qI0$FaYQ z{zLwhUmtMqx$f zhk?KIZHmADH}lWsKiT%*@5|=>!uWqvJ4YWT^Nvi$el!o)4k)!>YXt|5+&yW7M_UGw^*W51rmu0m- zFGu?`k;dPzAb++$y-)w1_UD|2k97h69onBg(f&-V$TKsv{pr17?ay{6Ww!l;_9tFe z4BDSfwEYPgv_Bz(_UHb#-RVI}yVD$C+np|?v^x`!-O%224lFP$Uq$;9@>NJ5lI1_; zs3Xsqp6)+vfA&ZFGyY)8f82Ey^PioyKj~M6peHOLL+-pE(`xJlYoxhiVMcZ$~&pCE^82^rS(SG|e#ozy%`R~ks zX#ZX}carjdhxX_EP4NHiDgNHOf3N-7ev1sY_how_JO93Z^Ms7~=ghzFm%)G1_`C1@ zz5IXT^J7;2&E|j1SqB~!X8-&xC_jHn+248p@8zG%e^~BN4(aoHOX0s=+dnLSj>7wo zeytkj-X+=(p#0IQ3j*c64fBlr(JmbSV!xT5zQei}1$sc{`8l1c8pp41$_DHathXlX zG5Oeb2JK;rv5t#;N8bIUKE8{*hoK*l|D5&tPP+a1{$2O4&d#_Rta|JX(L`p(Jrxtv!f|B|DzPT;XA{zb?1H3@8I z^M|`-gxgQJuf6b}n8p91`_Ruins-4O|4IIvInQ~NZO`z^0M>7ew5^-+|BwEh{kg7JF8?VS2Kx_B@h`!)kL{iDpEPvuWnuom zW(NANf3KC~?{4^O`InCDYsyBY_(u_skKU1gw*Q>D>RLzqC!Xa$=b-%Y)BMNz_|Nel zzES;O*F(tmpXeCyKR(636x*>AcH|#X?`Qkr!Eu{1`p?hQ@s}yEzgw?{nSPg!<0yaj z`%_Lo#FnHny>1m<=O^M@eVN%NUzW+A_n+}h=Ki+&gOaIQ4y(S|?N0uFh`H$5bpIj$ zl6O)5{81~(-%~#1O_|Mq2-h9jJ9GYjQ@#(Pd|3bReN|^~o39<^zpjbp@2|LnaO@9#XDm*nq$V(m%Zl-c}`j9Ys~UdZe}S^S3GZyvYxx!&F^ zdeZLa`m5x%WPav;Oh*rbqmueRck#Sn{;=*gY(K2S{CV?I>iON-7|#D{)V~twKmV?* z^{mbt=XJk+MEQ)dcBUQs9jE8(dm`kua9HMkHjo`&P-VTbeM{5dA7uUY#fd0Cu_)@* z+J5jW$bWeky>Hh0n^pJE+)q0fou9d%dL3F_^POIYdXYb6-Q`6lo&Olkzs-+9|Nrha zlKj2@RLuUHbo~LoH$-zK$Hl(1{aWPzdkxD!`~8;_^6mcke_D{3wN&fDqe~$llzE`e(LjD_SDgRUKcnj^{cAe$p9%09S$(Q^opM7e> zD#^b^%0I62{~eT{ewzKAO@EI6fh?D@_;0NeZvWy3EPp>Q^Syu~wLj%u-;^{?FMoRL z_-RoO`2V^z|F0nb>krX%*L7m`c4oeo^O4G#`8WCgn(n8cchPm#xZW)7Ps!^(+2_V! z{$5P&&-^>SGW_SwRQcn57H9;I%KmF%)okzjz zP_JzMPju{laC-hF{|VQlUOl9`S^I%42i(uY`L7+7S^sW-NBL+yMgBJ&Z__1v{fc+B zoZ)`*KjzuY>yUp$FG&AcHTl@x)BT6f?_2l7^KX7_vx)N`Hiz@yl-2*AENA}Y_cvKXWt`cc|-em&~&)-hC6;2{>#+= zkJkJ4f71f=KUAx2?wMxWEAD^8`QP(%Cjb9m{&Vk{*8bFs_9t)Vhm!|foiTpO z_RnLB;r|6G{?30<~!YOp4ayW6M44$XZiV>e(#U_3-t#xSPt)H&!@dF2cn zZ@T^-+i&DgyHj>r`EHTaUxg>z{Qju6f7TAc_}wQd|8c&l82>}{{Xz01|H8>yo@C9x z`f|_A{p5e%+1h^A^^52~v^(W#$6xnay8rO~msU@s|1gceUqSxK_h+-(|9d@d{e*U= z{jbz=GCtPk7xEl%jMdBe);`D4{!ujup)8F6jZbpBj_;{}GpD>))R*Mf*19g8L+YX|=BU$_({BK^spZDSOOQ-sn|5m%U zX)x64@8{s(;0>D-V|s!AU+vFI-zjfhN0k1P&3{abtDi~tAM*bd-=Fo<_%G5AppkZ?}~F-5>s5{;w8>&;KNE$`9vm$XI{%EbYHK z2kQ@;Evfp;`7xaT;L(}>|NFk$ZqfWmzZ~gnIrEA23+CT5bX^xG-|lBVU3P~(-(8v6 z|D4bZKB{u+BV{j&{U6o*J73!mB?qJY-@D*I1(`ptCz=lYGCO7R}Y8+FaY%HRDd zod3gF{BP0n(Am?j8%h4zdeMFp?^Qn;V*Q=={qMoru2Vn6XSsqvJy;$sTXtFt;qQ3% zI$VEak0xk8|CsV0=jU+#1;1qa|J0Z4bt1#9Ka>B)KkR;|U*>mGikB<@X8K(j{lV&D zJzv}5S@^?$uD+l`dj_8+C| zhd9kL`47@{uCmv&;`o>US!OviP1mvXKDGPlH;(GTd~(dX&sU27bWs0c`}vu>;6G{h zcYm#z|MXLTaK6f%e_KQS%H7k>>!AI&>+_>?qHRBrS7+M6wfi}K6jA<^FKt~>lAeFB zQu`153H<$({hi+`#-H~0T4mb*DV_fiS(Lf{c6PeZ&l5V{5mEcoU-~J3Zr7jjWybrb z^OS#n0^=8NRZIGhUqSxIYrjEu|4D-V5+7x*Uw5>QYa|v~`#8#Pf%*@h7wA8f)bp3d z1B3D>s{X_AmqQj~{I^TZB!BPsirIf(mgiaZZ?>J8e}32Rys*9~RQ~m}AD;WE7yXWM z>$v?h=6`bhcj#EOAAZC4E7|{}{o%YXrF{QULM-@?PiDNX?cRy@xm9TL#EUjR za{nY>%gHsF`wQOC^9N+EgG%0%uP$+(O80;AUn~6g-aX0RF}B};yea=~{!AarRrU5- z1O7YApMMSO|HNyieg9GUbKV6dzh6oFM=>AF>5^}9eaG@*d?z&hdzKaX4x~3W^&QBF zCR~xqm)|cF{w$sh+y6h0LHmEd+Gf}sE&nTp+kaSIX8Y&=*YnGbqiy-+e4W|;&*pz% z+twN1KO+CVjz|07N%40p|GoV8ILFo>?oRj@?cFn@|B(D!x5E6}{Zss%yuX+KJtr#v zZ!+!QO#Oy(%-M~C`D4D8pA)qF?>+(L|4;SIIb8oX2mf={*bCDCfB3Jq$Fx6OZ)YCT z`9J>eneDgN7TWWTe*cd3@5ZlnzxLNTdZ7_na(Tnkg7pu1pK98Eb7!Oc*}Y1VzgH#P z{@MJq`+0cXv08t{tJrdtV^KfBj7^Ww^< zTDbk^X?l|X8G63oIJ2KEcCp%7pQm{LkJ;YS{p9((t{={E9NN1`@5k+{Ufg4x)L;FS zKfj;5;XL@vo%Kv?y}hqn5Y9h_@1IH_{|hyrdM9V{AEx`A{p@ok`M>vEre02PHDg}a z{myqb9cgzSr+lQzqZ$2IQs4ir9?oCB|0{v~@6mBX`mH@`%mbZldyM-v zo0zvd64^v;=kIzO2f!~GacUU;@oaw;d*WSJCc=4Yl%76Q<_WK>ZdLjS*t8UW% zUX6;`f9Ndh52jUSyLW*;|57j7Z_R`1Kl;2t`*tm~_UH5R-l~_YGOF?ff7yNM?YDz; z{ln;2m~-B|Mv}i!qu7Q!ySU)WXa|y z^a|F0NMz;T?@vPiL(iH?{!T5+U)>#VT-YG~pZ@+x7cD2V*AIW7hx)UA4~ywPr9ZCo z3%+ZAe^V2Cps87mA%AyIyg!0%v!baPh~}-lKN2lzYKpPFK<`U=_Jdn9`fqz_`ymed zM{3tg^7oZLa|C5}{w>jZC-HXX`y*dGqkf|OqOS5dS;vp)S25jR{d&#s+ibp$>;7gc znSSl-ytpFWf7pMrz6}if?QW*mi}t==?Qr|!6%W`y_5RC%2km`bCzF49@4q+$Vedom z3FwyXlJAeWE!vr4Z0~IT|ALX{1pUvdmLdPSSpPqf#^2rT&+#ws{TJcy)oEuEg(?0H z;?cT0@@F|jzL&Osw};ICe^33N^Y==?-#Msu(*91JKgYkk_g{p6bl-NSY`+x$Qf#}< zj{KQ#$p4&Qob!Z#Sr-3$uzq{wv|362{-5N}_g@mHTYu*Bv%LQz{0p14GbPPa{EM+& z1fSZO|2(|U{DEQqzwJx#?^-v>-z)rc_Al@K7vW#J7wo@xihmUG_&z)G&$j=yr;WH; z>|b!J&8PIApOJt4H2b@C{~Z7F-X970!&hSar}1wBeXyNve@7jM<YrIbGsSnl!t1@}PfC-$f@+26V5{_Jt~0zJU*_3*t0@^$n$(_!}8 zmktpA9n}78KQCR4_Cr&$L|vSN|KMXY+y5i9Jr*C6`Tdv3U0VKYJAwDF!SY}C^ZO$M zUbg3F&mS&Q{*+U$zv?XEA5;E4b^hmLuVeh^;40?ShqV0PJ>34M>I*k9z3zCvPmwi# zcbJaHWzQ2Hr{gTFzi4NE|0r>1X8%J(??d_TO>=_pcj#_&hxR|bDBlnLZ?z|5vm2J9@qBd5J~3pHer?A#d;YgYaLL zRsQ@W?;mxqYZj7E1^JgLA17=6+vfX}zs^f%K27L&E9W~=uf;l#B~ssxcd*`NI#6!A z{D5Hnu2SXC`9D6|Z>Dd}B!90##q96$y@@RQXZsa-(tqMJ?Q@o+hV6B!>N~^kr(f|n z^U3l*{{yG!>@4s5d2tWA^uX`mbes55|`9p(S zWRh{&by{2WJHA*YxzD{VwOux$hVg&Jb<>W2Jt=j(5XY-5OC66tUBiq;Gnn@hN&Aye z_3xe!#$UFp|FHa@`2g&HNXq_x!;0Dem|2;2qn%c(KgTE8{xsUr)p0ss^96bBsq^~S z|3>>a(+hI@y^CM&Ci$25Vf(rHgRsLSwz6RJM&bN#U1NV4(+jZtiTsf1Kc6vQD^J#p zThxD;f2r31KJRCJ*N^-iz26&WTpWDAJ93+~8~fkhIS2{YySiCK|8E@5e^HkI|Bz>& zU(94X-lw-QrF{QU_mk%<`drNOY5$@6zD#z#M!WO(^}JCeBb*q@eF{`6u0Tb7^vj?ZVfL-S2yR8>mYW#Ib!H)@PFZ zlE8Kh+q6IJa?Zme-j?#mA7|~x{JRDIA8%77$=_H0On1s``_s>zTWz_=`}As|&$C(l zhi2`keJAQXSmp~yFBInmRbF}cBe#hCm#F>8|82A%;_XuWy}c{uKO3{Y6UW<~d5!hY z_$^j1rvLLy7tikRr$5-P{V=Qtr|N!(7gTw5gDZmZm(nc$x6Ok6k4*7*_o*2Fd&?|O z=11P{QQgn}Sn~JP{yd-l|25Mkt6#T+Ua&~z(Y2cg z!})&(|CPYUui5$4_IHsl{oe`hiZ=3N z{ZC3SKl%RbX(zycO6w%~`xWG$Yy9XtZGZARm9&3Xt!Ewm&LjOlO1;$n2*8 z(fyI@tzWVKmUicL{TBuW<1fDYKlwjb6HgfftC+8N{U+i3zsmCe0he1lGoSK4{7$Z? zbK1Ov|~@sm(%kdy-p4FH;#7{>Hcha-Moz(()~Yu{Rg*WZPTfa&VSfH z-2R;|&*abbAKX5f{pbJd`VZa#wj86q%`=q_IrYpbr%WC{cHAk>1x}w+&pf&J)G4Q& zdG@K3&g^mikg;c+(kwQ4(v(S)PZ@vuDdVQJ?sLxRr_0{vPUimPkB&Y+c1laW+4hwGhl#!074&io~>*wP7Zbl$0xPiZ|QIIlwYaAs&ygbMm4lnP7x`B8yUqGt$2H;lMW(kf0_vBT(!vO+U-7gSMnL@>oGYMy?#vcO zK>Z4*wlD(f7sa^((NCU#{0mzcL9Rf(C=dJSp=-nRi>iL^?N+~jIrK}M+}sGLpEIVp z5m3L_$mT{s{o*)RK>f^w=0=dz&uwlB0qR$Za|P7TJGHqHLs>Z z@Jg(H@7KtKe-R?6wnYU<7xeVsVdzK4&!u zz;(nD*cLo=DDvOF)l6h^g8)A4;T?=;lCv8GXj*LZv-qflit6|2F=Zcz>DLDH_asDC z=hjd7#-~9)Ai53wTSLDKpdUbeOA!}P-^6t215m$`84Zkp`W4N@F@XBH7d9}0|5d*O zD-Y`xre6`>50=31L){wB&+t!4zeHR3+nJ36P@lx4#zsJWBC*CsKz$O33u=03|L%qK zIt#}E>Q{=mfcnKIH#UOG6Rba&vm2WL0lOXl(Jv|IY#2E@OusXpvic?Vv+0+uAHNe^ zG!@(d(bqs<=lsS2s80#D1s&cKey9(o;e4P<6uxm-fhk2?(5ndk*$UeiU>i8&3~Uz_ znBwV;12lww2ETV_G!C$%W_AztqKq#eePNh>E7w{5_d8r(fx8*c)K_CFX!TKz*Wf8yf-BuM}|s(=Rp;`T)`GNYB;}20MoDNB3uh# z`k4jLO^_o{FUk!A52_oc-_YeY{rG*bTN0t z?`kF%$8mt^XJ+Ag0MpMyTrhbK%2Tv|ieO7Yu0Xvg`=0pxQ(^ku$o!|@uga<4J-8P@ z{XE14)X%vW`4OOg9^!(&k{|a$`|Ca&2dG~O;sWXyy&q`{e1-G9-DO?}jsdv>^`g9g z#)gGq`fXDEeEq&sF8#{hM0xP0!BR@2b-%cEF7T0-PBoB!lHH|gz{`=)^(+SAckG{8&K zasPwSo;fQTpbRg3d6n}`8IB9izuxjIMO<+9W7tOfyLeJGz~$KXx}kl7Z2{YNg=gY= z0PRzXxFA=cUX)F)nfOdt`i+Te{r<1=^(#IX{D6UDtv=3qQ6sn!-;WplB8Us9pFvze z{YuXPUx51ghzqD+bPDVTP`^SP6XXiii*nF^o-7H|ZyeUomJm6;eEo{X;NF0b_KV*T z^AHdh?2Ggg{YnrQFn!JO;092?*yyMcP`^0h0_s;b66p_6zmie79*`?gFUtKs*m6&p zeiyx_`kk>8{kr4cKyT>dI|1d{*!D#(90CZN8h zhzqD+@z7yLK>a+#1=O!Fit7Q?uM}}Xu0Xvg&%VF*17Z4I$ozM9`T7-)06#$TpXlR^ z92P+GpKM34Euek|aRK!!Jq~;U>gOXasISle(PLphfch2Um>^f6UX+ht@?AVkzj@4m zQ_9z`s4MObNd9vhBmW^Tko+h5l^`x)`kHRw22j6PmtjUg{o;rVs9#wpq(4CYN;>0u zK(0W&C?`+<`GPS0D!;Dz@0^|JcL44UNd9y4k^c}EFugp)1u+BIj?N7fG z+V|hr53m;J$#&5X^#lBI1GZ6LCa^6aU-w6x53E1Rp6_hO^?-gov5orCKF$8|N6Yr8 zZ&1IM;g}#-pk9>Y8=rheb>)i;7%`Z>QNeSutodQqPF!obk{=a$(kxNXYUuLSoJP(NeD zwyE?hMO;Ar+)C(g0H~j-jPn8N=OHf0rC%%$=?~-z)Qhrh^AkebpG)!nn1p!S^7Tu6 zjr;^qzvwrxKfv^he~a`5s9$MWeIuZLu`TtDfch0~t#1Um^owu9^?+P~dQrA2Sao2S zfA+`vx)LHU*z)s)FRNzM?<`-6XAd_5(NFp(VsnNEApc@)3;29ng1CUsw~@KSjbLFt zj0dAXA~Fx#0H1Ho{NYBx=i5@m1-SzCqCB+zieJO@bH27$aC+Kt?T>@P z_Cy_QqkLm|_a1KGU|s^ZJ5h2=%SD78NoCh=eZ(ZL;q(2{rBAWay{w4NnNj^ z`faK@^5!u8X5#%K32wgi&r`7uYH@? zf_`3?g5-9iyE1=Yqj#n~ExR56Gua>pP=I@Gg1#f5-wA^PjP$VG8{%Jv4fyqlwEtYdm>D~ZiQODTxj)^b#lX=A7YUKc)l56`e^!??s#wj#>(?< z6zy%q1?wbz+oJu3a|KMll5PX=yfYw~ehI_{OuwS81JJ$&Fk~d@Uxv6KSD;>$-*#R5 zN0@#iCu;h=WA&4D@Y40GgoKp$b`tOQ4{+!>+`m8ix8Ca?K*|#tzbjtcKS1SK_PB@R zf<10V-Lnwwz4!YEc(N|i8`~bX1qS00vR(86t_OTC*oge>cR~I} zTrlAs{QgAbSHuMo@y{M8zYrJX3e<~oTH?o}!u0zV>(5AV_qOZr$T~Uc<6|RN;uzAS ztXt;*@0<_)4uHRP?i?U?F!&r=)kHgX4sass18)@0KLY0ir()am!ShCk&H=8_`ohOC z0re}z?*$EyvGs+IxFA=cUX&9CpLcbbewX6=FcK1DtbfWn9O>m}JG_V>>Epz^2WXG+ z^!Q-pm)|=FcnJRHVB7hla{%ejbUWjD7v~GsAwM}iB@c87Fn)JiezHDnBfAHs>UYsk zo|j_VI|sng&_KN?Zy!7%w149E>#cr%bDMrWgZeKuzIp7;m|xVjnkjpwV}STJ*kU-g z-@`U=$YATQ?)r{K(D*2ve^gad>~{<>GcM@~f85Y9!1nnlPofxa+t@L{q{m?ooL~9` zwt>?hvGq@UZAT->6{r{GK^wMD3QNBP{82*WGFyJiIv(lyFIm42?}7fL9wrWdl=|I6 zTyO{K3wJk^2Z#$kLy;cT|A@x{)(_EPJ9-u~mrIB@wC%H8`bE0*FoHYY1b_Hz3E~3tmfbEzTu>X|A9c{4 zDMMU9{oe0~6}i0p^ot$P!w8n5 z{+9aJM_jOEtWB@N1ChRfq^E=QEJ9pB{Yv(SJpk&LKwLomB28dFfcljoF31(A7v)o* zozpB#zaJV`4la>sTz>kwec(?(GQAKl1-i{ce(8nuLR`S~E9?t>0qW=VhCc(;uLN-c z^>cdlz&wkTem>%YT!DH~K2}n6d6<5SuDAL{t|&kKikrfpfJI0zXJ4ex!QcWgJq_Z5 zAV1bceTTS!`js98djQnWM_fStq6Z>>0!+U`924XU)QfWI@0(hL>33IUoBtv&TK$gf zEAy99&wm}HyhnSjtQ(eka%evPPJGc`NJ{{KIYi@FtS8 zz~m*LAExyKAH3HY|K*?nN217<{8#wvK>=uQ2it;ZYg=Cw*T;M2zZ1lt1GMRb?b)gNu%h~XviEhnhv~PU>gTm7U%!OY)Cj0wv`JGV zpnfjm0_qp(+7$2Aru2&*fMY-|{Sr7=@W1NUs==tx`7b}8Yb_M7XW!eC_ecv&EpuEZ?Eb$|CvIY|FYksaxg_v?iGEkx)F>xsJr?<2B!gwQr1y8t)bfP z;-=7NT)v4sQ8j=I<(+}mj9HEofr)s&mF=QO@yrA~bpw38E9R3ufI1N{sL#C7`28yU z9+-#i$YeY}-eWQOHk&`A2|Pmr11`4Pv8U084CD$-H_C5&j{YW0zv)areZSV~mwG-L zj|<52SlN0!vjRV%8kX&n56~wDyoCDD8G`2tAAJ(Qn^Hf@@egqvcnpu=;=hF(pbzlS zQFc3mV}b?pye`jsA44Btf0VD{r$xAzAXlJXluK{f=hQI$?k}_V;Dy~_p9bjf!1V<+Q9pUd;CUM73UUSNMS01b7tamTuPfFklaOeet{?2J7p8uN z7l0qoqd)FnAO3cJy8zTTF|@rAP@lwkSO*25KBYJ&7@_rzq>%*bSAuf|)US9d>;>cs z)Qj@-*_)Sy>F26`@vH3fgH693_46+VS6~qI^F_alpdUc}BFD8i0_x|_#`%Kku!p1< zjtO$YznBZ9G6URvo;(`-UKgjtuwf^|yqdV<({N5Hu&>8+I z=kxf4yX>~NyoC|u3e=0T`qJyXu=L~jigU0{zps~xeyRMoSn?mr2j0IbF37mZe`o$GHT)~yz?2IbHW9+qE1M?v257~~-!TkF64a}#5?D<7=F<1SF z24*PABe{MVwmodqzhm<-p5HO|_$|u^%E2$ht3kgV*1uhq2mib;&otUszk_g`?I(m= z1%XoL6-t;I{5R&Axs@<)wZK$z!4LAWu{f|#fvJoBF&DBG#$6JSBQT!g>|21j74SRA zz0hCgL*4{Gj_g-pj=Tl!X~>_pp`3FH%;-JwJrT$j@FS@=as}!|IeL7}C1Lt)g?^Do z@{FtcB}RnnC-b%>WaxJg_zVI+$Oi_4UsKf&GSClF^l}cidc`5HeggVIie8as1*RMH z@gP^CU&=HuFt0+okUP_l{zyFam*TkW$KyQSW2$N@;kiq;_mA4+ttaU3cF@f3 zz-59!`NVS@W&QO~{miC3vqx|H{-QfNT)#b5+j`{xihlG9%C2Ll*N1+|3X|pM=MTV6 zHEZJ?Q~RE!*Ud_Qz3s1P*iF~zX&9|k3l?iRx-x2yRQ*wU5XyWPC%eSBztVT%kx0P#*Ze*kJt`p3m>+ z%J_==T%FYV=f{WVKN)vP&wpG`CQ>tV{irERZ2n8=`uX&qyL7#m#LUcfmeR*>N-zc^ z?H!KK#Dg&zGR~B|F6HsHX3a+l77yKNS{}`o5I(+C)3YE zyzuqz$?>vc#GTUayzCB=dQm>Js%&*w{#(-l`sJss|E~J6-lOFD@63N3_vCmd$2mE^ zS)ujbF|PT|JJ7c~p0A`H>4bKzJTGB^-Y8{FCSR*Y(dnK_8fecedGlQ|wy*q~$0V>ADjB@0ss= zza6plDc2#TJ^6jO_=9#GrG|Rr>$>auCTH5~IJ%$TSL1irn(6*rqJtiw{OF}$>Zj{B zU+eeo4_QWEw6gb&jomfob2h2M>4%S08EXv$9>(Z>;J^UQEA}=2?H^cWiOO)w!N^k^kcrGy!L>nyQS;L?;G8=-qzsMuVnnL>BsM+#1ppN#q^uO zdcd*u0QKW~fbjvD?X>y{tG74Ct`ov^$(4T8i}KKI=T;8WuiuB6`V~+3-}Fo5(9dlW zuAdncuAf`EV)X;{r|dtf!=QBiMri$T$9I|j8JoCk`epkS(=Xd^nSR-R+fWneskgM9 z@N%Z!xzdk%Q7&xrV5>0w;#v7Gdg?!;Uv|FSS^nd3%I=FV-XmSVewu#MAH@I|!nV=2 zel9v~*YqpCK-*io?h(^(-YlD+jA#2DnSRN1)$)bu$8?R4&iwvZuJoIz2Pl8Na^4f^ z`pwh&;hW0VKUdGT`W60b*YxYJ^@IOPX8D<2&qb6^^1B7C?fFsN&-IZLpI9EQ?$0HP z^*~JJ<6q8gnXX@V)$j2Vs~^8lR04_4JDMyS;J!ejn56c&6*|HeDU% z_rg2&I$S4ef$q;GmgoV>FLv+JGhM&`N8NXTNl|QV7fV|5V88_d8&q6^u%I9UN)uf` za0CNEp$SV+!b(t3)FCOLz>0ub8x<7eB8rHDgAok4iUISe7Zn9v^cpb0|JKxbXS$nS zUB2t(`@i1jY*n4Esp_}Rshq~k`Tvis_2VlVdvNmmr|{L3`j74LgT?oF-P8Me@!co* zHsWkl{ZM{|;|>mAP)?bWu0c65{{_=ys`wA;?cd>}e$uSEFZ&`dzIz2<(W!oX1>^s_ z_=0*^626$=F3F%?(tPs!^S|`sqx|YV>DSNv3IAPuK|LhCpj`h>emMf1X1UX@_UY#s z=|7yX%iz0kr)ghD^A8T+JJOEkJ)qRji3?465tDnxBJw?>q`bBFnDR4A_(A=&gkO@8 zEiY(RU$XfJulz;`zI6i(zUfsAzMM-A4j=2Y_)Y%yC-HGSgZMbE=)CR6xB40>hxhx( zElR>ixzW7l>bzII_&EMKxV;%0Y;nB77nyi)_$Jnpc2(T8`zgPxg>MUP;=5k>98aeF zZXy3tGmk~Nl!VWg7j4BXoZ?*L#mD}8)n^U9ZBjlLA0)o~>4LA5AKw+-3}5A%{s3_V z?~k$M`6Z+*c#f5h{nBfBwvcS<$&)E;SPO)~PsuwC+@spsXr zX4wR0PENdJFa(klJ$KIf`BLCJmoB zCLd=f9?U_C>0kLzQS3fuY+mPS(V>$^XHS|uam@Hp!P617hp->_%^Njl5>9y3?*k_< z`hL;a9NLKU6kjXT1W`;GK3N|KX-&cTkol7*wzq~3x0;Nam_NMv&=Dghc9}4Ke0yv7 zg49&XtTXFKJT)AlPBg49cPW4GJbgaYdz;oUYW)=DQ~h43ujA?xpd6r zY5gV-ot$TWh=5b<=1G3~SEKWWj-5QZ%jmq}7vt9>$BdFsJCKi!k$>@6@{am9{IX{o z>-mM;+l+qj{=h!if0JlZMfG|_+O3xw{WG&&*wQTF^uoDyNrtk9A9KGmO7KiFx(awbUh8*QCd_3*jz?JNQ__ zAilkq*Lg|fiw5v*-iGx9P1E@7%l^Cgtc_SV@K_q33%3I|@g<(czV9_@e9<`8DZm|k zSiaDlv3cBa8eimglfGl6ek=Q?QufJJQa`t*hU0sxm6l)Gl>D-0n{d=erk&3Kavw1K z*kk^Fnx0pPwZS^O;dOClN?q0ZNz9kv9Jlz0x+?$7x~d8Gb*g5WI19b5iu9?gg6k3) zK274HdG4Kap4a%Y0{Grt3cdKs)B(xgPW$iTb4J%y?pbMk#bfGXe{~vPp-a&tlkKar4wCE|h zHOiE!tpfK`RGx};C?0(A%Z>c_JDU1ju!{JL2!s3j)kQd$ZBgyizW!pkt%BOAbq=wM zac&~q+}E$h;v6%$f8P#$g?_qlyKr+KzcUWMzoB+&AAipHIx4<6HLb!6dKlh4*#CIR!&q$xkR}6Q4+4MPQvHNjOAlxZ@tAGdYQ8=f-X#sq27sH*x z_W;f~E0;cpFXus=b5^0w0eFIpw-0;Z?J#`HfY08P#uuA@aQF(g0?WuWzStW$lMQaJ zqly&a+eW4F6~G;Vo98g(yov9JoA}gQzzcWk90s`EF$dxcu6()Xi~CO2_kZ=j!<274 zKfJzPKk#R|d~vP}FJJQ3m+_UKi|Uy6npM_ce)c%e@MG7R@{=JK>h&%sVO{EwGgNfw z8LBNB$a-C#3wHu;rbmu*hKdh6NceI-y(Qti_=ca~ zR`@GFL%ZYU^tnC4P8kfBW}9`lRR_KU*6*x3KSRYUr`HcyR~vlPSejfv5R({!>j$|$=<#DG>(E6EJ z?$^&}alc-|bHAaAh3lu@m*cJ9OS)fj==Vk*_TmHeQ{PYL9@`rG;995j(>kuTavG)A zVHd(}pK#!PbwPa8EAoH3XzsKc<;qpg3e*o(XCj^JMU=iDp%VTm@2ZZ;A6%x z?bk-Rc579(M&GCmzC+A8f8+$nkV%tQ+@+3%-0r{C_*Ve7|7oo-f;*#pgb z(+?l^=R>{zC^5E@%Fl0-r0wX(xz!NrCCFf)+n%a664r&cMH>#Lo!taGbx3cbbOH!0%r~_>#XsVrd0V@zQDO4SvW)yxeIvg;`!&Aw`uMq!mwho zKlQ+xNxIL)`!N-i8ib8ZpreqUx=fAtuBkNfAugKBZppko3}34^%rD#`vrbdr58$mQ zc>aQQL?5Mz`?({qYvTUxoWpT`izdCU5910h?3y-=Gwl$kRv)FQ#&X~}0{c6TM0lXb zMgh+-_=jE7;Haq=BJite=KDsTF5=R}hq!2de(TO2Vfgg^2K~6_nQ~L_Z}8&N>u*&p ztjBDL{R<%Peh0nhLFYg2chGwty!##Wo(Fwj0QWoSJrCaf4tmdncfW()^Wfd@p!Ym5 zz4U$uO?-%p=Jh9E7Xvu_K-SALDrPy6@3mS6PSvy`UfxK{@7?K&$-=M6RG ziGo|xSm1GTupSqFHT^c-yidTciTDb>IZJ6GJ{NXP#249lmeNFgMX+n)LtHd(`sU-% z^9eFX8TmPX{58Jf{y3i*^m%p23;1FaO~hxz zu8H^x&%^o8AmYnEALmDd_z)M(pZgwvOPKr$CI7|#H2CyBqR{+zCN_S9bpA`89}IgD zD3$+u<2{Jy3CHkGQwl%qE{OQ-UN}z~M0`=$H4$ID2hQgO5nrq)!UORkE}D}jEeyTi z;pm=5ez9#P|CNN#{_||5iTSSxc1_HG(S2ttP0W80*fr_==eEK)JN#-QzStjUD^0{# z0J|pQQ@@|BG!b7Mc1?VUi{{oo?==sT-$|1H+qoD@{88Ir_ZkxA46n=Dz~i zHR=54qCAPhu8H|CA9hW|XCW+2#FqoRCgOA7I9q8VKBwqxrHK!5(VY6~rO$`q>nZs! zzW=ZB6}Q9r%pjfr^m*1XoJFlErGK!yAfD%41iPkG{)62C5nm3%(nNeV?3#$Lur1Di z1`%KWsW?9x#D}qz{Pr3Siene5wYpfQT;+yCy!wMRVWM<)QZ* zJ*Mv$)X(z8vz(Y*5Jtl}{JT;EvgzZVR?-)j2X zpT+18#Ie7y_&3xKpbxGv^_lwz>I2Z9y-oYY{uAXpX#OzdPqb%>Vb^qPFXN8vNBs=q zxM!h4{sj$MXTnRALH-71o@wHXWuW{4F?}NCP+o!f5EsqPr~Dpze%qQWML*v(?Q1=b z>y_Vn=$rmt_w(*aD#SRF9;c1=z&I`F58Yll0eC*^o}_Pe`2+tB{A-$r^DnhK2D>JH zZ+_1+l%|<;5T0k8v-3RTF79=P($w$<{Jw8`9IGUJSv~fIp8xgoFjGIoGmZT8`K4j? zUw(6(Ukd7i?@zYRTHw4=&@VdwRYH3k?=;nT+q_qJr>O#_nG-cJjtRRa=D)%dah@rN z`7aK;Cg#7KW;n}Klk~TWVb{cma--S&;cDB$^z*Wa!I!A?*Z7>1d*a;HG@c^ZHH`rt zeLib3?3(85_9^6<(;D9fx?S3<5!f{mpL%Jr?-GpfCZ8$>U)JVwKK<0^D{1{nRPC0eT|JE3s@P3w`tx1j)92|{=$53JdYscn zd9%N3lJ3C%?>OA?^4*fu68)W6CzM~6x+UqvfBVmiwEi&tb*mi02Q9+@x{g2cXV)Z^ zgzx($1LlO`+qA>ri(O>!wa57jUj5|xQSt09N>l3m*~VQ|4v6PTxv*=>n1S!<0r@q- zdl1i`bz#@U^JjCK;ysAx&&FZb^d9o7{TuRkvo1;c=`f@h&Yz0It%*-cZo-(`QiZlZ zdp0om?760X*XNgd$6ppsLwqxEw#-DFPYTleFB8~*8NZ}MlJx#dr#s{|3FmQwZWaFt z_|=rJ%cB-3fALOJavmQ0Go$#uCho7bVb{d@hy2O-Ehy_;BhMJ@n)n3q4efewpD_8= zdrKW23RZ^ZAZRdI0%1f%tOp zPSbby!`%(xZAN$?K0$nT+YRl*@a27F%1^hp$$$EMPjCL?_=G#GGsd|(tLssOIfyTR zIL^Za#q_)i+y$^}dh!&cRU@>|VAnKI>I)loO)NhXLvem0i1kA;?3!49Iu6cX1hM?I z@JGXZCD8RB-7IhDW_d$5%Nx2`-q6kR zhHjQObhCV+yCi(GKNuH!|Hu}ezh2SgKRwSE)_#c>pQJSD_KTj!Q?*(riS3sN-f3d{ zB?h}DwqIP>HKpWn6wXfqmDGN5vsx=nrER}F9qAl8{`plU$$y6#eENJd@A&-7$kMw0 ziRWUT7Zf|)xbx4*P?|;`Ve%W(w^s{uJAv)(aa+{`^~y)VXND|HGEh2 zS@PnrHx1uzVb&Mt2!F{O!?!k=bqZ63KVSInGlpNl2*iXMB%fR{FYgs^>BToq_TN-o ztyH`-3VC^AcZK6Sdb9CBe37;0yEtFT-(OT9d|4-f;wbr)drJ6g&3^Z6;V+Z=qLb*AKpNS{a<{Tva)b8@}Tjd_+vsLB1@DKc?Gh zf{*+58SkZ%?%Z!ne4M`}-;y6pMtfHMj{5ZeOyxe1sgmba9fkHf+|dU!RWE#io{w`@ zW#axzkUabj;vPAyWyCALD@A_aU5dPSdQ~;JrmTBd9xlJZ=!fZt^6S6AFDLU>sSCIc zT;!J}FCJfJ{KvmE>&%(%BV>O(`L_69x?94ReRagacz9t6hW7l1 znriR^X1$JecM15Kn05g1O{e~de@1t8fS)ZdW(N5DUha=~C7h|^za9P0Hv7t5Mj$4` zCHvEl$1Kw8ClbSroQN;}HQHA#4p-~TnDxm@?s;dqLUa8LKfZ@&h&~6-n^+y-XUYdW z5#UFJ|5Siad2a~tEdmjf=|J|0(Ya@7`E8c`M|}GJ`uM#y)Ty}!ccKJ*r*1YO&6NQA zO8Pp(O?k+8DA&Yb!?)zcUin_GlW>F|llRki%A zfc*6R_3nxqDp&Bu;1S4su(#f2ZlC(+;>bfX{EuO`11 ziGLbQhyKEtv|`7{-u$;n%9kgPM4O~arPTQ+?uzjIr`H|mhxn{(B>zh}V%{qC^C>1D zGu^3gl~;>?1lHF@o-zL2470DOtps#rA1M$1H1#X{ll-n zg8881s-*D6R+bLmYcC1D!1|um0lhN07E6*>8~^TeroPUU@A`1I;l~#E_vtLTIXpdx zFIOzYnO7}(xfkDMvOco-E0iw-S<9iVcV9TZ^EaCS=SsLc7Mbs2eqy`>?9aqnur;C+qn{#(uO?i75#?1KF6s+jtMmD)IlLe}7xs2mRq>OF&cE4wCRGC&puoh5Y#+jN9v# z-=%_Y!dA53J6BaBrF^kgl@8zhh3325+5Y`gUq3A08`$rDQ5BrE8%SrJ&fOH z$~VTlavQ@j;{lBS6)BIXw^{OojnWPx-x7YloJZt1rX0>@1Y*)n{n&o^l}ohzwhKO< zZ+6scz?WG$g)dP`d@WY69@6VB7FKMzJ>1@|E|dIxB$NX z;$}D>JpQi_z52=Xm5x9+Jn`P)DSYtZ$IYr0_mr&8tAuib~j@eRGy-#*KI z-Nes&jsaAYb@k*E`>AcDycZm-H#XlV;Yc}>DFMB3l;qc+{PhOoAuh`Ax5MXTdgaIU ztyR0Df7Ga^`sHg=pT-^z$M?%&s#kd(M>z?vVbfUB#p?(BsQ;L5G`rM&eTBvsJpb~=o6){rSwmujvD)Bcxj<9n)8{5Ky>_>g{NKaq z4+G$RfRSUdzOzyK{=XR9F5JBDFLE62^E)AZ-(LaTMQ~r5hw;^}Sl@emAC;e-zVFY4 zTQyFv|0FJ&4LZJjOc=g~*8|@MOtQ(7_=oVto8Ws-OykRG+6Q;br18b!E{2=;8QRVI zs91|Mz9P7-oHV{D!YYKD5Az?*^BaFRQR5pe`R^*J9~xqQIzA(v|Kg8@>*vC2O;3>e zSvqxm5m;K1XR%4{y9g}^a zIr8EU83%M_f3G8a;$}Dn!e1xlvvZxv=W*fFATF9C_dT>g<5RLfmH58+5aUZXrt!rd z|IhFRaS&e+w<90=KgE|VzqiEvdHbiy^L53k28n*I$i&&?RV(8RTBB#q69yj<)3oPQ z^o@U7QZL*6{N-o=V~xIXyf#xJ9A8PwNol804{P0m_F-ep?_SYQC8qUL(Q7cC4tK%y zeo9^5Pi;LBC0r}4*T1r#vf$>^Uo5tmeP7SbNXk##O9kIeYciC*iYU<6T^laH9#}V` zpSkk;6Pcf~{rPY74F;c^@Slgm{2HtWa%zkJ4~&177ssrU^pN&kRN|#UyCz z^m{K2@Trf)XN!gA+*9uMoo{`+$nV`#QNBD^J#{~TS{IIw_XALVJU3D8H{~Sb?YqZ( zuPfh6{d~s}y_N9>;%+DBrcj@Wqt^(N4)M+=e9D#a^cPF6m}OQS|CU!jcM852KEnDG z55B}9#y4%8!9l$xzHSkJJIE%m050PGw)LFrz4&GezAN5G{r-Gfe(|Rct^7teHRV&R zhmjNU?aelP=OdFZncoPLawG2VhK|41i;w!*={b}yFQoCg>kloyM>`lCLH#^#m}$3@ zPdO1^P(Ro28o0`fkNP=SuP=WwjW71}p~W}oHq)MQMNTEjk8&bD%8$4o{A0mzFFxvL z`5h=fJ@}kw4lTZHnV)4jQWCzPei9eW-si6l&3~`1K>oueO1xji-f(E~l?jxS#5cdH zsb7dYh%YLFq+EMUF6VgV$NV?sG339O)A+27hZbMsJSjh=9wokD`9e7b^^L+p0JnQz1hF*LepZ~oF`VU*u@{7k0t^9UR6#bO;4)J|z8Qk{6 zX8bdVk9tXb_q;V}u@@iZ_Xg^B`;|04chjN8H~2E?-$^@+`2J3Q)K{7ddcA*x7az-) z{Jp6EUQOeRJ$GpFl~lj~UHg-`XlDHW%*Zf&^)PM}_uzA$|G$Bc`bm7>x7d2B#&@&y zk8YFp=QU+f|2^vI|Gf~7@0^eP;}faz&p`jEr18(-IA@kJPjH;m53VXK49t4)ky5qkn5Z zlJ4KCmr954@A|ii6T|zrYKJK=DZhWJe_Ojo?uM}ZchpMA@3rcw`{5EL;N$&pb44Ex zRsYuRUAq2lV&4<`ezDa03ASIdKgRg{>uG%Pm&4`v-@^Bw_HUX0svcW&nHL}HhtHlv z{jfES&)s}z@s(6R9Blt@)$TdVZ`;?aOV_?`mpk&RF!>$(0rH;*pL+e! z;$!>zVCBdBNb`eE&6j%dvHUy}?a$a-Y564%F}{+@Pqwd#n|jFdg}7+m*#6b}Vfa>K ze97LH#uwjuXyx}m#m91!_@0T)?xpb+2in)m(Y}taOSeDWH^T8P{$FZeI~~K@*ThBh z%hRtt%`3lqrT<{cwtAS>mh2>;D;kyG2Kd7H{TM}=>>K}IT;u|dZhGPF%!h_F|ed1h~Of!ftxDJx| zR>*pfxH8`rkrxAH{?_@-)ZZsOZx%Y2NaM@vQ^CjD9BzOmw;PkZqV6nuLB zd*ZN&%9H!k?6-{ksIfHlzIc5@aeoP~r1MSJ%DR}~`KAwD;GaJtKJR||BJ8K<{xZEc zUj4=XcgmmP{8HzOv%UDZKI?bvkF(#cp2BBs`_J%A``7a!M09D@92WzI+ z4<-a35z{pKStg~QCE+{sS`)q_P?gx#ZhVvL!bXWDx#d4X(?k{`A}t zE~j;J{)V%>yRt6nt|nu1r9KZKa(8#-OiZ6wQK;Q`&!??em`)%4*udBRiY+XM68HQ~4~nQ=Jkq4^csTwuoB0*1NxPwCLx@h4`{J()bdk#Mi!pw8uC2%g;vS7y9eD4Q)lP8|0ou zNs#%no+}>pw@V{ijeon3;af~VF^P-pFSi}JQtPLEr%6ZdZ``;H<4cVzrS9*Ie^fg8 zJSd2hS%9G}>ce=gn&3_k({Ei=l z_UAik`MDp5UEdwTgD=tR-0 zgjttVC=o7}_0)E;*;lqs_-mnP`n;9=t~hV0O&3)G=fzoVu)iN})vb#fsn6ePjrJ() z4&L*jJZXOa!I1V|`E{53vm@VPJ$}V%s<-TewLS}%U+)h7{5MzjE!chh`{P(%u>HdC z`SShn{I^TiQ`$$E^45|c-2amCud)oEddu)4Vxf6g*DsU%8-x2F9-NNv{vf?SKz(lT znckjC?G1bAw+!rlDEq50l~oD)KPbt(!! z&_AL+v;NDL@FR~%dVFc>cgjg#E8?OVS@rUMo&PfLGQT6f1;FPHshYy){;PEOs=r{u z;rdL*%lkGHl})-+PV*!^*q^fG2Y*UCfqdc%rr+P;YdG@l${JrJfNurx*-jc?Y{&l% zd`t(LYEhf>!rGt98)5wVE7k(&cYGO+Z&ZfyGgs1mR0pGPYLlGHA^ba~{bEN=|1VSc zKS=vJcpt1S?R4^)|6Y>*i5mUa?N8#Hk=grwZ~fp%{(JfenDvm9M{r*}%Mr$7i-qRq`t{a&@huVg z^#Q*4D-~1t)Xvi3oA`lzZ{YlwXTLFg?z`mpAkR}_dSuG?b(eEi$hU<5{0UOto?-fb zL3~UH`Y(IKoyq-wqosT~PueffpOB%fSJU_srNsALrini|z8l0%e2HoDz0%GkzF!{` z`3*AbTqy6;IesPm3gQs>ivH-{wc@=SaKBUSoZ%)O_Ww@r1^KnFl9FHio6^ZISZ^_& zeKLPU+{Dp0+n*jBxBpq%1N6^)*?5UxKX8nk@1gw2oImNvw%+oS_>O3R{=@Ec`Qm;X zj<5X~fBpWn^siZ7FrH=)8yw^lU#B*vzfV4KJSY2z$){Xc4wG*&0x@kdskb#&eO$+z z|JeWA^9=BPR9)3N+vs_0S2(^}ZyHUTE8+fA{lA}Lrd{SryM}UEewt|?u>BCM-=hJX zGm1a_#fy*qzx_u;b|0tlIlB)nzBk7EaS-2ox0-%QLe3kZoCKD##X{UpqwAwye4V6x zdHXZe?;d>icZU{V?)q?iojS_C7LjWZU#{Szne*}|zWy!OXSJ+bRweRkru5VL{?Ovv z!2R-p{`>TsO}i*j&EOB>WB#RC;mLvPwETkozuYA_D?jep|6XkH1^a(G{~b*KFXuY+ z-xj9(e=gi{xVis5=lVX%S(NVo6~bK%H~W9~fv86bQ5+`=^pDC6Q|aVaLC){7Z!&UX^!FA?z7%}?u4n^kUkeVV|3?F)JtzFR z63~U>pZHuxAf_EKhZZ06s~2B^$Zy78j4utZs@h2TV*PCJQKB^4pnUO;@9vTE#g+MH zM&Dwi!RNf}pO^fpqqMKHOufzgbKYG@-_t89drv3j{@6*yepD)s`vv20$Nt?(O<0dH zg|jLs`-e`-`Kc45Nv-3^70z`pO!2LcEF-(nem zSRE5Gg1e{lo-+g;m5KQA)vX5u@A{T;#0?@Igt z`DCMwF};(@-`){tz#F%HWhYet_qnISeJV2M45 zqfEIJzPO|p%N3eI`F$+oees^=JY>e3x;M7ilnac1cU<&V_-s);PdyMmXF|3&mV6l) z4`w{sVxf8VwAYg7zwkZhZ?hkTerBZcxuPe;MKg$RqKq#mo-+B2;aAKALk4g9zBM_6g7*4&d-M;abFTdVx+Ar&GL;ZfwVXDh5 zru`E8Ej<5qsckfMu7v+eGfCg0%=a?-Ycr)ETg&h><;4f@3O>^>4??{GVE4+F_JS z^c^@4n8rKb-h#7hwGCm})8c zS$`f{eD^Okdak}T`Iz!6f0y)czboDR$_b;F{~o5FAIwDmeP>!f)xJZE?}I@`4`Z^< zg!m3W+LSlWax?B5)X$*&?s;*VZ+#Z!*RM*3avG%NmpH`u{wevjZ@&JkF!|l^6~@oL zP0KI7|Io^>2G4&9$Z!2DQ@?QjCMdtCSI~Ubdi>3YPD$^fe zy+?C#pnv;Mm7nLfHaIvANd5e~^%E>tvIO7pGs^kamvjB@O01u-PpzqT-X-;4nQ(kN zkNNM^4|kPte!=GBO#b7zXi$DZeDhXpTJF_P;=2Rqd)w`5s@nHS{g)Arul5Q5f8nEE z5@%uC<388;woCgnD&wDLRw<)m@1^%o+hxP?P1$S|VXo-ITM228?2&p{_>ahXW3|TY ztH~68aJ@G5>KyUU_6zm1mYj=5y$#AQBH_~b{hjF-SH%2E)^hV*oPW461M9QeS5niZ z|6-L3$2a{twBzs)-wrwV*!i~~U)w?xenQS|=loIs$NhXv;E^s!Fx!U z&cXRgOFp!XtOKU}D5qs|uClYw)bG?o;QLpgufk{|G# z2}}4n!Vj*$w1rQD{w!g1T(Bv*eu?k7ze?ZF^-&d?w>(u@#eRo$O=g`u#`ou_iyU{QSH9M}@dct?1p8O1=Nc7QLd`q*=LS`!h@M z-5}-X4>zG)>{KZwKf7{x{?qc)56hQnlK-qmrXOS8Dm6~{?lAv2#JS9`f&Tc20H5Vy zu)Jk{V?6X{3FArY@g2H+u?1hkHRBTxV1Jy`tg?FTNt2(fD&hEEJH=l=5JzIHe|;Ul zm*a*kKZD;({p30tr;llm@q1%|^V}N}n3%Z%^T6=73^nq6lO8N5g{>koZqI!g#8I8+4hPnY2j{^krzH}OHQuxzY(^kv5Z}BC z$6x5J|C$QEyO*N=8+Vu*!}dif@olYU@Wtwz{uHBcCF=@<>mBFFcz5i+K!04;_0oS^ z3Fw7wrkse2f144A$#lpT_lL(#zA0J%iTp-M{yTmK#y`7NN#ToEE1mp$%laF)o8&kbfU%=6MP?v z{D$EEMz>M56h60l>F~|GL2$_V{){(Q+Mo6S6HcbQSS@PcY?;ZS@2B~`Q<%^`P=MjYMzv1u^Qp{=1Dkn#Vl$6durS_ zFwXg_w4-BJnSMo_GYQz3jJf+xhzscXD1t)~ygn^XgI_Nk4)4XDQcnNqP`RMu2Y>s&5`|%yB{t?q5TL4ym;h0age&!24 z_8;nIqkL&uPAw4mS#pmm$6aXZdsX#A{p=f9FJRs(HDQTKzeJ!v7u08_|3v8@v7WIc zptbB5id-pg#zS0m7dm+(BIH=EW9w+<~)<;?rF2kuctl<$_escvM=U2)VDa@NzOyNtE65m43 zOFnMuGl@>slzyq2X!;Mtmq~d9=DXNW=lw@q2iZgF6T6dtUWxJKiiLXGr`^@FG(Nr` zB;zlObFshYr;6$>(a-o1;qtpHpr73LOub^bpS)+}%Kk0W*Ig}oEB!^vsjldGVv2u! zzMSZR`*WZ@AQAERjCWCSmlwm7|*O9 z1z#Zl{qVh?&wkUDGLPv7>XZ3Zjee3(xiTJ0EHp>&x_ppc-&!c^ce#JMLu1qroy(>0 z#cGAiFNm*^oVUR7AI7^`>UZ+lKjM8q!E)ya>g|404pZK@%lxS&{Ghyo?&**8t{*19 z>ma{a-%2Tb&QYbq_rEParUTRU*CE^DH8L`4XP$m}ay=F6zt%XPNOfZ>C;1%x~^oTi07Z+$Qqd z+!^~p&#Iytv^Mh(i4yQNc*2iw^h%Syu?GJB-*2)ng8NY0O8m#{GXBZ8h2N)=DJQM& zrhK8k#V+^r9q~^iTP!SRy7s^44~;K#g^7prEBgEwr%if%DSot(AIHsTwqN95-$VJ8 zRzLsl{1={K!}DM0=6OtX6Q3m(nvb-&xRzIbtRM9G8ji|TyR(h_+`8fVx%+;<{CK`b ze5-%_<$rv>hUhcPMV_w_JKpFsuf4%_ipMHyb~6T;6FT;CslVr1v3{jQ?gAO`0%1`N9`Wvt%eIHMI2W zb`8URIAPqF$$8`QCr@i=G0Gtq=S^d@Et^fqpKPK9Hx*vW>!m}-(rc@g5w8r&om<| z$Ng2^O}o*S7k4~o@&(%?wtQdPHHOb|h_1r7nnJJ2;NJIvHI?0^rn=8XJ9!KW@j*3} z)468qo;S+1!?+E;`z@5ruf)E_oCEGR?DdGzPx}~y&uF8@WS(Bl%c}DDv&FssHz_Z= z`Nv=8N_)~d-;CQ+-`qxKpL@YmwUk<4OI?5$iPjaA3%k3fmU=4_?&jDB|8y-CeWI4C ze-`jGL+kLFS}GrONqh7A$c9?D4-R1jo(i*G{h~&hGPPBpejm3H3HCsGe}H8fe1V^< zyJO{%OEVR}x5X5U>z|5yrKZ+V_D!{u->XippsZ~!&fx3j*8!t#uuN3@4YvTFFL!9DuA2#ir{wP zCcgYRNDsK9zXEUbOqG8P(qmN`U(U7oJ>0~n=EDDj2v3mFtT?oV?|zv%GQKot7}keu ziKwhxQ~x9cAM+i}tj*=1tLgmr%4VaV@!o#@>@WSc*iut3Qr5+=^`qqY(#@{M!ye|mkSH~&?TaRsi2m*^DNa|Xw+AGsX)rz6&}7IjjQ<+geVO~UwKtUG?Q zlgfen83@94DySm3i{XB~EZp$#yal&wtLCVpwYvyzh4)N1n*V)MJV+}t3j%L%t5Fwrd0kR7!?KtHXzk3K?+kGmiCRZwDbuO>Qz@6w_K}{Y8 zvr~CB0N=0I=^lgixY{4T|Cuw5d&X0Ee|846*X1-iIDC5rxBI1kzsmR0FNk+C@}-_1_np+6@A%Ih>U*47zhOUT z+6CEy?-s##MwXG^k8*xUi$#=j`P5z@XPKTB|&D(T_eX7VlZ*~}MmP7&owTr`I+dn@k6H$mk0 z>}vBx+h&^dF3LVQ`E?@>yV9Ov!%tL|{C(-piu5vJRX0y2?0K{4TH6mXv!6TyOPNHo=MVf&?`oQLa<_T%9=r7i8& zR8X^wp0M7cytpoqlAI_TVhgAYYiTMj@HkDdriDtpLHSz z786aYsi*dsdRnyz*UzUeDdW@6?_M+EsNYOGM50r_2`)$Y)X$|-uBgvVJ|*4{IIb;v z%kN#-8~WI%yejD52K}Tq$@aAicOmR?5b-hmA4ab4;hkUM{#Fsd)jVcD|{*jhn@iSK zKOepF-QF6X8_>^33z7fcs*%cn_R0S{_}Fd<=D*l5$ZB{RUjf`vxP$T=k#)as|1I<1 z>8Ky9ZE1W~>qCogg{)&MseFl_jryQ(8eb9I3Als!<_|vdk}&S#x@!phHn|l7q@j9U*Zts`@8%XL)}o|sUHeqkAs-6 zneV@yS^sX7pB1dY_I;*_0hG0y7S4CBb7gkfWAGG`1 zit5#MsE;t7mG5M#oNp?s_re7_j(qJLFX51eKEJ0mic1OLQFbMmk^FRYZA*@pPoe%XTaQS=kL z$*ebuVH{A;b`oc&(TEo~*!JBz+wUHKj^EuA-AVe@=1UXM&N?Ce`}1FhyIaMSpEi^H z{?CM4zgPV+W(XRl-NVwq?~a3Dyx}E3KI9*9)4cZHA7_Q(UvQ)Oar}0JzsY8ezg!Cc zr^5|CcY7nH=_Lf{0@IfU##7*<=vs$Sz z{L>#W@=ttc%B2M62`i)bLHU0UJx`3SqzY>`P7)v~w;FWx*v3iPG)$>@m5M4-y>XJ} zHirLw=yg_u1(f(1{tw6bBF!2nY1j<-e-S#`q;ZnkEEl|oHC9ESH!<&|@ZOHVKd9h0 z!H@WgLAPFq{8$6uhp;u3^bj}AMN4Of>i-vynGoW48Tn6zepU9&v&|i1S(iB7f@RmoV#edCNW9x?D zzxy&10_THgU>@09&VOKmbtl3H zvD~-rs--lQ^ib|Jb2e`38HWFusmO15V*Sl{oStX);^#cGi+NE^m)wHyLp|rtgBz5@ zqvxIHV_q4=?~B8(iSx3~b#;^`&dXZY!#}9<`zRkUFPpOfzXfsL*Zkp@59knjE2xvC!XC(<7WDlFd=KcQ z%kdub=sAn={UDtlaeSYBBfcM$l@0$GCyFe=yfbJw%1iBbVb{d;%2^6KD9c57bun)S zyQarmpnRy0_Qf*H%Y%~bH2pm{;d?+OJ;Y6O{`(#GhvA=s`!Dq44hY9j`RCuP*9oNM zpMMM7Aj-cOc1^@na4Y83L6m>aZFmQw{EK1N)aw~U-U45F2e5!B{{-xsDF67K&?gY( zpMMwP2bJ^?H_aQb?bkF6|H-2N)-U1sDSyj_yg^$2RxZkWZ3j{Q#mj*QMEMup4f%m6 z|JXf{7l`s#_u|_@Os^R1nkry^SJgwIu>$Wwl)nqRCdxm$vX0VJ(nH)d>$W@N#GiNy-wGoBg7we` z5b;NzMt%She*x^8&fAXs1N@O^@E%0`g|KTPerE&96HrMHanpRS`l?X*&lCNR4-Cgo z{f}=1b`ZsQ-2x`5i<&3D`AJ|6`jVUl8@*eh&UY1EBvF*4ad#M|y&&|IQ1* z2crJlFTy{F`d(_jAU^$jt!Z;FRSla%-o z<$o63!{G*o{!KHL*Qa=tPw!rf>dGga<0=A#R!(?@y`}hX0Qq27hA2U*or003T>s zPkdil*o`5x>(ssx%RQ zKJ1!^KhZ3zG!eghVpM4==^<{K_hg;(Q5gP8&l~(|q`|N6vG>;hDfxHpi#uQXDlLDf z4&>hrZcs}8-TNvFl#)N*#X(yBiE@xX?3%Rv6SaXKc1^^egRnIbzYV)4;xFvnS7{>t z{4NL&RMJD-G;0*hUl@jeKu?3;8ud5$s{t=a%Rf=Ryoy!tn>N-EKkPOrg}(~$gHrgb0zasvhq!5On$!P_F#Nlgm=I!Tn000P z9z8V4m2Rf$r|jXT|H1b7Wy}5U6Ynp*?GLLVuu6wFKq416l;%xz6qE3Mx?qHz>KzEs8l_ z*fnvTTj9GMm8KiY;`>oP#^30eq~!WH{JvmY$0QY^6!|=su;B5 z6eB;!>WqFsXSGu2?`psYyQW8UeTVul(x7va&S{47t}fCK?=+R`1-$iu4|Ywd{Ex76 zK&ku>yA4X^|9YKOAt;sq>vvZ9ppqWqrdhmVaAp|(ADS8b@uI)R@0^enCxF!GFaCdi*P$|My|s+vx>;UUzJg7Usf@@t*>?H8H782te~J{FmU_(AJh z;P=oc)<>nq-}B?WBf{{juT2Q{3RC|reWQ#o|9=kkh+Pc4Rj~FKvZb_onw%f- z`ym+LM5U?e#3zuRa2LR?3B&)&1zrT2q}8_@cLZ)tJHgiBMG=;!IlBCV+rm3d_dIRf zIk0Pb0O@C4kMb9GO(i{)JIyQFUOYGqznvW|>+sHV=(&!u?SK#COM0F|6ZJ#Sb7=C-b6~Ecq=#>4Zh!NIqA>hy z|2R(?`Rjd7I$004{S)~d>y|-m{}jWnsigK#(HE_hrvFy^$CiYl`R*Cz8+hmMmdpC1 zGMN8yKCh}A+28Hb3vGnsdb7i z%{sv>`N5JmjelpGe}8xIyq+BKKe-1iza#(Mhj}qjNslcrXm+c;a=OO9?lu$OU4no9 z)fviahKwhV+t1)fvnBb^d}LO6RStjsg+Fn&;QYvxo5EI~XUKYJInTtB7s2z&h{wfz zimngxXVq5DrpXa&oJA(Kl@?v}$lP*pJlg}*S6MykFwN=rTY5c|4)>iSW z()ihj|feKzXItIlAYSSHEgG&Z?l+>G6K_7mn2JM3~kIroOsF{N=!{{l&G3_sgJQ z`uAg@%9_7So6v`mdVLz+Uykx#zdx$Iad+4C1N>QV>w2)H$Cej4V)huiw`x-UcNn>i z5&2idMrL+Sga$D~|feL@LER+)IYPtcMdL>P{& zf65mAVX`iR{@V(F{w$L|MPquYqT-&yJf^F%mE14yo*yp% zRdT;PlzlIOhaxH>hXnspT zvM#8g%5*U9DbE;x4Wq_i^HCDcfzXp2rX$TC&)tx`|0VY>BZsN?nDf`ZKN97i=YBW0 ze|Y}a_YZo@znRyHJVkE&jQbb*<;?UCmgm$9osL@HomYFP=!PCDzcFxOACdK14`pra zp+=81dR`2-g1expc^`Ydhf2U*(t~75KDL;7mu{(~^*?d9`Mw85|0`F5{J-<)|A27) z*XJjB^}nS3-AkVGrwj3O-#*JrOTO!KNk?^*Irkw)_`&l*bA|uSm6GoVR#C-!P&kzE zQ0_E;-dXECjsNCb%=htpvr(r5e>r|7(srQ1k7jQ2q50v%dQCFswS>RoUnZRRZsT9r z>hPH1yC0i!!IBrc9j(_9j=~(O;rBmCTi0#=r`68#Nf`E(nO`!5ln2N zis9xuf_%6OE^VTQ&47Qb6Ho}txvUAJPnlE2MsxdZUppEo>3rdIIy2k(A zjDJTLgP-L#@wW+-3lv1;8GpK15>UsV{rtAVKeCTMU80OQU=p`2{K+HF9OK1*qvZd? zdjWq<5B>}PGyL{DCS7>m2Jzbu`T2F_yH+mqr=unO&zJi7#DBP?FT*bhf3Ad+Bj%PEnTK{7|4!gsq~QL@hy?WHY5x4h z{4!q7r=xz^j5uHh<$vvSleT*CuN3+BpN;XczEEjs(vKto?iiCjYAxPM+5(Y{mVQPM$fpCsSUy@5^@w_D@~4&5!edbQxuES`rS= zLvv=CbY!|Pewy@8_gmxpC(HkY;OG9aTQ5~AmRDA7nQ6Ym9Ttv%3yMkoxXJ%Y{rd+$ z9$~9?&-wW%U6Rkp@BDlTPCZg&_>?o#D|Jusk4FEQkFpE>{+V8kpJuLDm_Fwu-rC^J z|Lp(1)Cl9zL)gm$zTx5c->+=S2v@>AZlN-P(MXYp7+pWprZt5VPH zHSe<}pnD{rC!}3K{*K<_U(&^9!~v6hnvb76<--6g$C;=Mevir%L`BW%32(`JnI_4%4OZQVHiVvo6t+ zc(2+j@^4|r5h!1Ioid_gv&B6B>$@j=<^PD_pRfeysLb@>&nq4N8+MuRQ|0~bzgJ#2 z-xrhbCVt{1pE#%8V8TgMGx|h1FL}++C(fMOk}lIty0lFp_FHnrNpsgFuf)ChkCOIZ zk2S!*(u03wIQ|}u{QAG~4TF<<&e+>X``6Ak@~50BfAWbxrAOl5l7Og3LH%bsG8~%` z2TbyrZp9Cuy2XqCOey~#U5S$Deh>aprNdA8+fBpe?+Tuv{K;p!Q2zFQlU__0%Ab5o z@KOHm2PR(XO8~y2+-c6O)L@?%Kjr_9#=pvge{|{aAFTY#J!15hawE=?C+!GKpNBsEh0EU^)$83UUi=SB{$F=gS!F+3L)ETt z+8ORe;rR8sF#Wj6|4RK+_dh+_!IXO}N3tdS-y4|kiFfvwbIy3FM+5z3`B};!ZkpYf zbZQue|AH9CzY0D0FaG}nf3Fb+XAplU+qC=0w^NAy7Dt@S2am5W<2yfmfXILNWaR(V z9{ghuE&lJ@8~GCt<-a%E@STrLK4Li@lt1O`N3RYj|0bL>*>`^d@1MVRYlcdA@sB&S z_)F6N_LD@zzaF*m3m22{a9Rx0JrVGu23D;R({b%{V5%qukQBV0lJ{sjr6?SIz)4emqxceMxqgwo+>{jW|Aum7zR z{q0}2TgZ>d2ebZH%IG`Oh4nxAmiSNA{~sS*{eRi1_L?yHpP}(T=E0v|I{bfE|5HB1 z$@-ss;$;0#K5_nC{ZIe4q)X6<3WM)2&1i6(7eDL&YOi2D&cmMi|B}+-|J(ZilM?EG z;al>3e^>vw@*;CjTG0`rq#T&(!}b zAKB6<4FA=r|J^kn{FDCwz|ZS^v*L{U3YWgMad& z#n1Ymcn+xlKmBLw{{|CA`R0FE|7W~`^@&e-@J~6k`2VN%f9$NkuK!1i{HX_-b6WWB zxBW%>KkJUi{8zgp)P0<9xilRAeV3XMJ6FQxc&^pYv`2-lIG)RX8_WN!m!#hk7|*)* zYs0s?nD)Lc0Zn~W{MRz|Vt?Upm-CxA?&b(TXygdP5_4x^ldHY@&-?#&J1GBuud4Fo zd`0&%gI|WvG3RZbJgk4v_y6UKdr=+JKeNjE*Z=fxD}0&fz;^iL^EKB+3^aI{F5k(# z2-A!8V&MsxFFgtCYR^AIMf;zTS_fAMcLMH`?gf0Y zPyIhNT>cure%$1Lr3T9Q59J_i)w{33Pdu6O;^l&=2(8&y)L)RFUVFAv9m%B_C1#83a^cmD1E(=`4-A6iag+bC z#Fy)n0{GX;JRiq}h`*t%iy)u)znx`pI@1gu=Kr;lkI1(q-adc&)1B!huTuugOQz4H zA8(!Om47{vzxzGbEpMoyYThF9pB|3CW^I#3uEg+9jsJXkq>MXBIucK_z&r}&`KipK zSl^p=ft^C^w-A3+*e4I`|A7~OO~HRA?tis5)=)fO*S#_v|I&c`Ys)%UtA>C5TlH!t zKl5H7%752((dR*?zNGxQF4nop@GbdX>n-CyafI2I!*n@J?z>?4#OFtkwc^5{*>vY4 zZT0zJkrC$m*#CW_5c7XqJ^FuD>F{&?Q+$Kb8^%AXgW%s}_{4vwjF-mb9{Y&=;53=f zvgO=X>i^}ADUZpw#Q#h6P5ALXrR)E;mEX<2rED*+{4bUEPsa$#wP$On9Vzgm#|b|!=}!3) zH%;QFxoF5ouX^)8?>B$!SYRJjQ`I`#e6Kqz9Dl7hO;5m;2>z-3f6`SZKL_VO&hKF6 z)e}3+_Yi+ADW{z3rrfXzIABs=Ea6uwzow4HUnJ{)+5g%97(ASuUPtQA4#&SP(EiPp z`G2m%V)Ub!pGD5p|07-zc}jV~?^3c}fZ?$HZw2@bC4yJ45&f5Nj%CCFv%k1$o-nCs zl2`sOi~fI}jrC7$JoxAQXZWvs%HZVv7Q~;=_0rP+&64lqJzSQwf2jX=mo@pHe9He! zS^vQNZwGMGNxi4JKYz8a{j);aKNYb4HFk;z|26*^{!_W0P0DlP57rCBU+WKlKDPuw zhU^z%InQ)y@rChEzD>XZlX9o|eCxcE!{l$}qFt{qtB}XN_CLe_-bLX6z?Z+=Z53Y{M}#w4U~1rZnh~m87}WDaAp4&<-AVTzq((U zd68`SK_S=0mNVrb<-9q-Z!7*Uzft6$FyYvYIA9Vt&6htc?(CI6@z;A0?f)zf{&@$9 zzv;o@PwWiG?;IJ9pZp+x_p`soACdIP6mw;pr56K#R-~iZXTb9x$DD=vpVl>%mTwjO z@pn_PwZ=Ie`|R%Spo$iDP%q+z-p5}6cLeV0IQK5O|LC3$Dgk$L-;#}eY;fnmo!c1W zD($e3^IrI0)IptlD%_p0Zy)Yryf4u2PsRAw3T$wJ`*WPDkT|Wpa^Wss&_RvT=PC?A z{3{V2em{Ez-osr0w*|M2eISX>dLJO%_QG)Wzhok#TF5udFU%(~ zea;2)2lEN@!zknnozIvbm=BWo&Gjyy$_HBiU8lTyp%45+??0`Hej7~Y1Np3!VT+CC z?lZ24di9_CpW?{(){8Y%-&rF6h2iqo=VIu`P5%Gq=Ksc(HRC@@`u~(?^c*Qyg`Xqw z4mjHQx9&3iWtNNbI%U{mqxn{)a>s_@zXkV_CSLO3Uvy~ke=x}4-lj3b%I7AN&oL6oPQNx zahTdF^|O0pIDRY>OFpioXRw|ZwhG>3pD8cizDDXf>E~q$KeeAl_QhDj56<&Y{xf%( za9jzeB>59J%adncZ`@JiAHCfCK40el7Hma3s*yhN!aVMhaQxc>_<5cI$1V7Kjti3? zkrz`RF!7Ra3IFrYg)jYi;=HM@jDHDV?}ye;oqc})tql8s{|v{HH>ciPf1p?X9RJvX z{ol@U)l}D)O}Oq-gP-j-nqAMpS!ka5-=1sC_c_+V&Hu*7`rAK$HUDe%DvvX?TdNp| z=b%KYx5hbgt^aoZx4+nEXMg{%Smr+yfqjl_7n2{6 zaI)42e(}$8VVH!^@gGb4zjU3XV_?2aUZ;#gvAJS?a?EGG{hxQvH~asu2mS;uPjyz9 zaNV23@jJ(xfEXUOtCN`*8_kFVW>Eg;R<3nNnEd-<{4aiTxzzn)?k(Z?_5EV{ag+a*Vn2-X6t)_{ zdES8h`}3R&;Zy!CrQTsUlz;00-;xNp?~?wr8F9cQpXMFkxiN3~$MXNYshIzrTvdH3 z^^=PYfqJH!``&4ODHd1aDWsm~oAQj&A1?hfYrj8VwA$_0^Gx|crsO;NXS%HAKHosT zczu?H^P&mgV#EQH`>V;0wfpJD8n{0_f4C`EnE#_?G5*nwr99+&TR8sv1MadAt+;g{@Vd!e~$2Qs}@a{pT(T^K)2<`XDzk0I?*_8<53k@E(ykGwPMKA0lO*s5+Th@!XtxWsf zl5n2cWWu5UY~c^CBISQ0|2)T0--`b_Cf;1}A2db_qraH*D*fi`|ICp3?{n;bwSKRt z#(ya5f9?p!KYoyZ{O3&Bw;TV`zyFctJj+Gu^Zz67J>aA$w(!wnNlP9PR-&{bumoX< zl9ZOXfWSyl6ho6i2}4p;^tKuEfS?$V#(;=|BPKx9K~Yf==VC%p7&BfGM=@Z2-|2JC zBxjX-uh;kgzt{Www(3;XRQLJ1QdjIP<(&5CXg=Tdr0^*3GbqoyS?f_L|2m6%Zo5$5 zuXv{nop+`VBWJ!_yGB7l-N2aa^nW7u|8fUcF+X&W@BcgU>;JAN6VW9N67n^cr+dL%5hJ(Tvbyxl^0u_N6)^0YG(RhDCz(9 zCg}h91?TJNJ`~IH>p!J?w*ET*Ti>(ZUH5rWcYSU>cTwFnUF7cbqUmD64Z>I7>~b!5 z-wjO{dVe)@^zAK&ZNB~gI=#${#cty7>1o*S zHnShR@0lnc`e1+8%{6^Ig#EH;fActG!mbkbx1Xzt{n=}p>+oV}|044&dJchl=&$om zsA$4lYxA;d)(G7;_b8!8y*g_=GVK#ujpev?~p zKVXlC@3-LF|8UViv4Q*3=3~F-O#OBLUUN8z0rXt=AnXJ^ z*WGSZ1N+t1FcqM$`4#&WTQz*NCjGIAXzYj@K1hGs?>XM2hL15AdZTmTy~Z_s=sEBf z;wE&ul=-yqdqPi<<45B6KofNR#|GhijH7D!C{6$5{lix0)4$dETthpDa6h*DG3j46 zH4Z}iKhyh+&%l0-fa)Ka-p&wweQ^KSb?toY!-op(+ZMkR;ej2KSq@*^&JZ5Io8`!r z_&qS!=KZh(S7ZN3p#CQIPn_G%5Vnrs`v>_403$Spxb7+r_MyAK5o;lwb@!MlQn@XKcCi~V0CuOK|I z={c6euLZGxc+mWFIET06L7dYTRP||lHUCmG+NrvePyd;i|3a7DoWElWOqs0ozw;5? zuMW6-^Q{;d{s)qX#~?fJSNGvUwh+JhpgP0X#@}Afx2gV{ zdhU8MpZ-<*vi{a;p0D*i_JgWo3R3T1%cI0AJq?=cI6FU(fQ0pYT&j}b0`5F6T0~caHUhSYKEa85AEvHd*_;U36To+Qfk@*(Q~?)|?NI^=?U`hU`g^^ZNs`qMrindM(<|L^*P zO%fP75AUlbp8xQ{KIYOskEjnk$OPTbIf1YQDj$ds13N+AZy0vMli1Il{Db%{p~iCX zQww|DHo*OWwJ7hsF&I~Ei15G}A+B!{uoEtM8}TE5gb|jYm%ev3!)LV2d;W{_uB89Z zIsX@4Sw2gDJ^#eMqk$pNc_&^cq~~P~d_0c*jw!v{9{hp$emoE4IN5=3x3a&pyn!KX zC%(X65_ZBa+0QO|X9GiMcMAs4@OJih?nZpTMQsrOQHT$Af?le( znt>-S-;(eB_m}g363tnEI{&JQNuTpL;}+=KtODjp*7Kp~KiMzfJQm>j^Wl&4pF&%3 zehWbS(D_f!i#Wdp(DQGCFX3z$K+nI4!A{Wh5PBKE2Wp~zvvA&15_W=~e-qz|^Mn9B z|HgX-&jZkTX>>oz6LgiP|GOt%@JT-X>psKfzgf@aAFcDxm;T)eAww8A8u}Jszv_u0 zA9~(L7&1Z6dkMl$82CDe55P`XS_AnTzxQA#=y@1P#7)rr6C027V*uR`Jq|lT^OKG9 zW(dlkfu9c{K;OHXPgbu|H=q88td;t2!yoG(=!oYB)+|GL(+}wzc0%er9N3dU=i87z z%cA^(ok04MY<0rro@8#3Kv*_O;G)#DCh{Pe++hl>K{BEx)V_UQF)VuouHTMt>!70wEile{@+RY7u)#9 z`g_fgUV+W8L9M!&w^EFI1Fu2$AUm)V^n8Rk>^`JCj6f!IISYIR(LR8k&;%<6(G+|Ds(%u8g6i)y!TkW$-+~`OFV$Pk4SoCEoKOGtn*X0-{b`+V-uz#J^KJlo z|8$;DsQ*wOsr(N)4Cr}3LD&hD9w>YOb^^VBl0Dc7`u>xMo1pr~`r-T>K=qHqPEh^r zzC#T`^*8YIAq1%2YHm62`BU@h|GMV?r~g?0;96Q8{!hYA(DRT2b)X+W`QIy# z_X|IQpWY$c@FP(Er{BlnN1*&~!QX)&LG=$8flom7cVQ>gmi9!l7VZzI{?XdFAE1}& zt>#11=G>c4|DQDf$NpIV@bP#aK;OTOvzQ2}{13YW==(OX6Da@F`?g>w==+brPSE$C zK->h?KWalCK=qHoPEh@WJ)k>5^FQoKKrhu>&E3g*ujSMK)c3gk6WjF1`iCkYy#tj0 z6ZO#Egq=Y7->Q%FT@mje(ERVhPSEy{4LgDIztaxy8+L-`{}|#TsQ!`i;0I9sJ=h7V zf1n)h2dMsW*a>>6-fAu`ZW+p_|FJKz{?>l(XI+i`05bFcX#vDo5$&0dwS4?K5c=c! zqgXRcSc`d0-qF~%x=Sq|FOCHtC*ym#b1fhK`K3+p{#)1bk$PUpap3e2(*K1x&$3%B zA7RM$srWuRu9lC`a`q1%Tgwn0y%PT25#C04U}H`AS44ZfCuBe`)mzQgPoMI7KK;W< z`GxG`pR2#NeH=iC#Nh5!7F%EzY}rwXct7QJ&NDMz=yHG{f`Z z{=uPGqYV6lANuY0m--qTco*ltQ2&{Wu!Ns+zK3@@;(Hmt1yr9XeoNS16Zh*@(Kz@m z;gZV{f5!J@&#PFrhxIdr($+z%-fH&R^39}t`qTVZy6mgD-}8^=!O~pV=b#_yL-Sw> z)idV78q9sw`F%7GmXJ9Qmgd6hyg!-;OVD|LG!K@b^Z#fbEFp6qEX{?zjQSH~9xTm; z)%kxk50;>p>aFJBl8zVU)Bo!W`TZv*@b?eRbFE^~-ysq8$M=?d3eFol(8I?^tx$d; z{YQSl`CLF_r03Yk3ML7E!YgILPcO6&zC(B*{yn9C)OSC^4t&`S@y)<_KHvB7fuUzV zd=y~`iJ$oW#_QUKFl-acrnYSeb-9+KmHEu zA6vrupFTOe|Kt4$NE<~JjrU1R_81BDN9co^a zEsy^;TV8Z`w){!`Y|GUnb-I zBmXB_puYyV;BoMe_O}B&LC;4E!cJH*5AQ#K{&Uy~-Kjl@@DbPvwds2Z@tKxAeQ5n> za4&+^e*xGDTK~Dt(0>GI`C%9LGz7i$y{ma*o56X@zZEy~`?tz){{O5I>7V}o?|UB7 z=Ma=%efs!#6EgJ&hx_*Nq5OC!^g%y=AM-BFn@9N&9Ms3ho1{PF0Azxmmu2Di1l2b& zu#X|AzDd{#s&9Az?gyy87W@cH55@C^z;FLPK1$Qy^th*5zVyFT>VH$f`qyoit$(5k zo*(*q!=WFb`Ug+KvjD2UI|}>&s(;`#=nJU+N%#>|e{Tfh162Rmsd#=s^^e0&Q2j%v z^f3h0-@uQc`fGkFP5)k%9g|Og=L`OY)sV+=FWZvc|NR2^&8&YGqKT0y55Pbx-8=L{ z6+?LJWUl}8d5-SI{?3n84B_>acwddv{WW7ZXUk17q(Z;-eyU;!>rs9r#-z_XD>yAX zeC1i$a%uWcJLZ@P`SgFc38#N^1@EUz^ZYW)|0v$Sa{%eLdQ%_E&p>+k9QA+IratI= zxI}-H2Z5$ObiBl^(bN#0LVGB-7x|@TQy;aKq5QuJ^##Hc-hyoZi1t$z$UtE$j^8wB zY6!$X%P5-W6ExkIQ{^46C{~ylfAM2ma|9bwN^=MN=(DUy? zuoF`0`LU+P15)ST!JYv0{JX^Ckb$mUz!%ED#5%};o`>hGZ)ymdzFpV}dLCYULsLW0 z^Y9X|6INY)aQZK+G^bHM{r7*)`r85S|L)z7-hX!cFV+?>`Lp&uwEbs3fecXlkLD@H z>v!~_?Z3!}?F~WOfANpo8v?ceoNgUY*Pse}FC3s#y$A1H`6LkF7f}Nn_zd_guI{s_JPN4FP z#(zVw6LkF7ft~Oz{Av6*3_C%`TU^))3nn7{WBfM)J3+^PJ=h6)X}zcBVKt^s&!@k) zmwyqvh4rWNACbjU?Z0B=N6lMgF2+zsro8IV?Dog~%d`E5V|*|(e4=%>f9`pXaWn-o z!&k%W$&^D-F;jjONhwnmvzY_?|EPp!D_e(~3 zw4+7#{mY>}oB2G|Fn((9OP5baf!xgU>RQwvnekb@v*pUD<}&M>XuItAwZ71MmZtx* zy3ei1r+*#H|DwxX!R7z54y1qj{LdQHo=5w|*;viT9+c-)A0;6Zbbdexc7oQ|Vb}?p zzirqFn!fF)AOo7dy{D@gf~N0StQz*Es+LOMfoH23!cCL2`ACA#%=)o3{U=}f=oR_& zpI({u_XhKPQr17c4pQ}VHbZ|PHU1BK1km{p-g9_=Mb(VXf3UVxGX&y? z#y107p%0+*ACfPEPeA8CxQLt3=~7M)?hBBCo+4WaOK8#^*CgBQ7cq5#Uj70`(GT%=|-IW z@h`gz`e&vU8MjSQx<6xjk?{Z>|FXhGCIYOY{*SKs9-L8RtYA?py~H5LAnW*-J+sKf z0UiGe&nhxzc9Cfs$xaXY9ICgPGv9Fg<+&Xe0rVZ3<|7W-o|on$27BR>y`YR7=e!g~T%Nk|M z)HTQP``7ue{YMnw{J#wSpUz)n9hWFcZFVn4ca@ z2aHc&I?UMfho#W%RI%ZJby~t8@I>UJ@!7&E7kWfrW&UkUDsDf zBC38Zhj-d=Ka3^r+pBW;*vr}bJ-sdWbp~_0C8!T1CX$hV*Atc2A4iqDO3NAqW}F* z^ZQTf|MI`5|B}7(9%P-G>VKl@-YvM(CC{15SFyMsatX(;yr}-Uym%5`jgVN> zJf_XE@tOL+E%V>M*~x8&(?8?+?~$$lp8mQ|fg9uW`Dgl1lyb!WDm$OMlK+kHrTXi7 z7cED$JS&v>(Hh=X#l_U;Q1kU^m(|DmpDvcvf4cw0g|DLhw5>*Z{nsn3zqWhSr1f7E zmp<408|A%h<@~C*|1qci|Mk%9_Wl8U|75oRFTw{$rd%1XgZc+z|ElEU{(TedmKJ$ z<%+zTKm8y662EV+NA|j=cOI4e-;mw4JfFKl!vDnSBPj9f`XF5&St9O*5?3x z5*&~79`{c=;{M%>a$hNTv>X-h-|heS#k1ERm8t(gIsd3m|60ZzpP_#|zy1|p<#OJe zl)c_Z*EKk@ensy;`zn6ESo!RFVfi|F?swQdAU}Bj6Lzk z`?m6PnIHMN^!7hq%I=Q17mCMXDaXwR+)h%xhtC)Na@K`^C+=oAx34XU=lVg&?}O2Q zcycF`1pMy-$bpfaj0Nari$&Aj)cAIP{kQthkoM0MoPXzjS3Rx&_P52Ydi}Y5G!g*_0MfK>y$Ee>3zI)PHA{HLZ31 z)9b81N(KK?vvqgwCyk1GOGHfPmHX#+!`waq<$TNX=Kb5?-W0h837`BM<3&*Y)=JDm zC_-{bs?|vA+Td!X^;PMUDAJwXVsY&}k)1N2q zMba+SefY%LtbL5**L_Rth(|!*vy|7CxPNE3+|hRI5#l~TzAx4NNR3DCtNROTy0{ws zLevfjPa9~w0RxT3ujcwnzxw+hj$FpicaoI5kQ>A_9)Z_U?n*MZLDE3x=W8Up=+Kk2X_D8?S4xH%@xd88( zWDm0SUVo$GM1i;aV;x0*^W-5Yr!a2hK@RUi9Bo(*zSG|XclS^AE5;xvAtU+umzr*3 zUgdoKf5j(q-Dm&A^=kq%sH>WE|K|rFz(2SAxaRoYZf@p0iu5-X{ym!e*wGYerW)q! zLndq*gLFyfnA^>L=sD(r;}IUvbIe`X31gr)onvnGZ0>{R8+eCeJqcujhxtw?L&Ppxu)`><{gi;$~!;C5q=VX!cVMEb3;&moW9Ks zLHV)!H8%w1Ck{J7`Ef8&hM@e!VJ9d*;r`GcP=2fd;0sWGVz3kbSNz;??@{~nrJp6j zkNfi;&Z}Fa+rfP<~>t z6OkD}JU7+dD2FKXKv5`sI)LF(*PlK>6`tCn!JeP~;at`3VezzJT)M!A?+q z0>j}CC_hoy3CfQ%0(=0|+}(DZ=mVhQ&T;eJGVP4(?BQLdO5%xHlpBBl`z%FG6V-?&x1? z4qg+PpO2r%gdgYW()sbqR5U@i*oX2Hz5u!b%1`n_JR3m#Sigb4%kgXg@e_l7&TY^K zAbw1hLgQXj?1T96Di@mgeCP)dKlJ

    |!6pkN^8Q_&uQf#Bpze@)NoU?*mYN4DRJa zc*r%B7d1C*ZFOcoeqI!QtXS#%m;&$<1wVlDlUN1a0p%yU8u|dlj|=@mkK%a&;>W6q z-*3b30Y5*1A8TW=58}sx?5v0W0P#b=_wGXa0*D{_edun)2Pi-G{YX!M@)KBt^a3b9 z@mIhfP}-%usCoCQBfiYX51sE#mo4Xd)B3)u_|tZY&R>dF8*B)DF<;B?PYGasA8@P4 z4(x<`FyGA!p|1gUg3e#^@LPh8e@3e!K0wDmgYYBhdcR~1tnUMAEC+wJ3Qe>+!UJn3 zBK|RG7r~E!B`^N?s|Pzl*ZTz#mQdQIyr?;+do^V9!cMvUU*~P&7M^`S_tU;RzhV|Y zMYn*D=9s@6#`p~ox&rM*$Yut{S^yfai8aN1Z`cV(Y=l1TFh61DFdrvj{3Zt3nT7El z;JqEtr#;fsY>e*!Z4lmtY~~<7V1kGHL5{;tunyqebwK%d&M+TA$R6bIxfm}3W+A-k zi1KMJo{s>32Xf%NVLlF)pDH6>F3QJG{o^?OxN_e1K#YTCrk~FSqW=K%vx9eI><)O~ zGM1ftim<0rkvXjd&vQBE%dWuqA8;h*50Y%(i}61o-URxN!1xX9gx38bcf|M2rXn9S zf86c_`5DN7X@=joDsQZ3i+psrRniA!52!N`{>AX$41b^%-VcR0&*8T~-M2Zs3p=5- zOVf>-L+dTgTYu^LQLBLaHAcJTv-r{R!0<;6Fdsg>e$@UL>pKBmKN|X^fg!~ALw|h7 zBw#1#`qA*G_&uQON6nrFhM?<5W3Ur+{b=Yj#0Tj5(FE)ST|XNB7vcj(Q~UZz@bfw1 z19Uy92Ros(OL#2dZcj0}FMR~lemyd_xpV?o$N!I5FJ%k6Im)|FrV?8vmw>H980iSn42Fl-q z`}INkKv+W8`OJ41_aYRuNBV_7)$w%QJd~d&iQf`dCJ-La7svAuO1qR7HGeI0{ww+T zsd}T7&o6TMQyM=mo{gaVBvwHmK=}!-fc`*f{Fr<3tbp2|9l_2s=URLvJ$bFF@-<=PcBxKxvoqqUPB5i}S8u_RsG? zB(|K}Q5rwVnW%4p&rZR9$I#!*#=U`_SkI6^{%~O@oL`~9c<_(S8tmg2;s>$~Kf+aK zA%Ap6`v(4m=SZ%G-@{JWg!TdP<-kr*euB6+LHV&^Cn!JBFzSCm`3cVezd&i1@}lNr z3vM5nFMl0Vh3of3PcDCGet*976YJE|5WE3+{$6N*9D}*_fUakY!cLen8s$-MynomU zwnRy@?&ssg7Oo9ouK@<9WdV?P=4%= zJ+W^+epAY&yr|i5aqk=Q@v~qq^W#+iV}9KJxId6Mf%8LR0PH{#^_7Kw&j{><(MS*U z{w>%Ev>w7C{qbAESLRDUz2*DMuFU20Ye-I2 z(fg?Nd$bAk!TkB?7|fRkiqQTud%?$O%pV7I{=7RL^SuG>C$+{k#XRBk{Q1B{%)bY; zUo?WSgng}%o=!&kI}b9T^XVfFWPs+=)BVg`eAodxpWcI=aIo{~b9ovm4kco4c;K+C z^JQL^{`F=rgYUgH&9oc1zu0`i=}3Fr)ues5=vv3d@6M4GXLI5u(!VbK%XP#<`<-?C zv{>Br98Gl(io4D$aQ5(cW@mB#fLkdU8L#x}(|lhnFS3YHm5F?q@Xq;N8OU zpCSAd9D#o94b@X|S^JnDuJvipVZL^*rad_;80Gz_2*>07$o*;>K?hgd-^(6nJSN9o zdHVqAmHM~sNi9tH>=vp1wm9VAloqM}w$S7j2-hOj-xh})nF_b>(4Iv9w0%|!V@+$3 z>TiofPCzd0vc*Grf4^O~Rm9Iq;b)|bPt03|`O_OTH=&;YGJpD^etWvsv0<9z=qt`f z&*AihAI;y@a>DB!SLe7ZZx7|TTXKWPWIlkV6HSM?`(kT4)aS}IJ#kR;ty)*#Mf_;E zy;t-2_03U~pO^&r+0mRnon(G~K12GUOZk~5`?TsglI&}Y=9ffUp3k8CoO-?Fi=TM^ zW=nq1se;`1QXcP7eK)+u;T>^TeQP|)?&eS)@74F8n;#?kK&6HZA|!Tj$hpa;&J+7cGvf=&vmKHk5hN$=bRjO z<>%+^63;i;^ZH71+`H%lm0~KdYJPU|>g6>5!5zo%>sl#)4s1pJc!!q4$je_J96vkm z;pguS;g*&3GA-vXV4SuZa>5CU3r^1U-Xsmbwr;l>hp7Yn>f7kIa20*sJrqR zJvTeN@>vQ!rbIk6T%%8CB{TC^e<^@$rnMC6l5Y-@z7nryr=PDHvAdbf`yQ)a zOV_i$&iBlZ>NP1U?>))olBW08KTG&qI38ObeC|qiw`HD#rh~_1zJ)oy!VL%uVxSzRSehD+0rvqGNpk?i_CIfwOio3Xxy z@_a{k5gsNop8;|2B=ZYQ58mHF)7AYF-j?_+2_HR2;$O?*i^ct-ZTvh|o9uF1ynkmX zFKXUU>+FWakDJ5KqD2M9y)?~__5FXxPk+%Xm!Di7l%H~IvU&S|iyvpik8$E>Ne(~b z#uQ-fLz*A^z<Y-D&UTQr{q9XR{1Lo5BN1H;Etd0Hr0A0Tltc2eJx_-rlA7SxSe9z6nexJA(p|op~ zc!b1UaOJHlDE(-7J>RJ6Hl&|Q0aN#IE(hHo^QRx$_m3_ufBvfTZNKcs{Kk4_mnVl# z<9U<1A9_$8d}wnH@4U{pKK17{M)qv@hFejM>ov(uDs z{r0nle^~e_oQVG941Qui|GoS?*qzfu?mWo0$1-o4t~#qeIqAw4_lNB4@R}}E-&`{{ zf7O3=_$!&|NAp({`72g6U>wO`iC^;bL;LE{wN7sISLZK#(7&0#cK@~ct6Z1eS?xp3 zU+s~<-0Eq5%x`}$KLzLTdv^!@Mfq#Sf0n-38RGt-aeuK~zkPK`7_mf?23evzs9 zze+!UmcKMz9c=#6@PC%S)L+ZB&rZ6Q&ZkY)U&qV$SGTY5eGy3WW0(1R`Po%P`a2Sw zU$lIF26K9_C12lnu9R0f=d+dMxc^!CtnsP&^}@@y5i zboXv1GxHL9KP1^U4&Uc$HkxpGA&nfKbs~4RMem2%HlePb+e13i==k)&!(s7F8I6Z5;DZPrNe?#uC=L5xl;_xfQy}@;? zulGEcLs4;`^gy=zI&nWs`lU5r$He`cH#oeux3`G9K3A@3i-Vf)RDC;0=_e`q>p>}h z+P{VGul+TRuAfd+$j{GW6)*|<~m zTFm9KB@xwnJKMcjZy@Q`xtYTU#r-Hvx8mMe!x1Q(w#aI} z)2(?dlb@)R&*NT0|5GAe{xOFfd1dfE5Hzxo^aIraT&`CL=VCD-A0 zavk}>#SNvr`ZBv*8mH|aao6&>`4b$!CGMK6n8{BW8DD;BA-=!7n&yZQm(Q{42gi@*7d_We-_N$k zI6b)Xel?wZDeXG5FFT!_^G``{d)Zyn$@48a9!J7!I;nlSX6(+#vies?OZhw#1wq28n&Kx>5`SriBOYoVZC$%KGyU8m{Is2f@_A1> zf0;w_^F!-P>00OiH|85zUz*F$7Wtl1cjf2VuELMBTP%sEq0E!9MrOD7!ZWkO+Y&yp zn%%Yi91{11FG@P>$MwueaWBnKUe&Z-er7-MGgsE%&e!t!4wTQYR7|bEwQ3$5Kl&c^ z`%#}m+eOwse$GPim~uHkzx#gn`1>a^eyaM`k?`x~`^7xW?I26s^?M{XC_6vud8O*E z=}mt2J45r8n%BH`{JELw=QT+`^@`Cy*1bxKAN$aQ<7ctt7jFmipbzlnWz0kDcy9M9 zKR-Ol?v8x#D-S=)_m^{vw09(;yRYT&UYzqwvAE~XV^JQymhV$%J3o)D4^)adQry)% z>9r9zXYx};_!(3g4TVmXQn5I-^7FGU=li`xz8ADS(FpD=o1OlZpDt3r=jOZUz05;m zRQ5gj%z4^)b|Qry*CI%ehkOnwGP{j~%0$IK7u z^2e>6pC8)ypRRQh?+BT1kl2)+epVFl^V`4jcTk~(-~Ir*E1#;@nwNziNmn|6d9&;j z;Qqq#*b>hJx~~2V=5xNdZR-|dfKCLmo@E@xUUl=hGCuP1G&*|H|5 zF}?2yMC^4fZ$>>@##m!2n4;?Fhdj2t8FK;VTXo0$U-a`?kmq8)Ju2VwtjceEHNl5_*1wo*OaoO~iL*dHj~dcKAkdMWdhsFOea(7FSY@MVg>?F{>i@m`l$L(> zRL@Q)ntsZ6k@Py5&Hpt0=zGv~T=nN!7iRLK`|}Px2XmfB)G}RP;Cx{>$j=Y$PfFK1 zHq2AfZpm#Q9?*76lKZ`MJmLyz7un*j<06k}zv#F8{;~4czn+)&q}F#jPWg_+pLig9 zKhPc$-jjT7Nj#+)ntp5vFzMR+vgU8xB>Ag*6yIO(RW#msE(e^3`T6la=7^M^?k`C_ zBHs)89NM0V-N^4(-;eHRru`vxm1C;WM3QF70GT;wijY;urU@xR+++j-O6j zyW|ZTKaC4NI)3`f<}z5fS=IEG@+W4ozFI!0N#{oVTjQr+mok1T?n3u}G=56wQ6wsN z#9mQ2gF)7VMXGc(=AHIgopRsxF6e=@TD30J4*ues5z>C=K6wDg`WuV(>~3QX?$?}TqyZbpHrWsZjQV1 zGerB%zUOqM{OpnS8rE-If7OwQx?I8UQRBD7{T1m4Q}<$Vua@Jke2Vw)j5=DeiqHK$ z2KFX?;-fjgYyR4d?{~LXI1U4g&#SxgQ>^PUeqkPzp93p} z2XUwE$LZ2}4xYrX`vB@XCbtQ<6ZQM2)khqUHA39eDshB4|0jv8=JgA&FU)NJe4*(l ziSL!p)y!UbUv`uH{Opy6iRQ1$(*DtWp|_tT>kyru**q-Q@?YHbz1vcrYdp3@bYyuc zx1}BriF;S=uNL=_;{M4V<|pLFMWUK9Qo6nOn!9!^RcI)27mTY^Fs&z z{&Je;=jVqwC~_@K=Vs#(t1jG z(EO6PFuT6%Eb%l?a{OLhzVDx{PsyFXQDar%Rhj%`&fkc=QNw&u%>1~`^7HeBOt?^f zbpA$S@V_^IBk@cA`5SH%{@%)+zoG8`@%)YX1ubUHo;hdiZ0iE6uQg}#wAta=GrL)> zN6(o(efHGwnQhxzEoO$tww^V9<~ftcj?eUI$3Da0Gd}Al?X4EG&YL#2^`JSk$Is3D zMF;UXdGzGj{bo*|6VCMP$k9z5KYP;jal_9GXWgq4dk!5xW6tZi57~np*$sdEUfVHt0(Sg9jCPIF2L{>h$}A)>Xu?t|C6Io(WuEH+61IYt?6aEL* z@jzC7l8_USUwH!guL1TIbL*MtU1@&I#aM&mrTOt7dk8=CQaJa)J{OljM)=%I`BAg| z9f$ejqn(8x?cZ67`C;zrG(T4BzlI&8h*4rmz#c)uOWYpOY>vi0AG-`{Ba=%#;5r)Z^90F zHuQB5$G*Ri0~6BxSZ^Uejs_=^zv7UCkX?`K17`=gLHOJYugAZXr?Z+TW@NT+%w0Tw zQxo&Q?Z;}E)k~!P7tGHOooilbux?G_ol%$DVJ5`$-o)8-)$dX{=Rn_&u8Xt2scpPz zwfuE(iEgNGzO8LS(`%U*5dq1;?{E(Jj9TWm+aZ5Z-ozjW=i=;k)JIhRIp5>l^O?2G zyF)mMIp9>#GIrey( zAGhuQmLF3N`~IDm<|k0T$Rr>uKMBa;d1-#a6|nE$g=u~Q6^o1qf8{3*IdDPg{CI^p zV+_B~y>j^}W7YTbS1O#OpKHL6S(oO=Yxlq9$NizUi9es_C-NiG&kJdOoS%?>UQF|o zgdBJ^%}?ZK$Sv6q*ZvN8zt@$g8=e6T$evBzH=AUVP;*gWCr}=TpVBg7IX?{!r6aEV6Z+V)Zz}K}+*ejhMcR%94=lA@S z$O~1o+=IJa;wLKed#cI!=u3T3zqd!>uU9ALN4hIeBJ(w96rC!na-cyQas>V(Fwr7$JnEl~-AxGoI!IQ$vQOG);ZpFGA7x6`@ zzJq@Rav1)(mn9CG{|{YXwH&3Nk~{f5>iEr%74dz#EnqHqm)-5o`STZ@+e_zj+7j;q z>92HGa63?(&06gjlm0%vzmDq!)-^VfIgL}}IuXdRiyEiKbwcYK8)shQ^tcXWb6Mlm zIoHmH#%L2aPMvF=fb1bYt^Y$$G&U}NpL_1FKA)Olv8Xwr-jL5T&o62#`Rj@G{B5i2 zPeNUoA5C{^UZ?Gvoc_|(e9LdS-$ug+Wt`4=jNLU|_SJZ#-%R-nOMbPQW#^}L&+vOQ zq3rSW_(pb59L3>7qVE#9uRV;zPf|j1OwE^S&Y!wzH>IC-cXPZKO8@D_*q_DfkUrnW z?V7**(esTwxzGRld?W2g)^f~}`{tf|6cqRC<=msB)5)08>2q&_u-kxHl-Un9dg|mU zlgH1pMxBnnvB}dWcC(HjJA3ju2s#dwx*5_k7Cc$(P!4p>NS08c*^+M zg)SkddHq~#-2TXw&h3OXKr}(v~lCd zS!1S8pCU1+z)vPV!zN8Xci8x8vnJEiidzX{pFVNs=&9E1@p#73v&XkC89wNQZdS_U zHe**h^u=}_Y-wg;Kg-rNQ&vQ^-)I724`n>07*B5?b%Xz-u z8JK68%MX3iM3=NM1l@mMzjLTwRXdrcIm@x-EewJ5C--O!zXwQvlJ%nf_SH`2w!thX z7T~wQTzqF``gd<$;LGmj7C2uT`}rNp{w9LG`hXQ@vm9QG{Q!ZLtyvDky_6R< zm;bZvd->9jcO0i5?`dwAe0mu1liq)y(vMSse$qD0d?-KhR*(VW$3`nD*`gVv8PeNt z=vNrf%tz;9)WdyH&$n#m<0(utqxd4hWMg*$I;h#i&1RLQg{vhlGVz{4o zax)*wPh>ds1Bf3}rh@T?!XHTD5j^naE^g*S`EiFq28bVu&l%aw2l3;8pD=#w1N^w) z$2z5%58{X73*ue`;wJ%qVk5veK>Uz@4Dk_&ABx|=PEdZ5_$@&%9%Y{Maae?4@`ffcPPQ2Vn`s55@1{SqaKd7|%-3OLrV2iC?&0e{&X<&t+5P^8`dd{VLH1+xl4F4bOvqzZhh~d`jQ&kHb!A z&=%!qi}e2QO^=iE;Up9Uz+RD)XS6nio7$m$f&7;o1{vtwhU3#R=iW`(@(IJU&#Mam z3Vx4HpJ%nEBl{0f%RXK)siQ35wNqMbqV=$nub~5W@fBsC_JsSG=DonY> z!C&V6ZRl@s4xawzjH%#rZ2I|DjLeQ-)JpN9{G2-J=sx+<5AAPAmm~WcGC!44{6w4J zey5|n8#Ba5=qr>D*P^@`JH&_XS8Sg(1be^^F*rWNSO_0Ddx#HBf94%jM1Y0*jm}R= zOdaB*8S(?AKWiHN08O6(ge7SDwCK0M3um*wvFSq$Avb;9^#J=jGlv+$!KR-;&Z}fv^PSCkZC*!oEsbXsIedUsRhnkTGYVD=GTxGOR%5*V#q+p(MT_l&CLyb z=y@UT68HmpUP$1U28N*Lg?O+NI$>DYAE&vsfe8ZC51+uemIphb#ih6(o+o@8o)5SN z?Z;Siv@dUO;DgS$q4QHBOCbY#X}(gk;ScKh`4+3_6`tC#3j!9Q**vj|)3N`ANb~P=1_sct3#hlYpI| z{6yE|c>(3e*?{nXUdoG_`)9e!^6{hT$6n6q$8z)YDzUGZ*{)nI0TIPq&*U6W^+#PtIfTo}D+epuV@)LOn=@(Fb zB0C`i%1_`uqz^#(iR^+up!`_7k^TVXCki`3`LPo?&j---6NjCU;^%#&M z(DW1g5Hg^b@}lO=i!Yg(kDmq4-~$3zY!T-#+Q%^S`(hK$W3n4yUc#1;k1`I*1IS6p zg!L$2Ov6Isy%_Rw$Q2lGgdBP)h z#Yk7WlovHmoiQ_S{oeLj=EvN`{LnsPzvHI~__$-Jk5M?^!h`HB8|vdBocCgyf)8(~ z51${%W;qVF2Yh}YM`0%rA67H)apzDU#D@zxaMw^Di!sigfE*HXlf%YIMN&tz&Jrq6G<3e$!& z`G2AYJ%76WwF6XGC#L1jc;A__>6+a>J0JeqmLqf9c%)s-pI5h+(O%4K|4lfV?;rfI zrXhG8%J|O{_`IeeoO2EPyC2sygx5CX_lPgPr>2h{&qKZ(=ZC#t(}%At{%N{V^P)D_ z*UXo{KEVDybh*z-{k5SC_(``9H{8b0Yfk8g^Gy4hDB91of0Ye8;b%JE1bl@C_4D!h z;~d@^+|Ll!uZP?O^P1PN>En1j{6f@RN(t5KV1&X zmV4F7mP_O3%A0m=&c{#BZTt)S0JonnZB#a^{K?HvoBQ+qoZY<)VWT7Rdys*lmt;TB zbfkyO{MmaV-apPmQGGU`eMk1_TfGdyMlnw3so6VW2gV~jeP3C-aK0B1hMXDS9*_N# z+i)Hja4-C=iAc}y;ygCsg_Rt?mB8--y)@mZdB&8b?ep>Taa?}!1M~CPpYYT40)D>G z9bF88&c9Jz$?S_JeWrXKmA6Pw>Zbfy%eokX@?-ADfEl3tIIFuD!h((9b3&R=;ww`o zen|GbE@R}}$p!~QGb}84A1>?!<%7mi393JhqY_kq8b>9l{xptCQ2l8fl|cIII4X^$W{#uMSZd}t zDvhNoKQxX?$Q(zdu~fa37d3ZP_;7DNevUhXe_fg}sbN7KJhVWEH zaJd)n|IsEs^qhLLrimd?{qEF4p!*;L1sCJ}_Q(5$A3@J&a$qN1_7>{S(<+$6+9p2q z9Q(wBkb%JW>~BBP#1Qmcd*>ni9{85p1Grye6~Y7M@%)+XgEwBt&hMr1GwhCyALip{ z)I;)%x48c5-H-T5w}1Tpd1^nD>*(W0YX1zt`GMs-`Y5LUQRIIYGT}_fRDTC5z#s7Y zNAY_Pb^^Um`y$kT6+8MM{oL7TuRtbz>mmNZ=$|g^=wleFI*L!ruhSuW_`S;EdfEMH z_n^K~KQixKoh>Ur2$xp>|u1Lop2Jijh>GV>(0zEShy)@4m) z{1r>QU&?yC#Ln#bb-Qjxe5Zq-#W)YPcad3A0{vW+UpHZ%SKlJD2T6crX9?zk^(!(% z&jUXl5&l-p>*-%)#v$n?TBHB$Hq7f8fb(SoxM5fDdwY>_2Ns!=P(N7k4=qLb6N=2f ze@J-95ytUF;oX6GXoC=j`hU@$u$C2}Jys-7pFW?IqNi))ycZv)@#P)I^85{* zzuIUn+V4+kD8w}~KR+}-Jd>XlvY(D~1efc47bO2VI1i#rMdQuK9Lb04niQfxfS&`AI?!z+c~Q&AU?fRV>KJz`DmSd z>E|lq=UEMfv^nap;V1SK^y^+Pm40GRgRhPm=QqSKZyx^2PXco6*!1}g?k1$CPW4j! z*v}yRarMk8;KvH$d-z%K(KmgbgR>cPc#lb+=U_hvKH;zYBq7Iff4z|H{mT|Jad(@A z#E*#PA(_AN_&oGKJW(;Vzp8y2^Mhi*ztp7tRVgj46Zc6gWPVBY?EP8ZcG+F`eNg6) ze1qNXAw2Iy%g1f&*xjp@y${rlxA45On9OU@a&N|VcDDy}JVAM$X=kvz&iCjn?zhj! z_hCl+RGiHuv4q5|c=(r|b0P^}F|eRa3u&`FGD?ehMWXHS2F-hq$<} zyO*EGTE_Dl#Mw-h^kenpbTv{u9zKra_r|dMBypd=TH+BN=8F5w>$BbGiM#HP?3~K$ zja+fh-B-&Mz3VlTbS1ngAM50IYQA(rD}Q~8IGeY0f5UR_dZ|>*k@y^W84~?tR zrTp~LeDrYk{JPTi7rVFxKc`v9>7))vXO5S3lICu1pIYMnowOg^ZQSlC7WYQB#Iv8D zQ`1}dUcy5!o=>(!!XMbodfBgVJW+KQbB~yjEAAhjnSN@>{!nf9p?n^RMx9(SCqF+Y zG~k*{`KcrM!k)zMQGb788Ga63FRDB|`!PRfq6W7IEct=GlHJXG-jBr<_k9JT?_Ra(<-p4#4?yB!yb>+Slm>)^*rriW~Pn2i(gv38zOjpcnA3F59On&Z@`G)O6 z`b`q|ld7@1o_iV=_gy*rkGSIg&@sZNTq32iGov_sO{Bii@V11XEBjMu`K;y0jzw}`X=jEde4&)v?iIWaeXh7WV(RY? z^dD3}{OnoE@q8-fbNpZE58PTd_5Br_oSz>(-$MC`pC|Q2&iWnaHK})`K2?5h?#%qV zH)el-z5S)s?k0Y(jR&bU1P8M@EWY1#c_Z$BseG|5gs z+D{uR#u!WMUPk+6gUx%H2xRS-^&neqdZqhiTlB*CK(AE4tOq$9>}9kcHrTS43ARO? zZLm)3D$HYroP_)q#+B?J(T~;&<3{azrTSrGknQ#u`w>0VY+GmP3&f8j{Pd9Y)8uP> z-&U@c+P~OL$)A37|7%S@N67jeYbLihO;_jWxhWF9j)Z^a zTIN~zgSNyy_d83|)%r1?G+^G8pQryN=}LG|eGjk1`72h1%Lmmr{EUQ`_GeJ^%H0<` z#e?hv=nUX?rt;9b3dgVeP?tzN=r;AQNn+k~{?A$8UyI~?i!~VkvVTl}f7#RW^P~G0 z$0h#K_Ad^}cfCEI>mB81r1n=>ynn8~w|yt^^IPKXO8nkA?Cvz+@KJF;d4cF#pWTz< zUUYqScuVvi)lur5D*V12aW4^5!`0~Y!OX1mBj2Yxd!m2rr9;hrIiJ9po}Zun@$CBR zrs4cN+MgqjX)cj+N%vU}sK-m39_&fk{a}d^qHmC&U(-)W>M6~Sw#0ME>ylq2-D-Nc zE-BBmjh|onANP>(c0AAjS|{=7@6=rIugU)Y^7^>dq<`bY3MkipEt}%U4Idmoy*}sX zG_Co*8t>_sv%8Clru2%GpY>Y5>}DRcoEawJy)7Kxl88o2{qDTT?#kP9n>c<-QPJb@%~lcr|*p7_p1HX znohP&W_NFI_V>jp^*KG6zRaicHnAh~;z;N>Q~5c6*>(Q-jyRjI zr2YKXec$`Vij>YTqqvL zKPBZxd3Fzo`wr>4NIATn-HRojDUOss;vN+D$9qe7c}^{t z=8OMaF&p0T^*=KCDJ%J_N^g{+d#k7RFSgFf&yV*pN2L5bxQF#kOvx^vf6?}HPXE}4 zNAhzf?&NYn%bz2@l=4&d>9gc{ztVP;^iL`eM)&U%cU!{8rJmC7HBDD%%D8~Khb6rF zheVz`WpLX}ewqtEix;E+@a(E)@+175_PP1_nT+urx|ARN-ieLmbj`ll4s8d=qxEt? zJi19gxz(B5Ey~Zdo3g`qmhh)({UznOE$**LyV0{ay_JajWzs&>{z=vQleam3bw5$U zuM;yW=Jwm(IXa6UslTjd$X{PpG?xiK&fNU`(D)Z!%FnG*FPH$g1KHOY-4|8e_4&Vl zUDA)}8<8LMNXqkz`x0?~T<1TCyC?3kuQ;@QUTs&`juKPSX}t%OgC znGmz-4G;a4$xmZxAGWH5?~CGU#<@rCdtQEi9L&3*OZgdb35U0$+2cEUzNWo}(^Vn= z%ruwqiJQ2*42b*DIqtT&KOp_s);C;#g~ffgw0|@`%oq1HGCr&0h7oZeDeX+_cuu#< zr>4`Ogj@DauPww+=q}c)x16v12>5X`_AmC%&(DwUUmTbChHAUwH?D`p+1x7QKDvL1 z^0QIDHy_OI-^kt1*OG{I|6kp=w^-bNk@8CUQT^jm@Z<+TS^L!NKwKiL_S}lK%B>*XHCG#_G!X@PP!_Q2iEkreq~}&X8Cirw0{iN$GP1y_P@q~!t~vwda0S4zm5=n z-2>VCXAZbQ(uvg9`uq7h4khl&&k52W>wV4dUHQq)r^=7kYnpCVzm@Wxm5}%~eH>Vu zoqlZLrIwg#%=@~_VKoX0>L$i8pPIkcbt%BU5b4Zl{Ubj=y8m@tB3y7O-&gmi*83Do z|Ax8~*L3N;i-hcZqy3UPuS3J@ldPPd9Y3ZW`d2yWAJFhJY>B?Z?C?4xB`o3X=FGpo zuM&w*`Q3Qc#YOqj&-#fdp9hpn?|<#)=Vx!u_^GC!L{9nhe@prqDg3B8|C6mpJiA_MVF?Z+IJ}-$6q4|h#8iIl2F;((Y5 zK+Ctj+^$eQJLilODL+=uIFa(B&!y&yE7ly5Z~pVrfm}kkpYZ#;e1S35O~(EJv>vW3 z&NrEKw2$D|D9^DefH(SR9~~#7e-{3p0~t8XF~-_f$t0dW+6T?gO%!1MF8m1VX#Vpt z6){F}w2$xsD30|fk&>f*Jhzwpa zd6Mbpo8J`uZDH_vK}{dMaXwn+{J%E0BYdB9_^a^%nfly{`OBoIH@_z42-h@wCxG9K z`GdDsgGRq%K7Iu2<$zD8!+$^Kr(cNmaX=CcLs}meb8Gsz=?0F^y&nERay{NR{G(UY z^l`(8Y(6hYWZ&;#`Fq)oJeiNb6EJ^~F6SNoF281JdGMEB-$LtGV}}(QH`&Mst0>itzS(*b^?eG==Tl6kHq}N zeT{rHsLSa&_BoyxDDA=>{Y%Zc*G>=S<8O@cXURPK?fLk#z}FR)51+py@Vr;yc>$k4 z$l>cOA3lGOL)TkAeEyCEUkfZB#Fqy-xybTCe3{1Jdx_szg(aKB}^A3*C{UC7D15FbG6TN982E5JXX{KYS|3_{g%Z*I#o!%DXR+pITzAGjRK@&=2K}(+caI0rNV`G1v*ZUfhr$ z(B&-X6D)5$*a`O>gZwiH`3rFoTHeOLx8X+^DzXJT;pWHL--Vs9oqmti?YUfk z&^&pw3XhQDQ{}NmFWC*zV!E9 zW9HAR%KaDjVSk?Lrdo=>u^`er3Ge&k&OUVgZ2S|*z*pdt{6nx4W=Qz(r=1NU2!3h3 zZDdbpABQ9TP?el%5p=y^1bzfvFX+Ke(Di~**a?@717D-5zV7Bj*8|4jN7$cW{sJ|yei10` zQr^`3y5GZIKK|Uj9D`ex$BSrvV0Fw|K{D_!+OLP+mtM!-0zO|%@7L5}Xtw{{qgjp} z-NXao_9#PJ+*fvhgW?>&EFZyo0`2(e70&n{=Sp;U*b@% zKQ1_p_)F*CUy;=4yud`Xv5)IZAUDAJwui8fEKm%7Y5y>5ZDSv;vHshei~I_iaMDGr zPw3&s*bgVY53ThG!UL)E1z}GBRhJ_Dp}uk+Mf`wQ44Li^JK;1GSpy|> zujA))X5jgO(k|sq&G)Z+as|#$>tf0IG`c=>;8={m_BbRJjkAEiL%38-ud~~F44>aq zEFt6f^Y^*EJbV13FY0SbkI_ro`*^4-(gWHXF~|h^o+1CxrR{xOhZjZP3l3yLy}^)A zsAyua6R7=Rjl+Hem$mmX8|#PZ_wMEGedzk$2xP(#ykGYQv>&c$?_&YvSig$Kg-qDv zfzRO;O%irOX_wY4YVPj&)NPsP^Uat3$>Kiv9%z-`AJ|*S{2^QVmzugi@H%n-U+)i` zyAQA>_dQkm<*Z@Z>m4?{DE%$s9+dF9Z?HG2lZgQd@b3-A`-MFTly;3254>*wdZT1{ zR{z|`!k<%!l=gZJv;HgTC%*Cj4F2Z5%zS8nk|lb~)Bei?JPxDzp|84s&+fK_SN`mi zJDCum{6%2*fP=kGY|{UseCKcZ`!~Iu&cD`T<}WwiKib#HyD?Z-y+%9$;R(9_jNK0a`tsXc>2!MeVr1BKWkqn_-F3xWWhgkU#A%2%iPz= zfn3_YMY(#bJbzXB<@xxd{hh3>Y5pA9=ShF3<{$0*WRDwaGWUJ5#t!wri*?^8d-PD| zPxgKC5I%F?rv$=h?)zlM5B2%deV<(TXYTvtz&~@}r`VXG{&%tN`{Y2*-1o`D{WJG{ zGVuR1{xtup+2fE4`e*i!Zj$`_Hujfw>Q`2pjCV7qzd~_InP^wj`q8+!Un%nkbv>&_ zaJkHv%vY`^6b@|@Es)lXWgXyIg95VbQbsL zI*I#XJnyGO+#jid{L&fq_+sq2F$UiPIaeK#QN8)sx{D6YT7P@sPCox*F8W_=oH5sO zq0IkY!u;ttikdBJmNgae7nb;H$aBSB;PHNOHjiB)<#^7xa#4=EzLz(2oG)kGv;!(G z|2rj&50buJ%v?;N^-%9dXJDTi$g{^FKT|zC6LOy}sq+oYEbLPQS=)sX$fl%=*^7E3 z5yE%iZ0x(!uZ!7E^?EO~b09nL&%Km4b?>=#_*|-g3#I*{<6j=WKWzJu)cFq9t;`?y z%HZfNiGbSGluB)pFVykVobjC(bKI4uVk9hW(~-FtFD6r7btv}(sN4O^v;BwH%J$D~ z2gmVAt-mGn|6%Vv;H)UJx8Y()LlEwe91yh$!hnba5(ZFg@(_dz7!XjJBq$&wAP&Y0 z0)lZw5p)eLD1z~t0n-&hFpm)y(*=da0FELqV)~xb=bU@H+dI4L_wIl9eZTMR`8`v& zPE}V|pE`A_y6RNb5y-gTA4ONi?|%pVLciZU;oHBzXvWw{)5f+PJpGIdr%aqPal)YU zXHA?jcIwP-)@c)G&Kx^wqE$3w`mE`CZln;qSv@a44_p4z8JGpwj(_UdNi)3zG2t0D zapv@?IOURd#h*CiJZ$Gr$7N#M{659AXuJLC7xtVpc-R z<+6=6amI}4Gg{$^q4X}EHg4jK;GLRc8-9aJ&Yv-{?O-q7VLijTqMOxwV$rP0|73Un zKhG~Ow4R7(`utUM38Usqyuo*`_I{;@qK z&k(lZvowM6_r%!<2WbC#C#R}$N9K7LHy7zu$N1+cq(^9tdQ}bM$qwQJv|kL}A03eA zf%em;`y&JMJh%s0ZldQR9MJu1XHzfn6|8-L0_9Y0N08;18BmKs0JuYoob(DBm} z{3hu5X=!!*259`$X^-&~gb{T7)Ik{G7#e@A0=0~26fL_Wsb-$T8W_u?7?R`@2c%J!3`{&h$ zrc?gu{&|Vf10in%4egib9tZh2cc2H|FE4)lK#V63G*i&<+4=asKVzVWg&04e@w_tl z2|FQA-gxkt@B=432md&X|BV>vq1!#+=O}#7oi)%y4}@Fz9y16h=ze<+@TrZw)m5k3bF4&p?M1OAPcW^(U2h@+&O>&(ge!kMq z$9RZyI?Cg3h!0#L{>Zoe3}NVX9BvTiK^UlfQ}^>q>u$@$zk*Xm|25(9XBt1P?VEoq zg1pgqY0(0VX97B28h0^X3Fvrf0>245URsLZgtsA&u8qbK_Y!oxG>I@mYP@tl(g$?B zv|lS% z%Xl`Rm-0>BSyc~a9KRpko#iia9m^lB1IVQR?3|v4u;vc%qcQYZot_@X(EQHP=vTo{ zXoLAo3*jz)6J8v^;Yr*}Q2iIjZvyGR?) z;~f~!iNa4fy$$3C&$IBGp!zQs>52VTdZzSW34Rk)|C!oI4^aJ=z;A+H$~Sc*Uv7FX zll*mR!SZKyWBEgK6{x>E`v=>v2;`CawOT*Q(66QOB=u{4)IS+T>W>doBCp@8;nxod z`ahb7^nByRWeE5CbK3^f+uSGUzl+BEeEHchGU$Ke#$bA-qk{f0|I~l+wA*6fUjrTg z)BbaOpTvmr{2STP;nOD7emoxy_FIe4iFSsj`E|@fJl~h!*6r~XZeEF$~ z^D&%BoPQVLyFW|kFL6qivda|8FLi(0dG4M5@82C_AC%P^^Us4TruV;D#or(J-0?1T zb^n_^LSHQ38EQ`_WV7Wl`F@k{+?4!>?4i&MdDmM@gYosd^Il2ct4W65l&F~7hYE&k4x>Zr0eRHf4Y7?k;C(R%BSw12>-V7d+Yn%FY7Mc zUzu*p1N!vfd^#U7y-?`u-{*9a^LU&fD)g-Pgf8nnMhHD@KUXAlb@ExQ8B5&0-MV=8 z=Ng_A`+Tw=id9PQpJT1b%s<^fNBLLY{sYRV@c4_K+ZU7ldGaJ9<7J(K+NV)*(slPn zd2f-kwM;hQ{dN*U5A(ywdp|06+M0eu=qrS-_WZd*m*nsT7QB9{y7nm=|Fb7@`KkWP zeiQK~Ry428AF(+ z23`Ll>7d#1u6T%!mf5?;sokH%M>FDGyF$;cD)iNArz!EXg|3d)52aV@b=I-|`m6It zb6(Cewv!$|bsu8>>3ggD$)c+071lH=H!qejpWF|*zUXrsV178+3iF3W!%cKFun_%S z_{~MbO%nb}s91>>m>+__=$zrE$@9?n?Qve&48$Ej+?@HyzO*FCK23X~T_;a0mX#oZ+VQ!r}TFM&(4^N7l#N`uTUH)ZZ@*?6;R{ zsUt5BXO_Pm-*Jg*dhf|RjwAc2>Vp#(GheM`+@H*q0B04;cj6MB_bCv1-&~IGwC3kd z7W%J}zFW-kRX>gRQtFAscP0M$OPC&;!|_)O{oJfz`rCxQR`v;WuH*7g3O(hh;D|f= z?#6-hlWPe7>J?zW)7#SgvmX8L@Go}!KjvStyqNM&<13%S{97yWm46yv%RkJ&gDJ+z zj}ZSVoK-Z?FMrCvlj@@WE=%*zdF;Q#Kex@l#y^dJxct-jhs!@l_^0lbgSL(F^KX#s zFY!C-uUVevpBw-0@Go)TAM2XdWB$cL{L}c_-ww;4)@zkNjj#1OEPvXsmdC)BoqwtO z>g7uU-*2k_#-sk4zohx+KK3(KD^<&`IHzd)(Q9bdRJLUOy$|)cPzF<@vmb1T<*K{aCeE zu!MfW+ngW$e#;kncd=JcdOM*v7dtDZw-@?=UBPtJGVPul___9%JkEmQIqzC=C>Xy$ z=;{>74|Pu%f5$<;{H>Gmmxddl|61py_6K#=W#*smpQ`-(ckNG8-u{kd+u067_f^&R z8+$5$FDTuX_gp%G`J?ngp~pk}twx1@bB|y;lZCF1`qkZd+Tub#|Nbug%XtF)J3h@n zcm02se>*SX_m1`F^N;f61tM4TcbNM}a6B*fXtvi>y7D!=|Ew+PG!Z^&`XhwCrsf85&RSP?P1(`jqV<^W}Xk zsn?Fs3x(bq!5# z&B2@(k8e9KX6B#n|GP&X@SoCux-YQSQ`LV;w0f9hBF(ra3m z`1z;$?*pp8C#L!5zVx5vpXxs|G_(G549k_upXxuQD_>LkPxen%zN-Gy^#7#)W*(mY zD{Q*9sh@u;f4>m_^3(iFCjPVh`)B%3>R^H?5qAd1N`;pE|EF|MZJa-A8gOVos%sQTb0?B>mwC*DraDdF>k+?>&m? z*%HuI_EAZm%KH*Tgs$gRR!eRuYk~QYQ(&KUC~B;)qh|YMc)!ys8~0bN=S@b< zZ?Fd;`vv>AsIhlP&9&or{=E$T82op@WQxKge?+mqGinO(!sL&ep~l(;yZg1AUb4ba z*eOR%_8@*`v|C0xIALN%mwST7bahH!=t|T(A$(^LG>Q`_JEXa0ajc z{M~$pJ#-j>`jYLmR*clzVnt z{ZNp9ZDc<{l{0jam>L@>LA7T(qAh&wz zd;sgs%>2{y0rp6GF|~h?`l!#F8y}8h*s-By}^;G53 zRXr+lto;7?Ly_;@K|Nr%X1XKk+me2-g`6MVhfm8vf>ZWu>ObwFRvl>lOeAFgG7bE* zzsCOEqon`$*5UClTlK!wFMUqpN_h{VXG=h%XM*&I&_5azq$|IN$+;R@Pc4c6Wazod z*9Sv%PKk&>XLpg>j6jT>J-Zl<=-VgnLz(#rtq&4 z?O#|^t((wSdMC5|(fT*Klz(dflB~~qSsrI9OFz#N`BQ$3J67I9=$72@)-zJCg`Ow$ z$CE+2@^7po=Pk&0Oo7DjB=$_IkClI~KE}^gx+C#d=sIk9ZjsQ{QNAg^KVRJXd%yf0 z5dQtp2IB|VbYBVZU$lV7X_TJg z-w{#|Ugr0(g%Nk3DBqVtFBE#^dsyz=eJuCNZ{?rzP2JH2Ck6U{%D?U<;9o&bihs^~ z|5^T(w?F^9&ivlGpS<#KN^y{`{JTf??N9XM?;+*iq^`^-<+t+h4LP4q>0$n9x_QFT z=LdZ6+5ctVEA5W7zpasA@|1dJexc}t_cQZv{uWMXkED0rb(~JJ4fhL#Y_6Anvew^- z1RSmXi=+8{a)lm~_B8R5$iL8!knaO+m-RhH%J~vX$FffEdh-p*PpDnK`E04bLf3h` zMWJ?F=kX*tGg*G9`^7s4=lJXIP^rK7S4ID&=@F^@>ysa3=AXNZ6IA}iAK?5ZZjt&V z&)YGV>1Ha^vxR=WwiBU#;a}gC`YYo#mc$R+2j>ZWf{f#6`KX-e_nx-bw!{zH^%e^K zsaH6kdXDA@p{wJ_4|R{-|NiHG{{12HH~&_QxirJ3DRNmKW#-@e+NF#j~)>MpPRCh;$|VT{`Ej(QySt{>$XZJ+dq)+Mg0Id3j6azU9uC!pJ{W-UxyqQS2J+Bs(|$Wvr4Am( zz;9taVSdF99%#KP-EU;%|Y9YS_xs;#E?~yg``ok}OyQKd1Zi)Wi z-|D8$4{*0-mcRLu^d3q74EgSN`tkRsK6kc!pW4${4)P_Sr|3(it30{#ou+hK6B7O8 z?%?@3m8U-vEKja{Pw4yo@k5Y4RMPpqlITC#_j#DmQ|m}1ozwNX;%dItJ!XHa^Stkm z37pHDetA0c{6>Dn*9YahS2 zuEU`{0_ZwP*VV}Tk?hm;J@ytJ6zc8gDD&XI%n$=H9zCO;(Ki&UZ`S*YN{@=Q9aYFWkucwR? z*9y4@e(m%c)!%Fxzt{5@i^`yHPRdEoe|*CHljee~d%cV1KWgC57QgPZp>{$-HnU{B zNY8Ij`OtZelAZOTaO#3#@Rw!RH#frXcE!4bFA*N) zc@g(y#NSol#H!XeRoC)3ePlP{A6wt_gF>Kj`x5x$@aIB+$e;f=Jg-@O;~aqA>{8Xl z;kV$|acXA|(%)Op+n30~^ONwG;C|IFT7NrTmi)x8{~VeB$iEBY2XDdt;4Aqq`jq*n zUv%m=JUGzwi!FJ+OgzLTJqPaGS#_4wF4YX6lZ;ewd`BV4RXxaQM z$e)nSkuv_Aw>rlo>G?dRpE3Vb52<^D=&z*c5lv@c1J(!j1>6r%evJ@%Y%iy$ayU`w z?tbQPt|T-=>2GrX+7kLzN?*nEkILWcHT?%zf2o|@E_8Dw_Zw7>R)y$MN&iWq+h_B0 zCktKQL){G<`v0D3{qJu}`3BqN_LA0FMoh(2|Kzkc(Z9xgU!reY4_^Popg+>2t%sd1 z!q3Eh8yyf1)Oayi&M&qLt~WKmK&~oc{ZRqp1GDC0zh9 z7q&Ho@-F48x>v2u&bUAM?Gt$3!x_!}l=(QvIO6?r%HN{D=Qvo8KBJEZ+OH#t{e#_^ zeLPTq&mN5ZA7}OP(E1A0v!3Ah#eF=SkMQJa*gs)*9}nKXLOq~|F6rapYzPq5E2p@R zhhwo-5TzHL)5pVG)W5{@Vwd*u@I2-xDcoGv$HUxpxW7L1;N^Wh7^$aJP#=EQogEt)k8Nd%_P4c z_GkVk&td+a{z)ZpH@JVfjeXhTPY(4^!9jlEH*?WL1J;d24rm{?OW+4m`?Nhb)IhH!xP9g7{4ZAxz*>OuEuv+u)vFQEIh*^A%@bf31^-9rr_wNKmi zm=6Y0`?M`bdVupQ%d0aDzky@1zlL8gm(&8kQGeWpLp}V2_1Prv@eA<2KzWz)Ro%aw zF`{E8{$7an*>qW3xt*bTyogEfFHPSs?r7|HP-&nCl4r_KX%+Z^g8m$CR~={wt07-W z?Ef6k#(pUP$)D8$@>gx32W?lA@DoZ7B78jN*DDP4a0d3*@xT8aCnNm$bp729(WUn< ztA+hl02_+c?UN4wrH6!9M>x=`i23Da4K#%6&?o-%T0+75?>|WU1^AwKxcptW`p&XU z{57)wLgE*e-}ABmbi`miq$E80J+8m>PIQ?cg8s_HKVLgs;eGJ8W%_+*q5k{Bb^lLJ z4d)mP35G9%zV^4ny|C|=-{0b-pg&;;^RxQIpg$h+U;Iiid;|2oKYz1V2K|T2-%87m zdNvb(6JK)*$rqTvv_E>p5csmdPq#YyeMb%QP~ipe<6Ow|_mE#;{V51-T{;*JPkMZW#N^>JBo5_V|!D;8sy=d20?kf5d0(gjT|$`!^Jp1!!OTQ zUCVyA&LHeRf;4~Q`c(7-_V)q4ME$1o4B{{(A$)}WEoeV=w?5(nFFY*z;%Dp+MEFDe zpW-+0-cIy4d*Yn&vVk5Bm%sZvRz5Bhf16wd1%S&L!~DH1i~0`q$CtKmu@1crLEE=@ z$KHmZ?VH=Fw;^czR@%9@A!z%SDCmv;LT}zT5A9o7m);(d-pbk@-Ef8 z>h9h;{{2k+jWuEYYkd2wN3g?)@>llqD-OF@zDO59a#qB8)Ik{Bisy=>9<^h)dA@gCYnc6u08^OYqwR`MW?q5tpF*3B~c7 zp!=^!ujyt8^Cuub=s(!_?E&LiN$T$)E@6L?=_X@L9z+WuMyBb0Y3U)8;1dyhvm@t4lurOTbg-%)hV zF3GOS?|~@mPi>DPCm{dOk0oDp_VDp`X|G@JY{~%l5c?y^&W3O@_RFDr?H!#BVU+B5 z@9gYs2nJnv3U}th54<4ZiEBF>!W-hZ9_efdKP}|=_Bx~ojM~BJJI~>MAR*6Byo}$# zZx_n*-$r~O>l(=)3MK;75`W1ncpo4+lEbaP;dwxLm-1EJ6IU$xYbO4#knguxO&*7* zb7&*J@#Xk&;OB&Ne_#f_A85RoctV#mn8#7r_s1Vstmpixf8kvAyMHM#gfk|hEYTlJ zE-Uchz#qFLo!;l6`#-yn?~mV$^Cy7*3HF!Vhx09fzKhr&adEx{aP0l;H!IO`0miRk zfAW4j4;XVg^V?ceU4f=f{=kngN zh4`D^AMjEK{OFtJ?`C{2DeuU=ehBR2eolu^dkgwwZ`%JM;`{wygzj&S^6}sQ#7DvS zHoian&ubOpKRz)6{fiwNgYhfB!~85=+s+Wy(SA#m?B1R6{EO~|oI>)#ok{HD+U`QixHxAEFIFAV5$2l5AfYu9Y!p%c1g zf^awv7 z+!}=bRz98&oQd+F=fxYr541r2@Sfie=>hZFRzSZEA0chqcu;-nM%oyHp6^hEXA?F& zi2ULFwW3<^1C9Hz-_*eUgmNyGTXjd@GUb;{@~ht$$={g2dvOlo|NXv5*S~Vu`=|Nm zF9$>>_{VQI$^2Dp0Oa$FnyLNEoc-L+Vffj*)TME?N~VHYEA)dh@08fh<90$ei=N$*8x=x@Ht@pZli>eIV&7Bbzvg~vf1q4%i-`NsF8 z^+-EYHm039>3q~L8Mk%Dwlk0Y$ohkHP;x>$bEqgCZjEmzsr=bdxmCB;C##l$zg;w@ z&ad7-4)tj>DxqA7ADO@0t4MG2FmXv`%&Q)evYS8mXMP{Mme{|@{W_0O_CRApxTz-Q zAKT!(xYdn4)ZP#M)*9!b!B5zT?`fwH<8x~od+0b8`W}Aw!Nwk*eOmMr{Bc0{&rRSr z;Q)=FLSK|p7|;pruS@z9zdew?!FWO${DjsRA9Ii&`=Q1juDb^LYlZP8_zARslhX$J z_~FJLlrLdd z{^Eo8L|$sKy`@AqtD5n6y3-^$KCbpsiJd&3s`B1j{ zU-fVP(nhdTM|>CQHO78b@F(AIXr4L|<#PR3&%NiL6`6=(RBp_GZ zALst|tDnDRE116>ioxHP)BKIeJ}Jsqb<5+gsTq{tFn_iFg!!xaQvORASA!u(L+jn&$RvJC z^Vfyn*_Y;TbQQvppYkrve?%f2`h59ue*WtEm#1F@e>bH0o0NS(l&|WB`MW{p<-`0n zb69@e8qD|d_^bK4nex{j^K#FCzsKO6zDIuz`>jQv1wWcJGUv`g|AF+yTD-s2C?&ti zbqH_WC?&ro>mmOqG)l>Dyke&ufo{6+Aexefhw@Hg^2p4YKaT7Ka#YX+HyJ|X#a zUT9?EO&gWRUZecg_uE}~Y!v)GQg2ZG+XC}|vDI~q&ij)ckbnH48r9zc=#Q1)e6Vku zd++DW#`qHav0s~;df1qP>SNK(Eg)~rO}t8$=P!fb{#$d?-sSL;C5R9IoGI*&+|t67 z?P+d)qVE;lUjl#87dXT0PWDG`ZDFk4&CQ!q-%H>x`Lek=TE;UXOIw)Ioy}9{ah1UD z{M_6WDN;-XQ zk)P`Rdj1FF{q?`4?EkU|^XIW@)l&VhAbJHx_>OXVBR&UBiD0F_7&A9KUjh3 zIv=j}r0iyC*Rq1^5h^T^_>zt-33U>?Wmn>l5PBVnuXbWZLjV1pV15<}eZ)1~&c;Ub z{IM(a{70Cc_?+K2F7)tvl(j++J0(JhiCg7?o;UjW`;hc+Pkk2=HsqxEYyWc>x|@YZ2!D@fdZEPM zE_V2uzLrzF4Z>gPpHG(fx68UE?N=8IJ?uC_h>Cmn^AG0w`CC!!7uG)ofjnJXDd^Ha zGV_B zS{@5R^a6=L%Tjw6&ZjN(b1q^#>`)X5xzk^jTsC(8HNm}^ZVJoMj_A>h5Gv5!=CAyj4MD&2znWCBWuEJM>@wKGi zk^PbFTiO0Y%V~wkZ|oMPYdKv|OXN4SE~CZAoW7Q;CC?oz>1h77oIcnW%ug$cA9j=- z>h8Gh+`#@H<3<10K>xs=SU0`@Z&qgh>i)l~e|4W^cQV&Uef}M4zw{k{CusSqU6|U% z==hkS|XNy=|zxpA>rGC&Bnn3B7s_my_CM zuhsNJZlU;9jvMwIe+0>I;!aL?hS+zGub*XNkLV}@`YshS^Y;qbpG*1sukO!v!5{ow zb0UBLTav%88&%QE&0S}TpQDre^J%v~7Mqf09Mn1!srbYC_OL|=JK zkgoE3OH0vfvhSOg`+KL0-VnOV#hSkc({bbhLk|S$#X?^fO20(t&)pq-?rNcb9*Un3 z`rc6dZ9)$_DhKMWTC{JBzkQn|^84Idkl76tP401=?^u=0{LQ^z7%NV|ckVNWIM-qZsLBc%6s&$OizBw zdZs|qDS2Gz75TZg(6yiI!t#}}9u@iztvH{mXGaMAamlCBCks97I6~0-8vb>{mwx_^ z7yh1e3dSGDr`PA()iU!}*XOH#_;;<(@6eLp(+aK6Unu-ly7D)?ZeRHuUbk<{`-j)< z7YaSRZeRHxUbnCOliN~`=11MHCVshq_`ByGE@xZ%XKn@9vo+LS82Z1}nZMbRlDcG9 zQqg3k&cCcG-%IY~;P}{+Ux*w@KTI>Uo9CF$t8BzJ6Z-4oeu&=`VV_fkRisG6cp>5=v)_Vkj}(vI>~-5JaKJnqS_8{}`x zER44_s%|#T<95K*%*@|S|3myONe0V9`MV(=ly~*|111W?&@m(5r6H! zX>TOW-$n8>DsJB!&e`kN57R|ItX+=r$KSC2U-s{Cj>xPZbp5*OhibAu#=btde(uw` z%&)|N;QFPpLbs3S^hsRkS{PxzI0w1^TgYVdp{#?lzGc1a2)!)M>BodVS?RAb-4Xlv zBB6h?iRt=%Q7rV8-!fhM(J`T~koBQTpDXmRqw&=pS=%^%{_dCl!_CF$pPipxU!16w znZLR|Tlt%6m;MN@?;Q3$=i8OejvM@iePT3q^tZ*>|^;7vS}*ovfRB)m+ppn zT;$7=?>g>SA(p^G#}9q%-l)b~-8t%HPD1$9d;#tiG4?r|YA(VSRF{>}}J`ze3t3xBnL6On*ZL*opZujbeBbG1G;k@$2jBiXg; zJCBE-<|);G;&}LR&Z7EheUDQw-9BZZV*A7E-GgtR#c4aB7jiHz>+>7Tv-$nBF4do& zzMs0b{7`q>#z}$mpO=gL9-57Edb76ay;u$YE1oA2wAJKEJB-D%(y{Y4Y z%3od2ot(<)TXMsE>2E53RW43DHP~M1I7@hc9JTO>%Dlg(12Y)DWSm#&7;f>d6;*=i zcM^JQ9k=SodaFR_VaF1J)`x2G?h(=t(G|?c5yIb}-bT6Bs*^e&+OEg%uk}}5Iv={G zZ++j*(q6?@aXY5Zzg+6I6B@_*9iP|EK+KEBo0;T-X68mHPO>v_9&cuxCCyA8hCs;f z$a34XKR!8V`hy{QROq!s^btZ2 zk6SrH4?8N?D!(gB7km42PQH)xq4V#JFh7*&t6CPR9GRKFy1o}poOju)I31k_(&x86 z#B}?W;P`Cm8i_C89h$GigF(9XbN8SpTmJig=PX6EnIlSLARzvaze z=)RtszifHF%C*u}FK-fgSGw|jozxFq?`cUo?W7)PeC5kPkwN z3LXveafHxyU3IwMCc!C3-%H)gBU9#Qvfo=F>x1+>vbk+5njHM;`^RB#V6}z)&|>WG z3cS0F{YBR{FoYA|lW_bl13p7|ay0A>uR}Pnyb$Aaus<}{H}J6MIQGZkC#*m?rSII( zz{9XP@OP|YlJFB~-8F@m+=%^VfzilVtN?oXCisB|3-HQaVGmK#z{8W6pC^Ch<^~?7 zfFD@;9Q#Y6 zh!4>EK|2rjVQq$cIQ7UZv|ZU4L&5oez|*iVHn10q)W-9Hx8Qf+FKL1M0bNfR`vvE% z1N}eFyq?ghhq!>QCoDaP^WXu!l&|V`TURn96Mt!cRk{+d^1LSPqnd+$g7SAK)B>#^ zj6E~J!?Tc2V?#ck9pFLN6GonfAGrEyg!cwNHxKX-%>)1X;C#Zw01w?DUrz6;rtIYb z9%wyJVsuqwy*hx=8qd21_9^fazK$V1gqOXJ_`rC`8?8??n+ABe7x#PX6Y;zlFbxwC z)F-x|A7BWloXYVujTiPtwVZ1PhGG19_|P9 zQogGD$<~dNGVyoMIM%DlQ(1m@VIIh@A9Vdnq7~j3u*c&4qNq=;kw4&FtY>kup+E4O zFpt8q9y5;LgxQyapVeT$bNm1gFT!tOeOoEQ2v;s(dz~_b6B77TN>+tEb{muzP?*H~ z<9S7hOL(a^{75e!aS2a8i}dQik1#?VSbZx}L@0T?o3KC4%1s zUC$D03H}1AAM8B5JD`{HRo(GJ6FW2U_pXgBzgAWLu3v-onSTD#cawW2)+Z$jJhZV4u)j`hGu9&j-=m{W@ogN;PPjj^$`HJw)5^!zJm1=Kq=Cr`>i(+4zvS9 zEVKvCyT~t40rE}Z`7hzwz{SsVdWp4oKcH!p(~EDydJdrNB#s|{6MjH1<*T~G644tn z@%MGupVH;jV*Nnl=s706{&g7SEjgu%u@?67uo3cUPo?&xmxtmu=-<5o``xR0dDw~g zPIu^sOL}>D2k~9Rw{Pg>q4)zlY#P$L7U==;AK^!Qdpg2_M)Re9p94S8w63g=7>o3P zlhi*Re&Bt)Kj{N!G@cK<^;h=0V|p16Lt#%m9`$V!@(Xld34X&*_s}(X3dd*PAAj7p zhQmuIB7I=}O&nf28Gb-7<*T};Llco1p9e zZ2Tt7pMdfjgZR_CdD!<6_|XIPYZ}%!0xq?m-5{UHE5Vlafl=H`h?5`T7UB|e&j|8& zf0F%0pLR2ZoE_{p4|Ovhgu%*Jbz6V?{jZt$yZ$dMzt$lhf9=(f^ly6oYteq>_f(vB z`(qamW&y@Q;4i}lDTKwaAGf-oy{_EV!vpAFBoXc$?Bby&UQ<8;Vur3*XU{pGh*P++0e(;x_ZdMIE^(D@|n}s z!zQwSkK+FNxF48J{2zt>-w|Csj75LN9f@}Y zK-Xu*zwcrQdMRJk&E0y_)J*)n5aYjeIh(kBqj6rp{?+!asAf+?`2Kz5uO;;B5j{Pu zxdZ;jXwPf)^e_hPjdL{K2Y!Nu`ky=s`V{dAx;`_Bv*B8W?P z0p;no06+1Yun*zxF_2HhC2U0h(9J=6hTnu;&_~{S0Q@cmwo*9mcX2O4+qZZP#0Ru} zOW-#_+qeAcNS{FRj{KD2H$gAutGcK6Tw6aAe=oR|@33#-d5E{cZom9$`{Z6x%Mi3Z z%D)o7fmC~h-=)A+Xm3a!ow>C<(0X9g5AuIWEe~7J->3G)xeDPxjPwKAHw-d)D1wMk zcmjUHS_&tA&xg(ezSR3K$Nj(-x!=7E`2!x4`wj9+_;xVvABXhjAwA&wiOAms@XM*? zVHy0izg}zs@&arje)h%luEFzwZVA>8W#bSZ&`bHM?$MJz-kpiR*p7&=Y}OA&ql5e% zfcBpDlQ4O;J@iETo@|Z$wy*7BAp8_=!%rx#$o#e2!Vhc*za8+q?1b7Lwn3j;XfNFp zYkSy(a2Mh6Hnlw@5pGXM{l>k7T)cog9{b0%Lpbm>=?gqB(F)H8K0~-O3ibOWOwa&2 z4jk!-HR!PlZ1H(LGx3+~)9Fh7%>4%%NB7IG-#(pe)am$k1~*Er4~lMqe@J?L zh4UKxBhu?D@?XdLh*9bF6$$vQ(dqRS(Kiqu{yJAf9A9Unh{`rr(zZ0cOfa`(V{9KNb5m{Dja&6!nAfBGIQsA_Jzg74b|at!gu$@u#9C~!*WWYQaOZ-$@J z*^-C&6RMcU)`ETp?ngN3ZA^c`nN)FQ+(Q=#uyE#nGqG&qa7_ z5aQd=qwtr&ul;2E>649tU;D{%`19ePg!gxle*QDqw*!9dH@oncB7N;QN1ny=;eSu~ z>%t$U`_WHxsNcL6{pjnZAMI4ex+A0y|3y z^p#KQp0VtnshQ;Wv3^9x%4?s`=)3)7D9fVg376K)bi4D((<71 z8QR}X`FqtV6%4;Z^1;lN3sqP+X0 zzlVF^{b*h~{~F{M*ghO`0DpWg@&oLJpVH628sWf-l^pKG`WnK>>-qV~Yx|;J_GRW} z_^*6dcj1|Z-)8Dxkp7^{ZNqZ?kMs!X62BfHU7~VJdW7KDBcw}IUOhbmzse=)5rSWj zkSk-l=emz3EMCFq72tnnO^a#PPM@W~b+>#z4c;Dj=${W84emz3E#IHw4 zm#CbR9wC%>Dc{xo;L#N?Wa9rx-!cDVuQ2~fk7Uy0_Aq>J0?Pk5eiM}c*6=Qdp!_ev zZ-VmQoDKyHDF2J_o1pwp;x|G09|hwH%Krp@5K{acS;O(^eDzN_14Ov6!`_}?nV{7-!9=YM*B zqyy<^=v8MjzW)K;C)PS2{02yWC!xPx{3a|!gF@dI&IO1M(D#gs`ky}q`~qg7znp~M zOhw)S-QO#Q--MCKa1#32OhY(uKlMMLmt*)%AieFtZ!SbQKziGS-ju9{k1pZ`S^ZS|F!6+_`?sE{{=0+ zsGW)bN1w|nB#&V`ipx6C7G>2_`rrNm&)b{M&*x}AY5YU;Bv0J-4}2FmU-qOMxPSiq-59Ss6GA4J-I?n_4e_h1 z>+^ECx|rPgJU?uQ);A5khxD+B zxWXc#*D96gO8ioxk9jT_-$*|1_>$?)CbrWr6neGoJfCl!%j3pLp^xk!`4_qo{v{t_ zda^RllUqWU$N$MG5sJFcR{rfV|M%zhvOY43@u`GU(VQptiHU;D{6B9CC#d|degnT( z*nZ>9y+W7ux==^nmHe9N)>5{oQ9dt`^`V+hzQk`ScKJ%Tg|6%O)Lttp^fQ+VpT(YL zgwS;#bhYa(5_))@UQFnvx=vyW^Leh&zYx2~STD94Re6x$KRFt%?wh@@57^(nE&P9B zJmkMuP1FBPmIu3QX8!jd#09SWziS=8uPys1Xa2oeml+qelJJp%O95f_vU{0WT6)y&-Kx1 z!S%~|5g6W?v>BO#Lx_t)o*%5l#Bm7=kA5-Nb;bA8x1TCja zuYT$EO#J^8{5NYWnkB-2`;^T5C%X~4{xAQzeE%8$wcS;BW#PS7`}yBm+TWg6LH@t5 zW6l@-ljxqA|FmzipZ~|)DD^kWdd3UHzgw>rImr{cv};%2#&q51BqsE^^CbRP+%C)& z`Xdrw+wnz09~6`L+qhjW5xUwN$NI7Ui3`1}v{RbSHl=^e>1cdyf4^EF=}Y^SE$wXa zqY{4+zt=x&e^sBUyL#%e0sFr1#QvA;OJaA`F}qfAy|(Sl{3p8;KmT=ofcalsf3dd` z>sfm}*LT%FOIva~r|VTz|Gc)I`Kxr*KZ9m+JCPX9{T$oNtua4b#&qX&ruP>5Qdwu~ zROawPq4!$GdNZuAiW-PKoyz6zNc{4g5(!ZLpFj6k8oz9)@u!LY|8Nu9U*GzoM32n; z*Y!oJe-^&X@?e)T-!$F&WvoA4Iqy>WR^^ExUEg;_Q>Mq{oJ~g(8hnS)L+gmXbb@r% z14W{@m2awd*DVdkk4gGvmor`CFB1AIJ%aSbLf`y8)3yFyEA;XleZKO)^V<#f`}zN~ z@V|47EX-%6*B{xvGV@>8A1VL;UGiVv`H)%NM4r#%^-Wrix95l)%6X3}|NAfE__0YG z-xkI!js)XtxpxYkCmEIahg8lb{SiVBpC{=Ey*x+rn<#68hqW{9H%!qx`$$ zJEkXv-bUh==afjmB5~VJ{5e5n5vioM{KkeH}m-0U<{e10@ zaVW-S)<`}>=P3TZSm+P4oLX|jk7D1h>FE2W&aahpRL(znSTAF^6%~i|M#ZP$4m6f z%zvF9RQ~_FqW_cML1rJT3p;o& zU%P*1{_FZ2<$vlNJ;{&C!6q1-ke&&z!%1AnbaxH+LoB&rn|xPl|4`p|&>=5)*#)H_^mcFJ-MIDeX`Iak4gM@gWta@Z!w`4OZ@U2t(RJF zzgar2fuH}2MgOm?2K$2(E2YjiObp1(e?8w&`M+qBY3{dvicEp#p4p^}cClc?oe?*5{VvYI^#-9q+z(sh|InUvx^IWxPfEON}L+Jrdu{;C`kh^kUI_`dsB(`w(5_@_5yg zEBSj)<@}-$y-?DBTk4UyhvO?>CHPN{jytG(*7{xn{o@~hi2YK>?9G$!-yxa#Py4FV zrTRz5ADp4mzm^>Qza4*YfBo0SAMD2b-4`BzaGw3w#ve5P;f_DpOZk2O+4zIXm%5dD z?_Lb~|C4>x#gAkBp=#Q`BoSr)Hx+)WtM(<9DD=a%FCqJ3vhVo+s+~!a?5Xg6=7+4- z=Usf^c-oKk;_>y^ z7R{PW?_phmt!od1XFf()SG2Jv&X_TM226y?y;Se2JF3!;UuByAJ*^iDbZjioL(n`| zU8Jh@CI{s-_XAK@=BlM z`I{@5IQDQM%r3(HBhvG`6Y#-B;Ra(Y1Prfv_C<00CKSWun!@uZ;d#LOGcX@mg!QN6 zay-mJgXF#M6ud7`@(1GM`3CPx$bE$U$*G7B=%svDce?v_i%k5_D&#wKf63RN=KcJC zVgct*`FH6x$PetPVmoVk*o^@L2mZ3XH9g>{;J|$PZJ0o|CL#Psgah&69Pa#7(-4** zJxV*eyQU$mKzy=SxAxcc@FUWr`%4bg^srjO4W37cwUzYtAwA$1%Flwdy~2Y?-+Mmt zTLy&XVINpY`Hy~z=K}{W2T;_}Ng@qcw!FdUcrcODm@^`mut>vMJesQm%f_W`YE@T|Zic-vnJh8pChG zp{mGl2b9r0dPP0;nFW%y0d^`$CLy1rEX;quY-r5fIy20ra{`Re*o4M(VVDc{xYf86eF znfQOs8?1kljO95&k%aOZl$uE63mQP$vH0{it+kRto>IKC&)^PW3;@w|9QS0@WWnPq=6k(gSpTQxd-kdj6vGY7d;p(Ia*KV*chH zhT!#YY}kk5H$l%|%-@1=U?0kh+Jhv16ZBHPt9$OIL47mvKiZ%9?@VF-$9IwbPoIx{ z0}6u5+pL5x0IDEC_w8!NSvJ6f+Q%mDhduy?os4kk)5ub+R|ZDlLy`2W%3nV8H??=_ zf9eAEm%7j&z~|84^gJ8SA~ZmKq4>^ycpgw9`o8FH=sUo&+a$><;KJz(zQwW#5k90O^178-#g~0#Nx? zxBJI-K7Id&*GJI#+1A+f_;W(e(Uw|a)YWsf^CbOEYxz6cZWf&XO4XMceTAY?0;y$VRLg#Jg&+e0|FLd6veMz5GeWCNV^QZPn)fYN%yA;s+Lg#HK z0j)1|-nKiXPpZDqdD|s`))zW&+Xb|K(0SV~p!I>y+D-!1=b?PYLjJEpeqx|ef8U0@ zt z{d-##9-mCS8r**`YmLm~+{*n~E&seHxxDne0Hs?(SNjum_q^-aew@CO!{5c0&@cNz z(h+)r&>xccI=&Yb`iru!y4sVB5PH~tY_iZdFAt8p77Kk_h`vbZ;q$tMoYLR=p4lhg z>Wx2y<=;DBcd}3Z<(yrWdv*2P-NTiCI*T`g^LMqqptE=_oWGlDFYr4b=kIEJL1*#W z1;O)pqd0?C+Y366*Xi0jCI565Z?s$RJYMJI;CZ}7q4RiS-Gk@xmW0mZjegrJCI565 zZ?s47Jl=TE;CZ}>UcvKtOMC0=zA<~GAd=#~SafSYzx-b!`-4~e4CBwIRZO3MF_z_D zd$Q{4`6BsJAm@$|IT1SzEq6=DZ)IFg<$0{kv+FopBe|h+uV6Zs(!Uq_Rvu4QId^5A z-8sZ`mGc!fCH^yPN38O^HI#l#((femr`B(r&T^rz61x}O-zYBh5i(Djl=Qa<-Ij50 z9Vbi*y-4p9_vUXp1?GPrm+{Y!TVxqKyN+pi438@%#%1Pz!@DbcDJlQ|UGwj6$^5v^ zCu;p_Qit=Sd{F-H6T1|Rulz6mgY}f^A4lH1Wr#jj=pX$aj6Y83i?Vs%MbjBC^t_*W zT+bfF^G6eeep~Hed@c7860UCV>ptl2m;cJ5|Ed3<+*-%%A0^|T6EgFkz6ppey)C(>DrFll1}s~p-*Qy zQNAr6E9EHZDBm7aJt_0-D!<7&l7FF3mh^YXe1X-H(=QhKYH?k0f2g}?7|Flma(-?S z`TyYx=>JYRsr{YpN#*b#-(_^E{11@%2$g4fjM*jgdfLyy$d`9*5&2X*a4nZADxcVR zjhYsVqnl5p9$8bE&nln2<+=8iEa%G4HJzA0Zex}Q<>v*%nXdbtI+A{IiIk(v{}u^7 zyg#Gz^X&N?U-jN1iGT9zLHcr`$3pJpvp;C>*FS#~`LA>w-nv4i6#o;G50C$0`!so+ zxlY<;<#VF<~J+Wng8lZ9TPI`^w%zc5|P>yrYeTVF6;%WJjVr{yuM?U=y&mn%g6 zPkS6ZITarja@iMT=6`P)+EDoq%Zc9q-jbj^L?j?=&tnOF%c@{}<#Wwvg)aRKTjJkl zm~SeFBZR(M*2}2{GIMv#7yq;u!nLO&4HC%WE8pBt0-@4dtE^}M$d z&5yXs|26lXyUs8FON9S4{*c^W2j=`D4>As+{Z4h`yEsARf1$1uY0T}EJkD(Rkn^K_ zQ2xKUJxI@$8&+)y(k-D6+bVQ9XDv_YDZ3Zx-)ed3{BpRzR8!g`%}-RHtNQIsUVo(J zctF-ExMKfMB=IXtztsJe^)bXJEr#KJSF@!3Ekk%KI^WUxCFuwjw9S?2ccd=P=^6@$z>Q3bNC3rsJvl!w#nBRF0 zG6Q(yY2z{een0L9XnzIDZvwvwov!BbqzKX@^b~(S(jpv(@v6jWNbg0Y2h5iBdqr#O z7{Zkp0HE<9>jC5+c&ZntM`J#8(RdU8;{U@&b9%`H@(+}Eh0ABhlZmaF%4bi` zx9F25hS07)`>nT{7{c8cpQAS`-HiKzOI~7s(R#!OZc+aW@B`~5z4*ONFdo;$e2w!& z{rnk$`7{4`+rH~iUf8cl<3xX#{AD#YE^r&>&nT>@D&7b9zKGK^)tef^gEw%v-v1ur z`{&=jknuVDw^Kd`ZX#&-&7*=L8Y4!A6SiW;z#6lj6VXO)MNQfzKXF*U~zXmI}iMR z7UQP?jc@Du^2DdlizgjO2%Jz1NLD2 zoWk`Q`!f5B5`7F|y7=wqa6h2q=Ndo1J;!%9_A!L*q59@AH^aZMejEE!ZX#3poV1n8 zCsu{WOP8*%fbzlqxRU0LSAqYvvW-1=poh|rz`t`apM3Q|58da2ALqiq0Dd5PJp8AD z-wOwN=u-#d>pd`EIe(ysvt8&L-0vVRVKXNC{PNrr^V5F+*R6PdEq>`hLl_SJQg|{p z(1VToL4NxR#Euy!PeYy7I< zkC*-&qz{~NQ82x~VM`FoPyTGYKTzHkE}!DjPh{*LoP+rZx{_~lznIQZs)v&hw0v|w z1kGQI%lP@~r}kNYliL^i$M2u>Trhs`NqFD0()xKl+G~G&JBso{d#|*cpAYh9BHa&u zYWN;E=zjp=WDlU>wXO}O|J8<|fBCAQzfmZD{MTUks!)5EK)8SYYgmI|d3nsu@Go3G zpC9FB+#mUBi@(d0GxAcz!?3 zF9JG$nmDzGA?SE`0{0Sh{?sYN{3W3CLGfOA9*~+3LfjaTnm_H`!?-|$wpjmi1m+7* z>ES`=huo794y5LX5N-iFKNRbU^nld-5b_!abbhD^&m!pjkkbeG1NNgl>3LfI2K~8Y zLE5kLsrh&|p}Z?xKJAmAK9WhlHGQ1xkNrK@pL5Qq@!VjVE z>Sdc)va5#$YmvW^RZVn9R}a*`waY` zB9HUYIZ*XbI$A#0JQaN2q1r+Jp5yWTiuOkHySzm(ykckeC+lHe&4_wmHGa}vDi-=DDMi_pY>IrJU>(UX#Xua znClPOA!q8p<-gw^_Dbzj{kO;m?G2&4{#*Vw#0RwhRIn=)A$(C zy!x|90*b{QRdZDDER64K{JJu~nEzakvAb7NvWZ;9<#U8k)ICPVv2`3zZ-_i3i zQ25;UuC@0EM!8wL7|hXY2v&ad-2{W)$tCKCX%}tFhlD z{0(a1yW$j#%fTOkU-yMGYp~xZ{Lz-^=TbQQMJ4Hd`pknT8w-Bj7cK_BbJNKt>q_*C z@SR#leuV2jan3_{9{jpbTq*oTNI$ht+`|aN{Ugv0xjiZy>k;G^@pa!g7k(Rl-6zg^ z6nR5@-6yUDej9$>7tTC}{YH`ge6&l}SmYo6QuxoxK|c}iW8&Cn5b5c@`7!w8@YBBe z#1Hd0;=`}|#Kqt*Li*uL%SGL`bHB)FAMKS7Zgyf^Z)ktS^2&+I%3n@YR{nCLvhtS` zm6gAosH}qWE`OAsQ%3n@YR{nCLvhtS`m6gAosI2sg%MW$m`23Tj{q4_WnLoJuF7)4) zRZZEinE9FYo7%7F{$F}Nm)fJ~bH9Eos4w{I%9shspngF&%)5@wmH09rpqlpSZ-RP6 z#NI>8`6Qt?>nr)Zh4WJ&^kZ$I@8^DxE%dN`)M}wW zEb~Wp1D^Lx2wk0n@?(#B$KTA1FJHJ-aS$4BLSN8eaBJ@jt3DT27*Zm=*UmkCgpB!%{ZbQ3;@ocl}c$3(6 zyt#0G`g;nSKFeLkXuchx95MXfoBZYTwDjK&!agi^H0IL8J}kK?bNz9|K1}u7f6G4X zjN`>_sD!_#qw;=XyRi{M58I7R7JArj?0lhz?Zz$;df0AkiqI2cH|7jsJ0}dEdso%HHL=7EPX}@+r8Bn&&*xuyW!IE8M9E@ zfwo-V^|`SzL3*wP+|rWuR8rz={aM&47+>p8|K7p)j-+$!Jwdw4;d`fZz0&lx{;c_H zFnz5*Lk|S$2}yrlD4*Me{@mTc=avcm^HBV3;rrfDd`swZn>i>y_J~`f;D%Ti0hUAKl+b%je%!f3}a}?+ZOgJx}s`(gN;+GFKK=wr|5SMop{ui8e&};wn|k&6{_<%f{Ws@ZM1=i~o*$mLA#?fAxhHgK z`Fyug^szjjLk-S12-0&U;M&`muHSFU@38$}fy7Ui2IJd8&y)1EUDxtyFZNYR?=SJQ zv^n`g+590sdmO%o)b1ne#9k2eKONFkEmXEp> zUXQKxmrp+_pX}wZ5B$DX>ilu%rp)D|_EB0sTf`no+g*Kb+iUne^jz|Y1kBd(MzHJ*z#dQ7yCUew+dp{r|)e`I$u8)>^Eq+#bsQ=Y-K&{Nc{M7oKK}|`3(4- z>6(6##BVv0)7SFUa;wofnEyo*f0ewidlAnU z{c-l8&FPcgKf~OdxqNj07%iVh?{hj~`^~K{Gu;)w>i5hD>2E4MTk_Ss8NZ*VqxM?2 zhU}WPoMU3QrSWMjm#!N_@pGAM25kuDv$4<{NPk?@v4kFfl;b-GnXk=-{=q^?N9e~1 zy{mj@ByHAz7{2$e=sw|t)He*L1g^q>&zR32_};3G{y{|S*tC59(hv2gb9#Rtcgf+E zPoC;4dA>eww(!Xnx|Yx7Av$`X-ZfCt(fHg8F=qTL!S|~w@$b>+O8IL!uU0)K-?>_z zML%#lNy(3vTT<*hm2OG;T5d{LIo~dJqDs$~_-&*#+$(rt;a&ItLT?mN#k z`i}J57O6jrrGK47{js~I%g4U;@XBY1$c_C3x1;*p#!?RUdZsJ?HiqcRzn<5LT>ioG zs{Cu*MBY!z!IB3oYZas`|0avRw}em1zo$Ns@)7;nLDJbQ?TPBKjzV{&ero=e-!;`v zSl-K)_*RHsDD>3#`)2NMM1`(SMEi5%uHJU}%l`Ifp!DDRQNuN^o>`~sftF@2pLMW< zpiA{zdG@)deJT8q?>;Su-ixIihVyre<)voK{6#_+xmSKabz?9c<##n1Z*V$rdD@cB z0vS(9+{EpS%B3aiik#C~|2PuA^LO%GDgSLkZzSuh^gA~x^z&ck_@)Z;`=HRXDzUt1 zzsCr_tH^pOrDtn-$bFW$%AbZKPN?ZGA3fiT&Tn^auVdyu%KhuuGAA|iyAgCd(Z&Tx$txb zeDtW`Iq>;MH!xU^kU9sx?3my=@JTCp4t%0X@ErJf(+0+W4!ql}f$^UMU(!5y4!qSe zcn-Xq7d!{Pq*d@7c)N82V+q4@#Z5kS#TTA_b6E~X$ohh3w^RFrNnyFH+qrzS9Z;9- z5^7+4$CY?h-(k6NC$l{1{nKQ8MD>Q!S9TD+B;~2%l$;Tyt31qlTk6jRoW7Q`BmF&< zOMSl`=Rr?5sA}9Vx*F5Dt4aPH{!#FM+0|GDUA=u%bRIj}rK`!>ksfy`8q?KG+?@71 z{kobw-#Hrg$z4qy?60c#lRNQ1(0}WFX@BIDu4ea9X}=ZiYPOt__UHHMYDNfSRPWsr zy?PIo&+7a5yDC9FI#?^E-x7Cl`Di~%UD9t^_*47$eKKxl4)OP*mcyZ|Iekay z%Gagym~M6k*F{;O@>G6X+JBew)QQE8Yo*+T-bfz2bZ3x$l+eG^{&=Vzi^)8mBkh&y z)q%3^!I{JQQ}yaGhd6zA7SjtP{pUq*>vu+>&~H2qb~A%v7k*ABlO$9##)aQHx0A^S zlrQQ&Q}33H_6M(xWl2uRKHp?t)c`vrs9se2Dz{w^Ls0uFr#0-20JX0wZIAsR0JX1* zcY(bUp!QWo`LI_4)V|6+9_ayUUuDCViO>%XC)qDWPlNpyp!Qa=j0a-VYdgVg=)#4tvVe;0M(H zsub@|Q2Q&lGu{U{T>C3Sc_EZ@X}PJpu4dNrne0b$p5O%BCOj`d;|TupQ~T_)ds`Sn zat!1I?L zD85s@g@^fDIXsHA2x=eh;5Q)xy-D{M;Wxpc{K#HBhTnv(_du^6!uuh=1ho$@K^Otk zIo>?6>dIMAbo731gBBh>^yyiO^Z&5-9&l0=+x~cg0!to(u*d>USU?aR5tIdmCb|fC zM-)XwXh8%~aS+1_h9Rh^gfW5%T2ut%h>D2e4hV_~M@*Po@70T97*Ve%BLDB{bI$B^ zJNv@_{oeb$`#$!5zT0(9)l^kiovv_BRdp5BXKeA%_xQ@pEnV}+7ne)>82t|UeW9}d z@|JV^NI9fS??qSFz^O^~&3tB?aWcPl>IM5RBkK*)!dLle)Hg!W#TuKnAr3Zv$$S0lRmh}I5(CU`}`8q@CVrOyA+wkO(iBiqr_}_ z6XjVBJNM0?FDNlRPe*xzHcK$my{N=I`2?>oODruh$%{)&<_E~n2&|X9wZx=B|MV*R zyP&h6kGKrK9}M}rt;ARrCI0*9b**7s&@s?m<{~}hCw@EpFDWtCU5)%5RAiEOz<*|m z*&iL2b1>xpPSCS-wk;2xceBN<^|$PI_qD3(FTJI*{@l9?*PoRrTz_tZ!u4kw2FDHm zuj|k4(#qJ8R=N61c5P*%jaudEFLiJ$<1}uStG`q?&`nz9>Mwd|E0b;7Dp!B0Xe*Ow z)+$$j_F=6|3bfW=2DArS>(A-l%0!xjhklFdF9X^Jt@Y;~4*%j-x%x}@fPaftx%x}@ z1btwuyc!ESi-pvFtnaMXo+SN6bRx_3?iH+GqVt)Y_pm=Z#^ZZO&S|P9zt=nUi*#;N zXW?HY^JCMTzgMfNYkx^+IVC38x&D&Qb8^Ppx&D&Qa^jQ_K)$6pwF;#{iF3f(s%4!|43&!#V6Uh{xG%)=})!;=Q(-f z>|FmyXE`}YpVqhg`vE{FPqTCVC7tDDAwBIc=`5!-@}vDDo#o`=d9{C}vz#LE*Y(GA zmQxhzS9Prtj|#azyWr)a`S0KBqTjH;LI3c4qulqctb6(WYaqYVyMEuwkqXUyPwH!~ zcg;uf!@+T$wx8p)zGXkVj$6-ohQnKvSg)&ccl`6rw>Pl8LFH!mgA)E#4zKO%u6HHf zFN5>y@OPlleEHWyV#n8Y0*>&X{F38IOy>D^T=e3&r)@${-R=Eyh!Ye?<_!nl4oD^Ru-;5wJ&P@{j1m) zubIyBrFKV^>#*H1Ed?01J8l<#*zTAWe%S6*$osc;4(!8IEA5Z&s>1cB_D8M1|8D!^DE*GgO{}Mk%Ja+=yP-Xa*X8ySe*Yu* zeKhht7F+lmx^h3P_RVtPPaMzlQsu{l|8*CRNBN_Lf5J@Z=OsUm@CO|ljDL#oyO!|# zYwh6nBQE?i&zF44_gnNm7Vq3GDK5Pi&;DX{e*N7p_Ah%U#>3xgD~Yku{e|mK?O$4d zMKZtDd8sBmwR*6fiHOHeorlXfvsn0JOfbB*lV^tbQ3)TmXKDSZ-OZiAnUtsi%a;Q`vlv)>B0}&(X>9w*GoGr=d>gwynZLqH0O0q^MxP2xx&!zL#20d%l+E49)X8%5!RX zE%$VLDPJi^TN2Ro9#sEUF8nt|udV!;@Q2|Q!f(ehin zfa6hqT*AL2^{RZW@0~I(Q+Z8D_-|_jpKG@8!?z+~=>4!28xJg`e@XA)fbI&`=dYh# z-89eBpOu%hUN$wSiy_c?$D}u~F6n~#X_wshwuwjASX3C@t=aGgvYnWAXLd1!23W^V z=RZ&wy0V?wpQ(NORt*o*=Aa<`>3%_a1@wr1Jads25bqN7C;gblP4}(P_t4$DybI2+ z>|$WX@oD#J%#Op@->v`+=#>=5e7QgM=%v@@x1ZCc{XDQkHDle?#2oSrw;Rr*h2OtJ zj-uT?=pSVqHB;nK&%Y||BBFi z*-QA-)DHfaVEeQO2zr%SrC)BIk#Q4T*v z`0f76eEUi6=Muude_QbV)B4%7p|YOsel1P8gxBX=+UB)c`Sq8tKl5Iy)W2AdasAbl z-|PK!(Z9ID&*{%Z&mwG-)1Un}>0ff|@}=LhC1KU8CALEcw!TuY7Jm=))0KL)>194eTpKI(YU$6ApG}o|we;VRpUowIus=NJ)xN4w`#GRJzfg%jY`0kiJ!dig z^!?Z{5BeFamhrxC?c>zp&=;51GS)v^`$+6U{|SG4cWWO5W@0?s1Ny!#t$mz>{it>u zD79a1?PCr0v%2t)XIlHX3Go^H-fV+EkU@M_TkJ>P*V@OUBQU-K9k0>GN29B%84q-% zP8%QH&O!X`YMFGTjgS7It(J)IBg6+puy2QG`#t0jh|)eDgil1<_-MHv0?;1*J=^%W z9PO*=S!AqF@q9o_=(}CyKlvG+2T0NHk$>|g;s-9lz9Gtg@+itR()*gl2Q(;D zzq^j*`gQK+`lWLwi}UvHpS=zF?F{|!GedpEQU0X=O+Pl&M~@>w!#@L>a1)BwX^!(G z9vbSS!7vGr-=~38C&`Y< zp*}7`|3~beC%U!%gc|?*m$O?^mdPm&t-m%c`_L6+=&|@2}dQ68FOX0;qi{2{%FQ zOD^1mT>ZeE0?58(M_^w#u++y33Dif!B9ksI^-)Ci^Ga=Fmz4TY`%@afC8+%=12;kK zM;_b+wI5~SCaC?$tn7%s01*381a5-bk0MB)p!OpReuNk1qP)+oZIbOuebD(^i35sE zrcJ4jJ0_$48sYtJUFxHdy@{SL(h2bcFAU`8iyu^K2x0rv*s+{m;^0!)H%m?3V>teJ zSA++ux+=sYF85ZomOq!@zxI*&NwXz*f6vCCQLe;#?q6|CfPd+o#z%BjAUIuBtxr1s zdL9=z^1W1*lZw^M_vE}gh^c?glJKsKYw$Yz*R;?&RUIen(*3P6-zbytKb_CxI~|wV z!v9tD6*~VZ7yjr6WLzWTuhGIkR_$mKza#vHx(-0bO{WY0@3N0r$B7e!zpZs}o;p$Z zzpf3Ao2CeV=+@x4N$X9#|8R4q9`ydyy5iaS^}Am5uird|_Of+jb6Ia0|2|W=elJ_k z5o-O0_d9C_ZoEP2QO2`czY~-%=RI2T13gdGK7jRHT91*3IUcJuk1Jym{(*0VFXJaI zpRL=O@BEF!Yxx`;TF+4-@vM<@)^l+a!aw;1iAUCL%oqOlH9>w-_+}CFUCGZ<;TK=W zeCun@k1PC59i$!yGJlou>+O{IPiFl@TKHAnOgF_vbG-KickT23D<<`g(%rZCbxK4-d9i zTEE?N9bJ1aPfH@&ZAp9kDVIYp;h!t}iLDyUFBg7kQp&Sw@VwC9*KP>bV^a85Xg%Ii;ZJ>l!)rad!rvsM=B@AQ4l#`qg8 zA)OhVe|sVKn;OB!P`PRP;qq6FiJrq@kHko6Tv_h?h7{-|Xg#mNI-$&1EX#j?ACUF^(<-Xt zyH1t%(e&oR@2}cN_5IEDN3t$cvoTWi-P*qC`}?*d@-O2Gt@o<-XHFOUV&d7LeRSf5 z+%D+)dsMf7eO)H~w4B2n6aHUkaJ!)2E1#nL*=*O;{hSHmpBCEBxm5U1s=f1D&QD7C zn?w6Ww+LVDqxL_zJU!vRC-zZm1@DL6A^eZT9<0xs6@FDWM?7q~KXc#bO{jjeEBO6g zBkT8)SbySuSIf*(J?o2w>vx`POwszi=t_=9zt=3unDBlXt=}24{zSuT{f-RrizT8T zbzO?=yRn47NXK2m?=1XsS$~pF^LmA-@Yi-?xl+E$!?>;@Z!%7{C45%*Q3=0X_|;zw zw&&2M_*Z?&zboO775=CYA8H=|a%KFf`>0~V@7*q#pV7jv>ZbL-MFM<&z>)9fzrTB= z|9$uv=*y0+o3pPbUMgI_YG2j*)$hVvFY|k&`OxpeYyP!Bj_cHDWZAtfd&5z83<_mx9 zVo6uxPYQoSD4wOle>4=2C;W2Fr@m*mb{61R^B=LBgw7ev1ko85mZnU&4%NKVbzjK^!p%@Z{QD1 zX^MWWbEW+#TNmk1MEM}Egb&X{eB*1G^iRki&G%K2{V?VKf2tqWdewX8=97OdRKKN@Sb^&d;`+T5`%qit*?((1 zf!d!@(?k-C#<1U${AEBBR^t72hTwg^1bf1OTd@C!!bh>UnXs9J=Zu=ho5@&!_nX3} zXVvs^6f$Umj$VxLfWH6srPzZ8==sxL1%3}$SP$j5AMi^7k3msFv~?N$fS)EZokd&( z8~O?IPr{Gz1=6SdL@~A_+yoT@=_g`{n?UEAJI5nF{Fb2afAS*y9vFOdWj{*wS=U#b1BSTYh9 zJ&&`N)9oz$slxaAu{=bDujTB0$aW2#|IL4s%Tw#!mheYQeyo$YzRHCkdq~Q^ChKQL z3%}u4!FZ+!KP*QYdq7zQf*I&IQ^;-%-cdJ*{ul?bFt$wv0y+&-O)A|k9qb2zY*Q3_& z+wxvpCv&}M{T?Ls<&I*$E%AiwF(&-yM4#zOJvzb<*Kb_-OZ0o1qNhp-|Gn>|zC!w| zaQ!AF{KZ3p^{e%m5xuL|f#owL;m<4!+E2F#KP*?T3cpzH5xGB9?foP3>sR-$9)t$S zd#thPdIRe>tdF^Vv25GF^v?F9`mnb1)lj}Cn|_hsFJYUtSFwDmo>}?LLi{4}cw5?S zNA!D|-ySq>!#K{F0z1pmWw~|k)>*LY^e;0H!r$v%!?>W+ps&IYt*!_^72*5A?u2oa zi*Z%-Y}j%7mhnDV(B>T2eU2>4?SoB#j({G640*5{nR7u8EHn4w_f|jHbwFo8FNNSa zpv^Sclm?ZVXL=!i(AIf~e*ofyzKX_aE@;OtGhbtz=EdM2#{drbX?h~)PL=bb&O{?W zI@a2DHveAfhMSQ7T-NVpk18|QVw^?slfPF6TbGod-miWAvMu@b+g9G+3pb-dAArp0 z8nO`paMwwuK zV!}^8!u-U8ysl=n@Ry~S@9xj>IKqGTs9-!(gnyf?AJFHG3;%NsFZr(!zAJY}?jyfA z>FNCXJyh1$Wne$DqD_r+uk;I_7Or2Xlq1sm9i#n%th172%*!%9vA1x)ruBHqMvmWp zi2Et6$H%^9zOHYvB%;ivTn@_DdVEvtK58G-dUPL^{7ZhcUe@dRc4C**@_(+bl)tpM zTAmZJp@bw^?GYD9ewrefNj*w`I$!vkq`z=}W_i9w`1QrkrO%rb zer$t0m&CJF`06jDd9~q`59xe?_ykT@?F&EGsbeT9^#CH#T1e$o@Z*5h-!UQzf_34c^5d@tc=Lh;+ePlotf?+=FJ ziAnfIx*ku`Re2bv>s5sBNcbJ0_@@Zp3-RN^ul}0Um&BuTvObibgoN*`>rN%S%1M#< z>%DZrvX=_Yf9vYOg4MZRUxGp5K!f?T{62$z&KirkJ;vCCiDy7R_XGMRxC!54=?Bqq zxCyGyvoK~OsJ_nH4>SP@xOv#0QL>D&gY@4@~XHwA~o~zzm@?jp`f19Vf8A)dG0~uDY7(>;d%+ zAtnBqrU(z*ApRM|MOY@ZV75d07C_msN zu|s4|Lwvwn(09=9?Zc2?;N|OtE&~m``ylG$Oq6$Rls8b-rS-1&hP7H2)L(Ae&HZlr zG9J&X$NjXR`O>d zEFmuWNyCre3T@yf)PD{3_%_&I0XJdBQ!F3u!3Ya122JC-6x;;Ww_9BiKcM404{kzL zm)5)9C*HZYXQB81rL7!;+m8ENI)Cdx{|kG}*ZmLCl^qR1&)>=%kNpUMp1z&T;s*ArJ62TF_ zN3ZElYEd1~}V4Z~@ zJ_k(41843h-N$GzD>3QoN(}91c8`FbdpY(6F09;_XuH^lxTtbpVg_^y zwC+oE?kX{6af#V>B;=(l-gnS3&>utpPwh);17j?BDeo;3Ag{ZRNv3E{5QTIylE(& z2mKlKQFJ}y1nH4;g7kUIgY#P{fr>r5x(_wkgwzK(hY}Za?;z`pPw)C&?V4fE7zeN7{lLPPR{P_+a>k8%gL96-(9xn^bV{Cid-994`eL}tp{2h zTo06<*W3JOzPoH+8C*XUU((y0kL3>ZzSCvD(%a;JciG+A+vIp~rmgI3H&}j`sB{=ovv1uvEk!k9n()GXxzk#{YVpA-p{vzi*E5+Ebu`rJW#S zT`=CqLUuxO824`x_z`rx7{4Fkft6PvJ?JSD@FTo{28HtDu1EU7%jA#zM4ra)fh_#p zUy+OGlVtsnT~#h^nff3XA~~|E`AH7_CRj0gDwA4(7;nLyios@*>aqZUonLvI`t;P z0_#U}`9$7Aet;7pH{_qqAZ}pULP;M7nOH#SL&5x|_AwoK8NUarx=>91rT0sErP~*h z53--qWr^LC?4%_IwsvNl1kG>CG2gpmxR2Lqeuw-f4;tZP2<=a(jkN+d5BJdvO%1IZ zaPJ!K!J~3E6cYerp;^E(x>0jHSKVwQ!frTgbUIC z=KDW8lIirq;f8RRj29AX5I?Z$uwZ_gUCZ*3*^BZ5))tGrY{Tz??Nt9Luk0;&9^k75 zlD|#EO%(WOGtuaI;fr=Sh?gaDcP})&i6_5FHiF?;Yp!@7=$m{DG=2l?%OR zNA0OqNIv#qe-~X|E7tSTKCTj+Af)n<+n;kmA7cah{nf;bK8B#*UyZ;`(C@D%5SF0d zU-jaB3?Yv8!#fmfTi{2~{XNcY_%1G>`+4GU6ZCtm8T^)T0QwCYe@8Fu<3qpCnm||| zC=$ztz5{U+^!uzy_!IQ|tg-3H8=(7tY{X5-?e{@g7tsAaDYyx`zb6ehVIK5p^c`In zX%Y1MtnT@s0sTH}8fg*q`>av;5p=}LJM{)hK^zPgDgU7V}HNpbDvEI!&8R_jo zTtK5w**~2^{J{Mp{z6td%$VAZn92hFd{ zXw>Ie*v$adZzN8GjR}b0{ib#5?t$1p1=PSgS)vmi;17IrE7Pe?_&xAkEvB6k*uj9~ ze--~O@CROxNqh$(K49n=_D^<(T@Ba^{fr;~;fNnNeS9~Vjd$*xEr_~dH#cX}W^aHFJ`EQLSt zi=>xEUI;%TJk_<=tPJN9!%os1~{ zTfg!Aqn7+o@3gKmVrm(@zW$}>xVd7t6}CBl5s$l-&(deitMh_<9cQixh1YTOg<`MK zcyt`RUDoF~vM;`dBz%&dTep|>2^bdn*Vt{`-st;ib_MAgWaq_tI`yyiCfc_=JM9I% zg8sDrj>bb8-o<*`{NK+%4Dy5aP5lQp4bmOapXK|f?O=XZ9U7!lA^O7SgZ>+@fj%=Y z{}5a`don`;S?}g=q*6saok`GVzr~N4(L3#L(%12ft z#*_Qv`(~x`?azM!pUJD&41 zuczxQ@k~*Bdp5Y9tLa>BSDcQX+!pD+C9 zLj0w|A0p=sSPi)STP6Gov2)sQ@jmag@Y7p@&y^AWBa1j)s}0AqUHIXf=2M^Vv^6h} z&XOs?cYa9y&k~j>qt4M-aG#H5|enl zQtxel4!!j|m3r^k7tl+;TdDW-_-!Edhayo6lm3Z$G$AV zJh@Wu?SamKR=s!pE1cyA`gDwQ+;(V9cj7!h(5eS_K^vSo7`}?69(Rk!vV|QV%$JX= zrTw_=a`cDwRSGco+MnekBEQpn-?#TS`{7U5H~eSMhYFwT)KuaRpX*dC{P1~Fmhktq zl=>5WSycG3`}lown{&I>OZZ1@4TiUcKTg&~={lHl;g7sp^_jfR#u5Ix!q@Qn{`D1o zsq&K&zFH_AZ4XL9@uVgE!kv=OA2{9Z!oN%S8h=*!zl?)kr3v&Zi&~m^MN4xA28!O|v-|7d5P9++<69rv(UI>x9<(h-OQU%a@O}q91?q4aAdeY?jRDa!J=L z+`o|Cj4th8*4N|b(RDzQoLO5x$k%b@HM6j+hS|U(2N1B0Mmf&XdIYfjHcR*s(~zKfYIVY!4r`Pe*#t zf0>~@e9Vksezg^WVHOs?=x6iiE6r9Sy}bF&HyeWV7P0TeI^uZ&YcJxrt|B6I5SgZbQWay8kl*H$nG*T5uC||7R3#g08Qy;U?tvf5IIDbpNLV zH(>|liS~cS;U>`fi}Z+E(B0wrfz?xk^?4aOTGHpMJk`W{F4_;O^x6Gc|7GC}X2OII z5Fhr3s{g>v?4Q`$$PnzqnRZbSga;pBI@JQ@3Cvr;`WXGa%1ijJa-;W826ZdAfA~&m zUz`!#zD$Dty>;IH!vk-_^Wc5XtR3QGFWzsn3-32*!jTv^k$octH^Kaj@`HXm^BBSd zb4fon2IlTm)4y^Z)i@Nr}KZ^ikg&kynOILbc_|I~Yk519K5-rv5^-+ciZ zxQc#%AUflBkQOlHJ>+j3?0DZIJz!=O`9XN|8~lO9Zewitr*`4@z$k>bUq*W77#}l0 zTg_oVcw>l<1^B(cpZLuo#szMn{G+}s5B|VMO}PB+r-v9q0_};`1>GZ5|0u6S3Vy&< z(3etqBp)5(<51}DU96ke-)x4yKVRRn1?>m)XwQ&)n4a* zGt3aWQvZVTNNpVEDq-kONtpAY(& z5kA_H{2{*V*Ta0oy22m*N94U>K4wFoneK`Ac?04D(vSyw_Q>n-2kJuaM|5JxFzok6 zm|u`S>_5)C!+cDFev9hUltOV2G`^RAA8!X+5isz>VEN8YGi?wT;pQJ%UJ@C^4@`$W zhti9GfwX|C>_HatPYBzCRzsg`p?;GuqP&3q_i=je8z>*(73g#Q=jjOh5RgItM6~-3 z{DJBVQ9k3a{&43oAG70JACc!#9zbih35AkF2f?O)==I!;Y zkExJ^*Sx{w&Gb{uPYA#9b<9sJ;rQnZ|JixWcTeH{80&<8?IPiC<8g6X_&wmYDgYt_dycFvnZ&J@Y#OKy)W*wd{KQm;0efwMlY+T#C^8-JZX(G9Zu18Bevi~G5;g1lxvSfd3Lil~xN_fft zQsFP^!u&){K7ZB~{?!vCUCB>c_}4xWjAx_pH{T|F$>$c~_j)K;&Ytl9GG5Z1$@`IZ z3%{zH{w^Z{Zrbz3Bl+?(SL7#l3*_hB2D$yccC*6rqx-j2e!}}XH6Oo7JL7)AdRA#3 zOj~&`5>r_JAg>qB)aU2b^MY00bbq+ln%{Rz5*RJ-QF=JXqw=QvPIdpVE#brakW~)v zmwB+Z4~~SdDeaOumgAoy{P2EMm7nl_)P#f&?>kKjKfHg~6@GaC>MG%f_o=QEet6%k z%FpN0E~%a%BjLmQpSKIYs+;Cl{p&6re^;UXOD*c+`w&A^%Yw0LabfvcB~v?EUo#{gNBT9Dw{xW*QGHKD!k;1Gm5=F*e|5hmm>-qH zga0mk>5o(sdf+F_Pd^&`e%YOW3-Y59e>*S8w}sz#B)``hPfYk1NPaviA4mB5{Tbz} zeE#(b$)|*mOZY2fAD2Gw1;QT_Du)W;&tDac=ThPCSk3&z@Zk5+#QP67tp~l=IC|NM zg~rc=U*V3<-N14~=TNsXb#mipYZv;Yx|m;IG}H%;r)j(!J7cI1TWI%O_ydo>WsDnz zbhH}kqv#G9-_64JHGl(zwq_1BgzB^5KNRCh{FXrTWp@+4uP_GTfekL^V?~%>4Z!zB zfDb@BptB?Jy$qn?vpl{`cOGg8-L_(W631CA_D~>o3uOIr zHj21`*d7k=9R`1(4D&CFJJTEa0d)Obb}YgJ5g9)xe<(MEAJ$>MR=XDVL8H8Z)mU#u z_2C_Z_<*7#IKC*#itqugkHUP*>VonH7QZO@JqY;)s-48)O*x*IAXl%@{qnDCuciJg zyPV}v&+nu4_4c_<%q?<$pJ~N%#M)~H{ zoqn{zAd|mNKi+nb$zP|RE*@m^*Xi5c2ATYI`sr4K0_XiD%^;J%PCr^QC~*E?YQI5& z^Zydx4h)?C7yEgj$zP}M9yrM4uhY+T8f5a<>1Tf&X!6(TN1G2a;dS~@TlkmWr+gCW zkw5+!Dc`qfH4g9d6OGNR$62oIHY`8dFX(+%4~{P@@ov+8Dzv{ka<#Od{dnAh=E=W? zNPDYxmd?WOE__{=ZVNxI`*;uJ`CUx-#Sd`&`W+NU_+dM9T=>)WNcdemo=FJ*dg{zN`{{czl%-{xEqiooA(me_IWX$CLbIgx~fi<~xUR zx$O|Xdr6RQr2Kd6l;^6$;fsZT#aIbHmHAQO+cK_pgx^c}XLOYCG9R>sukXFy%`X){ z6zad|`+)u>-vy-a+*o<*GiiNy8ukPC)RsQFM$q5DevlamI~p)i=-7~!hOiC#AEzt& zqtPvWe0n>=cf@+iu`PYj!gKn4WN=F#?a@$@K0R^_Xy9O><8Tv-IsD_l!&$T(S0`4(UAxbJhcp^u|NDzfIr~6 z=nrc^|2V3pk2+XS<(&%sAfAulKws)0ybCuW4mu4wJ_c@J75Za(-uNKUK%F{Fr||rQ zcA)KI=+BUM!Xd|Vf1>U5XYf}y-SfXANc2{86jVQ^X-gl+^yl#ANYKFfvfk5ej{E_S zu4eyCchn#7IcR!bii@syTX6b`hIl@pstYOlm)=iabKuZI^0i+h?#b*?GCsmSAq#&H z8~@t91ml%5=<6Qp?_>6G^tagGngLBHtB>;U4}I6e{e3Kf{?Qr;{T67#J6$o}=mYtB zq`wb3cg5+A@fK);uK$gs`WwRKm%$(MmV}$&LOzK$kD}m!gU&{JpyO~89uj{KZi22K zj;-l$2oo_Lqws0C2@#RU=wrwa(23*?{w~~vhoM#^I`TNe0=f0Ya3_GM{5}ge!9#e` zhdNK7d;mJ{&+Uu#>~It4+!yaC_^*XOFac^#qBC$4=o}a-Py0!fAE4`%Q*aZ?4?=!= zL7vwkePC1>!uLn~a1(UBa{MWj2cYYfJ-7+FUOBcN@S6ek~{%3AQ{>cK=3(aKm=^qkQAo zlT0A{9Ic0qBP`*N`rN*yena{|RhP<@-rw4L;a>{LSGP4BgVnBb|GQX84Bbj?T z8iMX`_uwWRIuZH9{45JMp%v2;wK`{&x#*g6@Bh!cEZq?>5{7-Txkg zo1pvO9k>a)|2^9Q&jZkWlb$CIKf+cQG%D3Q9M1#1O!l34ZIkNR(FfUM>3f0JVaN~g z@m$DTBkXtYhV+2d=OR4(&7qWb;r;Q{PsREnJn(A|E}vxoj)rj5YOeoiM?4=u`{(`g z8Hn&eq5boe-`KJ62j(2f`E`e(yn(uCPbh!U!H5s&Q^NU69fRiqs=8FJ^!{=4-SrE} z*PD-U3|YBzo@;U=hds)TF4XTt4c4uHArWXCH13wMJJ|{wJ^Q_>RcN1 zKN0O&e)u_P&+_Rrjt$Z+o($4|M>CQiej3`Fe0s}4LApyKNI!!9CO`b~kpFx-{C)1- z)ZSpcWYuozW5}Ff`0jlmUngUJ4}Zd_N5H!Y*PF;*O0lieN^uB4+-mePD*O-g>7j_$-_t5zrZB5NTv|q6m9SlL+r^MYI z3_;tE#2V0mwih1U1Z^Me$2u5-wg-_1I$%F#2UBz~Kfn9e4%koD!Q2)Lme=^RP#>_* zYI(eTWsqKfG>1<<-oX&wSrIJ1dUe@9{$Z&hl+?ic`ZfCJ=R5c~wq7v4=x-c8wX@U^ zPTR<|`$efC)ItA2_3h$W2p5b-`QiPK-_yazWgkPnaK1+TUeLe-&>qn%K?8n!GqjG0 z-v=6~yBYO&Y#ozY)xk##&@O0iHOddDHki}b=l=rolNgKs6Lmo-*j`PCef|-YFL3s! zkjL|C8#{&a2WEoyKs%3i@ImdD-3(IlAnFR(_af&%@(_Lx)ZfDSk30+-&`ae??>C?F z%}s^m%lnRh;gz$#X$9hI3zqi0KThW7qd6sE>Rn8m_$m8sGea09`%$ens6Sw;(2)}C z;UskD{Kj`TGXxvSa!K<4cMjzFl-m!_2k4a&2eRv5-8RlUDPOUFVM}_~f>?2FG39idtD)ws4k1gSszRU5beQc2M zZ`&;V)*Mev_!Vz4-?o@f%^6+e8u0UKJdV#bX73UXZ^=5^DZ-zU5&pTXmx>F&Vh!`1 z^O#>D{D*aYv&54S{ud#;<$U4q*Ol|5`nII->qtH|Kd$gc3<>66(CC-b?c2%t}|Hf(!#HKlhoUdte@Q?{D|l)J>f%L z<6j?TIUe^E9;ed0ny&D<-A2mYx}3vXvc9@V_>H$oe&l@dV&SXZSHF{N3E#O@;_1uZ ztL!EG>2o;$={~%!#TLGvr*1N`e@ggIUdiDt`TlB5_*vPPsqeuQ;SZ|K>mgJgz))--qhIVsoG`0aX8$hMS=J zujpLpiU8Grxo{KcJU(9^^m{+!0ICm*%!9rOP<>beZi4E=vTzerALd*MeG;JhungP; z)rZ+vLAL{_J}d<{LG@wQ)%^`2(%JaqOhsEJ0s6Nbtn-G=X$F4zn z0ICm5!%a|qSoB(i1ympA!c9&J}d<{LG@wQB0N8!`mhw-1l5Pxi{S=TAC`if;MGQXL4OxR-4Uv~io`?jr+=|} zNFn)qv7#D>oXz9^<*TZjcGzLB?b4*4(to$ z%Ta!L`FnC)FnrHY{2Sq)zn=EEkpFAq@AdBjy=WIRIplvP(#y|J&(QP7L;k)U7WzQ_ zP1`4sey2+M^E;6Lyz>0)IFxtZ`t*-5zoqXd>F<*mz^I$GZ%ZhA{1Fu8(Ya7elD(vPG;q%l-3-N4}Ile(Ngs$pPqJ6Fr)kMYVX{h1ZAM zL5!aLOYe)WuHn;`^eZpFChhfyJdTp!=GO7tE+@X@bz~~X=gId4lyAuoCd+y~uRf1| zqQW11oWye}_q)A>f12>MKZpr`z1a5>b%Nt4(=Hf~BjK9~U*pknQSvhG&k}1m-Gqei zS|=D!Quwy;HJ(+%zeM_DjVC4iQ4@mkq=i3C_!`f4;qQ2y^P}SoPx#ZN-_>%<3jf#k z!T5Fj5s~k7X#5e8i*~Z^&y#Y)bi}`&(ELmJTf%=y_!>_y;Y;$lo2IMx%lA!~n=gOo z$@)Orf0e*T)dsyN;~m+DrE;hDL6|4grSi9B6^GYyVP9h=&SSov<@Pip9y@h?S7>}U z#>n_Z)-`pO@MnhjQQ@cVH zh5ywf%vU?UBm8Pfd0tunSt0x%C0#9tgz(=HzB4}feetF8-YS2ogx@IpitTYcE^~#S zdOG;LD&Kkzo~E0U@ExlKNuiU{yd8UJB@SbI}1*Z=DJFmGGAA^7$LwD(>GXy9NJpj!|6 zp!3UpkiDJGOG_Xu;edwdA9ukX>cSsb+KK%$@FU#&7Psf=%gPNw*ONK#mScYeevkf! z`rr6F#2QEmvje$1LzZV0+wEHFe-t?x zZs5vk+~0Ud;Q4?L4q!TYD%NKKx_&IS9lr;vT0iE_LHfW*(ci>IBRsHjKBpI*Uv3Cb zrI}9Mg7N{@h`)C;(g$>XS#%-71F=0EKE4>w59s1>XEbg|-qsH1SG6;@$au-RwVfdxatZrW z7`l33JjgEop9qb|dWXU%L;g2QdK$-;(qR0LhWz`C5Bj_Hg6Yr1_)p`a`^L+ePTbJW z5Jq0Xw7IFBA$)mfFnnYg)3KY|8N$aSn6|FN^8=pvYZ~7OomhhS0sCjXpQvB;|LGjA zZ>3`)|JvsU{mTyx((UF1<9q$xApMu8nT{@QX9yEuf1|YAx$Q9jYiE96F7z#+f%c7q z<@M&X?63Lz=jb49erGy*72*fZdV%TWe8>l&S6Kdzt-bK;Lh`qMKbAjdGV2ZK{I?F6 zfuI@lFP;CUao!q1=f7qq2D*UGf3uhLF$A6eCg3LM{MUnmV+I zo(~s=A3^8CncHzb8ldyxIN~DceAq+Y2s$4&7b7h|=fkOsaNZoC^I;Eh5p+JBL|B5( zhf{D9bUqxZfFGdqVH6g1f36O;3nvNIF7gpIv>u$P0;yp zoXQ5!`LMa;C_~Wsa0+n|bUtjuP0;yp1Yrp}AGY8o=zKT|Hz7A4M%kx;+muSc2Avi?D>rWsrZwZzC*0>nDY<1g#$zZo)Pc6y-09umr6y`)vFk zp!#wh_`^-Wk*vlUP{UYwR>CKZ(0+lo;r2o6H$Z0)H{sZM!S-cPlVE$a6Z2DTi|GDq zh@J}jP`-ZP^mBsY!{-?`-^k%($Sa{e>^1cJ)Qfn2;4e>c`tjFMcfbSapUFS^3Z4%b z_LKO(0e_$``e*XDw%~bzzXMxQbrxfSm-P}LQd&+%4+g8REa z7$E)kdE9^h0EKLaJo~M$@5B18*fQG(wRh=puor_S(EIH=HI230_Hn~R$kTMJZ+y}A z@f!4+^gW5_owkod>M-qrCcGv3fo!&)AzXy|pn6KaVjF^e80PmlXW97*=W7B7eaht* z*@^cPXg5DtU(sg4`X~D=m2YOD?PI}-Ok0bPU!dr24sTUE+7RwJoN4=8v=_kdLMNN` zGlcDuesV4H2PA&u^qqAm58#w*`1h&1Z9|B_{zcD|S^*kJN_hKvJR5M#CZ@OtF0od!EzJo@E=tLy~^Hb3d$K>gS*PoW2t4 znRb8%Tv|dup&gs*+DnJoG;L%?ZW%^Xu_4zozpCyai3nq~5F-NXt0{&E@xc zr*jGD>Q$XRbpNj->%*CA%==&Syv#j;=easg*!h*r<7Az)B|qp=Q|7bs9k{6Q-+zqx zYCpqk;9vK44Dyc>er-wDn#}WPTlj|*ad@XL>ziW2f8cq}kM0}AFv`CU4cQUn!oMUT z;X~)B_0|2VvX2t4i+_E-gVWXheXj6-dnL%fOZZK$mwX<|cAizj-zw)jX*r~Xf9czj zADI_FF8s5;3G$(y^sj6?Nw*%)W7i4amUDevIX5UR{Ldbh@cVJOZ4v%V)yD}xBmDPk zN%$jp{=QxKRo#*ykK#|ii;#S#?&kdK`Sq!95wNteS@<~fofzj|Dm(h%YVpoy~ujZa^cqzIXA+O3IE~uIlRh`%6amkAb+fc?SkGFAnEzc>! z|6S~R%8v`bmDroja-Nq|2>%FqUh`CNzsaj>L_Q@y^Cf&$w_@?o`?ky5KTq;G#pQgO zyV?Fs_QAy3Cgz72pD$oeVEL40(&(M~eG7lK#QV4eW|J=NaY>HXXxp6P(#En6_V&ta& zxp@@X6kX6dk0P65^yZ*lF%4SB#bi^A-4e7bdZ2Y4MK;Cwl8{|-Y0$2i1g+z0vME}( z2JMO|&^nJIo1%SN(5{#Pt@9|dDLS_Y?TT5@I*;=0igyIYvE@O#q6c~&UI39Gp2cw@h+-XZI3Hm+D#D(<@f!4RWmshSQJ{JQ@cXlQH z>iaz2wwBg6gy)Zz@%&tTpAzW#9Mjobkw4%U2_IjE^ng{}*gv)w`33Ij%QTJY=?b4; z*7+W!e`cjVa>CVkKFsfvH{<(~K)NpfK6wRbz{NCzW8(j>fp)MTBZX%poMyAXbvN=4 zG(Csov+e~A%zd82YaD3|OlUrrxDw?9>;|oVbib`WmsesQ{DIY*I6m90Z+yu7Cw(3A z3XC}g^)VIm*Q<~oFyem6{~gFbuwW3=v4tofVCF)m;|PR0tiv9=``HG?e5Yn}hfPy;Lss9*MqxVIldPcS$w>C)RKu;emc7h`b0q6 z!8qa~Xge4~UI^Mxn*?+jK&~CU0_g+V4w~fc z4n`0cLEFIy!VlAWO~|!_2pa>m9gLwY31NNK4<5^()dcwi zRR5Ve5Z?;{8hy(C?z5;nKrfX`y+71&*VIDt`QB^%3;QauPhy-|ia#AU)<3J7vBpEc zH3j_`uoC+b(nGMH?kw~(!2aW*@0f}Ab1K?-pdsi4=oH+99?(a*zwZxSBKk#O3)*Yz zSLoy5Cftbd&Tr7KorB*4v_8f`_$1tfUF9h6U-rj$@6k^IYc9d>5k3w#VI|`Cuz%5m zn=oM(e%}Q8uxaQw0e}BqHP{2-CafiYq#r#G{S@%sTI3J$xo{I`f1ii&kvRHEU?al2 z2%mtPuovMygwMiF_!I@@G=_b2I{I;7+%Whfd;h#zaoI5fU{c36=95nU?nA5?$ZZ=-Iy ze>#xq$i>JXFrWdKSL#vZ4_Jl%JaJ7;6I+Gn2YzW$&8N+3m;g=!7`04!K z{Pgj3{*|uA_mte*toVL%zW(zuS>N_^|7s=;CHl>(|D3?>sLrqSuItBR7@yL$>;svn ze-fM@)!)T@_haVk`{7)|`Uk5mud~Lh?Qetp zIl^Ce3-hg0IG^){Kk7~4zs~td3V(p4tLxU63O}`)^OJa%^-iwvdt^l(I&wU#gs*a; z_tlU5G@?-Zc}sPQ@4%NdLm` zi+yxkLwE=8KfRaEu(pO!jt3^%9twZpS)K0;Mtnf*R}SxXZ)*r6M@oDh5FXgOg6T+Y zqz5cKp5u$wY>WNwZOxB|F`a7D)(~!;R?RqAAC(!?*2gPN*+0`9G_e0vjxSahX#=xl zeii@KGK4yJvwylNo()(c{?=X#{j_BsLj3eR@iW^RLURcpI~nl-tGcs)!m|uv?*UA^ zC*b*jM(2tDsJ7Veg)-P9>Gei>z{BWpDE@RK(7?Qr9Nuf#7T+~*YsMbVbfz7i2YA03 z)3H`aAF$8i-=`X*Jb;5XFrC>C;en?meg|biI8yvQgZP2>nsa=V2f8{BKz(DrXHP=h zz_OFjp2skrf}3#CYS0tVKTbq^z_p-hJQACL`~aIqgGPPW4t@_bNOFFh0SFINb*bFy z{o?9vhZU0FL7l4kQP|sAe&<0?-w7w^Mm_IMf#G;{;4y%E;?U;pLXBA zpD_M(hF8*!XY%u?|9#tnzxT(NdEx0?SZh*c{5N2Hm>>U>7$2rvRQjKK8!~!QW&bv` z0pu6wFKBwVV7!-~-^~b~$cul%<-z5TZ#sLanJ>rmgL z^3q2IkbXe(V~q&@{xOU{^W*zzVvx2E3esO7{rvpjgz-^+{PcY?8gFTOdOp0;#ogfF zw9Jo6p(^=JjIV15D!)m%2`axX+ys^16x;-r-!$9=mER291eIS8Zi32h z7H)#dZ_KG{2r9o0+ys^14BP~jU;FgBhM@B6!c9>5O~Fl2`Ax%3Q2EWkO;Gvu;3la2 zX5l8N{F(`M4MF8M3O7N=>v6aVD!&Q12`axyxCtu1F5Co_-xS;gmESbn1eM0hQk<(k7_<+C}gORDRP)o1pUR!H=Nw>-|*Q z5LAAhJ=miUsQhMruWbk_zwz2QLjX|u^$!li;bAJj3B*NE`Ax!)pz<55TLdgwXS0bD!=JwXwQK^ zHi$TO@jawYy9!teLbAm2#+gugdYEd22ICM@CC z9>e+9eS*D&uiu+cy;)571K$po=V;-FzXuT){w7^-xgVF$eBoav>pV4nSNJuziyl(S zVU_U5kCSqic+$fEtghr|FYD8`3tx)KM1!rz6kHJm-5m5!n%&No6Y&r@Xtv2W-1r5FE%awIukg4OZZ!aAO7w{M)=ojK4Q2A=Tgu~lAdHqsG!XGMp>vW#C>=u4z8;93(tyC^LNPd)G zPvoP;9l`u)yO)-82vpvSCH#r9K3nZK+8-P$_Kfr^od3=e{ywpPC_gIvMRKlyt{YZ4 zmB%nD|N7qSeQr#LeEEGu+TTsPs~LN86EkuyuaC7ZFD$79i?W;VB5YOje3|K+9pz9_$!@PEEj-lGlt z9JcWP;mG&pgkpD*T$Wf_zu_SIrAP*DB#3cwsPn zO8CDV9OSPP{*GOoA5Awcd@B_H7U9=e&f(o}S>7|k*ISV|^gia{`&Sm4zrFej2XrT} z{o<{f#&kCAbM}kxG2W%~qjh{AfxW`bI}e7|&!`{W-+=uhpT1*gkUsg=AU*ueAWiFA z@_)Y-_KSS_vru|9@qqdM6?o0^X9wQ!NdB~{P>DvOnYVU12({3Nzao!7U6-1 zn?>2FK10QkNJM3?37fPQuM?#FhvU3fAhIV|Kk*OwdAw`k z58RpN__PjtiG4Q`$8Ujg^HE;NPxQhLK6b4T`|d?Je;1eve|kQ%sMNA0Ro3^Kb424P3pEX=f_R3%Cvblz)Bxdq7kEm9Bm*Xgt5Y67d5U zoXh!F|0_UKeJGs{+3&hxeGmC%e`#+BSH6Js^4|CANq)ZgDIE-Rwo10XIR{Q>Ni2=z7X5;wI>NN&`QFuBVK^P0;m}7Tg3~PZ@=q zpzA4ZxCy$RGK#nfx}MU8o1p6{V{j96J*5LTLDy5p;U?&M$^_g5T~FzvtO>fF(nH#W zU9(Z&SWoGpZV1#L(0a-k{0O?9(t(?x>nY=K6LdXg5@`{1J*5jbq0~kDi}jQ#xCzu> z(0a-=+yq@unSq0JV=q;3lYj#3DaH?ITgR32Gm)$qlG|BnCG@?IRA{1htRE z;U=hkF9A0}^~*`P3IAFB@Bh-S-y!K1@Y*Rwz4*EA4-U z3efl~(yyTIE}5m2ah0zLi$_R$Ap-X_arKRlb#0`BqxxTWOVVrB%L_ zR{2(13efl~(yyTIE}5m2ah0zLi$_R$Ap-X_arKRlb#0`BqxxTj~ER@?Cev zyT=!5zh{5P?YBw(Dc@A*f68~T{q1B2$H)I$+wUcPKl*zi`MzD`+x=6%{U+^C`Tp0G z?`d=I?pa8_dwjs{w|)Je?f0MU_r87q-uk-#t?l=(ZSTCTkbFNO?YH-*eE->gqXhm{ z<$LI)SH=~R?-9~|CvNz&{r9k~ZKSD?Gg z{vOK|I4EGt{p;(s_WR7qY)S zP4T|bz77A+_yyPoHO`~G41O!h8v#A;cQBdZPx%NRkE}OWH9&aOpAKIS?}Jo*X#TFN z3K-sizxby*Fg>kb7UBPa_M~+Rmq+;P@P0E_KWsV6uVrk_cm^zwO_G8IUzi@+fAX;G zpE~gX-d9~$=Jftm*JVGbB8D{T{i~ahA9dBci|>D;=Uc89xhvlV#~9qWtcmQ?k^P(~ zMsV%^P~<1M&jPRSg3B8(`&Dk|Ia+9T!L_g|_a!+Zw?tn0Aj4ZT8NRc~U)Ja8-9tHU ze{l6lOS;Q=9%et0U$vU$vRdXC49r? zl>2gyXl;>?mj5HD|9_g^Z?$(D!@IISHX-5LHeR>`-s20A%lWvoMc!TN!Fz-IlXU-hUFywviTkBo3BRR|O66 z8Ig}YEON2GL*#pOJ|#ccZV_C1f1i7pxIjE zROGs<4%rTK`s3bo$p8v?^E!aPBc6>1H^_$J}J(d4tRVioO@}-nd{3w|wa1sMA zxacURx@(_ux#hB9~SFU&B*n`Z1A~$Sf)FCn;bvP=@$0G4Cr(Hux!_`AC|r> z?1!0%pX-M?J;Q#Ooe2A336v+-4@)Bdxqg@dKPcA^Gj9z0VaY4QewYXQxqes%`dmLO z-Y4vb`6I)An2Y+!^|P|zbNwt2`OWpSi~-e*TtCYjjP%e@a{a3Rj-O?Wt!Dh+_Opsg zyVN*-?#|tRx4!ti69f9oIIgz@pAV64*U|rP_kiq|)BaqdUfADzDWabZeeV83{3|fS zJ?}4n^L6mK=K=bW_?Ke8olZ+(i9%ui=F7wU%m{z+y0E@dqwx6~=V4nwuKh*W&zH+j zjGTY4{EM*Ojf5XjJgnaq;eU$oH)B6mZhCJ;%ICvh&($A{@cAXe`Vtsta>KWQgPq$> zPaF-Ge@DY`_zSTmF*p7|ECqAxBr;KV@7WO$&QE_|0nxTrg6;3?LYRTF(bGCWR}K^-2Rh(IfnCa z{;FRm9W!$KkN0}a$n8JLH)2L^|8bv>8M*z(7#}lo`%h*@%*gFO)-5rd?eSN7sV8Gb zZvQbB#*Ba0e~cB#e@_2Nw1^qG{m1AOGjjV+rb*1m?LXdCG2`F$AM=Kok=uV_pT>;b z{^NWYGjjWnos1c|{l`zmjDOdEEc`RM-2M}r8#8kIPqu!{_;>xsy(VVl_8-?qedM(7 z%oQ;sxBnRPV#dGgKW;_zl|86Xk_I+Y0#y?ef8+ ze&g{<0VVUvC-YICpgAtei~Hdqqme(5_WR<k8i1n|36gG=y*MO`#?oQ(S2?I8lTjh(o6K#?uv#Y6V8&7 zXVCr>^_KbDKL_?f_!QvuT%^L`)&zW_D)I;V^=|V1MFv|xTf|4uz8YiN`@?cbe&F09UrOsvTd=++t*F6Z-0v=UzT6W$s9_7VkFI!r+Y4bqzpR2D_an0fdXPTf z(^{2pC@O&VqvD&1{DAa%oJsJC^m&{Mg8GlYi1a}lXCr-eKbE6B zplk8{LazT-4&M`~`i{Sa@Sv{Gu)WxOQC`q^IbY7opguvLN_vSD?1AonD(wH+Cm7#3 zg8Ko%^$qHQ_MIEQ z7``7ctKt7&jYN8&+l2RL<9>qPPSTz?AMFM7ihOTi%)`9~Z3M5%A6pm?==(iVzhxR2 zDbNxON$Nb&#C<3)sNgruf96rNH&B5k44-@$`2*GJLq5F#`3LC>W`axOfi}zT{=4T3 zH%~@-9m*L$%;NI`>oxW>ycP*AjX$8@*Tu_|ej;yl55wD$=Wp%rkmnToyJHEzNaXIS z@c*~j1ApI}jqz?czUla(h;dUBv`1_z^}(mJMT~{&e7?IdpNuGKBt9!*ta};H-YXTs z|E4R7^NukNW4=}T*!37mb`&vwMtJ80#(VJD-9?N^m^!VK*spy9zTw$b#HfY>sqx+e z?|)syxEkY!ik}#T^blX2cdq6y<3`vYSHviJ8S;boAuf1lWD%n<#*g6r%jlv;>Wres zaoAV(T<~dp{B{cSwRNXPpUs;lK5r_AICMXO+GOe z;lC(i^n>2*i9vT9?Eg~4sM!sA?C;Nj&mg{j?vNOd_(=Q|-Y=>AWWZYmik^NBk(hw^ z1&bOxU|;1g1K#?kh%rH>5BsT!C=bei?R4tRNvPkws2|Kv>VCN3trA5I`$FpDH=(`| zU(Z(=@R{Mb4_NQ|s{SSy#Tm;*g7bk@d}9jY7B6ayfL@g+1wM}Qs3VwM>Vp& zY#ByA3qJLG5o5dX-Yuwq@SA#4pPC9E3FXBR=7tY@)->b~^;TEMgpM!2YbpjO16) z%Z0lcTpG`Px#-}(o4;1ofd7Kan#A`V&rT{}G|74YxxXgzgY#4UyUGS+{EYT{HO^D@ z$_BIx=S!;bCUsBQfR^Ca&bS+|dUz81~ z>LkvzXbL{@2mVE zyzvau2OUIy(Xb60|MNvrC-`%!Jc&nbt;6Y=-d*IVg!aiua;t@Wz807=)L;B7= z@IRj@8_>_-)p@na`DFttkM?g4!TIQSmJO&g{4e_ggvWy)MRj(NH*vodb+{4p8}tr- zD=Hbsc-Q<4B=S!+SjG^un%~U+WMc-h)5AOFN@E|pxsrIV! zs4lZH(~CU^d!X9FXYgB5T=+B&23OQv>z6?fx@7!c{ZZL_81H9u&l3k1T)JOsd}q!0 znSa+mFYL_l)+cg4>?Xr#YQVP=J88@>UQvu?R`GyN`Ui(_dTGh1KGc_ z1&bSs)c4eWU(9<&!GpTBfc;ZwFURnG4rn{ZcXj@HGKTZsK|bF92mFQLL313$Z-o0< z1m~fHzD0Zoe7q0NUkCl!oqVDn$_LW^ZL9>sgH|KH@=wwoP(F}4uihw)`YD6@0WH{$ z_+>Dbmq&R(Pl5NrJC%wD^c&K1yWs4vbC4gw0~{mw<7Idd-$!${0-w7&dc`(qy9l<8lbcBxGfMK)C{~2-fV;Nf^LC5RsZoT z5Fb^%MXLUte%H^zoEWCebHZY^&g_YD!qxes_0)` zDclBiO%|N<$@CMs?~k96{S_Uyp#CxL>G#LRdit-`7~RmQ-yiowe^uA9E`q`7RxPDBthO zaAnjw#Qd8g$889%gBdATA%-6z^60rWlSRI81;cyS^PCDt3+7ZCgr+Zj)Y$+a$TRZMb6Uw^IzR>G%o&a`~1I~f7SX^ zUA~m_2e^98jC!Z%-`w?~S|jGJ57inmcYUbVh`H-SwMNWcAF4HC?)p%z5p&mvYK@q? zK2&SO-1VVaBj&CT)fzE(eW=!me+)!f;P3cY8!F0OFPc~*=B^jjnlX31sMd_{sJf8# zqFOWNt{2ssF?YSF){MF9MYU!Otrx-Pt{2ssF?YSF){OeSwOTJK%3Uw2HDm62QLPzs z*NbY+n7dw7YsTF5qFOVC){Ee+ob{qwGphe5qt}aS&6vAhRBOiE^`crc=B^jjnlX31 zsMd_R>qWI@)cX~^KjCwMZr{QC`z`sx@Zr`clo8@p^_~4#x9>?Rdrx%3W_NeeQZw@dZm@{=|A&{Z?0F@OBR07yTty zzpznwzAoE==`r@HQC4$SW{=E~7G z44pD`NVky_hK?IJYJ4lRC$W+I{Hw@dJks zh4C>H#*7;}Y}C-f6Y@ovYq+^Nt&aI0*b5RzM$Bog%^)c>Kpw3|509B_>) zWb=Q@*nd*eocQLndgjn^`@KD^; zjw448=`eZ1(9z>Zjv3u#8l|Ll%&`1)q${Q*hyGQZsJ)3d4jMWx z98+7Y$D4lB$Z{xtP|#<{56>HW=)yr-!Z%?KF?R`KO^$<#V_}} zvEDF^2G=n0v-P=$zQ~)FV!C>N@G+6!-YmRdS^M8<*)M6!ebN4RqXkkAk{|77I}+Zl z!}d@|{89T>Nmt}eM4poHdOxQ2r{{?u@1Nj(>?h$5=<xtZ$SM9Z|_5BWvZ)Qm>V#byV=qvCx z_D?w7O9iCX|NdDxfAZE+0cG$!-o^7y_n}e&osDtIL41E^sesgeD`hWr4Z?%ed2{v= ze2+H>dXPF#&dK8W@vu?>>Hlw?dI{k{di`$R2R%ry-xK$gG89cldTt)}SB)$ckUBrk z{1xw$?NR}qE$?^JJxdviOyNEJR&-Bu=GQ~{6zTPMWKI#{w&O251{Q<}uX#EV-XFlFX^+EYTDZC%{@P5mKPSHZ} zKEk{G5Fcb;H^1$zjRrtfL6ht9mD&% zt5AN>;-Sb-uOdcl7Rm>L8)jJZ@V@U#lm|3gl^5&d6zWP*$ySJu_w6pyQgolvBY&~F zr32E>Crq>_MV8c$C3FK7jL5Buv9&!etEdkZnYdOf}h>w8t6*c_A()TtuZ^XUZ22fDB%c?V@z z6dOz4y#nO}IVZ^{dcZ#D!sp2+>yhqLE)`i zP&c4Ih4&|-J%A1m!2Qm7o}kBv+TyopoG_(Kz1;Of4_QA9nSu9(ozF7ny-feZ+sWs< zb;OXyd3X<~uKj55>YDi(!&|S>ucg#5zOOF+koZsf`D3{S3~!6vln6c7QLg=0bid&G zOh3Pu@Y;{BcO)EsgoNKZSM0apK59qg&*}WgbJm3-zg*iFxhwLf5xMr)U!E`NO8B&d zpDX3^MZQYp_Z<$0_e8$6u+)!)-z4(mbHd@Z-+xua{tgMhYGydRFY?w>4>~{lMZRWx zIDA&*pXzmyuUd7H#EvO;%$4Er zdcCnD5?(*ozpI}3*%$M^Hy1mbeiAzkC{Kud#SfI*zp&ko5P4=ETSQsPZnXi#>0G{lNI@k-!r_H z8`96`ZKT{gA>WmW{At}zWSvt<cI2eoKFZ@fg&vCi!Fr^9iV#(j!0Kd&oa%mD0b1_YfaI4@xL~Nwqf)zd=9SoPVrO zF0A(T6<{9-FQcpWyz2 zlt1OcpNg+W{euF3s2%n%pzakZf5?UZ;6tZK`$GnPD^mWCNqXEB9%Ajp43eF#fe;GsCiuC&x8{d8?(*BW)d#z}y*f-0^ zurCGe?MAjo=KyShM)bx&gY+{eU>|gg@Xkr-L0z$*SLsdka7Cl%(Z9(Wr42>eKXR)f zJy1&gA!jS%gY;EYerSAUd8WbNjW3-ZU_j>qzQ=!k>={NoJ~7x2vA>C7f|AhZ`cuoWzeD?m z3SWuv)8C{$r(RP-(LC@fT&fUkg9d+2-l*EtP;|H~_LIS1%OGt<54NE`-L$Ep=uYfM zQ}O*G$RFsXr)WQ22YS%PS>#n1bxkXW^7i}d{nWAg$UpYargk(5sCGW>XLdF*6kYu^ z`Ro^{AJEN95Fg)T(Aud}O-4z1YN9-#O;e{P9zewV);=5IrI)qdU9O#|AD@~QUZf8Qja78@AeGn*QU^5JkP zeF_I3D=K>h+n3t}@j(wq(z{aP>+&q_OMCIWriP+(E=78SFy3@;8qhlkukw?sh4v2m z8G04h^P3ooI?fO0zd+>u=dsGzKcxC&L$r6$ijuUK>45$LD*Y~b?@!nRRZh{KxeNUj zwErUVN#sXS|K(CYwNXCMzq;aus4)c>`(5tHT_0UCpYK;5yA1n7&%~xwx%_=xA7PjX zE{%8GOFmwZSZOBxF}<##6x*^t5`R+GHI+oM%$Dc!B1f|fuEj<;Jlvn)`fhL7zAf^% zzYWVLi+uMFwBub&e-G6dTvv+Ry@ltvEEM^}V&6GJxhwKxZ_vJeuALV7$1Q2!{fhOo zO61m3$EEc23<>*x4ADogk?DUVC|Du+Za;X8|bf8+4`6 z4<9Jh2WcA}n#sVg%!EKiAiW#n9+r6RwuDf6k%`|(6> zZ)QHVe22)h<7i*Yvm)Pi4&`hu4gG%bCG{oIGmrr4??*X z9SEn}Pr_TeA7yDjDe~jbOFf8uw#e_7{-yKpihNqPaJs8R{!Ju58IdoKbE(Lq`!V%6Y3t`3Qg5py z{BzsFiQ7S-)9^8W};kw^Dk z))skmpJrU-(f_m9T;xyGmHf#2PD|v^w_v~1_1szHp1d#D`w0>vUzle7XgS=N;A$>* z^z)W}B9HD59U=1QKG3Adqx(Q7i+pT*=3l4li2NSe$KW60eVHlp8b_qOa(`!wJT{eb z`(^HLT`2O8+^b3=AE?i5 z68p_X9+!6M{mAEEmdGc+$aL*4?4O-Q-k^@O4|(2ai@dTthjow2b4ihZCHsW^p4=DU zXt_KGw8f5Ym(T0{H6qvTulCMxJ*4EmHj2m>h`joI3Ez?F>h?NzgOuwx@fY!YLS3;3 zDEID{|GOyi+oV3tUs@UogBc^`F7IUR@hY zNqx$Aw?pJxwOs1K7kOO97hmN2MV^rRGgK>2c`~J%5NDQw-HCA@w72Jv`86@VWNt!d@=l8hq~avGe_~{Wmv;iPwhI^< zwSSithwUBxUD{&Kw>lf`^?E_ZZ$19?ipcf&XDs8m=)Ayj(G)|+o|o}bvVWG$ui=S(YU*?Lu{LkU=OGUmu#&oUU>Bpr-9-R+g6!~&l zhw638N|86ZR^}O*KVK5LKRGOaS>$zPJ*DluBJv8dZ(GY>75RnQj}!Z^i9DSS+g~N} z&DT)wO8w*W=HNPBjB@iR{if9-&xpUH(|tqaqqM&%>Ebiq;7ZpE+sEsk;A$xTg}yJI z$RFw;`4m58lgOX!7?x*5K1kBFCI34_zDw#suWx*jw|z_6iTK6)MLuy>xcy{BK1`ou zE6)#)i99Ro0AJFL$vWV8L|#eck4S&f;Z2br)a_I3)E4=v@0cHJ9nYDLi~QbqqG z<|0pNzf9zo$al#;2WvI^Z)cIWmUEuX_PoCdk?(jx>OuaG?+B5fE&i|b2JIw8exLYF zrlhOKzsuw~iT?=4tEm#c#?|5bsMlddrCv3zzvYg+I)C`A@`g>Kypmk|i;)q<+m|#m z6gjoYo9&w!iXKD(bJP0(&xLd2kEj#o_5XYKJ2W#CO=%I(AD`nD)%cO$|l=yZ&w0;$eT}fBfBW|M(w& z_rK@wo--C>-LSvLr~g;|Ukq!(rE%$96Q29K@%tHlzSIc%jp}@<0Y=T!l$9^yaXZL`nsq?0A9*wsTI?%SQD8>=&=WmVkj6mOjH?#QvGHq~v5U9D$ z^j)j0p=brtbB|(w^(8p_2=oSc;}_%)zZGo)Z-dXYzEZ8-=V)2`3H?de(XQ6ALs<)Z()CVycy~fbVQZ^B+7@liv9$z&a3kO!2JZZe}&I0GPswDZtf2KkA)1cJnA3x z6P_cwmlrXNj%5Q<=Ue&s{ycfOOhBvhu^#J>r$vaX=w>_zRpm{`aDPFu-MF9F-=Bm| zkvh*x@h*NVY9{-UoC|P&LF*G7|2?!NMYALG3y#nV=FikX)HkSRFY=kIaX&#nJc<0F zev^Yxf1tSNy}_^tvX3*oh2M&%B+R@1-;se=V4{*<9>k#9_9F% ztPcB%U{BSjeWFZ2c~8;4eHGFI)x&w1${+B1qW(ecX370MiMXKpH!!@3wytRBI`Z-F zkati&nGdsQ`-%n%Z?}bg(0j9Cul8T#(Qw=fm0r9h;)AA?NB+?k0YFd{*Y{p{DHE6uzaa$sBh5Rw`f28Gwv^_&|NHF;uy~B0;%)6{C3!H`YY-i zR9W=q?W1_%pUtn6L=*Ymdvt|Fi5hWMbn#J-8PsK}E2J+bT17eL>NeU%4w?JCLiQs}FS z(g?5mw}-k{vE8@l2g!0X4=@pxRsF!eRmG{m4FeMJ=KCvH#SqTP&b; z*O5=uLwL|PO&H&(U(8Unb_#h1zZJa)-kXB`qWL(#4D@Gb>OK5cR2%b8kbVQ$1GRaD zypP|C;-XK*iy4Z3kn~~=VGmRa{=NFX$Hi|&XJCDxo>y6oiUo85wp_U=p9fx1Pw>vo z*k657v4EaI`BZ(_jd4C0XtIhw6yqs=D|!tJe-q_THYpZR^O9#6Rt)=1n-&Xbz{4ot zZ8&cbyrM49n>ar$*$m-9vtZAxi%#4e^#giG+sAJo6nsC1{3lx=JZQooqz~R{iTVR& zw}G#S_^l8hlwX?l{l}S|feX>GNRPpguvZ(O}$exZn7#=w7L>L|f=VJ-Q+O zRLuYQt!SaLR}1xdG3ThWIIZ(pgtSH%4T zRm1}v#m9P}zCcUGzKh?A@}EHdQUCFtXzQS#5Z}e1A4?!SNbToV{;7-KigqLaCiGS> zTx^kKivoS1N7t$5KA$wkJ6L>GA7}5r~iWr1^*Q z!uqm{Q697xt-lZRm1?h=Z}Uu8Z^y&&uWw9$M~AnuA3XPYwf`s5$9SOihsK2URW^k6 z1($|-<5HGS$3I>ooc_Q9Vg72&CvMHZ@_&WQ2Ri`(~8Seg1u`?9VDW8TYeE&hzimoChvuG()3){*A5^TtjEb^RShC{v^ST zC*^sbeh!V{B)AsJ`#=3$$`X0>{d9Ygr(dLfTb^Te7I|?moGzMAaNSmv&#|0yxbLB# z$n)P}c>i}kS93(ZY!>CtK)%19E%NQ3N_g3Cg5fH-4$Jp#mXy~Md65GQub*3Q68ZJ= z-d#WM%!qv9gOaX1??iV9u8#A0D?_9(1`uTKuk&mb) z&mARv1(8n?`}#RIj&l#Lo)3iW=;yc}enPpmgwHk4mGBcpuG^0(^2hb}ZIW(nkw5#B zluO#1J`d#F?UZXfaS2~R?w77N{oJ?1RV956G~hmo&LW>A z^`_tRBt)*?lbF(e`iZ=W^gG=SZIN%5^I?o$Z093H-bUJw&gTdjCpt&uqeR}}FzZ35 zn-uxQ^;s@&KHtOW^Gqtpb9(*0$dT}kB)lv2JX_>#2THw3drpb`ANsw7+^>ZqkM4hZ zROCB!dyw~IuE;A({aA~*k3^4)rKP;S?MZR^4cPQM!)Bg{OJAKH%dL2B5y3==Wi7|H*#NmbCExFhves6j)z)4 zMfT;GQqQX-d~YeQQH$-w6FGDH&wne4C??p`{rT(M{||6%G2gGM^@Tg9oH0}C!IpJ~ zHm^~yJNk*eS7m&*ZsdCfor4M@*X^pPDCWp}8?PeEtMiq+elbVp8M*71H2Bc^<@&tP z`XwB~u{0e#t(a7h1ohpUn%cU$RSaj&aWVB@X+! z>zDYUywLh3`#@f3{gQqt&&XZB#1`d+)-S0u;1B1lUwr6u*DvWu@c}DK~C3!=hk-L7$ zB=d~i^^5&rp7HP2FZRkjxp&&hEKjJ z^0maYA@U6(e}`zCBKq$NznN%Cc>e>De?+v83;(f%+bZ~{;5MT5DbYVc%x)*fb`aB& zfA2jBw?*`y6XRbH6NQ=YtS|aKMC%XX_Y&jZ5)DZ&{vG+meq!<@F?OcZ=kMgrT}10^ zqH$2<-xJeQCHyp^`5MuiNp$ZJ{d8i|A;#Acvv(0QbBKv~qMuJpuOT}35$*eli3P;? z14Q#dqVW(hE0|eGKAj?_?j>ec3I0g*77^WtiHVIwYqQ{!L~}9GeVXVjA!eT?W|k5Y zZ;Sjfkv~qfo+p~ih{kGSY6a2zmG$ZuC2tF#JWx7l-^s&7yF;0PH-97_FG=3Il$h)- zJYJZoerum3ruGqI-w}TXy@g@*6*AP?J68(Ner@zQ=A{vuKelsyUnV1+RXp8(V z;YFXloqX~((L2IVC;CZZd<@aKk(jxG=#C_&hZ9rdh{@T+>@4B$5Pq8QQ-zoOW{$BQ z;y)0*pNak{qH{yZp#IzeM6-N}fVV0Uy$VFP6frfAXwMeh+AatmYjaM3#^#;@+6RbP zvj^q1h=~To)OvzD)Fnmksjc%@LeLOim;kGl>~Nw-CJ0A5jW3i-}2B_^m`gLrh41V#|du z%kntu$frD_`xY^|R(QPA4(#JyYLFh@X)84Gu2o^mC)&FO?1e`!3P@l9>HU_+7+! zapotDcetv4vu6;^L)0g}Bbwg|e}HIeV&C#88ey>A}QoLdK`w zM57zg&s@s<|Jo(M*fGJmy#LvHDbr47TUh>4lR^i-lThiFYF#%B?|DT036AbxBYG5sA8FNXuUwU?OroM`?) zjPD>OmJrjgihQ}qpCM+`qF+i(t{`TfBE}wPKAeY${{6(*<|M2z1f@?k`KGSM3?^5MkPIHGku(MS>#Ly6u* zso$Z*Oeev%#Pnif>NTSAJkfcIm`RKL8De%BG364yEYT^%^kTn@{zqcwBr$fBX#7ER z4-?JCME`PP>^fq)6*1X{c2hlw@eV}0Ez$2x^ekesBQe&Rn7u{#dBpVXM1LyLzLRK8 zCuV07Q#TWxHOxnRE75vK^7W?hTZpDdOuQ?&nrP?Ij$f4+D@#liBN}H5mL!_xiB?hJ z*AZiDMgBH1?FnusCbtpYjl}pHL_0&wd_Xi_C&oTw{<7aoKEEdVB9DJ7^3REh-NfuR zqF0@EoEBoQJ~35;m}w;P+C-xP(Y=6ZO`{!mE-~g1<98AhH;a4^!<%0d69+V) zXy4cU?@!9(M~JZ|f>#iYfkdY@F@CYc$3Ns#<@7EgraKWc($CV<$lG@jEr%GNMNH^^ zxK`5nfS8qjV{anwOTWoV|L`g^en$F7yn^u3Kb#HZ({B;2ErQ#L*>{Qd8lwL(G4>JB zSWQgsko5Nv<6jW%Jw)eIqFIySoyJ68x9>Rlcr{|mmwBFmJBXH)C-pG-*dxS@ zU`)&Jr93W}5i|tT3nZRk@&WR$@b)C;#}&UOc@OVH=60eZeobaJ`RuK7pY9;0#IMPG z#r9wvA!fdj_VK;Q#eXrE2rvFib{To=8DcU`Of4naD~R4x#Pp*~H-Uo`RX;Vwf62-? za-JUPE6G!+Txcu4as}8i1B=4Qv4F9Udy2WWb%nt zoS0}V@)ks=af={ax*5^EQ23TayPn8f5L3;G&ZR`79Wk9x%(NleabmJ5G1W@s?S*eb z^d!DppM178F=L7TB4V-wF>x_5wV9Y6&*z&?M_IpLBkT9_vc4Qe-c2_O%IPm7+RKT_ z@l9Dz$C?Fb7HuA&Go5_m4x*JJ#*Y)Tg&8g;@sj1qXUY-%;>6VN44)n;d~0H?6*1Y7 z=;0t}HQr?s#5gu4D?W7vF>x)?w}kITbUPE%mlN%FM5ie++lXj%A|{6rGlK+$kGH87 zq-UH_JV5i?LIJur6%NoBv?h~x{y|KhDi-K79}>+)B^eL@xI^VX-jZllV11|05UfhH zW>pWuB~}tmwea=vQO?CH_@jkmdh>4Gh)&M@oPLGiH z1a)~|Q?-azoR~hJ=w3iHY7!lMBM{`fnqY0BRh4MgC#Lg7UXPd&x!I7sSDl!}cNWTC z(j+>&&I)*EY=Ho?D~ZVp!V9J<3NPrKQ7{N^+Fh z6viAjZmaK;p({hO5MB95c>Zq`Qz|6@p{@8W|Zg_(1R z*>j08eA5-k>ky4Uq#p6VeU#kqDRSY>cV*stfM`ERG;t0-pV#J9_m_gWDXaS7Le7(0)ck#u6E$lFt!F#k3&hJRSC@|PG(^o9w4 zt>|whI=2(!cZht5@MDDUM@)#l)Na;~Q?O`YKe?BDY#902H{=tOIsRA<(VI?8b?0~+ z??*I#xgfCPe!_Xq*g-T85fg`nKSE5M%XqQU#6%gQbAtNxZ$#%8;eRK3A~&p;neVcE zKjH|c1g#-#Z(E048H6)Yhw9q(Gx@q?jrD!{1bTcX7F;#QQ-8kj*L^|0j_|W1eAP3l zuO#~SZVJc$KFe{Vg6MyLn)({Tw<^K(F)Rev$!*kQTVrs&l3;vn+YGKDd&rj;{_|(T z_EruhZ;JkhNO`8*M*Rh%H%2ghbl>1wTZw$W@Qd1!$1oFI=Y1H?-}#aB-(5(3bqU`w z624<3eB}!m{u~Lvd3ZQKTO;KuF@fRr{dpu(o~O?a=YLBi|Kqw+f03kD={oWlrh{w# z6!I;F|9A#@Opn1eurGPtUaoIW9@9l|Rd&g@7k+J|{MBy>=l?)ihS&H1dNW)fmp(}S zC1P)8gnuW(?;OGQfo+Vz^?l@iycwyle#@AiZjUcs#q@Of_B>5{IJPCYI($t1)xvjv zm+@-}Kllmq`u_L0l6+Os-;klbvceyHmG-&_eH6>~9Y|+2aAe^6lk@i*ga@ub!;WtFm>vIm% zQ*(;Cvi)dJ-=CqghXmuH*6)?@1sL3@vyb7i4LGd*9b`#DyXdR@O= zBk30sz5WhhN_~beB=%-U?$5K4@$j0i46nz>kLrcvC-cJfcgNS%>+y3_P4YT_4@J^X zRbzP?NPdP?VR)V2N8ci^%l~SmJmc@8zPQ96_dV?`6n^z|>Wc|~&UNIA3cqeS`IzwY z8!&!c_(75Jdih5Tulv^nlgQ^u_)Z7H_pfmz{_IG9|1;8lR^G_?rr7J8Ag|kdnX~%_ z?dKEGPn#G{|MC2A{s%rtJwAI3t|eQ^>;8Rjgg5#zzHVPDK4SWMzP#~ZxP0fGOMANg z7FbHX9`8Q9oAxf2^waN=?<2fXoV*^NPo2;BdcJBnf%+B_{^dycUy=;3=c|gn8D96# zd40(1^4#|X`SxP3$HcJxF0IJx`KI5kcWq?ljYa#@1a-7>+!0Bv}avE zqlVI+_6P1RM|+jU-tzh6s|nxsGV=QVKNRtYt}Q{m9>4PYlh@hH8NRRBJ6MV7>-+smG4lHU_19?;8-`6gje(Pi8 zwZGpf;@^xf&GdEuelg1ltVSd%b6q6c~1U#dMu{&asW zLSDD8z7f9l2I{rHH7qj!Ea(}wU#B+nujkXfqr&BR{2Z2F`}_#xKkCDIz~4%7+$yEjgk5(QHbHS|Gjq*c|Bg-H;D0df9?4ldF@ZGJeT2hd%Qd1e=L2I z`tFjyNmIl3d;Ct?)Ah4IGC%B^!}x6_eu+r=8$|eypU|GZ|Dz-P&`5bpRte{SOl$Ib zzAh6Pe`ZF?`)x;t*YiWN4tec=J`v$tE~Z}l3-u!7%iZ@f|GIsYjI^&KS5vS1$0w2g zy8a#N^?0*zJ?mS~pBJwpulK2lr*|TfzmAdlv(P^nUf0hVKhnM)zb=iWcmJadujjwFBIC_j)0rRbKlF)=Umr&N z-(mxpp7tM$N1itvip+m)1~7fy{{M*Be<3nn*RIC!dOmt1vVJewf_m-$99hKtXn*qZ zh`-n@!uRRL_7N^k|9fPpP=qPtW(uRx-TqZ#^ywx8LpCsMqbk(tYIh_>>=Q?~hZj+eeAWc)Isj z>UI0yd1ko2KK7~C{r8;6^Qlb4U%DvrJnXkNw5P}K36b^neUbI>SCbfCuLpmLwBL&k zGe5dMS4Z^6Bl$geGwrpM@pNir{+M_>^?H8Z_Z<0-625z6{C+HQzdnlicReHP$3=^I zf3^S6X&QO$Uv-G|FEd4b2}!@~Eb@B&`BP*(uC_aTf4W8ZX?Ihv+sEZY$(v%oLPhd= ze5)6EKHH)>>qFnac}o~xxA&qE{q-+VuiI~l$awqA2h{8KJG>q3>-oCNPL@~qx3!V+ z@b$=g?Al0s9}+1~=lQgMv6T1c8sxP0$``yTT^_+UlPa%CjBJ1r5U$H#8e>98S zuipw&uh%1D#_+zF6g=ngP9y`gJ|q91>a9m_3gX!(8Qj{!UO+h{k(KD>+4^X-x2-4%>T=b|F81rh~BO| zCP>F0H95e2XMg9Y?AdF|P<}4;){`vvwmbUVt@Mdcsn_w{4CA*xviD=9w~SJu_))$6 zo4m)B^sU9TfA{(xi&Xr0zQq3*daD8Tr_&!eE=X_sl4-Vz@4UtLfc}@G1G#Z0@z8eD zRQk-Gnt@!$cgo)w@a2D7lv4Vv{$5|lpUwEiW-JNH=bcwK9KRCd@4CEkX%#>5a6a`u z`>D5HT) zZr7Vi?|&868~|7}%=JB) z|6|k}HCg`0>u(N*r|dlHebL*Zf1z%l;QqLeO8oL;Xy=`=0WMgup`fxKJ1;@G=&k2i zzAt;-vM)$~Vnlz}#31~imrdNM^oc29y*+~M_kq#0Qx(J@cBNedzeMl+W16@*nZq2IY%a z2J+Xh&>>mOb zCiPob?@Im(blrVY#gCm8wr{=5{6A6uj^~szz$Zzt_OC0vA3zH=@6k^;a!@=1OJXogdbln;C!jr}zJ= z^l3A!w;Hhih8M3nI*30#qHj<8N9Ty6ITFL~jWmy~_$%&^{-^zSTRZJW|3s)hAtocHhi2S>c6^!^=Ty{GNJXrEI0?Ch}K zdY|QcEI$>rzf7gD-k1LM(7~^QS1i_uu-<6M^t*lYW?I>IZV2n0E-YWIBKr<0eY|j3 zZ_TD3JKXIMr0=wh=$G^U_rERwM-@NYG@|c7eSw|h&rgTIRDrUpA~aE@S*F@`K?OXRC+x_Gsq+t%u)zSH(|W7tw#j z{C`!#oEzA$9oCy;7=Oj86@Mzddv93pi@xGR+Yc&zazR*+e@q|DU-u8I89egL#=?3} z^8d`eUn~gh_X+FWB-5YKhd5uL%pBNC<+hdvj`On@wHPG+v6|(QnWBl>s=LbvdRB?&_2j^Ea&iV6=wYA5n z_^0Pb(L17lB-!xOztj7o|LxqZvqF09KYYykJ$vgfA1S@}XE=XOH|c+m&dw;k-9B7C za~#W;{{Eu4(kD8F_0D{j@53IS1^p+!J8a+TPWzv1-VoHUxht&qC4V#XZ+=GEcaMbi z&epL(eQw#XKA3+q)xzmpFYx|tnzHdK72l~D*1O}G|2aLo^O4YnVZHeY?N@Jp$qy>N zRV1wU8nJw5v@PpjsIFVoIe@iRjrdP#r8$qK>!HwuLH zR+{B|arDGse)JL%eMjn_s&vJd%D#0)Snu>?{=RLoneF>PxPI+zEdL$dEB93K{jbgpv(r2#^>y1xozi^+|T&1^9Mbf{A_9t(d^tRGlUBmI6 z#?-H#d(=^Sr+Zj$^kVwwKVK!-0^t1+w(mT~`Qxpt%HN{m$IlMOw_arZeVwiRiPF2} zBl=F%mrBhE#t*AXM4w{*<{qjO_y;L7taqjSCw^WWtUt`}!uhkdvwobG_XqxWEEbOM zPaGGt|AYO@7FYT6%0%=Mzuxr0g_Yhv8n$mYVgANVJsy@cyFaoUJ}-uJ7~XVyOzN# z4C|+`eRDG7&-kiK(7wHT;rPDjliBCKQT9^}!g^2ak7{^@uk_AuVf$8Z=Ksu@f843` zZu4+_cM8+*Sm)e(l|I!<^m_e!5y$V_FTJ*;(kBkf{3Fj_%p{-hG`sQHDN1ks*(0bA zz5a~qor1Fd5c|dw&J!!Ies#BsA0OE zdwQVK>-oh$i+Xn-`$xfr=e(x$sk+@5U-V{c#`hPhllzf=BkJuu#&<-YzphR&e`MNr zXZ&K+`=Wn(<+?y0d+xG8Zy#j2oTbEl58WL2N5)T#uk~&lrvJ-B69WGy{fpQ)Xy0f{ z{h&VMgZ5`%D)~EudRz2`7xsQi<=^mdfk4Ei`jnKwrlc+(tAC5 z{*Tss_fub~%a6e$d9O`a?^I#?{_?X8!&UrP3(*&1`i`Xk>J8mTE4^-iw&;D)-`{Xa zsC{a^bt&_|ugUCSevig?MgPkm=_4Wg;{Q1P*uM)8`DLThXFG=T@7}@w-FU$6#Y*pY z3G1!?j6bZ#^Y19V*Db8KXEFZwoyt5O#J9qFcLD1!e|d>ueo0?SyW5!DkoTvn=!??6FZPc=yr!A5pMFg8Cwi+R z)Boz)larJ_`9N6jivHx?myJ{U?98y<=*0N<9UBwOUx`#$Z;QV6W0wW%yV%^Y-V=Sx zkt>!c`~H1lz1f-eFNpE^Z&v3|#wTC;U*?t4LHkWg{(LE)IfwQ0TG_V2E1KkJ+SlWs z)rIyKc6{RHApK>Ra(t5U*IvkaT-F{B;&6G7u>YNYKG~J=GZPPY4dU;W{w3qT{VMy% z%6rNO^F#VQ>7Vj^*?5uT-; zg7Jvnyo~u<-DKS+72k~L9nrse^8CPmNJaF%=

    _2lH1}&foI&_;2y~@#D|n11((s z9-iN&^>$_I3$=Ot3Z-{vh0AAkWB!&k>-&MyJCXEV(eHkE>JX*3BYLAduQc)U90@wE{K0`SZ`cI{n62-A5nVquCU${efQl@PE`8D^swHXC*x0v;=%l7%?j&% z(Qo|d+~E05?CyyETl&}4CN-_9?8k4R-k0(j3D(b`qd2%3mmVLr-WL6q1us4NcY06s z@1MkrzrTrZ_M-icZCVE7SJb{E`e`Rl1nV!Y*W<789rHhUckO+F{oAB`;(z%Pzpqs~ zxPPbPi{84N=`Xzf$7^!)XN%qy{ZBp4UiEi+qc`Iht56|WADp%?^M^a1_via(pZ`|H z_vcIgw14^f=wLi4n|IL*fqjGLAn5YhkF%Y9;C@_1>5VTejz4;ST}=ORLXl(ZlsaYd z{fmxocHsP1W7n}@eQOU2>y5!|f0f@q89ZM~4h`$A%UHkp6RQUO$7&GPdlLWS-yaG5 z2YWzSk(McZM*3Z!aGc_%G?6VZHeT>(_MFFHq%= z)d=gogRGy0RjOX1^x0Zry}6&|d-dK&FALD0RcoIfgkcF!oK_s$9HeM$ev4bGcN z?^g=zt?wAWRFQMGD}B0kSns;b|Jou4g6G%Hbz!}~i1lYRf3uZ}pB)?4Tiuxd?2>DX z2KL)U^sA^px?st2rH{1;>%C62zjoimz<)_!8PShq{l^RJD6QgK^}>4lN#?)wnum5O zeY#6n?{=pB*VFNPl-_R=);rhJ{_%=eeG$aJJghet)BanJbvj?^-K)cTt2@iL^UMuF z{t}}j`UBKgd7yoeex_eUe*@FE4@?WzZ;2bidix;bFC0AcXO(`egZLlP|E$-k@7173 zOQp{a2-zH^WB-4>c!4!apIRyVH>7^dcWA#> zB6z%t`U~4P2ebTzD)k8bSGQK|D#e#vLuNPhPITVrLziCN~vT?C)zZf=!8{LyYqC=L8qlsQEDPOZMEniBtu0i zSrn4gs1V}4ybDopetYKix_W%p#a7;r&*%HcZ~x)xbzg`3y6-vNGqcueChR` z(a!b1wnyeNKkIWgV*XY=J2Slhm-#!jf4zV@+sDrekAM5|%y^?8=C6La8sYnw*e|6s z_CM!65X?;_Z=+q4fKGT034i9(rnkM{b>-}(i1FFhLWKPlR!KL2hUANOuOJA=ieBD_?s?&=8nMbuV8*|Uvntz@gqC8 zhVjO=ne$8g6>mYjh73RlZ3r^ozCOp2pA>#LZs)yj3XW56IO;D}yibMDeojTyN4q%!_JJE3 z6bbC9im>~%JGB3BYen22(=Pda+M~N?hwn!c%zvu>b*N+Pg2FEZ`Q2|hKg{pb-t|8V z-wf>D6`B3JBT?TCc0)I?Cux`C!^-I!j;EG2aeQEpz@u?3o&#%T{^q<}B#_Ixmr2bWyU%5ZD`lG(> zo&Fuz0u^2feZ_C}bWXp@gG3hee5nRaU^=6BG@E;)fcrQ+?p(?YPH zR~TAnaA1!d%8WOgqyI0qkEs~g69+Tx#!%Eh==!I_^__hn({43JeGRT{`g0JU9$GD9 zd`8}7G3dX`FP9Y#?9q~$^Y7CB^!a%|2$uKfUXW=whGBf0UvZZO_Q(SlAV1e{9_y>v zZE?8&xK2~pf5Ue1$ylq2Zw2ud|J@6p@0ab9@Vogy@`J!0=f6uK$B*+V#^3su_p1eV zKYdY{-)Ee&`GHXHX?nm5?1__^cJ~u(C|Q9IM_evSNFF1)yQU^jL|2OErxR^kEcz-|ouUT+W$uRxdtznn<6W^l$ z#;>1vGO+vS!S2iR`Tdyx<4acD9@yh;@qAS5MlsC)^3NuO=Z{nr{rg3*-R%SDzv|L+ zUJdgvc8cJO6em#QW`$KV9*L@cC%GT@%z#yWJVr@1hN7mJaeq zVzl%4FrJ0|#-Z=M9N1I48fDCn^&rjr1Lirrkb*`Yt#RpHGc7 zqFtWPe-C@{y4Az`!-SO?Z_F4Fj=D>q+GYN&A5hP5B$_T*Q^GvciWasDWHxO8~^k98^x zJICkz3-QZm9reQan@hmX?eEsY_}uHSYZ2J(+cL**J%RX2)$VE<*v)&3Wb|*>M*Nlw zo;(=X6FoAYA2=s4{>v7;8C)if#DiR4asBJ|#Qyo!$|lbTcIyS+ztL`{(SQ5e$svK= zSdwWsW}*KjTMv93nEjQ?-WmJHfdTza2KM9%+PQt4hcSPHSM3V#FP$9N^ZouwkRhRj_YB6GnpZT`-a=6P%x>_jym?W-z%RCr_T`|-b+4;%7VX zGaD_91^J>M!_Oj3u7jP&u)nqFylQFS=XZ*R^%v)=g{wp z+2=hP_<4`R9-WoxXG})E6XPd@>r}fw?d>xC9Qy4qg7b~%z#bc)>1RwqzH9o8ofh=# z&V}82M)@s@hvUm0{8)JWnSHB=I`$SQ<8_#?exIwK3GyW-GS4KHZz}p-+p)`%z|SrN zd(_PIbLiJ@*3GK}zgR`slce-(Ohdj>JuaUc_*s+bmr(iWH=|aKdjmgXG3+t&RK5iA zy}fT_cs}>opIb%cqhG-ve;pa-TLioJT&AD#IP!h-_8Q9%yaKHk8BA1620yS{Y+B)oHg*9 zQ}M3wJn8+?CiIJuCfB9Tv)I1XYxPP7`C_lM4*hJ>pk-!`o%N-toE3fLhkXI z!Myl6u%`zrzt3=glXdjI@ctq3Fzo}B-)dZcJD;c@K8KEWh283w>1U2WeV3GOQYGj& z)eCmNcc!1ueis+p65iLv`oeBM0GfAWKd^to{oUYtUd1q9ZmV#f&F4V31N@Ao*iSzj zT{wKt;@$h7o2Lcej?uBXmx^mFKUS?OZodB`09*M7ztzg27 zRQb7*kACfoZ)_a+Me^}8)*@fGUcJKm22a&@Dj)q`?QkHx|4HWKXS|Gjshu;!<1&?x zpF_Wyw_bHYP+vM9KVu#89k^}pxWLcP$IqeP9qrBy@6Qc2Uh^LAfA?a)8oli4M}mBo z)i6AcqK!fEvpU0X{?dEy3jC6TVD|=R`k4tF=N&fXwh8>=55sOelIiEuujJ}Wt`7YC zDX_<q_{36p~cW02DxxespL+Ncb!uR@CVSFwqayIDF&v+I4X^rva?ho?$ zC1FooK)-vD&uW5kEV}Lf7X!caUVIKIeHiq6BacxL=liRV{21OZq$BuuXCfDYE}yq~ zUt@pizjZ+($d_n#emHOO7NGd~&!PVdKEFQPZuaf4M_Plj&hh$Ud;Hw#oCkt@ekHso zPm|(jx4<~MU-VtEz%No9_j#s}>n5uu{Jtpn>^k__q~voRK))YcwlrKHcsBe} zq}>0St&s1U(swrr@|o|~3diej2F?30PU9iu+f^?&?ANbfJM>F80L9OvpHuPf@h`b$1{?jvD8WA{9;ILK#If}hLhb>e3}hkTC|ytiNA z7P}UHc6CtveENOWvs^eYZcW&&+L?Y%9OHeY#Y=Al`Rp5DkKdT-XMKzPW%sr%;dMV! zkM`@8-v+F67M$})xQ>z~l& z`rhE@0NVEWGJKAno{HyC))es6^Ahzw-v1cuf9Dh42i%YSz}bQ0smB{7t_u2%oq*jw zndxV|55KWLfBQq=XZ{YmZk9!o`<3OY1M*_d(hlRubQXhjRp9`L;pYtKck!bmIcwd`LBaihXDEF)Wy$^@| zoK-n%SJ1Cn=IT(}d6%c)ynD*eLcY#5ubdzFxe?f-e19i?_96I9|9nnX;OFuEpL=0u zKC2P@s@yRQ>jU=ZUz+LXGv9~(mW0n~BBfyW$W#4(iF|8IbiOC7?;`lcN~?VIdnD_4 zFg(L43wyL&rk~6DhJ8KO3j9*cle`#y<{jK_?a}YsC3=L{x9E|J!g-VZS^SI+@LO8^ zWcVB;{rzA2+4Sqba`7KQzma_W+#c9&<*UsI&l~O!nfY9~Z)}O{`Lxp4IYGXp(=x0t zItmm&hwt6K+A}yjA9y3_M}M;&#_JWu`RbtyZmt~UvkSEj^ZBIs+2_EoU$19thJHop zN6LEKyB+n_c1F|*{E}r`g!xRa-{rbscE|jksM;nxj?xEkpWqzi{Q{qhI>pg%$pVp) zLB8}MzJK}>l=F~T9rJg|;w^6meu)FH8wbHt=a+YI{=2c+rN0J#kro$(^*OhJr|PSK z``V9p{1A@A-%<&F?}E~=HxbAA?4PTL^K3Q7`7ud~pVblb((9pW;rTQ^3-ry1FFWMCh+JZm3Y}>HC0OX(kJGUw9 zMQE8&9=f3NoTB`)u7F=5q6LOD2>et0T#U5@e#TPJ-GJl39|0CQ@k_XWI~QLS=J(2g32O1T`P}?u zv(^s=`4i>fXH)=PYVmg#qMjY+_XyXeEi=or3%3UK#Gbk?^!MKYV;<Z2M{8Z=KyTY>)mM=lf(KXc@2mo^Oob^G)4`{UOmBG!5)G=BWN* zzHLjlZw>NC^1faW^qX7=TCXEhG%@kpxxw9EWn3w-XjvsvPUp#Inj+%HC70DaQEl=U1!{*uM64DWx^ zyw8kX2!D%|dQNx0nc9Z?PWOD~Kh1q-;!50q+GQ|aeV-cp4f*VopmiLS^R4|1;x2A{ zpnovl_zUNT^W%`#3TX3O)MJks9NH&bu(@&I@ASw0X!0>IJ{^?f(OQrF|G~O-?+g4R z6>uH)OIe_H##b1j0i_I+*KCiX+;d2n~7hqiU zb*SIp2)=mt{kT8hk9yNS=p11E^mjJFzv;4esj&Xd=s$7@eo<29(_e;qX1DvfZs2c} zsTIyw;u0`I?MglT9Q9Qj?rj*jn>&h!{vK(+4=wp^-tSDP*yM`Pe-XA%f{Z@L?IqXW zcTi7_!5=>r_`A6!!~BsKKx+jk$GiSqUo^k-KaUspJsj`9%(`w(kUu%SX_()g0a`Ob z^DyeLmgD?$&dnXd`&i4t`NM_QYf`IwjNJE%{-=g0mW+xNp|hpPtu#-NsAe4Mm$pk@Azeei#>(XtYOdvYl4 z!@x9Y7KWeS4(Erd1Gh~G{JknT&&I9>Q>5fKiy;6U%XY8M&ZKp7Q7C)|~cJ z-M~No8vK0HT@Nk(-g($RPZn((t~V0vnEw?pO^Ux;4fV8r>W#01{E0DT!ud7Ef*vXU zW)qBe^+nO}J}f@?;?Up8A*sdRs)u^o3?31l554El4gI5w!N^ij{C)ag^hMc9K|Lwj zt!40w<${4N_{;b6L67$h`!PrM#(3avSl3j}(D}umienyz|0zDd&llN@vsM3*PMQ7Z z8_zh&BmL|6{63%Lv42v0|%zv$?gV0`Xj#Kn$)Nor5X{#<@esQZIGmj`jlrq_k@Y1IbJ8^{~kelzN` zzQp^2D<{v#dG-Q4XLQIoX_iF0#pgr*L0li_w(D3s=r2{OCAME_(7G5*mI1xnI4_^~ z3;q6GdT^H@F2>(;iSa#iG`m%3H*HYjyu6>c4c6yRU-?yd{<8TyFE-yhCx7Pq=d*b| zZ-xH!?@Ra_@%$(H4rpuw6V%onh;!8Yz8K&4d8B^-=fyZa^i2*iwy_k3x2&)1N3ispMis~xw4dY@-L2LB}A>*@D<9^>@;y#(Ly zndG0|_jTd=?=<&6c2V5_IK{zJ=NGQ?Kksn%g~9ODiz+2aG-mTFtn>knGc2WIIB7OEq49U@cpATka46tD4)1y=&$BWWy9@mJPf}CX%6`7IFJ3kQg7(~ zV0=~%{LI0i!SU+x`RuQ6)q3IQ7G36#K7u%p)N$6Pf#LSrKc&`3L4VE&_(w)Dj?{5Z zbBwRY%3sz6acR!GGaPXS^PGyimD`UzyK>$K^7H=OvG8{uWxwM<9cQ&b{FWcupA*C- z#BV(OJyOScj4N>E;Eh3?J%RZrf+~C#BRPKlI~?Y;%<&sfp#S{h<-S4g zBQR@*A$d;SN9@D)(*J&m!~ReGJ0Pn6*k<&f-~EH!H^_a2^lvlIsr!hpuwOeHu%5j5 z#a~|we4|}(U2#a?hW7cr;5fC%c)ud97iABB*E5KZbgUNcAJ(0qK^?st+N73vs{!U= z+7qM0_sB+n^cU#|rpd?vw$m>0UKaWve#0B#_0gIPzr*{O6_yn1*0v)Rg`fRs%^1Q_O3qQ(z zKZuWC2EXX#phNAGDN^EX5B(PzQ}Kr&-njyCb{3eRPLn=qeT4pvHxa*o=6SCN@n%(i zKc0+{QPL7J-tCU_apzf2ZVuujV-atX(I|A3+PMx|`ghs?txwIsE6qn?kB}+)o7BFF zH}6CL@$z{;B$oH*NgV0cKt7+^s+HNl&-nI7N8J^~o1S^t3Z2~Wb3a})Ja;r=pw|JksMD=zXaDX&9KX+> z-2P%Xe=oouTM7Cvf@Ts-vE5+2u^;1a)4NieAl_a|zh$7u-%Cu9>E&pbc$e|VKCXXt z5FdRFc6&YJ-vCVyjJ^&^yyc_+(odfl9LCenev|Q=7{8hEZ)L{&jGy@I`{DT~NX-|&xG@zt^>QlevG=%aWYD~`zhwnKh6C| zd|T;oJo-LFjvu!to(r#Oc6@qJfBYIg_rI3U{mDdi=m@{RF5Az&2gmO{#Yc?`;*)%i zpW2J(?upMqcOUhB&`Y!aI(V+r_HH9wFUD(B4C^&(f+;dy3p!F8lz6u;;s;%uNCy2! ztHbV-i70gRIxt1%xBl~;zL+nrAM;yBx^=mZ2|E3Yzx?v+^`+S#DiaeM!F`K`w=KT>yo`Qv^5 zK7W4eXP5J1$iI`9&pJGs`0w)T^|`C&=hQlV`G1$+n8f{ub?2Agnfv$o^IP8=qq+Yu ze}4A~QSZOYukRmxH9vA65#9IS<@Y#0Qg?p&&F#qV{>JNEeOxD>xxGesh$Jt^dfcoD zMk;_tdC+PI+V#Oxc|JiN#~)TKNEB}kd-`_JiGh(js7bR8wB(V0uX5VrtfN65yA$kw zHWAO0v4$}C)!fq958`c@6jvLVKm#|09 zhBlj{9)s^c?)zg}_&zE9&TV0Qatr8f2GiTA*>1fJZN)gQhjYTXEK#w}T656MhJnn4dx##V+{ewKtJoqK%gAp>e0NQ;D zj8jV_a8;1UdLH)p z5-`0OjB-DAxV>Z4QjhyI#&y|cJ(dP};?tRDCiBc-o+m(y+bKpZdF=VfvuNmq@bhc# zZ1}rRf+lIpe$04>+8U4J{dC`3GwNI!9{Whqy$+B)Ok+# zy*H~h;$k&Hk6PzB-S^_05r{XsfC*~J;}6IDm`gCvLms@UVz9l;{l&xiu*n!1AuZA& zjaAIE9C_|7TcK-^C;4>kFpqzKosiMF(2<_dF6}PcC6CWM4?SLBOOVHS9dQZ9#a@F> zQm5BLJ8YLcZZ7KCHs*=BL7LP~__=-1e`GuJPMy(sc!bJjQOsrPzOx zI!*0~os>MzKpdz07R(AiXJWjHJds|gC%qavCi)dJvgL2$wVE6As zp2U3U239jD!7yW}xnL_K5semf_~llmBO zW?$rSNt;ZP9(gLyov3Hhn7l6_<^4q_A&=JudA#w^De5G3VglMFkI#DM+_I%}SkDT^ zu|MYp=s4-oo}iXIMh^DFdxtN3GRTwO#5@n69%m!8`5?4UdxGt!^6>KmUynW<&X4~T z;wH)v0?UGkW#k>|vyDdBybeGqYJ#@YLzqy3O4Mth3wlE-JBUSlq- z8PwxUL0p`1HunRUI!?RKcFE(eK|Ncxt_VMmU@t=+hv$vhV(6r3+FiCw9(yhFjHudR zM^I1nbHt@&9CCb+wj3X%yMFJ^Xx`y$yMM9`EK>=m;63JxVQkeC8?D_T{*K*+U))kM|p5b(;s{GKO3l>NM#Lg*JwP_HZydg6&r@ z&(*kZs#vplxNb?&?u~?><$xZU8U-C64N5)UWdp=K92F@>BsqTP1N&yrC)H~m=3!)1B}fCQ)F~D zv@wTdJ#IDB^K_Td;qzc)D(q=8K8>0*9*1^GnIESk@~j{B?y6vOx$MV$3jQ8x&xN+; zgXRKI=EwU9d5SNMh3|K*XJL;l0$not9CY$|&{+&hJ?>q|)8hUy;r(EI3GC^mU}6~< zT@Ly$fZhsF>M?&oo@1l_b21oL>Lu8nRrFg;O}cBKV{1XF#~OD(7Vq9+(Tk&m>Cw&lp#+RT&8ec)1Uo#IG!~}n_ z-y4MIpW=UjGs#j0-mmRC3(PJ6Rx1b|BexfVMz%lyx8bw|O_&ig1 zA9SK8pJ(0=8q_X-r`zD~hYf0)yEn+^cS3)$Y|w8@Qrq`Hr^)!ew4aOm^zSIeMq|JC zKWuv0eY(lFxj9`aPreh_^|<12viE?;ZK-caJQoZ!ONdt((^#5sWuh6yJYJ zoCBt*V}+qp#lT1rFv)h4-(RxU;e6M)e2tree9js?UvNqLYCK0tQK!ksTKJ`^!+t7X zWjxQ{^`A#>5Avl}!!J$xb)ik>v7{f;Y(%@%_YLan_Vjm8d@OP+P(j$$& zup8W;tt#06u5b8p_&W~KA4-J#vri`e1#P84kFH5xp6z6-r&T|T&zJIztizkpzuhYzeJbwS-`YQDt^67P!$9(^EePnQb^rv-FA=dW~ z*Ec5DH+r38oQ-_{be)sF664kD9hdo>f4JU>aJ{3~Jyv1V_fOX=>3r5LP7&t&hwBX| zpLK`N`mDEczWVN^r>h3%gT!>aFN@Cr6J(OKo*A8mtt+hbt&JHf0wGPU@{=%1q~aXNqOUF4ZZ?k01#qWvV_Jx9%;45{CXDhmUy{a_?#~~m*ag3bgA7Zp`-J_BxyYj?U80j zqe(_di?m6Hlz-<@@>-`^XBwrI>Ei_17k zz3xo0-D|?*EuZIG?vq$Aoau9}6rXoV-u#|Z#rd4-OrKZ9SF#S)o8P)8RT_S0`kcq3 zzto%Ga~kh`<~_sbHEDTn6XS6a#k#(CmAnr~=lz*^Kid+#U$V~zqlH0_w2MHSML~Iw znx;0G*SrpS>m17aVX)w@6#OF>fj${8&Gw7I6e)S#GH92)#zy2V{6Y@yYc7G^y%da> zrGGiLlU8|X$s4IaKh|s2K;E;=vfl>fI_JQiCea|HWVK&liVzg-581{(^SvIM|nr(cX&o1i6k(lG0U^orsU_0=meoa3EcE2EK z9Y(ud8TGrD=Y)CM7C0KNKm4V5Zj&aBWzZ2aF$~XHP3kCVkug&8`)yEvwbmuy4C;?B zK|Y5}kS-Y=iTp`wk4%w1DfykdG5?Y1o=3v@S%LhQuY|NO~ysroTu-wpSGTMGJKD0ttc1v8(j%nNiap)FG8ou1b+grbE84$ z0Cf^fQF~LM?XSW3S7e;+)b2EBkG})=Pp?lduTQ7DPDObhmFtx=72`Y8^NsNY&SPhK z-bvG6&Ob&1{n@*4T&14q@LS&IF(Qe=*iK|}B6M^bIUe-${&~4zd&WqU?Fqimw5TK0 zGN0CCINv>A=ZQXHe=ju*^CU=P6?B}mRzoMr=o)C3jI3om8F?8x$Q}G0+Fv!yzw1k| zln*u`BVR!8C6^q49&iw}4uKMXIu>U?=>32E_pD&H3}a1+4q-jvL#_W|{y+O)_FL=% z^t<){tRt29tZAE*M`4rdNTHwV-3*Ij3IN`dqi>x4unJ!u8-x*SQYwb7Z~iyoB*O3vfMnG&L)H zZxw&0TsY76v!Jtxd=4}gQ!fD{OF@^6E~6&n%b^pwp!91W!#tPR`~2)+p3^VGZm$E= zWc(Fq_f;@SdSr_9$uw!b2LBW({aOn#-ub_~;qL;t^~;CjO*8_Cnt;-;_Y(S@bJ=^iuRDzT;@^OYZ^`e#$oJGgfabrzBx$9gQ>6PNwD)f? znA5-doAZnnj&~h-h)g_>cHx9)p>r02>&fEJW%`MKek{biQcLVv{2tj7$a?BYU}_;~ttRJy&I-_+2d0+LzR(Es+a1xrcPaMA zAH1d)2mQzIxHGiJF9FSqz{p)->Q*pO9W)wK+o07D^s9i8%V@7dJNq~9M*n^V^xy3c z??BMMm#T;D@d;?{17jbOpMt6Vp!*)^?*z@yK>G_Y`aYQah};WG|K4Mm|4;mSZv_3P zeu6#qGZ-V|zd$FBg9e%SH`|Yb5iyh&>3UX1^L`#GD*`w(w9t_#r-V2saa zOtwq^ULB18+D0$c2*#h-+Ay5|$TrX+)1k~DWfyQKL(HEE`x6Xcox{)GHq zg#7M>slG2Szki|I<##HAF$I6}dlmA#5~urpjQoCILjV4Q{9c3n?u4!CJKgU%pt`)z zfAjYucG~BWd`>6NC0*(ysh?9O*zT_6aX`xR zN=rSrlsbjAj^H}hitJ7fBWIGik@su2*zy{1-qY@$;wK{&xL&g{kNY3J+oLQ z%h6B#bE$Pct)(tuxT_2L5$4_peX=XqQRz}W&>rgsI^99z z{!FfCyZHBHoaB>!w3fPrMGxV)Uvv<(@?m~{dk-KkhZHT;`J^Ao*O&dLNU2M>=oyTA z6B%0seTX`$bo^P^3z1o5oPNUQ(oQBw$rq!))>4WSXqi8}=M>Jt=hwd-j1}E}154^<_M{o-`gndlNEe0R8ge1o~|! zBM-vAEjfqWOG;hB*hBE2N$w`g#nEn)i^#)dwSKV2$x{8HJCgHApUip~_MT)enI>y- zd{UP%(H3#X$d2ux*OO*@=&|HsvQ-DP$GiVMlk_Xq5q>%3UedY??TbjMOX$~!y-5Rb z30b@$be!Bp*1G}i^GM@H`l&k0S!gfX2<%Iy$XbojK8HL>N?k(lX82__0Vj}0$XHXf zuO`df0zHiMNj;C7n!&Gfb8s@5CfnYM_H|^r7SK|cu;<-q-%dt5LC++QliAs5_sFb! zpeK-vIzwmK;36{71^O7-u`Bd?((DF3mXx}LN!DGeCH!*8y`321 zBe%nEcMNQJ2k4T8+CcXtx06zrFlP|_I_7|TM}qYRgC|F1>O;e!%M1aHpEuO^R?@m#bYBWJzj#p9z@CG_MMJ>UQ1H+&aLaHocLbOm39fd)C8I#8 zOE||ydv+Hvt1Gyj9MBEATz7CUIj;wF_I+TaC%B88&r7mH|^0=RglM_gnTt}wJ!=zCG zab?IT*_^b=95O*JAw6<8nI@$!VbQYa$0X~KF|sG=kaNf+xrOw}<7A{9@>V7-vLhKM zCy*{FbqP0ZuN0nN_L9fQ;_sn7i)=`?CHsE9YF7Pl6Jczbn;HnVY}NF+HD1zx6$4POfp|w z^0Y&{)Md;=U299t2!GebZ3MerA51l7o?F4V1-cDDi+P=<)ND`Q0_`*;Zvc%ZpxpvY zu^+b?wA5v1qpll2v%>df@zG7g`E$pBiLs#fD3}}v`r|=+0vMYJI*)(6&uY}cRjjIv!m?-}LiK27##k@7iEsne~N6V~(7#S z1*S=RBeYM(HbHx&wHZ1|M&E{Z$;dm@q`8HfG~cBrO}>YaI-QNEv+>XC%La8?U2z>s zl4dvP1Zi}Kj*~ta>w$KUjNS+Bl9BtN9WpJtC)y*uXeZO8wTs*R^1xY2{PXMo5S4K0hC+KaZYbyL>L)rhkI(HDjZY?{uG2cNyo7hQG(SDD|n&v9o^L z!Fi|Np%W#7)Sxn5;Dhc8AR!DFin?oKVv&Nx)^?%81 z#x;EL+Ax2NjFZ*YpglpoTeXY*NIvbwUqXCaasauDJWQ5b1wYBB*-+WDl^#a@SLfEC z?c}>9!tsrLA8fc497fI|SCitGqAt1({yF4fQv5n@hkZNQ@IB~KJHTV4_@9oYSf}_^ zrp|AC-iPQXvh&P1_G9>+DeLWlztH^*T6pYp=G%8>ET#M^Q|C9n+}4+e+b?y7JVw7W zWtrQNU)YdZXj31$1Af9Z+e^hV+t*Vk>A#E2Z+wToM*Q(JqYCev5qhjc?QS_;;eJ)ju=Nq~DqHB>jcm8=xQIcIs+3vwyPr4bVwa>=SN6 z`^-k*Nix6j9X^Eh$jLKgk4&k4u3{S4_Hg8!Lv@0aiww)zTM=u`Ln0quvW*L@8g`-bh`g2TQ8 zcYjYiYihe_VT|$ljqh0PM&b4=TIb9dr{9_KF#UyQUGyW&p?3cv z9s18vaeAD)R-YS=FSh2)*mo`b&XmcQ;V;Zy2Q3`%3iL2?rUza0RZw)T*E4m_dgy9w z7rP$cupK;ZPs8lf*d>qla~UT*OkMeX^xKm(Q_#ZPeA>6O{RmlH#p&@muj6-5XPzNX z((g<;U<2|CbE$=e-hjQ@KV)(GXQ?dExoxNK5eK8M1pT_@62F(*GD)^fts- zCbQZ?XWyMki}snfqupx*ioe?tdNnEWGS0-)Rl@OYB9F|6HWz~B7G!E^&yTTx=zoa* zMXdm=zXRkw%5gjfrYC|9>613?^1DHCu}l1T#3jdp^1DI_X(uBSV7I8{ zcZXcj%$FkL^iPv<)?x7XZ<6#o-R~78`MqO{aWU2@`-|HK$Ipi&DsBwUDgNVF|Hr0- z9vPhh?UIq1&<>dIzbw5LdQv;jJ<_+ zkBn|)9x}2C+9A`Vy&3Ik(taB{MOyDbCrM`u{mJ;d&^{U4%6Kxi4ca5OS7;laXA1_C z@fUyFqOhO+7q+0Oc_r8j--+F6T9MIkfC2?%+)On2yjz z>AzgrzgPNU4>hqgIOTBSrFRknYmA$;O-*_4F z$$4Uc2`$?*H!D*gRP|537Iqm=8&&_~%HC1gXDR!=%6{{0$S>pF)*f2+r@BVF@HhNldCX4vcEo{#`A#k@2c{3R^y4ji2f_F|L+eY ze`)H1-(>2!YJMk;gI&(kBQ`;oWc-!0p~DY>JfN6&}8i1Dwi$@HJ= zX8Je%9Xk9GhP;?}cR*jr`0KZ2>W-;QU1BY?)N@T!%!lk>W2eD>9`k+uEws$f8wKDm z`{&v>V3+ZyZ-ZU-m%drh;fL|^a^5fp{xUz;9m&j}Jsn#5KmP^j2@waaN*^x^djZySkviXBru0qE!(Zm>eO1qjq8RTb%r|B<{AGV`TpL=>*Os~- ze5dmDRrW3F`ZG+~=P14ZMf4}zv&a-^nUC%2dfHCeH>&I5!*RsR_3GI%&@#Ta)b(`I zU9ijfchwMRSr0_&Ld$#%>IW_P3*QPY=X0wZv}~_i`)B%(Q0v&A7r-w2$CyWikgRdc@28Ty;72FFD>nRO8)N zHM73QRlX0Ep1KwOa(N&3BSE}>jM3wI;r3;Qlf3iOe9tthn&rruh zOzAs2!C&_0N7Q}qzm@LV5dN}1e0>eH>|Z?wK+FD7S*@=RtNY?Bs%OTZQ1LyL-BQQL z3T1Di?5mXhb*0}@`okMD$9G8S;W60d__?GH^f|mf7riMnzJ$`*syyv{Xvz#WEAzu_HKDEwCq3MtN3F|U##NitNh(mzMUhG zU-sud%AQp54=ejV6<=TVf0NQpl)hEz)=H02{Y_GOhpO*Nbv~}t7~_-UY3H5LvVZMS zdf;@}<@(ZVF0`B<$0++CW&h#k%>IrkJ*Zt~|09%sRO!h|>-B|RuUx9uAG<4{Ke_*Z zwnb+DMb!Cc+oQ0{`EJ|&&~p5pxEosb$Lk-4mg6a@`hTP)>@wf;)cLV{&&>P}D*s$n z-{Z=ClhI-_9cunOm-T-#lpUMu;^iQh(532YYt>7>7agjQ| zr`7gqru-{rBVOjea4%@tJ`I$8kBTpK8T@5`$WrUCv()urjT+y%%KnX7UtXl_SGUd_ z@9*mRR!Cj12B>-*r4Op{4Oaanl>gpx=wI$XR;%mf*Q&mhivLOZ?^gDz_aMJ)k3#DD zF-F-V%6^yH9aV$~uaVBD?9Ls? zFZ=V`N}D5Lm*Z))m03^qHkt7kD&11)xvHK{HsWRe7pw7&QT9nnn`*sWR9z36DcwM= zw`Zv9%`<8}zftwKQ|Vk4KS0&9S=q-b`x|P!+3I@tA60)>Wk0F%Csh8zH88)j9+}Z4 zbH4Yed;^sKc9kzzT@Q~a|6(;W`zwAGwA{~JqwM_bl=U-{A`Ww7q2x;$?r=&l@JF^M|&#Q|BA~d}4yCU)v|0#y<5l_Qy|S zpM4tpQ>U@J%C6Thdi&|;FV7?}zp_5l&tr7Fem`uUBv>*qPzuAlE{yMErI z?fUtTw(I9X+OD4uX}f-2r0x3ok+$pSN!qTTFKN4e-lXmN`IENm=TX|OpHFGKeqN>R z`uUZ%>*rb8uAgsdyMErK?fUtbw(I9%+OD6EX}f-2rtSLqnYQcaY1*!zuW7q}-lpyP z`J1-u=W*JupU-K#eqN{T`uUx<>*smeuAlE|yMErM?fUtjw(IAC+Wx2KgX;RIpBL(Q z{rphd_47n+f2kJE*RuXRY-V0xUv3I5>&MMXZ&L9`RD4?L?J7Q{;y+gUxQaiZ?9J5s zgEwcOUU?qygYs{${CBE)_9)#+`M>rc^2_?Yhq515@rBg;qpBScFYDn=YCZCh%2!my z4^Z~vwUJM@-(Y3`kE&;kvQJRD8+-CsDt=kErxCw7kE({3x`%ANQ62k4kS-`{U>8 zeDkgvUrg0AT8(dDyg z`KztwugFZ;<$PP`HE4Ms)m-TwYCL@=!(Z+fE>!(Jr2Icu_1~@XH&ONVRd(xb^e6AT z7O45VQ`vW_?VY3Q9jxlxp|=0TThO1JPur^fp`+3XO=;{%vJ{PUZVf zjjzAT-$8AUXVm_Yqx^qV{hv_zM=1XqgE2pHKfXVJZ=|Dft=sQh!)e9l$-ORm!W)baT*wY_Vs$N1&^@rufSi|YSJRiDu;^LTq(jX$Br zw_Dj~D!Z@xkE#BrsqwT^_KQ?K->ZBl)cK>civL#C*In7`sr)}H|0QZX532ZFWxq+~ z`%TSnfjXF9S#Q3n_U}8@=bMr${|R-yyIg%9;RQ9H>y<95`X8>wGg|4%N_SP`yHw?S zT=|>IzD|v2z0$K({9L8us{cwVzpMP8Q@V!oAEEMXQT1$BdZo&@TIpAmK1aRpdQ|l{ zS?LWb{yf%~XjxBpRr}NM4`G+}&h2BMW&Phoop0JJ zy-n?ZJ(azY>VJ>&uf7=l$$D+MIzAp!^)6KFsbR`~lgc+l)l*T;&+W>8qRQ7<*$b-A z6RuSCv{d8$Mvb?Y>i=~W-$~8?bv-aYa(_`|KD4aQ+o}G1wLhG%_RkWk{)NquPu5@C zR6TXyfnC;vrB(l*D*qPB|4QZmiQ2zwDf>fezV|Bs!)km>RQ)B@c#kOmw9=E*eD_lG zc})2aSN5+|ecvg4wW=qr>_4dbe^UCS(uJc%8xF%R_vZul zLCf=sHfnpEdl&5TJf^tnzpS#iSNr#GYP=B@zf~P?bJhG#RQ27b_TT%}@$sCB@2C71 zEXH``d=ppWU8(HvE4@n9Q&o-skQ&cOmH$U&|4!|HcdG64mD+weYJPhu|1GM%w7P$v zs_OYg^*>VOTdw+xtNFg{3CyS5-xhlvTGpr6DErf@|3B3JQLs7U<$P490<^662dL|N zG3Dl>IVgpRDptSNdkP{mWd9dgXod=W2W8s`1~X#&?y9ucYd!rE~+O ztEu=qRej&7baOSn^8Jus)*}zA{iB7dzom+Q zUez;7#V=LoziG<8MQy*KYJQfe^F^7ds8^o9+^*_tuEu+pvd5JDUS;p5^d41TTNNKu z+q=JtAExxZ%D;!weUbXPBM-^qiVio$6_4p9g zU#=Q|P32!#M{cvHhpKi*qr-7NuJ${ehZ~v8w+GN>@?+MU|ec{1Zz5s;+-= zRZqeGm|wX*4pjEBLt&Ta!SAa5VVbi0YJBIZ{9h`2D>a_!O8-mwk5JoZs;c)%6+cti zT{STKtU>fF6uIHbt^Xc;{Uu`vCxyt^lnva|BMt-?pN~-?< zQ2ljQ$Jdi;|9(mJ_nOMrQuWtI<@;LgALlPceRBQ#UDbc5%C}DSU$83TWqrF|ZI7bL zzCp#Gr|h|E`)*bK8&&?K_E+|jD*qrgA9d9BZ@2;Dk^7a!YW~+Ky;}8uvFfj!(jTb$ zK33z~tMq!6zmm!qRoYYjW7YMuw(_s9^i4`PQTkS;zf$8lrt06M>e-@nYnAU#r8_Ep zkJ8`k{*~UY`s=FV&vvoBW&L`;vZqvhUuEy7^zAK>Pu4r_m3~`ok3tpUFVAmET@Nkm zmr6<(RsPkK{e6|cxbp9=>e;D|?|LfVjY>CBx`onZRDY(@{Z;=TsrhSvKgKWXi9O1m zrSk1p_L!hD42e^ib4Mb+O0D&H>E z{}7e0wDSL4`G2CW7dJnQdSyLUuoJXg-)~d)H&lIZD}7w`XR3P6>X~^wII4b2&DS_( z-=+GisOqh%^kfzPnTo$s)pxbhHC4VQs=fm%Ujya;jk4dY?8Vf4bWrnsp|ZDB@zs}M zK4rag`)p`=o={H3r&T>yD*G?WzD}(tii|^kxnH_R^|x;W?6TfSE8Tc2>~cRiU2UH^ zO3zn%kC=Ev2_8eWU7shqCWddXLh+(qAck zMCpGkeO&3ARXx8ed!hQ654m0!Q#zt_X{F04eW9AqE0n#m($^|oOX=pS{`$&pDSeC5 zt(2~-_Wy3`__CC}jf(H6^u0=VSNb+pe{W@vD?L!@VM>oydVcHz{qa`1_SkDgTd^?xXhCA!@$%D*uO-|5)YUMO}X;tNEI!{12=AeN_BR6+cJm zr&YdZlpdqzqqDl+jbDxPl{|kQsJ7oorFRU2zdT=hSY6LXD!o|MGePBhOw~6@&F?Wa zKaZ>U-;{lh%J;0wXEew>Kfj>-*Q$C~EBhfe{*h{Xy{6)qtN!0o`8F&6Pn3PDvhP#& zl4?9o1>5ZK*pR(TFrgT*K*HQY28qZD@pR4xw4Ql%zRq?+m zeO4>fC+m}js{f+O{+a6kHMKv#qqVB1((ugV<9wC>6ZL#yzd9b9tNL0iol^a^Rrb=V zzhA1M9=V@7sdRbepQZF!*JQ>QR@zqmf7c2AvOnCX>{V6%b!z*5tL{gSs(gJ_z7xv6 zN#z@>{LjtKtj|*QY*F!#srZD_m#X==Q03pR_Lo^IKBf9AtK#P=|6R(zwW|L`bwANg z*)LP|W-EI)rF$!#rQ&z1dRC})ZLg;4jaU`l<2dC|yO3_gbZEDm_xgzpCb=p7QsU{cWYUE8SAf*9|IP88yBSReWRR zKTg#XQ7HEk5OYZ+_s{ET(d?z&@+m(H%(kE3twu&#R`tPmm4=MeH%3ngo4^aM{ z)c#jW`5#vKx+(ulm46#`y}W8X=1-oF{7dEgS!q+{>!bQ>s^-6v@~@`!2sPdtm3@q| z7s^7t^1Qyd(i4>bl>d*h^MKQxH!HKi2Tb%zSY7%QuKdO_%9dz z4-xUNiu$yuFA?!a2>mtD|L0;qOc3!`i+bJ=_1=AASfBj)^;aU_J0gCf$iJ(of2#0b zFUJ2s)W3)5KST7NCG-=8o(laFk$;7lPo0SWkBDC>>b+g)n^#xvuLp&H8{ywk=+B7w z7lgjISdU#r|38a(C-e`+@p|aQ%Hw-Xd(iXWZ~iUf)#TvMub(G~_;q(Kni|D_P zsK1x+4;B8cgnxUXA0XnN7vsMx*5eQn|Do{jC-OIo`HmF+!-d`=_S0Qrzda=M?uUl; z&7YUXiG2Gm5B~i3n3Kix{ zS69}%y@8MjQ>61uM+vs7yfGDA1?HRgq{ffFXDKG3ezBPUMByJP z=5wK_cb14>C&s%(#IF?VcZKk8a!NQJ`TJlGq3%JcV6LjRl4|1R_=M1AiF|Gy@O{Q3RnIT3%9 zI6g0kde@13pNo9c#eUv&O67Rnh5nhy_oAq$uZVv|)bomn-)!H?^?ObDhn*Ds`S~?a zOENayX{+9?|Y)&kA*&3^gmMQpNaS}qQ0YrK2`KTPUz~e zP+xxk?6q%Yy=%q%`V0RSqW{Sv|8!ALLF}J_BHtvjKi?A155E%k^C>rkdh@@(xKa4u z6!-g&g+5#K@A*K;m;e35*=vHH|9g;4uMB$rz3^SJKI??OgP32FnE%HjzNc8vf>_TJ z#Ck3g`5Hz1z_UWV`R{GDqW=eCeRmb{^F@4{)WvwG34Oho-*j<&KNtRfV*Ue#ezwTJ zqww#!Zdl|Ojz6pN{3!_iby4q@qW=J)?=8l= zQq1Q~aXt>aO%4zB z=g+UNi~0RR#AiakN$Bs0{tzQzzn`h~Hbp4;A`Ip)cAg%s2o3K2PL- zQ{-WVp}#NU+eN-x&I0-T35c(csysJh3*`nU-g?}&6|90VT5dDXU_&#Dj`wRd0Uxf9{zfaG;G3fdG>>FbJ zes)Lj=YMZ$b_#laJy<4=*N$TR)uR60g@13M4-@+7Vto%1{!v1IL5w#+`2Q^Y7mEB- zMErNfe2*3W>0*6n3H@C$-bG@)J{10wME*GV@qZ%pAB*}g68^hIzExuUUx@ghiF}s}|7F5|mC(nD=eesy z|7l{r4~u$k6!Eh}zWc>^CyRV{i2l!s{7;MiF9`i*q2D9&JulYt1(AP^&>s-}UlaN3 zME%Rf{`tPRzB`fsA0pq&qP}&)|EQ>^Myzj(sONQ&?^BWQ3!yI*{WqT$&WHSd{f@}@ zkV;V#bW$S=)V^FdeMJ`$bX9%{|MpVWWO-K z{Q3A}vEI`}{CeT?zQX^$I3Bx-^ zFXEpN@pp^kFp^Mw9Wq3I>zV(aR(i}1IKd^?DIy9s?Sp?8RUi$%V(g#Lk;&!u8LR_+wm zD}R4Z#CYe4e7B1DA!5GY7WGXQ`Id=%!$tp@BL3$h{>LK!Wx{`==-;z3%rF1Gdy|MC zDaKze^4})n?-IHddaW4$QQ?15tp6{?cvlMjT#;`pF`qX?{_8~lBgFiEB=Ws2`d=jc zzZLm*6yyI_e7|WF!~KQ6t%%>|k`SMN&$>g@zo%Hg7eqZ;LaeQ_X^{f#7-GqOT(5r<$Oz2}o{nJG~BSriP!e1-& z`9g0K`sqTyTr75#C`nS6v%r}1@s}lO5R|kLo{`j&up3jQsk;88e@%j7Xi=v*3MZH$k z^Rk%V_M-mRh5vEU|1y#P3Zd^J^1UkRs}laTcZT`o@5{$O9Q6Es_*#+wH$s0yKiQlLxf%>#vdy55hDHo;lEeR|6!pYBKnUO`XM6UlcN70gg!y^A0_&~B;uXWj~4MW zM81Jyy|)*-7Wzz)?|7ll7J8k~8-)IrsP{dgSBdePME`$@_%`9+Tl8Nn{L{txcBb%u zN9aRDzV8eF$g0Zo`GFmRo_~*BH9Y9~`G2U0e?s_=5&n;bU+r9ZJ`WK3j{8@R_mZe5 z75-Pnc#Xo}BJyvteaOE_{Qoa}orrH36#V)1?Q`M3P2}55^zC;E{qyVLM4?aKG5GW2_m~)O=>e7XeJuQ!2>%L^|2^UFD*pSackER;zk7uK zfY67E{x6IAKN9inB7WqqmFsbl`0oimA@pzWU0L5bqW{%GA1(g-K>rl=T`Bx)gg$Yf z%JJ3-e^+ro=(Ahpd`=VpzTXJ_T%o@p_G6zzL%#g{J-)iKo;soLBI3^w`YKW1m!ki> zVtg(Be&L7W?}cwWtg^nTBK}OVKKC468SjLClKA_K&63Lal_LLbLLVpMCkp)@5x-jK zXNdSei+YrJ9vd#c$6hVwdx(g?NBA!j{!Hjs3w^wJ-b;mkiqMCP=fU3z|1{x$LDct# z7=N<3pT8^OcN6!kc$qGWWW=V*ct&ojtcP}T06HkJUSdx`9f$-27SuuLV8DVp7!JdR zG@e7TL*gZNbvV+;9D)tq_*mM;>-dcKd(ahqRDvB0ST7Iat>NHqN?*`Lxi7k@^viC_ z?A$}?U3w^6zo|-3;Vq#zSMsf~e~Ug~XshGN1KDM~W&aY6#r92NKn+CVvtVea-oFht zP}?Fwoj@(ybyLZ+eN^%>Z?gaDrIJZ}aXyr>CUsNxRQ#=s0S4@~T~s=tyE4zCKhi~+ zzhI-SULXbxSWth2!Q@36uwH+W7%*T#{RtfmSWs)w!GQJrsh2Y3NFV5;EVbLs`zS-L z_I~VFZL0LI`I2;fZ)IsaFMor6HEVH0ZbqyfrZ(_a~{@3@&VkM~vv zX(1alKqahgvU^|USf}LCE-C}{81rDw)L-#|0Sl?OgI-OHV?GD=P-buTLwCNW?Za^z zg>9?u%Dvl9B|G<3+0_0j*`=>ay!{2{OCJLk)Zb_yM1OK6z6}=CYm5m7EI2>b>)60R zR!hFDpGvpxu9C;`&F-lzc88wPPST#rfvsb0-k{G|@_-sg4lwLpgS6n-ziRxZDpkBa zcVQpUPVQu#k=C~@{q`beF5_O$8jiva>S4wmgCEk@dMe{3=RizQ^%ovf!S&^ zmGoiFLH(I{FknHwOds+jNCVb`t~m~ly{ld!p86A{L8e=C%ugcc5!k?y-ykh0=9l<+ zPGX!p`IokB=wQHtYDWhH7E}j17_gugqJsg)`dH3q$C}tru1n%Gybv&WvK2Bdnl zw{l?K=%w^dTPk}B$NNp}e@CC!S6QTatCvcz?x!67q@I1SwwKEEmdb6z{(TBY689K+ z|G{2|bmuKqwwj!8lVcb9JWWgk$NC-oy;#RZ)B2)>9kOOlI%>hvPVzHJiZvLCr%R$e8{bwiPj;He)~B zMIZdu$6eS(rMvb}8PeR#9FC&jk=XB|-sAeJbXH%keeC_?$%Ea11w~wX4>n}NIIh6) zV;nOJKNya)1;sTp@z>58_R-bUcVIW=w(YLc-}O`3eT;WM^S9(Vnm%A5*|)#S9^l&Y zDPwHMd2j_^Yu953^Os)A{ehai{#Vwv&z9`L{;UII{hKvbq=Z4M8792K%U)2%^1}vyLbTD8&jOSipE(Pp` z{>m{%Lfid`YXj17yvz>WRJsf2@Am9j(Dgl4x;t~jZ`r?UF@3>+1+@en47l#>*PYm- z2K(9A!GHzz9ds~YL46k;3|LU-po0PH<#3MI_ppHh3+h~SFknG_9~}%>##g7Ig8>Wb zbaXIaL7jmP1}vyE(ZPTPbrw1pu%Nz;4hAeJ=9Pf)^Bcu6eUo*2k9~9ke#qY7`gsp~ z=|tkdfCaY+>v__qDt(jdD$;-jbuzY1IR?m#dWbNpvt^ zK|O^I`Wsy5=CX(Ua|61C^drul`?wZ9jsG6*2}px9-B=siX@B-K{Tw!np4`j$&k#eM znQz}mjgVloNPRzjy&q|j>RI}D{QVl~uqPHDZS@>$N82%m_V<@T+y}844{eK7zo#!4 zu#j!S`TYlMU_kk2A1|NB2I~Ia92d^-{;cyanZtwBv>Ek#XeSTxoB?JH_k_*4*1yz? z^OtoQK>SOL0j>*r*DY1rjqB5^*g)~Dp}5AYzc9`#$XB^HfZme4o&xv$=U5A{pnuO8 zpz8Z7hfMy!xS*cL{ysS&>%|!8Y8^SjTJAwe<;Q#j`6hPS?(%-hcJHUsZ?fO8+0pd< z8|&4FXQ_F_H4p~|ET~iH!}TCR8nB?|69Wb;=qor!2XQX}&3rZYBXb!0_$ZF~&5X5* zu!;bib7co+Fke30G6bKf;wE4IXc7xue}zm!^e_OPIKK!W0ZFF_h` zSM^p|5B3ZFjlY)pJdZQxd+6uWevIqredLGi9NrNR8lVhq3+jIMT5pae(tw4u562tK zt>m!ScVdiJITn9mPCU!2ce&2fPUo@z{>uFDr+cv8nmA;(D|?%^#it#$ui#ospJXI^ z?NHWxPjVyGVH_VH2Wn>+&9fZR;ZHZEM%w8Utj7+l_aW?+Cpo89urL2ft_I|M&iN{8 zh2&7$gBY6}itC!AZOE_x$T_$zf6c*lH04@osK@%TZsZz6JNX-oq0cUii!?`Yj(Quq zfn-Z+N2*=fw_}O(*Wevk!)Lg+^sdl=yc-&@UUEF`3D~yhed$Ej{$#j_wLF@& zMOsLXrT%ICd52(rf8_X`%JreZap!$s-Hm@W&o#eij7K;|Q^|`=kOtJFfN z{-EaY{bGM?Bd{HS4U&H|SNhuC%;#>NnfB#;<({1Wf|{4IUi+}-)f^K@_T_mU%n;^$ zov(p*7w!?rcJEU_o7s4hAf!<>+9*g8BtI7_gu&K?egC)TQWPz=FDrd%#2Nkw)yG zXLG;Xg5&=%wiaw)JowBQuIEULu1^Csi z(buo@dajY=PY&RGBZjJhL{E1Z(g9DdF+49bq}A~ zoV;Mbg4zNd3|LTI(7}KO)fF8KSV(VSoNk=6344Z|32g((Ydi-bRd?E8z=G<5^!Grd z@oi8&>HjBeNCOtsmfV+?aNh3Bn%v4BeV9FlOpPN!IICoWC_(Z@90d z{+$a-ZxQ<=Y+ynC7#$2)P(MKj0~XXWbTD8+{S+Mx zSWp+Bg8>WbLUb@-L0yCn2CU}+j^BfmupPA1!VNd*EyQGTVc7eVe&Yq!uusy7HXt^}Bm< zzH(gIzqXn^v@d->Bwq{1VJz$Cb)-S64>@nW9765Hq(i8295LtyEU5kPVK?4R+kifm zI+1E9^8q)ZhcZYto*Iy5d#AOEZ zFpv&rpCHu)<~4#i#y7MR+G=;!A=toxr3S}bEMpn(_qOvnPX7M4 z5XoLm{C#i{*P+L`hOh3+_ZIFsRmeHW6i(&XdWKNXN5q3=zZ;}li|)Cbd-c^k>s-@Y zrJR%2?-8!g>YLO8X)F8aP-<)I$#Vm1`x1RX4QI}v_NO+V?_=`PPLOH@K2QfBL5)Ou z@LBKw7dgOyg><05j`rpoJtJ0&XZ!$5Urf}V) zE=#w&q+)I480}Tk_4Fb-0=5Vy=5?I(^1a8yIl>K4+2Y2=*>xCrASp)L7!cfc4V% z9f$o>#sdqQ=fMP<0qcD;SQkil;MsgU{lWdYALkr?-@cXjr+HrCzM1%YXCL}+*F>Ioki%JR$?_x9_l=Qq?2Y8=5lf8JhV9Y7xeIFmFsf>?3TSr~gU?9VmRCBHANsS+nZ%f8l$(n+LRSXBgjuo(!SpM_F&y-aJb^Gsu4{H9p6jXHr}5 zKFZuipWkzx-GMpoNBm>d@iBe-P{+TBCoVab`hEKo#(Ao*a_H&rSS#P}IO_NVxj)4> z3)T}0mUi+ybNx4d#<#wPYmuO?V_$#)cO7$F!5*QlR$vDM7SylN!GHyIJ!q~ENCVdE zzhMpOuYTP{rC>pK?jvIGSup7826BM`3yS@k_&p2O@8gx|V8B9p1Gzx`7CRWQpl(42 z1J+CGQMY0P0~Yj+96xZ7+{Atcbu;yWx{X*cV9_m7{SF%#u%K>72Lsl(Iq$N!*gyWa zdCncRGixxE-H9IzHnj`a8c1&E`ScFx%N}0UTRAX3ZW#LvsqTVZi9=?bpXwHB z1M9hySnSDjeR${QU6}V)^%?%L1C-%S%a~^?H&0gVcAj{+DsS??El| z$a4^5_U4-NbMkcKeGF-kY7#!Mv$=*1<5~J*#sCWjyIxKksk)Pgwwg>l7pU0 zP+KDLDSm@-{O+lC?;1 zFR`?f-MQ|OM@?nF(oS~k%k>z4Kl*{{kAwujft25U(u8=v^BUH~f_j+x!GHzDcMii^ z8P>`9H5);rnX3Cv)Q2M*Whp!GHyIIXW1y zpnio81}vxy9Sm4dSD=Fd3+hUAFknGlh3>hB>+7bB%^ppDK`k8r45==GWAH=j+XJW_ zEN$(-#bCFfrV#@MEU4+|V8DW!fer>NsF~ad^Y=QN^S3vf^S3#hs|?h2oAVuNbFR^wE4>0gI7oht zAJp~u!Git`esGZ7fFIP2_`!m{2|qYUZpII4C4R7AeoG8ENN&Lo>UM1RB5x&*wuSUg zB70}hhAiNU5GgnNhq3x>W9lKZgTPoF!mfrIRK*jFLxo6;{MMiFCuoW;hN7W8fO z0p}%l2gw7(d+48#$I@RvgdZFv590&%2zkJQeiT1ANFKuvYBhe)kK+Re_DS@o(7{3S zG(15(r1%tM*wi!VU_Cy^v-AN6$#eLAPaIMqEx12me;ym8FA$5akQ!;d{3AASki1A7 z*gs)kgB=_w^c0ep@Pqm@I#|#z69Wd4SMY;+6+c+ef58V1lE2~y{t!Z?U_t*4KP0aa zgUpcXb!=}CgS4P&CvW0MW=QpSd|*Mph3#1OaWi|m1qz#~3>@gW=#YT}U5^eKxNp&( zPa7QQMs&!)fnI^ir8e3LN8+08$$iVrw z&*f{cK|d8q4hP!T=;!A1F+Ytzg^afII@e)k>?`6kKOZQe4wwS4H-D!ehhgVTuqxknePYsEZUHQ zzJ|6zUIpjl_qK22Lw87x&#gqii8ySj*Zp`up-o@?2of@IzD->jIG>Mkv$JVmM|%Z6 z$iRXAH9BPAe4DW{Ki+w?LEnOe%(s6?3^GHezU^Ury$l^P59{DSFU1BKIM6>pUXJ_~ zcF4ei&d?zP2l@(h$iVrwuidZPkI*keK1$3lk&yZJ9kd|>2YMAcWZ-=JQrh4^`~HxD z_I---lB+aWc_I)%(juU|m>5`3V4 zhYd1tpl?Tq3>@e?kp_7-cF0(>>@lED=WE5EJwO}ugGkm~{}el9p6_7;?T`J1$cykn z1`hPk&>;iorC(Rj>?Oy1v~RP=^lylR3>@ei&>;f{`bKof!1?xdw88lr{2V~vg&i_* zpzlV944iLYOBqLIw`>edv&Z1ARZbhyJP0!=B9intR>1 zufgW)BgTQY*g=y!g^afII%}FScjxENUP#f?<=DW1{slT@;6Pu3?%_COo?l}74mxDu zKz|n=#utNq8 zGrco<+k&C3z9bfzkjIiot;Y|J z+zI1qa$0o#Z{op0N}uF2@`3sfI#@61uRkXa9Ay6`2dFRb(?=`bmHy58e8$>91`hOp z&>;f{`g3&1z=8fRI%MELe}V4#24nPREXdHa?zBPopcZgj((XkYGH{@KqeBJ`bRTrc zz=7_I4jDKPd9}g@nTIi*rwg%Nu|oz9bT@R!z=5Wg)Yn8Ux+iVOz=5W=6f!USAt7ZR z`b*{o88|PuA|CYCFn}1yz!9(g+`UdMnID6=)W>dugbW<$P0=9(2YNGf$iRW#933)n zptnGW3>;|kr+$3KbbbwJJFl}2sb7b0A|V3@dLZqcXm3Y*dwh_A1HA(}WZ*#Whz=Pz z(DX|^^v%Hew$BF+^fu^_fdjoQI%MEL`!O{((0d|xhduCv^AfxBzMZi{1`hNt=#Y6y zKTWKzLig?6k>EV&ju^cwagc!ny&F1Y;5^5`Ua&9rBe6qDzVratAKm9hI;2DD5!fLE z2YL`X=)I9+u!94A1Uh71;>$dPVI+Q}W=uVvHg>%aF_3}tZT#tQba0^kxYXl7`~E(s zulXqSqmjb^yB>=jGH_mwLqdi>WvtAP2YLcJWZ*#idHeiGP0kcDFUg(x{E$wj4GwfQ zI%MELvvztg`d-Kb@j(U-^g-y5fdhRoI%MELAA$}UIM9cpLk14?Vd#*71ARC;WZ*z2 z=#YT}JqjH%aG*z{Lk12s$0lX1Qh&TBVh0C$60laOUoStOX-I6&+b3g3rbDoS1HB(@ zaG;0cgA6pj)Z2aAuRG`|NXWo}_Q#ez0SFWp!^9|zB4SMR^pf@Gf>swL-{ash; z>P8z>clv_`H=Q}nU{1_Ob)}D&^ii7;vpHiUE$Eqy`!M5mVV=ZWVjMEtj5!f!wjj0( zHl#%+#HHjm%pv`P@%@^0>&hIMGkWq3#-g2cXWq;yL(gcd9>kz4=9AL4kZi@=sbBR+ z4qy(OQjf2Db82I3&6o-6Y|tGfThf<$Q{vNJj6)3>wxl09(5(lb?#-CQX>ul85Ce+Z z9lG9xvHTiB!W`Wx9HaSsdxex^m-+FjDP;{()-CgE!!fe7HODDqEJF_G*B+Trv-4ve zOFWowG6rO{9Woh6+rwPd*5m~Xh8op2^!0JH&9?Z^lRnG=snIjq4yljhxUi2>WY(Y9 ze%K+Qt@^SiU_oP31CYI0GjNciCw-U$sJ^WEcH{-MJ>!7|y#w`tgJehipmxF!7PO{K zUkkb)xxsmfJ?W3_N!AVYQ%JDBhOMX*oIeMeSYJq+k)R)?9{Qy%-S`GZT?5dMdv*WJKryeJr%G!pM$o3n%rA6zi%>Mu%NeM?16q9A4h$}C&cKZ`TpBVZhVgX$=3L( z)uAUlQ}Z?)M`Y%u_wCL6hBIfdp!a7zAWh(4#zMLiIR>=#A#f7M8uTdQz=2vwK5S|X zeZWHIkJ~QzAO*cE@u0S44&Z$In~YCfvKu~fC!>j*ML+yzJ7OT&o;pG8KtHgccf=3c z`**?*Je2UfK$~24cXC4tdJl3#wkNhK>ZP5~wzTyieBdBOPsw3H?@WGhknBQEP`ffd zSkSxS2j}r?J(%OkT$0CNcj7_q;cMsEg4zK;SkODNcfdii6Mo>NV{G3S9n>D^U_tLm zJUB?I@PitJA1q_)f%w5evJHMv+u{ccdOQ5!z%qv3866xXyATg*SK`5f-VHxEu#BOZ zn}cL8?EBD$q?&%9_N5Ry~zU> zH2KxOtTkBBL&yORlKtopYA6gM1}x~o#6a4{IfhL3^5YP*H#V@K_aO!xB-QxAQfEfJ zYAlEpBEoQENwU~Q1jw~0~yx>8_F$iRUe#~8EG55+g0JdjMF4sf*9 zVXV_gKOXCTB(;E>Lyl3bFX+*%FE~iXu)d&?c7jxzH2Z z>B+=^o=prmNK#@z)!+vUdJcYYkkDWGe&o{y?BGD5Cv)iws-C`JLC?bv$w90eHCoVP zsU4DW%mbO>QwQS*3;Gb&5F8|j(x$%}PaN?nGHD>U*OBTJ#sUj^KJ|c}KweN!k`r_- z>yDl-AP#gBH4&FIQZFcM#@iri#^zyMbr}62Ig+u!l1sG^e-ydMnIbLdqtUTjaHolH~xJzx%^(QW6yZsWafo#kQsi5 z)Q58p9>AJ(kQdUE+2icnls*|4{3-V@3l3egUo-ZrT0#tDCy?`8aM0u~TS+ zMc0Q@4>+*c^i=vnlHfa#J>heB{TOn1yuF4T)5zhWZIOC9{lGyogE&w#@q>koIDITO z&L@L(kQ|2{ocA$LHH&zUpEFW_i=5y*)M7x5!w+@|{?qV-p36FMJ#e&>)5!_y4C26X zJd%WdQ<)!n=G$#Zj$6X@z;W!7vBdGb;do|n*faEu>xv!=Tzk^FK>rM>kD-2WV6i3B zu!EY;u>&^)+f4LP)Jxl9)5y%*jwJ@nnbZsplCzkDVLYVzHZ?;MmU&J*9@^X_&>>-yR4>G=yk-?wxEwA791qA{CokazJ;W3%9ysDxDMhVSx780L#jpiJ;Ykj#}fk%k`ssl z93X}LE|%!(oTMi?NTITr9VSnLL4$>+zem(6a1jO^fq!U;#0_owZv-1F`$zBd4B&5_uIa|RIQFUh-CDmM{JkL!k)u@8Ss#@}1^N59Me?I!)M z;63_Eo&zAg3JK}eNU+3N@?}f727JZ;)?Rp;`Ubvrw*_g=33BSPAXi2E@-KtFINGaz z7xXmBYkRzj98f6;g$|%*(Lfo3Do0u=zEaY1iW%B(Hmqxkx z`k*JD2ifQDAXh}Yc{u2^o(*#8%|R~yZ;(~@M1QoeigMlC!M^t1AhXzi!j(Zc---4g z1?h4b*CV+-`r|s-Xs?R%>=W~4=Y=?XW{~=!zaA zv95VHg}C&^nE$RImq+`oTY|nc%IB^K`idxLMQNf;V_ti9h)bfL{x#_9qU`gxpl4C) z`+~kK%2`pad^P6zOOVe+XI$MP+L)KT{767;Sghxl0^1-UZH zG}@DvV4oU~i|!WsEslB?brtv9yjbV@D3``M2gdoXxhmva5p{KS&_~93td4S4T#u^g zUm5$YjrJ9BKPL}_{w7KrrFt;f)3|@1i!!-4*q2AWYt&apxj4!`{|#|{{uN{v_q&e! zT1Dy34*n$SYj240X9j8Fel&4?Y?N7)tKvHAlR~_T(!}HU+*`q}*9O@V<@yhTZlgZ+ z!=U&1N04chE23S+`c*u>Q=`5z#@Q1?zbs1i?Vzu}Gstzjh2y^R@}R39M)|AgUl-(% z_kz@M-(>Olt&Vc}^5~D!q(NW$>makJ+bGR5!EWL@xTc`nC|w+H-ilzK74uX@xhhH* z=e7KoAugR0YGBGi*e?$peIqi8V7ChDu=eQ#ZqDxN<{ejerfCEs5Ug*+xo z8>Nae{dVxLxG~5zar}94U)i&QeQC7o9|nCwyuU7A7xXOZ6JnmlQM$he|FS5DycKj8 z^RABLERWKBH~OQ@qD-UIQ6^E^+#ct#CXSo@G32rF{+z_RpNsacHwFLFs3)=is(3sG z#^+q~y%3k39b{^P)aM78M5&@&{i|SK9Obes=b`&1g|?_xd|^(^W(>N>`Ejr%i;b{pf8=r_@BeiZVX zGlN`_uiKx3K5I>oS(Nsrpm+UqkX0`SxhhKaO3;@@xj4p;jQLhS6Z|8iG!F*dMw!L; zk|gSDqTV&$fAq;AK8wfI#rw{R3xeJKG{}|Ay^P-+axh%@%vEPI! zyT<;jqTfV)NR+dpd@f3r*LhB;!^S#SuL%0`DBZcyALpZ@ZlX-1Orl)(bclB`Ugz=g zxUT(m@GpHY$br`fIU&lGZ^ZtsL5_SsNb`dr)gw{11*xN)`exAA{xZm=H$?xUAl2zX zPKeLZdU4RxD3d5vlqO1-+n0oR8+9G^uD=O(9p~%fdaj7;ki~UPqTkF8@maj?+WdU@ zeXu8Se&*4rM`@#7McqVw@yZaF=Fb`NyjAhMSsV9d%kmI6>(d|yUK8_Q8sxh8+_5-H zyD->QzJ5!i9{pKI&`p#o%BtvhQP+7~%$G))MVb6O=D9fLk9HlUi~iLy?}`}LHOhI> zzdq_o>}TV+>puy3lc>AsPjfx4+p@UNl2b#xj&k6QL0=o!Z{5{F@AHcw(n#ym;>+!&>ehAIRG0G&~hpKJ~{j#PYN5=c}>UdqsqBL=TKli&3XJZ{I-Zxb|AJpT~ zzdA@A?OA@miTCRyzYg6O;)dK6q=|laUeL3s+x$Ki$2C6=eifyTGL15cazecR_gNF- z-JgS88}+GCAM#SLul`ez>s}0UdGxo$`-*-w*w@6oHlBaW^L2^yU2$EA>l%;eny9Pq z1^dWoR}Ta|jrJ_gZ~2wMZsT<|IXUXl-sh^AC(5N!wnYEhDAQ=S@&1v;d=tjT_wm1n zJSq)RN9h&?-9(u!4tf^#G)fy~vLyJEsIQIZSsLwqE|30rea?0bdRwXmgkA~H8IXbeb#58pFShV#nHbi+S6!XAM?4GZ%F)(=aNw0>ciuC z(<4Y*6=YWxEz9rh1_6qCsT#R2G*I`v$m-SI!6R%&Zb`0@pJnz>$AM#E8eXQ#bL8@q9`9jdw zM_Cp9Em6*k_T{m^j=GEbvY2N=l*zh~Z{UA|v~eC)dA*}TeSO9RIr6t5&gh`8i1RS< zx|hUxbj{?=|wjQwuZmO^!P z;neDivYI=`Ejdr9uC6|5V-c+#P3;W}3i}p)HSNs{8fvSn2G7JaZ0MlsiOn^2>g$D# zsy(%%p|$WeqNlevfBm>=g~mcn+t*1urg=e2O>1FPQ{D7MH7#GGj>-;Sf1t0KofM$o9b|COqxz4dDytzz8QJ6xUNU*~w00>9omcE(p8fd8=$VTAvEWIN;j{{?Gm z9@E^i#IINF{QqavJZxrDqYo^eY+rRg_>*SD@Y4BOGpB)5X-F~yRpEL^sHaIB~_${a37HI4OL z&$u>CBc$o*n${M7kt(}*1vfrm=i+WSV5d0_7cg0L)_08jWjVv$N8}=Kqfo13h zLHVTeWGt-jJFcd&aZXL?%&DF`Y^b*vGtR9cvZi$PtDZYzctt?1)b|@YvLc{!yH;A- zj^O4}+kWKSn%d&cpt`A{al=r*=_~ryl&+q|BRHg3ZGKEEreE;exN?y?O~Zz6(2p}d zU!Xh{(<$0moX(yl!-(OP23A8D=wE4JJu3~Jv#vDdYf)(}`1LBBS{%JW=$!VQ4<7jx zyfUh>e$?3M#V+BYV9}hSp=$7=Iiow~4ytbHXdlP1E;>SFo4>sm@4wZx_06^Hm|_t6 zk!|Cfr}DtVHK}N>scmmqSeVpY*U`vTCojhbH%+T)sxKXLOk?I1YUdx<+R$DYUDMjy zP?n{kX=Gz$LSh%XWFD4Z2m&?P#jqZ-bCYg#`^u~tTg1>WY&|?N$ zu5NVaT_Uf%t)-@E%G{YvwZ2v!)p9#eC`~otT9BKn1}~US^z`-`Ce*xmP<1_*?%X-A zP}9O?zinJ|Yv-*&+NPl788@Av;p!%Ftd%zq|Z|f zTTnB_Z&#Ru)(dciI+@kXUZjkeQhe6e?Y*a=mdAzx;&{SS}v=lqf z?I_<^Y{!P$`K6khYMPq;^KCJ_;sAN&xQ6z5?5^TN0M#t2X=p!nP<0)rQK6&MwIe(O zm;t5|a8P(P6~z@MIF z7iFv+Vd)1|x0UU$Vsv3aOM7W&7tJlrWv4Q;@FkROrf4Z$7X8e8OtI$5yt!LUyrPGX z;YogeZS#T!y#M5D-o~3iZF|!ku}HyKksv-aA85oR0c2T>d(*JzrrKYvC_S zM>frEuI3unS~?=dRL8Z}v~+eUEqZ=vtIN-$0z(CT05$F{aM^SU)Hygqko z#Tu#xZ!EMjrr`UBC$)_yDG%64*HK(1`M&T!GgQX?&qO}FIFFXbnuajZjh9&FuS`6L z=kB_;PTR(NmIqXJt!ZiDns;R919-8JhW6&tDb~V+d3#M$>8!{NwH-WmENCyk7ja8% zs9nU#QcUGf#IlElptg-`tyxg^$iYLLe|p^DDYv!sOxMbdY9=3n8tR)0b!E?gt;35$ zRfLp3H8w0R#>A0^4c%a@=ovA50}q?Ep}nSbE3O(m+fRB>brX}AGPiVxsT%C#X87+! zenSqbp3B=sacJ+G;AhFTrozY`DC!%esM)|dh%ZlNm*`?OzNYeOe09|gZDSX=G`F^w zo%g;D9wN$8bRM<3=60W9Y_XJb>ybrkZFAGY8I@WSAHPbQxHF*aF}_nTI~tvO*#Yd- zdD!-EfBCr|Z2r-&!gS=&QXMs&7lw^mN>`x}GxSSWk&_m=if(`-)K&d(3U^d;X$Or^E=Rru$#>Tszm#xCGQ zZmzA^H{8zrqcRUSOWG=*{5#LnnWakefGMThbk*Rw4U0Q-a-OsnO3Og(IP|hmEYk|y z2No7ah4a5y6cyBRl>E8K!?*8N?(**ggR1A0eafs3v#2kffHmP0>VjfF&h|-Te9oe! zHGB>&h2&#Zyol8`ES%;q!)3GfPv-tDV@x9(v6ya7b93WRj!x0Qm8Z6`b#n6r)-t}L zwT+qA(Nz8lQ{UX?Z{GDCHLZ1J=WCZSlm+i5g~q6D85@%`>4j|`qH+X+t^&g7r2TyqL$+OVCAU7E}ja6xAeeU zHJGh?WRqW>%16nn!F-A+)UAd>0j$v1;&~PTyBLc(B`uFC=Ves%>rhN^dQfpZ3BOIilZE3^}{aZ{%Vf z(OT4fR{t}?INtD^TZ`s79lRE|PoLK?x3ph;*U_E!Q5D;!)$iqwmNx%GOMY2q;F?D z&ugFRA1jJwltplV?fgVFzfjun8*y_2m(JeeEJ~ZWXgaz$h&Q#h@w8F2%yU0u(3ncRCJf>E?dUd!raEfVm=j>FEgXn@-tCsclo1LajgA99oO7i z+8O!5FD_|K-NKrt+QQhdDR|1C#4Bjg8w!rjvK_<7aU0I|t5EiAk)My$S(->Oe5eff zp3Y;u5l1)#(veR|+Vh!7dvWajIz5#KD@-C(B|N37{vSvAQx^l3Rb1AoqT(`pMa5-y zQ8AmWcsz=(P_lHDY8IZd!pc1rm6baxN-KBxt3n-j%Ze|Botv|^-GA?_uy+Qx`De)5 z^3R8P4(_<6iFMw9c{b1QzC{lwL3oH@l!nH}&KphT!$C13e<-N@&N!#0PJVUuF9lO7 zZ`yv0Ddq1Gaa8W@mFbG3@wCxUR~WryELS#vku6r7f4l5_AR6UAd~WEP+uX`SLg^A* z>=PYRT1WegL$ z8eSH{Cs8(Dv9mvZ{wwL|Qb9#uX-wX3{Dap9p6P}586@~B`}i?@vMN0a^EU%8@Aq8igK4$D$JbUoqLw;!7BR7=wd}_L@ARL^Y8rWP=VS2nMTM5q^F*m@ zd~D{NDUMlkw(xTWpXK?&PWQ4GnDXSEbypn5axdNeAA-oy!*3d$NqO`y@Jma@=y~C> z_spiY4XV#W{M`OOKdu2R>UY<3Jsfy8lG=IAAA;70ByNmLq%b_XzwZ=dCHg%LeGW*xM zU@3bX##Zr~<@K75#?l7J4V8W3`&+RtqN1rXZc^E)P7G?9zw`S(m(R{KsC4=EZ^c+k z=WTd)t}t=JqMuqEzrNXj?H0cZYxv`N?cKlq} z%;NifS!f-*xar7qTbNfc`_c++*H1YD^AmfwhC{3?Q#4dG^O%ku)cOi zYeRi~p|zTC9>v|Zk+(WNWy-&zs;;l)hrZT!acPX!Vx?`oSylc)Rdx7qKBlvGd0f1< z6-{~EjN@czJ6C$1j7xK`uN__QPepE{{t8%3QC?$dS5yu5zot##x25KKzM1lq9gj0* zx9)JI@XHq_S6w=2(p5H+AHUdV*hU;1F^QeRF9o%JBMhppyb6U;XB1i&a3=ZvBKmFI zFKdwfhi@>i4I)IzW&WZk9;J%SRyEjPW_XC=m*7Fwe9S057HxcQ`40yF<1h5sfj+9@ zPq?ZV_#eY&Pv$Gtm?gY76>H*_<~^Op3A~0C_>seZ8Q||=%03bK5AsJelzuSj`~)wq zUK?N8^8FAtUgr)C=WyvhK2>V#auSvHx*27W%|;;@kF`7Y?sy4<^w z^_3kj=R4osLzf-pRbC$`r#}mD5oJx1m z(V3-%kBz0HJa<9+)?luvcvfmh5Ivd<9{Z~6e`E$wp2PbH(EQtUyb6+KwJBa^1llCs?a0r`01=XFq~A= znw#418z)~!>0DaC z=&jUMOpzNz-`rgJr%JiiKTD72v@8D`8WyMY$0X%fn7osJ~;o|oGA5r7Dn{Ie{k2m2-EMKUb*_Un-`4d;kU2(Urn5$Um3Saqc z?>KH5EKV4$v~H|W{KE@{5oR;z}#OFU3sZ zt5fISB2BA&jI0O-GmhaM~&qo`L;eAnj%GhWapDHVI)$yp!W5Pzig%p=a9A9sr z>;G`Tn_N5PNCKcwXuFMqG5p;K@aU&pL+_r*uHPMf|8% zN-6*R(g%;>!po17Tw2TifRX1q|AmEzxytutpUS_Gb1)m)OV`e}c{O#VBVXTISh7J0 zF`vH(_yl}9kvpN7nLkP{rOrF}KSA@SRq0+?-BMFu=uA@f@sSnckLJTxDXvm|tb!oBxltcWrJXN79A+r_4uL5zF?i z-92$W$+G0uu4QXPxqII^al%27C5dB-RI^CinvMPM@AG8hl0cz&DN-M7vGRt*9Y`b+ z*;ckd0gchRsyXdVUYEj{g$bTpzI2IKOp--V-OsRK;pFH=>dc(0hkgZeeXJi7Xv zo?98ilpXPk+VH9SqXix{Y<8l-%-4U=`XKQwqea2$~bnAVoIg;XD-jzD%xM_ zYEhJkgA3pAsIP4fEMiO6*y$EH%#%S#lK)*46|o{<2zN)-i)ACO%JS2DnD6ZY7Ev&=rzinWAi! z^m+}^3N)>vE6_Bxu0X3Zl57H{-no>I?N>lV&VLdTZXQyKX2!9pag)X=4B;zF8{5yI z+V!n3oB%?@#B3*{1Xe(WD~?szT4ZaK)?YSBaYYah-ov(~f-z}c^|RB_sOiY%ENFv@f2fAo(bZ>I z4L$39L*I@?m18p}rIZymF>Hu2ZqZyG5@2@ZC^PJ1a8u++ZqElAZn@yc@p0C7x&%zf zm=}YVlMIA`KnA#$9hTdJ$vsz@O00aRAAJ0B_1w^x418N_n1=6Xod zHk{t}V{ci2iSlLIlq;vmZ(yl`5lM7U!aA{BLWxUBP(s>Ms=3Rx$Fyad__o^cyfQD@ zf!xS$DRO30dyDSXLM~kqC~i!vSu6pp0^BSR$XO^D%^PF6O3kSu026ZN8=|C5ILaR0 zUA&#BUZx>U&9+Qr0S3F*xf|RAi~}ww330L0Sv#@6gGcI^{tvDYi8I$sS$T) zSh$+@7~yuwHwgl+W^NObr;^-uZRnJBMY|f$??2}C5E4p-rmG57TML+NIbn)rPn6wS zGA&bSE4XZ}U@L!HX)CgemsoVm^x_jvFuz{-@=nqSb&IXrSvqQ(VgT|zyy{xYkgYlh z6`TGMx0mZ%xf2_Blk&A`MiULwl71oHlY!G$=V)x!7Omo51-`~kuh5mJBRZ_oyg-2YNH4RPveMb|Sr1{AqPvF&UPoZPz#5vjjXYV&HZiSn z-09ro*LqdK71vUWaU!`hkINsDA~vRrxLmFNk~;ui4d;g?N4WupWl6&a3r$3b%-&gD zxCGi<6jk?nY%1q6=`}UwyO`CwpIezMcjJLT8PBC^iok3jbPC#0UwR?ttayIb6A&(E z;qqThs)iM>Kzqw;71nrxWzP&(!xpf7v&gW1lJ%_jT(celJk(f4D>WFhwT8IGu7>ru z7W?}wB@=X^l_sP;nw5pDCCJL3g&4h%)BT!!W%P1(m4tN?NLt?!RN_vicp)XEL}~84 z(ua;Kr*u3pQ<}TW5b_U`mM6!uE?aLem9wCwU=mB&f z%wj_-{@scV7~ILTaIBLDwp5&oGPxab4#@6Do6O~hYnj{}U67o%wT5Q!L}jrA)minu z*WnYY80T4AF9_QLuLvAJW8^_8JaCj?)n)$GEo8ZSb%=hI=14+f$#|SK_=qs7x&T@* zUk&Z$r$`%TUl^)nFvN+)#n@aIlE6POV*RLM3!h>q39p9t)fE0L2qKf%m5K2yEjuhb zrquT8fXmDu#eqek?6lXSLQWk}EN<02u86T>fHv={8VzcUST{Mt2#u2WsmGWZ0?sl$ zEU)2EaK|_~0q+vSKo9O{Mt0zLPGnAg33wY$?v^!>s)t?Y<}#B}$)!I-Y?GYsEi{eG z14kH$)Zd<_1uP?~#Ye<>GPqcPz=@ADf~f?&+#i5+a~e)i8li!ZEQ|wg8GnTPHHIq_ z+ra~q@D8&yZU;Ia0@GeUGSY|mzywub?wle3ll|smJGm(c8cYDA**#Z?ff9?pSq;-j z%=SHOqeb4fV? z;KUw)qw1!bCoL>M(j^m`qF@3imo_aBNxDgR6Dv~~=jdbe2&2^>zLyK(uCqxbMF!c1 zA;2*6eVSIEFxtFh<|Mk&N@SK)iC;;K4;^omB~FxRrY%WwFh+D#K^G|m#$f7W zsT!cX3}*u@U}QiSjhi`+?n5?!z_GZqmmB3P%hC-7l{k&aS4QDv#z{knQppjNF$+Sp z7DVj#5fPLf&Jmd)d_{sxB*v_{wghvSJJO;t5Da!4Z-czsS#uc=m-FRhbOF;!e|(#k z?YKU=#(CdG?1l9b)6I1BK1dwF|1$SB$HE7`{gGx+KTd}j26^xmGtYs!_e&6jv`9v$ zV%cQ}1WxZA?|Fc+I_4vsie4mbL7F=jp>fK*{mv+$flt2dG$HGgH5U#=LuZmU&`44+~qtEGtijkD+yAN4WS@ForQvY#xjocmQo~PsgM+_ z3ulI-NXMQk(FD^o@Ox~3vNlIhNQ|ZYseg6H-W!0USrHs$WtAUe4ByP)HhYUz-~`?W zL7d)uHJ?l@c0sp}%d~W>_Wp8YF2}nydJ06i16(&Z#{nJ?)dU2yHzP}oqEL|@)8{mcu;~;=^Z|xogC2)cp+OgAkz@>HHQV*OXtl&eU5tJ?;u%b$rJ}6yy zHJQcGy~NVxD2>r_d=m>+@|BQgXJJN&5ABkWBkwdX1RZZ@2%s37oUHcm#V;X{xOEx=jQn@R&9u+4iv;FtRWK`P3U&w^LzVnH*wYq1ad4;!rXHj>kIvKHjIlz{me?6{^gNG zFUjHX)I@&8>QDfY3LEo})%O!p#c7QZStH3kx)BE%3@JfNj<2a`7ozsdboS*okRiP& zhaa)jw6-x7^X_0ae$zFj0QPZUlb9)NOfe1k5R9kjn^6Tx#}Hth7Suyo|CM^dI2V_P zKq778661X}Z-$k?l^2cc&D&D+$_;GXtwtf#QA*5IkLZ;HZ-;4iXf%PNP7sTYq81gd zpE^@=oTf_1-~SzWX)L^S_Z0$=n{)c^1OSXr8mu5d4i4wCz_y&K4r=@R$s zGY2*0Q`86zt%VDYQR#)*2ZoKorF}D_%TNvN|AL!Z>?;BlZ|EkNp6l_+g@m%whmN0h{-{m5rwiD0mA~Pi$QVmUUDKONjXKAt?czxW{tP zD#g{?)m%IFmuPGt&@8rH*uyhxl5(&nl?#rTARctSFfbh%{X`PAQNm=nyPZj> zYQv0K7b9To`A*o0@ikDA=Rt6>s<2Gq6egvF+B2)`WRizYT({EBgHbYwOu<=&SdK5? z#QYu@6Wr~Pao3ADu{E}1B*nO*vr>g~g+_w^l6&8|V(dTG+?&RPQPwW+xyXp&YN^CQ z_-d{%=$2}aj>~OUuS=2w49OZ<4`X!Fk{+=o-~cy{^FTpMcO3)TU0DeD-ab|dry7|R&5O8Y{p{@HuPl|OyA#HRCB-HeSd z0@e|zoajG_by#*VrXxQF*pRqF(%=rlH$r92XK}M&0#NWoCkU{_Su|KfgnYOex5BfAz2>K@9ba& zTODStz~x4AJ3cs&osMPpk(_73Io4tAQzIZvKMgh=SwdQ74nqvtxGcH1oygac?KA3U zC)4;v5-?7N2g@x0%gP0uCBVE9R`%H81l=56ZR5~7SQ@Q_z&wFba#LC;<|eW^0kUce zsf}i5c7KZ&h*tkrJh}%{IjYg4^T41K+F!DRRI>9Fh?Jr}fyh1`( z-`z2NEDJ-G8l?;Z#|1t#Yo?@RgKcaTKE&c_5XJ0ZHka(wxUwKOcupq+bKH>@iLFbc zrk)AO<|U{JBW%p;?JWD`{{PEzYR*9z8LKf;N&gEXxf+9cKYU}og@|u_F$4DEm>4V| z<3NMW5$uzCRuq63MZVu-J&&hz=IrsUh^!x4J{`&fCmtI~B;mVB!3AP=3aXEk+{Q!6 z{6!hssG@ZThunPa1j~QeVQoZPFGn?4g$Xz;nyCL>5#Nq@=g9!Hd zjiYY><*fjeAmWIenn2CKxY0FAaf{KA63*Tsl<`lV^&~J}5tF~EW4Y!t?i)T-CK_}T zeaZOCK{Rch^UAbJFpO_$g+nIdO2Cjg?`cuY+0^8qMDp8ttMM`fE{w zy)77X_xB?0i*lx4lymo@oV^$2{Jkh=@I^U?=E(({#TVr~z9?t%MLCx*%ej16&gIK; zE?<^&`LdkLm*rf(ELY^qaxTrAaJEcd7ISF=0vlp;kYS(?amQ+)H%TB&gFv6bxK*Vm zD+Z5M;+Jwl#Iz^|%)FdIGL-g+8ms$lYcS|K`IoLE4Cl_$>b>`Vlp4v%nH;BUJd zvFfq~WN2rod=EH^CNmT0{zKl%GG~c{(ZBF0Prt-~P%1@1xO64tsAa?-y0H1>Hr>{^ z)i=`>qSJFuOnNC`G_Gi**Th09SdZ2fc6F*+0K40#0@gB-|&o>G?GB`Z5X%A|7H$r$q%8W7oy_$cz!5$$1g(Oi~iiHsoF`gL*r`sW~ z8zY6x7?1uy;>5*PL<|}CIS;4J?&A>2>)Et2JIt4K?=Of{6#*shs|X}fLHoEn(vCH+ zUN%9kF{%IGAu8|A~Sl}bWw z^8h_arfV1u#%KXG?mV>wO-nghOnn)~kVZ@abDBVt*wQ4s$D;|>_YL<35Opg#4W*f# zyMD?=yz%L+%C~kFIJyqu+$u(en5cf!wJsk@EPY%lS?H^fcMFZ{BnyqpBx&z-SXiLI zXtWAa<^vQlAq#VD!$D?&Es!S|m;}u3hQ1GkG?GB?Zc8-Cg&N{dkvLEQNP%g8=JwMV z+hmi^zDCNiSge3GYd55Oa3~I0a6eAs3E;6K%x}lHGsOmSJ;P5uE!&Lv z?{Tvq!)?YJ&;RWLIr;|Rx+wP4N7gCs6fGX}ikZsU2k4F)WFs2@Arsd72(Q195Vptq zj8PNJLd??>pZM$so&rXbI6=^zXpZ!PPI24ggVl%?Kp87Um{j6=HEci#c=(E?$RfHgcp|PoSa!HF5RwiON=P#DhD)F( zfMpzOm5`b*uNV(n!p;Xj`WNpK@Pjz-pl0(ggT-PF7hH4xlVG?FU>`~h$_WM5RwEc_hj*Yer@Ed7#%K$cWnM!G7+hji zc+RhQXC+YLesav>J=Q$-6B)LF_wEzp5z8Zpk-Y|n89j^S>%BJ-xlA3j^)o&D7vo~A zjnu8&y?7ka-!W4$rI0)pWef>p4&nfzQ6A3WahM|2M2kIeO1Y6TKzKN{hy|pd>H;2U zZg5L6l6+0ALtoR|V7}PJmRD{Oib_g1<;tvd9*JpcRF){1DRE zP+^3SLpcZoK}N$NBLSI{gXe$V87K4+c8p50=ney;RqWcR+wlIWMk4#0qIGAoCRHCFfdglunY96Q!E&RAc3A@Jt0S&9gu!hld%;n_eGc2k z#ZQ1oYI{cd@Jl5kvGG1dh~$oFHL(EcMH_cb%Pm-<*sA*9Oj5?&H=v}Q?M9K&hvDhX!@>zxQn z?xkWqa5TT=D)KaOw?K$5JO;*49CMC}cGDrw(qM{%NPuJqEGay$Z&G-iU!yW<7O63o z^T)Voisf~{i5MOAN7r#xn}VbCka_%wlTLs}LRHUsT3oRVlOijlPq8>m7USI3+TquI zXJ#*4DEOXk?F9m1V|yD9@u%Et&zHK`355X1ZoRclhk|?zpx!fh^qN^9_@c*gXV-Gx?MiS-Y_ND4`l-Y{BEufs*fHq1$7lVD}P)*69^) z$9-~tU5)Gu#v@!iL4&kbh6;6%ffDJkT=Adsw#R!8IC%;Hdn7ZwzFgfE- zK}ZR%ViDF_RmhyJDK@U~0%@@>5(=M!0F6D`CG2VCEz%|o4UjJ!20isk2@WUpEo>}u zq{;T&5*(YQTVA-IU%+ThH@n4OgI#rMDm!m@s zT%QRf>Eg6iVd8HbXyvAnDFksuV!2`V?b)*USv-k)s4O#&n}#hjMQG3YT>tiyoW)fG?T%jk+{OQDF(|)Nx2~A3+ADwrC#H0@yf}GL0@w5p%rw3I_qlMHW zH=b(4%`(PNgatVj98uDpT=S4n&uxSlP9W_FHn&9eC`k#h0Ba*SW@y(8>1<-`IW%<@ zkNRc4%pCxzw^#yrk)i1x;5-X*t}nTNLAWy*4QI55>ZypUaokIn2cvPC(W9?7uXrp& z2aXWr!G9o^+UVWi{QJLiz?%l3L88OB>u`hbeNEw~;r#JoG5h()FVFuTLubK>j3w$w zeD!jy@e%bgWvDfTc9q@~bvV1?tG#^;40250`Qy0ZgBYZ zOZ|P!_wF!K-+sA86d&o%$Kb^a65%%vX2S0ma6kzkFMoLxKYoF)Q^34<4lkeZ_44^^ z!}a?4-woSuFaB=%-n{zFFur>E>l?%Q=9gbyMR%b2;`tYI=su{^%V~PEEmW_RiZ8(Q z%4(rNJfT4aNujAVAuu8*=byN0gJ-DhmKY1M2Fwj;tg;}IAI8CppXN~yewyPlAvT^t z{AS(wT=1LKW51<_EI=yB0;HZSK&r|DUPx_Oh*p?|q;)2mzIyTe*HoF8Z(hE5ZH_ys z@5|ROe~UhA!iZ+{%dcs+UOxZ(uP=T{rM-Uf_t&qUr{aEl_1kZ6o@esj{QB#!FY{7< z^~*1>U*~20>x<{$Pes0X_4?%t2uOv#eDmAuSHHZ@OaIlI-+q1m_eLH3`s&x$FMcx~ zaTuf6UrqWBViI?dP@NdbWdGxfor?*%#}p{gH?Tcs8K%b^5gtf66oiifBNv1(jinKd z(t7bJpvCX_s2?4s5Q&_D1Kca}fi4USf5d7FunT&LSW7C5Zh26b2>Kj^3arnA<|KGZ z3NDgcw-rMUaEUwya*4Dij7tQjL0mF;N%E_svL+^c3o0HvhmSLw_T1h!S~`G~+0C~C z8!+OhFB~if^ZPfizl;X+?^p(6zMsWiJrB6PU_!jdGRGeHO8l!5LTv6O1nmzcIF|$^ zIOnnwJRF3TkUS+U!sWoQh|#mdB8mp&62c$rm2gwH;3?s-0D?bQXqxzxk_`ZK#eNRs zq6yuW=YuUG^+2(NbO)G)>f^#;F)8sVMvoCocs)ZbVq|k!!pJFP34zS{gU%9KXX-EY z!dwUO2YBJwy2O|e*%R!w#2DqwVfHF=wIi1(q=l9cUafe-x}K`74W_d6+;x?-a0I)S zNRC?zZN{f4lDMcG38guhT`L;(4WGnSWOM{rg{M!zN_;riT}6dj_UF4LGWG#XiJ@P* z@BhvLT(J95)zQR7hzB&dzHlWU`1mf3i7g-t@i@;O93pPt3=ckVzw)ey;5z1RNQS&r zLw`yW=1<+5d2IujM>athv))W*j2IX(kY@4c?3@xOZyd;`3u+HYNKC3hJPBc4k-f-< zF<|7TUSb{A;Uiy`#A6$GjW#4I#tdIVvSW?Ms#D<{j@!}h9 zJfY1sP~s{V!T-0{>-|4pb{WotsWhJ6#ZwP(fYD~!5c@?IL{YBimF@})XoErC*Jy&T zaj9@rr+ooop(C`}nG)os?M#hCQK>i?T3|uiOc^a6Z70I92*>+9fBT=m`K-v3&i^NT zPX7i|(yNz$``^goDdl!r6D)4IO|X5ByNT7;f12?7PyNs?@opzpJhc4%5%OA+mn)@|ky5yLcCjcNfpP~p z#w;V3@W>c`J>jujnE>}(*$$rd{)=8P#RTNo?hMZ+wiJM9w}Sr$w~TvVTg3+rBBC;)?{K$pklu)nsn8Uroep@l0hkm2UZt<4cXBVBH${ueKK0fH z7OLiiN7qFuiy2ia;{yAcImESH`QVTfrsfIupke|+2)*)GQ+%+8#c4V|tIPY-afP^i zs|BHa+f|ODJ}p~@D4Q>MK&?q_g&3C>Ls3=tIP-07eU1=oUhaEwRq<-JCRLqU<$`Rn zFc^`2b((35zhB)woPrB9mezhLV^MS`D`x;R7xoF0$C%YJU1&ELzCO0L@H?DFosCek zV{F6QTXI7789~J7lSiz&+8ILXbkcd(Hre8Ct1Q{2P4c}z=ciPx5GkG2Bx{!kGP}z% z*RMB=NoifSmzpdB?s4h&ExZzRbSzhbAzW8qy6|WpXham=VJs^AjSJQ@x;?cojx+(p z*;_T#DpBh|qG%u4x2Q^}`EXgXNT!nd);-0JSc)D0cy6|j*NkL9Q=X>W1 zh$RM#0G@@kko$2h?yE6-A`sKS0(um(4gD}EHA}^n_7&BSwdbG{fclJX<&)OhQe(G8 ze1h-wv);RzC)98FFd1eGlbxjQPEl_S%nL7v{&UZI7g#Jf4HWPm14IJA5kpK0y}SB> z+`w9u5CtErgF_VqK;+7RZm%l>9&#@}_Nm@;FP-Rjc=f2Fb%0?#a0(b&U4qoDYMF2L z(8|UMtc^+D1ajFFJ?~&U$<>fHf5BW3dol^7XF03_>}TugW7<+6q1G<{bnWNTwy6L` zTPq_j(>@;<<_foU6>x1S6yYuMMH@J*yJD0eS{x6pi~vk!a4f|;m`ik0*j&5>1BC@0 zH;J5N1DC5QO>i8WW!zq13J}Y(P;&TLQMcrhFF&hTFb z`bs4w?r{Bdah%@xH$3ObwL0-7lJKg7-pCOPsy9?;+r7xP}FAVaR-NV z-=f`{lM!OOl@K3s+8hwbHBOg387}!nl@1P>D;R0u+gmMOGvb+k2J)2R%}NTYvyy6{8h=RTxa5_-3gTpi2T15GvE^P%I9G)Wp z#Ry#p2v?D|H0ZDoQ6Gb#J_O>Pte2~w!BnYGP9O;S`afsvBQ02t);^H$)SMJmfeqcB1jh=_^K6a+?Cr0WY^AYsFo z#e)_rZ%deFe{IWin3X3B&amEwq71_8CJ0oGN^qP>#q{r%a-lZJ@>LK3nz``liamT2 zZ3|Z~p8K{TZomHH_zp*ofssQX&e014pxz_!T;gzK`_ntQ)1c*eI=r(eeA*=NiMzrf z#Z&C=8K))oT{KGsVGRWM#D(d5Gr!Qq+Ki^>Uu|k~9m1=LU}3WOQoSDZ2C_#cIDSCP zmpC9?-dnN#s^Y54^}mKnSO;K$4FqXI^7SnsC3b=rTwMg@hvchoQORV@i}PQ?_-Oqvd@@487RAA?l|VaBE1I3D73n%xD_%QW zE82A-jAN}Nu`{-kK#K32t7xbTJ8LUV?K*EOf$z+%1lqY<(XO+%;$7!&#W(!Fl8Vk9 z028G2=PXe^#L}9<`(W_|!_lhBI!L z544V7tpfO>L+aO=7in>{1=R}K5PEzRvXMNMY2uUHMq@B0Do?Z{6$O-$*C;XWD3Tj|lya8MF3xX1`L z*-Hw(W{g_gmxkLH#gCYH%?*}(UJ>Tbdn4fetO5G}s)3UrEa%u!JI&;0BID*>wgge$ zyTPML?)TX;5jCE|6ln0aG$b)*1~2x8BGTP79`oTdzA+WrE+iaN1R?es3d7JGNikaR z;JU`*l+Ir)3Vi*Ep=IP1b{|Rh{#xQ$UnPg3k5&dW@)p8=)L2z9*8EM!w(57&I+(z#N5= zD?rbsOXsxg_c`p!Z{MWwLW-C4?Nrq#Fxp+=i1+saqRORIM@cas!DcFWDImT&Azytw z_25cdZlD?(aAZ|63N?coi@1+CwuquXUmcq-jyiBhWW$k!eLt0t*loh+TX9=e2KHeh z47*NIK^i~L;U@0}dy%3r)K$MAADn82<>L(zgFeUtx;hyodvIqErnGq25jsJ>A$H|2CBl&Q;3U54?$$1#)ep5OgUiu=UE$Hf>sIx&+22Oo*84Q&sFa}Mth0dsBu_Sq> zboFlrNuvCBC=@< z0fCTaQt^F^d4Bj|p`9}Ds0fWk=;1a=8d;cx8(GBW5*Dt)FI~#4IN%Xw>oQr5931+Q z6-P^c(6m4^G+S_UPDru&w2)%CtaIbNMKq=$i!`0nf|F?`L6}9jg~xvHPranj{w*t_ z2IvYw0)nQpp5@9!y}s?Z8KxLNkR~%o0CHubl^j5gWv9p3#f68N$=-v|fkJP-f=W0b z_e)eyVpb&{WY@VKmagq1v^eg^rMf3PvrCfzOqO-edSllv2e?wG>0Phxe6P%4Wa zUz&rB9L{h&7gn)KM zxcF5SF|N^gVYD6`53qcl1nLNKvxTR{z2b+#Ek=oqA%o{!2!=LYC<}5Ll9^Y$GkAPA zh9j>}!5xbFPxyO@YEnRXmJCXq6N*g4WcnmRZTUF?vT!L1%Ze@$q}qgxunZeD3eT-( zF<45`^i@%apkB74UbmxO1Qep3qNUE;+FL|6avD*EjONXsS;}kc8+|(^;Y@Zdb08nQ zk7XW-Q!xS$bh2QHOvUc&mndt=qD62$Y1Z45cF?Hw&`e7`JQi!#gd@VXP+Na#$s8QU zGHa-iAk&c~axtB-`txPr(V@&epqZJ7u_**7#luW?_cN}D*1dP*ZwNyYzhQ==fsrPT z+97&)lH5P=i;+Igv7CcQyx z*q4+IZ>Tu_s6a?l9$2B?aJF(}(!Zislx=H|&^0>63ly83|#8wu>y z%O(u*Zvzds2DiFB*7hMy`PIwNa;WOjJf(l7jBKu*%INAv!$czl{`*FbN8~&zc9b~{ zl>Iy2$fH}n%MHxQC*cDz*urnxneE40`+=}{zAhh^Oj^z*Ot$cZ*jspu-@e2@Ji6(r zVVE1&V_dR&`zTL<{Sq*9BgYh)%ZZK}IdLO17=ifsliRQOL?JpW3aEjz{}Ln%D3Ql@fjS&!zjIIQgAn9n~OwiNl@m3;4OC}i# zlXunPM2{WU7<(+8=|i$Qb;u|)N(L5-;6x$FWcrZFfT&E^364?`a5us5p`-V>lyWy7 z(m^Y5T-P}17~Ua%o6jSb>2Kl0uBUJw_<1Vd@JWxu?Q(i&#&Jgx#NbWrWaNZ>(NJ@d z1^4#YE6#96Y)3t(muUv6jm|6PhwZq2v*80=abXdq(!=-EPpd%n<;c*Z#x=?!en0{L zfx~qFlUMwPlO@+}A7Ivw(iXEob2a;n_A@u%=BFH5hwr{zRXm+xHyBc&%eK2ug>!|$ z^|)XCB~eTmueXW7dHC?F8|*z6%Lgp%{8u96a`+9gBwR>ObEDpans>k=#_NK>$ytJd zOK$HsIrKJ|jGP}s>P9cQEQTH!k=QmKU5^>8*wCYI{~?i9P#)4n4KBHk>opkQ=*s`j zZ?;Cb&llW%9%_sR=w5tY%NNoV=Y6yL%PN*W+Upe_SC4=Zp1u$+u@$<#w-+D?jZ5G` zawAYe5qO9a>5VuKOQi;dl=KQ#p8!fJ-L~0_QF?##FNOBi7@Gp$;=V!SzX|Qgw4k)2*B$5N1kN)Z*iZ>($kD$tiyIoLIDJ78{EK42;CTY zbk90Cr2-~vFageN@OE@Vltj~LKxNu&K##I<%iX+|JH{=zHa)T7O+p{Uw0z#!fpBrT zmChxOc}5G-WDWgauj{Ie5{ct(usS%64#nc4QMQOsNpByMDi6i)!zILQdi8A!3FMg0 z{H$gJf?dK6yH1o`aP}N7c!K{7k~Ky_8T|I~Ox6Nz*mBlHqUKvXQ5xKE3~0dQ z9mKrt+EFJcjLK`#8JLo2fEo6nk)#E>^7Ut3kv3~NS@U2g!poG6zKWP;X^Sg126Rot z(2~rQI=rG04yE@VTYs-ognm%}IFIlb{I!YaMO4SM%;kU2EBOfb{XMiGvDqS2ut~I7 z^DR^%SH+~*yt1h|v;ss`!d-Q*DI#<6Rhmm}KuNQ_nSMiTyu4+ZC>IT!E|pwhiw5=> zh8)Iv)3_G}G~ZQ`P!}F&qFZ>-!C^Y6-MfGm9`6iAY?ae$;uXT4WP$gcTwdT6oCl}y zs8C8i9)(9Fu_ah%L0W>zqE2{jj)C=CT;P`TU=NkS#*TovGi_#g`O0dM!-65v&mv8> zGP(gHk`G#s>r0l#54@llU{f56VKn*7r;j5PC2@C7E6N1}EC=H2C9fYDU0j@D)3#uh zSiC>hx5@KnbUT!LjzOG!8EMq_!{CvpZoar8D9bRGzO0dCqK!c|Ji7~+mKeZ1?i-iE zI?`wt&}e@>u8!pGE2qARl;KA%xdrUy7`$(K@QvZ6b59|QF5bbBGrek`<|u zmr0;+OI?sW$5uJ6)>JfhyM+V+?VHijlQPU{du{_RlBe~ka5$YrF>>2G*^J%LvYPKS zxJ7pcryM2p={CerrwAPoE~{aMrX35J8fgVLvVeG}F2i2=2UxgE*@9Drd3nhf!L+>a zPu37pk?^)lQ%a{Al_#)#vS^~vj7!3@MN`7Zmdybp<3l?r?Pk*Ti;wk|>JQel#%@W0 zF2+kr58@2|Ee#3NLN2af8BTpcQsAVTw$vQP(lkR_G5}-1i~R)`g+T}<5uA_DODF9D zy@e=?F#R+3_rPYPNpb<9i92~I%JAru^IGwfF&-r!^ZkkIX;` zIxo3^C>0K*H_HV;yJZLhj!okTK=zSjcM~v$Vuj>#$pVqBhnyI`&5)NIVXrbER>rVR zvcsp#Diy=19?gmZv`|-Eo)zX&jAVrjeV*2Xo2oFODk9IUEd9^A8!4{Wj`G*+{dIcO0$74`Sc|&1en2MgY0O zqmt(H%zVl@g~xI2ZC38O0F#Eq<#QC#T!A41m|ACogP)g)D{`{!#vcAzvWZU+jeWc_ z$r6elq<)PabZCpU=99(hNQ{BZl3|j}_~6uGLUzz(01r`_(`pLfq(l;E+Mf+7UAtRE z-pW#(^vq@^(2LXNYPoE$$l%$+&0;Z<7t=}llVOOXMFb`*>j=(F>ITu0y=2uL$kT;( z3eMNsMXX(J=LCt-q=ZZs-H|~2PJGJ?;B;m+;6fRry4tEGppvz76esZrn~B3FYL6id zeKL~-cyiH0Y?T{Oe#zL{ z+dM%_xAN#>-}1iKfL@HRF%6tO$L_0qo zqg{~M#{_KyE0Obi&$V){X+QIVmFYX(_|BXS8S}vPwCEY--Bn z7tb3aP0`YC(Dp3KfJ?_}5pAs}R^e^Iz{(^<38?D=AHdsI&VJQ^8849TXuvU z5#??e@L4Ym@Mb5Bs8Sy^*z(CzAjo=Pfae`BMdbZ2#WvTCIX-JDp7r>2Xo?#lDF5ue=qtN9dPuAlsqFs|le+z7BcMITV zZwsibvqgA5aR*FWSEDnk?_)et>-qUf5j9*mdVTRz{K@>r8VUY`5yx+L`emTn^Akb` zvb5lpbx4|wWTXHWE1af*G)oA?7Af^@DKLSTzaK zQlJ-Tp;2Z6HDcvRS#*Olram^tRP|9bf!A;kr{A>!-63#FM)ffIi`0e)%Yp^0@iWU9 zVB)@&6EiSwS%+)5P<_3?E0ze6SsOM452u%JHUD&T^&PQYp#gj)f6Nej0a`!n$ti(A z5!DdKQy1fJGpi$>WgPST?_Y=+Gi@SFO0zlK>|Yvyt8UqX8E{gHs*o>0{qkj}U#{5P zhcB`0Q+?ee8&ZH-IVp8gL<%x_RzR9v3)A14N&Ri}rx19U!aKqJeuOvFoS}YMOvmuEbOL9+Kl$FZmcUQr86p%7 zMn~Ab@(}}k(%26Xv)%_r9VHTbD+lLa9@D*D-rOh@Awft6XLuoGyd%UX0vT+jFzI4= zT8og_qHP>UqEkbdOpU^`sNg?D9b?j?G2BzisI-5K+fsx zLC)RhJw1N6ASp(;Gp#}i4PWPQ#SD`)epa&^)!CF5uT_lmoE#h`U?VNVd}ozj&3FW3 z>qfX$Pds%&8Yb^}6L>5YF|P}iD>f}yUn00oq{W*EOkqw~SkpsV(n{iLADB>qs#+*< zRqtx{ES4`{(s1<=u`DyPHc+N;8#t%D){GHbPAoR9Ajk+0wdu%gwv#^a(*y5z9#5*l zRDa@$%fY`Nua`H$&t51DxYng!4#v6}zTN`;&lzq<$S+rMKi||nMrpxa&kz}JJWHSm zZ^8G5av(hImlNDS$q)$Y#=ek9;3mw$7(#Awmv}ZQae{C+_X-$)!CO(12~&bhHOLPs z`us_xj*yjuLkmxHV{s-!796?&)3gZ9te+ovt86m6g;wxL`!qel%ka*5XOGbi|barW!HdzVg#TD6gO?n^Inr?-JEA;3L|+4OqC z=z(Pd34V+yLktWLF*dqpV0f5KCcSDt|A_GRI7z{=xQoNIiXzmyFO-6mcx^tFgg80q z^Nna4{$lBd#AOXyWw$AlOd?5U(1hMS>z(pxidedmO~oLt8@6E$)Xm5}7*fQeoLwPj zjJSz3qf5fc*~hEP3}-aS+oI7&G!^{I27jg$o{n(yVV2`SH~*ftDwmGIBZO_z?u;h5 zJiW4HTJS9HIa-E$l_YNmM1SWTxB|~ECSzlkFDl1NQtASg6%XoUDvv4TDMl__@=cd> zl3VA&fUz@^2wO-<@H=0q$|W-|I3n=6N_ zh~X>vUC{gzx1!eawzO;Mp*ZZ<5d1~?9=j@ugr?bhmfddO)amh+iJ7+|%Nau`q z7E4NwFelAtW|WuaWn0lu&bUjw<>NU-fMa*NhS;8sJ;@VT?NK@GCN<>$j}GvBcPw zKa_@usGI9n1rf<`c=oBGpOJx{CL8ZOi;;v~u#kq<9F~9Rz=)EN^GmHG4=eJHAPMGy z2K{OiqYLmtIZ-nrSES=f^ofvFDG0@elFZx3EGw>=*wCFil=Nneq;tH0(xwe?>$z8F z2qHGgk0Wc(jwe{5kBp+lyvUTZSvyuCKFD}kWZEjrG^_@}tWfykyKD!2V(zn48H!pV zN|L&A@6VJZSc1*ulBKsl3fgzn^IC9)0#48bNA<(p~EnpqQsS3WFtq;G{Z~O#?KatVbxly(d zzI+M@XFn}qd?5fOvC8Dxc@c+rI!&O}T-+i=Bu6%9zBb?T1~y!95F5lmnP2=W8 z&io6ozNm*E$tIGy5sYj6_;jNjE$zhC^w}H_zdpjph~N6QAb!xQ#O&At3CO5aH0OZF zfLSiVK$D^*yG5KfE0`RnOch~%)WRTNQqWExF)D+?!(#44c0+BkBY<9)Vg5(t@_Gln z2OP`0hhXr4D{po&us)5Y=KEOIV+MdSE@c(S2&nC(#`x$dKbG7(! z2J^ovc_VFf=*xs>V|df{24_|VMuCh2iT6;DkxPk89DhamijnV^DxOAs3^rIo!_@*K zQ4^{sIZ{5B*pERBSP(@}Gm1baKL;=Y7@Y8sB7XFFOV>4w+WbZd*>Q@b(iM(yo{8Ux z{)Ho;et4(}AbE}!e>o}Ob#VORK?(oD5kX90c&Wl0#8N0LG9#1xn==nptK!ZqEdQj#G~oU1WD@bR;r2Q6wM*D3 zL>Ln7PLV~vP4%5VFl3}Q{J#0Ea1o?n`Ki!}rl)ZCfdgc9c8*Emoxv%b9z)>-i5vPE8>@Tq<#nJYk!x}inF@lqmlz_tNxCOidi>PaRu10UAlas0 zlTniNc$NCA%OXEfOeddC4S@A&h6vKkzM4^l0A~Twf+B!SNqh9bEO8NzUv_P#fZwiR_46;#x z(|`8(u7b-|0V$C=3UHmN+YnMyZAfX+ZOFd*7e+Lj0*fat1P_&cK$DnglN(RXzc9s= z=`)=@j}AsHND^h)N%>lkV()3HA%zMT&?Y9Y)XVB&f-4Ltmut2kIl!=72{y=+AR?H9 zxB;bWmX{I;4h}tt^NXw9$MsG ze=)zTz6FWGpLAD&2)~yqkfZ5iU}9cm>(|#uRa^xP>fspC+qq9NQSSwbw$y(>{LLUj z_8}4#U-0@V7a@JB;!y2BaQP#!qBdZu37|iNnn3ZAteO@%b^9ajpTx75`GhaIiM zH1HocvA8i*pb)3GIwZMKv@f7$QaW+{B+>9NZop++ z(7i_=C~#|XUVy&2(IVljCPHlj6whl<{K6VE`Si;(Re==J+5X_AQd)q8dMq&!-IkG* z24DraXDmL~1MVL)k+RKuSKSP78OCV=v#d`LH)!$d$!aE-lvV_-?J`LQEseC1CSw$d zJ0I+hso83E5WzdN4d2ik%GD2U=bGj822Yj1u#!QS#Zr;&w5+T%a%mnaL=5B4^*8nt z_gH$vuv(eisZEIzV9j@B+EBn23Y&H?i;AY?iXeFhM8^6Xtd0KmKmWT5#TyfRKAJZh zq>a1EY=OIKOtJbB%Kz9$e&c3&~7FSzQ+CA*{#};6*MSFtdy((9p+P zF_mVkC00f(S84TBAC3N}3K7<5g2y|7d{e%Mg~4J{olJR2xyPM4UZz<|bFq|we(T88 zpuCAd(jXM!CW)>ii;1qIWTG&jZj$IavY6;PN;eO#Of)?0oKtbKZ0IWuB*d@4w2zZg zc&g{Td<8`ItvRAb7~9!RgI=CX!{QgiRJlbMg5_F@a{Xo^3KeE3%C%((s70ap4aGNk zX(ulLL%?;#nv(c!6`m@rB&cB@EC>*lSk!GA27(q11HMIpfN#?<5I{hoU&H5!g9cS> zt?WPn5yh$u1QfBF0tCgXOhl}vC>Ay3G8kX6Bghyj37D}Fmr%{OHFMx%{zxO~Tf|DPCE`m?ASTotsKb5{+L9;E9^z`I zOw>gqz1-m5*9(`m0BvMd5`>wsnB-d&ZW$wc-ke7!vK%Pyv^RuEY?Yjp{KX`RD5hvm zcXDCI)|#VyI?Z-7M?zA1PGQ+@x2lxXh_@FR|N)cm;eqw(vwv)H9;dqc* zUQ#k|5mBhOZ<(UH@`}4mQkd9MvIGQ{r;r$3GzrR6lZ$>w1B-r3)wr}YaE`)hPtjkr zlf*-W940eR4kSZ^n?M{NlxW|^!i%XDnzL7ge@&U?JVlfo8sv%RV?j)yhB-#5Wjd8t zN$1#wW7kVxFSz#pc#xAkjL=P_8{wOXGYsjk3JmR{KH^Q>CU$ULLlh>FW)jHgr~r1e zNt2#(UKAJrFGJtF($~*_PRc{Xln`UeFCoBD0!wC#Ig>yS%?#i+@(rFJDk#h9G~jvq z3D3ppZGX0$4{;^~WwMGf$U@oiqHHy4=T7l!1vDxx<*!kv7c+gU-WPjHu_|wwa0+A9 znUcxcI5yXsGeg1+cQ7BtN?>PDDm>=g!|k)>d@y|U$FV|31YR!w^Up{(o&4K>AO;;` z6>%HSsL(EpWTC&)1KjxrlRpt?%aFetfAe27LWQTyIbO$UvClT?<1>6WwnmG|BN(^nV z#|*8sh!IcECQl2)Ib2Z7qFUsjZcFL%$=qh5=YuIOOC;HLieg{|;%KVxnnzYy6qJ)- z(B(F9eWZVl1EHo0XBZ)GTHq!6tZLap62S!2avz`|6uDvp^OFG^l&v(||8pEi9yf>N zC@C_B>@{+Fg9sr>D~(M7GOd#MeAa`0+zo_+av4luOB|K@p_j@?o-q?9OsuI0vDv)D zd0HUlM2Tcs4Nd5~Y6^F0Lu+*})fz001#)@Gq$wpY?)&<>Sj25bFUr_*fB^d$@@y+e zMv;KYGVQXL6_A4-U7KMqNcf0{lABpu(s>|&ahGRM;$7Cu>qr$uE)hVi1conB2|R=k zdq^q>IkE}_Xup`?c`-eB0vF^S7gIAsf7+$oR-~yP{gw*iA7zUI(~cqV3Ok8J z_Xv#^IDk5hUm>dizb%9Ry9~Z4fc2O)BEIvI8rt$=49C6*mXMd2l(Q)iU0-JE#^~Y^ z`S9fBq(hugb5dz0sFO{Ev*F~Efv{&Ii@>sRMd{K$EwHRd3oPr;9)?9APJctyxcs~w zV~of1at%b*|3wOJOO@zK;B5V;N+5;t~+6{nZo5E&nFnUfo`^wGW2vjnUpbCt;=PX)oev4%Dq2+ z7d4txclXu2KgK-6%Qit%g}cXK1Jtc9?DGD$S1pIQpqi691yoLwq{F295C=r{pV8+Q zZoDDU{~Qcw*W>u@NLz|NANwTB_p?#|uleE?#J|RYB`!?`=}wxX_yrWdl_@^dcWqo( zGrTrD8TWAq;A^u|A(DwVm@f+gF?uxU*jfr;EXW(AfZ@(_1N^Dk1pgcHlJYVru@*JY z=L=Vc`5^4T>GaO8bo`~!M(1$31Iv~kRWnFqUdlBWr{)|O=kx-`P0cx`W!{xWl+L32yLnhHKHAlV zZp4{IV`*zU~q$1AuoEk&Ee1(5Yl!V(LM10%sf>3UfgOIsumzjBPa^T@U0rroX6? zEu4%zxDR`c2zig$#6(`$+al^53x#TaIe>RfnnFVLVL42o9MG*q@#IBP>IM(hPMGn8o79c(Ar=%T(< z%3E&X3KM#|`n;SWAPmeDSOJDe;6d!-4%dgBcU=IY>P7FEPa%t+VcVQ9%!Cd1>M#yB zR?yRi)F8&t=enfUc}(Dc{1NrQO2B>+YX(eW?dRR(kI#npZf-wyq4I|v#~}`l@DD4) zU+plrNkgfbMIslHF{LIGr@U2oIf-l&oFY@<@&09ryMRsE^-5xiHN&KAEG2biR2_GoRS!(3y;d zPH`TAd%_D`_0|{@OsDWGC*32Y;|nz?-DsWqjIxUOxI3533F>Qu9W zKtc*OBplD?^W_72JXXpm;o00BL^TDSIM-X;0Trv{KbAP5!Bn)0Qa4E(IE1t+uTf5knTEm10>et;k+eIP@Um4ut`1-{<5l|__SG~=y)y2Hmm*FkLfe!i z-;PmNgehNEBp5&>8@y3M^ZQET)YY?8!px3%lC72lsz2`-a%UwOiUfooVB4O z(z$G<_HOU!VhyY$g`+FWwZE9*-KUk5Qn+YK?)~kRw37V|X*Gjw#LFqST5D8unP`&% zlgH8wvr=D9E|*62PwDt_R`-{fR&Hq3$U1siz6M9)Um3}y3G1tQE#NZ9IjRm^^f&Zq{^D^ zJ>rzA=yL8F_+kqzQ<=q|v;wGtxuKlhN|fMur;gO}&GrNPvfXXi<(dc;FZq>OC{PqL z!IGlOeOW=7GghVp{v*z-Wq!OzyOO(sZ`1K22+FDw)2i*}<@$6j@(Pz$-LwMdq7M~c zIW+(cZBwyMLLcV%c-Mm(;%xj3KR%2IJQfmt;tm2W>%YTwy}MrXoQ*!80< zl_V}p86&StmQnHwXo_MET`YtY0h>SeK8W`$#1FA(sYrA1?jNL5u35#ZPdd zI#Z;$(okSgiVTsN41pD?P5k9Fi+B(75s?*stXNjq%j_vL`@U{+GDR5DtBgTp1Lb(e zw<|L?gM3)lFoEFsyu3(>LJISy6*GHil~OY*=iBObJe67e(_B_6nMyu#DB8MIYDJMl4S0x!&`EpfC05{%B#HU5zpbX77%_8`8 zFsV!AAB(`E5+C6#T_zq|8DFYuqbQfK7JDH4)2ESkgKWX8Jt0Bj}t)e0+ zIz@YmVnFeE5+h|S53zEWkZw6m>TDEmC}S{j>z(6 zL`ZnWRKj9#`{{vCHzPQ;3*eLSw-`31p@c%<)Lu%wymm{Xjima-J&?3#t}A-I>MvdN zg*97oW1i`aHCWsoxJ4rqPSb0w@S7yrKCrZ6%Sd>MHcciYkjt(sDH0pL>y*OamzYIE zUqT`0Q!5i81+%kSSx=P@Tv?t-CO2=_CRwl{7i1M@$Oc_$6iG^96EPU>^-;)`s+$9_ z4d~WqGCPMURkDz*uOT7ZFu_gAL*(HWbehe=ezVzG3fsvhQDaZoB;moJ?1D5rWvWSn zL_qgetn8Co#t^fr&IA-}BP9i8*lr#px_VUG2*Ys0(9$>~I5_lpSWj1ATWZTrM5`t& z>at?r5YX-@ucf3KyWn`&ua-gfZ~ybRv6`Zr_*)6vkCTa95OpsCrRV0< zW*Es)6eQg^N0^iK97P^6?-Vs)T(AaWhzC4j$A$0H?LBPgxc8rxEM@96SHie9nWOxm zk;A|9e#G15O-Mxu^Q!j1w5mPybb`%hL%`8D1Xh#hTz#6JK46e8o?2*dD%ez|XOzDU za)Bn5nb0RymSD1?@;H{S2B~lb?{?y7{@8kl3VrfRw>Z`svg&} zHPnoCfDI8|=h`}-Q2;A(7ycvH4tG$2-buTtAS3y@^wV0CqSwvjc8qflgK!Z2iZ>kB z>Rd=u53*OLd|#vM4Zr^U?KSwrUd|4J=oqZFFo=b3nJHT`R2JLkds^K0FWQa|bMk=phtK+yh_fPZm2?>Mx8l+)Z>g*l6CHoy zC)6P|6mU02CfOxH@*&b!H&r{bbx!ZME(tP+ofzR8x)^Vl;wbGUJf+@FfVQ~~*|)OK84fOO-Mw}Q5+VWzc7rZ%PHef;$b=+J}Cvgy#1GHkyF(vbiO(!jb_ztE>o z;GMZSwG0{?vDj{TzoAmRiH7@n&LNiVL$jmy_qAHuB)@E&W+-Z>u#cB|Dc5JnxQ1xfd!+>*6K-GvRsxUqU}ERx8u^bC~0oAadG!K^$JFzwhdN z(en+k4Ir)rrXdYpjC2=f}7n- zHS(^^2Kj36ZNL-mSZ5l~w#=}K z*)FHbv+2P^Q1m-pM>ZVoOqD4A<|j8HJ^iuyAdxX{dbiN%uiR-BiiI;Pw=< z_Up*pVHgcLRXy0tsu9$;+Wf?~D4jFMmTj>pHK^I8jY7B0R-7*Bt?XS5o=(HYiL?P4 z1vWd;RC;U-HF;s&_)s!1$5b~ox&_Xd?29+Mq`RT{sF3cfm%F69kr~MhKQX^=UUy9w zZMakAl5dAJyHza`?OwBB?pCqFxIh7HL>2H z;;y*LfVG)EmSY1|G}qiXZ#O7nq~FderwNIR%yubtFyy&1Ft)g@%Fgg@P=Yb`!>bLb z=Ln`yqv$quPI4{TUz-No@9K=cN!$5af!;~jKsO#hMuv?$PKm9z$)MpF-)($YkTPtn zU}LC7CN~@1jTu@lF?3<9wx}|bo|Xy{+_=6CGtvwlbc2dFoIIsMqMevF)-)8!X0@P0 zhh%6PvbEhHqRcu?Z^~(!&6uN|3mLMh$Acb2bky21Z>zQIPYn1Owcf5mEvM#J>VVh( zuk&E7x_{~}{|HT$aVggiXr`H31vftwm*vcs8&@4ZulSD4CK|fY*4z3v<_ndkKep%7 z7PBFr_9zl>+8LtwO*s%^NNlsm3_XQw*bH&CnRWSwq|bVv?(q`NCS~sEwdglj&#`HN zZ_0)fu5EKtKkMP(ck`Tp{`+7)J-d;FPJUp$utm9nn+2zVn%0*dmg1}P6Yi$Mp$fOg zp7nko)T=LGnk|`hxJ{Nt<0<2Pt=7cI)t6n*glU68YM*^Q_->IrC@m@DA^D_w2_x#{uqpFHe~kpu$+Vbis zNS|omJ!5DUvQfI(gHB%79z=Z@zy*kJ*6f}`&e@?hKl0_J{m49-RE($qhgMxR?OiO^ zb9X*b)@}dZAK;^C)C^OS+r!&^lgBGRr2f*N**;-eci$lXo7g%V0+E>~NHj@C z2F9-SSdt`R&bF?Bf+QD7d}~qCGT)7FZk!9o_O%ivbnLU*IjF<-iL-BP&lOV?GfuK8 z+idt#31{_xO=sVe>si~dOR?V|_*i1E+DyU+EX<#vwTsw}^(efbYlh@G>aa2r_Oq^x zU1wZLHM|M%es;yx-u5l(8y^T@P#?{OL0bz$7j85!};l+gQi=OOswq4s(aX+x@ z@+MKS>kym>*^4IK7JG>vdsweY7+|@v*{Rbd>U6UbB_goy=+=lr8|-8qNOb5pIVLi? z?m=-N&wl7a!g3(=%P{m%M%CTEbflki$}RM98!;P6`>?%c>fCyAbYen%Y_D)Gpvq0g7UquFyO&t!a&k4c|LyC+p%>lByx^F-?O;RN-A?`kd*@E- zwBK!K8Pw?P3t%L4+nxpi=gDB*r9-+R>AD~Yns6!5IeoT=9mWC4gUWFE=-y+S15}q> z-EZVD1xM|@drTc1uJ@UGnsmeI)02zu-2aV=T@2L+hem+wdh!}*hq=p0>fZN^knV>2 zBv-rJ(GL!}gnpVfpprXRzp{6$dF9=)(p5V^w=G-D}%R z*rmd~jD6HOEaKT=$+P^lBy5uYZ?D(;e{~~D_=;ocn>nmy-)Hl$Khrz2CmXQ-VzAiq zxIPo(Hj^SKytBO7+B!;lfGwzZ^5bD%)ivG?>m4nQrjK0qG_HMbl)qfu7M728owm72 z*eXSY^t$VVcmtu7M3xK?Rr+{cr!tZv$LN*4^Uz%uRyESZHr$H078x4D{#wG3iyyoP zrM9?{xGHZruf}D>J?OKy^4?}vXwTXCV1YaRo7yWgIkXMKiD>hyy9NGTyISmM7=tA* zd#bAQYJR(^*)7YL)rnH#cgKQ`0`PcrJ)3;nU9qjE_06^crKiegcjPt;VR z@FyvlDE{e6=E>TOs{Dk_#wPF-n4a;ppOM ze{+$Ox5u{OBCS8Xy|s&ayBi)^W0l?A&bxY%vWq2!0;I}!t0mfvsX7Wb1_VD6%9U5rDS1!;*<_UnkfSI;-84?{2%%jqNv58i4C7o&LbF|4uu*Q;R$)Z#R)4X*;s|~ZS3Yb5a}swsmM@6g?SwrS zxZ}NsT--kM+T9l+*J@uw8Y^_4#lN4~YHt%&m;!bm{DY|d75xr(7Si@0f?~h#JTgWR z&vv`Hkg6wx?LKN?w}Fu(EZh6e1B4f}+tA>p>@p~L8M}62m9tCdRS7$-FP(@m$#-or zDo491fA1z|r^c(Q?AB~!r<4`hE>4TKTSD00mfMiETOL_Xd&r#=(@~evcyNoiF5ltL zbXG6MLuiEeV}p5coA{2=fGJWDDm4`o6WO|Tu2b{R!F;;;tC}kmb%OS<>JA0jte%~+ zn~Uq_S}ZjZi)jbf;)bMd18PIe?}K`WLbq8HG4=6m+2ML^LoHW#`x2+Rb?ZlIvz=8F_^DVZH^Z#8fcmH z(G?|he5#qij%T9~*epdOb}k}tS7-_dP&EAdfe)NEOD3V|kN@4&AW#e@!_@>#=J#rR zdzTlnQ3XQQkUT8wyGAj1CGH20*A)i2;h;T@d9|$DvoRSjsyW_KXe%r{Dt0MdEu**} zPfur)(PgQUymp1!_o#XGP&IT`;8_iCknt!>&y?Bf?4m_i^C{xnWdeqiYA`)&G~^u3$qboe6UisdLWFH7~C(OgvX$?0Tpn`d^c4d8h2uvpG3Iekb=b6gK5 z)8+kY4d8gVn&6LW4ioBN^0qMw-80BmTUFe1T3Ffa>+geycHvneTylK4U^KYZ+Md+I z0mAmD1+kpoRX;LVCSO_;^Rk+Zbs?n1bTXN&lF{mBs&mKt`E1#ox_pO`zn`b$A;#>I zw56i12G@m|JrPpkmi}HssA?aI!QpRZ1T%ivSQ`zUmkvuVBf z^x%zYX*t6WZa%vWCW12ZVqV>hn+;z%>#yU7kAcKtmAkd9(9@bcBm zpX$YYIGcX!{bM;>R9Ca3{_)vaMs{#`DT@HV2}(7O*z>^;4BM^Dz;WzomXDW?F>WGY)Co8`EecKYe)F3hk&|xfKoF9gfHF2{P8WG%)`@N zcz`irBb!-jCgSS5*>W=aV_f6iuE6GnUNc_t+AryQ>nfYq?k1OB+YU^8T|W^ zi-w-e!%?04!SHT8#j{`u90EQ#h5~6;enCXda2g?_0X!J_u>m?q=wvb*dTQ3!r)hP8 z72LThEgiQN_I}clku=JJ*j7bp$i$P={u>6lR%Zv41$TN=6ju09EKL9{(li@~m9e#`n8U2p%h5!& zt~pfqU==K?>Bvi3`qYX_USj`BQ%s@wJZhzyo+#>>R*%P*6!SQ&dD7zZweGeCd4@e& z7lM+3W^)?N1l>dkxUDO;@L&@?84RnV$)t@jr%1<(*pMTg%iMZ_3E_IVD)1DRfo9%g z>XE8V;ymPem7G<$Hpx+obnj>SdxK=XtaUjiK9#~rx%a%8gTZ7X?ZB>#e4Be1n5BmY zo}zU(#SnUyjvAJst>Ve1xE0LWbyg5yz`Un@q^TC11P3K`72c*5hHS%y!46B;Fhj)V zEy}y3S7|5jX0+=V%fQpD5T<3Z0U^3?vpAR(5NXRuGX(UC?$&40t7Pw6^f#WGz)tW4a+lTVe0Cqg zN$jyaSgNqp&(5aYX$%%)*m|${>UC#Fg+`ILC(+UUWAhX`dRA_pKsT3!qI~RJg9o@Y zp)*v=pL1*npP)Y0CAQC+S(Da2>u602GzcR%P?I8)&ngd5j) z9!Igmhp6Rnam6#foyECh!P9Xy8F9b9yF^r%3y>g3Ogn4HL2`S6x3ixYH=HhOKF$`0 z@V(@Z0iX7lx&28)(M#LKfeXC6F#+$MTb91coWr#M2lYGGXQMlBEmAzT{&eokTXQ$Y zX=X7Uq<5FeVSaZhZu>8EOK6bc~&?qn5f81Ri7W!TU!3uf3uZE6V z+fU9uqtNyv>2xxKN6*f+&*FYNzTL01y%pDSG#eCH|C^_?9PmO?Q3-+?QAyN{@znVE4Ocyv#i}~RPxAUvE4=K>T7p7uGq1X z+g+A=2%|qXwtStv=NlEWDvdp@!B-`*zpd-aRQ`YV-fg*!BuN{rN9jwFW&@Q}B~6X( z6-7~1oYsLuP*uINw$_#el4Lf4OjITyi9Pl|*WT}w?dKkcjALdb5a^rz$9hymgrCC0 z!^6YlkcS?-_tX|!DCg>QFPtJP&@0T`-9N@Ht09ar%WV>){ElKA!(98c9)F~o%?n3n z%fI~3|C($;yc~LQSKt^6FO1&8QS;n3qhv%*a(%9EzqvCm>3#+lr?=t)(C?wisR9r-xrGb|Q7W0x^Ktpoa% zuhnb_dk1Y>awCpIVQDp4Ep}#+vuJ@=LvMa&VfVa;=4!wqdGH&S!_;#af+cSzU+B=x zfnTD4|Qy49+x8MAHu(?{4ZyWPxF4{cOj_x3(B2PjJJ z=)Ow}p2^i{df7aJNpZ&qqw=X&TNN=mn5;A?Ci;UsT0f)f9}l<#yvNtjU8^wZ(>;)b z1*TTBv@_`nrXNvpW%Nm&AA#s?jzF##H8;833DsWGJOM^eFH;0-63i9A_B1oPCSmQj zjV6BZ7{aj#GM`!Q302X}IY}#;dFN6J=Xx6{1Pzb3CHSx46=oYasFoKuI=77$=StDmnGs!v%-C4MW;IW@L(+$&zf6 zx#BOAY9@O!Npk<}eaO+Ze3SBRWBkfw0p#kAzr8KwW?ngsjR|J$LZ+yP8vV+tXEqHA zB7{DULRt%dIQ8<|k?f82kVUzl@BV>XecWrbPSFQ5sO0eFxk3GSly!&YR*1GX&Ea5^ zFcgw!92*3WzIZWsW%3yY#iN+C?m@xm;O@h^Lr`MEnaO2YeHh}+GAt7;a$8)%zQbEe zx%>hv5nuF@WOKS4K{}&DkOXtDL`?nWbO=J+Oi`pMWWFVdNj0lGQC(#)IC!MujW04L zwWiNvSc+!u{Gg(%XRWN#vUVv1)8r3UF1#va&a&I4+MZ`DDQZWbSrwy9<3N!^U*$;) z8U!8lFIrYTI1zDxdWSB<# zb6Ju_GMh0ORCC#rL6ZCD2y|hpJ(o=VPp{X)Szq>RGgLaz?knh!nn}d+f_wCbK+tXHv{$cqU2RdD(TXO)tx>K2v5*Sqp!# z<$2^Ys)NNm$=J zGw+4vGg_N!HoJAn<}+QJayIL=$!5NVcXH;E*A9{`B!ic9804{Jn<$Gai~6?)4)vQR zk9>Ogmqis)e8DeQU||u>ZQ?>yZGf5PQ%hu6N}i;k9ymg1VS&ixNp89AMbp>XISPkN zD(9<7EONf-z@(XNGO&r}n+i<2*+z*;H0zx}`oxgBV0bz^LL_66&ocp-B-zrqAfNN^ z>1P;dOiVb6f5CFn;Finn8zl3Zvrvk5YB~LnAPw8d=6N{Y;9c z`yxWm{{p-2ndQ9vadKwR&2mf8q?m2A^g?R0$liw;$4W1*HfJizV95c>S|j<%XV-D= z^A5t;SjmXBR^=MsSjZ@}P5AIlypXtEhOJwhZpL9O6_73BB=glY^97s+*{m){ikkCg zpw(4J2sRB>WEu##C%(-GgEi4ZZ+ATv# zhUv$rtF@7xdT#aRpW2`e>43722Agh&%9=k%{O#q>$A;jy^#5i$ex__RC78R z+4hWg_e@ETFroEo$TVX6`&9puDa~Y;D$j_2z6IPD%ycQ>kW^9(?Dn}n_v#p4VXmwJvxiY0g6aVW*jHZ@wJ=A0TW z!kPVsRKjgzFv&LZG;uwsxgqIX z#&TuNOq$}oaFk>)U!ShlMt17C)tf(S25m@Bk$p7SbaPBdp0IhcW(L`OLszyw+YHwW znR9yUspfPtvh5i!qMe-ek{)5TXAsXcpYe5=f8CU3u*(&w34;(#$Y&gepxW)`@{$H^ zw!n<{l3;%!>beOzW)7DDt7Qv&%#t+|^0QvD2`k5WUW=1N^Epn|tEQT78{N?8=`8aI zk>cjPAE}I36W8X;CArNa>#&wG^MCf#byaW6mOcZ!ZPbU-^@}?6b+yFy8{b*Sa~u{0 z3eV^pZPR0&G1>O|^4l2E1H`=l)-4{(bEg?52K7!n&*5w!M5((VqJb~+NT!@boJ=X${>sSH|W0E$6~v9ylI;0i?&$f z$)jY}ryzM8Rqo{g{kDIpmu0(puIdNvY`Xk6jT8Ci8s))8Wl~sGS2=9%|i@!7Tzi;6kH_fW5%OALu==z0B(JVIho7cs5TfcZ{{;lfp*E2RzG4j_H zf`W*ASJdiXk(?y3#+oqii*5DzV$rOcc7{N}j2_IYld}r~f!QpVF_^kxn9J`t?-}Kx z33cW6kG9&DP&eX@-Q8@_tX~9KR^2B-8SC3o;9Z?g`2D7Z(T*MCvR+uPT?Cc%t+fy11%Y<;ebd5vM%fO7xt>YeBb!liw<^h$*cj-?e7kIR z7SC}6jKv?S=0yd>YBh5iJ{H|$wP@N64T8tTs(F~5oS`c}G!G9Yj1(ro+^c`Wx|`Z; z?iecKtHqNr%&YEwwX!rHK(6uWDCRoC1aQ8&2k2StK*L7Jy5PQ*26$j8xxOe?tFn#9 zTw%pRpz9T$wi=b{8xQT%8Mk?8rDO21aNa&|$5mf0yZ_oXTf`J20+9=W;YU8lrDb3V zt`Ml$ULl~uhgEYoOHww|yzCamrd+;n+RwY~#vTj->UD{hG0u3?g7lLlvuvj=DL$L8 zD)^d?a}C|>LcU{mUO$iM*CGWY`Oo?1Pd~tKHA^($#Xq{HCXaAQ1-8QvG+vM68R6k1 z;AOpSCkcQ7IYr)2SglNfe^=h^CNa2e3)_PST5W0Y3VwQuM1K_R_>k0k#ig0HZLE2B zRG@Bp8@kDQy6UDj{HmMU^s8=i<0&69r8gGMW|Fy*{aHcPSZ~~vnBexqN^(DzEh2eQ zZl|NMi~?=CGcu4#`R`Y|Zc-0~@TW^LFSj4cujSaJVQC9N_GFy-wy2jyyM)_9^fJZL z6y_gZAU$S6=Zi(Tv0}0@jH~r#Rh7&0_Q8tn18A&(v0V#2=Q8wQ;#q^9oORnJW|#A2 zvBAPYMi-+BbC4+dxvkb^x5YYaD)O@GkQG{tTcg8tQ!Sp-41?!$v@Ol(6*ODGNMn+s zXckg$1Z)TQZFI*dI}{fDc|$>WH}WunMz%B+ZUQ>HEoe>hZ=2Qbp{oB4MquO?t8%rZ zbwW3LPk$n0=x&?8md_DGO{Vs-Y#&NZav#xnZQ_X*A49{Uq19;o!%VBWo6R4a-D>%H zot!GNG^Yp_?E|Sx#(VoTR8cZS<0SRRqI)`o9<}UqdngsM{MnC($YHeWB09aN^&ab` zr+0`{m~F1x=4*wZnljXaXhwp!@3YA{fA`mHB3iVRw=uFv{hXB6BT%CxnYY37-5nB- z+j4z)$8^glhZ+X#fjx~jYnr(lZpvxW%ph%5ALL1>lR+Ybx!^W8M`|F|$vpa@4$3BZ zsE4ts?KMSg@6nSh17D40;^a z9nzt^Fr{#F0ufJu$s-}8>%-(bkiC=$($yTe3dw20wnKo9rKWLggr?Na z^j@@QSP>myH?F8e?$A?h%1^vk2MBp&sxyf3&FYl)x8?l`U%tg*nP1DgY^wzwL(6Fl zCud|1r!)GlU3LGA0|>+qu8Pkhrsg7zbGeu~>W;FWnR;nNz+BErcixnlFJ&;y$N>D) zMFZYGnd(Q%>F@EK)3{q;VI|o^HLDI4v(HhzcvHg2$kz5Wv@zX`@;OSY5WQu#c2Laj zmZn5xV|pg1G1EfoG5;Q?%`$0XfJ4?kWInfQtA<_cIUP9^TQ`S!Z)*rJBVM2hkDw0N zXVTYKdHdHUP7z3|6Hn@Msi2H{xoFE`TV5A9%hT(f*<{kpmrYl;+l$9)wbcEZlfLjd zMnt7IBGa<_V|owJpAuDx#R&dAEGrr!Fliw6a=>p)O=NBFiN8Xe%vaBNprVqbW^Qip zbv#LR;4%|OZ@*#yU}Jw<;y@_5iPIS!Bs^f;S~QW8A)@<_CZ)9ZI>3#d+)9aQE#WGh zo?_Rfx`RYb-**X&9gFE|O3@5e7in7Y}AI_Eg(z~z1Q zu-C%OBCy=YNG%Gyn8Qh#yIt%U?tpz-lxTk2H@p^vaN@W=KqriTfJPL1eQjy-@Hd)q zxHd2jp$|-qdqm1Y5QD;@ZNkAHxY~UZ2|^Tse?aGG0rIpYNB6KuhxJcS;?QQ%WodNL z>FlOlH(yH}jBIu-4kHgA>`ENldkzG;0z`i9^Z>)LXdJF2C6L+w2daoh>D~$wLwx^n zrG|J0H?Bx!R1KTt-nx+neTZ^;5{H|Pq-CmS>SBfbpBR@fl{W`I8eC8UDep#v`K@(?T)KX z9PEl+$vu$x4X({s?U5v(mvx6TC||QojE>TUo}_bZ+8n`0{MyeXC1WMYZx0>era{`b2W?XgH2@Al`^_BP*^3X#+2TKo>QNk}!y%`Ov`8PvIa)08#ezNAOw*}N zFk3|El0DvV**h)_jzQbI{;OP<%QaU_gI;h+A1kbhvC2Gb1I;}US&=Sg=We*iF7e(2%F9O=hAzZh4g%}RP?5%4>$4( z=!`@8z!0|^c!Qa z{}eJzImg5?%wgZSZ-DAvGtdaVJ)^!+sz)1o%B@b$=!Hc7Do8a6!|oUFwpr=RT!XLGeS z$&B9CC49^Qw71V~B(yj^89>WVcvU9AM(H;5ZkK&gcHV0%u$GYKw1n4;Fy>p-A zr1wvIj?ot5m`;v<#Iwuy6%H&-UQnm;kj`?S?P-_6Udw5hNFO(6&vy>6${dIqjp!-o zo$GoQdBahQZl;*eqIm>|>(I~VYAwRYaIzMIT=8E|G|N9*Bkj<@acZv6AKSBq?7&vmh`7LaIH z&c5IqSZ(*1e4^8M>4pi=i}C#3khJ}8OAshaZl*A)2?H!hhGUph+V0<#htksfP?_j` z!jXe=nL|RMGJ_udiTA~^d?*hv3e^{%@BV@Jj}C0LkWrAzBi>E%jjwF&XRm4)`Bdns zDx7IfU30~(e;+bRDB*_wTGh(~x^KdY%o#iH3~z9Hn0oPegXgF8TOiwMCwVL>d$LoH z?O0^Q0ia!5UaRNV_d5$@5v4Og?{F1x&R2BRX`n+|3kSxp6A;xKxo=~iT{^(mdV^AT z(0)WYnjz!WbPj2{a2(qCCT2pc{!orA>>)EsX)rj*D)EVyrroNJW-q6#Xs<3&PVV5r z93Z6q+##L(W%JM$OMR=|YVjd-)wofrw8zXu%Ka@)wbIFbj!@GT4?w9tKU~gt<*M95 zy$7Ci)bep+@|jYU`DmIaCl7D&mkkbO>K3Psn!bZE5%b45j=eV?9PLz+41Z(BS2&TnjNLM+tt%*aT@`K#!$dGOzJj z@th)C^o}BN!|8OruF0i{5ZR;1-<5fd#G-c;iM6i#w8doOCLfKjwC+3D1p3|%MWE;O za9St&oZ0i+ripwad#fJRP@nDXV`P8O2PnT^HO2PL&y$s&MEt5g8fjAaafF5?9Eb3y z-TE%}?eRmqG26TlFcFNb<0wSzrDdQklKWb8p^Sd?Oy(fQv>=mf5-8MSQOi|{7XX>T zfv>Xbcq_`~k7D(di-}e=MCZM)$qF9u9*Smem#63+!Qm;=+1;HYoZHzcx|v;_BAegQ zDa!fXoT8lB$!W5@<9dwo;rP7iIe32zIwZCK%QeP1FLXel=S$2KwL^W*G)^3<*^JJi zo5$pgjcp-luZ|36$093Z&P^|8cPSb3c9x=gq^?rrGbmPUBV`?2f@DS+k-g)r&?$e^ zQ5?a^(DV>l`m|RLml&lz>7zbFYqAgrq4^`JMi4)iawPR5sOMU4{2xI%Ht8eEP8rrC z%HNYeLK~137T>j)dSb($wtJgbMDveVi}DfGafI$vqRX+A)ektdkDwU7AE?+|JQnpH zuiFoqjNbTAqc*F4)bXxEZQc6z7Jso>iAx7Xvx=-vkR2+rP9pTf6Pv_J>?7ED;4EcU z#ZV-i%Mktk%+!w?2zlG^vC0gM@90ZJw+*#C12x*aRu7bas#e{3_oaTS@db!u(mvEB zdEfubmG=6C&qO2P)$!3qynNo>l;}Ks=;`nYF-H1OT?B@-eF8p%?7g=T$3&0dhSZ7C zqmcHGH)mCfT0fDym~#LnCa|M0QO^2^EVM)A?~6@6OFy&{3Iq-ZpKb61344M+0t0(G zJ_3Wlw0SfxC0@*xqmDL3X0!6o+2QWapO}x(0Nc?WiGkA25y;z4?*LMUqF$Z`= zR;pKo8}u0cU$fcl|32J`#W*xZNE%7w{?qH6SA{{$xEy%M-N4uQu(JsF54u^}li@6K zCR%#)F%vx_e|{iEp)!LW{dwqJ-`6vBvForN^{MFFVSAWuhFh?&XA=&7TVnr^JaT=UzVxS5_8PS?;#|7P|oYBujPCF+J7Vl z;8ru0UknfOEOz60k%P=?5X@@j1(zJT$IM-EQ>toz1w75kyY=;+V z`V1|AaQJpZPlvn~??NgTB6q6Bdk*pkFAIA~qkbueoTh(I9Hzs1J$M)llRq%s)@wDs zFv_9U>$cn!{d)@e%~z!#Xdfy|zlA5N9J(-bRXK;)p^4ny7KS`o4h`g)vWEwT;-Oqx zMz6VThJ5Cs7g#iPUb^gW%QhWO=f28H?PUgPhfWK+k$otA!100rH5Hg=XzLzRixppd zD!=VPA}~sHGrc`F43-10UuoLnyv;?iDekHjzNcE|=$Ae79z!|^&d=Gj5Smr<5f4wQ z+334dU{=D)FXuElej6ggNEHjAY%bFvm&0cYa#I(RLu25;$U%?!aNKaH*@($j-sabe!xAEH2R0`heo(8ih5D5Ze&}^rEJXs&T=B7BeiP|qqvsG=Jp?v zk+uZ3>$39@k%{pJ-2NQ&`0!{R?))Me@@Dq^rN8gj1s>IdmoE|V1C#Rp4T$jYr{?@D zLKAd$F7`Bi6!L1a&Q3fuV`OKdmV)`tLFf@3BYm`itr)5v>6f+ptIcbTPyF!qXgBia zxT(fBGvQ_TSBD{Kz+sEW@(#~};H_q3D=CY#0k3(mgEo|rDb@I9=6l|(V#=r^Qzq~Y zf4sSO9XUlkPA2dTo(INJ%q%7q^3ORnpxjxnUoqs4!Q)yQ#_>2PznO`H^ve;4dFZlA zQ_quUd^2M@nHJ3^wZqrUhtCOGSvm8Jq38PdAGN)R)8`c<&-iARJJ0xrp08AcPb4o6 z4<~eMkC114Gs~W5R3w#$U=N*93!y1Bn}e_y7#XFu=f7<73LDEXl8nUN;aew|mN`Fp zXu_qpeETWfZ0*&V#e9+;7LVu_hog~fcB6t3<*U>*ekcP@K)g9}0&|r9p}iSt#gP)2 zesf}sj?}J<2~58&`4gBv4`IDI6PPNDGH4z?8AQy=3mNuzZ^jbVqk8ZPp>Ba^y)o!W!_f!9+f2^SHAfAwd{q!n| z6>Al+2HF(q0U$+mFOH;#njtXZY}>F-Wo3Y)r8Sx&ZKYY&^Xi{NP6WOQPh46$x6p|? z^@|Jgu7oQiFLd9QrTihXz7{R?1;D5!LCcc#uTZF9qn!H$m7yF@S%1 z6$B0x0~l}Hx}uR3fnw=8J#gt5y>dN4#A@Kdy(-o~z?`8m;XiDQzMn#_3YV9Z2?8Iz zKF7qmirZ<8!;1nTV5Sjba%E@f&- zEowidQFB~ljM~c~YF9itaQnwcgA439a$5icc!~gnnlxy#w1fI|fd{qf0>^cWwTv*m zfYBHlu)#)jyTJ0K*j9Hd@p>J*wp_3`6vrfE1J5C}&q-r%b%aGuJ z651P?kt8gX7qy2TWJEfII-qk|KU8&jy>*7J*$d@X$Tkj&5eQeE;-(p9L_k4J@LmRp z(uL^RkG3KTins!>v_B}OavR=gXIn15QvVMEd@Q@Jzzc0L+h`H8j=|J8`3om))7Um% zks%wQP$*>M7yv?7B>tQ}jfwNQQBa|Wk?Md74Q_%&v=6~PlBSR~!6}hds^fa`E7WG9 zA=4S(@Ui&PUupp2Vjx*zRtF@(j8$y?G{wo8!T1kiY^$)R8qQQ$^#Qi1ml1U!2I?yZ zFoUZ}g&ABW1BYy>I;93NIl zXohD1;HeSrB`htK2eLm_eK1pTNf}j@hLAsk>pO@+fHKh_eqH%K*aqA2*LpqIa8)l6 zUbt&Mp!&%G6nb1xMr!uRvd8dBrStR3i9}>zMC=yDSXkbc?YgRqtsCEerSDnTTu#m| zm3kpF)E5qDG!T~9^6y|5XgHHt*l1kP;F359lteEudcC$XOo*D0{-(TN!32U+t0P!o zRp~&$M8c~<4abwC7uMfYaI@YVi-7ABW$-GTLsT^F(j8KHxM-3kQcC=*e( zU30gqR?DQi5I@gOZQ@?_2o1KYNQ^7Af)p<@#Nr*%lJunZuMAdXe&>tru2_X)Zi9}n z(x}J+GFq*y{9P%&SL(VjLn1+Gcyt;tAuZtxMT^HkyV+5G!C@M|trcymtxIH&BO`hj zM1y`qgLlgVI=Fz9RWMIq2w7JbYbU5ZIm2ACZfZg~o%zn*tc6IvFR=iE%W4avxQ{H( zO(Xh4F>FO-y~A3+sIlvHnbD{6Qa4%T2+4VKF& zCq(R5<>>=M*Ag(~4yx|*`=)8Pd81`{w|k&_5Pl*2#}8i-!8I-5@Ob{itZ5%!e1B1w+ZW5aqyJxvOetQBtnsdA zx#Y0ubS9#sWZXwS0&qIp6pN=+js#0fUF?QW=CiA(a1zi{d0iJRVmf;LuxKZ!QK>@w zH@#_!T`OOv{!N^!NLG!)=Q-wl`IR1jNawDkUNk#Qag&*LPt^ul9PuTc$=Lt3qbFsX zI-Tz)OhKo!eXQV?!iPi&1^tUv(RHaPCugc3=1|GhhLIYnX{p=@eoBJ~e%de~j6D_b z@o)QE#HacGxYxHg`y=1}?RJ0U`OWY9BcD%271p^Ynn=kej)UH)&+&hI%DD&Tr}Eod zN~z#DO0uNFZBCnsPR=Bo)7jJ!YoJ#3qU9999N9y7vx{l2REzK#20Yo7YHW7@3SUZ+ zu04bIR23?ossrw;@3bqB*l{$SPqazh@QJueuMUz7pL*0X+fzmRZcbeOlg^z=cjbg$(b1&VAZy15#eHKpR7&g0;UZBq4Vi; zp1_+v-wC`u<~o76$2=zy={>YWT?&jnW<|~p&{~JrxryA2^-I5cO2k#RJQ8%b&2C#_ zsq~?$pU#&{EDqim>uU8JRfvzU#;W46SWUoKmGybOoMRBg<3hm)|JKXhW`y>J)-|dH zDX@RVO0!%gVw{{^VRiZQB<&E!n|(1-6>2a^*C^|XFiE-*UEN{twS9hDJzQcFxu|C& zfwt%}W*`)t$cE1M+!wnQi8TJkfKC2}{h67{Jw{=y()QB0=Y0afEwaY$-s2 zE7#Jf&EDaT5hrNF6pZ$abng(AP}@exT~kADuHKG-0fK^W(e46gh)3WN8qKpgb|uA?qpan=5E zx~6>8WPuITNjh@y_T`tL9nUkH1N-0Z*Q3MMBjApb!-yE({V+ly2Tv6Bij6--I6U%5 zn0~_wMvp}XR#tqj=hWWKl9jZXCH};=mn?fKpXnP$xNhdw09tNvyEXTS(^qtL)~x_B zx*O#dEBFXG_A)LG9jEw+D{fjNE&zDR%EzL6#7E=gcAofSM%9RRX``;%%t%*s?;d`k zFTCS>t}x5KsM>s$7ts4Mo>^JheVGn%d6!S_^*Pm7*I!N2N(8e^L?72*O{swP=1bje z%0-18>7^kYQJ4j3@);2q@~T6>Vw<)XiwWSs{|96hoznkq>e4Nv)DJ!jT!r%(_Y zx>Ucu*;y7KrTWk`n>(5fJ%W0i`c+pdgk^>UfLf>lm|t;5JSz27cimQB>CsR}KFe-o zTf(M8wivEqG<*OG$!3H6y6B$FjuHSgf()P?`UY1(W<~88**A0_!i5j4qyaJiIC?nmf&<_aCE9vWE$(vp*)n!jA^Kc<=%#wLV^N*&g ze`~sJjMjPBLYUZ4mk_{kx0ob6Rj$-fwFa>00*7<}_X~Lo(-ehIar;G<^0ldqIywI4{n-&UmBbIdx-H^qlX;~ zHv(XOsAK^7fl*%>3TOISKV<3a!jVW{?|MpA(%y)%x=#vtg6#Qmy& z2+B1>QFpqli=kaujeTk65KHr$I|ObZ>{1fK6@eGLZUa9rXD2`R4t_n}2`B zUf(XE1<$<28GVLr7t}@K$I02EscXDQNb6E%E3;}t4>^CnXZTHn%PP;el#ZYAQJ3nT zlNacOJH=8wX-L$q!udC`cD75Eqnuq`&u$wbu81RqOfm^hZNdjM5R`Nr%g*keDF8xx z0PlkF6N<#oD%AX}QiC56nDM)6tO>sL)f46B(iMq|t9Lj2V?k#_(cbx@!Ld@pS@1+NrNe3DxsV*krOaf$DJv*KmYtnNDT>?bH-%~Z6@ z3wkS|tqKzdWJOE35I7R3sWlqi2i|qKB1q?Vi5(siD%M~B-#;R%#ab0%k%7(|xarec7qV^bxf{2Mo-KQ;9~an1F%!ogaiirwm}Sdl81 zIAe`fnrZ%{#(;>er1OK7Ie)X!3iVk8yX%T@ZCUWBKr&R$#*?$PR`WN z)0s*1`to+)+07u zY!y#StDRPWewF?Dka-0ajdkyuO8q~`4=M>((q>YRjbW21bq!vBa2Qw zXrLn`Bp*stxT@;jHEXOF`6N2Q-aR88Zr~rD|0sESRgNuCAyTP6is5=4V%;M=*9z~$ z2;wY43!j8#gYYQw2UmC;X%^5m<-Ote$#dbSArO9BV&Jz%$1OqiV0Uce!n-k}PoQ4b zH2bN;hU5vS)43gs&+#*dCd{pB&w;U6ktF?;Kak z;jMqX*HwU)FC1R$`+x8i$SKW9#lv;Oc zOhXh5#n1QmxM!Bi6o=#uV#<3fiYlowgU8&KYbs`Cot(Llkn4+h6h%lJs6Su)xx?v` zdASx*!T=G=ak-@0a#iBetU>2SM>pbTtCX=X?hq6##9IX-2rRxf)lx+TmJ(}Rpds%j zjDip0yM6G`hyaVylzot;O0TZpK~|7_@{_rF_mZj6hYK2DGt0b`L&03L}(cjYEhZsIkfL8zy2esb?q)1GJ4Ahc?%E zQmWDzsj!@w;H))*)*mWJ)zQj7XoVH7C7)$CeSu{+Jw#>oq%35+Q6oooo>`^FNuWv% zdRbL07Uf1TK>+mroy|^99=eGXBfj6^MI1{k%vJ~;TDy=Aq7#()fSCPTw4kpSz6;AR zI-ZWTXt5GoA2Tvc^1))rot)jnJ)h1NdQcR1Zp7LzLiL6m7N)eOruAyIAZjcfMkl}Y zaDn-V3tT8;jG9%ty>6iae{x0#GHBwsC=i_BzN$ID2J42f4I6QAE85ay={XTZj}LP? zMl=Yg3f`}Z2cbL-AkRdKQY2dN;)Q)|gR(C;lVIe~MTwCb7X?-(T@)d77q4FVrwb%m zb<`n%thWG++`ho_wi>ATwh{Ys_*uif3Y z5m8RTX;8W8OvIgxJUr9YwXxx(a=Qe|Nf*TnM|KyFWH|ED2#toTYmsv5a~>$AY{RGB z`VM)Nda30mHlIptfnqY!+j-2KOYx7+QfN@4K|HRsj?^zUPZm&@@ULqcg>v}G8XW;~ zolb$#AC`>NLN~vmautR=)#h@&*&2soxG88GvW;>sqaQ2{EzXK>`X@C{0Fu9@iA+lB zS1`I=OkSP0R1Jpgnr|DUT(qLu=z-o7k-!dVF70V|&ElzmCIUq7#hoE^G)o{jDR_sf znv=P>gOzNk3ypP3FBXCJQ=HP!H=1~nN?!>+df=nF9})}6EjS70W3NdO)|LlS!{|s917W1B@SWp z;bp1FIDkRt9xEK`JCeb07>e^8_9as}v{0p=q}4u@aZ5!+WR|itghaXtkqFlbLSo({ zOgiT%Y`Iq;rVY%sdX_a+C#r-)h~VjA=o0*dx69Pfr7lK79ZyGGY`>q%Q=qOKLP~=f z?R0#>GtC>UW5r|D6rJ@-!n#X-;GeiD4mag?*ZK=JRZUpj zxhibyxp*Kdd>aA@tc8TA+RlBQi$#*FB7ufWnqFrJ!9q0x=i}cZD1i!rA(Qx~Xo5+g zLSW#YYJ^FsM&OXHJ*1^d$ePU6YA@7ARTpTCstQQ0s+4r(l<~>4ZL?^QR3qJ6CB}Fc zicqi&Y8QpZnScn6Gf}07i)&1Voh*3_-LF_A;S`w7P)+6c+je{5_@EbH+ zc7Z5pL>#8J6M3?<0L&$>qOryz+9T~RzXW)A^`+~WqqF$Zl_ais%Gi<#BpEGGMHwQ| zM?4Rf?OS;KRr6qWs9nR*;zOhIm8JgRH7S3Aq?mYp31PPs<1_6YG?;C_)U?EROU<>u z2BmE-9A0%{Z_D+jX>mc7D=JDk)+Rm&b&^}G+$L>e*wn>2fB-S-Oj&HxGAk@Wztm4P zvK*g8aLc%c+CsG^;b6T*|Kw~d^c9fSt}*GlSZ?!eOx>MGR|eShr8Wzr+!Fbrtg*ec zAe+@W99pUCDM2icY4WP-l0fJSlF}YT9r+-tm_V}glecyA6i+51dPfaf@`ypnUcO(2}ogLpjxlO-FniF z;r&3+b%-eXYgum2SJhWxPAGtBJ;;L#SThh!tq8r*O(WjuWnFG7Ll+whM>&(pDybX% zB9G=T9eHnER8eE}h%w4}>M`sEy_mv;THA!2b#qVNtZ3*Q zgsSQ`JM`qPyZrR|_Wbwrs}IZpod5u0Ap|a0_w=LB|Dv{Un31&QQx1L2ik*h$Wf+%X zKsXpzFW>E2WLM~^X$RrweSD+_l%Zq0sE_#coJN%CfixXrQGw_a zd(`S;Mbc=KFeYogMh}+0%bwqn>|wP@*cq*Yk*@GG}t7L!LsinYvLow zzRC`%%GQjUp~v>$Q(XTvwx; z)Lm@ets%}I%uP{6FigkXEme^2Myn_f?6)MoXpMr=wE>FJ*6&Uo=0lI>P zmqq5>WS)e#Pw5k|I80CF@)#u@-#07xJf*&eKzxkr0GBlml}YA-RE)Y&C!`AkxQUf8 zkj!{lVvq;qWJ~`B1M#6zM^$#IOrA+mWhibRyU~S)Q`cqo?FeHHXUy3e_@;F7n!3iH zPs}Q!Wvs;wF2JKoe~~033xCyaBlBb&!{$m`T~MSxDq>|W?H+ZibQ(-YaHhZ2g@%50 znX6x2Vd&Q=bM&igeEphLo_^g*M?+>cE6M5{uQrA)^ee`I+MYEPqsk1us3KP_s@%{@ zU*sr7RroqFYCM%Vbxxa%T3;bon1-_Z8$eLZKrRa&37EXTj@Lhej|<8l-O2M zR|RO|P$kA(B8q%Mde^O$Cxc-JeC>haBsl z!z5$t+rnfVs|4|lap}mZQe5m}Vj*O9ck!;S`}TaJ;Jf{dZSm7tKZ^QNqmZ-e%39pa zdV%SYGCuHNVj02nCGmG^^sQXP7ETqihQ{SlAJMD~ARAXpJzTRcfa={l^$7S7aWeWW zm(#w$888RJJptua>!g}fGt(6Tv5ff7MUz#QQ*dCU5jmyC(Y5}qgix2#Rqy^Ty2Z%6 z8fcFOT1LQXaS`?Z{eNEmuxOt*+h&G)g^&CXpCvU5Wh<;AieSxxPvtl3_xV@6y~3|S zN+@1S$-hs|h#BnB1yU7MZHl4F4KAvPV`+!3CGd+ywRtSt85Xh^Z!e^fs*n!E3S?CR z767}%cLSgmY?#=!*ek!oXC`Ik>Fn(aYkornMa6}?AZiTUDT?CI5S~rLyFYlXc7{_z z-;2do-YAbjVF%EGkj-;BVxqkIT~U!RqHTEFC*C$)Inp)*F3>hpCId1i6VCOsNR6Ss zEt0XAtSVgE4%Yqc^UYsNI;lu|aW({c`qzt(^wnqz?nRDgcuq$57H2^At2*<7cyi)KvlbjY}cBGOf_LEwsA~zr5b#5O}k56sh16= znx$}EY-4r}P7k8(@CbG>PI;+$=>?0kyR&|i3&B*zNeOv|#b8JNl67Xv0Pi9dDb9SD zb%vS){!_FX{|bC8%tb?^6r}4k>os??&|u3w=*>zFX9jYZJNAU63_L4tavDxBL?s}i zIYtP@>`rht1vmTCsnQ+ll#>~jo&3Cv(O07Uiau8BmGW5|uM`RhfFdPqK%ShL7NSxq z766)P46HHL^XLmG&FDe~iSLSq;q|LmKVOP(AfL`YV>Kit)17I8Zvc!L zcnr*;DssF-bR7iCZ3YE#5U#`r&nK`zD+XKYFu3C*QbY7fHCHueXnaK+!7+CEu^b*k za5zAq$;~zbi4-l(cXv}HLgsr4_#ByhyvsVN$tyYvF@!-{9g~A#F4oQ0f7bu}g6VUN zT!NfLaZI-aGp102p>q-+akJ;4S(nI~k4bmiOaPwaZ0TZ)b|;V>H!daZIHY5`!t4iS zAdJ^o>`U_4>_ilcc$yewpBJ0i5Pr zcbdO7StR&d6Fk8{06xh;V1g!xRDWyYjQIqY#kjvUsgL~g;{FeAlL&qZNh+KSW=BR*ngNZ4E>Y`?|>FtMeHTs1QYPU1vYk{;Yp z>t_^xUpK4gx>;jyB{F&#iXQ{Rv9=vvm5RZkD^)9yMjBYX+CttXLo!YEG#cK-2`_8{ z)F($m;DN|!hQg~Ez3Bhu=fU_0 zzT!1~esxIVp?)OaKKn6-O%6tDaDa;ihqoed+yiuDi4Y!An(X+P)}U#oYY8JzhAiCz zA2bmQa@2`xsSCXAEADbq)+b5T6a21b!vdxGU5zvB`N*_5Jizlxk#TLQgy6^g${ik8 zd;H@~GQIKs6BJ*^D3Sr=0l$%UklVpZZOrW`kTJJo!429Jtq&7C3ZPOv3c90bJ;>LB zWYdW$(1K)|Nk-Po!PF<>4Evg%_NepdL5FP}0Rcc$0|J9;Nsb%-#Q^Fdc`(FO zV?i>_q+#PwpNKO&)Oy;ZL#+oL9clng9cl*El%dvxPaSH&Oc`o121$LIIMl#naHz@p z(V@l*cbb*46uy$*+W3Kg|B1(@aB2;&Me}dONBVbUrYAJaqj=mAhtRMKQa!|4EFl4L z+X(O>$V7sP)IK&}ae`?u8vay1jDbM;Ln1?4L)9v2Gz2p|Lb!`~QF_j?;}9kE$%wds z7?GHLG5mnwW*nrz`a^u6MVt@d#RdZlXOIF(Wc$M$vWww z&h%7^t9v{^=PbE2O&SX4{TV^4oRTOW$-C--Iub`P_ydP>RA@X|O)pEj zRmAEVqa|E{X*67cLG4wLA#er=r#^A&ppV0~94BX7k3;mu8ZXs}|9W&BsEwC_iqX63 zVha5y9XYhDGe)Cd|NLjMXzp-qVoW|`N{SL)E>o%56IYDjlFxCb()5=lF}h)wuc7%} z(XyM1kM1t4be{&oDFn-(7*#koA8kdnOa<_V&KL8&0XMW#kSUIS|?GL>FJ%q3V_f}rou6>1RH3xdb z9n2c`e|HJ(D@~Yc{&$zq#;A;j{(m^pxT|#f&em>Qt#G;V`Ho+{qx?}M!59Ws;}svZ zeEsqjf8tQ@4B_g_1Dz;u>BgM{h!6Nw4`qkP?QvJI-zS%3`da($rfh(O67TeXLHyYt z?)3<0Zy~Qb+9VdZxwKoCK^n+8Izpoajr_Z@@{{aTMZbRQD~z?9C!Bes%d7NG`+E@L z(y!g3JGwOJ$la@RzSCDEJZcNtee?lPf<`+OnF}w+tHlqvgV8MMno!ZzFX_dS-2zWz z7vjq_^5TmF^NbG~d^az~*!3I!7yj?yUtXkO~5tQ-jNSkQS29 z&f``5WDj1ue5f7l&v*a88SATMS#PWR3OBvPwye$E0}>1!QY^a*8iFBb|MJx@ep8sj zm)i@vf)_#*sS{fEEMp+J?2lf-m7Ji6Rj2Di^xuBG4x+JKxFLC7FU8X`A>?`a=MHKs z@qJladsY1vOSJ(^{xFk+#4L5!hAO|@zW*gIEk49S&+WzmZr{9&S6-dJj#s{I@SLsF z#7^>a%Hb5{yGZ=zy;F;qR(>nK;@d*^1(uB=2z-l1C{H^;9&YNEku8LVp?j^@oECBz zvQk;wTwTJecMb@D+!(hd+YYZ^;w7;kI`LF6-TRi`s9)c*(kWc)-Ks zLh<6gj?(hr9!QWmoW+};C6z$;S=B)T>*A>lx@9r14>%105cP$3+DQgo&WgVm9jp?B zgH?BGu823;0|_=8Uoni6Fe-z{q%-Y@gMJ1t!FScN#8hy@AIdDPt|k2NEI~EHlY|Vn zf^&@QvTu0$_MyT9cQ#j1n?n6PzAQRGLS8Um;{%B{2ezeV`5Y)7a_58=bJ#*vk%@vT zN9Jqt9-9FpCK93POGdm=Pt5yscI)Y>9qmf_<}ZAzqY4KGHtqq;`=~5DP4Ja*Gq{U^ zu>-nP9!C7(v9p0f0-5eJ+AJF=M5Z59Q6eTth=es2M5#DXAwsT?h|=-_L*z^^8zp4} zg~;?1O_YcULL_w3(l$kFa`C$St#YDBS-KJT$(d0b4Z2Ux++hca`K3r(ju4#mml4Sk z!mpM_a1#MT1N&H3!*EW)mVkd@m14u7FT{uP{_;QnEBN_RxtbIIp&=qxRd6Kq88}!N z#vcwi(D8C$fv=D6$-Kv&&L2lU^#`|+Q9Yl3dMV?Dq}E5#Wt23T zNP!cxlaZw0dm&O<;+JGhVcy~)57reH8zuHlQ$=?1ujDd&Dn6cenBG^suqUYx9RHfo1~Fb{*Jb%cSeQyC z3qOCVHhXZkt=J@RsEe800&*66k9#utw}=C}$!tk+$w=l*OHK`G)YQSHQL*EK%V;Awf1CkM0dt*s3r(Gpp1uMT~ z(Gb%GH_mRJ)Xddv_~n)s17yMCJ9B^vsgJ4+z6CC=ZAb_A zbbmPo(4aq$y}uS{f`P{A&55k6*?FiP1|MtcO~m2n*AvvW#uq`}{EWqt_UMTW&hNTr zwVQ0oxMnfk{I5Djqt8($G|A9hZhr^a4r6Zg5nfBwo)gG7*hOt zx9U&83;`BPI%b>(+dWqITh7D2eSWQP84OWZ<9CAOMsL_IZ~_e*aZtY$PSbhy)7kjw zoXN8$)fSI#(7B0W%8O?6913KE3hU+A)42d`P#k|+3O$!%S~^79w9P-RU!BhAH2?L> z@7Kef-nZd?A9#JDD5fBi<^qqzmP;wo@Q{Nz;?Br49BB??Q>fAoX~l}khNNd5;vj6` z&7hFxHEsK5L>h<5IChv7VDV8IHfIxm8<0YCi z4Ar*=iaKBZqgddW8*Xpu2i5fEUWJ?^{uur5}nr&mxAc@nVlsFW8l0c zPZ0Fv4V&m#W27CAxy_j^N-9-8=}x(M^y08zrbnd2iNWo2lHit49_f57{HNl6=^SZdl_xhf8ID7$fdQEPEo@%

    fiFZezJ?Q#py;0*2@i zW>b^41IL?~-)R2Oan14z|9;Pm=jd~hog;T!8H)Nd^Y_q<-=3J??aw{d1?|7F{f9}8 z-ZEv@Xk*?kR1#*?Q6?y@!Cnw~9b53sXOMN|4Gc&0ux38%c#+?b)HCXtogY@@RN0X5 zGxE-^YjoE0*=6PJY>mA_S+$p^l{WMD%yHfF`ONpRC7khof__>8vtR%IIbeOD|GR3XWDjqM1dvmde-J_yRm( zfgL7=3%_J-Z|Op%nUgTUH1}H!ED!*m z#ji%DbA=RFq~w>H51Lnp>PFGB+nu+D%-;-dCH5xznytWo?Zsi!Fa}HRRBR!5>so6b zu$WuBD~tBNk24f8N~z!oY4YM>#?-U>xBA-Yas1i1 zsOOJpYoSu_5wi}sK{J3px{dcTd+N}Rux(fLW-@GDmSg>}tyzi*_+rC2zi{J|t71*Y zGsbMkZgg!)i2J12GiNXQp2Hlo`^1-!5v6X#v+SXOMRvwkU$~f7w7PjQOp_ShS@uKr zni#2KCa`(oIrt{JS+S75W80OE^0_beih3TK2aWv^1YLYnVm@d;#O4KnX}`M#^lg8@ zUQ@(@K zM7-rCWJIX3+`QSm3AK|Q*p6Srr%iT!2`@fj%*&FGy@ZTkh3H}c-ZP!`cuOQht=Fjm zcus^)4v8O_&Udn;abaDbU}FwqVX%^8Ak@GPS^DqOIk$=dG||X+US(frUr!f4jldZ>^ z_Tq#6G1SyiElG$T_Trg2BfI3>my(lRr$g$+=@(y0?#~$Wc~d$%ZQSYXL1x!2u-X)) zzBc=&?R?GFTG~Ew%2mGGFeM*z=i;12j#0GHf^KyTk1tAaR>#g{JKwOiqGk={?Z$iq z_myhf8{tsQ-u2qrcBQ7@2v==Ult~!Z3 z)>)u(G)_Ogy%kmK_~%J{Yu-1GYg<&-zC{a69>myAeWPt_usVIdzNL4B(}i&UR_b(* zpm;NN6nRMcAY&XzU(M%^e4c?;p@jj^gxsnTY8-t-yeBm)Z>|4?c&+Y}rnY;1QSH$B zgQ?lctt5766Gy$3(pc8;OOr&u{POa$IBRxwHqcK~`hvvs3-2I0DJ1s4kTx%1;15y6 zb8(E&EZqV6h%JLl6YY)cV_xX@duBXO3}+xv2FKF2w-V@|nZIFAwmtW(rJ27+X8eYm zBOjF*(CEk_?ZX(>0sf#YIJ)6+GSL1uG2C4@Vn7eblDBDkiLBXY`r+QN{hI-CIHr4q z5pVbnZ-U--&U)7IBELn8wwEj;%NK39(&Y2-+<56N=-S9x3`Em$3Q?+qD7_GwkWgQh4^gxZI2tjW<`6AugK%k zWPGU!8i4N(o<1+M(RI~a6|uY`#$tjf-{{g*R&d~eK1M#YLU$<7M(nz<^uf%a3>7k8 zQV*%r>z!;l-Z56172b{NhzQA_cCiydp0l1{k)nru_bmo>a#Zasos;4l^wN<;7N8Sbq@ShH(YvsIg>es_}A;K*g5W1 zn`7LgH#Vaz{V80c1V$i4hzJo~9?ePpRkJ!Ia^Q02Op!y`>0w~hAv5*21SL>pc_`pt zjm(@8;B^ihJv10oXKfCdE4x~U*h^?9;*}ZY4EUAXM8`2RaDCWBXnn#yKaP5+O}c!Y zxmbo)1Aax}!7%&cP|+*v_LDXd6fvAINFRBbNGGy8E1Od@k?k1nE5iNV;eMV8A4B0@ z4fg}X{XK0d`-ks4hx-BHp6B@R5US7LazaCqF*AQ4 z@uki0thoycGX8QLe<{xXbLQ+%k7m=H8)LYcV571f0v5?Y@&>P&0;#Fyx}OVz{Sm%RM$o;L6`kG9f}!Q+=)F8Tzpzg27>|2i_Sc9xFrG=3~9Cw zVz{t_kU~l>GeAUiV4@W-RICdC#j&_aCn-2v_CmRBYgDec<^$#!s3f~>Xb#J8>+NCT zqF@eMp*5g#S{H-&V1UiYe`F5b@$U==FLm$xGoMdGA3TPwl}EeU>u;4uGF@wbGF=kR z|4xSHu&;Wd4uckR06rVM7@yDRZ17B;>zjT_fHUYGk zRYdcXXN) z_3rUa^Jn=fX_b0>6CW!Z@s$4pE#ci`+v_`}nT^)I2Qg{8D_o1xU4BzbHq?`=(JqNs z?ozSIfwOkQ8R+5}=&>n;@dYqq{Gedu0nogdrIj%Vm^WZF$H?2?FeE%|3B(igFsh$= zU*9~&xUi(#0d~f=`|r5gv=>4q>8P){t$?hyL>klJA27Se0>pkPPPY%rOF6A}ByGEZ ztvOl4m)j)IWSe!XiqFR(@>s0i?L$q1D_wnU-{r}pmA<0L+n%-nr5qOsPo*Nzl1LV@ zq`YDvrGqRQ039sj6Lgx)<8!O|cs4&sQ=zZHWF>g+wYHkog3(#O^RPB~iv@;N-T|8g zb*+7na_wdB!S)Pm?4*8x9q-t#^9s|fbk1oGXKyRtWtxrdCFW(#_w`<2dY1O?jhE04 z$oM&S$-KV#rP2QJj!Ie|TQFyFLupHg$1zvvUyhslT?lrwtKG>jU!JV$>Pp65Hs0tO z@2-t8;)*12Ch@G!W0OZh0JY^}%+ruV-Y$VWhtAS*raG_EiInepwC3ZqBHug%^2>of z#Qxpj%VsY+7Pfa^uHc-f2cJkngseH!SDEYQ05YxLa~3R2#d zE}azVlSt=8dMNs>7%kE*k%V1oil^gFG0`zSNIf!$z$87`A7S1JZ}O1%E&LMn+IWs% z2t1<10qT>S8pT0hLFM|Dh=glcU9SQ@2B0gfAM`y4qhD3%;}9r<4JA$_Xj;SPI5W*T zU>kQJCo0duh4ajbMsayqEaDNd=8#pp!d=R~YvD_J-C*2Jm=uo`?)}kow3YGz-1HD| z8%K|z4e-ADA!cs+ugGj=swU%39ANR3`9$7wWPCKUP&BKh8?am6oWEm@NToD1XI}_@ z?9m303UfjN$FhUaqQjSiVL^Acp|WK=FNSla6*)x!F=oSZa^I!0b20$J|3OS_%c`YSTlwyjWjFNvp(t% z@97-Oz$;w{tAeqXCN=nX^qAui!QJ7zm$13Tn@D}sF*)Ip`b2m$1Km|a1iT3|iY{-m zBDzT)S=h-qb<(yP`s=j5S(G7^A`Ku~kaDn6*_$}u0&&1Xk*6!KM~!8@Ql-YH2hRGW znH%o4aChO3^PzgwSd1D#6_*u5(E%74%TJ2}o1hURy(8b9c7Wke4<@ZuTs$YRL1Z=) z+j)fo*{gCXeg|$zN=#U$^Rb4-Vg4B{2JodiITSsq(d3WQMgx5ywqCb4pah*Ic_irq z_$U(k2jM4xC_b_Q>7nS4kOXS5^&I#3JO@^*eqlgzxv^KkYz9_ft>H(~C9nkL*;9x| zhj?l8n6!#_cFKTiwH^^GpSXhmu6|u@{11%1DU@-(^87@pcPf|?gQ{&!lCLk- zA+Nu|?@_43CTyp94Hgacq4hEZ?+*7tIn&P$#!V#?B$?Wj{zymGBW`MFA|0>Xo*1!k z-7k~EV1Pm$rw(bkjAHXI4L_d9UV9vaI$Fig>FT;#)g{ph7`4!(Gh20?olsXhPr7oh zyoOWPB}uX3#I;pj0Ov?i7fR#!4fLQlL~xmfD*`s)BrD_Ey;{$F|0*M^p7NqnaG{YafTpn zhif%pV;fKj{`wCNPLphM1T6OV^OE%+F&_dUsTH>JF^cCCbo;jO`A_DZW`BK4aPndg z0&xmWDCc|NPAI1#@=H)5F4A8MGW>`5u=wye#mDpe@p}5N@ju{jtz_Q9LA9%`El2Ph zzd@n&_tEzWV~#dDn^G*sInz~r(inL|u%9&XdnxG%w|}t|Q_#LNFF7p%(NT21+*~fT z+Zy&L@MN(i-pZ40X*MdTFf;nON)VCq-`eyQd4GoMH;6h`M%YA{l0>&6qzU*ucqOAX z{aoyUFmp|Hh>IpL_{2eU(TxO|x}}mucW^yU)F}2*AwAU7qrdPIuQBXk{6twAcg#Ui zxz5ix`n=4i$Q7ZZ#?Nc2VFM+2h8+ovHQuzNFaX44)Au2On9|({ScEs#m5wN@M!(1X zC^IJ~Hb5R31dprtM>RBiGr^Cfx)Oh{Y_DOiKnBnwU{M^ca4}-M$OX&c$8xS}!3zD!VB|xeW5Qa9#RZ8QNHbkcn2vG2~Udk)Hy zRZq&zVrP^cMa&_w{#dW-6BrHMqGxHMpQxC>!e0yD;!jrWrz&{&0XLB+b)$s=#2DkL zO=St>7|UlL&Wm+i14QG(qI8lzh8Q%U-pig~g^m;qY*rMUEjeg&giYQsf&upO`4G3F7?RfwB- zcabf))dI&efw*Qd?B<|}(qSFZJp{?ZlrKjUl1(sg95h16wAF_}Q4JMzc#3*=h8FHa z1QAL&elk_noc5NRT51NM)LX_TLD#bHyU5HKQ#6`kyEhUEHgJuIMkpR9$Yt^SxHHV` z4;F;oE(~IcLEJ|KVibKsd!)7~oNYwW-q3A((c%zixI8b3jtfpca)`mRB3=LkniKb2 zq=$^37*w6El*yD(nj)&BgQlg_y>~Tw6k|U2S6C;<@ezE+sZgRHK`=3FDz*m@ z2E?G}C?gNKyZ<`Q34d$W&JFLv3YqLMXLPvFVx!RNiq5Qg zNc3c9>2t;)+2C&D^B^uugp7i8(5hOE$PG;FKiip|ju$HeT#YlnL*{zUF8-Q^`LBlg zjy#)+J_6jP|Cx;q`#|7SGRzyRnKQzM(O}JrVi6IPk3%DFx}~4o2m3&4{CD`=GjB>j+8lY#Z!jL2`5rN< zk`2xH@}|2&&ISG|zl>7snp#$+XBy^*@YjeBkaPO}*tGuxbpQ&1)0dg+P4;9Hw={6& z+TKc^YxqmLvOjhvf9TBa?M!~#jL++2+d|3NwE|e|%h>4n7tR!tY%+%628RZ7B7I98 z#Bv@I*pGCnAucCPgsVFs9#1-O8tm;p=`i#Wa#OCbnQ2L-?(NdZ9A)#yg^Jwr?JHpy zSQJe?s7$yn0C!r4wk@y(0MWeyZXk=pWL+`FEUhPLj~~v4lDXL&9Nc#GMpt&r4`(s? zIf-A!ZnIApg4UdPTx&5=R z{>8Hs(TAj?)hdRzFX(>;jMjrQNS**lb`P25R?YmdriM1kV@%gZuu#@Plb1xt_t4~T z)XX<)@u$19Q@eHa=%^G(Mh#s^Ls^^Bvqox5=Mx#ztEq}hmBac%wXz&qc~%cL9%m=j za}axn7N$iDaXku-53MUrw{C^du3Gn~_%+{;&5sJK3RM`qkgE(LU;+9%Wzdj5Fc=M> z)xu6#a9K!6SIWS<&e&!8% zK8U*_pE&@fLa_uyMTIxbD>?lib288<3K)wyyQjxx7bb z6ZWqwad`uM6QkO(EM9H);d36!KpbXzQ4SIk34im01KL6JKJ#|75*YdypqEn>d&5Ui z^fG=SbJ-IZ>!Mn;vr0W~TpI%E@8)B)MbOdo8nY)JfoG+Q?vVHl8xALY$3VRsJ%TQ9 zKX0(EM6w$AolqJ*f$&SBYE^pxb6m%w66gkoP|ij{+wTU&CO)19X_$Qg>`4d*mN&yA zD2Pl-ur5yHnIWOC5j$p9fXT)E;vpM{{X!TSv8P2A$6Q(X%%bX==p4FicJ?dX zj#OmaQs^*wyn$2b=4d5@J8A{ByDR-??04faDIivUrv^ue>4YEL?97B;5$;!*@X;Oa z&2TS0&)sciysOt6IJO^-o{7ux2vl9{nsq3?7sIY`_$x|eQJ6Lgb)Zq3cZLZ zprAmoprC@ip_dR5xPV9#1%-s(lqUKrmIRD|*aa1Nkpxu4hKh=ah5Px=wNE%8{+|0j z_rKpGVa>hHDs#;;=9r_8IkIfQup3VGQm`d#Ib2FnB5+x)tugikfz7ezZT5{Ix7PwU zSkYLFhoC?(8;Nn|!lw~WOgz_+j}UjQ$kxRm5UOCu`W+>S-We(I4}t>bf-?PtyHbG_7G6@Rb%Iy_W)LHaqgt{vQ$MlE9fi~ zlJk~fX+B4IAetnkJZM_k2)h9D*MzD<+cC!t;W3A&o`@huh#$~ts|_uTZh)2%9KaeZ zXD;J0j(j+CCj>vLIq2@U*jI*<2)Uf&H%FPD7pI-?C4ai|gEsmT+pOg37@$Ey3458B zm|INzhmgPUJe!^`C?>}v{jQon8}k^@qkx#~k!M&#jzgbdaeT5(K4=X=49{Z`&`Kh@ z#l*Azkzp}p>=9dxQX_&E2zvG;CtGWDhGz=q{%31No6gfd`Kd9#GU+c3--t2DpQ@FB zTnJlJ)9>#z@z*#Dbz+f21U1!u$8&4{vTFazv$gZJJ5~GF4Jjm&@0fUt!pbGzHR+{O zo^s#Tr&ut{5SQ$m^v8#1{pk$Cvq86H9zhh&qw;Xz(~L--TvIYf@!tqup#8-A))7Y{ zi-#-{X`~~DbOy-5Z6gpt7WoTeWDad;{4d2Qdk_wB=@!3ovo~A(KB4Rh<@36~*_jdA)$Eb%ZVrhL&WGN{RdhLWt`=H0zALTHLbW+Hli)WZuFGa8ujAe3 z*i`bfVtPC)AUP3X3gmeF(&RuSNJpEas;{1UmEYZgIfRc}8}LSRM0&V6jF(?y-jTeW zce8jedm!x3OX35_{HuLU!-a$*@SvTqxpR*u)E^rklN^?Q zK*-!Eq52OBLQL#hDX`M zk2Bdgni8LLKSCM5hNMb^0L5^*S!&TkpooYzb{0ff74TXKB%I0)0CNYBLZXOy<#ps1 zaWxs*3M1MR4`t+AZD=AeK2O$=;3*SFHADF$>IO|4mT(+NT1A*mTGhft5o<_{Lm5pD z+?u(Dodqk{xh~tH4}xB)e}WK25a^e$F>E!j-L*3+AMR!X%7ZkCNZ?Z25z@T`h_`YfO{P%BW|K2uuO(t3h#5flLkvq57W~%A%$t#F+x<|E@*HN^_oOB_*tj+| zH>IT;vG_`#EEm>Q%=${>kBBqT|1vJDpR3aJ*Gd4(Yxd0=A(qU{_V29rZwF#ehVo$v zxOwz&oV{wakdHA~FiIgjVk0e4ofwZTW@Xs$M?&dCNdU)cR6f~6A1|a$OCCrm%uqAX zCEzzK7bcf$8Z#)B{0f9XjC?A8QdnTxlf}3~V!_Tfjr8`M4l4Ko5;cwxAvhK}DWxD7 z9P+*<-Q<4CwA|jj8v=E#L}5y#cN|^_#pj0*p>v(M(~yWzz=e)LaYGcB+JPZ*n}a+| zwdjkW2FEjc(Twb ze`?%0eq-$?q~RfEUe=javcr7Md_~u6OC4ao2ZeqCVa>;LkHmZsqKt>uhJ0zZc#Xw{ zVL|*E>#wso`O$!zthtuo>>9BFUkFdT&yl%O*KW0>j||QHlC_`ZO5s*L^|k!k9oBqN zPi?gB8{vw%+nU>Th2MMgn!anz*L8*8|IV-6PwXvSxewYD3cmy(RLzB4u@}L$`45n;yh z99N3lGMJBA%y1wEU=2F5Z?US}J=T2H+D&Xlwj&;;F48n*ztA&TEn5r;y9ee;*jYY+ zA&O{h(-DJGG$)W9S^<4oHS5a|)Yr3NGz8tO13*_DQ3#6!ilT$XAmo6=4(yMCx$ZGf zsH`})_Y1J5S-@_t?53niCbqO5h%*8(LU4?+q5@vxopFqRrHR-Ph5aITDl!;%aQ6i` zP~&haNEmKI!nhe$Jdn3cBmZQaPGWQdE(<5gBu6GVG|&#SD=t7pBX(Wa-^AZA7AN?l z-FYS};@wrXLPynZW9!{xy|tcle-rH0;mb41{R_LRP20!kihd6&>BYeY z@hw~jdLqQ&7=v;g6r^Tl0f>w#Z=wS+)?wc9zK~xo-N@AaGj9;-K zHXGwrp)7{-Qzra;BL8WGKW2xrGn8{T@Xabgz?fZQ#_;dij^k?5>y*w=F_+_r=!&HA zS5T69I(C1JDNR;D)R8W;JHxqrCvJQXOWZNPwAcv94t1vs zkC>CSNuKDint88zzdOe`lG&nA!-DdI#&Pol&?fFf#+_pPi74OPsm39%JV`IQ3yr(T z#OFy2OY9cwc849-H>G;C@$SGv6O3=mpGg|GCLI%qL#y^KV{el&fNNUf#eBn90>|P9 z%~tVM<2D%&HTo5Lj-jZ7dfg!PKilpOb}2;FUB=uY2K!saecO2cx|?Mq>&EmCN#lv6 zBk5?QKTjHuCLO(9?Dn$d*gB=Aa(obHu@V4{xy)J(xZa6l61E(F5WfU!L!vGP zj$6Prk{tL|oNvqVQVw>SPPQg?Gjz#KBX(2^Iwn<6UwV9%q&8VIB^#zqxbYaA(iK8{ z5t@PD{#lL5xpNw`kBDwaLfVm;$YKgafIJKRDn^>DONLIQIRumlrz!P3u{IK0cY`$>Z5&EJt=v&rhO0X_3HgP696Vz>2UuPmT|oq(tm(&Wi&?QH z>Z}l216#SDAWS0VxBp`1zLeR|X6ffLlBY=K&T~XMF(u>`>7UcalZXu@BaUJ0kswOx zjff`4v-y*idCWF8eRhOlsk9^EI{Uxq!GT~jk(aO{-K+%(H&cW#1U#~1kcgGS0&z8( z8gI@sc5f1pfem>I$VlBBW^OeZ<=3oQ{LD(TX4QeAY=pA%%*t%dD)JBJUSGzvG^H5V z`dX2**F}HNn%|Sf*7q~TAR-!32Ik02t#VFcZb^`f{5Uh8v;HbzoZuyJ7WNB?xh6q4 zRfUaU1|Y5h`szTK81$mr+GWp$YG4MyE4!Cn`IXTV`uQXX&V|?sX@iGgFPm#xNXkn} zyf25P8<@?lZH2s+%-F}`w_g{XLY!~wH=1Q(O&%1=(NNCbfE=m!F%vCG5U>EYY=1E5 z$iK0PunxMNU-pSE+u;clGD;x3rNlJe0ZDq1XgV|6BC9?cSt6)+8I~o6c7^&5P?j=3 z+IhNhNJGZYIkw3R26M&+jJ;hGLE*lx#sdoY9TY7wsfwCOcY_S*I*#*kM^+O%@ zEdxw+muJ%%y#!EGGHPiw)hrOivuTZn?7>Qp!d5L6Cru}HKuBx!_I6sMuM$&d)+9%t)t@rK*Q9=@Th}x0xkStBS zI9w0AUOWtK4ExWPZU_kOi@(P*z{5X0T{eF$x48yD5&kq-B|talYEUS3P^FlG;emEd z*bo%4NmDH+L(`+^Id!UrZstsU5-i*>HLyDt37Zt&u1$YC4R7CFO7AMQzb!*W-cs1( z@D`b~7vZALw-#mfP}sZ7nIEE*J(&2?YFAHUfKOy1LC`b%YjcZ8apVvnQ4i+2w%wc;It0Js~JE&&P0@dmAYT1?P=)9N23Y?XC(Ai9*Mr)y#fNtsqR7T<=sQq zUGPJyPgxUv`PMG`nJ!cgVl1V3T0OY6(LB=;o_QqecsS!3f#>j4Cz@JWWk6GJtuezI zu=K=KLrO@!2D2UO<=RF(vYs_wKqVx53GmG2F217?-`;4~+l`2}oe+8a-yk);`skGT4~j;PxU{Iz{Ok7*TLJ%A&k!VS!hsFFf!yO9z7s>wchq zqLt3q8QJ{w;Tg|?{yJ+zLo5GAC69+p#xH=vmmf;qPXGW`6jr!Y4|7L6 znv)7`41q*mJ;i{4{{+jcyQWWQF-+)_S@F+P6WYrQ0V;9C(S#P&wpu=uM^@3N*O{tC`E@`(+5}e^#oko;cM|%LNGMH894ha1@^*vUr-rUiic-1E(5!J^!AES}N@**!owN>pAqB9I+oN(@Q zYC5Z){b+j2q}cqImgUTnT#l;MBa$%15d~n!_+}5K)YhFMmIE z-vgiUo)>(S&jMMSj|e=ZHWNf_G{XToFAT^zY!S^ia_&PP=ZmL6WKFjgE}k04r@@@n zKN7pMV|y7^586&O+f$aq?&c|VsrH6F@&O+wxl4n^9QGFWxak<0w}U2CIE9?!qQDi7 zuNZw3+Tq(A-{p9SX?v94$2p$lSc3o%{~Y9m3H?}ORtf1OC|tg;D0A3m3^4QvTx<`T zQ)Wn&m!Yi`#j(sCsFDhL9;|#>JlrP=lzWk{M-PGZ!^4W6Zo?44*@|nch0<<7TIhQ+ zoLz$RwBy&OWBh$!Fhj@9a4w@+R`n?yHwvddzwq*g&GgBM9T zohRdR7_S8Sw9ak(O34F=QeiB*Pa_LOAH!{7yLYu%XygpE z;Nu}XlSG&CRA%&Hnx!DL^h08qD)!5)eN@42KTOzQr^oo(db7{Eww)yrJ1c}0W(*jA zMu<5m1vyJC?TViCnS?Ro+kfP`?|1e`&fo@lyR+YP=IaQ&;JP7=zo9cY?(YB+FyZ$Q zVZq5UK_etV%hb4!GS)?nwHEjcJbvS}hKU()A};C>0g^P0S_KpgtT--%1idS|462_# zIJ%{~Xz77&5OIS=UBE_QW01Wh_yn^s^u&zZ4nzU(Fcf2ITI(#a;9eHW$~qQ-FEhGz z;7tI8qDxG6p@N`$hmhdOp2GyT$9XMZN2+tZ@48B=jvKu>##|JeOO?K}K$<@UUl+q; z0gRfJvtn_fF7oSt~HQYza9bS;KkjY<35X9YuMOvyU0xV&Ah_;@9m%iPjeEQfdzko=PF~YmFIi zk-2IBb2MAaQ|m(^ zbr&Ht5_>I3SV1Sx_vRDc zeUfjO|H3WU-Wog^?Z-Uwnk&4yoMhyT&L!S`IZ3Wc!k{4@0bV-V1J(!|u9jke3OvMI zAJ_mNDJgZQph1}QXe}5SFY+zM2CNC)lH*dG2vC|=qbE~v&XgA+xlx6Q3X)#8-AHy1 z`$Jt;_rA%pJs|oxQF~b}xT=Ac%Jym7UcP^$r?YXtgW8e3l>mHHEu=F#lmh}79`XyJ z5wV1W?n0oH*=0&x)@(291GIkK>o>EIeJ5W#EP4Prqvk2TW9mC!g)P9Bz89$Ug!ch% zxUKz(DdN#i^s)RFq+OlDwsT;|(Z;K9C4jevC*K&4fV?!XZ-UWoe;;y~wsoW1bs^E} z8Z)5jjn^DxW1g~)Fcd_#IH1{SqaUSuSA>Iv1=(>o8hsU z*zcw0L2SY7PgC==6j45UAWXVZ=3vgLbD#oAs%Ewl(gZ*I_jYI@wl}*F@S-P+3leSW zbCTmzPY{Xfx9#Y$C+*+~5IpP8n1iBi?2Lk<5Y2QmN;4JzG|>?)wc8Zt;yckvRZAh# zi2uPk$-dPDwu=tai5N2%S;~7^qD!WbOQMZ{L!t#>Z7(v@;G4UPom(J^s)70~&GST- zqVjp3qsBSg;~|vMV!ODokflI=bh9(x+>vjBn-%dH%p!ZOUX)H)PJo6)gj$P3I4)gd z3{gY#(r$%Jt<@Su=GHH$g4yu9J=-{f*aLvOf|{RWgy?s%m)8&O-~YzELxc@ zjJHYAyzN4St7IXL-*b!6E!dBeAn#ZqMds(ThS(bDhV1+Y$y|r+l2*&#Rof! ztv>&85mB6h}dJ;S*$VUsKS)XipIzb=YT!5iRnj{>$ILN?jYQ< zla2^0CA^?3Wx24X7!rpc7bFvFOrOwzQ&CirsCf2TtUr5H?6CE2csQ^F;jH@H8=(TL zYvGY$u+>486=tR3=ru-JeGZWpeS&5DS&50mUc(Z=CdBxbrFNU!M_d;T2v;*LQY-SJwl>!25L|l*6Qs+g-A&b%Z9mLCT;>q^I_}GweG)j+a((`gJ{tM ziGgc2$}{J;=XaRj9T*nSYA-^ag<6BGy2AwWB9_Z`|M;L}lu$%-#plou020L>bO_0m zSy_oPVMw_rvjosd8D(A>WnSD*0|y+Kr-u5@jaX-9u%2f0qPputla->n!?xDC*%R~J zT!`*hMN321@@}=u{7NV#BYw_57SPn+vdrat`q3VqsVBrMJ@;Q2!f=h{!SB?e%>dFP zAQt(1u|im>|FU|+NY0Exbhzi%?6gQn0`kwZpvZ*Rx3P_Wr?R5>UE!7APr4WuITR=x zK1SHGb!8Q^e*!+xD52!9QVDz2G$rXMM13P3hRM$Nfg^zzxlge{y@e`@ArIvLbA5t{ zHlOO@RfmEQN_Ooe*Me42{eYRwQ^4b%(cidmct@}ZeZmbWI!nk;;fi)tS9L*4C7n}j7>-`^SXhoR^M-*H!d?{5_3yevQn z36U^==3$ncnu<{;Aga~^89O$6O8t zhsh3tCviQKnBoN51&f7RbO^gBWHa`!C~T1}kc?hJ4-x>aVrZ6Q-uepra?TFIwPs$j zBzdJK3;@>_gkUn=$L$Gre{sAoplY6XZwb#p(Ni7>UA+%=?O|TV29&ztc6%{uQiG!- z@v{p{=o}_v92A>_3o==-bQu{8#0J4c7*KW(7-HODL~{~2N2(dWyq7L6;+V%VHGS&7 z&L<&VvqP!rXju)SjnnjKYoQ+>H||P<;tkrLK1t!vlmXiOYIdH1n;3G<+p?c<~l}j!YPCwj1?x+so*Ds_=t3 zbYE?9YmL-@K@iChA5GWRm|a9+9H$~v5!@7mRsN9v3}>@WOrvasF7CylsF;_TXp6D} zg!ucQr)v2Z);vavsJIq?-xU60ic2($fuOP^rZtzcAMza6m=JYcJtq+6h04_K?UzX{ zjiUo>60^XS%)FX8g(}CVWE2gFP7 zV}imWaA5d~S@9%7YZ*754;n*;!2z^FpA`P~-J~`iZf5VCv^sKeNgG0;EG zTm{X?o9S~+oQoSXL%7XBoAURFX(fb@0WDSy?p{Fm3Vhbt^RlEo2RoNO=3Cr9?Z8TJ z0HoK;sFHcr?C%e3?|6h|(e@PWhPI&3t^gvrk-$S+zX-D~0rq?VSleukLtF0Dk+Gg1 zLLcmdo*0Yantp~fE z7pSL(`J?Iq&uB=mH5yZQVrP^c0JO1Q89rsuk*fuC9*S%M_9PsVY@xcN$B+uKF$B+E z23n>JpiPDYqFp7?Qv@|SSmM+suX3UW6Ltb&1+aAlEBEF0ywqHPu+LnWnx|9q*R=R# zsyq?q&uR8#O6k^Q=3skmS_ywy{(@D&J_nN?CV=S;NfEViF}(sGkkieXxh?aTXXY9_ zQQ88O)$Dl^NH0X>2v8kDL@uJ`rhY#R(l|MQx~PFd>Ul(g3;+WjE>6;ORIw;;ZMv~K zV?)(!td4{-4rLn3m7$z9t<3Kx8>-;x%SR*&K%R^15n>O0P`6D-qrv-!2lfh zya5QwJk7ycDSZ}DSmLlQEaIHqhD8(*hP7`X5F1mNBFR<4^MEoO``#L2nP^pk+vNfz>sMIsbdBHV z8Jg}Zz1=-aqFu1t-Xy-RtBN_aKAI25zDy_3k4+%+KAsC?wZIPu3=|7%37=YT_F6~S z1Yg4ZFP+&jV@Y%vgaJO>>0rmeBxGvngX|Gyr>sRMdLT%=q+uzeg&L7eQYqIs9^NT^i`mQU3Fp3&=(N`VRNiDD z6$Lqg{sV8_Yg+f4^hc(3k4e90T6dfDF4Nj*(m59$=4YYee7Mo>$qk zYPreP{)K)A+t)#KT84*X&ni95gq>g!PCrC~Ot6ViKV+QU1MIZQ{sqQ82zt${2#(YP zX6j^dro|Tau`N7_TZB<;)s$sYpm>45wXH{N;g@#!7MqUn z>|~oU*&8Xl0uKzedo4A^bCFSywT>XdthvQtXlr4<84smZqYm|)6hQW~#!Y&XC%l&> zQTMPC$#6VOFIO*v5gXvxmLoZmz<=uvNlR1QgUC++*Fk+n@qnHk)FDYHtWbc5S>0v~ zieP?wRZg`}I-}lp8wp#a?Y!U41wcAn9q&q>W-+@Rv3HRkWBDHJ;UY@4k305ozdBm) zQ*@x%a$f4qWoSJJQ9%He>@(insu&Dx$4Dpf6Ncd^#^Y{Ln{+-%%P5NQa1$0*l*<9u z<{Un<#_S}dQ$abI928xl=fqU9zH;fLoH2wHKp|`tobAZwi|mtfv0LW0#m6^~F>meO z`n+_c((%EBRzMB8IBj`9J=l|@2j)LH%|s8O94God8vuzWEoRVtY_VeS$j63cUAk?F zs|dlw7ja@?tJ2*?$eSjB{k%n5cYA7`;mQvfKm_2*0tB_2cb#!J8;9JflbOKOn^8LV>jt_swBHVKlUzqIPp5?$5&&*NxgZ4w$f*4z zC~WCv-kvp@Uj^>z$J;HA>}v^4g;8~i9IiqFlogWAMZ53}OdxZj%wSD81|m0Nz}#=j z7#xXlg9wJ2L!1qGD{c;tqEn!SywQm(UW`@%HXEERIX(5z<`c~Ox&At!hQ;8Il-Qln zBrGHOldb?)CeLllD%z4o$U+5`?iPK+yLHBV3hFmB=tg620&3aK+f9O+{hu}IYHO}R z?PgxbMyy7WVKW$q@ATZpt)g*RRNN+7jqK&R%v_swUYEJ+v$oz+*oj_sf{(c(;F#1F zi@7izl>f^X|B~Q#+Z)Pvhcb8BErj!As%%6>NkS8Z1$Wx$9VE52<~8QEnnjM6x!uel z+ykeKi7tWZSvSnD&t?oEk|w$?gZyr;ccT!o4pN?}pJe|SaBqU;vSucdK~xDA`SZCz zI_L77BzVwz40m+(d}BT#=`z(5q{EO~;8@f!lLnFVu~>00Ht#_`1;jE^tL$Mi{egtl zOfvGIy$*KygRxX1Fs#|r9|UaQCI6J>*-O`0w1*oP(vay(%>y zp?mJE)O=WJP5AqalmNx@uQ~*2!J+1`>g(L=%+X0DU4dQuv*gnzMf_y3?+H6LXm_*o z3u)HyJ0XZovJ&PHRu-}aU$w81-%Z2xh#sQ*uuo4g2ykgg;~^bD-s$d|vf8K3=2~x5 z{H7szYJ(BQdVzn8{h*ub0>OtF85y=)*Ro3)bm6f{(wr>huL{CU)N2rPO9{EKkQg## zucz~}B+~#uwsA-xT2jU=YQ82hS7RG*Z%fRTs7&or(;{jxVTsMs+6r1cMJwVWpl|wZ zwSj^}aUc(WuS849((bdv_C2t6yg_;r|3!x70s#z9nMEMLEoOML!F7Hzl(kTHhqAoc zw4x$=^w|#QymmJQaI_B$l6En2on}I6Qy4}x<6zECGl)u0y2?#T;z#U_s@v5rZ){&F z5Qa~1^Z^X$SRXCF2aS@Vlk2HJ3}?6Pqv$0x3XOQWrN3u$zuD5iB9yNSWg1Ew%KlLH zZtgEd#V^9ig72Ur5mymVnnQeW4YQC3a;|ueSaKx0D7aWKT?Nn^fj6LC_$QQ`Q3E|n z=gG;-$_Gr01()b0%LMH{h``UWvkOTEE`=z!SskZkZS7h{AoDx431I6Al^>H09QX)m ze3VR4{O7hub=q=wwb4CexQ5Ts)T?tl1fJ!?{{#*MwR5f5o1;-XL7l}7%v=#!Wi*DU zH;mVfJn}_a1y+U|B?181>czx>gYn#w!8!g$AI1IDY_zQnb}%a5Z=dDpDF#^xVU=Gipw+hRl z{Rokr-w9K;0f-5V;o_7hGCXC9Bw~T|3Y9sM)&=vYQ*sy8`J3%PRJ_kbk3mP#Mr|1= zj~uFf#Bf^AC3A|!&69g4=fARz6#Ak*d6a><_^rtaQ!zrdkc1dmD+&;+_QJ3MLm@|| z+%O@Ki8}&3B`B&I*yiYA)V#g<(o;n2ewfpJurcLk2F+9;J8Bdyp;jSlOn0;d57>;d zw)h4zWh+1kXa^4r_#ce4iTpxRdLD(=WRMk@5m2WA<82$$13`7HCnXxf65lqk(q%mf zy;jWr0Tv$3VPW?TwkImCWu7o}HiQ`f-*FJj!i0bUt?2$VBh|fmkJxPf1+Q8S50fU< zfk-P+M=Tn~r5`Zb(d@)7gLWSI><~|KzaZg}t|*=j%e%s`+xFkKBAOQr_uTu z-zD)of>1Gu2U+qG{Q$8-lTiEmEGR(H<3o260D^ln0eqVbt1O(8ne#KFb5y-vzX!L` z>`cbs!Q*%!Oplhj{Ez8h}e4@Xj3qu?& zCL9-!b=qWKAIg@P<>nP8ngjbQTN+I^;$tRp$U>9e#ZJMrAh}}_s_}PI^PSXDeo+u9 zVptOcISOWm(r0>zr6n;G(v2O=54pl1*y2yqcn29OwOL?x_Q2C_!x$~LEoN8Y5(59) zZQp8o6-P=AYpqwVTEEymkY(Q|-P-h*jBLu^{BZCj#FE=2hVf@yWNr|ix*=UF`(s}(3MOBa)p2pm;*(D zbVYVRn#*>8;2u~JV1X0E8Dl5fO!=nJ3u4wB@2_x{k(z%qcuvdnBB?rp9rag)vew(K zbrzf4V?yadc|a&%v<`oZ=6W05Ev*jbtin$2F~mTulV7$qAAeAM9ND=%V3N-wmW0it zQ}p`PfbI!`6aLCo;WN2%Jg(ye2r*Z9|5G{#duZKpG>&DZ{V#xxhMO=P;Ej3s%x?<= zLIA5YgECGkVxb45v7+bzezzVuo+~AWvgOUZpQu-OtUDNlu z?qo7Jx$cql#q(%uP*^U+FrtDkNE27*ZA=2$$CrVb4#(+%*d!qxVYPqL zHll}QSuT8ZifcThB_s1nEJo$eqre-G6-xTei#95Q9+0;^a%gPV-8`lxRs>z`sb8l3Yz54K zkJkb@68^?xg1jPtcN|B3*A8aYM7KeKYslShJn|y;z~y#d_$bXW=2%GNkZC5|SGJfPHj5ZeLRs950I&a5(M#d>C#Z4U%qh-JKm*8CtQ$jq zIlC=n-ACqw)XInweA!l0uBYtA1>&W_{N)WEqtOzoPJJYv`ba%GnlC^srKI63V%}&x z3J54QzR=x9Bzxz0B>zHzFK|8eGpTag7e@ILGfe2eH*663*9heq_?|bS{uvn6LoeL| zJiB6$I+WdVLa*7^nGMEb@*|LH@)<(jfFRg#WH6Qnw9Xl0UipzR_p^)?gAJOQHHA#6 zklK5NyDgK3sTYPxTp6TkA{Y1|sWinu=!#4x zskP8>`U@K$Hi#a=v+3E2A0$}73{TM0(6NIcA>Izm(()dfK{66-I{NJ^ZKc2yU}pxU z%iLz7!CuJLxLhcWNAF^$s9y~)oSB(36l_)7`RPQ(O-^OY!2-C_Mpd#ZQ3sm&sCDyT z8Ovbq27Cwl+D7JCvgj z=Hd<@x2*JNz-bOXX$*pwDAnwSQ3R#CW zLeDO=WnN@rMk`nw~2T*Q+pNp@@LR~@I#iWP_&>6HjGl!-i^aOpSEq4;U zW4kyl?QE85|0==f#N`r(q<$VMGoH|)h-+GfxN<-L%4vZnrI1PgZ6^6>W-rLx2IGI5 z1QOd>#kc$<1E+1mpDEb_*r-=1gJJEaEd&O%{pd2tm4_EY7ipJ9%_eJ3g zIoET_cGOK|{J~3!onG2AI!iWGEOJD9TF3}+ME3QJhoypoTXE1--A~_`|1Hd#B^1j>5gc}iRQ0PakB@Rn~Vl1mjPNGUVSbN+#oeI+H zRg}sDvi7fXKdrlsrf`hdQ$D}WKx8AkqK=CU;wpYG(6`kr7C5tg2*Yl9qi}GKQZ;U>xyDB zoWTVAk?-=Fz%{0yncGwITV-zjk%ee*I665H?|>+g?~&_fo;cL3(Jk(k!BOQcp&Xm$ zy7Ja=J{-!@wClNh%hJs#CI*{gju6Xq@jJ-x41OydyK(+qiw}^b9NJo$M`KP+?3sx< zBQb>MU7XCP^GUW&8KBN*o5h5nP`)%Vm&x#W!jGG4Oz8yi9r4%o$X9gPn=dDvC0x0O zmBNw}!)hx?891XpqK`-w$>&NBC*~1I=>{@kd@8(IY3C;=VbW20PcT$jX_oQQO1mNk zX)w-mR$hW(tv1MxtcPbj#II5{LpTKlGX(Nn;96#c6*p8`3hpUF^REoQnDEE2M~d!W zBn+<|cRS)W2(8YJGEPk}Ry04XZjc4ye!(xO9D2}Iu|0w@=8zDDf6##xBN;m<<5dd#1Q~^z^giJ zk^`L002vUNl1ak{sj?e?FikAlNfx0rS31VqztRCM=IG_9?;1yg4?3)U&Fuvqy!%+;U&R;0JKou5rjkyUnNS%cg%w`T76b-kmbeT*t*A%Wuz|8~!IQ+4 zq@S_r2=C5E9SW4YCP=s*FZ7Kz<*flCb&~4dgSiNFH!jaWNKw@mF#!B0+#~e~8h~XY zDEGon<*n)wzSCj{11YLO2A^?0)ZVnmN3#WboH6eXlPT??LM`U1YUMP!4mBd0J@`aZ zBB~Q1#f7fIGEG?8@ar_p$DI&K1He0zBe9y_jc?QH9r-pVT!f((xNnD`T#U#@bLXhS z6ycKkwb2+HlBBoAe_wi8&wayJ$7c<_f0N(i!Vk1zTgS;I{va&wt?K zKkMT^_~HMLc;G+y?SMxz)@bgz}!$YpXRfCvo4jqIa6J+Q(fU(X>x|HHbPk}yN{_e&gB+r z>O#RT;SeKA(0`FdU698mNcDaXvnwJ}g0hU9O0SQit*wGZ!6+4Ct&T2Iq4z7XtgAQr z&JEsd^jRo(3ZHKEr}kaUPsK!|IcSWt!HlG885XMmGE(jN3dD$l z-##kP{yag=f||?qg%C*;|cUY!pNgxD*rqo6mcrLWAEp-NgtO-mR)jiyEI*0;{0cH1|U2sepo zLD2RysSpk+0BXBlDvL%!U`C%^LTL_wn}CP638I=CfNQ$ zDJOz-1KJXCbjqo(7!)%S(J z&@_E#4$vUi3^Zs`;rRHRqPY`Ig8f)AxvXd|B@77numy&-mjcR~C(`&2xOo6VLLI2} zf2Dx18iS_9fgDMEPinuMnnyIbVs|Vi|K?Hoa$v+(IHPDDkjk1E1DB-cV$i7>VAQeZ z6VIR5c}4ioFhQ??H0PYxriN> zGSVaEZA;DSj7qcGQK3SK%RUE?h6y8GLrQ=EI*tqqubM)gjP|BFh)p+=9~y@ZCRzkp zkQHS5NlYm@HV<~UkUKPq1x~a<6Afq=u9O`;HVPI z1;DtN04DxyCd8dXT&?7ysbDGEg~Y&v)*37!fgB?xQGYeMLoZ&h7cbF^>-6F^ya<2Y z!Dm(k7Tgd$umgKTW)w#g8ZWoyPJWTcAhasLRCh!#fq`$DPxYGXdnG#o!zOmQ+0sNF z$1BLa@uz1UeYVG3f>mIE3-3PN<1XqkKWW;3_nckVW3Ev+2R+Mj{anwCAM~^}n(xj- zs2oY0AFdSrT6Pv0)9?2)tM5v zTWy`mp=accr#fP{4@Ug?H3itxvoWGW35$qv7U~8y@GORZ1l70wSzj&mFmVfbVlH1J zVla`c@lNzhc~aQTaqR;r$d-bwO?t|t`QRk_zmq4;x5zM{-`IR?0z;;#uh zn9oeGdHlQQ9v?Tq9k=f=Pmh_0$JquFf5n9R#Dw0vcmfRPOGTn&SItALr5>oUsz1%y zk2-rck{~wYUmNp#V}EDjwYZE4@!4~_%vn0O_M=_qq3zA%=8!d+)HQ2=F>ZdPE59B$kL&k$arcJ~^C#I67R*Px>_rlNOpsG?&RE+`FrrvG1bpPa6Bt9#F~vRyxjClu zFVxhJG|f|L>c@>er~SfN#(Y>WoZ7S(^q`fp_KY5Lc2E4jdlcKLOx{C;`?2psA?ur$ zHJOqZs`$rEbBB6D#sA%7zNwZ>Rh+pWH|>M?8gTmuJ?4i9HT}JOi47DTSn*fm{^4=^ z*tq}2c=?}@7VaO`tab58&i-9U=^xgub?%EETWk9Tliem8UA5=BarcdJdk;Y3t{pSi zjnTSKk5zV0UeWUzgfTqsWJG~hPk3^@QIGWA2bFp?Jj+okgZ!O1e~y~ z{Q}#HJq>R)u{Hf*4MmxKpXVuR*KI z{_m)Yq#!|c0z5v8`CF*Wz?-^?qKEsj=t8DJCJKt?`LFk6s4$SV6DJH0!;E1NYY9^0 zN2obejK;H2Y0UD|4{k$^l3mU}=ZHzZVix%4ANkXS&mgG9^Nx6Nyq#IB&!N=? zaS}CVrxe>!)cIUVmzka8WkoqouGAMBE6mE$iozc8?q(k-qCL%i;p)C-KkWs6U%cLf zZB%_vvzO;c_w0Kq^}NiyG>i$90d)kg1AC}BM7yUy*d9azfJ5<_PyC_#yo!(N8T=v8 z+aG0)2+tVzO8Z)9#-j|SKdR$s|2oT2ena8)<_+=d?Xl@G?pT)A8||C2H`b2h>}BzQ zInEyF2Nt}ICH?lf@3QY4KB9Vf_j}B{XB<+kREgVHU18s6-fQ0H-aEVt=BoS)C64P= z9ksZW5RV*|AUz{bbksAI8mST$s~F9(CIB%|ZZ_EdC8+}wEyhBuHl(;)8Qp`4vpr>= zc?=S@^mBqXW;T@Z?-twB=h;usXQJ;b+OI?9FR-^OaSon>e*Ju20I`Ng-On@kZ=So1 zM$_G2joM$2LTEe=&%>Vai%}GRXglmVgZY(vcHwJNBBhyMzkbz=nuOY?G(Vv;tkUgZlHXllJ>P) zf(tBGS-5nia^A)?awVg>zWAnfMYFzGT300PWCP3gAz=cr31C3WFV;t?_inEix2($vECf$o!-6Bygi+N_e4rV4e3Whs~_ z!RZ7wxd!_K?qp*=XbO~AaiL}VsMJcBl>p_O&}ao&lB<#IT?m7#5GP{cb}(9mpDg$b zVJh)OnZwn&=8l5dEcVUD%j~?E)NJW1G4n}?m$px`_w%0K#~naJFDlsQ*Kk)}!^_;t zH2N;)fhfaXXI>p2^}P3A&D$&=^EP=8@!`v{tYDZ<;PcO|^bP(PcbMc|YusndGuEte z+do5C?_`Z7iXc28P8SRr#vt|>mJx!f@Q>uaVMBTc({TLruCL~a1grG<=9uuz`{0uK zHq!;T!Y&gMPa8P@&NCRAl`Z~tw3S$FmVFrjjPZiHh%4w=nS~niEc9#qBi$3tVGne# zt;O{`2xPDX3lVy@$b%7<>_AA;E<3}P(+XTANpb*`*(Dg7g5TDjX3UGEAA}oc|A5HX z%sScB!LCC%8zM)_@6^g|CWM@+t z;Gq5MX1Q<$!iiXH50vZ`3Lus)Mz}JH=|agaBjd@aU2R|QqHkhujJ=ACb?96X3K{nj z^o7xbWgos9Y%Dubcy5s@67z8U69_t2Av`vszYZ8iek6<;iJs(@r#b$~aZ1HUr&o9b zZr{dvinQwzb8TX868&(!bywLmx=2qDW6*xyo6q1%rp$6S-I&bUkeH3hIX3)sZ%F9% z78_kxsmvt~f*+Cr2s8mL|C?NBSTkh(Je_%U=Q#6mXFmqC^#8?}wa`UWiW&bM4oSy( zglU%HALzuETK31rToRkh!-|%co~s-{!Ua6w);V(t%B|!|mwenom*wJ(i=82ZV-Rm- zmm>`j<)!Knr)jC$T98HN%m&^k;!w^YQyl|~EgLa@;|pBe6JPDx=CV09>7|0*0pTT7 zd;s6?;e0MD61hXex0tEHbhNmDp3ku4B_y2YM6Hp>f|%oO0I4F&VEd(~>=Hs}HXUYs z#8st;C+JgY5brEg>y)w{A|@deEcQLv)quiH)|f-nd-1%Uz*G^5ASO3xis7YmHhDa7 zs2!o)af(}ILOySz$1Bz2?b~>X&zVoS_zFjEIh#-OB@BFLI?+pp_YKzG0cJ}4$feGm zu9i>9X_nJ-iD&lV=%nG`PSLp|eggS&hZ)tg1Y&e!TsTzQ1f)Y?6T?)wm($fnfNUW; z7sD3yg?1!Zh1xBk@0bv5c;qgQZqiM0MUrmylJ!XFoyj5^{*VkT*5qM*swZaA4|&u8 z7!Lpt2(aaF%buXBGuk6PHi!7W@HuU0B^w*OIBavgo_D>i4X@ zuU%2Vn|XuOp}ZoXMV;Cy%s%beElg-IVDAzFULI|!(ea;J^D_(h3&k97t}tMjce*Er z%pZpQ6GQF~L+)Mf1egdSY$^6~4neZsWDc}C+cO})MLDIfF#%4hVA|iS_CH$lCmLxU z88QzK`A3G_FNVVScQUCAw!l%ef+n>)TB9f$A9UtqHwCt5>&kh~oWJ$TdR@8PnJczl z(MOvC&Ked^H|h3goVnFmyuaNJ$U3t0MdVXoRaJOTVaG|pijf(R0D7uBlFPtr(vmz_ zd9c0dWF>7>eP4BEle4olL?G-*Gr=TDGCbd%J7mro^5+h@bB5dkyIojf*xyX8v@lLk zVED>U8z~HR!bpWZsic<2d67m*2fN~6bbbTl7&^#$|8d7I3dm~vhSbGsXXBhbS6lhYQgtME1$A%3PWwdw4=n41ws7P4az+L>(? zm;=9GW~C~uxrkBRC%UMk!iKxC10)OZg*PQ&5mj!no81SY$$B#p%IZ37UVqq;9zqaL zkPjpq=FDoSsiWaB$uEeZpAoNoi%7ajNiNeaoHZ{ zAIBBdJX12K%`zVvM0QLo9DYl+xq%=NdOA2qOT)f~wS1Gjnl=xDU2(gTi#}My7xfxM zAd_ph3pne@b>tUI-Vv?slFVN?*VOxJB5YtlEprEM;Dos#i%HKkUO;kq0$ErE4gvuU z;O^Z)a2}qJBI#IFUfOM4$*eE^!-gNfu0&Lf`(1QXSFOvDcU3~W zWgRCO`wshdvn|rYLGyO|4w83{n?-Wp#I z9tmE#uxgJpH%WPQVP-#>;jC1Si@{^PKpMwMKjOch*?S16L$nw~@tmMim2Eqw_qKSH zc{Rx&m(<>F-XR9wuFzLZUpfE}F-mY+wV?;%O@AHBdCLqHGk7RG^&NI>qNixj0Z#W8 zno7@pjP>j7E2n8`E+s87u2oC)xiI{+#ZTi{7Ge^}1 zOwUW~K+w$?`yEF7GHMXP&J^{~g9`xYbWPTJCN*oaeM7l8l>V8t7@ge2kToV2L0{Z# zTwep8t|283Q`ZTbN`^j~EX@W)@+?gA7x#ofPE&i{p?nFxI&2dN7zN9#;O{1gq`r-` z$=XU|kl07q6lc>Y@BX)mu4)EHXBn%Cq!aEL4Y((F0qhUwFAilvi8_*NO!NTqEk)=< zdRHi1Tr%h5&_bv=JdM!t2zD)r1O8GnPs#4R>dajK$! zj2vP}V)HPDgcJ~(4706q4!fN^8`mr6IJ?Boq2#;hDVT3Y+fvE;_9rn8?g|6@LNPC+%?~Fi*&vL5H9MDAiJ5-0RF9Si~^O zfJrh#Qvrd2eF`w(m-rRcgJJXv=q%-v3eBTA)&PN?B%VQQEJyrua${F~Ty{4K)gTp@ zWPGM?0TKIVY*|1P(drN*B>sRlrTZZkxb6k(B;c_j=b@p_H zs!_s95OBfnV+Zg^?4Xxuf&)q6uBJl=YUEu@d|$dFTf#=aJlNe#gmRM!Km8lD>py6t zr*M@NO`vHq9ra=tPRL+dt#+zLE{jegy|B|<#GHX@Pl9k^de9)VA8HtW;aHf z4~8-135k>--ymecRFpb!D#FgH_|B@V=oK$$YIk`nSb8=cllyoAkR8Lgfu+YlRSXpZ z(_WAyMjYVka{wtaD8${S+^4K*WoVpBteF)>XVYmm%c8s9L|>U1a$4rA9jr}l3`2Z| z-4K(DyDyaep&Sh5x6B5#=*bPHccABQHo9Yoe=rVqny8goDwpGHo$8%UwZ?uOfzNGm>W}eK5n8_F#_f&>uK9e=|574M*mKOZi zP;b?JY6y>7rXfX2$HK6+V){(CStH$*t!*zaY%pUt+a)-dp!l2sCYnuc6H=F&l%UJz z&Gt=f?>!(m^mgeR&6_|?mC8Rd^Hk>l0)FDzwFP-DC4V6j*j;%3$ad3@gX=cX(OHw(~on2{XYDSokTn> z8=@t-9%=x}y_xJ0w+QVukj;S{i){zaGChzfJ|J{V&3aIp}d%SDcT!Mb@h6apLd3H_^&MbRV(>*mwmh| zt&-)jOmG{VO|j}^G<~@`9uOg;$kN=ARs#Wb9K#jEjyvE*vsZM{Nb-qpdr5cN6)NZ^ zyUw!}%#}-0aL19isc(}Iokt=c8DST>x7$3>&5{NIC8(rurmJs#xw}o1EXhY}2IEwg z6RIQXeT^R5j7!f8eX@NB6 zOMi?ih7@af7_sSb2Q$jtsECam?F!QsLKY6gwn1=)tuB9iO&?%RD=kMt4a0GkeNl%rGAdq13dXCKagh17`LMg0Jq|nBk?rPiTuot zew=+Fps_VHB+q;L7G~dz!kwwtQX9tgqc}!q4Qo z8cX~LR@(i91=|Ky-Fc(t{84b~g`@VOQ5IKS6h=8Kc3|lPOuE0c>{Bgmd~Ax_A($hH zcT@gn8^+DXahvoi-H#>}Z5|~nxTDDX#!tFY54b-^%s7V;mQ+saUl@OQ;Q|n^NPE`u zjji|Q(PQRx#4fR;nr;~4fVS*5h`a~r0c*A4{%-uJ_#W^v6Tdec;|g%)1%%Ti0|e=) z^BL85SW)>E>$jMZ&4vIGeW85XY{s1{*<_bYg4) zj2!!MhTO;P&Olf~0@+?v^pNskLJ~q*VhPNMiQOVvMe1@p##8foYL1!BQ}fKC_HzJ5 zgZ%~3k9G6Re8NiSEk1-%k(PCNK-&f8zW_S}m_*S6FfR58IFj`dzlaE{SPtmCl)RYT zjQ6G3k`30y0Pk)AYWsoc0=*Fa2SqbVF&ShL03ivR3u-jBM>HLCCtjjjfQXwD-LKEB zUuZtMkn7t0=0OTtKTH^Y2u7@|urH4nB{lr?;D8r|J*X^xm-nG|d)-i)&5pheIN8r3 zMDjPYS(p!5x2ceRHtoiEIiMYfvnDgAfC{KKm{B1fxT1=m(3%6IzyhYq2LkQ-nn1h8 zq4b-P%U8?8@elxM2U~kZ5Ai8Fc$SIJFc$UKFN7hCd5C3elzxy9Wkj(6p(bRNZEuT8 znJR+}wh+QrK*=$`BJD6`RHKw&Z_>_>#W(T>Qbn%wHMduE9}fbeV32y;qo(W^J*7+X zQwc6^=R?S{noz7CK9Sj}d%Kh^8b%Y@`n0@d~{5t!#9{9hws! z#!i!WtZ(Z!`jA^!w~01UC)z%HmT_1Q+1}Ft<$%Pn8lxdWd0hi5;6f_U5E66PX&0g& zQakB)aZ*KSrzB{~Vz%Bi!+tdy%As{&qv{)?N6Eovm>du&?&N5o$g_s)E|gIZ7S(uR zf6bYnx!QQUN3YC#Q$<);#+TTzaStG;iC)Yi#d4aDbcO0?uA>$j`s+muo--O_i5+uUci^qrM%?(2%GCj)HR zY?c|0pdlS&li%YCgP?I!glo;}kZ02TO>)fQ=;i1sB#MGoEOQQS%jR<6ZC{*K$ilO; z3j-*AY;ghC`wQ&9oy8&qLe|YQyjJ|OjZROBxnWvfLdt1v$1Ma-P(V|MZ`y54i!5jE zTgIMj%zHsT-!^VKz7#jFt>D1 zS#zqfyPB6kvAlr+N$fXc`#n;n5E%ujpd9iUaRMTG?C8>8gr7GL1;I-{ZTud)n<=oOze!!>?VX6}VWg=n73NcNIZ z4RQeI3&ObwnC)Acov)^56MP+geudf2y~q5;+BM9e`AuejiR2Q7vcy|_ksD`PvoLh* z*ti&vl3WKRky0rZ>`h7B8SW@V(p*0fcNPlLBmic72kO9Pw+;LM8a7`U_Fo>ZAlQa2 zg23*|_=)LxXfT)8Er?U(Ex43zN2@9z{3VZ6h^on3ZPEk z5w2s2$mxk_{|FR%VU9G*SfAOQxpuv79>`X9wTxA+Lf#<+HUi<=gJsMT@&u#FAc96E zsX;q8ZL4ts83P3>G_=8Chvp5(rUizv!{u*%MogR`=cYvLNeZmgA?BMAB3eI_KGD@q$a+ml- zX!J^H)p6-itQE4rK)67EvRASt+#s@P2Frn6BmFN&pG$rs#~$EI#u^{ zSLeXYFtN#DhKwv?T32*cg08x*``=yvuDkBK%Mc|ANDc!tzz`)VInIbk78Q}C%Z%i_ zfJzdX_xn5d)=bX;?!KS*9jIH?74A9bInQ}=_=&YIIdctCLU^-vw@7im%ewn)zF5uC zA9kftaG(jQhAevy9 zxPMdV;*s#(9-gQ8jE1n{GD?Uk7GhqP;W7g}(-*|QSLe03Q#nED$xjBaRp^zBAGJH| zA-s%&x0Gmw3SD45iAQ86F0b?@j8gxR5%?uw3c}x|=@+IE_i&6qi%bMzM4;MP@;h#-o{O`HkhA8ga*GVbkCx3NWxDCL$kH0LG4oaP1@lbV z@Yy8UhQwr7%+iXZ`UsyPX;DsPTk}PtN*uRCM4wq&SuwX(!eN#$Day)D-(&6V%5!A# zwFPEV21Nk~7r=Xl0{F=cc7XDJ9<2m+_lLQn1PjP!<=<)gW7 zAbO%Ka_P{Y5k3y8+Ka$^LaOC|&qX7&FKyY%M%X3E&ocGsSt(p8nIj(1letc|l{aMs z8Ranq9UJ0VbX~?6JxV+_<8OJr@KNy@stu2Ac@M5tpztPv--KMD?Dr;rG^KgAw;Z== zKD*gnJ9`>+GqC$^ZDX1uAYNy~t z#Qza^nFMh{~w2(Hr@Yb$K9d6nk!74rwQPVVAN zM&X6e)RRVnBCf2TJiJKKJfBL`lSD0ff!)@8P*71~nGL_b-J5N^*dReaQ;?)n861!B9R?nq`v9^|KYN%E&r%dbs>g!I+ku5@6iSa7W|lqub++noR^U@BI@s^nyxQho#QMul6I$&t;OWr3&~1-wFIQ~M)ysNatcFlCPE1kJ;{c5jWzgky(p}qEEds2z6%GP|c@=ru_zrjw8W$We; zbb8lUBVD(t#{H3$b1apJ@%%!O26!9o!N$z=WWn^l@6zjqT2k@LSI)zdXx7@$EQun2 z?OBWSt+H?MF4gMHPipoyP#h<982=PEedE^JG~bw_{QCUlAQp=9>%*Wadcb#z;U@)r zV%t%#({3B%t3$IUj8@~vKDo0Db?2sOFIGW?n{zu=IN(+lZdDLjDTJE`=LlbN5V6X#&8XzJKUF<^y@Q7;T@8@UTOr25pC~f< zynxsaM$8Ky^}Ud}72ypX_U;Z0mXgr_n78lb%?qLVud4ew4d=0aukNrI;Q`4=pqX;$q3leL2 z7vmfvrKqUf5=71UI4Kw=_zWi|qd70`MN@?cE;SKc<$Z1IK%;DBxek)-S+A>r>FzGT zgml|!vMfUdMl)3iNd`P#m#Y21O!M9%C19JTP|SzhvJWf>e{IUyDiG|-Wblgaik{^o zKWiu|#o%aSOXwiX7qeo(J`~XNx^{Toi9Ym%^gNq8u*)3Y1;vRI7q^9DQL)k@P}`*_ z&<;fk$^7cp`-0~d+_mMT=~>1gk9T9Txv0Zk(~-McgyQ^;jAKZ~pzk?HHVb*65HRrL zQ=~DDM~|Q3z73$Grb8)|lHiaA>-n#)_vBIMy4e*m2uzP*qdJ7`Y7U_BCM;vN4z9uH zp>%*%remdQviJCFzrU9KwbNg7{yONdL;mXgwSC&_-Bw~Yt9%;0xs8YP=anY7wUIxq z+b$*Z7KAyp!yMTW5=ZZ|OX(F#xV?7Mz^Pwl^GH86FX{P3Ll`vA&zk5#65&}lIfGU6 zuyE{=s<~h9vEHg#qj!E=HBajKsj7Ka&(Bqf&UM*+tOLhbtfzqImLKVzTD% zRl_{kfZN~Lm^SHa8tOxajpAnwcYDKpr|dJY0n?ogVl5slG1hq<{}oYI-%_s{^cFLHUrzWfby8*Wd#Rrl4(OTf*Yg zo(9Yt4DB+YK`P~ez_A8e&;SEAzsh|U7QD(0tb`O)YAjCH*>40t?1hfJ)n(u9GT-U3 zNB7v9%l4MCd4t*t=KfX&xp}d{h!kT$fop@Z07@RDIw79Zp#Xgzf(#!55lsn;&DlMv z==^$@CrXa$@)fkDbwp_dJ59lkL*GkUo4R}_;lZrU3l^{dP6eJF&k9)R?)eB|MTB)< zF|*=6xl}~#34SP9QghLh4g+Vk*PhyI@2c3lE8!``Z@3MKRHSk>2Iz_j^b+iOH_t|*ktg)3=Kk{DMds%H7O)s>SpOjHq0-2 z&E2X8eowEtwHG)U^H#;ajSCk2nCuwMgJE>8)i9lTR1s(_;jOrGF+AHuA#UL793|zc zuDq8^*G#MO1yzxeBeXiF&-)qmP+NIU-xn8#>TkH9K?=#Dl4QBb9hBP?>|kRAlmZGyDU?abg&jUL;d7<0Q;ux!RO^gne55-D_yD2H=r zM5oSJ2k!+byt|Riy5x`-BgLhzE2c40wmerGT_#-yu2u<_^g|u^*xb=$@1sEk#2uYQ z&&BrjZV->x`lW{Ts+p{e3`-aV z?pYb8dwfKN7q=p0g`aZ|<}WJ=OQ0B#WHgy62|`R=om9^DBkwGlInHD&GS_`Mcv--p zu>#AF%@dJ%G78^lbMLm-x3cB2>O}_|l2Jli&g@9Xhbey5%)10BHOO*HwgE*d?NLYB1PVKuXoi#FfdkQD z1C=eJpEl#0ni**JOONiRaDAFV3oQBYE80thij2reiRi*w3Etpij1nB^LO!I`E-!Z? ztbJ-DyJP$9$^H2Y(C`||`?JA@*5gebyzxTybkmR6Mn1!!Rc1eb z_u@*J7P60}h_oSf-sHCpUi5~u`0<2pGAWpJa*y0e`17YEwf#{NfSZ&%w+?2dXOf3nxgn{}^ zM6v9#olzw}NLVW0%7@=bq2=i-^DlF^b|!=YnpY7Xipa|j%Wcz}1t?oq4bB=uHGZn! zJ}X0#eV{-7MZbL*O66V|+t>Q-^@HYyL3>Km9Md%4r5~3)xtYG__~a^*4+%)YgQ14EBrXqSwwvwo1+$@& z;yduklaC=Eh^A5qKQ6%oItrTyUI_4nAxos=F~wwB0S$1+Qt#{JC< z{wjG!TRM*l-fl`u4f3qWZqQ89-3SS~_owxQq#TC8uwL=`z+&%Rt<_wwH;6mZWzY)T{b^$+WVU3o~C`UY0exnXAPkvoHS&X z4q+M-;R)S&L+11$JXZ=^j9fc$vb+?O=({RQP76xfm4WBw zK}KCW;0~cCzaRBbVyYT%4`dRKV(}y8ci0>`Y>t&H<>Wzg(lF=r_+j(C zLD7xu?^B0!*AJT;h9MBvo;}1^-aI5MUL*6}%_mCJ?lCfcc_YV?&T(Hj!yT^tNweD0Jj4!PjW^bPv?(mA} z>4RP39nL-|xjTj}gBm^HCPB)$JIK_srG!4maiK_uMjD%ys!7}|RY;xShY5BW(N%&A zKvt-QNGjN;sumPw#im}7R~b`YzAdWKlovINNM_fgG8gJfPrZ~{FFq5}HlvC7opnZMN{BF>`IcP2&GM5dppWh#HmkqIb zmk)t%=MQB_j*oPmW|Ez*+J>}udw-k;TVqs$*BAqc96DqV8!`tE*~5p-%|qsvAwYBE zkh?`=tkf9S3}qr+H&9KrAJ5@LwOV8F4NO-9*@D)pxwy*gwNlo)F@GIcsQ@!Y zT_JPix8!-d;E*wNbE%QC{Xw`u2fD+X?nt^Xb^ryjgO}DG(PLKiW9YRHcO)@klRqAH zw~jJ8&xeg-+fpP9u`J-}!=ZU7G*~OIA)%G3l_!jv7e^}FMhoNaOo*OKoCrXbnilr6 zK8g8ojiGP~={b%X`59_BrnQ{~s?E{FAmE+o9w-U9PFy#*^os4cTnM*>R(@0{(|Z6` zoq5^f_6(Mc3wt(N7%`za`VkO7Ri=SXYiX~xmbR+XFYWtd?&2{9=lQU)=(}U)+0hDF z5SjI6{ zzzX++K6_PPyh%LDS?^hA1^-aG+)j)l`P9p+GpeSu3jLiI95%_HLci20QumM(^ftEs z!=@&ghc$1Eo2>dDTADZ_hBNBtB3iPa{&lI^I=$Paqf33$YP~w!j+XSWZY41YrsmE5 zbzE<$x!>zXaY~>7%5>cb>t{Rx)ro0@|CI^mi*7Vw zSMZ7`G3wg@{Oc#oDoR5}^Xw+}q3PeheOy&{; z-%hl2W)YpP8u>!28>vV5>fw6rp2s2f*McQ8r5#HM2f19cl{~aCMRAC?A|VOH$|>ZB z7%hvdggeahcj)(5+KhrA-w4j1i5=lk8QKo1nYEKuqw1!^8_y7U# zoF?1Hh1jebT=BN`LrZFWAL|3QyFRK(geS^GZ;rw4>lu%wSEv4ku_F1}*SXlfn94cQ z6CL$h31$m13wQ+%;rpwSKfP5INf`VP5t0U^p<|J#W$%!>Av2)fcEVoaQR%-x` zxnROxOeG2|mB5M8UEE5R9_+H0vV)Bk6B&irHWP%s6jHJ6)K!;f+Y9AsFZjq#%6X}S zI}^P~hTG+KHxI)F-Y1Iz`1P5b)te{mstL1l!re3xU+WwlQE{nW=i-}Pc#E^VbDb+c zRI`s#_z!9g^^Nb)RDfLLhIBg4e%wz7A;%rNI_ArI*pnHXm%H=LGG~^%{$*IzDr9M#Jc~*H_a^4GO|X&3^>XC| z$M?PooC`-ynl~qiP`Gg>pF%KxtxsOlCzsaE>GgG=w3!2E+QVid#Z=5m*(aw>nx9W_ zfGj525o*~*=D*Wlha+}ec#z-3en!@ha019i=7M^7Sl#Xl64i4m_N^#dmEWqGtLx#t z_0C0=?y3ZT2|<`Ty~?IeX~Z`of|KqE$v|ev_h7m%V$mBa^W|drQx6$ZKw-i#N>y4|DLqgaNA}?D&wFaR3x6Sc}LJAtF#0CH5`?2yM1^IvL zY{%o=W)rX(Br0L(AGI@NsMD5xUU%!}ZpD3wOP}lSMxe67$=EIL@<7(1C!=_SVvBvW z&Hz6M{f|g|P-RI42#f|#&lR!b(7!rte?N@aL_o~2d4&XI3IK!=?LlLb13Yt@5B^wL zl~jrx%cVH9blQPbt5fvQsHWD%C~Zv52mOo$r_a*}s9%3&KEZiYVpmQDk~{~if_z{M zcF3Fvm!dxEhQLf&)kioLtL)sB)~vD<{#xZ_DF&Q>WINF(4xdu|>$&c#x#3eI?pYY0xpuC5a&GSqUXyk7Amw-!&Ofrz^EF~zV>@+q>RK9vqtX9~2#bmU18%HoHL>|e|3D}%N% zl(!HDaPCvJcfBdl+XH=JDgWyI{`Aby*NWR+408SVhSvSL-MUxapqPEdC*rV6;3P%b zamuA(O^Rz3o)*DVWfDkcrT#H$n4=b%LltxRp$&%zPrJDtoPV4d;FNbhXAJU%{AXP+wuOnWA^+p-rI@4SC84p$5ciU$~t6! zG-hubEB<)Q+(v6&Md5LNoxMX9h*eGb;jseVG31@j4(dblskE8_dnxrE#|qoiepwHY zpWke)#&3K&yw|6idt)aKwFc|Pc`a6eM+H)%*DV4z>nB8^)bu`08SRL2(tRctpd2D_V3^6Z->v$VWH8^OBEM&sGICM7B;n&V)Egj0R+(Nn}X9e(8X2wcn zh2y5UGry5c8%a^pZ~7tF>}N$b*mStijs|CK^i>-!X&IK74fBLp16_;|lrjX~5r)^C2TXCG6@^Oc?U$c4!-`l~N*s zxT9nnPnSJyM&y#%wf@1x)y+2bhh++XTX5@C;oOorzhur>C@KEcar1kj#aX-|dF1pG zv44{3&B-Nmg5Ej4WRBJIF(q@9o{yNYCoW75EmaRGWfP<6xpraG*2H%GA10TYXaLY zgxLB#L_iwG&@dbgp(CAKg9oPyrwo|W2h2&Wd!MKxW$C>yT$o($?|mfqUNcoVp=nOW z>bSw4VW$3`45ro`*)-p2^25WL=3qS^)HG|gckI~@7bb7@SKnmMo}Vh*Q!@9J%#Sw! z^zFPMFy2}+ccp;7r9}2L@7z!_*XsG2lDRSi^i2zsOH0*D0JM;5N|fD~Cu}>Q68wIu zbamNYS9U)rn;({|*Rn8GQ%~XMZo!hz+AMIpA2eF%?pv7qDRuk=zY7PlGw_L&W7QDG zI^!Xo0*xysRYj2J36`((3n$JcFy35&zetOc)gueb(ykr3S>gM`=CWaP(XjbJ&0JLr zFB~@K4Kw<+HT#=|g(ns&3iqtx%zikJQK3o$*{(4RAoYVuF`__fwqY7$b1k{bYAbsO zCvH~wNpo80nKidHvDNz>S=BT*YbS1E)AXF$x2?IVnZt^IXA=qVxrOHCh4!U|_T`1~ zOAFm~oz+X4860*?;V_#6pNrcChe9|66DR5ud}3;maA|{w1ToZb)d7f*-@&jHDBGkH zE(hmtRydT>!p0!q?nNyo&+RPO>AkTg+ zxNb9S1FPrRi=4T{*~jLYN9LJF=fy`%xg)3OE)#evm>H7VC6}gD(Aqg(zTwX4|MJ|* z!oJ*$EyE#oE4MYjsF)v#t=peh%smxzZzVoq%AGhR!1>!ww2+Y)juaKMn{i9sPfk`D zpen(=+%7(I%AGZp=el$%gGXNqk0MDFp~QG`6@|TU^fmrdt?{3%nAH`trV?K;p{3-CZQUn_K(3Z|-xq z^jSedn$Ap)kBx_!3na0Pe(*)~9SI9XaS;_dpk^P=Y0g&mKYM{|4}#c@W+9i$auw?1 zfNuu!d5u#%2*pgcLewlyBfXCQ~3(U~43EsZ3oVWOGF3bfTqB zYr9vO#a`fzSMulan{!vDP6jZKiYk%4I^|xQinzW!6|26re%wT8Z-<8#(jlr05u;aA z`2*W9-;q$TR}gH?5U5GS-DtmNt)p4h1KNU%H!qyqH0MJ$H+xTTWC&HoBj$~ytP!tV zA*bdGf0}YjHgjvI-0NM{Lz=*F6PWy93-Lbgk==t*{Y;r#s-AHmMKo8LkNS1Ctu!tO zF{vV3q}B(MS71Cgb#FFM_-^ZUU*dut<0HfT(=~H(k2!W$_-xHQQ!~fS;&t(`T47(k zeMGO_-|T0O?B!K*SQwv2basz9xXYgF%nD}?>EdfJAm*nK>Zl@Sc8b!|xQFw_llnN}PERhdxNv?ZsY?kDb;2W4{^wa<0 zKdhg^0c0F0wRGPN0(5nuqz?wG@|N8v*%y-)wH&Bf8kTOUM>p5I)2Vw8xDYy4No=LQ zOYmD_Yinh`v1?7V#8Ui3J;!Q6*mi2&ol?&%HL280nK-$QNr#Z)Nv(d59^SWT4~VFx z8xX}!_0&;2kfRQ0SU8A^G~vMovojU2bKfa=Z;CR3u(9YyHP7;a2ybBckz2#pOSAh# zEX|gbb-{zllvWr+Pn9b}bB(&@ULP_q)`7UsRIu6sIMGE-Xx|wg3Xz8bMZLlFVh?wC zkSGO*z5O?#{WT50{ALbtFQShqeW5TA?EBhbFLn+V2Mpy(qd{Ov+cB!{hJ`C4cX>o8 zn!Z#`f7u2w_@yF=IV*)yTYg+&`EI8N1b&`PW_MF+H#D3ZLw%JkjMXau)N8-q@nskzm>~=@sq7jSgTqc*EU1p-?EoB*AAY4&JZEx$J%vQqo7EA5SURz9< zEi2$=#e*6|-o3Yn*qIG;7|v2lTr=I5U|H^@MtDx6a&{x5CtEWNcrce?WH4l_NUdb% zf+SVFm@zYyel66$s$s8eC<&P_>F?uuFk6{(d7X-O)HU`9C)18u)?-%mm~(qlA8ET- zmp!0J7-M=CR33!&DIF_~jF?Ej0rdjys-<3?^eTIP9FlPd3fUesf#@h9PsgP2CGkq1Jux(=!$PL0UlFxX&7Z#^KWt9tuTX0EVMVLnZJI~=QAh<>9$~rN9Xg-^ zpY5+4HP9kr*?>x9W;cXK>`ywFqZn9gAiq9E>DBh}0~Jec5S*$&RXl&d9N0vQlE{Pz za`}K0@S2q?TZ1UnfSV7cH&0Jx1sGRN2=(H| z7dInly>vG zadK8g2KgUq)tM4ea(IP1r5h%~>*d$5D^sgte}>phCpf21 z()P<{jz4S8o-`{axy^Z#=B!Dt&0I8TF3~%ePMRz9{DVnzm7cGj3~!jMTtAr+o-H{D zfMiql^v@6;PZU$)qXIa}y2`jRMxjz&yIgvZ5~t?Zli_2Nlu~$TGTYjb^q_TtgB&uc zQ=x*BwR3G0K=a#D2d@ymsz@u~ezHfH*+!lNxg2FXgpuO(~vDW-20R;nJ6w>|~|1>`j6)Q_7jN&Rv8zHH!H zQqW-G<=~qH8e@sU=qYuuBb>n}DkY&cFE@4RAa5dqQbVx?81E@*N8ywXvA9G%HM=OH zKXF4pgn#%ScBpdfsT}B0O`7)sN0-XYpgTRe_Kf4k!eF z1>ptty*V0*gyl;3QrfrQ=E6So2laa`=A2ZdFhw>(=~P?e`$@_WYha!Vz*4cPy_Z- zrSg1{yG?ko{}6C3hk+2nqQpdvrUW&B<^As-o&DayoQIX$R^K`3BC83_0>xh`ryK`l zI5~v$&+C_=GTL;j%~R~_$Fr*)Zq)*Y%h!ULgE_kfEY9h~zEPY>;v z%~ya5txLndqx(+iHsxq4FR90$8oJe};4Aw#7;ev5o8w*Pe3XRC3{Y5Nyd!5T%o_C* zDZt0ZGS+Of39XN`YuXS)o~YcXl2{J z_8E>aR-1}{!@!C-K#&nshh$G~x5~`-q_NjuoxjdjEO-5A6CCaeJ5tf!7g54To%7{| zWdUH5NmGFLVpC`f7h!a4;Pz1@1HKYlr%d=fs!Gh~uVHMH3-vA)r)d4cM)RAv!gGh2 zpP}`Crf5AHP7rQ7DP)(e;vf^$+sf2tEJqa*;)ys1CqQX_ST&D`z&r}?pa)ddyu`}+ z@I@fcg5#VZC^ISlBAGrGpdRt0B5E~0m?agLxE%CoMI)^-i&iT$&b6*(`cspBOTxY% z4~*pgsLABujG8^7-OTR!UCgezMa4Q8EB*!iS@IT8wSMxM+oiZtbP3SsVJA8AnY3-2 z9nc=s_Y9s56Ko&Mj_zn-TTWNnIC1TO*eghwog;e6r}@;ve!5p7Mrh^)stWnw&Xjv0 zrHlCMMo^y&me8?YpclpEpOmhGYo%2509xyZ_r)ki2wv)d;wZ*1r8gA40d^X5I>ixY zds9F!XNnUpm;2V-X1UpJS*BOC1s#7G%*2Tb$pIB41Z_ZY2*8HmNGVE*O~z|>6i@~K zxkyC1uNARbW#)>5bSw_`O5UH|XkAbnAgj5~_sfFOgNjfPL<_MKB37d1_Gsfxg=u|% zuGOGJM5p-w6VZ`<7LfgaAUvL8I(xE?rwxK8PVkUKI6Tslh;rOKBRzYFF>Z%lu4Ac4 z50Wx#ZxJ4Cmk5t9rwQQ^j*9T``JjKD5uWMa3p?PjJ7ha?q{e3}DmZFIG;p-Bi!fI} zP2p0IES5Z~Ejm6WJi8$SbbJ=V)0&CMPC8afc0>e4b~GmhmJ#-a&>!xuETq&3wA{?~ z7&OCQoxjc(BkUmD=Wv%Fr-6k|ohSx3VT~ERfecQgHx4X^qQGzn{^7pHZ!vZ!6GcZgd0c14I8GsShg< z@qzkeByRhZ#8H&aNvfThidUjQ3Kv;r7OgZ$k16@(%26OspdZh5h}RCJSCmPgqCp@e zTWA|ZNOD!{2?+*g2njxJ2nknDNHS@AtJEc0wG^Kf*(VIdEl#udFb1&4MF>fekme2% z65^ny5fVshN=VR=QhC}U7Yayh81hTi1L>o|a;ljM_q1rl3iuaPm`FQbMAFV^-v)ss zpN`FhB6MdU*^#5`(QgdYqoj^M!)`Z!hCl0%@L2205x$9FFp^pjXSSpu{my15vp@cw zIzj{uWEJBi0!X1kRR@J|^MG8VRAEkHVyF{d^nq9_)J=cuF!3sMf9*-9&(D##6;cuo zAR&OT0^UV0>!1r!>}F->_Tuc^PEzcaWCc9c1-1s|nkYENigSDA$ITRQT4Uy|7GIf^ z9M$o);GA6U2&)=)%mN5mcM5)8JSEmFM{0H#0K**9Vh$HucM)IEUsSz>-vS8c3oGRb zLU=k3SEg@IrzTT&nm>~s=1DkTp{4#f`-OC?C49u(H;U_IoU5TX2?G2+v#LtHl5H7X z%QFGqZ=j`9xA6z6-spbN5}fO78T+JMUT|sscafhFurY~w;w`6rBf(!@{5 zI;0=YU?7C-2GfCWuKz9;^3WTO&a&Z|)|*mPFhd$UI-RHy#?aD>CVqhz7!D{xBTdx5 zU3}W)pEB-g6F-%z;IfV60gj&yEhDqpoNwFCQy0bfJO=Qy8EMVNn{|p{e)?UCyT>#M z3(FU))+kI5zahLYEL~>fONruQ#hXlDG1(p27#G^X3#_})#uv24==9W?0-Nbr^I9u! z{bqCNGD}QDj3WoH-*R3$H^PuD(s_3l=DYZ>8L+&l7;GK;I7#ue91xA{ChWb^aI-T? zjR)Q+AT^0ANZ0gdc7MnQHWdoW?B+|!9BJ0#rBFp&<_@ZXr$R0tXX=?&nW}EVSIQ5L z+h2~mN5{=0eh!<(D>+|Bae*=zfFUB0o8w`t^zRW1wba~RuZ za?mQ4f;fnY;e=PSBo`X{O{R&w!tkm!reEg8Vc`%IXr)$y9V5ILn@>2y4%n#1FAL$L z$o}glu0n_U-;ut7;>3+eXJqP@n)`dN49%+0O}lPC?REP8?(cbLrhjKge@%<__q^vj z>H7z#Juy0_eRcFbU#-38opj*AY41;et($`EKIayR6gmwRp{%tbE zYN?feClaCO^$!&Roc?$E`n})N`-C;}U6p`SNl;+~9G&+*?dQNtYIJGSaGZfznwS2d z;70b|i2toK`}2mdscF9s13b&rmyg>s$HNul=8SQ(beub$Ic5&9OAME@#_h6kP;kX~ z$cO*x{=@ty?^>?^K|uG5iiym9)ZT9GNsfXiEXKK;t-00OA3+km5Pv`BC6L(K3#fxa z0yR_mey6!iIlGs4njh-<%1(2Qp0QJRx|W6ifAM|7Pf!{CD6f!etVP?W#?7>tL>oBDeO<~`Rk@BP2{9Y(>{sP7Oj?ta~F9#hFr(efzfwSx5X1~JiJPJ{@8hHPx1-^+ql#pF zntHLm&vx6N+U%+M59+PGV$<-g*}3=qVfCs1;a6hD^e=HsN27bjtZcY$*_c@|=FT1S zVvY99Z(KCre32lw)@1)aJQ+&Ufjj|2U(j?!8a^Y1(3*W5@iWW zj7a*KFR7-Gi-~3|)@i^O=h_ix!XiCN>N$vZIeRXYFt9OVDf~I56H_{Xn1lLG9m=$C z^r-gH&%IB>VVk56F;a;^b{S_TLuT0dM>Lt6Fq3cwzLTSgHlZVymU&ZcG#)*K#g zbKYBMw&Xo3DLMbxa%;PlvV^et*p6+8Hbt#sRX`1hZIj#8?h@{5cCowr63f#++im3I zRF*fGLcU)^}{-$WHT}PV*~7#4c`Tc-npITXt^kTEh=|Lr#Zay zeSL9fcbX&DfA2KN6+yg*y#IHp>$GJ3caKfKdwS=ri(1~#GiAhrTmDP9Nh+tE4`=iX z0Y~J(V<{qsvZaw$QWUW=s(hWNa4Z1HLOPb1PDvj%0?%Fn4y+2$=fip{4OsE~i~_fT zA1ids|CjpBndE4C~{a}@-*@$pev*lF&0*Sh54e2WT41$ znzSf)gYVjXC3;|zg+!<6#xQ%C^wcUf?>^;6+SHE`X^aP=+-=6*EPcS*TTS(Qh8C%q z8@Ydx-Ye-n)dMfH30Ek^L0GdS{>V}@P24N;b#{im_Oi(9EjfQp+x<{#5H5U$2`-8A zv+3Ac?rfEP_2RiXgknDfaRwI8Q{l1(TdY*D(QCs^kWL% zD2=$5t)wem32GW>%6kgCCf*v`*xnu|X+D(%XBBb;aDxk^_hCm8AK~t3hZ4hC8TX*B zD~Zi5+$+z=`Rz)O=O;RVMhEVBf z+wPqYn^F#JPxAjFa@c$zx#-Fb!tv#%eHliT&nVy;1XNTxJ+C}K@o8C9_2Jc0)zcDb z@oI=de5widhsbcUJ-4RaL)`BZouC9*f;oQRAM28>nu>2)Luh7%s!%b*)H{V1ya9^! zWK^jW_sM)vPur8E6l&XWN0jm~rA|ce5;pZue!4Xeywn&43RCa~aZw@it|ON8rd{Ad z^t7tX=159Q5pjxpvpvHY`=MJ9MX_ot+PcKHuT?DAPX21;^o+j}+=&SY%S;##$3s}y zNfF>g@F(~PQ4K>P5@JfsLvR_aI~q1aR2tQQt#Wjq1@l4EO(6B8i{;1`5K)x!^-%`h z_bG!rG0Y=G)Y|fY?osTZtM#_|ZR2ff+vYc`ZJwW7o0speHS?Xdu6(gp%AcI8os`R; znya0X%Wv9IMwm$to=C}`e_+y*SVey`Ui|q7sH}sm7$#a-Q_(k{tHIwGzF4c|%YF^@ zd`)$UGxut;SV-?fw(LGdOeop3d~NGg^XI!o^lj@+8gQW*!aJX1mwuUAFPa~Xyr50q z*iN}DYO@lb&2kXes7!nUIe$x#L327=DRLz=L+1 zcog2OUUcvTRga?c1Kb)!-v-A~jys*f=D}#;YG>dHfRuaWLY5DvJyf6R9s{7p_7 z4U+L9ktRAbs$&7I}&#r=yVUapAt-61CmGFQ0VO;^0I&CeoBn|D9{{pQ7$bMl=amVxJ{_uYZV$X3PE} zM3QCi4^FUbKus)HShxjK307bJR-vr0aJP%@Qb?JoFl+O%q?(HVm~R>Xtp}X>CEp4Q zk2&{WG8(tOj=~A0kOa9!D&NtRx`2^mAZQ}Z9B$}3dIHm|ML3D~d+JJ0AJfSbJT`63- zY|k|Zm2zOe5qSA+F?em-cQW);ET?v|J{9=FQ`+uyi3vaE_@LJ(VQwTNGK$!?B5U+z ziffVTW-p%S7m@_|WSrQa@n|d@c0BAki3gvPUTSCB#sZ8f>cjlmeO> zS*o8Oq#MGl?fxghD>-j36Q-$;p_yI z3K5TVb`Kzwd)|;~PpU^Yt|BI@L@oMp`=;^>2ZM83WAEt4-ofm;ZtM?5d)W^s3-fbg z6quNw`O)`abTCn)k5N=U(^e-0vGG)P}7mAPCaqEthS<`DBNN?7(J}tpD67|Jwa##&T(5P=WaBmixt(u2x=`&Yqyjt{RK1{EFEUOWAS*J zWK^>UNTZVg1Np#@fLw@CDitL&3YD8%C?##dO+J{h<-bltx85b=BhoG1LomKT>kl%ZjZWNw|JB5o}4Ro^BQvG<#safhE{}XO*DXjE z78|9ZjX<_X3bI@{(@(B-PK~%^lj^wq-@0!xLH`?Uw8Jk19 z^Lx*Qn%?DuCH_<{Q7KaF6Hpqid4K(oze0g30TyQ2V}%L{-UyfkO~)~SvLFsU7E`$+ z=vQC$`hau-9>AzN7A&{9NsA&)X^f>NJb^F>v((t9$nv)dx}@k%n>)|g^LdTZN{A$7 zZ)(Y?nKToYK=J1iI*I?g{WkRF48tw#puL^?gGqR2QaGVxu8}Y8`_^1+%|)#%?_F)9 zYan|a+hmp*^}yN$LijCk0kW-3y}r1^HgmF9g>g5vYAdqhpjO~JQ{a@c;aDEHRYlUD zr{HR=GkMvHiOu&SHs1k@-e=7hdYG;Ns~4by^Lc zwz+v9u)$QajN35DHTAIVv^L!_+`;VV775A}f>2a<&OB$s*DxHpGi?040)|@1CwWqt zsoP4&2!dU4-jl1rn)psGoX-+tVzG2GrqN95=E)F9%}5t$PzXq7{*8*6)59NKFA>)z*m+wnH8W73&^U`z_8!ID{}^ zmDy&Q#SoMC*IoQIUS>Hz8$)Prc6J1v>1U<|p|RjWC-O^o>R}+%lR>E0L+BoB?*%gD z9NmRd2%T;1IlMAIvhG&F=a2K$Ejg)={Q=4TsT`Q+Cw`VFw@nB|WL{RDx{VT!C` z@hNP)y)Noh!hd=)6a;(9`@n|kO~fuzuL_t*8QB;%W5Hv<=IGF`<|E-J4nsBF*s%y!}pS4hzkp8(#V3dtr1unu%6(VyJys<#zWi zD60Otx4#xvlD1o*^3XauCQMz#gVM4#$3Dp8qelx<)90wVb#N=)Y)!6ws0nFl7@0#` z^b3#)W3P4gI#$q;YpcL%gt7E;IR-O?Bf;HV>fB|p6=L%43eBCNy(2VtOJKh_G&hCj z#tpAmh33jIx|7um&hnX^4)$f_xUUOu6>QZ@dDKzxwztro)ai)qvj+0^PWGm2BfMS2 z-cXhzQF$Ns*gvN4j}i{I4(|3aTkdx8h15#^`Z0gaFC!=6JuurEm|^Jgr~89owlH`z zYy)P|jV8QJFuSn@vztFmP3i^^@_G4#n6U-{+3Fn^l5F@b3yc^m-scjYz z`(0>W3(cz=UY`%mb7Ax@5bK=<5tHpn5L+sLE+9!ER*>Z)YQ&w9PI_vF3a@=1h;0qT zqU@x95X2S|tJw%H<5sNiRTI9g_0bb3C1S6o>pM5JD^R(ot?w;o-%i(eTIfy}GcA~_ zBii`dD zsBVPoA7S5!)U1hTH?r`74+l>wfL#$n?e1V3LR}+sFtt|I)Gj#$ehhy9BDD9*>6k0} z2nNCwl*OZp%nAa-5>U7*c9$c#!M#yxayNz+%my55(E80UL-#<)-HoNt2#!g;qR|gd z_q2~THA?IsYs$S7*;?l3T9r}$VAaHMM`1NKq|e4AXA zs;9+5r`c34ZskP1$hOjadmZ~00pA{0#@Y1s0mQx=p?N0C^)!X9tvZ=JTM`@WD7tHE?*!dg~M@Tajyh1T%1m57zhvt+6|L(opc%t^Bp>uesI8sfEss7PL8wk~MJG;OKlsfc<_L zUZn+nKgq}KGe4N)YkAUZzR$W8uh$a6b%v?KLLjM2b`4Ib@fkMmuES7E8&vng&VAEvus^E2Y0fr-=}jsAqtn`vN0z_ z8O%>a-vs8r&DqDN&+W#Xy(yjBFLUmJ_ss1b52;ml@k)!Ar|Pe%5Z~@!7giFBuz_+X zloo?WGqt-17bX&XI5KpjV>TR}l*w^`6gIdlZcO2l`Ua&;XGoo;k~Ub)L7wrfQhP8TxrdJ#1}9ex|IV1ep+?xSn%9|?`)~U@zmIp5;g z;gj-Vt&W#1e)08G+t~-NK^Vg0J*R;B=1De1v2)wW8$O*=XcJm$u9G*BaRICpmlTqdavuQhlL0L#vMe!66Rc8aC+3{QElZNKlH&DA z>53#DTs8gXO@G5%3(5CC=!TbY4!kY!XG!UHe(v`V@WJJaps=hScXP)F3dzkMbc z6+Rc-#4NCipnV2+D>LcXf;*1NMc$Bx8PU&h;j|eN?z547sS6oZ_N1A?14U1MewPd1 zA^z6+=hgugj0sI z=FvQfhJxRCD7K=|zr^*)bC>9%+@)U@%r|5p zGZ1b^gO{22(Ivr)CiUS}8lPtMsU&nsI{sS)`}X?rpDDO!*NuN-Ni21V+hMIWOI+Sx zKjW|QT13JvtMkJJ-d1Fj1?9PRUX#$_(hS!(JlDxHaci=CHLP4MH*rN8@vHgyFuF1LOTs`+4^{ z(1O=)HdH!&HIC%m=0@CT$0stGQX79xX5>kAgeu0z0v6r6H)MF?7uu`fE*t9zP1aBX zl*7=#ZGtTu!OZkHk%-Sh>hag&YU0?2lNsJL+gB$xqd23~SNb3Py`D^&SJ+thYAkPW z=D}(aE2Ss0=Q7dq$#kQ49m!n|-O~C&JBSHO2c4Zf|3NnP=b#{>jqcglJrfsqEq&xY zL;CQH>0@=U_H--}k#yBvtyNE(0H$_7fnur9nB4{+y3L-SdNT_Q0HWycqm1 zcFVj;J6gY6TKjS{dzpMciN6+>!BDoYgPU6f<8djLcm=`&`=!Qx56+6lAfc3?OD>dw zDHMyHnKO7N=r;JJ7(t|RDCba)Pt=c$oNaQecJ=8?d4FA&=0TmnQz4kF428qt5cjpo zaCyKEF6yzp{Uey4hU{?vNNu!tzzsHe-92JPyLnD<>c=DFqxF$!v^yYt6tb|&g>(ss z=m?vU1Qt;;zZK`(SV6PNAyPDZ*xqjRP0u zoal|a?c7|xuqoBY>-c=T3UxCOe>JKr-j_O=?g+j(-AN(&Smr*J&*m_ietOUM@{DQm0c=cQENCn~&@h1vBF@yJfsZZOgoWbc}~Y!pyYuVnu;Y)F$(l zjxS?;WcHZ*)<=7K$rfR9T2v=u!So1D@>r#%_6EKA&&Qur6c>JXbxtV;dt&ooldu*Q z9R@dq>^#dR< z{0OgS^P0cRVmMXkK5TY%yXZB6ZHsZgx4RwmY(Hr}?mk9DZnlw(n9uQB`Q+mM z-9n_fs@|s|ulc{c|Cj##&lMMp&M)k5_A&W|pXaDx`XeCqV+=N4>8cz^kQ7^yVwBvQ ziXBs0hica-M(c}U)Yo}$2OjDVs_qj+5hGc6zjPake<6>(?GDLogr721ScjrIy`P7Y za;e!FHahJlJ%6G7aPASd{b@uHhDm+Y8@_g?8!cjIrU-!dZUpx-1mDDln8oj?ZIlZh z_iwA)!q=&6q~>0vjs)KfgSNil+u*GaqZ7e9z>_+{F3UmNY?MIa#c(WajsM^kQ)sHR zJ>^%e9pYKAr(YL&gUTVw2^SSXO;ZWB&g4i(_M5%_xk$Es#sm`_!|KdUo9XZiKn~id z7CgmxHuhS+Qy^FqIZMcZWxDmi0=9lW-|!+Ek@~@$+@Kjq1|2R=H}FLYAmyGm<_V~Y zxxlz96u;^)>SBDS=j9)rAz1Vey28Yf?8XiZks%az%qY+RYqtSb+C>Ey1AGc~$siq< zq1o6*)WP9XiVfB(QNU5R6~qSr<*{XyrWvFOFr*n^(EFOd5+qy+=H!`Z>GR3wHs?7W zj0V1f?>A4n;XRsc0Va~1XeM%TA4KwJl6vvzB<4pZx=q~0h7Vwg1z&!ZIg{*zWZ$!b zpUS3PiXuCZiC`0ao7q6&EKLSltMO(&u*Hs1<)6F-!sNDs%k6;_>M!FA18icyMpMKn+JmsGrINcHY7|%_#<8W1}&VN-|H}Y(pMHr00vzR z6g&ovd9O8L3{0_)-)Mg0yq=Clu)P@`i-tD9B7RAjF<4Y-VG-Nyw)a>RqTeZiTAY5f zoVd_(^JPzILVqO-tq{zKS=YDly2hv`oCnDOCt7m?20(X^W__qNM{B#-^~2J6AI0RO znr|Yb)BDkElT@Yw$yPOvR18i6%qB9=$DG~$7vn=BAjBk&gg9_S0R zh<344qwSfIOERx$42(^*uLGMJC4`vXaE@=N=ms5GNPL2SSu@9<45}`nM`cvb0V=(Y zf>XmBK9C1-I18svrDH6Fm{-R;gN&tDM~iQq;+^xSICpX@D#o|oQg}FC9gnkoSO2G6 z2Ahh19Z6y+c!?n&+=g7mcK~|$ymQYv+?t{nA@KmHq0|!Gpj9HlD!?dvflMwfGgNr1@RsUXKjD*xwArs65FL(mbL@;0{wdCnp zWL;#DmA3Fxa`KHL+K3{S>@MUkmkS+{kD5zMMi_IF3EuXGujOXEbx>--oOTc`$749S zv#1;Z2F-`(7VY^(Jc8%x*}%ubJ>@Nt+ldB~!CrZgx;r?>#jhMv3l?vO#aG;n$J(6Ir4(?J_d=o-|K^<}f3kDm(H6}jQnvbmj_|TBt0HT$PS|{hu3IXZw8?n|tqKyMnuI ze26gzrbC|N%-PPI?2;243ZY-@3C^9K4!JBFGE=!XTr8+3zt8$j^7vSApQLV!-=vKf z+Z7z*;yui69>~vH^NckV9DIZZIH`a@2`s$-0`gPj?Fz_>@LrPU?dA`laAc#?b=88? zU2e+IpNjN}lZ-o=jEhXvRDpe2g0Gai<^M;Bq9%`}fW^ z?i_z3j&6mc>lVeqsSp%XcT$hzxErThO8Zot9ahK;k+dtpfXvJ^RQB*>_a)( z+w7!t3=*BJL2!M^gr7|mH&^kIJ@8;Y!&;A6`VoEpW8-c&$&Xlio&uQA!=m}5*Ag7^ ztMuzUX|9Iz<{1X@HFi^SKnH;L3}vtq6yN0S8 zL3t<{Myi>S^jR@e?5EB@^q%9fSFlw2g*8u^V;jhE#EyOjVjd5wwLS{g#BS$R<&)V z>i(PZiUk~l&c!^Y(G0zZG~xDQRjbTCE2SO8E3xS>D2~`sGZKz|K6qA940N~Umv=aO zyE7}{MD|u_IY^-)s`&F6y!B?fm4PKQ6jQ>b5o%l$QR!{;n0gBUwspi#6#=nK9rHv@hX7qv*E;?vnKZJSKsunPY=;@R={w!zOs za)JKAd>yOzKbpTUeck*M<(IH+{k!?s=%3BE-M32rN%l)T*&p>Iw=fIvA(h9JeZsoS zD1VX-D=;p;A)BO@3@P_l&MjP4yHkp`4OYZquz*CX*D!J-WcZPDT127_2f<1^*-c$i4EZZsMf#DSKB66;S53`!t zekN(sK63!YHeG4LVE^JGOSW%)L9WvMF(+#Zi3}YdNA`_L$~AjZN<=e}w7D3jl7h&e zLn!p8au8w!65{2ONjHFGH;0`V?-$1E@FYTi>$rvt}dYn2!eDK(L|(!fJl)d35ZezWffT~iPEH~ zh=__v{-5ued&2{9|Ns9>rrarKPW|;lbr?Rg4f125;U=Q80Zd}!ak2s``ijjGs>3Wy zz|;Da^tl<7mBLFPt0npjV#jC#>b&c+q%3j!@do`^vYTT`5y>vf_7g7vMC-rEO5MhH z=Kj7Lm#7=xoxZNMcl^4>-h@;^snB~+X+^k$(e}Fjy$6CeGcPvpZo23_)We!vP2)Sp z9BvN6O6rZh?*iZg^H*sag_xUv3-ui4bA7{|PHZwav}gf5fK4pbiVl^%*8r8V%7shQ z$vz;ti>US%L>w_!kirvN8~zMQETU~w?)Tca@fN%V0j(kGbIoRogXYy3tJy?&FjB61 zzwQ|9b67k0Z|X0xooYfLcQVK8D{`x%T?O=z!p^$@DH>e{^}f5D???HLH5Y{8`M@vC z7lR!6G~Y}A^`t!Ku&t*eiSqk)63gXfdpdJ6kvmKI!W~ z-*MIhz3yr(Cj2#Ig@^pg#;+lRmL`UAIoJvrgyl{3ah+^ls8(>D^y^9L>}xbwp_#~ zo$qJwHiSl?!RC@sX6NiL4&7y8iSvtOWBzK33)KBbEkzR&QF%QqWg(Y)PpAFYD()hq)dE7m7h}O z-4Qs*l;6{LSWhs(Q`UZ>@1syC__F$^ds&^bNTFH^-#;ejmNFwJ50no4ns)^5u4z9W zlKn`6`;$JWIVeTXE~=?#TQHGyNWV6~Ie35n3Pu8bPkv zn1JDU1VWd_$YShtlXxyR-mA0+$UI)=;;wDsYiO$meTsT@1MDhbJr%1X@<(!(_7ab< zMI~!)K@EJx1hTh+1+am~0tUr1A5H-GS+osqy$YwXeIKi9oGsoi3I4l6t(OO%NQ$JR zL@hv-{|VOAhrxsRo5z(7a^IF(Q0z8LY_5pzkbHA?Fv|t|o7aYIq3=_|@JfoeKP%MV_>Vdq;GC)I=(2a^!`T}{M^J>U|ZC2HP><5 zbf3ndJ;Yko!UV{NV;C&ctU}lIDp5_Fx(IjvggoFTmXaQE` zm#>GB2^3fAVasRTT5tB1ZHU{Zx7ITlOo5B})9eFI$L-MUTzj?1NHBJ*qtu;XgcVX- zG+&weQr8@Rs|sGMA%RlT{ea9L2cF`I_Qt z6b4vSL`$Y;9pSE|gYZB!n{#AK$j^`wOmPi@2*K232mVOQybVt%FRpM1WKSuaMy~BK zNf}@6C3M$%^Y7~nHU@Lm+;|X~X9+kGL0Q)kBnWz8fF(#8vl@(oE2X+!Y6m?7!ld>8?RIqldA)ApbB(m=?NMiig2>l+#Q%G%8 zm&3bt$%A-cMqP;Q)Ts+?QC;?!-pkizr#bslmo282qn#`2viVEu;%SxIE7rx22X%?w z9xu@xpyi#qRDu_@a9|kdU1a+~LFAdKV` zlGvB?dI3*WC*IUZLPXCMcj8&*HFig3Kq!7YrFrC>9^JTyqvxE4iwOX_gcS(&h)z}K zhOv(NYsItCc`cxGR5))C0B-=~qN=GZ!ZLTyWJM4z^a?eMYnb2F0+M$V+e=~B35f#l#m&SiPxbIAS?r4p>}q#=c2L*g2He3U)&z? z#{&e;cRhuIDsd9(#)_y<*;N%g20L*##TwMg;j1Zdd&YVN=+Y$HBSYNACl1$VwzOM> z%UFhryeE%2MoI!Wieyf?aGrp$6apf=E{go^Mx3y@x`D;OPWqkd7;J*F2lgs+%I zNpzT334LBMu~*xkRYX*due8BKlC$@+rhvT2!}KS9N2(#T<7O}WaqjNQYI%owr+JV0 zPqQ^W6l2w;K2Ye)g@%xtELZi$sP7pCt{*ZB@GS2)Bk>f~U7=FLEko}J$;u%9glYLq z5h_DZ6DXMpML=>rNzccnA{2QKd}+#EVx3Z2?i9G3X+sG(kIeYmY%`h+`-w|9Hfjio z4g(eL4pr->CM#&J%VhS&ucL={+he4OZ@QjcXn;)svu^%w zg8Qiv-5DXR{ZpJgE6XAXQ9yp03@Pc100u&ogY4_=CUzTEWaif%O~cz<5a>S%3u}{K zC-H9*`|G6lp~OCzgbyW=&HkKZ&nD*2Ny+b>-`D?&Z8q=8BC3apwuezWj{X1rR*qQU2y5s68&N=!%jJC*>e6|dF7vr$5gt=OJ`mK8lM_MYpXr zbJpNIj#fkqlRr#Xgw!!J>}XTxfkSyo0pK-_lZ5M9u%dj|n)Vuq+^aDq(VJL0@n%#) z7o_TsG7xksp?PRNmcRw^KAZPen@NR^{f&rXfxgGn5 zhE}sgd_6EkV`6Lxl}6NBJLzYkuh$?MkCeEkx0Heyvv{BgjcM#vOic!l%8Horl>$3R zLgM002nl7sQ2q`G!j`caku9cjsRA zBt~?jS3&REd+Vf%4lf)G|EC__sHTvY_!>9(Ed-9}EbUsJq$5#<}P zS>4v6CfDIr27AcDB~Oq3S;Pl!6SCw5FfDkQ|33Gg=D*gZQY@+S>1v_{fmt-y02^?b z%vU7S9fbVvDE(6C{qw+0kl_<%J|?Jr?1|q6{Dw#y|q%=KBFjN!D*C0a&1} z63k-QLqg_q_^QrimGDfcQNyict#h2{92E$V$y|5a1JFl=fSvMe)q>xs4w99Vjg&VL z!GqlZ@NCKq2Kd2TtT>hdhP`1os;s^!PdXuGH6H3wUuY6YQKhdp?^kTt^cWKyo5b|A z*lVyAwzl-jgHilbee&U`{zzmWjzXN&a9m?gpnH7{3yO)qa!wC-lkd%Az!%fQ$|A^z z=0WEquro{^MazrvnIbz+yj0OKh(61Z$Qr9ylV!YM3a$ATg2Sm&mqP*Dp5PL~Fk?v^ z()|d+`Scr-gEg@dR&19EN;NDc&b^@g)Mpju5rGubRVWM!XC z7AK7_n+@{Pc(31I&X1lT9pek<8>_UmRFU4-+$JW#eV9VREQEF|Zoo94TtE-BS}1%o z#z2Vwns|O1UWwckSJdWjW7>axoZcX;$`P-HKg4}E#h6mx8Mp3+ATU3ULyq5%Blf+B z^sk-c69n`={EBh@t$UpKiv$oYVRoVxk6=gh{n*^C4+<6C6UV-|rmom-;RMX*Q~w(e zUlyBwxYb)?IZ$jueXaR!oZK3lTjH4gBB-#Gs`dOJ=6ai_i$vmzp<48$Y{H;uyhNqR zu?@8}$URNA`TQ1%px{wj{At1O^+6c-M@qL55nv(71_)O@5Y{+GZZQtpc~&V^vOyxF z^vBgw6`+?9vXdDj#px9CrVN___?=r=xnm4x=H|mxh06Z};eow5bZ{R4vxPGO%s=MX zL}&mgYiTe{&^B=`gF9%#;FJbpB#q4$72pV)J~TWSqioFEuqy3%IBxf#=WUM=f)=oQ z8ekWr!uew~+uUrNmL$XvPB zJ{b>C7N{evBzsoD))ZW%OA74@x>~uhgoZ}x`W}vR3S>X*`Tdf;5SBg#D`%PlbSc(_CG;WviY~5BKz<(Pu)8WNcb(h zQsv>)Jd%d2fk&8*i|s?x;nz2zx9`hv^fKRDWN%qSS&GAY-X`Y3X?Jd2M8b~}ds>aF zq7hcf{P!nGe1Bqol0?qpPui-tMnm;C$7ZUT2#Q6K6Kd(F^Dfyq1 zd4Emty`6*a?cb8g=f%EiHvKJWzo4i_v+ZDqewR^01s-_?O}<~0CO-ZQ<1zvDMy^-4|&M*`o!@pJiDc!gO-IV*f@_thG0Mor`3!b z3ZE@mo$c-Esd)PhNzn=C?dNu-<%UK%Pg^2Nr-o!7F*#gfZetyptS!A`P06e+Ilo^p z<2?80^JiR{o^jsSJty8Dl8UQKqSk0J0{*y6)LdAiqz;Gcp>GQJirmoCe!ZYsX=G0a=$DB<-%`L}jtICNu@(pno<-Br8!2PxnRKH^vehHNv{`U&hB>`vsjw2%fIQkN z!C72=x-=fFXA@QV>NO%N7yA7r)*p8B`|28^grti=D|No#o$jaUOg#J|;&pT{&c->H z^`vjjf;A;%8bivWi^ln-SQoSCj-Tfp%Iz2Uw9@Qnr@AZSUn~W88Ne`{$48bncL1`# zCK_egjYUK3hof!TZ&#YnenB*g{UqU&p`D_g;jVY_X<3rWa;|SJbyS!~i#T5#O|ze) z2+aTi@+d^LsGsvzv^o1F(eBiIZEn`&g3q4}f0>6rrmiTZ8BY|FZ;Y1l*cRrk;qgV? z8-7)rhg0{;i`jjpL}sHiSwtSj^?78@;Dch6#!>QkBIU{|6Yi@xD$cy@wGd4Dqpo*< z=UgW_ywkD!yq;4W`0n#Ms=UgK_j>t``~v$}W`tAK>fHhXWgN|kPe$rPn$VQFL>#kx zQzmoX1)&pmH~X{=@d00?ImYUNvT^w)rPG*PP_1EO5d^Nn>VuwMyxoEsOV+0g z)}>~B`b_8#C*Zfvub&i$?-Yj@ihDQObtwc~52c92*^-ZHj_t=LPq2an5*bu%jN``h z?lm15B)VLPvXHQgH4&0K25`>{&Mf5tUC{Yis&gOPvd#tRv!qlJ0pi=^C$>suM)O?v z#VvSlHox0!v)EX->RSOgU+}$!bCTk4eK;HV8|JsXf>$WFC z%K94!HwfDY$dVeKm76njb6Fl;>}MvA$?*k0U`U5fXew-MaFFI&Gdj@TwNO_{wh>sz0NwhD=Jed2k+XMaL@%g-VPL6o!gLFo84q@Z+>|2?+E;D{_&%sxnenb0gO1;DZzJ}oQ5@{=Y z=3`~^IP{su4#wuua`I5w9+jJiTXil!Rt_I8+sDf8@iOds7B$Q}I**<*Zt;?Al59IE#JbqBn?>DLWRcanc-Gj&++yklkSsIc*{Z)WD!JZ#&G4W|RQ=1Ba0mFsi25-^}8l ziYw>4ml!@d%mnyQB}u+tHq`puT#YDt>B8JxB>mgPxw$-d=jV8_sPit&EzjPKS)aY9 zJaAvx(d1P*?JZjE?!}zm{BL>qGCUp_9uS?orEF;Ntrc@)Zf=m`hU41Yf;gb={5|>- zW|5y_$yq|>DxG&{+47pdb!R!et8DKq7qhH5H$N!zV4LrdJXV&G0Jt9wky_4nQ_Gp3 z4Vhn}HaEW-GWSD}@#S9+nTK@c;UV)|9UmJqPwM!)A&A+sd1k2k>tQe5tOkM&yH&26F8#Jwo6*02;F?%kQ2SE0HlMuZ%eQn)5jYr#Mx9S zESF(|$g?LVh|sLc@H2CZh-`)p_djhBigq+OIEFe1bURokZyfH}!{I257VZJrm>usM zGqWZq@+pTOxSMp-+_Cu1&UdhvY;$|(gmW31xo%FhFk4_3_AYRXYMaE1B2>p&C;x}t zWNLG>S$S!)gpkFq?(@jmrEW=k8J0zC^(~_<(&cWec$;)<6rNkVZ8MxF!dFLFpt~K+ z3hN`ayY1YLe0`^I*Ju~Jd$yb1y?3{8PY9-+%+C2vcITKQ3Kp)!JGs3EaS@BnjQbinjM74p$F*l@x;$k-NEKk*x~ zH$`u>Z*p%O!#U2rWz@C~v5M6G*5QBad%Jm?p=J@A*&$?eD-zX|>+bCXZ&R(!+rzh+ zx4XC5cMiX!_ub}QO#D4CYW17tcmD3`yUe@oyWG3OciDGmoa<=bWe#htmwVw z@bI6u=Ji%TB?w)?#_d`v38!Txs6yHpK|7k^E^^~{Uc=Lc6+CG5c_ zM-u^3Z2~>5XPiGX-<&Yt{$ieacKlytmxN^wKR;p4te7uUV5p&O>?uSv@kGq2sW~e( zXQqbSl$L-~<{TY~Z*y*HzADB#x4q&0gB>E~e+SLarI!E2pjkg?)(x89=+}dT<`Eqq zC8)rld2A3VAYcLd3V=hT;plsKp`f{6g4II7Z;b z1QSq2i-3CCJxZcoIm$*&^N?yv*JG5m74=hf-7aDby`)ZKlIZ9JVG+(5xs{?(NLVB%voy>63HwCxxu31%$SL3#6zFc+Z zR?Szdz3jm|)#(eW8xtLj0G=hLlxYLK)?*jjT4C{J>;V!bK#F?OTB7u6?%b=AFRjLx zspN~R?((YndbO85*seN#l`q*QE8Q2}hS02ZpA9!4D^1@+DSs9De*;0Y!n17f%UX?& z15-!1NU)2Ica|_XOYoF>%Uov7`I^pR^*dk_1^5rE$-Pzk!|L!I)$sOeat9f1>_V!t z)ZA;#N%9Yc?l7OJ*|TI4J58(TGzOlOqJF5GShFnkF9e5P*xH*>lVE;w10FDQM=z zcyh=WgYND;5*{zJe*T4@D~C^!wmW<<53kNKiQX(6juO`ZUyHHi!vv0~TLtz!oNXtT z$vYv$L=i2e+$m<>q7D_b7Ym!vf=Echcs|zvIon~+l0WoFZw^s|ZF6a}@^q2J5Mns0I%3?Jib8TW*-|RSfI%qpJk{C; zC75ZBiCk**_Kx(F`zw8t!6C!NJfQ-WQ9%UQ6$#dhbJQqECkDF|$KV(SYJHn#wShe2?Cm}IGLYANzR`aQuA_j6GaKP44fDB%JE!6Dj+Z{cG8rf-2NCDZ$J({x z+NkT%qrvv6>h@hhFrjI{jK}gtF&~&Nt`m87wzqWHT82UC2ZEmx014Om>l#BhGzc_L z-82Es6^-b!hP|}WV4vD=Hp0sq=F*0{x`ELYI7NWn%K{|}n%$`lQ=^xT9f*gqUg5s9 zmMUwM;GT%ihp>Idpc|7VtvkjXb18<(DI-xFVSFmbHrOV(t|~A7$QxXWD~<}kB3Ly&Y2eSboB3RK+=XiYSEHYYgVPO}~%*erLZge7q`hAgrQs zMoq4bPzB_%(>A|6k{=$N#meL>HDbh}v{7~~c`Hij$3#S{OjD5Ivra9x_Pxo&;8N;D zr!fV8#7!@Pz$6IdGz?V2q^ZkVx?mpyF+P*$5~9Y5y;Mb;JWOPWs%YJ4Q{Bd6WY~DNwqe?K1cWa9E&T*<(MhR z)2^*ykpqoA(%EC2Iogj{c#Lzy9f%D{i4vOEHJ4bOpyaGDMsnfqGMbZ+TlJBzO3}JP z4YWB%!4D;}XR@a|dzLe27G>j=Z)!V0_Z2nRKI*z#FYPu66(3lNCedAL5>XW8Yp<-Q z+xOt%Qo_UK8JT8&&Dl$wxwt6zA`FO1*v--V(wA`}A+dTyb_uKPB9CuH6R);&{eEP| zmEBfh5LCU~c-=YDkl-RzwCWr)NIal%Y{`ja&Ah_q0^$DZ&#J;5(A(b23bDpwFvWxO6VdT|g|mJ?(VNP2EVxb36S4 z#UeJM0!;#<7MS&T$?g;cQ#fENyh;&Q#rwM^n(yBA&hHYI`n}k5Kr!88;``_&{-}HE zQsn7r!d4*?X#qao#5C3%r^jPAU|$t+9b{?t(c}r6t3tCn{D|Lwa24OIo}sByrZr?# zEDdjL*$aFRtOn$^#6A4C@b@PAoy@V{2}*$P5+O_X`7Qb+$lO**F9&~;!m`DufFbyW zn>(|X`fx7uJ-R5lzC;(5HFse895pTd9cdP>$;uS$>`CftxQ!o9w+e=TD%#lgwf?v41FFW}obw`u+gGE8qUQ)$Z{z1Mi17Q=92u664Z}}|@v))Vxc8oy@hODhj>&2T#7)vX{kx5QhM{WfOMrql{4!HR^c>*OLm>R^p}C0s<>3!<1X!uKF)6Exew4qkK!o2M zEMXM{J2--C|4j9N6x^FLzIQ530;>ICdruhu2$Y9``!B-y0X|?K4C9A5Rzi1DnjN3I zn6?Kaa@{jHxeUAbn5z@yo`Cm{JI=wJzm-$@j=&7&o%wZ|oz2RPN9hjF zYqN5z5@G}9K3%qFlohlB*~m}Q>_@5npVV~sun)zZ@22^!FrZ;KJ=|Mqu$&*o>S-m* zX^#FL;Gzgge3p^KA&3T84PxN}jjBPhcC}y_v=AVK4PqN29z6n<`uJogbsEiJ`>j^a zb7%$3vWn~ki`HRRUfrt$$;!d~Wxn_wSGm`PKXeu=)!SWohiB1XQ7BvVgG?EsJ6(Mv zW_zHBVi?+esJCAg3gj@%^cfQPR;&yOTHh~(0iWb6sZ`yBv=cCgM-!@E<`FXp8#ue? zM$q~+Q87t}(0s(12VMA(ssfWEh=2_O=G);PW>n<4yaNkg=PTlIR||{DDsx&H;W|Lh z*u&Ld@-+%krFX00af)5BL5?vy`u*Gu@JUrfqvFZ^HV?ReaBvp!>!`>81o?60+R0^e zQaLX6$CsfSs|0LYCmLuyeV#sAazpuZCG%iepnJA?wq*V+U~kM{m9IJrj|L&ymBfUF zk&DC6Wo{^Yx@7)X$_9DyYVk8v6jolHXY5L?WyU*!MIF;{pe@3%2L%i+E?{EpTu>I# zVCCs9*6cTUTrv)Dkl*mOLB9h5Cy5{24XipWP6;tdmG~8ys1c17Y}r$+kOh8ijQM>L zoo==VWCzj}vx4J&Ml@(d=cWiZV&UM&*pIRnjQKYD%FNt?fhWVY7M&Jqd`{29i@*`} zg3D8e6nJ*7a2|GDO><#IoiyQw$`@oE;PvqWb}78UFl#&vC*3R&*kU9K1_yImtrbY@ znAL#c45BV=brO7`8B5C*g(6ySHd!aWrG+a&P?dcPIyMG1_XC^Jn!ez2-x_mtB|KJS zXlzfaM91Q7Qpr!Qn3F2;X`~gU6?dwZ)!Vwk=w+@srRAzoAw)O^>jk9*IVyg7HxcY! zvr2_UH6tZ}2}D?osmki;8n-GktD{AJf3;o3dZ_-`lF67U?$-*PbR_@`gl#(S?S&Pq!=$8zvYH52Th{c(TKw#>F~ zC*cdRJJ`j&hd4y<1RGk!esN`Y?%nC{&Eof@L8VC$qRrVaK`BXe0SG_EI+@Rv1<^A0 zTfp`b61haQRE;i1<3|jw@s1`&#!f#Qw?F?^Y8Z#*;?KsTFOc5_ z%SBYIVL3Uiq#r-WQ4mP#!fRXMH(Tb0mbt!#4dGR-@QRkXwq>qqRTDH5WLmdpw8GD{ z%qcDNxfbi1KX-D=oz&9x(_6J+NDZ4^)(X#Wnaf({(iSZu38%s85b-#005Bh~%JU24 z;vvKtnR6N9l8J`Gl`Z$xR{phGhl;y<+FjT(=eFFZTltz97f)=NV_WW)R(AA^i?_Gz zqlwhlROl{Wt6Mm)v7ZND2eVIGu zm)&XcTi0ds*L_2#U3zZj^WEQ?E5)5&XkB8=708R!i5`iOAkZJT?;Mp+wakOiBR!z8 zYP>!0^)5py6#{2v&=$A{bdDlH{JEw!o>{C11nmmCjb&uv~wlg0Uv^R1bYF zFzf9h$QVidsxlfN%rd=IsA<)QLgfk{9QF~j%y8c*ZYrbU$jEqz`q_*vo|R9GPPxf^ zu1ALV)?^nrUuD;yg+gib4)|wsGNN7a>qA0kH z$R{XTz!T-ehGm|MWdBPpZj0PUdM36F9QSS1=@ zPXOT3;DNfRC|I-sBHdW`ZR~l<=EibzQ#rm7=_T^HYs==yI^eJJSH+~FyTD<1*^_Qw z)QCuIB{b!O;|diRO&~zZQmmhJ7f)kEn%3-W=M)_;e+rQd=#3!m=LGBP0|8PQBAk{Q z)JGWXcpIM+*-PX2vbb?+oL(OHepz@;tsK#i3B;y!pP%juybRGAywwGVx!@ymN*nJV zi-Z3Z?~d50`=*aZpt}3Mv2LYVE-o@hdT}-dm;(ULrnDyja38b38D_Gnm$BEzY7c9O zXt#JrPicr{D>R5Gr6g&e#dqoMA@<0?J! z@A`1^cJns-cKbH-_GugcTl}Vu>`X~yM(JAx4FT0~53o-5NXT_BJ8R0G#0*OEDPKCx z4UN!3o~!tIMARkbQM?AW{8qK{Q@)iSNzlHxZ1lnS@EL7Fy4mSVBv}pU1MjmP^Sxej zGj42ATe!?4*JU2L?&SAnq1Yek6DLVTYchxyh6;Zb!w))j0b+_xzHfKe}Bq+$XO{vn9f&O0UGwkI*~l^rrFJ#gTQT8)U-G|T9m|~B$q{c90MtWkI8C5eV;|>j z1h@{Nbg!sb=aYcj8 z>CFB>f$Tw1+M)MA4~ya93xo!e3+IeJ2l=EZ zq{{XKh~*S+F=JE6#VdJ5;%kw<2^v_B%>g4NGAMV5xhPx>aW%OG(d6j52i967xa$qOJuIU|%4vsDkN z1aVKNoSxuuHD9qInksiqkDlKJKdzmGNe`#a1|}t4t(`0EoH(gcl~4 zh^KG{(1e;us3T_?hC>mF7++xBLNnemW+|kZbjn&TC! zrrp|Z?^8BtA&5~`0t?peZCI`I{g#AjyV8)ha|^9vP9rd#Ctd^K!DOL zoOmEznk&o>j41W3zsBsy8G%GVc2TqwnHr?=-OcXI5Evhflffcl%hqN&h#cE8=53fL zFfSS)6o#>(1hSlic@Z!gH|8cguFVP$ESEBwKN1-MJdpZXD1m*0*(14go$JDYy&UD5 zid!3S)w@Jb*-2Wbz-h#-kv|sZb%{Mlkp!yCOFbc9L6920fxKD_g>~!Adp*RDeaftD z5oTahh*L1w2I!gZ!HJI8j3{*aGVQ%bZjgUF)oOsbSX zguo2$@uS3)3g^+M*z&)hHKVUrf?tAi+E2WHkrmT zu5k)tLUW|&E+7Gs7>kD|8{Qeik3(c`Dj>jh~gLxlYqvk{CPPH4gc zPP%~`uI$8Xz?v4LxKUQaD2t_8s+Wg4Q5wQ;f%oMWP6AGgr|DCLbDY~?@i*OagOWwo zz{Ef#Lf?}Zg~ef`c3h3BoDYB}lvlo71{p%}Q(eBnd-%Y`alu z<_#WJbP*+QMQg3$_BbhVeWj{wu*gwj$^$5&k!O>RRHl)2Wn2uIl~gyuNv^La#Z&|! zUy-|0glo2xbRsWT+V{_Zq$Pho=JOOUV`wIjM)k!-m-hzOLVW;MtVNHlS$LV$=%b|` zu~a~e-)R6&j?5Tl3s8#Q*oq$WZ0_&yCwo~3J_R8Yk^&3}G8{dj`KMm`r8EDlUV4OH z@?M6Rf^{aFSe#{cAnJ$XtUy3@LNc7sM8h%NjM6_7#MGo_1cEDCDEefjnJ*f^6}xhf z?HD|bZkm}xD*)UG;F$AZ$4DeWOa`bBd#Y}Lf50>=3i-6`Iw~Mk(HIu)ZjUvh$}_)D z)(~zj`#^9;lC+r`geycxlSTOD^9}YiPS6NKLDNpNh%0{Wu}8qiZE~c5l8oyC`04j+ z*+IV-$Pk{;Eku?d2{ZyA!*}?RL(T~fTg;_LIn1~!mh)L2&m(v?Q!`Sgh3M~V$3uO?kWr~1ST-^_V+a}aCnbDPd32w zWO(J@l!8XZrdoTAXADYLK?S4>%>ufP!m+?XBniBi&P|X{KXevRk9q!?`8=1C52Oka z3WP>g8-*jT(c#KKYj!XC*H4})`nQ6(xsFDS`|9EUC?=ImFV>n<%^D5%CbCnl@55I_ z7JVpqD`X^kH{v>3p-e46Seao#GkOIt2Gt649oY{Uf=y+NgeWMgoIV%XzY7+p=IO}& zO}3(XOORZn(>X5@eH;@L0z>AgxkJ2sD#(Q5eq?Y7iiFKNOivBbgYe{;V%I=oU?ICz z*dR*TX6c|{4Wkr-MuKkDrx^VfMmtOuU zo3dj;RE9{?XH{Wj%ZMbRT4%tCy2=|7m4LAXSox91CEIQf_s%m4hw@(fa<%F4Un(Th zEq`vsM(>Zt1v5G3s|>9r2`6PpB;#Ze4yorFM;IIBVaQ`*w<*bmTHZdAdAe$;(ga|B93cYK1d1%`uv#XlGz0@7a5T%FP+#0$v*A%uJ+9aUrbR= zcWN4w7!oxg z#t@B+*qI;*4^Y=`HW)QTrcQ7kxMx6Q6w_dsmMTFOq4WT0Oa|$zN4Pg7lP`>5C`Kc= z()Ml;KnwkT){OHaj1$)xH6oLoBPt(D6M*VvnYmt527-av97T)7A;@t{v?*0Pn~1CG z(eR2a;n_=JocOsmOV{ug_vdsvbblt;DHkw_7;iTgP`y{i36)jm1;rjfN zS!*WO2qr{+j|DsDr8T%-HostkpCc+_+_BrFSftK~5Bg~_=}cl|>eQ`-nLziwfsEj%h%4n6U<1lQsjNO;d297bmz zIu}lQf3_iH15LEoXGA%|TTLpuNN@%*Y&c@)#+j?d=+sat0hv6$5LS$ts|%otT|-7y zVtmNN%Y2r!2NwcNxE5nJ#h5b6#1sW%ZrzDgx-Sb-tct=h(4DgY8k+R4XA&YPRy^ed zfkX!A`MC5b*(XFARzu8!2U zj!I<`w#3#jUBy8e_RBGG8@Rn_jf(4z_wYbUGsD;useTteEx;KG%QoVQ{u8_8HsAx&4?(uA3{@KFmBlfki`7{W7Qr^|X>J8n&{;=D5UJ+-hfy}G{sa3*A@m}NlG3H?o(UpKOW&>K4 zz61;#DS9RxDdL2IQk5=2aFXFk5|2bs2dwgT16q<*Dq;T9nKq)Bwnfwj2#@aj3po1nY=iyr1G;M@8z;)J)w!A#B`*iM=Wbznw&%P0Wc&bW~!m zi(xdLg8c1F^f>@x#V|poyV3TPkZv9+kDz-bp>Md2r+5&H;QLbv2eWdiC#zy5+%IK3 z_IlwBEZ$xHnt?)O))q=zrnAr;y-ECiA!k4U)R?O&z6cwzP9&$F3?rq6)&e3Rs2dC{ zaw0U@9%z0D+eoZ3iUxQPnBTW}e)sKuKfaC#6wSJ~{nv<(GMckN(;4TcbL{u$nhB=T z>Wp@++8>+?003kVC*7W(_!V|`qEWj!Hm74kHe+=iZVB@v9D5H=JY5!W^art>h%SvY z?)@q;4?s}@H6Baw{O|I4PbY*3N-^3>%_*jQe{6o2nBOP%e~VJ+mWxcnT^y3R_mjBq z^Ts}#gh!^452ljs9-U3VoVceWeRx=d0>w7T+RG#KJdW(~px;?pLe5pxF9|FjJyDja ziR6#F0?$4w+|E4lixAjSEJB8dIRsQ4jS|^<(KAV%7RD*P4ROU^IhT74GB(D;bHa!P z`!J0OW$x3A0OCjh7>~7fbPY(-F7W$Bejl%~Nzj~E8H2|RA($X^84-)xjs${!(|SyT z^(i89eMR+4v#E3#4~$X!YmLUfFBt)XR_YIZbNJ09yh-G<2zWtD!V7%LtWC`~Ql{NU z;+sS|eK$!s8go7A!F9YbF>kY%r{VQ!d_w9~51~C$1Tb{&IQXU)e!85@it`Ag9m&5_ zTw|x1*C6zHzVl$9K^P(Y64L;z3jqqPPRK2;(L)$o$VM{>&LJk#D>Mnuz?V1aD)B5u zlm3u|#N&LiNk^wN>G{?@y_qSC0u_3)KgOK}t55Y1Zw49cRjNf+o<+@+C~EgqZ9GzsyEDu z6_F}bq+Jogzo4jxjGVn`cnCQnU(l-&G}7fDL}s&xFyiL`BcjNV%Th`oaHP;3SqpMK?P;a{V%1~_Bu?I*%KO$3X)vbjz0P=&Fp zM-P_meW;{?=+^wKY#&gP-3QA~N2GE@V&ap7a{d6nb1G}FCHkB!IYq`g0^h&9oi*Ru zREbcVZ^F*V50cu6`tBm-eCae5pCGPWA^T~o1Fqk~}b66K;|Zze5{{Z7T{D2CrEaCRRgwYVBi z#YD_(rT3U=GlMg~CBZ{gi6|&cu{wwgX4=eOl*D+Tq&*d9~kvuONjcR-v_O4ua;I0M&@2$V>-djVfhGOjB*K^|9puUI09RcaY-{ zOTlD%OqWZ8nEJ`8T<-Kl%S8}Ia{r&qh^_lBA|wVLq4snx+Vs^-k%hR3Llv#ar!Ha>_@_Ux+t zVzu|2YPhBr-CVQZu4UKOAh8p>t{Q)fhI{GicbVc^$Ar2E&JaBhOV!!obl3(vwi%~E z09e(I)OZ|6pYR7Ps6o1_$tNL9JZ%GtVA6}(mg$QDl@$SiNDOB&odru) zci5A_*n#xoYZNsgr?FELrz2hD+D^K&LS&e)5y$8ShfVYtS3`*6o&-;b&jMOrz9$=0 z5_x+3O z#ofjRa76R0!Y|XdRs^dXh+MRAGQ1<&*kMT{;pqLvZdSBI=X^inS}|9#Vn;M&zFV{3 zs{w=GNx-)RmYDEq08AO6xujygT(_5_@<8CB<%2rbB>fcv%nb9i*jJ%?;5FKK!95rE z;CVXbhVe2mc01TXxGqZcz8c~`l7?AVv(Mm`O^Gn&@MJvG-yr7Y=9E2)8r;}0*E0AV z?X3j0P4=<-0z3GEd$H^&+^hq>??GBA*gXejm-t}`W`^u?y93(7`9ggu7pDl+aXb(0 zK|vD$6%1jb`C{3@+bft$hYkXS61Et0dIvf$l!^!@q@M!ykAhA;xDM?iJ={D53@*<~ zNv>C#!2&pz5c~udaxUo$T=jWZ`MV=Hsb+~}GqCA3)LF5(L^5eems3&jQr#Z}lu@~U zO7x2R6Ac=Bmz9^HhnVSuM<_KkCHRz@snTF@0t=8ViYBb%GKc}ivk*Q4OwSqfH^I@) zZ#Uz&RJ4CIdO~N98Z&olttf9s5e^BZe5X&L88#ZqA&wR8A!%>CoUTUX4u|ap_*>!5 z8rmtWAUt_;I)n}y1zI$d!I8v3Vq{~d$fb;^NiDO%YMW6LyS>Xm7 zlMN5s9am?l7z(~vjhivzGHJrq#!aZmFqbI+mfA{O2ji@0blHs8NXkCy}2M-=)o!XGXUo<)1>rVtJF*sH4@|Kn@0H-QU8 zjb3}cYM-c1EdZ~nI&Y>w0F2}K79*^K!S0pigFLXwXM=?R*FrM8+i0;cm3{px8hjc- zK(P{mDk1V66eK(ol4|;$iq64&g7Q=}rLi2VNPncr<}uBq6cqrXE9_Q8Eqvar6G1oW z_sKdF1r7(PtC$iZ0V!f2#VQXNJmiKM2MRT1G(zAn0?P~ojvbNsbo6(W{*LoHvHNuF z#rcvwx)Km@zC*7 z#?0ef0ZUM!EGH5uRCYQOjFAMV$?|ImJEuo50HDomy& z;XXC#;PLqC)O<5FesAxu*;R=-DQWnC8;ReSz1YI|y}i6@3H5q<_ht98m%m<}{+xl) zw#O&txFqE1Z`b$<#cwWw)G%M}zWDO5e!W`tAB$h{lV7iz^AdxEpy2%f@0V*YtM8{1 zb8M2azgX`hheAhe=3kk}%mAR_A%Bl+KB3Wn%GzI~;V)A%Cq0%9U6Ohcsm8?+EV^PR z*h(yvagLC2h}>lORY6r&fozg>M-fL=c<CR`=hiy-7E zGFkWh+7Wjw$TlsC1Um%8bE0(goPt2v93~PuZJni-R=JBK1=jnbUezG_r6L(%PQ+Hw zC%JWPxeBU)fGXF7QYGt_Zb`9B5KdIh{JysgmB<4T4)+dtnW0SnksJ$pY_SgTcose+ z_WS7FqPxTF9v$z+@&%H%LQ55ZM>1M)gd8ws_m+ViC;aP$Gl5%Y;^0<1H^RT@=vPr$C4Fc!54JtlMBJIrF?5hY`G>{KrIfhC)OB8UoJhh}s7G$nw$+ zNIj4Ff%}KwB90jwS?uf~1;IOxqI?HlCs+qF1k8cmu>{Q^Bz`A31TXqT5Xwy^o+mXC z!v&E_{nf#9*CC(1w}vL~(@0LDV+yAiMXcyrEOugrRFOyF+nvDe*Ov>DdJJg^Z;*QmV*$R>mXO|)IiWr5n@zQT4q`o zVt4Xd5ZXaAAzAO{u5)I+TkiMKjQuwLyw~q{^849-zmMNf`+c9^hwBK>fD>DA6y!Gq zA;d7!5D06mw?K2OL(DAWOp}#9UV=$Y3zc}KuN5aTt`wjYB;KJ^6Uzx32i(VqOYoi~ zmB`a3!zt!d=qAItT5N3GPwX_PT?=d^Q@~>UeO8#o_LF}4qd;TDG4UE0(CeAmQU4pl zu@3GK)Mx|u<$%8jQ}tpA4@pAghkoY*u^fb{coNM?LBZ4+_aKIwz~X$inU~?ko3$jG zk2ib6kzUI-`;-h7sUN7GkE9qGY=IrZJs^4pliYiX=_L9D@^0_oD-9N%U{YgCcJi|hCy~`lzhjfN@hYhm*2edzYvP`@IJ$@l99=Ih)vcJ3 znDYM2*w<=s7wU_9nq9)>)b1T-J_Ht;*P8i<`t|h@Dc7)OyuyS75TBR~kajb=GcsGj z#2w0`B=NO&o(pU9Y->NeKa1p3KxVCNX-J_B6?IwhfQJvOzTO_x5Ec@ac`xQcyf5ol z^NyKM+ovM?2Lv`Py)!+)H+kaKQ2Z||vtRe;4-oi=`z!wWzW?T;0YVUB$FaFt9M1C1 z+fg*5*@N1@q&!TIUe)>LmIH9%l=-@UF4KQ=n*jnAa(};n(as&{PUNf(h=tqEYSG&NG!ilKWGMlb9M=>N2k(LWA`-MF4}P>ukRs*O;CgOo(wt)&77eQy@2Ic12Vl zhkMw1@(UCGz!2S_`AZYtV+aonamDC}lO>0_z$sq|$>J>OL$-};eijP~ zZ+GeuGybvx5dG*y3RRqU`yl4VSXINIs%chUQ-*8``Th(5Z(~c4Jz(7rU{M|k6VZ~# ztx}MzG?^f7^@yI}Y>5Y{55i2e0|f7*y7aw5cf(c+o+FY`BtHy`?YMwr2~<%&q#9g? z`lNW1-s;NLr8iX0BA}}*a*1sq9FW?<;O3V-u39w6{qh4UAmc8dYA6>Yi}jms_8w8k z!h)IVZ+5&W#B=i++@9WSa83zC*^k}H5I)%;dOv%;kYr#Dw|V$vnclmd{b$-%s0Yb z;xBwPG#7N*@JnACCbBs+N4RzwrmQlf*HrG{bz$J9|A@w;qFU$7*PF>m)qS!fZWTk= z1V>s;`Z5t%?tMvVteHBWSkJ{`qVoahA}>^1Y5Gz49RsZhO~^Ft=-^s>m(ma%3IL$# zyVhj0;S%UBeGITL3$sm(XV_19IXG@hOkIie)OAeZvYUX~M$)9@dWGzZpeD?%?Njd% zR1Q8VI#2X!hvbmOy2A~L%fKpZI9|LVxFfQ^Zw>mM(|AJQ5&NWKl6T_R$%xPk*=1PX z1F`dB`IqP%dJ+Uip*PGZ;BMVv40ZjdI+u)_XsG4jsToh5K*dgGv&qWjSK)@(tV~uK ze;D=qlHWVOUu8GMjeyjsa9()&9n1uiLT~=djtB7@F|NP9f@1>2qb8hb>cK6upNGC6 zYc?7_!U{LE+=w>*ipM@!VKYu&xTtebC+0RdKkYmxH*(enb&C$><{PmxvF?-lNk_)V=!W^tQv2(rBslvl!a!*-6vDSgi;rFS zFM{{VYy8s-qucuAD1J8p8%{063C){c;E}+>fozNbohX|m+UZ=QzV^ySM<)7>M)n!k zIDwaVKB+Ay0}DzzEKwFjB-ugn`Pl{LGYiZyOU=7 zadWvEvX`8&xcU5i^SAltnI+~=OZ=Ndy7@kQAa(P+1?H;@%sETVmx?!c(9NAO2(~5M z4K6|d9X~VQ{Bgc{a*27Oc)zJfKGym2F$>I*3(WIN%-@Tfvvl*Fc8R1oZkGSV84Jv* z3(RMiniGppY_3NRggCLKFFA9LKJnyy^Vodz&=T`tQA(yq{u_lir9``U&b*)&CnO3H zZ7}1gFrnSwo6fkd=N5K;E55Nc@ zc9418hTC9rf;DofTqZRyc9VJ3o3@gSq*qzFm1ihLv-&_SYqlDFy{(?Cf1oc{NO=*D z*Mf4$5dv5D|Gwn)lz_ns@US3M4_yI@*TUBoFsSS~O>Lh1tW4O*`Wtte!D8J1@3YQ*-p{!Q*4Xa z{-|(oGhvfFo@*W0^ea7ily=L53!>8FRN6j_P>i|mVcFp3KNohDUQbVdlAenR!+B@#t`NFCvR=4%kSjmP@Npc zi*Mqjbh1A2IpeNX0oTOlT69W!;BsBR!nnOSysq~v`t|0NdT{GN3i*JZxdg0l*N9z> z+A2$4-pNAUxj}cXkIfB)$kcBD6FN+)6P=)Ew&7akEfjf(lR8_YKXC>O zjPX&R)c@wWBizBfcDQb!Y)kgk$#R|mI&mg?R%P6*U*-;DH}21v4`LGNQp}4>=iAHX z{~yrnhjYy@O!Rn<0NC-1DDaxORGaEKxalHh?AL4ANpa(3^geRVQg8~$&|w_9*0A)# zW#Nuu8YKGG7(yfNtg0ME*lPrZVYt`KyVUuey8Bi;5gz)o8`HXRu7O*7X>lLZ^?mJI z0E*v@&G+Qs@Zz`nb@M7?Ctmi_GF?B-*pI3y0Mqk)|4h+k^>F)_J$s;@{Sej=v`FLn z;s>a1tedxbBV8s-NRj+r7QWik_yu6 zXUD@&kFz%?j>k_n>|+fG9MX}Gg?}3}E62?S7$32R053FvDv4_Ue#|~P#@_sHjDEwN z+;dHD6&b5e>j5F)@QSG((nfeD?)yrKUZf|8MG6ksxqY$Pa8Vl zi~E%PlywqZSxUA_mYc13f6H(yw>%BLRZ12ho?F0``QZY$P=fK*@iX8HPzVm?v1g_V z+VeW0f;QV`3M$2M8A$_THPQFEM$Qqc2~NlaYfIVZQ*$=4&uZp>Ad=+nUYjLER$#*tn5Y1#Tq8+V5q1R^G-dlbknGB+~@5atVQZ@iM5Off>z- z=!nEF$H!qSZ?XY<`3Ni1;{QN|8%;iJj+oZOS0UkA8|$LD+Fyz5{kUrMV@QwjPG3C0 zelTh)U%Nr4hTx1voJ{pk+G&4fwwcQuo)<5S7mx;E6WlcxI|A4YZys*8+0t~$oM{L` zcscx20BglR`Vl`J%tV+)#}tIfH<(N;dF0a?6M8^e2L+?nk`?q${88uKO-jt}dG|;Z z^Z!rRhW?LoRTjy=|EU~ZAO8P&eX#Q#EdafrvmnTc?$0yMk@ooWB8CjwGp-HzXVkX@ zM&`Vqg`|WSFJC~1GK(+);rc&s#SDA#x_;M#yRz)7C39ZMkQw6ks{LBYoQv+wofMnr zmUDS4DfxDpX&M(?})Ch}LRQb^( z=2&tQ+v7&eN?a-_?8FgsvaWn?#GIz%=_BSW9UmN{#dj4genDCoy}qGsD9RV}Jc=}4 zr=Syb<>kfPGe%8t{;>AB?#q8~8w&D;{Iz&_Mr~eF$aQ-80=@if_vOE|4Fy?CAg6-6Ii>B6YnzkX?j%f0?Fj-cpCOh8G8g+@vVoB+C5QARKEk#7(6PGz z>C7Cj`&X2+N7Lfwc^E0R-Cu^y3&ZXon8?_((LIoW*PKItgb$ZWcUW_~HFVTBI>njN z-PV4y^MmWwo~BnY@i;@ToSxVlZRrNAXc236K4MCbrqUv zNv6d!lF4Y=Uys?VW?F*q!2?Sui(e*o%aX@s9Ib;_kVVl85&?iiBL@jnFfbPh>)Wr) zc?lO%oDbzfu!t#lHqpoxdBPg5Z+9oeiD35fBj+m7rG_sVzb1*{;>T!sl=9!WEskpWtfL|rO1}4?&|hTNQJ^@ z$VYXB+1szyk?fo8WA;TexSxSFG6(XV&ksUCFx7+HA=z8aA@N)7+eo7KHjy8`g925L zu$0TP?{P<(qwIVAQU1L{1QxvK?a*zsI^m4tnDY9EgCBx$Ii&M}lp_fjhrD-U^vEb; zrw3biHF|~+3u+h$Yj{#kqL`G=M_@kXbPw}Ms(f^yT$6t;4sxWO@f@##&wBSlv|ddW zIAT!!oOm`~{FAcjTpK}VX!@PwH_54{qHk1iAl3Kbo=|bt?}iu9hD=VY{8rdKG&hsYc%`j!Cbb>-xPu>s7y-C`GB=&iDGA+R^Vi&(mw? z{?2`!=jyuJ)9*U>BlcK-A``EaT8Zl>Q|N~i+{8{X$y(EWHV!)$rSxDBTP=pXLRnqLIGOX z(+QWjJpB9@1|`E&#{I&O?@%EZ?dOzN!ti%~i5G9_-`O1h;r`wITia7NlpoWe$WvB~ zL(kBiUjPZ3^~QZcAsM=GySn(F#@%k*Pq@G{>WqcV`DAf|*A339$~6{q*rQ|R<};a6 z8k12?Vfo7E#gCf&DB(y~WD!Du6z0|dH(54vLu0Srt)$K;zPJ>3T+ zSZbUV#+a`tMb{&?f>#)&OtR$Y(9iJ&*3TGmXp3A4A?E&=1$5s0_r<$TwwfJk~TZ7 z@K)xe#LwQ=iaNi^tO`2=VIEPxu@U*_ET{UF%$6b!f^>+eqo^#|$U+Ji{FC_}C8!pZ zkU@|rPPUp)q*ghdH0&J2@e0l)ax)Lcq#WqE39Sx$3VEmPStrR_{4et@-4fhN*sg2r zimi%0$hTrix`B|iSP~d=JF^RKKwJipPGrz%+qQHNzodz2C?oJWDS{XpI9e;k-5Rq% z;F9P>%)=U!1316O`fDDu@smP=v9c{ajc$$E0rYsn&#k$SV#fvW-Ahazd1lErtVlPY zG$%g~vmI6+#9zfgi7{7pE_8=5mLY6JB*Tqp@RPzW$f7G1W$-i2ByD56VvEyXSb|?# zcaMDRVe}yRz7YDWgz<$Wjq*`K{})EGXnZ93@o97$q5xl2$URS^X@+-}AV7y$IW4o^bKg zQl)%NvZyuJ@It~)U&4PAN&=j)sARBilg5<=XMJvA@G zVP5j+B89r2>fKp5*~p#Loa61ePyn_eQ_04md7md`@cam~!walD zc!Qeyns;Ak8PzRR_Edf@di^q~(8hBZj_CJMG$SCh&|Zyhg({VOjJ&~7;c!Q%(Zg!< zr{3Qi+LVNaOGcN$k0@w3`waFJ&B{f@jyR=QoQ|>w4M8!}eMC4wJ}|?PJ4c9@Iace+ zk4Pcd3_J1}D5%&JjFK(&#WboKGYLAxJk=&&W0rOx-}l0E@+h|?+QLsHGGG>Z!@atF|@H zVEC~HOfnPhnNb&rEVYXT^5`A7&zL3AS_M_(G8CRo%KJY{7|K~)B)n>Ur4DjsUX)h<|Q<)WzF2J1x@8g|QWKr-J8 zq{$!wHpBP~9`oTm6wc86dh`((G$^voD&a*Bq(zV*?L;$o64K=HP+7Kj7#8s zf^1~hVk&ZY%);FN1J!BSzx-TLVK{8 zN;}g~g`HsRAz;wMa7DxIn&7ErzD%S8vIKySOnIHJI1?1t6J_L9xeC{hfXJ4bon#|qpQ;!}FZoGwknS8-8tprn znqq}crAT30A*%}LvPn|7hU1gUZGLW>b9+0QE@e@v@v8v&-QdNN>rGa{#BdMtDO^k0 zew4m#p%Tz$tmvk?Sx~q#D88lqjyZfd-b-M9N**fpL-dbDN^sXeJ@Ti#vCUR(*r2kCLZbbvT? zyfGD#8Rr$&0mxI>T;e#FJ~TX$dF7kOgg&fPv6G z1w*e2J!-p}g<-*y5wgzyhDxJ+RJ1`@8#T)(8qxtI@tOTcv|$^w?p*A;N%8{LH8sD7 znzya6iHZ$1DZK9s=f+l|xU-K%_u#M2#3iw!$N$CrBZTS5cJTN=r~hI;j@$htk2gJ! zKFMS!qcJ!0-2${U%1qPe`rT|e9gUE=Bv>;fx!Hw1w3Ff$9 zNhBvJh<}rryHV5yiozL#7|8IL=u&y~fIP$wgsnnqfs3$($)ysA`fU3XMhB?WS50+; zLDmBJNJ@arwZV|nP?DGO>ZpTnDLU6ra=}4JI4Lg$jMlzGNeAVDgz^G6u3|Tcc)8%P z)tSO#^6Fvoz)AJ!PU60S7R}qU!V5@^?TLHZq+EG!Th#q;O!g8ku{(&mm)n{M-}Lp` zZNp)o9TJ^JCVQ>4n4&Q9ldOG>k&Bp%f8+Rz30L6TPPNsOSsZP<6ZPu;fCk2#VBLub zXl?LYS%6=Q@lo-m1A<<4MZ4Q$SI*RlV^=f0w6$L(HgznondZtC9CiXI@rZ3qpFguwZ@5PczgLRm{zZKur0zJa#h{;kA z^i8T;v4h}jDv_PnvX^o=}3kmJW5V3*6>e1a7xkiN~}FfslDPPb)^7bm0KdDuTxMv17t)l&EsE{8aZ@ z8$~N1S`r9mfN!C@X+L!M-2h-pma=|yy=8^_v8VSHn3>^%QwPz;_%>hCEz<~@nIO_2 z0)-2Ey;0h{H$|l^LZ`~Qpi$O77zOrI4v!~kJ5POGYGt^IB2Rswb48x|K;wELAk!xP zvW7;Yv=o@{jzXULI3b-RJZvXVJsWihIY!Cp1H(y;U0DBUDcF*%+c`g!%pF3~>vTl< zF&uF+owV{|7?oCD!c)vNE3G_|?+h{a%n)x?7OPHXF$#RCB!tqzm%7?-yTSxDH9_rJ zB7^Jx?L_WK93hcAlN8wvDdpjR9Qp1uho3!mD*4KvjNKNSAr9_aH zq(t<)SHWOau+Y&Ty*rznOlnTfhML3K6>;|uV@>!5vpgWg?r?6dCmK;!T9BebGia6- zu5c6#OO;@5Wq+?kdxAIr-hRj&3vv28gkohJN1@_3iKvob3>AAtYIaO?H!_>?qqOH9 zG3Lnh-Qm6G9*RPSuJ6qTQ=B`cU@#%DNfn+?Zc#XN@>HNWU`mbqI}I9Afr0~<4CYAT z+tgOVc^C{yQeWgFazs(nGiYo&1KT+aEa?m{i^!2A!XD#v0TaY;EBZa{G6qzbC?nFc z8-}AG|8?|chWQ@*E<@EJ5+2Qf6OnGB1bLu}kA`}tjfp0%aQLO>ttfX#rFVJI*oO>f zvkzFs#w&{<6C18+@b_E0l6HK$r1*TM^^1|ZwTk;N1@fzr1EDm>04n--WhG?jnwBP< zisB^>M%fXjJSq`1ZaRa%9`7Zu4I#ho{|le9uKy0>4iQ30i4Z_&rHcm@E1<-qr4HR=d4K#KG=eint9umzXD( z9`XrKfSg$drr>qh!JwpK2d5}KkexlOYRDDLuvD)MMG8!TL!C}1X3zm)2<1C?wbO}1 z&HK#X5InLP^G|NxC0^aVCqB}C(EP0%=Gu5?+H_i-AuT}YOc0DJ%0f+N)G5q0nxz!h zw@imX%2gnjF9;W5GGNFdzf?IF)FN51$LW@m`n2fMRW>`p82HGO1OxE$pjojr6rq=W z4yJBh$TgLivt++ukJDPGAnqb9o5r3&WW*bXj#vk>QRFp^@oa&bVy8{0$lO+8Nnc(< zB^(xoO^V)2`V`s*Nmx%V6YXzuxN!AJn@-1tFbT*ZadX?7KuHT!FDP^XbWtSk^?~*oWHHpLtQ9N@A;!!f)GEF0Q) z^nszB1JX{Q#Zg80^%F*{~|W+i1C`jmv20&kBqvogSH z#o6cdGK)@@YVQ%>O*-`d^yXggFK4c{>(u#ZC}n2YjnuTg_B+;HVAFL{DXSSt&DuDK zW6}vBPP3=yXFR`-{*^{fjl0&y_LSJHjn#`+c|P;|m!bzRv*BSf!t8P4 zmtpQnImCNK&qR}9t<{4d0{7Z^MGv?u^dh4N5^J`YgEk{zP}QQC14L~qA;?4C#l6w@ z6*_)F-1V8*d^$FtiQ`jaa~6rX%$evD&1qm6dx~>wS-iGj$u1u6%M8Ai#+6Mqo%zm_ zChldP9Rd3jid2|ggg1&=VQw)*$$Q_q-l%eTbg{%v)ZLmbHk*cS?0kI`)Cv{gnMZ*% zLy)ZQLyn6pRl^^eAn-4ps&5JrLMwfhfb2 znFBXU-cL7Tn<5zZ5Sv8DB+onhTao#fT5M)dUxKKCO1L8~9 zGo-1@BSkjD`SwEVP;3`7u(Uk`s0T@IkU-+6MgMNT&W-$u6rJMCTIgk%XQ7Jen$BWU zjWQKTiz_pqh*p!?7acHeTG3X5NjQ%-_~efc-!!I?sus>Xn%Ju`@i8)iL!BM~W#U13 z3@cs;)0M4KpdJ{`^QERpKwqYNEE(Mkv}*Sxg+g#EL~{>%bxH+duFB2#;F1|6y(G10 zFMdkNFIjxD1+hWJT#%%t0^ID9C{*IhXT|M@m+*}9a0*5pmMy=#(p!2Wi ze9QEzvj;MADTe^aK|g|eyG2lX3Nl0wkHE%V(!?k$)O(3IXSak-!*PU814*4uYx53n zmb&Hma3=Yqs;PleHNEhN@?2qZ(G{S3rAeenGWzrQkY~lAHQ>9sW*$T5dq*Y-?vj-N zuNhk4DuX+M;ObfC04S2kA-XT!mB3B&J@4`(ESX5i6~ueC4ok>F-itOX3)=%DclMQ z1bwDoDOx7)=eI{KiAH%K88t#EYY9&u=Fvu%I!SxM3BuEG89oY!U8zIjM9;__PKYu0 zFekXW&~3ye)l>;8bp(b1y4wP0<1T^`7UoqhOTh}7(zSd=CAyxG;>;wA6+RrlP~)`e zCNVSuM{rjufL*$GG53?9NzC&QE6g|D47?7aN9>*&ofv0g>q)_ftx}92>7k=b5Ph!- z;_u2no~Q{y@3FF>Nog`E2v`#) zlq{w((4Ug}u}{#Eh*2D$u)rj2F|)${vf;e0uzXa)2fm;PN*8U=ei-QuB3FupsET6& zvoT2mj9K<#P>%atY%Y!c=VOm06fPfYsGG~isGD~R&sTepZBc^JoTS_g%+aqRD)BTv z;noRZp_8Gn*p_Hl?4uIEG}3Q)dG4|_7^#t&(F%~ElLZ+p$@9DH=3)$;$=I$W-b-@Q0{{exWm9m<28NE zVllpsf_J6HZg$t6-Q2E&6owI)g=rO{N$d|&dmBX~s5A4!)cqJ#BFKvgc6FVq9z#r= z@=yh2P7*g6e^p>d-U)+IsXMxu7$x|d=t|Hr86YSqTL=r2*Gp$SFPvRCR}?^ADlIp= z+r7X`d${HK?j?Z8?`2l)7Troa{38MKs}i2SNRCiP{%31nNOST;^A+YS+04F|*-e?h zF*7%1MTrFZtX@x|*JWzI7xO0tByvVF%#yaNjgAtBsZ5;Qk>HIqPxU?Jh)DP8j>|Bb zgY6~M6=5)a8%6(}D!x#X2|;;RIPG1@D7b4YI*}yZ{_M;gYM#u@6PbA^OCHS3)1;Y- ztE7`I`Y_DAfmV9qWC9uknuU$gP=LPJzMISkI*(vt;Ooc+iA{mAwsAv%;Sj|i;JIu^ zqf2vCO($9NCnkhsb9OE97)^6W6NI5DD)aNi-jUgxGm=m-mG(v$jd)LUT4qi~_H}DB zb4q3w$4e((IZ5)V^(Tubp`rocEu3gwUmHgr3J|DW1~VT6S(hy-@?PljK%o_SE;1DO z%&JuEvTByVf^FMlFyFP`mnko2Nu1cb6`y1`e=GiPCDmMzMY{n9toa#=?#pTO8_s>5 z0$DEmCiqy%I^8*}Qk}4=QyrYHmfc?1G#B93l@#?yoZYwBF(7yuV3R%^6WS#NQ8~hC zEem`YQ_5BUm}oCO9HG%21$J9Tg52Ua6EhnLV;}oCrZt zqwkkN_w&qb#w2$MZ;zlahZ{VSldFxW_4Qc{lNS@S#%4m)V*GkX;i0rmSTlQoe- zxf8{UkQASh3E~2Ss2gP!lT)DX2--&$}T@WEH`p^C! zp;eh%=8um-A>AFK3i}paSYbRX%^oa+wO`52^|IrCO+C8C;0Z|lWujF($7*b!k@}OR zD)^Ew=YC40aF^c}kHHrUs_SBGb$cv>^#+WEyCO59dh}t{3-A z{1#fmoyD(u16}E(PwLxoP?I15^1g^uB4HVs;+Z-)f$PYhhS7z5u;~wR{l<&e++ysl z6kRhH^8?sv#NnXJYQ>u=JP=v}UxH4}CTk(<%k1{+o)gvv zbiKbg^!Q)2HhUvD?YV7jgd)ip7|&%*QY;SDkS*De!NAFSUZr?%{q<`FKNWAXvo>0@ z$(F*IN*ugD--MUyMo>d(3Q)0Js~?gA3M8dRk1U=WB#^h`swIoupl!*uY-2?~+1 zj|A!E#|T0xSR(mB&D~T>EAgAmgH`ir)!-r&giA$FC@UE~mo-S*bbnpLUf(dkt()J~ z?Kdbz8q<@3~n}~xvsg#9ioW(&O zH@CojC@oQ-AT`*IQF!fUHkBk|%RnmJjJCjTfjt=(4hV?2feVy0|AW%>(_g&r$dU=K z%DIv6M+i@Whm;^x49P=gt2mNUI47NRz{}faHB4?8muRT2Ym8;+&cu79$8FfRMh`T@ zY%3$t0yCG%0!1=p7#(us5Bl?(_WY*#&xX0HVLu5I6Q2Pi*Rc0A%ugHcUY(h|HQQgi zyAfzC_kbJ_n~@t^>WJ{I!|UM8rah}^e%LU#HS8&B^TejP1()FVQoP(~e+mn6YXf;C zC!u{mp5HcEUw0R=g_5_lC;#pATLp=C<B~fBnK8t+ z#W)i3BHc55Ad45}0&}b-i23QJalH+zS7ut=~N$KxGB)OiA>_ z@e0UP@~9A&ppDD0HM7VT+bTI;yLc}RE@k*^sNe^e2a|mybM!X1P&@>AY*1&=X^Rf& zsY0R+zI@{Ydc;HzbYU;hfKIQaXVf^CPOf2u7^Js~{AEBrkv3{OGs#qfrJm*8ir%A)v*e)@7F2O$?H^;`2LCLwq8s_)?VSw z<*0NJbw=m0-gv_|9o zsfPZrA=RH#Kp*~733@;E>d>~LKntTNc{)jTP6SwQ)bLp~|-NZ$@EdUiP5U#jx< zJhjv(r&E=A+R`67MY!=N!DSey`+}vD>BtG_qI=T(P&&J^xD9610n!TevjU3f3{yeQ zN<%zf=LtwV@>$hZ>Sr4`S}x%dRqef{=k& zK;t0Dc4AkU<>OZlknoBC71r2O)+iBBbp@{^i``z9csWyrpj=rmGq zVDWoSd@W{JqDLTmsMfom)RiY<`*ducpeN}2yB?(=9r_X~4ke!z(0vNK2G(B1sKNfQ zSUMm9c^4`c|1xMbAYvlEkw9!R)P5CWR(39{Y^-t>o{=^j!gHgF85L^dRm zL()}5oKznK6fxn@2SqX3!YT&9&WnBl^@-8N#&YCVc5^Wmyu~5Nj)YBptoC!P)9%M7 zQSZ(utQ|+%epS__T6L@@j#<~M(L6l~9X!QU&?ez7W>^%QUVs9O3XFh0K5FbE#yt)T zYaRnQJ;s&$4YD$yA29=$G|gkpY~SSKCVHb@3>PLRk7)24Q6t*qs43l7nlT!Ce#fsj z%PDzbTi5U&T6~Mpy$skh&1yfp@B*^#y=ct#Q^2A&mLiFPE{*{ylaetE>U`$9Jj*-r zF>l+bU66${dx7`Wa86acym!HJKRy*x_RRK}&XFuncdtb!1Na74CUN`>LAqnQP3v?Y zPZ(Z5$#D5BpBei(R?bX9!m}svZjd4KIW_xaD?xq?8Qi{8*R*UfA@k#Pos}k?hF!u~ zRSRJ?Fb0otFs4U*G=Px-fUrx2&r`n(4A)ztXaUgG8L?vWrwhpBkVbpfiz3jII?-~y zW5L;p6t<)sV@?q}c(E{93&k$>u8e+%84dj}z{5tS%15e_GDSjEK3~XdbHay4 zI2T10E8%?{&VKuIE9!rLJ#8G-uC8z>uSZ8D8wDWTtiw|YM+uvA9LlsEE$-5N#cXzF zi(3)SX*k<(9u4QN&B!4A)p`P%z|p)Ob97!ST!RkqnTpDdV^lPqW2Bk2NVm_?!q2G0 zkrJ6vZZ*DG?!qlAY`cu&IDcpm*PQ)^ zwi2XZ$WLRlPe)Miqqg1(Dss#rUw4yIcHAf`{Y9{b`y_W(;ri(J4wTrSjDiBom$b{sZNvlQBASOssWw=JYj%Evf=NkpTGi9sojryM_w>6##LC#TDb+9;2 z;nQl4#ox8g0@WyxL4|7|5){tewlDtIDB6RCJAzJZa%b3$j?C|~ z!+AjY-}`q#lSHQ}!fR_&=+_3h?z8n_610M@u}6gYR+ERs!WD@E(2uYpxp^CA!dd28 zVbP$Cmlrh1E@yeHd6dhbWko)t8wcSkg#g~1ZmUVor6oe&nRbveumtKB?-3@A&B(-) z2&~Ux*&*1ZjLDrVz!J9wh+-nB$$gOjM)147k82aPZ0=Wbg9KO0qfDa^bUHiA3Xl_Hk0{!Oh2avF zek@f0l5_)4p&M+3u-~x)2S^^Iw5)W2)5>!~o)?~8sc*|ry^yRS9KPl;SG z)5TdcX-`@Aw5>d4lV|J*uAD$ETT?1lJWK0-T3{m4+X@1p1n5R6=b^H)iiw|OVV^*LxMVBH8vAWhRax zAuoVHcT0B4agtF%qI{`a%z2R`%uReg;epm(otoQHd_{&$GYL}y_WCYF0Z_aNuE^X{ zyuUp)cc@!0CR42Y4d_r-bu@JlY3{rWhgNqtX^0%e(cYYlTA7k*=DjRKxmBag z&QP3Hdu!!H^;aoW;MO72T_%tu#(<_NGD;0+MUzg?>b9Jhq%Eh!^Aem7sIFA5e>|c!a+Fzid_G{TsiZH=xD)11(PCivg%aUd;?l-g8%A{R_ zn%COz$M~7`qZ+2T7}xP!SkZnq2!C*!vDCX@ELA{}ez7A;S;i@(l93ElhP9xq@++zl z-cpFhV8m+leUly`?9J|b8|eH1Fvft zxax1W97bpCbXqRDJvoSjqw4%kN+kk6pjwb%%5G{C5`EO}t$InR%Alg9r%gW<4jraM z{hX|lkzU0M;J7F0BZgn=1dLTjUqav^3xQLw&#GJ_6Z?^ z^@9^f;`=EuC0E!rcG_0vpt2}BgY5?!f_TQNDWrqOQ#mgULWz~R#Ukp>->jRLM_*Rj zH8-r0be^Tzk)m0%!W(=X5hIm9fuGITj2fo0G`e0UJJ%0_agzGf#U6g5B+LLxH!*)C zmgW9co9Wy`_yUWM8WU3@nN_zBLBHkwtjJR+(V(4<^O4|$2`8Tsj0u>SL;o;xB)*4< zuA&sL$hZM3_YwT)wFgo(deT)%Y$$L~@mlr^Bg&EZum%?k-KWr^`35~rfW&_q=lN$cuS&%9i9?x90-LCumKu_O#!Z*#xNi=dNPKn z46-kJS*92ee z)Z>}^bZ@)b?cG@29o?3sCwY4^t7K2{jkPFd+MqA@b{*_{k|waYngCiO)i-f&YAKiv zg4*2E=Dp(IpxeR0M(Pt~tsdf6x^*(i4xT5*jhrxn{=_21GjLe2Y35sdNDHxlSQJu!r~{qvwKAGOvi?Cch_U z<@PhrE2rm|F#^0n!{<-$BzM`n7?-MZPND;0*TjJQs=~1{W*Sq>P&{7SJdLhMZQI!o z76$YH&q5zd^s!9tqlyy3usbA)1c**ZybUO?acK4(99f6wKU+R?_H^mM#?_?s00Nn>(;rjw7a*6SFxXfFQX}o@+NGhNS*zJ+@s1 zxVUJavM{pYeDn{cm08Ey;rZF^t#pE1!TWR{Tu9}b?wd^)wC zN^vzu68m~;o=wbi3599t_P1FPb4rTf{DsuuWU)q{&q-auhoUa}Z@%qtru+(LRD*bd zvsG#+<9mg!T$h%LdbsOSb9QR4K}6sl$LlnEc4{t4&1bjuh^xO!%rl9(e7r|rP2q#7 z=Bu{2zrz=Y{_Nnp?Rvxa6m?0>*V=vQqgVNM)p=8cD(ox@ThjV8&SIBQailG4ZV=Jg zn6_?KOb{tx5zAz?`iZ_nIP&K1v~@3n3Zaa!Ccc@j*T3t=s-Rcsfvhpy{O@^y~rM8TaF79=_9umEr1+US>Z_do) z!6ABG<{r~~m>}V*A`cPlgL2!tS)geMiu%QzD(V8=F0@01{6=wR!IQpi<=mZLOx5>M z^iFUMS8GfUN*+$e9TMolt>*aQsGt z89kuJJ(g>~$jooCgKqnsHTTPGlA4LXybIx&g%f`9?upFdN4{0R`a@t+yk>NKfzra}l=CS2&0P{iF^+%9rK$kRzi!3#-7$$vb!&#~#t%5S{ z>U^Us9EzbawG{txC9(u{HPX81bIADvEBhodp-AjX%O$)hBB$35uG{v$>_;Zt19#88 z4L?6Rw@eIn!8)-(5~ z6ECLwPs!QXXD9(11B#ngsi?6V85`yAb)D1X-gd6oJKXVYc__(8%!P)akh_fl&wNJje`*M} z!~0<$^C358N2H5{U5w)znNAXA1u+#8aG>yw@k1wAb|GkJ9>4n=-AQ=ga_}acJTUew z!oYUmcbagxWU1dU40>G9@z+YPzuKXgznk!lDLg+Vg9&a_L{4V(tI4p>*%YNEqdFm+izn+^*>NcvHgVj(u-$04XS`-76bxx_5n z`;?ZCq~eD_Lh>pwPZF^OJ%}c-ygr{Cf(D-q;~4OfR6tsX2S11u7)D)*$Q$w!PXzx52eO}SZP9D zFma*eMjC>9Z7$?@OR%kA{2(P=Jm85l$9U8qP)%Pv4ALhTybo#b&{UM{kZg~I!$jA5 zInU2rFQo{n75vQT`U>#Pb6Fr3*Ig!PxKtK~1Pat_t7T-Gr@FTWExJ4(<5Q4Nr`qXq zyoJvcZt>qU8@<`&-A0lpS1`8I(Kl)H zgYpE7@MPKCQ4aeT@fK|GQ1O|KFiPfnVS?FIzR*3|wELzfqDK=X^Iviao^$wbCFZx# zk?pqCo}H}}FAeY7+lQj$&ykIYB$OQu0Q=HjDbJHSGXOE25tJYG3{ejLrl&@R0g{>p z8#A_1>XDrY@R2Y|ju_9DQrI3;x0@1?6+%ZqqIC zy>@eKw#072dH!ZJMU|=J(^?Q!xFsGm@qM|?7;PiGJGy6qGeMx7Ki-}?C3H)Am+@R!wgL=4Gk*;Au~;X&#AaI74w(!b`#!>lfiRk^Q;)Y5u6zpW4LNxfw+#C zS+q&IZf5BGia7_0Ytj*=8WM~JKYX2pDqmJ6o9JXA3cR*Qk12rkL|5Y*Q50!(&g)9r{Ymj@~{F?0=a z4BD(G?v>+1D%~Q!SSYdfOo+;zCC#VAjtQ&=`+z@SCm^E`w{1QFzzvGR0h4o48Ze}X1Rv5GL_{) z=e2am48p>2Zj_}6AT`J?rJOjj>f78 zW?sdvT$7wZNfEOqDQ`u$1ykkyu{+o)qvO}MA-?Vj>KlAQYT3Sc^uRkI8C~xE6`%{) zE4s<#nz#WDqazFqc(jA6M$O+4qQdF5?ci%e%{)dPrZ#+iMxO*MZMZz6W=@w6#UBXf zAae>Rk}PGfkbq#jHvU`GXiuy;lD>45OBZ^x-rEZm&es9RzX(wh`5{EvO%|NV%w24E z1r%GZR_<=`+EwYbD(eOlZr4Lm~O$uR;b23-UOkik|-%>l>Ekve*e60kX{ zF8EsX0CqA_z83GpX(FR9)uqDh6DV~I3o6Pk%)z)?())AsCbP>%Io*+<8n*ib(QEYt zuXKh=F5uYqGD5LocrLSQz7Gi2NaoN^HwX4lnGX8=DwPY9q2;}y$x>*NC}kRMhVx)J zC&2>MAEewEQY}Id`|fCilym?W+@2!9OZE=$?hGl0O8!>wiEppm;{9#j{D>*>--qi> z!~iS~HbiKEo;?-qGwEdtv>_=^Onn@zAe+qc@OaXs(jhv*Uie6Kmmb=Wi5qh)hJp52 znJr>@7%Nj9AjhJ*E(}X(F*Mx+sKhEzEEr>{nZeP3{+oz#RL=G__Ptx>KRYR$7s+R~ zaud-24T8S$7zAR_IydbC&1n{%LwGhHBoXVWJGGyA2+x#$XRJNT0PKKQBGOS(<+W1m z`}h`xr%T~>xOq3v-eUIOY{>I5DV#C<@P1yfGCfHy=w@2<0M&gH%*(Ti=cA>p;IvPF z=9;DLUhLZDu9ow383>ng%xw1r*eQClh;XU8-wDQ}MP~Of4_`L%&Tp86eYR@8?=jJf z&Hwi#gpTagetc&V)D5L88h`Y*Nf<32T};AwFvs!SO=e`HplixT8RQR%o^BD@LDXjPutCjlPg{>9Bc;|> zW@m=f>z5Sa|HdAm0bqZ?rjXz#y0(iOC_gCs6(HYn7tk(l2Or^U7T^#qygZ5r*~4Qq zf`>3vSy=^y4akuTYdyN2?J@SwXisp4?FSA=({`$veE~j(SVvtzSdp&6L;;R(ipHi! zha}|igZfNXRR#+G;c_t-WwlNqSkL zzJvh6bjS}@eXZH*&fqtKonU(W!DOHKC2-Uy5WlB^kHzwTl!~pU)Q`!u-wu#ibD%Ev zWRsa4;I$mi;KWKa_U7n0%T^geJ3y~Yh58J%AXYE!N(JzIvi&eX3c%tia#^c8cr^)X zd(mjfS*RqdWAh?Pw_rZRw54T*?I!xA%ggJ6Kq?psxkPU;Q$+2qCld~=1Rz!QnLJKZ za);EJD2lV_$4crKDAfkDTL9$hdi8b1ylie0!!}$3y+S=o@W41cL27Yd5_HKklsI1a z#w7(CRisza2!MHcgt%}^Re`qp!uQ&evmm(E4x9?&M zfI)-jw_|A}0W@GT_LkGIZjn;GPI?E*1BDqZii^ z034@)pBt;>urX7EGqY@ zoc>eoabTl^?e6gh&1}!CnW;saZdyVts(c^=1Lc!br3r$Z;lGS<#!@U!kn5odOp=>Q zX0N6Mi{i-sj(TNljX%Yh6Innu&~f%)d_cs+;x$iJBzfKDc->ASadW9OV6$=+H|A=s zgx49HNB^h=a)1O7?rw4zRe&oe`2^SEe%cArIP-uQ&kTIZykQDj8*$dn z?ljS#CJz22V^1~=c#8dBjOpJsd^goll2xW^8s;&7(o zOGMrx3Zb*1m@fhC)QnEbZ3o_OY5eTl$tZ$rxD48~7RKMIp}vC8=C)$|B-07whslvG zLFRM~T|{>odd}@zm+f0qFk`6XQG|f+rB<=@_a69QL!bt(jv9 z(ZN+_8XCw!f1h!updfOevdJego2$kLzXx^&xksURVJy~1r&tkhmJF7xfMZBX;TDY|BYf`;N5$owIrrRR|3318oz4Yw`EC} zQdM|Xx!=&=^Bo77=DDlX{+9PB-6@Gj8=;$r7wgqaG`e#0@_SVY$$izP3 z7W+#qFgS+ebUP)=F1FE?u1wPFMCr!*dG0M?wgI#&Ej7OSNWqH@&3?_s8^%8aE7m+_ z{c|=XDN`-5a35;vGo5+bW|N`!#WguLgPq!=2+D&z)DF{*)RH6v$uKuCkJ7j(S6*W$ zw=`G|;dzz62hjuLM|=n6Z?R*BVttNC2?d8pxjWPD2BqwdyGxT1C*|DDEhNkJgk{Yn z2mz*n&?Ut>lb+f*@_ZPnDp`dkVHJpnYDOk>5g9eD-GCmODC?K z4m1bEA8>v7pc`<5^{jWKJd3A|l;=SHN;w5)stYSiV5t_fI~G>t8C-$&8o@e14lP;e z#7g+?7V%2}C-@1+I7RE%Q61wa3}hV8-s3{dH`xMiC=!W~J{=wAOkDN{In+S8O9ocR zJ5bDzu*vyPSyw1smTi{UlWhj3e~%pyM|y76?yk{Y7O^P%KevfGUj z0ksOLf0=no{3>6@k7BO0KaJ!2lseU#{}a1M36I2+a2wwLIgyd>cd`2|UPk5`#SP&4 z7>w!&3Q0~w0I(#TKj+E!UL&T-V z{4lY%#^#n7`QbZq)q#SU3>%q#yy=tDwD4YUGNC|eByo`-nn}cb9Z8IPTUU?ccHkXGZVX37~p`m z4N~j8-m%U$igx!yj0klg0#+Yc%!ZPEU<_t(lu(~Et9{+RtCCGsj7ixKW1;NxcknYZ zC4;0AJm|%+ms4RujPH4$iZRK~L$p24`2=4=Tyd{KH&@Mx_8Dw2Va;l{ba$n$>0%Qa zP;dZk3k&7v8IfmrdnXKkCWLMXqf~iQQXRWbPatMlc6-JBt6uB0N0c$IvzC36E-d>90)vw8-X6g3={1?BqGJG zAhv`Y`9)kC%7saG8YyLa+FLcNYn!TqCP=>@f-W{AUE|l7t8|;yi!emK1(+6K&j10Z2Ys#Ka`mtX6Dw+{3J8Cx6c|6 zw1vc8oxOP*4jm=nT}eR^N31zGxhywvp4dmT_>nB$BwY5b%wChZ@5zycL7kG>-xnE` zMaztRO3{Vv3gz~jNlXb*qe(wtCZ9wH>zpOM$zD97&Y$n9!yyLm1+h%ig6MI7Na0uy zjZr-k(nGp^QTQi~WJe`H&aI+;QHEC{7#SgOK|Q2mP~KJMTTu$q3*;W>7CaWwLCQo{ z@YqxqLH#9!Q40*tl5jpWoGal>$Q5;^Hks%?5HpRyY`EY0^bg+rDz}g3=7Jqd4VSPa zNIKSRm7)CM+}@9|E+%E5tXCrjtDF6Gp1e5zS(qI{3}TX`osYN~2x03%ukPfMKdA() zuPgbpOXiGHyft?Z=Yhp=_Nz)81csS~Ry3osRG;h18fgmz%MFAz+5ND;9wuD?Y@k9V z<)Je{!YE^cA;nRibBv<5A=gPQ=P=b6j3}wAQ#feJdP|($if}H6bG%+NbA^f4ma}fT z&JpQB%3=4VIK6^uRwa8WL}XD-P z2PJoX$zP}OZz{QsC392BkF>`QsS9JD$=J(ri7nKZHB&--HFlK#b~PHeRgk3rX6#Dc zNiG81xZ->=dj|u%_6fp_MtwjSfV7{S5dSpnHiBD6>yaePh zkCx}*L-A(T*ZxX zZLKpBvi6d*fkkUiXp+woT?b)Ea2pKU`7PSc)#H1jYbbNaBuIWy&AA^jHglT{b!ZOR z06$cQiJNgw0+dMaR!*)D@0mUQ224sOiU-Tkn1{;#!Lq%toc*NizEg;xmMV}z0-b^m zWHS1#Ak8%JTqD^X`bOrw7(icJri5m;Q$l=Ty>unD^?c0EGSOY?WCMeHK@lex&X_`y>uL0HeY$br^CGyu&!&=$n0ms0z zoFmKfSxP?cZ&i1%t++2#dc$m;VZwAJlJ~O_WY#Lj z07v&=H56wge0yL~w5giipW25~^I+;90#*8-RP60a;Ea5$ZvC!eepE5HSL`To`MpZ= z%=qWvxW?Qg+ha;Fbcf%`@GR{!&Ioum-dG{Z;QETWu41mIh!T*#-F;|7|5Cw@xUTBY zuG*8UesNn2I#-*M-8T(@o|%lqO?c=a300ANhsnG|&Im1KC%1)AJSsg2^SlmlbZ2mn zSboL-s(5HhNV1eM;`BD8Q*qJWkoJc2TKQ{lNNeFdH=Iu>E*-Z%og8HklYe1%P0Uwq zbXu*lKC_o(=8KsR=k$_{bO9Fq9s?%H_3V6!xut41RLy6r;Iuu>e&!)f3CW4r#%zAn z_ur}}OW$xEy@)q=RPDJ{b4R66L+Sm5U%CsbK|{CwRdWGZdeU>N^=WoGnAX;Pedmw_ zf1$sYtexm`NC5vz)m&Ap%r;Mu)eX8gXwRtncQTLi*TvM}_CU$gf&#;V-UL%UhSM<~vQC=jQNl}GWH;>N4(sNcer(NnD1Z?tM8}mbw7WGjVdEgC6=I2Q ztO;$^k_T(S7|Ogy&+@$UDgzO?A8{923RB8!io$+5I8%k| zs`zklx&A-9b8^wSt}~28jPku^Yl)DUt9h9eWtY0>o_g*6npulOhdHHgp25>VydhK# zUwAkJhEg0EzTYvSR1>d}d8LXxjFX$2>V8{;6?w6SnhA1(esU&Ox|TVC6bbQbk}_-I zs`vj@vyW3Olu5b(TfBXs?(eVL+nE8>WYlD=?m}^i6|fligu!>}EYldSbdpPf;>9kj zdi3(+M^%By(g5w3_K zJVu0t>X!Vu{7C92QJRw(Jk*9{2~G=AMyV(Z_m4H1o61+Zjb*c`e3IE%9*VMid~{Ev z^kMEl&fH%&57h00b@L>GL+S12#)i3FGQk1J001-7`$D~a1>txY{$~&AM0kYYYk`{y zh;j!uE&F0UKDA*^Ys8Dpd?e;iH{3&YvnK<(Tw#mr;Kg8Xa&uB6U0b|I2B7a5EDA0< zp(Sc^QxEPivp<&8ES~0OR04j43n!A*f1}}P@qPAM+DpFKu=Mq&hPk{EU(s;kJu&6q zYnXc)?(XpHW4VJT--Zp+UEN4-YAEE0*+Ii7H+Q)QxfyOK9wxe~QK~rfuq>gip50`* z&uu2>G~MHk9-_5bP=Je#i+GJjn@B9j#TMaoqKkEc>Pa{;65QmAJ#~!`Jy?0zF9tf1 zKJr>+3NrN&KbmaIJ=OkUyxJ?nQ-@lUl|h2o5^JV4r}yN2ef1eFLfBi_1MD=KBt3@T z$o5qIGkOkuK^!=S;epvoq=PnbFYJ{HD5V^z^O;pPl;)b#!O3C` zDt`{>@N3M0;=G2AN5e35pgEw-k#dwcRz>$xT`Yb?B?unIFV}8X0?_A;c@g_9#=D<1 zZadUSfZut?mJJa1>_vnn&)ti6e2FMq`TgS1-cAgDA!e5ssX_VxSl0Hg=LP+Vl{RzlsZ zTkdw{ybNkK2W8M?H;KC(?lFDw4D$)H>Jf8OGk@<+GX7NSPP6t@@#-uE85RsSFVtw| zbBm2G|GU&4hpq2#>J1#y`@xFC1WQ!R(dHuz0d*PNz~_wJ?*4z`s<;2>=a5~Bj#zt) zJsL#FgwPKT(2ggHSy5z(G^_bORC~#{Z=9~@{vcFva~N1=p0(yhhHgg~28&HMb}7qM z{SDXME|Aw9TsQL-wyWvFf1*Mm4f`y5a^M;lNf_BQcPGKM3$)G2j^bUsBNMu_T{+42 zK@mCm|GLbVoVmnwmjmNQLL;JBg!M_B!G2!A-fEbcev#V^mEO{HX9zDEQ2Zdu)PCS6 zIg`?`v_7g*Is%ZytY_xI_|#Y67-JPExd~qf(FcTNZyp6aHo5&bI&#mvBb@(Mxn~yC zaPzk_sh56eGOLMdbkWQyvo12xIs{G7g$$XeCFZ<@N&SQi0f9tE z|CkR96Hr96+G|em_D*N-aONRb`8mBqC-=NFuok!B+O1-9ci{nJK8GqlT@G)yMBRry z+2X2jKj@=@Y1SQq40QQ^^AU5L>t?#&X^sHlvK>Hmu&4l@HT#%-Nwm8wG+I}e@nha6 zWH8ab<@^Ej4`?j)-EcCL?3ySVR=W^51#L>DGzP9JVRoy4kV)D?%AX~EdJvwtRS92J zxam6lMuVp{LsSnF5~1J=7_@t;cdCH3AZftLuuu%AmNSJyK|61iZuEDcpy6o2jb>&# z3zp{bxVngh%?U&mQxPpL3HyqLV-c4t#DLz5qohh)ig+Z`69OTg;P(m$JnkWj@SP=UZNk|u^yXrbfXwUv3y9a3%23_ zu^!Qjm}9Pi^<1JS3_^v|(*4fCY^uh{%PHk{E&$Ak6{vHeSIU(?yWMj^eJ zjw^~`9q9pC)E+occ@*+CMX;~=>4gUYYGr8|I0z*YhGZn#J=#~$97Q&viLY;#CjPi^ z-ikiH5-pfcW}bPC?)srK6Z%IK2>o?4OYPSt{kI(HtS-JQ&#Z*++|1^zg!?8(7ZUXi z=Zk`bxiy#~r}8+G%qIOc^?tGjMYcfJg?Hr!)(tFkmKX?~Oq7iWSHmSMQ zR+aEd{a|sx_t_-g*Ib&|CqP=rRbNi*WeI1qA1?l0Wm>koqO2MAip1$#9&$|*e}{(S z>nzAn&yUU0cqj5b?*hIac3(-dhhujj1oMT&?JL?BKbg486d^X@;~v?!YPI@W&(sT!r)UQ8$v;Pgr%qFBkcQ)FlC zdw555jf=9ds91Sf%#r9`vV5AyQvY~re#sd811SFekJ9)aL}(~fK=VTN3ONX*#FB3^ zxLpl{CshC_V3j7eS^4pWjj8F0%?LOKVd zCTaqtV=AtYR$2Q4RLs8AJD~`X0!U}GtzFx%(8o5ogB;-C*aQ&*Uvp}CvP%@2RASbZjGiNzYv#2ia4{j4<&IhQ28J9hbv9b!h{p!GZbqwPIoIuI zWi01f3|LHwPRj|0k;dV?%n+hIX1<%5bM@MX5zSyk!+ex%&OFh_)_#SL<_c^Fr#rE6H2h?&~GoT$aU{&IBc(I4nJfCvP>s z1P+1d>$CiiXqv=+J)tX)XZd5Q&4W3Qr*6o6y}gfK=(5VYmWYb^f2? zk7FczmwQigBy)9?Eh%#myi;P1PTmLA@8ZCwli)P&KIs3JdxWROwO7sidHO>09{7SD zxEO_a#;)$VJbCE?j{1r`KHz2vCbW~dJ{KWwvKe%BsDFP}OSvt@Yvfw+_Y-24CIipA zin`iE6uP}=gy|Rzpp}dbL>HBtn0UfMW3afl)L=KW3qEh+F97kdLzkQ6O5;YtesK0} zg|fK|lLlP0?as-2Q&=W)e;fNlLl0e?#IBhS^snYxZ+M@w8_HuPzRUUS_^zMtmT^qx_mkK;`ab9Tto{8| zhM90}CyoW|s1nz!>^8&h)9)RxEs(BurS4nAXYEGEHSN$!`<^M$ojCfKU&~Pfl3|Hi zexZa+LL_nxWQ3B#t};)Q>=|WP&__!CB9!gG)aNm$gne~U#U2K?&(lNVT$1OavFtZ< z-C7iE#-3hI*8SBxN|%+*m&=yB55sK;-l4kO9_%_z0$5JX^`Qp)zqGvvyd7no|36Qe zIdjgOde6D{o}1fCdLfX67D{N+QL(NKY^!To`&xE?OX$5QMVcfaBA_BAARrKwA|fD4 zQ4}E{Cd>xu&(3|$?yzJKUMkk zhTCAe&>oQsU7RaRs{$3LKSWgCSk_&|nt2EL*S0n*%I1j-o;2h~gdYBZd`_(XBg*j$ zp+}IPXEQr$7R%cnl=9mwc_Ms9<0=;K)H0!e?&PvN9Zja6Z+?T_1q(n7cM^}VN&tEm zdyiN``?In?q2jhe56^1GqvA(p#`T9~kW1 z327Sj)?b$i*K-e)-9zQ3q$^|ZA=t{@#r(uSEoVRHn4xykQ%Ktgx+^|XPQhVn*I+!P zcB!NsPyUPE`eK43~l^D*|Dd^E6Z6Ej^X&SJ+5p! z{XK&BfmMz!XM``>tb%vW8sxLszuo!Na>_UdiwA@EN6Qa1XLcJOH zr4`JuJ>6-$x3@5@ZW_Jmz)t;@p(biWJK9Wl7$}dY6R+#vynrWKftQv29REo;_>(F6 zAk7dl&ro)GSICyBLkg#WGf+IpOwNa9?1Blq2i?tl5=g{A57?wugyf>NZ?vI)TjSm^ z)Gqc8V(f_rvi>4+BhH3{g2@pJrW#JBWqpgR87Yk}m?)2zuPjBPJ z!qdBu$A~S0oMe@S#2lvhI~Ot}@g~_FkF-Ya;hJ3XHo+I#Ccn?({;;B7hcgDj z0~nwJ`}JPfnR)Otr{mR;Jd$#A1+GI1FnmuO!Cz?I3-Al@A=vn>r%EsUV z-mF!jSZ0r}^zjqv1y6&t4uAw^K;vQi3Y&K%e=1NRI#nj)WY?dUiw*PwxTVIrk)cKD z#RRS?Z2fS-tSPv#UmEt+u>V$mY1b)V=U2ubCMa>8W7x6qv;~UmLs;q<3 z3AkVJd*vjQexTrgXUz+W7t}WoS>)NHm`I7I%Tv3qVE3SK^uN31#=V#9Ad9K6j7VVL zBYBMKu|pW}w&t5b^S6TgOTj#k$Aw=9P@&H3Hp>j|=4`SjaFpDGda~{^8vJ4RK|EI9 z<35ObPlfE+&`Hkj+%w^ZL2F9oY%3MVd)@2J8{BTab!=5w+|#6)Rw|V)?Bgw5T>z&_ zUxCW=jy#{3@w(|=n{ydei+-BF0pWKN;0h$evWn?0U1}>!LcA%1$*{c+)bJoGIpOCn zMjwud1yn7;BM|FW1VPGvl{EM48N%q%>$}|$Mw4FK%apmn(ujOd@w>#AcVMuYjX&1RJt%}pbykWkW3~>25_aY;0pj7(i5(s*C)E43=}QUvAoVQP%>nw z@gxceE(>t!s4d}%VsW`?24NNE&6c9-C_j{BL8s|c5U0Te&|}sns4E=nd?nw14}++J z>ec8C@Y{h%@JmEk&O@y$X&g8&Q`l*oZ0QPjBHa@$Xl)d`{A|_yx(W*3T3R)RUn-9$ zHohj$bY!asJ6E^lsiue%f#u2rSbO=^Q`Oe*s~9kwzpcjGcjjgWQ?g&s0psq5R)k>_ zJ3ZabMg=wv*&UIHq!7Ny{iL#FJtOSK=QE2+NERZPQLAy8*Wo#cOsICiY17Neb0iYx zOV>dOxg3M|*g}{60E7?Y;F9#ux7Lm@ZVHf{eXR-=ED3#+)lA1pnzfQ%D zarBhq-VSzmYy>Jtm5=h`{4=R-_>6fAM+39FIm{rGCZOt%^JD3vzC}%abCOR^b-5Bz9-t5c|6U1q)EO-l~ErwlU z5rus?gR61pT63NN>bIu&7{eVOZ{q!%dnTK8Y(KAPxUm{Ao6gUGynyq!Pyil~Ut#@K z5h5Ejc(V+b%&Z$BQo#nn8q|i&k1F?1jO_qPNBS1L&30hmGCe~;aD%?F%k%5c8319`##aD_<>0v2gofkbj;%QfZ7fX2e-8~bVpC|4 zL+RtH&we3OvmO#cn69%g3lh>Pkign~El5}ZBvjW!0za1HwIJcH91?H<`~L$HwuHef zHWo+c!(q@l`3jbhR{(a`AZC#K{6s9m43-GVzxg%qkuZN-?p2?tj9#@BPzTH_s#w+? zTPe^3qGLH{{3t4+;#K9;tij#3{Ud>0>X+H zU?tR#5(Iw{Y_Ki;#^NZhdv>T$*Gfmxe2>HA5o|;$fuQ#$7|f0no2OKdEyf4?b6EY% zkr+?rL_vTg{|mWMLYZ_iL?8>TWduqMQxYO{ulmf;^Xy zjv1+c73s<(2YBd>&IW>@>_>ZhlsAWyNdk)jwjlWA{|EW+v7H^~?L{)$DmzSgf;~cf z%w#?d^=N4@K}eVmvQNJsu`R;!x}@usN4bx8O=e54t8th@VWG4_t_*MIEQ4e)^auzN zN{I4~szkkqjGjJHQKpH7CuJS*ddE3;^om@-SnD0>+MmikdP^$%#o zZlm0}x7T{ZQ?F*Qg*IG`(a{QH>_e&AJsCSf7Q@^yenS9>61}yG<#JcXS`bs|;!{mB zOM@!{9VQK8y(yG5gAIM^9ZU||&PiCB{6ty;gaaJUlO$b+1;E<@rD=vEey{chtXG< ze)ILjo}HNcVsn3NPX)1T5;Pv>@tgnXu1CR!o(y{d7(Xu|M)h)tf~2f5zPg19Wv7c} z!p{^(iIyUSck~wK$SE^8RU$+J#2R1Bq-r$$<`mUIxKbRU?Z3 zZ;Yk!L5MCX5Po9K*O-$3-4bS89MOUh*Gh*m+L>8WPL%{GLFCcmYU0M+R3;NeX?#h& zku({m>owO@mr-?v<(6opQgl1fd<;2skp&EX3lf%<8U$Juq$-t6rhm$|1Q;$`O&x?^ z(H{^ue=$TX)}q!bASz0NH%1VNWDo&`XO$5T5yh0cM)iDO7yWsYAB*U{ezoGU=P5Nu zbtX6vT9>>nI)u6gfHz8NJZs>DOYsSE;D3^Vw9mu+llZP_$fiCVKs)L0r0o!uokr_* zuSB>$RbHmSK7|Ko{aHB5i5jU(&c} z@oXUK>aPfqqQ$FupL-cFNIMoBn=VDy;G!1KOE*gvrb}3OD!!=) z@5Z`j2B`H;--%WNy`c{$ribsFT;dCosi!fX>j<--2~un>%Wk?q#)Pjw8TJSMkGF36 zcP(V98={O7Z;k_*(Q`aov-`tGP!qbtz z8h=aUJ1El26&5q*#*V6l$VA$tvfM?x0}#<>dk50>1fQFnlUgO<6Ff{4)gVH-Yj@=u zxU*rm!Vo$Q6>W=wZKeHSPn-2u=Tf0{1WG?rNt5ohHy+1Py(+{ZhwZgW298~LIa7^iygH zlT_;G*e8>Dgr()UWj5~vX;JYFyEFa?YYG+&fkRDr}2dX|=skv8vG?E*sw!#O8i zS|p|;dAi{?P4)D6c*>^NpJ{YhU2tFEbETVpqu*UMQN+4*0ZvrefDP5i(ol@v(oNKH z=&}T9r-cT*n*(>TT;LsgR*QFdL)ho_l$%q|y?BbnqYT2H48k$bQKDn30#!V-zd>% zNi>jRCGL)9KrQi6|FRfV&8X&(q~^33R!(xXVnhehiNbhM%#eKt4FB7bLO@>y!$BA} zPwly6^7V9}yaHxyprjNPY`aIhLYJ&P-BB>zu&10<*$$d5?B-@M>@u{Rw?TPXnb3#A zj=Y?Iu2!Bj|L)D`(wsqZWhow>cu^J>OlpFLU`!ETAZ`JL*&UR;#$A%9mLPF|AsVPR zWu`7btddqOoEPy@OIqX2j0^xtYi_gHLeL|Wgc{G@9m~t{+O>y6PU1b>wu+;(pHFr$ z+Y&>t1KYN*x~Xu8ai34VkSxX2)kANP4r4t;tY>_PN%*cd3}oqwlajt>VkQ0eH2 z^(ViNlvkvXBT4IkW|w9c0<_FjYP*5O(QPQm^^bOT{s?H66p(*p#IrOSA=@gxy^R^^ z^j0N~TFF04Jxu6^Z+$3^X0QM^{i79A{x<%!$u}N9{iewqK#A@odq8?NcMPim>_qFeQbqn*m zrrtYwK6zaKUW=M-llN@6Ys1<9_ZCfk*5vu*aY}pEfZscR8-LrG<@MiAwkW@A>b+CX zH~fmLF1i;{WBt>0-_#9V%B!wS{#w_uh;_c5e8PsKzS;CoS4FKNo6WG(n~~3Mb@mn| zcv8r}vYH*Z5S>y+M#{ItAtL|aJ-}KNJEi5z3u|a9P;$Ul<1Q^Bo3+`Cz8YUfG@E?D zIRvI8JZq%$tdk76UAxhiW8aZgnve!utGHL_g3or8$Ad_Vb|xb2wQ%ElC1_mV<7Nsn zr+Kt)Sre7p``Ikp{2f~nlsj4rafjA|%fad+VNB4MR$=QwGlXo=XK6J;Knt9m6cIKV zMl~hGg`W>)c!zi$nS2NkM)S&>yE*F5mHL8bbgp>^_>F@(<|AY&=Uk7PEkCG<$qN6 zhXmj$dwz(#MDcouV(yB^a*r9snPOB=CP)jBQ`zi!suV~uqANWW8b%LV5$oaRYAnGV z8cRe8`ixOhwhLM4nba1d%ov^$qUTiD^^G8RD7R*2-^2!6ExF)zzR7ziuUG6r8!(Po z%zdJIXuB+KQzH2Ltq_}#tUyuuD2z8vL1hPrI6;``bTcQLjk$rycMWo&GNhj6;WF&< zf;QG#YBF@xe0-n4e(VSg;=CeX9BD~1(p{baxhhl1?*h;vv#yaeOT@Sq*R!zUY@R;0 zv`e%L3~utk~~$5a1dSXi6{fT%i5J-4O) z8VyY-sAcB|;PFyBt)-edZUunFP0rlz?2iE?M2AWH$09n9a)(@}04&5`iYC0S0-Vfa zSZ_4FtHl(*KkQ#0_Tyn6hyB26%wzuDu+xgl-M(`qIX~(^^I7*fU&jjBNOnaC#uZ6u zWXiu|Om>EVg&~#|ebddFZxLu8KcbW*zYKWG?q&9*#n${*rAY#eFErcQ4W!fsq zCp%3Uya;V$86*xp1EuMu4<$Mg zV6P+o%?@@Tv_Bw=I=b}_M>mjEGfBh@9r%%eI1_lGp0r-7?2e8B#Az3oOO-cv&UdKo zmd)v~#syeo#t9Z#y1)%b1|>(U?*|jGPNQfM=(Z0XRV}y)v3LaY%wp?mLjd0T{s`+* zgE7vvst-9*u5;5^3EkW-F^F3lTS zjczs>LkLPq%~}}T+``M1!}ZWg2jxn!CTkIqQa}q91q~A%I(ieYTwIdTc9TpyfqRNY z;N^n+YnxATDu9KVpGgroE1=D9!@uYlbCP-Kv4B$=@9 z%0kj~l4aWw&AO1x>@enQ%)1^oB#N9F_VL4@7tp8Zr+njpY*Z3>Td-ol?p#oA8Avkf zh9WdTQD48b=^tefdSRYjvxM6pPvw2|cT(lp@62bVk|pWKC3EWn`-25on()T+=g%iL z^E*A}$zHRHf{~PK<~815ujCx}Do@ybP4~(?`|`Z{EA!k7^UR{s95<7Zoq$53juZYS zqG7W5Llr5TjHFOJHCO^-jMg$}DfjjZnHp3Pa`sC7r%0(9?9cc-ax=I|>;nfZdoF|! zQd=>t$(>m;TphX1^ppt7EruKiL(w75M@NBd<-ze4d9Vshfrg!^p}iK@X_>59fD|95 zCU+7lU8_-5NF9|tnELfqCx)=l6BnvhH3{U?`kPE5P5FyLbP9F?s1H45oeI4812+{Q zpGc*$UGs}&!*EM($2hv2yRk(whA6s7paF<0i&RY=LVzlW)!S2~i`nAeJB7N7mkEZP)|d zXrKr1`OCU^2Pt{GFif6ETT6z5<#~pJ!U~01 zR#vc>30agHP-Z&g#`XHnxjt*@!VU4g&hz;8kf@CNdV@AqB{D@19n?#%3St#m<2*w} z*7l6BSzezBlegPcl1d8 zFy$hQ-MV4R)x$>$*VgPcHFI~(-$`0ads{8OrKVV7*yU}|5bf>XK-b@7=tv00oMva0 z3Te$REFG)JSt)Km%^;mG@@S>JP{A#@2QWA;#uVP{qmEM(@hQcpM2Ta%%}|mR`6&uQ zdk#O5YI^-_NdlEud~i3?XbS%jq=uTFHH9{-!ce3=j$%yQ+1EP&WDSzAgqigHaI?dp z^Wi$yGNqR&j3IAL`0;c`Je>j>0L%LWlx!LHJB0mk*#Ae^=a97D&qMxCL+<$@``nPbw{GvLBVSue%&e-L zpVWclM|DI8N{)`Wm+TZ={{cnBl?jOBjlivrx7Hndr_ZZZI}5sAA|<6z4x$>>+uSHF zv}5)Js-D{u>*kcYKU56uN6p9FN6o*Q3y1vIhwQ~e?xG=@mHJm|_623PdZlJwsM%A7 z{FjI9=|k?TLx|6(44E@XokMuYadm%e-H}6xdn=@QU4fZ7!1(rnH&BR~zXEN|&$k6x zW6Ok_L&wY{Qp5t~AxBnH>a*?>%Cmkj?8yVATCH1#{czZymV`q)?CmD|Tet+$ z?iR!Y_FK^z9fhpP&*9z^sNN(J*L6=Seiq=_EDM?ufof--(J!0zGKZ3gZ`00g)y%ZUlt2VKiO-qO+kX&5}iYuE^OM< z>=@MdK#TSpB%kzN2}j&{;8n8F&*ZZZMe1)WCqF8u%d7U_vU$dswF-lLsbZE_{lQi9 z{DgmIqVTk_zW`8BM(^eJPNw&MZNtOP(ZlB3KTrRk(1Q5VRro=~qmT>o?<9`IEjBqi zvBxCM^GW5-Ad@AH3hnk3v{sI~?j#%td*Y$qZ4U&itAY-kjOZ)P{xpd!@HFM4aseXB zlAelsL)=mLu>X+Rl7u9GK<=pIL-=gL9$*jjpRs3>h{hahJPHZH^>k+EbM7#*R3Rkc z@WbLp)sr1=?GgBjm}jhc(YV|C<16~@wf)I8{q`N^pDJgh_PE3zO9zU_B=+dU=kGWs zG0$4dPmacFnr1JPE5Vr0=Fgx^>B-ifLNv2JpT|Py{DJ2U)9N%=7G(loML097JkQuCdzRR37WL6HLQbDG%FEd;dk04N%^VY3R zEx$XPtWKa2o;YMK9;*JOi*&{D?@RG$Jkx)eqD-$hpCsP=!>W98gfSoT&sN0m ztd+s}j~E{V1N9s=D`WRmY~IeYb1(IqLk9f80~K70KpKDRcSjGHlLq{W16?<50I~-Q zXfeV=snhoQ_y~d8bU@IP_$gc_SC!s9Y__yZhPHHE`y~8^(MMQjKE8p921~em2~G=( zRPBJ6vqg3>=GLXA4!ABtAu}D+oskJOIXRbqp;%1+^bQ%3>yb#y&H@9Rk}b3`ztV)* zT*1O2fGD#Ikuc|Q-h*_vJ72tw#Z4JjR$vBSR0$zIQ$PO`-yIF6NtDqA)hAEQPzK47 z1zRoxNk`q;1yJIG7^oKc27DteW!Unq=ob5|QJxXb3(3N`oc0jVRltbXje@jBvzxu` zfy^yTwiql8?S;z{84{V=g@o~=*hBZ!cAvgaZEv%W-Mfemul;(v-;{gac$nFX$DnkpZWZIt zHuQFWLXL&>o#s96-Tpv_(CH88d!Ku+d7po8*9YqFHy^O?KgrO4DUWV6d#{#Ovl#Xi zZz)HlI8hWeK194*^$2do%rVDIB{^t7b{nd*(=AgtH#WgW9_TP++|~>ESoIT zG?NFQ6}H17E=rD~%n0)d9K|76S|o~sx&4UB#8$$)G*ghQHWXk)QKF?iA6DAw*N6Sv z!hT`c7sLK}YHaiMFZ07MT=;Z!e)w5_F%8$c9xh?jQIQl;=Y0YT;N5P#hL3KS&gbnp z7Y`xU8b{i|S1ejs+{`R=n{D2?zEkJ=lJ&<)-hxhq|ZLl=YQYV|D^7Cid=6z6KsTAzq9xExjXy(y?ySUKL4GPyQI`d&h$%4WS4ig zzPuFon+4d^x!c~{7yqEo-qz=T)HjrtmcU_6lLQH0vsm73=!7pWiS7Ag1yyI$Jlb|Y zY1^N-{m$1#Vo>2fEuHdN5eINNNL8E@G)IQN%T6 z;lb3WWEk|WYP&1i_S&|;qAiSvK?qJ+?&p$pG0eEusy)q zc4l72>eo0gi!W~5uebfhZGTbQ{vva~%v!(5>@PEOk=}oP7GF2=-|$MeEC3{|f2^D? zu@AN5U$^a}ZU0Dn=#6OUFYNQ*=riB$^WW+l`X(=`f4fAk1w%pR=S$|fl0B!-oz-W~ z>+|RKfzHy_34Q+9KJ%46|K+}+AL#x&N(jAG^Pon}oP!92()*A;zpibL=<|p74c!@T z8n-XCJ(myevn0Y;p0(DM?DEX~OkKOWWX71q!$w2%o0~|0q4{F<&Mv1|S5Dy6!!JmE3l=eVk}Aqv3(8~PDBBCl<^?9Awl<@}`vX;T+6;G1uf4I?twvrl%TdV6CPCe*uhz`f zz4pppe_gNtey_cy>~1ZO-BPx|BSmITyTO z1zX$e|K4ktx81tlp%;7YUwZx8UiVV3J-qCWD7OwT+at;bD6x&(NeqBvqdM`h8u-{; zyKXpsqSrp&>!0fN49=-#cUrl1YT2GvHow&W1Q!0Q-P(4p_mlJ6!!J zSEO%M&dOcD9&!DOYgL>RbsE7QRz~Ks~bs&0W+v z&)@du4rii}Q0bw?mFRqer^zjk6oTuo!SwTFWxdLuRf0vy&q+oNZ-!$Cl!WYbP02>Z zhA-haHJ?P{G_KHH@{Ljpvy2_8bl0;!;ucy1&9N@>J`Vb{r|x^xk+ESvmXP&0%X}~2 z4-E{~Nq5cJ$iQ%Y+CtLC^Msy8quz_R&#cCHt56v$72EnWr!k$f$-XkLF|&o&ZaQaR zc4OY+eyis!7?@wLmwM9{nJ0#mN^N0nn{+#s=N{RrQTJnYeL~ecvb0ezk7e5oY?l)9 zII?5Cp7a*>YVVn~N?SJ;(Y`c&-N0@Qk{8-VN!qoCeLc_KYhcexVR3u3mw6_mq21Mf z1;aX-ewlA?#-I!B5HjN9euBx`_<}-8s1D*Npw2*7nt=&JMKt-B6M2IBu{tQXj62xludjM|YaA<9@=U3~4Yi1nS9uxpL zMYdpj%!1Z@k}+?@OeKp-+s512ZT&WLw(~GPe(BH-&F#(3W+(8&j&@hKi`muhGWt5d zn_(N;qq)1^i-ogyyr19KunoNd_4FJ4{{D^j&F)RDH)E84YwIl~xE@kPu4k_b?@Zrk z-|OLc><8TYTOY9RH~-xFU_}xn+w_mnZf4cuu!W>|$2OD#kv4pKknDjilT&OzTXtRTy(N=3tk$WE-NU2m~DlO>`Y# zJk@L)oiA^EsxFC-2kYShg0713A>DPT@X=AA6Gs98#2Ud5F;vS^A}d!noBYIYv~OE& z4Hddp6OeUlog2Vp2{hfOV^Vi&jbhjbSPZ6N1lQfFQNhrUK`RE+*7glOI`7civ4B9hCP`7TKXsBKF9Bh z>%k_CaG&%pwL7b4W_P=X+Tr7P5bu4&DRj!YjbLwZ*Sx$vLD2}383$W*lUA);t->#z z*;5opE`Wlw|}#0FRa?I zrztqOg0)hNj&Enw-iCb>1wC#)EdoU}XWyv0i*-(ChKF+KcHdo=Gwd1?`PT7qF^R-VYnD+G8+?S{xcCq-+Mo z&kfT%Ells*!=CI5ow?3ueEq%8ph z`>(>%0_d!TQyEL-3<9G7h75x`>fE|H5{(f|+!xH}?NP?^i6P;8>e&JH2^5@Wg)0i$ zW(fGMi5ET)7tZ@R&(Fdb@$H5q4(2@J`lh>)XjS)vrn!o6!r~Q81e;aOH~~s6lDwLX zLiywN3$ePJ6Crhm9F1b2XgKRCI-JjvKT`Iph| z3VBg-|5|6a0)Xxo>)PN%M^qG^)TO*7inb-w`xpzYTzq%=B4cM)a280J1&posX26GZ z0+JNaL?cEpZxa2sSuN485cYO8)>+c~Du;j}dlEL`=sGE!gc=g+Yi17`|7&9&gp|NZ$a#vs!vo2`l0Ns&67n1^xsVpq(_K;O|>T|7MZfC6Pcy;016^C=X4!;G` zie|90_^w3{fjEF9)R3@mFPrQz*aGq^{zX+x@oUg~w+6e>H~gQl?V?sFa2?~P#VLHl zbF_Mo%pr>k$Car3Z4(`){G8LwXb3{%Nt#4OzQ}DGVAS|x%g(Ry>@-iEW5?7_#oQ5T zqcrSz2f-Cj`YYf970jN~{nj9%LA3Fd7$U1cCAuGvGeX%I^yMZaMC2(x6LznbV=!bP zuCY5lOn^#xpXeNbhWHFXTNzJM`d%(#TvUIZ-6=-}RCGqyfX_I;k5+lla}R7I=Qr3& z2e_yVqip7qu|WDWrt@nM26GM`i2%9pB7rh(&j)Zg@KM|yCJ$x`7rJ1f=llF2nyY=o z{4h(*4`mD)8=0~umFJnC5giue`f=SHR-$Z3Szuc2_ZFF}7g^4)pJQ&A^IEFU+^xZ1 zKZgLY?vSy>qGGDUg5tpwMZ2Sb52;8FkZK1f3C(#9#X1wZ0sYAhfy`7|#v%*aq3kY(s1%Ht9vSIiMI(iYG@$dT=giE80{Y+^{L*^wiIj=d$&joo%-?kU`ho)CPkRK;V3znY?E!ClkjZg&^?1Hk|a zk5Z!sa&!Ry57tts298eBew8DwAvMfTBWj&S-#zMnJj&kubQDmL)=DpuO${(m^HmaT zrRiNE62EoWkA;0v)V~ zgIPyyvV;xIFCZ4OVYKq!b>%-U7I$qp+rqFC8>D$ z!waxYmY|fp)P-3k3I~;GhY@L*NAMMx9oISJJ?&pV6K$ zm*vSBt!+G`L!B9={&S&-LENltn6EY5X_IsM^~pIsvlgGIIc4eNJO-b_5lmoK4ZF*R z`+sjMPuTS8VgJ2h-y7CwKBql2ar{;DN&7XQcy9xQ%x5}4D0QsTy;N2}oZNUmho;OY zVFie2i^EK|Cg&3(JvpD~`oo-Kh#wYbLrW`9>E<`ZH ziy_*2p|+XemK)9XtHn>(R^ylm!C^55qO*aG7zsYZcd-&>j5p@%-S$Gl`~n+rXcfbJ zU;~bE^A#OWMREyd7*dnKmka8Ss@Be^b|`=vvpWrD1ZVTTSSv#W zN+nNY(T^#H2s}(TJW2f%%GHT3s<;G!G6KfI=sb7WRh#AlVQ$V@POCE?ux;o^WNifCmQx zWs}b`#0ietK;5*wG}qAEu*}2)dxXdQx@^iU2pqfbFBTV?%`A?M_K89J_@IAk(7)dN zWV*RO1tb4)z^oXQ>AUpZ)ZRWFusvhYoHOXYHpn8y-;amzQmK`J=a%{1z|>#dMWDaXj=wwIz?dd$8d|>gmeO=_{N0qy3;{BL5Ms_2#`v; z;ROb8REA{agd^RYK5on6FJnDME5Op34TC?8HkGJ>G$+ybC4WcoLOD<293YW=(C&oR z>weSMR(BlU&W2z=ND|vNDD2>T7LoSBqlYI=WT8+RDrQu`=5Df@`R@Ujr)q(-Kv_a# z(P6k^kp5&+vS=a5cXA}a^x0lQoNVF7bl&RJ+?d{O!eKQBnAviN^P9y|9}iM472m_L z;*Xa&JD)EUbhebncy5M;D3_nkUXyt^n#AzJGI=NQIur8{``6LIt%#1d*=ham#Qw6y z4-$;w{*1BB{-JFCT=sub2iD3<6Q23mdSxA_8kfGn0ON0$;uXm?BFdWRW55-_n=NHz z6vc69TKvMa@pB8Mm1FMZX^3;LOmipqj~!m998oBr+3(Nj_iMA}iRAz~61k0?U|Y<# zpHv7>F{q=DrGX z>XalUJwaoXxa)yii zT;c1ndZktlu+{|Z?l2ggkM>fs2F4n?+CHd?xiB zqnMIb2DvnrPLNL9*~nGWOH15gh+|?Za*^j^62TzzP>6?pSD*=Ube}{Hkh-~&@4YY2 zs!_M0Jahi6zL`Q9UD08c;vtzzrc&2n6O?gQW)9l`7$;+~FPgVAgHY1%r2Y~uS(?e; zp&;?{Aw~0YT7E@P1T8`f#u0^>O?u6U`EIfAa2$CKG7UxkhAe(YL=Q}hZ@@%sDX4mL=5Nvhprbuh?ZceOoFIhTotS3%+ly`YV(mPc`}Zh6jK2QgUOY1 zuu5VOOKid6c@ds8gb%!91*!(fublZy=%3`FWBvY9fTR)KT+M!1d`%$vbN5sJ^OTAxd02i(LGsQ0Sf{z01LA4G%}u0!aYt#t38D8xNkka zL!#A6j`x2RRG{atjzoW4KX^iM0|&LDwHWV3J`wx#ij}Is8w~wTc+fn}OC~tlK|4pa zit_M8JZ`qjFe;}@?GDxLo6(shb^=_8T z1je0$*o$B~86Wos;0)$v8s-R6h)N#~JYl`eeXRD0A_6Kv4&t2v7FZ8t@xn^KbcL@* z*VO>xbXuW+r5(cry@tIfLlT~fLQ-0K{fx}87-)&b6NGGn$uxS_?h5!$Y95CIm(~t@ z*duh2`94wln6k`2YL27`u}v@oel(zKDX7G*3w2M5p9bDe*YtVg>%-B5Xl%??^3yTY z{kG~%TGw8R!(KZ*VnC?Ywb4lBL zr)@6Pr_0)Am5x`o&9!ZFO_*<@*A)s2Ff6)rl@>;w@BVQ{^U zg2UwV$r&fYUeGMyiwrcQm#B;qI0SL7xfU7dLKR*D85PXPd2dgQTRA*nh_TW!KUWo% zmFCghxO8Zw`Z^)N2 z)R%!oBLt|0j7&n3XxadaWrH1IugI~mVGRW2d?DNvEuJBc2BYNN2Zd0?B>}PB&Bo<=Dd;JOS!zUpXT*L2%=i_lahxHo z&;mgkI0*VJE^TI9C9bnc7(6J9OZ&T>;sz}x(Be8{zpuRsds+;ueXViS#`WnccKYDY|WRrrC9 zv(Z_K@!-7!^iOuK8wEE(&TPHe=mDVoJ2`Lkmj}xIejvsRh*W~0ma)<5gw7Y+ zt!Fo9EJy~M{XG+XaWhyEt@|t7+|^R$3ub@JNSaSDrh|-gBXHjYequQ!@rcRZS#Ae) zOKvtKr!Rc`XF%c-g_h^x+fEEZU=^x53oPf`qd&KR?X)YQo^)a^vgQIws&V-YP%?wH z5}H5-21){X>JieMKKyNJP;E|UF``XYyGB+<#x-X2VdVnI!>Nl8W7jVq7#-6yX&CH6 zVC=!<-tm=q3j+t%>GJ6E?10ig%FMSv4_ay77-+ovANRT2QGO5SjcDR16aA;yR}mBt zAXAME9DO}lZ7(+rfWjk+!{8PYxbd-7+Qsc^HiO$4fiB}L1R}kr&AgQQqa~F_OEhw#>Jy${e^snU?ppTjr z58)A4N-FUnX*7!I>|7TgyKe#j64;duy#{D+#r9svj%*{~DC~nX!B#UE9Wld<#lq-6 zp;at>8cxY0m+?Nre{BW99m<^82}bcodnfVvcx@HKzPy^kmNUA-C>GiX&+UUvX9(L2 zV^4IxQTAEjq=9O~7P|`r#NzEtC=zki{>^45$a#P#RHZwcz2T~ogd%+~yRytGW~G2z z3_2Xpc}V3?=shwy_u^9w1(?fOH^b4#*fG{P9fTAK2xPk(sE66Zab*4yw=c)CS?U@b z=bL5zpzg~k_o0OxEDaVz3ZR00M)F!1 zV^X~^z6Ue3QwF$=iV&+UWev3Oa^pVBsS+)amWFZ#;(740vt447jHnaV@u<)P#c zoWr~1G?Q;hgj1+iyHfVDy2*l%;t*_tK+y5I9OfaUb+*hy75`vZ9eVC&{-@#@`@hQUD#pbR{%=g76T}>V8`B%V!`pLu+-8>Uw#<-PnE|eAv-j^dwt{eL} zf++qVqq>_ZXCT@Jh4T!?xBy>Gg$ciGCfu0akt7_nUEmEBMVm;NKD8q|1Ev5mmB(W- z3RBNh|Mb%uKb6+r?O2M=q|4Hc2ye13sVWBT0tp)myh0K3G#fpEE_6-VcZc)Vlq>nS zQ?KvvFzUS$Z1tsj$8b8LcOY^V#Ft?Yf+TUKBaLT2C~=IeTbY^H`F=KM`UcF%epLGc zd>-dJnr9K!=YKc$yL6_yS3=U1Et_(#>-vlv;`-56%m9P(e*Z=6CsjKr0+#sOsO*;a zf3@-3;)~H4u1Xj#4OxLyFLdXlcu|KT6Eb7i@V$Ww49TpN|2}te$;U4r8^$AxP6IrN zq)d+hPBh~5B{RpVFE1n7cl4SHg?x2e!;%tI4Cbjw$Lt=RiK3lU9b>ZcX~Gd1BHkPJ z+fA7!Ue9$O_RX-LdS$6n|CE-y=u#TUvd77XrF4-gUP41zcjVFsTDc}T^LO#}{GX`( z{0ra1iR;>xj07FiBXpm)7wYP{`PK6|pZ7KI-_kMcNE=aS%NO>Bg+PiFrgFn)<-VHw zS>KaGJuDhcBa4Pb>vm)w$OTkT;Sh$&^|KW6vpAepm}K6ZkQL~5X1*WHFdJ^5KiMW8 zPPajMy)_}28ppi@;J!Wj3K|b{uuTtP-IalpY^R16`=bejNIYfQdaa^P4NX2c0Z&gZqtVch`_yoAgvbYT9IP*egqa?Caf z>Np6k2kDL~e24Jz!8||V9CGo2gcoAqLAy)m=7krnhe#$JpY@x0B@;QVU-DaQ>PJOz<0E}N6~IHAs^qNN$AU>(#NR8B3~%p z5}TX#{A--gt47FAa?@wC4z}n#o1uUrYaLAR>}vGvh9_OBCw(J4=?HZ0o#&set6vUR z&)jhJC|!M-b%=F|0eTe*qm5sPF5&KcN&@z&nCEHm{NIAXrc8&@alLvZXzk>5gx1bc zYc&~KvCDcoNceUhA07-~b%s{+s`+%fubcZ?oqJ2$MGtP=8Y-J~ex$ijEAk&ko3SWl zE1kp)0Rfdh5dCfPb+Nfv{WuqHy3-H6_BHx2XX=Res1E~^edu408H>?z=+{UDsmT-* zJ}D`bd8nL%Sac&uC8EO1dc)6((FOdZ^MlDXHQ57hC)EwNU#rLF5b^|%n*T7Bic8Vm z;VLg8!QqB^qmOB{hOfeO#pZ|l!8QBr75@T5!i zq;G~N9fmyIdHy-NdTO|O+J>vg>FS~3s)~ek?)?%MKc$vjyW!f0xpsiA-Lc`?Te-Hc zu06Ej+OAw%s%uYgxV8n?X6xD^#r5wP;aab*on8#u9=kY5BJq?xK7dJ7YK(LbFNiKF zqQ}FBJHEbPer8%lQU?Cj28Nu=5doqA(zWA+z-xpOcNWTRmY5j8ZHVLC% zyKe35`i~w5@vbr4KH#IPt}? zKA|A8-E@sa}YWpZ{8t1ik|9iw5H1}AaoErJ^RIWtnd~` z{bceybm3f2mvNe4kQgkg)!G5nMq86<0lqQmMX23{g1~j|-5->Q=FRVKwn2t}tKT|Z zV%~@t#W!ep-ra$5MZIeb-bDX*r|Wo-fk&bl^nWzj73pHJpuE>z!Qc?9!Ll$kIrLpz zsByVA`2C@`I9SBd1(dJQ_@hZeN`n2@Z6f@!=|#($*5KL^BK!HRqL8%EmLU|5@?zdG zjJ{+T`4E47L5zLRIGw)4IEJ4GWGhs;WV=NQxpYg8hxn9+h?yKM9ibledM)S1!j(XyrxLU7&=O zYO97|fc7q6Q`M6IGzB}%7&q{u=7j{@8bp1AkYCs zj1=*rLYB*}iRdI0Wq7!dhM0Ge8>!>GlAAw>!m34G3zwy&JYK0AvDl8;_%fG%8_~HV zTS@#-ITlC>Vgb;EbP9Y1$x5C!C8l6NL?x9!lwWSn zRq&AdvyGp#>GRe-M|R_w*u(s~ZO4DK@sTb)%DE$1VIf(&#_HY7DNPaARv=v+xvcQa zgd1wpHcin0qoWi!t*A>y>VOr+hv=6bK}_pYBw)E+IA!jK!+9m_mrS`{4(H=xzv#cY z-VWCbVIPNmGI=GAy8dP(Qho(YgPX)0#CV8_fLW+ba+CRl*-t!cxHc^wjc17@@jb35 z;RtZU%^pv<0pVQMyom=812@P|i^QNvhT#VYrb;+5S(ywhH)+%92|g0fbHr-qtrvfbo@-G(RWHX;1_T0kA3kD*l7lrG%X~t&Vgt% z%^C(q`Z5yaSrQ$SJUak>(2e#9+}%O7sI^_Rn5B$~4FOLm3o)2qFt{l3VMfpz_I8$- zBE*5|Hr|d^Ei5^BNz*Zp$F4Ew8H&D;h!z!r3?%$i3mqJ*Cl#pLogcTS`o>idV*g^< zT-@ir+2>v=cbz}Oerqf_q{tQXtuc345s#6|x5w-^X8X0Z&TTK(x-OV)zdqZ)ICTa9|pxs2n?`C=|`;a3SE6gl9n2{!fg6|2 z11_>1i_36-$VzQo837D3xRT8{d$23FJDJD3+*4hJC%gPpUF6j^?$=$xZ$?EX@feoR zSy5)_47~}Y`Tnkv`?~D?UA6nV-2Gk2 zefeWabwC3r&0|^qik(3iyrOJTYw$fdIS5$GN;Kc@7%yWSO627smwoBx*xnQeSCd2* zHM|VD)n`XIcenyK^3Pl*(1yz=Ie%hsw+f#b+-Xn~dq8|3Pb}k%IgNIn06Ht4NDxpM z%^^C-B;viK#LF^#@&(YsY-mcC+uhc|%AP{I0o#_XVSNn=q-6iH4^vBy^@5s}_lot# z6vAh42oH7z`i=3>^^#q<7-J}9-gMg@0gI^gSRgb5c;KUJ%cX`c26vQgHd~6%=}B}X zJXJcktb{aP#xPeef|C=o6aHj7;}Vf{_a%KDc;1dxq_726O)qBBS%5I#$c^8F8Q+b+ z5Oht;ep#JY6ximl#XDxvy?PZ+IcA}e)AtZmw?e|h5tPgqTNL3auh4v$^R0)~#-J1W zSuk~i;!OyLFP;QBNjB>Y@|HA2G7)HJg0(%SMxb$oMO!L{309Pkuqz;!;?!b5v4*)< zyM@}#Sbx@kP&M*To9I0GH9u?Ie<`+HM3>zvH2f&|3G8y$m=a3XCaE-tyb>m|r8pxncWLDN)4{^KqWi_S0fb!# z!!B@N$}@c7DaZ>X=J&KHaLO9pC-{PkniIK6!^$Be@JfamFBhEcNyOG!13QBsx5?oj zk_5*=<#I7uBIU=!o%UnnEa6wXOLQ2*13oMK!!#S69wYRD!@saX;!0UDetwM3e=NEb z`z>~%{r%=$1@nTl%kdUXxCfha<8UZ{OSTxlF=HvOK~S8uNZjVAvAJcXyjnn z6OKrO*(cF?gk1xcGvuOTr<1ImOb9f|Q#P^2vg;3v5Kl02nv(?_^a5UDnT#hY9Y#Gc zGO&&F4m92Ia(Cc5Fymj7ib|Z25Cr!EY{2v~A+6uA0RVBCCj~bvR=$ar?0lHkvbkZA zI=d4PL|ls&X%A72!J)&>3womEcHec9V&FOp(N#bVYhJPiJd&;80w}b^%<(FwOkojv zyhkrd#U#>!cZTk*`LHEu6-R6j;#3H#OgyO?;v3z2Ry*oE?7teC>PsP{6e59Vttt1C zIDpc5<>_poPSA}D8#uL${#@t>dot1^*E8Dt5UDKzrynI|Pm(m>k(etIdtGAhOyXM; zbBkC7GAPP=0xUiVb~N7&-xu7KiTOB_ZOjLTu1n&x3h^n3W_)Y-b%CdtRY0`)-sD}U z7wi>DVU?cGH|*Q1n4Zqlj5(ta@0Hw;bVe7ihA^}R4-1F;V^0YWKg{pQU>VV)IX|Ou z<2Dwz2GJ(n@H8w-=94;ju>x@A@gY8k5g^)hqyBTJ!(lN&wXIdLU=qjxH5<;m!hW+A z+_0Q@8G%`tsS>`JR73^T2JC!+BOwXeXO22qAhQA64|>-91j;bVKTYH(7MuKdA7c`b z%)LpnZ-?-_heaZ`O+pf@qHHO<#hO4j0s}dy<>K6-eDRS0I06u2I+o0Vc}VHdofUbQvZjbbA|{w2q9gt z7vXV~Jz#aBG7);4yIWKai1_`aoA&LWGG$Or_zc%Bt;awwnCoe zMT(p*#tE6TEVc=n#%CIU4>V_FH;H`@P8XF9+S`E^C`$TBKu*KoL6um-9QlVp9nvOK?7`ciMusptO+$peIJem$=Dg;ZU zJG1YT5kJ2(;qT1XpDO-#!!(KrC}cu8%>iq{B#WHva=mdK90{q1Ta#Cr+lNjr2fMEm z28_c#mF~u$Z=xGAQ0Z7a3a4RiMJyrKMDZqnF!8kjF4c$>fSOU2#NZAk=KQ;%%57RD zGZS`ya~FbF7ocPAGs=^ruq{myMJr!pibgxD3mXS`Ev&5hwBIE=Ynr66k>F2Y5>{0x z7#&s82cXb3`P|309hi2d9SZ8vWmA--yM*&RTpEs!Y?8N`=%})$1h$zJq-i19!hRPT zXGs9+%xs)L%US#oRHe+xK+{xegb^P}{39C?Cu%p~;r9~yx$s1ED3b$1#2WBDm+39&AJL{DYT!_L`5pw|R> zHBqX=e&7zA6{;C^hwGIAT-rtui%q@1woF*WR3*WTY8Mohsm|;{l_-THq3|YbXLJL( zDWIqhsjitE?k&=w;xn zb*-T*T~q{A5j)3={i3tv!C9o zx1-#Fa6@>ApAUHnVm8-8j%`|!j+gSfZRQ!X1`~^6SNg6jxH5LJ;rdu09a3Q-OJJ0C zL+^E1_wha`Sj=ugK?ekDz+cN5wL!ZCUzaR&;xjR#Z)WDP8O~!Hfo3cyd_F`33Zp}U zep;;yec2Ihk)nfjU_^cl&al&M8KMZ!mGtL;6g{lKDl3cG39-FkAECyesimJ`;`09K zbku#VXk3UC<1f^Hq0kTo#hC#u(BF-AV!H@{vr;;s?Ec7ahYV!yAx^;{@PK@ry3O2h zR!BUuJQ#In71KMF_=PY zgkBD5AebcnpqodkUaABtVu4}^PqdWpHww2VB9tSB79mxhyEfw5^m+IcGN=K;*}BH^ zbqMRBg7EyseY8SQ(Bs=gDrnqMs4bAmVwA)cTpSg`2HMVnv}4nYVA7g@C0wiELt}@2 z5s-&gBh(4Y33g7zKR6xfVFFcxY`W1)&BDR&iMgmp&}-<$zHQJ!m6c7pPXOd3SfsBYNiVCj1iZJ1Ppw z6Lcg^H%UhQI;?Yn{40W_8Zt4s5EN$vBroB1dgp(a-ld-^S4AxhYy{g^6}bFZsW5H4 zHTbUCf}vp0k4)GcSY2xmG@M%;E7u+m@H0Z-R3wTBHmXfzXE;X6+CCjJSd%FMg#)W9&kPVecyv$yNn z6zO)~(|tYEb!S??#?_>6Oxx$Z$XPVG3s{DyaLnf@bIi2Qqnwv;^x+$?QIWrupl0#< zWL?Sol#M^U*lb!{UCk7T!CM!+gsTJ10l@w%g44NE)i`HpD%smg!4-n=518cC_7ndW zfH5q*b#S%2n^)NIVARj4yh*>($2I1=Q|N#n z!dQdMe`##zJ!Sk0elcY>H{_T1J!`)V+XA0Q6U4bF#f3Bc1GUbGl#kS%4g&+T1-7zIC3-bp6)L^)pxuK>R$Hb3u6*V1(tZ zBwB+~H9DH@v#y8R*NwS5hT1iWzZ_pOd1&QjY$A-P6i1??764+WK-kV_7b>HJodL@T z%toP&m%u5apsv=Gf>1yPc*VHY!a-xczj!1es*I@Syy&$mWb%cQR5L#yL+yjQU$m95 zu%=B60z_mV6d|f1>9NW3Oddpp6fsE1M~AZ638iI6#m)se;503p4KAA~6o6DlEbs>q zkLNEQw-=22?;Q``Gfw7TQP*{LF=x|^Bt>Z6X?HiblToJ9A5R_p=El z+#3;QnJ+=<`Jb(s&)0&lN#iK%Y;-iR0Q%Z(W5Mj0d0@={^%!Egod3OA=|?pu^6~8} z7&h%+BvNWfmJCTDX$`Sw#7Vzek`UUFGa{w-V2~SxfY?z#M8gK5Yv%-x$j2h@fpi3l z8SKoHf+0f(f#gzp%lc#Jw;;Xb+=6)zN7*^#xG4(OCf>Q2Q80Ysy0GkW6AQg!fv3nB z99s}+ze8xL32@-9Qxo8{+|Sh<=gPsZU%T&L?CMjbnxe$+GPPvxu1T*`Q{wd3w2WLk zlyDPRmXls36W2IO9JgS=Tp+lNJJw_HRODFUeFpB44t^oX-pNAAZ3!}8;S5cS$|U@1 zkog9G6~7#0zOFL_Ywoqd>&+?2spe&64CvBWd^?vVZHT;#U6P~Sl3jp!pzlMWeIm$R z6WYyT?u((lgSi()!M`6N9x&evi+6|qT}0`C#-DPz&zTW>BgBjLN-ehunuL0RI)=%m z>bvgOQQ*~N2i;NYIuLkkr-RsdyNP2U#DKAWx#T#5FbnzY={U8nbqy6d!@ z=dMZiJa=bz3yWQSuPdWY31P4K%yrG@U#xehlpSO<2($OFxU$~~Ge6+m9`PTBnV;}i z@%v%sUY#{}r`h041;S0B3I1xzkAr$)aE4P4ljE zqTpImQ)7U`(LF!UNrkP(|1X-*xaXc?+;6jPCD%8Jku2?2Vk|*@rK@bZ>$FUt+WpzZ z?w+bE9e#A<8ZoYM`)IK&N*wj}afR`eo{Vw+T$KHaIO8uwnJ;mUJ{M)S>U?{YxkG1c z@gR%88v9>ILz?}s*#8#i(zj#(yE@+;`#;bbS(y&BwC>Qls2$_*vS9u5;=;jy>=%e1 z@g{V~7@Jv{qtQO_Hg){s9c(Zf!iXV^0bTW>1wmON0;>CdBA@d8Y&m(hoE-SsfE!{5*KlV`>uBUBi zr5)`)E!@J3exAh0#5Gtj&nP27+rePE=#eh9VYCdHJ<3sn7-l$2T$F-o*Uyc1)pjw@ zMOUtIW$emmJBpuR3b2-HjR+qwc!62yJ)W>9Nk9k>CDEF!i=(oSzV;sYIKCt>Klbf? zKAEP7B!ltzINNtiMAkIGSB zpimNmU&)Jki(BiEx@4}^8%RikQHp?mTHthUeUep%Frk38;dp zg_K4TK)NYo;CvWIxqKWrz`~aWhiFbI#bi)ZemcI<^bGSLVjy6?!IuS)Miy;|8d?hz3cMDvZ!W|`Vorg;N zx!&WV_1y{+5IDQOJ7WKHaixYFU9ym=upcK<97h>3kPcq|jGUR!#_Zj}o+*7wdgbPc*cdLXhJHP(1$p2IHe|xNOmyDAvm4C=3 zu&=@vvy|4kyVa+^He7wtmDGSg z*1JuI>py5K4_SZG3}H`w?^yW5F?-*b z|I@L|J!9eBWA@%L|3_oVe%P@g&?fQlLu27D#_U65!Gq!}iCGiAh#$c5ZUnPg_&%Q$ zO~mZRSFr}djeq8jP*r{U{5krsrzV7~{-@SX8_GGRxFuDmevVo4dUS>fi{on`me@+h+eff$8*#xcEf{%Lsg~TJRhhA z?E%3kPC^2i2QGg_i0OEB(EFBDjQm4^-w|=hU_uNYmiHnu)Z3H+OJ^zVIoHfgeU(`` z<=v;Aq^*3xnlHJHU2QgkNa!T5F_d?g9BB-BMgFnVJJo*5s_oML99&S(xAyU_72btF zKcc<#Z4X-WI~(?yk@nk0bq4r4W`2h<7{ICYvN3uR)=UKdKV(RGCL5F$UbXCfo(-7c zW?Q&(?&`a9S3jA%`qkXkBXd`e&t0AF#7t^M-AVbx_+)2+ z$j$L#Qi4mi*m)|`d8+7rc&DeZqTwk}lb(usN>jP>QvhGy`}}TCIU6+q#*S%I=roYS za_t9uycY;*v7*P_st&z+fpA4fNL?HePl@zdSU_s+U`<8p8fnsGvkuZKu;%reD!Y>Q z%nWA&or*=%YsvD33|2Z!F0DC&&);flTf}w7VjAny-odz9rQ)J1+J(ZtgybYNr}V;#;4G=F;=MhSyG!ucOZniosePb*)LDa<(;byR?c9|% z*b6&^t_V8!T@K488O1muAQJ*97-}}6iEw`wMiNY--pxTvvvr`Xw9@fxHIr_1g08aU zuG2EDw_U%cqNh+id>uvLcjrFBU?k+osU|3cIbvs+&tT!GXr2ztnn8_?xU(id-(sKKQW3UI-@*)^aomD!2H9I|+# z_TpdB?DYt^-Cn5d5`y7@O+xlXSEidoibg{rndY;-Y48iL%L?ne74C2&>`MF7j!Hjk z5rdd`%_# zAxgQ;5s|CehYic@!&sEfq$v^5PYPR+in!_FM4ClICy^Qg6SfOl8pB!?|B5ktm{ZU( z__0_hU1A@AVL!u#^)i_8hs z$?0*UoxfcIjZ~EJJa@gsm4PcuijdMQqg5s0c(Gb&K-UHw8Fz-YEmk=2F5~byls89b z{jJW47EbF!cece6_4-X~U*~N5%nIUfw4?kziWIHrT?dQCkS6xr$?%*>d*Nho!6dX< zV7}4ZqZZ-UO>>u6nA0Nj?XtO-G}``ok-3;WLrrt~WU#$u&z`hrsfllt%`Zr#!Dwt# z_K+`^&DYEJ(%Af{$9%qQzE}>vR5n+zX__DRn4kC9O`4A{l=T~BVm_m1x0LNy%8Y2I zUL2OaL(Nh1rLz5E88fKw^_c(aF*lXX=gRnQWq162RoSi#C;YkJZ!P<@>fZUC9`l19 z`)!%h-cmN7PQO#@om~?0a%;2nWYdWn5RQq&loSoTn2lswvzW5%C#)|WvI{-I&k|mi z2a@1o79aNT00Vk?fCTOXM2mn4fw!z35bPnl77SKEy2z>sMB@ZKVh-sZA|6ahm{vku z!S|@ch_yKoujnrfG)Qy`n^P$%fF(7B_E}k6^fxF$E+^2rT*aeEV1TYXGcQQd%*SnL z8S;Jy`Zu>oD0HjL5tq&m_@iCW%9r}o-@uR;Wm51ti`S&a%JGkYUjEj^biB4 zDX0c+S;zq#M`1c}9Qty{jz}eRqVMATzNg1r*5hB$V?Nw6A1Io4_XL-yC&9;C_ERl; zRgv#`Uyn~6-_5W7rKIES8G{9cPX*cYg)Cn;@g2+2x27E{;0m5#{uU(#cF;Z?>hV>p zGKErWvCy5t7CR@}Cq2)57=1WSQ0{R;wfQ#HeM6g^!m&Q3x-o7L)g5lNgIlcGYGYTf zbR~&6L6HT_J+sX72`)t+-z}_nVQim_GK64{%o#DcRV3L*AmwBX;4(B2<4(TH-oWgv z1rFNs)g)K~mS{=(s*PQY=Ly10skSti?u$9EIqf}=eyW=}0yeuXCRAt@gu2R_G`AO| zGWv8!=-wCD5fZOApUdPW4VN+GI>EDdMRh985Zwom{nqh>1-^(V-B zC4B|8E(#7x>A_P|Dj7~&RI)E7eM8QTZ0sGHZdAArWt`MNN>@>M8_hg*DtbrO>s{uZ z;O;8o=p`5;9ym5TsqPuEqExT)#ueCVR<&~Fio4a+w}|q|x{^J-=)D2FCJ7HRQYb`% z^0qDFCKyq6iV`%u5JcI#gk?)VMd`W?v^~(tJ7VwZ_D`&n^pgos-~Qx^KG{u1jF)cj zD&l}?a2O8gt$Zet11^b{ZJrg)7*yRDq&Dv{yu#PhmLXiyC!!3#{izJHD$6`KEZKBe za^3?ePMFAYtCUc0%9GxAX_iS+Oi8WL zPn#4e-QF~JG=1=CD4g`!W^h|mIO*;Qd+$VwlRnq5Kj%yHzS+8F>3^QR2NKJLf zdjYHGfx!GaFh8HPKb;KjpESRiWOlUv1WXdZ5bR9Lzlx;;wL(?&ftBy}4q8vS+c|zT z>-}pd45ysaF{Ov?AvT_v>ngk?Zk{>7zC`P0gen|N;*C7c5tWfYS2Cd_k_TN@eVf;cw9@i3iXSjSsW;YA49 zOFRN#SEcu0P#hLHJ7DYbP{|qq>GuzgxDtNa`@&2Xba?tq)n7w@^1k2HCfR&Fa9NR`X< z>`f)}u~P7%rukAU*wV6hw(M71j-k7$IrQmfn~1?;)lo1-NV!R%j70M2Td~AuU!7)u z0`8!=1{6>`31r!bsSMyq^Sda!l&wj!!uenpeuKe)=)pkRk$f3Z?4r`E*<$DvVu10S zX1w6_HyOx24{J^Vdy@ZMJ^b%F%x=0STInYe${qwAAP1+u37n^42%qa_Dt2XQmOZLJ zKQ~i5&q$t^G%BSkM8D1dgKao^GBo!!_DJUccf;I^r;T}=`DxwUPl84TPR6?K!G<}% z6}+ouFK*e3TKS*U!|&HYdZpxvM(Ig~yp$wq8j=$s0f0M@QPs{vwg*ZW&-A$A=+rND zhTtpp@M~@e*vi}SaMo=X6SdZr)|D_$Ij_G=e-#=dQ>g)cSqFiF&H{BS=yR1m=fKj? zTr$6iz8~U0`;!TCRmuFVX>Jg{xLKpHd*;J0H_Qzh1=&vr!RH!g+eGlQ3G=Io;FlA) za(%e&UsI=-tSWK=W|}gR9f&9>Asq!|-77F~tFj|A7E8U0 z(T#9>TaG1(ly+*3;xpZtWnJla#t(SOI1F8JW0!9vtnzeKkEF2TXMSE66r9E`xoc|3 zzt+t*Ma)SD=)VbJno8;YKQk)P9|H5viSVomd;Ual-h{U5TqAg*UV5?)R4f4>Cm7IU zMrX$aCb0HeS(r>hCYrolXxeK^S>7OcAeP_e2;_ZSiPsk^r&NhSL1-U9Id#r%tC=oM z`4w?B8m}DLx!4~o>Y#qte5pQ0wEA_7r5UWmoIY*epM(#N+egOz*>M<*2bS4iFGJY# zt7ZN#mziHJvp-sfN$adF-EaMeI(D6fUnl=0UZlaEX}JJ7sS(fKs>$El}! z@Kcxqh68gO{#sx~;k2jV2uD&xAj88v)|VMr&ZS7vrn1o55>speUgS}gYB3OehIO%T zoC73rm|np*3S8+wO^{JJqqHjYKM+iDCvw5LUu%P2f5O0FVOSmT9`%#E#_c!9{qKzj zcaN83)?UWslM~x3WQr)}|AFms=tM#&No)b?N(mtcDL( zS&MziW%ber>a0cKs70`=@P+&v$WfI9XEJy@V=CD@v&cZ|Af>p6Mb-n3(pnm+%*%O` zBi_;InBd-_E(B5Nm_YrEhc`JWC6DNkP}?ur)V0MzYQAljkTH`)mAqN^!sesafE!cD z5%`5S7H}UU>Cjtq%9%kjk9NpIbeA-X{6KOm)`nAO@w$*8Tu^T6kgQP}VL2MNs9)6` zW92eEY5N_4kq^h9oJE=)wF#6td6EZP11RkJ+OX=6w|gV!p6*wX5rm%css@R$ha9Wm z#IMi9!J++*A#YMUzPKL9HScUjAietF+|{S%uD(8Z1(c-BMqV68X|8a8I^nIm+EcMq zH)pW*oxITu%~_rg4|(@6_C@h%C`#Ejdx9)$k$`EGGr<@&;|b|F$h|j7IX@s!QBVsO zQBEmYMlcVnY8(7y`u}9V{a@4ZdK93;{%hxKi@WW#^Kd+}%Pw#(aF&gA$JSc)`nz*h zblVmK4OKl9Tx@)K>}rh#zhg3Q1jdl-?4-9g2ufIfSj2gkI4J-?zni)9WPZpF`$RY& z@ILJ4ub8m!pYX4o2tG8CnkwJqM?7$>R!3o##KIG^X z1LDHA0k!UCNqAT+eC%Z1`w9=?XamG=wre&?FOYF%sw0?i*K;<_MQ=fda1&;p{5i5C z;XI#nFhcM&yL4V@1kqLI(H`^r9(gwHw*S1V*Zfgt#KikBzuFqtCpvFF2>q z;4az*-(%$E5#Qm$ zDs^w*oslUBccT4gbaE|5C+EFBgCy>v9`ds8HlH8wQC_0Xd|sp8+@#)+GU)o=;A85| zJDc_#Ibx>0xeL>ORvytXcka#Rp3*1jjg2=4&)pQ5&B3TE?IwaGEI4MG&@I#P)GDOk z_z21VhBc^6!D3+vH*lF8N^p&f-(x~D1t|jvO8pFO7NM^M7U~Uv@4_GKm!e=YRQXOFLWjd`_sP5i1oy}}00C@ew$pIyr*%W<3~hO_?mhQ|~Z&JKX~Y16o`Od+QUq>&*} zn-<;^r7T1&naM$9)}ERwP1K*HO~f9{*0fc*hTyQ%5?ZG2EjZA-69+d0DD;O|CSVwV zNkCgcJ z^$8J&uh%~v**yD2#Kx;nI3;?Ge`0i!f1Zg>H~!@&daskXEAp~?y`pI>O<&!&)2mCm zqrS_ldo-&#W;Mn$XHgBX&3hl#N?>(DV7mwV?!OJvm>rItxR*;j3djo&au8+o-c(QaeN zdt|N+jb?a~d5-^F|2eLm9c?WlupQqs(QZqTyEYs|TXnUyy4_aGJ6+5G9dh$BSBAK( z`D^?G=Gs)dJKA24*$r*4Znxc1+Y_{1QrpRBGG<2o-HvdyG?w?S^plM(TKemxnadh} zR?EDz1=@U9%bbo#gI_Ob8N>)^WLoCEI=>Iejn0?1!Yf;)O)XyDLg~N>(vz={XiwVJ zoexa*nVD<-p2X{+>p-guLrJi2Q;f0;0k zPjL6&Cd?nxcDhrAN{hU-SF&I z=^WZ&%t!v&n5W}?ho4-CN0<3X!^~xye^1R^TvMa~^ZuH-LafpUYUWCvH`UD5I$u)@ zud9_lR%3ui|M@tlV|=HdoW1K?&a0Vsrf<23lviq%_g<>=j<<%JYo)7r%Uw7#;x4<> zSDsNb8`I~{shM;294%g`^N#ky%W9>|dHxc}IKU z#kJDAd7iP9%A|a9LGVi~nbE+(Z#Y^WBX^shY^#``Rm}Y&d45?j4=AGTgO%{JRtepI zUqRPXBf>Bz$LE4N1&XN3Q3Djb2mIvTiuqy1{6vrcv|@g)$7d_y7WeqCd3-uE9!yw{ zhSy6I_fB%-k0&7#woL{U~-gJ>qF&vP$6V4HW>tsBk z4#$WviNbN;{l0RXfWF!eEjIX*i7)f*`+WaW-+!MU5|@iv8Fd7SZ{GmBESm>;vA{$% zr7dNc6sn5o1K9aw2;wvYyBHx94;8*jJ_L7hYmvbfs*!gaGLAN-pAb0&egkm|6exzs zcv!)%E1r%FEu^_G7J9HJpnp6@x1dX+THKFPtl#fTieW(#ggNRiS(|v%)84b$n)n~0 zE`z6#D4HfG?khVoMx=}=K_+d!<2PU>y?=Gjbe_7`nxEO==hpvODv_uJqatzUr(e+K z{!@E5G`BPqV;~UKNhaSd$PezE>-Hu2-l?W(TJb*l6KN>(gSAx^u_=MOv|YlFO%Jw*AP@aMH*S|%bCnIQw*FPL<*aT} zp@N(vrmH~s2q}~>IQnkGey4#A8@matT?LbDIY;mcYepFGjRfO$G6f1}LRLo;JKf~# zr@TAe*E9K&mO&5schy7lMlE*{ia_N zD5_cdVn@%hj@MhD0UJ-ZowDNil2p`+MTtfhVo)2YDDeSDiKljdP~v=Ap^XY=knbQe zy-BP76Fr!Y1fRx{Nb5JXnsh9sT!nFqB4{TX8_jCEie_kg!-*${-kJ?wKLlsjKM-mA zU*}3^8g{jFb=?}rBj+@ZpyT6A?5#P_JK?Dmf$G%rT&L*HoEmR+*LBfdk9E~_-}zM6 zsZtOXV8&as?>?DjUo-ne%Q9jLWNw$wq6CbR9tjWV%WYBxZb?;vh&&lG{a4S9;K??p z4n#>I?+K`;=(mkFX?;GpS|q)M763gM zaG6sHE`Y3GBg+TA&zGsvzKn4~=n__426Lbt`oN85WfyejyfwMywH0Q0c14W@bN=$u zik$bT$z3XS-0q5#Pc+fN&B5hIfy?SWDO~>8_@8Q)Zfyc0!YR*4vGQWL=OL**q`LsU z@Ke^*y5LecbE`?6Zs8D%-kKs7e}(1Yihge+$QuYug0ma;tOnYsGaKQ%8u%ak*+s)b0U17@+2phOysO)N&i|?&KG@Nd8P}tlx>Zo| zl-(L~-NOF!NOPDu@_*?TD!+%>Edx}7A56P-x$)bIKdn)ON;cfqDE*}YX3?C!aOduk zvDP#k)}dQ3YYWi+Nk4~NKZS{F2zJ+GoONfwwAdA8&*eaQ*x271`-lmCYs{m@{x_(s z{c6R+Vq^({+o7TaPhdI$m7DaLoq;;Tq?_dx2iS!Usje~( z-)xv$b|?i=5k~pfx!L}A|E@;qZYlewAb1=&@2t}*>;ljm&8n`i0j9gZ#xT$2_7@es z`)%gK4Rck4;6uCb0$*sDYj=FntqpU1J-nt~eu?|4m-$;8r7w4~5h?>T!sThmOqj!9 zNH&W*f25*0bflTu5%{cxq4$>uD^LU38PBFl5noaehbX^F%FtvZM6r0>n54 zL|WO?`sx7?i{2G}W**e|y#ECdpRAjW0>rZ#hz_;9X8cEM;cv()?7%Qe9;=tm>vZ&a zX-7M23~@F>Y&t8=$cz7XAnXAMi{4<}TO?5pmU^g8jwkxRH~4bz1*Fu(kfS6L8#$m$ zMT!&!ucf4b5j&DU!P^9st0H|ViyMd-^96Jw{pg$^LsQdr-@br$VMk;dWj0tyrNIT> zo3NsiP)(NJB7!hO<~2=kaKbwuoQ_a9Z9hi`AvmCES$+23XDv2N*{(7-i?DET2@^ND zB4G03DLWlb`I%8*y@~BRHc*(AGLl+~dnwNpW~Z1eKzLenK>QHYxef8{x`uEjxlC@k z8FMU#@X<=P32CAZTuC)-{|C?19EQbG#c zTR6PIK@8D;PPnhyrb0K+Q19wQ8hSDA~Ps6QF2J^Qfx2{= zOhFE`M9S^Ft-!v?5x2@^|bL*~m zFUzie@G0)B?_8hphRbeo1@Y6`=ZW@t)O!(_s1Dap%#hoy|DQIv9b^DQpno8EIDL%$ z_%~L$)SB;G{|7esetJje*Y6>K!rsIN530Uh+Xl~$@cyc{^ETBM`Mb0k~Ff zSDl#-5&Sm;LLf>8GB8hbI3n;T9F7RWQMY^+ZWppm?KDzkyUf)%ZPD=R#+)FiIp}>! zoFJ%{HIB9v+eVNsi%N&W^kFj}#%AM^e=fT@S$g?7TjGNd)QqKYlqZG=tPNjH&=i!6 zIf-Uu;Q8-PB)zkIB~&W9jdp?i)|xB3Hw-jhfY%1>9ozQ8EPcKjAi^s{IxN4A4Mx~A zXDy8Kmq;gdqWxLej>Z=8j45xJa(siXCglp7?mDfnKE-t+Bhld)^T?Bl{VAc*FMX z)MkldMp8M!XkaD)TU4<~;H0J5-1cuxmmj-T>i23NXqfJt)0v!bj$v`S?b= zdb>b5bY&z%!C_)cG0Q=8xVM!}7dXA!n)?vJ+JG{NK`WzBT{zilOA<;W@;H*GEY@Rg zv%*0Dl4)UxNJksT8X}Q7EGG`*Z~-9xhM_ky;!Q{s%n+xokW@oxNnrpK*m1LIy7A4s z68uy2Mh38UYajrE4v<#WM}KlT`-k%-C8`hJoER12RzRrc#EFErnMJc8Zj*Io-Ia-~ z<43ZDzY4{vVAU7H&}KMt75{MS*xLbbJ+viq?r*Xi5xi&?6z{t>Kypdcbhn;b;+Uva% zxE8v(pNGN=gWwOCNcq>7&65flePZ}r#6$&iBO4T6aGgC|-&5dw8ju%EM}+EaTHdt? zD-n6n9IvMt(zj?2-D;L?(Na%^L20n0g{~$=0Z1PBHC^hlyH3j`UDtE+8>|lMs*+U4D`R9rJX1?n|1f!^Bn|?uvj~udqmnxd`7ahAo`hHB zRZVDD23PR=Rw8RyLive!OmF6<$lMqt*SMS<{J7q(HK*Ed5c+i2TRu=y0_ddA9FO$u zz8X)(H)IdyM3x5|_l*x?@jo=dWNsLR#0t^%jAVO) zUb2{lJs3AYSZr(r+v}`?J5A=x(8uKT6?;a40I>t27ewDmv%A$Sa1)#2d8VDV>PYjJ zK>9i(TZJTexNd*LAQcrc3n$w4Iv8M(lF4X1pb<;ejN# z)Y3yv4i(JCgh>GlD;-#9CT;DO&AURl6xL{J;uqV+d}KQ~ypNdsKZUMJTLf<~4ftRZ_PMF^?Gex*N?O9y z)q&66sA_v8JS4jZ8$nFiGaGLUzv$0~W?NXDMVPu|If}E8qZgy1a5{n0Hd9%yN4b6j zM~=f#cdhZhF86{c*w5@6+up$bt`z(RV|n{fDfk6}o#O?jrG=Kmx`8yV@wc?D1NN!p zVQYV*-AZbvpcwqd#t$>O=oOaRRiq$@_%(TyyIDNUfhrI-@ke@H$P-}gdC805h@;?g zKe@s;W8tWIg?%MB;sbtirEfl@FftJgB6yK}eb_7Fvr98QUoq9^*!3B{wkBa=GdK)K z&*wSVI!7e+0>;k?K(86~O9d^BRH&drRacZd;@7%i%~SRbpadZ=$KtK0_jpB`@*L#%fqhPzF%L>ax~GItMcW5ra(vTxSHY_y0)LrPs`ga`(l7|yq&tmZ`k;p+juX#u3P z00pxb`^{1)tzkQ1$K{xu@ZgJlBAcS&wru6f;w9m=IFRwYf3ya;w`LYfP{CC%a zE94dOiMqL^Za!U)dV?!!#UI<^AFIV5R!V=Xr0UtSHlvmb{~c9t$#~07`mJPg#Jhxe z&2q1gdM%;c?PE2G9v+uq>(Odk*Ya1{eBd_2%= z^HKlqQFHI8`O&Cz00iwR^jT1bE+1&`tmGvC>++SJHzF+z*#w=o9vsWC5Wy0Xo0GFw zAeAx3u(t-Au*?qadma)YBFlae5__l zrNW|QKCVlMlYGQWg<>!sPe{Z5|K+@Vq3<1@EDlhqrQz-_Zx}*EOn?_)T6a;i zV5`qaUQ&5+a<;AfeA<3>CitL!G+&+ZuWXtRH4Asn%vCC{@Q0dJYQ8)ZT+wOc1I;S? zn|tVMGyZ02(o5yS@yUsBWAAmp5x$DNOCE$#H1$?g5Mv5HSNsW`HI_l&*mghBm0Vs`_6hLlTuUyEx9@>l% ze{jgknLT2H<&vh)!QNRcAO)d#cr6sYL^}W+CQ|G$ECH^=d7Xqgsw=WAh%7#yIx$Ax0^(uG0vbx&eKffkCK(Pss9hWz>$!3iJ>jYh(@-ycG3Aj3OY@obj zZ-cg8@}59t;GL_WgQQ4=mqltQZWmKeN9j#CLhn&K3r`u$Kh_?TJGOF+JvKbX9BVlH z9Pu#&$1Xf(ghOW?m1FylNxavwG>KO4h)$c!lUsIge@Kj&dAs=}A)ndDt~1FQ2Dk3; z3}enT=C#mYZ}nYG{FW@NUjEb_caEH4pmf*`bFbXB5{@Bx!>*OcNR!v?S{VoP`Ujo- zB?Yn*Vaq@_(ZQS#<-Csbi`m)Wmg^YD_~e|epx7B@Xa@b!C~rndOPu#9v-xl^Y03#1 zN&wN#X@D+dGY|xFW&lYp2_i)(h(-}C%9;HXYHffWCov);Uo>E;k-KQ>P%_f<70Bv12?W+hOUJ=i?WJe_%>8^}+gQ6WQ0ZJPI+ zlCaU&isMIQTPD7w!U0|2&w~--7nE7tuE??9VW~mLFf2|-#Sn-a!o&ebSPc{2cS!Ns zV8q!b?w%Zc2W&Q0#sj5n4lq0lQeI@!cAK8h)QZgzpt+5YXc%~J z;MBwSl_Z7|Fv6sy{Uqy)d78J`rPbT2wm+-3iIKKj+xn1a>q9lTjc-1(e`bj{u24BVv0EszQ%AaG7*3V#Yi3g~(P?1SkaNY;?z*Ns{2a4}28X zo1w^~e3lp@Naq`{*HvQl?Wp=4I0hrh&^mZYg}1)c=KbKL^u10XhftZNXS@zQuCP=8xQcy-~Hgsz<&~DU6xGGzBwZ>XUYo`kI5i7KQLz@Hp!hCjN@UH$r0)} z4pPGw-!5jj6u;z!4DR_H z8IAn}mVG%0SVS5Lq&Widq(`b!tETH|sI)#l&Nlmc2WJRH!v;UXz|Uhf6EiglhNO>EE)wDtAOpw4 zIE73?^qPIWHNh&RH!8s zo?99x0h_}2j7t$}znJvPsxu$F1o~iOFn_ymHUea#3Q{wg*voLhxj%YmZN4Fgc);J-e$*(^elNfG^-S8mFf&6(A%e4{JZx^jP4 z?(53uxbg^BF6pWnb=T>g>)dsB&Fgoo30=*ry6O*d*J*v)a(dleMw^gRWbc8-1h}** zvYCMoSGltve8@jO_srWPZ=0D8D*d)cs})HonQ*i+w7(^GCL1Lak$*)LUam5_Ttm7! zvKK`Dg;8(;v`GJyoo-~K(U%2k%M zBnY6=)wdW1i@*zZX+9#ijj@aC2%djoa`yvJ{DOEaEhF6_p|pE)=h{Qs?X_#sIW9#i z8QE#nN~P{r2<*i#Xi@9QfFGS~Oe_i`;1glUgS*!fqdhVG*s!EtN40`mN;!x! z>dN245YyAZQOXAox;opTx|>?!eicS4ue!Qx5T> zi1;HOXls$fr&HUdpY%Ir!+W|2v%r$CFhbG6HW5g8uO4A5%rJ;oLo+Jty*zQ~gp*fw zo=#h;d#{&Xh}`LjPMjV9)AP2gE`zVE zbV$j*w4+6|XR@N)P&>KeeV7}NXr>?7NN*qtw{D2H1?y)6vn}X#rDRmwxPZt=>?F#iozFFjGa+07&$cz2K zeEd~uKyk^r#jLe=gIeL&;3R=9loV!vAJt2^*-koUq`C=3!>=?1ETDm)mMTMi(nmO& zO^aa=HRw{o13I1nl31|7Yk>uocG?@o~ldQGjwHpB5vC01DJ&9 z*xATzi;i>UF|K^mEKV5ZGtHaHBl_m}KTgS=n4j_P&}1Og<>RohN!_8%^yHL;L*h@I zOZ3|b1@!j#KjMB2N+N$q=5La?D|#OpxZKoaOHp;?a?&^XTaEc~IxnQO-a*43GuG3l zYPC)^FE3?U$i%s0Zh*`&=7uOZ2xN&VhvkBNs+$OE3Fu&l3t7y3G*d7zkihf%veLL| zrr=M^q`l61Xj2^uh|MWzusbuhIuy_1a)G4um1wNGM~W=I9=jrpw(#d69egu0)Lt>f zp$}H3t7VjiR%$Pe4%ig2tN2}I(_Qzua;&SKd+J{G^9J=^ic_?(gKD1G11#-aFo*@y z>0l~FRw9L^t4HZV{2x&y`QR}387aC~&QBqLeK?LwKWS~SFT(;zVH?h!+2B(E>2m?s z=L4DB{9|W*l3@5<-Q^~8A)(@{c^iAfC=1uV% zqxGZfg7x9L{QAr~v%a*>UvD`3>+Je?U9x`Rx-3V<{g$UbOI>4K$-5H>u*aB>NQN@- z42W*w{BDqSm;)}hj#On%+S2>F;C(j4o|L6(Uf8LB+?ZoZCxLZdETN8nl6_wMlH^}H zzg}lXUYdPb*IzG>7y66LcsOBR(WzAnd7jO_5<|6owB0lw#n^8S32gud?q!}ymJTnB zk3J-4h0F(O$bf92Ssp3%RhI(Td4B*QOEWfv0q!HnD~-r5$Py9mP`Av){z*{Mi#=kP zA;SSN0!^NXmPiQ19N0W*$Y2maswF6FoojeA^qAhTN6CYe0Ym0_)1U221~ITgJrxl> zmcPgA%9OF2Ikns>e2b+Tc7NwRf z=T=O{?D3Jm7us#4Y?JIs0wzGB7(PhsSpOztzLuhiYrE0Jm1gWW|K#V(h=4WOgwh#h z-|rxKSskzyq=@7N?eo5z!3U#&qf<|V&GY1j%0k!0G5VgQN~fV^db~hk$o=eJX?9EZhOpWnlbv0Adsv-0gn`@|9DFBHrUiLtW7I7CO3b z3Rq?OLwIzo*XW=f0&7B=n0$r1FY4gM)m}aCoq&V~jJVNGcW8*ZS3g_<8aqTt9^pV6 z6?O=adWw4%L*U>;1DC#hi>-R662ZO5(k}_a^OlQ-q7_@=x>nCt}m7~Je35bmnyC- zxw6nH%U&HT$ji7DlXDd5{EOxhKCDc1VPf;8e2B|xMm>hA1 z4^Ea0@|_pT5Rje3zER^It=b-%jZx8+BVE@mcb%5q^$WZ1N$b;l#&)aUz0C#gp7hS{ zXVVta`@65xcXijKPo-t=Q@nB9)%R@2G`zmx$mEE{NBSJe5yS5AkJyXz^pS!4yZ>}! zR+=Nskx~0L|A=M$)Kxvq(?dsQ+}&zr>D;wXoqxok90wiQb41p=S9{+RIBnbNmjn`J z>;j0}e;(Y@9AJFYrb(I0;mra0H@kj0&jduEi2@SqWusrD&ully;Hi5|b*H6w&zj(B z0G!q@Mj_nY!pBW=b^6}Ty8q+d@5Rutmj!Wc7W zC1xJf8~)*&zxvVtq;H?K!74uJ?9e|aZFy~Q8(%2b^K5igde0Ucd@1ewM(E?{yzW=t=r}`!a*Q z1I6L`xO;M>JWqGf##niD;Y59*yPhn!Mi%tW&n&9XgrL868`I^f(h?Bi%&1&BvcVl- zrv=bfi`mc?!#)fnZ5xIu+6(ieX`;R27EtOZ9;PzpMU};9$`?a}E$a{Z`iH3pPwsnRr@z+Ys+8!0G^)Xun1L zt+VQNj=Ije@1OnMdG7zuee-sC?-+m2<9!DK#BAYT+TRk= zjiz#c-T z`DumPT#oRDJ>dT!f8ld>k-ua+@|S-LUOpc}#8E8@U-)fN->ln(U80q~B0)=Ige#bJ z_T{p2Hbo5B7OI>Jo$+aCXtUhA4}wRNpUO^pmwGEOctAJI+4*W3$&H z9i=PBBc8YNSA@_#V7Hg0ukU^(gxAH6lO`pp6Tq>9Kts8g#=+n&FYRf+bhQ1_)#*!X z5QVMwiybHZ76g-MX!JoA64PSe`pj8*d%j`TR=nQQ>f!z4)ua0dtHb@Xt26tX)$#sz zb;RF>Yh+NXll}eG3-^y!=k~97Ux72jcrRs|XJ9nPIt=V}rgtv$3-d=*2!s(oxt_{6FM^5h=kcK*vO2Zi0b{7}x@87eC5X7y(p|W$%6f264Bv z+hlHpK-?A{IV*eImMi;Qd6}8TO1bw|Q#+x)*n3zYj}0y&$1JAeI1-z(Un0cj;3T}D z6Fn+w5JS!OLlQPrRTcADNwc0p%DC6aK$kR2yCvjs%7BjWc|i9J1V2h1oDHMAXy_V> z$$X{8#$=mfF;i({tCp3(FkKjuw=FgY23QJvw{|m_PT~mt-EcH_b(ZzsyBgDGNx~2! zA#`-3F;Am`47a>Vs`=E#1fPnWS6p*&a!}QKGkQU+GeW;WXL*ngb51ZB=Td>)u`sD7 zC8uh)_Gyd;Sga3w_!8!HfS;7`BFYI&WLJ3J8YTz38+1%}7^mh5Tv>MIp{`u)%2e^Q z$X(C4GSgM2Pwifls;Tzc?aq@nVWnQoY{YQTI`h41rE(hXE|tGniv2m>A!GQnO=?L~ zJI$E4R5sF8NJ_>k7EjC}-neM1zr)Hi{3XgDqQmDZJqiiSPr6s8kyY&K_=hPS`(;&B z-p+q7cFKnCJ2oH^b$_E_mf>LN?+bvr8fHE856zxuvd9{X}C-{;md!2sy7&6K*%!c8N`~@JG02U(Gx;aGjz#02{4zi{43yFkc^KA@< z9ct4}ib2CFgBfc_o#h%MczqgOB?o5bYOc0`regtj5JNYb$2FgcIR*|ttVZQ%6Vxx@ zS_->Yu>H&jnpnN~witB7WI6>INQDIMDk80v&rwhGa_G@sKBNo{gpDR%NU@S9g#|Js zkn@Tt#&Nz;DMwL}(4UP=vbb1aqG~oXP>4#snV}$=?5*?_!}{3pD7};1<#!~k!)BDX z*N|RR{L|2khkwDRE8ZWZ@(z~7HnW#oIXPE`of4Hf0SurUM2lcg%6DO}fH7Dn=+Q8} z8cQkCEFN`rGsqHvAuSDUFPe>|&js!jy7C3C+-|oQb6#}9(F>2NJv%&cA?M{s<1BW- zP-)Z&XT;29AhjF(e9Vrfn86mjf)dZxLV3hbk&bz zWXBRRFDqoC*RdFPs2Kj$yvqD*{0g#~Wp~`)e7~^-LjHgW&jpTv@p|XC(~X%d^?{+P zvXu5oOi$AGa_3jRjPzz*fAvN0GW9q63wBgB_c5;yUxMz#n*BPpFE#7qwFD1c$v&Rg zRZb4Q7W3a#@k)P1=O)@-8@;&n0{{6T=6~UOe_gmNnCenFu`iJSR zv;Sa-VkB>yqazbiX6c%EkWoBS-CJst?7sCpiJ0Vpwpy~~0&EH!@me-FBzU!a1=F#i zL!0ULd>FyU(V^`)u;7!G!&eeqeweVe%y(i&{2Ckf!nO(Da<*sToro>^xVEhMXzV_@ zujhG+S~M6BL|A?%xQ*CR;xEt3Pw-dEOq9lby36D~6(`}6m){Ow~4%5y8D{djI(NQiQ!*&rDw zriV^$m%L~@zQ{?=m60oxuJVAc>t}Ucci;I`_0_KX(>7;Z4bN7*XmjA5&9btW5}}m6 zhfI0q{Sl@``$ZPR83KK1fe>Sa^iIl~ojD+QE{44A`j}AL8Ir>$)TB#^fOt64Wn$eM z4DYdiL+vb+Io)I`3UANMKzxw<=|8%S2f*55luqG%FlXVogSgfiy1|(Z&IF4P#jV1$ zVoG}?G|VCR^l~n}s%rbHNm&Mk#o!V!yAt#P-{xHb#OY>R+hj4;thlo1%G6{tE%7+5 z6CRYDR}tTadJoEiXALouaN*^9Lu}ZC{%EMJX*w9H7!srf%EDn0#6f*2I7%ouT;~L@ zXCaX-deMEx`<9;%h=yplAbu3Zj8YHruF2uIhD%?;&P&1p!u6FY-EOX(Gq8Iha!0Bn zzqgJARvc!7f!PnK^LoZZ6zWcJ#gn2ni!R|c-^eTwU;uKHzN*WLBq*E3!B zOt|Z8S55jZ-dpe@Bm;NAcJPTNdV~3QB*ibcFT>W0n#KnEEQorpWYV~&t1_^X{#r)o z(7D=C*SV^pooKgG>`}40tc$Atn1*bIgMG`Lbxp=TN+gApuV6Ug zHU^;SP&q;2pyF{y9S5qqo#fDY$c0$LkOsF{{SK`y%I(m+fIaqWd4QLdv)+$$q%Ulbh*NEU)AX8 z*SqR3hvA*1VJYOOJS@1QeXk5N+~Z$1!F8@KPPifLVHt%tLcgU=BHm1I8w%d88l3Un zO=$4X;3-u_cyZ}Deux7^K5WGQe|vYPs3 z-1m%>i|t{&#z}cMKsW|vyVM!gBV`ZeqGXJ#23PZ;sd{q@NE8($LopPjUyMhR#o~7h zh_Yd!KpG;-&ovl+UWAM)Jk`4pzr4WvASI3l2;pD2eTQ#ew})QS)mOWI4Y!l}=6Wn7 zT;5j@X_hGUH zGq0=GCM@) zs7eE93APH_%j(~?=(@}&{qPn)e3$R29m;5`%jiQ}h1j)MGaB--)sYgC!h8!k{v*|j z){!z65o8z1auNp5#d%=F9eID0^St0Npc2n9pwk(Og!XPwCWcq=ZHzP|sOuz(`G+Ka zVc}(D-L%afHY+jHxGP6pIq1qXRqK$uZp@+p9*ke-zc%O^tr^lt^>fr4nP!$_ywPY@ zkvhg76e(|xBj~^tT_g7bH*!oYj-C%opz&K4b%5!1<^lahATrrHFuHsc^wKYgFcIFT ztDkW-e4iz=hJzZhzUi0^0k@LPN*22zg`{FSO3Im-ErR*3%(=4Fbv@L%E_s6y zLl<=o-GO8?o8lO6fH!)Eh9@;^Lf?W zZo~5M4L0{f+g5B>x`s!(nrAaK^pI%70w6auWmksT20tOCAlEu#gSla$9VvHz!9#>V z!GV5f06GwEdkXuL@w|ot${Wckw%%r|O>=gQxac)h>Qd|WOh_P`xO^_k94MG&+LAqh!?l{;61a~=c5_1U^U2RI_G zsx$wr)a^_-g7GcA%RLI~Z~kBq8oN+#zc=AR4RPiYJ@p9^nK_I`6qdLto)gkBN^fw6!{kgixkeaA+qiWMDoMoPEGV*?Z`#jIRPXK+L&;OsBQ=U`y*?aA^*Is+o?r5k0LM8!W<*wrV z5g7PwC71ZGE!yv@zo1^Y9|Dcz8keMi#q*cQTx03j!w zfLmFYen+HZ!Mq(b?}UF{@4CuK4T~gnU;V{0OXM8{?LMPO5ehK%ejZhn0lw0pjx>}? z9RZlPVrWG}k$5I2?7_Y~84df}EgX8nzOUuRY&ahZ`*cqNsTBCK7VsS_`^fq!efJpj zGGUVGjBfLVi--+qPd6qZ`?|AlIrpSRi2i`q=j|uf36nq4`L%L^amlaIRJ#~?^*_V* zlooAbVGQ05L;?;BKAfM{<3^;!ul z6clL<>a3duS+KGbk%b_;iO?h^Ix?4RD{h`>?Mi|%)Y?|G<0#kB-A&K-Xf|>grDF{1 zKGuLYl{g6A#{zHcin!QeTgvws8dYS2ZJO=($0zL5Qg1ZupB(l*Vc*wseKwpAg?)J+ z_O=fJ{*eGb1Lj}PfnVL{oz)e?g|+E zQ2efk>*a^V>`e{e*6V-QcUKd@ozbh4LLTexW3hcQc3*RgnEgfQLIYT-yIFv}Nq~JB zxJ&X;#UX0YjEa3X#>>q1QNeqSX<;rZw`tDlSIs!Th(TQQP zi0ohZ3th6Q(Ixfv9O1WB@3PJU`4BOMhV6yHO?DiRhHEtJKZ$OOA3b5;8}@x+pWhx2 z=fh!NJV0o%fcb?7k)5=@1Dk{d4{btSU>|ya-bqPsfArr;;STRf*l>wmO03Q|C-&CF zeb6s<)qBvFP9b=8+Fc3SL4g2<-$IY4ZmW%c4e=aTDOyt&0Ss>$8FLVcIfZ<`rJFaW_{ zN>bIFL=nvv5+x7Vfw-rw+_^}kAnu*Dj#bE_Dm^`Y45@zgAGv8YoC@wg8+}JLA3~_o z2BBJy9d3fbCCUWWs`uwaD`_JxQMNxjeqUz$v(d1>$HE~E`<}4xZ8=}wa=s&+m-n%p z4E>n1i}~!ULDs$Vm*Sq9d1G8_T&?D4-@?5&Y{e>cNyyq@)L(Fn~-<*YyHMQf9MN{gIN z`w^rM$R56=0I6SO{P{2W@>iQolYrS|oI=lOaygXV!=j+wjpyuAN2B-hk=IqMK?d_N z*F!wea)sJ55c^!E>+hJ^I_l%N3%T)lim>u78(kcQa8e?Sw?S1k#V_)&`4q2F*wN_8 zZRIN@cAd#bA(EAjXo==ER`b-D`H%=Slme$ApT_&#YK5B`$)4t)8b7V`sa7k^!~;Fi zVc8YVUk>GRyItr1m^}`-JsNGZ7SIxIsO1B>y10hK9u=GJuw?feIj~@to3yfo#*AV} zba`Y?+4h##gnfJ1FAw`t*e?nDddvA_IM3f&_K@@baAhLw2g1HD?B~P2Gwky+dt0v0 zv|P`>J{_*)B_!eels$N6j4WyIZyT#)xP|ZQa*iA7g}!C&rM3~GDJS*pF}CfHma~{^ zg}&MUgRLX+mecU-B(7{A4*JWml73A2(W8CU=mZumLgB{|?)fYL6wo={FI>Y$aHk!s z%%9=v?Yj03q5;Yzmp9Ol7Oxi;-oTBT2lBgcp|2wNV|qiDT;;Qu$M#B$?Qy0J zuX6JW-F!)w{Ko0#<+!Z2-27o0|9hI;FZ%RjC>bIPz4lZ)7xfVm8WybF(So&66PzVz z1*kNECwp?2?(XAmv!-~=g;m|VDGP}^OOv|1bGh-?~vx4X8V;@j;; zzo~$WO+ohC5U@2BPdMS>CBx`bJj!V{R@ABrNlDpjT(e)o_B>D$%tngABZCFFX<{o? zFdWhu2FP&e_<c#3xPpaAv*T566uu1fSh?)krX&@>n^zN zp0>WMo|iIbql}+nbjHJstZ|M*a{B76^w04nmR(^Z5W&KE^O}x93RQ}Ki-FJ**6nRJ zhFmQ{uCbh8nHyN4FRPTwBdpMq_ROq$2pPhYZq7Om=|#NXSEwtkqTvcb6ta=R@JVBZ z(G3&X_{-cxSUY(}w!n*>Cma&PlHnH*?NK(#xv=jI`*MVs|fx{ zz0_CjKV{%Nexv>-S8B$) z!j*o>3uzCS^Dj#LnDhAuPp>sGOJea+*9gOq`dN)&WztPh#@&{_20FEXA#cy;$`W?? zZN$k4dJgR3>G=#VPF6iO(tv&+0`q**>>@qt4D$AYYKHTk`XQ*{z55(Xfx}rG5P1+! zUV#l|GZ+s4o}5R2fJdlV{wf$N0gMA-4;YEs`d~1g)&OIfEPK*dw15yPZ~);gYVO+> zLHHi6;$>^*-(#hlFoa0)7_*xemr4%;;UgL#3_*g)?RbUCyHf98Vd9eSZabr!{~lb%^hvlq9|S-Gjz}vN@1nhD)7%^bF9doQ@$16UquptCDg;b(cENt_ z9>jwabqn(l0!zFnAR*j$vA4U7jj3(s^-bw>TRe7H+~mem@+sNOIn8fEPC+d)-$cA3 zy3a+_D;H+lx*;by>?lyMliS~xgAk8}aZ*CY8IUjAiG?m<21u+1@+BjCv~ph-_W5G{ zP5D|Uzri}4(Yq^*+=P*P2u8a@1Dc2O(fbQuBz+G=S+a1A-?DZ4Le`FZ2CPPK>_D{( zHH-aNf`w6vjN0DiA7;FE|C`0%=5-+UZ=fi2SOd4zsToQG-luC@hU$Bo5SwABDwZ9M z&WUs}F5r|p$xv(#(vi5%AYIAa!LqP9L=^|^4qn>DsD=$8o@x%CF)XTw{7G0alc)jBHoSs148gm5&mEKz1RHz^T=!d_ae za7aTmbvT(PRndwjZoy*;!~VxFFrx>#hCJX$T`i;2xi7cC4XW&W76{upgoU6S zsdABa4hHFEZWTHg&eImDW_2GSsYZ^#2maLP4^npr1cFY>-VFA{7Yqx3$gKYfat1_P zJtMx>j5|b1;t+SJNE^t@0vABd3H4A(`jpWri{Ak8If7fKib^E=ZJ)f)%KyuKe|SC) z``(sw%IS?pR)yuF@B6tSO||)S?$qeE1Wcr6L%(v#=bU}s`5!AvX?v~(X~(QP{G}v0 zI{5EuLi-s)R3gtxNJ!8=k~f88TSXx)noP|77~!e!`bclw7GG`dV$^;$wjNkwXh!OO zMdz#np`~H_IaN_$Xy+5)fM$2e9%*)SJ!?-m?+^QU4<8wMsYQQCz)uE**q}OHpd*zD zdvy`#;|*(sOQ{LpA}JlPuQ74g!p=wNJWvF`|xW!r6A!p3o-y)#7LOyTmG1{eaiObcX}a7~Dl}d!G3z0Myc6z~J=#nx$_p80 z8A&I~hya{#gZkLUfB}4n&th8w!G{5XskP!1F+Hq$YdVtc#o!?%X2cC?V;i$hte4_h%pVpTp8U+o64OqgT%$5C6KQMD*l_f zA6b0A4gSb{Us6Vc4w7eIN*`uQ3Da*NEkTK!bv1BG^z>4oBcE6Wts2MyJppiQ;M1xF z=C1Av9azZZxQIL;$u0un-!jedJ?Ieit=17zPY8Ej}qjwWqUH) zn~jA%)4P7Og?$|MDuCt`UP%iG3o(gldmS2yvrQ`i=Xxy8T-ED(~lDxXo0?= zv&uz{gEVs`%|tk%W@1m23Bd`?1WF^%%KHeVvT`@|cQCaR-&E{3g{iNmh@-E80A7ZH zFbA>^6Gr3;7FJ?7)YL#pgS z;j@4N%fWz^xdrNzjtrR4PU{EyPaP;R{K#;^}<8t#S-8p?@mh}j+4D)4`~@g#FJ)XDY;iRvF+Ffz)xu$d-DOd7Jw)4 zjszvcPkzW@@_|F8=`zRj~8(aHVCrzf1eqq5WQDDB)8j+LEjcbvAfovplMaHs9)Vax9?-Er#9 zTDaD=v(UKK7oE9uqy23-hjJ*TSsRf(MkJV33G`i z`t@cd(p~YZQ1!@mSZ|aF>ENfcS)x*n7K{DMN`&Wc`rq_0)jRT<^2CO0Q@`t7T~uT# z@s+m_8`DuqRw~6n#3zzq!sE~+Sfqh zp4w332_#Nk{e_VVITuR9a3k4$ZO=Q^Ft| zja+JvPOj{*o!Rlp3130zb7I?0x1+YRmrJC74Zq4eyBE&N4b)!45HL`FdPkk-W6rxd z=0jn)ahzCq_SBtQcrFRgb?xkETpx(;x9UsHU2b-T$*rM;&+7-$ zy5OmmzQl!RZdbCH@{NormUFMnuc5toos}5{uJ|@)iR@$hV+HhkYrL}#KGSij&v@&%KRmzXYf6IhS0RGCL#ky zBf9e{^Osv`x9YONut>3E3K!vzY4%udp6-t?9mgFUU5Mw>#cWRs1jg#S7esys57zN8 zR?`(QQ_bP}5%cRqomP_p3Mx?B%rFt^)O?1 z`-8^rNsL|c6Kaq*hj5dx>_s*)!!Uk(e!Dr2mokQxfqgwkChiHw@k$$u2eJ%@gf1fI z7MW^7*j)52AZ5-qNB8e+V?ot_cV*{=zz@tKZ!USHb2f)M2^=hl=CFCEc3+B@AW7TkrCvQs8p?~xUS*uiidGVl%7H{_N@ z!-HH*sR#U5P&j+!Jh1o(deHci7=;KsWf^|CHe#cf+sfFF`9djM!>HG6wY9?*hWvCs z7 zX!|456Fczw=|>Crxb%#U#}yvgT}1a3?;640+?`bu4vEBycR{dqyk;DNLO z(;J1y%%5?191iYj=4>JubHu{6qLDdUj<@tDsh8Twj1<}M5w{e*#oq=^u2=rF7~0!Mjk~A zus>`O_7$K!55QiI929d}z#g`Tgl+Y2PUiFK9g+9SEWukTGk>27u5WY#Ay*_WV18o5 z$A*5rGZFPcw3B@`abHQYZzbtB6QT-kqPEOh2R}|x)rF!0JUaLwpi%sEVm%>3$nElQ znJ(_hH0davIU1S@WjFA^76 zh0S-=DeU4#WT11%lOXwqio<;1pdtbIrbVnM$H%MO%uO~DF?GXx>^Ha15NkEMRuxie z87d}i0x3tMQEi?X`MB88~WtS{oq&6eC`0ei{9656;lAIV{ex=!4kC-U|& z`>&ihxNU<}l&)Vz+xT85TJ;I)+Z`jeh|5=5e5ESdjxmj@^>VApc--O7)TJ+9Z^`Q# zpWL+YNxH2w*oLM((|mTFz?y8x&?ZkG{OS1|M%(x_wb!RL#sZOXgAd4t9qaWX(x1iG zNYbI&4gprGQAUfXYQm@A(ST>}ot?uI^s8Xdr;6Su4-H_`S!=Hf7AtTjaOr9_m36zy zxW*7{s;L+vs;Spm?G>S^xW%f3*IRN!XzG4Dx;Yez`-$%DI!V!yVH!6_x#wdI>C%g` zXP^WvxaZF;)?9eBo@*feay$S;y`dJJOjlZY%ux}te5fL~x%gH`MHIb5AN~zig^sFM zhWsG+D^q?_sIzM+WUrh2wb3?)GKVytLR%S=DNK~OHG?F%7H~x;?^%Il+H%W+oXNU2 zE%bJ%It)HgkC*b4t2~&9d^;tqwZ@iWN!|waU6Cx8BcRPEbLqzJ4NTnl*b67|E@8;z z8&Pu!4FElIrw8etQ+Q6qBU+jhB(`y^!KR3?*2uVhi(w09KX-PExu2Tf?^(CK%O^iH z_hz$W{m%?BSpJKE#zBFk8AzCh6<_PR5hPywRYA_u5|58){0O;Bkgj9KA{c9DGm z#i_F=wti!`+4(qLU1^Qa7WTA`FbtDDDTL#TdLgFsH!sMsY5#!s{C0iJxV~~;YYPr_|@i4A=>djHY=R} zCi2AFZ02^$-etJyQYlSM=jHrqA0xa7%1~h@4DP|Aw|1xa;f3nzyxQo}w&-3fZC53( zb+)~=5-dlyAa#F7vl97lD)BL!`Lt!9GWQWG@hdAV)7$@LwygDSP;se!tog2f0q?Kb z%(pE2rn!5-VohJ??UTfx>5HCyFqnE4z;ul(^Z~Vd4JQ`sYyHZX@!E&|`C9Wk`EP=e z{@7-IX4y~8{h$e`i&_EIu?Q#`P(MBI;IPL!$YjI@Xb_e(r3=BxjHc4iqUHlnbgRK;dQBItyKbV_p@WlT zy--lH5At^Nr$WtXtlx)eD`lfp~Lcl zvzuIcGg9w`Qi2(}ayWzlhYOXYs;Qrde&Pye+Aja$#_PNMdtLgz@VYv8Y3SV3!=BhP z5MxAv(g;#PeA@!(a6aN%K9~_bg=q=h%4-6u85u zUvzeXeg%q`|GF@}2x}B&A3L}Y>h90xo?_p24JwfTX5#s|i~nq-kF~I$!dB|n&VP^k zh5`1HhK5H`EKBecBpM*)ZXI8>T8X5k;`EF04J;AWINF6OPb8F6Qnum?013sAi56m! zL@tDdUalftEfb$ZB(_cGOtB%34BDSYqa8kWqYpUp-z|B7>fAyEV`d{{omNEHgT)x$ zKtLNEcz;9PcN~gii2Dc<$~J7+xGEJo*%3*jBCMU?!@zq8*7g(HGkbp^>s^L;?qI~d z%j|8w0W&c7L-c*7_%Au~RyCQy;kOc-gXRw9CEaa3!r$~V@?c2nE-Hu=MrsI*cAK-; zofsKra^dd)%p4Y<#MqWemkF#yC)6UMsW(%2tXn*N1fwciQi#YQNSmW&`C&;M%~ql* zz8JE4VDFiq2pZ&%$)eez=uryWhU6@Z%hDP|^Gy74v}~4?^9vs$!F%(YdX;>rrD)k$ z^eEzRYh71hvOvK=TX%KBX!x^g(K2#0R8Yywceg~??4uTcs|47Fl7g3Z>2<}@;oGc1 z))b;Xz=BXp`6c?XWd!K2vR_MRFfJt zNyy7V9B;X`60byHRqh5BL3$d&SLmJE0(BXJr0#?681S0g5tFly$CR) zr-e=x3vo5wo~~xdcg7!N>plYo`Os2CStKF(Z*#x11e1Z^S?_;au{V2}i+`A} ze!RPaX<41w#=?FxS~sM>MOb#cQ|ZdoJwt{9Fdj6ZEynPXS{p=NNy1n-KxMJeU<$ns zQ_NzN)`*`qwWW=CS{ZS)jF?(JoR=H%w2Gqm8W@=Cy$aezJH&t^;X~l}ACKl zOr-YG_!6)43(27M%*Fd-=cX@om>Y+s2I(hY)^SuzpG{MsggfHlJVFQVA7O0J7C!Mh zZo!?9C|#B^a%)hsB*+Q8zRuA;aD9vjY80ihMC)pyb-6{#bM~=B9NBBpKmfmpDm71g zvo`EG2FTw^suc9v7y{Bc`4KrCnoJZ~IOddUO0TNO2*p%1LSVOanh_z~IEgi?60i*j z?W5@Acq@KhB0{nSAO_jhT%4m5_+h7zB?;r1c(-c{%dSy^XGbH)MTb!@QF?jm2ihEl zOfx6K>YO&uGGw63GU}F+dL8B5XSD-b6%Q*&*2wngQ7VVIFq8vppCfHE*6)g(ks;(7 zp|cu8FJ|aDW{cw=&}?zp10d;0d8$OXl7tP4Fonp2ppAZNbW)jr>r+L3R~D`te!ey} zH5*;| zR9=-h8T^4@^}_2+ys@wuWe=AojOBo1^0-?_fKO1199(HCnh}=Hm28?g>;G+W2>YDza3?CAh6o z<*r7R+oIQ6=~;G(^)}0Ssyin+7wtt45fPp{BUZpYtFeN4Y`)|gpvI*}jkSIWH9k=% zi@xhj<(2X8k6+= zuyH6lA?JrS%|=TWi`tTxvuP|kA?JCv%tq@LSsIvz3PKRfzR)d1Tc)DN!uV+bdfb#cN7^`|0?gXZYVmxmBU!q9qrce57V~hi+nbGrm}UdBbH~iqt;f1 zUa}=@1V*nB#2$NpUz@9@wQ{urriKaeP)*&RDfOq}?{6PLN+I{4~F-kUBC^5N0Nno6E5;Vbp3Tr4)$!^!r@=~B_ol2jf zsq`=sa6M!yg|Q44cNlarYOtvYQz^%Vsg%`Bsj@hgk~%$*VkUTq+hk)p-NEy1Oq>1r zbh?w=9|ujR&yS)R5p1>-k=AN9ZO(#y2jEH%+Y)WjEGW_r@6(tGSt5yjQ_3Q}+t9O* zF%xn{3wedbLpF$W)A0us3gY<(K!n4Tow5n&9O#N3Kg#$@yoiJR*qhgFJf5(4j#x+d z!$qfuneg?^nea8r7@351jd}cEm9itB68}D)OYpIzdz=yappna?#tW6! z*RC{syTw>jU9s@YTW#z$IB_sDPLpd*&GZi95zs218K)mIGxFHqG8^{%4YMJbQl5$t zn8sxkfI7^_bBH0zDED+&7BA&cS&~gl&o+UYZMjZ1adI>sgQX?aX|xxm)2gS!VUsfk zf=%tnNv4HHb-rs(n!bsk=v%JSP2u!tX&OQrC*-c^#gm|rE6>;F5a^aqtDV{qM_^eh zX|}Q(r1Ib>!y&_{S0}p0RoFl%Y+9#l!s%AZEw74KN{)i7j5YLx6d+X~3#6WgDh#P~ zbwy!0s-NmSk$2YzwT}aNgZx>VGpQhhwyHo1(71X8Po1ch?XJpMCA63U9Wk$!4x`E> zBbf`SeJhKpeM_o&B}Up@UDvf%bsP(IT&lKjuVK~dux^DLDX(*D`9%4UP>l-csp$tq z;&YWlvh{-Z6!2aNyyNYa#)}d^A7bn2vC<|x6qy7X6j%=~R@bXXj;kK49@yBmL7$!q zpI#~OY;+s+wN36&$}exMZ4k(htC7pcRW}v52ry~vR^8o{>Ua6L^jHAY-mF=wn#H@V z9@xFh66rZnQ;MfoBICGBU~qRxydD))7lSJFn`YrSD452k8@f&U0AC^it?1SXlU`go zKRM4og$JMNpOri_X!bPbgCcBRY_=4Tl8;N6lt`mj;j0*|>8q8WNdQL{(ZYX8`6WS} zD65*h#;(AH|YxO)Nfqb-Kn@3o&2h z+?hE``3htMC>onA_#n|;2ODJKG{Da|BnWU|!M)V}NZ0ZTE9YmE0WT6n7L6dSbEh@G zU)=44iH+}r4dTPY_f_N8@B4KvEO_{SLpJi*oNNq%#W@S^WuB!RgGJi`DlSw7c~_7! z!+?jXJj@psS?|Ud9IW?a1MBVgxZ++`;I0-b>-$kOVH28H7Flm?v9iy0xMHkpVZcLS z4VmHNsV=l>gzDz}H{L=33{6YP9tp?NtZtC%5gp{Pt_q?G(0JNJUXEbbgr@U7;)pV|Yt|y3x5e z5JXAv$OAY|>~U4{CNsQ11))PcG&;y|ts)0WgDgZehqhX_xuFi<0NTTQD@jkVAFsk~ z&|JpUXg;=GXTXcG2do_MvO=**D0)~$S8y&%dMPT@H8*}jiqMC|k1G<@s_=2vrh1TxPo`d#=;Mu_f?@6$a%6zvh0)!ts?gzT z7H%irkk-&)MiwKJxY2M2K{yV>4d@&Ovn~dPuP#TAIGMvnHi9Mhi0Fs^i{i8(2y;k2 z>yf#+Jz92DG=<9mZmh0SN74&RGt69rQXT8~WrgS{J``Zm#cIveo)+GI9}X$lL_Sb=)PIXAO_Y4Vdicp4F$lid#dGFp=g z;f)wQ=SZi|7z03SqE(gX1Pl#B12*niv=C#2w#|3qL1t{dbBxfo38vaYyqt^#<7}0l z<&E*VMU)_lX6Yh2fk}YC{IVPCYz(7b4NyY2(k-EBR6(F(s_O@-c z?Np>4{z)c5$9b`EZOb~BDl333>s?AQOw2(L-q$eDsm|IA(;{2X40Avgjd&b3VUU(j z*+qfuJNz+2EhhsNp?(Tes8vv}lz$?GVd$|ogUDBA-Hd4N2h6>nnHwG>)1orhFx1aV zU~^d_*o+Hb?w+B#@C~-dT-d`;DE@n$Ua$+V3u{01-mR9 z-Vzd2Kn+OC1a91{#ev;y>)*>W8oerGs8;jiw$Vc~W??7PA~ zFK$^lUlsNn!v4IlA9(=9LHyrESwe(XGn8I#s2l3A&5)dG>6Wa^5)HKSA$| zPS`niu8sRcxM6lww~ptAYv3Qz_@L~<6#S<95U&3$Dy5ltHfZ3=2gGQ=5CLaQ( zw}RkE4#Cao02#1h+bW7i$$;Up6q9`@tOPPl@d$cFZIj3NGf*y{>%Jsk-1w~Qmtai` zN|rs@!}ae=2VehyivE&|iGc9WbVbV>d!3!_KWE81oxi|e=-+PX7Z?Dvtpqaic?rX% zOw&XK26(&O{ClBuhTmGKgu}r&&E9bE_sag|gltT&ZR(?h<}#s^*3YFVOrV?{c?jc$ zU$YDMiZBc_JoC34=XtJzH|Iux;|qLw50@*{1dmoAH~_KX^amC-}nRUvUPVV2U1` z?%iBCtaB@~2=X!{Wys6YmVI&nPvH3N7QGr_7?r?y0d;EX9*r#YOy`DwP2hFA+u2u~ zeVMZ0c+T`8E~=f~ts~dNeXp^VKf$D}Kb&#D;oQIIste(d>#M2uc2bbEKp!!&}%%x@`x1$K&-MgE^*HaN5^s$ zhM|!N^y&MY?RUvORONU2B9060N;AS2LTwZh5}dK8`)5#|*(KdNe&6XTb4T6^N>;W1 z%h_+8`?>D9ABEA%#qYW7$7*9NnURL3QjiGcmm`a&6=U&XxWOlR>UGD5bN(Id5sSG{ zeKH=jR9#vm=3*qdPhPBg{346)RrTNInf`F0!e|VCzL#Mc=sERVPzzpX-Qnz3Z*K)V z4{E{t0ay!_xeZegZ*O9C->CaAk5}+NY1Ex;_RYFCY|P?ez99CJ4B=v?AqgEYrufeW z{v?R6J$40ufMD`mw_)BJD>5>DhVfP~Bq-xzSP(lV&-Ss<%D1A@riZW`YKv};izhm7xgDQE>F%&}(M@l4o!Y~)r4VGStWG^zwf=CM=Tufwj z+?USyT(RmIz3L?Njl4bw#$er(lBn3h5>Lj*6F_V^YbiKa@!kZG4ofZ#<0ig|MYxzI z6Ji;8%Ta=s?;ameQk#2?~ z8I}V;w@MOI(60BgEc&uo6C^4i8)J(qFjm!cS{xHWWTiW-fC&I&tLl}h(i1y?hxo5` zRS_&Fqiy5k^E9?hFAn4tSjIX?B61;~f{%MuGL4sjl^qN!iG}vsd4Wf63;R_vX(<7k zTW~H#+BRlg#6KT!gx@A#pUW`sfQzGEa)_gre9dsx=0aRJ%!R0K1q6|FLecLe$prAH zO_^T{YK^eY)2b@eof#IufNNtA+G;?7{Q5duAFr~NHr^1)zNMj5uDQn&n6}P$tC}Wo z>v9k_)qf<^JPmvNqqFE5APu5oiJ}z)wazfM5Zstn8*tN-y4--7BIix!@T$gLl3pe# z2;uz8Ol-g|A>WTvpIdL5PW{fWA!MLGwe;u(D=}qzx8skg5`|0iF%d z0uFD4kJuv?@f7DhsXEhHUZ9u32864`B>)NXs2`kG(G-+4Av3&u}=`ML~l(%5teB}56lfafU6_; z10P%3gR2!L9F!XV$@ISkWeY}*F&nSrja>{ZPC16d2x3!|{hn4Li ztUcDdUaShJKG@HbX*}l7XM|eJ$bLG@U5DOEGWlIQ&MHRVQv|`!KrzW<45%P4z$^YV zvK}I>(pGFx03oJ^;nzpJeb~E?P&4;YEnInn>t7C&65iLJ@m}nO#TAXNRP)D+yW^q_W@L%0lBo>GkAh4(s$$(1XC}fiM zuBY)GXmi|48R#Y@2q&qV2op4g>s}uA@vh}$|F}L)f9?s)3$8ry;5L&}_Sc>YtG%)P zCj9yhH6p!Nvn`z<0#J&g33Z@U?&_M5;VQJmNeKiBuL)>78TOc^g3dRgBj=EYeR&`7 zFWv2;cgl5KcqpwbOYQMxFiQL$WAu7AR-#wR?k%x>I(CQK5zv9eK1TPnb{07D+1NfB z8^JqSLxL*`ft1)v_d=BAp)q$p%$>XR4w0Yrb+}==M?DY5z@E_c>Mj0YloeVBxOrSxg;aDY}y#xW=( z#SELPQcf}Mz|+bKkBr~Mk~f3Zxr!R``5pkP<`>y$Fko5A@eJVG5C{abhF(n){<3oP za_Fz72O1(=(nynK+NhSpaPhcWeQqc)9Yv80@G4|We zfCYuHkN07Yc|SQT&~hl0C9Jw+_Jrm6QDVQskAp&f`OupDEOFmotjQ0k3BIXSEIb9N zd1^97O@RHR1TctVG!9tPF_L&jnR}07c8jKHAX&vj)ue3OZ#lv34^>+(vio}Cd2k<@ zHY;Vs7%=l;EK@H)OoD^P(f6RyrPZDUQ{$B)@*A(p?Q&CM~tKtbf?>D(I*MYI^EOuXrF;#}_^p2uieg(s)q2`es zg^>j9(=wT=h%PsVqY%by1q@R=$3c$N&(p7d47FqoqA?4z;Tz7i;ha%JLRd`{Z}+~W zen3HzZ^^>p_k>KYLJ5n}-eO=rc(IJIodv5>uXfwnwi64hvzdFH`>N)_IQynnamjbk z#Jdv-pEFHL)r+a_a^lLbv}5p8&nF0(_Ga!onO&dRQH4|OG=HQ$fxEg6bnN>?g==CD zsCYld*U(pO@)>8q`EL5n?7Nv=mAT(F@#z<^sDJILdo%k^=KmEgZtClqeM9bR6|2f? z3c1Cwjg({iot$|V@%A^F{XVl7wS1%8`1O;_ew_KAWHnZ4G0*%V8*tS>>REqj-`P@z1_itlZN)|7Owmx=)$AU(5bwEWELjreu^WwjOWx3c}j4?6G!w zJWATWelS{i2r;0w{{c(WY^|mkYH+{8^Wh@10MvgiG=AP&u#nBoO!@~)x3=e4GPKyQz%?o%@=4y;c$OMk&P=m z>n<-C&UkyJ`lyu-pjtF%SUy}Bo zlG|9Jz#;eJJ$p23Bh6q>cjp5q@R{3`Ut^8$+C1Vi_eiE%IXf=l&2GB{PHzk4neT{a zP?3wS=!K_1naUXJDh~J%%;6kI);iFf%)JzO3nvF(Jdp>=koGCa*c52B7V>rs1sTJ0 z1LSQ5o5C1C;?83>nPJ+UgUI!{m2NFL8LM5Jdz-(P4$q8jh3%Xet&AOk1$X=O$V3^D zS6_9u*4aNjuymS=79nApFW&)YzXH-O^V?NGzXyxQcC9F66%vl>G4H3jH<6QSd{GQ&2&)~nz>$n&c7ClL{gB)BLaRqMf8uZX3dXo|01NaTVk!dRZkHo|rZ zTW6=o-8m+-WrZX2QfI=sb-Y{ajs13Y&Q^|v`MSCfz1e#z>2}-7B*WSc7iSVO`UyiD zW-lxG7nSU41QYgR0`t1xGq`Eooh7>i{U`U}7x2 zONqhrdtp(S1{U6a6N@?;(TPP^s#T6cYcbg)(F7j-v1|nS78NfuEs=ehKI@{-jsuC| zrrY>fAztmqS-W->2tOcC5T+DZi|5%AbiC12Kyq2a0AM$WT~2?9{!Ur(s3=kp zD8a8w_L~woAH2S~er4HTQMLyJ2#%Md(o~}YX74T|2?xk5aPc4H8lVg%Ud_v)rhrli z1O21*IS1)pU-rYKjm&{lr!b|M7-R{g`MZOogmyguiK)3aMplZ|w2V%BiO`YgJuUO^ za>n&$S~2L9Kl3S-=oNP#0h1;A?$CRCsbt*ynHMX()J$rTd*(^rvb;x_;MAs5GLhxay(g-)*y%$#xdBCrWrF z3q_!FLTNM`_T{ozC}*hU2sS7Y#Bp}49aoyhH*+4uEhzKkQ7v4q6+FE4{R^!!le|55b40&otr6cW3 zkbQM_Nfg19G|4C(fxLHNYfXa0_IlfKY+0eFh!bij^t3{tOv#Cq-QXRF%(lUnpl<^4 zda0rraU^>XkTPjN%hGVnr8bvcNgxQ$>J=}a-JB2j1xtez->ln1Km z!v|`!B+XCf14~%cW?0sa2YL*L0{rNvN)hM z$~n3cdW#E)tu!B!WCDCR!mq|i0#7s}SqCEAUQE*a2RN%^(UWTv$hJuh`%(?5Tg;!L`XhZx!GIuwogQF-7+v}2>U>*=Zt>74t`fdUm zpt(plGS40kyEwukET%7~co1hvR;yuN@c#QO|CiED*Xgq;IziK1KDE6M$y$+Zf-T-w zihj}sC6S;3{tZEWH6wE#rXzv~hBXNugz<1g2DX(6w@gJSdnYuc6#ZK_a}U%4(MeA* zCV&N$nE*Juhd*ZHImw*=Oad2LQFJF!BgQPqW2JV#-EH>d_JkXc+j$_t=%XM$NsLsf zeJMa?)c40d02m+xAo8{`S#%!OkWHTeGl5``!K8V*$nXaEQFI&(i1Hy!Cg_IYr?q8x zTP3-~dJ4Jie7cr;C@f6T#A3E+i*8I3iOhB# zi9uF>V~dFqa)n%07U?QA0{IcDQWv(e#8(pR5K%elA1Du`ki%vzmI8CBAH|o1=qq^* zGBQ(_nevF%%m;VdtVlyFGvT-9`I=UcN(?3IZ+|old5QYUD`GLZ+|dNtT+^>W^uZ&+z4?`M@Hhw=JV{ zkptP0i0U$E5K=ezg)L#oK{QLm^MFnf@ga&%;!)a)b(fq?2_%Cb^xuK*Fof9_^?jLs zPuNDzYLDL82N979Jxx1CWp~f3%#zZR1u2oj{SQiASRhsEvM>&C1PAx?SYow3*iLMyIe@M>s|=zJ<=jNRT~uJT0?M>m;-$G{uN&Fp z@RB~DC??Gx#c+;AE?4sNd|%!}5~bhtO9(D0G%E|T>roYGf+V~&sv>h!DWqXUWRbYa z{k?mN$HAI~O^IJ+blJscWKTl$P4vW-P_ME-uY@NKr!7b=Ve%*Y=zKt zp%*CAzqn~5x9=?MBI_k@Dr$^uCSCF^W`RrSt4!-R`cT`aSePdJalPK>P;KXK&0{U+ z`IUS>AFgNe>n>gAqiY7KH`M||f8Hm?D5#|F@3SBGHC9gd_krgH7};KAKQU{i@ANV5 zm?GluNvVy8bo1)>`s}-Xj;k)ndcWUiKj>rK$UKUN9Qr3}FID1|{am*<$s?5RnZ_5` zE;kR|Iu#KGo(Ih4mmwuVts6M)8ZvMMdWH5(p0;3BlA`{7D%~f3=Msz|-FSPpGjT&1 ze9w4xGCE4Qbp68vi!RA#+!>0n+h9?9G5Q?=l(&ik=wuc)O^Qba3j@UuC4$pVWcC=; zQ_u_%{GJBMEusRYOR9mTO#E-*O<5komaxpBjH2Gvum-zGrNefkV`OaaY|Qx8ZAtX$ zAtXDr82u<1%B(Le;*3LxT*;R#>1RGiw`wyuk7-8VRe*@ZXSGFF4Quisn+%C50s(0g zEQA@w;106i#`YQ7u6o!f`=C;#lcQG;XHu8*A>@VuB7zFvms$&=+S#A9QQm6035HIV z)EP`onJ^lXbW}oF!!6|!f36z+>o6-jENb!oXh&et2bopmcakI#`AKHm?OsVOP=7%C zfwD(-5yqdztAkW3+{3Dk*jKPNn`j7duc8>vSOuW^gSicf!7?<|v7JC&cH5w4rVOL$ z*N+Gg`p>8W&_V;`WOBz)2TbMTsRmfeOvGFjoL5F~|BJ7w^e}N|m$gTCjj$*nWeWHJ zz#v}&mxO&{`4Q&;o4U2PQ{Fc;!ZXmumy_fJs?&*u0sddvDf9C<9b}toBLGTFO zz6*Tvj2;x@1aQ&R&T?CPl^?j0r23u(U7`1CY!Hn9Qz<>k{APK43k@7Epjd-kukgl8b{SL_C3B6 zp-Tytd^A8@Pxm3#((`3{zT=>$c`iIZV(@qk6csD>6zU0?CjhALf;Vg{ObLNi*VvA7 zhljduKA?q2S<8zbjAngkJY`!T`140Kp&YObBx63YP6mh z4ab4YE^RAEH;y&19>7ma<25V1h~7CC>!~3|XN9NUr>BsEXtqMxW@PZnkxA@7K%RiJ z3y~RYm9Q|*cctj#V*rNme_ zx)6P148j3P7>+xN4USVPtST?cUIxr6xHUAt5IqC*iPH$e=vdnQDzL%+AI!ZLOA2v+ zdo8z&hxLbb=n&hSK8k0D2M8jmxcGk=JPBNG&_zzF!77Q)Q` ztlbIKA5u@lu|eOcVxzBoSQRDFJq%`XnXtmF4uQVJo*)5O0EdEE0om7(6R_Aprwo4< zUB$`|m4UvE;lH3e31o|GzGW+ME>2w6dRwliaOEis(Q7FM1X#i}gS-Lh6<~svq%1?p zK2Pe6J}$)ZoPxfHvk2}pa1)q}Xe1C~1~)A8a)96x&l7BhWzMz+ysl;GrLG)f>HivBlvxVOVxs^eWh0k4i$T7dECIArH{`oEx}X zL*)x@;2!2JX0PGK@VGP|8qcHyxw4#TtO{$*KI@M@5SB&$>)w3}U;@76KL0H{;O#zt z!2upmI~a&88QaP=R6;>y&ig1K;ZR7KEBAL#EJx%3)p72YYXgm^#>8Y*Wg?W;DhqEC ziHGas)eQIfYV^ezgP&`WjEk3GeDe2_*uPlW104EimKYw#=M)nW5~J>pF&=R*7AJB; z?A~LAd!74^W3N<#_d5R_*Zx%*hhmycfpDlG7yW{LniS~PUPKRwkJRU!{RF_JAdTClEIDf=63I6g`-yHB5G6oY&bVA^3e@1{7ulJ?=c6GKrvJIepvJwjR0uplj>l zeVXAv1Nz|Mk4=Y6?MU6mh!lgy*q{K}lp!;u(KzO4jzKjrO#8XW2ro$b2@j(si`#NlY$K}~RY>m zm{F!*N9b>1Nq#;O&P$EHAE}lHdiv{ZCllFIxZ`RQ-~rax5Be=Y$KhRn&~pc0r(1c> zYLh%`)hbGz{P%dZhu=v{nMtj?@r~v?`fl68HAfi_SC0qR>)_vMwGjQ5l?@Z+8`01} z8#H+{v@3n6Hqnu7p|1%g>f8H>n1sw~JDfe?Tzz+)(d@R_QOZB0cpiO6G7TPS$7RPh zQBvqda$x(Vhczw+j2d~Z&vyK^``3G$bW>%eTg3m5(n$D93@z6+RfT!7!?x^xpO({<<^_QUC z4#P-wF8oTF5BUW9VPwN^m7jpUCw6NY3(3z|O#kiA=DCnT%Z1VxAi^O1tDpIQzS=t0 z^LobA^Upqp0K65RH9M;nb}`G7wD>mmv3!o5>(23zC*E$UYbzuMDf@k< z9Ol5|^A1pSKO86?TB#P`wf%)RfWyfDM?n8?I^}PEHr*SCnU8rJawFozGKW1|I`S}Q z!wc82^kzVlt(f&UnKSY;*a*F;FlD+j0*x98v+&BW%GZ31mW_R$Rbzk&Z=B(W^+!0? zc}Kr>lw7xfNtBGC$N0_EL&>tLz~UDIoxd^mpc0xTHIK;pG@UCjH&tgLH_Yd=bcks= zD;xuRx(U9eqv|?0L(2QQ%Dsi2DblQ#2ZjfUQ;aUTy<=vChOqc8`w=%EmlF1A$sNV> zoy*;-Lm_cEOmlxF?)Bx3#vri`C?Q?3xox@m^@XV=hd(xc@(%Yl)2+zn0#YnR|lED#R%`-9#(L_n% z!~MT2ov!vsegTuyXwMLEjn8ll_3|#m_D6~!#zI`B*Hup$WI;P0hY4)TT$v=(ECjbu z+pW!jdA4QvY0=6OVK!XD7LnN6xeJx%*@{l$?@08V@*EJ%e;M zk9DUHUt~|@&eQP|cwBOJdM@o!`h&+ zd@gI@GNWC$cEj5BXy>&H%bIXDrk|Y{coy!r2!#|36Bep9JAu%D;5p`J*pI*wXIybL zEOJ<;6S|Z|3?Ul1J4AwwGSa=R7}q>L9!yJV9l;OK)S}OgrR&AE#50YB(znGOvy|Az z&2oGa3blUNkIrD}%M`m3JIm8qjvoPkyxT@ED`Jr@Uw;-FQtB&TGu9n(7o(vUOfN+D zBga?BC5$4(I}x>r6RnTdhLusg2aAp0@C-a%lZnE>(1%EKthA)YFUAT3LWSWvY7nE6 zhC5F8*zX`1QmKOs9xSHG{ITQZ+`B>mDl9iX}j|K4ET&=Jl`?{-k++-)#l__r7e|S5!N~hPj?^OKHz)p1h?w%*#B6#y}RD_^#<-_LZkw=jSfjr>s!dowaB*v(mi8)CE zmCqnWLk@uSFIF@}{%P?}h9)8-7Ti*#C48OFbtCt|c$&H*S{i4(AvksaC%=czm6a;N zj2PRfE{S?2c1_fr=y#|K9`8=iPUW==GgmoB)9p)L=_Sq~BSZ*-JP^GtK9k5(^$UaR zHi~t1W?vts<_i1Uj8I$0+bL>Rg?B>aToCTgTLa<`@EqJ3`}J(~GY4b6g1_l0p19 zm_sC1s6++BE18NG0Sp-&d2czIahW~#F!AWOp2O6P6@dZ}NxYkvCv#G<>B{lIN}<<{ zB7uj|OnV3wJW%Y=R+z}TDtwmCA9IskaoX8_xLZ=s(rz-7O%1k7#F=fm8pvx2O*SK8{BW7WwfRqw6z)CtB=AE@-#hbn`0lF8IbBvYTLjMs@i zSzl6_uFqCx>hqPkI%#9-D=N$Dt12t&YbvYj>ndyOhg8g3X zom6V7@l%RVR;<`YC5H4-iCRPWO9|Z}3*r4;E6xJVNRxuJ^HQe5DM{sn+z9Tcw3HRH zBt~3e#K~O(r5B?LErvtzypoS`H-8%e(q2PCR5`00K?9?k#R!Pn$fPW7Lp00offBw5F;kfGxp>eIjR#3IfD5<#5n0oUz6*9K9RdNehS~l+{1BUzee7U z@f#s@9wWx<;ZOlwM~VD&L@??k?3c5jnfoIx82E#^-$PBEyVYU#wY7i(9oZla=1+CH zopEYRAWQ9j!}4mW^?3x~(zKL*DkURK-6r4*QHUQ{cveR$U@ERR)@zX>(3|oKj>2FVyZ?eT&VbE1)7BB zvJ(pb0(*YfLtZ+=F3VracB{LjS$YY^k}Od2m;Mj(zH6=Zz5mj}P41x>%JOLVV)jzr zwMQTsl&u#Fm7kdX_@KA8q6Oid|1?(DjavR^P#bCo>+}f$7e(;Ss@@$Dia57zKDfL8fm9Y{;d{;i`&hNl!ntUA7WL%7g z<99p%ar0N0KOQF-^H;jG&p*d6M*)%fM-zCo5>&w+j3~P61Ub!iC$nv1lXdWqWJb(j z+6G@ljAQaJuJLp65+6Vnbh3Hcm^%!Q2JB23b~Gzm=}q=gAt~BM4J|k zFSK-sH<%k?D1!JOq_4rH;aduOF3npa0aqB33^OJsydDv0Nmf@z8dK#>WMwE>c%Nku zDtIX$1q*){CL9SeQ1XHCf}lr*Uj=96KAwn1x&oW8tnPx6N=We`4}Ld;umvA%ogIEf?zP z>Qp}`!xf1(h?YOv?2VA<8Z3qVNB2tv9a&znyrc+u@oV`)* zM$sfdU52d!M)H}G7i94g7OzmYq?Yj-krLu_aZe!{r&N!?UxS!<@(fbmX{VZy%Y@dZ znJKBD}PR053nxF~#4oz9Jf?9;Fu}3CP zNyr+Dh_?p=v}LxQY8GJqCJP(6Yi>NAYCMS$lEFakCL5Q{i$<}GyTVnJIFuldCf;Gd zU^xYCgQ2Z_EPVen+Q*+U|7nT@n1rGvW*G)jfWM#PHatZJFr@RC(p8LC5`#;P;69%_lD&&V zN0h!vvgsdL^y0WcBnlKt07gv%HxTL9T;DOcSFe&pH!KYR0UGLBQRep&ROoIG&5BXh zFNH^@%h8_p^8Av8_Yh0i^59NG)-0Q~&sg$3QN5{!avx(m>^OjrMIN0^8wE6w<3y;) zWB4LYoMoJr7D_x7#p_O<<_)bEI&tt^DC=}Pk-R1>eTxd>yWS3=eJgP=d8~U30oUfK zJy{I^Sm>0_iIz9>T1*2%x~a&UUUzG@+O5doeDHZ_3#x4I4xyu@UM9+3elpFG*dkC1 zR4`GrAzq8~eFX+!9-EPJR*P4qgBaD8i$Uw1xhv@6Cgjy8r=V52&)tysj1NDC4!FK3 z#l-7R(qNrTtI|#^Ct2o$s=%ikYfVO^#*Q=ycz&Rliw})){nvOcOfV!^jR8gJG6+u$ z3=ZWv{qy0RSADrs!ws*EH&IE(Z-AU(@iU`$K(C@bI=W7d;J>5MWvT}I_zQ-z_(wtTgaEYv z$RU`8AGh#hBucN;z#|s(>r-)u?jLa!h4gF(U4M~6Vv>Fc_XJJMxj??<6||-=?!hS# zT9&*7agEJLwF6w=lUVqDc-!5HyE+NfeLtfz&@ATP*uJ0Gw{kn=Yt4NvcHe+-CNIzs zvFF<^D8*%}kDYJlAkVloT*q_J&V+*W+jH#inPH!?aP?@GJ2;N1mlmP z^TlouVZlmaZU7+ZGvSAw-^HL%v)M>p;~cdSJ+yU2Lxljre9_KS(Id+Q+g7fTyGor-g9ZI zNRqUDgP`l78qx^?+uf`iXM}HrL9Kd1WWvV``$@z+T_c*;yi*F0K8PPtA;R2-xWy4g z-G~VwbzBXz*Lredp-yJjF;=~#Tq(?F9hl3BaExV3U_JWDH#b-4YNNyoQ{Dn07vo_DNdO$U_7j?2L>eJcve8PO9F1?V>Aip z>%+bf_UQpP7NrR1UJaZ=Cb$vwf63G9akr3aLl4nyOoCRbUh%A8c ze1OMjTgtn~P*yvssj-@oLsG&UmAH@bwjG^rsc@bY(G94?7(O#qw!vT|#lDbL!HTO1 zxie+asffEn#0Ilyg*j7Cc*bbQ<$3Yb*Mkh#na{5S)#RAK{OUB~7jyBMu9P z8j_|Zj5t(UwppVZ`5t@LJ~M7MMfd_y!wDTUQp21(g|UMnnrQ6lOo1A9iW|b+G+xal zoB3^uqPk>o2(izrilJ25Jbev5IWXijISU|62a3Tg4}4u zUx#95L8SPBTwd501clT4_*U&jadekLYN&5ymAWSM@(eOq88x~#keSr1b#j&vyt*%8 z7|MmJS_I07j#y=f-&rQv6GMgPI<5X!o`b`MY9lU(WMVN_LiAVo%cV+@&`Wrf3cSSV z|Kr&KTHuD${-v}-jLKLnS4TkSG2;t%H}nl~`E6LHhpba>GMORlOJ~>*C&Qd~g#A=} zC?V!5inu`_T>mw%uuVO@EuydrgEFIVPpkv=8A3~n6}3gW752yoc&?g?dm;h=oy_Ec zF989$*b{s~q@}=J?O9zgV_|7M6!uwmXo1@jy;5~WRva4`O{0Ge{3a4VH2)23l5L=b zfsg=rE|=|2UST%zRI^&)-?V^)v_7aS};WyyO3b00S8 zdK5PVLr-BN(UaU$eQ$b{kY4Tlx!_kU@74>-w+YVrS8-MXoBPluVF zuoJsycGBiuHZRFUj*1vaA_@Y+y7JVgOAtwdA|N6%s~{jE@=$n+!i)hEDh5u+`6}KtZ?eo$tT!g-aBQ~1~X*K;VDd$eg!Luqusp> zEOt>$KB3JuT7S-S zZ;{rsP+aY)&%p2Ln<(fZOi3A1-SuS;9M2?jAJNteCx#uu_=(UIK*MT+cNW-+Xyp>g zQf5>qv)n39uY@mgX9*0V#lg0ewr7($N#!6Yxh=}i!;FNsN2m`NwP8DGU-a$nmwGF4 z6Efe4oac#gC~y#bko7ZtfvYaTqk*wDA9mFhuDTrgb6Omu#a=;7VdF+V1K$lC@+7kw zO<|5k(_uopGh#H41~UB!+NM!VQ41{U36axnph|?xTp$v79+qVo!0hKdCbr7o?tC}B z;bT2x{LIcZxL;T-R0V=QETt;JG$po=FvlP?RmstBa0?6VTW*J5-Njq3q>l;4z>MW> z5G2Kl8W%uj>imA!Pkhr%=&Xo`1PA--*J264(|psYq!j?Pbae)9^FFgcbKO z3CDF$eEfiM( zPhv#6^K;Mg4!-`h>sF*r{*6juO-#MOGktMAeRyRQFLF+qeg+yRT>9uAeBQ03&SUPj zpgQz@dOvtV5Du)4aA--iq4E9{j>R(ni?PHq(g)Ws%&qT_tnc|CVok?60Ys7Y2E$oF zGBE_Sbm<;%C}hv-FsIxBAsirPuXHU&$wUyTp2cC**`9CDvhVIH6tlV7m?rM5N2sJ! z5+-lJOQbpOh=K)GT}!eRs}|oL2I#z*c}%760EFCrQpZ^oE6$5_5bAsW;vO~G;2xc7 zYy1RNWz#1hMyX$x--Trz+x@P*9DnSV>%B+xfwYNhL)m^Bie5K=Dk3L0xg4D%(p8bW z5Zt#oEisbfu)cF!j&t@{+w$~j*LSW*iNUNF<0%isl@pf;dQhkW;1?hLfaGf#vp}t} zbTZ~0#`})Z-xj2YaO=k`<97WPmV3R?TSd=={I`PD5+rKio?}QBuby-D*#>Hog~PoD z2*tA>bYf94+Gs|Zo@r50};3aFeeIF8LKGWWy!*SK$!h*GZsRAiA1&?ag4 zM7v<}B1yYyoM$*sz$b~TMhAl2M9#$8z#<7(lwghGkIvelC#E#66s|3AQFcer?39y8 z3iZGy)Vw?!QmVSY~eD=zux;&|_NUBSOuIh7z2$vz3jDh%f5q3=* zpb5OUge#pUi`ZxvmYoJWIJ%r6;E%O~MJNt;fM2@s`}U7&6b*PZPmFFn=Dn?e0FM!` zHzd}Hph_|9h(My$0H82Ldb&X)r*`oYvie+?fC*(9BLSOmI$;wn+mH;qxTD42_Xrod zL{DJNIEtH#)%Lp0KrQlW;<+->G2g`Y`WR>e<1GM5*x1D+OS?gBm27FVx3VB59+WtW zsG89OKyxxPAuu2U(GSFGNhXO1LRj!&SVoMW1r*c-cLoa=?@o(1G$`N6t2OOsKDz8{c^N&+0hDIv9w zdWFSF^@4R>Y|{m3r8n{3!MvC#bLb{n-er2wBCIn^Khr?#{q-vm-t33&`5<+;cNj5L zj!vdwQh>Cl*V#fReWPo~9>&HcSNX5IwtQzRV zlojby1tK*wYj! zQ#_jZS*A})SUKG0LDkibM67RM2PvT*5F*Rg*VY`vMq1CI)S8+R0h$$H78Ex-T;Moo zG(@2U7guXSHnCY2FISPJ@F<-wIF=xQSal>4eSU9>IBZ;cga3Mhmq`{jPjFa<=eoWEU-!<}ICwNF(Q5qR1x_1Ac$X zxd__a+^NhbLcJLp!#0AZ+6d-#0~_$~z)k)_^d>252z?1nb zen)PeR2<}wVdC1Z5GVDlvxOEt$M#RQb3=nfL9FQ4>w;u0Ob`=|_2wG1E~=91l>P$l zQnJ)?OK~f|A*5ihotp@uqpF#jX#SD<+mx`f24tK&7LF;;^-47%-R!;W-qPB{jyHpfJo?2i(*ddR8D6;gqc(mhu?|do}S3+D$ z%Ji?yry12hjl<-1#Nv?&iko4)45Awr>4fALCU1=dg%!w6s$S=gh}3gFym5S^MAj4c zkQudfT0E-K)2JxE6eYP=Bi^^dSy{QQ-(C;?2r@5WEkx=n9-K8bOGG&Cje4VtA$`|I z(qJSW)Xq1fY>_pCC5}CZrR?Ha09K&=I(i-Lhwihmt^t{1DJrTz}WXKU3 zv52Y2fF7eoMOdIdub7GuKd>H}N}gLW2!L<1a;PPe?junc(EZDu?vuLKuk z3dIMzG3BVgd?`|CXpDlcfoJSn0(TGjtrgBt2v7GARloxY?!wM1W4eQSC}1(S?4~=l z;#VF^Ti)v5?av{g|O|Oir}fzDfRW^d)I zA4=s6A*NR1G_r@KL=Y^w`$3f^iA%0{p+SPV+k1#Al8C3SmD%ZTwlp0pCUzzD%7EoW*$99qJ#!gp4|Dsu%P zzCPK0V_+kRQ@)rXw5qC$Lx*DVC;A(R7S4%!VX5shoUpr`uV+MBQ`f4B*CY*Y1AK9{ z1g@?U24cOr12308C-J=Nd@n=FHmEPgY>WVJ5{?+93=yQI32dz9z>9zgF<&4oIbs9T zb03RgmmaZ*M2`%*L&}T{v+|FsUigLC=*W7(63e)YhammtxN}t{-%A&CsJXZ!&E|Ta z8o><;Y@)eO1lrzmy-b3l@p3)9$XyI}S}IpDE1pH{t4Qs|KtON>*oWz{dY4G8er(|o zT_fu56jBRv`UKq=t9j|}TvE+;+u==nHF-|((dJx7B5F&`s_+8RM4Cqtm@$7Vmcn_x zEmO9vHjZ&)o;#Enlr+S60ao2wrh1}tGm>`f4_PabGi0Mq&WiAKiE@sqRdYiGMJLS%dd!n5$ zv1>c|!BftaIpRQk8s#Y6f3*oe#%R@10?(T9iYQ*PI@fxtGF+iT1QF>10lx-L=)2_j}EsmzAu_&0Hd+2Fp_R=m$n@pi!^ zKaq-Wj4S?gUD*XmagH>EdX-SP@ryCj1r-raAn!b%6Dwa4v66Tkul(i$glts|%LvMCC+r)y z3U*6wg{nI%Z`Wk13S#$HG9{A@$J2ItzTZk;gwlaT66&HzEQnq(3Cc<7AhB{gz`nC0 z(HE}HTjr%%0Z5K^z8cdl`%DYD;ZF0_>+^!8z*%5!?N16KXnYliL{7$Pd^{iJt2sl) zX2?Ckej9Wr8OxlRytGv8*x`g|X}znuV_>Q9O(A{P>$s(GAPMJtwxzrgcCyjdgv2!$ zfNr!^rjdlb*4x@D)`J!pMBE&=wOxqE&CRwps<363tvau*IVc^tP%*z2SbB|dKtCX$oM#*|&V#l+w(D(s z;*Nf|Z4Z_}N#~JWwxzgJTbO_GIxIn}B4|m*M*SDq1W!ub#)b<3o|)u0Pb-QBvG19 z%~2()E#7>vVOR&z)gZK#)|_O8C@iz7SZLF zAR7Y7&yXwYyU8;+o+!B8iJs=8gdfg2D-wh5cw(Y?a#T+4n^@qkNUUt0TqY+^ z5R`SQ6awt?wh}+(j0|gbJwVEWdTZyKvNiwt^Q% z!-dC%D3Nf%Fi70+p0Q+y&0fN&X@Z0zA9S4gFe4IWqb;&lTc=~8Eg~IB2#v}Ey1TX! z?&)s2qF30SVW<^rXQdZeEDc51lpe-1M9OyOTecn^3-Z1Y@b0Ab$= z%Mdqn0@9$3YjlNL^1igQSftD@-soMd=UCF#+MR*q)x-K@!|sM*H8sqVi1s|lAxK)$T2u&G4JTOPJ>+uO3Q3a6NY+Fc)nmJ^~&j#nj!V1 z-BoPaV@uDLdOB5h7Pr$nL#v{ySJPEfd)crV35PX7d19%M&?zZBnz%3i08;dGrKC8H`or?&);~v&#N|=r#3`qACda1xZqzREJ6l zK8FJnIx0+R2#*C_SJh#@fV05}a>r~Grg{M^xa&f;oGhg}II3jRyfSJ21`0;gO)XJq z(1(C1)&hhN5X=s9gkY6VLEeZIm!V69quHxr_Occ{bf>ITi&L*sVfLVubDa#wxq+%? ze(>H$Kzbo)YvbO1@}9WTwH@Rv%We(`ZLMr6!Y+&)R?@tp_v9oP@-Zm5 z^xv1L|5@Tbxk(dNrbCc@`7<5-xC>UMU>iXDSW~zmRVHM-ifv- z#Or5o38jgE4pfNu+Am_yGnP%9)t1=OOv~ITGA{}*IxkGOd69VmP1Lq`b8bARikQDW z#oYG9?UUhVTHHF(m=@EE)y!h|vy0WYCS+RNwOBte@e+_=1&Wls* zyh!hQUKsOV%nR{G6$|K>o)fG%FF7ZmjoSC##k{!Y-<%hvo#%!B67!{6?wYDk*PL{!i>$Ykm-4`GR$Pr@WiKv-9H~W(zaz4t(jA z_tD1LKgMS_DPqz3zmcrYLVz{q$VXb|2n67+=Sccr%n_R^Ix+-2+i8yYFEK|*u*CXt zm|Zf?Z(T*=^`lyc^A&mQ!==L7Z_Beboa9{R=Af0`PM4*Q09T>~)#}nA?~);X#gMst zs19dYx0t$Y+`@8k*Jxdvi@*=w4-4+S5+}Zn)LVeJ-*mO0@KYce-X3G`Zqdtl3B->g z5@|Ui(gudy4jTs7sOdn>1Si^ZzAZbagMMdVVSPa<5WxdGOFU*Z#$|4?tvT|^ zwj|di!iQMR#MgDPaMH+$uVUeu?c8QE^e2onj5^ciW3IZ&mGU}_xS*3C%Iljd>cTO- zIj?T4=ud?1Qv>>$0r$$#y>N_G)FlefL!))PnfrYx=<@gBi{nc3>?j(G^Tyl{jG5os zcYk0^Z<2Q_-u>u+-XibT9~h$*j1ATD%-=Ei64s9O`#Cq0h_VZAfb(S(u6Cnz3y_@# zzlPZ_K%?z42JtK8La!MB;M(!M_oDq$B|Xd#VmAPPUej&uJP)gG9_7Y`cB;gv5nLj# zVc5|5AnH)bHpFwJxa6Kz;(`2IXmsHY#S0A<2HhXl(-@s63!NjCSHV%B3&jKE;3-#a zaC>c8nG(P}sXlZe!!XPFv&rIUDD4gKz!3G@LLcwvhh4SVm2!(4J{33m5jSkF6Tzzi zxII~-se1)FI|jK?60PKgrX|*s!2{1ZsopG!&??-(ChvAqt*A|2+Lk0?sX5C^vrD6T zwlrDLMRL@gtw$&2kgZVgi_0Og$DGB0&;@hqqn&+Xi9UDEi_v`7O_-@U?r%HP6Yc6P zI*5FLu;O=OY;-WO4-Qqw=0p7}<^NLkKm?NDLi?{0KEpr2@2PIXw30880O|umg&Ypg zOZaTWvao?PHVEkPFv#;_@+D_WJO%*c+&}ET%ig{uA0TK2Y_S!s{shdb=?yKUKK%VTUA zwv?S)(*w@3A>`f!@EY~$@XS~+p5~Z=U{j-h%kM~z7np^E^+7pwL9{U78Bgxzd}yz$ z=5^7ogq%l5w@}`v*x;o+LwF2=%Z}?YcO2I@`z=GziPrNn_#%(rEDs^tAKlLtZdW!s z)1EVPsIIKD&AXsx zZm;SO`8=!0BH%w?tk>ml#q?%hUE;fkr~~|ivj@8e@J47+Hqv$oI-)by_&oWPr?z(cUR3NRdq$xTwXP&hilC_@;3Fk33F~yy}zh$5u(!nP}RGns^gokRl#*?m$wl) zUtB#mmDR?w|6NufRPJK!68(voUyb84wSO)_2<-Xuwf|h>{9yguFO~np#<{bq=AI$_ z{ULW60bYCD7a!C9w^SRMis8{VwX2Qo`nCGjs`*@1f3a%5Pz~DrtE=88s`|RBdu=sy zX`^pGQqaJMR)Z0F@&{FYf7ShIHS_hxliw(k5HLt& zqQNK~5lIw7f~Ec2roY50yb1P z%>Q71iF^rDI?a7uX*~G`i7JCQvN!6>_hOqSE>m!823`?MqgW$_?}g~4^oTo* zn-&uuBs3n3nMu&&97>}7xN|@q3sC#c+pHFwMS8KjXusVou_rTWiC$$^$`-7FD&Jl2 z;qIQ<%T{4e0^<-i$Gm*sSCL4TEs(gi`)N#@G6a{Qk_Q~fqBklyxBYW!Ygw&tzc$`| zBHmpQ@6OZqTBj{J?sHaDL0@{zV>4`m#$<2C#}1x*(0Kj);)9nQ)KfoR&G7XJx?fubUMBxx2soFqSWZ*00?+_8$hKVArRFdh+;B*N{z&lv*Rw0Y7l zaQ~q{H0+%}Old9|))x#bjxQKC9~jmb%Nd>)R-V;Mj5%43JX7mNOl3)$F({h6TW(uF z+?0YK#c1A{EH~~`)lq`5z|T3W9UBi$x`!~9M62GW~OWUTQzeJ-bDW0HS^y!eRs{htA-@6 zJ%xj5dRC%`L<;@x)h*&X|9E|JEWOK00=Dpw(KCEs4Al|#UmuH$iXYrf-?&SPL5pHc*6H$-U%!LbGl@o%hs`k+0rRO;2~;lwDSdkn1!SBjwk zRvAkyd*zz1VYO8ScY;K5AHteYTn+dpTnpP+Vs12^5*KxoT%1{w?#YQmy2-9?TasT; z^niXBOtgexCq!3bOA7`fR@droEDP&`QePtN$oqR#cQPCu>=j(Y=A!=Zm`$ykL>V?} z!%?lR8V%{eK0yi5RcdRf)<>Q#E4Ex?%L8^gkGq51y1X)8*iqpep7Z?;)$x^V$Um9 z2@KFL%4$Y@R1xU8mzUL5WpiIy%@?_JxIo=69IP_;K@vm#&QtT*R^a(z7xd8g53-!n z!tndrdswOGl>Zly+(KXd9AOC0{WzA1d|nYiLsQ;~VM6oS`(g3lMoDmX7!S-aTJVl!Vzj>? zX^PkiwH@x8;68!J*=mF-JEz3LPh8l%+uO4czaF;N%`eOg=fVmPV*k~f6}#$SeU>#l zqt<7?6z>kVKNj0^p)Kdxa>0un$5-dutMOBF?eWgf#^-l_TYM%im)K|HIvmjQ&M|u& zf8~|-xb@62_6%I^Ea*9>n#Mmu?W%RPySrc`cn)r%ar-gBdRk%v!ddHB?p6-h;+AI*0S}j?jVfo$EO~c-=Yx<#@`CZMt zCOpjiP&hdC*GcoElDe;?pP%Fy9v+RA=&K69e^DLNy($_C`px(3^M9E%-!G|qOZu5f z#qrHTq=6UDQ|d759dZ_Pi>B!DPV_Nt#H`4`pwhVU(A*S@@S9)y(WLtOpxQwd77?lC z&iKX`m5){;`$~DKx@w1ecX}z(HyaPc)vzsi|?$Y*}vN1wjGj#4$h59f$)Z)%$?9e zo9lz|*CqPWI)%K`cVs-iq2|D@6(pOx&VRSx8&TDd#h|a-Y@4` zpOHAYt;4FzLu^4m4dtjT|EU5pIt9TdNyW&>OvuzW7ro<*0Y(6RNZk(Ou z>KwKRZxlk91>yJTmwAYVQvB)PL9S?2E7J6MDnM0O4bT{_0S&f;KxD?-R+4{hi4{Z=f&9 z_qYCDcB zaTd$-c3*hEN)v+ULXoMt7pjF9EA>Hj0LCPjsN2+~&6}HVxLlp7u5O;Le~SE9*K@A@ z2BojJJ=eHB_>7u!YxC~r*)J$W9#~5qI4#yvr`Xc7WyO~MG}im8I+p~ytz44YtpWin zMC{%kMBoyCx1zI|cwo@{`v?0#!JCjIhK$shrTc%T72cDSn_@+k@BaaQk*6Qf;fTMw zZk~@zfIiMbytU9Tvjzrrwf=w@3oBGqxF1_3zKK;-vE{yg8a+ZMH>@NM=8h_=qH`5a z2~?~D-w~;pIBDV4XDfE0t1fai<^d_wZ=<@Vc1q+o`==Blr|QhvYj?VrWp{-zu5>5tbHx@%fG1){&q3h}Qx zg(q=m(9h5*JulKJXlNPf{cOWdvgHmVU3ONr)39Z`80oTet|uNXOe^gj5*#iK^WJV7 zw$3)}udaID)s$zUc(R>(A)Gs-{em0*hks06J0$swj;@b3wqXPzhDS_ll#t|9+))+D zGt#6dX;M2)TDFUEj!pdzd&wr*{1z|Ttgm{&$=Sv`7r^r_Q~|S2n)VsE697hx{1~;* z8+EHK?`$;g8*$@qGvR+J|H{}D(ZxD*yXN6>L-U$V+#Zw(Ev^f;iJtx|O|;d-)_56F zsv7Lo-j==c#oRC0WEO8UYLm&@^5wSdv*nO23$|Qi%k)lVYNxAX_Dps=hXe* z*kB7no1ssleQLIVE%`=|2;c5@TWS~QaZQvNM9(ju=YuA3>Pu zsuYxQYyb7bGXM`^%XY>!Hx`)1z=-IJt)UoJzP?c zh%fb{CH1)MpD3v+*$eI5hR(Hz&E5qt; z*-sCrzJrQW-&0hwSKlqBpiM{zXel(@TTP}b^LSN1RZXHJXgR+kHf9JoWwXBUogXrH#zl_PA<}>08>iY|I(KbNTVQJo{bhikiNB7;Pys?GFzdY*;<@fnlYP zaVsn1ma7?c@vwXTFlz{EJ18(N7mz15WZX@)y_InXSi}Ckrp_8RXAXn6dwc?0AP~aC zknO5%GHr4P_(acHV=>xcQFUOOxP~D35-i`!ddcfKOKe_e+n89A=(OF$s{IZSM~O-V zr9=l3JcOU58rN<8yr|852G3Y9Ko^iA%n>g`LXD9Dx1*YbOv2L!QfYBwB$}0SvEDby z*|DHS$5PNf#4V_cy$yQrDV=dni)`OaWS11f>H3qPH*) z&8o9l&1B3ThSaG#LGSK1$E z*zy${u_RfWrRK)gURAtf^>OA{oFLg;G<$=c3o2EP&9Uxra@=)n179bO^Ef}NeyzK6 zveJEQLnM^6*Cw5j>>9P&uqigMgi(*!nf6X3iqF-|FKX(yHS?RA+ZJL4CG!WTbW-gC zp&}*m(aQA8yi!ls43ZRym9<5rDZFW$7RPVipA=1z0mX~Zq{%4m$b4Q@H5+T*BQ^8; zT7C?vmR9G<+yue`nb&BqTHbDEb=LJt-k`kQyJ*h863OuXzt+5e*33U@*`D5Qvv`g$ zZhS@il0{p>jfxse$_5K6%;xguU7}HWvAf1$-1ceSiMhv4?-D4~{$l3TBnShb!3+X% z?0lAP-M$ff_i?-3m2Jt|s23pk&vN~(3@qg1W=4o6 zZD$XSX5P}pi!6?@R?dIXEsbi>#g^d5PrgAJZ%;N_BR$(7PfLS(fYV)3#$t{+Q@lk@ z7u8JhbMcPU8S-n9E$`BH*J(>LUF>((b-zg;ui4C-44WLQ`fvC6c^z}xhd8g@pq|yC*SCXNgZNbX6 zRndNC|9)qvqTMYP4ZT}mYTZ~eIIEbC44cbjxxa9jv$(G4i|n-=q=2}y)E9gCR*OP= zq$%>906i3fPG~Wv{$Fd_A^@4;GTU1e)y2jWsR~b6MYTn7n*|YC6!%cgeRz8mM|AF3 zx!swF9;li7YWn9j^D|LX|FCAhUDH3Txj(28v~DkdPmjDl*ppY?TU(XXYxPmFl3J+) z&?&7RIl(uTKDQTJc}z0gwGDTacj{xky-kE>RnRR+ZF@8sqc%}puWUYH)zAON z6DLx$E+lO$?7bq-lV7~i9LD~@SQa*$;39!Puc?qG&v0&p{CjofvqT+*#v07lmCsSs zDaz;BI*kr2qcN}KSD><Eu}(Us z$L67v9)cDV;ngeANe`osCc;&A5S?^87A|4|lZH}8Mp+u~XsW-o--D`4Y%@jql^YqJ z>}y`Lx^LmK1(CNUMrZfdb4M+}Kr9+XML68g#9p7gU2RRM^~rs0>DjVk%gbE5J9wuH zyS3cZX^-<;6Yb8rfj5Bh`LxSUU6R;50ObVt@MmiA4Y*1tRA@aiNwH4}&k3^%u&4Ej#$~ z7s$7xzpi{PA|ErKieLN*c@6_$r8X-mx3nte&t}E)l>dkduTtKR)xyugxbXYyD!fNG z^xgQN-JmrJ?;n)wcItw$B{f$}d(jc1%;N`6hR^{ctn(X09WL5$7CX^?=lvY=-V(F8 zNXRj_P2@%p;(oqlIxxnqv$^bQM)qN8Lfi_8oHSHbI;tVlScNmhO!~kQ83?wk; z_!1CJlV3_@aWrO1%S30Acz6K&44vTXR3b4_O2SAdFq{kOspWb)A+Z}~E0VpOz<2q? z=-^=8WCa6$TZayL%ZNX`bTm1;Qb!dNpo$RlxrH<)#FVkED=d>F6|Y&?jlo;h#zD1d z@Wy!eiFkM6b|)`!?JYmob{E>R)0Uj+bFOi!)ww3(oVQ(Kks7^y1s1ITSDFi$R;plnbINS#Trw__?JWj@HlD^qIqMPCZ{Uf2)}nYS0dUs&Q7a`v2KpYg5nF z+&|S+3+<4$j0?;$L(^E*y#nguQqbAYou*D96~dvBux82%lN z;R?nt<*W+}F_Kf4D}AoSO-dlm z5SD^a5{Mw=`+8o&JXAFgR}m&WRyB`S;r?}LTgSYw`Q>-Ht&p~ADH;+DoxfbZoLL0&v(=g=aMo>nJdE(Tz zA-PKN>2idmntA)y=qaKwwQzkx3Qa&-B%2sWQus(GZY${pE0T!`8_5|V87wgc)E z)G^n;OB6|rN|L+q{QusjFW`%~1=YX!?-Et=#XYub$d~3+_SjPYANp@a%rnP?;QYEuv|ALlK9lLlBbMt$JeT9YeZnK2135rU*MexV9HmXi($r!x zz~UWlFB6-{#|(Zm9v)g^z<3*txfNe zfhKjS{b3ZPB4Zp>1F3Ly_ISKxFbVXenOHJ+$((*mXX@F#LS;rTx7LeK#s-b8wvW5n z3uCs7ts!GWNAB!!&N%U)n8cH*1375%b`rc^iE;Oum(}-!Z%>`pIQJ^Bc=&ejw4-Fd zy09h$qjxwrNu+oABls+=T}+T=C0#=KUZqPe+3pHm{Xf(Ty^5yRzo+RNu_b%EBDmtlU_&>Y58 z&qX?1OLT;VmAZWY$1(A^pg0nw`_t%%5-31>un3q2*r#NCuOS{rcQOoV|7KGbAI_hxj@wB%dU(>j`w zBzbZliwOcB0+b1T=Swuaq?sW0#8LBzZAs*kK9(0^|M-Z&hlrjiZy9a8g<}Hwl^@6Y5wK%_BJ_(LCC03A~2RBO()Z7;(;{YL~KUGoyMX-qPH0XN3eIWSH|XzaarpUj|GW%`IzEtBo_a z=p2PsS0Ts}T0~?4RGeTnoSEC_yj3C!GqU2FC}Hw8siBtsPub(lM#gb&ir8v|Q|UY0 zIRmc#y1=~_4o_Vjs80tNOC#Kbi-hh^2e1M0x5$+$J=u<%3Z5EbVSxl)gt@(BS2aDW8jr>z9Y z6%&Y^!GYU5xFA4~-X#zWI6t?5-Wc-SlngvWo^a;RbuhVZ8TCA)&LnLk1uiNf=Q4Wm z8n%Vw&R+32qe7J7eS>jMh{qMtqIu1*96{HU#$LA+xjCf)m9i7CTa^&NSnS`g2 z>jj@kKX$G&viiMso2$3QD$_1BSuk;+&^&T_lB?kEiESN5c*Ixn^3Vl5n>J_D*W%SJ zT;8j3&7yh>`Wo+rU9A~F=!C9E5SuCbQZ+HF&d5+%TyHhkuUFoY& z`jRP_<`7yBiIkts2k9(fcr2h27%>La4ystxD+N%K=0B)W9Z=uy+zOwcc9B6z$ZF4d z@2I0RLVH_K-2kpkUzyrh3Ai%1^AN``1+LsKLIm-DeJP;rcXkV%@9l(@ zV)$G(?(7kRr(SSx?dkf&0a_bSlh4nDbF(5f-MW1tWh;)Jx7G#ukR*XCA z5epHx41}AIbt{8Rlw~{E;J=Q^vB7V%Wzm+4ZJD#>EL*;O$}c-B=HMQu@CLq8JC{Ns z0c+1G{j9u`2=DS{(-EE%cz^WC80M0hiGRilg+DIX;4mzw349+!1+U~S@$w6M^H^Ke zLxG~?ws-bNmf7{avAPaMzJgc|!8Khd#@DQ0Jq&o709rLYz(WLZBa~K1imM2xsCkJD z`J;JQ@{xR2p`dN?qA< z9G{s|Tm8;$y-UWZhAcL%M>_W)2uG)LfzH?QvrGqXjh>e~*Y|$!sYg8bPbfnOPL9ri zwJC&9!5b7jo)&e3U-An>mOuwHALyqE`AiDh?Gzoc9P;yU^9VA(s+R`1;eCZ9HgTj^ z8CIn?>NwnM)go|Wox@G#>(iyEgJc&&+lJ7uX6fS&NHEhwL^eX7gJ4|WOar%b>KJ_k zBvg~ug%5`FNrWTGJs|EnoyQqaIhCNd8A29PI|f}-xR9*a&3T?cT}5Tdb&w-a0oNfb zbD4TU@&+5ci78KQ@J4NU+LV`ZRumSv__h8awv)*CQIvGZ^&M) zS}IanqV&BYE2WaF%v=Fg<{^v=>}wj}Po=pLI~Mn+^iU(4Dl#5eaY>|@cTd81Uc6^E z_@j0vUaqEm0I{dvgW4$!T%w$t5m;gb_(9jZ+0A_x`Vz+GQVcAlc9=oaNlZ+9h>W^;nJF^kz|yVC95B z(Z{67k_C)1ohQjr{VD(y8R;MoP+m^Wanw8&4JjV!syT|;_yH) zeEYwcR6SNUNa#rDCOlT>)cZh;MTGx7Bp&*4R)jeuyVOvu-vjb|=K)(X*}S8s1dVvM ztlIJ&Q)GT#F>q-15OrwckOhbKA7T#m4oMsu@!MxpY@XelL;1p?;UVs!vk&nPO&*eU z9-%h_als3H$Wm5`twzKlH>%VYqnkH85BYUELuNl# zm5jC418m=|(;ah&xReItwMFIBtYk+9D;J4=O)M226eCRnO_Di;CrGsu7lE%O zBy>Vwa@|mEht<5URd{U&h@cpLMPv_aP?aLd0a9RejEJ z8%Ybj?U!5x4lC;t z4e7pDLYk0$Q&h(`IYBS^vT)f&solZW*Q8N0I9-$FmTZ6MjgWel)A=N?5lRJ~A*T;> zoHg}Dk_!H62a;sfLh>SQBRN3rdL}!Ba{25=l#Z0zxCWdKxL5CPpFI>ey0Rd+y#ZP2MSE2 z`P+H>$MnU=p)YXE{ia?ffq1{6$wx${!-mxDA)zl=BVzhO0wZTwD_SUwG=V}Ay3l3= zbQaU;oTLGBdw4}23EFl4291HEYI0A4uF?lX&Yy(`Wb|V~L!0%g^uBgy)m&#iLDBP# zWuiUC6FGl{#&BS0~sN~%0Mw8^F@ClpO z(P3$WJ{4W=mM(IkRQ^jS3MubIKkj~w5oG3kQ748i=N3~7;C)CSS(pmUKcN-~C#<6= z1=w_F3VCj2YUtZ#g$B(XMUn{_D!%9?d`N4d6-;(Yl6+mMrcC6lO2Q6%RL~vF4-qQ* z4zZU1i0j_rdYF3M;kvg&GeFneL7GWi%l{3!0kK45;LaA>rb3OWPJ(_)`T1Rt3_Or9 zw{VN3V*-F6Z}N(&Xm68VCXt(0?d$xLaZC~oGVeDt7)&swBt0t&OaYk|mbn4ccCg;; zwN>J24sLZT&MJt9E4{4v9f6CiG}@96lgCD zfm8H zdPsR2g*u>9Sp8;!u-opH^H2n-H#Q* z#fr|VFRyE^_%+m(Eb}lMD_NVm4VF9rLxT01&}OGPzeQ`{IZxV>$x)s&RaP6yo-Ma1 zyZbr2jI-)D>Tvvi4-XF02WJmb2PY5m5AHq49PAyGIk!Gs!zcNPob9M4U?OlYpS+@yXpJ#(o!VIDB5W#1c(f1nleWUI* z!H=*P@l;F_T<584z2x<*(($T|>KG#64$u73_r3>Rg-BQkfzP&F&0NoEo>J$z>Ux`W z^meZ_Au5%Pq%qreQJH6z2qUGi-@D zAzLsvXODxq-ki$ZL1+Y~521*yzAN-DbAyjCax%w~|0ARD4+L}Gb8tuMuVnu4&Jjhz z`(3Y`+#**I*16uF<>)V(yDCrVa=&G{w7ywHbRhWx>O)iuhN#{2#P(Zzz|An%O{D@M z?1CI~DS_I>@MfJVHAH z=V@D7C4nOEmRjSjj+`|^2s3C_QwQN8jYhE128s`ztAIb(L8Zszr;UR#t={3Z(0N5H z06Yznt>_#R3jj|Wa!v}M`G5m5KZ(rAtk(;+N_vWdEy*araYiy@ot8S^U9UFIvsuKiX=OACP}^>~aDo+qC`U+{4TThHQB2OLK0CV$ zwk%DfQ@M&}<3Gguj*^-sGxEv>`#!Drjo;V93k*S~lQ`9&vP8=AapWtALvLrt=qI~p zb-fJQLiGi`es@1wUat%Lexmthi54r7*IfwbfT*#v3EDlo%kR#0h0a$A5(}8@9V7Iv zS3q_8;DQ#+pVT;d9o@p?9b?`PjsPiuUS8cezeTCNvj~*{li8t~#kt0jCk0j$Hm^+a!=lZghwz&*zD(E8QPCiOy zc{DT+0Gh060Bx6g8IuF?Eo`*l+YYk9co3o-Gyd5mK3}*!5yBLN6biSe`m%`@zK$lR z>BMelGwZWpO|TwfQi(Szy=~U3!u#^h+7Thg;bkm!f>tIbLP(?`xom<>;k9~Ws5XUN z8$;kFeWE#O-4UhN*4XB-xknIYh%Gvz@Y*)#Q%ICqFn}VTnh_F7Bx&6#g84&*U+b2x z!ZWFdID+a-w{$6Koyg9K6nX;3;#z z%ZLUm7LO$*B$v?X*%WEFy`qTBlI=x~lbyIrkdC21Y{9OO=vC6k-=UAw;E;7t?=>WR zbHWmeVgsv*jeyi5+-(4x>>S_xM{y(a4CC9pYm`euKBux2dfuwLV?2<>9uRXUle5R=1}3 z!Y%69;J7rKcWmOg-Pz~Zigq7zE_+Ui(#$XcE-HEg<}3_UAjL(G*Qy5 zVPVYTB$+r<=#HER1Mrdah%M><^5m|052%I*Rehb&tSyAXV=d{m>rJM+#2TYmZ{oFP zFV>kMt|y&m0%6Ud;zM=5@E+$0??HYhoxfNoKcc8j}eT&rdUhq9n zf84M09@qHl6Mk}o?|;&_3roy<-0GX32HrP=Chzg-maCZ!co*=Ldcjq!%9L1ncM$2-h-DX%vmgc ztY`l}@*YX&HV8W3ISx8WQX+}sb=@56wc#F*uF;Abl}2&&1<@sKQM)TJiB?J-t`8$d^P!)X;N0ELMGcXmr|?$|UW*t!%%9_X4|{5}=l-#wnuKmp$Sq-_x}MqRmVmb^Gx;_s!y4&6ai z-XhMN84`u1bAB%`%YzO+A)>}FvwY93Q@J=LHPx9o3K`L{gIjZm8$Zo@k)#)goSQ&1 zmJNXC{E{2%FxM5{=ANwHhNH!i>UEl}bY%W@CmmUOUB!89d&T5FE?zr$?sV!uX!W?3 z^3U=**+enaFsN37vpYxTxOA%}L%D>pQIGDYXo zVR0_Tlb1L1-MNG$9r!| z9A98xWGlTXw7-wE=e^_6CqU=?3kBUrWGpXbg^ezeql<|~q7!hgPpJUv+`?U6R5uFM zji0+v*3t{K_W_-F^2HT&e-$q6IpyJ%beR?fohI!6@+k@X@4jT&Ifc9Jx^tBC&3~;0 zn{Se$1tQb=yn0NZhW2Yeq}sr*XurmYYQojXyqh}A=!KR$D^277y6!mVoFJrwwRdVciyWcIwOAjY!U^)vwMTPjp_`sd6-QO0CH|QcLY1=&hBdn%I@~mU0&jT&%c}j zC}I8^>&|}HBJAqe?3oV)-t)2U?3c|eFZk-mo`1ime(EV(dd*|$wI6%h{th4XT(lqC z)-OKxS3kK4-Pt2nUv;S!H8o5WOB=;{bq5p0taC=kn}ZWFb_-9)u}`phZ!Vrtb*>U2 zOWo!xd4(HX-ViVSQ($TTPYV#! zvE7$}Cz+EpuxZ=2cG2H8%oH=bG*hg?n;q5Jw2l!gnT&JBZsgG;bwo@t)hQ*2>MoWA zaARcVU?3$DA(XWU zdNt;pVVtX>R$b?M%D{OSVxZ7@*O2p8Qk{cEHBzMNR*@XF*|I4`Dmd>-y~Ta2ev5kR zYjKd!O^+~Ptt6aSWd&!lC?UCHGhd4_cD9JFPJr1Yj7W}foF*jXLULz zdV}|R%w{l=l!`@6IC3k;hD!R4>7(q8{zN}Fp5VW^UsgBCYnl>s>I`x#)Z9q?RKIkN zD!vaNCjGv=m{!{xJ0Rm>oKW4PHsSsnulbbnK54(vH;9Zw69%4dh@x6dFGU1ErP4Pc z=f|?>cFBX}-lf#Hl)fi64$^vCOtLY{z(>eyg12L`6H$8vj@LY`j;Hgq#V$t z-xwVwX5W3u=C_fj$%{BQR6oZJ>ABfCiWu_}M72VF&a?IL$g6~&5i{-Ul)e`8Alt|h z>O&)E^BSa5X+&*}mS9Aa;002j2bKP{tur=vM-v#f1V89lgfX> zjuHx{xEq)+(fnXu2N!SE!RN&xAqx<|Br)T#chc#_nMI1Q`f9OWBxCX(J0vJ^KBU}B zl)6&skIFbExJ>^hcPlNCy00m%mb&j|mPp-+uP=4q&08XMKh8Ur2cq5lB~qn_l>a-a zlKiHRBPyS2FN$*#}!lSPvWhCgy;`3 z^`#M(+R4xld@>b8bcbPsoes-VOY>Cge^l!4lAJSzMIw@Eq)C$bnNP(zv*SaMoO12?c z-ahJ>>~lK#EE!1b5Q;HE9sz|N#+2L3pzxhh`*=s=@%#pvU>OsiE;UZmJ=8h5ERs4W zAG6e-c~k~gl1)%$SY=yfYlbLOftivZ;VN_iB7Q%5K|=4K1v#3x)0w?nRC>>zft>W1C^upxuspy{toOgpcilV>P7?7 z0rGqyhOR#P6zGb~0;zpW8+HLQD?;L&WR?qb{#l^&Z%REQ(D^3|fGbkSzD@ERojRM; z+T5L7E&z5`1Hj%VAhlj~v|v)5;*~>=N&QoY|IkA+n#4Jjl_FF__U=-AcZ8D?1G*xT zSF&_li2Wnu&$(c^4DvBlUzwu?f%GBovDla4$kG)yR+C7i)FzGXCDJL-U~0v@<@nR2 zL{W}t>THh&%TP|jHlsZjSdeuTEjdHU!kp6caMuv*RGF?XSXop;asLy@SjN7S5u{3q z6?(ZvjK2OgW-=!6xUc`f0X55R!_5*eyp4)~&kMdwK3<(XwRDPLnH42Em|x};!7?v1 zdkdC1)jLJ73<2t-fkzcBqDu?DPn_zX(#JR6>c7P%ZV+%H;=8mwCE;YSE>(T<2LBYn zM5ts0yXyoYNu+9XLPPW~0x-@ycD#xRcwT?x}(}K4TP_?IZ z@JBrmcR(i{z&G=J6VGx{T@LWz29<40VCHqbuL#C3eU+oHn3WmBjS1ceSSB8V%rk&W^22+qDgDLkv z4TH1u7}beUmK$_&GQZi~#YC+rMc zn>t-)*gsY3AA;1=Ym=t~ZdrDMYwvKAx4YoY(_p}oXM?qnk}pE3+;~?gE!BdI!zQd=>H=`sv#wB2eyq3d@Y>7Y!Tc$ryjl zHa1qV;IIrhF{WAU`jA+s-yviBkkY@iVE?4_ErSfVz1niy=c_40PVk68aiTtOQ$o3+ z{@{16Ghf+@kb|#wx}&F+`$whG_WnUQQ%H3}P!!ZZmAh5&kV;JAkV+&qf5L+Fh&!yr z8+=5JQIJFr^bdQJ?u449+SLonJdCCSAe=t_#U|4=jAbqNG=d_Bm!qy3itK z{VFzHgSx4fmUk-M@8hBg{}f4zbR887{j6VhAw;l*Oc|$V*X+SQ z$9_;`X@VRpEF~`L!-IrLNt#c_%8uTx8q1Z?mPc;ITygH6NbayY3I~HcHg=sn%_re- zuxEhXh@x4j6bOlek`WsP>?YUg)7`b|ZQZ2G_1`1Ls{Wf@R6ls= zBIi(_F3b8XGV?S&d%EN7NpFdb_aGx62xmh*D|pdju((`ckKGq9)6NBO_>%I_V7V1< zDXeSw=NECw#HO~_dPLA9{YkM~pjIjAO1thzU=7(Os93ic7$72Waft*zz4P^ySkd-Q zAv5Uyrle)Zco&m&PnV43tCql)u}z1YM+fX<`h==^sk@ljpxni_OTi^*@^H5x{iSQl zU3KXL?Zy!xiSKSKf*{ofd<*JmfGolUxgD!5s2n#FwnI4BBTSXDsh*ORcLWGy>9UzR zFBg;V=!~%!p~QOP4CiWE8Y_<(2&%vmFx{m zINYf;jWZc%&5g=gPd}pUAbJZO3=m4JdizhZa0~?Lm0}RN@{d?7U)QU>f_bwqJw+ul zrqhl5rD~oyZ-A!OS~O**Ov+ia2B(H4&K)`>Q3m*ikk~TsT@^hhxa3jQXI0J~0tVa9 zvLYzG7kxbz_cwZB)}b=}Rc4%7k+QbO_5UO7JOJ#fs)c=bIqmj-=T4u=%%nm>I_V8U zAQb5xM2a-a)8C2`AP=M?3L+>I6%jikq7+FK1O({_h~f;0fY?A01WW#J?Q>`5W=P_D z|DVa(=bpaH+H0@A^g2Gh3{HDq;sM>%t0aZ|fs)jan=r~4*R#I_`y$l3gexzSoUKNf7+9OwT`aXQ((=YB z#CjZAZ}f5zZHi1tB7DYX8eGAEh8bkF1VdeCmTnfi8mJ1UEDgvs9wl20XoLq@YXNVm zb~y;}E(9;&M+A{w4Uh5PUN|N^q#SsO-E(uyT#r<9@n+|i5?{p10@=}{__yhMlHPqu z{j;R^U{XJn^nR4IKTaaM6e}D&CKRUZ!o7ksXAWZ9xqE5c%i0qE?8AHs(U$spAFsQn z&-+TBzOK*vdY}GApZEDbdvzbHB4g*Jpw7gSl4wT4#flFPCgqLIf|;-Ech$O2-m|IC zyQ5Fv+2`Her|;?WZtk-XmeeDPVnD9m3NHhlUpPH@u$=}PPaj2-TDJ%olHC=BlIhgaz2gaJwy*db8HGiyUGR7iGXJ|7G!BBA{kc2 zA>ruju7t18B%YOb+$-<64@Z6=#;<9nm0;c-_`c8-R7JS_b$Z%n5fP#kEhMfcC_YWJ zEfO79nl^_4p(%L`tt;5+0;axMhzSXZ(;l5g6!@+vY(wx> zi9a-f^)$moaJ^ha^BKw&kc(L^K37^zb}h@fmi28`X-p%KsgglKEyh&`;Z-Grw0k!o3&_{{Y;8I z6VkaG*%fMeeuY`yo7gez(-SJ%oWwHzQT1`sZJec2?m&NBpKi`p=D!JXsQf%jRyxer z8qF&(X?CRbl4L|&cbw3g(E!B7^d8wK{gL$BiJ>e2@9Nybu;Rmp*(iwAnNopXcsLJ@ z3pZxFTe@rl1F*OQp%~nxfe5ij&vA6QI@-sAXCNsa?%-8=K27{J2n>%L1VFU=ofV9m zXlE8dyXo6A>eh_9E#v<*qwdY9`_eR1>kl(K%sGsXIt9w*bakfEA5-fUO_vdaoYAIg zzLoLs&or3FsWi3B`~h_8wrYyho-0sR=(yndVp0(eIv@3^osl3FGT+#YN055qM6fLU zsTyKrdixo`I>xYPDx&PscMLaYAf4oSlTo`vdcQ-?m|rM;3;8)Q2I|CWkJ-wlU}WNXD)IBFQWnS+w7+g3=hx;%L#ed)Oe3hpQzu(;RGBW-c2k! z9qgn?^U2`+x56i0$m!+Gl05yNMGI@FVUc6Y-U%qA+r*T(6A^{w4cKrCXx`7sriRg6 z{f;3KefX|K0K#uGga=sf1uF3}BnhVSNhlH~a|S37jD$O|kJh6U6atYUNL41#se40g zx%DU_Hc}QUHy0WBA@0CM$sA;5sxM0tZaJCgZO8e;9hZ^Ii#aXE2+RDXTnTaJ5~nV+ zf3RP7VuQg|F^R3QFfj_GMX!PJX$-$2I}yaW6KYC!h_>h*upCA$-9icl59q-_Z3xZ| z27`9K$SBjbY8o5wb6_jp5ez1qBa03;hcKK(K9?;fl;jD44|xJ&TBeTr258^@m7 z=g7(tcj8yofF$Y%RRw{Rpm5wN%rEO7pzYe>6~>ZyNoAg#L@UhnI|g#mKogjQKZ!46KqgV!fp&UpF4- zwf=|kxbiP!&$C4gYzl$`#r74GQy;BZ8N9U}6R>O1F;UNlRrx7vKBWK4 zu0d0Bg1bbxTQX{YNHxxR+#W80sNQ?*oV$-$Uic-C-WT?AJZtRO-9yABJ#p-uhj&7H zH_Q+Z8TZWr?wdDuUpSNFm1D>5T{w2>31jD6y%tcfJ;u(t`{r_P_1HPWE@<5~cI@ui zk#kGOos(Rv3&+lR`+~k6nT$_|L>^CldzQL>mX6Es&r~1eNPT&>-ZXXFS>x5lsouZK zlCSMv01U9jBs&?H6mx z+$gRil_kG7jsTu|*|XTfyv&SM|M1K@UvKuznP{c;S-x2>^Y$FyoagH^ ze7hb$74_e~I@`DZ?d!9-ratML%YA*JZ!hw3ImiiiRr*OnBIu4_jp+gd=JeZ|j9n^R zmL)}&S+Us?C0M{Fs+W;Hy|Trz+<&N>=8j2npNKdo=c`~ak&y_!JF@TOcsj@R#(6o0 zAS8gEA&}hIeUqEc*Bj?M**D)m8AHd_oLklSp473(Ce4(+)U~0ZCb_IVTZfY-mzB*=xycbaKX-myFYnE(U11Ies` za)*@>BB`m~T)=GJ$^~j?pRLG7L_jugXS2v#XqI@3HQpRTt;v>I<*iKa>g|%<&9K

    2Z;dsPh2w41iX|Y;m2-@;Z`6K4id8W~u-U-t(+{Y6iFoX%Hzldm@V=EveV zb%*cW1rMvg?duz`6ZFlESS+aT`Q9z$GGJk;H%RqX-ik@FQ+7ir*6d`)5kigC94V&| z5k?=%c|q>--%(O&C@F^D(RPHuAhu9%IdK;h6BMT7_V;tV{dLOiP@B=D*()GzSE%Lt z9}~WP?h1doUg0f|R_Nu65)TEb_vm*so)gs+0#`3li}Tu_0VnbqM|=@o2)n*QPK(pU z-+fj#7DXhEBFFTxCq~F4eZqvwal&BpLPQw6*$R;8*v_hV!b%>8SVSDLc|by81Bygb z;u3EP-RblWL#(nY;%lp}5- zqA;8%assNMFUHGaO!Zyni)1KpphYz!pt=`YVSmEt&h-(a(uWb$#-hZtP%Mxz_9?{8 z*m!k{IH$MQ5vnYI5au-|1I)xI@hSvtyy5u2#d%?PMy|!rr1!V`*(0k*@ScM!N7xnF zbgLEB~Wk5a6g(?Pv-6Yc?lrHD&R-A_jSQIeJ!i6%BFu8*gudO4frAi&cmv5 zXQ=+&VgKAGbij?F>NJ~!?E2806_U3|(hGed+a%&bHR(jFMY{+YSzzjp=RvYS=Y{lF z8biO3I0C&XC+|9wf$Ig-g^6VB89}RRv<{BI1=XPvjP%%sFwu!IL3S>RUW};X-|$s% zcWDWfj*(cUL;`ExTn0&H#mgl}9-&AaZ#QHv(}NkcA@igf%(NwXf1=)*I$;4Dfs!tX zu)GwJ9>CkG3qnqUV{(wcF}cNDc045fETced*L01VWbs8Y6|{2ZWR!O&p-MDIh2<(#11 z$7eB(>~brZF*C$xB|aPh!B$g9E^E-41Whugp=*}uk#QApWQINvs<_iFmBb#Q zLP9Z1s>yGJSWje&L>M8e zDsh2EH{04aktIX7?LgogI(3?FcWJ2p+o?W0pq>lW0NFx>Drvn7h9YhlAp;QM2~5mG zev{%2raZF6N-Q(Ln-Z7kBxvt;gZl}hb+P-AVG%7UFi8YJIfI~IbtWE{8*en~yNw%% z<@jqxeYJ7?k{oX^YOrzqsvKW#)Mbt1f6FnR^XE5?d&9(esW9wQ+~DFUS(g7`tK zP)4EpZWR0=s>;f&JtlW;wcf4DM$~2a5F8}PwA;ZmEd-QMtFfj;zYqk*gv|ejdP-og z1qc^S+97O^Be11ex34mAU~C3axG*1h5U5UaKN>L3_wXASY`5(avL&b{r|Irgkw6}k z46b%XGM(y0h;=5j{!G=iF1`pkt8ZX^MY2o}NOEzjUQr+;fkPxlM{God*n3K1LmCO& zYpRT~4|c4)1H%g9e=rg7^)56dhbdQW@gOEf64h~hx~SUQ(JGca?jl$`pQt%e-O($L z$|QRCPu!knfj0U{Ren@7rS9dw6t^`nkb|?4*J9gBuOQ!wU)dw#Klm}T$Jl#2sPwSf zV@TwO2udkE9Ox6h#BEizQ^J#55)Vj2m`0w?%?N&%F1*CC-68qgRQOaXC(=mj=lY?A zz7$uZKEBEXEub1~BkGvOZ;QJ`a=6kWe(G`41)pi`Dq9jyrA3}FtPXJBPBztJv^K1v zGxSnOL9uTk48Sr2vM8Yf)dpiYpWX1%)v z6T)=j`V4c3^;Lz{q==vpjfyG?DS>d=`fi- zZ<6@XZ4z`1Fby}NUVkkE4gx(n!wQ@WxSfF`*%fEb%;F`U6$$#X0z#fFn_Q9+V%Cx3oO9?k#%OGkEu<319G#epT-F*y)hG(9>R9{=k0REA zO%Y+swD|kmkI|7iR+&7ibJ1Q?H^CkV*;EfOE5TgXsb#096UXe6IG#ZiJmxAP^n}A+ z)L8zAgW17@0`eDEPIdMJl#?ZDAek3mw6kH|xblC$oqkG&5N6-7dp6;S&{iM|k5dBY~avlwQ}V?)Ty{kwXrnZvLS zYK2)!iotYD?V<+~F<|Hy654pb^DxrzuASr$2#6Ci2H~J=~nFL)O{Fd7VZ3<@koEcI!Vg1gRbUl4E zfsT$aiM>JqE&j_A-~+cy7WPnj$kj0qvdELUtR-Io=vcsX$02Egw3TKvy##jBEK|W2 zTNxHy)`8{?CmnZBmTNd4H#Q6+pnPNmW4#xn1D4nCU?6?qdCRTc`!aA$JGysv=1yKW z7I%b@16V|aE}M%)=6+*{lYG(5LHjR-D9A%pBgd9Rg6x@z-Yd#`Q+d$gXKL?^I3~D+ zorENk*nQe*_8Hb#_8>z-2v|2Xo>=opBs|fA(M=WW6yMPTN0PL=a?e2)FiAzY0G+GQ z4Pb#Z!~`#ynno}QP229b>Dg))ddHd3PB_WoPiVxOLIgEln;%x(l|rXT-ol*8H1p*>MUe1 zRV-)IdS#+p-p2n&6bu?s_$cM~PXujC;#kpo38vJL(6a-cDyUPyIYsCGMhQDCLnOV7vE zeLNfdJe$N!D?ToD33X20I#mb!Pf_luGZ+xpA#T;aJF5g}ZbUV~d-4bPv|CvffFj>fpd&IK5=KC`;TpssqTx4U#R|Zlo=miem4MKpNFa<% zGQE=%Ujx;cAOkz@8rAqPaF|0w9%9uDxrSU-=*f&I+JjBW{Wm5viGe~-OYhRez7lvl%fJ(Tx`^G)3wcWXSH0x4pUiN@F-J@KeQVs{@CjD`d?R>U%6 zc`@LW0l+afMQmqw;`R+{$3d3TwIZctZ2*i(Je+YlU5$Vst`n1()bJ=$pi+ZP(P0}S zwJEw>Z6vHt%kI6ZM>$8H5GNuOLZWr3p;8ocgmS4hg}6R*M#H2P}9O= z3#Bhd0=jVE*s&v3@SXlsqMK&J$Sn1jphqIN7_&8lnBCotIyQ!Qj*=PdQ4qc-5xOTK znL}&>d6w&-nMEX*o06TVW{1;FbBtb@3N@fONB_-Z=4F5r0aqbNWD{Msh_wgkKBi07 z7T}pN3B(A`gF-xBdxdNnlhYJ7nzF3?3mmh%AQXf+MC5_RVgZJ>)5$U$lBs0GhVhHr zLLz1%hzhgNO(6zFad-BmP_%~=qCP!gyWQERxG(GOC7R0rpgW~r`=t(4Yr?(g&N?Ev zll8ke_m0u-+*j}I`c=AfH@!==t6rI0rI#mH=%wMZrtWN0y=sT-3^gH~B;5)2t{gE) zY=@RqLq*$Fs1^gvGm43aRBD5cMeR~Dr>j@WH~iukbg)ay?xxv@STKfwvtTLN3j-M| znPr$)D=ZX<5e6$~ z)zs9EswW&UGHhv8^p~AV|F~BG+OIH<*Yd8ZUo=-ex5vwH4)hFNcQVshTZ`R zd70kX4iL{R(gUU+5o#H{3f$n?@A@?8r#L4U9e#!d7QW58J);0S)Q7qC**Y1c|##atzN zHj|(+|_yI$|r~K*X3yL3%Kjum^p@9lR;X zU3|0B1RRc6!U3wmgGt*a_B4W@y1t@@y3}yjey;2rVq#D0Co_5hBB~bwYq_7P)1Mhg z`z?$~)=#HQfBQf^F$3j;ghuXHRNKg8eK6M0v zC`p&n9sxCa8aayA%Nr{_qCaUT_RWA<(wjv%5+ZqFJ}>~5DnmX9@I{QZm&#6Fn zV7>~1=qF2J0g9@ZC(BL;l?l>WSpiyzo`sYkY!6&m@79kFwpJ6Yhs>8v(i?v9ZV)s9?`T?emdP}%U8FhUlD(~2Bh4x!e*@g6;Qm*goS*y%Am7w9^vzKyCq>+NOK3MsDGk zL8)hICe>7_5gMkQX~7o?FpUM|DoCdY5NJtM=%tUh|yOeZ$wH-O;~XF0X4vU_e_7HT2A~}=w@+m6C~s(ZgjL1ORg*t z0_z*1xsIdzu64V8n#yR9wa{k73nPg|JNpp5uK^o$qKwgva~>hGR3*(S(8FQ?3xUE# z80JZpETAICELs#(IF7Gtt`nuV>3V$pFNUX5N_3)T718f}wVcOSp&MC>0Dm6Ry7RO- zSDW*+{#bNA^twIPoM=yCTVfW{;-)*94$q5Ah&oa&)|2UvX~@QvnvAnTFWWTa*SrVpu+pd?l>O2BI@%JJsy_5x*Kr#?<* zxP~8!SUI2(?!iN)O46n+&L&B;xwW&NZ$%S2f)7pydlF99899KK?H)++j^bGI?Cryz zL_jIRx}~&)swpyLLK1-rLNgn{uOreY6e5AIB@seLDNQvd>CSqpow3y&T`3Tuq@feS zyU1c8_StRjXv86=J<{n^s&VAkgJ|c5nsyM*AOny}++2nj!5xMNpq5VfMZ}S8$S;6b zg%+=v>mjFzlN7PS0rXj#Lb~!vP$+=AbeNoHU7=a@ST3B>mhI$;Ht?TZ>Ct_J`r!&8 zll!xic%~n@w_KU3cO1Pk{a=|=Ps!LWDQ zkf(;d6I|Kv$|GIbG350oR^+kzh<3n2mMBmu7hzDfWm)l&E|o#c_;*_pB+DKJo^uH| z9UhE)`@$p)dxovN=!mA@>4kbx$3kpE5X(+U^yb$QR)Pf`$1jnCP097AWbtK-<^n2{ z&1veR`ZV=!)n>26SV3J?wRcWecTAU~uhsdXKUd|Xx^ud@W4gf&Ud@!g#rBYJ%g`N# zWKm@@Syd@Rtso!)*ogIqnS*Vq!M^$PY@WGT&Xg26+tOgF0s#e)?6!D^iqy}0HzpD+ zReq{xY*xNYKx|yMpD^xtKQwf#E*&`I)bSH;LqJ(e?%`JFJacAw&MQ|SZc-Q>7HYg3 zX8`j>21X3k9gf8m)|vY=k+MjtAP3-#h2R42!Eba0)D-6!f3X@?K|2hFDrVTqg(F}z zT%*cmX1%U-AY~#Pj5h_?TxV8q*6GBmX*=6P{jT0bcOb|bipuv}+wGN#P?LrC`=>WV z6=IVvS}nIsOCG_N*nHcVy+oTVqQhQUkJFPkrq!l&zbhY5ZkKZ9QLYSK*|{;DORTEE z8uV9KV=7)%)jguFR9h!6PGZ55VJk23r`s9%#d^uA#b!whza_tTS8IAP5m}aGCwSQc zX`!cyL5sd6R5!zmV_fAYPf;hcWQOW!?*P2qf{0v@BGj}{5@MH%O-P8jyQI4Cy`E&R z>L4aye|f;aN!f1$7w}C$ri4bsQGutuR8;g=n*-tb!t^DIOh>Gd7Rm3ip{X5~e#v-$ zH0qsRJ-Wtto9P#N;)p2D)fdxprvec~miNWTOtdc}6ZBHS*%c7`ikNllMT&s0b2C_}e)>Q{#)@niM=)=)L@f<7Y-Ox2 zEJ3byY8BQMEfBqRRO?;jh~(~Ew(R8!sGXSocJ+{itGhtCo$tz)A={JKbwZ7pM{G&D zMK3HYYFU~jpjL*hjFL)|ep4@7SSz+nO!SiS2CqEu()-o>*iHt+4M4MZsTs(?3ius^ zzli2ZfFEVbxNfDu?0AZ`qtPUxL6pWw`dG)_zBkA@oB6m04;|NYA5!fiD(Hab&OzFd zx&S=66qYMu%%Z3zov-k8%6<|=I)Qn_WFcBT_>={yMYO?whOI2RZjv+UU?EH9L^@%E zzo(0_I(g9VP3*RYuy#?G?GEde)+vcTms!*%Tl(^5*XVg|?=}IN-bym6H(`XCd}|d3 z>5R(+I|<6%;0T7Xi^n~1-{vwjrcvlmTH0uRJY76Hc|7>BA`V%v3A;W zutja_*kYBxH%h%=IGpX`qGnxrG2%#qqz10+913%Zwe3^Yv8)!y!T zc7A;qwJV@m@TL-bY1hnDW_V{~hNHv;^)Z2&>E8@V@HaBY-y31`J~GS2C|tlVjpX}| zc%HIqF;Dx`J9@VnpP4!n|BTzVF;kCd%+#L7#9TcxF>xL6I>LdbiAbzu+~=5xH8&C0 z18F4aWnANl2p!=jVmEA89csHPolZf7GVqzK7sXR<1Kj_hSgciD*)nJgiM_fJKv}kE zb#gbgI>T1pEm*DGR_fB-nXYnoM_0bPp6JZz(t4%NVjMAE{veB-HPs~MJsFaHlu1?~ zYXSzD1lneDA)_ecv01SGk#0Hrpsay@>~IuMvZ>=H*?}PZE;@jTR)CVsYFV_hET{+* z@a;r;CuVxWrnA7&>(Y2}V_|NSY&c-NWGgYfGGL(&)>~mK*F~hN2-Ujiym)t3bF$!? zyE3jscbFqqhFxeEscbF-8QqHkNpE^ha(A^R!&csX=~m8F*67{4)|lNhPEnN3l-bL3 zvh_Fi(JsJpsoM0Wk*EBgVsG zoTA=Wet+Y&=O}%FaxcDEnah^xo&@$Uqb#m!gwqm2Nj2mJHA+Y z#AW;*cL6nlOF2`6@ImSW+p_@9LjH=ZYH4)F5kYkkStRoWWSb8v4|-C41W@l<$of{R zAw?%miTvfJQy+45>x-ds9p%grD99qLoE$kMF3uyX-BPhHVoT%mOb#=)a;k!ku#1FL znLGiNK`-Sp3P>Ws%GQt242f+mYNzk&RfNH+lR(S}h${$-yD)JJT_XEQZ(q&IY4v%jPX;8-ez%%!GE}JQ%l4Lzw`n zD&R!~CAJlANne8x*BZ62wiENgSCoBCsXs$`l2!u7O~Y)jh1t~E1CUIx$Y*@}pd!4M zx=&?(rqrXV{1`Mi7630O{SrD%Y%>3-4B@U?(yMUDFp3gw;STCqPhnHRaEc<@{#GSn z{-05qXC*pBS+WoFj(;h=4us4*&Jqy<&v?&>XWo-u@?qv!7$(cMz>iS}YgU6J^x@|F z+CE2=Q2QP2lRi(Vf-|&%?RcG^7>&^$?=SE(Jb9l|KXd8v9>dB9Md}@_D7abZ^sgW^ z)YCfsEYWYoY)i_QRBA%l7yXXjfU0;_1<%C49#8}+bmwkS!OiinwZR_l%%ULbADd(g zAp*sveGYrE*(pLch^H(F^u$7}S)MW?MWiK>!C|p!N!&c6fiDTM9Bn3szEpn}3R~pYb z@^|5C!24>JAd5a^7V2d-udPiKzid%=x(gKFQ|?RSe4zSeYab}~2Pka<=3)RXA})N> zU~f06&W)l{!?voB*k=*qx+IIP3$0)yS>Re&j__4S4zQyevr!2^dt%@B2rn*tc&i_# z$(<>-uF~**KDVy33N`STNfLL7X{nhn1ZnhX z?WA}`SH_m4a|V$I?4QA8)XWR#FPLR#&t*G}1SPx7O3f}O7G-Wy>bnZ1b@*+iKAj@u)y0RDu)DNfMtU=lFbl^0BMc-jtK|2Dj94hG0YGYzEao7mCqWysrK+h zkw23?)>&!=o<>OoaF`T|nKNmnJoB;CMGCEAH;<-M|Hrc@|aGLc`?ieuv-Dy2=bzuB?AkP#=4S0E|NiDd$9!X zSTiDs3R!8anM(^!Bd6IeVs%3egt|X7PNC4){WL!Ms3ZA3SJqwGI_P&L4xB)o8GPd= zCHGDe6g^zlv$1#U_FZizx=(EBN5TK(4 zwky!RFf7a1(1_*>CY4GS$ph-a#H4TmU>)qMq2H7^Fl-okk&drR2QV&;GX<<|GvKtF zl$m0mhiTaxWYUez@e(2&%z#@fAubWZ5#OaKO#0F6q=%gzuFnJ*o}5Ki#CXBl2JaXO z)NnAzmGfNrN!4^}Z})q)D^G0ty_5U>&Y_?uaWGlp!}(Y0dBOZE6h&@ca{jD&>G>@H zz=Q-76&>#7S`TXcD^N%ih+@8va1wbXY3!YV8q7N~j3FFfd|v5kwu&bvkgq>$?2i$6 zZR4SI^al7cY`TnTM$?Hm%Xy-v7mDS&U#ukS70#78SL0ku zxyvWKy2VaJwy1A%i5}z_ZAZWDH9b_iWd8_Fv_VGZN)~K$g&1(=SXn$X3-k|!O6)ao zB;=8S*sw_!R)0sc1LOxfZh8ZSEd)gOVpx0KNA)Pv zPqYlp_)wfXMBOK=gVTmf!s)rODb4)x1~OY3I^~AaV7LeiS(ZET^h@r2nr?Er4|ftq?+-x$2*HYkUN~Ojp(Jt%0B}o zhQ?I{1uJFt@QO=HFGE}wHoJoT(FI#?Jy-s*(<@+t$r=O^vyEb}j&qgl>WbG-# z(usuv!xCUiuGI__2=o#52&g`+7i80mRj(qRO4g{Ks|rj^Y08gO`c4&e1-s_3Kk%+Y zEUBWei<}2ZQl*XF`joDG5uaVv&+j)>0G!ZOakQEkTDsu_-cEl? zdRmFLBKzk4osHOu{>9jZO3FX0yQS(7DOkcVy0W;p>pWTbg04dEB>LR-?^vJrkm_!H zpHHptm|uuiOrY`W(3Zy{eBX)SiGAo$qQG@qx{}(nvB(G6667WJY7z}V&A^TkU(WbIxFhhLGISt@QCR-vbjw;a!Y(9|EM*b$`!pxQsVk@;o&BK4s z1-p>)PPi8JecSS5>$iGUuPWKLcMr)@rPS-Ta;E1`XdFFbD}S*5KVmZQdE-xRvb!iT z+HYg@yBni^aASW^Yy?ub-H65^>sZ%}&Cu9%Jdc2aR8FMn1+*7#X2GmB&a~#b_yS9{ z>9v#0eNc&W8uKY>Tg(N>>Ae$}OkgD!k#Jb8bgZB^gz=S)5H9XbI@O>TO~odOj-+5> z@yh_;#=85U=*JNdvACwT;yEN@QHT@C4b?9347L9-muPFx!Iz#1)X3y%^SMfW5sPefzW!m zH`JhrnJBAy18UujJxsi73TkKGFl?6%k?dk$)<&GjctZvbd#ny(o+)*x#*qnD@dmD@ z>>(n@E)c5j(4(dP!I|`dd;ARpT-s>vY%B7tXhaM~63=VBv zI?8>ug-e8DM%A&(sW<9_Sg;*BmG}V${*N#AB0NnkoCpVk$JL@CBNdO#v06BZ=hQ|m zxC0(ppDeR;%UZN24nG>jrA}Q3{lw6G-SzF^?@X*d^U1Ig^qOX^ummK;usJpc6sR|-Miin?LS3QS=hxvm~?PW zY}C$1vszu})?KqY8l5YXhe_?4CSW2YSZ1uFXF&t`XtprGk9yOE6i=nW)YH@~ycclN z6vte|W&qXNxYGg0J%&WTSRb`@fK&!n7Qr zFuFw6FK~%uR~MU2Y>fn@tgz)`lujhkT?QqPDB(mi8$5jcs^ABL16L=FO#GIKjgZAs zXWHPXBa%_Q2R+r$FNg`HMBiT4#HqhrH6Thxd5nTXg4UIv_(pg^;$B-Skh&aQ<(SfydzFcy!oo2$a4xC&XjfHxjG`w)5Klrf-h znM_M-hb}lo+O=#9@H>}M&)96Io_I_xO01`5LhHJ5$y3!Fn3HiKNI2p(%m8WBz((D} z&1;#$6|~h(-e!1;1fj9ESfU|VkMpwrFXaR4bkAm1gU8ge#0E_K(455|z>o=LRf~L} z4VwWg5ydf<*ljbO?vJTsv3`UgdIV}8#laH*L&JN0f#4vzo`s?AVp0dX#7d9yY-iql zqdfHM_@UpphaSUE?snkIVy!6UBd+|FE4AIE+BTBB?=dwy@jQTt>26#(>0Oe3OXXUi z1U=Syiu9{8rbh55MJ1dtyC86cSepQ8V)A z2k%plX!|gcknpIbp@e8G(s30utTd8%s3^Y>vm*`xNr<>!2j?pFYi*wkAcu`aUO@B< z!Y`0@ix~&6L^J{Gvv`bM?SV`fx!R+9t=}?{nj8RcBU0|=q#vqy^$^=e)DQu|Ox)Sj z)NBP7vx;n6bdeHW-5JN=_aTXqCh)w$(K~=8rAw`8ByK}Hqz=Er6u=P z%QZ@UN$G3wboh&OzBM;`sz3QDPkq|67h<47PrxyEW76s=|W?t zc!Y7Lj=xlPAGO}uNB%(*bw0LM^iOCZ-}X5MC~d-+cS-b1=#4%k($L$qzm?%@BSC6L zcStq~(fbKa`7k5}1f>>l9zl z##%5l6qdK>jyc=yj@)*y`d?D!8m7Pv1_rdk5^T+@5WC4ot$NJb`{^d>FsdhNqqxhy zX-c;k*I|!tqr<*t^w-7h3gUncyOY+X?lz@+v5%26dG`|1R3I+)jD<4h3hraqtZANo93EEQVuKN&YB zHNGTcQt*qcYZ7qZ+n}cn>IsSG)c%RTgERwDJV-!JvpB+B%b|Wq6Tz2)QNY)rJI-U@ zF3&MgmjhoO0uw2}=1Mpz z@z3^;>g9&r5;vlt!VV81vwM+dYP*-T!I1SN?sAVjlSu4_%>Ie3~$Da%9AY32cZKK0l#LQTTW>VEO}NnO`Xj3RFl&jeU!uwv^TYM5EF`ih zmqFmHvlCc=e94oN=6yY~oYlERfOHm@{>@sgGkP7t%^8y#P1ui zq8E=T>L=dWJ~+qKuY<(`^-+;~b+FE^*=*E0t2Y~Oo#lPSN7TZHX@M8{ z{v%=z1S8~ehyyk9>h_TZ3}P2XGbz*wYYsHIyyFHnvXWh9#lUuh$`4BHEfV5*8;JU= z^N%Qy2pKu@w<&!qKit5G+b9YgsX8dnUA{}{pST|nNg^g3VpzyKHfps=li7ve&{%~> zRE{V`mfRFi>nm5`#f9Q8eYw`kz$!k1`t7zpLWw(j$ym-^hqX zGGgu}LXMFNSjJ`mN(BKOJvV8j=c0AQT-D`gmG_J?&#J;RlIEg(ruNPdrE}q2sDaV$ zlj;cc2;@K_@;2OS#SGe60*jp|H$yH%X~|CwaT5pHK!5BFyDocH>1SM5d|GQlpwf3& z6X4PPxK8V@@IxkZo12QUY?zKNIBm0fR@rA{bPG4=;5%B~ATqk|j-Y<2TRHCbcHxAm z6+;S(=4NW$+vtK+Y5bl zk#Enz2>313$%VRfW?a#$)Yhq!zbO5_(Y5v>tuEC1NkFLGKdtmp!|pLvdQ=>?(%2_m zCYU+B%3mqCl7>lurwyt+f@5+Ug!jr^uA<8@YqyzwqqjLN<7oD$l$|U*Tf|j)UvL?M z3!6SVI7+zxb!OEFuH`pynY>)7%ap!c?R=TczvM~kL~<}V>i%YCotxux8>o@qjPuPv z+k+Z$o)uxTwmW0;FE7Hrli85O8RgsZBXf(2Zk9TVAoUKhf3xd!_h#VsC76yYpx6cf zJ3y4RA{QGSw7FGS)`ej`aY%P_^V-C2RpDT=1vU_|=)@ zHAiPib1$NwU5dhBUF&^jb6x6skGfS6UZ8%fs@|sft!`5ve#@D*#1$~~|0}MB2~@B- zLR&kYM%-Sj+vjO|c%YBD(AAin)6`To*FUV$a{?G$Y~%SEIUdi$j6e423kJ92|C6Vo zCI|j6c$zjkw=xaHFiXw0vzFYfO1G%iTR}>W>}QAwYrt|2b|AdL&4lp=#?L0U2h{im zVPBjy%D&N{#-dV#4~X+aRo=e$E&ptUqVeRYpJ0O43}VIoqvLZo60go0Yi* zlzi713o$G##73(&S$p%=Sco5)(gSg&U)V;aZ-)dNtMrq?Lj2N{ejPvb`ZgYVz~~3Z z9(vLEFBo$zEQHMW{vqgxf5P-%jfTS!>xzJ$+Ac=UAJ2VJoOg&qQGDg2bOw~Ttfm<3K)*L$Cp0C#zVbQ}LV`*fdIf^hC2nUyxrYrw zK)mJ(`R-A@_QX^0H8J_lnnSc0B2oOEyDngVIok%dCH^;5>FeP1ULUKuU-AXPHxovX zZ{!Hw%8QE3Dnf`~t_p(pskNChB;r{;WOBofxPDQUUl4Mx4h#4tM=)qAI=sX0g>9RPj5G2;N}V42pHN9<<&DM+Cp97QP^8xd>I-z;vI2fVD-)&;}Cw zsv~GODJ;Cu1n7;*+vKRT7nOd&QD;v{qEMmEo>Tfa{Ln~ha!of2^+ePj_no}67={=c z9SH$o8s&(F?}y2?3*eevJt7f-jJ~=JgI{xw1S=_Q-BbXd_C9n_4oDec7V)?I#8tG@~XUHG>qI<@?8QjwUFE;PMV2INg;-f#nQsWG1%Vd&+hNty&% zT7&LGS5)|%F;{Wl2ml;k%dT;iFrX=%OWDLqfy#(c2XX1J zMazT{T8AE3_j*9stJv5v!hZXGVrD90F|CfHoy#HumU(QJ2zO@-3x&3yz`Z$77`7x2 z(9ZzSD1)dr>Ey-+v&iqP`yH2dqcr>Q#LILEtxRH6=|f$CIDso^eG5(zSTE~duM2}s zIfL~wWe-WLV{qOtZilG&B<5{Z)VyM*xyB|F-P003z~Y#GKvl$^6_7uAh(8IJ#~*bi zCUM?P%za#$ab@UAoIOBIltH4K&|5Eij)&j{0lBl>!2DhY1_Tme_>9SPV_@)KbOV!B z6F7rbM|O}T0{aA)jfcsFMO{8INqR!2v6sk(m?IZ( zJ}#HM#FTI^f6u~R;T~m)D#L6c%$Vmkv>3@_?Az7x-f`+A??ki)GBq%FavO*341tyi zm_C-r#08=e-P2&U#PA3FmF)C!FtBXi=mvw5e9ZN${kgB6^6f8t^=sdI+E>r|-ZQ>> z-uHg%qki3qQ4xU*ToK(r`ce5f+(ok2V(ahquns2s>;&vlCn7o;sU1J_A{vit7Mclh z&1N-f#>y4fY^+uzHIx=3pa$OU_wc~-yqi5G$M%Pw`myKz$WwQD-cLMrujfhrRfm)2 z(XY&y`BWHQJFaltLnA#Udu|p_ap|HBYBWW03QLptEfO^Z>}-!dnOKhcL-EN|!GQp8 zUN48Oh@}H?Vj>+llF;9rUpNx)Zn4C>vqzt!7s_J<#P>H%eA7@xi@ANA7nJDB+25;OB?uByrR_kL*t#VHK}jD)==Mk<$tEWSvRJ>@q?4qz1sd18OB!BHl6S*ZSX7I4Sq!& zx1-<;r5@Mz=bF-q9JWx~Fo@%MB7Z;Fa#`u`Yo zKU2~?A8S`O341aqnp*qWt!Y>Op-V5v@{4n~L9`ER{mhtl<)2#pL+iVsPp%zfC)UYF zhJ>)Pzt|c(@dZ=*R?HdPy^W7t4M97`8T>%liCazS_V}SEw(-!njQ;l6L-!c}ZbL|! zGE(u|b?JxNKwE#j@G(g2`UR?dz7vaHsfwQko^A0OH3GkXb&}n0sS)TsR|w<0%TFlO z?vIuJkt2JZTa1uW!wR9H2wPuL<=?rtzN(6U<*m%3-1u2EO{8{#GmC-S>e+}5!0qa^ zL@)7aSVka>=(%2kHH^YlH|vcAtZ!p46fCJ(X$eGF5^JDN;&ySbsH#q7dT&xQ+=>%y zq&~N+eG&_>40g^7INQfB6{UER`Q~0y6f%i7TalehM6ng_CDTVyGH-e%oORmhgQV;q))UeLXVTAx!NUnu8byDI?sKDSJ zPu&f0`VV;eez00t^q)gmTmCIZpuw;BRe9PF%rq#ApHH*Tv9NF~s!oV9f&KBZ|M5Ir zdkB&4l5*yBEtkh5r$?BzE_;gUwXA}!9^mI3#$2heEjUT&M)MBGeI;G#51C#njL!;l zou&Ir%3h;Ze@Xe*pgsB`o^!zkR-bFtc~+CP#+iJWH^rLbAK*YoBUp6O$<&{;e+F-I z!%Of6v>&2#O49y@-bsS1k*$<&?I1827HBE%h6J&Y9FQN4&m*N>4G+^RJWRA^C{n{w z;L06bnIA%#bUOr%eA$`|rXV%jZdM|GMM!bIr@rE;+l>8*$=qd%HuXc33&Oi3_|nbH zFrsXDg&LH{2x@x=V>2N(9higUi%3f1@ZpQUNn|SGw3D|L_lcuK90rxS#Wyv~?xCAS ztCMu4zgc%txh~g*ySXmxN(>|WhVV+o)-qCUbDMPE59vOHL?PB$$<+1Qzk_F8#n!k^ zYnQpex`_g}(Pfye>xg?&B*tZx>;gsZ22dau42Hu6PA}`Za>`Ixr5gFOl&Fo*Qdn4< zvsA}=RXj_zuSa(NrcjlC@YHWe4P@*alEjL>dc_d^{7vbr-NPms*ND6YCS}bmfTAeWpg=JMw`mZYgLfvEoC$VxC z(4nmDvieVV@=eKyEYK+WZLmbeq8H~GNkQ>V8tEDVJf zn|D&;CKT+!b5{KZ(DGlh`gg=fW=_A1@GA zxWeem3`q#E%Wq7zyI6%W^4Mak-J<;aB@#z8yzD1>Xqg&b_9^9di(GkAd{A)*L-7sq zL0nedh34`wcjn8+?V4|mf7hBGxG#Qr^V9dlr=EK2mzp1ppWubr;bk_#470cB%&j_q zn?~DyHnwY%Wn10Ymm2#68vBmMzGvKVut{}nRB7ZmA8Px)?rvPQQ;L%blgIQDa3l+s zBPR+ZN$70cG4lSl_;{jK7pN&DB~;(n9uLb4;I{_kSIKSZ+m-pD3LB4?-M%#}Z zRQ7h&{zKI@`ay_xkY9$+jZ}N&bFHJF`-Hkt2jA844f2V`M;jlGKU!;iZshTE)Re+x zzfq&Nbj59|1IaCduMf0+r_mLq=5C-?F-32^BeVmjgzcnUUkgl_5xJ0(B4hOUBj z_9OODl{u1?dxqLcAEA#I+w@60Iwt#h?#`xT>|b)5nvO|OnY*p& zn543~A2c0fqmsL^>6n?6yT0kT*Z)@2QD5#GqenBD%i`y}3UhM_7KB4RA(eYfAM>0P zeVZX>Nj@VXHcnJ0=@TLF!r5jzhc6Hcz-r3#wEmjX=jjPpR}$kPZ7(B)HaGmxkc~uB zUJyV3DXpA(SM6)>C5Q}ndV zdE}c$LGw{QEzKMiD7!+kcI^`~$ zR5Eb`?$^pm=Aiw+Gv z#Ais%XEo&_`cdIGad0||)b3FA4Pg8!;8>yLiM8YU|sKW(PXn)#wV~sLn+KMa|x{=x^Mwm#lrAc=2@pht)^OE_-GSuNe8Ar^x88E>*#g zd3_B#jpKt$@IbU}&ua&tXKA$_udsL=&(;nyhZGU|Mh0V&I!k+#)KeHJ>n})b3iULi z!f@%N&jC#h$o!I0FejAX7-{o&mAX-BN~pQG&37nur_z**>=#w=7RU@5keS^QGB1mP z?nEFQ$oxqI1eN_>{Oej}QBgG@^8#hhkH_IO`%%{|r`VHS{FGG)=Fs~((KjrN!|E}Q z5gXw$3uGp|WfRJ`o2V5#u%FE8EzT{oIiA8VNjxvwT2g$$YG{NJT*TOoy9lTnGeY9G zf&3P4BaN>#DJIx64~f{r4J~YWwm5vAyjpkz;l?mmcAqUb9<8v)j?S0;q3j7ksk`}I z`W47e!6O&@m>uy;Y@mG<`kZja_Tq^OF zHaGgExy_`_8f`BM`?0nLBNe2z^0}?GcBE?3TIo0meT0;^3Wrq3c^v7q;ItxtIgCCg zfJLf0Ogiq6tRpea6l6Q#hnfM=O#OT(XO$SRSd#ka= zWT6jA4QHbR;^;N0j)sd>k0kkG>wtiVIWGid2~CMjR;{}gCYjB)7VG(Te4D`!hRDex z+{E!qG@$K;aLR;E;zFQwAgG08RaFxk6q~kFg<`|h%9~W2XbBu)`|uhn*nBBx@#{+O z2%t<4XF`Xtl}T-(XBTJb9jk;lY~P`4?&t@12DNxio?Az=KccpgaKb6~+MoRo!S3-QIrg)QQun*i`Lwi;ye-gSS zeXCyJ%0&$dHG(KL5T~*g6L0z{#7f^pmaMY)u_p=DA*^l@htAXV8@~ECVXLB0o$Gs- z3Nc1#Vlt1#*Z0+D1nPP$orvyttMA=8{`!DEC(ww>L-j{eO5nrx39>SQu9@5zDYHkY z1c?`Rn0J}IBeLv3Fr;xbRu#_-hUx3WEFs#_I*@%bOy3FO!o*fb)3LAOQ4)H;qV$bQ zEzv&@)Z>Aa&v|kp@-GbB;_zf(o*+L4p%QNQ%@0YVz^@B@GY8Ye5%OBHs`apaL2y`& zO^gtcItz&j1|zuxNR~C53DgFfYy(}Q*3n0UvEcbjpa(*^nhaj2n9tyoAK~)W_=V5h z3Sw{U~mTSu7yZ z!J@`2jeuE$S%H`=qB0FORcCLks!i3!uH4y`$GB3va`VpM#nxP~+1|`3V)N_%h{7Vo+$yLPK zhsJt7GQW)+Z2T-V_YtEXD7i8;bDT+H%!G|V$!E3?B|(EYXoeKV%N`E2=rL$XjzS9x z=mxa-K+EzbXc3*2K+6G5&;oHI&?1!yxf>`QP zjGSVFwFg)rYkBh;^p&)_E=?jCa%85x+tLCp_yUitK)*<jT7R%q`L3)f;m9iV(`@>w>?p)MolXBKD>D4CRj3KS zY|f~4SxtFSI)<3<6Kw|ka%R??!BfD=i)r%$!HM{FQ+f-C5&B%L9EHPxu3{z8{!D(C zI4}DFHc`8j8hddMkmC*{y~z1NQo@srELIH?oDg23V-bs)c+nzsj4!Cj0axBFTs2Tp z-Yr~Zk+!1HAXpn`cGq5|&@$C6TqCIHU>z@7scF$vfNKS)s75WOgNn+aqUkJLB~a0| zBdCbbHg7>i0$jr_bB0>faLY8o>G z{c_F$*ruES7&#gpfFXwgz`{`gBY^mKl)fG@C%jBd<~)&4znC8du;1s?|ICx8b?X3j zVP0L7*OZ^j#sKz{oCB~+^5){a1FP4v=5H~m-I?7gfK33nN`S!<0PAglhUoKzOPd1a zFVR!B4M<(v2BO?35Fzww0Fi*zo(_n1*aC&%V4Ohi{|r12SDo!<}Arss{BXtTL91q1+>MQHo?&%h+BZ5Fopq`lx)N@TU)GXa9>Up5l3^n7{wbRV~CG|+rLCw=e@A=|* z)MI{LQtL6^11>Huc~_LiT^}&NEa_WHT>VkWLCvqojvy;rjCw@S$WasODU3%we=Voi zS4JV{oJ#tNO0X@+`D$5xt*j}3P>dnx83G9dIo~Loua_OXTv{@pEV*C9#VsIbWNqth zpq|AI)PtFv^U;!c5!**S9ot4d0HDxa^3P-<44R5j&Y<#<5OV!+5b;G!! zVg>;SP{E(dGN8yMYI6o_YC~;>E0?(PR99+Oo)hm%?tl_Q<895J&;O^{gQG!hI~{$R z`CU!@sp@9W8&&Vj+PKc#*SsP%b+hN|HSfmp*9Xk&HT`&v+4FSGb@tzD+n+royBfo} z7uVAp>Z2X~rF#0t`Zj0IPg>MnEt>MNYTVKPs=1E7r^Vde;=1=+HSDvPRHqRVvbhb5fKEJ)0gXwrM-2Hnq)UAfQ zORg+8{k}*Kb%Sl&=k7FTS_9)|8W=a@Fs?Tl(X|lA3iV%d$4}I~=j!^bR?-xWXi{EnQ4hA-51>h~(Fs#t zL&yi3$s2_WjWTG*OIKwm;W;zaWO$w_iwcB;1{ zW=kr&LyFAEW;QCfIjQ;4yzGK4Ss4I&4HK;$AM0tL{}k*?#u<#@+6iY!dOKoIj>>mQ zEeVT7!o?|t^Hq5#9grf$R(it%(a}|ksF_IR4sS`<7PY49OUcAT)V;Q-z0~HI9g9JY ztt4!2SqfA73|o2WoMn3H4$I8aa^lW5@^}*$uZ>_j|87-pv}WFHRcEx7&uk-30m|k;3X7LOexJP%~t?P-$+mdM_S^l(5+?U{IjCW@nQ6Xa? z$8Io@f=U=0Qf30lo9SbElo>ob&Wj zn_u_dM*3nT4@weDBw z8sAVHC9^V448=kgwJ2E}z?`JBkj zpw@_T9z-w0emscL2o%FNBf!?}GCP;|$CR5;?fjD_S!+uCa(dUFo8%QtsNwDt6zc;( zX#@!D1NKlY`V^-@AJ?2WAVUT8p3|8>)sn96eoSAf-V@B(&(n5hhEsV!jw7UPVVIEm z8|74G-l~eMuI%MnTJ!16*i5f^nhyOftYPgvnXcsctoORQ zTD{+QLhnoK$GpAwJ>Jd!W_yn#%DD`F+%1`pii}~@c{3)ND8K(=yL~ASa)@V`k z{as6Ga*kQO!1vyGvw(aoFP|n#3_w1TcYypFM%c{)a!s7Pgds2kDpzkJ=C>>uHD|X#)o+nHT!**1*zeL_7M`@hC zo_uq*x3D+Sn|qJ$Jj@9$hYRi{<}j>*hvD6N=(0m_S)DI$nsStVQ{PdAL+Xd_GkzWJ zONX1oilz%^1DU6u6f$k;R@M1|KJm!jBO2pZ62f)3J^+QO4Ecl< z*Dg(_^5%qze2YnhD#$(#2Z}ZO(bW&&$`T{~_0^JLQwH!8CdUy~I0jZ2@K9#=U&DV6QE-F=8XBct-dk zaL>q8H8WJ}xlTknl?NzB;)FQ$hUjm*XA-}$N4dYXKZ72at+}`5@phm-n|X!20EbTU z(d?etAgx{WZ=6>@B>fxDcdl)(pKyL5zvpGoRP#jpJsq&ou)|bLgGHN)PZ*wFR0&9; zUUyswit#XGsb|wOxgbZ8h}Lnvlxr5d)N2fBrhj;{`ij++B$=qUFeyK?tAS{bzY+dl zh&1jmLD$^ec8TfVUQ2Rx>_}^qDdn zSEZ>Im5NNmRcXtmbL^IyWPW+)uIoBvdFTGFy-nQi26kY(gTQBbIIQi!QF|Q5Y6j=X zAt{a``N*O65IJ;5M<2IyZLjwl=2q6ZmDkB4_DL_=37p1+TExg}coucpj~C^&#G&`| zQrqmM#SPH=9_1gF>OV$)BeN|7j_!n@V5%q9$z1ujqFJwV`As5UDf#=V?e*CrGo1BE z`oNb;_KzjGxuh~nW@@{ulst?rH}fcZq?CNS1c_MMwp8XYWJ7Gq#l3|MFCaFdR27)B z&BC$X8z`NUOevBAt6D8cD0u=ME{CKJ*J(73CE8if^%YEizm1a))n%;r1)_IA-*G>` zW^Pj#$WiC*DCo3@BCm9i^O7*gDu!z^L8gHOJ5oDrJIbf2JhXf(YWK~PG~3#*r*}NF@wM$&rN>`MuWkPWk1c!mn&p%WmgUB{cI&p|L)wn} z|AXV`r2cm#ClMGCk(z1ziFTdTmYeb&3I&lnjobz%WpD2=hF^C8|7o|INo{x3+m3t3 zkEi-~nsfP74V#F3_t5mw_BQP7ynZ8bzxp&nTZ$7t4PK%3QRxSEjQ41{Y452HLv^_c+Iqna6)y5-qiaC;OoNp`)Bu3V z4OT*RXNvzcgc;yl1_E_zlvmq+$Kl`GekH}fj{oX0&L2|tDHt+P`xHy)u`5NRFH9Dc zaf6W?HFKW4G9Hd$uSkO{PL+3?Qz`PGUhUMVHrvP+?l|=#?RUp%jk03&GtfZi8jExL z{REl$y%vC=1+yp!p{Vsa?0WQ``>?KT-VvNGz!qrUYP!-e9I@q&|WXm-x;LNzo>Wr*NjG=yp($PUu5KB zO1ZEsc=M&kb^nvHo=2KTYPaBWMp^EFj+0hR$N{8G((UV=`#&jiueyNBgDvO&M?}6T zhW2YM=YH77Z#yP(2mc=Vj{!24I`N+%FX7y8pG<$j%B@O|NX$lPP3GM1(zUs6oGbPm zXWIx*12WmzeA39h#?U@!vKWg;jC|1;+GoZ`NZooe(aF=?~Eqw%CQCrw6-e8Q`t5Z zC@?o;Z5U9^^sgxrbwN7fl6myE+~u8}eS^S*?0x!tm`mr>GaGiQn`hF&(77i5>t}vd zU)wUfZur_(7{C!QS%`@<%rUU8>VmJ1^h((ZQ7ta#YssJ)cUw&%-|DmlT)fm&TRag7Ig~?VVrSvN|vShRFv`aN>W9 zee3v>PE6jBr}k?8WR!4k&7V?ycmCAkY5DiWId!(*kN0KH_Gd`(Y{{P`#d9Tpjug(9 z_&m}dkv9VRsyx}&8BcZylvEw#`!lwzKV!@KGs|yO>MtgQD)&|=H%Q^fW*fD7xnrE2 z>ZV8{@j6!Pad*H@^-r2iXdzpD2={)rURW_@C;Tbr$_Sp{lrgFe+R3#6i&Jo|U~x6K zcz#dL{N-CAh|#S6naONkyyax)6knfPo}uGS%Wl?FC0vvB`!Ey1wf#Vm$e*wo2;^{75PM!9@6$DQQ6Ck<2{c0$$@OPlKE(p$d zPWx>xm816Y(5zIa{ZFM@wI@jVl<8g8W7mJ>Sn~5Ic?C^d2Ft%i$@w@{PcT0IDRbSw zCX#C-LwjfDy8j(Ya6-whkL-1+>;9RcJtKA9e=1N|K9TzuoqsZtry@6reiQ}2h$eLX zjGUZ_LW{0llnbtOe&}r-|4hz2kaLr0RjTfKF85zfBB%5k@Ax@!awQDGW*ji?$jhC1 zL;GOnjlPD;_jG(^-rkjZqhFe{m!#h4&qt{P#`2l>hwEm@@|ktlHrkFiK69~IHv3dn`z9O^Q=3lXG{HA5@C=!3ya;OEGe~d9Ob3|Hla&kG{lh_NB&lJxZQf?dai1#5jFwyO%Q z3+{>S-RbG;<4rmnJQgR>TIwsukQ4;4{HA9eE3irfpKPR_i7Wv z|9fYH|39t?7imF?|J(sheG^m-^&k5tR3`c^Y@J)Mf$zeSc$xEE*gZgLkkl>5`#Ta-fm7r`fDXF zu$N_8_12YI0o!5?K*rb}e1ax@gTFZM6HS>$5)(4nlF!7VRQ`gDJ2iYob?6J*#N!Xi z5s1ecQP+e2##T-|J`LV~W5x2xh_6bbsB^E0kea{LN2|Vi=k?O&Lb*u-!u+>|6(5!D zt)F~g1{qK`rHv`4w09c|M(Z}_;ux`#|g*j^6Qw%WrP4e3_@ z3-z@i0GihL3*hOyvf~{xCA9i&5E$+LuE)b{2WQfgQ#7j_fFxx(KZA`jap9@#+ZE8N zoNoWUZ7M4*W-e73QdLPKCy|zDAV_tAs(MzPV2!w}@#CcCLYGlO_lA@5{r+TDAnKmU zLv5<${sQW0r>Nd)@;0^git4$Q`6!_^dT?oBxBRY%G-@~f9tmD|0V+B+_p5RT3~sMg zb+gJgM>^T2PT8E^{C4C8&UA`psUf)(YzbeW1j(holsDFbsH3;p=o-JOS2GS02CZTv zx$9>PEJL>0h1!Z5gji)=ESpq1 zogI#^+=QFS1va^Uy~D+rP43SeE*wVS&3X6c6S6n=c|YE)tB3uYreAdm=ijBS9ApD=E>LdNP9>In?s^ zDDpxvPobB8^LGmZTxnF9yaQXW_dG5EV3l#begDRK`@i_|JRwJzWnV}|tv`d2+Q7I+ z`Ez0Yi)x6c^Qqom&2LU`|7_5vxBsRuw}t+`^0NSLZd`Bw{jmJKu>Q=Z?|-@d{$KdA zO7DLyFh5v-|L;TlyU?5+w(0#Z2$SpaVaUXhu`sz`eHhyH{th#Qicf~vTH62iwXRkG z@?va=0QBS$8B!UKy~+?y8Ui|Q9-xlkhUNhiSJXT(L(K!#To2hEU=zmA4CHWU?4NGq z;!tWZXvJUw*6lNc!NuW6TNUd_>n3 z?3np4szG7J(9eRgAz3lhaBb7I^^Mwp@z<*N)>Dt@IC9a}LJ{0xn{H*&Hoz zTY%48-)Q#u;f4Z9y+MedYu=`n;oR>};*rLz8-LT+MZO`1 z_9^vA{hrA8#nAp(c%yHBni9{aDSItHa@>9J6sZl-WImSi`mPX$BdjaLs%{ou|5CM0 zIu-R>x$Oi!7aZwsI>`NfN4v=FDGloOlkBc-?mz2Eay4BE5a;zrN+Q(-QWci1jn8o| zlp1z6q}%v?`jwu?vg2zrP#}I z+x%a<7A90~wmarcytuGSe&+%@%K|#f1ggu~B;LJ1Dv`q8`Ms1^&zv=OuJamw2OzAI*N-(w~%12VON3#x7 zP8ylcC0(^nzoXI&l-sUVtF}@t+oVR#@=88X?wcyB>V~Xdp{tYY%&MfvJNEFSnv*)v z143@YR$9HPTNmz{C03;mlflgdC9!o%B=GPo^dy+3LH;4As)8x>og$ z-*RDdyDsmqcqC|^c(~$1*~+)1Ne^W8_1ggYN`3bbJMBNri4)>ZO~KjLKA z--z2q>+(hK`06u~{7}ri##}*Lt6Psd6F(!xAIhE!D?d=XWnI!drcl+u=pWU`Lr>gGX57i-w6ATCKGdOP&xs2#3JJ_xCj(bJkspP zvgu<|;I!B0YbC;jS*$5}YK%u>s-%sH^9gaQT86h!?ci75r$%X>2j_8_{yTPqs;+jD zY^Nqhu|2r##<^m&C)1RH%+JChW4J_pL(+FI@{ZS{3M)*X8=$SmOxZhrAp_LmosTmE zKDpF&jf)KI8q@r}$q|g_IQ6$Bkht7AhKuT6?zg*(-}$YxvLXBl6GZ!{s-t$!XeIYKEW4!u?H&APd8LCp6~}Xp zt_b)*TwHi8vD&7OWTJ6Lsp;d!&{y5I(P4_sT%LF60N>-(9vcqunZgLq#tA2%A-6_` z+zz4&aS&H2xcZ>gVP0u2+#rI@E0g2j$T+_h<;fw}4e;!hEi~`J6;2dF1}n$!i}HSNNpv+Ss)@HOSZf($gM#D$I!{DrjuQYz;T6N&aN-`}B1=GHn~q{Gs3cnXfqW_JB3^!`mf;<_0*R z2JLv5?~!xD9C#Tcl-{F8l z8xH7nIDmI34!Hk6!2!(;a6m2J<*g2tc&-kQS{2IbaCg_f-nC{`SoN+KN(m*m$P(A? z=-U0g-L%X}kodFxS@PcGgXq1`L!|!^OGix)M)&6mF93Zny!a9QaQ{2z6sW)WOGywLKd3ZHpct%sKwC7 zF5I5browfmn>teT;PJ5&XjEUUS(mm-f!^Q*Zsw2*WzmRdDMZOAv#DfuttO2!=(Vde zAy;15SL#hBU8w&KVN(+bA51e?^GR0?~b zkg4F|*P)rTkq#y`n)P8ge?JCulF57ha{4KH5LVUPRbj~^2mFna+#m(lR$LpWZdUIu zohRY>GH{;w=gS`MF9WW%+26(e>OQrO1X6u>&D&#qln0VgH_AIFuVXltCVMc-E=ixf z(axjbmy_V`g0FF7944R8GYACwJE)e_y#TP9N~p>7I8qOtP%e<jH(XMMQb=Cg6^lYMj?+v2Wt9QSj{a8S|c^kClTcpky{ZLM=h z%e`(qZiPafbSVcQf=x2bYC;|LI`)u!)9=C(qYJM!S~qQWw8H#A;=9orV6>R(ZnUJ4 z)VphSRIH>|j<9}E@phH0vJ@%qXlv{4n6~8IDudTca-GDkt-VK1i{BHRR%aiv?__V- z8ri=1p4w@F+p4G8_f$`-c-!HCM-SsT^kr%?19oU;GNEcS*h<-UNDBWVo9~99JMBpwZV1bc5iTPuWK8wZLSH* zB*yN%R+4L^;M$67V+1jZ(!8&>w6bhYdS-+3=Dl6-JDAPBx5id|U)?)=e4Wfq7Pxgn zsz}z!LCN8)lhhGtiJir`SXqWfDO7(*#emm9fv6cqcY%ApS|Rc>xgQ|PrzCk0=Ty5b zYMpJF#iw+gZnt4}B46i1>ldL&0VXYVvqW2^^x$qmh%1!rbnfi}55C?hbhfh#9S$@u z++b>(H=C}P5yoc{({+U7BAbp~h?|qrG(e7u+X-45ubUh(%Zl%))=Ui^^VQ9)pBjSU9E8FcY!_$gM@_A(dT^twZY#C2S{7aAfUcv~ zXwIlrf!n>5rikixKYG_-BD_;Nua@L0DY%yCB97xUQ}XGhi^RWJu902)cdPGO-tA!b z$BvJRzuJVKRi{UC4OiXC3r%)Q;r-3i%kI>BT$>)>Ebs3+-G6`W^c;G-M)mZ%ci{Ng z&rIgIvEM7%m$Bb3Igs&7y}EXX5?-qq@nz#i_($rzItU{87}_rU>_bB;XvkuG zk%@Ep-&ktEp>?(|So2#;E3WmAul!sL+JzZ%1f=dflU!&z{*UhbTfj8zBRnXm|Km#g}ybu zV$7pv1P;I;J^xd*y_2eNXgQiU8vC{gPd3r=t$dA5F17h{O>mA0&(*hGFyUnHWHZA$OO`c#MJ%Mi9z582YzAeaf)-2&&V)5I3%BBsY!t=uJ<2k-j#Q1QlY^TW6Rk9^^>dV$ zz!x{$Yt>-b2(CYoy{g1osoOMdn~tb%%Fw9Sr>aMFOC0~1-b>Lh@-nP{&l2~1uHzM0 zJ6$U0_U9;HL##bkKqXU}{|g^k_WB+Athw2?q>#U28<1qEGyGHI$g3jQ?0Q?bjaqbCjx%^HMtp_#pPvY=$9^0%$IV!$+(lxKtX zASs28WT~Bl$Kss0D^>$%3xWIvBj@JWrE8>Akz%1v|U}wH% zcGng@PMbN$dx4Mq)v~u%l)O`p_pT%hg4PF~tyz~9{0-)VrqtHN+`OIfcO@m8e$7lr zYDIGunuC;o^DmQCTJ3hOYj<&Nv#srR$HT78xt8j?i&B(|&is zUgyU*`uU>0#E&oc^F7?>{zB4{$Nl&z-@+2w{TTgygMDyZCI6AghZJ7OwVclupnCl5joZ_Yzzox%z&!F7vY zvGc+>m_}8c>1Z(flDI%dP&n!pZ8VlsN^`F` znlR*)A{sx@AT@DOV+RuIbS8dx*aNl~O#}kL2AY)|L^PVc&QD$gI*!>QC@M!KdViqJ z?`Z}TW_uPlel={)cG&bOFc1!*fz3I+Ygp!boj`M#SXTfQ{Pq(qFGIP$DPvldG#sNq z?wwM*N#thnZxVB}gzmV@`xuG?B?iF@Mt*Dj7mWF>3Egppd)(aJg2zItYvAnwV!=ev zzbIqRN2O(zP>752GAhw84~|-=MGtNfw`;ERE8a@!yi$@Yq~O|$YvT{d2Mybi?pL2{ zn;)otu;J}EPC)BPk0YSq1_d<_&oyA}9ow2C!NGoG#;07G zV{*Zjwu*rwIKK#blm-nP}ELRM;cH0kCKV0*6a@e18Q|KLxOi$)G zD84?~8z}CR8~_x_qXg4`kaTv9SQ2><8OsDh7$?mQ*+^0mjSyl7!3W$7iSL6bpfYhp zB*K`U%Hmb>vLmdu$>Zh%ja32F0lJh@F(g;POep)2GM`--pp4zVZB_5j)tW$M-%McB zgxadrh?$$hc^#9*j7P*+Ab+^uIwk;^Z1fzo3*Tibtomir9fx@{i#6z*8O@|Ii3z-Q zchVP=gohELYrz5JN4546X1A(iCW_sZYR$iq0t1s_L{*U6meEoKur@wwO)P8U?-;k+ za!rg+t#n>430eGITXAiyiV34l>Eq&m0^xSA^4^o%F6j6O5pwQ=!biH6%kW34%fG!#T{#ZKD=S&>v$0T_IW&o>L@?C|wqJTS;JJXRtt~<`` zOFkFnd%rGSSeoJH#x*Xdy2W;&zj9pTvWuLuiG_F21Z_(yv1=+@)Nq@a45_zQ1sH6o zjRCQ5yhx*DjyXnCHkldKq*7)gbTt!9sFfacF`Y?Y((6w`7ci2Qt@{|vf{8EsNb_uJ zBg0c)BgqPU7tsw;=jw|(qbU9Ls7kdkh z{GGW_OgV}k8^W9q5y+;-P>^7t?`|lMN;W&i7FQWV<@4@w3UQ zj-(%&!XOqy6HP7*ceU*s#c+0ESamvnF&T~H#`K&SiE{I}Bgzk|0=qOVhNQ>aIz*ha zKR~f(zk=^lFIe~u#ETYCerhSl3Uo47(#}=^3kz5{M=Zb~Y<$#FZk~XLQXVEgc0R7s zJ2a_DxK(pt63qJ?ymb80WXeg?np16GtvA5>sMvdX<>+-~SzcM}+LK&MVwZB!`?Pdl zEXhSuaBao4@ma0#OXl!dQaxKb-1$z|hORBU_E^_0aBYvbjdNL1b$B5mjVn`ri)0QH zer~c2^DT|8Isu_pM}3Z*M3t^E!rN4NoVaOs%OSkTDaq;FcbTd|5nr#6EWWbNu<luvi5AcS97JEA8~{WK83djuC+|jamO(RWpelV&8$7p8UN;WUrOAQ0=}vTLIZKq= zV5zzDba5#x$<*cuQVX6*3eQ0_tiTS9DS2suT@zQM$RuuAwL=eui7HMNdNY8YDws!^ z`kg2|LsmqY6>%z1TL9F0sjJ@oF-blu1=k|)aZF635WC`9OMK(`(&5f`x;Aue*|o>I zc7bat@QuSDe$1|l_Y&%GW8|KP(mbo!y^U7vZcy>&(^-xUnfs7YFXEA1YpW;#_@jIxm?S;ZERn!3%Q{ix;! znXlaeysj#g4N_y-9_M*e89r70=ysS#_4jYUOW~{K-A;ZRPLuS}hPWa1^FlZq^yyuY zHFb^{3I=TA&Ja1v`N4pGzUXTac3zI|1jiR{2E`&!5L&Ir7LTwB<3C>FeSi}0e*9Z^ zm;XCoUh;!K`l7%6m$igkKnc0m{NR68rV7^iEDu}^Zckkd2Ap$2IA$pw{YjbEHFww> z0m*3Hlxj3vJ=0^gW9EQ?pW8xagMj&x0-Aqne{G@-4?~7)L<5n{%E$JjYoy*W&!YkZ zlevA{0#+UNdy+p0RB8YjC88=4)2&(V%A0aG&w<^7gRnbz-Y3V0rl$_WsH+O=$(rL|?9-egdc>yVjIS7St4ed*-x3ZJU@)+*INfJKl;Rk#fB@fc;bRBXgT!cU0e1QktDnUIas^JeKB(9!n0EV&q^({P5u(EF#8dB!>i3J^JyGUHr2_CHGnb5=s1aR z8{hdNML(7`k*tjdUE8q+3Gi%LvTd?Jwk@$W(eK*@CB)Ylfp&DS#@;o4@9E8`VxMM8 z!>Pk1sBX1u5OxQBuoV^{vp2L@3xg zqmp1A4kP8DHjclo63&yX9i3w_%L&Og3>QYP*>D~1jc&mA%m$j|Z*IUiH^yb^27$xgV$z2QOX-o-LYeFNC!pss_rIjDAUr*|nR=#Z{M znYjLPnW6Gr_>r>r33=W4jKJf@`Rt$q!J3WhrBexO0X$;enF-(_4V!Q3vQpi^0NGzz z1%9$li&>t5w-UQi*9NYoUuExV8977zGv)n9H{V=5L&7sbuhUo!XoP`B36*h(`kuoV ztiHH8L$*bZ|-7|;7b>8d`iFiSeBepIIBb9ZxE)E$yGwO# zf{nLJ=Wf4WHFH#(0$o>+x>6CsUuB*rSesU{W=6Q{{cvk|T<~Rz-{0a!cAz!B-QKnG zwzqV>b<~?Yj+IzwhzG2*6d$4OAIC@Gwr)|QMRFtB@1#DoTp8|Be8Uo+9bes>&pXLJ3ICdu>Z<1pNr@zn`301ik7Jx z)+398ojHLOkR-E!puk?0EUdZ_)l@?^U~#&^c zGKg{ka}1P#vd+p5l-#w0)O!aHWgbdeJ#7JNS6L>F{3-zzkd8)3H^FfgytBJOI=b(x z=ZQ&lUPr$DEOrL#`1#yTvM!S4xhvBhd8+i+)OEn+*oS2C{yQDOb_#?YwH9UJl?*d_ z^o=+*y!*;@&|nsWSV<2kR&|P8sLnu~$Ct2@?r2aQi9f(hF5L&O zAh{f?d=L?|k1QhoX0E(u{7QJ1pvcwLu4-3!9dfjr@46H_S$digP02@z?W3?CaFyze zLf8%agD3o+rC+b$QeE)tncS53;lfS~5E1-XkKchxd`da4^??4eGx(ECHN#VQZ4TM= zGA8yz0F$>@Wd}Kc?zp4i6sFOeI**b!*=!4sioIj!d$$4wyu&ekFq5D;*tAp$N0M*v z!cF|i_-kd-8j-aUu0db?_W52Pk~d3^g$R!xfGxQnE=bwWV6E*~V`Z)VldJ(nop!by zBge`y=2*-Agkx&QHobXDT$oqW!l~pH>eh`2N;RWShATw79%9T=1cUA|BwN9dUzf1+ zVA)UhHwRhv76&QCjM+X$r)_3(t~O|f$hF)ZzTNQ>OGvQTGp>tY>fo-4cPr-2^m0;) zBey^ftHT)&D&`*ZEQE^nGLB?Rq|h#R(` zl7oLya}2%!_=w{m0b(cCp4EqrA}-R^hG;7Ds7%%{{%jiKOhOS2>3|)LX1W1sF;P2_ zc{a}nx2F?7jWtTInz*V4W~*p>YP6)RLAmP8bH05+VCKB7_%u}nD?EGAfxxY>DO+H0 z0XNZTNI8t0jZ(A0lc~XAFUJj9*S^oSXQzMQRP3GJHDZR%NH~1C?~(4EuPiZ@C{e0r zQtVRjw+SPFshL$|<4USL!2FmUl~9B>l7iZ*z`7(j1my%hFj`4MCG8E*lC_1i)BWAl zr4+fOP-nunu2H90?!;2XHM!2sUvZLohhE{IC7I)~u5&f#yIaMtXu1E(*yjYo2}~si5zvGD?H z`yxzhV0kL00UH8Xak&l$q8`6L>v@$gjaWGISxkD&SC>&AH2BwHIwiGQ_4klXSwR7f_eK&$%p};&*Nk43S4!X0W^wa>tMq_*gZIgDPvv5!p@%uacx{ zp{KM3Kr~hEX2l~J`}P6)g%lo8u)d1q0QBsoX3PruLD%9Eo^ZkaCIjC_q!KNUEWo3Q zYQ5{p=1h7;0E*wtzOzL*ci9*6aWt3d~22x6{z=DD^vBxQRvyg}H zhH?{BWRGDh!&LL=EAfR_bx(e#^GUrz-0qHacNMz?4szM42fcegwkO5wgZpLmAXr0h zRo82hT0JB?R5-QJ@Ovzj_v<2)kDJTo4`ifTOO7AYcD#TUkotq5 z1LC;CM%aa}1`P?t?iEBBhcyPHMZ$}T#-@d=lZj^!LlfIQlecPgSsr+|K$4k>^V zN|oI_cZwtH#SPmUuG_x> zGvxYAFT|LPt2HWWrvDN=nN!jXqT)Ygz?AhW^-3QU@npUHG2aR(fbNy&uYFt}sJ1({zmp44FxpZq2 z+D>nhim|E=bKa)!61>Xg1ZF&dzKLLqETbW6u`nGnG$% zU-$c{{F~hV$vDmLUL3QL>H@XQ`nu%h&B-t zNG+mXf`QZX*%X#X@wX}1iTc&;tu!eJgDvblnd*K`3l4PdZD@?i;sOiuW(8uv&otPy zo)H^04$K6MGuRZL&0}M#tJeu45q>u@8Hu_9YrdLCw(c@)=Dnd>rFlVDh7N#fbtsXUrBF4q;`QVgh@x6Eb=>Y)jq~GJ2KZ$%DHBZKdrP z->UKR<*THIGecY3(HfM^PiR$iWV*}UnZ(Q7WZh@u$%`Ug@rzm*uG5JNIxl1sx3r0A z8&Qs>aiEDgW>-TJ`EqULTY1fEcE5@~zw&P;kae2ez+O?9u zMkchtC0*zmOU#1)f4tB$Sn2Fi{i9pxz$-yd_3susw@&*n7dViEhU~aT)g7rJqi2mN zc~8j@14Vut*B082%hyT$ddVZ;Uyom4+p=8`3023hM|pX-7{fMHmi17V-?6R9pwbP> zWrx8u7*R1;h=I&agAal9vwjsa#8rksDuU9HU*Vs$Dde6a{lxpO%(y{_`7o}nv>g}Q zj>{V!*KU;j4Kkr^v_@VNeXQ^A|0@*V#%3vO+{m*45>@a28x+s2GycnwZ+K73)SEi-XsS(+PAOlgEQ2wj`pQ4 zZ`*=4<~y{pD8HlI@0H)%?T^SG>Gmfn?E_ufEmvt&$yToIX={5ms^l4&af`^UVqDwV zc3f;bF5e=xTP5FW>$kS1Ft&P4i&62>HmJryjoStuh3&mjhwDe0{&_!#^7ar-jI%S} zo__PL`Q6;N9+W@WMerP#@6RTAgMqwx9ObF3&ULI%oR%i?ZK(u2C8rx=jDR!BUfX|)sY zd6{;X2ny4*oz*k5IpKG0!tVmt1b0b&rAS+wU~C!rkpJQLAJIIr_@VH_sj=Z0hl$6H z4V_4nZ$GN*O(Si_hBgx@9L6S0pe>UF7CNQ6{itHv&7Ep;p!bu|>TPIp;CeMV>|+;s z-rM23MsRV(#&EC9Qqho22nX7RaG*}_epy0<$e=g*Un~4m(?{L=AN1;9z_hfQ{pnqk z@r0io4xod%Tt($8W!cFGy>mY{#JDSw*}&-GZ)Gf$6=C4oqH8ZpPt6z$apWd|;*|a0 zb+R{ELk%plW_7djSYe_(W?HgXp!R7TnN?}a;3Fm>Q(_P2m)odX5p?#43rj~92R5ew zzhqprCOjaibm7c_+c~E8k837og}>tEotUa+W|xY2Djp-#rz-Fc4X$EF8z)g|J1({z!(ohb9vs7Gq})b(+wi_GQ^(W|+_<*Vc3f;b zE^l~TTOs)|nb3AZ2xqhrxz4uZ352kn?A31u|2`wr+Q^HU)-$y^;dgDq?*iB0Mh@x0 zy?DG$yys--HqC})Tw7>6F5f2g+a-US)NbdE6A-$hpLPV!?+p+-za9E%L**%2PnaQV zW#$^SVc0cl2M_Y`+K8+Q zpaz8rZtapIGLo3D@Sr44cFZb(9?Zf({wagCFg>GRD&k_`sO2%RNW8cgIjoaV+Jy6j zfoKmZX%EiO9$ebxpOf_fX2SHXGP2t2;o60(OwH>-i{lF)If;)9nik11V2e92aI>%D z1Fu=D+0aLI`87fh3MZO($S<1yR)FDkhLx^JR#vY%Xg<04 zN7g(w;VSl=3Uy*AW_y6+?*c$T<5hnOF#;0h zuz%#R1}b2<3ni$z8{!D71xoXSNywjko$6Zhs^PI1YOyT!rC-8f|)Bj#)Is+7bJq~h6ut0Ip!A}Rc+C6gRdkif>N)UG}G; z@<=Cw>#s2HRFa{!WXoQPvIZ$D8|CJVct5O_vF(@DXPPq4zZj2K2CA#hq$+Gi0jH4>428# zdAZ@O#KVLIaR#YKbxr>fvSa_*;lJF`8qwBb?R8ye$=1^)TWO+0DeGtw6x~r{H0$2O zjFo)1;eRLX?!$OI`*JyfKiML_MTpUL{k|Xck&dDbuQGJ;pPD5?iQ*x23zDVF8PlSh zwfsfbF>*e`hd-z$HMgV`HA$iFJ(G6ezN`aZ(hfY;;eWNQ18I7te%FC5TnE%R=ez)z znmu%(NunoRymjw4CcfK{KT>G#HF9giza{Mqxwb71A;9Q6I;yT0KJ|&2i7ceAn&b;6 zq>Yn%fRO9Smf(#AX>Y1{jo}kAK1f`l>+n<%B@fbvsePZ4yg?H#AjGvb$=AJ0vBxtu zzs|b$QSI8*9sWgG*H+m0=SF^E@b8vi8TozP|6Scpvj(YjNvF%Fe$*I^a?sU1{;8yI zqEzia^izM)`qVjm>bCAvzm~p}Vl{3)e6Ptnf7bMW*jzs!QgBXcffEcl5u6>E+mrQrOOO;+0QGh`P`uEp)41x~cV`jrm34YJ7B z1C(nfLb78VlC1BvSKrHeb%XZmo~D0OTdz`*)YY2h^h)toHx&`n_e`cv{pcLrO=dv$}hnI@P?DxYy`nwAo^$Zn*tt z!+*Ik5%}p4FqgqY>T_?hdECeV-|!yx<9}H5Ps`l;Zq5Hr`qAqr#x2&|YSW2G4qU-A6oypV3VuZV#HM`c1j%q zmE1Z91tMoULHKC>u~q3AMY%C$(OBH|s<#r?N*!xI8|%7`b=`lto{sgyWSf%jR{if( z*Dq;7#SIU?IFJ&=F&bu1z2LQ1-~r=_9{U_aDg~xzRFRKU-c3;?D%~ zKp?aa26BDXzpm}Q4wXFXo9EK^stqfhF^>nyqe1vBeg6Z>04lT;>**q8)=XTH?bGB+ zlJwL4KV;u}mVWEyb^pBVTW=5J7XtZhAhf>^UJFAM0vJVf1mAsq`3!s=OTc!2! zRa#Xca0)_Tj?F)+=p7n46+C&H(QawfBRU)PcJG7iHbGDvMyTa;NdCs(sjygf3Kz%T z+e0H{u|*0cBsEmOCSnhDryP#D6u)T_&o@U!-iP%{QmcokX2S|~S4|%262j*^h}F2q z;;Lh2gqu~D@euc!ihA9vOS*e!g?C15c5x14I)sv!!aU=dWg{%NlejO3Rzi885U)ef z9%SMfe(MvI&$fYc%izG#TU5&Y(ejb2W%pHToXoiv@8{G9nl^FAv?b54V6>@_Bew*L z{6_CZycJ-~)z|2|);`Xo)UwN4a`pimd==YW%BlSaDw)5~Ef?mmdd2i)Y{Tb1|ep zjRZOKMky(87Qd64Y5qAT{=3NEq;R-JRgg}WHvxfdKQ~{D+ zrIUv6311T!f@30`K|0TYwB8#oCIyu1oYh&YSLcAK=-={-snUqoxc+Cc0lU9u4$HVz z5eA1onfb8ADjXY-WpxgzUuQaF`n_+%yyIB&g{J(jQ|>h83wR4CJpHeu%(X8L+ZTrA zrD6HwFm9g&RoEg+fpugXq^9Ltl<@{Z;v=A7;?}62*R7E182-e+AmJyDB&~U%>LBI; zT_+u*|(z_qC$)hcJjW~GmAY6sqgZOq0Rl_#PgPN@el|8?o2bI0c-GksS^)r5C zlc!T}YrIt$rY;`F3?U&-_AorE`*~Q|yVc#6ef=M7@|!gC9A^IPHs8IkqxC)(;UwNy z@*Z?I!Yk_g$b9)~3uxTPs?s+Cx*`LZem(;|i8q$KZ?wPhGC#SHSpDbVCDb*}k_-uO zvs5|wRohAJ^QilVq62*cnZMJ4e`P>s)BX+Rw*m>Y$i0D}{vr=|6Rb0n**f?xCTx*x zn?6Y(-S}Yk{N}*ixyHU*GVXaPfj9bk)Za=nByuLYxR`V(lm8bd~iuysF?tH9(i2 z2AuW~s(v4#8i3U*?4cuB0YS2n_8BNJqI!rVr4LQtgHp#}>p00-Huls&0_>q0jjtgQ zJcP^Y_^YTt>Kw45o=<9>Wi&e8Zvr*8kW$pFRfWM-iCmx92b(yHKR)O`G3Y-wXr3B0 zPY#lo@&+XqD@3jn>R|h0L3u@B#_+u5O@X;F2(Ai(t3i6!2Jl32JXwA=8az3ee4ZbL z^QZbh7}ROSbV!xH4{L&MC*)dO+#>KMtXSAZ@A}lakbE2!X=nv&Rik|w(#WhrU{yZ| z&>%`15GTpN@*olJr7EGOHVU9lsD2H?SQwDX1I3B;%cN?-0bt%5^)fy}os9jxfP%Wv zw4iVyUc*2kXMX1wUc`eSFy(S(Ekc zQ|tS7S=O(TKZ>|O)n+cK*oJmp`H`y}kuOm72!%EsSNMr&;33tL;(%_uZ$_x+n@w$v z!SuXn4XzOWsE!;-vC7^(WV7e4&|DVSPpDz$vA{eL*y}V0Y4JRmqxi1@4#qG^FSQ`9 zX`KPK^I9UwZ6U~kkNG5GSj^$Nn20FS6{g>UnvlQ|r&>tOE=Req!0f`(JfYUd7yLM6 z{#}FJB+ARRfm{;ErP>-dBOvpPaZEl`P5OR^y0%{&5OKiwvA-zDU#fh)!`Zl%qpg$A z@XeJKVKzHTF0MztWp%=aW=Z<(BTSGk#;L$6YDR8i;5`q7`TmNV-Ks^<1yOeNO5rM; z9|hx)TOC9J@$+|zytSku&Bz|KO=%LA4#2(IUM;KCiaJYeraq<$I5>wv`XCjrg@qY* zIt%i1X}5n7$g?g*E9ESn3k=6;w-FsQ2I!~S?Rx{6CO-&t|4FUEr^l`}PiwgfxnD7y zky#MEUa8nYvnH@>nR}cgFoF~>E@Qc-XONqay035+U+DA-kBcCHRIyWGJI3TXzg3UuQ0Fo`}iVQ&7hv3|V zBz!Stsex}1TB=UnC_hhFrE1SvB=+?D_hjJ9d8;Ex|36aDX`r;ukXIE{SA^!Df%#Kl z{!E;F5WSLugj6&TK>{{G&9{X1R>$dPKq1W-H36+Z7R8rGa$Q8<&sP3dpQ%oH8pEQ< zPgU+GFn=I~-FR$`gr%UAYq;6N)dW45QqTzBuZ)v={-&r@o$3bZU%z_KvnnfaWshb( z+u!wU!1e5K)^zQI@9I(+kx?5)no}+ zggijGDxyvj7AZDRx@RD`Yrxz;;NLgE_YoD9D@Qu!T)~&9Ec0?`UV&A`c&GmA%H@}% zU(<)=+iL4j*!Kf>D%6|fNT>tM`~1mPu}mBe1OZd7NCsf0Th70osn+_GnIN4GXP3~) zv%;p~t=(g`M-g6Ewa0rPS4YqRxPhEQ%E9FC5y8v)I<4glFVP^i2elk|kp?y6nXrd? zMWJ8d5eB|xXcfBgM{~Ina|x@7ACi`<=tM_D)&!@~s44luzml_r#}EcK06AUjzYGh2 z%T##{5x9s3P2iz0@#RbEaMt6k&DF_%Xm2gcPde<{4w7S4nb+!V2=NUbDa-AutAO^~ z`^xe_+5aq=9tgyR#VwN15ASH#>Tmv0&mKyQP!ICe-;gu-W0(e8vNx8?UoB_7W(4pl zQ{)I;%Jv_`uN{DQV5u+p+Yl9$KC{l#YSLQ{8bw0vF?Qtq%eai{3fx(p*c+g4b{#X~ zLe~<{Pllqwof(0|yBKw|Tl`n$qN{WG8ekCAx^O^=PDpX=CsHS@ z!bPkKUa2vpqa+PUrvcZXW*`d@|q(YqBB1>v?j^ncOE z|0V~*DmVsE$D1G6FU;01YYXGeeaTRMu%B&r?*V7q0ApDDNG`t`w+H+Qs$KgyZc zn5ke!l0_=#0hvP9L)wcY3SZc$baxCdb2Dl~xhjs&jqN#c{P%qR3_bf|zWg^J6weRt z%=1R`t6aE7e?OHEpH;|xBcJKw6mlvnlXk@^=%y4!(Q)v( zT)t8vA#Ki7>P>2`BwdwGXHC_K_iZL~w?YFgEdN6x$jZ(@kY>p40ml?mN-Zv0(#TOH z+r$)!rmY6*LSe%mj;ZzrY8rrF2iXlf?eDQ;41vF82HO&QBi$k{*Ut!kZaj_qx6up$-;ZpQI9WBXVfA1}}3iT<18MB zL|v-!f#;#xlk;#vItj~cIi^s`7IG<0ij)H)))h>ld|^Jv976ITg<7kZB*7?Fw08to znWX6^kAF;?1Tr5uA#}N|%B-ol9xDHOV*w?Q_TeA-!g39AD9c~+=KNSz#pY`u3>_Cg zFW)Z&UoRBDQ3xI{6rU&rPZkn1>~M>h6ym?a)x>gUT>M|{c4jbJ0DiK(O?ZDY+vk!VOjPj-?FD=ePx5D8R!*=sO-VL6LDT zB3o1uW%P7W)!1koF?gfMPPyc9ULD<2i&u}lrwgi8p|6j`cD2U4{v|elkL}lE`Ep$R zOo6YzxgdA5Pp&Ow8m0ZXns3;USLbias~@m=UOjTl_bK14T;tlnwevMD*1t=JYJ-nz zbEY;+7>zudu@3KEYMbjAOGSNwbV;CGLT*LaB0VOFEdAhEc?*3#7ETf5FK;0_3eqC~ zh~pD$zb{nGmT#4}Fe@A2_#rt(4p6kpYR>h*S;$=aVT!w$#hT0mpFnVxJXGM$+j;L4 zlG4eR8r@Gc7)j#w{F%wDeOX%<36Mw2c1;l&U0O5?!^!fOq;Pp+2Qu3t?=V|{sY`5{ zaC;lDwPu{w?i6F^e2HX!>3Kc(299&!P-GM23TI`l!8bu?nB;viDL?pHjjIbF z<7JYR=FMcx6^q8t%oyk$$_)l1#OAtl6*GI=+;$pGUtbt)ms{wpnxVOd)J9{Pxuj+( ze910)UrbwA;_M$O;8z!w(p%(F$e+X?L90_#?>noMjlMyKQl;H$LG4oZRun;-T(7Ew zwbG&5j#m>hlyfS(LDfEJ`C!6_S0SwZD(R#T`U1x=P2sOB{VvBaaSpYdneDw=RNh)2 z@qM!Uq(=s2!oF@PKb|HkFz&}u>r^hf&o~qnS97`t7*Z>tVfk@URi3~SWnvIE-zgsf z_?n!c7heZ*2NJ-d;aer3i&*SRqQW!F8)bn*{kbN-B+`lQimV1^I%&x17+BBrX!7d; zuGHf_m>BQ3r{z9bVp5!6lJiROQ^nk~Iz?_R%CD2$ZxXqsSXxnZip^BfpmDnzaH&2t zJ&2a1lmg*YaF%SMC~unMb;>CBM2=;$duT*;FN)`0Jf%kX0@1lS%w2`1 z?PzMqiL$~!p^&xb-N#@#r9&L#RFp?3LS`$K_zuL*+~SJ&jS>p(RKuo2t65c49*2(W z@MDCicn^?-UdNY=IXe|B z-R-?tqBN>Y9)jSuHp+bm%^LkE1&>C79uslFdRIgiYFQuspiv;v&BDgjBP0v(sqfeckc9Tj%aKw1l zso0+5N1dl3b}4_mm6Aepq~knun`zTz3byU9Q`~WShMG}ut?l=w=QnPHF}(NvZy4{! zGAx|djlry-t3M7Yur{d(#m)W^(V}@s^OZ0+8P7%Ngpv>CZZy=Yo*&Nd;J<;31HU&+ zSD&T!pN0|9V~}?ZG#8l?x~v`DJeG2I4M$unWfWrxDdEZs6rua(5#zvmT1&f%$t73? zcjm{rPRCkIA}<{S}S%UQr;@vmh%9+qibvwfR@F^26tp%XY2GHt?0;5 zgASP2F^R{&E?0kBuDno|-d#QH`u&**qSQfC z^JraLkC#GWz3ed`KtS`0bhv0h+tx$>h#)stV=W92nc`sH#C{7BrmzCoatII1DmvWBz?mirAcxw4e z@sp}LG<#L+BV(Y=8`bR53F7hzxnBfDR-2N)oIlKGLQ(k-3Qb^Bw7T)mRSj9)_=C9J zdF-&;T%;uarvidb*dn&DR>ul-^n&ARrhjL%3od?&qDjitAQXCwVLQ|8?@y7L{{C3?fNu9~a7XbcsPLG=y1a(J0TxSZ4ZF`vt1+WW=s_c5O`*0m8su zG@0QUVt5)FnMtXL2=bgGtH4g>hU3<2aO>S&e&xW*VLp@n->PLJqd=(ZpAN7xLa$xM}1HMCYA zt2ur{bJ+`|x=3b9hxCR4KnJkmedt*7l}YM?WhzqDP^B1*cq)MUzr?)<*j;6r_q(35 z+U{$YwWt&)4C?qD&qxT>5L#%VCiE&r6j6ahupl;6 zL{K3?0TEG(%AlY*zyGuLn}jxV&H2uCoxEAk-h1t})_%%;-_PCeZDo<`_m72b!R*}G z)*37}3(M@emFVaWn*{Wv>>8Vr44>?jF75AD89zE&Ql$(mAz!AH*_!X|!js;mCsmJd zXavyhEYK0H>M)j*D5y5Y2@rUog@j*&(8O{( z8^?^I6vT241rvLAZ`Lq1e9QQGj57-mE_jU>L=WQQMZg9twazX#Yte>Q24?Rx^|#T1 zWUOZ2M<9vKY=d7SeYEjbED3)+H!b#|g&RS%;E#GAgMH=Z&iuUci-?R&AEm+*(yjfJ zN0NvyAvMQqq*#QbCKh;7#in2t<^)#ZO`*jvyc$*7qy*@YOGV}^Atk@<7e=3u@JHkX znm)Gm%zbB(c?>ex{pyY|q<1f}pQV_mxu;^kRWaXKWWTyd;hPZ5D_L8Inh*ERULQx4 z9srM9JBR)%(GM^TJIe2LnDFgbwVLd+S_OvyIusuy!&!!#F-ha7V_HrJP=I=AVOZ87 zEo)az<%ld=MRy@#fuN!F2BZmU84N-c#WCp)pE2T-CR)!B{%oc7U@HDTOajjCSyWM2 zwQQs&mYJTybTJ-8q#DONl!y#aVTPH>Hbdx>c>x0h+ zD9Vx`rFzBp0FzRClVhF&noKqB1kn=$Kg~dg?{O9*1yc#A8od${2CC7Ka{!ULJOqn; zn8?8+a{PV!H+#hUjkgKy#9JP=D}F2EhXN)IOiT^tBL!S`jV=IqNprEY{SUhsCt8+R zUK8jg+~vmIL_b);*O}Lw-NTocizsB$12MeWZ9MbZXAVCHMdLppsvc=-% z9uV2RPud4^o&lZG%j`;*)|i6>o0NtYFO^zU$?=Gj_&N>0ay3I`ffX?u-7;D%Z-u)z z4*=YJBr}g@=1be#dp3VHAU+VC>ut0Bb+gS)v;7xlr)St~1unwsR}!+k^%aE;DDyTD z0<9^K^;$S@o6G{*q?O~E%x^)#DLFZ^Ivs|uZEq8JhNUbyy0nqix73o@1?#2$+&{GO zdc?hoTn9iYhC}iohSN`QX|x_YMOWY~VIB`|7)Qf*PP<|JwrkF@?hIsXn|+y7r{+}K zS*+9^7$uG+pMk5gd?(N=YL<$N5*6%D1#t-w;uqCh8FZzy7-Xdoy#z+H@F<^4TA&(W zhuHF3`^J*!F)&s~HdurGwNmSlQr%V?Xt#HYZc%jrR&6S*ms8?{u?ilIo?|llphjl) zDBaR-P!z(NA^(M;HgOa%UOikFP`N6P0VXPGBY>C5FjGTej^3s@3XdC-9GN39=E1}8 zMejS&Cs~5i2mEORS%rB7#}GH)Mrx>u7gKsFf4(7x~>U8}di?Cqf(jP}tik@YdhxnZ_zpI6>A)GdRk4@i7pO5?&R?za6S7 zI@vITB+JQ}$xXgV_y+#7Qm4=W+U<2czqU6$HGl5W+3#q*{F}mcECdj0eJBvsEp)w`$1;% zrMKtYKBn8P*~U!y@pQUmz#a_oHIPyO#qP{&i{68J4Zkf3UT314pKFJzGszA(W@EUX zpxsy+c14dtk7Y)g2LZ&H45rsMkk09}9G^%v?W#Z!Kwl39muD2Q3NFFjL431>1SBSF z;J1h`8cw;~$86VYB+jml4JTYlI!-wHIzjYdA?K6}`E4!aPY3jC44n(^Ob6J3hQcK==$fo zCANv4F(1cIFV9PmB)D&q@$mD;-e}MvQg`Z==Jg^reCem{ygBHB>qK|`!gvXA4uSK*@qkZeYjP9_|Aa;YQGQS@rG7PGuBpS{jf_cik^^Ux2o$`_IswS z0GJe-Bq7IE9Y?N;HXo7kMbYtL?^VX5Fwj%=BdZ4d887>h4kb#X6;O5a2RW}#Q`5kd z^q ze{28tr*!*y9e?ht+`f!O1i*jUzx_nreqPU?+Q0og*4{kT_D{B7c@#I7x1ZdPYm*0U4?d4{@(t`>^X67(3N)R-Yc!)|r zE+TPj-R!&h94OLntY1eTgJ$A2AkJ&qTc$XuI$0vm7SN+vSSjZKJ}4e!D;5IX)kmP2 zlG}meB5d|yqnBY2uRpyrB<&97_l=u+e-gK=l-s%{@L5gZnQebYe+e~p=5hhi;R&V1FLmtVyi%Ig`*XZK z+q(13z3*vYw-x@@4FhA{ z*Ovo()|(?e1A9gT`@Q$ic>A<>oc-0S4s2aHuqT~)&iUt^f0TuJyzIeO`#rc$J-Dso zZ|wKr&+5VQ!k@Zn53Uv&JUqD|Hdm?#yjrs|_7}wV{McQjDk`rAdCN#`3*?>a%_ZJn z?)`Go=AVfX0kC;_$V@p0gv<~J7y@Miw;y2tCuI-r!u?J?;MJOM$NsL^ek*q0i^W#I z3hdup_TZb|-0l63yuXbeyi@8Z^cgBC0NSIrRkap`JA?pf>Z0}@(Z8V41;pjovdV0( z-Qklu<4V-Ab`sb?6c_(0wI?pBf*RR(^SGLfM@x*4+F7&|XPWO4qiY$-{d4Mwf*FFs`?Rj@@n$#SU+O&DcAP=fj&|x$m$q z6EbGrBBR4Tez$)AB%1Ba0oShnjiSPz1vqptV}<@coraxNP2d)w?_|(S-H>H`wck_{f}W&%+HPc z8M*+NSxc5^3$MN2Xfy0CRjC-|5}uZcPl-?Ti{d3P|7dXfi>K=sBC+gBr?Q+A~-5 zwEhhA{*JkqRLq=xpkvl`IP*})JgnD8I_5FG{+e5)iA8FV*&~kGK07CSLn0`uuv7RL5-amKr346 z^3&(g)&HDp{){~aofIz4bIf^jcs+lPIdcx@thsQGxkP6!onx-h>y>lNHG2Ilw}ydy zK_d@LO7ALbMnNrQUAjzTf`vgv^r?Vamsv+`jCYIW7F$o+&pBup-;=<`>Z2h9nUZ317?V=cKpY_tIx>kbNrN-JolKN)sV zTvx(0DVR&YMT7Gd)pf&Q41)uwj@E%E7O3>q?DES4I0@?{xW@O>!Ty#K9_XIwZ zuRI^m6!w_n6=m%1?^FuymAKlm$1Q2o{qE*#Me|}pN&@2{CU!^Q1+Iy-%c`>8$E1$! zg~@E^E!1>Ul{B09MdQv_S1!dIA6KZYNcGI=c@;sx!o^IY;g`}G6HBQ;=`hVwn`{DD z%B_iC2cUpQ8H6zFzC>9B}=r8JXQl|2XhhrW4XJm#v zrR%OSRaYUC65%f0FlJz`8pyq`Z93*%qURX1d2SN8`qLzXT|DLgGWnu$U%YYLA*+B} zL7osvKCeV+W-OU&|8tHxo*}!bWzL;%Nlo1c72(^a1Bc+so%-bi=X&w0|FZ#?Ax`6R z7$K(q25UZVkwd}`brn$`eHW2}K4^D>7b;*WWX1!uNIAzccgP^nmXZ#aSP(O=<Xn~hquluY#%rnHWOhNuMlnz7+IOy( zsQ&uUBCz8z=4%M0w>eAD?&o+)oS1Km(3bHH#41(pBxu!sQRiTY6vB+{8GmKmVt`us zBYaxKiefN>@XFo*|5xv2Bh@X#dgE2W;N-YY2nO`{* zTKj^tf6`Jvj4s8Q(Awvm{N$cuKKS=7%~7eWxKm8bxB5x#-F@Et#Jk(PxlR>*?sz$4 zJHEy{6$8X9UCa9KC{KmCeIUcBYr~lWFw)G2ImZ4{V|d3YAnh8Hetx>74s(X8TxH!$ zmAPO`;)m4fAHfk4TDKX7jNOvacp}3WgYdbG0)15!gQU-^XN|!+VH>zD_+i2e&Jl%p z5$K7R6}r*e{{rl^bWI7nTwP%B#J(hI87L;-^;z%n>H&&=tEwo^Dk{&|4Q4T-0*a_z z1m?uodUUvm?o#OKogMj~9lyx_a)Eh#fq!5D!zBD3T{ucT05moiDh}=>#dZjS_LNJ7 z;(>BDsWNPYZwjq1GpWt47yRVO4v?;iZ?vmpvnKYd<6hLBga#F`Mm=7e95M9BRMT1l zeH!Py+_Xr54B)+nPdZB}O|HNwTg_{4ATvdatQ0rvr&bF?vh?%b+~`ec?eZ~mwm1Jd z2(iFho$8iNvoxG~e$WJUgytCudIFe~Tdm;n8gH)lCbYJ^__yRQ%C7L{a&JOwj}6cG z{UE;rOy25k(5QT+W7c&1nck7SicyzO9xy*2HK&c)uX*xo$SnluT^ySekeQ2n$J}=Z zr!O?-58=XH{Cmt*-W(G#q0iMDL%QE?1{TYq6*b`YQUgQ`_3!e8!T_a)gp~^Zl^f0zdaw zHjz%Sr_Ush^-$KW58w+LDs-h7B}d(9z_;AI;n#Hi20{f(QsJ6t0q z)5G*RM(yARvsOwbjcQp@22HCf$~yvV6>J@IZE8rG*_1N+WroG_4YBKm^*uGo0AI&;XzvqmP9iDYsdRGT@`oanB26zJH5+2~m|upk%5!REWff{o=){lX4Gv@j2}naewDP8^|-1 zFGR(Rw41~{N7rl5(Pmk`FRHuN*t2V-ZAh|PwP%@Y+UDxE_OIK(EPrKC2>!5%j4Igq zR?~b#?~&4*=5C}{^Mj_jN3TC_n)~#6e=}Y&(bs~UHet>Lf6Q4E<`kVnCp%#-(3zDJ z<|4gbJYg==>*W*i_3*9s3k`F#ym!9Ti0@%T_77Ff!{Uk_spi9G6^p!Ss3duo%+VmT zEAr1>$(sOH$9b7n$_lWNA_Y*KCK zhJ@c)o|rqE@wbUTD?gu>?>F;-^7EO>r|XDW292`xio{%=;1<0_Aktzw=9+&r z2byPNdqOhJXC$ii~1gMtMO)%Z}9hsplhk8CxGaKb_lWKTC7Uj(q5VFSXxY`g4U_(p78?*(D zzCxNJm}sJwljyHLO!OGa zN8-ocV|Kxh>^*n^io)-#3S_hPwfnG+TiCtreDe|WCiX|$Blor059#lp0K!nUY}O(6 zU^6a%;)&O=oF|g{(w}b9-{Zet{axy3p;DjT3>N?miUg~$!9k=z;~FLl6=U7_c_!~w zIICaFq%LJUK4v48EubMyyBR4#u&&$T>J0pXn|7*MZL5mW=D2K=dUGP^@|`^e3PQp| z5nrjt*O@H>?e_}EYWI?AJUcp?5NUKi-$qd_?ts<5C1dl0B~*T;Ac<&_C+Q<#SD@F< zbiPM#XNwltJy(lh+t4#gRYXp^$JSPwK5(}W zTb`>;MBgCt->ytcBk<3dFY}9*zaKho?r9msqAQ5nXAi>+0FA!1--{o$%zZ8Q6ZL{L z3s^yBikS_0Wy1KZ-CxdyKn;-2!e|dnsZ5BnNaE-O3%bg@Zl!!j@F2mO*C94^VV+cm zqR-`f&2$VXTqj&r zN#MAu?5z*b$Lc+~ozu75aTVoYGrk+J^O(BLKx9d6(#EDlu}w;IrYK%&ap9m%q%Kd+ z;u+a&5OV-Oa-TQqJc|t+e2JpVOVm_l`!&k`02L*Cl0hMp#~8rKuXcqNTpGFGL-G3v z`fyGfJ&zFobY6R6+9A3Oa0tJj;T)8NoK^gmMp8b?Qefp%D^)|wPqz@p5&XEB1P+Ki zG5S?%Vy~$*@DFCYXaOWCQSsf2a>d5eo|dEEK2J5|WkEj~m3O~Wi>b3oNBi-(EFsaZ zv9Aovk7xtsL-1mvv=t}z(2~LF_*r&JawH3dc^dUK*XM|y%h(`CKye<*!7Z*1Kl!HU zJHWRf?;iuqp^-=Nx+pN59;1sGPhZmX8 zx6>l~WD7DflViM#SZ)UKPf#5_4v;J*5@tKUOSY@sW!AVNx6RHdXm@oJW;h$6C-|$9 zOk{8Wzk+QTpe6%GIF|u#P85t{s@wi@W3~9?AyINOM>brex?#7pL>qCuVVa zp$RW;lXl4(=yAnEQ5ck7TbFNAPY5D^9^?7M7?DjA@6n4LCrM**50+QNORpWqpR7P{{Z+ z6QkfnjAroK#x7C6@K0y{L!9~`jOk!<2xEsXQh^;yu^Y#!Y=)|VlR?d10`Z$69*DIl z!fwWn2GR)7wF+s<5H0*lS(`ZzTuUdkrQC{CTSVQ%a8(TipF()qd`&)J(j-K1#KKzV zbE{L-|CBL8{o9|;^0U-Lhxpg+w8Ox5N7SM&Tp?iqQY31Es|}L#+UysUuQpF^ZtvS3 zSGq?s_bSmumu%sGzj=xn9ezcNu41e};r1vxMd$b7+^Ng{_QMbSvEPJF7#s$L06K0aZFoOKxm>2<%5p8$-dh@z` zPjb3gx6;KIIeVe=7dhfn48M9SbTR~@>4wf;Hlo|tlfnQ9(A+aEPM z%>&o$U?w(3r_6(R&^&)JQg* z!%SfS9dmG(ezX^LhobLJh2{jfJ}XNqoy0TZ^6azZHL z6!sQ!D-mM!>Gc}}jq>#{M%48jD0=UY4pK%79N{r@P%N6sb3B}MfX-GT_F}h zOqqPg!L9=`C`BD0!h}H7@d(h>vRw6wft28MGbv0tNCyMHVM%KxU+$(~zzj)J)j9D!-Q*Dhso|9r zyvL@5zGP65T_jl27U}+$s4vFc5!6Mk2IWL6(e;o9#;+VTe=@Z{5XBEu$~HjK3f>Z{ zt~7)Gu=yb&bWWKC0#cQ7WuaTtCjAIOkmbb8pvQ`rWHRtRkPz+htj|xB)^yP(YnK+LZheLu*qXwT754F<)e<2(QhTyuS4O46a?!zXnT1Hij1f zm7gHEZQ^XrHy8R7%^AeZ5~q$+Is0xkA5t;X?oC!u+XdU9`|$ zxo~I-$}qkA;zLnG15phwGozxzLi}?9Ib0gYuxLvq$o0ygCbS}^E{Kn^XEvo4tztgO zVN)!|P6&L1&7Nphn3v`N?*^sMo&ig=V1!Sje#8v7K<_b@caI)vneX!iS+HTlJAnWI zrHG!ARAurG)q>9C(sli8xA9t%bF|(T;Y&{3IQz%b#yw*ccKL*vBojHXRFz%<0*g{a zI0Qif12XDdwYqqT!>1`F3FXFdxMsaQgryOEo`h=}IYK<0fQeC(NTg1EC^N3bPD1ix zO8_3!Bwi0t-;THv`tV)rzK7?u&FUG<2$d>MLG=frfc zkWPTk%xy^$T+(ByH9K;DTl+@GG7F&> zr#iP>9vJvxbjzIVRT8slO0krrprVHOx{W_Q8@FP961B_R)l$2}q1|saVF4{F-d~?+ zk3!_+`Albu>u+l=)B`B6=IhRV!{JAkuYtj3iyP+gf~Wrr`~_6%ewIUd5Qa-UB?$<8 zlPeGy>=aiV7)9?3tCEu|{%&=G%ILd?lIX*)((V<`4{h@8f#H28w3X0KhIaqZ7NISl z_Ob9j4edl|Pb>?s*H@wyXf2P~2Ocuf?~)31_E@ow(iQtAdOdflcgu+!_1QAdr?b3U z;mxT&!znv)=Z6@AvwXHfpDy<95^v7;*#-J^rFR&KFZS6bzS=gww(TbZr^q&i9|tPC zDfb2MZo(VFXV?4cW^fb5=gTXYayja%;&7v09l&j5y_c!^Pd@vzq@S~GaUNF=glh=A zey_XEV;;szo?YduA2cL>O#Cfo7=z=3-h~QNtvgKe4P$nw-k%mfP3u24*&iXM{t45# z0-6gb;**IWwm|9&tuHMo!s08zo8S7!cx;+#Q5|SJ09D>VH)aC}#Bsq^aJ-E}v56n= zzaGe|{28gG2lrCuAK984wqnmDrx52Uqs;fvnpucUHA1aldN@DgCxWLL?0)#x`QgeG zELg|- z_Ock>?JBldxdqSeBO`nGKvWZPcSCRUEJ?6 zM5P0SkbIt*pUkVFZv+#6#iFE-#paj6#HwvC#nqda4E|o+p`5A@YqDRCa=1gGlDkGv zaA&M&0(@!Vwn+wpHGLSONP&3<5AO!SY|V~NLF0wcEP~6{ZIwcFo!Kpj63JQujxSNz zCtEyr3QY|*N^qV0yy>)BcMFzT>6uv0F0oYj@P>4(>s+!{>8IbiR=@MU=oT#e&~=>n zNA0%dzVBdE!=7Kj2tw^q;IM;gbg4TqP^W_eT^d-8%Cyyhzxhb?y_{eAMXjH=;+Hk4 z;jlf>xfakY-LjEbT0V|MRB>aX)a~v;|u|fz@*Ykj4Y`s zyJPIr0ww4|^jg}7Ak2eqs^qroTr9noJlQbJri;IcYnZt2{;lpQ5bUaMHc_<%Tmzxh-a_=?V?{fSY=2qvuxNo?nZHBnR{J~XU znz?UeW_6aWVRuCpAws}@KQw73j2k9jJIhtEH&pDM6)48Qklb?8{Oa%-?qO&IT-hDQ zD{Etz81*@;(@h;()}Te_`)VdN`lV}HKR5xWgmS9Y)0 z>v`>+xyl>?vGu)@`S7kq;v0MQx12zy;2o4#;X`Pm$fN;J6dBnB z)sm@@Qbd{pjC-6Fml3lwvnVNP$R4%G|8)Ay&${iS7uh2h`TM5N+}~|4S!CC5;qRS3^OJ6S@gn<| zE&M&xXMWsm|8)!d{1*O)(`SCfHQE)(NED!`-(Hc~8!45O6*pw=b6F8+MDf|oU7HnG zXYQJ;xH5BBWyR&0yCNIDG^;`*H~GtIR|SdZM+<%M^oZ|S=x*F{6Je$S3RL;ojY(Ml zr|)Hr{GZ;l>Gi#^5#kVm5<=SW|Nr}gH$IF>;}s6}bo!^`K(0w&@#xvZ0e>iF1rm7$ z6wF@&LO~HN24!m}k}KFHvMX$Qi>;ht@_&}7C_(TSNFBC9stW_S-Lq`e`$9}4d&MZh&EggHMN-j9d(vwm-3K+POK+f2oC-5l-5 zhm8c*2lA>+wva1KhFE%3y(ZM7a)*Ymn$uque1-Nv-o?BbgJfbPBryygtj%Z${y@46 zS$(|dG~4~&VY?p)?FJu(S~SU)ugEFr7KKo3uJ9Y^Cp1^2xCJmmjOCb15}Ueg)G*o! ztRx3JD<$HBLEqYcg%UH-+hDsLf+41^o)W=G1pY+y7-AMdWzg4E_7f}FD82?4X-?_6 zlY6uo5$z}STxfl0D<|~KvYrjC4{iRLo>|(nq4lAy9M?0)_iSi=X!B!w=GdMMtq*PO z7;O7}hl5X+{gZOA=HG}-j`OlVCd}MNwd$p$t@T0c!tmu%DU}=}g|L%$6SkV!$oND{ zxeWwMG>Wnx6EPk(ts0+HT%jth_F}WrXakMajJ;Yj=LjlvJY}PMDGyE%cE>|AfJlnn;dg~{swxob?(>BC-*8IAx97IOQE7xqZq|yDD83AGk86M9*+&E1|8ggr&y}Z|&}W?-+G0C5G_! zFMaQ>4H|PPj;_LCPOQ*nIMC_!BH#y**$#vu6|de?M2mf!?so7Jl8hs+APfmq+?UCO z+XryUYG6J#qbsVpWZRC%((Sv#ORO3!J z6l6CinfN$*gyn)dx6G?`O8^u+zN|m5=guaK)%~t;bJJP*(*>*dXyIO;?UMhxFqgIM z#q9|u#o6BCHW85%upD^(w#yo1!D86Veeu|vzAMTl7_2MU}XTTz81%+Kl4x~>p z40h7YoQw;-xu$TFm2WaH1(75V6z0Lg{;U`Y^Aq1(*sm8ONV+4B_uL=ET;FPa z%`C1Dgf>}UOBUDT=q@%KkN{_ABxERq7OzoIz2e1K1s@(TO3R}6Ejou}I%0Q~_C8%# zo4>YZ*44V9P1X{U_Pe^c9>N`Yq!iqGaE%A|nRuaVj|ZVG2)sgr2SN~s2+qu+<&9Un zS2RBuHtM4G`4MUKQ;33ohwW84#lr7s9_U>g(FCfBJ;9Apa}BCg-(h9ltf~)%Hd$Fu zRxt&C#RXMQAfe%gDL~A6r77U~r6L#zg&2paXirbYo~0pUdzg#{N5bK;O;r5(Ld|IXcm%3e!yZn$_G33uusz9F0ax+J1kuGWYV;W(eEahdxyd1zjz!^zZ z%F9VG3=>Evs5*ped>~r8ua>T%Bwc76cpu2sH}vz2F1}>Q{6HP}VI}=`rSXHhxnRg# zI%F?X>#iB{7Z0)1@O+YrhK}S#`e5BZBqyTHctVN|KvF3m$$jef<$ws`HbRHU=?o6D zqWw)*{|in6@Ru-}@!V3x|?;Qti5pk8cxNLR2IQ?%H; zML@HuNsNyPNgvnXHt2AH#O2W=*zU3b>Y9FGl#jS*p z7LxUrE2cP%_eyEEmDyTSuiH1Mx_oFqu*v)K%s;GUI|);$v;H%-FM>TWrk=lOE&jvCbaj4DDwOalL4g z|J!k$j*g^1u%n4FsoOB~>~&9Tby5^*kJk9vU)FL8W>i@e_sg2O-I%W$_jt|xx>kGH z=_hJvZTwdaR}~jkV^+CJdItAG)12G_dIZACb*!9@`-4uJzJKF0%*7l=+VnHrD3opg zY|Oq!#qUZUQj608!ia`-6QDen5T=RsV}D?m6h}j@SyS06ABB`_#zZbtI46qL@D@KT z8dq|b@ZtS42E~*-2yId27s#|~SP>+HG4MF&P_^2n!~7I9Ur}xBGdUh}s!u_7It<=2 zD1#dnSD*l~*iGIYG?P@uYDG^BS3Ma9jzuCVy-M;2jCs&F+Ev!P&WBI=&-&>s%$Kb@ z*zoDgHvNJ%H(5`6pK*tn@LKyZa+216rt8Odc#evQhg zehjDCl2AU#*cptTOcX$A}M5HryYBh7LRPo4Xv`# zu_I*4c+T7Z^yY`g&-Js+xSLh^fpOn4?)B*|`L~U|-nuJodcAF4XYCr}zGSjB299e3 zTfNxYW9;bT#y)9Apm+U)F%DKG=Kv#}DuOY%rR4S314yGx<4#aEl2YOWSr$3{&@^TJFQ%cK z9#}?lj<2xMMTiGx3E;g6uW)XhELA!z@d{VQ6znx-Z*9kD?wM{iyx;=t1^S-uuyAJyEouDcv5e{WO!YsgR-feEo~N}i?KI5CoI;rWj^pgCatNh7cCzhV4%LNX92n4PoM;(*%=?FT}OPYP$oLR(gP zStQ5Yr86_+4RMT}4(hrCB;VSx&p=vlp!ZMS=Ui20*8!O+cMh$oIb$(E$)F;&TFeJ z5Fuf}^d9~0yR)&R>lXTXK|n=}Vs7u!bbuQBNtfoxCQ6)GaAiv&us_2&4wXV#O=5hd z?L^Ow1BC+E#2ynv&aR2g)o~VzIXc?kc*t4!RJ#_o2XUQ=BNHe!z}l{UmTHDTM4KLF$0=S6x6AVUC>g4j8u5GGn5aTRuXSCCka|+e`IqOf~zoQB4@&hBlD(l!nW|>L0u5L2l z!i32SGQ|+^HRz7A8gzkgr4UJlp_&b7o>;00j=k8j!bBz?T(3yoZ9+Q~+R07Y`uey^ ziO=Y%t7d0Z^A!q7@)IQZ)}K`TlYSVV zwh7E>6Q8NpkCvrE;5ZEhf1}lB7~NDj6px zF{lW`9wMbyP}T_3GL$tpLAk*~bj@s`tIQdsR;MJ!w{Ts-=Jfx~aiWRdQzIJn)&E*E z{LFZUKMWDO|JTZqu5*77hUJatu;370dA`Y(xZ+5cEp^3bTy~NxPITERt~l9c%UwZq z@9C~M&1Gl0;tZFqaK%|JJI57gyX-tyoa?d+Tyeh3R=HxO%Pw-og)Y0q6&JhgGFM#c zvMXG1xy!C{#g#6*#uZn)>{?g+oOymp$13i+=`?a}0E`{r|HUB)8}qq zC13mhE zmTItJ1>X4z9-^KYa%Qv9e<(;mA?<1ni1{q#*(I`p6re~m@XO?s z(06zcvBN3AKCs+eOSvzdM{I)y$HQr1HXk;XAQAR2{lkAWSnjR8TIyBi^$jF%>)`Hz zyJ3P$2Z|6bNc{qLFjLX?q%zPxs%X5F+8aTvGD|hO#b$v-!bDA`CdEtg|7KmJJg0j& zG9u&UwN#NJ1&-STPU?ohMfnhu6V%Z5W9#Mhh2JP`Z#}*ih+yN~uWh&n55fc>RCo9c z$)zV#IEkhdI``9!_hU&i^lhwa#Rehj`ul>Mp+f6c(3SYR7wo-N#mc9@&PNi zecqTC}lcmN9oNDbVQUD2@P?| zm6G@1h8f;z!@KMVgoU@VESp95+GK>Y0$EEWT z;n%aT2if^}=Z|#hG8~T0n_+Z1#FSt}m+l$Pg$b)OBTOOQk1b!pbNnS|I;C6&H!;Y9 zqKS;hIEX0mIPC-p<{`l^tGT6JV5y=)Y2ZpyPpg$qU_--<&a~(2B8osrq5)QzQn{MY z-RnI|e2R(uFag%BFpQiCj-*a;35Jx{hp`H=lyYUI3_Jk%S)bquMh^QY;2ik8Kgoj4 zADsWK%Wv`VVAkN=jXuHe?7P<90z&f{KeT|@`Bg~T*yVT{Jq92I9Z8$lnY?y*-I_sp z)yEu$Z)B~gnXVS$B~_FeqsZ&{Q40<8rs}4xGmW)|ECDNQc#)=cohilRvL%&35&6v- z(oX$VdfY^3l5REGBi>z(C&0^gX2-ncFJuQcUo^?>#$M#obDcfUnR5{{AVsUhcY<_5 zTRxg??n!GpJ?xa^M8})tNMo0n1koVFXUi=yZb$nX#p7(eG5)HvOI&*-~^7BCu0#*#YGEjyUqp#@{Gzx<@JA0$WuOgH{$GWP_C812vN z6k{9W{ejHw0$$(GEwCP^<96t#{3l2N$PMzvf={*z(%vj!2R&2AxVdF0fe>aNJ{ON~ z9nEx>(4&6wIy#`#UUZ_MmWxvUYuvTnAm(nMf<+=?L=dd zMZ<34Rc46^K~tUE1puM)+PxP(06?u-Cxb>HWSwdcSD=DzpVFMbms}lhBq1j|-QSObomK|evJ~O35b{>)KyAa7HFD9xCYR}5; z^_X;#Hnf$lGRKvJNnbXM=1R=(U4#mzd6Qva!6(8VP*JxraVnq$6`X0;let0!{-JrE zqPw%fQgv2|gH>{|1d6KN5)Twf-NDIeH&}^gJcaRD9Sq8|++q|{23=)BS!Is>FFM$Y zsK55o&h=*&JOtfdB4EAIdoN3yBFBVsK_;g&gmfWY#EwLrQ#?>M;k&!rAXhFWB=%L&?{8bVVGqO zc*J7#PmGDS6qjT9mNnkd>Ndwha8b88NIejF<-xVE^!VG01LI>B{NQp`^Zju5W4W&m zX9ttyK#bbf%ltfuh!tY?89t)JL z>r_*G4OqEa3e%ErM!m`VLPq2kqWri(48Av`l04%U5=uL%|2&X0ct^o-w9t=;0@OVh zF09PwGDroWA``SD;Z+IAU)N5{Y=WQI3+r(w*&WEQXQRZF2Ahp>-zpjUZ*AJAEcB^t zJ5t}aj6qDOD>6AASr~7@o7^4UjTq_#>6%0x4;WQ zKtZVi2mb|7P-Q4)&p3(yG}4el{h7;ZlgLE< z7{xWBgAfvjJ9p8Y$q@;wk9hMD|8mK`dZ!A+B`i ztvGymcqH2`jE;{gkGbfd;Cq29)!LkXO?jVkj#q!Koy92h;DUjv(pIDYDp#^P@AX<` z3YGNb|Lgz)B{5|<#E)@|@;AocDaI0X9S)qLW;h0L*g5j6RCozIT97d%XKr$I@nN6M zZnJN)PqA;dSFv~YhGNg`b;awm-HSc4*LJ5@ti?)6vHQ}azj~B2WaKYD0BoXLNIKAW zCEG;eg~615Q4Tc2$UXZ)Irek=x_$KF5Z3p9xkKE+n_Sf6ydu(fce}aQ>ciXk@OJk$ z_jmg6FWmmG?qA%8$t&mgsL6R{_xc{h+o*Jfeq)G>j;D_x=LyCgkI9X!6=A(P3=3;| zhl>WJ0uW_%eCaC}==#K5YTO0Jov$nx(~qw1k#2l+mrFklj2+=V?f!%KBmsd`Q4C%W zMRPj+P+fUC-`X?e%i&HlI&rObyc>+W))2?R9^n_8#u2r}@?C4vc?N`s@eh!Ca52t8 z>(@)!D6Jk8;~RjMnKjfP;t(Wj5c8p28|lBw5@9}qEdI{`y&Z)2GbD3q`%15&X?;g2Pt}{95i<>W zsSb-AM&Q>sH%@;Re~%nKws&hE|xr8#;`D^*4r`M2+~f+CZ+M?uW5g zfGt?M0P<=x;Jxz1mR{oX=@trmA;BET^5#VEb45lXMDO?4WJ~&WY!Mhu_&K7c?WM3U`4B2O6G3NpvMB)7=Nq#6 zK+yxkpx8r2ewaPd-H}{XnGrq%rw^Q8crBv)h}yK*8S^>gzF;g)*q&EBxcqhcBz*$% zEvy6oSy>6VB$-ReYu-hBet4s6m+h4*D!mfmTE zGk`WV!JjkH*I0QaC1fSo$zX;VpcrF9ccCcEh&KxcD}w`r>Fj~oY%_!6ARZ9v{@f&k ze(OGWu#}tZB*!k?3W0tD;H7}R%)@U-Yqg9D(^!*lvpP3x@~O}s655f_&I)ZUv>C`?=}CV%}GnlG)T*&tt!~>-~vDFFc9sGHctX0lQx3G%gDs| z+|E=A+ar!UFXNW18mLqmfuCjHdh#Pp(b*b5hraSetGeNParW)#1z|f_5s{(^j=$lU$uZe~)q94LivXD2i&YVAGd8 z`9A8xqBtS%!BG5790|10)|~{dAHcV_37mjVvgDccPhz$xQ(rm))efx_M2de6(?fVq zYCprgx#Ll(fR0t{ki5vjvWSjPG6FB@1|Y~VLh|k~o2}>?=~I3a+hWlFE4eWgC zM`c&w1#tkXRU=g_BkLcf#n0NK`Uw3lh}1lt)boTDkP)aS9?r@!6&!6)6AQ;orMeG8 zl5*GiFrf{7OOQ#0~o6eAgo?nzM!gF);-i7*5a^-#?dl5Yd>y3VeYWz8`gbYEjjW2G5%-wMQc&N zQXf5%)(}mA_nV`55DWuBvVd0zmccfT4e=@^^}~zdbYbpsCPrOAnIdZ*X18O+05nLh z?I4Nn)TK8V`#D{Dsfn*(6R;;cvm|Uro{eVudI2f(U=AA!oplklj1&76litE)t7Zkd zF3l(^Oco1z=DiBgGE{9An6u1bgWOs4hx&rEjk(d8o1FWCTJplvGUWSBOqG_) zoxOsmGUz$ssbSb#y?EI0WoZTD6w2_b68;@F1^#Ty;lQ7(aC?qVw*CSepKlEbN|EV(m`xx%Uvz`v1y!1UPKO4LB{2W4cx6zj9Zxlfo6o44tb zD~$VRCMxztsJSZelb31=0eORV!YDcrf&ju|{0y!|3`gt&*I^U~t`VYvWQY<16L2Iy z4<=6VE;)fu`c8&{Dk3%IkKjTL0SK1xOo5J%?p1cUTdjP-Pw-~BNbG6eoGyAmovSlh za1172wDE0>4!0KaB>)TFZ?|zWl_MzKWHM{f(G~MRX4Yl)N13@N%SbZwXePOkkxAL0 z?gM+7OqT&cb_%FbCU%`0-e;jLrcnkH&?Ff?>fojzcaZlTEKS-a8qt~PPfR6NkDiIwV~b8}P9B%R-}7j+E#+>PwJ?rShJwXfvGEqSGxU!7+c<(1#&_VLn+ zZn2zNfEYlMtK5;1lgIIcP|_o#5$`pB=v4){ffsq|}bbLLzXNL^8J zWJ+GcXIL@Cu?rGNL+?qcVG;kPAQU1}dreM#n@n@QRL=-e-D#NDi?UVm7jL^l<#2&^Tjo-BTBL~P1TgPy?; z0)&hQp&R4#B~^2E#a&yWH5Vm*nZVThrz_?;8RUWhTwV`(7LCAM4T0tXdI%D1bf;YF zKkMzay3_hotLDtAd8Fc=sF>dfu6fnQq$$Mq9Xg>2ht{O4{O&825pFQF&CoVN8?PkL zhD`d_eLQ-OO3Z-G{ob#mB0ztesofJhqSBZ>tyx9Fo{eoRj~KrXU4M6UQ7v@+sMzD$g$ja9x9GCKgFqzgdWGrcPkPhD zd+?+^bQ8A-0Y26$9a_;$_r2&9uvn|X_e(dCxnG-17GE2Y(30p!IB|w_T zF~vcWdktTE13x5%WF2;0SBkM4=T(zDqyGy1U`bgFx=M<4mbA{$!qucc2v;lPnXcv) z_+V#AC6H^QXw*>*ak1{M;JO7Az=Js}#rhYTu6hW#AH0_QUnc z4sL7km`F1wsgChs0GuwM1_!g7ic`nAL^q8mRsUT=4RMs7pQ4PZ_`gEpWodXLenR*vvd4jO zOa#Mcx|FhCujM)UmPsq3SEHov@DzGmix*UioV*J7iO&eW;TIY?g!>iRh<1psX=K2b zqc{~ndcHV2=Dr8dK_We~HZwoXw6#Gs)@H@EX#<|-22-KU&E+O1!t4e^#p^g}T%4Ip zGD};IdQ~Q7yy^3WYj-2GrSPKv>~X(0qEeR5KKuqiuyYTTO7H-zyONhZz>eEV6RMUr#I5^d9Ca`%)Sx z)&`r$DBF&YJHHtaWdBgq(g)C%;z zDHn#!f1YuSfbJ<3;R2;hDR82NsBXhJG?s0}ezsvfhhRNd5kw)yHIfP$kaa;)54(&+ zBxUngyb5@!UmFx_n0oTD@`N?!A6850UkNTVh>mU;+8vkxUWduyqj+>JUJ-r12|kqj zeGP}c{u(XEyuxanDy8qSO?yU@1jqVRGsib;;uLr$miDJ*Sx?LhXobOpEFOrDYTCt3 zcUIG$-gLdb=<<=0dqVr-#?Z30AQyRQg?k4#!{STB!YuGWdWqs489p7RjBXvWfgeCx zMC+IeiCIjd5_oBd?J&fl&~6@DQp+;v-fAqK{$QBGdC?P1sGVkzS+?K8#n9c^FyCs} zyMXCfDZmqIypK%6;5W0=n@N?#47~u9Hu^cFd=S5evd~_`b3%UafTI0~dP9F)$P`tQ-A$qE#+CN63TUxC9rTFQ@ zm$jfm(hsp&Cu^J8FPc?P-HKN7+h+FDX7&DNc2BeVqh@wjvzjDT_%QuG)GTO)HX~7l z#mZbBgF!(Aofx8bL;P+PVpGLY3;ZW=@_j2~0w?zk?Vh2HLz_*vc$E)ki_#jr?NByA z!TX}x?Z0jw{h<}Sr@$3l68_Ra$2RywL)-gdt9C-GSk?;8-WtdsbN{Stv!^!o^)FhL zb6drEt=dC*`fzT_laID4D_g}X9+}khf`HSFjMV`w!tNZqa7^+v5KSp4uy`j_XTl(W z1;&nGchkIKO>5%uSm`8N76EdsTMn)a0&F^ZB!DX5)!DfKj9#-s&YW5|?LgyfZ?G~_ z3~wH-Da;qE@y%6kgU>crq|&~At;O(%$&YrswIqP~S^oLI1bdxL_fn`j9M{rK^@W&&qYZyu`n$03dI&qHRI#X!waG3zS+`{ZJW1N>bj zeWco_Z@<8t#?b4V&^KK1=^DudWg-+i4QJ?^!+xgb)y>(!8KUAs!^)^kOsWQyh`fZP_MOtO@x1y#CQrpu zJfkh5v=D~$OX-^Q;MG)yOFt0W8KFHew0nkj=g_9B(+oR?=usc5ckI8;&$bF!U(1Hl z7Fb_F!7l6{jxOrL8Jy6CP90D2GSCrjl72m3%a5)nH?)P|$95~LJH;BR_d*)p;YgXo zG@V?ptfQ?UW6hG}$2$6*Sy1j00t^3A+u6poA~}+G%~UQ{3FCT&<7YXFHYaI>q%J6w!q*Q;BQt zjC~`ka0rJmPvm4P4g!k>(FDF?NX|&JyCuLirgzC;K9ATd&BU5-3NL>cnN!*1^gmn$!ac62&EvG(ld1}KYvRX2~CY^Cm7;X>&|~+$yiwgaJHy)FX;Fx+gNFl=)YN3!W;=7DiY~e z4CE)OBq&hl&BZN0jrLlQC+g-mb+fExj%xa)8ph?8#3zucpXBD=06lhn!z^y*Pr{5z z)^Eb)R(%(cdW5fQzsO0tRSBXnp@=X<6xu^EN`L*>&&f_Y`X$vsi~X0CT3N(@J~aME zqVbG(7gqW+Vx(ZlFt$M`Yj!={kOD0#Qn^5iSXvDhE=|A;F+?6z!tk6RYXqp~I5fl5 z-cp@K$$?IE_rOaD{xdi+y_mR*c8B~L4kzMegDFbo<<9=BnTi&iNk#{WGy&)bl&voi zZ3GEvJx2r4-YbynO^NpYfnc9E$WKXKt^Eyho&3O=uhx@5c9Prbs0wbZ<@%AEny}ch zyI~-^VqgOeS7Gx$4M&J^J5JMZN7i;|xOj`w+K}MQ>Ej+emVCI@m^rJ(pT_ccxtSi= zTZx@LNQ5pbuXWe}+*Ohez)3z26LHkf%ce6dlm4q-D# z1B#{<7sIv^H;@*b&n#itH@O#_nIvZ<=A0xsJJH7#X?zx}HuPc)I$>u~@H)b_udPV2TAPQ0>ix5sxhd-# zExwq6qk0+rgslkg#rBrGRh^Xcv3}AfIaqHpv^uv*A*IVi9zb!qs31$xW zV?F$(k8*kxhIQ@^GgrNcOh))Xm?f1`{hb_H>Cd9ngxzu$$c*wZ8y!%BkOQKYCd(7{^RsF2YoQp2AO0KO3ymM5AL4 z%OPE@|E8XNCc2BN`QQd^?LXp>GM{xoI@ILxWHdN*k4$jlA<$9R;CeM40UcJfTT{(5 z$i$_ZT_hrbQ<$c!lD@=x9km32FM5C=2{ZYqkWn*EXPtJNR*q4j~Bm3&_Pkrq$iDc!3+lSzwpscXKURXi3K5+>S} z;WCgc%R5U`xES$V5{2^A&<;oMwlBRcnlEZpxr$weODIYU0Xu@Da3Dd_xJGLjF8BSP z;>RxO_7m6bmKL6i zJmIL|G4G$Wh2SQDqe_GmNy|YGDBe&k;X*>>Ek-oisPL4QLs+!Mowi4@OsiC3cp5bt zWh@}lRj;{18P`SuqjINAjz#oYrPzxs+BxNv?eoPXHa#zd%YLd5D z200lWx=BxfXbGjG%~|*=EY#5vl+sxg9FGZ=?xCmEx}qC69B@gQs&uf2H74KYAuy{+ zJmB>ba*D%P!3b(#h_x<+APq$1sH+hVC8<(t9>JWVoMgq<{TviCF|BmjSF*s9=+V%= zOE^jNL}=fqwgD|*DWI5T$SnU+Xg~2Kv0Ho4=64uM*>^*Q*AF2A^R+h1nx>G-4VzE7a5?H z+`xq>;DDrs4D8-dOYIZj=J|gBY%!pJl=7HGbr<32JZ4GKqm`9JTUqz#^HN{|UT_*y zv!yd=(Niof;<%;ez-fV0QXOBk+83CgJLpUKhpzUxY$|97{NfOPmtBCTDT_Rg^K$f4 zJ&bbjQH6Cyo2CjM)8O9dfYxtVq;ySA&9qE9T*Vb{TF#A24#Z)TOojqghEhXL`7<&V zb_Mr=os#QAw_aayZ9h`L1AW(r_S!JIZvOSx3fQg-!^M2fpg{#F;>It?Q0@N9x&PF{ z(_oI1ki%aMf5zZ8BNa~9au0&T(dWzl!&Q>Wf$xP1gkJqQSdJJgE(v`J=ZFIqcNfx7 zx>BMmZPf7ik|Ke$#POzx;~XGFTKN5 zSHk!L0ivToLtaDUL_~)E#5v&TMy-HmJHwkC9v^d`-bk;!^-)tY}R9w5)=D z`O$q@gqXi{e*ly~1v*2vNe$&80O&RiufyYjcj1b}3(Z3#3KuU6m)kz&6Pv#hrfGvnj26GnqV-zY@}x+2CMWJlY-cj$_x*mq zzuzbG_C52?=U;#N`EmZvr{5p>>m|SMocFZUpBMY$X{Y%s@3eV06+c+LBWVjNqaq`W z;WhSoi~rRw-Dah0Y{Z|x-?mwF4frglO`7=_U%O^f_?XW(Cy^2~9ux#WYA+>0dmO8TV{T5?`L!-#liuTJKFTBY#k@%+; zQ`T$lbCfP12~~S~r2C+i-YN$trai@EL6w2GxcDY`VB$YvcG~l_t3yxdA+{<8I9&=G z10KR1(bt;pOtbXTb~wA_0kaL!D@jrDDSe1qGJ#0bQbU0

    in;_5RfLpbP=hJi$xN|&9NJEIk7jbpM_E1DKNXtboXu-X<)gy&Lp ziK0xD?_Mw2OxasfynKFz1|+!|nl6*S@W?eNHNr~?TO7fa<$VH@sNAn4ne8jvYA_^* zH$4sJsAV2?klZK2P>Fhbi@Q0=lgd9PePSO)mmnZC1^m-NA{P?HYYfEhbQ=Xt;WE~G?x57-5yD^_*ir5l zQ3EtZHxyIAC}^DJz+2F|!;5E@X-FSI^N?sBHrnrHIU8+^WI?54o6-N;HtV=XZUcCl zmV)bWjP>qcZw>91utX{oifh4sy67fVK5>L{w`y3{;F5%`sFf-z3=o6Oo8R*H;;bAb3{z`e`jeMCsx7XQ_I!bbsk6e>$u(=Nor zHD%7*B2Lgiw>$xC>`ZX4JosdUosi-=;} zZh59ED)J~hHn^F)!%e>J?%zoq7P)`Z6GC}Yqw-)wSO)Keh#Lr{#O$N7PFx4N0X;!o z8DZ@K_awye%F-oK7l~>4KBMx{W~mTZ%+0p}oaO_%)=DZmRlBNoi?#ETQi`3bQF=vk z`NS*i@(&n0dqoFZbUAfwE?*iv=(0g#lMiK{4?LsUz zeZ8fg!S+(^79+dCGkf!%XHn(rT^778tdwjYw?FFiRFWh0V<_#(FG-Fx-tOK>h$k7y z-FsYor!)94f6kTSTzfb)(%s$;@PTsZ4B4kC!K4*#!%)x( z2N9j(E+HD1wM>jWB{!&gjQP~xcdhP&t@l~R+u;D=H~x;haSu}+KGkh^T^ZQe-~CSA z{Vv^2C}(>Yj7FSXz}=c^;_wOki$cANESLT`6)zJWv85JGoQ%$0AGE}z8mR+iU<9D9 zfI>kZ{%dnknRqQw2Iz&!B#5P*ZHV8AqK^{OA3EeFDFHfC@9)a%Lu?aW{SAhWWN*+&>m0~{v+`g%&@nnQ z(mL-NT{Q1}|Bl!Vw9_xNFVT1LvVOLk7C!YzM9M#*u3|%v$V#{nYTQTk_#njl7M%3T z&jeJTRm_dpP3TIKSy9{&GggJElj1#*u#?{=$M&6hI&WVDd0pnO6z9da$&S1cH2!Q? z#;-cz%H&mzU|WjG$dXZ7>dLh^>Lx~gXc#RC0s$q)ks-?HUSl~CyZnYYMD)$G^;udy z2^Tkoke4Fz0kH^RZ3ws^s?hDi*VBCqbt_4ccnTACntN_Fw&7|!VU|0R!GGNy#Q}Ke51La1EN6MNAM(l%l0e?f`~q81Ss zN-_@PG||C3Dsa2Ek!2{nlQF}CQ>OONPJ<$y0Q(@fc&zEsSs9Ty)b>oN1IVh`xC^Jj z#_`1bV8g8P67SCnZ$T9~)(2s0$}9|YqJe}B_9tNRIY;G#591*T_ zs~D(tZeO$jl^AOs#xi7!keIp;L9Lj(Xx(#HR_P_HQpw&d{1 zsw9A9f^PU(yHv;Q6u&QOnjPlP$99GFps}Wn>lG+tqXbhpv8jZ&z=H63pxB_pW z`-4(m;Np*t{c4gSC~V%Apc18^6P%cbnZ|@w;vF9X5>dx^-pz-Ile^ zC;WN#ZkxKp>hCsphn3!K`5o5ad}(!A790SJ;Oq$^BAjFIb>Q&m$Qup?-l)MmkOViA zLJv8Og~Hu%wk#YziEk&F5Lco~r^}au)rm?2Fu)(w5b(ce5y8~Yzn-<8`?Tx8a1=GB zOekTd#|+p)!<8R zMRB#l)k3ci`8ycpb_wP7+UFu-A~oV1O0O6+xG6>jH83*p-HKlK4qWP>&@XflX%_=f z1;L|-_PVgk^OTO%Axcf(iKOXGLLWMD_$K5g;!QmP(Y*0df+bo)#kv&Zqwd6XKuC;5N~S#2Z+xdPgjkAK zDH+o3<@eca*|wLo388%{2b|s0v*-6?gt~?_?%pFb*kUe}x8T4qMyndOX@AkFRIIRZu03L4Sd8Nu0 zSC)ipJg=yUG>E!$qdwdhl+Yh$RDU-frJRPfy_l-s4;aE3TbA(&~xN%~7JT|gQv{|sN z31^JFS=5jA|2PJc8F!MPYd71K?+y$7i1vF$xQPuq9myuDfC1Q01omXzcs}|_ zSp80DkA|i1hSLLsY1=@vf`^`gjeGHBT ztuL&uBfvLcNTmFH41)~Vs1*CvRXu1&)pk}JeqZtX#P6fld0$YkgGtT}wv&c~aJ>i8 zf&Y(UcIY9zB%D%eP8K!@?5b4Aw?+08a-cyFNS`b@7mERo9BJGDwQW+Rx&b>^E2`u0 zT^+W&Bl7#Cwa$Q6Inu6Zeqe+QK5!q=A<=>gG`w*`|l&a%`ubJ1{?2K)n>GJy@JAbJ8ebw*d*_n>* zGcKriVF#{WoPbw*E_zJ!asr#|C+hLx`W(C_>iP)lqW#{2FA)eu@kjfTkM!mD_d%jR z3A3!ll?pkLMy|aEc)h&(GTGb7)OKR{a=S=)PzvOPIxym&AsoDnac5bg(3Hmrx7e>k z_gI*mC%3IiCw?scp3;O(m+B}#O1O+|v@b{8gR%}~3PRc3r}BQqd9uP-noFA`yC!wIYD)?30%Q_D}2T%gDD!jzPe4Y8#IOO+Lzu&y8qcfCE#q;4&6#j;< zNnxw|P|lb|dl{>gTX+RoA3@7Mc%>i3_Cc8qrI90j?x^i(tR)~2-Qh)+t*k2;2j z7EY&>9J;tfS;x+cZZ+uZceKj-$U>8EBJ%O;sohMOzs$ah#R=ErEF0U*GOl(O0P%zet-C$+bC6Rd<3mDwHW zSWy##=;$4Nr0AOpE`d1|@q{eVx}#7hB0lm96d=-H-b0+Xo&-sSyWn@1+PlU-QhF}4GOl;PIL@KTll)%{UGVv z3(gyw$Qj=Zumh=u=txm?M0sYVr5p!ET*1|6G0o!6TH6rU6JbDui{(Is}9rH5@_+qstplogL5G(P29~!W|vu;E9}Qb0i~Dq|OhJmMf8ZQas1A z8pDkDV$>EtMRzR5;Rw$wgu5tbQCI#CF=U<0AL)!k9<~4k>F}ee8e6l_IZxq&xZc+ zZMP@NgLl~7N-4AHrL{}!rKL+YG>@NRm6W>K2HBp+W`MQEL}EnioDAJ_=L5kcjD%J< z|23v!7*GpBD3E<*TonO2T#S8|T{zo0KFEt;wkC8&RM!3Hx0G2bASl zOyM^2pE6a|pE>)LEB(?fcJYDkD`q4-cli_g=Eu(d+m(Li7Qf!?%ck$%PVNx|2e7Bb zAGYv5i$88d$A)}!HAdzv>mb_DF31+zlCG28bE21oU+_NzON6fd-^@M4WZ)N!BhaJ3 zVEJm%C0>U^H-VnlI(MpIv-1>ps-2?OUCK@Vx z9Z$Y>P#I4=)Hd7k{_2VLTz)BM9>Xe*X4YT*J3HT<3xApr6E#3^<)uh9EfhA&LN25q z5^*B|Rhiq?XL&UM(3H(U8_)4TzRS2rwFz{TSA(w02|&giIR)yo*kj}kf6nm2+oPW4 zxQgGceVV+8y;DV z15uLUJE1Y8or!D{;SZ!54L4AiN7|GPpko48(|3{PF<(|84jVO3h1Y4-5_5+`RD#AS z$HqM>A)XC~vhpfE8y0+Q(%sw(%-6hAflAp}TTQmh>HrI_H`oYj#a?sJ4l4pY=l0-ybQ!hNP{(5?$U@#olz509Rsw~);pFyJBHKdZi$?9vu(@ViKVceES=Y=l> zVprP%^$Ws%!h)%0iSr;;!`A$Rlw`%r2qQuw)e85zcw!ZC#OL|jZSgFYg^eZu09XB1{v}7-F?PI-HZHK^=2998pcOldyM~MypzD^TV{Wx+{i2hN{&mAC1uJ6#9?WOZN7r zt}r+%2>FMdZx`6bAhrwaC3={Px4YG|t|!=7X^w12H$&gygtPwO7Iout|J#>`m)n(L zwceJz(yoYFeiWc7pRJ}0enzP$si>L&YGR*?fd!t>cjD~D5uPa8;#TYt1efQ%QV>&& z@c@xQpxsxSf9Ey}Uu||hHraYV$?NPoBz5w8Y7F$^VxS2WqT{?+1C44EZ@%adDfITf z-wg^^xMi_n3V|VuKyUgYV_RHG<#x`qRbNJLNfHpGTVF>(BYGH&&aYEr>2gTT?xN zrz@T`UoL+4fN=(=Z)ew^N985^DnD(Gwlqr8u4HIv80`v8E)gumXd|gb2Z_}xMqALW z(blXhCVsaq+hvWtv;E}v_XU5{e0;Nb|0Bkk{ioRl^%ql-)Bc0^dz(x#+r|5RIt0zO z-j9a4HO=#1+!tIYW5)N3$3AA9Aq?5&^;d*HG$J7NSOAe)Xq8|if-FqoO&~d%LfW9F zF;V!bnSzOt#W(F1-5~`6cigUXh>Omf5S;~Q91xu9Z3JXHKw5^5^|nJG-D2h{{a&AAapOAbA za#w%%lud^cVprQL>&pi4zFNry_ghceTd!9azys`#ZI`m5SJ*!m+xN83zK6Re0bxn$ z{!(~D2@Oh3F6+QETpdx4xZjgewT?@9_q|r_D3xKix^J;6ygV*dEV0OTC{JI7{pTY4 ztoGSwBP!T_j7ZHn9^?uLrFaezGGy@*x}=iZ48Q25nKDVAsh1s1(vwcNjFg!}wILUjk~Xrn`dd65j_uK}&?2f88mCbA*>jOKUU4&>1@7WPH`J;6_u1qFz*_7r6$ za28XK4b~>l$lX+QZUo?y36fV64v3Dv*)Lc1y2R?Xb^fS-!S7-{dO+&$h zaQ`qGuaC1oMakCKu8!T-IJ-LT5=-6EU+)K;ON?M0D|Wk`jMd&xzn|4DBrRqA5MWJK z?}%XkGX{f?w!)9)eg=gGwUa{0#aqHvdmNcIcPdxGmM~Y=`7Ss0<>*K`-rV+{X8=0C$NrRZEaUJaKC8$&RaOPpGpe8!cges@`+{vKO*L}d zPw~Xx=>5O7fj^Re6{oQd53`Iqmz5MtU6WFt77KA^(Kr$=_jqBP*-$2-E!KWjcknK_ z%gGWhDqaaHJ%s$V-h~^gh-`=FZQJ}lQjzgH$n7S=ix^iNX*JQ9 z;#sbIePozh>wSk$Zg~)sZSEER{PQ+TrrtYH{ox{edbb-3*Y#f5^%A?#UQz`LOU?7M zy341K{V6z4q7Wg)u)yd7@k&$3AuVn1W`(yu!yV&S`ZMg91QP>X4kIByaA_)Wri<*j z_!#`bnI`6`Uq%RK8g&GFv`{dCZ`W)l=+MG3zC^63UP3L6OYJhd)Vo;T=sQbdsQHYp{K}EPQc_A|xTdMrJrAn6+rscCx=CB4Z$~r73M|wNS>3%;ni|6+pR((;=`R+y0`E`7iE8Sg4 zJ~-(!4M}qv#xAr|%Z;?V+$e$GP+%hsSNPHOYDZbf_D+T z?ly9=C;KsS`zuV35ag(Bwb(fI@w+IhS$Ypx`P;}Co}_d@n*_agXg*kt3qkfJ0@as7kPmn!^_fL`A4m1gWYTA4U$4#F5LQ<+i-WuWm6_}z!)JqJ5=|a~|?0Kd;fo>kDZo*CBO%82B%|<86U1g6?v}B4VBfD$C z&5$oVN58O^?B?*nLm`IkO0%J-i4cXa^yZSx?{mLDcn86Es~@xAHDPHGS4sZK?@r2h zEO@}YsGLH2(05QIv*BuFM2PdeoR61q^pHh?5q6Cs*IO=vb_hOa0v3Y{C=AOJs@@l9 zjL8EeM4Q`{$C)%36->FySOwi=8gFW#9)j&Bo-+w=s)qwsAq z?*9WzKHMr9Rsh%!pbfLlunn=vlVf!OS#63p#!Y~b6ee&GV`vmFlgy~#d*|MvEDCF6 zPVV4AsC@AzzRe~;2`tfmz5+?dHv9`o|t znCWx)-1xNYxe{h;5@=7W1iL}^yjLUk9oO+6&c3Y?`wxxB)vgn}z#ok1!I1oG=N>CY z?1vh$ALx$Pxz6j6-(2*1&+PGw_z8=KqidaQb9N1+oaM)_v0spVAhe<8Xbm<;Yq~jF zC_=ry?3NoA>h}&Bjr2E2o;s^YLd*!j;ltD zc+g7y{vQiyBSl1t2>Q4Mm<2`gKw=mW6(MVAPgvgv=PPA@q!*}hO3+ndb|~L8x|=10 zGzk$=`pF;Lz()EEF7U@gz^w9I6l#Pf)bvYg*4lEnB) zl8zI3U}vR7eZJ2|gF$r#AfxPFiZrMSmCQ&R&%q?7Q8J&+vLesP{;P736XSwRD_9(o z1x!6-h~<|Is|p!wdA?Gg2`|T{4dVbfBAPHpide1)2&l0Oz9c4_muy-93#*(1qf~u* zy=Xa-ckzZ-TS$l#Q${_eimGE9=(f*Zv-dqW;KQt5-$3;hRDK}GL*dGj@Ai&`uGnLa#kt_xSG2MotFIdC`>j~nriYY#p{zm@H9(+Cf2 z^Nr7gujrwtHXnKj#leV6h7E}A(7A`6-5i!R^T%TK-my^r1wC$vvDmH09oc-`N-#2y zBlAvdSk;;i#+&sx`npmgO{;+EG|j?cWdKM_4d*N|tN=b62=+2Q zwzEmumj`!>Z!Kn^7YqJ^*6SEs$p~5w!Z=%~Ujtyo+6^L2e_os-KZ8fgvt59N$O-=* zrjZEN6WBvIP+;0;XlNGtQn4?2)Y_(Qy8KgNpTnA6elAW(JcGPB7*-HaQ#-BI5<)xF z?KRNexo$6^+Zmcdp~6EvCM@}VWfrk9>j4q{$Rf<5esA7H>V9O02e)D(j)?-yua2VY zz#evW6mC;Kr`%o}*|x~8iQHC}pN!t>6cQs^CT60`4Y2M|cOWc|;ULn*x+@o%ei~4_ zBMP=xX5<4-l6`K=9D`~_*jNvBRU%KdUoh>JY zkV}@qqDFQUI^QD=G=*>UCQRTQv(-$ezQeOEKAzeF`tC?O(0_M8^Se{{?m2d%|L%A@ z!hd%tpAHlArwIikKhtfP_vvW2hHvc9Le7Y?gMkzB5xBt;Ga>j*BN>pcoo_&~89vu!w+!uuFx|#e><=#DQ-}S@ zxf}6%3f-Go0U22y#pAFd>jPiLGuF(XjC1JbRqEWFjo>S&~Ol|hZDH@YW}gh9`wTU!ToXpoZkq>rq$6BkU5 zX7LHEn7;>QSS`i58{QD91;0%~iw8I_uHjV6lJROR8`3h)v|FQH%7VTVB8S+Mx+!31 zA0*4E<~+@eEKbK+cp^l{KvJ12Azn-f#5XiB*bj+*iAvK&T=tI=QPD{c!aZ)(9(i=? zH9gw(@vfbEm!L};56)1saNghE)W|8tR=eM1HGoG|_$XyjU9Wufm5TlV9(q=rPnu(A z^>Yl*>g9dUx6Ny1Mj?(=eh z{z8&|F|jWs?u!ZM>{-Sx`f`$eC5gYBgkRC;F0YhwP+_0>OQkhbW(A*ph8tMsh^kWI z`NwFEF|8oGlA##xi-pA*A|+l}!mQ+2B95ex#?SG{>+)H0^Zb#9+1EmQD0E*&K7;f& zfZDHwTnnFiO%G5U)xR(0P2X|$J{mJbA6HnwkslLs&rB>7V}e*lj&dm?u$iet#jW~c%{fbPHmgXGO9~|9;Mi@ zV)xo(;;b|97EfW#=RGpqC3VPDmAM6#fJnd_ybu7;^Z3sQN|_!N`IfpNdJ$Xwz&!XI z{)T(=SMfqZM52}a7#4)4VuA%*k)b3EeKsr)@L^~wHa`9Bx59{2131$Sb$m&p0 ze;z-i@jIIOb3%zsWa9phQnHcyVuz*{D2@sf3Z|EmU1M&WxmVe@=|TF4W-+smDI`3K zKA2VBE1$Wh_~^FFDUgA_HH$gs;T>7!>x_h-s0UsAb(dhIYQX`#_dnC4=mTc&x9Aqc z6;FTm=h7Da#*YHt&`J*xu0=mR%|^aLzTsAB;pAG$=mLa{3!qILC87Kkhz!LGkPnlz z0`WkNfMZhuSa@Z7e7#Pn+B18J&U~(9kG`AN@*o?f-rTj`Qg^K#c%7L)uU(5V=yAr4 z*Uq>FHXTiA9RM|yTyfW?;dKyal14DsSn#C>Pm^gclzfYzJC+7!yN!BG{Vcy< z=J)u{Ac&{)&WntgZT?C!?|O0P##wx>KAI=*P(7d+2S_b{z!pL0t%SuHI)T&d0C#!# z3O8yLKE~xgUx(w3i5<#de_`BwfOKI~D>H#R54WX8^-@7R$R~ ze@Bw=G`T|6NAX9Vv{5_O4oR3bgg|&-OqonloKOli8B3-Kk>|ZQj5CI`EG9af9->QD0f!~8zlL0ac*iD#H250S&y zS!WAIZ?xcnvJgIFrs09v(jroQI@V8SROkCCIK=%Zw@32fZxEUc`~QR7zLQ7)iMn2B zH~vB?`AW$?&2X`}?=1~~jA$(Zr2Yx{L%Q#hPR(Cj(lb{UU_B$On7@5EY7?@nvcWr6 z$?BmdEI0hH!u3qsqzk3>1KWl_1E`nqG@;93gn9vYJI=>)K^aCKI?%)9pog)r1!)v8 z2Sut?pcO=h_guY8?AZ+CSb6q3s0<`Dg?)k8XrMe)A_JWFb-E$ zS3}7Ww%cakZq`gCcnp;TJbAYKb+>|_CO4pjZ&uFVrq*b0*(D$my`YC~kfjDp&;k?N=mR>yzT zIv+xRD@lU~KLiSEa!p9TL4f)PhC*bF`S1&Fjxd#j!(m)WtmW%@wtEYP2JO|RT+=he zJ3N=T3K|U0Q-OKl=^dS6I}yDOW72S_bVOC_L6JE?e#0TsG(f^Np~Ns%$ye0llUNYe zHLqI>=~l~4)f*ADfUq}_@=uQ23zV8dDZp-Ej2C$vM6>--rUu%=`O)I)+zV%2J($@- zwk(LFr&OePBaB+D%<$r7c&YmUeN}qGxX7x8UTt1mNOC*Z7Ma>SAg_?&A>s?pCpGYVbU z!w_x|3fc+>y4al)1RFuw3;nx~`b+Pw1~VIY_jGW*%OvB?fA`C)7q;H)H3_7He%hNM zs#@54-|Te?k^B1~*dVQYFkQvMQ4S7<%RT_|yTQ}0I)oW=Qf1AQgR_!aTH~t@1cSi6 zB$#d+N`_0#Egh=D^%a{7wg5~>O3vM`qgK$HBy~8qecor36YiGQ=c@t3_%(Z1*Lzu3 z@%4K@|Fb^7aqs7UQGcWhRQ3`n&5sIzg%?XZBKfE!Q?ZIegEe5orTS7FC}7LpuhgBk z#DmHTzaJOCOn07V=XS8ooR|2mC%E0RX*VX&0nK9=#e(n^aw_lwLd+YKs}^!ct8V4+ z^IAY*h}$zlDc|?S{d~V1j-^#c3d6TpX8T|j+KukGJt{>F zRg4td{zjlwm_oYJ4miXV;i3(Mw5K~nLlci;y+=(KOI}sK- zlcL~Wi05^MWh1k<=MfHKIcbfFfaX+^tnhf2cAu85^M}6VMXfsp$y^X3v52bAg`xWg%^P36vs88b$r45O6llN}M^`?}z5?C+3~czh0bo z$^to^1C=4r`Ey4qkgQ?rc-g*;%`#gWE`uq=IYA|=z$=H;4=#Iwv>g!7T)~8ET^}*6Wy{$CqW@vGY<5v3PysK!mKc$=gcD;lm68_ywx zXfdhR(a!n$Q__Q!$CC9ByhdB2a^Sp(PQ}A3O_k7|7#JPNI0%bD&IgXf2NH!!3O24Y zd;WVJ^*zfVQ5q}sbm(vhrPZS19NEZU*SX|~{Yg`^nKjF-j7OWo#i&2p)1lI0^7y_G zMPMhTN9*;4U2Oz?)f){Z#Up0{R?d@{{MC4tAx5F~x`$=NT0N0%ifzK~(85(}^zC+@ z2lW}hpZ0sqO4VQ*mxb+7dj)IjQ^s%vEIY=s9Lp+27!QFq^q`ZTfp6(qaU^e_$D^%Y zBDv4?3@yZ5kEy#WvOg9r#u4CRu$>RgiQZY*i^4s`X4rO9O*mS)Qq z1?v!4(frH2fwPY$vX5GieVlwTVzN;HArJxl70~!uM!N3ppp#@)8q#*If=6TG zt3YtVK~dC$MgQ3#3NJP@P=62NTB})+z%P|)A3awxRlozw@@QQ28vo>hi}I-LIr`8z7Ox4 z3D4Fnn02GUmCwLMxC=kojvOXV-CoENq`L#83h;~_Tv#Lqf2S?pAsJ}Y?_u#O!IkYy z$3d4?FY5?ymyd*tx3}1&=iY}pvpd)21gx@_oxb*5;Qlds*pAfcZz;jjEl}Y3r3|5-!OtVFpf7Y&XIz$ z%I>|;PG|mh+rnLv4!d`;xUW<>a@C|6GZs`O zKPI><%zjs~-&V+P|0N7k&K_4ffbUo0AGl^|)gK}liV5RX zC}RFN;vFW(Cppyd4?mr7tNeSWem>bB5d(=;60Qmh6RVjr9F;s7mNr(+5Qm` z-vYbL7s1ZK>|H5fS0Y#$Q(&j9l23-x1jxXOLm~^u4ek>EocjHdyIg0`xeYFw^x?eF zHwi;P4IIX#Fz(nZVmAZTA`P+_(yk`OekMy;DObQWX!97NnwwFIsiIDJer5%C2}+G3 zT9k5_)-iFNrR^%iH$k&FEdBvht5D z_*{gv!@Q9Pf4~-jpDK9f16L8ef7_=my4jK?WC%G7j&Q9VR^CXtx;_*}_lD7GLeZS9j@G1Wkq89cG?R=e{4gxxy8#MUf+WZ*7zoFz6`CS$lbO>V zboO-@fHqX))HmFy6Vsv=@=sBBaGRElDq zBUAv%?f!m!Uemn3iF<_YWS&TiX~Z{=z{dtexe8~98ja&p652%l-B{JSn+5ecr{k-%klap ze;%O}6FzjYA~!j+Oao8=(;)U#SWDrmIts~)brrwUT%YaHVNjQ064mlsxlPQn zGHK9q-;~7fX-Y?MCuv~-RaFsiKa>$T|f^(>MlngK(fPo}0 z6mh)NEr?1BeYll)8`US4D`C-?ZYAacFVmr#t%NrkcgxG%3kw~6LSOJu-VX=j3YziU zSy7I7)^!A(6&iP~1rH&>+0PRDh5SwEV9_k<75~jfO-0Fs9~lv|y$zB^n$eNEwGV(E zcMFvb7;Bh&EzOZSnm68_^Tv;*cAsoI|I0VJNS-jYpfjiSox$!rC+o*gkmliJ@<@6> z-T_i%Qil9QEcE*#x6{TQqL|w)xJlmcP23B16PCw&U@F4(2Iv+J7KI$yi-V=-6l5=J z4*WhI7yASU!o@xK2av13NYv|8AsL z0z&)N$o>@CpF{TLKjTLkk2RyI2x8C#cVp+NBvTaf3&=SRpolh=ZCt);t54mt%C@Zj zmifcXynUZPkN2$V-m*FlI?uUe@TEswlD>2ug+Je5oMe~8FYOPuh{0B_3|10F%$yzS zHb5%l(viv8gX16pB}*XvaY|ZuQY75enZBj7<7D@&I$MR!hM-YPNuodz4^b{9PAK=y zogrB@ukFV(-q=Z<_3VwE@sB&PSG1%Qu|qj=28 zb!aKyfKNK1Xwc%&=L%W0(C41`?9&rbl>HYZq5!J)Wpw))*$D>rBgRQv@Pl#%GkHDDhqD*J8~wG>IOPX-i1KbmCn)SLj ztJHUgYMyG)q`X_(1TH%6V4f*i0rNcJ_ZRG9O~28Wfh{EMdPWXqhD6lo28+Z%gBS@S zh5X|LB@K(+VexGYhFHb7TZ-33!6b5P{9&{EEu;veh6fx7{lx+$)(IaA{LWlkL&`TE zU&8W4mDB=b9Ye>@V3a@`Qb)jV!(o9ih%pW^sr7~(rRDS~m#YE@NNt6vC|VHpH(MA! z7v5v1owY;ih){}%H(K&aVCUp?s`tvut2!WU-B;wV46mpJ=Om+e91u>67zzD>f=WCI z!;dnVhzlQMWu{{`**%dDhht44SD8%@042&`$9T$LKn9m?cunM1X`VedMc&p*sKKNB zF1Hk(pNp^Rpf%;IO`7YI(`S`w#ZYi@xeu)hq&;pgf5pQ810!8(NpQ+t2g$FqWH7G6 z5W!zj6%i&x&;w4D*8*{?ME;e1oZrG(n6Nimg>(f~-m@fs){@|QtK6$NPtn74rOm+C zwefq3?u4x}^m^J_$RWetjyn-UBD)(!!$Oj=iL4PiOXviCfQ#fS?1tYO!aZw(WRa_h8nK{o)=RdO% ze93ZBzCbZA@=rW6JTlslD{iVEK2CYIVN5dl8W+rooED4cH56rkxE;bzZ&Ny}D1HUE zmGxWkre}Gs6qkWYF#Pi1ahYV)O|MS_T;n#z6+Z|n`cVtlZ!iux3p8CWmPj4I6455& zsPZ=A!7zBnFv%O0DMAhdr;;Eb@Z1W(%=UW}zMc+ZgKHo*x0wlGct_0K;eGXnd zVG{6dSs%}Deq7yspaJSw< zXzDwx;`gn$Y>U!&o877V$P^fdKhb?3GKWa-_pSRhyqh$QI-xojg3gu#u_jZDjEC$#Y31ooXCMjiF1FYsx1ouSA*Ud;EQ9OB!QYxh>^$RsJ1#kFNMMa!ezec(OG;hI?+}nD< z-SUFTs)>gIFx3I=n9?`ln*d>|VPzKXBygYvhf|Bb!P~~-aNqCP zwvy&@8{6G%_pp7GZFn@e4{HkU|Kb|4{_@1_HszNL{*!s|8&y6qy z3zZuI`lqBT>TWi74OEh}v_dPr1c>w_yJ3UFb5dh?xPOyty)WT?-4pTT#^CuldL%&?H8&LF8f^v{z(jr-XtTHm?n9V(*x>~F(Kp17+Bb6 zNCf4l4h<`Kj?&~Mp1uNS9iGY`Au+1`o+3>VHbQDcwPWO}Dg;&Z5j~YSNBK%Ii@=V$ z2N!~dz6u6Z_Gj@OAYm-74A-T8pej2+7&qEY7VHEilC+&f?`(zSBx!_9|Yr^!?Q=5l%=KrKsEQ!;0YxD5_y4QM6JJ4Koz=}3V}?dU#A5|rI2mXJ$2F7F+I5ns>ux(I7-hWCF~?-9WY*+tTym4)1U0V* zGwkxH5PGS92++$tPQ0i1^mq_A6hd!Mex2MzO>*@W2%v(CH0NN16~r|n(4raX@j8(S zzrSz?@NkbU16q>_n@rhkqJu4(JPj8C8m;B~B$oPp3g8y(y1UKZWa*ogn}ckF@)SlK zB#moCP7fGhsduR3Dc2%yu2WdgLxzk>o*TyU(oP06L1^g2R`0`Pk8`i*Q=ZIPqsRgWss8a$eVRnorN=8BB}H;Qp1O=K`gTcvyN; zIL5=ZkVpM|Z`M>N#C_fjIyyeV5AR8DTId#)o7>agHlLN7_r?vaHy%CzjV(5A6!~G5 zt$or<4sr*Vn_KH8H-jMG!3IdW;XQ^c?5oWmmiT?<_sNsbsT6Mq90A%S!$!ykk5WDC z#J+fKxW?Aj*F^nmgJmd^+sN>6N>~#Fh=>vzKo(i9V)|fIG6DuM6$4}6a^WL!^x@3z z$-?($c2{O!&Z-B;699b9fa7;H4e29yFgbd#4D+z;s#vMOUR=K*g5_G6=aBnyI@ZK@ zN3ry!9-;;+QiHUnOejVX6lr~wR%lN;F|EaJ0xf&BT53DEDon^?`8A+-fLC(!HeO7r zxcEeF)OnrS3~T*74qufN2$!j+3RlZ-T2_W4)ru#RvZb$VbN+>1;xoV3A# zvnb_89xenm@goXp6~Z)4MB9!Y+Mz!@b&vFivER4NJMWrzUiIhU9yc6ZqFg;Cwo3OT z*vT4~vwp{ItTb+_wF5}Uc&cVk%Em*Y&)C)?Ca)wZ5Ktpe0L={egg>=Rn1#^J;_PgF zD+_*vMCVuS8h-V6$c7ACFAJ&+jv+vWHAbCJ(gwyPoG-U?Z;svXL);|wEOH2IViJr< z?k{?}9Y?lV#r#Bm|2yXo#eQJk7sVBB>IyEYk5|X!EpxYAU)HU0YnQL7tTm1fyOOOb zul-BcR`7karj2`QYcnNWJEMO3RPcmV&UY_jstwfVY|LI%Ra(u|UM4bso190IVFN^PhTYTa2c{zkp^9wn*m z@?_y11wokfMBsG4ck}kqlh11)BgjBUbCI6XTx;#kV}h&eO1}=f)-DKkW9xJ8b#^Pr zmV5$29+~~z{30A|E;C$lk_RmOf+b(X|1JNS*?*h;%<8{@{mg&ub6@@1>c6w(V=lg* z)fRrU1#O=*+hMSr_6dvbSK=WL;1A39HhNG=g`=-n@=e%HmbbIpox9EJ{20wg(13?s zVLN-CaG&U_(4g0CJO$bgV~PY=8!-#XW~V3wFuP3f8zB(#$-$!q=<6kM(@9a%Uc=n# zHD!^nVkxXhy&A!e+Xv-L5)VrsiPvH~Hdw=Rk-T=)6#mO|Pu&pO)kW&DB6;Xe_re`= zUAfWx;dH+*Dw-7g$X{V!4K67$PZvIAp61WbSg<`T5j(t_9z-jMdJ=$*LRY73)JDJ+ zNq2%*024*z02@Yiq+9C<2N5JSlizeto5_1z_#v0vMM|ms8_tNq{D!N4%O!6Q<6Bvx z;V0k~!HF)q!`VAs^e$)rW*76Zk#?!St^fHN+Oq+bL z8(x2~+ZODSqu0zXSkn6}J2yQKp~vH+%fBS#)F!WXeQEMRb(*)T z`g+nmmUPXjt_m+by_qSMOHeNo6k@FeWOcNVNJxjvEJLxghVu4DTWm3koBORY;!`M( zT7wMAqh&Il5pepUB9EyVd0!79iSpeb{HC%%43k`%6!%F_mGDPdl#xF`44?=Nr?M!c zY}Av$O+_|l@YH6WMClElL{0=^7+YUGK%gmKeaU~Nk>5u``u*1Rq^4DZ-|$MFul1-{ z*v|NSttUKg_A;LE0}H#GVvJm#TFqowB&MpFURKZCKAQXat(A6Xr#;_;<&@u}HLC=l zv+P={`S{}aI-?|2)s2T^a$$gPXjTI&!MF zDrMn4aroib?u*^WQRFif{OkT5Sg7)QXJiKYlQd9i@<(0ywX^^0^55gVYRA=W?`e?X1}x_2^6J1nj3|7ENZMC}SGIG^yVw z%IP?{kU?4}a|tsAyby^M`&1lE7d1nO1t%1}ISrCs5beDVZ5`79mrvFt*N0t<CJNunc7RN5F{)&k6yruq?tyn?E%u)r9WV)hd z#wZ~S7r96`%?(9*Ra!iE2#~63< z4bFbWOhw@)&6HlRz*(tlWdGV?2Nm$hgk-`5>R77*Gr@gP@=nh%7C>4w;GdoQpsVc@He+1X<~2YmI#?r`osF#q9QxD-%oML<(Br;lpC^KcqJ-oyB#SYlkA%9po_}@j z^RD9ePlL}^kDIWm{-JveTgIh{;HQx+0Nd^0St)%ZzfTl#Jqc-z!_jc0_3nkiZ=%$5 zfjs0#F8qbw{X^#-cNM=c-tGCUfZqGwe`wwH641Orb4r*EcTbA5S&fk+;Wz$r zXs~c&p^BOp8oYq)&RMW19*f4avFf-B*2TY5Uxwh9Wdr2FUj^?sLxX=0#2(H3;h3%9 zUshY$ueJ&?lp?p1c=%af1>H*bCqq1^tou;O-nUpoZ4b4pVBo(5)JmJlGMy9O6$Cxd zd^s}iMs2-ItbVu)Y`y3@BU^YsiY{FBSEpGG9|wdIf<-`e>jN4facP8-vM-ReD3mWF#^1{NLZ zL+Ww6=dpt*BWQ)t*$|^At`jLvtG*wF!7$%BXzzMYZ)g60_TB`*j;hN4ue(&e{q^3R zPIvasN)oaVA`l>iRX_wp0Yw4DZB)i_)Nz~{35)y?M?qA?H3^^~qJtwUDwrq?po6=j zqLQe9ilVq9p!t2ix2oQ&*WC#LQD^@DUsu1XTidOB&pr3tbI(1?X4tr!O=Xj*U26P7 zzsS}Jps}dAP#h;3*9#?1b&KlJY&s>wbX>b3X8Z<6%-<150F`g%6yhH1a9J;fzpJ~h zjJ*>V%G3zo)KyfJQ*IOnDZ~);v*E7F%=7{uW9$o6NoGZ04ncsS6ir4Pmh6VTpK~=CA|566^D8YaXzb->1yb?{p=^3##DzEigl`gfJ91n!UBE zw6yeedm_R)s!%_1_XzL9cQmQ*mzw@|pP6QSn|lOFm1-Nfnvt$KK*=+D!X|1suQ2uN z#h#P9loD7%#z2#LygS^BkCs+m(0Kk}bQZ|r&NPklkY~$>#zmOa*D;My8$UU;G3Mjl z(dF=KR4i~b%!{SFQQ&4$cNq-Us`_}}6)c~rIH~W75m8aO%SbuZ;O8efgE}vZuBSF| zXt)(DX%!k(eXJ8nXh}jVZ`;gMw`yutlgEIiFOR;}E)r|d6m3GG2qUgBD#heZ7E5s- z=o)f@zfR&{73$~^N@SavwUyoEMt0H_u7NlMEUBXvC{^WDzUj-=lq zrl~zBo};F9*ci^lp{81e_6Qiu`g9n)gP)0z(gfXp5Z9_Ucf}z(`TRg8OItB8*%C^H zXgy>g2+pEeXYfM{nh_`yQZ5W5kOU$S9GKItR0i2iz319FrRiyjPQ?Mz(rXN=B~&%Y zi?-b!Qw?fosz+=^(3 zVI!nU>3P`CxW&0Gsq+}#FU)B$YF1M~3|S3@HVkLyRjB$94$f6?E$?cnNm3L#>TGoO z4u_8JOOf|PU@ZCpVMU`c+MRra#l4UpG}hc2h)o0bW;SdNOQp&HbuoimNxV!jC5`#b zpg%XF#V^LqzNir2n#gu6j#;rS&uNU=XwUdTQK@P8ht61uueMo z%T^eG#rRx$7Wx_p^1vn)P$;bhIM8P{K9gzQ9tFt=*NHVE(HwlRlv}pm$Fj@x{!sKDnCr1^K1w`lS>F(qW2ptw5ds6a@DbYm?ODaPpD?=iC zHtLNWsvKYk)L0!4S-rv_7F4n?l~)tY+?Q^Zm3t-ZXNLW7 z;Y!Qm9k4WTJ$^BsS{O~-`?^H9f5cKsUc9VOhuv9V|;(b!v;TcfWhLjs+ z=5uJM`B13m;;_e#A1KTU`>BO1<*oS9THK`O&6C_SE;lG#qOEj$7`EQ6g(Fw{x=!rd z0EGg?sHFso63%mGhn6DMQ>kPWQSG!M1H^pVDOb;*nNr48$j}J_?qkK(f+QE|O0Bb7{nMMx|}`HG#_;4tpQ=)5E^9)lQ3+ zU1dIGdOm2DM6C4 zB`*j2A#^W>;+d@K4x)X@+g*M+EZDGH;7*GW?DFIi$V>3G=@Hv4+d~m`V#@?ob6g}AA*Uyj}WF@DkGHD-1Egb`M-fDO~Ycy%(5LaC_u zvhWMYUkxp5Fqn<1N0kbVqriI^OQoj+ea4LNTSOmbfd^%{7jL$#m6nMu5-r1t#a#q? z!sfIhIY;0tFwLj!#ImEID0aY|9G_yI5uap^k53qpE>c>UO2lF)gI*2!H9IwVRyL26Hy>1}1dfFOvnoRp+48AhmIx^tBO)2~3_DT| z%|Wvc&?tVw7L)4F7TsphK7-LR=3*Pg_sFClCuOK_RPaKVDsaUAj`epL-zn(Uq4~hr zbb(1;oej~4Ql2U4F#QC|Bll?d6m{G!`z4g7f(sP50ePu_^$I20htkON8kUrlN zEyJ_|x9reAR@k9Rhc^z;m=VcdfT&#Ni!i8^7(r$+8mt}y!Cfo-Eg z@SIwT0cj8sp$XO%+@||eut`- z=ThJd>t|75VZ0V`Y2qOmp4iR=<2%6BNWnD_U7zQ%s%p{-d{aK5*9J zD&)%HCRZUu{JV*4hNrOCl-`Q$D@-8elml^$-;cK_h-6P=*yLiFj`Wvj<}=a2?{bh& zVe-UlLeSU3B$lE&DkiW z_pzSU8_xR)t#%~e97|A?EzjziU7pc1vplV5dU>R0v^?B1wcORS1(pQ^{;)OCWkyE# zAEojUJx7+G*mHRK(4ND}2lpIOKCtH|INHYH-PP`T*s7$o{RjTuKn86m^qnei!ocV0 zeb32KC-prS?`F^HI|7W6An?n!|C{Ml#p5EO|J!L=Z-3qP;W-{e%eG2m6sfP9Qf*zy z@8ri>Qx}y#9rxT2mv4%DZj8&f#Xa{s`<9ydpm!gx^!_3#-&O88!TqR`p}#C8CD5Jh zCtj480)-zMQj!#bwxTG z7TY8y`%SaY0bJwnddT@tj_40 zU76L-?7n|qW$xK_L3w`9qVmF?#pT`lmO?9b?_E(|K9!M+)tnlxG>0Pp_R+1#!pe8eeJWQw$FWYW66BBWIj_eH)5BPAzBn#hw~wxlmx$~Za0lNWxD`s$~aIPt&a@w##fX2R}vgU3`%xFV=yAhq=GAR zfLd5lT6!|yL}8VzfMSAA_TgZ_6v8N}{3Wv6V_>DY-KjP;+j$!COTD*r;t zO>q<-9)pU2b|IKRUim%xS2|u+4Q{sm|7G3HHu*0ksNrRG->l+elDaD&mK_4H7&!Yf zAcjIzLq00Rm9Bb)b62|L3cWFv7emc7X;1-t?JC#*e&?=o$@_!J#o7jOcv%yyd*Xi7 z{TMLZX!L(|s@HDGx0n=Cvub)!nEF_Hy>Xc*zyJX4es&4cCZiYMIDu-cMg3wVC424nm6IXyq zKAEpKO>u+qUu;)nuI0~QP6CsOh(4%)r%K>E*{`yDSC7f2T1=zuYiM_1vR=L^xO@iW zAOzxS(s-r)6BL>>Pa(8#iLrx#J0=M*@7Z8jex?;lktc8mzGBuxN>Hn&FQJ)YZ#G>B z$Y?eE>H;S$fYLQAt$(cTC2zZb2}2&m0O8IMUoD|(pR66(AEro%8T@2(R5Ps|D{2qmfyBPH&jo6)%%Dq!wj7TCHO zatDJq*Ln~0pYs{%P=$O7bBq!6-%n>&ikcdGBHJKM?#3mhn0mB|H1#AyCO~kZGET(R z7`!n30aC6%usTpm-~(p|9|!{*MTfJ(iC;6;eKDw!N0W*lwx{9C1Z1Z!jxu~!Q+6hY zOkt&q)`VzDv#A~sXndtqkAp)!{weI|Z-5?!+BEU9`DKYQLyf*K-%_d);SI---;A)I zh9wHp94J>4g~79}J;yfYo0$|G4NBjO*jTJ9F1XxumP6&Nx);U*?AE}d*fw!D>|4;S zD$PRt0t}E^8|;3Ea|i_5m_p!E2~jXNL}@Kd3HJkwx(T$2ywZ*kUZ_WF7MdJZ{2UsZ zslI(ZKGkx-pj~UI&b{=DHgLoRPYF}!WAX`fS5#e2>5qsG)6@f2oc5PL6YRidmuI2v zYU{*istwtx3|ROEP2>eoD0cv8#+q4b5M7)YgZtWHFBW~?8vNnAs4ahnS`vC-s{kR^kz)T>dlPV{l z0>aqC2~iQ8h+yM+9OMdPkHbbFcuHR57qLFc;v~!wcPjX(I2zeG1Cj9Z6;yYdIex3w zPfKCnRoFi%q^nz@*7XBISZC9SVez{8mHE9m`T>w-0#?DNXPGEsJOnd2_Bcucd_M zi+ZN%zXzVP5MoLPX7f9_**%^PC{72dc{pl)3qcb)dkS3?=6-S^I}0g-ys$UJ?`T+6 z@{pkOI5X2CK{)^_CFp5BhjY%jnic_GDrfX}zhN$d3?N;t#~X zv6ST3vd3YqlMdkQjV85Znjz)^xfx2RVCx7P{PIoNg@ZIJTc#RHl~))EDtZBjAkqh2 z6)1yYZ$Mv4inwPKKZ3MMZ67MNAi(0P6c&{Lk*>miVSvt&86*}-Mu-U&mMJV{R=Sg} zRXAtcD|({?KC=DnbCOTZ#%RL6TN89aW2%G|pg(hwQ1vrfRew3&a{KC2K$Q%R8!VpG z<11qGq1b#Xrg5*rY}l0FDNQTU$c+xu#Aya?dH)fYTXPh<4~FjLqm z=YeH@^=7Hj9i5L`ykJdtnYHh;W|KvHPli_ruz-WBm+KrEE`9g|wsfi3irpAAG2hn+ z4xi2Uz#3?sq#gBObSPWnZDwg8CW(|ZHpZ}o%7+Ss11Jd#gzOj%W;8A!$(X1ET-N7+ z5NN8Y5NSIP4GdAve+-n9mg$e`>oW8*#FOgF(qqwGae2C<_KfG=O~I~!b!d!t2`!E* zLMSJW8(WxkxidG!)h!4Pndg9Y?K{^pv2#7HE2F6^soflYGwDfIJ`#2(h(;rk(`*VS zPxKtonu#K)oZ6X@heFjux-k~jS#S;@?~X1^06SGAlAt_8Kg=W@xjb<{bjhvE7{Z`RWJ>r? z)CuM4p$CVJ)e?88yMJmFEdXg%9c209)IbigP*Qi>X2wFvycB5`NM{`o1y)c;A$xFt z(}&ELVNd}uBruWxRbry3e*U36KHW#fYo?Fu@L>&fJ@^X2zI7Mz;m z*U{~+O^wcXnBFx%k&zNtLHjUq?Lt!gE(M~@?D#$yrwP;8k43}t7K5#jgP|9^p zzj!B&#aQdX30l-hzGs5&$h6IFX5<&atk!7EJz4^{2XRNb07!dQ zZWWgKRGfz5Fj4XH&~kM%;q2HmNEB`^kV7HABw0$AePTZTB*&p;w?A=K4^7tE4;u4o zOea&4`B_5kz$mXZ`};$nG7Xl2>V8dmrI|+z?$vUxA4Z-UG;@C_<$i9OMxL4J$fNNX zi#As6qi8N=Mdg9F;Ui$&dP=+Du23UTFC$Q?i&s!<$5r?=ce!!9Y5uSNBYjnnk}xmY z&jabS3XlE(l@Ru5JmMj)NM!5?Gn<&D0giX4a7@F_cL$i3!hTVJ>>AwZnZB6uW~7x` z3Y3!!(o2wBE$wgg?Hiq^(OaXFI5+rVGs``nPo5{?QK^D>59q&J3ZSRbM(gnpgVy4i zhB3^oG<&;g{m9ih297g~92&67$2w;U@Vopz9Vt#JSeI{#*t1W7i zXP98`>aS6i8}>5eSk_!oXb|sjvE^H>Ie@Y4Fo2a*lk(?4>>~5FlOoaxW6073dW-KBY`5w4Ywt9Sdvox_-ra?t zYCP#8bZ-CtBW1P3Zl%99(bJ(DdB45Gc!G$0-I%WdD~DO+S9HWw;Y&IapyUfoUC_!Q zvdD8Y>7orI zm9Wvm8AUoq8a)X3pdLugKI1*r4^J23E~Yq-=&zdYqzFA z8JHX>*W|#+kNdD}S%AuGP|0|e`6nRoO7jZ#FE{_l{$=JLim)J{?9O0u5LG_ZtYd#L zq#-c}VrQS219lDr#B#u$$tW;jfV@XA;M$IBpVp*M`+ZdV=YSDqeh2P9CF+)WQw?|0 zZ^2DSWhA=FR`xTif^rv(D>_dMDo#_keo$G2QfmASh9!}f^f!+Y*qS9B*Otm6mG) z?hnyaWN}53M>50IHq7%S>5b+iE$1LAT*4+P$zOSz{M_Nku@ zmixF;-Hv$r1R#!HK`1}AUO+!k2!}fooEhU(zcTD+R_BCTSuuQe0l)ca&ALL(_JQwe zFySg!Lj4kZwi+|Yj+X+pJ_TZ~sLKG|1WFaU51f~-EyUj)j8kGxw8vtU_bgiYL=jl( z|8jG(J;j`Co>zIUeIBKPcN8EJY4B>fV3a16AOnQZToGU?3XsnD*VTonAcVYMVNa)v zy_&pVk>!1%F?eq=|H2Al3p|+mVUW? zo_;gGTD-0=q3bFor;a_(FbiZZ7=C(RZ?)eP40X2?UVMQ`_9Z_0Z2GNsJ=$;Pc@=X@ zujS9^TgCVD>-ttZ-Ojr+g)FCYlWYj~hAkYWt}{ND@#md6c9vB4fLL(@R?0zT&Ph-) zhqNwwBL5Zd?s{5zcjlm0D1K3QwdKd1rQ4<2^%4}HOy6fui(l=dOM)tQ_Wg<9O-s~S zuKY|n{jFL&FGH(l49Z!W7T!sE7hC-CYV%h4S}ooxTVCE>J_^=3*0ghJr*?!tX*;z_ z60lx|rq!u`I^dIaIOvx9U#i$&dSYGO8h54?;k}##LB0#!PdSmX1_(tMA z@t6pPD)K|CWePrxnW?;IViFYGIj&Ew{~KrU#jYty_O%m`49X$>2%#+ZbIV&_L4_^* z3ey@t4epBKV-!W~MEDLSZ!9^;7qvV(oR%OWhPlq&$N@|^6K3OjBj)N$OK{Ox*NYn_ zH(r5BG_$nq>v0?R8VLh6A*8O>iSYn#HaXkG=NSJ6IL1(0)D>XJ4Z0^m*|LFWaw|6% z(!F7ZExiZeIuPJGE$kPBJ*ygZmdvM?hX?r`7;R*djXZew@?scc+>P7SMDXoJGJ&=W z?PkqU+4r9W5Sbe=Ge6Z=vQ>vY1281}3abkZOuVtr1q!|BFH>m1#FHhz!eU<|w!e&! zrc4}DIcJlj^xNcFvJ+Tx-+&+vv(NUey9(+1Lz=vEl~ci23#hPwm`QT=VYM|wBXE;F zVXikX4!cZ2d9J~8nC_Lf#1GreDB2|#y68W-g`1W?$&B5;%)Ti6q=U%@QPnp!dxE@QkjM(|7GN@+Tbc@Ro*%Y(v_Z<)6N#Z?S60Gqhv= z)E|sJ3+aV&%gUiSjW)z6*+XuDQhLBk%$2x>#D7<2VcV6@*t2C@UHnX#U?`8Be6B(%(RB`~oslMQ;HV_z@^jjgkj!bO~-@y};USL>gPDq*CKX!$3l;ZerN7|ADo@(_KcU6K?2tD91+zrF2z0hS z@?~?%+LIl@QPN(Owy#Qzu0X)cR?Fm=co{NWbGbr#U7^&KN_{}750MIgAFaCUNJC`i zhVOy8tTq!#y%a}3&prgp$VVW1t?`qQ6IsT$@a0vDZm&cBP%jp61F}H`(t?CNBp7jM z>kb7yS%_0CuzdpSV4(upo8+b-#(8dfhb}kn9lXkQyhASuU*c-|O^$iEgFgG9RZl? zx~RRCHYPu{8xp!M0VO`&6{t5=)TU}PK#&Tp*#eKjm1qjQyl~;kGgMH<{p>j^u?`Pt zS>g4(K&~9qYi6sl_aKFCfi!(Gv2Q~V&&%O7&rnyCVX2j&o*0+mH?1Z7<~Et7@nDqo!dAzk7LR@# zGqXD0nu5YfF_*e|A?MEu-IoHeu7$Db7YPMhi^|xk!e}6}4o9UWnq)PD1z?#UDaeG5 zG6^W2=ht_1EI!|irXu1sFSN7mVdhXrYz6+VG^~D@%Z)`Cf3fjzHi+mQW5PuYX8xTF zhisP^_jWCxoTqCHA-eWP<1R4%925UrI6c=m^!XF>N}f0)T=`e`Z=AoFbL8V}FLVFM z`Lj8HQ8<5rdm-m1aDHkyf0jF$^P@OFKAa!tp6U;e4-Dxe@t2gCHU12L7$pp>Y)Y-Q zh$Smyyf=cAT1p;f!GIW)fQpbE9LN9C>nwtV0p8sX%b%(u!Ro_zibW>@FX=EOfE}+9 zY7OlbQaz5y$@q#M&^mZLl`A8-V3`)rBsI&8xjFGXQuEy+w=hPj8KaeDZufWvsg(|Q z9sUXNYR5`eyoM|LHlz2nsCuhIWym7TJmtMeQKR~mCOVg(m}%#wt3paL(xi^)&2Azt zT$znz9nERPo3)JC=ssIY$^s>B-#sFICVc`WvrY=mn<4-^f2TE4pi;s%H_MTdW~rQd z{}jwNKVwaF=+s0-Tb-M|ZM7+QS0>Q>b$(33q{(~LOE;+DysCHh7?u1yI3UGcghhHLskNJG%=J2zc>X{KC?Hd z2YSUvU`7X=b~vNU6p^LWkk9CVVKdC=xR?5}L_;xXdJF_jk7;4QFzibT5!+qI%wUk; zA4paH_J6ylP*qey+rwNSMo!0mtxMZD&D=1vHUV_U3Gtw*}8R~;!3)j@9 zz3FTDGx}WGuXuK!JfDEJtvq?+?ap4xAdqh90G;KWPuujBKL&;&{QwUgnP!)s6O%V9 zmOFqbay*`YjO=$%uskQXT+F@r zYqdWOw4&F(Ha6$RW&@^<(o>{6ebU%Z81qSkT1bjpRO-`#s(iI<-^%FKrXj8Sq1r73 zpPYukLUq!R1eYndIrHC)4RHAN@cMaid?unr&9&2wbdiei^+o9oQjb7I^2TUowd2nE z$vFOSjLMn&Z>Xlb$C$gt9)T@cowC_^IRE1gF#v)a#6Wt<7idXJ%Er@@@x|K-E$NS^ zh|0pW`HvcVv5PN2!j=~95sCz7hD0I*B}G!v^x?Ef^ob5C@+gW_j)Brv{{w>nx{u4^b5Juu8UFsr5rD;}EHHl=?sD!J6}wdc9KruG9s(dm+2_U&h{^ zhV5Q~xos0SPcY=KB0S5tRM->HTbylSW3jBXt#Y^Dia5RZ0UzBlj0{6ki}Axjak8*i zUMti<=HzJ|1%vz?u1Id4>uDL7+fWX8w|kaT;dvo( zieZ{|O!#(USu*2B+KqS=FZcPm-*GSbk+l!91~#z}6l3y2gyQBs>G3MY72bX*bkdYA zC|kiH^uo!D!M$`6)@mCXxdoTU3XRx4NbrS60S&og30>y#Y?LcX_FCM!i?*r>b7<&D zSb?lr(_`2Ras_B)cM8ye%h1I~!j17gSAAUD&U& z9;G%Zb*WPCRqB08yCvhhS`+a@p2TI+o)ICc5M5%j~x=*Q}EA>mIezmY&7-Tw~QeDKMI1fUZ znYcK;(e=AghkQe`TO!_cgW4cWdy|A|4=gEGub6i`&9^)LTAAjVKbqrV=HQO^*OoL z-?Ba8B_X}1TkRLeb3=Nm+nxNTBdLC#|1h$^)~d1;FM9d?nC`ER)QftGmtHDAtZq5Z z>NwZ6{3ow0WTn1$E^IIMs$_&!5$C+agmcI8>KI-ceOruKJPsl`<|6B5ZbO-Nm0|Q7DLbZ+o21NkaX2(u#feb24)IQk&7gYwM$W6 z$z-u;!%R@s$z%mu&!>AL{bIJ9rNZ)?jFB;RijmJ^!w}@NcoYNCrM4sa>^3tT)L2jz zile~+nN#uYMDkfX%C{#`+{t_wptzHLN$NW^TsKPsDBNQP7v@x{`i`6x6wI<06nBrJ6n82*IlV!OJEa_d&(=*p-mlZwLTp6gzKgJ2A zeXu3SNyl&QVinUG%=1AVXLK4aTN{0}l}@jw_nF%)Yd@9W$#cm*!7_bu1OMSB#&7m} z-rR!$bXtLQ!u80-r&PF3pHO`NVimsgdJ4yOVf}OM3&vL}y{k$UE3c~)K(uR>x~ycb zF6EU&T!zD8v_$h@rKdWxmQ@SG5l*FwD7Ke!C(HPR2OoTu2)c;x)=3KZmd1 z3F9!aX8C*BaYEOblyNBguXmZRb(x#09=_}TlKTn5b^mqiVaI}yt2N3$$)4M=A66A7 zAmI+#h_sOHg8BXO>~xLBe*`u{?+Ya9_88fSrbo5%!&QH8i8d0#yen4X3kVe)D^coE z*%wZ9RPnuND2(rAkE()cc4?*UE>y5x#m88|vUEpVttZKJSjP$#JHWjwwtsAztAg_A zqpn%IL~6Qx)74#Rx<9*SzY;!zCW)nk2_p&fYkr0ZAlf({ueL#yfoB&xUR-yJ@`}(@Poj$U77QmS$)m4OUWj&uRG7&-n6$u| zs&SVd9yp7~r9y;SQAqmkSa(y9(#pwhCv4HO#^P$?5$P_z4tPMPX`u&;VJSh z?bSJGT6yeJ`w*dO&qC{{1iMxV*D>~{A1$_u3ibcEhE%HjKsQ*3obtNvHrKFS(dO2> zO*q49MpLde(fZ{C8ZBUeK#BmUv-MM>i&o1E1A?%;;|h`wcojIvt;-PQY+HuJ?uSa< zrPPm<`ms_!RqAI-{X(hxmHM?(zftPewFXnT`$3=J1g|pEx~k_&RIM!K%jG_O?UpXFj(dms$KquCD2OTBje#;5)a0- z!uMB(!73A`1}WU7VdjGRX%X2cbhcf=gwASA+8c4s(&|1+*$d=2s<5TKtat?(Wp=-f zD1X*mb8E9O*SuV_LPm|d%I#6(1E@KdwhX?nym_z|O}VZdJ+Q7CMh(V+W#egCmsDuy5CM) z7HfuH1dPzM;`Vr8+QhMaJQux7)Fkb|9iYisxo;c=6Lve+=H}Z<-J#U?l)6)??<@5K zrS4Yh9;JSw)V)gGr_|4t`lV98QtG!y!OH!P-S|KE-bR52U5VzfXpq)qKZI)H_jaU$ zSmfu3wTI`Zr*3AUbjk_QmZK$hvmbtPSTwtagZ;>pxpb{kA6M!+r9P$9^-674YKu}g zDs_`mwgZAyJfsV_fyd<9q*l|}%rC0TxLna33sDI87(akAXy;5`STDgDvL zbP>GBUZN-4)~=9_1^g@;i7d%~+nhnYzH6e-9ybws6ASamSID^IkJfqY+w;tGI^KS| zIlklkC=|pC7dn+O))~YO#cy{iW9&)YJ8q9t##m&2+Ijyvs#bVmy7^=0{o6b5_nNbr zd`N#FZNhH{r4IisOb08`)UHga19f>6I`k7#qS?W5=ca;E=E$F!Je@0WNO7Z%;>IPI z5608&k>&_D5|1+-tYfqUHoQybgLGJ8J=KYx9jbYeac`F1##y?CW``<&o^h|!wO4WJ z%=FT0+!WG*9E&q2b!m?ih3w z_7Ca9+!ML~1e7w4^lu}?NlPh1YwtCFH%S_TxF{6F#=UVy;${HwSkd5Gc zCv!Psfs%=nuf|*7-`3*=`nd8!2Ph zI5!{M%`D|CSH@UrSfo$Q2hl*;2bsve@mk(J05jRr#`^p1hPscisP|?xnT1BdXfhWT zZ8X`3g3ai0(XrJrv=HX@u7fc<(LAUyDBr94=WuPb_W)bGca`qx?@g`ym^OxYu_fSL zncAV$HI%PSXI{ z)u4Kj^z*E|ascPLy_5;2bUX;v3f%z$HmUSuZ8xQfB8ATS1_qOXktyVA15 zgkc~u1rRhtiW~kRH-eS>V|u9L4m3lf?bg zI}YwcS233>4e5l zlRYOL;3e@(?ce*Cp-Gm$_Wf#nYWc8I&F@owL8-?blbI`$1^AePToo0_bzGhu^YcA* z4}#EFxV}ef<~R>j8YIYkj92JVJP;G>8LhfeToWgaMr;Rr2JB$>0N*1Xtz7{+t~2L= z!UXsZz^>v62>{ZRs0f9ogkNv$9t1z+g@02wuvj6Yrf_q(LNqlyJ)UM~`WbdM_pmiC z&#e*c36w^Cs#QF-NLrnMBnY4GH8|E4b0Xh1C8RiW{5&()FEZ2oOacNe_FaJfEC~5wgJDPha#7{0&fjE;6_Cr*9@yyiYdcN5D@F zg%Yt~WMFp0{5y=Bsj^j4NdvDx2U?8TSKx1)s9!o5tUf zJs+p}f5mv7!6xko#(dxSyYgr7dQ4cMFBwm6KQSIJpg%Pp2iNH{KQ#UxMgH)=G3M9C z|IV1-8vlSX_$GQVIKjqUW%^9W$Nb3ndr`)<{v71qA)h}GV#AnU82_t0pVwP|A>NIw zCv^NDY#M;W|H=C27Mv!PXfz>$I4TmLcKfL7I@d9$q&qqvb`j_BMb2FDi0W@9339{m6x8B%-1g#*%Z+*&(g4dUNkp;wsQz((T*-t~CA zmK$6;V2wTiJ27OY;;oywafE{(@ze1=g>wf3!8NmeP?nA7c`3`zH;ep2v)IF-`6XtV z6lVQ$vxkRA^Q&MoSDU^4Uihlm$L#0#HEaF;W}QF49OMr)hxmidVg68aIE?C%{s??s zJc$r5Pe%Lr7;_wKSuUM2B%-5{H-I~u?e;d|J;Ths!ewT?f z(`c-k7#5HkFqTP+!++kIZ&?2=ESs$KI_|dq$1D$7|1)d9=KSr>e#7~1Ir~lL?{NMp z1)+eDS{*^h9Kq$CL`{TaJNykR?t6MZn`0Zn1KsY%W0+l)YR_2r1BRf`>YzHyUl~fL zW3R6xy39}--y~hwy}&cTrW8;aKg%O1qPI}kg(=45C~OKSY@c8hkzj{tY(ZlS8e7m< z(PY<~MMMnLW*BhejlW;!Jvs4d0Y z>@izeBD93_W?&>TNnnsQl;~@12Dv=u=Jbx4IU~_s;$oQl!tYGZ`r>(x{##&u&n4~x z9h%swAA*t43;{{H%KkxbFu|f!j&M2I`r$Ng2w(JoDyXAaSotc)l5Wg5&1_s)Fwuas z4&D<{De(B)0Eb!}C*`LAMUJz~)U=m?LL(5H^>c6Z+sDlMxykl1qSxVHo=VFNKfGwz z4?d>7@*#FtVZT=>z2*;8AOog|$#kCa*^`a%OdHTC;JrB}de~QI6L{%U02-p6%`r56 z3xArv=_(MqFHGuoa`ltm+(4^L^8Dj_=X!58PyU_9_s*xi`OM_s$?gQi43MEWr0@!N zNVZ_M3wN&byOr&xfUEh84&2RVw*GP!KZsTnC?Hacs`=WuE|GottMbq|>6gI+^D%Ee zN+0O#GX6SG5CWMnFe?ii8F03cVB_gI3Uf@kXD9p8vwA}8x|GMKx}X|A#kf;SK3{cC zifBpUjsi!dDd<7Cqo^pI&y@csK0_!4+*85$^l)5C$#X)XK}dZpr-%!(XJmJh4^TNV zIaqR*D0-h`4mT1nC9Kl^L@EJ8MV4A_o{*(hoBguXzUH7Tb)Y$1-z0$T6XBH7)RWLh{f@SROFHFg=1BOBH_F0C}1d^#h(?!nx<&m6>oz6 z=j1GvN6~|LQ}U=#0%Ub63XRb@ikuTeoT1_j2uLv*!MuC#guDPumKU#I9#5AWWeMk4 z$VRN$Mi9;I^tIgxKcf*QN2DA{bnc14F&2bkxO@-i&}xaN8fJ(oBvGswai-b1jV5B8 zDpTf}wf>mz4Jl}i01F({R-v$ouk^}sr9jJguKWBKhp3_10jCHbKRgRz$JEkrCEA8V z0sDOb7C-2dX)-t37@xQyHXGxWVV`WkJ8w3CDKd(LMOo(Kj*?Xz6`h9%S8fo}4i9SI zR;#rJmX`49Te100ekUWL0x5sOiR%?BFK-(S!K$6#62~8m%WsKG^H5B&ntC8p3Ds8> zMY&We#1-6jgsejrFe@-ODbZS{oBWC`v4nHQe+8fo;&*gI(1>?eDkV#?9OGT$2-|~A zmpwEM4GJ`g_k+wPKmk9^gxzHllmQtk8j#WV#e^3>O5B_s*sd5OmF<$|5W@svAK&L# zk8Y*ohrjQ5cPG4y|7mRRkIgS)_p7)iMw-IIS{q|>RzoyJ)X-E|N=5;5odR?*<9)$q zT(`}B{s`uG(SA6mL1KX{p861|vl|MS3Vet@LT_Pem6EQC5EbHNpDl^- z^Ets-j``C4%$LkY-?PD&qSF;&^7N zhcG8Rngxpk!nMQQ5nS7wXATVKYuy2yFXKG58lKF`w9af)`Hi``erlY$$QyOjc&|?T z^gWF+8=NLWU+BmmU3yu-61vlrNe9WIUdv3QP~ z=jO%>=TldvH-YEe+utQ7<&0YF#*u1jQG*xOHHNU)GAf~q}X=N9$L(346~svc@H#PTM7Kf96J1Y z(npk!D#=-sC<$X+{KTOnlSF2wF~PsnH_m23O;2dqNh6D<7eomAm*LkW$X{Pw`sebC zOD`&4Y)UUG2*Pni3PmvpAB}xJzjdjAdnS^M#LnS!z2-o(%FZPvA!GW>1l#-D%joDs z$g79kXfjCSR%zUFWp;h2Hq;z!jCBupCB4XXi35kN>c9YF?G}6JW@5oB^fIIns52x7 z_hPg!GhIWRZ&IQ!vp^t?QU_2fiKRimZn%>rLM(*KR#Ar6+r0z9@*-IE|CF1oSgx!J>C!@KXX<+S}_qlDYENg_*e|TqJA(pQC1V-0*b8%~UWw#K>L&3gwvS zndX$ki8OS77@jGvHi{g!t~7fMW!jj~q}SP}7Q@)KMLBNf0o0#(i*@HlUC=Le9;8wy^hH(;_h)^|$8wfe#jc&mP-1OF;5dA4GQ5_fo zabdsr!w&+^%sgGP%f6IcbfZ_#Rou}M+1<9>gLZ8ognPXLlFlJ=DU|W;ars?w$!UBB z`EAn0%$?xR_`4%fVIZBOkK4Wt7VG528!XhM%G>Lrt2GvXG%jDq+i2HY`+<1$8sL?5 zWj&j^OU~Xd)b;*lIH%sW$V;aE4i8CHGBx(e8dA#i%)UjX#59{y=kYiR;LZ7QtqT678#utA`#lNGJyl{ub zKMw>-%THUX{5}~dlpJ3{0$bweSfYIAMP3Mm)|(okNFOLE!ki|9_-ay{;i)FjwoS+v zt5N+L6P;78$i*y}Vwbo*S%X`G%Li~PMtB#}O^(KQ8`x)XI~>t)W)6ph8ivfsf7lc; z;;<>h@OsOLLqE(JvT5!xs>ibllWAebSq?OF!xPYr7`hR1gm%PBajtH8Q-4$i~UHZ8jAkzCt zM&mNbMZ=sCIs|Wp#t<^5%fyo0>4&Ska8w#5GNgfOIOgX)+4=V}6`LjY3q)qL z=NhI>O?=XXmi#14{=M?#U7;Bz_*8Vs(_l4VX7ChZV>IVV>l>Ha?RB%hv1EI_5skfF zi?#JJrF`2` zoHG*=#8<2>a2ncZL1aLb_SF(n>d?rXEBGtw0_QgVOe zZ<~^9r3Cpxoqkh?-P@T~O8)BIL!Fu_g=s%@A7&(-<_g3jusW{Hj`{f-&W8)vR;OZt z#Z23WTpdCu&6FuIQ)@I+rU~&H-7U?OASy8S2{itp=51)I^gYZg^h#M7m9;uEB6^!!d06*oaeB@7TLUD29HHW#ST zEqj7vq<{y2DClEoirH3C!TS#k)L3Ak{04^RCXtDWr(7QDM@2>J$h-xQQB+aM#>Z|x zrCBe;sfj296bdRT+znYMA{D5pC%!D+Ps=jCj5#idtU{07w;5R;nAuCxy{G345o2MH5P> z>BpWeH55vitD(ea?o16O<9SuvyqJejOsGX#%v}A1=f;;#dMA4da>*vUHK|8UM08{m z12hf+c`LW!ih#mRlc^1(!zxG&7B#{y_0zJuIin{yR3H-?^N$3xzYHWrJ?e_N$(_I1C~Hb*i$MTg&;cD zG1oiU(fJV1%;0x2KZ$?ur5u4?I>yq~Vv!q`B=(0|nYg<&Vo^iEjy+M(V_ zyc4~XcoMyn=oIp8%GcBpdjP6?szv7VTy4VX2RzXprO=rWE) z%T+n#J9*pk>*KA<&9>#q*5v?eN_cIAy<>W!{pg>)mr96pdxu(#p9FX_le>u%xE+(! zPEe=)+nb|Nx-uX-13kn=N_}*XQ zUQpNA!S^2Jy*P()crQct49=|y(xX=O7~g5Kb_~iMJNU-qrS4H!)1Yclfb1vri1e(T z(!B)HGbs82c$=N6mEc%8JhLOU5*Vh7eNZb|ovD=sF|@b0v5LU5 zuG+$NCCs6r7Of*{CD|3!O0pDcC0Po!k}QQqlwNeOTrwUX>TQm6VZRp;kf{LP(R1M2|wPq*LVc=c|@<=GP%Yl6py49ZCgWT|4qwXH@=g^Kz`RoxlQJqM za}ZW^mxwx`>FKk#CT3f*GVGHuQjt_7QY+z3$SBC~ z5E;{C8~r_~e*`{H70nqep&YAwd{ttZb~?SL7!>V$#b@((I-kp*AAjtLwk1^@0kLh0 z?fYW$-q>6jn~%i)W3hRE?5>W@$75FJKLoeL_TkuFgR-vqOzdyc9TY)sPVd|hyX$r5 z3woM+dis{w-5mR`#4#A7^Do8ji+W~j?0C^UE5)llUFYY_K>7lv z(tt>`&;pW3&&uWuC~` z5TEZ(7=u9xyc0L4B|gW~y>sP6@i`MJPz=FrDn6$}$!xS1#OKH{^V|k^CO+R* zJ7{aoY^yB}`>A2?3j0$+x>>l=O5+z?ytlLtXyMQW+LN4B;hL^9cXq7VQPM8DqKKHT z>Zm($ce$&^uVv1OW?D_wy{}){;=p$zIuDew%)mNPbl!3gf5VDgbRMP$1aforI1`qf4tYG#%F@!@v_dC;W1%pyTRs=W97{bA`FkNHk+rsui=E z;b+)2GvWGR+;6K0*XIV|db1^5r$jRQJP=CxMEq%~)iq{Vm>W&~C{KrQeN{oY?gv(7 z!u9$Dvrpd=t`pdb1;j;L>2-re;d)BnRNgQGqHQoC1nMGMv{jTKa<5|pS`WsQ8%w8e zD4C6=B<$S=v??YP8?{KYM@!^Rv2&4oDHpj@;$Zp7v2FQTSQ(gDcCaujyWDd@b?Pjc z*RVWJtw4Eqe2L4Hcn|S8m5uRc6Fc(B z^W0S#VgCHijwwA;86_u7%|ELJF?@MbTMS>itSyEw6~yqRT^7Tac3BKx+Nl`6{J%yF zU+7D1nkn27N{H$TRdk*U=XKP*{Fu|%9i3}&b26bk*gaxjM6bNsNcT#McsFpZg})j1 zkD^u(%HxG07=xB}B9t%fL?~aHL?~bWD+}e(A}ehx|H^DF(@}dtXc?QOKS4C@Oj1e8 z(|HFgjtKd^;&E3yT;9=(?-tXYoh>y6EuSf&eCccn*Uz#A4FHI22mkUDq_YWm(;J z(3WKDL1x=Q>>KQ(!C9f^bJ-h|&mPbHA)x~4JU}CQpvDw#Uic!qgnSXhOe)!)BcxFG z<^-hkwb_|;zSQFXE3zZdAL^cAPGDZYa`J1Lp?m`N&bK4 zb)sLTaJ$FEpvj0eu zb!Nki++m|tIh$ZeSqg@feVWsTc?-n|Jq}a?kJR@66sX!#b`*!heKFas6slGQ zFD z2TWE7ymTuP9S~>}4e& zz0%7{K$c=9AWN|lkfm4&$Wp8XWGPkxvJ@);S&Ef_EX7JdmSQC!OR*A=rh1;b$4O~b z(d#&Y7?kHux!hSR0g^D}2$N3_7C*vD zz}#^w0dPTD378pH0wh?=R|0C;N&w%Sf`@?crED(Hxe@@Fce)ag1Y=Xh)~tkyqZ`@a%tlw)fWiqPhw&=`!svKsD*^C% z`AR?+UPrQ(0J+s)tSMmI&a@E?rg9>O^QUb|=|1n*(~;TEj@?-Z!d-5vq895)r6zc6 zL{B6NFVfxRgJ*s9bLH(7zrKo##ivd$V?hW`jW(vqU^T{_R28jlisbGwsA-c*+y>i& z@##~MbNi{OgNpA}-6u?A9v3ph;z?W%&Owd;Rb%NRJ6T?v^Ld3uO`qFY=bOW{E9lL_ zBdF8SOXKL8=3ucNXywF<9qUPT*!E?!5hXQ+h2QfCOn(?rWxTX*lav&wQQjYiMQQnS2bv8Q$MgsEw8$GH3-0Y@>~> zHuw*q)AgNiqicgJ$k0x*T+l}QWSgh&!#Md$bf+FmZ{)Z0V}8AOY~O2Vm|xq`as0>I zZ?=n*r#kQD1#g!?(nOpJGtsdxj;_O7Wk=b^mmtkGy*hE9zuP|kHJ=YP%^Idq0^~2J zP`_$~-`D7JFd$U0qhdC?Ro6oX27|GkZ25bWKLZwAn&$)e3TLe6^LO%NRssM|M}}8* z35z;r=9C#O`fhkj@4)-&`E)TW|60faJcnt;@{M>TW@bNcy)pEZ!drSy3qicsdb%Ec zl3ud2jP-cf!izgP8;APgQ;ci$R*Ez|VA3^d2A$dDnX6=-wQAoPp9-0`3c_6<5h6=Z zjn8}Md3NOEBa8Vc{sB^8Yr^J9L!cx>NmmnOe9@t9s2zt?&D+3|PNdyn=R ztdz+$&$pfK%tueOpDLy@tN~53CIviiFwvjXE7BQRnrDic?fmmE>NxRg{`LIb$)A|C z9EEcJ&(Eb;gCa!I>urd>+c11@!J8xAmm+(si7x5Un3HWelro5Cy`^wS2VM3U&*^P$MzeVMyI)qOSRuKzDv)yN>)r4o+^BatLf9ledqnj&b<4! zmi}^n9aB7L4HoZyK4Y%)D`5=QQdpphD#vvgx?=TxJ+!z#)KYlcra0lt*bY;2-avUN zPjQxXW#_>+OS>eRL8V)(uC1DIy`4jv8&~pn2=LL{fj@~u!C4XW{S;Z|RB~D%=SbK; zC8Hc?3o(+*&E_PI5V1!04wM67QWZirbg%SSILodSKpw8N8%FQsZ{6_kEiS>@t8zQOQANT(vHusCa|7Glld4A9&<&o;lN)LMG!`bZQ7z)>mUG!p> z+hHjhGIzo=&J30^x$K8*slk)j;<`<+f~}G=EB8q$o>}e>0`b*hd3^2G%*#S8x)>=M z2Dw14jtH4&k*-y2jUz56YB2m&WDs-t2r)Z3wJffmnL25xg-rZ}JU{{@l*~_zK_A)>Z3w z7y7QQ+FLam3JCjShnorqVgv@1Lpn6o*0!QnVoJiZWt;|Omn*BQ*pGz`m{?T)3lL zuE=vir8{gxX~0D6o@dk+xO0@tyUE3t*88^*?jdz4U5ysiWUD^Mjg{umm*>bg0(};D z02on+J!?x`?;4vqr=O!A>yM^0Ltko_7?huwKbL6I>x?>ud!zFKk=qyh z^S#{OZvX5Eu*toG{zerTHt92k>=fif+4TleJ``y9@(sjI94k-5PK8{Lir&LAv5{|r zBixZF+c{UI+u*BIIIDd;oS7aUk(v+p0kbYTmU<_CQD|bu%s!qeL4EgAr%T)DC?L1q z_HLKAu-V%Yv5XxSecDJBw8}d&HFq{Rz?U1aifM@MIUhGQ@;2XWH#g0e<{Q$(O(vXO z#2GC)H3LYDghij?AB5E~Dq&T6teHWo*S;TwSjgCfu9--yb%rZYp6%hM(JRfbghvY8 zG33v8oS_pm-ST{#mBWw!PF99g#+{c(`IpC)iO;pa!CURKnjuR4v?f1U`~kCexgdCY zE~_u8;$ zIVaNx#ytrH>2zsn8`JuD#!g=o-3fP4Bdp8C##~_Bg#obajsdY|*qKHiNkmfiGxAY3 z4=OR=EC_x`+UJV`aalUdCIs926=6%d5U?Wg#x9SB=vFES{a$Ag(nZg z9mKKbsh~r#C@(fk3OUWCP|K5NkGr-YqjyiU`l9kVE`GQ1mm2d<h zSH)__m3G1tfma%=7ITidV zR{d2xF^^o|Zvqt4x}QG&VqST9tvkh>N-+kuUFa3C5^r>HO!YA z_N`1bP4i@hzko+U~X_8fi&ek~Avg1sS%&fFl znkdFo7soxsQIS3vZ-~b-s*dnmfIAhKp`P&3Mm$iSWrr#Q^#yjI(citmPVJf5KgW&? z3`|*Mhll${7uY#8LW2#03}LO#?^@h|xlCPr$V0we-HQwRcnwb7U_VFfd^-a+TvZyS z@q`8%RZAyQF9s6#TE-^4F;P48>){DP`)kk!asZolKs?q;*O0{Zsm1GsCxtPJ0fb_| z1~kdgJFnDq&QQ-2)n?7eS78MaA~BXqu-=TuRnpyjl7S)_ccoU+Tih=;~GZr>56tFi+Cw zW|--4hIuXKLwU<)F4xDhT8z6wEdq7sIow%_&d1Z%E^-SEKf4%*t&81mRXoM{rOhR) zmpP*6y4@=)lI3QFTi)EG2~_RM>Yl~2L-}#^t~HD_RaLrn1)+M2H8+aPj(!19G5$4I6KcMCtuKL$Hf1WdEI(L@*@bHwmsNT1^Zno6z z1@-vN&R^`z1{?-9!<^0HcTwLCj$cn01t< z$vFrJh;$P~B&mpun5sqOLBueMh>Y4TA}TN_m=I^^_xs!DR&^oh_`ILz^Ld{?-mX6T zoO|L9Yp=cXI-9F7fM6K2q0;?k==PP~M%$3>tY?)D0^KyB|AY^E>~omsVnEXgUIsq49|qAZVuEX~ zcg>yad}kIyfHe%iOAThD&6}0>axRyRnydE7E{#yd719+b14pf+J!MvRSfZU3^RlC- zskzo&A{U3jBYQA#J}Uy_Qw`vwwiJUBU1Y>B56(AF(fn0$!RdYB>KEp$lN?B5d|%9$r(NcY2DuucxZKUgebKPaw2pxc`neh$9)LVXR17W}HZ^7l zT+Ee%$lcDj5AeaQW_*jp6-7Be9Pb=Tmf=b?SsjX7)qts?8d^$OmS7|9K4U2FR`!b;ITDrPCj54vGTDtLeS*5i z$dLZ*uI$uawLs@h#l#u5mzWo9TdCun(1SH0dFo1yO%We#m1Uq#m z1v9S{RHqW^Alykag{348qCJ*NyGWXZV5ghPY%;?e#hR8kB4?Uh7j31>HKT*)UDAdL zXcD(1N5b%cJnIy-VQT{7^pChNLj2fz-WEN<5l=%+kj#9hYJwwHYqomPqdCcD6n|1+ zvo-)pyao1dG9Ln%*GfCYO?E=LaDbdiY#k}x%7lbelgDS8+!0OgPe6L5Bvg}`?NmN@ah}9HNR9cR zf|C@DmN7#UT8ODo0cLVWs-AP7SkXPgiwDDtlZ|T4P7yI705FVId1aD@TmdWxylloQ zLfHzLxg}96&*bhc*c^_Y zWJsXQTwJ0$iU2$VoA=54=ts8wUIJ#BAKI9Rwm@gW_gkz13}T@II+bh@5bVb6Ly*~P zvpjJAHFr!D?cM^+Vd`^a;|LSB?1;ALQfe+l3+>D3^Koe4yx!_j`Ti;xNmleGuM`Nx zTuo)l$N-wSh^tvUrnbJw&M86zQB7!f$F%9%TzD5+#C{!?rKl4GOh`arrHzTPiHE3B zl^WS2(j!}wPJx?C(T+(lDnr6tjDw8OG{yi)Zn=dAx5|$STSu&EjZP(#0}( z0QKBc;02MVu&*#BnkRfbcXi}e>LkKvhn0bctY5e9TC*-+8!IUvQmU{i085Q^I47ax z5*CxEOxs_K`7hJ^~9TT=A5>ueA+_k z6}{OntJx}G6t;Hu^}pJ5y&E}SXLKne&MZ~5Q^5ze4>5BdQ6kn5=H+~1h;t)Zn<0iR*)^6Vuz6ny$x2a z0j7e>Q1D6wmG1XUm?>JLApqvIC$WR}6=Fa!j^JTya+W~mL3=oc`T_X5!ZG{^Q;?K` z+yl*nGhQhZ4BcnQwN6cu(W=9f&>k&iSAGtvsx*)#T(At~?M^#Q*TO+y$^k; zv8tzu0E4hO2kfDs!X8(|uosi0^Dus4AJWD0n~0wDH99IJQ80l-I&5UD;t7Gq6P)lH z(G4yMF6s=JrVRp57e}`ujF;RxA!5LH=NzLin7#RN=vO+9Zv^C?x#(1>kU_)m2&gv| z>h*1Wcm$`Sgmjp_>{mx;`gD-Iz9bWK<^fh@<|K|qQgeWLxyzj7&B;)jwD>gd&jhe) zFh~5lh{VZ|jY6V0jPM+)lBO$r(Vd#k|4Mzp0Kzy`D14$IFo{@HmGVL4=mvmLmi!|; zs^7h^tIF-TDOneizV^>4=WQhDo>$hV^G$TC&n5ljv()w+Z!QMIDLg4lE%hR7Z?XBl zp)kS)KY`$dp|kc~#oz+eNT!ES6Xs!SXP>sx^wG^OkqazKkl}k4O~&g2C12VGLF^aT z;QVWK5s1~QX2`Q_Pz~XHU-XbikQ8tS2o)up*=Ed!pwyzGv;WpxCDcBiRS3<5m4dUT z6m*wqkJ{@B?Jus z2@n{QVR()n^i&;K6mo}njrT;+Vw#KMKEQw?*al24Y*3LHpZ1XF0+O*I?nlYDw#JLL z&}BCfgnhUswUB^I6$5$SmU}=3Y0!srwO5ph+^L zX2c95+O>_o3T)RLpt!j;)vqvq9_Zj8`6zEPdu|l{8i%r}@aJDL38|oA`+_RPV3Cpb z5NI76L*JK%l$;4>(b^DpMRAV1828ghpo4%+x68ZtP5kEN2Jq}lV zW&mo<6kincHS;M^4NNy^i6gd%mVjcWT(L!1Vu<{cHMWl6e%P5eOWk=2^U;XTw7Jx3 zZ*Xrkuj2b}H1~M-6HkYy{$J8}Z~sMzbcO{1|-9vHc?=r%x*(F9FWf_iyxJGp35Er2Q#2udO3TvAN5p!6uY zoG19Th;71kwg!D6eWtzyKaBZ(0azPvwTEv}Cc~~!+AYw}zP=`rn;nQXA%W*IA3~z?uRSM;A(aNa_sw1~Up z;w5?IBRRdZulg-7AVlfwcpq=5=cU^G&WJl+93LOFw(2I35jW8gt6daLg0|BfX!x zo@k;?8Yq#5nxdecc*u^@Pnmr+i5vEy3sU7x;=8IgraU0KlGXw`x6I3o}*6uEd$c7v72Nt1Wnp{{F;xBf%4@A-XsT$3&=~h1$97*>JWj&N>C|8BjZ}FYc zmvSVsRD=Pd=J`6JTZ|Z@w(|+5b0B~;K0(DGiDKMQIUwFM+)GvSfow0Pa67XxCrk-? z8tR%e>9J#gw@u>1f<&SqkFL^~b~0`(Q4P$gx>31PVsrSvf>BSodI>?dAN-bs2PtB_G4rfB6l2ex@ zWRzcrkcC!#i|E6>4h$#`da|{@Q^4`EIXAqV>2j<=TFPCmr&31yj#32@-~X}SKGyG_ z=r_OVNAE-aW;SFQKmzx+A$`L5plZ7mBMO*X7?U%{>;^#tK(nazkZ`8WEH`W8Hgj4g zyu~HZMR|SZ{|vu`MADp*mCwwoOSnhx?qi+n=Xjh9S>4RV1swOFA?Yx;kgF)U)0uBM z^Npl@VTlAAYeRh0zj*Tm5@;5keK_OHcbxmNGdtO}$}nU8;LMqxAe{Z_I9JIC;Sd3* z!yFGII8)Y%9*!4)bypjZ3As& z0Aom^u-)xJBC6TI6D)(I8-dpPrcLkXxBIm<4@uPl5lzywt-1YWj*B{kJqm!&3NiCf z-JM=l$~Uq|rI(h>XG`f#rB19feFv3^qq z!lNYK(~lOvVSJ`M5uO0EUG1Y~^KiGltHSDWI5`P9OH<1BzccrQ5SsO0LlT^PJ2n5F zYWyy#xh5Enk5T?9b%V)P1;QbHN&7QcG{EFIj{35g0 zPw~p{E;WA{Gv6qg+n3s}FJ-8$|2)_+@rcx9E@jgsJI>gXswB3dK42WiC4Ic&9;>+C z^z-}75%enZW;4G>zun=_!spEvS9Hs$n6o^?P5K zW1QtnkGteChcXj6PBLbWHY0W%I^{Ad2&?|b)cj}aA5D|va*eE}Y5Bi0^M}m;k#U4v z`T-~Wf3hx^^Txy1>nBXvP2+!~FA;qCGjr0)<;f=`X|`op^j|ywkV|%BzIe0E&wl0! zoU6Ql+$ZbI+9Xd`%)!iW1(2@b>%kplA0$$k3ggpX70?Gxwaht4({LTqhuhhtQ4VKI zk{-g(wsFTxfxZ2C>M;T5zF;e|!XPfOWCE$$z1Z){CJgot9(rG~7 zCuh~3$|9s-B}j8J_QhmBso)~j#0iaSwvv}UfwABl*c^I-cH5h_b@ioLidL=O+g53e zwk_z~YhG_}Z~rH3AE{@ERunh%ns#JCrH*p5&T+X56xX?|RH|jYrT+5#&PubKE-Ej~ z2lGZYoDOB9=~SL9Ths&B-v(?nR;*byzC(G{lAZHi+U&C4-TL$0^L1rA+*cVgan{pW zUV-WA(w_cueW#u^^<7G9V+rJCL;E0d-3EQeh@1VS24qEGblkjT09%M0y1yJRQ<69) zVL7kD2Ubz3<;WtwZ&BY#j3Zblu2!?FYhGvGl_MWZJO2x;NKCaVIT;fSnV{=!c_<&n z+jMMXGMN}$ASrs7KvqGHr3oDQx}%fyMclLTwn;u97TihKb%o042Z2*BIWg_ zR|IQKMSM(x3qxRWF&3%&dKo>IB$KHX#~lPgV}w7n@n-jiX-CxSm7z>SX{X6o;mg96 zd?x5(D?z98#Y~pY7*=MkI`NwS7bH+BYXtUlPs z#KGi%{x$>A+gi7Ggxjmpdo$bybUS=eqjfun7|=ikN~(5bnL9g=D6*DfyN@nK@-bCd z$PW}qyNxhHpD$^LvAwEhrMcT|YSWT;ESg3QdZEY(k$@=1^#W>AydWF{(CRp7*`Tjm z0`xP*q$*Wige!KAu0vS$_o@IcvQyI*?a@o7ZCixx91_5kEMaEUjiGHSHM(+Xy>8I;{vYJe2#u$cgtY?XVFch{*K_GxAA5czw$Ky1C~ z5#CIWAvI{%j&^lNbRP<{+NTUYKjkXI1Nc|;`w^O$ARSuQT$@LyYXy`ZvdjVEGIjVU z9d7CH^AG^Z3_is6RL|Bp49X7)-4{ibw&?P}P0|kJmMYPu^M-XJL1I>pZsn!YqHMpx z$&69=G1RWGAuk(73RZuk30!+Nr>uqJU1!cDkgH+T~IHl!teZ=*<&}%FNON# zQ{4Y?6BPKU_1qoSeAT*J;qBem{m|M6(f(Vv)ye=s0A-TpD1`I*^&Wr*cL8VlJrR_h4%G%y2x_)Z zYu_p20W%{nPXUO2A`Rsw6bq1^J0+B9d(M-oZ@OLm7rAk^{a|M3Qo4bbvku@ikOhE} z+dw#?7q~9Rfm~8}JpJhh0qAoBfWCIxHlshftOg3{1^8+J9QVVbF`e>{8*`Jvt{>|T zW6m}9GGnd_eJS>zmP4WWg=Q5=&)2Af>{5+NhQTrUoY$dkD@MGIFn&*T7m%jZ#@YkO z6N5vAMx_Hm37i)j-O1;}q@)5k5SUAq*bfsbY_032-ZCitj1uV~XY4~PRq-!$T}<|1 zlWFWU{W7T4NH1pJNe$Z(%~e2)Ec)0@CP+dIQYa~q#c3<7f;XMfb?U`1brx&t@JC~QXAt9R<`{-kOF~ar5;BRve+8n2G@u*OB$t(gG?eYc zS$yiRE`XryTQ^#>$<{Xtv)70H5cW&wB^fGqbD(_zi(2l*qg_)VR^7!l9UZcsVSJjj18_gU18%uA+gr!*HWn29`D#A=^ z@SRd3-@{VORgq7@sf$r+0|9D=U}~qlGK3mG*=~fC<0~7<%~EOO^F4Gj7Lo)sKi0Sn zYWI5MKR_Pj?&GaF&UTX%`4lsLCZw@B$8-m)^`7&T>~jJ0`g}8SG13_nHWECrD%WAE zU?rKcya-b!e&L;n6>^*Fg)9#UBEH46-zaqhsYWsTxW%MjGWLt68p^TFCf>cZV5;$- z#P~uhX4CJFI(pQ+3O&-|a;U{#WV_pmMVWUj4TXoo31tMSTLlUnrE1eO|z*P zhjQ;wmP6Se%1S7+IcI9&xEjjkbIup{C*e%-hCSvS=izvVP=2KNWO387IXAr_92d6^ zhvV^$&Ecpb-(k@}$SaV`OE$lKt8&a36O|mdCW#EfG0HG?VC%fj={`L_fou|@0D-nt zYQ?jxhT)vf>$n$c8v{4LgpDkf{t7KX>i~b=5N=pS$1j6L(#=P3{Q5M`c8xAcyDuNM zmkl!nR}GtwPMT9wrI5X6$ov4KJXnUz+*x zzRK+3{cU35E=-U>zM9+sl6sX+!4RA$txMCRxUr2iokcM1>vXLiXVlHv+MiQ57u3!9 z_0mnIetIqbem%dt9{;eOeg_t<{B45i+xQM!zPBF#N4@9A_4t>lB}B~1a*)yaSU zF(+kMLMGQ@lz1@^4%UVw!F=-!Bt<>9mCV;*DeG91FwgHB_v0=VR z=zDXaGaqy2Qs;>4!+nzDR=}|F*fk~p$u*srh0~f+UCl_CeL;`d$fL3oEIHwn5S?HWJDV5L+;_C=))|OVY z_H;qk!{kRDnZ;>)*2TUz^=);Ct`(J`W}eNfjaMtR)!6H1KCAD7`Y6xJ9nIz#fy;L> z9Rq1L#d|taYFF}SLUyb7sJujQP%5>sEKHiiRmhf>wS)x;juU>z(&`>~jm10pHG9_@AV6O&m;Ca0nasg_&ia*Z zN_P(7!FLJe(opUc%4R4J4&{qOnT4_u%4#TkLV3CgyTMTUP`)CR#2g26^?)!ioe0o^ z2}8g@-6^iI;YjvGmgXYFT^O->uCqJ#5i)-eJ zL3e7KIR*V9TI8z|_s4E`(V*EhXf_VAD*dWj`FS0Oow2`5cO;%KAa`xk0x_aqd3`%-I9x+5yWQ|2U2xJj2X7AGuzGM#Eftc_nY7L`~T=O_w<=x_uEJM&BOi3bFF=(53aUPYL25OcPLg#L$aX^aN$N40v~> z+g(5jc}|ic3?gbkO%q8-FN@e9x`-w;L#0-(F6F*@dxN>VJNk+-JJ?z4DGf{t5|c(u z#Y+A}Y&1e1G&&eH%I_I6$rBe9K{XddP9n``hniH17fg)_*vaST-vm8^n3cARKKo8%iPvj9kU?&HV z1;d$T4$-t5C@sk5BfG`Y?eJ}K+3(+mV@5@DiMnZw!^XU!TZMDW{$D z`&$em%fDM`vq@R~Y2y=&QbwOk0w8PqmPTD~m!;W!KC&a@2SVQ+ zJG~lGuv~`Sa|EVg!UGjRBTrFLa0M}dEz0%d>=vJ384b@MK?zt^=Bi=e85&>+;HXa( zdtJwbHC#tV8}>8Lp@PRq`9xbH=XvFltaNt8T+?fAnQ-S;%sG{Y&Cd)c{%yi>9?1bUUX*zLoIPsYY$CXofNA<*T;!_ijD<^RxJ3gGae!_9( z1YVkM2q&(ca9laAQonA({a~skjZizFbg*Nr0^ViR#VN#?1;WeLy1mgTM#=iS_SxIGNjC|hzLI@C57k5JT@S1mHWE!^YUGBZ{dy0=Q)5l9{8y~Nh`uS+e$1|)eeDy}mDoaRp zZ}RD9y}Mbo`Dc7kC`cy<5>p&+wJykGtIT^?UA~z~1X!Z>4PgBmZ$1fIhkRoa`9{39 zybf;!HPe>n@g-&gb=!;?p0!sBV^iru+&3%D`??Gu+}CYa(XUf{8D@HlK9$l!T|q3! zI^P9w^y*UHA&3jgXWVay zx!~9J1vz!9b`*G`%q&N-9Qn#!)_>C){30PE(;rxWkF`HQ))L@h1ZtIfk5F&8#HT+= zJfS*7Qx%6Gq@-Z{(2G61@m3dq)ww$$MB{I`p5je|0>B72H6r}#O*3~RhJdBSk`+?H zELP{E+fdg_a9fOXbTYM|MM<{G?G8A{o7^ofh(J%b8&QEJMILv=r%*3ymK02>y z9jDy0n#)23F)Z)@yEp7fD8X}0wztD3)vXhlAgkE}xvY@#cB$+jbn66k!Fp%5S>&=E z`fbJ?zi};P9Q;#OJcrs!ZII6H9)z|Wv-&tn~RALCZ~e!X-5>Firz!)BhTglC}fGVohcJX86yGhcC@D9xNJoAAWN zsI*P3P4DW}nWN2r>5b3w<&)(k6>5;SYB0`I_8dp6N~bt?s*8z*LpLyLL@^3AI^10F zzgeTh%{6~jqod5}f1@v+y+*E4{*3glLRQC1gw?^AYa8Xbi*1189`-%#b-e4do>xp9 z+JdRLA4S+A--xhgS5s~iCPRUEK9qMRN0_>MKn+7PgHyO0^Gpj}PcR(`a~VNqfXsFX zD=^EdN%~gN%n;`vOmvE03t8hpmtfL)!lbS!O40A-yovaQZU_V)3tEf;pS(~p<7I&o zhJAZLupbI#fozYNbG$_Ho0IC2baA{?*{Eh|S+T|nvoclYTHjw?i-}HPmd;oMmZzG} zxL$wS_1eqQZ7T$S?P7ndGsipg zs}A!^)GWv)G2d#m-u3GSGZA5uKmH$o<3|?9C-#|-iaS-0BUL}E&&++^{Y{$)f6ij5 zsPKTd{@j23iyvPcKRM4FJ7`V}Uu6Cs*JtKF|98H)vH0RC&YV41J8RHfGgv#J4>nxAC-kSW;O5C-NRY*FxDH+{Ze)`?Weo1fylXMQ5=@;R4%g*fA$ zz~6yvS_-9DcwcZ)vuXerRQX*D(|O#3D8;@{E?bJ}#n)R77V^4YZw56_y^5}5O3~#g zZCEiCCML;V5W_%XMBmN|hyw+xyM~BJhOvwSWvR4iGHT0_Fk=VAyXMcnt9(oreYbem z`@*~a72602xb;2>IGi6sV^X|nQSl~>$51ND5qEfMj);ulbWzf=s7CY=j8qocg(K0Y zp~1jnm>1z9ur03rF*bjQ&HBV_i|y}YSm*!{0pVbr>j(Wr06nb3sR7}^7*?i*NLM+` zhP%;QX}tEDGhR3YGj?q=WvaOD>YNJck0g1=Rur~KBHB*h>vw|mqe>u4gbe5_&_K}b z3=`ldLSmvdSVz$v9U4Woy=D)!b%uz}v%7DTgNA#0sisd>5DdDBRnZOD=mO^$B$?aO z%GXkJTk5`?ma#@)iX+SSnjvcX3h02gqKRe96J)iJ*pV_<1qv81L9=t8BQc=9ym$EK z=+nOp!tI#M`Ldr#ChHT8(RgH8bni?JGIK$ie=IeZrvAfN7$WVjp8&ZF$vzdY!t#d* zd?_os@ACrz)2mi5r&h8nX8NjDcyOe|<>6@vG*mX#c%Ie-*%s5i!FQv9UUHeLXqF4I zLa+>XOgXw7k+AfSGATn^CxJAxR-Qpvk@Whs)eSpA;t5?d(q*(A%fp)jFX@h{M#m#$ zCP3i|@=PL=gd;2=Ct@eErZ>7&SC_bjGgqHfoS88@9zyXkBl%bn%(Gcoy-0GWYD z-c(fGlsRyoLVE0ukY^_@idV=111c`|FWv0#wbOF3DuvR`Df^~zLrTg^?Nq|b*7jE` z*UYMCpK-p)iWalcF{+O(hn2C7cjRnDQ3)vsdSgZ}MI(EavKfL~Zc*0+ln@e)@-J1E1yfOZ3{2zYyj0ykb%-xmWO_|?MS=QSJ zGt2Rr6ZXN({3821OV1e-Fdx=GSZ+1omt|zTTW5a#3`c7J)0tme2;!1`9kvV+)iBY@ ziuiH=V>m9BqdN%$lWO!A`$2>zY22o@t)-V&r%$n-En=Hsx!I_gDXaJa4E8GwN4yfn z#!ArK4wZ&mnGV#3Fc@!-d&|6_4E1%cW(R|$i7L#|hPvTd7P!>QVSq)>c7^Lu>Q7sw zI$1IX+rXmm1cN9ZtYnJVPiy$KybVE#F9=_l-?k*|7w5~vep%NliRpzFC8lTiLGb}h zcGw5lUbhm~-mxXE{qtJ;;nrT)(zUfHS%A@RCyI=C4(hgx(pfYfFX~)aTa+*CTjUnD zBa&pE^54l?tId#M9ZNYxwdN<~_?-;uLufNl4>a(fLn24I16D#&Ncx;w)#HHps`N5neheubDOg`tpT zG*?ppaLL_Q^3OxIp^0(`>jjQDAZ?F*Xo!A;?tF>D-(Z`9M7R@Wlx9j51PBj|w*;6? z7xdLQ#_WY_Wf}NDmm>qQcrLyMz}RGxjfnGnJG{X>w%suL1Um+f^*CovbuAX)GzZTJ z0no7RbGc>WBe@MOIYFza>e&aB70e+)J$R87E)|QnB3QX_mmK>J#h?JaJFNv?Ane)K zphOl!^J6g^kk^=ymoVhbpjg-mpAVxtSO{v=XRzgg_XLFrprwxXAWh_k13_*m%e6TA z3J=n;xFR6W$y^<$hR(pliv7VJh{uJXM8`o~i2EscDmW;3s@qN2l|zV(aXO}-4O6}c z;Ny8{kWjQpocx`}eLqCIFyA%yJ18SeT*w!&nR$?r#16+k3g?vv{=V|CF^?F6OBgJ4 zlFpwS^MI*`J24ZIsvXTLONw}(dN)(D^$)QbihxsS#7)%r2yRlROa0`{+@a$`-fW49rs%HxWr#7E=Ndg+kz{rsmH4rrJa#Y7Cn5KF_)`{uQ&GQ?LGVn zW3D!KU%v8!PONh3A2XPe5n;)`(c50yg`lPn6Pcr#8Nw?Ux$LKqP;M_Z)4TzQsk`?> ziv_6x0Z>X6$O+dNhWTeA)w#M;yr$UyEXUl8UmL~=BEi1<{-{B)UFyJq|SUa!Q9@u;V_j~V#J@6SosOQ z2B&?YFI_yt)qb?S{R|gB;_8RBW~RdNU@E}N!^~{5YAfsjcmrtWET{`|47$Z1xq!Lu zj;KVZs}35ytX`@H(-dI40a?LHrWH|&#UU(zZw{Cx*jwwdTW23@LV2|&lV}mSkAoE2 z0mhVcNa6V=&)ayb-D!)(u{aH-C5unwM}oC{bwy*P#qDORDG`8Q7^i%!Nw9u8&Qy;# zc|CiF{bz*WFh0NlU>!vx0f$w=r!vG{kLHi_SaU*|VHQh&Lyt4dUKu76`IXQN%*1{# z6QN$}8O_th(FL$S_OZdBsw3FC%04d!p z#58E7lyW7Yh6O=%cNgF2%Yi7Yi>(4HZ#D-_i_@_((uUm(v>~)hl_?|OD)=LY$Mi*y z;1Z4)?+e>waoxgOL@$UWPJZvIk2(LiOCNIvpQ+zD^LuCU0ejrp$Czh~HVUy|kSFzs zWPl;+RTZ`K2%qK3?B`MKD$4%MGODGN&=rhJ-$sQ5(wg2IohPZ@X*NES)|WJZLJI?$ zY#MP!r|=9YZno*>c(3W$Y>p>FnS|0!V>s!%7+8Bi>A7o{#EXXr<$|f;0leillYUin z!HenKgR~f86|a64Nz@MNVZcxepW)-Py<3sCxmV611K&aWSR`v`K(Tj*8R~`mY4^3f zm>BLuG6jbUhksbh#FCHtCR zubq1cMw5@EL|MU}+$@0o0U+pvPkMiyHy`)zD({y`E=jkdJV0sfu~TWHDLvo&3l)>a zo$DcMcSyULDC*1?^6~uvAX*~%0RmXw2|17_l{WAv=Ne<0v8_r5m56hzG5>|>i6;QB zt!8mp&r36_I^B&FCNzqwg?*D40Ugn%xH8F^KYRa_H-GZ(3Ge@V&M`C7z)ty3#`z7g zTLT?KZxSF0UXl0+o`4aotBHHQ=$_W=Th(de3?@0_R(COx;>=c8-h#5xpR9h>#_SLK z`53L{qTiJ822?6{GA1m&l)?m|Uy>j?%!eLW_ja3qId-?jhVm=1``VmieIEfqwri^w zuQu|46-fX9@ftYe@CRVhg#`VOk{oSkA69kA2oG(q8kkgyqxk_mb_sw%=8R@^WfJ1j zN*T&z5bey8#@Hakhtn+ewjgmo#*PoS@nOX)sNe?Y#cQCEv@c|If;sh_2sQ{yCw~A8 zqJeJ|W8M2?d-oDGr2Bl6U2QwgfkXo!L?Ts+Y0ELVTCNcmWi`u0H`m1eu4}*o*g}h` znK!^}y(5YLSAw^hV#?E%^5ByZs3#^q%Zu&-ysF?I5vdMuGu|Vu>-HdR6}}rp#-5?m z#qu$2n2Z;dlIjMgA6q&UfV$W?rbGJLP-8h%2FHrV5$y`tR`p}yp5`%K;hw6WUwpP1 zK8q(!hi+42J9)H_X?GseGyB4B2qfCeTyVq;_3IYn$N_0>%(Cb$NDU4)M}Zl_KfDiU zB^}k;cqM=VVX-sM;}ffHD<0%Ey=%+Sr*(Dak5mOTY960a9oEe!28y503)-T)Ld;5m zrq&aJRfE30LQtsEvbAEk14%Tq7hA#a<< z3y>&=IsJd;c>A|zzKLd(_t&Dwnc{uk5XJWUICvWKs1Dq(Al}0PHvT^)q^|cwO8ap* zcpPd!T;j~V;mp0BNBr;U3jVl>=l_Vh)!a4b>Uv$njXGT2pj90GIEi09aP>xAJ$ug8FBMk_A4Q$N zqN~S;tJIt-aqdoQP7Mc~IXN6)VR~XXpefwUJ$Lx0q998!LqDCxbF3sSJ1##ui03+z~Q8#5n}jg+oW{iV-Kqj`OtmvkkdXevieFSmF0# zhq0$yMo5I>_Zo-L-0ez${^GY(&elCAKA`pch3+7J9~{55_4^g>aDE>VAJzK(I>HuN z_onzQ{C+F$-`2guyqoep=KYi(Fdw2k2CW!7Rp%rO6QEP&6W4tNvnE$|RiVni+M3as z;)_0Fvx{vC5p*XjBQ5@x5l;yiiK}D}*GS;_#QaQLBg@cY<`Ci1+_+e2czzZNx$QvB zr{N38f#vG3-tI`hueS|_?Dfm|_PBz;jhZ383E6}}lTCkTaFX!tDLPTeSICKECR3;+ zbPH$^#=T(3z|hz6KSkh-8w-Ov9zIb7kgY0otgql{qfHCC5~y;9ceB*ct=9d}5z(U@)8PffgYHUJ(i-lUW2h z;s?TXmVD43j}M`d33!l2{HHA9w6^2_BcvrnRUwEGVis@qWXjnKW3#uW-o>%mS9=l~ z9;``td2C*y{gpBgPX6XAoah1bVvOU znEYRkdZ?rS0HQB)yPZpJH&)ShR!Q^%VI|XwDL_F|%(>#Yi(`4wuZb>AFzQQ4t)(72 zJ8}Ojbmm z;yx?jVvezp7k@V}bJK-$7KIN7d61~moWds1!k44 zyG4Bo;t!Y>#Gj6o$2m7qTEMx54uet>5J1j@0L^uV;8)r8n*OzDKkz`sEQ1ekH~ZMP za-SvCLe1=N-X4zUvCKT*ydxay5f#=TWOaQGzQlSuGg+Mk<0D;TdKHIgDqE;QF!cdX1Hg;TFo zA<+(`_4Pu1oKO7CjELAycs<4h8V+s;mJ$p+Lo5E>qZOkHJw>hsv`|`zcgA6V*YX}_ zcP*0Z&HK=(Wk}v^HM$E(F`u*+>V?QN_Gf&7_7P#nnsw&q#V?4gUlO<{TzSyiUl(U* zM&f>Jelc_AA*A=k@vp3Tc;@Wfv4pzQU(wyqELnP5e{E17EMs`Br~`v(2*8q>%bd9! zX&9pRE1bDfD8reLJ98C06Wt4r`V_W?&RsSW(-|)nx)&Ooh+bhm2_fuf`jvi1KTLEK z>MBBqJ%kQM*@V^zJv<<fbyjdUT+emFp01-YdTjwr^;#^UFMG#1zgo9x8N9r0D)hmp-#z6mk z0t&wUDy~9*Z4Ff8qs9hW+5JkvQ*Y&AcVOxHVg0pVv-UP?zQ!C*Znf@rF1fVmAx*J@ z;^=1I#n%IeyZ_ZlOW6OfZE)CDAORwAF+sB-e*jq;`ahE!9{s6#t4)@UDt5 zH#F}gBInS)+MLpDBTY5o+0{yr4kgiV_~a;h0x5zed)3*b9di)2uIO@`9Yl_?cBmy} z)9%VZ^xkO8NfJnD=w{_Y@E=ZLzov0WhlF3l{iz9)iAoL_&%^rbFXwU!}v{auW}X_R7kEXop2=; zxrXnz7=3-ekMGm#Ap>0aKG%wt2W56>IRen|eU|JVI!j+Sh}iEAUzB*pzbbxhe0=!w zoxFZdw@TO{3qR-?0<~hb7^s%;7ENd9LSmEXb<9p?FQ;ZpVw5^Gkc1?}u<_k$)qPmd zF+HZ6c7bP5DH)ERxXd=u}*lti^6pb*97*c~K zO0pgiOg~pLT8YfClw>++VsG|`ObcTzrnLmF3nlGhNQ-hJy4;uGdT_mlCZf$AyDx_B z5<;wLf2qfyfx+G6{Sxi31RqP(sy{yxfUB5+UDQm9G5NE12?0jYI7Y$q{D3S+WS4zd z2!_mr(@e$2iY~!Ohc2;oWRcYLWz!z8TN3J6jLzJeE{N{@tD3^kQN!D0dCaKX4uPc_ z-a!quzw2o=or5c8YN|*FswwM@YKl3GEKO9?SK=8EP=i)Kl+JT%x**i_#nZx!&+O9$ z(c`{EdZ#(PIiNZ|g2}e_k9t3%x;+lzIopfaPz7RK<2zF~jkD^;bXDD&+}$e?plWyM zv-M+9uY;zE`t&S4I6t~DetNy!-m1^JVv6Xy^J4!T)$2l>uC~`}4mmngFN`oky?{T} zOEOcOsGhC6Boy83_MHZLQJ)Clph;&j3913WaV)wuCRbt~3jS9JaoiX?aaH!F*dC$% z&9T;M^BRtk;xajbPQY%U1$JV-<+RaL;5AZnK`3kbahFo+28pSAo@Ds|S)iDipJ6cb zfMk$0BG=z*Mxswm7XX_)&F$J`3iJryW%lOoqS#y#+mFU9SZ%hV}Dh#GvK!vqaVfcWrSULK(VkS{_VB%pPU#;h;`|N7{rJ#@t#Ib0BRkV+3 zUy)UV^bWH4vG~Es0CB6Cw?zg7wJiveYeUFsVt7urM@U|zx~co5 zuBXdFAUw2A*mdBHgyLZrb0 zyghqaN+3vNuiG zELPswt!8vi+vbP1T|n$#eV4a~@1n+_Gic#0CcDO@<(2_U-`qA5>U4V>2h_&-MH>OH zN8@eq0JZfAv|gYt3FH(ID3)R>0Q2)b4BccZYKHaz}u4 zo;}PSZVn`o#w$5@6zMgTa^t1;b^Llg#yBsxZ{q09_FpL9f=AhrPBi_|-2G}{QjzK6 zc%}NnB^0HH{_tvI6$_R*n%tqEw4&;M^_k$}nI$6`&iDr$Ws_ueIvCjzp#Xt5Yk@@a!q1T%JTQ zx?`8{(BC})3?N*Yd0?mTz+as>!|=MIj#Sfq3jtDCp&t{c2Xa8DY@a~q1_sxgn6{`& znC7f4uo>j3!tL0S-%hawu}Ek-GEK_4(s>AK0gI&{Q+iLrWg)P4`=SYc&M!Tv{m2`T z%||t2xIDz-Va`hJ*?3bWW<%;eEH3rD)E$?a6Uo<^nv+v|kCb5nbTeqEVbp1&Zq=cnev)P7Rut_jaylG^L_>xR^RO8ZZz3Q2HzYCo%A zH-+b~O6|u}b9HKO(YY^#=dVlcwW+y*xW%(`49QyyexCv7|G;^4t-9;)mjC}O`@eIR z;meQJn*B5sFLVQBkn}bL8f)oo=1wciv{Jxt>}xv%t3x;sODGSBBBm8_v_~B)qG4J& zrj=n@8K#w6%$hj`SF`N<79xIA{JM=X5jcl7Lax;YQ43X=xd*TfM32;}7~HWI5!xCm z_m-;p5&{(@w9{30I}unEECWD;!AO!C3ZdFT*ZqH-|a*q z8Ohs07h&lfFDSvc;|;=i{-oY20jfnwHkMBBzu`>e!TJFvxtC8h~n){GBJn zhgC{V*gaxOwzzCGN~ol`Gm6$?yCP$$&2DU35nxNxxGGk%v`*Zxd62Ycn`}vX3-y4S zfS6H-V=7xzQ$(xml6lP-b>gG4Fu<-2{k39&S@8R$Sa1A>hq6#}D00k}s|Sc%aNQf7S3lNJiEW_T=8$YjvP6SJ zZ)uFxc{v;JA?-P2dgwTLSgq%!_E>s4KAyf-Z*5*ouKUGi^Wxexddo^3QvjcKXZzv; zDoRveXG_TPM7#*x)%c7@w+U4Vby`(E+j5dsqD^o;4#g-jIu3(eCmJt;lXgsM>0%VOso+8pCo;!-)NFM z6zFeeDs<91jS{a35wo?|DDe^&N`bP>CzUutvIPsX7cAw5V4!Fa8%?Y3Q^OUimJnoY zCv7yY+6a8SvDY%hxM(pUy3M|Ug^~tS?%lHgPV;#RG*YWoYs$gYR;`!G!{pj|95>ML zM`U?PYc?f|HzuX%)o?z%ow}atl~YWTTF*F#bvde@Q<{KX|Et447~;DR^Y;scEAr zD-awi#1LyB)q~0d7YkT6WclD9>CQ+!#{5&f1i}}VL|F65S|l>S7F4B7+U54CaXGAZdS6**=!~QHuW=QC0d7>9Y%$$H_QZDBC@SSrd|@2GV_Q` z1N@Aj#v$(uBB7oH!whf@$skKT^4?Vqkl{uz*N9?w4qn)5U$I59{eKE&k|dt zSbP@HUF~e$M7p69nZvw~5K&fE==>&E0ek8L^p8bH0kX@?%3f@-@?9VT0g&2`#U8o6 zcgvgN{uF$t(_xj8nd=or#1da7`EMyYZl;gT=UA_>n{i*X?OwsFz<{*JUDdkZnQLIY z5cpkh{S7|3-ghr+%}dR-l(FKX-K(`9X9i8cLu+Z7DCS@rzB!{9% zvTF2_>WA_y%u2 z?9F*TC1oD81Me*nnCa6bh%uj%V57k@yr$(|Ywb9l_affg!_2jc?VdJZ+9%v!J*Wa6WQ-~*e@ zV3?d;)0i>)cH+0}LOf~k&FXBY{M}50w`cjh;!|soA%Z1HB@EXEw0Lk&$~C2#-!GV_ z6U(XYMzy#m2Tfx;mh?;~n6>tS+uJ&Pa|KK3Q1pbL*x*`0ko)py4EhpAGy$uQP{VOu zBkwMq4*fQ5+)buB*NIHV_lK%_vWA#qAwb6lk(bcInj*cDdd41PMir13Jj0N!fRM$8 zI9=a9ZMHSc`u4GHD9ijXRm$2*^(OoFHnIUV=W&#h{y<659m=PAd)%0$!ehiZM}&2N zeV%y%5mh06$`8wfCaeJ!^JY5oO+g}W<72Ho9_$LB3K0K^E8n2H?w#>szf@MTh+sYn zi>F&M6q5`W^1+W;ce!Q^q8!!-~h5ZwBsmMqwQMi{MU_}BCv9hkG3(; zLDaFd5_<4t<&PFYUsk9t;e68$3IzXh+)h6=3duJegl2qe(T7{CeMm$e)1Hu#KcdO@ z>n6M0L5}6|!`9tK7S1_+@=>&&>VyR}pO%m^6R#sW!w{(h*E(JTXV)6NG3Q1k18s2rRjQh)YG5 z@Fg211clIwH)-*!Loz{h$Y!|ywwa0R-;o?`-;PB#g9gSU;<^N^n!4q}%75k=;go(k zoOy+J;&lq(+IpSnx?)0~Z;}g)Jzu_S4OV@07JAF}TQ$Ash3SnGLvyptYW3kk%y&Tp zec+}(=>(V2z?X#v?yLq{mef-T9zN?=lFvCVZ?SkoRMFVRtQ<9#0wHvAGqMcr04L`v zrSd+}i%9EM#iU{lNH1}(j9>3whqn8!WY#0(mP9#YWm142Hn^2F804WArVqsCTQP=M zROnmC;q#$vtdwSx1io4vP$iM6xSQd|89}(L51~#!=ns5LKQ1nFlY-BGo{Qv@p{wB9 z^j=jnEdM(Ie~wsB`!L$;O^9QatEV)G|)8$M!j zHj*vz%K!v*s|bqS3*0mYcq}eJB=@fnK_sHl8TplLGKbDU3h-Jv1YR4 zK=&Kt(dygM&lOCJN$9?dOgzrhH2xILa`&0|=O(`2xP`4~WDT12R^}Fq)2^(HJ3*Ln zg=m_dtW16ie9~&%oLERzz%4X>t9jlQ=_2rAq%1rj(k+@KrCCs7 zYGMwMm3LSQhNr21X~I69a{L~N?q=~a-<#uTlf(}h`|IG`IPU%^X1_qfk zhnpP`E$?i;jOc@&#Fr1nNSS~LJ77m_PI=m0YgiGm7b7 zCc65dn`NqJY`$-NQ=L zfT4A5<$BRQ7X8s3W*Z!WOG4>G`P@0jz1xUS=W_&P*!r@tK%*^ZVvZm&sKkmpN3u_1 zM3qo9g>#4?{`xxiP;sHSP!*YUdqyZ@#Oh3*HgJYvYc8!!Rl;!_xWlsfsZmC;D_T!R zDf6&5cYE^|^OEH7Fo?;y&Ygq9b!#XgyUeYLG9`S$#6KXExi^Z?M?f2Jzd0v1FPw9O z`+>nUouPe}r>^tnT7?E=A|AheoR78U-@O04lJ@jzq)qYuad#v1qWO%;zT@5ZfIQmHu@HixxhH(>9>VC*LBxlZ$7hgejDM%Sdnu&v(ArdN+Oz7Z5Q|f{DmTdsAvoB_i zVj2KoK8FJqG!H`c05;%SfRsgz83dX&WyNs~=Nz6&SUoC4%Jw_B3zl6YS|>hunb0aw zZRI?JNU1~S_)b6~xT5D#N2XPb)lQaT)kXMroOoBpKFjk9{eViRvb2vbe!$7d%<9*`M~I>aVF`+s%BgH|q4aa^Y)sqUD0%a8yKFVhJaBokY>((( zIm?M2TY$~v-YlCe%M2HB;>-ZJq#Xm&0kcTShfCPula(MdI|3;svnNT*dd(_Q>xvFr zoV*Gt8zLCIs1@ChV8BBub|Pt>9%r(nlXpu@4NR3Vlbj6S;Gm7DKP;TniFe2lS@|{3m5>E!l1Zeqdz)^3e zN~`I#17U^spyM{#SMc;En}#ypXy-*q1KtXN%G&`Xxod`B$l_K9UTXQ#}%=D=A2%yZ@{=|a7O6rr%it(uh_T9{M zfN+2813Sn9!Py*_#&?O7lz^awVkA@s<37UsGt~q&0mU=b zgcqdmt4+A#og>ND^%F+oEl;npIE&e9)~}lv!k(0(cS}X12O9J=JVygI1}|=Tz&AK} zfHyJlMSi^y9mt6Y4;iDvkvk@j9)%7nUP2rtk5Qk(kq}v05>kwm5~PLQK^$C2FV}KA zLr9)REb$OYO5&mK4ZvEK_ZmF zoN%@b#fM}AAl)s1XZnn?C!A@UIo}o4CK#T3`7%|Az`v?Y0|?!Vg=86(Vi3oHO;SwCd;`J0C6m1Z1Ve_s z2o7YaG$^Ur7gR6_!@kMCW1|wJjD>PRDCdXLZ}eGITPWnmxJmLax=TVXUOIb3fWy%B zsTrXi+J@QMql;w-1I?Yd2Tc4EB^<6wI)~-(xh$$^u;Tq%p@a5tgpI~D9vHBX7(=*` z6-3Qwodd~n?$=r^31wpp&j%{*EMOFnPjFABg+PpkAM?1++U#bGdK7t0UgyNg%~%vj zVjz`N@*kGS8Q{M?=ScV!@cU;pOC7hnpMVt4GK4EE!=!W~|3ij>eqT~<*h-_!W0~)B z2ZIvGp~I9Yc(#tP?4dcLS7c5~k0IvfC!Ho@Vdhsk_+)9^Mv$V7z`zXGvZ}&fY&QQi zEr_d6W7Jmr*Ju+y%5-=|M$908S`U4RI}GeQYzDldPgl?m{@enfFQ@g~1DF=x=hnWa z0M9x>3&=PNS2vD&5FlkL*tbT}UWira&pc!HgpY-C_}~_i442N*4@p$J1%6StfDIW@8X+Z!Mn~E*?PX{yEVN^^ zLD9&dl{*WL1e;>#yPB39xt+a8I~8<$DRNbqcM<8Rh(uDe%F*xMU6i_uQ}dA&QTOm{ z7^*!C(scS;B~Uc`OY&{&=j&_b6H{{n-}R3qc2Q1bAY!Jbtnn<+(2kl<3TzE+#U@LU zdF&Un`0m9%4cgWUok#OT_8*0|JHdjo7iwk5j=8qf*XmW?fH1{lHpS&jL-_#V`S{Tm%7X~o7u6aJ7;77^aF~bzX|#-?;&(As zNhzn72dp)71f+uzSBATsd0T70L$sNQd(5h{2u+u<;vSc|<1_Q$se1}n8M~j~mvx)MPxk(sM+BbBYB zt~-ROI~Gtz97+OZV!7E1>K%$6WN8+l8CgGU%d!n*WJc8?`%J-yX5VnpEE43yYK2y4L+>ZUzcs@2Y?#C>f z87E=RxEmWCuZ%5>E-7K5@i6W~?!heHlDVxJLMS-*84~4|#DAVK%&*VQ4Io|&5c^@U zXvKX6Q3;uy5|ylKzEJYN&fVi^SkZGbrV=bE=mhIJ$dO#VKPct*m&}T6Dm&7&V@0oy z_(93vOQ)J2$pPSjlKFY5bYIE+d&%8jO0qVhC=y-im)yV`#Tb4`yu0E7IsY7lpMoJN z25-aVPHV(-KwV8xkc0rxNOmDdS!1x{U|Z@;x+g*1 zJj>RRJ6xC*&8dsUsw)|dyT~2gRT{~=Dx>8EZ9VmQzp?Som0jXBykfjDmQ6M$vIUL# z+4thczsK2=N#oB+wju4`BDJspgZA^R-T+*3O zf>=l3Ar~ZV@q(-^osWib0eP^O*1DklKFM)+G>=8@E~Lj8T-e(MBe~_c@HIoM zE3_R+(_Tec+=JsK{DCb#=3V5EX_8C1y< z%vEKSex=0fT1r{7dHGW0>>RmC;G{cx3xf}eZEeCp^xM?mfWms_Ojj zy~=K7ldI?*&=5K14G;7LG*?X@} zB7Cv{Pw;9Jys$s+Bk-qscoe|`qv96{J_=hPT3YN!0vfdTKwbmzJBY!fWGfqt^HG#T>&Nce6qWqaoQwyTnb1V`!J?NiLFrTzDhg25jVJl)ltQT!Jwc zNSMLZWudH!XF}DmS-gGMW|Sc)v%_}~;E1mQT59w81{LM#4#{c0X6+r;z`vQFn)o4W z-VF70l6j^5C-ZXh910HYeHlo{Bt z5i=Xw%c6M(+8{)-l@=O1lqR(%m;_G}X;2!`JkT5}Gh#Oeq%bR>17h!zi=u+EEqpy6 zEGw%yku;9*IV{`(-m#aoUO3%iV^ktHl>RAMNx%|vWf(&I$#~AjpeE#kfO8IXD0D3p zM=72Yy(To-)dTrvj~lN850ps0_H#iAvt&^gCOWj>{bv} ziP(gQ!jk_wfSqoAi*6l14Fy0Ip(!F6q@K2XJaVq(M12V#keXAFqNz!j8FRfc|7Ofp z#(tP4Fr(RIy1~)~IE8?>kmbT2Gy^IFwxl4_>37a@%v2yYhy?o=8&?lhc306iZK3~e zJXrlB_m;irBL;BDzlf%E;p3SqoRYZ7^AU(iDnKkSdQClM`*#ec|kUr!!}BT5i8u< z>j<&jLR*X~q?$Ktigbspqzs==Y9MLma79Ct$3mn^k(6FYdJRSBt3@AxBN9{n%I%W* z*k>p^L%l~K5^d59t6_dgh6GkGNupUHI2HmSK;f>=8ODStiTjw9^d<|0)kn%F{&HZz z7@7c}5Fo5rJi>P(N-ST#1$p>p z@pjo}T63mN*O=873yC_Dk%!{f2oJ%kL{7@L5JXe8Sg9iM)9Pm_XbNd?0g&xIqk$EW z=}Q*0X*!IlgcmV$s3w@M!d*+sQq-Q1%J@;E2k&A=4h8FzJX!+{&-b&zJPDG4HPNr} z9dapz;&okZ3CsfOpl`KmP@MtrGN)`aoRvC70b}P!|D>>542p6{YlOtuV2Q4K5So*6 z9n>}oYU^UFtOhhNncRNSTXxw14FBBY0nRpWzk?hAD=k=Q7ytX1P9StJu681knZjgZ~K%QqYT$7rZgp#1iOdE+scp-Z-{)T-B0?Th{-ZX>2NHM55 zKmsVx&gemnaPg-*)wY2XV#p?>7nTqRJ5Tl!zrFY^PGH2!%1~R)2Vm>GFWs721a~;(h09I-SXEKt%m*vFy=Cq z0}#{HnUJ>>FHRO9OJqnes9wC0e!0aWjlyP3mxTbB;)!HM-8MJu@B`RmV^te(vd;_Z zgwjUKgr1A;h8NWdc*uU&tv~vv;I8_Y?obRP7+j8b{2PF(A?+Y$k)BMA3Asvkr(BA2 zT!J`YPs%A2#);W0?~0qqa3!46cj1`?`x&O|AOqBGCy*R*ZZ7ZFEXAOtAYw%IX^KKj z^hZRqk|7AdohGU&EY2H?#W}LwU@`lkDMXrltUwW*B70zzf`S0Oxf>u|LMm+5=(Bke z-Kv;{GDF3lyr!0NFUGjA0#JUk?GIu}WSF37{nfE6D~_6E1Bmbv*bmy}aNszyH!Zl` z3B%~IIzsZc+g9T1z1x?B+`ckBp`e=~L&*?O4Y1asJ`ZrV3DAMD2N%r`GwSPLq-s>b z`g1yOM9m3*K6y1nM+r0kV}YTs68Ofxo6u!4=mvHkM4xLV7;~^AOCO!dqy{Bm zCEc!H?K(m|(~63(jgp@@W$r>`HIt`FBEC1^jV(;ZlCw%6>Ttl0@><=Bk9 za$T~9A5j9-uy{|m5s^EQk!#5!yaK3~Ts6?(g&4AnJ4{4qwHbe5AZPsEd5-7kPlMLp zKlS%?ec11EB9Rw@K~N&F=;BS8k6|s`z5`LQ76yRkf_BN&mhgKtIvcRU3=&7@&GY%@;~3c!a72CXj^pP6tK0RJql3HZbEbdiN1CH>VLg1u z?;~(*J;FSD$M3_4>wTCJMhwr*55)zxz=_50gUuoK;DFzjbIrSj-#%nwXufPu+-tG= z1y~HV$&0TGztI6@u+*@9Z5zjhC1-HmkYtR1Jm!Cb;{ZL}lL!2!RGb{6fd@a4c9UbJ z7Z@5F*Ks^%#xpiMrs$o)yzsw5%%xEj{gYc13MDLGl0>* zj~yk*1m-ENruKCPKzqR=QobtBkWw+kWP#400y=RL*vY}4=h=nlj_-wx9htuDqe z(+Cxq4#?mQRm1O2R|2?fpdG91f+bLbEl_Esz|d_MuorTwE_5lP zSQvVUsX!#+oj6)9RAQF_O*?ROAR!?l9ONT@{m>?JM4MbBvp7CHww={5C{CIq(LdpK z-qFdqmVAD=W$s1}uJYAzi*ADODB=r9wt?pmw*eR+0z-6jKKz^tI)?dU>GUuKHY(8q^|}9qiH4sJ#o?&+l)tCPYXScVm+0^Rjs4$ZtneAh7D@T;NCP9EucC zj<6K2PP?{yNj6#|CKP`w{8Xuw{A0E_9ZW}p;KpGEZ!pRX0-Fxs54SZQLUO??Gxo8# zJ;hdTVP3X3qA@a}Hh^?WSwGOG1$Mlxvk7$PS6_p;Q_`8NcZ)-7P7CF-P})%Ly|X+A1-A78DH?j*% z*^lq!AKyFS=4ID9cZoCD;t{4Ok4cQ(8NwGLYUK|8LEB>Cintk7A8;As^Im7~a|XP@ z8ohV=?)&HmT!fBsdm|@uNmmS80tvtjW=`{DOXg(yVnQR~FslW>#8$7x_W}?Rzk-FH%h460`Q?D@P3Gfv zqohZtY?M^##Rw40E}N9=&%A*kIS=_4wj_ScL>mC+ejK1<(TseOm+u%#>#woq-**1~ zpd|w2F6TdL&DA^4Z?f()yPm(!nrnBSzmk)1rt|!>fW%*BuyDluf;V3&j&Anm-;1ML zy!mQzw8fjRam4uCs^CcB=r(V@Q5@aw&E3V(9o~GaIJ#4jn!|Np_vSmr(Ko&MZgF&v zx8E<0zU|EqID%WjZu38iqx-$t$`N1n04lD=F-(f%{4oV*3BJ8|*S76!7nzY}^x4j1 zTuq+#?|)ctZ?onQcW^;#^FSCX%HKWxv+=2W+IRl{ul_dcj!6Vrv<|zWuJDsX6SeEU zli$D}=}f}@q8nngvR4uKhoL5)f1AeQ07gkHlS)Qm%j&Wedulgyr+hgcFpDR6d4 zWtsLf{#MIQ|HOSDQ5$R*8wz&<7Rr64F1U$|m7JyLLjJ*pJl$sV;pkQTQfAc-z`$|j+jB~+g^y#L*mS&o9m5_OA>Stly%Spmr!xQ7x!orH+&a z7g?k>L`N}1PsJ>DPcW)A`w;bi8x+ip*MrP?la_kHW+QhCza$1g3^C)%nO*o)bUgE% zj-Q_RdFJ}*`~SbbPwiGar{AwWP+Xqr9@$wxeN^<+^sm3S|LUC7B=y%XV1^U`bJr`)}VK~v2sS?y5<^tZ0FOd*%I;BS%PbK>S zg2kCnhe`8Wk+_i03^5j;BuYdYY^)E1)J=4pMT{H54Rmux+7sP;feG#D+KL`1X#ne4 zS*%X2tkgB+5G4_$lNvLe*-_&G?usq}z0MiA78rV-d;k}6AGt`mi}}T=fv&3!`b&b-E7SdNI79hyz4G^(tx!q>?N8a7u(Vea?3r7 zz6hxC!x|2_wZpJQ7+^4{2Ic8bAv4$u?l7ccjQLhuZy=Hk^*sYJ6&!$p@`@@0um#}4 zPmhAK@S22u@Q8azHOKifOqVAUkQ9IWn!Q8k^K^tLYjkW^Cu`93uD~TgBT#G_C-7@~ z3zBd$2;o?6FWXr zRz?-uDi(~vj1&HojVgut>qE_pvLi~Wjejqt5<;C=oUPk-}^8YSF z{A~>ZbrC|m46^@~?q$iVkoMP6-m%jI;hq8nNMYkQm2Ng0OJ-B4XJcsye+L#R7laK! z+zk>V-Y_3dJp~)GHe8~8tK6BjIyz}AJQNIAd)cxa%S}>@CHU`^>5rjk6_Xan4*N#) z2J?Tk*|!lLXtq0nfhNKv4jg2NR9Bp4*Bhh4p9Z;BaDIbG9jtja4Ar6Z>%U~&xMZyG-JEZt9+H{6(n3F_WAi4F2~3l?IK;x%hPtUM;b<1^jN@@M0ga^I zACYXZGiixtUvKu2*-1u}8l;=(y_rXgqoYLE`B&HzU=Rq=Tmljc7umzjF{VV|QKd(! z*(ua$;Q->5>lg2Y2c3FmqGw8Ow`cSwNc(x{T@|#2hN6r_et>*7^?f{`V&`Ii#eoE% zdrGtxzk^hAB$s<>D2wEBy_-?O!LN%Wa&A1pi*8_s5TJFdfDik(&k2qQAtqRg%c@f6 zN1;q;03--E6K4-c{7++y5Cps-&XPmaTRlJZ=Mi?#xOYRqVt5-SI);q3bVF*0rni{n zo9olc)tSF0vy|5x+ZPjzu)v%MLNN^zgeckCgk1_OU)uUq5?_&7@VvecZBfU%hJ%-jnT zJ|x}cI?vS~mQ|wp7(oIpxYV5s>`dNioczuJAxuE`GdZRIGBJ-N_IFGUXsj!Y+hm9? zlpby-m1V>6VL%D+qgpd^FlGkF#Ti!dZ%y9Q%8Ea*L!#Aw^l;QdgeO}R44>tekb)6`w5!tPq+q;@zL(Y(4)4yUZaL~9i2 zP@o2Iw-n;cDz?rT(y~f|-A>H&f^i;w1L~tsfTI0aq{v4D@JVL}5x%u!@j3#Zz($Wk zQYV3fCjBo8WtIwaSnt81uM}4m!Uzlu@Kj(s{UC~+>r=+HbXzjHH8IVkjaZWevY?|q%Ya;37gW9v`7<3 z-X=6w*g3@UL6~uQe?Z?sbP6MZgk4*ccn_0A*+FuEdI)c&>LBx+mh)S=KN$!E3MEx+ zfL2UxIOfv9-G=~?^M|k)id$GQVey_H({(Hp*vBh;*Nka)hNhSF0b1M70}T&BExomv zYTXjyCWCeu;X{S@)tM$FjYd*DS}K=2Yjfrl0sHJeVP|pMen>W9>5q=j`jfu?=u|AQ91s;pjj7<3ak||OW8qJk z=jIN~@0e`P@11;Gbd;!SC~rL;UV+KvFfxPfHaoAn?t`%f(2QWn7rd_#41sojR7c%de1~{0%t+)>SEe6eeEqaicVpIBT%O| zn9dBQ2g&uuZwo^7auAvS$!*7eV;4akw}GP>_qzMNBouNZ6WRIDyH5 zPF6X{xUsfK3&m?UeO{dJ_Jcg{7d1rSE*#>~{Uq zbctD7!mG&2v&eT%w(F;eTQF53Gdl)?^Qm9duHP#~$&57!F7)tJzH7I3{mK*tbSW5E zAt3Qxd$j9G{BG8iFut;T#M6c>HLipIyw~ob;5JpfJR|mZ*VDYTgZF&o`lq zVq|dD#7BZicaUyf&==Oe)W5{PkQKSY7}O|26w8?2aP3Sj`DH542FXUFXv~i>H~Z2l zQJyvTGS2}z3Ue}Js-=@VGGnIe(~p|%iCLc>y* z_>ygA&Q|Oi2^T~FcMO*H1I?1SJ&T?*eV}W`x8gw{c>`Fk6T9;3P4;|qw0Udi+gQj! z6Q(Cefn!Y&2S|w705Hxf=V-=D#B^Q;UQqIv-0sPQI>^Fy5d$xPr|%Vk zI!XabH9}bpWfIEY7pJGTW1HnKhF}I$4aF;vkwGf}vqdwIE*rfXh@NAFLpzQY^s&nI z3J6hL$0xuUwjiC9uwY9=Li}BkBQywykAl%){?T#B_@z0kJx~fd;q9qiP{@T!;+V*vx8gg0wohxFbVioh% z9akjW`9+)Uc+!qHa$T?ajI%ep_^YmU14OL-k&W*_)1UMteJtVW;KL`<%H5d)@5i1_ z>;5WPwGki<$HLv?{tPlC-ycasXI5uxvNh6jvQ)_|SSRyc^^Oji>Bh}OjChDmB#u8}&ZGf!DYi4_ zs3IZy6gJ(WNfNN+_mG2n05}docj%sA+T_OFnAJAN&W>l{W~sj(xPo$UH?&Kc1KaGW zp&Sflx)qRevrh*R1 zE(V4Jp0Ko=enAlaI(wG@42WV74AO#;Ioi%EtmmEkrirehOBk={bL?5@K+P>?2;t}! z<2M64@6bx%0f=?Lyj9$M=qT~b@;5XwU>`Qh^^-FQ&S4f@gMvm@*s`!;0kjYq)zau8 zB1M_GG!=LO4}$id*>HN2oe4W$&GICl1pBkv>^~Gl!D7Ee;l%| z-5dkkOVOs3Xarh5TCDh3%ptH6kkrnZ&SW*g@)Dsj+}>j;YC*bXdRC^e%j^VKs?h_X z(L`9F>8(({F_h~iD&ArUHc1(WvNoeEYH+21*p~ZWg>4atqfx5lOQG8Pr1Rvr0%?d| zw54i(C=teBVBizx0JT@HJkD=6Kno0foL9QXvLh~Iahd^R}f<5r;@Lx&&MTtc?iDlFl zLROXRf0p#=_aPY9anV%pY?ZTU*Wj_eXT}q@j>m|s(h%8TsKx{DH7R$(h6-~eXJpwo z)ASo@_PI2jNDg5tuJC)bbsL9*)x?mC=7R7+?q~f1RLCNTo~tz@(XN6<)J>Of5XPO@ zNC1}x2xyFbhRg9_smlzc{n&^X)-eMG<2va62yjyND+0xVs}_l!1Jzcro>CN78MdH9 z)kqKq3rYiHG}>SYslZo*<3#$2-+&~;EeZg|`l}vFRLxc^>m(j|*C^9tyV?*S}epxhigVIIxh<9QZm>r0KhbNlTa z6w99mH4|hJ-r-|dE}!VguF3KbWyw{TIMPv9JA1v0KkkM;4b0>L)%Zqd$^H9z*SyE2 zePj%VSZS{%#eVyLH zn=-vci+CN9+ut*z++)T*X-a=FZY_O4hzLO1M;TOy`sXHF!W!nMS+Z=<@Uppd1)?t)F-h+^YE}5g`;4@$dktvT5)qRH9oD ziK&SwE4*Z~$Tp_+hE--bOebw1x^c0VD!8C1jnaurxIGS!NTT23w2t%{D8X!Gl@QL0 zeidX;U?YIKoSz77$%p2OQteNi;!elQFD%omcqPQr3DLbEE9re$Ip{D&+?80jWu+=% zlj?46d)e<@e9mGXT8?f(kn*=p;5GBZ2jM077fs!B@SV(X_mYriiUz%szu+CR>yAN{YA0me^1^Loj) z|2p&hnba^)U)pg^<$<#Kei=de?tV*|1n>jb}=Pr*GJ3t+H&jqvir&OJ>RRC zpOmXVE1RE|J>`uvo;^w`fNxgZ_bdDT7w&2xe}Z|5!DhKAWPcwHoIULO<5o5ohxI;i zdnG0kL)uwuVCkP!Ti6zN)hfh2>&V6ldRtOJ;8G8gpR_CQUDd-wC7*wSO> zJjW|<2=xT0AG0X9vwV0gUQEprv$))rx!`ucO!Q|)*zneFZaHW7G|Q_CTe3~NxZrW*ZB&qabJ5E?`8A(*Vf$Oa!I zVi+`{^$HuovnPPOA-=5y76CZ`8bVZ0u7@hXmI6xzEC1qAQ)7j$W!GdN)@?t?}kf;Yd#AXrv^v1_0PI;M9kDA6Cav_RQlN4TtBx)%N60Jp>Y z5T7D;*8>WU3UdV>hdO0lM-Y;BiH>I6GF&<8a+t+bPE0un6kp>cA0tJDR#dYySQ+A^ z!RjI@Z?T?$}e4ZUZ~!(mY0@kc<#afW9Ux9~6+lKf&V}9mA+}AR88n zs3dg{sjd+TSL9rwv1Eeqoe2m9D~7lg-C8f9DMxCm*@5!01fgoLsF_pjsmVn(`_5W= z9qJtOZ?)1@HQZ00%UG`fBGfTk^RS6?g(3i5xCmiGbVc1>Sx>)IvG-LJX_&G6Zmm6* zm)ChlooCVe9EFj5pk}VF?HtGP8)}%Z8=l(GJIX%|_X4|5ZT_}qzE!vPf$qrK{{hfqlsps7UTkbE{ zVFZ-jaj@14=qJh#1HfZSjC{lYDA;by3!q-+01#uW=`f5;8q~-(gHEc$h6Ug)RseuJ zUhM$bC#DIow_O#`z5cKvk>n}FO-*Ro$3(^a34I_74^L3ms1A6H*y2rQN}ovtnj~Ku-A2Y^`s4GZS9Ve5KOym*nq(#S529?>fq+B8~E&TM@UZzH=?AUHRfSA?#a zv(ezJn}J6c!na8;iA zEGFRIb~h#&4NUwpw+9YOA_(^0EFnZ8Y(RV@R^0&62C>>Wzh=*?ne%Il&#R&Fq#CST zU}D9T;5nVVZv-00Dt?jDaxFt46bv|uNANUE8hFxWwdB&8LNJB65XzB&20?^|!v1M- z>!OFM?k83AFuHUHmiv9x{%4iP>hu^rLQ`5epORbUsrP*lc+A6b+D|cpXPnHkLTO)J zk7z2i$iwTaMNd}kU#tGf>cn4hbqkMHwiV_!3$5KEQA|5p6hp_fThxApoM>ewl0@?v z@b$IF#MDzxUl>jx*VpVJq zIeZp8u30zZR}q|{eXg>11J8wVH(Cln1&enZx+m~f{}tkGwjP&1>pJ`?x-2fN@i?L=q&xt zIM)${*ewGYI%NA1V=)BAe$c-{Sw^SgS16I_GIr?EhRwTR@@k8&n5YQhg9Ou(l62Tz0 zSF^euc@$(YBcej^3E(LajU)|%qY$D{p2*2Q>`q^dVBx1L&2Mb>2(*Eg zfW#UAetn?^t&3`YH0cI~j5%@52|h|Dxwj{}60HrfnDn<>w!EeI3&PU7OB}#nBs7w6 zX2B#k_W*Ude>#>r2tD2+CI{ocx`N^R+B&-~KZiJl80#Yxmd6J+$*>kk$gr!smY~O3 zM20~G8OVXaqX-AjRJKLU*0chL*1a6(r55x#kvy`9Ae!714#Y)f@Rn3r1Mc0NW! z65C=@rGyL;ei#Q?Z3)dkw%L)2_X9TU;!tLrnG*h`$0si`$D0@ZC+0m&SlZm%gGF`x z&zOhvcs?G$(FbBoFpVbB00Xa-kEi(8!qMXG0JY~&WjA8ypmy@E)BKBhQ~WEFJZj7z zjG=^!l;37UXF-qPMjl*&vFPNt6jc=hC@CU~cr#5|;YJuvlt#k@!XPN7u~!&>Y#Z&p znTC(D4YK_!@B&(}0c2Vf40FoaFiAn@+S%NWsbtu&+w0?AnG*EC9exI!xsZ3jvS`W? zdVx=*o@TnA@OdJ)Q3-seh!0%eN+;b%r$WwTlQD1YGNX+VGmq?gW;g6<;%v?W62%R) zGc7u+0oohbC|l7Mdtw3U8*A9402bg*Ye|n?!aQx21&r}QdD-q-`! z762||BGNrbCjc_jZT?b=hx0a{Y=!sn*ICvV0AQtgF}8av4MsgC>0OGvhjcxz)fqaI z;p%ZK%^1W68t$pt%$?_(LmSUF`-esldW%N1;+63~CJTX3(=!dDH;|4^`dOV*uyQjS zMZOR%3Hi|ENjHsAI?32}*Xvkh)jEm>j+0B5=b==#SJLS+Mmp^&jT0vy*izGd8q``{ zVR6_hA=qj9HEZv%<}23TgUcGseJ4CLJFR6c$wG=e2HLxm;ERY%nLLELDi&^;^{fHb z;-&km&|d-@C(6rj1fKG@F8z@;5AoroDM5=SUAH=({$mlg0n=;&1NOQs ziq3Qs8{6`8r0D(O*lpyB^&m_VZ(&1#w-H*QR9;$%?`bb$5_YKTCit|H9~L-Dk#Lup zDRTnpH@q2M!PY~$G?d+;tb}s6Q2J0V3FTg)EONv2O&?dHb+g8^u}QXB`EhJaL zccMhXNF!r%zRK_6UWuV0pEJqinZ<{uNCK6o>{+D|Yz4D&AK+is&fEM@SXc*z(ueY& zLs{FktVZj)>BF^bvzaB<^b9PetEVHk`9lGU(3$HfW8`9-Strw`- z@*07Av*uIeokNbo4G^oTeSaa&-g)egSKFKkZh>f+55KQ7jO$cNbxf*3u)P1@s0P)s)6 z+j=9Ii=hWGH*jmv&`W|mL=xfeNP1s{!`%{xWVwi_NH`&8D1h`iA2b2AnBi3{) zkVr#xPKTDbXf&zLrP;01Ipnw@Do7i6lmH;56H3v#l_9zbO>f`@!1$GuGFAc*!vHnn zmH=%~EbYBj)?eehmaNWRK6^HwJJ8

    FM8$>K=tt;iwmSK->=tC=W??fj(8uCoIl zv)Pq);6paMoG5YID5+WiuSqq z8TOv*HRQUl+1?Iq|5jZCIvt|e+Be~*n4}knATVE%6=Q~9U5pA8ne*G7yTF;VoI4wC zhhU5>7GfqnX0wNF_Dh>RWXV&NJ!mshtK4rh(yiQsLmZw7j1$=%HCou7AqUbw%wL#3 z@cJSlbKnzV(Q`;b?ak@lZSe7oV-VGO-ktBw8Qz`g;~B@8A!I+s6(;?u%N}sq_g!|g z%hsYE#GuE1+-2|{KEKgrA9dN9^wnYvK`hKYnfM9jV)>|VaeN0w1~$6HWf!~be3zZ) zvJEafI3PBMh@uqa2d5IW?dOW8u$PvuP^-)gl{V5te%9#!SlN-0nfD5N@@bz1SdD}wmN|rbVF?d2Atj}kj4cBqXYgaM zfR>O;6Va8i)O4M3kv*&{CU*cqPn}o43^@VKo=nNnMqFW$Bu7cgJit}pYO#P+eMSMmAoy}zMS$0sF;AP(xk$jIH@3vW zNvtB|AU&{di?^F)yyeLSdZW)i>a%No_CcRr;j?#h0br&Id8zcpGkch7;)S9DCBG-j zJZtx=B+8piZ|H-bP{KVIyf4^H>!=K5ud(lmK8125{-V!r2~&&7^@NKb2NVJn@Alc9 zp1B}Iq>Ny~HoPD5xhb3?&*#H5htR*%KQ%r8P8SK@?%V0Jb?c)02}960s_*DF@YXlEny z`{aW~{iQqWANSdR!3>8W5^%;mVjrl%3QLrP1c=H(u)Ps;r1LeVy0e-c@uaWX7E3{Hku=3pRhP3(& z9*HqEJpSyXu=l=)`0t&=vbV$0cvqwisS zOn?0{&VCk?l2UQcVN+Puv}W`#arUP;e=N=(iE||sDZY5Dy$lXvP!|?UL6)r+D_IHb zy7@Q-xakv3+sV+c0(a+pAaQ2s@~h=ru+3siPKnDCWqrEriq_pM1S>>17=0>jj0PG_ z#2WJhP)8Q9`Q64k2~ACHb}4oR}?1Pbhmsxg?Ye zL;1o`9zLVyjN*oo8CCm*Y5|25RjpMtk~}x^E1Nm;W2%$vHS6;rEG~=6pv#u_rt`zGxg(k1Y+6zL~7F? zL!(xIuB2zk0T5cF(HSo8;a#J{$Mk;NNU?OeA&~~9eU&-cumK-d;-IopY7MC~;*Tbn z)8Cbj_LQzpo7bcr+tL7gE=}zpQu}D?|B(9i*rS1a!Xk?8Xs7QVUJ||z<;C%)XS7=S zOWJ%Q?YN-0^(VsdWPCub$Y*Kg#mVrCrf;B2+-T2eTKZVlye{i_Kl6&NkU0Ppqp`Vt0O z9IfKuIQGZ0e=%Yf#nUHiDALy;b>5fn^jOpkX59!yGlKL55NHpLiJ%W?oEv~+*5$i< z$r0JY_;nU>8%7Zq2^eNr;*I!O%`&1$YCGmn3^dBNueHEV%;l3-^R_Z(mP@)0)>N`xMS(mxVC8nds@I5q10~(0fDXppY z8J$f!>#gU`_+95IEBRfCexGN7)HOHQ_!BTaRh!)+;t^n1yW9ACjQI*b&E<+K=xe4M zSzA_G%e zy-u%SR++c7f9cgX8c%(#-?Buw4{$RJ8urpGzCSbj^3+w-CRaho4RH1v3ngc+v32VH znq_yEk}sOL7gNVs@fY)KTb}%D{GC#EeJS~PDZ8qabjLr3fsSDS9xfH+egW9+Mzw{O z&e4aQiTsuf6Pq)CTjsx#`CGFk?;<#}yg|FL;LXl0C+C#2CrZg*O4*~OWFtfaA*8Io zC)3>*(oIX=r+!1|jc(L!Rv!cm!jhr^@n3UH{FCi@_Gq5`AVirp(9FA9XHQx+(P(GY9y zsP_If?Y(S-fc~qIRWHXh8Wsi3a|eK|NxGe$co3qZQCmnL(^16O#IZD#vA%j%t$ zQ)ypqZ_{;x3#yymPuKsw{mJcn=CSXNt|KrbVtg4l0u^Lg%DQA55wUUKQ@MYEU5R2lebv!Z5bKN1x;3-pB-)dWl4w)e| z#Oi_~39B`%AN1MrcdFU%mK)%45N?B;5kC!eflAJP7O)$EdLdT}*7 zznY#`%{JgWzr! z3RGGDDeFIF{f8OO`cIJ?q{t1@`H-;-5k!(T{p6+DlIpT-w|P_9?xck+^amCZpu<{d zojB(H=)JP4W+45wwd}eYnjE~JU_F@s5c5@~7pu{X5TnRmSy98I81dICn};=93}!Ja?=)(jA4PQ0fqg)=2 z(@-8c|f3Om+zIStlECF?lOM>g+ z_gsd6Y&UMV{VHoKT;D|gZT*%;{-uU#r4L*GyWkS;Zf@jX)G*xC$UnoL$vqo^*n(`m zT)}=~{e#y3JkaZhQ7ii7BlFbQbP3)^mZNUqJbBL2iN0z z)7e9_=Cb0;y?M`W{gu87E4@i_Km>kc(OzJTn~nRT>4TR>l_)|JCmf&}(~D!?r-Lz3 z0;M%LT5T(3p?q^FheA0T%DzxmLs?u?l;s&UtHSY|Q1*nfbH;J;gt=QwrD)AkV9$Pe zsq`hw!8s-x%uh0}L?6U_7r`vibaF^`WFyY!s7{;?@(y|!yNxGkMSP+6ZwKBe_ay=D zpsHElO*v)y5`fN)W&I;Hyg9LPFXzt|-W0^b;X4~~HKd44v~lclwNA-#W;$#8WJ?>k z5gCgDghaCaR|^Soi!@cP8V@3fY1WFw^98RK>_?LMOs2K)9CIK9WW|ddRqHvy-482( zV&71^d|Ai?;UUs_&Pl*L%wEA~6vjaJ%;q<7-w0i3iGmldMxSbvdHj|cHiK11Fl3Vv zvl~lg&?AyUMfghiu<^J9Hck#0OPMkYNCBKnWGZiv+mSxY&Uil{ly_f37LwB62lYmy zvWht|53oIrWHm__0k)Jmn-g_TG*BEbYk>+H(Q%=N>6)wyFY!X@BMm@Z8r>GpNBWGI z=EXrK)7WaO(XxRFWX$j-dmWw}=6Fa~^g0E_ltTw*TnF6YoLK4v}PZMMtN zwie3HP_CL$Q`FB3HH$)t8*VLHra(P|6T~6}p-fB!Kd@PKzCUFf<(xt}SEicbx9Y~& z4va1nC-F!<|BVE$d@3D@ZD@8)+`KwA*Juh{4Izik2;8@Z8z!mS?gMW>+k7u}f98Bl z7UjERveWn5S7y&mkIoKCJE02X{qpO2{wqRRyPwtbpRzA6YA#L}W%JX?Y*xCCXD2n; z5iq;a!=9Wrs(6!<5|#*6p8RW}`}XGZ>L@-G-))NHxeSAB<(VBy+em7=7|N9-*vl-^ z<3<%O1v7XA+vLqac-ZPG>gG~ENXE}Tp2m~a{c<9&1GHpe2Mg*ZXd+_~*V`)A(Hb&j zP)!B#z%;5EgDg3aS=QDWy{rUJyt zD)re#KQWJCoO~lqZU;?Ud^R5{`~Se3Be^a!pD49u zpBD=Nx0RMdSnwdWf%Kind`avqnG6R|=iY|=MqDXIT{0KJ#`ma=tf;A8BrW?!mt(xf zV+5G6sepN|n7bwqxEYJfoJ)bBkp&j+7OtI5OU-H+*Wz?Mwe}GOdkL zjKmu;1Dcu_-3I={7zZmXphp?NDy{A&J8L6)1A9^^heKHjWjT~xp-e;h>KVsH4OiyT z)Q4pqj?elQSreXbFl%Rhbh94tQ$=acbTLHhK_f&$Y#E9G&Lz8@{v-I0u|3&5oYH8t zf1cbG&9SHz6BLdf!^B=YVVW5_4P;@>v?OXH$+NXYgtQMDMK1fXvoaryZ8)kan3riEQ#>1_!O>7+`*hbC_lnJ2Or61wlX`LZz8jtsX}fPz5NIn zLr|&#hw>6&V+-+IH^#9|e6Q#F?T@O|ly6EI3Vt!(ixh^G@q7qHAahYp)ma7airx0D=rskDP+|Y_ZIxUCFo} zp%>D;aolTYXsoE)D2B_0`+0@H!vo~)^EmE7`al>J#-5r)vmqHq*~rEv3TKp5%R{J2 zdhiT`%u$TBZF&yLmAlQa%=%5Aov>vv!hzygt<2;df6_O8)w8QxegjB+@ z$)@{gOO}mk+8c93~orrvN$JM-gW4C!v)4W$td0*3fu<1|N;m%8n2YzO*d3TcwS!W}V z0vqb~4>em(FKgP1$$D(;!nE@SweT0vba`l=Ey_!mB91+G?lZT~-#FJj-fq!f8)n0f z55VBjK7!$;`3vR`p&fs2xW@@!Qp<>_(dm9cfAR~cz*W}#XM+{{V8j1Wdjf^x>iOG- z`JFOfL4L&#)a<>r^cM~L^9J8bz!+|U7wzO%9M63**`@_aG_)O%9>~5cl5h`edLBy@ zfN^?+$&K|OEG>aQ;j!aA8>9JfWujTC=~t-**PZH!XAwl*@15QPNgNE;5j%+V0BLGL z>n&QPkmF_8c3ub4CU8TQ5E*!@a=rt6j(?1;j;aPtEL2tqWa^Rsw66(~ZAv({=3KWH z0;!6120~&saD%Wz@fM{k9_0<_Q~XeQoCz=l12Qy#)2kb|V|Lt+5&K{$pJgXf;%S`} z$e#X!;;BSG%u85^fvg9Dp&EpDXE3;`MN>e9$31t$>!B7@41bsMueJJ0u9m-;=2OJM=ZWbXxsx2xlKEo`^ z7azVTTfBHtytr>srO<~@I`odygjP`}g3C;w_X2td=NH$bA7YFNc55(N2blu}m;INs zHl9B{cubH_kgx+BZg$s?ZSMmlef*cDX)5Lu?%RY^))_l(}=a>o&bG}P| zVcqEjU@{X6<3`Ljls?zoW)sN08{zdy{l^nf@^!~h4?LA)+W~?#U2f2ziFi}Ym7nxV zq+rX?+n_+4rE;I6#LLY$P#F3RF5YfC-exx%Gio*%w;oL9&&vIox&JHj+IW5L&VVLW z`kYphL5!a|G)eq0a*n#|h5nZ{R~bQ36?2N|mv=Z=oOv9!OCdvk=M zf5v%(XoYfACYX9)FBidku~?xT&XD@m)erB0oa?Yq$j1p=s-7Fptc;FgmjBvwORT4nxWh$l-;5159P8@E)1oNh{BbuhdXR^ zXO8pUFz^XTBdQPb7QV5?Y=Md=Q#rB*bSTp`J&Osj0Q~5Dp?e96zT&z?5(+Q_8WsJX zAJ65^wKHs2J}sMF;7~W|6p;ue5R)8y{7Q|BS zLblF%Ul^s}*1OakL8~{#{TpMmDIN`FXDHum!Y-Xr7AI_|@u94Qvbe3d@{o=3U^F#n ziCr3F7l6=U=_JR=C_?YC7DskT@6yLqJs3Txz{9c*7Y)9jS!;fP)ewPs=!9>S{MSq7 zu9ClpDmg8-I^bI9QhNr{3G-yh^&^G!n@2F%NTl2tJqt8Si_0fiyG-Mbm?IkXA;g@AS@>9RyB1f+Z7 zvU5p873LFvdOd<`l5Q=i5SlV$DyG{u(F~-Bz?Vq-z7??WKL{C&pVmx3oA@~pB!NBNH zN-VqxRw0t--#+^Y&UU?D8B{swFnpJe!@wh3=vVC274nCjZ_qbM=Yh3#AcCfaVI zb87^dVIC6b-1-km_eEG@I6xW<&%)k2R8tmDOxQW{dwO`@D(Y(3SzqDObKPFe$+$u#@8&Tb)h;tOYuK3BQ%2gt;RNK$~8mFYvZ|A~F_A$=&u5xc8IivUt0oN6D?f%$n%dlt`hNs7}q)3DiSggfc#ay{i z_Jwk8DE(H%22-+gYu#WUQN-D z#`tOsho^lNa^fMJEa`&iHCYfc6KESeAaQk%U_MCVF}-455>`wrtQEp;d=GXO$L|bs z;86eUIw2bwQ5;U>Q6OtC26d4=&>d7i&>k}LoOxCGWHIub|Ce~$om#TnJrE==DW>;a zs6y|@YzJa@xTd^`V+IQ$Cx8J+!JP%x!`gz`BAR5jIPPGtMowAw_z~bC^R|uhkQoUj zzA+q+g|c@e#MV^r8nb#1n}sXYxU@JPY;&vohkC!d7X7TQk>?d_D(}qAMe4YxX{6!Y zJ(;~bD`D@kw|P0eI6Zpv+^Qyl%+4&El{4=&FM@g!WPf`(xm>|4oOwq%yF_t+P+Xy! z=>_vDq#8=B7;_)Ls@-9)vfE2~nlp3#tTtpo?&S}o>m-zgN$(C_hwU>cQr+hu0+3*p z$7+MvO`A=&x>K?pJW<`H=NjS~G6OuzUhjq*>CHG~y03h8xj~+kLgS z8*77vm(fFSETjfX0@h2qj{aDoA@i*1`jWgH*Cr9;g@x|ikLel3!CG#|BueDJVcGb2 z9w4MJunr7EaFU)y7_nQ31q0jALrW3@_$qiHvK>C(#>0e|N5v^SIX6chNI0zq=}Js8 zI+lQzo5F21{0rLw$ev%2g9OR3Rd6L5`WUa*u{R}eJdSOc zxU~ap|3t)y8gP|2iDY&jgQ6>-7_ubqF|`2#iu-x^W$+zH#{vD0Ftq;9dGZ*N3vzxO zXr{W4$o3mpo2?uefyHAjHsgu?+wwK}s*m$r0=8r8!;f_$MI@10%e)frIGd1?W9Z*c zQUHzI-^j@^`r|mn9K-0#@og9GH_Rsh(_KHG~HRWW_J7ebnN;ExdsC zrL8lQDUmFI7^WKJGqth@CjpXQQv<&G)pSHB4=G0v@ero$MrS{QCpOnIFew zp6@16R!?TA^U+IjoKGgy*V=4XI%BVEdfUIpqDP^ml21VUz>{1L(dIWR1iAkt4e?*F zX*aXwXQlk7IIA+vA5;KFV&0}uh8+YEiZ6q)f{1ubp^)rj*8EIvBH!U&Y?PUgk6S4> z9tY=8^Ly32Cy6h|Xp*Ov6#9F;^IRj4&$NHL^XEH%28cL5Q@`Ko{Dp)y@Hn*C_*@Eq zfM;<0SFFF)`Y-CfTdePC=f=8JbFLqH2_(B87BHQ*C*GIE|1QQ&*;PfbA!Wc+AN3d# zIq(_?IL@0|-%us;#vs@%(wWw#)nD%Yhxksy zuv34Bb(don7=MT}L}mGr>b6;THt}8B)BzEq0(mgk_d@Jy!&MbUKc_KwP>UHw+<6sa zS3_U?f+)-!%tUG2! z^eBA+zw#@IL+xWgviQ+N`^&BSp)9QalGsnlwVxAzO7sgC|2uSIdt&cYGr=bYyGVju7~zobJV00qBbs8igUTy;eNc@qj{a0je+De09PAWuTH&zhE) z9sUS;2~i|SOp#QMOJ3L!Jxt6*Fz;8($sJ`FD=aw(MQBLCCHUD4@G}o(7RoyQkI|VG zF%g%zW6{%PM_{`X#*r;(Iw<%DM~0MlVbV$hv{evRoMn<e8ApXWYVGG~L)8BJ{G zOYV{qL6LG+Jt=?X6BmE0l6|v6V$&W!3$Z(D^B60=A5v4UrTeGN^miq9KiXLdzpzHA zA!I+nqy)o~==F8L(Ga)^Shgd%1e#&bAjZ{md_ z)<^xp?mY}DGt)V0)-n$jZ-H3nWC@V9x--i`u#*6%IpGow!_;P$^~3O;y|#R#DSsN2 z&0y(kgnm=+9NcPNbXii_ON|Y|48=`5qf~pP+6q zN-i?c9%IYx9)5Yc$6?Fsdpv5RTk0jEC9s4WuvJ*|DX^3yQ4+*P(1t;@B7&fk2y;?J zc!irlvT`>x-=RJ3^FH|ks(V}vI`Iq#Ex1oq?58XK>2gTJdPrcPk_MzHA8^HBxShnBp`Nqq^w6mLVKXSzCk2Z0=t zW#!3mW)2pM-C**?ZjvXIpgj697x0;$7+MD;Z9oMQ`2+bz@!XX>cYhc(g(9z;Q9FW^ zpMIu=X|}4o@60m<(A^iWjXkL2>5klXJUbmI21sz`BqV1qMIUhrDD`!kRDw219~98VLgGdaodQo$du&T28=W)z5p%N{C)@UoIB4!m;nfY~ze{7@bh%7a3AL?}-P z<>8?`F_fE3*u^u-qr>sMP`;fLT~TtAWkMdr_I$Q2_I#6^XV7?8&oh^3s=n6*vI~j# z`Gy!}&GxV9eMkHEcc(A=zr39Xv{lu$u=gsvo!)Qbaw{FBgD5H@%@!LrL^Mx*CQsAU z#Kix-Cw9dWv3IZ=doM(V*n5mEi7^37tcfwk7Ng<+=Gy064ybSBALEUm%U*k*U00cF zuGwefL}TB$v9ZtBAEBK<~Cg5+>twV#`)%Y<3Wu-w=e{NTlPo`7HcyRx6wp9qPI|5ue_ zc|F~!Oqn!fgRIx2S9Q=aXK8yTEI;r64U9B>?|P$vjgD47Q$#4IjRkndN5y(Tcs=$sG$pzmU;-E4Q2_wp%MJo*x`J!FhkTx)RB$coF+%yqcijT~Dp>XkINTsTT_{;MX%RniLDc;v6fO(r2xA z`U4V}arfVuW6gKJm{l;jNN@ycuv+7aPlUg*-_ZvV_Z~^Gh%-PzIQI@*`=;IpWoZb? zIZ%I>m5Kx~y!eUrUVL>HqdtXK#=74-lbm;^gaqn}^)4KR8bSAhi_co`!Ut&hXwR|h zoqiSUOqCB=_w__;j~!)_h#-lyLG3YZmJ(fmCq@>62PKs!Q$`P}U&l(+{T>c3&aw?< zE4h6Nwm!{LCt;t`$N`e)8~0D*{N(yOV@3DFhCBs2N2L?xAdx5yDMH-Z+PCHa6n@sSV;iG8IA&_2u_2N#LPs z*nx_sA0@$gD(WEsb&s8renOS$3Grk6937=3SDX%!wlkuM?cqd*BBtp85sx6Gd?$H?9_QS-mi#t?C5w5 zDZ+7kBp~@XY}c_{8Y#9%@027G4-u|2Zdx+jWHD@U9V#zyG{Kz%wTIqkIM}G0i|PYGYawq^&V@O1 zeJ;3$>OgM!J30+gQtsi7zb6``VAH0>j4&-MUw3H2632rfHCnMK?4$>*osOIkstFQ@ zYEU2bA32+}~z69>2J^c`gJltd-!cI1P& zheRC`Oq%vCmAi2xX+`SXxc?%ZzF5xi#KjWDjwf!x>=7bnl#!^A^8L+O$6Dx-Pe8bN z5?!|PIXS+u01acY8FZ5?Po&Ek>cfR->taUEob2*|#lHAm)xe-Z-Tfou<_ z1Y{+coq#ND611o5U<*mU&oYG~gPk%`0C~o7Gvh>Z@z>o2+>| z8@xenPUB%B<1j&F?*6zjcjv$m=EV4s2J=b5OD<}Vs({!!BWyT79OXz}hGsLeWq zaZ}d(A{*Q%@%Ry({nr}NF_OcOMt>6`bDZ}~IfGu`oCMW}l6f&pv-&B^4#y`0QW%Jw zh`Iz4#_D7I^z~7219W2Bu@ae87&8RAS!51&74L6UKko%XHH#>DWADQ<(gU*p zqI@GL0yHC}SSq|OCD~+To~Vq3OF^3PTogPn)hE+-IXb!AaU&cwxZpZM+dB!jaR$#~ z0MWxXl!2p8-GqOztacCt(HOXJ?u3icH*;wug25r+QYSA4lZkF;wVu9;5Vb)+)f?)a zUqQ-Dl-%ggQShF8x?JaKB|Z^RN;J~DK5Qm9+t2J8$_rNN=_^F;+ai%}-D@`UZmZBk zqDIDW0P+b%dK?^s7PbvT{*(*@Np_sjOx7te-4H#glbsEMY2R3`$?G>01#6UYhB&Qj zzz0DuwIo75K`$8Mpzw2CXGPAGjHaMZ)ZUI%pt2ivJ)gk8sh*DQiZkMI#?HZWp@J|C+Mk&L?H_Jwem6&G&E&6OFr) z>#`i6u`4u`8NaMrRE@rT z3JC?yeG=eX{t6-*WHC;ElnFk?1d+-NHspU0VL8GO!a^}<*H`TgL?dN|5%N#c_7rgI z0~ZjIKD5_n0~QQq$6Xl6L>SKmqk^8`qL%2)miUa8=(H9{Wzt2W7kHo+-BOEhu0_jg z@zPp!ZjE&9YXNZw>MW*W$B8Pk02LycfAHv#K&URltf(>fWD|xDei_RNu~1~aARPl~ z+i6Wjr}8!Yo(kwn5uvsG8(G>xw3v_BuDG`XS&MN1ST8$7#EoQ52}aiUa*REeKyaYX z1u3;L&qP$1W9i%#Cl#^VU`C28BitPQO%b@2KVl1DUp*9vj1Z?1txS z+)I4O{-`e=8V!kuN5ce~R}P-JVz62{xZujyl-mt)rQcL;wqkIX7i3P!?WP@RdNPeAsWB^K^$LUN0CbGOEcJ$l2)`EmAKO@{Q zB%=-=K|X3Cz|^6jOeF*;N5ct-R9DcJK*ta^Nz<2x?zV}sZwKRwnG4R560T{F++;u` z0gWs!FvH_*AQ-{>V%obcL}RzCki6Pwf|B-|4-WjwZd?hn#Rq;dmXcw$F=b1slE`Haq zZFEnn@MWnVK!|gw7ed2*mzboV3N! zZjsttOn&tdKAujV&Ww-85lq)@#rmFn8j$QUJm%@jM_P5Z^3PJm8Z} zImATBEzo?s9VW3(R5c`&}N8a0yiC`zsFjGy{JvyV8WF8 zo7P*J8;}kO`=M`63`xaKG|_s)E0;l!q6bC@fI0(IM4U|*9UY~k!o$L!?%s^Ul2yFD z%9~#m;nr(Ly=By8MsJB2p@!|8dx6xHccbhfo|hykLzNTrIyhY9MHZt^Jd-+>if0nW zv;H#aF>FETt?W3WO{X8!_5n?Fl9?5?W~y^k?UOaH1)rf zg#vsWwA4W7K~`NW`4g~3_TI+~vcsx(Pz_rBsuF?gW7fQ`(3H!;8%o5gzp(aCO456C z@E%rO?hh>fHOzA16r`i9Xv^Pa3wXm&&nguV^JfnMbp~>xd2l(7F|)N zth?2`aG$DKWF7bRIv<>;S|l>mdk$D1}UP zv13TFiLb0YD$E(2gHU%OE}(?+pB;z^?ifhjlA5W%=e~hwftss+;EoA;t+rK%xZ^=| z+79Z6?ikkyw`T^pSFbJqcdz`Iw|itF$uzsDY5!UDFi#j zK@{N+$^fLg5|IhBbyTDZLCG+6jW$QZk39(%P(LHm5=$vz#$I8hcsnvBt){Ejl3&cx zH=R=;C*RQe?c{8u7hV-5ihC-rndrYyj^EPi-NxDGenfmEe@RonT)HLC-BCb#evwfZ zlN*xCFBOYI1}apS7T=)!;^zvZt_1zkG!W>X|oIVMeXv@KCK12-#zPJ(WQOLW{JU4_vVY112= zpvbI2Xdjo^jHkuL7K;t_Iw+wC`vX)LrPZ8v=M|r6ORqV zVtV|3&J2MKA%s8;>I}12jQa<9D^0|;7DRKs|D zrJCYsjPsK8@7TeRWKNu5?o{4F5$>>9giJ9^VxV3bSzItPghCn`vOcRTJjpGD5Bgtwl zQrUVgx=z|p-fMi32~~pao3udO{fW6iSKUPSZNMr)g{3zpErklYT0+RsyJIl*allmO zZIXapYz}~h6n4a;Bt@-sg^=0HR27`FOcf-(jU9Bk(wEVxxA6olDmr=nL;a(y$e(h& z0*50J4icb%djtsa0N@>qbT=q@kK31yA;}*tAP*fb8a(8B`HgDZ*(hy`7otJdiX| zF%Vuz5M&`_Nr>s^u(y_b!aR3~CGX)9{v$&URKg^?&+g$qSZJdg&V}p} zy`$)zS|YV=ytAICx51Q`Qf(Wq{|iCY-p4AE$8;U52naBl%q6hatZ(s#_Gel_QJiWA z0-f9~R5t=#Y;Cchyiv2T_~b=Z6J)J|zuGXdtvpKP1*d4SD@3^o`rsI%_%XoLKTcL` zek0A?f~An7SG9UYuAr>i)$9UJ7pH#XkJa0;?9%u057?=SL4UZpni*^p?1Yy;f zBeVa*9%KX<$fVy9)1btnF$HDW5^SVPVj3;BUJ|s5wb20tGA0g$hm+-%&IgeL{)*0L zI)Y3kQVC=_zd)g35!GUTZyZs&nDde;dy(oA9=jq%=7>DwI)b4&Utzd=tO}1)74KOS z%1F05!w$mrMZ~RvW-LY}d`d1Zt8;46Q6@Z_W}A!3L67rxfH!86QB9aU0x6RqM$#LN z5X1(fLB3?*Y?-bt)v6IFV~{&O)Rl>&f6g5zK{N8Als;b_=wQn@*hW=>Enr~O95XkxZ6uO`Ye&JB&t`jMIZh>6tl;e#;ylw%_WkTxB<;cM zH@m)?~m#@VFSeE>a}{spyC*k-TL^Ll}n@x)Yg-T84<; zVj?NVE%XLK;Ca&O5#GvmZhkh1kvE4D%TFwH@$?e}Z4gPk!`Gn=yo*EYEek8&rR@2t z99bLc(46nRfjx*uTxoSC2A#9Ji!<%TNsbW}vl0bdK%8=-oaSm&%M zh_u9{uPkQ8POB$I6XFB!w0ZcNO5d{(wX!knWvSF)gQgl3 z0Hsa6o8;T=3X2}TZPk*{oC!lMsRd-PF&G3C2EHrFpawO4mw_iK!usDGE8i7q=%((Q zv)nh+uGQ%WmFY-drObmW^#JO-=jH1qbq1yCO}`!*RC$bw`}iVkI~`I^2|eGa%|Kno zQWyAmp#d0u+Am?8s7)*!6=a@hK&2NXGjYGv2!cm6O;GcjdB*|5C$KGMI~ilzQ^lY* zazoPLogTCFD77k5uM$g+IV&HRApH(JM8a7VhZZJBH+;p}M7tZTL^Q!&CGKMKN~My8 zyG;63>G+vTRkwF(EW`n_Q&z&{Pf!Wz@rrd|o1F-XiE~*0Lpz%8mC2Gb^SpboT)&^p z@}eR`UjpTT&<3)@dnP%_c*$uh>?jNG9U_#w(@Mk!E5wn=Hp(`ei@8aGV@MvcZzqjA&S znJ(R%>e2n+{ULfdgU}`XfiP3(NGHl%f!*VS$&vVbLc4CEW}tbR5=$(kWK;-N0;wU1 zm}S)xH@L6g}HvfHatR!KT6wOlGu2%SD6-D(w?}9ezL*TS69P@!7*TizA^% z%DRVmW*OZl)*xb*`Fn0eaK{KR1@Uh!f~<_+&9bfIX%gUofQ=KpQ?sq!Vm5jrwVex$ z*yGBbU3sl?yTFxkQ<W-(_7MO1!9=$skx1-Q?qQFZ(N=_gT6aK zdn>b4Nn?AR>IK zre4T!%oBhs{UTFJEEJBC9u3TiDhJ&qkz&*t+-FXwGXP8r>n@jnm?Pi`M+@lrJpuP8 zqVQ>G{8*2V^lo~0Vj~oBBq*i;&Tx7l;Xa6K2^!svu-p5nJ(9&G+{e9ZUlPU1GitaJ58_2+>I35S4=wv?;;-s%W$OVj?yLpB{Fx<~f zK}l8Q+;B)%mQ~UbfI>z0X7?;q^u|S( zs#v5u6@PwkH^?yS7EUKqLakA77%K-gl*I_M4S%MtOgY^JXq3U-WK$`ghPbDkAxY1E z-f_8B?|4Kie{7c!ss zp$DxK*nJ6s9YIM*l$+J{s9`&;Qnw85MX?~yL>Fgr7iHAN05GI9(LxD}pC)$Pv`kinRMKU> z2&-&Rw&UvNnwzoW&O{bpZM2%$qfns8pY%5fw1>5mgvg}H<}NyA5^Du3v^rEKel(mF zb#=5<7S`2Khbs%N3|(1rrENNsbH`a%cDpjUr{5i?S4AL%AK_HDZTwrMUsCX@r>KJ^5=|Fo#j$(wWYAs$ZTu^0 zVc47biWVr?m;G}x(?ATZcv-{p*^P9CrBya0A;=O5a}(4+`4VGLyzH}nH)k?_JCW1n zSK2R;D2$g2dPw;ffgFCsClPovFV>poNJR{;3_?EfAiPf>BtjQKz3Jh6KV$-_YRiL! zOduRXz8yNJMdqVqzE6Ai;AAXM0^eLtSw8_AV8pB_u<9E#_PPN}Z(T z#EV$1)LB+ zA|8;!9f~!skaM#+=6j~Y_16xrzsOnbdzJt6?jec~UcruZbC8dR1H*<`w;-%^Q8aYa zA3JSAe9&QzypU1Iq94e@S%`MtkrN?wTwb>Vr?~4Q5*0-IUrste(1A9uGId((CT5!1 zBs;CNiJoRR>GwXUfVNba8e-M2%dO9s%|m7LB<7v!i6Z_bPZ#wgMf+$`mc-Tsb~j~B zL#C>G_#%nq60j9o8g~L*Tr#?hb90o(XIiZ9zi&90N&|%9AgVNdU`;=Luul$-+h?WcR< zS;P?vuqJq)^7Au>LEA-YEYTYz2x=Nob&C|(0zNY^**aIt`=FbVAqtCxY>Wk2)@QDY zKB1^bxmx$SHX=11==S6|DFciqypNgBtkWXHh0=pFH$9$>AxFEGO zBhaNI)kLMPaVY3>P6X#C(W?%2KXR@tG#&5ej)%Ci=*lF9RqIj=UFZD+(o-L)N=GSm zq-s4%*&~&5W&S9YIZ}P!yAZCQsYx9KJrEce34qA{EdpKZPsTs~r{D#uM~BB}%i>4i zq491p1LlH55Tzdy910ebfq{O&J=qotb{ebKAls+8eR_V1*hZ0lrV}H#HlhJnP|YBV zGpM12f+08+vj?g*3XzIJO}3*kyjYn@W*l8X#!Z4E`}zIU0ct{iME+z94a{WT(Bbr+ z;A?e7ps$uMFjJYi=LPCIuzAZ9fhCpJ?*n^JkiU@=@Ef9|yNmwUD1Gl>l~T7Gb&bg* zK2wfU@9LY2`y!PRoG z7$LUMbfY0$3CsvsihN~;-UdgbGnDPgP9&&vdm+uzF@6(%JdC>~{NU=aZ&j#Phrc&&H`$e&tRkHEyu;^& zbAM{R+X&i-b)r#>7UsGmNsD*@-x|U=ib6u*oLE?PP|y(%vX#_+m`w?O6WVRxp~F46p?4qz}Go@71% z&GMx$7*{^|PwW5L`frJ_uZ7bjLyIxdXTcck*2R#c4rH0g~0VopI z!)^ib81=coMd;P`*FA{zvaq#uAJe@ z|90h6SNcuIyEYvs=jXUH8#SHZ%pFf~W%IMi+nUR{?w)^h<>s!mu54YJi@kZQKu+Kw z`9?bcsvTK1CJW&~?<@rJWPeco_io5`cHy2Qfjo7Nk62ig!+3+5M+N@m*17ZJJ*EK= zl4=B)K%IXVK~R9zNG;CmC9TX?U!5AOQ(|>`t6GwGGk!@}JeNe-m>}b;r<6R>6U<*NhlIvIjBh>J%z-}M=hz=AIj#tz)|A!qzgnp^l@Xuc~r#eci`ZL4{I z*ryj|^%ohIoQ%3EP9K9yOBDVyP+tV8{)FaIy{?xc_2Ak?V;tLAS# zDyDUhG@rRIWG)b%)xq42T*=-Ls_P}3nZO+R<)_l~|Hp3ztsiIpfl71$vOWmR(Q$kN z!AS;A-G>bzRU^=)f20a7@X6V10o;E?=JCjBnG;M}#-v~-SXd+|A|f0HVkLoyD@Dp8 z-oA}%tf^cRf86G?sM5sL1A#XpFJMgD^`D#3^o|Xij)`b7@NO|L5>h5fhve(trfcP< zV-fc@>LcF7jpOEfhBcjUu4(f>)uum-Y2~` z^_kbXFOt#ysP6&(_||bi6Y=w+w9)t}?Hf;=8c!R$NwnGc zO|#R-Zw}?5{2A#j^o(!|H6yh}VdnTPquJwUMRUi`iMAfURc+fc@}|yhGT(5VF{_Qg zU1q0=JDPd1p14c2gW5jbZKN`!I27$I#u?~NwpyW3ofrxBGcU*LG|T%Z)`GNE)`*kR z>(0^7K``Xt5Mo5^Yu7?E${*oz5w>ELOBB73dti6;42gLy&IJ=qk`R21W0znFVVbln zL(#|0+ud815nYHxkp#m_=;d_=~h1L!)|6^VL*J2w)P`-y#|ZcOW&oY9UtCnbrv;Uj3k(I5!_ zbfS*KDRAru$E6Uo$QOIKj+L&~xWpi=C1M*wehjq|xh*y~NE$?U3-#^32+>Wt5~5H` z1|8|_g|4&FQ^g(;gP2^xaePxSh_ zSK?BM#r{Hx*E3Nv0P&fP+-H2r#V{{rDpUhr18g_UJBBzws2?hSNK-0GrJqXc=TWGq zh(P4fEbA6$MY|-zpCN1@f_}&#;`1i?6*{=1Uvx_qZcND1VcrQMBu8wVUL^wKd9Dmx znZ!ornA$8--jl2w01FOpn9woS&_#}5$8P~~FzKNr_!7cKpeF^HEul`4(l9T{Nk~_b z7=@3r^q5(8crXDtt5I1zyJ>;Nv`qMD2Yfjc7Vzy?w6imqtUXC8zQ4gc1f-Z?=K3|G`2Twymp@+C!B#uoan72ZVt$U zoJbfx2t`7l%L$&y!gMCDF49smlL`L|*g_}($N+)qusQE#UVxTQWOwFrwZafND~W`) zz#S)%v$|KHcb|7S`7}sa@=h)qWIDiz^k$}p^T*~I1_|D=p9sAlh3dUfy&3u^OF)^6 zaQs#uBWRO69q!<7m`=Bnf2hG zdS{j+rcnu_*(@`;UyRs2=bRHvXl3E zo_OW=<|vfL;YY_EbL5F|8dv6UFM=Vzm#f3Dco@!p6prtM*mse!WFq@1s-L*2 z01$bA!7V|6y5ZJbQ^T&w`9*t4^OfOV z5GuOkj4P7_UjzjPXN|*0h`@qwB@)bdpY~oZf*F}f#rfs{Rf{jR`Y$DOTG`xd)l-G) zi!SjAE%km?d*VzKrPs>evUG&)$=- zj;V$1VJVv}mJ*$(kyQo6kcN^;7P~E*x_DI6@lRxJ5sOxh2}0h-5JkG1nv^*$&PNk$d~K~1am z@Ksu^*4w$V_-=PU4HwoSUx4ii{ zpMk;@swG<$&E1(~E{$TM-}9DBthv;dmP(S<*NV|g#k@o_5DYh=-nkug=nwb?a9aS_ zvM{2p5osfddsZ@%i?J&5Z<0fpJCr5TKMpDmOVvn$CU}rXiQHrSes~da&=T**Ecxv! z-kD{=pX(a07uP6k>}I&qx)LW;(AOMD+_~O0WLOyJ2$6(AS6yk& zPuBTCD`d6LxN>7x`jWAAUV6LYHwYY7pEJrnro7c<#KDg+&!uC72NAZ?FVJp~9fE4v zKthj|s!x{G6D37?Z%M5zi5oW^26ZKO@XU$ib*|5s#YL8}fu~_&+A|aE9|;3d7YDpt zpxwzpPOcB+@TNv@(R3^p=Z;j&A!^3hjk!U>JA52EpxQ{Xp}WY@&ATE9cI{uQg000A zu84qwCM{(+fvg*My2eDm6ol;RRMrJwOO7@eoUR+T}qhTz;O;ptF z6&6ij-62P6f&WrjuPOUSRZLkul{T+q3nE$~C>LH)#-?bw=#h10h@+pxp?NKJaU(NW zAgv1V3jHtPh{GCDz}li7%uq>?A-=S%542QJIXg+*1RKj2oE@u5W9^;71_YYTWZ`Ie zIsPwVyvWMyV+MzfCy>{PZbjE@%TVwBip;Q;YSR_MEW*D~28}ZE<}L7!AybFL=8?L= zm~#x4$72x&3f%;~CMd&i3){kUU3W;e9Om6bX0_;kNs7l&8slWAOB@U?>lX)=#CDTt z{o-yKde2vbkG1`q;4g-{PWZ^n$RY<4MTCuh6sj7C7OUaa>Ocn|U#6*c_g*J7J)uS_ z_u$^eUfowwH&!&`1G0loySHrbE313Us;M+9%cP>9!&vekD%*$4l&YyTkC!VgUqOwH zfFA5iD%i)GI+Y}lb&71Sbt$q^0-O$DAwcjK5}CV5MP)O7yZ2VL6-Z}INqeW0yOA|h zv1WF`)=T5Df^b8RivZryHOWK?;~B0DKT|70wKDWw8MrcRI+L7lzREqIpnaOqPi0_v zQFb!R$zI;_TKY6?kJsu1A{!CS9_vH!xcn7zeNR-YuUFM;RYmziRsE)l4&W|jZf0&( zE1y=?CsjrHc2)g}EBOP}L1-{gIxrpKP?#!O9j1RoHW{@ns<4=Nz=)M)XjsD&r+1~cZ^C5- z5ne=<`ueZJu`&UXyC}>_@*MN6cq{MHmR9dnHWmaub_F)E^QL(p*1%SRm~i?*3MJ?n zCm&*o7aedJ{Ho|B;hx0cDOtK8cw`Y&9Y^@yyngSEni$E8n+`Oo;BS%jiKc=6b&x{r z8kFz&m2SBrP%8toB7l?-PAFMvwH@g_-2x|cRjqP$jZ#r6oHO*r>=A<`_7%dw$V^^~ zoe0;-oJTqgytC8`*B0Zh0bIuT{#!dd;eKSbqAF^n_pEFDBD2>TqAAQf$a|@UMt#>m zP%bm4>!rvH z`j=Ye{TiiuPi$6Rsp+?BGXGof&2)Vx_KOX!Zg|q7ep*ywdE}1Jc3^5WM20^Rg-|(s z63=f}x6~ud=bX zAiGnv`#${oZQHM z+ntI#mf7;V6nD*YuITN+Qm1Wy)Dx5Uj5Hh?cYgdvB@Cq2ujJHQIrV0aX$w~tR&ixH zChvcgi%7pA$%cf>6WUpVNppm3Rd6duTk4tgf`+!0;4WL~tuZ|!)EURy>2F}$4I(SRoi2!qgf2+1Qp2y5sCh?+k;f>-( z6ri@Ql*{VUh?Fw=yPEwe5oxCQz$w}Abz@&KYO(zKA`?9?ISW|*bm0=EuLKGhAHFsE zR;6!asULl((kt`!NF-dr1uD8&#m}OFR=*T!C)285P?AZd{HduQ7Jn3HQwJ2k6^}Pr zvsy@BBK!NdMtXm-LIPq!6x~_XPO|Z0eU=Fv4hCFju?G5JPKkI;_*k&Dv$;V4And7R zI8A|BQ{;b6>rFs(h{N;-ND6wX!xruyUyGbgWU14+27=1lPCi&*h9h;;JL>~!l@7jvc;a>h8wo++fRSyU-~ zQO-@p3UfjH1BauMwL|2EL>6NUT9qB=- zZ`h&Oa1M`3VQ=i#VhIOwA*3W-!({Y0Dny(IaSKD3ru4=k9xoK+C8It&>yah`XmNV_3HrdC!1iS9OOM2I~ zUG%P%T~fOm&Q0Ae{f(j9#oq|GQ{VW>cDb;y>qrn{+4~Hs2^Rm>V&G$ff*_rtY6_@C zESpl{Z4kTWP9%?bl_FZkmOGp4%!!yHuZDx*qTphv2kyB{Y=Ti75S^n1T>qX`zq9In z7!Iy|5@XMEj34}z9GJPjTu7PD6>~4Lh&wLxXowi!&%qz7Pp$rlfK$15U@YXCPqfNj zy)toV+~$L>tTLx6nh)D>y`|TlL`DF zlSg<>M$jOa&%Mp$_htJ4@t=GS7|(@k(ENjo!`we10Q@8Iyf@q1d=o&4JKAfa&wyse z!VsTFu+vWbo(Dv22*w24v}19v&DH@iyTz~~ETr~~XJpEH63o&B=XHP%iarfs`E&2G4@2*k=tz zQWBO_@h2tB7vne=mPc0NvV=%lrV@)uoWVf@)4lgFrlGm0l}OAb&EOxu$=!lyZ;=XA z0R|B_OU?})E{o1kOCy#O?aH|6I60G))4z1ye(6l}{mC)+MBai4%(*P>0!hSADeru2 zCYYg&h)NClg(kugtUY=fs{KnH5Wa|l9-<2x=*?`@VYBVx%B%7QnG|Hot_rM&a2*R*0we1Kp!&;2y=PeV0h9|)s| z!=NSXMw$9=dT*>H0e#+((=%`}pttMLQVW@d0(&wbiLQ^k=9}-K*4>Czqle(g`X5;} zS?z`{5cnd?Yl>OlqN);sTKrh8b#{XwU?fd8q1IB5TqXs8udORYs2=tt7+~sd?SRc)m`O;;1Om3c4W-n6?zg_3~OkeWyq>&V)9G{97)&87`WPI;BM2A|9lFo<^yNAinr5-coo5IQ!Bvrzj(aoZC?Cs{cp>;!m5XBX6? z?Y8hjs=>#@TvSDXh~4}=X9l07bxu+|CkFG0kvwPeu(lym=Q;xIJ6!!jB~-ictij=# zpN#U(&cvJPP4tn*94Ap!1!KOLO0tD&a)yHI+C{Q)Sw_86)4xiYXH%tLf?z_Y47A1bO^sVW0tD(fBBz6s>il!sR$$=Sgd;;lh4z6*J0qQBC3R>#zwUDm| z)Y+7Z_i|#y1Jwdr4(z!McuJj{(v(-U&ntnnX_03L<|2p8`t`GZ{2k?_|=)9Qa1 z>oZd3%v5QK^g$XbAX)Y|WNbvs64p1&gX+hT9wE(;+-Qi|^}jQ*<22e9OoGfMPVdqp z(+7}57;X+=FWMutFyS)0V5xX@T33=6F6%A$v3GtpCdmO@6^!;od5(PIDX12(vv_DW zXb^OeS~83XuM1wu>M>Y!(;PfScykJ8iY1 zl_@@(3C2=)ZjsIAu=3V|RBM^Ft5JRR5)v~uXlGaed-O>7N=&O{E=uq5F> zlv~ygY3d7!jNZ<4+L*mW0m5|+n-c6%S)Jf89gQ}RzLGdr^c4(^WG;rQ5RA7GTSm_z zcY{PW%`tYZ)w~}MhSDc^Cm?IhY95-xa2vt`O~68rUK04cH-XP@FV*zoUD~@Xhdnh- zcl<2timV^-4b&GJpj%|Us-*~0LjKT)Xm1!<$!JtYT=xYX;0!2aYDNS$5@SbU)Y~bd z9$bO8P%|(z%aGP0g@|V^OAr3H=ukRjM%Ps|DGY5O7T~z)H|OY!g{52W#P7S+{-o~l zQKT10ucdokuVsNXf)KElkEDmh%2X_nn4>v64L>zMnil%eNWEvw(_*=J9qM8jht{QH z)fBpN=u+gr3+8#ZVF}Lgq=;}w|*WHtNx495!3#WZQ{NAZ*hiH2Y7okB5CPQ=p#S#_eoi{s}Y~Sz> zEwM(QRTgK77r~$gZ(OHK5kUe_0b`qoD?#P#qgJ~^?!Y55xnscPO}G+hcRXhtFOqO1 zAOqYp+Kj}0Ap>2MMSm@r0c|qlc$ZtNMMB@s+e(O(MHpdCo@^me{TI=};~|-9n#aU~ zFVT8WlZD>h$|7%u(5HBIL5N2PiQrT=g-a>cxfS798e4zUdEsIfc7I=gPqU?VBa%9u zlwyn5+k)K+yN8_XU<-DOcMl1Z3vdYQn=+2^1d!!l%Kt)mcu@EwN)rwi&4>SFsGbYW z&sB6E5!&p{Dk9We+FYfgYZTF-&rs3X^7}*;oh zStcOlWhE9RVcPssMbE0>87}*)LcLABQ-3a0Z#}`q5Oin+HV<}&$|X*DqFo^V8HSd- znB9p9$Hb)8ZgnGQpbrHFW1a~6Vw5j2o|mv$CvO6$rb=XG+Nl;~wkHUsKXtvF4sq>25Nq zv*5noko{c75{pO=N>i5YFZjOL?_oy7>OzDYU1Vk`Vl+T*Rn)agqpQI)O zIOE9oIET+5iNSwGn^$!7I%r3qfOnnHsMIX2hwQ8OgQ!hbm9qJ*j$S6tkolF4p4Y){ zb%K5&<3EH2Ozd)Q0t7+NV)YQ{>0HS3ThufpJrU$q#0{>Od6%-A65k;V$<+vVlFgM& zTbv8}FzprWTge8cDlOHaZjg9CN&l7R&w%6D^Yc-%Ny~>UE7lf0JJI-Sj6^r2E7F`~e$1EJ5vdtk1^> zgKofK5(rvC@hrT4R{(!!&rXF0t`0C(Hf;hPUroM-<^YHEONKN z$8WghDHu2J}Y^%?8F+_!r-AN|6-r6wh`&s+xP0r-J zt6_jeam0jurl5XVP|p-JCAciOgOx!2+_(43OkwIgk2!7lU_n1oFi#drkBNa2Gn@D? zw4J8i$GmkMm{NE9YPqnGBL0B?k_Un4P<7N>y%$3{IcYKOZbZC{;TnX3uH~@8N1u`x zb*QxXLRu^m5ZXWufkVC#F&GIw-H&LLsD$J%C4vZ&$=;gTd^ZL(uItEn%jtIiDMfSeDx;L-x%WFzND!2>7 zOMQ3VEYFwjL>UErkT=%`(GAE=kna2`UwWHN5B}-s)y&QEgoKm*YY=@%3_ilSP#IP} z2gpL7rq=|;MdD>8IJt-E`brSJj)}3w`ED)CA&Cb>+<~qnD?J7h*1^@O*F}Tfis? z5)C)dk|+t|?o<(Kn!(Kaxe8=u0TE;?L#Et>TUu34Q(Zuv5-Z15%u8f;X?T*Qe#ntQ@EF2b= z>w}j2F#&&WRLL}m{$1_w=(*s>nWEZ1^iCF2+GO#1Bd7kDQ*Y!nC36A)cL>#7L1I*54GzLFslliZtGZAW_8KmQL?3QqVC5?ZJWYS` z&Qn!`rv~bT%2;XsrdEi}pLOL>S7P(WnYihEa&@4LyoC=bpnNtEJhy5I!?IsyYcz(Jd{L6%|`q-PSydvU};_60O~);`xMTO z_!qo32Sq3oOk8Z zs&OIq7PhhwYj8%1O%~n&T;j8xB@RTL-ldY;EX4{bU6N8`$h!Pk96d=|AG#;j*T>OK zXg#Hq;jqRUqC~lv9X^vukbdUke}o|~D2 z&B0cBTdr(}XuCBX1gps~XkKIG0*_gLTs^!BR(9aw{b)Hp?R0dq33DmOvX_W)vQ+m7 zbx)peJCTgn8MwHUaD>N{Mi>*v0q$(>L(rNyzDOwAlIScDFk)rRv=8I6BzShGH^1Ty z7s(5-3>Vt9R29AXrCdH+_9lWa-*EhP`gbrp7)D8DtJHx&Eh3ewutZ3@5GXcLel606 ztr0uj7FPz6L3(~R=cC`Vv!hvQq#nq9b19A|WIIW48c39I+JyC&OZ9n@I1Sq*ZQvPJ zohgLrSyrD7UPV6Eob2-~>-()xJ*QYlPii`2ZMx4sI){#Fx4n!+lI}Ai8X)N~g*D5X z{p<*l?g)1X_bUs&>oXQ=I%$G4F{R?I-qu2Oiw=SLA(9PoKH6tr=sd&LMhKVr(d-Ro zso5iDWoNg|3ccMKkDmD7)E>nJ*ul?IeIdvBs1*7b0X$7E3mmUC;Y2 zVi2xGgsLYZ333RCdXDm{}wwU~<=GM1uM|HXt@vff0Eh=t97Iq0tW*^Pn*o7%c@&>h_{xUrOGFf|;kK8}#qBc~Tdi!;;9i@-|<)+m~Y9vQcv!F~w8C$Q*bAXb3@1;4`>F}sDgc*kJ| z@DY;~*+a4WgOjTgGnko;_$fyD#WmC+z8p)ejsm}VLr_S5ml<-QW>lKqWQoHzo{AQP zup7iaUp5u65tBQB6k8pgnOP;V&O%rEuH1K31VGl@xT0Xm$(YMN&qi`c#vEB;{hVAA zH~_7&t$Y4|dglMfHGyOKPE_9)zNY^FT3r%2mwVUk4>G+q^~JyTt}plDzxLe!b{&#& zBOnOI2*zPn$@84F&*rk6L-NPCrcm607qZ>CeX}9a=%G&w3jH^$^{92`mHn$$AM0c$ z*-y0EKwW2YUyvzC2VZD^raul~-_kVCX#12VjZ*!ID~#Ol=4Qa$9UWj7s&-lTesIE* zjr)0aH+kYYtq=%2N4$2JTB{CR_lcV&Z*ct!cWU(=dE#F2OAGFGa!Q`~uXUe*y12aY z#1&c{Ax~T@@#2GPVG&8%Zm}_5_mL%Uj+{- zMRnGx-v4m-FNBW%^LlSbwt8FR?L7Mz_jW#Wj|zTHC?ub7h*lk~*X`@`l)AX_&{Cz2 zWn@h53Z<}myh8bBD1Vteb=G=MVGeh4<0*!RLE@=1lsZ!dJi>$b$Wz#;tka+a)Is$Q z`;H{V=8;3xp}}G5R=sY+zxuvIX!6h3d*e6Nzt`V*fC3D8<9F0|gYWoHDE~K7gQwQJ ze|t5re*Z4m(a8OKss+KG{_mB4npW4FfV4yBne2ru5)c3<8pDDc=stplxrLV0?7j8p z`|L>)kt#F7j6^LqG8mCMR${UQWZHSoWS=+KY)*-Ot%F(c8*m+ZrP=cfxH3o4%L;WI zPQCiaEOAipJuVpChG2~nq)#`tW43n35w=9adT^2+3&~0Mqi|MOGB^P~~9XLKL;ecYu`}^aV>%CL;XYSkLuSCQ$Kds z4^uzlI=_O${Qvg<%PxW=avwfYsiT|_%5tm3U7tntaX*73zF(|Z|E}G0u!9Zu63PG9JVyj0OiW?7 zR;v>dF@h|!-uyCE1M|>bQau?O#Db3ON{)So3GRh^O0LSjcNbMg9J#~|j?zCh>Rh0M z=M!EEHV^I-%05B#8Br)Bbn>~6;gKv$7+uQnm@2)K$h0*IlN`)r&M`6d0I2<7Uv0NQ zbLnDEmg#=^&$!d+0?5+&PI=G7OOAav5U?OTSfVq*rrs^mQ*S3d1?Pz!XuXfA*w^$` z7ceNAHhc*?Bnry>92~w3X&PH+%vn|`iw^QH%KxV_UC1Pgh-00OS>nE;t`@s2qy`x$ zFCY;W5KyKI3%n)coh+&mCY|If(f?5DbJ(@u3uQlNe1NiHz!p0Z(>Vc@cbe26Leq&7 z#!>&t_4;EC@HO?{!i)_jNc|gi=v|WxwaQ}Pn9X^gn|d9vgwwAm^(w$0yr%3si2mU8 zoI?~7o&%{ziB{#jMN$u_4p)yYsK@MjJ;3N+Q;!|Z^k7Taw+tVRytnwMPk8-5@DbiD zG3(eNa3KZ5J6zM3)L*_EFJDl9xrimcdLkS^lIJ~`2=dmelz8o-@zD6EWmaglQlG9? zU;s3~$6=rK!CJUP0co83-N*)1??D88h`dBnnMTTZ(YlmR=2%JH1lS#~%n5bME#r{9 zy;bWU2x$Mb9*$9;273Z1pClOAqG{Ud)ZPEBnL}CH0R6fPE__x zh0NQ#kj@2XU{VD^dl7zOyu*tg&g%`z2S1;oPWX@5`q9~jIz9G7vNM8_&%%gsHR!8zjVHqE^Q6#D1j+xA<8 zYw)}w%sX}h?=p*X0<{@1qAXm3uqW5C-{-6WmWq9VpcEM&U{vpxrzC5v>*IE;N9$6( zAp!_5C{jxVk5J3krIwgJ$^>|WV_KH<@b9FDS2ue2HKktvx*mR4nU_@XdwTe3dD#Sr zG5YrzYDNG4%=PcvN?+yr7Y^p*M*sd@@|n`V|4`=hM*lkeME}06m_gFNM{9Kq%aPW{ zIC9f`q0FCD@Hc9Hmwc?#4wsKDPd;{r``8-7D7ufq`JAkizR3JkD|~LPUcw}5EYfEQ zQ_9CcMLfXA&U2}N&(r$+%Do`E&e`oj8)(@xa>HGq7TCLwWf z9!$cyQrS=j#x~}oA8?_?0+E*i&JGFso_!;jyO5W9qc$J19lQeuU z0pi;wvpq2UbFJ=gH2Wc~9+qZ5qRpd?Wvyi5~%bL&ZF7{Zov8kuuAzy441^S$~C%?w1%|UH(N@ zT~2ZmG)=N*jHjQsf<~a93&Q!K77hJMlqS0&;WJq(xG%Egb%AInh%Jd9(JDr!1JVj- zb8&LRD+WDk8gqX_%3Ooz&H(vwo>AvxLlsj~lqE|5ztSVVm>;b?mmE+V^Xw z$^!G9;6LcZaCPeJBr%Oyl~Suyb6nZ$%H&K^uFzjP)qMGX>v)f*uS|ExGhO*DS7u$g zkt^rAaw}I(bLFnCY_3Vis#MmS-#=T=^3i*#*`4g$*^{JB6ce-UtX_T(=h&|wqad8s z%{j|HW=nG|VxMIT*mAQgJRi&|a4hE|uIK9eZ2jIH-8~`q*;!M#m#lQWug0d_agKe= z`H1gyvJbgW&FSh#?<}Q(Ryk>uV@K4zIE-}K6faj1MM*SUwQCUF-S=1CDx)!!}!)c7~?J> z=>5&L4`M5HnYCAPH(F1t#hC%^z1m12$$)kOIjMVtpj)-1+M(JnR`xS%|4ukpX!u}D zjqBV>YiHuH|L%Qmy?-2bC(|FEbWfb~?AG>B+hsp*x3^eYL%WCVwg=lK%6`Fq+C&W?}M8Xe5>6AV;9(4Bloh?FFEzH*m$k_PUs3Ku`fHD zAJ^&?Igd+=%CAIn` zu}vn}Ch^CAh8+9aO*A0Gb3?mCGVVjI%vA)fDSM57#f^;J26%WQ%)aaN{Z2iQzvSs_ zU-AJ=g#I`#y7KE^(jVa^FY_7X?sD!du%^Di*^6MqC*R>Y0%P}4pHPSEE1bGAZ}ky3 z@ab1N>yPJWD}I~y?oovLsY{%@PkaWnKEHrY{d%BY2n0g!;|u5}Nj-9f)0aDO{!c>5 zK606)fS4I=f?EY=egJqdo67baEz0Gm@w0CEqZrMFqDVg*YBcUD6a%-BSuBz#Ua0j- zN#^!3^d^VWU7IjuQX_gxmKiKkyJjnXrMMp&Axj<=Cl*NR@?v0&acmSbepzqKuVg9P zoa<1}(%qq+Mjowpd?;e(`q(t9^iZtE;*QOU-7 zYNb&jnzg;rF^cbwneSDUOpg+qIvN%rK;??Z2`ESm(s+hbF-#)Xi5!ApN{}&qRHY(8 zePnxnMbt8m;_8Ot>b7U(h~gO4jBWpjvEqT0kQ>ONTeaikNp@l~g=(t z?mc~X_c79i?rY~4&)e7fYG-QS3cvAwZr|v@;=Ml6hgRM#;4abd`?srpYWflO@a(f3 zJ93jlvrp+`)Y10XqNSrPdvc`05+CD^X7>NbOevl4#o~(NEPKT1A6H?Ck9WrfU(L@D z%JXGw?Fr&(*YdUKKS5Te`em~hF^V{tgybZJH3-j&SB2DT2>lwDX|{J+g;ovI?)puZ z|6B9ohOcj$UWb}W|Nojj|NZ;^-(!sxPQr!jB>#KM$*k zLWy{Y2}jiX zn|Iw8sK5EU@Zh^UaQ6hkBA$V>raCPi+E35Ze)F!U0(E*U{qz{$5V*$zvg-%mm%F~b z&Rq+g`bYDw_XD-m-}M#`4cuEna6=T_EO%YI&Ryp?bzQ6m%&?37E}~{`hNaClfm`T; zTch9}x&7zs+zu7_hATS#Qm1b7553T-3!J;q1;32~lEqO|e4V=}IP<;cT~|BxTYuLw zrab(0)jW?u4mV|>mEm-a`A@n zDbM-4XzJ(A{lW!*X9!~T!^B;gsBb1^l1Yf|krE1C{(ZukKNoI3_8DhaHQRZ@*>e*S zc2~*;dZkl;c5bChPLI)rxCavTo1}a%?uX&T=tkvUi3ZG&+kIbT+$J6UAcFQC1lxsp zHp-g}*EI>Q-LLuc>zWV;@2}4kIrzMoB!`+7cMm=+6LQXy*(HZ6)L zzPD_VRL|RvB%vRPG{j-f(6&E^r;b18eRnGCxfU_0_;YCQ{ka}FQen^an309C4A}okhMiTM z-&Sqs&u^zrSX0^>JEZ z&+Q!?fa37L;ykJYfBqnKAm`b02L*=(pSDL7=Rc!9>(75i9l?3_+-HJggU{K|7w0j^ z`}4=a@oR6MhfoGzQ75_+)QRO2qOUQ6CmA>*#B_U-U5M<0#pWdVU7g8sEt*<)QnFY~ zaHlJ5HRaRQh%?rj;0Br73WFR*IqyJ)7ULc5l@>M0&{i1Ua@BY4NR#V}1{>aVrCR8b z#A&LjQ<80Qu&T2R)`80XBg?swu7>l?4^oVDr%|h9uvgqOPCYGQdi=seA;RPnH_Izi zJ>>}V7CqQw`RSLO*Ofnp)497M4z7vy`O;o+fww9({qve_zUmMahP2nBVf)uO&Gj_; zSEruM8)WO7iDQ#{t3p=9a`yGVc8>TVr-)#vsd! zU6H7twRXi^&A-;Jh-wF(e63xPO|&_{4T2%YFUG=;ndsBl#wbT9u$+}WMvk1G&_Kj( zN$xM1!0?(z?tIoA&ma*= zP`XH(gT8oE#2=-(-#44P*QwuZsJT0x`IB=G(46@H9==qfP~Fm8nJNm@rZTm{1ejPT zP8ahi^>{&jeg!RTKFAZB{KK0LyWTbQCT9@;?j$QA6hTw&L|icw@0KZ6Oo&3ece~t# zd5*y#*NyH^ckciGcFEWRJ2sr8M` z*Fwy@VME`4HA$C{pZWghX+SM6z6x5sw0S#}|J%jwL%!-_XTIkgad}=3{pF?}8f&p| zlK-wAIw(CX55A#z@I_9a+k7w_%h}EM_S?mrUhLFqP889%M~W|IMxRP)xO_&R>L_qz ze-)W;dcGv@@L}sHqp_NG3{pm8U!=Mj%IJ<}hl>s%@9_V#GCC-cG6K22=z4e~t-s#< zge6X$-~5Dir@|S|e8ahm>H2%62d*f3;0&i0HE;J^*?Iu#-N2mb++w=^$J`oRLI&(e zY+5(5w^nT%smn;a2+1|4+Q4Pz&(Kh`8;Wg zGEt}crk2Qi-d(&W%(T|OX};&L19jJi-t+dr+#k5#@t!(d5!?qCuT}(R(E4gUXlL+= z|C{ZdeVd)jkzfaDetXg0cF$H`6Kwbu?Qbty)^@M?9q!NB+2XEVN5d+bUeO5mdQEW8 z>}*bjdpbB~&;*M{*v#H$PQzcb32l^14-+EkHLOchy-b4St{?>`8rI8GbyYf`0t@u( ziThqUSi?$!v*j^q&LA3ZBrp-?%~-vZs2TeEskwIWoo^-jx^zJ8xmc7piGDA(AH?XA zhALCy)KhSUQe1AdnC~_EgOzfJ6Y zBrDZFN$f2NAmsOnUUTW^)Ujk79<9cy9n>VK)t|G052U4I)o~oZcHmgVvF%V&0{8(= zt(lq}p=`FNX6la26iUVDJTj0dP_a5QLnmm6;QbUTlRZp;^)-5*sa2I|n>nl&DiNTff@9d;#mXov1_y4qO% zB_)u&y}TOxz<^NDRIWWm;dLz>-+#gyNIy#gBv^uz;McdI}FJbtR3Svvf~1DSiMt<^Aqi+`BpqN!wWD{0VTBs6NxU1qNker zDPD&a?!fl!ZMG!**0_nJhtziGO?pYNVMw+wS|CF3PFkZ0uM7M-^xk1D8&Lm<`cDj- zoe&&Xx~EL~(2P1o7zVOjt}76!Jts!EE@Z>SvHD4dOjlVLlbg&fjDsJhBF(*u@fe@%(^ zBC@TM&?X_@5A(Lc&r|zginh>`(62U0C~SE$goH}ukd#(xvflq}&J9Z|X%A-Y#w=&F zFNQ~s3+(QTFoNCBiS^mBS`w3*wIHQuNWTavy)&iHgp~Rtp4&bn4(>?pAHfT;yC_dr zr(siu+I4}`t^rc2f)Fn(m{kchT41{*A-M1_Yssl>OFX8?GaI(=hNUN@bAFlH`%3I$T9Ho%#JB@NiBItGM&@e}alBQoTwGBd`g@uE zJ^?uTw#=>oXMqjHpNnKUmb?Hc?l-l6E{A7eSN2dEkQw}QXw)Tt4NgO|0L_WS;DR*F zSQkiD4@o;#M!|iRI1a&U;z-0h$IL#`r?6kfOdyjMeRpP4!mbUj&1I^DR3{QQM<}#i zP$ebDN^&-!JHy0mOY?2%89^nbw<`nF@5%De=?5zPNm5L|n-cYOS*G6)5_Lo3evkx@ zXEOaRt*8qsr|PbXfWnegou9fTX|TL3pm1STon0-TQw0>Jxj$C~ z6fR2TV^^yw-qEEEFUzJka8&v$A;ZiF?H(xytIO`8a_~giJzfr8Et^pg!^Dok?~;u+ z9YE0oFt=p)dEZxUQh%!C`0|!i-W%J9_-Ar+ag%k<_5#TTOrabD}O3rxGxQ4YV9(7Hsz9)|o zse4@kVOeT!Ox+J?>Sbx*J4FLLQR}Ok4P1#OZ$k}SmKu1tYiIyC(buXqN-fm;`ZX0~ z*dDx|xQ5&h^Cx(~84F7~8ti7ke!{+L7I7MoXiCL#VQmHbjR6ZPSlEfP)6%760q6w4 zfDEgjt9k%?s;XY7HjSbi>k zK}DTerJ^t&t?jv0b&)sy>qWHz-1%!#8C2|wii8|8*Dt6wpV+viYH0t*#)&4xKpQ|DR{Y#Q9l9zskh9DT8dgo3h~PicFmMYwB;c@>?|~&R5(&sxonI z$z16y>Z+;NsySA>CnGI(0e!T&9MzGBzF$kC?1C+z{aZ5u^LH!iZ}On*_DtQDc`&~{ z3*M>NhpXm>vimiS>tGp%6xeqOYW|LXp#ApiB=FU+DrYbo|J_ita*BrJ-1o8OhQV0l~OQ8yar;EU>#YDT?M z6_oO5reCUx?_WVivU@Z28w!W$2QqTl7ajepO#L#$@9!yzcjs~t3JJ^a&U>1ZuT_Vb z$_BR)>bw7SE1_PViI&f-AlDt%_%;5u5YF?#A83nbcl~o)Z^_a8jUJWFye<83rWV!K z|4#p_cIX|gPOs&-cilJoYo_|veItPJ(yBVMCSCM|oG)JJi7dFJYL^j$SXPtu6k7e} z23mbTQ=6=()$6P3+rHH|<$TfVn^|z3Z}nScwJmvjwff=ER#QKkOdX~Zvch>~e65C# zhfJRpRdu6pd$F7^+Fo1^mRIeAq*p1AejqD+zDIe!I#&-%c($+)!w_R7Y&+i$P#Le? zmdxOCycZSnxPRKt{PB&!#jt^Wg-SW|KIF4t=plM~5R4JJ5t0*6 zvgNFV#X(Snp3xV%Y8f^~@+~x3c~r}k6>hp}HjPMGZZ`6UB-!Sw7E<@<3>JoRT!lF) z^9CfOP!S8*=Bge8BFzX8sSX&HBrF6|k~c2NHdl=@n3yt-RWUK;?32X#xKU=bZ;Nd_ zDaVVkDdSibV-uC6CcDDilz9V_@g^tP=Gx5^hNo<@nNr2@#I@61VR}l%Cu2HZF4K)S zL1paI5i`UPm2s?!A&TDI(uY1t2$Z+DMAQaEc)6o$A0VSnP z?XRk$p?iw6`Wv;JQCKGValYAf9KW=zE+G@odKrZ!WphQ@U5>5g9(mXeRSV%mZo0Sb z{k^~AL3c@6Ur`f$bXHlNQnZ>aEUPtwlRnJM|1_})^W;6jNlVHBH!$7a&eY#C^>(KJ z?(vfOAT#Hd9bjC#Ngnr&s{O8i+|Bvp&i9Y|Ak*ji$8q;-1-;2$&eTitxEC|?Li2G< z_GjgBA7lYH@Hp_ulbL!d(@*A)dpr$Nar6daAd%2rX5s9k25;iQ<5FMPtAV?ZvvykKz?MxWqgN-9Fk|&cs{L7)OX~eeSCmRK;=fgcvY&}sVhoI^ zlu{ln-iFkd6ERo3kb;77i(-))D~PzQMY)uIe6VfDG;*fe-a;GJ#gJg{Q(YC7q}z3Y zoQa?<&i3I5()nds`O)gG>95kyIdX*^&*%Ii+$deLk!wx6`S`K+0wHW2c(n?8)ZJu9eR zU+~V?wG8E*Pp!fI6uk3?Rdqv)@Xqg6)jL)9ZZ-H`LwM(xThy~H<-fMTJCAeATZDK1 zpbC2%uD0jqg;Crpi*YN#pt^qJmWBiZk&fd)00{?M>18!b;Zf=3&e5Y~R?G#*2~Gx@YhcDMuviV>tv zBP2wVcuEXEOL8kuzD}2;qb0O!tu#P}-~q{i=oN;tUas;sxx}%S(_ed?sFa%5Nr0!Q zl|E!>;fm--wW?((6MIul{kJ4+yS=7wYYyxWYU+lXgaE$Y&`-7qk-NDD+V&%RbFKPX zLm1enC=Cn)^~TWlQr{lH@?)I7iyVptxcF9u%{;k9|IN30Pfg#Qw|Y;lx~Roo++rr1 z<+b!@wL*_AXh2v^VI{>AK~xF(em1c0YhaUkRx(K0yKt)1ctY^6_Z3EvR?!G7#}{ zweDCYa%DSklawx}IE%R8x>H&N0IP+og*cIjE#2#*twim#GeA_8LGh8U5nTrnw&>Lx z0H8$JmP^a1(=)({oz|ijQ;p7@-eMQGNCb3gEXp~4$UNsGY|EwZ@?ia!mYg?ZtWe)J z=kudA^+7*ui4JOd7_2{BtIE4dxE3h{r7F!U zIbt*S*3>VXPrtLK?r1*!_L>?1x?j}P&ujWxt^e9kFL`uwb4?XM_p@3g?E4E1`+CFt zq2})4{X8-m9JeLFA+<>9)26w+0V3f_QW1hkM*VNh<-mZC-4b2Y3iTh$m0BTXR~grc z*$0#{D+MyvhP_9nB~nW1?xM@7oQ)y4`O&|IcW8d}x?O&I&D>vezpE9bPCls}y3xZT zAc9ELJ}5hy#O-_17nx66sVM-{1#mNia}NLsliJL?TtuaJAu;-g#S77!I9W7b$WO)% z@aI?8%uj3XCV>IIeGmWb>2m7)dUcx^5~h}Z(KbkZc6OWR6c@Ldhg$4P$fs1Okjz;; zkt#KOgSCByR#sG4+wf_8)-2weNfY$1Ra))3R%a!ob*juKQ(k3A2K`aLHhz8dpzZv~ z^g&0ce$F^0r~)M}NwI8Ir~qTE(PEvJ<6SJ9%}HiQrPX|keyGLp=8gzeAzH+XQK3!Q zXIemT_AO4pa~^1q){-$+*xb9?2H4!Q+SH;}De6XupnR};ylp^9eG4F=E@-1Ea~{4+ zLOI}Z(TBF$Yg%C~D8++Wc9ey0(l@pVfBR#}*bnz1Aqz^8O`zSrfZi>9vDL$e(US^x zlen0i?`*(mK**>ofEyMe3~nA?|2-l3&cih6(_2tUky}MAxP;4u;AU)7-4^b0t07!v z4Egdt|J9JUFl}X2f}KdLwr8^%ne}4HF~3mlAiDcNR%JrKpQ5}YM3Ej8*3esJsANyU zD(exY4%?*Owfxy8GdGP->&hX!p{XfCh$Y#ab9Qbf*t(6!j2I&Y9ft#RA1$5S5h5%w zHt>&xF_ZazkcM9h98$>y9- z+JvFHyJ%hY_&-sWtt^-ONloKgYQtAKgA^eY}T#H8}|4nJkj>rnsIF#xTB ze!CsRO-22tT_EnwcBUf3l>)_D|^uAVA{Qy!vb}lvE7Mionh-Uvy_<_ zCMEMb*FDqWWe9JKd%c6>rIS1VHy{LTO!lx*z{gIdD?2@WKq_;#y(}<-W_%Eoh%sCO zd~E60TwFlOjU7Xwgrec66$w6MI{$ZvK*@(K>VI0?hb_Sk?E)pMJJcf`8MhnkY$G8?66%*e%tI)F^`#q72gy_kZlFLPXg z1B3!TVdfJ#MKmON63Gbfg+S4-@mla%Y;hrF-X&c;Nn!ba;RQ`jv=boA1pfkmu1Gl}A9;ZJ|@yaZk8IlRr*;ex= zuPi)`KA#*KY6WGO{?F^NgRYr3XgiOh?q9AEC?C_M_q!rGgUp&Olzl{67lotD8%Vf@ zl;dj~)8#@FIZEe=^vO=9CW8GUU$cZ^33zwT<5Fg7RMG){y~$j}(%9}vll+&sXM|4N zEDbCT7?D6T+evqDmf$a<#RSGxBncldF9qr}rBCG$Q=XPmv8T8Y7KWwyJc!U z)=u;`tuo%Hcjt1;%kBEv_5w%J>eG@c@TqqFWV@n%^mD~CGM@2xyT}@sb*ZzvMS@u^ zZ{U&e>h|CpU3OWQd8ggI*baNR)+0o?#hc}MuXN>8`7If~*P73Jxm~>^&s(4M^O<(@ z_jdOt?G4b#%7BqOJPAnYBFNgph=`3+W_L0t1T){u;|9&}|LXCMaToRoQCC;=3~(7Q zll_$0`)s!u9G~gZOS|;4E)s%1-W@*JJ!szVnvc}3l1^IiK^L>g&-@}LkhH=c8Ix6? z%97rP3Dh%hfTlN2g4I8^^k$F8$t1Gz*t)6lk*Vo@u`S*lVZZB?$Y&w$-~f^f`N=pH z7{a)Tdx7W08+w9n12k*7r%eF==uDT8_{|5or0zG{!FEny+T%S{*YLQ^dPY6q|(d1_yGzYVxoXh z1avb*WhZ?k>A6RG;XhZ!qIgAVYnPK3d%=RzJ}_b=IY4XGJ3g^pSrXK#MkTM3D*-EN zEW#*rQhXv}Fi*Ff#UH`!%{#1ClUIpW&HA<8zJ?0?3>C~!T-e=xCz0WSuA1f7oqqk0@;@6br~K}MR)SU3Ts^Ncx7Giexs7?F=C;h+ zc<#t~H>tU!=aFJUCoiY^Suw^q`(~?pqgB1xs#%k?NG3j5@dw^ggXJ5$;QeLwRI7fa z)x6r;c!^S@Zmh2ug+UU`uk}rMTctOWkevaMyDbJ=-F|)9V?zdvDFoO60r&@jsl~(M z)-sU9Bcv|cA5#5bn*1r%52x8fsa~08e@^wIY4%8}A4{{pr22`p{CKKYr|GIxKb1yL zruvyQ{Y^@a3@uLNo+?RL`bM6bFwR{RKl^+!zW*U5ezyrt2Y_+^)1&OQ8N~-@ z7MGH`QVGVg$V3n<4O?Ha?Z{G6I|84cG|njF2q{j(VfbO5Nx#6y57YG?9wbU2$&D|g zOUSitmD*&`lZF`;wS*f-BSQ(GhB~mI;ux}siATh2@mxr;Ta5-8N-5mc_MKekm=~pw zS4o}veEXLC#QFJ8i$9aEr>r6&_=4GUEs&w+jUh*3JB!^*e_YQs^Xy*k-)??C#ee{(WxJK$BM9scCXQAkdX~$^~!-wA%5b6QZcAA?E=$KdZk~S`g2z%&X7MO0Qa`VKv}=NW2&=rNjw2>nI{e$>+$N3WP|T zkX&sy_4hN@brSlZFoES;C2pdl{o4BV?xK@i(7C^wA2PZ2XF^qqi5IiowtxG4y?=uQ zrH%Qh4ufzkl}YJZ_cR$EZhR^GGb*0DuX+!H)3Z_@H}?ihho30ZkZ7)<)Gj zK`#`>ip@hdT1gHddWsAwqRL;Cs526EI<*|kbG`;phWoYuoZ#d3uO@ujs55N1$eJVd zy}U&5w260C5(k#5S7m>ZjXzfGiz-a|;UJ)PIQ@G(SHT8Mrt(D>U|81ULo8el14Fp!6p zeLQ?n3k-<)=k-VZ@nC&t!FrpG3C4tDgRvVk2ph5VmX;x5iAR^(U2UI>4|FI~giaPp zru1SALDpX3>9@H|2M;9xH-+a5<|xLwR%598R%E{!2}%zzGI&HS^W{BB#fY%R97G@2 z0rR$FVW;R~u97m6fwWH2Ta4sZB&Y`73UykD%t$kaf(Ouk$>R43F8sK!~Om0wXV#YZ3Ywg#zxgC}k>b9&(O+fBu>?vGFq6^c^d&;eFg%K=S3-BA^ z0g;#O5fg2G?{fow-%SAkez{ihNIXsa{i23#+kT+kaZ; zXBYV6`F5AzUZVU@zLVdUH<7P9{n-sQy0<@@Uz0al^+)n`!*6fArowFAk?y2wk?+o* zsg6qLwgtDf9lye9O@{N@u{f6UTVY?0k6`)4ZuMQOqIa7c&Pzc76FP=>;{CyxpgqCd zjKNn79e~W3)2(`+;@YrI=UexdQGYY$A}jV~Qlk;sUek$8Zute<5%3l8 zua(v7Wz8CTjSfK+ncy3A$S3L(WTL3gld(t&osU(wlyQtUFP9rHl!J?uK3GKC_KH44 z?~TRxma_gyS(;E06~o&>RKk3EPZIThrr(3_5m*df&(!0XfrRD&XAg)=iFrF~{4Jx> zUSILLO+KK`?7gYnxUp=C8a}~Rd`KAFE2W%$1L^PM`hBr;Q9{6P`X(;!=1$Stz97zJ zQV{CeIJ!P|$C({t5<-$Y68=3yM&j{Cy}_tR_&3Ovt3jR5OJ+xTF9GMHXz58MXFeVF~^bxvDGa=N0X3zY6f(WW{>c+BHtA-d-CFOQ&bLjkk-? zySxkW-jP=nZdE4M&v!@rFHeHNPjC(VddX|({H>;Y{1_4P~M%5z9j&-?8LiHPP zDp`zmnTkt7-(JH>A$m1buOLSy{E}V@wj_Ep3?>#BQu=q1sN+$%fK{0sEP`P{8NIfR zs#INYUQ*LMu5Ml`ErvVe4&e>z1`&t?*;!Id!ckvTcc^?0R+w|{i`f?@5*X|&RFjtS zWDj*f;-jg0Bvp^5nl+&AD^xE{r9$;Xsd+eU{3!(hr9$=HNpx@GF5xO*L@HFj4@{$p z8dRZLQ%QS^rGZ)&e9^D-dfEf)ScJ52o*9#ky;7A{rV$D#*f=2-X9u3zPq}CzW_BSP&@?(GaSFW`e?TM|7da^lA4WA}x|rnK1+Ci(ew{>Xv5L5(NKoSHXc*u5YTZSh`KX0Vlw$%g`^df7f!)!;^ z-7=i#3HSa(c-~3!R$@a(@kGuzEK0TTR|-rrouYOVU}a~GCgFa>0)Cohi(lCuy2Pbp zK3+NiphDpGnhoh=M~IfJ+0F|FGsL3Z2>rTQhCN{?_VDXD|8zF5vsd-U&s7owc+5t8MrHqCzJldW*{-tm?QiBs2irr& z9j=Zr?8hv_4v&u*yT6^EvAqjR#5J?|ZDW~!c;g6tcsonu2*;9@ZU$$1@t1i4boAOT zy;ro4>x7CpNF&7Hjk0>TtllXHqfp|)q3JJ0UnO}vV}%|-DgrxSgIk-&gz7w=MK>Ay z-%^gAI!i+C1#tNJqft*9^Ai=_qFe{IrRYj>jTRJdW0Dr8pg#faI{_O4{YaE2d@8Vt zo#iT}u2!a|u26cJ(%&!JYs+y5F+%t|f6*OMaHV#)vu(6KCdcL5Mb@#ftcvv7aKsRFPi$NVX0YOUHqA zDTD3n-wwmd9JY0 zZfwlc1syJnDodrFq#=lqd{YS4+{emfg`w)Dr)}mXoXsnThexEq zcm43>2z5~G>#^;31jQ%!E_0RJN9`?FyCWz(xwkneTHs2*LoEfqMi(Clj%lDOn+OgY z30EIb-}pTpeE_o*w8QjFMN5UYLl7v)ZnPOg_rNE)Ubdu^iqhBDhe}QV$f5=(aVSzR z2jL4r2)|0>JJ@Z(BpqrDeCUNLID;sD&+`2yP|rfS+*8^-snt^m^qsnjB0yjtQw2Jbv;qUVhx`{h}HtHECpoa8AW8A<+Oq7RMxEz^v#6q@~A&1L2k zz{!yXdo6bUd?A+22iOi_QqId^X$o9b)zt_{$KxZMlWhzIshKFPHlp$bUaKMX>F{2m zrHE9(mgNaRa4MHilZS%oslATSn*uv^;(CZq!J|c$_Y?DfwG4;ln3hxX;@qT8fy#?M z#VfPN4^mX;D(!)FS~_N4>GB{Z)jSLyG@gYIWD2p3%3X*qTz*jX+D;8d2bW38eDw1C z^~7irsX#n=sgxeJetk_|jkwqE`$iId;i z`;VMwE3Whad27z3`cY#ExUle&I-kFg;CrZwa^m$QsZlsq)+4+&a zFv>27^hHtj^+;bFmH#W!mqzI&k-jX7z7gqfMd_J*>k#E#Sv4|_z;2+ymHr4`j}cP- zrAqEhCXh!lv!J<@3ud&2E|Pb1uo8F@*G)t;DtB%BNv>JyTqXLY+Msop-_CVSdgwO9`ddN;)&6?E%=wWl zLirr~28B~k>H99)h#2FjhC0kwS%>eT+J?^XQGuNEhkA2HFh^~};bYZiP%CDhy{M+X zUQ-vlq9%{HT`0t@(+jV zp-{1w{fEMEWvKofD%R`^LjnA0`3Bs%JyR zIzRGU7`_;)7ed9FBld;RvDIb6aCR(HLhA=*_QFP|cgTvEvbCir=a`!L=H@Sx}}gAwqdOvp_T%?XYyrk8}y-05?^2EobZCA{>d>(HD}B#1jwP1uCi=K+Ef{OS zAP3^iZ3iKvu6o#>3X;o?bjrBJ8$vGn18x6LZ?zq?-fAM4kj@atgE zksiN2c@xQDT!({+p54429nhg3*?68$D4^N(ddO3rpZ_oxGthq#V*e<##!%-jj;+ ztpkOW3Bd)O5QEMm?$`Q#?hF2*HFeyzI}2ZtNS#GvObVNx8Q0H>UB9bK5?34iDx|~1 z%5C`i4^g>XE?()v7Yy@kpFmTKK8}t)9BABxrKwN>-dYIbj;Pl#4R9+%t$V<@?U2DX zu$gNc)k(Uts4eVB!j4TVIxlN)%``Z?=NJH}2A^lBZ3bkRuOX7}isGEUvWb_o+tG;B zakCxmy~;&~xeKWSAto0@2A2T0UK)8>l`aKA3cu`YIFlX`rz`r5YSjhQkulASl`X$l zAqkVwhQMqgID0;*32XgB>OGGK*2G36Wx6NQFrVG5`@ENjxz(Xmck&l&|BZ=}ql5Vd|j0Du?308PQF&0kcSk6!VsJ;oq4lqS{b@Nc2iz6jsMk zubW!k#e~i42n(BvK7@yZWPq4dQ?>yUnROD4AW9CIs$jQ<9m~s>O$VC#5qgZ?8dY3W zA-W0%zgrWnlgrb~fs@dGQ+pk*&U6bDx_#?IEaWLJ8g1&E8{E8GSw7spM@lzSV1e!k$959jJ zdg&sJwE9dFoG03f(V~g9zfRO$iTZV-Swqizn4N8?vb=USvKJ=mf<#?NihMbnxpO3@ z?A*khmo!L=ng&f!O$}KxFl^qLG?vS8nb_dS1t6gv zg*}29nqHUHug{#TP}kkKpoPj4u{k%3mSnCSYo+&e$p>^e0|59C>XR#4KUe%70XmqG z4`@4cY>e(liJhW=#OI_O)`WR5jbSpJ?Qz_RiqA4$UD|cw`j(cnF0vrNzQ=}YOXJLU zm^wo5>L6%ob35o3$TPr?42*7EBWNoajj2$x1jb_;3YCd)?R8;1^j2#mq`>-h#jk6A zU0#Dn`!S7T(3}^`giVv7ixAD~!lrrAEGqpPv#Chq4AhUvOdG2oNx^ko`0gr;@bh{i z2d<0F^>Kq-zG?76qCQCA$}C*gD_Qh<=59l8zgFaVBJmnOO;UA5$Sasw#N-6SOha!H z;*}$@40I+M3#P7gF^HF}6SP1Hdh8yt7#~Fu9IVhgEEjLS+%Jzrp=`&^b-5IcL(mz0 zwTi9+^&BG8llhNQT&TWkAmGqGZCBLuC{WZ3WlV+en?X;c<1`5qsYN2^k7Y!ebL5#q zeaEMx)yrUy7ourA}&6x=fhJQEoJ|lEH+QSVp5+11DOga0{yY zb-v9yD@716Z2vg<@w>Nw>2aki!5APUtyjn!E-&M}?bOBAQFuKHZ<1p-lw}HW6qN-P z$-zr}C+6a~9Pb#-O5%7JAEoRV|1DCmGKIwj<|RzJ9mmiz{2uOpns~BGKbipeCS$Gx z>_D$5TX`LvclV~>#|cZI$E*?opuP%&a}@tfwckq5J}mQRG{Rng&a<;7j7F-zz?mcc z(C9d*tvH>r8PScrvF<|`2lA}ZZ_@A_-*971 zuY3G@(o)LDpMjYdC(8tDPDAiL(+vKW95@m$$V?!>hzSWOA)}EGj4xz>==TQ4fXe{4 zQvsTVQhAGa>A}~mpBT^-riD{LF}fmf^J+WIyTlyi*T%2E>eom6b;Yj(zitfL&X12; zWh?YkR!OTKQbJ(nDy(8@_tmO?mHL7|IM%QGVQXupKT45vt$smVSae%i*R2!{B7nfX zp`y1`_<=ZDy(5}7oGwhJ;L*hE7fdHK2KI{~P-;81NdS1U1$AU^Tc!(zsQ}L?+gOe3 zXM=buvbj*EA%$M*u+tnYm0QAm8aUND7!(->jIj5-;{$ z$yvuJjAw`pasf`QR90!z+w!6VO} z@DqG?6{wczTxPkAyTP?z0N0L12iH$e;b&|Yw7~I-`(b=gt#m5=Mhr9-J~-PTDU&I6 zgv6N%Z4TymtIP$;|CIgO4Kmc^+xdF%*`qgbP4}R7xV~13X8G}VK*eH_Yo_|$Lp^{D z2Pi6je^lvm00YnkR|zxZL0#*9=9>uDOfT3J@-#Rfo!~APecLzSC>1WKAZnmWa41Gc zEM35XZbWKty^l;&VYUFta~kS`M%WJhs4=B z0(?QdDfQ}rg^%Tv@guO=Mk<;{t-2grwBuW=kES)(5^Paxi)-0NX~m_;4pJHu()2Qxyx1+Q|h)xv$ z!A8G>#zEccw9(-az}>lPT-Pe9i`6>!3-{IgNpzXrH`z~OKP~&UeWU&4H`q61N%u?l zRr{6qoyoPGrCkyVoq8+M0lA0t8%Dodlw7sHF&4d_8LJ*>)-zvY^nCoGs}C8SpIK=v z+Yg)IG#lQjf?HMkGb!=yhO4pVQFL>U89@yl#vfZsOdtnt+3y+Zpb2)9j($=})@8x% zJndq(F%O;Cj5J|xCP6fG3`k^oHh!2wk?g>nW-mZ$*y z2Vj#V{mo1S49D|oF<)+c&&b#NxI6aUzF}!U!0=e*V`yG5=JjT|**B>8h4N*+-rDaO z?C0(!gmmE^UduxQQYo%ktNEUm5y*Isqt|@|F53ay75}UDtMaRPzRx7iwy&nhe!6c| z+8txri=qe_G!of+1}6%>`#q!IFUBHUW7I-~TlJjLUsUIq@*=BFwt-(uV75BVs>N0> zvgV6?9dmMUo?73Y|GIUv2d**ZRg?a$=^ii=n3wq3VN731!y>VTV$YK-Z;=09JCa`C z9!W^Mkr3GtHq$jIrbK&rv27t^OMq}OX#W&Biw;_bugvrl>jV{fg%gFrP8njK1rAOr zVVJkT4vxEuFlPFXGymGN@bTB=C`QK`t&TB67(Z9#U)Y#;7j-Un;s!IXak%J6fA z3=8@lMn*u65!S1>FV zCj5z5xclfyG76#G;vb13YMn6~4_f^zac;Rnae8dFQF(Vjg-b#E+Mc)LqYR-@mzC(iq^B$ zO36@|*}X>_Y=zYLRO(6DU#-nIg^d;~bOU-MzN4|YsR{Qh zdI@Sa;cCclfOnAm#;v8N7?J1cSp$gp3-S6crq3oG1cT+cDZYv0i8xz{rmzZ$aWULA zgTVxZxgqu_D_v?Vkm_NV($CC0y_{OGwW{y`j?&fGPTfx!(GZ47z9|;^B*QAS4*(TH z1^gVlN+cHSJsqXPaERS96eVmMdU5)ix5uu^Z)j4G1v5rOYW9+bkf%1NCT)Y}h*Ois ziI`$Owd*M%#rI;);$3J@fg?s*J!FkYtI-}#dOMRMRLIkg0&akX4*JEQPU!%11VqJhR;u!yD6)^?k_;G+ z$zB>D#vL}IbOr-QFmK+3OknvMP>=VA_Aj`(e?hVl_LdIYuXGj@AJGa{fRDz)0%2ng ziqip3lkyr{3HVAR4j2V)*1J;1b|;!b8=_`8mcai~uUPmBA&4Sr#IEACJ$3ldoKWqv z9C_)mFP9$mk7VL94;eOwxz&=fxf2i7vVW+-h|wt%x}88h*dWjY@SgfdhxW6j(zbln z=FHaB`n=qv)4NLZ^$(~LVt~d*J)E{jsxiXoOX~;%o0!chn$2hndoSc|?QfKG;)B*) zP(>&fJaN5J!}9OXU!}^cWa*?zcbN-B-@P1&*oF6z;YZCrW2qPbzqAzRsl&EEU_$q( zFKk{~rf~=hrE(d}x1F#V;NI_LK%N5;Y+Yxc0UInPlC661?tN-vo3|(!P3>jAMZzbD zbkbu`^R?m8)zBX)a{=mb{R`f0dq0t6G6f8v)n(kgG=aB!NwDo=b4=87+C-dW8y>`iE~|xGyVA(AEZXe zgEobkA!iyUZ|;tEaywQ^Z;34NKiYlB6hjdlp#k+j@G|o4vk&SiVGT$3*`2?#WKR-; zgg9RiCgK|ry9GsZm!g5DFnDU3Q(@HM&pt>*3T z81?RkZuiW(d&A@R)n-v{W6M)oOj{*px7@}?3XH6D$mp4BhMB2ZI%cSuy)%-ThLAl9 z_Ra{&y8rb;=Ac3)3OUK7-bM3D!ou?K|jrrtT3K zCUE{hgV;d5f~T%9?@G6mqxNP1VKfagjp!hmmE`h9tt6IOC@%%H3H*j1Lg8jYNrQvr zZ|hTV4I7TZ76%LA;D-dx4v%Br!ilA4QeV-<0bD4wl(M0I@k6n!l3hOS=Wco*|UvW(rlMX zP?9mJa*0%sa+g5#-JZeRt{vSjYWwmI;r7hH+WE~HNQdfYSm4mTh&Q~LiD+sD&Bz^@ zk#(7oqEWw&aT4;j;Tb7P9cJr#W+Wa=`MLEJS&O@at}e1*s@^g&6y>-&<`dl;n_6GrMQlnVn38-WfF}0tFnH z2+_>ij0(~eE?Ue4+pcgc1g^iW2EhLifa?n7n)Q+ciAvxSebw4a0(}hN3C5=hjk%Zn z&p!GJP!tNYpQiMYJy;56g!_2~Bz9&v+e<~^1P6AS2*$+mAy`()(!~|RS5#m`uLk-@ z;i{ZNy&XtO9u`Sil9(dwBz4J%`-&3BRA4fC3G2k=B4KUp*SS=c8$HlqluL(<+|}$B z?;Y$jjX1LH=0$V+ORv)du&5Go#RP_!8T~v{Su$B7+}b-$@N;CYE-gVF@IZ7x@(oqL z48E}?m+mZngy*X0#F!{kdVwB5M3DKu6=ZfeA9^4Qd(lb|tx9aeAt*UtbVdRCi zGJ2xfJeY1j5=^sOU~+2-DVYWy^uBqQiUGc^zpm9qI-yMT#Y`^b9y0op0rOg|zR!6$ zl@41iWYKG6;z{l%26qd@9Gn|)-|#(x*-uq#jfMpA$>oucKZp5YGMpHUlmc3FxPFfC ze&9FBU0E6H@^HQMkvm5hrR zo&*wwEosxk<*XzzGI*n+Ho@f+^Sk(bZt2&f{rbB6P`)!`(2042w)3<3y2l^S*IWDT z!OewBqk8GsYt2sX>OlL+-r~4ia}RvuEnBZ zV}YfYYz1T*W!T!_ofn$qJ*+#T+l4oauEd{stE)`(Ez{SoMeEEWjHPXDeN-o}X!144 zm9D|uv7C)r2-EFm2H-xA)(Jd-W{7BI1|hP4H_^MM?;R7pY5GD-$SYZ(64jfYW}`D~ z-|03w+4gnVk+>XO0J~T@&+2mpA?>VpGZ$O+w6)LRZ{7198(nJqF0s*tw(kNPU2glf z>WzCx!4;uTzg^z=4invC`fzDLzk6_@vEg0xMxKY&ZY*lE;lRc%s2n^Ky9qlTVBUS< zh8FOp7{K1 z6vsEOq1Pz3cWmICU2My_&$Be|pMdfR4%z540MBa$C0e+`eNfJ9Pn_evn6&#)u5W>v zr4KX9ltzst9CQ%IV5Gm6UYu3?I-`z0oSu)u>3N@FQD0xf)FqYFf=S3%RhBju@uUk6 zN=nCW0w_f%1}9Knd`5ri8j52x^q@Yx#{I(jHXGe(qgQP3mQ{D#=mCo*vn>**GMQXe z`Usske2B5L03hbO1X7H$6*w887sGP*Gh+@fl{SIcNkLN-TckVFC=u^4%S97YTMkcZ zw@Ko2RB*NmhOVtYGGzUAb%(k}MIJjx``73D=x`A>|^&1P-_SC?f$_5_A$^=%UA-VVCV3k$CX9YhyG7~t7WwP{MtA!FAAcEtM!Mf z(I0E|Kh&Z>w$}g98cnQEipIA-YSpc#x~Qor83pY)07P~)aMj0BM#Z`AB8gSOLkaNE zYc3_yg#^@*8wo2QaXv#A;t8ecZA5Go0t(k2h(8rG8-q_aOw?T7bfXU{FA#m1x8mu8 zaI`EDWvH;_Tt|W{8$;ViMaPlqN&rFfx^*I6ws(K|F-L>!A1e!I{C+k=1IeRp^6zajt;^OhHdo@GKHK zD9U`%O~VaR%*_5m zMn$J?aj?(GLW6DJvuoynd~)x=X9Ef-skUCa)=NF`+ZDh5K`zeE_B&2=SP8|8k>PD{ z8~O=QBV8#TiC{(10HdCJS(}$c2=l${!z4dtk2lBJJtO=&U0R(6$1zJy&%~|3g@@@+ ztHb(c;B&`^aEl915xo3G;S&PcRA1EmAfi#l7ElCOgp_?*Nk#iF*)N+f=`Z*24rG@) z9nus<(k}8aQ*7{a9Jv6vW|E&I1|=boA!!|^G30yGrk}<<-DYNUJkG}w$k&4UWK$UJ zP0}sI5knjY>L;@+C7ryHkN}4U4k3n=Cun`@GR_FKNEq-%Fjp|JT=RQn?^XI) zK`B+7u{a?Uv3b9+S66G#UnNU1*ChYJEy!5(Qv;r0?eP=ZMx0Y_)SFo$*X7ZuL& ze6S`M3uwu+GclnY;a_n1BN%tiqfpa71uTa2GE)zNij>wcM~PBMtY+atyYU)PT~+-0 zRyAlRKNR>Qb`3K=S)`!@<4P-WfCIka(1OqEPpLy8Nr@u~Hs6LEP~8#@>L=B9P@o<) zRTw!sXc9(z_vH$493@tTUko3_9Wmty&DctPgaHSs zpvoc{jT=QA64z8g#~sJ%qp;15R}*;hb76FE7*4KITG4hD2uF|sc|65bO8R|o$V~Kf zrWecv@p!N!i5^X0fp~IdD0Vy5a6Jsqfzg@H-9WXuntog)vh+CS#xgakDI{d2q=MYI zQR!XDlcVhNP~V9IG1Ndt0GBCds+90yQ>%@*ccH3D=t21;W|r7RI!ovA;XuScjQJ3m z5A_V1Z*;f#C!(igBfm;x85*-nVHpbjdLT_zT)HU^M-V(gaUuF|bGHfD7I~%RRl6IMc76(*EZ%yEIBlnIzp4HN6Z7^D`e8nQOs#M6GTJ)_BBYtfBnQ z^}<%zg|9yTJCaTq>Wa!!=3#9O1hi_A^ zBq1N$-anAz;yak{(`eC3YjM66Lb;hsN)s3mO++1HgO_!4iPkCdL)?fGi7vlJjlhU? zvebc<-Q(+vl(}i}*`M$gK(q{oGj|R?^FskjUP5&R_?43#l35S6vie=62wi+vg@04% zAC54`A=n&MJU|??j>(Q@Y>slDQAfy8qtx-)(M<89+}ZLV%=YG@!4JBCu)?4LO5bOo zk)z5-D`LLXQDEm|$obWwKHF@{aU?q0^q~mhy!)7ZoO~>gxki;w;1$Q{Wva1Aq5n8a zeLDQ2{sf_sBFhhJHc=+PkE2ILZLkl!uf2QNca$Tn0W+xy4&;Rq$=%H6=|j|<2<=1r zwBjX?PmkpBSi1Bl%mQBCxy_rGB7sfQTeJ>b+4x*?j5#_vkPrVl-w>1hn3iZ3EQ=f|{zI{I322^$!bzLg|<#Y9?tAUv$0(7C|MF! zQSWSKHf9*MkYnX(!4{2aYIEu?Z60nGe#9T!D)>mW72VJIVKdSZog;#6D%-KQz1l9? zR&Pg|GTtzqt>(Dd)m`MOXlK1kt3O)bRqYPvJ=g5SdVBlPVC$Yexni%{K5|`%3uVXN zSm5M-ob=uP!GUtzeNr75e9|1KKB@WDhxlU$t3!f=^&#%y>S3}UeOe#Z`e}7UaJV^? zw&ibMyCvd|Y{@@_3)yx!M?+SIdy!2cXXcBDaOH#IQkJxumKd!|%7W9d|E-iB05gJ@ zow_M7H^835u{iaG=*wV{6Qa+%|A;;dvinqYpc7>y%rUNh!rsB0BQQvf1^MNa$dLF4 z`jB?qbZ{GtaN^a32aWa-LC5=bi(k+6>lX+Wf<)jc7L~UrcxGqJfrR_J4rqbU1GHJt zfvT&NE``)WL-1(<1=8CJ=gl92`H7=P?Z+FpMf21&_$xRzC62B@nc7ruhA1K`3HIT# zaGHRhK(Gj-7J?-{Q1QfQrh-LFHU(5sr@{@Ntt~|v$%xRlLp04yQscW&o{+o9&qW># zwzyhhQE0;x!mHC|(&6>6_WXzy7^=FQI;4j(jm_l0HbWjT=L zPr^Tvpk72WVoN}2U3fgn7M^Kn@XCa!S6Xy?9mN@n=&rCgMoEuBE3*Ba1m0BAT37o< znNF%5L@OtgWbDT`6sZC_d`p7i^G{&DwIj$m8(O@J4lNLR)uIA>kj7*fPW zHzwzcGrDjX>R!%@gWvY0#qdZt+zS-91GTPLNG4Fa7zI3H3p1unkR+iT)dJ>75drvV zJRoXKe+T>^zT~%)K}YIRB9a87Ld{dpI{@mCVo~_QpsP4*Ounjumw0uFR^Y9~?1E}RygB6;hdLM6$?aDq13?Z{$McrJc7k6F?x6^2 zE}kxesWx90W;IZ4fZRTw$HvVE5N`47o&1_oQeZ~B7=96iWA$)!`0^qyME|CDu-ogM z?2cv@eq7e>j9)2;!MHXoQgo1|OB3N${P=52$v*DgN_~{|3^#O-HW6cF?c&&kRJ|UK z5EB+3;PC@rFgqvReDF?8OBn|)2<^wIml)tKjoS&KWzv#gsLEhw@ecG9NP+@gs8pwW zIs0e1Y`vA2r$_pAvId1;rM;2V_r|xIWW%e)kxoeT2z8E4&bClo^Z*LVi!O%rKMH(^ ziG%rCB_vb*Np)7tJs?ITO&j%xlQt&!MN|yD4X{o}gn*owXh^}Bj`DiQ|Btu#fU~Qt z^Z(CNPP=XHow?JK>6v6EjTAyjkU)UYh0qkx#0BeGc5Q3;F$)=iD==KIQv-dtqVl{$+5c zOIcrX0y+e!IfxDP)*!$aw2%xTy>by`#1z}!hHF1sc$lwum_|46K`0C+?Jmp+t+xNs z_Cz?c%M;Mk;Vph*voaSS8}{YRK972;kh(HS@+yb=LvY7TyU|p299mIC!y$vw0f_sz zc=tux1a^P5zE5LcgLZ&g7brmFB5}S?KB9b#XcPPph8=jGbSda#8G5sXK(d#&R+;+v zk=9CU^P@7!CL^eti0C7VfInDdS)h;p0#=#?Z8YAbO~Q<+hM^wosHi@rEe}RV^n?i< z3v*VeOXh7y)at3U`jgV1sebGoZGv2wN1XdHT1i>YS{=a|mWpgk{US^+jH}o|K9^uk z#Hmz&vxzl>NV9VCtYaEEI!#?+erifL5^!QObOhk0BTZnAcT0vXx{=b24zjXB2GhM+ zV(U#)g68NcKI&N+-OsxyH3R~IN`kmq@~9ahEXBfw<&t(}1fNK$_Sd6tJtdBOMplMq zkL^ynhX682J^hs16 zuQyaLimR6x{{MDs(h-)uRPn3r4{&JF5xI_p9^ky6Ww8r1QQ{Q1rZeE09YiyYUIt+V z<0G^9E(BeaDN!_Aq@Ra^`d^-;7*1EFIG^JLg)<^IqZlFOK~_uviX?e{OQF?+M*Th9 zs=UJAWKSlX zm8u39YI5-Y6WBoWcB)mEn#hoEq)uZ3VPWmYgJK~|j0I&aAVGf#7P9u zKbCgK8_k=z+1u9>wsTc#K8_aF@O!0PB}gY`F48d=__DO}>5L#T9&XqXce%lL2^0UN ztj&RysW$+)7S{oW(xhS<8Qquv|`dGN}TI5v{PrTnE#Ukb4S*(wrp8Cr(V99Xr zpdG=BB*sIcIC~k*w<8${fq1t;o*Dtm+n!xn`GW{r(){wTd%{naeD{36pu8_qu8H3a zC%K@j!>>->lpF<8xFF5GP8uTjT9j9!#)mQH%E4B}HmmUD;~^Z^h~JyZ1sQCP;UW;V z(4TGy;p|4A&|_z$RWSQNshqc!YHTwwn3e6E{MD5?ZM;{$S6cyW*gD$DMv@6$E%#b6 z>KR{z1JXW6jT`$mE_L%gZ4%*vHLRxQGYQIfAOYjfL`Vpc#0DKyq*pHn@NONW^QT#Jx^-kP1D4NYqLsz$pLh?Rb&nZ$wYA*!3AKXvQz{i; z`+aCHIXleni|@fF_R-^b|igI9CH1H;Tf<_6!}bX_3EMMb`n_ zS$-C%&&SJ&uxt<8BG=?xTh>Q97NuBFlwL0cauSUkiNFNC&h1Uq#&eJZ0WRzl_(Mu5 z(1vHeO(&CD22LsVmPbo!S>uezUj8ddy=V7>!gI^Pv9B(_O6PGJK)H^70P(f; zEZ~f!33G|Y_;V(E)YzXG!+HdP`=1*3C=YXt*2^q{*2}zYYZt>3*Pr&K2Vk1a*NwkZ z1P)G$X0Q&;N3FR4nbmyI`l~GX_Fs&BQZ0nhG8Y=PNj)~#m<3mdzd*>ZB1*T>7{3U#>>r?UV91}DeEBrikYOZ|Z|o0XdOiT2k%z$$L<7sZ z-IET?57bSVID1=kbSweGgy?4LB4Dr`AQI+WxVznQ}>6hU=e-JD! z?Mf4*#W|&JWfek0)WlaWp#s5&=qF%Rj`!CHi%EvkZL=%4TC>eIw_3b+fSQ9Q4{-Yr zM8}iN(x8f+1YhzHI0@7P&BiQE_Ii0-idv$MaNWF(>1O^2hGuyXIoYy8b;4lo${7Zr zi7~4RuY~>{xA+e6d#Zmm2@Ygs!?Xl^J5~&FOO?b+K>5;kNWEA-knW?=fDeL2gTb|IhK@@HuRwbAQ+~ya*Stf zKVE>j`bgju!uPSVDyrwq_w;r{ZKz}o_|;IwQ!D~)L|~uGAYQ+BB{~bwC*jjzCB-{d zCM&(PAQc1r5el{0s5e!@U;q%4C9q<@}D*# z5GLE`F`Vv-PWvRhp5^Xa10Ia&c?}LhyGS>v7n-!OSW+L25oX2#R_>{A77zec7poai21#-`{D#l4d{q z_ja@K3f2juM5{GQZ?*p{OlM2a;q8!gCsTEL${;loIii+O!a0qI5`_gz3d;$lakmso zsE`tDup`QM31@A;$T+N`cd|6%^(}=E_^@h6P-C_^c?E7Vdj;>4a#l^3MqdD@yJt=H zH{1w$P!fZR_*K$y1AVaO#gK*JXT_;v7&xQqE9jSE=pg1}6fZ>i-3K3Ac#dzfA2eZ= zw}-u-+B2L)=EG1%k8>~X3K{lnXo{Po51QHjI_o|K>pvoYStQCT+z)gKnUJnfZd%zx zvAdQNYMwx{G}a70a4Imz^UE*6_$_!^0x~So*d|{fjiZ*#3^LCrWaAi8LNtbiJ6mnh zfE2accL>2K;+jD$-Y@KNhUQFhbw)TInRceJ5o2|!&dSZnqBz0U3FNKg*RIQeLj9Vx zF`j|Rx*Y#H**x6Z7113oMcxR+`kXkvJo8s%?x)_o!W`!g$5o`$yvKahn@gQ}Gh_7E z?%iO}_actS@rLom^hx>z0ElI7pZ8`1CU*ePC4cmWcikvYlf%t0lAqMWwsbH|^C9k7 z5a&WXMNZaR-0R&t{Xy~@v9rT#SfjAQk9zZEm;v((455kRUH3ZkV`F{;n$Wo?P5cXE z$+7&;%nFO1Bm^eALuJg&Pn`QXuMH=0S_P)pxS8%4^G+PCKY$gVo9z|k)X;p87tpN2 zLPPBqw*~|_0y3;oCkOx4lv_cstSPxJ9__9&o)AvOjfiIkP-rAe0i?h(gKWAGnntQ` zw2goj1{c63$9=xs4cACod^UVR$V@UrD$zO+Le4`NuQra`Vwfz& zpEMkIhka4Y15TNq!Z6&hTN9 zE$ZM+*ch75pHi}Spy!(`D475sDh?QU8Wp362-$G-^#j0dvB7IZ~FNT>(^6Z-GQ z{MP8}6dTajM?gC`SR{A}qSy8Idr5kqVqj2okfo}C*;R~;N`5yBRHCM>1{9@0oz}GD z|6J1+ktnSz@I7yunswBOIcmfPDQ&uvL7)~cAaS@n&B>2QUf!rze_*;co53x{K`XYH zbhB~8fiTNgnHIAx3-Ow3YbTp%1y%>kf@ef1#n#Ve5k<#;P_ zX~(_hOz+N6aHjj9M_H$&ZyIb! z1touBElq>-O2QIC6m*wl=Hkp;3TOqy1-^2h%90zjL_doYP6S-?bS)rrnTSE^HuC;Q znSCGw8r3b!>8bj|AlphX3)4@kjNn8kDZ0nlo^jkfFtYN#5p__A(aWl25dFL!-Gc-Rf%$&cet+hEnECsat`V(t zkUJf6xRN{2FY(LRL&b5)@3S2WM2#|9y>4HC(ZSKxkBCkct;(AOfa8YoM`vGfZXsMO zSWa!-u}>^~>EZa8z584x;PYE8e?=^~fC4~fE?2;pqnOPfyLNJ6fC{WF^ z7nLK+ialmh*9);SZXp|d*|ccr;}|?(AX&%ModB%U>5m(~uO%56l6Q!2UM+RmoB$R3 z20{!`CKby&i2{deU?P_2h;Ckvx=4nw5K61}Hqn;H-VE%;u~M z-FKZyKF!0#b1PLXZLlP3w~M(KWVaN0)CXX5g)Z4QM$s_CgA>zHDQ7}H85g>+vJ;dM?_G_~jpr%%3bH}8i91?Xr2W^`Yj^;yEp~H~ zBu8K1-UHEd1DeOmShOiVG-L@Ya)q5$q#m2th&O0ELG(|Vd- zOIX6O+1)H;Zsf@1ElZo_4$#J6U~;yhX=Yxe8i+~jgjcr~H&D&AS=)S@eJd_|b+o5; zy@B2b_K;zz0;UXfCl;}D#kq*`?B=-T6h{9brM+ia5o!a}3w*{AuK6|l`aMia61Fl$ zp&LoNpXroqZZ|jT7Y6cBNH4JA_GHGNlG&cJ6+mv_I%&fxa2pjcYnx~VdPRGs@Y%`% zhVbOQla(%d1Pv-RG?@os0-B5TN2d|tB?1By0mL`~e3W6<{A_|G=&%@FU>47=g6rBV93K<*N!S;X%49e$QZ*Kp8VkN{ zRyfab7PW7)(WBIjkesVw5a96-sS=S42TuUBfhX}Cj)|_8P z0gG#X0snST6&xgN-w5SOFmcn_Hjl41LjyJj=y6X=X6Jd@AFms%%MmK>g!^rP#w2aZ zqNQ(P(PYSl$ZRs#4ZE561v2kuTwi26TURu2d$g3~`!j6tmN2o#jo8slSJ)JR6!np>{kc&q?2GS>wDRbWOAiL&sF>ZE~@F~ve0A< z?!;-zyl|l^hky(%v`b_{McRosO0yAVT$Dvo?8wM{m9|NKBO2%8z1=8T3 z7G=N)FWU1q&T9{fRfI$g)GaaJwf-BqyDO*Q7jwjt*1B*{rIj-rg|6DpCdS2;AFys1 zWBX~by*DwhBv%T-p}0s}vpu!z;f#2%=x!Hp>=vm<(w4~q4LNNRJ3!$q@IQnIcIlJo zW6gD$xjHk~Af+%^XTX#|PEJj2IFc@_-8_nmsoN?V!=!ew0Vmq{oOxQuG&TNQ=5NmY z6G4MqENSlqOtai7Y-x1sdsCJbu2rj5i#8P=<)6&%c z1ccONS>s}Wrv7HkHh$q?T>rVz((RNwOFC1?uR!aZ1^kx<4i@*B+Fmenca= zW0cW)Gg?x%fm3V5>{AC5Ywx10BzqoGAW!1d%ohLwmi%DS6VHVR=k#csIcBSvp2cB* zXxLY`ns}S~lCnI}_7P2q3j+PoqWK?Sk(VmwD+QUF}W^K>$g1U&~Y!^gtiWgx9l2+5NIjlq>$iac;| zUr2k<9eWImz2pejG`G7F>M@+1Dl#$Zw=B0va2;cW!x+59q3{-d?|3E16Fn;<-09~t z;N|GMjOt&&Pgs@!XDs;c_bCNy!Yb7Z>FA$bhZHc-npy)R%Dr;1)vB1!kQTheusDd0 zQ_|=;WvV9;0%=(qaXS^JrEjEoCi08IK+1kZL2@{ff+=D%PWz{1y+YMi-YDf;Dqpy> z%19yLWN>p=fswJzdh`O2U+7>{s!+rUUAK0hWIwwq-mi?VQ2&DrELIhKgs{J;HIc7l zqIy9sNYX1&e4t}b#wp4WX2v?w&qb?SE!z){cH7v3tz&8QbXl3;_zLkEJ2&xdED7=A z0YOSxEOurwP{2&cSul^DA`-&>5_A%uQ+A`=EcH8+R@%1uNwame*|s{_y1H%KYFG@F zv@X?mZ(9ud#S+6bb_1gG0S`*+Mi*47*O%Q5vNxmE@gFZ6%)Ec1TE30t?DhnZxJ~Sd z%Nt)Wn-8l9!1u}n{CsZvh%X}s9L<C9`1N3U8G$iJiZ^Zvz?tZ>(e^*Yz;INvD!FjT5o?vi5V}a8P zL-R;EdA95xEr)PrN8p9j^m>hac|b@EfFr_B)Jl0~MZp*dGz&->Z2-%zc2+*GG8^j8 z8{{wZQ-(sUx&(nR3}#WO8~#s-pa=ISxji|uZ=zT@VQtGBtx?&h?4#37@|)bgkSBl4 z8yj=H4G!r#LL&&|KkeKv!F;Y(JqloCD0gU)6gRID#+p4VZNgaS?3^i=u>qRVC8s## zOl)`Mdfe7TZL}snl6)TJS_yr8Qk5d<^tg0d>`sr9(}*Dh|MY@?RD21zF4yYeHa&Pw zTt7Q@=fug`%B(uX9EH2(kf6I^({;DpR;i*@?c|B8utE5%V{=_>J{|k3;^az_hDM`2 z8A8F((gFGYjp#RMA>>>@+jiq?$=;Y#W$EDc z<$36PlW3df^%KTiinPW{FE;j4Vz^~M#;qiCpEk+4EaEVHRoE{_w4nm$8PO5+K&&ra zEvT<`^Jt*VeZf(D3>8pyZCm7rc#5e75yyy-Wi%EyLK0;Ui+{odn8&R7s`WQo{|`34 z&9?muUDK+fcaI_ew?wDCIH`GKzPjOj>#!+eVnjduESfZ%f&G*3;43N)Ekag4> z&x-7V9RTIKp}5xULp*OIM0)K9E`)!hr>tkcs)bb+2UTSg!wE#7!opG3KDohhFP3E( zk5_VZw4t(37=bn9rQ#y-m;A6w*@JjUl?mP!^QuxrM1P8H243NXL{CMeOJ<>3CzW)0 zt!LIbqrvylWhPl_Kg}%wTxhKMm}$F^KJ#jdbG6ord@;qb>{uf*g)-5yS|O+5N%>aZ z0Fq%7gH{|#cUGL4zK6)rlm<-&o17_0NVK-t*`7oY;BTx~LD-4+0!^1i%4SNazhE?`{)-^!hNv1=( zW#=#oC5lhkbbY*JyEp6OL&ARluwNeb^TU3(Y3Cc^m^}`HJwyl$N_`n%$m3s?JQu7yMb%lwbeF=p_Kc{7z zkm||s8{c7jefi_oT*58swKn;bHQ%zyJ-YfWOTJ#NN+C@VAqMtAn>?&558C))t}s(0 zW|;Fov&oazK4If0i?dCj-zLwS z)7}V5`GO7E3yecavmDhLXh4)WXKsbu09b0pjDkhzPqkbhHH2idy2|Z?Dqslm)z#;S6qA>2DP}HE=%@u)fNs`wDsPB(3gX!f?Q`?s;eP6hycuDLlzOs z2ys`n2w_#G$NhlCbu8nBCK{#5suqX8Yjl@~K4uIqbeU9rVNiGtThn9 zQHWsN+D4`w>)gDT{5^G_ep9xNy~|OppFYlJZBxfWUST4hEMS=M=mz;)K;(q6;63@c zzsF=>m(4aOE$Y-cfCU6${dFe46807noF_B>8hT!xim5nwK^v1t7NdT7$W zJT&F#GwA$ZGBgKgtNy~kOy;Bi<*?un{E}fgk!iq*&CYiV>}zmBE^z6KM+AU~qA(&{ zPW=P_mk|kGNv~Z?uR7CXs2Dobxfrze(*KQWyIa*l+YaiwKQfgT9VC=WQ}#fT8bJ4U z38pZa!$8IZ_$17TZsscYX|+O!(Q^wXyg5TBZF)LB9#Gy4u~N##F65^oo(@egsm%0F zIZQchy`;X&q03K77j3g2+WcYZYm^=a9~Lng=%4JE6vMiWS#E~|{4JP*kAu-rZLrLE z-&)?61o~`(n}+9DX}tV=+Ivj&ke3pM#*!da`V zUkkXU;y)D`3`J2{ia4K8L`?oFyI>KUFyX@ z_yRGlNx4rQsPCN-c^W#vr_goDA5X=+Q1Zy%6%Es2o26kYZN@9%1_nk_IG@IfvXHNc z5heUb1FMg}j45kXYS_h(DJq9oY%?nZjxBI+fpysrM&z)Qj4Q^ght$vD|B%2L<_aHm zJjJc0um{}Shwu``*k<#yAPaasOXIXb9@^`9B77HfE$Pl|vV`2-z+so4YsX@)g%5!B zR9X+kNk~Aw%^Ve)LlZ_KKXY0WM1n@5A2|e278u@C<`IbnUo;7EhSyIu0?Qs5G;wjI z0h_o#G(b|S8ZbcvfY&Zkc}Rzo#9R-bXf;AMi4mmFZ3qdl2HVi3YCo_QgE;K9Rv52^ z493Xm1bLdEVZlNQbjV%fzdiz4A|q2!>9>uR)2 zv0sI%45e^HMdyjfrK0cbiQw$QjAj9R##>N3aTp*D~ev%$Ya&T^+RV6Az0M=|~j{T#VO zfs{Fq_m4l353%0mX)ZgJRD{lV!)uHKpzF<;XByks(k)e@ExbVLSw@5xz#XHh_1qSqMBSWVT>>Fg!T|DP)fOX5 zIPkBmnE?@HAc}i=ixP3`S^1ssczO^L$zM>F?=Tpz#f#T zRsNc*FA&OMk7j(r*c*Gcp_$uESHKEy413r?SjPUX;5?r<(~bqeO+T1)JdlA+)cCTW zqRH{+#js$$2xT9)^1pXc2t0= zw2n0;ab>zp+D~3lm3rj8<4?g)Ww3_@3e!7AZ4QiCLJV4S*6ic= zbtHtqYHjOM9;Yn}DJcnTvo*TH4oo)^4vcKS06^YDgS-S_6Efgq>ju`gqoY8Z#bYgJ zh#}s=b2W%^Bf53RHMML&E!#`GvUa(4*(rJSr06W;651vNCat@#;9;Rf$@lm#(j-dB zpviBV-%6>nPiX~WXzmAFU^`4J%fN!bH|Lk=^g+XPdW;8CZazN1(%2&)4 zfB|s9md|ORHMrw%vugwC=?eRNt4*WI>|kt602__7$yQ;_N~601J474bg1+djQr#+p zhWmG1gSiXR_(gGEPa}WQR(p-HS4-6GV+jQLgp*we_fHmFB(`gyeq1Mkm{}qi3Xh#2 z?=YZ=a+AadfzNW3b3ma>zDuEGbO5j#+-%$`s0PvpB=p44^jg?MM@fB9#|d*BY(lKQ zlmf}F(R0$(`}huTzs5kx&dU&@P7uAqU<#vgn{i(;B$MCE-KO9!ZiBLHN zMTTrQUBZ6pF4^t`L1xjV%on~Q?dW_JEQaM))_7X^FD6j*#~HQw5Obm=Q$aawr8ftf zLx3A{;D9A{T7P(R6i;8o?M=i;_$%jDgMe1Fx}taE9tC}Q6~u^2w89~?{Q@5C1&d^9 zPd13!jk_hB|B`t)L~BaOno&iNXM`8Po$gK@hoEUn?sJD3W_Sn> z9{(;b!X7XR`o%$>E}gD}I%|ZS8erYB@@nZXyx5ZHn+!SA^^idl|F{7Se#zvdVEOD6 zvqwDRMI@_&y8^TscH#=Ntr!Rz>m9*I!)7E|#Yq1P7^rdj^fOu;zcR@)VuWfXlB}3H zfX6%R+qqlVY8LQi&DZ3xbceMAuD73@Rs>tUojH7yd%yiQywJ|YWw$tUy>MJuT=p{< z*+6woToJ7KyZ9mFUc>5KXUMr@k4tbJ!c|W({DW{B^pj7PTo1WotT_b74d7D52Dbft zXD)Q{$CS$BT*LK6ekqVKfzODw8$m?V8bC7V4ScQDfc096S^PDVUSiBj3|}81fKgBx zfbUXc)>_la75X1*ztfi|TOHR$9vXI9xm`4HnvAnSR2weex^ zN!H*R=d&2%(F$&mJcVu^PwV2S9}Dh<&;`<1~QZapK-| zH91Ya`GYgRchyt9-M}fo-jhP2a;CRuczdQ#zh?4}Gq3pt)_mMnFH!@42clwKCHaS~ zInQ>UuYG*J&Cb)P0$}mIj)&2^;)VH7D5m3woIMW%YJ84&-|%rah~NTmXEQ1#_Y)UW zS>b0A*B-X+%U~$qG6c{O{KHih8Mx&${>}z`l`#?=e13mHSKNg zZ=@#GBHs?ug+}t79zy(^tQf+w5MO3zjdT~;&_e}OAz+)oQhGRyIP==WdAuXT`NrS( z)Vk|^&0gQv-aBhXtv?;8kaoU_F4xWM9E!1?R|jqQt?+9H>mwBwP<1#TtJ%sdGv3J- z&&tNhH#lsExQFL0A*rq%eA8Bjfk7b;XH8Brp;dotkprZ;9hRnY&`VIltaJ>t(S}EN zJDBwb(lGat382+now=5JVM_Q?2(Ga6CPV&T9QE!PO%qSqjJ_URnp>zVA+F& z6C}oo83rr0<4O{j#*poBn=0oeoJ(LxEi(D4%@}(tc{-legX~VNkLZ4Uj%d(LX8dL# z#C|BY_Zj;=oD^vWDnvDnI`dq@Y9WNb0Ll`?njCUWH8eF@HkfovdXL$hnl0&-#m`9i zqjxiE^NOaT*22OgFB$SsS&Wx}n}A<76Za&?wAwclikyOgLBY|J%p@Y)3Q)s=X0;6k zXIRMM>BR1c?Y$e~?e2-qKgRKQV^W{ue`u&WZokfX8roty?5(l6T0CEY7q619QHCEC zTtua2e&!8XzbpE^AFUn&U1~muLy`RfUPQn^{&R1B;X9wwK7L9CEeLbA_!kx9_DpO) zD<>IR^iiK&;LX|Cv^6<74)5dy$IZWm@v!r}F!j`WGSS6l^C6*#x3GIljHSfk@VFB+ zzzCcfAjB*M5Q_UG4zg7#Cul+rmQHX+T%IEpDtRL;dUO(85E$Omc?_ki zIM+S1i}JN7co^!i&RV&4I=AB@Svl|}lRl@l&PuGaIC@AqT6(%Wvy74a5Z23Sb9HKB zezkM1p4MC`x_tx2Q+o+88ecBPh4mfQ+7;e>BJ`=CDPgTW$rG`0pTMI?>+L_4sWVVh zCPjclh&WWQSZl8U$XQZSr0<5A6c>2{wmKxj9Qcw|)?}3>J62gKtTMEC@g{phNT*er zw#r7MQ{@|F(cO$cW{FnZoV1|jPR;w2xkRf>cw4L$6SR=TYy1d%v+XhBA z0-&tCUUL*?Yn8Wr$H({#pJZQ--V@d#qz0(rgF($S?So|^RQ182GbrfPZqq(Ub$j)W zdOduQ098K7o#a^KgUX7xzWl!JC9}RfBkbMOo*d(n8efU;!s6&L)&S)0Yf6nFhSVf; zZ5``XDbN;14|w#u@N&jNA(E(Z_n^ko&JmDvj7C6(b7?HUEC9g}qcMjjK@j`UuPm~? z=>Y6DXUWG$Bdf}2gfn{+2&E#9TP#6UrR^lQb+YAaW9V@X@sPvBk>mBw)7V3h_vCkqu}>lua{wuPF`9+fWgRQ-A7 zF|9q%GA0;FXZb9UEwnAKTB%6|3ida~{o42)@|2u>_hlI6+5*H6;Ol~IFz(8_7-5p5 zNI;2+G4^g{6paOc>KX|{Ml?#uWX~g3Gq*uy#oII7ie=%c%bSQbaApyKS$H%TzPHme z&K2i7H`;D8$MeRb!3HuP@DL<`HA~xvL^0XAnW7o^o7Q>YF`o~aL2h^jt6MhuiwX1b z=3;M({iPstO**LiXtEv-qMB&8H@%p6U+2w*B3%UmfZbx*QPufS{82|4lUZ^rwiDrR z0@UpF&fFm8`6g$`JcoS^ElV3nb_|*hSw!Q4rab<&FW=+iar7B8(9d)WgG0DJ?WIAf zo~5$t0>*C}7F}4~v(4*p_2e{>QvPA)KndhEaoX@tVV|o1BI<4kH)|9|SSu|Mxeo$aF~YOs@npA`oEzdC?)7MH zh`Eb?la@W2nZ#a+C;c?Ud`W6f6O}H;@KoewcQ}#)qu&J!1@n-apStmD#DlLQpzm1m zr*xF~3c#_}3-+-OzW9yzrsgX<-*~HB!7|1qWv+_%NbA)LC=Bt=L74G2A<}vNV+5Tc zg=|jCWH#El#s&3SHU1RU%rR zoMctK*nA1^kG%Y+rc0e~i}Uy|n=OkwNaz^Pi(iX}{P8F{2i+1c{56amK~T;Ay2*Le zB=Y?Ns%QLv-|Uti?gp`ntd`IP&ZYh)6Wui*^8t>7;0!`CK-Jx-o+!sJX>Nr|WmT(1PFzt>%Gc7IqKG|CXMIQDa#cl3?--S|i;{pGF zG{0qTp!tObQOyrCAm7)7&F!5>kFC}`Ra^7ano*et#1$~93N4nscIB?&0X5womXWdNuXHjVrlY$Y#)^V2dMx(t_)h%Dpd{$0jJ^O66p$tYQmqihO=r>s65@?jF_SkqE&M#Y0zq<#_ zR%XiM_fTrP(M8utM}!j1EI@0afQdJmH;PH|3(Q>7m!ktfrkn3xXI7j2!SbqD|2n%G zl)k$?Jt*|Y%_yHH$AsAfj%0!oW({+JvG2#g#UEK8N{w4g=_aBO?Gg6nKpoMJ#Gj%T ze)x(re%gg zmSS%|eVgO-`4``LhU59&aax*dPNgwuv2yoWXD3Q+Ef#o$G1&u#UvY6aD)#(PR@|G} zRO1io(15Y?$u0FBE?>F`i=1vV98Y^-@!a*OrP0A}z9_~`(jWnu&Q!N_Tb#JBt3x{azH z+}wyiqCXgBPRh;aF{ZFgsvZ4&u|K*kZ8nLgondP393#KeqhLQyHYW*S%*i;UlQEF0 zJp3iwP3p~JtZ$c#4G;ibBLmsJ#{Mcb&(ShV{h52=ame;-RfXo~s4@LaKZ4hvwLdoT z!;Cd+g*hio774q|8g4gs#5S;FBAmO6VGLL@=y57Io#i9I`PBIiVtt1(gU!IbWN&pI zSr{>fvDlrv4l~aL3-3v~1AduI^x%^Lx2x$Jp4|Bshvop)%HF*HaB~>`hOeMb9<>Wi z)s>aijFth(R8&Z2p6yB9ll-Tvei&s3_sH_*tFW4A>0S=IfipD%!y>O7(o@1D>c@ck z_V9@>mXcZMB`X$ow5yM2hlufM@8@Ch93KT*WbU8GB(Xj@(hwny zvs5L>sVa^_&3oB)WqS_`lW>l>AAwJaB0}M}@nAW^wRohJT4IE(YAi=m^Tw>g>?5f; zKegwDy~fYC2P<{ZFcei(;e1A<#D(cZDJn~D(~ZfQbwu;eHo~{onIZSK5#$s3) zT}7Na7m@1hSABXrVm3Ep$VG!WmB+Uerdkmm0pACQ6zmytXw#uSWi&gLIc(z{J$b85OKj6xCxg7(sanD}jTlGzZaye0l zbVf954+dqE8Q3UWz7PAcupbKhk+7c`_QlmVPdlz`gh}!5pl^q>2^r4ijr&FCmIErs z!!phRXPVN7X}(WB0^WQtclYD{P3Tz#kU04~J<7;rMo`V7%N6 zXB04A@vmdTC?*i^&l0c5jR+$PYxzQ;=pD@c;SxNHF5#3(_zLdc6Wgs>@A|_&3H#Gc z_&ILch2rw`{aCoVd^_78N&ZT>+Dr}uHMJ8Mzs+DlgS;NDG_o=h zgU9yRc@59oBkYkB-pF!kbhYRbii*%65?(4#oP9w)%lvLoJ0907Kz?|t{Fo+iFWNKq zcLI7OV`-8#r1^&I_00pa{hKSY<;|tpt@@;Mzp%}BljHWcioyIW!Bl2Hv%folOl1ey z{dup#Yc(ceF^FYB*9dA2C#>0zdwK(#<&alPb|s^QG9tktMqGmo@GssJuy`Pd2Og;g z!c`#fYC9hZx*YEjJa&ZJr?yd!XOI%IBUVx=J|kqd5`D%kLBMTNC$b6%kaQHNX4vue zwuBJT3FIyG6k+pZrbDJqtHjnf%Nc1aGm=$i?afBkY<5tpw!PV@XF@T<)Y)|3}?j@iK1;(9hPT~%a;p6CY9 z4DVNVs)E;P15_-i(84kv%%mSuS)|MjP-BVOi)4rUkYR!Y5D*(%Kzn9iWBv*hkh#~J zH^gt_YOfhGXWQmOCL5!tq;m@n=>kSk<0L(lFHo$5FC0l2Yi~f^H32_iN=hS7(r}VvFhinl013J~Ebgehs{E)VmY^8_J3O)EJW!^%0#KL?qM#!R zkfAG6kdkFbHhIZNus?&*TmO6F5^~aF+_gP%zG%d6_sLHQ1@C`sN;|1Q6-h-xDa2sN zdAox!r?cYP2dRWbC#tB2ed(gO`f(DHz!%tKw+r7L81{Q?#~+%Y5K;oL-DB_;O(@S} zb`#{dML4Zy<>huM<0kyoj~Zqci!?@{8N#U}@n9C@6ViC2Gs4ZttZ>V@dLXHVhT34G zc}nq5@RbZ2HbKA|6_t)rRps%defjjKA$8u4mG2Ti3HAf95D zRgqSqWK)~8@RG%ypv{fS*v{7?aduoYrWWF6VLInpp5E6*R@8)6i|gL>yU-VFrXqpWb7c!jfIJt7#OIB0EkNo-2vtj6+onI!iH~A$Ujv zHBDx%$X_g*;cF@RfYVCz>*fM(auAFq*bFnh(6qQGI4Xvs@Gwh2ixyU9Kj^Y^Tza<4PIqZN8D;3i zQlWH~b!}K)U?8R*JoD*ED<-E;h^Y>%MWn8{Q4>+Pqh!x6G2TFhF|=W21I2>fJ6?%L zoGN+nL39U{d@kh|m;5CqdvOVg2kas?woq-SWD5dh1z0*87EZplw63MYE7RD*wRrg{ zC7hz682UCw6;X|QMuY|>J&$bcWhC#7l^ zDJxqOZn}+?-9`~u@oQ2ehT7~C%yvD@xMm%RZx9qUKO&$}eg!}VOYcIHT?AVQTh=61 zVumIyPC8rtQV3`c^t4<}hw&Ul9f9$b$nAung(l#M_iSe7)A?;?&#iJp9te9M_OV=& zuhWObepo^x!J-OmWI5Gxlng8-iHBgh0UwXbQ!)&w5@br$B}gTBMejw=0V6mVlxH!q zbQR^$m1y-!a`IY4yuN9YoD0Xrz7&oJ!+vx-v*a%`(Ie0wCLjGT?aG*PLTYJAfDh;( zu$NW|nn?ZPRB`KoLxP$RvdhdB$FT|~VuJJY!%(4iWFfwvDW{bc-z6MxJ4w1n{_HAu zNHw<%zOc4;ebHm}d$;EI&e4$(SLO(lCEU_>mYEz9EwHKRL1=!b7W0tc{jDdl}Y zIkK^PEunT?$r{naK5gQ~0wy8TaeOV}GI^o&tu|5(N{n<35kM+ zM}&bJTE64%l!53@WD1->p*UpgNoN+fkD(f59NIDdn>cu;A4nq{Te5a0nZs)hG6vY{ ze0aE-q~$8!0Hid&EF5u*A=NuJXz&M#q+)lg{Dxa^KDv1G5Chr4C8~^}j`1;9c?sNY zVh)#saD#EOWo$r8Z9#v9ZIPw&sV*gOabD8IzZ~dSz$QjHSnK}hl|@030b+2xWrNVS7>^e zr?#0n0m;~{rem9oZo+%2U^2qvcg8qhVW%dA?AH}lqpym^n^}Chk3q$F4&zLxVX#m@ z5r4Jw1s0Cr=#AnC(v7BLlWar9MXLRUQJ>AYq7rT!;9HNz_9t=rNX*!G>>T@|vU&9< zv3o?LZ!b&-b~fYiqDOP+Q77YAMyEu^@|51GF}^LbOb-uN3}mEl%_ zJTVF-tsiNzTN`XNY0@MBAbnekM~X6nhqi!c+_!lZ!|JG$h(ja`zd|DeyyBrtF1Hk^ zF@-V37cMWA$YNXNegP@TaNH?cW_sXlY?LdI;UMYSn3zq;1t$C)wK2))K>0jlDW-Ft zDNl9d?dKV~kwpgv99}YSwQsTSE1%*CDf*vw?~DjN zSMSYPx|L-5MVB=$>ssAbb#ZhujGUq_gRf#Ygoz=b`#Xl9Tp}q}8*DS#b}5O1uLo*+ z-_QF3BhHY3=fZrW_zC0kcHRc+!P>VdD4j}S|K6?e5??T*=TQ$$#cQhPn|hetI1Ec1 zy*FU2Qcly+aUk2$=0m>4!>!bAVZV?+%$-ts1T|Bk@lO6b6#2}PtVaG3Wh%?)kG zo&h%L_>+#~?5@)0n)^vQN&r(dDiCDI>HvW9GT_0Mu8-$#SBir;?5|3;`#9>_?{Q;( zYSOSbKQh?^rV@_#ecbH%Q*&52UiG+{`BQT{UX0Jg^n_4=Y3mm|^&Aa^V#_ez3VIFhYR)?#u!-v`XH=Dmjnh{7)>MF6PCFVD= z?TP;*wvWVQb~8`6_7H4uzwMRu9#ZgCle`D&J(*6xXN{$!Ae!laokJjxIWk|P0bqMM zn%uD2PsE@bV2nn=nJ6X;E(z}s!ns#Vsm8cC>slmJ^QoV4+4-)&p3>VtyrViu#-2{1-8S{KeVhFZ#KL8ww@eVm5~=O|ZV6GAR1U8_Y~7^oHV(!_C~l5tYOsP-21Kg{)4td5;F}EYIjzqtaB92T}+)FLW z!1ONU9#nL&reS>{SlNZ>dCF;%d?#7?J++Byk7}JZI-C6+`*dAkIxED*Rq9=B^Z8xW zx5mv&;(mIO`G+9V`vE@zHz2uHp!l6)RuGoqP^8rgTU(AfjJk43C56iFJn|}DwBs(@ zv8>BUi~F|$~e;Q9Dd$woju_F@0Z zjc5V8W(A8TM^YsB}&3Wz5l=gtg)@Aucn9}QKi=^?U!xVJ@U@XA4CmQ%=hzd5H>?O}`gn8n z^8(Yrbb0$FZ_sIe7H=n}+ImU|9AvMt{y_=-6a|t5rvXWxVzdDMQ$n3$2Io4H{k{D_ zb3LoypEkW#@tHzW0P0PUVixT+*1W$0h@Nfgte9`Q^m~5#rJ-|~2-)hvs@_~Z{joXr zY6a`J-gBLqfe!+O#D#C%4U}-hO;}C);*MMNss5Wy`rGP@muphO()5o30Ro9fuzFFyAj<0vIJ?Om1o4DOciFMU^-@@ODcAY4+= zwQdUI){kk+!URq`vyJR>pb7?m=Uo?5Mae?MF0?DQShv|W4^Hl4?g9(LJMB-kR`+0S zK8D~ef~NdX{YV@X`yjh_9`}k_L7AsPkMd z=lZJ_cQ-55oF_oo;Y^9b%-ych2WIat_U#;}{k4H(W`=cY-PQ2n?$r{R)F$lKOgS^D zd=Qu&!WrmsGslqyCUK~W1Cz}w7r{T!?dhW8F~n4oHd}0IGZ5NA^cx5@i?4Rs6-4&~pZD10Ze1CLQ-kFe zr;Oc3@#n=hgo+3hPh4vVPSNZQkl^$6;%~LU;jP6!ps=H~E5$k!YI0OaA~#C9RJ_I; zB=kTVB zw_^0n?Q+0Qk;!41_Vbtw4cYh-yR@d} zu$kQuW`v6VI7Mc=SnBfIK%}U{QqGPi5Rw$-n!!t#%CD`A*q$m6!B*O@TC&tL7?89n znq*|O%TYQ>F#%i9qFyzAb)1*l$XJW&6uK+#CKRf0$RMh)*~SqPOPeiuTgh9xYCkf` z1Ev{0hXf483tl=v7UF&gmQb}pw6xM-sXS3L>N+~Qh#3GBu|vnDm^6tPut}Fl3L#Xi zBs-OtuPlYqGvh3QU7Q5{+%;^MVmnBLoBUC05*X5ceL^crJp46lJ@T*3muzPQ{W}BV6)z+h~^(OjJl6N7~ z%j1Z}0P~Ub5o7|%hAZJ&@gv|wu@6ngIGNQ-{rDCr9JA98-&V$rA7ice`V#k?qs&y-r9n!ibOUnk~fTF_Jr zYG?xD=qW0*TP1h$(H-3+@AvB#1WiO+G&ytMwtdol?LKYMo!z{S|ES&n2`RXGPgi<( zm%XElo>m#JUQ~6`jPd78d@g|{4y|8rPuOm-OYXOwr0kP7o9GAK;PeeB^Xh*9CeYe> zR3f%P>H{}h{8IoGDf39*URS*yK%=9Z$!)X@NLR`nOZPkd9C$+1I=0XCa}=wNM1n`5 zdex7mJo;FVkN$I}IWKePXFfV>fYrV|Hm4@(_Bi>2%vPap0~5uP(IP|qW~g2kCaW*( zd!`+`jrjae-hjLH07i^<^DGsvt(oV}a0DxBpX~7%c(~oJWj;G?$PZ-=KCf00}61W@!tjGh1|E>$wD+a@-b^J zv_9cz-2xw`XQ7AGLi5Lw66Ddj>rF8%gKyt{yPw4A`>=%!db1qP62x z{KG7{g}BdX1qKv;WS>)pcM_e1QP3ozr6~{>$xn*7%9S%|ONJNKWHWp@{TSMO+ZjE~ z_emMi`fAEo$Lyv7a1dTsXwk;dIq}mBbI)M7&SjuSfI?T9p~xTGvo*Mv$g)vywm|~Q4opl z!b^m*5IA3UGtl*w;uUCfxq$+nn5gh|^J}E8#kq!Y7z#KpK%CV3vC?}w>;k-qjX4A}E*?P!H3XNRumVFuRCL15Ku+_jH0KqC?e`NFspF`BIm@f{+pI5x- zO+)tPA^XK4d&>~~6p_N%t6EKHAq7=&8847R5B6I%BcOybdAxU(Cl6>A-#dED&>Tq@ zH<`l0u`6J!g4n<=f)8q;6(>h`jne6}hwTN!j5#bbUj!{Rdd&bW;%(#{0x{*-Fau&Z zu0RMqeqSL0@p~snH;mE!t1IT(N_urA*;GlRTgS{l)!e-`A8i>k57gX`IJ#%d{G{d{ z<;cdH?8`P$%S+L?IR49b+^Ul%W--~oPSNMMuBt5$qwdiCd3>F^EP$` z^X~2r34`qHCnXx~Rg7{w@Gqm@QcRL_>@Im2ZSQ{#`t7Ih!Z-a4wW6iqPvDGFxFm{_ zJT@-JEr1jEASvFV!3(#__6H?q-?x?gxsyx7k}zQ+N@2e;dTKlX1sxjr%9y!h%zSOk z-Z`c&ySv9MqlturqeD#$YA3eoFez`Ov4QO2QfwQk9CKn~Be^OF9m7^TBVAJPf2;+u z2xg_=UxcC~fGHq45L!@x=)&l`v%^}@zQEO+qCDCPb0H_P==AwFf zVLdq?v~}Ga^R;$&N4t-<>Dq&J^Kd(4lU^^8og_P_d+n5zAq^C zD*{NJ9Q|fax{D+0U4W=Q`x)gY%WpI#vW2MQndi(unDp~T@bvgN@B;#N*Z>4I1WyQx zn1_59w>rR%wXX#vb}z<7IRyneyOQ9vic2_mfT{c~fDWGA0d)FyfX>Nb#K!O*nylPu zJZUlSG|AWT<9eFJipjH!{BITky8pT;d0xLX7^b)bWE6snF^j3T5)v`|A}C$9wJoN1 zGrZopOA|EFz+vv;206G4DV9|s>7=zs4U+IC`7X$ktr(vvrVzH2%=AmeEs8A-0$#zE zX3+?ak{JJX!Nu%lxCjoJVQUv4w%}+X7Z&+EHX>yd00qy+U+#!>*p4uQqqE1I6AR2u z79p)YIvE8n-{D?y)0Mc5T+y9|bnS*R8K?wFhZUAr;G4Cq!qaGG!r=%(AUtvvQ)8B7 z%beJGCG`m$CdsDCWOd>aa*y&KatQ-)Gy*qt2a}A5SgWA7`ycE4D=ph6Vf4EO-7IS!0D_RRqz+%c^wF`O*(x0&cvi9V7Z z^j%mMD^2B=WI@RIv)zOrzd5NzBde~k{&Jg!ecKhbe7Q}+F(p3p%WeBZqz5(!JY;4* zX!Z){YtcEhS7bULiu>W>=tTY#VDN-bJ5+fTd9MtxOKOr^TQh9+1h?tBA zI7l8w)^{^t`L)q!^Eq^ia8_S1UGkse5M^G9y>=NJ`lA`+e_KH*~)8y z33=7+}LZ<;?O^XW6p5v(s#G%^=4B4}8NC}Sf{G(vdE*Kkc8h-YH)L7G)jQ&3eW zu9MpxeBa1ZO<_>-_<4HHZv>JxDfk%35y+ zw@XUgOMa{8m^Vk4npC+F02kVcWQL7dGNCFdfWE|xI&`2k2u(#6jFd2os5cmC<$95B zR1V{%bOLms?yS}53n}B@ZO4V+MTu%yVVyfLdKeSqBgTWf$K9+rx>mNS)2us7rEt_q zspi(rXFd{~#_qwI&ih&Mc$KoWQR@dx&v@aQ24>RtswgpJAyEluzAI;bG&H)ZT>InH z+_abger$vC|2(SWRib3c4N7QiZ!n$L8+U^lx!$zTcz=I$Mx}q%jJNf-&&c}8a*M+q z-NVqV;U|d*+zF)qTd}<>wwu8YjXP8%>2vg;W*awvKIsZKx$7li|IbX^mr{Agj@qWb z$yaWL9m95wr-lCeyYU74AHHpquhe*3A1fbsOooWVWp!@A|Y^?{yJT@XgfEe=ggv{j0$vgM%-T=(UO`R zb~8*eFty zh>-jS4?}$PY0ibE;HtcA`io~uORA`f=aw4G^g~-o@vYRUt ze-&wJg72i^>Bnx#V6oV;t>(i9e!VH3Qi`sXb1{VWw$?8+GTklYTbc;_eWr3Rk&fve8~%vHz9;Nw zg?%aPldvzY{x|paC~1zzv+%{Je$adX%5<7ZPB+=fOhfnkD(|)L>t-vx_pfFo{esFP z8Lx*-bYE7w-Jovx01$mW@rCAtHoh^YT6lF67S~SZtO2Kr+<`8)Le*4d(Jd{8;R6dd z$+=F4Gk0}n9!Zmb#?}d%@5pXZt=Jxwr2!W%V%<@u^n7xMd!Z zL$Vn5F*d75l<@f{vSi|!#W43)>_2D8Be*Eo59R)Rh%zayb-tZ|6DCseItJ1T{QNqL z|4pnXp8fLO#?1-mQG7!A3w&RLUzQSC$mKg_7|MStr;Vf!vMsGfj^&E^2V28j5rd6> z2>0RRTB+sJq$8Qh@dmM;Qydgl$HEHzN@%}aw-07OvYUylVUbR!0J?WqEh4A|1Z%!uEst+mvxGA7opK4JD<9`H@sr*p;dZm&3UE zl_O}z?A~egxXSY0RgE`SVT|sr+Ha9mw=8#hJfg#rP|P9AM=P@ff{4(MFu>mye&a`c zSVyd|6bhL=XVPblyT`_N+eUO1W_a^JiIwtj$^9ygpTU|h7eJBp8G)qRu%8w7KJ49g zc=Tk!eWvYu#@uJ}@8PApt&HIS0;9PRaA8akGSgQ-Auo_knfYXvUxp_x8Tv%K%gnsO zy75^g?g(qW(uTA#y?OBYU2i57ChK?XurMpxGWa9=x$!?UE24A2{pJPl{|MI?LK^8` z05l9<80S*gM4D&=Ikl6G6OUgo7Jmp!O)x~_hX4qo;=l>L#mo7^=#HcKrAGwhjQ!jY zm~DP;;-8uQq8lq|Rzi`3#p54hd!4Er#n*|P2$Dh-#?TyHC+}$RNN%H>0%7^PJLIUB zgT9!vxwJ%XK0{K0r+(P&E=}2(CXH#_k2Z!7Ww#crEtJq1J&uOhY_IxLWj{rgrk?SV z;4Uo$FJ4EQ*Xy@aWr;u9Tu1RR%-*lydPh4KdsbZ}z05q*JJBl9cPe&y+`bVi$K z-^5vMJ5p&W=AocW>}Iol zH$6b80i_8@Q!JqJ+U^zmEnKhqUT@JL0Vx3#K_HZb-U28f3L*&*dQl(>3X*_IQ;LXy zfaLvrpEI-B0P6q#vpLV4Ip@qd&v~BT^XsJ}y|yFS$`0#DkLbYimd)wDybfiEC1Jq1 zL9)3yL)aa4faglpprcGYR=LjA3TQgURHq3`lI?(YvJ2lcy?>%;_ z$$Komllmv+|H{3BDJgN&T}qiADuNFIF<3sqZ@tubiD8t$x`ac~BFnn)Y%APu(QR-Q zTVG%{sFlSc_!Y=Cz}2%Cq@Q30f!t$*!u5*t(oFo=imUOe7GKIhp`LJC-)c&`B}~C0wn11Vx;;3vP2hx8YOepTV(nF?3DG*S$#0UIkI6ry5e4r%Z>j z`|!QfMFZSf9@956dI$5n$n8v2VuV*|kt|9(^BjZ{vGGJ&?T8>mF4QS)+3zpSGE*Wa zu}r3sBlRRpPc}zZ1iwGWg9Pl-Pn$AwqDzm7WZB%#Y}#2(w*@}=qCr5gtED3!dNwwWTbD<|kD7`z1tZRmR>f^|Zz z#H+-J>~*Y%C1i>kjJRH0?Fe`GB0O%!5G7DQl{d7?1odWfz*zJe9H2yLAp*=rozlxN z?^py#ktOSKnZ>V&dUj>DjKYE3t#7(YsBW&%T3$_}ruH?0J$LmZ0}|&Kuz;|Sekf?5 zZj1naANBN4&Gh%pd|Nzv58VTCVdf>TmQ;o$!`3;RJ77RYaT~=Uc~=IoGbb~l_l(T+ zCz6hnk0rTUil6*I?gZ968i43>C)Xh;L%!{Ax5Zqou+oByt=g8!!i%ln?{AUsDOCKqFS8f7wp#8g&v`Q9f3)C5y?M%> z_=MD6weST%0fqzhC{*iJbBjH8%tLWlMNCx(qaZT|&X_&dF%?OH^q0XsATf<7Xq?}X z203)2oh;k_5fRFmn$Y2m*0aW9+N&)7zV%S&V!#s#Nv0IV1t3!H|8A`=rd5S=56*~2 zRjwO!iENS}86v&Oh~g!MG9@Lt%C4t7A@s4MS6YHfe||8L#6-BHm!=xga8lKGo+Y{V zS=ODT4n>$t0iaqfTTmdj0!AD!EXsG4dWvzShez~OYq>S@@%O87MRK++Pi#f9I{T>j zFX5Ed`TeY&dYpYGsrj6_XRY|01>N_ikA$ZyvFI(+Qc%<5QSozF$)MVT_1*LAW;JqXN!szh`3Sb(x`#9i~zo9-{`zzcw<%xB9oTC2uQu1`Bc(~xh*zz zR_k*Q<{Z?a?B-Ggbb|;xDFfAniLQ}`qNCK09+;w2q^G1J8(C6nox?pK{%Hefl|TZ@ zByb8hXmSHM#ULSyBp-c|B9ygKcd?%^ouF2$`mt@+8evz`xfMP?nTB+Sb%ymro@niM zvvmkdHnIIR2M5mVX zLxS4@1*y6n*kvMFPsliO(@opuk)L{x{tDZ`!>J8c*WRct!@^N@{VF zn9&a&4Tegi;YczJi%lVn;y5Xe(XqihM($oP+DwL=!n+<5%%T>vL2DZXRP9g;;rS9g z*HEf;B=v4N6==m_=s0QwISue&;$&cl8$+Y%nFxUwI8^ojl9c@$KX>X;$&c)XM71+Nyl-S4c;Rxn<4r6_ zEi+!&p@PGLZBNyf?TJd>e$Eaxz6aYMlsjS!UCUoaDzA;$t0VT>2;A3UqxyVlBszJt z!gwc?xDMu#PNE0>eqv{i)K-kxsUyL8Bk*bH#`-js^Aou;&0=!5jkj?!9!Un5LPuQS zu54XQd(7u%%rq-zRD23`rK>oCqvk<1ycz4VUgwv2r9UE;YdMz{u#E`rJg#QyF_ePO z0{k6${b)W;ib}|ZH4Sy_wq6@s@a+Lp_WPGJKI3aG_uN>4_;lWPoolS8>}3(r0!4K( zpJJ^6VG|hnji7OaN@AdmCskVGHJ6_=g}qZKDV-p7bHROxO&CCi0Z{EA(-}EZOE9G* zg#mgaHzObMUOnBOy)$=*UYjVW{qVNzj2o)Ao2&@`XSwo>eRw$$$KzF|sXaxX@gRnG zFVi00Y<81Pn{p)bM@Dl$9A`8y8LO-u3oahBm1FMwv1ldfyF%RG0i;KSo=WLjV=s72 z;wv&)i3)rmC0?0i!_>EVq(6MLpVnPFK%z1CNWZaz8OINN_)8E;bl;S#t{QNUXt{D7 zyZ5xOTWiGpX45V_f!W7TJw(FGcN0vLVmZ5!m}a1;EffbU#c}~0&5w$xVN@I9MnW`~mFM}o1WC}ByLMb|aO>?0o{C|~ zXKYtk?v?Svu*pqxNF)LhEzc_S6MzJ;iB}*fz%M^qu$V(l3{g+|ON>B4{nXhajnI~~ z+=>pJmAzjz+!qFaKtb#&_~+Y}dtIGCHr{iC@-}_Yx6uaI$Xz}m4K?9JEZ{lR4N~&# zI^lAvM!{nnK9oCfTXIkj8U-$k2xuP2%4FFZA|)Bu6lAAHO;l;AiLRQErV1fl@shZ= zEDdtE8_juU|7l+#xyg3qpqYm7>($wOVn)#)QlPj^T(J2jpb5i1+42}Ckhb_H-_9Xl zPW$^-+)Y<+ar>bRWTF1VaDL8{yz4!JjgT!kkXQbM9mMq?aUXR*Olm(sB2s$H z_+RZ{e*1a%Pwt|mcA<{)6j0Q%q;?A5;==?0Ec9bCvp9NShIIl`t+XMEp_WCA{7H}< ze1G_C!c!>PsC`U{H1H|#o5JxM?5pmk#2g7&?fs6{F}Z4^ztdVHbrOU6Hg6}6saw|P z=C}i@#ND&LAL9H%R_%ch4Rn^lWn}iCBY9xkZ8X`dbo#=|i; z{1MAXHHU$)L)6+UYJh4PMT2;ZA%VHKj0A+H_31&j3ia1p#CKoa%!*Py`wuElzT03*F`mXyYarj9BHU8jY=1y zC&3=xQYuKXAZ!eg!Y_rXY%?FIP$yMy2>YnUa6$zdU|GrLPrl4jFvRSx4i{&_#sBdl zM);=o%l-&y94hpwexwzTvfmJp<&Ls_&$XWOEZ)ah{mI^26RUy8`GsV3a2EuH9&apR zb>hS3nzOAhXal|LsxU)q#QcMEGel4(<)pYOHzCgZh6&wO! z_TwBt(1qg;VJXMJA}NB~KS4%sl8wF}n0BO{?TI8TME36Lhz>75=q2+q-Dr zw1;R7sf?5S)(q<6@MO0^`o{&nO?``%j3e28)J1lLT+L;Dw;}N8H27`va{88}Z+I_-NvKb(U+31$QJy<{V%9sw}UKYEW&02LLap(AzY1hunupWi95-D7y0 z6$viPj}h!uuI@3#mOryKu0ohXlrvi2l?L%+t^IvLmcZo*rhzyneG8Bp@%ZjyQW`4a zJk=p(bg8qaCvPJtxjQ?#f038(j&8E}zexs>n+3cMG1mK$^W_7S)sf{oD85_EtpvhU zM8is(nY#eN4n+Yn8qNg>Wy}&V!-UF@fb}Y~R~2=k7UaTJ__VFG(kYfKv-~M$%WMwy zG%>a6S|r%LKBl&5p#&F@~+QE*$;0xxs?# zZNe|ZgKx0P^>*MX)>vj2;Z&QDmn3zU#r9YNXB2mN?BXYvW=y<5`yVh&FKu_bEe(!O zYzs-1Zu@Wta{lca?hcF~o7mah&z+@un(*8*!y4u!sKuAUFOzK}*d_Qf;gjy|d|YO3 z5g(!ZN&pKPD#ZK?_HXeCN;T$!r^EOe0;s$y+TCpN(MIkFR{!Z~<*c-S+{R?YiBI%L zhnOeGb`o{f0&dQA-A2ZXUs_i$+PFaPK&SZE1nr4EO1+h!b&T+C9m9(D?@>QW_eQ+1 zr6uhG7De<0uX2qPk{scanpG&5U^4h5bkBcg_(3F;dgL6>%%&nLB^(P+)b$%5qI2KV#aU^t~6^ZTRgAVe!|&R*f32kh0g zXJ_s)QU}W*7o_RqE_ntc4)6K9eE39uyc!jw;qk|XVcu-udyXJ6gw;LKuWK3Y!fTJS z&Eb`Ku`()Ua=)-*A}o?>7bJKqDJ}?a7y#@5gajs5A`Gf3Y>vn{6JENR(Ux(LcaU^w z6W@luZA>})tZi@|yi6Zi(#GEv>^pQM27tm6tGsJEJY{}g(#B5N$g26SWXgA)(=oSi zq4hiHmc?5vu}+Rx-_^hG%-pqw!Y#486^#Qze!<7T&_(%Dv>PX}Iz)tkX9ER=XX)vWl9K1bc^|e}z zA#ZWbh^lwFx`zM-Gy?wA5JyF zuqvyOdx6Q95~<31RE))R1n(i}F_JHXfY`3Qp)6EjTqe`j2AzSPXp69W5_{Czpc<{? z1c1QV7H}6PE$g(->DE^zc}vT8vTvrx+I_1GLN?vEnVtD}~mf|dRG*zY5EbA+p^xx2B6V!|qrd*UU+y9#bY-d;hqB&X5futKm@elOqG zG`~h{Pkb0IDR6p+qyAzqdNJ?*l*eoL<-EO=cV9065CN?;932?B@DLH~Q(&boy#PuG zslVJos=<)WmelScuqIPLCsayldyvpT$Wmb8DHW}7bC)|?;UeFbeH;3gpbCypQzfjG zHm&u(`{Z6IirxXfC>!CYrrXo%{dw|a1RHbPB0eyS5DNfsYVRrdf#;Fbbr2**w3la~ z4&t{=bPeMnZs*Au3K-51o8~^_4Ued1_hCvFyN_-#TsoT@5WOI$6aYWU=6k+yPVO|k zSnNk>usWS3F6K{#o|o}v3DD+|hd)CqVp2gJ;Ny*a*-U^^j5>;Kb)gi_Mq3tPx4|2x zSU?-(&6i&h$qj5i)#F8S*V}F$`{A;UK_Xt~p`vt*HIFr;n$)otk^kmc+co!sI(1jE zd3TZ4Xf6D4(XBx}7bG%c*27Lx+j@*gwgBJ{W}S}g2r4{z&<%$MPmivw%m>*G=ITqF=Ot!UcU{gXj9jw{Jt7w`~4Bv4}EGzB; zdLl^(vyimdalC&jJ+t6NGR<~bPY4hrTTv+Gr_;5F(1L5-CMCM`xvp-esk*nd0{^&KZ^l;@c_ z6~BYzXXW(vGE!QUpu3IU5fN_M?6>K@-Fb@qI1f<7iv;G37K~U#`~_6B6g9{2clhJW zIgN~-aT9-oZq@uKOa!&KhE}DP*2)02WJD$1#0KP78&SfrPnfacSIE>~=s-pY@_hux z4;F?n@ed)iJ3@{VQwBpGgC2Wwg_JC}>Z$R9Pl$wv=MLw20q3Yv{ zOR&HJt_UkBmO%gzFpc!&W0lw2JN!b;*q2C_L%jAqweIs2JM=hYTJC~ca&g5jt=Pqq zhc=oCFRIvuN~w4iN)9`$+H*uzmdRL!k!NYdVYYD!$~>ObvyE0i^)f_Wo0hwqE&(*C zhv}JTRiXyYws_|760Q7j6wUD18NmRjr49QNz{xjK}}p8Rw+@ve{m=pc0)b6 z*GPVuUK!a%)9hCY+hq5O$R3)(H_7UD&4m4ku&iM9450W4c3~y+iJYb$PVmuu0uq z1}4o{8U7mfwqjJvEkzOf921EuTE<)0NmQlK9NUWAd`pdV5u?Ah;5Qcj8XvA_z)$Wk zOeIc3uJmF7audGD*Gcb30-nL<*}6o2lPH6ekx!_P?i@VGO}OdjlYh$Rey^K7jpQFa zhf`i4C0PER>Fe^gKA)_E{|*aJS^T8cI~r%$!08s8Vd3c(l9S^;tFQI#G9%n9taW7H zCfghBLbt}!8?8R2{ZTyS%hVIu{`vMdPw)FT&%XI~|BE9@<9HjO!qo8=evA5mjC_au zkN5SSK$)jhy)gS>OMhi`+FPuC>)&d3KGp_~F|sX($JjqlxpGFI!qnVCh(KN2DORCQ z^(o32dx3?lwSaZj#rJDe1it9c<)@yj?vnmP{U6hR=>2HvBf&?*kA&>&``_JWx`__1 zJ5bl|6m%z-5gqc7r7uSA7jgW{xPG5Cu80P%jDjm7mT-7jlwRrTSGe?ASAWvE*PC`p z7;H#8&P>u}#ri45^t59A)M9#kt&VdK`1P;-Rr*4F5yPL<(={oKBEeSdvjfBI;D{gM9kH~sZr_ot8b*RQHo*1)-Jd|VB|Gb)Db z7N*y1TfchS^gD~{CoW1)UQ|D6QMznV{gg%NX^ZNwm8pTNzti8Du6}2I)jQLd_pZOR zcly9V_4^M>e|b>-7YC&;9$f#^!RgBf*Izm~edXZ#pK1T2{^$QlFI{Z)OBP#tC7)OD z`9nT`z~}9UTK%>|EnRY))ek++(x0Aa^`D$*>Aie@?*wbyWdnCx;L9I{-)(5))H7KCrO<&7geJ zusZX2t)tNKLOet?#LLC{OU3l$a{XM8FbvGs6MHp|>B%>%1dWI&JUc@bly8ZuX>w!| zKR;&Aj^SOuB(cB5d9FLY8m{rzJv}4f2RB94KULG`)A}FMbWNeY4zvahd0S~wuwA$) zoSxoLs$XA9*OclvmeQL`^_xoRt)==crS$ev{kBqiXQ_TiDZRT?zpIq~v{e5|DSfC^ zf3TD;8>rth;2s_CxMDoLYP^0j+>M~1mF)DcS?OuB>$ir%w-zLKcAX|_Si3=@4AOX2W{H# zZyoz<_uiA=tFN2R)5d=5KDxiE_Yrp`MF zcJ54iu1Bbvyt;jpdA*Ct$MmMd?`u7yecAu!bF=Bi?rBkv8rHZB6X-N4}R(3_vp zzURKf#r|nQJo<^T?3z)VNouHR6YXDwXcuR=WM*NaN>}x(;n|&Y+Gqdv=NvtK?#}ac z73LtVSy{S9(Ys>_f-!4VZO}Q?=N-5>)rm^0cck?TT{CU?ViY}T_m5(V?bV4xtk0nM z1lf%1!|BlZHVWPxPsi#r!ML;2S@pT;oPFn~^Xi+W3+h{>o7cBY7uL58^F+LhJ8L_o(lc?m4>8z}}?o-#dI4oq2c1d(-#q`~LKO za}G%N-~NN?2kHl=AF6*i{Xg}OrXQ)3Y2H)vgVImz{HcLY2A>K)`Oj2ws(&v1?2Lcn z*Z;iR!Rf!&zmWc0{fm`cZrn_HJmreLl_=z>0wqs!qRV8{U}S1v^oso(N;g!(qpVn9$qNZ@s@te z>L*zGZL5<@9@=!Wr6*Ar0~IR9_fzb^(=0vJ>R%1IG05$~(0i7(C}G@vt&Cf>P^k)5 z;=L^GM(p!rudtb3Vc?cqv;rZ+70FuHMZV>`J4vE+UuP?;_FQI`8+4Fc0Y4o9xhhU&`!-An>)1>KwU6?+>V$7{BgwFH?o0>G*GTIGe1FTgVOr({JL>`S(=O% zdNd&qiDfHne99{*DfY~16BKGFKCvZ!$WL$C%BeBizcGWBy$!BoAQ@x}Ng@NQq)~LM zELxpCu+u+q>6V>GZ^;9xG=Pw!pzXmqevBiHaglDB-->?3mTigXbLy6MmOjtk(k|jN zfAN;BIU_{C+Z>cSn335GNZ}pijG#Cs8S^!;q#Se%9HY~{V{f|%gis&@)x+ova%#N| zuWR|+M(Z&syUNV2i6$iipJ{YG-Dt{LP-1Va__7LiFOm)vW|k*ZLTG8Dd~`$EB)lIG zuA6#ftvw+njMhFmSQkeSwlI6E^flAb@wJ%6lD%?`k@Yiy!9v~V11}RYzG+eyThG@> z=*gvZMutq`b$==8y9MpN*)&h%zJ0oVUJ1VyJME!p8c*ei;ZB`9b^#&&7u{$m^oGDT z;9NP!mCq*K6Ogum_$I_!Ur<(r7f&4cxpu7`-%@y~tPw zS49t3#fvPw&@h@cFT_wE7VoTuchu~G+7w;DuWIBcSJ!7D=Q3?w=mb!uM2s>?wm{RZ zR^|7fBS1FEY!XbwbUN31wN$PH8`(mnZN}4HRvF z9I8J_&ik1q6;GX6F$=c8#iI!u{oR2P>m-nvL#i?Bd_v98=> zu;6%Jh4^3jpODK;1CCLTk|FHM3IP)v6 zP~!~fVkJ8ls~1MG&-=D>0~la2Zx!(q**P&_UKGK$SI zMz^9k;{LeId!!xca=pECBLX+QX~~AkxxZMrpj5CAAnQ;{XGIv!ot_ziasM%^_M+LWOL}$D&*~!HfgM#Ri|`s zTGAUF85eJN;T_KIbnZ6R4q8DRVTx;9cq89%ANJz}gsRu?r^jfe<}u&|(q_Os&T!0? zM=9+A~U048M5?=NbKW@#16i#Ln?CNEXr|wA@?Y~zy!S>C3JEdkvk+u$zSYK zZ!rO`cB|3>9k1oa(OI4vK9}(k7iZr?qk&3{fTs}NgE_Zw7 za@LXpHm2;h(w0b@4@@He(jfrIe&*6Uo!tTZLT`Ug549cyGQcR;M*GJHxc$QefS_NX ztl&ovxaeZnJl=)ha?K-L_yhl|U%T*zw)Tzi3&wtl6v<9y6TpGWrmrdl#6r~1&CDnY15Y_WcZm}WgHT1JONJuY(FL0zpn$*^2bJk zkN7yQ(H|ZCUDn^SZ98Dyw17em*Ouwxi&a^DVw>MUG%DRFFHFETSxF15W`9p z44u_73T){t!Yge-xtPx{47Hj3K}$Cv?f;xVRy* z#c{W9JA8YvZ_B>@s&Du8ZS33due6)_Y zk%TpTW6)d!#6%ylgIJD-h5iXkpic2!LG$iFMn^m}pium&PWr0s*Gt3bo}l@<3;*Jp z&$#g7Ablus4+hck8sWAA;{Eh&HroMgbJ<(gkmu3QD0S*={;k|=!mS%MK5p^{?!ybbF2}$5jm>M!dgt^Bb2YbvB`j&(jl=j&kw>C^l#a(kx#2DLU zc+4Al=50-oT#rXc>CV98wmX6XR~mWNZ-8recaqsz3!6&sI%3zWgq?G%@$`;<6b4s? z(X^Jg#@Di?Mu{|DUR-8`JXr@@aGqL-#4USd7ZeCA!N;2^V}j-90}2_Wgh>G1b;!TUIZLA~e@?_kCF#lnuM$ZmvfHV*SRH&qX%x3v{;A+N8+5U^6{W;rvg|Ktn zlURbGr#SeO#r7=9U2e1_iYAgX!{%9GxGpTb5C+|G)xQSk=-IoO+a_|9oEHb!A7@*{ zHpaGd_L`V__$x(2930~9h7gSON!2jTZrYRQelpEH4*J<1(lvlB%b3%ybR0dxSiV$h z7IF2+5Cv^D_b`4>SwQLvo4s7NT$n6c9RAYWQ_7<3?99jyKW5S}K0gZ1ko8FjVk>$D zS>zf9os2Bva}>cRRsoKXtS|?7Pp?J3o#ESHIq>#+l726;Dn4)&TQ zWXlJ|U~uD89$KZVExN`cMYJc}N|h^l?~T6;BtG-T*>r92z&5AadAkSr2ZH zqq}0xxa(uL8k4hslJL}r=nGK|h?yP|FdBnfKy*O|5TS5&ipMZ{z?@)4+~=K)em{Ne zCb2^k`?9c&V&k+dCEhHyuSkLkFnz7SF)NHoo6295sv@=mqTBJq@`0qTo%n5zlVTRw z3%39%E)4TYoclem_l9BpUEF*T4%L2~WMGy=tCC=aH%zZ^Tl;zG_AT=gewjqeljaFYcux}Cs*KYb12Kpay?HV5#BJ<~tA|j~1hdf;B*=##+-bp%l)5ia z6pq|(RLU`GxK^&co=MNvIHb%e@WxTdAqP+7ZrjFL7K3b=TJ9>A%u>jhr~x( zl(>oq`hcE_PF;ZLVXlfALo!sSU&c)($)@&^!$$}9Hg`LCjINSG*Gj>c+`k~=u@rc? zMPITn8xa@~77|xLP}r4lA&LrD1m2-z+)PvCwLBf<4kCRz9pVy2CHWhHZjjh>eIh2F zDI4+JnDgx};>I2oDrIOxbZF5w@Jpc3{iaoHp$WpZ1!xdH1X}43q5WI zomccS-ht|5nLCq%$<@3Uq@OQnZ;aT0Dt|U?nQp9!+DVx9yR3jQ?$Xm{zJ|e~x)b_M zQTy(2KK*AgNSOSoXp*A^^?KIJ~ycZJ!N$~kHm zSnwJ9Z0nk&ea+D4f@56maEbXE5?l$PP>N4U7#b)9FC~Z3hQKD58|J_QM0KLs(#|A- ze}pzE`vWyc@r5eIOG&87H$h%VQb=wo5>6%^WJ1=1PVh2>7{`5_WS_IhL8#eDD*>4s zf*BR>74xc3L8_i(lt-BUR_8Rr(h_^1%EKG6REYNlaL+&z#CK_x3vS?sz>k7xNuwj^ zZ{>hL&g2UgkI9{l)#8^pV~vLaI)gIDSQr3Zb`EY)qMtveE)TFxr&Aa49KU|>@*&Qb z0zJ&+ZS4vtc_w6y*^QR2kxYMwVN>T@^QRX4(M9XQ3plpO&whSEmAV_a%&cOT+KhAezq0Yw&zf8Y6A@B0CP9P&taZ9oDB5r z;=QKF{YU^HX6i2tlx7tBTwk0dejXu`FbxMp1OOu92=qO{WL-0NkO4nj%w|bTA1BC! zSye0#=!9A;%rG0sfEle=jX9MwdCaXH%tg}^v+FXa@>G1q&%FT8uro674ez!CEJ~kp ziynsui1#1(AhC^vICInYCGWTQjeU>=OlZ59ULl%YJ)lzA0URRe5tFQ!mjS00M1%K+ z%?NkIe1ph|UlZX-`n8yb3UG5bFWJX?<-zi5iApc1K`Y0^rpgB6r+PSPe?yw^J`4BvVw4g&n&09iWC=e&vQ#y zGSyP;hL(OWu>Vmxq5K!)O9OXFP+l1r$>P{g-S-1`DWexem-7rHrqoX|>uB;f=~aP! zKd4_5a4fk-@cLuU3H9f{*zk8MT&KQWAG%A!`1G)LnuKBj(hNVYS}l3ZAIjMzN6(@# zkJ#m{$q3VrSKUH*Jsdp+J|bFyyN^Md-dZEdxd|>~mor{b!ueV$3J3$pOZg-3BQj-K-M1V*xU-Ll7mxwKghH0l&2Fi(7 z33HO8h4-V?MB3%`Mm^Fz#q6uKq_hVR>AoA_Ejw-`69 zaL4*iZYUnM&20H~?X9%j}NOP-AEDb3Q;VFt|! z$2rTOENo&047RkaK-og~RA^6z5iuyCBHda;*uHu!quJ1J?)HnQ_&_#(Dv~N2cM*1| zh!1s@H}d1S9sQfZSQ5gok!-{0sle#uYXDAOlLhdSI0IY`=4|JY@#w*0brW9$ks~fc zh$5f6Ar>(ByytQ5R^FB%q--vSTPV1NF}hFyM!9FW9KPNEWJ`}L@lG_ZDoXdC&MRRq9xs#J5Ct zdxXEtCcW*uJqn(Vis>~4EXBM*tfx6|n@I0<#0`D1fDbRsq)|Av<(?z`YjsO^suyB18K zWZE9rCLHH1(0N20{wQv4i8uz7qO`Yf#2j}Bn=eTA{KRsqRo$-h6*TR{MGv_>ao@e|GTE`k9dNree zy?lxuwC6;}$Jt27=fQ71SsTEfEz9lP?=uD1zk>!hxWr>}V`bWfOQ>SYaMfH+q^l$}*DIO_NW}Z69+BikThmh3aNr{0?Tg zF3XXq&8ZBo{Cr6c&M?SMgr?Ke#Rl{c;{Zgq#749lwZ9?g|6gsD_YYo9>wB}D5emGpu+X;7FPI3}sC4CQwOYI)?=7mSo@aiPFCb6p% zTS-z3KI3Z==iBJ&q<(D@tW%QN7FI)_i4J0t2+kqQdkPV(BUDckL8F>HW=1Uw@U<7E zz$yyZ$uQlu`2F5MhvKou_$0QI5Z)>UU4aQ;LP$ddw$nn{%P$lpPL>OfdUH*uw6Oex470_ZaSw?N z&`L0ORVa)04wf!jT7JI6ztVn<;4XdgmMq*3{QtG@|77iiZ2P;RIdVp9CQtoUK7I_U zz_a`vV8L}Ybu%dEJ<$1~t~=7?PS{!Q@^zNt8y@#9j8NfFn7}L3f0z=nzKJ_j=^GXT ziokSPwk>$zK>{?6@K!+9L7s5&n95d8zr-LHJPDBh7y7hqfRImsMWVDf>CIhN40CHR z%fq-xut6g^k?Nn!LL)KX5m>!wT^;g?w%;k^SwA?x@(Zj-?n!MO}efFPi6G z+-qM}_`+<51&7u+F*0V2dME5<8H8n)EeB3f!$f|(9f9Oc}V{?{vPyXDd|L(5z07Na{d4=MwtzA)m#v%9Y0xwq5VaG>rx`+L5> z!1hWhKBQ<%us)PFd0NksVsL&bKBoi%D2KVDC?pe4G!SnP#0YW%0&gn?ccQw=@cDC@ zitBwIpA*mS*Shd?=ru6B2WSU1M(cAPpPO-R0iS4}p|=6}AoX0KqIe@Jz{5JXK6MX9 zu8aoN1GxYlBgTEjHtKz?WUrRYx6GTnrijJwzGCx%qTOGttS#zF--c~rKiu>ebADc= z%v+0wdxl%nzpw)wUs|fH`w!|-EydS#uLTOODcaRV_fXOOr5G<3wtb}Cok^WhWp&XF zbG-g&(GD%eN0jXGx4dRmvFnLqaCABPI*UgkX7-eufIx z9b(PrOL3z`Y^HG=OI21$cWF|@j4qIH&dPb zCHv?53jM?}ktT!0L{$h%Ehu8fPqM=IGlS!NX8m5~gWmcX79Juwo5+sXjX;8&kQ&^+ zn@o`jHnMO;*TCh&l89U(U3YL@32nKd{Fsiei;j8H<+|cdbn31^6d1ZX!ei@o)C=9p ziBgz`y~8RbOzN5zOpk&*KJv;;f@>(;E4mCyW~6*2sFp0#*m?*ACp&)b34q$+hOy%Y zd0}ilrHwa;Cs|GTJ>Xm&7qTpU)5eYi{gwW6>?^c`V*`kf_0~u$*$A0c5F$4HY|)JA z;Wlm?hsUN!c`sO?BOD7l(2U5tZME$pTj4TtP;@3^SP5IgfU zW1&YWJZ2KcIH_+OYaxz@T8~j7u=Q+@R^lg1_EgDEtq5W0F;A3&qbu>!N~(m?ldo}n zb>se3?1M7yuLQrWWGG{C@R!U1#=E|dbyMg;+5g4~r0Xnh%Qx0Pm{ZCi$@iJ~&;Epk$jMv@yaEfs?ORI)BfLGM>OQ<2k@K#EO!FS9y=6>X0xgMQ=}r znMtEZ!qzexPHfVod+$r9;Ud*v=`1I;VwG`MX7U95_X-G-y$pLpiN`&Ihj0ns1~(!q z#d^Sh1m>+IuY5$$Is>O@NOBD}1?5WJrOL^ue__NuO9!u><{qeurCV*=tpbBT%yd*2 z3~z?}LIxSi$EV&4+91JbZrr#`AYI@u*`+?d6?VXYJQpAJw50-KMrlblV7ed#?kahy zr1TR3no3u&vf0FI`CFnuaI;u<02=9JQ5K1L+J2q&=f0Xh)(C%;j7A*mjh8R>_wofqshB$rjt9C2Go?UV zF>;1C3dv>AN`k2Xx$XuWvuEna2cuP{GMkPFWc3kAs3W(AgXsRkLCm}n-~C%kyEhY# zg6{O7dy`WpxB|Z=u`=jjCt@6n$lv|18$w$gg&XjHOQ#V{{22@nxFL}%19r_8yJQ1m zE$$XyW#n$M_?>vq{RiS2-XzuAj4AV672v?gP8UAnk%W0OxTwI{m~i032QCkU@07=p zxG80@`EQsGbxe3ts~L;iFo$7W>D9ka=~XYi`h4yg?3cl>-q@>ea(fa0`feS?8xuei zRv)zR-l_dkWTg59GN0_1!bKI{0rNK)?!B>JQSddnLALva&_KUNvwk5N9+kN$C8#kbccuW(Zchdx}@MNxdps}EQ$Zjyf1chHyCp>Zvzr=+Jh+CfIV5D zv{y_r&-5iHDCJP8g+ZNcY{SWj8^vHRK+}>in@8g33{b#b_{K_xkZ%BZkbUuo01o9^ zfVnc>J1!XkGxH08kCB9CAu$1)Dkc@J4=#7>0&-r*>!|4P8^!{^a&9Z6$sN!E(x(}L zoKs`>bCuU1c+`H9#uWf92nZ8l!r$lg+ea3w)geh|?EVbT^kbFI zTuf*?+DE`sSfeWyEOKP?CNys}8X-sx1ej6)EF8qEe8|TWQr9Y+2uG`B&hYMJ6z*(+ znJ_TsWSFkZjYjdgiqlnIdL7sIYU@)$!tHUW;rA(h6j~@A9c(Dr;^JD{P>6Er z2*hR@qk>z5#@LOp2zF-MjBPh=p$u@!SJ}_^+o`&Zi(zym=DzfZAURYh>jujcr85MN zc2tl*J1CzM*x5mNPLOid(jYim*B%ulhh^8MT$^w_;W%eqaE#9L{Tmz4?@F!RV}saOsYStFp!#Sz|9|Y)CauD#;%T3jd@e@sh8V zvof%2giFt};PilGVs=juZkZk~6OecZt^ph&?J>mMd)kp7gFRtU;E$CcibH(q1=bn~oG%d(?m6sS5K`+B{W!uW-!6^Bjye zpUjtQH2$=XI=o-(cQf>+@c>j`Xsm}x6Jo+?Hv+q^Ai;qQ zsKoFp1fh^3dy$|KCB`uoW6u3{emP5Y9RP5$~dQbZ>i}iiM$zlG;usmeL z(b5o3@!0^syH5q32v|D142uWIkws(2g|lXDvaoh{&jq^P-!FWWTi^(Zdkc^qVx*whec@iNE9yl%8{(`un6H#}gNj5d zK_gH*pTVTV;N!eF9PSS?BKtv*&zH&wQq&Nnh$PsMxq=67batVK!M;xECQU^Jqi?m@ zf%ZW<4BT{=sHFVjIP=Qw^82%Vo8JHyPrG1}cJ*t&it@M5^eY`qJ?)+3-c8@HQh zm0k(RCn+d%;XOge0=HT9-XLEiUjwlg7(~PP+@SBgAb($2xMAuDlAzr$a*bJ=!Rv&H zlE|hqD&jfGp{dcC9_~a2jM&X3wRBnAM%eUG7o7*q@v&n`y7EmVPry&Fw(L)VRBXCt+}T`E+GK2pQ!?Y`yD?SHkNPu#DP;KnzO+r1@sQrQF6bI@33 z`GLgU4~|TJo;2=BV(JwBux--RLKJ-vtq=>`1|y|MRXJOrqc7YY83@Nk+`U0Tst|D` zhb2PcU&0GWU_cQJ`$l*JOBI(T@OM7wLJ6$7V%06HNAYwvVN8UVMdIn9Y41 z+bOAoB^D3kBAkYMv60s+4Y%Lqx({*W0JhKOmL|xMCq}`WaG|Y*W3%gHKag#l_=Gq_ za&(fW_;oAdzTRcGL~dtA@2HaJ14eNVmmxeF68c(-Tig6=j0T3(LIr^jlw%ze7V(5 zGtxcRD4y!mR*L0-a4-hMYhS;yW8XojjW7Ni9XrLpZ1`FPa^vv@TOCJ#j_ef$g$OuG zq>K)3j@^A>vNp8)!r=$Pd|B5X8{4nmcwaCEXEGA-S_E3Y1q04sAC%U!pU{{b7gx{n zzaGHcFkW5Z_xp_qOSd$()8p!Q{gHX3g6s)6OE@%2-c#P#gF7R;gC5xNv3)C>##^KC zMn7ODC^=m1cuP>49uGgGbTc!yu+2+b(CJ_|J0Z4jzqz~2^L@G@bJ*(cV^OWk4;HJ3 zPF?-RE<6?4kmi!l%iQ|JG(2^%R{UgEiOao_d0ks|tH!c;aaL+V*=Wlz-#V_8qdb%ETj&U4jz)RnYRc zxK;|Ythe&G$$G1bS+%#kdUTVc7{Ppx@j918GZ?S?3Wu?v&d>|-LON4Wq2i9BeN zjD{DcCYg<*XEusrHgHU%Z=TsGc6q*3?~nH|F&`Am4LYOVf`Zu~H`7w<$5=x?IG_oM zI+-EH6gFj~7lT|l8{Es!6Vk_TS6X`JI0{_ZTSbRNay9J4nO0anJ2& zyHt1P_}fh`(>v#P_iwec|Lrceo9#|NcMbQU-P87}?V0Rld+rqmO8C6HiZH>M@9D4I zODQ_ziTW5J^jid5*?axDeF0td^1Wmom{)vn5Cn6m0Hl8~Ws1jMZy#JIdug%`HRLM^ z!-d3Kt58uIeFndUJV>2_5Ej;BC@>yXM9fv-(}QRrtw|q+CvBvIc+)cv?}G%bh`;Za z$F?G_E{{vO^z)Em+>1l3bIbq|wS!oPmJyR(8a5x8T)I?HA zM=26qhl7FtjfbV>#91!511@HN21ooU+zL`qIV1aUiTHz4QwbmWd`Ou-BMfRTiUSNs zxn*eqNU-QC97ne6=`@*Iz{|`D_&6;ROWv1;j%r|00_o&TDS+Aggs!F_q{@j{``hbINvR**)eHSLUBi?71ZWBUtw-dWT2Mt>^CH_mxap8hM}z zpJ=at_+eaFrRWtwQ%i9D0p`6)ZQNCHcuq8Yb`(FGhPS3I%Z8xwt%j!;L@g&kDfO$| zPbnD6-d@o46%LQ)&0x6)#HP01~o8^T823JbpbK{!192 zm`}d0B!uk+`^J$Iq1WQoVr^?&WQWrTN$Bt+vyIC8^@bJR|h)sA_v-Ibr{0f!|+}FaO zoo{3gQZ0RGVv6D_awejKF00gHvZC-?x4d903WeoT2ToNzpd`VJEEj_jjKBGC7l_$( zj_saX&l}j2>Esf9YgNRx`TUV_`KG{b4oG-thsO372ZOpcPnpNSNt_)Wr$@zh zWIS>~Z0F|PyXmD=e(f8dm)FtV;au(C z!J|9@?)wkgGByxC! zN_;yME2SNA_%11@q*Th1Hvb5o{@WT3Yr^SL!2(k(BLybv3`z21%@HXHC~k^oMEXSb z#*o6Wc~bu(uvS zR8mro;)UIs`36N~^eED8(k0d!xf+uEup8BW9J7bz4eWOosf(G^&1?Zm!C&PeqYvei z`!&;7oiMVo9U`Gb_3hy7y55|H= znEjL-jt_49$*y(+%Po0CQS9#91-rCBuTLk|-osG_B}Wz9{r>!s1v{tU&Mw5?DWrdB zyFS9N)WI;%=N*T*$^EYMJgbGcVMqqV{An>FM3tkyPLe}|WJxegfC6rl9kRDaAz4S@ zSpG11)e#{=-taY1_;?U}n84n1A^U}Ur-GpP8!@*&WPg(B7Sk`n|K_7ougU95s<1bo zMF9kKwt-PPXE|=xV6x|XOr%mO!bmZeY!9G$?5qET0bw{APUpc$yc32()=||8jcenW ze33-)^DN+zHsX5vS|EEPh=f89p0)5AUV=i4au=m<()SjHjI07}HR5rn=zObr^z#Bu z%90XM)GLLw|L$sWHSHLcS;*JuE7dDqsFuKfi49L1oxwhuis2zb^QpAT>X(coy)IPY zE1oE9?b{yT_WJf6zKy3G&(5a)$X31`+z@+hYeMp>h8L}H&B0-B(7lb(>xBJLQZ%x) z1K=vsOYIsq=q!Lt!KB>t%Fz8t8^$&zH^&w#gOxwI#*2t_!I_~uE3`Ai=+Gcu5)7Ud z;@RS&-ILvHb`jTP?i|`J`SP84miI!O8J*pqFF%xzw;$Uf9wA2g?5KVYm0#Si!}@PR z3OF5848B>6wkK3941XMx-wSb?dJ*4^BYv2<8S;2&Or{bl5wrATcY{=6_n zq5DQkCioGWlc`BGexwC6AK+6eG+8y}0VkE(0ygZBn8-ob;sM@+Y>z`rI6|i6f;Noh zWxP_;+Fa^wW2)oAPNSeHQyn*}jcHvSW%4;^sPGnUu?Za{!$<>SDK1TZ_k;NoZb^+= znM#f@yv=eW?ij0AyXu{3Po46&!L;7#%vQf)rHm_8MUK^wzzPZ#M*T}>B+}zJ;!_`x zlN@*qwU;6ti_<&Q`b)-;$UeQ@*T)E=^jRDhVO)$^E93-V)obaA)>vlAy)8 zGqyWo+Tf1ZXbVkbRfwe@MC5E10TD+yX|`Z{KFK#+B7v;e;Ufg|q~;RaN+mo}+{Y5%vJC(ve5<4Z+pQ z!ml!}fUo>Jk<3rEXc?>+C5oPck001PG^irX80b+6ymu4|5 z4{|YLiHip{Qn}pQn8FDh^=qg~YoKhI;G1|6u+}J1lBMn8rv%$T0IIGpI^N<@@bl;J zYH_$<%w6SdwfmxP8>@&!D-e4}(J{S(C2!;NGd?4e`!k)6UZBCV#Q1Fo`z< zoEQl85jVQ=EWu#m!X+*_)CD6gW^fQ$|i7+zx!v4(GPe zyuhk6n?pqT#WCwS;hd6v|D#_qb64RMYTdq#R^g#?4j|mRH{Kai;7B5erGn31hKi*SyD2kRR@=Xd&MYRG^B2xKqK0yW{4(CEG>w}BT!wu!+ ztGRGyr7qL|E4Uq+RBdK%ALNIow1c; zf8|_de?NUI_rtmFuO@)EAIyy~TGBZb>^#Nw;qix~>|M_Nlt&j`wZElbo(E{oCxPA; zJeL9f3`TmQAgS?PQ{mB4xS#tB5rN!+lGc7@cnB490^-py>nKqfwhjH>I(M3UUBCc$ zW)4_HP}WFE##>$Ok{>$zfivH_hn*Xe?@_9h_aosb)&73$u#)Sh5yz=)-%I|=zG!RO zZ6b17r#0ZB9?s^Wb12j6@(b``agM|+93L%(!9>t&hk#+i-{80@tSFsYJmS;ZiE$Je z5l@E>ru8|(r+is7rSfrs@AIi+6pCKqyFPcy0B@%d)Ew2~gE8U}r+@(%->-yw(@*@w zYXL>6Mj0=j@8O9@k25wWDLQk45m^y@%7Csp+q<)CcAg5{pI-}Z zV79`alPDE!lDpyC9^{(=KN9AYr>XRzIsC6rnOg0PNI+ueIe^}v?=aU)_)DsrsAtpTsqpuH+C9wEvE5H+heQC(+$RYmcKi)~t#u#%`r zAW23(JX0l=W<3>uCQ~lpBR4^!DYybRY`Fc&YZbps3a7ixCvSScZ}YxABs&zWLzN!x z3kEB;=D!V7y}(qJ1i=|RS$V(8G+;x|;F*?`-#Z2C={Ese{Dy1#a#sORc!m_73GC^> zeCu8Z*@k?3K8S7$Z7oq4zVLp404uc>=3{r(ERUs|w{78mGwZDovZEe{ojHr}JmroE3lm5h z{1m$3h zFcT1|NeqXc9HoQ>J>V~&IS#=bmP8ON2PAo_GTFU|NmVjOTQfkXWR3lJ-JWhN3cv_A zfP4`B-T7XTy-833O!zhIsOuSWgPUAApya>n?Q`p7(kW2!FL$R3V2XjoW)gONH?+&b z;HRPeB(y7$ks#?mrb4WaMjS1}ByPq?IoSkME*NTY;$mobKOZudZJk&(O=qzz(@wVLEMMdElwq@QI%BhnX*39@=2CE9IF6$`KG9Fog5a- zx9-l!-J$&uO>7LsqDLyvSAh)ep9~+)?Rm?I-13h=k9A zByjep3_L!)I2Kl>g(z-pNJ3wJG>~W@3eXCh^ zu5u)Vt!sy|KF| zwwq((#9TzxYIv$N7!5|~`>9EKdBTLsjWUIV!5G&<@N;Ts{GAE>dK{O7m4D}=7b22S zUG;Y^dW!06-qRq+92z1M^i4^4bAr}cRxD~bdqHN-DmR_v z10eKcl5}ZeM<>|lY27yysfa7&qW4fK;?=|_7~C=sdm=|G;GPUhh0L3;%2SUyYcS(a(BjMvv6y4CLAw?)58yM`k2pp zH1lzfHU@l4CF$PW%PA_zE0WZwiLfkL#A+N~LjYDGJ>+l%hm#zuPSu<{fNk_rcfuD* zy*d3S7TgTEYjs4OB<|mRG3(3%q@NgeAtcTd%8DYD>&g_E|Hpu=?bRtGpp*_2)(vJc zUt}nUR=#(Gf+nftI+{BnPqu8l21Q^onX?>ZLT9n1h-GkDeMMv|v0ooFm;sIO1cpwI z6_FD^$4jpW4_Hnfzw`3&e(RFr!$^UwNA4L44Z?3W%09h3G?y1pS>8oPiS%4<4vU*W z3q*X*!+hfw`T^9;P}C1{+x5l$*A;Dj@e=bN=Vu>%{>yaV9lE_xG<5Y4!VyI z+A{{->4Vs@a^Tshi$sXg2jfMpxj1Awsw#C$)O}>Y{dEA;4(91ArOywzV+Y}0#x~>k z^XaLOq>kXB>Ad1Ft{)3(qoDdl5kpiAs|$H<7m10=?(&dyOh@DXB^?Lg2U`iv zp9GUn`VcagEP;F57x8-wEK&(ume7HiVlu89um0{OeU1PE*L(DU>tD<^PTc@M^OBaM z(jdmm!np(X(*thZfcf+Ql0T0q0QKgvLiFo`vY{*2DVqBxtFs=lt5p9?HkrsH>J3`b zzdRUD#rRcRQwdJ2@Cn;n zq#P;gwjSc7lutB`;(=|=GDHeq%hN$vDf6>@`JsHTD^u_hFs3@c%^ zC>fXdrEnC;;#mwy?CvfQhfg++Fd7R-Vet~Tiwnm$1Ix`K)x1Ew8w%?~AR01&><5y1 z4abMT7~tf^s3eEcd{f5{l2Hr$;;yJWeFd-Hs+$ zcX&A-)`e!~F_cWo!3S*6cT@%;aCSc3j9vpq+Zf)MY5Y#lKDOB)bx7h{lz`bj%=l`M zMVXE2#vU0+Mk=uBQw%yC_sBzYh^UXioPAHclE##}{dY0Sj_dTBY2OP6EYuQlrQp>w zuC)6M)YG7LY9+X(h+B*`X!65Z*xsmoRK}ELM%Yig=9%mInAr#WkOiXRBijFo8s+wQ zsL%eXFYGao^bxb;&v>ZM{Gw04rL(w>V>UZN%kNyxud%tW&;6v2tKEZr`4I#Ge4$|^ zuPvDC3gKl%A+_}dQZ2Y|qw{nvdtG02S05Mg;G~b>3&dX1eV*k{ysyB|;kA9{rapIL zU*RTxH&^!AtNYA%``}%okltV0M@F}+`=W36p{Bd4&pg=`--=64bVXnEl|Fk_pW^~v zuBEjGO{5-drRob$$4ir^#{M-ryd2?zR3<0nlaJ@y(%Pf)rBNy z#N>J=7ezu|PCO>i3S*7S<bccHW8-c#k*rrSlnCa zi9E*I{RNy+qc7>DrgXB={l^ApHo6ht4*9mvx8)f}cJcd7-xmH!Tb*(IrG9^SgQGyl zx5F7=x4 z!xh=yK}WvcZmhPTDB=?!HKC#(yGLOMZ1HE#oRUN{A8=Zd-0#Aly5jw=)WGamEcO)p z(S=~OE0v3g$K@wR|21@6K^dVIi^U!2Yx!i1Mot_oY>z~hReTQdsVpTO(S>Y-{<~b4 zXM=}71UM~&Y(ngodvJVW$4YH03yY{3V^s3 z)WU+v0CcaeFyXbVMzT^$dgU^_Tu}2zAC+Qt3u0E^ zG+!&aZ(*2>Nb~ZoBK#qUm-Jd-9Is?YnqVoA16=(FrJ$+EROG%_(#IRK#NU14=DVMU zx0SiIn2>Vf=AyepcmICT+<`%ln}d>HaR2$8`{T*+!uv1t_ur~>|59*~?!Td!JXACf z7TqJd|HDP|bGc`tVh4#&zk^qpW$&#?-xcey4PeY_+R>e4!q>PlY-rrL;J#uJ1-CHqyblI( zi`A3VAi!G)_f%YE*})DPpJN8;7K?UB?L34z@>XE7S>RnD3`MDm%4;sBfZ!SYPz<49 zxpJjc48Dc4roBHWa(PDConAH@so2%FXFQymJ5fUdE5A(59n#We`s)YzV4i-SR(_Y_ zMuEd~xDct9UBDAnCJPL1I!hOfH6pG=K1WBb-5bhd1upgMhb#32KdPiRJF@a(eme|U@yxDJ~Jz#?(noApS&~uZX3kgem29H(ppDWu77#j2Wa*j{FU8I;w zXd77JmhR~L-S$V_;a%O5BU%8x3>fCSCB!&uzESdOTC`iBy}g+lu*)cjEs6VJ`Eh7~ zE^~$~VQ-DZ@*~@Q z_myreQWtfHU+A`%cDpZkvu}RW6@Mo#T-5ER4?bBomo_<=W9O-INc(Kr{4q6uKRkSc@sOm8CdYPf|J;v~CH5 zvxVt*y(HWpM!AB2P)LU~A1$z|Qqcc9HaUSxNCQig^uex$6IXO)VlUB**MnACOEA@) zMOWZ_Ttpt}&~q~%@SMk<8;GB5jfKhtia6|{CH2ta{r&*VVYVT*1;G_CR;U$DUc?y8 zsK5T<<@SO_|GWgd`P`ytW4Bgpi^X=_tne?BX3Z?OY0||#E_`azJu^A<{G|Ik(L|M` zt^i6=Q}tvL?6nP&%s%v;k*ms?BH9`5v7V#C3s$ZKPg{8&L=|syR5^$-lpPqDyjdPW zT=(J4WR@p34<=P^-LfMNwQH8GMyZiv{-aE@>yGlCjmG#M+64hGcrpabxvj9(sZ)$3wn^9tzs%gx@= zZf0+@56T{KuN*^`e3jV`KZVa3^8}fF8ScFK3onC5^W&M8ARL(Hw6ywg;_}LNyM!krX4*xvR^s|+f?2wh3d?{aTA3VCD@t>GzYhwi>j`)d&H&ETOzM%HT<@44Op^fPtFt zB5D}RkWaJyZG-EC0{@7Qa`?0ilFzbNd?v@Ic}CwY?gTFS{e*jZ!aO@+o|(wq(gG&! zHB1d&-arDvM$}e!sYuSfG|B8B@Iw&|a;xZ643 z9_ib}w|%}X`!=2ufbGP)%k5TAse2%DzVL#+kNEFWu3s49C5V?U^B7ikj&|_+C_Qjv z)3YGrA6WK)-k-IJ49}*$H(0-$1Uw|$D{u6S51cDmre6n)BL6hO^BoJ zcqA^Qe;ao{9k(0D&4%&D!pgjOhc@4KqrAL8c@%lH{qX)daxmcGndD%I9L!-HH;Ij! zCvHscF+TvTcJjOop5cCoREJNrEA_4wCO0CW!UBfp7YgV7Hc8>!?^_bav0wJ>q;I1c z?SS7OmMym>6O$Gnu)+GnW2yZKS@Xl_iKTc;2|VaNK-;yt}&^ItXi%DD(LePjhhNuA%@UJKw{Gh$ zj#VHJBZ#LLNCkK4cmxkYm-d0bCQ#P*u+`&MW@yHoZDk8*y$SU}A`bKi!nEmmXyMN65bgV|cm^LO}onc^%{b7X}iUDSRQJ#Npr+`=w9&$j{s+j{P zu*U7TNe1#ozU}dCw{Oe7&H47wO?U#dWVzr@?lK!Z>+(x@;f1h0ajLxnoS0qRR2yYyXAY)$HxSLV&b4Wp}JSaiqdNuqc3f* z1CCLa1~y=BwjN}GjIA78P*;XHMB`MpE3uYM)2x%vtK%nz=}>LYZLkb?shU zbziIwxSnfjJwK_nyZ!O@^6ho~c$N@09&RUztl&NgmqC4jt`gLzh#@H%%gCU!eo?=`6o}n}_0Iz%y?B`9f0sQ5}F>0g(F)bEC@$c zMoP28v++LwW3s7CPeo3(q>owVbH)59E8aNYe~D(auk!ofC9^;!XpyOjG^+**oPFl~ zTZn5A;p=SrF7WMadehE+_6fTKm(d}XGk?>$o%>{;iZ=hp>xBt>>4z|+>WgHfsqZ4p zI$sM>ghpwK)Su2Kp>*c+l&e=J$?O@~zOKHQkKhb9Y5 zz-NSqPu9N{$As0l_I=WC!txnD+CKcQah2eL1Rh4Ej;(#7D*AVkis>Zb>&-##)dUK^ z((D()){=l^_izt;yo~O4PpuX5#K}$lk(n1AYTn@9XkHV()*KkV%DlquZ}tseWLZ}flj#E?FH+}LAr!0!22MO`|zZ2ykV4Nw`m^1BP z%jS7~ZYrDOviZq|ZTd{pKGU?%H0?9Z@f9BRC|NtgUzf~dFbt^pt!?j{-}{&9x(Dy$1dI z5p#7mDc>D2x9G^NBj$E}{$NDm7=i)RRvF9NzQ{~pWZD;*_C;p%Mdq%N@Ia)%{Rx1% zeK`8=u)TfQeSbJUyApk(Voy_>&lMk-(Z7Z{DDF#_#5WDQ8;9*}!{*lE;YJ+Az44vH z?uWzX-eENTKODCA4%>T%?VZE+hr{mPVRO&$_IHj9JY5?&*9`nM9Qa#UzPF0AZq^Qd z7rWQAaE)hx=X&rL4_CzVqi>oNY8}Nm{6zU;?r4OVq*%d(xjIdg0!JMtpIlOl`U$D6 z+P-?y$~B{&8XAE@a=WQ>YZ2Z@@fjgqHQbpjqv&o~zuA`U11?doRvCGV(YUa6{DHH5 zF{#u=MV*v6S7%PzIBLuH7xfbh-b?V3;sH&>L-_*F*iwjOHHVvg=4B~Q%l6j7Bv41n zd+`<<0X=oD8+{`75h*7-8|p2B#(JgXf<1`_h?O9Dx7;Q~zvvOiQEHMPFY@v~+M`i3 z=0?+r1XnXRb3<`#W`$d9QD2Ng6r(!{O2XOEJd%vgV;~2!yV?cu{BQwz=lwH^z7Irx zE=m@fMQ+Q@ngxu=VzX7a<(8T`b}>nUw=QiHQE0<0jh98+TFNE1+IMSh@3zB?vfb7z zNk_O6MdOb4CDw25C1%I%x5CFdDr5a=ds`_{*C59jF`otqKy&gY8}OKKT&UWY*I^MypZ@DD_qz-)-72(*&(|Ks)liYN~-Oz2o@ z!G$Ty@`-+;ZexCE5*+QnZ&+^TW|Q7x%#9|w3Bkr3n~-o0K0NOpnR(^U zRiZw9$e5p+g!=RMnB-nVPVe+b#{9q}cj!vIxXz-$v4co-$nD3==Hv{OpIJ6%3x$); zzid9EJ!lJte(lxS3(r7z%_8_j=L*xl!h9+_Us=s{_GWVX@UVGA*>!(8Y#ti+~ddu$p z{&AwWe0fyIp||Yn;i9+fqHFUwewyI^Zyre~L*&m@z&(#qS%a3&8)7XLVkE>98L`{s8f=CEfB z@$2bBq!zwq2%7kbA$#^vn-rct6te$G%tZFO&hShPn;Z1vHx8R?vVpmI*xaTg-yb%2 z=o2bKDbFovUi%_5eUWKjWZD-&k~$ZeAM>bqyEqr0F*5Mu;ppc@h|;{7{qFOp3LQ02?WJ$xmhy-G4LcsWMz6w@dBFNm;(x*j7Byi^3Glb6O(Xt z)#GK_E_^0QiVr;CJKTwqCG(IJCX(iAGL%3A+I4)RW9q@lIjK4!{wQC(IjV^2VBHo6 zr4IRjyda9{sT8zMGr?_GW$5!b$Qecz5)4qFcE!(}3_dJ%tEQ}T^1;m1TA97>s=F-@#2IXPlDs} zXiol~+UE(sSHvN)tfiB4utdk_I0kQniV8=&$fu~|tBh;_5V9UdhTt=K>N5BY|7%ba zZBo=~b(7xjQXAaBo%LpPm!6yVAoa%f{fNbKM=av5PI_W~Dx%8(YvjA~g?s_FLMd%X zLBThWFR4kH2r|LD=4ievH_ujtNT_*$yv?--!PUQZdORw`(;2%EkuwX2xAt5fq;c8G zuEnnvUZ+IBO0!ceNa?>D=odbQx`bg`Fk_g~pw-_VqBOX;KoU0%&Nm76EnNYd7=0;k zFU;eVj4Ee(aQNB}xd7)7UwR!*O-K-^6z-&ukcOz0&at!0!2^6XS7Omt%mB|_XGT3( zylyRDTT6UB21W}qAlVcc&H>D__)zq z7ns`?*sT4^0)D(|fw_KxePH~>ob%;#f8j!R*EoETtd zfEm}2a#5ul%=_do!21Z;ad`^=59y>GQS;PRgOfc=QI+yO-r^j}_NnND!mx8P`ssNE zSMP3jUPVAzpHx}3 zopNY6$T}OYQoT1>T_ST76|#MBZg{+zk^_mGLUk6ux@&f&H+aP6pcIVvJ;2$Fk;M#b z??93#L8V2HM;f@Zfe5eO3bBWFMo=n2J;N|m1Q#;_bP7aCLWE%wLXksO*Od4=;AV%4 zb?6i_byJE$r=`GSnS34O8K`d)JjY{EdH%^%un7LfIJBWWp=e1yB*m`2$?&F;z!%5P z0w$TNabU6@H>DI#sneaftz~zTZp1M&CuBYf;SFwsoH5J3#W52I+^JCyFAgh{JfCu> zJbxXTvCQeh=9>XgL-8>{nWLWq`?wu04u53FZ1^2hS+92|z}46rQ0KBIbx~R%{+zXf zW;pKmaHvvZn@3ENpaHcTctVH@rsRGl z@{{TGA?B*U#8IBYUL4}%Q$gyr$u=G#jtU`mtBH>(2DiX+fq5v$i>a8Qauwe^6VG%*I0+trNhE$pbSMe8hRc___e)m#UL2xld6-d%Xk$@IT~IbTzu>1@`^V2k zX@8Y;liC{9I9OD;aIwd6y~h3GMPrSG&feYFJtZsjUv2ult=_bay=S4jqhK!S4ZqkM z{;*KHccK09LU()T$PWs&yBFHK7P{LyN4{UEJ()|dh^k+U(yOBCl~MYQsIf_21_Hkt zE;s$C=m~RVQ$@|rrth1#w$}OpWNS;*M3#3+`;?B>up2unDAQO7Lq?5aTByRXiOV40 zlSq6;u~ii2(SF_U<5I+acTHn5lnz#v&NC3HAsW&Zo-+1Hc7hQ__Go%2bV?~ScE~^k zr^vL&poR*$R7CRTYjOvsn^1dJO?XTiyhOIQMf4}anL_MU+s7*;WSJpi|9Bm=BSkwuoLIHgMpR2#X9p+Pe7e-``3a^Txni1H=Z-p zhO%^a71C?xq%eii>|*e!P=vK`ODy4hmxw&U&eh8|Oe;ZE>rlfsXF zUU9|9(m-j*rXhorCDpc1FS*%TQB&?(>&;@1KVPmgf-XNtPGxk!q_azNq*-yZ3%sr6 zvjjU#7A3#0CT%p7f!m*PZrLfjLw_1 ze!uib?_6-SeOv}#sNx@Sg$w`CG|x8OUz+xbhWTB?Jkf}L-3XO_Up*D8^cKbi?7b~h zOWr}UW0lCsqJ&B!vXJ2!%L7tdYC8*boZL$ciY#L=ERYUdUh8sn)&MC@$r>{*P%dxT z)VBQUf34`)5(-#f4&gC7bBnpGa`vh7qI&mr*GJn=_zq!-DTXHUZ4c27&TGWma!2yH%2uZYmV+D&baBu#>p7<%vrvRC>#U zrR}Ky#_6Ku*Lf6b&1}YRF&Xprr%K8;`ChsnvyryZqsj@7BL>!Cbu-lXR?i5+Rf+WHglI& z_)NDU%^b(vHua@dJ{#M_OELPgnWcIES;ct?SlNnDV=_zPR7fY_rP-6a7B~SW!hqcl z#NKV}{z-3)1OU+37)727-)i5kU)M9#>05k}J z-!c7weShOaL}`86M(0~1)S}bS2iiRR;YV#mIwaz^+AJRsW0gbKb$l~(2%tHjgcvkj z`i6>BZ6*mrcV$uB7Y)^Leybs!m>?)p&hEtKBkSaIBT`D6lnT5qQ!`ny06ps)t0gHqZk84A?r zP$~ung>%59a4#DqD9qV_CV%KG8!RZ=UAR>qeg^>#6CrO`R_4xmTH6ua7O66_J@3Pa z10_apTZ9=^ZXYhi9Y-!A@~y<%biR+805ln}rNRenWYdBs(q9}vm8?=}DKxl>?h*78 zrOkN~Qhk)gGPe_#M{WUrIK%SZNe2tul~k$rBbh?OleL^^+sHBb;83}vfRK0$xqv`V zF;COo*&!mz55I*qP#z=iy5I?M+$+}wvZHgNvq^KG`D{hIA( zZJ+g@}!SNem zG_=FY4>iBvkqK)4V$4XkK2hIxP-KF6;gz~(5Y`5RM{;>80T6D(+luJ=PreHiE7_@z z^%4-rvhe4LAa~B`Tr+*{KU^oCPu0m_?v}dMU=gzCw_-|p)1SQilL>coXEGb0(gQpu zRgyFi>aR15TJv8%;M;+6`qi17r^Hy{`ENqmM9qG6%vHb>!6 zKm;aa}7^3U4#M@7wXb0u#u*=-d)}{d0luKtTrPyJ?l6zq1WLuww27_T<;=G zenq}Ze~_@nY%*;swTfhBeQMLvRi?-Wn`0x?l=EZQH7!S^5;iSIu&Nnhs1QDn3nDVF@W98srqDQhooLO#nR^RcgEQVJY3Z9ahuGvnhr*V|$mol?=0f5-a zNL(PrNmhRAtuu}vz%c>(D>x?YDkNzE-hGzTK6TXXEqLA0!dwa>mn((Z;%c6hGn36i zPXQLMyEp3dzYk8}dtV$aPmGU8vqpJ`h7IS>nN^siKNM=PA7{1O>p@P-p**lA^p7Nv zQ9Vy`DNJhJcyE%L2!HFSs~>;s8k@B1)CcVI7ZE z6_|S1)4mhHT58&%MT3zd!pRFB4%G>uP6iw7_l{|u@kq~ZW@wsS2Fs4t@O7>8MCne~ zlwY|?M#I&<-PO0ZS^rV>ZS9}5(I!IchZc4B_sn6N%l1LGa`#A&?auccSn5}tPWcQI ztVxi;aVKVQ5c?eKi={e67sTyvfqlo*z&jgvfsMmckniwvGbuN z|DCmfsE@Ma(6PU4dEFCndCMa_{i)bKi3HmIyEI16ySIJWMA`0QSIs%z^%LRprLedL z67SJ?QroT``M=(%HG=?(Xn~P|D#iEXfXXJ?G1mUhleYM-^YnW^o386@IyTCtPi3YO zcOouN-(i5%x>+8|V_-s=tG3+g@X?^kuZL~{lgqx98$&%=E{~94DPK6ygJrSuE<4R-Pi2KMR{A8{HQ(;BDISHZ2m^{- z>|u5XxdX2@rX&urGmyX@62%JKx~lN?vp9l92bx+(!sNKE&#mLx+p6|hH!SWur@3gxjLC!P# zyJ0(6;AtukbbA(_G=GDFt>5O`cl$QpAeP{A8(fvvQILR8yW*}oaaFU?l93Q!uMkGf z>^lY_l<(QGSQTzN?2w>AlC~fLjf&6PF4d%tcaEtFxsEj$1+c}dAa3KRXUFsN!*O2U z(=(;Y{FnieibJ-uHz?e%=G%oEY=1EH5feOu6#~{$KH*`#i!le^#Q5{m+oYW=M}<)| zG>g~@kW!v@01;{YnmC`uY<=k_GgUI{OPBF66bzjcQu765cV>cr6cD%hAATHF^Z|Jy zpnI4}<&nYNY*ur!%y(i?U|L}vV$Ztbjtv8w?WcB!85v<_qdgLOmhN1Do$wv03EhIy zkZeBI$Gjg3@4`IxK#7-vYKQG80Yb&Dxd`MHtV08AE%K{!cZJrS!n+Lsh>yVlqJ((m zCXLcj*nJVBg!8j?hMRa@sdF@43wWlUU6zqcMvZ>fO(Q{eCm8=Y>w#iF-)2$tjSX%h z7%IZV?T<;;;>!AdkLpV0f%fMXcFI@cCz%(L!`!KHS-H}r= z*X=&#pdd#5Jk2lyLEx_@hMl%27{bOGHoAv;#)AjQ7DI@{@p*d!Mk2`hTHG5q|HWsaAR;$yMAV%KxASI#HhZA8L8y(c&y{ZAT#h;6PaF{BbYF}f&gCD$vw%DxUoRBCf!tsJcEMhO z>%opmG-^k^g9>kgZEuy?rLf7m^HO(yf!k80j2rI)Ot5q`gLaiawkIPIn^k(KYMqnN z#-cvli{zx#lvj$kY3R_ni7p7#FV;Xx$k0Giu+d8vd$~C{ndAxHZA8Op@&-ZuMW$Uv zhsiUJ^XX)i<25Kt7E_g_;F0s)0Q-AbNUL$%JMZ zR#|nv(n7d!;LP0MX`mB^E-Yj4k8;6kqIG%t=Qy(kJpeOZIU8T^C5kaU6{yrbI(H}s z*Og@LN@J1;a%o#Jje9hgdiI@=A4)Ik(sFRei#&=6$lq=@<;B^aNGRIpkX>!%yK)hcXd5}16hmY3+y_!<9iro$6k$|YEe zThq4)#MIHZ#cL@~a&9@_SLJ7E|A5!ww$8J~rI^Arl1=z0=7cC%>RYcR+ zJHM z*1qGaiQrY)Ii!}zZVD?7ipW&k-wW4D6O*;Gl)8RZFGNmTVcXI&vn}aZww+)LmsyTc zk+8klWw~vO?CbZ0--h{&*cL7e`JSB@`p=rbkFG;a;O}KYb!ORYw$irU92?|&gmZF* z{b*S$IM)(qKTqa4vm6ED&y0D*P}g8woF_RvAzSEp5X2uaZbGS?n5j>qCJ$L$F~a;$ zjivptk-}VVBA6*!<^u+vdw25`qM!MLF~2fqYl9}9M|==WNpj#ux}#Tb&%DRh$x6G! zFur!~N@ISn?8sk37)JaBWqpyH#b#vZaHm9BMJdBX_I}-Gwps1_iP;0R-79x-G&}9y z-Db?K#$a=6&486p1dg9cqNuHnOow2VR3{8CQ|c_u7E9KWgEquj+N zJ;WY7cqr6qlZj4H^;4WjHX6IZL{wF$_F!AtDyZIxl{&~u=;d=1x-28`7+k)H3mApM z7bXAuuB;xNw-Cddm2tWPD97Peq-YsQCi3Ww3qxdVnOhkpZ^ta#0KJW)r>u4t`o?;B z9y(t8SJnU}i^w#f6bsCS6su4$sy1WM70TdYQg?}S_uM-Q{SwYNwjj3xTnWgATO0^jArhq?nL?rjm(k&K`yq8k25b;wG0imX1He#p*T_Lk~F zUWnM~7F$RL?lekTP>6Nz>zRfU6FqC3;jpJ~sM|TQrMYx1aS0M;zI})vfpSIGi zLN#?Y9$opboA>V8#IduM_nYSqE^d}W)a}J$jpyM z04@A2+P`9XY5!VtJ8`UsYQ;!jqzdk_b6F7oiCJZyd#gJtS`VL~BoMT>s+M1oA=%G1 z!QXiNxVav~TZ?KLen1lZ;o*QAmAUFY0PA+VUB@S3nS8od=Y66ZE$OtU)a}Sb>#zh- z?uJPuJAwbMebXKF6obD}b_2k?>3`#k@Pmb_ryXB5>Ao^)u9|dLPUcRKABH{B{;g^L zBL9OENHrcF-!dO*xsSH&^9@B(Ki`O+X@tro!Hlz_i+0}(L^A(_Jl0q5m%+UyDNAcA z+YQc(n|%*pez;WXFr*;@aS$?DS~8M}tZa0HUOcP&_P>0arA)iu_%F`4yC?_A>a)!9 zF7hh76;(W1RxQu1aLdybc6pOylkA%nDaXw6#2*Wn5AZ#|B4k?{tW%<>0UYc`kbk7h z(!^0aG>@yeDU%&%(sacw+FD#Svw+tjGaRz~c%^5pd)k^m1E`v4cPvTv$snO4?oXB? zc^g{u6ck! zM3X#cs1(%vo1o}P)3M!F53~330?{vR{(c+&)aGwzPQty(al@?YRBzK7_7k1q1lfd? z^XWP`P;%ke_-VOJ3n2r^4ZJ(i){@7fFPY5uVUjH*r7)kbjmTiKCFvhO}$CH>Bo*8sq z5MEEsKm}A)`eL+v=-KO^#Qqegd=WGMxk8=&imW(?vK$r{ZS$Zt4^deq{hIB-&3&Qys!cDq z_N#E5or3_=RW_W9S&JnK+kosx{)^4Orq@|}t!+SDqVT~m`gv#{4)b@1_Qzp#H7;jV z;uUrXDKbs(ffK;dJDZGCNofrAS~D5KS*9Ntsg{PiFvC}qMqizaR3G}=7Ht-T41L6C zk4G5*CX3i+!##$762oU^d--%>oQH*PRN`7haDT@z-|&-nv&j%YsNy~ooE?)on0tF0 z4GZ}{KwZ1e0Wa_3eS|Yzo=lfwV|)Thz`gS+Lah`~XyW|ua2xBM;mPcd)%tJeEP%fREZ=+6|1S3V{SFVkA z3@(-^f(u8J6d%Y~AkI9wh}+(j;!_bXfCN3q;8+5Z3W724ZUd^#SqTI@bStIJY53K> zBZ-+X7ogABZIkpF4d3Q{+vi(~X61sB0ts|6(?pAz0AL#o_6l%&(p5STuKDl+) zIXN`*fqiW45p~*u^;yC9vK||sP$_pzB^aqu*riGxEwrTIG76wYpGLpu!RJb2dv_hOe6n!wv;r65s_sRN)S0Qfvc=cq!iI-th zBD^2Ccl%-L_ibgyesL3&dxUZz0-oqHgTp%A`LFti!VfZH?-4cB14VtiV*SI1!I5S; z>WT(xr9qEzwYE2pSDyV9Y;VbM?W9`(GfWLx#%+|XU)hpUOaNa45tkS|ro`}E8?Cpi zS-9(M&bKRl%Th*E>}^BV)-2JTNaX{Ijyn}qXnt)PIGf&TED?Z!F3x(nd><4^G=MCJ z)_sG;0byrYa;~u$K~qazK-HOD&GbqxRh75~J!Y26AbHXQre)?dh8mQ~%14jG@YD3T zw+)h8GhaIeXS7RTeTfoS3}Y|4xf%+h?SiY(7*V& ze;a<)zXKl4I27_6l%yFScMVj($O@wO#*SeF#lM(sJb22HRQK;V8;F_MLQ$N>VKnR$ zq1hDX$a;l7k<^O$r?z;59En|=Js+}Pdpfj#4$}LohYn%Q^Zj%`ZcAJG1*2^X-O$D)(`tKAI9NMJ&U5G2lFRr?)-I>{Y2>|BIu5M>& zb{)|QA%>M58j|fX2hyZAyNXTpb(U=8VSh^y2r>7XT#Jlhk$5u|7sziG5^l}Diqzfw zt{0M8W)?4?q;Q~LECU>a2cYS zd5ARud-kvlgRu6HVPeh@NzonZ?#Nj1>?jo^*}5|=2=uVxkq;8 z!rA5H?BI!7W>WkmwR&StG>qh3Xxmv1p~J7>N@@1`G8@XC_8`C~vdfbe&XvkD=&dF@ zgclm0v13C1on7WwgC^)urfQv8v{tIT>RL_AA;D>011JHDkyVg>hWMm+AItQF-Po8^ zFldcgDLUFxu~!F^JvA5SedekNCD80TeUXP&@p!Y_r*DpdHTY z6Ie^dU5Onm8gFGff;nbPbo;}({dzNZN#-!kIa(l3mwtXB)~a zaKX~f1zZ+Rk#cmmw+EMmXfI&{aLw_oNmtw;8B_aJWuj@n;y9E|FDdXk%7aljqm4HZ zC%M~UERChXbqct%1~+#&y8?;ACEBsV$cqE}BP9cA1u1ofBOfUYVRrptR6W3y_4ZtyT+^?ZVvru}+Ag-%^JtLT9$5N+NHJ1$crCb|%{DJ{GnsW~FlX;r)^Vs9t?R}e}iD-ibLXM!% z%h~n}9&lg^PcK2g(3*HRvp7-$GB)Od+8>OTl+&_V=FO3&WXFn)ox~q|m<#Rucn2A>R7M=(2YTw4*e-6wGq&a~SR(#iQL-m%Z} zHb?L_%Rvl#`kCEss=Y1%^K=T>-|gt&dyxWO04xDJkA?Kr8(nF$y{?6$$a1M>~?f-j$OpcCigEiQ|>w4#n-w%go-y)$t9|x2;)ew?k8}_rUxRqLPFz zuEaB>ixN!;By3EBf)$&SHGm3z767IH&EW?2d~DL=MCGqSukF2|cIDdB_Le}u@*km9Rl*5m$ zz}`O_+lAnKCxRZAR=FWCSas9S~6F_(9&$x6Zfm2C_%)wkN$G z3eJ^Z8h_$h^#Y-!bV*61TMKKgd)(l?F2W#6Nz9JP=QVUp%nF@Z>79rpY6vIjKD-#X z0CpFf+@5qJgQ(_|;Pa)vEsCxBxgLoNm3TTFgauH8WSRo{`HORN*&p%ysSJ^W1zt55 za$T^WH;cg9;LJ!iB1{>0B)epVuuvu%v{jbHV2?S$9$qOR_hgbe@;@`e#H5~7-Rw1H zQ6^sIgFOhR4j14dObs6f*H1tT#O)MLnMY&G)dVz>D~CGV96~i{76eDj%_A3l3=U17 zn@O}=D?)9Rp>vNxuV#ZcCp9o?N>PI}nMC<9LWv)0|mhmne={4^Pb$2A%zXz*Y0oj zMP84HCX<%CY)K>QP(`y-RwW$gLf&A-J5nKejX0s%;X zR6vz^!XWLcj8+A|C{~KR^S9^_Deb_LN^1ub^7<)3|F*szn9>xkH%h+>Z6O+fjJISp zr0^!U=`W#bi%0|xFMvVR^yHXXxP?CT6Nf?zpE(DwFutKk0JBrPZ4N6#;W?Axfb9=! z7<;mQUoQC%RJ;$OUWCU;AO7y7d;nCt6#k#M9qk+7qnMp6p-YOYd#kt{&1U`MLJtzc zpc1qcWw1UxGo1=u@RB9lIpPXy+e3}?*>}C2bvpPthW~8U##^(N&VJgCgu$F88;!f9 z6Il4=25@VCj^V6x1srK#j;dmu0=sdtP4$|6^#Rw*Hh zOOBkmHDG+Gw6Miiw{T(=F3cRL<^9*y-v9p=$PA+`yz3PwFk8z>Cz!@>LsU&!lB5#m zTQf>2q>|=Gt7+pbQ(x3tOm&Z++g?;d%UIZm$fiex9{<+I5L2|1`yp@HfH?RSM=b?b zC)1vTo+KVqWl2fFQPDcWCq1a==tq?motcs69}^+9!+C)YNw1(Zs@Z8ObRm}{Rz+TP zH7KW8pcQ6S44#AfniKgg!N2-g8y^R`=6R?xPR@#AZ7h&wG!4URV+UIQq1u*Mfj6ogz@hTAP*&| zSuSvBJXyjKD5wh1Nb9GlDr9qfyIUyRDf?BZP!q1w)v72e{g54qPV7CHu=Iqxak`%l zbVN)|g&tzI2)+dznA5|?X@Dx9<_t14hP>5Dp*f!9TINGsb|P=g=&bQ$Yfj0&eFW`p zTg?f^g;r#v)8g$lwHg&(V-$p1i7~{Y#RE-A;%|kkK~gh21ZkjRd6?(LL>1SY*G{3z zyVn;BXD*TCl>{RX0%gcy&oMY-LXbZah!)E_|L?GfpahCDw3`SQ7?JaL)(9sI?*sI~TPBfah^m z!it-JuBm+1kY=g+S<^h%*w320KQiRom@_JvJ@Q?^G1D)s=kBNx@ok=&AKqCrKdhDS z+s15A#s;NLDgLYYXZPfMl8F={QU$33h27J>+_=_T?2(fPm{)=%-`Uor3dF`aMVfkS zjF~&I76+^mn>P^>`$M3broW0;Y>10X6^iU9A4JK)*Z6}2_ap=^Yl2q24joQXbnZ()yx$Xl|&lMB=iVfCkjY<5!%l= zd!aL*clEQJIn$Yooc)xu=fIk(z@j8pM(Pz)O^ z`AygOhBIGu=2Ey_^JNjAi>>(_Xb=~9qT`9p$Pgd})G`#P z=SM#CFSZAuXTAHXnUc$HGUdjCw4V_a4@dB@odt3);}^Lqc$|QI5Qa0~clDc)WKd+n zX4-0aBfIt%H8{XPKdGAslYx;tqm$PGhZsn~wJjH&Tn#^r@fFl?Ts1nj3KAU-$8x2# zIjR@Q1XYbs=Vcb~B5$H#B}?ZeXevTCirO7(Cqyj-wJORcu5fL|O}a}N;eJL}oNNQc zJ`1W<#tCOt@D$;#7s6>nAA?H)v@Dx-hlO6`8R=*WvXp)(xC)CTh6&6H@(?s*;9u)z zBdcvb*5!{8LL5)FdE>VO6m*gD%^2=cNQT3_qEn@J1Yi4J!jPDfS&09#vF)7hWZ05m zqnLk25?WJWifRy~*aP#=5zko5C91B-9m3Sc*(hpTZk9w?`av4rn-F-QAQsF@uCzFK zo*d?aoA4}~oN3M3WEetGiatqdgcAN0`L))ZYAwIT$+aj@tLtMp6?-cVkXUD4$;GLH zpn;jtyurL0uH`lMd#U{e@^FT#V&>5vZjO}pfz|WY9Cf1rcK?sJkXi@?hF;QR0c$4! zWCvocF(tBj%3o43gN{%6D8^E?^#5vtf+|{p{-V&*A zB+>!Ec1*qTysUtIdQ6zN_LxMArJW0ZMc{EMI0xJ;4NivQKz5ZX84-Ce5|C02tcYS& z^aX?kCeI@QjzkRGFwRh+GOglrm5kc4T6?3uFn0@=w#{81H1oC6+8fTUybQRY#Da}L zz?EDLe%2LnFN+Ts-LS5TmjG%`EF-iDMaL(yg)BChcxkuByx|y+66F1zp$k!n5xuHM z51{toS+JwID{f}hsqc)<^|7T!^^Jr~nQOq%%rnwiW;;~I1+6O5VBD6Wb@~ygK@bA9r+iq^_b9&^7Z{9eFNOzj=5+N+JV>_k>8pYhf}+Jx5va?XeldS)O7=rF#(H zc>vqi!7cb;NJojznoJ6K3?;=HannjtPv+M1NOA-{k#k+_(;-uvG_0hUt5GL2u03Jt zq*?aFSxH*yugq;Psr6)J(d6L|#2O!lcvAv_oNNdv0AiV?I$YsYA%>el40|v=2e2Yl z8hl;2bgg`ECVcxk-;T{_^J`(B(_KA_yVtp<{#jG?`!(MVQ9qk?rQCG_4(nE7ii9cg z+7G`JMFjI-NvoHqd9)wW`7m$D`Aln?ql-EMhogJgbVFKyB+XUQAE(uO(|kR>KCRxA z=4I$G;d~Fjq1}z8Im)dU^C`D^dD6;K&SE1yBFGu7A^dC+L_LV+nJ9lodzftqD&AKm zON<6049U6}>L~^VnK>^@;Kxs-V?ts z43?#<;$5nJ>1m{Wjf$vSj_W8rj&Ic77^aomZT#g3K-6-PenN^3=`4gDBg z@Q@nnsS;1#X!i43K&R@QyQM@EvUqW!^;R-5$wllaOo4o52x(Uy7bO$LRQB?jC%<;) zmp9M+qDSo8c|=b*x5VTXbvwq3)QSfRH1MSnRXr{4}k13yor3L#6rAIE1eZ) zS3{LxwMeitPT1unx0w~rb`#~`zoAbPcANtf;iMZY2Pc_i*pAszj*NxlR8%nHvC$skp5bmjkFLz+N`t8Q{B}BBELB!Yz9JzKvJa3@P7JuQZE*>+e7V}IC5xsm^-8# zP_8|Omfm6F_s1V1Z6>1y)QPyRGb`2_O6VoH7%1^W9P9xe+zX1lw|#lTHul4qo{c>m zE0|i4?4cO+1tlZBl!jc8J%?SJtV=G4)+T0MlB`YY0kIDldO8gb;!SjZyUZUG%rLgZUA7$Uo zi64mGkLW?EUJ%cJf(>&~9twxN0XF4lkhefZtxsW$RRiZs&BoD!lSwDz3}1IboP#xLYr6oVE7^Pe)|F4mZX#g6bCAl{BL>ahwy-UugABY zz5lKp1KPql^}qS4SU6@z5C5C#dZ$rauCf(ue<8`7v@-EQUa`ooi18(hyh`WG6uOLX zyV?AGA3yG8JmUap&JlYJ0;{7mo6VY;1FY9<7d-PQ-xqE^!h+I~{z*RZJ0UTJjTT~d z$T2-vMKWan15{vwaPCl+Y(H`=nrS>3vF70h=|4@CIqkR4=+L?J`7t*-$KtR7A~tD>iG7j%!Xhna-oH9#$geG zUL1mbrPsht`Zhmh%lK#r_sawb$|^4)-YTq*vkb5%;OFB}UI@kW3LU!#pWL($p&Q2x zkRMBmmnbAfd>SEjN>`RbD2^iKB}NXUz7QYV=co5X-)hIyf|Kxhfmv0NBvjGZOC06kEi?9iIYO7IXi3}Kq$TAAk}-!7c7 zpBZMB1nl-C0|zV;qk|(tuZe`V%?{|!vC55; z?R7##w*q=Pz%jqzsmqMH1 zFAvL)-3LyOK(O&@qIx~l~4 zDg(8n3O2*U%fm~Vw2#F$3!^0KUs-Jl^^q(~?lek#!^4o-Ku0jm$rD)}YOx4Zk3y2F z)PeGSC(sCmgZE~h00qp!f6ZkiI|{#KG-G&gVCfwQ#?n{C2UZ&?cdf?6FJ<=>BPFlk z_ROV(vHE$7k=i2&3Xcr-5huc^fHx$`I|0NxGw8t#Rt~_+ti!Zbn%!J2q`{9RNnirUQKEO^xgb{CXu;V1R`YUGqCKMVtnVi$vBio%V3URgE= z7niUmce}-HHteHqXQh5JsVpS3MFY^_r-VRQ#rVEbP#>DvT>U2A>yQQ(h{$in;C_$^ zL-Ls@J~N^pLJ2gq044as`+Hk}@OnkWXpeJ7oTqOZqco65#)SH=t@a*PQX8>^*= zfOWI@JP2eiLTXVwajL|#@7rLV`ALYfO4T z>y?!QdR|pIu;sjYe^gJNQW(su>3!Kw$YME@&J(yFW!2DMJKQzR^lE^ zj?`t$_vCPjSEa!QM%g{eySJ@etc__rCLJ}nC_CvUri%XzV~3j7*0yPC65K5gL?eZV z4+K-;)Okqi>BM&v^AxD66yk=2fkYEJqmV(;RLBpH&yuVjmM2hYF^+SRO*p^SHyjLK{Yt;{p z{k}@8%*_t!+^iDR-X-l0Vk{@PDUv+(**{*Y= z5_78CfOjQlgMBGo)#k@3*VYj01SRPA{b~`Im~|v`m1n^hrKu212-kQ-!jO4k8WmSD zSI5s;&mEUxjTd-T=efn;Zhsx!Z^RWktUof~B(S4=x_GI-QiH1(*pC-ra9eH_9s;`2 z6!<QBt_a;yoq|p=4#+th$ z5#Yl}zt~MVHpcsGr?3l;V3w0Lf#f&bsh_huBXp2?CF8@JhOe6*@S6p*jCQZPm^}Kv zx80jN`>gLMuLRWQ3jU%RT%6QV>&&#YR6V?JjVZj6>&80wF9w%x zzE0~xnno0^elQyd4cRm-@0?!=zUR;1JpH_E=jE9G_RBH-ZMJ`>?A@AfqWx;4om-WH z$7ehmS$z7@bXD?7F*pgK;2%L{%Xhl)e>~%c&1Zm{W{Kdq6_W18btT%eOZa0rNI?3DKJuv^n=;`izcJ5vZ*7*~$<)N+O?szFcfPe&^ zgW||Pjc{rIq+v5a(Y!Pq_iLz|y2#lY+P!nP3PqA%tgk4hYQQTUf!R@?xf8JF@6?_S ztqVY{+bwBN$Fj~%iFeO#I&&$^m|1leuw`ahpiLHNBe(#Qsh^%{(EQd5j@;2XGQHM2 z;PvR{UuOI^6JSq*__U}01yi@i^k&Y&#L$Gt6oNZgCdxwX?I_|><9I;nDsLkoa4_@Kbh+W3_-@^H2sX0Ho#CeP?DIj;8Ix^e-qlrU}?l| zlym`c7UXbG1UlJS>vh)OL;L)Uv+mZh)15tovFu!_K1_7_@F;!2Q6%fb0^bMHeSRs7 zE)4-a#XFeb8!)b9BM#Q{Y1c|galR$%eEuBEFi6r8&sGe?1=~;B6dwxG(4U(9D2uXw zyjwqh+@>d6ccRUoz>gc-cYO@3g$RSq^n2Jzqo8%C309}XBjNLe^%JcE&hhL+uW5F5$Y);-%~fG^WoW(?M&At0bz#@FQgYL$X$Rw+9E`~XpC^r@D?WjlKlcZA{c{Ic zlOCjqHTl1+od>)fRlV5<(FHxqyHLG!YP`2q=nNP!hR-sE9sM;VPQ<{jb?OIRSjn_xZe>%#4k;x+~aw8{bK_oHP;L8`}Fqb+0h}{m@)SLJXXah^I*1 zQbvapDf|^YRLWqa!dRnKOv(_s!ha(4e;(>5IEzr?T;`<=Q3v6pBz3iL;x_Yxz-_zZEj;|6XuJ3V+rx-owqtbYr#Em<8B(o8GAX4aDZyG_vv| zT0N%yp9#1_;TPPe0Vj9ahU(OS=#4;sR+$SK>i$Je23ip>&#Xu^7>@8{KH&qR!)>@9 znNpf~L7TZuh`?HFuC(bZ!1WSsz4WQzeaMs%NwJ9~=I+LGAOrk@TyNZ2S>mMNy+eaaVPUQA~4Nxo|Dfgj*wf4^e!gm@QM-lTDnZe=d zA!?{7aH(Y;lS>jW9|Uyf6o4*{S}^FnGnIP5W`1Y&3)cUgRnIH?Tk$Xu+!dHGjAxF4 z#XUjR-ZyU8rkzf7*XXE8VO3+Wvi7PK-g)rtl+WmjAJ*XyHOW_ch!w+tOMH{yX<>rH zZsgR_xNf3sMt3Og*Rt#%l&tzOkeoj1XO!5&j^euOil*Q7Y#U zcvBF=hL>g+YHPu=6K!u=ovF>KSfwC_kR2FkXBUCyl3bIkc&`5sW&X|)kAv|N-GZFO zCdh(Lh*ZX^lpJg|%%5ojoLQ2@q{ITNmP6oZBXBrOIEqilh|`IjC*Nyx@(S} zot{(p0Aq5MozlyhKBAuKVgw9Q72!m2Ji!SZ8=Cl#PGHv^Ck#|v=eZW$hq;3`5eGkU z-<3e?qgm9_g6M^9h3tGX-}Pax+qGnCy_AJoS{I`ekr6sI+Lx239{`6k2mzxQ^tNOj z;)(LfQ!9D|b$x|?<9GOfeY{MRb~S2o#BdM6Tg6|e4_HegCL5EhrUNZ&-TOw0Vf^V- z?L0svD(9!_7o-RyPTsFV$)jvy0jDAJ4C4}Hr^Z$$M=zcx1nZ)gEhJD>d8<&G;e&J1nA9FVR_mNPf>^6KlDs3Fs;D75!Zm;a1keyYf$ z##$bXFl4*D<03~JnA3ME^m~R~0Z{GE0n@QGD~ja;VPc`x1XAvjpX&uJ-b6 z!XGyiU<4r3R|ok%$DfS_x6IQPa>WQ|ru}(l8r+K2*l*FCksBPBKJpITt_)3}^<9dP zQew+;;q6dICJXfoa1~#x$Q#l9SsZ^2FCD9Yqr7p-0|(125(M|{-u8I?_VD=T+a9KN zNy$5uW;E?=r5iMalx43{`8U@0sHaldI;Q0MirU$VbZO5;=})HAnJN7Y$? zm}I`zgYIugkKn%1Uhl3IY>qgn?s|8XYdXr^v-)tD#S|)7PZ``elMTlWRU8aQ3#={~ zHE$5Gu0d)N*?Hz}a=zh_MulW*K%Y_j0)Ghq3yBpc8*uwm-xjN&tPk$@{7*?w<-Ed2 z3VAf-8aVXY7JP@(89x(b$OeX_^Nh+ohd&3CQ^*}kLZR$2K?g9LER=h1P^f_sRg-$p|dIHuA~16>1}) zFw0S`0s4bmfb6-}l@G-!d$;f$t@~N9T!n#z5wKbCvCR!p`4LP6P-oSH?gLOQo(cwYOHCnRu@Zws zyFlxiRHzqmAidE#f6{oH{o3b~AlRJW-q&^+KY+GMo%(Lko$pbV=W+X$F(QZTbPKn>rfmC$T9#kCks6I&mu$;UnOf} zo;jq`2#P3TYe6B+NZ>viPTE{_^LWLAXktXPoK$nNlmOF0eZCunyqkQwBC zmS8%{M&y_KE8LG3&j;PKBPAH8dWd?%Q!&8_lVGp`SPiGm3_+%6KPH*l-Do<3f%rS2 ziD$}cPWx4vJR?{hNLiwZRS(oV*_N_ZQaw3|zL^VC@3bEPgW!5D{X_S#(I;=;L3bwL(d`$S9(#GsQIz~`=p2UL}a z^rH8I#GSDGsZUFWx!Py6y?~ypd|EzDk%dN@6_6d<4nYv78lE8@T@ulZzXwQr4nb@H zvR>nmq`inUXJPySQj{E#FmFvzlf+8E*_b!Q-PqFc{iWek{Bx{Em$jq8c-aXlq* zME)eJF`t2+fSEvN0@9V^?Km@r6)Ic_$q}+3iDQe+ zjKg#EKBz+KY$F)4kIK)lFUbFqz7bDJ%#|kl5ulOe{~?7$){(Fa`YHgFT$!~~H3sj9Owca`Aa z;FzT`#9yDwi2NgzQMkhpV1rBOM*krMkJ4{d{RJ*Vt?w7HCkdS^0T$*HbR~KBI*$ew zF1ehZNte&{)!ArLl^)QkU^Y+8X6=c{8JAf7c{-QR)c+(-H*Q&>k0ilJ2GsA2K9EM6 zrlHnIy(SrgydTcj@=2H=uSTZ{ye<$=1anX)=A#e4gr`IqHG?J0wO*>_I}$~!k5q$O zy3QBd!3QImS2aCBi2Y=~)Y&uAO<-PbR%c9ZSs-}GFN=~Lld}E|BQLZGTJC_Y4^!kPiAA{M1JY6zYEqf~=7fvP)mw6wR3L7DxO1?!JdRJisv<`T69 z@yM>CFZc4UcO;yII&@vv>AHRfbp;rRe}u#kW^9U031~HiiOecfu}E7q3r0@m!NN($ zzONfWC*fTP4N!I@b)FFmV zy~Xl9bl>H;S=W#c+CMp*P}nJ4yvF=cQM0b0h(3{%S_6b=m}RWreZE ze$9C#bT`x?+$c!G&33mu|mg!|`&twkWZ~UcP ziEPFFOs_VC_|_5m&sdOUvd9_PihdiCZR_{u5!rYIOQLyA#Kia8+A8}o_x4f`nD}zC z%{rRT6{nKii(p#kn}k8FDihiWwx; zm{ujUrNpmexm?^8cg8(&cQ;@-8G#KHuk^VDfL+c5YAh>D-L(1zP-nhMW`)K=p7HbJfOviX9s9hZ3)P)2NY#!!F{v>dkc|`Oji!;$Ueo7MX z^12$~%Q+VaV_FsH6`T_z(+_cz;3Z^q`E+@}kC=zAi;tg+%`#KwdrvaXg8$L_ugvu} zlwGh#2~REIA-p^rO(E@=MRh=06ghArE6R$4oLh9o?dQ6E?DpXXEC;sQR$_Me)x9AM zbG?@dO{S_)V)bWJdfupC8UJOtuWShrd#EyjX%LF&*S7u}TW$yFF6m8CK_11+jU=5p z!4R)75%C`0pj6$=9 z6W)4pZ-MZGT~$KqeZKYALl*%=jUAM&w6OqGjI%-gMraTm9TFT@yvOXgC{U7TPIx!S z^Pr2nY|(0sX>OeX+7_EnJ>2_F;#4DTa=R_vY}Hq-{~i1ZRVb~J!GI-Pqs$qa z963prJPEr9Y_94!GO&B7(c7TO+Ve(XOKLE@#Erlj=hB1=B4A05TDTWPBqFLipeQRO zX-QJo!@c`l+iX;C+8}~b?DnWhIA#w~m%1A1L+>dNHCzjAvZY6@`H}UX;(6H&0vx`W z$jl~_Pm9NrRJM~^?M07Kt68qcB4j>LkfkO))M<~T4nlwT_Fiyx*sKoPBsNm*_9?gT za(lB0c6Vz{-tCLmG6JM4W(n z<325rRqP2c$60*)Pwf4ybYP50N05GVhU4+)>to1L2O! zsVFEQLCA2Ikht}*o>b+HZp!7{9z#jmdy3>!l!+q*iwPbR@KDeJl`av6fiTCbl?07E z&xEW&7qSGIr0@@`duK)e%8i#q(gd5$ok`N;16b)co2=XWn~*W>+nDe7kPj##u1bdR z0J0ytF{y^oqhvG_Xb3IELH??!ehqox7%MPGtY@gZ>0Bx*>kJuVlLR*ClB#e>uwC7i zp(bgNjyw?VK_G|3+jA%(5%OLQL^4qa_RuLg=(&V`r&PBsRl6%40w6062sbf0-v&QH zUGH)4v{9d)bgOmtrg^-_A>J!!%SD6}YnMzzVdB}@!q1}m;|bIai!WRRoGR$FFh$OB z%{ZtHAaP(w1#$yzD&vT%32TJLfVJLdtCY!t#T?ZavChwJE&MLc1FPY!=RamWO?_Fb>vifnt!~t*{}jZ8 z%&j`OH(kFkUEWFh{LVD3iF?Xh9HFhaeeCw3z~^mk$K$;-W6Y8X(LFs~dL?CEO8IBv z`;jFlEz*ar7As<1mMJ34*D<_2(`&*J*_A%O0LIA_JbK$$Io`Vv{E({&lukx(x^!t; zU6l5(hA(d|yf<@&^!CoKpX+X)a(kB2=JF&g#y;LgDJQAlx6`Ft(&|6c{zfsLxTQ3P z4kfsa=_uE-!N}6NS0c_NODDXwz+!}iIlG0^Emz6H+0O9ZVcWvFkM{sId%9KkU#3fs zrPU*8|LGZZ{{vV2V_U8MmM;A@9^(bdr?QsKF z+#y#aZ~D!+bYrZpi~T#`(O&;ef507@Il9k==A!rZ6M`QD&*ncW! zG{OJ6K#PJfK{FQiB{LWHu5F9@;%y7%Qtt(MF3O<2H;FQ+;`S-GH=8hR*;12+9qhd# zPfy~V)NVBe+AVHpav{prDo5igIv2?#95f>w>L4qAgJSRd@yi+vZ6nPSR-|!QeqgpKzWg| z7#6k9X6qMb13^2I#d~j_E`}%OYypu5jVsO`Mc{@ch`5~Rsx*B2Q4+CU2M$ZxKQY`o zrs|$7iya>1B96E}Nkftmxef{{V-S6oFM|~GA{CO2)svYIh)&Yl1|9G?#X2WOSosF8 zQ1=cD7UiS-ztulf+S6G9@TWtjk{I?@EQGukt%g2_VJ{I6umKIKm<*9U+z{z-`<&b7 zB{*mTVkiqaAxmfpWglh2NN}4)2}_zmitG>FCpQ5=OpAQ?$$S-5+A>3MbJFp+RsN-(Z5EyHkk_vSro zg_}FM7u+CRs^2vDkEkFHr zKMfiHVwl9f2KIU%2Z!9nWM9+4XHAGQ!(Q#k=VmC-FVBsIdclcJld-)~F=?uBf(jU+UQON-^}N zEjbR6QtiD@MN2|T<{(9MRJ;lNdoUp! zvsN%D0=FM@`$((_9iSAgVwvcp+r|I^L)eZB)u@sVXS13u3Sj|a+CCghN!+VUBoQ$M zUv2??B~WAxPOuKJP?zA42;K!^(B#^=D=T*hw(Of&6L+D9o?#lsh^d8{#B)1V(=49B2r+kX} zC2#HsR}aRcymtrpZ+ln#!Qy6!$wZge1IT}bE+Itb2Zj#OpWh4o?i0K+A)`yENV_*3 z2>(q$3_4*Fv;~qZf~kya1qY%;q~XMK6S{ktqr1JJXL%FLGClDeK^;Z_!crm#^>Qgo z0W7P1TX4FnkBV`vIyczWtv*JJ&QRjJ7)3HvgxUs7?KVD9mq0SAS-*gyx6JjTF+7zX zUdAPLGl#lwR=t}vB0DCiW^m9aShVaYBi zvKil^upbCcf&CR_begX2hd?CLb1@YZZ;JtxRYH8V@cq0a#x%;~lL3zuKWO{q4zb#- zSKh?5_aQMt&{UWRnt>=eMv+ADitHF&@ccy-B6aQWx)S^gC!hsX0A2pcjdkKSQ7g+6aQRq`ycLa(fv+Hh2c+ z0ks1vo>lIxs?rRCI?A9Vj?j@xF)q>u;>jUdvDf)4*ZOLm{{!tl0=Hi{<2X5E-I>%{ z#e;9a4~6ot)3-hlUAIC zdO_KC+K(HUYVk?-W3<7^N}Z-g2+Rt@aAC*aRsA0-0BSirjv@g%!V1EO)%!KumuG+s z0a7|W^E6KR3{%(GXbsVc5`w6^2sW=md~K!+BL}#dOs#xooN+#`dQ&l&bm?@1Ww;$f zU3=b#6-i0LVqB?>q_C`0eQY-5z_|dEBn!3*55y|A6GLjV-q&$}IkzW)zyMzVaR<=6 zw53yQGDHA6_?!am0Z?`|V=rgOg28H93;h0M^_Zp^c1Qs9I&irYnggtJ%&$v?aiGX# zixf`>MshcowK#P9Ta#SV{)|(}56OOCcb;U&{hs{_QxNK=vU{@uFql)-c0(p01ekPkj2|F#)Pe4*gH(xiEc;hEjI0@b$y$z1P@6G48tKxTeP(#$&Q^%e#3mVpmiR`uXQ#b%mRQ;FoS`M z1u{{d4010a|1hqq2V}rdeOZUsqO9bX)^GBAx9tf0Xs5`J_NNG*HTQc?U@wx_p^uf@W&J2+Ge6H%R&G>HlJ`9rJh}&#o>u-Fo zx30_ELMIyt7O?Z7< zx9U6A+%9LA*&Vs~3a3?8cQ7FYnEwuCz7^;{6TlRQ@n6MVm@!N(g0rwfvDD&*cMVZX z_97L0ynZ2$#9X$Ra7?M&khxCTM~R}1$;9hwTb46-Z##oPUiW>@-OTdEoj4^W7hWO| z0@4W0?`KJ<2;V6?Z0ow@>~i4|1M_{jTk(3KQE@b2&x%|VuWJZX2H$2{ zCqImQJ5n*_5!`KRb;&AhY8l8{z01c_*>q-lYacb9A-?8WM;v8jxU;G zJkB1L6p{0$7ceRp&R%SH9A08~sx8ARy38!i5Y=7V#ot-&Vs_4~GAl>lz_q&#?SVVT zo{NQV$?vc>uh!)YZXeD#uDRplYtAQU@-xooW?cENpHIr4d3{oce|Ela#uJlzCeNMY z&X2w3*W|r2uQ@;I&b;>g^lPsCe|^(`R`Y*$J}JLENB$(vo_!Bb&a%WYm+9A&iF1gc_H+7f!m;_ zt>5@Qw)NN+Cb!b$MF~yDP2R#Fsa&qBxAPG}GnNx_*?b|&Gj84bIEviS5#;%fAdkEK zggZ0IZ$&X+F)@Yw7n;ZI9FMb&!vA&i$+A$W&G@}@#(l}PrZB;|DPC1xtyNBE^VM75 z7kGlX1+Bcp*S8aU8=vdr-~KD*zW}(2GQWXdMB-p@demGQF2Dj5WTS4O!a_x&FOYN{ zJE4y`v-O6sxmdg+qR-45z{~AHhTxg5nL%>edI{&>w%rxvf_&lCSG=l_ z^PT_S_JwdykG@s;EF`xoa?3QI_bcB#hakS~d98Oi$bXwU2w$3{T2ELDJnixxXu+5T+Rl@7R^ifU^Ee_f#O5A6dujJaxj z#%|Yuztr|Ax@y}iQ$Ojp8NC4iejeh}c9%S+X}}?Wg5+kS%~tugWyzj-8I5>hIi3*YNpae?86wECKFZb22BB9Mhb-fK@# z?^N$%UZ8Z8f+XBdF8i{z*Py3uUM9*!krTFE_Kb*{C)tm_?xW5X9r69zKJfZAdD!TS z$R&lVu1HVrEwW#hVRnsD@I+T4HM@7ZJE<{oYWHlb%1ZkNh01D1RW33>Vz2;Y1aAoM2IA8C=OrEiysk2PCb(3^f5 zba1|lmr}0WlM^(&lHo`f$OD?~>_i_pv)osgS8G1A!e>uc+;0ckx^sQ;pl!7EW(KlD zT{hFmj&#}da6D#bwGE|5<8eFDHWJP9C+*beSY{$Sn`@@BJ8;dMc%GeZo1LB;&$kQO zc1TadNH1!ems^nCvCC!`Wq0aAyGOf3_(olWN_^y1Y~Sds*uI6ZeG6dw7Qprm&tUt; zX0UyeTiHIh>G%d5)buIoIwmf7;F)Uf?5KoB5eVcH!t^ ze@BG#9W$iy+i@8kw0!<9@O&%B-@tyii9I;8=j3X$cX4044+&!T>D=G$S2(~*K8iQB zA86k^ey}}g6!UiXVfIjUm^rleHv85BcwXuVb$I7d=E&kP_GopCI=cNhd+hkz&G8fO zF#k67F2~cpw{U`GjH&l`p6Gbq4;MaaPf{OMCoMpkwoWD1l~97^`=%us8!e}BmqYBv z%7D|1Sgs`tl%RGv93BINnnamyRQ(&o)EI8SaB{P|(QbERQ%yRas758Rvy|a9NN~$8 z;q;0kQ#JtT=t)*s;5JDfp2SRatQDgV)oKIw5w9`OY_M>VS)-Y&rok{mG$^4Tz=S47 zK%6YdWU8%1@YcO^P!^;VE*H!S^sufH@_NGTa?%u)ZPpaf4in@XN6VGH?J4F%&TtkDjB-_E(sn2Hyi?xkM z%5)~3Nnmziljn-T5sB8MU|l-u zwO;RP6eKv$*T}B+ebL|EBQ#Mo(*c#$4RC(uV#^D=!{3sFq5cmdNZX`MB?nSLkD-H| z#vU*TwMp?vbT38R`$S9MO?!x0Xeq~SW$t0I$Kgw+Vv5jY8nF)H(x~be31oHOUbvhV znNnfP_9agIf*U2N7U<|6JW!JO#IY?Rq9^;}7BsYu6(BH(%Ow7)rK^#v zeS4uIZGq^-Wf&Zv=!mQM{G)D{h(DMIo+45Abe4U;IN(Zzr&D2?GZVL`z^OWV-9Fkx z>dU?Xa)a!e&EyVu&^dHXA9}kvY7*ZqoWyx5_P-CP6Laqef;NlO0w_knK@tc9U=WUB zg_pqu@WVUBZyaCja0ELX{IZ0qsuXG}&Y?=Lxk?-TEy?pm!%E&4Mjw1p8uS-Qe@4<+ z)1JZG0jS#`%jHDISb>orfa^l@hS4VH&nNFw7#=PIMW0RRLc7;@jq=u802ntXQJlGO*DoHA^4bd>-8YaU9v4OZ8XGs~cEA=prVeKjInV?O` zdBq$9kHVR=&|12Hl#fFg*6IGWTCLM>Tq|khW6AwOZye{nAd!t4t$T2?&`vnJ4@fr& zE-=Gb;vh-Rg+8BvJLbGNX_FNM=F4_*MrJ5=A}+}nsCJn&!YDA9`zRI+i$H*K#kRxf zL$gH_ze!A8f;p_zacBcJ+6(mtQ5mgr`w_QqCb^k(U%o)bn+|UP)P7yAW`f*=8OM{u z9bt0qQtn$U(E)BtRpX$*@5w&Z7WM?)xwf8aHs4ifN5f27H{HRp<@yv+1>0XA6E&g> zA$OZXM_av`s(wMWbpW2L!80N85Dvs=5jsU|Tkb{NB-NTgUE!-AgMAGt&)ww%`+lr? z)>m7sy3NG*8vj83X7!|re`@^I81V0uqu?lgBo6j5K_O&%;?!-baH_AaMg?f@$Lg*B zO$`Qzp)IeY>pG6veoD~wQ=hl)!lw|TY#$8t4<#!nkPc|r?>5EniYt2nQ38@2SCEn`yo~>}5uWmN+kBq)M)OUsUZDfYz zW&UW)*F(EMkeuhM`UNWW4?S^Qyk9&LkG5g}8|;vp=Gysc z5&Iq0l6WV*OfL;r;Lg5t$Ey0u)QZH(fDi)}XWg+JDb$W(#zBH^R#VPUn;32JO~Z_f zi*Ux9Y6J6oA8!{18-_v_spqOBY%^bOH@~jtL|K6O399GJaF8KP4}{AkzU3OfY3G{K zi%%_rDC7!i60^XjSqfGua^xP8U#%@%nsaOB58>@dR#`7IFbRl(hnM16Si z*q~Y^OKh^dOgIuGUaCpJI+R#^VOYTE#8K+j2U~%6fjG>FJIc9=>;^(stak#zoYED- zDR42|ieRwxz}!%R97=S6tV-+jEJvtfw=b`ScexBBoGcl#?p1JCsrXH|)V)}dq0h41 zNt{iYDTHTSieI@wll0rJQL6+e#C)RQO&#VC0cGNd^X@RCvguFI^w;3!Bz};W%G)BL z!)d7&m;!oVsLa;=^C z;?U+LZ|VT=$4pt_w5SY|+A@7sn40QLuccAP&Fa8Z3>QS8o!RArgA-vq`E3LW$P;Sxa-!A%m*`qr7w$k50 zQ1{PcS_e02zfr}%%Kl#IKPdLmAC$RKSH7piOHAr26K>R%uj{bUcByVVu5G`zk+vnZ zm#C|2SrPp1C$q8iPZiR#8-2(clLCl<$pRc;gr+IAR{&p0G=G$ShvXW_+TSxidU-$k zi~gXp!eu((W|}lbD`&9+v%s;)73UDuYb#ONw2=p^7IttR;~U4l-Ft*Jr*1g zK}Nz4q{}s`ar=uCUNp5q)5S%^sk@YS1FtTwIwq|z*A{OmS#TMpEcR_-PL;*qLk#BQ z7|6v<2Ot7O@U3S_Wk9YyE-)dLuQeef4q~t_W2^B7uui13gJ~*}>L9HL$rUM|M4N#% z!@R-=gSmJ!?FLOy)JS8!p0!DQ8JBLtdu8+^-n7{0g&mebO_D8b;wp8PRT@0_BGVav ze&(3Wbx~T0r#*T^yxuTU0Dh+tvj_ub5lkTV2~0_Oqf5L4BBCkK=`eSh{N&5bhJG0j zAHdCapznv$OQ-t)AvIt^(t@ZhO z(wgy(7I6}1qXQBu=zO#EC^V8RtT>b6qsL+$O0WS^3l-65v1o>M`eYo|a^C2L3f~Xn z6b!L#5JF$_MW7qNjevf#?M>e1R2SDJE*LVmarQx%${e?32k}EZCVl>exj4)NA1AXO zoRNYz`aYTIWb~lz(ISZR9xT7eZtU|oN}5hbJA{Ng;sctiOct&}W5`>hPDp0{F;b|S z{6rZT_sEWPm~J;12sNT$k;f!IFN2|gs*e1Wyx$sgs1U8c2u8JgraZj>4{fVWdiB=i znVs~9(0&R1z(*<_t3sA5VtXvl+^9yycXG79lZ!fl%VXZPFBW^+35KqMwIeOC_|W%r zzeHa5tnwO^#qjCGzt>94Bg4wA8g-aj1|o6eK?(+lOCw@sk!Xgl`W-Gc)sBbsi1P?)zBOHF!+r=$1WFnA8 z%gZ7Vej?=!z+12oA@(!G8HiZc(f`OG+^F{2AhJF_qbYCtL~kymojzp-$WsYGsFUl` z^mm9On7qwADmjZrhuKXd1-229A;V74@%9kU%%+!Kl7xxDW{)U4Wagqbiy;Yo8D6pg zRLM9QaH~V;_R$syeIsbfON)7pcAOG4Yfca0CoIY`oQV_;OeNI|zLivEK8;GhOJGeA z-zv_^C>KJPH0<)VGBab+NqLQOJylzUePALyi20ZMVW%`8h z;U6JGQ0s$5N=vC#RC}H3bOp}w-Ukp2ugfLE^2sYXKdz)L+2eUz@fvdo)QXEyX~aXG z=jkkdP(VrFsh?K*zg7Hlput;zh5%5(t#cJQFd_FPWCz9(3Oa}*(vOwj#o6pA&znP0 zve*ay2oK(@_TMBlWcDVsDvjAZvMi4z)jDi{sg7qWFHZU%VsC83*fc*-`um`lXh64k z_`T>_WnpJd1ADFDt{wmQ8~HJ2)PW5Tss%0`!dXd6oz~QE6rAY#W;Nz!Dp4n%H=Bx) zRY58y3>{K8j3>N@_$N!AkgC@>z%eA^6)iB4Rjk^MuOZVKV++q-HpkyUzR?>5f)S0} zso&t1oqfdNyU~lUvb>snR=sbC{^Y?x@haHbzoqmysbmkiys7(-SW&iuLhP4J`w7@D z@t7=$Q*AHI2rDVo?gd0g0r)2sEhX#|)5jgTU3u#{BS&s>W#yW*^TUtE>1 zm96KFgqjU^wx@%jVp{tSRSqg~J8XX?ERzf#nIp@m9CMBP)wKJ~tK@s+?u{y8`;i@G zTs@fwP}@c5J4lMYQ3c=j%>_1ny$Wvi&0kFVQ&vGlFkOst#p8x{fk2}|Uu4NWK}+2f zn5Alu^tw=n1bXooEijSHVM!=`>*X1~lxrovx2`z6~P@{*V6$tIigKHK0~ zz2*pesHnXng7oX^4~(r&7Eh|d8X1scnpu$v;+W)L_{vr2x?+yx->xfb**?B^Bh)C> zZ-&!DYBU%zv-~kN5sb%EX~0OhatAZb5Y@rLa2ik=$V{f@_NaCQ(QzY6l?_UA7)-a# z%i}PZ@3|3b=iO(cFWI)sZ2n8OzTW1qf7U z#(xCnlfW_2u@gV2b^paGy-3YQB!g%2^(dLJQA+9FAp1jIKL~?1PRUPMcb5BF%i2tbk2U%76vKq?P3`V0hhi^5!N@G*4(UDZ4#E) zNJvlPFz@HgF;rL#6w6{LKC1|6f;}p2GEJ35NysoQ+X2FnIWIvv`+9c@bU&@|u^Dg9 z`ww}IhTc=1y_%4h!6y*9a)hDmhi7eTHwt0X7 z)4`%ms8`IDNpTtt+IdM%=pm;r`>5L=v%wDX#9}PaTubzrnQ@dVW$}A0q{F=VPfXzrnpmbDgxy6Yas(*_rVLVA035NNUktnASAue0GI_R5 zRDHBXXpBVq3lqK0u5Q?zr`)))n?Q?h2*cP#NAK&MVZ-lgeK+5Qka7NANNlsie}Hy@ zoF@69R|QU?UiD zO{O&=%1#=P?9ByAWP*0UXU&K44O4^Sf#qLlT3+EekVozqKXJIj0fGn(voi}7Qj|2^ z{5;%Sk8Vf*k^#|t1t!Yhc%lARAQ<}B91T9F)vw^D#rv%OoE{bXHh7XSRB7{P`5jpD z7hAvoNsl^rc5;K;bUv4NjHifY3aK_3{Sx9akBU$RR+tPGNsfWXqk<^&=tJw8Nzc*K zXiqxP!z7<%E$yVlto=Hz>0XJ6o(+c3sSWtk(GdO=0~idhu}sx)UGOclmMmyN$J(F| zHkC?wjroZ~p40)x6=9q2u5%Yj;vUJhH%J*aU$XY?gTf8Ll& zO!gwvY%8XX!0{LKxmPx5(oZ?xdzqn}l*+>1jp-F)l|(3-55QS6 zyaSrNR_uXFOoz$c;lgiI-zD+h-QS%4|PV31>x z7PwAH`nzkDa$NO6FdQMd?}UT!U`W9c1h{#&f$c)#3aNtx4a0)kXNky;l}itc0*ciOy8i~$A#N{?CZ|42hMXhmT1_1_f`l> z=r_cIK(1dlfK})t+L2=xx2@N3=&o6#UUhSZTp8Og1pbIo_4Zet`(dsiFdrMn5-&4EG!zT6iW>&qnI+3-u+l%~vPs)}N&Hy=isNl>Y7%nr^~Z z?Uj@EZ&TsZ!}`C6?Qe$FuZMFrOg>L8R4*-1$J(b`MP*N3q)u6+Ir;K}q(J@83w&wH zZXVW~hV8S%>X~8SjE?dTQLELPgQE=4Kxk*6Si&|1$sYV1j+1=>tDD4mYX6MZqyNRX z`1}+L>V;G8#VhWWU$2JRexUep)%>tJhb~coWspvh^;FhW83&mw|L+By3T2wIg>Fkd zVKBLC%9XV^D4>)UHyr{2Iqx^m?-&%?Weh-hplfqLNZan)j!o5<%!=KiVXN4#73iW# zDCAyjBaDa|pH7V_Q^YRe+iJ)Oyc6Gqbnmb% z*+F*}Gg8Faj&82#X&w(EBZ^u|;>bP?U%wkw6`Vzx|Av{s>(UIEr@&JY+p&tVDdv4v zoub2gWC%0uY20mBW(k<8Swe}|2!U{gb)vbMc}aVw!P+>a8{2LSMv7Br^6hgtzXR*o z)~kbgOeEYwW)K9XedZ>;A)_{C&h$5AKny4m{EuI5)ki?<><#e!#hAI z8F52Y>&0(UFuUStAmNaU;1Mz1&4F>#xiL|RVj#goaHri_vZ5Wq+*M|$y(N%RG`0&5 zg<-Z)DMzftjz{YS!9oaZi=a!&%LCD(>45MXH%jYnbRNSv92cTa$g#8`QId?=ZsZBU znw2vhaI;W7?v%6G!kb4R(KL?$-Q=y4tC3Wi_wP(dqQt+!eeFqC_$;P^y|$WBjJ^|o z6dzx}Ci1B4yHcf0qqDQ8n+TwsbNKI!1_?ovKxvF zh7-*PP#dx&kuT%c8Sd~ssJoDy zpQ)$^LAhm_;LYtXi1$!vZF3xr$N|6Wq3l-0>)b()|^pI%mH z%IBxb>fEyWGkdPLE*!qE4D~_eh1TyBENpj|^>t+eN3R(9HS&-ISV;;flMr7NLjXF z_$r_t;qSqElTHOFwNTq2i~1E`ps)otzquj$ir<3Ui~ta_C7-0=jaXXhX*T%`Yleg@ z5mAxl9=}@}b7dc>u>J3-=U`76zD6k!Z z<|e?8%<@q%vQw-HBpVD-h7;)zT$Ao9b4SD+GxlI}oadd2T#S-FGE1E7*y%*aH*eB` zcMH8N%0C>GX!Tg{DAP}3XkngR#b%RV(V*upPF&p;CQ+BxGX-8R+^3sKdXpUs9%*%nbLos zv_EN`|7pdCNX*89X@A^0_eh0&%#nS#_5DW`8kUhI_r5e~A8eg}2;?DzNQkI~R3r`) zKdksrKR=dhU!1h}wa(vPfiED-N~vIf&^mW-1xJ8FIX}2ZXvsJO&Z3TUoh(c3g|;fp239^w zFlvdAT}sY9pQ#~+0H0aOn8}2ZeWi9qzcj0YW^#buV|rC;_I4-C#=K zY1-Uza;D^tt8Sl!D<{XvmA&qKG7yt9$$p1TlE0t_#itnx+1nv-QaH|JY=;_(@MTd$ z1?EqcEyX6sWp@nS%jO0DJX_4zxQngMCdWm7Z||yic6+OZCE=2HVc=z)p8|;rKEaA~ z27%-uiBZje(Ch;O#_jwPSQpeW78-b&iryo!i|bW1Vu?0W|6%?;eGt$F#;jK;BU4wp zeH4;6=X|D1I{AEDNeJNzEWALqsP{>H;Ih4=ei+UIq3*^JeuC`@vLTab;E?H6KpzmA_r!dgITFnO67>(q=$x5xStZ z@`_o<8yI^8p8|LCL-CZ7gw4>*B@o;`Sp2uMfjL98weaRSbhYHH0QC;w6;lH%(bsiJ z1OZZ~{vF7`>J6CS$ninNAkdH$4DlStnH;1@5Nt3#6(FNkV*66W_7#ZhD+~NMIvm@d zZ&0hD;;0?znq|l86L!2fWhaYs%@u=g-*knM?Id=~Lc^hl|cOK>+|U!(o2Xc|1@*J=Or$Tn>tD^va8k9X+j5$EEg5jg*$8e@`7D8}QQp%60ud#NU|3TH$pq|{ zS8zf_A~;8Tf0ZA}R%6(xwzyjASR8LzT2U zk4ag;Us0GX;b~)8nhBE-RjB(;W*hEE!N_)qWx)_H8nM}4#5X(6(=mAFqS;NW$Uji* z%aYa5UlU9o!7%bAMV+`zpQ_y(e9-yN+6|@~GiEzWG>aFnBIXJav}9iJhcjT&*zsl@ z?Z2a`qG^ZiE+T(oTov#5&Dgq~4Jg_qa7X7Va3*IlfN&q5fC0-2b{c#nBL>M@^bour ztO`6lT#77fIL^^H;}AF+0-}yc10m{RPHO=MA)JCvp&Nw9S~NlilvnJn=L#z@3v0N=WVs-|Hd00ZG?wk? z`+@yIpuaEKm?9FD0WUyR#a+RH*96N`UQfe2M+L(q)WHEy;CAsL7MN7t(7k4rvrrlV zq_JW{5-pUl=L8P$4no^7m0wCFzNi9fpz2)Tf*6%%!t2NlB1Cm5gNi5j%R%%093Fa+ zw~h_6>|M!rHQCo`MX{ZLwtkH$t?Usi4v)N^&JDwpM z7Y#vQ@=AONmXcjjq0o?+kM)dMbO99mKJ{)XHV=phQ`Xg8Y(E0+F{6dW5+fZ0H8Ijd zFlt*1Zo`v|F?EuZ6*qywq;gV@^QulNh-xFLoE*$3BjepDLOEsphx&IZgY1$w z>pt%mhKLq#Kh+oXro4?(?dCvwke}~1!CZBhOT+LPt?ve@q}4hFCZVQ~(!z};!_RA_HzZ=vRfy*Y`I{6$o|3+?ZJzwaB^`7VSAE>yXYQ4;{ zw&!Q9C zCXDAXUeeyhK`<(XK5f-6-A!W|?-JhdQunsVupUhvdYAEa9ou@gD-p2emOoncdv^Y->+u7hV5Fext`A( z*d7a`^O+mITMNO$1e@4_1y`(S$7i z65y`Ao)Q5|XxV_^I~S+7^k+gtsP=4ic4+Ph?GBDzp;8Q{YQnLIb0bkTqH+_dPZFMK z_~YFi7keu1zO3FgT%~=YiJ}F1eq%wnXV4ZePH{sKdO(+LEMUTpT}Q$-rn1C}N8!{|XrZ218a}k%4Yg=2q$^3y{K* z0>68S(a9jw6zpR`ig*}Sf>3p`;EO0S-@P{?Dxacm7h9H)K2+5Wza7?(`0m&Sn86J9gunzU03ow{y~jv<0drg~nN9wGdxh z;@2eD3I!ZcsZl6`Vy`n1lz_O3%s|YYXjd^<%)_((AVKZJ9wr(y7}SLTpOTslr5Ko% zB*AdGOm*KD3HVDKKxgi82IYKe#;?6Ij%Qw(co_Na*V+~+QBSw)9qFOg23;tihIV^X z>ZC>CrMLcGYJ`Jxyem`T9(q?+nIQ9GV9pEu&xhvX&|e#xFNXg2LUUW_|1MC-(zir* zOQ4aXZ;b4%p;;gLbui<%1a?grYzfS1q5nu|ZV3G=LUT>%&tfu#>DyD`4+O(46Yd)9 zQro>b*~GE`t4;YptU}A+{Xq&e{j5VcYQk#am>~qtnEPpYa=4&jMCs0W6yQ}5n7D>n zibV%;sMyJ{3y^(%WM3cIx6~DO&S8n!$mH1|4!)@ku%mrXD{ny=VinFR;pkn~MG1qL z3`t8NiwJ&PfjW$b%irPV?f(019t$_WuFwH5VEh+dxKf2#fWwJwRSYNFaE(1We;Y9Tfg(m?j5)tJ1>qP173y2%n zbaH-o#}99ngIFym2uR!sf^q<_T|-);9hh22skf^4srRZ~AVion6oJVABC2->x$`nLSe-7+&I&1&WY2lEYl3_+ApAF%B|Fnqx!!Po8>JcrSBWDLfs>o} zS9>c0$kn3e&GL@>sVQ~1+Kti03Lv%(=QR%aNvFGL+q>XmaN%puqUSkE?Pm|jPUFF} z{mUN@gCz^pGtg+L?bAvVMl|jy4$-;Q)Uf*;RCC?uY&u5HgZf9ffr!6M zFD8`Ri}evPgV~6x(PyY}1sw=URPf%Y!zJLCRZ8yIdhJ5YcaXN%+%b$`J`|m(RVK>^0;DiO1zp`VIlpU@?;cW^Z++j70f@mxl^T(sna94r-C7Q(i3?`el#2Z5SD@AFMZpTuO z(jXdxjInZtsNhAM!<0(eU#dziNN!A_YYp3i8IG=lSG@y0o}h{-Fh z<_TSOqo%2Y0Z5ezVS3b%8#z(6Xr>iZRsD|umXHdisxq)7sE&$^Wud`-3M@zG{O-o1 z%widZ+seb1k4+L$3C9bW0fB-YxKU?C(Ir|MkeC<|ozxT1Z$$0Zn6Oy(rFV~}n}=b% zNWG>{7PBJ)#U6G6Z%2F-n1P;r zz$`$m$EQA#`65(ZGBzKL-$9SG>dZDkuSJ?{Mv0gYgaW=n?W_RXU?l8M8#L6hYQ#j< zq|9yzX^WtpPD3`y;(-vs{n>WmN11{jlz;?R*aA=>4pc-uaH9~@mE1E&9Xg|!Pbsy? zpK>*xS^9p=)Xy9HMU!o)LvbN#J#|;6;T14R(8Kjsbi7x}-d;%>1B&n0UrK)aqE%nA z>N45;B$&$aTQ7s@bIGryJNleeB*y!km0Vr4r4Kv-*R<27SY*-t6%|%PKD%Xo<5T1T z=o-v~YrTI;`D7fB#~zwT@IGJ%G%Ry8Y4H}F9HJLmbV#V>wtM=M1~mN%;YpsA&`c&z zJ2he3%41|w%4AFkv}OW25?dj_s~4>-E*fy#kkB2WZ?a4gRG7e; z>PHg~T&!K-oDk?_GY5O;GVdc-cStr4TY-BgXpy83lA56{qt)B=2-sKS2|Xgoh=k!% z@q(jA<#98C&sT-$B4E<}jf z$0j}5izTE&FYQYw!Nx8jHy~)itgU5`8yC>nsU%#x*FM6}>x6t9jIgx^GuD=-XFqRu zioD&F_vpX$b~xx!Z+~k?B>HaZjNAjI5GpIq5lHvv`Z;O-EY1JwdhbJ>2U>NmQfHhH z8CZGWWTIA$&!)zwNR6kwzKVANf;|%hjhFV<>36TyYMl-x%(Ab_=u&CPV6=?jPDP;h zWq1L>a7WRnpmhGrJ|R|>-}w6EV7$djo)MT|`RZxd{pP}rmxdOjY-ch)aIC;Xj7&u0 zasc0~#aU8ZK=atTm!Xa&gBpAdi$R5+8c$YOz;+ZtvbLDtw)`=wS^tw z#%W(L>nYVooR(%lAt63RNvq&e#zQ4*RntpjvF&p$AtQ6djm(DISKQvV_64tNjq;Ec zlc4xcQO|7mDu9sx#GC7*}utd^3`U)e-os& zi;!bNP&DRdZBELGbcty*S9NTM$_+V~p8u3~ejj`Y`XwBc&(vuen>Rkqk4{GEk^igJ zFWGnxy*t4{0b^pFeAjaULEgjc?nFHapPVmb*3nd$hU6F-Q&4#-tXa6<@NFJ_#L-9x0oRhmfcoSQGdjIxQe)i1nTyQ%xSI2hBYv)fUD2;ZY?WPyCrJ@dO98N zqKCHrvXk0_91bg){=Rtw^wl>PDFp~4p1t6h|H-CKml){Q^u;=<*NRLsM2F5{}U2i}W$MNgZwX=i~a$(1`E zQ~xU&Hg_xigwjtb^Gj8IUMc96+c%XJ_vzrz3VWj_y8J%!dCD;mC<_?^)qFqkGhGbp zr1X9Qm{?H5_U89)2Ex~s{g%p(yC*W}4P#qJ2n#7QpUEM^5t>A^)1E{zK)WHNzf$T! z1UM_nm0DddI^K7)?bGc2K{`Fp(%Z|YP<2^Wu>VpkXHN#m4P!etWlV7y)LdCN6#5FY z30~?e3g72fI!FrNRVPrbo#(*WK={hR=?sZ4ib}Ix#)9JwwjT=?-xjLOS_(Zi$6&^N zH{+qrQRBT@Twm;UEuohih=CIF3CVZ8*5veHirl|I{a)EWf{zbt;W#_&B?Z{I8tfeW zLz3)t39p7mj7&Uh^jf3v5M7I-Xx9cILC0c$gN>8AusJbv8%q~EHcoWm0nAvx88$h@ zp?*Crd)CzZ{LKtYH+mik%rFvlx-MnNdgI) z#T#JiqBJlh!D7;FgC#(;pnfEDNp`+u2elDnbGHb7H7DPm(ECdCx< ziFbhOEG<&gwq5ThOdzaoAG58b-eL~XEA)PRFPi-ki)0qg-hS2*%+K^fRPS# z4!gIzc5ih%;DzWLPc!-pMt{+mFPQ4pMqOo;+c&AfnKt;EQMZ6xXw{ikx#PlhMqOa^ zyVQR9LDkUi+jeE|hu_T1TE7)F;%5mGH`(2`J3lCvXHho$bw(0thyWKkQXeyuN?^%1 z{*gQjt`QIKoH`O!ifcQeA!0(HEoq7fb_cf<_bW^DT~cS{#=r@3+rW8$PQ0&VGY#D@)Nvados? z6#7&Co;3|<*mo^vaz}Og6RIOL6rZhzA>2_lf+6NtR??F=yNS^^3&nx!>wwCPLt`YL z%wkf`@$(z$Rq@f5?DCuavwg?@wQoZ6)b(XR#Zh|ny@s@m#4N(R!}TIBpMs$<+w0vy zHmpckdRd)d2{7okC^6nt432<|4M#A>^Xf=*1T4l5dailDKEfQ{qP8qMQ?29XN=|YT zHOdNJMgU!Ij$pp;z`WQ%b_!)*@N;!ejBz3c@T6qs3+9GQ+Y5btov*L=&2@hDXS>Nv`wRUOqomPUqU`nY`UEJn&4N&?->FY%*JgKMgKB2AddAoH_=c1&ucPjH z7oCj~lrbgTA%HuO(wk)d3O_9#P>VPz3AP{%ZgO|A1~FgvV{{B4v)5A7(JtXwR3@Gv zW~7`L9m-m?OlOK=rCN4cp?-S_BI1{MJ%rr8;C~bM9&lEb=c4y|-&J>?K6@%d8wMC= z=)L!%D3%ySNX|()xrx7Xa?Z(j?>S!@QG&)OHf*R2Dj*61Dxv}cqGCgX28}U9un{$} zH&lfCf8MqBo;?Gcr4I}4=^)OSy}C?- z@}sp}r1X4I;lfU*|CCb@lA<8U%p}k8tV8~Psab&CpaQ$&k!9wNoKzkGwQ*89pFBZ|H_;0$V$uTS<{?9mXC z5cR8Y97EJsY4e^C^;Z&dj))pRp0HP3KSe0bLVn{gEAr%*o~2GgiG=vlw4jEbwLQu1 zqwe(el|Cw6IP{L61Ah^l=R$5`cL}*kR^%eg3B)0cfG>zxEaEjAl+gq68dkX@gBD#D z>mwva#;xNGqh@3@1m@CiGW1E=ze6khp}>yK>Tx0pOK<@y-uyh3^?}Idvu^3gb3mP5 zKx3oWHK~edv@WJ9^+dF#zoWlvP>`;kn`yxoIa|fsCxb(|8$>xgEF`O{yt9?hMga}- zd+kOrYk_mAHqN5fqjY(yeMac$d}VDQ3xcT505BJ&Gua>b_KZ}{dV;ehcD+r_1iO)^ zdZeh7i7it4mt=pFF)wN+>FKP4;oE$_tNK|)MOP>^t$OS_PyNYv-u6><<_qFpFqRgS z6tjELh>M%ZSz1ga%voAubtIx3l-#!d0H*m3c26uS*+sFaM6q!Oqu6w#HZRHGb7~lU zml~dArmh6RR~o7=`Y~X1E+Cl#!KDBTx35tIb`)AJp9)-hnvEesX1$9-{x?`KIH8H7 zr_so}Q}xKv?oV1$e_Gt-NUhL`B617G=I}L-DeyXpF5KxIaO63zqiw*dkwV? zaw@Dx26^a55>ctqqX}nuQnw}99{wXg4qpcj>9E6*4Q9qs#`wgtx{))~g?*Ezejpqs z5nGEF22c!@o|d4pHMD_y7@s7(?u_%TnYGqQB#_YehifLR*$ozbaHO_`_Hou}*ssk5 zFf*#Z-Nh-!JuT}Ov#S_pC0UgRRGr}!UB!LcG~GIbv^Y#Krb?1GgJT#_GI1~GDW$Io ztK|&j6-pwFhYjGn1{$qRndXk0a`zorO=IM~d6dx35e%jE3{8kcwI$0K>#B-Z zQehztLv;DQD!U1NC2^O^-c2gJTWNAGrGhVxM<)ala1NZ_NLCjkogrUNR)*6uz)}J! zQW!=>gQ5&LOPD!J3CyPgJW>zCexr5UwQC(>C8$smg#>t@RX{gAv~}^QRgwrvb0R5- zr(%NNTB5S&PF=#OMHJRpOLVQ-lcs__39M^S8O0ppv`jR)R9;-7G&yqleF0puFFn{7 zUWWT36Dc;KGt%P6egx%I-J|RssJel5KWEEr1sS^r+#*qaU<68&IrcKgMsp+{K?Bh< zBbXQQoZ(SwJ;SY`1W;;kV1I^cb-Q!#r|AJCCpv_aXK7Jb9P;&~N?a)%v*i!y>}Fh$ ziFcY|cCDUge11R}J6^P} zO1sG`*guCEB2J~3h{;}Z9-=M!Jva>gf>EQz?c|cm2J4jCY|*_a_EVXvl5BBtS(c8} zc)EGG*=%J1LU|NFNr&0x_P?}=U(7K_w@mo7UFyp7AVQBl+00APd*dLii)-f zxmR3O&{7_Ptg-SpboL>1?XXS_`*Z$3xH)#8f+U{dRc824XWIdUEAX=;?!^8S=ml-yjD` zL~xnGR{8@g-Vd=Ao1JUsuoacvC_&?6hC#-y-F9ur5~ZXB?BH&_-)Q?8R;!=V_CB!A zDK)egaz?yO!t(LXL3QMRNLrz&Tcm8_R)vGvrsG|1W=N)ul{5{v_Q;JG&WXKi?n(Zn zLONtCLUA&nI-07TA|e?eeLd?SeCkc$BK__bIJMUKM6V#o5Xu3D{6)OMKznO(^t=Rv z3HwY)D+O6CbsDHH;GS-_?HxA7OU%*QN=HE9aXZv0+a;ax|Jkl=t7*5gs6B`lS%msq z#EE1mL!2H-@~<-HCD>lsNn!ME{*lt%cr8N)0ncYn}GJ}H7M|) z7w?l=!Iy+B42sXsqo&882V`pV3!;tbWEp83-e(sf_hWuac@3+5V z>P)!1UNLK;2aEk6lqhWGMVhIz)wqbPZ2;NZPFGD=^-^10`*qjpEs^&FnJ)V?>Ht-@ z`!f*dn}li6RQQQU!hF45T%?msufxkujyHx$Lg0WdL2ZNtMu+3nbj72UV?6>5%vOVc zf`bEjkm6{71N+w9xp#@$z@DV%obQ#Rk(TOgP({LdHsx7=p$Hz=(to3*#lD+?r_;=ty>Gl#F}C6DC@y z>XjoO`lFOrhU8yo$p0Tj+ie`+>!Ef(r!H2H2pVe7iq)63Bxl+6US8)zf=j9sQbMd( z?H#74tz-WgthL_<8G`pbiY5Z}h3E42BJMnR$16K1GDB{Dkz;>=4hj%L1|q$GlIWRy z9%_qyP$RQ+ju6hmx2O*z%fta-iGXBn=6jWqqR*9y3wYK-kXUa2Vh}EO|A0`y=TIZa zCekiUJ&PLci zC~ip!TUQ05^Zqjqs4!K2JG1ZDQPb`E78cFVR3y2t~R zc??UZ0A;3kM42W~rUK)k1Ip0r43t5dcS4zU5FommxpC1Yb7=EO!RtK*ulE`KHN>Ge zc|Sy+_c??2fwGsAjIZ8N_KnQ44TT#Y26lSC*t}2m4DW~dRw};&=O`cKhY`+2^4V#?a6=CQ?_P8Sw$lLZZlS%WoZtlq zuK4b{;)dfqGuvGCTUVk1w>ZuNuHNkG2VB=E?TTi` ze3P=5`(27(GBtX&QWq+HksLweMdE--cSQl9b)Rfnh{aDhrOTCSqi>#!KL!bNRNql; zkRHT*uW}Ky2M|X zaV1NgTveBL0J<_GdA=}Y0!(&EasMI$kbissH0TmxSrwhFUuB$1<~y4`m&UrqjU{;W}JhE(+eP z`+e_vpI&0&KZIK0zmf$x9!!QMYya;)jEE03Y~PpYf;Y*eDCq5;yTgkjk?fPv-Ma#H zX*YnH(}ThXvQ8>kyHr$>3tL7a4Gv`w=U~0Vi=M&`C8yJ)Rv&X%zCmqB_zfaW^7nw; z--E)xX*3vqUgb#J%<*-Yf%Z6eJbk_?)@`JR0={e77+X$)3aGWH>=8%vohN^X&-lr&PYvQ2S+a-2UN zFJY|N?Mn}n*ly)MCB0wJt;A6YlJl1ndtBL%@qH(TgY~!O#WrO>XkP45_HX1xVxv-v zkF!W8wnN!6G{K4OQud?f#ZHCfm3JOd_QU4I*X^_9?{n<4<>?Ijbb0!keI{#6H0!>V zoPWF?$5V`Hn)2Cvdmc}TAE{@Kd(EHOKb3DSU|5no|HS^WoQXUd`4RN?0aq2c$;A`z zD{_0}1##BfvAmtcYFpjL^h^|V_fKKK`2w|Hy3Mur*R3A2vo0m0t+lK1YKvz(e8hMj z#G}Og9dAwXtou{4!*iS;mYetGyYc8ZzInbu^)G6z?r(EuzgNtU4Q?1j_TV5|FIKy} ziVaGN#HdbJiL0~Pni%}Q`ahv0)D|0a2Hv4#-tSg5FoTYNdRM zM-kScUZK>jy!Hu)+q{mcyA%RfzK){~PKLP5y+?W<8Zg$EnfL-GA+2+tUBNlf0Zq^u z4F~NKCszAop=5Z4XTFpfYH|20-uxfs-~0jEhjxCF|NGxnx=5^2^Dt-n$NXpCVr3F@ zDG9Kj$e-@`y;Jkwo1+ez&%%2^ z5O_~L;>OWW2xS1?!TC>nD^!$QJ-xznIeyQ;b*rl$fWwov$>caJev&5g->*{ZTy+7rwNjjPtW${hV$J+;D%=u_*;66$nPln z&|$)ODXG9R5GGCOa-jc(_ltRr3SWd-9uWDip&8s@=W2MS)5A_PnxYvmS_zL99uu5z z+O=L8@^~m6In#7Yk4Xzc3|sqC^ghX8$J=IKiafBp3W*dvm@R1!;!zU5CnmR@5+5~c zH$Hk>+F6!|pULmyxDRb9nqpX%DW1AP(KyL3u9mn(Qmmy|1)&;M6jsGmV>j_CR-Wey z1emIgZ}oAn4SC?~Q6u$;i(P9uI*Y(3QCq>)2;s{bN-HRt)5!`c(sC*!7ba05UVo3SaNXi|Dvs%1=6(r)>nMAV3NQ042Q&BKt0~ zz5%R>)9fn6I|-T*0P{q`NyTeo4Lszp zSgHc%xCikqgW*zm=U9D;E~+55rtWIBFRoC(s>s~kYTwlw*^!k19|c(44l+lUiX{0R zl2^2%9je5bacOgOw&PfJY7m8va3rL88ih}kN-7B%NVZd^E2=-YIFFR8hs)JpTI`Qn zTnRU2NFXVdDkSL+T!SmhIPl^0{1i7kI?GQAPP5va=GhkKj&gN-xq7a}{=GR3>PgsI zh_+l+#?ngR*}xsdvMCEWOMjio$x@6(LOB58B~}Fb%|^uPCdIUx`Zc02_2M(u6c_ga zw|GGH+^^ID<(VTz!n}6Ov1C7L=?=)&+#s2oQphl0i8nV zb0Jf95`w5C{jil3mI?>eUD~u-t^;!%W{zPQ%_-)!&b`A0f@x~HKh2p=7<9VBqp@3k z*D{{v?<9{B{;sqJ2Pdf+uzv|o!z}^TL^Y0#h2d%#>%dXxLO!yEsekr8^aJ!ly z7Nrg5!_YlVm6bRXi=A4Q%W!M4Yx)8ic$=AoX-3^I!r0VNjsnZ1MbM&xwF0bTHDd5f8F1W7PXpOx zqgF|(0urFYnZ&-9Qo+RZc7!S)OGoTml*L3uPA$y}L=<2;O2oTIYM?Ed<^zhYp#%c8 z+Nf-rMlcuc9yZO9iax1|A<ta$V-Q9`IF* zm!iM?FR+3&NFQ#H*&V?q?XbVO-DXUAe{E8$N?9LP_1|Ug@i9XSClV-fY*>8!3&Sja+-4W2C}>B3b)>1Mo7=XxO+K&K0B& zIjMk(+vReE6NCh9fGdrq#bZwymDA9(OR3dkw6zuH6w(3Y%K{+Wuv0ftBGwjqXhiFV zH~0ER%IY!P+6{gIRWOd+tX#?-u`R(@9wv1!OPYra8>W?-8t;-k)T6MQ1YeUJ6jiDU~1dIWr$c%QV*(xkK|79^zGkW0?DAT|%|gRWO1jiHEpJPiE=E z346=zfHQO%J=KgLz1j3BgbdV~puo7B*A>Blz%`)686kT2$qurYOK@f0B zH;p^Mrd~2Z#akRl9V#o}WqWweyxmj3)zf*ur+Tj^rG@{h{>}bZnsRz-IxIY6kMV{_ z>}(vnUM!lLFmLJMjg2D{IEnaB06^G>@Ac!}K}z@txNm&(%!y`|?JUWc@tgMx5^xJt zsmqK`0a;hnAkLg3u_4KOcgThK29zr5UQBSAvm8+0-`}o0hALz?$rEc%!dM|i03AM4 z8YO|lGzujku-%H3TUG~FUnzL^Va0Kq^Z&Y%=J>LEtjBRKpmmCR`}p7Fv%j=|^Gmu2 z*~7%CCxFu>&eBGGeWSCy(Qa#`@1b-kysonDs!Buinjj>+HKg4*q!}Y2hb{#06PLJa znXXUpJ?b%7h!pG+*2NI#wYfd=;H3s#>TrNKP)SuJT{n$IFF9|^iJrCDWZh)Uv0Iy+ zwVJ!;AYz`$gh&0uC1Vhy%s@#x%c(RSzkyKJ`ZwCxUS4@z0Nq}xu9RMDA%JeKbQb@Y z-_uuBsv9d|IgWjErN66DKicT*Zd6Y-`i6TWdjisDC55($yTVSCEGZf-B02bR1m|K#*FehURXSQV@YkMYDHchB#!9r0EiYkawgLLDvHKK>-o`qMIilN8nh7 zO>C3BfqMn=uS+up88`wl4`?u=J6>V!(cV9)@2i#CTMc8EOM>LW0C6#qm9L!z`T=#6 z)R*SRmG!ZBx`aCPcM~JPVC@BMXB_-GOsFVOW$y2tklqy3}|E&8pIHTvxwe8 zetqF>YPMe10Yx2<*ge{#0mr?XE|Sg`?QR2X+yJp#p6GV5L#qeL`YPi6 z2dNg(`dRJn)iwxQT?}&)sXm`n3QN?iq>rzvbIo5{S4n1HIyN6 zMh#^!mLxflDdmzWg-0N$F=0rws#r5Oc0kYHuhjt^?5CW!InFI*n2uL?E3IVh#gW&B zRxZ{4<%NsCLfZsdE|bOc{$*NUPF8I!LDsD-dT_Mp3XqER)WaphC6g|a;yd7n^RHsR zika?Ho-RSa8Xnq}sf){Xv*ESAIaaqZ)3&*S)d|2SDQbyW7Zd7U+l-=E8cTSca={e zSF?@WIbBu-J&_cl)Lk2<$@*oYD2d5XSzgnLyEmR~i@djlzXHAF{G!4UB zzPbDXeTG4o%zj;IHCIPGuN#uSl8in^?J%|BcmrA9DN`?qA{4T;H_(u5hTxX`r7ZJF zS%fU#36Uhrjb9Kq2RpqYG9?|bDh)(uP6c_0LqtKAd*JI>fCV14)ggBra`%N|m zRq4+PqYEAP9i`t@aV|$J$OOGnRry0sBdJDAJY;CB5Y{*YDc2k!uRM{7nm|=7*GNhS zqVzcHbr#O{f27pM=wb#9a2qZpmC}y;SJ>)q74NAo*6y!xiHUkBZozT_8`MG@I%{Av zTSD-aBCr@W=aU&uVv{q~=0%#NNx)PZPx5O7pz_CA%|6#oT9*JR+B2(Va7co9V)Cb9 z1U=jdetn6x1QkSmWV?IKOyke^4$cPJ0EqJeq=n~WneeL}s##)E%|7DA@8NZqO6IP_ zvHksG+hUS_X?sU(_ci=v)FEi~u9yZa3$@&hh8r_9O_S-8;EFD7%gh{a>0><7Ff^Gp zLsl88GtPysM3NS`XC8Ib0ypS*tg@PmaHb-xnC+b`{wHfSen|UyTfJ#(!tVzmC$7p^ zBK?tMyU}44rS)Ah-sQyXGJZ=^U)cj6w|fZWNIdd8xUVL0*ht87rUYW-`dvkv@|YjM z3mKdz`l|T894x1Q62`&^>|(kzLuTY_MQT_vsw`B;C>`Dr=rLHn!g`6N`lQ82^TX+> zB>)MroA<=y*c;5+p_{ksE>`oY*6Sof@&l=|4H2P*7#HWQ0tpiG9xTckLwje@A05g9 zI7h%!bBZl0w=SmLzw?&kUFm630!@69p4Tjq8v;zF))F_jAh~MGc3o#JBLhQtc-)Of zBK8kQ9##`sPRM)gpCj{YcIe^TMOJ=eJB(^G)2vuQj!D6y3fWXe$fm-^@=_?!kxeDq z*;FyjX{+^IVN-FC`DR5EX#?ztIh|$54CaI^tBsgbcbHSwdXsg#HjeJ|Yf>WDdEYsL6P)S!Qtalx!O(jvRVoU+yd02eZ+=As^U zce+e=FScG3aBG_h-}k%fKE{rF`Yfr{;8qakV!6>-3SliM8nL2M`d;Gzx?Y<8!mS0m z!rla9x@S+Jt>f28LSa_;HVLp5aMb9h+J5TOHpVgIG+a zQ3F1lKMAtonUp4~WF^F#a`_~Vp-^M@6MGC|;*p9t5*|F}5-7h<$U%gA^r3^a|COtb zpz4t<4B&)sTNy&U2#%SZqLrnD^ngN(}L9OY^#kWPB6wT+9b2VG|;d&j1cJ;nB* z;)vmaMO}$6vevM9D!_f#FAD2q(1Xj41ub(rsgo0$q3DcIw1hJiV+k{?gGWtzsI`yO zfBRXNWJ4qy%Xb3*mW*!8NPifN%RjsR`>uM=^*?mg2X4)WV$UQ*dPcZ98R&?UC&E|C zV#L(()4@Q$o8YXAn~N8Mv(gudOkw~ej~X>pD9}kan6Bcu!ktA(4WTdCo9Ct^g2JgA z49JJb1T6rBn*i>s0ehWwUEqQBFdiD>dhU(rEFwUHuYB*YuWvJ2$`T@)LQz~VaHLCU z1?b%%5h$@~;MBNYkiu>_n&))Ga~+1xvod6{!|FVq>mr%l*IF9{@A>Kw)*ql+<2f6Q zmrj4?t51EGTvu_A!y~Q^yz2t@D{&YK-CZPXga5;agt)oCs;EHu90V1(-h+kFHJw#a zu9iUhh`{&SkDK51yGRbS}yfXjqz=|AO}V~{)6LZE`Rglvl-&{l3k zrJ6vk-O@1qAy4h`^o3HOd2y&N5hueExSmHutV@WXb|O}42Gxaub5Wr7d;V=otyT@M z6D?pADke`1rOj|Ixz84`e=;0Qu%df7-M#{Rt=2u@q8U9T)gvTlV%@wV)+o*cKmz~f zH?G}kN=(K4ZV-fqCcCypZgy1C7&p_)IuwZYr#|zXFW5q~G6~TLRH;fd1l@!hfzeb0 zR7JUk?3`#W8$NqfG}%(YqO5f#!_1ij2%ZF=1>UEDzS$PSU5v$zavNPh(}Z0D(Yn;&&Sf$0NRiU)W5TmYm4;y8nNqE5; z?xEBOq1uRl|IF-gm)s5~txu)g8h>4GL&eD8)^G`!Z#K6Hr2yXn3oi=WkwILq+D5e%mzpLD)U4Sb~ogcS9 zXY!nTN!%v3Pg<>1tBV_)YE6=BNw5=z-fUXnS4Eq4cKfE4m@0ijNeogl3;V~;J2%Vh z+Ih#@HR!pFU87#Q_$St$c-fcIuIeJPXk^!nunl*u4Yy&mYfIyQZPyAYc679BY)&=& zyM5RA4z{3k2OrQR88FZyUT9SP#9EvnOd3dgTPQ z^u&cYZ-FJK`kD$gLVpifMKteFL`~ znZVYNIElwdB8!slrbVd{J!+_7?{f`%51p3G>%%INUXBt-6%C3uW=K`>%4X9|){CUf zk(u~ZoKfo@i(LaL8vSX1+}{`1e~A09#?>ov+Z?m6#>s9- zbK8mgSV%G~iHa97mheZaE>=B(#ChI)n{;YLn>9)#T<IHBmW(me+KC{z?}}s~LLsqz^eOaApkZ@vO`;Gh zV!WI{-w+K%{uc2B(?Dh7N_^MJnT6o^;jY=%8=aMB2B;r6O&{B1=*9 zm1aR<0a#!8A#fQax8)mTEfeHDG3Uwl?>eu z{D$vQuuZMJ*`F@qmXk{^TTV!4nu+Dm1&Fv#cq})sPcp|+bF`)VpgFtj;y?i50*LQL z&!eneI=D=!E0rRdcZtGh58`&h6}(u=D_P>It0aZO*0io7p_r*xfMl5YwqSsc^M<6yXbD+h0WZ0^QWEZvG>1s@L9LceGjO;ejHhsG_au&A2 zMxhkq%pt8dfTAg92%{S-189sf1zP;~fkXAA@fHYD4rHxjgMSagq$I-~C3_NMPn>!F ze3zUw9FxM8Bm}G1YVUS_1D9K6Oqd5LOyh4FOA(3^TZKQ_t5Tye)wSVhGQ?TJ>0m>) zf3sFA@anHD`q3vXQRm*07H$>Iire)R+0F!bYM&$MK)1tn=b?0n&VD zZv5Pobun6}t^f(1Q{G#2>WtSRJ!@emp%BG0Mq@oZkvlIvH+HT!H+60W zo={X&@*hMpV#1XgF(~M7Y@ZaWBEzc1*BZn8qpv)t`er|PNWwh2Sm$+_>zu3R;@p`( zE-c3uQ88Uv!~y)V{WpBnuri*r-k0VI`(3wWzpFl2ysg` zbAI8Ut%iS+otL)GD`nojFqza`?_2>u+Irb&cCj&ftX`tL%kVOZQsGSSraKejL$M}} ziGahImy)6)TnHZ)^cUxZ5Qv^=w2M?5lYh^vook<4J=Z^%K4IsUS|2(wWC#R>;^0en zmO1vx_KweB_bwYZ=E+f59jaXUyZXaq9up(b$zBYSj9yz7pOy6 zDD=`gOuxpy*l*fW>IB@MM-he;YLZM%5Y}nyWDma!StC7BB?U8O%Y^$2vy-OJhTZ9V zQnSyEx!ulK=VhbaPRwOB^Ii5kV;#oXC?y22dAm1fn-a zxbJVt02nb6f9$@c;(Mi(Mi5{y2*68e2`mUe_XDvNnSMZ&)F44m1MUzNN)0OXjV@kf zP)(m(!m~TK6tq}syjn(I3ouUo;42b-Xc6iS$1s(|ZRP$-dzT9&2^=orO-bekjo5QaBipf+1d%;8V$Jlf_En2eAydL;?k##A3zVTA)frdc}VZ zRm8zsB|OVe#B-?InqDOLEA!r6D!##_^RhR_xq@!OStI<1ErhvVum$ix%}s{5zmHIr zen@$butpc%WwR_e1+kS%TqDhzA{=(U*$5{{8g5W$o!1xK9ALeTcb8nYWBGtiu6LYG zPONK^CKg6uO#pSYl$$AgqTIBj1{kt$DL{mZ0+P=#Gfz-}pwE5EqZv-P@t0}u8tq)B z;|p=in-h=33`BpF?QaUVUkbCtvBaQhut8{lLXP&!tn-FPbYEs|_G89jEHN)b_d-b> zseYyQ*HV$FQ`cdrnvFb_jpROr@?&|*=d6jsD zz9uBSm#@rV&(6laA8Gb2B;%gB-9yQ%VfWfexX5~hoQnby7U$r8?Hz#O8`gcF?VTeO zOo`cjcKjBJ+rX-*CO4ra+0H?1C-2s+aw)AR8B*|V(A{$-U7sMM8Utay_dz=PUcvidS9`rGB zHr>~~px$yry#%#dSe#4|tqiG_$Xq#jOX_toQg5@p)oAdmV*We6dY^aXKT+Bdt)im) zJc4h41EQkOv^LR9QXloz#iZ~T@aRxON4Sc1Ud?uJJ2OK)+!1DA9g3;#f!b-JKk8SG zcQF;XMiUo5rDWPIP_dAQ6j>L?{bvL90^fD9mDmdE^a*b%Tw<`H2OV!4>h`v{e?d&# zX3>H}ReEHBDxD42Jl}eThGzQem|9Lx%7Qf?SBWMhY7}Rq$AyY>eW=2Tl@U07BpfVv zH=i6{^^zq0YIUpYtzZKYSk|gU@K#LyMOc2BjsQ$wGlv_>!xD~ems18Y{ zSE#x^=6O#-Cm`k1o)Fh2bk*HS|FVR-QamE<8tH4EchG#XP$Lyo$%d$6^v@tKZc^3} z+yMHCAb2uRzw$k1oIV`HcS^&XhMX2kLaHEKUJtEp6Q6NT4^0?>Q(;|{Lg4&1NW4HJ z6ZhF5wL3uT#G{;3KdBuu>gP4gGCzT6S(9*ZNEy*0isR564?>j)B}m#RjT!5?R3t%O z^S#%J#T&kJb1c0&=G+{MUlWV8hW?@05Fh0%oKr@6qzk0S)SUD{at@!Hj3nnlQb9Xt zjmJul`(nv$vEaT~>W)~X2AtWh287b1rd@CRh6oX?Bcn4OPW=tS;HjjuJNb7BgPW4h zvSgt!5I}}3J#06E9-e3E)aDtjtjKyleGE(gbN*LP`eZ_F5mV$-3sg;t=0MO|S%m+`Mps~h<$w7%Zgbbp2OMze=m~=`$G0 z4@JmosYsJlWXR&7#D!%1I03Q=$+Chtrn=8u=IyvhCYFgsCcYfGmJ@=_GpB#M$X}mP zchkk2-#ixR$K}*HFPFFm#7g5FNw6onpg80t1AT!Sd#r$J0f+;vFX$JhAIhlR3}@sf z3yq&+JUz~(F?%shbdM2L-3mojOHNd^0NeqgedjJvaatHDQtI|iH{# zSZ(99oG0h&`J*}YmC{NbtJirWuHPhSE${N_mqT1)@mvUF-pA;V&lOqAT8;60M=7%Q zlXUQDT3wJZ^qF$rOUK_$M<$O<@=}dZW#(6pu-$3`s0?OpX3nbEU6EEKCi))AV2mB*NcQ_MSsX5mZ&;&aS#q_w*2uWJMPt)u|_P|4q;5a=!D z$4^pr-^oB^(r*U?u{v)cQW1?d8X1WDkeoBkhMpr>?-v@0g`T|{Ha9Uhr%|M>8yV>e z3PM1}&m%_SFH?f@_fvghl!{M^BBf$Q+Wn*`exN9F_Kjh?dC3~s?u2L53Ysy+Ni7jj zhxXx|4r)b!eV9I1eBLE_)naq`aa44W0>JqRA0vN_CR%yD7ArJOzLRH zTToaBqdWzv5Wy?aFNMM1|U2p`NNx&r}>=7)jLO|ArC9(jOtW zJ(3b_rQR*2MntSE6%nzx#I;sb`G2TXFH5~jJI~)z>TNS$1oeSu$n0OJf{R~T9v@*1I?qH&w@rZ3H z^R^PbHT3aDdHOHq&Ku?Nm&!BNw(8F8>=>8Um*vUxD}pb}Q}33ST6<|Feqy(B9xjy*i+_SS{Xl7QDhygISzeZ zP~j~^&y9%l&dT&g+8KB7;oMi5*jDM@S6O;ZWf?uF)T@jLS8FP~wH3B?N3H+oYV|Jf zgm_+JZLS6UUsbD%YC7O~C&D^hs~)UTJEZr8qb{xV7FQN{S7KyIFRt@{Q=|6sg^Vq$9)sb5DRjpc3_x~@kvGh-Ajt~*sQ&rwGQUUI% zXRCzRHfLRHPZ$5vdUbhy2V(nEmG`#!Vj;1K0Z-+}D@adWW%XD$I z^H@!Mm*m7qqF14Jye6kG8Si-FT;D{7E@^;Ne^--uiH&oguSx9*lfks^6WZ}9GTtLc zIi)$qaK|%lpF7Z6+HgXGURiIit&fME@xBC#1{w`$NKOO7>@GKc@K6IPvR-H~RR3DF z_hxlO^DAr9YipgAweh93;Fl;rt)YosUf{gIZHF8TRSQ%fG{Iq!+EZq|-O$6V zEZ26iuOlO&owMMcw$(Y<0E{Hh`!bqyKt-*rHty-1=8>{K?%IhJ{kqn>oWPx7s!!KN zO2^@9_vyO${Ss~!Fpms%OmP*RE>%6^nQnJzgvw^9d7PBfJWx6N8P9aPLj$$5+c8{i zO|7?~HqX=EsY`!c*NLZnR+l(Z=YCdK`a&H_X6TG=M7;=I7`)Yw^%Rj$(eAn^7v8tH zEA+FnTC}PcYa=&>jV)MVz0l3SwyRpo=lZT{dm|jtI4Q(4AuTj2tb^S^wSbQ>{O&4*k+uYjt<^R#){GIhCU>tdWatuG67$ALC+KYjb!1%dTocw}?C5P-8C> zPMPx@Fy0uiUIyZ zf|#KJ4lr-&k!SFa)(Jqr=wf*MS6zh1AFQ{n!#({6dZ?{@j}LN2^eg7O*EGm?Ve@a* z>A%$F^eSQXRUxZ~S7JG<&~7fW)-}TFKkpiRXdCova6al9|FA0@vMZJ{Pr~$bcCrLD za$SS*QA4HJ$;viXG9jEs82<&`5+B<35~Pp&i*BjIU5(wRb#rLUVnoqd8doO^uwNim!7)a{P>Zc?W$^&QT>=$zqnd*;ZYf0 z5r#+O#`-m>#J=;Q36IJyo-Ik*J_TfX8B`eHuI^y{W~}8+on+828)SF4c8kQ&=iMVQ zw7RSNdH4A1-6IFk?Dm-VXttYo39hrHUq&J3=wwly6i zkXD+t?CX}7N!RyCFYkd&THl~I;#JO@z_<2D+|k3mwMXgsJtC~QSWMs?T9ED_Ca@cs zz6S#uRKDDkFoZy1)9&Fe;zqfy1FSVI>}|xz(H`D{o}pHLe&67p-fC0tW3}>Y`Ua2n zR!{a;PxMy1dmmpM{NFNxS^CaCd8U19qqnNjaO~R~g=1gY)3sJN`@ip__VJ|xj=jCn z+iAX7sFlCe48y&miMgBJ!A9rTP4SDHm;&DnZ@r-@u?)Do*Egk>G?9YUd_rdVRv-KQ zKB2n2uAgCnTY7mrdPV&2t)}$*P0m|Q@t2#5teyQjaWN!OC$08qQ*u%7;Am6o!=^Ip z#eRPSWBFCHeKFG*{|+7X4}I-@eG7He-7THS{k10V&8CRfujmumzI%JQSM-S=?wzvU zZaIc1FX-)E)H_d+clAl%-=~w7xTQ~GXCHSstL!`l&-ws;bpJz0;d|o8rniZ7`9OVPqOb0|o@|k14Nmi`KIu#PkSR@L1=#-Ts_Y-s2ouYeRqklNNQT zMaWm(E5Pvzqepaj45LRCxzl-^E{q;E7etT96plyt?V-L+ws!QVo$H-_oQ(`r?4vjI zF$r@qeQB#&N@*8fL97PPRAHH#Jn7hxuOF=@%QH%97w||G*<=$jl90sx0#pPHI*o3Y z3Phtbiia{YFEzi+S}-7ZxK-_9h_$+)uU^=f>UzRp)GBCoVc*mxecc4SzmBF%Jc;5d zIj$7VNv~qc5QpxMs`iy>kioIsyc51(YF^v>>06lBRCC*Xrn!AJf3CG;K=8X(^-`<) zeXH8ns(a|$`a0|Ss@wYNJIMW(SpZZMq4#+{MQGg(j|2_K0HzZSIlY(lb*}8Ie%)7H zB6)5eU0ZPUhT5kf1RKS-O)3PfL`|M=jfrI1x+~h}52G|+L`gS?L6mM)fb5{VX+E)6 ziZcj)*k_t7L*>p5vCk#uqpgDj)b0J%+WvxpT_j z&7o5X+Pa5^WY3e%(t3WSb!dRUrN7$7xeU`21k-d)`KqtFs2OySN>MmP_*z}q9J{F5 zzOY#@Zg$Hf3q`uWde{Xv!vP3=5VI!dJFybO+M1ulodnsozVmAFy+ zB@XvfcQvOsHhZ7-OMTc6qZ`+Q9rv;ltf6w908ly#*5pYxK~`CbwUz1+`}SsML$kWQ zS+8v-k^aH{&LjPOY5kF-S=yXJ5$82nuMZRsMRurE=ZKXnE&dkRXCKvSft@-kPJ~*( zQHB1X<`vJE9Ktf|!-1Wg37<6UPn$KFw1jCTcUG%MThhB))R)c03;G2Qx1=_;L@tHz zwYwCuDCb47cv3QH`Lve%rVjuqsdSTyFnYP})27vOU6@x_Vcuyq$Gi$jjH-H`3*)lq zXMn=!95M5HjCIibyL z_@JLU+)waR2+Mt}HAS(-5$?KQW?>6|#@DqPGsxCI2+g3-4berXW2vCT@e_P1;jjN? zS$%+CF%7n)P=>}+;6k~zY_Mak8tlI^P`xfyOSoiP((778_G}u=J>E*E*%ozci(ZA) z$cdNN2dlP0>K5q>h#dKJuz%MewP_G{EMnppt?7lWp_o`U#IaTn@n0FFULRxxz@4q> z4SZH&-9H5Oy|UF=+p1Q!>ea0g`~G~8S~R#b`z8XgLY4wkJ~Sj)KUm#87)1E8RUd9G zV7^CNQw#eG^Sxwf@bF-@Yp{BBuzGwj?6IxCv#P&p>#uL=|2MG53;R14_g5G6R|}a^ z^0%_bmxrpWhp6j@L~QMY{(=%OwQB4Aq5f?{)E#`#fk%DPUoD_(t>IC>7+{C5)zSX3 z1q1A({q>>&!lRZAV`qjLcC&wA;=n+4`+)S?0p1@5rd}9G)OZ*mxp{!IdVsolfL<{G zE^_k_2WZ1Z_6=+28E+5k#0uUSpx+(Pffd|7D1FBu_0fRhLj!`_2Bnq`Ldp$~DDtv_ z?ll9|WdrRi!45-_R}FQR3_T%5em=lCJV1RiKpz?qQRL@CoG*qHQsi!?V&$plm4O1P z-2;SrULAfy8hC4<`gmZT2G$HtZBqWH1Jx%3GlvJdYX--!99(W)Ga~PrN-mOFGYb7< z*$DsXVQLS+;=fx5B^i2t&{eAj87)M*xaGZ702&UGwbqSbaW@QdK<^s{>17~!4(-XI zab)ywuNcjw)g{CE-V-C36C=MMUtDq(;0HKG!uq?6QL3{0MTd}5vGBL?dAY@vTknqW zZyK(a%ZdIdC)&x0pnp6jxrH7csCaeB>yv)|3KiD! zk^a-e)t=$TdRjR+y8YFIjcy4_8m33TT8#uwa*;^Y^rbWfXjE7mMnb4J4R)Zwn+EIU zgCjzHW4QWocxOW0ODdKCFVdb`j=}*$?WxJ^MiB~Bh4uc(;D!-u*$8O(_akL9J|5go z#`?3tsl$U^X?TMaVhA69HY9dvi2Xxb$ahr%_l7_BbR&M&lDJlYo#uAJ6FH4GU~D}^#^@91`(Dhk-#qmcr}m1>*v z%g@ebNTJcfDy&yWcQSr&AFVfxR?nInIXJX{2mg9F9krIL;`fIJzaE}CB6la6`1jj= zHZ|yCnMfDoQ{sqbq6eF;GhQ)$SWJN!(WOuyD{m96EOhCG`q%*T&T;jzJbdz6S^k|d z)}hgnB)D*xyLgzoaF~5D%+yGN3&uo{`(pG7<-rF-osWmAcZTZsheq(0(yon- z-7Y#=q>VxT5$+Y6G#E86wMd1OLGD+%_0pJlfNQO@TDEeG+Bil%KSr?fFT?V(>9P@& zI4@WJyTjBw!&1~tQbYOiF!!<%@lS_GdfLAf>S^83)6#`{+K0myp~kj&oMT-#&i~yQ_0kxlvAr`q{XUv+Sd40J0<8Xaocq9nk8>0@7=`09#Dz#LWf*^QvT(EMiT0NGn*)l?J9nsF} z)%FpoM@ERoCge2KkW)}_EH|&i_e;%d`zVI-;c>wOW7XENYRg!)Z7h8HcO#saN2uS8 z&@YYn8`Qh)BOIjcmJw>}2;t52^^n@vziR(JGhY3AoLW3CVx+H(6s&r3gtiWh_iq}f zmh(XeUU~0GwPR$Y;5{_b4qvP7BV#*8+S^C!T_c54E}p!a0MBh!Bw z>Fpn#dTBIfT~1~th~Ac3D<%NY-;Z<-j1;lC59S=dVVr%-xS*reD07K-PiSXVFHML^ z>n%vb)KlF#O0OGLz<9K}b4+^O7JhYsRFOjlt3*@TY%NXt3Gmj>#Kr_PJxN z_a{V5;jvNfGo#dFqwFU~MNHw+@%G~Jm=?!3*zOwTY#gOn#fDK4JNRgv{qeZGOHK^7 zc1z5ri?Ng{iX~?IW38{&w~tmEN9SpC{n*qO%HK3v z-8(w7b+o&FZ2X$B#yYa~e^`qqIo9Gy{=*a0E1FPg1{_s1{BP$?D}v{#6szbrU19dSFa?>zI(N7EN}n%P0E}PgJ`m8nSw0O!`ee zE3uYOhOC|+nk<}k2sy8QgCM*2Fi)1N~)q%;u6_eDGNs!e&WA(%1^l{bsCwZtUMcDff+aHjm}(YU9}d4yEjx zqCT6XzF?h3<@o(L*`=Lhwe{i@|5uaMC6hZ*%AMoX{dA}{rqBc9>}})lrQJ6!cKN2g7jGCJTsARv{=_ot&8ZQdZy)dO z8n3pGw|9<@@ce_x_J@;Ci08MDch-(qTx0e42+w~v*?w_yA)arXR)EY;Ob{?_952ZH zHg8F>ilVZ|55qn9sJT5GZRHc3A@DY7Wun4u0z5vQ%q zs}ouj>nAyPPf}|pv8;#|Ndmw|XqQ`0%}`IyV6)9L_teR%*fvwWHeDSw8wmkEJ6X_e z^CWHUndyHrT^-^BC9!_~LsrDxl{4v+r8XF1wbxI!@1D%Z>nF!HOt#mXk2Xyf$~-bN zROm7FLWMr^m+HCHM=VlyPN6Te7R@sByJl))?NojHRJBJXKa%#+TxH*6@3yI_Tc#QZ zq}F3X2c&pYlU{Ysn=0!vXNdIsLis4#sxA6`v9)9t_x{9WXU}By#ALmj^~Yahz1se@ zR-exFrPY1AhgG&770cQ>tDQ^84$m_?9Qjt8%uR@URcSbgKSH?zVXKl;ESOse^Kt;-ITGzSU&jw<<}hET)QaF0#X+Mjuu#hZ=oZTW5{F zzj-IG(bpCT>^wv|X!Hg~qpSn7BBplV6nEPcb>9?w^OT6GJwGdg)vL2ksL|g%#aS^$ z-84lnpAxaQExBJkKC4}$kGfYb7mXehRy?l_Mx!q`8a*Gk%lU943N?8)CNs)fdr|?5 zd}ylR?Aj?EHTf~yBTXJNtWW4>IGz??VeLHW1S-O%Co!KLG+Z$?&saa3h7P|+`KzX? zl~Yq6p};c|aH{*+wD`-@BGc@j+f6fHcg^eYd@9P*PmB(4cJx>czCvP6+Jr;)DRmtf ztB#s`dvgk*59rKv(~~I30oA)8oR*zmZ5=tuzj>Bg0i3~-KTpZNJ0*anV>@ZxHy28) z(lH6qNyyNH&4y#A>I;Ht_(i1s`UGq7$?(p5W~t4x25bQa5Q;}bN~z?GGBlzpEV4?N zT3}gGKjYPk<-JYbyzKl&>;9AdKg?1uhwEB7HM@GMgUS|!mQ0EH`J`omGwoHb>*y2iol3PB_JuX2%LWM8O1$n zP8f9xD~-;dtyZ3-R-eQ@IdEgaqr+3904P245o;3fJD~cQd!w~Q6q)t8w>oRdZ2!KK z)MkDSP{dxka9Z}_X-s>U5f~}%E-fzv+&3is+2>(!9-o7rd4G`U1Jd%!37d@9V=EnIk(xQv(0*2bFhk_ zB&%++?mxx<{mE)yxayVDv#Y0v5Q?x}Rz4)ecv-n1SOhLvyEN`OX6@m9M9BXS)-!Sk zADpZXnL7{!6E-B154Zz^W)T@kgL`Ql6V)4rsOEVYWoixu+5SOxC&}&v40%zjXQT9> z(4tFRJyUS)$aFYCSaTS5xs}#_3v~LZ2+aW|#w`Bf8t%Kwy6#l}zS(Ls=fDRbJH|*# zL0i)w=E51-g)__;M)B0j4o(PnuPZQ!o82SQLzGBQ2yv$dU{sl_O*B^va>vLws=4mB zt+l6uXHU;oduHq3%vLYRwc!Q>LT*4Gesd-9Ns6Z>;s{BnTo0Ge#2d*n)wc_7YW&e0 z3Dt2^y{s2c^*@`fzG%NG+SJQ$fH+CoF#E@5WS^YDtTnM!gSb>$%1LGBJ6O}*Y;d{Z zAkpp332(2C+v|l^wp@o5;h`|h9|@x;xWOM;AD&82@2gHxOHYwo3-_Aai-r4aG6Zbh zGrB?9XP5)6IUx|zDVzyD-@p~Au!-aBGRF8E1k?IivbopIbfw8l40VMk3D8o1#f%JY zPWlY(&_lLMj#tIJI#|iNIWi&0xqfEdjWg-DCwFPIvuFcWq5>AxW^<#C*RoJ66(I!kHe`J~E zW|=drL%C%N&;#cQv&@fAr3sZwm(*M*nkl)Z(%(o8mUksr(y?bqY}*HJt4E=_ zRJOk7B!T?$Sx8#ZodZV@Mv}q12?^91;D@ETXSYepjGUy)yo&j?*5=bX=xr-!`KxBx zgvEIf7AMzr&8&(IvrNgLY|Y&8_C;Y!F^>bYjDM9m20nf{<*TUp~nb#6FS-*~EibdIxYj(T*C+BL`MU19rJ ztxp9opkfKVz#4R=v`J<1oAd2(x-G$H@e10*tXGw~aSpiftCIyTAI{R&MW_2K=cv_l zjGnOar0nXGL{E@4j@U1$K0)pnG4y%Xb*F<+_svn;+&A$U!5m@L4y;;c-5s-(a9I(5 z{*LvcEaWEp8&}<2{=ExVn19z5%b>Pe?FQx}b4{+hk-?1(^L*0IwT6-Go#8EfR z762_e*|wIQ;cq!jZR2eijd6mWoPFfvP^in=hUEYhuByh`bOy_L{xr4E{6q!4BKSnQ zNbd+fMi&WxY3@u2!5bw?v?D?^g0cmrg zNo^YSO#**ij3Tk%Yr*wrs2k77FSbDT&?ZBxwo|gVoZ@zrJ+?k0ls%0G>_+xLdPcOK z5z4$Sp`LN<4H9_aHX$sLJxonn`Za{ly=SPcvV=(ZlrUndH7|e+joIik;eE<}Kxd%< zO0yrch1Ns>akkxG3#|`Ms5i-XTo#9w>Wc>*p9^I<=4sFF&gTf8BDbzxC7({Pm$zD|VeK{8b}}W*9+~$Q|LA!{@q&Urw+#on@@l zTnp|X``H=pp)>TYUvpM`O-nDm_9olk3b|w{TvFDY(%lnL7Wj{(feURb;gl0hv*4HX zc3Paa{G^M+ytpk6hVW1G=0VyBX}4q3IG*D%E)7I-Korx)m0w3*tqlh^AHL&L={2o7-%`LXnT1aQn!v(4Ef6(*-!nFU<^rt8@M+VPjt(JPH6p<1z zq|RaRdWN_Dr_6&62UDu?M0JMJSM$MiM~Km2Iw(y67TRO@WvuVZBy*Y^ zrxD09Ur=zJ#0Rka-_0>D@~0(9PM>)A%DVUs6?OIXS()d?!{P6AU7R6A_p3P5e$|_@ z__yePYrkKq-eAHy@na?+NDN&Ca0cILaF#lP<#)L@F?xou>&z;r{#N?0(eJ_2|Dt}R z|6TpaS!TX;FPlLaGQpLubm9*P-lrU?1ZXQ6v*-+NdJEX<$Flv_cQe@e@_>NBCBFY&7rtN14~tvIO;{!RewJ zig?6%U0(2aiq|~>$^r$ur!BS$0>c@KC{h03w7my_T~)dGyT7&8E~oc1edbI}A)OFH z4-u3Suwlazu0}5^cCVNJ(|ZY#B1rEw2}MApiGm19LXjqyCLka>0TB@_h=N%2|9xwp znG6sF-+Py^_de&$E^Dv#^~!KiIh^gKRKNDN*e~j%ns*OI-5wO5*{+u|-0DChqs11r z$~-_gD&4k9m3UH^WoJW~5BY$dD^*M1U73rN)U7F3lfMwP$gkXwv**6zY)1?ADQDCF zbGF&r4cHd<>a(caW-ia_kHBtVC6+hGZv!9wZ^&|CW-FwGJ*b2g+wI)6b{L?Z`5rKF ztr3D5sY(ease~iRLi1Tu&1H%^Ks&OgRO9pla@GvOC4b6kCn-eg`e)Ly0{pL2X3WSPDg zJj4JkA%X2xqPGtMDQo1?HTopctUI^Y=$-Noddlj0y>gw5oyJ;hOH*AfJ}U0}#@%Kz zw;H+4xNh^Xn4gLLsR;WW>>OyS-em{Q-&qo-;2izCYyVy5kZS5=2XJTGiEGl|%noLa zn7bsJE!)aAvZL%Eb67RK53K{+t9G}s;3F4%Y7k$U3Z5&0%Ri+z>}4 z5ZdjON|RQT(Nu)kU_L#rkws;{Pum#g{AXf{dV)EF5EES}B_^eTq_vRmOZ#g5+Sg4> z+)8imMd^Q@YR%T2M3j(~lL#Eh;&X(A91FGA+y^xUs92t#pF7UnNJV>s4+zB&HQM9NftSI%^lxPV4Z?ik*7(DZx4&pX>v zLa1lBFx#J5n$^~W+D2}rowHFxSDfF^^!s=t^2!`-7Ns#o9}P~S_XjMiC4F+F0z1_! z#GcS_M>nu9i+pclVV9s$=)N?ud*+cS&WT4h!gft>9 zs4C_4zk~_okuiPQOVkFN-Bw*0p!qzHhQ4Zd1H9fKPd=ww3r)7P#l}iAx=~Fqi~N2^ zzwh_^A-`X~k^Xga3Oq&=tFro7Hf>-7_Ol@`w13mjk<#|b@9DWT>1hA<+UM%E#OeC` zQd-krr;UDTEy-s`HCn3nBOKA48qRD9#MZ4GtS4hDyss|LbjTSRHKIZV>??b=mE$ak zkz=sRXp9_I<eKa4Dd!AgESERPIx{K>Fv7?$y2d0fB!d{~~;<1dHh*TeG6aCFbG zJU?dsGWN=={GI44@yaWo);l~i>~k)jrH!WfeOX>8%k$;v*JU}mE@#jeQh)m+f8$p_ zuGK^4?4kHlD|d|Y$FqloADlU7sC)&*$K9o2{&;6@&cyKfZ(2FOUi@>}{(89hyJ34q zwRm=w908@Zij~?;70w7$4ZCk5q)?n%>jVpBQu%x2ZUhDK9-tYi>XcQ%P=$#&R?)?8 ztVo`k-+n{HDJpjf(akV@P1%xaSb=r25$EoY>F22K&!@c#O;=vFWjdXgQlf4}PX{Bm zT}eMJeTMipAXGmx1LYC&rp5q~VcSc;=PpZ2Pg^YFlroL`6BH7Cz# z>8O)i1d=y`7XUe^z^|-*(%PR}^DOPsk%lzlFILX#5RO@$BqU$noa5wt@Xyu|PNC`$ zYiF97Og^JQo{8(hmP9896@fTe7J*5raCkzR7-!a;yu(p*Q7Sa)3YQPQ)xg$vRomo7ApLa zGFsrd&OK|-3ss0+iP_*qM5s-pZ6GZZ5WM&GBKQ6if_MJaUv0#{riH@~=(4lLpnZuR zf48Ks%k28s{c%kmt;yXJuY2w0U-#~+Tr=^yH&o@8s=HNR_nH~zJCm=0IzVJAbx3Kf~TqEsa;{qoJ(p z99r?2F|6iL{+G^K9%&J?85-rR65YKUTtEPV(Q;M)eEvrAvB#QTFs2hy4jk!}000on zg7$`|6CFH!-*M&Pi~YVdPG99$1)Mn){8nCG0M{_|GOJIdv%0Q5tKY2&RfN7dF{{4Y z<12yan@Tj>Ky+SJE~>h(>#UwJ!<;@btKE6DNMQWb(3}yP(?dBUq{YO;VfY9!tM;sF z>4u4kJBT$Ne%ZVwq`?D1Gz5V5Yr7H(LgM2qXe;M`K4){lS$II9P!3Dv!!bjjOt!Pz z%XVGcmxAtObswbcygpg&&BKlJ`mip6+Q3;CSbx3X-H$hv{~C>#WkY$vcsUm=s&<&p z2HQfmLuHzoUMHZs#Fs9jD6<@^9G6YA(`QeMruT6?Mn01Hu(!o& z!lNVE3qCw6{+gHzxUW+Fa<9B#B;#^1S4#CL$9EWxs`Rq~9^VtOyc2!k`{iIU ztF%wXEUvPLJ6C2r5*A5>qY9t=(MEr;gk8|qNdI&Hu=cMQ4d8dE<9x4G4l<`n=c&Rz zXUeCGIRgN#LoxD^r7}EqJ@s`T7Dwz!B;%^NqC>edMVl3CqHO(cp{PF`JxY+nIg66r zO-hXdXdEuKEk;1B{+$O@nn)nYDsWvON;nG8zllS*16b1&w^C_P8=VVJjY} zww4SOTRrAr8FV8N_eR{6?6B{8CgwZvSw%N`0@{U)=ujRdlsawa$E*G zon4IR5N`{|NHtTj+FOdgazLRnyR@!uv<|z-q9wuo%9)s8`i<~@*jJb-WG((-Hfc}} zIcGI*3SOaXKEZDaHjD%pv-&uqgGIf;{R{+QSk00}4tKS`-qt=MaLSOn;X~c!4&s^& z_+r^Q{V~^>&~aJ;Nlrz^kdt(^jyLfCi%gLwxN@HUy4u)tOzs53FmyQBF<3w@Qmasd zfOyjSbp+}s0m5x3Gei$SY3rS$z5JQgSL~-v`Q`Q8ZQkpCVtTjH zfARk5RU`l6Q~v*Yy8-{)bpNlu>Ho&;z1n+C9p}Hgf`k4Ym#j-LpKLVNjr1|*kc*dVx^dc^Gt_y2);HfQV z(^0+rj_-UO_xf@a9fBgvc#n;u_k6W`=liY@c3Rj5bN=<;*pRd9AhxF7#*kwL^+9dfH&ZTN!PtN5F z@jlro>_+nJaryWb$q%BrYQvSmFew2Q>JMK@^xMU-PPltyPb9D^yxP)wwJRHCZjbX3 zyg4dB7*s}|@1^t9&i22(pZUM=tlod|o*n<<`LCRlt;bCqjQuf$!2U&oU(-2UZJ8v# zEw1D$wMxP^olnD+9V_{Y<==e1_40XuZP8}VD^L0RP=4E&-Q|HeItHb<;x==)#asU- zwS}mKFa^32$N#UJB8LL-|C{@$QRKC*Rif~E@4Yh;6$+^q-FD_Swf27%NzmO0*~BV< zUoMO-VyG^{GaUb@LL`LEoQH4)1>jm>7le~c=%x1wZ z{U7z}L`sOe)F+9EKJc>RVEg+v?W6iGCq7S{JNsqVjPRX#*9geSjB3BQ$vxg!K9dK{ z2!`nY-lX58ex5ihM)I9 zVtQ0(2HgUgZx^5_m%Fj^mx3!y{+Lno)lqlCs5^96PPTH^m>fTvJwgn|RlEr12L?jA zqikchjSd?Pj~MMfZqyw+if_Ry4e06;&OnDV8Gayu9Z16EqW@y;(iKOVy=XHLQGVT| z?~)8hRMn1aG@h!kM)JYZ?EG+nE%gGsD(%PR%>2TFeDFPuS$RVBxnGDqX|^}e)P9j{ z&N_oj)8#WyOW_%A=T(L-^uOs$G#p|l`Wf)67VET(=~C*qTs3J2~#!}$(3q;fr`NflmFR>`N@cTe8l~Z z?ga@Mcyui>f&)_bd%CuXIlx6QAtaocC_lEU2+>)MMd*k0GVn~R}< zmCd1*GuNu)Pp)hf;|k%T=O&l+FS>d+j@TP?_3jvPxBAsvX_H_T+do|lyC9rgjN@$n zvJvx*5qIU3#rWn(_S%;&#&tEhCS8nmHMvnI|E8MUqQ_fna)%!8u9K?}-c!@n`1(lq z6(jEQbTwXvL9a6FG`XBI>t|uH!5)*GD(2g-F`oxySEp!qu7)dmh`*Rma>9r`UZ>`a z5qGMenk$%=E7=rmcb@=TaAgxMc?H-i2u}gsLa^TE|1oU-I_y@BxDU$T#}sl89?3pB zf=9$octp%kM`XhYQ}Wn|JOXtDR(>%ePw6ke8j)Y?@i!y#tRBxCa~F$yVWfBvl?l67 zj<}7(qR6duX7nt{u9Cu+fwuc5 zr}Pn>(#MDGW5Z18)5GqU!%8bQFrAOT2DJG(+yrrj;8~l$YuNm7*xffgIfwTSXD@l_ z99}viSLh6Vb3`sq=kTf#xki8Sbxt{ce?->n_v6RxJrdrcb9no3_dUbz?sN`c|2$2F zy+ZIeou_5Vp6327{y8S!DcQFb-kuLuVOdH6PaDk2mBaR%I!o6MyYKi}I?g4*32d8~ z*p}nU%r^mElG4igTJhkmu2lDgG9RpU`PIYb%wc!#u-jOXGwTX&=L~1hs^Bs+>N2xu zR%EqWHrG_-d2t6DdC@zG@rFHD2~QvHUOVj8FdeW|g`@6CIO2y_&JWI@lnUZW)@FhD zn%Z;_D?M~@*9kfZv4;-oV9k74ATJ|_h2RoA%4S}Iqk|%{uxB~{HKy`!l3i5TS}QpK z_ycX4h&{5y(?sQAO6|NUR5`*+C}Tz`VV9^}{cdQID|JpT0Ppmw3qY~nmrj4mhIW~legvTQ^fR@unEqn$DAS*1 z^3R3VG6jE}`Oo3_5_%@k1U{Yo{`TbK18Vxo=l68-{k=9j`NiPz$;p3OC;z@7d+!iW zeq_k~ct{DwvrPPRe)3nERPr6!xJiz4dMNzvQ1|*FN9}5r|fBS*LgP zkUP^)?&-jXsSh^e_tY_i&JcFth2=^qVv=pSjNqJ3HY(0M_mU|`ObrXG zhRnu6ci2#fA5;z)eZj;ok?l4;gY_W<4M{O@e<&a;3RUgrQ=Nm$3O6Be^+J6$n3-sv=i-N39`X zL!2zg+W0YOv**b3VUh6qg|-`cEu~4@tx+T{PFa{{a2FoIaMf!p$7(9iwHKqoV)RTb z#yoU4ekXwYWy{bE?w?$SM|BxC4BGKQmf@*E_lrS=^2b?%Cv+L0m3yyI_#QwL*gkj; z$07bCl(pj7He9VV*3I;FYk<)C3ZbZC5l1Lq0e5>J$`bTJm7sTOi|3_;{j~?$W%l&#hqVB$J-6Lg{)4ny> zeeIz8?x4~q9rO+p6ox6yqEy)_)2f1QAvj4P{{Pqm8Tj|wKIUI+R)sO{37h>~;j?X; z-m!_Mmmn)R0af)&HH?Mg6983Nf7zUSp|=p6#Y5ZR&nG!$(4MUGzIxD|>F525C<(4% zQ!CZ`z161R_cO-nkv9qcH6H~=gl@GALS*JUWl?_bDkQPAwa2@n!m};&o0j`y%Y*+P zTG`_yIznm5lPx#i(*2*yl8v4((d;%GU0gO_FB5fnuyfxLbFCWB5A`3f58czH@ab~+ zOso63miv9HO_QuSMI#bDeZ|!lYW=h*sp6^YkGm2K@Hq&S;>7Bg;6xVF93}=5UQ`#2 za%Gw>XJ~q7DoLGv1JV_zc%j8vHrU?_gmQ!Z%s62zWXZ+U&^{%AU-<(K;qn(JHPbuDva%iYj24~OzdXm2Bu%-vfu z_m#}OrR*V<%?6L0UXfMEOL8!dS2+rswEb#Dj;pxiD{^(qQIq@Xmbt1GT4LrdZkeyQ z+!ZbPI$lxGlf{nCZ-p1Ox-VSQzINCkth!8Fo!)cVl!$@srnJs!|;r^Z`IDIvE zW4$?3JhN%|eY{R_?$rP;+XlD^V4DEI9H3JS*7BMjbk2Bv;Bcve&MB|&-1DZ}Ini7> zrWJm*Wlm_h<6HJLUAJ>e=G>Awr&K(u6&~I)$F$tht=#HT{H>CgAT}-CekszvbmeSJ zf}70|SR}cEBNRJFk-rH9z7YieS5`{eD`i<5VyuV+F7}6grr-7DdSlw{e2nG_gY#mM6i@aoih$=`;e4v2f;a+|$8_kODP(0>Q(Lp}V>nY=!lqA@;LhO^$#f9({S4~VR*F%+X`+q%m{iSdInuu%Zjh8fr0>i3RS(_|H#=joCwWS&yL^ zfM3>KdWrjr0V9v}DZ<~v4~pqLcdmb~>{nVIvRG|kwm^wSsb(rA`tdykMw?5TuuSvv zcuRL{Q?4Kns14QYnw+|I8o+o{huqd7w{}p(;f`kMf11#h>7;vbV3d>aO=mJf;gCs@ z$~DyH3ErVYGlBqo7FIKYR+?#=eU8B!s%JG%zJ{9&7D@iN(hjnpp&HAAXE|X$CorqZ zRd-02s0JcvElJMLwe^Xm+;pvUdmxQGz|RU^VBqL`38D_?O97r9Q%p|d*j4?4(1m=# zhhwXb6)3_Vc?S}i47%XpIt8+M!C{=+!w592l-M?CA@QNR)Ptiy60)Oox)qH}%fYd9 zs&$$}(79BNgA+K*JlELlG#}lR7c_&SBHEIzTl9 zCrXOUiuFlw8aKCptlK}-p_Zx1UR9Bm=4~ELyaQ<=DKE6(P-P?}BCdjR9TgM34!@|4 ziAn%j8g&ZcPUtwqTNDuFM_V7H`vGH*oHAPKIWbrGrwr#*uu0;v@`v|3MTfU zG5cf1stsfAryi^P-!=EwnALOa*>e(&BFixY4)WtYBIV%oDUxxjCgs3+gRd}6h*>_s z_w-I#-6>~x5-;jyH{#ONh@u=un=h4ug({ZQ@enG2qw#_cb6$s4@{ZI1I_O!$>XZyQ z^)!DD@avz$)1o|)0GwMuw3}$xx`j5VyNH~_1b+ko9M@7rnGH>YN!Q4L1LgGB98>@;7odu6W~amAr=w$eUTxobS>NEy`F_gP1Y4h zRhJMEMU5B@aAdfDq&1u!!L!6ez+zK5 z#r2=aaP)NvN{{Su4to}p$anKmX4okDIkP~$Up9jP&EH0NVvC?iba2j4WL%iQmh|z2 zgEEeii6Jpue8%Pp9i3HIL+H$!rd*U_;H6D>ZL@S880di^fdH|(XEp4ZM6*L%WxtN) zE?9zgZ^#4CC>VYD(D_Vu>e2^qBeWvem*5uv>NEUH$Lpjc*s%k_F6@*3*};J&ms}m1 zt3WV!MJV3@C%KWe)u<6?xYINYw;WWkAh=zNIK=D2IqO1MAFi|hkobLm%IEZ#&MCh% z*M;4|j#U;yLrOH&h4A#&o@~?Ey4Z9@6E>ved3LUy7jw)_`A#C&yl}vAUYea)XkU}z z_x>s8`RiZyy*xLbm*HCB+<0zg-XcWHkaG?g$hKO5A&uFI@r0xg3W|r_9?m%||1EE@ zJK>_2_u9|#@?@iimCS7tUL|r1D=K@+C+HQVB-O+vOHW*hvhSDA%S`)8`GhoO89e74 zk(Lbj8YLHry^wD}f(vJoQ*bLzPrdi1lTSsg7JIlrxIhn^?Gvc9rGygN1SL!rYqheR8OIm2+pw*F>-ad`8HjF&hOM3R?48kzA?8 zeMaO`4A&wv^WPQn$GKrT*7}@wOE~cbT0DoAKIkx9W`NmA5C?aqtlH)uYR9;U z#~vWtnpYi|zQh-KgZ~GKOUx`k$J5D+I9Ota5t$F$kJzh>yP8xav}eWZW5Vb=p`A$% zCaBr}jF{&{-X&dj>M+ukC`F%<&sr@s^il0qnki*+nJcNzCQ(jTkmtn}%1(#&H4!42_hkV%%eKjgBi&KjhNg=WRX?#VWtO>1*QdP1Z<8)1C3B+|qr zq(Cz#zdOE%MGf>Ipn%^gTgdRlW;nlp%6XbwjB-ACoqjKq6oKicq)9GB6o`!%DQBHx* z5*C;Ez&wr9*%MfO3#x%Hd=8I--gkg}&U6v2JOUT)Cs=%DgDbNb!B#<{r*r)_lw9Z| z0B0yk;ynV&M=P1+Wdoi^w?F72G*tGBQM9%%qV$F&u683kx#;Q8{7Px!6QPU~^=5$_ zFP5cbFfEbRtL)LHyL_;H${x8f!;bn~KS=@oUBL&U1xk19e7lhJSucqK%UVNzCdm*6 zh#>RSi7l5eEA6!GXyxvZcJq?Z%QQ5ejYHmSrHPae63a zP_#aVNVYHrcqbj$!?5b}`-jX5d0NcDhExOj73Dxh6AdD0onH9~`6SRj%=a-%(;;3y za$62)E)VZ)-VFH8;;!IDgNg$As2mO^J<8571Q?1~pa*KFDwd4_RoV22eIZUbCJ2-u zrOuA#ZXxlh*h>~g%{EOVY?3^R3V?+YqrPfME2X8279Ug(wy(EWeT2Ssd6zsvEd)eQ z_cJFC6OX9NjtVpginlc(Wr8Dm53R$6{ulfGu;0(o%3RyWI^VpMLa;7q!g}cZTeg<| zjV;4gV#XmjjGsyDUx3^Ye@IpkC98?p(C6*UyW}He&hG#-X<*F!j<{>|w*M{%@T#AX z!w^?(A7DD>EoVB#}{cj=D7>rLZ4%3pVng$HY7inse^Q<Ts|SSh~W~P4;l#?V=gF%{Yf$I$#!J4iVRQ5aMI!Ynfoi1_L7xSm_(!8SPtA8 znU;5%Py>Kt2}7|hlkr<-(G?dM?~><_L)WK1KKaxVpTwnma0Mof5p@wAXS%#77Jmy!Vr3}p6f5Bhs*>XF|GC@t2opcqG{0!7#Or}a z(@I8EzEwqWE(;o}9YyQEywsnlX{~f?=S*3Ewzmj$-C7pQ)@W;rQkCVG*%U=??b&=u2q@TcUCRMTRCpa1f46R%5*R6H}?#GKNk)Fpw^A`aA7QvFNMu&@Xk&~SPbseQMJq<=59xg!!a2}Bpa3W4YLjjAIe_> zh5!y_0_uDT=`N=C=SF&Kl^@u+YwDqIs?$$X!N~vbf&Dlcu!x_+=F|e1-pw0$G&VHe z+}$b|W4J+Gr|R#sVH5xQRQ+|fPSwv86c`*ibZQOOu4(vCy*=fm)M6ibldN4wEZ;kG zThuY_gKwDlAuoSX#sBT~xAA^&mwjYcv&?7HNBF0BdFm0dui_ROcKJR^jifX|*>4O} zfajQnP!J2+!UkY=%n%A1g(~(jH62XGb=adI7dhioqjgc0s9gz$nQ*OHvc||-Q}%ne z#$|5sc%mlN@@x`!()TBHI?#-u%qQbe%87Ti}kW|-1NtTI9&lcU6OKpnv zE=I*D@U)UfOm1a@k}OHgUq>ixkdZ#FOv}@}aa;}Jq2E(=Ef>5mEee3jjgmoWAu8KY zT7VpJ66{>mg)Joo%pL$!tsjbo(26Q?7(Mj;iI}J`*9Osdf-37}hjpq2C+k?JefPlt z5P5kmODAM}dst*>Q-fv9L%Yr@##>$pQ7e6ivKt1yu|;GuAeIaEt&-50fq!Z}JiERT ze!oE~yCO3ni>Ad#&FbUrC?(OkQAmT|()wzHOV1fC%M}iym!8*Kb)fC8< z^<^BWKWxgK2{Ki=q7PEI+CV> zH(PFcjkvPq!C^LT=9R-4yLMKa_*H(9$W^n<)w5nL9vD~Yw`SpIy-|`Iq$lrlT=88b zL={8^lONc?zpS!<8E#MiC}6WQFgeEi<E<`+s^&bhf)(p1yNNAEM`fWol?vhjI zx@Q~myM{e&u03;ZMq_iyPA~;EHzhEa(9BX}my&4^i=CzPqr&K39xiwEdkUQZuRHjC z;#Er$v|`Z*J#45`==l9tN%QfPWKsXfP?vPf%p ziNj5@5OzBat!EB>B?mktubzbDT+rJ*M&xLW_hOEgB@>_dNYp%O(2RHO_8XAMCJ^f#~%Cmdx9^sR7qh}+U@HP)a=xc36v zkiUi*LN*u$rpp>=-{fRn;Uy{rLxbMMfH&AT@|`@|Q8U(> zmYu$MZ?{*S&&&3X&y;9yyO$Y@rpLidN*974Dtjv=kv31udM!%x=SFz$Tyx%Bcm7;i zGdFy}L&=)C?nMtJcQnnd&1gqASLeQnojjZQb3Ut^yoz34satZz;O**LBIZMf%iUn_*=_RtVOGStG{^DQ!;3B`oqc?=$Rn zL(q;0lLwXH+FPA2W*AjLS!Z@Jb1Na(6H~UL)ZC$wM;N35SBIx~V!zFTV=ZA7tw0pR z7(CdD#Ew%XON%!`0R^&Gr+Nh^6y6$K09$`|vUhT(WB_)%cP6;RBxfkP9RjE&=Y;m$ z(4Iq;JM^jGYEHhE%^(_=G)(Q?Es{W5!S!s9@cYl$Ht65um2q=pBrD@j`n~h}!p0~Q z?3btCXypU-_b2)P0HRAB0uL%GmlH1ngk4;m)^=Ph9Y1G1kd4Bj_KnJM*?n) zZ6g&VJmJ9hkcA@{q<2U)d>NQVNkT%4%&uT*Hg+WCt9uCHLs{(6R7z2A3x+yGH7Kb4 zSg>E6@@gns$P;I@kNfFct~7HuszP2-hwO^ne6zr!9?T#Ft`aQB9W~7yG0h$~O^%)B zKvv2j-q#H8Zep-glp~;kWPLSfxR@WH;Y_N?42F<8LWa~{ki`+Q2aw7OQ0&p=CW2Pm z9-=&z38-9`YA%cXh`RiU4itb0SZ|(Q7-@niAo!@`V@9XP$`xPU+#<*+IGCeogH&luiWmHv9Zub%JJa2cd&X6AYb>IgG4j-3f=s@|kbJd1T)FGK58 zUe2h$XvJa-HOy|*ubM=Is)p)zT`%wQr-WMjXhmV0j&0pGZrfdgJ9!{>?~e1uorht? zo(q6clY|(VraoAQT}9ec`rixlZ>GcF!i}1$dg8LgZ0x4aCe>k_>_YMr4&iuZ$0s&6 zWo3u+`}0G8xYTTH=7SYq)8&vY&BE5wWak4}pZBwApmvGWAx%}Ax+R|}{q4z``*}@;40!7@yQeI(Z;sw#w&`O2nA_8FdZ?@Fv4%X^ke@dcS9Ovx2_K>< zMVsoAeYGZE@hL@eY)wueg-A}U$tij~wI*li@l0ae;#Dub>WG>gmR@yqO^(yEj<3l{ zdOW!%r|I$RnwrCU5N2G`g^pGra*>yRvgm$MlqZYk=SA~GF?y_M9xq1YMQRB?T68}t z%A-a35hXx2Ni78(Hur#`t zp;U;pvM2on?cb`s7uM4Hh1{KqMcBS{mSJWNt;uDxET1tX*5u2z__A5<@>$9xv zqdv9uxooAc-od9Pti1&zcmwsjlr!bXV%grj0qE`rTgTjNidOD5pTTQ7`<<}$uc_?7 zv!z7@(ScBr_v4#VWnJQuh9^kqOH!r9-0()=-68Wse^;63CEI}%pTQDC0h*|RI@wY1 zk&@E2GfStwg-qW8EjMsLxoC^I>=3{(Y=#6ErX6-1;}JLf_TYS{W!jbuVS#jhgG6i} zoB>B+aWP*Yo4F_x5{dzb&_D}{M!;ZHXqdi66)melRx4_-)8XJ;R83q&PgTt?tBAZV zlbT)(6R*|`40CFA=s-PJnz&ZxuE8|7q6K0%f-8aTjHz5_?e{Fpiwnk6zxlj6%b+

    uz&*b*gLU8CHDfeo+9indrZ&+kig{gl#X_# zBaQt!wq9d-vrI&h?MWoulZUBg9eJOnZGfgqn^N4;(oIzFUrQaL-oS}vqB5LW+Osaj6 z9y$a$A)O>8EY$jD?_)!V*MfCBqV;+s_9!>$_fnl26jqD`j{^J9D}99=fS`u3wT7zm zvet~QG1Xwj-XopE-N6}Hwlu;AI~SPAz*UG**8=ymx$yb0^98!hpyMl$zMJ_~1%-!K z5g-X5we_eP7qeIiv`*sQ@QJjaz)s_8Pt1=KOSWQ^2W>&N0?G{!;87+#G3q>t+7N{t zQ6Bn6^SE)Hh2q9_e`75c-z~8=NEqd&Tlmov>%-``^n3g2d#DZ0yE`KI+?W|vbD-y0 zsxRRZ=9@@MI{c?zkTSuk&FkY_QjV?lX(2MMr)@|04@TxGj4F)@-cb!7!_*RY$0^0? z_Y@0dCmWorp+KgN8qKulnaM$4{9C)DWFSewW&9m`TkvfxY9_c=W1GJmnM26O)(F!L zl1>^%Sab=+)CkE*X^ZjFl;gYepIgC$TCZW?fR49M*Rn&mxlrlh{*d0w*ZTsKv%icqU`Dr)UxXYdb3WUn7E-yg6y z56Dde(e(r2bpz(c0e8bd?Rx{^cLvP$1Md3+MOCoqn1pk&PELasxSZ6tyvvNi)}m0k zbl4djiJ4sA^Mr&h!)#~qy@H4hCRONfuS}-HFM53quGbZ1P z_Yx~Hd7Tu-Fm9zZ4ypy0`Fr^oHLd?cJVtukTJY`mQ?6|v*SC+iF@hBe1(sPCUOfu# zOU#XBSy#5#l+0Bnxt?+%2vj!#-%u(>;pI2v9AXVN=+zmnE(T9855Y0TjaC#Q0Ws|rj~<=U-`tZbUzu) z4V8j<*)t>!AR^S@anu`UHaO~x+tXC>*dMZ)lYe(-3g6?CH82QXGkMydLOBkgnK;dy z$h4|RNqy3oAdB4L1Xp^hkwLU7@Rr2nxrF01L@X%CJFrA@M%I0nonkvg-!lZfL7Gm& zFDfoW=ddNGf59-UfzJ9Dlc^SYGx{%>cx|R*O-9yczU22<=dm9yN$_>Uad>wZHT83Q zbAx6m9K<%${@%lPZQ6`+xRdN(s3+;|2H>=*Pgk%qu6{)T2dA_p6cT59+-TSRtCytprld)`lr@2E!*#jhmx`wU@`dL1nW4m0le`aJX@ zhu{)FN;@++gOLm2YlyRqknjt8vXL2u)I^Z##wv|&gCM*kjG0(yMh8`4n<#(-i!qDY zsxbK)jG9#|gM+1Nj;jdYA1au?p{Vt_ z8kDf|&{U~?*5<=+PkC^9C(Q-#A`G0rP18wcQZNLC>kaMWd5P9s!>!Gn2Jwwef zDLgFUqX-cGa)Tu1FE2y-;D>s7ALCLl$6E6x&$dfzNYY)B15x6^A_!!LItmR$DOxZn z?6D0MO2u4oBvXh5v>%N#V)h9Y%#K>T>}JGa>&*RH!^&S-==RX2{8laRziI#unAvI2 z*x=~?&c}kw|5?I+h+Ww%o!M;j_%guq*%S&jq?fp4)0e3rtTHnh04nmZjs4r41i2>W z5XpxoA~10e-t0TjvdAs-niZw;Il5do4p*Bm5ua~x?|fDrIG%P$n?@+@=;yNx&VXWG zOvnx>JcACF>OAKeuub3*yZ#SF?&67+qY<`^JRt5tLSo|!Y2hb>3v8{e#Ex?EB3?uT z(1}}7Nb5sDR3!sQg3xe_B4&Y-GBR$h$O9saB2XvF6DBlG#sifG;dM(Q7G+^@qluQA z4^9I?;Fvm`VcuBp4tP*2SG`;MfQ24uMl=$P3saIfGq}S<|1KZnRX#2sqi7pOSwG(z z%#hv$tgjLiP*STCdYqC8JJW-1ew~r^n%A9a(_3!(R<HBqL=M7&jHJ_kGYurt>EX@t#4t~Jul^~w zSQP9S9Vq|7oj)(1VRAL(OrJm6zM7@$bY05B{H!plMHJj(8X4j~vO@kX9n*f%zQn_c zyj$KrF^Eq`%Vc-{x|{5p-uGsaUG*|XyrXQFUUz~-3yBUC;#g)+TzIZTV?@DvA6$Cn z^-BM_k_T%jl%Iv0nO-=NMk3>2N#FZ^Os5)dN4QvLdgUEtkm!|9i{PnCuOt&?26kAH zErb$X>6M3>Xlt5o7{;|@dgVPLyXcjyN=#(DEaQucHo-+EdIxqu4YYmV#O2qR=tJ@m zE(gfc%fX9J>*X9ZTiajxh=~sNF=--S7Gj+zu727?$BK_dlM__{N$+4>t29t(FI89Y zf{9M2X&v;~YH*jXk%Chjy>xL@T5Xld3jK$P&Jj6Z!37~>64ceClmf&i2pYqI9$l)` zjQ=i2U`MOPHLTfs`h=natbTw3w4X#5%SmVeN5(w5ZRbT~r%1Qy-fs-fve9)ySSthJ zgd4HSs>!Q;@A*KO4habBawDGf^Op%Idn5O4SB7f`m}Y`)GiU;%!KWG1Sxs{$jF`X; zHu7PKO2PJ&xK^4RLW3Di1<_<}XAAAbIwTGrh|r<(7_q`?V@dE$(1|9A{JwJ|nGD|=_?v5dLF)7Rg{x7@p>u$kn zk|^uus(M(b$T`r-f9(Sn8Qy3xpJX(xHlgl0Qs{|>%F3v3i$M>1cO`F>UHSD0BS-45 zOF`>uDLa}eViU}qZK$`*uXC`u6GE7%cxW;gre>LNMAU2ZNXh-U5FJc@tGTn}e(2{K z)6Pz2Zzh;p6IBgcy0IqN@P{?xoUW~z+iM-VCZCIa22>nryBj+AMg#GdRkdX5x@Y}&8)-ps{hn!mPtQwTg_i3;W`AA! zdl(J1&)0}Vy>14E2o+B82$&^o%itn&_)RTJ!117azc~(zD*9qG`Xa(`FO!7tys&^Y z&h1Q6%aA^VwV)#t^{S!?+?(HHxzQFrUxL}rVsbu%v^oT2XE8lQr3jDtVqHJ-AC27| z3+!T&aj?HMR5*=#c1PLT4cuHSonG&ZG=y^70x;GSTx;R&_to6pEQl6k1S5Tpp2;b4 zYHU^yKno6+g4;ON-CU!L86+Usc3yD5O>Q!Bi;*9wNPi13SkZhyroc1Q7Q_;?C}7sg zv{Ui;lOrfx1;C}_YT>E)eRW(1^!eatHu)b~k{h{OZ+H)MUPGuxTs1>7mc~3y-1DK(5T3;v zBa8bD7@zHCcl6cFJW3=fmBT-km>E%1t)|dQ^@|kEh)x+%h1!ll>2&PxtM}f{4fZ2L!-vS477STQiCjOuwHq)#(dRfFtv9m@aO}!4vqo%xHmA46Cc+xvsU-B z#^mTI27`a_3YZ$rLcv!jR3{KJK=B`qOp9R7Bl zt4}Id08{vmXOVmlz_V^?LzQeHbBK$?E~0@wydwmk`3>z+aMt8lWp>Pfvi{7C zHFE=n;q9tg{L7jbm(szgb5WnRfbB9xKy7wG`yQPs4a`#1%EuvPP8`m1O#FoM63t0c z6ZQs@14vBEB!uu#w3V!7%qj#t7E6@dsqhd*sb{#+g^Uezb}!)5g&9CLEx()GC8@XC7>w&xEz2!asZ=Z87oW|p?O`Nz^5^L9m4f4D=GO1Mc8;Kti?A1hZ52=`ZX-rB4ShP`Z#s zBQc>D{!Ba=bd_qRagGEw%=i;|^DLFxM)1&j<&5kn2vCj1v}UY;qNPFJ??mtQKu7r{ zv_))*I=&nqRem;DFH#2tA-TEWTqRqqV~;jtR`aqNP82BgDWw#yHT4+YsX_pSt=d+Z z|MIWWy$&O0YhS9K?-qO;x0E*>&oske8@JV46HiF!8iod5Er*|%fJ!*PT3*vux_cP1 zK5#cEK_^I|u0=>rg*(jxEU?3xT86@V%xp|)H}5E3%L)4eNJtXcopxJeWv#9GeYA!b zZGAp?0y}}C175$VpV&IGS{Ou>Di0QeUix-Jyd8vI-5_;VG?ZR%S%-n?G$9%+^g;n) zh9~Ssfh&Z@lgjGF|Ne~V6gr}n<@yV&J9g%U$;6mw^X3f;IR70^CZF+k{LWsNivmNxE5Y11(8iCl0$9x5KI^Un06 zazWtS44>7squ<{mn%vY{Z-Nb|B4DJ8yR`>sl2;+DGr_?D)y&vtJTn|?HYr5YtLTe* z-_bEe%D%iU<`!Tm>N+el?1=Jpv3i0)3RpkCC}`wpkESu;e5z;wM<$c>LmhLuOhUw{ zVs%{L#;CSr&;l4MVZ<7Uwm*=#B!(V^zmo0>X(hzl`$GSk7$esj>v(^8Z0>b=ilYtO*dX{f1Gj00wH+aW0rtaSU{!7Da@inzuUhz z_*mKvXGMDWKzi7}Ow1#wY=gI@KR_Nc=h<}`S)cj%y3AOx{}x*(i|1iJ{jJ$LT)ZM! zMMF8DGK#Jzgg3sS;iCRSMBXIZgi-wO<_QTug-5u6HDo(8Jzwvs%3ctQp?tNrmsuf= zT2nq`R+!yoVZPZ@me29GJ#rs1pO;d;94)u|wLWJ)-{`GJwf~bZOefdj2aSPnARJ3U zOaWVMJXH3=qeOPFH-@LjG@6vgmXp8X-R5%vx)Fj=8Uv~knAEyhb_02EUNhL$)YOX%~r{x3@d8hVcyxX zRc|faqn~6Qc=e~`lYru<w0!zN^^stqNW$qceinQnj7douE`3H_hV{}F17xEHMO=X{@EfvU zf`fhH#O8%=l5sJVO8Jvb^4q!W7D<|lN@bxi0t{Dcx;YV2h?WzqZE zhIn%SVSs9zdgX*^-r*SKSF}telFn;S(lkFMqz`+Z^l8tH>VA)h9nRD@PQ8r%tDBjb zavS)Dx9VFI4$QTfGanaUcQD>5|Y8s_9W z=7by#=9Z;xZ*d{ItJ!yN8o^J*jDi!St2Q}1ATb(iN1P?Dp(xW-0M-ou&4CYX>n6cx zn3*a05Yi2@tDlRmiP-@q6;>RZX`^J=M#<7vA*kpUm9{DZFG+BtWI$B-mqsYuxcPVd zNmFj#G%r6=grQ#ZsQJ^V`^TvKeUyH4&y9w^88v?#b$=K|;<~?C1RfT81Txt8J^qyN zG-w(u;w&n9k$Q8TYAR45PzDAC(^vD@LXlFBEhQh*?J_0YNtkQ_f%WpybsA7h#?R!w zZym8>9ziBvHg3P{1PBxWfiSqt101Am7@zAsn}5|`HRZlduliUM^Npcyl{s|G9W_R9 zMES1QybdsU3^4FfD1U7B{Yk4!@p@RB^gY$e(P`;M<>x^iHXWHpwkN|$k)z_AM~ta+ zfnek3V(QWt{L+)VN-tL~?(cfnZF)p-`YtRoe7d&N(KM{Ep)@*((@(}k-&e;4g zzeVqeO~a&<1ahGbn^*e*J_5Cadg3c5*;CCl8l^NzF{#)wi7119fJz(JYo)I=(wsfP zX^Z${*gBl3q4 z$iz(&T@UJdfzDB21kP*dx#&!%<-^ zDR5IlUfh$Q(3ls~O3;s|H8yBz@N^rQCMmv7ymmLpJYeKO(8b(KU30F|Ax-k6ADifY zBsXtz&9<}cJsH;NhR_1=drSa)ag+2h0q{c};7J*`#UH568GygR$c?J-UQypHpS-;; zS9;?+199$#Iz|=+_&e*0kvCI%)lb_OkQ@-TQrM?F7V16FukCCy?x4-1z>r4)O=Dj# z{Vzp{6&MD_>Qdou$l@GT?XW_C5bF$JB5Y-q?h7?}b;a9F~aq*=c8m@g`=U<7Kz zQh#u@jlXW>5@Wt*x7A`g0#m`vt zlneh8og^fc;;m++Fb4`x5?r&t=ReJXT|;OZqa&LD@`D~AHS`$&=@gothmPxSO3Srz z5*m&H)P_K0I!94C_rHjw;69%Kh8W{o*s~|!0LkY)kVM+~*lPhf&{U;=mG(!sil78` zQ9l5QYt@y1Z)vN5!QeMmNJcQ`1m8&h5o?YlddR~CsSsH$O{-x_=9f0D-F{+SPOIA! zi7VA$2hP)=n#dmOB06$td<1n7eC|0Ry(GVBw{NW!!JkwT_hKI;Q;BgBBb^8;5nYh_ zd1WwLj5g^-w%JTQJdvVjZQyY|xz8WO94=UYxpe~Qp<>7iX;6|cf4~5SR^*=Xc ze?Ju7Un~7}!f<CU&<&qY1s5vO>zFD3;4g69un! z6-7=TPwp$%V6k=Np^}Zun^k2+FbG(Y2cka0g?dS)}94DJj>B&7oh?p<2QNm&XF~Jq5PtW|P@ZDQq_}@&^A+3At5Bz% zK?52PF8bXN1=_s85A*2>W9&**m6_3Qggp&qx0&fUsbG0Zy_D%Fz3G`8I4MMaz)H7P zO1Ju=LRvd}L9Z`(8e=RxJ~88=Y|vSq%J4DBA`_K(P8O@?<5B!TC=Z3^-catNF?`GY zxFtVp$xmC*lZV6T{t$WsY240}!`ScfLP91XjYwlk=F?@>B~2EU!F`%gBgA5}zA2QO zbulm7{Jh*$kxSHIdMTCbbt#>@j?QgK?C!6Weq4ds=KcE3#Qew?r6!wJPFF1yu>Tubt~ar57hFLjxgH1y<={3(W>wsSzpq4zAZb!jPucWwul z`Psr6jfhX0Bsj)a@H&l_wobnn(G@j88)VQ%ffZZjbFm`CD@z;SRF+F1 zb!`T7oi@%mck^fRxAQlhNkYLx1LocV_t1d-@jwaVGXL%>_uX5Dya6tx3Z@h=k9wpL zHQEw#j?z9|2PT4NrhLi!zwm5`CLcrhC{38_Ns3f=@Pt6NR^V*MAMvSl&`VVGWKoBQ zm}^-s53-j>az$k539`Aj{b^ZlX}<%=`v7lCHSyRzRW3bK21In+Z&Be@;ky%ZJp}Zo z`pV>h6Wfsj4N_ubohnLQevj>d&jr6ve^-5FqJ>VXQl++rn*Tlh{3Z?8+COPCN;RN3 zn4ro!Q@3z4zva+WwqTHdMjoe$5`-$L{2a58L9v{|BQI0Qj%!+Sn*L_wyp~*`zg*aoi}m=8mRzRC%Uj_!6e}}V6-18$cl}u$-VgC| z_hv@$?dsKAe-E#$~DJP)D^TH&?9h5gr(JW=BGUzFsxY0ASNN^WJj z_@|QAYbViQz#LbxQ1;_0a%_d7efrxS+2RHYYgCI5REpmymWUVdtFAFaI0n2U>p%#@ zAfEPFL|F0X#9ahkRbiU9f;FR0YItm7U$TW5m{b^i`9>KwA5KNF?Q(>_3*gf5$Xb?q zdU0o&B8ZMHBzU&i(cR|d70sq3CxW7P!N(%fi>dRvEZj3%me7;n6q1B#07J5`38{B| zy6Rru-NoQEBq0e#BHZmq8)1K}h6qO|a?a#^9QO%>nbDC(P$k$OVH~Bq2`1ij9~_I& z=8ts-81XSkt3gT4Od2q-Ul|{Kw4A@D1H;_oZ@4J>hsa+=*vE+Wxs@h5SZ}E@Fa#Sg zdwPEuWzJ!NXb%{;(|}y%5KF2ABII_8ChjY}cAm_ogcudCa?2tLTfQjVSJ;0|EcFSs zuoAhA#L3Y0?M2D`6}bUa)wW^kzvfvn28PZ}&rX|6J^o68%zd%c}WX>XmF-|50hv`nILyK#$PI@5@@xYI1I5F2y`qKD#VpOZE(x z)%SGEmhV|!mJQw=Ju33B8hMzp2SgTwb-dF}B3Em!bB@1752c^J!^+xgB>V}FRvM)l zY9S(~Hv0Vm_($!dvJAo~nQBtDOe33qr;rFS+4epuk25L{=yRErg}nM3RZD}+0oB|L zK7{0{Rl0!3hOJSP6}^%*=PJSm>^Y=iZ<AX5!KmQ7b`nO4J2*D7qURg>4Q5-Oiv zMbNvji{*=U&{7p$pY&Dc(tgQ5>LB~y{y_(s2#uV4^zxzlJ{{nvLYP7wIoyQFBCKWj z13Ei^oXAZ4vF&^<7KqX=6AKo;Y{8oC_paiCNIr`f@U!U(EMUM4<%{N%ejJ~&9GU-5 zd5HOR`9Bmi_v?k6g>1RylW?h|$43)0yiMLLy6uKn`5h_gcrPKciXM4+FVVJuIk~gD`FGykkTi0qh~HP?C1^iy z%e@0itmNbi@I9OAsu5vvge;I5>4QCpp{0JImc{?SyuAsWTvfH`efDsMIyHB7byrW- z^N@7X0YV62hJ<-WL=# zw&}fM!Zrm9t-91#7mMKAT&UFfN-y>GN#J`562O33BHj~jJ>iL|r4Vm$mr1F(;~X7j zg(?XwuTlhnhVA{j+d~s&TBT+CZ3sW7Hii!A<`LvZx<5>Jej+sXcUD+aXEXvbLua#j_zcBhX!=8@1+324e7A&_JeItS1jQW{z zDdnY6A-kbuzE>DmSYphI;f#{-t{BNPQwLd)rfuPKa0iaDB$O_OjNoXQ+2R;HPfZqL zzNsq9$V!z<-h7j}&QrT?PLn@Yd#s(iK4*I(LW?np;70!&ePbj%~(s8s^idwedrK{X?r`prKW(~5y(AT>mO*dNR}2- z${9wVY1mWBX-1!FkP@6}^eIN4Y}9u!urYb(8A@Ob+B+G<4TDyr8z5LT0B{V6Kq2k} znA)k$+`=@Se;W^ygoTy%c9QHnGvC!@nbwzTvy{vpt|tG~`hBhbiBd?vi_lX5;eGP% zX#F;FdGeMCs&+WjKT;^tc#FZ9DNxqD)h2qAWuA}z11*TTPMiOB-+oo=*KjgsozcS*)?!>lPEsbIVSgBtt_RR<$9UT-y zTtzGmM++--yB(*6I7xw;$%3FGp@T>;#wR-VV}2hKqb!!jto~G{=UcO%P2K_RQg0V~f&mi( zH$GS-8Fd|%V3Csdf(h?;<-3kBk8ArI*G+e6bGKG^X?>@7eh6dCw32#=7o{Y*(=zR_ zU#1>B35i1=Sb{)@9b%JC#Uds# z!hf;Pbf1!lPhzu3mx?v8Gv$|6aSK7lb+|6T7%nJyBPaex@QvBtlSmsdy9FQ!<rANe@7sIv92?a9{VEu)O2MsOJ8H6lbzJE9!c z$ZS%P5O)#U9|j=4V3B}S&E3}KCpx&EYj~NQ=3nf}n1@APtajs#SqL_80)x$(L z>6FEl^!j{;;p4O#^Grhi1pc0^y}Cpk99$JG4t(#J2*1o(Bz{HUWKh1~rXrRe(C`26 z&Rf!Ncc$MhZEm(`+2lsoZPv0m5V2YFZnZs&q(A9kLsW`mjR>F090d(k)9aS>x;Z@- z#_Wt(BqVTmN)se3c7d`G=3Qfor;DpNm|W;?{Bq3jq)P_OFc zsb)>Hx}zC5Tjg%NI92iFc5Xzsxf{<j(| zg?ZXOG3wGEh#@bs$3JZ%$@HCIOaJlYRUB3~_1fL4^*&)J8rb0ygftkH5P5EsTLh#R zF#DDm!PsAIVvD(-aH-TBmN4~S9gVnhU$Q;XmeNO2F695$ZYPakE?!6w0m2II2$&ErtX}~*(jokNu@C} zwFNOj%NAzymMzWnmaWW;maWaqmTk71eWWBDFG#lI>iK^Z2L61 zERNPk3CEY-JGR5K*=v>lZ^@xbs0val*etTMt5oMxB*XKD!EUe(!nJggK}M(?0aFq2 zuyP33LGEm;<9MNtkPR=?O>SQ}MZO{!qm!YMwIItIA~7Js>5_=MgvNmi z3-i>(R-ky+`7z?$aK~^bhwW~pA``dj9kav)U4Kc$_vr!2w2yTcyHZrqvasPb@;&U|0H_;EsmoQXNn z@`=PMOJE8ihMc_Yy8^cJx0TN`Uh-XrZo*gn9;x>>(X1x-D9P9~%?YO(y2M#d%^MTxUrETfK+@Yn9(Py}3NpF<4%WT{2*%APe=E&Q%JLypIL&?*jbmk-~ z2{FbomdS3EEDW8jT_2f0iXqDH;BVjV+5CV{kTy3M&5(6|C&rY-SS$6JUb?OHo;Lp= z%!{@nYGqZaPxR->5SRLNFO@F6q4n!TdvhNz97X5ktt;x^Vf6JpxPVR)R7f%p2xPN4 z)FxRyszkP0B6F`rcoq3|;mDY3iEWdMPP|HWtW+(lH+_)geJjyZDg(GteuSS&A=0r)8?)0w%&qv@y26Mpe`L^n&v3uczD zz*NT)$4JuDN*6MXqn&slEtBjCz(}|bH_Ek=%jmnoTFg1^uhm#U=twoS!yV1kHq=-h zM@2C7hL}?sjs%T4N*_5JlxfENsb3}sia9pp-)~L`ju#Gh#63_`{V_Xrd+#lUL>TKi zl8k`!$VdUUVX2I?9w7=mWj~w?>JT9=lIf`(zgyJqoE<_g4QyQS&42;&aZb{Q#2*2g zKN7vsB;@(>Hv4*$I*-(YQ(%yfh>4P~4~yPuJo{UddZ$TW(WbsP1p?6=b;9?Pq*wKc z`HdAi?;~f+J{;Lh@SwhCA<61tLS7s@%mC zaV4*xkz8y>L;Cm)!aw=Zb_x!u{+;AvM8Waa&q*$}R#jg6c5*SG3Q-5IZ=rPe_mf*& zl2%dMZE@;rb{kHd9IblH>Zgcg?^=%$F2cn&JBR4CHaOXFJhb~e&E}e^>L*hnE=FHB zm60;15^){|Aol42k@XN44c#G`h$f+rYw$2lGNVBf5o`pF(rb_vgAVihU{-7;c#e@Y ztPjBA4KqwT8MCq zNgzgS{1BNul7>il9cOyT3)!|3-IVXZ^+)2GX_8s1CRw8BavzHs(Ns3U6aqJrhEAEv zmupmBW!mn?*S8}>;Ik27dX(xiJtPV3p=Z0cmx(XxSbxWocQ!sKBz{W-Q7(*cms8ZL zopL+2csHP_(!KdUWG6^;On=w|N)lu-Q(-D6QI<-eK`3t?A%EyF)K1;$@3T8ry*uUi zo9DMMOxl9c)5FbD>b*6;hZs#k%FZ46eHXu%ki6^c@61}lK-d~sBN)?DEB`+ot7$oM zG#E?c!Eh(`bn2d_;LTC}`Y7^9Iuaepnhkef9TnNQWTp#NZ@ByNDEN#KMfJ66!`&B0 z#iD?uZgFtihP%&?%Ce3;bh+Tx4R@a%m8i{VTnoX?8}9yT)QGAiAC-ceHr)N=s30(f z{a|pzhP!J=WkIWmQX5>q;qFtT&a$u)wFK8~xcmE2jECWvqgrt7hP%HTHCQgF)~G$W zX2adzjwbeqQD<<~hP%HR6*Z6Qi0aXb4R;?Im2`xvtMulm`SU2!uExCXWnSY|_kX?B zaAA~X1dt<%5Y878QWMR6joTuouP_0{0J_3rS!^sTgs+i!y%pw;h~z7nNe4s(tU$u> zn(nBOFfoA3tn``QU_kd*hRk3vqK7M!!9!E@sDnMUDiu}%5~;qzDj*Ed})wIR{J!&yihZ^PulV)_&infM2KCh!{JO$w-ds@poalsz=rm z(%!;J>@9#Gx(-9;;=@Ux8f@~;60uWcUsW301%egBijdnK1`zE81QBi>6Evw%jtbcw zP4c_gWlj(H)oTzo20~1ZIY^j`*jvIki;0tsY8B4ODe~=!FiAxU?I+U*qQJI*nDAOJ z1Vzfi4LMD}tvP8FXppJV4L#$NRhj3|e4dD!8;c&P8scF_N3{2OCr%?2uT$Sz}njgM>h=1eDo_+ zXsywYo1{Xgafe(t=%A$FMO;ZS%RsZPh`(W~{(&NH;vMOb*Dzn&@a1=tFaOr+hY(at zQ|Cj+0hQN73XG{|@n*eElpu(a*zJ(|sL-*4HrCocQ&tcu%_LIU+u7`1+gNdlzd9V`O`RTk?Rww$+y zr%rSEPpjq=&zMZn>NKpYA^ZtoVKL)m>;P9c`b_Qy$hCb7wW@-~#h5VX+30}!{xQ*& zsqSBG{cR{GYk)ykH5??pJ1GW30h^%A=zDKbhP5w^T9O{GAq0~&^49ctZ+d(@JwBHn-%5}3;f&<{vxIrF zzISnYyedwogj@8Mswh(i5?lZFF6JTViS+7XF1+sF$ zHIN1W=Y|+(E54%toTpx&I9Y6FBl^cDx1{4x)+-pPb-)0gGz%L&gBdS{kE*4&{XkL133+lRplv+?X7n068nam3MvO;}1F}NwCOc~sfGQ`$4 zDMQZ2%aBYAQU>O%t_)aC(H+nqJazMH2~_QT{tld{)wl#YK5`KpwC7O|&XJMSr} z2TD>_Nj+9d+PRcx`u0+NH74Jox1vH>+>x?M>MaD&^rbr+FN>$HEP@BRvT*E?cD^RD z{3vUMWKoi7@TanRp-fpXm(?3(DJ%4D<(d9{x&9=!!lAdO8PMVmWu4lj&TMjJxwA%D zPxDmDdZjrj>)rIYu$o+-i{qS>xr}RR?{(?%?AEjnziL(wH&X}a7?jjuInVSjo9lOC znHhT5v|8^v?ofxnG^=+IsMB6|)~Lh%Je4{;)|!<0OnQ8iqm((nmK@JYj~A!Mt2j#k z+?-zDogN=ckI$sXH`C+1w&Xi!a+Kd)m>vn$=&o-{k9VfWN7Lie>G2H&mNE|WJJPn_ zQd6sHwEd2nqHNdyXY)+|v{t{K*w~?WVTbjWaEG@4v8JA@xwgBrM%!=ZskD7fM^d+k z)8o4I_*!~=uOlgYSyx*2Q|;>McFKOXUA@$vlzjuw^l#ehkF`tLw{=->HFqfcqz<)E z@&+MMle0$IPx4gCey%Gi`>pgizn=DYdb~J2UX>niX3;GD;4pL6(cCBMDfs`OQ=Qj| zmBx=c)e;hOO`y5xP+XZcEBgm?J5rm=fHY z_YUtyTK&9J-PY-vGm4Zc^ta|M>P{MeA%Z1o z3>2r&Q5;GXUP9WH^B&_ZH`Tt^rOxi6T|ewn7j{Xz((;6tXtawm`;+p7pOEI|ychU@ zKBcR^uuGcvMz{6e;tq}YS(m!G%QeECH5zedPg1S(dXh0%o*u97Nvin*&mEq*q^_3N zsnC^mbxl3#=y!Rh&#%`ns7qP%dtp?2U0HY4)%~z*jK4c;l(mGXGX5)ild^8=P0DzM z`>u@3y48wq%DB2)UDutI@jlP=Mcws_yQPei`(U;ETp9OuE7D#_8Sbo6#xkBt8P^~s zk-2+y1SRM?(0<#^(O7PkZ1aq-ukV*Qr5Bo>s`Se z%6hR^z1Hj6&qeb^k!}?I#8j-0=cOY2VxFalv46y=X9bZwc3ea~wey*dlJ{ zP)eR2>{pNWQ?1|jt0()VTI1XdtJieS2(RT>bo3uWr3JbQ-W7a8-_>8gyI*R5?U41Z z=MJ_1YrlH8-__ooHERC=Po?&cqtg?hf4@_15{zb6W&Klpofv58ARfO!5Z?EIpQQz|i)y0E+`;tMmd@%X;oAT}N z57rkA%D3O;+wUjeUOA}N47zW-v&Og28%e&sbR_B3Yt!RxV&MUGdYb31tRD@jB}0^T z>5#f&C@JeLp6MS9)z2Q1vfdl9-n>b!9k&muJBM6Z?yOPP1w56d)v`%RS=XhU0FiaU24XdTYNg1#4OrJ4aKXX{hczcrd-c8E5WmwT4GArC!ql~jBCuLkbIVt0+ z^!OC1kqv)sm^nm?Ot_V}I+^q|AHM`4e<{ zA>=#GXYoo4gch)F-HBY7N`^SkcDmtl{$TEq`xHQ{IOaY zl9^MlB;1K@B7e!H$~$vwq%61k!TH1JStRK5dBdhTgAgf~llYYKN7yuk2aoxs-}w4* zzw}#QKS8QZJVenTOSPym{2c0d%#~2^h!zb#JlRA(M1wr9L!ToQ1!)aB7}N_Ct+5e& zIU*LKXWxpvYmxm|{*Ql!emj74idpditCkPD?$4i2;qp-eg%jf$W76a`KmWx|+&|%i z_eo4A;fTNVe|dkwW;NY$^$a&`22lW>z5lPbW+D~SNty8vHKVNkpRYyhKk@w!yO!X< zvZZh(c_uK&jO>-fVhpxN(%pyY@b*Zt`?5h{dnDAoM7iD`>2q%-ASH2B8*H5dB*KCe z6JgFyC^4~l-AC^$kWoNid8QG0-LN^+=rcs+$y1iQ>C^1HsCM)}#84rRK&8l+=Be65 zHLpl?MEWVJ&s&YU#RRt+dkbt3&bJZ+&}rW{yoAi73=3wD^p6q)1F6a036zQ%LsA!7 z_#KnfN6ZWO4DE-x5^DomQc7Eb%vYl9`?Lf7b>>_Xo@4xTjXnp>ISO?n#u*!4NV~w_ z(HCKHqYGHp%TKk)Xot(_k~Uh7ITmBwo2`#mNYM^&{ooqkTxca{ymXZ^FR{+`7;f<%mXR-f|OO62yN64_=#E}}&v zW;}lFhH4NVV_4;t$d1fshF(kY=1nB1?2$aX0D^$1_f5oKG@HL*CD zhQ`tkN#;o8^IBI+YBq@w#jS9*-hop165pGx=TJ&$IFd(APuX7`V5!HHkE%o5@i29` zJ07j(5`Y&7K}o$@1-C18r}BR({z#?!2xnoA4aJVPK?1}|L#$*YAQ-(Bk@mrz)LK%h zppMs@Q}__qWMJdDXvHBeyobvpM@eNbw(q{4#8FzispDq+o`hAh6myYlp^zCAPC462 z<7b*&)PtLGzur~%5^17C_mFg|Me-80v+u~)*>~sr*!Sm$rcI5|0nr9=5`GtQb_Zfw zx?Ak0OKL!rmcecQ+CZ%f@@q+He%zBt6F`m|j~P8j@4Frog9GVFv~KQ*?o5v2g$q9b zn1g9#S}}fwLEY2ZZF}vEZJ^e5Wop7Firde;*JpXg+ZRj00y1zXD z!@2|Z{gnN*zrS(khob0{hypsoeD{~p(NaZ*mC|tlHa`P)7#*>GV8fyX#s~dy$sST3 zwEL04V=zn---1Ia{y+x!K)prOu3+Sk6mG7J3#o!Cyz9thGk1GvQhc^N(Ajz1OfGYJ4xjh#O{? zn?)ODMp+kH3DS|5KpiqO&`75_Xr{v=@BU-Ah;G? zOkxe~ufmvbrBg4+RPbnlPgQ9ErHoDlKE(^3&Jh>3EQaZXz*sYqHW ztHrs!IS4mqHc-vr0exx@FKYRc{`Z{s6>-j#^%t2Cw=&WWBE$p21<0?*P zOVqw@=$a&z>Sw;;A>UbZz=6)upRTSKn&yz zz(eQ?W>OJ{q{BODCQu|Kly&O@KA=xk3L}3Ol;!p1_Z@ww<|*g#z8qrI=>!K%^J zsKBB4W|Vk;W4fFv<+6H`?k;xZ1~YMKq=?0;01e9>usB&cu*CAsGGUF54SHdM7%L|E zR179%+1^MOF)WUFb3fzV%R`z$Fmu{9FHryRU2xTT8`asI6sQH#rti|$6u)#*!(ldI ziNGr$6HY-T7|+^~QPDoBN*fZWZvCropR`KRp3lcMZ@8+{pJR1@v|x z!5^~0j-;2x=a#=Y5|WGGIbIq6Nh|o4pcMG-k{fLnI9dSnHEb}jBP zBEcX{w&1gFeHmVO6l%%0R6OUR3T-a{Gt1J0$z(lP4o91KP7J zB=Z=hN&N{SQp&jr1#bcZ5YJ2QE7H2qDxUHpvs~~m&hjK+6Vq`XL6ES*#40`M7gd6y zvARY(2`0dbJZk9-c9F<7C)g=g7XtMx7Sai1{lkYPU89KmZAjrl9+nG1FA0Pd9N@bO zIN)C)h#J)zg*T>4k5(%LlU%J!Op%jP3*7-2L^&ckkq` zA`tNScf*^Mz7d0Xb+1;xh0O_Aryx~WM$T^&o7H0Y>hKRyp#`S^{u@BM=>ygNfAnPh zJ4|8wG{6o{mFoXP=4Of;YOj#sOr50E5=0*#-bFV_3=4rE>9xy5kF-CavNf9+Y;@Z7~gaN3!pY+$0J#! zZhn~zfUIMhtHu7Nur=4-)|P1>ZY#GBQEs_&kZq@q*3JV-=RFuyyUO)aSFK)g8Lolh z^I<~&LQHL{-G^MDi`pY#z}j1;W)t)V#9>%Akm5CvAZ&ruULe|E-Q7rdwGKm1U3^>@qe3fRuExdD?M%nwC_ z{*Z67GxCIx^|$h;#e@fA>xi*iXR~(i%uZ^@cqdf~swrD9hAGd9kdxV8ASzFt>FFDW zoacRXUKW}(on+1t@!U#rp0$&YpdiLbDF%lUjS#lehnW{r3+X@DdxE+Z>77Bx;0mYr zm~yP%Y02SM4rOodHnW2{KHC~U?!Paa0}lSx(hZE;?~qaFCdwuFgO^(YCJRk1Mv?u zuR>8pe7F%pC_97zrF>bQCg|c#5g^M%T}bpN;h%#4VDf$3O+1;DS-pYcv1$@Fk7R>> z926N*!49lX1VfPIs1FOk7+i(Wg_393E`qU;x=r;Ii>2MwpR zp{0rZ&4v($sJg0U5b+)@F1qJ}Etz}BdPxrcQ?s7oF$b;3!Ef%_*1Hx{ZU!ugT9YtA z%`X}Cq6wZPd>cpo2cw>%kFYYPEWy-Js{$4b#1KS`n{#dfaBw2zfN0^RNx@_afUC|q z84Z&}IBi;2fcqqFJ#EcNd)XkYA}G}bKwmY52$OSc;sXzVA#+TV+KM|9d>OJIfeuoxdq zWB8Ep4yOSU0!?5+YU}#Q9f_hL%(Gz9PT!DY7yd{Ds_94ySGmrdY~0#G|Bw5ZSzv%) zmMf5++STs1TY5a(cu&j7GrNsnZUF=MaQQ{3ACpuVBJq6Ut_bO|DpE14^`FySNgv)N z5OoW0B>+=<4ofLUMBQXfoj#eVb^{Q=9_i~pQThz!pQY5P%APJr6FyLu=!}yPeXdG! zH3LVUPx;5FBkkM?@6;;Cn$M{18*k=Sc60N2^<7r(^pRuQo6olD2Ubnkv$9?!1Ad&D zZaRrl*kM+Wk9Og8rQT4Aee#<(s4D;62;YlODQ>hK>Jh~93Y+XtnNO?J$A3x&w)Djb zOoc=eBhFRw0UKO{L642EvHI%t+%!6eCy$PQ3Uu{|QjeuSTWW13T@;-N%=}S|#AmV9 z+4|XJy&>t{gezbrCoFg=Nvc8o=sfFdn{Cf^W!nl_zcnBzT3F$1EXevT1ivHQL(mo% z!UOG5Ru|m@8T3O!;WzlqF~WT#PNjPZ6$*a#GjN@Z245k1V}3UloKX4VCz^yrH>Z5uB>wLb>jsY>yrsijKj7LY%nNfxR*8byhO%FMbSti=S?)O`*6tU}&+aI%1 zSG>7TD(`02l7f|xso*8y=0p*d*gwZ-NS;+5T>hKB54)D2ybtpB0`AXAcE$9$P}2mW zpA-3^e10~tCu?3&f(cxP;AjwA1;)pcW{f;E(cWqsc{`@Q5AtYGhz0&>Ku&0aK1f~4 z-Z9CP9bkmSEqinCul@o& zWm3nL$qc(Wy|%<0yjU`T&RPrydsLK1M%Bf7l|^=&&b1CS8S-LOEm;K1=|pIwGh{=u zO!y9wjDYfzNzuwkAo&*AtIlGMQI1-5S$-#xST#dEtoM@INQ)E~18QF}Qt|Oua&kJ6G(;KlvLaasZHwL9tq_d< zEHsQs&7KT{zeura)b#OAXQ>s3VF*!#37euJ$Q>zQPIZC%uUURfV|MqR(F44sVl0y1> z83rLzWrW03GpV@m&e@0F+2SH8e~3>@VSvmQsH>oY6elFX0bT0_2XwlqHwtJ?3AV1oGG(EIX605&#fQ5JMGVpf!}B1gu9uGz7DJc9#Kvp z0Yb~~=BVAlW0-dT@Jtxaq3h6y^uY#S=IyWPuOoLw z1Wd~2&$qIG6!AP7w9T%D8%sPUwM;SL%rx>|Xpk&< z5Ldu`)=-7DK{5kWqD*j1Ts22JFR#_;lpgNpLq%KtDxN_3f`DJQ-PR+~b z)}ttD&WMBmoKbD~l-+eS?c!;^DfrmFF>>ECZ&F%%x#RlP)Yl&QqL*v_UiWxdPVm< z4jlT=JL+!-G~99$RgMl}TFgMOW88j%;*6}v}u+p z!=W}*l!pke!WJ~xvs~J)=%eF^PEx@FRlY)PcexmXN_PwW>rriv+5iI)ELf*hLukuE zw0fP{eywOrSn+U<1zWjkloai@3}5?!Y5iFje8f2LW+~_P0(nJ?SVjaV zp-7gfVTY=SW8yD?nt`mro8wy^KE=joEB^;dou~XCDs`dqVfvS<{3W7h?P8)J%wU-d zbN#PBmEoG=hKmT9oQIySz&-bPwz7aur8`eiJ<X7+Nk;GO3(eSU&ntn3?B5MnXspuMCp=L5S1^MBJ02q;c zo}&*~)YzCe+c1AXZ1mZP?qibE6aF6;yIM*`FaCnUwJ)va@Pa`cGNm{lQv_;z0PrC#r zB+iCx`7+k5<(ytf$4m~LI5CD=SINue~#x`qUO5V05_1(0)dP?yA@sCn|62ATY*fC?tUkf?k1G*+o4*|s=~fZ zI%9(#^Hnr4(w&*;7bYT^ohWyudK0@-BEAXTno2in0T7bOOZSPEi7lUG<(rCW-(aKr zq=JabeOD0>Z`FG^smMdFB8a;l2-R<;B0sSDY(8ktvHDzia4PbwiT>a!0`Dfy(VB4M zwucrKytnB?{dZG&SHxeDx!P(L{6f}*>62=UfKXt&AV7m_IDP0$J_0h>5TIW0Tm?2p z3}^+{-HYTVL3Y4tg?M>!+kmLvKjf^N3RJzNzC?kBa>)o;eV^5X@mqG_k5;`w>;v^H zxqibA5HN@9vbsmEU$FzfbJv&BK6QarKeyFYQf<8X-{32-RITas9Hobc)2(H^DQ;Sd z@jwKRU`dpNd{nogW#cTz84lWA5!_3enF;@79tDOf0C21ZgrbPPE_7#*rZ_8SB5hDj zRaAD`mk?P;jT{Lyi*yqVN!yqvuo?vIOo3Gp8z=~Xg;+8b>DrjMI7IZ3Ne{1jA|y4) zAYqah^XRc7_krky__OMZ@fXzB;;*W2#otu(Rs3zG7ApS~QKe~9P3=rz7AYVhoh*u7 zL2_>&3Z<|d(X?feM+7!_Lw+Ml=QC*L4ve@6KQ`W6-fZgijT4LBGK^2a){fW6AFe-6 z#SV=>st%72Q*+~^)o0>k)d}(O>MQ=21!tOk3jdc1RpIS6-V@36 z##NAOU$LI08ebsP#tjlcfeFnorE~X)cUAk4oZ+DOKy_&RF?B@zN%d*}Q?3e<@k>fi zs*rTL6wTBV9af`g-kP+DVmrJ$H!f~#G74=MZ>x5RcUF7EyQ}@;eH8{ujpF`5Ocgzl z?NuZ3upW!2>Mi5xdYgEbCWMfX6%sKfRT7H5FVl-&$ml(jsTD)`rR@pF);RjaM|p+M zsuofJb;cd4FLs|-d|qwoPnQKda}x++=H~SjWJrv+tSdyE`(b@aAUdQwKi3e&Rb)HT zgfDqWd(ROpTYoBZj3sWG{&@Te{gL=!y>Gmq-aXtyMEx*kEJ0fTU4IGDjrPB)zox#L z`I`Dd{6+oQ_&EKk_|y86@e%rC{-Mk#M$AV#XWJEPXHXn5X30*X^QV$zn8C}RAv#>z zNn$oqkI^$`I$JVci7m$wjFTXckFd-`mlq6kodNs;I*rtp3Ha>oXf*_w46mPu0rmA3 z;1XEjR>o9B)^{@0=);)@jqYq5L)8nowS&NjAjO7WWTVYDyYO6=38UUsgnqat8t|@V z)8UfL&&=YCT9TQ)I74KN0w_|DwD7!e4DcbKHM)x%BmN8whAx~8CInMSV+s9rVM zj6&YGGBec__>_)tSnN6s&k0Xy_1<*tK4xF`d(fd&g_fH9sGgFaqWX1>fc+Jwz?EU~ zdIX2Yc`_jzy*$*n60?~8&0#d(jM_--4#`7?#i47F50hUQXPY5fpN(10vK>PeZwb{E zAuHbw-Rou^)#FDEUhZD8Q^2$Z*)S$>)Mt!Uo{$;Ifh~d)5v#MTk)a(##79~^7>I)2 zA6#8769EodYS1Q;n^pI8we{5Lg*L16xl%EkD`26~Poa@*B^RoQpEisNC=1G#101T< z9P`pV(yDxB2h?NE@EFv67%|*BGNO|zd9Orp+2OkAEVDL(p&D5meaI-EHgS|c?*{og z#ENc^uZ{}KBXwD%Zj&kVQ#g75D(vM%8P6y`gmF^vb@Lx|d!Rw#|MelmJQ?SMQF^IQ zb*m9GiGJL|OlQDDl<9+dCx%&`JG@4&#w!7}>~erFR{2SKa()ERmH{p!$^A}LJPT=x zA<)MK#I02)MfzMh$~_o1*e=281cBNxz!?PVj0t*7WTC&5v0V)ovFAi;frvHQboZtP zmzV+{7~IGW?Eg5ZA|dN(YwN6Q%!e|$90EHjKnC*a|MNi3nlOlaM;%1FmLa@1{@X(I8VC+`;7(?3QaRN1DlZdLyQPzEo0PIywhVhkdgXsrZ6v~))SZ#%%d*C>m;N8 z5&5T)5?3%{@JD5yVU!4f^0K5RS3e;Dxw$q9nIIpSxj|be^7l4grX+^5$Mm8GtY9%q zCBUaM^&UJgW1JtDmm~EDoCN8~=cD2qP+3gjUXFKM?3+VP z2CFT#ew3fXx*2I;Iyip^wQiVYNoTe)$7E5hSj}7v!NA(Rh>xZTzao+myYG6V=GjYe z?|~1MILU$>+8KajX(UreO(*&cg4962nkl@HQP0C|*jJ>tAEbfVyGi(#p@$b`>^*`T z?gvE}6qT$t%Ma)rR)BDYmu5;!Gy0;8S(+(Ar!alecG&T>2{w`rk7+!9J-}uwYqy#k zctloo2E>D-u;{QvSd8&&&<;`3uoblJSyPZz!&upGwjiZaE8lH2BWH<@LbI*yFvVyD zk#fn+tLZ{)&3-FIVf6Wx((t6yl7?fSl{S1y79o6~e-szajnz4@NA`l4h7)K@XW!Q9 zc4_#kjQyK5{M|-lAIy{<$mn}A=79~36(>pSAY z>R8<_&0QVi`YZkae5Ob|qh}%7<~f=r=DHRsi27@$NPMHe$o;p*?-TZij+qzReq;lb z0|80Kx0kVOjHv{HXq=ZgPYodv+iP^j0qeuCIqn7IeUT20SDcWGqQ#yBiV;iA-l#&j ze2o}>zr~^;_~c@k_Kik!DpP5)_jWRpe~t^U#Oh^f+8Z$#<=4Pp_Fl|dq{3&%_CBN& zC`Lp+RDf3xCDja#DaiVi#y3N`%BvYt~{Kxq#rh(>L(rA~;BX z;&^iL3~)bzUq1^JIRNuCu6dFV(;8v0efccf0TzBCGW&VVU@GXk@|$b14PDOi4N8if znq>qAsIt^;jkX|Ev_sBtz_7Q7{P?;E{t_S+ln;UNygE`M14pkiMa)RWf-YG@Ff&E3 zi1&eaHzhJ>;BO-DQKyKRrw$YCkvTEr#qEf76?Q-yZ$7S|FYvnp-q_BN=PVO_&!}@v zjLFr7CdMyhsfjN!>IxHIZqzjfizgIT+40;RM+*pwBykF22cfsDBFko1$&A>}J11nxu2!`Bha2Z0M#=u@nVe zvNx&dMx}03F*5ZvD!xOhdsTdoQV*&4L9ylVe?x813pNBkpP*6jTPk;wj4mWF{^0nBgani)@ob>kB?4J$Ht#g zN5^y3Ve#SWqwyhXfByhvJEAr$d=E16%nzI<)c=J(5 zzr)%Ao`?7q^I4LfhZP5q#+p~UX$ej%0GJZ~wKEv)>nd6G6LO52Rq~ilSLKbor#ylBi%h z@H820f@Vb*z4xf6`b|`QI>Pj?OaF$IoxV3BbH*RVd3;r%{uG&KBK^lmJq@kIbz2zQ zs0Eb|XyH%t4sp=mj3l}x*=GL|>9^3P!MHvz;2)T$1Jf-^TZg}7<)6e$2rw21LD#~Z z;7=%PHfkumfVk;FEBfqY6kG?fvK0e-ExsRtt(oP}f8p>2wZVzNqKbuw@~1;uq5rfK z>WE>;X|Xu2(sXLfNhT$BvUZog ztK~60wLWToKT`jUSUYJ}QU#i;{w%%l5>5g904Y)9ntEXfgn0#(e23N0hjhXiA4g~+ zb?KF*ieF@r;ZRkJ*-2U|QVOXIJx6O@@-o=Cthb0o8cx^_jebmM&%|mI7u+dKh2_e5 z7w{@qD!t`Rq? z6N&SR(ze#$+Eh6a3UO%AO-K`G-|*k6>27*=LjagU*23IkZtzp$c{f-LyTZ8YULhY5ULW19ko1_FydLx zHAbezsLZ+rtA2ds0do)%V}b5D?Na_t(_KcB{s~cR&rVHIYY;0LYTM2 zLF|# z;MQe`o*a(Cfl8IS;i@~p-aQ<}Tpm*4j^Zc={1d?l1cgx`K1><-hz_ifg2Zx8((Hmv z>5Vq<$963Hw)CC>NVMopK+A7TIM=LuhgO0Ng&Cz#UPuWNCesc-^C_7#zH2wFB)qsN zIs<2TK&Q!Q$V_uVx4{jVrb+diLGeXCAwZe}c^%`HjCa$7f;4VtN3GRr9g=)^2-cFh zB)8LKGwDXnZn}4;EI#;Njz}hg+?xO*al;HQHD(2+b_5}8J*t#`J113Ir1f6x)b-KLBJ=}+c zjPQmS1__LaY32}58o#JgD3CSTZVd#+y6%rell7jaGn3^`R=iim_WyET*@-^85kh39 zv;N_ubdrq4=T_3ww%AgucDK~>7_)fW6!W!0@qJbLuCAS|n!cXmzIKN|;C`u_sAR?L zCdGGE*bl6as0vFvVT~mEGE!4)c-i86(3RB@S%j5F&!9Dx*wcLbo=oSEJn@+l6a+ zgR;d+bBZh@8FFBtSL7P{%Zs(b;$tyHaA1GTS+@rC0arjsDh?o}M**sQ6ks=+hpMnb zqm4N7OEH5GV}a`blr9zSw+I2j#ub*dH&dWj!-g8(xFk#aGt;)F@O6fSj|L5L)$M!S z-d}6_y@8Gb#pqu3U%46vnr8#lx(5Y=Ha}yG?DZ(7Xz(!ek05y<3)grI#i%k>Ljd6G zq0YjrmcQuQD?nvmQorp1zFp|)Sqy&>6Hg$c9V#&uD{@-Hheh7miIFT0i7F`bs}3QR zw%7buQ1iu3bd}zJr6|x$W6vmj-n&g~PAF1HfDOtR%mo2ow>D$*PD5*SA4RrMd;y@K ziz;?A-7cC~8Iq&iIBe&}p~>xg7Hj(8JmoztnOzb1vR2i-wi5RGX;Z$WdIVtFv8riD zuYzw<*ynomzNANcU0*IvE+)H+FRrB@2GCkJmCISN2R@vMHsOrqm}F`#r%{hH=rv{C(r{T9IBbVRvBP-v-ZV zsy#4|{;@CW;6H0fAoc-ec2}e9upKG{;eNrsG;p6_Pai`KeILK*zrkeNY$>ygf4uub z-+be5lRc*O!0d2#yB5^Wy~n40FaXxvoqm;>E&Y25cBI%;X7pE+&gq3iA^Nm0TPE6@ z@x}N)$`aS4g|su;51KHKMG}E3s#HSSYjYv~=mS;m0O6UYspSKjn=7GoxvUQ`HZ;z3 z0fWOV*n`sHfS3b?J@W<1sFk;G&Q{u5aKNhttxfHNI@{4)AL#Nsvj&jBI+7!Qb7Y+K z|5__pJmdDb5HsBEfcsam(Lih%A`rNT?|0ve@Jp0m!g9z2bdwO>L#dMXftb60A_3(N zy9M!qT7UxtGV-Z+2{nNyi<_yIBWPSffqV-CtN48$K#W*r*pk?$=apuJT)fFUa#y5vdhY@ zC_9((g%&EaUKb}DqX7J6H=ay(slhI64V`cmXb z>P%zKFxAtIdQhV-NB^^cN745~gOUzG;25S~84$-P`g!g5Q*kIg$dTomU&!@v&eFl} z8Nzdu_QRQh#}L_DGPy=K^Z6pt4a zfPfNEZ^Ihq3&_)ivugjXsy)ui#-}D|Z_yjTZi-??x4x)qFR4rpr27dV_v0}%2o*K^ zz6b-@AUHNG6mD0w)hd(G7sxci>UNnNFIBk;-U^Nb0|*bG5(LTBpJW>X%yImRog-5_ z7ZqS0>f46ll?(j=tg{x!E{9~$;9RLB9(|?=z9-fdm0_hON~7l1%G8z?42IiUV6WPO zDg~YZKe0djM3smSUyo{G7R7_k^=60RbsaS8UDm6**Y{~pGKOes!L&@L`^J;M=ywU< z-UN$oIn^-2hpd&KHlfJwEIz`?~&uZ@TmNZ4{GuElh);EoufnjdQhG< zffi&$AR>02-g!Mic$Oh|+PEtHrk;Fdw%~)L9wG{_d#gV5U5(o0tBXZ#GU)aLZXYjZ zebBd6F?%@fbT~|AswF^TIvY+grB3fjCkSK#Hr@ra0pTWd;kytL2n-9I3qtknFf$*P zr?@h#QG76z4{r=>H-*7^9lxV-nUPW6DP03d`kkHGN>m&;m*q~y)WF?7XICS2lwTP^n0691cSKkD|A-M+qY?5ARi^+09XZOR4THhozAYPv!zvFNnWvVVpX)nG}gEk#=wpsZU+-BZk|ZU*HUIO@fs@m zN=cMewo;}WWXm=Aei3(KpHN^~<_-oQ zZRX@>N1GU)iNm(>P<410V>tMMq55lBcqdeU3;lO-Xtawm_*h22v*sDA{)xYm`dENR z6*9c@;H?oW{Mffw`RtQn_$!{Az@7c)rXKu*02aP=VL~_l1=x!UPD2JSn# z+R3>9>Lei;>k}OfmxUP{bjVq?R&v;w>p}E34+Q+1))>Y}LbqDQk z1oJY29gN^S|5^Z_(1s+dF zhFs2&?oVcAi$s-0-o?sbXb&;@~6Oyit5A83ni7JcC zYc;}6G1CCeP|3u##7*x|h+SjmJmo<{3r<72>0eAJb8_{1n`XDa6 zak{0e6Apa>oi-Gb~dh^j(-xI4l$Mo%E!U)jk z%ch#k#(=UHTGh*~EIFSfSspK1^CH1k_*b%h>Z8%2P;Jz&*gQ=Qca63|J}%WnAcCCb zbNmW2up3Jc%xkbkg5SjAt(fJVj2#1A%`yNu6bLo|HcTqby8(ktFCaeGrGSirQF%&p zRKY_uTo>=THdgE6t=)bfx3?4a{qB6s?elK`Ik&%BxkIblm)w3cw|^>mP<9tTNG=X{ z7tbaaHzbGuboXYgjmzHTW&n~<;E@@HSQOY=IiKMsTZReeOB_|Ue?7lW6k+lMJg2Ir zC0~s;@#4e}tPMJ&-lo2Y5Y}byWRZEW0v6Ac^F$mXg2E6x2ktW>*d|KO0{YQib)g5v zvwzy?7Jle=_(U)Bmni*16?{p30S530ya64U$S;{;>{Zb8a~<8FgU_iiW&fR77H6Wu zlPdn5Dms8k!3G9^Gb9u5Cn$L-j&T6Q|5qen-tOcc~!z`HbkSrE+Yg8JVDPm5Q%ag%v8kT-lqOAOM-~6wFzL zjR^o@iNXKx8~abgJ}u>MFiBFg%X6E0a#>EjXY4-=`w#r)QmNTuHDxI)^d`)UWl^v# z+nA_n8`b+FK`Mt<1OBYPu)+z;_cI#7$x3}g{Z3579u|XGkPSWWW1GR;0m$JokSH-* zL0`%if)-PT={-RmkAZJYEC$<-4Iu(2*4Oq3O^g@HdtT>J;GLoUGf9Y`v+mq16qTNN zMXQ%L`Ba~&5g%mKRwkE$Z4k%#h|J~0TpD~_A}mdMQmfzV-aiPF0yw~;NdU8fq{Q1u zP@w(WwEl(8xxI3Cl6_k4|M-r+Q{+{#c{he`Hl3VhU-?-h0E=`YIa(oY5^)78#aXYD zZo>7jgeb9E+a_JDi8<32Ea=d*K^%#Z0>F?lDPZeBe6VbWr~ZF=6x zu#2bQ5MpscN??pwk_As0$)3a#LxIRNMzvSWG*z&XDsi171hn5yDvolwxvDc&L7Kz0 zn$8sK)gYJ4wv4ov^UZcrd2+I4rev$-TCOrF9}HysyPC62nZdGqzgX>Q$=B`l@|MZw z-t5VB^yhO^zS5d)&rG%1T)p0v*=~5-c!wmWRHrS?4(Bw@9@?#Q*Zgk%p}&2wM;`K6 z-#fcs$G+M9h>Ej+{-Dhc%pY9;NdDkK9evc#P0zY$o}qaWU53cI7b!bx=0bEv32{^) z)KM#heTK_$ErufqCnT(dV+q}LWg`E=^H$+tO6^nHzJ^(Tp&obH9;GwAW`Jih(8B!; zMx^pqWA67;)fB`7TUY{9yX(!>X8ttgbVlxahM4o0ww^NcDz#0&%-30VyX>}lyE4sI z+aHFn&U%;Z&T0p!5myvt^RpGvmh_zLZ0-hxK$xRvAGkvc(dETlRvW@5T2}Z22g*a%_ro+1wZRRr~q->itjw@2&S!T*;>Q zt!&v~&=60g%yvvp`pH|82zf(j30$U}w+NUU=t*KnXhglcJ0avt{~8e{b`O#mF{BDD zd6VbBzMM~@BpagdR(b56K?F^33m_V;PO=200m3m+Kxa&l&rGC#YKCr*iFu>RE;RZS zQ@+&%AJxR1a`>UwVV<5f^2RSs|J_F2W&F3$_iBB&A<&aWp>UTONbX>*caIr*z^GrD zg8NqKVX@oL>UU<4ctgK8lh#QjqTZ*CpEp%g%!U}s52j+?tpK6D(n%-CLR`{%m{+oO zF#oz3xM>sSpD0R1VotlnQ5CZRbVxGqviV%0PMD^4P<6Jc)d^(tO$3U7cWXf)8{_Ak zYZ?rK)@-eV4cI4OcsrrlZ5L^-oF5Y`-5glaAr^`ZKgow!Yz1YP0a*NqiKhV;Rm3KO z@Z@c&54oQN%zy*NNz1Uz(oIMilw?YVjc@Le_c7zd95z?Vwh|9sD86{>tD2Y$q%a0k z-`h47K5&)(3(L^N+ob4CK3#h+_#(?xFPo{a8TG1BxX!(5>}v+&{qC2He$l9R37ew+ zZ1NocZkk^(>Um@ER{OhAl0ZQH)x_?Jc5fHma}vhFV+8iwc60&w)UW<;+TH`+uBy!c z-fQi(+v(??dv5RdCO4G?5_(HQuhOK5n&>zR$c!+S8RxGOks2`y0s;dh^bSfQ0Dpv6TMghAtvQeu*xyAb#%*sR2EJ}{S>2sZ2pzS)C+!@!~@#2IT=;%M0R6_lY z;55|kjL8?>Y|;Up?#vl3Jl&BRh{E>6%bop#BjnA_h-RC!T$SLr8PVM?;&`sBoJKw% z7oJD<56BH<8x;&vd~$2{1E`|xKt-yO}$>KrlqWo_kUk8D-9IlChrsL_hVLsQr-XU zsHb@4Vzgz{D{Nsjf=_}?l~gq%er6hNjEaQ{$p$;H6IaWfQ{hg~y%a`EhU^`rl<2B8 ziz;}{ysXT=ZG1$}HTmJ3Jif>IbIYthT*ptH!Hg%f;Qp9^JM803)eqe0BeFS(nVNJe_P1xE`t)eNdZ(5ViqwccDV9Bc)J;6$%;T=rqbCGbKXt8k zJ>|^L+~`_o*0g_L>nLVVO?$h>4L#$`)9v%mxbSHgKjZAvZtQuK4tSzk^Lsb-56-;e z#$I*ikL@c-fb~Zgzv?JZJmqzA#JbTp2!q%NaHq2tX91u}3@{yFRi?{65ZoBRD-KBI zEywsi%5)BJ9QVH!DHK6wV$Kb-?e{jni;E)6ZT)ki9QcV5KFC;z=R*3M*fV5yz6@B*Bed;pzFV+3cAVML`(^Y3wWY+P)guze`woYW-B3i28@dE#Xf* zG*l%5n5)vT9cjI7)Qs_in0^!T*}`-s<9IPxBI%}bPQQ$YQ{yRiDwSSRH)VXEWz+rk$m>(RWz3(b+x0j4`@d{**+#Eh_WXN|G%sZCeB73wu<7GAdIA$q@mIF|f=z#AqZe%StSvl;YoOo% zz!n~%xS`)WN7_Tri4@rTY@Ra?3YPN%na!qH<(8LnY_8Xe?d12%az)t({g=)CKL2?a z|9LyVcYfdN_gk)`()SEvG~;8zr#rFPX?F792u)sO-fy>$24_a`gd3d2-V8oqqAlYt z@`qKNJu$K;L1oOT@$hMJM&LL|~^4Tyx9*!-FOP9r)P;%g;&_15n zTg|MiW674}az^dvMWjc=%8x_ya44hktcaNQTjD9V#?j+p{KwEegoe<3E1vT07?*$; zLimzS+!>GG6GxZ^$r5~DJo5owC^^t$uE*nTG_)t&0G9(|u zZovU!15}S&WE`E2!&NBm;Yf*0^qXO<<20^?&2{tnJdf>g);A2*5G(`L8*peCjGIv( z{v92ZQm&UurY9WDCP<~yEO+~Tr&|Qk>(9DsrD%|ZZmHe2m-dvM!Nuc5e1;TeDt2Nb z9w81rPMSmxBS0v2Je*aW(NSSVNo6AbYKj-Tz=T6n1|zC`no&D3KHfidCRIpgPEL#z zNGXPGnY4Pitl(WYcZDIN!MChGq;i6e(*+nl8(2hkY$8xZ3ov{(W+PrqEHEqxpF7qc zOK3)w9l znRfk=dK=zgE3|_E<9WH|Mv-G8yaKq!5a zc^4y&0`+9zoee^sfWKpui#RCyBk=sD?*pyxmDZ6Q;Qsga_h##Rv2`rJ>3fDD7WZW7 zLu5yGOU;%jq+MfYvr~y}I5>sm?B?N^Vgkg5JgVbxK89MA1;$MJiVnb*rmb>2%KAPBv%gl&(tKt*=V!&XWUeWy{0e<_Zg`Sj|KbY%1W#m zwuFEj?qT+e_AxkQ!txLBo2@zs4*dXBU2=5gNd12pOVk|Wl|W@++nzo$6cU~oB!O>G(E zwoAGzsS<5EC)x@LhLnBLEZT+?LBy9E+|q8<#WoJZU=wdV&hh9Z?^O7rOnw+U*px*Z z?-v?LCNO&D4a-}&K^&Y)IP(#NNC>4Z^9;oajk5#@$_lrF6+yojl4CAe8lPp>MPy2~ ze(%=d;&D6pmI&>4`zG!Z9RyPoN5sn#0n1AxQZsik36zGYhrn9c*l1`_#rP&J;z*@> zn&pRR9>razz>HNX4C0Dh-`#4CRG%OA0&D*&@)|vb=R*lXDB0GwtK@`U!eLs8TvJ}B zWOcOjs>rO4wq1q)=SvU^Qw49!#S~YdDjj3-OE8uFQp^_;v_M3*A%GQgv-cX!$8>K_ z16|k};BS-#lKNH1K{M=>jH_^f3_r(d`9SNs53u15o~(2`uW)2~-(&^Fc27caV5ZQ5 z2|SOdzFi9>S<9e`*QR1n+JfB&h;IOX+V7lHMEr(#En&4TS+KY#SP4}0czs|!qR>aa zIu|kbURF~wSQG&~9nbBsFZe1~cj&54v;s;JWm%8Y+Uv1uvQqm9%6vqIE@o2R?`YVG+elLcdZ>MJw%lyn(4t2Bvf1=b3FFR=M~X zCORD3Z5?)DPLkLl@Ai(gRsmwIRA@DTByp;THiByy?jB^kOO(1rT7dWB2ywGQ2#DwH zT@@0~OETCL=;ZP54y}2Qc`xqTi^C;FyUjoO*oBaUow&O(g=7JHxG}VWo1KAqPbNKkumdCT_ zolg|TCxi1rBnVQ@EGjL;jKp*8Lhz;dWdu@Y0XWBCG~9BMP%!-#A{Q{MEb$Tq3}cMw zS;_7w7L%?(Feb&k^?ci`>o!Y!8h-zfUDplqe&db82)U^TuPnVlO`gJp5`{qay(rU=}dcqo=B>@O`zPzRl5Qj%NZ-2xrO=~h-j z!rP!EjUp*vSQT&LvNpBz%@kczc2k5MQQ%T8fPuE3H_=ksKVFPK4jjGBdNxPckD8B# zpgS4HHR$=pX}cU$sE1TD^>!W2g*=MK54owHzAnwS zSf^;sJ^g+K0i5J4sZW&0M<(X^Is9a6{?g!HRtJ+3haW8;fv-pXE4(~B5{UZSd0S%M z0|QlIPOD;oup8M)RmNztZWn9x-ZWnaP>E zam#c8#Td{WxgJaaf(C||TpT4cSV3igNvGKurq&40t@~sxbuyjEG=%Qn?>~t~m@l5i zTWJ@2X7b)b=(Yxq-yk z+lVX@-a~G&;o&XIqjXl}t0A_fY&Y?ri}oN|1NQ48#$^y^IQos=YCP_Sdl^7GvJH8L zNiMBb9ovh5S7;U9Q*5w03{Fg8y;1e1wIN^xPe2Xd0AyS`ZG5sfSdgyFgHNyU$+ef7 z`NyTf*^1F4yP{Y{p2PhZ#c6O?0Z+Ufb1DEaW-*FQmaL3OB)=G8&y{ALNA~3GLPt;> z>O>Jt$TiB~{(zV1iK*;vFib=|N-GMAr>-2Jpa~V1#MkTyD zw6aMJMN#l7sv6{LWtPG*hcL$<;b@C4eF7GG*c{kZamQQpO^^~ytRu^Uf5R;%*`REFQZ=vG zT|s)p`=h6`uTe!e&N~ZKmO7O|h9&k-K${BPty0^%Mp3;gWx$vyJP~FVun!lz@v)=G z50ji1&Vr)DpO7CIh$?I})w6<2wZJ~z`5E(R^C^boBlcsOXzb$-i~EMDZg+EL4oKt3 zdR5G_T#>jwWbhf{>Nd>!EdTC2MLqmQGq@G%z~f7mEJ-}Jw;*zlyvslhb{TG1Qb9Da zi;KZS1g7d@B%q>C>WFd&sP%GaxRV!#tlwAsK3ox!QM%dcmY{gc;AL1{9s!;pZ1-u? z`HV478^iu#rRTs*1)D&A3=|eD@3=VH(h>;gwY$0nU1e2^vF&FigU5?8F+*vwr7JjG z{_S~}^`%etj|k6!;jYlQqy^XwfZ77!n1=?NY<+A+Hak?x0Y5k| zBy{i<)A=%R!qNP}n4c>Y`W%~%7XN6fuNnI%VL;Azp;|11eTdM8QS%|oxQu}+@hYp~ zk%Iq*sc{Vf^O%Q)AaYkS47T(%Dvlx>i1gw+yT0RNfUlCe4D$+*#w<6@PGGX=i+B+H zQX`W*fsXtZMyJ9Epm64H29lHjicE!cVv=jJ;le~Z3MpY#|0#@S1{Z3K+)}e2_{$~h zAyHN+$7mEi64LUo2Fku;F0!2$Ymc8RgUqpF$zRa`+9hXrETm)Z31bF}eIR}!e5tQM zgTi)+HsRLxv?}&jIutFwR{q^l*3uNDLSz8dYF288%u$y3tr-vS!}7L1g*%q!QcdJ)%;syJE=SVQ^A7yk%$mv{6J>x0K9$<=5xan7U@$qv=RSW zzAKfvCoD7EAZs1HHVida7f3`r!yuVz@IC5h0tl`2Y>SxFm3A{vS;to(rnx$ZR*Pb| z)v{u6G2AhbK=`Giu9k;poi)cJZH66^d3a15o~SpUV9cj2*^UNV+=7_V_ArjNny5?+ zp!_n5NmaG7VF8r@ie%+t5b~YHSP=_b2W@GU47Zvo<;z<0PR~6R{J!k>vEPSllp?z1 zDTEpP=inX%>s=BysYscsblo|$QyjaB)?;;^G%G?vVAz{0IW5jV!C520A`3gcZBec! zyqziE(0=trp_SW!3~2vU^l6jvETwJFQ1NEwed2h8YN?~kZ!+;Nkao&mmOI;Qw#u5- zmISZtr>g!A&26u7GuSay_E6BtIXnaX`1iKPzur0yw62*>s2z~UqZa>%0`2 zr$h4`U7_~d&%@|>zSB|jOCd384Z=DwL$33$p~boNBxi7IJps8Fx7COeXUg*TIVg!a z-cq&F{*@#ii4Fgv8GYS=PbdoAU5tLOCq84y`fr~y-3tB_9>{f!&eLrRmCZg3WQ*PQzAN2|KVQ)Z%gxk`|}RVo^X({YUTx1!7zHLd+ZE z>JvdxqcrW5FDxXCA%NSiK)`4qQ&;uo@PS&{yGu41QE8kaK?X0X&6=VI$f#d5Mq*&AHv^^V-!=Bv(J|%JGzF%w&QJWW{(DN)n&H}Z^Mk!aj*<|TwJjTJ+$Q-gF12{gtLvOfSP9xD~GJr6D z8+E@(+EfW&%H}WRh)Sm8IH`|-pEhQxw%U)snuo1M@PaBl-t9W?a`Bzc+~dqGj=F2U ztll?WbQ|B*?%RE#)?0;l?$r0MTXTc8H`0%mQgY)tAE6KGi)3Q@F^Lo)Q7-QX?hlz8 z2oKCTyf)^ccGCK3thD;k2>y!3hE#wsuw(IPU$ApJKc3e|?^c>FYSgc62Q&1*1b`{1 z&2JG9QS-XjY-2Q%K>~04a95 z3HT->G?P-(Ybh(@O|7SY1=6D7|3qmA{N~tjnN=Eiz~TsjMdAr(tH(mtB7Ov%a3sx1 zAYGan>qM5sbUj8VXB!Ieret&=+Lh+l)u1bN<_ghN-<8WOx!n3 zIT!0O{ixg8cR?wrxr11SaLM12$~p9ajAiK1(f+8Bg!Baa(l(oI63#X_)wpsi4U(GP z!B7EiO+bmW8}2v&0OudP8g?AOV`y<4Y!!0{`9<3asw5BdF7avvw%`Xtrm0NyGT4qO zU&PStB_)B(XWH2w0oks2h4 zejS>u=eJ~HXc-3Nm#2)`^2=)(2&j;V3%hbcG=x#5(%;c+8U%aM@tziYxbGVA0#&~s zT7&O|+uXms%kTSx+lT=J6@y2leX8NBnDv}54bpFod(p&a>H8Uw=%%1AvY0^$B{eh_T#TT=o7k+H<~WXNa`wqrdli~W9z-=}^* z;;GxgzI8kJeP6KFm6a>T+{Zu()&9_o>B?z`rDEd^6|B zM&UR#8`-z?%dPyIEn?DzUH_lS9W2B?E|I*@8G_7_8;utnFY%s3g$dP z>RAAMw$%1vBY3#CcMR>k)hjX$q&7lr0>{Q1mPN-`NTK`d6}TNX6h zIneUHL;Dnh*SXrB8xEa^TZgIhUb zatmJL`~dp0FnEf=EjBSUyzZVjUeLc|7#xtd=!@%H#7uRNkK$w#97Kak@eiA=2K}fB7lT2j zMBPWle&Wr07D97BGuCr#?DyS%U)pG24$c=|#Uq^;04(wE@X+jey>)z5 z3S4L$ZVzEhByiSq5}}CkpY-W?eR@To{)+1uQz6tl0_Zi_rn1Q{rcEhyA^2oYqe~5R zrIDQpJ{f6koRQi<)Ih5Ao`kY)wucn^LRBT~^gUECVvznh{1`*@Q81~mFNnp5Ib*P7 z&Ikc<#TBEBr6&M*jGuKrU{izF7%+*F?rR1J0*tJh=S|M_w`lK z6_D~+tpzEM*Zwg`dBnww`WJ@5!G1YD*j|o5_y?AwHA}W%Y(c$y4($;Vz#OA)2yZl4 zokA8Bj`t=!n>xd=dT0X~15g}{5b@)GE{7+)C45l68%hm=fip&b=tIUpDFPfprgVjG zjm3_GA3Af1f#o=cmwiNY7w={Ei{GIlCSYI98LBe$cGx!q@fey@BKvYZ2G$o)!_rm_ z)FIE{rhY%(-b1i9JqQ5*c}? zULi=n*hBI?K=QpgB;VDBDTKwNYvGPsDA5i8d^&^&c{7Z=TjH2ZzW67_Wb|VGWd-uCc$+$W zUEqC*1jx8@CePX(kY3W;;)~p30J!G}^C5B@a|err&{^^-;tvZqgpZ{Mm@%4)CE4KD zWKm`1_40DupLu-mR!~*vMqY~}u_R$iw?>j1q?1=C~1HsMu{W=rgjE*wm3NkJ=bPz8& z5ZueJHPFBV9K()6ow1ebgmR`5xeMakFb008OB!+;J!{N!D1G@&&FTuCYTf-@>uAxi z&0J$JZbZsFf2b0m=Mu8CS~$)kEmFtl{JQxb0daV{{M3YRB<35j{ck0HjDBX!y~f@x zVT;gMlE&o7fReZP(>jVVLrU|Khs3l?w}F)ldIU<9`9N9$46u1E*wGa&`vdHE?kkb+ zsSz6ohwjmpHjBZ%0tvDTAz0$r7iHC`dI;r;+hQKJd{6Pfy>1~*0N#uPJHwD2S z@PFtOk@1djAEJ&5s*@Wv(8|#F4SI@0R8whGxd6PZ3z)RBpEO*wxf=a)99|}`997^E zipTc~#RmfwdPkl!t@|d{6p!Iq^qM0lg99%{7(l-8|7xkeJzdZro3Ji>4gN8SKlw86eK{@9@Sz? zc8U+r;c753WQL|9t?$K1pj^+F61*Ri2z!g2>i~$OcPh61Yb-+Y5o>G`yoSOsM9O4U zqOhg(l~QJ-93-(n4qCW{g9gXYshD^wu5c};{2j>V{Q#(RFn(-`rW+j(bve^%wpXr~ zQW{bnEBpxKwARd610bGbXar)KxMu2c z1$VLN9EA`8TzN*3Fclu1E<#QKp+3Ok=#=<=T-x~FhdHFB_E(IQ0|5cfa@L|ch%Chr zJ=hL^CoY;6b=XcT1ce)(IL1>k_yo9Z4Vn?M6YH^?F%dH&>a~@3qdslET>BVs)y|Zx z#7N{X=_EB)MRA8p&dz|Ui70Fo@t21-tTvmi677lo-mMa)pzf&e3Vx@ItcMY**15(0 z)k_d&iC3ocTm!p{s)@eC30M6Dp%nvYz1oY+qIiy@>+w&+ixoIE-O_D^`Hqnz286!h zl8KETB>PU-wf#_v;q?k_C{rboLw=2bd@~Q&v;BUG--n*GwHu5S=NpbP$sap{*Ee*) zx{HL-P2a`v)6C%&`L`?i<`91L%e98=pBuVXL!)0q1jldu&0QSEmswPF02MY9S@n9~ zFkDLX_=f)0HFUNwAsL&FD91Iu+pTCJNN`bs%w;m=P7Mx5Sl_Q_e-OlBXjCX9+*+5G33bKO*w9&4kaHIZ2x{fFPz{QfY%@ACVBHCXc8$4Rclr1>ztdkhX8(%FF+3zX|g zwPejesI;0m+19$qb~x^^@K$G+=MvlwHIUl0>wx->RI=;}`@_znOeWw{1y)Rfj;jB- zGoYU)pYVb7SVF6y?gI?$fn19boXX6azYJxuN8d`?Tna~G75eU?htek1ND!%(4Q9m> z3Ej$0oVH$R5nC8htCeat@M2`g9|+aNUkFWui8;1jc!z*AADEFt~*Ti zb`yQWM7Q%K^oq7eT6XnVvV`nao6=(%JPFb-5md&nI5D#X<_Jk?NkwKpte3!dWb@%9 zc#O`&S?xjEhRbNL*g)XO70yEzX)Qz`gs!W42Ck9<3$;F9l*&49+z4pnNs?8{(ICN{ z+XGO+`+j(allWBBo2B3h(nW*(X>FoHy6Sa-?o&`!>AWaO6zon3N$=FibLC7SEm>mT z&_MphI2DwlEn)%qU8-*JA^?EzB=(se)|1abIU+2<+`%mo+VFt!u?@fA0D1WoZ+gH6 zA7nT|EWFpc(^NLp7A~{qayUjaB(iOv6K~TB_mU09ffX9%2u%#TpoR;xiXoz5Nz4GPi$p47QVp46HT2+QqDgl+`RD>lA z?{vTCnyeeK9K(^{Yk)u>Pz2G6scl-3E6f3osQ~$4aI4S;&qqoGJi_-7mk~o9mEfHR zdMkf_&S`X_$aCQswskHalpRPmpeGnu5Gu67gV<5L|47muiG9`2(uL#GdkRYrQYL8H znJX5CWDK(i#M4$mUGB1_^Nl@M1k=J5iNA4v&l(ph zqVuSwcHead3*sj05HsP@IqhnwtN7Jy;{#jNM{9O9yKxKfR8roS>E;+qm0^JSr5I|CTV=6Ae$dyJEka=7+yMwA4HJAFRKw7Li;#H*?{b1GD1~ro z!jAght1r`tkQdCyrCIbzW1_R7D03ytFkaKuH?6(mR68YfMPN4^VWbIh$5=SL{?`#M zALRD|j=kjj#exkSgbIX&zmd?~4<;I?4FlAJEdi+gOfMpJ)vgt80x^Rv)IUOVD44)T z_kG%ly4GMcjF%ay^w^+;RJ;$y3bjAg2o*zEZtg*q6vq|mysTiA;oaE z&SH`$j}I5IbN#Z(^^&<*nSX}kPJPZdO3FI!wz!PpbISsG{_79sOFE?TKE^g78-tE^?Qt# z3I`GGOuG+eQPea(uxcFwFPmIr-Mz3MBC{6*`F5+Co=|0a^(R^D34a&j8`1#H;K>p8DO}*ifRe%-NpvXu2^NWVnm! zFmj}zUaL(8R86WCS~8>JlVXhgvBn%YqYHz!W zOl(0OVQ0S_re{-VQ6=rzhi6017m0fRYHJBl9wZ^YY zZ~0XH;h zI@AhBUJ(+8pr#|y8cC@bKXPNk$dXl8{3Cb5Tt-<`%g9v5G$Xx|w=lemsZXbHelW_} z^IU3}Mh_N)g(d{BBG_FBWHoSKhb<>l99(VAu(QBf7KDD`KnOIAd$?|DHppm-8CfB1 z1TleC0fc%>4>A>$#$Dqu=W?xFZDy{L{-Npj=pS-DIGB7cv)5p22DhOaAlV9ZgAT@m zV{(?!#uHpV{L!;f`ea1t|D#cQe^hPr?DF8>GRJUeMksr2<6hvgDGbQ-!Uc{H>Rwvk z$s-$Rr4+ifU=Bhh%CZIHY!Wi{Io=UWbArL{jeD}{YXJo$t1K{~#ZoyPf&PLOB&c%~ zvpYSURZX%=x@9aHB?Ry>8pBw=6S)V4h|VT%PgcW(AG84tT6O)-=iVT7q$aN9kUts0ds0nIfGSczQ;WB%l%xHG_$|N;Zk6}#SI=N zhEh7GI>Jwd993yv$pJMOSExygfG6Sv4qYK!75jaM-{;sXKeI{u z*IH01rwOXX?ZB4{+2qZH5=5zWV1Ujyl!GBY8XlFh(4+*)@~95AdOvdrf;6I<>vlD1 z_u&kfDzJFX^oIi={9@7<7MN60J|}xgwiYE}Mpb+O^&>n#j4N}@{6V5gJ;}UGlUAOp zS~xNLN#35B-i=Kal9-VOzTTtZUh$xuc~Keo<-%(ra7=5o9r$b^E0c74sDMBV_1#w0 z&FcC=tLjluxe_%2Vb^xFI2Mk&F;p2)CZT)<-$NNGP{Xorq8OF_0=kERm`G)_Wqq3> z^~TUz!-R!3vU@WSKnQP*=6PzAFLELqy&N+|Kd`ADm~R>@rq1^eu1JfFet@arQD>N5 zR9;(wU3iM*cWA8H4Nh*phqd>v6RcUkZ}@$e-@`jpf(rGZ9>Y(Uo*TQ!F62#~QUe&8 z9pafJCg@Y9Dvr)*9v{t~%785!Lx(iN6 zQX5OGy3kevxBwn!@|^fYd2wF;KAf2A$Oj3lr2eWlMiE$!Pq0O*jc5S@KFT<&G=T>uDmVZ zYG7+jF101;;#Po(SlJq2i)~7(TIu=ZRtrkC$3mvf)+-a zdG3PEobOpnyGoxi%+%dptc{-4Of|&(E z0=Yz}Y9hW4;P5lRalhbt&?x|AM_o79KMxdA(w1LFNF+ce24)TqZhu^cvPIv|ZXJ)2 zC4^X99=Hs-_$e^yGBem)?MpD%R)c4lRX~%A!xsVP@-I#D3psmJkkU}P`em)5&#K7H z8$brI?hFohb#Qe!i8DD(%1^^0xth2$&`g6|9=0w3TWPlNAX)VLWCeX(W~!e~J_9ed zTYY!4Ti5P(H?k_g_kj^D7zbn1(~48Lfxc1*4s#Mm{EN)>aEVwStEEd+AWqr{22`$~ zn}7*vL++Fx6U>j6gaT61%!hTBhw_@>`U0@e^I(p#0{14x9V5|zBcw3V+lf{T9W}r$5kxjNPHidrMT6J zpqjJ*PXd}nob`yL{W!X&+e?z7aZF(x3c>S~^%ZRIeO!qqzB_n|q~8oJnLJ4{4{}s9 zxevV3A-=Q%huC!E0JvHy3!+$*E=)FxhGq~dZaUr@E&tX1BMktda%r`-!RV_tXBeD;utq0voWaEml#3p4jZAya@AvonJW^`oeY(;4WQ~pK z);6CupTUumE&9x~U8}p0_CXa)z{L-Q1aP5{^~)CVXe6B9)?f-$w`_HG=hks<>!=(60LHK*Dv{Mg-bJLmJ{&fBm8Bz# zO1()^WYyxUV1LIV4}#sP9#S^jrtG6h`0+9cKF`d|scE>3O2^Bf zfg(^erc=;iR=91Rl!2hfMsQ96PY$2zVztRUmOz;33T{M!$_l}`(z{WMP2>}+sp)09-BL(kc6Sr zVKDEEvioITK!%Sx?~lxVk-Zml0Y`HWXKSD)a2C(NYwQ?SBRuS&5Q{!an}`A}nht() zNw-f}62eZZP;rsqry3ka0oIK4P1}%HVUO_W)o7h4UtPj1r9@f10F{}8WAkA zLz$)(s&~NXn$H@#MJc@Viog~+9Eeg^L7D0b%10FA6O?w7$OgaeY_c!-Wzqbs5I#l0 z+ht}9Z131e8?~Ed8xMZVRpvWs_}$b@WaBCVN6lZV{W|tfkQX%kL1w<5k@?o#N=$Ur zf$X#}-h_K6>;p6$4^zXL2&Gbi6 zp1eIH!TC}+B^mj$9C5dXET3-F;hPj~Yqq1y+i!Tf+rnH`u-8keow}W9k9^NZ+wXQ` z=B$D_yI?8Q!cOC z{oMxu5C?|7UzhR}A`1@BN8+oQ)ZJ^%ae8Ds8CN)IIFdx`b?j*UL+ z%ui$YBqYu}9mi|IdtS+tf8u7qi-xX^?V8v6X0U9rVN zD;9KwZHP_gScp$2X;v2@P2~iLauQ7@U8B+V98mAi>Ng@JZd|Hv`^7Ye?k zzM@b|PL{|49(=WIE-QtXmt1f&B`&3VQPx4cNWeRpwn$DuYt24#j{0Gl9Ozf1(S@nG zARRf%u1@d}50A7*C2ZBZ5?5|{KaH^PdLaiQnKVJ#`w^^&P99LqkT{umk(gIeM}Ua& z6{Cxu1*}{N{;F<0S}>0ll1B^iLj}Q0efJ26x2zqz+y22R)CER@E15OL=tN(AAan3#nZ$d-tEy@*Al+J+()=W6VdY zuMsPsnxo8-KtN=UG{;E2oi?VO}YCEX=B5$d~#nR>@uA^hq`sJV4B6r z7XFz4E@lE3EfZHaI<5Dk6LRFMXE-8z2hbs=%PJ{^CqYCXf*lONq&$reGo&5ZzbUp z%zKxhR(at$D_`Di8LJ9o{ej?R#@gOevfsuFRfaLf6#`So%*nX(PM8BIN*2jSrLBwF zPrfi9pIy^kmIT*Vag6(BCB40Z(^|otScu=q%wMtsBi`XZxnt}(nfXcd8wgBd`i`U5zqG-bb@0F!60=+dqvhqiItxU$(6@{7i=^<-V`*i8J6=c$P&<%aSv)Og8uU=7%Uh{qvC@~ z?pZ_%z`7)%1O$lJZUI81lr@AZQAU~$mr*K#Eh`1KQu&J}Sl*$S5P{o#Xo>-53v3I5 zvpYPFV7P{UUNtW;u~qw9h2FdHm8xaR3rJj9R0%1H-1HWqwdT`nw+_-gIjJ>yGAX4#;v=rD&=b!pkGEBVEGe3^`*a?Rz{ z7L6XuRH2$I0BMI=s5n5OzRtU%g}RNzQx+mX`}dY=lcp~TZf$7xM({M(+mzv<2M)G)Oo&>I7`fjL%w^b0aZ>VH< zRqUM=x4L3hX&2rwD&d_K_M_I3F{Fjcb01D=?!1@60Mj%M*Ciwl zvq`Z~q-GLdpHQ#Rpfv92cEJ~)l+fackndA^oBTZ`Ayt8+Td z7aHMmv`5R#p`f1+1Q&KDbHh0;?9-=k!7EI5y(wJh$#j-F&Rk^@R0ZIkFX4B_;KNho ztbUeb8~{9<8}24Nv(mnhv*@@7!KmkZe8szX;W;+AvWbD=qN2H&91bE22uh!?g(uaJ z**eYVYokYC>RVm|zg$rbFRz-*s)d`Y=B8?#@2{M~i_)1|+qyhtG38iN1lnwJ6`Gcnng^RHv2u z;5fo(HLhS3Y2}K3*hj@&A)p8~7DP7lE#(d%2 z2Uh?Ktm3-aUw|(nFHjIGDCS2RBsMJ{8a)d9XpX9Wa_0Lzlfy)@mu6)OH*FR?MnxUu zRWJ)Y0Cgv^dH<;yy+-+Zau|>XM(61{#SxuC3^cl3yZ}OkcHNWFZBW)?(}L{)#RzHa zCLFD2i`grA{5Re2-5NBU%MAKhkkB8xP&6@iyzt9i(V1l6KtLj9$}j&$>lKQQhoRXX zQ0JHYMm@FcpEu(7c8w8JH^x&L`EETm(NnMLimvugMZ=Ikm2el|a0tFQlzHs=CBM-o zOI_c(&@3fSz4q_*``La!whpuWGINiHxe=V-jpI-Q&VX@;{h5H*bkTH4x5~#vsClR9 zwi9IJB{hnxP!Mq3^yHC}3|h&IW6mR~Q?}{GO~h9R(^yLh!sMa+;IS<26vuPVExhHJ zwen;Saovnow>s&T4T9qkW$R|TJPA_w2%{&H_+|2ViJ&xs4dSMHP=TS2|5C1wpIjpY z>%0Aad%rLFeQt8i_neWmIG_84m1YAjby%{6lsO3dBeFJ!XupHsbff7>c@GLP^7;Lw zBYaFg05GO3^j|eCg@guO#pNO=URrIgscU{T-UBoHf(lA%K^tGA3G8wEop~tK~6ihRVeU*BdYPq%+_Lrx1)=9@R zVk_C+ibiB*gdao9KZyY!rRyqH!+Mlz4p+$81i0c{R7%SW6}RA`26k%Fq%!VWlxxGE zhDh-vNV7U_1=$lzvf=rYUTnas@a5~Ya!qcX6PzY7b_GHWhv_=WIysl}lZ!$Wz(y&wUxwYo9Zg+XNhN!utU4V#MLw#K~mvouSv4>$l z`bw8MuZuIbI&4NTyiH{t@cfIr?55%A&Ft1DtWW;^?xv%Dn~jOPjoszV=;B07eNTkYVJJ8;z6SgnuK9serZTik%~-URk{noJtbc7 zniG-JRuwLyOd+~J^Z^$7OZ-h5e6=^mX3k@!iAMR>ll$zDvA}kU`wo_x65j98-tk`b z-~e#U3^xfeof?m_S94t02)SrlK;2DP>H?o9g5w26{7M4!)*cmOtn20mKZJ2+3}DHH zSXbH?A-j0vC!ewV#{1OmId<=KuX=lnua3c-!k%y1;!5=tvtPP>eTQ_*`c@mZeKz{s zI{(r7$I^dj>pUb1_J(oqj|b}eqp$tDe|R%cNY!nT&ZtjMuQc^5OnSAc|K9XWjRDx^ zTmEVdXm!IK&2+(lP{A&0V4F8ozw%es8)OVNJssT*GDqsx0UB6&Ynr<2(XHEUYJ;cgj-OzPf#!-9^CD-=02@m$WbWzdxcL6=!u73hb~Bmm-t- zw@6r+)hWDLCoxmKmR9T3Qoh1aC#FuwrMKz#rM>lmw11x=?Dr$-aD6Nttxu%mK4tc_ zbh1uP;rgs}W_^=%c71L-r@mRbX?=b=uf9dPxnKO-q+6p#Ego;WKZ{w#72i*NUIJ8Y z@f1VpJ)QYiEX*I}OabTqli`V7;Up8C$OjzrO?I-<@03pK$UfhJDYy8U-cOUky!aqy z>B_?j#VCEI`DtD8vT6RFOSvM$2&k?2X+3=@Ycu(*y!bhuYR#88W~U?c+4vOWPBx?i zh+p!WuM_z!`CPi@z#0s$b_v+gEa~HebchS;xlb4Iptj;08h&|sC~@dmb04i6`o^5^)VF=qToKv?wShgrVv&kW(3 z;Li+k&GDx4S&eb=B~$sG|L}&X{KbDb(^kH$%yq?6Y~^G=(8li@<*pfmO%4$qVTj(0faLY11p^( zVQX=f<3HsB$ouU6YAJr+kaO&##HJFYguqKaCoCDLTWzb`>p(E=hK|-p?tJRl=FjYVKzEl zGA*J~CNUkEd>=CAM~2Vr-9x5y zHO>OaoBr~Q%X>03q*+p&@3w9!5)Ma!ur~}Ah+fHCs2dgcN7WR)rJYeE$*Oesa*;lV z7!NsFu5Ua;B+Zvb)H{&18*e+1C9`B23!5k~5|TYdq6&*ja_3bB>2!(TCw^~N!6&+N z&C#U~myfm|PJ2II9%X9wEv5L#d0qITG)VkW|3t$BfFj zmq~LFE`-c=C%t^-9=X`yLlm6Lo1x{X=IGd3a}@?l@W-NIx3CO0Jv-K-%9IBTH}!;+*_w;&j|&;jEK-+^LlN_6E(6$sMPZ zkz}AmpH1MUP2R!c0@k8V96y*@*@h&ykw5`KlR=@s0EL`=*&3C%O9UU=wAee;#*IGJZz6f{xAs+jWvzkc7DA4*60oL=){K3>1n z;0gt#$@g6sS!TX3yy;OGyC{1AYC$8Y-40Hsrk434LIRInE{|h^+T(>Sd%F~;?XgxE z&I~r$Pzb?+xl;^90!S${u(!oe#ZDq-FT<RRoqSL(3E8W^T zGBrYo{lKHrhXdh22k{+QJ?>&IdZK=SN^asycETZTn5}nlb;H#a1T_8X)ybKw=vUP~xN_%#jL#acPnKyc{#<>)Di;{Ikn5I3VW!DY)2 z%JnvuzC`VO>u{+2aTl8^paE)m_YuwMe3EJ7z7)eL;&=Q$u^(-CgF)M<*A;SXCiF9R z?tG6YNL_w^xZiiTNmK#Xa&hqfZcGjIc#v)K-NnP3^qPz;aGI~K$B9K;}XAfcZ+^Q0pQvrOTC%KQHZEk-qpy&MO~Z~MFa7b3O(i`AwGcYxtl zv;_Q7ua9$D2;88IMBFInZ)bjykJ>Xf8zxVwAKQCuT64WEl?l&T4^l&n-88leV1yop znha=S*vRsgk0+^nVJfmnS?8P3*{N9r(6NqU;D(`-noor$a7d@} znAjs$KoE=)9i)t|O^W3VvQA@KrV(MVlp6I?2J5Y9#QSoy4c!-Ysp2oHs#-;0xZ(YN zR-2El!hfYgWXXdGX?8L$>_E#_vOj}3F)%{azy#f(4erS>B5V>pbEj3J3*njeKY6pY z|6JJL^7w2r+_L8spr{eZPkDN1Cc`B_LnWhR_wyCwPfd2Sho8c^ehLd4?f>>n{%a&B z+{)3vG49u9tKdxh77INjqIiecW%%_)Fe#fB(Pb8QFq1mR{KX-D{B%X%yhA<1hyzRL zNM=3Al^w<2`qnK|%t`?bt%aqvqu?S(Qd268*x9nxfTMj#-qG}LD^DffuL#JqnVVjw zvW9!t2$5Z3v-PkYS&((GsxTUJIY#vH=1{#B@^c`+lx)&x6IRJ6;#@*rP_5TPsb1K|I`9GC_flzibiUZ_W&I(N`R?b0^@{7fWfAEXNV9lBneiS##Jdh!` z-{ZAOPe=V8W|`0QJqs#ln&A2ZlW_&g4{#>alNQ~T8HqAbp~wP)lAY<#*~PTAu6lG5V$1`igpZOqoNk76*%V`aAC(;PqoX9U61@+{oj z?nPNMe6fAAf0l)7vuJ=t@pNQPcHwC-Z~o@fojn7*O-s2O!eH^)0ScKk9+NaW4m!UKdUN*uLcn~H(|4goR{9oz?8Pnbi zTrV|8<*axXTwP4=ESP&_-BAF~4+?LA+6VCqp*`0SKfnjA!m~;6#<%3m#C(}!c4ZRP zeKt9@yYUuy)M|qu(2fnOvK8Zv^O9XGkx0K3fj~+f(OmpRICcaTS?66=DRc$j#lsbx zaZ@3?SrP2cTvw>vSg5qiKFK9l@Pzo(<7&W?Ph1qk^41-knZm|Ighd{gypJU>RHMo# z&lD9&S_EI=h6q(U!+Y>)V$Mh{o_#jDfi4+++2M zcQUA{=o`@10n)+)icCCnqC$#jR4A#IhZ3no(Z4$sYa)({98pFMO^5_NiXLZsp&wP= z{RLIjf6Au(5U#dBhn%_@Hu4hYML~EtgjX>kt4*KBK&8L4ulnDscLWyilbFN9p&xZOmzqXYrU9IWP|U`Ep7+@GZGCGna5IoR@Jea=e!>Lh?3mOr7PT@8yaqV5gFu zj|Ci-BDDV&1iP#!)FtS)Ev!D?UTanzk0$GQ{2KFP`j+n(*teW`>jiK9-hNP>`v~>i z=Mj@WY<@xD6jh6|M@;sxdD;X|m02dSxs%?6w`EM#H#2h>Jv*&nPsUJAT04;kp@n5& zHS=OA{A~$M1ak~z6-Pou_^J(Xv-uRijg(&aa@fEWU(|@aPe=Xae zmkpkNr&C0zqQE79{VR;--|5#I5G!0k@_zLta}rihvKwI@mkaVJZ7a^g{Bu4*he^MM{Ttrc;!$kZckckoMYKy ze?*%|Jy_dc_4S=Ha<-NR55sREmV=VKafq{TF=V;K=Z_Z>!{FT z(llCgZ09kE$Ny|ThzxNaBggeB3%ZfuCTy+Kk}Sl7GB$&BRRvk-bxekd$jMz79Rb(T z7+-K4Mr2npA}z%rFPBL{WjNG;ZB;J~h$HpEmrY14TJ2N7@rlO#hsK3Ppe*$8K%f|~ zcBL&xqKTuQx=#&Kwt>OCK@-rUAt@t-Xa;EAR+{&qub}?C+^YL)`uP z;iyuD84zT%lp&x3RPdaJ<_^<&yRp|9b0bg$_qBU*AG4o%hdJ2pLs5}Meynzj8ZDHs zm$ipVm0zS?QZNAgf`+RP%@rfa)8h@pcEE;Vt9lMet*~JqYf5o~OE!a@nPgKfp7pK8 zzZ)|I#Tsd?CbAM752+{JU?+;U?-}z$f*wgbV$EFN!p+4>GV(N!*F%g^br2ZFZ~dtF zyYZ(g`RnR#=G*i{i(!mSlaDh;yEirJugFeUf&8xrf_H7`O#%?~_+n+q3mA#;wn>)8 z!|NimG(N-nL-lX=PaA*gU49>~BXIH)-6xs!L_iJVvCK3;Rm)H)CP~Ms<_OLm<$p~# z+7D+D>+9pJGkEE2pm3^gIF+c5qe$6HK9V#{r-pM-DdB(wiQL=HlUhCeQk;BI_%U~w z1j3SDBp_iekQ>g}QfufR=mEsY4~*y}dj(xl~DS$64qP*y35R z(h<68zaQ9~+|n|B9%A25E-7D+jxbV341okVk7?v&#`M#gab%_fNoPB^4@ZeeZL@t! z%|7a#4kH*18;{|MLoydOIcFs}kx9pq*-rvDc#DcLSbxNQl<#76-h3p0-=Cj&%k>g$ z=d!+qlvR9^mC=j#p$`a&l0h;`I=e6am9uTV3L_2#wKvyUvmddY-COldz@N?Ul?(y$ z9ktivC1f9hDI%OYhZ1mrMxIE;=mVbveYU(;**n&EcoDm4< zB>k`=RO9oN_G5MY1r9~ta%AUG4)>K%N$l_Gw&)M7QZVzZ0A-By5EJVVgG>x zs{6YG_M$$;%hE@F&vYt%J4e#FgPmj({*5u{*rUSB1{J#btttN6#J@4&uT2-i9#Xs3 zJcYiXD$S@XI)G56lKGa|(6y&*xr}=9dF$3WUts+<&DHtJ$vHSV~;pdRZe zrzE6f%=*X%t)Y~!t6yJ8*wp)Clf)=j`7ZL8!LgA21lZDmXWhO)ovRL@ALZq^Iq!uR znoZW0&bMnyW^L(a4lek_=;CMz-k#h&{m6I;stErnTw)eyOX4$4<;(CODY_Ki7*F5N zCPVuVdMvV-VUUt-wIphq z{s|OsFVL6p7y0*-O!!L!*O@V##6+RdmWCzz4Pav~GU?;SzCrZ}%bhPr_GxAUjiN1_ zp%KO9s`Psky=n{r!Rt}N7B3j{E0ev>L+mStdUXC6>ljAx+}eYlPB~>D7kmN7MiKd8WW!9%Omi#tc8B-}&JH<`?4?8ef zn?a}xs&rB?3V1e^3KJGF2u7Jx(z`M~)3JXfa6|e8a;y-*Qma&L2Qc1*Yv!!}{Xd+Y z2b^71wg2zhXPb8j-hGr*=)A&7l-W#6R>lhA* zlr*9`skAfHffdoEpI)O4xZ|pkAf2i8B|{9AYeIrzi>5cn()JcuGKaYR8VDLfpqJ4r z1H9rGek^7h$OSAFl*ddfAdi|c$T#pX`<%F>`fZnBzc``*3lmtFIn?`R>whs=iieiJ zS#SewGM=Q%0enRWIohjyY~&*&$9QbR|KByOuNwaigXd)!VZTVei;3TWbD38uNt~<$ zT|?4zh9hiJ1eutiaKNtB+M(?HY->hHuV*Hn1>&)Dxh8x{VIiA*YV7|98P9^s#x+P; zSM6TNTzmp@*vdW)!xL%47y?_r zxen{q5qUQUcx)q6x?U*>~-lb73W zUt)T98O6lr?Yhk_S)w^&Rfdeq$TWk;suH)ZQ^X|C4ChLQbB4Qc29=X z1C^3&>W>ul{+Q2v#Tf~ghL?J-p4WGlfDU&=JQvH~j#Kw7@55m6>T}K389q5aX+B+i z@_Yv7qF5Yic8y!3LnrY4HBm=AfU_7dPBi}CL0RWTh#Ek1+SttUO=rdXCqo8T?C&)zXQ8^z~SoUzvwqzs^;6er~oykNq))N6$J5bdw^<-<{ zje=-vBn_3_7>f!SnHmmb ziWE=ey2R^~F3hCB@Zfd9W1+Z&gasGtXg9cu9%IrM#K?CM}?gYF*K$E6(KP|UPCmFz!oqQ(izHfam_IT&-FG4lZz>D+PL%V z4R?hkP-mDv$$X=MYDgnafWssA3IpK{zLOxps}Fg7Ycyr%Yi`-^mYZvO(h=J)P+%#4 zo`JsqCVg(1+dsXp-N)NE+Nb`h{kha}q4O`&y*NI2ex^3eN+8$MjQ+WSJ&&o*-mF7l zc&&#&X}!>st^KL>PFAJK*i&su&0g1h`plI+X>|zJuD+OR|GyVI{I?G0q~Y)^Ki4wjCi`t;i0DQxp}Zz zZ|X`l1DlYdWn;ZD)ODvgGj%DMJjU`?#~X8kF~`Evf>n%fDTb?T{GgRfjJy@tKQO=x zwxIPsb%4{P+HeFpFbIlAo8W%w-N1!4*kK~Pa62^3e$t3|>&d*}D3~PzJg~MNu6sXf z5BUvghu)t!fwPoe=rBmoT^{@=KS$Yrg`;A*m2N7m^K46 zd5jD!@yEb>rDQ+3N zW%7gMoY3t#N7i%>=<|Fv^Kav+WOU%y(IAet?le+ScE<@zebq>(R89noafc2e`F0=Op*D2Gj;G zeW9zte5sL3$cge^2Hkp-h8I0xJr?nNOr1BJIID_4Dj&k#WI%{ZlRCFX3 zS6-$Rwl?rtK*1@4XJXN7LCDykFhyYW<$LS5<~^oR1WbDmR-YL zG`EjB?z_pC&33+5d?yIs4*YlMBq-^Tr#ox!44LXm zs!x;2050au6xoueM?-1+qg|TuBqdi_TnU?f>%?3r-a)XOGsIgU(HUaC$Kbzp=}fSVYzv#B(pN~$ zSYx!dHNhJG!xn4cZw&a-7%>&Ywv%akA15~GJMU@s;<|gP8%=vx*LcbhfCBZm5^5b) z#_Ir9chS%NV1aMW@cjk8oZ;IAOcy2Eux`o~)yw$3iH`BZqkaDvWCHr&c<{u)5X+Kz z3(T6EG?7Q)CAiI016P*lezn?$k63?o!kQmvKEwOSHE2-0)98Hl2oe zY3y8@bJZD=<(xF4lSW-Bb{=Jx5TO*P0I`Q__ORBHAs*L+!Q)5Z8Q8||$#bYY>Ffxc zk=3vTw^xB(HaxXj;y?Kw>XmUuy!CHJG&R5HE*!xaILUbS3vBc-m z`-J)BQ2q1*Dmde`)Oox>Ss!Le>~_L9kYQx0id zkOr~SO>o$ZCI)oEec^W+uBGOQsi`59)`unI!a5$qnquBG<{h4wtOD%<9+tZ<_SDZ! zQ5-#ic}N{t;KOHnv?VI3)3M?tyLofvLL4QV^Le9=@P`QxDw{p;meI?^+%3^E1%Ns$ zj7KprjQ0p;l#(uNbI2|t;>`li5<7BaKVOvlt+@PIeXOioWR8v#yOF%RHhR9@5I z>^65V~ascYBoGvU(K zckGf@S=t)9<(~t$I+uMp8oK+d*?)VFEF=`XV8YFy5{~=f0p=TWfP5o9Ao_;KdIXHt*Jc>0tZT-yX861v*msB{2!c0I+Jr(mq=dUQ2+0b!%_EWNd<9Rs8Zh3q4!)kWej4)WFpmlr7<0zC5S7GP}i>#b0FwoaMSYZp?N=) z_da0FZJIV`gewM zGx;`6|JID_Lwj8q-wE9!Y2F^n`mJF7mfWNQR^vF^0e-;F!M}w5OA2f^>{`!-_SrCg z3I9KX{x6}d-wM`m$&g;Fahz?gMfcLc%&!cPS-3uKR6$AzsbH@*J-%E$eqZQ65z0fu z@3$f}%fs|C)nGJNnnQ$sKN`ws_Jp6=Bdf>_`}FVF7m&A?ZPSVS5)I6PbE$!+jK+gy z149hoi88>=hhcTYQ=cg2gygA#qoTVZ3F6@yxc*0>EDq^g??CerW0eCif`l&2$DwSU z5X^^Q4@C*FtltR%P?mbVl(Q>RqFxrOqFeV8I-=kEpy0Zjw?`!5q5*576+pandt2E` zq?%FecX@Vr?g0Z|e^eVN05aCsL_il#t{T~v{qMq-V zK|oSKID*e9n#tlLy38a2!AE2{z&TInm268~!Y#muuwK>?pDADlNM#<_0Wql{!iOYI z))Ai{)qG~Tc~w(OS9655$ErC{FzxLp~ItILJLMR<+wPcj~oQ21#sW`ltE zkU69bc)ZLA_)tb=hChA83~zdvBBq)Ni@7>ahK!|T?F}Zl$;i9Dyza|uP`iDPo={N` zE6^LhcYJ{Tri*6CsZmJdMgq9n9L*d}ng+UNy!(itxT~=Z%(rdpHoyoS;I?aS*}IM; z#)oCz9nx~A%u79$V2zMm$H<1QGg|#%ygv{bYBAR`fc!IxF$>9)iWo;pd6PLOY_U;L z*IFrtT(1F%hmARaW6hDs$M_jl&f;lFVW@I-@(kksY#%AGwH)VD!5V8*;9bW_^SFGT zXVJ$#Q-(e3#%_D$I^wJm&b}J$7t2=exhGG$$K&WF z6TcN?DMw4o)KDL)tP$Jf0*#(?FY<)Gh^;@0wY_x;JCho!PegHd@@l~*4%RNwpA{on zUrd#PF4m30s%@4GCprZ?W1z3e0l=C2(bw1=0dG^R^2*f`PLB*-hF_GePJ)7X6^u}M ze=?d=E03j`T&}Qr>K!yl6fd>!ggdSYVgC1tTeZ982)C@ekpF^iRX=Rmju{snka*N?@sz1P7Xhz>SGA!Kb{W#f^i}%S2GC zIYhpp>^D0Hc^r#jQA19g`4f(;f)zq=qQF8p8C>-$uA6S#VSCH1D1$I1u3fxcMhj%jI61}zqxf5-)*Bd!Vxay$U+Js{o-0CJ|b;X-OPhqxu+yr%> zKER-vx|fJ0AT-qv$E-}T9ODm}>KX$aI*5@hH*-sW4H-~a-IfSi(Z;E(_!ToE5I~kH zK6p|u$=FLNP-qdBJD5rvsU~3KB=aM>5Rub#56`hBHh$(?O-7kSb0j%29ZsE@=ay64 z61yW|&$7ckQe7$L9`RO+bxZFa$*+{^JyKqYPV|yOLpxUFg52l{dY<_b=EUBXE;CkM zO;=w?o9ELEOG|%8X zwrQGl>Ux0bpzagXm6J3Am#AA}Ws}!`CzKCEd$PK|aUkR5kPkw6J2VtoM-kEi7c@zZF?hcTOutKMw)qB_;WMRRhn|twoV6Oj_~$$RE>iYAUmC1{b!{ zN=WnEP&GK+j|fOx=r$QJiY}}CUFp1^)Tu&%TPqxq?j^z;_*FD;mo({q$~|>#Vl4o= zo}b|mDACxoHLgKS{zR@|K<6WbD!`}geA!e(C(Ti@wl8nZdzvw+(=zczL2i+%BZ}Yp zH!paLjsc!aVU3ze#;E8Jtw#?h&#nYaPxsk272aJ52*!@0gpT3jnQ3NfN9x*KgsyupJ;d)4Oi`wpT_p% zNaNYyj0}z%=|34bERR*e#i_%^dWW&jGzvtb9l5txKbsZ_Bch#$#)ykxsh&c0htp$Q zkUCDn8&y)^ADC%u%GDs&zOh2gL@-;5+97%O0lI@!Y1a;@ zG_*@%!cdA<^B?SO02g(np;h6mB%PjKfa)Ze5oj6rOWh1RFRq{uxaN)ls>#WT8 zTivpM9hE+yDaZZ%Cg0<|D~<_-Zb=)!1IOJVF|oCGXszM!4oUoa?RQG~9x1Gp9aAgw zIMEm8sxRft7kH3`YD5Q9cbfS<s$(9SPMH9AhgvX^3ZqPSL6V7WtwdcxY zzwYR0a<&_ogKkOP2Az#)_w@{#)@M#)Nv}Yev^Bkzuxa+=UkX;hib3Nxa$>%60+TOm zIVrEpy!kjMA8Px*qc!k8N?PfCij2d5IZwlgkIS;(J2|V*N{f;Fm=2bvy)Nf0g;@@3 zD{UK1L07vlL$a4RKh6K8_6slV13u$q@|yRR4N=APH59M3NW`{_E+%CcqIEpej9Di# z-)!NQS+|_94rAoQnD?p>J@B!2i!77ay`;aKM=388%X)>#-I84s zai`rC$h&#_*R;HpmZJ;VzuyRCxC)8o#J>)kEhGU;*9hcV(CU0{h|g_G^d8)jh<}N=rF-_>dqn&3TGE8XBFhkf}B?{=N5!* z=;@S##!1^iex7rT>|~0?H$p3L74Y!N>=FqC<}y+PDv1DrJ0<*E$&Zs*psFF{F+#vX zdMQb^owQIPk&Ihb6#4RD>2O1X24fg782n|DcD)eXErHv^zzLfJ$6q0B;GROIg(CY_ zi%%s2IL0@CP9?&cggFUXT;5541l0%T9c9jqNbEId5p_f)9(o0k~5IP$JWv65eq_B`hw#vt+Y)r_ks}n>Ikwe6H z;W6l?I&_#VYP_@pW~$4;WBP_4;${i}bA}4>;!!XWPm>QSXB$CtC@qLS#Tv7BLJ)O? zPed)9J250$ug8w0eH3ncKt-5!r$%Z@s%deGMz`_CxWHL`Tz&B`Bts~R+R}oH8Dw}=c>u+5E$O&f z>JcIj-mqtu08aBTfgGs|TimRt(=@H2|BBtd#+aqaKQyF86KGJaA*VrjDx!EhnlGlg znzxU7CK$UO<3t^o8ue9lQZX!3C1MTmn}C_E7u64qlk9o#L<-rb-r$a^WYOlD<5gr{ zQgLtpk@M6UHa_(P$6aIUQWZD#t>AFs(FlKnLFoIp^0F#h!K0P6kp_UfX+E&(nbcKI z9;U&R(Pz;kY8_RRoybiyBG(g(+-hr;>MF|sa{`O(g9`6IV%am(+!rMC{Y*pvZnQv+t6>2}he z?_>_s{Wk>Wb>wC(5}T0;r*H4 z%ZmkY5a_ln5}^0G?s*puPy7F~;AFXX3eEsv^J*GyXDiUvh=DVK@|dYxL*O@$>Yd z@|Wc1Lj_=)04Z*@b*2c0vWC#8tu?1)9lBy0MR~bc_;RYJC}fajQUOF+%Aw=u3rC-T<~^$hbqK4GQY+ zR^wdQgVDHv(U|14%q}2Hhadyn0+EN_W-SEs@KBGvCB#DOF2fQ^*2hg6hc_M9=f;(ZByKkqLP!(~d!mIuem_G&mKqQqir!@=D z7aMkbCJc)eibf$+AZdsR8XJQ24Yhb#oW@~>*9#EOw^1Y!$VKld3h3kpo8Q4(j#9vO zA`w;j-DIJLm<0-m;s_n#di@L!p%12>s6ePUlq)xuS<3Zgu69}3TuG)GS^@AX&r}kG zvhKtY-rg9EFIKQ`YCpr*&69=Tg@UKiYJ^!OW3at328XgIipy`A#Sc^$+V%SRJt!lB5NMyE)wsS z9uv<^-!BtOIFA|Z)6EQYpb5E&FmXHq23*x;;{3gb9#lS1_=IjfW(WqVr1{Kl7aeDhveF0Bv-JX-oN;Y1yw zjFFqc$!b`>pD4>i<=n$%=Blz>v0?wcWx2bYTjutIt;q0fsX7ZKqnn9?YQoora(zgZ z&RHm}zYTGG5?40PTv9VsQvhE7UsZX$CLh=2qni1nO4KkFqW8@8q9E-Av^pJkaaDd> z&D~Vx_P-T-0!k!!qtG<`hL@vErK%{t99@$WDEz=Q8l+FG$w{?h5S*$Nkek;5CjM8| z+?9Hr1JFf2)H}?t(|55v-{QT(ctp=DdxPffs=Nzg|N3W>RW*6Arb~=A$QVKP!>Y?L zyS5tttmd|^qGq`M!;aq-oT0#&CjF#&g79rDZ;%6r}9Ih5Z%eyHSleoC{a~|OL;H4v9ptt_l zuK<)h=>4_mi*g_h@LxaAAOm?TDnNh5yjk(zs>rK&besP8IsdBs4}N)SMgE89h5y6z z;r;LW3kiABzW?>1fcl1x-Q&?&{CSN@ zmT>N7g|2Ikh{r1OU?sPz!ibohJ8}4tD=TtIC3mSF>CG*v*q6$~>_mGp9jjE_(^z++ z#;Mw*P87{{AIapW$EWkXjzzWF_})VONZRrYU;zc$WMopVdJJD96tW+enzO&gRm8Ngd@ zyiJ}8^rlMad>usYvDLV>vlM`8Q0>Tc*ULeyr9xVJ^9U^?M;5Rjv=JLvM?5B9a4-*4 z%K#xHIn14!Ke*{MYF{ArW~fd#a+?v`*SD+fkTx@MIrf>2Om(;K?7q)#eY>YoqOeHe zx1Ut+Y)_l%=q@AY1z+c$hh`41e+}{e5VpUQ`F{Q2s@ly}VqA&6Lu(u0Z-U3^WFp=; z*spU;GWF%+5?sK2Lomvf=5UVMgyI+%MBg zQ)L?3qfV(r`{eKmxG5EQ@@2BIPYl|jGs_zbpU|x)4K%5`0YJ7{(vXg0A9$ zuEIb2aJEDYv*Hl>&t}8tvfi`0|Cub+ToMU+kSk8)qaH3Ns+I_zn3;e=h<8ZRBP!LQ zDo7v7r&?B##lrdF>~(?65C81B6-!k=d+(Fd{nD~r40wvIs3tsd+U-k>`iY?%Ge5?( zL;}RfhDkM1SV{;>u?jp@CmdO~^qkQ3k-=z>q;NI$1p8hE) zIutR+`kfaBtP5Z!Q+D4eNRFi3t+(p?nm30Ck>$B?Mb5*vuY|BPS2USD8tT20TsIxb z%pMSeYGyaKwYaF7$+QsA1P!!=PnO_2ifE2<6=YavSStd;@b9|6hjTZgO=|oeWxK{0 z?j`Cr8x(A3Jdg#?BNyf=R%$v*nHCDDnXZBl)aSu1{iT*ljo9a`dWsc!;n)1Ump;N~ zfN_@AK>upRL?bz@kjdTxWzg%H)@t2z(9}|o+Y1zzvD6bV9q|b2u@FIEHHyHJIX0Gu zRsJ#Pqw}>7{8sXz%Mcn!ou@^J@X1_ioHwS$EwgSJtRrg|v#4{v+WRDTzl<5?qfUr7 za)exTOSVyE@L;d^4P@|I6_$&?LTXJ%u75vXy+n7%!vo=a-}S!}eK+`yR%#(Ey=Y$s z#vLvBxtje)&74-uyh02r1K-L)vIhpj!_9ZhckTD+((lUm!tcwspx0usr~Is~dRMFY zU8}12t@7uZTwjwmbCCabO|GnYl~|1(kJRLenr!Lz8U#fosv4u|F@_^JC(Su9Zm7({mN6u&_G!#`>|q7)!KYCvIui~=(+EJVr){Rd#2Ds%BKnC> zRh<>UV(bFg-Cz)7(p79k7#27w;!|{MjS|Y@d-cdWE9DAk*$j~qlve`R(S&tWW8apu zogo=wwxiNr=<-JRJ<*7uCraJlPG%tv&d1s{S#`)hBx@WI4c;eR_ltL*c=roX6mUqk zrMYeHMpt9>ER$?=uf3nR$;KI<+TJ$xOuMFFB;olQqR;5QnK=-&F!&joCUym`=ZClW z-XpQMI;LVOyaNOChNI?2-y`Dau~=^Z?6E~YhMMEsaOABpYi*gWE{_GoM$(`a(e<;mKp>S1zj6!NrV8Z%DPorzsWZ8Oaey`)^v zl~7QFsA9XR2>~-KyOV7_rvw>T$UtKQC>aWqN`P_Q>_r%AMM1N09%8>BNCa`Q1l%4I z5tVW{SMQ!tARu*$F{Pn}!l~7$MB3oCsZ%=CV%gCguEbqrQ>S-?2r`xeQ97|KZnc!2 zVsg0+!}t0S0(~%CSDy%XAk1Frv(AG+dBiF6U|1{QY1!2I$u)0HuDPPsKIpEwtZ_{P zTEb52jLi4qVN1J?x&_!%o$+I<)a4!IrO?hXg$--Ll>|)_pUdEaSHz(vZj;S|Yd))Kxkb!nVlEf?4bfr9#{8}qt#=F~OT|YOKl#wNKa!*5QjsHNP)HgJ9HXR1 z=okcu4E5j-M_(&)yi0#X$`VxHIPMYOwsYfX3F9e79WX8pxr)1}g_JIXld4fg2fcn{ zAlzrjsh)2rP6a#)3L6aLKC^g46V|Xoi20&z1W}*}Pv) z|FdN7_R`D9JTlwjF+pMAzF#ogqrH8h@rxuCZWGy*v7L^Nr4<4qs6PtL2VwZnuoK@v za8jfoqsK+zu~FxRVAh(52uGVI%pv-E@HM$#OQ8V76{K$o!kfwPDo142hGe#>bEU!v z$DEyYBU^IC##-AiS`>r}gAvwV=2FcQQSl+hwt8dYbAs^fpp!w=(n`M3M^5+PfwdR~1Y`)NMMzs%QMr8;5 z(VB18f%SQ^DGhXvE)DjLjm&nOnKQkUH=1N-*%`&iZdTabZdRF7nBFq2XR~6uYy8A< zZ5wB1PM*D)NpBM2@PKG&+G{)8-}<4=p>JO)k%(rkXUB2UiGce>>=->nuU`z8%Lk{rJ*Iq+Pvx+`3l z%g)bxTs!-uqT~5b3dJY{w56wHY_(iFP9B%w2{{-G>z3<__lA%5`Beu018@ zNkMBPI?Wwn=|3f3a@(cmo;qjkUf!*|Mxr6HYa||$8Ba>V{nkDuQyy#vIIVIH!yb3n zj5}kC5o!`&#q4WrvOn+k=iNEUc8A;E|1)Q{Ju0Ig6Z5DdalZ>dg)!fd(&w(tHy>stmp$8&=H z>)p0S$u#Ubc%uS?C;ti<3>I%lt@O0WGsHe>tXFZ35W5OWAexK$l^t+axb&O zBcUM!g*qTL5NY!8WOElrn=GX!-Z$~vBJc1;ZYImFwlXmHXvBIXwjWbj|h5 z5K%22VeFu)>!V6Hgl0u3yjpZ~XcmX^Yto(J+~*qI?aN=o@>)#t1g##e#r%waT3~+> zs7&@Yp=b5?s2ED15pe4|dNz}fY~f$l{1XA#d!NzL2g^e|UE`eO?L!EE=EBfiLFTSb zb&Mv_u}EEw+r8jkFW!Pd_@pxyc&kD70e}Vng0z#uv@$dgx?d&j-T2kdy?}CBCf-Pv zC%?Lj`>k*JH<{+(aB-X5o*cc2{)+b-cE+hDIN!u$#_63dpex$14)BedzedS9$pr46 z?>z}lFu<7=uR%=KUT4~-D=0>GRb+lmVHUW?RT^esa<7KwjW8my?G=3C1frv6=d#r+ zJfXzRuRXbnQvgllwGkjm>%UwdYBL@nn_eC|(4c3S&vFliW_6f(Bs7nO=|@BJM3{a& zG*8ivR0S&skEl`9q{-B)%cGR@n)QK)0*Imp*btauWc+nQxHbBVY6YkGx`h-mUcQJ( z#i1^F)0*QH0|A4hoq-ag_34nI#J2RHEnQeP0eF z!dC7kIe=+43bkyH{F5S6uvimKF_|w9zmEqNk0yuZGeLNQigd&8k5q&AMM@=;MyB&r zw)>m)&++Bw(9?Qz|BZh0f}ebxhpc@5q44t$X*GwDpL@yEeD8VNv7@=3F^>6O=MB3< zYxDHsO*azLeamMK@U{c#Q~mf_kWbf(D5_XB9phS=TJfG#2%*I=n3y1eNK?Oh){J2` z`XThxiwGDn87fpzKl=ySuP{MsHR?f0QvgH7=~XMXR?1SdVnKS6eFM#>VNhV1NOIW*8y0{3 zhwS(51fFnI!%nXvbfMujXltxpEAadOZT8)l8~1DePLoTTet}7i`)Lvh+U00FKw^kW zNNsp^Ll+@b0x+mp#@dfVWJi!w%ft?)QB?@JueW#inNc95_4bte!rs2V*{0H89W}+t zU7e<{CzC5o0>V3{)*{!Esopee+fARb6VfCG(M`JE6qheSGQ}xzJ!&ttr90iZTYGce zxtruR&+X{#>=LBO;Tmm5$Ca%8LiLLixyu*Oi}zJz`D{K~jP`wnk8Y~b5z^n~e$ ze(U?2eQ)6VDhrm(q+A^U%30qEwH8clJG^%YG*GZh=aqz(#uB1;9Kjy`!6@-t;sNiY z_D>rJa`_B`8$%V54cmhDrwHkGUt&!d4EkObF9Wd}^)ilvu*;4>C2yP2S6~viy;Bl5 z!GIlY27AT^V>06l#+-o6p#3nuqW3#R606sG4l4rb;ng>uL2VAlSda&$8@$86EF zRj_5-+|gT`xzW}de5`ZHH@6M8*}CX$Y`4=$H%$jXqjH~)?F-wP?dNW{1>Z;Wsqat* zMFb{HI2N4d3+Wx$xue-3{{`jw+d|Y`tjFx^?<6}Px>FV$Wl-O^hFwDnp+XmV!zCnV<-?9pq) z3`uF&vgWpfVSAFJVBc}(u1_|EKjaz2s-lw{5rEpAaOJsk4olqyrWe5;+Y>ti1j*-{ ztsvk5tT@jn)4a3kpGj+&P0L_A5aVdfe%^Vpc{K7+_Z8;Cd}-KsaI?*B$#*Qj z{U|%e-zNFaVBJo)9*Dqs>enLT6yMlzC7fesuf{J&Au=4=_|>fJD1U&Y3^U`fX1HfgQ9kV9c%ErvSQ7|`6~NHLW9K9 zZNVHoOMYVeaoS~J@m*xQv=v*ypP*KW9W46g90Me*^wYHX2%V~AG?%P{9T?vwhh56) zHvVW7wNm3#W38Df&F@p#-Zjs>?r_?RgeG}~c9LFUqW)p2r7@I8Ce&_DnoJK{`fI4$ zu~u?U;Xrpl;qaUwyjN;5#n0u;xUxXo>&#fr(&7kb#O7oTn2s4rWV&FZ@iK8q-H1Aa z=`_}y)^_78$0U6+m*MP*`pVgts;XtZNqz1yvM}4 zt8))=1~2;r5zQxQ7T5D}Whj<4v9L7e`Iy<~F^u-i^J+?9YF-f~t2p*Nd?cr$X_V|yB|Ad59&t*WX*GU_o$T0$@DV>Ei z?T3wkX=|%$muD`)k6f-11YBz+vwLt=xex~U}8YKO3tlOt)6)Vp?9t1B0{_}zV5|l6h z2)uu31<-=LO(mHS=L6_o#6_=-3>&X7)H271!SlnyrQhe8=G;theny^7ZZJGt`eW{Z z*s9^ue-&yH%7xaPM-#}cVR>-~?2~u0?@d7Vpac*lY3_>}@zN(n4b#)1^xGzUMmHG2 zRC<^Jupwl6uo*Iq43j4Y%W7RDD%RvM85h+`f(6t&6HCqiEMPip@k&1Z01BGcsmDH2 zY+WBX-A1%ymyA$xjbJJ3_1aOinf`fZ(2OsSBW7Vt>&QmXG{u8ffjzC^f~AETF4(07 zNY~0ZM;e*bVw|5U_d<(gJ8Qn48wRw4xg!kj4ZSu@*$R=Y(jsbQDm4xPPY3BDGsDp% zRH^j1ed>uUN{h3QlP2A#%1^%NZRBaxt`dC@T%$t6VQy)s9<|Ho(^@Q3Fx;;tm-b)$ zT<7*A+}YUq=CF0{QGb+rF{=y_zXN_xDYg?$q0aSm9vf4_ofL;y!`GAeWVP(UQnXT2 z2eHW`$Rd3OP%m|#X=Jjx0m|z(xB>nu?n~&F-a7X-YQr7lnrPrjX?aR)(_jM!VjEjZ z@T6p$Q}My>%+A#LxwwW`Q4Ix}=%wMzW$AOCavZQxa4ihKkgYDvww$Hb^P2oBD_3T9 znK##~>hy~=PL&0k$$f!l)}5CYM%OPjsZ(c|7Oo9AJ$Zj9+*v#F^(esZK9yN+a-)sE z*dS01$I%%}t3&FHrNt>|_bMUeVNfyyVMjV27qb;W2duYI&=yy;mm=HceF*0w6$H69 z@CFFW#cn}k!k}>I1XP(qlMD}rS#{E9ovAx>sG-P0jkHyrKCr!UtF;aBB%3-WKP;H^ zy(pl59l@jqfZlrnh+l zSvN?JO!@y%D!vD_hMELm2UOWKN5dq-&UDp`(+iUkWv+k@Cqj^7=5b#wPp1Z-K>iat zTx!ZoG?~G3%P+ZQpk=gajz`3)lFU>LT(aea_z*!e)`i~AU z>c4RxgD$33pPh)Z6(R~nNMNBx&x-9-gDEG>k~L|f<$N2l(mggUG>h}ESF zl01R<#2Mqq|BiFrXWVkMTgGnrO--|GnlzCun4^(15L0p65KciW;B3m&6w}<}6Y&{T z+hM#)MAx}h(yI20u3~qtYscFmKHP;(uq3Vl%I2 z&2w3K7F^)WGg(GcOj)FinX?pc+Im58xDMY(%c`cR=ojN?*;%Yrw`MpEGIx(B-MT}o zqyiz(m1tl9+)h|tRAV+NFJSUeeh!-A=jG6_2CDZofTwui>GGw%;#a74c@ApBB0 zmgpPkx|qpjcSI(7F|Sfolv)59mztx8f(KzTT{E_+oNp8y?8T~lfnoA$QcXsV|gJgMz z)LPB%Sdy>YMWGVbvNSI@P_UR%S!sFI^B&8mUrw7h(&qKFe316f$mAAeoG-V1qBIHR}n`t1!ut>mv*pP`erh!Pw9BX5o?P#NLu zd~|+(LR!x`j(Khad7(9Z2_RNxKKWh7{7Er03}r5HH)9jpCR0j(7x^kO7o=^YV#uAm zKVp|3+>lSGY}SF!^3rVC~&V$f9dX0D-YWCY)IuEl=uW7^G3=DUz? zH$%}-k&z-ig(w&;`4Rz_Vk=Qu*K^^=`>K9#Y)5D3Zka5pkFOL|ft+t@>ojS3N4MO_ zEn`huUMu-3Av#c9pHnzSIVH=wZPYFlE|iZJr-G^S^{C_?ljw0l1?x<`QVifcL=+kC z*I9ddR$k4R_vuEY5G4#IkE-Gj(I)V1L?i7PG90yHCaFY} zm3km4C>5>K>QYnPGH^?3NGW5+FNa626UBT;#_e9+t>82>#jJ|>ps*)iJAX*E_J+sL z$(VThF!ZE{bbif0C3xf3n}Lo@U0wn$zG$C?`U!Dc%{W5@kx{q|sWvT} z$d9o5lu+UN2efb_lV$Hre-un!e9R&5i2&Nn9SWSn`hSi8Pxt}7;pDd*?qlDvOu-a8tTp?{jy zdZ9+H(1|`Ui}H2`k2XpUa|Zb9sE;C7=Q-+K1#}5;7g@A}Q8Lqz2cu@FkY`lbIHIev z_^AP+62c#aT^tRuO^tYi+PDN}QNHW!*2(9G z+S!;exLJipoMrNvG1;k^Ho(V9s1TK$%~nE&I$L#s61ZE;I6a@AlwAxQHd`Ve#t{Qo z$Wjs;M_JurSLk8^oOJt3L-?zAB?;3>rrX2?AOWf8vjX5m{ zziy_vy_547Z<<=Gd8tcEmAjxJ*0Qvu%e=X%BsY*9DOa)32fz)d53!_>xw9b9Q{XK| zx*=1a2g8)fQT^apw3!b1ZIZ!wZNXD;BJ4K`)rRVU#LF!21%vKo)wHs~Afwu#x<+M9Y;ik$qvjux5jbv68&J9g>)}aKX9rol)1HfTAfu3B_?92C*x=oh4dKj-fHgz^{2#}6%lPV zc6_RqT3HT8XlpR;LLq)dp3moA1m0PDP5fpXMHAggZsO(UydX z@Wd$N%3Zs0uUH=^1jWQ94r_OhGZq{iGmWV7BZwWH^S|JWWOB^;w0|Fk?BJmq-sYRNx_s^Ef`}7=Z z`JhE!Z83i*9Go!+z7@o6(w7v1%YjVEG;3Qb2{(<18r{>UeW!F<0+Xz)XNAn`YC5|FUrd6vQ@NLRn+!-rNnIIR`YC&7z2h$ygQN!eArObsT`9+CqEGn5_mAorUvasY`T#_r2 z-z_TTC{2s+o@!0OfD;!#InJ~;vVz2D4s$ynjqvJ2lo-ugU96LJ>}h{#E_0R`tRT!$ zg@;lUggZ`*I^rr$LagFZyP5)Z^j!<_hp0L_aIn5nJVi0=)eeVpg=w0Bf_OpdAj39C zohB52rW48LGCSjk)1X@8l9W}{%N1rS+cw*;QNX#tEdigiboG{wDyyjlBu&ERnAD(3 zOwue_hoJvf&n*V$7b(u10BL(>Dx(yEP5DNVeC)Dj@^1;NuBOhZsx&ybM!JSn81aTg zoIi_g$Sv7M{&PXsk4d(<7vF^Wob7E>WMC=_=i!n+WJ4^apNYASyeq8tO9F6duTMr? zlWT3|N+1e9b0kMB!{g;fxb<`8PlQ`vV&!rO!`jQOxy%YzzQWpHT62ZF)~~F+Qe|Ws ziKqHZxHYEtrl5u}mrXrab%D$uwm5<4q_RD;tU)s;U8E5isI;QR+0#C&0+2aZnr{Unp{c7JdjWkWs0NvBt{#Rs%@h zvcY?_d+3pR-$>`uv@oyT^Kku;3x#owl5T47QWF>9B+9Fl*AwO77^;$XLf%?VcD~eg zg2^3KNL{UWd4-w8nip*FGLr=9gFwh&J=5zdI%7c5*2b0b#BaFrD6TXllRwGfAjNPE zuX=dv`C6f;b1?7Ol?JRF#Iw#xyQDb5nI5MOAFXirxcC%OMOgv7i^6SK`rsjx z9QQa%F@p|oeL>9gQgh3e7bN?s^#=f%7rEUPaFd+KiKyYoW|5YiB6 zOx`H}Zch%7+uWE>_u0EWv(mEz2;-IT5hFiA-;m&1Pp&pG-L07EglA*11Dz8Ogt`sIm8V0tYO-tSyNc*s=Y#)~B#B0YXK8e^ z1#ps(QnR&PTT>a^VER2?mZ${s*O#HHF2>FV^n~U_d|jvM0kM%&8mpp5n>RypXeh zN>r~lChJ9>9Ba+V);rr4=F12)#}*=6AZLaMW*@p2qa)C5&d$nrCI@FjY2j3`Ylz7fv@ji4o;jGa8BaPt zcTno0#1lBoSCyr6W*@q8|50#C%g5tm<^`$4H%;B9aZ0o@T4TP#O&M4op)P25qg#3p&!u*H0PyRo~q@MEA zUy{9*%Yv#vL3aei_iXsFl@CejLR^hP0*Z9fgh0d6T2FSxO0~Z-dz$r7MeoS%sVKL2 zKMp6>0di2e+g_=0c{Io6VlEP;PuUhfNMN=m)`|3AROi}0U4#VqOo@-i zq#;MJk0wL(0vsxBrtt`Ud^+(NSIQ1s%{PxQepG{_?h=h%GJUGG@I8dR;v2*+%_hbl zS|2LN$75*d`7&DPgic+=x(Ib)kBU-4 z{Wwn@`&IP?I2;x7G>a7G>ti^>!gUPqK?oVfpGD!2EDU8)_;t6O>6SfiIngb{g<+lF z{QFG1amS&sl3>a=2l_(|py4xq|g+U>DyZ>XGmoHD<=9Gn39!p9cyeEQaUR zggy{rP08=0JaQ(krZaIZ==CdY+$lo>{WH+cziX#)3f>p4JtZC>b5vzoM0zgSSD-Ea zsOCcg@z3Ew_(vcaYuqweXG)y(<1N2F&-S ziNaaHBb7t+1-VdxXSddl^CvCzWsz^)GFa&6xMmi(Y_m~*lHDkrRNW|;luIoz+1ot% zt+K>BF-*bIf9Kf+L3jqtjRGdud%^9>I+~41q#R}kEZ3Tx5rUOSt8ir!4Gj6bF6d54 zR6RZ+!LUSPrErF&PUF#$HWI+FrV^rbrxV7UB|2Y>cgrs?fgi4t%yOx$5Lqs=Lj2|8 ztq{9h>dx{XddNE63IDQAnA<`7*`pK*=`O+9LCW`Bd`^g3~?n9 zMV%p&Ax1rl)AKOahzXAVrA`YH+n-po{}C0axSi^C=8F}y5z6ejZT9k50EyvflV!HaBYRYKm)&Gfcx~S7Ah+q8FQIJ|5VE9ku-EIJ>oft*wc9nMwed(A z{iEHjY_R#(BcKkA;Z*}pqmFy8-Q2yIk4er6>oxBH)f1DKb3fR;snK69-otV3{bs6*+d0~LaaflT;>-PkUjr|>z=-zHN@2nwA%s@KT>MSwZ zR`8Y(j|YN1BhH$GXvC6At16=^i`4{AHuw->#(7(^O-)IJfc}Ll1Y{OcJa?7MNxgyJ z$LvDWJIlY8l80yarg$=nc1=)?zK)P3B{o9=ETQ{3q3cjKmGiM!mFQ}Y!__fRJVd)qVDB0;)(ekyd5 zje+wz3QNICG2}frTVK(>6=)3xsPnUjNRtMGo#@?|b7Fqj+a5*{9Sr zBoo%CE|0z*@#veTPC(G1q0AwY_D6kyX9VPxy?eWS7;&ZB)(nZ z#bRz3z;V)imoQI}t+|c$Hc^mz4!MvgWiVk|W=vAJo*Cg8O7qCmn!!ERzgpG%+%GN7 z_^agTA3ga4&gk^Lp8tDb2WLI!$@BVs$n)3mefC`{w7LG_!4!S%pdgB4xY7EZJrWdsk5eDrp5T+$IWB7wh@YCvSBEjxPpU`Z((y z3tyW3aZ~Zxt?}dx%QP~Xdh0c&6sI{N8F!)q)r7!9csxXyx{H#y6bMttmfd8XC-bd! z%NcID%{qiAeGVsEN9j+pP$n7Jrdff_0JJX#la^P>y6MR0iKEmDL3E8TBwk$SYx>2B z#-3($#(71|-F{`UPX@i*>zm*E@<(6p@Xeim@VL(Lt4Q|r|6t8yRvy(+uv+td?(p1X zbc^Rdu5Y{ybb$5!rW1{_S*3a{?x*Z_j%x`g6i(L30`qSdp4M`jB1lL`w1`iFxAt5= zF|C%C&YI&GQ_Oox!p;-mChDltczv~9QZWYiEKVXs+G3o|mJt%S;WEdN1V+G!YsZ=Y zT{{N<%XU0HjGp%8IbWXj4a+l(cb+kS^D8fr&*f8e#{9$AG@h4z^NJr3=%_*@E%=^G z3OW`l%p61AY1tqJYM8xDSyJ@F?QkC5lDOFoD*w(Z1H=+>Ih4 zWCfzxhDdRced=AF?HCAo6}2}{LDa==q%Jl*u~Y-pyR0?;Kwqg@S9POsXO`FS@UrxEb zk=EIl!1=%=KeH#F8p^_VG%6KK9=RDry4w?VHW*%bdJzv`kNx!C3o`+ROgE%9MebAl zn%2fzwL@58k!%(QNmr$ROZf~(mjGwaM zF$OK|!A1q37GxQX6zg{{rr(adQ=XH7XQkzIiN;NtvEkTa$&HW3m2^*Kv3R$OT`b{! zVpIEvs5kPol22P;nWkvl=1eM;;T%z~@qK7R$fvU_Pemql2hLBzcTM>iU zU8)OZ!dj(9onYYsB%`_W|51UKvjlnD;N(J7;5St7)Q*k85X~fEnC}wJ{zP{A%yTr;;yWJ9Q zZFd?~7}z^?Knw~%K)Pr~o6Ha1H-+~Uyh6*nI6~>nrZ&@|K;k=b<-KXcIei#9y)E*o^EjFOVQRII?AT;ss@hbc zP$+YdR>`MqG_t?HEww|0YOjOmBD|&;V|wN>_#@nGVd@9GFPPy>%t;rv@biSYZ{iMh zCk_pn${JHn-NGT}YRrai7}XG&`B4qoA44KRP1~%~pr&9Q4BJ*F765FGCyYxiL%dgG zX>>kDpDg96&M`3w!VDPfWz-bGZlL;?a$t=1ye99ZLX+A?%C=Jl-wJzGWf`Zcinskj z#j*cI0%{K|2w#GQcxUa-1TEhosW(tPkpT)140SPiPo(DwO zBw7ifw*?D5IF)6<6}5#BGqet$8fpZ%`3-x}e3q-(bt!OBa*b|XWx{Jr;W*>^DzPcF z(JM+T{|VV4=(bZ{hca-66jPG%ed4<~_b0GY#kMEfSzR)zUna`YdmYJ={F)nP;$tlNk!j;{sF7XbpFlpuW*CQT8?gdu#+RM(=eX zxyMAMkrWUO(nc|(a=f8#F|Cf=>U#s&XIDbClxsI~D1%{0NHava+hPrJ&y6q{z+4DA z!^2DFF#SMa5Jk5ktR6~AHKdtsAnGTCNu-#m2GMA#TrDbVamlvBfUugvW1UDnw zscpc0iEBM(1ixCG_Wpq3Uxx{EltPWw8^J%*9LWdfi;%inAvCX9ks$rGf zg@}(vB`X5@_^_T%Cm}!LJ;TX+(>IWsD%uJr14GyzzSRw*U1UcuR8=)}%R?3-Bp(By z0lm!xqx>ADjG$18pwYM5&yXP0%wtqB!z&{W>g5KlYQKNOMV~r4)hgi_-?()P#?uT1 zyO|eBk*F>4$&k1xNtD=k38JOleQ()Cc9mUr_Un7gUhTmw-|lVp3R1u1Q9wXKo8+Uh z#EOa&)X=?@%vzsE2;x9X8-WB;8vP2&6i&uht-N4?lB;1Om9Rr(6A%TF8-cPf5djgA8zC$rAR;0~ zG%+F~MWqxK5y}7kdCp7{sP^CfUw^`!nS18UInVlCKHrV4SRhV#X!p`?1@9pxB(UZR z49)y%2zWGtzEG7X6s;h?5-$siWR$<0p5UVBELH*w2Jv{}EWkGNJ%qRe-sqS{zhfE& zccgF+3?y*Jqv$Ji)7juUVQdfm6QkH&XDt5P5g-~8WW8M9=3##nu3GNZ<8mUjfZ{8LWUILXx8$zW|DnO#dN z2e}2VA_dz-Yl+f%A#)bC+|z0}i%K}Qq-9{OC_4jnMSb!ehO^vSd7FHsm$L6+1*$B` z01(?@21ojmZY4M*O?o0DT7o3xN+{KWQDpKyn_?0|-nRCy(UR;4b)Wu@;m6xlvX7<4 z#U*)-i(R*<(#2j|xIEaaH?AETwn>w;D|;VL(w-h~B{&i&4$UMTX-wr-ie1i&2Q80q zyWMZcX8wGeQV^CM&MF~`)VA$SgeN8=3@7})pK0uFak&905@W7I6{Qrq#_x;>B3+NI zO->4J?PASuvK3mTUQ$YvPPot32e?0Ih&@h;;MOqBd%>j0Ss)%`c4e1~_4T+ZJMdVT zMTIA)PPRLnp-SiVBdGN(q+$8CRVoUlYwGAYEEAYzOr>X5p!+HQaZt=))g(5(?8p=o z4olbp3zV1u(SaIDh{^A!jD0G>09z~RKCCkkGkq(pZdM=@!RYWv!& zz`_B|rz*-~I?FFrllxthfx5%Bj(B!%n09YC!VQlI-ZRp@AucQ38v@DXH>7B;ZaCsS zhR>gaTM;c;5=Gcr-P_DOL1U+ly%m0}0wC@SnO~7#IlUe#;CnCdSB3WzAw5`Xz1zeH zBqVRUSJ}HqTp|fBwe}(->E+(~{?e}>=e@!EjhOtDhcNheW1dIgG-Pdh3B@RYw+G3)hySwR zZQv3Dy@#KIxW(QBLEyo6c{n&8I*EkS{1YH5rL1D_S-w^8UWCaZJ|lkQ?`L=3FYdfw z+j$2^l|35_9_${;0P4*%SjCc8N;*9#H}w28f04A%%-;If?uJ6a`CqHCa_WI+cHUn_ zmU4ajYG7_hj012t8!*yhmhsMp8rmCz;dOw?vG;ilw-<4SE%2iNVZ(LGeNv}%#VveW z0~uHkHPdtLh}#;J-S=I(v+o8 zUYb_AI05$3%~fa}s)UK1?axN`F61uuYvJ&1IKju>B}w32&KVjCa{8Q84f0RjhOXyZ zEencmxdy$&-x9TgFGr-_q7`4G_;jRJB;Fd(Bzsjfd^HY3v3E`yc;`EO$^0NPPr|X8 zS@)@X?{$2ud*3F!f^RC$37xT<-$L3)?()7%W_>Q3M z;oD)Lv3DhZ(U)Ju=2r+dJkNdVKJQMx)$^#~>7Mrl@47z#U~Z86x5WH7;r>5K%+q+< zYe(M5clNu<@FR)te;e4<9h~7ATM~03pf}HOpSsU@oNx7v&3R~`cRU5qT-(2%n)NC7 zzAH8NrFq-W<2(D6boeIBrLlJr5$kI?!@Yl!ny2%7yHDMF6SnT|y#bd2Ef&g^y7vFJ z`-~e3=B5JA_-eu2jx4P4Ikm(yt|$y&SYCpv} z-5A}&yPoxE=kMoH>?rzylX{T6BYrytyEtKgjm90mKoWq^yT4kM6dylqrem`{w(b~A z^G&cDsSPhT-UGz&2KP(U$^XUmdUR@FuI}@%=<`pb*k($}*|=0Km0()I3+H0^xWF8}l&1-*D8_TIEUu_glwU@6 zKxuWr!e`N{;hZXF)v_{I$)_;}K`&H$wVaqHe=MI%$5tiPY zpXVEfmSAK=iOz51(&l2X9Uu%b-?sw0i7xsxuckc+EL8q0`87?L_x6A5d=ozw;in82 zFUboCAEK%FwkE+Lh+TUD1&m>RP2cj6@J_M=~$@Ok6^ zTF_tju~=65?g7V%CjAGj{kG*q23QDvvN=xK-ilMgtJMsan(60fPh0ad8$E69&uqV} zyduoxw9nmS^NY4?8!94g%O7zu-a$aI1<`WGw z>P(Krh+Ui*L4Jy|_ae4kCXg@1qu6i&Ut|Jen}9!LbpfxOWo;|ZnBv?WI#EX&ZK93^ z@-yI3{voX6wPtDezQ{e?outz?2KCtf?#XNKAJ)5?o2r}W33J3PWV#)8Pf#MXK=Ivr z%2DnqJHGZQCGUDBD2d#iWnsnthn90^fM>P6-`&}8XL=>+ZkP#DS~tKjuCe5i+Gk@x z8mV`>wCZepc;{j#> zy}$-juRZ@b=Mi(RdhJ=HF7nBS4f^Q>AeyZa7xhpO6~YADFd$f9+h+wvbkA40j)|5Y z2*QH+jjWyZ0=vxR6JIs>Tpn+6tj_7-84|l6gjatcs1u<$E8!THiX2l_`F0VLAXni= z!*Pk66B26u2IilV|9hzSZV0%1NWrco|;9~St`R5RH;MdVf50qh_AEM?RDjh7?(b;TwaL3#NKI%R%aL0-5&JViJ zGu&}#yYp@LIsdk_1))D#PT~!Tf>+vqN&dOweF{beHtx^NeHqni5{oABEI%sDLn51W zK4z>`YX>EJx*p>uXjSaJ5```IixrFn%1#d*$6q4|(;m1jcj`-ul-b)hlS`SM^>Qp^ z7)XQ+#TM>P*e%J1lca%<3q%!bIPNFeAm-D8pVcdP`^a+GU#^r2)dqJbE?YNE*#^%$ zb#gh1jNF^9#6ip{D{BpP<=A<-T0{-#f?^5^YGuyu;k-34)v$r7@8wZog@j{S-agnJYI=I$PoIbik@mmyetCD=B>e%F{0c4ut>VljD*S* zHNc%hnG^F@5~o1V{7j2{vq2gaL0|O|6xFvMS@fbk&>)raYqjw%7ktSaYbTo{%d1#} zjFdSO0oa^{mnYtCJ1W?fbEhJRo6|_}!a1@Lapo<-o6S3e!^{!XWD0O9@y+fmblViS zhyVElTz9B_BSOyW&+ljs_W!Cwn@a2u7QfrwDiuJMe~dYPuq)~_q7FELjRre-0j&%a z70)mT%AOy-FPX1YV8hS>f{+2^Ba$I8&cLk^`7H2(vO8oXD#%&Y7M!CMo0!E_mA5!K2a4(!CeY|dc}5&=LOW(MPKvQj z7&pNX8aFJd?mf>%>GS=z@nuLD=a7mVc?Jx^4xn0sS92Lom5EiC3(OIPGiBS!Nr)u? zRYO<*XXG1I;hg|U9ww1UsUF$6c9ybW3wGTCon@WcchRyMeU-}(E0czXW&;1nm39>p zp_tH5sj~qWTD9>t<9?Iz&h&xLkN@9|_*q;o6Ak=`yasM`N!H>sWHBQ$IBc=;cAhy6I}!_psmVu+=zcd^OFD4WzO;R2rw<4Yntk%kL6sn6!3eSz zQRZ@Dn#20|hr5~kD4?jl)M?ryrnE}WCDvfg@3RcL$fJ7Y9so8 zH1ka3pJB|ICOyOWYfSkxTx2_&Ha*jXoOH*#xFR}3ni!S~IpDN@;`_hy&CmU0!kiuW z|0zFX8-jHJ&&_NSAoAY-)gC_!H3UtDs1*R2b3k3R00ByQNuY!f=L4%$6x!q?W}Ibs z$bYj6v8A0)W47+{Uj)d&PPE83`bwr`@BfdRUHG}2X(V#~xn(KeHN+}$oF+0`giW3p z*@)W9u#A7s67qlalAUv|7Ajz@w*6cHZd#~~|8ssi)5+D0E5xoG?w0&XGQha_<*@X= zcP~8e+$AT{s`t2__t--LG+{zB z88t6kON5l{WCe4oz*%S{(L_EOJq3@ab}_S~a1vNv5y@y-R3+qVfl%E6Enyl!Iz94; zAQCWFusAa4Dr4FJY!EW5+hNp(UW=H+_Exh8j>V{#95dtZ>%sD)+J6&zZ-bkkn)^na zW$L#o^hEz2G;PY|x)ya!7DA-Ae@QELJ32RAjG03bm7USzZ+X@x^FAj)XCxuXM!EV$TXCK80$2hk7NeGZ8m?lDuFA_+XSx;hCTo$Ie~saRt;h3 zNZrJCG@>`7Z6Sd`Fx<@WFr3?I$MQL{LoI81mtbZ>z}2wvpAH%xLYi^=L3}~5;2l4A zl2+u;R`}6?f|Q_YNb0D%A>SkvATOW_Ycw0ul8ZPA{#Iss{X-Z=pvVv@GH5CJg`Bw2 z2|x{wt$J&4>(G-Wh(Z;34^o0gil7up2!6v|`*PizTPOMyasSJBI2x^te~7bqLDUF1 zPzP0LlX8f79TcR?G3v|RsGk7~z~7LxG6avvFhS}}{gejoD`9{-uOv^!u!hSGMMC!R z_oXyUO&y2|hWcIRKqi+o0{jN+4d*Ln`PQ>UZb3c}cxcoZ*X)ZDpo@z7mA??b7tZBZ zCkvxmG#MzqR^$F1fuXGColw$Rgf%4*kqxN(%%Y`;h%@%Tf68J)#T`HM?f`5JNH|X< zfC}E@Tmj*n#5sCaFkyCz_A+}5Ugf8V$XxRtcI?~C;UtafGe@w*FeftQi68g`y|T|F za}SdZd(vstlB<`n!S<&~a5LJ-hw$tl8G0`RLj!Kn2DTbG znj`8#G7ft)p~?hj{Wtr&vuB1G2vL7Nq68DFNdJ^@T_qG0u7J1$Sg^BGR(5_G#P**5o6@zQ37k7x` zJC>nGnCtQd5TRg{t?S&Eh_T?Oi`lP&J1u@78pO^_m}yRy-_!R zvnwV=+!c~E#;En`89!e{-nbyW)W(-tbE(~~rTl$?ete;tVeJ-!nJE9s5)w;6paS`r zXv>2~LXrQ?CQnee&yLyP39dIE%P&6G9Bqo}FKqHGKssDCc$O~@lp=_oq37Pv$hXHP9H@+pM!GWDrVuRos3)MEFML5 z+@VUyoGrwSdI3xDgfJK>+23QA?g1Auc9fR}oFH#pk|Q!vnW&eSB5ZL4L)$dT2rqXH z*ncGri?yukg6u}oUEF!RGAh*Iv$a8&dupPAX`BRhw3nkY8PB4%e3Pm41E;HH>N$&R{>dya8?)}O+^ z`y8!F$g5;26{f%Q0G1#Jaj*qpW2|uLaw2>!j%>qO?-B|4? zy0*{}47b3%3_{0!a}i`#zM{kVlV>r`Sd3!l%4vr1>>$cgix;AT`yBzE9c!QRJav4J zRDR3JAim$mYfo*%8x8h#l5uYbiHikqXI-j1AydF>i1r0$mA66Mj1`#4rA#`({9qm< z$Q2oRIDK*!nHlzlTJl5O@}rYD9jZPyxzB!Awl9@+d<2G#L0YZ8%wcsz$+3<5Hd z-csV2_9}uvWt?RJVgC|W0i^^m;16)S4gq-|;3htq$P+$AGE^8=qNA!oP_TlfEe8$O zLod?*P&7L{D8cj3;@iQzI50J|o2by>d9IsK1A4{!Vy59NefaSTh*_moY7cXq2Un+p zcRb!2YQH zF+7MJarZQ(ZkAc{9+FD3&LS^_HE_5rP{Msl6szU4F^_gJV$?BlEh`g)MX@kW#sn

    xumU(Bll$=lUCNr|p0AmM&u`lOa1R`?023bHb39222ZA(f)?RMp)BOi)) zBWr|bA~0A`nOz(xGshhlxnqwzQf;E;-4oV9SOMG+r~rtvnFQI;FmN8I7hQW13;C zXy}@*;b6of&8Z!8O}#V+kY46(zzcpt&1JKncYah^K(@sNW}cV^K0>qnfmmTzgFYes zSrDqmV3ZvYz7anv+Q_;U(Q+&%ARh;Fwi0h1V^!h9^z06u;+9!eL`riH1-O1mi8JRVuY;&_2F%UvrBh)PGOVUzoro% zW+U!GE)gvwRE9Pm<*PZID%EgS3aLI(g-{k7BnPAp{M#s7L*9i#(&Id5vfvuV_-bu? z6j}H#MImYbKKMtl(h)F4*g4WphEQ3#9i^0ZqfZs@Mfp%5$I&pBItL+szV}M!G^>Vr z#O!vNF_&t+>5@QFU-W=K9hvpfQPUAtyn}F*T1Ila;5-waYd&(mnfF;k4!hQ8jeowe z?&yCO&tz)6z^1P=-n+98Bc)=ike%&-{ zwi)rKf_#`6iauhIL{SRKEJVCSA9mO;A*;|WSRPd7Vol$av6txGH2^v*3p*r%Q@+`) zzK7X0Tr5jkF{qD#XYkuTTvJ3LxTgdma;t{$vW5uba6*NfzOc|oYlM=29hQ0!Y{N|gX7Z0D^AHAFFbl*V z)a|TLr*UD*(BDK31c-E=E2*4|UNJ%Y5KNqjVVmMLJPQMc;!FX9kPXo4!(10W!RROc zu_Z4!`Xb|h0WY&PK=P6Ucp)1H@da{c_W!~BE0%x1e5p@ePsl8oC`+6A6pyRCL@0$d z^z)1<2vQ8W!!{TZ$ucl4Ml&B#0oIIA6)HW4@|UP>P!yZeb6Mt@DorQy+nbOPp%B5U z50ZiEa(VzUIft@ls1N5dit%yQ94`)ef;A`V{UmEn*83^gJ@kH>HEVch|E#geXHY~t z+d|<&$}%YI;Po#NQ`#mc=9PScPs+Pf>KGo{uX`cX!q9|oEuWS|g*OC+66lN4kHC7_ z38cCqcdpxvJHTIrgfOwCV4Ry4u=eQ33j~Wjp-E!2C-_+>agJnKq*n$FxP=D8=iv`_ z78?SIg&!_;PmSC$)U%)FslqKeLIkE9+`{H zX|{Z-4Vl^?Jk@oP?wxP#xz?O#%b&4hpSAWJSZ}S-+0N33)s)?M*Fx0R?V(xF<%wXf z-2*2Ru1u+~aw?}J-b)#n#{;$W#u&j7@AGO~uL8`+PUqvKDQqwOcmF>#)s=O5#LF#l-(!Tu98*Db+Q{ODBQ9ETMN+D)@)SKc;l zj@K_ljctmR3{n@%CPY=c4Z;BF zxY;ke++5~*6*&ya&?O5JcLbD<~kL!hZyZELO_Gq%W=W;O%b@*Z&}h$1|ajdPBleTLx%f~f^Ak_p<$AG0APq3e%} z7-)D;!R{f8h+fZa{iId-!+ceir*KYrksHgL+sltdi-dpn&NcIx9U(g)KSMJ}I22U? zFK`C8JrnpeXqF-8h!u2&%5xYz&X<%w-Iy4>lM2ij!hw`?S^LY-I zj{x3J@TzoPy?B>bfj@A--rv5#>|^(}gqWy-{H2u3E%PoSwj)x-<2Wc#mL?3F4JgL; zW-cA*X|<3E@d_@fab8m(hkG(wN(l;U4O_ z$elV728O1j(@>-B5G18Km*TeS09u?76H$G)cfKGF$RU@L_lIB5)T^zzf=_O(Tuo3I z9diHqU$f>)IDcn6B|>-9=w6}DtXwsaZ_(cIOMwuA5`wE^q@ZyqN)9x15dl^5P71q0 znrEAp=F%T96V&5|ig32vGl^3VcMz1wA-Ox~4X3^@k4 zTl?7fAa4jgzs&P0;yaXhYndAJRk}+*Z}QETA;hkqx5};stcN#*UE|vmWC}F)WONDe zOZijnZN|b%+(fK^D{GF;2Uv`#LG~Zf5B?T6t7Gy}(v*UXAt59v5@h+6@hU@zpzwHygz^~ z|KZzp+O8rs@?4mJ0pP3>tw4!U;I^FJSwdy|LBdaAS>bSki?aLxG(aywi3quN6GRv? zDp=&t??@Zq4{;M+rUt@??Fy#OisFBEr2r$|h%if)3{$$NskGT9qGWaT7H)~yz;K-a2&@&g2tAbJ&U`LXlWk? zLmiPbut+gPFJ*PpPy4(8WX94-$a6uW)|G1+->Ahs{JAajkFf1iVD3AR^KWZ1koDX@73Q z?@7KpVV>3dcP5aLa*ma2t=+&ZP1FR9=gtJ;R46ufIE4H94pN0-)YlY)D}meP&r z4CKK!$#`kRTZgcLf`u6?{Dm&;KG-28fep5MGfHgxkkH<#4YxjBVu1#;xK#=$e*6h9Dc zjLoLFun~hXj&&2|3qWm(Lcc?f95>q{W8^0%kL<)%fay`JkC&@p*)kn z7M03i334b7%2GUp!6(u|_*~;1Lxg(|N=0qm@)7**Q14k=*vTm2!d%kPEFuvgn*hx# z3eR9)f?%BKlUa2;1mkQGkIyI!i1$-`A6|Z?yj~$$aT6971xCuTPo@{E1>@MbRUA%z{@C}Jj z;`sV`a)B`05?(R&P(Wi5%BJ(jAslo^R?C0d@{1^cY9nqCU$lXLTi@N8r_9zni1$U6x3U2i)Km2#U@(KH8qca)NLn>PEoF9@w=x?_>+e}CR&9Qos>NIzIV{|s)k^Pf4tj6FKailiD8ATGfnAGM&@E(M^9qlG{}6VU?D*O3w%5uLY}48cX5P=U`Y z_ktkG?Cqlf9!vbcHvi5VjLW}>wZTclEA^Qb|l3PZ3;JR11LvKJvc=poeLA;M!ZrcN2c`8)7 zeCAdpWvvXD9$AA(4$D%|@=yvNSed}E*}*82KTHmakkJ`p78~%3I^r-n7w~OxV-)x* z3h-K>Y2ozQSA_KT@(|VO+d=*Qz}y`K_iI9|`AS&1F*IM6qsfh7 zjk%-~8!0j5Z$>(lk23sIEP7E;>&PN1v7!y6f|H5_(1w}Cdk^m#4Oo|K8!b3X52=Yl zMtl(8b#78>R25CEQoK}15K~>kuW|%h`QHiU$Fe4GQ7}{dnq`dcH{o3p z_j>Jx-qk|o88O+o$R(@KrOxey-6{EjAU`Hd=oj}T{QP$J8%AauXU%awhFemHzR_y8 zq@4Ynb=hX$>W<``gRv3P~%5Cm00brh8&oopriOLiHJkKe%b zcRai-K69T>MxEISLFgeSP2U}m17Yljv{c0`A7b7Y?FgV5R|6{8sknM^Y%hqzi#4!! zMfE#1u)&@1K4j=_mR8Bo273am?yO!>sm{tRVb~W~ z?KXn-5A+^OdWlk1biyWt$c;$F5XPS1TgH1O!4~{A@J8qc!o7;nfie~&97_`HUpP4y zVbVniPqCVk_ARYZpRpCT`L&P^rWHmHbi~8|^h-7bRS06r)jMTUh;i9bv>3yHw=0d% z=6}1}`~?A5x1`Ca8DYVo{X#~N=b=&}CQ4AyHmaJ@AFZ3%sqbjF2G@2`@mE1{a~%Lqyv|5UA7qdO{Kp^CaGA8 zT^FsI+i9V!RN7ID#uz>k6Sgj(IbjhhE2Sosjc&#}`{rQp1y>V(ty$D1l_(!wQaR?G zN0AV7T3R`kV%=$YGFnj%memOHbyL+Pm|BM1Uj(xT!3@36Q_8&^c7h{#FW4bs?G=A?Y!3>@#QUMB{?BXC!fp2Os2>J^?%^!+?3#lyy55R|c zO6IrLR8aNWr~BSH#e_t8YNT7nG^&5R%4bC?cP?z$R5HLguzd8;=3b@OD0mbdbyR3i?VwK+0~jg_M=WL27ynxRImMiKW<1 z@~LAVD04@-yB8R0)>xT{1*OJhfFrw$cRClld4iR)d~gcjTdLNUWc1LMCxZC3TvpJh zq&`}Pp^K|!f}=K0$-6B75o;Xp7WcCb;-+P;4zi$2v8tg+sMRQS%jam&$+n>O6@j>v zw?U+_uu(d8zjW+JX{VSLA#%hZF)P6M1c-Jv0`t_QoBVu~>ENt$?PPyXaG&+&pQd45 zZSj4{YT{CJd6`mymruFh`@vtU)5X#qMe_}`yKsHc{4@)m%BWqJjl!$5;HAv`E-P%# z%#Skv;i5T=7%-M>dYC`f*~!9i#IhBuIno(%1rhY}qFHlrQ>8LEmLcF!gm=7QGy}u_ zJB9lz0h@z*;A?YvAzAbCg`5JN3-&>r4_3vDLJ5SX113=A5pnc++MXLS)|=EVMW1S+q`@c_d8Y_T(LcY)z>(YCevw(E zu@~B^jNY`6Et~gJ<+P*>YQ?f`2jR)u&rBAy{r`U#yIq%$U!LC6C!;T>SR{1f-x&ba!us1pMq=v!R-Pucl(PCfu^wU013um+J7Wl`5G$iVt~ zYd;jx!Jo4DLt6+ZP#;`zs^r*|!6H8=OGUC4&NbP3zdY^x>-}h2E{nY^9LU|a3%FJV z6*2vB?VWz}o4$XiAAM8i2P!a%vS@o{gzY$GxCdp}9vQB}=wEJT4Kjb0H@LiZ(Oskg zC2Jl2Lv#VNCK-MJ|83SRHwam7s40&W%HJ*cj})Ts7VwYEnoakO9{gyb`MrYwXd(Ju z!F9*>x;1KDie$I1i7%p`qZ#!^?MOUICkxm*cz)s9f`1Lq=1VGLx-Yp>RVv%K7Tr=X zHy7mc%5dWL8Ly3QGE-6N6$&#a?Cgm>DGsLa)|$5lWPshf>%{2ndH@IO{0C^utmq$f zCw`N(?{uX($hjoolffp{I?I&}B_Bn~#1P@sqv6+E3a~;iX3R&>`jN!{ae!rQf6!0DrZ)rbqT3 zDpit1!ku#)-F>2wCJP6vbL`xn0_4J8&GHmWce~%Wv)TPJ87cCJ0(|&?QqZFFuF_SK zQAEPoczpsZuw5y6WN2pwM2zG6$9*(OjF8{Q3K~O5ABII842Vv=9$nAVM+Z|D&sdJk z;Yeo`7J0Y8)msU^VEBb0zWqowo*4jIq##+kgit~#Yr1v5G#`uMlQaj{6NZ}Ki*1i| zny|=;J4>9jbNCcR0t%NIKvw)55dbN8R_#YJDJtwO7Amd%#wtk26e=HLWH>-3fC2te z3N<;N;>hUoXyyoZzGB!cG9O3M$z^0-{p>_Dbk4) z4jgT=yHTEa)kjNir_b|#ESv*SkKuF_lRb(zt-R4V{Vl(VE_1JM?k6#Mu~NBind~Y{k$^8v zw2}rZdm1H`MR9B1B}ANJv(YaJ@j^roX!ng_icr8@5yr*sl;S`U=<>;6mhifNSOqJ< z-EPcrw-0O)`WCrk$sLh;%U&THZH%B=j|?%&L1&cPol#!FIqS{=?~g_!1@hvG&Mqgy z5@BOHXxtG%c9z+1khRy`lxNGrN=kH-Les4OouK)UR_AvD^GIOs3MhzR>IpSb?ROB0 z%|q7QYwi7_h=ibFb&=^HhYOqx` zCMn5VW!E#yy=w)Ff)VWPv|fJ-IjN9#R{9R!EkI@Ftgv}zXto6AL`J)TMX@6%OVaOl z3FlE6QzRct^F=g=uW+48@Y-O$C~IDiX9wa}dtrW^M~r%R;t^-Q5H>Fi&8I_iHjltR z#=FNgYm*svY6CvhecodZpfI@cqtg6!NG6(9YI0B87f8GoT-!ABlW%v-S>h~#-iF8A{JZ^t5FM)iU%;B!j{zl}l zLWxEiwu~CuJF0C{9%*~)g!dZ%l&C=_j8h`=Vfeof&GFW}f;}_23 zbCSUS$o>|O>{3_A)IVP2)-~&E0Irr&S21xdY|Bq$d0QV5en28)1~Nsx$qSUo4_W$)j*Oa{Eo3jU?8Fdznxkg`W0I4rue@A1ZFUrXdiq88a#!zz|c zJ@EJSlRvi8lV<(o3U@5IW8{vf`tI#x?l|m@u{-8p=f??mCUwVM+_B=0`HjZiXRfJx z#oooF(cLYW*_d${MBx7rtwss9$Rbi;*q%wQQF|TLEm-@n5?jmMT6=dw6|~?|)A&3? zhs?=IXgqYz{U`G7c%0-?wAN4g|6GBw5Qb1G5Z$4LR7F8V{Dd>Gr~-2aDOsF_5XMNL zkL;4*+={-92vmHFo=K1_V`Z{(R-PBXP2AXG?_m+3IU{y_65mw0(xHBW>V?6;Xc)~5 z$hdB)a>VwiQ*!GW1AK!W5DNS=W1d!}C;KQ3XDKE_93f{>506X<=%H1ZQ)6dhZBemT zzZg2v|lLQzS=9r&}^_ma>19bB+y2eaEtTBvm zR&j*`ok%a&3+~kC__d%QIm*JYiO%fhy@4Pn>;y1{Jx4hft|hRG@09>kn=!%oP4ls% z?a6PIxL022kZ8^lMaER+pGa)ZuOzw2$$`8`e9si{Vteoud^7b6o3e1k)(3`qXZ0i$+87(I z4pm0+BHf=Mlt^<2SWPc;++fu$JWVM(A_ zADT9~r+nxY{}CS?x7^59tw@e4#89JLVrtQo7<|9bOcHQPZristR#bI%_TWXBArtR7 za5Wgm%n*h}XES8F9nsyIN({vIWi3f`_sBkym$=@ zvzjFU3uS^^2h!hJP7u=^;1qp>1=NsJL7R!|@W%p_XuQgHnYL!V^{4HC_ej`}iKY`H zv?QmaV_3OjCCSD39vnzHvj1KGZLr$T*&-+j|LcD5rLf5ykj_tS+mQ^)w5boJIU%&e zi3WRlr^*-jbzKodTF_-hE$?g$tfM$iyRq4sb?rnNkcg0T6mbdgm*cs43}ED*o*(@! zV3@^pxZwzph|oK|8znz|I&7>7&1s?Gi1dh~tx#tX7Tm)~vW#S^_(WjP8YShs{zcnM zR|{BOaz3R)Dw0xTzcqrku8eVWWMM?_kc5>pTo;Ey8>G0Uu2`A6W2`dviMDaI>od8%T-%_T zsu;tFjRfO_Id=rWoum({ah7sTPj@7{iH!!?3~41lR=iiCiNxP3*jQJhmZCYMjKBbd z=E%iLv9V>Goi0$Erj{ZpzYVyF1Cc(k`cGCd+N^t>73 zIYSMHR@}zN*0u=UVdTNjxpCƎE{en%!=0nJLk{n=OI82;N%V2fNix zpa^R`>V7UTgfs1oh}Y-=>HhYB(*C2~^GO<+lM;I}h`AyNKnT8&*o$zJCtEcQf^MX- z5+>O2*El;+af!sIUyDn(#RUD}rWSUKM=PAFM_f!H3sPbc?6D=5GZIW=-S!VrmIe_6 zD26}ENQSJeQaH+*U26v1G?RTABo?n1Xo^C{(Oa6i|C}^u61Fk=EHnx1O1&;Z)y)Z+ zD#62Lc)>9}Jft`1K^S94$rnS@TjLjcxuoMF2;w5_APn#F17@{G6yn70ijQ9>%<+T3 z2AhH%-7#~=;zo!^QOj)M0@K0=w1qFw4)-V}`ZDkKH2ZmIpAjgGE{Zfjx^{~&5&tAM zQ^sFw%mt=&p^2Wt^{Z4AM=cd1mo|{?rC7;ax^W%~r8&W3e^(PWY`BNubyl2GSJ3LzcL#%mq6$!A#E>5LYim zzmlYe^4{DQFQ#x|GC}Zz@{MA~kLTs;yR}bQp+Ia8X{p?|#H8G#vL?&CJDgc^y*Wg2 zQN_h~*vdC-4+cMQK@}!qL(n?kFJ_kW z9P&FIi)5&QHUM}{?|CKH`o0XVB$FmXvW(8KcUg@JVf+YCQK!h1WQ?vEin}*4LkR>% zHIaW9AJi3jvN$H-|H4fBX1!l@$ErI51-Cq$ozL zRO=CT$LJ&a^C75`wFO{_>GumYur7w3MXnUYPZi`@tNFtppGyttL&^5oQ_6aW91QNm zpR}7rcNsQX7?9v7L>5t9Hd*mBg;G;@k_Lt?M_`8CPgzn;mG~e)muQTVU=)~YxbDXG zb4;9z#iSdb&!kGP>IW_f$j)#-rBV?B5D>M&nRQUQ4&WkFwS+i+OtEkGJu7olfck|p_Rc}O%ohL0uELnQ>l$jfdTx_s(5x|abj|v`*8%)aU>)TlF3>&>^8cp+J_ZV+B8%F zh@^}qP?Xi!d3D@*3nuL1yS;}geyN#e5)j7%3LI$nNRCDo%bewxhtMVhy}6ErMZ9Ws zlCj$dV+vOkSg81v+ZCd$(ceBs#;;Zw*Fcbkd(? z&8JX@csEaH<_DR5l2|;jC$R`b(6Vw-CP9&K|F|&Pqa`LcsVF61lEBwwClubu?uA6C z#pEZu!Gt7Qs@0nL?r1LOrhmapm_fHE0=U>~a|opGC&fpTB%(Dt0qI*nr|@fy0T|W8 z0s99!Of5C1&2a-mvBHFE#b=k~ZL-#XyW{yScO*g${vW#|Qb56brNkPbWqrU3!$hjI zvr34#kw>HY5CG<%mxfsHYMeB8$>CyyOna}LNwY>=sIUXVWB+43pIwV2aDe0fiOM7w z%X?Io_B-dDom5iY?lnYrSB>YFV=20FbzRuR0$;!#1 zaXBvGCI|i4U0{z~mlWxDy)&V%?RcpqUBN9y>fpJC=YrayoS17$m8(nUUrXVYTTQSy zWcy{=7%> zibunqXL*mw_zQf7A99X>BQlxA;B;ucW*nNLw1J{v5_c8xLE<;I5(GZp(O)XMPBqvY zvi6OcKP1Y-)w^|+-xwNwBx^;hUkDjfG9E02#Wt{;a7_Vaavy&17oK-Ct7n!YA^VAX zSZue&*o{ua2+0Q|<6VB!cFCA`y?E%Q<;o>x^Cg@yL*DN$`S&nt=H61q``sn8p=72@ z_8u%K2uz`i4AB^hQfT&MLst%1>0gZHAP^9B>!7R{i}S44HEe7FORHyyAJF+C+e0}S;poscf2QE1;62ky zRdtvaMl+8mjoU5%YgB_#>(q?{MG0#*~zsm92LJDQC{-vY#`My_DFGF`x~`?7%> zC}gBL0VPxi;o=Nl8<;Uf=l5eu>1ov){|+wQo0IgH%)2H$$T7!sTI%xTG4ewFZLDh<31Ki*Hs3N4sPGd2jdmpWHDcE2z}IE^~?;bDHNEl^E0jOiRpa2&${U zD~^E;Zm{89HgZRdTtl|=y*?X23!nGYeJ&088*FwLtKts2Y(7_QoiFdn&sE_7r&rBs zIF*>=NposGU3P5l@uv-7{6I7<{M@IvN8+ZU3FVIeS^86rqB;-PFI=o zGb-+jQ!D%ol3e#nq0M=9UMu*X1wb(tGe~IrK%Km$)|z&B=8+7vE>Q zzZD3f-*ke3XDG~w#a1T6XN{;`Em0D@0Ow-GB{IMk3z@!;iaqq0L6apEm?h16aWVIc zNmiwnS=b;UB)Y3hCr24Y|BFtZ>WT%F3PvoLhhB%rC87a#jH%>>?=h3 z!Fotal(3;_VB5>LWXGuV=`Yi+w){c#P+n%RG=Ks}_AfjV;`N1^D+>5rUK_AIjW2N$$8ZHeT#NzDt9;pLpB!INSGw>J|2 zo;TE**VpWIHS=T*814oMA(z#N?3+cT;kRL^=0cL7*&o!{gOAk!F1Mb)T%!3OswJlX zcU3Kd*4FRrwbCG=Ddy|>9N${OM#;>whybzT9Y}gpCL(rjIKy0;uhEMuF;!-_N*K7a zvdFfr0=ZO6XCLHUW;7Kd6YrhHySSaW2UGHfV1%hqDBuwERf~Wm0Jeo`4X;x16Ic{$ zMH2ozCk#M|SxM+__!U>k>mCtxQWBd>Q*svK_7fk(%#ubVUZ4HOOlM|&w%8pT?zo#f zhSS-ISN!CD11rpMYnI`di(=0k@8U+EO>UL~bCW8(`|Cn`RcNo2Jc6{}yRf;N*&X;p zWG^UuuQ2df!Q5SMJs+d_nD5oiqjmnYFV)QslHL5?q3a@hJ-7xY*)kgGU6I{Df*%4P zDT-ZLBv)GB&a#cehPRDmn@0^ZItaE5M=oi$83VQ+qo|mKlB1M81XGJ*F5sG7fDaj> zof$4_lCUgn)?b!){|Iz`rkRcEOSj@;gXd(y4F9)Wj9|&#oEMZi6z5PAwGf7!p9pMo zKF`~k*BPi(%|Y+g21r)gL9(=r5#WX*C-^_6fOliAt2eK&b2RJf_J+E-zHX=L_A<)R zn@g)syuVnP>bj2VdbE6s)hPvCh=H>lCZLhzZCAQ+=}KLDC6{UZtbjyl}T;=s>H zHiyj#E&EKfG?>5pI6>z_`(u3X%%bn+69&XyM%soaygb&!Z{Lk{m+JT$fVmb4kY zFSME$wK$p!0sPGwEqe~kMqVbJB_?9q?bayGW@%|!%LH$5MLw4_l`S31mgZg1V85ROCTzaY z$S!Qy&k;uDe;zAk2l2Z`8 zBjWZ5Ak#L+Z0u@hIle`jRQ4@}KB$-)klIZ%9>z`YS&ZWVf~P1x z*oNmdgQ=zf!E*#|yI_;mW|sE{IX?VaPuVcV1rVn zpa@wtS*fW+*%U$CnX5kJvB%yoF;79-H8~=F5}(!bJO}In$6`3xHVU}_ z<+D1A$ooa_RgK6G+Rew?9L;0MfO>zTZNJ^N548PnHCdT=N?`c54%j7#;_H|hw#W9Q z?@QX&u4k=GfQ|LDuW4igc1O;R?Z-*YMA2sLC@+PO@3m&PE`@&GHlFFN>1BERwB3BF z&CzUD3%}pCPq;a2{Hbj`bKBCWl7?sNHXeWNHlFF7*~^lN*Jfv$sm!d+{>mNqa>v#b zfn~)|8@4+a{Q)%`vJ}Qt+u!bBJ znV{nm=%tH{VjA0}^Y;#&zm=4nl}3o78AWw0k@Ipkj@Siq?X=UrVuQS{Gck9$h+nLG z{z3p7^}g%s0n$Dr(7K^+Z>igx>-HviTj}PyzX1@4!B?V%o9pJ5I@yVF&nBcz-1WchSZ*<#Wh1&*j zv!b`}JH5BWIgoHuyv$Bm9zF#31bY*INmy9DH~qyheCA1 zE+c_=C`lB+EWj;TT13y}mnEi;+sd1W=6m}#y+@dSrk#0zmiyx^OtLL^L)^+cSHb?w zZVHRRcfLNOb^_{T;W9$0I>?%05wPEJv2Z}Qsuh51+3%pJqMvf~A)bj|EjhC6orqS8-WH^CvMXbBEMb7&cX#h5Ag|WHsU45gjt-5I z6K&oGX9~?o;-KgA?I4@j6|Js}kWm>=4K%VY<)<6`O0DL(vyP0sQ&npAI((T5*QyXj z-a_@U+dno--oKj0zL$GvuAZ&B#JxDlopz-MJCO!!zqGGG!~6h;9%GEyxf`tcrZsme9Yf^bYyCWvzLu8o zkDPPKcBNU6i;fgstsQ1^6w!)Y24OX+kp&gROH>-q2)=)d`jLB*Xer~P=8tj(_!3vq zg@Z^$v0vP2zPb?gWi;LIpYZ;L37p#)Gvj0_Ci^U{g4CH?Z1z>6Jk3cM(o0^Us{e3z4Q@IRVR_QxGHJjHiZZ>c-(>yC@vaoin4ckG?QiD44&p) zgV)y?yhGf()`RUoizHZRi!+|ru~f=l^H&Au^XGjpEp7!D|jC436)}$b=1mVNA%Wmi^jgG>z=PGuiyQ-wwos z$}^J%MBd|VAS(kgNV^j;sd!c@1b2T!MP1T%A>af|{Cozq-(7=%MkW_seJ~_b1Q3>Q zg7KRB_T3o&m2#K_7kxo-2Y2om^9x44f16S}nw|986NA~l!QE=!_E#N|wah0`BJN;j zvi<8p{Q}b>x&jVO1}<*!DwK_dbpqArI*tHpi{L@#lzT;Xg7tSeFBMUF3k{ZP)6;n$ z>bxJswOXHpZmrfWvZsQ#D$#t*80_}AR#XYyET~q(`UvXsP*^XKPv5qBvi^1-pQ6@4 zHryxEmu=0+X0<0~;0515yE0iOs*IKao7yuV9y3|!>Y^4p(co^OA3~7|0c89-Jd44n zu3=XJ&ydQu{?$_%Rp++;Jyx7ez{14Lxve>^`Q>@T?3dMM2T8~-IgNj8B4X5Zi*XJG z5THI^HO*U$xx$!h83jR)9BfuW1mMQ6p)MLWsEKTcWt20n$o>6iZbcS3?Sam{8s0u@|#dS z5app~3TnZg;57L9$tMeiZ1EOhLrdK8z3y1rg1gI;X7WSH-#m!BGx`?08N@9GWJiFQ zm&`{>qbe9ZZ)=@kvj_MGZN@r~s1=b~kkXkBvp2uMO)_Z8bb_+boD_I zFs}ih&c$xN81CHmdx?+*qcHw&U=ox3igu{2f8*MBv^%!95Ucp4Io-;ke5u_HpxN#j z;9<(x!(_0eIh$$(G*YhkSqlZ1mS%kb?z8=U5+qQ+;w+_>#Vkp@$U;@tI%Vva?y3<} z?K`?J&lZ$yJLLCKlMvkvdnx%6@h(B6&QiR|aCOAR#2#m9Qm=Qb7M*N`qtzuu+ZU!PuM@CR9+X6_hGQ*2>ng#|Z0VhH1Dc0zsZ z=zG2QV)&a+zR%uf3l_}=paoiSiL(=H3@kIh8*4%flE>P)&76$Rwlnb2#z3z<@5r-0 zf!#EAbE_sN*usx+W?>Avyixp4PH$yq&#flmj1?fu`GA(SQe5qqgMc!DZeZprjN&-A zS73pY-dOhU^;SyhT(u9`6IR9}Ey67fT|%}W2}TjB`a`{sR7O*8EwlrmTV6de@_3C* z%@E!%2VB;Rpd>o_0^BjWW<+?l5MZ7vK+eOS7huy?A-waH$6>h zd=#T&Jp*3gVenS_Hu7K~=MLb}P)SMDrIC_Yv~8q@uwei=*uB&f`Iodx6`C;eT@ct=_XG7$Ugr*d|l|@<=bY`_otKQ%}A%3!Rb0CgCQ4P-_3)6dS9kW_&MJdmP6m@))6f+KVCEy_+$up$YZj=Bw!FdnG5gNq z)pFF7JXy#C&e2yk@RhKN(Xi8=3hjBL_q@jBAc`j_t3^s|@Jh3%UCyMbO(z-hu#k+F zX#~Vivu*(Zy#s;X{0yT*6qjcOU7FRIWzBTzL&v!pLxG|JB6O|!K0eNS{jP!$hjfNGu#wp zkS8Xx#fzppB?#KE-H;xILZqhe!q7t4W--mKk^si2Au~@E>=YqKEe>Zg*?x>^%bBny zh*`3%=-q@ChaH14Ur(CrX(-uBOmepisDzGS9;i^G0sfoXcAkgNabo~i)_YBRhP|Tf zuDMU*QtMB2*5m=KKZz1`UUEBKoUg}SSri$vY5_{4YD6)s*?D`#!0-1P?`7;}SXEHK zt_-`MSPyo8w=xrV9CpXJdnWZ3w@DuOWqY)@iEQ66G;6Q{-U#m?41_`sau{LT;1Wy{ zEL7K#EGebA#^c-7jJ;#181YJQ7dDry0Rj$=W{}pJSyLS+ad7lr_c@l5x|V8aDxl4B zqkdkP_Qi1PoN$Q~%3)cw6D_6)?Zvr^Z*{vKP0B1x3*)|*Asg3L!JBJ&>AVh9SLriY$G8WM6k4f=l z0{)5<$-gD`v7{sMAE#Ip7ETTA&z16#Q4=q;1}UAOsj>fQTK^u}rlLOhv(mZ+?)iZ` z*4?q8w0nzNr_0FGJFqwTdUBzuuo3;f_bI9pF$HNOYPKA==Jy3TC@jFTkHla+!5a(KI3J^F`l+R4^bh8`X7}&P>;5kM zzx-YIUM)(D6o{i)cec?$iZ9S5e*IWC33?-f!v;5#u%>?}w;tbU-couv!}Np72(?Or zZ($~X&9|E~#GY1g-RsZaqhDS1`m=ZH?7zPL>>ZpX9YemFcg_9Cm@7yJL#n)XBc0Df zop$~oI%G@&Sb;NCL-zJD4H8dzEBM(vjE>SzMl9ADX&yB2IZbgL%*52&P2Fr*o z5q8h!NH$&`gHK4pBqb%x>R?z+KeC!Lt;YRiU)k>OS_NmJ?fxb>?lpf;6c)VZ?;VBz zuQwyp9Rmb3b=ZA|Y9-#{$*WEAD$~5$q*r06yosz#Y<~zbApt1mq%-_hR(vR43o$&12mhCU{m74IYC5)KSVCq#LYVFNp+w8mx#=y?F3@Jb}X z%|t0($X{K2bF&$BGIEYy0t$WzP;fKM=X6Gz;z*G~+H%~IONKfSobX6-(io^Bf6q}& z-@BaN&@MRWW;5Trhrc994(=fW@YEHa0$ovU z3_fC@@DZ&bGum)T{^Aqz6YcB22(nqnuvO+Z@B36!rR@I)yLaK9xY-~OH~EY>$d zT@cb&i=_2FN&lNo{Uj5+Eax2GGfL zx0>*)#@uRvX-FP2!yU`+xF$a}>Hc_=_Yig>b4A*`9Fdi6N_fVVsktDv7a_3qU6b0! zu}_iY><5Xx9u_l+@7pZMG$N-&1>}T$1`8m^>D{Tl4=KT!xR|v@kUp5&hhKAs07ZLLgf6^%o_bM$?HwtBV=5(@%rQw(}`K1966ncj%+gj4|{JO zXGc}%{nt6Cw!81$x7Tzh>Ff(69SHl9gdn?u3W^#Pop~O|eMX(_Ap{auAp`_uOGL#8 zhzvWpBqAaTqqwnSLJWw2h>8fvnCJaDb-UA`{$_sv{$9UyZdKi?x>aZSp6|W{R~48% zmPuAGvFK$@i-VJ^5%){K$cU0hG(*~>?>w%b+R<|4W_c<29fplPfIg|)OTw8};T>3W zr-2M-%h;`jjN-)$EiH7p4a5*cw1yfmHTa#pGc4yeZT)w@!Nv3<8CvRTTIIXjJwsu zw-~k!zXgOUx0;zAQV#T6cZ;dsYV6oOja$vG{(Q-AXZiEMSIq++&l&OOGr;3l+#mmk zG1r^QhoTQwZ!v9u2WP|oF!p*g^r7Mh^TEX=urt5Uw=P!I7&P%pc5!!VuCmc@l&|RL zsaek~TvKU=gH7fWpKE|@o!j|84zoWShJo#bjV zBnxyuE|?z`YTFAW5u~yA7e;J4yVg`f^UO_)30)`fB2m8U(*db#cI%u&Ro(f{DC6TQuL6{p6-KyB zj+yy1mBO`2qgo@4(gJ*4lg6|rn52~_c%YH5mqSFBYSQj)^%Q%3VpwuWeJ?DFElq4EPeu4 z6zu1K408rv^f`N8&Yhntor#^CJuk9_b98)Z&Rn9Lx3Rq-M+uj#G0;(9Ui2-7jfaGC zKkb|njv%13P9zn}36&f4Bmpd#Lp3hTUYUoRKW#@rZzv$Z5@XBq%LUgn4iL9y8^SKhsi*wj1J5?Y5=+ex8WZolrJ5JAJ4b1m%N`K zNTpy^8PVyHV(ZbOeWYj}F1mY)_CAuPX@&BfpOGaOy~TZbSL!S@&B~azZUM6*dnv;- z!jQ+LM`sP7{Xs-e!+u2gy);FcwpGMnF!K>6&hJsBOIjJ(9pr7>X7;KWRVVA2NkGuhjJg%%Tk5XDE|n&L~YUlkEz`ajOQgU`~fCr~RiD z_!g<0k+k5Len{HsmULtrfsaDEhdZ#Q*lc(yzx0>VI~D_hd!~;CF+|1)g~p81mRPE@ z{h-%0%Rrjp7aKkbXG15KJRnh_Z-d8l9o-DpA#&hLS#+Bb_f@jOf;6!+f(kn?2I0=L;Rm^ZatvHf* zeface@96=HDB4rm@ItS*6Qi!2ik^XPgiFLH#gjQX8IFLw{5acLg!m~tq{MI}jU>gW zR7$vpkpGO}Rw5ZWID;s!Z3G=--3eYTt0W~6dTt}*l|eR(RIrVrM0ad2`&tqm)qwTS z9`|}K@t|XZZA3&cXehDZkV%jQ^va2aEz?)W$^+M*kS?Br^YXGyXY?R$=>*#ChoVa^d>0@vI7t{GnuCEfLU# zh=D|9^N-~0ww!r9XSPYdgz^YCuO8`=I=Zig45|XKr9J}Tk;w$*SVRa^MK%58?r;=n z28A3x$zEeJ3~4~%^ha|G z+?fXpd?E`<746sh`>1c^vA%f#c9j9mxb}(7J1Drn3O)F0rFpHC3Ypses}*xy#eA+} zH&)2Eg;xs?Wa|i9hLGb6>>DOm^|6K>K%*GJnaC5Wu*wW5T$oT<^z+`NFxIGpf`>^v zZV^?F*aUcOGu@Avfk#d55n~@U<`DzFY6LG;RUX90m*2>u`fJ{%lfZKN*URKl0fqDk z0J?9Mm=obneUQ0*SUCnozS1sM4OnJ33{$h)J#q4dS<-t{Xb`_kXX^}N_ z&eg_UV@CYeTy1J-%2%84YFWAWKG#G*`PHUzjj>movftLPL2K}ZS`{gQY5i^9tm%f$ zys58vYoEKM7;Pw;ul41>*=N4dXYTBCUn)kIREnGX+~qzY~{{2FD zfy8{ppQ50HXmjewxDcD?%i;ROT&WrdBF}QzLHol>KD`i~RWP4PAg5vJ?1ud`t^uX9 z8um=~jEF5=kPx{b*V`$b+&aA4u9C;J!ZGq-da}q1OeTYa5ZqZ`+ETh3oL?e-tQ?jK zbz<(6TqSJO@KN5==6ZM-1X57w}_GcJm+Zjk3l(pC}8n&cx;f4noxQAbrG z26i{3EZG|AOBr-Qa&V*}r5#lFlVD|if+k10T9R{RnjF-6G-87}NVVm+nd5_1b#&Dv zDht!u<@^B1Mo=p)iRzC^D&ZAP*1-IXa!H|k6i--be13iJIFX!K2-e|KPf7#Y3~rZh zq8lT+Vn#Ptf8sV(&F1PE*$#t}zE%A8T$}B(b2so!i=g}ct@jo9w86L_Xt>>|p5fiy zJUAyF6E7M&4%Zp$p?1H%Vt<#vmVK}KJEWcCJ6O99XOXqWoMTFB4cI*Iu{k)M=K=Hi z48Mz%o@>hM%wk$F=zq7sUs+8P?DY6{bMQGPx7OHmOl7S}&N0ziv)gSZyxsJyaPM*} z%)6HBzSiw#m)p$J+f6@@ncw+k@itQ#J74j~yZd|Q`qvzLu5s(AQo6CupxgK>wboTN zLO5}M0C({1x*A}s3&GGi{1aSIowIc9e8;?SI0wcm=8ix{SQ^g`Wyt7N`jwu@X3 zAigg1c$uhMgCa}{%kY^x zoa(ITn{{(by>x56F%QS0&^=VnXQ|&`DBH`$Tbd`(G`c6tdG=42&F|~!i+Ht~UzE$w z7wst;w%;1|R4R)jawVly(e6NvWTR*-#Ggm zL*_om+s!Dsa$@&e$_dfGJ8|waUu#spN#p~`C8Wvu6<6%`MjdlyiqZ+x@XJQ{6ej_0 z&&~4dhZ^q5x_hE-o+RF{5f;~&DhVp2*;1Bd=+mj=P2v;{T?bPEUIaNvgTx0S!6bdQ zQLuZgY$|0-;-W#bsnxm$&K^H($WWis&|Fp>>)VaZ;#cJoYx7q$|LViOjHmn_&o(O0 z5Mad(kB-06C$R!`^3q@Eh2L-VokzFS4)R%jv23m^6ZVLOgzR-Yf&M}}G8<6~fQ3U5 zlNH+4MYpCHm7+O2?_z26=4L0vV}Z^jjzCG6;<3n_I`5DwU@0Bi6$qaOnvFUy}Jg?qss4y7-lH|^(Hllf56$NLb>n z1_Ou*6O|fXD|?0emM7&V!*IgeVT)g$95TptyjOTn^Jx1PtkiqV+M7C=$BQk+g^M&P)5EH-;a{zp-)5Ywmc*z>3gL<5{_=gfW2Md|<|h(lbdqXci&& z!Akv8Jiwe4C{4Epp0XQ(vOtNtHqs$gZwRQ7s)ncWK;&YZb z@hZV2jjmh^g+ZgQ7g&NpD|HX|=TWfZ$cf@4kH?7_Bnc+Y){7^%h6mB>FPI7kJo4`| z7-<{MKA7xN5o-9#++;zt>u#gr!XENtx!ug7<%@MkW3OHIUbFl|Xtz!>z%P96jsg@Jht5VB8e!F5l#Y(rCA&9~{_y=-3F|A_F z;C=0ho)#?+?raX7Q??WMtUsmc%G_)CtW$I8*XrW4PR`-R?yAaur#0c91#F^If|64h zD#HOR?4I1G%h5V8E^7xi8AgUBkMT|>ma%n03URqdXNeTGC=?~xDPl5DtdeJ&w2fg| z8ek&@J9kC3R8`a$;-A99hBSztO~Sf4&L*XvP5L)VeJn?1vC`e1rNRE_4tR`hX2cW0 zH~4J?(Yz3P3q3??s5i8L!&2QmWXzVlxmmfm62;+1b{7yLD5^1jDf&aLbr#sZ@@r$B zGw#>QWGdg`#J)=UYExWg-ISa%Vb}@~ULuA#1hPm|K!F6?FDg^%Lq*SOw%;kbyNXzt z+myvL&l)@`vSHdEG$GU27W>&L_~X!n zGRMr968q9x4}{8j()E7(zN7h7ANOR;oI4R-EaG&p|8c?*ayDyW-uuHpicf}8K*b?J8^nzX(IQR#w2>9 zJFhmoU1NGV;tJ27>vdI`0u;d&4St0div>(4uz(1&XtdC^xfy1y_Tdaz!XAIWTBQ4{ zp4nUEnZ1k&9QDTy-qjmy>@I(~t94ZuxSf)y(5~&yTqrw>tSv+K+?s)XVPuBl*%C{~ zi66%(3>j%Yt7~qJe6mii8Mwv)O9GKqt-_ftw}uqI9Z~I>$UPr{LegUy#tTWHBBl?|h;7Am;MWttaqO0{JDzP4-86Ikg``p-V zKG*HOfU=MD>*f<=^L?ZFYPY?vn}@LqYCGyXuN>+AquXBJO#*8w_tfljHMyS}Qbn3g z-Qo42IlF-~;bIwE8g}!S-S)}u zS@4sZfThBb4F2BV4h!T z3};1O?>0Aemu~K^oz%AHx3xMEsvcjf-nNgm;W2*P20i?!%PT^E0P#nG_WOo;JmW%dWFCN~ zNid4vZhJQK0{UP+-L9-9yEkZL?te4;;m+|f>?bkYp#0gW(C7e+P`&^SCmt*&r%6~zIi79zuI<~* zHA-ExP)p3k<5=w7o&#p6WJ|-tlS{+tRDn)9J)Y5JyK^<%U|Yq~>}m6m)hq3K8+$@! zQSajZ-QAuzSV4}d?zSj7uyH`&(%h2#(kV;aL1`{6mIoR`QW~T8&)B$`y>qBVyOXV3 zR9c+hJ)X(v7jVaX8qprk4U@gW3Sgqe=z9z7;RXzDL~tM|M@Vs@d~{wpLMB<1BL#(X zPv|GH8e(M*vl`F>ISj~A zPZf3zKU4=bC3GY=Qe@vh3s|8XN@=?8tj@{%(kOUROpT`C8dOZ@7Z*_5cdo&^LL|95 zy4ymMN1NijXztwIx)u?hu&B7Wv3q4tuG(;)^gtNE{VdM?@zSm(ZYgbD<__lEvYvw* z%ZrEjyAH1&Q8|3k5las*?pxVsbl;`>sFx(Yfw$Reci=DX`ZC_8+iPVpoQ<2+AeqoK zXiH{R1SSR1^%1mz8;ycRG z6V%zwn>(=Ln+KZV&CT*xnucr+ue%U)$}g~8!8`DA$PMOOO^-LOYK9ANFrV-om5^b% zQpEy6v6|voFj;I8MPqR|M|E&+ck5DcOXa^}^XJ(8S8P`%W=9Oebyi}|Op5Cg=cQ1H z)K6;er#04X(QxmpvDvl5P}OdB%!1ZroQbeB29R0Mqj2%dGB?- zBKd#gd2?}yV@63FL@Wlf_k3^2%-GXiL8i0-yMT%TN^zLl3kjY3XAhZ%6p2A*xmx;X_L+IR%#%d&GDp7q-fn{2EJco7TD!!&bnFtm|rI3)_wZ#ZmgUkD?!TJ5L2>KgyI*_qle*c=3 z4e`6z$7VzPWh%h2E2<70Ce*(9ud*EC(*V{Yn+Ztk&pGArNWhuB`!PV z`2uSBP$pZ=+U3mJ;9r?FxQl2nnqrtGm&bp$kTP$>ow@4|o@UOT>~9Az4hqxZTt$4+ z2e(+VXtn${%cV6m;Y@a(h$Zd`{g#4eNwBzZip`&F(^G76vVB%@E(vc1Ev$+1s{tSn zL>JlQGsH@Yr4xWrf)1r^BtLolZB0KG8GHfcJ~@cnI7ue@nfPC+;(~6 z<1~&15l{8R(e%Yb!L1L5K}Fu}-=`kCB*-~qq{G?A;7%~ZR@4r%EWr`Tz5Rl?}QKuH(p=TX=W zLw4U3jmJXUdzP0&W`Xf%#eE+YP2j0GKL`}D9B?cHCZw>lPxea&J3p10S&vwtU=kuJ zSQ_>Q5DWuLckt zCvlGHhPjY$s&uQ_Jvqp9SLe95vlqzgUPU2x0ok&5&wkzSUjLkfXj_7rO6GGVUYqz1 zS-oC=PRk1fSVd@VMe-@kQ$u9|;#5~9fpE^T?N+s2pmaxu`cD^$a!Ac^;t z49yDx;%K=?HY)w0@Y}o>M(DXz`l>TCHR?|*lw7YAxQ|8VKIj4eIlL@Y3lN@$)@G^Y zh`*qnuiF-b#s3ieS(?Qd00YDj-XR9Uf8cnz2ikhM)Pu8TlFuBKl|@CF@e&fs!*)<2 zoeZ4F5{2;Hylkj%QWPwn8eGmwMPCiYps`G@)*%a7h!LRlty=EeGw%A)3Pwu``r(r! zvV0mMLW=^F6gqg^m~AHX#V3Vv=-LB5cN?6?gBT8?@hV#Q$q@dWK4#nxvRWq=FJxcq zWHR=hJgVxd6j~5A{0VB|kQ<;JPN3XwED)fU1k1FKJbuwucZ7Ex|Bmsy-Tb!Ux6AxC z*+SK?(f0Ya>pc5gGgu$keK1o`PRW#%19O7=Z90dyEj0gVm%G_o#P$)>wOxZ@OBfMU z|Av@(bl(bg#fGP>jfhAD`0-tlZm2IvVr-|nDQ2o0s42<8N2RvM(1M_3s>9NLH>d9b z-q`^P%~A#IT?>ijJ;1%}A!tI{fpw;PEYPX1L!lM{)1i+sP<9News3yT-F%H=$fVHj z&V~@vF?nPAxvpHx`xE9fpMq9tzMLyY!|^m z zacw3-t~|p9Pilm3&eu%6UC;duU~#$00NTx0TAoAgp+FEI!DGuCep=a;)v%(rr> zNiH$wQWITb*16z5m%B(S%NVp>^Y9rz)H2koNnmA8h5+ynYpr#s8gnu4Ls=A>74}^u z^2z7!k}|I$cJ>E`aC?|qjA}n(jppvmuH0nIy~f;Q45Q7rdz%DH;vEL;O z+etd77t8Jb%8s4B-M$l46q_?${%oSi`CD!5$AGh+IeQgLb!e8Gf>cQY3{bK>lKl-l z>8H;A#F^V2+&)jFW|&P_xc1}d@5s$8MVNn)Xbx-e%^(*2gAjoV&%~{iFC3N43Ff2H zX=Hb+_i{WiUuC0c3>L$Nusn%kqY28(CtS24bPLU~<{jKaWbNfV9l_2v7W=brcRt!y zsboZbpv*;cgRwW7YA-ULN58n;J!Y);w6YI_nDNn4g)+4T);t+5f5w#WAg)*i4GZ-; zk(VGCkX;0fnYTtCM!W=?yLX+oQ-jrmu(TYE*yf|PL!nL@CDl0+7U*v|$0QbEZRr}x z))^)ohxH&n*lyU1JDdpuQngD3giEuPX}1&ytdtB9rbVsQ*uDktJaDSqG99@tk-Bny zWOC@u9|MysH~mGZ#BHHfZcE)XmHC^Cb!4zQX!Esh`4xAit?mjPz!S#3j9cDLC}(zP z8E}rkV<=k8_Z+$i+3KJQ^I>QS?x5`E zn?)036|oQ*)D`Wa4BTFB)D6XvL~w#eQAXmCy5lNf@9Eqp|^DyZ%wp0agng;gA>8+T3df=Lq%_#7P)D%@^nqnt=zyAJ zZ%+ZlX90n@blY&n;iR1yO>#}BxYjJ{7?xGar{ea)*{5HFq zZTItMX8P@6TgWFk+AA5aKkDo1$4j%{Os^LE`g!lb!XJ=i-_E?$Mwbu+mm_&-X3YRb-R*B zQZW@10OY3|80B$P6VtaG(R|Jfnc4QcNx|;94Fw4kOK)h9tTcC{th3+MM&&7i$$t1A zau3;V1y$RA)x}1+13)*TDy5oQNqZi7snQni-u?BO!!akE6!kYas-QRX{ul(R@D>V! zx}#W(zXVnkW(z7NYMYIeHx!5KLrx4U3!!#1@urB0gQS!kw)9EOC@B}-SzN~ST723U zY>|KRkl)s~kQZR|Q^8$C4SJ_`%^lrjcwaQh9}Vs_q>Dvjs9c+*?TJHU%2T)yb>^^1f?a`2f!B zQGzmnd0ZezDK*en4qiaO1u13&szj#r9C-wH_syRCwcj!M+FZ33Kqq6 ztY8c@_@c!5CX9*pmK@Sr)k&`9S2)wjHIpZuK%a`js4RNw;l06;%T@hdIiiUO#^)IQ zDEnq`S^-?}c&@oMXUU+jm4E>IxH8f_n8Ww4X+A^kCNKo_cl_HA63u!gG^_J=Rh~2` z)Sb)jdlC82>_`fKPRyU+QQa%(yUcm{*1EhsSFWCG^QIbImYOv@6h$X0&eU9aRs)lfl4ZcgDQ1{*hyaT&wDg*rBq3N|8ge zTwgqF7bGdA2o!PMVu&MRsaPPTmVB{@pn^qHCasvHDBt5pO30piXK(|} z7j7=#uqT%b@mmZtXk!>>7&5KJ(;$=d#v3j6@FJelZk;!f@scILL};7Wkvce-&hMpls^91 z1+wM%l2!D1v#W1%B*Llr?XpcIfE*`r*w^2AeHn1pEBfR?gPt%t7OzwS+`}LP;XZ1 zVbokR{g$jLrC@YL@N)_;(ODE`Jn?j-R8PWB0S`=9R!}7rRo}#6OUXq^Hjq4YM|mcg zWY`T-V#_gO1OTciewng9hSI3X=IF;}Q)D(rso&No9QSPExuajO!Ar`NM=&dReZWma z+Reigw;=`fL3qKU|8zrLXclyWv4zV{S|hn!t+6N8n9d9r-+(S-3wZXy z4#v#L%yuj-2S?7q@_Y!KKiP;O5afWwf6i6O76h^PTA6P9EkrUqFSxnX46Z9Fe^e5@ z;!~9a8Sq}<6+RHlvGN3y1TGpAxExxg^i~@jx=+Py@2a|EqgTlPE`#&81oxGoTU5&d zt^rZ_Sg2^Eh2?vytYW^WXh&Igv{_UfrvlP)w-h{zr?A;HI7f61_ZEoD^yeNdU|>$+0e1Eqo&&yv;OTPhI`|I$ z&U2NE9Dr565~v_@M8#ei7qo4S`Rd)fTp-k|>5k8R+KbsjP$!)({@Dgypi*eJ%5d40p(PV9;-m-9f?VQ9tp% zM_AxG9EAi6!!!>2rf0{RMh2QUIWu~`ZJmegg>4?hg+`Vjo;xbJ^TalV+doM*PLqW{haPJv4F>s1Akzn=mcJjb{g9&v^To%@W?NZt6;G9OkLAtJ^Tu!OFU$F- z$#%&Iw@j6i4O1N%CQQ?vTWOtNvFDK)Qg+in7tQKYxP}5}eK>}mRx;<5!m~=|Ox2X6 z$XO{owG^IKiYEc#o&ejQ?v{h;SFj&O5RBBsU>Pr6=7V&o_@d(on z2WLN@AN$qK6~h;PbsZ5=@#<>&DiyDyNx1OhvE(7?jrN$r(WJlXD+y`9nM5Cma^$beKz@_ zWgGs`PUqZV9u_P4w`&i-mJd#;A%j0wX+Bypk5tUHRePj;OxZ(!T%mnS&1EXRcXvr@ zDCD4Dl*nK5V@1g7$X-wm_mJ(=?#PdEd!UFPc^Go{mfXJfD}-OVSC%Or2YgYJ01E+Z z>D6l9#6i_ms@TQh99m(a-E7P9>^0` zmI+dYGu>Y9FcO+b(8)NFITFbF1dyYwC{jlac`cG6sB`uR&P#F!s-}mEf1un35Lzu( zi9uXka&cdNdPQeSMDy)ONN|aqA@H}vQu8+QzqoG!PpW<;_z??>$U-V}IWI&}-OK7B zYEH4RCDLw)6(-7&452EPJ)Q4|c|}_#db{>W?HEmnRamxOu?m+OzgunnuIjfXzn$c_ z$@;K27~R8T9?3jP_9&P>$m6oJTyRRAG(M*o^A2nZN={1!RJd3iT>h0n0~ma0SpbovmeyW7#hT2F<{dSW(pl? z2}1AqfSAA{=AQ|Z8#JWvgXP4SC^U^&22++tCy0`#qw25CL;?NoGAY#2kcQo}dv-G6 zM>4}XK1%Pb*%l){rrci!T>Fr3ubh|LDsf#jBU7`A4Z;73-$~!-)2@SBk0Wvw0*4TTp}yEM~AcS1`l%sly(+{tj|doUz^mLyMTmQbxS zM;3APJzfNzceWBX4tLCu<>1D~-%!IpfD|#I)YkJgRB2hQHV3|xdY=K)XiikmvyxEs zs;n07f3U*AJQnSE*{q}-Y^ZDSGd=uERI+0V7%<=(xgeHw2`9?RR+=t}lYL`?B>G#F zC_-QzL6YhOO;kC*DvcwS8V=?NkzR)9qRBQYF~ z6<#0{AW5@9(0Jf>0o+<>2%TnhRd?WbFg+nhFI0;E)i8f<7`CT0b1zrSD;49n_T*-M zO_Ll+JL+EbnNhFE%Ts>X99uWAf|x4KcamFBW#@V~oF8l8G0C9iHL$>q21|A9ymDus^-}JoY?#b)x9*h==5G&6k5eYdRiiHt%nm zpEb>MwAntOx@`BNf8g)2Iz;jgG&1I%tTNkORAz%CNX;W$arcrC)E}AqmGaHvwP&c# z#%~^lqcJNgZ#T!3j|3O|Cac)?bluJNdJa}ALz;BhH7Njh=eyW6kTiQTm-B&hlCEO} z&Pqks%3&X|SCb`l>6@g29(NvVVywR97zuSC&YDkxM}ARABQgZW%rezZ8~p6PZtosr zmdk<^XSO7)8L`)hSc*$!9vzcAsI*rFus+vizR+bp-(}f)xPwdB;bR;oB>KDv6+5i0 zM0sw4{A5Ws6}P~w3*Mm&D#Iwj9ZHXGn;*D?LLFoz%#cHv-;QU^%;AiV0{g>W0g!32 z+wwIU-RpI&oJHX+VPJBjSPF3wZ6i^M;Y6+FrRs(|$9r*4Xz#`@^3ruQDkyP!JmP`Y zGX3)W6(Jaw1jPX3B&4J`{aFtx@HZHhlLo&43<>6l!0mR=GWv@>Y)CJq|eg>gsy zNAJQh?6;}kR{ZuWIHYWdkQCqga8P0r;O!+}C}1)^$i_=|e@WF4eKlf%;OWg^U3p|_UpE$qD@{Ct_%%*tzHI;C*d zucg+Fb|pPPf{fz7V{}JL98JN&DoXy>1a;sWnUMd*XDkOsKio$rE97*jfhIw@Elyt>@R@8JCIRmwjA@6&ARTCtaz(=(riH~JX-E3mL#nn zM^j|Mkn|d{pXMdjN^lheMoG8UD%HeY-JMC4&x@b7_D{|5B_haeyem9<|L>bBQP?tP zw!+g|=2R6ijjhgvC%3{=TBT-)lAG&1N0`9Dl!Om;*B&OKh?TLhqmEXbw|+PsL?D%I zcSqJ!+BcmSp8|LyE;3`p^5A2UMr6T2KUU3AKW&!F4?)TcLUw8uoo?@cxae!Bt)AJ;qcd7L

    #ETCi6D>)~Ro1#5XybH{xFsAgKES0@L@og9b>ft~qDd@@2ETm9!g8+&+2N@y? z$X)?B{7B&NNe=?g{Ur#z`)`22^*w;VneEmYurK!02<1{Lyu?J($&5s07TpG5$*1NORW`juWXya=v;)e%;up%Xp>=8z(t{Wq%a zPApUAJ5_gY)jY-_|6Y?B=khlB+mmv|N5WY=uArK@PB30n-AVQVSV=Yf-XNIpIskmH z;Ch=vyBlbd^1)GX$6t?AY;rb!3^oGYr0iP{m%}X*V*8O0$s{AGJ$OcdBik zhI^Scr`g)6wtO1-U{^ArW?FMPu!HXi>YM9vJE5DmKruSBKx-4g_KQsdjo?fRkyfkh zRu9)aW77?-o|X|}0dtc**C2=6>3_oHt8A! zinDmQ>1{}xRyHG8jzDLKi}=NoIfM+7$z0O0&8o~yQ}3671UR8(|Ed+D7PSZ$BC}bp zTx`pKLj~(kqNz&y0C<`=!536u>=RF$nw~aQ#57%RM}wczEjSp;ol=o}*i9xZPFctB zK;Q$jLHY}f?@9&ttj9cQ@DhRC7Sq~~ovdnMOziJ1)*hV6VD;stTX#xim1U*dZF-xn z{ZFvv^BkGuW~@Ck~V9Nv|Z~?=hfz>qqT+Up0z#F18WDQ&v(^M?lz`;m^(B) zEL>2)M1{B)h?Ca)uYb5JZlK<&r6j7KaE~{kfK+3uQ)NlV zL7mi6f*g;Ds+C#^Ke!r-wi>1CYE&Aikw&66luoKmPKRq#aTOhL)54K(#>n*gtaN5= zPCC0bFP+=NM6X!-F5WNzF#_acl+QDjMNWupNZ8m%_py<&-QiMgPWXB1%m*Q0&*vXOeT&+yZUXkm&S- zE2F{}Bc(wbI)u#PRXHS7p?Zsh$>}<0&UMvQ&g~#-vQBS1GpBe7Py!FgKAq7Q!&wEc z7xS?F2k^TK_XC)llg)6BPbv6>vTH#q?vsZpI)%H9`L^=GD$Cy>onohC-BN>=g41ZX zeb5X(fI2TBKRO<9)?8)G7ty?cjr=b(?;TAwDEN%a}9C%E~pRxGvHo!4bVt?Uq7t1hFGDl9+=$ zT|GvXKUAD+gDI}ZyX0+3uhGe7R|dLWutM(iN(ujdjaw9i$Ak0^G(#w3P&bx?I~ibn>;;}} zz$$uI9N^N(f)ZDP^>|GAQiKpi!7J2=@i3;+71?+&=I_L@_MPcF3c=ENo$@1EybnTB zR3Dsm{fMm3bX{G2+gSfrWc}M_5*z^X>aKZ{J5t^I*v@WjHivC8*hRC_BJn1lv+Uo3 zdkwW;QQ5$k(M)(&2pIm8_yN}AQjOwkQ74btATX3TXYAlMEz*~~HePKHGzhYyt27Bj}f)wPA{nx$(`t1uG`MmB5- zQI$^eke)QeAZef&q!J7uOaXNY!W;pX>iIswS-4CIPOfu88Y|65PSjG^YCgQhxL|TT z4IeYPj?xP1YoWiDyhoCsn4CG;3yMIu3U4Z0rym+1>;Y-j0^bL;FsvrS#=?)VJo4L2 z_&9SN=8q5GPT>Z$lsL-32TbwXqvR*Nw`Xlx$T+UFi6n)WM*)u5!C3k5NO2viDQy}l zkyGAbTW(!qn~w)9VgeV$j#v#9nTcT(lBkh3@E<`6@D5;LHR1=|zXXSAR}2n=fnoOH z43wlZq{iRbLfSkKEQ^ClSlni;+I=w-0rT-m`w>#D5S7=tkPoy(<4@X8C5+lt9OL*K ze4RbXC}1Eo#4PELnGb>||F?Ocuq01SpE85L1Oq(D4fbCK|5>Q zXK`L=@d7w%VTbDlvwAFAKb#bbh>sX$W54ok|6rezO8zkJ-$jb0eJTvT2`0xI`mbdT)4D(NGk$qS8%$(5OEqB865F%!DgFaOxr4fpNk2*A1`z7@5{GxMnz_M6SUeu7R=A(+Ej@ zf7E)>^4SU98HA5`E{C29r|*RHqk!~zZjRO^1_6NO7r>4q!)utMBHkzMbhp944D!98 zs6JAfG`V!UF}E3#$hg}Kd<0eje)u>&(oZX_5&zSVmOV#xV z@G#}sGs*HGzoA8DvFU0YZjLf@DaF!_o7!S*6no;R=N$M^(s+9SdHTpsH2VSI1%hyp zisZsU%0fGxDk}|q1}ivwBVhAX3OmMe%_GLx{YKvDTg`{I7_-&X{5Iagng|PTs~l(F z79H34h$#*s-j)7!QSc!|l>W+qog9&aS{zSW5u430WX$)WRh&DSb<@yD39PV{fD*{g z0cIA{Jd+Pi8TJmBdfaPzX3Kx~n(z7M;l79JtO37}FO!j1bmtp8J*BX?@3Gw2=y8h{jK~|G z`pfft^^$s}fNngdW_B3X3A$;xqIBd`53(Ei!A4ny$NP?fe!{ofke{?ETfl1@>4iKF zXoZkCQ6PTck$=z^az-owf(N6Cx?F_FeZU(vntn?W!U|j`3OJUf=p$KXYNSA`Vsgfb z32ko8GhbQ4$5HyCV2Qcxc@MT&-Y3zW6-3IxV(PHNP`va-jQ01D22n?=aVu9d6B{#{hl%_UNsZ*gfw~B5YsXUGfYI_2q^0ms2(A3 zHoU`_Z%CK`HQwZf321Ekq#1kyGI@c>a1$O^^Sj=MOfDi_>VBuwZ)Y8-fjHaK?a|J?AsSSLE*{oFz;cY z-)H`}NN+^QA}xIL;9EpszX`j32j8JlCmRDxFFD5_jgerHT#?`>856bf1wS@`F1)KB z3~0fV*nU+nnuK?}Aq{TlntjL&KJ3TfF23>nQx!nxpYM;xp1+l=_>lxpvtso8m)MKc zuR#~7@9aBcq5kr%GZvk16UKsTow3lh8^O(jzf%^HKRELW+>=J&F0R=p+~AWa zCX?U?aTxrVGqmx%&|HMZi81g;V{Lqvt7_wmU^H>Mm*TkY`~I`gJdDQKJQkX5cxS8c z*K*DNXE^u+Fkcef%#yyHGd%lGA!P{sv;EQ7vwzA}J^SaFo7LZE+3Ou=qmK3M|88XN zMT>2I7@40EUZeJJ;F{eO4Q`I~j*V#;T*DdO@$1O^E_;VR8hgiGT-7`7L+hqzzcBXf zuf*p1m}lP)C5^Jo}6B;FY*g!C~gYU>#?8_D^E-AUb@;#vhG6`x>t5+0-ud z?SGK(zTM|0hJ@Im`D{YGOZM!i_3YD=!83?Vg^A?ZFJ{laB{5%Dz#h3UbTsztwfM^D z*%wPw4oqxhuQA$4BwEG>Ua6S0FA+%+T~!eG_iPc@(`0k6kj|I5{7Pssj~u6m3=Z^kx0l#Gk(Tpni}cNn|MR!_3_6k9#n+BN7% z+-iK>42}r*uu{g+lHA=T0vhQQArgphHZ zk_II~!~QU+X>i00^a`(+k8jM!D{+T|GqvGL)8VOdE3vbMgxIFvrslS|gk!ewfbh^+ zg_(IoK|EFdkG!7sQM{gtM&>?k!ea|>cB&o@CW79pWm1_cO$hwH^ay)$voDI)#GWjE zM4`@G-Ks3+oCtGjmo43bxN@BWQLGFLzR(*CgD{qSQV=*{G!ReYsU_qw97DolT*dU~ zDF!&mF33D)9fqR<>1r`X$V}3JU`@j2G&$@Ri;@c;5dX8%)Wt^TQ8;XeuSLK__935{ zL`nR{A!y_GluoRoL>RlLoa?AQ?K^_rQzw1e>L}sKZ z2}mE_Vr(w?YR7+M$x#j@7qF6IH z3($t2*hFU5>!EMBms{d)7&s!eFoWQt7*e)!%ymSxRcQ=lT~rw%9#TM4fKUnPQg1ngHwR0!vQEh8FzbQPBM0tDflfK0)G|V7FS^vP0=fY%|C?)>Q~}1|H>2I zXWw7oL-j8@)Mbhv5C72|$Ew4CNn8%qPZ{UGeD6#PIK!Wg{c87cF|OCAC^*kMQhB_= zk}9q?;WTV@f9=i7>_G)SYn1b*gp5<%1vQ*vC4yX3=j9yCIqseF`g7ceCkWSh+Jq-%znGQ5QkT~VxO6591^$67L89yigT){Xc9FEt`o><&+$F)D zENfYRVuE~e4#$uV{DYX z)*PcvQRNJEu+917s^4bEY-4E}VXhPlOE+VGvFrg*@IzU&LgI$bc*h z#9V3I=cL-mNHVyVoLI>A74 zrQXdSjF!9`V-_iZ7HzguH(9gUCKI-w^2gEGnKWp>DQb;(sfYO6dBLs7bY?$yP)NBv zhK&hA5Ma7ek_@DSjChRSW!-+;wCB1q|tY9gEK*;l4kK*69qSJGXz;?f`hPiF@1tn zEWV9sUT{9EZfEaVUv^-JLB$mLEsCZ%*a!k(a1nDI+XM%7!42)gNtyxcV#-@E%M2Mg zPc}J%3tN7R=OiOkWYVFjjFOG#bw*1-uq3#X%wOg*+q_f_xQs|}YtFIu0@_x9R_Gnd zNeo`U$+pOBe490FuO?rd?ibI{ohKPD6C1atcg9CccMK$kSoh7&SnZ#U&j_gwCgT@J z`DRu^HIusA7-vBb+^dIaGp{pB8mT40cJ%CbcXaKCoR|;Vx$zzel)+hmavATma_}Mu z)%?&liJI5m+~>DHwe~yK-pM(;1c=@fr;yMrr|+>lkTETJswySX&bG@yB#k)9J1mVG z!G0y*=}^Y}6scZGer9V*#~Q76185#mR)o^}Dj_IeiP`zIn!#CNLUbc@jcBS{iK0iv zj7y{WKI@*u|LCT&WhK-{nMyfn>D|;!2co6@)^g%r#)xrYLaFN{7vK%eQ$APfmwlr_q=nupm#?P2E7dejE9G-Buyu@zx#Pj$^z&Ya}TX^vyo z#;dF%0;jAw(XWpGLpMIH;gp_S{$J{doT_|RsMY`m_>8q1tX)rdmH#dBR4Gvc2q4Ij z+;M}zo>Fm|gp0`{lTXqf3YcgFG7Zrf6sgvPR@fmxk{n0mfiyK6nF6`JyIceRRiH`i zb*_yBR-<}6yoYIOZD{RnWe_RXz^H2E9Rb1c?vOd5B#k4vLP%@HD5FNL*W0zE*=USt zTsy>^PG}i*25UbOlK~T?wPa}x)XyJ)Zhm~dw=MDsI71C<6-<$8f*#v zIKT&YO!nJ7{gwa_$mpURxk3@(DHoA1=5x6Pe5%2vV0CI#Mg= z_Dc^0M7|1>9$y1>gn2ej!8Zo1dCW9+~WhRio_5sAooT!cv?~Mz=f(5 z0*cUiiUUJM>=I94%YHk_Zx8X?bQ5fCyPs~$v2Z;k*@%~E_v6D zx!>5IndE*$Y^A+Y=<-XExeA9~9P^S&p@tV73Klxc3`X&1&8wtn8ygS8uP`XwIzi%&7KoY3`J(HvHcK zIWjXS0B}>>x;eJ!$IA99eDKYeiK{bLhD0a1jbXSYivG;HMsEHik@(E!>nM%l!*JF> zh$lY~(Ia^|wVf;Q`BWb&TD$Dr_U*F~F?<0da<&s*j*G})A<7SگJPb^t7i+S1UXfG*^OHkkV zKphG?K=Oc6a2?tst?Vzv=CjDK_VSqQS#FBCA~tPvb<(;fu~#dJ(FS2@z*CF`%fr*c zE23yhqa0lw<6XBQ?sz0rCye71#!*@x0tmJI=K=x@1@&iBnj@w&Qlb}fVA}U!F;(Oa zZ(!arGNS$|x$3Ioy+V4<_b^32-=quH(ktymX4)8bnF!8bv4K*u?(Ovevk_%Y97ZTk zDR^3=cTY@}wClyx+M9j`GY)y~Yu4)#l^pz%OLIW4Ic@(X#!6XVkW%jK`aJ>DA^wt#W29hYhvnK4t(DBzY@X`HyGqd320>du@C6>a>TkoJ?L6f{tkqYK<6D zeAsK-BR#PcuPg1DAx%V6AaERDl#CRT9|Sz^Qj-b-);@(%IOW-GniA-0dS4B~0-&th1Ydv+#^ zWF7Ly&Gooo_QS$3@J5VmAed}C_lBf9NVbx^E0NlFj^6Y;2`|A|HptvpOBd3MdK{8t%_fy6=A{haZ>EQ%avx?LWZSDAhIPM#ywxJj|%Q%rGZ znSgGz^R7xw6ouE4Jhp^dmxojIZ*ngh)P4vP$<<0q225oYI|RYn351i~Fv&rOdFj;B zl%Z*rks38tG9c6MboQ!{&(|#%!lo# zm~ipd&}2=#v^Q|RF=R>HH?gCv6m)&EQU(?x`k`GINFb0PgnE56wq!*u2uPMQ5mO z*0I5DrTSsbD`20RV?0d08UEJ)mZW_u?Yf0g>MW=GY-w4xoWAGW_nrMND1hbk zcPtq(fFQ}t-6~xMM){(3*KpE(1RLm7B#X-f9;YsS0XASv>cUUqqi2VTXNb1pBQ_`j?)Y5;;lmD(njTwNS z1weL?3Q>)`Svk(oun{lLx`8qvR(DVDt@PyjD}8CbSR=<;xYFz|UMocZ+n?`%03ev3 zljYvO&^9k34V^Xekre)1%iAe@A07pZhc(}_<}QnZ4-mWEy7`oY-p4G)3Df3#dbo2}6Amh7s!Us19eHOy}FEkGP!CzgQDe1%l?F58A(9wLx zYmm@E>ZiOjir$ ztDzu9JQTmK38|>ADeVy30Ae15gGcELRyx+>qnzK?cVJNS6FoNgwMMQ%C6fUThVI?c`Rwd@jSMVeN;BX!xk<1~ac~vk8v@)F0$eXM#3!af zzjDN8or23Cl2R!Yv?otm#_KRJ70^;6xC4>WT;`e=YgjLH=5qWPq{bwi;~dfW)1+hG7mLMPS2}4Ko5&y1*Bd9(h#OMOiQ58{J1TzL7W55HZ#yItF@V z?m?%`{j?752;mqi+wjA)OiTLpgQ5_1r8hzMh^g=_WHj@HYi<`a@PspP5Nyl#VP^;{ zNzHxg;zL;{SYq#mt-2|Se0Rg2`jGg)V8)du%twK$J53OfFa;k5KVyO2=wEh)C~^oO zD+=Id^sr-FTwKr0TwF)D$k8?0f^Mn5hdEa8uE^<3-;F4m*Xd5avmXd9hn6yhMRRJ{ zd{F|3j?8JHdD+>OQlAS03*n>E^UTdorckpzW4x2mS~OF2OP*4l9~wU&ej)O|)7kRQ zv)4qeBmFE3?e1Lv>&0&Z?F;cM3?tZf>=8CfP<4@O#UE2BOQ8VJ+iF&rW}5pVNT7$u zh+EYx%%DdaoG6(KhwX=noSB`Y#z1gAAxd9>Ac8kh*vY83|A^1*Ez4gOKtNP{T+QFvcO0@5d(+vdE(FSZ_x=QGIa34ffxn? zEkdn1PK#jr$_QO~vGRiSNU8KnxpE8YP~am_9;G+L62$4ta-3tH%{m3T<<07lAj7B0 zkL%0}@SFCWsCh|4&VD`)uZ*LaLlnMX)c(u4SLhT=Lp2oeS)Bk2!&niu z;-&67Kw_IzB1GcH6il&Qxg5DmWT5D)$caQ+t$bIXDWT)C4W5Ygg>X)PXNT$~*2mSj8&&O#Sjbm4( zV*2Z?s5C*dq(Y8})-~FI`$*#TCqiO)WW&PLgEhnllIuH@6f!uG12*u>wBb|Y*%@Pp zf_39JdbH%Jyd*;ARtu>JY9j0d7en)>sQGHd*1Q6sYhSihWBs+}=t*bKRgT1ro-nq* z7r>Gd7pt+?ZM;?%SB6R%>QKI@6T>J7l`GVvqBfqEGc#nQ!Sp|r&XC1e1dB>8Ur{I0 zD}I*?CKnE5z7BK;#0SO)xS&e{q&dZ)Ix>VGoN8kHZBNIm4Ut75e=G*ka6MH74Ez%8 zi|IWcFP|jc;YxFbJuwc_Yb;9hv@83IyT<U7bc{`sJ zjWtP6a=t;Y8uusT{MI)|j}V3lQ*cI&OfCAfgSX(xGfaHx0I{Y$O^*gQn6I_)jta`> z)ZLeD@n}SvTAqtIqOP;&)ECKL^ndg>y|m!};a-F{|2L(y9ilpRqmHt_q)~b~PQRJ2 zeIuVvYThpEmOxI}G>i56|M&mj9ET>=y3xP=JD-F2{9o?gJV1)->i@2DtE#)YySit3 zW_niWSs0jM*ahPn#Wn6(9+McOiBXf7sHsDKKI^JcRBambG|2W+}5$lOs>aa z7h$jJU8^x-Cm{9(Cn9Y`-q_4%m#ODn5%U5(k(u*aQqAfIIa5*_Qs&)MYI~~Y=~T+O z4Jyn>Ed01jA@N@yf!QMLhYYfiFwiUnr&ks@lJY8sJ8v^7qCWX_-CU7R%PDH^UvN*u zqgqd{Ie=1OGS5;|l}dH7?qXxY0;q%ULJdOqw(h5cG=GIj!il{xt2CCc$6pShN8=7) z>ezvfj@ALx?h2K{07pA3sdm(-CMLzlHm zg-pHiG^qU2_}%7|IYzq8f(TsUi+a}2+FGK8Uapp4sU<3R z6sZZD!Gx^L4W{)&_*CH!h){$X(fcBQR|em&T<2s98|I80i+U;Lod~egohEfR(kLf$ zzFev15OSwAq-i-2SBVrD08+4jTZHYG8ca6wW-5?gVnKjeQ9ys>&D$*^k%McXVXiVm zxK5`u|5fA7rpnAU7*5A;sFSsD1WRhjz701m7V_xLsUGhXx~M*5dTK*c<`K()fCb)B z=*Jo%L9AT94+xqt^u=6?#gi?|Z|KJvgnk%^NLWihCSsUs=lIhjv&10{`_u9~K<|U8 z>JUCDl@Q@>kNe4GYLC=quY;H2zT)NRre0X*p<{-{KXlf)xl43C@!Sd8(m?Jpb!W?D zm$R~mk-pspdZJAScdv0}rt8_OT;rzL+@;Vf0O9D~?#e<}Zg*3QRBquk*4QWh?QU+O z8hk2qG|nEOnr#;z!e0&KGl=d?+YUu;R~w=_K#ehI%H-%D{3`1WL-X#Mv$YSayBpXJ zwhuMaZZ;O|XHtFyOqxm;;0M^ym<0#UPz5Mp!>h`zlyh+6)wcu8Ymg43b-_9qQ#|h> z=T+*Vm7d^Z6p73>fd1YipkRB>P9Sg55n)lO$IR(G7*o;jyO>_+>cqMvBg-Mb3%kd; z=h>}%#$L1b>hCgnXA?)R&NwxXP$`~%n+5fOuLOY35!?fb44GezL|_lSm$Q9tvu-wB z92VPAv>?~&=szwxUZ}v_<{0#(8c#aM<=`Y2l>(Vo+kIM$iWD~2##KZTPo-P;zS zX;K9Gj>wqMMQuajYIuStILcj4E7)6{X15TLgBcc0S;(G_dwoA=E!d!XNP$)p6L{VJ z>o(M5!lH>x6U0dhi~km!TTS#0`}!3h`J>by_Elia+`=yrb{W+T`WL73ru2w%i_~ux zjsOa3CBMn^r>qL~FV?C(7 zx}`4BPy%w10J-U=l{uA;x=yIbr8~JEImW(nocf~|uZ3sOU@kPDa(cifz!q_V%YKAV zcAS7_EH*2mA`u1Ig{IPVc*{lIqRnncQuxZ*o~?(9$j3M?mh8Th8RJv-7^q~=eBO(2 zP2D-3a(1*gz&!zT^E*WrOXf~7i>2~T8Tx@Iwa%NUb(o;lbHXcderIM#=@mLqcD)qQ zTNKM zB`lw$;6pKa!bk2Ew<_diCifbSo`DcDOo$3*ip)kBd(m!I0o`0ttvXX^%9b1ILTfzD zFuRsPKbo`8f_nl(m}!I#ROt^z=c-GCA;w{?bHC40#QRYd+ZL(W%wXJP`eEdRrG}0@ z22wg8a3acxQ_(p%_V;ABwsG_y$L8oR69k47!F|y&H1A3 zRj%n|{jOyGsiM28;pVYX?^0|A1s1OYhq)nJ3m9K6qfsq`u$bqU`pynOp=Ve!RG&50 znU|_$Fj@teq2{MJcVoY!K6Jc7R#0`RtwFISjUnrMyxAMbLZ-;TkkG-4Nr=`QF{;dw z>$+4lYQJqqZD6n7W=;$@VJ2W|HW>G5BO5UC0!hVu!`Y}NT6g(1i*+pDoVQf(U1d^wwnzy<*!?^DI*XjEW41)d$KcIr8z@1uaqjtSU)+L;N)dEM?V zwYc+=YlSo39rUWyz9yMh)rqqCRcU)o()PabRY@oJ{ZI8zE50fNy2Ylg$@7z*Htx4F zFH3)?Js61?l5M&zmH9in?(7{bG>o=|A~#DtS^)&OKvsIC+u3(!e<5iOh^|HXV+uu; zEoONbpt1*?BWZ#ZUN6`&Pxt&Qz2Zbu`Yuz=Lf8MbSDavKzRRzFE@_1DD{bf{;$hhs z4w1giDu_`iHh{ow+}}y&yDZ@;zvzu%r)qV4aIMD9DPX+OdDXTCtv1q7!0NA#1!}s_ z`z4LQnxcF?B-Ot=m=%tG8KMd)vZiDd3qj{0&LL|}9scqaL4Wi$6?LYun$yRy$t8?? z1@`|{twiA_;%+rPx?%{m8N{H>t8=K^OdN&0hR#YiGQp?R2iXzPRBTnQ=w%9&ull=0CwsL!~|H6zNgaH<5~Ut zegx=^W~_~9Xjv^oxtyQYGi_@UV910HT95Pkf zE|*}Eq|uiQ=^SbX2VL%v#-V0NerP+O$F-@zKhqg6!AKd*AiK(s7LA($$BbTWDnsMRb;LsD(b+i5^tI$6mA{QDaj5&3*O{!q15LGes@-R`_VM`aJh zDr60Yz(0-Ge+8z}nG#7#BlP3|R{P*z8g`JQcZrNsCxbKub2i>m`0a}Cq`xiS$vIQ7 zgz>(U`(}78Zc=$(!Wz1*LItHTU)S<>)vZfCbC|nH^)!UR zP^C+r=`aHf76V#d%KU^P`Z=etz#xcz(F&sIwJUh~1LxcTF9v(^giKEV!xzJvx8r?9 zgM2Iq3H;3&QOg@vJ zYzo0um|%bzadTaKB>Z=0qY0l8c}~o`!b*IM9EE?Qf_cA+EFBPzFkO3x}4f32VsF2Z$cOGvd=OuO2ac~IS8cQ9^D!!{N!T^R>!Bi2V zg>Wu;S`%W0G+X5^{d0=a*QmGH3t%@^$5lAfGU+Xi@5tsx+0vN(5LbV5qw6emgYU_A z&3lsGA>Q}g?*#uess-!b1l=^9BB`1cwq&XkW`BmPWet@dE4D-XElOeTS|y``@E zYZeVElXcHbZ!PeCABxPXJ7IhiR7QlO6FJ&foix{zYSA&9{jcv41bGN z0CSX{@|)`P=UA~$io(C*itsTGgE{E8i}M%ks@!R>IeSg-Viz>stsdi#E?(}|OmzkG zpXB-t=j$9ccrHqj-|{+Qna`M!H6vssHW^3AVLIUO9rj8%$hkEds6by|E>+XfNB(Z5 zhKZHKR~RVNx&XH-SlKG^ZqgBijN=D7Xmx1Lr6W`$U2uc|10(6;8`M&Vs}1DDuBM<7 z#-?*PI9EqE|6mfRIXEcj7E*&_puz{bWjd!#ODI#-H;g=U!W@Ho2GC2c**@3Q93-ge z?vI`2fM3}D7Z&gx1v!LQ+CLSjIt3o2^V&kvTsi{cbj`m-Em99VLjUR%j>!@@F%`6i z3Cn!P!I$1nTK}Tk!0GNe&UD(WeBxEZV8#SX2$+P~8dY|5;UzUHo_`Or(kkm_GzY5> zHf=VCsn%}|pYrDm=Us2fG*VL~rJ@%&>U zb*;{g><~V?S+@r6W-v*oy9Ihl!4_fq6fp|T6>%jF@;^d5RJaULq}8kj16Q6@yM1{? z3&0C-Swke=y5usHRvfcUd2qNR~=36C}&)3EAsEl zV$nC}%y%aU_;>2k&s(Ao;X%ZSTU8^L_{TcZ*`r9oc&+`@8Binq40V2CAg`i^*=6%v+k80QtUtvf<*NJ>SI}t)|#N$Y{xycMvLZ;D!Xscq95&bl0FESm~&$Y-&fwhtFuL_)Rkk*-<#T zvj6gX%n&;$@U`)&$+3XTVWh@?4e{(qqpO&Dt5IC1Bitos)YfIHCqi3P$#00g;|+4A za(qp;&9A8(tlEB-Q07m%39>g# z2~)u@q!KUjlkmG7&JgGPS&s3Cn_;vj<+fmC3XCnwuD&7_AM4$L(&jfJhS&NH+AaKV zf-9g}5gbx!UO=49Y!07BybkK!Iz+B$YM`TX=&l}{8vL^WDo57Lr}OIkR7pjBf-9=m z#3-g=+_M?aMUcp=XqEc7F>Z+@2B}(JUlC>O7npizHGr^n&46W~@nZn0>X=PO+&^75 z272&ol#f*-=Tu2|)n7cD-0#|CxV;Xs*BX2M=A5dOGx7`5UGL}a0q53#>5q~t(y}~S z@TTzmZWlG@Dg_Jp@@e@~uS1SX-E5o(@#H}SS1b^gHu`dqtH-O5NrSSfmicevZT0w_ zJfb@o)D^n?VQYbc+CNrK1nio~R4VWEPBz{qj35TF$-~OVu4udfc*XIQ?d-KTikZiV zQsjlyj1G^C@?%5h);@Tv%4VK*M6hil|E?1;Ktz*)T6Zt)7=O!M=(_6IaAsCNd- z-6+;Ljkh^~ft6+7iHgTgCpxLC5=_zDYxz6HRMa3!ieamY(L9Pd-M6ZVv`#;OjF56( zO-*4quJFV(u=!D*PECh0P*5K5JY;_xOutC>npB~NM z>rU-B$^sLK;S{B+T0j;Y&e}W(7OJB+HpL1E%zZVJS{rvKRs?jO5{i;=V5+m+k?I<1 z{)KOY`RkSumBX#04_s`>WKmVNn^Z;CtK#e=`d7>}hHS<^e)y;GqlG3z^V3+o>DZ(X zr_U;Xws>aC=SH2y;&yia9Iju=qr>H(MBE3F623s&bZ;^|Rqy{%f+9QCJnEUI%=uwW zZWWEpf4MSWah z7^=q-DxTD!7X|r?o=4p{4qA!63z3xH(dRr@y_555o`#ZGH??Euh;)l*ucr)RV?eRZ7XD2$f;Jn&}(@?_dPmzHPK-jQY=eazFGf(|u~2!J=Gs7%^V=hNy! z&Z}fGRTt7od}!l4v!w3Ei{_BX$(+TPDx^Q&fku^|7)E>4npaYIg1! zjF;5*gK`g+!JN}DOg^XO0M(`tyX7TraGzV;&vmjmr(@&PFUS{BMif!MgVBTCZBSKQ z!OT*M|5d8NC?EHtm`TweN)|cYYgYzAGUJ(!V?qLy%E)$%{TPauS~V|K%Xl3 zMN~N$qhzSuCOSezqJ~Q|?sNu$0}6PoAT5~KgkuBe$9gni=WE`@B!(5s>6gtHBJA90 zd{2GZd_^I1F%f{C>ul1~sor0B;R|A(2c+xe=%n~#@2p>S&ta!)V)iHv7;K-;S~3be+=<2*&40ugS3+bm-X&metH@O# zL5^Qob+9uhrCU3%#p%xY`AlqmvJ4mR30)v4^BE(X*aIjy-2(E=qo%x?R|&Wt-ze{0 zgO#CelD$jHQ&(CAk0V&QZPS~4SKmeNm#!>Qo$p<)EU|!qDQAM7sNLw6=ebIE3V?vq zcmnMwTzLwWGwiZ=3GD^sD(%&z76|Yn4_jDhUginD_|!FUo>Q8CbIUs|%@?7$HKKW| zCkrExL3@|b9FNeWG^eDa`d&w>d|J+P%MS}1NEsLTGARZERPaFamREk8W7xFw9L8B& ztmq^+_%c5N0P0O1R zO?#KnTuH9hb7MmD=Yh<`=Td$VNH<#?ZTmK*d09}Ng6Trqc^jJBBbvVoWGPY#^|W^h z&8sjYRGRZiZ9O*!@}koGQy|-7noGztPY2}Ly+3E=wTPa* zOXw{pR~z$GLhp*4OwU2@nw-qaMJ?E>^e)MjC*_ph8$_UdJED0{PVUzbxoNR?3C*bl zRacsGNo^gU&B+#}`G=frjcMLZp80*Qyx!96;Tv_lFqDbt7@%kG5_%hBdaot)ZVu(P z5PElna(5WjaU5z`Gbb!}hg!!ee1qO&p{$GO*}H_^d~&sZ_mkTCy%oxKrT4c`#sL(p zZ*7gzdnGJyv-H+ic+Q51=Cyg5t-*EEV($`~Z^kqyR>m}!2(0BRP2XS@=*6)^E zzpIe-h|KbIg*?X*jB@K1^2{R@N88y`H+8UW%6Y=L|^30_*<;m#V!LF@kf#V5vyRSwb)Nqqv*XmtTw`p|| zf38Dj)wAE<5nZLJv>Bf@WQlji%mSj;$%clP1nO~I3vp_OSI}^Z{ zn^bShezYWOIY6asdzX|wmt1`}D@bj7{$7&twa~n{Rwma*?Rknk^Vd@O9ZPc)G+&5l z-dHQQM1dIWT|#pwxytK_4N*I$$LZWST|}z9UmAa36Q^%C#O=DhP8QcuhkNSe{<^4L z6C0_+O?Bn@b=t0}jhK(~1fKrBPBw60N4xA@Qit2f)pp&hXgu(89p5d_E~}Sm_0ax# zz09nSXuqhmFRCw3s8`zCp#4Tf`_6i~m(4h|?Oj59a#KWmI#Cvt_F}%wiyrHz; zs+aASHbM}2<`4Dd7cK2IO&}}tgnD1uATx;64sCmv(0-X*<=xvc?eWB#RbKS~aAwPR zuR-2#po|L}Wg=LsIu_O`_}O0?%5OGk{Wtbw&f^JX%xRQ)Y$Ykf-X&#hCs%nh9&~^0 zZ_`M%9kb(f6_EyPSr<0R#3stRv`MBmMP+Ry&%D=I-qEOKz0lutUg8O5-P|O%HQBQ4 zT~gM#a@3y57&2-ZGfA~Q_wwA%U9UIE+girEO|sLL5jd;JGkd83*?zL6A7%WZpKR@??FgK^$uqz2S6+{a z1{5BHZ<{Uh4b$uoEL zFW=o?Y0ql$oNk^#`}zLzQbgO{CA9A+*N(xKcy1!q`oETxadTO2D^tcDWx2Z?l`*cB zGUk-a-DNFfQY)JQo>0bPWm$)H9`(0(Ng4CW)%q`Ljq1Oa@0S0UG|QA`XkXDR)0-pO zTa@;$a(P^{(%uT~Z4vF;n`JTnNYJ)-3GIn(QT?Z(u2BBZR<#B7zn|x}jJKL)yO!~{ zW*OHKm9d6A^Gb7hn=NB~8xjIfsQ%SA)%KwD};y(JP7TMMU z?blo6ZA&}t^pIyZx0JWEX#H0W@SHU~f%fICa#gFPZSNA=FOjSKe`7#Y|My9?{!`kc zvaTbw?P-t8e5+Nqw`zM@Wn7!KC+(~u&%DxF-qxyRu5YJ3Jkj>F3H-3_(YvI~H_5f_ ziD^$B7?m|MPL~dh%X+s>cD7O0t~Qx4AS&x|^33aPTnf#=Fax= z;&!dWbse5FnTeiJR%HBY(w*LjpJ+yzmL8|S4 zKTf9%j=o<E>9V(WxP!p+oLjmHCUDowq@A6q>QVEM(vt4G%8~OskUzkskZMa@@-jH zbjkEC%DSdYW_3knZ6(iK(p8?+rDeS_l${Yz;Nd-8a(|aC%ibkrO&u1sXXdbo_WU?q z$#cuIU0pI^2xVL{M5YXhc(#E&^KMspyDekOFwc3BCzNs15Lqz9mSOLbGTx8Nm^3_U z&kRy+&%8KYK0Ge#Z$o64VW`aK1dKjm z?~<~1kgH>2!icDht4Nh+3r57U${&WxRxRU|q4I_;!*?De&pbP{{M=A2W5ozmEIgr% zONYr+faxg1-X&$cK(6+IourmW_Y9N!he7k#!({oesNPdYLi6@v<%PqP=8Ta5g92Cf{!)4)cErWo3TE?}*%hwIp zGRBYcoQb1s8IKH?HN$Pa?OjqvH@RBx1*4)eR`T7hCA)^pgb~obWQ0r^p|k^M19|4% z;pOd?_7-Tr7}36Ige<_O5}w$*g!cR7YW*i25ci`4V%nQW$csw*Pa|YoOnV7==IIgT z4I{MPJqMsJ;R(FCc%)1oX=&TLg!U$KwccByt-N_BPN$EK`Ty8RSvQh0o*XF~M@Iag zPoDYB$nwgOTE@cBp0k)Il=0R`*&dZ)?~*dskgN57YIM{`UnI5sKP-uL@e+6DPlr;0 zmk-rg7b}jyWCnEq$NI*)0M{Qi%$R=ZCcNEO9>Mv?YR(Y#G|2O-D^sr@5XZK7?SOrR zMEgtDyq&FlD{J1#R{k|>wr8=ucsJ{=%6h*=P1SpJrqPjfM|BLJz2jPBd4`I;U{-L- zg65u|jWKHW<^oCMykkIL5@3z z0Bk=;oBuQ}+Z!&rEOfzo>Y_o}c7Dj;P3J_R@9(<34_Drjy?zIL)rYF*b9?=6>xcZ^ zICYTd)4nPGhbwR1UcX!PA%C}OuivfzkiXlu*YCD}$lpy%< zt%Jvb2E={+>LK{`MgLR)4ow z;6OrB;FFk2eH1(CR&46NmkGkLxxE4jasY}O=NqC2ULEcmVu%8b>)~^HQ1;*8VtSd$ ziguKmY}`xDUXcW?4}3QIZI8&GB>FwR=ozf3-xYtmn%-)lLPB1C8S+!bz1(`c{|M^; zrNnPhABQsW2<=~dK`xf)k2D@3F}bc5e}=eMTN*FgBef3qMK-aba_T~u_VK-T< zW%Dy1Z!?XPsE80gA#}V9xIKS2srQZlcfu1|du8?4#k#1^A7vxjc%OoXWa(=gwwd%R z#^1(X0-t>^GtUifbTuO4Rc>&ly?NUNZxI^N%Peq%TkVtCZg9Q5*n|s~h9(yyz4KA}cxL#gtZ^pU7E`Fu`ZSXR|aw%=EScKxeOsG*g$Z2COvO@ur z*cpEM=NyyOctNg0K_`fEh?P!}=z|%>nox|4E@@Q5D*dIN4_8K3XPBPl!G}KyTG#_% zRYXLff<{aWy(SX1wra4}R%4gp6G?Poj)nPKY#ywc38p5TLA%w~tV;uv%=!U#hL8&TM#qLB8F zFiXW;?Yh{2Q>t|PnX7&35ZT&bt3vb4c=9mJ%oOU~mEu0E-@M$l7z4|hD&g4ml!(gS z`E)VX%+P?r#WuwF!*D{Vb^R=ZTzzS&9JSL}$P%=rZRIfCRU`i%>9p^a0L9q<8BDwk zM=e-5anPI1xE1Jjc^9~Yb9PgUE8c2diaB(~NYS2vcgvtTf(=B`ULzZb3VR=2v5kN^ zO@$!e$|vAcXEW~@$h>4>A^aIw5g(plx1*5IC_o?%3n%hb-tdzN;6C^_*B>gqPePB0 zd^bIeE3iZ2FO=R`75u!DmwD3ToxaQ~I^hz`9i&k1!V9%TB$-rA4V9$7Remq5scPsY zt$b1uZ6y5(qb!W0U=yE{qT<@H+)HsHXXH@2a2``#eOm~STChTLwx(*Zz711VK0(F& zZZm3*slu=!PgbAGs{`Tg$}`++oQXQ(ZGhc2CQJ;6@cYB6E~!yaV;et75-Ngf8rd5p204?!dYeVCwH7CL8DsV?B?S!RE2K0 zn~xahfr$icS;Wbamd;UgOxbyk)p!g}boL!o(Qal$oJnkvOHK_to~A-USkFcn!|}SU(39Q(PjE5r*r4Si`7gll$Z3e0NLhavnl9wvAjmP3CbpSJ%S{_%{wU8UBW{deR)8s}Wgvg?z6F2=2P0JS~i2ni3QC_RMqa6YPPsbyT# z@hiPfOjB?rPrI1rRhq^;Cc$ZiEXY?@Gv*j=+tXT45p8M63^HCgc8+ z9;EJwlxe(i(ynWtrBQ zk&W_6T$A)X88TE{byEPJv?bh10^+V`1g|axjw|ldZ0`&}w zs!@ytQ_1qoG+8;pWG-TwL@vlkgoGDIbw^5Km9NaUXOO`vuQTn}B1PF+X0)d9I9Jef z-bsor9FqW4+K~tK1)pkPZF-m9L#LQM!rF=$DOOeZ%|%?a=}~GPZXl-xLq#(!T25dTpd%DJs3XKidyUHQ~6C-{g@-d zI$U*_Dq}uM3wWV}dKu%YLx+M!RKb=as|yl|UGGM#cTi(i4RbNp#Zpiu5RGw2uq8Ze zL1eLic8nD;K*p$Xh7wX(I*{|ww_@BGzvvTzJTZ#OP-0zRF5q8~BTwh=PwIFv$L$hq z7TsMoT)0YcI9{FL9F5SU?w|e44wHTtyV;>Q+i6H~R=7O9oi2{=csk7kowJ#V+!LIy z^sTSKJoFg#7xJ=W{UeWZet>v+kbgKU9PseAQ6*TR(A|BSrDIwxc#k4dZ(m}!?D4I$ z(;368fY=458$Le$HXD3=&a~IM%{UTu)gh={!0b_Wj>nqYOOGK0*f7xRIEM2+f$_lS zqmlhO%ek--GuB zf;_+(B~L>!YiSis5)|atAsPv;32i|xUA7GF+{KQvtC`xQoKv!1LDF@(egJ*(I}ghS zoj97I7zxEq%T(;e`=Qn8B94h10B8tnB!R7HL9I)e(OlYXXo+e!l-I-T-X9uZ1-Lvd zct@+*zW#0+o*I<(`P?~LmPvPKh>Dbv?o7p;OuN(7)EcyTtrcyDDS5a%CZ4wjAuwc! znXVren6D!}7#s;dC0i>Bzp89Sp3Ct5FjFtAQCs)ybC@X_Gvu!lZpUJt5F6n(aXSX= z?)&v@p)1gp{TGF_NlPRogi?+2ME_}IOlC_y>YW1!G4GXDHHR%;GgJcHk^T&en~;O> z_rTP=ActiOY>~6MF~oK8@KqW_C+KlUEpq|Z2^CW3@I&f@x|{G!3(hC`DDR-1bj*P^zA&i!G26_e7bBfV& zG=qxH+l*0n(XVI9tzw&6%N#q{?O^@0Tla1J!5%gCLguBAz8+ei*rJ_8I(9LWrux@r zOTa7cHf;$P7SqTsn$6d zBrF(*p3*PoJ0UzV#S_(X_ZiCfpFg(GN{I!AEch(DKYUA@;x z>ndqoNdRE3Ww&yPp+&J%ANxp>_FI{ z;o_J37}7P9DzBgQ1zaTdU~&KE#F1`l`z|UmUJW1vDqN`7!$#~jeDoPw%TjPUI7jWoYOG^uNVBe)Zrf_3&6ot5RUG2 z)<7n1VroyZzhJi!jE*Y|_yFxWHMlt8?^0~)0};)3~v8G^%_K@6(5V$eDEilcDW znaU7VeL6Y;ZF*bKioZjH{qUT1ofRbdq*=W5o?0kQELdxJ!KTt6)xw4buhDJr+N4z) zgIrKVOw!4842)=i5&dBVRmn4%5aEkSVg%|9UV*fzFzy5VdB#X*5F*>2ZXo+~F$wS4pE(EZOCltq7p_W&;})8L%0F-zkPf&&KiK9QOIaC1liSigG$ zlSG9b5&E)}Wta^z+7&Fxb{xLof;dvg%phKEH0RMqO6`$TmTBii7aTa}oaNN&636in z?o`0NG9plKsgjlsLJWhnm*7AETnpDC4xdS1;D|5yD_-*K&dyJPLu zn`6?>Ib&Kf&C=pG8$O!Wyjt}p*Y2Y8F6v;osL~(HPNQlhaanhnElhd~64ho;ws=K*_3iZ&_WGap zT9-UeJLgxTKsVr_?l4YSr*-T3&J(({0ypA)238y`*0;{9)Av=yqDaq=zjfUwudG{6ypUj!_pf7agT21bEvfu7YJ=T-)X zjeNuSr_JXNQt4jjANbmU2h0aX#N}jEj1%*dV2T(*YEDrp!48Y_M>;sZ>>feU6w9Fd z)}S0p3jj7?V%Xq(;sZ2~gXF>HzyO#H_t=D-j`K5;asI85eMr_ovKoIbhwRDS(L=&H?%Zr*x#|;Sw!Y5v|6I(urbZpOK1=i$cE{6>4Xg zwDYaw`jlLD)>_e|g55eA7+ZQ=hbNRT=!hSX;Bj=5LI?s|lMKNxqPpa5J@%{*+a7&u z3TZTmy$pYOT%Y<_X`9GW%4;yH+1eGv;y=%*1loxHFM#V8`B7 z=*y0{cx4C0kM2`^ge~zAJ8|`{swrnJ<Zz@3 zDh$sdgQv|?b7XFUjRY<--bO-dn5t^dhciW8nByhaix*r#*Px?b^~}*A~?4DW-Vp!x*+c%sBOW zOzhQhw`^kotE6nZVqgYE&VF)ypPrX;zIPT*iOls%1rvO>&wF+`CW;Iqbkw;jY_+4# z#TGE)c_XgGEy{D&pJVN7EUMD`d*?W3q;bfGdqAb*A)%y`|5O1$_BK`gWu>vBcZ5NR9tN|WJWQwby-)@9vRc8NuO|LOPUpcHnB0WjX|};uWf5!eN&&- zDCSOYOB!uUdSF7I-uJ(#w-@{<^}|MF&xvm8V&J?!0(Zxzj>K!!szAo1M(Zu78m2SV zp|=K^qMK}{xxjQUXcEpe7*5S$vmdtzMlSu{Hw0CxKOI1NS9EI z?UA-r7o@Ok?4lEXvu6QnNI}vPTbx%YPkRZiEP((JaZ5Qgxd&5w`HFErWLP5$WcsPxg9ql#Nh zu-R1F>#5EQXnyGkm~(+=W<}jvmtaY(!My+eW~D-d3evxxJi6%`P$3W>+2dvlpf{WJ z5IMkQ>EcjXkINAy(q2AWOT>b(l3mtU&DV2ZGvh@r6f;2tbVZ1M+k7whuK58g4!c$F zKgc#ww(Dl`tT2M3{7SkVcghk(1O%f4*x*|&c+?-ML`6SL*&9=-Abpp~?+mlQ%H|(3 z;VP59Niw&wVB|0MgPC6CHC`~ytHkCe4-6{BqX$Wa)$xf7b0kMz^a%8d>NBqTVf9k4 z;G;6)aF%fOF83L?I>J8 zG#cy**v6)uJym#O zCSfK`SSEai^Oc;0oa(If@Y-jZr)CP6N#jriIuG(5`KdaYD>0oVA~=zz%>ufM*^C}@ zVTuz5{405}=zIAsm9R=!yNlid019B6Tl!3qn)WCRF%nntF((4u7DAd2r07&T* zqUKZ`7wY;F38tTL)`Oq9R)Hy*gAZJ$_33=uRJ_Hg-NNtL1i&PYL5zEKs^YqoTdn$X zw!bt+R~U2kBkNs)_*2 zBG1lFcX?^{YM}JB==`nHI_q;N`s7e`pHkrt2I)Iwh2+NvnW6L;dZGK*RL%C(L8`J3 zISqqlc3d844$dEB4$U884$mECjsO|;NON@VD06JSnCkF2dF~bN_3TM|xB^FNZ*QjO z*CU8`*p(^EUa=BQK^1k@6-x0L*wE42HC5P{EctY*B9;(EPNq0f1oxoM=)wPB6IT0R zJ%Vs#G>VjO{sZ7h(@N=T3GfVCiZRM-w}vC>>h#5ut;xXVgK2{vZ6Ke3Dzk$_kPWCl z^bzkW|5H5Qdh(~)YtCL%%LoV3)wIK8-!sSWFyVXV7<(P=tVIutq|D?5<8Mf3=cVZn zs1G<2;z{SD>2OWD0@q&F3pzb7#dJQI4ma?t>Jjnet*`5|u;w^EqxjH2(IeAybPr#k zk1{)>WG#T&+myznLGi%Q=Npy%n_$lI=!cF$Kcukn-GU_m*Nn3<-9lr!3(M8luDkFh zd(GKvYEGfxboH~XDeN@C@x|lJ@c|$2IR9_vRNJ!8*y{*qLI6^+j!av3c{-ils4cu2 zdCL15qT>bT%fSWatKJ2)Y<9Yad4XvlYUhPPI3bAIPQbc|A6Eq7Rrs)1kM5&EI>L5~ zyg8EejF<z(~M$1TG|eP)hb&4o;x@f)lv>!m@sFLLu08D=U5XRCG(9Vg4H7 zOba4ztc$pD+Me9t-S%>$@^9*&p6cgc6f^ccfrQRO$ND!`8E{*EbLq5V_(Wze} znJTCH^cLmR;16)BPmd|t9)kef%O^Y%kuY}iD&?L6ua1FN!=2U2EBesUb5v!8nmXll z5tYYI!a7e3bH-(8$TR7h4IE>U%Eq+(Hf`1cy1*2S*rsor)8j}6)CoG7g6nBStkP+t zb62B0@SO<+#bww9KV23`PjH02rj`YJ4Y)e{3S4`Y@ovS1ZZn?f(cn{|SN;%WU(y$` zd+=SB38!YF4k){Va6I$1T$BkXX21hMCf}5*nT=1&DE9dA9pn9wAz8V{|+|H*%nZc>gtqa0h6fpam(hQTpK;2mm)cwm{H{E zHfIyu+=HK&WW&kX-P2n<>0O--XA*w3`k?)A6t`bHgg-@^Om@AT9nK&I1Z{uQ9Vb|J zy8Ah^eD;u9*&WEJ~cHhlksuldqkIE6rid#qzRa8!s_Aze|V zlh|th}-LDqFZ01tdUp^`KqrI!ylw8EKCD8!-&IeYrUY-@~ zYtHZMW%K$|d%pf}TV8(6UWYqNFx#<`O*HXbp36?l!OJI^Uvn$6@-V#2EzinB+70wL z^UHAbeDkH?d~=?6KEK?Ml_#=xFnuG=`MUX<_jQ(?4RjFI$@X0ZbK%llGMIX$h2Q4F zwaVqg`b^V@z~$X1nR(PX(SZ62={NYq5|mC=2O1qvU3(0uL4D)tx z-fQFDgX-H1s;@DqhC3^xH&OkAIn~l#eV5qeJNBBh*VG(dZ9L&0YB_rgidqE7gv~p8 z*^CC`ce(63n9P4FJid|(U$ac9f?c~=X7er#!wKOB7+*2>kUn$0c27N$`zQ?mX51a)`F%JHM>E7#MfxW0g6I{fC|eDU zXy9uXEVw7Z;cviU=Iwlo^RFW#S*ii~3qe~?O6uwPfwLWT(?qNL;>biTMLlN{0Al~i zi@<0JYqXpVBb6SDx+&Y~c3>Tr-6HO0%))vwW3y{MTXy`%FrC5}>Q>jxbt5dR^*l-O zeE~)sc(?LRv8-MrRllbx?5?a&;crA%BXtO9hU-*!f*yvk_C$klH z>IP5dTg3-HtV;JvuY4666MR^Koq9i_jk;ikXWL@$652D-k}B;bq}G@4FP^-kG~e^& zeM>WNR+DG`?3G`(G}qx__7qR3?=`;6VlN7R>|H|hjhN;R#CfgnB&!t1KNby=<;S0W zc}-!a{^H9!Scz+YSxz1iH_9*gTJP1sOs(Y!Wn7Vx=_y-=y-Uj2O0L%X&6xH$H4Wrl z%*@2Rc_JlGDeTlUDcKamPAwqMJen%6wh&SG@(ud$retSC-`*wkA17DoznIXwJ}q+< z9_psFEQsNu-cfp2r^_?YVW*w(I>?PYoR(F{?eN6jCG=*ItMnF;+IRQow7jPD{*sn= zVtUKTGtZ~XFIal3@wrp+&r&`?wH1u(Y< z<%QTe;0Fpc)O9?ep3erdC8BBX5}J3DtMyz(YU_DnMkXpW)TJ4j8bd>ERGRMveH`svNT40np}Y9t-107i~4j`!EQN-NKF@qGC4+mdP-^jHCKMe(tIJJcVj5Gpw6e=_Aa5fGp0AKBBu9fC~KA8 z6QMj6)0<14c_=I|x5!TmKz>@t6YBVSC~rqJ?Oj516}ei+t)zCm-;kI2iu`nIUKVmh zpx!S#l;*Yh@^u#ZX*?)RiW3FRM-&~(*3;f4G`q=FnhQ`S>Re0O2c?N`eNdYC)(54j zyBN3ZnSyLmtf=P;@{+}h0_BA~^F*P%jztpGfg-2_JfRl53NiuN8*bUVq!t^`G;gRV&$VmCWRRbx@&uX|CCbvYcL_~JiqaKuF(x9~ zvJHH|IiamE>ys9*+^BHj!!_w#A50JL2b)Vw9$Nak@B8d*T$NBin{I zL4C4y`(?E(s-|vtRm+lU?NxZ)D@xOi)#Z6uR)Bd1O4GCmrRj-kc?v}gb+dO#-4>9m z?^6+=ln={El~0ey>83c{7N;{oVzOmFQ6o<&Lew)gvMEN0TA(ORkJgk|TZE{^bsktx zmM`zt$j%5M%HAbqKTfXlWg`es%8#uv64drMom3yyr5g)5JJO#i$tFdHdcGtt#mG>L z$um!s%IhqO)BT`0E#-;!-;zv-P@L>tQsxG7wY@t?Z9DF&l_iP{^+2uk#K=%nKx{I< ztS#S03^6dd8a!tvPoVist-ufEp}k9JE+$vo@nDSjv^q{V#OX_<+P=5r@8e_irUeOl z(;w<&t0F_aQYUZ3$WRX|degIY<>xFi)C$m>Rz>Jdm)6VF2))VPC3Sd#Ty593nD!(P zmn_d7s+X0D-t=g_tc{VOt|QOLtEgDa>L!DeXqNEk=Y=geP-NV|k`UX&MJg(}W16={JqCIzoi9cfGX9)q39&BSPI9 zBSEc*)7QwiWm#+|%DSUT?v4?m6yeFtX)1SHw5Ca*HBI3OJbJ82){v6LOuPn9`WnAA+=Ei7EituDE?^m8`(VE_&j2%%K5A>5BEI{Fvy-UiN z4qB78XEta}I#zFs5usM`+?HXnohakd{xUU2ZBm3M^IpI54qL_xAVR&w6WVcef4MC} zZL)Vs8RI}_(soP+tx4;DOM=#9v7Mm(=l=3qOj{A2%rpJV8!aN#auA_b@&wwKlx0eU z)@1Jz+FQug`o9cqt^amXoolAI#`U+@PL%OvSvJOqP>S$mep4>5w1`j(Tak)*LK$zB z1!OGck-baGSVOMX|Ebn^%q6rfwiC4PX_otAL?}ggGB-7s=Qry(pV|ic8c(48`)1h? zAwt=^g!XOZYW?qRi|W6ERO`Qm=a&B#+lex6Xp#9bB9tOLnJZh$S6S4i9hC8YRK~Iv zSrH*Z*}J5SnFFHwgLq{5zn<^5k6x}QPtd-)RjzB*v6gle;mKUwTAtXd^?waSs5f~+ z{qJg(C9Re>_Aa44r9GuWbWoKNr#df0XO9si5K~dR?@MPW{Sl&KR%iaPa)Qdc!?3)G& z=vG>`y-Uh|pImMKq`^`9XOLtOGaIxHnu+rO$SD*Gu?E$hWNeKUSOZAjd1i|s_2 zPjt#tF(Q;AJeh|&%gZ~p%mtt|E#wJhzTPQsM~G1NE-7;rx!Ue^F%s04I2|`MZkNS& zqKtyu)H|fw#(inWh^0A+qHaX#M{S7mA9Kn zwS7C2vMja}W&OHKmdA)tituD^?CJ(n|{C0>uKE$@i-X&$sBUj5< zh{=%7#SfBddsfHkR`P9G7TbxkZXGHMV?-!Lcrw=xEnjERn#P0HG;xG2>ye?dW~eR8 z-X&#qldHS~waAvSgj9L<29{v`uuww>#+`ZnKq~O&fqH;B?+~KQ9D;@0WR5~OTp$DN zo-2mN*gaE+?gP8$&WyP`Q+Zd$+?%Q73~xyW?4J8F?xc)&8Bo{;SGo0`hEnjJ^Zw6) zN6y_1PEv@#{;{*`g(k`5*Nz65>pr zsls{rpz@#!1upS2>s(bvcDU}y;F6WQj%ZcH{E?0RbgnCp zy3wC2sK-V({fz5xbg>C3+Ry-;@SqRjXaduHwR>GI`!aqu*!`Sf4HXC3D;@y&9mM9B zRi*+T;%a`l`#%m}G5AswObuL*M~P;|ZUKX1Z%U6y*#d3_?;Np5{bpO|;mNy*nKY zqXNwRQBGrOxcNhx8df@8cYH`w!;^QL8j4^fr(QL?O$`YLhVg9n|2GDPxZWm*_=$m` znq8?KH|MnUvj0aTL(VS}Bg4-Bg^?lEQzOG0unW0EEzJIbk>SaG?2Z@)iPh0xG??=X zDR~}`GJEuVrHHi-vky^i}iPU{Tcz>_)k3H9WI0#p2wfY)|9mEsvzl+7B4@OzCTMvpLAV zu&2?@C7Ez?Vs!JjAbek~1+DQ7ZxN%LE!OB}CKe#8_B3p{K9lWMGmVGUOk;6ISRnUj z*s^L*!`b*$xKC{q=4a)m{h3ufxTjggvTV3~ zZ?lTuX2Z3yS;bmP+OcOzzsqLVX-SW2NlUVn$gA0(HN;xBhf122Oi0Vt7FT7<<#h%-Wsv4{x+9gyZey+Pr2~r{T;IZJr|Dq;0g8RVK^;5p`O4A z^@Dv+zpo6l(|4bK-yVjG_ILXIa2T%qAno6W;Zrf~)zBWl=K=Q9VRoY)VE_N&Y^I;s34TyogaTf-VpaAy{QdTq@skc)=2hkfu(;KBmH+^Wa{8 zr{Z|$X2FadnLILPr@gt^#=G7eh%{)tX`XkXc4oK2BMumVX2kKzu;3LuHYNai0LG@) z{0G9h9;vgEWMa-2$HG5SlnV%)J${nb16K?Z0Kz> zVvc1$$NO$)|Bia+{LIPj>F%eg4UNSz@KYIu=}?}HQu_g|m6{Vf4Ha`Ji|K-g^#B(4kvmB}@FjU?v9vp9^2b;$;2^CY zoHSW&`?0a-?VqbCX4V)!7;J4kKVz?3WLZ$jZ*PzbMaD~Tq4?va=0YismwuPX;VCm- zeEY1?J}Wt22ZSJ%s`O4UNBSlA9FwY~`Z|w^o5x<=P1W^&FJ#^G%vd?nFr6Un}a+_sE!#r-@V2MEi)=+D~E^CkOvzJ5Q?O}I!Z?f{6+3(t_C@I^r9 z04V^+6K0WBxI=2mI;ZeOaGVNoG^N;S>Z=PV0cb>xcBTT2C^s&G$3x(RV>%mxCj`_? z<7S1LF`G?p3qIEd+>u6$JHpm9*P}Zd0O=a%C?FkyeskSCIgO6v5X(|ASbF@S%Y5na z+wIjPSE|%}miKu%%jM&L{$tL$6}Um*u2r8oUPAYiAQA#t;}dw9z{)z?@NOAw#s$UE z1u)MJcI|`*QCIbWsl~m5fj?9`DP9jPreaJ;GiO?em1^N_`9l zm{qCbfHCc(Tltj7^dEhoGZwQkPlmaj?)*SL<`dY9F@{iDnNpmvRPeQAMhh<}0FjU? zr9apEmc1Z><0qb}V$HA{!Fe}`Y_!TGc`YYW_ z#7|XarpsmoY*YEOY_#@(fX&p zYJrUuwhqSw^^3`(;n6?MM@_Z0tcV(>h(~r1gZ-j>tAcNH#lJ!DO^nu_1L7sfYpDSc z!8C*J8k{Mg8{iy@&mYjBL?y?|T~)~zzf31a^+>{*OBXSb0TkUWb#`$y08pr(jap7B z-fXV3&;ibD-cBL9XvdF77DiBGPz=hOJwOc1W-qtJ<7ae1iUxXsC~SxJ7JigvJc=#2 zuOp1!$lJwzN=KMsglXV4GWB;FgtY{OVFazp2#j4=4@whm^+nqf3YThn0@?k13tvpIkb_e7;Ei{IksG zvuC+yv%)8n!UVN5t*~~`Y74!;4LfZ=cXS~4TY@%spX%1#tgAuf>QUh zBI1eu#!bY|0$R}g+V61w zHE<3{xTiho26|HH{3|`_&^>xm(ui?pb^0Bpk^YF%!Tv!d z@ZU-&_#Z2M!vA>bEb~R%o6a#`%%0PriuTry@~ns$Nz)g1i+r(ZCd6SSaOQf zElmF)x(tdc(gx!h{%uSygPd0{>+xK-+R=Zs7#z!M)IVVN%_h&>2 z6JFJk1?MY!{6afv^a}$r(+eOo$(B^ZW>(m5HI8i|&~3|+c|Ns#TE{jVnQ_2yW>ov1 zVtoIX%DSN2`068?`jPi91Xw<0AJ0!UUhepPJpY)+{?6gC`2k8t+Nj`1>V{zV$7|`c z>|a1%9K&ZMA8^KX9aYFXbF!&Z>|#2gdm$aLk(wcDg9&I;KcBT}rWPbop66RDL9XRr zT5%-P-2;9V&KVE_@poQ}l&d~^IM;@c%4ciONIs)FgN`$J+O*H7`~F*=4$TbtOhk*j zf8Qt7xyCsuGmmKqc5o`DQ|7*|+Od&~jl3t|VvYv%i_y$ae7~JPXG2y4+;gc#j@z9R zo+P*7kX-dkR~Be`t1Gu?dWT!{oS0`NZ?ECU0*;d`g;c2`tS%iP=jn_bQ4cSWsrsAC zU74ckW$LvipoQ1`0Wjl8Dmt46kI`j)Bb z78bI+y@oie|7RaEA20n>ZtP2Du0S^P(@YL$_KAYma%DdJW@(1V1AYJMevxYh40roy z-!k9ikC+%|i+{b89u#@L@87;8GEFOTg^{V6UT%nFP5N_FGuAKw%#q7RZq?9&^|KC!2N&G)b={50RmC`%n|5Zxku`|Hkd#-EiKccUW%~%W50u}e77VLXHPS)bu-nEz^eGakNiwso27Bda(E__pg zdpK7>SbQ_KB9$!$HKu=F^P4n3tSGs)}D$MD+&QzP?~-7kln01m;vWQ7Ai zseo??>ks1wa~`j)$~_znPXlJ&wH&wAf-6#+9|e}d8L+UaT54+%$ZPAQv9@7Uzo6+1 zjG-EurLDGA+G_{MpxS|U_Q4dOVTcUR4EqdoU&AOFlNtT*AK~sGIkff=IlT5TIimKX zqs9hDGNa4@Li{N!&8TF;44=PTHs@ta{up~b#9sf+UQ3$+<(MIrO&{&&f$=8sC-qgq zty(VV|JBk3BlryD^X;!zUr=y1v9^0D`ISkdErB~ICoYlx4;tc-<0T<|u1rzC5m_mQ z>sp1}qbAm16_$0IRD(}z^%3#f-;x9sbKfr_pt_%|ct^s_P!%PPB_ zJb)FPlyah&&sfRFKcBU*5M-+Di+0Vm$d8rOs$oAePk&^d5!q5^U|7n18`*~yA9Tn& zK!=p>bjn^k?A6$7)0}ks|3}$15%bEgg*2D zA}fdl5m|~5L}WoqK!KqMK~R?>MnD*;0YsJ_im>$1mmd24&O!b0`&{q;-s|Uc_&PK1 zJn!>7Gn<|4W@jCfMOIpS;xhxsJ({j*bQAbWA*EPVche ziM9p(rc=1OZR%kD+WENlD+`NW*EZf4mtWVGe|`DC|EuG- zJ2H(c%${_k6`q%`YMXyad4JoyC)(N;cBOf`C*-d@=ii_m){bwx(S>N+#`BNFt*%;@ z`kx zJ!Aif$f2tN!a1)t6UV|GBQZ|NnGdwPfMjU%8yw;(uRH{l0B(J-_4a zw9VSP^9zM}vs^`$3j2O#j|2br)zfKhbI&M@JH0S%|MvaBg}@61BsFJB!pR4ANNn0)5^3#3__j@!hb z;|ueCQ<(7U!n{ih6D}#tyQ(nZ%EG+s3KOo)FPSFXSeSQvVZv>Nd4DfVxVJEGB)@o^ ze|aO5O!*fQro zTV~H(xXr8jt1jv?#Jyt{S@=Jf9$#B&(f|DaMOIkcWr({-{O81ZB3ibSn!zXNqzWT)B8=3q($zRa*Jd)pfX|bMV`Esn+1sa|g^CVopdalc3|1KZzt*JcrH3eTlG|txUr*Y>_|VDeJy__oVtjsKg^ zlg*znf5FXs`Dz;b+ ztoZAf;*8N9aJWW+8d$E>l)QF^63lpe4j2iRnbkm*^(OX2-2vCf1eta$4x zJSlIMSZ9^#BJyFzQ8wB6lsLXirOGNt*kJLW=2=X9mf2+DO_8pr#gFC321i+3!aUE| zzNG%M>Z+~9qHE>uru>*P;TWqdKPw*&GGlm7{p?}nb=o?M`RldM+m8ur9AfD7yUYvn zU@x1@SYJ+SUKD@%5GqVoFrFEsm+ZHq@oX?-eI?^x=E}yiw2FM#U~uoST2VesSCbE0 z9A&n;dVRw}b4~T;cBz-q+Uk8(zcx@WQ;xDxGX6E|H#D9NwwP>cynESKnX=9?mbcWO zH|);=CR-cN2D{&M{+Eqsm1E3Ud`rK!b-Y;J&hcXMUB|0s{0@#6n;cgNC}Y_ZDj_sz$YVSo8D zV)+AkagarZ56$~M{buq5{bqcG@yw1?$Czh)9I>q?UoCh3a^b2`@E+6)=daCgZzcfBy z&+-@QKh1bXHRHp$kg|uR)78Z)N7*K#sQgMkth2@DS@QAYH9lK>R?ZPWUmg(O z+k~}q#b^09!jCteJ*=KDK8qK4+)S{{gc*nO<%`5;@pADe%4bk~#=jGvwQI$nWczjE zvr0eWL-Hr_S-f6+*8XhuWcv+?&k6^a+$cV?o5Y`DITN2vj3jyhPg39XPGVbGaT%=vHX3BH*c{7GLK-=Iz=H>z_D^WEfpWBga=Crg>*w5B|7(>K;Qn0uGLt!4bMd6?WS zuiSgh!}0_2>M}0}m^~yfCL_kLt#41ri{+=BKg_RL%Im1(S@D@Ntn2)ELEl;OTwiDP z6@6XLexA!qOxTw%zvejSzNxl?AlQM!M^nSLm18-XUwA6pz| z&Cm3BW6SJi{1Srb z76(|%eP)w&_Z{zc!lp1myY;Qur11jxAPLKS6vJPZVFyrGD`lpDH%}MP=wvLxUBj=ZeqfdB&)vbiVj> zaTFT)@7W&M(IVT943Irdfu`&qt1jC}bj$7>(UzxV$c|H1KM>yP6?XX7q?rN4-=zd3Gj{xG^xPQA9XhsB%h!<6j@*#1}j&HbDD zS-#bH$E0+d@hskMESq^^h6seg>$(!bod_0KsRy>Bd2jGh^_{*fFLo|I|32 z)9q)I8BUliFMx$h*BQ3^Su2_MyctRwlQFTE5It#%?ZOI#!=Jz|u7L^I?o~`7^XzMn=Q_8>W{5f0xtg+5f z7PrywbHrhdt?jI5X?uAM$Ztn|VCZokvBZ(wooqi>Jod1@v$`1XqVMOapQYU0<-zKn z@?gfUUyHYw`B>sGtMrZ9A!8Sttgyb1?M(JH-}(02PoG%XU*B0h(0muD;~;%!%6`@k zHXo~ph$+%uZc{Wxe~WtQhMJ+y zI!D>MO@4oHT>x_J5WoBI71`Msro ztg*)Mwmev6e(jO5kHvSyV})a^vv{L;>}By?`LMzf)*0Po`9s^8d}M!CKb6m4t^ceo zB+T4%bBM9~WJWhT9`0q?%aZ#r)Y)MBE$Vasz;dp8{teP!xrY`T^TvnnOgwiltFq`$ zVk4}&yI1jV;<}4bKht=8Xwp~ahOS%Xv!uJ7v9^>u@3G>JG5NJp#a&wlSaS!J7W2E9 zblc@+bMSa=m>2DgK|$&+3qTS-DZZPaAi$d~-ATGP+ItXDr`7KJ>A9$9O*@^zZKR zp|ffELF3utAj=Qw*Rz%%mJgFh9S@e>;be@}e>&dJS^u=h3tLU~vHGm~p4b29)W`6= z`q*NAP2G6G`N7JI&JPw}a(=vM{mbIB@{0H@zN&vO$&Z7KUzg9zmfw&Mvp4mJ#kcim z)c#Buy(2yoHdq@|-z)O^c)Zt6tp7|u*le2+;#cK0enRMDHqm_vS#^h)&ezP>J|R@u z;t0!=CxqhbmZwYz{cO&h5Spw-6GGP;w)<|l8pG@fVKmpb&z0U3XRf>EvdR`)?0!q$ z3rq+p8ysV0!3m+DPv!)Hp+y>cWh@L8_XCM5syWd-qkM- zu*oK)Mb-D7^NJN#IK&2942!AfefzV@gu|>c`oK8$u;dHtYOHaX8KV!?#~zkq`Le=M z)>$00oqdd#kT1&|W0m>uHW~XFmUKK=qMJH|DidZLWLQeREV1hod9cPNM;I^d_N2%&y8Cc&uA;-Su7hr&T}gJSY!UXSd;B-t_8Mn{F!a5KGwH${KvPszSU1Q zb~2u=osFMh|6Pn{w5##?^6th@G|!&Kv&K5py^QxeT-e+E%s9Z(KKj8XJKK%l*ZIKm zevT(A`#YX~r)#jAf zEw;}x|2gtu^IZARO~^wuo9D}i@dff>{X+T7u|Abg?nUA=x>)?V;$I>@%a_WB#ox+j zp7pG9b48PMK)~<3sEvT+PI6qkWqw^zQt~)**=D*tUVdWaE z71haJMz82M8ysQnRohn*hrKMlu3s#^rN1kihY1@TV%#!*6?L|=OO{VcKb8{&N+Ulu=<51V7^U(LK9sh=4e3?Iv9b=yC2J~8>!c9uTV zpL{*L)-djK^E2fzTa4E~epKtr^VvUu2d4~I%=F4p6%QNNsP5VU?LpO`8u*?A_%$RYMO-38of0nq6 zW~-Ai`&r>IGq#uPKW}0vv$TMCj2AR7L&wC>xuJNhFk47{Our`YZ#k|D%ZJG#>SB3O zeac---5XiIxIQwC^^wgbCWbM_OHB-=jcs3AK1`Q!?`bxdRp%zQcgmN^a{9n@dH3RD zYX$XeD$kWB`WqAVt*j0ODt|KFZM8ATRkkZ&V(bZFnmW|>|~8)rtD*#DKieU!4{kB z*g|}k=p%@sml12Muj{xo{-*IvHqf6f&BKH>_Orn{TO47rB%iJ1#ZIOyGh-iHOj+Jg zKCH6EIy<(O7fX!3B_Gx}z>FD78yU|sJIc1R#0GoWVvWU(oli{IWR>mP7{~lIyl4}B zWrC{W#+GWCLCpj`D>q5 z_OO|6XSB8Xca;artaFf2+40!Te(YhqjqxnAeRqA>)_KVWhnQ^V@wSILw>Lk_%-CQ@ zV*l^@xxuj*e&b_SPQGeOw2wlW_zf4^AGh>srojgwVk^jz)H#3g1 zxQp{)U&|a|aaZRH!)|_V>}NlwjCR*wR$1O(etW2&l|=o$=G#;KEbXO!rffez+`ZM$ zu&?^_<^9xupvMDyS=wLytg_=E^RdE|!)!ACo^ieEXLhjqS^vKJ50>vC>SvuJ`Eo`5 z-?z+u)_$OVmJU__A@Vp({fvL8epU`we?@&iQa@{KF+M{5KM;>8OB`dFUP=P5npO?{xLEc!v0lekJ~o<#DF?Y@Q`P!#Uy~r4Iw*vwE)h zx#x-h6Y+l|KC9=8&jyP}oBsmw*<_O~cKy`+ss6J3Tm5CY%=lx}d%5upgT}MTuB!dm z$8d%IFuF>AjPzCEVVQ%uqvHR{eyN}8avOl+_IkOJJvIKSO3m35BphTGxt5?&lc}} zQXIn|$;lfoe5Xp-NZ)irBU=wUQ_QmE(7nH1VDHg4{ukgz;& zQW#=mfl1!4Qul(BLNCKYll-o2Jv%NH|7(-Hw#tPkg<+N#nH1vR%5Tw0p^wGICWS`6 zy!fQhd716;q)=sP3H7tMr1~#6|5EB_d1>{tx{UeGJAl zbp`eRP97_&pQV-5&v<3^Un%cZ)Xx^fRq`*YpYf{VGx~=3Y_arv`>!rO(>26rwx;-h z@Hkvce73s8XR@~Ve>83#@mX6}{JMPB6Q9}o`pd>Q_4jJ~Z=k;n8|rVq%;*~1zoown z8|yEto9OSg;%%zGtbSX6+342a>*T$;{xW<=d`4{L>skDhzOuqnzMbWKJCl6-_4=4^ zXEoo>TE3lWzWvY6vwSW26w>zyr!1>1b zQ2FE@=6t(L{pUH~*u22`##-up8&>~C&NtRBcD}KAuk-D0>+e$+i}yRtUl=Re6PA6@_1&QBdk2E{=dtQ{VYDBex{GA|2}m;rhbMI>se>7~eFWEso?qE6#)Fc}_koJ#St%+4Ycl zUyu(gY_h?whsA%@dKNj#GE0vb#{p(+F?!8$denKvlvR!~dfjn)%zPYV`iA2)BFJykHvQ!KUUv!{GPDU zKCs3HqmT9NpYmsg*{6;>Yd*l-@wEL|Vac7xhFNWE*JInqw|ifT?x&u=cU_s-?tLlo zCbftBJ?vy!dl+G9db_{fQs0dB(9bMt56ygeR(t4rPW`Mgp4%QqS)AAISg7M`?O}lN zqV3*`GS8Cjq5B2#S8NX{L($iB=F8t`_u8JkIGDRydk8OCzj}M-Vk>md9uYitNWVwO?fh5d4Kt^$>=R{d)q@VO9!-vjM0IP zQ%ihSSUSjY%9k0xZGX3+>SH+Aabn8OcjWJ8OI4;EVRDG$^saf>&ql>@V)+M-(|h(m zRQ+sll;y+J|Gs4ou>3>y=gaK=K%R%IpYe~>&y?j4_5BF-v%xTCzdrRd9I1ZR*#43A zKUP0m9Ab8q`aib)C+cVEX!SGxsro+=pA{C5Q9tX9Keb#{KkLV;pXKA!|C#Zuvd)Yd z!{_p1iLHD)!|}E=V)(**>|vF4Hcyam@V5v*vtMq%elR*&Uzz+|Ukl^CKccUUe<2=+s*r1<5|4Sc&6-}EZ@tGXO$x?4~joU9QLuo z2CM9x>OEstnOtE!8!S!}?|1sa@|DIjT&3>m-Xmth(jOdmwix-F5FZ{2y-csxC&t$p z@4FXktgvytdRZDW-uEX~SY~pA^Nr=39KTue`m5u|`px>sQs(&0R@bfOWp0td@-hSWLFJ_167fTiWTEQ}V86B!$EdND(Hg6Pv zMeA=CKlgU=SCZGA;^*EcJ{xRbSw8;|pY?|LY`h@;DtuXdhF8UB#*U)#uQ?t}Uw1s% zdc*Npm2W#9EWRTS8;rgouXn{^lNnp=Sk3v!4duPU z6z}8Mf5j<2Z)0A@-;&SDQ+(b=J*!XgyPf{5H6?UzB<}iCLX{Pcu)66Kui2aD+f%%6 zqrPtIbGNd76LGe-o{jR9(9GRNe>auS_WH}#clDQHC;k1l`F7J^7I!x&zJX?=Vtb2AL9dzXPup!TRzZuHaWt|LGt;I{SKB-?)T-xBD=PbFKetFA|Ey? z^4U^-C(4J#lO1oi&T_oB(#NwMZ`RLooY)+2oVFJCT*rw`hO+IycAVJwjpM}fg^trU z^10Y?V(SveDfd#xX!)^TE!8S9rjPTN^#g{?uyiM1=#zrAJlF}_m$3|FcDyYl$G z`dQ=%n^&uU2jkh#QvpXD3X&+1L;-^uvDs-N|n z)z9iJ>fhOXnflpa*u{BztNK~FP5t@u?dsoE+&k3I#+~ZVy-WSOi8ri%R_|6nOZTdO zcm7@dEdE3NOzv0z9^y6B&*FpX&wWV!iS-YwpXEo@&*U-n?`e5N{j5B$e%78)|6ayF zss7w&)X!E^{d?=rbLwa5dG)jTqWbsY%j#z`s(!|=sDEF+s(zMVQ~!SIVh@XNsGkYj z_c!mG>SyUK^)tM!{$BgPqkgvDRX;25tN#Ff`B43gK2d+Z{Hgj6wEZ*nGx=QoEPkQ> zgTyaP4OKSW@^FNe@l!+bd+M7!HT1JSWol@$I(2I3I@r9^rutiQ@!iF3lo?Ckw|#~i zvasaFEG<@|siFH2`_GyhQl_(~hB4OWObz9V{pL;$gA5By^*I{r7o6&IH0+q_b2RE& zXsXZA$amqXK1U<&B2#^i#{7#;^*I{(vX}M6rurO>?eSEfqp^L7sXj*|pCzaI9E~_j zO%3tk;x1!6<7LHXg=1{8{3GMPE+597@;O3W_OQB~@occY&+%GbK5TM`=?d~W()ty} zXIM!-tg_?B`n0lqm~oipRpfJ&{n^J_ajN$Tj9Yc8_X)&fm8EYu9?V!gT0W~e9!yqu zJlJH{Pt~!8v{S51>|5)>Kkd5`!f1Etm zS3eu9=gZ$z|MB|Cgy{zAXIxVM3G&}i{Y;tv4Q=UL>i?PiSz&1-^|Q9I`cG8PChE`K zRQ*i9t^Sk5>sCKgjaU5z3R@gz*jfFj+mC&Wc2PfLcAgYOu!6^KEDTx6pNtFk|ro^{}5!HrZm=h2~Av&xE6Fu$0Pc zPxUipi*oo;Z9O_nbfkAn<*ss9r7v4<7bS!MgB@?^r4L##9Ut+?!EgBhFb zxJ+DD81_~_BgU88k9~~xQGdS7&Ov$atA3^&$(Q$2{}tl1pYi_cXN_IIQ+KcW+2Uxv ze1Q6|ls5+$4pcvD?7qr4rVIzEpBc-)H{bWv&v3B%|6qUiu=;)VvvG*}|ER8t`dK|p z{cIer{NS$eRgE=c%9ZuhoB}{n^X%Z`9Aq`Rc#P{;aTcf%+Mz z>i?_xFHt|^tJTluwd%iFoa@xj+V$#Z{m<&ZMZ6o-&*F{hXLOVLGxf8U`&ad|&eGrP zf3x~oXNwJX-|G0>B0g)G_)OVxn{n)6>2K;~>sIyNZl2rh$M{ZtW1VC9`n&b*4(spH zH)i+h+nwXRhHX5fhViU(jHL&Rze}AQWbHxYhn;T^nU^)zS$x>McblIHlSlM9UuJZV zagXXVi;w9uGj`mozGw8A&1dzQ)#r@=J6|xKHD;`{<39Vb!Ul&~dC_tChwA^nCnJuq@s9K5QF**;J!_?dBo&n=h5Tx`NVm|@R{?73A>-LKU2n^%ac_%3@bk=Kc-B^O$%ep*!`6H z+0S+pKLwLQ>pEg(aO{2f2O2bwEiXi;0VjBS^u(etg^VK^{laTR9)OEPy&jv?X`H}G-tLq5knO2QwIM(=2 z#AC`P$Jk=|Q|phDC+jE3|1uN)Uv z*%ACL_F0ZEYaGg#&o;g=!SkB&jLtEh6?TmCx74h#IN&^CIM?~p=5NA(?Yv_6jrFd z7(b7X8qYdgEInqt&vrGLvOc08tUWHD1+C{G<0qVl9kxH|JY>c?8*E=l9{*G?ThFMM z)#udfvtTXuviy>I*?3L8J_8os&`-8F%;Zh|^x3cYUHxS1J?8^!?>irS<}3NY`M~Tm z=L6F(oDYi`$6nULbid;}4(?gpzPS0Bu*MrwQr%iXyM)k~^9!6N2Jv|hcw#@$Axzj_Ft$EW! z*D~tunC`U&^DQ(zj53L*yT_yBvCQ-^!0PhT-OEv&Ri=mTugil2EESEF>(MGhyQh{bkZ8K3nWw#rPw|XE<7X)>tmu zkNvD2BY&n<`LAle6UArcWbs$C|Ifu|c8d5cpDO<9wx2G4 z*3Odu8ulBIKU?R@pS9n}e@){qkUvYQ{25>3{8)>>b$&3p%=y9SPtK1n@vnD&urlQQ zV1pfN^DpACdV@HOZxm-8d9jzJo5W$69qWqA3M(9Di}8BK-RwMLdW-XnS>`-j-~6{Z z&zRiqJY$u`Z>od+Oz+S~Ht*EO4Q#(l9~lqpWA5GhSTYX>81B_aMt|4G4aH%~;(hwa z_(6UAmialz#)v*{B>ofn$oQZ7nESLoZp>%Y&x}K?HPyd~yq;G-YoqFC`8D-#s*cyy z&-hLCv)NMrx8?Va`Wb(q{(SjE^>@qnBlR=>RQ;@crvA9q)GvyE)I~l)| z{_J92R++NF5yrdE@H5DI_OP;tcq}I3?V^4rtnDRUzRdPr)p3ONxkp*glS- z+fTHf(MjSn?zet#+u6(bWb4^r$3E)(x$$gqnAKCn-&dSp7|-}r<5^?Je)9jN@k}|) z=rrT^H=ccrYcuA5mbJ#tUgJ-n5vnXPW10D9Ta#3u*}7JrS^ty19cZ3E>l;f$`o}BIA<5~Zw@!yxv)5f#OVb-3J{~_jU z%AXk^f8)FL?a2%2766^7uVWyq7(GSsnHG zW$hJ@-yh27HRmByjxc&d{KNI>P4OAMB|b|n@qc9hx5a1a9r4*>=?HngCq7fQ*kX5| zyxtd|tq=TsVDh1#4@dGNKOb28*zx$WJU(?iSPe7X`^LO(DBgaQKKZhegjL^tJH*(R zBS$~6eag(x%OsayPnW4sbiJ4)P8B53M^O7^e0Mn&r`Wqm} zW$Brr`*`b@nHf^1%gzjA^r7ZZI>CO+8P9k{<5_3-&um}Gc$PWF7W2lZ8Q=+`M+ zSHDV69Ue+(B z+w0d^mcOfC3_Iu-6GmrS?$Ix%%vjl3zs?b77yV+B!>sM5UjyddL;cJW^|QH``p>m~ zKlL*?K>Z8{tN%RyK>aMU$vV4!ZNJ0S&(@LZXXz;Q|Hl4DtDm)>s-M-W`p@Ta>Sz6U z^|N_``Y&)CPERAdx%zWYQ9r{k)t{=53CpLcpYa*$zsPxerutbqOZ~ZLtN&u# z&rv^94zqT?`Y$oh#p-AAGWD}HsQydEy;A*b)YZ@0wd((^`EO7^i)^yVuFJ%^QT=S* zq<)6Ks{e9*c7JLcdDQDyVUGH%H8T`c8~h6 zw0y7nbMI3>>-VewD$5P^v&oFn1M2_1d|6?Q!^{}}!Tb-ZpXGN#<7QquXV38og9Vs>n%@>Lc;QlC=9VVD+z9dK+pBZgD2%Yi;*IM3 zdKCIuT`uxBPU86X*sh!G&lOrf z+fP+Ln>F?4%LD2kw*PO`&)P-m&%IdvciVqZ{YK_tl^Kf%;kdNc|5O&wiFaRzHiMsQ*FnSYwl;Y_ar^c%Q02_jC2L6=sF* zht=6OE2OM*jIHsrLirK#Ce8|jOxkDp-VFVjJS+4tOqu1i8}s_QvG&J|pEJwfqNuN9 zRv2Q1(TM%NHp~5<#94S&$a0sQ6*?Z*pJitGTNQo$`m8X_O6M%E?dZ#LvqB$>%g+i8 z*4go-@hgbW%8KH%x{CNunZGE0?yB-(lPy-hG0XR0*nc(iu(i7FjMlWB#kFjI+Im*l z?6RGewbk>CaqF0mH4ZVXYrdv=*~=C)R@Rf>vzA$5b$#_Pd{aHo+0H(;*kH23tkC(q z`B-JSG%Jj-!Qu<*-*8swXY#FCUbnZrk?}9;J1e=HiqGuZ;=d&Rcf@CF3-Ot3Y5dE! zv&!PO;^%HB{-}9&6rWL#__;e9|BC%sW!S}dM!OpSDt9xUDVr?rF)MVvX5M60sIj@{ ztT39p*R1*X;3(}oD-67@F1DDm`wjUqWpRJ!7elY}>rKapgSiJdzuvOnLC!BWzvppYfgQXN|@8<;{M^!|G>|T_0G!+jwU87|-&(^7$}-{L6=>`{lzXJI2iS zpnRBdn6*dc^O62OCLdNFmk*0i$>(FsPm9m^S@BtVPClR5|9Sba{Gxo=7?sbb@_fzl zVDhHp!RA|z$7gIg9&Ekqc(DGSPuQyR_ow_3)}njJdZ zCb|!YI85h>!}>zvjQ3g6#l&I6{2nCb#b^6_`iWkjob59%EXs%3s`8mA{%W(s0FyOl zyGOeH*PI=?Ct0R1y>!o#*se>_WZO5io-MYRY-IfupEYL6j3caV ztgfl*+(ccuo2rXZx4NcH3{6&9-OPA4wp7=2`)#EzmdonO-9cS5%)g_$nC_%5Hg-|h zO#APqE*AHY51Wa6B60ST4=ek~pV7Xvy-u(0{bq+j*7l$6UTWg^&JI0nvCis&vqSqF z%S>4L-s~`xFCRQRL~|`4GCTCLRhjK~Im?I64juC>A2vHwSUG%l7|xe}r2Yjg_o<() zBh}CFWA!g+-lNpd>e1?FR#kt8ypB^pTPLWW)t{+y&y=OF+5SuQvshC< zqtn&DuzAi?^i^%6}<5@b#cxLQg)Vu@6vvjV0vCRBlEeQu%VOZRJ>|u>{ zrfiSJXTpp_Y%p5F@nA1o%oxtouO;Ql3S$nl$ocnvVc$~bXM+hlmo`7Eta5}k7MGFl zul0*9HktlLzm^sMeEnkS0`)V!Q2k#wU#fmK*kbu2^>pW#yV zFK>SKF#fIjnX!EZUIwq5c)^ccuE7T%~@-b@i_#zpK^HCWl$PPW>y3&py`J zVB>oAucH1T^|N?``dPnG{YBoael|1pv++0euWFe!hTGK7>~{5k!*&j^bcgy`X7_6H zyG#8n4XdBcyVbwCdH=3{*6vsT8uEW!{j5KseiolGo|UHYYw}s+S$y93wbb*X@obD5 z&*(M%>N4(4{bG1Wzw%{9YdcQtWrO)WZ<_2_$MI!_*~j|D>L>cOuI=n&`l)^~`Aomo zQ^yzj#bTHfMp$EUee+D76Z%Pm=f@b3$nY`F(9p z7+|`{ocZ_2X)ZP=beF`7=Y;&;IO!5|!WgSd&Y6EtocdC8!r+GHS$dB9AjxOhIiZK~ z*XM*fqvhs=_KnoD(i}fK&9};&Fhnm9g=k~@tv<*1Rmh7OlQrhJ?~(o2oD(W6t~DnN zv&MK+eOh}?=wor6IliMt9_!5so!=Ip)!g;f&*Yox@0RZd>SvSry=r1#(AKq??W{57 zD4WdhSrc!lekN=&W%qY1e@p$0H&Q>F%StwN^)uT~{X5wI0QEERg^nYP4-$Vz zeouV*pvL@r&7|z=vHU~v+2AOfKN5c@`5YlWvmcAk>QUnFEU%-*XT7SwOpevxT^#4* z^q0vA`n#(*>|yz5`pfD``n#L{^y@F}y8T+?4x*tw@V&d^_$&r*NBe2)6}(wFnp&+>27pD&-U{=MaMf%Ws4S!euP_4lfi3BzUTXTsgs2DwfYY>{u=e?UaS7x z>(u{!{z?70*Q=k^Kdb)`eHc~=NQwQ)&B$IZ&5$vO#O$dgFUSO zP5o@#s{X^&al85%-=Th{cZ#2Tm-s&v|L@{6VY@TPtXJ}fVFEbpa z&(B%U_yzOkzGU8?h{J@%m(9z@sCkbz|10KY@~U~+dd+eDsr7F-t}M13*W7m;*JIT2 zuH(w=1ILx+F~_xPo{thX*{^M``|OB2ey;oMI3Fj> z^_g4C6X&|mj{VqRHfgT=?AWh;uJ_2*IeD)8?AU+mT%W}?&-A(Ovt#|-x$d)L+ycg* zXnlwAtSw?Zv&D@+$@(RXXNygimYN&7`njUU2AfRQF#hM_byab3=>GZ_W+fzp%bEH>A1Wnj6M)H=64`eDOD)8wQy% z{8C=*VYB z&)MR$m*u17&lblRAEQ6#@MrqN+KKwZ>dE>uVB9JC!}u4*vwnv4=ZfIZAj>j#T3n18K(4d@5!FX{)Qm%JaYQ-?iF zU)B#sujzMgA2t18cwIkOe?vd6SO2g2!Q@TzSs65bgLU3=&P?9ZC&ur~%~IX_;zsqq z@V;R6OYe)D)cw_bmX;V9Dr~fj3@taCxAe%6vd#spt~fG8x9IQ0k)fLvR@q?dt?En} z88XHkU^aDRi2J=hdt~Tgl#KK)j!{xquWazxd{A)*soVDvmhG7^qU=`W*?^_OL~EwKJ4`pXIjnGWgKBkHo3>8JX|_%r=_)V^3| z^0|Jo{Dpo!rvG2+7mHu%7fWC3*W>!s&@X2H)-Oi?(XS`G{*8Vy{;&K`TIXB&nS3Wd zt8977`1kTN9+saCMpgI!AV16hlb`92^8d-}%vkhr<@*_2uQ1B@Gsv~#D9`xY&&W}}pTT{jNBO&-b;gVe11ydk<#)c-nJ_B! zu(8r8zx!=|EdQ&E`@6mTtW1`l`4stI)4!?mGoB$o^EUZw#%IdU!Yuh&Vc~V_%$A=G zHW=o}|AzaSv%p~%+3^?W$1*D%V%)CIU(I75Q#P0}c~f8J+7BzNGnuE(-_&E78HZS6 z+uzkoa*I_4+>Yv&><}`^x{BdhBPipZuRYM|QEWzx-^lBtI*x zvV5@oU&(!l{A_T5r9adTcW8`Oato;8~k2wp+$-*Pm-S%R-4x+%m0JdnK3;@el{5Y&pt}>vv8{XY_RP|^-q(ZrPJkS@(1~U z@;ZB&ogshonjJsOd8Yg z@{e%;&GNH+i~KCyD*sYG+l&1Sx68k@Yj!c*DL<=hS;o3|$nIdzyZx=(%<+5Ak#ls(Mum!BoJEiVsCEIuedOKe@iJ|0qsg@@H)h4F9XTA&Ua ztg-xvIxCw0s5;C!!0a*eM;d?Jd}gdMdP4nC)?vo@Nx7Ia@)?lzr{rR>Di>>PZFT>j z%y0U%`i!4Ze~kOs!}wYC8J@GBvFfwL@Vs2C4mekzA(_A9Tv>eIxw7 z!pWmU55xS?p0VI6qeIIy^M5-!q%5yFIxJvgtY znQo?jn|*AqKEqb(v$XZ-&^D7hjP|UC{p~tB46?D?X#dtN*Y2Z3FDrYD_PhG(rK5c> zg7?i{qkX@${qH?G3^CqkwEt$X&wWRSJ|+i@_8q$Fc8?C7?dlvjI^-;InCU^IeOHU? zgGYycmJb>I|DU;8W7j|aV|_5XYw;UQvUfoT7K48Wpsl4E6ZP&pM^{0 zXM^!7=3gp5%a_T|!cFr3);=CqpJ9Re%o(j}y+_n%;ZgNjd`$h-%zIpY);Yl1Q|hm7 z-!H4*^fmRF*3|E??wk6{%G>(Ow64EvsQZEbGW}G48NSrtHQoQU{<6j)Hon*2wd`|P zeTJXZXT-L(?U&8Z5KVqopJl(z)V7ZGe$(pT{*8}r^?bbbn5=8x>}7-X=JmK%&&SI* zvDNeO)`?p^A8+4NT0K+azNxLAkJpcBt)7opkDb3WpE;B1t)7opkHz)vZ$_)<Oc~E=^?bbdAES-DKD*WP@%l2S)${S{uytemV#YEDm^0qQ zee7Yez18#a)?r(x`{v5e(meT@B=T?Sb@sA4Uw&pQ%fFfNRpe)J4f$DKQ~u56T1$TB zYs=5lI`VH}-|NcH@_O>K&bBS(THm^?ZD3uNH?;0n?%&9|OgFYJqfM;4wfddbWwe=f zS!1E7&bHQNbqDLRv7>djaouHI)_1lp!>;gQca~Cp-`@D% z`p&SAzBAib-*<4%`{_IL1N5E6Zhha;dI#z|vxD@VwL|oMC)bDSJL`w(JCh^j?^1^) z7CFe2$~0$QGrzh|4z%K6r3da3pIGJd7? z8LqcJi#O~4-rf(l>wnXV{_msSeb#0DA^m6iqW@l8;xBod~{{ORG^JI+Y;=NDS7~_9? z?Qh*NVX*1?V?uJEz7)rVURL%T6Y5Nk9}_wblIQd>KHEUOKa2@O3}=k-nUTiX#|9fs z&m0pv58+v3eAa<|^o|L`OwJzTJHXXtKTGF~@!#m)2j`9nT})YFbpDvoa=5xoS>ghg z8D(-_AU{)9nX&Z<`zp)N0tZ-R%aP8NDdP*(Vf7+)jM&!K@nz~9?S5t~a)2r0 zW4wO3J~CmA1-2b4Crga_^pP=Jk5iW!D_5(- z4&x8?p;!Od%j_e4X!?mhoNe9D^ns<%^?~`9`f!eV>|^?sKCt+WKAda+-^#_5!z{7* zNArJ{i*<(cobNAku@T1lw>_^fG}hal~rbojP?08UT4Of z6*ky%p>-Ekhw0+#u*&En=fiH+mr#evlImP+-^-}OeA%&KfF9`eb9r?}jtxC*u*UMJ zv7zl!b;gYiCFU!Q4TDVMu|CVg{7GX&FDsMBhB_Nl#)gi|jn5kE`<$)UKGyd+>lX`s za ziTn(k%YTh}Tgl&aYx7y&#{6s5Vaj}4^I7aN|2nyLF`tcH^^5Ut*3G@n0xPLpO!m@; z<~Wn!NM)_9;^<-A?h$^=dJEPR6m&51~Q{CoK;);URjhLh!IgN1vocZ&RMu+h9O$$y`Dr^?Tq!%R+-|9;o( zXN}2mp>u|(b*8t=|GfR) zAwO#zVz^WO7tCWHc*w11`{+C>{i}8K(v%;2_UEeQ1 zD_p?R1M>gbc|0gT8>}*WNd8yUdsu$v3*=}05&2)$??>fl^qBn3Yqq`S`f>SL;ULo| z&j#E6;q^D=XNiN&>%YnWwrln>{=59FvEv>49h9GS4mGdek^f!mzb`+t z59DX^k^Jw;`>FhlKbN1SFXeyVbwhp@|0920|NkpLYv0Sy>JRdNVBU}Nv-p$zEd4D1 zKlzLKjD9trWwv~1|6yE6+28_33y%xYN5&T!7rL1-XNdzWv%#FL|1y8kah{KtZ!xd4 zy!bfJSa6APo{zWBmT{hsx349Qf8sv&urR_n)1}7wTpQ~wJ~TJa-oD!Hn<)pIt~}27BI_4R467SwVLjtt zs<*+o(90U@%r+bsI=)h8qj5f4)A}4@apQ45V^hD_$7mDlGGS-K>&%&Pm}M6KZC}N4 zp`XdN<2}LPpT9>^{S!Z>3 z`~OazJ?x)8ATtcHu$TJZo4>F9Gwg5wOxZbXAIupYVE@byRp$qNIZPeKhpWRn3;(mu zk?JrUs}8ds<3GCpWb;`p*$-=M{fU2YZj8><4^|m|c7Lz+Sz*rXZ0k3#&r$Ceo@*Tz z&$B+m`Nn^BKl_+pVEv|L`}N86r3>~47yjY(Wa(%fzv3!+%F}=q8g?%RZwdS*W zz4^>;(C;WR0=!h$ubfJQ+Rh zJXwE6{Uv-h`?Kn^#z8ioQ@_P}e^#H-tLig(Q~f2a|CaiU-?2|t-qVK>=GFCq#gFuX zjZgG*Df{}5ezNeZeliK;{T~93Q$ERvaHHOvjB6Ez5G|c;A_1 zJ{K^VJ>GYPT7S;?(9O_pK5KK$kL)8cpZV(Mvs5sDdH4O!eAd<EI^NIi)!l5o zpWEB#7UTWg-u+vR_j7yqZ#~}6?X9!Tct5vyF58axb9?*Te!QRC8{ct!7^Dw%|NrmK zDD6Bx^!g5sc-Qg%?O9)T8y`AGsk`TRe;43hA=?|45Ww4eRQ zht5{#cEI?MGwmK9hS@k!zsA_t!TQDc5d9i!oLwv(CO-?A{NwEJ2>Dq!QhsJf$v>V) z%g=DEah8uWe}eVd$p(8F_vizQY+1?m@z!VY1nW0F(fSk3Kg~F^GmW!)uJPDD&oj>S zeEC@6Aj1XvJ<0v-Vpf)uRn{3@sPB{A$CMT33>SHw8C$1#{bJ|E(k1rU^iuatHScog z#ZsU1VswS`n&uo?VsfQ@G_RRVSMMr$S-x8Rrq?*H8Txju^I~$H^J-q_&a2J)hJ8%0 zcV29;bEbXXV4p19=)72Cah7>E=?fbSv+e6!2iRad&-!=B&l+ni-YI|LzPsgT;Xe6UVKm?C_p8tN0rgp9>&kLJ zq&{;FFnU=1RqUHRY_P_3f%?C-50+SYM17`@>hG%RvA5}C`pfWy{;sCpllsg2DdSB3 zWd7>zW5zNotg^vI^YspOp0+;2v({(yob}hR?w^e_sTpVKP2+3I_c!}u^mqGW%+|Hc zV;2kTV}*5A8Lw>}rmQn(qxm|+px4(?k10#+WA>JPviuM4hjsb3`xw3J{m{IA&--CL z>%Z^)zzTh+Qz+E!gEdx|f8hP_JNx*j`b|Ideqi>I^IG5he>pD}KXzWMvvmWnf1+>n zk8ojtRmK~d_o=?H&Kk4N^kpOSKGzrK9Ax1O{oU9#ds+KZUKYP{UYi(iI4{Qk_UD1+ z|M>IJ>Ar8|XZ)S~tgv%a>wPaj;~(T_%Hn4HpZQFFG@s!o^EbC&<}CbdK5Hy)Vf|n9 ztLd-$wWaxCg6Hp@2P=#gp5Xa=_cLX>$OO;d8((z7|9`hojon)tUu=Ts@9m4NMJ_(U zvmfqjnc(?*`y4UB|HkXj(i1#?ul_Oi>4Y{s^4@~xp$R&HMyIvZl5f7 z$i18TYsklVExDPlE%)x~tTQ3>vb^2|-)-PrHkc4P_Hh43^0L@DAq=s+*#w{YWq(^t z2z{(?J;7%odwshJp)vPQCOTA0fVS0`FtlVndy?L+wFn-KF*?89e z_mTTGxftG(m&wQau&;i9st+uEW}NYV^kF~ueP=!^Kk5TZVI`k2!NpbzJ6UNhl|nDmHCGCCHg+<8p!@bVpV1-eFg;fNgY@m} zmHgX|I#;daxqRlv4_5DH>o&dJe3l-t?jhzsqYldh)@67}{X^BQS(h0H8Qw5{nEnnL zXW=d5%-=D7xYyrRht;}q#viDksrygk%!iCKd}{m%EFg#XWNnP`_4EE!^T$m(hrcq0VYFF?1a59Hvh6nUvmt(T}#=1mNJEF}{|gN0Qm zhR$QHyVk`2|E{WRgNb3-b+YY5-@R+yohOEV=6g)^voQ1an;5!S*neWEu)&t&y?($% z&qCX8_r$QE>46jdTebNIO$^;k51#0EQ`9?TVrV_lzL+sTbYd7_a@fQW|K9%D!|3pd zp~j4DCz+Q`^lx46KVo7SWZ|fZo*`0~y{sKAKTF5Re~S0lvGTKVocv6BX&*=B&GiTv6>z$-utg-psSe29Y>vY$r=od>R{bGEoe*M8X`&m9szs@jz zx_&Wdg@v>9>rDMQTfbO5SHBpQ_3JG8FVZijm+BY875dfd^(*y@*){sryw3IOZ1>-w zUu@i@U##DvU*{O_*DqFY(=Wz%>DRgT@u2+79+IDhhvomHdJE)d>2dj)SLHv?ycgwX z`DOW;ye9wo*87Y641bfK(V+YnnE$r?tbQneS-p?sXW?J+vpyvMh5GoZ{H%U1f737J zzsNqnGS2*K&%Khhwr*Q_8h+JB=%X~>Z}}xKE|uYp}}bNICNfRyd(bq?<6a)5r<*dVXfHjHrdCz zap-4#=%3f-hK{{pZP)ZvvH*S*Sqg1`I#LpKdUFoe}naYFF%VX$j(9V^@sI~;Sv41 zQ{G4Qi}lC!tLYQ^b(hzl(yyj}(l5qO>(||UR=-$yPQTcAUcc_KzXAPf`jY%iUY5UN z{;Tq{@S6N=)a1X{yf@@;`d9gxyea>E{JZ=t4$9B)5Bcv`=WY2Jy(@q7`aSs{&^Pw8 z_`duPs?RQly8O)8@{sdn%J6~wOg@zVVXyy7e%4rJ`my{A^o7muj!Qm~pYf3VkLWvl zSpHOgrk~0GsC=Kx&-e@Z8NQVNG5usOv#;c5_*(wQ&1=Zd3Wu2fNB$?|`$m2izmuQ! zVfmkQ|NrD?^(Xlm|7`pzxxyrWcQKC*W{XS;omF|**K{%COctNyGwRh}(m1mb##vm- z{HNW&oI0#7KPe2evce=klXku0q|ncF^dx`RQIB0LPM8!btW2B~TAnjLdD8!XS6*T2 zq_DtseeR?XJ#U?PlR`J^tTIg|h1M7JVg96$vCaV&R-WXuEu1HN*yxxPYE0Ld6xv=? zpCuO7oD>FGW%82iwI_w%rt3@!b*Af23LP(deZxuqH(H-IGS0%L#{cZ~&5g6L-J~$Y zoE@*|;||7I+{rkzUG(c!>$1%1uEv?|Zr#^hvzLWbeHQmtr>6cs=CiP$`K+_>y8HIm zcgEfN&gdY0f5Ux;=sPQHuzaZTzwmJ5%rfV}>e0^Qul9S4^I+q6=kccfo!~rJJjr=5 zIoWyqO}&!yVEI(%!P05Yn)iisYWk&fV(lyE^qKQ(I46exI48#6 zJEzaBKkS^C{m(hE#`p{Gzn_e=@U!{M7oHsAFU?zGa_C{BWwO6xt2bhDX#2|eQj>kx zf^%Dbau{TtZC|@y!8o%~#u>Fv_Pd|zv6rPWlS7@wv6Dl`zwK+>E!n$ILQpQTCW|5pz7vCak??EKcclP8Cqg{hN$ZoT_i{LcN;CWn3&r%w*y zd-K@EYTIPr@nzpLCx@0{`&)f-NLgm{J2c}Cbr`Lo&JXTmKf_w;{Lj3#)nUG_IxMcI z&W|jp!)VjVVF5F?{N#Ew$AX=;TZd2#Ap%o*v*7hR@u6!?{;Ly zItSQbyqNE%Jl6Y$*>T=C^kLwh!#AHL7LND+XnLae#}ewXm-UmpKbW8H{n28*Gv#Nw z*Er*IjW22Z0`pnA$T-6#>W}c9nU~rR^ULg?rOWMqDfe9=FUwcT%j9Z#eRpYkt-MTf z;|w?J&ocJOE=K*vS-#W!W#y}w&+I|<89k!D?>?`9vM#Gb_A}D{ z+0E#4=f!fvdHGJ(_*?y9nF9>pIj_;`vxjxoSo~f;Th(KU$*}Wc&SZ?bKj=S8th3CH zv0i7H>CfJ;%)%6Zrp;SqO6X%)VoGSRz|QgNjF{rHJ*>CPlrYR}`6>RJK_6C_;^+F- zXT9lfri2dPAzNdaVdRuB#C-e|&&b=~#3`Yhbyiu9r-atn_@pVJ`JJ;h4ltW+{v>^v zG9~n|#u~G!Q$pKh``EGi5Se?!>wb^R3Gg+h$mgJS!FWI z{x`NRvrg->!H(I+H?>cu9AeJG9Ivyl>1NJ_mCcGCuDLH-VPn6rL{{A{qehS$%OpDBayBCfHE(fRVT%$BvBb6I|-7s=1cW%B#3;_~J4 zv(zU)3s=bRyNl~r%Fo(W^0Rcc`s>Pnjrwe`!u(qG*K^->>a)fLEavJL?C*N@Sz(pQ z4eI~S{mfXtQGG@?>F@g1We?Mv^|yJ=whi>>7X4-UR{dqvufH35oxMzN(_hB7>+eR^ zW0}bv`pa;q{%-7k_A$Flf7xK?Ca&++UnckHFKaAz%3aZ4))_Xn&b{(8zE6IZ*|M3u z_sh@t0r^>Hw7K~Y%FjBhEIlOu7W(zD{H$_-(E|CmRF6F@J|aKsY}-nmN9AXogDgHK z|JL@&Ugl5A&&t#C7wzL2<19XBoZ$uI+o;1{#skJ#VaK-i^Rj+1dPTpOzN%l_=?nXq zzph`bzNuf^8~>a6EODrL{de7uq*59*#Ms<02vi~pSZThAD zFnq1gU2Nzx(|_wT^Z)4c&gy=n&n$kc&usjl&$}33VruAS+A`H=rCMjXsiAdO>qk?4 z&#Zlon(BLI)!`7s=&7M&H?K2erFCi;U^HfG2)pagME5nF=027<#B|nF-+}0Q-c--$ zo1aYe-G;_jn;JUzw2#%N`c6Z6ILva#RKJU4ziUhl{j9F3{$B1|TYbi?u*#Ob)m>+* zf7`atb*F{}%+@!)kMr5ke3my+pY<)Q%WMbx+1GkI*$=awjkCPB@%{8?ALC5-H_j>x z`&<72<18O6SM&N1;|DM^&dQPIGdV`CZtEXwT^2daaE9>%-On-$XQ{&q8fYu&8QtML8Sb>7%=KON)Aa7CzQdXKO!aem`>ss&b9(!_cdDP$TkpQ9{@Ya@ z_OfvQRNtxMJlJuR{XQTs>yOLJ#uMfrtxr#>&zu9SJ!9Qt%zM^2OV3%CWk$!E#{#qG z^_$VF)?xa(b&hjR>}BmQ#+m%pIz7h!Zk+L;{j&VF@#E!x&p3z*jrC)Q<&4K{|H=kMMBnR90PxpQWX#gnZ2h4(L`ue^UxHvYBuBhw$87n2{I z*D31#;XjTBx$H*tF1ksy-|}&Ce$7p98EdIW5Ge+2_*J zLJu3Pv9kQM(0020tuW2+46FZ}X6uc7`QxwiVuIo!Nn z$Ncm3bp!L6Z*H7nYx_T6-EHijg>ChR+4lN#fq6UV53`;0hlO4Ar)+#T{b7A~{b6NK z{khQo_tqaK`|1xXEL>#%0qV1Ip#CsD$bK%i{xSB$A_tis>%1vv7+#SMpYM8278gaGN?;sdu|NEZr$D!`<>;tseWBvcdX2@?PWmUU^x+PybnX zza*~j`uBSMd-WNH)o=QP`uEw-kNU&tC;ef};{C3Faqi3*9xy*l_x!$fSz&qM>7L&= zf6?jw+t2u7(>=d$y(Ol5e&4yYO!xf0eTHt-suK z?;YnCP51o1d8{#8VY=t{jsIr4=l88Qa=PdD-8X8w=lAu2y-Y?=_uq>4(K_Ap`|ck* z-Lv2JJAS(7_c>v@=l8w7(sa-7t2c4F=l7jgJl*sA`aNm7_m+KfxOqKgy65-pll`nu zo$lXS)MbJBGQs%lsl#lRIxNms=TB@`hhd&NPus_QePn$VePm@-eSF62 z9s0=f+WN@Cy88I6eX^Uy_4JYD-|6FXt~by}CL8G^E1T%!^Ts#RN9LRBBdc5K;|ttc zADb5Sku@d**4;)Q8MDqBJ6_a}?evk2?e&r69p!&XzApJ$+(mwd-Q<5+-96-IIhCKq zz2yJ1eeEqj<9+3S#d+^1Kg+BzIzawc)$Nv_(IN7)&geDwA1Xgfhsn<}TWjhcEs)T%EcWS3^ZE*Xd52fp56f5S3&Yj=@~-?Wv38BV zFuvCN;yt<9%lJC)3zpgOzC5}21#28)<9hFlx_UQwUoc{WF*`pnpE(O0W|75zdVjH> z8N-Lpmt8Eg!kjH1@kaR>-y}b4jQ*wn>}G>ihMVR8*!s*EbASosPpr=#7FlD;wjt}Y z#1aQtX7Z_Z*~<#+tg_=X>$A){huC1@bL-zCKO;66v-1nksNYWdF=Lz$)Yasly(o58Hq9nr%P2USR*MbFg{+i1Yi&dhBJ1b%sZs z-_NdDW{pFvv+#?4v5%FahJ{9i_)qGy#xe^} ztIrAx3y<)>?dr3}29xL1Uxd%A&jN>8A5eeM5uRgFzv)ZrFE%2S*v0Hs{bhJfe;2op z*Y%gRH}sd`P5oVBM92sAmlal7WoyfbP<%&!S*zX806{ZxOK;%EBH^mFr>d|}|wQKhVM9)XUQ3%Z3W{? z&+u$$nPr(ky zy+VH08MT>rrTna1B|oF9<)3LiW-MGIf79#apJhMnVaVlY%C_0+vc$sm@-t;J$N01I zv;MLCtb8heyZWEW&%)30GhVjMcg)%6a&4iHH8xoIO`Gqdb^oX~&px_;Tw54od3>Aq zg4ZXs`P_T!O==5uCX?HI?!Em@Y4cfp#yP}nn))lN%Rc5a)Ms&y`m30qsLuw6nXlaD zbMNhI?KYo#uP+7jnXz-#=KIHdRyoYlM(VHTdQm39R=>TWINY z{b*ZA89&|@7O?VSn}3_K?^n!c@~ZiaUN?U;>o8^dhWV_1sQ%`1e57y8{^fPXpXd`4 z)>vS)h4olusrfpiA+I;D*}A1XOj-QY{uzHJFY8RUQvY-B2iCr{e)GCv{jHtPH~PWS zcj~h6gY#$ONB0%g``LLi4Kw|Ffa`^3`u70$F=KU+nPCANi_P>sw$^Q#89G@UG1I>b z$hXW)|1My^ENsVRXZm*m>n%6azYAC|GJkvhTYjeRG_=1JW`<$LQ)Y(Z4(hU>=`8hk zG=I*_(8UHTOy8dmRZ=?Izy0iVQZvV_WW`=?0 z^%^sMf35r0ni+bStuxcJP+WIrXxmlY^=A6cTlaI2rNT_VdujZ4Gea*+tTSF;e|DFH zWo8@5&uByW_wasXA1iFI%FaE_XU=pZ`I)hps>^Zm`M%&BJ3Of&S{|@pq>?l8T77w=1oz!R4r9QKr?dK5V zyV(z;)P5NDv7bZLVK=MH8Sm?LmKYsooZYOk%5Z>w9B#b>^`q&*`oZ!c`jOe+;rhWS z(+_5BJ3`$fta%#P^^a8VIQwPXW53MUaTJf&4^~gq50+2TkE7jxiheLYRX>=X zrXR<6U;n}WS?tvhR?gLrW97KR`+@nL-VevQzRUZeX~p}2)d#&FdhGWR?+3#m=J4@!jE9N0sX8D{R*9?Dfz3?ob)1w|M%omvzTF#Jn(OG_`Y@7?2FE-2X zDBIuSvqCp(tg^Ditk8Ov^;%|yjOmiI!T@WGd+le$tkA>KQnUPjnDv&P723{Lf0afgY`B`Cz4Ho`r{S{_~K33Uajh*M|`)_9X zdB4{=%w$FR&sT4v{7fdxe}OveVs)ncO=rtrw%#21*=U!a(LDJtbl-gWSzcLwmVPV$ zMb=$aex|F*&j#a*&0Af5Mji4uuh*6T67_#4KdT$a&wRsKJ_|&DH&UOCPW2gYt^Q@^ z71d{D8~b6tt^HhXoZT#KXFeO-o8PC-4(2o2$$nVwvY#tl?_xi!vBt2w{amTep7z6d zFZ*e_ul-!*zWtmB!~V{Lb+%n?`~dS==r*4}L5`^O+uJ{>}E;V?N{K&1aR-E$WcCV zPMhW5NL-(;zs%2?<=Io~o}*v4nSY*sv2cNYvBKnb`z@=(`i1JSc8NN7*!QLCFu6<} z*4cKax|gfNN}oCmSE_TD@vHQm#cO7TI_uZ!``zl~`p)Y0`p)=9eZR;2oAjNPoAteU zeT%+V?EltTA!oQv-FKhz-UMt2gL%<{V)9mhlDV zzhj&=)>wMiI*-`@d)8s}zW%Yw$3E@{ypyf^M%|@ zztle#ztX=a)c<;xpZD9>fAop9Z)W*e%?RA|2}))viyr&Y%DU{=k-{B ziP<4#zVvLL*JJ*&vwdEVI_zdxezxC5wvXS;_IW+VnX$CuY@gTTKE}_OH)^)e>ydNx zY(EpS&Y0OgugAOzvz>|an>gF&^>{s=?Po>SpE}#;^~f=Mw$JO~oY_9FN1l~u`@A0a ztz|yTOkS|Bb8 zUber@XNNu(x0>xUY`mY@`Df$B*}hxHHHVpOGdmPtQHTAkZ#O%HSFN+X`pkAxzj@uI zK1(dTX1$%&XPpfec2&QopUfHWramhyyzY8W^BL`BK2vtSAt%cWd#lfgg}-oL^PBEx zKCAni|5qNMK9hshZ+eLRzbR*C{|rai|KIHAD0SFiAFD^}8>1e%{%-##SeMy})@7CP zpnd*+wx9F6pA{C_@|OLc?0v=hDc)DCp6Y$|5B)yP`--L0y|0*_>3#LKbV!c-# zCTFYjj``=R!%|rt7B5%lUF%(?4y)J7!TdTo-jnAB`(cF@mTp$(edD*N!-xwQGpf73 zRUH=k?T7Jg_Va;y%vie1`<&^$^8Qnu`^;zYe)E|=VE%{t_PF^?pERG^%_jrW}!v$}Kp#QWt#?`sx6ay|_Iay~=y zvdk)nSo+v`e(HYqG5y5*g7J{|#b?HuGx}WprvFv{bL)JspDZ(cp&q-K4ciaH|Mc@q z_y1`BEG|4JEMT(u9M70|eW^L2n}wz4ger^6%n7YuyMNg^A!B8^Ibnc#G$+Ij*JI~| zo~GmG_-+vU96u+t{hJf!_#IsPSZPieWSBU|cRs1ZUREc~@tuP9J!4Mj_{RM9IsPu~ zbq+Dio#T0ab(1-s=QnTu9MAJ}oY9MAK+pZzSXHplb)`nAR!&-2?a zE6wXQ=Xjo9ex|IfB|ppS$p3@!b>(MyJ^AS`%%Syv&W#zf-^tI)`ttv1oej)qiB(oM zGXE#no0!kgsXik{KU<&OOg1yW>E`DDBF`4)v#_Q5EbVOmukPE$e3n^dX;<^ZQvRLO z{#jx_>kJDm6$-n{%bXQPd&s-+QXyl?8v9t-Q$Lxra}o7Y{bb5vMtkY!qD%Q*cJ&$W zt^Q(5g$BD=*jIh#42zq$pK&(W&&vMBm$2Re#+h`R&zvnS_I;rJFh9tARyf2e+m>`6 zyIF6(&PMZfhJ(F6!v5IJnEgyR#6t7+rIzw{U#~N5zRs-qI!n#hm$u*L>&%<4v(kK> z)#mHVSiku?>&@5MXui(;5bw)nt$V0G(htr*p9>f#>NzvkS~;TDA_8i>?0~UTuAruCcG?^>zLnt>`-U=ZNL& zjkDfw{z&`1(>T++{kdyi-)H_PefpC>k4#=O&ip;&qs@EYd{#bEhv9Q|T3xf3jsKd@ z;k1@^?qwnNq#(1ngvWKPbjkElNevIR<<}+ESJq$8hv^^x_t-n}%=w)H?_E2Y$ z9TQwH-5$y;F4rE0Sc}?2VI})mp*{4mFtXiu;n??t_Ru*|-Idxy&IX5Bnb_`gee@%4 z5B&_Y+I@GMKFn+Pc|NXJYY!DhYqW=!$;Q`e_c=Z+w1)*Otlu7@Dc0SvJ#@3&*&eDa zY|$QCr>eVUyWbt~`nK(1fTiu)J;SQ*_U)mEg`JHv-NpEH^L8`N!k+D(|2Hpf_x!*0 z+0C5QrhBR1CimXzGucO-=5@C^Gu1m#9cEm>>QVMNOTA;%VRC^wjLPcFmggdMm|UU` zvn$n^V?XR+<7)e1@f!PS_xg41p~N}|8E$Y+bFIr>mTq!Rtl#3C=Baa=b7FLdb7JLA z=ai^(mvds_LFdH!Q_g9={k-6u*m%W!7G5)dW#cvTS!09g>*lZGKITl{aIVd37JutJ z{^DF2{nfdy>OOX{_@;AhUbAI2{rQ`7WrGV?{=0syt`56d9n>$TZ|PTu{rp3}Sb9&t zn%D2^*Bb7t>lce3=ocGoTT`8n^o!vW{bI&sEp?eO|6Cm=U)bl`?qeq_U(3a6LoR0j zm1`aIzm<#Wcjm9_nq4gZPcEiE$+e#S{2~_{zskkJVsrhQiSfnfhHi$X=7uV>rRVxR z0P~o!y3Aa^2VmZ^bN%eqyyfQlJpl7qV~K4W=pRe0bCAjMbNwEG*H@V9_W<0_I_vD% zNPU)>t~l540l0tUT)zk4Tu0CKdjQ5;=lVSW^Ty2edjR%3cCOz8P=~{;v)C!;xVe50 zz&;r^bv=Hre;;rk%Pg;?J}WG2=KLqB&k`GqWA!(;U*;@unDHd_x8QX3S>kZ>dY17m zT{CB$4d$z;vz7k*R(+-%VwD|R+sA75!^Y~yS?#c&BG)pXrS;Wejh)-r$A;=N<1nim zTX$PII_-za=JIZ5oL#JKIoI#fSbyueKA+z;Q^v))KA&G5MmyLqyII`Ed9%va9nELP zcw6Vq662kWvxjxo*x1f_cUfl#=iPKi=gr0*&U&?bIfPuT=N;u zGk;g>pKm@J7kGcLST?>JFEY;Z#m1RlqK~_~pBWoh*eA0q^vtJvkvVG>eP(j6{_kbo`;D{yuyGa^7~k8vj~Qq2ap%SA6UO&(-;>4} zSIuXMo%^cGoXMYzH+|l^`>D^I4K`SRLGJzSb3i^;UzCsWOU~y2bzU~k@QQJ!Z0&a6 zYsOiqIZsCK8b8pykBl>AKTBWBeGnV^#QJ}|Ul@Pq{c^DDh35HhA?qwUFDziZ)I86& zxn5?T=l}IBnir}puP`sP9%{YTdA_^Byb1Hd0JD|m`B|Gk2NUOo9wt-f`Akdsrq2s) zhr3SZ`J5i>|8}0w>9N0#c_GQvTXSCMWxX&j)LGkbUg$VNj?LzUGOL@<3qvdx=lRS( z_1VX4n|VHSL;daMh0deAzWqEuqf>v!d109GZu3I%X!DMp7y4N`exCo&v)+mGLKpLs z=K0+(`zXx|Eyr5#H2GQK0+vpf|2Xr{ke}I^^0U+{e~l|d^Qu$A`5B4&Iv^09}FA^BPRO#U;R|L5|v@TL5Wzn1?@*Z-EE#c$+i@~!-5$-^?! z@8oATEPt|^qS{4D+`|JlxsIjcX*&$K1+zd5c)B%z=2QiYOAb7wXsCB=j;}JMlAHa3dFv;kk5x7pZeF&%$Byvv#=rSK3!5KjWk1XWZ$TyE7zIwGe1{;hV$jW&UjgV7A}&X z;S%|C_gyMK!{zc{Zy)Sr%A8T3`7B>y{tfC}ZGO`m&A-w6?r!~JrJ`Rf-K$?WxqeW; z7(b+6O&`&(o7H_>zgT%mzgT`nzizRwntn0+i+-{ArheUOopaEId*(vDG4n$o8)N7D zZV!DJH$QaV$qDoQ8>jtpm`Oa}{}6|-1wA^F; zRp*D4*=qB{f~ITE4^c&qwdaR!=7ss5x%58y-Tcscuk|*V@7YUvIKX_v`TmY+e;dya zJ&ZS*@3VZ>>6{4^ZhQTdF*&l4we~jEr0WR z8~Gn{|90{-+FpKUJIMdA`*)O|QJ4HI?kfKR_w6A+8+*$Ci0i$~XS|R4tnX_-Z0v9U zk9z$8`)8xu{+S$`c>8DZWczZ5{(IGDg9})?PyH9|<9_v7c)O=p${q$q%B2>C^{%5fXL88b)`rY zfe{pfbyd*#BJf`O`TcQy=GkZN=lyvTK?g#i}pPV?QcuGupo$0pN4!h8$+ znQl2PM8DDhR@1^D!`Ak*$)4X@-_?G$rcDc@tfs5~lKW<<&khR~v+e(#J{tBjnxj5z z^VNUZJ`S>4G%b{j7EcSkujq#>HRCM%dYZTIjI-dHdgR-xt+qJ5islgVlf2{zKGf#EJzQlg>R4l!h-`szZ`Yf3Ky%*=E(f9?^ftzANo##Yslrwf`TUBS)BC zrGGZBR{x*&vBl&X{WH7P{(qU{b@sE>vY+ww_P_1<-e5oLH`>n*<9F1%$(&hnqU+7( z{BN&wnBf+EGP_Nm|54`-eKO@_*E{W>Qui+VncVGt!is(Wb$y@uY?taYf6$!%Pk#@2 z-?I6z_bp3KvGb_s@UDH2$w6OI;qOvhKQ71r-1np$U7xm}?Y8~zIsZA&jnVU-+xzZ& z!E$$P^vVOu^q4|pati5VKJM8(;T7EZ${p@gz?bq#JX)V9w zS^q5F)IUr1uI&0Pf9{z5)t@`I-t*^f6?Hx|Jq)qA(sciSMCYtAJ@l=*mY-Lj?z?5z z3iWlS`#yfJN7MaX(OSMwczPISZKLVFlX$HVZ#+FTR#&%ox}SYlZUXa>$#TB>Yw2@=`V1@7XKgq2*VcEx`fTr^KFht-U&sBQQ=jbv)L+;7LDRzklY^)G zzn$tFGTry~$aUy+Ka;P{Vd}GDhuNU|>pACe^;sUFKI^IZtgr85&6Ck_=E;J68@N8+ zJXt@%JXx~7Ax}0>#;2GkJEzLKkvgZz%RG~p_0#R&Sbt~O&xjRkY<$G)%o%f%O~$=) zafB&5%-Fw)x@@t%I}_ta;&Mg6ULtNP6DQJ>|w=eLdh zPkMgL+MXY4zw$h`wf?Ng-_OOX{NDdc>%UijC;47ip9MP%e^h^G=d#7{hWcIK^1OG^ z|DQZ>=JZ2%{

    RX3B!`-^_Pc=XK1N8OPXSG)?~;WW|#0x6OCD``$5MHveP3ET+tN zhCct#eA!}~CHrPtf7g83T)+M} z%-Sk5{9M2L*qEcvsxv~)Wc3+gvU}Y#!*@i=#S!Lf%V8ChW^6NOw9x%*vfwByhDG}Coe>6D)nxU&vW_#$T-}&#BEpDp$`-FNB?pGB&Bws|o<*Sz+2?uF*X z_#*u!G-ao;8SVe@kJnO?2_K3=~@Ue>RbmlgXy>;9YNWs?((ZjpCi7V@(8Q}tQ> zO#S_Mhx*L#QlA|*KBw+I)>*sPde{4%J7E6`k1_*w>~Z} zYmdvzjLk3b3Hw>GV!Fyq->+{D9A>=wOy7B7UThrT&qdEn z->(BJ_`_5&`XoH!4e&0D8&h+#9=D;C_jqLBbvAl;m zpBZZ(ndxV1P!5&7LFdXTqdrPHc0M&CSjA>*{iZ9d?**VXjBI<}h1Z z%E#JP@*Sm5W{kJ?JlSMDRhPp|w$U%+ZRI%H-1?l)oMWtQC-*nxM&=rlk-`zew@B{c0My!jCL`ve=ECR<`7iR^IKYYpn`g>@vA)igpE1W+ zoiG0-)-RBsEtXv`l0R3UDf5fvXShWEOI?3Uezw@|UVlgaZ@Fg1=rZ|PWBuFuzFdB0 ztk}Fl{_oh&oXzjb&xG-1_FW}Eb9UHb|K;X&wft;zis?1-UtvE-nbZFV$j?*C&o&FD z*U5jSbtX)2ke?Z&@2Y>J{OsH$Ka=mtf0gSW$j@+#{A~VE{;S=`A$EQwKf|r^Ut?a( znEgzC=B!_9&bQ0Y4lB0qkpDXSnKRraKO@F1a~qSNb#|ECE&uiUW{c51^0UU~4fb)A z&3om)(S8mv`nmkf*mINo56RCq$GSc$|M#3fEkC&n*81CH|4+8>yy?Qzh#}(pRNB`y?4xo{&8#wKe7LR=E5}0^4YC(=*w?>5B#h! zz23!!XPt_G2hnu&pg*Y>nygL6-s71 z&I-M^tGDYc-?iZNnX|$;i&?XLM&o+^tT4p(@>!wH=+m=8-<|qn#(b|?VS?q}>fdD_ z2U)RX^E2v?d7UXM77Y8$3LUoCf48}Oc9ws$rQW`?!W6UpX8E_Lt~ttrlPnqEs}3`E zIKk+1&iT3AOc}FalRfvT!+y5dV#SIbHh$s$0XbP?n=zyN-N!+;Sh8SmsSl=XbDR}x z52(i>hW*uH#J&gBWyU5;ChUDkeGahpdHu4^o`>yYKNGf?v0~1~Bl=;^f|D#6KdK*& zuwsWD_CKbdFQ~(aQ>?K$?mUh%W_aAW9AL^3X6&%V`V-FMFiTeKu=b>SU-Uj?onuTm z#gxsb+|Qf^Cs{InTE84&#SS~{f5!Tk^vjA1%`a48_Y<|r=nH*`Jj8f;k zWFK?ZzabCvW97q%Gv-no~WKhtlUKcf-rui1B<{fut3p9OngH@}Am=EG{j zd?xkzTk~P_Rr6t9$@`YM{9ay0ubTs_KYHK%$^O6E&x93=j{1Lg-#^sv`Y-hv{;mFB z>|@USzt&m2YyGe4exMGMm1l&*An52O9`^M9_HF#eqVtPj}#u6b~f>Hg|7`GRx*r@t@ihqVJ{ zhw<)pGTZN7vH#1n!w{20>}PS9{qL)Lxcy9yw4d2g_J82M={8m%vH=ZA(%Dfo=-n>?~ z?=|yc{PhWmGH zg#Hce+qn^1tm=(0#bjE;cl+2kqY*}#&T9DVL5|rC-|Mq>Xf+x>Th#Y_zm<7oeaDTE zuvpRvW6YN|{F^;Fc5j41Hur3Vk`;S<_0w#GlfLESYj@eta?JZ?XSwh3zG3*e_YGV3dEe~f{`4;D{(9@F&ojOW4jFFg+?zw$h$tIOf8&)U!S z%l6N3ZlxdQujz-;>-w4LnuDzWK|d_mJInPS^}{yD*?dDkvt4tD>6_{^Osd~dhZ*Z{ z>4!1vbJXJ?YkyXs^}m?UT=QVUf@2JS)z3WZe>YG1;3teSX4PG1W4>I>ng7fCr|a9! zSzzBgax-Ja^xyU`G}kHn+4`^j?7Z*&w#fbu%?Tr{tu)7HLatYy6Z&KKuQn&-tgk*N zOtQ&%v3d2_&o(>kuz!i`HRgmCi#6wjsqQtKOVwR_P8emn?wk;oS?2)DXpVn#>v^p= zC-f{=cl|lOL&g0ZV{?N!euhiG9AwzYepVaXznlAe?Pu$w_A}Yk{(jdVx1Yr)=7f?- zZBFRj-Tp1-_zo4hwwe>hnQuMEcd6)Wn>k^K#kO<&U9I)LIic^9>TEYBWGuFy6DFAN zFelVMCGU=N!Z6!A&GA{6K6jZD8lQGuH!p^1=Eainp3a+YUQA|~7t@*MwU_&5nHQtk z=EXXjP5I`S7d!LKYj5W-FfTS2%FnP!{?Axv!X%cT(PH`caV`hhTp~ZCrSgAPe@vM# zlb_jg`S+ERLkuhA?_RTSKlkq@KSRI#Oj!S%{yEIzllFK0l>GzVH=nk@>z?*A>}CJ{ z&fzfQrg<^!ZC;<(2Xn@sF)tR3zu^6{k9jd?hvBp4^+o5h#fnpG?rUCOl9!{b?`K{I z=$`|OK4)Ic*mIzHGGR7gUX1oPuf#P6*1 zoPA%`_kr@W-~{7D{;#;7!%Pm6pB*+1QRiU!8GTuPwiq8O$5-TM$qt)`$bXpg4wat; zrx+h5|DgIDWilxL;rcjSezsUJ`KtV1RrhQ1GaMm5Ge%!?{dM`7vFu(SDgP1b93?+n z9PeJI@_$|b9Aa^_{LH=~|B>!HMt8lVcb@#LUm!o5 zSIK|8eH>)-TKQSKPW}_@Z^_T*_3|_PQ2rsgImF~v`I-J${u9mNC-Sp>hy1MAbCUD# z)+gKd>XXGI`aIeGNA=0twJh-a4Zfte>LZi`Lnhu+H#1^-t9Y2Uxsp zozW}ypC)HzojFIDzGgks2b-+_(K>TZF`l%3y83TfXY)_i8UAAZ4Ck=L=0B{nVE>u! zd)qq0lyxTTKTEFvS!c!$^DsB`pRGPeSgbPF@3hhHs&jomzx!6V&XSXi*06rAzL~T6 zVe2f|7IMBWXoGv`G2dL!!>xMs%IN31jS&JBGR z>SGh@tbfcpvrXsvZWQzT#N05%xHdPm+1$$hi`~zJ&28uUoL`;3xjyH&Z@alZ=XW1l ztZlDe_j*U?=j!gHFSd8qFOyy7hTcnEGi6er8^)PWbN;u~o9TQ;vz*T`+xg#Cx1nD) z=h)A9zWv{^Z-M=+FSnn`ZuVbhf75=Z2kM8-Q}uJX_0#mjDANyHY+T{|)6JXl8J+{n zvpk;>*JpcftcE>LM(2CZSE_TNyv#0{8>YI~-r>Cnch0rzge;VWAnP!`{H)N9yt{hQQzT79;jQJ>AW`rp&-LYjk9pTWcpj|&=z07=A8&ddUH{~HF#5aoTh!}VXT{0x_1o(FkngJB^?m0u5A*z+ zZFN_l7l!DUNriEC)}80~?dpHSd0~+GM)N|+u(98-$MDfv%l;1>iopMIqEQ4 zGSAOyJ7@X4&{ud4yUp|6XXe{KFHA7(KF`0Ab6?YbW_#PuXu$rT+W#f{8699hTsCRG4eBG;{kP!m7fVG znK6FQevYtUhxOy+f5?8eSa6CZn-A-QqpTPn@xI{zo5#z~f<2F#;|cOJ<`{EEk2#Nn zELbucl7HOuXUY!8yVobm|F}Lm#ENZp*!P6`C&|x*6HHluQvWB*&w>?8HlA`HbEe;v zpB3Y$)j36eX6!I$|1+M?sq(YVDaLI6QcjMtqz^Cs9HsoMSkMo3g`Quj!-U~<`57^K zR$UG(0tl0O0Jj|G!DL>n+|60AXpAkFE*#8^-v&9ytSg`q9xjD-CT=`#e9tW7PU>KJFcj_@=!ZD_dURIxj z%vrL<-dEIT%KCZov(4J8=5>+%EHAd7^>5i?@PX(07FU`dGDd694-;M2o$s?ueQYp4 z472#?e4o?nf7AIsr+2;ie4o>M4%^Q6Ilb$?`Oa{?o&7AgpYM0FnFIU&YJCUw+2#Z* z*8k@Hz+omks?Umzzq{T^eWsjbhjB+=yUh3fJo41lXOn&Za2_)jyQ!ABS18 zVl{of-{qq240Tw{Qimm@xAn&+tJ(AY{JwKJ#iU{V9p}xN?|b>}WB9jy9AGkczVGGt z{+Ku4XTAEIKR@*U$Nh`cVYEaY*4UWRABWgnIzNmvVeP-_a){|NeX+TGzR&HgGhxLs zb{M_uz7_L*Zf~7s_jl|XTyZX#OrT+Wg7fhIaT75S6QvU;e z9H2fsESVoHcUZ^Yv&qf$%W^Yg&xh9Wz0m3~`-(aYhp4mCI{y8LI?P$JIL!W)*YUrn z_Om`{fA^ZvD(m>)OZ!=}WShOKt`nMHm5b5W?PrbAYU*;3wIl6ki@mEmhbikvnFHga z?e9^CgDhEgufJjc8teFc*M6qQ*v}4YYq~zx+?cV=aGdwuhn;hx{VX`n+DZ1W<(fmR zpKL#4_O0zaW~@%JpB>iLS;zO2+0PE!Oi#0aUFR{Qf2bHH7@c8%l^B4*qx;vzv0|N#kEqX_2`8B{?$tL(Sg^x3`!`XSEk+mm^TIltAJsoc*<|>bdK_TNf*E@@ zRhJ3t7kPg$X7q9QagZrX=Is51^O>^EaaOEtrVkD=Tr58$_SNKL#yTh1W_@$_ahM%e zj4qLX3;UU~&Pm3Mx6}_un6Sf?{aeYw7Hhfuth2eb`#8#kVH^87z?=mO_H3&kChTyG z(WUbDsl!30ESa-+JNGeVo8zol+ur>gV*N7p*}7c)9o&C~`dvrVXU1qp^*G2DOBU?i z$@`2c+Z<=b+Ro~8h}D(m+r4JrF6RAR^JT;d)>yCWgTstjvB}1+=E0mPCz&yxrXP;5 z#SRPhPuCAyY;%egn=@QrWxlK!X6lCn3|Gs~h&{9P!-RE?F=jMdKOAJjk|}!|`eDkP z<7}}uM?V~5$u`^Uo9p#!%o;1!*_iKq=4^733F8IM=Lj=)n6rPO z`fRb_6iYT2IiI5}TJp!%IlwjxR_s}0>5`A%y1xrRZ$iLLNOc`#JpDAn0 z^nH{3EZAoKd-5;WA2UYZm!CQ7D_q|!KQmSgqw??OnmNM{~tW z{OoX?$7=v;VX1zgK={oMMN~eVzYv`5E6Q|9;Nr0BgUHpDp%$&h`EBv&FIQbt(UV z`W$5Rfc)KS_U`ZcLHU_;ynFqS{GWHtAx00&&)T!{f5G~z@-wdNXY_mfzi3_@V)mN- zY_so6`gq-b7Mx)Cqj??R{x{5v*_-CYa?-pGRR1mWV)7^RV)SS8O6>oec`^OFd9l+m zuY)|Fe^_VjZR^b0cd+YsoXhmz&h0wo+%N0vJ?FCizIE0KW&g#|vZ*AFWetQ{g3 z6L#2Q_>k9GW9?Aut1k#cOnVlDHp7|=Lf>J|VaDc%7leuK_1X*kHzO{Z>ZKEI7x7E*)`rOSwC#E z!`3bfLjTe3ubU6^=?lUXJ8XW#JZ3EjqbwPY(f{lPVSsHGY&8~yo@1Rm*POe~TM)*W zEm+|1>h&Ej2!l*mcCQ!9f4p;;GAxmw6>BGWeVP1BR>rcyn zqU$~7XSA36-Rr&OKS}@l$j|b#@^{@={*(3fIr*7>UVhfTB>y*Ev&H%W^0Q#`6t5pB zf7e9*Q`I?0euhKj?_RU#H1jxAepZ9>Ge2DZ%lVw~r~aBjjhn+8N$Q zUzeYqBjxX2A0_{p@}=^#eT@8U9xMM@`aVv6){mFJ>k0CoZQqdm3@6FY*2(gpWB+OL zvz^J$+L`j7s~@)5K1+T!&yjyvf9J~2+IjMyr_T%JXLParOmg|pmzN1^m&(udTk>CE zKL^?Tw*1W4d!hTkBR`AFC*;4%xy)IAQhrv?$bYrgzm@+weZ3?<(^uqYi#;v-UzML(B|l3>*Q@(``I)n1?KSyt@cQfW zGx~%4tXR9zzDfBRy(K^Ef0F+u^ZK*=UH>9Kv%kv!J#+b+{LDJ?GkRP8@4J3SeugRe z88g1wevYvAfATY7|ET-km7h&cvBTyMn;rAOxIuNzlog3A=Woo z7~0G>Tp0R(;yz|fHd+`an6q9uZ{vkwnB_+nhKf<|!qB))UFOU;T^J@AeSBevf2!^$ z7WzJY{cN_-e>1VRF!cY-Ih!x^yVK>{Vquu-UT?L~e>=IaZ($f^w%tPC)o=ff3&Q{- z7HqTUPIKEyex@AjUhgdbUHau9>$}L$R$cxv{W9&ktNiTDkpFJ`X3EcGmi$cFcaJ&F zmY+#OepamC%enG*T_8X6h4TO0IkEgKILUOe{P#JBBaD{F-@Ru4FXUP(KiiyQyj=eK zoyXCxE95WL-(7yTSulK3{s+`!!se&sXZW=I51JbXyY3}_*U!lRkevI-&v;+?*<|fu z&vQTd*RIZ*y_eI@dpSxQR{xjD&nDZ9FPHx%*UVVELVo5W^8Zdf4zs*c zes->w|7H2Fk)O%6@-t=pihb9~&$J~!JM4c|e>ckC_51R(V6)QSsQe5+kpK6*MSj+Q zC_j@Q$^V*tx604x$MUoG6Zv0vP9Z-FmR)a?{||EgOnzp!%g_3q^8e8sIK<9f^0T;G z{x|HuSN^W|$o4;C`1;*w zk?+TM&c=&;Kfe78|FO=2u3Ini{rKEwk?+TsYuiPBhQu|;82T3ZIeGVSu_ zAF|F-rf0~%(z<^Cj{Ho|lAranL4?Bk~rkrAVmHcbjf3^HfuaSRk`>&OsO%_bqvyOe&$q34ex5>}iPvu`a6&b4DNK6Y{foN`5wrpB4K)zOLT| zFF&hiXeZH>Fhhl$6>b{j?zxURC z%owj6`@OgBXMIQabC@YBcG%d-eXGTO@2$D48T-Ar_A%bs`(W+Z@4dBuo!IZa)!+KD z-+Sxajbfjv=zEhmOtGxR{tneOM_DoKsy+u8Hjn+Cs`oK_rkM*9mK(#9_8rv0$U259Vxhk`?1Q z`r!z}R`N4q|6J#@#X6@LvpLUw+sM!Qwz2QAcPE>rIS`IsE2{&LqGV3v5k-Rpxq-xXdzSU*fT#*EQ! z>VDbt?fMnZmu>d;+jofP%ji(gmj!FPdoCPen{Cz(^L+Qv7c=IZpfB_Hy*TD_xcM+X z%6yox@hPUBFY}{4U)GQDd_S$PW94UZocwH`Apf3noG3rrC&|y&$@1@I-zoAlrC++? z=WXO?{Z#q8o+kg^&S%1eWAuw%{f=dxEPhhWxBp`>g$E%Fh#E&qNzM}B6k*ka>z`Z-truEX-P$#}qijxah;{;ucCzrS2;F}gs0w%Po= z>x<-Po8b$d$Hnrq%H?N#sr4_)b&YjaEZDr(T)t!;Ojx_lT-a%u%K>s;Z!U~jvd-QE zz0Q=y4d&AIMsrD=UziIkj0ItQtHyE=^TP=`5t4|aX0I?OoEoIPLm{<=#)Ovcn< z{TJ$d#X0w@!}I}l7#>vT5I&?1i$~O9_LzPSb?)Q(VR+JWV#L0~oWrbZ+jC-z^+Efe z^PE_+&HD5DIo#_^7`>n$HW_`@J`S>YML+Ctit(%JeNDaB)nojI=g#OY&;1Dg*>h+5 zSI?c{U!MEd?c)%ux1G<;LGNtttJo{$KTv^7{Mgv;KkeS+O@&Z>7clt+Q*6 zv$gVK|MtzkRThUKmTN5b9i8^Axj6KE!}?l_eOIUTwHJpmX6r2W-@vZdTO0-%KC;-q zh0`CWn6rK?H(4Bp+5XsK|9@xqZMrx#jK@$uHTS{z2$+In&5 zFxh@_=s&^zY%$(JeYV&fa_)|c!zeR`6U}p{#bJOM3#N7bpJe~8`e%EZ{uyTI|781S z>Yv3d{j)WDap?V~>pAAbWUl!zo@YL%c&;2`$~H6hohk=2*5@w{6Kt`5n&-Gce%4sA zTqJ*{ek?!p#qu*-BLC^um&(u9GWnS-m;VfPcaxt5rdlp4kJ#n#^yQdbCfZ|xpH!V2@9s|8P+Eg<{V>-(Rt3}AWN2Pv-f=OFQ)8p zoZ*w^c!Bdd#2VYIv+qLZGh>qzOjy6j`5b1(ia8q>JD)iVPO@ZtiSs$aiXDbe$)CGs zi_K5V&xFlO-Oo`bd&>VU=j<&%i+$y1eyIHnhuQyauXB{?p#9(R`r-Do_Eq~?u;(&) zzGhx5IL6u$=5@LK9Ax;qc`;@075Zb!=8@*blC=@@Im*1)Vw+KFURUaa89SU{aZ;+QM<5T2kI92`|&4ojZPLrP{`)+bh zCO->KFg{)W@7d2`HqVfsB^%#2$1~+;i<6AblK*CXafBUqn4B&DsC;ZOK1Y5QZ2rKx z=gQBV;TC-k%g>YrEB5@*`RB>cl4Go&FaM96&p}2P$j^+uw>qCGlMCf%o3$T1|04NW zu+7@V^8ds&Gsc(5-@RtN@Omyk3s#ITmH#&Nm^1m7{OmCPsq?=rKcnx+&ldZCrr*ot zXUQoxFPHyz`8dk-3im@vBCe3>zNR9_rqa)pRVtZH_a(%Y4W6$0258^0ULf$Mtcy{H!>^<~{O1;eHOYd9VB|*?7|R&*f*ElT7ZD z|0(r2!t@vNvv$AyPwSs8HcR>0X7d@>56I6B!!OoBtKj1Y1{X({A_cK=_B(0 zO1~Ur@~Hf*KPLaPax!IoTz*!pJ?Fm1Y55sF zBmb}U#hlSERF5r2t1StWtTFzx{2XDj`V!w==JlQ>q45{zFlWU! z^EHJ+Dm+vrC;`Ryv~Fzj|fWpEZJrj>GN&-ImmcDby%?H9sMw2w7zp0Gy1oF zILH=Dw%Pk1^*3-XYaC~jwJGOti1CKbW!T8M|5cZRELpO?v2*`V4koO9#JQ{(y=#7K zveoN(GTLN`zbjXl{r__xTg*7c7Mt(skE0A9_59y=4hPs|!Hhj0*w2I|$C!T1x&B{$ zQ++b#C_4-viu^p4bD6Wnf>TUC;oOznx0(HnImr&=mEBic5{8+xV#&rTQK*g=Qr+iWrHY_6=c8Og;_rVQ&jj{_`Nuwu{p?%Tz=tZ|GnqYc#OATyS1v3En~ zF{OXN5yn|(Z6o_R#GGxG?AzFLVaD37=FE!qkEl1zoLO+3$#ivk)#o5PEE&yk?k3J* z$|lE|vG!5@&U7xrEax&}^fBjikoDQ}vdNxJ&4USZj4EiXFBV*}tXz z9A*;xbHFzHwsIdc))t#9E7rGm-xB*-aGc3fbK1sz9At+jYs=)@)_qLbT5dlJ_Vl@L zg?wytlpTic%y&2W7_*=cV?)pOax-C@EoQrWKeEGk2j}e}ADiqjW&e)m!xjrpv0`&4 z=X}z+Y%}a^->00*7Dw3pv^p%=*u^=_S?p=9O!snbT_4O?Z<-TZtnI2UhnVl}eZ%Hw z%ypXF9AvbQIWc3;boVh~$uU-pW?28M{Y>_?pDDvkdH2&VbGBG;ifuM$S^u1TY!28z z+x?6g?JplQR&24+a4vIZpO=sE7wn(oer60`l#eNEbKS=wmTWWol6>>rcYytDvSc{W z`(VENn6Sk$wizw(dLkd|ESa!(p?n8<->~91JM3BH{)5$F^kw-NGsNn1fH?~m>{+aj zugJlY!wiQwhn>T`zQp>8UT58Z|NuHVy~ z&zuG8nffc_WWwZhx!GZ~n|f!+&FD=1uwZY$KF*Sx6~~#LZQi@9e~x)GXPfnN&3g~^ znK2pmeAr?Alj@%*FQfB4XBKRHO8pBwXI7kKdZGNER{tXTnX|+C#q#f|K3lA=mY>a0 z`S)^PAwOHU$=_7}PWf3Ilb`85^6zba_sP%n7xH(n@0b5G=FUN8rTh#J$iELCl%EO5 zS+Vw6`yY~@`6Kc(JSzXb@-bt^3DzHze?NUbE9yVU3X>a4%i=l#y#U}@<2 zqBoG?Z*@X8!?R-@<;D9Amzf{Reuk9AL4n`YijF zhAGy!Tk1Ol-Oo|hx7W`>t~tQ^4)(KT&%yfIQGJ#i>t64q{+G>jXZc3tY{>h;4R7Sopc-h26`FZI3m>daW`d++7r1S{4LbIz=#VVDWWyVtXw zJE#v1GM(>ScGz>cIS?EWj|XZySIvvZaF-?Z;)`PpW{iXGOj(a$N)zfM1FbBeW= zeopoN;wY=@^>Z3;)DJr>Siea>nSPlt;~4AT*U#zZ&OvrqGTf}6GrX@y_0#nh&x0-2 z&Qza6to_jQV4Zzu$@L@8gY{cI50*diJkGYS@H|*&#pE{6;~dvN^*mVK?s>3whv#vw zb&fE(OMX`DAGSUwKdZatXNS%6^n0KD%viDW3-!-8ulv+pO#iG; zHvgi}%k=p-eX{zeb>?qdzubKsV)H-dz&tDq(G{*&UgmeZ>W>BU)t31zRo$LtzV}}L z9A$kS>sPwoc$uGta{ZBIz6VDiz01NRTOVB(8sD|P=`#N|!TQISg>j~vFZ2EP?%Q@* z7-YQDvM|Ql^ku#eN53=FV>Ht_EEulw`Yh+O#e((O_Ft9R1wk{!m&mWBTBJD)A4%a?^Ih86PPtR6?1?k4}JzB#~n z5BXU;RQ@06j|tO3`McLg%YTd4kC&h2De|*^sr)~5|7G$szg&K{u9yEuyjlLPqxLiT zf&I7Y=STLleXISZefW=kl_{7VE!| zx4VA7ytmoMQPxU%f2!^S^0NMrylk@PXZAlLFLRDDdsO|~t&hvgj3uKd^nZu^OuIg# zA0}=6->J`M_0JC5ES}T zd%Vs;rZ3sg@H_kO_4+IJvwBrOEMJrN=gxgyUN-+|4on#C)7Kl;yZ+rASarFjM=8kLo{yg9Ax@&`x!oA|KrYK!g4eF*{M1A3H!EmE|ab8?_RU#Nv|_u zbDQO1gb6!L+5eP&wp|`tOgPCly7#nE#9VXFog3yv}U7*I8S! zJk%!4k3%eXUmn`s>phl-zTbHLlgoXVwdceMcG&w{=YDFre=)S0AkJrw=yw*T*Yzd|n?cIl(r2UzOtv`e27+ zjJ~Lk%KaQnzz~I7nS)U-tTI`umDLx*n*jj6J{Z1g zKU3EK;64ts_BGFgEjIq>oFmMeB_|nw-Sd0HHAlK0>3zg{>iN9sKDL+~?R~(C%}M8c z!~1~Y81Kio?Bf8VW4&*fv*%CFKhB>ImK-W|39pAgxTrx zGde^5f7-_uYiG*O7MuTa-&yjrVt89WXUoqz3zqD8$DGcQpT)5J?3^$EzrB8e{0tY$ z&xpPMQJ-noi{xjxME)stbNN}Z&G_5$|5yF*$j>(043}H~KXc>|i!0P;G~(QMtzW56 z#^2Q^b5^X__@8=LnGZWxn-6O@n9qC8ztKEdv0{0X{qKAId)AqM-#R<2f8hFN>#U7h zXY&?)h4n(48Jj=$yjb35|A*G|-|yzZ_-FcMhrKJU7n0k}oB5sQ&H7!Q4_oYC+4bF? z59511pRV`WzshYAp{Eg?y+RL8jhxPea z&xb|Fb7SWp=ChV_rp$-+|CtZl@0riqUjM*68CF{1cZb`z%8JlfNB^s?@ONG6_N?%| z`06oUSN*kCgb^0&t?<8N98W26An+BBbnaynDU%ics6oxjU~2LoC_m|C4qf@QqYg#-Cq7hoPVb+ z{Qkdr?YxDbY3a9z`WIFAp6X|@UHvREyO{gg!FVtAv#_uHi#tzAen#wL_CWcUFrKBv zgSPPR<2oM)SUK3b{#<`{Gkb`2&C0_z<{7cfrX}@fk=4WGVR-l!e#hLt9HD+zk5WJD zN9(_|@yA#XW{$NUEQZ#D(ed_q8Rt3CKC^I&dXnQ))w8U1?Nkrzr>kc<=Q&e7%$=>C zP6|MU<>Sv8H!)w*QlJ#eWx$D%=Itwey*R6im8LZ;?cj{-I5i8eQpH;0Fi_G32 z4|6xl&*1m+=hVXr!$^LXZ;^jBb=)RDi?_?ay84)B{SI|9x>Fw3*t&*xR+zs>9#;M= z&zjE9Zsw};tfk-m>SXZ&buxHRooj1x+`cEr9NoevU2n`j z<+^3%8Q1N)>U`F9%Q9;Wo_F1@r~L)jE$i%K^rC%QU;VGxC+1(ZPb~b+K5Zax-99mX z-9EAShWT%(4tBA^m{qp^Qogs%pM?+1pH&t%lK&s(&%#IMpV#kW^Jno>^Jo1t^WWJ0 zpPN5R>`5Fj|4rP_b_QRXf8sahzp3%T7@xOeU1uKS^LErT%NRfFl7GY)pSR<9)-k>Z zw!d?X@p(J?v7ME9#{^Y+^WW#=o8PE0-lLRnkuiQQU>z3KK1Ms+SYB+5-$k_^i;oGK zTGhiMs~e69x|#pw7=P2?{*Cl!l@X)7{^Q)gvHpzM!{R3LkC&hAEN!YD2AhouMo&;L zORO+rY4b6`0IMuaG=2-`Wnql-PO=|tW1&_5#Ieph*}AjH(zr1`Ctv>Y@-Sw;;CRBA zpoFsy`&eZ2H2ITuR#;Vhb3kT_J=t( zZRL21x>#lpb5pIy*4BsZ%ull(EO7KT)|+jNwlojswlWV^S!gp)cC)ax_1IQB^UQ5C z#^>f6$2#+EV|;GDek`-j8f)7+&-U84Q!nf6Wz6gj)^~gLvao~mu*P6V^WRZjEHPrt zrkxz`G$v?ec4y~dh5gJG)wQ$w*u@%S7Ix9U=)CM?byw@l@@~$*i}l*w^~?%ujM%)Z ze7~~pj96uH59i-a9u`^J)A}-GW_NkotrzR;VsS6$XUx`LxgPemzAUrO(mu|!hk5Ml zJgl*g;eM`%J)M7l^|E}R^Rsk_b!?aKQ0vIbVb+lmvwN8rJ6L0lbvEy+4*K_^}Ev6bC%Yin-S}*j%W>#GQ z)$dpvw{~mLdZu}?!a4_-*{0PsXndRVu)KY%&q&Z-bbgi?CGI8vIp)D4EBmwtJ&F6b z2AQ&Y4r~qD86DIbR9QH<)#vZ?u-2f&DtlP(kpDc#$H>phaq=ggApiO5JV}1m*u(H- z`7dyMiu}xVYEL{%`-SQ{M?2$loi{l?Po9h9IltB4SX;*ntpn?nZHUqV>VyxeD`Z-{D6IB^>O=piSzu``58X#{H$^GrSh=E;`8>EC1x*k z{6edLf7iP7$y7n0=+=du4A*xa=JU?;TkE=s^RUK#hGU%P zI^$WU4>1h-8Bf&SZJ)Ls8+0+Vop#1MX#bsYyJ=@(cllY{Q~v9ne{Xr1-BmIM z)&6_Otgv{TcIHFpjf_8Deil!V{}$_ilJl~7@>rkAVIG}hgQi=}k409_80+8bHP5rg z`uBR(f422ze6ICo`TVi|ySu7h`g@%B2KBRkqx$cb|0ekvF=CZXf8Z_ZXXaM*C&#y`{~qhY zcGg*C%+dGCf4lmbyG#8nGy6w*|KK`i^%oFCv8k-)lpHG?}>+E4v zGrtFof6Dw=W0k?v@;_ugEHP#`!)N4w*!|DS&k`fn+4P8do|B)!^YXLAOt1Ud&io7Z zhgA+R*Qfr!SQmCP^P>EZI%XSlFUij;n;x@XFU!y175Q0a=5h7EDnBDuS^As$|7!ee z>SxSeMs@r1gnHP)((C#&|EB&=%JY`~%)Ko?YxF@9zAmeWnSS-K^saiIQs;;2Vek*_ z%&_TcdDzMvI~lUhI$NGm_eZX4#;hlPru|v%Uub9cYu7ug-`fA@z#_GmIE= zfHfB0)_*zkV1)w=eqmkS(VtxmS!cd^oX;I{|MJ$68P-^3^Sjn#1$D8&UY3}B&%D{e zh&9&O{J#BR$lQwN#}acN=*LdRtTVHc^M0rw%Z%C2Xk~T&!}%Gqw2C~eGy6|v)_n(_((iG5>{e>|$nJj}z9|I$%6ISzgaNF<9UH zzBG;@WA-uH!2G_lPAsvsq4}}S%-6>K()^fXl`%(uW86miv&x92yn4Sijs*rAn;)|b z{$+jH#yZO^Y~uVZGxKl#ws1eIlibhZWbi3Q%iDMyGiX!Ktn#y+`EAXcRSqz_ zz5KHow}bpF?Ii!~&cB=dEd5G;R`-#=NxuE$XZAq(Svo}iIY#pG{r zCsnf=*F--o(hnLFF{%6i#;&gFiF49>NlES|6b+}hc}@B;mrxlsRk^!v5` zEV7Sbm;ImDJTG>=Fu26^!k8@?bzEUTSgY6%MpxR8`SiQmelX9NFE+{cj=!T-!0FA_T?V?&HTOggSo2x zSjhSBvmXo|vLBBOUyrO zKUiRPG3&w(hODv7=Ec>=kP-V>Wo`+1*vUHUjM?&Y^*(3*%>K>%8L}noes;3? z*1m${V0_TY%uM5b4KSaX$NRh@`9_TQc}1LUyw59gzS+lnuGhawe};36_jyIul`Siq z-<;!pUJ>UR@AHb}%Z&FkG5y)e%zW}Ej+B2@`#Asjpv2m!@j)-M3yu%6Imb(n4?37z zMmsAUy_))$)t{N=w6nzQ>eg{Z{TZ>B#Z|Sh;r^U<*4WGPYTDN{es%54wy1{{Hm_y9 z*4579dfHiAU;EnnZ)hD@VvSWct)t(@naejM%!a z@vJax)y^^t>#2ifX2)7T=9pjK`m&3aapQgM(0{!3-ax$*^k-qB{wz(>e?$GY)SsEH z)XR`fzf>2CiCd2kdRW|Me302lp0@EpJIkyxv#s^cJ1@zQa`JV zSUXhvcH-FH6jvsXy~)=|9E(vYo-%@+Y1n|5SNdWT~v3(Ye~E>3@O#%wMF= z%@u*-`%|)Wgh^+8Nfg?_~Z@X=na<`IBSjcD8;mXlLd{?aZ>JsQ#Cn zm+{Na%i^ofyNmO`?!3&up`GP7weM>D+uB)TKP&HO-%Xx=c^I;v`S-Q&Zrlg@GiE<4 zA8P-Vb&R#M_L22x>0{UP9?t)z>zUbqxt6V5;P1V0lok9j8eI|s+}PVn#k>OWFDE9_!C|AZiBet`)=>pt4q#q1*5 znOju*zUIL$W|q*-n63L6m!04}C*v5iwxss`jay28mKZZyTKfUkX<7Z5U2Z}!z>uva z<5twp?8@3%&S^i;c~;ZT((2~T;u;fz%t7+8ow+sL&-_}(vBJW^`mH^|zXPm&oe6$E zp+DPLYMJ2QE_6ON9jbjj>%q(h)+ssOQ2Sx(Xw}aASnaH^>2Sy6a9ouVXey0gRofYPeW>GtX zUG!&WH|@vB%aFA_v@^Ho1fOptA43-Q(at(^$5~f)GTc{wme~@jYk%`%u4G=xG4scp z-@)d^+9Bq}T!(p`ppK)=i_y{M#mtG;=R}@t{h4KOlKR-j+9}qbg;V8c_B7Y)$?j(d zv!_q+*)969`4oB2P(QP0s-MNP)PJhF7_xMZcGlS3so#a#8DFHGrOWg`&HW5nsAy-M zxznxZmDYjr4c39-jq;qK{+lQGH?JJCho#7Mccy-9Wq7N3Gk>Rfvv`+zpXL4@^JeuP z^FCX@d-Z3XT`c|4d6Hv}KF2!#*?CxDmBstCm(}}#cIF<`&iEni=c@l<*FB?0w6ol+ z{XFx2LVs4D^gO^)&AOiNJWp9yR-d-6jQ(kU7dX$S)`Ph(^=IuX{V!DS*ZMR5Mt|16 z)&C;-7n~S`%q=!C=w)@8i9R#h{x3f<=wO}^%j{=vm5F|Krw(?o#$IMtHSS{bSVKE& zj9A`eV$gJn^KLfLzYV3n%_jz3%#4}ndnW6{=1aAYRR>FqSS}cMnS4`>W6Yl9cIe-~kV=S07AXdK&FJWYNEr%wz9 zm_2)9P`JkV+0D#3=5ej{Et>~JmJ=_u&a7WzoqsFeRp!U=dh5mNZ4-mm>*TpZe^%Mc z{GICU*8eW`GU`z;t8D(Ab-P!+jM>BB0qb$SI@!wH!xQ~3k~|z>^%3>npzcT2%lu>N zz0tU*)XVC#`ZIn}f7V`A?@f+hQ!i_E^)h%v{+reRrv9umX7rZ!-&=>bwKK~BmOqpy zGX5X(F#k{e8ME~k=Z*De;UoPSe5}q})z5Cm3~sX@pQw|?PhC%}v*~u{{mga2?B~{j z6=v?x?+g3JI;)HZTo-pb&zG(X#_VO~E9-ohy1ur~j96p#8|&PoK87rO>$+f_xx3~6 z*TkTcb=Fz>_r##(59Y}dE5W3om-(3{1=)Mt&kj~+p5!^l@hp@4{J}g&O!D&w{TMN3 z(;wxZb&{VgSdZBz`P?M^S!2YeKe>Mn_cLZEb92heXfF5v+40%*{I~h*@Flee$uwd`5p3S-9VRvzrwL59r4h*5;e!-`yLYYVHZ*LfB(e}=3x zSk!s`V!ar$&OXK*{iycEoQE-clHDwGYp$Cue;a zv4{E9tj`P1yN2~)u%`Shae!48`t(~%epWcZU~P52X#VVC$U1ZDnAc0r%QAx&>%)l6 zFFXIb)|+|uGG_J__pfI?S!EAP>#OTk`^Gi~8<+}O^}>-snIWIOYD_p`zQ#>~HF z{3hySbyMq@9B*bF>-ukQo-DN5C&tXZZXRRp6LaIthZVNGq5pXEVV(UfOpyQYj@iZH zMEM!B^-c9plAkdLlH1tRpK7-j;WY`LV``#i{n`9sQ=+Cr0dHeM{@n@4Q>d z&-}LXv$DPX40h1|t~^EU40lmK>$|D{J^gn#FV=shJvrXPeBXDxr*`Jstph82*^dv@ zvA6wTb|3r495Wy4&vq8}RWD0y`iJX>Mb_BE%zpa+Q$Mz|%qnXf9jkAD*8%efxDHrg z(?{k}l7}UBv&`UQ>%caa4s>4T4$}V<M5OK#<7F> zqpT}~qxJvVc($|3Ds#t}-#5mw$jq_Ul{IF*wGS+?e4Kh2gyzRATmPjWD=Z&xeyp(N z-|9U@QkecrO`fE8AmIm!8Fn&0PDm_JLM?q`)XR!&p*%*LH=o~*Esxii!^ zi(|Gkccy%dIC{kV-e0lrtg<&bKHIv?>X;oYo+CeFHqSP{zd@Ft*>mM*#N6!aI!`^U zoo_#q<6oO!le)Xik9GF5aEbcoaLg{&F11d{@#WTO&iRAz3hR{EZJk*7opt@0I#_0% z{VZKC&s_4~AP*zP%-<-_-14%*{7v#OVqqS2-)w(aW-zby`n~IzrO0*6+AY>OW4^cA z=fu10GYdW1=aYwR%-k&xOAJP;mu;;4K^|uA(SLsH{U>=?VGm1xwjZOk-)}!yW)EXF zE#N#4>d)Lm+F9$>e?j>k)t}*C?H{vG=)aKuHT@a0o6$4s8Lj`b>S6H(^{~o*=3cdK z3tN}htQ)g+`^D<(_G=OMzipjaW}TUS?TgC$u6AZWkcTAt!AA<$-U&i{egTW$`gNSuDE$h6C zPWCr0+83J~^svm#a^|u4WS_evFRRQgG1=!Xx&P<-vodaS(9Qh#$w8d7v$>g*oIi20 z^D}1i^6J@2I}2^v8L@c<=iOF5me|G2cJi^t))gJ^IN4`LbEnBZQ%pbRR+6VU+0QBD zVU^)7>RZ|QSYmEh^|7+sWPeZLxP7v}r!bxo>x`M*%XwC{&J0;&AM<-#hn!=!GqaC6 zSl@55zpF5A|H=NYLLCP<533wtaFF)ZO+0B^2 zTIO@CdRae7z09AieQon)8}p}VXN^tk=y$4hWbQQk$TDMA&v4!r?PpqFR@l$*Y}ePi z>O5CF!;7pha~HcF*E61-EMB6W6}GIe{W8}hYwTy?3VAkg9+nwgshvf(Y-ruC*3J^^ z4B7Had6ITkuGOEJ-)i4TKX$TqgZ|9jXutF3&5*g9T<=X?c_5XIv-D zJg2@b%=blgu*MqeY#w7j88UcDe`c6#bv|}7$2vo{jMe_K^Rvu;2CrD(aq4FmbFbQ0 zR@pkxt`u|UPkO^=I`1k>(7uO z`xrA@(Em;IWyBgYZ)u;RKie6y%HVC+=T!Bw$nYK4C(9gQzF%F__Bqz7MP`v#c}EmTlC{GNTX8k5x9esrMh|$2xnN`KNho z>wb1HjLnZ_X10^>BlBa#h^3FsZ+q+giTN?l3S$ni_^JKd!FYBtV$9-a=C`9dKi8i* z)>&uEPUiQ8x>#Z#%gpU8|A6^1_)>pnm@TT89n5`Y-C5`8U98vFu6IU^So}u4yINNk z7=G(IVg6sPlii$`c?SPhFH5X58x(?;-Q{JOF>9>MR0x`XrH+{ken&$c>}5Dh!Dnx% zn?>eF6oMW`4E9vVtc9SB+1U#IO+a-sW}U6=>X_Ym7&H}vepZ>^OWh0^&QS>Z7&E)K zI_4|{9W4G#T`V!PkNk5Lf_9b}F+X=9XxdladDO)WE39&Wxp|#uKXtH+m5jO=F}J_` z^A-HN$m(E?;Yjm8K;HS)#R97gMiu;f4eDT#*#*p>b!HA!Hw&yRSO~hAS;%=l03|U;n{Fz-;U5BWfCDz%?!eY*IsJx4tKWnVA&fqY4m$3c}e(pTX za)3n^4p$euS!d9pe^!4Mmb8v6GG=Be^&X*KmYHALelb|aIv(kMhODxW`DN|bQO2`_ z+2yPw>uf&Sy0D#viC(Z^|D-g>aKg7sj?rcj<0 z+Fvks*6nVdg~hVLR)rva+)Co}~XO&dU-bW>=NxWc9MZ zh~2C)I7Pi|V-z^B3sThejWSC8v9vi^I7t>$irY=>&h&%XY0ofme;eNtT1zq zy4JT&tTJMqO=b6QV16uaXnrhlfZ1P~-?{E*7psgJv-Ldl*vR$DQeJbHeKv|t>(undl-(@{}SU_V1AtIfK|qf*?Ot@jW<7*CYT>Xwp?a@6V=NK`&eb} za_3_wE0fHR#mV|#VLUsSEvT0jj{c2#u*C8d^J8JE`BjW#k(p`gWys)4}Y<>G5b4t*uiKg{aIz^dii#?f2=cNP&B_AtQ(8W zvxh}yZnSP}XT&N?yEyMn&ak9hV9OKyYuYjyezPb!QS#PWXm1K zvCJC#8SG;}?^GwdSZB=2zRr8s{QiA;`@`aX_J=h#_o$O0GyB_5)|k87Ivk)sE9_;V zWPkqPezr4am6-#r>pkjaiNQhov&!tf`m@OJVC%$~!5`Imi21R=h?zsJ>!0*zk#$yB zKFm5XINbdHY#h6oXUrm7tJ*vCXPpC#*>a!ykFZY69%+8eGk3rBXD72qSr69P@_=#d zVC87nA2Y|8--GI6iREL>j}0;$HJ-R$0A2RrtVJlGGq@c%slRVY-f0y z{bT-g{r_q_+ZddoUWOcCg@q@akKHVtX}wry^ONd2%lug>yPv_i>SmEGHRof%d~g`B}Kib@{x<(BB{=Fig2 z=J%q!k?V{3Th!0oZT9gcb>40t8Qf_-SZC|Y^8HbM7XBnZ>&(3(@1NzTUo!LWI6EI( zUX}Mg`B`T_OZUtFH~AlspCMyrAC&(!`B`D%A^XQV3w8M)wm%FWaeclnKiin^wcm`{ z^oI7oSYH+%wZ04U#;((&c_l?7vCcZfqfh4#&-_#J9>jhW)#jgV*T6#s67^N*k6-;FT;2~&bhFv{z! zDgNDvQ9+?F#m_B9d9PziFnXp@KJQ_QpUHEpDM2s8t)~Rpnb|fa=wNnR{aNPdSw{K1 zHT_v)FZ0{$Kf?X&V0FhSeph=`P-F9~qr698y%@DyFJ|`AKHDfiKT{85Rv7JVzAW!+ zzOy^ee%e`N%+mhWr^)!kw6n;5M$FBj|KZNh+L6xB!cpp)(>y}$431YXv!`hPne(&6 z`l;HP?=-);w4b4!*)z?Xg>$vfEicL*9#*f`KCgV&*awzx(9X<_ z_9rvS^P+Y}j9B}F_W9(!$9}S0)y~X)_IafHnP=vH*B1+{CGBjU-?}_teOY|a`Z8i} zl=D2KKg;Z6%t}bSnTT~u)u<%#&W9A9-Tg*PNoi$dOe^OnGtA|Ba z*u!GYx-X&sQ~EQ9^Rk1* zzgu@^-gKR;Bri*>Gh+EI^{(vvZ#xeocC+-3bzH^#m}jovIRL_REVA^Wbzz;s>gxE1{bJ#t>SB>GGqH79LmezL_mTNCW`0d| ze{8=Pv5(nLoM$a{u!H4K)x`=kYs>$c{bH37OP`znI`V#@F6LQb%mEe$oTo({Uz$H_ zj9F)HUHQMV{tUi$9#+}Bo_fDg7t5?N|E=|3U!5$n#vW$=rLGOs#deliW&Yp#Zzyjt z)q55CF=CZXzf|u`Q-cCyb~BoJY7lJXe&$)4WoppHn001GObuG{&dV~(vrY~ASz+_W z&Oh7KAY_%jtTVfbakEbiI+$mTMK*70ehgV*AB#;>gWP7;e~zg^Cv)s&o!QOZKj&1R zA7vb?j5vA=^{~X4z0CYf|1rk1g9X-DVsopy88TuYOLIBzSpDaAUgp`$nAvg8JCE}+ zWR(?;9&es3vCduw^XflAJ3AO=oR?*0CdxaXJghQe%%(}|9XZu!IXORjSYT$deDmwi zDyyt9D9Af%s()X?cvcuKFf|xpX+irr#r-TZw~+l|#N1Tl*~yr7W=7l3Y3gE`MfNjf zeoNyQw*QP7Ggw5Pt>j}Tvx}M^^K9N)KZcAJv#zXi^fu~R+&Zz&9tKO8Uz_{c&hY2v z$1;O$<;$8MtE@2Q0HY<%Z#(&xa=kKSKXXf~cYFK7PF7iGoh>^!-!kUMD*G8OtN)J9 z$B_Bu)XOTfI~m6gW`1FQtg(4#{hRe?g;f@oH@~8BEV9lX1}m7~F5217a7F!DX0WUC ztz>?zvci}Hj8-8v9PB3vB*rj`L3m2hKyKY(_YTUBEz-KkNI`<-`jW=7__LDA!9~t-A5hk znjdrPnIH3P+1GqoW^sM%&XBqNoR6KXvCfz+`^&e1{w!^1ehk@sfV{snKSu0jjoFfV zHZnivSYyoQ1NF=6&nl}dZEXJzvW_e=*u?ypW#(Y@vYka%S?1_N-$7Sz&OLJZxh)&Uu+1@4QFr&sGK#~}88X<_JXvJsO#Rr#>~88{$bQzD zJInaptph8pGWeDGo^3n}tg?&Ip3cW|yLp`>&))K}xQ}_Uu%G^A*U$du#cav-a;|&_ zIzQustS4&+%YUA{hgwfo4l^H?JJfr=`5s~YSv*QT%pYwZFOc_G^JnHb^J8$leZ0^- z*umO~_L0#^9+wx%dy4g7c&h7%aasOfJ3d!_X3mqJRgUhG|9tsbV=qe=$bYf(Tqr-w ztTBI){FgWnLl%B5KV#-D)vwF`F?+H7W0ftJ$$yFKnKkyabgBKmT>i_fFUyRXzufv> zAwMfDTw#3~v+x`9`i=Evp<;b2#$RcD88KqoR>blnaS!0#q zZ_WQ|^<8KFtX^;aEZl7V*ElcRS-Vw#R&LY(TJ_$kKdX1?&**Obe=GmJ){DhIS+C^y z&(`ZYv!@$X}wseSubXuvR>C~f7*I6_pJ3| z{(0+lgF0WZUd+B|y_kE&dfn*wRqMs_->lb7tXr?dH>?+Hf45#Y^DXPe=xyu8!aMr^ z-u&3cT)+OTuqm>h@9NJgdlKB=Dc5- zFSB23XUN>`>iov~FgIdaP-n>IJB(wA*;%IrJ&c>C1(`e5HODmnMzV49XlG{LX+hIn z9w+l_XK~at|5mbjETFwdy$enY+E`pzJL?SYHty%zS!Q=~yqxwwIA(#>6}2r=o%Q^>G+R^+T)V`Z}v%0(Wc*uG7ke`)3tsgUcS=Wc<+1q+E z-p4+$xS#qTF`xa_&wNS!3=UL(uY4@Ae31HCJXrmIk^hisK?j3Fr}?>r@oaw7`3|!_ zEFC`0&n4vRm=@$7bN(Zy1)Z$3&fv&tLCfQ=6P6htrJd!Ywf|NAW3(q8D-X*j$n%7} zC(6Sz>x|g)r1PAlf8xp3k-;g}v8FC|v2?0+WWLinK4l)Pu*5oJwmdE0Y4Wgex;(5g z|BU`;$itX1D`#qdR{L4nnLS%OGv{c3PTedqxX8LOV)l9YF12oq+0Dvj_Ui?8Ty4Kt zxyF96$~p_zs;kewvCKOAng6ZxyeJ>L7~J6e%rg6uaSu8VgNN)7%a7Tgm(^9XKP*0N zU0He7y1pX+bJ|&9#N4~Cmsg#SMV4aM3p1a&UjF9%U$|Zve(8E)?knxDX=i~2mRV$t zrR4s){>l9;C-<|G+|MYv|8?_D?q@BzpY`N^#>xF}n9tYlXXRV#$Lvg72EpH*XT+94 z8?&=+8AQqPY}$Xs?cZ)mx03jo$Rr1DGl?dVw2cr$x7io+A4?4#tjL^(9-WdrjoX+x zg1~QUO~2Lr|I(t7cXj{mU%U!@>go6LzTx;EVqPbnL#%X#f1=@cgL%)KIP>)U>Acab zex$E|xufHD5v%c=dChZnKT`hg{@?)jb%>+HEZ?<{xXSTO;&zdY zO(L1!?P^JGWs7q$8}oWZzbC{~BE4SEI(|(gxA*wU{QtdP3#Ha8>%Z^Rw~_aYB%f2x zF4B4DbiBY|DZvuFAnRl9o4>ygzt-N^hhR=0=_+rsr^#(u_ceCniVkvF-3hUZ=VC+5w{yRx}A)}c}F+W!xE-?Hb8dUNt_HG{kx{KUL@c~45^ z-9*04MeDG<6C5{g$^A20-y7s=)LZu7cg!H~hioggFKi2k9lHwX7fOA z?Dv(%CvlBPKmMnZr8FCDM6EJ6>8Ow-q>}=d15sNAvm?LW0IRtZGd1 z+F(7V^CqtkwiwDg@&Cx1-tSo63sZTg8neCFNu=}c?szYe-1g^;>P_b@D)jDD-h+*4 zJf_llkJNthP~J27L;DuV`+@|y!BT>Ajk!@gB9gpA`#Jkg4)zwOh-1VzUg|bpR}P## z%k=%*<&S=>nq1Uwd9R~Z^BOQa{m4f<8}qoR3IF>~-bwmwCk_&OiF+6LE^o~XqU13! zdQ-n*F_fp`{=M~U+>&eeWXGK%IrUJzGbh(?@%?_Yg`0f;`5{@K%<`TejDN}aY;qE}#`uedjqlVi8I!)XCPjFFeUYlO zu|8K0jh`<`s?OZP)>#{--x}+)rq^)EtZ=9bB_Uzec`ohctWUvpSvG#W^ECFWF@BF>|@>dTaBN7T^XM|Pkd|aOulcijDd%3a+`hl^TZE5|Kt{Tea;|n(@)GB%KO|5^3MAc z^Va0;Pvu=uzQx6o!}2yeURfl!)%io~5G>*Glghh}G0FP=lIiu`+;Kr9x8!;Fhw>KW zUC1@x*tczr-9zjz(s@sJe4)5fTqe?a-|QQFY=7_T#?L*rW{|hr*dLpBUHRQ z@;)fvW8%qSd0%k+hDdJjGhJ`vIVh?3g~2XCE$bsEXOQ<}ebV**uX%Gz`udW}`;~mj z>w$$uI`5i}HxlE;79w5mTrbXGeV6ihP34_x%wFO^kAb_g?@3LsG@jRof8X;%um56s*G%PY)ce9u ztT*!u@2|`t@5?_iZ%*E=Q+XTf@Y=Av|LZyw<=t}zdH?iQ<9HdztBN0+wc_;W@ug9DIC(U4e zqg8w_DsSV~XUuEj@4{1WWB+IV!0{KNvG@5^^)s${XyCuxmyBE3*Uxl4t2$m&B)5%u z|%@@A)x@R8KU{7UR6(s|E!+$AD$t$1^q7(1A^YiOQp_@?Zw znFbS;bAzvg8hP(B=5?{63oD&>!12FCv$2bcQ7wKIDDO4yKW7U1)@Yi(FG=3Ep}ZAy zdC2RI#_dq|9W6qUUcb{FUnm;u7aRAsaoM4Pm$|Q7+$qxaB-h_J+UE3)->l;CWsI@t z$@Nhhx=xaMCJ*JQuIbwI{Mg95kTJg$Q$;%OdyYRBqvrQMlUQtBk4eu3N!}5Y27k_# zem>AWvGep4j3 z4_WbjW)bPUKXaTB z$!!7t&~+8cJ2I8GalI}wEN^nXE;W=l`F{I{@<#G5BX3e>a{Gm`+lz~b<(Ge#0&Ykn#%mlHqNUqm`wFdX8Y3zvU`;=U-`JwBzsL(y-ZS2#|#_S;u6zROl z>&BC{ohgRDZoFpbaqzvb!}1=R%6p-4mxHn3O+v7Q1&$^B`6K!IO2v>LPv6noLJU+C3tGD}^^x)Hz-`!WYyxHU=ZhIP25{HX) z-m4vVi$93l#0Mk4dmVe@i-Y+OUBr8ZLwUn#l6jrbc)Z_dO!6MqGa{XL{w4g%zDRB> za))LA`}yg6kN2(oxm7Cf>c(s+lJ}d^c@J`Yj5tShipE+d>(DlIeWvqfxAuNnDsRP@ zTg4qBnbOerqq8NiM;_LeyoS$vPVC!!@HJeLH_2C*XRJJp+hh8^BmODUkHh7>kF~lO zBOP|UtJX5P#oMbtRnKJowif${^gJt$ZxHv19&y3C-|hE}znk^Ho-Zpqcs-EH z`;sw#7w?I5-ejKhWIa!b`9(6{>`0Gsua7<*x{lK8S5*I8#x!nAW<5WMO+|X%Cptb` zTr4ua9vtGlbvgUJW=L+;om}JcG_IQ)^}AhsB+~Wmxul=5h*QLIB0cZTdIz5$)AbdK zL2z2CzK4u?Ts$Mv^?m4gK+Lq%;GDb6IoaE1hxVl=Pi3gSGXr(%w}2Qe()F$4cterg zHe<4W#pLUyAHF5|-k-_$gbpVs9o)iQJib%)jWwnqriq!|KXm=goIKy`qOEZ~*NuDD zxW@BTyZeq2$BT45k>h*B3*u3cJkA=gFZ<0csVV*YPPyHDq}I?pllqeP)!sJlU7_?w zJwNz!-n=}^D6X-eA0*?K_8M2D>s!z9IFa0T;||xmHddI~-!p#qv()r@1$%fcByVHh zjr#T(mUsC3e#!4-C2N<=w{c6)J0tI2sk{fsceprmSl$yHpCyvp1x$ZmH>12Ic~6wL z@pZpZ@5RIN{+N1ezOGIlJhi{U@%T^Wyh(ra=V{1syCfCmiO^g-bTHT z49ol1p`1zHr+-A=U{7B=QtR8u`@*oiKV}`iw{P;!HQ#?<4=)eP`(x@&=grEyth~eb z?e$@Khu7P9d^WCy#6P6=Ehq05sl0E=_qq6LSl$sHr=!IBVl9z8XLfrnmgMUm`Z|`* zTiDn8CaHD!gE0?^UXgyh{c<^vH<8@7WXCT&KP~xxKQ4*~dOeiNyPYw+i+16u;Xls@ zU5>92i=FLzFi((quUC^=lUuT`*~5e2W_cR7FZ7+sxn~uPJia{5vaaK?BAIX7ZEE`{ zdDiju;Rs=Ta@-|u7T1a7`M2Y+!TEhN^n90oKFJ;BJp_3h`+SEn zcZ&s@zn^!&@${R${KkK$A4gl>IOp`arr*!29pka;YlusJ`t3sFy2KSCUGHs60_4DECJb#LKV&r>tV`{@6Ww{_g$>-2Qqn!G2<+gOL!^*~Yy~%qBM~j=q zmE!gZ!q=i?p9i*_ZMw<#CtZWn@)>fzuTABB#F$6LQzD)B6UWKzb0)uMl77E*vB`t) zSEScBdxH0)lc#I9n;CP|CyHt>pstU8_%o76TN1W zx3O~)@yq6errMO0<^Cs_W z->L0k@n_Mq^moro%M9&PlJ`H~XPoADA>?iB(^JO0C|(iiydOCJLL|53{fgLg=wfmY zRyz3q$v(X>*u~^LMrV-sUo*%%&nkn1lDz#J`2KUv|2uCe?=A8+uGfW(T|z7=zE|%& zp6|6Kw+%R>uO~Zs!fafxnKOJ3kjlHcG08eiU^;K|`nEWfchCPL?+8z|jl5-fllSQw z^_GV69zHB@@_x{1LwU>pN8a@HnmKd&$0Pk`-!3+$BCZzcdhc?4zesL>VfuNov3KdO z*Hw8xQ*Yz?ecG7h`hAg&uP;)~_O9bkQ~9#K2WjNn+r<=~WzHVtjqB=beUtT^bJg$H zm&|(+ZOLs(rXT-}eCfx3aJJe~d6zRLsc)@edB-@ODw5ldthrW`uZ4}AiRtULD(?#N zHs-y%G0A!!%=CJmwazS@AkiRj_+eq_5RkFTg2@mo%epne-+8C zk3UpzrtBQ4dS5dpc^v$M>AWLy{zgM2w*~n_^;YEFRo=$+x~MTpy-P8jH~Ia_^|U3o zjrl|GJLJ#x`a#~tt<{*xVyZ}8S2J(t_*bIwcnys^FSUOAy6*_lDbn@a;P_7Qu((eo zKaa?)F}UCR&gkoi2a`X4`p-O{Go~)y73sXeYW}81j1tN3ktW|CHun31p}gtGW$Apc zuY6r-tl#3sEhCymI`3+ZHxS8fQ_kpdna&%@`+ln4R%5mkyNYz)TO9vUyeeuUy)P{@ z_&Qzp#`V{!dXt|+B=x>8(s@5~9IQUQ+#gkM_9EZ^rs|#D*pXsEkXwiW5T`#J6q$?Zh`(E4V(d_7C$?KI{RafL|d zebn)DBDuZC-D0Z^gx; z)noaPmFRW*y+hYo@^dC-PQMi{^ZkdsnW5ubjQNweU!?Os>-aU1+>+l{p3(ZIpI__p z?wHEkZ|oQ1Ymv^IJYUUk-pOtFAd0P-m6Zn?_$QTDpnWiyqh_mERtKYZ;j`H zM$W|a`sS|iyy^OFti#sE?kI{Poj3V8(_TY)llQM@bUl2pUU}#A^`h}OP97H};}0H| z_kVp{ROLO*Iy7!a%Xg|cL!_SvpL6`WXv{yn((9tszI@=m+19dtB0bLy*Y>Y!zd(&U{a@QHZ;CEm5t~KT^@u*1W{l@X^>-auKj1=khTc$kto?QBM zWxm@rzTkKJ(rnB+;+GHlgu&%3klkFYj}H`#;6b>C&| zb>hxpd6U08d|uld;#HB}w?k%7Z}ARa&*g2b?}x^GC1&!vJYDa~j$6dWBKiH9G!$dmot&aaF{vsX}jq5+zx2~b@x6|uTzRPQ=RK0&Q z<{j~#NaszS2S3-A+>+r`>xd@LJB{C0Xy4_#dK-_^V%6);g@gaxuF40&??falf8+cA5y|&cz1p4> z>AmiBZ6>#R)%%C?H0pak@1yj@7b0EXHXC~_B#smZictmkj~RSC_77b*$$GvJ4Bl$@ zyIxayFE-{H@r+34owSM9S>h0}rLQ&t z`Mr_@HuXFpjup#zK0l;ou--nuc-Xiey9U$x%mc5L7x``-s>VDmJ`w4>$?Lz9HuGF6 z&KK#tar=Mg&Hu&g?Nr|9jCoJYzWMj_p6U44;wEvG==S<#G2eG3b-v;kMu*p%d(2}i zmA7t8EY{oN`+3i?N0*AKxKmtqW)SS_0X{wNOM}0!knG!k)}iKiB~y7fYW4b0oGwOK zt5JjNHTyYZj_+jyqcuFMi zuQVQC`wl(6l6o8OuasPHE6Uq6w2z+{Gs}2?V<6Ib{qxGfE5bjQ9DE{@-`lw0SA+G| z{nCH39+u@lUk9tNc%3M3Y)SG|Zb6hH~e`YT5Prn80dm>8b%~;RH#HL~$ z@r^aO@p9jn#eN@TvHyPGx%9TLm#Mry1~Qmws(lpcye*ECTPrse>Gv;+sn=i{lo$#wRHakIC5KkxtF zb++b$gI_0;$8qC2tH}G?RNfWkTVLEbEbp`1daf7WijPEcogIDs;C1%qE8jiuG_Hr- zXTEPsrWk^b-J?7ceAIdkOa|6Q-w+qT!)&u5;! zZhP&u*4}&X^-em7zqUN&9;MAwx>6qIqI)jo;XwU@x|zpmf0eG3hu_dWm-3MMMM2%1 zlZ>-eh}Mht_b`qQ8$p+c1)UiufFEEBm4~wbCBfc!CoBR*$xYDiDg}MsUKwemUeh~Zt``}0o>R)ZgU;kH5zG;7xFY=g>(rwWbU04NLcYZJWB(M`ULtU=P z<8O6zQ@<{#n|raxe5dkF%0u1Ww1c2^|EoNlN>Cm$%6QBlO1CF^1L07dZnZw#+re$n z1ax^g5-wOCg5^A>c*STrTZPRg*bLg=eeC}R5{|Jw+dNf1x|Pwb?wByS%y=D?0j=AN z{Z`NoI>LY^l<{ItyPor%vz7IasY#Adpn}IVP`Vk|41;Gu>&o*2^NEwNl5JkOX#Y&g zt_0ET=<1q^p2*ra+mHGZn{VJ-(7N(G#xKN4$Y-msn~rMi^9||fcE?|zo(qFaSq`|%wt-i8*ulFU{e~(g4Vr({hL5SDqH>j1FPGg zw#w>;(Cw~tZ^h;gXbW0b=7H`fPJ+w>olQ6GGLLyqr9&@lUxBTlb@x9)nnJ}#SxXCY zFC^<<#n(~gqwS8(w@hC8wOQ$o#O8IF2U@poe?AEZcR@4Ix*>NQQ{QI=YkJI4bZxsc z0-Mn=8?^2f1L#x34NwPi%9AG;iN9;y@*wTQX(y@pKA*=V2cr3QA2$8rS<}oTK7Tr9{~wZ zvz77qMC$}>y~u3rF|P%p`8FJzG4Kj#-RGaAO@X&zGU)4D_0OW|V0Ckwddx<2t-pny zqWy-_pmk+_^cv#ogWSjJapF9;Jd`;vdVi6T>M?uJwc!@*T0;jw%3d%0GVlHbal;_e zmX%=qn>Av2-#L~kw|LB70jomU;kfZI6SR(uhlYq-4|eQQ^1i;jT!#=sr&Q(W^&pSq zcET>u=UIkh4-h9o*6-`~RrDl`<2Rdrfo2|a1-dr;f$d*#;nT7HrPihYL|jAAn$^oX z7w%kig6Pr+gPl%JSJ~P%|CzoRLDXWdg98$VpW3v~EJQJ&1G03A_qJrzJQttAYm#akc?TTTHLqI*y{@%-eZ+Hx(zU%be;--VtpMT3$TaTGrC7QmO z*u4t#K?5Nv^IQ*U3jWJI>#qusZ~PrEC55jV$Qzngsr4-QzK9l(+UeelN6#){uQswET|Z znk3rNFSGsz(mkdsx;8w3O&@p~d_=nCH&VZ*689e1x+z+D_Bw}7U8S>><5t01(DhsH z+rJ{t*3tC)Jf^v_%j36QQ2M#(-=}W*D~w{SADTfP_qSy$`%M;ej`MPo0}__7-CltE{QuCak6spfBbDAw=(L1Rpwma5 zn|p$|r$PHz%1xi(BaGiEo##1jEX)I~;~P!-Kn2kCGr4`CNJ57nW&8^rTMmL8*BtH# zUB1em&-I?T*)ScnPm|D+bn|nKw(Uo#zlZO*MXx7ou-OTFK?X8rkyxq{mdcBAO5B9M=o_ zfcEcc_MZm{^4zGto=I9s(DgCvDUZ1UT^q8neI4EeonCT1dyhEln|az}?oxIi@!Kb` z9`t$r%KlOCWJS|jd`NT8D`P0_uhJ>bapj>EXq|QJZ-GM)$+HqpnjdEkfP~Cp9y3(w zlpjkQ2sJ_L$hzcPh-(dUF0%GY{ONA%&2a7$l+IlocQ+O%u@>=<1}6 z;8}O2BkNG59KONvI$dSG?PTI?In2T?A3Iy$tle~u(fNF?>sNEpEomZDqHZAJ6~;M~e{Hbq1k=I#SBO7x|7+Y=!f=pr_R;kjr(;g1bCL5R z9;Hq2nD#ZI>GLJW?SP|Tb@DIyKW*7@vH}D4Id(aMAfzFGZVNUy~ zb%Rqq##=M$uRKqgjosUzb+3^^;)egrd-l`Nt&FY>v(Z}$8$qY%DfSD$$(l;g^|*R# z`Rm4Ha$|Xe(y7dGS3*b7IwAHqKo~^FK9{tnWZ{TT#&nOl4V^$_k2%AMjM+jJ(C0aj z{Sojgi~-$#A8_w;ZX_StxH`!*J?36?%ewpTVY2|1f!5u@{$4l*e}L94b*FQGx`v`i zc1A+-ERXpJU0Yw0Ch>o$3R+jjiCPnv4jn+RcW>nC>iQBw_a~*>ADdzDJZN2cj_Mua zmcl&H{&rWo+gyLM-u0NmwW9v6!RA{iGC5Xv8vAo$9V`dwuRaMhukKz<3n8HhsHc^C&z6S~r*d?_nS80<9bD z==dw;ms4@Vhpa0_*M{QRTpOSs=z2SjeF;;tW812YXiCWb$Ya`E9rfyc-* zXSRMez~)xC4|KYnWWVqR&F`o^@`1JVQR)_9XBz*AI2RH(=8S+JjEF zEcPeD9FS|rsm4xO%*R&==}SFkB|5h2@Day_;4{$v?PLE4oCJB^pzg&^`zhtbzunQ) z_od0pJZ78n&-*s_2G9_+f6_mDfw;+_+w~EPo%T4eoN*DZ?>7C`aNJfn4%)xb(`ggo z19%r?-b0>!68}ogcIve*&%uz#R6*C~cP=)Eq0&3Cx|`YG3590Rp0JhtmiOP~Gd2vh^{kGX)qYlHOP8erQ9yhN6Ae(=Wk-?Ff)!LiA%VKa{J3{$}$wJY3WCUcfB z2>ODIE7|#-BR4qfE#y4^ZErvGM4mfyWzAx2R={TPMRgf>UAUg6M49SD!(}g20q_6jw=g}$RI<%ML{)CiwW6yI5`)l9_ z*bLgIjl5`6G1Mp=a`n)gY_>_X_m-dy% z9HuPUe7XKS=IrJ$1`JwP*0(n#PJ%p_;8){v;;RH*{<6_6N?O_W^k!^3z&&xgx$J)r z5`JTwH=I7r2q#S)Rp)v&!8yc)HdC(Awf_EzP15`Hp+Wn5aPDCvFQQ5LF*0= z(2pig!Xmb1E7Nv?O#|6V`_n@z86j=E$2_Y1{RErMP&6l2cOCm%;1AdbIrZq*1s&Z` zH>ZBX*A;2ivyrB4}N?Zx4LLS_-HGZE5GEJr>RM zB~ChY>Pb76L_LxWNMEl9Zv3UjNf!3`!pLqai1x-Pozma#lif-B4oPNfwHKP6o z_j=5;O1C#Q{b3wv-7xzP1tV@ zGCy~`JmrY-qD9J1?t9wtdq?mfR>~3d%6*UZL88*J`xHA{zdLh$H+UTMdA!H|0$2tz zf2aEsquuM)2HF;T9%;XN%ma0!`MDXpFq{OfJ8~iSd@vm*f!6iUaq8i_+*7^k_;1pF z^O%>=wdHRmHlM=|(7M4z7aEBFQ%-+)o?jT zyOCPOEhkGI-KELV^(MK0c+BPKT7TPNBhM5K1+CkIHexMt-#{*Ce@DCbC*w#1o4)CP zvd#_NvTnNU!N#+M>jY@sFWCPUj=+A9=eq28`l#-Xzj7Zj!PUt)?lC9O zGXC%0kFI$$BYtZN3#*%6Jf53ff=kZ#E*X zB{T)?@B9S$mU7Bt7AW0z*mQ(mpmis)FX1h=@;xN2TmDj~Ug+|Wi|!t!I}f`xumQAg z>1C90s0}qi>z3W_lw+-%cG_c#T^}tE4X|khZ9wY|WM9G%wjZ4ztDEWi8}r=fKOS=p zx;A8C_ZG|m-A|Kw+GWJ82HS2)8K|}0u?(TpM(KRcao@srpsD+}-IMn62ywRWp2e>Z zVi#~7=ubxbmUB-B`n)=_FQF^jdqAgGaItfr7}I`xyyi=EZMk^{o0nlSXx+sZa8AU1 z0qa2PZck8dGQD2&x6<8?%`b2iwC<&!F!uztK%QUGx_(}!FKMUqH`C`e*VK>ZZ$s>w zK|9d8GVk>SaUSKuo_z_GLa~}paxImRkIp3xBL9v2BmIQhAufF&P2ZXN38skG+=!h$uLc~S z3e7>Em-Ht`5+@-m6kAT5)QT;C`R92}7p40KHq&7qXx%M1w~@H*@D1qlm*(CF#FT3u zlzvj_?!zV@O0104m2v)5;_iYbao3xUot*lubpyq`W+J-w`j~;;NLUTp-y2tPO@N1> z8)$!v^p4)Y*>aO}zSkU7{$^t{6BdKk-9{hlYvOjn_Yk9dyVFnA{w81GHDzyz=G*Vs zoPzUL$Lik6ei!HueL(AWOrV=n!fUQmy2G$}9!7)qSK8g_#7U6n$`f68wZECkUUMtD zw!XiQ?Lt@*rz`E;HdprtwzB@Y2!!Y#+H$7*37HpqO%HT!_!*mnkPluWZMm0u$-juR z*NJ@WUc}Dkw`UFW+i*GP^OSk-KEw@!A)xDX*u75Z>tEJIUNa5dfa}mZ*er*Cz#sLe zaQ0f-O!x}cgT7DAIWM}NmD@-sl<}JMhEadZf68?pt_H0u??vuI+(76L+TSB?zgzd; zGRk_*%jgE&Kl2JUvtScwU3m_^*Jr!~1D*u!Z=d&_ev4c$Q<5B^^m1O4kFIT3W?-`% z{sOHl&p|)7j=m;51-g6&9x6D_l2yTLPBn^_qff9|52rxu$~eG~_4M^&7--$&4IN!w zjsgL%8PhnbyBwQ!umQBL^f!H-g7YSOEC%~#6bLD-Cd=RoVqy!sc!?SQSIpC<@zclw1o9dfIB z&7VqlH#SG%1ZZ7Z_gP_s<8O7gx}52HYWv-xYF={zWyq#O9c)tJF3`FY*`EQ+VF75} zv3^+mwU}K=-PUG7#sgat_PrX<^3gfh-(Trf-VnFy4U4-h}d>J#N^>5bZxjD zn|t7K@Db^@D}I?5TtHk1w6C*hTP5UQ=`~-g^WMR6Kf{Gz#QJw1`+eXUko!bku1+;7 zSPwG!!1yk8-gB^90joftx8&1S;v~f1-`jkOX%A|7jsGU+c=>k+w!7gd=<}BM3|{;t zWdQVfAGha?PC2D>HODoDo}hJpWd9(TP0_Yl{3`ok;fNE-DPGeL9b0bdaa=0g1^PTE zvp)+$un4qIE!q^ker8|mHKWnB<>q^Aj>AW}vAT^mQxD;37y$A<%_qsfvd{a>-ZbZV zbZP&mM7-tiH};ymVAS8{TNtB;fuQ~Ujs3r%#5c^lfLxdQl;J*~_pE0wDcC>B4SFN* z(y;zshfNb`3tCswVFqy_SO7X5Mkg9qz1eFnY!dZX?gKYtw+FPYy$`Is)wvJUy1U)> zU)Rf&re1S}(yfo(O>i@4U0GM#mN*IV{T^FBwQd%=H==9P;T~)sgkEvFFBav#)772B zR@Zl{tIK^(s@JqdHxTiJbHrvHYyjCloN zIzea9x+B;h0}^CiTq1vUI%G8Wno&x30=93#4A8przP&JU`S1&9-L`J~uXRH$=)Wl4 zW7rhRW2^$SuDn<1D&i#Ez*g(p^wqjqw|dPorP~x6DG#^D>B@WG?{;@L^qHDua^ge~npwmmn1^yuJFR*=a@pC%YU)($oSmZ&fB!%K0*0+9kxy29?<^D{QB#}%>b>rn|nqH0iO3*uKZieak+39w10Bl zt?@l$YETcfR^Vf&eSgv$?QbOC;We9;fA?S`=Pm0EIqctZBIC1}#M!h9VRr~S+a5m0 zZ*RaP(Ee;?|3{E;nC^M z%5#POuyc^C7m{?S#YxUm_u2ZpOX*#_W)`|O6bn-(p%P$j%cs9S`%R%G*fJ_<5G2ne z50*P%df?k{eM)~Bm}HYNxi zz#sLm@EZ1W;b+(Z`n)^Ojn3oS`jpn!Yc9Pdsw>}Xm2zeF#OliPG)0M%aHevl+rbdJ zbwEFc9>4OT8RV+%%X7T5GR+ zA0y>{g6mKS-3+DsAvS9u7qo8gU#Jr>7M=&4o?-5_q>k$P6zuOcAFA}s#YW2g4z^lX zp1bhvb(|^6R{JZO5_EcI4e**TlB9zHu(?TDQ-GsKIS$1lx_=b zy1*#Vy0Wgb$UfR>r~q}_GB4T8ZKrQ6IDVV^gx8efcZzT%bj7AGj0UYMy;xkOX;e zxYm`tlc04|hEp%lwV@w+gJBHlc1HToONmDPm4Zzn!ym=Jo&mj{UPJo2CaKxKI^z31+D}c54G#VGVXTz&ywG-I)B;(M|n*HbOY{wCv5sbf6%(}9?PD; z^V|T8fg|0i|F=5+j{3wYM;}~Cx+FP5ftS4I5#?{8!}RZ<8fe`W>~Da>upc(!*qqlK z-4UA$jyIbuuPNLj+OFL42lu^jA86gD*dGP2fXuV#dOF>`{*NLZ+PLSPi*8M&`zCfv zU?phX0e^B23Nzs?=s1u*Vg}a@?p@bi>&!psc02nGuUVmV>mTL$DCh`Uw`oo0#fh5& zuY)dITiok*QT(;_Km4ZGoKU(8u-OD#LF=|W#vCv_4BbGd!zs5sXn%u~X}8H&TOQuP zW;T2dTKDDStW|;KumJSDM)*x99rU^%lkGK=m2UkL)Ng18T6ZG*GhiOP58B_w?){5? zJ|jp+?I(1LxcT@6HalStXx-v}@!lo45~@IqZi4<`{xmvzEu-}~1)GM@6148473mk3 zVBI6}ay`&(ON(+&f9s~6(Q=maHrE5C`xJIrup~~m$4TlSOoA+s^xaa4z8T}3sdb$6 zm3sWR+aFDytnmy_Li}~yrh~2*Y46kiDqR`xeHZ)1ak_TA z_aO1{>wY$Fcl_46fw^9Dr_w!zU8#Qv5>AlfL6fBil}9%=4OBt)ulK3!ArL254Pbx3-D6 ztswVxy1s?obkOA?^pV%xmq2&NIp`iqpqsqFYciE?VK2|wKn2kL%6xxQ;v}?WtNpd* zLHnDt&}*{Mwdvain>*nl(7MOim+&{+zd-9ANiZIhxtMQSDt}A)$Tzqgw62ujRN`7e zeEBW1!zpLl-{2DFL6okn?`n_jy>YsBeb+?dDNgb4E)_`AAXw1__N#ZOJ3<^EZP-ivlW}4A-S+8rXMZO$E6e3 z5A-#t`-;L5-p#3ww9sg3+FusM3Ek`prZUKA_+Q089>!r@~nCeg&qc zV_JU@9gnf?Yj`d5igt&TkmrzY!tQ23%8o-7cn&G>DeW?L)}PiK-w7TD?T;FSn)`cP!3AyO*Rk}rZugNZIH$-Ic$~u=xtMgU&Y@&+r%bm;hV^;;((KZ@gR1biU<$ z;WZ=CwV@_9k`C9gl_a(Eh;kjdfjC=k17CX09P9$FVH18!gS$ZcBkxV>Mw|qB58{OK zqz&n4%aClPe3C_x5JLB3rTZ|pPr%?f-AU}v1PKe-%6a;)quo&R40UQK-A!JzPMzmU zY(9stK(}jB|Bn%8&ZkYr&$^d8zV>k)%+2+h-_R)=`OB=akmKNT(C6Ku32VTK8w~y7 z)Qg<|YpkE3T}v+Sv}OY+i>cp#78Y1kEAtBd~cPX_)Eym%N$r zYIKrap^rIkHGBiwzrWcpasho?n2aB?{-k?%$G?H@{YXst+d})9z`x6}|G)S*-t{jN zom8cB%TuH=8qMN#WW4WT;s$|k)7Igegy1)fd#m%5`uhUMz6AO_<+?BZ2?_DneMvV7 z`aE;c?Tv0AVnKODZzjAKrz`6eb`$q2$oPrQi$*z4{&rZyvj(nC=2q&N^0#3_)`ga! zT>$N`d|&Dc;v`(n_H6H&4s4^Jt#s>Q(*jz7)|GNSlDN?z@88nxSlK(H*X$Neuv|rb?+<5dxT&h^aq^|>*y1S{y6gV-}L>_Yf5qru)0&RnF|X*>&o|> z3SZUx;Am+=pEo(Hkd=g9}XW-Ge3-*PE76`+yW^LI-{{<soR8Z2G&YI==&lyrzQE-GSaAC|WjF zH=X^5U{Xz1dUb9f?w!M_GBe);5?!)X40txaSem&nP+7k5hVcF<@nLs!5f7DGm>NWcl z=#Ks$bwlVD=9+5TqY3D}4U6M+WnSO_aeqSmdjbcz{bPMy%RJ^aRnWDeNI9N(Fm7*b%KKC-W{~0{Nb4cje_URFh%Y+f2^XV=2-vbFBvK6f&7?nlK$)(tS zW8g2YyUM?X*sO%LpxaC7hwXIrL^I_i>tR%S?cq01d5^gav_Fg3{|t6R9>~2(`g8`B z@Fy=pdgY(?n%PR%R{F=h%D&TR`i|cUbliC*crVc~4Ag6Q^D#@;B)5nV*#I zQEWUF83P1WZVJizt*eP^0J>cs;a-cxR|zRz-lwAUQaQdgv;mdRg`|DHFHTGQmxIpv z9UM*hw5)r7UGuZzSBz(d)k*+SEIfZ>@n9^N~jrh9}w64rM zgo%?7->&KWx9Ofy#AjYn>9-GCDF^v%b-E9xu%0H)rh5pxuc!+)Bn2qbPy)1Fb;?f} z;;dahc2oI#w*4#5Z&H4%vDN2sBl}H3LJPLm-kyVO=aR_(o(GF`b5#1=hK=ZUW*e_N z_$<0|yKZ&!(Oskb9ggh_@OqrCJTLVLaciL&{gZ)LIO~u*?&sR=wl~_}Krx>=jjpXn zUt_lec7yg;)pbgY+FDp(7IATJGiB9oUT0g{OCF8 zW}fde-IVSiSNEAXU1=9yItSgr1wQkn(zWR@K2G;s(;9;;#Xj@3((Q-sV0bD{xBZW- zg>!Z1v(@7fww>3y$z^^++$SZIx2o|WwG$@fXhj&tzku)h={ewM(Feu#veNDn9cLx@994JQItp^gAAo)0O_gFjrUJPb2RGNGr*C9*W*C>-8%kbXTEk z!}HjVgI7W2w@<#q@iuXij#3}xo#hgORek1X?1_qm_c-P&2!lS~&R5X)ho|8&XmkVj z&2^o0oa5fxNq=aYs}sJ=XUg3Z)qM$@$&dq9ms2a;xjMS=B=m<7jAx`)am)9I(RB-U zTsd6bXKq)zOR$l06Jo1%rM>u$I0-+q)$7=7-fMqDSNbB~Nw(>bkB#R_k4XZn%jp%a zQ-iVq68f-h@d5sNd8YigX#VK_W=4w748UI-WL$m#c29t)xZ{Nd-Vd0G-3aV#dn@zx zL$G-otUs6+w)6F(e+$Rh`fSfpwz_=hqWhXkzZcLG-LY}H6WPxO3Gc9#@@?n8t+qbT zz_mUzU7hE9*hqW(AzR$~_dNfi{4FKUjxT0mw>W`6YdA)q=ehb5M)%VM{(N~Bf6{9E z%y-z?bkF1XpJ8vDKZR;C=Lizw-}hzHN2hyQ9iRDC>6XPdazDdXpQl`pQe0iR9!Y-6 zbAO`_M$4C!UqJ5lQ{Jca4 zb}87|^hxLVUXTI$JY+oVS>ndS7?AQK?+NNiyR$pN{FSNaGj}L|CSo%kW`aHsc|Z3e z;^aCa?RYMBy_MZ6e)|fx#M#NbV)0th^Uu8AXNF>D+vC#wRtegHK96tN{}~Eh#n?7m z-S0?W8hy^ewtG1@_>6p8-Rd^Lt~Im)tt;=_??Ie|`1d&4@}t}N^oESNNA~xCE$`-LpSeoe{mO4g;RI+qSzmr(N;KU<*fqi~;Qqn#{B}RQ3i>=+T+7@r z42Awsb}-M{JnNjtVz-|r>vQaNESvX9_d?f}lTWbO0AGUE9nK#G4O? zg7=fC^OW~_m%#24pgFPaaO8d7b%?tGY#K?q+rqV6LMA#FUm5vtsu1*-8aq2t=a@-i00Qx+avHuzT1bNW23jK@9PWm0+;cVqRCs>zS`pi6a zp8K)+9gcv`Px-#iY2vJJLF`r~uuH1*-*%bUeT|*1f7z=@S8PgxJ`YKc0C5t|^nMH; z)%&+Rhtb`wbg#hnMz}dncLDn=LBdA1_IzwxA={Yi4U^Ny&?U(tLB5moHFn>C_V*xZ zywlZ{`OieU`Z}MBZt!+z5k&QfOc((h540PKi&>fdR_gtP|%t5y|y0$z_LQl%WJ8`;8*k1#=umQwhx&K&4 zdsX}gC;xPLNV&sjMx$%nG5MCoHtfCw)lL+WdH=n{{qAZ?n-e(XF#%Uo>b8V1dT%Mc z;~ej)#~M4(`PGvBcF+%c!eYi9+FtMYSJ&0l*U$XBd}af>HatdK{5W=lK(`k!5dSLJ z{13MEnIBxcj-1eNj(-K-0egNNo>cuh)=0t4Aou(0D8JeJ>BDdj^DD(F)Pd_3*ESo{ zIj#rv2L1P?y?UHD`}Ylhw1%>iewx@l6=xUUPYYt#K-oRV@h`&^uzurq$CxBb41Zj(-a_fKKPs`m{T64@lp&5&10XoZ8hH4@&RK zcpf_T`tmHtje}1>mwOoxYTJN!>q8IF<3YJ-iKcG|MC`7j4voexsp=M!hkY!JJ>%I-v8r=Bd0 zvy=YuYGs#+-9HKJ)}6&Jgk8CGNi8Sja{M=t7iU-O64rGRXZ;LgS2I1D&p+|oVJLP( zY<@Il|90pJ_sX`4`L{n*ex5TfqVpq%8^?x9w@oG5D(qebozF54w}7}+An#?;_cOEH z{&p23Kg1Pk=zLE`>sD)DaJ`**kn0AzHk8J$3S0}i-h5u0 z`G4a2fLt@={arE_85l1|F^<*4XC|db{u}vc2*R;UkPTBU~ z}zK`8q;>sk6cX*Av~Z}R>Td!L)xk8x6Uo^N6!={1$DuBUR{UrwAo z&y)y7)&<`Pa{(Wc6o$Tj_SirWf=9 ztt;a;nZ!wWj;&5V(Uu^(b{;xwfY0nux-Vlh5jKL>Z4;zF0)ydE(7K)Pb=qa^Z|Di1 z$w$|QybE~FAG>Lw(@(w|cMNR$r496%^X`w9lQ|r}2tEewkBpP7BThp6`eElRo%8(n z`ZvgDsw&-0uI_hny7FG>J?EgCk8We7dl1{B@OPZ9+;?BpgmtJ;9whzbdM)GqovB;m zv+j51u#n?UbZw}C&9zV$yhPe@Rbhx&W2Y1lol z?AmaAdw2kJ`ylE5JaOZ|{!Q_{HEp1Tz?1ZE(XsXXLXMxxv9mzupR^B)iCYINL6@hD z1nH55?n33?CTzCC4$%I|b1w&pI|8;$iGL&9_A89emrCa(#}&JobOo*RSXasyaXUfU zQ$Oh?I)T1CbSCGS$#^F^wm;)-%6KW<4Ej9fy}yfy+W}iav$@;av#M!*d7*4-X**(s0 z(w;vRXD83My+oW%(=c{JmECxLlX5mO&QAIxGl{c*FEGMqUc%0%+Z=vd0mnh7o6MWM za0}0>!c>rSORevu+nO!T`%HAY1)lSn*-CdeHbhx)~_%hI-c=y-dC~LZD-}aZ-QGyGRH8!sr-|5VRGL$1zTNSWL?-S z;;e7E*d0@LAMo49uo5`bmNWk`_D{iiw?^|&&TD{M--Ba)=92ENGh)Ya(q30$t97JZ zZ9-gY__xd+rho6&%VeJ6uc>t8`?Ys*?EP^%avh&T+!B!cP{X{ltPO9`R#K5bzbUA6 zHgen+_zAQ>@?6_REoqBE%H|r{V$qr4>I7c(nfuYP<@6ekyAGOw{3W*@7JiKV!SFIX z2R3~rjV8JMLS0USuhGt;Ysag<%^=zq@Y0nJ=9~UWmRf|KSPDd!cK?FW4N0^IFHI z=ZpB#khq({)^*Y9?Dk{Ln?4g#I-NK!9VSA2zWhyG@@=s?)v}$O2u$>u14^ek$K46t zKF0ccc0H}R3RyHDuGEp^Ow?*dCL&Tt_JB<*mgGld7>2Tia!v&zOCo@ z-Ei6MvFZFJ``>}D4ebouj*pV(PdMr8-|Dn8`h9HXEuXmoU0dE-W7iMf2Y=L`!tK&L z=02DN<3L|GQ@0gtzf#_2Ju133e2b0L&%JDQ`ylo6FXC+ZHPd}2OWAquARVC$=yaC) z*oC;>AZ_#!+CjB6OL;E?LhlCf&I5(0n7z`|98Ok zPv>XwU7soapiOnwZemm9E}nG*?ce+DXv?5Vd&VS5zfe8rUb1?B94F)~V0=vJyw7nV z_zbj;JYRW|IB$n&9!fq;aO+=aA@|Sd*z#4HNfNSkA}H8=y<~C=zbQ<_@?YwC;QCFM!Wr6{MFV&8s@PBi#F)`(4 z?#Jd&I0ahw>Q1bWgMA+&*E>X4o+H@$cyR*mopxs(z7ErgJ3D>^t|qF+A`<_ zy8RfD=cHiP3f8mth^FUwj+1`VM7G*L>F2&roP;wySFFpm39&v8T^r_OEBBo%*y{Q! z;~d+Fv-LFxyGNBjKk(ZL2;LLxPpi%z(*d4^!QgL8zp9;+UgQ5L_@1Kt)jpH0{P_o) z-_y0M><-%If&u#cCM%T-1 za}y|S9qSpC?oZh4hd)8<+V9gAzL#g4aa^y@Zse8|J+6?A?je<)C9%5%s)5!W9$=jr zagV~9M$Y>t?e{%N(FB{R1qT4gUOc-~oC7{@`^*4sC*k#aSSt=5(2trim};UWI7eH3j8x_;%O`?u0v ziS2sGjnggPoqUI@;Bt_*-G1X>ubcl`H?-AfO7*g-$y&^@^l!1d9(4OD?~Q0eob@wv zo6lUU?Bu&ME%^Oz(D@+m{TobN{C8*Sx0BQ$t}=8$qXU zfd0fSJ(%l+_MqFpw5bX1Pj)eHt#rp@^ES){tt;b>xx{@B(yoe+v!t)LpKCH{EbWV* zY_;RP<|m)|MV||WzAX}B*UKuYuMw~t8H0=IT{+#Bw$oxjnSbwBFE=imOJO7$P zIZF9GaXAX1Tl66}@z`8~t>^~WYJa4^SerPTe<{0tCV-tCFKEDTw?YQ!^r_a1vJ4%d z4Rl{fUVY@Gi&++3$M>r1Le^f|J9KS+4#Vbkm;zci%zi$c*PF5pvMz4aQ;u$ZH{Er8 z3Gerr=IGk%MKU&(AQiOkPWJbM_aXYJZ1ueOns1$QqTBWS13uG7`P&q`JK-VFy3&9A zfw&`Z5Tw5#-x-l{_K>$=`3wKXI(u|&kaan7eXHCjHecjBH#Lc~$bA{yOFcr zqIR5}^gDyfE(^P9>O7kBTN*q9`aI;jc|Q_&0OUK0`aZu%u;6)^-&rrF{HfHJu}`Q2 zx}Hn>(vG;h!Im+pJ6qiQ#7uNPQ#$DsP8rwj6{pij3N2x1oK9=Ey$hjpOzFJ9aZ=vL z#_2GvYu+U;2W;AkKk2Sc%3+_mppWyndLO{OU`+$ zjBf-avam7IQB#^21VqhtNcFe0=K#092ha1H*~-7R9Cr`&1%2K!Z~PK*6X2UrwEl`#9(@+s>h#P-cct?0 zUF^2O0nq*pd5n86m!}kI1PK@U&0osDo&%}J@EU0U zY7b%^E_8u*pv(5g1owftrTyl-hn+tm|Bk>$*2#=!D@}lHhh?42bfuSZvEP)(&eo6F z{3iEf%h+mvWc=Ve;v_8p_3Y(1rHtQPqjZ17c0c?Xrz_t@sx+8uA*@V^9Y5Hfpd4qG z^_%;Z?)BI;hmN5Ay@2t{ZN!~~KS0W|eeX~8_D=cJ^FDz}e%jM$I$St}z8|E5)|GMQ zX~Zpon#*F#b@`PA=Zmuge)E#j-HqL^a2T|%?XMPklIKKd$8~+4l%PB&SEfFrYuoel zv8x1^gVvo*nhqjv7})d;aB-0`namuTY^6Q7{qpoGey$18ba)-R8L$Yn?l0^ghT>0g zodBsnR(CvYujuM_Evu^Ee5U-Zip|x~6tu3)$G<_`hcF9tI%Hnzq_6Zlw?#@K^J16z zO`h_13pPK(Z=iKko@Sg0T0s2!r3Sj?LHnC=h2QK$*Y@l0!!84cfYzNxl~_RBT3811 zoL_onCw=`Lo$+nGZYis}-(1))s+)_=&roP+tZr}i2f_0&0;K<)&l+_}*S)N9knP`O zzRkDn8h&$`(#^qU5#)mQSH8zoKa+W0XbP#7qWy;BZu!;omiaaP<_2_a`ylTDT(rP?Zi9v1tH(K=<=Ii&u?Bv z*R~Hcuvq|$LF>wR=pNz@Li{?db#A@T_j#e~{N|WShtt@dKY}q8(7LkTqBU`ML4o&_ zc5vEXy*@todcUcV!Tp0h)-B6L{AS{A1)1N}<*b%lk9GQn(LIH(O<#Gwr7gA{;&czv z7CbP$FO%r9; zo!=gX!Jz-XydU=bQS`aN+Df`icmIB73%|Kn>0HHejiDoGoi*&|!a>L(J+`!R%EU%j zC)CPshNBaRqz>ibdDfRe70~72ZuTF53@FL9NSA{=w_T9$@=S1ba$EaN3w8ZTCsBrA z`!r}>dp|B_-8e>{t1Sn*KazZ#-%P+?TW)1N^|NTc7N;xoj2{xW80>SL14=sgRR>&u zb-4|p`=LtD&#?Ov4uDQineQ+60{sb)`^x%U-^EXJpVQAy=R5AX%D*NY*BZKkK5u!S zQx0W|OHMkbEuDn;FEpZRRy`bl-%XfpN3a

    >wx{&sy)sC1M{~Xe{e-?lC%#lp)-`b6v)!cj zf$u*pxRLwVr&juB9dE+z*q}3z=3dJAwWvSpZN9sXec?Mh?c!Fqoa*NxvTmY1sO!bU zNNhHtoyL}Hw(*8@#CG<4vwT`~UNios)`&D6~sAKF}gV{_KX zI9bP0b9eV-9|%4(;r^@QqxH6be2n6u5TYHogyg)uMVxbMrZGd?(K{ zq7JBle3rudC(LuIE8XW~Ch|9J|0{7I>uS&NxP!47kES8bJ^3#BpJ)!sMTT3`uBQU4hM7^cm9J<5?Vj4oXE|pTIK=J=uS?pOb$J0_v;6;ndspJbx|s66{OM z-5S8n8pU%difi8AZPIPLk89Qu&fqf>Dm_!Y-|VECuYU`7yyDKmb^-d<$9?v0_HVm~ zJy}sZv~OKGS$!JoXh^qQcmHCYZh7Nb-=nzJ-*MRLcqpsC$qz=PN`0@q<-&UjZSiqO z+{^O{=moTPQ?=;(#&@u&-NZo~9vn1BUET_FBD|N!=9{diU!r6IkB zYA<=rgv^H{@~yh=oT?u62(!lFCC1cZqP3u~6)bY^bxp=wE<*r*96Ma8XZm4*BX7&l`>|`@ZnM!_u zTQBN~NEerTi;w&H$XFTda;NTaxc>dNt5XN_*qRfj@f@M@cQm%wEEaj($2I#*zTt9* z32lf7-bQv|oa;x5Pb@2cfxosXM2fW8MZVKB$d?1yN_{Z4M!zu&wUu`v1zo|AYY zB9ANXC~Q^}v6DFJ_$}gmKQbY4ptC=-KOQu;t zs3X$(tjd@J=Rfjh(4IB)@BRB$1@xM zq}xp9IpJD=&Hnvn-PZ~q_nygocy1Ic7xNqKujNkUYnyHj&noD*V}|qLgo2 z@t<*s^-&*lx#gHSi*{FC|28;geDaIW&)S1XBXkj(J)P&zPh;+lLS%TMfb`0LIwG6k zhVZF5&o^9(T{mS6p@P> z9eDlsVf$~cKM!7ac(y-&7mZeHKy8usb3D(aj&i0Pqx&Ho>iJa3i^wpzHecC!(Xpe>hPzfJkiHAaMtc@e31me(GfhE0>lVx=iZ&AprRDd;8i zG^&}(bMKv;db^36pDyHixjZ+{6JO|cFK&A(_HT4O%)IMTx8nR>2v+eXMdv;Ta_#JUXpaT9P4pN z_6nXKhimhheO|lb$l~!(*7pDuz&+<2uiiNd-q^?DrHPN*jq~2fgi##ZKS#a87`8$) zXKZfbqZiM8CYr{CP_!x{ec;-BHXa)j57Rm7bUWi5_Aqg|uX8l*qrabI^1~DdD|zon z-lS+ zE8d2!<}T;?uRr+Ag!s|LpU*UG6ZG?$$sb2#3|yOT&B%kMjjV>P<{ra&2H%-*uziCj z@}13R*>G0|a8El-ZUNl#jXi(Oymcd(O%&JM-!u2Mx_lTT_s_3*z&<2h1Nt>7>mrf@ z*X9Q^jy9@?bUciPIUboXk>eqsqlY^fu5B;OeP?^`S#w+B|97*>MY%^G#~fxrIX3mW zjo&P|OI17^%-=!yIL!6eT+5;A^=!E1nt0{yU|fGZ1l2pHyjg#9;HJSnRQ#64-x{i3 z&xL#6f56Ry`yt%s(G+p=LTU0tP&^c?f8kbb>a`aKi{H}3gRXxI;9dgvNXKs>+zJ1I zzeR9Af@|xY!-)r7@5m<+sqsIjU$Pl^8_HEjG}^5n65V;0i|=C(FZ3x|i_&@iZo%1c zl0kbhhxxnzQSY8~ruQ6s=nL+r!?nTgD|R~XPB*oI;hOPTvv7$K04kjH^v$7Sf2mASj9=s*&_M{Mey#2XX7&-jv1dH%hA*`_PVQ%kC(Ig z%mlOFq8S(a$I&`I3%-m+vtAM4_${kyzbOrRgQJI{Q~CQWh?U(a7}-#Ce>*+ zc4j`|A�mlk<7VggeiwER)Wo4L_Ih&Ueln1+M`UJ%5|=4bQQ_wZW$U7XxaPIsHeH z{(11KH}~p+#rR_8mEQIFxt{ayT|dn}HHR9X=5AyE5tmz!YxosgGw!eaK=JE8jq@hR zgk#RGEc?g@wUE7jrrnFZmtA&5vCh4<#Rbo|Vs9e)UWGhb)>&GH@34Fvf4Hn#t!oMyuN&Gj<{z%n==qb*4L znKYJh3TlH|AmiuUx%kQZD4Ni5H}AREeirSDNS*TzjL&PZ{WpGQe9t^3JX`-?2j?%| z1#mM*?dNNpe}#6Sm)AS@Z)|y*@0O=qDLntD?QGzrn%+46>`QI$O>GpysF0VmNRncs zNHaUTDGA9+k_uBoCEApVqE$(#tVAI!iYRP~QehF2{wzX>7NJu4f1kPcxM%K;Z8tfe z&#&8=o##8xJ?Gr>cF#R`2I;CHXDjoR7T2_aJs)-U%`)|h^KIwf_nRi}XDHY72Xf)g zhO7Cn;mAqO{-!5!wEgWBO_A1orlDh##N1@^-*5w^U1WvDz3cMo&it~E`x2i&jWiUM zCccklbBp1A4>vPrA<_Y!)~^wcCcpSo)r*N=iF&4&9fzI!G4mcjcaa0yI_I51nHa=( zN27dXpZ8+oYtXl71Je1KRh++GpJOTaI)A9;X(4sLhKyh7U%@rOT%W&VYy7KB`;-rF z6uh7d+zF@pUChBC+t2qJrpi%#b}|~%DoOIGL$=edXv@^gy-#k>^A&Dm|3tW^Kim#G z-7mM3kNeomb^qRXTi0Vv!g>F=*6t5y{ziWy0XO?!a*N^af@}JL7s0zIQcte-ai1l= z0crSwV_(|8L8}-)eCxC)njWWq8ce#qwLJf1A$ z`RoBSXBKr|clsEeobphbpuG<4>LRbfHTA%g*eyh_Ae;LI@lsS{GV?2F2KQK+-^TUu zX_72({jEB|df)qQ_K9)*-9p;c!zPH1LpJwZ;uoW9(UnNY_c`?CwB9aqud^xGoBE}2 z5BLRmdSIg!)&Q(JoDI`zAp{kCBwEX(=dTBMO z&(Th|Zp8bbVdxrUk1LO_>&#!+^H~MSA<1sa%hU8qhdQECrc|#3Z zwKheL#@6PZO56n9Z^!mm(^Z3AelpWSywBV7_Z;lIqV7KKoy6})i_m;z`@1WFzlGI8 zG8?YRw-sv3`>NjMX#3l~MT&gOXBzanPvoyXuFR_*k~LO3NRuSFoqc_O@^Q6X?M5RX zsTr%M>~#wP)~@^0p#<))7B_h+d)j|FafXmbOBkR)Y#*KHH*TA((_zHU1czYz67_I2Bg zwAD}u=V*(g*Z(zq_eNxM{^|N}<8lJ^DEDwoxgUr9?n2h7aJ0|!5#lc+4GnHg+<%HY z&-x)5VEMNU+hX)7vi;jZyutMPas<-$e(l5DWpmv z`Vzk$jYY>!uP%#k5t%U9$=`KuK77LUZu+^!4MMWP;@*YbO!O$Sxyy(bqtDUFAEv}{ zcO~Ek4-Cn6xIug$#P4m!ZaW%&Up)7a`x%d-+7GbrGurZglC-H^Mb;-(k-Xm3vi>LDu1215`qmNgS`G_Jiv;bajc%~eU zh4bmNb>u;gc6z>WY!z9;XBt*<)P9J6e%&rd`A3Fi6kL=4?_u*6es1(}2XbHkdzYJ* zl=yuMn*V0~NZ_cDJYxAfgLj;2dj9O=>OS}O`%e?qpSHhIxW#aTu`?9e0Wal2*7PGg z9quIl2HJ+Upkdc=f1Uol&Y#S5?~~c{CppK3q~%#&{k0dI)_n+GoSmqunkCP6|omvmJleGM}^_+n-R%?0A326Mr53fIdeXAEyrGr3rb| zE7dk}X5_u?Z?H{B&Vg&nLH&oE>+5iib~;Swoghv5OoM+vN#nDfUj=Y)glmGyuVZ2C zOMb~|A$iO_e`THk=X4Z7wx2_Zk4KN72awh;X8lyN8qQiAd!8@1ZAjjRYw8!tXTLY> z-aO8Qv=fC^7m7NDJ=n|5%;I?u7-3d?owP}xd<(@xPO(%XBnnv3C%je|n%#(%~ z55Y0z^2<|d$NJkxVq=$g-RHFhpJ~wf1#Q3l&kNb*Qo3t^EfI*w!hD?4*E?#`vCdpgIBoiqCFoRjfCV2i@OoK zEvOXP+&E>3)5q<@=hYu|xGU?W?zNocUKo;1a7{n@rGsnAXUreehhe8fGvcSZ+!J{3(zIY% zf9-l)dWIx$o>#ABV%z${WI5Nzy@dEH^anKPdd@`U+Fn1B54SyBnEV|xVm;~w#Gmk?j=a^K^q>5y}He7|3>7c(ze0(UxG zlW!Zb`C9ECi%;J(h+mFIp&OC*JBnLNY&_ZDou8e8Z-1AwOG5HLxF!@}qviK;j`sEP zEb-cNYyW+{7o!^zck5L5o1dF=@-rH!ikK1e>^FQbk)E#Mm zxuk>BZqH3{o;kfkaPJ&Y>CrCld2oNT&R_3i91HU_q*vqK?qf8l>0GnHD?)Ne$V*3^$Lt2< z5+CQE<}nM&8x47IPPaG%u^)nlBapjkWesnI%TIW2+JGTkH%Y02w#?_iWcDl<|A<472{^#vAeUw|-{Wzj<=fgGqy&Lgo z9J&YD{^mVaQwsQO9;(5bNxQ$d!tLMM^b?$t@mY;0ynQ}QyS~LuU)$e8xQ|-g{Z-C_gQz#) z+U2YsJ~c+RzvY!Pxzia(+2yPh?(Y^?%h_=-Tl=`>m9qv3xFy$cUogwdH~;gYCf_Ri z+-daMkaU7;>W5DFnW&sCf4hxuDKa}?)SG{B7fm_u()5ImzuDC(D!|P$KNzmq<+X4!g#{suB2IGxD#6|W6~E? z+H)O}<#VUWlkYj&>1)cGoxVkIr@?LH+C0R0K8{{S+5$&uhX_@-5kLA#=KoQ5o>6c9 zv(u*4y2E+4eH!lu)KGjwNZMq3?X~uMdUoX5^WoKF?X2=B_7&>)l;S|fjr5!0nd|FP ze*Y?TGt%>R{Y(3ec(Vodr9FD}c<$rTziq|)sfY1=WrL>9b4B*`l{=jFA;-)Ap4eT3 zh9R3fm-zFj2QaZ>jy{T}shysMBSLbe#a)Bl2J{)Sxko+4eSV~&H^=QA z=vO`G-NQCqvyL(ImXJIJ*QCS1)Fc^*-4JARw=bQK_huaXyhEHe?7@fhi_6I`6qkbT<+~5c^Gcc<-T$| zdrMKLM19=AmMU_q%bim#knnlYF!L`a-%8F%Vb-j`~HUuUBTvddLJ;-k@h=x(Ir?2!~kU60zAdd7c$HuJ8KoC?vYDi}{A=kk9^`unU;PZ2{evUNk;+WYK z+au!poAa4>ew8tihG;(HT)4Th7`K6+V-A5E5sf(7=YJCM_DDk)j$7t=`#+if#Wwl^ zU7R766y6h(JK^d$VLln%6`RXZ6xrM-h`)z6qY~6}FlBF%a~(}0UG+M$+n0iAA?D?r z@-&Qc`Uf^upRX^6B8rFU7gXs*{3bL3>HWp9TSgaBR}aUZ%;_Pi)1z#;Jmr$g_g6H3 z3gC5vmx~V?9_DvnKrbWve19aq9W_|UI%+gwl$SpRoUf*(rsE}gaS)1Uu)e|K9*s>q zbSAR77ZLA^G-&?pnprk~hQj^J&G*0qw5M>J$1FrHuTocD+mI@QecXw}=eXRL2D4s( zhH}uO@#Sd<<90KDnDbyrcEHv4bR_BWB(?`GVr+zLe?NYK`IZ-11G1RD1!~@v_jSKb zzu~#6QjqMd@BEN)`8DLRhPXW9FeFWSdj9Bh&fl=6V|KiK?7h_C`K;rh45~7o4M_+)(;hy- z_g_Lwk)1wUh^M^dc(mn7z?F-!gG4FVm2ixE<-YLt`=C&Z- z#^rY4*z-o(Eee6ThV|I}@MO8dy^f;`L-G<_Q%*W#b2MwayK%I+R}mk9G>qn`@4NQj z@3Nnx$XgVWui@s#EJW_aM*Y2?qs@Jo_yVM15yu%r%lfP3`Wn~Yk{1}?U6dewecZ~X zZ_(nAgyH76{%(P{n6+Vl`nV}Cvkn1iXvnbvN&G6!}JpauX3OEV()s=eu7@#)s|HL`quh5 z3h#1w)$r4_>$PAtM7E!a+I6$uY*m7GJ^ETmW+m{m#XkC34DWN-PaTV&2qzPTe0~lj zJ`PPslaby3*qFf2z_O48FDaXz4`W-|`ZAWD@UDUvBt11e3g_D&YRJnR?ex675AU1i zGYvQJ{{{39XPiOZ_lY;gwf8xVz8;dz*7#P(2U|ARkgt8*ii{7Y@SCPSEQEV4^}FW3 zhB~*4{0MWKk89R(rZ%Zk=DC_u(pBq2n;Tdjq7UeClb6<)dZ+=i)8Q=Q7ahoBDC~n8A#~$AT2J@k zX!|vc_(Y^(CdWkcPxg4IbQSYEa5MQn+t@IwV+;~_m;Nz4t?x8^26kjvDMvbAWa_)T;*d;)o8e%kId&Q7bYyccBR&L; zMK_~nM|kaDBbR#v_wz^T$q@?PBfon){jXMlCS&s?T8M0Jqax}UGz1MmYu7T~?UF40 zN!R1y&g9EFpTT7t3z;9W9s;fjCS7mFwzBD}>kA9uMd1Zq;3zmtUQLxdIof^}5Pt?~ zXttud%wYP=Z=iL^<{q+)=ZjD_>Ty;4ef-8`y#M+P ze8O`d7FXvRzN0@%eW7DFKQvWluwTPQ#&%n%544{7+U1sf5t354CYW;j3$~Rlx7rS7ei@SHxn4c}JDks- zNS1~x;{804cu%C^Dvmn8IdoC{`N!4Mn|LnH84K40bN(gRR`&e!IR7ZT*Wl^(wF_;6vje5R5$|U+;-{hz zIt$tTmG1cIpC>B#mivDR{Op14zW6DdLvr%vUOBztnYwaV?<#UJJUczd@%c&l6dJo0$vdlkj=}Y};`W1O_uY{}PTMd2S-GpxSan}+50j0c28_hA$j{23kbFEkUyY+UL zkJt~}!ARy0^sC{TdaDL@4be%+_P0OrF=!T=rlNmk_U%Zm<@7D=dD8qXA*tP`Z2m9C zwzBEEjbti?cQ!oZ=TbPw&r6XvINE-GLVPpQ@GD1s{&yGm{d6B^O#=;6_?t=Bf*-kW z;BvR&*iLNfu4L^bvblN0A403q>nQj#eX48O*PC{$C-wFUe6+bmrOZFW4XPuAPq5MP z>t>ENx7IlJA?Gsb znsU1voAfnYo5<#VPyCp*j0sU^6uy`GBqv1*s9)B(_xyApBR-CW;2zc)zzu4B%iPi! zY#v2Rkj-uNHrEN7i)Nw;=a5&`sz~QsQe+zWmd*Hb9OL2#+7NUiVl;Eji8@?*q~+VT;sACY~2hrYwS3OX0D zj5#*vIDuTFK-&la%B-QDtQ*Q=%J zVOj2Sn~@)N-mfoB(MibW_8@)@8jXe_y}}gn|VN3wp-_E@*^KxbDovS zj{WQ+Ep8u*Q&iOCq{C^Gm(A%wLhf3N0*>(NXz4j%bfB!Bf&Tza9CKjT3j=38H=sWEpObiIRUp6Zqxow zx@x(41fG_wMLzETh?gR}T$yxTOS<~|mzlw^TmaVuldgZl*q3xIfOnVcr{L#baO!BabXz&m#@XbFW4k~LOY9W?wQ0R=pr;_TooBq;Ejjoy6O6Db?On96KoNdS#V3Z z1~l};?r!u6vidPqJ8fW3H#8FEXQWCI&mPO>Bq?_1TE1?msYM?mBP=W7nR4|C-(QQ~ zMYf+Ch<}GPZ0FdY{P*AIwx3%oJuxglz%}7M*0SB$G9XExk`8?6_P3I25I1e7em8nj zSn3Y+><;4Z3y%*-&}Vm|&o1}mu(ZG~;QruOy?Li4-#HiA=kd^E>@`VxYM4ZlB$_vk zTW1Ehm*r1~k!i8>=<4(55}!XAt;m1uOg~@%f4}%1<{5ncj3xdcdIIUbP4>Q!YZLSX zGEWK1PZsxi?3!@z=4FoddA>>9go^B6RRH(ELDskp`>Q9@*7~^Lv-f`$PB5p!O_6aJ4JI&&D#a`2)r;pp8_|0e>nsAu&e4t5( z4A)<~K8Usn%WD?b}IPVx3nsKxq4 zO<%3Q3pDWvg>A!f`gf= z@HobF+{7p|$7Ogg@mT{n*Fx)D3*eG7ZvF2mJyHS-s_a93JfZp}yz z{&YvSzxur2mS#?#Rixf8g1ZZDbJwAVG0la!j<(w7+WyYvJBjAi>~%>caGOLuZeN%K z(RDt58$MZAhVz*QeNWilxX}y35{7Gnt^>-$ek{_nHvNhoOs3ph&wGBZ2)hB;Y5Cm6 z7w_i#bI}rHpJ)9|%panQ(fMf5Bg|P`%6un%r;gM;`eiMjCST;DuuQl7(d&6Ic5BEV z<4qJdZl=i*d z!{iS)j;6t-iIp>!vNxWav6;QYay48NOuDYSwC+BoYXQ7@@HGEdP*=9YhpwnEvi+Py z{1LPWJ&iUp?^BJnG`fyvDSl>SYu8T&xncP{fuF0e-Ix5A%foW$5T_rumfutso_&lVch~uzp zMe=xu=_=0O)bn<^&lwn&DR2WZ3--Unr72AUvdYK(^Cx}w)$#YkqQw5zAiKM|oD#Ti zS?Qqd(tY=&$h+-o$EAb&_1Hn%r67*z_{{jK$41nvrv591`&R;g-~X5X<_!u<>!Du0 z8Glb}Snpr?n-6yoT$8>V@pCt-`dxf^Xhl2|WuvRoXuFx4YtWN6m-VQF-2Q|;PAs~X zb{}rgO~4-5eZbx)gE`veY&`MlNW)3JQlw2|%0Ktd?e{#}`^{xU!}7f4@1xjid3f5# z&FGRUFSuOYw|N+SWlZzDS$z9YUJ zX-N5zb;*x<>zFhRGz<$Q%Mk9@X(${SmI-i8`K^IXdvrIlxfwsv*FvwNg=p!vBx#)O zr0bSqXS`#VhrpPy%!h0G9d)-d7DuNcn|lTE5$GP&mA&Y7-g;pdC*OLx`8EYVO*#Z_ zr#x6(y^d!;8;~W`DKOw_;d92^I=cGeA>sY?0i`9xUgIa*94spdl}}dNQj?{4$E#8 z-+vc<;IsRIxIK>+yo3G@cBY)@e3+(Bjneq^sqB1M6z+P9+hTidX#lg4k9+RJDRMr4 z(=dkXTHj}H);XDUx9iW~onfhdlb4@Y6$WD53?H`*@pDm(`*oFs;|2SD2gPt(!8Pfi z^G^}%&-Zc5n}3?-)^qm!Q{lw0jDc&e7oC6V1GArxTiN-i;G{6`w)Xsu!W)Ig`?&Ln zzkuFC`aXN@|LOAzx(~+u1npDqU19kYt_iwt>Cq3>m16AeepN;GE#1VmRs^r^Fz@`= z!TADxjqK~M=Fjx^kp};|KT{6u`XV|xEN8(r!T8w{#=iJj4DV)m+E3MRGMux~#mM%v zgm}$gSTBNBy<10Wy~lgdujcuimh5rpj;HMT?clv(nF%)-qq5cnyKHnBvbmFq&q0gP zGiW1uH0gNe(BV#S+oRUUc<;|GogS9AU2aGE#%r+o6xH}Oo_ibdm(V7(QT1Gsbmtjg zz0W(AdN>~^l)KSw=b|&ia`A0{c}y?qu?Mz01{kT^;|=KttXF`q38WmXqtqiG2SuA7?J{*U(y|Ye574Td%94h_(_y*7 z;vCdJNq*$JNju{GIh^c`!>PiWpsc)&w9hG9Y4Legm ze8=B@L3MV<`_q>A1?W1|4|VK`{p-&9x^-^9#~vT%Jr|baZuYphVKW8INA`Kv`jdHO z6h_@TRFgJQ=H=NZNEjdPa_b$NoB2Xm#=#A`>311+*PtGGh+qo)^2tD9LjIqh7b3kdB{HhPl^A6s{KV>i?&}w-{E@4&tL*SOWz1f zN4O>!KO16e=Tk-f%y}~`H^MXR{2_3fp|;5Oa|rSKQ2|=PoTw4bEcN^?+!~hC zM|-V3BlLA`XjuztE^qvk9Q%DJz)hqU&Z(G(F@4V|K10t%M|nj`U;iQ zOqN~EQ)A=PK}S0Cj~86!mHVP*S+X9k*4r%klBx~y0iBO*?pOMGqjc$n+N0wi<$f3Y zPE252vI*`wPR6dU!_+y z>^qN)6SCw*%O7(d83&ht9#QOmuUvR4&o=Pv^Q-K7 z(Ll>AxzOTf!W)k6@Nu^i{}Z)2guF*7?@>&FVU1bUXiZPR^2%a81zla2>Hb z7txI|{o7>!dbncj9>6Z(8g}LTQ_+3MKF_|5)1~2|>5_+rp`6o`W$e~8sWvJ_TG8Lp zy3?Mw&Oa+lezwl@E^MAg&mo(;hj_iioObRgj*W)#d}K7fowLugv}2YWGR`~CCobat z;E1YnBDVHeC9sO{rM#-ok6ajWO3 z&rR6vW8mB@xx(^iJ~q#w=TMwK#BF~Hu$ziq=h!c?k0F2m2JJw$Kc^g?E}5to>WUhi zBoaKsNuSPcy6ZkhT(+^0dtR2jZuz70`jc2Ibj5d0NjCG@#+NAH-|G6YfU560e&as0 z2-$vwg6T2_Ek=c?&3o)K#sp8XuG8W<4PC~n`(v2>dh&C!JNFSbZ~m{Qe9h73 z_G3?gKln_;qpOmngp1VQAJO+xnSNPL*DN{P;_kur)Q@UP+7a>Gy2RfAW3k^BvXUY3;^7#KS{LbQgH=?!3KJTeb z)1`hh@)dPQt1e2BM!%*?3H5tkYMP|-<>W@m!qU@N$ji-=t0s8mOJ-a4qfaHRX$!W-+b4hfX0q%#$=j!=5W5etGxgxFeE)>@ z?EQaa{P{E>K4(ka*l(S^gf$OG%HQ)snm!ur>o~Vhmejh#JD=5G)RXQvSCyu4tn*2p zx*}P=;BO|a3$Z&JJ5yh^MVHyt~t+@*sMbzBb)mx@v28VWuV~^@%u|EQ-gh;!GT%wt;J2p_DIwm+1$>=FF_jm zy;4&)9!me9=|9(l(Lq^qz@47I{jjZ1`d#DWjw0Ul1Wi%aR`LHt>$q%x<(e$XvAFkP zGaJ2xY=3tUZ`7Q!fR09*-@)dNzeC;ezs=3PHcM`YYx=!e*vv+sAe;OCG4#t&$788u zQ1dFuQjnV_tLX1#9OFFCY0tYA+>j-U;09x7C~^xnQ_#K0=6*~3cU0v#+Qd?xw`6{- z%^1huu-l&MygZL|#zNjrS*+jo()WU!>q;|hk3%;1SSC2y^VzD@q%!-BM&0_^PKQ#s zUE!K^=!k7Ddc((k{dn2}bV7@CISSP(X72ZW$KU)}&N#Rpmyf9z^KZ$L+bn;lVly8t zLbkuPPe_*_It`tO7Lx`;mn8At#uO<`kZ;AKve;wMONY+bXuWeGN1J;M@sUWwts_{A zK!2$@^9{}w;rwf-Ls4FqY_hoHv7L#YLN<3D@vqP>r2EH&CyQjJCrhLD>~WC5-~8LM zBz=;XzI9usOEYvdvbpCG&qc$~Kokygy)h0@Psh6Xrs-RtMufoFEXj7cVLls$&BN$X zWOKI?KRCllhtoLbF2eXi+DP_gQ1*5j6D_}VgJYp!LYCYL*93jPnAU@xu(j*KzxaH9 zXRlr^#qN3ROnr6QaQb`Lorj(6kM4(CpL+rtYH@yhyZ&?U$db*LKQ%{l&w%!|tIwaS zi4R5ERu}8(-kBwb-sPqHDE>AX%|f<6N1n*Fjc!5%QIK+-5$4$i%3t$zCyg|H%yk&N zJ4?cF&3T?$oq2f9b3C>-x8KD0=STK-o>91?E$(5XYQ@fTvX2`$JVoy3GYuUw_MU!$ z$yu`4;?BYLcltdq`nXdrs3%{!+@Cn=yxig-?R2Tr&(yMFUoV;YS@IoR6HNQP16#YC z_}lM1?1FcD`Ldhur=LWh64~ij`();u&~S7OTFZEI!BfulaQq|AI9BteK#d4__h!jB zxVf>I$kW)YM(M5Mxyy#t7T#9V& zwWp=a<7gAwh>GZwuBV+ZZKrD@oqE@9fAXHll6I4wdCjF1(v#b!OCNMAvbjS~PnQo+ zjdtm>hhw-yvW&dk=|4Bx%>HhCc?juX`p-qrXURagCN#nBIMfbNg_!YN>LB8y&;zKD zYccf_r_a~s&MGm}=%OqsusEil^(5c7%Z?q_MT zhR-zAc#Ji})_P|x!y4ks@e5f}CEw$IgzeYpcOUnl_O$(|J<@e(cD>)%ttV`5>5Ey? z+T!M5r{j&wINJWs>Xssd`AowIj(e*o3KwU|)fQLBQ=_q);N!-C{Bz2<+GXBrHzPqm zpa|{*aJ3)MoeZ4FDvHj9e19TZhwStldS<%JLm#1c(8edZxAv8@-$BpWX|eU< z_Vpplv*cvBCfxD~j{x1m{k+V0f6nfZCg*gv-lK%w0M{S2J(BOYLRTQ$pO1-G?LhmE z4o7plazC+?Q@_mQ8qo4*`;+k|{R4OYEyg8LbbQxV^|v8yoaxsUtt3A!Zk4m>U!WGq_IEJx3Ft}m z2Y zq~#Q+9O=Hd$6^ykxya`3A$~+h?ops~P|vqncX2rTS23S3l>YcGUq4CS%aY!3P3VKo zAaoD1>%(2dkM2Yt18IFYmikcBw17H8L(w|sU0naDcI9fmHx^Aowto%Ip}e6>(FJI8 zVUiqAKQ0&l)^Xm&oST-bzuT8jn0K-KyAqr0&@^QGmvk=kdFVW3`?t~culRpi@&}yE zn71O=^1VCIOl14_De-U6cJwo9rsc>z*O~5kW)5ph&vUwdQu=w895mG{pT)zgO7+g^ zasaZqlcuK1$$ZuhJ$nfIoi_3Edxguj=lP0DvZOs+GoBd}*mVJzsyNicIBi8Xn-dk^lPV4effV_$Th?SlpGz@(c&Mgp1S8rx?)vNB_1r zZsyi3`NZNb0sc z_o}<=#=Wme%fkU|1vim??T7qLgT4ozh%inxMp1P9%<;mj+LwL4gA_o--^7yEBHI(L(AV|@_A1681_d& zw!a~`W}n2<_>Mjz;;(mJA(>1%6u_-=U&Zom$Zn_pyqTk&4%#+oua&**qN7Pz#&K`{7VKocz~b&Ne>4B&{t(># zeO(m7z4t%h26tu2vI?fdmb;vMJEH>aMG@Se;F{~=n_9KYv~OBJY~-DG-y#iL`A(wy zgT-9?<~q*VP5=4+{m(6ddlp=iZ~piDnfkY~@Au2ylO=;J?pLoSC#=s(`TS3$LF@Is z&4-l0y%(tXGJ#l?ieFbv|+KDDyR)KarGbtk7 zEbjj5&qU$g4A+Dv)Yr$LR!Fa&lenKqNIj3ZhQ1ulJymU6`Z5O5P?Q{z$KaUqcpcvx zfo?}y|F?BGX{TPvno>TShqCy;U2Xz*J9F6fxGS0xkxdr&rZ1DEW&e8eoR6#XbHytI z@-fo>md$OJfSZvTk){uN{%Tg}e2qTGsKNF3ANNPe#J;~}|0TcsGb-}=^%1Ff@T!2E zfR04AUz6PNn|;2eaG$ccUoUsY8lS<{(qjDT04t2N4`H6k(EQM#yxb}gDTQOgO5Pb) zovivMo|8Q3qkue!OrA>Bh@3yuvwQi1+A>G~j-BST`}?UMZ>=UT@p+MDtH0fbwAK)X z^R&fjbeG5#oWLI6@27m3BB$~<^ZSL^ZL;iUkk|83a#sBBZ|1X_SJ#ttq_#P2xG&4I z+zZ|Em|Hy}r_J)tW5>*t*gHSl!m-jZ`Tp(Ik;7SeQc?NVG|;_{ zIuSQP--BwGE6oQDcDc%^9g(vwZau2l?l7+KaaXtG*UMj_lc;Wm$1h};iPxpREn$BEbYqk6gAJ=S{8 zjJgr2UEuW#{z_pD6a{6Wk2|(kvW#HOjRqZ${L}j_O@E^R?)h*{J*@YIJCTsD__&Xq zpDNdPcG_8%#_qNJl){~EarOD*6)@lSan1eI+h4C9+mFvKm*E8UaAqJP$35)%tNRtr zMeBXsSOU2J=-+LwQ`+OpdoJAT6L3HOm)tzKFD2l9`!Bf#aQ}j9!n+-kV)?ceE~jg* zgV?&J1+}gF`PiK@$1C?c_&(c!OHw4h+*c>w2x<6uL_G(z$8b&gJPw|=ORas}yKYXE&aS^5 z81vcl$;My1ek+E1>?2G(@*ag?c{H!zRyUHNG^89AM@O|?mcMN8yC2~ z=z03<#YFxTz@2SzwZ82OBZ_QpdG+n_3F_NGgNXdk;%a@X`!5t_IT>f_OLKn4H$7^4 z1+i~3*E?UWZ}qv#QSs@t*ZQ^q&XsV2nji$NZA9c-+=RqkCr zZe{D+0=Qe@n(>|1xB9%>G#|IJ^=;t5h@AMSm!4YR>N@yYK5k{}+g!LqEUwnKb73y< zam%Z3a}(6Jg>YYiYl7A@>hFti?dwGE>)Z7VFMXF^vEx#Vg(ANHA^ODU&u-#@Y^R<% zf@9|a+!xMs=ITvZ)aQ>_1{@2ejp&y==9Q!7*y!^|r*O2dlj%KEq=U=t!g1^&lw}Hu zVd_!qFY|nS@j(%}AFc^nAL#S(U9q*#vrK((a75n4&eR9r9iAkozMCeO`25lQ)OA%F zwEawUy|J|K?|FbcxDDrdT)po4!0Z?APr28f^5l?+TxD^ze|`;&!9M?PAZ|iM>Z>T+ z$1SebS7Tx1`?%%RSKSlTS0!+_SX`~I#{ODePFm+I+}T@wRf_#7^UJ2&Z2YqFvD|di zdN0~IA|v4h-9*v)O4I)_-}zOxzAA`f6x``YI3ZW{a!+!x`r@U+UwU zvaZL9^bZT*wtT`%2c1vZ1aosaT)jWEw|-|a-0R_*5aoWBmWNVgmDkw51-tZf#;&TI z!@2&j3%Z6WIjn6UUjiKMdhjUXryva-ISxHfWL>wi^`LovIvR|~A8_q{T;p@9OUTEq zY(K6T?s-po=c)Cpa=XE`&$CSZdPGDp$niUHl*T8$6Qw=BfSfZvotX{{c66R7760xc>WYCVeY?-wkg4 zr@ia&C(46;zsYd_;PZLz{pjR8o~x{1_I}>26TJ36^Jx0Za83Wye}BPn?fVN_&Jx{U z=tE;;#{0!^m;49*Mw?R}p4tEY$}thS;y>W#!+i;^sUL3qBoKH1+@$X}tEv-`h($UHtG7r`~x#s2cQ81B>mfxkH|B2wkK{htoSa4)sE`>Q_7 zIUyp?zzxPqyvY8l&r0DYJ@4h){;JRNT1KP?-2LruFe4)K{{w#u;qLkmxS1zLr0YVj z-dRO`Gj2$-{Lig-YSJenq&4Wux>cm%436y{XKmo8tTX*S@$(@0C(}QLYr=`EYscoD z&%;*xZOWxSOCB-0y4;RT|5RE<pabTbsv{o+dWSmkF@GXr;ISaZ_U5`vd91Sc)JL0!$n^Dg~rvDD9qtL z?$4j6$fy+o8He;fiaB59j&#SfHaGJW?hjeqso32Ca|+U4oa=AZU)T)bdH(h?vY9j8 zwjef^=lcclR{D6_hRuej`Qhi;EOYKLR_lly@`881=041;+=tQpG3m&E{|NF)KfEFVw-jz4i)+&Jm(QGgJSJZfrJv3>NSlZ}XW5(k z!=L*6D)0XA+ywI}g>aJ>d*^HJ5B~<&E-!n#KO8(QA~_bv+;`dS^Y8D%!hb3(+63P=@Xm+Q3&@;Q2XL_V~*)t+}1`4Dw5CAj`?Z0CYbdF-QxW#v%a7JyZ0?S zoxi*kn|{cuKmT!kflPMVfI$0*9KXc-eRH4wM&IxI@6+dCmuuOrVg16VXoTUS zF6exu*SJ|WMJpxB@t`)Z;AU zyC*CVdCSMq_maN%51b3(l)}k^W6#g8=lh=`yMC?g{Cvq-5y^)ejGZ-WWSFx`>Bh5D z$mUjde!l4JhF@c($dGR?0i>dC&sOCO*j=^ z$Gd7uCP(XfOumx%BxL5Taym!kUhK@cwB-iY+wk`%kV!usKh_zUB8T#~i_!I~lj7=! z#`VjtyC{YGi^XlmUM0Q%WDiOow*#MF$5{Afo*mKm2-x*b1Fj|QLufr=+WWlonAdyN z^LHcT-68n&hL78x`Hx9_ejhU9=s;6v9T>rS=PKU~@L(d6EWH($>ANj}8hU=eS+S@#43EXpwyz9w7k7>A- zoyW}0ipVs$``h1AxS#z8{zfCLFIcw!)1egZO%~Tb?lmA+4z|`x3ZV?%7aSy}p1ayjz`~Bh7 zW%}?G`TiKzhtUq%+`cZi^)Vi|5bj%W&2@YRyl$ws%N^s6-kZ(Vp!>Bw&3wXKY_$jIa+Cf0wdGvEcyNW+4|ptzBXXZr_=?pi>_Z!eWU5U*IG#T04rNlo* zf1saGFV1tC+9pdO`|<@JN@FiE=Y0db z&Mg*-b0f0e^7G&e*+1(c)`M|0e)7eXQ;2s&x{ugm`Wrg$qap8d=F#79(vQb7r7PcA z%Ww4KX!|ve_$*X}7NhVT^tBJ zJwId3;6C};KO&PY-u8*LWjek*gmfh3UXQ6y6JLf_BYP~n3LiBTT+Mund%ha~<*ItJ z8@&4EO+ySh^UFr27bzb2|n7{kD<;^RU zCg27KM&xRXYvvUi-&I%LH~#+Py66n-*I4#u{wVdL`137q{-|SuaYG5*7OTATHS0fg5;dXt?JMUahR-Z>` z`w!fU`ttq){%)6_)cmsLrx@;`mxZM+Qi{TEkxQDc@BBRy>B+tjydE>|U{3+z0H}0Q+n|EzQiY%_V z?q~S8u|w{am;j%=MLMK1l1O9PFc(y_rv(@AIp?`NTm9u6q_9 z%NmPo<`dt9YhU+!n@^0wY4)~ve&)J=$LC+{WZi!%a^2^{9h-pr(ZA#t!u{Ifo=Tf= z7W&M`)plbTnt=T6Mt*{Pjt-7Uhj+YmFy&{bk6T{(nVW!{F@*VZi)+fy0N%BvVQ=Lp z6Z@ohJ-(XZ%ZU5!{^?*R)6H`~x>pd$c$~`H`U! z8StK$4u;#k65O>3xS4Q2Pr&U{32sROZXVpM_sjYltps;l0&Wr9g%;Pe8@Kwn<+U5t z?kU^eM{i(V)CZow=DL5t$1U%=Z=8UeaU=aji)*g?`EWJt^}5G?wPkOv`vpF~%4;{4 zCc5t79=FarUvu5BhFhuY{-%iBX>rV6EbsgLi=C|dPes<-=EMEX;+pz>gO6KY{hpB^ zKXQg~fAmA|yiGp;?&Fr1&m9wR1H)OLWpPbDr(ROAd=6q?=OfQAlh4(#x5q){<@2Tl z`CJS)YH>|I9|gBE`J6c-BE=TR)WawE{Im19BK3PN+*3aG&fAoq*5z<3RDR&jvbd(6 zIK#&+ub$|cAfGdDX1s54P5HUl$1Sh?3`)S2kr4^6_tL?XpZ;()?5&;%VE=?=Z_3Xg zpI_ybpIYfx@42&e!DgH*hPH&yvSFG>c>EiJyG_+4)?NdLjsSmBlsr{JW1^UOvxHlpk;p z+UT9P$>;jL;_Kb=@_A_jZvN#N|4Vvw~^2P z^Ul}g^I32!lg~wP23s7H&s}`}RW_eX;J%fBd;Y)V${5DCpLz42W?jq0@#kH3T?=-P zTXtq$OJD4Cp3|+D|8ZSQF=azTU@YU9&%NI_>sp5Te!tAR7VNIJ?1u6EyU}#t?{6pG z^wM-`iR^VPV<`g~q7x$W1st=^)2v51o$uTEUfz0?%P}s3)4jx*?^muqm#*tZ&W2<6 zQ!4vhdchq$zY5p*XV!OweB8>e?~psWzx#z(-u1ckZZLcJxRre_y#Vfga7{4#ko1RZ zrDvIaNHQiyA+|0Wpa;wGluM;roTiJC2MR0$B8*~e( z|M>vJt?W91+{qE?`L&mC{&fO|>n~?}TPIKocNN_I?QecQ(avu`;^ zZ4V6h%-%fzk2GAyv3oc6%~&Ind%82`P`~YU4LSF5f6?MziH+{XI)tOm9ltqQ@?7pO z>Gfo26PQQDKR2sfv(I^82G6a-WoczB+<~p`p*!8jolE=~m%Er_Po6{db6213aZBKa zzw`3#HEa&MK3U%3X#4vm@t=`~k5=;x1a(|NCOYah2e@qsRP>?rn9CvRIF!#izSdgZ~spIb7E`^1*Nw}w(< z`^((w<6e7mvfRVpH0ZvbdrODB+03i|;N{ymcyrKWKJKbq-aT=-lMZ7!&Zv?s{o7TQ z9G;8Ova7+)x4il6*96z(n|~idb6r$+AHtl+Szia&q^}uQJT=(4kI=}u4gHVzpL4Na zVcAdOTy)>7dpT;Vx%O$3*e`6Rd%pVoj6P44gjn9sGG+V^3%Cm2UXpNPm|TfFmKj-Bo+RP5vGdwKrHXC~imu9G|Q>jMH$MkJDe zyXjwY3*nBkxNoq2T(8%kecUGVd48u4YfX?p9coP}J3pPdfae|)a1X@Z&bRWo!35l5 zxSzo_>%2D7roDeZ`>Xr7PkfLj&uaxjc%5>PD18S|*iHSC`4sibj~=&1@6;IgL?1WE z=Y!qntt-MUgnN?3y`zNvJz-}0xW?ZuZ&fejZ!0$)Y=47KvpyyPH(UvB=LFn*xVIX)6^-8{OA9C1Z_IeX%vfVAT?4f-B=Ef41X1&OY=;%C_h&GPqLY!|VRt-Fsqg!pJQ z2^G9mMKVujUoPGqr_89E4)%J&(&r-5iiC#p{poPD4QFe0H zhxg~jAIhIjKf$bvD}9l9bGRnxdZ{d4#`H0^I=<6-vZCv{*rJkWve-v50ne;ws|;^0 zyh3=Z67Y1dj>`I1059+o^V;xCzJJPj>iK@d(N4#lX{quHpJ}Mb`z4}qn{M^E+FtFz zeg)UP&5Z%wfAsmqMD>f^-sHjUW^s3^pI7o;8f0^`i4Q_pE;DawWPAjX?VT<2ECm z^|aj+JkOBvYD7vbuJQMNZ2yhF1#oMZdigdF-m$z0YN?NVo21AFKGV>%kMq8-k!OnJ zwetE!cD_Yli%6!+okTu=h3yX1;Hr3k`w+h!6`&bN)1f$-{^1DT1w_6zVw)+OoAEm9 ziQt-GuGb~lR`z;`vR*VF-s}Xt*Y=TD3a=QRX=j(iS%bboc0L`}pMEB~0ChnHE%2qS zQ~xz<;H0VcGYiy+kh3Bpd))NY_-zlSNff)$$mTvq{3Wyk&7BngKHe3qU)K6BE{4IOoLJa<0v56~X;J39V3)_Rjq6TVH7&8#=}bBk9|u72^jCk~+PMj>ST zdkgUiXePQB>HB1h8G{XLmm*``cEI*GusR~`;kF?SYEhrf!{)~eYREerZSKJX8BZe( zXL6h$Wj~-U$XZeQ@y?#vI+dK~m*MxJi>5i^I{EX=@r;Z|iC%PBuGh*A> zGgHrf2EJ+tzQg{{aDx1QGat?6d#|D8$oB77;>m*?|7vp_%Ub$X&m~Eto1MJp^u^xC zHm8{WTLS+YU|SLY7P$VE!a3kqFJCgS51~HD_HPC8^=LP`qAB|tO`|W7o-CVBNtMNJ zJ8I`k;Ro!eZE`V8S%H# zFX(&Jliwe^C@Jy^eVo^e%b>h1oE%&=U7Zd*&{egZ$ zJ;#%V*E?mfU32I9R<4-`$^4w>;NhCkcrfpwMy-)uZh8^F3Pq95FKr`>bgrV>clzs; z>k{T$E&oRIy;w+@Kln9mg&CJ*e8YJEH}AYn{`SRwpV|p{?ckYl z{;Z{`q&t0PWc&Ff@i);1^Z~Npi#gOifA!PkPhfLIuC=&7V)HwyJ~Wkkw_r0KO+>c8>xgef8vfwjPh)wGX3`$s3r*f@y{2J}HJ=pR!hJiq zrvIq@yx+R>Y>&H7g_&1~0o{Kp($C9)`+EXz&qdBYZu`p3gxl1>g4>u^fNO%5ujRa3Z`t$C za~759=g;Rt%!7BU>*svxsDsfap$IQd~;U(w&W zubIHlf@huQRx0DC_Lqv`ZE*e6bN>Jz{zMlKkN5Me5$tJ-rlY&ju))+*&-1Jp4cm;V z&U<=oKZCo-r$3x>)qwN=1Dn*Fc?T-8&;QypYDp(P8+~y-8HTjKu&Rl3{_8mZ+x+$X zZpIIAO)&YC17lz6fg*SlTtBCgZ{6WU(Tm9TGc=NM2%3z>qrO>`z4IJD+hwQ8?LI&A zlCtI11b*&ozqSP4PS?+3err8G{D=a##QWKs_zma|bQ_w%^KPa*t)ks*Pa@gvW=Tr6 z9J9S_dM?0rU(z!(HCuYaGxbR!oY&Eh$WG5IZ>6lGIp{&8`EK?PUg)-awx7|e+47ae zeHWXL(eKFSwi(5JVss7ahivZglbpVy%`HsJmh>G?JD~lMd~6;=ZzG!<%A=k})6gU| zv@3J@Z;4ExJ}E3n6ShN^$(*!lucT(Sbb@PwDW}V@-IsLDg?Ed^`-c6V`uTdwjnH{ekTBJ9ISfP)28>{5#{{=a=t}U#Fk#?dM!r zD_g#UtNnHjJ+QkKy@70Qx7!#Gqo>fLsQ6uxyn~WuM%xt0t?G<3_Rw$VR)Q1iWlO`I zPW`SQY{Ohz`oxbw$D<|>SCL}Iu030GFO7P0h1-5=ePr5Ysh=&KEpEG(sq!J| zce;<;iFkLU;Zlxkk6@k*j@^FR+yc0_B;fY_m)y+sYcROG!DIdH48Z-xm&u)P_LLgu>RZ^<)>e~Qd~A~`r)j>69L z=Wgfyx2YKDyBBPK^u4%WVW;7HjvM)}x&P|)j^f|XR|2;yT$2yKs_pIRQX3gA^NDF6 zEKQciF9qZOLe_ z@Yw+5_jeb0tZ89$^WlDIaZNhh;NzB;4($^78$2{yQg(Ui>wmwQ+n@P+KTpj!|9+k( z-)w&i;I_25z$bO=l>n+_R=WlJx(CUjn%B8#zIiS+u(cJ9Zg-oWRR z(1Xa7QT4Oh0a|KkXAaMn>nzTC?7u|6xtvQ}&h_Kc<)#Vgavv(BKJR{|GdAo?T52fh zk}Y`_=YzIM@(AC38tFF%x||Q0eBOk9K(;^4I7bbcp=_CKagO1=#+|r!UWKFA-K`EM zxksB63Dco9jC}0oV;AH*EBNASzP|zei1bWdyR`OqP&c9B=sGm)I+4ypY4bahPMpj6 zxS{o`>5u0}vSl?~bKOnC=0Wrrvbh_H|A78Nza!(9rgcxox_Y$BMSga+9JkxcKW&%w zH^PNZ|5^Rzdals({n~#ng?AP_uc zFYkhExf-t4X9c9|P;Bl%4|{wUiXpHGh6h% zq$Zg2zlT19$>++Pe<8f77Ej;LFkoPH8H6u}$8W{T&Gmd{@<%SpmN}N4?k6!N!n>9D zj+RJM-u(MXM6r9`O&2|ftJ$tg?<mu5`O?`c$nkZ!=%hQ5IbE07iUWe zTr<9&kBzQd`9E#v11{Cn{qc4GbZ`Hgx=9FAk|Y@wqGS+4x-(Ofgi*aog^}JQ$soNU zHIhWhAf%EjA%syO38Rt_MnbQ`l@OBOci)+1ue)bE_l$Xe=XsWKX72j*-FvOQ&OZB` zIrAJ|CHF1tZ-l8${jQyQuEM4h(s5L|rZ#n*i|2t!aLe|lxx3M@FW|cuR&+;oZddI0 zhN)3Q2D1Wzk5CAd)-e&MrzRp8Cm*C%g1NJUV_TTT=uRFDj z4ulQ8teCc;26TA}*Ef$YrY@*OG5oQ--z5+(r>1}EcCt=?CSNl;v)1)0;1_})kIUBh z_d3D4!la(XZEDeZcyAEw4y^yG^~;gS6?Gk?m!v1@QE0DPQm-U zah{p;S$X_Rf_r$O?xzV8N~`*5tk8pTU-;JdwP+)Z>$QJ)IgNlH>v;p+HXc4x3_Wj^ z71KPt_XOhx2|J{6*Zd^4>F|oIZdb$7==teiLjbOy*ISJ8>+A zje<2e8^6ar1IN=fxQ;NYh?ZvNqjLQ=b$L0CC%TgZf|BVcL)EXT3vChx~>r6d=(CfF78@RHZt^k*}7ZEd+_Zz|B z{!?|_j3;Z9ubA3V0=!4SQ~j#WpFRTTdswaM)!W|{`vYL3U?X6vU#Cn>uZPV+oSPv( zWWUlV93O;EuH!etSL$^0TqQN{3WK*_ak@Tr!@qS4I5S|2VKPpiV*e*t;a!*~ZEi%x z=i<1Eeob}48VBP46WXcj6R#5_uf}l$T;5ox=dHqjq|-OLobCj#Z3egxbQ}S@8YXo% zoq^w7fjtB}*Iz>Z0}5#up3$Y^Q!yjGzS?n^zR$&XT{(SHOXull@cRz76DGNZcb8FP znA#4#uC!`Bu>VQb=PT9nX?!^~D*4}YBiEPH$%3ou*+J0N3MTdDTF+A8UM;xl`i1Yz zLTYDlGu>bH;^z8ACAg1(>&-a+=Z7Nlf!W#MF2(yN;XSpjI=PTM-t2j%ypK6Lp`5-H zdV9k6BG_#P_rRGrXNNrqyBFrgGq-j>o5Mt>;L*c0=8tgG5wXcx#06?P{MhmYCnE!+q2k#^BycvOA z!8r@o8z$R*Blc&&)OPu|B{bx0Jf9Hj|B=l3nbLXe;krIYrQW%6iuvVnFS5DT?VGQ3{PJVEC8v~yOuuU*@51;oH2k*oA z73@~nEc|)v6}72iPcikFm%iUTI| zonO9Fi{{`xwY_pA#vR7UR)6}Q2i1padl2hO^Q!&=HTpiBm)F;INX_>jhyN1>w=`Ht z-SC;()Okov_czADJq=vduWEY+yp6Dr3~tFB9G78gYlBzyJ&Mf`7r_0!X|;d;srnUf zS8cI5@wJO9U9T{Td@}UF4jLVuKHqJ?FV0Z z-t2j}oSwJn91nllpKf(V!21O}KEA7Y)25}3>C7*Ss`V%Li+WY_rahMPa2fX~xNRF| zbLVF6CsE@c8!}sOZn!aUF928d>n8L~6z!e{n*o#Ye+m0ZnA$$a>p*qBhx>~9qn@g9 zH4X2}b+q^+<#Y$Qys13h2EQFJ*{^Q$v?ub^^JqD}CU`2JE<3*o-5ac5jprs#y}*lr z_eZAPO5^v?Rc|hy6AY8>UWxr5VeKA3pM2w?p)9cH!-N}XJG@+4h zH|y*Jf7xy~I{nb;TU1Uj2;QFGi|9PCE--lY_7qVw7_TdEt&^`|@G8Lj*}}W{AM$)p zlv77fIxjuQpTXcnV3T079~WT%HCPfh?ZqZl=Sve&_tpJ4t58318eZ-GiO6EC8-dFk z_v2^q&$S<`?#BV|KJZkYtBuFyl0K!?bdG;V(bJn6KjU$|#$5MVRY$Kwr@(zzaKC^) zmFM5!Rkr_U?9W(;L5}SZ{7}&HR>*0ri^}*YF20gdwFRCmr{c!?_*^SqM*G9sz$CXH z_OFHA273a4Rj1>5(-)HpDJ}auTqz=8H-p8MA z=$Jl!DxZoa$Zz;#8c?;piNDzdOTnZrAAZN`XS`SYL0or$#aiQj8La=RdnM;(bgB7l zd4>~zx||*cm+NL@_#6g15hl5tu)iC2$U}HmIDXS>>}Ocp`?Z)-m@h^%^Ez2K>G^V6 z2QJSWI>9d(!Shh@D!FH2pEvdWv(4Bw<1W|FW8nUg(YvQ9t}VcSGVD2nd-putoBBu@ zl|G7VX?X21wTSwkUzZZ~OKD!9l#W5nrQV8nP>-AF_`Erw4*9;XL&w6OiHo`=S_y6dOqh2yr*I?s|oV&J=7WDcRxOR8TK9w z;reTSUiui$qhN=_l-428s>ayz%=O{ax^fx|4(C}hp5s{6PxyP859<3Yr{g`fz0nx! z?fYiugN$2XeK{=zm&ZjAzG2vKgL^ynXTp}i9*383fNYdZ1+C%aql$jG8p%nV#RQ8mfFG}mea4I-7^LhRIL-;h`*QZz7_kk zU}|&I?j*QJG}Zm7>Z&qTJ0(}u)g4pQTGVGX^=As)f&UNON^oQU4_x{P*O~qwxE^qS z`hVbh!ELwC|2}R$a4!Ov>n+MM;c@X*_dLjaxC7_9x2OchrtV*=soqAxy+?4n;{Hqd zd&NBet%I8-`l$rOb}?RS;(9+Wr=;iy^Z7HG^XjVK>&fN$Gcj-%&EkHi1h)DLlRF9X+G)pJA-pa#5yxd?7~_-h>FxKr8-_bPpj z-$YW|_w^fCf48|KiWeW(eV<_7_5Z+4fcvKChaX!PR{I@f&WC%k&hQ&PQ(KXXe29En zP6hkw{;dxmb-jk~cVq5FeQML?QyW!rN8`1o{tbMFbwI&Y*ZIu;1*~)l*19pJsoF4A zs*#%lHv%pn&-iym=V$8rUS|YA1c5- zsJYh5zbpD0xGGySdjIx!MR#P5k&3A{&*$Yd&fuxOcn>@kb(2?#`GhicY~)R`BH$zi zN0ktDociMCI#v14{iyy;-qh!R$K&=!!EL*rZZH21!NItxS?Y889Rj7V5}e6`!*Tx5 zh)1q*_HV)UaKRmb>-b-TS!r<9eCS?$pLGI0SJ%U3yLZ{*3~tZ;b-QnepZfjS!pEz} zS^aL{JbY&Uek{#M&xQVq^B3jxgy1cNkBYMgJlT)@d$dwtwK#)Q{{XFvGxwR!PzJ{9Ou@CzMSK{73jd2ENlHhQhJA9lz-~Y#P26w06#-FZN z^}Lt?hQ629711EPC+Ffa59zCN8hVgu=VguQS=b2p$UK~e-%|Yq?{9_Oc5U_ZkhYn= zljk7`a90SfdVZ(+o#2}duG8~7yIHu=ugmG+gSB4n&)=~As5Y*%wsEKQ#o&LF@aNxo znP%ux&+ptHZSDX&6eiCTdSvoXw%5N6*L?+->+3>rWnFNpuZmXz&gov=zCLhP&)a?4 z(5KqUo15qHroes7!hJDMuIInyRI8=ddm;L27;L4%Rrxa)_6W?(pMWLKNpLR~T+W}* z46alD46$%y-(Ve6a5;az1y^k~`2ei`d<>$ZtVCZss{_99f{sgw;`vQW?zZcSI zLG}Ep>Gwhs;Cw7N{QTE_!I9&cb4R_-Lw?Ep=K3J>I|XjnLv*{DdvKmy+JSkwg?m_@ zTrar0E!?B>XwfFB!U=;=J4vXa5gapB7w>^T*)k66XqV`nA>Vj9LM}eD5Ji@!msZ~4OJ|1_+8TxV^cQJ6s3oajLPIBP7Iet}u`=Q`+-9E$MI@Rq; zOPs?$;d^LD=zie*8EkN!@~8Oj^f{(H-guI$sZ5=#|eMVpAQXPPWjW> zl0OM>w+Jrh&oAKSl0UxRuIZXd_vPeY$mJp7h^OM&}@;Bq_;SX904I>n=}g&Y4J z_oMl=UXI7%;JS%N1^jOi{v3}Z4P8$07-)${cuzTP7hI0V+2H09k0dzf9OTR_`zlt$KBsuZEdA!C0KFl&9FLU-*C`(JEZh{h9Xo5i z9FO&G9%CTsQHE!GERj=Xe}$=yHn321`8r#mJN6 zv@VXv8Q|s;j|y-e5FCz2xuMS~9w|$|g=+<9x8QO-Mi^YD@v+Oo^_B!E)J3Aqb>1Bfcsy;<#;U1F&@4~0Sca^+sE-p82X&z5w-MN z3f!fF%kkK3aGl~Y!@`Yw0@U2E^>RGE0oTp=sDS@X!k^>uouSJq9&;@52saMU4#DMk z)PFL!@sR|l@5#D-9FL~p$hzVbkNK8M5?qdl&)_=6W4VRvFAGrPQ?y==N1~y- z<3|AgV}w7)qr0KYDITjV@t~#w`dDx|9s_fXM+BVir|R}`JcbzhoZ^wR^qY5|06iqQ z9FM5Mb&AJU3pWLBX%DTJAJ1p^tHw(}wg3Iw(lw&+R z`v&Or({%ed9!m{9+*9PYN!_BWZA*;!*#e?0H+Xd4TpiUF+p|doZvE~j{Ov&16>?r(z2@#qU~F7vBE zivWes)a_H(mptn|G|#&!yJ7I3DxC%_SamaDXm4TXXpOK!u^N zsxVb*y1^0Eq4MUWAzRR+|;hsOFN!8~v&JjyI!r*r5rS&rR^&GepE!;S`4_mk! za^TLga8uxV&e3|g{%kS0PRD~q7H-TNppk;h`M%fSI^}!9!VRUKYl zHH4+G=?3>>y!RdKCzyG^+#X9jylnz>r{Hp&7aLrsID2Mg&%;vSekZsb=jGt4t)@6v z!ao?&?d3Qp3|&rf-fW3;{4ks+3oehlPr;ROu4&wP+G3rekJiU={>spo331hnn>hQx z9V57Wf5dkVTsQY6g~9#E!u>f2oF z3^`A?kH_b5LtoDM1McgB%j0vD1J}*?r1k-7+do_HI0vqqapVQ}P7C*@Jh^^wf3a|H z%aa=h_rmkD`(b*X+$gv!E!_L^vSGG+LG@naEA*nkE62;uG2W0Y~jX_ z4$ua{<#E&>TsPyW0{%V1y1hJ(1{%7Y#!+9(I0|>fd|YsO9E}4vmvNK?r`07|AJ?^; z41G>@ZH}eiVx4fkU2r)ba}BOjJSr^QKxZ631()No2wXSu2*ZEaAl+V$M}?uwDIVi3 z@$eiIpbrI?=U?xDE8|hq{3`}d&%s(B*Po4szN*G%{^MpoQvvQW3-{AJxk+%38j`K| zt30`t;LaCZo-cmqz;!cU^d1|a1OAn*_h$#LoBs8KJI%t~n=+0f-QKId7+ zXRJ$rwh1oR%MiG7eAYDYpyM%L8>aQ~_#9y9%XNHu!TnTlInIL&u2Y?1TV4FSs1%Dd4(^a~%Fh4%fOk&M`xmQ=HdY;vDE2pa%t)Z+2A^@cQm!cBi;?;PH;KS9~oSyIJdQM!zUu& zN9umyIBx^jO`Id}-zfY!&N~cUPI2C4iLO>rz&jg3_ zXN;jQ=llUTc$L=2+zEMdQ{b+!a3|%-rBedbd6d@6c{$bKI_2dMOa3IleNb>YFBceG zr@S0%;YLrz^{}h8Ue3#9;JV4n82oP*{+yS~4P8!o*~5~T{vJ5L5nQfoAAu|LvZlJ0 z0OzvNx_z8KTMT`<=4A@p&jpw3+BXhdH+9W(T7b^`x7K?c*7()^AUh4N)AiUXmN+ND zeN%8be;Phpy}mo;Pu#+dogScWW3*n*pBCV{$)7m*BiB9bB0|HO+Gq;5;HYoIj@<`f|=6a1R`-^)a`1o?Pk~pt}T@^QWJ|b;_TmmN+NC zExA_f<@_0CaGmmJwS^l!GeF}6m-8nIuABUc!GD+V=lq#y=yJ-R8J7ItYm?x5?mK92JegX($Ip!IV8 zbTqh5`P1CO4VUBo8o}lK@q_Coe{3i&1j&t15k9=;rjaHd&&RN{lIY^ z2(Ftt;fMcA!k^vZy3NGjS3WMvE@5?OQ$OQqace~ch`JM#VO}VDw7>;|rzyiCA&p9yf?j88xOpA`N)K35sK zoW|z{%lNDWx8)42i;o*yz?I{(rsGCrFy={u!*Tw`(3k7@jDcHnx7NpbxzmB`CNC4< zPOxx)%adCP?oSqO;S2d4=e$EOubZj+f%~_v1J}(s@`JlYaCsaxF}P0SsD&lp>0g*f z+@tmKIOISZxag>Dr5wo-|9!Gvdm(w`fV;M)$p#i#IaQ`~a zfh)&RO~<)Pa2njJ^>Lhs8v1e_N1jWO?-uSAd2)T={$Syb$&(uZcj$fD{V*X*X(S)QysW&#%BWDR|S{vhn;C~o$iP2VHro!VYuIEj@HZLbBV!q z8lU|wT>oVOx=(O*KuK>A-c9mq~CpSh&CC$)yniI`aXom;0gc#lJt! zxyg4gxGM#hk4JS4uG8^oq$Mv?;C6^>y`1lD46akYM=jj=NaVZVa=v#4*G;}xz`y>3 zS{LVg7ekj*zW1`^d-!tHd%@-7Q9p2HzSnd-N`mv9;BcHTGW6w|@0H+Q{E%)pbBE^1 z^<07PwFoZP%PS17Q@xyFiE|R%?hk9doIkf2T&Mh*Z{fzS4A9ep%lR`4TsQd>hku88 zS{LWf97C5={*1QdPaqPY#|4+`Q6v=fHJShyCDA5nRs8j|{F;UM{!f4~@d}Mg^Di@@IqVl$S{hHv#Uy9@G86 zd0D*NU0x>Pze)IWUe<=c+v_)TEO{Bd8u!`G*Sff_wEg3Eci0bDnESqcA>7wh(NUT!jUIpyUJOJ2sW#rmG$^6~a(aAjWBbiDPB z!+rBlYJHqPdkuZL=A|FpTLhQuTFFb*>$&8*sh1IOe-d2&o>4=C>-0UN&XzcPufz95 zDs(?^{_$At z{aLM-^QRJASNQ|~2ZcZ9&n`okQ~nIG<n#OYioN0o?`LjPb zavq**{-nSyUZ(Z&{b;QWuG9T!i!AYo-;C#G2`2@>sqdd6@aMubh z&nLDRT&MZO9!s2~w<3RD)_OUA_8MHL{PEnMecs`}4fR}bIe+TE;x2yz@Ne>p*2Veb zfxoP`PWiLhl0S4izTYRfTqin!EAywO`9u_)or1%0KGx8ebN+xEPUv=X{ps$&bya`B zT@NmAZ`@iyb?}4kr&n)x;gpRYnhmSOpDK$?!F`3VYQGoGZ9o@>$|wLo@q6&a>i3kN zhhIYYs^33ujoeUM3Y^CTr}-V}=LLt2f4^u;5gmum_}};5f$u{JzajYhaj=_=e?N)+ z-(jVRvMS#|7osj-6;QEPsU(WW@Vf>p>QVEmJ)%Wl6wt;EMO22rmvL9WYySe;$NxV6 zhO>I@)fUco1}I_S9FQX?3{IDo*?JDik&^)D84Kr#968?U0rIWN*3&6RP86KSES#=6 za#G-wy_T)#)EqhfyKrB=g>!a}oH#hYSU7!hHRd2-{JO>wCvw!QoT0L&L>W$rx_2D(y zdJizTx$2ERfaf2AYwA7K;O43~91l>}x3cy2F}S(v4LpSBU4d)rz0Tm~s@L~0)+g6y z>%HCJ=Bn5G2%aAWuBrEFgPW^fdKBMdvgloDaC6mL`B;F?dOKV1c7vO%-sF57SHU&w z!|w(+SG|b^`2N{D*?JFIk>7ZWFT{PL;F@|n8Qfg;#-70QI4ycFFu1w)Z)9`Q@9T^nXUI>gPW^f-_uxc2G`X4mch+cuV*RlM}99` z@5cr=SH1Ks?uP-_)LXPNzx+*s`#HG0m4SC4tR+m$&kM(4|25bq{OR($i4rg2_bArs z^QHD5dT1*?{}IOXj(vzq_gP*@3+vXW^YD2y3=;V}B<*pIpymnkcjE&u<2s+n;7;xmk8Tcvs;$=Yp%^wgooX;Br3fv2f>D`XK@Cvx3X@;U0tQR3FA$@*(gV zu6KN(`+@UezQJ|MhYE|{6u2`5_i6A}!rn2sH(ysopWwZ1Fta|avT$Rs<9=Wi&Dxm) z`@hNudLuyN1()l?kA_~S`Vg_?Lmb@gg3I-x_G{JaFXw};K5Vk|gMW2^`hTd8U-!RU zNTq$tXkUZ-1m1t+ic;DapQ-*`+Z4ZTg=3DYkvlTn;rkPnXZo`e-1jV8Zw_3Vn_fqi z-1wVVfBPs~@8LOcn_9SmHMmd0!tIy?x2=UsZ{hpmA7|_Bngh3+gN)Yu??s<{LY6dZh;s7!Myrxyx$Kt5;hnn=hc;& zevtFY!23Ag5&bX$yoIn;2G{!r=9sXaurVh$p&1tw^;nJH;ptjLJ-BhN?XAuQRp$XMz*l)@<5q%u)aSY%9t3YS z>;r>aYjqhlg>{A<0aNoy<}S({k7fT>e2n@4E^nv8rx)xz7)~*$z>ELjRAV&uZ-z~U zdFmr(hZ0rnETC;*sx7t|zt0B_=auTu1+xpO`%zxVAZ*2W3^C}K*t1X&4 zu5}^ZeK=M9W*x_0od^D5-cN8nPH+#zdD(2V?ID=ts`Is;upo@* zW89y`4`g2-O@cc|a5v(d%%=BT%=^E~oUggj8~7B@9}wJy(5bHTEzRhy=dEgb=^fV< z(~EddZ71V=c*gNWJ30~taLtVKO7?FhxCeZp*ArfcZ**)edLOSU{uyq`R_y->D|xew z!iN!UyDU9tYM$wXRWBA){hN_gfMyF`1N?pC|NNr5c2c=bbDLxo31IW&-*2=;|pF2e?Ro)V)`#$RrYXuf51Mi z!94sB-B#{D#qxiJ`vAAL;U5wH=e~&ke4&`i;IDd; z{rAKE-!as`a)mLWsv(iw#%ZRXN}s|04%pFaaZLXS$CFPBXza{d6hU2>=S?3AW!;PJ z!gVdd?GC^5VVA%p_W|rLfxQiT4K_cD>(7W^{Nn=Zn`yJ;27bYL^jBK%`|$Yzwg)D; z_h5{9-!7vQU`NAby;^J0o7|1{1aNsf4L&`-Dx_X`75!P*2m3=|e4RV`E52tS^mOe? zq;gHw4ymWkszU0giZ-^3@wyplZ05Faug%luW_S`wL(%!e-uDLL*U=VoTCBX;>yMg&!2q zxfxD;51#7@E+3!n99ELm4~pA)XbGJPQyZ^K)y4-rR@AGkpZ-4rberIg!FtyUXnGSS z^{#xnA^otXgx2AGbsSOgX72cmUdgQlcaz|L2*3ZrDh=+h*gy4)QfmGV#`gK?^*QFo zEL_i@n6GZr{cte+j)rxENxkLR9|XGw_V)R;XzS6aEz8n1byp@orQQk((qO@z2)~)I z`(cv%DE6O+t${5+u%v2!Qt?c>f9F~BrV4`esNnvu;ub9o()ZwUp1lV>U%+<4q~3b( zmeE15!(ijis8^L|eC%6h$um!JkUIZY_wTXr>j~=vliVTLzYaDPR{OouYW>@yW%jyt ztX7b&0oPlVnMAYUcV@DX=HXRw_e+0J+U~MKdJ6BU?YmoxsJJK5t~0CWuex5&>l^Ws zAgu(~U*$ox0=~y=Eu{Ah?iTESo8j)o>$V9*ZEwW=Ki}(l#XFk{Xh?b*K;GIxs`E`f zYMbHKN@89LI~XSQj{muky5PMtVY}}xq+#u`CUatXZrLN#4<(a{KFn}qb%Jz0xSn*W zqEqmC>h{_cd#JSPxS8pPl3CavmMX}qVg8I`3Y;gw@n-aKfA%%><=UT>b%Qwh)Aj!n z@P@;#GPonot3{LW-o3C}@&B_%;<$2oI!H@K$WxWUa;ufIW%Ua@c& z=gAE;3{vq9J-!~t`u1`#Uop5V@c!E{wf&Csq2{QI=5go!iWXizYew-_9!fTbP=`fSwj71*TPY$^+lRvynnCr{%!bdhJ68(?cR<3()G9o z2x|sY=cjXCz_AeLCoP~+9baYM$M*|TKX7Yj^tOi2k+3jKaZmMDeNegy`}HG0!s+kB201b$Z*xXZ7tsW0QSR|B{UXe zr!78H`Pst~Cr_IoEdrPIehR;Bu-{>l+hHSWJ!}{(4BK@c)+f#`q}pSPXj4Y7s`spy z4iD1HJ9V6{htG7_y)ea{ozc4t`)|NLfo*`P`O3r-((&(~(OWJ4?Ska_QLnFUh0op% zh4dp{CAZrLWmFDR+tBU>Gz;_R{wGyGo~re=Syg{QPHsTg;Z<@M zWB=_8_mNwQX(`shW}H)V@C&Rtl-Xr@6)gqFv)juIhr`;#B)1& zH`+N!qrq)n!Pr3u)06huFBu= z5ox_q+j#2|q@#Y;+;aF`3>yrS{V*E)6JctbidVJnyk`OKuRtA7N3D9jtvn$}*MZA* zaVC6L!ICh^J?CR^Vas3(Vd19=C>bfD{-cU$h9z$PlY?~XFPf|JVHNz=!z9-!ALd)Q ziBoWXAh;@j)k$U%OmcJ0-{`49`orKJcyK}9xa{V z^oHP;gEtU1!r)HB{sP!Du#qd%sy95@2N$yvw5&?rsa$dv=hv2=03Ljr*)V zZNsbN*8a4N4uGj`)EbO;94}Zej|*8J0=zK_Ee!6bJ*_P>FtP1SWZ&oi&bNUpz6 zkV^OH{{0cYg(<8z!z8yH`-5O=dun6N$7BDwLAnrJu4k9ScRcI{nB+c){iQIq?c1`r zM!nH~L0W3j`;x)URd2L^km~2}<~x5of2{vtdZOn&KS<|-!^fT2G@^#! z>&5eM2DY&e+3wS5P&N8^=J&Wi(yf+B;%8|GS z5&5dFbE)NX<(1wm@{r|#b`E-Ii&m>XVZa36TIm;&kLPnv=g0F=$F^V@3u z3-0ycvfit}8wb0?;68`_b+GSYU&Gekih1xsQzE$KrQt? z`D-02*-||pGR>=cadUkx3GRg!Zv8yDDRAe5>w}Wf$de}E`C%gr?%*%V=s8%)R?Oe= zx~f$nwYa#HW*uKbah#`4M4xZMdN=n&#jqg#0xoa+-Hv(vYejV3VU4TS(bc%Xa&PV9 z&Mc(P_)MOgsa%j-U$8xw1<7BadFP#9hraGcbU5^&i+P+Cjlugj!cs>< zw+jESaEw!VbW(Ny!n?3Oe>UDzYYwxTz#o3=;0L)?TVH(EWO4}&#;Y9P-^?ze>+zo2 zHg9f7y^z}*z*ql1x8=-sm>*aD1=ih$2Wh{;`c?Ud!z)dO?>(?b4Q>+q+hL_&;@SpY zyNtqj@s{Aa2+j{97%#)&tL~HdAj6G~4ANEL@;3a&Iy7-}EougT?kCmn zjDDxfgY>T8aUAzIcy8ht!IDN8yd#U!?N%BO0_QN84<`Hb)pKy40^aKb>sYUZVja-# zW7FeqVx~^Wc1NxV(gtw5WEwsIe#2q6z$7>L6|SklK7hRooAXlvjqIIX2i`R$Jy%!j zVEt8RVe^a$QmVLqwRON;(x%Q zYq0JCju&lEW4GjM+$#<{7AE^^H1=ctX^KT`5+9Lnn#jDJ}uZP#7oiL~T8wqycI@CSzl+F}{tq13OShH=_bw;p14fZnZ zS(pdcCB09Uk{9)<{~fgmw?S9wOo5}eXf#L%mS*ex1it@7C*2sND0p75H$dm-;QRq= z_uuL|XJY?(*jKPmVXM~`(3}fP$%p=2ZqezT6eM5mY@Kz!`DZ%g;Qa?YHBW1S1a1IM z3)m4b8TUTezXFzg0R8%6ldAQYiI}^qx-$#o?+5tGd1dN9L0T_#a-Fyq4B4M<>x6$Y z)*tGm`?D!xcRe`MVNb)P&R?+KaC;ebf*k=PN zH`X~E{{KX061L_6Tg(t^#ViGo7FF4ll{pIV(s% zg3BB0Ou_db=>)GF6J#%d+@D*)YW!VwolgC^&C;JV7suNM**dQQ_n+vDf_Ec$N@pcH z@H%krfvqxhcKN=HE`UvjMPcKyX1@Hfbbt1mmL2!R!$F$bFk9zB`2G`}{&_*F1W)NK z#xq z!MOl-4NT_eyV&0jYqb;CQeYF&E5nL0-)mS(V=*7c@^-a4?|V8(AvGDyY@DCR!uOx_ zX9ajm!1ID9b)Ep8Tb-*dI+HI1sX^mxozwrJ&cKV9CxEAP?uM|L;4FcyH*}u(Bi65A zH^NkYZbp7io}bRo=HC|6Xrn)4i6FIWlC5(V{QpURdR`6E?Shx|Hm;gq&k;N{q38kZ zFNUf4LQ|Y?sr&5ImW2P?@aOB)VTgDJfA>60{RPj@Ud6uC{LHf=NKMPCb5_G=ZH}A( zI2R~Rl{(B<;Gcqh4deX4{JZqy`VFe?qx>)Kn^N~B%JbDlnfa|eUrmDhyx^Mm7iHR6 zn(O^Vk(D@pHPw0(Kh>eDF*&&4rS$zp%@F$5^1w`8ZMn4ZRGFTf-- zk%^gNsx1cIH3m=h#e3kXabof$i~CctD#3YMaMXH&S}*wG<~mjR#QmuLP2SY!f5+o~ zq}MUOYNp%!<;wJT9S@#XyP7_=Zq*CM=fkW`y()bXaBdMCj`N2`JaUb50^F^FJK!}B zeGO)%!F_mB5#2kefF|H`wXP=Hz1$Y(H-dE9zPjDF!%xMz@bT(#R?o4ShtJG7Z!qHw z-U7i}2p<(^4|qAn8Js%JwJwfxb8uAM_{VWxjqBus%g_62Vd!&u-d9ze!C5aj9Ou@C zzMSI>?uq;9c5|FN8eFG1Z?(nw%^*E4xE$vm;L7p*cX8fk#u>c*_SZT&&LN{8xjx7| zF!a5&u80QVy}ujJQE&zypxeoD zuFM?2SYNJjPJ+8ya5>I<4X#t1>$gg;)2M#rI_7^1*JoR3y&PxHE_ZR>W5hWQ-hG0{ zaXtvVT*fo44bq>2!*LF`EX->>d%zufpl&Zef31z7&*}MVs{dl(ye~KlFKbNC!a9H> z>&-OO{!j4!R@iOV7FWA}+VfC)ZBwoT1l|tP(FbXL{5-s~46f7j@LF5Ao_BCwB)Ht4 z{lQgRCNE2D<4)=G!v6>1zvT@N{Qw(i=-P9OPs^WAiX2FoIi^Vu2cT>vT(ic1?ljXx*s@yd^4~pjjg8q@xlK# z;lBdyc@MVS(53R{H@x5QO%K(A$^02;$)6Os+Xc7wlJq?6BXDK@sOJN=1kYBtRsICl z1?j9-x_uAAc^+(wp|7g3ng6KIr9M7R$^4FhyTHQzCQoh*+&YJ3>)n|rw*uTtE!^Mo zGt;`99jh z^>4sDLvT6YyY*>Q75$p>Jpli&g+J$edqbB~zE8B|JG~#Ivk%qnZTwX_-_HV9=KC6) zzkTYE?-6jG5FD;+Aw!?ccQ^Gi4sL@sT3=V3n|l7$ga#Pg2WdmN+NDog%m# z=SRWKCC>g$LHbs3)N`Ltfh{)lU559@!Y0FRfXR4NSo)1V#Cc#_-ENM@8iVT;k5v|K z0^GTR%kkI*uA6uy;s1y5=Xh*3bUDRigC!o(kAgJtaNS;x$8X@~5|2u7o);V*cZEM! zuY*;M&HTsBxbuD-q_TEeA0NN!I&j?_zx?1v1efb}6NBqiw>MehTnX;$g3I~S!QeXO z&khT>Vl%Ew;`%bLn{obh1J_OdB;Y?z_;ddF4P8$8v&WJ@kxzp3f#7ofTm)_|`I7>t zV|(2`j`L7MpUfXOai&j$bccm|MV?$QxL*k_9}mVDT&Lp!J)C`>lmz#TBXvJ;{!BNx zPWjW+!i{}~bq~Si{MqqpdhNER<3Sw$jXP*voIi0xms9?9@$|I366O+s*OVVsM?}(apm3ZNc|71efD6{(iLzRrB%L z5C8pqS{KKo($M7;k6xB|RDwH6a5)|gf5|N#;V*DrEjS#HX5h$m1gCfeEdA!$iu)>$ z*6rqabTqh5@fc#^Cc%9{a5)}+aNWcs1^+`kYF!+U9)>Qbc#O8hBlcyGVuH)@7zA!E z9@dt@jX?+<#>E# zaGm0@)WY?AgZteCm*cSwTsQIX!asPdZZF4UhoQ?U9;+8~(ZS$4#bdLDTd^ZZy9Afx(G6TT@kqdbU>Dt9j)&jS z?vZo0kvJ2_hoT~5D~)6Ei(3UD73T#iTKueps6?~g&MeWKRK@u&-qtXEF)@LT#V z3GN8N<#@C)xK8otYvIOrAs&Lu@#qY$n|Q?Ge|&e{UXDi>Lzh!LhFIbe_$f#a3ogf_ zAGo>Hs{}apPSW}~9v2zOe(r=NUale+}ay-TvT&H-9w{U&G;QI@L%kem@QA1bp z@Wa2GU$>XzG1<`N6ptyEcvOP>sNixu9?dZx;oU)Mc(T^V@mOr=bBagI(r=z$QLhA- zlq2g_{KTEy3k@Yy#KK_(;LucZzN=$78dh%PAg9E%Au`7Nolcm*eppxVelE z`W^Ri3J(8HU*T`n>y^{*^ewaWTLRnxr|NcdJPtCrPVrc4;YRla=_SGCc(e!CO*~@o zZ_`8T;&}KBT~6`XY>9{ek04DGT#iR?aC3=A1vozo4zIWMGxSw8HuE1h>upJJFFH-P zI}A~SVHf=k_xvGEsy>(N@+nI^JbN)dEZmVfaCcd_0dTvXo~?IW4&2(0WX}g<;LaCZ zu0N9vu2cPKVd47!#P?Ir(0V!F=NVk5eD_(nL?OCLa5>+Xfa@mTJ@DTw{5jvBHFP=U zd-0*!^VbBpXY|zV<@?k&fGhLe={_}e-P%_Wq6)#``m@>4=Tv`sSo*CJ+`dhdag(135a5)|&zq^Y^0{&kMe~w38_{;gBQ#{&R;t?qdQJ=GPd-*=2w&2Qm zINfKY;!z3COM=7o$7krPO1{j0+|(aWafl8*TkCr~>A~;7c&LlP{TT0k2m1+T-hVRE z5|1RfHwrGtxv#->igVP$jnxX#r-I9I9t5u1YFw9x|H-{{dpXWS4P8!g?rVv2pd>`| z1eeF%L~v!CYZ`Y6aB7{S^>Li182U0Hu6l73=M=a@1(&Zk&T!zmx!&k04bd74cTS#M zKe!!wXZOQA2dkud@eV*PUCZiWgLZThbSSq zJU%xWT&M9l-@^6Q2~o>{*30AbD{$3T)A;nkf3ooB@%fFR%V~U$w~WsexZevd*WucG zs*lf_>TtMji24R~`*?hMz>&v^s>Wvi<0dbo;65w3JU*K{aNUg03UHf;vh{i$xNh_& z!HrtDZS&+-g8N?!*Ow>PQ!hm2eX{!@@wO+gxcR_+#=`BAr``a#2lUO>>(7%L0rw^g zw`ZQ*7`WeCxPd&m72uwCuI>k}fBg-vQ~g_RsZ){qA$neLx&DndxK8yiY2o@Bgs4S7 zt(WWHP2j4nruyfH|1H9w>)#|pms9dT~=vqTs${;V#XS8wa;l|7^X>^W-MLz16~9l_xg^?hh93+B~_`C`9L*1f@;w3Wvx3XxsM6p%jicQbZqyT^rUSHI9!Gn@Ra;HtCkZ^Q0rxGmpr*XaEDpA{yez>aNiPKUQg<2aGlnZ>OY#jPDN!Q>U^Q@2hR5) z2G=Ryy%uf)+_{3w`92C9RDU{K`mJK05cRuQx0~a!%-}l3qo;)%X%?ba1()OTI=F7)5ru!p zu-3)#SYzmNibsn!+3S10eKEcTm+Q|qaAiDdsy`LrG`U3U7xRu~87hE2nXMwA>n(8I( zAEM*_rFHT6>}}|B8lOEZlEi%7H&lgoDT^u$N5ok-NZQo|KEf^$9aLF%PGzy zEpd(<7@{kO>GpD*SA&~NoKxUz5gd+l($JS{oarE}Q(dO@@%5Wc2G{BO%_2)Y65y^B zT#oZDgXYrP!j!av=`IR^j7g+Ir+1pabe&MD3_EOGXGLv-*6t&5Mh zt-+OXuIYH20Ou~j;p0quL!XSZo8wF+xb;SAed_zeo8R?NXMo)59!_Dw&ey?kT zB_0(mLv)Sca-0JO*D221EZj(|5N#D)j`Ky}x*5+=_@8&VZZF4qkfF;d&dV)v_8o%j z7=p{=ISQ_fb4_(S4o=rAv_2lslMQ_`&TfwT32>jVaASFLQ{WzSWwzc~d2*?Bh+=}v zc^NmjPI{}5cx%jE{wDK9;bWuMnY4-L_Xi0%i@%QfJ-$;%l0KNJ3(m+u(5 zobqz3B`^JLaQ*lyt&8i=4sc~&)>wbQc};LQFLxRGa?Q&WxF?R%`nay`ap1bCYo5bG z^t9me@vE4cR;%Yu$FJ6wI48kvd9~Kd`QtUXPWjWt!i}{>z6&nrPX}<_skO@nLjnvwFEfd3J&K_e?wo+`2+4H|JLnh zZa7aawZr+0;Bx*9Gq_Iq)5{X)1h}V+(Rw+5CK_C){0UpQ(Iar)Ah?`A)4_F}31mi+Oz$GVi@a{XBfuFRhr>kl|h#%g_BCzc!fWd69R6P4iJCb%5u zRR-57&Z8~ys5lbW^97gVoHDphah`19MmpfU;ac4f9Ov)Abra_({I>~zj`L1Kms6Yv zTH@?G3gd8`*2Q(gQ&2t5HPwkYIGY5A$8&RV-t&IqnP5@#D2#&YvCz*C~H0EZp$XmO>OUy9JlyJkj7f#d(z_9ZUWr<1efz?o56L;pBqIw0pUfXOb)o{?P7}30K5y+|aGlOun_A)#IX*=92rkDt zY;c|8+}6VNoq&0Y;BuU=0M|{N{qVo^7TsQs^C&}?Q=Io$;#>*tI>F^S5d&Aoxu!Z1 z?uzx4Nm?I|=UIk68D}?jA`0#!7H&LGZXDdQ|7g9Om-8LCZt^k-?s&oFeyDKZy6J~X zaK8~;&i7>o*D2q-S@N=?8}7H8towoUeS^Vu%J+bU8#xj8+X*h``xbEB$chF*}m=}x zyzC9Go4icGKPvn=FGGedr@ZWC$;-&exSvdLxeiCb&7}^fzzN@>+sAo1*3ehg*vx<2 z)E_zp`D5Wm^W=KLJ!NXP-pP4#{ouY};l}dhhQVz+P3z_HIm?0TW_-rLog=s$x3~k> zP24KL^~AJZ9-s3KuG9FOVi`w~Q}I16!R7I}%HTSU&$xx_>w)ig2`-P%b>O-gpMLnC zf2VFQkI#*UE~oK1+A=;X!F@|``M9wQTsb~#I&MTx!#rua*2i()W9Z9ue8#}75M0j7 z;^MzQ9=XZO1h{SQ(t4R&KTmEYxDQykP4nb>PshA&hStmd+rokCW*qs!og%nAj#?XB zr*X8@lJ9f|<`II+3pWAo;JbA{@HpxXuA6a`g#Y`(pT|+i(B(9a=2*s2 zv?uN}nyGdDb({lNj-#5+H!8t-PH;HRV-0<|jw8>R$oG4+KITUAwfEKhC(+#3X!$Nek^uA6!i2lr>e<^GL3aNUg01h^ya)&0QttNPWP>Dwv40b zSt0sBaCv;LGPq9Tv(m!#pBV(fT+qi)-a~oJ)c`!NRSdCzs9%(T{@5 z{m|5b>n7j5;9h>e?gu^|wJ^9&$D`uMv)3b2;BFFJ&i5_`*D2qdTe$Jw$oIKgFX#K| z;JV583iv-O{5jvxGITlR`wmOKhs#m#AJDq^cr*-LneR0nkCNcb5*&_m#L$;(zE^@< zC$9A|cWjbDmsJAAAo`aJdd|b>O<0ANavNcAnPDdAY;jI^|_wOa4&b5IrQgoR_srsvkF; z@^YAkn*g`bBU&%#WixQyqPI=kQl9$nQL-dp2a$V~JuFT7t>RKf@ zLm$=c<2d^beKIfI#M#>~M4wx@J@e!S!0q>#*2~AmfWdV-E{?av*>fJg#~`?zKO+sU zQ~ty(+$6Y%%-4E3f5w69CVx`!j|qRyp9zL8r~DaW$)8w%+`lQfoIi8G%_V>6d|V%Y zT(^(w&pbn)%pX_tA8z`b5@IWNBg*G*nl!hgH)=e+#J(B+huQ!IHIzX0odi*$SWcw4)) zdS2Fay!8&meYS$bdFcTspX)b%aF2RI>*IRa+=1(+UPi!u09@YQxV3=l;1Rsu>g_I^ zve84cVf?#ro(n@%f3fy^;oJsvVW^DS!B6}yWU>0at>@vF5Weaj)wReCwMD_XT5y`* zk$(Q&3C6!)w55oS!)N^OC*YS5enVav@>KyXMGmOV ze@TeEPu8dAReMB>z9^uL8;Yn5e=qBi`hCk6&_4e6RU3Hg)s`p@&I}9ZfE+nA2{ z*?JDikrM`Il7(|bj+_KIMNehx>69bKI~eyNTR2^F+Bpk z{vo)}!NTd2BPR|{&!@BXT#zG&{uQE^Eu6tQa>C#owKQALh#WZyaOQ&J%Z#r??=sqi zadb5}vL60{_dVt5?^?9PYtP|CtE1`PndWiU8^7=UUWQX~X^3h+lm16!j^i z*#>uJ{~|g$!#xYH6AwUb!+2$;dTo9xem6W_jwm(^&y4`r)Vt8&=BhV39M_*LdeLT#oBf;CeIt&HY>N)#`D}Rj==g5c!|W)_Z`#%~h{Ag71rf zYwA7K;O45At_o56W!ZZB7~EX-R*nkMz2KU9uQRy0>P=pa#)jzZ7qazkH@La#ja-ZMLU7Ic@VmjyRd4t@+?VuX zw%$WlH$Evu{{h$3 zTeLF2{Ehx6L_5LdZ3^c1Ghz1`=LcoAo6;Cqq8`!OB{)xr;d_a%=<}uaA9`pjwEQUa z>_b$#&+E#M(@OZqk`M|l|s7c_qtTPO1D#SPsaOKg84$5 z!Yppea$fA29>O__*1I`cLZd$NP$PqT;teG<1@GSjd+;ctVXcTfhot8-yDZ!UxK|7A zXy|#PUHZ3TdH$vJc6zChZp3G5d;QIVYW=`-CHcKV-(9$VDY(y~tp`EtQHI`ghm=sK zRSoHDe17$s>fAZ|7H555F$r$hS9L%948J0@wTHoNIKGGu#QUvbCb#y2?CVdF86mn~ za5*3DN6yH8aLR|`cG>InbT__#ze4Nfd{}I7o${fDMQ;q;s|9xq`e7yd;CX}l)tVBD z4!>iTdvZ2k3t^J#`!~^zsa)!mON{3$%oi1+{Y=noDYKyu2Vkrx9IiW8=?;dciM{{ zy6dtgG}7QsdbN-q#`_y?FRdCEvObKoa1-EmdrkMl|0*AR_u=~vg8LBqZv*=G-xj@3 zqAlw!{oAy;r9ObWQ*c$>w!kJET+W9*7H-ti50TlJFTSq(f$PIP2G^-R^tI#z&B6J& z;Br39H@HsuFvFrZ2JR7WXuVH^r|QEy2KVOcis%!(XR8nMEnNToxSl1r|Eqkc0JrgK zt(WV=kA_~S`Vg?>Ltrk(o8WSNsQp^?<1y!h?Rc@=(hrs3ehaR*>WD~m|I39`+P94M zHMmdU{Wq>CrG4?4s=sTojJ*tV5OvHtk64?n_u?G511;RhJj{12++jIzBNndrkr3_scDCNDa^Oz1aFgKP zW8wD5fji5>jXsL|cHha?J1z(AA`92|Scs;9%fBz)dVLuk2@Av2e6lCz<=9F$VZYu6 z)D2iDSwJ(6$68~jbbT21ZT9gku>jv&csHAS7X00Emsz-h#dvNcxV)`Dp@3F^`6f(V z3CZX!et%vOZG~-z$!i@6^nuzc!TAmxETL9yN%(&R`xU12P0F;p*ZXBO0yYIU5mx(T zqRvMaQj%&>?eEg_B%{+J8UeYGhxGEVc4$oh+3Ro zNVUfnQU8qIlF3?c>{;9w|DKN1_3)VvyBDUo@r>SO*nb1|32Xyw>(N9LPe{jqTSl)u zuSz@@qQZ50-F+*3_HHPoAMq-=-99Lza+unNb}yh=U5Wail;-mJ+HiE{tg62ts(2pH z?FN_ocL01}o!o$~!>i;j#{SzG?jyGp)6$EHW}H)}|wY`S#i;fPWA5O2%m3qT3<9pHTb^l%p-_fvZU{dcC?9Ya&?WOJ2&xg4mWdC|! z3DHQwod@5iVJl#g`(MTU5Mvj1#B%fj#w}&yw#O2;cmmHY*r4_955L1EkQ_QPoGPlTy$DqeRqA=NY z`)$-*m1ndWdNSviJdShCv)H>Ky4k{|I_dR>f65IcL-disJ@DXyyvK#-J=~x2f$j%2 zF7`t|w1vt3bs864Ed3i>7oxb}mV-ACHp1Xe!~O!;Gq8~>)8nn@iRnD+W#RfZ;JKcH zy9$0AVPC?e-UB`)D6+y@?NXeP{z;AM7NU zO5-mE1PiKL)0@V?IvT z-);vHC2>5q>iq=Y>-|V`yTdmC>jRVAvDlvmQ=6)jDsDY6hhV09mE$<}X^3tY+-4YO zg(=i-W4sN;{*5rT1s^G@;)Xl?z1~;~&%pqf>+g@yq_|TIZaLl?1XJ5n8*4ru$F|^p z)Q@#PTn^vyu#E=yLAHTCW`xVh?0eu;HMq4$)!P3fmj z1@wRHeRn`q$M*m1E_JB_Dk#WBjU8B!W{ZoWs909l9ut=iim(D=NpbViOqG9+!?;XIso|4c-FX) zv2gI|4dC+Gg*}#wZ=h!0fiURd_MtS(kJole-3<` z1m7N7w_U3H7QZ9#ncFTUzRBmn_jSQ{Ub&mE6?|_4Uy?Tm{Bi-)6ntk*(Xa)$R|MFZ z%-BoNPbBog^>ENb-oHDw%b5AQIc&z~ZvB3FiHcndo3m2Eck`ou%mDpycM~QS=#E|M zA)GgNUit;!t>8=Yt^~hzfSVP3pTqSBfa8E~0PkK8`}|H>-mStu=lvJi{VhM>y?5}X z{)?Y8eEdW(3pnCkA7n{oe+ZuO-2aiK_3mfbk6157zpdmOdY*hE!S_1w)j^ah)RW86 zhIRlx0(jQn*F$1hd}s_?4k!k^-e1k)mj<%CMg=f^P$0V+IzRZLTMx~D;JdcqOD^t4 z%opC!uuBK`aGr1D?E?EhLD^H)ECX?#b3V#H;kn?g`xEnNyPMyFMZxTwv5XBpDxa4V z?M%~v`&R;Zof?q{z8}l&)CT$`9`s*h?Bw-myf?l2_Se;{0QdM>+Fh^>Bmcs_8|WmF zk-3PA+7Q5sfj#x}{kEPQ;X-HR52^YxgXJ9mVvf8jIjfPZ_`Pzr)5_Lv#SsJ zvtFP_HFNeyT<_~}{~AC?dgtv(I)!yv4}MgReH8r8rX0=wj9I{s9dWn2e&910paXd7 zbJq+Fn}T~rKzc|3Ys6S-&63+4dra1;XTBRx8w?&B1;!*2OW!VSIg+>R(Hck-Y)Fg|JGi=*B z<+KaI8pDn35crZKIX?sMuE-e~VPs>z68eN-Cm~<2uoyND;3?;=xNZV`2G|eaavoX| z$RzZmYub_19&Kc2z?U4!c^b4`k<%1oWQAYL<48OzaM<_JEFQqZz2!9GUNxY3Gwk6P zqnztJS7Qx{_d79Ye?NovHV8%Ip0%fuJqEtysGl%j9PB0M+4d8xmytQZPXfajl-=c! z8|?cjGD z{J5OoqM&C&hGhV=LQV(n_5U%Nd@^qnjx zngpwc95(LglhVdKlfkMul zlxH;gi}+Mn9Wd9aIeHiO^0;K$|Mhx$3{XXp)ZNFnE5 z-1`C0|Ceai2XHl7ZG|7~z3@Qx7wmB?n|t;1EqWsxbgZqM89lnDPjjx3T?>9nIdj0z zQ=c8lIpug;IUA=K+2MBNZ0w?(kyDLq!f{#7zaZG1(AATGI}~z``xWbAfGYvKejY;o z+^|)ypLapddWAj>GmWeje92KeYVD$&&EU7R#m%o->fyAnH$fiikCB#UGp_#y;Pyfc z=3555OT%5`EF*gW^kkozK=cfrdjY_oAp2|=t~;{Nn!)E=1)n{jdG{RoL>kb4{p_Bv zeh7Ly;2Qwd4}R|L)6g(>+dwt@Zk>j0!TSZC^VK23zV)21HiGZX;4AS=!>OZUSQvoz zYsGvjuov!K0BG-Az*xc8b3a@^8}$x+n`E|Z1ZcAXdVr_AQ*k{Pa1nsZtC!sC7Y4!i z7QCxeC-~UFH~km49>!oUG!OGb{*D*%#iN12m~YMJlVrH1z@B=bd6TCeOmmFv77xC* z--B5lCdC)M?9DgtWdAETjcoX@?)trIS}42wA~pLGv^>{>uliSh9UbGGKQzOP zv4O6k9l8)a(-ECvfsyS39iPv0*B8(00HXk&`PhD+n$5+%r2u`Un)zYBZD6sSj}lRy z`u%SE&a}|T`uyhRTLwBK>cN!?zKgHdu)A@OyO$CI*wYBsM|tbVlW*f9%tOGJ)-|T* zhcYYZA6D=khPAT>#Bs;h&pKT%S!`s_DfmA5U*Ky7U-j?q^|NQeb0^?!A#cS%r-*@H z;QD*OpMaZ|2eP9jm~_8}J>zT*TO;&)71{&Y&z6gfY%TbrYjZkvObmMp^ZMSvyxfSd zrAEz$;vRQd!0qY5bN|Y)#K`u0$a}?AcrOWblLX%@guM4-5@^7^MSzPIsM$gZ>s+Yw zyk6hbj=Xm8E%?K&2jXk;!I#U+`BwCI^QHFfsR#4LM)nr?Zsi1U<=}TYV5@>}e$N=T z4Db-(Uckb5Kei{_pT%Op`WE9B=iT3+Vc2?cIzzFMjr|jKOTJ`pfaZO`2LP^L(!=+- z_U|R@HxhUQ_VK1P0W#$^0?t=LxWC|QD>1UCz?bADzP&-)5ntU4GT*yA_?i(Wd39w* zmi$*+zNzQQ*II65kAUwUg&y)d-;CI6QBZt&oH z5aHoMUegLAyBd6z`rXnAUtK5qZLT)5lkLd6vlG7d=Vf`De8{Ue8(G~c_j+8q4GMo8z8`IyPwqu8IWp~u!4 z*}vN1TYa8(UI`F#%a34T}w1vC@@8bGPKnq}QtBU<5VLpRJ&8J15bFv>Y z0oQUV)-}N|)_H}aSy)hXfF>Z;oqyinq{7C#5HJbA-wTR|4R3(m%k#aboqnwGG9w$R zY0Ee49QYn;hp+B($P2zXVmyigzoWg?%%oGx^9Ga`LQt9-dte_#1$id*B7mh`^6=-2zC6!<-W^WHw-eKr;a_6+nEsJ`K2D3aH?5t2OMVM4UYck|`- zv<9>d08hS`Ara+9f+) z|J$?6Z$mWkZ35r#J>2^Y%w*mhFc=A1nYwPqt z_6_hr*b6$SdwMUqZH*A}_V~!H2X?KIWe2+Zmrv4qc#Y@0p7Hu{4E!p;!5|N}syvVx zJjzX$*5QadfO8?vCopdT-+zKH)w46859$-c{%sEQk~aeP`T-uQbhlfQSKp3)&DR-O zY*3hMo^}Cf(*QXDPd$vs^)!GH@B#J{`FUZgzjFoOHACEb&~GrZyFB>vI<^?Jg#b^! zB75vqw$@pH`T0dEw~BW7n!xuA_>$vGEgbln1MY-=1KQh%OF;E7gT6S}o!<(`Q;l~k zS1RNRIgNQO?$LTyO9aXsYjwPAE^9}w7VvEbU#P(8)`Rv2z^w|tcj5XWKm^`(;q^&E zxl{Qx3cfKomrCW{biI*{*ShQJcF=mRJ5hal2KQ|M?%o7Gh#={a>QlpCZoY;ajO+>U zjdW7rtONEg-v!-=0MGK_`@B@v-IMcJ$B;zI{T%m?Ze}dGvqK zcOMdb2Z(-lBkuG0Id^;>T_5kZze(OJHn{7P=|=Rk?eP8bJo&bOZy&5(>c#l-J^1|& zI1S)EppZ8pqOUA#Kj6k!-MW2V=wRPOxdK{mGO~NYkJ{-4cs?6&A%N?Z^W*K`(x_pR zaBn6+IZt?3@bsJ~m~MugVQu-&I|sh@cKAxSV7(c9X?$G*e${}r0Lnk)4cLI|&45P% z8*F$#3p(KC^sbmI@iCUW$c@;~4|lgu8e5(K9d~o&@>f&))ZzJS@x0`WW$bA@_X^-u z0N0mzK5$HY3|kN2?hF4A_V55TJD3v8Oc8-jIk+r~${731`2@T>jqDisQvd!h&=zcF z>{(z>zBXL%6@34RZ*RSeGnf3V4d+L0Ao}+WqJA`i@4|>MW)bOp1lk_~5eeRWuf+Ak zfOi0|0a${XJslay*1(R)!3G=WU9kx3F2d4mzSqcJ0bg=lZ@+-fm)=_N{E$fR{Jq~> z#eN6P`Q*>K3H29zB_T*F_yzTgVW9v|zSraWJpgxSQy%7rj4ZT=TW_a9>z@eT08hSA zxK03Y$JbkziHyO$xr1xF&Zt`fUbZ8~BnQ)_{HkV6%d6f&|+IFddKw;OCvM#u^vb zfjvm>D?HCPvK>a&H^#gEyz*u+n>j~rn9BMi;rVrVUJ}BuMH*KDP69mZ&*A=90~&~P zhk*A1PZw#}(<4LJx2ZvF$SAE-9?$;D@Vb#z^zv@c(=Ui&27o8ubM3F#8?Z~jw@Jvm z82l~+Y*p~Ra1itf*a>(Jkdd!uhEsmbhW_em?3Z)>O}K(=~L_6Iv z&_oW#+y~$(?;czq1w;&qVS#|Vu;z1Fg@)PiK6UfMGT+uw`fG6KwxIP5<384EanEi%#;$mO~{)K(iJ>vc52O;k*LSEAcM#f^@@N{1wlh0n8cZoiE#P zj7K9dM^27mnSj@EM)2rCEo=HCkm=}TkydBlYC6BbNkCDG)UJJgS^>Iup z_LKmgd^@U-mx(g=tdIIXjcie0x4gVQJ_4RkDEM|%AD?fhK3Yx~*&gsEdu~7Y9R;)i zJnLg5CbE42{Q3H0}z z2fYpS5mMLFZwCF<=Rt1={fYCSZvlOEQrG2Yr?3wLdQ6#}E*b6ZnZbBpW{AAMBic{k zDBPa};BFRhXXiVtXN+uie>dMnps83F!dk-uy!xe5++Qj9UV0XMCDmN^vIpO5KyxeL zXh^UZ-@oJD0|4%J0Cy&@$!{)8AK;ePFwc+uc^_kA@AuZj0^BbGa2KD8v&0_jgL1Fp zaQp*Z582(4|6Fzl_>y}Dvb+xX6u|qtm*n}TUqD(6>j97e+}{2TeEC^`-_VD4yKW71 zYoJ>L-5TiDK(_|EHPEerZVhy6pj!jo8tB$Qw+6a3(5-=P4RmXuTLax1=+;2D2D&xS zt$}V0bZekn1Kk?v)L-5TiDK(_|EHPEerZVhy6pj!jo8tB$Q zw+8-iHQ8@L?ic*SeR;1RK*47r5)zq#?HrLiPRF;(1*0pmlxvHkPuu8k4rlhO1 z!9z+)8%nE&25U=7&7Mrk3hOH?Qj2S^tznkE2^esj$A!X$+Enrs<65|6&b3pDOy#=*=DAs zbFOn{844!MoLn}$eAc`fm1R@b8ip4vDrztdJ+AE2kANnl>qI-HeVouUb`E!uje_MsmLCuT23Pnn%xzHITl1#7YkmglU>uQ%t9$z_r;U01(iZE8+wogr&haYIe<{Ix4qXQo#z(oI=AJ9E~W3EA^! zR%I{GC^G8KC5PoT&O|a~HC9(uPfN>RSWq%!b=}0A^0b*1y3G25bX<%aK61kJ)Vv83 z)=ZwXymI)mb4tWnyL2fza!$+()924lots~&mh-OL&UQr%jxY z(NHpVZsmfs(urveE7MD}rqSiGiW(&UW#g@(oR3ua7TotINHuX^I#xiz|+l2!AvSFb58 zE}7Jj>zi|B9nx4U=OrzRvn^UVa{jW(D;iSkW-XgiUoxp;#qvq>GuEW#POER2*Dz~Z zx?yte;>_XZ(t>sbuB zD0klcnKN>yRTdOYT9rL%W$xl~q1Fvt;&)!ij~tl~e0-=S^NTvTm}uAZ_9DoXYarwjFQ7ipq+@ z%Bs@p;+oVIb>-&5;^nCg8Nm%`fhlRuZe5pMmr=KF)YLhpv&u^*Vw_s+`gp!qc zGp5%qGZZXb-7v9mU3E@=R%TmiJ-OExf_rUUDMli6Bl3_@UcIbl{;CP7%d3`6%UnHm z;-pEl%xgyF)GVB_z%YGTdU}3V_WYufw3UXH#iAIUqfbgrZF%aN)ap`a)z6k2SM9Xg zc`H{|EUPP@Y0fTKnLD*OJ+p3Q|2{e zUP0=-)QqZSY4vF}hH~AMvQ-Q7W~MGqTiq}+ZSl0!Ma727{NiF`MjqwaQ?B~bHJ*ZH zOqeqvV@=M;sznRdW~Uddo}QPwa#7x@xvR2QjxsDW7M4$Gs9ct}I=gs!4GC6LUR9bR zkF?IbmX}sL2V8f%<1IZcO_!dQk(rU4lQk+QD=RH4U6(P6SK~#K=T0`yt|)J)onE_Q zO?~Cm>f&i@CNC_VxOQbuM&+7S1q2!1vkFN)z_{n6*nj5&ssWZX6}UPlk&#t#J&7kxpO8?8CO`lA}hmnYnE|b zNn!2k%4%_^p}1}wj5zmIN^NOFWnE=W^|;Jp^rsnVWhKQqC0V1giwjGN(z433b8<@3 zv(qz*OUsIiGjye8=^nK8l`Bfep=TbMtiylK+_cQm8Cj!s*^51%f$3LSR#{pii+>`0 zV%oK_QZ4)2gvi`p2Y>OfJ-dV58tB%*`Dws0TC24<4t@5s3nZe_MM>%of3Ny#5Xmzv( z@3L#6c?dT`6Vj#>F?OL8tPM>?I>oh>=6c)@i5)m{JU%?94U7zO{)~hyKbLLfM8=$W zl8n>wyL8U$JkZ%4_-Y`2C+pEaA9d#cpaWm_h8yB=e$rgu+la4@;d@iPGn}~jVaLP# z+R|%NFOCiI>-o=eG5yxnTRCQ1M>w%1@QFa@^&`Wbe1A#(HI-k7N@4hF7Gsk%lQbM} z(!8XRfS$FKL(Xf$e#N|V5P zRIc0_D6B0l)Qfmu^v=BC8RF+Jp2ts6 zIvsuO%1=Cq&p$XFuP@vY9epQ)?$b4Y#^I2!2(QOI9RQ!WVo8820EK{c013daa{-G1 z^c>}jHQmzE7x#(3b>1^fg=;w;0auLtgs*&)+?!ho64Itaqc1ms+`m1O)|`xG%w9bYyX=a|}ykw%Ikj zRm{-$GWbqcp<+49-0`-)zar*zUkAna>DxzzFRv!TceC;f<&5h|t|aS43xbZ9-(0Q7vW?oNEd z=RVzL`jF4IQhR>Y^y7|IGKL(WLdXMrvjJV%C;&qUHk%#;S$nv0vJeIyYQL}9E zZ#sKVB+xq){cCvd7-uhwel>1IoQj#_>ft-n-~Q@$75jAi7x1}Lg^vzbF@5+&@MV{X zysl@PDaY2E9#*l&hj+twI;5TNk^W<#<3Q9%8(|KzYf1e%6*)>h1)sa-Gsn-USSz{@ z`P!6JgYoj&fqMta*Dpt^*n0r#Z@&H+?GHfwLSn;sOKFX06?atO>^Okp@7BDak?_m& z{I}=1Q(i0ORmPwC73l$p--^OI%sKkE;*8)OX`YyNcdsZ{Nd*amE(r|Kdt_SSf|3D45?f3~Px9m94CVdvU8MVy5treV2+t-WM;38+H-c@Kp z)xFK|YkSv;*5r=YC6_1TtNzJm`0JC`!}oSNjJ7J4%O=AwWM%NZ-E-_ZO|!Z(dL{Jp zN!%x*b-JIqCiYs?^Vp=6q+aY^-6rad-46u#2dLO*0TF@e>`2fN(c8GAEh%@WsMx(J zzrts!`$g+>$Fs=Dn0QI2AL#VsB?)1VSmqa`@e2&{4+;oU`KkO>0UCczfJ&{QVceM? zo+nT6q&Li&Dh-pS%$;jUO;6ErOV~Jr`}7Ri8M(MI8BhqoXHs2`*GK*^|K%&sdPxs> z(tFlZitjA~WFK8A3>u2h5CPs^xKo{WTQu^W2zJI1A<8WhVGkPs52X3e$0)nV{|5Ls z`)`CFeX92JVd;^BL5* zlnj}_4md}IUG!lXR{@-(4tSIZQ@kEEavp%kF92RD!W3_UK5B(d)&Q?p=tqz1dE(we z;H8Rq3tI0k0O!xg3l1K+gQ22gB~JiwvlO@-;2D3k23I%Y_bOoAs(|<3B*GML2~x590i1pd@Z%!vijUiY z+&0C%1;5$ZKYbqeg=hX_RO})Er@t7uP=ty8F!XDN&Nt>Vwi5W%lk&3^&(Ql10C4(b z;8YQ&cq^`76ZiH2?^nb(`Kj2408W1p_>>3}y#?3ziF;PyZHjmXefJeQPXy+`d6Bd9 zRIz6O{ND4xpNTNVH>19NE9zVe@Cgy7corB23pFBe8vGf7v*4S8mO;nlEGUoXMVZ)u z-%^y14fe~=!p?R8b8u6`j)cD76gqDP{#c=Z3-ooL(Aj2S4xaS3Baj)u?>T@uc*a{X z`urm16%Jqyp7HSk;nFX05$NOlvf)ySgkD6dgikIQy|#);>>5_e!lekr45690^O4Vx zA3Nm_X*d0-Vo&f+pIlr&)HW$@IDB2)82I|QJbZ(1Qrs+OE!^ODJxcVIKA%a60iR2D z@IN9Qg>Qbe*11j~^|=IAs;SRq@Ynab9)4q=yWv~=JO-b!sj9kwVg9Ql)<&q=L%knH z`(7s1fPUzJVFP&lEX~p$k>REuPxqc1@J#PgsVS%=&FUEYev9KT2ajLM#!L1@y)+l! za~|260c&(d>n!-=9pjzxFS0o4lEegQw3NU!DgG&HrcDV;(XfP+q!j)oL5W$J1*;!S z!i-1KBIQ(Rsf1BYN1srY;`KSEfflp1$~MJ5mmQYQ=sz~SVY$_Mvu&IGnaH@%5KW9< zL}HKNfWG0XUj1T&qL_a|@33ffA8pV0z#l*SeMz6YlHdz>Xa79E_|EcYwRrPa zmV*@?h^Ne+Vg9WBPj7lnKp z-!6S;~DjarwF8zr$~D064t?c##NS z0=!g&m1%ih!y@Se;PeT=!$nvJJYIyoo>yLAgr6a7(mB92BD@}$gEC)Aa=l80-$am~ zvjVdZU`;in?gLK(bVhH7t^13ZQ~U<}y9l2Gc8IVtP0wpp6IRK^oXr3{M}*lgNEy&s z`V6ZhS+KhKb9&%;B5VRK7h%uzlwmVglr{o5{cXToM0gwUvm&gd@w~PMtJre@PX7|{ zUJ?EP*dfB6&$kI<{xl81>1P37C&C+nH;Zr^8qXWCDp>4(u>rAa78o0jaAa&8d?|Jf zd`s+h_#HX@GOW@A_){j}N)fIGt`Xsm=&i8Qw*WZ(cHjdd%vZXOif~8tmQWRY62R$g zz`uy_NnnQvcSw)*f?LI!!QH@{M0gwU<09MgRDISt1N~5GcOr7F~SyXUJC}vUdDUx#* z<(os>`IS8XRL-(|bC6@m&ZOt0b)x?l;~3rdg?-UW`@F}Iv!$o;#cuAHzT?vIm74p0 zlQn$W;JyLuzSxbYAK8ySAoS%;mmCjd_fNMx`uA%BS;A?*De2EEbLXa~5XnK9w3dNg0TTJd0#;#zsx8GU~xf#SL|dYWe{$Xu6{Z<|)A5?CHso%31Xm5(1Y#%H2N9AVgM1BjgBL=iEqo;_D zG0v{@GqIzkGJfv7M5?cmu!CM$Un*6Xu9jvQrTPk7me6uk8)mf5NBy@i+=fuxz;BT{ z9eyU*>1bV$?!m6qwocouGO7X5*sq3Dv67ahk>+9F~rDEUF62Ad6p5X~= z5@s-avLhL5@sDoCDtk(6DxJb;ldA`GCv`ZdqjSJ-NpqxO7b(3p9l02}U?lbm95t{% zS32(VX@$O_dPk+fL~ldloe9?`ZcJ3MyAn6U-0Gt z5`I)z9{kB+Q{Ybvn+1PvSTX#vu=VhLxQP4+Sg;XQ@K;9s1OD9+FTsB$;$8UfN9=?D zal|L^+jqx$wO~ibl=QbG6}u*B1N=Z;lCBTyuNw-D45T*m^k(=cR-D9M$H|Z3x9>dnU-;;4@5x7R+J))d3Lb7twT-apY}?-5`fji- z+NQO|*fz2Iux6CWqHJ2GJV&RLg3}R?uFx}P8PAxM%h;X?SaHf@`uNGr@LE0_SU=Tr zXKaD=(ks)4EU%t4Fg%{d7ap5(W;>itvkz4p#Mv z^bhGB6dKrr_0nj=17iBp&xN*OMg0y%n68ogeXGE}#t|wP>OQ9kM&ky{oM=6so+JK* z={}{e><@`A*@Z+$nCR&_Nzq;eR|GU`jkJSQ(|R2*^kx_gdNt2 z9n^;YfJ|q5RFvaCWUNe=u9fuGOTE*j@syrdVkJGvPwCr>&nyR46KoFpuc!C^1a9a)*N{f;nR^0_>J-ZMv5=T?}X2i zFG$8IIJ|*CyY3!L4y)J*08di~JWho5z*9wdCh#l~_MmhI?KPk@tC)l<74Vd{_r#Ye9rS9VAokHFyt=HEH)oX7Zc{^Lh5>w&kzMzFDL3Nx}Ltc2CD2KG003%i$XXU{Vm zdyjp>zG1&XpAo8lsv(p`mnstx;)lNZ{^}aQKLF1F_5pqc^ZIQe{X(Kj-hzM^jv53WPek> zNI&OGPkg$XKFQM=y|4V!@={mn&o_N4htAR`{gb|kj?Oi8M(->CN*k2QGg2_5`a|hW zcu5XXzUh8f)2DM^U8SdWwXV`D-)W)zkRB-izVzpF8H)rGnCvg=H%u>zam2?wLRrq# ze-J(O8<7<~+U>und`JxIXTp9J=SXNgBYyN8VI@61PwTfde^j1p^GPq}A1*p^o=rL` z%SCjA+oUh(Y2HQiP^;ox-MP}+&yt?>MDrj??BgiU-F23}OOIk5!0uxmKw18jj}!o@>4tDr}0Q;qUBggPxY4c zU={Q5Mos(lO8MC~QGTM_s2`$vwP)HqtfaS{7IMEJV-_#gK}3F(^uFY$byuoKx~J05 zD*t+6f71M$=uP7Xv`ep)-zv`cQa|9*V<+cEDIb(B`%T{ei~Lf?=I>>!%zvBoY5ke% zf!Ggq@l`NT(o5As|B8K7>X#JcZR-!^U(ges?oEaMamLSIobw9;)&h8&2?5R&_p^a> zM0hOlcmU~%!M<4r;C0#ze3=MafH#P6Bk@wjApm08VcJUL?X70T+sJG4N^;z8rX?2y^mRf)518u?s^Mgv7B|LJq)x zHFSSyH2Wy@!mtXqAZ%~g8umq4X5aZ?p;C&je`Koeen-vT&5q3uo+4xY*A1-epm-2`Qnvw^d=f2;@IOmk2+%H4nRhYDb{MpA|WZ1$`x32H8_pQ`LP` z73%xcne0jRubN!de7}W$YF3nRXF>*hIALpoA4~4{PQUxvN@+^c0X8-1vJoS_Oi`-8 zvQ&&wyQ6-L>K}~_?jyf*ZTdQ0nI)Q?%Sy!X{Rr5ES8tTm!vJTTlVeWhJb z^3wS)>VIsz6zx)EK$*T((SFGuB|c4`4f9H0N$=XfQuH6xpEk`I(IGuO=ZlY2CFfr{ zPj}YkN9QpbW&N4I_g;@u=AY_~vfrlq!w!0vpOT)&InzctJ?pzNmV_LU1>SZ{XY~4i zd(+zs&yC(D&e2f%EpguaF`cDvRitk-d#A6gzpnkCOJ%uT^9W(T)4m*)pD%jSe^=?1 zbds3IDD8M<`qqzyzG)t#%!lG!rc!^d{EPiZWqs0Z;NQ=1yK|*C1t)Y!&)$>er}|3! zNH$@YNy{gD(bITJ^Jtg6V%{L#E%R&KEth-CYu@Frl%M)vDnHssq4RjQUEcIc{geKv zzp@BBknCUOJVcp3<(KHmex`GI>?ZI1ur}$7`2)?{tsjbdEbL%v-&BIi^r`=*bpx`$ zNe?Wsub2MYq)+wkBRO5tnuqW9T;Zk3-mZIW@zN3#8E*yn8rE7R|+{WLer^jC)e4JYrf4!;%~XV-<_ zfbdP>55a#Vd<*Vu4SyM7`E>s7@IAQmR``3k(;WUW{6pbi!0*^4j}q6cG7XG zQ~pfVsZ*=?pY!W(YK)<2w_Gp@)?Hr%ALss(;iEnV**H zpZ#9%dgv<=Y9CZyv>!qBoa{S#@4(gW5(hJ)@x`0pSMn#jjrb9NN{{TjmaDw&AYW;8 zm49T#&<^D%efwJfE)@b%`&5=wXSz9G{zUIfFBIQZ`6*w%_*4GqIa-&Z`&2H3X@7#A zr|14x{3-wcEB=&^{}q3#PyZ|aR4)H3{!}0SSNy3y{jc~d_XCybQ2nKPK>4Nnq+h}$ zFFoJc`ETMw&z~)Sq9d%7o31JTT>0w+1EME>N=)%x<=J6pmvj1)n>6m5g zvWLZc8DviroiD89@3Qa3xl%jLcf|bM*F4!5f2Dp%|JMHqx#=9PI7dqJLYr=OhvPe? z*H!+Oiu2xgm*gjYu6Z5J z&%}I_=6}{}I)DF-m$9;Zsh(3iQ09Z|X~RFg*DhGFIwCd9Cap zl=`N9WJ$DV+v{?=lGs;O@>5>7(Z6DU)Bc#?C-NbQ^`6FeIzBf|=_uuQ^>3ozq;gQo zZ5QQCe0*W0{Pcbz@ul`g=Z>kJnHRRdU#d(;S-!NsMC->ij=Ad1>Iu&Bwbjd5$xnHG zuKZ16ec0T~d!1Oxm#%&3-=ve*sc1cp)>SA!G)@v9Us$PsEA1~5R+KZfv&Kg6bsAs% zmGUd=zg_IxQh!I~OXcp1FWDnx&rmvKSJHVVvXAJyVf0`=$gHD+Ta$%7H6H zcp305BHRdks|eo?e3uAYfwzgUuVnPtE1W3y3vb6+WBR5DKX=T(-N@7Z5;*%X-j-X* zSPn3qVdmepp>Nyx;(uk>RbhDZE$mMC_k=wG|EaJS;lCVa3)8S&VY?B28@rJHtT}8S z!XJel3{$g@!@fZH>#*bSe+l~yzE2k#im!l#hepDW3LOG}Sm-GD<3jV`PY&hZ^qv+v z1OB|w`S2HpE{1OkErwqfS_6M|=z93R+=ciq?*agS-?Isa)L#bhGJPE1fz;t^7+0d; zOaFuO(*R!PHNdq1&QZeo==I`^G%kHOHT&#Qe##hbi<)ITCx`XG3HYvplMnC%@5|vP zVEYf^dF+x;i`K}rKDhJm#195=KAzvo^!%<0|Hk7^0Dp#mhkYr)DG$mw3E&L-;6DVs z={xkE-{187R*Mb1zYzRQ;Jse(?+@M+JK^v79dOU@&swp^|B%?{uY-VRRz_dFnnGl6G`a1HSFBD@XwH4$z(hHrBMI?@lRtxf+X&TmjZ zMD~PL*jajUuHCfj?B*A3_>2CmGy6(sIlKN-$zM4xN@D$+*1_#!9bMmWcKns&7tQBL zKeSI_7wh}h5%T_qImvsUgY>P$O8H6Oln+U)+>pG{T%n=2W1Xp7vL+$*X`~FP@a_IFWsklMc3IPK<9*sj<8ZgL`U&7zSDhQ z{K<}|=X`x9fa1@U|2QEi(Gyn6PuH~WMb~6MQ~h`Cql@=q=^Qc5i|Kt=qE}*H{9Sy- zzP$CIJP)vobr0)vVqWmIjFo)px-oP$;JrE6uqap|4xPQ`w{b*n5l&EuPcI$q~c@~3{2(xLezo%5xAa@uFN zYQ6XCNp8Yz^dszY>*u2U=sfQ4@-@vT*=doF<1!|GO01M$$(QC4u6&4jDdj_YvSay` z{9W@CasHRiqtZE4nx9#B%W^lJ$n9{Pr}2f_J<5|A7sb0;5cJPeKf^UK8U|zzrT~tVv@h% zWWYO;{8`;^Vh%7z*#8wB&jXb8hvXtXki3*Gm5;PI(3ze-O2$gP&^5_T`5^t96z9W9 zUu2h(9F0pmet%lYpVsFo9a@){$UdZXKe29LGkKqfB)KiYSHTXsCio`!8-p9+-yXab z{`TM|_)i8u8|;VgcfNq|OTn+he=~Rw{C9%ihkqdWP_RGyEclCH%*lek#GS8$Tj6^< z_wOim?JNX4$bV7K*NKQLwO45&zxHPM8@0E>zg@c({&sB>{3o?f!GA{k0{oY>Z@_<3 z`xg9nwC}-h*4nj^?6CGrgumAQ4F81I0pH8@aP+_zesrlg;hUCrOB!O+`=w(Boqh%P zw_UakcmDYhW<*T~cEf+?z$y4v$1AYbUUj?)|82)!_#Ze9!2iT?2)?H~qr&(9)hhNS zZjQk`yBzbl5w9>-0bB{-PhSfBHxa%D_(l=l4*Zx1;|Hv~e*ejxhKli)$NBJIA{ZpX z{HuebMR+XmI1wHXJVS)}%K612Yymzg!fxIOVSOb)tg!?E2a9kBaFz&<1|AFGW5YP$ z@gl4T&IfSW48V&-*pt61L=%D&^dX_}BSIqKM~4i7KP*HCKRsk5{LB#k%Q9m_^5Ex( zOo3kzG6ViRochM^y@Xs0e`!cD{IZbM@IBqd(D`nxWmH1AH-Yy6_!D>a!5Q!6s7D6o zTp!}=LHEJfz{WHB6r{64JQ@=#x z0QDbk&T@$Q2O57(;v6>7yZX87MLJ?%kNO|e5ndzU$^}*=K=u#ikNA>25{+ky@rL>% zO22szuZ3-$Qa?)j+)DPc@|>!$bFJdNHQLuxrr?Xe(#~?pEBa3+_8-WOH?5TQceeZ~ z-z-GD-y`;6tVd-&#Lp_`9eObz=qi7*^Q~Wa^OwZD!xw*L`O>&Wc0JWU*StX3>ohN* z@-j4fpZlbI_|m_t{)qA;J=6S)&N0(@Wtxu>U&6}z?x(9LOG}^yxe@<<~XeBgG4>)DP*O_)>ayvHwW(4N08WrTIeRaXuQgb#3?y zy}Rn8Xs^`XtUkVvqZ`ggy|zxtpYlumEo3(<&Lz0cKZ|%N!~5JTrR0l0*>A3L6#Imf zF6oWV<(hYRugCo@&?vD zKij^7{kr|P?f71w!>q7^2KeRtZ`(v*9CE8!pBeMQmD!t2r`X9;{ z(OdS&{Q<3qQo2@AFDYGDyAbux{KmQQC%#O~7p-+7T`^u#`jlT?iud_*+D{Y3!j#XG zoK$bfzRH8)ZM|i@$5U663e@m5`I{5;_+o(xY`mt9Xv|uhb9q=hW{| zc~CxF`J(=a#vigt*41`oYtu*ACw;Hi{!UVlgHo2eD85sS-$i<^%JCjYR7Hz zC)yLGNBy}^{V3}-xIi( z2*(0vif}e?jtKK#mYXcX2H-^^tkP;QBlg#7;YVmA;YVwSz#pd7!B5wYgrBL+f}f)u z1%IseLamyO*G@no9ex&=Z&e}<6QfxyT4OS=_}Jwu78nyR!UD`l9%iVQ)v6^VoEt^ zzl`ov`=|D<>`$pbqWK2N>yk&zL+mskA;vy1jStj+Q$N|JzZ2sCjei!Sn0L~C!47$R zvhSA9McOx=-TBD>cKVio%yG6Q%L*C$$hPaYvi^}isT`=hsXVAYP&v~)pUPjalJ%nd zp{G+0S3*7l%JQdijrc3|EFF^dY!&*Z@k;-be4omX>WPnJUANohpT+~SD@6MuJEERf(ax0p0qNZ;)`@6*HR#*_UX&~2BG5+vBLBo! zSszFqvWH1tN|)>^(vLDdx=y@NuK8-mk*FD|!=~Ia>;1jMhrYe{t*OZ$3?K4#>RY{w zhVL0VWAD4hqHl^;y_Y;>TgH<|j?_hH%?;NMkNLoUBi_7yHP`xKjcC_qQSYce>=XBezG(ho z65mgt^+w%yw0T$F;COK8t*DwW#0L*P=eQm-gAD zPxX=V<;uTk|B}!T)k{~q6Z252H@?zuqko}Ks^6psn)i@BWO+l@hjJZLx<{0oSnq0? z)Bd_8$)jxll%BO#@cC2d{d0k-{}buBzAvDdr|D0~?{C-+cl;iQGJVP)jpJRl!}Rmy z^XHK>IzESfw)&@Xq;bwl{hfI4fXau~r6qB{`9J5T|NmD0t@nuh-*ImFr*X$s4`_ZN z_9e*vp?+U!|G4VEu!CCu@R5H_4Zak8jo-C6=UWgk4{!0C17-&wR?i8Zi=FPKJ~r$V zHphPuuVVY+?eLGpe+&Po_}}6K*KnyBH5$^+DJRWG7pX$n&7cFWa9F zQT?ZLdbGYm>5)8EVQ0ANpW^*Nl8eeCvbevq-?c4Ia$@sv`I_22Vd{Tr{FTIhAeBGK zL*-57OX*O3QMM1I{OrLfryP_nVLCrT>rhnxUFlyg_d7HXu!?z|E={i2R!PRq{bk%V zNL&vUI7MKcj455h%J0h3_)p^q_4_pL(|Ba3`N4Cte7?qi8ZYQvBBe`MnLd>x>6!Kc zStsWMNncc7sGhj$r*eNazz=OMARq*OSU?~6@c~i*zCRZ*9^u@8Y4GO<)WBaEa0veA z0S@?v!1efTTWiqM_>$hUL2ttUFz7J+FN64R?ix<*!Z*G@JT>kN!e=(ZzwOMM@LSHD zfp2cDM=NY-J?*nCl1`i$OG4biGUOroLfnz#ofqwSh;Hw;>mKSM)poBGy)XVhNuTN; zX@urI7GZ~2uaWDw=?+oP*NJPI=ZOB!=eY`DCs|*X=~zSi{h+tAv2-#OrKi+C^)oKJQ`q5FVQ1O}?y5b`9`v@y={+)%hx$LV ztN+{mAN8x0UYqm}$n}K!O_GP?p#2@Pw_W|7&=Z~eusc@jVPvoSOrQ3zXj~V3 zDSb*;DId*$sNbe^$PS?KljNcF|F6qmH#)(q_iK~B$UoV$wBA7D3fcQKPPyzJS~nB( z0@8zP91`({3p!qpAiXFt{oW$I??CT4(hsZA?=aGPkTHS*y&u^_$xvLA{X_O2)i>9= zrdanOeNet^V!u>r@7u-u+H}5y&Zn?%<@b?IUwglo+@}7MT_Mg{D8C-oXKu)QDvM0$7rS{@#=QJM? z^DnYPmG&pu%T!PGz2$QShDaGx`e%#(>-A5?zZvEq5D*v`6cik+)rN$GhK7ZOhet$2 zM)v3t6%`E^1J@I-7hG?+ShzU2K5%`7ix)0IxPHPVDx9Qnon%~_T3%USv8pJgxMoFa zc}-Peb$P0}wx+(OXjNINxqhv=v@W%! zz={H#3`ce-;ZU5Q&0v?aF%hqXkBivUYiZzQ=?W=_-691KxKtf7VAy~}RylapU^Ux4 z_?y8=?7P9o5x#opT|@B}@X$};pBXwJWsu(mDMM56tM9rV`1W#7U0?Y9oL?Qj@Jwv$ zCoBu!9#*p{t&3Zu*pk*u5Ds>Xb7ZiK@f~8Cv2`e>^POJ)1XX!o<2(IcpY^{q&PRUh zJ2;gQTWdrXjg`%w$>SOwxyd+L4{NxY8A9$f-_WwBf$W zHtZ2OA$4)`S@Im?Bs;5?OyeJh3#X&{NBSqbgX$Hn1JL(FT;uPjVq6sCuXMApBgH-; zo$DlfM88H}53rZCzb-&(Rmw;8kH%S3otzGhuXH|=>JimX*LW=U327X5jd#M{qO+sN+yPQEXR_RQWC`4i(U?Q6Nl z+ro~=Q>A<~E=yuPndGE$rhbC#EqkU|#~1RDe)K|ql7oIXg4V03eVbqIc>P%^AL)6zRvqlg%dalztqg%bkW1Vh+P8T#4bgLbs65uRojOW-#qEycMScEPH_ zDt5w<@i_c5iLLPO)otP{%UgPFQ88&t68!78+yMWg9m{q^u;n|RJe6;F%DEDDp+oOb zvo9TAI-I5DrNJT4+DK?@bi~f^u@U#ee(59ill<5u>2g>xH%mdVVzdK>!iuRFTo23T zjlo~Tiurc%F@&!g`VZJI2Zw$F|MbxQuwn+L41pChAtgw+Tcy=S!itH}^?{$D8-J$% zd%asTTl=x>)`_rR@>>_dmbs|)VuXVnV;m#dMUJHoKm4*nk(ZRpc@xdAC=+yUh1P9p z9h=@4pmlXx-z7Vr-fO3MCs|R-epcBoBPd}7ru(E}<-Cph3+i8}e{ju%ZE?x!4uz2hfjEEtKH^PJ0RPQW3rl_;wNYEMlsMRKC=&Q~6Q(Qn~8IIwSStWZy|*{BzZV6Jq=m z;}G@B)UVrVyrl6@j6b#-@BW(VDb-`*L*o*qXA$Frov;{B=zUlw#swO0Xxt#X$4bu& zxoCgN`i1;{wC+9eo^-Q}Nng|sON3It6@o?%mTy?Em7mm4kXw@F&b#D@!@tW-_w9T5 zPlPgdG-R&RM*Fs5igWEH@{xVt^841>nX$a_>(@p8%6~}IvispHZsv*Xs`=&G0l+t0 zyk=4{5-Hj8)U$Rp^KY;B8}Q~0h;TY(`BMH}H(FH zuX47TvYmBPJErsYTVJ`Nw64Bzg*nv~5-m7U*@6`hOvqlGc@F%?xX8U5F)6Vf>_;86 zh{G?VJDtCe`vE@gtEj^kd^CcOiaK`XeHs9i_sPIl+!vQV5!DYOC%ep7Kku>|g?&i< z1l1F&53Y74*70b5;F>pFA?#i;kDzrtYuq$v{m}h!cHc*&bw_HCw65i<-wJ!tdPvlF z#d}uD`Gl|aKG(dM=!Jbx`IW?YB~A1muY47NQhu7}kUTUGqWKN=yOclDxBgv`FIvA8 z@2k;#iRMWz`9wcS`K11o=3gxjwEsSvD<63OSOegC_XiFY;RxVJ5sn5PBErLfbt0S& zJW_-+fk%n(Sl~Pn&Ig_%!Ue!HMA!h#zw5^BBK{6^vAACbTqVM0;Cc~u$*TxF$)1Aj zFR+*J*1^l{6@-5aK7o@Fwaz!KTS9)pn`CQ3ufVsL7KUAd@7S5c*1#VYF){-0Tt{C9 z?k&Af^v0X-J?-ylux`_b;$8eH>9gR^PG1V&l72n>C(?Jq*KN(*O0`-cJTA?eI-KuVrCAMs zo#t}*>tSL0vuiaQG-`Ie<_6rkNplOr8#NCg{E+4_{1%M^{-A_m33x+3p%8wV^CbSx z1eTbqQYH3;{T-W_0AEU+1b<564ETn`1@IRoE=^Q3Q{v?aTN0m!|7_yx@OLME2>+wR zPvL*&wBvtC{0-qhoYwrHq|zPZU89jZAG!EdZ2S@$TL)i$SHQ+TLiiy21O8u(zc(Pi zF~AZofSe-|mcTDc;NMhSp0FDJ+Jsl&vwn_#-fs^KOBxRSrzg!!if5*z4G5b?tj9Y9 z{kL3)S;UQ7cEW#k%iHjO-{OF;+p!pL5-izK0>5lWC46=&0Q>Aoj?oUxoE(ecw{@Q9 zYo|NU*A9Do?@Z;{+8e$)Vt#+`JHNhL@J{dBzB)2&X7aFirq8^2@AO+ub4~l~VMngM zVa=mKQ_W9&^T?fdeABzMKsQvk%p9=mdFk%g@3`Z^eMgFd%Ql4GvHa+}Z+z7+#{Q$< zvy1oKapRch2R^ZN;PVd;$xK@?MIUh_Xxv>P59{(WV#8wZ%X!fHuNg&}F`vhxXLmRv zdydNgPh08TcgVh?;fB@^sGm{V3uJGRok0DMtN&B7#Vv0GyA5cQulev#bNKhin|$?ZyCtb4fZ95LVUIi87l%BNMFo1yX2 zH7-6T_rsRD0y$s(W$Z1r`-;Y2G3+za7x9&ZT}ta2WLLT57Iw2;^ye=58e}=B{3!oS z=-={`9B&o-i58KL`DXs54aRI=4Upw;zQBpy5_^Ye-b!ucZ0nCpU!ojb_N166Qa&s~ zpR}$<^^NpH$o9-EU$JY)L^keL)6s>8C+cr{W=+E5J@X95k9>5rPeI;o`)35~ zZL#EmuhVHeT1t+JknLmHTE>o2|3Iz(B)%Fw;c{&>cAQca@e{PpSOedHGN=|)w7f5s zQd8@(HzjXPEw8RwT`ezdn~VNZsUB2o@(mNVtNZ0UH>pyboRDzJg3_w00{-w^zNO{f zdJ1KO*%)>q+o-x<6C9KkG(YIqAU|!4Hdebne0%uIk(oX0*rdBI>iVc#qVA9Kiyj)C z7M&42I(kV=OkD4{thnI#?D(zmfeG4#F$otYlqFOqY)rT=EuXjVzI~7F z`}e+=_PxF@V1Lj33HwLyAHRRn{@MGjp9I?b+b^*D9g~g?I5y07y-kzHpJ_MywJ6Z2#0cgP;2{*~-L*E+bU*VGQEzq5c1#|u6|6>|Jua0>1{cE%2(uS z@AnPpJc3&2pY%@Y(7c0wr<=-$&XbVdO(K8PFH!zzy^6lCZWr$#(D?&;Pm20I8s|ta zR8H&xd0wNhlrgto`IL~a)A2EwuOslWfPb%;hdEGuUxfMk9v|!YdNn_jLG_LIzg!1= zeUF!A0)X$O^VJ4^mV>V)aNTek4t$*9Q%<_}#M}np*ZlzeJG>HrFFg!b04^Deni7RC zG)K*VZ-|-?e__<(C^fq%>SBaVQSxu*@?XkrjB0}aWYjb8pO1P4zAfriJo#GG8wl@- z`Uw8PC_ZP1itY(NHhMAqi=8&MCHiiJEy;H#<5Xnwqwu#T{|kOo^0V-tPksfyEqOQm zJ<0FGZ%+OQ{=wwW;j4B8z?KW%5e~n{j$ZJk9fRNx*^vUj6;_=C!1dUQRb&T14r>tB zh_D~Rej@CTu)hcgARHjVfe6drSZj3zAsi&`2O}IT!dis2A{>G+|FRWNHxyxcJ*m|Z zhOqpNp;kvY!r|hX2!taUk`iKU=U zk7w8WPxJ2=kchLf`>>Ncf~f-4f%x88V0O@jY*f&=AU}3tP)YD0RcY|F$gctlB8#GX zYs#Z5P;07tW%hoPW%bs?zQ=-N^Ww&+CdF;-^Z(fU3b;6ub>He9cR~_8FcU%yYlsJ! zA@1%@+yilCLWsM&5m_|8aUsM#A+DPccXxyLubFC=*q%N2ocr#(?{^wLnVOpJo}T(j zKCAXzl3NOV-ok5Kr#TRnyYhZ@6-hyXWM0}coX4bT%_$XfZepFZ9Y z4-IYn`*5(a?`;IBBj7`epc&lBt zYJSybMbyV~L&g6-`_0x%%N~u|y6sZf*S#Lmp{=AYqqc6n6kDO?mkJf6F3Wmcj5Bft zy$1%=eji6Vuk$b8xaGAyK9!QjZ*y2P&vUg4( znn(?J&2wOTes_ER<4(Fr9m;JPxe-AN!Hm*w$VTI4{e{USADWg zbuhc{-m3JChvklUr=Of$?W-G|+lbbQ0|7giugB}l4_EmQ!sNrYyum~!=)$f3I~x=7 zHlSCnHL$H8c~o#@=Rr#HboSn$3275%KFZ}D=9QJ%1k^X@JX+$Oj34SElmOm>*SS++7ON1{%Yx0$4(fY9Rw)Er5 zuPdP)jvpT1mu2yAPVj=(Eh=GLf(!YO@DcovnYLQmvU_w*iONzmT#~i)n;zHxK#ZpR z-UWPo3KlF>sBq!JMT!(D>g(%A4}aScfFsa$2!aq46kII(D4uIFW z{jh;UUv-Z>AaI?1GcTqLI2wB-`ctziFIJyhzIM^dK51LN&Ma8c^8R@7-|oKbeJLof z^pN*HmpQTp3dfjRj|*++uNvv+=H9D$T>X#>zZbb3II6*E^3?cceT#0#Qp;4Y+4NNU z^W@JJY84w@=_5b9Zs^j)dMm=G&RAUf?as|tOb%JE&z#Wae$r-cMd$qq*02t(T>D0h zsBZ(E|twlRD1ExGw&Uaqc}r_5UDIribnMul%o zS~gy{`(F7j<>vbv)-~MWRA1HYyioGD(!0Y~EE)0o;^$$v%fv1W%ofA^wlZK@r^1&DY#7jDd9|JsPy6)w@UFv{F7uqut!#O`RmaUU zdPG&N`}OIzE3NZZZjvy0@u+E+Qplv8XVvfTG?i`ry^=iL&vWWgi-F&>c9(?9J)wKq z>AA|)>3r?c+*hYgzSwxL@0?Zr^50)wV)U(#r5^z(5z6*lQt3ch9|jhs;=|DJ7nq1Ba5EL zWrWmPQ}pe+!;g1_j%+Z$t+TJxx_#h7w*~9 zb>W>cRZ^cHT)f9{e3`aDq~AmTqUrSoo^2)f61M1f^&+BEVHY`;pCf$kl4CPOj9b)k=+0E|<$_EQIY)C=GJ0T8F@hpB+ktQkPq&mm6f* z`kj76rch8U$L8xm^e|}jI*&X~dGgSx30vHRvkO8eoPcrUwUxOz<;B~02K=Ix^0p7|4eug{HR@&4;NmdpOG_AgEc02}uW z`bp6@@Biar2kA+Akw}CN^d@~sU(%2CCj-bpGKdU@t-A$j ziMX29qz#E6Hg+69B%`tql#jzZalbrl9~qbS%LC^fXPb5W6>^|g!F9%s z%ZMFEC_8G@xHMdQR7NarLu^8OwCHSe3iTYUETsL2PPEFX?U7ECKtkK0pde&%l{QvWmh3!?&U@bgsTNfs1@@msv*AA+rDa|tJ!sjw>X$LIxo^14Q zed?%1+lAlewDXjutU{lnsCdRQ!Tm&yK?}}Vu4@;cFx|RfQ9FB$-|l|d5*J(g{o^WE zEe?-@Ga7XM!;&sP)@AgN8?6hDDz~+cRkQP0N`fmMW61w=A7aai4xqxow$f zJKr5k@x}8B#*VscIXXUrJ&#MYQu$?OgveBXL*URT0 zTF&K(d8sl6t**qxzuwD7smxridm;Q(V(pGfFdEvrw~Gb3~)l=F%3?R?=3} zHqlPjPS+-BH);=Pk7#dbUm)-@m#&honl45+O1D9`Q+Hl>Q8!XQT0c?0QXj8Bpg*Lq zYM5u(WjJ9t=upkEiDNU^eb+ngcHHB5(J@!<7$==`Pv_pwUaoE2KILob)!eJ4S8K0L zUI)CcdA;?TYMkR6=-0-tpnrn@TK_HnyZsOOpYp%xf5U%4KsXlvQ-i#MPbOt06-o(A zDfKz*v*mO7&y_wm$n2ciKl6Upk5A^?61(=xZbPH*h~vAcClvETiTd7O#nWWlMaB7m z=x4lx%@dd%BqGWF+W4K{gJ_o&^^l?-Se)O8_D9jqEBaH2^B~clDb6dh(psRt|G9@|LX0B}9s1a2+N{bgOCP5iLvp_YfE9Col9O4$tpU=6p z>c^oDw;^{3SA9kS&M{XmbP9wkGvzipar`)$6tJD(bL8^)#l)xD3^IP)IJ_N0@*V0; zI(OMen+jO z4y58>9oa8vQ5Q{EttN&f6{#?kS~!)&@>oum@08;@m`%v#_^gbKJ150CskKx}%1l9@ z7%9Q^Fz0}iZb~vwT6N}epSG`vI^P~@XS*68uuoL`KsYh?>)+Szjp3+f`T@N07css0 zJE`RjY#(!UR7=}OcIar+)X3`Fc&fgDZ*`n91bD4sqz~8bwzzfsUP(jojdljoeY7?G$grgRM);a zzGsO2>)O3S>esFCr_)D{M-(ST{1SjR009=BG62eVf+Z&sK=~J-9~oZ~O~nGB<>{c8 z8UF&-v zz*hblRK~K>0?nbTtD|z6zd4RrX9$LH97e9G*u7_Dl|d9%TFp(CYx|J8%QE zG@ey6@MS9v`ZN;`rDrWkIzsB-wzE|Q!ZE=6~&6EELJFuv36;XwN5vzZ3biB zIf{%UlgJdrWzR?UiIs>*Ttzm+t2&JwCdbGL#A%T^xG)?8PvCl|@}=K6B|xq)0XH-a0xBpTe(zjKX;rv!(HO8bGNt`+(+&Um&I|sl$Y~r z-oWSLbMr2|CvW8Q^9A^#ygwhv2l1u&vV3{I8efyI!`I^*@-6uYzBAvAkK+6A{rQ3X z5Pmp6f*;9`=Ew5m`APf~ei}c6pT*DNSMaO(wfuU13%`xu!Kc!uZ#yDjskQ=a?d}_NQX$!s5u$t%$ju?xoJJi6) z)0TPKJa&pEPn@1&Oeo=85~IO6=L^7BoOzeRMB*aDxT@`A5d+pG@XWFGNB+op$2jzPu#TO3Ek zd~W|}y!d{6Af4>}w&*ALtA5|e^1z9CGQ->2KWAk9x;T!B{e8p+_P#id{9%8c-QTnQ zxWsWu9EZg5@B8sc^k)>uA2Hun+(`R*GemtU8xO_xN!;q7>}O_sfIlET^mFdezLkJ> zEfgBC#u!<;LvPj}+Opwf3>ihY@5kw}RWi zZN{jv6XV7nZXb7$JIo#9PH?BV)7&52eeNaqhWo&M!Wfdt#tE8G zlQDX1;5YJ{u}{W!ekZ>hR{ed5qd&wS;V$1 zNtmRDq?x3Rq^+dAq?4pKqJg4m*Pi3}&-4B7e7>|lprM%5*OvN7QU4lhl%T%4^bqY5 zw49EQ^ga3m(bc9AU;@ywo4%&LwvYX6ML=cM!=>G^V&iM&`& zGeL=b&iAP9BR`-ZpfI2SpeVo(5C9MW!GIC~>T68>hP?qa^tlMY2S9y?{Q-f1AV6_I zNdWa*tpq5O1Hk@p&}-9!K0|sKMZa```O`6ftnd3*v0u&hOK19x@AV?0zT{W^V8jc1 zKPSeYi2bHG4n#0LP6X4VWXGYf_}C2gzUbd2>S@IB<9mIK*x!o#O^A9Rv478Cet&6V zKhNTL#QA*;TW3TZV*T@#;K;b11;_ z$T0nt=x;Cj$BVyP_V2>m>u2lB*!Rlzx3}8wU(E9@`r8|sy)A;-!?K_2ReOCgZ@aOh z{dL@AJIzRDuUTAdID0>WQ8E5Fg4K@^KhNxOqCcS6e$tq~ofuybBe8#V39X6f5u;XkZizElgU5r^vJns@;lYrGu5dMa94ak1(0R9f*Z$EbkBhX>)2>uRn zM==&1!)oR@xR=~3{JqBCORkb+zGQ}EgJia3lVqM`D_(7rERbxMERyV$#7WW+@3}{^ zLb6v9FF7blk{m(Jbkux{nx|1S)oZ)t1!`_0X_5=5`4Tnv;co?MpGWP2rgWVBwB!w5 z#iK?XYA-;oWhj}4v&@z_N`s|&q{XG4QnS<~Eho({EiWx9t&Y+dkK)o19%gB*M>*+8 zkMhz{9@V8|JlaXy<8Q1-jE5uM&4YJ6@vaH)j>cbp)F_H~+eycHRF9AFY>U5z_>1sd z;(3FldR4+5B}s~!YT&6IAl2h*;BTBqYmzSMgS$K<;mCR1p*wkr`;(Bj5+|d{BiLBn z2oGOlTce4zGj;$UZL|VUHckOfH(mq2X}oKcl6%I-Mj3fxe2x;{q%g^d+LYUbJs?f4 zCMj_<9R2X~_lOJp${-!_^PXtpC%8Qvw1BaR{z?DqZfM=WL11~Zy1zu)a4!qLz z8*qXt37<+ftp>l&v>te~X$$a9(+S{o(`n$drt_$C!E_b;AErAd1-WZddV6y!Zw>4# z8@)GCD~or!w=22j9p{tEE%RC9qa$m5HpAkw(`(4#GBb5Bd8zWWJdPtIQ?j@55f0MZN;J&1{cM zHeE79v(6E7mO0z*Li-CkX3&0I9QWv$C+f?=+QvfKZ_}}ij(2n{q2mjEZDf@4bX=rB z-=n^xBL7!3=VwGdCl$xDoMj?UuS0n{7Kwb$_vk%|(9eudL&kwu04iT;STWyVI_ZdBi0}u{a<_BndjOQL z4cd_LG|y0H#>av#Wc+5(ZH(Umx(h(%lI9=U$I1_Yo?`qXP|11w`8`2PF}^-%cgBwa zUCQ|Fpl2EX3{-K!{@MJXA&hSf8p-$xpuaJGFX$DwF@6H*RK_QR?q&Rb&?AgL2AcmNbYf79dxKU0(B~;0OEIpb1L&N!3G^Ud zD#Vz9 Mx0sZ`20R3E94eS#D%FhQ~#Q5)Z_qCukp>_UM-96RW)ALZhJ=NJS#|x^r zuLYpx%|Tl*p6c-r0BHHYOOL+{`uycNbov#TPQN!O)$5Nz1EaeAr~=5NfzG%$Xg>hG zhriPGm+5Y=Lv{Xh(cT-NOzFk1jjj=k3rwKf%T7Z=o@#l{xKYFr48#J z$vKX=0_bOpgVthv7tj%mUj(`YK>NX^puYj=7#|Os#Q0>;RRDUPHK3aqpAPzv@ly16 zG61ck097+y2bzcRPM{u)FAZ9T@gbmQ#)pGeWPD}N>Hs?5r~z7+mG=N0&G>f*xn(CD8AcWPRX6&_|4?IfQ7gAlx4LRZgJtd0?jm(C51sbRU3TYj<8; z3qW~`6XxiEf#A1*`Z}Zk0$&F0tt@MEVVI$q0knPv&DR|#}3pg#B)-4LY%pyv_L@0DbI;M7Qru>e}0bHCxvr(tgf(DI(3eHcF! zG?wwBK_@ak8FV${g_}4(fPVG~Y|zgEluv(v96kWbSHy2xnf$^L^&= z8u+cpd*DwV#3+|=MvajpdfV!+lQ9Z>Kie8G#FWV+Oj|m4?YzP&w=2k#hQ_3#j=Xw z-C9|-aAsRJ)N!_Ks6t|yL_{bjol07kof*~q^=v)MSBK2gBv+;@Y#ai!bWmTqE}7kd zvobk&(eYVEtm8tEJr%!TR!88dtR-0iWNB7LRylGr>mEuTWIY4^nDrI-XNQ8r927v` z?GHML@e@ENGX5rh_s;-Y$B4O0%)C^xghHR%9ll-5(1$7Bed#Q ztY2x4HrxY1%hSAIO#@KAMR%;n0hEuyST~1_cNu38nGT@k5ohsR04RUx0iF+l^1Yux zLIIRt4Z4=`>p?d%o_op>e*mo$2pYzC@)DLo04)~}y;R5X28~jpmTP4yEZYqVsh-zy zc&SmzBuXi#SL)=v#-LRxBx)HkXqCKF#VKSOiC#_QIs>QF%QX_IO2O;2*x_8FlPV0n zQjcs1YPm`yBYK5Kjcdr1TDeNX8+1xFCoxEQja-51dX<`}^m2(o#_6;Qjg(jF6htMF z%GJD5rq^l=oK7xPDGd^$;dre~tyger9g(Y)3aLRa(a3nMLZ_FYK+WL;8m$!P*T`TJ zl}Hu5mQ&;Wauv~P6u3``UdAh>NM4LB*mX*k6x9{Hp4Un_g<2z5$|MGOoU8O2lqhh& z*livOZRAp()2MZbwNPngatYCElv)Lc2ZU>=)KZxQ7cr=KWQEj8q(!7nG%IwZNN2TxROSv;@%Wzd=dmNM%iEoFCgwanl!SMnOaND z-_;g#l+v=SxZF~bNG)k+IE$`nmN~)sv-!#GcjoAwugv_iXXe7wADQDO-7_0!-ZDq5 zyl(bPyJGgZcfsuLbk=;g&M9;Gna9kTHx8K}me_ATH!ICN%+aK2E?)I?9o7accT$UKNf92A!Wqam? zg?yMC_Mz(NumxQPhYjuDCG6m~CSg}fRtc-~tYlc`&4OW0d7Q(Fj#Y#u4SNx~Ysi_< zuemmb4y-*dw0z8<&^DjSg>J5;3vGICQ^>0~0U?h0R}Y|lK?8R~M0}MyJ(gE)(I=lQ zqW@!4wSl{Q77W@~Y1-gcCuFMn*Y9f*!|;mhqZVzY1jq7J;Tmq zJ{zX7I!BKj7ZTm$WQ*tye+-HqQ+Q@{6Magw@JCwoxC`f^M+e=He&q2XdPSPT`pN8M z9lOcf`ZY|j?tK7F*56Z_Ti>U&xBBJpVU@e~v$`x8YW=i2*4n=1cx#PS zQ>~v@%(fP&w$S=KF3zf3_nUR!kYwv?=~`>i`oCL$>$t_*to#n^*GH*Vb-TUR{YeL` z<@O)8cKrRA_35CK*4|F1t?eeCwL0E7Z{4W9WNqnu#VRA$tWysCVcp&9hPBGO3~OrZ zTh^q++t$A4?pO!hx@&!V=AP9Uf8XlR@`3fln+Mh^Q4g)nPCm3A)jzUU33_DhQsR*{ z#qE)`cg902Kjxuzocf_v+4F(5+p7E4u7~bf7wx=j?L6U*^-I8QYm>yA*1$J6te*_m zt(QMswa!YpY@J--qIFH1bJmtkPg~olPFj!kIBLB$^q}=wz+S6c^e$_OmRqg;(>7R* zi&j|+-T2MAbifj;Q_VTn?G-0mi-nK07Iq$FEjGWq)ons6>(j-xtV8;SSOX^&w7#|I zt*w$@M)#R?D%#U6KKgT9pXj+6LUhW;%fs9Z5yP%&l7T3xLEf>baL3b6czMxZXf!QQ z2&)<-oX!dsLbenamiH^2UzBJ?GBC*F0T?tIpkp^TwV+bsy|b1IYaTBXwB1(< zzHSM^G(K5)FRT{GmUV*DnvKHq&~3uI<*CBb1_uOrm6O7)2G^+R*LG0-G(D)!oF1b8 zNJIywFJSgs(Qf#Io%KGeC))eizR1P{On)HS;h5e-wCjoXI#I77+J8m+oRR4t(!@L` zSJ-u!eJ?_^1D0ZTOLmo7ZGwmq2XT|_<8_x4ZGZYt_q2(zb(_Q)UXnAh3&XZbl}#Ot#A&bHUG z?`eEj%QoMecEO&%GOBz{+v{}|>@=#Qoz|VpXa#%y7Y*&ySZ|oEehi~qy=jIrLPQ$g zf4uE|1a5ov^Wf~`F6nY~=3lJbP&yQ2D=KQ;eJbP^*`LUmy1*^-@zKFNYie2 zu+^u@*64gT!l~g;UuV>^KQEVUbX7};kG~JG=!~{l zXun?S40hd^j<)xso(#3oaCiIlGqlZYuSrXq5!ZfiAoeoQ7*@ZJBP}IFq!A_U&$%g8 zUf~d_{ndXzruX{aa$pU~vvp)nU3{brI(w`OA3%vhb@CQ~5jRj5Yq_RuJvSVb>gIc+ z{3Yl+R$c~cxqn7SzXNNwoowBfQ(qsB^_%Ex-w%9$0DTVB@BT33so(uofF9+4fKuOk zT8H}IhXE-6z3#pa(?jLd-M2#7K|oj3-vixLP9OXV&`Z(tM1b~Sd`^G-5UeMuPd*+I zp?;UtH=owO1!{p_sulQf(8>T>z5rD8(_aEUr+&W@TaQM8QXN07pVNOo3u{!W>+cPv z+TYdnhp@Hm_qzTCY+ZXR((doSt0o~-?>`YhuiN?|*6RSu|LQ<~R2q5HrDNM3{kjAW z2x1(I!O_z<1MF`G3<$~}pmwZkt68B-$M)UpckJCC8xPoXg!CEEwY@#|20=D`JKA36 zUyp1c-+Z8NRAjHd9UZHw<$Y~IJGNjQeQ;2~w-*Zd$%g_O(3AG++`#t1`s@Vx>!@|# zyy2)(D;m|VQM*o)+75)iXi%ws<7%}L58{YbVeL8%+lU3cV{Wy<_M$?iHsVJl!E3Ov zwqM?{u3BdMqK^6h^8Rd3!Oi##3gUoC6WwqN@$|F$y<93qo)b&dS);^j5=uOJ2| z{UrTT&flH#ZMxWg*){`$l6id<`n%gt5zsj3r;$mlMg3pwe^x`EMD2u$xO8LCoUuNl zz3@MMkzL+t{Lue~zDS}9QI#fURX94|YO0#RwN-V1V^t%8Q&m)Vc}R5__?YTA@I{qG z?MKXNs=FMiPF07H-Rd;(N7TpEJUOoBH6@8eW7dR_a7`7Bf>hPi&`3y4O%siVq-u6! zWZR?J3w%&>82G5>IPgUcr!7i&EtE~9oVFrxtac=Dsy0o_lRet~;16jJ10U5M13s_4 z0L<$oI@mRI;lP!3Re`JPY63UW#p-;?NZl!2O_HuVjgm{c8^Eu0uYt`53tH}QgRjFX z;^z?LAS0z6LL4L{)S(~s!M!4Itot%|FB0#b06y9MzIzyX{iFs-_(n+^ zlY+>mr0q#EvLh)qNkVofrJ+19SxCk`Cl?2#fJ7%hPVPmXB|k^W+vM9R&&ZvW zdnxeKN_hzUDCG%oJZvh6IJNEV7Au`B({NK{dU*^n$gj&!k%#iH@;oF{{!a0Md{RYe z25_%6AMlHR(hS#*CUta!bwvqhkl+`|ZOCgtNV&loyqm!bxVWJ-N>U9}Lw(3_9QdT+ z6tLamvczF2euZhayt_S}!d=hu*Il#lwA;FO!&B<#J`9+cI1{X;CONRuqyo-kax(G6 z+2jeYH7}DlN_=2b;Yon0tO@Zars^gGscEuXRwkH2$VAg@lbX!=rMDdQlUw@}-?-N( zC*BHg=%c;8fb)A72KMzH3LNdd0C=PKRp49Rf7)yo6?lkw39h_E zev2yD8GdiG3hf3ag|i9+`v&@=kMXSxT+8=+OV3@uM}Dwc2Gk3HcT&K7;DrINfl1)` zK+ysu6&wXU$qn0&j+7Lr?Z<4h{Y(p*9t5p@4toy?_6)|ZBEeOF>jp;zJCL@)!@*Ao zUI&~O{HN__+RB3~k-Iq27wxTNVkzJ#%M8!C&HO_wc^rN}nQw#p94PRXvwZp$9ZUdlcp zr;<{hN1jh^l>5j7E*sD0BxU9IQxT(0Sc&vD(c>J zkSNtkgEF_$q%5E;r1Vt=Dub2fl?{-uzlE|DvPOul=|}pX_Vu6k_21XN@~-Fq z(eb%A%>x%0QtJuL1-J9+_z^T8TH8QFa%@a3i!=2hRSKO_QS?6iKxXAHCU(uX#>*qLy(7bUa91r=>+;OuCc0EP& z$DOJEatX~LciX2mgX)d{ri&hP!`Q-ZZzRhS(xsi9`d(pgd=RTL)MRUt- zYLIIr%`ca7qti2*W6mLXqd(0vXEA-AM{~{H(LYb6`R4XcO$?(s=X?^>Gilzr$XH1R z%{>>@ORuK+=e`7sSV{cU!6<+=ND+sI)|i= zjcDGwqQ>4$XzseLr*{O?{B?)Z&upbR>>8w$t4H(L&3`=Q2F+!cSasn|n$NC%^CJgn zPP=0h%H5`U?fTwsKal3OTd{S+1)AUP%ZBHzXpXyxK<5fH&t0FC7t3g_yC-EjxY2xf zg+1GQ)0}q?cg0?(dGGQLKDdGAzVmI+=QhoMx2SEwM<>mNjw<%1nGS6obK3K9#)%8j zR~`*I-Rs%#I?->pM>_XO?)*X?KkxAJ1JUi(Yjht|rSmMg+^cxxE}`k|J}O%3{dVBh z!ZQmT3LlzsGjPhV0SL+`7% zO0mkrm{6L`kS&8oYlUnV@NU^28Bg}g_5;_D*Oz0?EpG~ZL!JR_&*u9`{sg?BsIGud zkzyV2V_SY-7p1F`Be#{Az@e&Is$8U=sv*`Dy;VC^HOL87s5+9=Qtt#lq5i5CNTxbV zjhdQTnp~uj=7eStsiobi#k<-NT`v-$mHBki+`p;9U%^ zm@k$vl)*gGKJSk;j6%s6!&u;hhEfi_Ng0Q-m`B=Y{9SD`{;>{|Q6kRuTjk!%x6a)L zo?1to&tjJUhjSU%mRwoa5X?3EyA8t(ez@B@w;;0KZ5R0Bn7ccW?(Tgt`%HFE0WOLC zU*PFr%UGQ5@c{f&k2f9)^4{YkczX`x{rOJ8!|H9mkHBB^WdZN<+U>=|r{b^nAAaul z5;MHOfTF@@&et~YpKsfd_=^x3-?#s;_~>}tTl}K28t_8JZl8dE4&fy}<91TcmWv4rFaopyx~J z4*VqLDX`~fVaIqXmMsZ`nkLAV#PvEE@&lF@^z|OIl)nVq!%>!P9xLN4ska+ zFvsIbx-9*^F~IfYy7+;e>;n#N~dAc00{uJ6hTAKN+ao96h#i=Va6|EZRFf|HO_ z-?YXzD0%m{+hG(|96T8y8IIQVv;7x;Y=>vi_RdPqq3vDzf2K8V_1a-;d&hogd!JEa zkB!rqbSCV9VR8iiHbSnbiAT%yN4a1s25e?gaU)HLR{CGqO6@ySZbH0fQIf&-q|8Du z%5j0{ql$5*fXi}Kfoov(%ab9T6?ixo!$A{-EHykC$4x@NH-npvwltqxfbu2WGVm*~ zI_60tw;H};>$r`mvzgn5@?G3+l+!p+^Z5*HHck_Z*l;fMP^LRvRh# z%z2>?^yZ5Jhw>I)Lc)>520PFr3jt5+B8v@28uLwnn_->Jla^R(BfkaT5qu|PCg4d| zz6aiojsd2S?x<|&YnSY*0^ZVq{F5F5oW<~3vqUrCZcXqEw<43rE-e>=>!=jbZQ zTD0Nyl9Rych{mL`m=}RBOP-_V3#_jFKeU0^ zZa_}T#rH%nIwF1{uy;Zr`om%gk-$R|h5--9&Z9h;lrTL(MrJ0=LO(e-Aqgd$uoo%z z!Adxc@}mjw&~r9OiAu>wdZ+Bh=>MyoM_E^T?%TL88qa`n$QIK;;~6Nw9Q5zRHT<2} zuzx1TfyRveS7RJ#jF}i4mNQP_`#3Q%X5srdF)@DO`#3Q%mf`z2F)^;;`#3QgA4Z?y zNl-C|8+it;CxDj!Cy$f;IpoaagvXM7m=7m*EoLf9_qT6cV=I#+##e8wk0uJ%`Gy74R$0781XFZ&Z6(r6^qftdn#zIDX z7h`GQ5ThBmoUsCM6=OZ%2F6B4o-{VL2LI9T3;M21zbxP=q_LicDZe~GMic?c0A$k* z&<99}A;1Z|OMok|dw?fOyaI|MyOJ+9Ou|+(G9{{ju#{X zX5)xmNc|=QQ{Q-NyoS8O-e_3u=E%eJA@LK|K3@_8l7g{MTAL(+>`6L-b z5Yr&ZLR?6e0$7dx)_7t-RwoV1>SW9c&GKNmojTeg9teI>o&s8IEa*A_&1te8bOV6O z_!iKujQ4~8MkN4^$*v3<3!pLGzk_Z9(E7VUX{-|EPlEb6B7YWmf6xE`Ee{4Q#&{aT zlmSRV`AyJUtenTlC+@9o25$k-&z1xINBg7Gz0unN;Gk{W8@)sx4mtP`j}BT2K+h8n zT8{CRK-U4fqkKK+23EcebO(SwpPitotb7mXTKJ(*_pEiG>jCtfTS0d)J{44eKT02z z2Z07N-;@y0P{x}RDe`{pyvlI z0igF#3Y1y~DNkdw!U5DRsyygvz*O*OK+ghbook>s7=H(}4CJyA%A0^T1<*QkK?5O? z^YFq9ngp;tE6|Mqdj1K}EMRtGt3MNT7USoDzV(E!3O@S|v|c3QZR!$IA9O5$o1K-`<5(}N zMlY+)G61_}xdVH#h_W#7maG=&Yg=WtK_47p?`wZ(y@dRFeMMJRrEM##YJa)1n#|3> z3Tig2jZ(4zxj?^PUnS!_DOhFk->kB>bGxwCO2t|Wno6v%B;TyBUSNHN95QTuMORkE z`7&4q{cL?T6Xmm!`x83WAJ#?FB&#GIWcA-z7k!Zk(&8lOFIPtqvT=~kU#*TvK40`R z-SZ6u9-MCh?R#u%q&c38(dR7v8*8MxSR--YtdU~8#-e1J*IeK@uLR(AUK@codu;(u z_1cT|(mt>K;17Bo0#5fj3w*)rB5;P+ec)GKZ-C!1WAg_*;1e(g2WXPEl zW`cK#EoaWJ)?K~*`eLos534V%IsJxWPGet#-SKo|Tn<{J z>HwM#(XLan&xvy8jQ`&rL!2|`{eLB%_@Bv=OXSS}(DU2_`@#{d>GoE}z z`vK7N3;{jH_!FQFKH1A7KzlMi3bY^N2Z0V@d<^Iq#!mxHWc)hN&5Tb2-OKoN&a7AhrlV^Dce{&3n<#mjJE9_(;(4j86jH$9Qt- zUz4}2TUZO=hoW+~4nTA0P}!q7{P&{#B`B3cEam^7l*9kX9=iI!A$vybDYp!^z9Fz` zkCHT&HIq${O@{Aky6lncIkfR|>>%JN*C`y}iBwCmUXcc0(XR@Br2xOs*2-?mIOQSb zS>+_vRMj-qOw|U}X4N)$BJEevn1^Gkld6mOyQaFWx~IxS)(W-SpmtE_R+mwSs>`dZ zsH>`LsB5X~;jfvxwYrmffO>>_8@!iJsMGP6p}wuYr+%sas79s_je{n)ri><3QxS0y zG%BK&rV*kdT58&BI%x)KVl@*qQ#7+R^EFE~D>N%LiJD~18qGFMDxxJ0!tW^^e;4t0 z59=VJEu#(7*3vf8HrGaI+iPj2%YoW$@QXU3rLhs$wYRnRw6CzmWF1{YU3*<8-5lKl z-7a04?x5}{{!Sqtg66+`rF)~}^kwxHeGB~v{Vsi){)9eVe_4M`e*;@n_AvB@Re?BA zUy>6J=?=9V>pHe_jBuRnIL&dB<5tH5j)xud=61>5Ja?xX2%;RjtJ`3T_4V)vK`#Q%s|KUvYXwod2#6{;q^Jp4f2D!wzB)hD0d5f(teO(23 zR)yoQqH9mrDA#_jF|H}D>s*hxrn_FjI?dh96FyhN-Nw63bDQrL2MfhIw=`^*S;M_9 zJpNs1A+DbiK>cYkv18u+sujgK` zyfVEUphXj4orp5_MxM?^M!JqmH@+|u(?k=^tQ3yCN)ZM6`VR1Y?f21-T2uY~1^>?e zk^WKs!~N&@$NAR}h=GSa^{=<(R}$t3^Mx!yhI~mcg1#&zag$b3-}v;EzVYF(KoG3k z_a+>rekh4FM^ZTK5iyAe5>F;xhCfyVSRsZb#Ux!$x}H=rIXt;ma^2)+$t~f9bv5~2 zGM6GxQKjfpa-}$>7~zK%1uv`@DIZhFsudU4T|9X4*u~Em$;Y0bqCQ>zL|6TE&7Tiz zr?a0eU+aFI`gO+FLtkHD6-AJJ$q0Q}ROT1hCQ`HZW*y2pnsqAcOxDG$D_Pf&Wr_Oe zfBnn7=PF6o$-49FfA9-D02$~NGebPcG+(lnT-pN9v&x=pPVY zqF=A?KsM^Pf#0Fu34B7|+pv=KF^s?fI@vH6c)npLu&+Z&2Us^)OqCgYV~1wItsNqO z+vSL?>g~`EC9&UlTP{Y4qjPR&*kYWE0oO;*0s9R44jOSqqpU`|jB&v%-o@xTkeFDk z6}6?%jhAVZRcqk3ZvB9Fqi4W#aF@En^5R|rIL18|c$s?=@GAG!!1vu>0vGTo2@A>n zd~dK0+-!@&$?(te$NVvVXgsvF@k@dEL`|X!kyV8fah}8xz#DBbRR$$rVY_q@SftYVQ>!)#ua>ykHMcfQ|~H{#tb$yVJtws* zQhOogsm*W`vky{RA+-_G@@t@fFrL~Bsa=qkhl8d7sI86K2{*Cwd}ymh0kjUa2~t}i z<*7aJXLdm9PaF!cofDMW0;x@t+5<1La++y6ryY<(`=)u!c~CWgezpWCwGUE01k}v< zdY~;BKLKHKv`a48 ziINQTGTx8{P&t6sQG&WK-W}A$cyG`Gj4udUl<`#_LVxiRxl_>)gFveR=y~dbc4d4N z=y=BCtzRF|e~9@Za_Sm$t_ySOPpIxh)S29bMqSKHNOKI_X5Tpu-*W|k-qT;{Lqr=b z)rSlL(E5KzAChtA&pdrp7b5CFBEX9|`)KakocX-}fA#D7nST}4z2(eBn4N#{#lJ_N zL-QEs)aPWeb_VD3e@VCVpEc#*TT|xLiPFp{MgZLp!2~)SV3Rv4dpPPQys6iqV>#=- zmCkN+S{EvNtb0nx%SwyAQks5RHB)lCMx#%H@mxBsBQQ{HqpH=X}S?`?%P*SVSMyn5V= zPOFSZHkLgZ?Na?l``942yAj3e&8;-NLA#8B9oCOp(|w0W+=$FszRHhHyHt&G{aR`2 z*dEtsZTT>?zW3R_DYy6(d*^G zHz&yYKYq8e%#)Ft*EBIIZXb?oHa7@AC-6AtF>uz!|AeC`+G;8 zlS{Mm){Q9ed7kUshr2EuuMj?d;F8Ooca?vzZrsH2iqb7y?_Yg(cyJZd z97Wx1$jC7kk2ZLoUlUfSjDN`vmknxDe9JDU8@5?fSAwO-28;JN}se>}$mE6-x_p?{~iK)AB$_r;5d` zpIZzlQeon?gWkuwe0jRL{mVOBk6sJ9=rFo{`SAR6a~pFV92H%l`sfc~JI>?^{$cmB4hq)%06<;vgTVU_)pz9hO?Uc_DUi*EdU zTCx0xYF8V(=XB}Inaht(Dyca)@6?F5@rADs`K{oTEmv0VUTwLvxU8RU#-O?jkGJX8 zuCle^-rSSlJ=l6_TI=^^0^Y9O7n>T>YU!|<>0Oij&qx05=yNJ${;I>LEe_4!mQs8rgd6gqSVgX{o;?tep#13EhF!xgksg_NngId@}!);?up@n z@1{FXzEEpGt#!{UG^~|;{DySSo!gsEFL58&t>#uQzdgh2b*wCX)OvBN5|g;T{lz}zgqgZ2yhq;(db_$zR*#i440j=4!=3BVMmPYTn;vn_uw) zrQ3wB*xP4cJ}0fut(_CAg%&P1TbI?FODuE!cdc^KosE~K?P=Vh?Wkizqc#Vh@7J$sApY+l{?j4;J`n#e5dVu1{}_n> zREU2yh<|5@|2&BQO^81a@ppvyuYmX;g!tcw_|Jy;KZf{Uf%yAF{Le!Ci$MGi{fcS5Q_&Y=VJ3;(6Li}AI{;?4M2#9|rh<^see-y;u1L8jm;@=eF?+WoB z3-R9q@%M)K--7rzf%q4N_$wg(5{Ul-i2rX8|5p(I4G{nB5dW4Ce_x3I42b^=i2pK( z{|Siyd5FIk#D4A4&omS@$V1uF9Y#UhWN`N{`DaKA0hr>5dSq0|H=^mO%Q(> z#6J?^p9S$R0P&v-@jnjn9|-Z^1@RvT@h=VWzY6iM0`Y$c@jpW4AL2g};$IcwzY5}C z8{+>N;@=qJ?+NiQ1o7_x@i#&IPec66Lj2c5{0$KQGZ6nJ5dS(5|K$+>t`L7Gh`$=* ze;49k0pgzz;;(`DuZH+YG8*M#`*fcSrf_%DU{?}YdtfcO`O_z!^iUxWB} zf%vzF_#cJ%J3#!yA^t{)e>BAZ1H?ZU#J?xRzXrtrHN^i3#6KP4-vi=5AL9QB;-4Sl zzaQf72JycH@qZ5SKLqjL1M$y<_?LwEpMv-ohWHnR_^*Wc-+}n+ApQ#>{_P}v09mGE`#J@Vk|2@QC5AhF#_)muT z*Mj&rg!tcp_}_;3yF>i9Li~qA{G|~8RuKQb5dQ#(e{+a`{r|(>dB8<=w0(Q%uoMv+ zRup@IUBxae3Sx^bXe?=nid|8}o;;|0($Q1phGbZwLN%;Qt)_dxQT#@NWwKKZF0b;9np7mxBL? z;9nU0J-~k-_zwX8yWl?;{GWk;1o$U_|4{I65B?*;zXbSq2miz1KOX#tfWHy^`+n45csbJ|0M9Q2>#u`-wgh}!2c=up8$Vb@Sh6)tH8e; z_#XiOVc_o!{$s&^Ir#Sg{}JF{1pGIH|9$Yk2>v{DKe-3|JA!`}__qT855WHd_}>8k zo8W&3{1<`0C-_eQe@F0l0RP?KKNwps{~P#s0RJ-J{|Nl+fd3cZ zUmpC^!9NrH?}7gr@E;BSzTlr5{7Zp<5cpRC|Ha_12Y&m$KN$SI!G9b0&jD)3JP|L5R;3H%Mi)>{@ua<6!<%Ue^u~b0sj8r{{Z|afd6Cg9|`^)z`q~( z_W}PB;Qt%=8^Qky__qfCL*VZS{w=|O9{BGD|GMD+EBIdp|MB2o5d05=|7YMI0{){U z|KJ}7{uRMLH~4=D{vO~z8vNISzaRML0{@S}|0D3P4*ojuZwvmn!G8hx?*soc;6Dib zy}*Aa_$PtCFZdS*e;4qd2>x5azZm%61OEZw9}oV+!QTe_W5B-)_-BBBDEOBI|6Aby zJNQ=y|4!gP7yQ$~zX|y70{>^=UmpAyg8xSF9|QjT!G9C@_XYo1;C~JLGr|8Z_#8W82p!m z{}S+T4*ny+e;W9&1b=(*zX|?Fz<)aUHv|7W;GYWqbHM*N`1b(+O5h&_{-1*XB=8># z{;uHP75q$NipA7zP;J+FC+kpSK;9mv&dx8J<<()dEkNWJh zr}2XZ-JU#b*kkwm_p^8R?D^A%=;*Vpzx;A~OM{_<9br-?`Dg{l>2wHk{&m_io0`HEZg1 z{qe_5<|RuauCH4cwl^W6nKOfWlqu8n!|K(0 z)e8>(!uH9NM=ielZsf;Rt9E<1eEIuTFJC_HeDB_~nf>}*?ElLzt6EjA+%Y&`z6x&k z_Ris7eKk9(WXT4f9z2*>&fD9tc+Q*}xf~pHTjtN#yEr*{RQK{KwID98aL~nz=gQo; zain|Mvdxcd+&FyEfC1MFySR8Q967RRY^6%={0kMT>Q}gM^^JY{oVoqshnq8!l0JGI z9=@zuojL;}fBI?L_nS6-KCFECaO0&*zxC7WKb<>jRGvqzTCM1I{P+&ZZlznd_ID^= zysl4X=B2|MHVnD-(MMbN^yu+pgKxi`{Og`QUEix!E9PvICbNEQ+H~I4cJ0$E%Ik%-1;&!bj;7qn$7M_XHa)9~S0 zcU!hhsvj6Qc;});r7tBXzxUw%_m^ZXUHZwsx^?3wOr7emX2y)*w8X>`jcV5HYyarc zy>n@4o%V0tI%vSDQ|mgFC=p`t^ekQ|JNvT7g9ql`Km4$_>5(I*yl!sZ)$-&iqrZ9c z;Dv~YJxk`!t@d60`r~R9DB$1r(4m?4SFZeE#1~&=HVg_Hy1H}c!+(78$UC+dnyQU{RkFCwAXiy*hM7$Bu`Rr%$i7Z1(KRHGcp7#Ka*(?pOKakCUN?4^M1g zqeh=?y?dXUGHmjW;K73I6`t_shqN2W;GIZ#} zYirjw^mcakJh^jc^ti!;??#s{-6Y1}|Kn0ciqyQfVny4pHgE3#etP=cl2@;O``K^5 zEl!Ayy;{P@$N1ZO@69>0dw1lRi4)yNPneKvTHn6sLyX4H4sF@eFSSdT?|y02Xqp3E zr`bGy{KU({qsY?8$O948s`Yr*w(Z(uJ9c!RK4wgTcKi3omn~Yf_Kt-M%htSb;nzG* zpWfIsZ(hZK+_`;sb?^Q|-(P=C89!x;)5=-10=6z#;OAScSm2DYWAhcicJ1rN-+wQ&j3=B z2mig`{{;N!fd5C}e*pZ8fd5+X?*aZFf`2{mw*~(e;QulBKLr1(;O`9nGr_+<__qT8 zVDNVX|8Ve+0{>6Jza0242LD{(zXkkVz`r{9F981_@Gk@Y-NF9|_%8zg!r;FU{A0o2 zAN>8meT3z&{fFzX$(e;BN%~e&9bB{2zgTH_1QvR|5YI;O_(ehr$0A z`0oM#2H^iI_`e7KXTkqR@V^TFO~Ah=_*Ve`%iy0M{J#YMpTYkF@Sg?#N5S6{{2jsH z1paryzdrcy1piCm{{Z~6z<(e3PXPZl;GYKmjlka?{Lg{^e()av{++Tr5#Zkt{8xkjAK+gR{AYuI68O&p|Ks34 z9Q?b0{}3<$2Y)B< zFAe_dz<&z(Uju({@IMLu{{-1$=0{E8z|KGs>4ET=$ z|Iy$-4g5pE{}A}6g8whz?*RTb;O_R2mCjI ze*pOJ0{_0?KOX#7g8x?V_XYnM;9ng48-sr~_zwpEq2NCi{GWn<9QYRi|5M;!8T`}1 ze>?ae1poEmKM4GDga5bSp9%gyfq!lA?*#szf&U=z9|r#S!M`W?M}z;D;BNqb8}RQ6 z{uRML3;cfu|5e~W5d6OZ{}JH-HTZuH{?Ea`J@_{S|GVJ72K;{n|0UqR4*V0qe;N44 zfd4-5-v<6>@Sh3(Wx&5W_y>dk6Y&2I{Hucha`3+l{`bJYANczc={L0e=VZpAY^{;O_Xewan9}fO?!2c)k-vs{U!T%EY>%o5%__qT8;~M|_E8PPB;^3bN{u{vmBk=D5{@;TC z9`LUP{!PHYDfqVo|D)i44E*nae=7KAfPX0XHv|6w@E;BSVc`D^{B6O1IQX{&|3L6x z1pdk3|33IH1^>F>KNb9EfPW(R*98AZ;GYKmTfzSn_?G~GPw>wM{|Dgz1Na{Se>d>Y z1O7L`KLY&cf`5JRF980Bz<(w9e*ykM;NKbiKLP)O;NKtoJAl6l{9Azk8SwW7{|ewg z4gAM}e*^Hp4gTA~KQH*71^-XM-xd5%ga3K(uLAzH!Cwddjltg${7ZrV$KZbe{7-=Y zYVhv}{?oyKHu(Pz{zJh35AZ(>{x!hAH~3Em|C8X~9Q;$jzZdwo0sn{Ke;xdzz<((C zuLXZ+@ZSmkgTcQv`1^x@5%6CD{+q!+9sI9?|8L+Q3;sUf{~q}72LFlRKLPyvg1-^` zw}5{a@NWeEcHsXQ{5`-w68x)ye_Qb10sdpae?Rya1^$p9B9%;J+CB$AiB+`0oY(E8rgj{@uX89{9(D zzaRML0{`{k-x~aPfq#DR?*#szf&U=z9|r#S!M`W?M}z;D;BNqb8}RQ6{uRML3;cfu z|5e~W5d6OZ{}JH-HTZuH{?Ea`J@_{S|GVJ72K;{n|0UqR4*V0qe;N44fd4-5-v<6> z@Sh3(Wx&5W_y>dk6Y&2I{Hucha`3+l{`bJYANczc={L z0e=VZpAY^{;O_Xewan9}fO? z!2c)k-vs{U!T%EY>%o5%__qRojeqdJ1^&gsKNI{nfd5C}-vj)=1^+$ZUkm)3fPYi) zZwLNI!T%We-vR$r@XrAMQ1EXC{sG`W8vMh+{~7q(g8y*vZwdZ^;J*m`lfnOe@Lvl4 zb-{ls_|E|UMDVW({*S;v4g9x)|0(b<0sfxgpAG&G!2bvEKLY-4;GYNlZ-RdW_|FCZ z`ruyx{11WuO7Q;z{DZ*1Gx&c3{sqCmKlpb5e-rq(0RJ=K?+gAFz<(O}j|2Y(;C~zZ zw}XFP@IMRwpMt+D_@4&<^Wa|v{A+{14*VN~za#jU0{@S}{{Z-(0RPqC-x2($ga2&s z{~i2?fd3!he;E90fPZiBpA7yd!M{29r+|Mi@NWbD55fOB_(y^NQ1D+1{?6dP6Z{8* ze`)ad2md1AzXJR>gMT{sUj_f)z&{rJeZc=c@ZSyo6TyE1`1b{WBlvFt|1RL)2>k89 z|1tP`fPW$AJHS@GlDf3&H;a_&){zdElQL{JVqyui!rg{AYpx0`M;e z{$s)a8u)(?{vUvUIq*LR{*%CeG5C)Me|PZT3;tKYKLq@{fqy;lj|YE0@XrPQ>%qS@ z`0oP${7(rC_$7O|xR{-t>k|4MT}D^XALuH&o}Dc+v$KP*S^QjP{2TZ;(Jgcv-9dNJ zJ#-&sQRV^mA$o)!qbKModWN2(3?xSrdP?UG&(QN+Shgph%tOzKUwTe{hWwuC3^|R> zj|w1fBtJ5qLB?3gK0{<%jl!r1lCfp-p}LHH_!woN%;AD~2z=I+Dc8xDC770Dw8%b0 zB2Whui8`WAs56Q}T~JpfFZSg)F|zLr88_Dp^+vLfjcC*t^+U2>j!e`anNbGox|{7J zGO?M#Lio!3;X>=%q9neIF)M{+KOCh|8B`WIA~`1V08|c@M->pegVxVN$N>T?A=yc^ zY|H6~^#W^hJfZ!YuKU3~J)0_*8Y%9;F;o=hd9i7Sc;T#JVm+^naUcvr>IA>UP zFw682*I4&y{4?k(-(5pz$-j>Mjl8pn^NV%*pkUT7*FBtd`mjD9Y%uHeVOxeX9n5yf zn*-mU%u((hDRV=^F1}^O2!VWI% z&SqyjokQ?p$9XP)x6OU#xx{+m#g1h;u`DOJv12|bIAEPVtj~w#W!u4z9qdTXoLHV* zj?+!n3nwfq7t4_QK^_ZP-iLg-{qncU-;-^_{<4850Z-&-+dbraj)NWRW;xk*Y>yr5 zc4A#ltjmcqPJHhKi;`6*zIS3dPAtcXeJOnihzr(N=o=g`x=XNqxrpGw&h3LwZfO;~ z<6-mQDT|u~7g^pQxc;4x;P+#Lg9lU$3_k5%E4Wbp>cJ<11A_aEH3Z+d<`;aZbH(7} zkIDsCUr;8vU8_>TM~e6cw}0#teDQ42;NB+-2N(LaV6e}%0>SC_`GdPx%p2VAW3S*g zb3KFOPkRKXmvay9|AlL?@r+CGH}#x@53O|!KI7{U{7s@=a6=#4;QT8^@ZIiN#$MAi zj5Q8DHD0%QY^>1afiWTBuJPv6TgLA`ybrue2S;QwO#gfBk-o@!`2mMz6;kj0JPAH{LU>HIDpXwQr@S(8&__wMe-jSgLn2U>MD2CR%UKFI#m z`0$gDjb-+?Hx4b|)_8GFYhz27aO1YP7Dgv?Q)9I+nivD@8yO!>2{ZO77HXWiv97Vr zdq(5ht96W1Ce$+CFw`*aI$hQHU_uq+IHSSX_pzUG$;OJtJpIcXchx9soGMBi#~krB z&RbaAnAX3T@mkX&#sU=z8G~HCjjiwIGq(OUkFjccZsV=3xr{?rxf_ozbv0gF#gSz#- z5Om_Z--7ZOP6ZX4|5MO)-HD*+5l4fTi0^_v8+|zFq34%DHcR&hCDhpyly+)o(1&r` zf}$&J4tj8QebBkNYl8gSrUv~|WM$CLSCFM^go865N|uzyg@l-@z!H@gO1`k-Ub@ozs4 zI@_#mknYU;L9GWi4cb+tVNkuJ^@6TU4h&k|u13%teU+dTFTbFxHsylan|*_99f}3r z^e#xyM&6*MQMrOfFVqDcyW|iwvzkrN*0Rq6W6gI0N8Y>===$ilz#0Wk2G(r#U0`U+ z!N92ncLjdDY-8Z9#;Ji*bV~xKUx^QFadvuO#rxv}r}>TuymKx#@arv6fhWFd6WFRi zqrh#;YX#1Wtr(a-x@cgF)42kt53&uMw)1+O7Cy)8JTJAq&Ym9^)wxk?T%Ck3JJxA* zsCu1Gmb%qh^~u+@+fDnt_C@d8wQ4P%c9FjZk#_d_f_|$99h|n~w;#6$k3aj_)#TrM z+&g!5)!F+uuC8c&+uXeP-6^LR+}qXe$NTSjo_a92_x6Vq)(m(ds6cRlSm&FR@UeVaY|eA47+6J{KK_ECZCXLI5!KYu#9!}E@{ zCp~ZOyyf}f>ZhN3+Gjt%zM^=><`#7`-Y@@Y#OzYOwVz{GdJIyoY`^rg3QlsQ!)=8 z+>+VZ`9P-b=OdYys{NX|zQXUB-|xJgS?9*n%%pv`=JvsE=3zbanSW|j%$$9yj5)lt z-u$FO4fEyOM)M#28<-cSH8YR?wzc{Gl8?-V!#bMtZSH11b+3=Pp%`E;eqpHDYfhYb zbMZ0e(IY0BAEiw*e|mhj*>(SXbM?uK%+58InHTO&HanJEW3Jb4gSkP%7PC2Jhq=Lm z-R8%A_nUvI_@#OEcZbb>t-mw79z1HkQ}Bd&X#1bcVIzJuU!HZwd}aDM^Y=q8nthsG zHix@iHJ{yf-CVWhE%Tm}cg&X>-8Va?J~WSd_Sn3&#xwK7&Kc&(CbRk2g( z1MRYUwQ|TRQovPUotETF*G7N56HxIgJZD^D$Yv5kbtnTH!vNn&*ll9s0yjg$b z&YzV(tUy+Up59r;Q3bR5PAio4)6~LQ<3|+9TF|X%R`HNxS!HthWThST$+|VNc-Fy+ zC9=Z4Dv>p~jc-=OufACsElOrJ*;z8Hv3IGg``t@r1+FWVRqSf1tciI`XT?@6o%L12 z(pi0*m(KdIQR%E6)kvI0A z#4-7@I_J%sbz+KFR@5WUtVs=XWo;Pco>hIdYgYf=E?HZ)Ic3$I?~v8Bvt5>bKAWs@ ztFp}3%4C|$k9lUUbNI2@=H>%)le>4#$4}fc2hF~2E*9{I`P!;W<_z;W^YpT3%ty-n zVorW`!kn3S)I2cvx8`~8r<*r@wBLNOQkvQEz*h5~0vpVoDy%Y_A1yQ29k|dubj4ir z4AV68eVg&-5hYCKDZdUj@ABxI?Q`l%R9V-`HxG^Qo3Z65zcul0{xu4e_a8SZ#D8jf zd;jz<(f%XOnf!kpGtocazFGc_5)%E_mRsTfW%OEq=b>Buqnq#X|Mvcu{&u~N_&3<| zqrd*vY5#K>7yZ3%UGuMc@UDNCxF`NI%Vha)`^Z)wGT%X;aMW4fHPcmJqeL$KOrw|n zN$Y(2lbyZwbNdw5FN!IqZ_uxV{!))p`hyW=^_5#z(8mP&>C;OY^gUey^b4+6(@#2F zQ{QiC9sOs+jQZ0p>*;rttgjD!*g(JVKx6&=DNXgA+qcl?_YK!qyw+NOU~OA{X3U5B z$JIX3^Tt%4xV@v^G&o8>t425d-A6t2t2Xu4pYPjOzs#?{KG*dD`Wh<+>nnF0rq5IC z3;nZRar(R8nDo!ejno$#J4)Z}@@V~q(6Ra%OUCI(+Dy>z?J!Z_Y~Lh(jp9@EqvNLP zgD*_e_X(MyFSKl?zNzDEy=(V5`bfrRZf%Iy-VAKIud zUwgCOe!~`hneyB8@k_SrI~CojpBleQU#h@veZ@I@^lS6)({G)(U;kc_gZhDs59ve7 zrR%q^|4M(p_SgFK^l$Vrt-sUXxpYL|aKKUhDCgt)jfp?#PgVU<@AUmieOULO^@|*T z)fZoJO8;ZSGy1P?{HAx9aZW$K_67Z{%NO<8Gk(`!4Y{KK_|YHw9;w&#J{@o9ClBYmT7PxK#+d8S|9E<<14->fh0l&w$eCk!hiZ495Z zvNc?3U}tC^Xm3aga4=l1jPWuIOUz>!v@Nf}_+vi9`3Lz8{quVpoC6CQwstOLm^Q7jVa?tm zhEn&78r;hH7=}j{H_TaB!qDrSuc2tEQid;kl{SppQN}P>SI%%KqP$_;jtYkB1u7Xl zhxr+bU-CDE@vJN5KxMPIW_{Lp2PyTh%iBajmvt&X_<$UL-Sk6Cw;7??xJybnR>yez%LE=cMk2rGdQ+qiv%NGtc!i3^^HV$a7_o zVL+Z?hWim;81nxSXPC5pgu!FVD8nSv7(?C3;|vEkO)wODI>~VPlc|PJuT3|sSv1Q~ zWb9l+zm@Y119b}xyV4dL_I$tGaG*`9;phJA40T##8e(bNA)E7(`tzn;s{{#A~UWFvAr8Jv7X<(EdyctDF-vr~TOf}(&n zcE-ysV*O|Z+n%=U^cLxSf%KAU5gX`2TP|%RzxQ8j3!CP$$Hi9crIq`iEn<)0|LkIE z5u4>wn6`wnC1Ie>$f$n7FSUzpM*i#VV$&E4kY&EqI`#-9t*v9_C?1y9v4M;Z$TDAQ zBioF2v9dM%KWZa;gl~VQ?YnFvYflT;m)poTBj@!tvT1I6+}J8@1VL*{*&~#Ey`^j& z_dr@k8r^fYmu*H)TlZJn%gXli4vZ}L&s)tl^k`1&$_*ZyX-B(7Yc+eA7WQu%m!w~g zaY=HvrcGy@!YIZm{8!r1exi+9;zb*L*_yU0Y0lQPo7HG0uHOE_jkfr2Zdof^CFX2d z+u@}VPyTFQE5|*d4Wu^iiM5rjY+rkY7WuM$tsDd8Sdkw{e|&8WlzrN`CmGtfC$h!8 zjj)VtGTiUHU!=I8wZyHU#y6R7pda`ZF|@~x)y6lmw9UP{;-1z**D={%xF(lO_7HosY_luJM6|To-K33!`1jlF?oFlrC@ps@ zylA=mn4C+iWXoOa2q_}#qODCaTPP3I)zdi$**k`Vko{vY`X_y4yjo|B zASX??pE3tjogsULI-8q3E$TbEx`|Ho zo8cq&(LV;Gwo@zEQ!CVkZ)?l>*K36|H%2UVOLub;-_ctJ^^V zY||QrYvTtN4k_&TqMk63v!w8H(qyeo{wl3a{*}U4DSxf-Eyg*$qqWbkR3w0!!!nYR zwH7%~&cz&c$y04SrI+iHGt?y)ieD~nFRr|`Uh$(wi8om4mDm*yV!&JLmD0(DM49AD z$&TU>{dBy!E_q+8OGc1xO4-WDs@qa_;HRbRCbiZp{;4*ia%vUQYB~A^_$+mOYE`lE zrM>_x^~%lEisBZ%ez=IstFErH6Sr0s%c$H!ys0j+)+srx*@i8p9q}dd{%&6ZH6gM# zlJ5tCv6s;b{3}@5kARVv2BooY>QA5nXMIZ~=e71>E`8azKm#QG;aJ(ffb?a*<~x=D zYTp7?b6d*f>|3Bed9r^2xECgD&VB~=sq$ZAzf=CJeGbUJ2IP8We*?0wfyMZ;kMrv) zKWCouq{Vl1Qn?PWWMZ+p!Q$ri@-w z|D$~rgsDCUWd8&cP$a2l~oD za$a$YZ9~$pgYBjK0oYN9*Lh+Ac9F_oj9sUE*{6adlJoxEz7z}>STBavQt zEx*$bYpvH_t;@FZT{YIV4ZBB`&smqrzEkwnQynN{z*a_bf60DSsw1l9*ZNYqM814K z`a3pf9cQEJpqzDFUGij|CEuUEt<;!|Z)?xD9@+RzdmA@0a7s+?C z`>+R)+)i1)ZKN){Bg_#-xF z{dii|i{xwdWFh(>!Oz)mi>x1OB3UM9zb&uUk8M<$_Sl?t3|bcM|dpUQq;>N4*%thN6aS%=DcbBC%oyB=qBKkChHSZlrcf2FQu*ZeR1 zFd8W1UOEUvWk)CHDlP$4xm0kiR^3h1s9B4FH|_XJ`|z!c(B=7?d!SCBa1SyD*R2;4 zT0c0fK||4~ag+C&ie}AQw0u9jRqGGhh_<3#`wu_T7Au2ba(sw+A><`OtA`^ycIxaA z)uk)3Ei$wvmuGITJbClwFF=e-&t9T;pJ?xbePv9`KlsRS7y0Q=u!;;-(LMtU6)rMJ z1)>a1As0nROPp!M$WcO!9>e6=apNaUoHTjL{}40v-?BG~7V{}y!nb6p zY13y=AqMC?Mb=E!r$BipwXW zO`8sFB4w#IZ8~<+vN}h#VX_NB;@!IU=-G?B-hD*077iZMKXw3t+A=Krzv3ge<1L@T zG9+9K9VRcJhjZ~PxOyHvMqW6JiDJ@QX8KFnlc#uSpQ#=mT#9;dB`V~lsF>SkUOZ;L zSn&E{68I#dg$W6ZlH>%R#WGp4G-28DgoG6<8N-V!&ovBRSw_3^+{k6;<}F*dZ5KOO zoV@Dfa&z~dz5BF;%XE9-dh%Jkozd~JRg z`Jh}IHI>K4)B&$7(DUCt{g97?gTo_f|CP@_+nzix7x=r||MJ}bE2rMo{~XqS@9O_| z_5Zv2pR2!j_5a_hMX>rG3VlV4C zHX-ff7){#G@dW8f$J>qt#U01zj;;)&l1Wasqo-4D;pL-#8T%-#T5# z7tZ;dc|+kW$9(L-*g`fU$$2yBR>m0Ot%pl37e=LbY3Y(jv~!8Xk8z139qlrSRE|Hy z2yiaRq^U0JN#$5X_F^035%DIBk%)4OGcLd3pL4lDde`M1X{L*V&V_LvbUHc0gC}Vo zT{+SUIs<7HT>xn{U3Jo$j9EmasP1FZPjxZ6yrRD@7JsyEGU-&^bkdo+WYSdKdeV)$ zO{7~G&4{%#mQfyYUUvcina+VnV2-YCL}SV^jaZ{=Ia0!oNvpU9kXB=yBYr7k8~HHi zT?CO^9b6;H>E}Aq)k}(-Ak}mgHNlvoIdi;$Zn@Ht2Of1La5WXCViSsH~-CW#a%A>a4>0RKbJPe>y@qde_J7tcPP&LY~gFF6A|<$LNWo+5XQ zu*uzscfd`&nvu5jYD3!2>q9SF@e!jtvG=^jkxpQgC&pFwT2H!>(VlpZ>$Qh;pVt9O z9%Sq%8*$j{C(>WMJb6>>l_wvm91Ds)pJytmP2OI-VU5l|oYa(mK50_^>!kM>7m6(} z;KsXEj{><#ix;R&TDQRaq#X+MBJES4FKJwXO{8ZE6!)$#N_dCx&b2;cMUn44igc`Z zGN~Ll%28}!>?oF5uo&-HTQY7GqYN=}6eSruiZ_~!9>uqX^7Cf2c%jy$4uu1VISXUd zC?dBDCy}l#ypD8d;mf3=NJ-vzHY?JC^ur>9NUs&SNqW1;1JXxD9+N&VQmsTC`|2fX zmSCg^MuB2oi~+@O^jkri?6;P5z28>S?S6Ym_xYuh9`^g5^qAjIq`&x`C3Q3e8mfzW zj1@)Xg<-M5RxB|*$Cu+qISR+h`pUfBuRMh`sq$XZyOpy^Mb*8{NSkLaB2CJhWFzu3 zx)e)Z_JmX{cU@s4JXiRTR#;Jyw9ks96;;II6_@d+u6(kxo5)yclgvBuWCv2GWF4tn zvM*`f-^1LIS1KBsIXJ)iPB=^rU~ zNS~)`wQtiaf)ZOIl zW0WgfaXR%3{`u7Fr1u%|DwnWj)GNl?W!x*`XKhCBb2m$Mg!7@85_ty zkr8C(jAFzrY7fTDV*k^oiKS)56307Gj+!O9WJhQ7yRs8WlNdvb$OcByVr)pp(PETO zM$)pOjrJMRH-B^iF;QK5MRkhp9^FUZHKuQ;h(D(z23C&j)wf%u{?9D`zA@3U(Ov~) zN&g(#s-*8zTU~)xQ85FfV!~f6Hax1|fT;elUS2x;ZqfZ?y={uylyeE!e6I>R&o142 zMMZQR5+QA$$lg)jcJlj1BHTmfgbZn*^1Z6-@@r)~MfZt~?B1t)pRN)8hxG0k-OJlv z&5>7rANu0!R@%2-U3CRtoiA!|Y*e5A{A6zjW_7Jn-v2E>$Un?lQvC|HtH8@^c~QbE zL{~JjSFeZ{3yfS## zqCY#ad#9-W-cD*BH<>MWt;`L{t;^Lrs(=5;u2CE>ZTI?i(RsdDrgfK>)#b{ux3q1r z?0t_vv$fTh*Ll9W+1|FS*&#gFi+sz5`hI1v^M3sh_wO6sr+<`JQJrpJWUua>BXS&R z7cHj|hu-TWoo94R_paUhME0_7x3(JBDu%Znf!Eii{oe3g)+JegY)_rHcAPs$_3sqZ zy>D!E4C}CLmv)A@R?)w8B@H-n>c5yTT+PP8)=s(CzwsKREB5AN{bH4tGwbcY>&3yc z?AILYEc}Mk!}_&XXI=i6PLMx;qddD@t5kaHZ*2PK31nRwKQM33^U9j<)k5bH6%&(l z56bhZx6aRU-L?6x86jRe&p%IC%R%vNs>}c8{q9vom+#d>sZ~7G9d_m1 z!t=;4|2!xyWu4^PLs#G}yVR?c&ZA>w|0oT@2(6B>P~awW<@w*7ddKU{4A{Mif%dvQ zZ`hku08WZqZ9`qFlzZ#$QY2gVPq=kP-_p8VuY4yf&Kw)9`M#}m?l0|eNuK41b&BpB zrPZ+x;VxQEC>dTQb(RAXp^k!volCfzR-&1uDycHlM(6n|ZeGK6d0)+I+^0*l*W1tR zSBon^3swGyd*kK549h7}&c_hPgnown6BDiRgV9qxBYc> zbkxq9fH(j7X}Mf$5pmWMeS+f9b0lnt4{)B!C*`;d&&zkwbj;VSRTSO@w5wL>vzFq)3yQ36Uq>yY4X zNRB=khc=>pNZuhmM`hjFAE*}U!2QV@B=27~X!k07&%KEOwMXmGx9B{2jAUDYW+)s* zBiROEKRSl4qPyrBl5GGQqLyeNlCk~|k>H*~#_Y$T6eRCZWIXF#^bEVV`OP#oHh_Mxwl;GU)slCh^Uw$y-vk>C!d4oX7zQ8seqzQsk!4J*gF zl<}qwP)pPvC83ol70Gy0IYyw2!57@;$k@@AXbF;S^`0WZ-Afp1iF%>FXeyHNpfbi& z6y>}|a%?{t7vB=KM;*{Sl!Q{yd15x7qV+x&?Ze7($g@#=NtRQJ_6;Zwg_dU8U?cpi zV(YX04Y1w#Jw4zDbw_-d18uZ?&zmh$7^eiC*vj3PNmc(DyEABCgNs4MD=GB)yknvLjz`l8QJ92$qF zp?H*l79s06eBwB9)2KX(K{EFADiS~NJCJp3J#oS^u3iVM98*t@r?&_#QCf~&fl`p} zB<);K1Jnd9|A~7{B*&)v9!)%Dqs8vaczqeGFULBR;~dKI48;W-Q3=U7{2){pHAc-* z3$*Vd+#oq#x|FzTBMzajkc`h4*I)*2ph2Zbm##I{Cl zQD@W@EkKLWE+ofew~obL@h;nmW}+mt7HvR}kabMFEBE+cxDVT?4yub9p_b@<)B!~y z@ca0gXk|&>FNJZ9w7~@zc-w z9$D@%Ip6UIqoF7cjX~2;GFp$eqJ8K9vW{&oxX=6sS;w4{J+b|^f>-`4ZAH~>wxTX7 zy4_Y3M~lC=73z)m#DLv*`pH}UEpt*)57v(k6$-ltb|SN*`s(u<54 z!i2h&%&pyd{h2$ka-m|Dzk9v**WGbI7k%deF_H2H)iO&VpI5(+?aozAY-I1gmIA)J zoOEstS#8tku3>#*V}^Lu)VaJUqg@-hRw=~QgmzJ3U5kHf>r%r1EbLW4=hR7F=y&g| zT`}2*JIcw%oxQ5*3iOwEUVS=6@nyuI?y=pv_lb~SYB#X<;d!lJH}2e4`!ba8yn=N0 z+HIJ;W%aP$cjo-{{y8_?KWt!BpICW?8m`UeWz;#c>$*n8Xg97N*6Z=NFMwS@>2Nid zR|B1Ur(WGzW<=NPV? z!?kk0k8E@jp{XR5E0t6 zMXNARhc_>vb$GqTP1!g{uY9`PITui`d1zQuPbc3HoulP6<4(n+X^Vyp+2lWeZ*HBt z%Cr1de&nB7mTmO34RO&qsr~P}%SPvx^W^iYp>ysX6&u+(GB#4dTlkGk|HFhF1V58FfPRfLQhXpx|qD zMtxN?afVq+`Zm>03?bWSt{FHC0rfuCd*;L*`Bm zq)o}2S?xf|O>qm?d`=+eX6gV#wgc5u%n)X??JQ^VsPd-TOqKM{Q73!roFXmt zfV!!+PRc)z?tLTrM#sczCl@=Rd*7B!`G)E2w8wZh17ImWs4|VRM}$6(*3IT zDXwe@Wqp+`scb1_ODkJO*|N%(Q?|Ua6_l0z!pcu2i_!Xom9D><)+=jJwz9HSl(jzb zutrbH_MGxl-C|zEQPxz`wUn)`Y#n6-l?_tXsBEyZb(O8BY>2X<%GOslOxXs?HdMBe zvW=A`epCC%AWr#dYB4;cv3!~<+d|ov%D%5`xU#L3ZLRDF%C=Fqt+MTuZLjQy%6_Em z$I5=9?5D~`DBD5VNM$=J+ez8Z%0?;MMcJ;(c2l;yvOSdTscbK0dn?;V*=S|^D%(%l z7-jn_8>{R9Wd|y24P+gxriUmyRM}z5ex~f_%6_5jaAo6^H7Pqn*^$bQQg*bmW0W1M z>^Nn|D?35iiONn=cCxZll%1;VG-anNJ44x-%Fa@Dwz6}SovZ9TW#g5duj~S46O>I< zcA>J1luc50v9e2)U8?LdWtS_vLfMtdCM%nwY^t)WlwGat8fDiiyH45l%5G40qq3Wn z-K^{uWw$E3P1)_r?of88vb&T`Q+Btqdz9U)>^^1pD|^I7OtL%5m9#QstWsfR*Oxfeg{-Ep$Wq(xmq_RIL`?IpYDEq6jr<6Ud>=|W$Q}(Q~ z=afCK>;+{nDtk%U-<7?r>=kAIQ1+^_*Oa}k>nfBF65Cvtuf zk4c}3{kHV~V|$$RyzTF#H*Ig*+KRq*u{;4EXg7#-sNLtJ!|le{If-$06YwY5O|i2T zQ|%VxFSUC_`ozv;Pi%<2o@d~d9omq#cj(~YBqANg;U9Y`qU!Zns>_a^;tCN}&VM7K z>Y>vko~hH1y|bgR(W0vgIhS(QiE_?$oxMf9zZ_}R?_H$T|A|Pe1|CEk{Y#Nn=^kf1 z@{8a8&GA-Ao?c?H=a-&5PxUBw7-=lGeP{}mBfNqHXSf&DyY(tlSp*3Sjb6mSs5 z|4ngND+@Uk{!}>rjcBaTi|}N%$T-qzMRtp%0(ndbbNL%`}C2j8$;X{0)&*%7YKATCm`lONW@j2jQFAn+~!cX`4j`Wz%3DTc@ zPLrPZxk-B8=OO81pG?wz#fKO75Yvh$6zBPL38xYcLRTVB2^*2GM8OjFqELyV_@zoz zC}Arqmhi*Zm#9S=SR$A-tVCnd<|Rg!s3u005S2dD*;Mkc#Ix{9pOSW{^gHQ|O1DYx zS9(Ay{7U=rq}|WY&rwC6Mf=71n;m%h=lGZp5ACj7O`xq7OO4S0s`qX;EnfR{E^85xy(O zkxpE>m-N8OZ%7~gTjSJ@rkqd7EiP!$YFGYAwAx>fQ~NEI^FhU_J;b;9hjD6#RUfXR z*OOJ+BCnyZj6BYrJ^inuA}>^@uxZ8ReJ5 z)>eKXHc0uwSoywRmbbq1mwp^M^1Z+2bA=+`=}X`GUSIn1oxTr}zI?A=SNS2>#>$uP z`3ERpzUxm^eiBx`_m}g^cmGF~-;ygD`Tk#9K36gFUBC3L@B6iUN6Wi@>096TOW*p= zUn}EmdG9ZM`R-qbZ1G*O)sW1uft4`<(wA`oGA6(dzb^IzmEQq7Q2B9K88aZupU2); z{zI&c9gz9Lg*paFzc^OL5J=w|KOp@*?YKb+_mV+x5gQ0zB@4+NGroX zc?y!gHMT%2lgmaFLDILz8MxqACNE6o%b0^h%D2WH$ntic^x=f0KN7o6`PSG2txRst zVI=+fSQ&#LkCBW+h*9}69$_SMCw~-nqsrfpJ*50o*fU6;12SeIHA2VrGgL>`tS;~^qdzKnsWisUjIVw)&G0xM%9WWJ1#Sf~6$*e{hYVyA{uk_N<;&O!J(Bq{hC;?n1j_Q*RFyAdC}iwJBl2yqGKNBy7vAhoBz{@v_EL$nr9-;+QIP0eeZ6k?|F-Qj~GSRzb3S zZLEyB$dCUqcD%|@#L5_qlH~8l%2*6pUdCfMBkAj~{>rb5jX_n&?~j!+8d`a-XdIFB zov|*;cf}f%-vBG)H40HC5*wxRyJEX3zXx`_@?~6yjOS>?LN8$NBe{GT+aZecd+=?r zGOk1BTVpz;Z;k8F{Q8#I4$bdoiSLlUjPdvsN#7dZp_S>${zua9gq86f(znKVXl0@; z@g34{i7(?g*5lh?Wju#gW}GFaL-QwF;yN^cy(P9o`quak>04twq;HM$(8{M-Vm-8c zd>QW{eQV5z^sR9pTKNl>*b3>(cnTRy5yQlO>oM!b5+J!$QTO;{KnX3D!)0l1(NG}9~-WGYb=IbetYsF zkz7tktc=f)zKqf6f#kfsurbPy#ST*b5bS5l{{kC_04tVwDKw*Li3?s#za{B|Jm0kBFFWKH8xTH zE^BM?RqAO>zZ@#u5HBs^lO{C zT-SvDlk1$ieRv{*w0h%}Yo3`*hf=r9!phiISw_aUUQqreth_ENO8$R~>!Kft`9yL% z+h7xvzYr^9TxGtDbCof!@;byC=PLbF@>Z)dYq2|&zYDt?$!m-~*n=wnORU35%QBs? zGFDbDU&hPkRepYK5#<-d)>3{QtWo)OvGtX2jkC39Iq#9zQsswZW$dk7zKp-!r~Cuh zQ_4SseXjgWY~G(OhyS{3R1U&hKOB_B$;raBZk;e~ z-YiVpw@-(fXAP1TS8TX$y-3=|t7MK}(u^6JHO)(OluMZ<9j-Bb`qmmV zXNsgbbNp-0o%^%~eIeCIOw`p}xKJc*-cq&Z)~&T`TGkz48p)lQy~t}ajR-J}8s%>q zJ=(*>^4N|5)3mvTO!MXyHpRymG0mUfuI7>@pVnNuv`5Wl%R1LwzPxYE6)Qy2N?yl% zh!Hj8;^cM@tT|$Y+`i9h%Jt8l9blT15MWxg#NV`ZX@F_jvH;V{WPej?YJh3gYJbxj zUd_9S;-=}-15E4J`Z`!yqz_f|w?dBD{%$pM* zU|PU-EMFO5N@3mHvzy`xS8!rKCMVx9rlg3Z_3NJ)H*63|n>J+|H*dC!PfK&=ovedt z^5g)v)88~>Mu2JN%mCA@Spi}52xYJpcBZs65x-}Tv$mYEV^>w0I7yZl@pI?)4@*cK z8MbIq0NXC(y;p^8+O#Qb>sC3BGt;u%#IX1UOT#!eY>&1qtTw-l@Z#7WtTb-iu1XUp zep_jhTJD^=yTTF@4u&Nr%4N#^eWKE=S#le+D6yn5V^3F_FyRLCTzWCj+_^U1oR3Lk z#yAC!8z+}v!X&%PRokDmm#_pE@t_jNF4{e%g3{3cGc{3gph z4jhx5>vQ#+FrhGI^7vV|aqisTdO8V*c#cQ>)TtsVK0a6Q{Q1%PgoNjQiHRls7Ha#h zq-pyO2ad7)?WIiPCd%z8og=S|mS@j#niubH+OmanVp}EC4jxH)iY8@7j(oq&T#VSZ?L^r2?PA1^9py|r zIVW62InJXsO-!Z$&LaoT{{YUT*fKL`4l9$GIHJswCF9GiTsf`G>eao=$aTu|Wy~0D zl=7tI%PabE{>QIfYsWS@m}Dow@_UXuRwTt)nBK9N@DZltli9!0#*L6Rz?7){eh1DY z2U$1pyB)N1OCD369hg#5?8(!!T+V+&N^F^D?p*c*VK?%;NlJo|G=F%I+XFwF**`l2 zI4<&hx8%$1;dpW$_4kX58|EkLl@TLG`i)e-b=4|=)9Td$rZt4T$a5}rmF0X`vBCik zWuE+PsxFve!?yaHX2a0@1^%W4&grBi8`BbaUb7}ZV|M!vd$z5*eVj?KtwKBJ-PyKj z(``&MBr|huO!MZ$Aa%mx#WtqpE2s}v`kRuI;W5RA^|L+eWL+>L#Fn04R;*}C*UOwm z?9XY_w0bgW)~sW7<}Wx~XYE=K@-Nq!JmqE`d4B!*{k=}I4jno2d7V+CMAEo%Hi6^E z%lgqdaMC1^v~+2%z-7zx2gWQ|wbx=gay(>)LJGsh`+Zd5)P(4klR9 z%F6oLQHaZIPr7M=xXk`YPuwOh!%+GTZ6ApAxS8TIbx->2b>i~+^&)+PHGiVG%>GWF zyi#1|KQKLoe13a++(>bm-=98uk+__cB+?h}5|^nz(|23vn=3AJj;F_O5|`m3eTy}J zs<_PlN}s+;T;}(tud(Kj6_>}26Y1lZip$HEiS*^TOBQH)rqjyK!OJ{A0b ziV+)OT%H4I97j8O4z2Jvt%MtS&e)SbeiF;z9FW%uTlo#LtZ9XH#oqm*;^;3Xp z>eK+PMQo^BEa$X5?#q|^n_xmKyKJS!%3jaqJY&WNn8r=;=bQ{MO`60qwBKbp_xA41 zD!_52es2*nf4)dsu%LYi=Lz*=r;t^vEcK!z%ctIpU%7Ik-`cga{kR@V+OW~Vv`N)_ zadCFq|F%4zw`{TF{Ig{{>`anF`Tu17uaWB+J9ZKOGbuU#X97$ssKeH?ELks(7-0t! zaI&yjPtM(V&dDU|?)aTMcl+(ywaG7S_g8-Me^RbXmgV}1-zehcHf`T=+;8X3)0DHa zZm01g%gX<3%Qce&%v)Ep9vfuXY4kp>1u-tyRY{{JE7+C6gIW4cR zq~*NOe&2`@{P&Eu+D_#|MIFpKmYEat6JKphhPskMlt%I*3T^Etou`I*Lx( zThY!UN_3%QS8YDaTz~!w>%8)sAkUxK|0!NKZ8#1O(L?kUjKd-5PgwL7{qSS7fi?s~ zZOCqg2a6%Bf2bHHJ`=~<5bkyqs7?O_30Mik@?UcA=rV}d9wiikvQ z2#TVjm`DsdSSS9eT`HDQW_gZsRMS|pw*R-{n)8H|YVQD&wljKFsO6oam%FL>XxP zmy5cho(SO?Ykd(W8VCjfqVwy> z$GD`tkp8!Qcyaxo{Andxiw}f0ikE0lTZxbU&Ff=8`WH)df8lxH<Cv@4M%}FJC6VoBB`N1Mi;y zzI*=r?)mS#XTyK@+3>sPzpq!x@1Fn4ee&-4@9SsAn{(bh|9$g*`K!7A)1Uv^YOU&% zlBR|vCyx}Vsl!6ntt%}yZt54ZdGk4&EnAX9wr?*fcI;RrcJB1`O-sw~yLe}6t?R_LZJWgQ?Kea`^nl)i!?b^m-{e~;le=WqOoe?4}?T*;JJ5ub~6D4Hqn(W0SZi3N%`t*$Q~kvvq5}a@)4`^-fER3)!afn-47r`i`fRC7ONhAf1;qbj?>pd{ zI=}w!Wn|n8LV$p{sROYx5@rx&$g&C;oTwlpAjp!XI1ofpaexcO0aWW&R8&+{+s3PM&rI*BicOtrh)tWGhZPk~ z!Dh@T!)DIhfX$kvhtHlp1Di8vE>>LfJvM*-a%{oEvL`Fi{%tTdRMlF@eS3} z6&hKnA));5y}h6QFp3!uyK0p)~W7VQunIiolSzW zG9)9FY}}{^_tWN^h@ zl+2l<2jd{rft&{JW>?sP9!`~BRaF6JYc&hxB)S_mnCn(nD&W3$3*Akd`oW!T3*9YS z+UaiHYNfkvTQqrp8{Lgn-M`kw#5xNXn&>QARQDb>=%Pv1ujfO^7qP9NC-C*|Wpm&j zpIowVQCqyU)K^kg7KVe)3WTdq>e9e{*Sk46|IK%`$$P(8F0|#wJIw#=9cENVP#^jK z?_FlpUwLCWC3)EVjo#QM=)d*gPD#$RJZ$>xSy=IMZ)^qdcyPBgCpQlpx4;`)xX=$P zEepaHFYb*kT{Z|?xh58?*qnz|ZJUN|-#!D|N%}Dt%gOs5n^5Qt{UFTqfycqt0nZy7 zKOq2{SkN1rHaiw8UYLiKZt;fxApqMBV~#!+g5``4$MW-Iv4WyJZ02eh=ScsCVmTA? zu>3M_xVWB&RRd2K?w;n%^2TPb&BH24ndMl{L~m@;_j%aj?cUf9Qsz4>XHFhgyv`e2 zze^X!rtNr6PNZILZVf(eewf~Z1xN9P3(w(;7F~wE<2_zh_88U%kMQrm&%_s3PQf>B zT#0Y0j)XC;2Hyeh1=vwMXLgw0oHhAK5N!v7zZEWbLM2?#mlDP z%a^ajS5!no|6hZn_zFOcHD^+o-sH(g@q&VL_>?J^@u^eaWU`QrX6fLefp** zg@xHoR;|iyvU>ISCP=Ra{tu@~QIRE#7s-~Ob7+~H>t;D_Tu;lq@dGR;Wot3j!KUQ<|&|~`uB838`poRPx}8w zpR{rPS6?@_asAi0{%c(SHR`ZZW9pacur{v$8rOe~>p!HQ{BN!QzVw{4QSR&I01o=V zsNEwyW)?OU%K_czTw42i9PIV*VT~>XO<|-bjI@68Nlji#Us&Ug4X)4!X-y-WAYHb= zTEYiu+kPEW02;+pKo5DEmR>Q^CvFZ}$%UXzj5LUgAPz_`8EGY3kb24AU~NdfWR(Uo zrG1Pvj~8P|i+Cxv4D^OqVC7n$mGD0_t4Yn_3fRFyy11339zlm z1J@Eh9e@th(K9{>n#Ok6A#5Rb81ya|!sjUYy%0M_>vbaDmwb+6CqV8b&?)RRe4hc0 zP)pDWMVghARwboRN$FA|P0?$hOL+skNotJV0u9Q#TBF*j|L?}|%8kYkBL{wF{Qh*# zAdOnp(|e>I@qJp87~ONK#U5dl?&uS&zP6~!-Pf>RgC6RCYTkk->;Huh(#HLOeFWWZ zP=v+(Y3=Urpw-#~qjX+-V!F5j_S5U?i|XO}csa(x+4w??gL83|7X;43`M3ZV;s&?~ zo*Lp}+z2-&pQ*~x1ecK56gR`0;O2N!K+W*xcniEG-U=UpwZ<**f#BCScpJPe-VSe1 zN+aJb@ec6Y3h#)2i+94UaU0wgx5K5l47bM}a7TFNggfJd;4K_T+69;6u6SqCwHxk^ zcfmbyPuvUlrv2**wh!)$hhu)YKOTU0!@tA3<2~r7Z?Ql;2oDC-6Ib9NYHly`S8u!z zr0&z7z96*_>qpD&vG@r=EmprbzaIENh~FSQ3=hW# zHyG0hJQDcjSQH+OEC00owf(M-W4_RREIy>cxS)7YpEx|8;n&blNY_pKm!NVi0Z;rB z->5l75}ph%)*XhYLNAa8(&=Dlkgm|%Z_rzBs5jokV(5J{%y-Rb&q*@z;rNI@2~RuD zS+wj(d=$ggXvS}C7j^MBIQopiQ?Tq$xEYJ*z>{41=`ixWIOEi^d63fa_yjy1-jkD$ zPsB5^N#rx_bk)U^!Bqj!6nrW^4WAA!7Gi~fi-2a}Gx1qqFT`f!bJXF~jkN};%Kxv~ z#f-Z0*IfQn(sSt;%=;gY$zM-V$-fro`JXL+O-=ZFzo<7mEx^&6ofhKg-A;eapHJuB zqOTrz6w}WcwDP3hG{J+nN3mhG$AgbC5cL)*)vA+eQ*V}Hlkb#b!zvKD_}}^|#mmTi zF2~X5`+p_RnKk4;&6ieRIcGmtKN_F^_vb+4{?h`OEi~>w$>AMdjr&iZ9+Cg=J!#y3 zVvfcC&A%J>pBnd{zDE76-{&>%KWXx$asR3AzRW_basR1t|4Gw6{&)Ur+<(%H6rV1k z#{H-NbZ_QM+&At&{dq2Z?cJ5ykMkbMy1hIwAiTKRv)icM2J3Q<865~SdNjv-`M|e& z-KL)s4R4nBVEMj1PK6Kd3>vd?!bk7nr&>ovye^CH%{u0F_TmGNGl$zHmA^5xZ`pHs zK=0sX76HS59X7C2ZTP{mfs2NCKc*~i`y$%k^`6H+--{SjLF6-JGF4?fO zc+uXSuYX_<$Zwn5q4Qj;_*;sRFR#jeh%Y@-;F{EWcHZcc0X+|_%()u(^4K3wp6=7- zxBmFp?#||A&qF$t*oPbzK0G73AvKP-4%l#}e@Wz>ojtRhGo8Da#70#t=pFH+iEw!N z*@yd!ckTS6)s^`C$e{JR=3e!cTq$Zja*ouj^Tc7n-xXbHA`fC#C*%Z5KV z-DC~#P)+J@O<$$NwZ-yR1idgWIPzKf)u0S-|4ogFs* z?Add|a^L&a8~T`RTo{l%Uy((> z&;FxFpPQBXYah;d-ogFVRoPec zr#p1DzG}DE_?+A9qWLG9-9EFo(DHelf6V4WN#Nk*1J_=>*|2`~ot~cUw=F;Uz_0k1 z>k&0$%)FLob{38Z@R&9{$LLPNUf-_6X7W<*H`zVFPidNXX>juq9O2Dj&(A+JFevMr zG)cBAGRg1Wra;9<{;;V_OPouW_Ic1|zFA)1DWl7J8Dl!Eg&~}IvAud$KJNc+tMRgu z@l!q){$ZhTli%;S?76dl_l|kvrUYMqWi#YZndmvc%YlKvuWfd&UB96oT>aENZ;E$_ z6vMEGZ)crzboijh?)J9gc+!G_2b*}*%(OkUZc6Rs5f@7~|HfX>@6FZ#;=0*y26;z@ z1)ADin-IG=XG_Yan#c{`L~L2s$|CQ;i8ec*%=o6=#&*G5M!h|)*K+>4W^SijKdjin zef`@~-t=aRejUBa_jOg|$kOGP-Whj!utWdUe))cqoI^R!B5mtL1+vR_>a+@p&RHHjW@vGn51 z_iG;Xt32F#NNc-?zN0?M-5$nw-12Vfg!PWGh9B>jbq=doy0@9joPE!%GBY0~v)}K( zmv;YGySJO41XsMf+F#aYY~ob|p}oibS;J;tJNQFd%jbnLE1SJZ`YvR)r{H2MpVau> zGxfzyc1ljz{&eA6e!rnU)1Gt~A1~MuIWWxS;ntOb>HfDW#t$54{KU-u_AvPtX^U>V zEfxFQCqFj${?6H(uGWFRoWZxoJ&WD`P5ZPq4?H&;8eCjwHHQCsOoh42x5mZKZuLs{ zdeioW(4)Cg=}A#cF{|Xt@jVyq`}T z({IyQRxkFWXAfF6y}bKSl}C8{pV}LYT6XPKr?d%&$M0X~)UL|z#gx2&{38+l#&*pxAB@z`WENrJggXTCtvT}NS`w&yS224m2Qo3_*S1i&u?3K_VVBmofYR6O5W|w zHuu7ocj&oZ-oEcs@3LWUU*4(q-?jBY-%A6U_5Wj7oZ0O2SBz7<7OpMm*~M(!^y6Fi zd3WD(V`g%n>X!4?>~`pNVAUFS;f`a@qDkw+)2eF{dT;iA`eWIBSKBh;W@oeD<()9`h6Pi*CJxwS_cZ2cj8gZG)0W#0dzNlJ zHDp1vUK4#&jyQD~w8Zj;<>vKW<1#8gOj#KC&0cTMy&Vc!I@5x(-ai|2*W|{K--`6P zyQi&QJ8$hB)(^9D$8G5C*(LqskL_)JPx^3v8DjVi>zvEJ-T49Y@QP63ygrWeB95Eu zyR8#fZmJr2DW%BBN zJ={tsMBTMHHaTzcwmTohbGGsq=k4Tgj95S8!ZB{ynm=AuyG+`;|IDu&b#Dyf{yOg1 z{@Lwb3_iDD;x^rbr~Afu<-EMoZ^CM6X=Kx@V-Mf5$(NjW&bo;G(!YIiANkLhi@r0p zIown~f8g1pj|RD}zUr{x+UcR0D<&Er&8un`?iKPPv)rR&=Rx)tUZoa1j869)5m@Vf zO~+>V2!+>!v2#5ln|GY~qxo-dJJbeFv06CisE%`p==;$}<1UYC(>E%>aj3L%`M_xQ z=&_?>edtozM8Pm@uEL_-2E)ZtD-7~|ms_E99=VG%BZ@-u+WXp~n1$NP4PDP=Y zc8;+yl*G%9ok)3A{k&~lRM@cb-?cq`)7x)m>){y(gq&fQ-}W=O6J~mA$Jzmo$49u$ zkrw4;md_a<;u`OAZujKEWs@#VYPMoQRPOSD!xv6l*JYOFqMls@`)l`)xpC-{-3R>Y zg)z>$If=S+35y{wTeGIJ+jB-9UvZ)T;0)haR()%&_Pu_8#1Ws-?DhmB!w=Wo58ar! zWZB|vzh=FCap0$sXZoB!w8V1gYi|3O@h7Kw{TA1$w`A|k`8AuiFC5hD+0hpjPC@fl zUOXW(^gegA`SFc+n~&~%d39Lia>G2mZ(FS3Z)$cY?A@;BcZUpc_Wro|^^Ykne!<;Mc=gj zBS$vch!gG=w$jXSiL^z>9FGWI^v>{R9e+RFIlFlIw(7ADCW~}EIquaP-!}by=(%Qs zwfn}p?(4s0$mM61yL8U#2lUAp-#zb*W26;t#m%4PdFHWOm*!8qTlmOw(%>x9`>p$y z9qXujU6TFN-8N^%bAG(pbKI1B9hPv8aWcB??$~yb)PI@7s|hQb{4)1tN&6n6U!P{~ zUMufv8hdB>?J*9M6Bc!@s$gfWa~N<{@8-~x?Jxa4;IgI8t_4vWZ?zqD%dVpBwlQ-` zy&itkc1U*T)#1W9vi@behB?++eJhf>ct1H?x##fMLoLo`3;ZIdKg$t^*LqbL{&B)@ zi|O>dH!FoK{O0&~#|KOeUcM&kwO*I;<*Sw~J@@Fr4=)2=C*1ISe|_jgi_xX`*g>gn z_H0@f>h@INw`*(B^O9B$^E$XG=k$A4blmXFE6dg23wrBbwQt&S;Bl`J*!VTG9T#lj ze4F%oJnww!uA=9hN3XI{W~XxW$F<&)5V!oiaT&$<5+yR{t0Cf>a^ zYyImzFYb)Ud)Q?#a{=&02l zgY{Lt79BfbFw!}?@B!D+4-an@y1&!mtyR;19dc;RH}Aa#Guu9m&dMzaUAwdG>QH>! zlZ897-O_4*D7@dI^A8qT8D}O4e{TID_vQgNaYRgDY?f$G{!eeWnQ!Yd*KD%Y)WoB` zAODDL-fW^s^ux|uCDz{FI3)Ppgk#@a6RjN7YQXR^N5ilMb1&8^$E2qo?s$LE9;;P( z)y3zBmY)+%Y`gfr_bkcfw>xywB8RpqIq`Usj&A2pO>MvXX4fxv+(F!k&hxt73AtVS zc8_S%S(l{quNI`VpO7I9(|M9ux%8mxrCisc%loDME*GXdjcCn}n4uS1Ju2m4;BNcM zHv7bw7xM6%<%wDm_P5+KEQvZZ+@i(^zeV8!d*CW_b<2knX?04^c=uo?I!@#B8 zPnj978PqTDP4oLBtM2VOIL~DKoSgXUzn#+3|F&jl2mV`U$>}8j#r=X87hY@ma8&Rq zv)0{?uoCYERK45wv`LN5{U_H>ioLN&Bz`+Y;eM8 zx9u%v+Qj7-a)wqHXPx~}TWhtma*b&9AJ_Ntw{*N(wSK&~S;v_lcMiC^|Hq3h+LV_U zsBk2T#8^GQ7R_w=pmF zwl=WZu^``P$EN(f0cVpAZ-}|=cEF4KV7gzie$$G3)>9(RB@eG1< zd&-EDaU*|m0SI5CLCk`G3mHWp?AkOw$IdOxibw7-EBJFzjt2d zJ!;U}pOeCV?z)S3^~m*Gr{WH8+=8S*9nOtEk8zhBHobX{J$K_Nr>A`g?wQW#yax@w zduZgXH%+>(6();zAFdf}HA;8I_Q_*fMi%D}U)=F>MlOpL^g>%ljCP zo@zF;jVSb0vk^K3i5p-1<`kkfP5PCPI_M6s{`b04x-<*jYI`i_N*QYYCrnX)- zVzE5-@ZlzRSC1>np78wlX@-04a}ta^sxs5w*j%5#xclkl^Rn*`@3G#vEb)84U#IA; zb^Fdv+I-fXyQSR;w?Dj>K6+N&?s8gM`8s))bpFPB2FsG>-HV8d39@hb^Ra;4U4N=+ z_Efi5*rRgA%l)nNJ;&TGX}a#(zO8r5J=*u5o6z;`(!h6m%kHo98{02w?GNMgMj3tE z>-xYJwxbN*8CX3l7)03m>5t3WJ%+Q_<>0xhj`LGijP@n2J6_o|bi3E>Ox+_bLe^&u ze(7!Y)4Wqt_4ia5t~cFeI=*T2wcmoSUH?V;AmAIziB41BKDaNLwEeg9&-Pw2@DHw< zkjTpnN?YYK#+Y+9WP(>@|NZxeG%4>W^uPwcT(Yf6Hk+>-9Z}fZw0YTqd%OMZGP1lc zxjuP%cKH0{TlmCjTa#jjQ(c|e7SP(aCWJC^0jMz0r|bN z21b3D7P;Vcmmgi+V=XM6Pd${#$&QLym|Yh0v(sbe2kU#@6{lz8v`ZExkRJEnHV{k~b_FW!EjU)}-Y=bW9xU#uz|``ZugQ%l|j-&((L z&~g72o(t}*Z!wIB9^rDddHJq)(c=#d{b;kAm=|`>YgKUUK$mBK%qi|(JJzzm>qUSm zyd-RP>#~xW=Z7D86+Y|5<(QuPS2pu5T&(+i`7ffHp8J-Z>-n(QQj&8s>vH z1~LzA-^l*3)w6$W`;l~kTuJQO+uPWA*tfNFv_}}jYJErf`P=okSJ*|7oD{oU`^k3m z?MK>8u^0H2`pvTY!G5vbMtiZ}62I+sXYAM5?Iq=!`K|S9?N{k{+3tz`&vvivAJ~1c zXGxnmbdYv&=qXKbP)gIKvmLUfr4D)0B@R$CR0jSH9zG0HX0uwl)^?k$uiX&)U+r`q z?zv>R-f&5B{ncf(>m`?1R}4Gk+(*9KIY@rg;U~yT4C`kbEjw>}Pp0cP+i$sxqw8ab zXAVEnY3ySA9r?@9&cgnr^C0ly{j5-HV_$z(oerJ3m{W4wj zT|-=M%b)n>_$9l1kPnb%lJP?_+D2BQ{^Y8EQM_Ck;;5*^9^Oeyee83;Em8fp&b5M% zbqV#cDzVZ$K|JaSxWiQ+^>gqUJ_iDh2FOZI1x)JZ1YuFWQcuut4BnfCKB~}Uxl}A< zxemFG@KJqJQVo5p(whdaqfr~WoSoDR_>sF6{<`xd*22-sv9lwFg#slw7C5$aSJ#np zkWvx+BuzPdBSNN}{02MFG279^zrwML|8B>LpKaN*$$ir-4rS2vNSG z?{exh#7Pqpa4A#XfKBl<-?aN*wA^=dI;jqo_Jv`!b6Vx}t+i$>rt}xx8F{t{_*KYXBcnu3@ei zYJm}56Btn_hu`I@MiLZyU~R7t5M5SI~dxvUdb?h51$^c_%0C-Q0e0Lo^F{`H@_x$sxh zDpMW>z7GY$$~Ez(;;6xnxgDWAtr&T(k@$PR?4d?T!B5nyIFNP4I=8~6TDsL{zjUX~ z5$Rr=lhU7^Q{`7}?o035{4RZFgUM=bUPzzVyp^(C=Ewyu3+1-9on;QTp0cJctK@Q9 zUs-@{Z&|Eunk>_HoGih1glv@UL|KmQRM|n>voZ^p4f4~rw`5mrAIa|6K9^nfP4MgB zvQ_@xR%rjqmTRwLXJpT|GqdO0HMehNXJ>C^=W6d_*UjGE&d0vH%T;-(%R_mD%Wv`_ zE-&RVcEjz5+Ksl)u*(1u4h~ZyP8NlI+#ms9a>5q9NI|b4l-$g zgSE7)gR?Zm!A;uF!Am;GVX$+*W?xIa@Tl$_LTqRJXC(%caWc{?Kd)A zTLane&N=d0=Pdb0=jrlS&J*RvE=%MqY&Xev*dCUB@GbP~VHala#|GkAcf9q1<`phNIl`Eg;sw1D_ zDw3DE`bi@llBIP``JZyT;dasOz8jK1;djpOV`l?5wwo!5ef+=kR|bp;NDP<|kP$E~;IiKh zzw`dT`d{;Z?tj<+z5gKpD1RGwKX)hhAonireckW+J@T`0^K)}@3v%n?*4Hi0KiNOr zJ=s0heYiXF|98Kae&KG(Zn18|N&iRr=laieU*}%tzQujH`!0}q53{(j@N6Pbq1!C~ z68|{?YXcSqYz|l&urol{pX;w5&^$m8&^Ev%pi_W>zk~M*M^|qbe^2jfM?ddNjy=48 za}4pG=-=NPg}23Rm)io*ZJtX#_j#`KJmLAI^UKcnJ@h?)_b~8$>(RvXqZ`}(qUUqZ zTb>_1A9-@UTDrA&`^MALvyeb%M$7`-znOnH$7|%G* ziJobmGdveM7CSC?TkNSE4o}=RIlhGFJ^c;b z%^Z2&Z5$1~Z5@}nu65nydff4#qpADbt|+c&9oxJ6J9;@fI+{Ysh4^v-dt zyROe2$67~@Q=$6^$5h7{$8Wp`J61Y;^rE`AL+(PSQ;>6I{`cK`IX3qm?`Y#)N~gjA+{ZkICPE$^}pzPEJQ z1>c9doPzI*U2ZVtRPvv+P1VwRC3+>~T)q6hnnyb;S356%31NH$VtZia20*4jErHqt z*#J2Kbpi4N3i1GV<$d8-I8ZD?DpQ{9F&ubfJto3;p~qbKF7sFp-|IZKc&LQ_#4g9E z5B7wN>n@K&9;ZAmQZCDHfIZUa1OI~2Vxv&uW7chswZvK?BqEJ{xdic)ch(@%aK8A0 zm@sN#oGH)|RtS9!BE{W|Gfl+oDo%mmtgu*o(4>kODa;p}8@1!t7~U3J@WcXhVG9E* zV+FgG-G?)sKTdE`_|#ye;dJpb@lm6v#>-6hnplgHMC}ZH#o5LuO#+RMa@~2?MWu#1 z29BcnMzzKVxig880&8KUP-5tAxXM_;S!MWw{ggdlWMvp8t~8D}vf^h7LXF|0zR~g5%D+sCZwoyE$-e-9!?rNEXV6U)BZ?Pgi#`}X7Nr`( z`XBz{yN?l)B#a%6kq!T$Zqmmj)TGA5+W4q(C_9@ylO4zj<;>>svuMS-F|B84ba6efxkWr{|MN=22TlTZS3 zLodTVhS`QE4Rypi;&`#x$jT_pDAH(|(JCVyW5W2lv4x4;q?Fg%^d7_x;?BCqUd9e& zPiI%NyK!P54svccZVb1QyO+x%#Dq2BPPF4$^TK%9yb9hyUKPaYD8!23NAi>Snfy}z zZN69_5m*UU396xF!i0SwmiZ7*iRiXaVqjqqX^?HO*x;bSQOKQIgEt035h0R`svx%a zL@f-ZhJg@UsW?=8QY*j+ApyzZ(aY zattS)lf=p76hnD0=2UX3IW^=bQBo{C%elfymE7Yz=Dgsv;1XO3*PLs?wc=WH9l7pY zFZguhD!6^Pk=%T!DFxglZYEdAIm?~TE#)re7IRl|mvL*j!zEX^*SYt&Pq}Zn5@NI@ zS7Jf5BdmxPgp@d{e^Osgc)=%M5=KN4F+>tEMUqL3Bow@H#9966Q14a|%ZNFWN@BjG zhNvd?5@(4E#0C9(#AD(q@q)ObUnaS(FXl;j<~$2tjG3IbQnFHV#jqQ%8}GLMaY?CZ zC@+$CPd}5F&nw`~LJiu>I}3H_9`8EuHm??H(o^0Co(|uf zZ^4)Hefc{jUVKM>Aiobkp1)U;%8%iP@t^9CSn+}+L8>5I z@I;a?5VB?po=J)YV%B0o1=QXe!D~s8R@VRAU9~iayPJGS+M#TghK0xF-SFN$0{(8n=UixVp?hNgJiEkSJME~ zKvOH0HS3K*KhqG?L8g(WIwBT)gd#_lSR`k;vl2|(iL9X|d9j9>hKVvwN10}eibcMx zQqf}3GEt7{1o+g5y0HpO&x$UH0$GKoPelrrj^P^-VOU~nVc3UdZRlv|YZ%H}V!FaK zjJ4J@%&^il-Y^r|;}+8$rZWxqn9esmBZ*{H8de#`v#JdpiG!xcOfN{TLU~^|d|{LX z9Ry1(6nk;RVu{#XY#}~v+Ctn;EEl_rt;Am9KG6R-io1ye#R~Cx(;KE&OjB8@;!JV2 z_z%-@;yb39tdXpTrjJdtS&L!pTP3a#SBtB}d&M=-7aSBH6`vK4V_gwn7w5Aci=T>L znSK!K7!|ODMm75HO?Awsvu3j7&_^U0WgD^0W*QY6RTxzp8Ja~&4jSz>I%zaSas~Aq zW=+l78B2}j#;wfUjpL0ojYk@%8s{4q7`HVmHZEqB8e5soXI(HpNIW*SF>^61Wi4h& zOx(?uvAoT!p`U?`BC|k~Rje?Rc#~9tPY()2U5QnmNgM9%3Fs;aM47&vOb^5o8cN6dnAf|t>0DsWpp}-Jj z0U<-$IEL8(Vep?fDzXKP2pJbTj&^_%nb8>8Qov56oW`vSV1F%MH^9TScq0HKLS`cE zXBOaWExECP5&igq$}42&07kTra!%U0fDs{cma?#MfG3bVP5kl!BSPjRWnmKmPtuZ` z47h-nJ3-4$0X$VpZaQE@$OKUqyeS=Sj?uiMG_MFSB4mzH7Q9Iv?iY|eP5fp7Mudzi z+}VH;A#;kdusMJcMbH@8#efkZbB?mGxquNNbB408d4Nkuo+jM+fDtXBWstoPFd}4B z{w)HG2$}Pgg_QzEG>*o|E(44R8C4wyJyC2a$Ou22@X9PkP)xs`wsA)}I8 z19+{LTm@i6Ou2P{*K5gb09;ASU8cmbjex7PF2IOX z7qXGPA21?hP*X=g55N~9Xa*nYN7zC5fe5NQ*+-yfhX5l&M&Gl|4L`=8G0V86%JpuS9AXWc>>}!A#Z2-sU39_#PexfD!J77e}sN(z-Fd}BS ze*i|r4EGt}=RnMGUjRmgOc@>aOTdVbIZX3j0d9!`Wb|vT03$*so0hWxEYp&c14e{Q zM=Q#91>9Ln&J8dkWCqdxxdTRoj3w>13t$hRE-DPRCtxp9PSX~=0V6`jjrOlAU_{9H zP!{F`7!fi^

    #Hz(FKW<6kgfL@nuXk=+w8qGmJ?*$TjjTF^XXhX6)oO~(V-y#OPU z(mZ7M0o)fzM)Q!}A21?EnuqKGfDt*+JY)|9j3{U+l?G%F28@X5Uj$%8-_df&jslFx zj`k1PO2CLLX*p!a07lf6<{^6sU_>^wTV%%pM%0PsAv+#0BBtA+fDygyK*br^34jrK z(qSMw889NIf5QMHdQZDWb}C>*9qDk9odFn;70pBT7{G|`({7QS0~k>|S`OLc03-6I z41$b#d%r>0~c(@jC6yPyH<7l_Y9t#)| zGU=3sd2MOlRKSRk@gTop%m-XZ^SaQy8Gyg1d97&P62PmqcxwP7 zx_Frq^=583AdBRWI#kbMC#qN6kq*%tvLdPVb)eF^XrAZA(q z1{l#QS`OL214gu-<{|qjU_@*>zR3OqFruln9I~GQMug0Mn*SUyqH-D|`z7F4q@1Sj zd<_^8GOuabH-O)2$-M{sk(N`9DVQFH82}*@Oj(!+uno;?Me}R{2Laur{YQ2%;BX*j zdItl}1!Cq^0pML)yxo8iA!9&U*dD+qwd76#M)W%!F0xMpw$Vq9GZX8ymGjM`-HrQ z3t`WtWPbzvoaU+O?km9WftYnI2jYZi=6!0eg6v$th-T3|WRC-kXd%r*b{^pIK&3Pf z*%JUGT14}Zoevn%4>S+i69FT-O7oCC2{59)lc_Wyy9jVK5HcRms5tHfyi1Fh)g0Dr zKzap~EV9P{Ms!a|@sK?oFd}DKjF_RsM?rn`p_I0dB4(*9vfZEjdfTHd=DFfSt7DoB?;ylJfxU zqb27LxQCWpPr!(n=?DRgh{@{>7!i}#7ce3wuRmZ!%sdzX7!i{<2rwchFB~u;CT}p{ zSRiH?LjWgh$)x}u2GosmPTHw}Gl2TgJY;7A9u5>u^N>9Pa28Mw%|rG`z@vatXdbdh z10DmEP4keQ19&13Gk%i*7Xl%pss}}Y=W5B#16-yhR}Of&mfQ-!>$K$71Kyw|w-GQR zE)_IsZw0&!2pLsessV4Oc~x}X-vJmAGB0Uf4PZo9fByIp@sYg`Fd}9chXEf0LPj-q z9S4jE8I^yh0iOY4=G7&@muWdw{H_4LO7j-dak&Zj77)|zUBHN#cOX$AD z3NRvMJa16>+7U1!WU6VN6fh!W=xz`T1dQko9VW5|15T#pV8|d%3gEFoztM8Y&I3H2 zl+*NKRc&A#1VYA~var*D9|GN@-IDgVunq!3#+I@$TfkvJX#7JgWDf=$LCR^uhy;uX z8SVv2HVQBzWXxgkMRqh`M94Iu<&=OCoj*^>AUg&yqDwRn*|C5VfS7%IB49+w+@WQY z03$+1mkuKtFd}4b(Q+w(5g~J%=A{BoBYB#%WdP39;$;IKOY&fzNxRJf{IizaBfyWf zcuxWUp~b^G!TJHHoNj~2ZVwm{lh+9_A|}sc8RP*FGhcE5FVNyyEQfIhh$$xpoUFym z0z6uaHwG{wWZq>^<&+J0qL$ngz*Dt&(*Pqv=29r-wg~VnExFl%5vl7Q$QJ`%sU^1x zFd}4j(EhCkj0l+xG;a-HM96HWd20b9LS`4us{o7$8I^zQ0V6`@F)g&?i^ELuTgiJX-XWj&O7s=DqtG$5tY4P?0Mud#2%^d)Y2$`L97zY6(Lgp}C9)|!Q zC3%`Ko&$cN#S2*t<37;fcT`y*I|cAAAlo4n5817u#mdQ63;RiANYIx74h3S)YX%a+d(V)soBM<5(pSG9KhN%$or}1=>yfhwO4Q9NPti zOe^vmy*^w^kgwt&9LZ9@VjOuMI^>W^@&KxP>Rh6c4As=N<`F9Gx(EbOTIz{ z#bQD)J}o)POowEXzb$^o38HIUL~K%WT6$cRSWa-#l$pxZxb!U2wNTo^S{;#iHQ-ZS!4)Yg$jy6IW1b59ub#drVBxH6*Lk%65NRN^whY>jC7@$9z5bn z%^1OXs-6W$qz_SOL@jIxjw*aHk6;G`_VMf<&{c$qxrDxtLJ_18;fUYYQxO;t=qJ*# z_z5Qjb$k=c2>rBlWl9>PQWt`4{;6QCLqJMF$(ql>2|a|x?Fpee;^C0@N;0#!{+L3b z<_7{>Y)y!j3CcueQhNAMWmb3^BsM9Q${r9F(a*k9W`&SX#Fm5sQ$8*!oy;;_VwQwc)A?e8}!KulaanZ_Db1uPFD2HVz)6&gb5gdgwEhRZAO(`~p z+(}JMPNgENpnyd&4k8i5L((JCmFg-&)f}>lK%HR6Bt)bqMx;Q*QD(JbWR}XMwJ#;& zla!vCrBFFAmlJ&E1F?wEg?ykRfPSJ#WukgZ*BJ`Pb)0dFIRwE9i5j9zj6hWjDrH(6 zR9+M_U4;sYI}!Sk3CU2`QKjZdO&L+6+**5~#|lcye6bFpPcr_*OILzW7h)QnKqwq#G!-|3bkPer5Vsm% zxC$mq>_Lba65&JRlA_J@K};w$VMdayPv5~qg#kkxF~lthB3hY}s*HjXk2Yh0TaJRk zF~6fjaMh_pRYFt4736QkL+K+kov$E&i(Lp_5}7D6>1G639?a%Ur#vV!9%`+EpoCGX zwG&Ns5_J-7PHgi)Sw6lyGnXUSx4MI?|J0nbzzJ&Q_COo9GIl~6SnHzT-d z%A~Zo^teo=8JqM}!)P#@IUw|RvzbcE#Y9p@OIH}J2FEmb7+UQ(qQ$JUza2n2#mi02kOUDdnWC{|f zn<=z_Dr3C<^Ng{0q)!<7DbrQGJ=Lt3ef|u6MyKD2;J}oD92dyGlP5K-muQ7rM64u4 zsmiqEjMOM)cp6zxR9&E);jCWp)~Z1U{UBXa(MqGn0|S+xG*_HJ7)3{vyJeV*_Q>Ma@6&@9l5)m1f0G$ks2B@p$Np1c#c_E}bZ-z64nDUFsGw)3pH_mv`r%c?M;HM-+B!$BWm7bbR%?mgR9^!SSSQaHX zA%Tf)9F(e3Rpq^tlVajxVRE6G=7?o{{Bz?>Z`XfbndMibGh9@He~3#x}j zkq%+pJ0&(X0(wnVwMWw^^HfdD{znD z41@I4%{&jy<5W{UcS4v!MJ$^31I?T2&X4Nki$En#%>(~-mQ*o{OO+>darOPeOwp8O z{W)EoIDbJ|QUk=7lw~zen5*g;Y6AaNk>7(8hEy(Rq^etqd8{VGI}(QJ%GA_|nB>&N zaOPB+s}QLl^r5EMjK=hD7QoLs1YeQwJfEm1$&x6~N}%x5v%qdmb*QmUHsXPP1hB>%Hk zh!!^ur^(`}9w82f?p2k`-a{giVwL9Gb-pmKoe3WJoSgb)IZcqVRAPJxG2~`Sa+)$a zT$2}QcKRpXl1SwwP?aZ|-r+N)LH7>gZ%`?s7^`vwO;-5|C@f$GQzc)&sHvg)3yXS@ z4x{TuwFWXc36e?G#?KTtIRb(-l}p}e{zWcy(!x`f;87G>Wuf^Bb19`>osl~uFuS5$ zC@2T8Jz=1Vf-2D{pZN+Q%~mB_tDFDwiP5)&I6)a35tT(Q_QKP$U^Saauf9ao6ST4m zA^8?F^#~)+l$3-lty)+0^=nxw18o^Hg=y&iQ(M%U`N+(BEsu`oGt= zFuDlTT{5~otx7@7$-iI-6*pWdsO5V7O7W`>VHA*^}5YN~;LX1LHNr9R!KnlE9NMi?QEBU1(KKb4*os&*NfGyevX zZmk`Eg`vtTRTiabuVub`vbs=*5Tfx_Grvdsnd%wzpN_DacJP_JQgyoZs`qD`9lb_H z%O{vVYic)ad{CwInQoLWC9TT)#o1%kmLRA-SaORDHXnk!dj9=Mo&%G6a@+^%vq|=AJ@B>tt$Qwk=~a-;fl&Wt;q|#gCY|p`)6&sv<^B1+7(k zz*dZ~J}Fv1KvkWid}}bkx*~rXU_DVfz)^oT?G|@xAnNsJ=jwp1zf_zKJg(vOo47s0 zpN1BA>HsZ2FGvRkb*0`6y-r=J_f#DSv#vBGMTgL{?)+KYk`XuN#9Hldoqc@9%o_w~ zFQXcoEQ*=&39dJnRD0i!5q^VWbRaPeP7cIO=M79A)WI;zs$n@zI1O~Vb;4=jd4u6J zEJugaSG%7Tw`Sx--7Z+|yTzZ0&>lkpGmm-d6fpCF+EZo$YY9+ZdijO=#Kxr$$%wRu zZE~9-5otr>qLNcnY}9MQPSm+$r`Tj0I0r;$kC~1(a4e-vO^QfBEb3S?l0`m~sgEq{ z{2*GzCMU-xC~Zig$cz{p)saMUDt(}7KuJ&tBw!2K&^InY3EM#AVMuanh%#O5Oz6b` z6E=C!jJS=pmLu!BE}%P1PgamFEbhP*w1KA$o^GJ25geaJ#HtRZRFFP7Q6@zzlcKW7 z!yPVpazb;&u*^=$h)jr!f*q|Cl^6k$)mMn92VK>CG)o_@j2Oxk<&mO7#AXP36Z}MF zS{lTMI$EKo>8yf0Geajb zJZZBAyhu<6k%vNQ3YD-pfDqC9%~5d95gwNmlWc~LWq8t-^*o?9ki9`J0K^nR%ApFQ z6YaFDr1XdpW_<7fPP8dxv5iF-XvMt2D&|V)$DmZwYr8MZ1IkU^Or%QU3q4?DqG#RX zI%<~x`8vfswyRU6s7hJCN&b12>IdiDs`?O~inbzP5sBKiO}!G)%2sP1l{*D;rVy(A zA+fkCK_n+BlVhNHMI}HzL7vvnr644t<+FlII_wJW;80Uld&m>QhH6R=s%h4%ZM_L$ zs*>EfhlK!{GA(8bPhF^3D5KSdapz?)E7i?#!7}QB2>Rz}CzKV%X3(ZFo!n)am zj@e-votjSWkL#lg4FJ%lKJ-%LB1&I@e!{V*I>FSGyhHwJNwrpd3N=p85)^p#>lgT5+R0Myjew29FrzA-0pIa#0<3^M;eBU8l$m zEi{U?0z3z|*yeB8(gAP#bJQjJiPWDb%kEq+i-~!2-?+j2akJ8Vsb1 z=Ij&o{~hX8H{=mnv$e+n>P(b5)u6h=`cn<$g?1#xgX(qu)cEMwU<|YZw?+!@1ZqS>c1r@^e&bcv`qHC>{srp;41*t)?iAPYe|8!eW@ zX=1}u$_C@$PO#vVen_%vT2+7Sg6$=Etd-vi+7)xOr{dbcypWpU){E(69m1qR&l`+r zbApIVf?G+{Y#e16ywjfKkewImWi!&%&rw`pok6ik0cTC7Ql}s->SZbw8SQwAZ3$6S zLL7Bema2qXqi{nA4K*COeoRC{no?mvJ%+t7>M3$TPDjv@kIDraS2QlD$7&ZAGq?l~ zt+nXD(J6m?L}o;|YEgxD^59Y%;ssOdEC|Gy6oE9NOA`qZX=&u8Gc-(a6=L)(2tD#v zJrO$)Mx={G7_j0}5|rU+VVFilaL}g6e z2(vcefU7V-56Jo$OtQrt!0)sn5veKU&V|!AJ zNAhUjEC~_H39>1u#4JfMA@G^uq61ElMD2wNv;!%|2c{-OdqRSQpnHsfn=}y&>2FDC zl4w#JUIc@(EY;4(t`s!$+jcnAmsISf*A9Yu1aOP_YIYw@)q$$(GhsULo z4Kgu;S|q7^5o1~kHlX@~3^X?o5qBqACMBa2-lXV=)M#{riQcCQkBEY{l?E*v_3LV1 znk6NN(88MG$CDNn*R8&&!&f_GR$rK1!!>NEzi`Q#zOo9JE>nCE{#TYskeeJ47rwb7 z!s50r-0nuZ7<4ynv6aE8KlT{8C+ zG!py4zm}wtextER*x=qD!|!e(r03jjA>n~RiXNWb6|{446GAT`Vq{j`L62m8X(50Q zXoIfqP(!l5UJ-!GgFcyGVsw3$T25f-`mA@5qAN5AXaN*AJUGC|8`^}01Hqy)0W}tN zHo$on1!+IXri7mM?&0O55b4xyIC>&|i!^A3Xp=-$#$TxJ;)IYM z=^Kt->;KW{-P9ojb>^^IW&Fw54I>Oe2?mbfVVfE5rzC))Qi7QU*=f|@RIC$%b%4fQ zcjQcN6wuYDM{rOtpFr>a;k^UD3xq>pg^1xjDfShceK1^V(2A7U6z)ybj~29SBf=ms z2*yMh7=3(weY|^xK+gdC9BOIU_h7cN`MQKr16yU#jZ+#Q)ZuxjdcAl9ZmiLqAsDt4 zX$29O3qdX=rN_Z8cPhP~L@i?sG<<4H32u$Rr7%(p1GeNZO2k9eJRp@1-Nc6(mM{m`fs6K{&gj_z0spZUUSXlZ&3@M5Nb-bezcPFwOU-+2|}R zJr#8R>d2yEMORMg2WnwC(M07h(iDURRdhI@losepKUcZ6I0Kho$>jhP zPqg}krUz(oB_$=p{b@~h)vwC++*y079f4k#`nP!^L1>>7P3MyZWaN)^%@L{!99&TEYHT=%31vT5NI(QwQnm>YX}Rs}vxR?UjIQ`Rlr)q!Iweqj%ovK|kl>QX|yxu7U^B?G)uKZhir&=1b)M)fypgj6l z^6G0TkE*K$rHD)^NyGgDEj3BaT|>14Mm@4dzhRXB->E$M52{P568{&~B^|6keZdpP zTxxdkkEl!jX-JxTzjea;>*|usariH)OR96Qj;hR;s!KMMJhXy^V}XA`T~ZzQe_CC# zA&>vIy5v=yFo7LpSaqoNz^E&uU#2YyWy^S%h+1260`rEu2WXd2A)q-r(!?b9`fKh%TGssE1WXJ(wS85)$~vQ6;a=Y!x;owok8XDE2vt2&20aQs+L;O{>M};wf%*A zKjb?N(3#a=P_@+Z=8IJ=!JYcG0CmSah8`7~dTR8jzP75RR#N`Ds->0(e?`?&%c)B1 z=burv)bhN}RKfhOsan?aic-vkgE)BC(U+)NYOTf<2473n5@Py^3f8bz9eHO%QD3X> zYpYsn{%k7t{T535{RknXl)lw^fx)turRV}r=(ey2hE&`ogX}SpQiIBFc zCHVN4Dh1j=Y_!CDAQS$+eGJ<;>)cr)Vct9bB zLVvp$zEmG~E>j=3AHjusMO7w-Ze>IJ1}fcHjV@!uQncz_!Y5YMVvPc*gLQ-JZnZKV za}(`Tl5}Vcomf=~YnF5jomdBJRYk2YrVdx56Z;u)I`E87FUiCm)mn-gzqHqF>VUuf zGGRK{&#U4(Sbw1^?k5H5p!^vtH*qsYEY<5dbs9A91$D4yKBay7w8|~)7}V9MrC-O% z2u(|X_VRNow@}T#MCJAqVss#%Rk?+EZ~gamsB@(~BNYwHX~JnhRhFT0+wkD5YMjh) z8t@0=Lx=NcDz{WgXlkiC6&jV>21IC&U8s{SvF1fEFxtRTm)aA}TUpc(D5uhVU4p0X zsFkVWFlOh(Oj$!iq1u0D|MCezI;tc7WY`in)D{_$qpG$#P>t5TrkOV+O@|!Wz=%|* z`&GMDbyMn)nB8wfQd9`GI9x?0j~M?(LHsQpXNUSa&JKU39a&{@BJjP8aF{dFoU<8(G| z?4i49(;VH+n|I!-s>;&YvSqT))~y_D8_44rN0tM&9{g8NPNDv-qOwJL6J z3Ab_zee{cpJ+Qg+I9N%E88#oq8J-a+oP1nw;zSNMX_6T>xxfRPGSv*5R_K8h6>(%U zcA9Z&YB;i8Aj`wdI5{~SS?)M9PF@~IHhzK`2ht;(IMD-}RLJ2Jt@6NDS8zD%HhEy1 zL0%W*5IGY${7EGoVm@FYiX-Vihd*r^hnPN(!!KFDAr`LU@K>+l5Np?S_!~BGh{{S1 zf8!<&v3U!JzjYgjs0O!s7>ARylp|ZVp2OL&!2_!V9vAT@bBKaf9NFrP9L}cAW?0oW zGfs822ey3&N468i9poS{IXQDUvf>gB=l`+y=HXPe@89s+rWR#LgDpf-NnsD>9kzKW zO;Q@9P?BZ|O}2TS=Xsvzd8Q}{5s@S%QIWAIQF*RwZMwU^&+qqpj_3X3eUIZkvJdvU zu62#)b)KK|bDnG6caf1OIVuT7lao<$N*ao$r=#SI94eBVhez{ksR-QXD)9dbr^TUc z@fql<%xo0R$w61;=AvwQaD9a+TM^t}3CdPlj;^X$S|2mES0IN#lpK^mMH3TIauOH| zg?n~H2|!+ma|KGStV9V_RVcZ-8bxYqPy$>ZCu~DQ2@Z}_#K{FExVlq;ZlDBDZ3+%pdyv@dC72IaQ0-H14?j&Yx~bWl_&+s@b?-qnb5%5W9_L3HV@RN2o#Bg=TV3v zMO9RUzAq{Q$H(lzm5R7|pcGGd?!G9&F90P622+s`cpk8S7)l6_qayLxo~THE0ZJ$= z!Xw2?I>ZXkf`%dv`6wCa2AF3WEh<9E#T6(8JLg(Fc4jP?9s^zU#Up-DUQoxQs7N$e z$0~TwnToi$polA6j~hyMUzTeG6|_6e8XX301atYMAQj}a)hDU%ck}E3kNafPGvLJYb=7N%4UGaz;CSN?_8%af?=(0y> znJ5A1JsIdd0ql)jScVe77?cXABT#>9QEYF(ZV;LW9`S_x3PA~>*gAmRV^DHzJc=YF zpoGL^6iG=%328Yfk_%;3jAAwjbOQlrOm>7i=!}wGTv39XH%i9z1D*#aE0ho!jgn(x z@W1zu$=%h68MAF~Bj(?FScylfs+iwm=M46NgL?$uOz=CFip0g^g%Y4lKpg|DOT!DL z)31eSj(Efg>jTyVzA=oW>pJ4Od>(Y2K*GbR0H@#{sbEciVAX%N&!-}oUX)OgQi#7x zHoOAvn?^-240fR+t`Ogr#|Co)dqrr=_7OrwfJ~9_<$8EVP#$r3B)*!8)PQ<`KM2ha z5A+J?%hGzVI&5Bzf$|!<&SQI~0euC10RADgY&?>aiz0d0*h{(`i3j6Tk(fWn$;2aB z`6yCQPQ~yXlg+YCLYoOfDZ$WgU>~R}MJT1X7>|^cQjsz+Ho!uJhP9(2!LUs>6#=*f zbODnOXir6ou{D5pMO1Qe2};29c1c%(trFokMi$lrri6|i{6(y&oqlAnsDw3Ut5&(9P0S*z0 zpdCUi0)19M9fW$|gh!mA{pUce2V*bc3wB2I{!6|R%;!O++ggMu5(#wy+66WixEG3& zfe$4_KtBTU1+y8tegYgvXu&9fj%^UD0bbD8ONoz13BXRtz%LMzpzp~>2|0x*xd`gl zZ~yw|+)&Se{-vTwS{fcnr>~owUxOzv`(q#*;5WeDz}mq1lW9&U0mEg8kHshf_$YGe zKmLXQ^%&?C;Wr*Qp>kMzFDl}V;Q+u)%$EZEUDA8dp6(+YQN(F^4=E@iH4P=FXP|PK znJ6VI3ngbmU89eWV16265xoro_)s#?MFQ}l? z?hqsVVwnA*f2@vShWqA%dO+tXWdA@s5)_1zgO~S{jv^WKH6pom*#Wyk34qU$0slZS zKLf@9xwZm5QWcYXSYd?u%kR4V1BQitch0 z7mIB#DT(DMgaT{V9Tz?u0+AWO@ zvF{Je$1srY-w}6TDxC)`WBxL3fHARkLrh+h7bcrPDiQ?lVX}Z&1u;5ymLm?@;BueB zb(}>QjtT+4C(TK#69RIT=ArqmLtp@KTLj~S#R3BWqk!LL6)G>ke+h7D%#UC=O6M$)4^yz1 z$rB}ed7+5+GJazC0&p=4rDQ{22hS4PCVg!Tv;q`|aZ<=7m(~XM3b7Aygg67*0bWG_ zm`MQ`NOpmK%Lni?xNms=(8oZ&33**53OEnIE69hJuo{yIj7Okd{;B6M9tuDSz<0_8 z1p!|ii$~&?WQ}1ohSbP9tUVv+nDBW+uu_4c;`v?Mt zQBbaQ|3oQ;HVn>UDZW4)pzgug7}~Et3SyrB#`ZxUj3Yrijfzo^jxJG;iMhHxHumBG z7LTX*Udn(R9qMb|6Lp9~Ovt!8&5vEfKTcdDK95}k)?u7tS*Mo$8sroZH?vSeb~Z}+ zja5tfh1m>dV}IZ+T(>74@mk^?IA{kLCg^FvZ$?BJHa~`W>{s(a8)k&vik5TnOm6NI+q@E= z%cZ3`c4c*oe5$6|UI6ZXajhD|4g zM|UK~6a~Z-7vo|}N_x{ut18l~t98 zYys*jw4E5>|3F`ix52jH8pBkm6EF^f__^d?u=ohWX@EV^kPic_ji+LG$OPpFF$u;& za4s+oCU>kIop1f-@X%JF4_uNxwjMYZJR|69KwnIUp-n;ihkh2uqj0?#N20G2>lXvo z4{a9eE$D~M;RNDc7(c-EKz|47SrCo4G`ELu-TgG)`iHT5g~x62iif@ly9ewAjswTQ zIPw;+{4#bgh>!p32k`;M9ZT!R_6Pmo5}sh|fqTfs178Jv0qBp(b;)M1`*1yQ9@r1u z2R4CX9NY~>F&^ZBqMjvyKbN9t8RXnmC|X^OaZVKa8n8c*8^L@y3VbXIZ~%q&2*yUS zcrF!>rY+6Q0?!1tDWoC*yFk7Lj9ZCE;TZ!Q0^{J(P{@ht@OHkfeOaN>OViwFTL0JW(Xh;~ye}toG1e_c4GpJ)r zTmk44O2fDx9`%RuBV21W9)^u)7zL0rJ}g^u4qj|gDT^!yO?{qSt)vLJ)F z68Lan`w$}n@JQftu4n1o{uN`uI1c(o$iHDO1k0I$SODtm5+A{E!-0x8Li+lL23VoMg$yfL{C) z|3Kdg@uC(b(0Lm4(;(Kz_&bQ1AxH8-3BYHQvAhcAn_$cg_%qZyh*3*%C+2qos0iQ* zNDy2nJvIWlFD!PG!(uncJ)nPG(h;l=^fM5PpdLaV1!W33LJY($6p2g6gIphs%jw)3 z!@XFP4DgHqVrFtu21?0Xj<5gpXV4!nof*c998e12aAc4(B49cNv%$Qk@`4ofz)KAhs{a`+(nod=iX- z#U9Wem-Pt7u#g9ppmOw_AILW?cx z1nseXF6+Q@4scoTmwW>jQ^1@)Xb-Ryp+Rl~F=xpKgE64}LH|a;&JE@}psp)JY@0WFVIbMJ~6pV|V7v_gR zo(*Cv^$jt2u$Cw{N3^y0y~A+ z3NZ)jCgc?`HUoXJ^}(~mu9@EgzJl>MEXI$d=iUKkAlP%LWt@ik587is4Eh3C4{>>k zE1-1VgT()13uMd|u$&|PSrj%eT*vYnLg+jZtA~2JTo2^|u7B@85ab<_P-KZ8{KN77 zS3%4Z4CO?CA$LkDE17>6^{Z;CS%WH!T12T*#It(ojuW&7^i|<7usJ89$kJGg<*d_ z9))>BpvNffckUXfxF66L+Z#OJ zrMwlkH;l)D7!Aq~wq2fMxgNus|Bw&VttCJFdrZjVKwnIkmgTkF7s?*X3DILlY!8^9 z1@l7vhIyzZ?uf|`#=UTjP?wk24Q(DiR{>>qXooNs%~KJ~&wmW^D;D4xryYo|4hR+( zpB5}Bxhhy%>L6HF79dz&o*-BObqe&ua3zM$b+GH-I`K#BiOmPfP`9BzF87OvF}4sm zzfEsw9@4&^o~H-Aq78gwViE>p6Rmxdl2qO$XR+I7XR8e5`hW^m0Cl*a4 z9(M+QG``z!zS#GKkZO%RM~K5}X6NCE=+lK(>4DjT2j|}!uneEP*YG{o|6o~I+I!n$ zpR{6cdr zMl3$=_Kf0NVHeDNzjR0ZivZ`r*B2ZIwZpz^UQL#1+FQCMYCXD{kMCz$xR0Lt&B1ry zggAz0rwG5U+1uuy_rB;WopInKS-hrZUtH)3mr1nHam{;an(fY<&05t(XLoqLCbs5n z+TTLib0gb;AhfXFORh>^AwR-+L}+nCfkI z&DAoKd|B~oms>qv@Ic;Aj&m#_NQ<}6+(>a2KPe|&lN77s9-wrW($$tyVeRUey@%!CsC1i=u7_%S5NmM9r%5%d!ng4^ z+d@1X=2m`x`2N#cF2M~tys8VI629)Wu^HI9p)2)NR2=vG+2&$lgOKoiA&;kWj#^>m z$j^Lf10&;0#RiV11>PsEgklApGNrzGZ2DwU-7hKQpZ;)Yb2rX_jM#u=lz*6}Lra zWo7THtKPkOLnm{m##UVB^A+VfG3Ui) z6SsM=%w%e_nburvZj5}y^Xp0$TG0KnwQ48p9b1Qr7)8D3DZUTUQ?pfD_I{cQa@3r1 z+57n`Tlr_PyiHrj}?)>}}df&M9CTG=}=#L+_?0Z#R`=h{SF?-~Y z_vwHFn*vsuZ;I`iaXcdDCo5)Sx&^!$t=XMI9tq^ATZ&pS@7{7*z4Ph2o8L)eY--=l z-|e+|c;3mRZ7fPT?Mcu#m1yDa8yX@DxR3RmtMA)dA5^pS>^eMd$B_6XBh%K>V-1_r zbM?bg-YOd5`rU^cEyG(kuX=8&G8u5VHr;cq%(b>|r(a9sYD<~1@r>tRNNan(-I7=4 z|HP136s+HxuiV=@`*Ov;cPUPu0~O~Mqy0FkMIDcYPxy)C7=BC;tgm22xi;5^MD)sB zkPYxmBZ;nJ>&g;eSoBlZaw)lRK$+yX>hb#T-xrJ4MZ6z;7iezZo2Hmc`C;#$Bly%O z+D7F~`|2kVx(jhL;oH;;oVr){s2!$K1?C?S?TI1%*S1)m9hDZ5x@+@WOWR@>~j^p_iRHd$3f2wYb%;7@Q7XgV(A5+zBj-A^pJZQa7$xWt(Iq~Vb zbypb%Gmq)NW6xkza%)yUevI8I(ts#>;=r?d*Wh1lc7`7VXx$qldbypirOVgqgH6=*N@d$K52pNs(>gUAQ=P(aNYTVr5LV)YvxSS>lJ>e~t81ybJx;GQLE;vtcME6qtm9ofvXD`%c&b6!=5op7)EvL; zt1-_u>B$vy8ng)C=87odX?vi3{*-2dzS!LzQHSi~V{l(Ds{UwEzy4BUVIX*)GsFD| zRDa=@!Rml{dET3*Thxg6nzvQn%`%X-bB{Buo(NK$dTl5r>1A+#cZq44wDs++q3bW> z7RECRViR|5aSG(iuX@#d-!5a_NzE3oiOn{`(W8$y@{V~tnO|wlV|~LjBq8wDSwZtL z+V?gYBkr~1^Ezc4s2^zC-j+E!&#XV1ZpS~&m7Z^R&-}`p+J>f5{lCdhjue^F?vo$(wc&e(p|`XQ{W);U-&$*%v+b zMVV%7?*5Uw8yB9xCAB{>KGki{Vh|ZW@%hBoC-w;gloKu+wMXx1XG+dozW3(w3*DmB ztuIBUUj|dAz4DLz@D(`q)DSIujw(L9aip!($c}rL}Lq@;yE^g4pJ-qecZR+q=pF{Jpe5?u4 zDy5Oqkz8?C@<+-WO?E$K>@>wS-0N!e<`*%a6KFS5HGMr`H>duiC*TG(YDjgK`^UPY z;WCF8^kjm$>SKZmd2SuQtn^^V&9`b5!Jk#5+b4ELFsB_mK6at`OLUmNlarY3V&i_| zwQXn(!MR4%Oho!{-CT0bUZU>UuHmtWTA8;YHhgX}9Vc_wXmSQCUvfTr%V1E{+2w0Q zIM14jc8_7nm!liV!&|T4yW4-{!=@XPMopbl%KO5#9>B0G?>1* z_VlcHf=PO_dFREA-;Tz%XsMp6PFBo#4c^^;e|^fOw)ddzCw3qG^{11)1OqQ@lkhh` zeD=VVkH_tvl`zd(!S2|D=$G#{ES2^wgca zpZA>7n;eW$p(8X)y9-8qiUrA?^Z69!>oSCQEv6fYjT5O2(b1kPtJQz>)&4kDW0UDW z)1WS{z0P1EaDq~iy{@}>dPbLDPkdcJpY_8pUgFHFc_NHV<86<1nRJ#;P1tI7pQw|% z-L(Fy$Aarnwir)1o77~yo?`BMX`?QV?3)~MuCx%=gw~^{oUVItAK~rPOdqJ+{aE>m zTyn>bp6obR!_M%L_Wo^}Ni3$fSXwt9vT<4rQ0*?@+0#VXfY$BYZeV6#8l)R5U|iWO z)I4EhbzV_$D0;&2+O6Wdhm>Z;+)Z4AeAO~H?~6PgJK|F)Ew*4TSJ)LiHi*nKn-K*Y zX1+T#zGmuw=0mM^dVTlHce!1wcX?@aX&3Cz5(zzdMNZ3W-OAh}tWo_U&vPg@yjgfB zUi$PtAEvSOr0f}f%#+;Sl|JXTM{v`VJ?(KPs|9=**`9sP5Hz^O79xz+7@ zm(_p@GSfS@oub^>`KGJM+28OWa+T}c3~Rg1BObPel;VlARG+nuS6k~1Dq>pg+6e|! z?H7Bd8|xyvg9Zh&9d4iBe~cqOr(6&E`vuI%!5dXifCirLI&-lJSI#n~}S>4B7URb>;$4u(D4&Um-oX-Pz z&c691HCBuCvKKUmJl;~(7H1ixnl?e*cfd$-fih`P@1|MKeL!q=QcCfvc{WR?qV0z7 zv#wQ+x_p?@diB13kaNQ~zr&msXUsQ^9}SAP>I)i}DcY&upmg8j9HHEOe`h)V^T5Iy zg-3W*m5o*g*PN{Og?Z11qu*l#JBHgw_nPhBT$3kXr(34^P2-JIipd?33)y{6Wxgcu zN-xW6X+~|K4ZA(e&XANPGcK|0TRrP=yErzh=GQNdTl#EGi3ZmaqfWa%moYXT*?FC% z#>LuA1NU={E0b*5X1UecJ3ky8303(Kp7xL_WvA=9W8dP_l71YZ*mo=lf9SK)3y*xD z{a$g6%cNuFr-9C=r!7KJUnl{rv1sjKh zN7}0v$*Gg$UZbVIo<(u~oIc$hchApqL?XrPSCgau?Ms!-kMgY=lWw;CRJ>(+j*rcv z=KEgsMCz)9S{8AoO$Sm>ua7oi`_jHo=aP20kHs+OJYU0n>tsVxpU1JS(+#hK<_5p; z4_F`5+#Whtc0|N4N-I;z%IrGmRpewq{-F?%Ujq}Pr z&3@5g53?p`eF|?Eq|W&fYKokGmWEnd6};{&fX ze63~QndsT5|F|>!!hP46z#@s&Wx6?K>9QR7#IjE4HXK3oEex^_~IcDBVH&no2)7>Zqc)7ElodUp$# zjI*fwnTg`PVfDYt$2a~8R!bp`{@QLLtZ1dQEhAO&W^kMFLFHq2q*+k6^6lY=yF`%x_Pt$SLpq!M-Qc zd3W&c?t9}h+nv&)VphNDI&;!4mW`O<{KYhY;bHfB-Nh0fO}#tM&P-KHt9{kj>s!~+ zwtK%svhw;++-St}w^t=y>rW2J`?NeC_ z6Sl_H*BpHAkly*Dgz;^rvCfnx`QnG&i3eBQPEwEP?h`+}ikf`oa!Qc1`1@vimxC3S zoco{bY4I%|E|05ulbV*Mxh5GAx?8waFl|Ln*wZG_Ro-WjE?-Got0s}wlaBKwPDvW# zagB1=e_q`FYhuM>r$Rh+$G&DuDZB3*i(As`+;p0_z7AHqI`ounP5AY=XGZ)^b1%Eh zO#XXPxky|U`!zd$#r*+lM5B1+_v4LX0c~NXdy=h#?_76pH_n)=-0)VZHqZ6(?KbU_ zw|y2-=T1ko*7bV+fsVi%Rzkx}sje#8F7#7FbzYUms{y?j7=>Ui=2UuwXq<{U z<|HorG23oTJ1_r?@7x6q;?SJBFg|=6U*D@mLq4;XSYJNNb)0o`Q>dr1q_E;$&1-`X zUv^H&h=r z^<&2zH9mW>b(&c-y>8+*@1B|(d_E!J!%`dQvTnihluPJyJxv2e{Dab4R^!pGKcvQAfZpwhaahl3I zZeHkqR`TI%%?p-EvJwHtA8~Ki#Vb;FXK&uzI9OdtA)fZyfU>il3>(X`;k%IGc}G5X zldiwFbj^oQ1K~&dk8ck8W5UXoe0~ z50frDeK$hfk#ahu^p5VvvGzDM6A99y!U`jSK;MbLpnA8i`HEk)tUATXGNeqK@}dk6 zyK}V?dyc==dr%u3@}7(B>u#KE3}Bx5 zNp1IdP1~>ceFQ?toIBe&VpvMCjEeCU55?P+GCSDofBtAY?Y!EiHER!_1=9_Gl47;$ z&Ef9gy62n)_v>{cl~aLZ&ttBUb=4QRMt((W=iKb9#iy11FfBcKFLll7hG#p@@D3XC zly!`3C8F8<$IK{i_W6We;&w{9qR7_s$Dh{!`1z0j=#KUu<@o<7H~mL>{@-P4^uNpd z8~$AunfX_l78?GqvQTyHzsjPP6aOlIX9)STOf6HZ{IkrJ()IDrve*abfIrH#8KL(j zf0W~i8OHDaC^OYP=JWld{7|AgvEZLF6)?J$um353^kCZj$n&4FN%q4}wmHAcw3|F- zTYFyoF8gO+BH6mS{Vo?DVN+gzF5`DOVZ61Cum0I`Io^3K_4I+G&dcSd6kh*|l*=j0 zWd%;5nQeY8ZA)dUGi&git-P|sQhERI$_kmD6@Cdz<>c3U&6%D&{``2UtQRWmph3NT z`3Jo$G!;{FWk-6>!x(y5^aAs{Ju=+9vJdHH(xXPcfri6xoWEjas{O7Lt1l>ou3Qs| zmAT?}7p+_I_*PrkJ*?d2x>2Z4yJ|yy%@i!t)Yq<=ac3{tA8{iTmg5b2d5E9(4<;+G zt%hYZtKI15mf;P)`*=UW@^Ev)v0B;or{x`!fuKl@Rn(o%VP<6B)|gcW%1@b}L|^26 zq}G^U7CH>diJK9}q01*mZ?%!``hnRzchVC3y}k@>aI7;bLJ*-GS)rBPmk6;5CX&(v z2qM)gJhN3p<26G{jN&G51W~cyQE(;nd59VZv(NTCgu2@JM*pf^dv0|d(46}65@|ZW zV8P~|!udqx%Z?i_+>x6aH<{Q+ef5!v$EZU3b;TrzQ*Ur&KvXbRGyZ39k+V6Oo zs--e@_0w6?Bo~ohbK_Ef|A+$@_NG#ItxCJtuJY|&@yz0x6@%^jceg)H-sEwUV|uPG zPJP^g+t0y~{rnEzgW})v9)+9}?)kha$zT0OT{`{LBAL@J>~e9-M}7B+u4u`{HKrR+M!r=&3%>q{U252|p@)op#2}W1!Qkd%$@| z&ZjxaPwsIu2Cb$xF006tJwZ_mTPz=4wXECKo!Y*rBWPQHb5cWoujZter+|9aebRe)Yw87*A3y|M82-N547#1rcM7lfmjcxPA414i?D_$xoC%x2{-U8hSOoy6=>_QB#K5o@XDP5PxZo z7SrmZPpXLNJF#1#9fElhXpqN z81sz3a;ogEPs{G@YQ`yBDCs#(-g0MN=hw!5SyRR_sl(knpXd5(UB9fF?FEvB^rfsv zKg8G8iF+~~3SD8}P_GmE{g!;ML`62s$gRgGuajRbe0%BUck@F}($#UrD$#h0pD#Za zM`TaAu4+5SK1xC#RIlDFe6J@v-5=NBpRCL_yW@G5SU&rU&iMhmmyPCI?fTASZSX}O zImsQx2bANk966|bIH91qJlXZ~$&#%Md&al6XR)6A`Tj{U^Kqh~!@fhdr&l%}JDE@0 z^r%2F_q3_Sb9rBzY3o<wUt>qZYp8(-PFb=OhD z4}7URE%X8}IN7Yqm-MAn-N|O1~cJ9*(Yl}RBA-D#*}3v zOTypy9x2^97BDt$_<{2w^6qX};rKgQ^HTHel5h3D-itb^_~!bABhoowS94(|!f?}Z zSFhEXNi>$DFUH)i-pd`CHqQ+SZWYqL%<*x==gJ1N3Ea#6SN3atm|2O1hOYj(%fD1dLm6q$?-tuhQ}+eWaDEmgpPLHe=<1SmEX_QXxTo<7)#n5aW99{g@2uE znWj^pv&N!j9U($L)il!l4Bm|U{rW}C$=miH+wa~xrR;aNW#1)Z?{&HRrX6CY6)imhje-`DbUKC=JS&kyFJ zcVFt^9;}XwEyt}p^z*Glp}>Izob+?e#;vLwGHxFe7Ce)}s#@>$;+vsG{)msQHQ9KD zrp3`CA0l&|_{|EQA4Ft5!WtyS6YfVQZ>}-&Hoxa=d8hc6E$in2O_|WjGU^=3v~9oM zCylW17Y&q*;r*qH3%C@avphAmZN;8z1c#FrZ>qMXD;tf;;tFIgkS{mB@gAW))~XD0 zRxwi7LROaZOl^K!)tg>E9B_Tz(R=Kv0%I3?#kiimm+U*2BOBi27Pw~U(S}hq|Ao~J z;TpA-+imdub_qj=if=yu^6UA?OXn z8{IoOG=eM8_^=`0N^pKg&HBm>BQsS2o`g-W()Ic6bahzHSKigRmdh045qQp&C#KJh z$>Mb%$4ia*tWwooM$VlX8jQ~a1NZmLJul4As0`ffxw8IY)bT*qYR92Jd3qtFSKcqfO ze^|kg%;|lz!7aT{Ccz(FBYTeViAUJZmxpw8>dlS~TMBOyrd_Bh42$SW z-E+JyYi573_Y7`nU*p_hVN`E?*0AtyhxhTxdiHq;lx-v@8RR0m?Ii2M=U=qX za~dpUGP*A68ZJ!K%C$Rv*B7e{aW=0rlBmp_a60|@*7ak-{e|&i^CybMLWaIiM6SO2 zJ@}2gqWtyK)|E!(nYhDGWN-3(^4998;2u#ZV!LlJV3Iw-UEV5OoE5-&N{?t6e(Ojk z&wKkF3F}K&mdF2exqECpIOdJ<4V~zBE3BMr*Z3K(y;J{bVI)Vzx5;ly?u)`pNBN81 z-!$XxEU5aD+v{uGeEFSmd_+y0=IcX-?AjH#UT>M8FwvfG9`ih(%N3cn;c(uFF0)YU z&a@n+m%+3H2|M_bV^~BNzj5`dqDE7l>I?p^!c2CHk(qA#y4SN;tXGg0-Jx-$P9-Gc zg5UBJcbX_ErmbQ%;wLpaYq%ha!%*t>Lz2J{w&wPXL_RR zd2jO9=UP70P~3JT_E3)J@wo7$Ymtp#ce~nt9XymR6Je^H>L#=+vOjHoG2i(k&i1?7 z{W3&b?sXsFPe@e1cqVRT!}&T zoYAZvO*80VDOr_q)Na)e;l(4LKD&3TicF`mzG!jlw_aQyB>Blx|Kj-SRc*B+hxF@S zmCdJIOm8~3-p@foL`-z@*>JU+y2TybrSDuZhd0<+C;Me*gfzTzcr0t6K6a`n(5HxJ z?X4O8!77*Y2HWI)zFisc9c#6{elaA-B&1xeJW|uUa2pcV(R5R;sxtM^Srx;)SmM1O z%(o&~&RaYksXHLi$0#^g^KMK~eNaXCGtZYF?hRXSDn zUiF-IH8|f*S@~RNue14KaksCBuUng(VSeP&clr!2drq|YLI-zMZKGV;!OB`(j|}iTPXNi!Lx)rdwZ*tq(u3N8;!`{J!hY(?^cxPxIAU zy|KGI_1a|hsx@X;_$Ly_(|2TR9B%3N{NSb3*wN(@94N!nvqLH5;#-L}Sr*;23R$N9 z)>5DOrijY>58e1ze@ql+qXvdY3&gLD=<6zA3)r2t>S<{$07Sn7;zn5>&sriYx7NXFSld| z-a6PaVtRl7<;=+5E0#5ml8<-2TMRwuxzYf~rPp}D^wz@4S9QBSWbe(y9UAziwd>eC z$Fs?mn_gUHbC4RF&pu;&V&t85+FCbuy#$psdAxmS(Yq7+9lh!M<5{^^Yro!jJDy)E zU4!cxiAghyZCp1>W5=kIvJ1~)y>x-OQ%0rdEK7%yeb2^Zo#NgiQ!(>Sm1Rhv zjrWwQqF5p35!F6+s zJg(eC!xqo6o|4(^lj#Eq7n`%s@YFs3k{S^4MeG^)r|5q2DED7#&FA`Bmp{8=a?kD` z{l3ATi?4#eO!|H|TgR1GquU!@D#)fd7cwndyP<2t#TZWYdsi#loG}T3UKZy%=H$T5 zAG?P*sA-?w^jfxyJEcxWJ>r^@p}tie%^oeBCKkQ#fS% z#`n;-`cjXl8#Y8!ODBD^yb89LSczmiCkQn>P0G3!n!E9OqQ7|0@Z*nP9(W(--1Rch z{mjkVsgifE;um;AJ$Nh=*-m=2JIz8*g*- z3vpNIel2YobV8KuB0GKVOQo2H=V3<8a;wkwsV?Gb`4-kY#CJL$N#&Xpd}{S$JBP`3 zN_14=SM&3;YaIP<6$ey)(Q#5Wp20o*9G++uxk)DD3ctu2o2#lfB$ZpZaG6feyf=^c zbg@6vU*PzaN!2AW$;r&Hq#w?Y6<&M~iPYvM~qyx|Rj^zjWYx zbva?f+*T)k-r~=fm_(VXi-Mhs%K&jp#AP z64l4U{#DHylrIMzv)%@&nFLV;tgueRjTx?|_A3tYhd-8x;XO+HO>f4WRH=Etk zUfEZ8*VI7j-3lL*mpc_BH?##9pR7KQd!>`Vz-8M?O;EY<&D!!IPXENK7`7JsCZ>^$ z%I&6nZ;L8C)SuME&1;w*+CD=u=@k;q4x#2~+40=YAWt_}a&9N}7-_e*X8Dfm+k`SIq>YC=`PxJ;7b-s>a4S41ayZ^@+Cj5(X-~U(a<@87 z(1g@b&HT3KY{LOwnUeTCGEg8ldX+@wrh=AV({ z4oB8?Tybd1Che>Nj^Xj9$w>b2&rGYX$_g9QY4NXqBdJw(0HX#2XHWCzuX@fALQH#%S6oE9VivMfH=C z(dND{*9;#x)7rVyO8L1o#R*r~VR$n2uKkL+eeJs$*@hfmJARwrmY2u05OA7P)m37( zmuboO>Bzo^c3C;FJGc3iSAoaL=8~S+e#Y2qnyNeHCIohV{n4T6biO`u#f1#M zcg2Byys<8L5oRkd)<;2ud?q#r;~%DNyx6#JqNQA}FHvEgIr>eM%=Bvdy1fDTz7VylhWIySYcOev-5S>9I!Dck0gdhc0FMh6;0 zuL-SDR9SzgbijCz$(9J)YQK+1ygQEb552H?Q+cT_^wZJl(r+de0lptHTclECm4fnf zl1r+#$y`ea`Q_mIkiDG0mpv)7prMVGa##4X%$kX&QOf>FwDA4P@rCgz0P5?p{7Rk8u~gi)pU*w{!eH zou8PBqAK=viS3}>@?qbJF`ahHOTK(f4+L}%2lg4UVI*=T5K4~A9V@Y#KGye+V`?x0OKYB zqcdp>86BOUL$2;Nw^p|>D^}_N`LF+Pe&P}Mfj{)C|NifP)dK6d^yk0tNx$=d>i_3h z|F2)WN_t7gY5Gg%Y8GiC@im&?C4WiQYjP7@2%ZE#!gEao;Ug*$)rbR{!qw6zpOIQ6UywQ^`$^9w2T22xW7r&z zG!3;-!dfyrftS34AWP;ah?3O_`^kF=$H@8wW3my!f^0&#M271LCZv!f2$|$qLLT`( z;R!j3fFP%M$9Y=_J>)lpDbQwwFi-wMV3L|3ERqZP6!>AU^~7ybl0>T17NU%l305K*aB)JNhkDHamH^mdZ6^a0WZ=`*D3q+sd0q*!SuQj&BU92)y!mRKpV zTEd#wmX~9L53fJ3`i3~kEK&}kf_#K{PHLRUDE(gEn({{e5@lTeHsyu9IR!x;$sJa> zC$~?bS^5=_C4v|d%*fq@_hd$`V68NH8Ont8jPxtA2Cp`6H?J~bHzuFeL}95mIU|J! z($A%zN)JjWOXia@Buhw}2;$_e1QNNBP)jZ&G>}gaFG`&zUX!vX`b#+zL!>?vQR#0) zcIg;mu2dNM++BieP`b!EX^^ik<|;5CB$a}CR62l^_=4$=-X;IsUf-s->lyS!H`-0~HI zRIAdjW&f!{uBryABQkBsMj0`gT`~xA4E$b@@str%T0$v^BLDm@_gt=nWq1vL;`hqj zm072qE2FG^PsZ*4LH{G#*4nRSzRLJ$BglQ+Gh7~Sv)XpGpSVwd?14Vj|M_n(ZUQ$A z`g!4+mwIRXYZN(Ibsz>3T@>*`zeRFg_Jph}EX8AUz`ybI&pFwDc8cADf8v*}{`{t2 z|MPdL|JZ-@*OhJiJ?qjae|&9~&6M3Kn~$|nlC6h*V2R4V54yzp49XK2~!H3IXwF9>Uf~*0* z|M3$K%JDo7cn4mG4Gw$`{0;&R8!^j-*7WC`@ETgk|NJBPyM?C!uaJSzexd)l{eOM; z&zb*O!}1k^(C`2GcUda*ozPn@-~V&8Kjw=kizD$A@T&%XcY|MjaqMpVar*ZkP5 zVgYeOaJVjn4d;Wfi@nZ1uTMu=`6%=s09)Z zxssKna>)mz8p+3`ddW7@JGpBLeUcwY!;;ga8A*gZD*2T(DY-ymkq=Q|mycE;5O$HJ z2`Xeh`Ah``f+ksqU_dq}SdniK9LX05w&Ys`H!_XjO>QJ~l7;096rK{^l3x-&k%tJg z}s9FreW zI4wV=a8CZ4!daq?lqK=Dlr_;+3e}3x%9U57_!8r!!igDDJX+~mCGzT&YWdxi2Kj@O zG-A0_0r8R4Lt>xQJ>qjI9EnGoi?mgGC25m%v;0v?hx{qZI?@j54J3lJAW2$Ugrp!% zCh15^kkqB+Ncz%>BtvOcl9BW&(k*E_QiQZSDP7u!lp`HLu94a+?J519Z(_-VAxOEV zj#i{(D#=f7qk_8}k3x*xPK8jpEehRoW(rwy3JS?`WQ7VjZG}QP6@^!FmI|$!Mp`_C z&16ObCwW?qrZ6gJr?4pJt1u_$rm$8%Ng=2Q0~aDq6ErsqIk(~phU=vQhpG*rC$?gq!#2oDKqj;6jp_B3WGub zg-aohqD3;1zD)9yK2LIyK1{m$FD}BTy-8bIM^8sl$3RCz$4KYC)+4PH?HcVI?T6YW z+E28_waMD;ifd%3+>C=#!8o! z%$01E;P}&8-?WSsFDsfW+F;|~(ss}eQ_53{Qz}zRQ>p`PegYP45AL~vUq8hl?Fj7< zogAGQof4fCof;iRZB}h&9RVG7oh>@+bi{QywWZb4WhiR$+A3<5GFoacWc1XgWc1bC zw2!L6`N|aQ6r)rsR8mwLRPt1ws7&tqw(A3xS!J5asj@)jRasPAq12-?tMXQ5QRR~g ztE!;lHpR^|08hDm)|1FB~r{Dx4}@E8HwBA^gACdl$HXF_>V4G&We}VylVv zr>!Qj|L>f$XKyUmn7;4(|Li_KXJ(#xZu88XIky@7G$=CYqoB({e+jDd{SD^@b+J#J zdJ(5wec5NaU%Wbjb6VZvGaL4&!tO@SO|`%8Kh-6iS2Z(y=lR`Nmvdgz%<|3044#gw z3y0%39*3QS$CG=gVK|N=W%AoeAA32xI|BDZv<6%Li1BZYFpT)w_~}IR&Y9z%r_-0m zFQijKBdQa|zfG4j$8Vz3t>bsG_F2nDPPS+#-DyE%xOW~OUo-yf_)i#Jgx0$j3nhKe z4&n^qgm6MR!#Kk^BRC^Dqd6(wYrNNbXL)CPZ}Q&kUEsald#87i_hQWw%`(k$%?eGD zCRLN6$B5Z&qANY zK1+O-`7HNY;gjT(>XYG<3L~`^pf{HY!&MPh{E-S7nZYpjo?kXNC9w~MxE0k@@ zo65UNfA?VbaQCt9OWc>auW(OtPj#IMrfRk}6e|p~_L^sjNoYPE%=T zz$DJj5a0;lIN&7U&w#%IJ_mdexB&PD@U2OZ+qn|CG~jwtVt+d~PkJA;{gcXYJU;0R zjvr6Dh~pQN{%Xm`@^_nhnYf+uo$~)lJ)k%{+b2~ATM6tmm3ICMHvR*2iQ?>(1HFI& zz!2aF;5gtU;Lm`+ih|tE=a735xPX+{-_AFp-U4l9R2q)!qc-FCe$;*(%c71)u}nRr zJ2?z+zM=g;6ZLV_#i%bB$(?_Vx){8WAI=}eAIo3CkK|9}Q~W9XX#RBm4E`+s9R6JX z=Tlpzem%8q>OZF5o%-*okES|Bi=*A5J)?c2gQAB7%Pu>lOy67; z-xVea=ZL3^Z_6o{9qv1X_eFp8zUFOAG|qgzFMFbsU>Qa`V-$T zeQ)|c@D=)b`33up@tf?IqurxDrhQH=_PwGm^=WXr>~z(s&FQw&U8nm_51k%4@tg(D zVrQAN(%I8l>TDC?mWtQtaGIEL}$u*igUE{bmtk)vz+HR&vl;X9Ot~yd5QCK z=OpJ;=M3j8=N#ue=K|*)&byrVIdekP!zx2Vhh+}^E`0OQ!l9E!)P)`#S~>L0(9Y2N zp%+8{68b?nKg=!c&%g`zP(^+OM_$(EeNN6yz54%b?!{ zy%O|h(7Qnz-%r#L>YF~(G|y`;sd>Hv-`5!&n}-!KFfVaXfCRqHP_WY)2#3vr8%b-YAD}_ zJ{nD!?-buhK7N{T-`hdFLEF^9zSTbae5U&j3aJixQ4_66@*Sg@rJ1N%>^n&Fy*f=j zTcgt~@eS7eN1dS_TnGFHyT{6dDiBSYIzq zsAi&Xv~QmJ1;09jYTSb*HHvG>AXlYSBlDMsdCYLR=`u^0B}tMt$nMIQE3%aPl;_>=dhAoxslweB zy9FzzC|7tisHVH07fp1%>b66{laF;PaKGtsPLv~FE)AE>lX)s8DvCX32#Xc>UGBOR zxP>X^Dl0q|x`#=YN$0pf6vT=1Tt~?(b+ar(LZc7yS{-fk@X1SAkvBy{sl5#jRRI^lbR5hw_kMkaL zTvoW`xJ(z$5f%uiix!HOh)PA(qCDIm?sIK$z3h71wLo%Sa#J!#>Mx6wEtJ*BuF7V} zN4ZURo8>mcZI0Vqw|Q>M+?KoTaI0`@Ko3MJD8($r3Ppp0r{pOYDwXbG?sMJex$ko? zcISDBJ+68LsUlT7T(w?p@D9EU+FbUzOn1q0sdkAL#=(b3QM4#dR3WMp3B*cqxOk#C z*frdBuImcdQrB~?$Kca>cqNw1lPs1jlkAXOlPIO0(lFeQR-7%gE#*GTeF}V@ z<30m^FNWW3?w%ggJr;XZ!}~`bN>z|59Bs%_g?paxJmPu7Q!E%I7%N!dwaH83t?>-= zB<*@!zc1BS)vaoouhMtEX1=C7t?&4~?w8=V%5RyUnPb1+)1aRGB+nbqw1aseyfEHy z-e}%fo)^buvUIZRv+mEnsGqNYO`o8DPoJz$*XQcD;;Fq*U!p&vuhO4I{?EWh{TDcX zrT-g_-{|k@zteLkyH8%Pe@lNx->FaW+s50*+iQdaJO)a64D8}DaFEBq`#c6N@fc|0 zF>sW}Ksk?r<2(kcc?^8W`;hkm;2hvI;1fVS;EEBh@))?zW1yACKs&FUchd+dlT#*t z%VXdcj{#S{D}UwWmGrv{bKC}!`;y1N1KtDPeZcpCnSne$kN;2JKY9NF2>A?b;BDX? z9&&g{U~pjYH$%P|;u`E4>;zB()HK{5LIB%QXgEHkW=IRlKMYy#x5+Qx?||QNzf*p- ze&_uD?APMg>37@jpME@lg}+-2_5MHipXUF(f2@C;|C|1Y{7?Fy_rK`> zx&KxFTmE2}EO2AhE{|NXlfD`B(C=QeddIb6h z4hkF^I4*EX;4cElO`b6M50lSNZk&8&@?R&nO};hxlOdm>9j$arcKGc^J4)!5eCpSP zcKnrY$-n)6KwDhs))224k62$AFAl?lYXR-BeTTOGhsnbON5SfN+AfLKS=i|?MXSOT ztLxBhj*(@A%B^D5H9{mh=D4siDKtfdjmG@|5{m_s*+}RDi6;mAD$qh=U4s5t>c7Q* zyFY2uHnib>z_>tNpwF{|o*nk=zx==VcMDJj3=RklSnj{lf0zG${|Nty{zLr3{Ac(- z=l_BKS^vNJclfXNPxsG)mW}?e`5*Id_8+Jmt7j?vxoaFR42_JEfXM-UIxoBiJpmX! zD00xR2F)7u!k|@v-GjCbIx(ntQ2C(G0T%{+32+|lJXkxpb5Q4?YlHp;cmxwl|O&qB|MQ;OxPlgnStCAf!E{DdgJ_-ca|!=}(A;T@C3@!kVt;q&j6d zjp2;L|8Y5qQ|ENfX`YWIhxJz&<{Kn?Bz4QYr#MkgD>*AU3XVJHIOim%+Ns8=)TzQL z&#AyE%PGfchtn>neNM&nd(gKy?{HR83=o->9AckbbjESUz&@Wd#mQ2S3;xGS6~~L? z!-?Qb;9yAvClUW2tt&@oaIMEz=V3pI1{U#Z_uzD~tXj^GWM zJY@1Pz#_m%K%x=G^TzWg8G+(ayl0K@a~=b~;4v_r$3P5^f#33e%Xu5kXT zo?wfe*GK2#y^AMb!=DlD&;MQY+~^>FFx~~c61_0`&FE#(??xv@_xyf`iGk%?9zwBv z(?iOZZ+l3YdE-NJ9L^a|9p}%Scc?#c&T^tLh8H_ccbefe%W00&5~pSKm}dC8JCbh+ z3pnH}@FIK%PT>3jUlIn=BVTdu(k7O16Y*VPB{zwi!d=5%%gy3ub2o7}a|^iJxjXT_ zVIOEk+(TH?QNgX`p1`+aK2N}#>vSI9Vw>^p_%>E~h*DWY8W@ z$I+fVhr`NqIPu_FN^`S)LgbkrBhTR&Kw<22IK)1YCmb<2vhwZ7ceT&>&*516Z*8CP zpToHb4Q%@}aJI7TC-$x7ySCrxFp{qE>yP}q-ih8Ty?1+m?EQCdx!POpuO6%pqrY=8 z7IHLsngY!Z%`VM8O|hm_Q=vJgsn*nJ>NMvx=QRzQOPb4?7R^=7HBFo5rslThuI9dG zSjf*Xswb(BLyx_04$t9>+V43pa9+f>v?IZP3KlqoUh>u1lQDVwWX&VqNBP%z3V7j!T|P zfy*(MUwKwL?{cYgneBPWrNt%E<(f;I%TwMwp;%bw93%`Dh6_gt&pAg6$y08eaG`Lq zaG5X<&%3*X6~by^4GoJt^JJHVEy5+9ZNl5a`$B(_SmY_vh=N36qHxhz(L@mih!)Kd z%@WNMrQ%6BL$p}5Oe7Ot5*3Jch<1tcM8%?gq8ia#o-LxQqBhZ8(L<4^_+3wfXOK8p z947V`j}o7EZg7qiQ-D;@x#D@^IPqffTF+(T<>DExN#aY+S$OU)7Vi`1dRB-FJZr?& z;yUpq@n!L4=Qi!ffuAZ(M*C5w8??~4o&mzwjMYLow<3Ja>4_ zah>Pd=Df@`)iuL4$90$MZReZL`&>&si(PA6>+l3!=Xwdx&~2_)U9Y*`#FO-0*GH~A ziAEA686}w_IqgYF#!9A3W=R%G>O7Z7;v{n=cb%6@k|Y_D6_WeT1(IEok3AbCJn2;l zPjFN6$oZl3IhXS;0_kl@sUl85p2aoNaA~mgYfpiIl8%+mkj|0b^qeb=mc~iNf`!t> z(k0Rr(r-Ldr7}T|^#6J0NtJ?K(o#IV*GM0DZt#5Mc~#2yx+%RYy(WDmmC5{NN|~oD zNER#;dWmHdWt7ZQFiSQ=CiNOCTOw0>d3i09W#EZFNv08G$#%#JWcy^l^*ko?^{SHv zdtH`YliimM^AgKt@+ZByq1Lx9NiQUU%JQ2zZKzZem5gSCC?sAY3t4 zF-0*)u-of^*IYq~*IY$~*FwcIypK5Ub;>J8QR`KpX!M*Xs8AeJEEH5L#){8*{n_iX z=a=a3tBU*Xi}8X)pp+>op;GCo)F^|LpL+S@K{8S~Q5mMBl(X>uWvntg?E3&%2H*u@|dztS%Y^W=alD_my}6@ z7UflCs^B)hv;Euak&@@0A&|M(IRD_q^Uf0F2qN*0WHG+Fxp?Qe=ed`JHmU1V3)vCHPL&YK<^!n_bgZ_={;RlESRfWs9K_0t|}Ew^UhKgtB$EE1jhu` zsu|wZg6F)S_m1_xs;Uv(RXtQaQVBd|o}QksdE3ra|EJ2v?_%(o{YKVZYLCORsolx3 z^xotxb^X`#j`i;(QTAZf@A%=WBof>&F)zL?pXic>ttcY;8_3eSpUwffOo8a@A~%* zm{Y~E{@t1m=pq!kumvV{aRE&%c5-qO zizCCtd;wn|;F*2`G5xc;+qWvr5l4f=ieyzF^{!Tw0TgIYZTz-ug@CvZ|KW&O>`EHL z$5>-YHkBYt{>wk&kI8io69y97-W&Wl zIjqbXBk*JOLnnp@w_ow(O2AM5;|}oWO#j4UsgsjbAhqgGX+M8bFB@tbCEL|yYu}08m5vkww$-ezKBPwbgp+7N%Soyo_Ghm9=q@ z^`4l+uQz)=c|&}r)v!#geJhhz1(wqyWrZwA{m5ELTNS!h!d#46@56eI$V7 zM+cHEkfH^%Rl!7OoUpnMT8o)D?aQ;(J=d~ac2h{CU zjg--0I$=kyMI9St3sTpt$sF7FCc;mXAs!eVqh0PHNK6&sxB1aJENOIyG6Y*@+p?ut zU-EX$_alST~m{yC$68Nz?AKXD zr<<&OIp*x{rmhcUa|a`5x?q@Fj>eN8YWkqeiiHuhI9k>AzreWBKRILTjL!GD2_~m4 ztyv5VOR`0t@eq8-SdjabCBhK+Q93NUv3pO5lct8!t{Y3lU!(uDD{S71xjzNQOuxcl z%S^urvmoLeu_)26qIxNFMCKn}yK(3zTYIOP$VEne0`fMFejR7QBq+$RC|PAi%)2}y z%H+tOfnwev@cH6`3}c>9n6j0>DA4x$ap<)NYz&ZhU-((gVdk(hZNb|y0>m2&X(rY* z2Ti5b(8?GoqpXEQk6EyjdP~{=nLOXNd;8=Dxtr{f(Q1tJ7>T}Cc5m+SN3mOn+PYh0l`DDsN-JvW`?) zmVd&0A5Hb@PZxh}n%CFj<7w(oA3t&uS$wnYEk35%_VKh2T5L7;9^k&2?$VKc6C)lO zk$pO{BM7I7pOzO3(^nKb?7fkQE=wNUm{`}5F0=eu*7o4DHJed^716R_VZf5ydme(l zGg)&$fSBt#7OdGUO8qurAVpXJ&edwDB%NHfFAd?e>K^J4;Q zu3>U)ZFi|aEZ~UA(kA9P0MD{`uYj(@!XbLju(JQ-3$B>h=occm@A@g$S3SImySX1R z^6>ryt;b}GBl&SmeL@%U#>Z+V?aN@c=AqTF2UM|HIwfUm_QzZ5!}%mJKTdba4cr-e zEYjkp6YrW(@br-#Y_ip3&Glch4NeEyB@L7xt{7n_9ZX z#-Y)xa;8P(Ebm5J7qVHxEMpe7sO=)zBY_b#9{b@=k4n2#n)Q=hmue7<95#uGPCTAm&rNl(7JvUyYb<9uMkHE$kPSR!nQQFk20k+w9kZ*oufzdZXBynS0sHYWzj3sxhngPCmX$`6c1Tvv z*w$N?`;%vtnq?S@x!iNEtGqpa(teh+fBL&@hjyPk{xLBUe@w2MR|Ea{cytL+ zPXsG-#+LQO-@VtPEI>K?AueLF2X@n zSri$eUJMM>ywMzOk1@p9XY;1i*1l=wl4JijiJ0XGVEe)g}znW-XU(dI`w%8EpHC_}NX=;nH2CERnt)>O~j zbS?X&VZO)jS;*>6yk}OswT}JYBrNn8AR~kR83X0m|7~}~^oM93&E4g?(MHZu+q1D7 zR(oXTwg#O^CQ33-Fh7QsEe*(qS=dUaJtz7^BU<{zXu)J`oiRXt7B{(Wp{l1T)X2to zNJ80vPgzSu82KNi!?GK@_k=iUYAEfxu|!-khKhED&08_|r@)wDTR5Q9yiu7E$4O$P zr}wgB|2G{&axh2E99Cx5!D})C__4Q(B+p3D9HfXcp)eBWBVE;(11;TE-mK}rm2>R> zwiD@Yd(eW{E{{chk6H6~33JY_!T}R|G~cJnE`z&IQVbKjCzVNU1ReXoZ35EwNcU+t zFxm+#E>K1Zqs2bSchAIX>z1RpE22%q?G)LOW2eeKsas#{RoGWSsD1B)?seF&vGk*N z4ohz9>jSBA?Ekiok5$R?qHa~ueZjUry62?(qNi&6bv6bpnMjpo`6tZx(NwSgbn(}w zd3`NDo~Hiv@gvijWB<2RZ_!Ufgwp-B02duH5G)x?Us0@d^{qg3S#p}LX_iD|zU%eJ zipkO?s|xD^tHqjXQDPa8T2T9t?Y96OXJU?A%==(~u=JI$Cw0UmYt-7XNxLc2lOBt@ z{_+!1<0}B82T1y%#O!uIgiQWgk2w>$FBzDlE%w)}WB<4HyBG{Wa_;x^bL{`N9*~ax z-{$9O+njZz`cpE_g%Gh^Ao3IB9s9qrVu?hXUASc4#m!K9i@BNKZmu_R%X-KD@2;l^ zdZsI}7YgZ4)6GjC6%ZNoi}_v*^ipl*@c{gXdfFY@C6g_tWTo3w_xLg-3iLe?qq0|X zgn@O|t{1&(prwo|SY>uK^^a(FiZrP^FS?`m&z220W7>E}Mh2Bl{ZCvZ<{1;D;XN7e zv2x&EGVLeId$CVUSlw$4+$NEvyV)}My{e-lMI@Lp+$(?Y42*e3WAEHOa}c)(M^9bY zvxaVJ=@uJ@Mz6}57Ll{O8*N?4W(l*5S=gesi)4=kM$mZdhdVtg?NVvhPjX$VK`?UI zBqloX%)X#KWnF2EUSfyQM3*1m7@%D<4y>-m9}A`T*0U$QWB>PK2)JYacTYiNhnh{= zlSp6dtlkm!Rfy*MKPzebgxh=BW}574k%XzQyk3&(>Lnn57xhE(&ZF+LmqPO=?&h7H0@u$I`n= z2R<_x9qUGK-^c^7&NR4t_4eaqe%EbP4>diOEh~*C?U1aTv8}f(_b1OPHOnv*bGheS zS9yE&=mVE&NF_kt^hk;Y>5x5OVxraRQK}`P_W2W%)hOs<=O;PxGzpH^aO4OuoIx zA@*}QCA5D+&RNb^oO?9Clsg2R6Sxy--^d7)a%Y0F$ja9gE|K33Iup|r?hhzeaxZWv zAoT;@Fw3K437uR5KX6sN;k;*gFYuP~2tSc0=>%i?o<+HD{U+pO^7ish^GHmac(>^E zamLq~-&a4(trhX;_V7b_42>PZW)ABdTTjvgUNx_U_mHRIM`Ci83!*t0)_ zbBRB*b*9ts)(Ne{TcbE%@uN74oKhgw^X$0YX*+a~qcvDZu;-E-W5Yh2{kqcWg45}* z?|uEl*W16Y1RvX;zNR;vQd%=xF_N9WLJyJg+tf;Ag&dXhaDaWgeW&)-kDmB2FPi$< zd$jlHo_HU3T~xQ{w;vs)$8GPwtuKmmkKYqS3C%#Cqe9b>&Y640GUqLfa*g763%!Lx zu}~z%mH5zYzDMVOY=f*1iETRQ6G?y4);r&{riCU(#g8z8y=yOheI89q z5&JgnXRQzoJ!xhwSf=*cKhlLzHJU+Dg) z`Rw}4`fk+9M$L|2r0>n#j7HiDi3=@ zG=^?TBY9TFoM&~KQ$_~7q?hUFGwo&~0Xh>AJMFjDZ?e%t`&nB|Y8eS853gtsy3Uhk zTV~Jul4Iqpc`d25-{$@&QK0*s@dTVqTx{D<^H{cr?E?}oTBkAkmX;a2mQvPv*kYn> znvab3$@RzL+%f8W(mH}hY7h3U`Aso5dCK}{Y71S%P%YchTb@XCBZWwZir7}t=`-{Z z{H#Qyh}F+hgxHzH(sZU=qA6Ey%CTH*+G(s|<4kO6U4^4(yJoxAyQ(EImiJMJej!tS z1|yL4gefv~$=El|CK>o=q$#9qZmKC~Fy*RDIhKn}?-*-v{{pbE_gM20oJLuvOvrg4 z6Uo)`k@BfLoqRSgMn0P#D^HLM@ear!&zHyZisV)DL|z1^UfwFNbncW9{s(e}Td3Pe zaK*@D6e(&I&5An;ky5Mt!8t-1qkOM5UTIL~E6bJj%2wqArNTYb zUFSaAJ;6QQT_q@VuX1m6Z*_m*uJ8!;_-{WC{TO>}e1;3A(f3_CkN!W8+uCP!l9Ze= z&wgzN^Z9A!A{>@zu3>U!X(lJ+%!ZcSXH*FR&__E^^Ebf zEgL+`JzG5$UOKM?uR^azFWWNLd!%=)ceZz}_Z@GoI!0|#sF3c*Ot4nd6|T9c?L(llyF{R7Qcf&`Cyf^?4}O_OEHG}({h>jHFgQWFyp8;}rS2*?g745$cb za;Xcr6mTsdL9Pp^=aBc)*7diH^-*}2Es{5L;`t9SgR!$$zPy=RL~CW{P_ut%V}NC; z_q;$DES#-)7SGag!c?Kc&6~4VNM=h0M1eXv=1sg~^yVbUwSh!mzC0o@o=1R`rUsrB z#)97H?#)RwrZMvDz)sn0g*SW`$@3LaoLID>D6lrLIq(iNdUI|FMcQ)AmLjdQi1qOS zJ@=AXnx&BIzg8QgHE64}omzF!)S$$mqM+s=(V&Py@q_XQ)em|wNGI10_7g=6PIrqL zJV6vcID2qBzi99aBKWL$Aj9m9`uB|W+fDVSP4%oT>(rtz&Ank8K$t~IV#T_3snOD0O@N>)gANNOZkC66Tj(uvZ!(iPGj(i-Vi=_9GX zY@%$gEP_LNgbB9(AZ5n!Ss48?!=*-Zip}C=zp=KSAFGps` z#!%uD6B}#q23BJ4^t_)0Kr;(NTD>_nVZ<6kojGjju-svl!}Py5xFBON2rG1d!lK?y%DM>$2>Xn$)!)`K3Vx>)06j}RE=cj z*D)h!j$Ar2cVy+rrjhqXsz!|&HFMO`kxNJAj;b7G9#I3!?HYS&EN|SXaZRJ{jZ%#s zgLfp>FmrV5xWsYU;o-_W-J= z#ymCisijZlK2`Zt(^L1JQjHliX6BfsV{*q-j%gZmZ;Wc}n6Wd*E*+aYwsLI!)7*%r zvEH0}V^!nEjGH-b>A2i+mE)Sm-5aNRdd$-^pI-WO?$eb|H$8ptX;s9Sh?x;fBXT1u zBbp-aMW`ajM9z#{8krke8QBzhFH-f)m}h1_v-FwVXL6O5&on)A?-|wjG2>^BUpl^W zQ11B3@evU*5%Cd*i2R81i28`uhzAjh$k0e#f2VbV;%A{tUAZJ$&*=>qV^q#q`wOj1P+r=fm4cS8Jx z#t9J<(G68FY14x{$>0xJAWB5t#F!ldcyRg>8;aa ze^vjhslU$uwK^syrZDDCjBZBujMf=bf0O^4#@}dvoABG(--gaioLN6pJu80}_qmAY zs-C;^-0a`g{!TGFc6Rw}^_-YFg>yu|*Zscs_loBuo{xP#{rU3eo1f>t5c)#Q3yCij zzR>srckal!v2(NM*3P{%SNmeji-s4=Uu=C*@sjSPXQL8cN`Gm7RN+fiFEzfD5|t9w z`4TraA~qqmD7H0r>b%%_d!rKPWzQ>`S39qH-r1--^VBboeECMyji{+F$G)8Sva@c8 z?pfV@U5YOI<)W8sUv7T+&dYmsqF1!9M7(lVcS9HRiZeBYdX|cRWj8TYJyYFupG)VTTj6nzvYF)ll< zD6TdRZ&c$H3qlv@7R+9dupr`<^aX_rsut|kH!i51cUFHx-?<=)<2;%Bs`}NDuTFh6 z_SNiHYhUerRS_Q%9~++@Umo8a&s`Y0aQ4FVg;fhX7ph;I`dZ>^MXxo#CVD;M_4wEG zU$1}t!Rw)mW-m%#RJEvck$Ulv$pfA5`yxl?fAT#IV0vn1=SGr}S+Fm9?C})JrY@#+ z8RzYR%|7fbY(3|6U+QXw@Y?f_r4b1>|38ub@U^Ya@0o~@`eyn`o%Ojt z?TB3*>Q<{rT&z_JIoXSg7Dp)O+qFgOo)Ians@!#bw5o z#1WepaJ)t5qzi^Gn6_Zig3JXa3ob0UwLtpn@K=SLX~0E5taEs^giayz>aAC$@x$Y% z#V?A_j4z455PvIPx^VcyX$u!E%v@Nq@WR4d3#G3Oe{I@pi(b31{MK^mJHy|Z_RgYr zGT$kA=fXR;-jTjL{M~8qE_yffUG*EfH{#zYdH2G*x8BWuqw0;;H>B?kfA8_#eME6Y zZ))F+cyro&i{6WQGv>|iG{?W0{btpht#67F%p4;V@J=hikWhqYiu{D~g!+Wmga-+V zB^3doOJbHJE-7EqxkT}Yh(E;sA^i{Ke`x*#_m81}#BNxX^%et-Z!ysM76aV38Bo8? zz{s~5nEEyYv2Qbw_%;LCZ!=KzcG26lfM&oQfGAOvs0BnAAtsT5_(TQ_i45c?<|mdL zp+2!bvDF9<5*bh|S1b<&*#Ej|rkZ2gT~4>0f!WJvFHZoZ1Mn?(dExRZKqH{j2;6tL z@2CMfKs+EDPz7iOh~6bIl7`vuGB7nYAvHg>HnlTVkrt5_o0gtdp4ObkT@$({W=-On z!Zr14?yOO#>(b-Xv(u~6Thm1uBQs`a7&3}78Z#bdgsq*kHe+q|+M8?D>vZdC-;G~4 z^4-pNv)5IvOMkC*UHN;>?};);W+twfomse|euW{kC{w+%F;llPe&wBH_3G@^RjXT9 z8&Zl=8dDymFkU>!Oi$BhP0dPNlaNKMH)iB#)nZ> z-%Eclc0G4R=!%#Xi7V3At5;^PtXkQ+QnYI1D#NOxRgJ42tkN2$8p_uv81fCZhE9Vb zDIzI7sXVDUiJKgn9Fv@wT$o&+tXmzwT9h&}Wp)bjMVrdRqveUC`vpcgDIT1OrIq5m&In6oT zjiDQ3HYRQ?+*rTy&PMen-KO|W*_*01wQdsSj?As!Fgw?fTa??FJ5V`RPa*t?O=6|pS+$!3p10-%M-`2TJyL~nwdwc!%{G!GpQSqGvqHWFj zy5huQ*6!m<%ZodUwFl!5mLGg@PBWz$zKUYWJBbS05lSQb`xVI_%09X}HGqswlsWc6HtOm*4$vX-)nfX=dq zW#Yqi0Z|;y;jqJzhocX(@sq8ZeK>rTP&j>66ld`&!{Mw|MTbjQH6CtQ_2BUBRoe2Y z<*@)ViDd(d0JTPFE^jWsV+2u!s6uOmhzbT`Dj0~bV8BqpKz>DjMLD1z&+mVI-}Cw`#~}q9+uSw zh!3Mj4iDrFO+lIFaB{p%G?W-F7;YJ) zNyC$-B`r$IOe#sbkaR0anmjytTJoag%;b{f3(2>VrK^Xpp0@gyVbSW$)zgwnR$o|s zYqd0Gc*?YtMJbsn(v%Y51;8zUG<90a@YHFk!&4XGm!un*+y|DTb;y}HF0+{gL8dSLB|;*fXgq{l|m-(twu zWl~DOw+`}+B#P7ByYwgy`6gohMH)2vyGnO5KlM9%5(B(_F@75$?J$2Wx8EM}ZE9fO z6D;kR`xNnlRRY#A7`UDP#P>+$C z*prDTvriVCtUcL$QlwQVLOt%B6rIwZBI`sVP9+A$oa$ZX&Pi*Tgi~thjy>6m^(G>1 z@A3|t-S@};zSw4;%05NLlD&KX$4yhUs#?bYNV*hYS-#hL&#G)&KVj{JwUthlwk!JC zd(}Rr8B#WU5&qYo<5@$40f=dSt+#Stx@`wV!l)8RR- z@JP|A{KVQ*&4?3`$JO*GiC8>x_T-~DtURK61Z$XqW+3tmF!DHyp^dR0#Ub{IJmD~a zla8B?yfaB>cAcp^ zbL|Z8gP;$n59WQ4^uewV>OQ#k0k2kDi`8koqPW;vvKO=e^L%1$=ltwiokvk^Jv8(m zT5BKFD(dje>E3Y$0(>B*wcc)JA;m8kTK1}#9`@`}N8$Z1Bq2i;FAH{r>@KN?h z;=Px?2jtf7G9{m(0YN}plxVct80jDFf(*ApK3qVeH#0z;nPAI?yar;wDnVNqiUVDQP&vTXlN{KtZi&<ygpBX+Y{H*q~*3Y<~Yd_b09{aiB^TN+-KX3hf%sOt9wn^8N@L_C| zp=sv2rRxftYMWY{xRANro%Rde7odM(_@eNO+Amta z;9hB3r@eA-o$gBP6~mRnE45czuW*~S&AR5;W<#?ov#`0gxwVnXd)08Y@M`VV)~l*4?q9iW+BRKVY@4C2ux-rx z+P2mx}KZx8BfM*s0nuWY zl^dEi+}lw2_u9X={#}(lCVOV~(roTOv;f^dV*g?IN8vwe|B;*B`Va0c?JeD{%Iw%% zP1*Od4Yvw!)!u5o#l5Y)t;!jbGczYDPo;I!f$78T)MIL+uV(<-)jG*`&aD04F4+p z*Ua47f3^OL`)}>Pb^l(Po0}W^Z^OR}|6Tj<)_-#!ROV_Q=pMvAFg$3=y_Z|~p!PxQ z163aPq4wdlSI6Y(9>zX2Je-+V_^|e2>qG8$+V6DV#eTOm&+uL0ceUT;=Cyvu{a*XM z?)ydWROZEgZ}`6O`=-3w@9*Wce&6~%_XpKx?GL&iVt+9FQ20ab53N6p+01>UeWZI7 z`^fO9@X^f8wU3r=&fQ$Ox%CnEKidE3{uBEj!+#3@Q~RH$&Fne!V^Z@@_{W_iPvooU zHyF0h=GK;a-rs7!)>4D5_P&(O@{e~nfB&`pn7$*j>Hnpwqu5A0whSg%`H(F)BH(PxF2i^FMoBk5**#G~( zU{AVvzprEe|4;chdma1#2lls)2eQA>A@l#gSUdLrJO0kWjn_@k;lB*fMd@@pN~hON#$U;w zqWhWd=enu7Xx%S#ztm0BP1pTO_iG*g+`sNOy5H(%>SpPl)BR32TQ^7dd)@Q87j$!V zFX~>>#p>qiUe>*Wzp)>uTcCRt|M$Q`-D|qnb&GV1b#Lh2)FtSa=>DMlqi(5gneHv! z+qy)2j(JD-uI@eE3aV}wRkxd}+e_8$qv{S(b;qd>Q>hORQy=Z4KH5)xR8E~;OP$?F zoy(%mZJ^E_r2e#v`qOc$egjpXP1Wa6^_!^rT&g~ws^3c0Z=>qpr|Ju-`rTChUaEc{ zReyl0FQV#;srrLdeF;@xM%5pt>dUG63ab7HRezMKucYcvQ1w+*{YmP)fjXZ=olmCD zr&H%MsPk*7^XsVdnbi3W)cI`cd=7O!mpZ?lI{!X(zKUwdrW$gnhK*FiCaNKqYRID+ zHd75-sD^y1p@3@GN;Pbw8n#mnJE(^DsfL|YLm}0$n`+oYHSDDt_E8P{sfGhoLlMf$!);&$rO(^O*y)wquOVgvO>HuXgg^~FZ&i%rxQTd6O$ zQD1DQzSu>5ae(@wn7UF(UD;1vIY3=0qOPELkh*e+x>7=2DW$HIQCALASIVg?71Wg@ z)Rm*ul}hT$G3v^3>dFb~N)>gbnrb#s%}G>qGS$4AYEGe=Q>o@Os(B67jQ?{YgK93N zn#-u>a;mwCY6kO3s=0=0K0~#vqFR!vmeo{CD%FxkwXC69)=@2)R7)1sl1;U2p;`*5 zmOWIQz7kFbS9pTn$VCrUKJ|Yk=v%3?O7yuLEWRvw-V?8-Urs z9N;EkF0cSdbZ-al0PX}90(Sv-1NQ@qfCqtxfF;0EU>UFicue1#0>4sVKLz$uHUqZ+ z^MTNn3LjJ9V=8=0h3!<>PKE7M*h+<+G{~i)E)BA2@H1^A5IWKzp9Y`O-UpTgVe2T` zeKZe<`lImqDC&>y)wfoj)VCf>(O+AY1WX2Q0B!_s(qBs|(qBtO8Md#%_O(>d*MM(L z8W6NKplw1qZ>Rp+=C%53`=DoEs{UGKq5f~H48SDd8elpw1GpBr4wwnd0So zfSZ81z&zk){oj(HCutXOH*gPdFK{1lKkxvs2v`g}2rL1X0n33$fR(`Gz$)NL;A!9) z{oj(|S8_6NH82$j|B~TbGJH#hZ^`g28NMaMw`BN~41bch0Jj2n0N)4h1j4su_?8Uc zlHpr2d`pIJ$?z>1z9qxAWcZd0-;xgj;a@WROFj&QkI5B4_?Zmfl27UXmIK{6@HGeJ zjj*u^cDI%SQMUs=?}Th2>=mNCI}HfCd$s|q^?y46z9QH-2tN*?J%{r3e=9-EOSkL) zb{M{wqdiAq>lor%4Zi9V`oEn*d(NEFUq}C3U$q5TrN3@S)n8A_(_crMu49Z|M_*rG zvtNHbW2gT5Is@>i{(5G<{`&e{AkqzM_1Cix>aTAC=57ZT0+HXm83=t_D)rY3YV_B) zrs=QmgUtSY`s+odz+?LB#TEMNhmPp4mu2a%A0b!*JfXi{3Hv8j0b%b%GB6#O0fem+ znLyY*0X-)U03mY%dQL#!3CNy+%@e1AXY|*rAYTRED)?26c2uVT(Z1?+z)e83sd^6( z{!~}%ub+g?lc+lh+9}AM%GO^$4W1g%Yamwx`!(RLISD+Yzk#uRW7R?Z4MVm5MpC~1 z2FA;cPleu8@Z)^D zk(vw418xSwMk?e}!Jm2vSP6toS~_qYa2s$3a3>ITYoKdQGB6DY`8C^tu(t;Ot~sf{ zk)8^Ko%9MI^khI!##Z2N;1S?a{f)JdT?_hJ__7wd*TVi<=w4d|gr0S1+dAl32S3-r z#yYfr-3cJ{uS5GY4Zzhv@MS_zW;PIU$OK;|{LO?vnTLU}mkGU@r-6{mLJYEw>2Iuu z|LfNPGk|F0`uBnGZ#`nT9&uP-1}q0cegpj20NxE~(+2d#2DEnreAxhBv!O2=b=inH z&a)diyMVB@5jHk$(BH@ff9^&g+K~(WdGI+8ZO=o@^PndWw(?*j5B!@E*Uiwk89KJW zWvU8 zzji^-F7)j#*xJ1X2-)4Ry}J|$9lOE58-2A0_V>W{9>ir2eBJ|j%mp|0z^6SJTYC`K zy=cQ;w0ST5+l!d*McrQL-4DI{VdDV&JOJJz(2MrzZxkc`m^*G9f)9sk^fyWnmlF72 zg1S=pSc*O@MY#-pQU)DmkS&8>WzboMIG3T{4#TIzh~;7EJPg`l(8_lLQ7*^WDM!DR zL#7;UuRsirK<`n+xDq-mVXqQxtweq0DgBLOXzQ_R{f*=B^LQZ;I*vpBIQ%&d`Qzxn z%L)D#%nJzEzN`f{rTKuLgfLVpk16tI>ZaF%C~6ZYOhq8-cKY67e_* zxs%X$3UR|d!;Mp@I|ZAk;n!*8Ps4}PqzpT!;pb`S!<=xV2IH~@aj8Kc)S#}WM1SK9 z+H(f&I|KR|#Pv*-z75y6wpH8oZH7vHTap2|N#B;72HXNH)VJaOqb+4MkfiH?S-_pZ z1Hfv1TPn)97PnyzXiF^vR_NPszPI7p-j;Su--h$OZ4G4CfM?BCU@7n@5OwKmfg6F_ z^=%osz;b;X&g-_d>w%!Jg)eJQ0c-Sa>)_M6)B3hd=*a|cChTXP)VF0N1L03rk-lv` z{9K;`gfAP=rVYFFZP{pFHtMpE1ED9U00?^wBbM8tZ##V1ju>u7`*y(Q4)DEy1c-R=M1JS{z+!z{ zA=et0{#-T zrv&^Z=(CdJK(w_KHcHV~rLbEHyQT1@4E34}};^x&LoJB<9{qxv>n%iGHL>)R^O zwu&?Qwj&rTN5FdoF**XK;SB==>+Sqmy{d5w%ClT+H(0vO2oPs|%KiW>AJ*UBc2Jt_0 z5LlycU$qsu16ZYRH)H@00uKX^15fMQalLHE{aQQjz1owJ$31g9u9NL4>A+Hbd+IiQ zJML%O(>CbaF`nBop4-7~`Ys@BXRHF|0uKSp z^zCa=#yD?Z2R*pnv}ac9+p|^!A)f`?S!;oNfff4p_3$6pl=cmvV|=$~gC`q)VT`wD zm+RYe;BOAOjQMYlQzI_v9Hi5S3ec&D-{N9ANZ-UNEM}UaICiuMxamt0i zxv-au`aIaq%h9)E%(rhrTefTmLPvfQ5H|DC-h9Na0P!h6o43Lyt~KpjcLVnWLC4r{ z-(~>9cU*Vcx1+t=!G~*4`wsBD5B~R|A7i||5b-TUEO)H~X6xH`gKszTyW!iOVjyC( z2eH}%KXDyt-;1{Hgad*RDI*xZ*1gwB2If$(MD2_R(mLocp5?fYTt z0Af@GpNc>$0$&mQErOk5$QL7~2jS;I$R0%B;k;=t1y33H%MjBt*gp(?xSq6^!~b&l zS%G*}fOZ7w5%_fku{eTu;yh@_y=41Q$R35yN73e^=>JN@vJx?<1m7{}IR@F|=-1=$ z;{@t(ui1VA{eyeQ_A2!6Da8B~cupfer_q0>;n!*STZ6h9w4nxL3-f+^4f^FwwY~$- zJRPf2fa`!cz$5w&+*5ZLb^^C`0^AKe04xTg zJ`H-(PU$<=K>wQ6K0f&d3IC2bKe&BjdEb zW9?qxK7GeJ(AUAvx?}o|O!%6)5r}dY>}7#(J^aIcR|oF9I@WIk?gzpK?zcKNpgtS* z*_-tp8)17RXd9t_BYfPHr|-z!qwm<92}DeAkJPaR`nN#u7PLDb^!yD#=*)*sjO~v6 zgZd84=N$#eZ{4Nu*p>xE`?rI>9c|eG9Xp`w{X%`mPQ(E7atH34Itt-iA!1tyzjr4A z*8}0x?j1nz?nW$jLv9c3?S=`U#0KdkgM;^J+AM}TLoMTECHgtWgDs^+cgADbL2;^r6}wAw6ANpP+ejVl$1)<}LKu(R5u%kI`5>M&tGv?LRsvpLmSM=P`<>>(>*H zQ=c9uJ)NUZ&^7Fd$EnuGsqZvbPCP+zPtd-3f@(TK@khw-23O+^zynbO)o#R zyXoZ}2b*5rxw^URE!;q`W*uM?!P;d6nZpF$LV}H7Ajs|@*txN}y#Ag?2p-51Jh+Wu zONwAehG0L1tv?9s!OhL(4IS-(hY6PNA$V{N!FtNKVf|8q9m@%JlVPJv;>M+Uf)(Vv zapgS#s%7KdlwjlCYYA5EBzS-t-?(85!L}6y+o`^ddmks*PxWnlY!$&1*gCSZx%|iy za(-mlE`pWY2{KgVBkK+jcvQwCxkm~1QqLbbvK~Ng|?R5$Er3sF7G?zCoCcn)o8m7%l785L^e4Cda zA-D&IHB{f`dtvU#<9r6#xT$TgR@wbRgTTS$J}QrKEbW4di6<=d8VopaB1&b`X%+t+Eh z*lFnN^t;&UN7&%>>*w@qbo%vo`VDaUUF!6^%;`7K={Lyfce&GevD4VsX>4#B`#Ft` zPGf(kae&i!snd9w(>Ty+9ON`!?)1Od>EGAs-{AD`=k#xM`uBJG4{-Wl>h!RjiltDLLHIL@t3Q?t|jF{k-Pr}-{t zh~o^o(`g;)w2pOJZ+2Sma)u6dhJMT$I>s3~))_k9xyEs>xyHF>xHIfy&ahjY;f^!B z$r;}43?JnTAL|Ss=Un?S=h|DGYiBwmTb+@koRJfpQFEN@o1N>2JJ(jccx$MOdsn^ALmT}v@`u?XZkc}`gCXd9B0PW&Wyp%jIqv)an6ieoEg)d8FQSO zW1U%7JF^BmvuIx2azPefrU-kv{$DGk`vq z(&sYz45ZH>`dr?(sge9X{NXE`uDtTfrly&Fn+9J!zG+D7T}?wqPG}lBbZFDC(alZ6 zzI3o@IO&FyZurw%n?{ZtPM@(&BS*J1jcys%G@5K<$#*<`CR{R+K69ETeEmq%rzgyA zns~`f`pj*bIAL1T#OaOn>EASocoOmC**7=cbkh|2Ol!KC>}`~P%9JThQz_q6+MY^& zQ^{{CwK;9(%}vv&j_FgTHBBe|bka|sIjw2-gh@@eQ_MX2d@0vNpTSLEe|$#M(~nZ~YL+lT+Kg0nL2S6ME@luGFLcA2>We_iecp1cj5C=jW z2yqa^K@bN)yd2`?5HE*F<36-`Lf`3qo2SwcH_yTrjmMPc?`-<+g68k+|IQ}BcEC=+ zqs`wrLhxMrxpmFOEywpa7qi73fSrI{fIWb{1jiQvIsl6SO8`roi`x*f4H4TAu?-R1 z5U~vr+Yqr05!(>44H4TBu^oQf;kO-r+u^qze%s-<9ez8IbO)?EpxXi6PQ>nnZYOj* zq1y%BE;#RkVHXU$VAu!4J{b0)w0&rDA6)jKp?&b%2fzLB+Yi6}@Y@f+{qWllzy0vr z55EI&IRKXfa5(^%1F#-|^-*Mb6fTd#(8gU}s>E)Ve#Vh@=u z7!JX37`nsI9fs~O>5k7Q9l=h(E&{R=ECG;p0SpVETL9ex=-P{002I~^YdgZ)k1qs} zUpxHT;kOWe3*omAehcBZ5H1U83<$_?A^aA>ZxQ?!!EX`#7Qt^3To%El1J({$J7Ddg zfgspR0KX2}(*%^X0}&mFSd56pur7vfF?1=Kj>nh6uoS75BGpo)T8dOl;k*>7mLkELEyTFfjc)7 z(g6-!mokVJ>7gLd+Xl=b8$GfDE;$5z5UtaL5a1@%_LEI$mu}Au?gQ>!58Q_lpxdJh zTN-E$>)+C^ff@s@OA*p~($Wv>8W0++Y%Tq;v;m>P;?~j+s~e%&#?sc(56fChKdftn zW*duIOFt}VE&Z^f5t?l*XD$7(l(qE3T1IHLsh-9btgKWO;Q)h|8obQlK!bw}Uf$AZ zDsMD3H=3FoO|^}t+D21nqp7pe)Y)k2Y&3N?nmQXzg^i}RMpIRzsi)D@0KBxNziFkv z$=}~p1tdM;pq2q<`%=QoT7ZLE1{%Ej#njsAEn^K%C!8}FJ?hsmn7)x-JN4$lM%OqP zi|+BIAX>Tx7im>JzKCfFlTp(02ZY?2a3C(|xN$Kis*b1;@wNFYe; zNo17lLe0QN%|HnviB?nOB!ZHbRWw8kD@&$zT3n5ibCQGtX>~<7t*ulB$R8&C`}6sIVTZ3X{gWw zXqO?xk;FEPF5Fp(PLo7uIzz0)kfR_Ft+_}>1RIE22N|2mLMt*WO|lM(gA0e#+Kbdg z2&YvSakTCl5+!>sJ-(*6g=|C=0HS6=)CbTWroDztvg2!xcd)dWDaAysQvkQH=6QB` zo?V`2m*>;Q<@vRPgF`EV{NBOA;qAfU`zOt)Z3n&R?xp{T4$yytUrcSM|A=hR{VVmW?6wgOls&2PdsKvAwWp{e{?Apd0PF zu}C*MbYrn@EYXc+y0QEZHg=hWD^+v1ZlrZ%m2Rvy8&XzdYjF!*RnUbZHWt$V7q=Go z&~;Vn_(IxvemS(QIHqw7wh}C)-M+Y$=XP;->+uvh(;+dG$DEM1Fzoc-P#$?g+QQ(| ze?w^;=+sLiVYUu0m#rTydq}r-sg=G*6y1;4-ltpZcE}c;X>{vBwl3H}ziy!)!3?Dz z@X#)!pWo2dX8Pq03A9B!j`s2)-XcGbwzeDBZM3xqvBpY)+iBmE?y;^cypeI@L%(q&9*h@ff4 z)yozlzF_iEk7x^R+|655_HNpuUP=V@k~)uw-CWDCuKht9!@70^Z45K6)Wfy(ne)H%eM z!8CP{@UT`yJ#Amlc}+R!7P`p-g_ISMwoFh9mGPjon(sKjiEAo zoMh@5%_^Sflpphh`h1Xn6Gj^(uh*T4wTxuy2n{NYA?ECLUFFjnvgw76?H7*H{YW!F z_J>hXk!Y8Kup3qN2Lnc`|7SPDw$G@j!3B>Y5H;=`WjbVbENO9UrbxBg^kD<-DjsiA zae?jV$pY%hc2Z&8HQ_uSP|=tm1&&&jwr>Job;NZIi|axa*Y)X)V9VlQ^N}8gx7qO*4%s-a1sy~PFs%OBfLggz#_GancyJ}}OEV4U{A zIO~CN(gWk1C%g-cQy&;7JTT68V4Uv2INO17vg<*sq8trp4l|**m#Iw&!N+r5ZiQg0e}om2y4bxGjEY!^U*C^ z33g(OB3jU73&L8^WXsVG07bMMO#!I!7R0uo@fI}Rf_7Vwpyg=p&}oC=JOl}bpxq&; zc?hx$VFSeuL6fbpwnEp6%&kb;io#pjy6ezsLs836q#6q6p(to5@(o44p@if`%f?P*gP(1$_*$*C5L^@Vf@qYtY6u=jMH$z^a4o{FWh=#Ai`Z)sI|9xl;5-7AjzEzkjxGaG#0XS60+o)0%Sfaeg{@J% zMJ}V@G72uEP}L|Ty&nCz9xm4(-3*Zoqalt)($OemGz_EJK(&lU*cj9@2Iz~u&Zp;~T0*p2YJ5q>wqip7V(7^oi;kc$2lSO8_2 zfGiWxj|uRbfa)ip`UyA|CZO<7Bg?0e;L{k0iHMzu^b=v2h_Ff6n#5b=Hwi;G3H_af zh{n5=_Q`-2~^Gk>F;udoyaj8Ch;- z1I6BqCfi_bgRTvk+mN&kg}1Slj)gW9GzA4sLB1)7n1ZUNAn6n&oq~d7B&BakM7sELheVdChy&c`Z9o9RL^bRDw14-{dEq9=nJCO7a zxXgoY9&~rY`A#_B3FkYJqb->h!N3q+F+eeKqjuRa6*|tc2uA*a1AY z==-NXz1CRQ8tZ*#`##<_*87d-exteH#NKaW@2BpZ{`AAf`mnLCKe~oAn~Y|Y(QGpQ zn~eV^z0BYWgQj=i z+)oF~>EAp6eAe{nS+n1t&BEu|tw3}62&6G5TzlwrdLTjDc;s~K^ylXrTy1bI;Tx_# zx`3v&q4`YhOiMr=Y@>P3lCgChHMYe^7ebk0TFNdPk1l|chV|(;G#%XnWec|e5{a@v zqAV>(7or7_v6=7|ilgwMl$w;oC>b?0g0p}~38E|@$}-|;J1c2CSxSLSYLE#q<&NNT zM;v_+&4P^WK~DA{CwuVd#=~SYwTw8LMb1%N#P#%Vq%VH@4c8xC&a@FUhFc#)4NA*<8dN-W_vzcg!Ir?T)$J z`dn&=nw?86(Cz?HY7mtKqTMlfe!Vy}|o;E}-B+;_}h8LbZVw6Ns zK6wO6`U^a|p&(k#w8qe4RxW1cVpgWwjV+a8TE?`IX%o}qhL*7Bl0__Wz>*a#t!H|K ziQ|^+WoaMNqf7^x4l_N*BrQB)q@@d(xV@zvEG=eQ#l(GBx`CxE(^jVKOx*fXZhh%~ zRvsWagHCbx99#4Q@EXHwkKRLrcm|#BXjwPBM&va{zEAw`6aV|g9}ItD8g?+pfmy%C z=pPn;F!T?L9~kl`k-;LHxUJIeR%v$+E#s(r4=vlw+>bqKr_&eo2c$hP@*R-;V8{n0 z&q2v^P}(^tc@9dRLuSIB@iZ85#HOx8k{`@^?*Aca2h4iz|C8bmhW<(M1CvZAUmO_B zBBLGBoBd*#^`;$?%{Uuoy=mu}CEPD!Gd{#-e2C3{rW3mvpWu;f@W|tTe@5^~PIw>l zo{nJ8y-Ut8_vcIBe#T4l@s#*X;$^}sgzpw!C47%C9(%$6K4E%nW@J3Sg#IC6dTME8 zdY)mJ9-@t2})McKs z3maL+5swj#OixWsUScE5c=972ikG_EbK-~RiO478)o$wRiQ^tK^J~#im=I6FPw_r^3bK8t&FDj=?_hp|1 z-g6AN#^BmR&BfgD+-IAMdw|DX_zKbSf}3-w>S$NTRvOWRx_6A<-0MGD@0!BpqLVeAVqlE0|U?-OZF{ zT6H}4xt15VKSb98gXP>dnD!UWaf6?uk$7(YDCPxY2UF$90Y(xqvJ4I$S&MT9@x8+L z39l1gFT6o`yYO!2&Fh2Bh~KFBO)YdhVu9c!mMwnObBV5J)~0J)4n7P|WaJh+FzxMa7s)1B3!_Uq}8C0Gt1k?yFD z5m49|M2tZM-2)vXpn~XD2S5h8%>hsZ-P>$!r<<5#1Qa$II=XM!+D>;Z$J*(hrCK$gV5s&laLnNg}Ayj2o0_zf$+qc z1!(lf6W5Ci=?H_Kt_cb03eX^J zs16g=VWK)rRELS`pr~fE1ox+xuH1j->4XoQc{=@)XixCO-VGP<#{SK`LCezxu^ut~ zU;X`6Yn}T0tLpEss=vRg{{E`^`>X2jud2Vls{a0}1@-q=)!$!Le}7f|{Z;k%SJmHN zReyg~{ry$-_gB^5UsZp9RXe@EsGZ)ERDXX}{ry$-_gB^5UsZp9RsH={_4ilR-(OXK ze-*tzeBCud2Vl3NN*) zzrU*f{wjX`RsH={{1&XA)ZbsV*}O2R{{AX@>kR%>$-Gvk{{AZZJ+FB&RQ>%`i|X&M zs=vRAe%)Swe^vecRrU8*)!$!r+JyT1tLR--_4ilR-(OXKe--_SB;LPOe}7f|{Z;gL zpytI@_4ilNU%;9-R?&da-(T0?UsZp9RsH={=CA$h@2|pptmwTo^u8l(M z_UDQ03a5m<4|ATha7H+2UHlUwyTZP3?0oifg?-`J`z2o36^`kCSNQ|tC){OM`2w*EyTUQqZwVRC zg!J3hdbKXe<7-?WsrN$3tFo{!98+`1+!c zUBiC9yo|w#s zgs`jY*&vA%c7=W6*yUmuc7=W6*oVa~>uq%33WM5gvAtv)YF`VOEVPEB;(vEOU=Yh7@DsjTTa7_FY!pYnDy2Sr&_&P^l z59%(wi?5I5`ls_fEUUd}$$=%8EIHUe&g6@Y=PS3&2F|xw@~a#S=enNUG}`$0k_H1e z-2Tk%VSDxf%V&!JXJ26X?IQPhgynw}xtApu*KmEmeJ?xAp2YI+-^%i<4P#6_XG^@d zg6oNo+;8+M_p#&#kzX1$*7yyO_#eHG^SxVSKg0R-db9UVtG~lJzQ6dt>GRy5H;bHY zVEGLqCttqZv?pRLaVRVYKe{z+KODAupAFZe{YzT?YqR88DlZMkyOum{9{1 z{=;W*f8HeaTi(O|eMSE8uXy|}5_$Y)j?YW`zj~45b^m|z-&uZ#`0uvnPmk}i{VcKH z^$~8bpU8X1b9*v9V!eOK{_hm~d#(9#>opv&`zzQu$&7bT@lVM787bG%D$lZHSLEOz z$KNCaqW(#-$G<+yw~h|V=@nPyp`4N zjpg{$MWL+r*t-sx_7kE|uG!wk@gpTbS>uDB@VXl-F~^0~?oBvs+SmE2toHbwT)*m- z)t-#72VdiMPm=&;jUO-LqwA%z+RN8+`x>XL_DY1km+T)McV&%_%l?0hD3sNnmwBb@ zgRHpu0LRsy7BJA#OIRD>CfU?H7MT~E9EypJ$Kw0B^ zMvULPWc>AbQ`UHIF3+!j5QVbZgGadiH;O`8?QVoU9$}Atn)B;^SJwRT2)h?yPe#}S z+5g(EvbOI>*xiWyi3qzFkw3Zk_2*9@&$0A;udMaQQ?DN%pT%~KQ`Y!oggv;6>=w1w7hyj;V*P9uyN;W(j^7J% zAEVEymDT=YguM`Pe)FV#J#LjXf6r08fAzentoHb=Y}fOqvf9sy=>Gt*>v>;U<69%f z=cS1LH$>!jui)!a?YFYFulG?Z+w8y0{cjh8vif=5%pdzD=U*oYl{LTL&HV09IsXbt zsI2*eZszxY&H2|$LS@bW-#3gl*Qa`2?Z1!jztrx=`1*IZD3sM6{|@J$CJJS>`)}d+ z?~6iN?e0g|K2a3PYELZT_3xviP*%JDk%OlGe~=qGAVM+H-RKs@Iju zY7dfJpPo0B)$T{sm%NDU)8j_DE50Aww~0bo?FqSm(7Kh?o|Ny&v~Fd!dmrHZZDY%ACiGpuGOBD{nuLpl)K_ra(#N=qOA7VKXLzc zeNt9?{P$enPh?^!*J}5Ba(sgXC~JJ;v)ul>NJ+_q>NS$~D`seEsuZ;wiqr zm+2eYx2BD^a{WJ)29>+okFduh+8-I!{@c0zSENDZuJ$ABiHP=-QSHBh+dm==DtEOX zVNXW1KP#&JcX0c!N`uN>?MK+pm+K>4x0E%0P{j4qXtC?MpsexU7kU1EP87;&&&u_w z-ghahy%=%*8ehfvuaW>|jraGneS#>I)$Z+jeS3Vx>*sg>h3(oeWz8R7`}*;ImhGRE z0A-C&+{yO1D3sM+iWr~sBKB|35xoBCc}-dK2h+HH{eD4N?J0SFRBe5j7hz9F*xd+w z>}6h`blxg!eSXCG>jM$v(@X5t`gdl8-Iwc|UQ&><))$lOYt<{Oz5EegpH;7{_IO19 zW1r&vr^l7D#`li6zndie)8krM*skNI++~l* zACJiIMqGb;5%xqxem^2U9?`#2#Q2vZ_HQgAe>oz5^3y#3_4`|89slGVY}fC-l+_;G z&in6!qEJ?QaxUBZh(fu`zJT*zCJJS>$40PS=Y_J`TV;IozC~H>-ksdO_DfmqiPQP| zN54N+R=X?vU)N1#wI|-k@e4(vtae|n-##S@Wwj^o=6L!?Rn7mD)gFHX-+z5u?8<77 zZRGK}QWVN+Pwe9U>$TUc*ZWFkjW0&DpNP0V`k=(?x~#1E`$pJXBk~W5u&J!m0y0B zr1MT$?cN|he#eVKxywG8?fP6xS?xhPAD?>NtgQB=T%YNFQC55KA;iH%U)2s zv{yNw>rpO?ToTrPC@1@{f17Zizh{u=Y;pZvy0FGcIkA+)WrbC*ernH&U5{7oPuhy_ zny->b?HZrBa&G9Ei2Zx1b1&lY)BTZ==VMye6VI|;&&z#2$ogo@{)l#P^c;qSby>{UwR-Bk^S`KC1rMrCfL7 z6ytkI{78w9HE=#%AEN5-Bk^q#-&^9#{Wwpri1lZX#LtuXJ`!J%_;^HotHh@yevnmv z)c7SO-aEzkSrVU<_*Sd^sPRild_m%qR(w?bp2P>I7@w2)vc%7_+K;NgQ{sDli1&9| z;%nXiMTze%@fnG)b^n(nzK_Ibt@@+JFLs$6Kc^VqOX5dLeBNq5YW(_0e4E5~TJcf! zCnVlI#rTmDpO*N*YCo#}Hi^$le8q~7s^67({}kiX65lEDJ!Rdfb^Xdpd`aTtR(w?b zzQo7+@;o}(_)dxMCGibb`%&XxmiShQA8*A+)gK$kb+<|UJS#q`eT`2_{H&9V?=9`S z5}&r>qv~&v_{=HBCnP>A@t)OwRR70Iyf5*2D?Y0JSrT77#dufZOA=qO+K;MVkCSSg zll;}}QTl8*<6|G@`5DztHG9KHBI0`=HqW2j3z_`^%=-7s?lmG;Yrww$l;=M&;od4& ziBEo$^XvC2%2nL|SUqO8slSi>{aUb?Wp(sYVOjOc_VcZta=+GFxL3seo8~F%b(&m< z_qMKM6A^hli7&`~tR3GcB0eYaMTzfewLd5#J}>cs#8>2a(*89>#1|yKe2VSI;>Sm{ukpPlzTqU}b^ID6zSWA4 z8oz{$zbo;s6`zf$zo*2vR*6qX#P^o?@e)7FYTt{9k4t<~;*(ZF zJTLbVBdzPeLPYxsiFd2S=OW@qN_<-46IT0vMErP(&q#cO6`zlYZ#iO)%V)@r{kB7UC4=OsR4#U~@;Qxab|#rBI5-&@8% zu-Z>YwC_oLAnn`n^CIGN5?_}1POJS?M0{T2D-!Qp@oq$XLE?K#|4+94-ZFp3OMFjj z{-+}5e<1D0tHjTWh%ZZggTziU#)cLm}@q;AZv*M%9zdiLi$SJlzUg9$nU$WYd zntySLPgaSKntu%vKTG0^R{K%&Z;-^#llX!aA2t74B|deE?PnyuDDl0l=MYizFDda} zmH4RnH%sDk5+AeLkD7n;Bt9?kWo!JR=3h$U3#ZtAQQ~{cedi#n{;2uqNqivf+woEJ zFDLP3iSJ{zA2t8-5?_({-d23n{3}R&PwD^3w%=2pGtH8C*J^)c#Pw4k?f0n?Kd8p| zxWu-)hAtBHGvZ28mCcWPC;1A1U!kE50?NeT`2@{K%7x*ZntM;_dN^ z+JCLG|8o+bwc3xmf9fUi^Qy#0-9N=8J|*!PtNp0^r#=#&miUwvA9epUNaDRyY(FLO zWr^>!+K;+_8Y%JlD)CYGPf3X{NW5>gA9erKCh?sTpR?kl?w{sKd~k~G-}sSJ`yJMb zZ*rXezVau(XIcLac;;7Fw*RhL@BjPA@2B-Su5uswyD62GHBLEsWWTv?*S{-PPCUbU z{hg(<{@zjJ^>AmufKm(R=aYw_(3(+?*-hBzW+|yyO@8M{4QxoS=&`k+{p3z z`#)v1M{%|Klag1*OWDrXD*aTuvh7z*9$#hukFRn3l2ziXwP)+A_1~?r|83puf2_*< zwd<@VSF7KfU)#J$$lsUf{8p~ko~^Ieeo*7_)7H)XH?N!HKdYPVC(q`;kGNSDC}sCU ztba)cOxgaOY^s~}R~!FKjmJ;5c(2C!UoGCRF+LDKUAL6&c~(tM{+Z@)w$||*!t3-X zDNs4~z-#O6{qO#n>JMr>{;Tc3~LE8F`weh0Us zfA^$pw^L27R)4<6{TKUqZR_O8w(lR~yn5ZCZ0D&~f1$?utHpaY?!RjBaTymqpDWi| zf3chOmuiiFBhRzA6sBy~Sxt^FsBJ%0i?2wXIzGxljpHAC8`s}Q8c>ey=DKvfP`2x+ zw*Puw&+&TQtXyln`#X-;>uF^>KK3g6y+;hn@hPm=>j`B$-v4u5|Lo%Sb=;Kg_Tx{p zpZ#VJ*B?QR?f0oN zf2y@->%A)N+kVyLYWpv!as8%B=YrRoi zZTy37uAf1z>tB`g*Pw1*|Fm{9-mP)|RU5zY-E6(4xCN7o1CsClFIYW??W z9KYZg&-49~P}%)1>nDp|S=&{v)_(jJJ}&flQPw!+YVir57iHaFQ5?ULj}u26mAyr*zgqOl_IaSSo9&P9W_(*Wh@riEsKVM_}-rw^)f4>ZjvVQ^V z^><9l_B<#^J9^wH+v8kK_PV+LBxRiRxKyszo~Yg z-5Tew|201T^xth%_G*l;*1lKc^}Ao?__yatH96be`8$vMug^!6gBt7ad6L&Jc0b}( z+PD3x$%$^x|7!cs@8oH|I~a`Ugo~ zJzpr>{ZF3c{ISpDiQn__qwgP8c8Bu$>x0su@*l;^IO};s*{-vye1O~6@7zgF39M`io?iG7&IS^r%l<=9-->%Rx6 zta+4ERpw7p=A|C*${ME}$Z?|g7s_h4S$|)o`s7Kj-}d_8R~i3Ijq7is%KX#%qBwpJ z??3IAaOCGUfG_1$twN#e#zsa=Tl`n zK7I+ebE&kWoJ_F(eWF*k=V4OT3H^PVvRmWvpRY3i3pI{k>>=)_u8Yc*8smd`9IxkR zW$E@Gkv)G3-9G>DI8T+9l!Gec_ebMjrT^X@?w6j=lBwP))~-Hh+-=Kd>oGrp(%`#L(Wl;5;#>v_A2WnO5#%J%UeJD2OcNa|FM?d80B+$-z-k&a7{ zw5-Hdln^7yg)U+wxKS>xZo zJ!1X)4aK3O&EK=?d92unW!>*@x-cx;tQMaUt zz0Kz>&8L5-t+M9V{h;|XHRgYxl|RnS#WcT;kIrY!Uu*quwDQ~aYkpl$LCEE`MX=c{(DwB-ZA-~&d9>x&L4g5qWSFotNFEinm<$H{MY*}t@}@%|E)e(rq>mkU$3L=`Pn9Q*IK`> z)7A3Z<8!k4b=|VZU&q_dKkp>#KU2o1T7G+cPB#DFMdY`S-;>RsJ<1~yXX-*dp0s`) z$1VriNJh-ltr7XPeqEnWHvc6)N9g!#ydJMn^^cFJ|DuTeQT0dV*LtgsuiF1qeBC*G zJ*4NWWA6#e&sx`eUl`2xYWwH-LAG~2_bj)W>ocvl+VyEd{@p)4?<)td++yMzzRdsb z_hm0}{W@qQpMIJ1zf}jM@08H^ z#M}7&<$Am+S8G@6A1V1`PlfX*28Qz|rkq;-q~t&PLC&x9bGtP^?E8oOdF-#ppMC#u zxi$aVUSR*O{rkyq{mJiE*}wAdL+buk*6|6X{*Gt(exZ-fpPAwO)yCP2$lvQJu4|sv zAKlIWQ+(b)9zVUG`t)UC`FiVq?*5zDuJ=oCyOCu*pRc<#9RJb{VY}V0o2>qyZ^^SQ zdA=pjwB#49_2`q9-EQBObzQUdCo2~c{65x`jZ^<#@?1doi*okb{pR@B<4JksNY?9q zP|j8H*LH#*-5y#`{7>E%l4Cy!+v6*&f6u`34=lU4GVGuDL^yxbuST2p^nQKfKk@PQ zUMbL)n=SiWr?Y=t{B8MX)57*|S+b5pqizWI(FH-|_vwNp@;TOns5j`25c_G?4SNr3 zV)f7m3gX{G7jBW2u6UH||9~h)o-@{rmp+d?r$5ULVsH5j`=2ZF#UEt5-bYNjlI4D4 zf6o&3KTqUWQepYgEc*`@yG@z%dH?C~Y)rDO^Y8NOS=RIaZKK2TJ!8VMo&WLov0d}q z_8o0(*Y#-8)Ud4nD;infwVQtU=F!-N?Vn)1)*Bl?q=H>{`f%23-LYB!vUeHjKV$oQ z`G&!?Z+|z;@=sj$lPBV_*c{tGmRUFM=Z!rEUBUi(TvO`T{9j@$pMO2!*f^Gx!tMx` z1L4F-@fVI=C;q~|aC{W&UEx4DalOO~$3{!MurC}RBk{t4u-%E_L&D?o-gcICx<7X( z%X&C`d=1O`cL>i-Vp;d^$H%j*`)jn7f1+g%toRqL_TIaN^Xc`QU4P6vfBc(uemTdo zKV{j^wd`kD@@ba*H7kCiWxv9b`&)9S6+guqpLbj1^Mds}c9?a2X4n6e^}N@&q;=K6P%0ouX5&c9{;p( zgK!_=gm9a1N_dd4XYo9dXI0@=(YwOqg-6!Nc6?Iev_Cfc*Yoww+4Ao{B}cOy7dbBW z^F?;wGcPoc{d?wy6Nr?XD80+;p-5}AQ`)$sn&jlMqe}mO-S=ybs zkp1=i5f}eaPq1F^lY5H(v9GXR-%C@HJiq^HSRWJrm)5dg&p*9IKg+r=?IZf7d)Qx} zU(6GI%L&%&_u+Zbf85ghqTgnXTTb-$_+&-DGZ$`mmgw#A$%x(_pOonB@o5viJwC4J z?eR&A{#9$gc%rxG)1O<8NBw(qb^&r7sOm|&Ve{!zf39=Xn7;nNM{JiriEQ0>{7G{D zf086&T7C7^S3mzJZQhk^%DI*0cfU>pyRYTrM6WkSTlW(meJ|Vf_H4)bEbINo^1dwV zeZwkCzSokA9|*@Ew(dJ_X=1xxAI-Al+b#L;tox%YtoxECOMbw*ADTOd+tcq!es@v0 zKWS?`8m#`GWqsfMDQmpeTkw0VN%KHA}@%d}rfA;>o(>h=F zv+hq;{(}3f&x3wvT_60agYA0$AKy8nE5 zIotJd&NG`?*89beTlGx0j=$&cV}G6BBi6I5zqfdGF3Y-qziu5r*F6x9zo*QyURP|j zRD) zs_Z{+)_${J^*TgZFBg4}?fRTdS&xJG`q#GWIJ;HsdL0y0v1=WP4X>SF*IBQMU9Zbx z8(%wKp93YU*tMU26}zshzWh#BWo3Qt=%u)Qtw&kUGx0~+u5rqGUT~|}-)OD>tydp0 z`|#@0jRc{s`-JJbQ}X|7~JccYmJsIzAVR z{ukEyvO)BhJ;nZd9WX%j%RScX`F4=#e?2AK?l94R#u~RPL_hmTIDbO)=MQ4N?w1c* za)TvbX31ArvSZ1umVB)xkGA9o&gOdbxL;$*H(LIyE&IKeoV5IJvgB!&Jlm4zS@P#B zd7&jQwdAxV-)qV1EO~<^XDxY`CGWT7!ea{J~90Gitv1Rk9Gg_+xN3wkAq)* zgJpd_^+oG?@7>n**-PWtU)P6$r-h%ZJ#}Tc{ZZES=;>c(yB;Uotm9+nKeJtryQ?gD z+3jrC$Z?=QaI$+EWhrlVo`J}Z8QB`0s-=dTU&eAge(@&J(&A7^=x$gvw) zzCvVAUGzU4~;Q;eeZ$lZ`#NHdLO6PSr4payOWKb zzgXh@x~{1HB5Qxm7yqkfbN+KBulgse=o_u^)H<_O#=*1puQVH*Z{=5gaR}FQj?^<> z_;Z$C+ns3jOZ8W7i#Z{q#zuj}-S zZ7l2lO^)F6+gs#%!5z+WFOlQdvV4}vzR0~rP7J>-bUom%oEwspw}#K3-gj;d+1(N0 z_}Fz}IrwJSKVA&W!FR*5Z`s}F!uEufFJ{%_KO6SU0@vM0YCwtFkW{ZCl+1#`pW z(Y3J2Mq*F+`oMiCeEpRe61FGO;r85bh3iS|4*Pp^UcY_2p7^}5e_+YUOT+E^*8WRe zAKstdo#A}$sIWbGhh-lYw#R3O?a8~t?YjfQav~S*e`2sD?+VNQ@^F0Y+Hm`RW7zIn zcCUZfo){U9x5qazO!_0oQ|ua+PZ!w}xu+g~j+Jj&xV>asczlAR;rS424ad7f!?O3) zuz&LFVLASESdLl8hi}`hdYpXMgTwxbAz}F!*7cdaKkM?}_6R(B!Dw?mq}QV-I~vbe@sC;Z$>#IB z8Go|v{iXYVBF_6q@6YUd$4A)f$G<&db@>lRpu5NaALhb#{rI;>qi5TX{=YW)hY{oPa)e!< zckdp;aXLZ72)9a=Yw~jXb)$e_Si1zh*SosDkKECAj>(_deCtC5zhvUt$x->vLpfjo1FGzTJvX zR+&FKZ-QL5mE%X_wEeE{6|DFmB3{Q|+k4WAk5@VVw0#|SeU5Lx$Hbk$ z-p4mB6@FizZ~0$s`QKvsf6B6tv*hoItn>0^OI~Too+W23`2kDbZ^?IA z@^VW)TgG4OIbxkJ_geesfF+N&0!#dlhAtK~n$lB*pDsvmW6 z_;_@!?}zQbr|~WSeIMs|U6&h&v8>0x{rzUe%HQ@`_SbdsEbIBC{r5ZHvgT)-^?mgZ zEc>V{IlrzCQGfrl=eltHm-J&<*Q?H}y}nuwLhv zo)>PdqJL#9`|JEv|K}&NUatpKKVb&z^*pcpeQFi`gn8_*^H=@fY@MHV{=Kt`{+VT* zN3ZA9fBHSF*XuUz_h+i;Th_6^UZ<)5Gn-hi=YQ3Y&#_*AFQDTzrHcNi^7lCUeZTrI z_zLII-x=t*W~=Def0O<7_fG2nkKbp#{=QN7!}(S8-~TcD>+hP>f7j1gufM-i{j0xc zz5d;{?zeZo`r7(`?m5QXC+K^y)&INJdw2D^>`iB}zy7_r>dWV_UVqP~`l%POUVksA z`+s8<{oaA>ufHEt|5<}sufLB{{fnbmufI>zdDP?j*Vd1k!1}l>AnN~)TUmdu=yiS# ztfIf*^Xz|~<^S8Itbd>Abv`=FUR&R^mi6ab{@+;7`uAJ<&RwkkfarBz|FVkyyHBwH z1(yHde_?$e(d&GlQAPij=h**3%fH_bS^q)N>+$h%OE2bF{rQ}ZM4ex21nSS{UTakT za&+B&KKGZ?lX@kmG6D;&`wu(Em#ynj+x|Z-kG8JYAF{r0-(bmGEP00||4-Nd*Vf*i zi1F&~_pkNeU;KGzg#G>NSFHUR_4|uIZ*}$Tf9WIeb!)!Z_14c1_K5s#$$#$igFTw{ z-{;sP(mlC;e(2u#{jEnwogeJ+xz76g?;gGQd6Pb`%x>W4n)i>~xp*5_L< z2Q2IJ*I%4qS)Z@|qxJV?3;%`f`dn+*7sL6^Ix}3)oiB&;9X!agKBt@d&n)Y6)^S!n zn^&=2pKs3jY}kLR_4jG%dECA}xBRL#9_<;9*XNwiY-d@YOCD@#fF{{HM5 zw(E1(PdyOMckI5f{EJ_+tk0#lFJ@Vv2hV+pWgY+ftbF$S3})ZL?Z;(eyt0jXm$0nQr+4oN=l_Rm!~WBM%66SE?Up>xnh$OE{B^?h96x`o zdH#Nh^lzUv9}`2v?Ju?V?-TzKuIIWm`|I=P#_25U_&w8uW&M8OnSW$ikEieTVOgK! zU-Mheulw_7lfwB1e3oUMe;vozU+2%DCt23x?`@X<_bmHjYreeK+TY*%dN}|2PlfYu zvgXr&SpEEL2&_1V=aYWle{#{WSlWue$CB^0cqFXHgX_oxA{`W<y4yJ-h$-X3{vVJeFzP8`_=kfiY{vKQX&bNLiZvS0QHNR`D-)F1e z8mqpP^>+l-{KoX<`t*0+>i3|XuS$PyzhyQ0t*p^+RgHf4)#&#?jecGgzgO<%@zUq( zI$k!9^w>|or`V8YS)cQ(|EDZJ)!Tf>-LD;Q`~Ab^?5DrCx9uula4tXB(&xUaxA|Mv z^{{PM`5PB;yY@U%yYi|U`|+(B{Z?AfN3|WB@7~7s>Gue>UFC;s^qXpZ52Eol@2)Z5 zzt`B``>f}`c6%zH@sZl*!G7!Smo(nyo>kTp+i&C*wYB@^;q0e>w_)c|xlfJl&a2Vy zzdyn4>fd>2J2wBj^}V2NS9y1p<67;?uhiJ?55K|n>GNlexA{%h_lCB;OMXA+v(GvMCu^`eu?wxb9~j?e2(?J-L|W2|J|DEZGLVPw;MIDeo&*|r$5j6 z^!r=8J(YiOHTy-ayKl7KC#vx_f7$w8(YCAn)kEBF*Y{Uyu=v+Cwp+6Pp3h3tB?j;1 zcB7ta@7~RRQR{A3Vr!#*ea7QwpI7bcu2hxl72B_VeZ~{4etl*gXd>3H&t7|6>epwl zJuda@v)3M%`t{jsk4ydf?6t?`ul4#YrY}Tz?QYez^%1C#Kz#)2BTyfK`UuoVpgsci z5vY$qeFW+wP#=N%2-HWQJ_7X-sE1nMJDAA$M^)JLE`0`(E7kH8;{z?tWz+ONOv zyfh#KC~X;i-Fanznm}4X$x(*>j~0;3?PfrasVGt0CWP1fB;Ye zQ~>V(AxHtz0Pjf}h%6v)U?FW407XCvPyqxB$hicl0P?@1T6{n!pa=*6B|sTa0l2>> zNCDD-48Q|q0XaY(-~$SPPCyY507`%|paO7TB}f6%fDFI`WC1xq9^eCl`KTFC0i>~i zGk`q62c)(VqyYiM5+DaL4{)~;qyR3L2a|z)w+=1wauH07`%|paO80 z5TpQUKnCCevVa^Q5AXqi0vNCDD-48Q|q0scxVtpF$j0ze5+G4O5L za=$~624nypz^~9WD*%ds08j#y0TqDzYl0LY4afjIBmNSp09il|kO%lihx9qq2A}}w z1h`9(50C+PfGi*f$ODRBAP4|uKn37FOppSk0U0Cy8|6y_JU|wZ15|#4h*#hY$N)S* z7LWtv0Y0Dr=mZo2*$T1%d_V!v2`K)6AOMsB6@ZJ@@&F&u2`B;rK>0hAuL4MYmmm$u z06ahzkOSlarB@IEaDPjX0;B;Rx|#*#0Y0Dr=mZo20U*7A=0U2Rz+Fh-0V;sdYugV3#m4v+=p0R=z>E-AQV09imDPyiGGB|z{MDx(A_11bRb zs{|=P8jt~afWlMMw@yF+C;=+FDN8CxkO5=?c|ZYB1e5?3Kxz*`2H-BD*c2cG@E#<{ z0`hP5fA`M zfHI&0aDPRR0;B;MfCtC|az-ylcpV{K?;xtWB?u@3&;WT03T2QbOMTi08j#y0TqCYK}-QMSdlzH4v+``dDu5Kuuo*xW(D`KwD*{S@G9U}c0enCK zQ2Y`>04M`002hW7AOr9Kfmw0^6@cGPPyiGGc{Eu96aYnl55EGS2uSTDT?UW^$(!445$Fy-x8z%X+Q?x0kVJ`AP?{X?z7lY zfHWWj@Bmpr4v+`1>^vE zfDb4DIsrvM04M?6=Lu4PG#~@;09il|kO%mH0>DLAQ-Cxe1MmP@Kn{=x_<#by!)lfV zP5fA`MfHJ^M6Qlqc zfCtC|a)3Obfcw=>KmaHK%76+Wy9|dUzy}lnoq!@B0F(e_Kn36~CrAO(fQ*3^wB-SE zfIPql6abxoA|L>i0A)Z0;I1S{0X(G20`dSKPyloSihux60+az2fQu|CK-vIOWdK<~ z4v+`2Y?cw0&q_dqyT9^2H*j506(CExBw^uI=9jOEdok_ zGQe9+eaiy!03T2QbOMTi08j#y0TqCI4?zl$2ITLi^cCcDw-clR8Gr|C*0=zCKmpJR zC;|dN2~Y-90PY%s6d(qt-HjEFcdk9j5-40WJ>H6d(=A06ahzPyx6& zOw)i2zyo9fIY1te!m*kLcz`S*2gn0_Kmm}!LF@r?fIPql6abxoqJghb^#Py^$YQa~ z0enCK&0n&gBAdALx0N-q(3wb~RP=ZSt;9?0%0n&gBzyo9r{F=6M03T2QbOMTi z08j#y0TqDz8-f(TUqDa*6afLC1SkV4fXot_2W~rUr2rX#2gm|)fIPql6aYm)04M>< zfC|7}NRR?#03IL<$N}H%_q zym1DkU`+!&Ko*cQ@Ct3^0R=!Opa`hI>S8Mm$N)SeVh}TcEFcHS1AIUM&l|83aOaG>MFz=iUHh;PG=gas>xo9GKSnz92Y zuI~gB>F`cxu%Ti{!-0+y0~aQ4q+bLJGFB99sMyhPpm@t?!;bV?@nOZ` z?Zp#2w&nkcGF(_*6l^$fVR^AKq*v$)D;f@*DA=$+Jg))hI5BWx;>Pl<+sDL$9SI9o zTrTkC6%j#2L&v~G%0Wg!MMKBHM0#bAQBcv)F))!{6&&_^BKixc@OoKMpch6l|#2(QrH|%?_LxxG-@e zeIr=VwK#EM;zs&Oupnbad9s?V*if;f;XucUfeSa%H-iNkD+;y;-B&am=r}QOVd6&m z+hDNY^d1LaG*bEcH+XsjpRzRAY(-}gdGPuP7GX_xY0fu$KQby z1sisx-v$d-+`o*&F?s(qV@1LCWW9fS;=+a<2j&;z;&Eg7Vvw<-U_-@@h65cZ1};q8 zNM8yTWUMHtpNyz>9Oy`|3l^+MpOVFjg84)9g5^g+#)^Us6+7CK{jMwybetHtFmWS& zFDS$0U`P2v?03VCh65b~7uNR$1r_^~t&!TWqapoObh==DQs0cSjDijI$=bSMN5g>= z>CF-8f)xcDDt0s^*P#U~3N}>iXgDyw7d>CN(Qx3z_+C`Ga3g&`Sdg)zU_-^#V=xox z>%oGI^Bcjy#EtX}U#g0m*|ih>OlI~opjoET`jKX9V`wJc7IF9#QHq%Q^wR*WwN7jC4_1`AfS zBRFuPeMJ^0#@B)iH_BIo4Lio)1Q%{3-7i=%J|A4TF&ugqZj8^#;zkkah8;=Sf)&Zm z7pzYhUx?I(9m5=4xRJ!Npy5ElhGbX^RupX5pRD=Yus<`21uGg3oG9jR!~V=94xAXc za6ehId*MbB_=5Erf}LNuk<9Lb6{*W&MZtz0O_c*D1}@x4j+X^13O4Ld)^RVIV&KBW;o{pdaAE&e(9m&WJY_$Ko)4TzSg@jfKRD1{9W4%= zNdFRL3s$5b$zsLO;==uO@P83i$H0Y&8|gQ}f{Yaf8!CofUbxY6lpQ!RaAD#`dsWms zaH9S^*m0oa#CZ6jaB*XJF}!f2y(s!SaAM%X#Ql^#H}AMnOv#4*nH-%iSW!L```xgk zp_uFqJ1#3Tk-i-)$S6A4us{8MSQ#qL4+I1ANj+WRM*8Pq!HOod11HKaqS=NW4F@`g zNxX2Q>EOVLbOj4m3}qK?G?5-SQ9cwMY}ip$*{~y-@dYdT2cyb~3+-(&;|ER*T$s3# z-Y(@dNU|9#3N}>i82=RexNxK4z=`XvQDq|OZ$ZY2f(_?qyzpV-M*3{9AY(Z!j0p5 zu^t@*7v_`I)rA||OJ%X+z=`yg7~6u36$KkAb~GI5I5BWx;zs&vupnba!G?+*=?B4r zj1>hNDt0s+=r}QOVd6#_!Geqx1sf`MG%Rm3@>j$`vtUKRhKe2S<-vgy0~aQ4H1!Ug z7`QNTKm21XO8Rk-v7$VwcSaZ+b{rT#)d41Mq@M)~GFB99s7UH9$XHRZp<+kFf&OH* zJ^z&dr#`cPcv^6o~#Qir$`5B|cieba`Y<+lHWS5r*D>m%7o(EJBAJ}+!+5LiyP(dgAF^{cY^~bk}3;U zv~L6lPPA{!;>7s7;KGg8g99hV-v$?M43S>A(G2UriGd5njy5DL7zTaeMiTgf6~mw} z+-Nv(B5AQ;MZtz0NoWgJ6l~bhaNtBTLkm_EY}nDna^QTT!iD?Es&e5*`d+YLMKReM z_Gj90;KVQo7j7i0x?p|Q*HT=#kqmml`V8M>FIZ8qVaKpg7j7gAuwZ?b!m4iAk+5Jz z!+{gY&KImG*swp@Z^fl*L&c7U105#@E==4=-wqaJtSHz}v7_NY$BBV-1`9G)6l|#2 z(Qu&S#K47#8|gd2f{Yaf8!C3RC+iWE9S1tHhYwe5s7M~4U$CNJd?L7TBYiSB-xPCt z;l}djV8wev|(W4M)NXzpyR~Ag^3&KYr%qy6$KkAb~GI5I5BWx;>PYR>V}RJ z0~aQ4EIvufSWz&%I$xN$k$xB~$XHRZp<+kFfsPXc7bb3`9|a3CRunWG=r}QOVd6&m z$6!Imih>OlI~opjoEW$;aU=aW*ev&s18MPsixmYMDt0s+I5BWx;(p3L5nWxlkv^$wgExG-@e{ZX)BMZt!O9SsLg3|yGFk#x0SMZt!O9mh)|pc5BvEbdQN3>Sq9 z6F1V|2MaP*6l|#2(Qu&S#K47#8|fc{1sN*}8V+=v7`QNTBYihmkg=j*L&c7U105#@ zE==4=-wO&hRP1Ot&~akm!o-dA{a``Hih>OlI~opjoEQ(kjk&*YWBZ3VLn|5%beyiS z0~0r{AIT!Q{aujJeiL0CII*alQLsI!*GXZ=;cfMffeRBil24%)WULQAj8s9zj)nsr zCk8GQ%{J_4IM8uo;KIb=)7OrH3llezdC6E&FutM#+(=&y7G$g_*q$;~R&1!)(Qu&S zMAc%)fsPXc7bfnf%(P#)aafd&feRBW3MzIqq(2H4tQfd(qhQ01@xtK3je-q38V;OK zR*M5C%5&6V$N5YmCT^tf2JJ6nYzIyZT$s4gei`)+oEW$;(VoK$C;B_1#fb|OH`2R; z<-vY43N}SYvcsMygS4CZ)7^o;FG(X654#A+V}6+0RZblh)=UY558D>kH;MB4=` z${z$9c8nBUxKY+%!;XdnClVH{I6fV83|zQQrJ*2pUPNTkWpke>}XF) z<@h(zu_K&VpUSA%abY5%y3*pniDc`773q&}WX9ablo-AUJSh;KIa>^ub_3M!|-P9SsMz z4+j+u2Rcp+T-ZMnG<2L8xG-@e?ZJW-1sf`MG~|y4D>hW@XgJVuzduNZm9e5=L&g5^ zo=7!xoEW$;abtO-mBxlr<3W~+hK_-W^u8dYprWB;U?ROg$SA02=opwt9|$rEDjGTl zCejCkjDm`Wj)95vp&+B6qM>78B7Hc>D5z-Y7??;O2{H;Q8af6h(jH_KR5Wx9Or(zn z83h#$9Rm~TV?jniMMKBHMEZD;QBcv)F))!n5o8opG;|D1q)!GJ1r-e)0~6^}K}LCa z{sKb9j)nsrCk8G|+(nEnbI+EVd6%5OR!*nQ_#?HV&KBWjr51Xf)xcDDt0s+I5BWx;zs$exP))m z(Qu$Y*%w5W11AP9Ox!rt8<@C}eibYaKZ{gG!G?FD71}-cHlTol?*Fi(aiDVoLRut5yG7fZ{7?`-xRX%ZHB3X(B z>$4~?in0wmnx!~!J}FPubPQaWSW!^1qhWcmp0Q!af%Czca^XgOZCoB2ItC`v>w=7e ziiVDXiS+s)qoAUpV_+h!K}JDEL&v~GdP9&=P|p;hefeRBi(%%IOGFB99sMyhP zpyR~Ag^3%qnxe#(9lD|2D@@LWU3iGd3fH_{J+1?knXw*@QGi*3M)f(;cr@~fOU zsA%XIm`JYu6&~PAOc~bu_g@Fs{Ka`=#9w@RK%3GrQ4HY{Y4s@ItxG-@ey){^nv7$U> z-!hXZ*ifJBi)FE6cu~4=V{^T#XgJVuV&KC4M-lk47=qM}11B!D4=Y1Q`se6=LB@)L zingnajuYd}vEjl*dP^`~BLYm^NUseRWE7;|MdbwZSOaNxv1Sz{(QRP1Ot&~f6zM6xIuD+=0ABHRNVCk7^(aUAG4F)(o> zeIy3BAR}E-wjg6gLB%lb7bfm!72XmXHdHjE*T(=CWUMIIP|=W5upnba!G`_GifThe zTVun4juQhHZlpIT)BS~s``MeV3sw{ihw_Dq8|jaO1sN+gR5Wy)7*ClC#et3!0~5_S z4s@Itn7Gl5?LbHRmuR*iV?{wl`e;;Hkg;Nz_6ze_fVW1fn1~G(I~opj45Z%+7G$g_ z*sx=W>cYf$W0YN(xRG3Z7py2qHY~_kQLtf0LwZxp7Pc zj`KNUG0}|UK*#wE3llfW^T#N5G_OJjPHg^cNxv66T9C1#U_-@@h65cZ1};pbPe*?X zR+M+z2X-`^uZ#`NedmD_>EqFMLB@)L4HY{Y4s@ItxG-@eeIi&eJ{nw@xRE{(zSxMT9XhaU=a(upnba!G`*jeK9&HsMygy92__?KNQ?p zWbY3KNj9VXJa&HIL~?(>V14fNb5vQdB5Au|Mfqve+pr^H!TMzXRTe8YEh-v@Di>~) zrwVo?u`F0IeimG~QIu`i(cTsP9XK(N-Wx1fQINDdu3|+V}lwG)=t^Xp68`&SmD>hW@XgJVuV&HnMwpd;l^smIQ25u~04K}GA%~v`O zoG93^WA)TQLB)=S%Skek-XAQOUkGk24*C3G!-@^{NeOMokiBpteIVGS8ahtYX9Es& zEXXL>a64-k*Mq~wqhsL0M0s_vVMjBB11AQWtIF|QT2QcINBhU%K>Bg8V8~u5vfG0& z_9qtHUyq*CH-d~61MFz=eq$>2<+^jP>DJGDm0o{fP9yiS5ThMZqnxM*YuV$AOL$1IbfY3s#KRM%jfM zMcIZOO;iU?G@m(i3{0dq1{nnv4IKj$>5qeqf{KQYfr<2{Afuq7p<`eoy*bDzsA%XI zm`HC4G77d285@Q*zi>aR|K><7SaGP5-lPmG3O4K*xNxK4!1<*1SniI23llfeM}q~~ z6C^7(RP1Ot&@ny~T)2@w94yFKQE$#Q}0-d4I5C!}ztWn7EPdU_r);f(;cr+JC!xqvOQD zg^3&Ke}V-WD+)GL>}WX9abn=Y#Eta7!Geqx1sf_F4s@ItxG-@e{a>&kV@1J+iX9CH zI!+8+n7EOC6D-JBQLv$+eAfW8af6h(l>&Pf{KQYfr<3ZAfuq7p<`eo{cVs@P|?saFp>T)$SA02=opwt-wHAc zDjGTlCepWqjDm`Wj)94E1{nnv4IKj$={rG2K}AEyz(o4{Afuq7p<`eo{X>vZP|?sa zFp<6+WE501bPP78BK;)DD5z-Y7??=^6l4@s zG;|D1q<;=F3Mv{p1}4%KWE501bPP78BK78BK=R0QBcv)F))$-H^?ZcXy_Q2 zNdFgP6jU^H3{0fo1Q`Vt4IKj$>9;{fK}AEyz(o38kWo<4&@nKP(*GOvP*Bm(F))#S zFUTmUXy_Q2NWULs6jU^H3{0dy2r>#P8af6h(hGu&f{KQYfr<2oK}JDEL&v~GdSQ@J zP|?saFp>T!$SA02=opwtOOR1e(a78B7Hc>D5z-Y z7??;O2{H;Q8af6h(jH_KR5Wx9Or(zn83h#$9Rm~TV?jniMMKBHMEZD;QBcv)F))!n z5o8opG;|D1q)!GJ1r-e)0~6^}K}JDEL&v~G`gD*{P|?saFp*l2QBcv)F))$-D#$3P zXy_Q2NPit<6jU^H3{0fI2{H;Q8af6h(r1E78BK=*EQBcv)F))$76=W1tG;|D1 zq;Cfq1r-e)0~6^CG72ghItC`vcY=(9iiVDXiS+kDMnOeG$G}AThajV%qM>78B7HZ= zD5z-Y7??=k3o;5S8af6h()WXmf{KQYfr<2kAfuq7p<`eojUc0-qM>78BKT#$SA02=opwt z{~Tl#R5Wx9Or$HwD5z-Y7??=^5@ZxqG;|D1q<;-E3Mv{p1}4%^gN%ZThK_-W^s^wN zprWB;U?TlI$SA02=opwtzX&o4DjGTlCeptJ83h#$9Rm|-1{nnv4IKj$>EDBlf{KQY zfr<1VK}JDEL&v~G`el$&P|?saFp>T<$SA02=opwt{}p5uR5Wx9Or&2083h#$9Rm~T z*Fi=>MMKBHM7o2Ff{KQYfr<3rK}JDEL&v~G`kx@9prWB;U?Tl*kWo<4&@nKP{x8TV zsA%XIm`J|~G72ghItC`vZ-b12iiVDXiS)Z5qoAUpV_+hs|1avHprWB;U?TlqkWo<4 z&@nKPem}@4sA%XIm`HyRWE501bPP78 zBK=X2QBcv)F))#qAfuq7p<`eoy(q{isA%XIm`E=UG72ghItC`vOM;AoiiVDXiS*JS zqoAUpV_+h^EXXLRXy_Q2NG}gE3Mv{p1}4%gf{cQShK_-Wl!J_diiVDXiS)`KqoAUp zV_+h^D#$3PXy_Q2NUshu3Mv{p1}4&Lf{cQShK_-W^x7b!prWB;U?ROP$SA02=opwt zuMaW`DjGTlCej*Y6jU^H3{0dq1Q`Vt4IKj$>5V}~K}AEyz(o4vAfuq7p<`eoy(!2j zsA%XIm`HC9G72ghItC`vTY`*&iiVDXiS*VWqoAUpV_+hcAfuq7p<`eoy)DQnsA%XI zm`HCAG72ghItC`vp9C2N6%8E&6X{QbjDm`Wj)95vXF*0mMMKBHMEdg}qoAUpV_+h^ zBgiPIXy_Q2NL!FmP|?saFp>Tu$SA02=opwte;H&HR5Wx9Or&=P83h#$9Rm~TT|q`c zMMKBHM0$6SQBcv)F))$d6J!)rG;|D1r1u6H1r-e)0~4tR83h#$9Rm~TeL+S+MMKBH zM0$UaQBcv)F))!n5M&foG;|D1qz?ue1r-e)0~6^(K}JDEL&v~G`f!j@P|?saFp)kI zWE501bPP78BDEl+prWB;U?TlhkWo<4&@nKP z{yNAgsA%XIm`HyUWE501bPP78B7Hf?D5z-Y z7??<32{H;Q8af6h(pQ6wf{KQYfr<3BAfuq7p<`eo^&q35qM>78B7Hr`D5z-Y7??=k z2r>#P8af6h(l>*Qf{KQYfr<3DK}JDEL&v~G`nw>bprWB;U?P1h$SA02=opwt-wrYg zDjGTlCej&X6jU^H49q|EoX4L983h#$9Rm~T&x4GDiiVDXiS&*jqoAUpV_+g}K}JDE zL&v~G`imf=prWB;U?TlxkWo<4&@nKP-Wg;RR5Wx9Or&=O83h#$9Rm~T-9bh{MMKBH zM0!t==8$h;P7LJF1uHgG>}cpXv3x$rDA+JR6Wmyyu5e)@Jt@AY(%^KLB@*fHPQ2p#g_D?+Z7YvI8gDf5_rQQ{}*k%h!P?(l8sySW&Q{V#m}WVJbbn#u zM*2{&AY(}WX9abn=Y#EoA#}wg7rZ_1@#FH4F@_-3|yEfzm5(z>?pe0u;cu9 zEiiE-nTQ1$D+)GL3~evmPcQ$e3==ofe+3INRupWgPxg)uHte{cL5m<`MZt!O9SsNi zQ>LqijuQhHCT^r(1q(8UU0%WHuILtSHz}v7_NY$BFX#2x!BOh65cZ1};q8 zNNcblV@3OVaNxwig^3&K8^MB%6$KkAb~GI5I5BWx;>MDKjDignI~opjoEW$;AHEa^ z>y5=-P{xXa4HY{MFXbmLwEqbXoG9N9Hte|k9dKiD_kW&oFEB81BYh`Wza11*>}bgU z7OdD%v7=$m;KuUrLB@)LLzRw!>uG@-{Xc>e7bb3`U*hF4)CDUFHdO3rFAENw7`QNT zKV`zWa3kq{LB{!uU|`}#654`dJvQuUIM8uo;KHiEf{Gmt$CEWf4IL*2E+i~iQLv#t zDS=ls9OyVvUKhvEh8+zDI!+8+n7EOgJqt3{=Va>2u%ci?#g2vp9VZ4ZOx#G$vIQ9{ z3N}>iNFR+MELc%+BYiB$SaCf+zl8LWU_sr39S1rVWE5;qN(UQuv?ry5hK>{aZ(s$<}KQaZSBBdNF9QANXnjuQhH zCT^tP1q(8!o^LFEvNmIRb1X$h!G?+*4F@_-3|yGFk^GM9g8qyW7bcF^yZYe5f)yKf zq<82587m4lRP1Ot&~akm!o-cV1q;$=%>go26l|#2(Qte_!tEHiFtL9pXy`aGaNC;B zAY(iXgDxl6Ww39alRu4 zI52S|ZNY+!75(kOi3<}q(w_tiGWI_U8ahr4T$s3#{ybQ)qF_VCj`n2#LKX))P7GX_ zxRL%c$XHRZp<;ise=3WH105#@E==55gqyLVU_-@aawd`p7G$g_*q*G(DX7mhq2WNs ziK43wI~opjoEQ%(U$~K;NRhFkJXs66VnfA_h6DXcne2{%3llezDhrx-7Y>}y`wX}+ zaU=aOSdg*0c`vBg(Qu&S#K47#<~nrX#K7hhs%SXSal5xoF9&1sN*}HdO3rIM8uo;KIa>^ul04#)=IUI~opjoEW$;aU=avupnba!G?+*4F@_- z3|yGFk(OXV#)^X7b*Q1^#6bG1xQr}VQLv$6N5g@R69X3}ZY2LEWkJT~`d86#pd-C9 zj)(;-3N}>iXs%|*b4kM@(u{%)73r6*z*up(4ByzWKUZa3SlmvpDDM^@Dt0s+=r}QO zVd6%5Pp}|kMZt!K105#@E==4=?+q4YtSHz}v7_NYdS9?0V@1J+iX9CHI!+8+n7EPN zA1p}kl0wFcf(;cr8V+=v7`QNTBblZJL*N%C?q?h|QVTLx6l|#2(Qu&S#K48(b$>&} zj)nsrCk8G|+(>^BEXY_Ol zI~opjoEW%JEaQfX9SsLMP7GX_xRJcOx*%gk!S}3 zP_d)oK*x!J3llfe&w>RRD+)GL>}WX9abn;?$u1t)F^RUd-x=Ik{F-UTX~TH7;zoI8uwh3N#)0#R$}ZcpUz}KVRZy{`X?x&A!h#h;R~K#! zWfyMLx5TSKL&v~GdTWqTP|?saFp)}-QBcv)F))$d7GxAuG;|D1q_+nd1r-e)0~6^_ zf{cQShK_-W^rt~aK}AEyc*;Jd3>^a#>C-_*K}AEyz(i_6MnOeG$G}ATt01GGqM>78 zBK>ucQBcv)F))$-CdeqLXy_Q2NS_HZ3Mv{p1}4&HgN%ZThK_-W^tm9TprWB;U?P1! z$SA02=opwtN03oa(aesaT(^xR%z#o@P^Ph7aMV#AJ6Vn-Jy zZlt#b3o=#|Y^d1LaG>MF!1bj3O6i6B;j58KUkfr;6dX2m3|yFKnjJW?m7t>G!14kk z!iL-3@aBP`>y@%tUKJ#7E-zS-UZpKoTpx^CEZCm=`(MRAHtZ<=HrTME{a0|{M7o0oE0WI)m*;~+ z3|zR;RQdl&y3eL-j`J|kzd$IcTrPibNv<`ml_g6sWN)ZiudQ86vL)HFY5$^DB8PdH z#AY7m!`uWIno+|5;*b={VQxk=Nf0;yQ!_V{wD&dp<*E*M-_tYGGiOeC-{*>k{U@qu z*ng^uhJ*zf-CS;%*v;jNhK?I1He0)(qDyeY#D)thl8rCO=QLg(2jYqY4IMWOOr%!? z3sz)oxS*h7#}(Uoh*40nQ`Oiu|`Y$(`qpkp9CHCVBs zV8?-uf%LRsMK}8!1}4%gg9R%xHe66pvEzyZ4IMXZzLmM4qT_~%ga!Gm{$-Tb8q8n( zX7v6tSdqW`yO9bN?Qy>nsW8y~@?S+20~7Vpe-u+g{psCN!h!tw7_p(C{&l3^aiF2U z{0|}(Cbm}u7gX#x&~U>*dS$R+e&F9m^}b-m{*(VLMxY_hU_r))f_m~nBXA(^|4)RV zprYf3iS*uJMMnEs>}AJ5c7!&Rv-I(Q5+U}yV_?4RHzG?7R^*fWqGLlreYV4d0}b;# z|0sriH<(ZSmr;6Bu%c?)&koh}WF4qO2j)|BJXHs#;BNFNLqWNav?xZ*&^4HN19U`56S1;y}j@6Y0r8{&{S7LqY!Ne~l_CI&PRq9}8AwTu`v%iiVDX ziRI(LiVYW3>^RVH!$3NM1sNNf`E?A`XGPnNhV<-ULB@uHiYpFu+%S>;CRmYiLBWnI z8af6hmgfX3He66w>lp_cl106sUVlA$abUjXpGEImgBA0EUyEuF^6T%6q$sG5{Nosg z_PVHc49r`!rL#j^$H3H<9>o*>OQc7}jw>2E1}2s#1}ipPP_g4c!wm!JNx_1Q4FwhL z@&7Tlfq{u_2`;GEaiHObf%Jr6LH^0Vh+!z0mp_Z%R|hMy1F@kXZ*fc8P*Bkv-Hw6! z!+#yyMML^gupnbQOMm&RQ9?mIeltekKtp{vF8dt^@+a?(5h$qWxM3oFD#&k$J=#!E z(Q(5>dSkF6)?ih{Bl(k%&*2xCVef)Cw~>Yu%V#7PAVK|NUskTWNav? zxZ*&^4eeWwDF*6{wYFp4+%_L^+eCZke~35?Ol2kOh>*zY*dkX{}v$kV;UG}4spjo`eGcR6&X9OXy|9@d9mG& zf$GxOahw+k($|9p?M*S~j*0D_;DU-B2O4e|NcRQ{@(=%63`0TtQP44ve-bZV8`|~< z(Sd>a9a+8`v}fBv49wTZF-UI+R%GnBqM>78BL7Vc+fdNn8<%d!z{K{x;DU-B2O4e| zsNah>H9HQZ5C5l_1~PVB(a9S7Rk_JcSsI}WrT#lh*Aj$d-rR@5Iy z+m89f{}CNe3RcW-KQ^l0307q6xT2wBU?MxP8wyhT;~0yK9al7T3`{J49<11KLB);( z4L1zr*Sce(V1M}Th(klV1q(8^v-GB4i4qFt`(s%8K(HdC>F5||h_-Z}5ag44qIW~V z)RsOd1Q|_7$2dc@rTc{-quq0tkYHe9yEnL?Vn=@GzlaVLfi#iVoxt{d$Z*LH>;Sp`fDUhKcmqU`56S1v{>o-nge{1S|42&fA89 z`X;Lc2O9E6grJ~(!0iwN6We{k1r<9EG~6(dJ{T;>*pNOKvs#g{hs( z-}v7nO9@uw`%M=G^AoO=Pr6c&(R6f-GeleZln`VzN26n4YD=FMf{f;J=@^*W(r1Jq zqq!dVB z`qO_Mn?ysN!G?;C8zz#F`nI@*?>NwY7Hu5^6Wh;&3o3TZ8o}x9!HRZ|nPQ;c7jH9m z9B7yyGSd&6De71Lj|f3SdLUSkf9igPg8bZn6IE1n+_1mvw>vi_o1BV!oC@TVH$}&Wg8Bg)!hv?8qhnwimhP1W z`NZ+tP%yP6Cw@gfu^2WK)OW^ocN}QQZx(`rX{n^Q%7Tohqhp*Q+S1#EAfLP?dN&kI zZK(=DM$^$TP(Ns=aiC%T#qY+jzYJEir^fS3$H2t)wBUk@9S0h27|3spZEPr*W{_Ms zD>9mnj)8i=3E@CHalLhn^U8CnrFY7LjCKgYK>esJIM7g^b9c0%A?08}#)kO?EAfj~ zBHF8C7dj@k*8~?->^RVH!$5v~+*&pi)K5FzIM9$j6D+7L*7%MC?R9?`o5aAx_WIz0 ziX8_UZWu^!2o_{)XX*2ibVEV?Vw}(&2O83sf(7kw|9fm41Jj7~gw^m_ zb{uH9VIV)%&Y+4m6~n1Pd}Y6jZeP|2Q^|f%X@F6jco5*TyzB6jXHFFp*4m zMaBi?tbXFo7>k1WUhDpS);%(sGt)87bM%O3e&i*V-iCtw#m7Vy^Ggw&z8tLB-tnJf zR_M54BE2(Mk#Rx6jw>2E1}5qkBk7I<^-=FNkUwWA`}G4FwhLg})!$z(9LmoaByyiS7Bp z1@k4bSkp^`6&X9OXy_Q2SY8&a*lwiQw+@K$28Ilf)(wJv3xq_1OF^K zda$BB_0OUM0~6cRf(t5k9B8;cF}R>&$AN|$22u$YWNc^YdA}bel(V$O!YruhxM3n$_bW0kDA;j5 zOLpc!LwaGbAY(gA7Vw6G`jueEfo;U?rl6wZhKcmOU`56S1v{>2=opw-z8|b;j&8?5 zenVVQ8wx5qZkR|ex)m806f~D#$3Xo>ylU(?(2#x^EXdeUP?7#VSdp>giiVDXdA5DS z?EwS%(=q!E1>J!inCEeRQIsyI*w4~49vdYbNHa38$k=g3L&v~G&M{&`L3;7sF%}s+ zu4w3(FMMpoy(n0*ZP8Xx(Q(5>dP&e;_Sopaz^?5$JCI%)EXdeUU;WsK!-1}CV4fi_ zi_!%ZJMtSJ8)H$BULI{LGIm_i&@tcq*ob>euwr{fv=vlz+%S<|8MO0!V4!N-ah$zK zuL>4qY-i~+cSZ>X`%mMrA81HF3l?N-D5z*gbPVJ-#p>KpP| zahA%TL8Om(aV!GNG}N% zWNav?n9f4-UFC}U;eQ?paG)W-&~#C-e=K(4Ktr;Z3-YJN0F{X_=_rYz~lL4EP> zM+gqI7yMDgVPIl=VQ@jViZ>KYXE2@X`N4k|9VkdSK4MsrvEzz{j)95gxxtDJ7gX#x z&~U>*dS0*~V?#kb+itOg8w%<>?v7MA(2(94EXdffKQ)f{frj+7U_r))f{G?{$3TA7 ze~b_mRCL@hkuJfCj0*~OTu~p6*SsAE+IMXO18u)Msu-Bq-Wyy{v7>$K&WOW6eR@oH z$AO0Qj9@{=hJuRujo5g4C|Hr-97#76RCL@hk=}xP|3{2K#*Ql*ItC_|HwP;=Tu`y& zK*J3K=`F#6j12`9R~+cLVIsXXSdno-!Hz2$ItC_|w*@OUTu`y&K*J3KsRj!&HWXA` zaiHUdiS+hhMaBgMJFaNx7?@bz5v4_hJ|h%+JS4 zOkW6AWbC-2p(B4af;SZ8uiP0`6y*2+r>LT!qT_~%^nqYS#svjCu4w2On8;S=hH|dc zC&r3hk+I{7hK_-WoPRaOqF}mnC9k3Ri4F-0@|)wG;f8{WjvFS@TY?oC7ZkJ~{^tnB zz{K{W;DU-B2O4e|NIwo1WNav?xZ*&5z`;gAbHqCa(zD}ExFTc66%8E&6U*NOD>htE zvEx9)4Fl;p!Geqp1r^PNItJ!FcgKi(gB2M&u4w3(?+VhpgB2M&u4w3(pZ2q(&jc%) z8&tJ1sNL(>e=@F zJEIK+dGpR61r;4POr)0tD>5!9*l|Te$H2t$(qP4g3o3RTXt-e@y)0Oev7w;iiUS=t zOr)0wD>5!9*l|Te$G}AX@E^xEP|zHWj)D4tyCVS(G^G221sU5}>UTy71^biYI3H+8 zPYxDjY$&LhJ>D#*uLdisw*@h=SbW4!ohDqT_~% z^RVH z!#Jy7k5}i8f&9$hjj<@09{AETgB2M&u4w2Om?uw9}{dS=nwplm?>5f{YCX6;~YSxM3oFEm)CpLBWnI8af6hmahjZHe67#<3Pg=1L?tF zLB@uHiYpFu+%S>85v<6#pkT)p4IKj$%R|A64Hs1GIM8szKzcY>kg=hl;)(+uH%z2k zup;Avf*n^hbPP-^j|407GhG2F$bX}Xg6!6^q4`{@W1#w2X-D?C*@lAZ;dsY^hUDv? z<@_S(kqGG+X!pdo^&JBf+r7aB6*~?z+%S;*qn8Ew{O2!c$tS5B3Z~x=rSl_iv=MC` z1Nr@TM=&ZnZkR|O5wo}r1@pbpmfja+?6{(#BY*SG7=eQ3fu&<$VtadVLB);(4L1yA zckc}a?YnUnI@-gLxnm%|{ccHvf{KnCCer!I*h~IrYzPhMrNM%X4Fwff9O$@VBE2kF zk#Rx6jw>2E1}2u52P-yQP_g4c!wm!J6~Tgx4Fwff9O$@VBE2$Lk#Rx6jw>2E1}2tQ z1uHgOP_g4c!wm!J5-iBrP*8EjfsPv{(yN0N85b1nxT2wBU}AYquwugn6*~?z+%S+{ z8!X7!P*8EjfsPv{((8g185b1nxT2wBU}AZFuwugn6*~^J6K|F~2Ab!Rj)CSOrlUP1 z4g=LA#E$tjPa|LVG=llIyQ5lz6&X9OXy|9#58_^TpdtM*Sdg)ypyG-H9XCv*9|bEi zE-2V>MMKBH#PZ`{#fA$ib{uH9VIch^Sdg)ypyG-H9XCv*8LY^-pkT)p4IKj$%TI$9 z8!o8WaiHObf%LOrLB@uHiYpFu+%S=T9<0c?pkT)p4IKj$%P)cz8!o8WaiHObf%MB@ zLB@uHiYpGZ2k(rnVPINP$@A`t=>w*8-g3Vx4g=N4;5!a9q_+kOGB!*f1SBhVMf0&? z$H2t)*5HDQ9qsFPMjQs3-&A%COl&U?E~waXpy7sr78B0tNc0SfX@;{kF*K}E+66X|Ecii`^ic3jcWF)*=s%3U#i1C!QZMaGUR8af6h zvTs5*6y$s37dRUVDmreMNN)~SWL!|NWVjTnd*$x;Arnh9t zCy@Iy{w&TG8qza^1sNL(Dy}%tal=GB>JAY(&8#T5rSZkR}42v%fVP_W~QhJKcO zD%3Hsz4M<&Fq%(nItHrGjP~<`qaTVx!SqA*^!{K)KAA#LP<^4gqp5ZbOl`?8H1bcQ zx}l(I+tL2~ju?S~`prLz4m6~11q(7Z6jWSspyP&#^zC3pKKYBtyrCey?thOC?6{(# zV_=?bf;$G<^$((oiS0wd1r<9EG~6(dJ{&B_*v`^lM!pRN`|HgB=?%exj12`9O>oD+ zd@$aXr*8xqJFaNx7?@Zd3RY~mApccl*-(()7~9C$aYaMNz&zUocMQyzJ|@P#EXb&@ z{H;iUhV-gnL4INcZz#xrt%`!~xXkkieI!a3RO~p=aKk|QyI?`ahIXdHKzk_uQ;&{` z?cv~piX8_UZWw3vaVCU;T4K+4G^95L3o=JE8*x z&0_7C*uE27P_g4c!wm!JyTO8t4FwfV=8l2w7JFIIal=G07VJK+YIwrP9 zg9|El9B8;DS+$7R#%mDdm(XpW*KN2sb8_HSw$$yIyDmreMNHbWGaY4b3D;hcmCYGNDD>htE zvEx9)4Flfyklv^b&4`YH_H4J(K`B`^FDiqY0M}i&gL|ezeG$MU2$k=g3Lq~qj9gztHn*-_e1P^+hA9B3yxItFsPD@LH8BLB@D(T0Nh`Doj5pq=RG7-(OJ zj*fwe^z45dsj%aUhJKcgUyl+7@<;E8O`@QCn3(5d#YdxbLB);(4L1y=j|B@dHq4Jl z<|O@kZsY!V1HB%j)DD?t|O#R1q*P<8gyKy`0nAk>eLB);(4L1y=?*$7oHWXA` zaiHUd{7ExFLH%^FbAU$NPYeiS0YV1r<9EG~6(dz8frPpNf1P<1BsBy2tjZ z;DU-B2O4e|NS_WCWNet`oa9@Pzjar1prYf3iS+HDej?&_9LUEVF#-ksyc*Bz^5c>I zf{Gmn8g3X!N3bAcLpxJpAU}LpbfBW+hKY2;{jtU~c3jcWF)+`zPuvl07|7UAuuIj> ze2+wFLB@8LK6yu!P|(eEo^$?0lrE^)aiHObf#hs0$me-OJ5ymGeJjp%#*Ql*ItC^d zYiK18i?fii*_@&N@j2%}rbPP-^?+#XMxS(Rkfrc9f z(tCmh85;`f*>>NbL>mg4J?|LE-@7Y%QPFY3MEZV^AGjkzP%t0=|3=3WWbC-2p<`fT zc|x#a!v*Pi@idpQ|cs&wIO{uSTG-r)tSB-WbC-2p<`eoKO`T@S^Du^F%5Lw zFp+)|G$9=W`RCELp`zo4iS&ygfAfwALBZZl7wM~}i>9MvAb%~`P*7j7nJY6o{T zq^|@E^35<5%&)}hP7gTom>>SNsD32q^RB33`)P1N#g1&)hJt2n$3Qz1VEV7?(&K}S z9al7T3`{Ibuwugn6*~?z+%S;*f8h)A`9FuBr7y+|HWbt^2RjaAJGh}fDXzR74e80j zf{YCX6;~YSxS@S1@^y@}^flKJwyy^lRO~p=aKk`)Fj$bWVVZN2Z$-75_H#)gIUfu1 zd1g?*5OF&WG>f5QoTc;XKCkl!BK-vwI}SA5Fpzq%AY(gAUypnn3YrV7W1iRB52JKJ z#eVWgTr&;HRkk2wLqR>;9=yYz2L(;~j)C-}yJ8r2T+z_ak`W!_ESc#%=lspg!zr4m+-B=*aK&aEF3vy6HPX#*Ql*ItC{4qp{r$1?gvZMH_Zp(a_J5 zkdA@sj=7(=O{A}xF7mgccSFJM=G%~d87#=y(1dghG;JO84Eg&gT~M(jfBTLYi-O%I z8`9U!08K~7Ks%Qi2AY@8j)95vv$(^p$k=g3L&w0x^7CNDh6^fo9B8;R{X>wk zdUvoQFIYL&re9FBZ*?hV;Q;LB@uTc~wB@)d=jkqM;)@GaCw;L((x&9gQ8wd0dch(XpYRJ^o+C2n$vMLYg5hGCqg&;D7A#rC=2f{Gmn8g3X!Em)ATp`hZ5 z106Tycg8oP8wx5qZkR~#3RYxXP%!WR57B!KRKK^X(uaZ-89T0M=opw-J{+vra6$b@q}p+y zJ@<|nhJkuttehPO8uIg^V?#lGMy#A22inQgWBGK9v-G}L3=`Y?g9|El9B8;k^ zExjkm*l|Te$G|+>jOZBHzI<0CMaK;j=_^5g(H#+jf@*(vG^Bfj1x;_q!2Y*3jQ-XLSg6%8E&^K3JsV_<)uIHdOn z3oF-j{M3yq5}o_RjMec4#|EV7o`g*Y6=RhER zFj$bWp`fD4*D=tXqmF^})w^OCc3jcW&ywkO4CM50B0UN!vh}i|p#FKZ?KseopDqLi z?HL|UFfh^9=;#<|PZffJiTtJCi7Y6nPw~QncJh^I>lkQHjgF3q{MBgNP%xhsZE4kk z`sHZbaiFa>j`=`TQx8_Or|ZD{f{rihKzo`F)UQQ#$ASFxNWY* z`f{)!V?#m36$d(Q*uEDtt?0O6B7Hwtk#RvmJEw+$X5TsnYPDN9&`#bU1OwYwV!IU` zH%z1lf)yDT6zsU7p<`fT>A{K(7j!e7*nSXPP_g4c!wm!Zji!cze9jaF_3d^G2O4sT zjtvFfcIP>bubKubb{uH9VIX}iSdg)ypyG-H9XD)0jG0z++%S=T6s*X&prD;o!$7ld z9Ru|pb_)mE$(w{=VEcM(x1!^QiS%HwBIAOB9al7T3`{KF2v%&kpquH$_T%7!iX8_U zZWze-m>LT5Ia3tWciJr+Xvp_Q$A*G#yYrmJL#Ba>9S0h27)TEX3o78 zVtF)JvEhPlrW4ywg9|El9B8;|1=qM*LpZs9;fert4WDCo93&uM(qG*GeQ zK*J3K>07~qj12`9R~+cLVf$Ikw4&pNiS+YeMaBgM?VK70ntkgSsPC~`IM7bsCIkc9 zw`02%9XCv*?*uC{E-2V>MMKBH#NsD->-jr8T+q#QV*5pKLB);(4L1zrYHBFR=S)#h z|JH8dKs&3R+Z)n@!GetKEWQ1XD50Q9+A+?OH)6}Hf)yDv|I0}A++fA_sHZekblfnJ zz8S2@C+~>N8_HSwW$aN!#|;zd?}HT?7ZmL8wOdH<3l=n~ItH5k=oqMbgzPxbPTna5 z<1EQMvHe4ELB);(4L1zz@0SYc1Hpp)uE@8cAj`a=pqlB9^fr4(NxRdn1i zk^Vebk#Rx6eqUs1NFNLqG^siUnz?igR5RUipq;!&2*z2Gd1CvE;DU-B2O4e|*zcDL z=^8A^e;fHW6l9q<6jU?aah!8T-i4r?rN4~K6&*KBq`wMQWL!|Ne<-pvqz?xRnp7PF z&0IPLs+sOM&`#bf1mi5pJhA>rT|>F5!9*gqOs8q&vt1x>1sfo3ip1Jz7-9B3yW5Q1@*WS-cT z;DU-B2O4e|*gq~6(h)4k_eH)91zF||1=UP<9Os;oKPUv{EIlDIS9IJkk^CNgMaBgM z`zInxL;7T}ph?v+(9ES{pqlB90}b^@@osjI3kkB@Il zcQm9WSkT@W|2VZ{V17yOmxGKQS2T1COym+HHWbVs|LYk0lOSWq6%8Hp`M(<>F9=q& z*ZfX&pgr|hqlAI_(|;TZke?jY4F&V>{M+1*`nS2rXitoej)CSc8u#Z{|u{f+|-={3QEj12`9^E)w(WG*Y(6Ji=21I>R0)iJUCeQ-g= zjsp!h45WVu7G!KFsJP-ld&{3hdJIf#Zw)S}*m0oYhJp09U_r))f{H5+bli~b>V|^+ zq}ag?1@l#LG}0x=*l|Te$G}AX>fJFG1r;4POr);`b;O2t9LTTyjTnZ4`pQVPqam5W zf{YCX^=xxKHWXBUoqES{{+(*%#|c5f{D`ZF5||={>O~C$_&0E~waXpy7sr z{P-BVp`iJ196KhqYj8oujsp!h45SYQ3o z;y}j@6X}h?ii`^ic3jcW&(c#&5(D|w790wuD?Yt8$k=g3L&v~8+gueLp2OF|i z=M4qZpCL(Jr_=Z2CR2pgiiVDXdGhne+O1$k`*A$0bPUvY{B|V3 zfrj+XU_pDOS4j*^Y_AF~sMv9!;f8^92^M5*D5$vNK*tUFNB<(?P%vNkzeJW71uOE& zkAlaBQ_LFZRt%x z#*Ql*ItJ$1W<#_L^8%8w#3T=$P1^99&Sb<3Pg=1NnLGS18C| zwI)%Ke`Xsfs6EYV{01S2T3w@81!_P*7j`n-PZt4f%Z*5(?_;V^??N59mO_d_%OQ zH|lu54isb^8}biq4F!3NZ^Y9G4vj8q(hd3o-;X`V#CC6RLB);(?c||9j9?7p`X@001r;4POr*C5?LosZFnx@cp68~8d~dv8 z-B3``al=Gw0luds5sZ3fd3; zL&RZVd&C1IDmreMNRI~XTSj1D>(N$F(Q(5>`f8AeI27~;qitYf`$lj<#g6&Ch)drO zR-}icZAHe8D;hfLcOq`bahARoZ3i0C*MkKa8|q8r1$W1R?Qwq+^Fu|)4HN0{!HSG# z?RE@Iry~8_nL$4JVRURLnA*}Wgdn5o=oqLL>yCzW3l?N2c|$?fw&OrUa*`J`>!4$x zzRcx}hWw-0(1wEg86N~7f8$r80|og5cSRKi747TM(J?UJ7j5bN!HRtHV03IKs7qYV z{~t+r*0jx09tipuV2J4O$xO68(OzhG8{U-bs-LRvbNI1~ZUK|Mr zItJQjoB}%9$NzmCqJB0GH|(gNh`0^S&y^nNXfLs?K*u=we0&Ej`XiSCm>_P1q}!CqtSzc6+=Vm2f>Vt4Hq;V z7$5o5$oJ7;M)|p=9{EGR9fw$v@3GpVKKMsb6?Tk=W8A0D2QxA@T+nbJfAZI&0<35^ z#82BC=oo0v_`wczj3=Uh>8C-)_T077&UKkCf8-p47 z(w9 z$Mypap&|V+n2=GhqMmV|ipC38v=>F=2Ra5?Qaw8AKSYxo8qz-o6Y>}03KgtqUx@2` zpkttXF<4Nsp=tL($C#qY^x|MfK6ycm_JS4d$rx(~2J(GTtYAg^#veo~2Ff>s1r;0G zjm`)i{X5Vxke`f%f))9Oh$~o8(Igz`XfKSo104hTXOU2_BHt8o1uH6=gaaMz z=7>AcF_1?j6s*Wo#1*WlXc7)|v=>L*fsTRv^GGOIkzX2d1uH6=gaaMzWf6CvV<7(` z5(-x2TOzJtMMaZvprgGa;tq5SCB4NXhb|T?G$9Qujqr(S>8-(xeDX{r6s)Lki-Zk3+KGe%9pjq$FzFe9HND;HMee~E;G6%|dw zfqrKB)E`6^tfW&Z$wpC&(K3r zLB)Y92GYYpyT;b^Ku7ywtl0+!N)HxPY-i|mvBGWGQGX->4e7_hgp6{Ao{qg^!HWD7 z38*-5#Xz#h%&-2n$buE)qp`N9j|DR_>MP=bwqZy5&R;|VHeAr|jfdQUj)C%)U_r%( z9Sv9X^YC-eiL&UZJ-!`o*wK)F6imn{SW(Y7#R^um&jtrN+Iu__&@s?nYyXFif%3Xw zLB)n04Oeue*9Q~oXW}pYZP-zkIHMI62d)@MZw+Q-ELc%q9aXKUIB>;4dQC7RW5J3I z7vw$8vS3B~d*_Ref&7KIM+Ga|!@n6>&@t4K?h0mPY`CD|K*zx3g3aeu!-DqGn0^O3 z#zRqaQvHnjs>rgTA?08~M!|}T3w9j1B0p+dffeZoF%oBFY`CD|K*zxJ!(c|if{G10 z8m{Q)VS858f{vPhFEV3CL)~IdZ`je0J{(NQC}>|+75W+aQmoz`1Le!Xf{G108m{OV zFNv9_Sbk{d#2fnlYS0`f`x5 z;ev((9Rt%>f*A!1@)x7Nf)$%#){s6BOvor`_r*;)&{5Lg#0A5FD+baFf*BbLR&2PS z;Xud0bVD$sU_r%(9Sv7>q!$JgG745yT(IN76$9zUAX|3})^i2EITnQtJC0BN&u9Y! z<-TA+#fBXXS9GLL2NN<1R#aTDXI>Hc6w#)1_aE@(KAtri6FT4jj z#zV0~P7en&@+*Ua_QhX|eCQZ{4=wrc0B2;B+x}ZrkBS3V45ZtG85s*!)H`$tI}ZPg zWye6dHCRxwVMoIi9b=D9rU!x<$CG~=2^c6p3l>yt*wJuBM;gI|jDi*QjC*DDuV6*` zN-SC-+^vEY^$T&*8+Nqp z8X$fAucAq0Y`CD|K*zxJiC{*-f{G108m{O_pA05s6s)MYU`Lz(JX%9XZPB$2JL;<( zBHj0A(F0^`xS-)c$H4UIU`D}$iVZs&uIT6COMG`kKSMv)Aq}a^6BmFX% zkWsLr;({Fqu4s?PN7Mry=>`9HbQ~EQE@(K=F)-Z_%qUopZ+G{xBJDBEW@K!*py5Er zKz+IKhaKs$h?|kI;ev((9pmH8wt%%#vkiH#E z$S7D*&$trB3RY}ikAxi!=^Md>jDi&v?R8P&K*#pkh}+SSJ{L^LC|FU?xR*tVf)(4B zB4I~E`f@NKqhLiv%TeM$$M$H%?Py3Xn2=GhqN3fdEIQI>B5p>;h6@@Fbc~aiDDl!@ zMtUR?W@K!*py5ErK)o$WY}k>$7;!T)HeAqfpktuEN?Ghk4@KOJj13nw9OxJ)uTWwR zW~6UM!ih+;%;TJJst@=8qybn2^j?|>KXUSC{eJYJ{Aw*4Grn>V8Za< zo2N&D8TAVhx1k|@F_=&vjnoZ0s2B~pkl+0hATSKlfi_Hf)y1P>^N{md&F9deung=W1ze$ zSWvNHN5d5zOR2;ZsApJa;k+ERKh6~zDV;w)x&(PzZQ5Yy+2o_Xq z*wJuBNAe&2PRQqf`HS)OKZ=BJ1TzlLkB))z!eBwgh8+!8bfg=D3GEI&MMt?g;#O1~ zxMCprzmI2RELgGOg7zx)p`*M$uI`G816K?r|10o}j0G#|SK}^h*w2uj?q_$AZVD!3 z6s)MYV8?+g@+w|SW$7ojyA;4`bjV&W5J3I7c?B`7?>=y^SRn$L3`L)qGNl)T}4CsX)qz9U`53RI}Thi zki3J<$Y{425$I>=2_X!Wp9TvmHtcA)q9Z*SOlXt2fPRMjX^npVeU0-kZG1is7gTK6 z(QrjadL)>TQP93@#YD%Zwf$@o>1TR?jDi&v7wkB2MSe+ivS7ubjgE0P`Dla|RBYJM za79Nlg(l>4GNB&&haKgaXl+Hsfhz`5iWP1~#)1_aE@-#vA3C;&lWkWsLr zo^iL@6<|gBNi;blW5Wdv2Ra5OLts9~0T$#JMGp$rGjvz1VJj*QTrrSd8_dX9u%dq1 zs)rqixQ>DHx?n-Yh8+!8bd0Z9F^^zI`i1TyW5Wdv2Ra6(Uj{P@7UY*ZH>^0sbqtiJ zf&~>Db~Iekk$gm$&d&+As0AI_$C`o_`Q3jUhgeaOUm43y!HV|QSOpFYjTkExk9Gk+I=|h65b~)BA!M1q<>+za58IarD295*R2y3Kmps*wJuBNBVIv zA){bL#RWSKTrrS-63ob0uwugn4F@^~rYC|K1q&)R>}a^6BmFd(kWsLr;({FquE@8? z04`XOU;X?z#EOaoR}7@r1nur;M*=$PW4|7~!g%I4B1`(s=s23YdZ3^8_Z{vpb~NM% z+!?IMml!1lD=H3LF_1nL%*a@q<;w}WE8BZxM0WT2JGiuK)NfKkWtQ1d3J=b zV!SYZXdvAf%*Zd7iWT*3ZVGm^lUGH;fqsTw^Pja5%*ZHMu%e>9QZe*1^smp0Vjl`- zWE3n|QL&-v%YlCOYJPqsU`In%X~B9{|LSOR(zO{G1q)VGwA-V^fsXBi(b^Rq1L^E3 zW@HqMS3N&cb1)-g!vzh;8G8M*BZQ9e+DJ&R3oi=69&rUL zDh^yRko0s$#)1{?HP4RB=x68`e-a@KlwSr5DmLtBxS}IH6->w|s89V-l)#SkRQxmL zjEoHzG#uy{n0^(^C|FRjVMoIi9qH*{LPo)giVJoexMCnZ6U@k{pZSYu1N#}e{!N6? zkiHX4$S7D*alwuQR}7@@1~W1itk`ft!-0;0>3hM9f&~>Db~Iekk-i^H$S7D*alwuQ zSJc-B8+PQE$B%>;tf)9}#X!0xn31ty#fA$S4s;A`x5v-T?Py4M1QRj}R#Y?(sskPA z6%jWhW5Wdv2Ra7o4e?aluw$q%-5Jct*lxiMM}CD~Va0gC??&bu zf*Bc`Hg+_mp9K^0Q&B;|iu^f!#)@`p{OJ9GfpS~0py}j+j^V+awqQoah6~26ap}@+ z!HkRz7c?B`7^v@ycijy;4ttf3f#RXLpkg~iFNj^_h8@)tal?K-8f{G108m{O_KMy8k6s)MYV8?+g2GTEr85s*!Y`CD|K*zxJ z%V0*qf@a1a=xDP;bPTgBy)c-Ou^DUoIpC0f8BC~8$Ee$|pCJ=*M?uNcRUbG8U|8Z&C|7 z>MLW^ZP?L}UKLEpC|FU?IK>K9Z0lb~Su~{g1QRj}R#aTDXI>F@C zGcq<@&~TigAOC)Y(9v#~Bqf(aP~ zD=IG7ao~!9^!{K*#)1{~Cfgb8NbiVU+Kh}17c?B`7?|D}%qUn;v0+EU6&>ka!Gw&0 z6%`lkIB>;4dUr4*W5J3I7c?B`7|8F6FRleE#*=Q37uorIn|)c#o*5Y%E@(K=F_3S6 zc2tEG!_u5?v{ECVyhawRsGhJJb~GegunGAtnX#hI(Z+@y4atsYLPo)gdd7J_FIbUn z8w)D3FJlEO#v2XqHw76RE@(K;I8(eK{j(X5jDi&v7wkB2MSETJ;6O)4!HVWx?Z7x+ z-F_9J1r-~1G+fb)G8U}Za6$Glq+mTii+J2^ z*wK)F6->zY$cz>F_0QLrU`54&D+bctL6iAFN3*LxFwXt`n`VYcOMc&c9~tLB@s)8V+;} zOb-Mz3KrB4MJ*e4)H~xJr8ewnNUsbgWE8BZXI! zQLv(7yx8}lm-s$}&E?$BYx?#$!GaYP2d)@M=gl*?4)k-F-Q?dTZw_W0Moz~-c`#T| zv0+EU6&>lJU_yF#G?cO7f`$Xx^($C0?)|GM@s?ml`RJcT0xAw%F_1nM%*a@4F6pktss7%ZsRu%qFMj`UD4A){bL#RWSKT#-%ef)&HxbWA@F z@`qdvtQepDok;jxFe773|1sj+^BMJy=SJ6%-)nMWMY{F>h%9KTI?&Hb)sl9VBBPm{ z2RhO_o)@Xe*l8q&Li3H9SrvEvZeF;LcELH;4`dBa{W5J3I7c?B` z7??gD%qUn;v0+EU6&>jl!Gw&06%`lkDDRF_T~Tr1ih;BS?F-L|1a!3K5FPn#e;Bo3 zMa6+D29ishl`UA2-W72(GB#Y$aGasX+%0r$M#O#&3#4Y0Ab&AZ3szKd8+J6L$ASst z@yL?C5X=}U?qGUBFe78b1q}x}2I`lh*oOTK-4Jm*8qy1c2^j?|Dz+cT+P zQLv)of*l907)Vb9Gcp#e7!P}a^6BmI3aA){cJ?CHyV7xZg*z~#} zW5Wdv2Rg{-tVm2Y4f6ffs6G21zX)qz9U`53RI}Thike&=?WGq;*;ev((9Rt(Pf*A!1DmLtB z$dANbC|Hpna)=e<`@a)C__tt2M*Ya&L@n5nzZfqF1uH5JTrrURru>YI1?zeE;O|FS ztY{BJlLtD+{_9cJ0Lg|*!HOzwL(|Cv9orlJx9An}!*N)!qMjoR&EbKL;f&G`oFFoq z3vr-hD3%@yvT0DTqKezlo{TwoprhOqJy?-{<`65=8zXK;`*|E5=xA^IlQ=}jKzc>I zxX;Mga6!X?j)7?oW)v)Fulc_sA3DZ2W5<}j70k$Y1qJzs(Sw2&<4Kp~XD$gc%3J6ke&)AWE8BZCvW#O#g1}ET>BLj2d)@M zcLp;u7OdECLB2cgR>6w;T_=ql?RCL{bi@CMs*thaf`$Vf1JetG83hX}Htc98#f?Ho z{kLdn!;bNK?cN=fTVwH9QE}jkfpl9iBV)me4Hq;V=opx84`viBsMxTh;fjuQM=&A3 z|IecsR*b8jekYhwUmI*EpN(C{j)wHPU_wU0ii!(%9Jpd2?ZJ$U1uNPuW-|I2df{J0 z2m|HDU_r%(9Sv7>q?>{X83ijUF4%G4iuSeGp&aOE=v6V0ItEG(7F2B5(QrjadUY@% z-(wJB#rESE?K>LMPl5><1uH7X8)F)zHw81c7sR*R9S!M*U_wU0ih8mtf&C0U9rf*K zNY4ZlG745yjCV${^sZn=dSO&LBV)q_4F@{L8TXzjaiAlmNSKka;ev((9RvB@QKDc) z`cd>{M#hE<8V+=fGwz-!aiAmpA`)g~Y`CD|K*vCSTa+kRk$x6&Gcq<@&~Tt*oN;f7 z5(hfAA4bBChSY-z83ilq$s3fweujP;2|F6nlfi_Hf)(}TUS+YLp%Do?8q&{$2^j?| zD#jAU(p!TW_3OVERiPn$BbZQ+*z|7LQNI~+8yeELf(hfRk($01%&5w4XhuNP0CRW5J60Z3`%N98bp@+c8j{2^Lgr*wJuBM@oMY z*Ay8AD=IG7ao~#fW$POH8G2XrrDLGHJ6KS$VMoIi9kuH{c9b>ZR#Y6gVj#UIn31ty z#rRQ_O+OB19N)FdW1xI5SWvNHN5d5z>HEQijDqpqKZ=C!1v54)@Q#M`nqWdk!HS9t zb{x2(y)oA810Csg5jP`a!vzfoItHfK2Qvy5w0qTueui9)eqIukzYi8vY}nCoMMwQf zT(u25%3V?Oii!hQ45ZfvGcp#e*l~go*=K45V9v85s*!Y`7r5TCcF;uo3PUC~plGRBYJMa79P`M)YOFj>9IkW1yti zuPvz9u%qFMj`V_HLPo)git+l`;ibES8OJq7V#h%FPOzY2!;Xe4I+DRZA)nLW41Fg? zalv|qUJx^RMa6+D2GR||jEn^Ey zSg>Nl1q}x}1}59a`P@LhEKd4BM|mn%xD^!#t{6za3T9+1Sh3-Ph65b~ljU_j*H|oQ zUv!q}D8Gymv7+L@6$9z1U`ED*6&o&SIM6Z9xK|qy=x4|aWye6dHCRxwVMoIi9qG1U zLVm4TffdI$Tr~`oZw3o0HtcA)q9c7Pn2=G>z8S;pK*y%F9S!OBU_wU0ii!(%9Jr#r zPXEx)kTyET+2pq)w4h?cj)p5bk|{JHpOXpo+xmwc>6OvijEoHzG#uy{m~7+cb1#nt zt>`H_+7IIG{XoZ9|2W!sPcS2+<`}yhcI0=&Xey{^UjGktw0Hbg9AY4=v|v4}e|yBG zGXd?N`Xtx-X7$~m@7PR;NW+b4a9sfQK zQQsGb8+MG(J}>(BxnM@dhRb>Q{>W0WqJA|h*w8-soTv{SG5F3_Vn{34h`v<*D=m4 z=?~+Ap<=`M^xs5P_XjiD+Z01bs&N-)WNf&g;Xud0^xj}b!GeknJKD+gtSF0)`iuV% zS+Jv>yjT`=j9*4VdMcQaPn0cK&suJNZq$Mu4da(_g6XMXM(xjwEXXP?Sdmp9 zBoYpEjQTrK)q8^(`9wm&iuxiwz>bDoo)cNHqJ8FhQ7JkG+Si^Hap)*tiw~g{2d)@M zUk_$vELgF zprf{b7mcI7;jbfv{R}-3|46f=A^kL%kWsLrqJ7K)fR6NJ#LdXqa6!X?j)9z>9ra;F zz1I!Ej)wY%*eGq-(U9&5CS(+hyZ>V(lwii;vrWf9c_3I&v0+EU6&=a17f;A2SW$7o zejdK~|BG6%BR>@jXu*o{RE)6nt6)aP;fk9b-=8r1gtQ35;Ky?+w)kEREmc5crYQOU`53RI}ThikiHPi$QY0Pm8yan z$2(&^?HDNU3Kmps*wJuBKMy}*4MWFxks;uxhGx{;pBrV-J{Zg9fsXdJ=fxp92J#KD z&=#zy_xwSWMMHXHFd?I$Ey00-^44HM#fI^jSmDxVgBkTL63~zon~={6&_3|2s1zOP zZBnt}f`;P^-55PR(9e)wb&Ruu2^j?|>dB{~#D*R9r4}AEq?ZK~>I>r(HtZP6raOX+4Hq;V=oqN?YXdvl zH)3!d7%1Ni7F2B5(Qrja`c^O@qhLin`9LfH8+PRP#+@lxQNI@XHtc9fUk@f^6s)MY zV8?+g29iF{$Y}o>)gS0+T079uszY>ax5YreqGKQ#{1fthe;eJviuQ0!p#vQQ<@3RU ziVZs&uILyynPoSdWhgiPR-6%bG?a%T--?O@R}3Vr&B$1=BE2~V+>DG37c?BmPPJe? zL!bNe2%+M@6$5DxW@Ic_vEhP-104gCABmjLpNqtDh91#LR2;ZsAUzt)$XKwVy+3+- zpd*{p1uM3j<62$OF_7geSaIAGag&7kOvUz+m@_*XlF2lk)9QUnpd)`NR@Q|DCAnGr^3ECgDIovxrN6nsi1!aWx873_~=zu=&Izpgzglr-f ztml+;lMi$Zlol+g*s!DFijL8A<1yVpeaZ78Gj`-({B~4@73l-EbjT0dgR0W! z8QUl0C(m|_UBUwrP(ST9qTLuhI51Fd3Kmps822mt8D&vlE&&b6{hg3e&d?X)CKs$o z--`ZaY`CD|K*u<_Bd%4tGng@6_W#7;%Y%#!7c?B`7?^GeW)v*QH^z`JSdq8q#35GX z_r{aGU`0jy*Z&bUqhp|aC|FRjVMoIi9cc?DWE8BZXWZj|6LDBk-}Yxw6?W81+@lRU z8q%kN3H77Fh8+#*W5I;>{{I<$Mo0dYDUKEG-TygKF;JD*u%Bg-J|0YHdvxtUN8KWB z!;XgZ;b21R+C@iI!G`^;3h5KUg!bTHM`m>754#muQPsC$KWjeuNF*HSsIQ4%INz|N zAwT6*v0^is8q$k{2^r<&Wf59Yao~!9bdKlo-y;DX?T%Og4s;BZJA(xk8+J5Y(UBkh z)5we!ZBa7@%3Fg46&rRmT+xx<7EH(}80KKIWX#C7M{5NY2d)@M`aC0J!FnEAKnqsn z2V;j^u;REYu5L$j=?;wZBEBR-3o14=ckn&33`{J>< zqanRNn2=G>{>i^1qNCpPmnsc*G^95M6EX@`R9vuQ*kq;88<TQLv)of*tu8 z^A{`H7h}_Vprbq$d#M!_2d)@MzY1n#ELgGOf`$Vf1Jl#NjDiIf8+J5Y(UG1BCS(+> zsJLLqfhz`5iZ44eG8U}Za6!X?d~1{_Sdq^Gj1}oq{~@YEM!nyJ#g6e!kEd@1?bC61 zpd(8ts1L>FWW$bOW1T)6%*fbqLBoNLf$1Z`jDiI@#T$LWisrTXII-R8=br1_eZ4&n z7gTK6(Qrk_xWuC0n1Y`HJy^j`CUy3Mvjl-CCfDz-CpUyQX4JMum9VMWD(D+baVg+3qiC_NI)sL%Xy z)PfxiDaBowkWnx`9c`rhgBkhmsH$K^#epjZlJjj3M;izF8S>EV7$|oI3o16`FPjip zvCVNmb~L10g9#Z0E9x2dRb{ba*x#p*2Q!+D@PYhk!v`zs`AEf%hID%{A)}z$_-|-P zM&g9}iKu?Vj`l!spd&x-RRJq14qP$z$dcrnF$ATFd8!i}za%u)OnqD0k|BJW~ z>5gDV#)b5 zsMxTh;fjv*hG0VbT1=7y9oZUIu%bO01MWb_KruQOj90{EN^>wHW5Wdv#~HdrRR=oi zr-BVT>LXFrh8+z_L(|#hCnHNzY)1ZkBowTuIB-1=|1I7KHtc9fKL{pd6s)Lc+zSnK ztjJm`STTG9NDl`yGB#Y$?Bx&ib60O0pFD+TenP-+!PZw-E7uk!vzfoItHc}1v3g3JM~`uSOe5LruE} zI)=FP^&r174hvRPaT}V$106$L`i2s3io=2xRosT=@Ic29m%bT{pTv$kJrT?pe;++f z{}9Y*U$U&Dt#NpuqkbXcHZ=JTbkr|PKvq@3it)vWOR5^KMpDa+_ISh{sPBox4Lh>WZ=8svL(eD1sD1nZFQi25)8+J5Y(UIN|Ovor$QE|bJ^k@v_85tWcXgJU@&bWJB zU3Apu1rYlg`cAwa?r2Eg4JKq1tf;tP$AK#b()WTH84Fe%lSL2%<;B5*iVZs&uIR{m zTCgI&DB=oMR2;ZsAgO*v#)9=ce6y;sq8e8ln!^JfLtOe+kpD4uEd?vui=MBwpxyPX z2%%%#8|y)OOE4p2%zqGZw+1sZHeAqfoS|p_Fhb}UcSb^bWiTUS!vzfoMv4xl7X&lf z>z)+}=%_D_EE{$-)Ej><;;^G3-4slyPe5q zA){bL#RWSKTrrSd9L&gAuwugn4F@^~rk4aW3KrCN>J@g>C*lTdNFTA}B4fh^4F@^~ zrjG_Q3Kmps*wJuBNBUSWA){bL#RWUsYYcC6WE8BZFMDpZfgKImyewGH8T#FS7p;9S zXeHtfbmaTumKCh1IB>;4`gAZOW5J4J`@5(G1LecPf{G108m{O_9|j85s*!Y`CC( zC??o}j&`?OfsXR>Sfy4}9Jpd2-4bNCtYAGuw?*8FiUU^+q}zk?z4$`4qT;|61L^z0 zjEn^;4^1#S6i?WX@6eMZMP`E*?Dbbl}--w+>(3M%sJ4P~sT9>N=TwDa)(`0BEwA$=y8kWsLr z;({FquBe}ib~o&(H){hs8q$k`3GKefa-bvM;e4^8`F)K8%_I6iKOfdV`M)9`Dh^yR zke&!;WYinua&BlyHw6N>x&} z>=Kr2Ss1%g{wWnH6-h`zmJ|I)y|BP6=WsXY4%ae!K?4gk$1cPDAeLp21T=SZ53s-p zakL~$8my?;u%qF?iTnz+prGrf z6XWW&XGds7#fJQHB~Z|9vd(L#b?v#{7l$hCiD5(Dwm$0EB zzfLL&Hc!7D4atO?kgutCg%%}HklzsZ%z}ck#pfI8!@-P<<$M2kq@tqZz(D$bFe76{ z!G;?eI!=s>PsZYwZo!Oh?L0BArPS-qii!>6F0ajg3Or-^q)|Xc$AN)#3ua`jC>YOF zi>hXH!+2s~`9!dyV#AJx11IwETXq!WyZ$5&QIP(7T;+_64L3A&oEVt?DVVWfMa704 z4F^u7e-0*OEZAQC7m*na={3QGj0FW1H|*#*Fpypw%*a?#u;GS=juQjZ>w*~zR#a@* z(Qx2IdVMeNiU`GAb{~EQRz0qvKiTcF<7zt<| zCmkoMm+B46XX5^-=r}Nt9uH<@tSH!ULqo@jf$6isj0GzyHtc9Pa3bx&gp36R6*uhY zI53bt7tF|5QLy2LhK>^h(_aNM7Obe)u%qF?iS*aOgp36R6*uhYI53d@CYX`2qF}=f z4IL*2rq2g67Obe)u%qF?iTu_W&;1hJJ+}jC>s@>Wlt$U0|V(-!HkUNPVP9bdwTwzs1FVKK1%@##?SwARPc)+W5W&2rFNXCFH#E{ zvUOuYLG#&gN4tgxC${U=5@`x10GP2}rLBCS)vV z4=I5Y?e!7YF|gbdtf<(~9#8@&()0dH)Q1f>G<2L8$f{pZkbV+h$YgA|p`qi%!1U8# z#)1_U8+J4tIFZg^LdJrEdd0m(Gf=M3XW|yB=r}Nt9uH<@tSHyvy(&OK*NNlm&R0ih zMa72Z933aNXGcdgq~`<^G8Pn6w5w*ESIBt>md|PnDmLtBIB;HvR-}#-L#1g7GB(`M z&~aiQuTf$_LAS9U*B1NN5n55PVMoJ(6DdV!PsmtMP;tYKjspYf&Y)eV#EJac=)?sT z9R~)|>wSXV3krs}!1NI>g~(_U zI!-Km3_wN4fr0e7U`ED@avi#b78DGXrjI%Y@`Y!`f^t1IT=a$=4avPaAzybb#t-%B zkAfNL(f<}9WNf&hq2t8B^r2wJf)y1Tb~GF~k+xt$#)5*18+LRY7)T!uW@M}=*lyltc>(SXAC-QSVY*0`yzWIMf z2{fc{1rzdTem^p!V0(kPhV;f@LdJrEdhvoNyJ1Iu)MEz)ZTYQe(8V_*bzteiii!<8 z8V;OD+BaP-ef*E27M#f6ifda?P=Doth8+$0+fjBwMaO~skKX)Ikag37g7MRsyXg#O zXc9WkD~q`FGg*)?{^4IlEhyOTd}=fo4awiUn2@i(eu4JxJEBsY z7%%X{lNb8o2{O`u|APo&!wn4`CkCc}3TD*j{$^yxj{I=cyr5t_Po>Xy4rH{uBVWgf z@rC#WMEatiK}>O&#LdVbeo9n@ijD*0zJC|_?hj_9&7aD^h8r3>P7LJtY8ndKU;Q7E z1p~`p2P-Nz>}WV}B3HGbpnfD8v|&fP_-KSWP7Ev`3s$rb#BAy~(cTlabeyQgZV5Zu zg`Vs$@tF57ph-St`j{^Eoey34<x&=^TPJKFVt}C=pT+2oETU>60E4$u%qF? ziR2Qd>tenZ=jb?5?}>S^VMn|8x-2*`UKOL7UTu(((Y_yj+HqoFIf4}x8+J4tI5Bcu zM|xE-BRj`}g8H!j!;W^bKPk?J6ZxL#mjxC13wjp?_4EHSDnPq8-a0x?)VtM;hWrbQ zISQJ;6VtCh7K7!h!HS9vI~wv7PlE*o?cqO+vKUz29jvI>kY5}PUr;a}{kPEv9|~q< zGzlH&l|@|gk^GE|@wGpWxUUBp8*XUmI59ANBbc#ZMa704?c(R&qH!X>BwDbbp#I`1 zQ35;Kb@*n7Xh?4fCXDg4IQ;uyMtj+lqGp_^&ouzp(J=0ey+C?KFe78b4GkS92J!2L{p`gZ6fr zaU$*ib6gQxjaGG>Smu8nCr6fVLAgr2(6wR14GkS9269mh1>1`vt|86Agp36R6;0-j z6Y0Z$68W&84FfaY}nCo;KX=uTxD{pGq&eDInoP)2^k9t>J|5y--|dD zq!;>F6B}-5=r}Pjy(pNmU`54-9SsLgq&b+7v7n%0yeb-$ULDNH*l^h)AxfJ3szKY*wJv{L^^^AdG*{!L4SF?&7NrA`*SA> zPUOG;7m*JI^$Y(~RFCw6sAWdRh8r3>P7F*h3}!4?QL$l1!+{g&MZtuO1qBs1?C3Z! zkmg`U#)^UsH#BtA{%4VZ9oYm~P*C6UJCTYV4P&!!|F9iA>Z7utJro=NjuYcc@x)Ho zZ>Q5!A`5o3dt;B(kze>5dLt-kZ<2r$1MOvz&~c)@RTi8W7a!3eKf|6;KdeD$FIN^P znpd8V69f4bk+7hkt*Xa~ftDko<3xU4OppZy75P<>u%Mtlpcb4MsDBp|X~T~6;BQBB z(Uj;ovE1{2M`m;!7)VPnBV$Fuh8r3>P7F+M2xcr;kzegZD5#IcplsODFuwEjIOTVP z8TmPX9wkuGabO@#!Hj(I64j%iz9+V!8+Npd7e_+JiT3J0ibI?jXvU-Cyhi3eeTowU z?Rm1`MD?#0Hst5W;evwpMrCngAiqEs6tvgGFm{|6Xc9V3u3(D0SZ;=Hj2J$Qm3dSqreJ15#M!tBZEGWo#{(c;yprT3W zIMMERBAgg#s_!__-Yg4F3}iRrf`ak3cE z)2I&>9R~)|JA)Y+E6R2F(m2P0g8EnS@Y=AWVSGO(a5{n+{R4jYmXMzB^v0(~&Dd~5L%%`~-4P+2$dCM1oCpOK`E8M~pkPdT=x#lPeDQW!P*9U= z!;W?#q2okepBg1l(Q#lP-4`@{&~aY9@tXe-hd42i*GOGZu)XMMQ4DDgCS)uqsJLNA z$AN+L;$TKbdmt+9IFaA<)Tjy-9R~)|n}ht|9gzhERosS#^p;>k#)5YL9Z?m|EA;;O zd}CnwK(L}>!;XdnC(;Ll3C$@x&MTz)ah>Si2(75tkPY{Og7KW+j;ajpjErWuJI-t1 z6-#doGB(`M(2?)EBPvBfTOzLG#6UAp9VhDB-6`17kafg@g7GX(d$y(_U;NFJBMS=h z<1zUc6jXE^7)YNDW@M}=*P)?ZP%u=V^u~;Q;X~d91=**+%f&067ICQPI53c28O+F7 zQLy2LhK>^h`GNQ(WAoPBV$EDd&wV0W}FxgSjQiI!@6ZQ0wU`GB}oP0q+{j$v+@{6x$s7WZ)zW6VrDm1;; zF|JO0R)khmY}nCo;6!?MFd<_>`$U|w<3##otSU1yHr&wAabjS)1v3_`NUx9Sld<83 zhK>^hS&uI$SKphW=^>L9{Uxz^KQXYpG+0rwVMoJ(6X|8agp36R6*uhYIM6;7A0>92 z7+XC3(uaeLq1)3-f*I}We;%1JuzVv}QL$l1!+{g22NNqvOCp`eraAV@1J+ z8yY%J3{2k&W-M5dKd!S;&`h(A6T?JLuLx#jG-KIuVqp1Hu%cqaj)ns#(q9G>>W5-_ zZ`e`AZP?L}J{?TRSWr-L!;X#vZHuZpPNdg8EgFuD4L3A&oEVs1AIw;=qGH32b{%FR zq*nzKG8Pn6+_0nLz(9I+Fe9T`*E&utUyH@4qT|3o`g$-UV?{x;UUi(P_rxu27 zgp36R70sA;oL5ML2A0{bI!@Z!OqT|3o^30o& zv7%guH{FSX_B#7#oER6Hmfo(BsBer>*s!A^y(yTGv7n%$eKTtAI5EB+532MHPpj`g zIWnW5{wOBMhKBS+Fd<_>LB$O_It~n^9|!ppPmK~NsOUH_kUkl-@7@s!IMLp!pK)S& z;lGIrFkbIlynB3$hwVNCg@$y0Fd=^{YFSXwe;oZhu>3@~qhiC3h65+EW-KVkKaIEr z6&(i#(izOiSW(cv0j(l3G;85?eB=r}PhzT}4ZvKs>9adYFd<_6M-{vblgSg@jX`v{yE z&-=5;{QMwe!wn4`CkCb$1Tz+_sMxTh;lPRX!eBzif`WQ+S4`FoI~vlnf(hdpzZr+m z3}&=<#6WeNsLzZn8yb?b(^X564=1)~$bux_gsg%E1;gh8>AAs-e4*@uf_i5Z+t85I zH(`0v(<2KiIt~n^Ihc{LqF}=f4IL*2rWXe@7Obe)(BAH2Ih+`;j2V$~Fe78b4GkS9 z2J+`Ecqquvi{4#OFg|8temuz7aJvp4(IqGtFVbtXUPDIvOeA!i$nSh=lt4wtfr0d{ zAU}3TWI@3w5trT(%*be;z9Y)w#IVgvuXJ8ybX$#quWGq+c@jD`fg8CINNvOY!hvtSIt^8rM04D~PcLXac zHtc8@UyS-XPK>X5pnWYE?|*89J`l{v*l$; zpnmaBA^|%ZQVS+zEGVeBVMoV-f%K(dM#hSA9sbQ7Q40!&@kp;SJjfU?x9YvZ`iJI< zI!;ubvtjvOjDA5y$AN+5M>R7tR+Q`Tdqy7x?M+XMvN$oYyg67=v0+EUffMO1!Gw$j z1r_ZzaSwK!$RB)aWI;hi$AN+LNRYpyeJJRkjTep+1Ir$)sMxTh;lPRXxnM&6mikbT z-y7#xP*BlvU?A0?eg2L}zj7756O~}`(cZFUZnHLmPRc+YOkX|257_uZc?2Jv^j)rtk zFrmIyDt1)2?uH!=>Cs?9#&U&T7nv6nG;tj#29^&6D=Ib&nbYfo8Jin>M??CnU_!=% zf{GhL$;C{OVXT78F!;92iKi31(!hDA;gAL&u4M z>9xU(1uL3IR>z6$H8Br%G$fOCLjJZT7v&0l;V&YDijD&V>5IXPj1>hNZfNK@F)+1Y z#)1_U8+J4tIFY^-OvqSJP;tYKjspYf%fXC{6$Kk^Xy`aGFnuMMv0z2Th8+zDPNc5} z6EYSQRNSzm zGcq>Z(9kbDIZq5M-wjq&Y}nCo;KcBpPVe%>#_)7WpATkaY`CGJMZu%cqaj)ns#(r1DR84C(3ZrG8xKaErrF8*MQ85?eB=r}P@?}O{G<2L8 zn4TTXSg@jE!;XdnC(?6*2^k9tDsI@(abO@#!HkR*1siT?=r}Pj-5tzWu%cqaj)ns# z(sP3e84C(3#>4SL&GhbIMtd+mgYP&ousjs3sMs)m9Y6U>=?|h9n$^4GM9Y5hh7$wX zPG&(t|8?Ar155hzs2&v?b~GF~k?ss8WGpDCxM4@ffr0dlU`ED@f(w{IFOLd&rCseP9ox+A4 z?c!r`qK<+5HLEBJ@>dP7F*wPMELH z6tJSb+vlP;x_DPNJ>n|U(#VH$RCd-Z9zdr$AN+LiC{*? zih>O{jK8zb`FSv7_(CB)KbTQp6zAR0kmg`QliG1!`NVBk0+NPLs4s{t8+P>cM{y1; zcLpmeHtc9Pa3cB1*Mxli`0EP2FsfQmkRN(#9HOG*z(6v{L%#H)U`Be4XB0Nv(9m&W zTyZjYoM`4o$GE0SiO`CQ?F!A2Z^Mpm^aqwN1uH5x>}WV}A|FqV%qVD6TzSX9a(A$z zV#AJx11HjRg9#bS75c%GBZPwLd*=-e>49KE{-Jy*sNyy>qz8iu&C{>ryq<&A9giIi z`H0j71j-l^&JYk?J2r zK4dIdufwlIcP=Q%pVG0YXyQ6f3~}i%gM9JTh+9z5y@Z??*E`9_BDA7nL%Z_f#1NN0 z9%O8|p`jyx?T$DH3YznF4Afuzt0;yY?ZH2cR17Q+1uH5x>}WV}BE2n`u*|W~E~w}@ zFpypx%*a?#u;GS=juQiuU&_wc&tcsEmrRx4e9N{gp36R6*uhYIM99>SKcwO{3=*cv0+EUffH#26EYUGDH_>vUZDr0 z`hn%4U`54-9SsLgB$qHDKR0SwP%u6jy_RmljPZ9d-0A1RjCOx~*w8VsJP@p?*s!DF zz=`B@iwXJq1mg;+c|k#KK2yaq{%gdcqT|3o`uku;#)^UsH#Bsd7?}Pcn6Y3*#fBXX z2Tr7a3?^hOD5z+U{Arv6C&o{HFG~D0n6Z2?rc^;Qn>x;GUd{0WvtdU=zB^JE6x92E zC$eBiLw?+20tNZKzZHkbpOJuq_Dauv3}ka-K|y}*Q{xa79R~)|^Ma-Y9Vf;YV?2^U zsZYdZZP>4n%==XW>G{EgjO7ZIm|P1ADmo4fq;~`}GFB99xM92{9uDc=U`BiH9U2~- z7*jk9)7_qk*lF={Qjzj>pM{9ql@NRb1eXhV<%SLdJrE ziuUrDtQ{xv6H)1cf@=S~U7Kj6hk^-BYR8GR{C4ye3Mw|_Z<>xM7(UQQ?+G$C+|baG z9*;rJ*l`z8%aM zKl+z(_(V|4e~JpwklqnY$XKqBvI`2vH{za2J(y7^AGlygL%KVdkiYsHQ5FT`CmR0K zpgHU~QN?Xng7$TsXd2luzTtzO?t>omcm96FVR=`uqGH32h65++ccQ)xJL-?4(hY5n zMYZEZdX9!;!wn4`CkE{wzYs*l^h)ANHF?HB(dQgI?Z|KCI{D9FEzxCI5{^U*oUUnt3s z{zfFApnl3e0y`SUx8fO)z8%cS*l+t#J5DMy~Be0`gJTDSD zPSk&jYum7+p})uXWf)lA8?30N@f*~$_P!?n~ z2_5H^MO=DB7UT;ZyP#ZMEH3$@b2Bo=_v6ab5zJVgWf?}tfr0ewpuPG}A_3}WV}UWfO)iE*NRA+|jo1Nni7TTrgh3w}T9L&t%E^ul09#)^WbSjUO_ z#i(>cyEy(+q~gTD@`GSS#fJQ=*e)z6$ZwCnT2N5Gr&81(#+tLCA^j+rFn$#GTYAEs zhx$Y;UmJD|{}Ft8#FWB@8yY(552BV04N3JA#t+r3`WgAP|3fql1>>Ks1L-rtjEofp8*XUmI5Doc z*F~RpoEV?|?Wk%GW@My?V`G@H;f98e6XW7EZhvdsP|cDJ4e5zs!uW}NKa~&l33Cz+ z>Bqr@j0Ho!r1}}lk0P$1qT|3oQp@7ND-xJriprD#Q8`|sRu;aw|oa_B7mydiQ zVL`dFTwNmHjEwEBKaIgdLwZ&)A!9*7#SJ?;4h*Dc2QxBO6x9D7cj$&4-6T9Qt~vRk z2(75tu%qF?iL?b1G8VLdR3FYOB<{qxvV1r~D=IeZXgF{peI%HWv0(gDRGR)dn6Z?n z$HkzcKq#P;sE5qC7C_XHC%78KMg?ysY&1qJ!ucy=!+sOUH_ zklq^1$Y|-0BMVNncf~yII5Dt19IU9=kY5)pC>U>jdepoIGcq>Z(9o~Y`~Tkv;Y9vS zu%Mu#o^+HbAt&P3koW3*wJyIIc3L*cBetcd4+xv+msUn%P)f!6&w1G>|ZdjJQ1v@*s!DF zz=`zZU_!=%f{GhQalabO_5GRXdI_=1A`ncs**6y&$WzIZ`J$AN)#Z!jZcML~Nk%66QnpZndo z1T>_-3MOQ!3kuRt<9ahT+|bZ*Vq9^W)^Vb$YC}W%>tI5@D|V3!3bqgZd1OJ_f(aQ5 z3My{c(Q#lPeK?qrv7%tZ4GkS92Bwb$GZw6<*s!DFz=`~LT-Jhu`sLUIZ)g}^3zB`< zjPahB&*{CUH#XeR&~aiQ+lwwJ*RIqXOZs6jBV)r24ISfW?zg{lzoCCD2KmIm^6_9r z#fBXX2Ts%{;(5MdM?>)nkl*1D1^N5Y2MgNET_8>jEUySwRBYJMaNtCG zWiVkh-RVyd%&2D0hKBSv!G!#5%|JnZ6sVK}E-bfn>hS$XHQOUmvaCuw!|5j7&jA z$AN+Lo?u4Cih>O{jK9^YpJ^4w&#k+^2(p9)1zEy^{(~rXVqp1Uu%cqaj)ns#>b-vu zso2q8YPfNt{(~1Hw3kW1i6JiiqXg~iIMMEkPpmsm3@pzIR#a@*(Qx2I{>p!i%qXbn zI53dD8qCO8QLy2LhK>^h)7OF-3szKY*wJv{MEZI#A!9+i$DM)`%L5TtP|DG3H#Bsd7?{2l%xFJ}ZB)mJ<*m^}1r;3!2GSbL$XHRZ;f98e69ajTDY~Gbz44DD z3r-9yZwgjaY}nCo;6!?JFrj|I3072W*wJv{M7lSakg=ekqWvO% zO4Bj0{4!WkzoiA((R6#qiGk&TU`54-9S!5#Q7nBYm@yu1hK>^h(|dv$ z3szKY*wJv{M0#&9A!9*7#SJ_1>8?P*aJ}hQLB@s~>UX2z8+J5zRL6;d<*mVriVZs& z4xC79FkyTzs!HDvX4IcQEs9}BL;6K9A!9*7#SJ?;4h*DU2K9(aH|$sFM=`l}G^8hj z2^k9tDsI>@eh?L;9|kk>h~8LG(Q#lrA>WVXL;l!bL_QQ`dxixC`FpV`UrZ(9m&WV6xAd(cT=lU&o1j|G$muQ80dJqy8g%bZoexp(D@Qhk|66J0oMkit$f> z5vl(i%*Zc}%nJ&}-`f<~8ReHqKtcU(Y`{0{Xh`1+CiH5vje+HT!HS9vI~oq0Nbe6O zWGrY}-*KY;;4h*A>}W_o3?^hOD5$t$N5_HY+B#0uZ^ygKhIZisJ5G%6#8{^91~W1? z+|baGZ7&y;Yon@8zRVc{$NpXmRao2x|3Z4~YY`CGJSjY7R^{uu_3=I@+~N+ z&-nM+7c``21{0dpj`IqA&?<`Mkzhr|h8+zDPUIK6KosO>#>p2{bQ~B+cLnX2?ggA! z9*tTmIt~n^4+S$aRunAn6hcMEfq~?E;u#q$3hKvVR5$FXZ#Jsfk$?8TM$PDd`;=%J z1{U9%uc+8C{wZEJ(?16@29nC?7zi{P_EE3{xm|U z=r}Nto*B%@SW&RyhK7z41Jhl>jBedMF|K9!0})zLv0+EUffLEM%@gwVy))`Be=|y8 zN1lxg3hF<^jM&hS{xO)4v7n%$DbaBv|NJSD1r;3!29p2QF2DOpkp%_y#pVHaG~~BG zIkKQ&+!@b+^o$_CKc>Zkf_h)nx1k~3A55t4i_{G}@)~gqDmsqq@a|XyH#DT@1`~$r z(+7eXxo8jy(x>8SKO?_W0t(V!N1QeuCOF(|N1QgU~ddMNaO#%wiqrN%Ah8r3> z@;hWkLDMY;}vpddZwycqs}y7b~;M#hF48ahr4Il@1%D5{w z>}W_in21hK{lRyU6E1LY}exIxcHRLrT9Jmw^2FKZ%-AP|5 zdSftQEb#zJZwO}8H$~irhVWf2n?GW*qal4Mn2@ocpyGxd9S2&CS~^ZFKlneQ1S&cX z45S|hGcr~b)K|yGVZ)B)2??m^I53d>74sPxD+=oC)Pfyd%_jzy9|bEaHtc9PaALeB z%BI%_GxFmxSr-)4x5gCM(2&+(LVZh2h7CKasj{IV-5X38CQW*CFrzBFp&{KDOvv{} z>Vkr*?1qNq-^91@Gcq>Z(9m&WTyg%#$By&*zaKxMdhBQyuayNS(%X#;G8U|8uaOTY z(%T|#M#h5mI+VJgT=^c74;c&A>+lm#k3$q}KaZKSqapnwn2@ocpyGxd9S5@3FDTe* z%3zY3?eoz&I~vj#f(aQ53M$5@|8rz{ESQn+aSjyJzcCZh(EYRA6XW_nz)`ok)=qM|nwq_7R&Pi3RLnA9k?pO|XM~*g;aHzz$XoJJ`W~eqZFl z_1PG7%wRC(zV3Vfp*CTFUv;|`Ac8;k53~sp64dLp<}~Oqc)+qRSew8@h7Bq-=rF*a z@(ooA5eAjoal(Ozns}Ck4(Ur3%TS<#eI*v~5FkQ=LGSGn;h<7!gAQYIgL-c_3I~H? z_O)=}A;Sh08gv*lj+z^ENXM(@3ure-_>S=4)p_F^BN2YABq(cWGGN!hYslo zEom7Fq$@c?p@Ll{7Vuqd1c;D`%TS<#MX`W?kIWFEJ#?sg1>s?_LV^tA!XK&ZMZ!UT zP;nKE5)1fQ7V53sra+&ej~NFH2%m@*5@aY)VTTSrbBhBJa@I;ypn}~l7Vr=tLYi^6 zP!=NOtCdiof?XpP@DLzEnwuY~@dOQa7-00?frk|$RCacQK6m?_KT(rVU|gk|Eea1A zHmJ~`!+;cY4rVA|*DB6|hYTB3XwYFm`dnAe3RN*i1HzYLg#;N2RM?@zV0zo7 z!a?|4aS;+U*kOQCvjYz+M5ynxU!X%iLiZ6B>`1YIhX4^0Y*3)V4g>5c;lRTR5i)F0 zp+ScM%hAF?fE5yCC{V#4_futo2=>UKih~RrRA@7F<$qBK`V8?$YB~%EzYr@V$WWld z4jt^5VgU~UQdFfG3N+$6jG5(E3ayYJLxBoAbg+}e0v-a?kG`q;pwG}_8q9$3xL6@U z2Jdxw3J@Vbs<;Y9i3R*D3+W=JEflajG#wpy$gn|$1|0_YqqL+2h+sD;&Vh#v8&qh} zVa&L@b-&S|L%v=K1u9q)3wQ_+A%Q)sh0H^S4JtI~FkpF3I0&#pf(!*J?9k`thu>5! z(80f}$rT_%I-h+7Wrl81UkX&PTg3t%0z^nq=SmG7{LonzAVGs22H2;o_r`m)F={j{hLj^k^7Vr=tLV|HF)8{#5i&K`S^aNm2s{LckYIxX4R#oh{a7_WE*yk%s4_!?9R?U@=(vDg zcOg3w>^61RfrktmRA|s)fc;t(c*w9pg$DkUZ>n*KQ18&n(4a%QQx#;WV0VcHJOqf4 zW*j>#K%AjnqfF3XhXMAwaNuEu2pKjQ2mgceT`wH8E7g|);VQ90f(!*J?9joYSinPo z2njYQP#JWC4)%r`ci+OmhFFI>3<#fz6%u49P+^A-`9_Vrg54w*@DLzEf;x8zbg-A%_uwJJ1{E4~ z7_hKpxVdh?3d#Lc#h^faLs!!V9V!>sHm|iu{!jGd<*!{wRhsrT(&>`LQCu$c8)CqTZ4LTSP zQx5#6DiI(;;-Mi!feMXT+~-t=@RnF1L52bq#yz@3+r7fUxRKu9MDHQpr{k8PKn1&B zEa1POFA$-zye>SFx%pfM<8pd`g>c}X`nF2IpnAKRhG0BI%?}F)9x`k&ZYA?=WCs7P zIvyZGf(APbur3^UsE6|e2_5`9hpGaIkf6a11MFSl>3x6*>1GZT)X9-l3Vnv&S3?~J zgb&0D2{II@utNvqozViGS^`8EO^>SfBG0QwXtP0w!HDcV;lM+N4JtI~FkqoWZuSaR z$Zv}R73>|cfQJAP5^PYQ!47pEbLca43TGY+2&ak_5@aY)VTTUp#R47z)Gt+OgAU{9 zzf-w}N?B2$9{<0U89EFICx{ht z`;qcN1$$8};2}VS1RE4+u)_d*NjUJZLY$inIzXJE*AG<)5;WLhfW0BA{c|Ni2RrYN zRWo=9u)?^43)+=j+F<;a3U=YZLxv41G)Qmj?R16$>9XI~CKO0lYjBgQzf8-|6Bx! zU`ObnIPj2Rg9;5g3|Nj74g#!@AVYx)J9Mz4!~z}yL`ZY-kMHmJ}bT|x;cGt?AU zpn|<97Vr=tT|)^d(1`0WW|o%}S|LG(ajo*%b;3b=Q*j*zgtx>B3Gxixq-+5S~_Cgai$C7+}v3x|9-^Q34Vdkql*CPQbW;FW~RgvrB*onFYzKsY}|2Ycv~Z~cZ35wzd8tgE@yl~*5a*P`E8R}Z<2ZZ;;3JEe4sIWr^dtWTzAsxLr< zd@+yuV5?ZbLx2bgHYm_whsuZ=bg0bd2L3)y1Bfsl)K{eKA>kpz1{E6E1**@1hYTB3 zXwYFyF4RTSE)ovHaX(fkp}`IV?0Dh8!#MLtiaSd<7^mrKWv2@V<2+X2^I3txU!v9m zBxtb10J~H;@Q~ip@G}&s=jrQH4F-hs#R>^B)Lr=+bVv_suVrXA{*B^bK)6Y)kRU_d z|0`uhhsrtFU_eM>g#>wqKBZkK(B9Ex=rAC>D^^I5p+JQlI*dfjYUIve3bI9qs@T z>Z9LQDtH#l01?t7ip$`S;Dm(;Y1JZ~p+JT7u1aJmFp7#9l~&f>1|2*J0V?NygFaUQ zmg^n*|5>;dvUkJ+4l0c|=(8LA@%;>gaoBspLA^n5z#9w*H;NT1sSP@$$JC7sgY(TU z;LL-;8D*CV4;eP7(4fNrf0Q~DAi`J=YOKq7lebh=sMkDK=_$hAwh-$6?W)g z$BG3!1c;Dee5p~|SHeN#LeOE%>%s>Lt&ku?feJfxun)xo9>NSA`Avl&LOcFD$_xYQ zjDrs04h9Vg8tgE@?i3C@tPtnsQ}Rabv1*0_BkAeHZV(@J61RttK#eu;jdN414J0d{;?8{6AnC#qbYj~ zWg%UpVj0?3I*c6#gs;U42{II@utNtkU3M1m5N7DBzf}k#m}$@sJY?9QLW2$imcxXD z04pTOP@uvN9qe$ifQJAP(%igND?@|?4R#n{w+ROxR)~;cgL;h)ZG%2Tk7y=#7!ZnB zAwh-$6?W*5j?>Q0P@w(dhf06};g@2C1Q`lc*r9{{N-W?ZK!gPKV%-2W=#Xz#?+aA0 zTf_n$0z^o#L4gK4_^UPO0C9#M)i@#~Xt2WodrUa+utJ1!yvA!M2nTkOdg{PKh7Bq- z=rCY8SvUx=LV^qh>WsUD@j?NA(@#_aA|%f4JWp}3W5fdfsNYvUh>#ZYK?VDnSfC!Q z)CL_AWiwPTGA}Tw#mM4jKFa1<0obwRgLI6tWGGNMR~vMw{1>+k2Gj??p-t#8-q7M^ zZwdzRPTZ_y-ps3bJ#5Dxr5 z$_xn_>@dI%3eRt@1&EM|D^S7sMYaX}{FSyDDq2MYL>RZ~oVMG9hYTB}mE8#i#uY4w zR|*FnGHg(x!MK(|U&o-Kp7awXz<_YFSRp}%0u^@XV5f)$JOqf4V1okn>3>r7&>`LM zzf>s{s9-mW1w4cqI#0Jp0V1UL{*8)(=Rcnd5MjLiT~+XoaNr@s1{KyOr5N;7GB*;*p!VVpb{}6G3al7V_-60%|UwlWKzZ4EU z)S%aB4LbO9MSuvEEDbsg@IU_-$^sG6<$7z7p+E(@LM-4RK!gP2fYuE=C>+>t2!V$T z8&qh}VZc&_g8(Ze$WWld4jt?%v4DpF5fW@rpfZ>SeGcoD|ENl#Km~hMEKrZ;ssSD9 zDSxI-=rF*O5Fo;^KUM{Y2?rk1`$nXBCvOopnKTcer-lu)lphG=dd$K`?0sej^1c=}d{+%`c{@!v+-^bQrLFDI5e?Awh-$6-M~3YCcyuNS~@#8R~ies7j%Oz5D+v3wX$| zL4`I$m#e-89qL(ZLJb;QgATT9+O7~GL4Np$>J?P5N5ldi0z^o#L4gK446q^`c&L~C zow7g&PvZgN3_bAgR238$92q-IIA}?C9vudR8^j6;G8Cw=LkGK2EZ{%+A1VeB>}=t{ zLxv41H0Us3IY&4MutI_i1uE>&!Gc)8Lx2bg>dD_w8_*&DOam-X!GErO6(B;p^S>w` z3@dJi6AnDA5a;F_ z3>qSg(=_Ysbm725h7Bq-@MryV6@v)rhX1I1P@qD(f;cEp!LAew`1e_)A%cH^r3xY> zXt2Wodyo+O#rO`rgYhM|OkZ)!1o=AET%dv-5DWOD=q^MU{Ls->;lM*Bp+TQnh_g$` z0)BF|QUgTDd>6Jr1?yq~4*@Fq8uS?=uEUsF-cx9W1R3hpJaj?5|Nm16I*e-+XV(h< zpf&?U@Yg9WKz&G?4LYO)ip$_1(Pn@M_VwRuSl}VU1{E4~7_gX5Ne2N|s86bv1|96I zpC}7>$gn|$1|0@0XA1`bR!EScK!qJT*g0YW4*}|9|4lVR2RmAG*MWx&8&qh}VZd^X za1daH1Q`lc*r9_hVgU~UBBV)C4>A;J<$tOe3@IFHph05DRz+5Fx<^ z1sd#7ALqD1pP_R(Q(!RWb>X0% z&bk48hK|zPfDQw~(PD)J846U`p+mZhwG#^1aq74O4;eP7(4fPB<#^#BzzPX66sWL6 z2RlJ5;2}VS1RE4+u)_d5Q8@50Hr)i;eZoOIoWa0=aD-SPL52bqcIYr}W4u{7$k%Fl zC{V$!6AO3<5Fx<^1sd!yz*wpr__=aj%Ol=(!a+Dv?M6t@V21(5adY5dg$U_(`UeFn z4_ys9_{aWGHA8~>$TyS<9qL(%YcQbl=YAS=@F)C%%0h%R`BJ^lP#}G+N39G6DwzGL zb`JPcRZD;fg9_|K;lM-vTD3IjkSLa+Km|KYEKsSXL5E5O4LXd;VVeAQIHv(5ie)IX z0xj?5kZ$}FWrhM3d{ILIBBZmmn=(}JkCF-z#yN_!Kmz2$^*~ghf*m0i z@DLzEf(;5Z*rC3!g|?q;D!wL~HY*0U>HRw?J zt5*#=_$O!s68Lwt!vaJY{FNZ%_b=1AKT@Sop!L5|1u!7ICss(1p+JQlI{4$M9wLlN z^?aA4-v47&3LWYv|D;XmFdz)ELV^qhD(uj~J{1di2oNDn-urXj`zF#f>T3K0_6aXKp;c*w9pg$5l4EXNB6 z0ai$mp+JQ(v~Jj^!hxsp01@&D-_a1Dga7#7DitEwHM)y*;32~X6&iFHuv{w~1X!WI ztf%7!9qdb1YVeR@g9;5g3|PJr4g#!@AVYx)J9MzG#R47zL`YEif07z>NW5vwP@sa{ zBNp%wAVPu-3N+ZEzN4MkphM!U$l%}AW`GF!O1;W1P{FPe3wQ_+AwfN#lLcdgux}oSd2W> zOBC0jgMZ=M$_xqei~mxs!5IHq#Xc1dJlL7+FtA7el|m3c{#})Y4E1omb#BlheL$s9 zVLbVNsqAlr1G|b^AU`20*ei!94g%Qrd)kCBLx+7sA&6iLRYBV50Tifn(-;hd=k?bm zA|x=Q7_|6r)KeH>ul|)1z(a%t8x&};!vK2?F8+>+frkJq*nd)|j#fJb{MWyuM2L{T zrhAZHQEG+)^#Kj7K?ie+Yj^*dHerCfM|fBvLW2$i+`YoX3K8tA?c_R+;l}tfsu+Px5zpEy}o)h6JB_znOfzxgnr;+1y z;lRVH_;j%X846Tr*J&pYa0i5k6(Zy-=nmMTUE?84PNZqbuz}s9d>-;c6oYp6KU3%^ z8iEdEZa%CNWPm*aSN}`(0PGq(4JHOIt*~n3lA$q2#@^V>Lg^? zz>4q?V1)()>`}2mt~3ex6!oP*rY{xjR5}UaF=bAWVS{kLMwB2!dt7k??AKxedq4>u z0%YPUG}ve8NreX3Z^Qx_Dm2)^o)R7ctdO4;6&maio)HN$Y+%m{4*}N6548LAN&4jT z7(4iPwVDQqkRYE=DhxKQ3kM$3vm!%*IycXu1dO*7XKxD!9_(@@IH*+6pu>P1DGTX6 zHlaX;@GH%%2np;Y;lP721P6`H4g;3&sldq!WGGM}-m7_=&Lsf~R0tP}2x*4yQ@(MF zHtkm7z(YP;jTNwWbkaERVE1XUaNr?Af(;5Z*kOR(52yV*6$1|eRzpg@Bi2H2Bujw*HFA;1du;vtHI0O?n(ZBU^-t!X^Ko*{Iq;>-&V=}eKK zLU@e|AcLL2!U37Zx`Lfg9E7`AY9PY~{vQ;-Q3>S9MVy>q;33|lqm!wmf>Wt{r;1l- zutR=6E;lM+qmJS2l>B7Sb5z>EGwlj25?l8dK(UsXjctn#qLIP{wR|0s5kYIxX z4R#n{FN*w%=3Rjb4R$cE8Q>wn3U)7(5ArG6tk7Vep)dbHHG_R67I2WSXQn~pMsUo# z!B-V>cQFsIAr~u$A#1A|Qw%!fW2gecoiuP2c_BZk zMk_SPjzK_!9qc&e^U$7GmI3wxnTe~Axs=y=J@?x26&i$FRY8Ib+YFscX0V5a2Rn}t zWHu|bpb7@qxzu-uDi~m#i3`{x6a&6#oX@5x}9!G58l9>T;alpsS@DLaZ?42?Pn z6tF8;8=z5gfc+9a(*g7lV1)>o)Cvv4)w)h5$gn~9ToX1yh7H;mVt{=q7RX0a6*RD$ ze@{(90OP*SLx8r60romvN@fU<&tb2CfuEt1RH=sm7Dxd5P!)Ix&^{3ZY>32jO@=Z< zOxOwy>_jSs0PT9k4X^}--3g5grp>#(s>^YM4g=DcB13@+`(G&VwE_(~j2TjVGIcCN zfeL+IlCLEJ3REywZa3LD4d(guF!`WBh4d-|g#ztb9g+?MZ25s|0S^%pY*3)V4g>6G zA}3uM3sh*ZPyUib?V}0}!f)vXWUxy#cRU1G!8mR1bIS_3fQZ35bO=@J`Vx%u^LE)20Pdh!b5-+8Vs-_#R3^BG}s~hit$69yvxpo zHeqoXU>^aO1P@_e99XkGgt>aZrg3-(lUErVWY`$;i5zy|J1h1Y*K=6474@m7(lB%w zbMt$Ozl(V2Fy`h5>c#;35KdFA9_(~NU{`2>9s;b8?^osuZE~%;Ho&eE;c{h3kYNLR zPjk>ifOUo*Pz4F{gmx?NYoPfum8#HS2fKt-5i(S;k2uDVdHGYIp2bL^!Z^wUnO9hKzQ_8AenAF%Pw=eSyZSt^szR$j^%k4Z?FOmLP+jrPe$IXzww2u=gQq;(JNpdb1=bv%e0322$wSGFd%Z@m!486LxBp72NQpeMjIePnp~k!h5{8DS2cf& zLIEPA$=wQNC{SUjqo#S;yw>mz1MGvpRzJZ*gajKDXt2Wo`w*_w<;;PH04wAV*%y#6 zQ}qQZ_>X@_`5=OQ&i;Y$j1F~#1a_FJcis5j zkeMt6>>=$32OjLHztSdnh>&1|0u6Q;U{Axj8odJ#0anPQ7O2o+!19c65MYG_85(6f z46yUW0-5<<=A^$u2ik#$e4GwUfeIZ4EXNB60ai$mC;S}cGgTZRL52?EzS*|Lt zpc-@-P&pqPbjT-hIKlHQ86bl3K@&760e#6)+xLm-z^*cE(}KW`_$0e)7KR3=qMer-T3z z5>yfzbl9|7IBvD=b9N=`&{QvhXMA5SRknv`BQbEfd8Ii z&d?At6sU7kx%lObtPwF)g2GteVi3@I4N;%as@b5!0Ap`D@K;j_ zL`ZX!re0V10)y+I1>wL$=C~9{$Fm6qDy(`n;{A73FGQ#p|G7E=9R|2ncvvBVsp*a8 z>3#wKsQMcqLYfqXG8Cu~=UAzuL5BhE65(Nm2!+f}?Q~Ajaf~``i*Vp!Xb0B=3N+|2 zz__9qXOn|=7PoO=XLB0|<9hNX;lNKWQz$@$1YYeMli7iPSc3=Lb)b&z-z%}`+Qs={6q4)SSQH40R) z?fXgq4-pbJaFf(;5Z*kOQi*J0dEIPef)g~n|` zhXL+v;bDac4LS^P=LiogL~!%X*`=Cm846VJTtWjxNKpT?>eOe~$IfLsfW7xEg}{S7 zqJ!bULxcny6lk!+04s2&#^k_5fEBtL8~SA0Dzm}A((0y<)2HofvcrIUyQ(Tsp~HaX z4&flc3JLOzJ6R1yNRVNhq1RPufeLn~N;vQkA;AU(8tgE@?t)WPp92p8*14$>1btS0 zqCR%J)@%;}R%rK&0rr4cpph`Z?jR1@uDh=R_PSWWLA#aAV7HMOG6{92!VVomR%(I_ z+YC{Coo&Dl;ZBht!v=Pj@DN~y1_SJFu|Pg3Dm2(3lTe|-4&fe=Aj1aX4Rta>h7HQx zWLOm%>|pl_4*^zaFu*pkK!yqpb_n;01Q|9kj)I2(EAZEJD?g!b&|%CUSo5=Q2lhH4 z$Y+THb}ezx___K3drmA6PS@%bAwj-~VqhO?5<2jZAJc+ephAZM%j3d9fE5yCXwPYt z?J&Te7YpR4RcV0=`6kWX0u?$8SZ)>$0<4fAgTGPBZ-6*Mztn7xkRZbb#*T21-=bZp zVE3pN2Oc6M*q}gz9R}FFBA=>C3sh*ZLwH-2Mo5s!T%baS0m~*F1Xv+Ko^f7PMM#ig z0}G4;^1G_OKm~hHWgU2kkYIxX4R#n{4~cxbDlJfaejEZ`tRg$6rx2v>^) z88#?j*9Z>*R*2AGfL$vVaFC%wgB?1A>qLSK8x*hu!b5-+A~YCa2gL#oGE``=Lx*s^ zNRVNJ0+xh_04qeuyw0r9ZrA1jyF)DCAVY-)J9G$liUb)pC}4L94*^z)&|rYwEf#Q) zp+bWlI)r;ff(#oJuzQ7v04qdjFu*pkfP)Mb8tl*^+$R!b*r0&jFFXWTA%gw-_mltu zDi_ixv~(uOuuT+SxUgQp)P(#X*`a~)-760PR%joJ0rrttpnP9N59ltjz`S`@jOkR` zNqLQz#9-Ge*+D0sK!JRa5acVqr4UreC#jAC6*>%9P8JRVtdJl>y@%n}mk|D@158z-|@`ILJ_;!44h5Eh0gN4GP$;!b5-+A~YCaw}}NDWT?3Dj5+Kc*TW`_apCE;O(2n{+6a4!oFD@16}VSsx@cvvAq{el}d z=rF)C69vZ0%p1PD?B-XQR~BfM!MrUaP$1t- z2<)nFDF=ASr>aze3LOS4UN{J_LV`TwOgkt-f(+Y?Qx2mY2cc{7CdjZsnJ8PMG8URT zR~xXR3?2fk5TS8N8}qvMfI^&mp)mn!Ej$wINAwuRcHkjGf(;5Z*kOR(Ao%T5J3==v z9`fUds99)}i*zss*u`Q22jL>Ub4`$8gK)cMd4de#RyHBSrgr!r>GPvpE}_8=N%3~J zj(~&47vBdMH);7{3P6J$GT#L+5I)dmf(#qjJq!o(+p3^K1LJG^9_$KQgG|0UGqYL1 z?j;}CmE?oWW`%qe`M};)r5*y(rkbMnQwm=sL)}+@_=vWuKxiV0`u8 zL1vHFx!dn26)JDm8}#{(9r9Hqfbm;4esZG{0z^oV|C8FDKXJHMTMj&IitqEA8ctgQ zA|$BfXwYFmAoJj7Eq1wZ;34y4pY($6Kr$4lU>7nd$nWc57pP#5=^#4r5Fx<^1sd!y zz#bR*EFI?p6&mc2X`?{+K-EV`kSSK6LWcp%uZ4pED?rc>WAwh->mhWqe7hDw@ z>@)ON3h2}I8Ty#=8SlFsgoiX26J)R_Rm?+xb%v@!2{LTZ_+^&?#;>?6kRMY86&l!^ zit`X)h4#J@2G|Gi9J2`QBW-#JV7yTE5MYJ;h!QHa$rTC>uq#D=o+$^73dXGEV-l#o zLVM|Vl>qj#2$w50L7vc|3T<|cd>#U{8xK)gu$x3S9l#0=!kbhD8H{dt2p^IFdBWON zAz!Ar3Jt=0B0&bDArArC*J6OtT7E-WDl{;5r-v|iEW5-*fcy^A9xB+%frorMeSyqo z0lPz+9_$kGL1wc;X0w3ZNj|X4$Ori@@N8juZaaRRA{h6 z_^n8gVFTNRhX5-y7+|l91u|4YbIkz<;YE=k z!v+P6%pL-)5a(u5eF^f!)Odvk``qOBH|Ecwp~Ha6_s|-27;}@KayP!!z<1UHL`bkJ zzP+i%V1T_PIzQU>{MKiH2nput5Ri7S=<66(Zzc{i%8Y4R+`-z)lhiILJ_;!44e;*vVo62N^0f*rCG!J4Gzu zpnayk46x6|0uJ&=qC$fmI)sl!f(#oJXrG7yHpBuBGE``=LkA-;*|&p0_CLjilA=YD99Yvy(sU{~uB;J`zK z1RE4+u)_em22Rig!hweXD~!Ka;!C;~IOyNga30bL+n~dM%r8&XiM~P;eshQ#g$&^n z?T7>!YzPkl><8LQ`q<}0Lx6mpnk&#=R2>8CCHO7ZB*?rAuh3wJ{He-TXkffJ_Yh#6 zp%aymAcMU|eURtNTd=BcTEOF4GzQrbVsBg0g9rDnDE>I!!3c5gr4g;3wgo6MpB*@TsLEYzDYOwRg z0+pYXHt0}0jY9|jo(K?O{Dq>9VL%WefgNCI;6I}P#2NZjU5=2zo>x~Kc!-c-g8~h9 z7+^1mOh?P?Ei~A{^L?8D5!&n8>jP}w{5hVlAisHth6W9cEFQwl{1%%KAoE;Tf&ad? z=#$^qbgIx`2fLigp;2gny-gi&D>XreZH9OftouKAt@1qljN*r9`6 zD;5aX(1Fkz>qkHz>3~BXNK|Cl+vE z+&KGr_soq;g$6rx$W%~gEwDqTY=s6pbjTdS3gJfOOORoM@Vv4l$gn|~aSZe(C5hp}`J)ZXQt01MHw!z>jo+qcNE2-uIe*z3q zyng6ZiS}r;X2Xv5j;LkBjspYJJA;gh87mt4?b?8WbVo2DX-+{sd2KXcMZ*Q@a}E(` zezm=${^G_+hlUYdS^eOzVMEuuA4CT>^v^}x4-BMxpBs%u!GaYRZ0NXRAiXANACDGq z*wJxCePLWmuV}bnLw)T(#0oTAuwg&>LtMdh92lq%{r6}PR&3aD#ewv(U_wE~f)y8R z=(u7aJse~d%vjLh7FSIJ$uHa{jPJT&`d*Ncd}*H1-*Hnk0|V)0F)kSe3szjPq2r2y z^zxv6Bt~t+j*ctpN22l-4Hu+)Z?d6+ivH!;dj`^1f_8gMo*fFFS2iIGdcj0sdwk?wM&LALU>aahji zz9K#_kiP!xSb>5CD=yg3am7ITM$o?NsDK?ER}`C7JsaA`gwSr279Cd{NS+~8P`?z- zUeV6bc^f%4)F`;VF9vHx!v)>%X9v=|f(h+b)gnFhzeM*?kTfM@{L135twlk5*Uga) zI}Qv??+!95X7nfHtFZ$E`Kv*}j0GJB2J#*h%vjKIU?6`jD44OJyer(sV-psF<;$q0dq1 zfr0cuFk$^p3}?f3hE%zstL?x*`g3$TBYiXan^BNn8GCd_!GaYRZ0NXRAl(_XhhjK4 z?C7|n{YVSYU#|riXupqsY}j#NVDip6qhiL2cE&By%LOYME~xK`LKmz^cRV*rLBWC* z7i{RbVjww5CMUm)f{Gday|GseWY3)|n6aRLIXEzozY-M8SkNB0IqJoZ0|V3Bf{cn8 z9R~*T+k=7`3mPuyia#)rp9l(OENE|wzHQiXU|@QCkWn#XMMHW=kWsK;#RVHWt{6z~ z#5oBU?tnf)y8R z=(u7aE#eH_fr0GUUNB=pclbXrke8rf#)5_m`e)+FQU?a|B`BD&py7fY9R~)QR&CgE zU|@PM$f%gHqM`VlsA4%o-*`r>MLYSM_q#~Hb~pj!#=` zR-}94;E_?VV8sO+I<6Qai7F*4KfPar{i$F zVaI`i=`%q_#f%jV{j1UQ0|Utq?0`zO?QSKZeN2OnZ<~F=ItL<7&**1uGgZNVi0x1r_P(cr#Z}F=N4shV-MLpkl^?6%F0(8UyL4 z!Gt5`U3$czp{Lk<2L{q-qo)~ZjaFn7wA-H@-NlXr1JfNrM#YR34gEvWwF3j`!@-0$ zqA5E%uIJ)E#nS8Iz3M=EeJ~*-eZ*EnyCt^Ej*e#j??}Iok_swjq(6#7#fp)USeL=9Iq02hX{2Df$?Tm5TOT2zk<=+`Lvz#q zhWfW?&Vm)`yHQO>!GaYRZ0NXRAbk(_Mg18C6*KxPpBd?p?u09?a$as(+|ki~eq$`6 zBi$1R;c^n4Y63fEU5uVg@wfi^8PPU0q)$a}GWI{k1!c#9_Gx`ZvzKltR#Yt5qPYIa znp!gBpAqd1_d(~G+eNwd^SkQ4`Apa>Sn6aSaz(D?UP%vXb$AN+Tm!M$Af{p_N`L992j0GJB2J+v6f*A|y zui}Xt3s!8{am9i3>tI4b#ex+VZ0NXRApJ(%8~-s%!9adfP%vXT7oQ*daK(Zy?!Z8P zb5Jm2!G5O0f#G^7`Oga(?Kkl$*oGbTx50uH>32a!LC1k{;!%#tHx>E(y26fKP|TsB=3BxII}Qv?uLv?KW~^xFAC0083?v^RP3PxGo`<|)$AN+AdqGCUj1}#S z`(YHYU`4~_41F#(*@pI^n<9iA>AvSgc_>)0;(`qwR}7@L;KMGy2qTzCe)UlzyFp6KW zB0Uv(GYS^0xL`xa6$8mx@i83h$H+U-&3h8@kjqzyX`3`{=_GAd@QXlLBpqNoKc z8ZPL+iX+^Cf&A;BV8()u0|WUtLBWg#{bM&r5)9;rgMt|g8ZJmJ$S7E_;(`qw*E6K} z0|WWDLBWg#9R~)oQ)R)71@+@m-hveyc3g2FeIl69uwlo6f$6*|K*fyok>^I0C|I!K zf(;#43?vr`>9OZUHWVyaalwX;D+bczK}Nxh1?iD!Mn=Jc6&GyixT1bKSg>Nljw=qN z^J)a?W6{!#f(0us*wAssKzcZ6*s$Zkz|?|_iWw^!y33gZ1K9;e!HfmzGMHGLC1lC{Dq)k#)5_mc61yVXj`yh$AN+Ai$O-kj1>(VcGNEg z3s!8{am9i3ZSdGEE*Uiv@B3Z!eiqbjIqJ=oEa z+$vvCv8w0J8=`wicLf=3iWAU=9R~)c7Y7*?GgdV85&b?ekp2)%=pT!tz(9UDD44OJ zV<5MnV8()uf&B5HV8()uf&7V}V8()uf&9s!V8()uf&8hUV8()uf&55NFk?ZTZ;lXF zY}j$df%HHyVZ=SldyUKcjspYP8;61!3-$+MyL22FSlx}$u$`g5xXwiT)=d$@j^?rA z8|q`RxL`&5{Dz?%G=RT9*D{Zk^{|z^p2pQVn)}& zf%Lv$LiYoefuySw(*03KK}G*|>>CFL@^^xQ84J=^Z8!8^Mnwb3?akA9kMrN6r3Dpf zjYC?&h(lF+vC2@3KEG#7b0>g`HK!v!1mGpru>eMr1FA_ z8SPC`=#GB!Min7hOmlR#pndBZkq-UjI}sX4=SA(eWJCHkUZo;b%xH#lN5>V-rr6Kz zfu=J%I_jGv$%=*x>T9DPD;nzSBHM~~@>=DgBi(7%q4^o#j*cr1BwZ+|C*O_Gigt2$ zG<-+L70nM^cXTwx?`IvavGvh$#esqP>d3pI;euqq3M%>|!9e;nOxA*WPFtJ1prYGx z29j1ys6UMrD;oM;F+v0BZrG{?741zioI5(MXXsuzkj$6*@mR5<;c|xlr2FVt{}>-^ zH*DC?#S;D9(Q(Crf%Iil3eBA_JL;=r#fpXtHtgt+>nhUcbrtD8n-)I%s4tDE6%7}p zmjwkCGum%89v$_s@rmGyh70Pq^$P9e=?LxUs6P%?G}ND2L_>1XQ&7>q9&tN5((i+U ziZ+5B9rX{viiY&ZprE2-AQ|=MK@B@P+I_Kgc63~k-fMtRKNW3R(U4rw7gWq==!Fql z(QrX}c_c2V$Q~uKzDRA@u%jE;f%NiVLVuZgg!FRr=q|;h;ez_jD0D?b{f_cR6dq(^8)Lw}vxkY2C0dx8}W$qrRe(RF4ZWqi_^7wJ8bIHRE5`<&<{b{rU( zUK3^-4cVmQ5(cT~Dt_|J)qc|{-KH$uT_VQTVup_-D z=4nPj`-BSx)CZ&C3s$7BK0DH(V8MzDHgsGukaqMqb7T}$%xLS)kqtWz3``#iGAd^D zpT)(gXn%~c-O+JHdcv^_?UgsgSfKqVhI+$}_S1P_`<*#2`Y{g-H1{A~}K0@!2eh}RJN9L zjDiI#F4)j<#X!=7_O58ph8-POq+6d8<)L7~iVHS$TrrSd7_{F--VHlCuE^1?wrD*1 zTcgPb2HLNpDI0bi7?^$?WK_&p(a_%+1s@nl+C8ED;n`6hb{rU({upFb%vjORxL-!z z1uGgZNI51&M)~>QMP4ju@6;pI`=TEUR-|7>`!Wg^thiu9#}xxff0KS>6jaP;KQuQ{ zUl)^h!HRTyjCw}Ff)y8R=(u7a-4Qe&9d6jq4-s)idxeV7W4cYT)y60P_sI0AAfsTx ziv2Hssf`0eTzVwPC|Izbi+_zI6$^&A^ywg@V8M!Al8)m{EG~T}$S7E_o{N8rbQKGR zxO53J3Kp!`CFwZM#NyItgN%X&>$#Y0T`U;l(&vJVf(0vfNjeTRQ)WZ@Yb<6oY)E$F zj5?bJJo;73uepIHO>}iVHS$TrrRa zmMAKtpkhXH$jsidsCUDT_Pf}(H|#htF#SHrsF<;$q5nb)Fp!R5Lb79IBpu8sNF%ak6f9VA!G?}2 z29o1ZQ|N{r9akg={)~2i6u)6d`cq`fC|I!Kf(;#445UBfS5at2LB)(_?S>r(2ByCR z85J{DG<10n45VKN6WT3tblI@uz`*o^AfsZ&iiYn0>m3;9f7)}(n2_Fdb7Vuof)y8R z=(wJt&&4Iffr0#JP%vXbyZ^b74Lc4DOmmP?F=ItL`9yrBwPDABf$5V$M#YR34I6gU zH%B8Etk|&QiUa8_!G!cc)SFSTV8sO+I<6QC;hYM!|v=7i{RbVj!JA?m!;W-UP*5>r!HV|Pm}WaV%D+ak zJpwBlt}%tDh(6+PioZ>gcqMbapuO@Rq6~CgabTc*FV2=5()XP_(S8+s%!X!hLwzc` zvZCRF4gDvBGgA)|R-|9(ESA6Fb0Xg`W1J36j7kbW2xRLoe=F_5I2kk1^ii1G?5 zW-M6IF_83kLPj~e|C-puJ36j7FpypwOsF|>tZ2Ak!+ys3)P2MHuaUx`XFHESKaWsG z8wL`|ZIKxTZGBFxz>Wh0(}#kLiWw^!dj9)JjDh6d$O*Fsd^@f+HtaYsFnuS;sF<;$ zp?^OPaR&y{4}uBl8k4-BV#b0M4gDi=78%GN4GLx~SUrWLVMG7Q^P(aQ(Vc3g2_J@0SEhVrNQP`6^iisT;` zWE8YJBu4+rGxaSgJ6jaP;R~4bZ zF^WGhkp3KVCZk}%iVHS$TrrUT614aHeXPZfjw{mU=z?^;IZ8&sf)y8R=(wUj9V}R} zVaF8*(vO1)4I6eG7?^$%WK_)PI53cZ8WhY}&~QQh;`1U7D>m%7;z0URFrlDg!HNqu zq@P8383hYgT(F_ziuC2kkx{T<#RVHWt{6z?{(*uS3)&CkqHDvB0|V2Kf{cn8D;hTJ zNI!gTq(i}i6&GyixMCpvC}?-z5NnYhiV2cYuwcan8#=BSNFT$Ue;?UUP%)$ZQprg7 zm|Un&-x!6WA-z5>`wA*%bWar=NWXyRMP;P+?;|mi3$}ua_O>W_NAgtDf{GdKv(JpR z=tyr-B`W4KbW7}ND;h4?(4UOr2a>b(>Zu^=fnyWELd^DhK?%+QhILizL<3x1r_tT7?l-|_^okbt5`6e zlIa>0G+eNwV~L#Wc^<-sIijk<-l#AvSf7sM4Lj10g9!x{%{PNP`n~@cjtx5w3`{=>GAd@QXy{MJL^&{!ejH3lzpy>f?u+6#>_|V2 zY#9X$R$Q>5`Ry5f*>^Lwm{XEF1n6aXraX*Pd7p!Qw zART&ybbl0|QP7^!0@NCd3s$6GM4=f43szjPq2r2ybl|5^TSh^}jO6&2(dHebcG%mXYoIa(1i4>SesF>V8sO+I<6Qk zL3;A0NP>d&zBo{16f9VA!G?}22GaY3_OdvPY}nCpJwqRk3*mw6GPz*Jg6=YTAU_lo z%vex=eshGdV#AIr4y0cM6ZU_JrSC+CGTJ5jvSCMiAlkTL$AN+AZ9zuGj1}#SdvSDQ z!HR|pt}6TX4UrY~Rk7I@tVl=X&nQ^1;(`qwR}7?I2JIbD@P-{7SG1qoR!Cd)C8Hp{ zE3#!2ELd^DhK?%+(z}D^8I~J%bX<{sVffG$e_)&yedk%R0tE|JT(F_zih9=9Wfr05)K}N-l z743|BXOz5PMZ*Q@8g*nO@4_+)+8-nDh8+h6rauK46*E>e^arER0|V(j!Gz}Khz;qF zu~9P$+IJ$`h8+h6rXFNe%vjORxVJ>13sy8-&d}dt3+||Yh-XSJSkZCCK=KsI^4@=o zbXbtS8y7wW6*CsBXs9p!hgd|z1sis(Up7^+VaN49MX%!3UT6f6zWj`+1{LkyCL_{Y z4GjuXj^1VzELd^DhK?%+(kp`Y=a}jnc63~kRG!gpHJj0qCfCuZn9tB{5n9o3LAPQc z`Dx9Bv_!)*l52Zr-D zo%v1FyCL1;9Tk!%;S{tNNrxnHM*3Q8$%2X*3sy9wCxe2D84Ff4q^|}A6*CsBXh?fd zP%&e{iiY$RZN?UpWH(XnkIxNvbX;+u`Bxq5lcpFp?5J;#0bbE?IYXW^x}z)8U4=V3 z>Kw(bXt-cQ|7dK2f%K5j(@}c*agb5aei&@nPdvo41{-!%r7T#nE2ZPWK(c`{ zns-?1TkIFuu%o;ys93OKd@@L%3Ni}%ccOy_2HMllic+xSz`*q5AfsZ&igw055If9* z6%Cg&^y246dDwAaV7fiXsF<;$opB#>yuylx%NcsZ%~2k992l5tkWn$CeazoUC^fDnd4+h_meC(gmB-zkjEQIt{J2{$ten)*_OxqRh#K$Z9`5DWLBCepK z-4^WVs6UIzzoOxS4PD}aBwh1S`;Lw)4h*E%1rz$uV?P{7zX&Fb*bmcxj)izNj~w37 ze;4PW0|WKIE~FllV+ve<0qucN`eVZwm@$Ea&2z;z(Appqr})2J#z&f*A`ME?B>(W!SKz{xn#y z;f*A{%Ux@9fAG|r@uwuiGD-NXd)={*dY84X78TxT-^MZ;Q z3sy9wpG%DSpCjsL5!g}x7JXjPaKVOjf1L6QDrWR2W5q!75S0lTNl^vMKS#2QW@8|K zHYk{}py7gax2$Mdw<8t159-MiQN@ae3pUgod-aNj3;N$;Y!3|NWM{#Q1@-orb1NF^ z-;{!e%NhDr6u+b6iUYOW7>UtNYJ_%l%yA4)Uv$VseQ`vsXeS@kKcxMJNP>P_wCBJ; zo`QlI3(^ms6Dv@#V8sO+I<6QJ$X~at!TKQ-Wj94qTzxK`z!ya zC>aNK53cVxFwVtWqJV+)f?z^d(Lnku-W+iS6*Kx>QT#xd= zMnQW)6tJV?il(9+{p8INH;~>EOsMxn@hciG*s!ap<3Raq)KRfuJr{3{0#-C!Q2!RS zt!O82iMSmd*E960D1IQ7U_wT@D=Mm3u>LJ7YS^%!i|>nfrW|@yPs)Y#A|ceb z#flXT^%EA+PM#l0cC=3kp}#%W4y1Pk^^ssjLtQMQq2Cz{q`UB7P*9ORZ4nhMsRQlf zLP#$R3L17KJu0YZe>Mb2C}_rJNBX41sAx9Fj`rjYF=!a~!~{#P3Ni}n2O{x`cB1t= zI@<44iPWN~f_i_fSkaK~2?{FO$ATRl$rdYUCeDtI^iWVx(SEBUv`@w2j*j$&Xn01^ z`iccB+WRF&M}0}KqMiInq3E~V6x~O90bUwO3M$$kr9(4m_H*Xg@C6m!m<}YZYA=uu z?Gr+%AB`0&8j^Yok}X}3_y}84J<}V$=&NW~4tD0yONX-;e&SXc$k#XM5?%prC)_ zc@c;F&7fe$f`$urbQ~C%z7=Hb8q_h6?+XfMEa=)d&PIMPLKAX~`f4=WIixr+F#R^j zsF=|V^_cgL0;NcRL2@;^sZ ztV{8CidXZ2(2kBP>K}p?4Hu-(M4L0x^JDx9D%vA@g!cUC$A%s0CDFc&f(0us*wAss zKzeD=JePdKj*ctR=WdSjP_SUd1sgi9Xzy|$K>JQKaz{Ty(dYD)s3)Uf!HNqubX+lz zo(S5vqZJ!=bX?J_-LT`p!1QF0Q88mhJLA3+c^9l`xFCHYcA1R&Q0(suR)Q88mhJLA3?g)Ugpa5+PdM;#l|N22(Qg7j$Q%_vx~;(`qwR}7@b@bxG;qo88O zFzV{bXJy`W7c`yRkUpjXC`ez7;xY;rthiu9#}xzVOZZk)mQheK<7&G9Uy`0%FtQiFhR$Q>5nsi*wJytVMl&UWk|?qkBURm_dRxkf{KoT^fimGiu2+?^2CJ+8RdKc!(Y5HM#YQ; zP2T-10QKv^iiY~&bW`o7%f=Qa6x@E4iyVlY}j$df%I4~q1vJX8+IHRm>v%@DrPJ`1iL*(p`gMS zA>BU;I53bte?#O%y(1PEtZ4T{`#0=3FfhF;$f%gHqMeKXPgL=6bnd`FYQco&zrgJ1 ze~g3rK>AZKp*+2 zp}&vB7)T!rCbU<^{MpfQMO$MNZn#EM_CNkzti*xzVH+8f$>qXgJFhM@HlsTa92n;r z;T2JTM!|v=7i{RbVj$^H($0*6iW$vuXGcGeKtGIkxdj#J$v8+ARLoe=UL3Q1N5>Th z22%88_&6$gVtYn=OxMs~5rZ<249|r0fK7+wJGz338ST5;h>j$0LB)*K$6yWHiIKM9 zFVXi6I}Qv?pA9l9W~^vu+;(&H6Dv0CxZ*(iVlbiK8t*a=4CEIE1v3_;uSB|xf(0us z*wAr3Ltl;1fr0FkyMh@D8ZOxWW32RlIx7~eC-=nu*03Xe@P;S}-90`B2GU=i6)RA% zV8sO+I<6Q>Bk!HNqu zbX+lzz8GYiH(vfjV|w(4h(P)C-$mJ2(0u`WU?4v~D44OJ&~N+uNQ{9r1rxS^jtnolG18))MARi-9x1-Zt3447-_cQ@3|6$0N8?nuqvLvp zB3FIPDH08rGxW{a8XMA2qW1;u{H6%?4RWC2g7j3hs-U7zF$4qY#X;4&{}u}m+0;lb zp$nFXZ=Z?*+|WK`pwX_ea>pvgN3{s;<|x_yWa-^OMnUroupRADInjIcejuF}2Oo^J z1uaM1j*eN|K5a{4eLT*T4I6e`B1Qd7Bwf)?q}?zc)11dO2L<(g(eDK-(v#1MwJ2Dy z;(`qwR}7@D2JH=Tp4+ga#Et_4)9ZtbiWw`~8TW#iV+&R^ zT+sjW|3(4Ge+>#|ENHl3N5_GI>2E>cBOTHfv>v0jp~Wd8-FZV~MSbd~s1_^Q$6{DE z>^LwmJsf0I%vjOT{R;KKK)NfKu>9YVVnjU~(rX-&ke;?BQNAAsoQef2`s2}*0|V)s zad5~eSg_)P4INhuq;Cc7O>yYhu%qLOX6=R@2L`5Z2N@MJRozkMtjPZNqfPjg{?oM>q5j*nSvD?zhP(Sg_)P4INhuq&EibQ?ac!?C7{6 zdB8zN`(PBmVMmi~!;S+3)0={fiWw`~8TUvOx?n}a1$B)=7pzEcjvN^U3szjPq2r2y z^cH+NipnUcn2}zhA4ngH;xh`GY#VkQ7?|!0GAd@QXy^((FwWvX6QK$1Epe>a(Owp{ zZD^b6jbt&Oaks~AxTE8WbO^yQt*PElYpN&Apf)(S|AiXfiC}_WO*hKrvO%cM5 zwm&--vE#tN^tB+PV#bPw?h&X52GVzf3H_ls@(<*X1qCw}?D0$JEne-Hb~$t;AD9-T zU)uvw(H3Kb`m0!6(N1o&f1u-v^up**LB++duAdi;Ie&QXUzB7d|Dq%#Ig4bZ&qex- zg7o(1#3Bk7thiu9#}xzV9k@NVbVfnNjPCb01L-xvgp7jpf*7`fiW$op_alcIELczc zo5Y3<{rho^eqbQ~ASjrzpy7fY9R~*L5tCy@LwYhOs7N0FUQjV(dtQ_julBS2?gzQ;!wZ#%*cgy;?2vB zj`WxunBp6R9Ixhq2phVc{lGwa>vJOo3Kp!mU_-|h1L^+YqD;H_h8-PO6f2_($+N@? zDrPK5kzhD_I}U9qcHoKy>$yL_PA`yNFN9`sM|->d1T9J$KZruo4}*+LM5S9TVU454 zm~Gq#f{cRnOM3&-mv4#?3fjA46K&XWU|?E;jEWg6+8Otf==_2e4VN>dj_s`I9ns)| z98E0on&Y*^YmHZPOUaIoE86ShmmfPit~fA|-VjV^3f)nor25k6#)^jefa!vEVpKM? z2V)Lw*wJ3}+*rhp0|V1-K}N-l6%GA^(bEG1X$>ayH~eF)z(B4+!HfmTZ|pMa6E{U1 zRK{1mU`2frEpKSqcB^0#8aigrE+1RYnT6uU-2#f$|V1L^s}gp67v z+lq$E8M0zW#}x_3evr@V;?$+15Mn9@`qTgSg@C9S;s(n&A*Q%SYI8B4Li!~f{GP=i?jTJf&9gw zV8()u0|WU>LBWg#9R~*TmxF>C3)(#~Iy*Y*t89EUTrm9e-sFc5<;45NSL+7SA%s?f z9SH?ZlKo6~uQ)V`_cMpZ9rcMA`4tWI-e}5-hI)%eq2Yq=CrAV7ZNY?${;nHi1=72N z%fCd_JK~+dKze5|q5CrWz&O8_ezgxiFk?Z(1v@$p3{3Y185J|q_hLuRC|I!Kf(;#4 z45aS|<=z6I!% zLHk0)ZRlqGfr0j}D0IV)0|V2$gN%w9D;oNvQQLum^jI*Vzv3Tb1qSjfgMt|g(syEn zG71)~xL`xa6$7b@llQ^M+yJ|ahFL&uGY zWVRoRPcB>$@D9xy! zl7}kUkhGGKK5RWyG^9@|Mf!+R)Xzk+p-MKS&sq=Zqt-)}Y^ahA{kP&GHE?61dl`P< z#(cagugmu6*Cyo0b{Kd@`kV;q(|SYwmDuQpj#}gFY3R5yvAie9*s!CZVtg#lts4{R zM8m*^iR7P#B>xN~W5tFY>Gd&;j1>n8PBaW$m`E-o z$>kwq#fBZ}`{oMulfP&af{yy;7)C?Kjfv$gLB@t11@)2l+!*A6f{GK{D}EvJP%(Zj zm`IyEpF!@}UKz=Pie!})+hgSvhxdvNJE}vzW8gxvD>BA&V=vs8s4tJ%Xy~{xvHWU~ zv0+C+#rT7ms~Z#Py}^R?Ssh_`B)Kskk14+$)fzf(Of0VpGB)fesE@o4M56}^DozYv zJ()-^HXFYY6x0VU1^sb7z=iZCH(aRbkH~i=`r``|TIm=_F9}v`NWKWQVtYg{juC7q zsGpDHrJ=stod)vz-HjIKDsD`qH#owu`R5hsNhS=p8tYqQl??|9>ht4vqhsL0{mA?E zC>^*lk$hWn#fBXR#s@U-J+uu63aS@e`|BbaxG_-;vY{GZLo(*+Rjc%YAY(;+Vf4{4 zaN$OK)c9E3ho_GR87szPdu!C)aG)Ulju}FFvdO{b=6==6h6Cl%sP9d#*s$Y3Rjobh zx?k@GIdEg589{k>L=_Dk>1A=wtk|$4J=<8YeKD>F2MX$6|65TP9XBSHuLl_$b`(^M z*T#`^V8Kf6$c7VGz?srNN>W2qSuTS8+Ig@%8V81wXt%>iUS2F8U`** zBv-on{%ES9W8gylPHaNM9$QsEEQPJcwj3y^zZ;D-bljL&elN(_u%nm#)cgQ^^w7GFBWYIMFb0VItY5$-c^1v0+EGRla-K zkv^_l)IW;O8amSNM0RLTnIL0D zdUf=evEo3%iH3m-6Ui1NqsmyZVMqP5e-PEsabsd>LB@t11r-e)7jA6Ni~Em)iWAcV zVftMUiAYC`C1b^bf)fn`7bcQNj{2uD(uR(K3-#NMC8Y2E%h4z{>^P9V`maU-HtaZ1 zP#?*^AFKKH|B4c+`l5d=+Qqa?p|fMh#R=^+$V8u^y^|j`YJ| zMfy#pNZ*r(s-UAP=%@-h(vN}_>4WN`zSeq3-&cxim5%y)rKk!z(vO1`$yXy+BpbM* zD(I+Q!S2|e8&g+MA3QIjj)C+m!HNy(6Rv+qe;il6j1}o+anNV1I8bn+Vc^0j)MBg`)KrWprGPJdS$GVvEo3%iH3m- z6X{j>qo|v)V#AJM^b^T+ZqE-2>I44-qGNb6JRi@9ok!K--7y}xO_)e8$G75)T(M!t zf%KKQK&;rX<3K@u;0KX91}@x~NPg&L!S>^LW?xWoV(4Q&I{J1*3o@!l#D?vCu~QBd z)R)BMG<4jUSY8@rY}ipyA9?SIsXI_maXup7qv;rawC~1z{CuCi(9m&XV)^wTW5bSu zieVq!m`Lvn7NkFj(u@@c3QjZ(T$o7j4XW4Z8af6p)TjQPC_u-JiREcQ#)cgQ^^y1e zsC%HG;zat5=q+Q#fr1ka0~aQeJIZR?8af6p)Gz%)bXN#esqo4FeY@(#L}O$#|i@q2tEH;zQ#Z z8+H^_G<0mA3Jw%BbX>TRJ{>GrvEe{L{md^#HFVsVSUwwMY}iqaxuN66#PabVW5bSu ziu9T2C}YKef)fn`7benYgNzjeHzxAuf)zUsRGjD-xG^8e7yLVs#6*5!uwuu7iW40J zHzt-B1sNN5q))`QWvn<*aH3)0!bJLHP|?tFV`Aw+#)cgQ^}*+3V;VYcOe|jrGB)fe zsA%X&pNgh3Rvaie(J*jfB7GV^jZ-UQ#esqo4FeY@($9kWoqr`t(J^pg`$8N@2MQWG zF5E~XSTM}3dZcHqXw@x{@Xj9|r%0|PfE@-u@KI}Qxon8?oxR_r)1aAP9>a8PNc^-_>r-qz9Fi03@rb4wDhG23hIM*{6egO zf$e*7!WLAVczh);YP$Sh=E8TM*2fp1ej2Z9H+0;XSbi2{Y}ipyG2R%Pe`6xODOgb7 z`nRGz)F1s~MCeHAZ%2DraiHKt!@z}!^u(ZQw4r0*LMqWm#`fcA{y;%}n-O6AB$78K zs`eT>ZcHps3NkkAD5#ITH%D&=3Mx*duNeW-E8;4cu_8S=>SnAsP;jDQ;KD?D3f>Zp zW~|t-qbhCaxG}LjHOSboqo87_dt)NKHCT{LPDU~>87tD$qFTm^0|h4<1};pbrw3J| z4IKj)s?vsz8xzYCWNg?`P#<|E>K-VlI5EB%*Z&(6`3_d>I57O=`Q#6r5-nxG<5P8Eo+aUwT_?SjLJC z`y<+&$EY|T(HlLnLUqOJ7^v^{)DGntKNm?fbgbX~7ouexsBe!gXh_eB(u@_u4BnW? z-wIajIFO$2B8iIrh_VRjFM<{612LA2^j3MOzY=t$-;jsoi?1uvUy6{dvZ6}%N1o=_ zM;|W`p=zL`O7=&d&O5f(#09pX;>7)LM*cI+D=JQ;m)NoB-;W6zxKZUbtUi9Y;Xrz$ z?ZbFY8~`^a>ht2(rlI4;#Pa+gW5bSu`pEl9?Dqo&6(_oXV>WOjUC~Fzid3V4j1>n8 zPBaW$m`Lvls_%$3bPQaN$S-T(n8<$?tk`j2;KoF5!HOLR%6sFbiHeRH_v}|J_v7CE zm!i(6f)xh}PBaW$sJ_MB&~am8`ACqlVMjs5RP|@EYZ}%!#gVQ(J6(<_D zXGOJwiWBJ>!HNw#hUVv^kGDs(pg#8(W6T)XO5_z(oY>+zTAv%|T*tumh?cn7nMnSD z%Yuv*^#d_y4ISwp#Ny{LSJW?=0o0er!*4@J{esEF_Wl^ofr9##xcWA9+?ZIt8f0wP zQBWU|H)OsRb97@O{durpdvo-7pdfuMYGtfAP;jDQ;KD@u^Pp;~p=01edTtyY8TIYa zd_zZle^hJexG}MOAjsITqo6+WJ{64~D5y9ekvM8m*^iL}Chl+IYOVMqPuFGV$U+?ZJIAY;Rh`J=@XHcvHm2I8x9Q5s&7o>9IV)JVBp3? z_DS6pI}X%e_2`E5ieN?hH4!R0k`H5Lq<1St^$E!K_!#8k%t1weMDJ1;>FG*QHQ!Ms z`y=n=@{q7TqPL4s(UA;tMSYb#)VGO{-Vv;*MII8?NAyk+(kn$ss;!T@npz+2J;SI_ zt>yNqy*^zvPH6v+$ef06vxO}bHuwx`= z2+|WFTCt%f?VDo#pN|@- z58nApRt`FDOf2sTGB)g}FN-T#L&uGY<>f)fh8+duJ$QXY z1@*z#Vz?ax=_mhbtoP#}|4EQU{YSyT{=*>uRHR@P_4fq>{f|XhlrA3#GFEKZaiE~$ zL_^2Gg&PyeSQf000evT;fyHpUVYDayXAxl_J%)jd^xfe2eo&FMaz2`p9Jr8XaEm4u z$qgARb{r_EI5E)BaXm1|8<$btn5aL9yc3%_t;TZTHqW=Z6UizIGS){8>^M-+&@pi1 z!bH-?^4NJ;aiE~0;Y7!Ufg2Oa&@vWmSh3?kLB)xN3lrT24qT5-#YDCn*T^M+RaiX0;$3T0(BnHy&2N@eyRO~oVkbf4e*s$ZYryGWju19Z< zzw+atzdcyr5$y5~T(~ij3}`{diVZss6jYoT9}X_um`EQ97G$j0u;W0%iHe4ff$I?& z?s%^xZcL;<3>IXp*s$Y3LB)xVh6@7|H}*dY5*B2v*l?nv;K0O<3j-YutBX-W#)1Po zHWXBxXphJl->}&gr_=N@#WyCB17tzQiVZss6jYqZE<7tP)7cycs|(qN9S153PBe53 zT(~ij{xn#Sv0}rH0|gZ)8af7UT$o573>IXp*s$Y3LB)xNj)4m|Cenw31sN+g>^M+S z&~Rd)WUAQrk6fDSCv0+C+L&b@X z;n8@D? z5*8F^{Qc8lBK<5_9_W0v%7z`sqXsHYG;|DHxG|9)_YufgQNIG7?jVc^1ziR6@A9_J-iY}j$2pyEVB$H0Z+ zLR%kKTjY-hD>fu7XdW~>1}-d*v3y6;h4#ioa>sanGbpI&Xc)L~V)6(K2Du%f46;KGfGr1Rx50<74u<3M@vI9NS=Ubt~MdkQK}G;|DHxG|A*xgcZ3 zjtvJ2Do!+H$H9ix;j=&H5BD8pL+c+7rd0|mPTWWz4;Eys*s$Y3K}GsRaEdw_25wxK zsMgC^uw%uB0|n`m!71u!7`Sm^VzFMvijEBjb`+ebXjpqNL^m!>ED91bIyM~GQE;N7 zVc^1ziSnr+A!EUc9UBfzR5YCExG-=deL7f>v7%$cfgJ@WDjL?$1VeP=!o;E=A){l% zfgJ@WDjL?$219h?!o;E=A>+o54Fv}pDo%7<7&tx`Owl4r$k?!A$Blv$6%7L&7uL@Q zQ?!T@GCFo_s5nq?q9J`D7@`{&CKd%51uJ%JI51GraH3-w!6llwk>q8p*s!DFKt;ic ziH-{cH_{h_1sN+UHXPVdaN$Hp!$AI0aEp>?iWX79iX9scq%Q}jsA8a@!bDZDU`57;13L;% zG<2+g5e(6d3locigp7_22X+*ksAyRKG8m#87bX@32^kx994MHmXgJYvVc?k-<(Xf6!7@`{&CKd$=866uA>?k-<(Xf0Y z7@`XkHsYC^%5Dxc_USfsP9kH`3!i@k63N3l?Oo*s$Y3LB)xNj)4pHaTDlf zvA9>MIML8CaN)*$L~j=%y(3t#xy3oK^M+RaiXDP;KGfG^o?La#)=I)4ir?JXy_QYaAP8UGgy$ZV#AID1r;Y6ItDJ>m`Hc9 zAY;Xb9R~_3PBe53T(~ijz7;IUSg~Qpfr5$?4IKj)ZcLm`L9X7G$j0u;V~M#fgTFfeSY#()WV}87nsII8ab=qM>8p!i|YEg9RBYHtaZ1 zP;sK6W8lJ#iS&bDLB@&=I}Q|7oM`A6xNu`4{V-UNv0}rH0|gZ)8af6p+?Yr|3KnFn z*s$Y3LB)xNj)4m|Cen|C1sN+g>^M+RaiXDP;KGfG^pjvg#)=I)4ir?JXy_QYaAP9< zG+2m`Fbh7G$j0u;V~M#fgTFfeSY#Qu;5VJ!Gudu;V~M#fgTF zfeSY#(i4LP87nsII8ab=qM>8p!i|aaq+mhDiVZss6jYpO=oq+gVm#nP*8EAp=02}jfwQMU_r); z4Lc4LRGet&7`Sj_B0W7=kg;OJjspc1CmK2iF5H+%ORykg#fBXR3Mx)CbPQa$F_E4T zEXY`~VaI`jiW3bT0~c;gq-O>TGFEKZaiE~$L_^2Gg&Py;S;2yg6&rROD5yBm&@ph~ z#zgw%U_r);4Lc4LRGet&7`Sj_B0W1;kg;OJjspc1CmK2iF5H+%&j}V}tk|&QKtaWc zhK_*?Hzv|^g9RBYHtaZ1P;sK6W8lJ#iIjr{87nsII8ab=qM>8p!i|aaykJ4biVZss z6jYpO=oq+gVv9=M0!!MAY;Xb9R~_3PBe53T(~ij zUK}jQSg~Qpfr5$?4IKj)ZcL;#Sdg(|!;S+56(<@x1}@x~NG}N%WUSb*<3K^hiH44W z3pXaxOM?X&D>m#nP*8EAp=02}jfwQKU_r);4Lc4LRGet&7`Sj_BE39Vkg;OJjspc1 zCmK2iF5H+%zZxvaSg~Qpfr5$?4IKj)ZcL^M+RaiXDP;KGfGv;_+?R&3aDprGPJL&v~{8x!f3!Geqx8+IHhs5sHkF>v9=M0!=Q zAY(-do-p6^&-^D(NN)}nWUMH^A5@%Z=ol!k|7W8VCmK2iF5H+%ZwMCj?`r@TZcL;Z zEGWMh>s6d+=oq+gV^*X8x!f3!Geqx8+IHhs5sHkF>v9=M0!=QAY;Y+ zZzBI6$KU@zr#9!6HU}BytwF_!hK}--7<$EthK_*?H_8)Z<%$#Yn~|69U_r);4Lc4L zRGet&7`Sj_qL}@P6Ac{$7v_H$t34@#iWBoKL9#6iGS&w_h-kx(0|gZ)w%`8eqZAb# zH%186LQBV4U+7j1|S9S8<}DW8lL2oLFzejspc1CmQ+-gMkY-Cen+71sN;K z{}%OQIb&ISWNg@RprGPJL&v~{8x!eMLI0ppJw>^M+RaXyk(PmxLp=02}jfr#w3(C8LiW3bT0~c;gq#7*9C>p3Z(az9HJI}Q|7oM`A6xNu`4eK}ZAo)R|%6(<@x1}@x~NKXwGWUSb*<3K^hiH44W z3pXax(}D#VD>m#nP*8EAp=02}jfwR1U_r);4Lc4LRGg3Gug4rzoM`A6xNu`4{YJ39 zI_hrNaiE~$L_^2Gg&PxT4;Eys*s$Y3LB)xNj)4m|Cemwy1sN+g>^M+RaiXDP;KGfG z^x9xS#)=I)4ir?JXy_QYaAP7p?st)~qP#O^vf@NT$H0Xf6X{*Sf{f|8TY8IYGBQ@o zmstR})xd=t6X~15f{Ya#b{r_EIML9t zek69@h8+hAD&~lO(-(sU87nsII8ab=qM>8p!i|aarC>qEiVZss6jYpO=oq+gVPBe53T(~ijz7j0RSg~P8@z7myqM>8p!i|aK4tqgH@vNodL_^2Gg&Py; z&B225e?+ZV&REJ@BBSC&L&v~{8x!fR!GiMnpyEVB$H0Xf6X^@Vf{Ya#c9h==Do!+X z3|zP|kzO5?*T*iXIML8i{;$Z7<&33#GBPSoG;|D^M+RF_AtPEXY`~p?HC%;zUEoz=azV z=|jPSj1}c|LB)xNj)4m|CerJJ1?5+QiW3bT0~c;gtS<;Q>^M+RaiXE4xVNY{(auHih=C7WxG|9&+4D1^&jt%JR&40s3I;CR zm`L9a7L=C;6(<_z?*-|N!Geqx-NWF(g&Py;o56yN6&rROD5yBm&@ph~#zeY<1sN+g z>^M+RaiXDP;KGfG^sQh)#)=t}yM8>jYQv5L1r_~!u@43=+?Yt;4;Eys*s$Y3LB)xN zj)D2#MI--x{C!z;lU^Py$e63Vm&ij#LB)xN{_n-Qap_C{cdQx9l$q?m1sQ9O4c)Ng zKtaWchK_*?Hzv~af(02XHtaZ1FpWI@s?L!y&0%t=F34E1p*Z>~PBe53T$s;`sY=fe z7G$j0u;W0%j44R}PpleCiKWJJ#Sq!$JYGUhGMC1XLxiVZtTyzE_LIlcTH7ue})o?aL%$XKyq$AN-%2{!CF zP*8EAVbySSkm4q0aU&BiUe{QPXP*@(8sq~G;|DH zxG|AF8Z5|IQ9d18QgNc8V_?2DNF`X1v7&!97`Sj_B7H3=s5sHkF|d9n*s$Y3LB)Jd zj4C}hSdg(|!;S;}hq3a&g&Py;N5O*Por#JQ<=auM;zUEoz=azV={v!Kj1?Pp94MGi z3euB<1sN+g>^M+2U4aWXCeo*a{tPv6;l@OApSvJq#<7|HtLXn9MW?ZJXUD*W8x!d%!Getb z{9xe1jfwOt!GeqxWeX}!G;|DHxG|9)M`1j^&bT8;|8F!FOaDQX3|zP|k$xB~$XKyq z$AN;16Ac{$)8lmdZm=L@#fJTnEO8ia*m0ns;zUEoz=azV>21M+j1?Pp94M$b(amMi+mpeKi4?z38*fhr z87nsII8ab=qM^gD+s50#!TdezM*rzif5VOg1r;Y6ItDJ> zm`F>oAY;Xb9VPC`O5A|fSk73AYhA^OhK_*?Hzv}ri(V{Rg9RBYHtaZ1F#j@0e-$jq zSg~Qpfr5$?4IKj)Zmcudu;V~M#fgTFfeSY#lGA2E#)|C`xrN`b<3K^hiH45iIeNv3 zhT<~@|7T>!a>i2PnNy9WeAv1;(aRoM?|*D@>%f1q(7(Ot+-z3KnFn*igLeRB@uAqj==5IMLAm zOzn{G<5$E0IVq2o_|N7hHCmK4+$AXFz z4IKl;?PSG?_PD!@JB1oc@nUbqiH44W3pXax9+Z~^6(<@x1}@x~58@a||1>JChJX_d z>8bxxY$3+C|HUXRqEG#NR7d)Bkg?%FMZ>_2^qC-I!-0y1fg9v}P|+}u-WFtRI8f0ru)QxhP|+}OBmHrZvEe{P z!@!Mn1{oU;R5T3SNbe6a(r^7-MA$GsX;Zgg>p^`+aAKRm@ywv$u=(Si3e45W0fAY;RUiiUw3 z=_|qYQ_;_Y6$efXOyu|#h9~UsdkjzLxUoDj*ig`LAw4Nrap1(jM1FFxqoU)+@|0jh zK|?lS^?|+LFmNNiC)iNYaI2P{sxCGhsAw3tk)9T0Y&cNSFmNM1J;>N_prT>mMp}Z5 z4F@V325zKh1Q{C+R5T3SNY4y1HXNvE7`Tz16=ZBUkX{k9k+I=Gb)jt-xRK26_(qi8 zm{`6UWNg?`P|?tF;YPZH1uHfjC^*qDaA6{SE67-}<3PoUj)5B!%eRA!4Lb_Pb8OLb zgAMf&InQ?-D5yAb|Bbo&UXZcjKt;pAjr9E>W5a=phJhO?e$(^`85<7xozr;c6%5=+ zKL|259H?j*xRHJsWNbK4(J*i${V2%TaG;`L;70m!kg?%FMZ>_2^phZC!-0y1fg9bMZy04hz@kzC^NWzBKlFV;=+xA?Z+Zq*sQ$#G{|U=q^6b> zePpcIP*Bm(e-`U)PZVL`!u{l65hZ;bkEAF)MFBFVNA~o+U_r);4Lc4LRGerSxNu`4 z8F2X*fW5tdG1r;Yc25w9w2iJxj z2MQ`qG;|DHxG|9&YYQ?4E+j|dj^lAmVj?;IGFBWYs5sFuk)9MR$XKyq$AN;16Ac{$ z7beo2PSSuNwUuuWUM$b?b_8et)^tdjspc1CmL?d zN1nMFxNu`PCHDhcv>RVV$M|5dxda_f;)0434IL{s>`1SUr;#h_SCQjN*pXfutVq8d z1?jLJ(pyBRzaMneKMNiEG-xDGIBv|2hXJYgQ z^vs|>C+MgzkoQ6n(u;x>73sy2sOU(mJXCa~m&ikX@YwQ~Nh19q=4wI4iVf-Is-c?1 zjn>q_@jMMMrvvB$9(>MS7ka z@=%f9Es2U$B~g*yBZ-RSAY75&D-Rv%4}%pI9qEtcp`s(bPZAyJk0sHOPP{)@QPGh; zAc>CjC&7w}^rxZ+kF(-KN>R~~{!AV!I#QE|ijMSQd8kMq5uraKr&>q)Sg@j^BYj*F z9qALnii(c(NqMN~NL?N(`Xl<321!fX_(`QFq(7I3igZb$q9gqU{!$*&Uy0C> z{yJDu(UHC`4;3Bh8}d-mk-jMp=?*H=w?s(a79o8{g!KQ>b>DGLl>OSk2gME;dqFT_ zuLKKrjpb1k)F`MZBEe;Wl@?(^u#OFb1qTp}*ak!lAUYIf0ntH0BUr|Uv5!3}>ev?* zc<*bjYtHd}p3i&!xXyg%ceg2-WV4IUZzf6zA5lfvzhfW5N7#QL{sa+rGqw;_guTv0 z3E?B`zd(eKs3PpYu@B)R?0-OnAIEy^+kkxtA5lfv8?g`JBdQ4ePoS9(sd$v$ge`=9 zvxyP{|KnxmEgD;hYP^L^J*keJ2eLJ=gRfJtMQ9}3#dmOe9)p!eU z9rm5rho~a#yG)c2KB9`S@5VlakEkMSyxEix_B|$igpIe#Qv7~70s9bDggp^N*psk@ zu<=Iazi-|({15Qf5eFE~1RqBMTW%Z+Ok)q>BdUl9(H!raXnvBbAOb`c5h7}c2w_h$ z;UHXuhwu>rB1A+8`(6_c!bNxp9}yrzM1-&>n{W^=!bA9o01+YVDJC3*i|`OWB0|{r znQ#y;!bA9o01+Z0gk3V>AY6op@DTwbL_`SteiIJDMR*7w5g9 zLR1g|B1F^>%?SHV6Aq$;C?hdQ5h5al zJ>GPZih!7DW zY`k0?gp2UwONOW-YKRD7zipz3C?Q;ghiF1n5CI}Y)DX=G`yCSwqJ$_TJcN&^AgYKE zm%AzcCSfryBO=6a*j#MY-Zo+5E4T>1dJ8`^TV?!8s0raCDu@6PB5H^T(TpgrGT|Uf z2p18?vBnHlT#YKCgm4jMgokKC_=pN3KvWSSqK1eN%?SHd6F$Oz){I=i5rs?5Ry97h z__5H&=IaM9OCHy2?e{J4s*ULr&@B0y9TmB-BcjEgUDJVc0Jft4_a zizp);L>P~ZaIqE#5xk4#K5e#qM7Rirhs-_~;l*2V^%+#LlU6A{Ax%7pu^2_F%BXCg#I2>W{z4#NMzM2PTyG!Y@}pG`Oj7vcYo_{E&W z01+Z0g#D`t2jL<-gpUXiAtFN9znO3lF2Y0jhyW2HB82_B2?yaKJcN%35FsK$*!U9F zLAVGH;lF7X8N6j8L_`StZ4(Y6eAk4##)OB6;;r}0mi;~o2pebI#ku$9nD7w+B1A;- zz9-F={gep@5yV@b*$U^OFds3=Tz%(W+yV#>;Uj{0-+dq=L_`R?WWqtX2oDh;LPUh{ zr-FzG;XRCfhyW2Hyy@772oT{Cvz7>9FE!yJJcN%35FsK$xX+sK5I!P6gop@XFEimF zT!e@45dk7ZLfcnBX6AVNfhu%9>KAY6op@DTwbL_`SNH{l>$gop4E0U|_1 z2z$8+2jL<-gpUXiAtFN9FPQKUJ|aMbhzMc7Xu?6b2oK>S0z`<25cUca4#Guv2pV_uwCp!gop^yjPR$K2oP0-JKcnbXhPVJns5*$M2LtG%?N*ni2zYWxQ}5U z!k!5tLPUgUM);4L2oP0-TQ=b#nh^FZ6Aq$;2oVvY8R5@15g@7vca8}U(S)#ZN*qK9 z5#rZ{HAEE08)nN1On7m4riqUT5Fx^S&{XX>9xz)j!bgNLr-FzOVVA(TG3ee8B0_{4 zR}mq?jtlWUbRUQarywSS*z&Q@$CisNH{OS;8#h7t7@&-2T@#{)XhxJ5U>~A}XhxJ5 zVjrT0XhxKu#y&(1(TpfRgMEk^q8U+Mgnft_q8U+c!ahU|(TpfB#y&(1(TphL(bt41 ze{ard1yMs3*P19JDu^1Q_yhJKDu^1Q_#^fqDhPX?2?yaKnh*h^itryZrzFHygs|tE zC?PyV6Cy+tA6r38L^Hx!V4{SuXQByiiy*!?@VVGUH!toBhA2b`7xd?1AHqf02>)p_ zRDcK(%?Rfi6D5TImuXT#1c)$>C(Krau-`V}Ai~>CxcJe{oq+-(eAI-GkK$!~6!#EK z@!!KCoZC#nMR*7wVLyZ|L>LF|Q~zNTF6d$_MA!)5#TLRv`1oltMELmWu7)|>56zbS zrimiLL6i_~(L@Ey4dWj-5%!a2Ulm(T2tVG3c4cgNhzLj7jPPffaInt-Ys<~KvR}Yi zLwJY^B1AMJe4H>J-+%{*5D_8V=S{&zG~r{nkF9Vy_Pt=jMfiviVZVrd2p0U|^+BZ`YmxCjqXK~xbD!frBALX;6cB0$s-%?M|) z2^Z0Xs31Z_geWdCQ9^i#Dx!w4mzpRe0z@;yebz(;5g|&;O!$Zz!gmoB0w}F+?PyL5D}vE zvI!qiLpT)^O^6Ut!|$!a*AaJ{h!8#)p-@?8B0y9TA;QL04baYAg?I(~5Fx^ki9)y< zQ88i1TXEx8L4=Qee!LG`_9G@jyt-?M2+@oPrh=>p_9#vla(83GbLzLnlmgk!-dw~fbTP`9*)t&<) z!r3N#MEI782oc1G6+ame?#I~ojhV>7TZg^Yu!wLFC4`HxYbJ^a2T?+}2>*K%6-0oj zB0_}!jfn~(KvWT7yzg)9LsStpMDZUJ4x)r8BZ}*>4^cvt5fwy$s3L0dJ~R#xRYVQp ze`2D72oNE{Midba!bSKWo2VcHM2PS|$38@W2oW}-h;R@t!vD-f1rZ>^n0K2;Re-1> zYKY=^6Aq$;C?ksZU>~A{C?hI}08vHM;(cfwAgYKO!v7ZYA_7E+un|RsgK!Z(E>8s! zAi|jUVLU_?Q9~3}QASh{0iuei#rx1WKvWSmgdbsEM1TkpHlm1d z5H7<1$wUPaAi|g~#zRyQHAHcm2?tR^lo7@0*oP<~%7_XgKvWU6cpn-Eh$^CnuzxqR z6%h`?Mfks&s2~DFh_DewgoAKnI%WU|Q9_gv6-0ojB5Luz3D}3IB5H`@L=z68geW75 zC^(1`qKvTd>M0@|gd4w@zB5}DM1TkpHlm1d5N^z=7!OfGlo1s~fT$vB@xBMJ4^c(b z5XA>gIEWIWj3}buAWDcb!u|#GA{>N^@P9T@K?H~pVIztN2jRwi6yqUEh%%yr2oP07 zE#5Z+`w&$`4N=6GfDWRBC?kp}IEWIWjPU<3vsDlQB1G7TBEmtq2p<=|f(Q^{Ok9)z zQAO0^Yc$DhIfxRXj40lVeTWjGjHn<2L={ns_n~oss3K|z{|C&A2oNE{Midba!bSLa z?p6>1B19C&ngJX{2~kE=5CNi!sKxtk$38?AQ9~4qCLBZwQAQL|a1bR#8DW2ki4YFL zMfhKss2~DFh_DewgoAKn-ih%LB}5rfK?H~@q89JF3;PgNL=92I!_q;N5asyUiGqVD zA<76FZz4s6gK!c4*Cr~601+Z=L=oX2+?bOw9-@ROBPxghQAO0^eN(UxQAN}cMLaAW zLN^@P9N>K?H~pVIztN2jL_e0gWkdxLAgYKOqWG{02T?+l5fwy$s3K~J z;v*&;L6Aq$;C?hI1=0H>t zHADr408vHM5XFrq97G9GMpO_1qKc>?iWtB_ln`Zv|EVcd5CI}Y*oY#+LAWt*MPEb- zQASj7kpn~(QH!tnZDz|sln`Y^1rZ>sh+4c40|baFq85+$wwbLt{uve@8%qc`j*n2l z572h}^FF>HE?>=`B;L>bY92oNEn8Bu)9gp2SH6+{&gA?%qZN{BMT zM+Ar(q8Z^lZlVcML4=56*@TCvBJ5cv%7_5bjBsb0s30OlX^sgWQA0RSm}o+Th~ium z9-@k{pEOZM1c+vY`;>_aB0`ir6F#DbaORn4LWGFod=nm`im(@$C?f(yGs0bHqJoGJ zrKe5!2>S_K4@5Y}gdfN2=I4qEB0y9TA)_fQt!oWv_@mB|L zU?0LqgzuQBAtFRG!g<$33E?4{5CNi!h!D+)@KzHJew-^J?Dz+}Kg~WD5k6(Y_DuNL zauNPt<{VTI0iucs5j8}FXhzt7nI| zG!ZT^VJ|e{W6MQEaUs4LW@8`1#}%v~0z?%NA(|1+TP8{f57C4O5Y>1K50na`iU@Hj z?0F`9Y`O83F;iOR|IQ!b?zCOD&#*%MP|F!n#&+G{VI%4dJmBi#4UIq((5FxR@ZrOT z8~Whz`o8_lb_Lsoh60)eakKi-4UGm>U_gCip#jZ8Xi&r8!DhRL?IA<@7R+`OZ;u>G zHOK1PZ&X9P276~T96YRUkZD;2%f6{j+$=Uei_w1-%)!UKMl@W5d7A&L!HD|Ce)VSDfu>n}_3T~#HF%vl?09bx zdx!VsnRfo&WQaM9qmu=c{=1?J;{JDKy8`>`!&ik*z)qUdwZThbQu3JA; z&8;@LZ)3x#`aVN(CH((tX|CGPzPK!vf0sto5AJXF1^?csJFxnH_SKK+^FL=L{CCBi z$q|M6x`zG@b!MO%O8xuc#nP_Mi}*P7#v>;xNluueF2x;-qq-ehM~Coi`X`& zVQ76FN)9-}+{yJ&3Bpx1JBGzw-MIemJ!Q2i)YlK!?dJWfn|3wD{RWO~>^JOc+`&FP zyuNN!|KY=i7+2!DS#Tp>2SHLDGGc&XH7SxIST}IUFs#2815XAWIoxj~u12#q4>#NP zZf1A?x`Av|lsJSVab=}gjl)L{t>fM3Vuv{i!v{AEiSLIpb_{M9(HK9PJZQ)u4%`G3 z^!)K-BoC?zgo?u+^k9$9}%<5@%d)sHqKR9HQ|Z)0E6=hQKc z^|{9Q6#Sq4-Rg%9XdGyoSGl`;kv#5G@GW+bd@zG(S|Ff^iegDBb%xUI~oL)bo zZg@jMk7DOv)%bk$!-`7W`|l(8&*(Z|)EC(lnQW4|BKe4%t54>+5<9A337& ze~cEE{_oO~>mU68oBZ!>P*tP<)8CxXc=dSG|JVO* zVz%3CYFTBspVh)_Zzn$?r)5v>C@+*xlAGjnCpptGt6bNE~lkK1e=5K1I&RJ>_HMVRBX;D|e9}l5_Gxxu?8Z&dZ<6 z1LbvcK~9+qg!PV=_m^$?B)KSGC_D0Cxg_5ryYf`IEYFiYxgs~opUS@chg^|co3&!S zfxM4gm5-N0`2x8nH^`A}%gyqAvNfI8|4DgEd8M3^KazKqf0fhn)-Ac-1LVErjC_oI zjC`J)mHW$G1=+qWmU$~q; zNOm;;e`Iep>wV?mX?nEm%j4yg#+xl?G~P?H_d5H3Di*PSbRnET4`opsIHvP0*_=tW(4&S7|mIL`8Ij8Y<*h<&;J+?ng&Q|HO+P+2TJ=UbBj2U=-gj(YlHFh0#K-qkQva1+AqRiZA0+Kn|4Fu6Y#aCA%$zH% zCu`Ad6K_HvB}Xmkob0UQ_*W)%wZAp-=4|iEh2PkIk(|**OuUF%yS`a1pTCZ*?<(6F z`f%CrM0b;eqv$%>J%S!1r#1dPiPe8j(*JO_e_8g9q(j)8!%+AC&#LFQVts>b9ZGLy zo{d<)zYo1TY}#aX{~fA&W`EX?OWcY+TXwdld&#LC=>D?33q4W}ccO1i+V4)^D`(o# zGm`#k`e`}68@(!Nzc>9MY>waB<>~nT{sA_}lhg5-+bDKkHp9fnpWlN050LE?eT?k> z&HLpnIV0!gQ0u=cY2TUsua{GM&=X~APkNRd?L{w_!yWnlwMzE)wc_J>Th2Xkcw z_HlaO6ptr0n?6mpI==hq9&+w_`UW|FGd)|j2GZtjDPFHTn*K`; z3iRPSX#BzS<+3}R9tWHI%dYVKj05Yvh!CzwF6Puvwq~8`t+1Z0`Sp?)P8h^r=hZ`)B8!v>sirljOpKoNq8}`iJ_w zH9@Y)Ps8Rl*5z1!zIsFbgDctpAGMFvewUp&pZ6H+hsaR_eVUwJNnas{i|E^BdpZ4B zQeQ}~kgX+jO^(#R)h=d!JRf!a_Jz&y**ZU2*^w`S&HbIz_`~Ib);AV5<7Hpr`F=$G zUG-lgd-8j-FGsK$KXcf5@%3oAE1g=jW$eA>;6eJNr2YuqM=r=?wOe^^e-OXQUNuAH0A_P-`>qFe9I z`SbFAazX7+O{{uv*`34wV`N+P`{YQTC+8Ql{VLgcivBvO&!bzkHS00gJN+=P_l~f+ ze*#_4{b2JM!G2+Jd_J?VIkC2mw}%|w%khRLo$ylLyNAw^_dtHuqQlHr`(o zR8Ix0mu34^`Z+oG2K`3j=Q_pf`9cm}XZ?5CQU9&>H1nD74ASkdjoa@HoBP*#nfLF} zusMHDJHB6>0h{aPXg%HK)N%XA{YT37E_6xuccm96{Z;=U@gA&OX^wBTr}vRv)w?9t zd_!eVo+$hBGjetVkNcxjwdD|NWBoJF)*QvMb*& zr}kofNm6f3zbog{^dE9&D|)*QW9gJGPXi+KN@AX~fg^Z2=mccb&LdEVH1 z9*mZ6k|(Nt_z>GqPdtsDpZGEQg~YSyw-V2#KTkZ5{w49#^d|do{o!JId)S=s!g}5> zofCgR_mOS+j->tx>rcsKq z{DnGy2g2t5@OrR)7umj;9w0ki=^JGK9C{*bUSHYne7~I~_tfY06>6V4kL^E&&HRpD zzkkYpp0DR!4&r*!I=-XiT#o%OgiZhSShl}P4#&`U%XU}3zTBk!y{tb2o9k^^e7{)( zo8!;F$ML_B3-&?r_1WTJ)~%c9gJk~-x|?jPK0IlEGwYLOSM8hRg6dx+?QdcGtqkQBzt{XUnu9s(C;Vh<-g_ZHLUM@DCZC4u5vhv^?vX+=JoeE z&*ycjX9lo7MRs*O3*^GBtiPSKzm5Jwj^v#W{)wEvf!?em=L_Wnfaz`n$3-knNjfOXqWS z(qEq+KUO_g&-VW$?T64iXSm+9x$(_yYaK2-Bk3-(`xiY}w*RIlB<=s97s~nd^m}q{ z1N|3lu6KSpulJ6fIDhIV){l}iKhhV=zUo)Y`H1!VWcvqtQPTcT`gPg+nf@WE|4MIi zIOq5FIxs%|{p9o!^f_{>J#D_`;Pby7{ji)pfqqTSA4fOKK?i!DBiKKirZ1Kw%{Nv~ zY5aL|;as-=BdMQ9pME6Ai{!gxJIDHaa_W3~&!gDhmWRpd3s_$&2lD2f*}l-7^VDA zIgnqK^SWPulMC{0r*eE-K0|ioVX`aVCwuZMa7%ojc1?Ufc07$vx8l#I17+)Z)}Kl0 zm(g3C&h}O>`a;>&cyp5aD%RJ_{(Sn}|7d=VKTA$)JnIaNzkuy8mfi966LMbT|0(-g zf7dhF-`4o|%UP}eyTqFBm@aJZYrOGtdNt<@<*e4z=`6L^_;<;9jrWCYtNn3jvwf)b z-y_=^{{uPSn&%{^&_L zBd<{V-0mFz8`Y0deZ8EOcj&?Opo|g-% ze*l~FpB~E3Q$MSo?#KR{T*&nl2GG07VI6%qjQ-cKe-AmY@vc?-jJ}VWBYS0jep(~@ z^XQfraXv4gkCVe`^pn0@4%nw$$z8}bi$LMV?=6IQz^s#cZh#n=o<_9tK_hj#B zx+Vv!>2yzx_d0!%>@KA5O8hvzTuv{b|B!R<)0s;+Uj8F`sGR+Po+;-(q(6~E9nW@` zvcEN(^{kwmOOKQb9{srN&Y{=H;gj?>y*OSlgFX>9*VonSvtISI&i`cDeVgr9!{+sq z?ZuzJH@S@C<#ate%7r)B{t6iFpJe+fu=)9A*WZ`K*W(#EEx#upApb3Ap??&-YVQw-&R$Eb&VE%cTEAdXLLFUV0pTUg8P#t+IOuy+n>C(Z9&y zc>16|9M8Rvu9JO@|9~86{5Ry_9=30pXaDRY^jV3E^o=mCpI(o1Rrl2XD>*Zj?RV~L z+MDNH7d?-%usMI}hgdg%;2YO-sy`z4lvk;}d-MVE_4`$}j-cCL!SM=5(cR_T3G|Ig zJx4E)-Bal=WGhQ=TgUO7L+E4V?4fjjIj{LA$bsg6Nlt0LzvOf`_CKbS`pJ>` zqOOHySyPhsSJSKHj6?q_7w)9n58(LG-E?=^noQp)=jYH1Wcva73pps!+YaP--mUa8 za{e~DzZ_`(336^c>o3Wc=KD(yXR>}|1IN$!bZj*uz5citsa4g&izT}Ua{!8Vw{Jk8k=Xg6@#qkS&)5pVRytKxv+S&{n)<6 z2-ClfdH*_zpAR~~X1;>v%fe=S=MJ`SP<^!Ox68IXA2#EabpL#&{{A@j-?EY8rJtk^ zltZ~YZ00X&ysK1?7PI|S)g9HFW$ zvi%s{atz0_>*%B9{6KnuTu}e} zkseZof&0+hSHvqj$W)jAvd?Uh?-Au(^=}-EV_rOZ}(FsV?mQTvFF~ zU&yZ7x4MzzrMk2Iaj=;$(0l_`cg-(WasQT7k5pf!dPeo1fi1bj-PJN{#|7M9riEC z-a2}+Y-_&fgVkrRktr@eS@68jBYcQ>&y10_mw^Ki&-51F>sqc7+&N&g!C0F3kbF<;;F zRnLFR`irnRe`)=G@jbb$^ZB#dr#@r*&2Q)WTzRj=n(ws4pR@hNa!TtPl+@*0Wv7AP zKe=)!zbI!1vHlfojwh?nJAbR59?1IcMXt}5GqT^F_3mKS^8Y^(mE zZ0*PTUrAkmzp&dl&hH$^`U!HdH{DCN&%3-n_o$vbf$blcvzyQ_%E6}ew{m79 z&-Z3`nDNZ@%;~^Jh1w50axD=+k9y7y5F!(2*VvoB8uPp2>1SZjx>JUD?$Gw8(H7> zZqA<`Mt7D|ny-7}k*tr9{j2Fo@HXc9PUihJTlKu=TPkO+W&2m+xp%R_6Tc`}93voQRv){unuX7u`$tZ>4XRojd4ha$4=5m-FLU|42?1>CNupd^xq> zM-J~{{S4R~f2hBA?4x?&PS%IZzFd^uiL5`I)F;pjVRO8;j`t_6N!C z7}mSN=6q!z;r&vtx;29J(Q;b-$IE%u%d#)OAiLMHe-$?8&)4yPr@C_;>zhy1`4~v= zA!m9W7QenuNSvXslnXuR8M42ae?R<+oL2iNsdr`jy(j5>TtHtYXEok^vaNa``xmkO zdO6*R-tAtFm+nj-FZ-v{{S$Yg@04w|e=+fKthbn~@#K@`=uFn@WakWxCueoM3*}J# z-<9)P&p)yy?>&X{xuEZzQo&Y${$K2^><&-=GQwti!MQc{1NULdD+{@zdg0qdJi<@lEQ z!zetK_mvBi=rd*KQMT_Zrw{EIx4$E)zsUNNa`-Y`mHl39zv%;d zSuZB--=yct;d>fij@HndKFIMM`7k*nUn1vqzQ)Meko_N$b1q$x?Tz&JN&Tx#eEd5< zq~m#lK2G)?VEfDD!jtq3a7*+2Jcz%qe_VBY4C|}qutfhP`w!EtALe|~BXlR(dWgPI zPL;WyF|wzBFX75g2VRd?<=k}k|5^^7ptpa7^QE-@)8)c!)`uik`v+xj2J0`#(JcB$ z+3rYpa5;WX&*Q9|TFU!xfE+f_cgvY2bXj)g6>@GW$NxI%-;3v?)ilm$^`VcHGgr`k zWTzkP$m!AaGTAqO$k@WNtncK^6neMm96x^?-BtEapl^}Gljvnh`wQrGNqhO|M>(E* z9_u4yD@V_h^WEqlWM4jb2Kzhbus%pmUr0Y9`!>Bgsoz4cm$SFgogU+Ox!dVJviksi zr))h;FOxGa{j;2%PVYHW$Cu;v>?Rk^phwGgH+ptbKb!tYPF+NA_c+H(UrcwC!}IAz z+3i73ldbOb+p;fjkkgy<^>TQbYP{bbvsCnoil^hbXPfT{_q&%kCC%W=vlHoon9k{@@8{6Udm6vn23jLn!sr}|paXfnx>qpClv2;J#a_C92 zdpG@p?A%HJEZgJgw5Rd=)7@n2X?nDrmuJe(eAeHRBiWj#@jTWKk^Q-JPdWW0Jyy2n z(DUWI9Li3a^;Yvaek30!XCGs|zwFBQ%7vM%uaNW4(#>-21vda^bK;> zr{~MgI6i+qN&4SOw_3>YvIp_~BO^O*)98(EP&-;X1ZTSN^EpLuDel#faN{ixhiZnK*G2g>`(`3(O(=<#q1%d+}#eZA$NH$7U;==*>NWnbTKJ})~D z@cg_7Z)3(gkLz70XV0Z~ewFo-d^~LCck{eoE|m*?b^pjw9X(kN_T~DXkkk9q6*+$Z z{Vm+uvMT!h$)>MyzWnB_x0T(^=p$j%K2ZC!RnMA#2#M3wC`Ws+{hhMkj-DnLR9^(Q zG94@Y`}{yo%gu6D-uHF3&&#LDwp<6Bg*Y4d`WPc;d-42FhFhE8Z|V2bPs44@_t*OG zi&SB=9#`Y7mwkEvH&_qluCnzC*MF^?mZ!sJ{EEhZR`smvAH!z7-eEjHf5<6)-_kl@ zJ%2UVf2bUdrn|%Dc-+qX`-VZXqu-C+mDJ@qvM0YH`|@{kAaC*}=eO#)zIJjnjPoBS z=dYrB%V8sZkDMMs&zB25=`~4zegE_$Y|hus`tL35@D_cGe3*Qze3pEh+z&SAGdi5( zkAuzi%($>@|F&;){M10!PmrB9JU;{E{BqWBk|X)S zqRr-AM%dsopn$yOu%gq$5pzbgl_^)APE zhp~RBoYV8Chn(rpqY0Ml(g@}x+fQ&<9MrNUq63+m$W~G=OeX-^XCS!{~>ZT ziasAU_j^^(pW!f`AK&x!H%{%-ec1j1Ih;c;lJkA(S7fJ-{!mW!qkokP_4JPKX?^{8 z{~Rnkdi|a#=MQE35pr}8JxjI@rawun_B&L0JigB75ilOCZFzpqm$N(3Bh)@r`$?*2 zG916Gy0wbuXQk@Vw(K9txvlA~-{<^kwLbvH^U3G+I~6wPKhX2@df2>P$LjSrOYI|F z&*$X4eqO64ZpHaF{ea_#V>tdkva>Vm-DFqqM_0jSzCh2@ajF+? zllFJB-tj}uAIWuc`g+!Hmc4uEX|g+>eo?k;`e!*e`q23OaLVqS-&^2`42^4zGZT1bJo`;_08zEpK|=1e6}35WPMEHkLkzZmS*5D z`R^Y;O!|Mt`qm-G%YQ~6CI_nblG7pUx5?R0>8Iq>m-L#Xzq~!td;XW(QUrq_}*`HMz-rX-o909{dOCfUoO0>ma`rNMvYZ(~&r9li(C@(J{Vl8K@h`Bs zAFLMqyw~a*&R5X&Js8I49kuVGdgdu!&%B&%;P`jQRzG?HjQdURukWayevkF9llFRj zZ(8I0!D7}AkW)+PoNRAFkCww{=u%Q&NI#v_d(&^r1>HYu<){Pe+kVUWb9>UA zS2^fG4@jJ*Z`- zIsHAycjdEWU%pBX<@;dsdov~5Tu#eXIV=Ap=jF|R;CgJiqwLB(WnaEY4&~{x^*ZN&K~Brx!ua`2e_#AJ zY|dXem9Ll7kF+&`K2)~n(wE4YPwA`W^t1F#+1ZNMW2GE6vA$N$yY!YnalXtG^dWL# z3VoWKe~un1r(d8SN%}uZFO_q89)Bd;9_xS0&OACD>G&U_kCqFM&=<(LH|eY3mgeW@ zefjqh_ra~q`(ID}`(Qb%^Zjwse>l%ao1ZyfVHtgt>^)1L2e-DYnx01k<&>U(x2kp?^D|3z=PK6UN!rUB zWp^~|hyTv;qv7-*Ion9jhTE8*zmo4uRCiV1;t%$BMzZ}0uxTHveZA^wjql3dD7IfC zXSANwpByi^n)NPnr17tT&GH3@{J3421ta z$NPa>rSVfLUSE-(M;EGIh*%#Co9AC%&%3*1Tb?Dm^2@R>e=CRbb}cxb^#~AI zJUJ_0CFkXPVRQWHfX6=vHtWym`LI%M*71BKTYvER{inR8yxk`3pH=@(usJ_Y$Mej} zE$cMZQ)*uaWBxUqf3)g3^>@_Yy_Ef3wRiR3FJB~EtJr_F+IwyJdi+4n?@rfbryboa zr}v<@*p%xH)P5(~-;MPSa;iOjxa_F^DRNfxpO>`Pc$X#Z)qikO*LtpnH#O&f2LJb; zCc){+CR&`2mee??a2BTn`?aeAlcoC^>gLi z&h#+ZZc9&+GkeerDo$9%8&~b3fMdkY`q>omi>$Q`dXK?FS7rhTXOz_e1`1Z$oe2TWz%=b_A>e@+5eJ$C#kdgrY)-{#aF|Ng62HBCv!DhX-=6hUrfqU^QYx~VRL-0j^`}Z!;jeh z%ETYiMcLN)kIVUqtgn>)JLxZF?-qJv;s@y6TATUt`Tlsm{~iaM2fgjHe!1-3L*Fc? zZ>ArV3%XyQNj#4A50my2=#6r&M7KASVZO}0^vSYwH{A<1=f~6exkmQoDQa&oW&5Y) z;5B-UoYCujy_{0L?Y5l1uuAjGc{vZ8`2)>2TJ_YB?c(>t8FHqMt|Y#K{zVQ3(7UHN zpWB^2De*=0m2z|$JyFhINk1c7gXm9Xzc;=0b~>J3^dYi;F?}wK_v<_Oe$=3PUi~M^ zS*>qDQon%x-%sl2(|^F`{G|2#*m-;U0J*cAk-N*s$OYJ3|I|Q^H&%9DZWEv1vYf5Z ztK>*tE4#0--p2e7XySfOAI$r?GmQKB3)U}|^Ka2()ZRLT?Wd`p`kwVSEpq^|x`le*UPJZ$dAP_Nhblln^b|5Ct<|K789A%*FHd|V z>$YrZzOtOpvL49c$#k<^kkfl`zVIa0yU3~C=pk}uXSyVN9qAY3;7a<(#QW2`wBz`> zw)AmwVQV@s`>p7^67NILlhdu~_hdUoZ`z*Y7e>(?<=gNWbwq%OZBXEndI56AcBvHd}^yFJ%?fn3;yZj`OvX;;p+reBg%x6)tAPDi@szB(S& z_mMLh*3V9?`XJfv#QNQ`rThI!IsGH=|JUW{C;A6D^#k2{KhB?1y^~zfco)d7#v7j0 ze`o)xa^_e1MLAIYdpV`^*=m2zXUPZ48M&LBdWz?NNMet^H)%hgepa>?(w`;1P3QLj z&X7W!1VAlJ#R+TS7Dsy`w7$FTn!a!&KDP3rPC z2XlV+T(&<1#^>cv_<8ws)%_v7UcKc)Z?1lF)6Q0jya$z~^pCtWXpf@J{EwJW=Q;XP+1f~tNZPNUCnW7x(oe~0jbD+&ms$T>wqBuIcI5fV>G=18&H2gy z#riRF_!`|qw%(u%a{3?o_N4wM{b*8ui+)}X*VAi~`aAS5a`s)iO@{07bUpTwqcyCb zET^jUrLw<@Zj{5-^my2Of8+M!_gjy{=Kkub<6oinxy^ZfK9W-(u>U$a^C7)+C$2C1 zH+`5Kg>+Xr^*KFIwsib&Z`|JIJ|v>67HlWcpG$J%t`6 zTldiuMQEB-isOY}S+4_^+rQ zY+(IsId8H5R>!e@LG3#x*7ZIEHtX~M;PazS&db-y;g%f#0lBar$6qF=>gYiB2eJKE zNqc?2@t5qJ$@V)O&-v3`=mTWu8}>gDHs5FXhw}Tip0N2mwX6AuyJp$eb!uNoKCi&I zUI+5?&{EY?$8!AlkB1?UrG{txo2Asa3qc(z4xw^PK>j>uqbiUa+~}LVZ6vLUm8; zxl{cu{r>-9Id|vw@%{O{?3U`kFda^TU6WM?8> zmBXv}{rKjmaQtWueW;wS(ih6PdF($*4&=#6eLm|?Cw2J~*`Cb$R;O~le0Ta#xlrJI zJ>|64bDQkQ3uN~R_J31O&7~tb`y{>XX*#}<9REZ)cQf5r_FtgK%ieT)iR`>Ye=8Se z&^w;a@iTYO$IAH?^Z?l#Lr;>e(e#p}E`Kg(u4a9+|8V?pIDM#`yOus*wzU2mlJ?iJ zUY4`7cs^cD`pZAcd3n1tIA1|NLbm0LWJew&yRs{Laz*y#pX5N^`Ai+3e6k$Lb+R>^ z>o3YF`6)RqSLKY{q6^2*%KOSW`5ZYfkCY4YBeE^8l+*9?{C+R{AJDs;#rf<{=u>5P zU#@?E>>Wr?kevne0@?3Ce=4Uhq}R)-p7g$FbH4ON^trHkKAoi<9}mdr?3~Z`U&w`T*?x;|Tu_1Po4rBdQIoFY{ z$tl%ap2PY5Q&`_ej$qp6{H0L`{wiePuWv?ZDkL;A`1#+|v{XtT1MYlMg^QFGwe0#y> zdieVMaFXiwZfxIM&glL4+N6JL)=RS6o_<>Pb-v$_gPmFbQI0mH+g!l)_@8qL z9eIAvSKZP5IS|J8HTwIcTVS*PKt~GYZpZ!)%8s7bFUUC^|MzlgB-^*>!TAe~^e(bq}+lYWf{HH=6!Vwy&XET*&oAs<)MM{aNpvI8S#^+K;1$$b}o} zTavm>PfhAK)AN)1E%a*H8$j1&w}IaBBCanOL?0;IL+Gw@W*9wG4h!@|xo{g@mYw0W zFGpkP_mcKS`lqC>^R?N zu({tu-R~`X(viGBY<_;R_hSE376d&{8`P{NseCU-y8Qx{3?AlY+i3$Ucl$CBUkj_$CxF%`aJQ1{Mk8d|Dl}M-%I}r zo8!-~;P_i!O8aln?O^kI_VxVeq`LJ2>u0JS{y(nnJl=--@#FZ2P{=5REEBS{9z_eu z5Te8>Eu?QvO7SS(|>*u@`czZ-;g-DU-SFgI}+!P&vf2D ze1}br*RPBZ?$&&T{+H|Lo(~TH-<+8^xqiAUubDVEpT+naaSAu1A9PUvK^!r@BR28V z*u7KzA=qjq&&ZGG@h!$S=i>t$mMCH5wrPBYz2AzT^9dZEl?yzg#}gM)|6=SEmTThl zN%e2TRzc-$uz$Y%7&e%{H+KHj_!n`^eqO=pW6GE2^Aqw$9G#KB%=@SuW51NvHy-8u z;4;|7HL!KD`Zwi$iQF37-Q~xz(?jl;cSU(DHtWfAaB7hJ7Pg<3x90nvyg#2;m17)T zE*Et4c&ys;r8vGqz6M9t<;Hn4--FmmDesAmTJliroAM;=)tBGEp)G%cZTwR{Z=}5F zW7@BcYvQP<@`m}mv3yV7E#=OMbMNo6_4WR4IJsM1`7E3nEw9GLczFkoN6AO?9wwi` z>EUw8j@obF%hhpqgj^3tBjr}uCGUv67nMJQtwr)UoO)S)4abY+wb)%QM>xG%K9tY5 z%70^jfowjm{rfM;7S6Dr8?d!XdGowi%N?*cMedpRWO*RAGx8K1&XV86)>L^D_Ls_E zPgzvss@pV3K=*Dk00qQtq^51ZGEN;r+L zqi=qseq)?vd>b5;RPJD(>!BBpc>WB?_dBaU7RQXAg|m!bh8?b__1NmB@!Jz8@0a-b z=Ns(se&pSYs3C&WFSCUrgUDt^P-ebD!sr;`@Rh=)3d_b7%0J2XcgQ7rYP`Q&ZiS6K@?>o7legpSe);^TG(P*i+z6+t+|hjX?$2vei&y<%daKQouBXc`DYuh%+E)saSGSyt$qvK7T3id_6qCozbs9hJKrY9 zdlxo#YX9dyqul*mPGOIJyTrNYhsX6Y5&L)x4seV!xbm}_-}y%Kx5DYY@&KIrQeJ}X zujRe@{7N0K^Pkgv5xy~T^7_Ez?@6BJ@x6+}FErn7?2up7CpSL%Jc#?BojAFl@Ofqr z9P)T(;0SNS0sT{nbH_V#wf0-3uWZ+n+a%7-pQS%Eac=#9^%vm~@4#7n1{*tcf3Dt7 z^QHJcIGs4Re#&ch?)sR31H278LzEZnuYMLc!0u4xy>T#1UXK0Y@^?6VQLgg5=F5zb z@59-V@=MqmC2z&)(Q<(S8t;vfZ^Xt}*~O`G@^WmAmw(9T6XXgnu%DOY2XNMx$6;@x zyfxpSBo`g1@xjY-V{A{B2P96Oe>-%4T}19aulzgg;mU(FpMmeiet-2x;%px|llQao z0UQpL&B5%iuWV!Q8M!w$IDfBWlk;~FTb#dAp5{w&{_ey!=kJAl{(|Oz3rC#KpK+G+ zX$@h21Ju74`<&0w`JD6lVcwk2Q#i}{ymF}KvpIi{V~hExVw3Z?J)d*_iVxHHko`Bo zHpjDnJ|Cq0E>E1C->Evk2NNgPFV}yA;W_87UyJMUHEiR8FKWH?U7GKS#JRphzLnf0 zKbbhUp2K=qkH|Tr z6X(`53avMC(-^fz=bT$F%lJvy*s1%^KZ%q3O@-Fy`j3xM-y;7kaW0R`D?gh!w_cX@ z>W(*6sKSMHJbO`OX^SNR(_7^wGiU+3LjE-^v< zsIA-xryr1eVZV#~I!^VF4`B0tx#UZl&wNn69lN+MPT?guX1xPAO?)hyO(fhC8aVy@RRGFH~bI)&+?<-p+PM)tlHGe@a>Jj_@vQKd1m#t+06UWr5cKVxI4#@BjP^EtR9j)p0poA*@tOKjtdU(VM%dF&70h0RsU$6yb?k6j#NA6J{N`OGyM|1b_#%TusR zz71#IRer$&jZfj`I9jiKSU!JGUX9)N!egV69E%xxQ*vB>B(Ej|7wcg!0o0a?LbG#t$gUWYc zgYjpvMP7TU=Fc2Z|9*H4Jl0S{p<1~IQPK}j! z=f}^H&s(nf%pc^MiId~Y&$kbdyIqwJ&-Zygyp4VCH%D=b^IiQ-%^%Lv`2Qu&&Hojz zS1*zWo0PB4`xp5zP92jk&1k;NM!6wQe=GOO=auyS_igN1@_*RD%~xnX8^44D#(#w~ z6*a!XO7&CZ|HE+=~ejl3FX@tJ&1zxg{F@86>SOl;Sef5heua>I4%r>e>mu}6LcN0%$Vb-ns# zU3n_@@iA=GQ{Mbt^#dH>ko}y*sRrt|dQW{fCBKG4@>AHpRe9_8)sOJ&INebBe~FX( z=Ry5Eeai>xdsiwSgH!m6#JTG;%k^0yl#k$!iIbl%xn5Q#PJTY-?|=SHZq(HLcWt0w zOP-rJ`T3Uqaq{$a${TJ}ZnxLJXBv(}e%{RDEVehPZ+xMjk7p&$?a#VV^PRu}zWqbx z_D#xX;s_td?#;@Zex$y^^Jx~2IKIbm`Zo0&Z&p9X)3Db_`Onz0*v=gL#V<*nFwQNDe<@(90&gAvN>N6Oui@>*<{Ooap?o;b;(}i=e^2Foarzng1P-5-yX{gx)kppg2YuxZyOo>$<(=4j zUT(EVc|1VgjGcjU!!MObgXFb|bB`zF`@j-kDNkQs_T2evmpD1U19ZQcPVQLBv*gw^ zlZoaRvGf%$hYvta2d3N3lfN9Xl(O-Syo*Y;ZjsOPqUs zj(I(9`iuJUB+WM$yHn+VaOy2xe{GMc@2r-WVtRVsP18{)1yX7v}!|U_@NO`ee>2H=F!uA$hyPwKku(3^Eh0V|8vx#%pTlR5XZw>#{cw?RN zQ8>mC_TE!o{-pZhyK-l2;FZ|=fc5fb{M~;sK2$yvNBBpa-JrbQDfMGK44WI3e~i<( z+-db4{3LcaslOI`xX9n?8ywHOaX>x^r+Gf?!7j(Q@)?cyIKG_{C$C4`&)y;rUan#! z?^jCyqrN>&c5rrv{60?4lFhT~n}O`&aIU-#I}7CU|Eg~+mIq*SiToLMm&vvMWB!ah z1gBTZ+i?7re2sD5x!23=8hH{htYui>U8ymq%c8r@S+tUnI9K%K9bcH?faPUZC}?FSXvo ziIev;zg9T+e0vk8{*a4Yn9Fnb^MKEzI^zs}Cvk4PeOmo$#boP@`~vpQ$_Mhfq5a)j zT>YqsJO-!FlMmobA-O>b^}`F~x3E=AzW5^L>EiO!*efBgO`IHW-v3=xQvJ+6<-{Oam|jiX(f z@5)Px zt)RY($6@1;@}oF=L{49(e!8UATZ-K>a>4#(&s}duF?~MXGjZf|%!f!LTY z@5RnCx$YI}XV%IS^4=gH#nz{CiyG?3yX3jpJ}Cc(y}#xAYN~IYr{lE@$A#q!YO#JX z`El%-^1FGLkxSQB-?&!pkKGFLE^Jqkue*}%j2-!TmAu? zFUSq9RzH|QA6sw8-{zf>Z@z~8ucnVvb#=af!cjfB)wT40((!x~`%N_7yiU0@LVg+> z>*Q@Xb*tv9m14h*{0li%NBz`Etv?N$r{%NxyrrDJUVZB>c`kNZ$$#PC zZn@iccvS=eYR|A*cC<#b*3)9vI{*ndbaR!@26Vfi_neN^6z(~rxwZ_M>`*O${v zuOH7PPF~M9=zhEj+q|E+^d{v#?v71c_u~+IX}QwP>Zk6J2jJ*ld2iz6^_0(#uDnJ4 z;11>evDaSyDsMyYe;U?j{z7tq!yVgCC;6% z)Kty?9nQ{>n>SYO&XyPB^sDkkO_bYn!TwmeRx9NO`8b@yCvY@g{SJ4lA5M@rV~@OUYvlo+gRM~glh~=Q$J4Bh z`srHoBy6;n_vdpfg$hvLlB@~7CFsPR=FR6m>~_r}q5`6FyK(D;h& z*w4LkckI2W{#G1}kgK;>-|^+XI2n@8lU9%cVW<>#>Xhx`!^f0xTR>f3+HU2yi4yaH!V%cUO6^>fG5`bzivM-u0b zr*W6=hwovhwOqKP^2~$s{W$x8JRf`QRGx<2;quQo94p`6S$%JuJPxPF%fDdf zCAoE%Tt9bw9lo!5C2{WfW{>FehU3`zMQ++vxp_jKhT|Ffyzgi1&XntSQ$NPzuscin zK5V=q*Y2)<20x3P*~&NIEH-JR3X9m4AyZ_Fu!(_+Ys5 z0oZ#{-iyr<@^wSh_wjISk5qmLhxq29>N}&9``8{W|B54g=P>oXG0NxQ)L6N|aODwh zkHc}w-@=*ka`6|{Pfd`Y!p=+bhuD8yzG#H{G3WmQ986XI8ct7>f5Q>JZKTF$rYj$V zUGC4j@_9Gq6-KG=^L*)uGpm#@N}Rm@zM$9NBjiq1*Wah&|u!pla7_9O36!m@X_w%r2 zD=#!vd5E9D5%>GgvBCZ0>S^kyxqlDDE{?E=t4>!xZld*iV()hO9qc!ii_TErXeK{^ zt>*F)oW4UojRSngOpVXBR6ZG-ZRCSEm6mJIQa^Q%+#CD%$?stE0r@Nr9+Vrs!ua;` zi#Yp`{1Ns#$c1Oqe^_pXeLM-f|5N@2wjPnoysGgo?u^Yxm2b@FxXf$nd$=>seyn^r zc0Q5!CC)v*fS(7idV~4bDxZ#>x8*R+JkwBq0;d|u@8ok^uCPjdyRrN%j_@ArG*N!_Tk1#n1svS2d?yZ@%5_$& zA2yR;Oq{&m_)*W_h}^c6-?B#i)aCL->{OM1%e$J~Vy*gdb$KTCYRIQ>2Df=z{VZON z&6?^Lct^R7TVu19@;UjuwtP14E9KVf*gxlMa^l?iHU3(6?(@)}$elXsH(Sqs>dLbd zC&y>6j?ZE8^yB*d&1>FOKYUW|k5l*~>~~dO>OJ)hen0nr*y*A?gVUYm3*XoJ0r!{I ziF40K?}(m{>#+NiT;>Di{?Bs%ypPH|v3X3c8PY#4kHXdo`4G>W9C{ujT!_{5y94kh^SR{y*i7IDJyS`a|Ve{1SHmQvNqKPRS2^#QJzOPM=m@ zdNcFkXR!OX@-MJ)MsBc0{Qw7vbI%Xs7d=0Yl1JP>@7t<=^r^-##l~lHiI0_=pUaQq zV7t5;r*_Dfe4@UCyI~)Hj6+=UQ}tuq6-PTY-@Dk@C70XAes;@UvG;@g4Nm_kU;i2X z!}1Jl;nO&UANyQ=8?VC|Tz0$i5ckFr{v2oVRgwBJ_OZeB@f$Yr%{y}a-1T3S>wkRW z-1U^%r~UtgQ(3w3&Rm{5zaf9mb4KD^KOU>=v+NhLKTe*7Q{&}IyENY6=eYribK|r8 zKKq~87^8mQ-O4R|GI4JGfX@q?>`|V2M*ACy!)N8)*y|%#{Zf6WpWF$@{pA(d93cOL z(@)5azG6R5%42c-g1jAjgXD^P)weyl3wC?SYjLKBd?ueiEw}hOH$J)FeyZzfbmHWA zKcxIq>^>}){YJU@i0t6tQ8~cYWAaZp>?qgSr}0J?xi|K@%I{*UyL|qB?JvvuXr4H? zKjV3QKKmAqaghVcy#dNQVB-aO4GwUrgX%j2mG{D_LGo4{;fh)H!@=~i?a3eKb6ojb z_3a_b`{4+GiQS>fuRNr_F-#tcQ={bHu{Bz5`JMV19N^R#<^SRcKlr`+(OBhgV}G1{ z*$>K{@$z%nWk1{U`Ecdce^ft<2V>_&3o zU-|dgm?$?rrhb5@;}nngw|vfioa6LoX#6|ankg4Qp*+M6c4jGGkF8haQnC7}*>VqT zzbbFT)@yRLU)7JWhrK}g*VvjP*ZGb4=gMQSJx@M>&H3^TzpEeMu{gCrc@{^w{vYaR zUROQ?dkf`Xu)9cZ|EK!yVtECQalwnf2nUQQ~n6f;`ea4T=^xZ zSpQA=X>4WWtvG`#pH@F!p}Y@{R>~h^ZZ}#(+{4DnH)_lHNxphYU01v|HHOeDw ztd;G5*bkn9y|}_|5M+3PkC1y;4q)R zue`ER@Z9S~1`o#R50vl1S$ur~_0ys9xj2iB^ORc~mEVsu_>FwNNqNzNtdBcm??dGu zWBVhyY9aMwJRG~5m4AuTTjU$hS3lS)PsG`e<-^$jM82)C`sSzdbnN33`Fxx5yNj@Y zyc|29DKA)5dHA{P=Dl6sitR|QaDn<++!K2{lyAZIPPyWR>ZiYupTo{Bc^9^K%U2dt zKgJ_)ut)hpY=0@&E6)61$>XuJSI*+p*K*ww>W6qNPJg5PAdc}(7pWiZQ$7U;`{l#f zKOjF?Qho2BycC;R`8-p(j~~UUZLJ2rlhYh29w*u%z;%D>F# zxZWk|TZffT#SuP=9lmeBqjavHyuaq>`$>s&@8{gt^!qAju@%U7mr-uxS8*Dj!~t$y zmi^4p_&0DkSN;#1ugd95Ss%~E9{vmaxMex@9rhdKJxlZbgKgZZy!vVSbFjTo{gM@w z$G9Ul7b#zZEnMm{_KQ2?%u@9~!l`BQ6&2OD-;`g#<~%vd=daVR#D4KW?BJa^#eT1= z%zl_}0=DRXn>YPitEeBY(t3-q`<8qf`}i(P{Q%F$F+PROcQpRq%hmUB2FL4_pI?>v zI35q;aHaAkIKoCX^|QDw&anTb*vM%71=X3K{zG}wUxB?%>Q}r%{q(zXZyaruH|FyX z$+u2kQ{J#h9r^*3SrOS#Hb>O1V`X&fF^z87b|m#@8AeUp43_J2|S8II{! zzlQ!X<$ZAGcX=BQevoTjtG-1(06WaL3kPS_zw$cu(|^kYv3Ew^na>OA{#iApzJ0#@ z40iAq?BQ~C)DKIj-xE9kYW}VHoc&ySJ@ao<-U)}><+a%TLoRfK`tD!y{n)Re^%mgh zD)}__9+aEc)p(eDTffm;F771H2)hU!?I>Zc#tW@$ZFw`rB|&S^Zn;s~@qy$=I%>{6}n9^cyh$ zrSi)-zCu2MQ|0B>x2o@v&&MI_6>O+HxK{nP*sCMIiJg>O=e~kUd)UVQ1{q!Sp@4O$Cx8&VLzOXrz zydw@e%J1Qj{S?1LeW#o9M{%l;ybWh@rU7 zR_>0ia`L;_FE3xxTK%}P+yQ4UmltEVs(dP+SCj8fe}Vy$bSB zoT?~)hV4r7CHLg|xxat&)h+LzdwiV|C-0}LD_@C?G5USug7+#Blf=pA&(rn!bJ6?NHwP;jO|MDwf|G@^^sr0>ArHwN0hsGBu?S8*u=daRX@Ooam@Vf z9p&M3ntvOPaHGeR+s`V00~_S!Ix07wS3U+u*m#_Lfbs#@BR`G<>^#AG{ng)v)3`+^ z>}Qof~^`W{|@?M})|_GUfY zABXH`ANHP5-+qSv8J*7nTb$4Ho>gw($8bo0BhKQg&#CYKt@(!I0RM>1)5;t7Q9r`7 zarl|`SGX_x`&{mdvv?2ow<~YZkNrk+fCF5xzjFJO*6)O~_(Pn*HJ(@B`%C>X*vH4Q zaZ>qR1Jn=k;=C`=e#{rxAMTG$d&Z^jXBI9|CwLH(6Dz%?f* zH^(cVf+Jk$CFRcL%6sC#lE1-*_fm}ChvzM{5$ps ztN--N>Ie8JHU}wpCM%Ed9_$QMe#aEn!>e$Fub9gGFQ`8qXK=A;$}L{M`{FGA9(%(y z{(~7fct!oVyz(VD zs32c7Te(`X~coWVtf89WN<|)npIu3EUIm%N#l@G%) zK9P5C<<4C7<7edE*y8pzE` z;&K)T#pJses-MB@aOy(k)*|IuJQAnxQvNp%agW97`*$k;76znJOQWZAICOs{kHm<0vf*%yXVOT-cfGw zde;ft)s%mV)40w$^&?(CeC$3t0 z9^u|NeW~*8*dV`V6YFL_UMl z_`y%rx9G3NDSXK`)OT)`U&0|ig$>;CbM*rp;SBTLuwA)L zJ`-EGK&0HmU2(+tZP=}^{nXt-AHRa*o0Xr%nOo#Xce1~mM6ftkNOt*g1j3kFYzVo;b*XEE8mA>@@8MDAK_)# z$7S~_cW%>o54-qhoaKDn{k8f*L-kkSaF=|=H_Fqy<(F|57u%=Y-=lm0HolaP;sCeb zufEOwdlmK!^-CULKHMFf|LNz~5Qn(zLG{h+HNGEC*OB*O2isZov)3t~js28-28VU! zN4{mhoX-!iL0

    *LYbV?T$neS_v}{vGq}kYC4HY<#cW-KqQuYc=?7&X4K`dzD8x{k44OVdcg*@+O?YjgBaH_9=f0oBQROKPeCKBy%KVTW6D$a$m4Jp|AzzI`?&fc{vNw& zjc<2CxrevmnD>{r#L6>m)L)40``FK~%CmSP4)KM*F@Ib22V)=qfsK2Wcl=%b5bwZt zY2}UnV7^P_H?fba{Hff$SotU%;@@!Uf6BX@WIene2l&3fl)DeBzYTl1=_%#$L&{g< zOb5BZfknu08zc}wwa`{5av!*;2$M`IExjws`uf9dT3#T8{_*R9P4{yRDzO{&Q z{{i*a-~gwJDmU*}J`YFu(hHQ^JfD0V;u04s_u6axDD2~c#grTEl=sCU{v~np{T2V; zY{TN}XMWS`(L5agDi=L;a?wdIGcrvl(--WX$=g z^SK^-bLCo>k_Yk>Y|NL7ms4&tekeBPC_jT8`aR35pJo32I3#aYLAgc#9uArBmdlho zcr6arYrX0fmHY3>({O5){5Q5%%a2!Ly#?}SY%Y|qtE}98Uw#EUpADbV_Ut(jk+@PBJPDWmg(<|jl z)s_3p3-}0M0Cx|4f{_o-F=9q4qU$&OP5;{y(%266bQ8yjo4oXU*35 z;fZs7pZ-sYbA5;Y-L+&7uTGr1UffqSzEW*DnkA1-ocsNRBm92C@8nsIN24p%&oX{| z;@thpKnJn6R~xx{1f(Xlbc+veyYAa6^HlA$FbQ$Zg7qI=I!!W z>@}75CC(im^v&pR7d^rF?l?;AD6$!X-B^CdiCv2@&xQXDId<~_sMtOpnhb_E3nsAu25IG+gyGM zdtKzWvENm`q@MalH@P=<@eXX!zxqb?(>v84i!+<#!#MgxZg~^)Pn2h2YpVQvJ|8JJ zyIK8cj655sKb22oKaxA#qQ3dAyauP(&!zR*?^xx}Vb7QM;%JVXYCwOHJRaL`$%nAN zUT%1+`u22r3=U?=`?0rNuHR7oaFsk8Td&Cf;xzl|besAS``L;O=Bv|4xie7XN8y0u zyBlYxDX(R#pLt#$f(^!JvHybdMvZg*)fvK*`De@hyCvI2RI@x)>QovKZt|=tcOi}6leM=uh&fDP4?Fh$MnO* zx%-RB{pF(O>f7w68%`C|-%D7JoeSj)?oi*kL~e`C(((cvoz=guJ%$5A`E4yUKK-xq zvDhl0`~Z$k`IeUKub?~-mewb{0DHhh`p8~;;&Wqaiw`D`5Ek`F1jJE%Vl zr}1Anpxr?V_`+MbQa2h-RQ$ISS{C(_wCs%re{gu#qFX9OQ zj?)(@f9z59O}rCl=r?ebd&SjXfPGx@G37=v<-Ku;_h9#|_SdkZ`k8;^*KvqTKCaw8 zqr4Z6@h)sO(|Wf*p?-i@U=P>sq&(eJ{h8Ro#hz3iHBtT?_HUQ7*k~cAJFD;E53zlR z@*BIb9$th)_H#*B#y3}gFwTCf$9oWGIKPd%sqf8i@-V1vAPALXf<%3r`SK8ej*%DeSdKSTZvw#n1|lt<)Su|s})f8}ls&9@qR zxaRZ9V;niyqj%&-kUr=t)KaM^2^Y}pJDf)YHTtwrW3?j$N zu#L+NRvw^_vb=9^eq0j`DiL7?0n; z&ZEjJ4p$!IQ8>bXs6}}%Cq<#>~+%kt41ofo|Na{n7q;`<>3>` zC*la7KU%rX@#>8Y@+{7rr|~Vus2>-QS7L*_;#lRLp?ok-(fbouF5T{zpSG~@9cqY!^!V8rfTyMRwd$-0Pz#hJ9 zk@_+FU4b*L)GxP~{T$Qrc@`VIzJHFht2?BT0dDYx+??BIWJ$b65yrM_QA>utmVuCbc+ zN-H0RBm6CnD=BZeMt!fc{3g!ga%+``cnA*gPuRitzO8&iFd46d_Ld3vGpnK(ME z>-isSVrP^37XAyiR>+rqraXfuV`ruE3qDtFu99ECAwGfKx0H9=uD-QeK8hpU zB~tFKQT_w=|J3Of8q=Ev-nFK;5&CI5AnO$ zy5#XsZB)ykb8m=Ev4_EpN8{ir;~tFg`V>&nB7$MdjvoyJ!< zqTI(5v2m^P0zWYx_r@vC{{ig&rN`ImXZ1b24jU(xUw%}129L(+TeRL;oW<@htdD=d z{>|!lIHo+nJFt0^a{IXQ2xqX(^XZBc%#UBiUIUFU6D#-eIBe8c{tpgu&tG%>+~@t) zPW^lD_Y>#7&q#f#$6x(7+1(=#$HrIkaU9c6|E_*We3g{)K0h2h8Ut&aLmT-X7cqH~dHa z)NZXm6Fa-)U$MdQzxS;AG5t4ihJK-cmHXr!66e-;S#KrohcEn3efwEGpN3%T8Tn*B z?g@t766g96{XY`t z=F8G=S4uW^y>ssS(J*oDdNmne>tfmMq4}mJ&i#JSDSkibUvh7n@;fh4-(&pr#JT&W zy-4@V!{qjl>bESdzQ0+11!q2%|G?HZ`R+36hg;-1*gq(r#=&m6d0F*?NS=z#o$}$t z$^9e$ef6d4dtWJEimjjIOUo&b56k^=>U;TXY;BisDzCnONS=gKzsLvj`Ej{!1^Tf( z7F);U{rUVix!z^!N59Jx^8Qo)7MtJ7O)IMJd@e7;(E<75O3Kq&xi2<$$)DoPNx4jA z^~1kp7pG3i+i`%et-}2DM`P2`-*-QP-FxJwmim4>`E~4;myOHGE6WbH%E;?*Tu!b~ zReiI)+y|#0k-x%GOZkRs>c?q$GWM^Nk7DyixkYvLjVAJJoMygL`MiemW>={1)Rw1X zpW|^1+qWvevxfR!V|f|QGTyAI++=_K^RA-)S2$ZuZdglwpZ&jr!v@L=)MmY6ay#r) zmlxpR3i%X{ipuv~sqq%$GdOdh@{(8O^5pj?O6vEA9!#9O|M`CIJa+E>$m zRCzBP;dgL~et~P$H~-P|vl$Lg%P(Pr{2LsfQC{;}jSq{k9!}x)I4Z3C{Oi<@cz(6O zCdbE5oVt~dvG(udEIxppUzJ}|PyP6q z+y|R@BMy!$FL5LD7t;Sf)df4}%ZqTTu>1oK@l`izyi-JZ4{Q~c-^4Ng8ylsS-*>ad zn`PveaTagKZdv7}Z=ruF<8g$i;-H-JEKZe|8`jtOpn^OYyO+uDW22&6xB-3K65ExO zPrznn`5WwAAlJK9-myr8n>mqpr&frS7sc)FdAHflR z1v{mbf0yrHEML)x$BVmS_Y&o+vHzQ%Kc#H-?ce1#IL0qw_YdXU^Zh?%v$4jTC*^k7 z$Fp$iFXj7j2G?w&@y;pbU2zsK&gZ9` zQ~nW-$IC_TX20Z3u{l=xFr23U33e*#e4pPsH$M4%;h2u^ZHaTo)0(33)3HBQ{u0Nt zEFB@&uPaT(==KX^_3}+9?AL7grxx{@MZ=I0S z*eI#c(=muh^~2Q)suPVS5|cp)}!Q2ryf z@HG#z{#ni61N)3$jEzT?AH@OJ^R?|X-sr3Od*R@I^;cu(AGtt#^;1XHzZs{we=Nst zUFFAdc)NW4LmD5ol!xV=mbYN%5&6On>YKKl#$iu+YCdl#@5ONgxyr+=*GYZ?TkZ9D z4q$se{r}NlK_91=$ZN2@N)b#kLeG(NRl9)XQb@@LpyE0=myeQ&AU4u|i{ui~JO z{2Mm=$@LtK&&-hrV{??e89S5Y;*Y6szarm{o$>N4oSG(ohqK(DDtFZQc$tph0BkLn z-^2Es@;}&FDK~vwm;LFbayl_qD-1ywR|ml{fFE@fkc5 zyEBv@%jYxYM&0SplBePHZ222(@OWzUP~RP;yf2P?c@s89$Ypw}Z%&XOPMmvx5b%EB zHS#p$4<$~H$J;s{m7dc0=r;ZPiTkk8P@aHO4de)0x60+7)_hi0^F5F_cfQ<(+E0Mf z^W-1$`AWHltG=^L?vDL8s=Zm-W z)_8A@@JpF_6 zlh{5YU;l#UbAOV1U)bSCY;7k;CPGjiTVC%d2Qm{!Ds}tvrUvP=u&$J~EdZ|B(+-|J--@rywc^CF?m(S)sN#7R? znW*{Qm*tN_GIG#f5hpTa(cS@!7Flvo!N4`8Op6!<^73s`_FQ| zn#@!lG2aK+nWcWyS;}L)85^%Fuk(uX44#ftuPHAuTe-1Y?t+~|@^+lwCExt2`u;ca zY;3KU3%#a1b>V&I?gzcFjSt{7zAI4Q!Ea+1Uol6yhbLhl|A$jqt^ed)_0y~6ZP>$g z=P3{0Qa%G`$^XOl8s#15s~^81@4@aWx%mR+!BY8coINeqdR@6)M8{(~PLW@@P`PU; z?}vjQH2z55Jl;nZsh`2SaER|*tUSUY&f*)FD39?{Y@V<6E54D-bI(89T&?q$`2T3S z^LQKTKaS&rvM(nReoE8Et*9eeD~2Ko9ZRC5QOQ#2BwMydrDQ!VbnQcmP)?QzW$Yvz zm3?WbP+3k2w}jt}_iO%qKHi_t=lh-I%sKbmtHS34=gY$}?w=dyDL1(Ouj35o>jZW< zo_3$9KEwH4fZbnoyk$OD?iA5}24g>enalfGgtPcJY(J^I@_hAMrR1k@>}7cZPABD^ zI3APBq}A`8m0Mw_xjY(YTgaQRn~?K;p?41;ZfdGUW1b*uD*P}|BLcRl-FFu@v+||w((pX ze^B*Duus3aSp9x6<&WbG*K;cNZc)Ai8|~yGUvfS!mcG2d`>;X(Ae=T;KR>D`KZ9L- z#}dtR?o$1;*yDbhgj3u<+i>Ou)fZgKetO9k_Fj?uVGA$94#$5Mo3-ixO7pV!$s=*{ zZuxs`myk;>Q@!0oehB+d$)j+xq^{>WY;u2J!0~gcud|%>x!-$YyQT7(INnU&iIWe= zMOLUkHCk?h(*?BtP@E_%ufbkHxxm-zH;c%Pv0Gj921NPa@*@p1pO!m*c>zlBr0 ze!jvU=l3MG8>{}NRm^K5x5xejd32O#?S^9)L|(UV^$Nzl z$7gXG*W9Ri3EUGWPix+%*ya2l#SZ89mQCunIo@Zm$N6<}Y>wugz?oTc?Qc0B+#kIn zZ&$tm`<&lDaGdjZ+h+C0IDg%77SF~B&i|3f7c{@}cl0llpTHTM!s+G8*G2gX`Cn{* zAXnd_dDgwUAG%?m{3Gm@Q@$_CuaV1aReu~mfKwHe_rZyZ@;vOe)%r)URaW`++k$!F z=dXPF{M9^k@cAn-PW1z@IY|B#ySwDwp~LS-`T4k1Mo!_Tp@W|fll*+xH*_#Rd7svw zL%mD=PdJUQ-mZGDtJZ58d4xPLa$k8NPWF+H;>?@!wcl%=fgityH(}Kuz!a<8rx6HtFX!Y?fIyl=Xrbw z$7iX&OX%?T3$^w8g(>9mtF^xj_Bp;Qcd9>~Qhx&+`%!)cn?K8+V0V*z5N9{a*X+`~ z*iZ7q*gPn|5#_(iOK^IiWH}d)@KO!3kg8tz3?D6`$3ukaw?Bi)Ti@(FU z{JtSCbntrj?$myB4$4M#`AKXJ)cPZ_yHoxus=rS4M{wphNjF@hkP14MOA;TulcE)9v;;6h6+lSnE7kgWMjVd>l@e*ZEnE z4M+Lk*u_W@=n;rjGXrbF^NiBif(M{@UUsej7V@F`mu!@m* zoT0z)KkBc;{Dye;7OgiJXYt;seyj4@|Ek}?AK;C6D>hcC{x59d3g_8B`?IizdtrzA z2~mz$V`H`E|AFHt<&yttzR$dSaF+8k5SM>f^&Ylxp$qEohTGs2o`9F)pRkXwzo`Dg z?`eJ)Y_Z?5QU0a!tvF8oHJ8-i9(TY-C)JO`4*Bk|SIf^l{0iR4{6*Mf-VtoE-v0`y-=n`BHr8mr zqp^k8V4MDv*ufR9&^(9ww%EhNv9VV3zrhwhgI(s`dL{eA?XZs>Y&@lTUtkmef-PLW zpyt`Q33l)+*u~@VG0x929Q#1)9maKVkwVPJci`c;6;9)RcsHJcjd7a43R~RI`*99= z{=!->woUanU@tm8?Bi##VXOXAY~tT=9`{fCBATDQSwGLr#}@Ucu#Izysy^pa%^!i= z<3I3l+@hH39r`z57e7>7xrbNbrS#`7q5K#ggv-y-`hVf3xMxY#59fJSs+64mMfIO! z>k1w3gE8exv5$TBGxRFuMrZZkR$4akkJ!R5l~HcvQdi3k{sp`EtFp>H{O&cfk8{e& z#?xAV12%Ej^2#lI3EOx=1?3K|^FP_eKVc8QT~WD@>s~7x&uIO9*u=xGQ*PmSCE3Q? zv4h{ZUb%~_nzDy?VjuUtLAmj))~|G(EBEldHDw?F zf{kuk|ASh}P29M)oZxx64x2^v`tDXoxkY`Ey0VQIU z@q*U>7Mr+J3*{F658HTrOXUu(^@!}^?byT5CzSiRL@U{NQR}C%iCec;ZsGs1jc2t{ z?%+q-$}YZyJ)C}2xsThnlZ~EQ-*`+m@n_h=t=cQM@dfPQIUSVu=k;{k=O}kOYF>Lj?=*cIdHM00_bj&XJlqYR#VOpdv-+3f$=Jt#;KCnjevPM9AIGoZ_IN9HaK&d-KO1+& z8N2}J;r!34-gt@i@NUk}VBG&p<-4Q$U*&7NsNbZ25-vPfdD-X4bLAe`qJAB&L%rEm z^)~rHd~BQgx8Zn3uGUTU9@lpycIZEWUEHF(>ig6G1@_3z9?E^(9vexm_Z~L!FWAEM zo@f7fG_3s1y0zOIjQ z2Y-xRT(z%q4}Xq*T&EuX-0R!MU7I^Ht`(qIt8hiSHbs zJi+T{DK5NS^)&}7x2XRV+qm)|sa|rryI2d9|VJ2T#VvdaYmVb=JeZv4aocI;T`$^$pb@V?X0@Y=ZLqZz`{Y z2VooM;o;aGrusDAf*p>h=v&HN+y~_{OoyeLNnwKd1F8rr1wExjQ!T1#IC_@3J3!%X_kemtYq^^1gBp|AKuy z_ygAOul3uFlTCc{c-g||v5mKVsNBJma%C6SoFIF+%tYD8KV#!nt-oTDaudHlS+?-a zQ{-dZfB)d!+~3WoDmNx--b|c>|HTRX@HEx;$J4Qk^YBLeh^zW6{sfnwr1dUh3%8rD zdYk=E!AsAn{^}XZ&0>1~j>X;R&;OC~_DfX%8ZMtFpT|piJvcK}pQ8US?D4!A@Uilx zN<@DE+naobNUN9h}6*H_Dgd zKG^s{^}l0}{dQT&ym`uh!cD1f<0((!Z?TnCef?F+cawjC%b!<%(`x1BkMcz9yed~( zqkL&49p5yZxLz)|R(Uu2N8>auuugd%eia|%__DY?$M@C-)epz#acrvg^VueHu7Bb? zc`5a|TV$90U$<5E@E6#}4{TFz4AA^7*u>p3$}RjGwsF7h${l+e+V;?>y0Eq1X!&R}DZ)_;6A>*M{{!rk_;K0b~e zoZQR$_yYFuTl-iam)|cNgSCDNo4E7=mKKsWHVi)(r9v+8%yZ{fMs{LiKwL?CQ zb9o-b4r#p<&%e8|@tW!r*u*d4@}DVRiPNli5D#a)e1|pPqW=b*Wqk`bWnNdjn|W{H z4D&vX>i^XG8?n#+Phex3@)AF5{qj5I>e!{f6^nrGrB*un#F;pwVhi1WA}$FNO( z!QV8`!8c+T*T)|2h<)52$Cqinsn{4QFUKa{hi&dR<9Ds!jq7(yWac%;OY7_X^JQ%D z`DG$@@LKHQlTkhEm;OWR<+5HKY?F7u4jzo-({(%_W0!m*_V8KUp8CqiIls6go{h)i z4BmkAaK01jH)m-58*x+I82dw&zlx35_34MRcnPkvOY{H1 z4z71f^ETpvIJR5$-{AH*Usm-lZj6uNH*tKA`q$z9xY(cS_wYlw@LtuwgA;fo&c#Jf ztKY}XaLzvUkHks51uw-{{iS|mzv^4zrg$7q;T?E4F8jCo%>(Lhiyf{z6FYbkcJXTL;oq>2%l)hQ#xSj4ADg%{wr~pDcnNm!&)CHU&TIZ|u1^E(k@vzr z{sbFuX+PVriSzx(`M}k%ji12|{s6mp1NQLW*vHph(EQ{Kt^Wkh#UEe~Z^g%O;fv~z zeWd zNO{f*)n8j!w(-|E7u!XYXYdt8<-%X9e-5^Ai(<tqKn#WwXFD=FVd{yUz{dLyn^o~FL4 zDaQ_J{t9gTF55RKZ%_UQHvUpR>_+7-dFh+v1pR4zjJ*EM%HxOCzZJXG_qs*7#p}Oh zW!c7aaGK{!%__!Tq z?vGveQ?aUY53k0tGn#jAHRV~3|1@68>tW>`%6a zu6`Fkh&?&?MUS^vtK%022|!Trfs;w<~Qy_V{I>U-nzA8YbfW z)KbEwKoAUR%tt|Rke-L)@MC{>Z*y4O1 z#NBYwhMJecwXjeBGk7EKU(>NMQpd9qFQxw^?#BMhHPZZCTn}%=U9ri$;n>1+u#NX% z2OIZmzKg424?l{1JPaG7wEqRz#QU&?^FN^ZKF4<}w#nOJ2M@!AKhb;-yX42Phs!i( zKCXq0(dzGnP5c_p<*Lj zKOEEt|K2lwZrSC$Z0O*>uV7D+D~AsD<6d3xa$YrbFy9=k`H85Xe=qt9_V84k!D~VX z^O9HTzqfao+$Yc1T=U&r&A&Z#u)n43uU+V%-+aEw<^2q#-aMrG+2pCt4_?mqV7sqe zqJ{eXE9I6rQBWQp<>uPBIQ^U4Ir3RKg^eTf3Y@tpACL0l+W+;fIUo7u1h!+cgUv(gPhd#u({Q|k*4u^+Q@*mT=EcbG!S40SU&h9dnl~FKkIH*+ysPR9J<9Ro zn%L^5yeoE3tA7$sbWr{+&i<*qU^~sTslNw1_$8ctT>VpV_6d1AHaf~h9^?GsdvW4P z<%6)=PWE{IeRIQ^{L6(@hu`FIb< zyD0w#d-x;&@W|5bWUvksnol82kO@vQKDUvatLp_VE~Ozp8u{&f+|r zdPVuI9W^i3TYen7cr11vQ~niBw3iQKyPaI}NzF_Dr1RAz@_uu?Ni<;GX1@95>QTa1CZp&k^IY|B%JA-ATGy5a2jgteF_Xr)lf7&-MzWn|)iriVO{V$8$PxXJ` z828V$Piuaxt@6g$#XUm@|9zKtYU;nwGoC!NNb|oA9lW1rdA~h^jl#<>@2B)L%47JR z(Bb?4GW9=+Jv#&DUM)}Li zD|Xd8}8+rP9@b%Ea`OMy| z{d|h;+vJ_t8m;xO?5+CPJ91s@kCI=(-bnc~9Dh?jj8pj5KALCZ&N%&s>c?Y?d?$9v zOZR0zV^rS|J8#P`;>37)T9i+gci{Mk^8fm2Uiw}6Q5=6?PGLJGZ^iyZIe&lk+wXV2Vk51*_5jUuIiKCJ_m=W0 z*q9~n!-=_axq<4B&yf?M!_Pl_KhdAunyGwFRPV_9LkF)vkLO46L2?Gy3mx2#=1|qY zi0#+q$&tyo;573K3|4=N`l^w8s{c`(7$gtF*;nPo*ynm23LSiZVw}|fzo5_%&3C7( zzFz3yc~hSMKhtxegX8l#o)pevkN)^n_5U6^{C=mRK0lUwP4>T*8-)(eheLf&oS3Kn zcS8s373TH4hCGw2{CMbK|NZ&zYhL4MUaE%jM%bCe!?{vGyT>UGU`*nf@4cd7qL?6r~yV!wkt zA#^a`a=yI$`FL6A;QZNfz5nhH9e!WN|9|6(H&pLGzT|R!RqTGW^s-xq4z7>=tmgN} zUVV8Iwz|nnLWjr0{5?_s-OBU5sXVzx_uCDjgZUQo8sRMU-KihW`58u@YM^;@alDzl zi+YFoXUVN!nq5AgyN7AL1Rj8sco}wZzPD8G{H%Tpr^tt57jMFG>WjXu{xo?r?BS6( zgEQF2rH89Oi(BIi^G9Q6z4o^b$2Q1UzN7xwI=KPP?2;WE&&bPhcDsB5n>*#&BQ(#$ zy>ND~@-MKlLq35W)~hm7{nmHNpTX&U@-&=SE$_zeX4xF2erJ>X6iy$OXJX5f_eJ%q z>SNqwCv;WD3$7-IPC)dOV_1$p#jPm!fdsbc*)zg0l$BSzHTT+^DT`4DU zs)Rfcr%TH7aQw99?~3v(l;?j}^NeD0Rh%gzKZ;WYMd;ale^<2eji)?m46-eUo9Vre2sk7`<#z*as!+$FTaSL3i5dDf6X`a1x)2`X5z(!vxJww3Ay#eoP*Uje+u9oW?(5 zbCB|jIE!;8YJSF2p1`q2@<41hmFHm>AHa44ehO(JyrH{*pE|FBiw~O8QOue+?b%H;2#LMW?Ah!|V4p zoNBLmZLos}V)t?7GjZaA&e!J1m*hXOjmx`QFJ`E}0Zzx{r=z@-JTi1}{5kA@Vd!B0 zb=d!2>~X&GsE<=$VY>S3;0B??_v42&ziZ^bwcjx~!TaBGY&TQ=0UWzQ&NoBzoLA&Z zICi6aAI@;R-Epd>@-f)s^}QIU@xCbMez|~?_?C~fzRCJcu=BF!zlf7~eCXhOTAYs+ zp@Z|;l=FFrdY9Krfti}0<^I1N$BJuy+t9(hrpy~a?sC6O$7ToBZ@_VU68pI9$HBbd zdEso<@2_ix4nH4pzdwf4xIgyrgwWyj<^O-TIC8Aw<!hYtRGufrSa?+vc_L{8zF zI2U&d9n8zp|0a%=*1Q?mUfcNc{KKJx{rmjBzSJ!B$5$(F6goIxMp6B|lq9#-D4!NO zxE@wxJx{ifr`9V!gR|6MKb!UVyx9_)qjdiIgbvn=vEDRn;*B_t|HKxq@~Qe0_|ee8 z`7oDiKm9@n$7@c|deg}>%am`#3H(>&ZahGiPW~*fiRy1q{~7GwELWSSc}^AiS#0LW zA4a}i&fwS`a^cU^pZQ+vJ%H0c$WD~+l2_u`UO5l@JLS5cYhHYV+zVS<i@ppU%P%WZrhUEsp&pzk{7Tc?-6W%K1HxuV(Yh>(#+#Ex9*N-X(t$ z)iZAoc6`k%zl!~Eyb0`{Q$7Zp?0+3j?NVNJwffyd^1awPBKO7)`&%5={I$lhAC$k2(=~K_-{9SFnAB{yy=uD96X5ypZx6*U^uk z#F=?oe+*95)%E`x$Lq_daS~TquX*Oj>hFNvFXW*(_KiFrJ1gV^IJ;afwt@X^k!$1l zHn}_Y?$&-%*oyXx4g5Q{x2yl^jhdhNL4E)ycFKKl){{TO4*NfVljLPKX@zc2>*fzGZ(UG_M6VE6eX-@388ZWBUr_f8q2c<+pFvyzD1(JDlWt zzm4NRDqj@U?~sq;)Nc8j?=;WeAUDR@jq(8Oe2*MB57 zCo5luZO-Q@>~eop+^Tu8$$EVxuscN_i7mVyr>83~xJ~`;Ou0F>cs{;|ldkgh*q$a| zi0a47^)i~5o+J;(3G88Gs`7s#Gq28e^`~yv@js6<`Q*vi_+9-Qu~}02e>i=OTZ#ojeL>zmvbg#t-t@sGk0u-I|x6-p1B?)xU>r`qxDHyV~!0 zoPA%ewMX-^~OI?s@es`FBFV1p4dg9DB-9Kp@=LSx`n(MXPV0Se%HJN^X|qr?h)mWtNvpg?M@D&E^=ojZx}5L0`m?+r-iiX)cMTd1TLIa?r?uKz*+KsIK$`h2{`_M z=B>bPWBFHX;gWx9erBTb8aO>k?u7mII{pu^w^7bS{Y7=YjnnM6m|P2Ii_1N6yofwA z@+!^SgJWyttN+qG?{@6bx&&TFL`IpFV$R++}o+ICZgWYOVb_Q9fMt zAB7HoU+}#CJ~KmZ-lzOLPB)XQoY8u*=5hyY7S#PXG<0~s@cq*~a&L(0H{ZOW`J=gZn?bNyqmRHa5#sadNG^89VFbi`Y6XSN=!y%(FT__v6$~vf#q`8O|gaDT+PKAXw2r!+qs^}nup*Zs%*VR8a{ z9RFZ!@cA%}lN~f~H_mpJ3trH?1il-mY~@d5oBmW(|FrVeQO@V5e{uR{<#%1w{3Pyy zouu*^*yMS)HOiMMzZmuN^Ud9tG|yY3ya$dokW)Cr^;#bJ9$n9$u+Qh0f=1!X_j~4q z`ftU?NYyuq@;Buqj=e8W2pwF%{yZ<1MLGBTVVoYN`U3fa`rv-a?X?F zV(UTq4V=dFagxs;hp>0o{g=P*ET3QV;`kBl-l=><=-~a<=KsgJ2s`*N_1@73F3-E8 zfaYb6$U{O0{Vuth^OxlOR0|!RU#>@&(Bb*|`=QI%V+KzCDIcZY;rDab z6;Zu;MtMu@XXT-xgY_KNTST5r=pI`kRZX-or^8Z>fAS z&f@b?eHZ1;imN~Iocuoa@e!Qrs=Rs$)f?U9LD_$QN9vWwx3ac6vv*G>sDa@cqBHtU-x16 zLDk>#Kh?*Z$}iv;UX1-F%JWrJeHORCc4Ou5VUv6}PBl}0)3xe19%en9c}V^W`?%nB zs<+usa~vaoA17O=|7YyuJ1emsuiwEq-CXtCu!nEBUiI;4e>jVm;#5QR7c!aONPY}w zEO|Ee@juw+^?Cmd>W`6+!S(~{-;Fc)rW;kC#Yr6J{ChZtV>hYZy;xwL(P4<5R z`?$uau3kJH$!8sx#}Gmqc5JE4R6G(R65 zCilr3Rnz=bYwdSh=%7ABy>W-;89Vj&6*e~U+R(xA`n-n7uT=%3YeD{zrKSY@V0j2p!CGxgY0~Cmz%1 z*K^ozC)cQ1BO%Ym9_t^#7P(nd{aO0$(Bbj! z)$xuY_aD%_bvT2I)(Yyw`-|hXLI?MQ$NcB9LH$geXrg(0qMYL^S6lrydE3yze2?oh zf;`(={R?q|^YJUr#C3n&R7dj?yqm zN3JY?7&>l`Ra9TRzWUS5tB*4| z%KP9H^&ep`qu1A7Y=0|X(?Ii_U2;oo9hBe3iSOlau<@PzZQA0iULB|M z9uYd&zsvV8i$e$RuU>uq{q-;OC%UM=>_eKDenz&i)n9%V`_IZFLWj>=p6BVPzp3&| z*nCKC*-Z1Z56aW9L46iGO_bMrSoLx0hvDSI%6DKN-`t%2H&fmhdw3(Z*iV@j><2%E z6YbUib(G_>EmiMyP~H#6AD6dd7vKJf>a8b~zk%(iN zF3^g4@>bY>Qu$<@#lPWXC*`$U2mRswvQPKROQD17nc;eV6FR)#8>_xT8#(!a+!M#R zUR$t%Z*Hr4kNSbwWnLz9u%6HB^_EBFV|ZZb@bl^8`hCZW(BXa(TEA#J*~RT~7Ei{0 zYt`v4J0cJjjFB=Wss%eiAyU&vLy^;^b56ul0oTm@N;*F5ZN#&dSSlRDA|_ z!q%h8-^DSGZ++eipB#AvPF9nD ziSnv)?XIeKZrUF7Sft zVu+YKzOmTjeg$|yNS$==`C;gdMG_O`t^WszG7efdAF8wob8t=p9 zdHq*-S@kCF6gqgln*8?&#)b~Ar!iggS7M9f`;-10`fK#kyg2R^I_w{;{uS68DCd7g zxm{ED(>*v@L+*pKaryJm;rZ&K`_qr=Khn>um3nJl0zZyzJONvHCr<8Ae}z8kPi~i= z#(qZr0-K-7r*M3cT&pkZ&zJk*cv@bG{V(K#{Z#KSlpn?>^`mf-`QPCz^=102Kf`+M zusL4yCg6lC@5A<3`Q}&E?~RjR!I`(^FR?-WC2UPm-f)2W&582c*m_Ogij&N%I8gQ0 zi^@CU%**m8kzbKdV*3R-K1luUOLAYF=qGzP(?`Byum;Czx}D)9%tsrld(trktoNvIqJ{ORecgWd*yjij(@}H zeab5jReyZB+#TC1t=tKl>*Sd@zFIyW znf%r_)o*W5-W|s`%JZ?$^*a@r`s%~f@9=u*h5cpfUxDLa%Enu&Hs215JdJH^;)$Vy`5y0gn?ncZ zGtpA#v%qNe`#k^ag%0+Y%g+zpLkInJc>kJ1y;n!;AII^!@?B#z&&99ccs=FIq8#TR ztNQpo%3ER&Pr`|NmH!;&_?A@A9~_Uv=d+HXgY%WWTlEuh3h%+`+RBT)8`KBKm*M<0 z2pzsZ*H=CSr|>FlHc);E`}qF%)StAJ56AI_@^+lX72j8Vx{-1lTldS;LWi#pzVH1p zbZ~vf^7oooe-Jp>zt8@=;4GerjS{-Qj)o5UQ}kayPJS0Z89JC3qu#|P_Njl5`Wwcp z|9$*8{s2$FND%~eOta< z^(WWMHF0XK+%0s_Z_%Gi9;bh6=wLmYpV#tF&^-GSecrkor)SA8VCy4!3Qo?Hf5aJF zV4~(3%&UWAvsK?UbZ~v*y#7B39qyOcpGSS7mg@6xlFy6rNt&OKpx8(L$`hD3y*j%jrG?}XY)R*!E>@Sp0VsDZB&@`=Y^WR?>96DG(T~VL6S7Gy7 zxu~l=`H%kor#W^n$RA+iqPz<`_{gI{ z9A{qHS=vvM^_ztb&kvs;-U=NY|5A?kYwY2Rp@aQeWi-FeY&pgKF#;zlDL;UdIR2^X zZ9F`5`1;}bwUOK*zjBW1)7NWWW9-~4zlB}=El%MwbD7WUt9j^P|7r5qadNI+58H5d zo?L03`W;?>kA)7e{{rPBLkHK_;e4(l_a-UN!^UL!?$6X8!`-m|f%0iMoh$Fb-Z;6` z=ju1`LpY9y;_O7#FT=_4a$e~0eDn8xx6PMbUjI*q4vxI7R(VoMpYz zi`5@nt^P-_w@Q8&yX^maoL#Q`>Mzyre5mWy1}7%)euC5Z0QQcmzrqsr$B)S!aB8Of z0d~oE;Mi}<%Pm#Ei=V{t-<8kA9`>;_MR}#K=$|Ba#70`4fRo%0dvI)uj_;0T>W|Hk zd*S$0c?Gs+%a?Fsrrcn;`aR~ohT}McO`Nkr^(ovJXD4gkChQ+>YJ@MV(qF6IA1=4X z>DT34>`=cu%G1hk{D%H7AaN9Beq)t@{fza2R#Z^q70xvZypcZmE{ zs2(@jL4QN# zW3h9;d=T5rzjLSR4e}v4!+M)>_67Bq+NFBu6}baW6_96O8~=%u*xF4$9*ZsRuY)*y zyXIBfqxuy2AnbC#eutAsRDbhuolXaC(i1POGuh`zH_rJ;qSZ|m7B2Mm*=VEKOd=$s_$~PTUzr*|MtJucdv4yMs zq^u2$ocK&WjZ27i4)A*gfp!Fzu(zEejd9=wcq8~H#D!{AF9vhmmkA^0eNzL*xj;lX@LY{@)v+_l3vwpi1s!tu(`TYXh=Tu+hr1IE*a%XIiFT+{-^RV-?=G8o< zes{CnA7_5lyp@p;Dld`^>Vuyr?GE~Wr2)2T>-W>WLkAyx6I)cj7@J$=bJ)Q5{;7H& z55dMZ)h`Mi{JiPjuJ3D4M&{?wx~G+=@c``M1-L2S7oG|oelXv!;J8O-%$QKjwLm3HFh3WUhqs%AAH}kk?&XPh7R|0TzM~?!t=3t zLiq`t##PU%KY3F5OE`W?UWl{!ck|7R?~mMv=?+lOOeCkNqsg)?B?FPvh)#^;gTM zeuw+vY3zNjd`jrxezv%u{m{YrZO`>7pI`k3&)+sUjz@%%*!@8i2-+n3+R)?s-S&f?=Z{j>6NS7=`R7r9aB@cTM`zx5)yvs?KL?Cq6z z;TSG;rRF(1mDj_GALM7S!Mrh%cPRf7$EiPvQ{)8;YJP0H>Z^qg_G`YT_k*_N&gc63 z$4{_7Th3od{r(*JS)9P@ag6#Zg;k%JrTSqw^O3wS@?80rBFz6x?h`uP-w)c~4D!Sb z|3&j zZT45SwCdyJW3Yv@*n3m`50_!T!{k}m8zoSN@u;q-L%pT+S>a@QMGZ%mYT zV3)kfP0HN~$`|4IWI5+%p};pZ8CKmFvb>bI%igB{%A zHubyjtA7tR@Kd)3dGLO`l-~#a6gt?i%lW*%svKke&e)o&dE2mu@2jSIdz$jkaTZ^D zhw_xGd=xghz87%zJH21sd8g{*Tji&*vr5jz#tL~ej;)g~;pAHRuDIr9zLvXSYlA!~ zbZ~vGxw^jVqkNO{GdTUNd`tD9KD>VXKDlk^;QXaFD<2R#xL!7&Z>EsDZ|U>X7HqyP z=etY&aa;q(aA)k%{{c?pjW~n_T5Jx0gB8oQj2Kd6tp{J!&U z&2y*7HL*|L1sl_pkBRE}{py0y!Fmp#*LIU9AJzH0six*T56Hc6y0N?-yG`UWwN#&Z zQ0|Jort%`3eMl};TlIc3xjoK2EPslP7V=q~#ZBv|-+V;*R2)mlC$Nj_)uq0*@-aBk zM&6IDwsO2)P#>Hh<3C-G?xDlavw8aas`)rxN%eo?Ol7(5J*rPummTco$ZN56pIrQ2 z=2w#+#i^K_ixXw!LpWYlzV$x!r^%nkscV!k#L4pVdF))&@ieTjem}qR(KvO5yay)= z$!3F~KKS?Qc5I*#oEGE7(BbpzHsuR&rndYq&N8pQrTTak<-F{`*kc%aK9di z^5)v#?GLCv$^F^~J1v#3#VPLJa*b7=_)q(PCUPs)e}>cCzZbE`{rgZ8^=G($Cr0La z`=NvT**vEExx$00_s`V3eEm9M>zq6jXRp8Ka(*PLH{{!zs^2LlzZkisJRhfG@;U65 zlN&yye(PVY_co4Ql7GMs>s{ZB^{!C=bD@L#&$w#f<^3%rH_9vjC#t`u?&ZAR!$E!c zeC6k_S3-yPYZ2x1v2~UF2X?NMt29@=Sz3Mu`-SBxI9pQQi!J)gw@`nwpz_B<2lubV z{W}gP@DJF=C0nXKiJM>t4-Fk0k5xwV7vt1JIv;=ISZlfZBdT{Em3xN{&X4t-?vJ_T zc3tH^W23TMF`@l*OlJ&{}yKx5FMDfiw7P?Bl<17U#6lJfqa|%lA)59K-L04)@3V^`_9l@f#QT zd(yVDdr5A94MW%G<I!YA0#cRp+!j=64ByV+M_9@WIL83Z9~dlQ)%CZ7K&G7J3{mJqMY&;^L++F?l8a;omNu8|M+S97!@pw3O^7zF(K5NO%Ey_#vNb>ac zfc3Uco%H($l@G~0SM$At<2iDVKF#pE~Kcd45jE1-vZCuU zz906F(|Vqw-lcvMxiMGI$CLV~-^EvBA5X{5W2#@DnY?UY^_#d8F5s!y!=K>XvpT=Z z-J$+`Q@INcn#nI@d2{*iEWcmtX@95s3uEL5alBad@8Kf;2OBRcZ*v#x$D^=6O5?4> z7WrYE!_Dqizn%4CYpnX;#^Gq$xJUIl*4rNE>3^oJ-iCXxb!&HhmWZK3hXf61e_!P07oxrJ;#k#zsq>-am@N2#>PV$e-jQS z%2g+*KW4n^u}}SM9N^8^d|3VFMD^R`d0b??*|?DPXF2Pu{E+%1d@Xhve+n+*4O!0d zIq_lj8%uONI^uxwCSn_Zh)wE`o1}gVx5qg=83!EyPq0m1cCz~O9M3DTakADk6`Qr> zZCQP1x#lD4cW#h-;0Qm3-5ZsEhx6p;KC1qR@do4KwW@y?n^(yvOkurO$XDWG2l-L# zbd)#Xn7rat=A*wWj`362>7@Q2v3I51d>ZpVD38M71M*wg9Vh>dW9nP`>MxRy!Fl>u zVjKT~-SHZ))pYfHcr-R9C|`}k;X1#K8LBr%$Zc?d$6#-m@^>0&IqLgid!*L$dY0ou*kZpI%u&CM zhvJCw-@tkL5946F#&7-r6DGhT|{g7qI({{1Z00er+;O z{pMojBXD7*yc*|Q>hUi#U-eN7`3fB3$yrYQR&0;gcvTjt-y0|Q#wK2p<wgg2jQ;^HP=DN0 ztQU8{A)bm0%(pS~gBt(Tg8D<|yA|ii7vqTWzQ^|8>d!4q`jhV)ygegIzJC~#I{kcH zUXR~e9EPf|^tAHm6S)WWN2~rxY>kn3XC|+;Nc|@6h6~g$!U6sk=f-Nh^Pf?FI7jpM z!w%O&uVNP;z#jGWpH;s{J^&ZU-@*Yt{yEkA)VIYZ`GZ-G-@^s!jpx-L;LC9SF|B_R zw(%!8q`uq>^k1O;=W#ek_Hq6(Im%34VX^vc+zCh2PscIdjGeg}ujY&DH(Sd+aNJ5> zfQvkzw_%6;q?gnmlV63MOVmFdyLclm;!~E;|EP{vXKZjiJrn1-p4f~XY`(017k9=* zu1Dr#k9MIRQ&~fEzUin zd^Wc6HXPzwZ>Zn@SoL>c^Aq_M?BRcK5nr}U{o#7mKZ@-Q@)jImYq{#JPnGw_1-vrL zKT}@zf9wx;#a5(zA@=e2*nC}ivlZ+QkH^MR%6IY`witT4)7|RTc*7HO4f(F zV{^Ik0Q=Z@OZDdelwXaD@5!^U`@S4!IX>@g^*bLZAB1DP66aSdFZ+(_Lwp0aKU6*s z2Y3(8tx;Zo75l@3u=$blce5NH|E}t-waRbA1^iT&uT%bgmg5#7{hW^vVvpms9vdsv zfA)K-_wWd8ys3O$mg6e#tKL|t{8sGYmv9mPiJiApf7J)-kMKO4e_Qz;Y`r5lT&?;7 z9*(V5%2#6_SN@Roy{o(r_VCgy50#&=M)e-W|6CV3+St-o?eN9~-Y}zRT9JU*69r<09j4z$Wz-K32WcK>asjf1~!Z zAoC36UtnvdTOIE02fO3}j-J%||HdY6zfJuy zo`ZAvD{MZc{(9S0UnC!d4g5})Gk^IVs?X8i9b0&DX8M1{!2-?Kbf@|w>|qmsgk4|(w6KJ4J7IAZ)G*u`zWP=B8K@!00^iEs{A|5Eiu>U&|6 z{N*fX{6pAZsQoqniuGb2oA_%S;D)+MbIllw*Y^Y<%# zaS=b0I{AET@qNtKsgvKUeSROVy-%Ktd*A||gI~Z~aDc0PtNs=E1{~rkcr9LoBYf<4 z>feD|;usIc`|)eIh<{6+{yu%V&WGH7Il%pJgkQ$i^{W2?oA})C)t|$6VP}h8Ul-vb zkKZ_#6ZpWF!r8R{d+iI{6BH{r1IuJs^9!Weh?d# zG~Q>}tsvL@N%hgOZA<3A8QaImui)I_HYNFgI3&OJfco7d$`@gq@qS62-Y>wvk96+O zsxRzSeIM-oAwQKmIp2=(czsD8993=}r2jaruQ&Ee$pLnbm;Xwgz8`Y`RIaFgyR==h zp8?oBUVaH%zUDiCa}_Tssc-m;`mIXx031;NIyOw@zhSqG-29OGqYCnPoG+vKKf!)k z`IKK(UnK8^^Q`|#9FB6j}N`P|}&`pp%3 z{2t2um+~DrdP4oxj;h{zQob3-1-X#rC+YF}8Ar9`wtuQWUsIlgqf_M{uz@fAOZ9Gb zc6!}|h|Eu-p{#LzzcI%S;kH8N87`yn?e^hTYQ~ll8Zz`|E7B2TM<2O-$OXkM% zi<#Hxc>IOKkL2tBQ@=;P7&~i~|AK?1@})+(lGnH3b@^dzFO;LyrIOdb6GoQo*E&Y^ z`S+Cf$2Rk=#{P%OYaFY38~4N3YULl`D3q%or}`M*hjV{x|F7U^na-y}S^kf5yOjEk zVH$5N_BsFF!^PpsPdHxnE|1TRnU83^8Q5R0`8MO=Kjk$`t3P*CcChiMyciev%Rgc3 ze;V(?6WH&s%Ew^q2YD@aKUIDCGOD*elW)KUJPYR|=KWZOXSya?iKk^R=-$oc9Qz@rU)$)bp=K74;jN{TrU%)Z`3+LylzC%s*hj=#5%~!q~7jXU4 zRBtX&J{)^^4K8A{mg=3yRo@*)crmu0Q2sj(aQoBMZ#}7eE)MW_*nUd+MYUBQ;0JJ? z$L|yDJ+AY)vZZ?eNx2&~@gkgmO8Guqm@hXxL;Wtfn|Yz~71&!O8)vHCz#XyujPl9Y zXS_|=A+K6T{no>(@0NM8ybu>A$=~6a{G79xf1>jHGCv}}g6%2tZ<(jbE$XU2oGN?R z@Z}I&j92<>)=S<2$0zIgG!^?N$)DmPdG&MDpRcUECwB0Q*v3C&7dNk`et(G0kB6}_ zRF1HRYn;n^Khl1BVt<{y2p87M`*Hqb`JD6AUtBHUi}RnzOR)E;{2MkRxmA7U|4bf_ zL-IA)U$4Ak1J&m?%Gcri7I`}Mw#qwjxJjBvn4i20 zws$CBfP*jO-C6xta-H+lpZ`+60~g7k#s25YzsJsQxn55FVXVjVK5Tz2FToN189RHF zH@HCk5xxhr)eNSNj8|7bOhx*emQop}fd3PLrEziZl zck&n5o2>PpeX;tDN94P)kKe%NH08hH!v8d0tH$atgz|Xoz9X;4&UI*k2za5)b%PX?{D!EKc)m!A(Vefk7b8*0Wzr`-|HEPBBI;(yZ z&N2QcxX?y<`Aev8A?I<_R-TH3E9A}CwdIp8Wq&Q@&e&!>kKsJmzh7goz3S_DgYc5T!jvHx+n&_VTUvB7*5+p6B+ z`O*moyHr05M__P>~dr$dj?BY#0##RT_=igWTojAnHaqa`<|KS4e&{6&7YUMMqhxgzj zu78EM!EK*j=Z56^?QFt5l!= zSa~-b;pemb6Xiu5;+9vd-yNoW9QKDZAGSuw|KI?(x<>u>NaaItfR|!xl=4H^#|^Jl zzcE_*J=n!B;TZ43`7x@mn^%8`Z^OB<%Advsyce6E@-wbezlU$dMZ5?*52*et9O2Wh zXa5f>?~Vif7`DbK-->-)^#=AoUU?pSct(~_P`(KlaK#(dZ%$NxHTLjST*Mz^=ONXX z?X3O?cf$6=$|vFge~7I~%1d`qzmG4+(R$^xv9m$`3KwzRo78VVr}y7`vHOC&6c?YD z|HL`IFKBtQ`aM2hJc#q;tFb#n{pGu=-kl|1kBc+qc{n#){v6v}|DSP-`t#(yap5u5 zznFQR{0p{lvu^5l`1~~-yNnlNkNnu~st+I4@w*n=Q{>06F;)IDb@Ka!ahm=;%#(UB z->JHOxgJ}19?qSqd^@&_`o6eEPxZ&Y$TwjV&%|CW_3yyp5!Kh~rGD?Qd^7fs%8%jT zS9vG4|B!1s>UU4q_&u@lyYd1K_jX3VAywYv# zzqfn?Hpm~txto;l!q&}l-QLXKMIMkk`8_J;-xGa}Jg%m^h~3NN3vX9{uDv`0`}jlb z4OD)7AJsek`r`r0uf-Ad(=*?%d^7f3`J_A4?+%u4#MV%G z0gn60d$7a&XWprP|32lnVT<_+IAlHhaLj(sx=Z~g`CT~2{I8}?j=%BeN+bRK=TPe8 z-wVj|?*&|ZxB7F;KN?&3eH`4Q^_99u^@V%o4yjK}esARW?}_B$aQzK zEAqA2d{W0_7WN*KH{*DwTwx&d=hfdHo7c^gLA#*ii6Z|+#p|pozC(^?Dde> zVzZlk{Qc_BO_MLdzAul&`ML5c94wSe4_3c7U2cQpnerHHJT8aWpC|u=^L^xthG@LF zuiPJp{p0{U!{k4*`a9(FhpOMcTfQ6n1LYU7;mZ54)k%*>&0*@dT)7Jl2g|cF_mQ{a zsDoT-xcZ|@|P=t#<})# zOONAmjXWMZm&zdyZTVjuca+;apnmsqc`Wuv$SZJhqAIgo#t3S6%9);a^=*LzlAHw!0@W^#7_u_nc`ms?_-jlh8T<0P6TUF&=*mzT(gUwa)=B)l* z`Lu`CAB1ujY=0m>jtgt#9a;T4*_xz&cZ+;0&b=i+gQE>{jGaiXH(C9~EjoU^u(@4+ z96P(^ud@0d<+_ikKc>DHc0O0W0O$6}U*P=La`i{mUpQ0ixfX|K$&X^Qq5LWKn#)zE zsNb(kKQ`;hkKpJ+c|A7Hm&;6L{lm1LR;iQgE3eX9CD$AMv3rL6H1^52;sP!^P5nOg zm!wXvr^0`9KidFo{42kNZTv%4&;4(WeD!Ut{!`uw+js)@ z@Om8L(lh8cbiH{M_89*WY?H6YA$jSUte?CU4)HK-9Ha5y%v{uZ|HC$UvssLX2VtA~ zrCE-D#v%1*&SpQyYQFB+#tU#r|8DG&SDT~$5MPUpU$ovS*v4zJ{5Z|`PnP2rkFg&- zDl`2b;4tgQMk$Tgd@k#uegrlSX+6uaP5lAv;q&IvkMG4c{Y$ZNyyiQQ<@ntBte^V3 zafqMGa_V}TK@uUlW)czuJE|}ZR)SW9-fFp{2?}eMvZ(esDh=;^o+=r11}88(;h){kT64@p5c4{~y>eHD0rq=qDe9L%b5( z)EBdQ++YdE1K)>@KegYbnNQMuKVci6^RoJF>hHiFemXPtJ8+1ryrO>NWR2e$hx9MN zHu)Cp;YzR4|CiQ#Ew=IG)X5h^`4PIF39&s|K8j6GzBo{Q;Su?MoO?)qHSHk8$A3F!+02iK-_hajMxz1Achl^zg8%yP< zv;0+gH@46+J1-sX&erA^QeaL6n>7u;CGWC1C`U|b)o3OP|o{G(9nC}xBy~TJ2#{(OGtNtY%82Wx7#<>&Z)8AHq+)VX1VY9J33mdn{o3i{yxyn20 zH*TdLd#&WzIO6+)&v34_)_dYA^@nZbD{vy=kxzzV}tUe*jXz#c~9d-d_M1oi+tW*oaKDp{uYO) zYCZMdSAVXW+y@&gk@~t@jR$hdiJ#w7Y*U|XZ*Qnn*TfPCueBSl3cd_zK*vQG1 zK1%wN-wV9Pt4gjn+NMrE?*@Ec9hy3M|A>E8{TtZ%M?Q=Tf6Fb_s^0ul9*qk}H7G5ef-CoFE(|2+TkLegbn^aWnJo|Kg{|+ zkt5s!$9P!kWdBw{zeldY0X}uTa(kijdvS!9W9Mn*WjCn4i1XN6qFk?MVXCAJnTUw{L=7uzo?KYye8BRm8< zFDZW)7jd~ws`r*CzY&`+GaoMCy*T%Z@m%Y@eb$#xXu^oBF-#%Dbjc&aYfq%|8nlD$84Oe6n0^ zyXp;m6OJn>pNn&NCoWc0e(DbOyZ`9-y&G|%jPhAHK0)4si>2i%JJlbTl5fQJar9#Y zZ^7Xi%1{1W{dPmS3-%hw^Kn#P{tEl&%4hCUzkiP07u)znY~Y`9A=Z8yd_g~Uaeklj zH?WD1;KE+zt-e%$4tqHKM)_)N;WA&TK4iRh*!)ZN6Eh!`*JAq*x!i8`TffRzVf&yw z6&HV&BOKt9W7b&Z>s-w zY#p!l9mV#=%A4$0ef|=82=?2`Z)20Z)c2~7nk#RYxtTm38-3}=g}dZKsnh*7)P67e zL3Z%{sgv~=xSuA(-XYyDbNr9YkFUhWof>}v_M6J@VYjsQf9y}{k8Rn;;pOspY~Z!H zc$xAO52)YAdFNl~6!$vy4S77^M`43#YK)(2p`ip01ykR)k zKz<(wxZkIz$nGtQqYKaK5k*p)nP1cS@IKDre{m6C@;mDdR6h(G zI`Gh0t zk0#4)ap4hp6n4hS%dtC0K7c)Z-cgNLz_(-jG1V6`&y~01Jg)Mm`dxetHs`5+GR{qt z-^Dim6Fd0AzcilVtNvab&5#%37=Mw~&s1LJZ}x+)!H%c=AzVC7kMByHt1bVA!!zaF zKN`=Op#D2>Zk+r)jvkV~!QObe_P^@)xxcGBwt0LW!{&U|Z^-I#+5gmUE>PYUM|d(|8_#A2SI1{C(8R z*cz(G^C#>KkuNBf^rxR!Yv}!ZNb2PM$-7nKzn(f-U!LoYedI2G?{fO_s?YKF4SlfN zN5|(CY<{Kj4rSggHz}=tE0)LO;sxseEb~ROb%N?++#iQ{IgW7YGO9PY9_WM%j6VYh z)PI4^3pL+4W!WG3aBSh#IL@iQY&q52L0}gyak&akD3+eXTDxI#?Rsq|AZsJxzy6b${hXc;HTBiC7U6psmCZ3IrTa>TQa$Nc(^;@_t_PVKl1orVVT)>BLgwH*h z{o}s4$oK_pkbj9yd|GAJgS+4yo{4R|Da#qZTov`(xINC}2eE@!Vi*68J$zwRjaT4! z-;HDDU!0l8=Ubd7uU$?34(^6sJP-TKw+R<;#Z%ND;Hz+mC*TObhhzL-*3W#cs%t!- z{S3yr?D`qUP4xUdp@!-`@++~={lQ~!f%}91hofFM__t@Zm z-$u1Gp8cHizSw_3E?_s1cVp)jxyI@04<6V4y5syDc^`qtxk2stupM9qKy#;dL%=6@h*zO~5#RYyJt5k>ne#)=G!BBYyj_#1xVT=2Hk3Ea^ zbHA^Ri~UtU99#YM_`Hq{?(aQ_!`qcNtgG>y4ssuyl2c79R* zBo2R-w`1=gx$3#<&;2Q1gJXVg@Uooyb(dqG&%;G*-lYEe=V?6Sdin0mJ>?g%#r?Yb zvYg-FPOGo}{3Y5?S6pl-FTnBD@}8`o`*lxip#B2)>)wo=j;f!R`Eq$H_D0AjHdKGa z?{`;VcbxJ^u=A+ADXSkveuG}D}{^C0M9_+4>pT!2h2Y!w%?$@n)f%^TEwcgIyIbEKQO@2SzgbNjv zpLn7AgHz-yv0X);fTI=i%FOS`zhjsCa~ocy@p5aF-+|rD@^jeUAjdf5{@SV+t3TSN z{pWG~mF#2p2YD+FxWBeSWA&S#EAN2gZ{&&Ci{%iz++X{9mY=2d<(g+L ztvTb7-+(>rr%tZNUH(0=&#{kdw@_~2+fpa%_vv4N%kcMCpQTPdk2-uFE!8q{@_lp6 z|1Y$8>ZISKeju)n7pG3X4>nfn`{2E}46f5kxruwFPS$U=Xi@U{_c0t@DsRQ!C359U zR3EjHufv6l<%hA|T>cOn&E#V*Re!#z+!}igHGdS$o)r^|A33rg0SXa6T>}&remp4O`RXO6@d$!I!VW{&e}#%%98eV|#}D7dGe1&D(1{>v4Gq z_MVbo&+@0`-*7lfzW8$W+q30iIG!uNkKO0x<2oeu$@ecI-@kN9ojgAFF6ACBd?mky z^RfIp4)@57I;!8?E8mCXE%M8_xK;iYJ735bU!nf^OL-(N?33S2ovhb6Ro@r=LvF5B zUbmC_gYELw*t}dGj*SlTa%^>!kKp_ja^ovCp4(p@k~*2+sHyqiA$M+4{tvdVlG|LR ze)DR161E(9ed=Vq0^?P^TJ^ck%5T9D=kFBk*veO9zpZ@CHR`w9%XaGjcR$KKV90>OaHoJMv#RTq&P@E$e$*z6txwN7TJRbv|k1yd6@1Wm%R{bYmr}2Ux<>olY`EVOHI3FL!?q{msn$>TVD_pPf>`n5O zIR03E2wNNEby@um`3N?7{x`fq`>}X`>Y6%vy|NGJ^=f+R#hVnpct(D)z#s>Ki4!Y^}yk!^W?=FwSb`SaE%(uyv zZlWG{#a3_S3$c&)W8-$^4R2<>cm$5|`#9f6^`*P2KEzk!Twmq0Z~=dg%{!Ezb&L8v zd?zmAWm$fw>i@;&UGnAK=*P2h5%0owPu17%u6m=Fd^`5=bJ%v2|A3tda)Tb~kMMoi znW+3_T=e7vICy~mo~-vlc>p%X$!}mE|AEc%%A533e~gD><5uM>aKw84#lgMGFLRjx zK6w%@oF{*kI(G2Vw6r zc^x*|%4glK`k;|KCUvsDu##S{z9Nq8^3OQm zTJCT+>u)bF#?IaH0c_tR=k8H`ga=}0nDW=KHC+A$7jW)g^*bY!yEr#eegzw&Q{yE|0)P zyb2rrlpC(Ls2pC7DzEH;M7AL0O)yI=M8P~}~4gy-SlOy!?vd2RW$!RmL;kh@`%`p2OAmCwT--ieKyl~*68 z{`^gHXY7#A#4h{YnAKmd`YOZeuOoNC1w0R%oNu4w+$pL*bp-vmD-Nz!J{z0Y$(wM9 zD~?ouaINwyasC>4BF=S?Kf)$1JxcxN4a(c%2#?18jmqD``RnCBv6GjZjn;Su>$x8n zuTs7O$5+TlQYY7+^|)TUaEzS8_oYs**FsD6FOfGR--m5{=2-Q2#Jy4{{VtE^Z1OyL zgm1>>J@q@d9ljHL*u`(-VfaYuWWM4TT5rb(5ifxd%3@%CBJO6#4jvRqrs~_1HR5`Lo!=zhIyFE}NwO zkntYEW)1ak#D&`OsgqS-wB)<6Uq^lm=jzIpA7MW=v%UpPng#@y#YEEVRKlS+a#>U_BYuLg6X7$Ht{OhKv-#()H z$8qtfd;ka3U*M}g{!aPe)XDpIVU6CuUrU|59(X*T4&sM#!|BQ+KA+y1I(fbs^|YQ> zQzzfYyVRDZ6% z^1HFm^JiJ=WIqny$Nij{@AJ-{rGEPief}GS-81F)u!+stsxRQ%aZLZKIKW4-P5l*f z)F0uw*r=oV_TfBk`k3l1JQ;hI>UUxv*PE+)qqcGvhxkow_EuhX9{a)f;SjIG9{{VLIZX7wvn=DYhf2%wdTYcs4ae(c|smJrM(?|7xU>D!;gz96~w-^_0SH1D1 z^5XgOb=b+tPvH<3v3Y^=%b#L=@+Yv5f5JJ&Z(UHmjc4GXp~m|PyN%@f3srC4B~Qf# zd;oj+nx|Etzf<)~v4g8GQXX;qhG72=)o;c2)$-}js6N1V;|MRuMO^+_)q7W|zYF&9 zLTp^Ad>;<+dC#fey-2x-W4sxg7b~y#yy|m!3=S?-z72=C(F>}#dHlxWBHoCdy!vY| zR(*tBT*M#a!nLYD^+nYO_-<@nqkJij@jp1Mt33Y_`#D>F6&vKGmMAxISM1eM{qxv9 zOa22F>d75nR=;tc{1lGPl@H-OdHYvX?~u>NCf;V*CjHx5+q(LWv+ z@OB)ZqxIE)P4z`Q7CRiT_1Gdm^>x*Ulhi*D=O@dnag42{s`npJem^!ImDl0|KJ^X8 zFQeK7G0BbH4KaxOjrR4u_Y^mH$V52e}&#@C(?* zzhECXTcQ3uegGHob{yf;-&DQ9{C8s$FUMXxt>-Unx0l!!lmEVr@v*cws#>P9;&sN?UTXW>6v5ybp++)gHtWv*SS)PjB z)8yS*UQ52{UDX?>%M-AJci@QnhN0?X#v6%!>epkF`daU?A3PN2s9%c%Y`w4g2)npI z|5_Z>)Ou@vp!yK^!?{zHuf#=s!fMs~HI#S32Km!Cs;>N39OHH$s^2+9`BZF@@67T` zl%Kgq^U-cEd64C})H>BitnWJPl0SzF zjCUCO$;>U}&N=blvlH7-<;TSThQIr1c2z`L;9 zOL>Ehs`v0{T<*GwV;`ToS@k9!fNlIKjt8j!ye+CP;)&RC zmG8n9`2|~5?_8#QG&XttU5|6P#x~VQ)DOf(ycy@IufJXOg|-@hI1cbf*lMG^;ttiv zxC;)OD_@-DE#y)=SwHTIb9gZh@!#0T*MF{lgY)g>%*=P}F6Ab^342X7|FhU`CjW+= zE^_NH)F0s~xQM^T=1r<^_ND3zo#hEQz?-mjqw?xssXoTNaK!t|TiBVa`jd96zK93l z!aU{cusL5oBUXKYhhnRm@@=@-K(6<->Yax2Q0(J%I7fZ0J*v0y0333?w+g%UHQtHe zFn%Yw3y$y-T)0B{5gg!ld)04sR6YsE_%rM`QC?@C>T^8aL$HBA!Va$at?Hx3>K}k( z{1MJyti0NHsyE5|V&?|suj2?GvtRW^+!YtDSN-!iz`tYbI_0gtSAUGh<2Q-XimETt-x<5)ui`u|`-|!W+!Kd4 zYrfZTgi9S#y?vANJT}Om$jtr@;{xvdtNL9WVEZ18cj9l#^Y~62-lhB{0(C&Xcz|oYW`Z7y5iZI0?_iJ5wj~ zTPJ9|hDYRlX?Y|L%gCE?OnsfBsxMGK2z%u3rB3EAFkhuVZT?YiR#83^=PJuz zVuSv3{#AX1`=?I!A2Q$n@LFvANBxN!?*?q*0(Lnbhq2G~*5$^DCF^&npN(_mdr~L! zN6dHrG4c*P8pnKJyeV~ZJn~hwp8ChiKKmboi@bmB!Y0lgr}~)s2{>T99jTM`#LQp6 zl)N90O`Uw7T-dJfr@tVNxc|51@ybK;xv7)&8iTdoL#dPTi`3^!t3IawWo+!w_!Uo3 zfBt^;_s78?d0Xn_`|q_a^!<0!GO8~QRelc+>0g++efyH{%fH6C%jGl5G9T`Ri*1w_ zaG|xl8=K@-IrSTie;YROGuXR~er&gsYnEsIZRH*~kDpAP{@$=&zc*}4ogPolk2)u+ zKWa)pwpz(^aoAkmlsb7lEspm&6=WNaN}W7@Q3ut3nmU=!tn*gM@jEMNPWv6|hhqdmP`%sguWV2an%3S>8$WRWnuZ(|;xQIxC-z-7fNOT<9*Jdy@KdJ>&t{ z#BX7X{$o#8ecVm;*WeU|O)Z_Jh>g4ztC+Yb8n>u|y zalCp|kwg4;>g4zpdTPAtRn?#4_zz2+^vBe1$Hq=Qe_B*if06w@f%CZZDM_9j|NR{Q zyHY3fkX=DymwM3{dtbhDK%B^Q14<7Z%Cc=8}y%dn(S27cvDg* z$L9#g=Z7q>p}cl2)w}d}!G+s({GPR>gT6U z*59#-*1rtT^Ej&D7V&$QI(`Mh8AKS#YWSoLpZp4_x#Jv(uH zmiG5I_Ug*#)YJNl=gJ+i*Ff%%^OigpM`y?%;oO<>_gO#lopi3ox6fAI4*SeE8i(gA ze;mgT$}6!mUfz}UKOp~!^W)^2=V?CwSM9$QE`BcGj?JPx1>3*KE3k7&-ko{6Y}D8I z;e7d=)XDvB)`hy?tuwjxj`C61UMDZa&L{F_9B!2V&g#FC&uyUjoLKIT%{}r1*xxKa zhpof%I_z>h_h&iB?}UaL-ypA-Iyt{~T&MG^Ek5%axd$$Dtvn2$MLrYnr~hUA0{#f! zNd4Ei8U72Kj9;~p*7E}S`8dzNuXY6v$a`b^u+}#!b@Kd-IiIJI7a9LWyn_BUxH|b> zd^5RmzSiT6*Z8O5ki13eWIpE}9skZaIwHH&TZ})A+`UWr^Qn{9k6iZplsdg0;Qi!l zY~#P^x60`JuaQ%|L*6)bvYu#=#=ikOgXIC(`(B=&d93_W>STV8@jfNbPf-37wuj5d zU!eJ{hvhR;r~TLH^}GcxFkTnxhydWqwy}sxj*Gwaj~?<8=E?rFJ`{y$xY6$b>zk_U4IURUe|cNu(w(smerrG`dOK)%1cux$H!rRyU3#|$`6x!{a7jXO3$$H`wRex*h zR-e$UPph9=i?sw^E}?Anri%fUyXkz_K#|Rty3rS-AsKC?BH?K8`ac5 zKXv;2>Y?Y?Dr|hA$Ny{UgS%9JLNm?p)RybuysP*+oa-w8gY&!|RBo>I#Z=v{pc6O`SeI_v`wi4Y?I4zZnNh<$XhWwTB|>vruAHqIvF^3iSjG4(OSMIb933l zQ7d@?cBp?Xb@F()Jl-FsPLA)Lyxx6@UHk|A(I5K!Th7+{9FEu7sgr(}*Xy>}!#%K% zN8kdUivzqOb+X^+i01n&vvFd{@%aZA@%e33ALCxw$*X=O&fg$Ek@-}41rBeOH)5~1 zT*SdG@`-IVU#`2{2>Un7op7G|dvSQO@`tnfD)Nh&8Slfazo+tVv3ZPq%w-&(W92h( zk@4E#pqlc&SzcZCuvbQY0=t&HB6IS(mY&aBaF9HYQvZR?Q{-yxv>u=FTj5+^{ z4tW&L-zm?>=H2qD%(dhlnOWZv9CTJ*y*-Zy$Ny67oT#>IqVl(-inC8_l*L*H+jH5=%Z^pUgb3$4_0_T(K($r7m0I$yalk223|0&BkUrTq; ze0lbJHnwW2z5@{5S!mQz0;JFIsNj!pIN&2pY^Wjbm6xVQ3ia4xw{OpkY4 zY;wN$#(wfRr1=BbOU6z8EROM79A2gT7i?WESGiL28@wJ}f^)Yk?~bEB@&huKB&=NYdvjz*|{0Ja{GXX0XM`Bfa$kk{kz1o@|| zzl>ZV*>}nO56Tx|XPn#vM|c8Ge>Y6`^9s(Fl0U=Y@$#W8FDsvXjplR8$&GQLyxci; z@_uZ*rT5c*snhGrmAYPk7}vuKQzr`vc>R5s+~e~X&A%<7NT`}JR$kCSU%$9&)EdhSx}?2~(D-Y<{E7WuQ-{z3VA zZ2Tf0%>2Dv>H1{8>986Mv1I|s8N8@<1{1gr!k>AhiACkYt_M>vy8#Q12u-p&_V$`$?K&d#ZZ1;38|R*u%XZa#`8o0hICxC%jh)Xm--9^jd|s3~c|EcDJpKW>`L*g}94*v% z$0XOi>Hh2oF(D-h0-%m1)Q3qSRKDWm{9+f&7Kc;^!c_F#4DeZqPt55D*O1&26 zlKZAoe}`@APfXqiOU~EizNM1+QzysII9c}>v`U@4-ge~mwp;4slKh$5OX~a3?tG|f zuQqiXoTL9X9I)SEsguXE!1+6o++U-9KXvl_40(TlJazK;m^?nuU<)tDIlLCzco)v& z1K7dGCf6M$&+m#`^*Lk^C<%@_3$foAzHIZ-{*!&yF}C z?~9}4zR7fdV{tyYFEaJxS&rYpc5>fintzG|{B2gB+*g|BMsKahOYRd*eHwOg)70tf zAJ@MfQzyr(!13sc1AG?_@kkuusW`@qQYRC8tmjSa!eN!)B9l4`twsK`?2QhdcGa?MrFMo-9)`nyJkuK9oVfbkHH?Eg?+pP7p7D! z>3nmFH$&B|nq(zb`MvMe=vC5h`DY3-8HWuuuP2IKK9z zlKKC_`Mg~9P8~1ffl4KL1MKyXFT?&+`4(JwUcMj4v*bsz`upTXSw2u+g{>j-&aD0e z`PVFeS~l;}`tnc74Y4y^Zihox?tz0|@{laY(=xNa7jg8A>epp?cX=;%ss9^$Gn7|O zKBuS8-#o|fJZvsdei;rJuUqDs$_HX&v^)tHo|G5j_#Sx$cKXWOa7bRv`tMX;?j9ar z>d(d&$DoHsE{HuX2&Zmp8 z=WD!9*nLjEEvxS@kIM3A##FL{a@qaB>5<|ACXV$r}e}W9UvApC`}7#ck?;J?pQo{3Gmtt9&<(*UP_SbFX}2f2}vzEuVqiSZ@#)75%&U#tII?BmO@ zSxx;n#lyZT3Ccc(lX8^@{sC0y8{Jj4GCL2T7k{uuU-YQEQTR6+UHEUzdZ$@)$C^!v4*qN&%97PxSc@;vtTXnYs@ zWmP``2bJad*ubyiVtM6ju>Ft5-;E=D1n26jzUpAD&ulE`aPC6+N}MkzJJ?~qp*U=+ zd{)+9OfLH#Rn zzK#4DcH7E(v;Ge1Kb-aVkjstG{ByJa-*D>WdeOZ?{WkU*tG*{TIR2w>5iiKhUdmU5@`B*x~yBq>;(|$>$fRlRp2RlREvN{I2G2mia~<|Bl%IKd$aP{)+Mc|M*xU zYeQ)f8l<9RN@=f2NzpPTq*4>f7Eacr7?PxLgk*`MP_!LsLo}^g$RU)a8X@tq98%W! z&eijA-EP0z@6Y?~c`dKGW;ru+&b#I*??-=^=jUPA!((Y5?^ge3t>?+JvAFF5|Nf&?U%sv8tAf4TMuPa*TunjxdYC>DqoD98S*vO zZ_A@_*hQXX^NZyfxO9%Z6erinpJ49}`CIIMBUijj^~PJ}GjJ5k9dTNaFUG-5@=)wP zEsw@!KL4M_h3k~hw$6Ugw(qpUrNQzC*qI`KZQHk(_uyodTrtk-&yM$q?^BM&F|Kc% zozE%%A8H%&0(p0w;DN^GdVAD@ef149&I&F6s`!HWy`ogasdQ9bEewXcEWo^oAdbE4PN?@Jq#d*A7P=4|7v zKA+FWL9}9zc>?Y4XM0{C_kLHt5+@b(_j6z1@_zEqHs4>~|31~1bL6VV zSv>*u)W=>!-4C=j&c2@;&hI^Y&_AfA{(W)i%2(RFsyqT0spnx__)7IZkMot)em+i* zk>A4!<9~yF+8;1h^~Kaz)i}F8rd;3Z7-!oTu{~$u0zMz-S>OJ~=6E?+^WTEq!{iCL zTuFY}*nB^=Mc+@oPM&s9{sk_aE&q#yOXTD3*L=lu-uKjkDv`<9MBKoE`7!@f!a_Tx7m~X&=zO+C#KILG4=@oBI*+ zzT~-gPuX`pyAgZu$q!){&%n_JBs?MLDSKZtYBE1!YO_&uDTs{BXnPLmJItDZbQ5xXxaZ*Ftk&E_vEA7XPn z%H}UAe-J15IUGz^J{N~GPV2}&;W9q(5!LUUrTkc2tSdLcF?m<(1)6UV z&f{Bf0Y8L`cq)!g)A(=Tq@Mf{4jRZm+MNCePgK1nd=gG^J6y&Cu(MG0j>Im0#+vyT zVUPS>oNugpcHq((@?P7%pfZzx*2&#*X{|g2d$b>g)Ah{T%mmkK3+vHg|xldk$ix0?O;T-k- zi=)StSDB>x(*9b%hSpEX-LMu0q+6(=+PG`Tj8p3!*iaXLx)0P7j@9oWA>o`MVgt8p|!`B)r|k!RYR{rv%U$amvlq1qqyl;$rVqIw(S z+|_b-93Q6nuf*=*@?F@&lW_hN<+E-3Bjq*Lb>uH``BnLM+y7|!sHat*S4D1soq2M5 z?Bag5J(L)-{!{z)k~sD^7g* zcN{j7D?O`vB3uUt-Ice&;hAzDoRAO0rTNOo;uJrF%XlGn_&i*1+c#7HuW_NN>^!IX z3eDx(IM-5chr?F#W!Po>QP{&zVjnNU0p5f|yaz|PT0!-cn`pi>agMwTPCF>S0vFGb z$6>F%{5%fZ$V;%(PTpqo9`YYJ-&3yfyz24KlAGf20=b)YUwH^F^pnTh{uj#6;o`;e zQk+EcW?aH$9N($D;#Ae+43cZ(Jb7E}b3bz-F3~=Rqs!HQ0uE?D6^HmO+a7Pk`6256 zBQ6h?51Xd?a#zXqtm)qo$9NFV;}{q4^SFqY;RJt$J+{wzLGzc$tKsB&)zcI^L*?!` zyhgs(`Yw5lZGX4?to0aqG4@BxAK>DR@{c$iCLi&l>WgoY>tgR_`E2aoCilmA+K;jx zr+k`qPF{(f`{fiD@ZZ>@|8Xy=9&e7?x5Y&~*yeMU-*3H2ei4UwH7=}Hz5}QD@adW_ zeMh-(y+#gkv{t?j$9MuRty4bV_Q#*${7mJ$uro_OVut1~;JP^Xrt+3J#ocZDCCV?u z`Ni^G*m+%^g3I_#9BtL_`#->iFXf#$NB*D9U(WF@pG)QXI9Ms4i=$=o6}J5w@^I{q)cw|@ z*e@x63CDPaZU3S2Pq8yl{@dnDwSL}A)mIv%yfe=KPxB4N-cI>0?0+pkgOhLNr8t}? zZ^ZFy@(%0evNMbI!6)Egh4MDoeN*m<3-8NAuvgIb+>L$w49>4q`+2zhp1c94@5MN4h#s$`|8P3hu_}#4+$k$jel<%`%BtL_Ti{(W)eO><0=Irn9u)9>bGgtKmiF_Q6 zmdVYrvqbKW-M8ect>2dK#kr+g|7keIZ{sjgz8M#9*LwYi^V{UZi>j}j$|vG@yW9-B zT)!`{{#yA^?Bn}z{zlb1)wX|I^(@25t;)Z~<(uRRud1Giya7(yXuflB&Qtrr)^+7^ zxL8k~gB|jXxKKy=AK1so&(r+wsmfbo?+p23Yu=xXz|ZqeE2BW!U{!`3<)H zfAXEyf6L=-fBXb?j?{Q_ae9=T*#1Y$8;!H|D)W8y4(!&}_j7x&k1H%x`w&+)&h}T# z`}tFF0k^~n?rfax&$ylH?~R?4RnO(Pc%q!cxg)i|@5Np>wZ?a8q{rx<7Txg9lrTb%18UxW)o<(qJNot(!3*Rxl!!~N$PoZxS8#QkW+#hO3j ze)LqF@;urJ=eQq@u*3c5NSwbz>-&IhzeD$D1?z9+MK~tkfZeX@zZHA(ec!}I`~l8gq4wLYd&#?vv*SB&kKZ@s zB0dI}?EW`4*PHLOKFx9Ne{whD?EC6I_U}oJv*W)r*Q={=h;OIA|FP;HPo8o!(&eQ%k>x-2i{-)}4TkGGiI>9*G{v6lCwm8NS&f`090Y8R|cpgsh z`?!R^HqO=~<$8S363w5IACJqp6?UrVdea@dcnJ3JSnT8Hae&{%Ax@36ddk#OHqQ2M z`N)IzeLwdf4ldLFsrHs~uZvtC=lFgwFwVy7!~X4wBfI};pMIqMaXXGbmLI@*{4_4@ z)$uh4JO9b=;Nm^%{{=2@Ree7hXZts3qV@ZeJolikmj}G9?Mc4Tc$Kir^Gr>g{-nGC zF8(NYz#*SkeQo}e>bV~02CJTXu)9V5^Tyfv;&D7aPaa&O_OIc>74kZqyHfrVdtK$9 zZF{^IN1aqprKQ^5@NBiOi5*9I1LJJ}UB&)tO&)MP>1o^Jp~hMLPFtN%_ZesFJ%jJ( zpQe5B2F*7I`}5@GIQdfZZ^ossIm~8t-}IZ2QVw4_~GKRb21Z;Nf^H{d3E7y#0lpTbbu!nEK1N+q|msA-I6= z#6dOXPvR1O4M)|LZ?ygEHrZG2Z#Zl$SAIwJC0*pkxLi-}hKuyS#Ju z_VsZIpO3?{l;^PDLLQIfj`A#=bdcY}PJj7-IKYRl)BL5&l%I~>%jGWExmzBBv;Sa z$LGm^;=+S!U-ezpQ|_X?iFIeWFLtV{{cxPGAwPj#@`c#1ul`$c+EPB`J~u;}{ok z0k6kiUG@LP=Jn*7A87orq1+bd{!;xBE|HJM(HUz03ND-}e}KIv@*lW}YkjEsf~LyP z!?}~>VK{0dKaCTPmk+UjnAT_ijqDHFH^8~J>faZ;&E0RU7Ro=ter@@8?3^N3 z`$+S-C(A9d^QYG9YU@4n6S&0r@ixxyQvS8gcgya_8sEXqao9lf4a7zIkHIN<(dO*m zk8sIX|Nn5BTOQ$No0|#fzkK-bqgToHW*J0;o?Vn$4-d=f)O`0zs$n9{r zNbQGVceXqk=bn&P;b4mV2QED$*Wb+ekIRFx`>Z?}`*Y-_IDAR|2IpqUM}4aC3eU+c za6r8SjkEX5_4vK=EqE{Cz7Y+GjSO&!_G0fKl_ya1^VwIcgc_VT=jYQH0lW9(O!zqk3(@_#rcul9xJFVMfC_3>(dKF%L2 z55>+2@;K~XFF#}R&hjGceJX!~%iN#*h-3OYTU1XtR_%{5&W;cF6s>;)@|63N4%YXn zeT0J#>Z+NOGP_;?)S7C4W4;sU-N z7x6{QkMb5qsl;zroR-La2vzyThOL;O6B@FJYUB^=`)aUNIr zGOH&$|6=YBJ>zVDZf5-ha{nXkugkIfhI||Lmdg`xxd>N-F9lf7Zg(|2xf}!?kgY&&PRuEiT~ua1l?%30{FqcqdNr zf!}NXGCl=6)wLeyVi(_lJvr5hJ%0Q&^SAuJ+|*!Tn~@OKAuVc67Of0;*`(#4LCef z^KZl6mzwV%>}*ng+)t`6;QHRkIJ^GO;C{0kx$}_PUyb9sa*QK93Fq-#<81qK91ri{ z*d9N$56;tg&d;hR;eP6P>~~Y%)HoZjIqPvQdG2#<-=)}jOTHDSbJYJq>rV1i<7~Wu z@s^V(JU@L)-kJP>vg*ri*Z3#m;#YD@?61@KeX*O!Ipb`7Bks?}7-#c`9Iww?Gv5OG zN7dASGcMgCmucUJ_6Pr>@p6n;%Q!p!osZSN1&&kId!aS;--H7^(KvhF@@CK9_dHc3 z&rLdapSR)^ANH%-#|JFfm)A2k=U-m!I~!-)n`i%DL!N(7`B?G-`3ty+m*E6&rGJ6( z580*pVtghpJgV`}H_qmdSg+ya&P1)p9PHxnv4?B@rty8;69@P{9OA_|!r$Q>uDP3f zaZjAbV{rj5#mQLJyA!+j$<_8yA9;w&4=Epkg9qgojI;fFG|$h=am@bSW}K~8iS^#^ zca2}9o+dcK*WvI{jsF~u@CMr+JAY`r;4!s71ILfcm*PC0fZa*Tm)iFDS6s$*|J3;T zyxOGXX}&l?@7E#`*^wjJ%TTAdA7bk`U4l{$nIZk-(0ya zF5$CrSXAC0JFm*O;Uazr`}35~z-7D?=U-F49lP`8N`I@K6gR`s0_B(59N&SHh0348 z`9<;~>@Jo!+x~bLj$T)O*gu-zdqZx3i}-x(zp4Ck>@1N-;XHmE=iX927nkt|Hh)|B z_c$6YAF)^UxUt+2`%C5Xa0y>#+pkf6C(h$%aky6bTR6qrakNf(g@4%}_(UA?{{gha zg~!x>2zDQp$J_pi{34E)$t$q8T;787_-`DpP+s#t_RmVWIZkmu9IaA5(&l(Fj#n#R zh=X_J53OI8f5-Xh^0Cel`#vw?S#lfW?EEY6?<4mj&t0YbTHF3|ImSi&n9T<(pJn@B zD6hcoMe^sk+(-V|=9kC^?Wg)8d@L?qs=OtR`^$r|Lp~0d`zoJ>i~Zzxut)!|a6C}? zUK~Yo&HYtR$o8CxbJX7%I~?yrus2Hm@3HN#ke|Q_@R=6A~l9JiMj;(TxUed{suPMka>S2&RUH$grTJDgt~ zus>1x<+#9jBXLasCvfg;wV#E{W93!2G)evfr;p3Ka5PmuvI6TxehSV%t31FF<6Vj! zd>f8usQnYT_>#N;yNtI12LkkR@?JQe zE8mLK>GGqv_^Lb)=jY2GVz(%lvGbZ-siNjj7sw5<_qu!mjvtY4u%046jC0gewEbUH z{y9!wkSiXd`C{@$IJZoBH(Y*BzRtEMpMdlD6`U5-eg%%0Z@Y1Jy>@=l^TKZ9Z2!jW zzrzoeQ|>2E#P^f?#@X}z^E}U=ZEW5Ty`}j=oaE(Uxb%elfN?fonem^q`BvSpB{)ds zFL4>~f0*Wrzf^uQPPWVE;*jyK!=*LKr{Lfnd8KW?LH-t}pUTw^*L=bIa&zNs{VH=m z-V0a3L$ULo)^`m3p{{I@A&-X92J;!F9_dTz&K7nyIe!}>@$b*m6 zKZldu_4hq*-jB#{1bK#RsX%V{ps>iM^kS@`4pTql3U|qeL2L=8S-EpHIRp6_dxl6oU155 zjmwA0ui)@#c{%p0${*YQ%=aC3n<@Vnm)YJbm9;%Zj-UG2{afqN28YM1{{=YianQcw zzc0=&Jba&r;^ZayPVB!b=dm+eo{FP4 zY}ThKj&WCGb3OT8pFe$#&F2^IPcNr^@|pVINbc0o_a`xS@nr1b7qO4$;{dP5A^rqM zcqh)`zm3iN)b~`+fz{A>mS?xyX7Zvp5to*YuE&+V?aZ#}-j&TsM_ zoa~YhK0fQ8{ePYJPaC|iePx`-wXpZ1@_IPHjqqgJw>CEWhySm#t8upfl5Y>&H+~=E zY~So;(HT*U5{pbB)IP7<-KW2Tqy) z=vt~TZl?BU;8F{@6AoL-m*N!Pf(xybPq6J<%QLXkMqZ9%ybZf;mH&eiT+LH`VLRnM zPH_*M50qbp-S+Z5xPT|);B4hZoZxl1*g^T%IO-_>jZ<9tMAer&M|orHb&`AI628&4 zKUeu<*y$|K!YN*9+jmj^8II4B_t^gD%T-TOJq6qlm%1wNjKgm7Ae-aiHt(+dAza2U z<3bPRE3g;JTd~_y{@u36RZmuZK`-TvaDuzp`~u}S;CyfSVO+dWo^5@R{4OqBEbqWx zA9=6Mah2K}UzaF94Lg11jyR78;-H`M;kbk!$5DUfMO?;faeS%r9oQWpS2%_Jhfl!% zK;^Bm8_Ad0_V^YY3{w6uF5&4ocbW18dzZ_f;so!)!C>V_)KPt9TpQ=FP~Hj`hsb?! ze5E`byEp54^*9dK9I#3_CWmvMr_oaWz#BkVNL z{3Yz+V3^u>#07jgF5(e5!B656eif&99WLYT*tt>j?ZrMm;dG84+ziLKH_qehaRE=j zMLZoRcquO7&vA->!)08lq3UsNQoX0)!hzb~XXA1cd64x1@^IU}k~|SdXUTJMv8nt% zPF#5hc8`|-we6X|<{7FlsI0st&R3E9;PNr@2<%et6SjXf<+HHQ{A+DqUHLYgF#jH$ zk{|A?p0tA6pMs;qq}&hZYRI=@=UDk695dc4I8VL;hc(syQyeh|r&aVH#S0naa|L58ECo6v+mut(ru-8zo+F12CjNc9? zb(9Y=&YlmvC3-%%oxFU2j>mC0S3!Q(`Z)Dph>Hg+Ux`b<>GNxoZQo7pzs2!I@?KoN zSgw4g>h;%a>t)t9&a?QhA)sx61|VujIuz|Gm5chdbn*IQmw0 zTBzP|r(6|BYh~Z&>*cOE_nmwhPW~s4!sW931a^Owi?;pG@;f-#C4Yg_-SV&2zsnU{ zs$TC;xt8@`@>w|iTRsm*oPPsw{$J(8aqyq~IQA>)e4CAPcPL+tOR@YJj$V>?TQ8U0 zR@BS&sR0hYP#$1+lzbtMw#irHqxW@Nuz$V!|7!aW zk`HX1)tkMKTFm>rYR1|7ylK2It!tcJ*!?Hfz7_U(AJiL1pX&YW6*$JjZF@WpC!5v& zY1<#q#zt|U?G$pSwf67p#^(Jl-*2rUFAi4z1uowv|A$@dwNt(E`^sAyXZJ%% zsQaN1ufaoT?_90+BXD}1{Frf8Pt-{7OJ|dZeU!hAz5TWQ@8VLV{A+8r??0SxtGsrg zdJ~S%vv7|4{qu17OpV{iINP2Q^$#WYwrG80T*4D^I6(7FH_q1IYoYaDZk&DJlJfhN zkBzhKP5J-izQ^7f+W!BH&HL-)RnO7wW$!q-E-oG`x5RNxxd%>a$Pq66uKI7c?N3lX z0lUmsz~#?%{=RDaZ;@AGf2+I==kc%D-KPAAvsHf{dpO0dtW&iQae%MDC44*1<9gepuxPVW` zW$s7M!Tv28e*n&XrTItTpl94>dpr3>W2IJ!u_52shlMV#*~zlRGK%0J`s5V=Yh&6ivyx5e(o@})Mv zLcSXpTFcMll>PgrbsOayZGYPTf*Eyn!@0J~@5FICc{)zo%NuO_v*o{WdZ%2uEAz2F4RFZzo@aA> z6;6Ao{}`KpUTxp`^E{6Jl;6U^FY>3x+4U~ot@kbeke4{Wj_Ia)()t>|J`T^2+uOW@ zJOG#8*Z8B1v++~LpJv;?OFg*ILjAYnq^0b1*Zf6t4}0XTaoSw%FUAqa&nTS7&)^(> z3&;2~Txg~7_Tcha@^L*>kHdVeteYwCk8}8T?9=~oT>PK5e-@5Xd6n(|jl9M7zenRA z7;63ipMpc&1xNTwoFA?JF?Q~ipTY^AZ=BsfMf^T_HF@q#wg1dGyB~74>ED<59((vd zlLs*qi}>L*!C6GzJPtkpKqM4U&{KeA$Rs_{;fD@qW(YF{BU{y3skR*Yv2O* zjkEpb^X~zlLmvKKb>H>lavZ;-`R>EHd*s=;beFsVd$IhhZGW%q_EtUNdfCVRD7ia! z81DvL8mat2Tz)~GiwgyL0}jZ4!ugk!yBBKy+>3H!T=+rT+Y=|7<(rMO<0Cmy_k&Z& z<6o4&g~Olat=7NE|Kh?f`Gku!zvpWH_ShL955ehPwSU0of623O=^yz6+n)Wk2S zuW_;FODb#pR=9Aa+z+SKz`duVy+)P zF5s?sF~1KSY@A)M!kp&63;V<50xn)JFT>@b@>cBLC_DW%UV5{963$&Gx53^`avvOx zkcZ*oQSvyPTq{pA&bBXMdlusqZ@^Bf&!4ZchyTI>b}!X<5w3${+!_~fFPz}3aEeD^ z=S$5$5qo$#4)78j;SX?(ci;m48znM(f)dV{K@vOCRd15pI2S3g_EjsQykpn?EAdy zi+y~b%@?Zu6zndN7uog;~_SdMM11{J6{LYa*j+5w8O;1| z$-S_E7 zyy!2@cQW=4Q66IdaQPk_A1yDyxr*`@9R92E_PO7juB+aAA+6TAsWyVU+qo4>2$vFg>D zuk@(g07v*d91PU)cP%bHqV^Bq_<4C6&b_VmT8X`-@^&1pS9|9g&7WMQ@sGp#dsS}> z9E_GPviT(%?`E4X)_8eb7@+($T)Iep4}1OP|Ka>V`Os@sk2hGZjs45zb8u;>>bVq0 z*U5L_LQZ}bm&upl@CM~uZ2MvIpE$-fhpHa`PUX#UI7+?%C-`P-+CPrH5o$ln=7Z%G z)=lIc*dHQ0*J*y|YPlAUu9sWl_*Jd{g*dIO>-{a*4b=WooHW#WzJ?3<6PtHa`#m^1 z2O}Tq?*5ap7fo6L!e|!NF|h)ox(_ zOp+Vp;$w0*9DDLm>l5WiaQ@C-1iH7t1wrn%~83aPX?~e%6!a;W$|# zPqzJ6$*<$wa(NTZFOhfQ@GaRLrun_M_`RjE3XolVE<$gFh=zx94&uzB-Kk7dbm(S7hv%t3RB!7W}Zt_34bgo?W zCf5H_*~bYEaWp{rQ0w}de>@IfmtVp8)8)0ec)YwDJJsc5Zr1#{s&Xq_#)ELan)0zW z$Fr?#D1Q&TC&)iwucmy&Et)SrRz4k<@6z_2hl_W}SKx58JO(HC$}i#QA^9Eahvlzv z{Ill!$M*kGKIT@{?d8vK+)CbygWu%pw`uFVgdJh2e6<`?wl7y;b?? zIOg|#fpKhBFs_$|f+^y^L4LG_&?MK`EYMoDyVP`+>uUCw-_h*xv>Hniz zZu46;-ez3n{`5B-VE1!m{fSki+^6@xFKG&K&F*ffP zc|Q9X@5DdQ-szHY9y$W*75oj_Aitd7-#dlb@V=b1^pLO-^VySOXGb- z|CG;^v*)!3jR}PR;Li*LbI3m+fnhi#@g8eT>cfzMi^1-DLB< zI^IU(q?P7-5=VF@c75%SrPz;je12g2b3AP~&ffRr`TOv{$>U+F=ZL$gpL%QK0Jp{o z?R(%H`B2-Q`R+B&<|{DYbL27k5^MTzrG1h1|B^@KHDlH1(Em&v&(V5y!lnJR{R420 z{eOpXR!_qClgNFpcdr^}$8$xFw-w~YTDqQW!sQn7PFy-u-v4gZ=Wmj$8k_T<^T9XH z#t%8ZJK6TPY5xww9v*FM)^DJW|7UPKKwfN|jhFl;ufi_%Z=!vP?fua>dq0-)_q7M# zlQ}zIf>t_yPQqbRxgCyM$d}`&nd-e2mwfqt?2|u*bL2B|;WV8e%dMNrU*Py``A_WB zlPir@y=f!49?rLwJL2dR`4Sv9l!xI$OL+p0>&w${dY1f_HS=%8-kHjOuz5SV;=QbA z9r<`1ogp{Hv;70*<8XogGjY;U`D$EjBY$n(R<1af^_s8kuVtK_-!Jj`)0Di_ zTJ5{x-~z4ZmB!imTAlOrPVC{wjLr3l?`Njd-(kGPI2x$&OSpKEyd8&^%75ARoCj22JWtolD!9bIzjUT`PuAD^bdA>^J9U-cfXiiV z&wV)lMV^BFU*-9>|1Nnwj((E2+x}BD{x0h$<^9J~|5I{h>^?2m#(CTnJGAeDlV{Za zQrjQjh|`Z%&lubPR_&ij#@YE14AuSQbeq4d_6v=($OqzhnDSA^*?OgHZ=SsPfsVHqZ2wUAD@%>D z_4oPrEIuJmn`{64i2XXU^N{Lu>&n$}{&e|t95>f|?ToYYCE|R!*f^_iI@ix@Xzx$g z{=VDz|Jk3<8)x;^<9hizdCL9G2IFl1MeWspEB3$8_BjtLFK&_RVefIZZ)@|jRBtcr zww8zBu&sOtj?dNhK7^eYr`Eha|LnldPOZ-YkEovbTiL_GcXBJ7|DW6+7r&QB z;oJ{$!8qIA9QW6Aj4NjUpM-#H?ag~XxFNfP;7x%#q z9$|cNwtst$+&BJs@~CR>eSXR~JN|P&==VaekO#kL{w27upVt3lTs~U<3Fqp{6(7yU z%l3E7^ZK#IX8$hIdep~$WnG`z;zB6*$1(e77*1Kw2{tclys6mxQGOGLKgplr($Dgr z*ulp?rut%hF3wlf@fhKxpN^+njkE3R!}WeV?vJP9om}7M(Z76_)^jBe8_FMJm*?qyHcDA5NZcuk{&= zQ~V6hbyQx&&N=cr?2~_u!w$;-zzIHjlIkt{THiXj)LZ-i9PHH9^{}sTwml{OJ=*Jy z&Gn?Yt|udDpElC*m&d{Dn*Svn*3f*5jkEJD`AXNP_sD&o&$k(8=WBDWPd^%G^F{36 z{hp9#@cB>`zl`hQS8z*XbNn~g_VgsLNd1@Lg!AQA?2_MWoNa&MLha8f#@X>u=JVxM z<81ugd~N?qT)bJ^{|Sz6k$=G66Y{^t+4knSK2@5m@q(+A*D=oKugCkKHsoHU?dgr( zLGmzMcu>9%m%rBe^Q`r$8vj)s^7*_PyLc;3c)#~6_V~W|@F!Joe3!^k3p(leJ?N>- z+4_6Ub$@xZakfA6XR7~MIK};p&GjJC`<0u>gOc|D1326$Pse$@6#G+^Z?WyC$-8lh zyzX1 z$J0U2sD1L4>ZyjKo${%;_?z6$=AX)aaQd=*70x{@kHq;0|SL7s=>iSoPHc}U)2 zoUKpJUN5Go-ogsy$Ku>dxdnEX$-S}rxO@XHKQHHT@TmMM4j+?0#3j57=W*3%S?@p9 z-p9c)THh`>>Lo|m-K_Sv;_y{DZ~Nn-&BrKTX8YsK*dMR_XPlcOJI}FyN6Xc5dXL-? z=QqinalrFUgu|C~{@iGsUGMwcuj~E2`0a`EquAcRPNRS6PL00+`?36<&F_-G!6EH; z#;BI5j}M)y`n{8tpM;YWaOiskJBD+`9;tFV~n%$oF_EiWLzl7b8*;6^{&J*&u3p7XX};Y^Q%nm(Z0gV z8b6}_DaKj*=B#g9T;TUGJ#mV!!XCem8EKr=Tbio+9>e7(s_!N2@_Xwyac-L0uf;{Y z**IITi0A45k;k*u{=io>pFc-F7JDyh|DJA~ogYaX-LJPGPajp@**M$3F~?(na`ywB zFT-&7p*#V5pU4I5eBsViIM^uv&$hoq^Z#d@ZC}jxRiCNtNgHUr8sfO8J|BAE zV6ggMip!VF!*Ft?JjOVCUsPzX?-w37&bD_B$LlM`+4=-LKQE_$!0%x`#ib9mzQ5wM z6YD>VdQ0*#IKmCAU)TB9&bD79UxfW%RqtTz?2?CL?+uOr08ZH7&*Jh&%ID$S@A7-t zub}JaPTRh!eBf-=?`~52>eheCXX4U9YTq5F$I92>;8V4~6Z@abkKp7lc_xl4s{bln zJWSq>%O}WtZT}zCztSA)P34ntd9U2s=9Sd{BI}doVL13&?eD|6Z{??PewEtK#@;%4 z6^_=+UtsrL`A^&aJ=vYBg&bCg6J02Y1H9aEQkmXUA*EcuyK< z$FtA%^%di6{D}Lh*KvXKZG+7lYX0xAd!Ej(gNy2)U!nDAfc;bDw${8K?1>XR1V?xT zj`2gdfT!XBFR*654LHZ|jke+Vbk(y9`}m+&Re!02wx@>mgKFOddyIE34j)o}8BQC> zH)DUi{2(qd-;20-zUEtKoL$eH)%w0{y>YgGqT6+UwT1RhQP;!W2oeKMEOJO zN97-J%-=USi&dZZu<~PYyi(V%y4H0yUke;OFL$+mN$!i&>GIXa+5Sj)KDm?JXZ%NS z;TW}l0f*erEWiop$9ik>?b!cK{eLsg=6j6wKj?LBU-46&57lwV`F#fVS)cAW<@tLc z&hfl-D~=j#eI{UMw#J`^!@t=d##ue~`{oVC+2?oKP2Z1xNqcXG#{13opCwm(L-prh zmQTScc}tv|uDm;Tr)oV08)x$!!}H8=@;v9`cx!$y^D=f=@3(RBXpOf4CwyLPGtRE( z9@q0d#@Y2a;(C0jI$6GJs?0CD1Nc zVUp_Wf{VN#9e_)xD8CWs>d5zDXP~Zk(`^4UH2<5ne?$3G>w@;@pEx&FK5?1qDNdA| zV4v>?y5Vq=@*&3A{&vpS{qjgWnf>tu?VVTEejaw`$t7Io?;&^MaHQ7zFC5)1S6!aX zm)(!Xr|S14&5g75i~DN(&d1@U@*o^Mt@&=pDV}Ie|Cg{kQ2iI<;sALacKXO$a6tc` zu-{1e0V`CWAIUYWc^`T@cIe+07ioV1F0nmBaE^Q=j;ZGnn;)U$<3(KL`ROg=Y=0Hl zKkM-fyd4+uUwAP-W~KTEe4pYQXX_uW(*Eg$^Idg548kez*T>-!_s>gkf&2?xBtLkS z#`o%L|24wSMY?|-f`i7&@3Z;E%3rnS`|XW5PwuSN_zC?R;fVY?9FsqYee%V&J@tKT zbL!iR-9D=4)OR$W!}CB#oHE`uIOculc${avMK~efY)yXP8pfyIx;Q1j5SOSohl|WV z2?x}>!nWu8yN|JdsjfFWaPB(o?|*TD@sD1sdUDL)2s<;l-r<1X>kPsP*WY__@h`Q1 z3VZ*^MeLKWz@^`me~JUH??2f7l~n(~IKfrdsa~J?o8bH?oxdHhcZPj{_SdyIx?bbojos?nzDKb)LF+XOm&VE~u*3HqpW%dm59U{!zoGN<(05g@8*09q z*g0AA)wem{SGG6K-cJNI^?SmeHm}9`kK=CIp4+kCTk}1H)25p5Wt==MFT>F=_5aY= zTpziA`H8<J`Psp6V~Rl8?r@wsLLjW^z+pXepnM^UdW5M}d5kaW;R#^>%{ILv7Eq z#^&>n_aBSM^Bga$tpCvVeSv+xzxV~ao3;NA*`V$5_$v7xLxB7HqO>F8L#!bmAt^;v)qeIq3WNE zy(_i9=HP(O%N01~?@K?i=6X=ZL*)mJY=6ewKNaYotXBWmuv<^t zx6JxIeO`Wq!ymLhJ8^lO`u~fI56H)ER{b8^+Zd-f#Lj%RzrwbkDc_9q&2+uK&zk4C zCv5+Q%8SP4{NVUqWo)*W|<&uJozuEu63UPc+W@d%iwTeDZQ@t;g9o zhx-~IoVDlgL9QW>KGOL2V)tqtPm^%@8hHi|@#{9fR{2^S4V6E~dGepJzewwG=x5rV zBJ&-O%X~gH#5taKI^yIK-Cy>@L0|bM9FkAKDgCF}{|hx(l|fMhLsd#-K(Ufc zl3_+>CNVPu1EOZFtTp!TM%RLshz;AC^|LB#jk+r8s>n8W!+>{ai z`2F$o;dOl8cRB5S%00JaJ~>6cmh89_{+5#CN5X!&Vrkz+jE{H8aq{okvfQ7$K(VC1lIdMX zeJ8(1cOTis=XIWnoIJPlEri$(}awM(-m3sTS}~hWtu$ycc{AIXw^j6gfg(LH5pt{2Q`k0eF-5kYC4q@NQ%;dAQDfkWV3}Xx~b9 zar{1&ob^Nha&jUHzMJe|dH#=_@jlvvj@&ypZg=7kni-xdi->Vj1saoIhSxEb((U*Jqzn-*Gqef7kgQ@U9u;H^uza zlbs(SzZ1yrkHLO&j2u-g>17$OXHy=38~TgMF7k`Iock#skP{;@zWtBvr~+^I0rKbJ z_4`n=>p;jykz=*!kIjmuKW5gTKXxeINa~00iTkrO{7UKf&m=_LCMxP@6IQdYrgWO7XlCL0p>F+VJi}H`jZu0h@!GDH4 zk{sU|=?BS9@>S$C{ik$$a+aJW4_*oX4%#0<_K|zYY4Y{t4EY&yd?&1b(&W@_`2C|# z$?n_1Ysgvhz|WC>Y%$~qlAU*e$B@(H6Ud%BA)iNf-37jkoFd;t_TCNov%3B*;Qx^0 z@-uUK2zCSraK8&223;7Ikd;z$f>>!^?cJ@Gi9yv+A zj_m1$d?`6Wenyuwy$m@%5Bgt`eSP4c$&ORO8-9uMWSO7AWXCCxSCd`zcQ`q*5OO~` zMg2Z<<{HQ^Ap8CTzLo5}4*W1VejfNGvMUaLmz+Kw{2e)UA$X&&kpBqFv#ZY6L%u&b zdp`IOa^foROtSl2a348!8F-N{zY=@{Iej+xVRGzD@C#(uCE&NonHczM#WG%}`Mmu4 zUxQbWcT_C#m1O)4C1=@wBgt;|uc_q34e;MWcCmgIkRvxkel9tE5%@}S>@@J5WY3M@ zhjsa1!OxH#KM&C6{}0H%Rp2#b*Jk*=w?W^aJTWJ@hMe67JcFFx8XP8jKZ3st$%%Ks zwU;z^NOqkJ?j@&xK>q)t^Lmh9NA~^-`MqRc8{|)t6D{C>>wFCOTXJM3c*`vE zo1G5cmz?Ok zC&%^&pG%Io!B^;VFZd2}d?YwU_U#6KgPdY~e5vdAK)zbBTumkYnT%6-)WzTf+azlqV=ZTbCaW`Hke{MDRn3r9B36y|rA|{|W8&p<-3v^!GjG ziT5Di=)XumvN`mLMOL{1zAzKQI43+XRaEcuVE zLi<0f>kokbyW|Y}&o^Y>3tMXOxA70if0n!(*-IWyj*yQed&nI+zXX5hkP|P1Zy~4B z;HSvW*T5f=eg6ipCdbL!{D}M|WM5VdJNuI}vJa|wJlQ4ta*6|Fr|erOUP#W$K9}Ol z$uauBTW8saRPyJ@F6yr&J7ix+$v5~3`Ekj0k75_uE&C3N4<^T%{;_0l(^i^%p>8kp zg3?duEaR}^=XCvF!C#Vnzk!`UGyVU8hm$i7_-`SnWE@of&LPKTTv2>4S*=SIzd}w( zTqyoU*IxzRSN>}AFY`Z%oMQPyiY5Mh{5_&R%CnmwKj-Q^3Vb=)a}fA;a(Wx^!(`v~ z;OEJ)k>IzviavJO`5-%ZZ05B&?tF2>UmvfB;$a&o)|{2|$~4A(!u==KkT zx0bk8`Exu3-h=FU9^9bI9|2DwyO)ClKSy>mz0b(0?;!slIr}|$pp0v(e%=2CSCJEpk1=Ey+bc*;J_G$T$PUKGwd4%r zaS1s~eunJ)9QGfO!AF@6r#d42esPWEm9j*=bZ^U3a2$j?pW4EZ5)Y*X03sM~J{ z{#@4|0N!Lh$?6S z(Eo(&Iu!gP*>M?X_`XhAtc946?F1BYUIr$sn^;EL^ zckpFo-_EdKOip{i%gC-#;OEJX&A}ORmi9lB<8053WnHO_U!$QvkQ_T2yf-;Zc^%m^ z2J+Elw*wp^C$<51lYP5@&n7$f0AH!gCxUO)?GFdvuj}s#ewyqU3Vxj&XMKI4^AV7* zA-ik9TMs~a6O4y_$Vu`cK_fdW; z?Xz3L{y}nLYw+{r*d*{fiY0v~{e3~XZ$HR?A-gsKZzJn))twNVkuANNaWYC8S=B7`5CBKHij8ejMcg((TD#k)6jw?%W*tb&>1HZt`(t5AFX<_ELU}E+;=jPM!e& zUy^;4JLS4f)lY<6PmYm~C1;u5X=DfaHeF8t&ynM_|DK$od`G#C)Y^mgqsR&Bw~~|O zi^y^6FC+WNACObj-&lfE`S&or{m2f^r&Gvj>PN|O>R&-lkRK&ysQ<2RPx<c7JevTX?f2&x=6Boymt+qvanW>1^oyiXN z?*qs&C*+6e^6B8Iw}ZXu?EMR$4_2)D-+_?tM~-ie`aM`@ zCwMa1wGCM9Ln-?txrgke{yF6IH2A-goSF>2RhLfzKS*}mf4H{3ex2;Q9sGlC{~&n# z9hmW4{baIhQG=HM2-$r;_!?b)7I+ys`xbbGV)Z;z?J1i5@09yK zgxob4>3NoeN0D96g4@WM2f!DRor}Rsb@@v08)U~9;Pqr*RjdCez2E98|NcYXkNh+F0P?oGLEk+U`&9>$8_5&M z9&&&@fqWV{Lw{G3SCW^KFCf1_j*~wnk0d)>$j{~E!DRQ*$X^|~it;IB*J{XTD^}yf znW&F*$PV_W+sK(i&>vG|mj|5Dc@+3pa*Vv)?(pv(2YEF)J|28HIZJLQ`_?c&y8bTE zzlQ9f{6TW&N9ez)SgwB}yq@`)^2GMA-+T|`C$k%P7saCQ$bToN$p0p1$X}2hpJ2XOe=qoVkq0Z5{3bU?`oqZaO~K>I-fvM~ zvvj%q0D*?NFir90WGBbNyUCGVA^!*2bt&6hv5fDjI*jlCRjk%O%-?{$!9Mb? zm~PW#ls$bXvb+YbCG*(*N?r^>%d zv8=y`aQ(ggKEe{8amI6%Vo^*EgT9CCWc@Ug)9f!HvXAk0x~~6U)ZYz?#eb6V_XOq1 zo#6j&a*HRSB$kncGZ>BXo&iJX27 z@*Z+x4)T{EJ70kOIdYQn@5w3J58jXdsXvzNSONPEa+>+Oikzf8Mb1+G897DyR{O($ zn%qcE+zKsM=pGS`00{Jp>g8UiT zc`M{Q)WCn7_M^xV`tKyWsDC{<{RZq)y1WDFuOuhPTh+q9k6c4el8+*%$fuH>=fnTs z$ezD|U)1&eNbhHz&xL%qI;5ATd@MOh`5bb55%e$D_3s5gqBHaJAvtyrAAWfA5YHEK1_~N|5{ysE$mZd z&sE?rbY_3wemMMR*dIrdESf|3JQm9AW;4G$Oq$`ABk- z+(&kVQQp6jo#cP%{4D%`M^00|%Lw>SJPrAHvNHmIVX}kvSCNy{e~Rq;2=-r*v$P+4 z5d8bzgM1v>eKPz<$X?oCOHNb&S#s<`*ndrq(0<2*>7Vg`7&$?Ch#aB)`Q!}sAJF9= z!~YxP?5AMINc#UCyeB#JGk6j?<79ahtLyt;@xIb^l)F|z|8a6`B=kQe$9Dib4?%j4 zVc>(wY5H#?C&xj4Avv=n_)%Rx0{js%kuQ zcb)+GVdVI5a637bMSd|mWgze!YyS{<{MY^2% zxtpA5g#GJe-<{C^ogCwOhhpQ+1fe-Al9{kO^PcVX{ng1jO-+b$X?o?Pj*xO06Fq6*uO<~ zaK2xEEd4Kse5lTpPa*qg-%WN?|2lFafcAKjoNk7{k9GU$;4Q`>z0C38;biYA;1;r* z_UGz64e~p6d-99q#L>^)6_K_bXXBnUG>-x;^Mib%R&G;Bb_K|0h1Elz!^uvz z=Luvt`E+u87V>`$IdKl^?+Kl~;P({E^?#c8`+uf9!~X4@%JQ;54kP;(!hRAt;{$h) zo%6uwk-dH3r8=Jsex00Z1^=SUPXzDmMf%Ruzz36KXM&F*yUzwM(Dj4h8+3UX{FpAE z30^_=GQX=8%YIav&r9rdB+_?<@&3Xva*{lr9Em{QN_LzKKARjT|CQ{GLjD9fMSh*^ z>4yAUa+W+`8uH`ofqYN0cX#kea>@msMov&ZhwR!5@(alh5BN@Ux)+=xXYR%Qz_-cX zd60jl%gO6EBY*Ke$On==^TE|*=K}CJa*BMcu73*Tow}TSI@!Ar^2^AMQ^AYL3G$QV z%r=m}Np_tE{#Mr~uRopjdphKU$Qklbaykb2A!P5L!PCf&Gr+C7KKWE#|4hiQ(dFd( zb@^G4zo^T}AClu|L;e%lbq;vz8OVQvyeHXxF652mGuxB|1;=+ zNp_tH-ryLN$FUN;13CL0cpq}=8*l?T^DTHRIZ6AY$gVRWZzIR%gBOzH9A7Tc?Z1co zCUQ0let_)Q80C4292p3HP1pYt`k#>F8$tdPIZgY`j%E982Kk<3&$i%$$novLN9ywb z!he7qWBGf?Ubg>vy8bS(zmA-t{XOLLJotN(oLB>XiR{}M_8*enEYEl3%mB#OI}YWE zZwekrc9HidJ6Ybt$R5`3G+m$NX(2~go?dd6^>;Qowh7Be_I!o>-$_ob2l=Dq$k&j+ zpjhI6CFB1M${mc?56Ouyp#L-3y*~VHbUe!IjzYczIo1PqDVFtFhWBIKSsTO z{v^d}yg3WkM<-D3-4*H0roH1&k7@UBddN=lBC?BoE$y8g?;ap$dy(GLyY0A&n`2^_S zLH$G>%D+sp+`n7S=WCZMR`(-$Kkyy0kDOI3*PEFL%DaY~XaPG@FC>LyWknR{2g$+V#!a8>7S{~KY=_>_S^}+o}6kydG8`8L*NuSvmNsH3fal| zD5F@?OEA43$SLw>vrxXseMoNy#ZrH6-v8X2av%LSD3*Bi@qPc%lqV>kMs|)w{sLt8 z-rz7fy&w2=vg<(bCFFPw_$I{?4=WiDOBAd6I}Xp+Jx={p2Kj$hvE;vz`F};R>~9U= z_mSSBeyj`i^$pqQJ6P*K8~8+D;vsd~ZW;&3$?QapFV^K-jMey`{Rl0+Q^>JvchdL@viD@z-$BkYzyC+}&BgoPZ<5`OdusNZ1dzUK zCww1g2sv{{jV7N=PCtVBX(Ok8+eedMNOqI&ASX{peLYW(&jWu&c1|Cv*>4*}`p&N) zA4X2k*MKy3l`i(fPS8we*IOUC)EZ zkyGSj$?1PV9wjH1jnV8E>+;k7r17U@*XiJ$Ph$FCOx5H^kyBrTFD6I60Y6LjehYTY zfxVmd2az3LLEc4&S^yA>ZU=$lV;z zPbO!t!1(q$Ie87ZDGL3__+7O6xr!X00RB>!j{}eChJI!s_zH4r5cpHFYcTlW9{S%I zd>%Qw3-}#!W(ROxFZ6v;w9hHz_&jim>{xZm;Vm^f#<+q!U?&D>|GCh64|u{_-e9;_9=2^E66`5yP5u=bLoF$$d4eW z|A+KXAv>tQl;)@n7IC z@+IUAWP z=zQ4wC=Za+|AxQ2$&vqnztH7xfNL(G{afHD*+F@doTdDGa^_9iUkLle3fhyshkzd- z`-Y=DUz4*BfrnfK`}o7)F0yMklUfEF$~JPm{A}L!KqamLdLXFNHtH z3y7Z(*_8%gsmosmr^(KDQNNpC27AxB@ZU&IlIM_piy*&&oHz>pJ|;(w2Jdw_^Fw)< zoZ1W5pAV7adxL+{dBYJ}eAZt9`^fDhH9nb~xDC97oLvn5QkUNYKHy5&r|$-bbzTC# zm+ZO^{53gqCwSOZu+M%pN=ttZ*|!vYH`#Lu_-AtBaq!5iVV`^yd@9*N{s-Cj803y? zpznSJ>>+!YevF)@{@=;o7oflKwXk~rDz_a$NirhzzFWEN{^l{xT0izCStk9C#u*`8+sCPAmoY zk+amljGRhAzJ#2<2mBH_G8p%lzt?#fc>BL1Ki+!qL1fn+U?15%0(>snu^0GuT|N~2 zJULqp{*j#A54>Z769w6ZDrla{P1fL~@24Ap1Us{8ZikQ}D&Q{%7D@$;p-AC&-aD^p`iuS#p*fKMC?J z|AzcJDBqi$=z@F&WMY8uy$Uh`ImhY(PJ8nUK zy#9?f9z;%aKk*Q9lE2q5gX{}Hzl-dm{du~55c0)j&q?4H$?gvDXJkhk*l{cJlW7GH zB0GKHVY+-acnaA|`ykmz`%}pg+Fz^dGk;6Tj!yV{MQ6&tB>R}&2Dc%9PWpF|v;5xn zL~^`$Q>{LO@!zW@9Z*)tpa=iidu+)sDjh4ejqUT-)#&gb#`?R^Jx#0U3?xa zL-z7{u+8s=e+QqBtRj1Y*dL!p_H|-^x`UkM^ExqdjL+9xL-u}w{mQqm~yo!7S+40yTTK?`L4c9GYRhmf~UB7HY`S8^k{n(QHa$P>s%lD*_0c_w)Q*+;&B+(y2h93kIB?jt`* zj*(v?FCxE1j+1{PUrpZlK9n!R`*njA%l)t{?}t@Uo}m8WX7rY4UC4738Jl4EZVYO7g4ZEcre1D)M(^$K!~P^_QZ&1IXKxo#Z{pgUAhJ7kNB+ z2>Cd&o7_ciB%ez5kS`@qAm2pxlJ6(aB)>xTkv}B2k^f7MkT<#?}(pGbB*f%xbm4>{rq4Ry@(}XX>)2EPbDYGv&hTHVRDLm8hJT6PEM0=Ca)kT z$r>)oxo?Qw5o=M*HQIy9=-j&=& zt|dpvQ^Mvjv&Azw|ti<}_8NnT9;iJT;F^BD5Gj69T_B9A67Cm%&l zlf&c{42+(uqSj*z#10_E!? z??sN0YsrhqhmzyuBgt2jL*xYcWW|zyC-Z*><%=o5ft)1YOI}8PlAI!^$;-)~D3w~$@r z2gpOnPm|r`H_46U&&VF~YVri~=1-!$Uh-h_O!82&k353hMxIEHkY|(o$n(fC^4a7? z@?!GU^+9bt|2^d{_WzCk zf$|Qb{!U~U`2g||aueB2oJe33(>@CdJZz&NI+nOURD-;3vrG z1>on&o>Re}C|2d&4dq=;x$iW{H+l;G6P?>=_3|X~?Hh?r@=et&}IO+g~fs z&E!}D{3Z1h{J#F+e~P~iXH>*gGBq zcaWVAgO}<|`EO(wdGs@|k39kXi^+*c!2eOKp7&k)fR^9wo)wny-p%L9Cn%Qu`~Cs_ z1!NcP?%G7Qfj?!O%N$vwey$nL$s_mMM4g1;tvXMn5!1^ZMpxQCpW4t|21 zoeBPhoE{6Vdk*%oG2nS*cMW(M**6ZnT9=OkkA5EZS?Zrjb{+=#i{$ud@K!HSpZ>gL z=LE>FA;-sq-_dyrc!w8R-Vxv#Iv)(aoSYd6{x>;$2zdLKVDFj*o~c;cH^KL>|Dssh z*TeRGj68_*`{%Sz`Cz}p%kY=p13aDVVS8RhPE!6FIYr(s&GgSie2q~o>8JU9s$Rts zU#Xw5e|yQLcWCT`2zei+4~*%uvg(P_6_(i zWZ&oD*U0fKc&FE(@A($&BRiP?hshc4$N#Qa>fgok9QJS6N2vc7a+djdL9y(&`Z!(> zcpdtgACTS@a>`Mq_1A@p#eat5&+U{)HiZ0Ta`JcBuhQ-BMSrb(1O6RL!9C=}67WNc z#lMI7|Az9|gOKn2ChU{6_mdqDVn6&kvO5WWo9w%n`{gTOpG|>}AV;1CUqFuE34WgJ zx&yq)Tdt6}3 zdI$FLtHGUQ=fA+Wk<+Z7PjvY*$oKgV>{I81PatP51Yb$^Q2v@?)xYPWzijlbu=Fo4 z`}e_QA33U6`kVW1_`8*I7yJJTa)kPuzXyLY@}cB7c^)}IzK5J7e@0G`_k17z(&S^v z8S;hXEcu^g$Ig#w@%{_hNv_SnpNo7l*-gHS>>++3tRo4n75(2qY3{o@o%do)shA?2y(Ab*DJeG&XS+4mB7#7FR#d==bHj=T)M zN3rVvd|&lF#cF(Kdd`nw@0ySMNnUblA$Xx;v3Grl_(@Xkxd-wu$XW8&S81pG5Xt2l)+(rG6){eqU59`Au>C^c&?d#!v0% z(2tYb$O-Z_DT}OkTBggu{zv}wEVE0$zU&Yh?Xup|?CBJQ)&rVe= z`AyA&{>|jfZ1A(RPhI+uR{n1lOMNG*(fBSa4tm)4sCq7!H@n027 zdcG+9r^%^F;9tm|x!_&Cfqx(Uk5jDbcQoX^lxLp7_2KoDM_B*QQ66D=zotAs8TNy} zg+KR9@MOj6{wn=-Q=VFd{=JwS`40RJIY!=%;LjF;QUsZAh% zpPU!~9<&Pnyp&HNyD2}5>}2^KCC4{{{ZHh`#^9RO@aLj@4%tEZE#wUOUB%L$QylL$ z{{@^Tk0fWvUF0k|L3Zqd@!%!0lf1#N$WP(`D*|6l0u`y0}8{0KglocRWPAvy6i_)%SdZ}|ICvE=6g{+`kfYmoj- zj`tqLYP|e6p65GPu^L~m$N2gf)2YekCBg8Eai1Si~O9e zSkm{gybn>H`4{9LlYQiY>%rdlBIJiFR{iNa?B|?9PJ}Q&+@tg7D9>k#r93{?|1Rsp zUpftc6BUcRjq+Z~okKC6FV*>b=zl}blK0<${{9Pj3)xu%`|HS#dhpxi%y96a4PhT^ z1W(iXVDP2n$f4j@$nKAj-u4^8-uW^3XtH}H_y%(13-G&S&u8GhH->%uO>l^uco%%H zE`JOBJvp5L58nj#iFd#Y$&OFJkCB~+A^)otOZ#Ow9_}{)_U>IFKc4K{1AG#@Zc@sFGcwg1Ui~m0Qe_xj$1G#f+$bIxbTCw;~(fEU$gK^3$M2DdOMiQGr+=IS$HQ4?`h!!EL>~h zLo7Vb!c#1KjDE(_mp;m0iel!b>+a5#35!zahqa!i(E zgd9#e_LgIRIqKzTkfTP9IyttN!!1X(9EZy>Q;u13952TSavUJXesb(8$1!q@l;dDI z4v}ND9Fyc2E5|rF#>;W29HZp$$Z?n)6XX~pN0S^A<=9P*X>x2M$F_3pD95pK43Xm~ zIrfrcUpbDJW2zj}I63x|W2hXzjdwWK$nm=z4&jaE*iepNg@2J_ zJ^BCt$=~(m?*?*gB*$iQ43J|}Iku8xb2+w@V+%Ppk>mewpZ{;SkIOM@uh!a{s@nR- zhT7pRL1JA?b>oPJMmMpcroJ&ayk3wB2F#vYTl2OJbyaS6 zwdP9yk1~?ewE_JE{^m~mP3QH~!H~apM5wj4e)x#mfP5&PPC^Y*#D)>WYg$77x}cU_ zqJfm8d`_@-7WQ@V53$sO1rhXy1t>o?{BTC4~A+2y6@I{cSB8GFj&)C?H|#a zKiyb2+#jmue_C?d0nw|j3AWaT>TBxi@~3M@_}wFd?%|Drh7nrzYDos_jsN7ehu1YU z)QxBew76@7q5SE<@ajN)b+9osywRU`60E5kA^+CZ)QqUDACc1z)<}i;MKRD&J-j}D zy4Ltl{`3g`GrZOB&gVN+Uma>`h78#rQJZrTYN!d-)wG5}TD==iOWCE3hPT$X z1oHJA3K;&$pKh(zvm$@}IVY{gZ0D0~9bR2uH@u;~rlnC5&TF?A)p@$k6b^`EX$Cpn z(&!%^5H~@IpvIhbbto_*I6|s1)Y2lm5D2z9cl~f<(B@B%FuKp39$t^yfG~HukyX{I z1$6#&t1*+g(}CJXz4M8m-04ngd^ zjsDu|#`*yD_0zS|by`~MYZ_{`eCAHq>Tb2axzom?=kr}BgOEQ|7igHws)xO)EhR?mqAK8S99}n~+8wN~3D&yn^&|uK729fGc&P?U;b#SA zhiA2Swf8t?Y5&_5?rCqGKP%eX)zjV?(j>Ej;V$VQnz*Me8uABcb@%wAy2bqVP=|EF zS9^tAD!3U<(TCUb+`Gu+gifG`HopF9pS*7S>5dm#8pdgYkRnA$bQqr zS13BPYILvUHyRQzR>_$5?tnjPBk+boa|+d!L;JI%=l9qotn`(n+umqWyDGRfPs(Uo zZ!t-8M|+@%QFBkUy=%6e!|ssOrZt^r+q#<36=kLiEg-Yc+tJbXp3wAgp-~{*(Gd#t zjEnkbcZRxpY^tKQy`!VhZk}=|Eti)x2mD=Ksy)^JZmempujR}u;W@zH~Ayt&vJ5nG(4~H>?EyvEUHsNeX4pbXPHf# zvnm_*`b9Em2u&Mzta}?tE^-QF2x!acV(QbQyYwokwcQ@tX(VVe(YLFms#r0IPz#I=zSQ_n=A0xlY9LgXS0T!+8AN2@lYf~+32($DB>4;V6_PHUBr zJ0I|ObWBq#ia=)si?2YqGZGDTcMogrke)ANXj3>E?Tttpk=`C@&#?3e?T^@4RVQ}! zgrYK=lu>J$KQ0)ytW5=#z;GAL;O6oKy8w0 zwNYd-a=Pez1-Yc!*e<&CcXzkX?$S_J@}s(f7^2JCwY2wW!>e6QSksUJMM7Q8&lb0a z5!)gu=*>ksv#Bc=(U}sOhZ&oR$paL^geoGTUC)GM~M&h}XQ-*0C*O-pTT0W~-WSq?j1f|a&P44hy1Xx?r_Tj;+ANhGW%fx=ZEclN zrHqbTMHE=;;WbVbvRqOsHjz?+AKMLj7#R=S!(INUaSYUj1=-RBdg?Ok_w`8A$)#H$)X~(_H?(Su zl%qr25($Lu#M(AdQBgkRZEU3&szGcd`IfK|9_8=o)k54xhKw7%%1r<*|6}_Cp-?as zltfJnAKgh2z3HLONI1&6ET=1*XJNI5&X-B7d*&CdM}yQ-jd_WslJbJWI?Brmsz~kY zMT_RcAhqNpFR|n!FDT4MUREL>g)Jrf6uqIMc{E5ZdCW^JdCUt6^O%<%Wez7(r$d7` zX}v-1L+K5xcM3hI@{*(5d)lCHch1@!l(z26tgoLfWueJxO4!wwkky%G)2*?qvSz88 z7Jp!lT-fw>8EOK}D6M8QP~>DsgtVauwHZ*0>|mfx?H20w$-h(loraEW+avP}7c#2=L%RJ6I&L%vXvXgK1RO|+0T9xMWD6Guax z;kluvwsv*(t>>X99F%QbowVq+pnV(Yab7jX)N695*=1yRQC*?(!ZA8O(xbNOC&)&= zX$v=CmMA$cRxJXV<|KD!Wv-enC*?v`Z5dM6*!iHSk}z%}Q&Brzki2%*n6`f6z*aRy z8$6maqiN-a2&0ykyQ-6VJ0q$qK@x1A9qR5;4%EUP=h`Hf24ui!vSD&VM5Jq(Owj~X<8VS!+1Ae}myIaD2<~C7hWdF~o(;JZ`Wl#60vCX#U$B&yl zW0FbIqn=VRc<2e5J@y3EDj=VWo?vdc(xR;=WU&uf>_Zm&P~JYEjY%?s$p9&rXzD^t z4N>ZEF3p@ype4ZmYd?$?QEXCK*FrNlqz)^h+8pYcc$96z92CkYY)~whutBw0!aY(M zGp9~d9a_JJMMLBZpj4tE+)!mJ<%AOTL#qmhBeUGp`z#{saAX#nh9k4c-`gX%P;K)Q zPUdO;PWh>8S(+#J;Qx3tX`OPRG|b@t|mLUY=^5!ujGOFcU?2<^k6a5SZ3HDZo# z$_1a*HN?5*v=dLCW<6_+c-w#vSq4VtMG8MH6ztWm!l&cjx4EFEp@&9loEhC@&4Qej zSxl|PwHT4j$LaprriqK@ec|Y6b)UoPKtDff+GKfz#WV;8%PvfyA^&YEx-cnFVH4!? zQJ}y^D6XJyRyFsw%n8lUmk6F@Nfzk{jTzfqE>8uD_Bkt1v&&y$*s08vn8cM>Vs5%Q zv!*g@A)!UN>2zyIHp4>sj-x#B+~{zAvN4~YicLTCCM8l4HV&SwR&%utvljxjrdJB4j6ojK9x^D*Hl=E+ZTEK+l?R*J!t$t0e)>_Fr7dOosYuDXCHsb` z4tD!Z+hQ!SoRyU|A9e8dw#ef+(m46-i`>-bLILGy$bMcK#AF~6UAfE&<|i~e`IxZy z&5v1jD%xGsT&i{&6T7E&HT6d4miFWINBy1o*0FPhLY7QR9>D1E%L63cA+^O?fogd* zxerp>k0|6WXVEsf%zy;RT5^AJy zNWpn+nTeRRRCPXBZDQ3Rw5>mbyjbNJRBWrpATL=l1$s8slIx>(MbWEO_AKOotz9K= zTC^ZJ2lnO2iAxv5qGnTy=EDAPl&p(d^CJ)16emYDPsxva5Xb`J*ibaAWz*8y@%#r+9`bk!-AZYijDeVL5w3 z(e~`0lcsQIiYuCP0oXr32F>3p}Tq^$J~>mX9|PS!=F=Dn?5q~`ssb)@E9tzD$%{j8fvwfb9|NX`4o zh1VY){%l;Wb)?odu7fev;A9;{s=?b@MXJHi+D59u)mlZW!OuF0)B=BN5vc}WYa6L{ zuGTtI>uajleoQquSqG77@U~WwYVfnRk!o5zvgPzj~i0Cu^Es7oJpeKtzFQu~7rriY80M{4RDv`es}*H;FOazSfQ zEgqo;rGmYp{DRx4Rk#Cft5-Zi4bIAkV}Ww9*fS`W3^Y5vQc+bEl*eIZGozAgjxtxr zf6P_sX8vP7i^anq^HyRU`(qA^#m*n|RxZfa#;bia{xOdw!gehkuKV~dJC^>j9G4wo z*TQY_akoEC^H+eT`+fQl_{UtWyDpy3-n!`Gd2j2ei{~A#i!Pq`wl2H4)$7`K@w~@% z)WvNauB$GdcfC%#c;4+g?cx@<>!gbtE}hr5iyK_6vo3D%xemIx!P~m&;s%H7po<&4 zt-~%};B~FLxWVJP>Ed<{*HITYxL%iC+~9Uyc5$oQb<)KRdk$;c#SO03Sr<3>TnAm; z;BDP>af8Ek(8Uej)?pVf@VeGr+~9HDba6X}>!^zxT(8S6Zg9IUySUYDi7u`lP{D_f zc!xTqFT8CZd(wrIi`}0r(UK~uQR?$Z)|8Y$-3Tuxsh1B$+SQ#n=5J@T-Y zdqzA?+17IJ0phI9*0$6 zEbowprTfXF)uyNXE3lL=1hvY}dH?Jru~EU3q3I z=n5?4?UAzWYe+!U`;)60)@=nNM&X=epZgYhP+wb?P4Tyy-x{h=-!fxWXyuJ+pTH_p zSGmmfD`%Q=|FWf-RFl6WaDF-GRyNUA=Obu3XkcvA4r`{aehR_A*)-Z^K&EBjK`8<5S_%ty{Xo9leIP z^laVR*cslVsnEpyFmr`Q+M2e^7+#n=Z+Ko!O}+f8SjlEDwA1JBe%qZK?U|P_ZlvdN?BDnjxwX> z+*Po0rd_LgS*kyUsbCPvxo(y>4x*v{c~|d;R1`bi5^0ldmapo@w>_jm%?Nsi-ez zQ-1u@x5UdvT3)ei4Ovtxi?qB^`AEy_Rvu|qn{tt6&@Vgw8FfpJPA0{E)MMF5%RBBz zq~(n&kF;VoWg|`94$$UtwZmw?rGfGu$t%;0d?(m?U&K1m*k7)*TuP{Y_tt(1sG4SU(F`c5_Vrlny%cK}l;Zf3 zZpN1ro4yWW>tEmGD7_@qvSLy#>$&(=1}jnd^cKF>YM0Aqxxgt|5lTV!$%E~tj|&xZ zmD4QK$<&I(c9$hr0$H)N&z2uGkb9dQp(2->2IUHyy}m(TnU!~0E{;_hkiF?)$!mFs zlf!e>c6CWhN_b;+pnq?{eBf&^koJsUm($wU@NcZEfKFA>?E|X z@m%mBy~4mXm{>pmS5z7Eeud5pUN5(GiydRx8noGgH8d7?ah2ZK&XzLDn7zu^DD+Tc z6=+w|NM**A`Ud+g7`>!2A(a^BMOs;Z7sV3exRRPi-r|8(pjvv67WGQTUr{SvPgKZ_ zs>L%XlXHm*6KQ1?CW<90Oi3%OumaW66(;JHRG6rht}rT;tuWa=^s5(GyfRbfH|Om( z*%6Vp`XyJzwiZS99*&owXFx!~LlxwZf^ihVs|^m9;^ALx0<#zM<@@Ky4OO zSQof9s<3o2VwaCtQK~dzsakPch<-n7OIehSSW&7pVwGwo5v%mdMyx1R)=HXUe`={8 z5i7%A`8E}$CizJd>CrP9>dJIh(XF)osakQ#M8BWyuPn;8zbIAO{z|oy_E&mk+h3F_ zYky6#Kebf4{nhtF|RJP%lYQXX!&Jr!;EOwF~7B7mYH5#u!s!rEtn;_w^~XjYks}K z>>;3jm#*28K;ha$85!SwP;9koQNIym-f2^6mYW}{)}>n8e0^SAJEeDD(N~m) zO-0ICqm|`nX_S$~3bK{2K72;Kxp}I5GgiJRKeS5yn3C}~p@u~ZzO-)r5PzYD`QoWi zp5I!w=EU$pcgr_;3%xWOzk6#ZUXUNM3dQo{XyzMDR4Mj>;R3N~Y*130Hj%Tet*N8N z=Ip?!JPbbFT0Z{3RWU~14&km^{ z1P|wby-RCpk!l|ymRD6wzaXG2RejqgrU{yxO_{@|jBV8^vKYu)RmN*om7tt5?Jufx zLCX(k8P1LBlAj=ufzy-^>f2@{)YTvy+ZPFU z$%EwloppVTQf5|_X89IYekauAWpX&!+tHi<{QxCYpA45?qkiSqEHGVaD$UN>t<^HH zm?}YD2T~O|O&dGSS4ql5z4asYpx$k2mQglmDj#>NE;-p+6yzphx4iMzqu%^7&O;V8 z`$^fNWF9vyLQ~hX$_&${MO18Jwy2qBW{a?3YPQN%9TXJ4aA?rXjFY!^qQFp_zReAy zoziZO7=F!4v$o7y+PQph&`|xyW=SBY<*KnI4$BkAnK@nsQNKRw)_8^zP$Wx54Gk}u_tP}r?lcT{wYJZetKDAtOXx6=l3y5+HK1C2Tf>+2)Qvz71*ul7lH?aTP>Y4TW99^(gZfeE;u7=Fo6D#& z40m;(w2};^^hI>Lqvo1Y)j5z3!-}|ujE^?JXIUTJj zODf@_X+pTWrwhLaj$I35i<(tRl&N^&Xp(Z4n%pMzrJVzqGfD=GMaS?f)cX9Sg^We5 zM5eTjPx%0g@h7H?^z}WAk}rbGH%f~4^oUHI(}jbu>{b&jQnyVwDq~!^%qbn^ zW`=wcAiqartOBKx3#p>%%G*_@9X_<724V&Ue#=&OIVYv}xo?3s{CZ}{8*q9VE_szkHMmA0H~i()yya95(TwbYGTMLimpP;$3Gb|Ir`#V*fuOqNAe)cAvA z3_bN5rW3~$x$Huc6C~b3QP~g<%P(MRe=H54wtf9Qy;1p~f1CUiVG(D36_fT3D6+lu z^ULLezgt_96#QN}$`Ht3$xiN;tD{cKSLW=sdJBFn%T7XyrYF^f|9H`o--zxHeJ z&Al?EvM0+p-#$0gEVtGS?}T$)EKm;h$(JO9ll(1)UpcQp*S@f&ylWN(9nH?7+;kVH z$f)8Rnm_DQtnBh@qV3)CWju99-8!lkHiKkBX&Y|}GbiRNTNThU zHwVMxdOJFDD->&nY;9!o*Dt@t-rZ)i`xmgakad{t28_M7TG?aKrUhd~dE!zZ%SOBF z3;U$BB|RIYqI8r&sS8Z|WYiLRT;<8I`{C9DR@Q2-dunvTv}qOOlIFQ)%C&BV?M3_k zG#X9V3R?Y73uzZ8+P#9xGyR9!k*T9?)I~;9ehpZ8(s}d#H&xzN`}TH7R@dE?r>w%G zsmzv%U0|`?dGpd4S20v-PD0nUYS|BerF0ADq0-v@)3;tOvtsPC?e3p%>#li8-!|*a zQspd|u}UiUFW<6s?4LowYOz#iY?gm{u=bF-s`GtR^g=zn}0yd zG|SpYV}1YfUSHL(yw_Ltt5xf(`qNPT$w_~*(ZAU0PmcQ+S^a6p{1=eRw|PUqntZtZ zoM9VH!~5mAu^*lr`{j8=KRl1Mu~EQ-{QEZfHR1!OrkJ5+Z1w(1rwYfszJQGX<&Hql0R$gOtMqc)6dgO2$@ zokDpTbK?VSg~mtQY~zLk!8UboXw>XzNOlp`x9|DkCEi3Zl++S|B}{RB&@WT{CW00m zf5ftEns{_nKBv*w6Y5eA6_ncf;GMZ*+P0xrkxfDHRcQ6c?bgP!V%uUJK$hH7TgUpN z9rMTdd;BH(m5pLCpT%6I~ChjHz^j&a+|-SRXw_(J>igl zBoO({3#Uits~ZxQj+U3t=u%@yQL**uY^!^QT2Xu1Tk2>JwD(L2%P+4?3Rxet$mgRw zRC2qdP0a!Mjpt%J`2}jlYHyBy@47^L+3MIfm|3$}nzHdC!-N{QM+E|*i1ognL0tH> zN?vI9WKNgm-g${a*{T-Hv5hjXT7h=!J866y z4`W1up1eaK3q4EDtXea==E>s5s-(Rqp$#FU#*UJkoZA1|ELB! zbFf^Z%^|<_*?|IIWrjO>H$y7@4=jv|8kSq46c|>xC@N-GF1>E^;{@ER*7if?nGjiv z_I7G7rdcYxh*^GDeX4bes=%V~IR$&8(mUzJY_zh3ayzsY6)3l{D^Xy**0E2g*jBE+ zcIo~1A~t-~CVvT4QBl;s={Wn1ar<;i?4%brD79g4XT{m+55*g8gW+Pnwn2 z8B*3>+{DwBMS8GWsg99H^-C?o zf=$#?-mQzglDhrMh}{-_Deu;0V@ch9o#gh-G1f5y6IZVvvnJ_ zq;9`*VckY8<=MJ1T2i-cE=qT7SqW6IMTi_&b&Gq}Mky}7>@U^2@d~~lpmZEDG=TS-Ycf0QqdS+Q)Hs9r1!ecJDM<|m9|*J6cw#jeH*HH%%3^@XDqT=kf> zY%X~$3ij7KW+j`89kW8oE1jy@;THAjE=#NDPMZTKciKF1=1!Z3vD|6%h*kJjr@9Qq z8b^OA(e9l@URc|S3Z9y^d1%)1$gG{4nf2}w(sRB3_NZyGG0U8}S?Uf*pG5;#{SeJE zPqwoxNmI!@&iRAdhkm-%T^8AWo84o6aH&vi(_2JohJ1F~@TDkKvwm4YjvCuMzG<>4 z%lXq4`4-lCbSK5QcHr0>wHqRStg6Y=xTMHkp zRBxfGHv?qRWXdZZFsmIiw%O*il-uU)v?g<)8lF)z7se=1pMVHOWfwIhpD+)Z1EhrB zl(2msw8yTx3#%S?^7R#S;iG=?o>G@w%UYgm3#jmu%XYiXr(men-`mmCl)pqb7t%&< z-Tt*vDa?5>rNSD}HC3kb)oPn7zTz7S=K9d6|3}=rHOGw{`J?}jvX7Qy-I|eRwBtBW z6e-SdEmE{dc{cXM2?p2=lCZiPZ2(P)K5@SL$;`R~1)xyK!aUd`HmZJksm!db`}Pr@ zi*BBF?eZ|igGZ~~tz+QMjsa{6DAgdCed{8+$)>1b$6dbZ)e|jweKmYC|%9VYT z+0`a|y`hoc0Q$|-vDuX0+=T-0V|;q?8bVQ9!4KA^%+A7%^HKOfdu_)lf|s(Oy$_Cz zof;xBYlEuwPH5NPKA6leI{;ABr5chPzLiJ4krS)H_( zU-Xym+RH9m-~4vs?miR0!NnYoATn?5n{VlU_Si;Wp;n&NTg=V7`ilkQbq1sZn8C!` z8@Yxs`xt;QftQ})IrP<~=N!?F42F!M%6qLxloC<4YkY9+9=82&?QT<@HqB2yUSByj z04qokbYT;=xKhbev-90!1%PsHMLm~73El$Hf>w9>j*IQ#F?mYea5Y8rOm3jY4LQe$ z>#}qgJPsX(51?A;Y>Q{;A|a?dtQ@L`AKjD{e{rpVe({J1zbk(&@&2;Tg$+0Z>B&lQ z*~0BcTMHS1TT%LI4adiJEoX+dug~kLG)hUQF5BOY|pGW7R@)lbKUjel#-rb16f18V!ni;WDIz6Zv9CbO zySv3;D;sR02Po>vuRoXpWkA{K=%R+z!*!@YFK=C`(fRD&h1vNG7X|+le9!n}rvxOB zn`^k)0}i8STgVRKAKudXR;N?E1o8Cq$8Kv`*ly{VqSzbyn$sXd)NOKLWUy4Pel!jQ zbo;^#pAe!*=gtvd(R;i^2~x>oKdeQoT))+59%%^?uV$hSy8`r)Mk;E$fOJqbvP=MZ zr=;IlHLGq})4}?b<(7RL&aJiQ+=pAgz<6{Q(6DyF06lby4~y3+J}hCUxS7G}3JK4F z;0?3htuaBR#ibD)m19Ck_VtgV+|nH-LnM?-43)Wn3yWaxCf8lsP+>h7(xp4+{-ty} zri_;)YxrE2O+7^Vrc zqC0I&5LO>*H+yRaa=a)tdCLY(Kye$~3oatACs88WAlDbu@#|)BP0XKPUg)6nD9xusy25PhY~eFy7fiC=n4s4JhfM%wf8 z#7Nhk{l!{V>Jz$c$t#~B_nWZ~^2^?1!@h#q76(Hw7klahU2Td!56nkOgAEi6FB(kTo=~8c?85e!4ho(R?VY583+Z=ETg(5GLGv*6jr`8wLoMFDR)+ z*1-i!o|w5#f`nPvr`rxOZnEz8*<8W#vV(yDSsr(UL%!o450V!dCXDLOJV>!&laA0ubGE)@9y7PcKO z@g0^7wq{OBiVk&EkLV-)(Px_GBZ%sP7DRn^(m>yfstqugmU$$SH187QYSJ zg^BGAO<8&Zja|}jYIcdiA)8%L#+{RGgH`%fDa-j4iH3mHg;{h!E`L2YO9M*zru?;i zgS79nwS?gLY~M`n`3%ntbr{m#2 zKVshr{%F1TL29CpZNJum!Gqr0mlBfoRXOqynBAv%XhBuw!h|s_{<+U<+ohY5<4XB_+OBd4`#PXL#y~9VKJVQ~e z09JpEiB%2hsjlaWSc|;UeH?}O7PCGyJJG7*jP%@ZH20$t2j|mk=n3;`pKV{m!f%OJ z@_)L)ZIwrOe5uQRyR?4-qFsulfJ@@f@yP2S_0#i{s>)tYXjUB>|L7V;8(0=UrFjOJ z@yE?7A^5-Iz1c_Wl`qt64>*)1Mo!@60eg#^zY0nSHBjQ~rW)Zz7H(~A>j%CqZy+Ha zlMqmIp^*{t)V!zV;pHqBOFWPng;XK!ZN}L642yV~b@jMkEYSxDcF|$c5Xb@1H{ZDxDr+#4}_`~`i2=igv1Pg&GGQ0>VYkbg$wliG1GIbUo>t+l>lF}xFb)) z^M+f@o`%Vh6Jt*iKmt<+*{Q&rpyuHiU!dvCSF{ZVdR3U2HycKLAo$x|w}-le^$$2i zj4v6u4_l652;-F9Rx}DlW9ZA~0N5Q|3=T#jAx&&;(`U{=5FKeGfb274YWq6UXdKzQ z#?+VHP)t?fZ=wzT{qS5=jH8qYP6vWuVg*&zXU@iPI?^aK5kZC4pu>y880e?s@j9JX zJe0Rb1<-M=_l_WA7U z245j-PjtKFXF9R0uEl z+HZiLR;oorEH?XTWsR7u&2jTHV)~G}y*d$qdD7Ezw=4Hp&&@Z?cjz&#C%CDrRv+QU zA=oO>nsg8<0O(KEW415;?HQY>`gVzI`=z~9qLJ_+7}!x>wue#*=ejDN3%{uWAF#y| zHeg*HclXx88%GW>sXT9RKRC?f|DU@}et&#?jhpfx>{kTspP?g@3%A#>4bc8_cLEJ^ zx5LX#?4PljE?_F^P{BP+-A^zCKHb8yy!$1`gA|W=x0-nAzJzhI4Jw+|{)N_(KONSf zD$&Pl#C+=!27d%muF9L2-F=BuHUbQPx4~h?3OM6xfhr+_&!|bUJ3aD zr6>02A6-GZCFulMo9I2v^o(QKg?eG?ARJT53q)rfM}gc@JwPx3E;e7(10}V33Gk)tr9-c@cI0F z09^&Y0eD@+gP-q@yS##VvW-u+hi&%g`~5L*Ac@1hK-t#!U8EGQD(nE;!>m)p!z{jA z_nyq4t!MgDZeT9WC5peF7x@;3GTjd&_KbC5M~0lt^x4&T_!*1v9(SCwSeJ@XBG39WNl{;eT1Ac z9*_oS!riXo9t`!}PdMQLo1>2hSi3wNTlZpWHg(w#(j8u{&fo<|9F~rk={QR-8g`Sz zh(v#cswiXD`-V6aWyk5F47i7L2uq|3@&x}-LAY}mRQLBIoRYjHz4U*+Fa!LF>37Tz=>?WK)AZ8_lkm(L&j z>kn2Qtl8?4?+ZNb2;LwX2Xqe|-H&#(^_Fm=rMH9=HM=EX1cf^ojNBbQs00OnxJ;&7 zj($N~slOI5^)gVPmz0JWAq6vD%@&5Tn<9f-xld>Y56>w3)znwoud=?ue$|aTyVG+yu`18gI!O~|qbkVh^PP`F?H?X`X z?kjFLf#1)79b6IgSFu$wVrD%>eJbfG>eGr-wBNd%Vgsh-D>usFfKfSkeHP^u>NBTK zp;5N_45@^{&%?I-*0q=##>b_d(#arL)0|z)0^nXX%1Cf-9`h9l!?qE2KksP*UmIPw zK%G5w2P>Xpd4v1Nhkz)@>J$-q5X9e3LL`W^zW<{Y@B0gNa>Z8Bb-6ph5(A9IT8Z6Y zIkC|ZuB~WEs@X)?Vw=O?A!S0C1hk9CeF+!+Ko^g@??y_Pp_WoTrQc5C#2!nHW7|FdcxgLp>6RYX8kGppmnk=_DN}A(N2c7cc1*cpy+D#p zdqoEuMiqh!o8Yegv7*10_h*#7kCqfBx*73zup?mL0yo$`WVmm$&o@NDOI%$WE)w89 zKv9$mXk#oZc9f2grD#6N9F+mVhJnZI>D&i%%zmO8Q$D3t*zvUjjBJnG1ya3=fXHKkHkDh6)WQ5DhxwNb+OK z^a%ff78@W<694E(*81*uXkVc*dN~p9rzgILq4+&Wb0wgtP#7L~kgPn$U%v;nsQWyq zRiwv*yrshA0PBF|_c0knsWC(hz>*bz0M>lguz~0VR{c9mE+Xe~%6TokQ$n3`@MM*` zEZrT|=T#XVO+i}Taf|(xw*2IBhV8ZB*!u1r)>z*MMm2UR@1Vvm;CE|CHsE?ZxVINx zV1)HH*d5d2)GBaRmED}g`tDBY3PG*Utyu=|cjRG+1=u;BcdgGN;vHndcSvq3GBS8= zUL|5aLY;En;OqiIuMeWTi@riS(B-gptpYynS)cuqTLs$FH60G9Ku>fB97}TXm#^P) z%Zb-RJ8A^V9|T^nf3%BuouFN4z!N$}z3$K{<@X8L*w)Lq`Q~$L{naav{yHFtDdUyE zeD!xxXLA)4tUHOc3(7|*(xZ3v8O8>{@QDL;$u$> z;m2O%6CVd^_L?8o?6p7q*k^$Ftw(eCX@HlWa4&V%6Yk+F1a!DU0AC&OMf|*~-ouNt z;>H*%twsXki!aVo738+vP*v65e2gI(CY0X8mQ4>5eEHBbK7vpF3izvMK;%5y;fP9<{e%;wMm3_ z-bagN?VUM$Z`xJKi4Jg+V%=_km?9>dZ$s4wSa*kgB;Lu|#*=K(%}s4|xGaiB$1Mdk zzD%V7Lu!}nvn@y^ShkoYL|tj&!G7wc)J76+{hbThi8`>jCC8|T%7z;`zGS(8%!B>2jln!PJn-H zvkpJE?cxZncMHF_imIPa;dpWT+cTc2Y?Y_qzWA}!bRm9jIq*~d-FuuDe}}`G9h1l3 zThZ*FH9Ro&r$5Wk@7d+nE^u3ZbvE(0zaR44R$TitE^N0u*lw8zxNX5wQM*8cJkV*> zu|n{UBAgvT{}&Sa%5RIExhz4OyQC>PG~c?mEFiDf*QQErbq^@Z(%ST=6;rpdx49E% z|KWBDoC0&k=#ri)0P$z&b0>wB)nR+STnc@qULpJMn@@22bej>opjL&ysC7QGS4|oM zeQQ`%*82gI3X>5IL*K)l^l;zbtChP-Cv{_e#p?~)8quF`zB#jfvbLB)kc*S>EF^J4 z=a|0RorkwH&Ior2x`3h z|Bc8cj|i#^b)<9!w;E>qkAmfqvRLv8`ka7bzdym2*RgW$X$_yiN7cKHKtbo=93k;x zQJK(2p~8PZ!V6AzKO|wP^zW0Ecn9Axav z9=q)Ty@`SWqPF)f_#~h*0Ys@>D9s?X5aO*p4)gIRbJLMVm8CkPBOfBXrR|%5@D;7w zDQ$ltRH4U^vBGfwC)vT%e?o1qRuECk?X$;_F?{ZELy>zHL~^CS9?HWt-U!~_`qe3S ztnn6#o`NeF`=U_zgo$gozQuFGKFcA^)0a)Tm43Uu{P+P_bkcaLh5f%Xn6rNMx2R0; z+I-2M{dl6|?Mve1S8oOYUB}j^+V^Sb14F`a}TTGJ)Fw)&6oO_ zPu;vvee)%KYa9&HwG(s`K*uF%Pk~qKYdi|%Y``S;<?F(O=4=NYMxw zO4@U;#ESS#Ufo)4vOZVs;jsAjFWBLUtwUGSw3`_&kb=h%Tf=Co_aK)2d)kk_zWZtD ztNhkuUj*P5@u&rNv)+i%*XA6iW{>t%3^DDWf2B__IB!EdHM{K%o^NxuKT_$UyCx-n z$7gwRbQzsy6nk|SlIM#!n9`%CLOdA=MtM}5b~_ODhuxuhp&~=yI`fx;UGeCof9N6K zdW4H1+Q3+s`YxR2aMni%6*kPdE!VE!Dd1_^P8q+S`HR`Jc9JE!U8y%R?!@g&o!KO+ z46~@T7}C>9@L7EE_NwspQtP9w2>5v2s2Jh-*kjvJjlw`bL(nC`5?23r8ms#|2>`dg zlHI(ur!JLB@Vey=%Wy|k&vrA(*-#cjveYhBEF!d2~YA-eG`ySYxcMOd_Visszbhm6&dW^-ov!ZSKmEBo+9lT6)fT% zCp#Z(*Kt1B{^ESFQ(F3f3rbB^+lxN@sd-`kd6nbE8KMOJ2dzT?B9`Rv?m?h-4*!9C|J917KmN~M=V!d3Pu^Mv z1O`7Vn{F5S2c{pLAB(zxD}6!5?JpZ~N1A-vaOf*Vmv(^%cry#`2WkHd>vDDe2~)WC zm->J*da4}7E3UFUj^3$fe6@o84I0M!`J%@4{d3T$?<za`p)Xbg)8DWSUL5L_gV@CSLG8p_P?nDv4(@qhY zEwq1ejG=}tDd(UUWkLFHU24~WG2Y8lg5Tf~@?1=@KF|mF|5q#cKh$rYf%mq4MqH=h zY5NCSvTXl&0Sh~ixS!Uo{P)fekXX1yZaP2Q!*JRy16O#8nI!Ay173pU{;dtb2mqa} zoF})6l2Wc=N(*{vg>g9GVl3Gk)yBVJ4SEf}g)vUl#vgw#Hn>yA`T`rQVAAK_V`d;2Fk&vFfy*K7SDi66Viwvd2Hu26PFf`$%Rv61PRlUluk?tkF&Fu3S7$g&V-tA-7vAQVdGl0m zw54Kg=Y#7C{?E{V8i~5K-wuCv)V3??8Y~Ig(XMpBmht_jyj(XAm84&3$ovL_g8q0E zkFkqxNBoRSI_T1`R=6l;JGc2_ujjODVJS?06qy>H3q+*$-!?Lqxq+2Y>T2zRa#x9< zfu-mNw*~O$E<^aM<4pJi&WwU#5r}SJ@nK)X1;93Gx%%x`oh*v0;;uE}hfRsIA~uBh zrOPeNA$CNwtr77c*JSypwn?BZdr45ZK6RayI+StsfrAC=j2GDzWBHEL506_WLA{Av1*8a%NpVj zRRa?fi#KVb)-O3S{u{+6$v>Eeyfqk^b`t^T2N{QCVgR2YYT&}OjvP4AhoMA8OPs+2 z0U#Sz9t^f*xg}+1qEDgMMUejCaIOPsjmfeQzplm4kFZX7grkw=?)3v)T=w)D6Z;CX zh*SJ8^ovqWVda!Jjg?l)4=V=^Ggk1Stl;I=@p83(251Zs7VBwr28}va6b6prh0(Tq zAuS82!%lHK8}w;oPQie}LjPxi2{Dukw|uJqH$+WNwgdG$R`Gev&M1))Gh ziR9%5vY6vGt7L`}iGryLT<{ys#XRaFk9vTtALbt;B`_HAy0kFFLP!WVe%J3YgiuG@ zm-}-p3qgNeAK&ur_HX<08{P3aSb_W*ycp65dihtHAZ~QlTTW*H|JAp0pn=9ys;k=KN%EVT8F@x0T?9R}EF{moe@2Y@G|Bb6965jxkZF=8u z^!x!{kKW@z8&dvx^#kIlGMoV}0^(>dN=Sz=R(XyT;ax!x7jFWhS1*vbFC(T!uQ6MA zJJzlD5*B-8)!-?H0o503(~PrB1vB2M^~xe&^;63rqr%v02jPW>dpg0KMuypuaAcS( z2`>!W1;z_wZzdKlM$5uG4LDIfTJEfXQDFryrqOeS0Tn*Lu7p7IrX~Im$f{DEDI8ff z$FN43hd$?0%t1}DR;YDVz+_(tym^Xnw6u&rfx1z59ich{SW(5{QP+@GRmH{Z*(mE% z`h8vYGB8uYSp(P#=ycNo5^ts&rduJnC-GIoUAm)6gS#HzS1_dj!%kfJ461S5b;pqH zELVh_T%5(eJ^v*H7~c(T$Oks!l9*BM;k;TN%FAfNEm)RgS@8--0M|Qs;Wc}t~R8XRJMH%@6fsPCVnNulu}^R9m+Zk^51aqSuU^-@!7yw5m#!@Uf?)$v4;L0S6!g% z56Yr?Ys>ophIQntjR$Vs>5q=aeAPk{4OMSriFyi4aPHhvFFCuKeH&_scI~>f;2KdW zsAu%a_**uT)cYz?KPc{9pUUfn*q9pD_O@m&kMw@t^os2Xx1ctJO5+nxusv7!hs~$- z54i+3RXuWjdTKQo*-lpsREjp6TiRzal}$L{w|;{43VhaNT3w`vhp6jyRUGK%mYDhx zrXUE5+atzFhRqO3yE)ULW^zz%SDg@1t*XJ{)T$F6OXZHzaiz(L=F!ol@HTwX6?P5o z4&-PdcBFH`KnmIZB{)kKJZ(%%2KO0OooQxmRSfJc+!_;n-l`bbPgpf3brN>H@E*dd zHKBX3Y6S)aw?=TsU{#yiD_B*7y9BFFV1MA&h%*cfkRe`Z(VEr`n2JbhVjs||Jh{Dz zWN7q%#*=-x=U9cP0KL41Xk)LMkA_RCfCFsVgWkc&^-kn8cL%wMcPDz7JHV#@(eI(m z;FxPF_T45wTx`CFq>{vc6pcr^NjNQy@j)a-{CFX%3~rmo{rh1Jjr`y?#PQObBfP#1 zbM(`UN!JRrC{_MW|0CG8REOAp;e*{YJeX!}rdpuI z=?Zt|U%{5AtAqw7U7<~FiWO>*`BW!ZBqP;O>trN3!BP!XkF`E!HOzgK)d5~P_{-CJ zTjG(FkNI=HHCLoreZ04Lv2Q+>kFbp&-jH6e;YLa)Ef}kEmfs&?2lNCYv{zzM4H%D- zOp_{Iz?R}7$9?v0YBwg3xU+A9JQwwJ9bDAYwQzxx@Nmh^B-Ui~qKg_VDUb-Gox|lW-5yZBf^Bc+hXc-TjJJ)udTH!kBF*xcXzy}Fl=HMw|We745w%JaGnk>K|&uG zGkz)^UXrGWZ}5s-@ytK~D{d8xX)swS&cg=OzC3Q50!yoNN5gfT6EDL>J4v@ky7oHk>&n5nGy0WfM`-klju5W=+!mppNPv2K?S}P#$AE4h- zs5~ZLD1^J6(P`;Wh_~|vakoB3ap7)=jDmnm;wRYv?3t{mwj$MuYP_=oudtcKpt$0F zQWd;}7GM3FR0&QwPOlNAgxl&RLZ~l$cz6)5@0cVMoJ@o+G|$}amg9z{>qQBOa~I{Y z`8~r+?k4eT)tp3`Vi80%xEbf67)ZyRaG)yvii72c;})*J9_TZ?RWD#cB~U~~4XZ@S zrYnYqJ4KQHJCRGO6UAnr7B7$ACwD`gI>8KfYEJ0Cth%AW(y9^|@vItwvB9bl9Pg|; zVd2iL5Tow!U}w<^j&)WY9kK!}-B&F}I4fLDqiR(QrVELi^620&XVnP|RaTAAxY4c> zBaw+WArA+JU!f{rwo!C*sTvoCAbga|N+8`FDUL^;Hd)^AQvzdLKnSG_v>9oI&|>zJ3mn zxl8y4ChDRq&R`g(Z|T03u&mO2{;yRJ&OxUYsP=kP$|xak6=n|yt&a%eJ0>LFu;n`Gc9;Lv2Rp=MXTDizD4 z%4-q5Du08e*3nvI4q>GNO`Z?~4cn9*?@dhE@#zXvc6?sKlpUXdSeJ(vxLbML;jm!f z@O1+d3%^2C2U{7(wF?KfN2khoyy;XKZ=Ft+@kZ)Y8E>mcj6krl^c3#R8a3J?WP}U1 zCBmV$%_*$B)03YgDZ@T*@XdoWXfwR%XiDk8=7OnRv<53y2asu3iKZ3kw+A`~SdVf> z8-dnvi)LPl`w2%BW_pa#ogFe>+BHJDm^x_cmr7Nt%ey=7@dmSD-e1GqKV2~LT5^Wh zQtkJ+1ETl5jwb~kgn?}(XnoKX&Ef`NuJYzvS&h!gjd6pq6Rv+BpRpVSg6`FSl5(nk zy61SNB8;utiMAb-=70X@f9_yJ(05FKDn|$>4+hO@bi(PJ0gvIPb7@Tsh(3!HA=C$a z4`ilONsO7MCsAVUPF9aLI$58^;w-FqbF)DrZOwv+G&Bogj+Idle3muYOiQzHAn;=L zxX(vdk~|T{#X-g*T*m^LY5EpYtod6I(Jo+Nu(&}BFWwc}K#}gyf{ApA77B}7+(}c0 z`%vLhl%AuTVO@h}&tOIygf(kpW@~7SCl=Z8I;{xD8H5d)2=jRKDCT87x*#|eHe~88 z2J<(%GM8Ji$ZZlOG^zM)V4o+P8yp=Q_UM>A0c;;;D8)bJ6f@5K#T#xPD%x$ldizjk znAi~HtQH#rPN9K$_SMgAw0Q+jlXeV~n89>I1?Rc(z6%%`>^nera68ZFj-YV?@8JA0 zK8QVWz<-DHHezk&&RS`>(-&^fz{3d%7-)A+%!c%@#1{q-SRaGPbf;Dg<}o$^7&iOV zX@@qSvt=gxfTqyVbe_ZlZVp#?#L^^6ceto?cTYPS@7}(B^XC4C|9bn^U*7%j^P8XD zlg=Tn?89E0M*rcLhhN_O^h83T55L9*rMu1jo4>yO3HV=U@7~^T zMrUz5&;xl8Js1|#@eN_dc6&pZ*y%;~P-Cz${nIdJZ0|IJ8k_ncEIF6usv={b)%-n> zb6UR#a%STXpvJa+FXWu2?+1--`H&@=PPo8It*anH0wh&)Z;A}AHo9cyXL5Ae%wKJE z>C9hkdf@&3{rer9631&Dah>80`t<$qknn&%eO}+H3t2teifMN<9brLOjcT(!lwV`y;Hkmb?36Pp9Kx z>GN@4)(yV!qEtD7Y4gp9=2!R8sV9{EQR;px@)!Y<}3Y{7~ia8aNE7Q@JKKH3o%i(_rF-B-HeTeyu)PL;@S zy|lzD7BQ1eqbVO%q zOoPjpR~gJSNtKPy8juZeq9AMtFy>Mclq-~5aO@tED20+NbLLMXaB5#$CP2CU!-_3) zY73JrZSoT0bF!K*Am!C-&xXefjfBfOr-;N19w}))#!cq zA4f2FbKLE+-V2q-0ToB_t3A^4WP>s`h6iz8b9exi_z_)`hz35)nN9KyHdf-A$!u#j zK=brwa3Ys-gsKe8Y^_^Rvy?q&rU`{I)?U-b{26_e4K=5^9Gp45Qx|AXthUi+_DeRD zbide6$p+$?)Yx_ zag0fkLt&+f$?sO&G5OspZA^Z*;)=-vDWMUlK9nnBzFQ@Wm;zeqf-z#ggHZ#lHgH7D zcdNt^^W91XvxE`T5K-olAX+LpRD*JoXdW5}@ikjSR(N`CCvIHfWV2q(xV_q5T+r{l z4E9@1o6BK|>kB>sx_yCFC#?Wn>tf$?ZsZuF9XU7*ClI%c-o>9WJ=g^^+GmrW7D3UP zKYWKhsx@9H9WfKuWfi7(5cLAK4sKu_x7-zL&HbD}s|-Wo*CYT3qS&Cbgi%XMbNBdl zmEHlq&E-`HbK{j#yP%NDXaqW!>lw7zJz{+tMh;IJcIEoQ>>^RtOPDRhc+t5UIc_IQ zr(s_|eEVLD?v68JZ(!yCw}`-hUahW<+imgi0`L58;m|q+T5=_Nwb220x4j!*%5SJpUgDXkcB8-NmH=gojxV$b+Tx;ip zOV#!@UJiAB+)ux3smH|!NF&Q-KUMG(dEV3p4G&8GPDVZ zxgu-2nHiq?5j8Qzi;X5E7L!upVq{}(P{TBVa|E?^lNu6Y+?Gl^0zH|2BzzJL<=ec` zOL4sVfs{r~^`=n2XSs!!|L)2)GrqO3oI*iL`M3-t@KacjqLNaAblkfOOT6ui*lFT@ zTGRxwUNM|3(klWftkA_~j`A(=6dwBJuz?Y*BE)OszLiN{3N&5-{!L#l616l`R5VLT zL$w4S4W>yCkv{1qmCJGi6LE8Q9el%g81ibRVG&S3N8K0b43~SMW3L1ZL%)c+5H<`u z>SDhz=$O0v!jL1c=L-Xmyn!zaeD;a2#{%~HCgfaa6n3`D4!le|fN6Lx=@k(>f1bN>TIj-u zn?`~TlD`r##~^ld!a#aSbF?h9&w#b7&=5`Ms$wJTSpmJ z`8QNCSHnT)Q{V!E-F$P!FPrjbIWL@QhsUAv5)qT`Ji9!4NN}!u_mJRS`|crv$)jGY zpyT_qOv>9F-s9W+WZ0H@dsM}=)Z2r8)0Bs6xmkc;H_S_TJu;{$!nlk#LP?n}o(h<~ z)Ye05o$c587VfBoygIM)jZ7Hk%)L&eG&`HJnk^ zrMe{8d#Nso1ie(32!AitrNP^M`0-V^nj7G|=$ze07d=Jy(WPQ{A4*d^LA{^Wwd`_J z(@8B)s!pn_xjsrf!M#h5xsw_tz$*twCspMSc<>L0>~Pr}tcI5t`!!tX1@C#?Z*xq2 z;;-w}gW(V&bBFUGG~zE!n517b7%UX}aDB<(Xsj<==8sIj-%D8bn` z;we+)^w0N4IDs>F8ecJHz*he}?hbE$_+>`Ypg{ZLNA%5$9dGERz-5uW1Q?C5p9Y)V zA&Frt=WUY_TAZyjLW;Sa#;CEi7%pbGA)dh@5%hiWNW16w;Gpl}0xQdi8|^z$0mbB$ zkx#&R8}(FNMfvbDgADR9Ce2@$q(vsQn{6>`_k}I!>^-k7u;ZG`TEBqGm=q@WJ25sW zS7Ly+Mp%>=ynV+cFhSBi2($K$sI~$k+!j6M$W*i1uaXZL*zV zS}xG+`AHAloLxm4ZuS(qMnYHImvvLjx{kuY@!ZU>@j9z&oW|l=PveKrInJzWeRNmn zI63z29^oY5F8pyL1D<>VfG?oTJ^-(qP9X7x6bp|frU*Pe?ZOd6=U&;Zb>~|Y<+C21 zR{(GFQx_+Jxa`q}V=zbcTEToPgqI08yEwLo4z#%>?BaUfP~fvg(Sve! zaqs9^1{KNGiyC|!r|N;)4_-mAvhY}3p1lWBBI{0#FWND6 zZGCT1@R<*cHl6L}V(7rqd8*eDI2LxBQlaU_ntA1958}+%8+uS9CW&BA$rJ1|F?agI zYYolG{sm9wUBF`w->181A0$leMx8L|!;3#c=SAd}m{r`XY!@*z;gwTddd$?UtZi^w z9wJWnc!Z2x-1ZPS1CskR{zs zpo4z+o~@hcGjPH9d^Xu90jrAekT2Y_4xt~G2%%@;RZth5S3O<)bjnF!KMwm6KcRvo zg+wY6unA4bB9KZ+7Kx-aRGJf^`JS135a>~ zOcF!CrW$QJ0!Ty_{P#>Ca@*M$6=*n9knh$Z9fVTy${JMp)$80?tG761iy2F%OK zQ7*ulCDV+(1P36$GAn63tLbgLS?PEiY-T>~z|9?TIADBI&KP$%9L*ZNJ4k#=pAk4M zj^>0-3ufN5Nf(Gq;d55XZLV;^-TWQfDHw#+yxA5Dhd4&wqmnO+2Z63qxuSg%ZCFa|x1 zZVY}x<)pJ5!E{RFu_+``5sipbnU4lfV?7!^oo3S64lys_XH9eTbt4Y`yy=br5(yhv z=qPm)GtI9AsA|SMi;FH2VaB*G0Xf@JLNc~qJ!je3Rbb7iyL#?|bDK5JR;XE)n%f-C zoNj8vaSeND)H83c$FPRhHf!?9hT>|{dY*JR8^*8_EMaEN$ViMCb1@QO=G+OP%$PNy z`g7(>1c07ijvTZTiU_&*&p9Y_<_?IBSs@=0I%Dox(YgmwYaFS~&{vmP7Wth)DvSIr zL{9l#XlD5Z9J2}(Xc{d@bY?|RUeBxtiJ3+X0({mOM>(&tFao-{}zA-onU1s%A!L#rxg zJ!()#08SUZqyRq44^=K6u)WOdI*U5VI>!B3Uaza-&=h6FOV-2o3cA6EtvB#Uc3LX` z$g4U5|B-#jpvDn1jXMeCq@Dz62HjD?6A9*QA@S%~-g2@`kW|D{M9407f<~1@62wM> z%o!LBYO1JcQ(z8>20B?hG$dGqp@ij&gccxY7<6FMxeIRqEa0hSo>2Pi+*%CpGDh7> z;|Zz+3|BVm1nRuVx0}cbN`+r9nAmn{v4!j*Xf6}%(BKN#KH%B$+6T%SuKff!qO}j1 zH(2{9%#YO_)S02$i#Iz`_n;>85{5V}S>{MmCDe@wdkGWN79s9Prvxy#%nc|BFvmE9 z$`#-YVv6Wyqces!1DhnS8F;p!CLwtungzxc&K$@zuD}<_W+t1p2wuF2rVW}X$y5m} zxjsYkD&NIs=oTc>O_Qkdjd@t#;+!PN5EafI?1wluKs*;1qj4?o4FLETwKQ+`xh&wG) z0vKH8-bNB&PRI-@S2ku4Q-paNoiVf<*d*cHz_Vpw5|XD&u)w%-F9$M>EAVAqA~fop zE5SaqP8f3g$k_e6W3Y*mt+u|nGc6B(8oz9{0?5JSP%U821gou_i<&RH>SFVyR$Xky zys8Z@{$@_9{6si2s<=7ob`*H#*bLzXWtyYz!=5`w-NJo+fTVgSlWNAP#Md>sw}bwt zKUZQ90)r9wu+A?YR674^HEZ){Td1kTQ$)_m8ql8jBAjUU2*<|(-+07_-rK&(o423x zQf=GM!Tg4;X<_X(1+AE;e0e)1&BWQt5`#= z&y-F>Fvupb7$t+_yYZS9+yDfFWb}ICOiddMK89FyEgAcq@5<-=vs`kE*Smz9)piDB zwytLM2Exrm5SbH048m+_BosrtqkGH|O4Xk&5&Cf-Wa*N~I6l+ODqla4LBGM3KZ1y;Wsb{B9M-ky~K;JMnJm%+Bxx*$% z1g+UmfX}HB(na*;%l-zGn6Zb+M?j+wlMmwZny}QsZHX2}e{h+BM%D(F1fJ37B**k0 zE{8kcmRa-eCv=2m!ly%!ErL3zd=}`yYCAz?aaf^)4y_t_^s?)XZD0|j<*z9?7X-9| z(vV#@2>Lzp&#o1!|*#S1V$ae&FC1Uk5>dSSHyv)Z|rST&`#V z|LYjD@38?LxU)D0lFzOUrnWnN4S<2L1%AUYnH^58;7`1kr=hh{65#Xe`S+rEN?^vM z4Vbst=DU0!xj)8l%`S4puGb*g6Lw%ukCr;%>siqqG$>=oYT@$6AIa=(sVQ)In?}}t zOuul$Gxe!(aWck)Wja1hjM=RXE|-&NL_Vw2klHS|g0V&hLu2dnY)~=OfnPX`xC^Wm z!Vk}`;so6tC`85#ez$OeS^A_7yERW=XW=q>u~YzGPiNS?s2Mvt1Irq5r1-a`!e??Z zjjMf^eqlyu>f^4CyZgLauA8&zvCW9spnN7`qw1#Q3Ys=JnFkJ>#E%??;)T~jB%#2o z8RSEMrU(Q8%S8V#?7NJ1fnW^hEH zx9~CBp!8Rs1Y5M6f=uK!ZFok9l+er`DN*^lOGnMDV+048JBCO-+?EyRNiZs7v6^idslnWn`oTt+XJ3gGMY44bT7o`GeJI8yxEQsFbXn8ww< zOTRFqbM8|8VJh&OuNR&fbNk zPSPc~A*ksi#pHdObuP7PKy6?=!AIkg5nx2dU*_9w7gsaR4bGp3~Y==`@_``e1!m`D-G`h2UGhcl4F1tOwNjVUPFkX*)QW9kUQ z(}*@SG$YegN()uYrN|$7ZG=n@Bf8d00(@3gi>SeCZ32@k1j~j}plngt!DaRh!7TT= zH-}^Xi0s0%WW5d~DMkJ=-!14s#zKMF&|-2F1IT4~22qC|o;YEEq5YTwvV+NbxXpvC z^}%U#WXp^S76F6Px&$Iu5GK7UNVX7cp|bjcV3hY9o5d@C=(WLF0z ziV~~WYET|eP;guZrtp|ME(Hs=%hYdKh@#tqALjR39aOCcW^A55OR>w|WdX3$wXm`4 zpfYq=ZAMx8D+9{rq(W}4-bypb*jZ^z#!w=p<~&TMx#aJt3^YqWb(Me9UEloRVWV9h zITCb0R1&kWr@+{_W8GH_(pq?IJo0S^0|pfs6L?DNBODnx{Truk5zPXWo*kGhy_Gom&uuki};nU5&i?DBW3 z4mwZIN**CpLI2NpGEwvq=mQG`O`90==_(7F$^9%uE|az(bwJ|@KNd0>2*zXa+x&p( z!`AHc!?PzmNz~K@tKbq z+U)Xoc@8>Dmj^?Gg*qigiFMLbgYwL$C^#-dQ+PUz^8{T53l_{Y>1iQ~Nl*A;ewWih z)p}sY=2a{Eq$lV>1RHMKcTgF+nl_^>lb!~Y%}IsaTs@a&kg?m+n2e!BNX>avP;<%O zRT*fmeoBbHF857V>^Y2GA0As^NG8mHx>}|j&O&6fF{2S3shL8nL8fNJaZ>`WHMVA- zp`&TB&Z!V#(yRs{AlX7A39m5O=CMT63s_z=5SYwo3T<{1L`qA?{KiEJnWp2%@^!Iq z@@k)LUvJCD$726D{Xsq-$XV88H|4Qf=kT0klYb9RF@0bc`=Vihxvt8lygA<2FLjge zQUR_Wj{EhGp~1)}F7df8x2Qud96qkDtKu0RN9SVBg5%@ywt{ELXR7YG*yPp8W&@9s z*F3gDh#$er^6Dzv&EoHK{;y+RHy0ZQ&eU_b98iZf1IhvYRNDW|*Wz%Y$cM%Fz1 zT;~f|+Y201k zz|7}@Bo_+oO213S0f*)iDGoTNqPa*UP{i0nf!c3~Bcw#W?~(v#$B|gn%wJF9<`PI` zcOD}AhUOCCwk#JtsVUuI8!uo_k`5S^9_urwI=0dbHMt?{Z}|&cfx;NW$EYpQXy~Ci z4iZ@hzaGgJ@Ko7ii4sJQOeuX<3d3y!Vw`!bU;!Y-w1)+sror0;*u%0#fVp`s`tVi&{?(6}?&OA9+<5~Xi(@ScXE5(r1m9mhJ}=*b zSKC;U@qcsN!Jd|vH27(p&Q?*H$Zk_$b}}0}opaqOyGiY37NHOO<1U36wMeAsoJ^xw z#Kf8Q#1buH0Iwkxm-XWzTYqJ2YDa)XQLsyc zJ?U^Y#T^M90k|Cjnicd;OM_}>V~WV(A(N)L`v|eOxrY#Q!+R(sZ+$a>TEq$rxrMBu zMKHZp7=o#-!%$knO4Pt-DKk;@z$wg;91*b?*K;~92THXm>uvMP(Nxiyuh$(BQW50c zDKbJ7)J%u0mTu7-+M{@y9kTmkTQo(!P{S@4?v(iw#YN(sqPRf7Q>4;Iysn|7$?3a( z;-ieEV9Oi?-=-=VCndtDFJ-(w$(J%?AMNA@?IW7Xv~krUua?O9T}o+<$3rVw%yVfa zG7gu>62@Ti$dtLAEtjFVoN=^hE@C8x<^slIh%IC^sxMy9Y7|N6w#?LIf())@tQJ`? z*ylog=1(Del$R)?%eaZ6#_cB;yF*zuAcGj$;FjAoIir_Q8Y}51#cms3 zQp^_NrLlk=+zG<@Mp?&VhT)-1Nk83%!56|jiuF@w-iaPem;Yo+80p2_(xdJ)F+5D} z^p5KhcnMEVdQQ)$TTKxB_F|LPWo=r^c#NjFoTIoTm*~e#ZoYt9Xz`Zu29-^v7zX&= zK~YRK3K*p-3YgBEaRf3fE01EE0duIQIdO${0KQX{8?7)CqP4pG7m0BNtTDQ&Nuw$YsU#E zINLu$ls_FDBDho_Gk%h$pBs`fd0;cbEfU~Vhq_pVQv_2bg5Jinh^9N!KSmk9r?@{Q zknR$3*3vVMXo@PYKj(+-wEIyJCMk zlPKBtlS*VG1H|}KZa*<@yYN$4#3D>Ln51X&NoGimNo6E{LJ91mLx|lJIuw$(z6s4~LS;)LLoP|5K0<8|m*lYCJ3#>vcN{5a zGV(2C?Ja`ot=yTZs-<#+U7RheTpvlvm=Y4l^_irAVs|-ye!6hOmu)C|AJ#5 zu_gS-G#gP%>`#VTQok}}lKYp+AQo{jMJ!c<+c89oAoJQ!Qd6Kv~H!SaQjut%PAB#cn-a9%Quf_A+ui&uCUWs zs)NpMnhKrS78Pt7=BNGPg~($eiVeDqlmwm!6P#(UNt& z(yKYu`^^%c0YEvuhCg0a^$=WmH(_>z7FbhxF z_9?@!?WAck@2<*{gk)QgM8R3UOs~A2^U)xwBuN2+vhD~NPj_~R5IMBoltdE7eWNbb zCMjaRmr9a&Zzv^7 zm*pnWyt! za9Z)K6FqV9YISlrY+oRf(q5v|r)>YoI7d22S-&&NHzzwt58|On0vDp^xuk6&%H0bq zmLlvsz`GD_+$dnS)-Om@InP2Qv2$67)R)6!m2Gk*AoDh`L1+C(wkIfC&JzP`>2?~NQyjZm?CtR>J$`X zu<=;D5fVu9&#jJ1$-aU!OmR7#Pjfy1rMv|vYdW_W~ zD@$y+JAZ#DP=ptC6Nl(hexisj<0y(6x2N=_X=(D9erjp#WrQBPsr1uhwvv8AOBsj> z-YKGKpL~WY1XS*PK8PrPhBHofS?4f1PLp?x%e#=X7(o|w8WqSF_8LVtRUR_XsEYLB zR_qX7EY^cnDZ4Vpx74bj7q8-x9 znzSOlq)jWDyhgn$_C?cV^;fRdW3&8qcauNoRnfex_+7$Bg>wsJAO13u@NS3n$--+y zJ_^{eCbX%$eYQ)A|D0`)Yy{4WZGH!@S8b1v#s25J15O-pDF-4iZ4?D}tDcK>jwZ^5 zJ$x7^fnSdhQvBXNLX_9>M~LypfDvMx;b52)Yh)N9#Tq0;d*E?_6pp2L#IIPL z$c0VdFopoLa~NP|M=-#wMz3Lc4cx%88uP%e-IPZehRBK)tz*U3s}B)_!I+30TwU=H zv4kfWhRCKnzA#8N<=KTH!f6gJj8Rmh?j`Jq^T@)GT)y3mOUS3DTT>lY7?N4hR_%#> z1MkkJJ3SKcoE5wKE!%IldBvsXAY!YB<9_`kKS>?Q(@E7KkxCZbQKXZlLn4(do_;8u zR0G6P$=B`h(uvnkE17h@jy0ixL*!D)==S01g!9u$DV6G1(#q7Pl1d^vnV+o7ve8pX z;LCB+wapNr&)flFyz$*xybyZSM`6jk<(a|yvKh@^p$BdNk9onQa=;(94M3wWiJ>eGJB zHkHL`x`?&8m-YTKR6)L_GZ}H#~G|yR%m3< zlcuiyiYEfJQJL&o!qTPLtc+Th{HDTXQh|5G%xhk~!__ool#^g27u_YZyF8TDIwzsN z+@Al!)4tJ(XY=rLO;_Ws{`BWxKVP4!F6Wx|SiM@EZVR|aFN(=AXe5^y9`|xZF4l~3 z&jd}%7iM-2t32|8LIQ_ZZ)WSA;48js4{fasV9yx6`6%eDl}#TSk(pDyM#RRcMr7vH zlasOW?7?Q{zMJo{G2eye=G~V{^0DtjXO_TCRM}W}VH5DIx^`BM6(}>m(VIwo0TjWQ z`ST@yYDV({QQ8;gzg$h8`Sqi3nP0Oj+GJlt86$XxtckoZsi zF5E2Z6K(S8{-61};bK&vG4iO-_snv&ImyktRoCz5xc!;s^fP_ltcTj5(e7p7R49pt zQUEgr?83~7L&DAWv9%pT1X=52@s#hP&n0Hhy z#D}Wf&EIL`1@!E-!FTE*`bOkAUJAzDbbp3hWM=GU@RI4yt1`wM?W_7l|zw>J&wY zJy!ObI`CLjKjx3wnl}30ywpv;TaYwNelHSyENK@C?26)&aloOuP#{n=7l{Ol7<(wN z&m|;EdtDN^{|EM!M@@M4ByKK&M0V#P!f$9U5pK(J(UY1Iof}!eo+KSGDm~U`PIYXh z8EPNId(3~!UoN6{llCQ6W7L*tH1yDX3zOGTZ_iJVYynS|EtV)j^t4t=pOwOJ+khBn z!Ub5MCAu;)jo*66q%nX#LhRw%Lx{QgJrt6+z8QC<7zuPFGUOoch_8HU_%OBGys9!d zy|9a48t;jA19TU%d85`ev2Q@a)IMNDTf!Gq=Dn0ND0<)xNe0EfhEp_`vrUI$`oIh( zqbM$5or)B>yCCWBYIiP8}`?qF-tOB(z%&S;P+G!D)WBycGg0)w zDa>t?B4RPFFLhiFlxkCkot*m;Hjl5Dqp6}ZU%x&gq$0?>b7h1msF|+!S-M5(I7@Y! z!BN9vTQo(~9h5!U&5+2;g*#=wL~)ULrzkEE@D!=^5wB|~X>$6m(fBB1DcHgX!MCYO z#z~1V>Ps1~Px7VA*hf3LLHmeuo3`hIlQfp>C6vZ=`bn_|JTEC`!|>8rzz*&NVRMJ# zVusc9ZUr)--*Ek4_o`>7~RTJAIUxjloAEy$P5e zAVr+)%4Fz4loY#__%eqPa&#z={hUk)QRczLD9Q3r*7=726w)|hT2|zpM;;-{pAHTY zTq=+mKS|Ti4at~1uo>YN32>@IT`a;Wf~gWgZ{t}+)17=Aqm18EoH7rjyF{F|^o%2# zqRQ*f`C*$yz01_Ijx;Flf+0xBx?l`aB$o(6iWYYiQWr3#$*&DM#Fz7J*6gyFTLgPd z&q3$iU1p%um~ac9eGp*qnT^u`vs+@GZOrD0ME2OCk*INfRQQ{?MTNVeTkvU{+oV}3 zG9UN;dqXS1xNd+H7+ZoN#{fb8;YJ^^CH%-V8&ON_Plj4jzcOT!`!nK~425)7(4vtf;29e5FV36t&}$5M z%0@OJG*x6%au`aOI2@}A9&k$#Y`o;y=Ys79as&f|PL!s21xu5pbV;T6Q=`Rnp}H#< z{F2IVjX;V0SM>!8IItp>GBL3l$s)(U#L;qLi&pArp-3&_R1UGEy&xF8B9_*z6cuj2 zN_j|5VT0$yzRTM)k7psXUx1>p(^#s5&Tg6to!J%@Y#QUc)AygH$-V{mHWf_9;FkDf zlQZt@^O8Bs4^_T~JBia1s@GL)?-N`EW%spaCm63;7;c>DpgO1{k+UPAC# z4m3~PV?O>f`Cc+|;VyN{+~oTjPMAHX)>`U@Ng3zuppz!W?^-~T*l!Dxs27kAE~Uum zrII8Ci2l0AVcbO8AwuNPdQ%cf*ufZesWwT`xp=80=~xVwbC*fbL5k4la- zkwglRD2iAwIVH^|9XhE7ICpI-m)Z9Vxa^%jpmYco`(+3rVR*ZaJ@aY{#6M{$kVqd3$dmLNiK;*2yd}D84lYgJYtllf{Si`fU!FE5=hBvwWH6%M z+f3MCibUGn*P@cFr?P3J>ZB|h7^hP7Pl`m+9>XD$sDwf zlX#<-Qu;ck%BZ3o*HHy{)}UA(CGXk5#tGm7vTUk_R34AKA9pz;+lswx{TGUz8EVfO6wMgm^N^Jq??tpZA&2 zt5uq8Z-5qivgfA-?Zvrc+E0W#DezG-W119$jbVz=cdDbnjB(Cm@kU4>$-nM5Dkb~w zf?6=^*$rlhBD1v&ky_4FOdwAYS^H%)bRoQQ4=n=8 z@@G6DgqL;|qv_*{{a^5kY2DC0Q*v;m$Yd` zGnG+83(~5(2*hdAhc>OW*5jp?%wXEo64^+b%ra(SVr$AU=gMYiCQK9hNW$+;d70OB z_Q-g2ONG=ystZ}DQSTy_YRD~Su_|&dYO;!G>R!2HLW=Ohmg|sR&U6*orEFKxOJ%$u z2d$?q(F?a}rL`C@wPc3UrUrj=E=s5X-X^n*S(q4_GNie(8JY=u;Q^BA2I_r8mvjfC zU81^>TNtXKgY@oU$Svk3DqJt>CyHq5uD@fritxgg>yTZ}bQRg9Y**3aHQrURFPbK+ zzj7_}nsutXn;dqY70t_v-~4@4IJYqN;V&Zz?{-F?EWAeKqrkbf(Sv`t&vtAhVjuo< zwmq^DI4`#OUGs3*9v_SSySoF9>bV>aqAg9FfxA`D#X3h5<-#65(V4)nM+kDdcmOGW zZyzDb>-ZzYcw@i_G0t!>Oo}x!jF4gt5|UQ;yj(gz^UzA*Vm(xnd6$P?636n;N#au; zItkpVOC^OTd8qI@kv_SR!fOmTtDCs63H-tkV0Hup%xw7vnAOxZEU#@FSXN^m*c_ko zJkJnWF)@6sa+P*+rJ6%TVJ1V76P@G|L=zt48Im>K8J;1kX%6s=QB*TXOEhPSqdPO14fvl1{c>QmJI~bXV!58z7cSzHYymPP~3vsibrJ-*l4s>7T4X{MG|B`l(oO)sgRUTP_o-!CPl zpB}H251z%MyG?$$*nDTZOV~>z-ye54+me>bW0{@?E^2e7#$HwJ>c{j_RM|Jq#XPSd zk_N`cqzaRCe*NEz>!s){;FVIUPy037QZc9LBG&4MnffjdxLUp9+9)F7e8Xr6u7`48 z&sC+O(7>$hJvK4xW}bcuZP^8~wiQzwXO#d&j8IruekborK_RGT$_S_$}A3!!qg1M~YV%&!C@| zKx^#H4-Sa5d7s%aS(aR+U&=iW+U9w@vyIARa}t)`Kw)LndQTx0F0Ts2syz>{-YEcH zXBZfLryT}{_kuKx7rUq4@;D)nB| z{>fLX(`^B7b4M{b294wr!{a{9$i<>D?wO!T`NGW3VU~gs9iDXbd znn(s0o>_)%`3UEP9)a~H|IU|h)tvDK!I;HH$U}C&%~J?&11IL2;NQ%2n|br?CSkqG zzs=+X5LgtZaOP@8;k;#%>nA3hpJ(FG_=*FArL~9~fwYR-W@v2C#+uvu28$1At|b|s z=Gqd&l*uly9&^n8W}4Cgm;Kh|cFqmi#sq4d^bmb9PAQ1v3#7OCGYW)Vtx#r_T1=9? z!95Q!)ud;oui$JkJY4gyW44_KgzJQiKp(TZnY`-QkxnoLQFQvNQX^Oo9NIzwr_EmX za20VPsR!xzqIq(RgF{XP{UBcJ`CI;SF>yX~fKvm?s{w-x1Cohn;|JI+j}4z)lS#9A zoI;!Y`kGf> z593yJ^b^qWAzjqJhzm@j@?}=lPucdrZ$4c`#Seip!>0wnml}syCvzmJkB389HTmY( zh`oHum@l(KqP8aF_@<`nku6Pi=QcEf%xGt-KdYGufu)tj%5kEGR^ah%tq>xcTUDRi z;tFR*qbrD6?XEyrn*JtF70d}azR{_AWQ$YXxy?-=GuoQ!&uVBwU}@#sBRn~o$iF3a zd`nA!$hMZX=eD+lnbF=7VOEPv43;*RiC&UKO<~97C$jcwd3cG+v1I+T;vsGVY6gfaU}X*y(t$4P$Lnl8?V>@IEK0S^@F9tC3v)g3vY=he z8Q>5T0%V3L1uP3y57|1u*}{Eqo$=8@KljT$i27$;?oolSR$unJnWLFqb`UCnp{$T* zK|$d74w|Cefh|NbR(goF(nD43il%r@)gM~;@e#%XiR>3Ggt>jA1vSGVERT&W{_K!ieY+ z%p4j-uxPy+6k-1iK-9^^<5bnf{uwWkiJWT#JG&|yr;!l}dZh>@b*jiFRI zDt1!Mc`=h9qGKi1o)IIdK0|DT38oayim=)wlCI= zYFw;1uVoP-x>>REj5fvU91TjhWkv)Fn!-w93j#RS8bs|Vdk|IUS%kodwh2*vhE)gv z2D`vv_<2?CWJ(+}0Vq=61oM&-IG(4-8A(Amayrsfj@S_>y4V)Pv@LfwM67cO24+r& zDv;Q@P*p#2B2-kDULHRSDqx}=T~tRWiwM0`8O<=d&ol`0B)|v}ufyN7?N?`L8lel^ zm6A2E`{8E(Hi*glJ%vw=&j6?BCUN>#Py9wG&Z!?cbK_ueOyf9!IJ})J7!0W9LPU>< z9AQKXK9?6r`esAKCVY-KlxIY+vI|;hNZ~I#u|yIdtz3Xek8wdbT*gI=^cfc<&S_kX zXs>Z$qTR-YiSwHlMy%twFwvgVStV10S1{?wMY5f!Ij0+GLr9a32@Ne~VokXP6KTvX zlz2OA0YzG33nkWw_VE*gdO0pda5mtvLlc7#HTE~vFJ~>K8=UCG+Ca>h2QVNEa{*12 z?Q2Z5BfR<^wn}p=;ef`WgQm%m{X?F0^n|*%HwwP2{!FSHLv1vUSlW} znzsC?6*!9{>mr`dW!VT+PQ=@DK2C4W{>I0o0|tgzz>TtV1(%r2GT$8U>zBI8cRZ~F zOlm|{PK$k9@Y~9$0JeAo7#wY3Y)+(vv!jazI6JghSWIyR1JkE!wvac?22Rt>a)N0$ zNkhxOZXV$Or{5ZFs?vV7DNGBBkYrGoHoYbu$o&XUmTzehYX3YRVcN2b5WU`fouN2c z8+K!0L{+EZKT@YMO&%8sg3CM*9h#!J_?$n&%xqrW=5PRhVmxXdq$qKgp(?9jeU{%J zAESiODu}S`HWxgy+*YuOe4Z@7XI1b41;@bufm;m8-6nO18jUVb6#Q7}~$6;_&bqy1klKIV_vdZug_ z_5bEoIqJ-VoCrPwr;$dG>iYI6o2i*tPQu4y9U;j4Rlf;;j1LTlA#UhK_UX-{SP<*& z5&okA<~WZAVelM{HN$Nzj98zsAmSWG1I+Ul3ntc8G(@bQ1noZP*!Qm79Jl#r*>zwn zh2tfVoJBah3w4{p%~j0}jftZn57>VRuM=uPCm#2o`g#3S!dZhq{rNZe51bBxGh7oq z$5;K=GO%5Il_yu-X7~B_0-E8~ivBqoaun6@V5w?=UQWv$D7t_RA;EN%USrg%>rU3G zt~pVm87b~RaN%5_h?)EJHLkeSMYx@z173qOSU_H2YbGO zybemieC&Fi_uk&#QyR3EXMKw>-8zs(hH`VdEqh;j>Ht&W!JKxWO5dhMf0fhztff=o z*Yf0BZ%*1NeNmGbn@|mXEZ5ogWP(azjYqUsU%2bA^y!cXn-7+qW)9b|CJ-v@=X_T- z`4nkkEd&DnB>RNf1GxLBsNou^DQ2C2FB%vLg^B_O1h0Wlvkg&aio#5dX?`K<2?Y!f zQajdC?APTE+H{)s+*;F^{hH?o2zSqY0l33rm9P8e?Yw0_mc936_LiR}LY?n}Js!(m zmA_}b%TXPkOpR$=eFGZMjo$#l36|~F3ZqD#hEKKxgnL;wIPl5x_=v!mb6Q0w@f{wQ zBn8>s2J!>*cxS-Yr`Z#;7=>|6ZI0icb7YDLbj% z9`HS*DMkljirnG%V!tW-uFP(We5lGbq*v$Ltas&nsLCXXY+6)tG_R5E0$tr^;C=d;^Belvh+RKHli)}#L<6eq$9(_T z`;e(>L{%6zXbzn8XqOfp`l#nBa40^W*{Qf_5k|9$|2$tjo(HauN+K0JtkMk^j(#4YKASXuqDU&AdM zPqC1w=0~D5!?Vjl!b?VwNlz5U^y)5Yv`LMLUj!DpPhWPRWuX-ZC(?BjN!r zy@|P&!8S3)0ve`Oc(}`N6@EL)2KmomsRklib=|&X2amt)Uq6{_f^3b?{(I?@0uuI%c@wz(hVJ7U?syxD- z!=I0CWbqgAG|oUlw_#uwR$N~F7f9Nk3+U?W*WKU#vc(A=vssk>6zBW?^yhP!b-YF` z(BvKV#Cq_;|!82dg1ipEZA2Z`~1;- z;DfTHl@~UL?NtV6jO``jZSSR;+fRJqw)QiTprKXL3tmP!Ejl?)K#E-%uU40Nlfi6U z#^7LMq&iCjaUJIvnHw0G>{7|2o*IQk6qw3w%`NiDW5}H4+k62siOs;slh6nZk%de^ zkns#oQy79pjAMZ7^P;u_NiuilBC%vYB??1c$=o+W6HE4PNy+{zIWf-?4vzw_^=5T3 z^?Iz_^&4&~rZ03ST)F8a46sIJ%FNS>k}SI3|ZcR>7|*dqw1x%j8>I}B+OqN z2@SnuiA)c@gbvq3aS4kt`dr#xto*}$f|@5%_UP22nj-5Nr5 znj$mmp~|1Na88%#l>91p_dLz?Fo2_7d~UDGnIhU0RD?=_?=-8)+>(<@A=6{N#|All z%GY1(3LT?WgsZ*SAH#Ti+lb26HG^)VzfBBCmHZn6rc`u+tL%Hv34%~*cVj#bt^RApeTN!-j8l~G=XBIoIo>P%3or|6tBF^ zs}1}0Tc?IXwbi~qZ9=_RFSvx2r6Nk+tHOQNDwJ7z5HO0OXO$P+X5s$G?x%eTfgLN%|OYGTuGs1e_zgt3*i1wiiUZX_P( zT95~;6#-X6#q!ccx`ETdQ9993g0)zVpzn$aT0$`~9hj_18$76fEawp&Sst0ILOtE| z6B`TeRf|Y)sn+D)tC-wDLyf5&9aIsiVT{>OWjvSM-Yh!qigwi#XpT+(ePUDC2y^R; ztEi?952Jbo8cD+_YkIW)S48(tb!hY(qavyekqPe1o!B_AS7H;9!C*Cfdp&~M)xnniv_?*$5h5sFL8ObQ7Sj*ZF+t!6K0J{>tTK7@ft4nYJFrq{%>DqA zT{N{N{t+fqtJ1VNs#fLjIjVNW@NCmpGdPO1Do>lEYE=gJo8m~V+LPv}e03v@;v&@6 zTQs3wsKIw@hFX2MX1tVvDM*VXM7UUEnlRPVA{so^)2cTmbP!BYKry~n-k_Q=<2U^ zLvX=KwUu><&%fTmnr#KvTgw z-m4Yd^w0#)Le$j9o@Q_^1a5gjeFpV({;fSddVn1;(s)Cf^$xC96)hSxV~)iqpx?u3 z{pv+NWCr*2w_h3V5kXYbj{#1oNc%TB7Zdc6(Vn*o_MkOf6H@M^#zN&0m89N6D~b7Q z%Ep47M%2L}_tYw&iYQW0ubxQjlvEgBsdF1-PxA_8$U*f)a#ZWxPZMiF8WdA!;xxCA zi&Cz=PQ0dbs{7xGRl7-FEP&|#r`L|G5xN2<^h=rGL`p)S_?pwn!H6xsQs9D^&rmIN2Y*?Dad5!Q^rp#Z8M}qRymHDXUBlm8RY_(-8G0hRaT+z*ZLZ;QFkxnyB}w z5mr!|8ev5(h<9SRJ&{MKCkEQn>xt3P^m;V7o?dNYXQ0&r;e2{$VAq})jYZWNok0sA zmi$Bw$9P~&SQpYo2?dp=gmq0xRhlq`*Qq-xSWM~?1SvDwF|pmuG)F|mC>PdK8&e6! zbYS{A$Izu|xSYydGB~M{?q0<-amXMMh?T*EHy97&5GQD0O9SxtFTpzi?D8kDmoaFA z-?S0#v;i)Z4j;ywYZu>!X#KG&zfB8Q#eP%3Rp(9n)K1R;sdIJVK)KZqAuQ9=6+zQ- zR5EBTj!Fh8tk~m)+2QR0>8a>#Lx<#4LC#vjnnCNj$v*AXG_@2QMGC9@>YvBm!95Gt zL*<|F=8EVzf*fy`ea%6FGn&f_n)z{Scy5~LVNBNhAod}I7?E2emXfHq3NprBXB`9j z!BC^6^_6YLTX zvBQ1-Ej*SSno2rT=)QBeM!1Cpv`OIEiiZjuXSx5i{T;lbk>uP~Kv9@OqsLHb@uh1a;WRY zjI01%z!ZEaJ`p`+@l*10RvzK1=m4{l<-w7r@D9bN@D9Z%@P3|cgAN`_*3XOY$bGo1 zvO>s7P=`cFX6;l6S>bjnOi@ztJ>QT`|5iLcO%h(#``CJV#h+^${$#bwtacxa7_SF` zF@i~`HJwGM6u}_$gAoiut?3LxrHKsU8I6V%rWkwSo9vN}~K&-n?vwa#MGFr;I5}3LV$Jd5J-{hH8q>AlOabpLc6o9Sob# zQd~O?V~PLxfB&N>VG|g>0`-64Kj{&h>OcNJ^H5$;VMGAI2Fi*JXSXFnPb*C|Z}CO> za&-^y+;0j&O8k5OV1I$XR#pB$W${7V)t~i0t9&c}D&X+Q{uCK-GBhb%*;2c@(k(B6|Qe8>C1x~Q9R@!Rm{Ql*<%K!DB zHSF_ULD#5v_x2Y5h_Ywf;2Im4dK9f(Rwx`<)Z@R4gR}!x*wOSFFBbaVtiTA? z`S!H=4mKoyfz7G-#R2UrD{6azbKD*nhKu9(DzfMR2Q-!(fvsK+P5C+lqlN#S7Kf+2 z`p>oaaZP`%-ov5^=ES-kJylNXT|}*4PcOr3J+60MDkmRK&bq8g#@F|27XTDf4G^_TJYKtzD2NJogS;_ z9D1W{S1XF{x2{I?_kB?}RR90}vow(c{Gx*Am0shge7(AU^X8}P5`O)EQh>kxB_a6F zZ+?vA{P5=Icchk3nV)vqdWHY@pHEr+wE7MHudDUl=I7O>c+Bf&s8j_{L_>#(-M>G| z31_Y9Y;}EeBa$N3@c%!1U)$U`Zmj!P@-dUz$l1;Ao^$GavOS(zC-dTKdvk9 zGIu0WA*t~=x9)$xPveCINxXx$m0PDO*^wpmg9gxOG#ZV@;-=VO{lk~!Xc`G7{P*8` z)Q@6ly3aV7qM=(7@$)W!|z6Q{JdZhD+yJ!(OnpH=PPEbG&cAW-le;g*Z7( z^b5ULhcvNGPQoA{9-15`M$KmO z>#B^KhYChiUvv6YZSd`fpMLuOzxwV}+t22I|C7G|zE!nP=Rq0Z-KcVNk~QV`*yzJ> zFIJ!ANt%9?hBWXSZ1NQ>R@k)lcf;SPBbK(Oq<1>yfgJ3`;#%NXaV-+N~Eu4KU&JI=@>*@e6SS5 z#>%UZtGb3Y%T?;&RUMVGA?@15e*fJX|FH29neAK*p$=K)cYE4-79K%htvaw&0H(~78# zi59c1S-gHMvt6+~Eg!$zRMiGgC39{URjqK02a3s?#5ph4*)qo~X-$)D@?Yr?S*miS zID!` z{r0da%EjC3t8@Nry0Jx~Brktt8`N-CSI}C14Z);<$7!(an|fC? zA+QGJgre_cl|%o|+tm9dd0p#jyY+0Jw)Qbb7za1)s;Im=S6jJ4?q6@clN%4yF2p`) z6Hdr=a*0!vC)5#KTqZTMnC0iMmUTPreV@N-Wx}*s-NIPFjEff_K6gH2g&SgdOVeaX zh(RuvoV6JQ9PF`H_E0YNutk+`*fTxx=QW(q`9oEIQTQc&`%}XfS!$k@-RjH!+6I}Pn-9r_c0@f+zSszbfRqa5V@vd)Hly~Ujm zZX;laPk#`LZ8i0RYSoW*6g(OHEF3@o4vaQ?xaW?oOIsN6cZU{-Iqm(Cb)w1|6h^*3 zcK$w}N|rxBH|cG}V4*LX4wc4;b;RczJc+w(EA`BOrYR;{(ARabWsYfh!7kyRo~N24 zY7|x?+MNG8whLC;y4c`((BqmI9b3n#oK^OYQ6;}FvQ1evIA%YtVHKVO?xnH$4xZgE zc$>GK&Bk6nKdz3Ouy>sELdWJY&W|ad+)zKy_Ss#r#p}6wbDRP|=d;*W9I=S193Hon zjyOF=LA~7V5ydDsRQz1wsPv|W!O#4=d?ndFu9>9c_$YUPdPa{?O0RHMAqV>yH~mxo zj#Dvd`8>)2uk(FY=h9;0=J0V%^D7;TM>^~VR*!S!;n<{wQ_lBe8}$);$2#IuHji<% zud|0Ev^nT}y??g)xCC&>+i^rGlgH20?Cp{XF(gUuSSgj%-L| zfS|(S&(kospN}dI&zHd$pB({=zVNirbE?K&z1R-X&DzVx;d%1cdjaC&@U+!DS;(5U zHciZ5VjP~fnj>mdY#iPZw2K=uh{KZ$!*NaE346z>taWT2qpCiF_&lx5A4Pngma|F3 z)^W{`346ymKXhy!l~MaY8X78KrP=cJsoB4U-qhwwo9i0 zM#m+jQ~r)~#I<}L9SEdJ5DV(;_w)?oGwn{ zxCBtg;c*VPfzx9gb~QdiuEQ^U)T~vEWWuZYP{7uyQ@z2?6Rp(8!Kz3m; z=FB(QCp>)2c871svsoh#nf5sVZLX9t)g&XTn@W?b-$KMHq(?Vd&O7n?rY19`65b;c zdo?H1@BWPUN$>&%a#r%EDE6Z4f_?v{z*`x}4tK+HV|j)V^%=?#0-N!)T8kbEtTa<^a#WmJ9lmZYtI?A>? zDad}D5$~QQ25vsqDhF5U)2kLef@adv0RcFwZ)q>j(#SiiHZsC zJ<&xEiVl2&9+zWu!_p)BSHR1A^u97yPV`Y9`Ht`^UuTDHi!Q~~kU3BTDjU$bo3t+K zrhSKpKE%TllqhtV3SX-v7I-KEEn;!C&ui9JKh7JUhiHUNX};I@b-}9?f-!k4!O6)fg`yh)&)M znTFp@y3Zc*TFWX>KKAqWIl(a@mrIDD)BDks1w9(rVbf#H9)fbl%ej#ororqh2bUyI zz0x%gADVnY|B>ySuS0Z|%-l1hDv&XM-Z|Ri*VUn1)zuvyMS0drgp9aGg^wd|ysucD zpfOpENx3;8t?;?~^Yhp57vx=pFI7|TTt+V$fL)au4!Ehpcf>Eq##``-?au{XS+PGL z6p{qku!2~|LuKQ$qidLsw{>mN4B)P~W_Ic!>u?Pa#d`>vVS9PrxS}-5)yp%8{VF`K zW;??oB~LN1=COP(O+cP8I#AGv({r=%(rUmVywBAgW)Yo}gC*XM!)_S6gJyvjU&T)G zUpM*kKpshiXB>170k9dY(rO9a+D?VQ`>f~SMzGOC4NqD*J4kzpW}A(WCv3E1v3>HIU$D{U1^x+JeTzp}mpJDxH?a8bs})}$ z0>n)vi<)D6ag2A3VX}H zIzbR!AycjX)kU{1&bJy}U0Kz;Y#ZvzjjpZ&H_7rWa*a;l0%nk;J=teX z)850sxw&5`pP!+XN^NS*&(i8cS$tdE+1=5yi&93C)l*jcr)-o6Q!s^fjH4EYD|jn+ ztBVgg(&tkMY$}k?K}EMo_C2xaCP~k*s0RF+@hz7eY!1|TBtPy0H%es`s5 z(Q=z-{1pc%6Es(7Iqe%=Yg+I*h1>-<%~0UE459Otg@QRDgkQcjT8 z(xQYP5E~&L1nX>UUwOjRly%BT$mgw94Rm~-nyW+mW?MZ#`?qzqy(#{MWbOYv;8}oY ztA0~qh@ZE+(P&od^LO_iZGE1et@GvAv%`9w*W519U+M8)l==N4JY&i42N}YD=3PYi zUhJ2wMA%W?sgi*1n?nh8S|z+2ML;Y?jq;{k^W$-R!8tQEr6=T`{Qhrv^Rw;#J`=|P zV?g(U(nA@cndJ*pecohPdP(zP=UYpcajNpeVRuK;d~}SNHRhZLfgWAOE-U5DvM%;` zCH{DNisIu);t}S2JWTN^*w3J&8AStQpHH{ji{V^oKCUUFeu5e)8dGh;?=E^}7R6$! zip2Kpk^WoqdrsOdn1}oyO>4-U%8C+;eK%tNKMYdeteeN(U1dD``*#^CMK2kH8jim$ z$Fd$yr#I(Jr?@Q30Q1a6_PVIB(_Q@UCsJObGMBmZ@75k~BjVq!Vd`xE_msb*vY#4u zQg%Js()52{mg|bEgoLGUtW!RZzvydm&vH5$<9&#U9Ie@y+)nZ3?r-IIXasU0jq0x-dQ77jzWDTo_(Ge%9|j;mUx|~>T4vp$aRM4lx6BA+&^4Ua7IdN-BoJ4n%c}sQz|#bGI!0@);&*O$JI^k zW|T8B@w@}hxVKiR?Q~7U?W<)shWc4%<)9;(OUkXa8Qa^BaePyy|K=r>S#;fRihR53 zTOU2eB?H#(pLejms??9TB<&j>J?yLlUtq}N>YZu08O#Ufvwyw;_pMYrzlUnzTSAbil}zz%1No3zn5d}^_fL_ zn|su$?QCkbpp9*^`O?8tk8^Czf-YUq1km#hwNHiGah^0edVS_sCSG8Hj;xrI%`w(= z!{j-K+F74rq=~L?Z}dRZ!?4fSTxV_C#xkl{#r3hwtMv;Aa$LQPsvp**MnAI^!dQ3L zsU2ZP);Bv^ni&tzC(iEbw5=Tta&&9S^N$0N7ZC2)ngv}y(y;LU|Kb1q;SJJ~_Je!& zNSgbPpzhHGho=XavimFulgyL$J)UnkIgEy*jK^t53 zT~*Q5LENsx*xUNN+Xb>w>PTXGn-YmP9l|qJnnOIEy-rmylt~?`O1fAx8s#1*rtjCt zQrQ0Whv)7IR_)I}K6kYc+UIX8Dt-QzZu3pHe3UxSHm9_Usw9jNslIA+CSALCg=&wg z87tOvixeHiUbU1*`B`-)ReQ}ta)Jk!;-g}^cbDy-yP2pmww3R*eN-cn2Qu4GD(`0< zPq-_n+Do!HW2em(Wpx+pe?rqmhsSb}&H#l@g>U~7>gC4sa}W99MOGuK^*NTK(Xv9D ziTZIt8w39>-iktk5W&gvt@}x|ty;7^um5LD_X1lw{iu-jsuPA$yz!zlcjpiVUg=mA zx+ob~%}@;P)rfh%^t9=;J5PKWRQVA*5jxPHCD6&4;<_fXXNf>#&ePUu)x zTjRU)w~5LBjF=c7dV%H1M~wTI#FF~_b3#HZU1;Q1Za{oSH>WH3WEcv};0{<@j? z-03qGI&&O6VHu<=8LJm$i6rzW#!JJAPRAGI}1B z{v6fuac|}hUEAd5pXE`EX2P=Ln{J}i;`okbc?V;XaKy^(xwSXcpAFrCBCN%_oYd4I z@^|{I=?nZ!aS^obVM8MS81eb(wUtlxX9J%o(v6IU5A|o`z+n~tW)q&l?#|M@?D_|dFeX<({y%U?Qc&f9O_Es+$5)#H5W&VT`GB21xy{xv5Vt3W*Q7R4gg3)Mxb1;g0v?wI>2rtL8 zY_s*LwsxQ>4n`@Y50A?nn1#XfbN6ucJNs_fSqe41#}-b-6F7&{@r)`>IN=qJEhDJv zqM|qTA}9~dJtSaPGhrD$^#1Q>v+tgQ$1ew=)XN9m=O!mTQ;|NHw$k zf+0Cmq<`>IK_`NEumtDK%T^@)CDp;DPkf;h%tP56_Vmc1aXgyUR#3sz=*xcmr{4DR4(Te5DTua)mcJ#nZJ6Hi%p zzRT&q%CA+!!fQzDOsZ3U-4!OeHdB)ugLb9;Lex+y+eea_H z7(psE@pO#NwvuH;^H79(>$Ed=bS?Zwb>) zLex3`Lc;)+zhMo#7KMDMHe?wV%Mg+VeMh28edtB^SS}au4={DU+Z65n;f|h1J-N@C z`(jzu`;$%e=ldldZNvMDFz5$e(NjV!mWBc~+mxY?3`N+xQP>6Z-3D0z*xY{U>?`?$ z+NFHzb~KmJhp_NQ-#Q3>4j~}R)>fYE#1rh?9Sa9-_p@Bt+800^k*Gzez@<|!Dj zt0WfKxoS%Nm+VF5b&=OeDC-nz+C8Pve<+eB1lA@z29UzQRk2SJ0v0Kd!T?_ZQV?#1 zno7g?mNbsPW_3Xxu@oMD!?Kn_pKqI_`e9XgR}XIh`4>%2u&=dncw zlV$yg_ZUv_>=gd@!(ZSde*FHgfBA`CBprP5oh(@F@3BaoUYx#GmK6)~{g>5xLI07i zg@F~IBcu%qUU8)V!^KWlOco_v?IvHf38Gk)*gUuW=6Gmn+M z%h$ zHB3;RrWv#moqKSvNyeXsT>%~3AIsD>^Zt)BDFhc1qZi)?dQaE~6Bt+=LEN>Qn&mZY=GJVxTzjC#SWfjkN_S??! zc2a;M#@GimU#^;L@h|PUmq20%Tld8(Ki$AWc2-<3fAp!i-8ML6!Uk`}y`Z+1Q`rn} zWVK`GkKmAgubT{gc)F?coJ?rB*3eI1l<)iLDQLg_^q2oyoCCX9V-mLTv3$k;Pk*L4 zAVJa&yq$#upI-|shO~jQHGx(0OVzX`4*Q)2FUuxh9_svbyCIM5z1~luvIEV7bKmQ# zY8xl|rxFh{)An8h>8b(BKbM{pHVWp~&zOUDNBjW_h3QvhEjL;>?!q_7NeH zAJ@2)P~atIoM8mkbiz?jdRVT_v>oQd`UyP<-LS9|fxWn4j0bZDMU~eqn&^QuDS&2W zjVX%L7XRGA<_zX>+Sm^3nAn_l;f*Z(JMkh6)J6F*9wAWCgXLv>lU)g{){-5$0s{9#<}qOQq#jag%!tmYCV zEsG!Whi=9|*B)TYx7BZTRc>CES@hUF76P_4#Wvxl&G#Lj6#L88h+yf{pvDim2JB+X zHd5GBp&Oam5;)iz%%@}U*!z$#*vH+CVv9r;%MnW>o7unsnlO$p36-c_B+NkZ9T`V_iXItLOx$0Lr@HzI-(-EV%dw?lo0#L-%U~1AnL9Sd zC_Md8FY}|@{Y@B4-1~Kg;#%%cJJTy(UChno7;k*H zz>Thti8%^IypXR;nCsN2`BW9Lc06Jg&&^n>B+|S>g}cMYB2&q%Jef#=v*VGdXlBL& zC4lCYCm#HIEF#6ZIi9gg;b%O2J=VM<`0?&{+;TgX5uAe?(hJ?bj2foIafN!*#-otH zpAqUQ#`AdQ0PnFle)L^NSo8K7F0YcD1n;JwV4s@I%9E{%;4E$wpJD?Y&CFP&1klX# z#9TN>BT|f;BO1E|ekQ}$Va1H#raEcYEd1!}Px$mx!!9~6*gwclur4-l4yA7ph5?LS zltwUd=#EE$`x(6bJQr^&SQ2k+C>Gs9OUL7$3Y0Z%L@tkXqPj_gr42RpTm2RGVh)%T z@~(4cXkE`r(8V@AT?H@BCi0UZC0y}!&M{QN z)x>FSgA{sQ(69LJ&qyMGgmr8vDcqI)$yW%<%yE_1NRHDWx{GARv!A+1Vv!!PKjY$K z0Vt#WG3C&QYkBt9i1R@C_o87IkGQb-Oy_{=6;hc{<_DIe46Xyyb(+D&)1C?)hD%ZU z=HvTiD}jG9PNf=d=Fe&ZH-fRIOeOGN7V``cS%N%`Il*yGdBxchX z@32%A^0pu~Q`c>j(s1!U`-XdZU*9(yx}bQTZMVk!xvYF&LhTR}^bPKlKLzxvuJl9guDJrlN{puZ354d#<@$GpXwqmqZ)NQFh+&q&p9pVW*)Z1S}E+xVtqg9GeKW+boF~T7^GxscWT{kCsB}G9sTV%3g z8AR#U@wNEE#J?oKwc7F1frd`)T8xJB;d3v)cBXqEOel8a9Ez7^i?wxPcUP;sbjQA7 zH}A;C!mC$o-DD|A{GR8=y<&toDO9obAIg2TKhS;hm4c=jgRT)>ug3Avky8RV+~Qs? zt|-UXeYHi4=rtKz-P+4;MAW}B;?)sOCd3APGFiJ`Fml2u=VXWM@8CWmqB)t6i4dkU z&E6w|E|wMc3O(|ZV7pSbi9Cb}#w;~oX`k-3^kFBLy6XAXD^Mi$H$lxHLk`gK!qEM6 z`{qB#SKGZCg6wU1DR+;(EJR3kzFqb75hKc9F&CZU^A@t-?P1^kgdgI9GE=_5P_iJ{ zUdu8y75;)*_uN-M3hF_zZ$GHaNZEJ+X^N7$k(v`Z;1V3#{G zxg+F4zxH*ijlJ>!)%F4D^S2e{^Bik7q&r;|NSs-(C?(f8LoU9`tF<{(41O=GJwao` zg+Hhy|Et$nY8j4yTbatT*A(uG4bn8IiNz_a!z3Z=C}}SeU?Mla>E(w}VeE*=G1asC z-KYQ!O5X%BeMQz3^dzMWxX^hvs91&sSyvcKHIY7<&qJ`g$M;$D~?=o2Z7NX z+G4v{XT=t&i*75b!o?O?EA|VPg_gwK$Pwk7Wrno@-zM6|NKFy?Y#bP`p8A@5C2zAk+BFG$arnHRZpnSEtyam<5O0X zUXaPucO;4MY_Vc8IZ`0lbHk1f4ZQ8Kp z9ecV2s*fq55lh3O2F6B(np+ysTX|}&LHuFy$3Km%q*pvYk*3*%E(nHi`n+23^Vb-f zGddi^lQ0`f6Bz@5jDC3ZE{yVq&CoEKf@h+H=h;F>&lRxuZC)+tqhCp9=P9V*oUBww zlZOOQMt+QVH4&>e9s0Zy$8r|rH`{E}KsGWq{|(Z|dW-jfhZqe?J4bO)+N*Jlg1lWm z&7;h7wU{oik?x>i){d>6C{0?N)ne;7fsB|ecHAo{$RhHiy3P;cX((scgC({EKnrw} z+M^Oi;}CJyOo>lruduJSPSpVgf5yv~7cN5H&7~*1e4($zLtWnG`{%iQNxDb5ya}=g zUnyck1yREAZoK`3Vpi5 z`{7(|dq5A$FV=`1XL>yiciqh^p(a9#nY4wr*MTy(XRVTpm`f{O+)E%8p>p|NYYVR5gXrdcv1 z!_w~2+ZsAokDEw*d)-9u?D;7n4=`lG1~%^b?e6 zjm}v)C1Ki|cTE_NUXs>5sOe!6DrGMl`*Niebv9Wk>&LSCnx_xj!}6ESKl0kNnIs(~ z=b6xRZvKb(L2W=*x@`Aq;pV9~bfo%qP3$WJiSNWV(K{#hl+fLU6JEV~v9slT`(#Yu zWNb{}#g?$>JT^96N$9S^wzC!mFJJqE^4E1=E#6eHh?e&P!J;2U2}y?)=d}#|wke)5 znM*E5(y8U|9SrdqjdN zoA?dOJ7>+XxL0e{Esbw0G&D}uG&ElPbw`ozu`pklaMRwi*~1JHmLQqVY=fwnB(mck zH`(Ndgo|Y0uhwqEMjlRwgH!c{ut9fuH>U)S0jK?y7jj?Fg-F}Bw-udz6nI(9s8fXV z&gHv9F~;9*RlUpVjoIsjg0!%{qkCZ2q|hzy9hAk*g+txo!Wa=5nPh%LtJ{z<$G0M` z!BLAkI#Dh9Krgql&9IqG^3sv7(AAsDp4P>!TGYXleK94n zFSv&CepaA?*kJ-rsL&5iSGtbKwy&O)_fX@=lg}j2bn5fNqATHWHx0{~9ZcQc#w9m> zL5I*t0bvbsqN-aH*Dhm-?8ye(z&Mdd=Dm~cad`(bLo3~dJ}T|N7N(m^^T=X$Ltd1+ zeC-LxZE;tF2G*q$xi>2vtFvmwxmXyKb@b@3d3}cfNV*Sb)N&Iu&Bef!z`;dl&^da+ zY|S|cbDZ973mmnQO~ir_%og^b?Axm4i<7Z;2E{*>hsJvD+?9Tfz*QcnXR#evX$%jG zV6$^TrRcF`yZ^rf#O*9xMQd^jjk5yd%#(~?Tbb86UE9Z^a{1a;>`h(mu5ydV8O;5{ zo&>~6>kcUrEJx0L(W|U1C^pkp^ZVi(_t|lSfQ%Qjv;!KiW?%ClMcnza0pnzkVqmOb zD8plAtw0Er#r3LN1l_@wwU%TzsZZCqdM`Ytw$d<8R~I`x{$?-qPZ9&Ndhtq)qa=lH zT0&BIumt*0bRh3>y76m0#$^OtBK;|D+G>w#h z7;zgOd|;i{qDQ3xJ-6!Z*3Gn`*0p+CJTsa@)3Qj8w587Q?+B!EfQ8E&;!nlZI)7@m z8|qK{l_g4Y$}9t6-es1aCPd_VQp9ZMc&0j#b*{Kr-FSD!=z*E?OsX%Wv*0wk@Nk=V z6^SRDUs1l7;HlIRM@qMYo_Twn9o>O2F=t)uPt)XCy}Y+ZE_Yp}j3J#_^9_!(ssWXk zf*Mj-&*D1XE_u*!pLWS{n9&i6=bKp%yrTPv&IS!B@~_3xJ^Sx_(^u5Q=sqI1MH53^ ztZpmTRwuX9n)#4B2%Tp=q61I&dqfNVa#*i-S?M)T*;*-Qsom}obznY=;T82bct`nw zbwZIgU!hh>JS2Kh+((=z!tB*ea7uGK#HC$PQ0NRtM`nC*DI=QK(DL$PZLt}lVqkfB zu;Wn{Ps(561uO^0cZXuTx~{5LNXiE+wZ0@Dao5*T7EXf?Ijk#1?cul!B>{2h|e=!8;~ zr+;pdqVLsWTUB2UBH5^>cMav4)5BbROSL=99f8b>Ucz((D|VihlGrPnEALVknwMHp zcf+hlcIJp{D!eC5xVD9d!M$T0X(C4=VMILnmoZK`Ru{L`O?BmX7F?@d7%lzBv_y9W zZdlKlDxhM##K-m8G8TO~CND<$rE-oE$g#KJY8gGb*Pp<0?x|$aoE59W$iDtkA0z+0 zDqt>P_hMwWmu=(f$B>XZhxjz&lvTaMWYym2VE~;R+v~x?tyB68LTUr}c+qX9{*a~E zvBaT#v`NpmswO9%4vI1rQ!3sTK2G>%DgWmm|Mb2n4{iPn9yh&VU%jH_b7|D{_67NV z5>U>!*j}X2<5ULCV)^e9V5nOX$lsBeY89d9P;h{=15S-vt(BKUQB>QJCN6J3-eD2`iXBO%+l(37(!9&R z=36?|2w5OoNp=a#iXnKiZ8fSji;t@DLKL1#cUfYe<}X#q^*u0PSTbJ(*&<{_(@2uJ z9A=M5#+I)v7b9d@Y~Fb?^RTikU5$kW3}o5jZufm|_J4IOP}w)xuGl_e?5n+Q4KtQC zZdD8v$f)FEyJrQ3!|?T4ohb>$oiU!vJ^*c6A zLDQ*>$Y>}64Yg0=~X*h2EV2#dW4a3kY@AIrdCOt!*8V${TyVLpL zG$l*;$o1Q5O<_DxMB5#B5zi=nQC8dfh5Vg2Tqr%(mu-dYTFCe7xo(JuFg$>}lCEWo zwbxg9%EB&nI4I|w%%ZeY5sGr}(8HLe7Lij5I#s49i-TL2vg%9Xi1@;@3xEq%__);P zm|~DHUwY_UGHB%67^A4OQE7+b7MPevj8}Je$&$X~H7Ngs8{f5l2!@$4?M6G42we3n z=G!8M$qGB0!#AWZUCo-L6!l|75;zRQ0XUTnLpKHIGFT~-k`-3i51;nD&ZU-B!b{qh z+Cf35+B*Zhz5HiKJxU?-;POI_ z_Ns-vD&=^rsJZG}T5il68#r`ucl7NXPglax)B9|bTV-4p@WkQ87P^Fd zykjMveIm$G)@i^(Bu;CK46_nUIvaaA@)!MtJ zTq8tl>`9-NytzkK_t%rS2SdS|dVIBJR1g#R65(fPPlG4aTDlW_4kzXK#Aiyy__!2j ze!4;KyTLR9P%#v`#H8BZSA&w;pghK)rr0%}7twL2DQcGPL1CJMx_G=P2ULqzgP_=78UL7eWJVanb zNI|=dG`8jye^e{HW_qd`N?z7Kwl8(^G~%5jus6M8tG_`^41bMHIY#iV`cv6t>xfRL zAlg&y>N8S4jXM^6%B4ie5G!K#^@dC#8l)yJIrc=2;65!1j{@ zUiN>H`gckUza7KGa~h^RWtpat=16KpOr zXizH}`*W@=+>>?1iU-VYTAhvN?m%i?HUVoK_dn2p_^jA!X^*A4guCfVez_+Ify@PfS3@eUT?!B1sToeeCMMHRjvXUfB?$Ya}CIDe7n=ntD#wwEv6y#S# ze5&RpwUEb#JfTUc`9UGj@>FMRRthA;m8Ad7l;gd_-PpJ!3*&@n4~v~gEbI?F07 z^9$vLu1#LDry@`Ile*cyXin<=@&sX+?Sbxy!1IL<^z=lttc!hHF%=mN^A@k)FTlim+I6@RGzk(OtrrzWTgc#Udfwc4?KN|#mtH+d&=tsQcyqWTK?xs2q=DJC_viE!93KteYR7azJyVp+`WzXu z8Za#1wDlPGUG{jFV<*3Te2pZfh)EyFktgRk8b8IEA$3K_U94V2DGY3k7_0v1~_3#CiYAPXGD?I!265vd03FvXD9 zzg6`Ykt*7u8fe$S=>?5s#K#%T|MZJ0A){LiE_l3Rj8?1p?r`cly9{e{nH~HZE%uBU+084!x zoQQ`;I%I5G*TQG;bYyY$Mb+lB{xBAWM(`aYQQW)J5vbH(nKSfswv=1W-)ihg$&eA2 zsf8;uk&`zEsja^?q_DX@)@PK`@T#s>2m8j^i$10SQ!W@vU|XCX6b=7AjuZ_U&j>;$ zJaYN*0C|7$7!k*Gm<}Sax8NWk{vAqG({_c>&AO-oa{_jPm!k#d6l01)SARb=?G-&> zYg4N|!IJL?ZS$@JU&4Eah&qbbbhtqoV5N~=P(*J>SWQyW>WHq~mc^GC0K zg>+ma%jRQP&rYZU`WCdVZG7J_SvUYcz+&y|fnK1qOXi_)J6uO}VSU$-;|mFZrSr{e zn8ri_{h=lG6G$zopG4|OJ*SYC*iW8YWKVjHS7*F>73mi6YQiZdpr67*`CgO9kOU0d zVc<0TTC|Thj?)P#mE5uwhco2l@#u?=hF^0Gpx~*j0|wucp*zxjQKL$f&Iki*C_~G7uOGO$wexW;()WfB$snU52rJ?Dkmdi*p61%2| zhLHP1`a?|y;XDkp0Eq}?|6%1ETzo6qOPuF~4K1fl7+?-?^H8*S^Pvi>T&Sq-O~Z)Z ze{dcoESJIqUw8X8%mdQdA}zPEqb+pK39hg8hWm$MC)kgqJ*ZciS3q-3Bw9uOubkTzd9JrfZ*5IO$Xt z`~~c{BqhlKb6#Kudu`N~Y@W)skv*Q}Fb)h9?xE1v#OQ2>=cqoXDKaeYG(>d81KZ-Z zU51s2@`1Iu?UrFJzE+Ew%70YUx@qpXa=?Lz5WaGrS06B>h>gTpnJPQiFn~O%s$E$@~wED6b zEFVwCvZsI~^7X_vw0-fK$4B@TZg^aSXW{$mfLDGTaw>BXGxO~xr%>#Qop#eFr%|`6 zt39)wl*dgB`e;o_!rtMgBORr~zqYH|oGeyLV^k7^w(%#BJ>Xecr$nrG@VOBxO-laB z#tWWtd|hOH01L%kIm&Z$qzid*P|$})ZJLcY{y5Ikmd+}`6JO$!g%t3`9bglrmwf!X6AtaMHp8&kJ}0ZYqF zB+j}Trk%Qtm2=xNEbrb@Xv+t3MP|EmgEXv2So)S8)0PirjLt$tc142-jq4#Z#o=yk zd{;aBohAy4qm>YIk#0j8`$8$>X#cpRdFM4QY2Iz|*P_YAVY3^cj(WvH+kfxElt;fh zm|G9z8!-neL{ym18%&X|ju2TRnIlxy6dmiXPRRZ+l6T>#j@p7m{24h@3ppx=1BxDMquVT8o>=N2GO{YmF`AXizsAtI)beq) za4O5erP4A!{A!)X4rf#>xG%I54MaYzW2AxXsl}t}@asUvT2TMt-U_XqSKI_PcQh_j z!zF7zt)<)6RKV4^s)WB4n>qMGu8@FkY2Fd7*bQ!LrD7|}8_YL0W)4?5V$+cyGN;7K zRgI%yV{2DPdT=g0!orFVDeLHiZVTMMi>O_)$?^6`ZR>7&8JXx`%+w?O^N_IvdJK>y zZY!r^o)u1tIvSm0-GnLbS}{ej*A)D1Zf#w^KI|bph-F$?4QIfyOzWaiAF7i5$?rtk z@IO?Y6X(3nSIuR4hLEnxODOZBRqwftuXpGqOK@xlr@el{D%jM^MG#DDf-^G8<5!3Qto;)WqP zc>2jWr5MXUTYmmZ2{?6kBrodv3h!hT-)zLT8_lW@%jH!YmbJOmkZ###m+sgd@IK|S zR@~r*K0lX^9@na;E9?*fMk2jBUihQJ9{9=$k8yyA52aifDl2W4U>&wuly#-eGCe9y zI~PZku#qCH&3#Q_tsl{O_rr+J+9Q9X=dRgyk*`^{QOD}f>`ry`L(98+PFIVg-&%f540S2V~t%!4tDF0usnFyF{?38p~JZEOSfPt z{gF8>LBrB5ef+zzPU*ICwXLn-JcUL#0v%}2&o}ADge|nrKVUAN`8Wv11s&o<#o^bJ zG0tyrqGaS%Q`U}tlC^N}-QjUi%3+1GPVom0=E%4=Rb(b(nYqHrenTVeq<1`b$1o+b zZjPMDl49w$pGKlI&zeE$SjMN;7cc=189UiLKh!mhZtE$6FBbON$RW!NbCxjM*j*iO zPSvAM`@(ZF5mDr1%euYOkyEAWd26gdPpl2wB$-#WXz9*75#NDkX3(c>T zIm=F8uQ7S4)*M%Hb=#TGRHo{XAseR)b24;ky&z)=`Fuc zY4HpPAYJaSEP0y(fGBI9Sxxx03^#-AIV%HtiDB8&Rt8`}#hWve`SuZPTI>4e(?y@D zm*&-x)8W@9(QK)j-AZ%PV8`KdD0c$x7Efca z6Trxoe#&MZt=uPAH#kehp=^G+BKJm7k_64gC--;GD?g;RV6*Rx8RbF;3C;mqa9J>1 zyhS%0n;CSf1~ARG8v>^2)FIMrI`uPq19B#NPvubsPO$uJkh87^D!)nApo!xr8L|Wm zalj{EWM(iFwWxEAzvOb34S<%@`9@yyI^VEM#Dp;ytN#q++#$h+GNz?>8x$%Go_gK1 z_mN9!2QT#xK(fQ)&ih0jn@2t57e}EOe>zJS< zZZrpY2|J7dPQrK%aH4k;D$3_F+r=Hr4NxdBCk}?co(A!tgV8NJ6;+N%_jKSFHTwsf z#LiWcDy9b1Xo0ohC5o;AIYEdGhza6sK#Ue_Jzl(s8}QN&W;_yzud-8m*ev`o5%V3HQOz%fpWP))FvgF*tl`usvlt zM+@u$MTyK?AGe%?d)q6QGvY`46@5lnd7LuJG6<~05wLBG$qJ~+_!6dTRHEgP2rYqb zxW&zqFM7laE^#w}!qsUf>B_-$GA#V5+#&PleYXAE&BqVM(d0Dl%?d9^Y&dQi2riV8 zi{B5sz411TC~xg+UU}2jx9qBfr7>inAKr9imV;+NqS> z+Cv=h*uX01S7Vuc>~>X2@kex@gn6LPkyUwV+ptT|6v|$pPk+G^nV2}{cUn(8=^gsbjDq|4o&(nN zZhKD8$nZyGC#Z`R%MYB_*1#|mx5BL#)Mp;kOc5>i+Nc~@CYfHHGn6HIcyRcQ7YJhT z>8{M{qS>>g)8?oswSPY34-iVP3I^?RsuHDFgw!vBW}766>kNfjvh6?5mc{-)M;3sh z&EHkkmxDR^5Qg(}dmg2T%ut@% z!~_u6p?zE8bc~6c2zAp#1?ioh4Ac3%7d4-0-P4k21}!Cz8>M07q(Jb~nmQ_8K|Z%mGIBD%ZwwveRvi$&Sp-zClaP zF~!FE7+GW+8Er%x8C^^pt;*5ZM52mpA(2KjkjP@%_iMPk{Fc?F?e3PbR|H{X#|Y|( zz7dpO-NX0zxBe4&NZ`ZWkRpsL-znGC;XPr76k%L>PLi$)Ul|_|gt6o!*B!jSM2|^= z#yd(5k+5}d&e_^2XZNxzr{ywR-kW_HvXs>VQVV%3j>rP^j=9c$HRdhq+M$%Cdn=Co z8Iq9(&N0e%XEg}!SsoKC)!fj;mhK+8Cyn|~U)} zn3I2_#+1P|-yhnQ<(u$bLm3TC)EN(MR z<|N#F!#Y5mWn3lV3vBYFblQHML1-r;>buE7!Klfe7ajivQm z(8Telve@mn`40Y$oF1gWvK3-gO_jO@&}ZSF0&>n7ZO57Y^#`$ZdqFu~`v`%eHwuE) zo2GT{r$IuwvZP!LgK|6#5(p+@!2|ou*T@?W{~KH)|4jRg-lUPA?D4w#sl(?A+j&6K zvt@IrMB*(YH*|zz^#hI8s&4owmFk9#(x-0N2xaO7wTD#RGvzy$S~sXYw9n?_y9{S`4pU+PG~JiM1q>n?53s4<~kG z1J&gWfYnQZ6V@H~8VT$Qca4Pg*dULG$JqzY;MPc9T`{d`u+~u4H0ZbgxV#F~7S2vq zf@7m5nQsNwcvXG3@NX6Ka{*VT?d>sxMw#NonVwUeXnRo)6>co*aN;aQEmEAB7@-Rs zzOw?uUYFU{BV3^?itA=?;o!@*9&e!_B1BZsQSl9r;|-ObP9_fi)MX$xPSmchGZy^M z-TLm*=i5B1BU+@;1-6O3-@|Dj2qi4-x-|!Abj@Ok$BC?a@yH_?b4M+_ka_JBo77SL z(z{2kp5=~U{N#W~yRHy3!a_>BcDVt{FV%XDbD4{8Jc0u6|KI^r z{5)}^=RYqvoRhGi~~fc8pco`^f=h;4ED)wEJv z=NYmg=A7I%51BazI;d9(X>QIqp7{mKZb65BGYP)@rF$8ip2IVrnR&E%f{4&uA*Ct9 zJ%PQ>ch%SYX^@##`A|K~%OE0=9IW zPG)rMc`W0rPs$9ISFB<4ooC4A3&Xgr*fF+;psU2<8r^oydMOQsz4M*~(PavZY7F1j zVWWZP<|EnQ5Oc60+zgR?h!oNY+(OziB!cG~YV3aKxtFjZHbDV042Vbhup6r?Q*j`0 zv29fp+9L9xKF0}6KV20umaO3cinA>?i1a>X9A7}-Y^lseLkW*TJXTp%`Z<(TzA!M*7d0lVnY8NXw8J?ZF4Og4Ub`ai9 z5t15C2qz}=8E+!4E9KvOwj$k_aB88@VnK@4+uVE)L^C5jm&}e!PgiN5jdg*WZ9+B1 zHfo2bfwD~=OU{;RzSfA|jt}P&ju+Jgy2x;xM#JF7l7b=0HJ)BucHAlEY`~x)>ahdEQ5I z^F%GYOH&~D1|uDT&qntN&&hOPWotMq0w{h458-CusF{Hmru33}8Sa<#(Y~$r0wt+m z6qv-mVak@}w2JN=K)l2DDlfU@q~Lt0>Rq-?$4Q)2Xc7636Nh`2m55EInz^(utnU(7 z^d`e-N$s?0 zL(+)mgW=ty5J6X;6u8yv`+;LVU1GB)^zc+>rt?goqUh9ZIZF46$Ox zVu%ti7^SkNMRxHJBDRZlD6w5U#ER|WAxeA~H;BU`KS0#ZQ4+^?>ySRSLnTUVS4#SX zPV6k6*p5^H(rlk*fE2e8pJLF^MD4}(P%+DuiiD9C>o_xNf)ylPgg6}`=N$0Gk~u0`U(!?fRXczN9z`7R^FUCWNP496RhZqhrkcrkFJ!L z)B3vXYQbA8N%>AOSOPj;l7CPZ;|TH_w$Q{7b{Z{+m?D`%w|&m^N7G?JDoxL@l1?&L zcL5FYJTB_M{Z5ON;?ndEw7k(1!e$3yklC$J2HMQ_rbQBYIcP1t^yiVyN`>&%m;bf zJ$k|hu&dfUnGa;%c@0*!g(b6eKaOU0fJ0513yXyi%mdbseo}vX1~sUH6Jj$cJ$rL? z`R2{VxWAOp3p-c`swwWC7et#cF_WlB=oSfAKmwPRKC$mys;gwMqxb=*W$ zF`{ST2qbGTXo72sv&NsMrf#{OgA8tZw1@&1~wM|=Rd*T>PhZoU93-)av zL-?Hu59s-e4>#-y1X!>bg1|Ps!807lx>i&k-r7OU9}g|UWO07nLTbXvug^};16jSc zJV~ILDd^p6go^%>HReQk8Zy6?MdnfrSUV*N%joJG@g|AbCfJ?}wrh)|VcARrX=v{p zND|r*U=bpnpAfBh*FBW4XkZh4xpi+8;O##&I^R@Nubx(QH=3%{5+H`!Xm z@WSEGtU82AvQNGiS^$`@I5{B2T_t9 ziXqUv?q809%7)#Pp;JQ7D>E*H(5{r-qHuD91lyLJ&lBnHAw*Z8HJ*F(X={22@hP%j zdz`KPZ78qiaExCnpX)ldHgTMrYjb+{0Cup;@}G^mL3&^hka-vYwk8RXD7lNB#usIF zx6RRw{M|2)6=l$ZWmabOBV`-+*zgP~4^3O`=vl9dc6OBB#+GGGKbXrQ$hFW$fn%vE zvZ(1c01!-sPqtOQ&JJ6+aQSWVz((YCeSxPD`K>zKl?f+*Uo;Iy($Aee7|S&sy0w<9 zUi#7V$z1NF^vQxSV79OIhrm9vNgo@ zxKyX&$7FA>ug>XY@!(;wjcG4KXm};iH}H43SG=w&Nd^ykR%~M`ME^w8CobkjPzhyy=XiAN8L3LyDGg?+a-k{j=tCHV1+Z^6kHPX&po z2-Q{cbDpqCX~p=6D~N@M6>bH&&GD3EjUAS|hpjlD$_Jd}g@I7^uC~szU3{l-dN^br zk^2qVYV+c&kLy@%iiE%z(Fx?u;jYEK=&+UyFur-5V(J+1^V91n-+ISP>8N?afw%_y zI+}I$`UPa@DVJZRpE{0jkA%eC%BbT2p&TjQ26EycwGHiUjkV8bW29|^=jyJbO{!QB zHxxY)H+-K;yoa$wyk+cUf5-|1Z^R7Y-D-c)v<18o6~8VL)`AJS?_#Bn!Vm<3ipv8f zstn}hfaC@N!IA?8ByB)kmXU~*VxAGgjqmN_=^fIu&pYy)>hvLdoQunQoOI(-!JKk4GFQ=2yJ~x76dRgfJz=m04B>7FmCG^`biu`!vss1DjXzv z9aCYFJDG!BAr2wAVb?de$>YV@!CtflM=4We2sBeSNxnFoPb7qK;%WFx(Nh|@ltq)n zah1SBDHEjQOP=o$*!nea^EX(mO6eR=;G@GxmWClx%D4@YQiiPB)76`tuP`Yy2P@v{ zhF#0Q!d+yq)RsmmC#+D1>|oqEK=Ob!v+ZgQdkWB|1(Qxl;NVCQ$O%@k=Vs7X6S(AV zPX?D~1-M*CcOgd*l&H zTk%EpRdZehb{s36s4#w3`b4G44tH zg>5J5x$)A>8!e0JGN@}fM@`aBa1S8T0dH}jQ?VEqUwm$QPn;fdv^8jHo!PLkQ1UnA z-&!2-CJgn&M=&Q=S}SLAHayTnY{K-XH!3_*C#WM?l;qoawb*5kcgQqHM`U4LqydPL zdkF&v;k#m2L^4s8;ijCdxhk*Wy$fypvclaqp_%3i0YN5QhAPd6xp7rHVlHf4m)<|J z%`wGA?)TeA$$eOl4sZs6T2Xp`05=W*N=MwV(2;bUd$y(}^wd3bJf|}<7QOipRiR5q z#hq^4et>5>W-mDqian-pIzPxZB4U!m70{3!9@(6TQXc|uh75QBb&LuhU?|H{m{`M- zQcfGllXac{^MGu7b7?ARs!9DcH?At^b77N^&V_|Ug2M%-*_yY$z3;clt-3I=^fewTK;LyFV2|D`F z&H)&HerE!VJ<2oTF#|nJCt0E9oJ@?jm=i-Qha7NrK4Z=it$cF8C*qUA&ZL@HwCOpW z=Fv?8N~AcCJWX+f-7BUJX0|A9Tka}x=WnKUh2z3wQth~y&53)38=|x|VTMvDa9dNB zrB{m&dHYb+Ujj!+QezPY2VumWwID4k`Zo-Mb?g5+RBiTZ0Xt}Wo$t4K`28g#OrTsX zHq{;7FArOF0x~IdU4|qWgG2#~;L9yzfbb*%V}z&-0b`Kx^Z-DJaQ>pdsA|$qfr1N4 zKGS6Q1am_ET2#1M>y@9oA4EW1BGud`+j7L;$Uz%20|4-$ikSDm+}>XCWdxn@^)~Z( zV5jH$0|HL9`-BkAJCIws%SfXRUk;}ngs*)Dj35i#fDvSD6GopPBU~Bqw|2Q8@hceg z+Q|FYA!CBO=Am&7;)=F!qQhPUC1KR9a!DL#F-vOrg!~_*nQ{(tTJ91dn8HZG2-Y}D zJVsEqz1BXj4p6^A=WZM#B7zzZJtFnfSrL(rfs^*Bs=Tuu^&=-BkUrZxvy+ARQ^{iS z!p`703rMAst#I9jPuGws%IPUZB0QTxgh+`RRKB7WMo0;{X`1`&OVG-;(jtUwc?(X^ zE(dqqAbW4)Mt?#aHToPSe)RKNcnd@G2la%=A`^64fatrw6>Xq?=(D1JA0l)7fGunqx2d)gOzy;L}$ zy2hCSu7IOUtDse(%pX`LgHR$;G$La`h_s+Og)&^P=;;5F%0Q63Yd8qfXd3z;yH!IU zWV7n%!#2(ugdk6{hCV3vOhf-4i6ZcyiS+*!NdK;n#R#Ef36CjHx^L3sUPa*S`x{HK z9#UTe4;M{WalRWyO7FEN8LSPP>_#eHq`t`I4*{(I~5 z>t2Y+lX3A4sZ1MG{Nb>>%j*Vr!)`J4tuG|bfbFoi=BmML4|&zFM#{|Bd9%Ery&t^9 zG>5PO!l$m=jFT|2f}6+Po#g^`5IWE9OxhMZ$ifo8?S;CfOM?(aBwjbmeK3;0K)98r zQn`Gs%ww3?i)x>H+RtCV&$j#fOy)!p_DJhFD=gF(+ca6zoA>ed5gj&~U$+kR@Dm7|sRBsHS=QtMTHhvlmRdTU$(NeM zAuv@mqd;1#m`5~CRm>rzChS?owF|hNO({yYJ7frGzwnZn&LlZ%1y3WJT@6nlltb)! zrLn`FQw%%MIpmKX0`Dbmer;*Ohb#_%Vk4U-kVC+}E%OPDwT4+l$5g`%0%U@oLyTAi z2e)PWe(&WfZCthB5FlYZKLPlB5~Jmv!OtQtTKE}cMT6B7SKBQu}oG7kQH+RIqQ3>wUc{WMyPKVdMROJmButU<5Gpa%WIt;0h;nY+~Wbm0@U(fLxLN1Y)@gvRMi_MCbgxIyTz`nNb9RKMEOVOWaDj}^ve z`U2XKybLM09{MmgyujFhjCVC&Ve$p3!_OkuKuYV@kt6kamG3WC-;(yu(RFVs^5DEo z-PWLEkNFkd=v}jUxmMTNL+U(=Zn&u1nyTk1J6_cP_8*s5FEZ1V`n@APjG85N6s#A~ zJw_pQ`VjrX94qd@fxjh2_k^v%g7elUg8x%wETC=kSYd$`CYoSDwas9Eh1GZKcqY2e zn`(n`r3JXo$_>lKNB`oR2{e4o`wrm+3Er|UuulCiTtLr0M35~wBlX{o(kXX9gvVBXmW;JiNI zsYbLcu|XHReVf`OHh zqrEg1Fx-~gFySckvsFqDxE61M5lA%xB{9Y&y0uY(A)p$!PZmZlX)pUBB3 zV57kax1zQDD3-4_xmGww!B(`6FKPY;*k?8vW<~!s5iHyWcqr-|4q|?vn~nlPJ$wux z#uLH_c?O|hGh`kQQ7DWSUijv)!yPAN>kjBQl{R$ptF&+H>JYNgP-$;7ZCIs2l2yvM zuHwTRJGx8W(X6xB)<~OE*v5R09Zk84>M@YAip?1Z92I}WS@#-`9)^ktD!zhaF2p&_ z1`2f7cx@Ajezd`?Hg27pFU*p>#*0NKD?}5ncP(Zvo+GO2RbxxW)m3RD{~MlMwRVw< z*kkdTK=|p62^lv)oV!f}opZIG&{1#mY%!-xq|9k5eYz-fKd+g^bY5*8PSHutoRC@y zXK~o@a8hb)Flo3P{toHk@dS2NJZNCG$3cID2r#;f@}P|&&<{dK;&$y!S?un#y0<)2 zV)qiGqj8*xO-X!gEgcmdMfuAW>qhrk$+V&y9t7=M6Q!D5g^LC!yTeP7^&=b@_hHrb zbYZHD*BUZsI0d!wCU>k7T~{*On$GnRj`KC!hIY=FTx{w5ddNWRVX_+8|5W;H0Nvy% zJO~cl2BeXVgKR|%hKS9$U|GrWdJin5)4I;=M_yA_G%y~HV>b?aRse5vI(GV=K$i~t z-V?@jZEvdeJDDB#4{Mh>_AM0Y6F3i?MPrWWHQB7rKfp&bA5w@88}?P;iaaE~sOwK< z{%wzgi+pwQ@l8yF;6)XaB8Hm3gAy&coIGAWVE$j0P|(Hd)9o8=DrlF4u?@rqeHhbv z|7EBfH=LQ#(PESPdI+a;Re`u{ged|~Y-czHwnTxW+{XbXl&(<(;o}&YHml7x(d#VH z#x1f6Wz_0M^s&n;(bDs0POrDVvm&IA`NaPCr`POV7_5R_iPw}K zk?Qpu6p}v4r)3(Bd19&3qf~-G66%bt@nU)ePKhxPTgA>QeSTSY(>jKtS9vW%m%(eH z7G{>NW-W_YoyQ!-ug(^vsMVR_#jehbIB|7m7}2XUqwW+_{20eC@Qj0m1)kC0VbZ-T zT2DVmw;(ZE;Yp2|`*2}qZEU@nvo5&)h2jfP!&(6I zqmmkJ#}PuO3a1L^lzZAd2bEV6Fd&?Occxz*bh(mTmKXy{3;b&F=CIxR@0=#&m&iK) zEwbv%=4zWQ^ZRPMavWH90yL>VfpvKB4X-&(rDjquCw_z8jBNZBMO|P`WIp>y3~t4Q z6CVod@mGs8`VdbJj~~S-cWOIk5G5;9tdM0;9Ud2=a>9A)JJ=MIz966>j z<=in6IxYlp?0n_qar0HsCe2rl5j9^q=|?VZ!Sc$fBWJrx95veoK+8 zVG`7dgm49$n$(e`cSVG{=ndDat?RJb1!;?^inPuC^>~Q{4pG7(yF-FRE@3);I8?;i zMPO{sB&|CVA!YFq81XBR1V~P#`5K@*j0gGWo3qC>LE{jKvIdZZbwV~JcAb#)v3g$8r|Wr%Bvo|$>_v}C zkOV!SCLd{|3hLMa1!?S9f;4>?0U|p;Y6KPf*uj$z*}#s=YCInYJI-+>Rci$)Fx~TW zLB{~9aj63f2+7eyz2-Sy!uz@BMnH77ND3B#q|nEz!M-)oF0<~;^VI?t^9=n8l)v44 z{1CUk^bGnC{RG0X zx8oMHLo>ipnk~QhMuVA{NO87yJxSL9e#u@M#Pkrco0u`en;3t*BHM|EiNX%;hT=9cJxJ^(rboEV zzZtXH`_7cajZn`_2Q-7gbXajtILQ>uz}VfH0+DJ_fQu+QTwx)~7+2_L5`4w1j@M}l zNThAfg2K}5atV=alTU!+>~R4TYcmeXE0tm+dw@;s>$9XMVspaBFtK$u-A>uLuQW6HATbO=~rgRRF2LW=3waS~%z4>?IQ ztQnR(Rc7G=bYp!R;Z2$%L32g~9t?0&#mjR?{eL$p48IVWM7SKk^IcR4PaiB<9iqq~2 zK(t_Q5%EmB-(N;)-}D0wWl7U=OJ{*cDxe^;yQbX3XJ3k zI1r|ng-G|l&i6U=K)DP*ej8$?>SDo@PzrOgm8fF`Q;A}iy1S&AGr&k%aXX}_(;7bL z1B?W2!~&MI5_cGJ=GZpx0OD*i1t3jD3R#V{iF$H571^#KcC9nOg)7Y|Pyzv zj)zE#ucwbS`Z|O-_k2%I;VTzqTZijw6@&X)UDYoz{pom*c0!Op1%aM0tU`)?DZRJRsBQN_hR^n{+KwJCbxH46lUY9+-G` zBK_N4zjP~Zl!sam!;+T#@R#^Tbxb8sf(|LlD48~oU=o>vha)l^MX&>awB-f>F*Z$K zeT+fVQ_rFl6hBd{oGB2Irsn&cvL_}Chait%{5e4E+Apd1hw!U#vh8Uen;r$}K=N#d z{D$V&KKHggtOkj;R}t6MB~s-2&pS0&+ z;-piV4un+kecl$!;7KeXXf$JKV;5vmb>xCNppM#0ON6B5R0WCJM+<<+#Z*wIt)&cP zhB$)}PP|O@yl|&NoMiSW(P0OJ7DX;E1B{qOW&jYgUJL-zR*eBv^xC0CNm)VS?Lfu~ z$WsOv+ zU}PLZ`0?8WYmOzHa}^siIbkVTYY2YkQWzXg9^a&BT8@;ebvVilI)VemMqN(EEnUw@ zhN5FJH9SRxWlmA%(ov#;1edCwI8<~1-K34FA)HgdxM)rVM@+dH^k$DFRcBHNmzKu? za*}4Aayt)Pr2AIa+Bueuu9?XSzekD>;?lJ;?PynrC^(&GJX05vuG_eGC1qvnp(4{) z>pClaLFw4yP^2?wX=R!}N88pp)`YIPsli@44rkj>D_l10k>K<#bq5(~sf%Sa+P~P- z$9lv%gg9l`lP6id9SjdY2v<`bK$LFksAG-W4j@u>jOe5EMURnWH4b5-ti=u@bylRE zTXk%7Fj29H0tRmE$XJpdAo3KU2Z%XG=&55)5_;;iwWr64K24ZHM4l&%wj4CD^v*Yb zXFPbF)}Te*0G;4O4fgOtT-@o=gp#5o=`!eMO_CHCFOxnv2`-ZUa!jQs8_5+9z8a%0=rMy0nk}*>{0I+CdRs* zU?iBhW2^`>bqo<_tBz5k3|2izgw;9$N-$luSP}N?7$;@_X~K%yd5*!Ntm`odo1>xo ztq};rm}#bRtQn@O0Ge;ka=`S7D{x}YZMFSAiyq)i&7llbq;!oS(B@MM3Shc!;9#lq zka{U9ZH^)i977%jB+O?96zOFj^AmS6J3)!aYBRx@M-8yf5k9}vK2B34jFaS<&rssd zVaGk3syYNKkteWIZi0_rClK@K9NsR%N>eusM|wcwZE6lP+(xIO#hkY)y)EWbss`*} zq!MH{R`L|l!zN7r3E&J^Q3tG=AxPKzvUQ0DTn7_-uBvHV%Au+TPOvz`=%uX$va6!b zQZ?s!;t!~fz;Wa@~TB@$b7eNAIYB;wejz$*?uEb<8;(lj>UY5qNRl(iZDv|vvx*Wl$2G>^I{k03Y&)FiL3+Gs}{)rh8}Hly#2~W}ttE z^wCMJxP_uk0$}@+B!sXy2}55>kPriB48;ZOvV>k+XUqKKI<8p)ra{jXs}5}jtc0%S zJVlEfSNn9Is@O+ z;h-DJ<$b>V!dAlgzGN7em^}qF<-dF%VK;K4ApLorAR}Y8t}2#bEWVwjAkwJ)ADGbf z4%JTx5z1g7Jsc;m)@Yu!gIc@<`P1Sh$etE2LGHA82{Na}`;T}TCcI99 znKo?R97@j=izWfo0L~$YCfG!AWUZzhLBbM1-T3#idMM}W!s~p!&6h2WMIu|sjD1+P zWVWVBNsq%5^#9~}Kg1*?pUN+DcGv`N4vEu)Cd!*0G*JiYK@%0B9yC!K>OqrKV%^+l zp2sVCX=DINruHsl7^m!fJ=xCQ<@F}anKdwP8F^ZBh=KHG9NO$|n~M=Ydu&rwY=eze zyaprcq#hxFZUIVA$%K>Ku?k4Ak7Xb!-O*co&vp<=-P@sbeLMq4G5ws~<#nBvt>`AC zY~SWt9mLE8BGOwl!SOyj6k1LPASPp4gS>OWn;406CQsUP$z9WFjd{J5;!U&kkCOHk;je62qb(+>iV+$ zNI>yi) zB7~cAL;6r7tfQu-xZg!#7_xd*l#sACENI9KSe0#t1F~`>R_!n`lQJ^lvx5z{*NnUd zMcE4b$OU!*Ey|YFdD`8N)jW8_-aJTQvD~iS!-Sl5G=N9hdi*cbc`(TD!ev`Tl0Q_n zXIdr?+$#i7<~WR>XIujATDo|n7>xbokr@)C9 ze&yE-lI)dv=4Z%NSQl$yPuV%qLfg3BR$2SkACfnfQ=GVcr4c7^YdOUU-Ca%*;x?F5 zoZvksgZTN!c?M~KlQ2j+oR~ox;6x4503l(J1~|ckgmBXt=Fu1>Zh#CZfx|OK2_2j< zecaHDQDO#WFtTwTX0S0pi5?goO8CGGP$C9qKp#CY1C-!_*|JLzd?UPHeo!<|*8`A*i*3Hk z%P>FQpar4F7X#wk8nN8S`V`;(*cE1%?USea5F>7yYcT?+_z)v>dJn1NruGmccv^$} zqHOEOB=c?v5_~u^B#*H&h6oYEp!7jZ7k1M+JUSDschsT!Or;Gyi&bf3RG~^AstHxv zm_NE-({*1WxE8GrPz}+-cb8h2=;_H@D4Nr?F=A=Z14Vj1L>tF!1+O`JrT`NY zj%;8mcrnv6btyB>#K_dRqoNi`Jzr64o*pVv6O0=NnDB6a!{DjDqTqX;cFgv^T7_M9 zGT=ol`uhG4UjL0SGftmi|DmCmA|v|^Xo>n1sXbc+_D8ExL7%2Q1xTdQ?5Pt5TYyBW zNI{*X86`%by2bGhHbQopaZNJ`X26oN;6f9*zh15R0Wj5qw!(p2DC01TuhKTIP5UP1I+bY z#>6vQkvbusp}E1XPCaK)LEw5Qm<99o7{H?9T#c-8=T2Pgw-Gcd@LP`-9`$X&i46HR zp}qTmw0&E595=4+`8mgDt)uM38PDuTS(Y8m=yud{JZryrwYp1Ejk~KlRo#}AUw=M; z_gi(5Re4CP1_%%YL68JN7D9V7nCk_7`DYeB1)1Kdw%wZfWfsx0bG+k%&1m@9+1+u8 z(0941-AP9IA@c+)v3j4O&T3KF@87-eU1Czutda1ZdyUL(hO z6(n!R85L!2@5HmDD$7B>+OpWxnRkn9KAXIIfrhl_(01mlxE47N^iuNoqdya(R`^PF zM2UoxJilNQPf&OM!%kXXOj<5C-5sAGI3X7f7bGf#4P5VFhtT27Qv{+Dtjo1W9hC+CX-X7>baa=RyBP}V&Go1*S1E*3Zl6;yDB$JXxOcdWf>Hq!b5&;|zzm#zJth@uoxigQkq!IC9v{c3KxkBu# zrmtJ^eS+*S{^@WBFKJIQqmIG^DfdJTq>LeGh%F<`pvQEg7c?1U>RnQC@hUgfBto6- zxl%lG0vC#h@WN7onSuW#kKz^u(g;o`KNs|mvMA1gFQ6~9N~IJlp^BVip#YX;7c141 zTJ?x|kqDUV@1)LQ$5q&m=GN&!@g9$cYYkWTz4N9P;z^ zd=7c*@(6XQ6IJFU=iuBVJ6{rJBh#@b*kx|6o-ao3oe7^lFV`LNyjLD=S&+W!N=VppnOtQ{@4PCj|Oj#~)Atjyq=6G(=OGH)L z!-f_j*K6F1pogu?WGK|OKI)!Hf(g2xEy&=Sfj2)0Jwa~{i%AM7?)UuE9!G%_20L5MyI%{N zy}_%o`Gbw9O8cB>C-u0;U_!%-dYh^*v{g+yLFO{jPhES+$>|ry$y8-+HKdt$HvO6> zv^RIF&r5C=ysT0L%?hSYrYamvOgm*T`3xpBykszO^<@TTNGHf#Oj4btv*FUM0d~ni5Lp5G6#J`8d?mgr7oPFrNs? zi>DMtKE3~Em{_zh1#^p{oznl4W*8+vVgJ`ftHuSBm5zNTp49U`hbfIO8uctdVV@h? zDPot?mW+1DTt3#Bcxr#oG0ue`C8L}v%lmuU2J;qvvxF1wma06Wn&{oo@*tBN7ks&WVtTT zB`lVAd^iKwt=4JqU;S+5xh%JfVED91BH{pDJp-2S4fMaoESj|-}@E*G>D zhI7DRLc{Y`_-t#U`XXbqNGHf#L`s=4xxGv@WqnMP6MEPqFK%!_?^4x8eX9wJr7a?q z=`*=qE6K`wR}xR?;E=n|Nw}PuiV0g5pyf%8SgP z7F#kCl^GV3PB1K=zP!-|hQ*Z^8J3|e7r2x%f0}@_rIQ4cPV3+46NC^Ve|liL(*B(? zHE_j6{cERxOkq$&D^7m1g5vBy6kVAMQPdNxEW%=v0t$SI5~0Z49O6lmPaw|sD?;p2 z*P^H=_xp4QqeaR0F^Y6TzfbWrs`|2iuS-@7g{d0CQ*ez_dfaC)q2VQ?oU1SEYePCg z=3>%<(G7u%$2QYW?B^NAwGg9VR5M|5KTjIbTy&VNSwpe>^Vgn&s%+&cXeW57fI*S|B$s?I zB?yb`)*_uCb1`ZDY(xT=&PIZEVn0uxjieZ5{Vb=HTn8=cEO#t|KEI!v{;;jG(+M$#XzOZU}M3}EKNm%67ByHg!v#F=GdJ1*sbkF_7 zl4H^>v2RH`MQ6oZI9vEqozbyXftB$gU6H=@Iay(?Q@jCx$EHwIe9o3HvpJrdLYsL# zbJenGn7XI5IWr^FuDh_>i|pMQH4q-z(rM2a>B@PcV7rHy9EZ5XDSI3nX zYAWwWx-?=C-8|-Jcq{7c3*jzd*`T+N_3~YgO+CH-(!MIY6)v?W&M7j(JM2IdWswh2 z#D#;yAurUM;xUQ5#GiGjzx)3s<^sr!Vb~&=uK|AT2Zki?~pAg2M#j5>G{y7J4c{Ize62Je8OZz!-kLrn&VC>&!6N4qEeRHHb5s{-fgAE`Ig9N6b|ql)lm8sH zyPy9yQ3&Sp_T3y@{+6ZFuKQ4taplz9br;Qdnjz_R@RRedYjZxxUAg2It8y8#zl;DO z?yA+Hqi;ohsCN73yt?y0DpCEgzf6^T-B?poP|AF7=Hv{Y-K!gP#Xjdd@JViMvtQOt z-8|**{g3m!X{t8MQ!0&lZT?U_E)ScW;B87a$*JVHBE^z;<(N{UjUNx2P3HHjQWD{- zKJ#e|%;>vr^NA+D(zx9Gt9pHDyY&pJgNV2I1R~~}ET5L>h>K=j{g^?ji~d~IFblWK zx}ReNT=bc13DpR1OkVUN^<$Q{-ENkv>bc$EwS-yt(Ko7RU^JuQ|Eq51Fm?1D#?1^( z1EcJvP{I=Cn>l83GS`PKzR@~^lJY+&n{vsw%MM?yn?WSOh`x0`2eYo-w-@vkH!LXT z;+J`dmeSbb6)TfD{O~<$$TY0Sy4tMI=mw|~pom@zROykL8qIk)+w*}K~)gI{u0ZVAs4DaOOV}peiL%GqjnSW z))XG)r0zq_Okdi2ioUe-6n$ymDf-f`Q}o3>mwj~W^q!!e)`J$0;$F0P6!)aXqqsLM z9>qOs@tD}F+%JDG^lMjj-y<+Eje4482nnW*Z;MByz)Wb3^ar#v^0kA0P;hyDVJ!&)>)cY;Q&c5=JPrp-M< zt^?x9wdcmt91-$~bFHT*0uD>$IG4@x&)3h*cG>mM%T0bPY*RfgSFdzDQt}mYL!BAC zF@!W;azB19sa2>``<^mB6sIe1{AIgblln5py=Vdx2hGSBo`#KTMG>)d!=#0&^w}!~ z(*#Qj!Q~_;Mi%hN^cMkrQIB4UftanutEzj-i53fKEsd4gzGP572ql9r9ewPgJGrG` zwS*PupzoJYmEv`W)54tT%~6SBB69w+MbRELo02NdSHO1pt(vr!A_jcFhMi$stj;T)&QTyv0)HC>TfUFuv- zQVK?3ZkaX`B6>oRW?h}wvVvMq9BPKLTr zJNjLkqIMRE%WoiL-2viOO0u$cO5y@Tkd#HXz_eM{cT7tQ-v6?ROIs>0@8ntoveoi? zl!?mvlSvEO$aF=03CjGQWTN60=3e09{^u%-T3GCV^3E4nN|4+E2sIBtIS9v_mDXGEUGs<0w*fu>$YWsrQ}IftJ0#L5%)TC9i^Zu zYo(wq@OpxSk18ykzyxh!EAywXrmEI_@ObuIt#WQBxP;l;Uzhx{U45%^ZX(3U zC(4lL#$5rf4jBWXsa|Nmch)xFs}38QJW`Gu!Y|RY0Jt-l8Gk|Dzb$ja?RJ9+zG$se20^Zo-56eb7w9tk)`o0)}Oq8%{;SCvdO*4 z5@+-&>#!@%xGZ-ux`w~Z(>WNjn|R0ga0Pyu@6Jb!?%bw^MprLNo0BZew(sXxw)GXT_;5^3&kxtby4-6 zZ>pS!O*ENuKz)u!mR2keLCPu1^i+8EqMDq4{NhngkUBpQrRv5;EbA!6p(~S^t1KNq zAkGR9TJq)|a5$vJ^7hwt&Z`Ql(%Wf1d{ONshk{X*9Z^?8mjuRL+EO)(m~%l}1!0*X z3)(3n7nyQN$XaPx(3Xl!dk+qX7I^iWM_wIdbP-;2YBz}4-ZY!nlaF{h$0Yt_$JPQ~ zvQUuuYFr_StCD&&z8FLG%T7JN(jH<{oWsR1y$||=QlxSOtk?oWvVTpCx zq!VN=Ce2!DY3nG+DzIp+ZYt?#>{pBro6zulC&ZnVzo)dCUObp()kV#v2Mux+O*Ca= znJBFeDyi5aFK%!_?~>$2V^|XwOIt!{KI@gKV?&skwn2t$h>K;;3@PhcODfEb<4|Qx zQ)K*1X<2V($N1#M4bC@yuDZnd4Pmjgg@oBt7epkl@%KA!lYLiZ^xk$Gn1GJb%B2HRXWJS(Y5tom<2!|<+ z&-bcIfD&VIXs3u>PMhsvh0KLcRuNC_@5!!K3zF?^6=ivUPw=^_@}mB(GtawtbTd)e z*k;lRJ?+z%H@aX{bLB;SY$(eGE~U&L&5*WqEHmk}{+&LKg%J6pnCVLUcghInii`S} zukB=RH^i}I+4xmo1}v(wNVU#)01r9$o!M70d5LPpX=Y|S1yPY|1!?)v3Fylko$ne& z4)ObJV(*EJ4|Tu7H{tTXPj~R1 z_Qdt4{EH?5ll-jX7oA#?sfw4nW2?_eN%<2Gq2|19i!YQRx%Pyf1>P_Fk?Hq>=(Krd z`?w(%<0e;4h`ji0vQJf0b@i%*l<$I2=6adHm;BOe87)6lLofW))yRGnO0wy4?kFax zM?T$@pnjXvy)3!#9ED_s?G<%0aei|x;;hy_ZQ6&Ee1Q#FVQnMdy%HU2Y8&~;l}|SE zMJqwJl}}pTA`Lyq0=6Q!$vrWicGoSRw#!@>*6+Li1(nhb-SaBE70kc^Pu*d z6Zv~kCr4<-<&P;G7W?IXSXn6%76^ims#!mLE0+jwPBdgH{aES88Ix!!Khr?3+Shmj z;Ljs(CPv_%xE%decM3N4UG%gm1`i)>F4mUb1B%eSnKJYA7gv9h{qKZg{syRtr0 zVoWex(uOj+G9eW8c#}Q)keAT=@ptq^xtxh!msS2(14cAnmko%=&NTstg9?+BRIiCg z4#0Hn#9(y)rP+)d&I9zLCxfFr$eB;lsdzbV1{O2uRSmHb(jZp5`j)q_^hrjlE=D%m z8>WemyqGP9e6`)}U*8{wZ-m=L>1qo;1uPxr2t8J`iXJ;Ba^aDKkjsu6D5~gatqOwC zgUBvkR0k6cM|)%^kT%Bzk*(s#&no=FqeoiRbswq~KEXZ45V~%>;E(jE_48s^t?)|P zzW!d}VXLPjR{=#UClgJh)^<{k(TXL$v?)Kd6aIn zJw~WU4}c`?=-P2}Q-2I_MEBXnN7pg#B%-SxH`QwY6L;boAH*6NI11_RTXP}ymcmMd z4U5s!&8azfunU;Vh@JR!CgNLbUA^14U71#{s{M0oT{bS`!f(D!ZO)?VzSk@MdR%#n z9uJ!hg)@&luHqPo{DDB_8IBd}2GOtm>zk8L?TFCr7)E0rSscTsTpYT#eX-rO-Tuu9 zjf3HHr-UpHlW|X;jNmjXz&?VHXx`+89e*Qkj4b`_$XC!tFq6x}$t^n?0g%_Fmec|csUYq^$N0AxHX+jZXi%w=U7w^tR!&2~TjC zpa{XBe2T-e9(f>dPL4h|l2C!7zbNx47J1dt%Wx$YrJ0O)mH9|BrYn+?^QJW7_*Oa5 z1R4l$M!ig(U~sp5;q`StiHq=6^k@#&Oh=C|6QbBm%DcqoLZ61UUkA!uuuC~HAs=PR zk&Aznn7~oiU-jo%kAJmmgl3~U`AVVs?t8VKv5HB1$RX877=I<$U(|*P>$tFQNzQ4T z;$xa&?(@p5_AhK4v$CGHwI5PNjPsm>l=;uBiwO~mVO0c-=heifnpF{U6E`!@Nuiq| z^@^y_tkO;k5e*5;oM)BwuG&>d4qNkpm}df<8r&LEfaE=^3e@S|oGReWAAL>z=rwuS zS`jxMY`VkqtJ+!4(`TO>EP<LGjwj;!%96;qWLs(g;`(V3M63 zeJwibMQk~yon-i&%8oHCF6Cz!Hj}9b7&foM(+lNBS(xB&>5+)Vp|k_UHgm%8mkf%>uB0!OpF6*BJz#a9n#pVMI%QDhc+w_NRb+Il=XsQsfDy#RAUb!CeR83UV zOg!TCnJDqm-0}ofv9vWkdQ+yQrY^LIe%zBo(WV|CaB0sFZGL0v6F=Rn%+*8kMD}Nh zympM?HzMJD1XtQsjrhP(7N_ZwT_3h2SXR);*O}rmpERVW?DWf&Sen^%`Q#%p6ZK`d z%qfv>X3k9R>&%Fz+07v1*bj3Zv3>gkU-L@E+=lOC<;wPUN;mK=KfD~piBo57^SG&3 zS*LEgUuiOtZju(&Bfis?YG{Q;<@bRm+|cplF<9<95h2LR(aRrvb(dcJ;;+3>63 z*KkLRHzs{)G&6PQXg=*Jj&oTF54ADwd0d;B-JN)&Sm2$yxi zWIL19d5q^Zx)}4hT%~(M_st2_HQjOgTuUvE7G7pC$6B3cXHkZ*uCjSH#jV&)rWh&< zm{&~2wQxz05|$H4^5^g45N7E-eEn?bh?S^woW%h&1!m)5&r66MK4qX}PP2GcE1&IJeS{=jglXW>(*{l~SA| zJB!EVVY6q;&-Xt`ww&*>t_luJk}Ut(w@umhH_7sH`A`)E|C9V?7Vo-nF_4sx4?K=P zt{Yupq?zva_!wQmiaW`X?ftFrcSk;0mM7|c(Ggx!PGUD_mrrw(aWR=^v6qbVEOe4_ zW^?+;uRNgV_mqk+?Gfj3k~T-<=;!46hl>Tdx3b8&M$lTt~_zreBt z+ZheZFr3}41nXJNO0b;Ossu~=|ExVfhfU40gl9LZIbjKRwl8n1&1cHKF%asX{Y+9_ zF8>_PBcpnPjG#as%Eu}Rlt~48JxJsZ-V!ZaGLD4J)V>Nwa07DUZB31X7Z{(XLQY9|GAjiMij#tjKpR&o0TZ0 zvzUouHjAAoW-}OyVl~-Pf(MVMdXor45yC|}cGVn7q29-*zBo@Zz*1EvII5^u$uN$y zl=+17%2~QckBcZ>;(To$lPaFo)3=8QWZz>sH@gkV=iBCMyLgFc)N{mHDiE&&%_k?V z&t_NX)CF6_KBtCzA}ouSZxLSQ^McK6QQ-?}(GZzTjA%E!I&YQ_o9YyAc$VaWkQKQ6@JvC~)vHlYS0Z? z)w@k~`~u%-72MzwS$DQs_I-mcpQr7U)(pNP#TY)L?}LBdKMsFvXjH3j9{#i92H$oS zu3=7ZGD*Cx|E%z#?&-{KpLeqg2Y$1=2=K(`KbGs|emSF`0M|LWz0Th3yTik%hml5E z;o_x!+|Ol!Gll&uUpsx3pvUp_Ri9=xVP&9s%&;c-sz&@3zEm>X0>R^28j{hS7~wZ{ zSt^z2aV`(eq-34HkM0ZOc_|4e#%k2UW34uq)2t}M4vWpxrfK*58P)u0DZ+7@OGq&+ z-Z(@U7P^NBr&0q9Sba5}Fmo3>oYC9w@hU|#Lr433&yT#=5S{IY^#Ey)emkIyt%%r^ z?UjdRp4s{xEl-;vhvlAYOgI9U4i6bX)pPNb`N-!5qnfhQjIhJA%;ycBJIxt$!XOmezfp}LaoNTh;U7MDKXX~QYXt#~H!xfKo> zpH2B7iF~wi+TYabtjLqKX%<2`AJS}nJA^HgH$QE9>YqS+nxW$UiAytG4{ zQ%LEGW@UNU{{;=F0AJP3-%(QsVzl?CO=yYUFCLar5vPsLnPxDOOtYFif%)9$Ld~T-vMaBBDuDY3}EnAJI+I~$6t-n|JM(WIR-nM=H*KihwI;XhP27Xkx z(*}K%W#NF2@|tn5el23%|v^18BQ=Xm(c_Za~Tzzmcypprd&4DjY(WLpUavgx5?&Y z@tMh{*vLrbtLwYCJi zGLwrlE3~@=vtr}>`qZ{ho9gSXYxnKL;qmKQe|Sy6au)={X&@8q`Uv9^>mI?f+{TYE zFSGO`Ov~*32-6a)A7)u(`$t$7jetj71wT3hFeG*t>mS)C9OIZ*jd-->FJk}HQuqBu z%#VJDa!+;tWLyfqVl=J`&99`Rf<=g-}kx2WUvzmJT< zM5wQp9p0nZeC*mWZ`;NghX-* z&BoH&46>U#&%Gym1a>9z@dfBw&XXJ!L;IpV!ZL^-t>7t)S zMMZOcqH)YCch*nv%A5ZaOfpvj2`M;?);g_KFb4U^3I-9Gx_Jvu4U}A=Gn3;vS!@!Dl+HZvWl{1VXKN#L(H6yabXrQ zfrpd-{eRBsucF;^z@undh;zxE5CSfFQ$awUISDBGeCMqwqn?|QnQmJ#jP6G)hS?5# zG~--XJ(_XW*ci<<+dYrwoa>l#8E3iVT;^HMxP*D88_umF%KxwBxBTi$G# zWRp27+I;e7Mw>c1JL&?NGo+?V?QC>`!mW*_A6r50jG0|QmS4-}o;`zR*N{7tmR688 zqn1{ZHM35sBy)x>ttxA#wJRyMN;Bj3%kS0K{X6ejns%n~4#&Ex@Us5u`C_}nVI?oS{a6${f7%qWe4`i-R}FJ+NrT z$?~DbA+3$`>+JFA6WoZrT7Ij-mPuqpRR`8yqSXRv>F}}njtwmO=H0JvP8Rf!6v{z- z>1y2}gs_cbzug4CKQ~A_Snet{**#Ms+@7uXcp%aG@r(RLpmV0ctLTgucFlk8+TCFT zgTNDu2;K%Dse7uSt9BcFhJfzrDvc5NAf-9C1o#Qoj>7wjw(ninc5hDjA5npgy_W@1 z;77H>3-}|7D4L<7xLef^^5O#8;Lwn`R2(HeTQ*1eIR%gN6+JlA0#V{Pr%l^_JM8eq z1kuG~l#?JiUROiM$7Cb6vX=Wj`qwr_8;etcef0zP+)@SB)u!I2(ba}6ZlHj$>^CPX zT<>Pb;>jlz2@z2M&jD8W&cfLq9~z=&#@j_=f55jHMwpngA(lObFVYJ9i zQhGefS`~cXuE%qw!YT6(1o?5iefJ%Gvp%VWz4U5fk^l6ty|gi7vfbky`_x!DbQ^JL zG+yB3seO3eSN+M)e#Hhu)1uRN1~ot>rxMeDnktQXo2-du!MF^6OJV~1)e`(YNkhwn zcs>6eU}#F*FMFJbxg?zS;ex)B$NO62!+U`jLCg}~EP<1*EP-XqNZ{Bk5;$oSaV$xi zuqHyC3*YItnNW*8ZYSe^FsB%r646p{EG2x@!=_z*lkacvGv=;F$#r8{F@T8+D(P5O zze+jrBwDYq+hv2q^#twdBfiLUkJ&50_kBWjtG>UBu9M8rK@m>FL&yN^eb#H7qpz#8 z#Uez&vJ$OftAqA}u3EP%%B*}(UcqNrE%&GBXpvCo_6Jb+%cm$tOved1q=m!tNq z;;_eA&=c#3nN(=PmwNw<=KrgDeQ7)7N_g~5f9R^)dWUh=R8-NjZo;Phaj3t`9tx4P zAdT6tm+Eo73(otmenAL&hWKzo_v07&~Dm$7_PuP1e*lvIAoyZPUKsEe!I@$12&jf4-*5irK{KLE(M$PBs{$yb4N~W6zGVehjt* zgxEp8phbJ0-D7hcPm6v_lXE3L_wv|w>M10*UHkXE?%4*uV;`B|2?m1?Dvmmf{crbI zmuC^i|6BwN{<-)-t5O7+g6VXBNwa8#&BE^3fFtx7!XoRWeZ&Lp*~u=d-4Y3xZD=lg zY(wc4q_!b*^{c^ZH(}+##HTMH$cZ5H^3Tva%hhwjst7B_9eu$A1H1b1z}rsoCstMJ zC+2eObALkI5g{);422Z|{Nww2zg_P5`9dNeE`$$~1cktZ))vTq!5%)1MTMf|>3YqA z%9?05xZFJ15kxJ8!eLd8u7K~4U=Gb*hEn55m@8aes>lWDYY<6J@@Rn(mE1w^&A;%m z)JQ8>3SB_D<)ArSYPhDW<&Vn>lV?Cn6F1!n(umdWaB_NgMbTadc1F(-(uiBY6g}LB z>f!Jt9~kgZ7vK*k8`3P^{`Y_V+bjIPH`~@_*Ct2D6!ga9$p)M=*7Xd z_>N{v%W4SiR!AH+u|+1^%hlSgO7`aTS;-(%ThB%Pd}Ki>ZZEWvsw? zfFmIyB-lZE)~}dJj96jWy{if|^(GuUPgo?NBcmfu;gDuvNur?W5eq8hhw^x<=z9=} zjkQ;zu$J&G#>1#^m;l3fNqkfe08`~XoM zuV~{I)vUr{syy4^2j)3liG@4=!LiF2>Y{-Zl$swyUbp)J(%Y)r*1XY+PyV+IEhg64PUB66d`}RegZ^oJ= za4Zj^&#@AB%NL6BbS=)2hw(?a+$9A>6@)xOFHdO`GB9?KL%RB7bpsE*BcPVhfW{xI zU)Jr84-7#KQJvJn%h5d=oCi<`^#QqE%zt zf;jXsU5ZkJ(mfyc>*U3gAgEWCM2?i##O1G@#kWNMf2xV}RA z46+yMhMJ8)ZDQ503wAH@CRzm!2`!KlqTGI}%?Ub4?_}_ZoqJpOpvVhchOg+@=9vk_ zMo0u7T}$WY#t_)aFz%+IEH=L;?C#Y3r#5_%A_!hqvQHz}>sGOdBKNmYmq_(=MPA@Y zl{ouU3Ldxad)V%8$SeC$uh}yM17sQ9EUq0j+-!mkK~NxGJq+^v^wa6ZwJ$XxF0Ow+ z#j%##OhR1WoL}EZ5N52XB*cK$Dv}&0sKPE5A0$tk_TePnsF)dJyGH58Ul-MOxx$&X z6NY7Dv`Tb1U0+gCqbt5DLB*rv(JnxHxFH7e8b-PX`W{l%#Wsm{HCSJy%+)UTx#7H! zA%SSJ_wfh>C1mJLy(072ZHR}C_Y*!dE{1dE4rO?}4NieKaLkC{{0k=lCQnOO;}+uB z-MN$hnkd;(mIht0>g%V5#<4Tax?E*h5qtE;e6%E`7g#!smLYXsjhD0yC|Uw% zh{viU^&KnY#)_jgiPO7bo#Kf^en$LQbtrdnv}q_LUJx9?4SA-=N{uLT`|U}5VQ9FO z-ibm~TjF@*m`sR!Z|N&r!}a0FSVZ+J`hf6Jqd{0|6kAn}qwe<7&Tdd_=C<)3yS z+6+2B*g3lyn_glA_mC=M#}HFx-X;`k*Y)d&GDwgdY7xtv(wkiuk|vMxLHgv;GXI?@ z!>;dS!1IU#=`k+wm`DaIShB-RI!k79V=vI{{#iXQn~gIc+E|hFvw1Z>IU&jVu-&E{ z-s5KZbh174ND?^8$0~a+M^~aox_BeLm9#?c1*e8ZJIX2d8K<$`<`r9p0gCz&H$2XN zxkyx8ADbnsQ))Zm=Y(pPuQA_fyv%aK8J&jt-=XoMGHq`W-43 z_~3Zqk8Ot&%FhiRs6?{UQQmIxk#(%wGhAdy@s7<&bifXhpJ*Xjx%awEN60dVrv4E< z+Eh%qz$fI2(pkvP_BT$6i~hO|R@F|4P5rR?3T@#$ff#*7z75V1H+2(aVjyRDziH!V z*$M}V&@@Xc3gPWE6!>>K;Fhq4DlnQ~*DLQq2U);4X z~ISCH!#Ib-&pb^A@Sp2nVF#{IC zOdEzAFid&aXR8ulo-2Nt86vx}k(Tw$#dIHA_F!PTKQ)M}>kw-;<`d!u$e3Q(z)z1o zOpgL&S4iA>b8^v(6Ye%dAi)k7W$6SYKvD)s3~u!2vy)3O$%&?2*o1XWR@Gr)?sdc| zr25>vbes{zD93`SX7FZJ@t~3bmC(WzC}0v`6vWDUQ6MMPg@H|>Eew9-B3G)bMlod zpz)fJJ-%J;f8%*b&{+eR6l|H4)pM*nQQlS~|E-iKtsFf1JqG_4cctt_CjX}Y5ehp6 zdIthqPnnUcL2!+aHtey(OeIO`{${7k|( zg2NWP(z(L>eroJnNVuiz<+VQHvM?Vv?Gks&PaiN)BH$IyU?Si(>p<77m>?8H(a4bC zjB>6cU|xTRaOU?`wp6xH*1`W!K5&GJyFZ5c)IO-2Tp<~d=Lo9N{qzv2JH(X&;J6GI z$n3>1j4%R1_N~k63fD2ID8%K{N+PIUe9qLr(Y(a}0bdo_+|+ zr>gyb2kctI;&-&m2*HaL?Or2rTJ%K01Dy|NlF&S3QXG>V395mfA#6g$K&8|JR7w?i z_L*-0BpUv?P8r++#~e{2z#r(uC!)wdD1kcyPfKukh!Kbjy&iF+vQ8>4#ct3B?X^zqRSB!(`I@9&aqp=&G%ahWSR9(#jU zQ(7qVVHtO~hgICG9a9s9l zx44@TQb7GtAV<6{ZAmtJcOnx|B*R6({;b4h0rV$BhJUCLobjsz5Pl$p`wpEsU=_ZR zw`P1kh@$}%^7(Z3Ap(rfW?V&lE@Kq_=NYj8)4UW%M20bwT=sZ$%Wr|4tLOr65*hdl zW*1c;fU#kt2o}Bz69~`l6;NKu^+on)JuV(K+8bR2n{y?E3y8}kSL51z54S+lBxNK@E zFOZ(!VxaGx1n}T?3pG5gX1p5fHIn0Kceu1Ux~J zYzGdi>c9aB+5AmMj^hi3$x`fc_U^IPC(HeKSr{YD4*i3&b99il6PGKeCBQhce`dv^(e^xqoy z%2kT0RlCOcD|aijql>E;NEiYU0T7k8s0seLT(u9i)m+~4vdLROUfs(c3|W6wwIas@ zK^u$it4$bSv8t!DE-edwUmZ5T|Ng~_5OJsgh~IyY0fUkc%f4QLiN%#cm_H(*`)3@j zJhzlws)aDdB9A9h7|#YgIa`tYpw1Pcc}8fFjqpesY%<)nSF(vFbfktzGPI&n;T~{AmC5oC*$| zubu6J2v2Hm@QOE%7x+d`L|~hTYrwjYhMhXIu?D+FV}oOcWAKhM)!-NnvTz?ox}6qE ztb-Ocwy=Er(nAD#Lpg~5`FL#PzMe3JAE@Zqqbd^_$=+&Sefc>o; zHO5&_696wMn62660WU9m{G9?<*p^ovziZ(Y!}}>~XC+L`y=5?i{5_Qddiy2`4i+s8 zfA*EoKif{5%Q$XaLhLDoLC*Li$PZsZ9|N;;y#3f=XI3WP&){p#T9r z?7VYV;||u^0^ql}N6tcp2(>`;G4I|cNZ!3okwoG2%FsYd#ff()o5)lM z;Yb})=Hp0=JCcvMiV%~T#;87ka)_MK>tKlFXRkeUYpYr>+C#UZqzLR*JQcYGLP=eG zta7&mtez;t8rP;(5;5F8#*-LFRQ_;Zf@)wh2gF zMY<>`2`%Ecj1nmp4CT#)4}3V_y~?_wV*Mp1SjB>$J=cYiXtBesL`s{JRp6afJbz!A z>Rq^6IFmH8DCca;QrJde`}xZ+Z+}KKL&DUu6<5=Qe<=nVf6|Lh8h!;Rp7^6}5aW?WNp8JrkgKYiTK7H#htO-Hq(l`-X@j)iB$f*C3AWNl z2sGTG+Ae?4TL0az;@E%~k$_xS)=0m(Tm0X4H?@fG)O(UumfBSq+6}S}eyFbrNJLME zLsFTRQTSj-$~~-tnndFhRs4h%&%WN_{b0-i1Q)ptZ%#x`XjlY(lX4#^6`J$if)X%E z1m$G9R{~2FQC@aL20>2NK3G6HV!s7~8qMkXy;*22FmtEHvb_ARf@ph8GgKX=oL<9L zi6$brT?DU`94SSmsgVPW>i#{gLhxvidJ?e1mHn8`RMj<%6;DYivH{-6Up&^1?zn`i zh;3kwdeISh?9NWw3=E<-nY(N=Cew6GQDPoxW`rq~FgJ_jFrX(i@hb8y* z>f0+kdfN>)-=4kP+CY1StkmTbvUyvzfpd%Cu7O}4h>FLi_OCF&GZH*w8taGOm}nB*Sii& zGP>7EE9lVB{X+U3d|LRDDw73%Iac6pssMGccpN`k!>Zd*_E4i<5%*-IHhta71lfi=`cw>=c$ z#Vu;99+#N2ulV~1qBw!i|2R-;g8^LhwDMSP=rv@{M7L4cCWwnjm$do4qBTHR2(!(% zQTS*Tmum8Kh>xKcgO>antfGK9 zHF^={0>ygNg>f%Y-G;N^ApE3Tm|)`KN*sQHG^h|mFJVOxTTB44igDa#UKMb;0YxIH z`wmg$04=BICW#rFq!t&rNHu;FnJx;9Hk^yowFFms2@VxSelMnTg7X_jE}s|uwowFb zS4&<1>9{;CsiG1lPa+lcx}sG%yp;F`g98T6HEu5K+BSVk2wSYSd93k{jrgUSAH&^Z z=+k+xsOV-FbGjND_*{c=U9N_!TNHvl7B77jtHDMDl{iSZo;z`O6ayb_j6T_AjV&K{ zc71wvt{Unie`_gzD5Ugp#!N!YP=#0jPI0_mBr!M^*TdJZ?v~%%jSIQB`#r_;{@?c@ z3ZV-<4VikXA9R76P9gkSo?4;dgccQ=^mx-@50>T-Yo8*&xMluFIha!Jglt+8 z+SBL}-#+sd=a)!zv-s>@D4T%CN2kCg3|S!K?m*yT_Ny?~;?XEyA%~>7xFzgxEA28d z^ReqmnYt(wcO;!~rs+<>Gd?&T67e3|K!`P!3~gyaEhw#Pl+C#1o%MxA*=sos3>I@56J<|8dud^n_7`Uw6)g8eJ_^h&wOLqem4Pw_;hUVncot+3@h-OT(KZ|W(rLu! z4~g-p5!dc`)Npq^YOp&VH8>oP8s(2iAgqz6^r@k?Vl*%qS{h>yEeB{1tpEW)P_Y`1 z!1>P0p~td6MJ`YS)c(NMj3d2nfBe6@;P)E81zh;zJvrU>1DM#ZZjsN)En@`Mow zlEUND-=Z-@M^*|zC>tH3xxo`d7#qi$E0Dz4o$VZ2LI)$!re}2xFkt)uhsa>o>=RwV z;G{AbYniLd4Wku+P=#HxUkGClD9!K1A5kvG6~Ro0?wn52_&8re3vW&9E~PWCyC~ms z4ZDPGI0f(=F@m=@%|Hc3UB^;Uk4J}@NgGe zO)ErG-<&)nv~|f*MkhQKMY`h(Mf_6&0kWNkfCN*X0MkUFx<*0#SxLYnUPmK{i#wS( zD1RQ&NOt-OLdL}@8KtCNH~pCmN;k+TAwQ&0kH|84bK& z4#FxZuCweB%RXD~@ZmbVC|p%hYV0O9Oh zA?UMS4rIf}Ib{7$ND~=EMx_??n0BfJwLnE_ZM&5M(x9^!*dF)-zx~E462j?YU5n0I z{khN-GZ4gh_4*?yU}IGJ;;kcP9SR()#K!p&GtR6-Y;N)!8(tqt0!QMu*}QT}W{=Mn zQ>K8MJ>a9^WfW5ng(X@7BQrjQDmwn&7fnGpSLCmLd2n(Cijgk-#onp`YL<>68-w#$ z8HCGDp4)*FpHqr#Cn;3~XE|sYrS24|e8Qie``1nII3RAVt_#Jh&;{IafHyur$P^G7 z+Zt-YU&)JtgFbF%e*YET2bZGx5(0In1i>0b|IzOUTMOTR#b>)^Rt%8ua4Kl!fDr`mWV<)f!`N&clv{y=!m^ZZ zmc5t3kVLIUASVc6+q#QTvjg81Qtw=n1{naW#ob30`CD!9NrzM8h57e;@AsMayMBCK z;JITt!HX}AkTMZarR$$u6&7#e#-jR#Ri{SLTp+&dC9wD`(`oZ6GKvYZ7WuKt9uOap zv(TcVH!}qvKt+NYzn^g5)pCCXI4v~A8c-KCAbaJ3vSO1H@}Msv@hkg+MTMyikJq$F z+U@Y{{RYM=llwiqj=x1p$jf2CxV-@85~Zg$&DBR-m}o+T%p_m{d5Pe{U4<9Ku>{rp zu9h44u5Crb4R^$GrwhtOMxj-LzOLOoox*eRquSIX;BnoaHa%{lameL*A-+td*pb#DWK`2d zLEKlP7CyoU(XNK7wC7obn=pA2l>ELZ`&8i-qk2U)Wp=!XNKy06&KLkXBg1D_(L`hJ zPxd#_wUv&5A0=wBDWW_ju4;3ZR2_ zip|bUqN<32Skr246|^?j2)+GEn`A}%{hjrz|IpIQyk`8=JuQu7S=_-yjy>s205-gD zFnub1SKWI=8TlPvYN7|U73HBgP$)T@D6)~oWM*BdFuVkH?Y>>n3-nwe)6(Y}>J=Gm z9O}qnQJAqScndxRwJC5z@{$|xHFgW#wGFKTX^@GU=|enb@dpXd)G`Wxf08RI{7H$+ z_|n${hFP;Va}91Z-Bo`a`1U?EufZs=qaiKA^)v);r4po>C@^`1dZk8y6CLrwDjrV9 zR9yJE3aDV_ld~MwdVO_qOR-+jVhK=oqkhU2o&M<&T*B?ZMXQA|7rV9>RSYp>7eDvd zfVtX0IGasDYN3N-sPC+wo}Q?L2H9Oq2v>PF#4SlHVDb#2`CY|tm@c*Lb&o4Ll%emP ztX{3r-&dPQxhE8qz5Z?{^|bnB*VQ}S+0)$wzC@#}ksJwJt!%Hs>v<+sAb{)aI3-#< zUk+7Zo2irJ@YBhR!|yvN(mooIAOtCSm#n^CDq1YQvFsGbGhFv_(v_mfEd;`ew?0J2 zDSBN<@5?Qaj*_@A6NYf%^noVjo(bdrZ5$viQs2MIV>Kn31$x2POcvcr^$uFD{gQ}(=zScx_EAS<|Pt_L+y08)~g%Ag5-In6}uNTel@5GW>lrXUv^=TKX z=f}Rqvt#tvpXxY?fBy8m-|rB|rZ)>}>$y0T^ii0y<i>bO;4)c{B&!<3YXq4iUG#tM?bQLYnF=}BAK8XnyM=^`T1IC%d zRCzggaO;~NR=eah!-)n$rw+YF^W#jX2YQw+Mjfg}Q^MKlyM;<@3rXFW;K^O=YC;pz z?Q>e?#YqXvdW@slG162*Zc1Lt2t>Q38IBmmc`#Zt8YqXE=!iJnN&1sJG4=9RCM75g z=}7N<#td?bmAh*jT9@>_rNLeb?at8B#sLlZA=Z|G7Psnwh9On63y7VQKm;c=X%`N&A){32pGt6FBT zxRgZxEWuu42l?Y0cK8(Z3Nboz@e71R+yPE6zS!sLN(Kua;V-b%CV7jcSHf`Du# z{plDZS8WwYslh5D;$?|exaCxQCMC|0)ab#p)_w}tGB=i*zfDBG#r0_dN1ZC#lI~j8 zi7J%RwNq$FUM@%v_?R#2_!56=PhXa=sw*g<6YmeFT&hQ$LMiE;LPOGvT6!rPbgClX zp|yBLc}$Nhb!5oI7^g;yTXxVSgQ8KZbW07X>K61$Pl?7`MK1bN`Fw&i2&@vRzO#x9 ziX)FGj)~+JyXfgX`>@+ow@YqG*<5a8_Lb(zw z`YU8XO2W|KBtjL3=lO6zZ~&`OZ>?(AuS+M!pT{&Y2E9@UKq|;lF=fHy<;+>UGyGLW z(gwm!TCBB$Jbu;T3I?;R|sCt z%G^7pYPGDF0gqI$qZ2V^s+!m*rR%vfo%M4>DRiXN0WV3Q8~4c4PAf1$1U_);Sj!yLtW!4VK?F(Lq2t?$nhR-_*f`})V5UIEi9Nqr2Cs2#S}R%ujt`hcyKGrj7_dv_pun!q35C3xlW=tgETM+=Cmu0XV_vcEpXsY9x&QOlt#YBsIB0^3(*7-niW2T z(C9;2Ap*nnxrBnjB($N^pbxyT0m-twPZf@0l$Dl%|!Riy>KzTNezh+W6opdCWQBm3sz1)BE!k3I} zqhTDS^xRc1xT9lB0V=v3d4a%U0!*Eu17 zM|g5b-{Y_BMum*PontBz-MZq?x#+6~Xl@~cl;uL3PXw&G(C7V3w1H5O?fr;D?T3!CeH zySb}&8+<~_b`iX*AqzmPT?J{aG)7^Ls*oFY4Fj}^a>0_E%jvjef{(!`=qXzFsij0} z=*b@U%>G;iE5l8(!t#DAVz&xU(T2-UOmMJVIawkE7 znTkk4= zNUYqz@%zR(dNmL+bn z)b;kUO8Be#$8BF7)~)b4i^=0aWsVNo5a=oU$0;uBD2ZlzO7kOCD%LR9UP zJ%sr+TvX};EF14Y@2V$!DJ__aQ3EaR&grT7h+vSKdL-Phs~XY^Kd*#P5M}D=XKvko zR2Fcw;9}qIq+BVR@{1s+RIENDO%%qH98D?PdfY6ZVix&Gb6^s|`&arTpxe(#y<1g} zhYh|nw8yv98g=Q}(ol^Z1a)*5!6Dt4Cur))fVV=jt^(|Cxu#>F2plm>xEXf|=F82I zO}%i6VyziHink~0XaPMH$FcS#8!utzyeQtC$D&1?X(U=AaPWSqUYxtc3`3&&RPU;r z>k)jtZkGPSn?i`SgMyClto2uVtSWSB z6S6;fFJa-3z>QrEN50trZ3iR*_ts+-LIw#YRyHHvW{HT16Xb8&9S`1)oUcP5;iBIA z*2A;y#`47&L8c!ILNgMd#o|;pt2W9*Rf+kc86D&gGp+~M%UFAG#c>p?)A!tj2o@zP+eLGkJxvkb#cW3K z|F9?BAQ|`(k&Hu!@H%xnb$^hucBC}X8L3TS_d>W=?}x({6SBwxj1j~BqCtPdevJ@J z<1YOSl0So!M9MH-RB9}4{OF8f8|cb+L_zulR*=}s{t*>=haDp*NS*o?-B{URa`wT+h-%!G z=LiB;d{!4Rg*SYUcM(&G4^pdz;aKT>H)qqW)Df&WhxUxt63Z+2P(9W73?D2n-gd7z z{}hwZ5et=s%AUQMAR@Xd$^XWL(dVY(nxbbrF}J0gopejOM06MqkHRA)=^+>=92$Rd z3Wmls6)!$C@=_FuVHYo+8guc|$$lOvo*HcfB&ne`K$0G3p3m3T!%Ic_+9M#b4(Z_Z zc#zTL7%R|MTXFTrwd$Xi{i?2`O9554EOL)icK&WCITid@(}f|r6^g0EelNnu_3{Ht z0bHIWc&z#bvbAIjT-5uT(l|uhTnt5BmR*$SqK{Ss@I@nTQF?M+^a=2%;LBM7l;i>RlwEl zmP>Wp-y;d%2#FUkr{*qSv$l5O*8Mk+Au!)#hGUOImzTic)7Q8RqE;+!33``7uDC)3 zKj~mStm?_5-*iYdkuDFJeVWTZ4yS#H^{}l|p~NLesleOsx&DH<&KL`(~_&bD435k(4EH7&1@mSX33jFy2}{l^5RHf2ausA{vN5&oNAtPbqT zoeJy|YeB?#{eX_NIR$j=zvs6gq`}#}`{#c-znmH2&v#Axr$BeR6}^PON8^ZiBH1qr z*B?9h$t94_(0EXKfF#C-;C3>W;3d-4;IXSz!oMw>s$HP% zNUTea=cwd?ZH$_+X=2*14p3WY`#{1KphIK{A0U-O*u{}z-7vDiKeZ1s8IaWKM6}}t zD5fC=HDTkUMMI(eia9tDlW<$@pW8K^FX2uz4lZov+Bn=VBIA_KTu5Z&?>kNmPLbnl zARhBxJcxtW@jaV&5WcN>OEi+hzEog!4i!!+6_~=Nn9#gFLtsI+fX=k@l=9SK5y!8-{*7HiG%ZSCVIsh6FhqExpgXF`bP|1U|Vzn)?xk zhlPz;frX8jfQ60pzlDu=zSH&g{Ai?GjcOrYcT-m#EYfznZ5!Kb#c?JZ-r#A3Vt16J zuSJrud9CXwLrX8Z{kHsGeXOg^n$AtnV$wBo3O00P+D2uf6AvAoc7;R3fvX1{WyiZX z>ov!p9E|m4X@%%l%UzYK>_R-BK^`{v{pkJ{o$@)L<@ z2RHXTs101yv-VDytZPCdMMWsoaO4e&n>s>V54Zfs$;cG)4OdP~}KwoSk z28_lD9G6vCTsU$7c&1Uk+3CVrf&`8i+i^mE8PMj0H-}sq>~G>(1@AlDG~)+yETBAc z^dX+IxRml5R@v3F-+i6Xj3W>dqg*?H>x#Aw@T5|Jiz#Ix8tYD4ETM~`G$wxdID%7? zC8HkMQdgGE5rl3<(%T)zVhr>On;%Y+()6M<;L0pbVarwxP@EEbLJ{NzWq_3&V4Vs|xr6akCb0xH2ic@g8pD>rxF41$e0Fa-%j$IKBm*v;Ovq z7%UU^_0vw72Q|V}L+`I5WR53i#JkWK+{Pqvl^hpeUx9}T+K#@F(Dpx3&$y#ifKcW` z%k}Bs7*_H^x}sCs{|O>d>Yg*|6%b_jTmn}niwTG^Dz~J7pKu38Fu&NG=%$1H`x!lh z%dDblvNjS@Scc+;*S#Go1Xaiz*o-77luo~qq)5jjkGdgvlTBZR~F-QdnH#o1wFC}!S& zGN^yy4t)%c%=im<%r_?-zA@!BT%7eq5ZG5z) zFIv zrVJ#w=y91bMyI~89ib2p4F(AE77G7yaq{f}X$GcQv6C>#sa}6K61uDXu0+@9JFumXv z1;<7{#&yEY5hmg3fWpU^<8`F91geyRfQsve5NNzN_ek#}k^CzzOxzwpH(-*$rd1B4 ziX=qzzE5;v%KbC^ZA^4|0V=2i$Bc=P*FOiNz6wP@O7h(%^e3?o-saWWbs*n5I;3eS^XJy5eh`x%)67w4e{8f;I3 zami!}-@$rS2oL;`--e1Q=YkeC^yrP__zjbbM2Ap56TVx!t`Reg@%7wk)$jEWgzJY{Tf7Hkl@iC*2&WKUK=y;JxZ?q_=H&!Ir z8z~YR8m5B?M~OryR1g~>iozcs2A&im92=6z8yONB85a`cj|v42#)L#9M?@u4-h{}` z3PqCAsB#vB5)MBaOnx4USE5LuHM45Z!7Z^C4GcO!MhrJn#_zgB5fvaF5Jp&sYwK2^ zTv3V>6Voj5+uQa?=Ww#{x1m7?9?)1i4X42~4!dk57uy?u;d1-srY~!Ke;#PE684yMsMIxnozN-B6?edLcRm z4D^W3h^t*A-0-7h-QA zkM&2?-!jmO7)lP_j4Gf(tWbkv{pUsrMbVg8vG|}Y9S;r)BvLvNXS0`00{%djut0R( z*SxqE;kp1M?BTiMsA4u1eZV@3+R+=3IJS@3qByvAYe6alCC0hH-U+G;*?VMsMayz` zkT}tPp^cZ@V)u{*VbVKsVteywt$F~aK5}iAWPYK`n9!LNq;dUpp8k|ksTZp@Ge--RuDdzt7|2FztbLVVc zMZDe(eyeDx%T|A_bH?fCo1y&ztDf4-`p zo{=XH_hm{wio~AVwo*r;@owS>OeD|^855G-pdBL{ zVDx^S4e9U5mHntG%};e@ZGirA?i;piw4k**VZ*BSl!q*+P@`My-n{WbpukfQ&>ILE z^w!!t67a$v@&pi$lShYX5h1)0Ng#h*5o~Ll9eylVB7I9KM}xjnl3{Nf2%&fywJVmO zXz6t&UPrcg3sAIljYSX$tfUH5NI=&ZB=8&E=CT-5!G@ne7pOKA0JO7}Aq5Gv}stuBMu?rAi zShL7&uy3wNu{?dKKj12XP4IH<2!JmBcJ8KZAcAyd+kw2#Ky=QWFX8vlYZQ+4fCKM$ z)v8`@DALkY8|5eKO-(OEtA2q^A&=7a3VU!`qk~o(s~;>Njw|JT(2zmk$8k9#k6^`x#__`kskX{o;!PAR zRk=K_qoh@=$4Px$URmO(q_W&G8SP?&Jck%jPJe}zT$$Vz(X=Sx=pr%-$Z7}8$ufXJ za#hi&LPK&NV`Qr@QrRUHiY=P8rnLYpb7qy`awLVMt!B9!t& zKXGqjkVz9UMQB1EtbhuP;3IW6$V!$O&n>ANBfsP+N{-+>f@LPJqZ$=#`U>inp(H#e5-~hZ;$D^y=f}C101E3 zI9`eUjklK`Im|ph)#6ragyT+Z<2)vv`21CTRP4Lg_XBOS(L&6(R=p23w%fQzMh`|H zfMj9n2D0$}g&qaLBfiz@Ti`&PLiEr*J$$a!Yh$tA8l;BH6)Cy0={7Cid9i&3qlE7{ zCYml4mrbFQ!l?pL=@c?1p0Mv@;^|Ux@f12Ko+=O(Pa!?=w%GUMoe$1`wE9Ye{e_A~ zczke$g+|2%F1Wlo;bF(0e)&?bMFyAb$FLafOs$IJ1@K{nR2k7O3)_Jq2d?mDjtKk7 zx*dcwfGy18MQnYT#yL!82rcz#%Z|%5x=MT*&}oGHjkWmor71*FwCfg2deag$+QirI zOusRgjb@UHHx;)bazYEx>^4DN*{VVar>KM z0)EXF%$tV-jM$NK(1Nwc%$?RUL`ASfnW}r@a0QMejH>W`8UyvKt&xEX?_~FO)2f?4 z%(Q8p9+F1pY=|Q~27?3DaI%Wo8cY_j2C84i9jGq$2Ak6q9yf|{amt-7 z47I?*>^qE0vxyB0P*_2Akip)moiPq?>}5n)LPwijJt_uQ%OCQ5FpghPAd_!v`kkdX z(D_kZ1nB~B&272SBi=}8(4OxYD8eIC&-}512x974HiqXHTSA2zVaTqB@VH>h;T%_A z{Gf(tDZQ3r29=RP7vV=0KjFif5kXZU#GzNeRTQcYWwFcHJ}9gTi^$ctqim=U-}Kgg zE5YeVW$gxE(WSeXzNu(|TY7FHjYm9>ua2kau?VLPV4A^p`T9U#=^CshW*Alm@)_n4wwR$Q!l5an#6@9n*JmW}c+xxen`!x+!YR+r zt;JZ!er8ZBJ=SD{4Zw%M5U_C8d&b-h(oDJ`)}DJ6Hdy{C#F@KBQ((SgMAL3!E~Clx zW|u&Et4PH&wwSbV@+CF5&%`UiQL_-JkL?CefE+EL^NZ{OB{;}%gl_->d0johaS!pA zB?hD)s5?r<9{ThB$A9=D@n`H$!+De8Q5Ddb!o_@7rwr8VWz_==jhEG{UZ-p@BKz zeyi1Cpsk;pM_qJj#k&fce4=)M&&|<5iLHAZw(uww9W%yA*xC8=GSJ=5CdOW!>@E^_ePz= zY8DcVvsilBB0|usd?}xV!d&8@)5kyqD(60h5-~WtI;`Dr;=Fi4n#-FLk=Uh)k!IDg zXN11-w?k&39uWaL#qUoYJqp#StxJ>*m0cWG6daG@<&e_2hZfJ>^r?<;u&Evpd0}r( z9%$We7<0DRn-hA$%0TIv6nfdY+0(Hmg*T|_t3M7%*g0B`G6wij6N}&O0LMX(p#&OS zxu|oBusBt?c%;zL1K);qMK_E|?RfDUzu(780O?K&d_ z9E`^Hdbtw00z=GcTZ#Ov(Yz1x@oUqM5djXn_3>tjLiA2IeO|@kCti`m`$ovV^ zg!fjzeQCRIoL^!$$}dlDgbz-J3c**Ly<%B&r0%NOU_gzkmV5)Oh96e?bT*3Q8Kd-5 zyR@E08dOBYto*ibwUWe}RD=AGC4$cjvt5$EAW4p>L+n(tdV|gJQe=${bqKyRRr5A} zs1S}>5Ib_~cji}^qpuRS@iBdkDeLL!sCC7xn>rgFdbvS@t!GgJg@?GX5{aV1P8B5L zG|N(k2EUi-5CIO02k~T*!L$hY;4QXFx^W&+ztM&UJ4xD@;p=bo9Gr;bk0ZNm={ZNs zu!ib@6}nRoOn!Zj52#+ynbjL?8dvno=J$-WG^{wP7i5R=Yb`dC9;qiPcYG6+H#)Sm z38tzL`+pxPHBL9zD?kI;MsFTrLMwFePHg!#-KK`0!HVHKCR`j>Ve&n=%Q3e=&#%Op zYLPTmEjt`cMrRZH$^cd`s8&Y=bj4ddBi~%YF_9{0wP%ZKA;oZYkSj`Em6O-y66XXl zEG^4F;y5IR+hL&#tHI-byy}V-p=dw7ENPm$mDS2MhB%Bh%~?T#2(i(TAEcwkxx@-B z^J*i6SUg5a$-_pb>a7LWI|{?r!d|hegK5fUaJ6g>uIIF|*T_2T<+Xrl4MB6Q+6kAG zj}EMobrUkdS)m3Q4>mjK2O+XQETtOAnuuN0WCSIW{Wr_n8I+P(V)zrCj!_6gObEo< znFAzc|Jw7|a;Vz%VS|U&_scgYv=gBPsDtmpj5ZQIKHv@ersq{HD;8KaI@pCp@WTAL z?lUsVXc77t$N#k3hnf>Ev|+$l*T^R7T4x(*pkbc@=j(m9e5z7z#mDgm$(GPBaNh=v zu!{J;(nCeWHL?*ca%YjQ>UV?9#dAXz%C|xbHJ}l^6%K#x`aO$Mp$8>bg>KwExy|Oa zN7R9?LYb~LEr)3mcDN3!48^97@u5&vqRfRiU0QO6s~JMl%_KNu><7gL+Gj2ByLPu~ z=oQ*fnW6v&XB5i@74gbcwT-*>>y^mIjW-eRmNbcqN<)iuaXjgHoZS+OE!ZVXV2;Nk zyZ+M|)?ab5fSrCn`Sv9uK8%plXbaFxm6&dx&K36fx= zyTh58t!GEg21oORgF+|(pTg$E9DZRL`TqQE2g~mKBKI%2MM9+<54}^xUXU_z*q!^q z1B36dz_MlNUbY7~ZXAQq`Y4SFhnArXH?e9wvqyh(;+v3%_Wh2BrY)E)m_n=VEY^wi zN;>wpAF=XvcfWpF-;c%cVN;W(96ypQ<#>{0DT;z?lk`hrg*d1KP!5sz8^rU53Xt76 zcwEN0Yg?>`*A>p%4+-P|3h`P5EiS7^XU50Jza?LRzmsRvcr+Cb(GsQGx<5NWvQ=x71L1S;duCwWi9A~pB(HfDi@MBWC%Q?1uG5C0MO zEDa;t>sW=5YbowWBuikY>X)E+>?JRn-<uDIE!~}U&ZAna)(x%2n zVU=9nFcM^|Z@eAkZ6yB;IM{`}t@aCE)kc0|-(n>g?!8_f*arq3@PZh?1A9lxY`~`l z_@a(hnu~6b80D7GpX{>6sD@c%O~dHGNpj}};2vKpHXyPzJCs3*##n#fo|z(ik63c} zbaQq3@7ueZvxS9kdn{h9oiKIi&EozUadHcaev-k3J16P~GyPcOxo^yr))L!>`i?8W zS*q|lk$?L1;>&!YgkLegP$0 zP~%W-f={+3H%dU=!fNQ`LOo7*r_)*2d_}TM?+Gom1QG%Xz4y>UZy_W==p=+1T7VEj zZ{g$ro87m}?pseb&-2gsVck1BJKJYxXJ=+vu531q{!jtZ+0rZ)7^<)X8fo|)s(E-T zvRQVN26iFg_;!r7z@jCtkVVdfdWMzc1ki;BpPJdM*aH~7QkvbILHWe%j4yo+07MRm z3IPg}Y<5g3H?v`GyxiE|)78N_SDX^?fLJ31gvASvP+0Pk$~i1fnD_ zX}mpl7JX4w3K`DR@SqB~9F&$&_%Q+kIyzuO2JobU71-Kn2w?r{Y6gS^B_$h{289yA z%aUa>PO$T0&T&Brc?Cpkq6yZUZoyTWXh)eOgY;AvI(DL0CPy8uEV2zA`DCJBiSAus z_}jWnQ#6kyD#g0g1d^7mWLv$=Fr`Gv-bAWhWid5??JHhC1h;tJj{9&8{TPQYWaj4~0u&>|EC-~_8_C#>tu2`aL}DobS0(uB>3iHJ*j_@6NQhygskn}l_qd<4p>3xh_W{9_HS zW`|*gSjwbI&~D&j#5D=r!FW&0rfB6e6QiX>4<7Kc2_&XXpN+#3*IW}wtuUk<9cN~P zhJv*^ZR+#}Z5q+coi?>$_KaCGT~lV&&uW-9+dbR#*=||tr%j!uuXRyMeZ%x=vu3$x zaxHvj{cP9j&YT4@)7-L5M@wAlG=1uvS<_~?RSFN)xZ%&7KCQv6=;@%Ko@Be z@p3x_M=>^FejK8t{(_M}2WGak;^jePinW6S!k{i*sWPU7d}(i(O9d(g;-pSG=|VFd zHA(HsiZ-A)mKgyZ3}ytGN1zLDFTDg(H8XAP>m%)Jv&6!znCxegq zr@9e`z6=`B-e$Fx5d4JRuuCD>QEo3dq!Bbdnn~jjk}K-7&0}_?3;m>KAir0Id~A%K zE>b`=aToycI!O7Y+n`X;EL>$V>D7cdT5Mpl6PAg}q(T!^WCAt8jKEyxz#0&@G6+*E zgFq@lOfTLxeCi!YGq5q*AFBrseshi6qZQWH}_gbXZJ zhA6yOB$U^Jf$QC|8{EN6I|Y3=JYytn-WmjrQw~4C8|hc5jr30=3u?3XDP070;sAbP z5ft(TX^NUSdSA|lgpOA{D9lJv>yR8qvd1bwO#p+2BDN>EJ(>CYUov%SEgy6?V|F$s7-gxr4Ipl4qz&>-3?wL2>C3mVDO-9 zl1~(VgyVCd&QAUoy0O7`)aeoa=HOLcFfQ!sX{|)fS(A3>4{wwW(gh`UcvzBgo>X|sN6!_8sz92h-J!C2u8<9 zq+n04Pg%u6o=jkAlSwlH%&?mQOdls4<1y>xBiX#>HZ+z_ z(8Y^KBC_VVUo;>m&t;cDzXc%7MdSuv4?uQ^kSrAh^@ zyBzlJW^8wpq7y+=NTi$?5T$6EyCFu!{-&!v1Pvp}BXfByr#6M8Z`QpPi1@tiQXS6N zS;~Nj(1d)$RucHett3EFV5K3pOsBFL$~T;Oad8;*6xRS-LMXhky|XJOzJNt}VD-w`hcULr|YsfZV( zO%V$NU5a-#tKzZ*(o@6Az9GPjDGt_8*EB_dsG6cdhcXEe4Fx66l9OHIL0tLM zT;~v|HkTGlXoL#H6WY_o{jUmkA`+ww`%I2k;R>-qh-!8OK4YZ{px7g{d;+EqfsHLv z7@H9(Xe>7qvtbT8u(i@}ECvbYJ<-Vu*SG^=H8t<*m=Fc|l*u0Wa@YkB4E#duGzzUG z32{z{!a*o=zRHiufG~lUz92y<3SELxfeu7Cr+iwGj3Qj8hA{UlZ(@UX(}19A)$gNCIdSQ(L1XBvBPr zfCialLM2K`RyB(uxPGr_!`!O23;|~05m4gF7s|0rogbKs9r?im40shsN}8ka8;SPf zK+exz1gE;B?(wAl1R$Vf`g+;h;eq= zX|~^_r^bqsGsbYu9Fy!(+xHj_j10sb`(P%aBVk0Lkd#6I8`N|Ho}=(7Xe6x&s{;q? zL!;zjJ(Nx~rRjDYMU@QiDWxQtN**nII-9v9+*uaSB~lqPRr6|Fn3`xrC^EP?(y(7Q zB7j6(tzs7QK9z43ERQWN?(oKYiM(lGnkZU~Nhz0&q9@|MNor2hAP_VZ&$V=-r370~ zjw}G(3IwMS-Ha=pXd@fhCSt3~!8DC^z>OB4ZoilRI^(^!R)J(}qaL5ImGP&P>E7x%k|G^y!4;mRsu$CV9D1HS-!!XCZ1E72mEj=ER9;nbE@RSo znsz|P4F+sE8%t^0Az4<~cR~YhL|HOhA}sfDHfT|FmB=snnv8gEM&UCie<7Dd?CE zdrGw2YjOC|*Za+yZ}rn#bVX`_GvLm|9w>4GCyE{?-uA)!=FJI198 zs^vPqNmMOX_)#Ja%b$3XSyC7P$Gikyf}B`+y;Of(mlXK5L2Jhogh?U2M(O~nwGw#g zYPf(hgjdm5HK>eW!XAnrUBf~C}$gGJ#OOL7}4!GJi_K;%C`s3L)@ zfs_PA4MZv0B~E%&^$j5v9VBgA#0ZXI zqv&3Ss-^Uln#ec^CQU9l#O&!H<&s1$K0*X_rbSZ~^-|rejgipa4DCE`a%w3B{6PnE zqeoIQ6^&38dxqU~@y%}j=o`bTp4ACh=3`9&vFC9@#STnNnt{?iDE##XG%^vMbnp~dM1nw7UA)QP2b{Fqx24dF<&bCe6vZ$_P1LI-OoWsQK~)GL*9GL(5fa(0LM%lulP-81<4i!+ z0h!LICFoapRV2hYnIyak6NvL9gFqWNO1ls?7&kPjYZ_y=44V9l@s(agddp2X+{DPw$t#&%tXQP<3mTeJ z{p3Bx$IF5_8wM4H#%>f%7p#Rc+C3^wNQcX*1nSOF29yn($jf_A0Al4zbwF>mNKvHI zYIZ&jQR+rm&0{9$Sq0E%dQcPyXmgyNKy(ck$&{NAi;e9$0!shb4G|#wHA!Qi7f|_{ zqy@ltIg2pT2-vA?=PZHmN(Q(Og?JX^Fe))Jkv1PphxL+d zq0r@fQWLgZjywXYo8ueh2vb}106jP1$f&L8Q@hjLIW{0-{?O2MPFs#hGpiM74W(Ky=F-fRs5knq#Y%66cZ`5VvjvP}lDfs7&fp zrH-xuZ7Cxsq3Ob*0amL*h>Yt22P}lkjwZxW#!_)>h5izq+*&M%2S&{$oXOICJF7ZL ze-IosxhZdeNep1fWMhh*F{)LikQZ|cVq|ZId%ZaACtb`Z!9j3nQzBy!sNxC38IweD zZk=Rj;7bKm$Rb9(^I^0f2h;AJk8dovOEe%glWLPc1off;F zvGLX085QnIM!lI~8Pt0jJAvKGFrZFbnr3U=3VU!e=xlWdcW7YojJgKHL*H!riSn~- za}oecAK~m$h{qa1K-5EdV#e3zN-HCt;w+7Y4qbRJp#q-3hC>zM9xeev>T(>taCUj~^^Py^k z2NaX)H3C*Oy-flu3A*2s9FDPGSPK}T#Kn2jHAQHKSOcsqB0*>PHbs%l+c-2s8R)+`0~ zizGN|OpYWv9PJRez5s46ZJk<`V;y0rcWDIC;&702nD9K~jNZ7d>|%o=$5+(~8)z5@ z2cn|G1Rka^tlCm3s*h?;NQuxFRm7^{-KfAFvw*TRB8&K)K>#jh#Ur66JD`?GBf{i>Uc3e8ivw6`k`4bc%Xp5i!V`wp+qD*QRu1RfGxPPUbNiby9IWlgB;i4}4P*v=h zwxn^~na02{g`7>z)7xU$oI3D)cq7l^A{{D4Q+h~JuuMy)AcGH~t`*;Us+hs#;Sib> zcQ_u6x6(tBDvR@iA2Ep$k{oR!NwRx~rw3k)z$I}kuPaQBRk;}BBVpyCE1?)TwzA+B$jf(k~@ zjyqlf^Da#!BQ%m+SoU5c;KaPO23v4HlA{A-bV^s$!ln2qOaxt^`hEjM399f%dPrBK zR|TN<9v+R5kPwowwX3tEtD~Pa25_JHB9-mrLMuh~1O1BE6xpPek`xP4^~sR%GIn8J zp0Hn2i1HW~6w#suZwv9@evlPOQQ>f~Q{lRZW<<2Y?FEx0UBg^4praoLv#1K)$B_!% zKb1F9ynCdDS~OlNU_ym_Ou=oo;?`#*<%nnqX@QoBu6qZ#kR1_r4QMT|hJe$tM2F*5 ziFS@yfqF;zhBvsbx7YnoOO>fHhfO3VvVLg_5QJEoGJHJ(i1T8LOB_kyTZT?;eCky5 zsy7u7$(c*cIzfmJG;D5@SdnUe)eIN;m!wPF$Ce<i z5bc{C5JoME~c#b_0yMmlwqwUu)}JIfI^+9g*+oTJDX4-pk_QY0)rVL z2-wqrQUn1NB*I~iYK}I9t1Ea3rYT!3kiJ@xpvBNPA*_?MNSNZYHBWYD2+gSDkr>D; zjv$&YlB1x3?TvfS*)V46OKAo|Hrf!FI4@&m;AoKQ9T4rtH@ zub|;L?T8HoJh^jo%$(u&%T8cq@-Iav6;V?e6Pm672Fze+Dm@tZsr|!UX{j|jcLz(e zVg~S9RPex?KKoLYw8n#xn~ps=s7SjCg#vbN{ac@pLokhIIHW4llq=<-LN%N0h3``| zgSQD`x6knlqhdK|Am{|ttLE|$PJqLD;V3Lw7|m;}u?%pv=m7GjWYTS^isA=~rgj(L z#S&F-6eKv+hkcw?QQ)Sci21=bBLg+6-XIuIO??ii)Hdm(VZyyd3d)+5XG53FMv8BC zeNtr7cneFLbs2c8I6&})bQTGqvU(AYoy@)!b|TJRGEg(59KQTSO1WpA(zy^m9V6|S zIhad|auEGOG9_6hIV)+V`1T8}1En4W5U(V1i$j#7@e~4(izaCd74?Qdtx!xWg{;29 z-Q%Dkvp6+4Bm_HwQ(XqlXdx!zXelNQfMvg!c}84aFeq#jh`_=;(vy^$qgnwCYtgmxBPf=Do| zOj_R}1yU;taZeHArAp4R`CrLeZt86rVw?Iqg0i5cMkD060zLkboi5m$(3GYh1vv!0A*?Yn^vL z(J+!|VY8$vj#v34I|XTRgvF*l-p|BnC-4j)^^ht|%H<%+{2g;nEua>!K4M3`kopIRK`Iij0q(@jakY_G(NAIna z+!H+TV@qdDo#T?j5v+vD^@~;_(+9?c1(wE%MOK;Ak*{!jP@cgm%Btg$4OefD4fy;#oinw1lQ;yy zky~&Hbb_l-{|ay~N>@s)ABmKa;#qo3yR5fJ#uPVY3#t`e;VFr}QaxP&2Rg-(7lXN*95L}gAOo&w4HK?WGDvPfdWG0Aa#zqvFd>}qs zRi{xKCW@)Aw~HaUa@tHyM3TUM5LOZEr@J85Pj@2DY;ZxG*`Ogx-3$(MtQ75nTdJU@ z>j=*0lq4dFn5ttUEVgN1z-~uJYEB325}s|)G<6}06Ax4cTP%;WmwcB}s8xE^i|Z-{ zZ9{DJWQr-^ARjfR%IbIn=Ax>q3T>ITr%RyQ3ok|r7Ki(NC*6jE$KkE8NK~^ou#;p8 z>k?AWbtCQuta>)`T7WgRmAnnjv^-Zw1{39MM6MLhcm0mN`Hcf_1_A-oZ z+9@1}3m{%cMdt#|a~2`?_<2tA+ZUg@CA|PT0>%rdcO#cNoVD=uSOI>#_FN>u0FR_n zC#>@#Pz>~&TY`mMhXpGvZtLVzIFU&^&j+Y}`eX{-848W5Q+=o*>=T(;HEIvBht6T_ zr(tTOJl^h80O1+ZS{SlDHlOw(3i*J=V+um7p;gNJ^&WI#;uC7z1YT_;BC>?(Sqm{_ z*9!bly=G&E>^7NUl!*^6{g#JtR2-WeAyM0J8kl(VjXeb_$~5BnLib*#r|l-~j6++L z4*VcR{u3@xijwRA%Xfj?56{E+R%eop+tHm6w)}K*{@{&l?B#E>B#;sm_xEGdg z;QD4O6j)4pk%$T=h6;FGp*J%^p3pjkBa)9ME8G0!D0l}Ac7Qm?Gdu;xkzos#q4TOJ zQ-1Jd>?9TVLrc>_m84seBP&(IATIFf+YoX^i7L=Fy8=uup=>5a`Na_odkz`~5ur{L zVgRvsS78ldWHy!vn+`U_nhGX}4XXiyv`P<^8}!A(6d%9RrA@J7J+x~n;HLpj+r6L(9RpO;Ptc3Lu($RO|nHY^cY05z~ET1kBr zX~;VzmBg}5rAfYY$!wU}yQBycU+H(|k_ygl)8qWfs9z%nF;6AiSQ12%6NBNcLHnyY zo+l&hB~`dC*--SGIb;TLK%!%avkrS>vue2ELj-^}1Y%*-B~Yn^1gVwiDEER5uzbDb z#-Y&?Fol$WsFddCwYnPsgeqX&PZKEenX zuR@Mu_v;z#7hAqDhACL~Wjj+j92$7V8JJg9Ovd`@@_ODZ)c_U?qtm9^brH~+4KAoN z8+6oM1= zIi!qzqKTe>OyPvmOcFT|b+`;s=aL`=YG($zW0D=DlZpyt*HRYBn0hY7h?FLAU+0x- zu{6Cvk=I!&^d_RoS_@1t{pFS9@J6L&JVmb}Ptz-Cr)gbfCPY&yoO|r{T5xlY8!a{A z^YO-8Jn2;hnd(&u(MkO}58-(cw0rztBnI2?xwK4j@Kb`b!zMDCkSABSAW`YcdiB#EI8OJDG|oKu%2DMe@}e zFDEh?4TiucSq!F44wE!m%#s1E*?fwOD7r^2fZVX#r3_-uKsyg5Mn&7(GPG^kDUzz3 zW0Da_JR1YqL|@E@!KG3)N)RozQ($j_4G*_&$;pwX67-CC5S6OV;qnqe11^NF-2!2> zCr4V0m}o{`0h4+-9Rl5|7cvDr6?#dY$2@t+N(sU)SjkMOGDgZVvd-YybD45khf~BF zQ?#p?Eu*9m<3}gao+3#|K(gS1C4rWj#)&VI z=%^u+$b@ckq+N&@9MUT|28ZD4Pbp94gkOY43lMiaf@&4(TiE5&offoDDlCnvs$em( zW&P{~t*fmBePnooM9l0@RbZ#8^WIeTDm`ohwYHNPB96eB{NzZnP=uX<97MlYwR&1BnFvr1;4qi}=8GoA|)y%gYj71zU=|kTfW3N&2e9$b>Sn zq>59vk<*zVR**BbB#kq)1UQF8?Imjx1JiH<^G0+mjRJzzAnIBtJuo9=5MEn5P2AXe z=EOM|G+@LMfB_FCPYkwl%x1v!I?-$KBMyZjjRTICAJK?Zi3Xxs>3qZRibl%5G88&Y zoa?kZK361r?{eg4tI(MywfC%8bTM>R;(*JbY8?!>aM@8NO%;W-T(~GwQAAB#Gm8|; zqZe!?IEkU^?zE8LTD*9bOAzeH!yF|Ie>!97nQh<$Xbr1dqBXiu$-#Sg($3I#?f$p%`8@m z5YChoa4ksmC3>ZU>{TX5$_B&@s{^L;4Z$cg{ZSyuL5y)LhgwT&k;##6umD~IJB4!F zDGDo<&23C15S7YCX@V@uzUUB0w@2d1TCG2thY+&S#%-qeu-Rt;QD1~w)ack2$uwoL zV&p9yy@4TteAFexWyp;LeY~Z0o;j3li6Kagc9rn0)EM9Ly1^(PO6y^BLz2~O!-WIu zoVE()Iv&?%&4fgTGHCbCkgbwgv;ww;DM=NH!Yqv;~wVP;yFvhI+`TTolTEV0YW-1gWrvfJJY+$(b|( z)O##CR28mfjFMmq4&ER+gJpSSkrb_Fxy5&j^tfcAt^oxS=L;UeaQX{0Zp7GZv;l<=Bxr3b zV}biNb$OGskTR>2aMQEQxNO1-4nEWc2Y{hIGdc_awye-wt&Q!C9c<7E)X}}5v6B@6 zPfQ*QI^>dfkcBBfFf975Dtxc7#ws-5SpAW0a%za(}Ph0 zFyzn%APtJGAs7k!MKBUJkw7HZhhvpNvu0NiEn><+IOawbfG4MKFp@c^LttitIt*n> z1{_SxTs7e^v6KQ3>0uhT;F`)fWbs0=OOzN5CwL5Uv|9#LD3^1K$*mNX^N7r>Ai2j3 zb)W>!8}}f53LS)@a|?>1;*8S0RzTZB&>~s|I+qYJ%57*${ey$`!Iq5K{1JpvJg)qbZH73ehE?urPB= z;EZ?^g5^BSd4!j%A^9k$Lt2*ht}Iue{Y{cJLIq~%GTo3;X#Meng7jWDQ^k_8k&B{s z_BR3-MI{{uGn997=eO1YN6@8ba}kJRrxTIDOb{h(Mb7p*3#b(dpdz*!DC zcDzOggiKkC31a;1mC7B3l7__vd~Kr0Sv?^}?o)Lz<`CZ{=t~w7yM;E@a4hgl?+{U6 zJd*_(AMzsIJf?b50n6^pkV4QC0|O?lvV3p`={@D3^uW3ZD%}M${*h;mq*akmaWd>h zuMBYFNd~$xnkt^@V!)ti_D7)J!%@W_3CqPFp_jH!@@>)3BIyEM?U(6+K(D0f&LldF zNYiL7)6f9f+-X3BjmII>IR`Lloh=(-6bxry(gEUx1}#qk(^~v7%W%aoEjnd2Y!uQQ zk@K*)?-3e`e&IbH4o{t4ZdB>I*J_X_LNJ|9!+OEHUJ@gil4zu}uk4O6fB9D1LJBSr zZ*k$dGNBXmu05T}aDnJoF9XG^Ksxkb7;)M!lwhE&7iA_RDmNmF1f>gK!8tR0(VB4G z;ENzVgncSP2tmz3eZ`F(S&R6WhG(weh!=z-gAV&ts+B@SLI;>C4GO~tA5>vn;#;7= z5cLm63v8ibjObS(tTt&b?}J2b6IR$hIK5Cra{gqmTsDtPn+qR0^Ydkh3(WG{2X{dn z&!)lO!nYsr76T>(;>}g!q^9*Chl^P6G%~RkcVM0<*rQMx&tyzV@erqUY4xZA;_Let z0v}13@_FQ@#E!w9k~FRkffTTeh@N3V;zLYegry|#tbNciL97xbp1qj{Vuqzz@7sGO zgVvFpySrH-JH-+}oJp2U;7oGV+a~C!s-4u}T|o!?wQ_kEQ=EJ zdNjq8^1?m?2lSwHH~tA4-SF`w_hSzdedZJPj=~W!OoT1a62Pu0mYQB0__ZggyWI9m zp61?TgSmpp63hfrLv7NNZEl4jDy-ChGDzX5&h?{`pN|^4x9ryz7DSi>daAYdOO$a%h@NP2V z(n=`zm#U7z$q1+rdL8U*aoMGZ0d(o##bxpuE5p{+I+&Y`XK}gJv0fIJorAHs+)<9g zWC0G7des-hfO8b)3NCO*+ZUJJ#)v{0sojxHA-`hfG8BHq;?8PQd=;y#*goS+;ZOu3y&Ot||>FH7HG zwLfrswssC+$p6ZWQv;PM-YUHM*{Nc+VVh zI33K_71wpka>aD%PFFkx?9=C%E1uBvkZ*~5!|7-l+-w^wsL?j2f0J!IzXsb_e$BP9 zf*M1o6Yb78xHUGFzvR`f}3rj2DREk^l!9<=HF%u zEuhJkD#Ng^cAx$X%Wv5;w4jb*sQw+p5dAuaq4{+TLksE{sl5rF4Ui2<%_9*5o6V5} z8qQIDo6Zq^8_y9#G#@5%;hJwDhH1Wq9Nc^hHK_R(Vo>uf#K7ju%`r^-Ic9JNaO|KS z;JE%>z%l*%fMW)9LQ5gU_*+OpO}7yJTWz8FHP}M(YpaD6&`hBc4IXHQ7SvRR>fcy~ z=+|6^=GS0`7SQC5Bo;zuFq6XBmV6%ln7WP|)OZ~~N>SYOlbu4P}sJ9WdKCqV!oWR~S@cidhhk@nWU<1dup$1Ms1IY+ExQQwjeR)aS zHfB(F*qHtuV&nOBiH+sgDK=I>x8SrN+$$DRP*W{L|CU;4ehsyd{Mulhm=s9Or<$&sKI^ie>n;Lc-cHBj{L6h_mpR~VXKw=lGTev!2bZZpRVYBb07 zZ#BpCYc|L8Yd6OWXt;Sl7Tk0dGpO+@wtw?gT)z%bG5xwg#SH9(r6G3Gepr*qZVGO^ zi5b*z6VJcVCYFDLO{}2CLeTS>&Q}*;9t#zpEYReg>bW_1XB7-`b|mydE^PHll~@j>U^qTaAj z6Sinz$zb(!bjtvpW}yfR8qZ^>tS9!17LeC9QWx5x_B^XF$U;!1CWHRLr1V zQN{M(8C6`r-BHD?_-HXy%z#~zEUtoOA{#5H@iwM^!)-jjM%!3^4YsiY8cW+iaAR$( zpvKym{*ATq{2FUx`8C$Y3Tmu*Yv8ATgXMiVQO`mQXsJohx1lDIZ#zw-fM(Lph@cI= znz}4(iD5QwdOExF76qxVs+;pz{Kdqph_G4+YDH1X{7F{&!CdjmI>KB9pwinm6c)jk z9@wO(AYjxE{+YV9rQQJe=LD1kQ?0z8Ji($zxYbu~5j4F5PT~yFd)k=y%K@}3G#^UX zh~))z5G@RJj3! zh!GGCA3d(EoeiR8DM)>&^^#eUJBu^*hyle|Xx?pyh!8-e&(t!8#`7*sZgU}6Dns<9 zW}TUWS+s)cM^P$g0-D-yXqbEkj|;H@)D%?jx|vd905uEEo02Jl1yC|XrjS_P#km-P z8hd%B+?Xv6#j$KCs=51AC;7-%JQ_}U7}`OUa3_fbzvCQ|u|auAI+Te02K$32ZNZ`a zQ+wcSA`fq#cs9HBMuE3ZGUa!YMQtgLD~&pNy1SJ$p83XT0kkCzT8gx`gMZ4xL-53O$Gp@5&@f2p*F_)LBxK zIFqwkJWSx7oQJodTSkg>=AF-YqQg;K)Uzb(AfeX~cGO0sFM}H56d66C<*^eG*~DtA z4K*WEJLt%SwoIv9*-t#B?15p}&&wKiK@U2_4nPtr_CBH6w!LL#N<3+XWNjD|KZB-y4E9H(^}hyzEjS1EK|ifV}yAL4}@uihvy*J9fX+7QUvv=;{O zE(A6=jV|D=c^5d%T@AG(+Otp|rFg|U=;WjT$}Q1;2W&qPXG=k(SwQ-Cp4prk8n_GM z%TPRv_?NfosH;i#v0Ox%^IQ%TBzhDkl-mUs9hN_6BoFQil~vv`E>Jqyz49m!KI_EG?%WXDU)ak5Gaj>rlZe@J7AXuAYyisWHCCV%Rt2gXIdXhys)A$}8v3}mf*vhJ1`jHye2lcNi`!p;SR^Kt>u zY1^||By$!n01E#W5RG{oFqK0KAY;$sTjk9XWHM&?#kjHoU@Tccc&}RkR1`3q(aKK|8n$9J zTW7Hr66dcLkTF*QQ+c2OF$QRTYx9M%K7r!kdjcwhhFBF%+H#9X&SI0bgj2hb^PxpD z_gKa2PHl5`gEYi`Aih}mm+*IhN5Uz|-8i*&6(Ok(QHs&DRVNo{h17&3$B{L&N z5}ZHbKx%(GqUR9ucD@L?{wCf18+B{UH7s(~a z;nGqjzCdJp9!m;B1D+U&6dcA z`9xhP^j90UUZWD`r_wDY+Wx61bGx7rSoCdVD%0~_TE_^Oqi4#)*5DxoMTyTZ@vRh6 zNlqn=0X4P^S%arlmX)g66stmIncXwuH#^jbZ>8@9qz@Df@>NV*ya{4{RTB0b7#*S@ z#8e6S&UA%TjynTFeeNTQIdqsPthxJs#52VtfZ zr(v5?%vRHx{FFh2wN2rr?P2=~-@#G5D2hA$NC!nHr&k42Wih}?O%6;KvQQ633Z-=2 z(mDiWs~f6Riqj*oYNuFqI&J~)7hx$|S<Q5y}Gn&g}g^#^(pa%+0M z+RdhR4&BbnX>g70c_gP^2>}p= z_()vC>e4xqdOn`5OBAaS#F3N+IVJ*@26$DuTsKH@wIX;03C2ajGM!O@UWXm7$0;)>p&+FbykCv9R3cf9NAS|(2&yqp=rpw= z42K{)cqIdj=pf0Vl zxqes($?BIZ;u!cLRM5_j{2)2yJ35|v16F1t)`=I+VuXB&7)L|rg0#9#phd;2$@+9v zacqSWsuP4-t`?R=spVsXIkZAOjdvL&>1 zVagDWVQK6q;MVaHjxA}#fa?*P7hkvjxyzL#h%_eSMJ(eGWlC`{(%#qG92L?Z_|IU5 zcbr#wM$WmYEp~!oG83&SBe*@HaVE&*v8H^Yn*G?3YR#BN8}WD`-t3Ys4c|MZ9GMho z+mCC%_{iCGa+H!GwnfZ3dXh|7N1ID|IS67&iFkLiOI85s3>J`>>@E0(>neyCLEYuo zbRxGfUdm%7uMmPl(k1!MIr8i!LoW_hW(&T%(WZ4uTC%7((0v!3Bssx%H=E`c!FImW z*)+eHEvbn+P$(jywf*r!y(;<`FonAN#>_ z@LH=iybN5$G*%!;4dA#e#4jpzVF`-G2&Ik-rN)W_p7q6Bu5tesfvuJjuDskF1 zF$_hVik7EWESl!fuBag`8CyZb+!>a)^%g;MBUoVsyGRK&COPK{Bf4Tl8LQDIzgl7S zThZfP87wD*`oXo<&6N&0AZLCjt97Oj@y2<8W<5I7xRf)8Yq`X1h3*PpturGl zaJ8DmR?upl8TpP@>&ysWt>!4Lumxq4U-6`|o@RbWYjvh4?eVTvDWX^#L2tY=rzIa!A-0Vm53dke!MB$Zt-)xByfsyK6zeCLHlQ}D;A zWJXfd$WWz@BwIx-@nsM*Dg@|j95bZ)M7P2A< zJo_7tdfgBWXG9K-=@MiKI<6HmvJ~T)5?K>D_=lb;lg!5>+4w*z8(1Z2s4-BLPyZ2r z61GH+UgUVRPW^_`-T1?UB<`VF5xj>S0RjpaWSg8dbu%7{Kr1v37dUzuo=|rL_jst%pRa%IvMERnK-7&89H!W2PrEombz;IETJ0 zpa`RGHD(hEwTO|owi?Q;q>yXElR;3f2M%mqqLdN=jN>qKg087jNEE^`B_*e!oeEc5 z>z=_J_tvFQ(nF4x@1pqg6kApt5WZq$_t2cpAa@tU;JA33r*;aGZ7&Z6!{q==Rqis< z1|zuttE zg&8L|z;WNS?YUv~ft|Z0RaOiU+}EyiIBMFNTxyUfSA}fIosH#Z>(Y2WnfP1{6N>Dm z%VYUOq}I;Ec~aU~!|J8R6>VjW(sMlGVlN7-goKO*6m|}pRA5?ME?2N;R?|c9D6oFh zafyt;Yv>HxzcLAOgvMQC#N4)J4Qn8SO)ZZb#Zra#syx~S^I)eq?Y1A1%%2Byre3gL<=ai3?tuiq$vdtnBY#3$h0u~$x1^pyY=V=nFSm-Ob&5NNT#Be zQLTV*Bi%3pu^$;hIbhEC<)!$2bh`~P!>kyf$9!t7i8dt1~-LjE^z&OOj|nv* zZP&q`!Y>g)Dq^{x)YJe&Jd&Oo#z%ziZ#snAD;rOGjMsKV)x~=?wcqep^~|1-{)8;u z>dE*(1}*_<;|XMQSzF1jK8#kX{1F*e+y|}HVj-K2v~hkH;emARm`BILOv^R*2}6JEu~?8LL=T!4+iVfKaz!Oc|_b!ipx63 zrKgJHcGsz4cwBM1V~N9^+MldOo)?-bG3Py|mhP%MP;vZjEmcf#8HXyv!oU;JO}J++ zyG>x(FxUfl4nqm+uODi>VXW|`LXux&SS3K+C0++7r!e(`#6%J0;QS3A^7aA=5<1tn z5KWd6Nl;h|7mh)g_z&?lX!_Dj*2YRE_JYx6xSOn<4@{t(qRcK!tPYB|i18M+$&x82 zft_ZYc8bGP-AsamCJDhQNIpps{z|8s6BnDBOhLJ;CCH$3g3;PXaGcKEpx|X0^~4G% zU|b9i>vSjO;h zPZKFND1)9^MH(?EV#Rn~aRM|m3}h-J*hiJwX{CwyZ~B}wQ&TjjY58IHK>-K8!kcQ8 zOV!EbDF~8YqjZ99GF=je=;FWyo~gu@&NNCuG<=#Px`N%TWv(acLMxYm>nfk^7J4Cx zpf6;3=9a6BUUY#MGvI`z##Nc7NwbXCd(>++E2Ww&xb+$?8{ijDGK;e`TZxUJP&veo zm=9Jvvw0>8P(iGW2lg7*hDFDjh>`RHW3SWLet0pQF51D8wy@bB2 zSSd{u41W+i1LC0UrlrGRiqa?Y04Wx!FsguJDW1;7Bi#iAWJryrlASc6f5`Fn*lrV{#z3qf5sG%aMBJN&Lxh}| zyG_JTDbt6+l%{w61$SI?v873n-fg1!DQ0B-boV^s&W_@G?KaT}!XjdKj7;2_f3kQZ zDjB-*154m%7eR4hJX2}MRT{;SGWnrMC>9D7RZK)`bx-IpuA-HkVk?i(y=EMIxC7FL z!UyD5Z>7^2!!7$*nPdpE%4MlCj8l9-Jcd$=BvM(<#AT`(g5&WZ zL~e~i>}^F@649qz52041E#43cqeelwa7<95Z+V4pO6JRT_%A1IKCpD9FN))s7czfd zxb*1r$SX4)E5&I9%A}=ZPP3(u`I3bkg7tL8D+#{g`(>W)YbP2er}Qv1WOKcngDB@3+07%5(Bsh+nArP8KnL@xMbr2T0v4A1!IfSj-Btb;DPBDz zbPL{%Ev2#)hz|!AioG2Xu_qD5145MvYK%5_bj0SSmd08#@VsOR$!r|U&B7Zh@Gp8; zDVvGsV{`H3JbH4hID`Y3g`vi$@;SyF%Z(oN}(z( z`tfQ4@wSL+b^u2kg$C>UX1s=J>V#Qchvb1H4tOSH=r zc-;#W%Z<_J^+lAT3`KBc$zw(6v)G(#9xG8CaYms;=xXr$B;a+nyI4@xuFeI=j z3R7xk>S&3^WT5|84?WH*6aYN29|wBa(z~T5Q#3J(N;l&61v;yEHr9w3bjl!ivoU?r z&KnXjbIr=m8!9a3413;CH5nfT`?Rak$$rM!H0i`7Wdq!qDngIKa1r2@ghR6=T;vR} zwN73K@lvdjBM3+nhm?5^HkmsaTkGU?Dx?vOF&pbCVNJ(cmnKpo9vUObMy`_+AA`n( zw`PoX5IbKN`xzgKFUDfxkYO+$*48d8*D?IZYS~3m+BhEoAcGD|DW$|q&=T=tiEccn zFa0jYPrBF!(gm}V!FVQ#8OmyxLV&1DtSdgo*-RHgq^4r?GQ;uVDsKw*B;sE&1PCpI zM{_bpiYxE!%J8Yt#fwK65k>_uWP~KcKqWSSUASyh`xYAjo~W?VyV=k90G5c-g9uiQ z_`KS7)Xi7{%r9g8@l33<%Gw4Xo4MV?tU}#v)^&3@LW5%M#S@t1Slj5!UaWF9ySl68 zAvVFf$1>0$=hLy?Dl~!BRBSG`a;W0W<P7NI}5^h+1fEX>L)m1>bq0I3j++QsXD}+lKzR~nZ zOMR=w~+kZvnt+WylUug03O;mnP*>DSA8vzK*8FE5RW zuDwIh2x6yXWeyc^s8G3NFI(BYY;oWYtw{VONxe)0q*UI42ay8a>{qdo>asU9L+HAS zB766;{kOLq&(e}}Y~u9Bm{1XFrSxGl6M8PQSeQ;oIiLfq0+pki2s;g&ovq3~O0bio z>?foSNEv*|MB{il40|z`VWT{^kRMrF;0}zgNu*-^^6^~8YNEtjxG(^~h_XPVnPgI7 z85EG86qDj!#B5NM%x+R7)3T~(@_2QL4Q-SSN|fzcQ8uK}!eAwa_eT}E%E2I_SeW1t zkj;26Mhjzw+yEzrXMQvpDGH~(N+#AFPxFIB6epB8>q6Mc#^L;9w*>&4#yIyD%$?0@ z`tDaciXaOz{0!3{ALga@$8+?IhS`VxBuO)V(4Rs~e73gC(F1GGCn{Aj30dx;xFW-$ zE^O8GXTa+CBql>SUGySQ?weN)Sz7qDxvFZ;cp4c-s^ zHV|J1DKWaF8mC9s%%b;Wqq84$+ZLQHu6Q|-$*2>b7;;Yu7m#+2L97h@SWPhPP(~n^ za|MArRbrj2Y9d)Hj0>HV&IC*G$+lqmh>6*@OnKT&yQoaLemehxsGF@q@=0q_IW%St zc3QCqt*%-boQ9w?#v5`*Sp=PJ06Qtrx`=q}lh~1$3TUfFoPuX=O7O_pDuQFXgj{IGU|e-0cy>QIQ3Ru5ud8uPN9cs-wIO+rlbsmo}hU1&|qMt zg+U)`9*X1tr^Apv3_4!=>MP*g6Ws3O<|s^#d}Tp3jw7qQwVzEuZUq0~Mql9kueZ{ix%w6v%>BSpgR#TBiP1^sf1 zS4SwC45pvqJ}#b4ZH#uqcVoOcn=1#hCu^Gsdd{W{d1}@)3mqh2sUTE5 z|r(t&ffzOCryZ70|ZmD800~ygf}~bilDVOa~?K1lbs= z!J+G{q(U8S!jOfpO_dy~$JNS^T-&oAYMVlwvpp#drZ5qguTut7f!l*m@lqEVrUpa9 z$w4e<`Xgm&-_94<;rdyiB7T-|R`eN9121@yWDHy1I_s1>Y3HuS=E;!-&?61P492Gr zx4d{n(CDDah-v1p(F)2hY^`goLAY*omQ1R5lJjdUt}5b#`c4V*%hJqO*@3$a`wKaM zxOKCC&Ys?W(+qYz+4rG0#e@rH=%Ohq!ej(yB3F?bGgb4H4eEB7mBFvb<3#G(U}02T z!j_2tjibR<_T|XiwP-mqcSn~aGsbv1a*tz-&F+HR@NyJP=dq_P zIY0~p>@VOxp3EJ>mxx^C+8uraM6a0Zyv9+8rqbi6pwttMBO|iFuyG7tx-bJE zYulP8rkOimhOO1OavJYu3-h7y<6)Fr5KVGmb<0k{QP%dC8pP5uIetQ1XlAjRwo4a*$?@=7*YL zK*Z*N@01UVRddMwS_C+tt1bAjf$_nh)tl|9`Tb|FhAT;nFfSqK!^Q;;d6Ra=t()+x zn;gkW_c|{IV3lU(Ou%G%yjewX*~vn*sG+Vfqd-hrNKI7twn9n7;8D z@T~?L1n>fUFV&!inllH++B-T^99K7o5ZtseZ7UUWt@)7*-Yg}@+|cba=TMDPC}GME z*!aRMDLD?-w5zc+HUu^1B+pL6Xes1m3%PD(gN)&=u~J3yw61L$QZ!~ne(@hx({VQB z>@m?>EeUikf+WL6JzOcsCZ#6q>1nbE_v>J@EXZ};sZ_G7K-P^RGmuSYzS0A&{$REM zx2!PPf=AJ;5sbTFM-_tgx@2fYOcGzoOE?x!+8JX_v3~^jlc9vX+Ms6`Au~Q`#XIRq z8}FtY+2{}4%1}_YP#CTj<@nT`O>BCBx$IYV0*|Fe^+b*i7_*~(q1wYT;PutO8kJzA zh*?Vc0u&NOb5ka~l(gYRkujpx5V>gg8WXes#-r9GS z`LhU7&BeIOg)YSNmdh&DUJIdS9^#`?Q-XTQn$Mw#5-SQARFj)D=99jgiD+{_()`CCJ}w5_AE2UodpgrWjKy_cdA`8 zFg1$IL`4~Kk8lw*<}<*KtmDpxaZi**Y2G#?G*O);;({A0pmL@5T2rLF+Pc-w5xQ6V zXtG${0#~YVgP~>%H3({!S}R!V0LUkOU`W*pf2??Za-_FfA-g7WcL-WIUU|I?75KnA z@{YSuKV#Ft61~j7oEZ^=49|#-yO&(Ehwmsgdu@H?%)310hUu|U#EZnS8j1kAnZW+u zL08-wPYRx2p~(0iy-habP03i&%TpPH#PU|eg#j*Ctz77huZo-@jiW|9dx#2zkZI+p zwxtlosjmYO3;g+1FHOJ@cyVl(W;6+ZiW=_<&oVtS1}{fFV>kxjmTP=v1uuG87H2iJ zc8goyu(eh4*3vnSjN>jbxQn1}FfP|fS_zuAHg-rBg$xE}R|d}gBE*^hJhpS-G9`-e zM?R-ox#o~V;F%9t1=63NFIS7CFM^sy2967AxBp2*Dh$fd$S zst-akj*>W~`q?MRE-zJbuy2zO-S|%Ieh${z5a^1chyok+a5JwTvMc zP?+we7gND8X-(0)K9eI$s)$A&uujZ=HZqII_>=Jf1l^Df7P{M-Lv({z-g&iW9x_7i zd9DJjzWKpKKf9g?Us)|<==o^0Rm(2sS}lbSkGtAx&f4p(=C85hCB$olsiKq|u^%Ju zNj@2J^&35>lPH%V+ASA}1R~=g6rLHaG3?aQDgr7+JV+FN5Vibt^CBoLXFZaIHu5(f zcRgTL0%s)(Myd9His69d(x3a-z(c7NJSv{FAj5H#aak9`Tm~sc6 z+4fLRxRg<#iPT&p$4H7?wR0L0P=d}Z%8U&uD~a|?GX)yY8e|uqDZJ2@OJmDvTw;5Rh z5cwJ_#_VlwqggL=Q#Sen5{VbWI^TkrR(1lAvNJ%#Qh@P$am;-CSa>%!w+Xl?pDc`; z+xk+7Dnk-;bDNX~B#Bmpi!DKwfv2cSaMFOGvviMCu_(NfA@RV`hrP-p3PzPDAYP&Z z7u`YG6{Xs5{0U#jA@WDA!O#ukb^BE5A4udkwWiJEAYokZ=U;Hd~G z0R*d4&75koF%o7X{PLx@FKUQxiN&BAqR^|2>(o<0CK4W#g!gR3<(_k6}0fTFbbvEU?N|E zjmcn=qJ&8dvPlF4(KbXd*$Gr)Vie`$FNO%N@-Uad?_!F^jvRRCgW~<+Z%Mq@CVrMt zTPvMD@P5LCSf-Gm0*6!J=J*`OlL+{CNi{{Wf$8~bGIGzBMUeiitP1>_hhp&oyj=p5 zjF@b^fYDD1Nf9Ic!-QB4I^PU+Np4uQBuD*)FBm-GUwTj(f2p1FUutDBLxD~(`6ygl zu`)zIVh96VqPC#)#BfA7WgRt(Bzj9@`bd_>q z+`tHu^0i9(B~s`I1=2*3<_x3K%}IsW-<718&*)ghs1RI;erDw$A|p`Ah*QoeJisSr zq5L~ACZ{P{3(Fz|m@H>gDRjKi0P$yJg8biCFRyd&gq1Em179l{pp5}r8L-1Ati0-k z2`l6OCQLX8|1FZ~>rR{S^qR$qD^FO*!1w=?I?_yEDIUS~%7pB7rPTAQKf3mlZ?-)1 zb>!f6`VxO!W8sH0s~fGl`z=Sjx9T2moO%6g%f5fgKR1~9{ckt9@7$@cthVf)Z|jeL z`iz68-M>-&<@cTOlWpHR`~2Ktqm#Ed_2_4=U$^g)LqB-_)$%jN1GoM#+O_GuA8eDp z__u6On0?|-&#{O#KgIQ@Ii zPj9+z`%jMjH1h0r=|hh^<=q>;`s+yFaho4MeWgb~d1~2~sYCy<=9f43wLW~u!IyTP z*zm*C|9tGojN>2r;;#H#$G`Z>Zyr7WrwdPcc)<-5|McI-fAZ3XKmFAK3m-at=~kcr z?WuR~T72_5iT&nZef$m=z4o8Y^8eaq?XNaWYGmD5i{^|}CO&`Dp+B6oWy=-i?iWs)e$~St+&A&D zD?fei;AO+9vi

    ySUZ5xe|@x})A2dT8!_zj|Y@omO4kdRXeib^p9i ztZg{D)6Jhh`t%;>9(w7;sXv|Z^1(0MykO5unhIN=`sUN${9wl;25)_C)Bjy|`9oJ- z{lHc$U4O!T^YS}9{fD7k>vca#fBn+`_PKJa8y@=0mWk#kZ$GJT-!Hm;b!K|y&zJt} zpFe);+Br|Go_oCQAG`m2qt=b%C+8b4soUwOg|~mP#w+{nap%=nT{ER|pWK4>lcpU$ z_t-BU! zelqpOy%tS8XVbmzX>I!W^G|Mh_VH^DT=V@&2mPa=b=^rnjBfSi1?Ro7`m%o`z zPFdy1zic+Qea2P4y663o%}#&znqS@b?q}QoVd$$vKY06tADr^c8NVDoY4KYR$M0!7 zqUEQXU2@cqmi=^}@4fKSDPPS^J+ton2h}&ebNK$Ro!ip3)~wxjFHXJhC+qHYdTx~y zuKnKJRgS+hdQ;1^(MK;m?BDNXp1yhAIY+d-*8S!78|?d7>-M|c+x~->Z~17iO;$T? zmtQ=w)touYZuxBQGuM0ll6}{`^usrA>3i|P-OhjL_4WSoVAIuS-acXDmtWZ8;)B0= zKK1UaH$3^@k2@!CvdacH&;If!hu-p&-6GMuCvH2?c;w1!pZ0d$zTKA(#E;qFn=jw* zx_hI^7xo^o#^3iH-e}8?Xa4)t$6NgU!}~YcW8ymde7(l5i}o!~*z?l!-&yzO?oGB> zke}ZXJMOY6+qIq=dEw~zed+CM^$z zHXS?sfO+*7&1$>(&~-af54`y6UCUn<|8{rN^>;kI1~chQT@n{09Ns#AB` z|4--L{_RgM99r<;yZ0Y(;H!7MxAy$2pI?20#O#aDuk85n;)mav(^4pYT(|nJ8%=y= zp9|8HPHoxi(d%w%y{Dn|q$LZVIAP^A#$J1T<%do>>p$~;@$d<|p8NA(e|pQ?OV<45 z1H1jTcWmDWrY zPTlnSueuJ}ZriQ@yyIJ6ESr*j{?t$ZbNfe=K6|HnRd;Un2a_JEEd+pt)oVU^r+r9SE35WdpwoNmu z{pRI+2GTvJZg=2Wjqe{&UgP1LKB#|T#yLN{@TScdJbC5Z!PlPn@A^N#wB^7Hzr1dp zXFjS-`E;k#n-5yQJHFcn^>_aHy+;xkJ^syQGahU`Br&}9vC;FlzkRrR%E=dR-n4Y_ z3-^v3v-sPycRBB>wt4?X|y z&rfK4q_RoNpFeThrMs-!xYB8nlm7L{Q^xg$G?!41>+n0a8aPCE0e)wSQ_4nGNw>3Wh$OhZI_VzvBp1aeJf7^KU?>Zt! zZ~e*VYoECPqO0DoU#D%&sn2xWx%nM?{btJR2mIsitD5Hgb&x~un|+ly?TR0NJTz^Ozh1K0YkO3GQ9f{Z&o_^4St+vZ z{99H&qvhcDE}psC=qqpC_VNGyr}NL>Zq?V3*tGO@*V^~a{rZ0o&3@$Y%6;3Mwf-a5 z)=znJr&lL^zVl`$J-X&zr^V){}F!{@)e;)0jX*z>=2TRgqn!B7A0>;LR_ z`T=WKhu3@k-E9ud-@4N7Z=buxZ6{uR$iKEYVB)TYecrwQrN8}Z_0)__v#a&o9e;aX z)2v$`UuDCGA7A{$+XGi0J?G=YM^8HOz0FT*JAaQ$Up?U2H=ezq;ixa(i(h!!F(1fd?t9T^-{zVYocQ>{>S{~mxKKAX;UwYudg%7ONx%;`hoH=&(vxmQZ`LxC( zsyp`mG9LZKTiY#o=r40fj& zdFQY%*Ba<5$Y{;2iY&g)M-^nzbKvGswE@ALY8U;KJ3QUCL7 ze%i+8%B=aeGYkG@^8*)kAF0$dE)~c7rxrL z#pC~euy>!PtFBylXVa={TzAAjo*3S8{!3e*_5QY7@A&)NJO9p~SDA49Kks<iyjjpDent z?R)jVjNkm&`WOFl&ay?V>)!F!4PW(q@3X%1epbKN7Jpi;|?r^{>r%YRPxIruo>}Yo zm!|#k;1kzx`n=me-?QGB_2O@;w~xHJbc5YL{q;IWRA=SS{L^FW9F;!t_Jymp z&wO{cxlaz=+}E_yl$}q1<%HutdStU(>i)jboGaG+$Hz?{G=Dko_pgnu`}VdkUwQh$ zCw-P%{fyajFI(xppT^JKVb%dtZ(8`%6NXONFuCi!udQ<2R~ue_T-$jwj?EAEr!Lqd zdiJR;moGZ|_|;AvzVf_1Pdeeqhrimg?}EQ>`TfoIIV`{BYmW_l)BED{m)^L`v^O^2 z=+9U8)la!`;u&wf(sl7~C+zgtUyhs6F*4eI`=?I~UA|N6bB#0iyZ+k2YZfZJnNbh_uBZQ!BdPz zcfET3|6X0P^_e@rdC_{i@BM>&H`w!#J5L@?ZgpoocT47jp8Jy%_g&}2haTF#@t7?OA$g`@)>vE_rsPH+mml|HOZEulHf!W)I%> zpI^`a=)SKHT&v^X|99_WQ(7mkeB9>O9<%nooBaNdTRr^0YUZ;yUpwjik(Hl1J=Z>W{uM9(-!`YtoBhEHedk;^cjxD>+yCTi zpZwkDOP||d_ZisP4w(F6-(83Ao4Yc0)*Tl` zclp;%kF9+A4?dW8+SS`X`p3Oqd-JrPY~~pH&2~#@aUqY{|_BN;=d@S^2(~j9VhOSGAQ1c zgezg!H=p^WsFyYd@kh8qOnGHo1}qr;Rw)g9`dLVbR>cN55;_qYhwR)!K{ciR1zP*I z(sU2hEh#6^{5Bf2{Am)KGe%=V)31s};}j5jRs=ePFw@$RZ`yyV_NsyftC@0=xV5hn zU|qY99ut^bJwNFNSqbWH+`X_2) z&@3b3y_KdhJ0bWDuPxYTzoY#=pK0m_8uzo2saKF!YU-E)5 zRj_ET%EQfgGXr%n&Ety(iAd(;BBoG9}=5%y9Y_Y?wG} ziolo0FV|+s4kRy8?|3oya_@kU8?4jO?#!_iTdSn%JkSjuKnnKRgs?Q|x91lN9&L=$ zM}1aHk4;~&nDVQb5;0KI9LS9g_7}Op_-iL8j`9p+WC3i-LM}vbftOt}5RfFo>tZs- zi@+MbrknlkEK9d`Q07h_EK?Kj)r=|B4OxZyJ8p|$2;#By@);cC=6sdp%vMdTV3b2V z0CLf1P8#EL$G8Tr07G9;#pk=B7;V42#L>((bhE;byN^A`;QXaSk$*^rRJ~WIZ$5PF=h(YRPJ)gBvHPaD zOc5rWVe?)fb&X*TzW!=F(pkY*D4T~>d3GwT1Vs36_qa^CR=O9)m!MgG--#>4(27y+ zSa!SaZF-;>(r95!Ho9D{il36;-t+HoJzt<+UbA?`!8LY-!x}BLdAj}k#q)KS91#Rg zM;toLI^vC9N7H<`{fweO6K;rxQMYazR3s!x3yd)_O4RA=3iq4+@~eUQk%&mWIRejm zybW<8dv@mL5btT?{PYQhtT#E0Y~cHkL}KRP{KubwU3xLVQ-Eh}r*VKFI7R-r5GWOB zZikf;hv~bvv#au^jD}d^YG~_B64GxbiIX-j2ASVv&LazVok&UQ1LNaaEzl`L#I*~- zjQ_ib+~`yn3C*C>_DxSxQ;$Vx5(MA#0SPR1Kl#y*<0)kD3*_|?9)+qI_XPZrXR=xF zb9@VKnGCug>xkgkW_x?72H2v!Ot?>)%;o2qs;$wL4nxU_FxU z0G=u)5`SB%)POb zupg-UJqyz%SStCXl&*Z33UhA2evKHc-}0BPN7x7tQ#69dTl&@33Z?>E5b#-zs(xxm z6B5Md_5KFp?kOfh!rg|=3eG1VJOiyYZ>KH{G}U|u*s6(E*POt4SYL0CYcqq5v{TNPx)VIjAhPq$|+J?ov`7qCqhf_jv51sN$&?D%J8M8FB>mwq_ zp)nbL!G6su8|^2=p=h&g&RlJLhlR1Ly~l{MlHI|lspjx4t+i=az-Y4=X>Ch`Gq6+r zImI8dwitM*8Y9FVmc1+by|77%^!t7yx)(#q=2dd8(>Pq-xV4y_z$$|gN^2_Q(`mCD zp!M3pw^n?g!zKrloR%C0b(rf9fq=%}-ncuB?=y1St@=X)wEepYV$DZRbF0yZlxKwu z9e0^d+t^#TlPK7L%GTi9dD86cvr}^{6BmY`_W>!P5KRlg)0~7oXfUO%*7c&iNb`SRtSwYdXDi6WPNp4`31jr2D5Ez^wH4CPfY6P`{3OFeVM+6SWE}yxA~fLi0#(%+olu1s<`5`qSz;e zi^%9wWn$JP8evpKjkL0>S zn0x*Ua?gJvR$8G@3k!S9Q!(1LV`Ct6kzHMx{T%qf--e zsi=$aL2QqL?~rCQW$0w%IUA*qnb7J=FRkA})72Z6dv7$HFM9~CD#E#ceqzfu6%YYT zRWhAGSWZUu00GtYIr{3`FMVX8hGmJ0KQ_n3eNRpg^JD)`e+z;eVk%x9EHa2}l~=oFvbpki!@<*;9gC4qA=fA<-R%l&Qg~NVU{;7!SG$pjE~fxIPzRiy>R8 zP|0T3+&(gF2Kuzk#eJi$JCORhRuO-6dSnTk^F;{c3s?@Ldau#>A?T9qD`bV-x>|<2 zl9b~27s-SEW`yEF;4LOXEZN6^ENU&|_3zmZKrq6 zgt=pixjt(gEo66DEy&VYv9t$OZ>~&~+_uh^>8j9>bn`BoQ6D8%TpiB3l$A0}$}edX z8D{XK8EtlwFfUjMw%m@rjyHbM6s~s6?8BaRqG7`D1^cf#G~EE8&;mV=V9qGDK8qDU zDBgte&!JKyh?i%Cf%3B@4DPO#{5o=OPQe&a2^)QWU@B(u)lBi=;=s(EKcma|Zb#05avSLb+75ThrpBk^Xg(KE%w12@JUIgA$q!_fP~ehC@{=b$vd!rtF-p1!I& ztDrJu{g!uic3fNGEx-SgzNyjXv?s=a6*5Xa)Hw9Xtb2X=LT#2k%s4npGe`%bmr$}P zEf>j8*ipB@2a&Noo(&&TKFUY#==$AyH8S zrxj%9Y$QITpoT|YufkBtG;tMFnaIiZhYv98cMj$?RAsI3w!h~PE7)*R>+Sn#l-tQ#o&Agi%efqqvnp6+-4`PFj*f=mL1W}9@)hZ5#nj-hQsCh zgb_606q4606MmVF0?${@=ihi3RydB9G)^jT)jYsDtW$GqX{%>BIpnHczI#D9G7fxY zRe&D9cv`v_t6L^zftLlhvBZ0~8q)$y-*7@|hrG~+v@w9H)#P*HO6?CVVz4F)KCqMW z?zmaVB_BkF>oV%CrAnXCZ}IK$N_1R;%wk(RcIg%J){sQTMEt24v&PMR{`({So#|C8 zVG;OW!M`odlp)tI0+QH4<$x7&D1XDK@AB$EOhLtjLiUfWqpuiEKV#fI)O1G~ysjFU zf)W!JYZ>z#?uyD{N!l83g2%ug(gj{cAhbxnrGD_0U>kSNEV|V(xv{jxfKS)6!L1zC z->HzXgw11M3x5$+)Z;BHaYr@CJQA6CT;n9e*&qY8fCnU|V$E&NghJW4ByClT4M ziQF(Ag+8sO{krY$6;nHqXLEfxx{M{xwdHrPUl=cPP3iG9EzeHIIaYYMx-!-lP@lz>P_oRYuQDG<8HO zT_4(Hvo|+8b1RxSH1;xDT2G(6Iq*OYfah`G>0fvMi_C2Fi_tSz&DL6_BhNC??{u!Y zN6@Oi4~qucVP1hG7yZ1QH)%Y4@T$tNPI-fKtfxzfY;GET&Ir@*EvfQ4#>yxXG6{n` z9r|!zLlEKV@-1i;qOZsc@Cvq?^MG)(kv!kEm1%M*a)OISSJ2XJMjzC;V|Ux*MPRWA!1Y^+!6fg&N2 zEsM_86$M(lOp6gR7K%hkn+#@R+|q%bRfMFo?D*i>6~wTJzjHL8v%4UMHb)!GH}mRC zuvc)Wwn&-XLqy{n5$KD+oTdfMXRA7bCXrh$v{1f)cuS4rN%AxMPj=kFmP$Ao$!PTz z9T^h;bi%x2!F9;eoT*75l7S{LToeY&1PC*|?1yx{WUmNDw`JrmEMTFiAiCpxOqCih zD?{3JV}m;ow~nVC4$cgM> z3AR%wCl+JAw^IoG88mNa3my;L0DZqGhx_wSA%bvFeRB?pyf^qQ_r?dZE2vkC3?PB4 z_vz_Q1ap}=DDUCfgY^~#XE`^{=y}bp2^#RHsqJlY{65M&4xbZalHu64U&fQieLl{p zB<4N4mgKA3eo0KcHN+w){#mR?blV6L`q-6K04|A_0yI`@LxjG{@<<@htH2_N=r@5D zy(tS$rB;Zm&7uGok|Vh;NxIG5&17pN>ur5ki_t&TZX!RL@@mIDWHY1Gk% z`A$9OX?#{&F_OjH`Vfb7K??74N7UUp zf{0>&Y@;9+bMD=+Fj9duC}Yg5UZd5}WpgYwl$YGFODzj;x=2s2T!Z)8lmQDqoZ+Nm z(khtAcx+2A-5%*4P4g$~Kpg2Xn=;!LaxfHSh?VLOUNp1>hkLqDC4mc(#7;p8E9Ra4 z^%-ZnWb%pk#XsaM`<4CuT$OxY=M(Up?PepV!CsV zkhH|0Z`bD`z6GGSA?{V$8MZ3W8NAoxamvIH0P3}?aFpRXtZ87#9b(u&glF`BBEcvG zL5Q~HuYzd3vlnyL;2#f_V0$cl97B!C2o3RA$ou`+*%iY2!oJGw=`7vM@}ps=!lldi zdvogo%&+llo(8^eZv>iK$F(qS?=H0BX=1p>2Z*cd<^KJ+T(?nlJ|Vaa`Js>r_3E(` z9;oGrgAPYiT-UN7608!$UbwxIZZrE|)hEY*H(enJQCW-$T`scu)^nF<0hh;H!_c)x zqil|#2tJh-^z~-Miz~JmfDd_xs{Cw#@JQM-N>`*YV#=`Wwi12;fjegi*?kzC{(WVm zS?g1*%f;_)!jR=!_uV7Z_*F1>yXrR?%WOmKo_+SG)p4?XnHut;HM;e^fYjEZzQs3 z2QR^!?`D!K?YxxBNUFAcb|rDK0v_)keD7yv4_$(7Znlj@TC zpd*YiL&Vo%9|J2I7!t z6Yp2BNYOYEFi|rmVT9l1%9mc4xz6BzAicqE7d*ij-@usx-~$rw77;?+0LToT&@md0 zEd&vn1S-`8>p4Ofw&zvMg1A|wVxmCy({veopV6l4FLw;pLYnq)Jl?08GyI6o)gGl# zFFrv(6QiwDR)DS9`8vmjW$p<+?xsK?{Cdn8N|dO#9k|aQOiSCmJK#8A2()>t#_+zt z!if7Jzrk=OEc~bQ*&9pQ%HcoU1NHCQUTTjC0p9icV$VZNA$G8*{0E$c3>s$7%xwo> za<79>DJ5Y#>PuLF8{TkmmDE-&*YyT>5a%2sH{kjj$OQ}QCl>I^!apo(Gx%{&Bl}v^ z9>MgXHi%z+K$8W6rd&&YsS{lCJ@u4Z%3D8vo8IQkc4Ey9_dDNv}S9WHm4eeP-g=WR~V0Ko3$p!(S=iR;PgUg-RcpCH&}2aJ0ZJ{c>GsKCn0R|)1%+!vYr~Av z#>C>%AJ48^)a-U(RL9!>yF0Oum8DaLwJoFIiggW`(s(=IH#&63B#&d8T#`sLFQM9U zA*b34oXT-z0TFi-4`2aScUmv=xA&Aa<+DXPsom|SvB%mX`SE?7VO%YY-DkS+&EM1O z_l1eGE8u2|YzET}b#1gjVf>z!1z4YQ(t0F6`5R^5K0Z*s#*nYw%r?HkxXalR?f)5U zLwNlQwn-Nf+M!sC18Rn1l64$b;W45M(i^F%0nt`2SC|`9+FB8r%mKvR5#7k!QODXj zBEE)ZJ-W~5XKGUdDL^eCjviUYYCDYJDU1tv$85E*+P#n7H8&_Xl-aPqkO7>!Hk}Re zduiD^r2OmukQ?nl$#ab$2{7~K*F78?f@T-s1r~bG-!uChq zYNpsa;4pFx&dpwyFLy2N(PZ-@fxU^4Z!T6ze<-GLuyJ%Q6?q;4s<(Z9T%3U}NJ|!s zq7c(qMEZXEI$M|rwfGj9QQzjM)6>ddLr7%RQeqLs8IzKVjQ@S#wK6?UMgyY$jZml1FE)zhi#+r zpA&#cism~sR4RUx`O{s2oB1RUkKZ>;hdFvlSr{4cP3`|jLA0<>2_~pK^RSCobkGW# zCb)S9$99$VV{o6cNP(0nrTd?uz|TEC!+bZ0$`^5>NWb;hNQv=JsiYaT7g?0C!aa6^ z9AklKsK_%iI0lXR-|k;#F;tJdgpqlRR?mnmmAT}GQG4t}EWjZI=O}9~Q;zJ8Z(&b- zt^7Rn&Z@-$wh(kL?5}G6-o^cW?H3wY`;a&dE!eRr)3YymTAM)1!H%IG>xO#;9)qZX zOK~57xaO!Kn!6TtJ)!z4tndpOb|8__zzLg&q%^V`aj_y(#3?z?W2vVq+Kao0)b;mw z>1ELB!KG8Al35epy^CdMn_oBT*~@cdx}5F_7mjj<$K0J?*q?Z~u2u=q?vFOtCokxs zU76(M|Kocg{2L)(WOBs>&;=2~xxuus(y z^Zq#fa*LcLERq7$oHvg5o^Qg6zOhM^-7(|K?>Ss zKaBB$BRUiLeJ`VYJrc<@nVI=wa$H_v`{$G z+4cDDFBL=Mu3Lu#b0rm1!o)Q04ma=yZ8P+V$kpdIVfVKANHvPdN>MIhiTExW(`yVP z-|VMHg$a(TtRkoCmk*-Glcv!_U$v13zg@F^#K*+%|8`nJGru0;76`L?!Fm#(isas~ zT%@ieE-oB$VG|~Px0^(ghv_(>J^J8jb+79U2ld~=V<@EOY^sRxrzM|tPv>qqmi9v{ z>b1S^kA4~~?A_28=FG+rykx>E;o@T*nM z=kRq<%cLUwf<- zKh&MrR!wn?VdAPLgU+78pHtkCPNGp#K^*YlB#fyB0w+XQ2#HT`;Nc_nFD6Dfs!@I| z!uG1W0?kA{L$_iu8~5gc=c*_xOHtSVO-!3^p=g65lFP$8szE48LRz6JECLOI{5KG~ zgZcrbANJLl;Qf_&XIuBA)}IPtvsYK|o|c0ux{oxvf^R{Js{tv->V%@|rp{d8#dLMM zcF#`N1s~0)%pcxptzQ(3TL>bG$E*U*%tl`z9}u;)Mu~+v@#MSpNs=2tKgY9YA1t@H zLwO3r2q0`er&|eG_G64A&f8CA&Bo-OcS)yKM#d7u+E+&n!~?h=ztkz+8Nxh;A_^4; z4T!t4EDSW`ECG)d>9BpaS*2iKohlgd-1{Q>ukT?SNqjA9pHG?y)7&wZYJjx$>cCIK zlGSo}h4K2uYYI?*UYr{8@D|XBEp8N{W++V96!~nq;+%~3G&ug~V0=aJGS{QJ{hy+r zB?1;CMSo|gkQF_RSoQ7QaitN@z!k$DjbKVX7bD1{>HWR5o4W9e$Ct9OR!5}!tIXNf z$m=137n7?;^1if7OKxB&)-h>6wldIN6)O?2e!?d@$Zg92)P&EU`FB|lGlJogJw^rD zt+dBYP+}>ZaYQ9ryX|o<3JO3Om}-R>(_k{ypvgv&|F@o;zy*CIl<%eC%criX{(Mjv z&yCv5(!7OY&-R#ojUe0*{YHp)QlDeS-w>|3r&t{imFKZScTh65jr$2`IWEe`-Ox4^ zS2tig{&kMtdUMRPNut9s0i@PL?$<5vYKm~Nl0dzvievAGTR9uHnKT6b!Rs7p znn$G+!NZq;CE3X#LhpwAw_T_*(;O9pz-YbRw5QPBI^qg6-ZB#{~ zM+=U20wDQdlXD^&V;#y$rY{}oYWWSXdg?b8_L4&%Del_~X50{g!lEX5^K^ve=dyNC z7z8#kBr@7|jLY6mV<%ll8jrTrVPr*<7pVB+veQk&Kr(&w5U2&aJ- z z?P*cPparDA3OY`9gW`x#vF5lrkU+vV7&|njJZE+-sTfrPmNIz=R)mO`-=ro<{R!=v z?>3RiGTw8(jNuwm?a!!`YGNTVHU>#VTA=1*F1B=?Ml@RFf_hnF;0%nFk1R5fiMoSI zgc`TORk@|`c!lcOk=X4m)oyuoD*rs2Fcgmk^vqovP0~=EN4zc%Nu&z;rPcK26%+$L z#P;l2B#Rhz&g*1PV6CwSP?MhiTx`prGD6_GnhYrWO_T4=&@8BSs3uPevpHG>9XRjU zAAe*I5zmdKGyM1Fc9bL7cdU!inilDfOj!UsN1&gs<2jU&t*WS}`Na-26#Ro*Rse*E~q{6r#C(r>tO~ z{Yf(1jj%=vAV=Lx_=laZ1-P)Bo0fFm=?*`Qm3f-PPsr`mYA{uK{)~6w^S3I4U!x4t zCW5GtCq*t1ZCBr6vRPjVdla#Ek?-1s%WNi}mi2~iwGELQ5}5Wh0bu3+^rGU~7`^3A zZgdw+<+3sg8)o~g(Fry|Yc!b;&KLXQZu-0CfWW^0VP8!w~_ z7VVn!M>@Tn@!;K-wuW2RuYnQZACC&fvRx1($>$-_|1F0w%k^9|gQGXyO)V>0>IaRr zZkK>teiE_jxPZ%NeaJvX%{`|)iaXI!Gi_*ua?d#)=Ae@~2Hw+ZuwL|5<~?R9@E~Dy zI3H_WA2Q8KXWE;)xOc(N7qD>$?yJKVcbENm2i!;3m^1Jh36C^RiM`&U33crZd=0Z+ z7qRXA3+Y=f{*?`a4aF#b{`}x3aLyW)^vCycgM?Q0;V!wI^_yP1*mj&!^j%wIR1Q7T z|6$VNl%qQHx-_F+%8s~tHZ9`*Uwk#&T(h(?+yEStQN0ufHZ$O}vd_3=ze8CPaF7j^ zj{Hjk&C7A|x_1=%KNhUGX>xBN4!S5so0HI=2PG?+6?9OEfm zvRV9VizD(cuS?Ci zxelswJh@KZ7h3rM;69$lY!!XMmPlHV=C;3iYV+Oz zZ*R+r?%|J<;y;>NV4r!<*z+Eq7~vZjD;@|!mJji$VjzPUTz|w|dUGKO?Cw}>KFyuA zt$|G7QMq{s{gdCsQG(;BLkq{qVf`b?NJBsg6tcXfE|a#i68@&ed zkhNfvPGrk#94~`jI`PCLI>Q4l zNNf;QBEpJa6lc0#)3*C$rN@^(l#U|nQOV@o%2e=AysV5LgeXo-W)n7uVH&5HYyUlM zchVaywhl5HhfE9Tb&Sz6s^#GH~MbfGmumoM2qw}M-OuNqJolfA#W_?+uz zJ%tDk-(r@)_H^+Dl72-yX{f3H&QwKXR2e`^=0#LvuMX$>z z4?6c9>!#H8ytzQUY!~v^ZVd>6x_pe1J;F^VDSoF~rUc#dYGd%;67=)^20PfzD0J6; zjdrq7!v^m!RcpOk@a!X53SxonhR2!7M7aJMqB9Pfc-n?6eY2S!Y2GB)^Q zZ4Gb14+xT7uZRZN%ad)3>xqod!^Xj?aKfJ$3LXa`R1HQnM_0%_Fa_APYc~AAboxhX zi=+|DU4Ps-Cb^ZLrVSA1g;;+L{nP40dKFvGF^_3Sdhf|07LWeb1-$z9P= z(6|>hT1qz~HhZ-%evLo=^;9=>Xkbf9sUyq6-k#%WE0kXmRo%@0Q$&zd(kY7w;!f%2 zr#O=%^K69h_d+g! zzXhiI1(kEf^nfZgRojW-AkdfaAS{9Q`&c%-@2M*Y9;xt-9$?XQ2nbmz*%BmF>IXS<72^ zY#{;zAFv&<8&Q{4pF1JUTjfgeqBW~pf(Bo_&y|DcSG|q`F&{ZuN~lPY3=G|Fq$BK{ z>c8v%L1^z$LtLL4=l?RD9)8mt-ssr{*nF|hBw`*FHHF^|@hOX}1ZuGR`NpW+m^-D~BXpVv6a;*4be)DBVLXX;q-|3kv$;4g~$=jc@_~0M%jtnKx7^pwV;3O z+FekB!rs}Ks1Zx$BsFI^$asMzW*hX|;5#=>RwdS_KD6?JtUn_{*k^ND8!z1E!=L5W z;XLYQaZpV2PI{CLFVjpCR{#OTv`d=v++JFp#VOns?{a@0^4HvBG){?t{}Ui`t0ZCT zK7p?Vl`$pvmKUrKm%pCq#d5RN|Agb}`ZNf>Y=V$&PRF7$;=-al5y)w>ZMu#?xkB3g zZIqgDiQ0fP4Y1E`lT#!{0|{!Op1*7LLU5)9+l;4DH2nK|Xkk`GdLsZ5M76PIU~t*= zS@wDv+oh#cbQ?@Ig=F#6DIiJ5{@_|%w zdnV|d77!|4$Mlgw{KeiIWPvB#(}~f;vvp4+3R^8G@?XQQy)x(ZB$5<- z=fyiO;D-xIa4CtnzM(?jQL0HEPAl&DI}k8R`j?0vQWw3%H;L!yg%H=1`PC#52CS9* zgGI!_rU=KIi{7FlVcJc+tb6mD<0-t+vLw773Ncx&LqHr*KQnTdD0xo~`xA zCZh~w|Q^n!rFop%AJ1UtjP z^)jx=NW;>?5bt2oacQZ4W>|%6%~KDBzGhw%Pc#TUl+;bsZ01APr&w$@{GC|l!&-OM zs3pRPitX4tS<1N|=cN|7$WV&Gt*yS7-IE!`x@Yd;z>@u#gr*2tyYdub66`4j9t#C% zd+M@!^ZGg*)=OgsaA9mBM4eIk8mk&~c{EDE7iai?GV*wi1kB(E^fPm|Tev+a8Cq1o z7Y!n)G;JR&bkUw;324}##`r%RS#CKs0?{n^`NQW0y@^AHLi;r2ItI;Z9`3k6_r%vkmKnTia+j5fUlK3)|8E219m+hs*`V<*j z8y0Fys5^ym17Zh=&%Xtc3MMA`b}HGuMQjo=JLIrVjEV-ZxV$c_69~hDpU4Mb#}0wY z7v^smFFo^1#@JD05zwI*q>rc;ki>Q2$ZVJ8>Ra%Ft&x5(nujcWK{;q9Dzj}pTJ6)u znrtmM516xY_YGaZZvH`ipCsO*K5qUbO*-+wE~)r(D)>-6?~TLP+gDu%|fMV2+Ly97Z#wvY1ue z*wz|DQ+Zh+P)(vzK=xmt4WPV=o~t2AYroU4OdTojNrvpY!PxS59P~`EuWE1*M!`HoXJ$NZ z>pek2%)?|KCt+rGh)b;-=AL33`7he93Jkt)8RvW^m@9?TF5PJHFj^qEqVVwf+4^pAdKHydcjutN z30G@3Kfxs_dg2Kh7U9OOTtCCKB=FRmAhFoIVGOyYV34m*UpTN?jaZLqUQ zS-`Tl>}2Pk6>G+-T7$tUlPz@4)T9{&^n0AnAT_o8nXQ#xi>0}YANWDNS5q3tD&`N^ z+!DFLaL3l=QN}LLVNb0kc;vCwoxN9r}NMNPk3uEdn=wkSV$sEjnW8MYHpbi8n-zfrOg@kuO^M6sqi%a_l5zCa;a& zf|fe3p^#ykA-)Ra^#W+Iyx`Uk#{n&3=uPdOI6yRWh!gH)kfS#V5+SH$1x#OQS; zGajAavPG@JLIy|&K

    wMbnS8hH+dy9kW!XcF^r)EnrcELPnIA>WUiH>Kc(*L67CJ z8|2?5i1+C%ccV+ECn-XZF&SXq0W~*fr6+aI&qq-~#3NMc`46uLhZ4xc^FXXKb|eS* zvem9nsI0W6{71XvV?yPjM9fuQ9QXJfK%Yw>o<>)e4TgRmHFuRF@j^ zu^Peus__D;p@i02Jshjeoku7JG=fq}J*DisLv4}Cr@|^qE=o94A4F`$UAv@+7edOb z)>c5)P7Xtu!irt2wBXmL(P$=u9e~)RjVezmJEY=AySjEJfnj#pAPd}+yWUi?g)^C& z>{$@q5xbG7kczb}WkMd(>kXOx#|dsHvKAQxnRZq=B~B zzvBLMMJS4b0GKrF?POMMX=}xlUWj?Dw?af`Ep1j57RuSj>`d|b?7BYca2OVZN%ib` z-T-yMv*Gg+4SR_j=x^hNWzQp-V&f@URHtzve6qMn*6vRj{qmn@V~`e z%aXi1RcS-kIY-841~qTx*dTs-Mf1bqC#EX~3eytHRx9|Nn37G6s2y)ODhixd|Gx6_ zFh?#fkugF`Zr)Q1C3b&K%Kw(X{qO+UxT?U}9t;x1Qp4!)M!A5IriuyzRB_?s>xlmT(#HNkg>N}ain2yy|r-ciyl^01JieAb1en{5w`uiu-<|31BtcM} zgQRCUP=H}~+YhZ=rjUwIO($1uWCC2Wniv;@MqX?Z*`#Aa(ewdk9dz?S)!M&MYdl)g zn7|GZox%6N&(cT2I495A|MZ<;-FSNf*1UunF9HrDgIR?igm$*7u9mzOLS=ijm(n1) zxLc(fcVPK@VK#cSW}bhi&K)U-Xe8Y68Feoz@^j;EKh&FS2q{>v>UR`!$D=Uj_6IH| zNVM|zgD6;9Ke@Y!B_ds3oyIZn7GlCt(i0|5B{@+ebErgaOQ%H4{iMNsf^9pm4e*!ZlII)ALzM;fW!CIL3Gi# zxQ%Eycf`_g&;Dox0i0~Od6oaGMu5NMB5>h5;1jd-76qq{;+d;(ALeP27>~!XYL_Ory-lCX1&6qa7G;VwE)rh)wX87;2I1=0jYueT-Mn@_{8rW`Ycd{2k@ zgnv-~2r@&c*~p;!Ozdt(XhBaPd3Q;8eDOP)Fgz{M++oqPtnWg9n%(#PN}KC~%mlMK zO5eS>(A>DobB=&svu5+2LB@hF(X5silG7#}8R>lHlYITxc^3z;rE~&VAb#E4u5_fH z_ZGu*{qInWf`|&h({%S(sq4WF2H4AvGB7(hJ~U`Zz~UjOK~f8gB+1iW$4*$8nBY*A zLg@YxO#z;x!BUf@Yk;DWK3+6lCy+ygxuh5r)(y~?%M;8?rMojYb&vW!wxT&j6&MT; z(epKo4J_59B)5oL&P?8Foze@J@ntlmxR}yUY$Q-gzis3N1~GVTwt$a;`m_TrM1rwr znqC7}XfWf4)f02C-34bjL9Qh_ylv+$YTG3L)ol1+l-My_4DtPzncA%Ce-YR)6*>Vs zVVjwNraA=sYBhOKy$9NDqYZ&JNGYT!IOVCGV8>G@0iMv`$*i@T|KZ*h5mjh1IHz32 zpG~6h-q~F$s+fwne@%9twrtsAc6f02>wahR3>9%3ccF7_(6OgL;uCoZvG3FR5)hOx zDjC174vIC^w3J8V?sg2+Wu08{Drsl!he@uCcdDnAW=_fLufVt*ir+G;|9zQxNYw}RRW8+63E1l(I3x_>aF|@PZRzE;_F0TO+t;A~-`){|kiAepZG*tuCLzWw9GOL>VX_A1+~j zZm-{~5=N`-`gYRM@pAGFAS|pfmS`bxbP*B<+Vjr9fS1gr@So@oX<}T1LQNT)v+kJJ zxDpamuEMnrxDkQlt*x^D(EZ3Rk~20(v({9Qw-trD^q@}5nba9WoAmqc$KaSEU*9vy zz-L2i6UIGy_=p-&v&JA=S^1ZM*{;*!*yj(AcR}PA+}Ysa^&S^oVIi^l_o8ET4vMq# zS+AkKmO8K_Z?bzfR#djazu`ESR~0 z@89C}G{>a^Eo^R5BYBm7pg)D^;EWFu5O|N{|HPIh4|n7x77XSfD1tL6v9vnEBFm`S z!FQI$XA-I%T(upiJL@eRTjpTiJ93}#MB|FtOPaHt z$0Q0dueP?W{~#6MIK%|C{Be*jWh_Oa^i_n{fzf(TjjpMsqMrb)_QHt<5aGwahF3XK>*)B-DEy)Q;y}i); zJ}wz$oz-XfnRGqM2}I^?;RZJr*flc*XZ<=VTDCYH z{^m4$+&&7nVe_}I1JaLT? z+KNH-!0^*paP3+cW&aYBiY|XOjx2)d+t8G@zygas#*9URMc!;noBlfUX zxd9teQ?F@rkv=|oZP|N^;4`>uls^5%2UrjD=tM(BFw-G9j-4_1@+@cu`yC>_@3$Ih z=?6(AM5psL3%6^F<4Kd3M(eoOPnG@Hx^ni{z1#EF2OTf%%zvu(H`q@Gx66m)SPx{= zsFza(ELrSy*LO$+#XiG;1CPY{vYJdBdNuPO25;10Z^fylOF5mlCmc%^z_2p-H4heP zKQpe?u~=vBqjy>GTGZxi;|^*ag{DDZN^)2ctQYgUkVIBGtaqACyjB#HG2E;AN3n2O z=~m(n;L&Ui#eDd8{;=s&r|2-U6(C6u0*iEWvFmEhd+&}()zVRiwi7PjB5>=LvkWe3} zwCG0bi1VTO$5X-u23v6bxta0gsk4LbF9yLGm07XSzf0~hK}2+baOK{iWDU$H?cF^= zdZK2rPo)>^7r7DS!ZUQ#kQ=M@$oRl4{3qBeD*=3@5`@PJ<;z;Ddn1iRJq%ns|A9}O z#vlFmSVoIv{J*TpSa*xEk!_L)q7}I0@Z{7svmIwu+)~>I$aE-U6Z#C)`(pVN4ZqUo zOnA69GZx$u{F>I4jN!gp*5eTLY=+HkQFV^@uy~d_z|jbO>bXb$cC_?A$8cgIQp(HP zjrT)|Z346Ip9imGCH#6mREDNTFWrY7R>@)rGT%xZ>eF1eL!k!Y_E}^v~`ml1T1H#Pz_EsPE7KRmxg>2_6 z&%)D=m|8U+$*_@wVN0FGlvO#ly(#R*mnC3O8n*$i&!1bMBsP^mJ+(=a>X5GjGMla_ z;-ngKC95Y(qZ%F5XQ-cvp>C0kEAA#=Ko4+AP&W_Ji~YB1p5cxgan4{!cN(KJg0HLA z3S}cs?To4VF*5?SXpU1R@B7gXTQ~GZHHceywLhch2@w>_M(Bjvw(6toz`RMgf?2k} zZF{~6R0qp0p9vVveRv8LE)hr4D%Tl>6IT-n5D-4MWw|Uvr}695c98E&U2FywD9g!; zj1z2YUX2}9>@U&|9xu+MC-tWF(<%FP$-H}&&oYkj4a}hEn!B7|2Uk{X@Y#2drCpoW zC25RpVQ>!vK_=UvY{)mh^&*4|@aY-+@G{KD;np4TwQoWuad>Wgq?<0oWJith#orFe zZoU};l=wK&!1gDbB{#{TA|kmi)U{03U`^W+RC!o?B|f2@uY@8*;DPQZaTWRf077SM zAWCLiqX$YcDzHOuab9oMXpxEhZM{6-q^t8qB&?XVOIw*6p3VO!lQjjQgLUO5;5ko( zhf&=k+6w%Z7)Kat9hYjHn&-6H@tH4}3XO1xPp?R(HC`@jJsevG+#^|%k77}nj8WJd zZMN65O5%*QJe#;F7Ba%%*58@L*W}8P!*AW#6Zmm(Pu-KEUD7MlX4_6Oy)1CU7!)ah z_fvC`^jQtu=;vi7&z3-hAa3e`0U0Si2g_^(D(wF2vV5xDVFS|08+g((-}~((mUR1o zl+h-^+}`&Qe!pBeU)#WDMx(8Jj`wI3c{+P|2Xd$BqZ^yD7ws#7-8zVcIT0B6_>BlBz+kFp_PYN%n=>5PZmmRPDDG$e2&ynke;E zXYCn@bP)wz#zBfIR&KgyJ8yi!I+8#0K9(E(SB znjnMzZ?OkwP#h0T^&MAxYvdM%O?W zU_L@y4lWuh9t>$7?i(p2O<&<)`u|fcJ{xE=lQ)-dPf^2D-Q{%1z{X-M(gllJKoIQ- zC%T&Unn|Ot+5)i6dz8Iws~jvIu;%jS!si~sy$DY;C5uD4-X@@mSjQA$?S@?8u~uzS z+3LOjn)j!$<1pB?eN--8w`oTV@YrVU@%SM(`|zS6X26T^skS-|_ogKr7nnt|<=ZL4 zsM<2e7&)}H`VeM!63HX6MGLCECZWO50Raa+%$^?l79e62FZ7$Hr}!gtS{@bDkIH*? zF8r=!(hg&F8tC!7vF19a&M>%rr+}CtAzaWN!ji& zR~0nh|GtrVhhIR*wVP(*s1+9b1s&k zZC{6kESM&~WbVDG*UrlTr%|O;y=DiKyp}iMScXdKBXOz&_dyoxSDN#4RY6(;{A8mi zD*{KT34I!Z+TiX{A!7kBTqU}%Y!^M45#h$?M+JvR?cX~us=D6`Xyysq9xE9 zIZ%|F6E29 z9OB8?+ancZ*Z@K_fvNd~p1bA*LBMaXZhbnC1#)zY_u~JQ=>SSpeRDBuVr-aCIMV5R zRQ-f|lH{7D&C_9`EQ}u9XU>sqCtjt!SxmNb&HJ_(1u|9or$NDcQ@pijz<^V7zFO2U z#Fg;5(igVl#kt!wnu&~VqLX(G&5j4ehy-E!TpyBoZswPpV8j3;pG7V3icm7^ArOhv z{8`p(&W;;$TLVx4S$1h6wM^I*)GliKJ9U8eV|IvmE9CgAmzq#`X&dTT*BM3)?Bb#9 zFO~5zwNPM;!VUu_*^icx)Kd)>A7U*+pow4p^4qR?LYUcwv!`Nl!}4K-X!`#9l6(#2 zt5Cf}ac1FNP=uUh*@tfPp_B&b%#%BPKiR$2j4*}R7G`Wgx;G|SgG6m9DsZwgI`DBk-m;sWh#CA5J zXyBI%VNhzHtJ%Ay+4^9NWop`-L^(B+VK^E+4x$-`gxdZ}5H?T6mF;B!-!~+;dlwPc zzb=91E)`RfXCUPK)kGgubJZB4HFk(S$^|PgHTk&-i;Hr(oujIt$0Uo(+iW#AE1GIV z?9=Y=q*6{8f!&=ifv^4;x9!JhWriV}zFm6rInv*h3v?D6-4C@*Iwv1gdHb+9V^8h`py(#4C7i+c0 zt)x#Nz6f4u&mJRsML?roiS+|=T#;C~i(_pPTnh6aeb@ zbnk8OKw!IVt_s+&Vn8BnK|$-Q05RUBya)mwYZ{8?U1|s&s@_kV^Te)Q)&K?MBuCE7 zV6618t0~hrY|prDnC#*GP?nb>usiHdMPPn6vZmBRk#bC4;0>!dy=`*!m)&p9x#q)G z(CAqQUaOK;X4O>1(jMqhgola5?>y;K_RgdU(+qALg97Q4kTtQZG>33_84|L7vfUM$jpF8IDxyj1jeTj+Lww}B^#O`Cp zzZ6+ySv-L`37z!l0h2=e5n77#~w$l#?gR;hKUZ_u1NG=mIg1Dd*DNie;z z3-gXc=Z;{?G3E)fa4gph;fFzor7iwhD<#+^$M^cFQ#CFZlM`uSoohJK$T70TzkYIN zvt9u5JW~U{h5Y?EHBZ@;*~;$E7x^`F2G5`vzo~oR8zt~{8n~i-3$syfo^ z2C_`N?1Tc0h8H0SdN^C%hv2$xxg)U&K%alpaUrn9Xv7?Wj? z_)eKyaPMWE6SLQ4UNh(4*MyJ@J&vOgMgdDNr&1c;TGU_$ezp!Qv& z$QqP7iFF7MIhv~c4pG51(*TNsq7%>lZ5r}>hj46k`rl z{7%?HQ#AskiGQ?@smS7JBpRJ!kvRQIyi-4k2vb5y@N%@4H^G+O3CUHIsm#^otr8}~ z1p~77b(fjUC9)A5VBus9-OIinGg_@m;Sw1-yUG(HfBn{~SeC-Nn{?6AS24JTq~qG1 zr{2ZSsCGPZrhAx6RIf@js7L^OU2Qm;|8r^)Zk z>50m1M|8oHCHcfI?LcP-2Bnz=asTk^4>3|op-FQ@Hv~CE;d8`4vv!$^rsjYM)AOoi zLl~}{`-&|vm8FY`p_NyHanPoh`=9s}l#Ku^oWCBz7kKl0sBzhyWzroB;@=Z{C_qQv z5p)x9m(i%`joGQlk0Y=~VcK#GES3aa<$7SmqUtIa>fiV%_DUX#{A~aGu# zsg5EbI9I*M02y8XU zEO@6)+@&@BYO+06Pmr11pF`=fATpSC&V~nDExy3vom%(#;Ud*0+D0r2G(JUSv;d1< zB4v=dfp1TeVo}!4iIE_oNR{+lGC~iQ0!i{Lntm0SM2t~e!e*;V@&s`ji*d=b93T4`Bn3n63dMd4>v zY!aS{E?gv8#88++9qjWGeN4e3ajH3qZS&QlVDMHZ%^m0&4f(lJIs#?<@gUYe5%Z@+ z7-dAq4{RTBVlLc=K1!!%sC75f64yFfBu8yiB&*<^>v{t(oIIBai}DL9+gH0J3X>hD zqy{z$UwRD0u&8lv4HZ!z#}GvPjxp;pshM5Ce$!58`17X;vf~xjLrXxMpj=W3AWPif zDQx70?2-@kt47R&@LUR~gCI_h?QP{Eo%XLY_69j#k_cAZi&xM$F;l9HmcKF^X+Gwz z!_~AwPT!0IY*g@oZ4-l(WrY;2IMBuuY9y)1n!P7H>{}uPp0P5mpQ#g(EUIqUCt<4H zj2>@wk_-ljV4|&9RNh~KW1(YoWKU;E6~okf`EP$g5SV+(2xQ&xUHU@bvy^825B$<053z%QIcmG4QB$vy_3p;9_X|gLfs9_y4q+K`rBhLv zt{!zM1!Nw$a!XX?Bxo=T@`w10BE`9 zR7-c-qc~{V6eP6rr*}J{a2)5!I0UiYphB~4ORJV1o`$%hvw7?>c+8RenbO$*UoVjo zQY{D;Zcp&bF^1!Jhd1bzFogC6?(A24ww-6m;?4VT0u|1HTOd@D!gIOXeAHO^ z5}_+ai9oX3Udp0zhiZW#6fT*%=R&eJcSTTEWzHE5s%f01Dq1FQawQ~Q-OLW8OH{O< zGG|S~NAo&2M%wPC%JyBtI2nh4qeYM;h!bJet8C2$R>K4FyYTl&U9U!>b5)l&nl^pD zK2H2?AvSxMFF^6#wHc?$H{J^nSozuZ&)w|rd7Q@q2vvfpXV`fjC*fm#GSf18e8`u= z75q5ie%Bf6-_cZlGtZcPeYXwM05L?+!scky@^#mJ234>$u*A6cEM}=tq*m)@0YhKZ z$1F2$0y1}3qd6{uT*s?YP^!MIGC@OKtG^R>eCR6r^%!$mHrb_2a$XP~0rk#%V&^J@3p#L0YLNtw=Q8xi-E}hn5j5*C6CY?0wto}|hpkbQ{!fwVm(M=Ks*}@#< z$~5%}Y~w`R4D`!oFS!Eaf<<^%u$wS_&@%t!N5LSnpuTEv$P6>|>T5@aLJ1=K6qmu{rIaiteJ=iVdU~By=vb)fJW}ZS;^HBA9 zU6ZkV&)kjqq%1qEGGT!+Y<~*O?t1;@S7=)oD%#KE6eEYfalX112$;FmezaA{|Bd75PC22@xhSLC~92wdW*7}Icxe(wBsCqtZroYH4 z4^fdoEPy&hP+Npxw{e=S+$b8x$mQ>>gNG$eVD6N{9fH~_`7#m zr1^<5oCE?`r!8w~C%lWq2qA(>R?tqD&Nm-Yao?wpCg>IajiiQVCOf0gKM z(&p%D)ct;gQ0h$>_lFi(dr~x}@^3|O#`nIya%8oCwr_lb_;Juxa#rc_f>H{95_~Ef zYmo^H^bL==W|y5-*Dt_oc72Gn4R1nLsxdvx$Yvzso9sky1O8G3fP+0Uv?g%X$F^M6}bPCpS$tN#djxe6} z-HhI&$noy`^*vPS)vRXFJ|#XSXzYU3`v`f#vH@Ik(J@KM(9*vYO_a^>JZ~L?K1WY# z>az*6r*_qU=l|cEHwD-0WduXa$k${>boh2$gL8+t)-c*hH`U!KBFGQwckFHM7_JX=l zSU698zamr|cN?H>Xh8o-w#$Eo9$d9(KlWLtnMpTrI{h%-eOPPcEOmy%uNxxE5dV_G zR9*1!Uyy7f6KfH)LbF(QG&8NijmC#Jti=%RrAEm}w}e3?X%{Bo@QSHhE@72Tm?tkM zCLVbPV3siGdU=-&gG+GAjyGh#jKumg&ZE}twSsqv4?DM|mF}`IzC2<5j1G*v*@C+4 ztx(Mc3@j{l9Ql61=U&E7mCafREMMRhp1pUiTNobv_jyy-nku>iL!JS;p|oCaHAy=H zNT>Q?2@0b8Xo`@kpJUZ2US6+E2H4d3XHt~0d}v7HLZ8G_ARdS6oq%4I&5Ag^{4CL7 zKYbN$tj0K5k%fY3^+0TgtaL0t`-R+VLrBbOl5&N#T-4Zv1cVe%)++~$T_o_6=3N>P zzO8S?CXe-w-YifxXd@ZPX_QNCEmyzV3@c4&Oln+QYFoJ`g(KeGIZnR$Rbl8Y`$u%M z!@Sev!SzI}_Odmx7pYh$(O1t;hbXcQjn9I5H+uAQ=(Eqma0oH5D&W=W`DpV?P*gh$ zH7hf3cuksnr*x(?ras;h+j1x~WvJ!@uS*LTF3{qaR9>v~Xu|<}c=3A4_=E@55d9IJ zSgEf2;N|Un9gNkTI;Gu~k7PrtvttQ($On<1^M>g=-(1nn;k0(f33$6l?-s>GN$`fx!~8VKKvL<2-v4@F2Y$oT z_Zx@>>pmJ*UNbN{X~bw7c7KK{2{MQ`#Q!I1YpKJ7+t^mi* zc>+wuT-7P)ciM4g$RB(B135 z@%(pTj@D3BJ$~5LK+x-|toyqPIfT1`R92;>4QOxI`wvm;@MnVq?8UO!<{Oave_hJ5 z4)P#iW4Ojl>$L=6!RjtyI!@I;YL_4tFi|D=g_Z|UKz!f2eMDL#ckO%@-Z>hEm?o-6 zjdt-Y6b+n~$ZRHw6x)UV>0~gCbuJEtP#{$#cH=&KH{r{H+}RY~Zbia8vDwy=Rt*-O zJB0C5(tRc$`bJW|NSkgC%G(#<+BgHdionARzBo?S7(Dg!l8;u_w7`uIF`uFHt{4D% zp`!^l zmxgIk^93p3l+_j8RyX1*jZ-aN@^#wC~SfG_r z5=UGMS04o}>Ir=$L%A?%^oTS&DsUBhL7~GJ;(O5MCu(iOeR7gW7$ct8PM@bMM>bSM z&(DuSixep+zjL)-WjJp!(7Bi01qxNyVOifS<%ALAdBm~c3p+zR*8|TahJNf5Gb`~k zPzD8&vkWQGi}CedBg`M&EbZ39Fsg%?Q~3`SCLY@`;^K4#ozl_92hi8q+&zsN!a74VAn) zVhHHy9?xac*CfvQDYPhn>d}c{e11RdrU}QqwL-Hlz={Lt_kjh@QqeHlK{K%+UKVIq z%sn~0ejH_#k<7=GlOF&_TZp2ha!=tpod{n0!Mh@g|7A(26ZgLs@6G#zjJhZa=@5Xj zJiB$fnAJYdhuHW2Qm>lO@bF?yloWAu+f34r7;M<=l4aR9hsxm@Yz%yCP@=nR-s`jb zx`nA6S!rPK&bF!glc10aikDxD>mxp3yE`j9dpPl8nB3`{VEINfXariv=Z14LOaN8& zqK0%T5ThkTNogps;&R8GjF_+x~3=p<2G@<0{b5q`DSztB3N zCCHdcD*fcg)(00@wi!SVxQ`wRsIFdar-#12*%WWXX9cxUu_c_I-N#pQsmaV;gfsk1 z=9{a86yKvV_z(FP7bx=}3G$T+tpTX>J21Zu9d6B{#VhwocLqZoSC)i%%2Jb$9TFai zBx%PYM0q=W+?G&{U6Wx7HGFSmmaMyp{Q1!a&8B-CS40a%zrMb z=Y1#uw~*rp%Hx2s4n2+auC}uCZbPcc`%Ds{-F{)DUs>B>g|iS$$|NZUtEunqD^0|l zf~UF5e#2eA-a(p;XpOiiA9Md=OxXA64{a&0$45U~6o@pEG@v3ve!7v0PX#3DD+Kct-adaF7I$(0BtL0u zcxIl5MSM{cpm0C^+)JUjBgSt1(lIo3iXw__5ggM599T)lCERbp$OSpBjmlH?RsDBf zxG5Wy%YE}^z5oAdKOoG_!(>}o_4<-8x5X=x2F~dWdb7hh?)dgbs6l%C zOj2P*v}ly+m%Nyrf+pE^DRyv$4P#P(@c9miAF$0y8r8nL7%0blH|&BZP{Bcx!~rDb1QFCz649kE9wa6~}hc z`Zl~LO;__wDEO1vYQw0Ep>qi);5kK|EtK5F`=`P{qcq#4y~m6ky!B6#x%tjpH8`X7 z@T)ke@q5|+?_SKBQ0)4pf#t%NruQj18d)niFqL;Q*kN|ot^o*D#)*rsaFBQ7o|9zF z%KA4%u3SV^ECEYj0E4m6ZM|OR6J_;%QJ~B{_^|zt1PgtKS96O*0N1>j`4KctrG&z; zgSpHFraUm=DrIhdCprx&`+%+{S6l5+^1c4$`0p1VmC!lC|0z`v99(l5l(K%1@WcIe z!THLCGwtG=Nl>$NRnN()TqzM$oXd~NyFxbxvxjLdWD zP+@w@57m-Bs;NN|2Q`G&HcGb$THcUh3ub4L_Q-z;@9y>t~p%TF(7Ie zeZ%G&^_+KTS`8gBIJWl5TNQ73Of{w51u>lj%#)}nu!+yGc%g6$c<9#iV;y^6J!BJ3+u69Z(|BQ^3 zrfR9ZKnv5L8Hvg^D`TeeJ8ge#vXkvN>T^@^kl2g}p==qZG@Tb`E_4rmPtr7ECeX-l zEK7znwr*UH@qCP=XT3$dygqFJ?2Hn?VieL zhUi{-?ii_fsf&+&4#>{W+;7T_ucKN3Lfc*SP<9hsS+_*Y<t^@e`Q zU9a~ah7Ol-*nBo&_m1f`Rd3?${;JgP3Q#EM6$27M_1DBp0WyZ0d4WtS>X-l@Bn5?5Yf_K~YYmdpOjf+k`u)iyJ%`8Y5s;V|MIslv_fuo*i`PtBrVwJzb?7Cn?SF>)pZ>7kW zs613wDAshRBvhEidArMeRIRT7Z*HZ?VdfOr8`hZPtky@hwy$c^#0gx_1B}-Sf@y#71=vgauE@ z6cgx_*-wIm5$92MK#@<|)JKN{&T(SlvAWFX{9ID?Fq3x?w*64lyY10>=2ly*X!d7l zA3waB9=FJYB_))b@`Ig$LiDl7I)4xO0$bIz0?aNA<%B!UaLa{AP84W97Fv(M!p{He-{P zE@qoGRC&`qvh~=p%gW|z>}V`ZmM`_Lr5lc4*aAqjgJPF&h`4*E`WA44P~YY>#HH^jOXQf4pZjInznx@x2s4!}uFp!oFSfQ>AAQVn^zu!b>6l#IWmN*JLd47E6F;0&IH6laX8 z(?SK%>VFn_*qf;U#o^#y<1vFZw-c`#=Dv~w*IE#4mG$sNiBv2WM(6E$(7+QMkD?ke z8xe|K!Cuka(ESUT+nq_}AQ$k_kkX72$DmxHQM)+>sI(a;F(UO!Z=d9yoI_Y&U}kh{ z{ww|LHj>0l8ppZhS6Wgx;FBmxZn-oc`4wA9i^$#Vzu-R&`pNP)td15?3NiIx1?9xZ z{O3yFCpd?}mBqODO(gA+74y&|h<(d&I?~IGJ0W9g&#ibW$@cxRai)h-<5~KdgIKpe zIl@VgqjIMdI=$+{z9vw)RRkght)mtYU9ac-5do<3!zA0{s}KtFZ}H*v4Fk`f^DrN1=HWDfi=K@Iq>7S}8qy9eKMt z{n5AdZ_vSc=3yt#p1;y5{Jo`sR(nX~I~7Vigr9)8cq5?`dI z`PY2`I=wc+Kjf%7ZqbDQdG~KYS#57i1AIH?kKxYsa5x_iYb(H2C*Yw5H5uJ|qKtJ* z6uy#pqc5fKUa{cti>r)(=cL(;kYwd7$VYpFy050RJn3y%REs6=q2*valYj+Xn~3jE zFIU+~l$q$fjjj_f`jOkgkBjV3RZRwuk)OK0OPG8aA&^n!M}RF`4T5<6v%vDDM~Pi2 zC`t)MQA)rsI9S$9C9slkZPh~k0F5h@PT+0~D{4D-U&?z6>%8v50oryQU5ZtI{OeYp zF})wL%|%ZJOQp=?kU>#1MsL4@DG_F|ZZ=Q>LV~>>PiFMP2iDh>mJzy5&bfYcbGnO_ ztfid@t7C;qN<=tT*R$fuqJwKG`8=_Y{(lMK3yc ztMi+iZ`UmzxKl6dp8cZxx2m~|nH@_BT*0afw0ifhLN;d?UMyna_k$}eNkzWLi2&*Xuq3(EqK(_2DLOn3H+BM{1G z%4ex*iDlt0*Q2Y*ce;DWL}z$F;3nLZf--crbVFnf0QtnJn1$o#>0p?M`6}Mf%S~dy z6N7$<@~zF?dv~;|up}HpKoFIea^T_#*1W**SyUnI-}naChKBPkkPd>59M1hPQ@Ba= zR>Bp1*<LXSm3O&Fwzq9BfQ4Mr2K3 z7d~p(^xv^Al6#7Gy3?V#d_JDFiRm*21DLn9kbVq9B2?IO4!z}w=|!k!g06;s*O)br zr#Q0UY9H2?3mdDTTVvqGcWy3Q0`z}f<7)e2klbL#7+Yc8_h2cAY~jnMtpI{`bB)sV zN-hT#l^rqoe9GNT?w8or@*+3-Tf({L>e~^8YEm>_1jpECP95)sT=C~!hzT1z{qep5=yOIaqNr=CKldmDXb!%4NNl*XIF{dp?<3N>bm$TRMcI0nGnG4bXQ0Dw=ezH3^W<8V zi-;sjmyddQH}i$fp%SDe(`6JJ@yePb~P|4S{BS)GN@+k@!O*4l(*8?_{d5JBx z#Y@`4>kDc*<79_}AP3u+GGg{6w3}m{+r+X|mf7v%t2@ic`>oleON>9)zR$uJl!^36 zXFqqJ;TU#}DgOUzE$gY=GI2d)6^N}qma_s9+q0Hu75FaZ|}zBaN*giA~wz)0OzbD`aAM5|KJ-K*1= zN;m;QJ45k--Lvb-PpfCAOn}Sh5C3S3kq(L~hKZ4_i1k`OUu^&lJY=%*NhtlP=pty( z5I*{YQHTMgiJ`j%ILN#|Q?pOYbGdRdxw$%NK@A3*a)XadQ$o1o;LErssp==rTW+ae zx1P{vxvC0!_3Z^dcpm$klh@{t;k-d(^K7a(`V|5~;QopFao>saK)Z>C=#5;>vt4Jv zVF{fOxkjIq794>Tnp_g^CaIw#6y!(<4jh9G<+l0k4xt z!Fbw>K?5sswkm+b$62m#;vXZnvpgyoD6|DysVZu>0*#nnaoB_l$i6#udaMpBJy>cY}Yot#-)<)TsEDIm1oLV@1 z5>UgQ(1DKxkfOn(a;kwno*DUYgEIY}q%%48xhw^eN?l#tBoDtQ zm?#aHzNMaDrzb5=oMK959GPM`8}*;xS*v>i@cl7)PLFwd|k{CbyG7>_?hP#D(6a_fe3C~ERtxNU_SrJ9J-8o;f zZfF}(^S!y@7eVS2(#qFU2MfENLA8xOx>!@=Y&1m-JIVmj5FSve4u<3diZhjP?#Bk% zJMV&>|KcT}7lBs`ez=@+R_+d$c6W1s1LurkCGsUQj@>wud1{B=d!Fpm5wTe12`QVt z2C!(})DQ>z1JO&OjHz;&RuoyWfdb#nao1U$u1LH{IG${Pt4vdvNkQ5<8aMW5co_=D zZK-%e>}Z{DAQozQ3niMFn|S192Qg92hX~@ts&`3$mU&VQJ-pHsj38)Z?@?P7G@7*= zqbm&i^e69N{vTu5yIyF<7V1!-56Osq$2p;85Um96>{k~#+uZSc`v@~XM4pCX(B_8Ka;Z(A6gcONUs z4r4|ys&SeK$EGV*)%F}}-G$HJHX4sBC?MeWZC$ zMv>2=gl0VWm~hQ>IC$A45AS)pD5h9*Nj_dx5Qxfl`Pw{=D# zqzeVG`Xtlq`JV(O@XW7TCg1572K_ELVfe}iP_6Q=DWANdsehXAL`bb!RZiD0B?W}m zd{MG|2wpK=)kiGnDbIY58Avsg6Gqx) zI4rjEP47h&Wy6lSwoxMvC)o;`9@|*sc9k^^2Fq70aAdhETZMV({C(WBxKKq5EEFSn zH!9|?R&)8a#4B&{Fb?-OkBRl-uT-6?G5Q~VCi7nsqkMlNxSmegX*ocQ67v07J>c&EvyjD=^;Il8m+ zeS*OgX4gB;X(Le@gu6myW`jETqw=5*=mlYr`g9~IRlB(a8(M{Y9(WKQ?f+2DzE>In z3hGOourG4i{{z>P-v@ea*hqpMMSJ5Cd^E7?kJ8|w?DiCUB2r??8kmC@X}z)YG&8x& zY;}_~yb}A`qc)R4=@Vf(UusG2_zq!u5j8n#)E4Du%1s?lmPANEV{6Cw+A+|9Jz(tu)zMu3Px7}I2pWLhw`Ix5T|i@ z#JIOa))q`!k0%BXOOW*rvr^5aVhM(CujfDWap==VHVU;Tq`m;ExYjz6&yWC43~x(z z)1}WEglv)W_h|dw{0=R#=7ZD1c|@`P#b8_(Mo)I{TISSq-k!#JbnOCuH4<#!aT!*iI zYG^3ADrLDuyJ~tUTe-uoHezfPVb+g?{Bi1A2eM0|Je>}v2PrZ2iC49|R80gSFgXS_ zPmPeS1I^FNB2+Ang^Leec(~oMDwn~O(oh=%n4N%I$IcBo{cA35&3mFz1Gw=NyGO83 z=fZv`a+P!E`e34?7F}6rd^xB~azw~0+3EL{%C=8a5+SU?^Fz)Vb)kML_FCBBONP9~ zatfV60Kdwr{d{$r?)k@Gn+PPq%Ceht-Tly*S}CmSHoeVDxsbR-xJm~;I;PiJEs`go z`a7EGLC}45Q}CEm3I9((%_S3ZkgOh&kP`A_PJ`v|)Hop*!BHO4BTN*!>~ndq=MBb?+9E{_ued6LZf{*^CxLQs6YUrbv+wcKlRU?OnKD$Nvv={v!E1o<_B3Fee-Mx7U@&WHq1=ED0VHOsDZML1yr1ZFNU2}Buw`7 zue)Lv4cL3d|7u@_dB-(h*jgR3m*M}Rbj~m?eGRcLvT->)_cojy!nus$6twZ>*jk zd9lM;C@+V5H0wRPNtt|I)O#ys%98br=*?3f+$KB1lzW4+qP}n?$@?$ z+qP}nwr$&U|6$g(s7-Cosf@^`MdeUf1beKQ41<2|mA8_BZ9E&|hyKv6TrD*u!(~2v z8nIJKrIdo{l-z+y)-5CsQ?B{RgN{Gh(SxIloN#!}f@~dezulYw0V|Wj1cw(L-G}lAFHi*_*~7 zJ2;Aj3YlVH0TA`M;*on-X#dlH3HugK5K|#U3kCc?v!-p-9)Zbq(-yBxx!IUk+3K+F zfZyHV2%!JHen*UQnm3z3&<18YclOz`>>h6|*|-zt=rMGA%mB*tsw5Z2AFY!}__Mw; zE+xIoeOppzdVNyjU<2#u{6##ZHE?pYAKlGP1Ve}EWnoKNV$g?4LQPbkkc&SPRpiY) zAO5uiSF0Hpiov^xXkxX_som2g12akHeV%iwiS7Tbj&oEb6BZFgKh%*?I*9&R9~Um2 zj;R-C_!0)Vnw93i+)mS zjR*gXZR6sNTUfxY0fkwa1V-{C4&G$8am0}au>iQ{Rn+pPpGoV90p?N@;Z!jMX=Ng^a_JfPpq&hZTv_Fv_kMwuWN$E-)p z`(z~RMkF^F`+nGQ#~ckBNH*~L z!o0n1@*36eTq&k2<=Xe=jU~f+F4Um<$f(zZ|5qD6e?AICA%LrBi{sJ z4%#I_F{3=A8m9~!(#ypmes$3yYTAtOU|^EaYj&01%2x}mnaT`RJA&ol#Ayk^FD_vw- z{Ybe5l3Y*XENFdA6e|EQ43ttQM(^ULbZKy!n-e%{)qE0RF&A{R$n^ByKvYgC&OYjw zshu9U(76X5I*%6%o#D4|zs?Gb6LRe>Vy9L=``wB$@X4_#(fjp+e3$ic*tdhKIIZoG%(VE0PS}oMg&C|X-W%PA zj9tR@)*X)jC|S%M2EntYwxB(Ne=lIoOQIjs@T9BZzWfmI7=#be%PKb%O@TwoDC%*P zz$A4GjEgci-qwDrLf!@`*G;S%~!N}G@^2C&yMK5M+Gtx3MA7I_wWrJ;*L5*v@|tD@fo;f6?{=0@G~B)F>32)+K<6w|H<+wAk@ff-g#I1$F9MVZwB>6 zR+|XoRxQ7?%1Qc<61~nSoU0>S1P8D~5k_uts4BG}i9AvOlwW0rP^k!k96tS0l;~iG zLv}8BtbjqIn{Tvx`r+Wh@iTf03MI-7u=Q`^FaEpDd_$?=jS8_KDb5`FOr?n0l!orM zkHu_?qQyb$liAeIUO1Qk9u0&llVgPbPIwYgS_%tZVf(c@sey5m%*h#u8Gi0~`l>)+ z$TMA!ZDW|hj8!h=T!3?-j{3q(AT}a04F6 zlg$;!dB!j>g2TdWf>|y{v!-lQ{*9n97Rz4Z87gzb3lI|s*6I_uxmFpEc1HtdaHda@ zy39TmVvwdEB!Xdj^@C2*ySnQinbHYBRk?Hs!hXqX>uDs=6*)U!Y%)rF0|6>_R!WjN z|DGqy=mKm{0+#9UudXV&UdzEJsx-;oM0u9}@o}IuyX*q5`94Cj=E+Qc1uWfhL8;;^ zbwJz2MhXvpk@4uk|HppLW&(+@w8a#>EDh2)rFPu~e-Cn?J5C74j1|kDjz9Ka?b%y9 zK`OYV`A?gUASQIPInM=19Q0?N_3fURlJkN#&k-eWg#RvPXUger&g23(j&7PB6!)AC z5u+^CBm*o%6Jq+U-U32SOaV->v=}vYWIKL$U86ql!x8kMUEIi&Ja`b zD8)~icmk47N%$xD8@U(!f79iOFGtG#tGU4O04vd@Rn1`>uh%FKNs$^FfS1-&(K~;FO ze4-y?oBo^!qSrtwcU(`7M6hXP3W?gR)H^4Koywg?WV(s zhw)(3RE>5bLcw{9*>X-NTzq6&#@9fnY>|}XLluH^ZaIis$zKM;ifv3NW;znHyPzjN zRk%CeDI_KBTvL~>;J+6|u%VGNeL8(tg}`HI)xQwoIJgX~xo?Ib zcaJ2Q$f5i;{B?#Lp}hwh^Tas1rg)p&yJVzeNC>PJ5|YfT7NGl>y$3JeDhRGN*(kH+ z#+k#?8!XXiFNRL^mR(P#`zmOG0g9+I&}Ekqcfm%fUNe@IJGdv*ve|fw#CiwIm$S(90>%wPeRm#sU^{R&(m6KunkJI-|{8!ms?{g)*WNs?_K9QTUm!eCl z;^yjHb`8uZW44m76I3?8{wYhJb9LOQv+MwlqN=WcLq4u|J!-^Iy{)%l=kVx*p9Z-| zh#l{Jjnfb<=O%?809@;?c7l|Ak1$|93f!9hM5o%AQu4~LT{CGf%oA)t2^ZB*42UJj zFBasupU4uf-bA1 zpOV(lib+FA2H7WQP>5_scn+E)dj=s3n5($ zv}C=b_0T0>WF_vc%DG7qiZj8XDd$^Te#(#AG>A1lql_Fo7;be5k?JFQMVYnv9VJa2 zYWySsc>s_W(1*bmPAg5+nIX-{k_AsHtl@e9CeH)6LdST30`5$IUo#X8_k|f+%I{wN zG5f~F2V=M{?;Ht3JK4N4Jckk4t?ore4CX1?7_3vvzNVg%!8Ld2=EM$Nh&k`1w^mkx>KgLBUHHqi*nfbR=y zW7OJ!+H(SI9lvxBD(r}Rn>S$PdvdGVBS_ls)OdFROe}lL!uq__rqRR)@s9w(WW%ED z0oVM-he&~x5Q%c}i0-;UQ1oOn$*1zak<8NbZ`k}Dd^^r);#PIl5(g&rE8pp%BlaIm zIJN>5iq3F24^_iHePe>v$krO2id&(ylBWEX-!VEGOIX}cBVTp-jK9v1U82yiKMsCj zL^lUfSD8=0p_fkX7gt3x_rT)%zVv%zx>vpT#AP0{n8T>4V->FB1eBBy+$eO~2 zs|rm$W;~u`mjm`yL+;oHUp5zUy!|QIBhA3;mR&*X0DUd*5p{BMNm=d(TBZ@%BH6ge5FxZ~&+UeeOV6fI}ADcq#5a2!|?Wp(ZT zCcdf6kcQ*{UqP;){XOTQ&Q(ppMv@bT!9B>cWd^pa?hn6Yn zL$9+mH7PB z4a!8_>&RwO+oJKE-YbYqMZ-pRx@2RB5Nl~a((#Edi49_vns2N8xc~fRmtsL`->qH} zf+{SP?1TV5XdHkqC)X9HTAp0ws@0LFiBcHvW#e;*gu#%s0z*}nu_9Gs6zBDMEm9<- zdD&mpi=v#r8bj2|4pWhfh4H_o!OR4*6eK=^eISIM;f zM@}}QRn)=`qLF6=m5E6>jm^2i{8M{4LR+5oR04QYkiT0w)kgW17NH+)uY z)P`P#VKkw8?MAlx=+3NA;g!>+E={YfQW8w1&QjgG=&zWPgy}fFU@#n}eT#f7l2C>S z?#t(+a%W4OpUU%)rI50heJCIS{>g~7b{62cbA|r^cfH!(_bZGuxkPBS>DE>aDSN)5 z-CP%+B#|HydiXM>ecXwFdu1=)6vB zAVf}0XvobO$C{L)wjRiq(W3u)YkO2+Xk-Eca9xsoPtXWLJ(l zpkNy&<+Mrb`7N(On=hjji46=yl+#~`?HLq-1UKibG%mh+>Ec}@3(()k=<|I4dkpqL zcr*&(J!#V~c`dZu(@-An-KvH?nvEPT?^nW40NZu_l+|-9S+Fp_( z%tp@WJ3$9FCKk~9Q;#0G@>(<$ZQ=GF@O_UnF`UP{sA>1$e2#y?ibyJ5UtPM_S0gH) zp6YzQC<2LQLXB_6AI54fDw1|0m_qx-VX;N8KPtS16;gv?c|MfbRb0Cx_QbK|S*;M> zX-Mnw|HvpeKmc#I#ow?nFBvTN|Cc>L{$%l8lK!y?BM1tf-RpU(Oi^|WKeM&q7Vh41 z2f&gbeQ~%05^bJKDN(w^7jq9GIx~O-VorM}KH%38xfjG5XHj=vPP>)#KThwBo@&4)iEPBhOZZO}2j=c8 zm}JI77_$)yxk=I9HNPYVq@z*|>(ae&Y@!x4P0S0%(>X58&aO#SsI|7L!H^f*e)NP4 z-qwCP_Vm(%_(-nUcU?(TLmq|L`UN<4JCJKPv~3z%?!BnT?52Dhy>_{c?U8NeAhZA0 zq19_?8>A7mcpDJVBxtNQl&;$sZQt!81L(Y#-K%n8x{Xr?MO6^3DV$_}3{H+Z4uCU- zs%GFg;!CBikvoj)K<(!%MRh;1s2uE;ye4Vcyo%sS%FTd5__#}k$OJCs?2Q9omvSQ{Yh?iQ^E4l=HoJ=QW>@q*mKDg@q{PzdWce0`KyAtGjcAa*ZzpZ}pRlDgEAk2p=jyz>H9MX*` zak1gQB>tC|`~E9S95Z?aTSh5A9A4Sw1vZ>YP_g6kFbzyFl@&fsP1qoqQ#6t#4MPqm>%t^s~VU;ADXMv$=)3JZcsW|lD<46Fx z)q7*ERT(qSe(Xny5t18ZqH=LIHgJI;Y=WXym`ZvR&^L?)tX_H)al3<^m%~9o89MywLOuxjAR)BJo%`nlx!uqmR8-yeKi0+?hg)tunahJqJp;^k#reS7{;}vb3n^r8M7W?FM zpV=Njg||PaC~)YGnJ{MgtNk0^dzN@mnU8!gVYCnl%JuJH|6#nzzkN%bg(&p9HgY}C z`C0kEY6xs{r1;r2qd{#O^liX{ekjC|?~s&5^LRQqXQ3O%vC6@J3MRJqpDB5hiSy1L z^C$UqypC6$X7lpZ6Tn&LvBV{cqF;zfneTD2v{z_kM;MBaM_pEiE}an_Va8b8DJyk2 zY52kUaT!gsjL2KSq{oxZUxm)Pm-ggir%5$CZ0ztxm5g()r)78-r1Cv%rxyM6F2|`x zx&9P=ylac{=dIZe+!dDQYnOht^laXHyk?cQN`Okpf+oqmVc?N;?|rAcda-m>eu4O< zH_#Ic`Qzp_D|o7pR3AD6bV2S0e^Oe{V1`f)`gRtV!id`3-lKWsNVVXktcKZ1yL zqX6?8|8AthrP9;H@FyD`hNpfF~2r9M|>>E^iYHx6}*r5#+xn=_=fuf-L-GQv}9Gxj00<5uo6L$>fNZo`b2L3rV`%`cLQ zXw43om?GW`zwDRV;>td|d10BArp2LC57hr>!&T+%(5551ABQ&4Y~;QAT%&7u@~yoVvL zX{Yyl!%!$nv}j(wZJ@=dZ{G5hL|(XuMSER- zCwH6%n4XFALRo>eiDBgu~_^}n@!}*sL~AaFvQ!~>^c?VrO{{i>UqA>b=|+B=_N(V z3ELNSRzxRSOPGpnfs&&a>mP?ahj|C?i*Y}C(+Sshdrece-lFL^o+%#1w9;i(@|c60 zYkms~*YY(xZS0~gS@%Q|I)nLxsuHJIQ`i9C(P$9!kdsmQeW$tY-?Z}vV*%!nuM|~4ygIU1Gtz}<-yFcRQP!>P1`u2V!Btn4XyYHUKBVtE4 zky`q%B&RsrehxX5aQv@?p5iC`NxjL9a<1~LR48psY0;lOkWP^O@awj@VEY+P`N@&B zBvCfGtBf3o8VfWxS>EM4m>(p2PXK)%0HP7MhNTmUSU*W^lwRH~ii;d6^|iq>>%feK z*}2u;*CBM^Yy)o@2X=^J!hc zZZ%wd&Rs5s2&IzRSw}!U)0r+P73IJyl%BuFcY0mRqND@F{I&TVPT#&GL(~5#O>r%gQ|q2&@-uT2W#OTNp2IBOILNNQQDuZ z`>pv@)B^Mwq2T{(g6hzx6YOf5j4r>V`WK_k&zyLsenc0^& zQha}$c$wKa3L2g_WZhNQgPLrE!ikVcf=f);IU3F^G zLP?1MUA;zG)V0LBkZmeD317=q<3TG9;TqVjs2#DVBDLT4Pva=A21&XHPC*Uz` zgG4!&5@?ibHI@U5o5=A~F37wFlS`N#^;|@g0^5fbHZ)Wa2iNxJBF~GcXFlD{KSJLv z6eT6g#e>7&9;2I9(Sa^$XL_X|_t?zObMnH%glXM&L`OpTBYBGf8R9i>9Iy$<;KdB0#Cc>|nh@xmzaNnW*Ng&;R>?jWbwWQ~H#YO? z5OLI=+gX%2`1_MultC3%T4nDVEhxSFCIw;>*p^oKzqAuB9Hl0|uVj+sR@}8|AUDY8TnuG7@?CF~-RtWNdr|go*?baCNfQfPSK-TgMZg8D}+$CO1BZ%oY7 z!#?NtX)0>{)m(nFOMIt7tuVos!)vmUPwj0r8IZw^6iN%nm?M%ytu@?8%?pQrmvL!^ ze_m`jykPcR9}0gCS{fMj@Ga&drvIv%Ig0?CAAPy+H12CPYT{DZCIEaLnBoRAZ1bXp5c0_-KePHD>Fbs`DwX>22g$I|>HRy)x_QF8M?VO{@BtRcYCnzK-R(*GNEx$LvI0xdm8Ac1Les0mShwvBFgyMJ z2|GP+HzsB}AhXGv+Lniqi&U~KkYl3@+^G$lhIQbKn6ipAOv(z=4XFnvj>*IKSP0~F zLQ1^J)1>6~Pe~#xzN~hS32bnd0~6h^`gCiSJ0WwsSi>n52D9*f7bF6|^RQKy;51Q0 zdP^^95aE;xM0!H~+^lC-S`mWdW+-gxu;lkzcIb(Ejzd4 z8IigpH~HU#9PJXSS-BnJR4KACl4PAmhHAa;T?k6*bP6DB*3@JgEco~u7vu5m_yJ|~QW z&iW~62WI{%J!-x?)!X?md7m_*)T}>ASR4yf&aM;AIn!*7XQLUJQX1hjt&6Ni!bt-4 zfSUvCQ&H{B6}TlRyp9_3n{Cif6tB^U^HXy?^)<9zL~=w$+9ILnAvv5js~jm3NK0Q$ zU>YSdfav-ij$+16;)s~ro@4p}`sg+Uq>sXw;v!3Q5@>)pXmC+2Mxoi7z%J*8G1F0b zK-kTts=9wRecpv%G3_&)5anTFPqQPg5MyUKgTuhc*nnyuN6PK zv`4!zI|7N@~21{cZMyJYiAf6d?H_H_aLdq7(s+Ha#DA=XTgN8xiZ8ApCAS4@Z{G8h8nH!8lDuXkD6 zKPxKPY3VRv)`LJH!rLy`GsO1^LA0sJs_;-!M)UM|IzKDK5G}9KcnOq%)ICDc)0@0kOD))nfjLBLM@MdpIS4XCRY;R%)HnMlq z{jEmKdM*=BO{LTczlY}(raD_@7$y@BKSm={Psfy}ENUwJD*B~*%{fPB1jTk@T{bm| ztxJJBo(9}9ii2W#>k90B%62#AM7o347DK<3!h{0S8Ht3|9);O$o@1X0F(D{nu#S4j zEGQdzvqCM17beIxdiu9uU;Vs6%DKli`pq@KeNkW2=UAM%p}2=m5T)pGnt}*0`(GfK zXWIBq<(6s*;ny3qz1c2yAGI*0lsGQ~Jo=LuvH4i!MQxKV6Vmi`JyJt|dnf!jJUv@| zDM_RpiLr9K@S5EqyphQ!%>9ih_TZl^?4`aXspFueu2pE-a zl}BOGw@-GYQ=#iwmk1t#0S&*xI5mE=`Z|C4!L0h;bFHmc>0R0 zW#9I2Ay;a^UwUk5V^5;zaL}yLL@#EA&HZwng=}^vGO6khk-I=qMma?-=@cQoLpf&c)y08e#kjy~{onu5`qfF-xyAD*_y81<0B2=6*vQT^APuCt zsjHOled_g;KHKuk>xkL@_^p73E#BohXb^*fb|6jG^l%DR*d*pG#!d1|C&c2tqt}z} zE%ZBwewFQ2$7U6~7IlwdVTRV@7&21aHE&46Afb4)@Z5xo#%b~7LwhLk{WpL1F~Nb8 z=yGS`3mu9;kxRwX!YRc?fhE-fw9azDgb7RIy(6_9pEPCO}QhcqWQE zP*FuTWn4u*du0=jdEcjxS6uB&4<|pPP_V~k#<1EP5lDcw3?K|KO?M+lnjN$eB>Fwz zK+1NT=HgN~Y-?idhIs?eJ$0fJdr@XH*NK3v;IJlaJP^uwHk2i~F*SxsLa@g>GnQG|vEDjb6Zk@_7qjTjtue z3#ukyV`fkjmU!w5nQpS3P;7<8;5}w*vX@f8Dd4H2VhqH$%iG|aQLPC4w&}?IdKPX( z6ew^y&~Y!x_eFTksSHZTU^>t-H0nC@8^Z)(8ZEHRLlubUPH@=cG z%RVMz+#)r`pGT26ZIZI9B2yK~OUX|S&`xUk2`bt!KP_f(`Qx5@=|@#sI9Ek)reE>LvfUhhUa@7t z3%zW7u;#XjMxdQ(Rgp8Lx7`IE&b#B6N%mcbx*bj~G_getbmhjcu=TpPxjfkrfCSqf zzQDbZ(aHut@ZX*|B9o7$6ZN&|NXxfJmhpEtKdA+u;Zm=#VGZ!{aiYJn#BNT0uiB-6 z8&+Y|Q}94MT16b+v2lkW;7X^2Fj3~k8AtbMRQ76F4Bah3Ruqd-zl@FqOjP9Etju04 z#=6p$qX4adb?JS)8CSBUQO%^p!kSaAIb2(9DI0tO8qOjclavUJwYChiJQsp2|mb^x!8!rR5I74w!A0w$isyPKQh7`5<@ zFQ1|pPTPHk)pN!kZdO$ebB6T@fl)t8xE{*=5?Y&@<;8moc8qxqN$ad>4vs|Hu)<*o z7l_k&V2^VIV%x^HVV?ZCHc1kUlUr}Ugdd33@Hw+Y5@{&3Zs+4KyhDcpZ+F&28{X!6 zQ=?{JPAw zXm?mOmWHstGOqAH#t$`I&(`3Vqx5SZA<|KWnM-1i|VB!U*w6{ z_HwNncUd@iz~9@j&NPJ>$OBOm*Hg;?)7m^D7G;R^n>wbG>Yc``V2Yu7t8X{xVYV(g z?MLyH=KG>|Y^ThP_PW#dJ&fBgV98iZrY>x?3w2eD=bA(U1;N4qSzTvhcn%`wRObcE z!lzvq@?*duFr9M#9-M3B#|;8lOmLJLvFW5M?Og%F14NzgoxMhp2N=7JE(sqt@6|c$uNg{cv#uB+%z@O&T1IJAR@#Hl#)2r zM$~u>v>bl(2zww+X^ZZOJliM|)hls5+ouF?eNUTmTrd$x$F$O*5k@UO*7m+ zxkWc3o71sB?c)TZPPM}BBdY&=l4?d#sQ;0v*bssn>9w_^(3UD^Lvk9jeUSc{!KwD_ zWeRR-SJr>A!%FGmQI!rZ#Y<6hSp?U?z+xnV>jxdMYKS@_?tsGHU5}_t%o}l2Xbycz|f)_ zLUFwWAiLXE^&lY2!}xet32M?#-!8;aS&w%60rENBNJ@J3OG-bd!{wQpOgjem1;b)7 zK}>G`=Jr(Ia}U|KzZ}l^w?HE>i|Sit*s!d2nAEwAuQ^?>7UJojRCe=1%+Q-mXKvCCwNY(e5rY1n8GI1W1(}+4qS` zh)eXWUEH`Y^;br|#(McWQU-Qn^^>-y2>W>f>zMC{2p66;(W1;*93i@c?L7L+s1N1j zpbis!Tmy04h-Fj<8CLl@qFLV#5!u<+Y6*i5dPO+M;hzaH&=-T7d?-fIaS<$G=N$ol z@ka)-L+sjpPIwX33%NoVXhw9=%T%X|?k^J-eCc7dR4FVb&*|d82f2i^h?8r)&18wq z2XKQ7y#s5s=xPSt>OKcQ>)}o_>yr}+z21_2%N>5Ukn>oEVu_5oE1^v zRY+gDRknCR{U=c}b;My&Y{g2#|AsSqt0~9o(^B~609}SB;ghz`O|SwxVkr9oXGrHK zB#A>`0z`<@p#hcXKlEgg-$+fz{l&%~QeUL+E|7;}Jsmn!@#7%}Cnpl+l68^x# zVqJd*y#K_QI!OUyzlD>Z;1plOi;xZU;6b+WkvtE@>BEXZBV(G>WdB~W5dtyQcP5A3 z6!I8DXIsv&Upivvj=@a1-ODMI+H;l$kq}=Wg}pdP!jk}EGazp@H1Lo%&0gHh zp`uZ4+uZHI(;%!*eJ;>1rv5kUq_2vmkL+4cMUM?a?2skr9xs@K|>A24DhFe{yY1-ge~ae-4xnI+~f zOgqkol`8J(M~EE{zf7dm>6j1l2YHm*vb}TkT@8Y7rcB?kB~UnFJC_Uaa?oekslTP` zCi!~j(hp@!z;7_@e5Jgv+C;QwNY?3R8d-9kd=bwVf=y$Y01GGJJ**$a^=ym{ z#{_QQdZzRs#M7{?CSu7ylUsp~lZ-%$8zI%NoQcM+6zMKJHh)`=D|V$uDXSyt1nY;! zA=w40>8+%|DR+f0)!sbd0)fXCQJbRFA-SJ-RYX@OiJ5FYN}>E z2Gg(~pe?M1qfw7$7G%L5dny4~jucNBwka&U1C9Np$wtn&N2VmTdyB7~cW)30d5N%WX zRYzPOSbfV(>3p+c$j7)}J_3sLzZ@NeJv|Vuv}yMHtob)Xmk@3y#<*DRvT_ z3p{wynXA(-eg62L@u4vSL|_Ho3@FFY7&^vDm6-(*8kIKWUrKLoEg zpsd?BWA{x4#L!mGe>|wa^=^I;^dYQ`j*0S^x@en;;w^|DLkh=iS3UD~Nq5h#STl;f z-N;cj5@qQxckT=pQ9m&2CE_TY!+KTC>7HYTq$qxy7mCE6W+iJDP+;Vlf%PiESwYZ_ zu>XwhUqiDmd@U9vQ6za@uP~QSeaFyA{`jm@K)5Bod}x>#TIto`H*{5tf}u%nV53~|fun(PO9k6f z3J2{tqht0D9`c7rqj8ch7@U47lgn^rTGH?eo+u3xnp}>%zKH>#|EEZ|TcPRp`r%g- zSB%Vyy4~qg>B1)7-8)$B#|M0L=dhw@qfx>4T??-V!frG(d`a!=9i$?xZne6_XPZ`+ z^eft0Q21mXs=PX>ZU0LTmFb@&PN;!(IOc^$J)9Tj4_wnZwnnEB5E9(XNz*fj6sr~x z)P*(+(6RS${7!UpRZ>cmBHbd%@bAtowX`bPhEMTJ0^f9K*}>{zy}$EhrAKqi=Bz(x zjmAV^im@lsA^=}YeeI{$*yi1NcMaNT{B#({<$q*qr&lb~C#&KQv;zw+us23gs_LA} z#UvVI47?0^nF-mX-Wb7S1AfeHc1}|^D8VjIu5EpEG*QfL&-|={J5*YU_%ev>FCtThlu35!p=Rt*5M}&4S{}2m{`}9p;s*k949?pgv_g-yDpY&)^DQ^8bN&HF!Kz*dpuXFBvdJ#rg);q?P7Rph% zqllGWr0mccJj#w;BTsx*F)nyA5b5WHN6ls=)Yd<+0uKnj@z?|&MweriF_LW~zf(D< z6MkL1i3%kDc#pJs-Tt<6INUg0+p~z^2zq)xpLhdX*Lq(;+6{P~kTB|DQ28A52Q{rF zqi7>;@doi2_hV&3BK6k^Opuqj=#3Mg-)t~qza^zJG`nm{LH{}<&A{j-&y!Qqfzk>U zU{7-@SNglF4;W@}Uj0IlQx*jlxKk^9Ug+w2{QT7lIN&qTE0@z%(ylHsfx%A)+$(mt zu9DR9B?Fy~8(-)P+&j5}aKsg~h`A*HFnWp%0HWl(ju&zV2Ow$gn89_R#tz-c{nGVT z*Vm#PxHe8FY^~FVloV+^4f+|;k8=fKpX=0%{}lDtz&?2qMk7l1S_A)maoA;=ks!L)cS^griL-SS9`Q=ULE^9PLY$MqnTSpw}PFO6>-NJ^1eXNa(9^!j_mG7P@7j?f0Chco?Kp<;S$plS>-*1@#$q$Ykbbh* zd%Wo9RzZ-2M1UueL4kO4Xc+w(5=j1`hDjwTmfj<&Gr*@}rK;ANX(tAjQ02fBjBX_v zz*qTc9UkVNAL|)-J;N^Pvy375^ZL=2I5!41=-_5$3I{h#1#^(Dn91JRIjFe4;((T0 zUiJQ&GSO=OQtX8mh}Ke9oY;!`JTUa5M#6P9Z4(ir8-Xv`0xylevl;}q(t4D;YLK&& zThu*K_b7~zPS{0kEMz#?4P3H{MBC60bD&|!Q0z*EUbf4%MtJ70N&og4_Nwd_<3|Fm z=ue~j^+y$C9$Z}tdsOBnBlQHn%M`!~FXRCvC72!~vclT*?wBLT`Otr({GWJ83m=WQ zlM!sG3J(5l`>|!4m5-`-9J=jogbZZ-DE^mCo6Ek-$gGY^+*Wa`0$OQwyEqsM|61Mb z_!_?B%l`d@2qLjePo@LGjG))8G`YX(c87Mo_HA|K>4s5wkGD`8cji^Be3R2159$iB zrK+ORNNj0#_J+FY&s9?rw_tiF%u9vB-6{b6{dbs$5ZJQjxxq+w_L({}Y_* z6&3X^keL4LqqRlq7l~%=rCCxi&$Oohofn+?tutYWZp8>Tis?qXGT(&V!y~4rj<&$H z{1L5Jn)~!mTn@o}rXIvior_1nFt#pHlB#%Q5flxeJ$ypM;bEf`BsxvVOO1m{N0l=| z9yx~eI@)-`0-sDIka^-1QyP35y0uNEqmtV|yR{Ckt2>7OS2VCPnF1l!1P@PEAtZk! z_E1xj;*_OQ@P z9`t($zhj3mG_@D+ymj<6Ti6fsh1JjHu=*E*E_O^i>zo0P1-bV{)5x?*8(V=ij%w%F zr4#DzK59J>iW856=kj)}ed7!&-QImv8$>2X!uNtA>`op)4is;YFe)baG_hL<>(nw_d`=w}7 z61?>zF-j|w;=%{*juXJMew3TwKxDH1ld$=~?M(1$m&J6Spk;gISpzBb&z#*FP~`l4 z^G8=J1mnwKe{o|HL?wj5VmV`@7T!~k%v|cU9ZKbYkQd!9nz)ly^gP?UEiZ<%U%EuB z@5Mr7kQT&a3y~e^>{HY$@0~7qTI&17uHCdfkz0(r$7#A>9ju?45EtdmI`2gH4uBY9 zgv~kqQD%>u+;$F~WGks|2C|^bt@+%qhnN^r-B~z45JG(?44id46Y`ADz#^QANa2fpEdpEo=O2tHec_}dJbsCN(n2D8sFia?O3Zp1mvd^2z_>|^`^F#CI0 zE2i4J>&h1<7sHD)&>2Kzhh4RhP*@oM-nh8)-?8Ityd5NRAzMgk6ET9`34B))kBS00 zf$-r;8y5@e86TmG!T6@dBzlXk%;@Si;Q?00^E1H4!lQbB-lJK@@}-SY-N+TJEaum1 z`XHuiE+KEOIXk2)FN(xakh6O>n}K)K)dn7~o~#5Q&z9w&Q~=i)r-0)lr`ZL5j`CR2 z!!;YcAAP=*d}EDYb)$ye=!IE7$lAh!HITdp=%079w`a&^Pn1LiP1*l@uB5*M18#fA zQHO;%Wcxb*Uz!HJr)CXUvBjl7eYxv38#_(BG%RB}YJeZWxs@!3f(#MEMBA9e_12xv zccmc&4#@y2{0g#@A6QyeARnfH?M0KuVe8<$U-~lw#XiM}Zg7`T8t#tRJ;1NP=)V@t zCFxCdNsmYsU20hl%!WqIsPq&jbc$+azD6Fz8#~Oy-o`clM~R7jm81z6Z7AT^9*Xf1 zI}O{C`LknCeXT^Fy_9vEpqbZ!0Xf|;EE#bYzX5#Y%cpg8Dx|tg&AVwGQX z3g@xkSCy;}PU>lB5LdP**t%Ld(UL*e((Yn$wzF0*P9v)ad7GA{JQ{))cHf+-NtS@= zJ^08;ci}QM(qQPQso%jej@dhGJ*BP%1SQjqg(eT=F?9Z^hV|wJbywOossB5&r+T6A zrlK$jqeGF2T=I{}#E$P6Lyq-(-p1YB)f{69S4SDZd$pf&JlLqnUswS1vcp zY5~zEw1MRIY)(m5`-#;^A0dP$8VZP>p_&7xh^IY*_6ngxmGVomYR9SRmx5U!_7E3n zZ6_dT?lcdo^b?7;Ky%8BT(>XQ#kj6%%!Cihq}N%JmTM+V7Z6-P&~1Kx$$3P1CEmX+ zEpNEm4ij@V?~h#(@!N}~_P;Mr704#>o{nJ-9d4c?G22}S!@g4w%!+=FPIl@%Y?7RXo ztCD&Q_4v}}t+BUH2-e28-5ep1OXd5O%63q~YG8kIuESDz8b#(Zj@aDt?LL=17A%n5 zFTEh>8#jaUr;K@jH!kDdfC-N&; z5e$bhz&j}-r&Gggh;0hD!ga;vG^F0--xuQ^cdM(7g4=FW{}&P0Ih&pVEoB29yc43q z2YsvR%tbaGVaP~fmqjlR{Cq|VdSlm`IA+>cyzp9d^Uq{L#xLXdos!q2=Q(bS&{K9E z6q}G$Uy_fY@o`AI4+-EU3!W6z=kiT|-3%Ta6)y%hsxV)-dv4tV;4oeVRpkrw<<59V z4H9Dg9{?>t(!X#=Yvt~{YFC%uFQIOS!5o%JOeCCec0<7q`cG%c+(-{Auf|taYY(l5 zmq|UsaN@$&r^K25w3;G&IIvL3Kn`pEELcFraLETb*KL4WuHohr((AHSE}M3>UCZR% zPR6}wI(%k?gd_4W_c=Pg7Z1>3&vC&%{LK}GCM9Ox$p>B)cnlmDkc)*R5yYQh(MKA! zQ>-p&j`J&0^Kd+ZG7O-UN*;+5WgxPURoQ`?`WKek zabhPf%ba-2xfiL#MXJ0J&2Ns`p+?ZL&_)d>X}O;?db76Lx)96C$OWNie2Z!Fb4A;t zG_=mpj96YNvLdmk3?i&)CeBza@GB??E8-IZB%=h4sx&L%Kai#NDY_=Oz_PyDa(ywz zW@@Qgro>km2Kr%t)uLr$JqTygYA3ffUJ-ltZ=9nykYvP9^pYKgke|xm-NwxL=;x8z z(!c^%F1yhWwK@@Pl@X)dP{MBUWL)(aoL7eZm?C)3(&*(nPgwBEGunpl07=zKi)jM; zd$IGA)TeAo91j?30>oJ%(n05|OQ;M1Lcb)xNYfH7^;H;j6^*h~-EB=xyd{^1@tLap zV)A*?${<#dJ#9Ij4&|X=Z)`jq7bKro*a%>hH0iT{{T#P~tPa~MaH%#R1GH<4q4M4Z zsSeyNOLZ_%#xVYW{WWXR@nDU>lFhnUFG3EuUz7Ac>bNx(NX7;KC`bHo&I+ucIkVPi zgFsUoBv``<1UXLsdW|gMAx1mbLmx<%?bT^z#6hlvxvn%o3hA+31A7m4{^4$~1J!e* zoQFjOU=Zw6LY_!~*3_>Kt4(ClVUcE|%q+}4@;2`A_a5KsuDiLs44KP6S#=t$BuRhy zVumMety^vBZoqOwzDipTd#uVC?@Q%~`eww>C9N-NZalV&jWFHAn0c+$(TSLF ze;pV<*XTAgzD@>{U0c8RbcVQdN`p;o2`l!==h3_lKib9Mm6o{HLBY!6!B2y!#}|- zpFomror)pFiv8Q&II0c(u~VQKu?fP|W6Ab_V-BjfMrgbfC7>?y(kF5CWH%w2k&6Xj zhOGEn)lM;mV@8_u81;6os|$(FHrBt3q{IV912ctKumV}2)Y6z|=*@_U=7W^}o4=aC z2u5F)VI0XSU`VB0Aw(_(!z}Y(M_WP_0?$ujV_ZO}oK}r|0Nnv3WQdmdR+<_Bg`NEW zj{gVKm}o&$K!zD`juHliM`)*GT#Quy5or<&cKzqHZcn4MA)3l5^qfW6O&vBPAhR$1xl@l5! zY`=#-XKn<0M59G^Z7&nLDaX2bpncahH{34iG3%Vi@yw4VS>`~E9L`{Jj~E5PcLGuV zv1`)e2adI|qCkLZzOM=-eLi6X_*#Wgh}tbrP+3m5v>V-;QXxG6+nG!w+M*+9EsK_ z9a#de?!Z&5$}~$J9)52xSPI zp)Y5&uQg4b7W%Q{@=jPSXx!R3S|Z?h^n(;O>Q|ZpCxpLv(Ae4lae6Ix7Y}3fsR^XH z^kEoeyxTsaoWC&Lb2u-tRN}xoOde1sLK-SJzeD5=g*8=4!6mH)%QH%#@JGGT9Kcr( zMGumo0>RC(vA?qpd&g}Lg77f}JAvL1!ZQZ?P0DUbRtl{efWirkpZ*8!q&XpKNcGQ4 zQV-Ahh%mA=hghp4g*v}|yM0LLx(7lFfBiEna3vcnExgsGy%{h`Vc%jw!3-GYFj|9~ z_q?jGUgncKKgH*OzE^66wKkpK2BsoDCPmlnWSu}pcO%C*fnBD{5qY#;eCkJL|Cj;x zkk!NLx*J)f0Vd<+hJ(3eZA4Cne`Ho{9>3ZUK({TP!t&b;Ugjlpntp_I)Rnz%XCF zPwYx?L7hyRJ$rR>=0<+dn5o_j?wmpSO9UT&4tBf_tqWIvzUN%6Nf`|if%1{i_`1wq z&H;HaFOygCXh}>1Ruc1sjVe97i`2HA~3~~*#DQ|3`daCh2zCd)fD^iHB zNSyW=EZN;}{Dmu(Pea zU8xm`+>6-L*wEirVlCN6CE#%QX=C2+j8`n-UVU=Po@$iSbbrgvW26LOxD~QkQ{sL; zQ|JnjjdV%9NrX_$jq{hOm&rWHT{Pix&Y6QYp!{ctt&7e7{Vx?#jqle*>C9br7wc2r zZ+U_wo6$wf_H`k;0+G+V<7bazDgRHc;&7xQk$a@#e#nWeAc6UTYsyaIW}Oo0rc{=B zYE*0TdYx`5Lp$Y~t%qY}h#&CqDi{F8B08i2)4IhPU9_`?8i-sS-h}hiIr2?wMhM^i z@uHY~f?YgdRXoXt{4^?w(VVSdDSn_qTtQnz7x>u1c7+6ZCXTvD9 z&uVs*->r5`;G}y#qP>oEiBJfs5$?mEI{)Ii!IQ&1KDyCvORnk5 zeQglp{EUL1mD8*Hl&gq^Pl+vfCh?;y1bqL_Iiu9g+LWuB%-soq&$ zNup7~ZMB(cCH;Kd4UwZE`Uj*p!JMVj8YAPUC@y>i=_+4(t3OI;d5*%^#VZnuKBNvT zGg{Juis;RAiJsN!()S6^KxR0nSeQswwV5q#%lf- z$Oo}z`$(G)!FEp1_%MLfOYX`IJ z1741fb6pPqUBN5g_|)hrqo_&?8%g#Hf~4qK`=z@$89nCUkI9R-&O0=44zGNCp)2jC zSeZ=K&@hB@?NX49%GuwHu?bFL0P347(8BQ~^~X%;u3GqN>E+3Y5JE57aoH`wvd@S} zS!EZ2ujZIWOvgVhP{vDnFJ~VB)t){U6>eXn3%N;32BJIXNH$QxKgK|0p@v0*zxOI4NA1Kg^Hn&K) z;b|j+)=so&j(?z+Sgnj@`YZF+2gD396kLr5*i_gbu@wv@zB0HgrI7oucJp&XKt`2S z?n-dFN_9c79R(KCD!D}}sgqhAMgEf0wa%WaaJhP@e6EO3hWk;C#PBUz(dni}g&(Ku z9v~fw1}s?d|JK#}jr&PN=`T5Q9A`IHB(G#J^773Hn$ewuEzLG!18_qZEw!x}Ehw4z z*vnXwBb4Gwph9wazpxADi&*?<%ePZS#5O#X~m~H2AIjo?1WTOGt^Pk<{<$m8Z zF^3r9Fywa-G>>a{fz`q3Yvsys7il4s6v^abt(&oKIln) z|9Zt=i~63R%SR9sYvM_@e9;UkW^a2pqdAbEqjU~H5vHW<2tTz?_;|s+zT6eN zp7Wu;@t^PC>~3Yy!iYr={B=rPj6Jj%jAC|jJ`(W7R@+1&DF4;PdcYi#?*WVzHUfAl zlPUdGuD9><>l>t$PN(bg@kLC|qNPC4LwJb%nB)>Mt*}rn;R!JnWKGIjT;9&Tm%G4~ z1t`!hi?69E={8d}V4XiqN``OcG`1Jy*ZbvK6QqC{@Oft{cI_*UoDLqFr>OgYW|kTc zBbR{fKLVtc7n()`I!W1>ps-7mFBH!cYrVrbQ|&HDG|pV-yp`NKFy%w(+{3!cY}LR% z&xNBJC;uUyFTN;aa^W-raN$qYzC4i=rl_Zu6ar&>+ee}$#>@-Gn%ii4m~>=hhJT^I zYp-P6z0}@F)qBe0aM{0i61F=wLx7wIK+D-CMwg+fcoYAFO=N@(yYNAMwFXJ_nel2Y z=;{%d96M#fHQ%)Im;z(kHjlQsn6HDmpIGB<%dkN1(5C;#SR({bwVWY9s9S>^n66`e z6(xefI~qJcfrQqnhU4x3A_eT>UktqA`uBb{Te{%>m$0l3YZ-4Q*I zrBl&@Rp!3%Bd}2D)-CRRW>I_sGechu7h>ca^AZ@F5NC6SxU@+H1$JF|jIZ{$LL^MN z@T`wQ%zDx+$il|nlDTI9gEqFwHp`%RJb9gL1>4|D^ceSJ z5cPO>XM#&>Nwg2>h`Ek4tD}nVX~yxfy#=evPxuG$l8H&d-{Z??blKZhw(0{L?zPI7 zpCEoroR_5Gvn$iW2tK*7--o4f4xz^R#yrpVH(SAxywUpC%h810*-#7yM^+}Q>F`$UV^*~0XEDk%FwSN^w5_C5NHy?U!EUN62;UIdIr7Oe zHi8=2S^1Z+K7uA2E1d{@mG!36AX9DAmi!964O??3nXCjb_5*j zW1C?LH^80!4D5JPL@w+_fjcvo2H*?iN?Cm6*|yevHDRFwtLjNnxZ{(Iln#h}4*0=& z@-mDVT|VrZA)PC8+noY{cM3Ry<_n~35vJoC(Z3xkN$U!++P6dRyL;KMzS|+rU?3D1 z?i!}<*}W`!&FcfO}&>26Q@$HLjG*208lBm>%iN+v}eh`IXd9@&HtRTJLB zzf7@_6Zi!rLDU?j0?ai1qDFI6RXnKQ47=*pwq$OyXW>sKsAqDcwwEsNp9^9(P2q2 z?WF)@`eg*kNZQfcjR&>JPi_=Ic3ohqSZ) z6YrDA2QtKC!2vW{wYL25M_S%sWeIwvWIVNP8R=70%dYaZTs?pLk0BpQ<5JYC4rMQ> z27!Xwa;3D8=jyP9J$~_>Q{z0rCh*Txrl|I*`E=iDi?Ye~g~n_!&xWjpFC@H&ofEQx z^$SV|5=5Q4%_A6LyE-e4#pF^GCEfG!BG**5(H&OM9O0Q5Z;rbbeZvKOe{&L-sYo*} zCxO1=Y}qzC9rO=Q(6U9QR(=L+T!mNB*gS6unmb(dq>=6fCM}RZv+gYO(~ICW-VyjG z=8MN*fnwzD5}3t6>1_lkqvXD?CXBpvmp`h73UWV4#ttF{R$NbzhuYGFxPa;RDgf1z zyRn^`KkRhG4O_C>iA{q{XgG==0*7od6G~*^8QeWEe<2y!yW*T*aCsMtGrou_Dt^dP zdx{jf>8$;cdfrAPU@1FQck0tsg);Ql`9KqRmo`P8BmB!U6hn+dV)IMYCgK3MqsnDx zuaR^z(1Rg} zZ-mV%jId%3-F+6c$(>%$qL*DPqb>_sIrHD>?^Zv+k4;?$CNLi*-6JGN%z^g^V&h%k z0opbVIL}=k%f^_xrv$l$)BoY2f^h;_eFw~Foy{WiV%FK#7u-_ZLi3zvs47ES`o6Bg z)2AuV5zgnn#ZiLl&wMuD?@~JpmT#r7S5HO51AyiVj|S?{jZ7#`z!@PyDgVGClWFl0 zn7+$BS`sV|s;}BoO9@Nc6)BVm$96w^MRT8U`zD{`Zgpz-v&~2_eE917 z;Ih{q_Egki;W%|{s(6Bf0y7kns!>y>OY2~?`rn%GRl1p1avqi412CpEU}H<8zfDvm zE4Zt|k20qhnU3yuliFb{;)tRNTLk!}G?U>Ra^(P) z)lnX_aD0kp7TNI07WJb$zZrY;!`|0Ri3`q51+x%Q!bzba%-Q6Wv@0U7q|uiWRg+;^ z7~(CLpRtxB=CxmzvCzork~1%9d*4uNJtk}28*Hbz>P8XCtC zRlla&Y{a`FL(M}3=fUVYVD2XO(Qk)o3fZoKQqN9FDUEa>?l+Ax_2eGNgw5dQ&ya=- zBJU%r7yH=Wb@z}te04|%Q}I4v^tGZ72yxQXWo=9bG6!Cu+`kfA6Jg(Z$s zyL#5P_XJ$}h4!GUw8?*qvhTmO{Ct>48pteNC_uh%=K9EWVw|T%ZhjkXiM}Ds{0uF> zU9jmtT{X5X0iB~3{gw=6wFpk-?=<@q;zv1iF^i6ov2_Z4*D94RcDmW;PL!qsaD8y8 zQ3!SjAhtTOhc4aR^E89!76K(vXzL&^3ylD&nbsy1<6>mcS@3Hp(kdN8p!jVkg!ptX zxM0L2K~OsJ0DmigD@Jb0D%((o>H90*Y-spfOl`DC_mpHGHG3G&?&aSaxZ(&|7YsWk zGmbe*E_%SK-$aXaInP#aA1XM~-{zlUx`?F2P}@!cVCHfTGYN_iUfE0f*xdC+=Z+~y z&1SOLE(ocSDBL}BYv@9;V2^C24f*Wg6JW%V9QUx`e&6AgL@1ngGbUIGf&>g#Z3WjD z<(df#;xXw2WF%lg0NhjQuk$S)C~m`nMACh(Bi5x%BYM41Gy(n)8;kf z9mJm9aAjj|QNMvf1H{sLB(Xfs&olPu&JMKZS^a}PZJ_QykgpEns8Ja2y3BGhUZ#uym~9Hd z4Q7{242DCo$ePsYxpLDHqkh_whsr4(v<(2k%4jJ!JeqP=Nekq(&_;(}Q$bYTNYGL* zB=lbaR$AXquzF}VDG~gMf4%5MPI6euJ*zs1Z^?n@1sGk7)DxF`j6{CT3%k*x=55?- zJ_fOgAZ9M){Ym-PN!c8({aWp*6iimY>0-NZ_?(K`E(rmELl>GOmAHVE9KlcywNGh9 zF}I!XH|fFJ!<**qH>jI{Q`jKjH@KmoR2``^Ug7CH!%f>X659ea1S+i8wiY7D2k4zk zo^oF@7+#O2QXX{U!TUO>zN+X-QHDLB&9Mab=i&h*{sBVLcQwyQZsOSCTr@Y$SBLhOx*^JF*5z_O31#fvoyzUM({8R4DU5;SozX56Y>e(kGM-Fa zmznOxE0U&X+EEMmwnb*fFPyM7kXp;73lS)f$|%c8zg+TO32aTY>3Al>_9en-_Y;{c z?m9^Eal*71zL)fkJt2aCJ)NFItkoS@UBTkcP9&I)?%W3g=A-MFNNChO)eUt>N`gJm zE;-QY;J#alW$>=0LF?`VJA-AzQ;Qrr|Ew(`m9Pe}Le9y!VZM|QA^uwiYA-uUB%gU1 zqdbz7(H{6&TfIei*2q&o& zK|xGthSG+AXrTUPAqciQE$#IqyZbrF0(c*$wA@7mQxa!gMI8R#dmF*KPT3M?9F?LI zpGFq+hjI8<(xEl~iWd;{tSc{~sv~*wmvmCRHcZr8<%&$>+N_urne=a$>K!K6ep<*= z6Nmv+qxAJMOWlwxZEX;rlROO&16azRB3(>yF;pjJCj5N|ix%3*ERr1{kd21vob zM5;rPdlm`klbMM$L4L=BwDPnN_{CO3kePDpsyv2C-ED0RUEBSGGcU-XJ{2cse0}I_ z`vISt6OAFDNA=3~e@`^dg#p?u4~NbYx$KuXmpykxx-a$*=}Q%Ql~5Y4L}~r10gFF+ z7CUv&8GII4sTZ}uaxDiuobB0Fw@c$<0}x@X(rJwpW)98_9;gb#YCF}fVSDoidW2SN z2;9+~b(okB35Egv2u5sahLp9{9`KG4Xz?n5ow)?yF)H5OM3X{OdbcORY=TTcYbn{> zj&~c58$#D-{RW1Yw?LK}jHkHt#YJ-U(FRfvUoYHX@G)JMoXH_-a1KaZ1|9$+BwC&yWVfLcKZ>I7hg=Uy$@64BW&sqTPU7`L| z=2pdani}!69`TkdEgFmDbaP2%J4*0 zy}2>{$O@uX-k+^}V(q>e2QBT!nQNHf%Tyb(Z}}$R>Wl!*c%&|um-Mjei$KdT<6Fr% z7$>u5-Jn9}L)W9qFw}06Ts%aVAnAB070rv`H_1MDeA=}t!-+U|Yx#hGAlIYKW>;%4 zjgQ_lorNEI-Wh-HsAMS%pd+qphIQCTZ!h65oKX(;U29ehklnSUHpk>ljlQ&fSyUrY z+?qhPaZE>#BNWBA#_*5_4RTt#mvn=$1vX$8r&dK5b76ywX}E^3D5R|lstXd~j8 zWQ=Biu)n!NLQY(8^uqmdk;e7u9LL#WR_zcD@Ei^1v9#WhFa)(&YhJmOjsZwJCCC`P zc6hcRPBgUYRq#k7Rj4k`FF4bySmL%>78%6T4=#QJQIb&6u)`yOzg1??tqI%BC^iWk z-PsRWhFioa{Z{Kdzx?}SeAHccGU*I4_So5e*r{U|b5|V>Kv0S@9zF3YWce1iQguKy zge*=T?`=@*_es+y6rXMk7|o8($@$;&LgouSuKb3=?-tDdCNEsj*;PA; z+g$QHJ4igg^MbyttKx)H1a}T*xhk|P#a7(g~C{40hAHcd{vB!kQ zR~q1GplDQx92+^goeqL^ml>er@Yj_5LR$5sok&w_vKx4_Yq4CNM(543ajL96z$f5*?VT6yMnyR4vL9n{A`7^sQs@?Rdqf1x`6{w&7AP!K-uK(SRt zGFG2Guyj=>MOJeXQG3!>&)r};&t6Ic$~~k*srO{*LnG76g>BVt<^5I;=;TS&39_lu zsyjYRgfEQ4^_i8>w$gxMbL#n}!(+*4@CFU~lq z?~Y@YIcOwnJ^qD9Lq>L^JD-9t_>EpjkX2N0N1eL|(l~XBrBTy6_hEei6ytd&v@cxL zv*FnEna;0tFjZdCpWfG~Qqx>}*%e`R%#$LT&5#9GZ*pi8Vq6S@NvV0fDqUg&6y(Sf zA=sRe-Q{geAoO7lVM}}fn&lW0hPZe>CAx5ET^gdFE9$$TS4dmQ>@M@x+^jS*RZdz& zcUgbdlp`4tHP?6Kwchd!qT6RWDSspcCPab@Xz4wmf{Nnh9=0_N3sO^S>Wd~4%wX^d zxoCDj4@aMRYTs~>3`V>CH%fpyL0X%E7>6`s-|M@}%Vqb)i*6nv>E^%A=W`Z2HzKySQGD-B(wd zYCtA3WOSp+C{Q7EH+dx)dba%Eq}n$XY7?VeQ0V6xf`CFZU;8sIQ!;Fu;$5+>E_&2u zeTU{T28zS>8Qp$ltHq?}^Ti{={ju8nrt4I+K%h({Pfl)xRritm+_mpU@SlQ!M}@24 z8p3+is}jxL3f$MsPCjEYWvIm}q`q{znbOj;Wx>lmF7*>}Mj-K8{vCebUgso(nP5>F z3>x-1iwpMd(}6ZVSV1@Zt@0=r!H^|+c~5^2c`-~yVUkI=#6-?`Y}Y!&rzA3i=Il|{ zo?3AF=?!X*HP1XcSfa~~&gY7Rq$9t=dX1=iFB2{OBJrwY73FU9o@j6@-gC@*Il z0n`S76g^A_jxfbxYEh7>u#l|1k}$yMXE8e|PkN+MBR}2VqZgLfuz`a(Lg#lJ12i@S zQJ%LlL29B-FX~z#IKRP>c@vy94Nfe*Oh!CA(y$0vXby-twyHu|t8K7<5$<^!vp6~=bSk)eVncsfR>$dUrm zCyxHkLVb&Q!rpP0crxpItFM{n|b{tf8Mx> zIG+At2d)3En(v85bt|m66JUGSi-soh6uTy80}eeurSIHE?9#d9+_X-tR4EOOrYWU# z#!OC*%4uV%E%qCbVLli#kYn4r{DUvFb#&AcVHA&B^1({Fz?Jf`)oa+dR7o9tmjwju z1jgDwpY#h%jPbUhs?rLY1|LuO_%Vt~i4>OkN;M$k(s_R#Sdb<4{u~|8$vr2$0HZ@M zDC3JfGfOx`xNvdHd`$U-XYx{Qv<~VQMf7mc=1>Cv)&qJCtBC0JY6N0iK6`hOR(Ja% z&kt@lp+DLvm#CVi^HxJ_rQjmag@{)BEmMDWS zv#R3$l`c}0`3~DaFmG1HUommDbMiptpe8JoCe5HVzXK>M`{U{{XN_N=nH?FwICg#)U8&u3r}lf9K|I!PFdT>=D4;*;57^iqA=~OPZ4vBFh4gZF{hIkO`>%)N^A{`x9^+MN>?4 z;y_YGXzqFYQgL0NjznB=Z%SR)$?=a;HT09Bylfe|L+&UIxgFVsmQ+NeTEFUr`tx)1 zT)Ve_0{U?C6Us}+wjfZ;v|E}9PZHr6L`!>IGf?aCRcqCY5@696y0wXu58-rZf#~^< zx#=U#9|u7zrO=$|dOX2~UV1JO4mmABP=uyvJLaqzaD zdHS0c#D^17w~($Mq5*qS$oDK3fm0n+e|ks2;@qj~wy+kJ5(6;4d3G z9xVXMh(U9%0-k8LX8VoDsd)ef*1%YDRSHjzoQ2cZi{fV?}>d&>ya|Aj^vOe8rfWjhgFScZLsm zxmmydpJ}0(u@V~+39JH%g?wFJD7S%i?0~^M#2y?3^V4;NHT)zrZF2?A|Ax^tzR4iA z8e#f3C(Zq+h=D9a@Ag`=AQoB}H3+bgK9=Qi`UFmsOEY!#)g~^;2@$Gyw=o6(rrc(pxHitg2Fz>zoS>e#@lXo z2wk13JK*zcwS&{3`Ux+&ydKT8$EtjZCl-mhjwVu=x(yvd@h^u)l7_+&ENtu|e~7Mm z@Q>SbWw&D2EK=(o>ELm~yc*9*1_5)K3=y!>!=4cwe}97}ywxl} zW56BjKTdl(bSl+pC*b_m)R?_KOFi(Y$!{A;VE0Y&c-i^=3d`R@d~bTuJT15)HZ*5j$ z8k=)ZA5>SaK#H<2@c-5R%f9YiA7t>#KA2ZZ^#3A#RY1D;{`TI!3-wXA?;zv}DW!6` zew~f8g8Q6mHN-Bm$r7@#cD2DjvN&2lYS%ji>8+NT) zP)8!~f_qc8O%-X;(E&VJcFCCkD*_L8uSVyzCZ$Usd56rr=1cg-E|>Nl-Xr>$yW+yf zOI0V8nBt7Lp`ujUdC*5f!@-l+qD&K9Z6>Hg5>9jtJ09q-=Sv5bF4cr5OQxuvL#;-r zd%3P<;OIH4u`)z%l9_Q^_}@Y@Yo}CD>t?X1jlUNONrNB}eY+g0FK5~mC>of3dqL>9 z6G~@Y*HVt*?=SC^Gc%yqNZy{Ry>iP{u$}_hjR4*6{*|}Cn?xyJv5ltbUw;1`3U~Jg z9gXWEqw_E=i}BaQZrwl zHGqFfAEpt?4sp`o=A5F|Q424}dyRJyVYgR=A^!U|6<@)?r))@YiC5t{5Sn=C#*23$ zxcl-OQiX%}Z4%p8qt_e{+pz~19$w9?V%PzDgk}UruD%M^P3keeNqn|z%k#eh$Wspr zLOE(K{V@oV;g(rk{1AHfKpdR7f$&wWT;K4MZs`9!Yo;Fa?b=4b9occiTGziazyZZZ ze2NLnC?E4z9U}3Q@8L?tkDZW398oGf!jhd30pfwOB3i(|X9+jAp zIU5E8`UcaKR=HhoX%B$+L(%g%SA2Fw(>UhV7`mI*&A)1t z&Td@$nKJcyD9(!O)VpgM&lPU1h-|CkGW6v;h5GTZ=n&*#Q|L8;)3wp zGWFsMqYb@nr?on`5i}m3srR-db*y8Tk#o=iy75b^e{ig+XY9?6REi{Kp)iq+gyC-= zBzVjI4F9rt%eUfI=#=D!ece^_x}E#hw?%32GaW5^$zy$&*@;1zYWM4-YMe!nXBpyj z)`ee5711IX9EnbSD}vxLR{e5ej;5d@v@R&TE^DZaNF~?tM7}DZ9RCmgMwKA#sjZk~ zXfz%OA+&zl>%?jZZ-k`McPq+Uk&rENCfN_zwLl=;o6rYKKhf36rz%~`6Jy>xU{H1q zS9YSD_2rRS-3>Q8O`i+kDGSfzoW$cUR*&K6^8tdCGfOo=ucIiB6EyOq#_m2JcEP-ANI+2QkDfsVXlI4a-4!2*+hRSL_G>-83z%ltb{S6$`BpXFHd`8d$L675mZB zOla&Z5+(^K@qvyCMB^wnwqqG`Md8fynU_0HSpU?a0tT*Mq{bF!l;e5Itf_8u8*`KPl^X|GRrAH z@X#btfx|Yp0rq=HWeko{SE5-e+^Jt_cJjKidp1Z=FR9Ii`M>0?g6`B@p zFr*60h{#?RY3;6BFjc{~!Dr~2eWb_2N3d2m)g_@%H$$QRApwP>(o~$SYJVjY1Z+Y0 zJ1MmET?gJ7=GT9wH- zAB)1|kp0sK;AbSmM$~}9m1U9oq_^?FGq4S~@lhTceekX}v!rZQ;smThzf(Qwwi0Sb zalO43#(-CiW(ISl^1b3bUI(Tr*e+-59%c6Z9EuzFS@bS$FsxfbuyY>@iVsr0^Q3Yo zr`E3priS#AljxIB;2~O|yg^_|?d6l_e86cr;^RBAESyFZJrfBZ*OJ2Lx@-tCd6_HGA4#-_-1ra7^%{JT3<;Ka#W{&x_vlOJa^6~n7CTU>0 zacRMp$xn9xR@UCIj}(QvuQSU>XhVci$z>dgcQgqj?a)KX%y-vCAEic?MG;Z)dY~MG zS8vXRXtw-qiG@2F!2V?vAkd?tgDV%99AbVS#Fx(r*ApCHIR*{gjMj_1c&c{D;WcOt z0z{gD^s3P_#o+{$K|(2BhaU-A{YbYyrB4eH^-igUzVF$R!1O-tnDzjBCh%&WzQr0d zVf`IZ{P=iK3RlCMP8LB7A2s-7{aKWH@mT25Cq8Mz~~}34#Ty zL&tbk;fW(u8J@e01C`3`aJa-RAa{KPLix8`t=~>SP=GbdAtV}#r_5p+OjXO*+v#}~ z4?kOCPsXKluzc%LWBN3Bl2Ki_ptF3?!0Rt!Op_*RXApJ>F8&MxrgNLj;>Ne#;Y4Wr zA7V4utMk(1Fc%vHW+9~vPIhf27JOgkY2B@RmnSL23*aPX&<2F@F*$3nH!1`a3to*9 zRmQnUGV0dyYDvR{pyCWRQZn&&@ebU}Zys!OAVBFJ6q?I*$w!+2WA2L3%d|$~J1NJu zeDZmiP}Q64Lu!()=a1*s>@D(MFh~#tH|)6OPdo$|T`nwVMHtYna2QO9ttyvs6FP&- z?tXSmVUaN-?l(8KiD-RseRkt7(kIkKHwMvDq- z3~@f68(M)X7I+d8^w0yZX5B|He`hzoCzED80P`P?$D@r)*c1eNKZc2IgpfC2srW;S zAL1QkB|fB{7r)nWBbL5%BRNT%8%`D&9Fkt@cQMW9{n67-y@pN%BjrfGAf=9ImFAUP zB5)b#C_JM6t|UH?9Ae9Uc??IG;+6T9wjP#A6%-66^nxBL3wrFQV!aOzpsrW2*enQYaIB67oY~eq|CGHH4E~V<-#RP#Jv2b2#}X zgoG4%!2Hz4*2R|m)mJ+FP&)MzW%cO=}=?@+6JapXtxd!n(yj$kQeJoFOb5Z40mp z;Dww~Kn#&$R$VqDy1vZV9+o3PZter}()C4}&A=#M<$TX0X3{n#@&g z#a9V8xWXy&xomcnxq+7B*R(bKi3fEo}ly}#r09uOxrxWd7R-EwU*2Ibp;xFXW}VmstX zw|qD8DA=Z2^faL>M&F?Xqzg|gC%>~l30fcq@lS)FYNXv<=NvQ7&Zn5hKB|rN<7;pX zRj23V_YD}wUPG5C?Dq~L-F0m{GYNkemcyVRkFGm0^G&WRZn_sJHxK!kOGU_}A$+E` z1k$RT{?~z7a2R~`ptB3a9ZBW~A2mUGcTyKzF|V00pZY;|xf3z`1)*6u-Vx((#W}KT zDN+{4;cMU!YO=W{!hKCDqcybGnRmAm6-G%Y{R+WK8DcYEs7_t==>z8ODsG%Ya%OWD z;fy#+y3_QjU8u}UNGbLud)}FJbY-eC^ABz!&IQS5h9o2QBEn2IqCyKcUn-+$!UC%q1A~6v#zsM_;XlDLoY&H25-)L zshmNn2C9R}SFiP}@rP96{MWTOe<6P+cR{elv%A8yoVC=2rr}GYLNF8W39KV7{#DQ* zIAosl|2v_ksH$=6n!fB0mALVsk~NQE@W7HTh8Whw5X ziqRS@R>cVbDL~f0qBZXei92x9wxho-cdTr~>V<@cVB;r1l17bsvXunS(Cp1nhRlc& z7eyR&H(U?`1mWM=3OGKgEeC*jb0JhsrzsCAAcuVlGB}kANrm%oM}_T#=QZm0IYsit zrQ+?61DgvWIA2_T5nD+l8x%PlKTbf%%{*D}Q947cByG~@XkAVlfwugtt7;(tXV^!q z?)$qr(5?mHhb;>922a~dtI>mkmueB|oEB6IGut`$2UM?J?!rn0adji7d)j>VxB$hS?PHoMydZ<)T3*jO%c-q9^pGl-_vzUGE2Mx!cR`fHi~A(!w~`p#u5bY+WGWfF zosa*3%avGE4!3P6;y!TM>y2hqF3L9LOw|dWK~3i0-ZOHq=kmPF`!j zMC!TK^OFa+gaPf;0BCuq76z(q7D>R~4x40+4_n=~<9lo=~+ji^zz}&w=l~-bf z*HvW@WYgj{^4QTAEUVmc_-TyntuYw4klo5UCV?9y-OQF`@QI`Nxsws>jm>AL_#pf8 zCI8t`U3KB2sUQ^H#F*f{+`M(U0^EhY8{9-Bw#rT$rpo2gMpV;5ufyXGhsTLbF-(pY zmP-dT>DYXOCYXfr?cUnR_~t541=ro}0;6@v(k6ZIuSoX6iX~GgN9}CoH6C`+2hyqY zRu|^A&KB-6fiCsdF*Dvw8e}Z}B{~S9XzPdQft3E#Ai!$S zE*ZRysJc{>KNV-!rvJuF9n(!6^zpdswNs1;Wj_Eup~Oz+gaTs=>s?P4fEPrdmVE+S z4N*7EhVR1s#8j$2r)v3KJQw|nnSR(}PiY5Fj5m57ygdhH@-oS0fOy&qHC#fRz%x(< z2Qbmz5GzED3e$AtY`eUVPXgOM8uTgx0RytT5fcwQBq5cG`a{IBjoPPE@lA_i(x>6 zuVG>Acu#Q~1%dWo`Nz#h9$ee<4#_3B5sFXPoG=ycAEhDN!ybcw(^3}kFGMz1aQaVX8%`=y(QW0aOl=Kk zEhW>}^p1!a`u1L$41`09t2Q|PJ8iW;Mq^eitpbS@f1P=b64ZuL5qr9b@o@91n8y*> zYM&n9kE2uM)ABuky#58!LsFKSA0|DSkQ2CPZEnpwaMOWW;<_cOSO&zM#PN(PaK~o{ ztaJq4i54#g{vi?XZCU|;2&tP$%^lQV#2>QCAESSCzahYEbcgmxb*W8LS2e6kx>_*h z&9d5>pRs}pMB>-q3W(B3IHy0-{hp=AUf??ONsM;Kjjb>PGiaaAR4@Q016zVX6v5q< zinZ`z$Cvn@;67wjsejM`1wr(^ucLMH!sYxTw`n2?7^q zfvj-{i!L|7wq2HnaoI`IP6|nL z`nm=b102!?-5FhzEMt3UEyR=ve zXE(Kq5AOuIZMvz7!!jcXy}zJsRfbNppV0xGiUZHcy*A?hyzWe{9?#EL0jcu}|8gK- zpb3eX;7um`niF&wNvFu2nD}}U3kwj(28f)87SiJgd};5H)LyE=POs(_gu^3(h6 zUgp!M6z8w+LTj_z`MwC?KwicvC|T5wOytt4n;-H^MM~68$h6#ceVI zoIa4I)pQL@HIJE$n@V_0b|mAia*Ll~UU=}@>E!wSc|)(_;%!wuaR2l^sdHJ!X!Z?Y z{|lm=1Z!F|k1h;{*P+@xZZanu5%#XrLCuRQX1Bs# zg!~j2&6#yxrtm~PS)6!7*$g_61&hqFGS;fPupj$$NeJD_Z`u~v^Up#WaLU=AT^r!q z;`|Fx$}xJIm}g*BfO{kqJtflB^OXKdo!BCl8Kx={Tf)Z=MqXs&KDTV0`}lk#xY@JL zmEBeCDJb%x2|Ob>Q;z@5azM4-JzN`MHqMLYRb@vz=zz6P(8c*~is;;ga7F;8dPnsi zLA$7GD%x3gJ(g9r=@&as+)ON4Nh8$8_ot#;D($p;f0}UMfQ0?YSyhVMy=^&Lq<~ zBWU|Wpf(#!RAj|{ffV)44!|Nc<<#miB-FI%jJy|!rv;s(lugX+Cu(_7W|p4HpyF?d z^|fo1xDiU>6=IuTBFu2-6R1i zVr)GzgxG?^pAmTf^V3p zQgU4}e!G)KS!M;4LL&fYA)`M_?nqc;T5e10ZllHm(7p}@d`Po>?ElgyO_=+P>Jnhg zIZ12QlyUFCB^7M82v};%e3FeZpokF5c#~ebyGasu%+X4m!WL()_VqVR zUUjN8DQBME+zUZskg8n6ZqoOxc<#v?zCz8xJK8C1SL;-P2Jd-gn! zFqGwJLxXNxMnv$`7wx|W`Zk>ItP8gCFx~C}-TU*nWtJuC&kWwzZnEXSRPf79u3&o9 zG;dWlMx$^u<5nG@j!hCbh1y3`1B_55t~hWw?><|&{CG#h5X=4D_9 zVzv{oO+luMz0XA!R%l^As*Kvu>+q2*tmZ3F-1P~j13%NO{0qAUB{rBH{u$C_A1EzC zKCp0((Z_jFP^cz3hFMaS^I}y3Q0ARog{d1lGHLFlk*?XH6uK_wa7qPxpZnVKq2eZ1 zPtw&c$+~a5_A~_vPM)=u#Zz79@GFN9;$V&zW6)whc*D_0h~rJLj`lRq z)gS#i5cOT1I6z!i;6MmAKYNXTwiszPUH@50dpFlUxN^~5XIw4fy{V(bjUdFX_h{wi zU5ki4NV=&J61!_|i(nk~oeAo(*_*8aTl*N&%vFBC$2RP6Zpgb^3f9K|e^IPijk_)A z5!eeY*jULBN^%EN_qfxJEnMwh(=oc0eo+)uHB~7GlKp}kG(n6q1JxF#HsH7SMxyfK zK|ysaP&TOhD#u2^DHNAmjwMQlI1T6E(WZJLMn{;fq(?!bJpY(p34 z02WrCZu-gP#7HkV^gp_Nh4jVLvB3|(I5$eFXB}3Z{z_$;Xf&yimv!ZC|G;bwhYd(`Bmk>EUtS2dl(gP zhL?_(9bcs*O)dP&I6hj`1SIui*WP65^w92JgN$m)R`|cV#&VJu5C~ijp@(U;pt)CR z27nC7xav=7P{*%6s2vo!!}&1j#x0^+Uw-pum$m>ta8H3bYk{E{JvW5Tuwn*_K645{ z%4IsfJp5$L;cr#CNS`!CaRVrI=UjtnCYiIce7g;9V zY2y7Ec2(w*W_2vlq*4Zwm957$Ie$(AH=X=WD|s2dbR=`<=G&AP>1D0gPiVREUcyq&!%csY`|=_((DSyZ;!m*O&}E!+a=Z5DcIi_e>iov(l4_KHXMK%l zahM1D|L(BKM#q$$0D8NakFmlXy2DY|wwT_n((3|CW<63a00Oypcz*VuKca=YL;&j#z^cEgbgYt+t6>$bM%iCDG zDLCGU@7;x7PtGb2Xckdh`Sgy6!1dA1gLcapG#iqJS{yt&dw=reQ}euofmT< z<8omD@S2zg2!uOwp4`^|P+Gsesop{Jk<72*kZUx#(P^U}f&<%JV9nYQxn?XC$?kZ82a_{R`- z325J`YOP}99vO8bR>v(7T4!Za?00MbA5t;|>K=pT9k%;~K?i^ACC@uV1li3^5F~jO zy0%Sn&kYQ(*_T>5h%z^G7LGd*5C}Fo9%|m3fRp0V+UKeNu!oPIR|UY?Td|VwrR_8U znvwL_XPZ#BcjxL3Hl_`k;D()N&FDtU%?67SX+%wQ$vLJLuHx}^V)H7tFUwVxwB&#t`MM_!H8p~l&< ztz*~^7>LpZ%9bY$>U1FY-et`C?^M}P5Z!lZp^*PQW#wwWkg}t$e@($7x%tN*5nv?Ys!E557{wfPCriE;Sm01 zmr)rNruWsY?j10xvD9CXySa=pu?KySHOD_qyfn_5{Xw2eJg`hiBUn@EfCzOiv~dBy zhW@en4Px5$oPTg7XA5RHAZid4@&m5B(fn>#Z{%ZzD%lL;X>^n4V@b}-7!27H1(QfL z*M+Tb$kojJ4$SnlQ`im8LF)Bl_4-s^&szHN=%~>AaO>A)=2An9LC`Q}m;|!ckoN)90T# ze5Hd`^93do6QYuam7+{PXw8`S5Gp(9?nWF`982A)4)am-OY#weaqw$b_$-_i=K7|N za9il6=*Dg8(3$*G`IZ|vboI=qsf?sxHU-x6Mp2v%!vJfwy^kgiaU(Yk-KfNwY30G{ zUUFPn)!~Y-4ZxfcN~L^K^lmObzmw(!QwOk2dtQWLfa8qu9I5@5F6zP+)utR%+e*gY zBP3<@pnZ`pXnMB**CVs5saXew)UvWK5{23=anGZ zZsm+}d)V+3!^R5>6VBwX|Fsn%%yN#K)Wqc4BfEa2gdIPa^b4mz@gEqBxSa^w<0h)$#kxC4MdhT<7v5PDj0t)M$xX^Sz zMdu_yp2lS-@-q_N$O&FsmDmwZekCi+!7!yQ=W&07s{#Snsq@I?Z1gVcxZEstyodtF z7fzY|I4t^v7F_UV7h)P0ko)>`>}*sb%Zga_(Fk0+>0esb#L`N!d4MM}N!)7!QW*`MWzGM12%+=)A$_KY~Ge$a9*xJ zw?caNYkKX>{Hp=qg1q9A)Z@|WEmjWs$f@6DtW4cg(qej{hJ``fDT!|1J}{uwSm+vQ zA7SAe${qRgdZtmEC0G)Wm9s;Kh3Hey2 zBY+&v&)aFmKnqhuF^FO{`nyyb#mlL$3pOyz`uj=%+)56!IU-p?RR!+##9N@`IQKpVp!o8mE=E!c<(wQv|a7e&Y#Y*+tSrj_N*);>p7-^8U*(JqRO=M!}--w1&hB_w6LE=>dB zmaU~;7t)uYJFjxs++bCSn3$~>{vOW@Sx>bZZ(6U1ENHMLs8A*+a-~3@`oBolb8j^N z(1?RNki@%k=l-fkU5>(q5d}!DetW#i>CU{UAJOm27hA@OX06MMMYVk!L2dwXQqH^j zNc}_mk#6daYAf-QDYEEdC!#37V+)9v@h`G6J@)K!-gL|xxd6Ea&qp~Yx2zTTkDKJ> zj_1jTh(TM|eO#3~)k+9IZiJEiG_ZAL`v7?bkA4KTHZ9%26UTRb$Q8F9BFMrHWv?w0}tV+pE6rPk{!g{ArPIxixv?C5-Z zL8PPdkWr}Bd)$(=fK~^ceXY`iN1))jDWQ#4!R1AG={S8t}ZF!@i8osvj z(vrYhE|GRtS!Sk+Ju(!=U}ULbCa*k+nHH_}s*#=?kK$FEp@F*vwCZR73@{?Chet7= z8^s;8B~?2T;J0R*=|%nAe$j`zrozl5)fAYC{z#LpwPD%f$^--LeFzIFquU0w1ly_L zE-pU@m&4yr0hiSJ++TF2#WQHxfYldxf1|XcU;aRDX0C?7j+bc5%%dzt+j|K>3Cy9s zA1?on^DZ;jd8E(0gj#cz0D}8Oj%~F?vc=SC zr7!TAjpM_er1!kicUK)B%l0Oqh;il)PHk~hG3SqS5y(3zL*LdzVSDBFN?qx(#;=99=1JKgt!I-t zQ-^T=BW(C{`h>hg?DrG{*45as{S?B|gG2nLiLdHdLx|58`fKfsaRH|&_#}KSZxA`m z0A^I!gdqIk?J8oCauvJvoI>f~Z~uRoag>d7&VP7zbG?Y%&mGpbB&9NOg0GBTdD+zW zmhqWsrOzdLoqSf1e^+dR9l1LTQSE*=?&J-nTq3EHlQIIk?!JgqEC2P?y#;8-lQ4*i zSU_d@z?e}{Ko~sB3gIPRB`siOsxaQjcn_vQB+8;(C_0lGje;{I#)>*_P~3m6Nj#=}p|s{(23mtmXscY#e9AM^Z%dS(5uR zvOzU%+(CDA__cv4=M(1mECxN3<6o+Po6iP(oAC97KxzCZ;qCL(0bGOA(!n3MriL?X zx7rZ-me;rh!=$4qI}~;x*K_u5`x%PgJkQMeDV8F2Bo*kcu3b>=ENuek%zFR6l;>TI zr@!my=}g}cl+$30T59bRBx!CMm>mDNl_RW7V+DSkQkIw@Q6sPZx=XhUGJYi4u=ykT z=4fv}YkkVMkRFF{ODFh8awcv|G-HIACyh65Q5DZ~oeE`Dnj8Zqw@r%K*TCDZ=UB~s z_mAFib+I1ZQ!s$Rm2q!!f_{BtEufY;26P-JPsY+q7VZ-83Nr8Li==T-t+ixRmV^)^ z|F>$TW1UyAx$cvg7~Og{f@Q_q~oM;aTjpPAVu`#-)A8EX7?wxEcM9+ z{cm`KH$)2yF6b86O~WGZI7_DJ@h`H^=$FB}wOXIe)$9L$oz$oE`$8Do09v(VMqL1P zisOn0B=xs9_z*fu{R`B>uE4GzAa8Gi1)mfIfb`nkIMWb;j;(G@XhZ1czw}fEUm2f% z8`a)HPk@>)H521pQn{X+xp~}mr>4~lmjORO;gWx2WuqWZCm?@oQl;Q%jtMov5hPRw z-he?mZxH1wN8v*kKV_@8kh>{x;!8R>93%J>^zIB=P zPRpAb@5A-T7FuPKekxkJyKQt141m!;Q-2C1)ut)|Kj4XELP7vTZS(o3?^V(fu>P1k z?CzrA_*K(+}bT-$Iy|Vp`sZo%TEW;;LMB=D?lF^vlmVzf3YdK z`vn$D^CD-qNvB1{YJbT8W$#jv`E9Ui1)z=tT9N-Oh4%1bNc1kuFkGRyj&aviOQ(pJ zar!FNpC9sycMPJ$es#Ia3U4w?r1s6M<#nLC@5w9 zF&!v-EqMaRUwESi@p7_vD?XG{9J&rEW>;-(TPxbVWbnI6oDfnkmSTnt94*SvRBF@M z>gUr5nw^<)qv1h<(63~UI4NxwFif_hcaxEg=rAt(`a@yy$<*=bj}#BgS8qNp0N3MQ znlo#Iet@DCj+%{K%$o2X2_I8j72NEOX?tH@F{j0=bXuh{awcl(ytH)D%G>-UxH2LA zF)i6H>U;80Ku~is!Sc*Zy@I{}wB4t0A;gR$>>l zVPwteALqNJ2dXFcZalgsc6N>CCA}a8^deAwV~DUK*POwL`HLGt8uA@aDEv|s@LQy6 z|C}9+GZ8CE|JBDkyo#0*1MU zFPU?-5aYk@=xxFk!I)!{6hR<{6K!F`3fq%l>|Ls|f6R zDk*JqjqqNAbOrBW zuXS0Z5N@PPI|V%3d?eTy2c6c{!;hC5ugigf*F3i@!XMWXj3kRr{N>Y3I+zr{x}y`J zM8J`o!t=w*2w5W}f0U7J1U=QI_~wO)po+W|M^e2tjbKq`m~AZpmjLdaa$^t#>`$aft3^K5|F&A)&&p`u)o4q@$%-Xu)k|*2qHVVacDI+ z;(F+^^X4=(E2Zg;Q(PRrnNsO9f_NRqhGhY8&F##(KC4?wG$dfaM;LJ-O&jePQK^&FM&X7!(MW?Deh zNSm`tu?mvhOhxUPEYqP{n$xvO;~2mS@Lyz_uElj;IBe6LGZ&_))R!C5B{RxRjEvX* zv*abRbG_`)b!NEk7^lSRkif}9o<`{T*7l!zyg_HUnBG~Y-TzeFZe4*@Y=Okq+Dvn9 zXE8F3t&x$N;2NL@yn^>0!T)?T^!WaKAN- zH&jho!Y3pWTV0Hl(47Sg2AN~vznA&n7T-pO&g`LPrSlp6g2JBa0sSj2prU+WC0m#1 zwT1J_9-I6+UWw_S(^Qup6&R+iw;rlH#%jzQ6(bj)9}$JMH}#+p+%@ zJGa_UdPYlSQp@n)%4Mr4zsj8`T$hIlN;F04T;FkQX~tFOs89>b=`0cAmzzl6*`5CW z`N@ovjR<9jX(e{fJ+{*@3c};Si{l!Fi-Sfkk;}}O4p9FPy{yDp_}v6Kq-Q}iV1Sf? zf2TX6G3wTmRQK|>sRw8aAwh?|^a%zg=R4YV^_{szMzs>ewL5}aZ8HrmZb0^eeQa#x zs`7TQ$O!-&(wa8LAoj`+HiIQ{fwwaa+YMkhvv3I*D-Tc+*9`FxhoWOfIc_nLoi_L! z{eU1eR1Dji#NUq7RXzX%6oz=;okI4ujuK0`&QdIXezhW@wUK7vct-Qh%}{ZuFmzb5 zyT7Ib`ECo!?lkU3E@cD3#cjq{fjJ+UNRuHF`msA=h1{2RRbS$K6#iLy22tspuJq2_ z55iXn$s$MZmjC@T#hgb&DXiLoJ70^Wy@HlYu~k|9^&w@z_R+5 z@zH_~`*(ltyMK5HVSi1`$Ai_<4{dsX3I8Ml&FT_po2eDr9rN+UmQ9T-TW#(3UgJgQ z{-TkrdGT|M2>ZkN4bI3MHAe8EPYoc2j0#-(%`u9)p3LpOFD@OKz$IxP=I&B#k~$2Q ztx8aL^cZERz}J+bhGL%>`7q!{dya0(csyY=Ev0LR2n0{KxM@ z;2Ks6y2gdm;APjxZs6<#EXJ`-r{F+T>& zhfme5tJ%aWcsKcEf$i>XA>9ojI-z2upfEqAW=B0(8vvSr49p>7+~$I%^q-(oY!Cr} znQ+mLj$L)h5vkXt;%zRCbn3$~RUW&wu(6zaJ;SM}Gc~e{{1D$DL3cv_4oG0W@BGWn zaAl$GpvNWTWOjV54D;(VvuL!ue{~YxG2a45kNf65ILj1FEk53i@ed<*hcfhA<;?W9 zUpY)aOoHpaHCs@LE-Aln1k;guN5$H1DvyCfWv9% zOC}yU6ED2YwTIJD1+u1?)}0Z6e&>LB2KYZ0Cm+F|e`9yE_=(3@RE#Q1p>T?L+@i8v z>W>newLWn5cHB7*YXN9r7PD)ItE6}lC`D21p1soNWHO(O#DghsvoG)}agLcwS?%a% z*1TD0i#oWVM*rlwY(sUdiwlh0A*F9N)cR<8c@7rik%JHm!L8sxeU{b>g?rs^AKxFF zAPy9!1VIo`IZyQ#IfaWIp?zJozA{R3cRPaGPC8qbzgi$BCzvDR zq#Eddg7c*=T<#R2WgdNxE@R$7H}7ejdy-U%J}5YH5{kRCRyTz9VMM_@b#&7kmP+f2 zF{ETqgMmK#Z0K(s2U-znC1y5w7DV0^v#t|mQM?{1+g3Ff)8BivQWzgJ?Qjb&3-ua_ zm(#I%Z*qJM8oO-&Ld59Y$r#B)-A*9Zn(#g&){5Y>oD_Sm_KYFJte;7pAQD%EbnP|a zs>W0Tsd|>noubiF>OuT$LqliV5Euc5@qkm@WKA26W#bJ)0{G_2eQ#sohXdrYMCvrT}yZNKPSbng$t zp~mjLU^8GzwdIh*ilXiwS{@lt^VvOh!5u-M^y`Y^&8AO+^poESh|x@lG0F&#c_JUa zSVIJtn>b;S-Cyn|#!SxC*x6cIBi3wulT2(b%zjX!rUV=v2c=0HFeVX%UCWlfX_ z8MZZ)87~nFo#4a8cc&jnmt%jFjJgLPEEGNcl#3h-ux)vQ({&e#IjVysRhXUh6)w-X zGv-V>Ge^pGQ7Tbs6UQdi3+SwR)t2fBD{R4k&0;KHCYo$Q3FM}WxB)RYj}nAewmjYSpSsMG=r3t1hD_+U9;^?SxPw5=f|c#*<7 zM>2;-MS_|DW6dPzmPP}i%3h9c?lwE}aBkN&N+eVFiaS?iU9L;O)(AUoZcOk8$^~FQ zW^>=>=G0)+Bx#34+MQvdxFdj6@o|Ha!|;^7S=haQ@ZiJ@9gh&9b}K(ty5or2oalf* zBDi3H;`uXtz)Re3B{p(l)9)1>>uX7nY=xtT)^HXTv`J-0`5Id2z5e<7f6#Ft>eSV? zB)F8C@FIDCWRo`!LzA+i?XLlF_}w&iS!v&#dZAitwGSGoo^bppj5RhA*kw=PjB&ik z1k@$I(vdp+x9oO(Kp}A1VF&J}3|7fLlG@*>V>zzuE83%2MR)ipLW-2oKJu=Y}tuVyvGlvLip`F+RMY)#G zB4x{Hc#npZs3o?z>qw$1iH$ioen+LWUun{wne<sz zHDe1o0=vbkTg-`*xji&GB63}(DW>gFAkhoWSy_H%t*kA|Te_1M|YF2z@s3HnFHUFEzm3$qCF!KWDGHqFt$6 zXyCscM}_^}c~IP_8d$q%G4}0+SX9cHBE}It+2$3tu@0~dfzvcqoj9qQ3qTmv%Pl@b z_+|d%i+iQLFCc#At#Bl4k-%>P;ozQHlOvS_yqDNXB_~22TxKsY?OQ(W$9?Bb6LwH% zPS+!oGToSi^`l^Uw7xvMzL1O0m#(um_wzFp&_c}r87#eZ+&UmcrYx{a6(s>vT0WAn z`LAOwG`cFq4(H%l;8~U17ob+%>rcbZdl33KH6{wQMkQQT{EPSCurHTM^u>^c-#LJDIf=mB&v zL+mA~b%!4;>FEYiskPHf^*qEa8GwZuh%=R6Sz3e2@>TX|=;IjG7>1C9dpse1<{>z} zFEh|vJkX@#Ekf$_*9L|BN*&(+3wRkTM?~M_4v#)0$d$0&;u=}pmawuLr^|qhzaK>J z{9Jd4J-*gcjRm-uXzW&99p@E&c_C(_T+usL_c^+;1aWa&qx+z8GGHM9l5Cm2MNc)# z>kI&@9nWXvREgqo4H;?Lkf|Y5uv^qj<-J8DFlaI-yjhJgQE67>yf+@rz@ixg3?{2BvWuh-xm!!eZ4Q#`)JX6dprA zL%;j8WGfIq|JNP&&G>kUkdZcRdIP)>v~QEDawsoTDl!M$=u$I_@w&0p;EjJFWnkeU zC+!wP*#hfYstyc3AN_YjKM{Ag!f1MwJIU29pisiyVAa9zW2Uat+6Ga~577|TumD3y zn>bS5_nzCBL4Km>R>Pe4gP+W&kOX;724CS11*z2;s9~Hej^?;-m^sd4MTSDtl*cwm z$JUZ^242uVV`gc=OPW2ED6)m$s6TP76#eS+oav&?^hGQpFxhfVus(V@ihQd6F0l-; zw|8zsH@Tp{xf3W=FO$-$K3}xsD$(!T@GyXq?x{wC+AKM3&qB?E<(JEb=(p0VGjvTJ zAp#p{$DKxfz-wXlqElnmmTR=tpMka3+P1QM-Y!}?fqSixOa`uptI%*IX|`=-_>==| zclcrhuigPU<8O(gWNt`@;Rw6!t{XIUrp>vX zc)M~-P2N;+;F1?s`ok)=lg4l8v{#5W^9g=Qu7yZ<+98OW^yhU7k|ZE$4%?>;ks( zA>gN|NW~u8t!YJ1ggdP3o2Ofc^~b3CiCR`@iL+ap9fYh7_J7Hbls>x%T9O`r{H#Ewm1lEn{PJKa;gi4< zFIhcRsV__$UzJjpUOiK18EuR=SbNpij~t4Wy$-EFxE=q(Bq}vZ0u{3RCx_Ndf}$-^ z^-4Tv*w7!5k5g8kUc%~tO4NB6L8_wxKV2t#A`~*rQf{lJ>c?TnTA|VqoJ0~Ito&8^ z-o(dg|AxY?wTE%V+!JWZ1&5 zDpe1WUFX2atS3V9D5~B1sxAV%SLK?Gqm_8I+StcLu*m4Ev|*NICy>l21-}_9*Qe6S zdCk3`AW{&*xy@CSH-|^Vp^4oJimyf7tpLfJl;Mhgb2S9LaW5UIXTEVmKzD3AuDb~J zEP)FdQcDR&Q~o+3i0Ixg`Xy`f>;39i!%3z9J#{(|Y^d0AO*&m?&XhM>7edd<*^wcu z4>kfeM)1ccNIzj-ECQO2Rh%#>moYEpK&-QL=mNp(Ib9H+_?!?Hm~Vqh{%d(=acNbr z*t(h&l3kz8TGb}ftofp8OSbEOBm*x<39Z-&`d$!C#OaySUYvR2>;++WAuca4m@vWA z(E*eO!(Q~q5{lmH5vD{>o`%mNt~wwnWPmVl)N}eg?|K*RzG;*kO&TR@WFN1#NFZd_G%KMk(4c7OB7#GD!}7 z@~W!?9nqBc&pQO1%|Vk?hRe1f-b-p)a3!;**(+n0U*fX7lVwL{3X>rvi}i|{Mr7|? zHVOy+x)(d?Kr46$srr=!>`M^G#jlS(#rGF_EjC$s6}*$}8|?&yOn>^YG+^YS)yW`&L499&4>>iIN-QJ| zN+raaA+JkxaNB_8>+e=4z_|3h(qVTy_-|fF8zbaeGF=PS!{}BEA{p6nZf#eVo#YFHh{R#5oqJT5t{VES z;VZwf(JzBHM|?=@mQ4zllpG}dsuZA~7jB_9k^hAW=t8BKA&HZEiSHAjB?$;x3ny z+uI`xSA)@PD*0V?tDWdq%kSjkb|6x`+bM?83Lwo_^b14)hz!{F-Ap;l-@ zTJ&l6ke4ruApSHBZK=h7IIV$Hf274HbUzMweZxc z!OI(&I+3ePRu!(MtNS)vfRSZp3K_>s_5~+2f-4m zR08zjJ@}F-q4~-igoS}rB7Z!sp;+J4B=ouFV7v63tXf0n zgP}~iwZ2yuZABh6EE+fBY7vdW>N#W0OdcH3I@~V`2A0AU~zXpR785Es_wR58>ws5d3P4ta(h9^bMQ zqh&by)q1Lwn79u7sXe3K6k01YX+C4~hsguX_e4MK5lgfgHtV!!RbN#_`}*ks^3@8f zd2C#{0U&jW7zxC7o(lv^!^`k3b-_Caz(aCx;W zW@OR|2DIJ7k}$lY1<VO}cLk3No`N7h17S?P>7$vb&V*vN{i8Zt*er%@1Pzex0%@&y3@4oCofHjEeDRPCRTM4xq$86|k-$qWOI(X)=XR3c{?#Se>d^26lxO zY0IhL#_R{tJZ$rugZhDes^?4PF{`s~$7~FMO&w93o~~NLDAxX;b!-_@lcd0bc$<1M zy_wt^xmXF4%6oE3cY--44&XP)jBE@P?-A~^y4?{F&NJwl7GoJJ-6qsG^3d)1-;vK^ z5iv{MvMivr#_Wv!l{E93*KW}$R{6jhrqv67O_Fozxam2$qC_&OrwZ@u_gsb27IcnA z^>Tmp&-lU@vicKg8wI!=n{#NU+-6o5x=1pq(k zhu1!kapNWY0_g&6OO)(N;IF!MkWFgcT_?QG(RHbVCrtmrHoiIj2x2ce&dkbICF>M8 zbIKIS({Rwl^2J1o=zz{sJeizPQ zRO1=0moAC?MJ&F`jz=NlJI)w>^Mwqc`+Ik!x{J!ln3*Nf$q1zbYnf6{DoM@>5*)11w`rf0 zPry%f_#58ppD3IUiq2`b$<@TS>#U(N8n_ZXFz>TXpet<{X>4gq`}}FVoNgnq+Hcnp zl49GF&Wy;1>5tjd764>YtB31x~F9a?*0_t9_P; ztsA|#5NM$FUnRN)sZ8qPiN$Nu7G6on66OV!r{l_DC#(6J`s6swN)PZfum_r7*C>IR z4&WFa$l_7XC90*o+;b<9E{?D-Ulbl)#GeN5(+>Q3)1>SYluNMAf($o?lZpZzEBwXu z`Gsb1bVQsFaH7gwOKLz=^}DyHhc2rA+lOf|;=BGRbdjLm<@C1y&{HdWKJs*IlgN73io7KuxP9vdUx;(@kw1SYUsR zA-%Ebtqn$1!9azd}~Q_<1mfct`J$vQr$aa4LLzYxT7jtoJ5LBvYn zYLrHHeSZ>BQJTs-Tv9UOHxp@=(`8bthDY zv(5dL`=r#_H2(BJ7Kq);%;Pkq_u%20P*xlCne68Q1=txpTlnSjFiZeZ6;~+#u+ARh zGq=D!-Wv}#+mdj~@OwbE;nXSg1p5U;2=MQ z<)J$f;L9mXDKnz*uD|$ThHModJI{r2Tsxm?-N?7qXn zHpvfG{1QtdTe?ytWfKlE47kIgay9qeA!zmKdXWEpiH=yyt-x`jjrvHw;IF(>hv`JF4U<34Enbw8930R1zyWcem2xi8A<=Xyh%YlT*Kyjc{a- z58}<3bjFpm<ZV@(enS9IU#B^4!8G6+kevgejZ6^iE1oJ3%JDH$RS`NkbOQ}P zWBU0`hlevrIUuKt>A{0!6_`kh za@u`1M+litA;xL9j^GKCCxnu$t>j7l211IEvF#s_=y5^m8t1|;`%HjqfFFv1jNfZr zdWt(jpY96bm%<3KksOn3zrrb}>j~mG;$K5K!Q*qX_&7KF82=MVA)h$#q3CTG`;Qxl z>Z*9oStm{e?&01)KK8Z+HK3-HnCS-5L9Kw0N+j^3gvB@=0BsCs5&JZ;0({|X5we-1 zNzY9&l-AnOF6J2nb~M9Yd~#`3&v2QvxUC}_=US5_YPspU&*!t`bmk%`N6|x%25-iU zA?GzEso~&M?j=K-pU@pSoJcpB0*-jfp_ueSmlD5GX6!Y?v+H&-FW(CBjuZ=oDWQ~C zb*4*Wdo`=0_IC_Dr_8fsurYgV&p~nIv7n>Uob&75D4~JB04n{{dEP#)9TX4VV1X^e zkxP=$kTqTqfU!YKN=fBiQen36T=9=GV5(KiIa?3F#WfBC_yv|`L{pmB8MMdVr7@qA z=_5+p20z=hRB)BdyjD9++OU89_|0%Ejr2$I$JSQ2yb`#07uNlG&FtaDSQ4mtNM(V= zl8A>%RV8Q&d&enJeBpe@K7tk7iemUsu z2kzH0?vqHqVGsP#b=$vf&Y@oSMQM)}1@!)66fQ6=!dFhJmyqb0R?6d&44i z^fKm`h?7PIC7X)`mhm^F4d5 zcx?~%H+bDLopbNK+?BtStnl_lbs~ML6}c=is;&sLe@_5H`OFN;D+~a` zqBiKDrExB?|)gL)_)oH$qlAs&iIZH2+-r4%nlrXPletg!U6|u^9TYHlj@IxjHYHTZ25jTX%oQRGjUk zSbSYEI3fNkx_v<&tiy%Jhx%;IGA88QJ=H^xvOQ zF2S?lnA?IYaplYao>Xt2Hm%U|473*4qeF~Oaw{!6wiA~UZ@rqdV_!==h1n8|fUQdH zb*E{mJ-7EUW37xMhox@LI{x%PWTWKQi0KsmtKT#hi-B?{^1rBc+Bj;Xc9qyfJE-vy z3H@73dSZ5{TMuH!5;pc%N>aGZw^#d7!s*4YJrfNk;uckLM&ssLY$b}<;uLWwr(TaO zF0?5y$1XLxAB{xcqd67`w?1zbV0lbUr5t(B2Xw*wTwqE2??qr3m*$B{zMGstoEU;ICLXVT&#F~=C{$tu)AFO@&JB{t%h!{mK7UcxS6S+i83YSVPNresSF34_kQ;n z!OX`Ez9(uv;R@0;Dy(KydL(iT)e)h+evBBYM6qP>_cRkl#E0!4$oZON--?SS#2mp+ zi;4rqETY@=SVPzD+Tf!zpb3Fg9kkbJ=edzuvtpTW;mYQ|N`%G-=c8cm#+sumJ@HdH zY`OKctBqe3$ZaO$OAoTj$6P>TZrLj&A&O1xXUx? zUMxv2qBFW)KZmG7S5j$_?9l>L;Z1Hu3E(jRcM~->!`;MD?BP-qFv)s=JtDWa+k44$ zkx1U&3iIrO3XaA**uiIWzIoUVY#WmJOMlGMIiT%F5Jll-XWQ%8VT*kn8clQB&oED9 zHju#ke?H~Qsysu%GeH(r`JXJFvA4Nx^WjEpHh0d(On%u5;cuj!xSYhD%I?(IHfevxSfe}EHWpLF+8icDZwCvpB$Np88=7ui;f%lVg>u-*eSx9tX_ z?pGfqWNW43yK=3Hd@}Qsz-~3B(HHU13swr>V!6(F=qCY**~~8C;c@F>Tgx^hS`i>k zPlE4$zGiK@sM+O_HXVu_{S#Z24M?nhJW;u!sG5t{q)~YXFGMylDdhPRi$ zqdp2+J6mU29)#R2BE7y7e(xV$bT3?$BkngY&R-}ozWPHAVq%Y>H(XD{pI;L93IDE`^Lk- z6sd+q{%0$A_Eqf5xKjOH?sG7xMv`2B1MZ+iVnG|ZBTw-2K$@Ro3LNEfL zu{Tlld$QgBjIXo`r?7>&gEi<~dTg*3gMTVGfTZGV;7|ueOo_kv5gq&fd~o&h(=V@c z;uX;H@m^SPVyz+A?j)7&ZID7?>{gM+KZW|7=2mK% zXsDEF2Z{W_&+UpmZeT*4kaU)iF?bA^k1V&ubqY?Gc{wM#nxYfk7Ofwc`{FF zgXHoJARC$h;8#weJouZHtbjQ-*n?2Sha>79&YE>Ro@?^^cblp*tstqT#lwxz0BFJe z-En6Sw-ghvj>F?K!HDNy!E(UeGWpx) zcob+-xB@IiiGtzxqIc#b(DoOic;NljDN;H4V+#^aLQ5(=Ys=E6Frj)9=vnL|2Ovdo zv4KF?QF)1vbQw#5m9N^@efPEx2-DLMbcc)Q=O?)Gj1R)+>j*nrp-_o;HEeKY6q%mN znjP(453U*|LQ*hr-Ce1Hu1kEb78$(0J0e63C-H)`^uSBpuhdL z(BcJum!hPLrW8zvd$KMWh;}IP;HMl{GSl5__iF`pk7u*f!G9@5V#Cau=%f=SUf&ah zlcdFb1KwJcbq5}Z`8=nvo${f_RRzeQbhPF0Ms5%knqPfs(y;LBAd&eZ)R(Nisz-df zmj{ogW(O6E;ez|A30I*0Q4?8?2GfKf74Xs#+hirm`nFFkZPAX=4$%%;FdfJL#qNQ6 z@T>7m!bw+l(SHme-Pl$x1S+*1-m;cY))R-_{NM@Ep-qIbJ8xOM=ALXmJ~kE;d_GmV zYOEV1TR=+YCx2JJ9BW)L!LpBby(C1sR5TP3hov*^h&4Ah5GH6wjo~u{j1*o*8i0IN z;4;9lVoc{bZW>TQJxv28CXn9!L}0K(u&gLZBSJbj*_{*3uiwzqm^ZyaF*QHrb{WFb zJSSOR7IVElUJSZA>M@>(iE2sw?xgQmjD|&K3kNp~NxUr(cwbq+mPfnJA?THSGNIAI zX0Wzm ztn0G%99ZvQo(bc_9JVbM5hUDwuPug~qvQEkZW(|8Tc{s67>UtW;tFq;+f;;;&E^I$4>0 zp$%9fmTG7795U9fUWAM-`sl3DDpJnqnA*1?3Axh4kek#9)ER?#Myr4BTcndG_ zLg*b`p-l(ss%BJ{hSFA>`j-*b7+!Eer@BrZletuRrMtl`W?`_`5?oCpApDQs<|yP@ z+FHcripFkZvIy0`EvQHp--qbWoh=2~O0BYTy|aJ6l*xlQtF2&3RQD1auXqHz%K$S) zV`vvYg{RiPrb)wo^unwkWNl%=8c1FP^v|co$18NRCt4zsru=`6``Dw5rxqu%+mbrj z<++dnoa;4>8HHz5kgMK`zRg}!d^X*&vHRlUEhCjQ0e;%kR_A>8>ZL-<5%AobYYd(W z#-Q$C$_^lsS6p+@VqLA3S6{ssJ12p3nEsvaNfA!(d6TAN4>2ecs1jn4#{!#vFGG{> z4r)S^5gt)1u>8m>;MKU=vRv`0d&4LY!mT&RP)2ZSJrO2-5t_(BY-sWhsDuR~tu;3yqPRnKxZtGsTFFzdDNJ|Z{uj{xGT3!6hq(2WZB(*d z2*t@bZpHK)yk(yszx^%-+=Ra0Mu_)W(z#-p-)Ln2kyX?7P9G^rP~kRq#TXBTIGPRIa){cvL zhFIWK4a?Uzqhr|-A}zXd6b9~?^5wE&<6tD0tqx4z`xdA)N+^Cvi9xAgm&+Lp_%7=Z z)ETL^-pOBBpRgilZpZ*^Qz__$k4~=JIk#hKL6(h?9o)vAIkMe%W)jlpUuP& zMeL7E^jQ=ud2dXX)HN}@rnJS7C!Zt?Kr)dO_EaANw`DkSU{sTY80A)?kp6SO+ri^= z`OUp8JQ53W=mYDR!alYfA^8RJfU@j9l_vnghme=JbqE)JaCFcKFO)EfhPoLQq6BRz}H+&5tD# zx?CLJ1f48c)=CP!EN1JE_@b zoY`tuU=nveS@hj5C9`Vm;X|}_9OhcC{ZF%9Uw-gZ3L~`M3)r-X;=tdD_tS8jUNfOY zW>Z_>(vY!fh6ehxa?ZZ`D2cf|J_&@|9BuHAgc5o*CW`{_p*Nl<%p-GATjKJ)V-}>S zG;cd9dZheY3;Q5w$)o-3*w8YAY?NP~K?P}t*=FR2nAPl+v?2{V#pRTZt>;L8A&uBL zBK~ynFEd&WFiE)=T;#gWD>^cnzr;q;E;Y&jL0x{$$tJH5+&+a*sid-nye7G9DbbKH zxK}5apM_aCp)1|tLzyr7Rat-ti$%c6!BuvU+9^wZywAdf|JM#cpB`*z&ueuS(}_l{<*b9HlXHcOcr?mK98CcTz9fw< zplMG8I=Tn#Wcb%-pI+S~v`%scrf43q7IG--j8Pe9bflEh>Y#^$NE)Yw7W|#-%Z&wl zE^TM3QWVBQsLh(BiPJvc+J(pYZ}HKa3jjSGeOi@=B)ON3_TZ@v1> zPyST>>A{rrtB#0&D%e2$63+H0ZAAP>9`eez{;I3g{yT%KP}bb`!@qCWHrh}9BrkI2 zq&XJXF~XlBsoa`Mu!g%KWYrtRpW`w2$)DUrrs;6^+uvgl%8Z0Uqd~T-U!L_K@APUV z0$o?;rIPq3_`iB~G-Z(V=l^^&rZjumS&H2X<<@f1n8d8-cOlSR&=f|+X9H%?XVaQU z^8J)^LO(U{U(z$n@{XNJAHs69sNvU2Z6#3mK|A=R%~o(gls`{%9n!UB_H>< zKVzr2kw^*7!M8y; zWEqMKpwoX14;ptwq;4{dxa%xo!8$c19gobKuCDOr(Y)U7rv3^Pzd3T?v?WokZI`CyR~WrSJ~dR z(mzUC#+S2!BFn=(9{(-g-SI_}0yW!QPwsQ=n*2m>LNdDX_$&7+Y!^?2oK%Z^ zqE$E3!X)zA?7Yg!x=e@#>_MKg#M+|BsmmD@1;U+`942=A+)%V)^~}F7%WY~bmtSHv zHXp9&drcN1nhsx5FW54l*a4OSOUgr!N4vf&)5Lly$YQKkk_`SWZ-QtiIpq-#6(`XA z!vXRL6Sx78-C+P1_hWV~{D2w{a0+ zq5IKKHds9M)T=y+iZsn_=Wq;$B=@qZtTeb!&7V=m^pk#HM7`>`cHMM8igcvaY%h~x z01&?U0*HZ55KuF3e|51#>*QTU=+jboV_(2X=7nB0{fNU96iLr!M9PVnF^&BcDXmjN z@1n+FB}@aj7Br{_(Zz$n%5eorQzKPFIbI{U@{}8o3~?b!Wp29*wyZcH!Lo0Oi);Rq}GbVz5?k|C!7d}U)#1+ha|dSS;jQmSA0&5GJ!i6BOyo=TOGR&OX%R3APAKKAI# z_?1yG|8AF=QpKW^()hksHz?%Vl$!ZFlb{trO-IRq4OljbvPdLqe{Jh3&KI*jr^e3P zuXloG98mJ3jZ#AtcmidY8ux=xpNjv&?Q`xayNq|aAWQAbV4nYA>c^OVh#W4taO*gO z^@VV#va7AlHEkDKo(p-(E+gl`y84OorDZs%78R+hz{_Q1w?Hdrb^Ll>BDJfPu7&}) zx`Hdp@!^PfAL;i2`mLj1_r^qORLtvV*uyUO|*iVUcF!#4HgN!|gKT+)75y=Oz$7%@`HmLzCzbG;Vuhk zl|AWzKfCs<{?yC(Sbzm$5cc<98AfCpk{H6dJU)BWv|z|Q@Rp?^6M)wbX6x@_V7#DH zOW^uo0Vd&65p*5IB^$m{DyI1e97$FXKPxhX-YwzxXvK@G(voF8=`8fO1N|v`gioun3LLMN0W&ih}oS`Q#$&VOK;2G6ssflE?@A+ax#X zX3>cD0FXU(1N^Q-s*CbfJe`FA#i8ReVXQ~IhHID%fpO<}ZKOPokKByMjE4=ut`HDq zEyfB8M7Tn66}90!i|JJvJ$LGI(}ZA+kCabPPgTy#JnTVZJHYJJG8kEH>i*aL%Y}xx zmJQsi^|1FB*~+8dqd2sUTQEr7(ZU4TJ;8@$gDD`=hww8q>b}uCJO4Yb5%tJy%dQ8-GBK#uC zH8N4kjh@K+V2y14k>Jkkz7bH~+3>iOr*J%J46(~!2#-;BrUyT}hxQ?mx`al1+pX5> zDFPVrq`Wdj5Q==J-*Yrb`L!D&pqtt0H3HO!3=&q(cb#R9Zg+Cn8f<2CtcD5!ui_R1 z#kKNP!}dEtI`3q=T^17d^-mx<&h!U+f@10?x;2!?!U3y}HZ2+whba_jZ2;L<_|Ze; zD!zQgXq|WwP^O@@B;pc&GSJXHy>qtcOL3#&Ktq!naVEyJEAXmj(&(3hz*S9_vC-K* z`jD(Zgby}*inNG>6#>dpv$4~W{N}dZrDsaUZZoHGx}%6mOGcm|Yy^0<3l1PgSseoa z^B>lF$e3AHUro?CB}TKZ4t^!6CrBI#RwgPUbhB-oib;i7o=e)E(f)@wP_VE`W^0|TV#8&^| z$_eN{pNU}K{x{9d)G{lk%EmOJstW0ZWqbR7Z}=e77%3_n-Li?S3Nj61obn!ka4wiP zA$~-36Ut5m6r1ibZQ8is#0Gj+MyuR@wUch8h!8RhxO)hW8y<6Apua`Y$7&(viQ(_Cv?Ouk%e+UJQqYkA`lU1Q@}v4cTigB<&SR{dm9OqLTX-$X3J9V_ zRb9Lxlx%zvJPHc6U@rR@l(Ja1AA>2AOzB}Is25RPb7Ve|*Gq!KGywlOa{W?9IfKTw z93;)Ck}pP*ZE3&$yNv@Vf#{3pCw=`6F%8fWh(XU&W8!XHt_xzjwaMSGH=Gy}MU$AV zVr!TZymq0w_Tob@onl^F=1#>{56%c|RIY5qz8>l2&$~}I({mg46fIys6va~#n7S@& zT2LNxjDlw1a9o`&4XuP_Ix^UIDNA>RaKHV3z@wpeJD$sJeJ|JzLxQW{?hjw0-lESn z6-K2*GiKi$I`ia+s}4n5CS2nhJDY@6$RTp5*s?bT_ue^W#GF z^Kw>y1w@H1L%FArGk-}W#d5h`tIzg+XgM2CpqnWHKW6s@r$-?nd(KCg%WS}B8eO{6 z>fFw&nCm5Le#3pE=!se=VZ%^=LtL+OpW7>EZ4v*+JyBfx$qxo2>FKNM4Jgu(Xa;te z^=k5@M96ff_Dtu63I`5h)WoXjf;~By#r_%Akld6F;YL_;jQbOpLt)38Pb>v&(PKr{ zBIX=O7Pen{#{aQU35_@s<3`--cj{0bQy0qxA61wF$l(loOlH+EOO39iJ!NcrrDW#jZK@{99YohjqkFqt+ zZR?wo-iCRVPSc?hxw*zZWsADlKD%c;iGAqo7p*&YWV3ZtgsX=;f{OrRe`dr6NOg0m z6A-JBh^;VVDJ-dR@`7m@J7pd%?XB$8Y$UKTnIF4d4b{feZ*2(c>~$Xa`}8*Ilq@J4 zx)w=YVzoN02)1!4)dq?S8j&CxtX;_}n1coOg z5oBnX)QyX{ayzR4JBR$%S6hT#{v6|_)~Q*N8DSr3hY2(Ptl)BRn)}Ci4HLsKQ8&og z31wVRT*tC9_b8^dL0YBArP6(IP35jl1iWD~n3lquGeV7#x&cYzr1^bg#bk{x36=DEah#upgk?1s!oWO=LiYVh!hW{}b8q>sDk*z(VK>zO}Y_$fB z@k`9%1EQ%=j3AnsxfVkUKb*;P|Au=yU;ymnJhLKWli91Y2(I3tN~6)|#*ZpaKsvGW z&T6)32=lh1ron}P9h!r}c8nfTaY9ol>&+t>GqO5@- zEB_AW&Maq_=(vlmQGSo^wm1KOLMxIC%mwr(8f4(|2{vT!^)Vkwo`K6L;>Y{&0@$> z2k&709p|bragE?woLcC%VVx?l2gN|bB!OFkrYcy z2AT!Sgv3%85#ppRSW!=UJyA)12|dhN>N?@ZZg8z*6Ny3iWw$A_u|IGiqj0)x7T3(1 zDB{>`YrhdC$GeM;V$D?(y~!ATVdNxd1X`!AC7vJO-u5TlVKN2e#vL&siNXHkUZ|M% z6EJ-s&fX*bSQmKkL3}R|z$s=gK1`kN+z4w>aO=&H9W`A?-yUDdp(f21*Y*=Y8RNSMkBs*ko<7QocXa-Dx}fKpNfQh9=MutG4v%&p2U_OqmQZKXr+SF%)f9IP7&idV zcC6w8-ewfM8_RZ)UOcpdw_(aqpwWgwwv7`Bu$agt4@$ACdc5(Mt1L6aT96oVL$KDD z?ZBqTfAgs8BC34O@3$&GB>n!4i;Oy9rzYpb6&euWTm#-}r==KS%K%j?!4`j1?3pXK zV2MyzY29EPWyWpz9@hy)o0%|0ihgxSnH8Pt_%(c_m6s4El7fet7EU?O@4Gxps}9A4 z$=V3AF#-(I>t$bYu64CFpZLuX1v*+7Ha;F-ydgALeBB#(^ z?;8jOX{Sijd?Z&Y}{os*;;6tIG}ZcBon4^tiZOginf zf7*M~g>3zz+tg@qMHz&c;3jV9nX;^NNb+=fr`H0zKVzbrmc8g7Dl6QD2swt=3>e|*z zgl&1SI6m)we;nTvR{5z1zCF|g@ClcNmV_oD`~gOaFxK2p=Wg*JaRiuo>E%p9$|Ad; zNOIAc$60F}bL5oWusO(|O_($M>t1ck3TR*3nw>k4D~;gPooPHAdeT}fTo`~aUZ#L8 zD>-QJUNkv4L-W)RTj!eEMzpW$Bi8PU&@|a<^ot6^qQ}>m2M_Pno#8XC)1s##r3B6+dX|NYj^&KWFi0dq(&;^7pXBR{p@Pzgx(Z z^nw=#FKh-%vNAn3Y1(cR(Tx{f>@mk?xtfff;Y;H1HT8skO`{$fPDxqIDbejorrXqu zL%bo+`-Je2P|p&Aj$lT@x`!>MPYyM+#S|N5Fq~RVdh5ddK1P~->ZVLKt|bd-Kyz3t zgvRM@RrbxZCeqeRZT)8TYtwKyG`~6n9N*!AO5SR5ip!b$G z+VBb6Y_A1lF%Y(_y3%EEY<1~AWG$xL#D6iRBrFg!Ej1`n%~zg{WwxFry~~kDw}(5- z6Ays^VaBV%T0)L#&akvlwHtFQ&NMClZHm8%mm_1+u2d#L%8X|o0qp6o`Uvyv4Gr|q z-{R#5X=~(6SZVlz@i$jW-j{j4fD2$6&|ggAL_-evSuWoVM6ae6=v@9)SnMpnt0xZJ z5a<-!D}V7mT))XOWQ)jUrl-e!1p^!|FJG`_w5I-;Qn(dNu*Bt8rw_Igq8!wjeA&;X zge{=b3+@FzLH%;c@1AqJ>GXj5r*>TpD_Ly3%7lu|x6D>x1oVgM$#=EQ;PK?I6KQn6 z4&e;RS#=y4fN1YvkVmLdJB>pDuUz^v-W;EF>IPJNeeBQp1#V)7IWTw@Bd{yo$<4G< zUcxa3T87cA*|fb|-QzoEqg5`|>zF(0qzVYR1Y)J++7?mDkWI7*=uJ$7;8;?GPiLkZ z!=Oe`H~}MOIAaOaF(YOcV4{)jG)r%yEN}^cY6kk5R8lQ*1O$@vbnG;SX>LnIG$yJn z@0vYOlP35&N2ob_l6uymv z)-1UnAA&$|^v@!2pc3^`o$|F3Fr7C_rj#*zQN94DV5fY1mUXJLKqz9Qa-^Z~^+w8q zjY{81ioC@cU_vh`hzoo%>U#-A|74d3%13~feMvo_;Xkb!-ICfJ1Q}edv6``&2Pdxh1U$?OxNzvh9G|v=(NzjG+*E>I0%y^w={s- z{~gY6!jg?+ay3#}vXOp;vmU zs`1g^86<>`qZ*O=e1y#huOJ^UrPCO8^_G{=<+f@%W(*;nsw|fx+w`Tns)@>ByZnzG zFc*))=GbhW>aKsS>YZ@OCmTClANMSEf1yr#58E?$%)YB_Kl3phZ!oK)Dsdi(BW?58Yl6x`k)@qUD_Dx<%3Lti8 zlIj9a*x7@Sgvz31iYS|!P3ox9X-rk)Ts6nhX_KVrtz>dBYZq=49#oE6%+1AjKGP29 z`YtQ(-og(lf$Z=DgZf`&4-5zQdMaMYaIOPPWax9l83jq&k(cHN@(4AA`+Ek87_V>m zvo9@7lp6QgZ@m}Kn012NS&Pnd-*Pc$ZQ(hCT3s)r5|fW(sc{X`3%w1c15c&yC~H1g z3@tbaaQz~EC%g(oA4;(>QL#Q%AKTwa)Au!<;Y(v7RoOT?eARpE4yz{8a$;I<&7XHu z#g|G<-5mjgJHKPQO)8 z(AhFolE&t1(|W&_I8KU`R{&0@A7PP|d<`cJ;l{4q@l|0p5vlG@Ym$?lmZZ z1HN5<6cWGUQT~+TXRcJe&RM18azc=@N*u)Pj9A(Po3uA|><_&a3;1LiiPN?J1m%K6 zV--$}AI3O46@@ON3n1?DHLjpp4PDx4!5{T;6E|>p) z#s5x{%Fas06-M+F0y=*DmOx_#L!#f-FZ& z3DOctJD6Y>Y-O2d_5hS7j*uV1)5&nGuMhUKkTw|KnYc53eupi{zm{ccl&Q! z$?huO^8^w^5(F$r0cYE54O=exhiuamBse4v7Mf!bMyWK{o|DF|@3X~b6QauI*l>oa z>(!jV*xZ=R;zphw0{ay9e7o|;W&=@2->zaP67EGo8U%MAQ5K(|bJL6BF-ukN?0ih& zC#fb^^W^-J{vAhoF9AS(-Y3C=Otko?Ui-+UuHEQ~0?F^6kggU;8L2^E=sUT%gp;%i zjHVo3iY9CNoin`7SDLFy41T#;sO*6U#~Y?-xh_9kRZ%Mljk3qFnsTw?#N#XvDshy# z=j(`!aWk}#bji^>5NoOcKeirymq;EvPwpW^q`d}K(#MJW#WH*k77LU>VQz8Npia9c z0=e`!FuWXLc!{hc4w4ckAxaX6yQS&#Qa0@s5g|8xQe6Oig1Rh-)gh0Jr27V((L-9# z%V$wQjD);jB;n~>Y!U+L>Ut~J7JHM4V|N%w1&2S4FH#~QcF)CXSm6w1$l7HfP?1aZ;mGz&W!)Lj{Ik(Obd`9b zC@}g(;=<6;(3_V`4+Rp|gQIqGw2Z;KR;faCxL+Zp1l-T&H_a>1wQ}@}B$G78ZR3l2 zL*+U0_|()i3+x$ZXkU6sfJ6;wf0rlsfY!H~g*)vYLJ@9wr30qzP?aX*@(oSP^XIn# zF$y%h0}qEzrC?Y`;=m^|t`f<|w|#v2{w=^#L#)dhnv1%e4y`2@TA{Idy;q<<^wu=B zh3#iep2oW)&qIwwYgc=S{na7RJbU)JfniG3uapS@azmaS?f{TmyN37jej+#%CVzBO zm1ttXZP3D6#qYPC;yVvw6wz)HK~~o^H8e$u(gsI9i3ZNdy*<|#RHoomX>M}|G?<&oa42DU4~WMM1#te4Fb9qv z2|<*?65fh&+$4bVp4OIZ%{d!|_!#sPWPL3Cl-jdhE8SaQ{7{}w)KmYb`mm{E$WUKx z!cS(tv~U`U#t}SC+<{IWOEc$js@d{?0n`;M>RSeP6b!u;eDO)-4Vs$*c^iIVg1URO zKQ^w(w)mQ}G+7)%y_9!j2Jxg=xV^N_e&)G{l7FCVu&sHOpBj}|%lQKP$4nTNmz{*< z)#X3{r{DeA)Tcq!X~=Z16@jNaPWE$HF*)`zlR^ZC-BpYu$+?0n@f53;XEZJ*Alzga=aYbAuM5<< zmv5UJxq@>QW%Zc7%I->bkUhp8%KO8T4)?@z2D!vdp<$)OdCPwe_et27CnrHE?2uU_ zRDA7{sB~w0uN=AsZn}Fd^P>HzfgPN0?r-=ddYT*w=Tp;Dla18Dl#jKqOYG`ZSX2t# znQDw42I22ueV`gE3DE!DF`};u4_3aCvRmk;HGo zm=iz2)X{OT{5QdD!5zZ6+v-P{d@Z?5FwcrQm_YnH+!w+vNX(iEZGfv9$gPd?@L6pu z;A5{|X>(cw-%5psPZ&1v<>p)sI86*Kj7lv_v7k;z8uJ5fXDwTL5&+zjjY|P%Q-@@~ zCfNELqjJ0O1a^h9pIJQvB1Mn>k*0h1)R-CdZ|87@MS_ic;S8w|xnHVSMbKQ?uoV1s zQxnpqVE-iBCs0_D!e8q!DuDK4hrf|0IUpiVV9LNq{NN@QzS=&AJpiylg5N0>pUh#( zmF_lHZM|{#P{f+ib)(3^u+gt%OIJL@|GW(me^U<7$xhJ7+Jf$uQA*L$o;7)3xLBSR z!6!I1LFx3Na7TNao{t;7vWpYw1Z}ANCjK5Kf5Op3dginigx`;a#P0HSBg%{@@f3n+ ztrrv?H6kGQ%(KTg)z_L@upYDos_Gllg^C$KVr<7h(REO+4!!KL%Vs{8-5p8U-Ej7` zJbY2Uy2s=_ z-0}Jg>3%3Q(WMCExgWWXbU6lG%gT4L`3h`H&cIiO%LuQ|UIsDu{-%cvtHjAq=?-q9 zF$%ysn57ULE$pFqy6=eY$EUM@EpP2CruhKylMc3M`AgtX=@qVHG(8XfWtY>bJpN2r zqr3Ff?@SfYfVNU_i|p8<-&>sKtuJC{t9~Lr=+q}dK?|y@eJ6I&iUm~iJ|~+OsAV-| z=M>g34eDxJy>y?kv@M_-Vq-_U1ix&BB<-PTEI<=y&PSLGj0uN!xV84s2&fN>Lg)09 z^`^?{2~YMd!vaNTrf>lP2-z(he+p#~#L$(Hn=p8AH7?0c!?%})4&#)ocs-A#pzy2b zkV&Pr{--c>KE}~;j0<(HJd_G(I%XqkJ%>9;%&#mQK7QJs)v@c~pUvl3M=}(yjzE9H zu6>J#uMV%4l604bvCdq%BA>A7EaNOy64ikqiQsxDumOMmi(z4(cLU+#%B6%Ndv+ie zC6+P~%=B(?y)dZ53>|f9HI9zs=+jny#jx8{VD9U$N6~e!Acz7gZ~wZ!Es8@r1Tql< zZg~2ovpzf%XrseN?F>Pe+*<RH4W6D$41g&DmPP_HTSs$9RgEO&vCusk zo6}4YD_jnSdt2w}JNF14AU9$3=Hj1g-c5s()I*{V_`pJMRc=S+=mI@^ore9~cpTtD z6MWTZd1+XK5^&hJ^#{@_u<$>Ej+45TyFCi<|5^Z0(6}acmMCjZsykTg0;CbABwYuW zDv9w@lbg~N-G_<`8WGII zVKVPQpQCl9T}H5GM0g`@?EJiQ6{$XLxS>kzbsbm5PT^TAWiigJC#K-Z))k-rD~|fp9sA(v?d5Z&M(17D)S4eugHvazx`X$Lu6#(RP9f%} zOW_6`#f*|^)V#lMk%7!l!9!yc-(^-v$ z(OjWX&AOG8a8AMPeoLI2^k9$*egHIy1H=-#aSkO$g3_|!Lr&^@BTkXC#L+uJm}&Kc zW6hi~nDa;EHG-y+VA^0{)z?0d$Tz1*xGa5VW3~#Y2<$}bU`t5tve@J)R|GK{dD-bY z!1s-@C(N^gxxm_1w=c6ON>iYj=96!LMliD-`T^r}%>Sp{U9tJ_%6!aTR)F*pXBLgB zG5xNTbAn6+(>Y(P*wPwHN{#mo?7|-e+(dcwLfUjGi8X9YeMAnnM;O@V`+i7^T~@*Z^?QmU5Nr_3K<_Yi_;zIAVO-v_Ch%tyL? zXn`);I)&K%$}D!A7P3eJs%lchQbDJsTySB+n|olYx=tZkM>1z#^1hZ>`LwKhznxW& z9d?@q1_OyD_`ZJ%geiTjEKSeuLSe}S1Dta|cSIX6{g7*p+Qhkgq0K{ehmKH_)(4F; zPLD$5Ti|CkW^BiPb@Y)JsU)4CY`bKOXrZZPJ?EeX(Kqc7!Rq>-)ao1Y>%dK1S3P3C zozB?go;fc{B`o39KS`!BKa*H>07p7NXc?62nh0sQ@5svr^&2K1<>=h74-MeCUImDl zxd1AgF@x$-(Cw8|UgxE5qFw9I4ix%Xh72h>verW`=^-M~LG(GzZHl4Wb6it#*EPbL zg`JnlbasWFu-tdacwK6CjcxPZ^XI<#AE;Bw=sXwqAwiI%5H18O;?`qbxv%2|Q} zW2#qTWZ%4(q4KXRVZ97gB^pf&9@^AVak}}1aq5zUKkG;0>hCfO6V5C1&2ioSjpyuWy3S# z1;KEDpgKIZgF-Xib-)51^1V2Cp0A?mkQ3~3AA&3gda^bYrH0a%M4Na+u(J#Q1pV-n zLxzV(HhzI)mgy=6e@<_B#|F3ZL%Zb(eEB$d7dZ@5$v)FHOXBe(XOuGZeX}is>lx+J zdW%Tkr(v8n?_3ghys)=$@8V!NYDet8H4|@mc}fra9y*9Nn_;G_vcpWDO3oQki%^d5 ztV$+?W;v7E;PKcSH7gxjfo4lE2ByQ4^>?NJ^p)X57q^YTTkic6QA_4%=g+8t-~9Fz z&4{Y))y{Fo^RSiYj}cQc4roG<6fyxcC=;52?e+Y8OiZHc5gGx0XU*#6uCvEAyy4@9 zFi3Y7k!1~KH#gt>KvF6bq&S{Gl4x|v-DCd>Q9N%?TBWeJ(|+rOAdx~hT zRBdBVD+s4$p@Z{MDtO9LVy2TPP5URdENGAl=+PAgJX$$c#zPy}*2Z_JP-b+4-jzMH zxu?DB_5thxUoD-0VfKUeJ4M+q0qMzv^c6neKkdXsi@>SXD>eL%BbVnF|A`GEKt^+X zIIu@R%8Q(w5$siZA?C=l@8uR2`S9T@ur9aXd9eNd2Ok({_}!e;{=YA+;Sr`S7~aYS zA$;Trus*1pF>^Aog%syDRIQR=cx&=#7J_>yD#*cBFZ%?OcDWf7lcN{07gOJ@D$ptpa~j zBd``9#xTDhLT)ndCE#q`=g?|v1^Ottb(P@`0yl-8U#S`<8I}iN$kxacyPPE+uD#dV z#rE(i(syO3i21TO?Mo2PBO^tUHJu4S$;dAk_zzPd3#8nG71nEdp0RtWM>7<+?*n2^ zYw#m0=$AyiK}T>U>Pl1C#}URmw}A!gcX?K)KQFKh^%gyJ?&66Fv>gU7|6}WXtLPwh z;paWXtb2T19pT*}+ewe=O9aoniCRTAJg29-navONPu7LEpVel~Tv^4<g`Z#5bN`(D%UiiX#C)bo@0oK2e%%fEGJaS&m+(o%6vz2 z?{zmclW$C8rMy^6F7&d7cYFf3Y&i;{V=6^xn+?{(i{&Xm`!mSno66mPq?xBf57#|R zGt&DsHmGrZ*z$^1YBhfTBnnR9MW!Q*RNRVc2ea>oUSJ>mLdu=xoz1@o;3SnkX6<)4 z-Q58MCjLga&neB(>IryW89)QiUD{*G36kxe=i*~>p$1!PmgP^QgWsf5iSF#wYN5jv zU=6EciH}giv0XV0X9|;lp5yBak0#Z$P-B%hPh*w6qKI@owvtQT#g%eGnVU?uEG z)@8t-InU)2-|14{S#MA+xq2BM?5r+nPd{8E2Ds9#y62oyAfDz8GY zM=~m_tCzpEQH8XiV*M(^HbK#va$B(=fhQXJ04lCJ7XIMak>_Q&h78%g{^ePj=o$;| z=wmlMp{rqxtgYxi)oBM~(kxebwZJeg6w1RtHO3Ycfw)_=&m?d;v!!t{L-Nc-c5y3w z70ompcixdC1k-`jV}MDpBeql#m;EFzZEM{@vqdy1GWmwv$A8BEQV~K}svI*0uC5e@ zBsAIdrcwWE(+x4*%%qh) zJT0eDRJ*OJ=><+#dXJ=}f!LGQCH9~sR4Ifdw@Z!F#$wX&7tAY%n}h`QM$*E2Ac=?|Bq zKIM-X_U_}tvJ8*u?mC7^+rqcd@>ioe!HE9<@(uo6RXmQ?sr!yv6H&TdXti_+G7PrZ z6MylEbmVcy)ekgog0pJ4)=eABN_n8HrAIKaAl`&^iuv>sI7;w#+MYqr{2j8Xo&>w~ zVDUk?T(s`fvYpY8SP&54y6{A4VPAb){JaK{cKYYY>x0MWsRic4NGdd}61r_(801s3 z$eSnb2ht6)S`ea*^Tj=i32cY5QhK167!EZLNRUFHR5R~~@dvOd;V<$4;*9%z-$GFm zc@EnNN!hp1yDmcla`HGGe}dIg)Sh&ES7dRLmRGS=j*bk-tTx2)!%4nEuol+N#M>vbRMpAT&R(#I5OAZIv|Q7eV#ZS}XML^@kK-!Y?_c_Cb$rVY zpEI=TmNXAqsOvt>M)jo)uwqGu$6dcZixZzM%WXR3If?2w(WDC6E1djID6{!V*+bX&Hgb9b33FYp<6o zPhHlfu_BU`;8@|k-jE?w-BbTstKP6+nu~_?GjczMEoS)~C?sr%*Vv_xQQqSIKx=Hp zOep$E6J`ACnnUYx9iJ2}!uaGAsz|$!q*TBRj(|39MH=&t@hbs4FAjxGu!O3oY-?{08ezOIprlr?L?tF3cFks3E!q39jx; zOeWP0TZKE7V24`dQH3>=sR?QsU-sSM;?udG8HX7;lr(mezjkuO?Gs`So?j$F8)QZp zbQ+1wQ3%7_w}o(9w*hqcYul_X)K`xm9lX}_xbPZQgqao7p?jhpbT!)kl`{lbry5l# zXGtI>)Yf_fHZW2^UMgk$Gb8UXgD()pn=WH*qI|d=L%>K&aY|BK5(=v;!C){Wl5K?3 zt(QAIgaI({5;3fI7{3X?0upOWNlSmLUxgG+wAdxi4;<>=$MZl%nMy@456_d*{di_L z0YZ-Z&i5b=QS$P@sk>2>|N8sFZf&C~xA!gS=OWq#!yuBJ&8u10%xdhC1dgwI)zk0) zEkOK#4_zq!fXI2DFg)a72q*5OD;AB9{#A*JLVL@({!(+86$G_c`k{K!HWtmmw%&=G EAgJv$X#fBK literal 0 HcmV?d00001 diff --git a/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/CHANGELOG.md b/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/CHANGELOG.md new file mode 100644 index 0000000..cc6cf9c --- /dev/null +++ b/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/CHANGELOG.md @@ -0,0 +1,28 @@ +## 1.4.0 (Unreleased) +## 1.3.0 (July 09, 2020) + +ENHANCEMENTS: + +* Support "Gov" and "Fin" sites. "Gov" : ncloud for government (www.gov-ncloud.com) / "Fin" : ncloud for finance site (www.fin-ncloud.com). Default: "public" (www.ncloud.com) + +## 1.2.0 (December 18, 2019) + +ENHANCEMENTS: + +* Add a "clean" rule to Makefile + +## 1.1.0 (November 05, 2019) + +IMPROVEMENTS: + +* Migrated to terraform-plugin-sdk (#5) + +## 1.0.0 (October 21, 2019) + +NOTES: + +* Switched to using Go modules(#2) + +## 0.0.1 (March 07, 2019) + +* initial release diff --git a/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/LICENSE b/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/LICENSE new file mode 100644 index 0000000..76a17d7 --- /dev/null +++ b/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/LICENSE @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/README.md b/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/README.md new file mode 100644 index 0000000..25e0a68 --- /dev/null +++ b/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/README.md @@ -0,0 +1,64 @@ +# Terraform Provider for Naver Cloud Platform + +- Website: https://www.terraform.io +- Documentation: https://www.terraform.io/docs/providers/ncloud/index.html +- [![Gitter chat](https://badges.gitter.im/hashicorp-terraform/Lobby.png)](https://gitter.im/hashicorp-terraform/Lobby) +- Mailing list: [Google Groups](http://groups.google.com/group/terraform-tool) + + + +## Requirements + +- [Terraform](https://www.terraform.io/downloads.html) 0.13.x +- [Go](https://golang.org/doc/install) v1.19.x (to build the provider plugin) + +## Building The Provider + +Clone repository to: `$GOPATH/src/github.com/NaverCloudPlatform/terraform-provider-ncloud` + +```sh +$ mkdir -p $GOPATH/src/github.com/NaverCloudPlatform; cd $GOPATH/src/github.com/NaverCloudPlatform +$ git clone git@github.com:NaverCloudPlatform/terraform-provider-ncloud.git +``` + +Enter the provider directory and build the provider + +```sh +$ cd $GOPATH/src/github.com/NaverCloudPlatform/terraform-provider-ncloud +$ make build +``` + +## Using the provider + +See the [Naver Cloud Platform Provider documentation](http://www.terraform.io/docs/providers/ncloud/index.html) to get started using the Naver Cloud Platform provider. + +## Upgrading the provider + +To upgrade to the latest stable version of the Naver Cloud Platform provider run `terraform init -upgrade`. See the [Terraform website](https://www.terraform.io/docs/configuration/providers.html#provider-versions) for more information. + +## Developing the Provider + +If you wish to work on the provider, you'll first need [Go](http://www.golang.org) installed on your machine (version 1.11+ is _required_). You'll also need to correctly setup a [GOPATH](http://golang.org/doc/code.html#GOPATH), as well as adding `$GOPATH/bin` to your `$PATH`. + +To compile the provider, run `make build`. This will build the provider and put the provider binary in the `$GOPATH/bin` directory. + +```sh +$ make build +... +$ $GOPATH/bin/terraform-provider-ncloud +... +``` + +In order to test the provider, you can simply run `make test`. + +```sh +$ make test +``` + +In order to run the full suite of Acceptance tests, run `make testacc`. + +_Note:_ Acceptance tests create real resources, and often cost money to run. + +```sh +$ make testacc +``` diff --git a/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/terraform-provider-ncloud_v2.3.18 b/terraform/.terraform/providers/registry.terraform.io/navercloudplatform/ncloud/2.3.18/darwin_arm64/terraform-provider-ncloud_v2.3.18 new file mode 100755 index 0000000000000000000000000000000000000000..40781f508dfc5c020120000660a6dee5fb324c2a GIT binary patch literal 20759106 zcmeFad3;sXx%j>IIVTf?phQI@%}D|RqJmX{l(yMP7@R5=(`t)t5)vR7Cls%ypgDnn zL$Kx0+^dD&hCvXbwKRp+Tx$t~5s7UX+S~s0-g3^#L`bcK+Fx@7%=>-T-aFYj1lr#B zzMs$gNAvld>}joMJ?mM|yw+a(*Pnd&=@6w1#h-`YFn$dQO8JzZGo`NJcMHG#{JXMe z&G`C^IkV+%|36*1|E+Vb1kO|n=I7_lxHqr=V_o0e(Ep}=4Js;*pVxkxpTA`OlS}%F zo&#^V)tO0qpRo#Y?dvNp7XkNWe*R-+56*k|f&9moJU;J+bMZ5eJfn%zZ3B^O!N>Va zwBg0uH}dlzeYm)ANul#R7C-ZM7Q82}8L5lNwHuyO&p8U+ey`~^Jv%QuKX>+>cU#nh zK0>#^OOIGZxt2fYTIeM|fei_udn{f9!yDe1PHFytCw0&F$2gQdGXH@^50zRa^7H${ z^T+Sg_*L5I$@PWdEm~4I@BHu@{>6f~ZIsoXTwfU8!iO1IU=EC5Nwo#f>7QI*=r2Ei z;lqyQC@E!(EuSmr9x8O1h-Wvs0kL3D7bj#201*Kbwh39|ba!tSCb2ZtN zTwfU8yvH8vhp+H)-wpG~NDZ&xUZ=yBOgSa2R-CKe{`LZm#c#tkS7~@_{?b>+jbALh zKK*;gt#{r&WBRR*?lebfI5~SWY(Q7&s?N1sxM6*kYtcB?y}_Kx4<1Bi$o)h2Ivk~M zE3`mhl0Ln{*wGoUc66p1{zU89K>vjYG@L)D8tLDJU;ob-x|O@^3U7QvDf!8t z9Nm0k-R=8-^0#A*-}GJfo?XP5pPxv_#K#|dbm9Yx=1nXvd!U$W`IGxo`3WxWzuvNx zzq{p9F_|i_nKi1CO^NSvTbkUNsfm?8%0#p7( zJ&L}c^rg=kmpty4OnLgxzkgETpA`5f1^!8ae^TI|6!<3vluy{){klhHOfS80;+JopI`hUy?p(Cw!Oxc7b=yOa-Cg`IPfYyU zx8~n;?`<>gEnV_(;mjou+)y^by}!vxcg!uu^%6B_&Uu{^bjE zQjL_-LLY5#U;2}EG0(lu^VQaKu1k{4%+&80iw(}D?D5NM)@5C#x;8RS@g)nMoVNOf zImhTv8rN-!X6CUS#^OD+Gk>)@xkY^;xYcJy2^lmkkJqTo1>A4s{=3}on4t7C{Oja~ z!>ZapU7b|drUt{_Wp&4oGTt{bj*NLL=MB@)z-3m%wVyHKQ#P&1e-o5Xn%{&@>f&h5NucsfJt~O!Ebf{95Wx15Sn+eJ=*i0j}S4 z!6^ey0k|u0HxzvW|A10ELyQ|da)ekdS@UGBNAqM_Km{|3&CJn>W^@eYucrLi0yA@# zS55Zvdq$a=?|9UdHfYewxJSmSXgEtnpQg>gbhShIhXvETfg@WrUf?*vjBe(3fwMe8<=uX%sv2^9 z>CxL3JXYIgwr&wh=?F<3l zHPB~+jQL#?g5hE1b#sKCHt)>VwC&@a+qwRtYs}Al+H?7W?-egpRN=5dHUR2J5L`C z{hU76-pO^U-}_s)j$6F4PsbeuN6~SP{v1D4blX+Ex=nqBz6Y)gzBGY;qbHE@T2G-m zl;i(w(0TTi8LHa&wmOui5`*dJsl8rxv*KC>GJ?&FRY4+hD%X`6!Ge+Y`Lmplv(Hy^ zKGi;7!}%@tc{S(v+UGBEUSgkrpYtc}^9`IotD(kvz~)j2G`Bd z%WnjZ6vLO5{x1ZP`KUfOt#d#0+Mv|Uj&8t?M9HHi&!c<}e0&Kok{o;GHMDLJJEa)I z?}~icf6n+NCCd0+**kul(FH|^(t{!k^Wn83^hwJ;Z+C01ue*7luUkK#lo2cfkLG(+ zedy0B7#{p|o!F_dWkz*@>YgliOYB>gN-b^vUClZl^sR&*q9;~NS8Iyy`b>ZLxt{LU zeV*>-TyJ;iyTD6$O2Zpr!xMe(zzYFS^A7a(11|*c>ubhOuJt)%*L%*m^`0|ka&Fo3 zKHAh*8r45{(MIv-&}R{P;L~BFdg+q^O+5TYLmzA`I>_58c20CqSoFR(PTTa6KJ<`M zQv`Q1rpe9dl>&IJ8QovVF^4f8Mj4IEzH|MGYH)J=ivI>T2cLJ*i*9)fi5^F%du*G~ zJi?65Lx+m~4xyj(N2{({`jCs>99>e>?d2Dj?5Vn%-z)Uv0KXpWI?2<#$Ovo$GTVkd zcYKowI0#5q+ot~k z=zris^tb!p4gH+{ACPnUe?Vv-+y8!jha9ojY3L3QKk>ao@L%k6k@v3LI2}KXAENR; z&P_P{@1JCCukom$j#EBT(P6*F#^&O?ow+u+5&55jFL4d`!XKH@Y48s`9gKL(>bhPq zszncx^G()ziu>tL7Ia6D^-q7Ls-F@#*usYosp>1`99^Y-4pVhi;Ya+1GL_sP!S593 zw0TnP_$+$gth5$64Z5FasdG~9(WXcFf}uR{30xKoXT$}+n2WA*_mz9PubWkLA9Zr1-Oc#l zz&Iu_V%q%=?%hfmX~&p(R{ zv*OT18!w4NBg4$-f1L+E%bxY&CwQb2=cRv~Q9wBtB~<_KSlD6X-8j}{6(uQ5FQSqJE z5)-wN16atj1fCtIpHk;JWv(6cR6Hb*!rI zQE{c>2OL8uB@QOGn4s#z*u{u9zP5#Yh>oi!n$a+Ea)g+sc^Wa)ShKzjpQe3+S${mk ztZ$(#GkD1&gO>bQepZ`zaBUX-{V-nTB|(e(!F3S0&Ki@D@~-kVWvQgj@x*w8OBPLC z`0t4+P4sEEN+`_+?|e15(@VYaapXRX!JW6@1Fa?}vD%1l`jYZhZROaAY_)mgo31{) z>iKw{)uR*Z*FrC&p8U#DO0{vEeP#pieUy#)A4 zB}KhsJabHZN;5I&ZhU2nAHA9%?*o@s_|V}=!LuD+Y=IZy-O@0!x|=xncoMlD&5It! zEUq@2F*7B`ckyBiW7f*pwZVt&@L@CM2I9k3@&sA*^E&t`5gIr$d39QR$~NVN4--4b z^K4K_$<&$OOGv4uFUYCp!$kNm)fm)yfIQZ#4Tcvi{8>rS$8+E;xVOP?g7U-YWJI}*w!edWV^yz4a$L_avUWhyxvDKQif*U1)I03&VzqkwwBmq=WT|n^7;2{n=yLNw%zEWY;;VPk=U7yyr-%`ooVn~ z;}CQ0%y_l45qsGL4Skhn_Y8hgeh=5&KkO@6&^?2n+zT-Vl|vfd-@;E{!>44j-WR+U z7$Yb9@U3R>)Ai9I0@uVgD?hOpKY{m0`gXN3T*}r{ww|)3h2%~f$%BUAJtnY&IsDpG zqLeA4OqrC)CYP!bdB$%mel^cBd6p^9_K^R|g3rY!snHfbzM&28kKre{{HION2r|}; z-mkN-ci2bUonXB};D{$q?aU9Tt_=E`G~7Jp7rT6X>Dr=z3dSXyQ-zO9FRfZfuI+F+ z^e>eB8qc?T)XofOF1f2MLyS9fR8o_lWBXNOuTLB`?s{Xxu{)%E#%ljV)A^L?rdn&#!>6X7T2<+gllZ4v#5SKcah?Xf#X^Luu6=%MYa z!w(%?9eJp8b@M~xMvc4k7JeoCj?o_<_{M!<JfKjG()H}#rWdCOr;egX}hGFjjrpiU0sAkSWNJrkZ9jc%({s)}`j!E$6_8#>iX z|7Os)RN6ZL?c#>hR}?k`Y> zXO-Nq>m{OZ22n5HuxL5x5jnT&4FX2Kk2=#01 z`a`H+W7i*YQqHaVLx5F-?J5M8$exp1ir_~`KBuEu1)t!)qknpz+rCBzGX1dY`CjC! z6WcTgEK{f3}|5&NwZ&>g78df8M6+#P{^64%`Dta08v;M(#&n>oI(9(e8; zD>p+0=b>l*`b__R_EFcBZ$-A;b-mP+e5>T=axXuBoOX)~j}M`}L+@MBRc?5!2z)Ei z@BfVW4~nDWxEwz#cMUm{Z+-X3+~Ye=Exr4{PEG6TJXNGpnwF-lJhJ|>ou{U~|Lapr zLuXDEtCWNDm+fD_V3}`y?iv-{tKtquyq;^am2q&|{^}zi-1fs$(|+^IQ*T}rI+aG* z$P=rNL>B+-)VvS>`&7=L&?)~i&w3pr>{B|g5b-`;_v0A4{7>Mx=WF6zwD^V1hZms7 z*+hSVO^<^AAJF5ex(EN4>9ObOJ{gLoM~CLOzI=$x|4TmNk)ECxBj`o(|6~qJavP=G z(_^>78ap@5x4GKraPi;y;D6tNk1y)LfAIqF*PI8wHGk7L|0eR{#osAHW{QU}Pr-Td zeP-r#&$!7x+KT0^ba>Rs^_Mem)C|8i!>>i~YcBj+uuNI}YUlNRz`YQRhX#P5mU;WZ zAU|luF}-sI-rCA}#461D$oy9e&xxgv6f*amcIc|$&>M{EWmgh2@yxu3d{|&maO&Rv zc`%7zX1Qo|KKl(ms~p~sDSv(J{VZ8K18?BJ;de%xl_K|UwfRhJ zS^NIY=ea+3m1B=A9KBbWQ6DfXiCJ6hwIXTK4l-3vOep@0_|9Sc3#ZNNV_-P zo@YbPx$m*$!R~tt`Lz`Vid?$r9ivv}_?pSvMaY#Df=jW?$&yo$`Po)-c~a&##fHo` zP7aYz5Z|^rSIRI?M}AE5BoXcleZtHMrV#@~m>Xgj@QpO1D`{hk z&$~WEd@8vE)}p*9bALtD3jgfJYNBiK6^!fd7d7_ zqfTCXj*CwvC-GI=o`vk#$nhaO=qmgk`k=RHPs5Y;Oy&jq$BcdO?DA(Rui+0=-tia27kB$l(l2n+ zeI3ntKI0GH<%z!b(nrawe(j7S`{&xpKP>ChJMH#ZN}rwfZjEVAWKV3)7>?;2C5Py= zCv$g>?IM?WULSgotIamM&HuOUF_(7U_O@K0J@O3Dv(Ntc$#GnXo&FX_(Xso~xXBKW zX?e13WUg0yU`x*xsI32VKNDGSU;nrO*<($H+m=?aCMhj6JoveZM)mfQ{bg@{Lx20= z$lhbFeu(V-dVujtidm0f(hqns`oG<$Wf$mE9DQ06)2B)2>C+cu`t++9evsU+o8MVe zutwGf6_Jq%Ivv_=I!gCAF>*R4GF)Be0+Js-jIrTTdV z&n>tk^g5VIW!4pwQ`PsF<12>O``v38;9jWzJxljm@+Q8JkA60}#>+k5Ch<;Ai5Z=X zuFSpZR^|pI&ur8R4uw7ym3u{|3g+IF6wR4>D>ClY`6#gko*&tLvwdKZUHNmvXP$jc z4r{w|pxIt*lB}l{zZx6!qO+#fVE$j@Y{PNOLCj(nh3HSQ5gvY$lM$UN`NCfL?xnds zx8_{a_h#l3B?tH*`g1yS`zsmWRSz&Phd!1(T@gB3@@~x>S3UxNEfHH4*D31+#fC@7 zL;cNmoX+X-?pqV3*FEVu4x@H2V;o?;sm!bI=DdM5r!r;+eXL>KMu>RJ7-yXaI9Deb z1J<)idGYV{*l(B;%z-w%W0&ma>%Zq5o{OfF<4MKtZYDRGtFl>_>g~+o++Dw?+}Pg3 z92;F(qZ&RJ48arPJB64}4|6}1tAfHWZQpWyL`$|D5;*qbIX&OsM+=i2cs4oMFmOV^ z*~)x9d~!%7j|x`6C%-ztJUP0wn4@3TiT?4TU^e#;$bE8g-{d&{9aa4X^+LjL`!5Ps zuy(k?)@LHyAA(cJCEJ3Ndk#7dUYdaqEB;&yd?)k0GDZ>>4-7bH@pC+kb*1t&iM*@`tXSv6URN5ECQo0@`bOlr5}qZ;zEj$&wB^~Eca^zO z-Xlo%4L5B&?qfdG)}{6uZVMM{J$Iw{+RWwEAhTb>XL#kw1>MJy=?-N21iD)0DMhAb z-rS2E9Y>}+kZHLuGA;K-rU%jHX!6-{hS3y0V@8)NPt^uBh+qGhLFwO{*p4>v5PLZG%-4_hsJps67pc50PcH0!Mcon{cjik+6K{CxXnRRX_i4&X z`PS7&aLbuviCgf~cPFaFeoap^x?Y|!|17W?fRzfYd8|LEM31#V&v%Mv9DPP5R5cFI zJ$m|X)}p8sy#`D4qtMk^3lX_T>3FCaUKc%j34QM=kKf)?p0K@#Sk*w*(*hR-^?Wlt z*akmFvWTsC7FuCwc|XCLQ};NekuxcQW?tgz?-7#+iq0#8%hehpCaZh@G)OK#jMwIbq{id>@n{PzVPLZ%>81Qjtx+OKmVJ1vTi`)FPS?Gq4NiQUR7%tj72;5ThRB?hQJs3iqMw$ zZSFpySJpUs1tuh~a(~@>vVI77a{eyoG8S%m=+$>RU)HDZve9=r!^oeayG-=n7agA2 z*XN7ufu<)fps%K%nR!&&li!SyzNXE}TP3=0@)B`=Vjy&AEBqz25Z&n3CCv9( zxk<03KQzvN37+cbY?1U)0 zk2b}x3d6&aE7d%WZf%8^+oqV&Mhz#v^PRx*bq7>J)2;ljQSq#kNbKyOuQC_e&RDmp z_@>?5Tg_b7?;U#ExGS-N|23L5;ZN7~{DO6e)M=y+yIM3w^m`3SwL+U3e3|qp?~{3u$sk=qjjqBVB&aZ&iE&Rq~Gh_~O z9JvxVU7h@|vtCDR^Bm?%WG={AhbQZFpX?A&dmtuY%^S^$z zcpPg!SF+A-nrb-0`&*s4&A``u zDJpcThI+R!&zqLi{j+AqPkiX<mIpVp`|!}YsQ z1@Inv^Q3w?DYyrJ>^`nV_8lIOv47>szOk=l%tbFaf9{x4XhaMtc{<<&_Bj=AG{&?OIeTA%-R#;RrDn~LU;@RSJq2!#?KSo zVd*nVPee9*GQ)Qx7qgL*7kCe*;U9;O}PCPTf%^0t4#t&n?gY_PSyIsM<8ehp%EURl_-RKm2UoG!L5_F8^g~oC8 zX-gvSM}}ByLqE5o1KZ)NcK8!JT)&O+JqAz3U!|hE8Ph9h?*M!vxLfP35^KN2n9DjS z(QmhLzR7PrpT)WOWNpA}1Ri>?ej)Hu&v>^Bj|z-0QpQ7m`|})~cDEifGp{Db5k2z( zGSe7}3m%7diK8Y2lMFL634b<;x+fUtX-}EoJ*eM7NGk1Q40tyu*?IPXeitFB6duhx zXupdfWfmAFevL}*g=xbQA7IsA6Q;`lTxo# z#uVNVULI_ZeT(=;tjTP&%ZiU^jHuWp1>}ETv3akIG~%7Q%DEOBkj69kS?eaPpOAq+ zT}qoVZT0jdY)9VKH1dvJ8}UGhctCPp(q3~j_AtS$Gtt$t^&;TFoI^eO?PhGnA+;@C zzeD?5Y)3zP5}FVk@}`paZ1KCv7xA9$dz5j@<^k}Et<&=#{cTL7h<8n~yJBmGJke)s zBCI(PKjSg`-Au=Rh(G$A_SgI7x3lq0rXg2;^tQBLOS_uxb}mU^|Mp+b_1Am-mzebw z@*cVP)MLnD&zBfq{8PqF=!HGu-P%OSXVzCjBgr?UqCZ3q09Sa>1FwqC_Mj`8xjqC;YmKE@m-`!) znG3HpEAm40xofITJIeXt6@eQ;X0qXzHu5f-9=1((?7QRRNj^nr^cpmZ_48ys_D^lQ z@6gMd&*;ndN1&JJnl$Joc~Q~Z9iJmtf!r*YKI8v{!NrHY(Rg_6xFZ2N4@O4~v)W%B z(|${gzu~n1oSsiPxBbzy-y%L6dQfnPAXo3W@c;+Oi$;*s3*m8p3?34dTl%- z-V|GSNc#gXs2$n{!&BNW4kun>ytdNU1?0p0@TJ7ht&>$XdB#JMqt1ngR=`8zH&?F)ykwV`xLfcP{A8W{Ky7b@*BT9r*S>1=n!qoB*ZyW*#zK6G6X10} zc)bl@?}4U!g|EToN^p6L>oNF6GrD_rric3ZMHU^X>-a@i58xN+ya2INf|e1=|I5*#f%rvj4+g89ZO}y9J;qpU z+9rE^8^K@3tBvt$Mc)XIbxg5jTXgFGbj)PErZZ+gq>bOnn2m<7PBUhHL;JD|(3djK zwT!d)uvd?^d{}v3<)CSeg*8@#YQGN*?MpFM-{agFtAFEMc-HA())`-~@A@5{rQ>J4 zz){AA_WF&@Ajae%V-h_HFDY zG8?jWuaxt%ZqsuYx&`_Dztnf@7dI>~u>AK(jH%zif2jz^S~dv>!&-Sm&t-ACMkzq3=J=U%(n@>e9r()6`+%;Nux zjdkCPi2-+9C39;JbK=R(`*l3IM%nS?!}wEzM>F|2$-DUQ zE#vSlHx9Ra%N%ro_%dGbkaYzzC+fVjv+X9UPZA?}^m9+`-QXyA=K`w;-ywG-`4z@m zVleuhm(O)J?cs+W=DMFBdWZBK8xq?OiQBSc;{u$~vyi9xz{-UQPzA2-e z6|Y#f<8iLVe~`E?0ey1-TeY3K+o{_DeUk9~k736KNqw%Zx(T%lb-l#e4rndy7dddy z5w+A8`{%@MgKXPm)g4rOuU*!O+uDiSjuW?CV;I4VG%IeC*zZ+fIB}al&5GNS(5)7n zq}rLlnFnm?SFVORs5aY%EpeLzL*h37D1N{YnH~%b!P$Z{xb`OMq=zjyH`s6{+Hl?` zZj<-uUa{h~HNA1$;PSd=J8tXVcW&I4#(YByen%yK$}0Mz?H6Mq`qhb}E~5<{w_(GM zIWZZ$&|t@8pZowm6Mw~qBe9`Dj2AwpGAn^u34L}mHWHr+Uqo)S;xi?Y5lK9c*&)0-$&&k)wdLhTweZcuZ zeo3m!<{hDo2^ED2<4(8?D`DRDYie){>s@(&@h0KpxYuUuoE~}3yto~+qsYXr zxSg}3Gw>3G?HN9-&{nV3>?{uu(pl9w9^;K>%JegeHWpf zIW_2KA0N$2`v%BsxOh6xHCE&|dwF`RJ#KD)U3@m#&rW2n6}rv(C?Yh+I# za!{Gmp{4M+ycgTX{YLOv4=vx;v8b=K-KJ%187mgz-C$_*wjGyB*;k9l_p)|l2KSzUX6?)qv_9$YZe12QvPG$;eCF+L*|Bn6EANme zQD%JCQ%A>~UHN>7`Nk~Pr}&W_5BDlWf6y1FEy2&hU)nWkS5dzJA5C-^r;1d&rAJGs%sMkImlX$)fK& z;OoKY@ek?GHrAK?$(z`;8hlru{r2-$8$+sQu{Wfa_sxC05hCXRe%G)k z#BO; z&#~X*^?Kbt{VDqaiM}roo(WwYe14dow`HBo_2gFrtXEO>jy-V7j2ezjNR?-@-YB*6 zLF7XCwSuE1+ZK;W{+3+&4t4KmgW0T^?0lDai8@*)PhKA+My~f91QzzHUp>1Ycia6q zOh4Q{hxic7v6DFk#9CfYry=j~VN;sDMo`w@zl)7qj$V@U63+EnzjDv^9&9+|V6ARS zP~(=tnjicQa16@)bqF6wXxJfZKaqzpdPn00T+#OdS&Oh^d~hTA`@iSDLwh+o^nY$_ zfBTRv?Z87h;2VKoO=Py?I-}ZTe%_>=$VBAZ2X11Y@K+T6$_D(E0>LGDV$ejkB_1f^ zx`^vbdej`+LNl2gUjN$aBXeJS{nY6P4xE~{`a`{D zpb(nH4L8fyKe%d+>>W!ynin^YbqNR5V)F`>H&7kXI|JP>97#I@>zAwMupXf_d^y*^ zsyU<2MetBG!7%p zvXo~m`fXrM&_J{~AI*AUK1hGt`osJn{uwvi{;6-eFuiE1<_J zn;t39^cXZ1{#iANy?PmQ6Pm{2E%gSXh1^eLJ^o68$9Sf!vS?9(4qFMl-66HO0er@R z^WTNj3&6PgmHs&WUM=1L&i@Eb74%2rH1wG{(|`w_rD1fR#t9ke(}T8;BXb6#D|vV9 zI{X6RrMa(v`^X0`ynbrh4|!Mky;d!E+2DaLtUI5~Z;<)J@5lAZ{AR9;xW3d`vxq$r zJte+EHhLn2ef`!1dm)~Ue;*u-4aD9q3FqSU2a1nd7=V7C|!Ig`3>%;AgpWB!7-i02=Zb<%kI{MGo z;K_V>wc1hH@Wo&yKHPrts$#PO;1k}G=r49ne$uaE zVnMmzdtCsJV|N6`bw~T>g2e_1-ai5F5PJEy+Wz$Ik=paH%Iv`|o&nFE9_&hwm!EGt zeinA~<{&yQdIoy}?5HD4p@*?8=;6>~97QK@wrtIvv|+O5NCmD4PLTECTkcx3qU)0Rsr8>{Cv_avWE4!-O;e5letPSyaT>&c5VUYn&K z&`iq7HG2*-hdPcqREw_Yy=Wo#(#&z}>l_e%<#?|D_yX;1q|a&eIgLJ3Z?epL8}#pB zF8$&>j4VrT;#-n;)Yr`8A2~N4B4hFHLzbM@3^X3_iTmB8idn)h5*N|NVB&J(K*_J7 zTk4D9y_#7T?=8<@A7}9S1?w!xIqLZ($*)!1jgQ7&jB3Lb!7SRfc*XK}1(&Vd3xkIv zZl zElSoz$UUhm_o0(>-|e3kI`3@ReypS4mfCa^{pR4Cgbi}jOLTyYQJ9=a7(D#Qa1wGL zFob^BJNlkyVta%JGk_bLUvc1%*ZGnD`z7YWGes&XSj?CdF*Zf)9fqFY8NQJ|;~Tf2 zXNC7AZ=yH~pXmPOT6(U?ly{|(Z|b8%h)Lo)PtcEd*jv7bz2ytA%?Z>QA$k%zHlxQ{ zp=%qu&DtML@<;KtuYO3r@*djvV~5*tgdb(B2gelGOQU`<7M8sjos_|aQ?ne&X??218Z zS9l8dZ&%Tin?1pnW^XX{>56Ts9$)7#dH-rUeXV5uY|B05Bj|6-T*el8Y{};c-CK%O z^yOUi&Y3R+TNZK;9new=yocen$EX9&mG6Bf*zyEpn84i0Qp(JxUOD4Ajj>uG+37>g7p=X}t=Vcx<1z3LO?sWUW65naF_(hW>uduXkuHUG3csOi7 zUm7}`OfLzP2rwrTg2rk$n_^b;DiKtmt)tTOR3 zO~cVL2GDRiV>g4mdMk8nfrbwKB0^*4VxNPKZoKwVuUW>8F>7Tn;4Rh6^}tgiBgf$- zsh>^1(-`ZAV*2Fhp8FoOboLyZrw8I^$)|Q8OR=#(`9SdM+b6_;hG~g|g3Pa5c)IkQ z=qQmR({4}XNcLy>-)OJhp-W7A&Kj)@SDWA*b?3*04l>W};Nct{nU?47d+zgId0*kx z@_s8hg^yRn^^^Bv-m$7-@At?U)@bG%nPFs2@_0p8Ej!v;MSfXb8r;fW@bk$vZh_a+ z@jH~!{nHv^lt>0K9%U*6!-K0RQ>1)VqFdWu5jjJ)zv~S)ANAR??bWi~vl;l@cg8}- z=x%Ih^F8p%EAYu&>gQ)?w!?>-zj(fUNZ`nE>WCkv(4F$WTMzp4OT@O%@g17*EERpO zq+sd^@^AV7YP~OZ4dwFLGjh4aO6Z!7xkhF{_J3AuX6NA{)ttgx{-jW|W-5WU{+pN`i!Bz2~PL;tpu zdfV>4*r=9r=WAQHi_WNxV;@}F?(}-u@>V6wbq6xUb!|`i(Ct0@hISVsZ~wxxtX2z; zxW5yJ-~EF)V3YdcAU5jspFP3ya<#o@p^BD*hrF91?;locxs`WEWZosQw#AW!6>(a3 z{c4X2enj0rEt)X3lss_QJG3@yoa$PEJiqq6?;TnFz4}wDzxRLmMNeI~?7j6rJezy; z^`xOy*ZVGND*rOyA>tjz8)!?;m!r3@ZBW4vf%h8lt~CZXt^TqK{t^E8HaPv7>yzGL zO{HhoJfF|LzaGY=1D*ZRM7~ReopQ!V@U(bjh+Z@P9q7}69`Bq@4jb4Xp|53Jj=ze& z$A&3#(i@GzRT1y7+6}VKk?|Uck0N4A;IZScn$ddbB025~@cOf?L$c3La{iFeB-aZ~ z(x$>shdZH3`S^ip^1@S1y)-F}yQnGau0EQ`xzMB(cz*<574RmIe=mh5ozUb3+J2qu zkGvN(O+51*XfjySi^rAdV`44Pb2JNNIT z$r4QyL(}ASO%v<}#}saLt^#ch<^v>9fo`tp6l1XX*Y|^z|+1fs~(pZ%)cb8}xM;eqN6L$zhLndFQ+$ zUFC`I5Xw+`znCzz9`iH&WoR1CFr#IIxhW7!> zE|vPT0%g13P}QI1+$(iw{`;J{OSfqpDl8nRJ4M$m{EV)f8Ct3`K;{nWW^n#7 zGUe`{!S}o@{6|~(UnO{}TkAb^$YGq_FECQgv*ZiTUJ9HL*FOf1 zd+ayjHv7yg(acv#~UXZ4?0P~%aqGVc>uaE)a##n2N$Z5Wn##pVRU-P*?S>O%**E#EhTYGV#U+~P08r~jo)&0V5WC|SY zLNj&0%K2EK$%pIatUvm)yDog<*LB0#8|s!3Ta;ZRb#u+K?^Aac=Q3CN=Dxt3ln*w= z)J@ZM4QN8$`VjAmr$}Ai1%H9MQ#qG)y_b-Ckla}^*BfLm?UBj63v1SW9-2?&p5>Q& zw9R$&qxid(_xI_=w_^0+yVnk^4@2nsO?Og{v6XidB3$RN#{qeq!}<5Au4l)oynVcP zRKyr8eR7_)-y1ej2``Zo?c4?a@PoWJkPLqQ+2DKa4fu6t-EgiYx4GQuN8%`be-QW2 zQtylCG_kM1ii%(NdlxJt2G&{VBf4ZMM@p-GBl}>Lk$WktbHVx`2G;KcR#u?wD>1MRbG@H>tc|k!h+bpgnHm?Y z12M4n3oQ1Z$%%pW3$A}my;JZ+FTKzot6i{m#lZTpz(Ti7jDhtk*FT`%F*hvqewho_ zrWja15Lnm*(dTa3zr_72>b=(oD>HIK}e#;WL*E?A<^-FRgQtg+-{V_;=+|61xX5AX2A zTiCw05?rt*#lX7Of~D=*F3P#bQv8*X-1}M|ytDW-Xa6jDKU==9ih(y$;ANO+H^soZ zg!^&ao7o3T<7S|{S-11nA6zgK1csx(Gc5fr`t&c95&doRyT*n3XT`4n%2i+cE8xIf z+u5tA*UmGU8ir+aOioT?BP{j*UGi_*U&K$=UKA#z0W^zeVDrF zWepdd5d9(7?s3xoicO~@PW@sF_OApsw&gXByQz0R{hhq1Pk#p;{q42lec7Y)V{iX> zpFD8%gE2<+(_^V8{w@BeV-GyUl;Shr(?Nc71auhQ{WHJhCh+sx=k(K$R0GNV_w-(Kpi0Kb0$zeN17RQ6<%^+C;y z{d{nn_V!9WZ=MEjI4JKDecFEYi8j9hJjJ>HJzN zHm$Xk+|t9~{TOAQAUCp9`0o2$YH^j zXP9dtUL)TUZT=3hzN_)~5Fr?Qee1`djrahPD^l!;6dLFu~iTVGAuSCAi`u!JF?rGM@-f zMECH1Y3%+IBU9~qGpM%({+Bw%&|Hq2?V~l$KJs;{R_0~onb&?MbHf*LPo8NQ=qlcS$eeX1 z`)Fm!!m0cHzS=EZuQ1~@-DC`94nuOJvHP{Nhx@?_=relRzV&0+hx+ub%a6SIoi|RM z-v92Y4}RQyDx2q<_+CfuvOVjkFEiE$l=q;(k-o&jV&AEQaoCS7z}w0m@UO7nN{-o| zE@2gaP%$4R^gWL56a2SQW=jnHq`!@{@iISaZFqdGtaFPWpxs8=O`zR&+C8xBo%Qc7 zOIRPzT*T7wnjEN|z&#FW)seNVz5{M{a-VOV1rSz4i4|>+9b; zHEl$vRgU*X+S$AQJ<9!(aybqC`;lfO9uyqqS8NRGJ>OysIjE2!;hSxr^spyQoTl&o z82 zn~lt(DtV87Y_OR31g(54IcwyshS<ZDPJ*pm4!O9$b% zRx>}fQ}k|Zoo&>SdG@PCb}3&Bj+Mw=<;kax1_Fw;#ONx$uV-A4O+WNrL0ShfcP_HM zAAKtA80cTocOG=K%ymUX4|D&Itd}tSGEd7sEIdChYhCbB(9QLK0WW;V=rbH$c(K35 zquKtg7}4XWAPt^{$hK=gBeHr{i4MSEF0wHSZ}2sx?1e^ z;nCzzXYdm}(Bk!7gFpAY_(pMz{Z{PyGx$6$`X1i}gf@*sd{vF`@zwAl>s^>bwZ2dD z4*E^@9Fyn=Z9gkM20KxrsF{1>mQ^Z`29=aO%zD zI*03Q_QGX+t-T-MHIeOPc-YO;4f3Ad1MFSM-cxVA3ZC)}*8TV&%%ky=WAC_$&k$#i zmwX=zS3&=!17Gm;NxvAk9LB7OUk>(8zF)%kd7f{!$Bp%Y!I}8wd-c7z+Bn8-EBT%+ zLu4Ps_|6diLffZ3yEcM1ahTp`#Xyc^tlZ<(<+c35MdWfn9hThZ58^}Vcx)EyI;b!E z?#Nu|*xT?&nMX^EL#_{-%SB~ zcg&S_X0lF%?`-mu_hQD<7g^6CaF3&7WSyFxx28_pT;_s>-c!tI53$Ab#0%G;pC{0M z4|68V$a{Sxn9nmp_BEWdvQ)G}Xhz*%@LbkKNPfKlK9crXU!`N|U(+||y9CZN(IeXCF~_#Ag>SMD z!$|#*d=C*?=0LkW&{EcUWXpU3ZCpwlKL?h?JVoLsB74o?PK;bPNa(Xu>ishZ*Zzg`X73|)Bha;$Z}&*u zaLz?1IDY+A^C_QTM%n*X%c!H@*odf~ev>-bb!`hX&^KwaZtidF9WDE1hKE^WE9;dM zW0|Ft-mgh?UoQKq7Vm_|7`vi3L?-0jDQkU{wC8Sf6K%TnP%HW~@Z|jN@3U_vHX}Ml z_#_417{<83ms-9U_uc5hSJCCN7EW|hsMx4}$L_1*&*|@TGM+;F*#0~n)1TP=@3&*S-0N**9zfQpioF*bDKVMEZo=~^ ziI%+-dW(*g+~hY$%RNU%EPu?wLFoBSSNqKa@WX}L_s}PI`==9ZdriCZz%L9AKNUH= zK>J_(8|~jpeC!@iFW(Abzvsn!(N)IhpE{cJoXquJ9wct568l2#rz``REGmc#7J@^F zJcHo*8*poW%q&CimI-~tUT8VmXRVVAjZkGmk1GYA5zHOAXyKNR@iF+MI=Czw0GDa1 zUgHvQaCute@?*he8hb^u7I#2gcxO^@`D+ol3^wb9ZyfndI=B6TYD(xfRUUUTU3jSfDrzG%E31h*~v$CHZkTI@Kh0TR4)5p$@myN`^2`Ve#KgT zcvSizZHh1A?u+0kI_TRrZvW+?mC($=Pjb5M_4^GH-}_Sap2ZXKA;h;6ILmKe7vZ!yT#qthOS_5-1q9-UP zF@VUwsm!^uHvx8)xi9>%f6IWz@S*6!5bp%Yz0CWq zd!oDDc+a5U&vcisePyZ9UilZwx%n+AMn9#Whu8A#`ln**FVgy{Z~p>$2UGM;KHrZQ z9YoG;O%CIg%XoR=G2t&C_?{+a@#%5%Y8@mz<~*}_%=*Ta&!vlIpo`?2wh`0*2Hgd>kG!>q*{`p_ZHrTy>)bz$i89I(*6EWul#C%t8YIb zp(TED@17~-!6(bUE+V5&Uqw%g49We0`YX@hhIYgWJ7ruNwBP8d&843jXIrm;^C49^ zIG7FpJR5`aZwf43bB@2F=a&2Ilh!xb(HgI}6Tc)+bix^AOmb1Le$UF!rbAcB6H3lt zE_z7jg&iAJ37<$GEgtdJ=GwCD^il55b;)qaEEEPZwGna-Gw{gy^mqjLu{`3?&oco1EFQ7+qsK+Rx7m+$Bk!Du4wo?!xyYr@Gu-osP#U%)bezTN96r=MLbSS9hG@w4|Rmj8#Ukc|287DKB-0~lQ%D~>)Zl= zi2o%%7dVK##g65CV4+u|t?+UR^iP5QS?o(7d!86v8(d3FbQ8F3@N`R#e~0X&BEDT3 zKgN1z*dCh?WG!>#PI$rBOU+qkn%@VkB-_6%EU3P00vMV~?-Bu0sOap!x9QJ^_@bzC` z!skFYT?j}241AL6^k6pYhrR>7)ePuA^{TO@kW4@C$F0A>vaRB_DcHuWrytOFC9)vtz6UCoHF7 zlGs-Er$ayC$7}*;&mWf^omVoiyJ)zoD&)T4?$-0#FaLf#{`b=s|JwSW`-jvmU&Noa z`P#le1|8|#w)9zOHo zEag2>h&|Ijb7+dz^SRtFSDq7v%n{`CjkH_QLBtO1t4RJ+Yz?^$74QTLA5_)1jJN&a zz+~0{kPCsAB_>tka}H5md>b?mUa!;N+CguUPg|qR@xgDhr=s|L>G$1xG)H}%93HwK zxH$z$8ehqmnB4P&i}`8KPxUzOv*LszVCV8o_pf1!E-(6YrGMW#=3Bb9OsZLTHMs6( z4sj!M1CoRKCUe(*u}M#k(cjrw#T@ho$?ef+McISQZSs7LntHW<{xr`QTXjyVhR<(rl{o@WV8ao70`lMn-xTxJ7RN&mrFOO5gYH7d zZ?kQgo(G-AdOGZG0^j;O&U2ZQ>zK$pm}O(TPs}o-=GmG9W8;X)rlCu27yHILd6biN z0avT|sz!LPr(|a5IM$!GPsAt5HiHYAm;+|dEWuHD-7q&CiSV98u3CNs-(;=KZ#AVF z)!Eo%c^(?7cFJ7sN;5vVh5l?{E?e4b2an_6FKtTOAJA|8ZA0X8|B!^LxB0%|n89jS z%PeH7Fg~cLYb>uglIGiRDnfptS!h5$cQpMcr?*S-%+E8)Jw$kx!!!0^s}3ZxCq3dZMtz*ew(Wyp4=SFm}*nnpA>I!K1GV)LfAFqIqWxs7}{-qDzr2>yVR~>kTf41QQ zPv95)nfYt%M)srWAb;}Oe@24<7`uak?U%)RQcC?sW1v2#9X82V2_Ps=% z(^<*2U!HGB(ehm(&-L8u{dJqD+aPi0&o9+$A-=`4HN>)uUPx%MT|!!uow`NP#{&-yr+>`<9Ug!7>qoPUySj?(`@+v5{L|y``RmtNK910_eG0q0vr(OrVD0BQLz$qVm5{Ey#PWm9er_i}W zU~+DN7yPqJ{92Jo;q}K^OA=r$s3Ut}aPc=>9aQ(4LG(j3d;>TF-vC}1eQo$vW(B;O zhR&D#rRaRWw3SQ#n6iRP7@EmifDFS^<>lE5E&J@@L3vqARlq&LUEXDuTz0$cp{SCo zvW&#e?a=82Ijq|myEnKx0dpZcBL&w@5LGQYz4l|Wt~Ze^5}19%04|q;X&cK2A|s5jD9Odf7U2DlbqfulS?*+JQm*UT%$8*>O_xdogTYOXIXujXm zm5vS%uP`!Yy^d!C>w?g+8CN}ZRCMZe_BoL6;fU>eVU#7a)I%S7It%e}CHBo|Fw10Z zat-&gS^pyOW{CcWS7c{aj+9Tvo*#V^ zYbb!b1$}xoYaGWksItIFwf<%1ov)^xeE;_VGJ)UM86mHtX_RaE`mMZ=)&^cfg~ue9 z?Y|sfy1edYix10|!ha3&&S2b#% z(PVJlOdEe8x2MZJVwD?Z!!L?~f4L3+8{B^q*a`fI_YSE;R=hV1cryOR#epN&vPP{} z4sxw`x$kktIM>WveV*~{xK+mYir%$k+BQCNz05V#@8+Ar<}Iu#nyz;0IC#xf!L8(X z7Vv#Box5zfif@Mo>f_n-IBXEtB$}rRp=~p^c?e^Z>T|B2u1n5Cs* zq$<~0W4MfW)V=bp@*O$MH{a~F^IH3?anWt5WZE(_SCJ#q*M5B+eP*`U$N0`Yw5#u% z$&y=+wln_Zm!pvkzQ>48miLObV)q;Gx?bSaH}WlzRq#+_f$VXlcIj_Fzc@S7Z}g3m99v?i`FYlSL5t%jRlR(Vx&)a|Ohe~GukGMFzG8B4oMA?v z{hZplk!RzH2eXXSPT6}}XxBmAcG0`YT*psTW*f4Y>Sui)`)!OLswSthZa#vX4jKwh zj86r0x^0vS-q!WhTCuA#M*7}R?)~Ly{5tkKCbug1-wy8gN6Xg^=KI#=*{bURayul+ zjIJhzHQA4N@KAKz#rAr|i^-SK2dNjP-|3?F=yw+L2H>4n@lH-=A^DRua;+8UGc9-a z_zoIxMsKIj4;T&aufDk9{TjpQx(!|Wr7O(n4{7JlQN;en&`w#)@*{BSxzs!*Fpn9- zIeW*K{C1aIG?%5J~ejNSn)UcF)P zdZC}xErqTgj$$`u{n=i@{||X@0$?TaZ`jO%phlQlGoxGteHu6!o{?1L=(gy z3^%b$RA{2-<}nMf5*JX?rcF{bOCUP|Cv8xSqyP7}&pFc3MZ|WJ{@eF?d_LmddxpK& zUh`Ue?Y;e%k507~S8c#vm-?csR<4>Y*%=nR0h>L)X-P-ma{d%+@i%neceA;_@HT2{ z#`rEr?ywdwysfzD8SXvfyNP`)idKsr7rtR-z4nc8)~1AEu@Cd?_B8+HvfF`ghZTM3 zHujfZ`ROaqg8!Gm|Eu8tyo3L*fd8NSZm8M}{!{#;4E`^J$L#mm_)qbVG58CQFo+Z|kb`9XL z*phcbgC*f7UxyB_K?kj|acLnL^|Qasrf5#qE693JhSmG}o!HX90~f|Fjl_={9(#}K z1|7L>`@8V9ave`|?9pq;^6S{)i|iwIMg0E1O50Bu3CZZHTn^5TER=(x2-IE@tLB@WZJ(7Eb?>M2b%HNduCG$ zxwSQyTs%6q1H2t#uKEJJJ`cTQ*5?sVo=3-5jJEaD9Ik7>H`Sx-%=wedd+W?-b1nt= zZu@pPs}?<1i*4zQ!}UeR-6MQ6=GXBf80VP^Y}26+1%CJuc=IE3E#us1@!IALa|E}J_<`&RK zIenWpu(|y1t$0}Y2^gDeuIG(4aY~^tSOv_S7j7Lmh8;x*;>QkeJccdJrw!LH70*5} zoxBg@^Im&_YofK_^V$dUSL_d&74=@j587{i^Cpw`{{D8xz&rATE~-8U9F>OHKh1m} z7E4Q^9>M)STI*rScPnpxX-c$|y!m%|-;&=JBu7M^w_feZ|2uB42RNwv^1JSPugSZA zi{B~e)qbDaS=aIApL%?1_Re|Xt!wkE#FhA41NqE!a3r5x^I5r;ud&$5x!fN3OkH_N zd9~tC`9-e-ujVsztej};DC|GJE4pH_;)!zjB=F3@2t&^h^4wV1;N2fh^-oS0|bX+|z{=nrt zaG-Vzo%7hYGyju|T$N)hGgwooxvxak?bW(hK@GtDR`a=H-nj#R zz~{g6Z7+Na;^2#iKN5G}a@P8$nRCjgMgQV!gK4X=ReEssisMJS<0JP3z6RpO06v^} z1KvMSkZSvJMz4@JE@#YvfOWvtGbQ{^0U!89izNs0$5h{}*ho3R@yNJuP53!C<}v($ zPQ>RyM(jMmUza<+vJ(%cicf>g#|>XwmlV&Z@R`Q*G0%9!PwXYxPyf^8$i4MW^`VXN>l6!Fr?`yuosY4; zGj}ujY}PhK*34^);G=7;OxVi*x^U*V9{YOk)z3D~`QB%n3P!JOs>P3~Eg2K7Sy6Dc zoM($GtjoN!IOob2o6@e1Ive@UqfI+j7hFx}eg7T#6H{mBP0XhYq>(WyN zsm$Mp-?BnEDZY;`pJ>fqIx&=*H}N6x-5gl{bsz7U=W-`U^LZ{Ult0l5EuHAIR!>Z& zKO;NNyoc!H{Vm&^M&9FG{y^L%-2VC#whs8F!zY&W&*hg3@T@nU*1omcr?#({J+HCD z0YdMBlGLd9K)D3*fz}^17qBjX`^~^3ncJ#`?eJe#YXzftQrWO<^5UK6#hcS&Z*)#ti)B@VR)xso#jIenZ!^wxW&p3X!wj zd~PEjG5$kk=U7WzWnxa=(R*gjBRnb^`%mWf?nZ|JpVqV}&w~72s>oxn0C1~yZIdkR z*=U{ZWN+C{#(cs`*i@++VXhxSAFlvb;^E#7@?y>C<`(95(uh-gl%oKqFnG!3{;^@! zfqTuE*f)`TUfSsWb@Y{lf3)7I{acRR@21}sjBOX!`yAU}iB4aJZJdPduf+B%pJMDg zFl$~q4Vr0;-f@ojl|4=~M*OXIU}Oy;IpttaShfNku3W*FHvzNo5%4!QYmSO%HgZk% zyy9su%o>x?RW-Ae56~G#W}I#CVH-XS@${L&wOk3Yax*WU&|k~7&D44%^hn2*d*;L^ zGbi2wO=^jII^nHaD{<3Y`G&wI8p+4iSnA*{+s7EiSOPsYw3DYCVdlLiNBF9vuf4c9 z4b6YWdnL*fe&>DBrO4@Vo;$4H6UIez$QvH!cUZZZXGTVIsF(T2IKA)Y$=*+X+`C?7 zo+H<;JSQ7{IiUZ8;AswP>?)vZ2ROzj-ZY8dT3>!1+6BmS5o6o9V-A8`M6cGOGybYt z_VVZqBsPlw`gk@S+me_U&SHLMW-~EZCV;@M^&^PbIDBKRDNDFWKx&&j*PPj-{5X|R&28d9yZ_oEw5gWm_Sxei_~X>H#N#0<-+|2hvH$ zGyKN8f1QV~MXZrX+dt<0{%6U-r}JzBHOJoPH#yH^tH%a>Nma+^PCZ-Dm_M_32D(ci+g@VAHg!y2>K$mHk>{H`60 z!(A_42L2U4*06^N@-SB4calSHV~jJvkBJfE$B%AMyONnswY>;=X5WL4(RK^(r*rR7 zXlC>U_$q|X#3M7LpVf!jo=Ds7ed9x2rw`>2MgLC5b%F0~@Yr$rAn4Nw{%hC0$e&rm zekXMp+NU-#_V88qbi9{wK=XJ$KyNwgViJf?t=LuS9YotMV&QJah3($iym_5AS&L_ABD2Hu4M7=i=21YKwQ%;D4>7N{9D_2hm{%I6(K#c!2)#EzEmA z<$2{NY+G*USO>`|GJ5LcgJpDrqxUT5pR4~?#>F$Ke=eG&L|UpAH}HU=Ir42&+Ec-`ELU-t|@=FSb7$-hS zV`$?H#RltAh}>(^%H^~BM*A-N*`w23Bd415 zf*giU8o6Z5CuK7TO{@BxaRsnLH&oixK{o8W!&kFGQ3gF@55!MsA z&|N-)|LW?dT&~R>i@h0(jh|jt-O8S>W58`-ak&1Nl{(XfO>jw12`&@!u!hs%-I23n zz@h!-3!o$RkbEh1I>@*Dv?SUa>KzLml#*&)PDjU-vtRpM!Dl5DDuF*?j;5&?d)f{#!`_jsX6rMV0tA)>W z+KNyklQAbJtDR@cLV;~Ye=rvwq5U-4&#^)?BebtEd&d}WyWZ>ah!gidNguAgN{(A! z^KST~je7h4$^4-`6yFJdh+n+;`)xcT-R|;8{Ch5+_^-n!s^$Dc@`>uWbK#Q$_+$=z zBHguXL~xsU$>H&61U_N^AH#=sUDx0m?|5GMvTA;lka>q!;@8()h^v2CNe_`y27Xoqi92|KW#SVp!ry-wS`&M^w!>2XV0Kn?2Xh8LVZB20!@#hJ zvEajBj~`^m^-Q|42Tz|%r#37dJ5okG)5iNtQ}M0fFU5f*F`jq*GQ~3J?iqSF6`xDG z+q5G;3mSJ*>)}4Db+2kmvMU+*TF?U<_oP2{KNA~P;qjeh_xg9y`@Oy`sAPkd<{i<5`Z~=^W>0j#qZZ-a}|2@N_aq zH-+~1jkFFz+JB_m(@x>P29NzMc)W+(fw{n`kiN9O5cKEhpUvkf}-oC~1 zEp+VyZDfDYdg20mHBBwuRDCD$?}CxxEw2MpEbW!*1s}v-`GysxU+G)CNPW)Y%wS+h z=KD(Ex`^*}yN|k8Y@%YxMDiV4$0=9@M=SbFvEM5zR?cpu#_k!$xWqT2D2$J^B*A(@ zKI2Z}f)xCd$I(a6az^uK&_{R8xM7>(z-Qi@yls6Ndpyy{DQp*K9}}kyj}3dPZ^jY& zxqv)$qc^(bix4lbqK$dH13b}H=&uFXQ4{0h!S9yPD2)#;M zWz@aN{sPlj{7&+p_MDW)`8+v_@lKp++NX^qp6zB&GQlO76eDS@8s{?lPhdW>iyY2U zU~u{Tr{wEev-@NB{cCJ?< z+mn2wXK5cUua0P9{fTNk4a_`O%5!N~)@~_92P_5dYy6vBzr7Fr$K|7ril%W+URv|C z==cA6@En!v8~^x^2ivknyY|s&xPJd9b#OjyhvOd?@Y#ZHQ+}-#dbv8TS!=c(9k)yC zd7zVW6dLRGbe!%F(r?Ij1U=IRf99tit&SKy#V=|{V>oJ!p5?_sJ~+_$Qn_bAyHsfBZ4(_D-7epmy-Me;D4e|<*opay z^6;H+$9L{Q7B%m%2U#f#C2o^!DVEy<{U1Z_=K+WGoOH%cuk3?wSN1K*KKv;-j0}h` zky+uRS?%*#NqfW{Gvzah=WD60Q{1)(o~NG~)Je1LB)DR%fBL9ztNevZ`rAVsxd%Lu zH!}MVC88hHp8Nhf;BLVGT92OSrq9IpCT;6NCN3Z+%DWzBJnQIto-Z_0y1|VTQ|NCr zeMldu&kxY2@}6bLXs#2x=FsOw=t?~-@*t$wtgK{hdcJ+lFp#Weu2k&90?dTep{YWv}9WqE|mQSZDmFqcdE6ahh|)z4;dL5_3ZPwQo+P zn*(tCk-1^p7qRVKLhRTledHw*V>vfl2PT2*1U}t&a@hY(^qHHdcYLf5k&R4<{e$z) zBy`5yJA7Fg$hrGY?r6*8(&v`AHZ>s@bDmE~g-79|$`G~s_$`ttjdv0`;bnFndcX2n z4fs^#v-W%Q(Cz4%5+@I>?`1XiIG&?z#r%>Xcg$+9ma$aY`RD!0KYxohTX@ftf8Our z-r{Z8)3k~GG56!!-KBONoaRz9mMHujwpjmT|(4HJgfF|C)m%d|81kRt}NttQ{h!y9fDrVNJufz2v7Vk&kvO^a}e~ zPaVqdEX41elWG~Cv>@|%^>)j5xqx|xf>3x%ZmKUU7y9PjVcVsGAa%s#OPbLEX{lBe ze46$31<3s_bZ8svlrpEc&1Ub^m~d!*UtJQ?@64;?Lz>?bPH!SlYU^&hKF0e!UQU8> zaxxp)GKSUp&y|;r)Mm!dSDC$bu`8L_jCO1E%o;QAIL+)K^D4I7*i`fz`*WJ}q7&{w zuR`ObX*pS;X|^A~5t*NYKRG4MI=c-Syxqrr^r&=91Nyp6ehN8#&D(VIM-F&wA~-ul zK5;2JB{4H6Yh9u>OEvL(m=8<3BPZ()c!Tv(MQP}!B(8V!y9*fSlc%C?`D_xtxY|le zJ6YX@o_xVd+9Wt`N9Qv?lGR1-stfxjIqQQS(p^cT$-CZ`AisZ$;t$ERXrSvGcsG%I zYE$=_bB_v+E_?&^p*hbTw4pI1W%{xb7@wba^;8C9WK&AqR|cM#>s% zpZaob%r5F&{P4#PKD{=YJY94paO3Mg5%~|>*H2E(q4qJkYHD(LOXG@Fvy1WbPosZ} z$5>C4@HvI+RoK4Q&}W~#|8kHBv)LW?$HZq=6-5es|;+c@Q}QQMpt!<_TI zBxrrBhCJ~U@Vhd3+^mcEJfDFVRKKmd*D|lIr+!g!yZrnX**#+4w(al^dPu%`C%VR^ z^TibEyzmWFk9vW3#7q0|50b$v@yyvN)cY>XJYAhlP3}r+a;vB(F7k!9Wc!Bqq%yzU zN!{E(!pqf}cD@dutiIXwZ^!5I%X4WDscPp1aPNHUe*Uvh_p_e33oUK6_X=8wbudg8!8c4w2>G8He%so8k+fOHRPY zlI{l=Yl(9h<3U$Wuc3!$j4K(VYb&J7YvD`zWx(INgSkBUS;DDejW?;C3B#YVf2JOm zYyZi$4t~owaQWNqPqY`Tn&WlvO{S0K^no8?;{7gTD~P#>+f@hKN_(y72F({%fUh~^ z#uQs-I<_Mbm=qTWfx~_`=)9X4Yx2CCfbI>VleSX>TO+;e$lM6*rr!6}xbxdO^FV!% zh#fQU2l<{5TZ+v2runk`)7%=Ofq6&O1bp*h+Yfmu&i`Of-9i4xk>S<>VDF_S_JHiX zbZU@1zVeJ-KYjIIp;vFhM~1KTOojFIxr!@mwq)Y3d+Duz8#ha80e-No<~brobL--X!+@pTzv0e1leeQ}IM4eJ(*)Ex~UR zKS;N&rq8+1!1aT^$nT?J8=fclE<3I~k#bxg?CpF02yMw%sifVPu?NgI?^oRcv^D0kK(#rV6QhLcZ5f;yL+jy8nwS>^+QLEabgq-0MUysm^9urj=Fs%cr;CKW*7#71vSgU37eO zWp!a3Z`4Y5(Q(V*k38@xKF^0o41aTdI5@TOYsEr*7oQiyH_X{QxeU6H>o`EX)!V?F z>I?X5CljrM>!FY2bq{i9=mX7_W0TMRE9zpT7xH=cQD`b&SteeA2Q_{@Cti8oc@7(K zK>bwWi>e-|=9AO_issSgc=~t! zOPviP`S3fu^nKnj_SBhUvgFVF?M-Hl+bZVy9DgVse?#)m{xySqJQprEXYyqa zY?@E>?&s$2x4v((bkM+l>*BLYV7ndI8i0-U4n-C4&m{Uz#K#dV`kOm8aU1l{YQRrY zO^x_mwy>S~{PXxr8Pu}&^(F1=>kILh%-^tm%AF?B#=LP!+d9d`bYd$S;E~Sx#7m03 zSu@|c(CSs+>wM#8>G}18Z|4BDw!u{x!QL?^a(mRs-&Ir5q>j&DBjlG^hM4jYF>_>D?(p>R{n6fSNoJm zXN2e@8Q-eQ3RN}Wt4V*XVt=2#D+*>`z`kWGH_JG>*%xK+ij3JY_<4aZ6xIHE**9BH z9An@7WaBefGgZ?geW<*J<|pJ+UO=B{|AVQ(y^1{PFvc;9XS!duvXtwJ1Pp)GYkj*r zf6)q@#3oqVekvK9RXcrxq9lC8`6=;{TxJ=N6H=8Hb=8&>ridGluz@bSoB_~6xx$YwXW zxBQi>u6X(6W^$`-$X+||m8{6P(lLv7q~G9&J?IXNXR^b)d(fo@KE~?O*9%`axhxyT zKumDFMq3&K>)@_D>MO~r0-hp#@dr4!Is~p+12A(#GWv>pF1;7}!u71_o006}tN?J- zV|=1e>~*7OlVe|_)9r~2ghWsS)Vd==hJgEMS@9n{(+n3-I93gVf8%El2 zoQAjF4u&=HFpvi;<$dK#1Vi4tgkb}C(OT0D30AN0kqo{=oVUFpncuW4xiP;-a=s$+ z&}`Nb71vEfm)9uAyJ1{(2X^<@TL$ZIS5MA)Xh4TcPkzUfTekS;+WVDe{d`LQ+*uI) zg074vU>7TbqfI^X9C%oKuJ}*a6L>~7C}DhoMD)XCM?Z9qOW1}#)2~0JGYg2tmhkKm z@)`KR#>Qo0Ckvr>isQ%m^K8E<102g|Wv$i$*I(TZU&@x1!JCq?TY1KZ{HEa>`dptU z*YqAaBrrDd#d z8}MaCuu~Cq%@XjOiymz^aY!P%E*R7LB=!kn$OF80QY` zuk2sCgJb0ZhI&^zJu;da7xeg1^5t`&Bf6mekQFRaE;AFo4!ukq?uUPu2L0PoYX+~& z=%*3&$?`R-IlrQRK7V|;zS^OY%byp15Bd}gK_B_#cm09s6M;VOv{p!K(^UhiT)KI*(dHJ^2dp`|2u@{-COWX;a3ghTBXT{QfIt8Fp zI<-4t=+uI*WBf!1j(A$#9Y?F@hmfZ!*lh3ms@6xX`Xlcl_QO`Ip39XZV!t!)JXLQL zIl{iFj%$$I6!`k(Mn0zQ>-`9^A-rnhtBB^|d3R~*z}(@%pPPC3&4c#3=UvUi%P%+W zgzcPhqH2%uJJp8xUb_6dsu$&X!K8J3%9ZH;PJann z>_1b~$~=1}?}X@I@vQcHQte;`{3bnsuhN_8%(2TxwK9Ki=0wot+u+BID^|>QeYYj} zF$?hXyV#Fs-*5V6{1ZHJLG6V?YENr(>n}bUu3zE{7L^zsm2AeUy*S(P%esJh0x&EX zG*=yrz4i;62EzMAd|cs5IF(PKdOOv)&2xOLqtx4Vkav!(oHV-~SR=`tQAFPwO9y?= z<=hA9^9VRiCpOE6=Ubsc7@ikD`I-CGI&LpdE*4LstNVG57+XB&jiZ`BE?Z#cd0DG5 zExPC{akkjeaZ48t)^Rf!yQ|+$$F09=EyDg#t0Z{+e74}{s%~j0xw%s?;v=@)8z(or z2INNf2FVOO6(O!^gD2wWc8{TBRBNd=|CTsR@5){&UT^1GCA_;6|6lTu1kDUCa_ziO zuIhE+pLkuB2;JmY3kD~L(J%LJvNNXoNafz3xml-8$$<2jWWbLe>naM@uYjLS4jg+k zf5l_7`y6}IjIXP8ciIo89N(-G8XpZMY>PnSWyCVIjBP1673|*~Zf%uM;r{la1B{%4 z6V)`8uSlQ0WCH6vk-Ij=y^L{p8W~A2GGgQdAB9itoqM13MlP_HWB+#H1Lz$+ul&rd z+|%59E`9%3&0P|R-tuGQa*6D+>ZE~xr)3>HPu+Q{nYRp@c}w{Jtot1I7oT9>62Je6 zRODJQo5=|?Z@G~gJJq%3Gj7!~J2fR{-txRNZ>e)=G^aT*Z)wkYeu;M_ck#BPhBK+W zc0Nph@e$oUe>tW}hJW}3VL=NP~j_L*G+ zd4>PL9vWFcX4ki9OsdbXMc#MA*Yelf(Npd?D}iqvut{et@1F^LLGlX0RPw;c;_i2l zSNOp&blVbiTLC&~IrbU36pu2m6;*6hi(XJpp%0$lL{4D?=i<6Kg$;~BIfV@?CeQvQ z?(iHGq41n*Sh^-aJql{uXy#Ovv-F_=QUei8k=kXWw=z5aLtu@v!o3-Qqf zbXa8N%0aRE)Hj@1op(&Ej&4C_`(yP)@N8mqaOJ|`!k~V7cs`dlpF%$r(pLp`a>a_w z*#*R$&`xn!eE@yAl$g_vWnWCDc8d23p;ZO=hPT<5o$uhh5Fe@#zHXtvNzj2ct5t<= zj=)2!Yw!X+qDIFI1Fyw(k1sND>=`$XeIVX;j)FId54Jq$(HqF)L`QG*>x=mK02}Z& z@!MuMetVQY|A)tKn}3h^?V5K@{Dy26%TCzwTW<$^O8jPOQHG4)QhkHg)%WXlhdxu| z=<~Mm+qb4UXR)V!rM7iQn$= zGalOfe>#2}(I3C{Uc?pSV_ujaC2lA3LZpeH`KWyI>Y`>$t zlns&Zc(P|eUJ9}46&N`2ZvVOizNd%ne8(#v^=)-!OFXVTxt;e2#)_GLjh7qUS8ZRd zL+c4Pn%qZHPl1#B&^6@|`pA8Bk^AWO>-AD!CA}EF}=BZpTVrT<5PSL2dDx6aw? zfE>N4Imkt>{Pa5)p76?78Gc><&E!XZi+qjv9pr2Hb>!>4aq=|jl+U8g=n~{a`H^m7L(P+Fk7?!OHxS>aICXJ* zm@{j@pJzYT1MtBaZ|zARe2@qqNG|PqmZaEW>O@RDKun@D-zDR_h!gg}8*@e{ZmWPd z9;3ZI{dtvOYd$halHS%VBTQc^nPHr_}4E#|IPIp>2dH4 zs@HJxDH|sa&ZqpL>NSSSrwppsK$mF!)k$PXYn&S3=}z(~s?~UGs9KHrJU`!g{$c0& zxO_@G@*;WuZFL$uu(RHLit;mElyDxypu7b#q+@%t3@WE;@AA!=JfzHrt9)Ih8t|1zHE zReP|Bd#Zc+Fm(`*JkrFYHS;l#WW9J6K2gXv5V{ zr*D(&5A0{&ij1`_r1q9txeUfuz^A*1l=!}lIry+=4~UEO>8^289=69svF`5#WAoP5<#DY9|ENFTa?GCB7!=QDu)nCw!?|xWkDq<* zJpKc~|9~@(Ux5GIHa4(rnKh6PRt^}SjCp+O2J!Ef;omKH=D6CNb#w{9c>;Y=OWmY= zR^?xhV}sj?J2a+B#;7&n^67^fkJg6QhVA_#lmmJJ8*cE#J}2@S*0X=a3i|D{LPa{G z=mpwuLFZ+2znS?E)ki6Js{KGxjkn!eZqtm#&d z2if$q6C70b)5Kn1Av`Q&&R%mhE*|uIE_hJAR3&i8E}f^&Ml@1QW;;6B-nTh1cF=*( z$O*cv4OrTVD|FVp_nK-pa)ucHP~#fphunnBlB=COXRw^N-Nf7lec+Dt`y;1~t^eKS z{bw5o%loc(An)G~&5zw|b8X!zo?{ff_3d)KTzzMZx0uWcC61J|?BW^aD% zwBGmD44E7nH1XC9?d>!!qQCFOBPi1unYbhp^ zd(b+)q}v8^YZHORoHs>IZ7+K~-hq8kE^7+@k@8r|sZFJx=#^CV-f-%PR8$E!0YE-S@C1rp?i& zO=E*EVk>*_^VmP6Cy#eDZspa`1--9f6Ss4nn#skg4c8oRH+c-jD{a_F?HyqIvi5lZ zJxBVU52(i5#Xr7_XxG6y6w$!MBh+VJz$Z6FV5_=PqkukrQ&$5sE2oGJ%yat+8u2YbnNz<=`3q&G}1pxll(PI8}hyGCX@ z;NcVa_8su6X#N8JiyyvFenIf6p2|Dc7Z|I?c}>31X*+_S*@X^UB3~Q-w;S2HfSz&l zg?q_cZ9)!HkVEkp<^9@`8|~kq zaqAqOz}2K#74WLoELC8O3(>LO+@rnUZc=OqH8`q~Jx0FqIQ%(hEPET`KMbzp3dR;P zPZtChyN)Xu`wD#CpKqk!L3LcfungS3t2!>;8C1u`xN^bAe^nh<6*}a{$h@J?AE1uw z7Vz=A)^UY+S3EbAUB4^mTKOFd?3U-B8{hwT*K_&fU>z#|c-rWgfqJh0zWk&AUFIKo zei6E8xn*+ns^@Acc>DZgDL%@(&p-Nqul!@4{F)``h5~fMa&!Z_a!~#ez4UJKkL5S~ z9{ET5zHa`Jdqd^=hRQ$shrLby5gi|&fBc8;x2fks&s~#$ybernmw$BggRh|HIYU%= z#{KbmM(I!G7`4|4=(k3`y^}{gQ8|R~ zKz?CVc(C3X<I63msKC9K3;osiN0;b z9tMZdMmVG{!JNTh*Rlp&d2#5kaSi5y!TY(|;~O|*DxO#U^zVlc zlzTPnt>IbacTP&DB3q)p-@~g90fQH}@$GAGbhV{3#njG0w;l3z9~$Caz3sFCrWL_%!=z4AehpEr@C$j2?i7 zA7TFEA^y;xm#h&9=A8TgrMd@rVmP0VX?_IxZw^`qQjjU%Grnlr)$^ei=Izpv`1>Y*_w%P%4O|~AqdlEFo4Y%hW$BEp zX*Y3xOmW?Zz}Xm{OVyb&D>#pORB>IF+T*={qP^yiU`I-H#zVO7UR_5%PIEmhxV~tg zUws$XQ)welwuP(fDocOQ8dLWu` z^`WNP>1&%RRxGnnrcmf<_KDd)7C+&6pQs?d|wa!QkcKVfZugS zu;xn8m78m=3Fyj_`VQ8x*yl^irl{^e7|Vmd+o6H%hS^h%>s}eU-gS+w{65w_Sc#46 z|BU@~)+BA)c{Q&okG*Bpj<=1crdFJLbn5Om9-VrezxFpcx9l57kTWlAbItjO+UGzv z+85jL!)@nw{P5*BcKqiuh#UMGq1sS1^6Zw?cL2Bt>R;J(9{&@ z;s;lA*Q{+S0pHEg;LSza(`tNGe_q{LBPl%SnqX6o#fN0GTcw(i#L%3oQua~nLYEao*L>hRZUq|AU1#Smo>R3G*uDHyDSP3JWheBW$5?7t zJa$F-go=-bx2Ro>iGARz0`QaOMZ{C0y==C395wWahp)ZKL3MCy!M1 zL0ez8+!W?sn0x4A7RK)xzgaLzP-SbSfC#m_n;_1Q_ENriKpPLdZ2jm~Wn-Pp^h zD#4+fa<1y%tdY#dKFkM4_(SAtFzuW{!gDRT7XEC>xoo~0+#a)i(-T#kRg@Qu?zwvY z)H?b($yik^^3@~}_q`>-D6cLP>( zWALqT?>Kx6@B8ShQv>TOf+Y{nA(!$sl&#Ew@jJzO7&^>I$mj6RjVvtRn>hD z_D=Cp%fa7DAA3G0SiKu{Eys#(yf3+T)9eSyi6!@>!SCJd8K8Yg%(|j%tKQWKzxpgT zBpchAi*G(3`+`k2>teFQ^=7>gcDbAN^C|3;mXDrRj$ZqR>dcW6eoIb7+q1Gc$X^R_ zn(9Ke_t5t^YuU7gUhGEqbRu8cPdUE7qrB_ILz=;ZuV*E6YC$%K!oy1NFa`q?|<~^<9T2=Qa)S#7U z--h-NMtz(mcUPJ1cS-NM|GZ})W}+|VSi#tK^u-SRFLIWfE6^9%iLBk=#w)j8o%=F! zEPN)SOU@&|`Q!&`S3h>8!;xR*bzS+D-jz&=-$i5bzT{WyedXV&j!by$m%ChBUM)jE zt7i&)EIW2R`X$4|F8!83zXyK{{kk*YUwldJ*GL^#KmF#5e)zVkL6v{h4*zzbv#8DD zd3ZNtFzTdFk`@5(k9-u3h)`We1;#x46GTDDS46;3JTh7M@wgX|TA z9AdX-R5V-BUjdim;^pu{7iS=L@!aG@>po+Xphsu1m9-w(IYOQOUgXEjdx8HH@c)8- zhpFX5f9yqnsBR?(o8Zbz&u73l{Ojft6yM068Jrh~vv4NIZh)@)oOYSh?ww5AcU-6K zrRZk2?H{~N+YMKWn-04;cj8u8HuUM8gE@Qyz6CrQM0YDTN`ub>e+HhCrq3dF-R$OB z$XU$P+>GXI%ArF6bWrZ%DdinlZ|ds%ejYEkdAt@nBw-W8OZnjE5OG+kd|Gghzr!2| z=lZS5X=>mcR4uO;94!)Oz?-dTd)2Myu5S`$2SH@%`pAmlGaWi*;&Q>19 z@H;dRzyH|9jRWJ~q~Lp?KU&5vtkF)5gECW?={M8eKeI=C0us{ zzkSTp4aZ`NO#O-*V^UX#dxIFHsz`dR%lVbGHAf zd*J#5eA4eFYwQit9L~GAr0coi-kE%UOmkwi>4l-Y#EjvRbzovN4ISCeZ|N472VDP7 zvf=fuG(X>lzflQ2Yft?J@kjWLH1-rKO|WLHBMwkqsPL;fVMk~5c37cC)ps^y|EPyoL*&H76WS+BdQ<*d>D5S6 zGrvcoBXmxY*Y2TXx16%5RfT^vt_D8)LUW8Sp*ewO#d@Pthy~Zy)iQQV^vSf$S))4~ zTwKo&z3@jv`=NhNyI%ac`_o-mARG?tPnXSDEY8h*5ZRe>Bov*BTx*So;2e%EDfWHz z^3ey_>+8v)E5q>XN8k&7*f*kTq~i-N@Qtr(XN^iCIMC+^gAeWPp*1cg=RN~%vdQ^b zI?FfDx?BPc??y-coc(4m1%^*eS@p1)JAV!TLGNhKxprvUQe^c$fn1LXPM@_5UerEL z7qIuL`#(tzq_5q&yjOlo;0ER~?f!n{V=sKpXVZOfZPwK6<$Kb|q{eQZYZy7N3f!Mn zTNm+X1m6w({YdX|U$k`F(!KFq|2h0{3HeYhtKc{_Msb?zV29!N_^};|TiH96vEM*0 zRCAga;e+gz3wkQS$#H6K^`3a9gMHR_TNTxn%&S*~)-;jVi&a`{h=abgrFKG2|L;T8 zAdur*Jkn>)DB=A#Zz$PfS>rcZ_yrcvm-sC9PNLq5d-o$>=3X!%rt9}}y(8O~b%=d% zOXcVD%u}3O&-sFz^vOQkn<_$yu?n75eL@L16s=3}|B`rDV{2hgY~{=OqS zC(DQaqpvM#yuWioq)Gj9HsdDFkR*?1Woe(;L->+Qoj!rt^r`1epCjI;PX~v>>wTU+ zf!XOZr%CX8`!q7<>^G=-$P{o~3f|b0c^HjdFo0dcSe4_PDDY{{cNi~E+-ewvlOX{bKD{WYVX z@Y^X-&cB+ zK9j)#ZKU(QVgtr)$7l{cx*oQAFJPxL|KsT`YFF!d6l32EZJQrKz8^uaE<&#^Lf+*o zNq;_!-CBrV=D7^&Ikn$JCwh9HmDngA?ciQbXkL}z>3W1`A7Kx$MLe@8T;IIV>dhX* zneWsVWV7Ev3%0x6#={ozeu(eP{m0tDgWAfb-dS-^CSy?k*XujVC)4^oFWg@N7wT90 zoVj=qPMU#fyK1N5yFT=a&+wn(CDqs1V=m!cJ*W4DGwo^Qvp7?m&r<5tbZ+&l_~~ci zFTwUIve?C5DDpKf>lxr&2A|eSmvLtxz-n4DmZ*rTK-Dn*k zCZ2KE4dE>>j$BiBXtZ^C1@HcXIj<$W_bj}x_V4=5oTe^nlAocUR_@8SlfGzSPsh6w zpKkhl-!zN4$OcSlVEoowbDGXm z_kp}F?nADbgIL@I9A8M+-tWH4UwHra>L+e|C?;Hq_qtN8vlIFJ40ilgo_p2o5%0VF zD*Kp!f6PPFf(iUj zx}qDL`~scOh0W}N4|3?gk+Br9RyKvb=Zm0Oh&}Tc_*nbu$V1A=c|C39boPLQQzPb9 zrF7W5tuwquH`#RQ!ybMsuKk(m&+em{_7|o#RI6RJ*gY%`c8(T+P6*xbV-YDHEK=M;lJeF$%x* zCjOXLDV^>3XT#BJqrzNgf2+3!d^3xGu7A7l=Ar%DzR~!#WASyMMLT*?>c}~bo3JN6jH9Q`$|8qy`80ghII3hzPmh(gfbmGz zKMC$M?>UW6*@LOhXDjwZb0Dg-`jN$c-?pCXIRf8t?ycb`GnWYu6po!!l^2Rs=^b^~@bz)OgxB3vFfEZ041zvA4!f^F3MjIBTG$yfwdxaYnO!{>z$+ zShB;q%$cN%@8KDJFXK#ul|1(#&&V&-nMr#873;~mRV$~=Zn!$XX$tqwTlV|e&ih*b zq3=iKkMi8@dIoq}!A%EtPkVM2vlhAqxV(5==ispeJJ(5^beuhzN}!d_vsaG62To4p zz%SH8==)L6_e178c7yBx==ol6zT<;&{U7+gkg>l;zg6I40pm{tCrh013ugi4NCiLN zcY+facY5v{1`fNeU7mJp_`c{bOpLafOkuQzxbZ1y(9iR6`Ee8Df&=As$nO|AI5f+V zgSdQo2lN*%-1zK+z~IWmO0z%gK>cO&o$U1uz6$X1+i16t?^+*R3GB+Tw7}~-@vS0< zgZStPv6uecK66fcq>i`tl7AlGvjYD}v32%{IX$PLpWFXeZ9{>Gn1z>@kUZ?6~B|PV`@9Z_%Dp(Tom8zSsN|u z;1O~p%Dw!Owl9p!ZPNFd#4@_4?}~FK@!S2rhPEc7^Rm&Yd*R_??EVqPsJ0g%7s93V z>P@^8f9)H*JH?mKsCUx9?bO?>sP<5fj9Ad9y#{m^N-{S2!@&AFKFv$MaiLl$dzqF*VbKt*3wl|M>_3?oc0sQpF8b8gFo>) z{><;z$J6u?Y5HUO=)%We@3YSay8us3#r{iQMtuHF5yx&T9%!)eiK)#HjCxLW7>b+Z z5C0XoCzo{gP^xwL*c+S;eV{1<-IUWiIfA*h5o_w^bMNE?d^3Fy+J2CE z4x9fvU`^wIerxmK`o*N6bIcS57~)l!YfFM*@~UdXw}Sah#V<3es^vxZ@77rr;V zrO5GXWZy*B;nwh&<^f*$P4=uc^tS+->8#8J4viM@+$$FQaq{ekx&913=HvJr=*Y9W zHV>aoW5QNOr~Ibx;7e{BL%hFg(0ev6^xj6^>tZ~=3;sp>?ezI!#wT7_Hzv`*D*s3H zJH#B3^uIo33uExu_cC9pUIH(!V{A4Z6SOzH!Si|WEm@z0Z;*JnZ;Skl4*V9y29wxB z?NGbzgJ>U(EORe878IVX1moNHa9wf59nkEw6N^rvpOwDkSd1Kq=vhLXB75=z{MG>v z?Mt=&TRkVdvd`S62It)dc&^Bo$g4?)=k$CBHdlPt>G0jJ@cHg!>_yOKp~GuapvwZ* zB8oOkh>`r@K=qFg_TPV?X+fHEKMlLeeeI?C3j3aj=JV)t3ggWNPx6_T0qaz7^5NtY z)f?9)Y!e*cc4?vcy07t!&6mSs$vig|zFgq& zrTP|M4TI;zm#5)No#%Q^_4@agsB?vlob+${i43&6uG$esBf zCwKDo#E;~<4+y>~4lj#7(8lnWbbw&7>##zxzXraev>ic?(`mbc7)ax2xH`w!W9@I- zUl){XnZ2=Z*K_C#`?&|qbA>$jpY%VJU)eLmv8UJ&*RTAH@Z#|&H-Z=M+=S*O)PCS9 zdz)UJ*Ysvz`MCn-f(n>Vu6c%hZHXU$rMOPDb5G5~j$u>%%pWU1T7V46Hrnet!gY(7 zM^UcV*g+>}@4_h?cgzFdPZ)#Xa{syZJsJPYTZ`C-eeCP=?c=%4*5R?yX8h=8@Y9Sh z-CV$D67$NmE4vj!W>oKTKl%K$8Y`O5ny5(0(hmQpTY0M{`Da_ zN%#qjK{(c*i_@)5oCyUSR!wHKBbgc>`bnj~G+;_+-FGA}DN4S*K7DVnKK|XbA2{`# zt~WD|o*~-bhpzJ0 ziiCNtnenbx4Ig8A>8G|&=pFl?Fn0YmbjX`Tz6f3d7X{#=fbX2i(uj=on){Z0zm2x? zxt76SJU)I(dj@U~K0?4Oedf}rA0Na_-nrHB@QSHBgEz{^M+e}W%n56omaQnfvga^s zU#Jy4kG@X35x7n7j$Eet-gzRi1&(=KWQoV zWoh0-K5%Zx-KC$zDQ4bowNV=qFmt-M zUtMxa-*3M<{*=xxR2-^Y6z5YtaRmPG9k!zF*Nls{b18 z>sq1He)jjQCsoIo1FnoLfUEF0U*jQo3fp)f0A7NohLb(ukT=DV8EPNg(_ei7xDR}S zeMEUKKwIW{)qt5fp)WL*ZVhZ}W4!s~$&kS_R>=pVdDHB=a%_XCyHgFN_VwA#c_fCn za(zZ8A685{XQHW>%>EMaXs+u!nWpaWets)vD-D&L`vmoOJiFie-fZ*ieR@{s992v( zb8^$ov;LTGOv$;2cvd(wx-yrup^>@O_c^*eH=Ok`_}Jy&WO&rezw9j$&9(wPd&j_M z>Mvd0 zq&fe167qyn_4$f2p^P!5100S*|0mIKQ*ATWwI0b#F_q()oAz%{>vZdx4%0) z7RmEP3xYXK1^Coqd~U^)FBB3N@>wSP$b3&eJY6=Mb%4Map>7L(ZqDT@SN#?A&SNf3 zwSCGN%%yI>t^~r{DHEysA9Z z|E4BQJa&LjFRyNXaxm{c!|#3`M1Qvy*nIfU_j-Jaf^gQKJ37_n$J6LV?_9j*;eE(e z3o$gdb&xG%y+FNcsgz5XU#&U@&7T&7@2Tjs1a$8n>Z+C_lU?Xm>D^}Xd#a7pnnUe( zaRixenQuLL6usD*Ydv`$`F8o_7KcCCAB211C)3EMYYk*BdXqE2pWE)}%@*`UFctct zJImo2cx8VDd{qfwRl--xtQL65XLR2(!#}>NWpO+irZ3Ul=sk3W^d9E}UoUah0^`mdRG{r!BIj{RU?y?W&>$S0b0$JnLbNsKo_>@Z1l*YNeuztOsC*2wU^ z72K&txG)rGoCJ^6!lyOkf{mX-Piox2bEW`1YE6Cl>hvq7o`9T%YFAwxx2qlc{Tg&l zS>xO1;_~=1N7k_on)}a1W?Vc~Fun@L=gPbCW0{OcvhT|J5|54e5885Nt;O!IH;BC1 zHrv*#s`HfI90s4dd?-CQ)8Rk--hNvyo9^uHv0qC*7Rrai4T9s z=)?w&-4gNm#(TqKb8Z=Gj!9 z<-Yc#k7ORJ_NNX$^Ao#z$vSh7sg3w^2Y2k1y1C#|AX<3!{D$NHE3+g=_-LCOkjIn2 za}s#A;ny#_`sRk>K(MImmhIK@L7uw0#QX-<#mM*u_Sie9d&}QSnu+c|ng& z#RksB*X;--Ox2tjIdtR8>;TUtBYaim!ZCR)Q`e)I9$x&?Oz{$HK7fzd(%!>l7CcPd zN^2AL3p`lh;ei>{^+0ps^Q-WYa_Z_=Yx*Ux{qXQx*TV_d!jtaQ^p#@kTJU{$0$1t? zf7Pde>#+90g61s_T#E%4a+M>v+U&D?{sp)sW4A$9$(Zz63N$|gu3PcH6hq2({%gLq zRqXdM>cF}9DBtIfl%wotG3h><5} ztztKmXeD~_38y(r4VA_%D3_KNlX|j;=2SA9LW1LUfLFdp@5f$VdkG%H)0d|MKNVA}fjw0?1?p z9*czhRe8{3Bly$)Y~~(qd+(KTPxLlxtcZ`q6Hh=FuRaS)SN$N_)P8MZ4$B>{;#TRS zAKn9Qi0c%ist!^kcE`({{~&)<`bhRR4}Fv(dkYT*H(+1UMWyWJ)dKGpOelUX6a7?S z-J~;0R=0iDdJ^9gKinU^H3H95x8Ctt*2ZHi8qi%ytlMZ{-9`iJHgwMTi3thY67Z{x zJbKor=!mrw^b06dUD*05J8eUo!JmgZz2v9BY_~ zgWJH>Ztzk8Ubcn9(ZXMaP3)~Z4O44{HX7F=H3sqp-Z0P z-Mm0zuW}B}=&_~f+O)-YYTn(hrEzdnqPgEM-V)7WF6tM|7uo%+svGOzM*Q_b@S?mR zY&Eu=OP6^Hz6~D|FyRHnfJYMlsv;_ePg8pM4T|#ZQ89EHJ9(5*W?De)^3R{U-G1 zd$0?=#GqODm75Bv#ogt~zQ_Mpn*r6)L6ZpM%faWpA9~ymPM1OtefJ;!R1^MdRXS@o z0-yV2lj0+tov!n0vGq-U_8H69ycYH?LVsoGy!7d9v$@aw5c_dlT@upw^sD1TiuwC_ z6`P@P3J->N`+w{F)Kzsasdf;(u6%|3KXR7SDvj*;QesiYv*0AacMvTO+ zJzZz^&fwYP4CmQz&ZKSX(CC{uVoQMQCESmB=o%lj@YGsVMR@ph?q%G1*zBicLM*myZ_G+)*Hh?+* zx%_D79|!CY>%ba`12!uz5nnpFm@@^y6qk#!uNgmnAQz)?xi}=BSBL(nPX-<@9PWML zbb$w_UU?aWKj))2-$!5#~u0=MTCL+`10G zn_Po|n|zdD!}m5h$$z>$818q1zfNEzR@&SJ{>bYYKhnfbz|u{QEaXcxxvc(cz@cm1 z9yt8aFxNjo&u8P{@Z#^+cMtHS7k@5&PsinRP1_z``3u?}idVdSw0QcEt`{Dz*S_+@ zCQl5FMnRuuaM}VrM&nlv#RKknucthHNVc>G)=>C<(9~}aUQgVDA8BO3gR`*4HQlqU*@% zR&-CEa(m$krf&TKU59UOk9$6%>*$BWJim)R-p^l+YVAkgi*8y|_ecNB=)wKg4{kMi zznT2@%8+EF)Poz=7Y@SzN|WCkkl$tSUM)JcmYAbs3}?9!e`((Z=^)ieN{-aN{)|m) zo)KO9{l4doJ+@}bC+@{I9GEjYT)%y*?+G9FhB$t6#o-yscl4fMT}X4_i-YX^vVZP- z-slXT$s^xRKBL#b5x!6P<=%D9wcYwu?xf^avlgi^*_t8!^(V-t+TKGRNY7^SeK)zF zNzV5YU`g5PySx+Hm*!EQ6GCo@DJ#MQFyMb#d#h&hIGyoJhOoH!+)juP0uU zZ8I=fp(yJy>gjKW{Knf?Pr4G|dHF^6P;b?O&B)=bs8XK6#W3ell?=Kzyp6X_+bqfO&|e+k!kcA~zg@}1|$t6ktTdjGyVqdE8z@wE5{XyKKU9mIoY zdC#SfOA89NZfRI=U22$~9zDSxv*?rkUEsB2Me1w|A1}r7U0y{lZ1-2cdamND^>0*s z^ImPD*WOH+((jxzr$I9;94 zZyT}q;?IA5-+&J4w~N?vJASgI*wq(P;`}qU8zu*1!G}NoUf=UM%EwHHJMek%dIRibT zoY>(d=z_y((dHUQKYCy+2gX7BJ>@3Z=l5k;i+`D$eD-U<&fd4(&-ug|*4eA`2jtov z`+D$c^G(RWe-vJCogePq1?~#KT|V+9-)|?sBm8dT-sh<+a(U8iXAC%$oEjW2M3(@BNnh*z0`&D zKK?0cV_0*%{bQ`vKqqUh&$KbD1LyP8*oqg~3;rectEJv-#)o~{Q_~vzGou@a#eNQs z+E^d*qnYe=M=ft#U{vgV3E|$q{6`Wj)3iPjRCGFeqQ0DVT5|3AaoK=2#@Nd5mubg+&hU$eCfCD}J08_e zZ~s%)Mv$-3c<%(}#~JH0jP+Sy2WK-DI%9p^8SBr?Sck{HX2v?wj79oC7v3(Ic4riQ zkk!6=#g)D!Z1Zr-#2ol4_0Y1O`K5aJDXRGU#k+i4jV$s`3h#JjdMEw1L(A>ZN%O4v z;(vZ?-lUj*=U{uZ_onvz(X}seZD)yn7X4rH{o_1eqZsP7J4_7wo-a85ND2FuAYV7~ zTQ+FAqZgz*KLtELaq2`|A5HrGa=FjePm>kn-q;`GHvc8|@+rnw3=fqP?}E32!xM-v zO6to;TQi#flDxzu=4rJCb2Rgip8(J3IOTNP(yar{^F?c|5wiEG`039~Ug2QtQ_M36 zmo-_;fdtGtq&#v*mi0k=ZFgVFfQeuAtmZM~|Amo}=K0$5hQIObKZ2e(ajSKZd5Yfc zVfLzm|IhKho@p=UFPUe6trpl0eV94$Td4m;1}h80Po5aNdRAp#_{l@;m7qEQ%8zQT zmNnCtZ08SJhOe!wWZ$6<`1KI-S%ZDqLt72Bb)In^2A1<5Wt|myfjz0{3-Y8b;6t`p zdq2Go-cB7Q8~_J$+W{YwoIuwk#1@Y6ZN=X@D4r6Z>zR36OF@QPIOh}Fc+NMHeV}+J zm$ABI-VUyO)F7Dlz)2Y}V+#hsT*lZUv%_1;8Jp%MD~LIBJ`g4c;p^!}=F_Y|V=MU{ z)n2p){EY>d);8r|E!$Mav*I(&*-`g8wy!VQsl|C;v>AQXybGR2KQ|ZnO)bvT)0`TT za+^-Z_i?_@BhOKQFLQD+_<}YYEY_b>7uFR>YGl8zP3`z}f~OHbryYGiih82HzG2j{ z59e=$-LG|5RO=5+zv$2AHu^_rYi`S;meIPjc1v>szrm5#4GKriMSSkE;rn{pq-7tJmph2L>D0UURZa~=4io+ z4%tLI>E!05Q?-t%l9;LX@tdQa*kir3RO5U6w&;Dl6VN-#6@TZBXd3y=z9*RH8l8j9 z3C3#R^FSWBg8wAD=J9 zYwYhkS;yt&r^6=S^S)>)Yw~^qEG5!=pBrQ1y&v&=5o7av#%5^vID3n*F4-B|nY6-; z=v)78ZT+6!SFZ9W?=kBMPVqZs2p?Jcatu7woP^y+N4oy;fg$u~U%~XAeT?0kADqj3 z^LQ^Z3K=Gro^y+GxSU79-}AY^fZUofI(az*({vlAT@Flw;mn=BtzGb!S6{2Y2f?Yg z9xI3bQfYe}^&B?t>^!I1I7Az7IBmH8{6;f>F;KsjJvw~(0b=g#RMx6etG#1-X|)f( z%EW`%=RHo$<;UM*FSXub=!isYRF|<)iO7k)=kporS^Qz*ChDNS&-aw8zI`coaJD@2 zTb+T=*ENKWR3BO6+vb~Q)u%8Iw1alBr!#^Rw5}iDyIJoBWB-SDr5~v!vGdH1e?5H_ zalPm_U2|ej)qUbR^lQHbo5k2`7<)Vo+o45#Jiak*|F{5pt31g%5M-`l4zQQ;n|Zrl zv#%WArCa^L@3%Pb9a^eCAJ-*oRn(-Z4}JI2SiWBH4&rlUC0{Zzjo5^_AK6Fgr_yum z(K(q~CH#Rx?iGSJUH363e=D@T72jO>kVpVOA*A;0bB&BoG#>bPPH-F8Xv0rm`Ym1W zr>%I{Wt+Y5{VTcD!;-Z#wygQ675SyEDZlb(_S&zjpBs=D;r9UtzpD2ZkGlNzAoCN0 za)ISb>y9Y)W6m-a-+F4Me1EI{qkOhZE~%G4n}>g)8m(VUl+Fs<&*x=FQ#mWzy!$!( zyMg)G0Dn&ghSs?LwNHt+|HF&qU)%!EaDLFYh%IlTR_YU)i@Gzq5P#cmX-?a$Ip}qL z&0N^9+ zg}8V=1s&b;nx*;@cm(?oU$;o-SyrR`rf*_P#4`pzj;_#Nei7`^qs+79j()H=GT}k$ zZvBl*@rhEc{IC1?v&Jo*X#Db2_9wK$Z@v5x>(WyN8PWVe_^q7K(ut|5c@vu-aq{s_ zyW;yzjOT~o%jNf#%;|gezv0(r3tm6JK{3IflSgg2lR97gBI0S}nz;<<{Y$Pl-yN>k z{53Ikz1A1-?wPbR0mZoW5uQ(n|22MM>HQXKjryjb8+rDqiT|x=E`8un73F~g**nEy z4bXtPtZy~rPkNtCeJg2};yQ18J=bY32OiRM`a1?ps=FwlukqIYKQ6Y$7wJrTUB-A5c7B&mH=azHpvB?Nh8-OxyW|*4HRzDSnHx^um_9Z zw-~%Q?fGaAyq)#ao}S;q{gRWBEXF%Cb$7{@5@Il~9us}ip^xezT>4yyt2b|Ezo;7> zJe&ZJwTG!mgQwQv<7y0@feEoaPF}&_og9XtX$|zl&vJ7Z-A+B7-Z@M=7WZ#C)%Uzh zfA+lG5Rv>cUg?u!#T&uWYVrxxEcuH3_&R#m`~EK8_sThS*7X|G>(GguSbgIV@@~)1 z57_f^)u=Tm*mFTi)=c6p=9}-<@A}*%Ylis^O!|E+(V7t^Hiuu#IxgV76hRM*X6e+} zpnvv9Y7)#`tREXB89KV2Yk7B>T1RNs)AEAN3$`tD?202V;z_SurceVT-s;B@FyvUi zMsgTM&Hpl3*5YN_#M8i*m~L$~Ii;EpXC0SRAGnIee9tie?@g?=lc6jAA;8<3|`hRq{-sQcsdQUP?jtmg<&dfjt z%9V$B`2S<=P2j64@BIJgF4+J}tW>cmxmj54Vy6gXsOBbNaqT9ZF51aWZdep;$8mnG z7Hn=d1Y>7%kr`X)NLYfBE|W>YF{4w$7O>Gal1}SXJLF~s)BXh7PDzF4|NcDZoa83O zzUKA%|MGg}b*KdNx5ahn5B+ia3H?!in*_QSHj36LF?HbHBF(RO*>^rTMr%TUOk3o_ za;JfJ3m*LZi$+}kAK-LSJ;Xad9RoIHo7(|Q^kZ9Xht9Nj7g+n@GT^YWdj>v{SnEOh zPJdU*#;7)lqk5NCq41iPo+CbF({PK<$=h~;c$=j6unF=$@|{~Jv;bdt z8f_}?1F{+87j3`X+#IBz$@4FoUxLknJ=`mEA1S-ADufLT9@a?gBKZq9&4vfI6Q71| z-O9d%busuf!p*dAr6Q||N5rnPI{H7(we}}uoDXU24!<~SBuBKe#%H6(7iUgeEiGsk zEr?l~#Ga^?#gtoI1HTOT<>0DMve>Xg=X|nh*<4CI>&$Mmvf1#3w^(Cv3Z6G?zk#pn z8++a6TpQ-dFz@j2eE7lWyvrus$9#v-+vx8WXTI6Lz+BsLMRM%8N*I?zlbvzi!~K^g z@s8*(JeN6d&1MdLi~+tf%sA{Eum;YUpdWVsI`G^NJU?|E@eR&_vInmft9o!RCVd;QZZ%+}w`pfA*8`RFGnve}7m$T8*%^29j3kp)mJmc=9&J{gJXJ3 zLbTK63DcO1WS;QkyXgClyf@~*EfgO?r|<*Yij57kuHPWPnq+>#zm?S*e3Ai%j{>JP z;DUUo^5g9`fjaPQ7tpLt*4Yc0eub(CkC*J^*Yq3d9HGVF`oQP@+kd9=ts5}l@) zY9I7D+!E!y_oBH+wiREjc&hkpG5ZIXK2?;7e#v{X9fmW5by?KmNB^^O1G)W+$kz`Z zbb7HVyXm{==+fkUB)YeK4b&}lV=9mjg}W9fe*u158hOOwzrHWTPCiDgmS9c1d?Rp{ zEbmR+ucp02zx)F0fnKh-s~NXeoeZ)6vEeV=vS2t~R()H36@0+b3+7q$shhqE*X-O! zB*S&T5H)UGN^&{ALX{W0zUn2^S5ciY&UPXBLw#LOUj<{*9}M#rK@j!+Jb87qwI_|i zm*j*<1iA{0NrzSLo-6U6IrM%;yrl|w2i9yn70)N}EP1}v?iXqI-QqL$VOLJJCuz*T zjG3*LZUeWYunF8sP6?V|hit|%1eW8dsTELi9|7iJy zn4S;tyugLg9ALB;7{#X1!P(ERl>?(YTo|o(VN`pwi-1w&&~w;bT8cRPDrfHDZA*dC zrDvDc)mRt}b_94&a)@;IFlU+xPFe4j^rJZ&I1K@(mZq}yz+V1N)?T#UPfQp2{cT)= zy|?}K)%jgGb$Is}T>kvVF}O6$`LjtfqPM>L@I@r=r-65M8tfbJy-|7TwSPBTB{SGH zZku6wU&Cydo=%|E-+$3;UCKPyAk#xv9C?Wt6Lg!-MtDafWmdLoyV=SOc9Y%ep1de(g!I0ttuPmGMp7RVpY zbtQPRi@xQ=jC@S!Jn4eh);-u?W)b((xY!q;wZRN$(Dzy00eqF@8>2i*`A*_>^sV=u zVsDV~Ivb(q%t!t*Pgco=r}954r(nbNP>z}H0WcDv*0rLK)!=<_7lrbu^YfQi33iv ze6trCUW6>II2MgJl{M@`--;pYX^$5CYFIJL@)h0=UZXb;ml6|gW8%U2FMi(P$D;o^ zq1%RY{y4I~2s>((VSh^=wjr)7FOBTiT&TVf@|f*E>#JB=_5WA1d~E3+)A>AnetCku z5%_G*j@>LeqA_$9h5VAcoi%NqL3ylI`tAqm=U0C_^7P-P85`qjuvg7+`4hPv>qPIh zhN;uWp5MSYMC;FSW<)dJYVP$8JgQlC2Fav_z)XQFlZs}E_7xzLCXh)jFGD7!KUN3S zbK$gwH)K-LKKl-^r+4gFtb89Hu1CkPbK>%0&B<}*WTHKNp4Fen>=ByN+bTSGaA>8z zeSvR(bD8;^_`L~*haWpXe*d?}PoJd@(FEBqz4f?lLi^BAXv%f*)9^G0Cdc~lG~XxN zH_ru99Dn#K;&lRPx3hT0Jj;#^U;J~jf9Jc%{+&f*vVW&xo}r} zFPY!k40a7V>#wy&7q$B?{mA-7z`pEaR@Uz@)|Ma|=7)X+pcB1saHfp-0&R%KHYU-* z6zGX;+VWR>G%!N!(#0-v0t5ejjJ14EFn?6`_zCpNl|9a{H(Ptj``7mqWYji4^lb_u z$=ICQ(&D{qkaOmMi|hE!r4P`z^Lf~*S%WD0yzc)m_q|>0{ldRpK^xuFP!5;kifXtLD9sH4vN;>oNRK*}kn7 zuNy{X`c6-#S6t$;B)Q(&Q)0gOYSuEFc(au7w@xm5_}TL&n6kYR`f$jVoh)1-dqD5= z`;a}P57&azjmS>VvWI$*J<|(C^ODPvMO6N*D~o(cc<#zhdB{%v$WENO(NT-+^enQ| zNZ66@YmuG$knbfs)gU|VKz15LcB;AY@ojl?k8XP$+3E4KE9wT3ooX`Etn8#1b@`5K zGE?d#gZ12DWv6<{PT5m}b(WXYf8Z=1I9u3HKj)Z!`ki8BCwp)En=+bXz#DTp>rfL) ziN`MPI8nno)L?Ji=v_xr9N4|?v91-&*IM39FHMQ3-8bukg=xx(qa-K8ta$g@Sr=Au z-55?`&ZIl(Kdo*Tb8puR`^Pe9?{R4IAnQ)PRGrh)IWOC1^B>>Ax9fZ+{=lVE#CK2X zNKuX(`1Gx6Guy<;HN)8qQ|j*I{>eh47$WYks4Jq*2dV4F)b-<1U;HPOf6q6yW7lK; z?LFA!ZYQtR?PgNlt33Z6^%FNW{FZN09lHm6gYN?Ik42*sQ*v>)U$YUC=IgxKr-Xn&&9D_hIL~J=|k6 zZ8hvc#m}`)HYF>U(Rb{zttVz%nXS{Doq@g@Yt=iyMy80drY4pm9rhA&GM7e1uGly7 zRWlsnYz4b!As@0KxFMOLZLziETf6?kZ=9_9^?~!d8h(Dhr~T~t!VQPEXJ5R#OFob5 z7#nt0_~@7|wf+THrc`;7{q+gAycgOmTQ+O^+A8?e4rCJas(10S(wrM&OuLDRt|lhBnwaQnVxsdl9NAvOe&X76a!CYJI!YqEKbyUPz~ewPKzw!1 z;$^g3veKMWo5!Jf$JfqUyo#|Xrb741*RJo1^02k?T_4}+{9f!Q^-*9Q{?ppa*(&|y zXWxqsIv7apSaI?3Cn}*S-MJ~~52;OopTie^4sRqrDV_NZDL$ob0djq~}&h^E4>=g@NGWa5mdE}XId-X&( zYmEA*^X_EYv^<72rN6@?6;t<(R2$iuI%}YDHI((Ockd(aeT91;bMJXyGBt|bH0)6w z-OPh>(o0u_j$y5&faSqW7bU_nh*I1ljq`-$#an#jMpU1#b)~C%|#1+Y~)@sWtxjDV)dWE zCf2=#dDxv2uVx;g3&UCXJtDxS<|!MQ^%1_Y^TAo>lFJ*Y=PAl$ul{ca*YM8B{x5s) zxO4V2?>s?SH*HzFHuXzKv9vc-VCP1$bXI5Xwtnv6#N94GM8*`4#CIgyV{;TeMKIKR zhm{+fYht%J@Uz0oSIv##0_noUGm>wX_uGvR`#`L90DtOj^nrD%Hy8gRo{eqxA^O#Q zH}iaPW!Lk-sL>i8b@t=juVzO$0)ab{H}weg_JK~ zOwh}EgC6YJ1E+f9ypw&BjB^q1&8IAb|8Md?hyPJ~{Jk~#InW^gz3f|LKW7&7FY%va zK3~?T-h^+8&*mKSeb}1q9y#!?NU>+cRtX0SxNg(jJr{%)a5lkO`b%t)Y@i?0dzypA zABykf*)*OBFQi+Q=J>Y0a&b&o1y4rfb0+FnVdUE1kxyizZgeAcTuwjBm=K?FC3w@1!{oN5cP4m8bDT~eq!Y-8tn(YCf1WFL{J$ACp8A?m|L;Zcy>bS$ znAp-h^c5>FC+THn;7-xnMe!V0FUvuHi&7S)><`2|7;t1 z+OBD626-W%5x}D29)i@_1mCH3>)A^^*8l0&qw)dXKSo{s^z&KzIfz{Y8M;3GQy+?F zAZKP=XBNDJoug+ub{Jy02Nya0JKYOxYd#lYf4MG$F>>A+v@ro~oUyFxWDYhFWVRF0 zi;s~DINWtab}{;{|KQm$`A&=RBkVX);mS&W;L=ZjEj*!{U<bc zg?4l(#l?&(M}}1SUe~6N&QL#y{S=)6duaN)HteU;1$+Jl`(8!bz7c4mP|Sq0ilef_>WPMe1S+1QT`*fWQB8FwyYhAv=-!`_CDdulp!@-L1r zLVH;>4-w`;{6V(8&tjA5r+hEpor0fa1N$?UR-NSRjk*=gx%RZu=lth@@6&V8cg*Pv z^L*)bvVq!rbTZw)?COvK%DwLf_-=sjv>)#T<4^b9!uk!oFps^jny+!?mr6FNJmZqH zU(ddO=w|6mtp&bG>z>2LcW`>faEiSr9|rxjYcSsajD6U#KilvB_2zgw?`Qem-Ts_H zyu8*qg>|ldi@YSjo)3J_0WOQdbHR6si|3W#c`4(`2G1+OVXcL1XM+1{|1k2j#^a4$ zx#`aktMwMLdjoUZeS;aUe}J{n{?X?$ExmmKTHlSVv5?=0c;DK9)whZK=it_!)n@Ae`od}2{6EgKdb8oZ@tr*TXMKw<&^w{d zr` z%7mAak6)l%I8sc!OCSYb9&O#-$oQ_}`87uS#}@QtP0)9{XUF&c(BWB$tH9xF@F~DM zv=0Sc#I@(njW0zGD#zblNtyIMD{q^*@k;nxG5=QH3eUAXj(w!9_;KYgYaOZZ@6-J0 z-|AwtH(PuLIw0Mkjy`LzvS$ywhB>nQr`WMWN3;(ax?PI?GCgT6ma!HMz^wSZ_vfw0 zJoe=z=aaI$r{OweyBP7vS?j)m3@RBN+0*9J;d#A$N$3u(ti?l>Aj0A zy#{Zwzu25@%dR#DkO%AA!Cm=_EUm{8*bou%sQ=pg`YtQuV#rr-$jMgq}Dn$)8 z&#K*1y_@?eK814H>4PUr&X=Ft^9j!&XPN93A?8>)D7^O-r{wifK88t>=Yg|I`554@ z-ni^sqAwNR?d0THB76Q_Ro379=BKF}`lK@XAj;5#8WeZ)9XYI5RxVy4!KbZpLOG9_1f-*SN3)|B(+PvX1o? zePj*jbL$M(@7?ncCjaw1vvlAE;)1}bO6W=VhhwcH;D1E)quyBBwqE7`Ku&kwf55Ac zu^b|2XNdmGzqQ<{tKMu{U}fYl=^N(qSJYMFeq$JK*iU?o`%S+0&3Bz|O5JZx@y(}s z_7VQu`2Pg|G3^1kE)-9I1D_@D+< zhH>EwBeorxY#H@f*#{U#)^CO0w_2GMI7VM=O%Shc=Qw0@pIKN!XF^W3c4}y`IGyD7g; z<>c`yqdY8{eeYyDrmLOu;jK-5 zjjW=46@C3J`z?qnt~X|S{17oc*`W`{7e$#T@q?r9Vcs5V`91kCMaw*YOtH=rgw7`% zzA!$%VJh|s_OEQV=benjH(-aVm+uN)wADY&+$0|1(a4yaGpg`Eh_A=S@8$jD3=nAR z80{7xx9fv#Og=Du@24!_`hm-k3!Q5x?@~~Hk?n4let{H_J?L?1Gfo+p3v&P(3Bq?3ny%`+k6*n^Yb`FrZcfHckf){*f8@n7-n zPUvBFn~gWm_v33pKg+i?uOSeRKua{QJ;+4|h@tYnZ{Qmf3&bCxUdx+Yf1oW#@9?pX z+0ZK=>yw+ycf_J+vnTqw8-OS3`@j6QjX1HQUY#M?aNXp<+E9@`}4Ef(3zmE;<@!M zeDAaQzQ*!Jp+^z_c3u1f=uO^uS#xB3f4t6FzvgU1o6L6tI#Hz@i#)rBd|+k2M+QM& znfTqc%)OOQz*o)bdl;wUoXQ?4ziLVEhZr$Jdat!U2u3;AgwAX%>M`#gt2) zwDADUjm9q-Ot4xBUKz$I9z7p?DQ6s-yJgTA*FTtlj5A!jr(%m^zN{^U@7}iy8I1Mw z=BJPO`W1ck<{g}AHj#PpEY=I$WPRpYUMt=#n{@&iF%N$2wSzyQ6`$Wt1@Pw!)T23) zOd?xqDse$x9r9aS+lLv8^^hzhJxuSvL(Ig)K5U~8+# z?_baNoqYBD(z3JXqZ^L$-mP6x;HFPDa^5RokI-i7>?L;(^O|3Rp0OJ_Dgj+fw(aO% zwEJ&aAHh@tn|BG?MLuE)XRPj*efuDFolZ}yiw4u#2az)LGVev(SQq>i zyVVBYCg^Vg^4~sS`UG-M`r6#ZyUBMuz})J-k6(RzALI1CRZd~_mX6&QtDlG%Q%4T@ zj^y!bKl&WTr@e%;>@V?9{K~hU-1i;Sd%3qyM1PnXm{d>$roMzI`LIKN64K64JwO~yPbB*YR2aMf*m)@Cd(8uL@TSi7lWbN@4prvh=(~)6p0)3e$!CEY`l3E# z?uIYuSe2cF|$r)zM>-KQ-6tPpM=c#xcpWHM??y z?fWBtVf!9U?z?Me{l3?4*6!y?eI8ve8$ULFy>gHXyu68$YlPRm%;P<*SKwW8{y6L9 z!qAOOZ7c-Q0A@^`kBpp_&UGIFqwSaAiGZHBINVOT0V4{F+G|zrXRaw^2S4~ z9{T#&`DcQ^TYHEUyO5We$v_)$Op$~nw~X9L`Xe6*IBjCA4= zWWQUB?N8ThlWc$9`>H$8ZQ`q_a}{-+=DaENd3$ce8f=K)_Y8(*ECceB1FndTwM@51R-ln=wY?9^`%P6Av=4tH90W*qE`q z3@JWU*{OnNE$OE$i7$pn(| zO^8?m^exH2?dHPsxyIkIgZW&`Tp;&b+n8d-wZ~8O4#1a@(+_xc8|oIlppJA;j&{lM zsJw6+Ym@BH5k4g2cNH)pcnQRMUPu9E>@_mKWPS359jIW6LQmnob=)?tMK3K;#|F1z)u0= z+10RPTMzajy*rC%jlT^x&4!jG=X!q!-k);uof8#-z>t^g9U5-$kylryK$Et+x!x7~ ze+!c^u` zeN0X2qv)>6llz&P)XzD@6fI{yqKx?nxqX*|o1#yLnUBLMX20yQCm7ofVA_Bex{q-` zpL(&EKa>q#d+XT%y>6o)j=rXN@SY38^J{r`w2b+(xbM>M_o^Of)uGGOV|DcIv3dkQ zqh%B7v9ROv_vGuC>BHr?=tY}2%nsjT{nj;H*F=KxTGqc7I);un+z9?j-k1ML>na$RPFMtOJO~`W3SJ(E zmz;jU@q?!M(mK-lPHXheig3#ye!8sNRt!DCKF-05pYCE#Z7g#QZPd_)Z0t2|8$s$; zJIQVAaNF2R8^`~ST z^R2z^c5Gix`DAMcvoMaXD*bjZIwAJ5`u4U-arm;O_1L%Si@3jw*tHsBPWLir?U7sJ zM|r*ny}2foW^HcIay@8>7p5()I|s4#_wkOs#@4UvM%rkkja@vKjlbA!!@FNV8}>SO z3;q}*TYYB~`)vhwrvUZl@z4IYx})yzQujBC?U257)?nMM=3Sk4Z0{RxvG>@2mFLEN z$0>u~VQ28w;X{wxcG_-n%F}3%hXZQOaYo7jKF<|SOTvX z<>w-Q%XYS>%`~Xs&OG3&gPf$ zv*s1Y&R(Q)XiOX94QU>pBqurX=O1(4Z>^#{tnybTS^N7!m46u@JM}-!|7`vvnv(_C z+ljOOkUJ-yjr!Q$Wi)+odSRb6qkWp7|eCn{@@?N?7-Vyk*9S3+PI)ZIvT@Gaqj4g>r zp_TSIbVdD;-ZT&h&OZgOtwO)5-0)b}PI3S)LDm$l&IPWbz*PmjF+v|I;I#>Ub5{bl z#vHKqcH46ahI3a6|A+};?=`%jz9=>~?!|)GyomU6yYB!Od-+W>!%fqDTP+`LD2S&r z7VO2%#>}+OcJoYQj35gst})w{iI9IgJ^i-I%D>J&MJxZpi?wIb+oRas<>X6|uj!s3 zu*$E+|7s`agL7U(plMHzZ|i5Vd0YO+TtWw1@e8+l^h@*xeXjN6dPnfz>6`=b74V_^ z2jSM2fcrMVJ-Or*tM)f4C;s($%8lN4^Ksv=a&n+Fd*$x=0OgdceQ@V2qKnOKS@PG! zx5&R5=B#$+e;|-L|JexF>8W*x$X{sn0CFfRx1IQ-&ga;eu5Vah)>ScqJ&eEql5;+S za#i(y6g`AIg(u*ZF9Qd}zjPc97UIJVx6X!l_R+?G;$6vOmf$SkUUW+Qx?B61H~5h~ zAF2PNtUEMG^(Pp++VJp3dq4&k=}gJM(09r4V%N5Js3cr9Yn{S*!JJhwzUUc1s%EDz=X zZI=zt+gtR;mxu`=&Z7_dtGz|id$u9d9SWF5(w)np<#|EuW$5ZXoCB0tZ}RQ;^ojDV zJmFsDBriyBwRSXoHKO&2_1L~RCuk=+U-wtpa|!N<)_d_5FVeolqaE8pH{WaD zc!=+l%Yo5mGX-BYu{qCwag68nUgO)^;_|%F`Lp`#m_MlC*5HtA2*T@RK3u#1OI?ko zFh2X%ptS?{2foyDh&}h>+vZmG)_9_2{@-Azgy+5zN4u2k7Z?%j6gE-i^@l)g_JH&OinTP*X^_k%U=2`C~zxUAd z_@{so=>2~6AAW4xmY*tl9(#a=Likabx-t(r>qiWujge8zjchVypCm4V^T8*!@se_+ zv8FxDgM4I?b9!j+F#RhE&9i=@T;g-&Co8;6A8)0P$$imWJ;hul?`J&c#&d4Ad$z~o zIq{dVN5DCYv?f`Oo?7V0&d9)`KeI1ZJT?35a?bu(%Grb)hh8RUG`{2d8hmZ=wBhaG zi_R}PsI!dFLuwvbbwOpbrhKjIpvgS9i8#ZJCKPYSmp6znuLm1Gc^5kx*@w`G?FO0e zTrT#)Ug&Zkbgdsg-d${lbEbT?OM8!GTM_=rR#U*c^Wmwpv6X?J>BrGsSB#7-Q2ffk z8zx_}fcS?qCk}6ry>2ALxn<}lr@@5`_l$0xgZ(mRl+U|9+;!%UBMWZhEVDC)v%)jN z=g9f6@(FWm{I*B$yRd}3%k#hCi{F0fRQesfTakh-26{4x3^N}dcKc_@!N*>tA#w`c z@OkoL`2y==;Kl=-?^@xT!m;OOotor*q7zx0lBE!2F*Y#oAs zR$>1Qi7y@{)`U2YCU~6q;#p!T-r<>e;jg()=l^N$p)H&ni0zpCtUK;CTi;?2`9qY4 zRo?twoBQNjs)Ie_r}*X%Jlm}AWFLHFs*Mec^IbQ*D-n3Or6uG;&;DA=OZ>{`BcJfG z(d+wLn(TEN<-w-iT-*6XE=fR3gcCo$dW?Q7acIW0>3-iRf0&rhAcdG;!Tydwiaq;J zF~N!xR@~PstZic~JX~wc0ojKIpYoYln5%YZZt}IY*)mS`$;yqH*DGH^dLyt~``)qm zU!I+9#9qxaYhTj))?TDN3Y4X_g@@+?Z|RAGcn16X-Xb5d-A`xMJR>`D3U=f+uD7!v zWqq%+?Zgozdu+^dKx@x;zNL&&GAFt}{ME*qXDxN|zNduzu5UY~ z=@Z2Nc<+h!7rzZo^1WA?@`)5XT3jCZgkM2K*Un)N8%uIcM?daZt8Sn!?bDYQgdwaQ8p+{-{ z1I&rWe{QC4D>mrn=qJhLh3wUPHLevKbhn}$(&L8yq-RLalX=r;7`gW zJ1W0ve7Ezh;7b42E)NZ0PEM$)}1ED4l?XYTTbk(p+61eT(S4q za`c{U!;LpYrh3<$D=}~#ouX5@1N2=4Sf~LOq&xP&@03INK@T1nhvp%!eTt0Vu=dI` zp*=FnLO@*ZM?uE7Q^+wo`_`l`yxT^qDBw(H}YIPbcL zHcIG^#p@#uf5>8ulJC(ETj3?G&!H#8B$vA}^PTWS`q+B4!#kUe8;AcRl{3Cfes4ez z_;=^KvtAtjVRA(cx^ehVInO%H2WHr_o?g_q#NqoU)OoX7-_LFd-&iK{}{Hix7E*MlJCrL z4?MdY`(m6NQ2H+U+b4f8-lwBJ{CwJ<=1<;d^}R8DCAp4Mw4V(PP_7x-*|O8jf{V!a zR`;b3=&`cla<0*m_~5t0mLKi7+YE#2oCRR^pCPwu#-|)uRlTRV-^bYIm74fmpToaS zgX_;R7LQ-2!>_a8xgP|!>{uE59G>sxe>HVVhB$@Jw?n9(&V$&|}s`dy=fJi#3SQe?#22 z;;SSNd426>O@iob<*ZMQF$b&-57^kjeXz~i+UkOrMxGB+zx{@_^I+J{3E%f(e+g5b zLVxv65BCwimrkhrT&~qOwf(`Qwyiy=+t_@ynxn#``Qcf!XEQs@+*p}}xhW>c7qK{Y zZbr+P802McNP(Tj||Fuimy%X^T*erudS25=F3_)059Ox0XCh6uXCh6eKU092UmZ8YLmkRJY1`kQ686Q> zq3WeWA$K#IsMPKiDA9MD$8HScjtGL#Q+Zd%6#pxFJ3t5ju z)b%BxS5L*3AC?~WF~#cZCGM$Nx9^A>VF&kX&SORebeb|RU*9xx$uEEW2+S6P=LS8E21bXOj z&meLoWhL)pd_(Xc-r3Ld2IyP=ar}wcEe3`}uN+%oDtlLs0T0K}!BvNB569j3g+bOm zw28SiH$%6O`58OI&x;3j1&djAypEYs^wr^i~?nhT3mF1;o3WncaP`tIOw z;L(Bfj_`)?Qwhd-)h|b$PSNZL*)=TaEZ{L5>&wL^m#?CwIApGco4@TU57mv>|Tfe~^#01-a zqdhc_wS0{^6n)Ab99e1cqht&}R$#9W>0K8;z6_iTKknk!XdPVqxKHKa$DjlM%^rS4 zRbCQq-ADOR>bjf%Zhd!S3h=qUb3X6TKk~aeGTNuzHgBBJ=ACYvKbp|y za+R+Mx4udFv(&ZFt8c+|R_42fHZ7c|L1&P!#On`akI8NuUAwu*@9(qv-&njz5&EBe zoUF^3Y~lJaljXsc?;WdC=L?P2XXS@6eJ}+YimtJLZ$0)O{7}g@c9l0$esCH&vR%3@ zS}0vmaFu|D%?U5fPfIb22C$TA-T=Kp56i+%a|N`;o~iJ4(IfZIgO4-F0?F~BR`(*upLDNij#+4R=Loh+ z=uAQI>*pI-mr9elu$G(+jol&ZbDU)!+j052C-GhE^fR*Uw|m_I&nim-y1xy-YiOS7BSe23g)zY>^D#!?_VX z_-+1OG>Y+CI}h|)@#gqnSyO*g8MdJ!XkIC6(ZgCuCb4l2X1?UQO@b}eqxI3+`==6b z3f!t4-oxL@+3^Ow6yER-`MqU-vT>iZ*9UCMk2i1)&v}P-_OF2cr}2v|;k6a;n33NG z&J|^vl|}H{B5d>)bm0&7v=?TfO!&;ls{9%Gj-~B~}oxMQ3hwb>`7BS27y zN7GbyFV|sw<^O#VeTC<0(`!TXCR=xb@-#3Pd+>knVEtbK?=?TG7^8f4^4IibK?i2A zKbZOY1Nd&(i(~C{Gsf!c%W~&cW2CKA{B`!sVBkmlKU8Op;G1V&A52f)XS#2G9KCiEII-@u3(JyIH$jild+XD&4U;<|pUGbM7T*n-w_aFB&N$77y~p09 z`ytofw2m|OJ^>8S;kk(LZ#q+{pH`Jki?^ciV*Xu9NB0kt@lw4DQOG zD>@|_)fWhML?g^Iv_pOFr!ND*h+`8@h4!a3tzuq*QQ04@|3LVofBXQ=jY&QNXqw#z zSj(A;lCx^D^AQU&bOkY;eN(O7qTc2}W?qglPj8do*7}KQua|cFpt<6=%b*W?p%bb6 zV%vXhFLdG*bfS!02aV8)#z$6LI-&kFLMJ{&J;`(eCDYb>2jz*Ry8E>T;7)DO9KeQB zulyH^1+Z|0El_kd%a^)tGc;m0aH06u6VQj}7`xzUpE*rFj&utb_8z#<{XQ2iX6fuj z>aemdab)7x!u|gL;k+@%7R4qY8=m(3czC&owRUJ#N)vkCRz3G<70KTJf77a2tb_1u zfcB5F9-C;-Yg_XzIw6@qhW_pFTgP55c~`jj2jZuIMb5f@zm-RShM!Gq@9|E_XLot~ zkSB+S-T1mud(0Udzda^TNha!9VTSuYVaTBcEFvdq9R(*D@UXoXmv=2+yL$0z?5vI0 zX8u6`q_2p!B+CQvk9a$KR~ti)&vX*}UUj_89?IDxX$x7iI`WwepFro4|5N)M6x%Yu z`3H{Nonm87ws4kM8!*)U32+zvDG&oUp*a=E5U1%6`*G~`X0ElCS6>Ni@viu!)t^5K zJ%Z093ZPRT4iA3`exv83^3e)ln|Jys>*u*WV;DNn$+)~ZwDJe|*9TA4e7-t$47Yox zy0`)D{tn-`;)tE!bHz^nquZ{QOfu##hhGl&p;ILLy|rd37r%g?`;+I$;ck83eaNq= z<;%J@n$)_q%;K(h?hdzX!uFiP*t8~^chO1lrp@@6CtbX&>-LX4)-~_G`>o$xb>`hf ze9D#Z+q+py)^tZKeC|HrR_7&WnMp(0;OzX(h1!R-NWNwAtqki73S!_|2Y`iOEFAwl z?J1vufro^^b-T{Rj!(RgHM4RD?-a4tiov}P{CpX_JQK*6|5j#r%e+}X+V*m4Xrbip zeF3xZHr9R~Ymc73f4T=#vfVSjPBRWkY@er55f5%hvG>_&n~?U{mx48^#IcEvS^C$-k#ljLWs zKO$4Fq)l5FurmlR*13*04l1dwqkN}%p)NZwA@I~7hmb#i+#Jnk4dyZ5xA`&{x9KRT z44-=|@a2}Jm7BLUQ%4PRtao%a_3ggNb()Vd@MS)<_I_yW9T~v*?*cXtOcnEVC-&i* zM{l^Ga(G?*jtn#WHuXqnari>8X~DH)^I~Oc&ITDMW=`<0pN4mz5#P4so^0vJY2u$E zvb|h~Z2+EjbS2+IAGL3}pJx+k%9JD=SVldb{C%I@A27CGOER+J{d(0mV5<+>BG{E2 zDcWFZ0(QJA@f4S~kXy3pS?J5bY2ovQJZtPWaoHZ8omSk{o_BoPa`r6u1FL(PckBZ8 zT*}9x3*=X^G~sb*g04jqoP7?dtZTSsY9?c1?2=7;fRA4Aybt{EXD)t8{R6q0ztpCT z>#=L0e`(CAtmz;;YLHmC^rhk9jC-+*Y{=N2Rk>nlE^CpFPIcyDv@89-`xc+s6zP&Y za$EMx+vfVxpGe1Mn2z7*-P&xU&GZGde=*XPdTq*f$sEeFB73jaOnoU5e7{Sd1v~Hd zObH+@p1QJIST+GeE=yu??_zC}*K;C$`^WcOp1wU!oyqj=a_7BDwvtYq*U8yftm#JN znD({d;Wu1gb%e9g18G$|e{J$ya^z4Y?B zt)7dlmLA?B{+~vCj>h@&lx203@Fgg|=62-B`!mcUVh8GP|JNDZ$6CL`p5qc^&kq7G z_p`AIeEX-4{s*y;MoXV6HzQzLNuB6Fhe^}iZ8)9-P3z=(JNd|9zj zdZ&^61&zc!9WVc6*S@uDRCitb$L{J%&2HazoVcSw#V!G7=y~~7w7=`d0rm{1+V*!{ zEJ@e(u8U6lWt$4~i`c&!gKm`qdy3G(FffW%~Ho!sIsPQmKkkk!6M-!Yl9KSHDHP@5bCd&i&VPra%$$lyc+{@2{L$(jD`JhkEzB#J{tbUa|zS23yD_ zVsl)|SMS>s%(pc3w~MWP`(g4P8O0$@$&QzjFYL?QYmF}_S11-#F#r4&m&d(+@aS^q zMVxv6`1pw4JD_2#nPfQ0a%yiWFlF;s0MqgZD2K&FINU?7jHB?_8svy&$PtYS8EY>}=^vC#i=jpv`;ER*-N8(pWK>Pi`oopQe zU`{p@tJ@$`{SkX2YgTX4=h|4V*{bI%_5)ClkzD)JkJ`LRA(cZDpQoJn&zf)g?S94g zs~r6^;*@uq>!w&=#59#dOTXaNbHSlcl%rHL*DlzDfVknEtQ#`Mfy5p7I^mgq;Stx} zz>H)s#k@?W>^n|-%_cU_`dzxHx1BPJTdvJcGFlcg+8JcD5@ITI8DF09b7oL*Xfy3_ zP5!Xp5W3LHUe;CTIx6lofZqO;`Y7CZ0e>-VzDWJwr%X7awJ&6D@U`0Y-sHU7X;<>%h$cUaLjb#(xuBR+{t|sEC@bkx0{uDp2r_SUU zrvUsQy7C5Vb0oLJBH^I-AArv1nm`BVUk|4sOGMe9z6!ZvfVn;vI%fG*^^?VQLF%Z1 zr#uc#f1LiVxv_sSaYL4-v(G$T*X%R5Jf#<&lAN!`YfC!5t{cGrEO<%}zTpTtU=-_O z+?+T&;VFT&rHjP}cEVE*g$`}Q*ZV{i*eiyoRMUPn?FVj5ET-JHAE13*lNZ3YA7hTa z^ICj!?b*V0zPWCkO0}b}iiY1!d{|if6Q?YRR}y1z13BQ-Kgkpxf8T8Pca7VlL3c{pY3Cu)>5CeN_xEo5XJ4L>pP`p|VSk)!eXu>Tfd(-9wvHdk&d z-*Ep^HROR=mDqN2)wJ)QZ(MQceE-*edwvgjU}`Qd>k872z74oJ!R$5kKzS_6%!Pl` zeHn3WqUW8&lG$;(>t}I6`z59t%crJzcyLvWGW7Tf?XSJ14%1yz;Tos+sV=m9{L9W6K&s zp z@4V+Vz;q4y9y~rHSeE@{FYx;Yb28&SX8IeEC3O`QW}gG!!J!*icg4U+FW5oOo=W;v zOg}1Q_oZ*LrAwavehT@wZC|i?u#O`62bEye-=)FeDq&IvP*(IC4X19%S zQTWn3KK9Gm_#1dN@gVGH9n1Mg>`Q$V_`%+cj08`o4cW)ho-V!Q3>F?Jw z@lBqU@GPYE+MImmR$hVb$0<+dH&^JJ8R1J$(}yqde+m1o1M7~=JCW{7_UR`EPPqQ@ z$$v`!`)I$PIJja52c}JbZxTJT`tX>(B0a?i-Xh1gDvlK&&WRrC4-ogFxJ=o3g%jHI zEI&>P_@Fp$#WSaZ4~pMbP7dLU;t>+iu$(*LDa07%eU4cD2EToOAWONKv(}~kwEpBA z({O&EdE++ev8S02`Slf7rr$E`733GHlYN)-4(e1#l=~8sX7hUHeGEPY+%(wuA?Li6 zQm#Y9iYiXL2AgG@DRXeiJEH*{^MPZbxe;Qq#@;=MT+z^6vrWEF=>qa^SwEc|2QB(Fp|W81=f zuXg?PL-Q0itDngMj>FIu;j79FW!bTy&aOIP*S>gc?X}K7o#d?Z-@9~8^vtv8-8W;r zJx{i^p3j2cpD@Ee#+U1ZcW1}!9_Qi2Cs>~t_;ELSlJR$x(9Z|K-CSsy);mf+dq0Z} zgB%t$Tt}yu&kRDlqI1iM#l?onvjF#bOIcgiLUZV6|BdSTHF%%50a=yrlmlZKzctfW z&D1>gL5s)>cZvO>@t$Jx@X}Tuuq1u1mh0KT(g3!Z za{90*9U4fze%5pO;^@p{>8oZ|(ncr~9M3YBLh!5q6dW>6&Of{q!EY=&r)#ShLtBcV zgYu#p=pZEmV6~WA%u*4 zllR_M=e;xBzo|CqlaKjN&~HC$A$zF_hi!cFemyT@zCLi1m8aiS-Sja>zmj8*%Kl%` z@-yAj$LsiIZixSN&VA@~%SA8fOUIqw^C!t&O6=ANJyw`wuxWKgTgW2WzKv!1kCE0#X-ewbLPXo=e)gV zj!oIYN9TGREv|O=PVQhpB3!8 zeigjzCI&ZzJtHt3oJAjwuC;rb_eXiB7n&_zEnUm@(T!Vqw`0d4wrZG@+IsdG zeC?@|_ndA%zy9tw&o4PQbiUEd=vY6a_T=`f_n%+#i=Uid-+l2s`Raf4EV=NW+mO0_ zIqlZglTR1fBgL2YBb^I{PjLPoa*NeqH>@zhb$2?lNxYU=sEx!MwW0_IKH9noxK%zccz`!2y;-qVuP)`}dbcskM*R7! z#_YqQowe@z>_}P@Pae#$dk4qX16`@p?$f|8SN%S-K)z4;Ko1*pKrphm1Nklu9Dr{L ze5<=7aFc-FCC{TBJ7;T1{yvIttCpOOjqKyLZU0v8UakEd0)B*_!9pWkQm3y#IZ`|d?PT#DQW-`>kwq~3~Op5K%^ z$7I128w(!Wl7h~2j6Qqk^5Sc^@HT>cm;w$cCx-0IvMq+NKQfjrJhbbA zk(Y3qkMEQ7IbEsmIY*%oxU>E39_uf7ZS5Sn^fyW$)!$sc*LAMj-)oTVEdIJWaY(j| zzAJ4WunTuxe*KG*=23dGaxNJDy!o7mzLjh{s>COnJcmaaleGo0mbJv@<8!xhJfmgw zQDt82(;?s?8y!vaQ3^cBcGu0CHVcN4VXYm^U84YF^xCrXsC_KZG@swxJDv`-bSx4Zt;}E~%+wx!Tq`bf^JqJBnnQfN7rfc;(5qO}* ze{YyQPyV6sjg{N1y@`9z?&QH&hLwND=!@)OjpVbFpRt(tWjou1MG;~I8CMEpkd3*D zd=1DaL)AA{Z!6)q>c%SW{X=E^>UlBabNoRrUv%k^$}IeNbP4)p?M}c#A2j?*^) zSB8CW7xuj#?0Y(!vT|BsonQ4s2Gk_Fz9Q(%m-&mm-c0rIlt&XesrHg zLw+1|AN^*d_t|&Mqt6)D(?|aVQyx6cn~0yX*S{IG_V;JMIr6mVYbERIH{nO$dG*Op zvk!8ePxtBJ{E~0_tS4!JH9~YZfLyk4u8Aof!_5%`D|wW#~qh zh9%JP^L2pXJXivcstEY4j4EC( z8ClPc**uu;{zi8#H3kcN?!D}BqCG$T6l+?<`h7bOSg&Zg2u%>pF~IGkx|Ys-os*aG zce;nB=-Jsh1f2Bb;p?RL*w`GE5phI?>-ld|Fu47#s8~0NI^zV z94?J3%S0Q@jf?Uyv^=-J-&J|#gPFHPmqW9p({^>1wXJL z`&F+UcVPZ3)*icK6Edzn|Ckuj{C2zcfhNvBwmDC=4@COWJ$CH_cI`R;*si^vEuS!M zeC4fL>n}_gcU98ZMi^J}IxY}|Ipa_3xBH6>2*dkymiwI(`;#Kf-xY2b?R)qRpiA*Z*TU_jj1wbf%ojM*_)0` z*y+iHh0N2kH{g@*xBr8Gi@putJJs4PJF^=;hE4R;2`dlAZehr&Efg+vhJf#Spmr|DvUJ?7(f&BHvVUtE&Go`~8G9 zkjz^28GJIPAbw|qa}LHtSv$vrH_86MSkDA}I|E%!-j9vn#@g;~Jq~Qk?gDHikf9{Q zgr9_dA)9;#JxFr7#(0bSo?s*kne`R*6}d@zv!yGp4CiAWRi0et(SqTiLkp7mIdgnA zo3*v_HP=O~tz=6JBh0hpZ0UBA? zgndo--g?|;&tDnCKjjS1yMp**^eDUTi@w%WB)8t2<@5OG|MeI)Gi|`0D zBYvUDJ&TCUl6zg}4@06$FC~IEBng=tD^0nGF0-Q}E zJ;xDRxeEQ;#dJez8sfPXgHJnKmq+ZcGKXu9uQcZc3^6%TaP18f&CjK|zWM)-< z9GiBh3IAo1U)fl{vc=gWp?CzJOJusa6u}1FfbAecSkcEphwxOK{SIzn5))#_TJe{;U2J>s%h; zR+xMSuC2!xQ#_E>FE(Y-uMzZPAN?)BMx<|K&*?5U@lKs*# zwcDq6J5Sg-uV(saKA!G7%%$!XV{`U?^>GD#v~vdT$>(#2_3L!556rUuJlXeZp%WI~ zC=ccJ`@xsF# zQSI|8_}NE+7rk?JJL6V=z?&ZES-dd2)K<=7$8YgHU=Y6#@dl4P1J}h*YliM;E(;brbRuj_M~G{? zwgK0Ng1_r8!L2a!W0;%7hvkQId9*v<_{J_3nZhi1_e_Iskf06uO6}Z1JM7x@hV1&O z&#!BbnC3uq0^dP0?NFIN{LIN+;l}ehrtN$V{n0m9dHl=m7r1fOoF-lm+?bn$8`!HZ zNmhC|;P3_PR+l14vXXeHhcELi|GYfDe3f}luvQjlx_uUBHOE)H3+#W^ZSPDnK2Go- zCDVrztt0fogY`q$MpggsRE~ZmT|%@wWc8sylLzmmz`JlD1z8vVdP(PRsh;;kHw#&# z5Ni};@0)1PUqXW|T$682aJ>`yXk|U*pkm~bKq~ga^ds9O=k#3V;@OeBc$7A>(~GlY ztIJ`n@$X+MoEx3#ee0~3^Ik73yen;q{k9 zk4MYkVLrxKjenuYm6eWInI+Jqu}`3fgPmDb6J&WUh045~DAZN2HlL^7x9F>PznXiUOXbNrKXk`4 zF<#7r=gn6C8H*QD-b%%ci1vxL2buS7@HYVsQ`{5zVX^fDhGaLjdNY25Z0wuDx82BT zG3?1BBR;kR`1ud)^Mg9XgU79&M?KPc#A6c3eWIOK{)Au12bYNQ%Q`GmpJ^*%{>VJ+rJZ7(43eQshokHF(;{9c;XE=?0 z<-pl)liKkWXiA@atK2uT9`KcMGN$NAA#ExLrRawD=gs$-%h*Q~#lHO4vFBTvKH{_a z$*k;$JSv-nWKt`KB9l6DXrQi?JIC0+%O)_LGpnHkXFtI`G~Hahz3V2f zjeO{How$WFdd3*^>_g5oa%DMw`yM@G4l1#M8SH=H-mpnOv@K8Nsy~RI9>4$V+;^zW z;==rH=&^;rNC=yKI6s?s|2;el+jxuj*x2+}c>f?}-g^*!a-N!L+bE-N_2y0|HsLVu z9iVJ0|GD_MTJ#Nl6^{Nd{QLFt@Bb^hiNlW^n5Ybo;W&CXKD?Pt7kmz$CpeGmTddXS ze%WiKpNz>Hi96umcLS@g%mEDoo);5iB78s&0rtxuclsy0{{QTN2LPMd#IzUSbL>HH zhG+h54}760vvQmEjpgzz`^NAVJ&y*fw~4Ri5r;kNM)2Vd>cV!ti#;ZLh|eqMT%W$c zI($`TTFsu%5Lb^K8y*y-jveXYbAI;s_JOOj&_$Ggb}w=DZy-;m-S}wNAb8Aq6m{Cy zlgJIXi~zf(>~*zq&9tdGT|)oM))6PbZ*&bje@b{L0~xApO1Lh-zLq}vT^%~Itv8S> z+gH6}glkx1bOCH%xlKzm-&tH^0#ArOFC|V_*VsL5oUZDOxN{?YQT%C~oFLyjFx< z2~U?Uv3s?8mNVb%Pg3kaK(U9`SM_j<;aWLr|45vg$1g|eEc8b>^@*fC=%TfX@tg0^ z!D;C}9|Xu}PVgV%+M|cJvEMG)A6bxT&ZVQ1$j=)A&gFmQ^_Bj!X3IOjF)c;JPWw5l zsOYR|=?UaCN$%D+rPwh8r+H_{5C<`%E`Y5zdRp(~HqGZ9J6>1!CH{UPY_~`NcUN&Cn%3Imc66nc(Y#8U}lGmEP9Z=pD#a*Zk`KF_? z2kUG|@Z82yLhB?i$nTqnA5U=J5C7Q1d%gA<@CZyQrZvxh;opQ;JDB&w#Hsp$*COau z3jezpr^R{NdldO73*TuQd$%Qf=zG=GN4-Y_V|5h4OI1e?G-DZcr1F0ZJFQa>`xU6C zClG2X%53{ZFFBa$e~0RbP7l_lgbqWOedijP=T*p&yLe|NeJ6&IJe<(dz@shn$(|`H znO3xG)KBQj8vVex9Va-|=ezK4ec*xQjvnx}n7;JWchTcEU{O4Qc-^P{>I=A0##|cq zqKjV1HY2)TgP(F0u_~$1+4k;5I`3on6g2)e@F9(|LHN!fW!h`H3;5NVJiB0d9s7)5 z8(6fw7^z;lZ) zo=jzFz+)}%D9*~gzQFZ&us1_HI?YS$e`B9#7ra_>+qL{Iz~6Mlc}{+{9J_a_W0~3d z%!F^+-EXGwJBM$c=XslKD@)%K&nAZChkTO^-=4ofaGsU~=N`RTJ^|i0!^@KCi|X(z`+I9r)EZt-AR6F3Br`1E0soTzb-I@h4^7 z6l7_g;g^an;#qt#BgQwBLq7I)?7PHK+nn#ulCNF$?jb(z7<*nCfrkNL6S(al4@_N+ z>iS&qkYbl=;fakGJ`wl!O61eNz6I|(kOytPnkc;Hh~>q8_dGWLP%kpaJl>sQeG!fy zD#i6h=vfZWN>|?1rL|0^i>h1ynx86g)waQ$lrtyzKI*;m)!N<)z{Hv~t&lL`_r*vf=aImAiXs7|6;LX=8o;O}c zjK$f z$RQo_aU{b?h&2$6e?zfOmL8=vz0P$z`>r$aM}o+m?3-%{#-(FRpDqJ$bNpuiQpU97Y~WlaJi|{+a2fnAix^+6$5$pH zCrWOHm-S#*DPhl+@O>%vecrS7^9Ok+YlCl}bioj1RvzWuF!g3pZw~WR44o`}Bs6aS zwOz9#j=eW=&DUGjF$XcpnlCNHt`|GGg8W_M<|OLqX7S`XiH7t4gL(Dj7w7!XG5JNZ zhwKbiUS|#@hxnNT<;;>?AX@EboXA#j$&ycix4pgWK|^+y4!?{&d&(`e+)vIe=4K=D z8q%jFuk^#q#SdR){MH7dIf7s7d&v>~tXB&2*oa-VmU-z1mUdHD1ej^i-Z$o^j5!x? zm;ZDZa}-9Wv-9HeR;|Y_)}tF9^aHI0GD87%j-!|EyPCuIC&7_;;Bt4aUU2D{asRye zI%DG}$Kc1>Tcl&5`vks?OoDyycNwe$>n+_O^i4Ay`nJ2q=sUfvvuuUsf+2A9LGV2V z7$nB5VO+)i0!_gj>b;4w}?;N0{>+yjKaF2sZ!A zYftdxwM&~lUVGC2fJxgX-)RnOS-(}xX_R(qX(N?BWMhvhT|4WA(rLlE;$W;bH)vV~ zPdWI>d<{J38()KKpK;;P(hK5YP7pt3WDh<&J)Vs{c#m>KNl)h4A)bwcOW;6rJ#=Y2 zu0ESI=iYp0SbN%-J*g;Y_G|w~@x`J#$(H383!jpmpMB0xFF_VAVSM17?6SkTj4e9N zU)KxlA(O{TE}+*yzp{a^AaL9ZY-nG8G+5hF#@x&1CY>xnUBX|%B>R7dW6bF&Zx1*& z5J#srO@b>6e{Q+pPGhclmoa~T!kF9tKjz*9ysGNl|KDfG#2}zJ^kSO{WO8anF`~`M z2?A=p+Dfn9`nxwF31b{;X>Z}8&4@svEeE~T3%5;}CDxXv*fzEI5(WWHTM=42-s>4M z0LKBWZ4-s&|M{-Hcd~Pgx9$J=|DNZ6p65J!@3q%n!#l0_eb>9za{BD{cb(ZEb0~d@ z7bnQCFsrBy9&9UDoU;{F+_^dTmiNoD|F?7_f4VTLwU$D!G5*&aza1ao8vzd zN6+t^Y_+9ZS)9caifqqJ>v-{!w2pfGPIH1q$2At>=im&v^l7id<9=+)&85D`e$FY& z8Rc(Wcct~D)=&(WSNmRU&anpaeucc&`}TgUYR3Y_x6*d}aBCB^JC|~lZr+g=aGn=% zkInjV(Q2G|Ywgc58=a*SnGEhW%t9ZmFlV3p%${hnsg%BoJ;SO3zDnVlab&F9b&nA7-GBH`7Nq zex(NgfQ6o8u|5nQXv=1O*yHeOJMA%NIiQ1RUc~t1n@v2k@lBcbhBDP&<7+*jweO{w zky7I2;MsG_m_KNiy;9G*(hEYZ8*W8Lz@t9ahl)R6W1h*<`xQ5^maM9^!FdnQA>(}= zT1Wa*@|4O4dLyxV%;(i84`a(=``h)_5<9+hmC`jAVy9zw*|DQvB7F(%@bb0yKB}_+ zW3t&3WLenEe{iP4<&j+05iH`_#Vg}pTiiLHZueP7);Z_XJ?4>h!n2FtU1mSGLHx?D zEQM#RXh6PTb51#w(T3aSN!j$d&U*4P^0+ZZB`d5i?1S&Uw81#uCRrtYQ?hX%aL=tC z8Ognb^Cyv`dGKsqChJI%m7!6A#>YaZ$wb#|;yX$iJE@dKv(YSwA84$qDw2(^yK_LiS4 zwd^ouE6sdEOc-+!CMK*99*qGN!X~@{^f*js_xm zz=E-pt39ThGC8N{o9|ms-j5$!w6qyrUhpxnP~Uj}b>2s5(~KN{COqoCFa+87DZ1WA{+oSM)A@)$neetv3&sRxKTR;@_FL z&VOM(Q~g&TWmkyy_Bs8OO_4fYPo@2-{*aJlV6{JT_}_`$GklhA$K=tL&-4*j#MSU7 zbCX5bVlIui-+dO`dE2ZuG}DH}F!X=RC8~c=e?N;ZS_7@-aYmWJcc#zia4x-RyxUJ4 zCSyTlxUt}`9q%-r+Opd|H&AlwAbqW8EUE*)ZrO?HR$FoPf(=!S5Au~HzGtx?axeR& zB3p>naN7B59_<7-8%)0){oI8|8!?U+^W=W^`w2UH{Zz3AG6#O~-4kkKZ;v)?^U7-I zw}P|w3awye4)^~|o6P!ztybh7bUMxNEuh`9Il^NZf3R($=&{1buiydZkgpRi66gV1 z10`Qj0@_mCm+4z`Cb~g_H9Ubv@z#)Zd_zii*YU_k3Q(@}%n979T%)(a^U~X9gM-!8 z3tGFWOZ%X**0bO+b!~#~7aF<`R`xh_Z|gKcL-z|Ey4SnK^raryVn-Mrp}q~B>|4Y- zSH+&R#lOeCN*X(;^R)IsVecY~J{tL$b1Cw%8l54#@;SzNBM;j1%sIVn@7X+{Hpk$7 zBL}T)(dyda@Fu;}i?=xYM8(iA6X>e)ryKsN7;E_Jn~bYb_IqLA$C}TK>%%|Hoct^n(UxE>b-5OWJ*d!y~RdT4%^eo)&~2pr`fXm0Ea3HYE0STN$`40Uw&WG&&^jmI4 zo-wfyjBV)XjLU8D`9XP1~C&=+@E5J!TS9lMc5Ig%%=oZ{F2G3-U+nkx^!j7?`jr~j8 z79tl|Ynj>I#GYN)IQ__m&G%qKBO4fOUhU^xwp^ZL2Lc7!yR3^jX!c2M+hN98o%I$f zSWGO`vt>-DLpo}?c`BavLLVc&^T78uk=giz;^_{v4 zxpWsXm>Jfdk(}e1_Ze$XW!C*w3Bz^?2Y4jw&Eg$e`{7aphPvd;$JD?a8ipTF@Fep~j9^p9-mSbEj< zqB+sO#$m}wUEi2Ve>YhLSCN+qls$sSGUn9{{PtyP&&R%dIRi*-b^n#Xq4b=+FV_CB zHUHL?rM=2iy6{f+${KqnUPPKNCvt1iJifOYD{s2}_#4#SnA@>28JOO31$aa5G3P$L z<@Ry!U;mtMWP@~!+u83?_qRLyJ*tiR?i6zR*3FlKU-p}XK9f9GMkYimdFI@q8I|B7 zdAHT~#sPmpe+jsp$a6W*`GJD|O56YRB%ebkce#(sj;$26XuhYj!`?Rk4?X>Zg={M$V_=ULZZedQSTT6xYlhPa3GTCzvo zmOOwQcyktgY!9t`z&E<%t-Gw1-?=Gt{51QtXZy!gCi1NLZ?oUd{q5Gus!OcCD&mcq zdo$-_d-oH4`Q3Sa9enqB_+Z)8v726gH?wa6^)Hxc^_9}TyG48OV9pfv+t(twcIA)I z&EZF6RAvl*&x7Af;CEj(egg6q!}FccBXdrbKK6ML|H{`TUDIN(#nn2Cm-}YoQi_pv z6^v;KXn5hJ_(#|uwCk?WO3mBtNVjHa>?>ODE5Ob@tvH5fr`vH1G4kh;zxdM76IEk< zXX5N>8i-~^!k0esgyta=l#wWepR`A`<4;%(t=;VC4$`r2cJzgtoj3=#j@PI|ea-_W zi9&qK5BoQvkC-*t(nlD#t}}Bu?X=xln=QH>NTXcMN8-?Df#V+JrcV@zGZ9;0Y;^9as^ z1*R`%S~HAp);s~-tQs6=SN;^aRziGg2zd}gM*ZjrXAq^7`)SH`;d_IFLtlGVBo18V zS1JasTY;J{I`sMB5V9-~gR z*~G%HDU<#B24WRI03!!yaq#y6*bjrVslZ-*?}f8`Qg;()r|V~(>s?%h z*P6`gV|Q|&qw&5s!|X48`6sal;WhT?X*-9nmv^VFX4d55Z<&OS7HtX@R5I5b)!sIa zE|;xzcyl4?;ycL8{Rxb-7ShdxV4|5xTPviMtCYdQY>NDSR#9CeAewRhhsVvmrs zE2DOuyRG{&O&OUgV|u9X@9jEwTi;@z9ro<>D;+wwp!2!B3(3~|RCZ)D?R;N(?+&dj za=&@Q{^k#QhTdjz{Ri5@e&(7(UvFK_ygcg@-n_|r@>XQ232hr|?lreyi`vO6sHDq{b6un(EKCMkdRC z+CM*ecc|~p1Dt)wxK`;KZR#cOwfg3M#+<#rk;xPAO0t}M`Nc!>O-B|~B5$NyR9(Uz%}ar`s<9V0rFM$RUJ<<#wJUgcZ{{>TlzHQTl#6fb;jWD0zdOD z6;Vex0j@e$@V>{yn47 z#rFC}CG&pNKYuiO)n3jsl>hC>IdFr%R@vIW=l*ea9)D~9{0D&NPtnyLn9A8!abJ2}t-^VzUC#HSduyHm}M!RJ4#0e(u_(zoc9BI-a8r^q$?04Ve z-44}>42sni6~G4tIhNI6QLcr~Tcvl}KVZ)%%pT7>$-mJlYlZuc_42u_uWIJq6CYAm zHF7}vlTrSFO%QznpDVnw$S!BS^>ceqo-OjUu!Ij7)Q=aqkUJv0%ACNz&z&i4uKS8;FnLub6e5C3%IAV0`&vFnfY z0bUqxe{kD>G3Za-g8U3KUlL-zBr~Vv+Q%_;ZlAM$H=XrPhb&)5_ej~F_$fZ5KDVwe;L$yjxG$A&Q9gCCXL5&P z^-j^}_V?_VM(A*UGkGl9=Oa&Ca3ns!BG$13xSMySnXIS4p0TWR&A>?OS47Jp=&KAE z4S@swbN#->4qoK%-T$m0IUz^w;Qpng^qe`qtose&NqF&s*t3 zIcr|E9>L6Gu~$qsv5K96<*n7bt2Zjv5`EXK&rK~~`{tCgM##rsYo^`zroVzs2-slP zt6uXCSoxiOLC9l%uD>jcdC)(P$sX{{Xbx{5b4{@^*kP3MRX;kEWj+66H;vc;1HWR2 zj)0$N`rSX+G_AEXs=zJ(WXk>simQ?T%g-2FOPp76Cblu>5bUEJfuQ2Uc}E>(q?afi ze8(@ab*Z~(OHBNVEG(+F3UI8O^PSYr81qzxX9YQ_ehcJpJ6G4a9vkZo%&&-WE09NB$a|H265Krsd=FV!jgJD~5-Teif3JT&I2=FeFTncC zF0AY9zG)uuXQBbo1a*og&eyZx11(L2E^?qH11C>=H0P!^ybj)@$c_ErBg&Z>(s`$; z{q#e4oScHkIJ}|w8{zYM4?g4YisDBa9oqNO|4YovrtTLY+TQ|CWjpkk=ipMju$4F} zzu|)rJVJ~S?N@pNIuIY=6w%&~d&H+&EB7xvtA6PZdE}QZJYefNeqViGieHrYOGE4X zq2D6#n&ZY&Ir-G*W5h$bw5xvp`CXf@H4mtMxj&bFZ%Nr-&PQJsz}Fh1@~D@(o)`Q- z<>KjL;(KYM(n>sO!X5sBzL5IPcXfPMsJ@Y3eVU(|7r6LIk2`U6A$Z2{DfT`5ZTu$8 zzw9orzKQWMij8lt2OLNp7;Xs

    ~{s0Na7R zJ2zIJ&-bTujJ~d)N}E%oUA6fR?RVJzK^gt0IY!6fL#EB0J)xRDjw;;@rU&tBWK7?1lo5OXKupYF3XC3Ev7lZMlW%%?n-dU55}}^oN`We z(2iK$JazN>oFZ{EqHQBs= z+W=E*V(YS`S`%YKO3>|Te8<%xf?+-|G@u(bmetI8?IiGJyhZIBxUg@J^4^Psg5`_A z$^G_vaJmOuGZ~z=fs<^W#;~*&fWG@}eb;<5RB7gGIrcNj_CQzl$0+n$BlI)2hihIQ zUh<4x!y{Sv=o;V(skV*1w^Hz}Jw6?-{D`(CGm!`~kx1oEUt_lfaR)y38__Nlo_4-BHVEky0%FldM#*4(BN^oVL-8?b|n z8RDydC05s9#pce!Kh#_`&P|Mi?`o9{jQxo9Ks83CF~(ZHsd_Z``@6s7jAP{6zLj8p z3YZlax$xQfj>Pzh@+^umYKaM~7elcQY72>XsjGzdkhj{9b%yHV@{qNW@VdAEyvL%G z+FS0>s4)e7T>YMDe3-;~rS)^b1)VM(FP}`hQMCk`gC^OT7Km0crz$q~{kxVIS()XH z)c4FGcPl=gWM#C~FyCqtaeV`^?`c-3=2HImh9Wid4lcc~AJ2D_&)dW^nRDkoH|acU zK`FSjg)%FP0~u}8(7XL;=QMJyE!Y69>ygQSfBxT@ZoP5;+Ho=E_A<`1-ehl}n#d=` zDfLgystrB87yaDIGfU7bn(vqgPsj(d`61irG3k#6#+HTqkLP!xJ0g>{1@#!Lgh~|w{Wnv!>go3fXrNP+n#nH}*i>=NP z!OS*tfCU@qvu5;Y3;JH`qa@lN%ouzyHe@k5D6bBpZLOiyjE-zUN4f0?7WVc)KJ0N* z=}*;UHL_ofEswS>b#;=)%-w$X-q-uega3{?Bjv#w_*I`L=_q*aea0=l`ssQPzvF1) zOC<8cbEZj7}(-YCN_F!14{D(6uT z-LYjc`El5s&6bsI>Z+&RNWM}s3f@V0Iq$jfOI~(*VBhVL8QI+cHc#~rYAe8bkn>RV z;a&N+Z0wj339Qm}ul{Kd9dG6%YYxU=LxbP^`A3sBtqxkTPqM8y51>;TDh4IZ<5R7D zUFhFTtwwYxa!)OXslP{-bzSr^>von}Iqyt?M(705sGfU)L3ckgi8Xf1q1Pm9Q2V9m zWzkJIOMeZxoq9aZg}+U+!G>loZSj@fkk8csU5ny$O*|vJu5Sf=?_cfkfM|Csw0ps! zSs40!+`W3&YHBy&@pvEl+Y!yQwtM(oVhi>L3SVI5=-sk|m#zp;u#dxE<2Mqm3J6Dfhe3%*$F2O_aBsakCYhd2%|my$4M#tp;qcoV9$pg< zDF>Yf9agUiw6i8r0kPjRiw9V-^r)57jK7yY*~(F0cx%2>(Kh{3E4Fd&%n2{sc|hYU zvyY{j+Zu@Wq@$OAW#8xd=^2jRE}y=ybR?gi6S~UE$;YOJ3ZNP9ht9Na4-Mk_49w?F?bv1Lu>d^P_O-@;aIU|5{nG_8alV(X-g&oIIY9OwGn7 z9g-%F51@AR{gP|(AFPvN|JVIiB$|^wfW7KR2HAU_99@{P(TG(gee2>nQftmzXW2T> z{obY4f)aG<>f4BWdgJffGn3xg_8rw#PmER5w#Lc~F243hofxeO(tZ%W&Y~aey03*> z_EVo`;3zo@J!{AAah>A8WL+oUXmo6&zKD0e>+$x_jMZhQZodc{AYV>$Q;ht~f^$$S>is1H@kw(VB@I%F6fti0tL?ixwNI2T6gpOAUqs=S0+9J^o6 zMt29}ePwj4Ll4Cn!Q+@`qS`)=0~{aZJ=b?B6>)D}Ig7UpF-(iT&aakiTxY zCV38ccX7W>rF^%6an3sK*FSB=hD59fXEGN6`d4jd98i5-%e}8NzBtQbUl96F`a^!6 z{5|9MUdJ)lhYrAxb$tuy&~Tk%9@U{Jzpwc}%JHXB?=8EK&c1VsrQ}mMb5xvp=Rv;X z%7yqi$$rOq*`A|rj|T*ejnT6<4W0Sxj=ucAjNMAM{p0h7UZr-v!j4H2^E(bei-x}h zl5DNkuQK#v-fnq@yOkkxBP5!-Lap5*_;GfCP)bi}R@$qoyngiRj4s8ERAI9~K znQxWY-=Qv_TpIqR=Gtj30j*2Y3hx=af{r&)D_A=}FJHzLFb{s7Z@Z~8#57TRjL#i<#cE^Q?b`IRWDHs9bUj-y2Cht@rZbwHf4Cm7h`GcOLz!+|BH{GbTKW4wcU@9jf~#r^7oMdwvXE zEjmhP7XF*xXSL-mrF;?(+5UH;HdMJC(;v>gzPxAZn9*$-d{&8Rg8ZdMyv8Z zj$J+O&KKUQb<{GVCO_jJFR<%165|ExpY!OiY<&F|?cqtEu?AsP!};Xh^Aq%425qUm z+p2YViU(QkBOP1Mc;V(O%&$URfl}uGrS# z?|vtPekb-2pWfxct;UgEi$7Q2Z8G!C6ZpAfAv2T%EXjzin~P5Xj&&Iex75iufG5N| zw;k+WnGX%br!C}-TA;xs@gDq8M_eG7g}cThWP=pr)@BD{mqC{jWV8u=vi4x!?nx7@ z_E+$)YQ?AQAu67i-SXlidWbi)52%f^vu2)$4oUjaxvuY>9LW(W%8+<=W*V^{UYvL)G8S`!9{W@-g%FjTYvqHfBm7+8i$JFThc#vKaoFyAAk5; z)eMkF#MTr-uU2wKi|FTUay$IkcxWN}%8+v`7{k5w)^KvdOrSq-=lFpr$8kBEHvCISzC|47k^*tPs$#U3k!?Z zB_q)@d~Yg#1bVU&xHO*72rPBj>G~ykT@9sqU5({=#G@sXVO5B%ZFBj~N#yc9W3wAZh{($>|{9vp(pS6I^T3qR7Ew1isf?eI$ zLQn41S9~e<8h&RK8`yAdURM$O*(e^DEjtT2o2fby?9O`P1o=ABC7QF*a$R0mEi%!V zpL=@~=hch@l_RgsYHtp7na}@C!LGZv-SbG@9G>NQjc+3t1&!#kjjGS%n%Yu5n7+}B zUDFtCGqh4W9M`mj(rcC+TykHAl~KNq^HyLMiDRF{f3@&$DwtB?@L~X3_JUt3ze@7=dyQ!$e}13y6zCe) zzx2O%K8<(0^musM(8bZ8`sO;m*_ZK<0D9T>KP>a-wzt>l`-DAgfKOV`8?y7KA%88z z(Hb9D&RG71WUQIEO6%mk_dNK(N5lhLr3=Ip8tXUtQgqcu4}JBn=w-v7&`Yx0uCFe9 zev*Pl-ugE?c1q-DM?4W|zZ;rqufht|9kGV;thuu~ix|6~2@k9_V>`)f&gL?{ThHF( zUK=|z%J}A=1F5Ic27D&Jt$!bW>#usk zgii;*9mtBD5&OvxQuEtu%%7I7=)rIBj<;S<{HAqXG^VK z$SWsPd~|4X+H>=9ubP~AA|F?G3qHv$==7)EoLq+OlXUmrw1k|TVwooHHxtu+SNrZpH$Kt)A^B>xJojzzS8QTxKa4MgZpS_}nQPQ2z;}u9M<+kyv zpr1_xavjat#BMzEWoWPn`LX-J$^A{t&1syJn^QV6RNi<8wY0<)4cD-r3OQ)+b4fCU zObQ3(pN#$gKdJ4%a!&s76@yQyjn7!qpNaK?>%gU{9DG)Q&u$++#RKAfs{U-^nI`xv zj!&tRuf)ez{-qw;G^_%*)edgu4sOLZZYAW`>z*cG%h=H{)e$qUU~(+;U0a^WfBO5* z#rxqy;Jwr7LxXR=jqfJolO*$RV=+0k2W&px8|UN9I3Ks(5{T8nm-LI>Z}~P{P1G1Q z7w6`@G%~Hc`GKg`zUopQ@g=w4oacJ$H-FynhC|@u%^Rkg&)dGk#&4eK&%p`)EQL?N zt#vi{?GD8D4sqAj{`#pze~`zd5n{pzR7$Uf3V>q*AtwbZ6ZW(xjpTmmhg zh8BNu`P=R50h?O6eigLX`)qE`QgoDjQsoO(n^y}h>Y##+3%pgNN9(vW#ClQ}0U)Knp`-n+2eqR`{$M31fS*Cg%)#2=&ZY>*2 z9ggaB20^oZ=&pT?-|r(&w~z6Ay?fawm#)~y_`QzzF@C>~vGRS4-}79ojq!WYTy;Gy z=o1_N3~XAaZI?@Jy0kzm>V}|M|H@8xzNT}pFSHTgT-`^y{KjMJT=_BlW5(Wk@=tH{ z5l;J{&t;}giG9VOkKr}=N<1ar5?{sn3EmQqsotQ$sW)h#-k<@xsotQ0dIKFdP;bxx z4I8L8s9lE5fR3^m_fZR|vANkdGZ&j$1DD^#mo7glzaV;Ry(INn8?xx~Y%=}(Ilin* z|NfQx4E;0dhklhS-99)B{!|~dvqslv$*y>_!qW$Cd@#@OXQF;jx_Be>5N~!nwIyTB ze&=?rSTnTWNgh=AiZ@%J(MEW)1>W2UZ|dC^=(-W!)bU1mb0c)!2ygOS>@j%L)pyu3 zeEc;0FxSVj>Ei0J@veWLZ(r|?Cq;wJhoHer9(i1vB7fc+zS7Ap;M)Se(qE&%SNk@p zR;>ZPs-J|uLY|c`5PwxT{8a&eRe-zrs{;PgaRvNEEpJr?{Iv%DTI=vv2la#El{kOV zPs-WXlcy4$w4Rn|E&bkro>LwpLAQ(~d2WK2_OYIz(S4sG$D&!$A!ydydQG-(n$TyW zM>F!4iYDugE>AaW=l6)`9QcH%iA0djL&-H5!~vtE!9IGDBE@x>&8Maa#qUUD{ueluX@efZ$3oce)A#n_SBB|%-c6! zYx4HX`jod%C9lxnW#!v4fW1HbeLQO^d1&C`?_WPvwT1?F>uhq#!7~yuCi4`*eH~*K z-th|Zq?_}|ujV6jdF0RJbGYLbqq$c`ezlZ)cXLnr%N?&U_rTk|XW~WTzzyJ?O}`gu z3=o-ar-gqfdf0EE|4d^y#K`r_@ zj61W2A2d*`W8#}QKV(#fQ`2JEA!Hq0)vK&C7q6$RKMpNI%#Hd?Sx=?khS0C%N<@nv z_d<*66#C9D57Kv<>wsLmQ5HQXrnwIqpLXTqjAKBDd3~irFY<7O4}Y&b91`D>p7`$H zno`GquKj-2--z$vL*TpD_}2;l!u0Dl@PxPR@orn+4LAmP{^i?!&op~yUd)=o#AU=^&9=@nb50a5nRyiGJ@K_kxLN(EEW+V&&C@2bxtW~7GXy!iY8;Xe9U$UnID$v^V&xAfvP2ftMH zjIWyfU&0?$u8uLCs>?gNR~9+B%QW<|Y89m`-SNBz>h4W#Ht}&SKBS>Z2{a)#Zk!)w zEHZ5D>qYRv(bkKnq@auDyDC;siV^c2JA!|!IyaN2ajw}pTB}m~cY5nxsZTd?WaqOU z-9Q}K+xo?+{SD}Xo%PoH9oTa8>GJz)`p7RHe?$E8TL;%v{E`ws>#IHRd+r$ExB3Y2 zyXO%2rPOcHp7@o3pRsF4S-;%?j!Aw}AN8C1ak_)2*I!K8f7^QEcj+S@p_nhy~XS1UW$0V+Q#pV&y3eS`XxTb4}Vs;I6C>rms9!YJ>$2{WhJIR zlj663KL+@g9wEMx#kn3_z5PiMbW%MQc676~?R@G}?Oc@VU5!_foCL zm-2ho1xerQf>!?TMSJ;PW@>*Qp1Z*0Mr7AqnQAx&eK4x8ec+WwEeRSCJD%w2dUIWV`n>Ab-|$Nk{~&wB@SDrF+4M>9O}O&q zU!=}meBONXq@ON_o4bH-q@x~4K@;9g4QT^oV#T`9k>&;g5qWF3M$~VjaE`MD8dHZ)$=@;@1N%rDMW4w){o(cnYj=;CHYlHsNaWq=;7KtzkcsCJxY4g zW85*KM>}ile;)MMO zaR`6=jYIg`Z=@On{Dn;i?5;Bx8DGEG+{$W1!z}{{?+wo3yHOE-%t|;ua zq7#hXG<9vzspA;nd0t=fOx5S$`ga~&r3bwBbF6PXTx+y4uW#!N_SLh9msH>1z!-;W zfHbaaXizdC*20*0!#TtljPEw#m)m}DM&%{PfFAF%7ewFs{m?St)?xmR{DfaGxN^`; zOzT}=C6hgsKRrINzKYiIZG4;>Y==(n{LEL{dfMboo>;zAvAkk`Xj(hbq3br}Xd?B< zk4LMtj-=*^h{kS=`rZ?c{h=?8rk;5S`l4?WdWJqWaXtOqFy0r}hZ5_oXzpWtt&pVa zR^?=B&b`*YRP zQ~dNhT>A|@PWRDcTQB*yOn~P0mzfV0^57~mAD?Rj--v5P%hunNwZ}j}x-$GCJsMol*Y^3P9=orv*?&nC) zFZV*v{65grmdC_;IqTMUuiT-$D{GOXr@FRtoW)w_qd2DKjGSbIV|yQu7r3YW5u)5v z4S{>EdF=edp)+&d>IppXED0(|7*Tmy_`=_nl|^p1;+1|0}-xr})lK_MH#+ouA}8 z|FZA=MBn)^-}&`Ec)sMjKiGFZ$afy~z2Dz=zn|~i|9qP7e%N;&@|_2L=KIp|HXHn>pS1?JAc=A{*Ldw&3C@fckb%fS5vGn^9JjaZ8Nn(?3u9Nk-t(~ z{!U`8Ygd=cCZ0;pN;XmZ91jjgyZ%~X#a0Igw*}b8>aW>WY-rHxdY5}{dv?AyQNOG8 zY?d)E)m^v3ZTAVc-5qwj2U$PbZP%N7OLy9L=fEgmYv5?G;mG|Y0Y^&;`|?@%H@k3@ z+Hm~I1BdW$Cbm8t{6DL`Kl$4GKfd<<^Dx^R>l=@*XI|Y|XZOB8+!p8iqGzh{Pka57 zME`}D_cNM*?TeR7TV|~r{Fe~>GL7axkM$&Me<56XJnhbK)`KB$F;w%eW-@oE0XsZ{ z-&uSo{SdH~dtmEr|Ab6m{GZJ?gMyLoYklfM;GD^N0<7oUbt?aRIA?u}g3y|1&Z+zt zS?T{-WJP!7vkwVtJa?VSzn{EI~fKcJTrqpG2K+?|0>)$dLz+T&C*Z&*IN- z>`&GQC-~YO<+R&Zeemkd$?IEbO+n?NMY}xKJDbG1$WMMpd*#fUaEWD=SHEVpU(OzN z)z4Y&udyFY^=7L*O3YjR3~PQdc0J`}y_43~pFS=6zEx1j@hksq6=ckv_1yDmi?9AT zeZvo!hdVz2U0;qwZy%n%_-dUmVhy2}SxAFKuQ#_)`RGrg^Udw0Q9 z(`H87tKU|8b4+`=2f7RNy}bqM_v`#HZqYBN`?KayI~i@QS6BrR_(t!%{p3?W7!k1f<`w8Z@$#Qst#kF?PWWa|V_?C^Gp&MCtzgZI z1FSb&LgAYAteF?G(#rP?u-Z$wCtTK-1>RiGn%>p3tp%BTy9@rw!DDS}cO35N99K-U z;g0YtxS!wqV*@wwaslnF40~k@H_9k{o^NoFbO!t zFRu#jGatBG=WF1X(}6X7ob~2jVBN%CCn5Ga8F8G|Zo$8ix$`DO?g_jZIVHM##P!yK zxjg^;y!#9cxeX2vT@_eRSKnQL-XB^$H_(2+bg}*Z z+?<|pc;$A6-t)+9>3I9S){8vv^&+?1PUBriZp;4wzg}R!dnvz$U%_2+yY}}9xy|MH zV$p74pgqeYe{J-!D}R|^)%(aVvNMu4T$!8yKM9%JgbW**TNqfd_P=eJd-d#u%muji zO|`QPx!O%1xpL02+s>=-wd8!yGw|as`*|Y+CtGhe8yQ$^WWcNq#oiRgW;wo;d2V#i z=SGFy^>1yT%RD!<=X2{qDV{sA=X2WQxJSFlXb<>?M3bJA4yrg0`F_!Q^JQe#$V;a7 z@sVubYw+qm(P|%cu2t~T$#?Ed*`i?>F9;JQ8 zYieFPcu$-@v$B%$ap^rDTNbDHIEUWr`N8BmP{Za!>qvTIDuHsLj9+K%uK4wg%H8qntXCVqo>uug&-FifuD@)qr&a!s`Ax5U-uZpgx&EyA&8Xb! z{MNCC>=x(VE9N)7@+p3II)3$&@EyE3VMHKf{tWgs5|6ygwQ2B)u1B_8w!byTS}^u! z-NxshgDt$2{}$`sM_$2hMAED`jla%&X=mNMyU9wc)OVCOjd0##MJk)D*;{mtJq-#* zTj{Ld9In}kFS^6B%2U}T@yfqD@ZRnGmY83=k00XL?Hl{PeO>i=?)8P9=a+h}|C{G} zsptC5p6hpduHVS9H_xLu`Nx%Zj-`&A#19T8){9eoyeZN%exx2(V{Xq#MzsI@OU!j% zAJzWDT0=Y9MNGcj9Sdv#_eS{JD?=7Byym*5DIdW*tC9Wr&|B*UY3=wara#l#UL%&? zOFY!Vc{k78i2TkahPfM`>{WjEu|Amg_bU$cn_tVbk-!~W#_AuRx*z|Afz0`9$xnIx z>`k1v^3BConpt;SF~m$Otz2@beQPB1np5qCS9853qeFbOi;rOvQ;UuhJ#^G~i#wm1 zz57gluH9KLbsF*Yr^hGuqp7`?@u)dgS4FV%S7X4n5L{n?w;GD5J-ANa4jLNTykJ#Y zX8+Xe*ezFfuhjE(*U?rH<5_daC#FF|_V#KBg;3S3|3qE$$E-i7_2avz+IvZg#$&fz zv3*>hHt$rPjeuWzW%21&dxd-qY~jX-AKta(;i`@$5C4(>u8!7)J61(L$={us87ZF^ z&aByUmDSz=EvNG>J+Je1@Jcha0-6&(XPXsk<@*_YeZT zj+vmoZK5BW##`_~M%$D0F$>W{gUq&i`m}{{bz(9z=f08WT-?P!=Y#)P;m?@4*$V>v zn;6$?X3Sjm32I;Y%8j($Sist^z{UE5Mpg@17y52+ZT5WM`|XqYw!Ue;=X|S{v3`v; zhT)g(Rs^20*Zx0CvNoNuR^ZUO@iy-`Yt=$m?N3&wS}f;y5yxH`^z+fCO$mAQ^3hG; zVmW{Dd@s2f@A~D+?`&sH-4J_`6+dGwAdgj0{Die23tV;Hz}nXMoNuz8Y)#q0;uU39 zbUC}rm5W!z`;uvUO#yrFW6^mvYufKa=Cq&khHciHJMq=`jJ6h>&b3wW$tw6{6@0Sl z;ku4Oay5_9)+Lc(`TB5r`FfroZXMWF&Gn`5%ZuoWvXa5tSJ>pCRNK&>wv7(q`lFuf z;uE!fFFY~E3fBm($<(Hd0YApnmKCvgvhthCYsT|{PApK&{;|>U-G542_tv?mew*Oy z1Ih1n58WU0&{`xHz1#Ec^^P;ytMt?3hsDV(Q9d^uslgt__U;M9PM~t`m(dsZ@-O?Bf!GXZKd`HzZeCeB*JxaVWXk{a9+bTI%ZO9Zvs}^YZR*UXN}TZgtc~ z<>xY%J9J#E5uafR>%G;3*QkD-zp91)S_f78h_PQ!*BJKVUe6lw*u>k{lTT_M61cr- zTrj6;lJ=1p(I!1ThyR_MmpsyZPB3Tvqxbx2!@=C$8BagBYsp(1I!Bu;{y<_LX zmsh=V@O!&6*;jNL`--MLl(|a#UhF*hkGq@Urybn8VNK>Le2=Y)0U8)1mYlR?2hF~? z&Gca{$J#?#_jT_dKV{z)`a*N%Mnkt2^s8;-w2o1F<+r&%+VGd%_tNLy^$J|R+I@xn zob=vH;F1RaXwFXqeXQ^1^PRZOqTTnd;~d`8xO0539e8pq*G+%!NUZPe9fP{w*KZHG z{S^wE{Z!`VYd_WWr2SOt{|jFH1$~0fuEp+sToW=j@ZgJ}xx9IlzU)Z$_e?Qt{|K*ZhFGTD;gG5ig7XjDWjW!QR2E>OA>?z=V ze=6@1v%Fb+rqv!njzx>fIAShqiVB73#~yI>Ifg6C9V7zqp`fI(v)AKwwQ zeS?aAoq}0@T?zK;S@KdX*yxs*gE=!ee}wZi%@M<{%gyRzsDteAap2{Bm zig3LhKD$kLx%3ro2ePdP)uy}Fu-a7n>kgyM5l)+GPwi&YW)W@9rp>U^rc28oe#LsQ z;qRC3%Kp|<9Xr;%(y?PoXGhV(ZL5k7UbQ=X?tQyPTWdOsO2VriEqP$q?0w!3t%m{YUoW@m(-&B$0c!}|GC8n%*NeaTbw}B4 zZ*@$*paXbc1m4SbhhJEaYH^DV=Y48a{S; zIu$?Pt2Sw`5uSG2T<`F518r2GznhjIUnQp*`H~)X&v_2rkk&Sm{nJAOt!K>j8K=eE z>&j7&VSQHl1&SSvTsc0oD^IG+R2+5#a0mvMZ$kKfM(6$P1Y@uB&~3LF~4DNMb}o;)&yfOewX{e zP-F$l8=&oMVn+3;_Gzki^khA-nKj5Cr?0V5F0Rs-W}Q~>JwtTIK55_edfB6H@%A9R{MnQ>>@EcWPTt+grNi1s#XPjS;8upTeGja>~^ zo{DbX8961k6FRKDEX|)f3X!T#T)wCLU83*qGpKO%$sQ4`mpSk;o%KxsV#!Pxo zG9e!O(Wl+RCUR{Aapa}=`%ADnjh1C{D;dP-t=Ops#az=vv0T~ccbMN5x^oM%v}`?e zZpOAv{0ICR?2XpteH|Y`ao0EaripcVf7-l};7+W2u=^Pc8`v|(-5!r|#}eZTmTde@ zeP^g(!#=w81tw-AX86X2WS{a+pCs}p?T$Zb&uRa=c)TEgvSGf}buYXyB4F?5-Cdl% zsk=CXfBeVd%uP+9A8lza4a9~(@7B}o=j*S5p7e?4FgM@RO*iZApTIi6uG}exS_}<)^~HwJ?l52hZ_9^w!w}jV z7VUEPdpGgYj)=YA-Gu@6yX%+ipUnxdetw{feNcci0K9>&mOBDn&9?@+>YfJAU!ZeO z#-@+w{8|f~XcwFt@5t?9uN3k|CCkYdE!R5NT4P=7m}@Qi0sOyvOK#Wxn{vC}o1bg; zGp-$<%lw3a$jou9xj(qF^*YwQpA+qR7hc&PI-&ACWTEa_Xmw6**X&m7nRn4A`{CR7 z@&jG(Ot-q)3R(XiS=~#&wO$8YMc4)Oja#R({zG_qD)5~HF6gSY=yGG9&^1l@xzxsx zhk?g8pv#)kqb*$TCUz^r*K6gza%go|^1br|37x`q$*8@Da(ZQ_`u0k`$9G!kPwlf@ zdwym=xgEQSJUAhYK-Q4Wrb)S7>*`pqa20&C(&}oO2+h%t z>Exd31JR3W;h8#Q>A5WH!5h&V?)yy>a}6Ka`xwynDxO;juhB*r_*m1hhM_=tN zigsm&`CjPKi}vCpjm1ZL6(8wUe57~z{@Hi_Zq@6bT($dn{G@a6lV0C?{Ho3PNjKvs zU4@@?E`HMByS};VyiYG%ao(ptsTqQQa`vx>thxZ7U?@JpP<(=+_yiB}%+}z*@~xjv zS@Af}y^nA3#IO6W`a9rB)vnu~zb$>=|80G%t&qCA>BRlu(@vkeyr8}pKeWORE%3uP z6`PL7X*!tM7{3$f?NR{Q;v`Ta-s&tm-Wt(nBLr{edIwhHzmpZlptFJy16 zk?8Kie`c>Pc%g8%z2{cpTzk*0!keiZq2A&I`eBlFLR&p~Y}qh-PoEQ%3$yJHd~!4V zagnFL)TeHr_-Ua&a&c3C2%g?(BiwtVkMyka-QtC7`x7(F9XVkPdiSUF%UgjH%70J4 zd`Q3Cn%?=VVFrg`ZF%7H0Wy%lV^|U%-vE#C#~6U2kH>8e9>7nGKdkaY^xX&aoBE&&8?^YY zzhAX8m|ngUAAiTepVqLSxY29UC5`NnP{%vp`UtxYO{yI}t!7WQHSlXS{5eCvWsGBE zvq#f!uK!)PLUtmt#-YorJEu80gB8HaH!sPs^VK0}t7GK_su%KoW(#1pas-@wP(v(##@`6+qtUqI98*p8>s6ITYhTBl-5 zt_gJQou1n@_FtpRv+szB$<$%$7a^S=kRcO9lpWWsi{2Hc*zzUy@Nge13sg4uwQRp zdl-82z@`5m=uK$r*PCDU>&)|e*O}GeaI9_Ehv)lrCOEh{)2}a$uCz`#q^?Zwg5P}l zO1g^7@G<8xuk1{M$M&R!+jGek>{o96EIa?#-F?EQ;cr_fcF&*KxrE$bJ>w8RA>LtO z`=R^E|LuP-EoT z{Pi^SBhT*1Om6F5bZ)Bm$L{F){{Km{hJO5)G&?W(ve}a>4i`n{He8d^4P19~E}tvw zX8A_!2@m|r%}BS)KVR4R#nPQvbJ(6Qhui;|G2cCd!|gMu;oS3gVdK|56-bZ0{_SY& z^-pql|MZFbcAfCvGaVPL_(GgYkWXH@~~BZ;Q14;jmC2B z{LZSgL(n?@{#7ep|Kw*id%o=SY4Mjgt$NMwQ^l zm~X|t9Ex_Glo9PJq)#(fSp|QhPcNSTqt3I3*nPT+XO9NF;)_%;EPbFS3?~D_$1Bop zzIfZtvAeka6ZZ_i?y+(EQ^*?X@`LTi*!=L7FPI@Ie-Q!1(Qmu~z$i z_>%*Tk36vLg(N@U*t2CO&jdgJ+tlurXCI+|{I~k}A5iD{D|}-4Li-*0vS}P~WNu*P zPGaF>ZA-m+E)Dv+FnRlZ%@+*Uo{tl7dG*tezF@ejfNRf%k@k0}Gv0FrG3-hFjt#eu zgfI7;#V>rR>seD={i=GNyNC;HdAjTihJR_CuKg+-Goo?0Mt{L@6#-XaEYN-<`o1r6 zU2@5>m23Ia@{1L_yK-HK9-=s>;P+|DHw)k4V3Hb;!Ig7{ABB&(^tvO}y*shWsxWuDeBd)wn#m_)l}|9@#Z_=u;h!P2Jwn z`lG*gWZpS-)n4Y~jQ!-26=OeHQgh#cl3m$9@3%^Lc zc2?}IVDxr;h}+IaUX$Q1?H%r%BZa&4bAtP#k#V?{SNQ;aqj-H^7k%>&hva zDNen}G$U}F0PH;D8$Km$&#S;2LePUm;DofQjQzGreI8IzR zAW3JQ{QeQ*K^sTnN851OW0SJI*8!icGY2H;n-Bi_#lm%==#~>{uVr4xp09i9*FTAV zuYJLA_K(xAe-iyRe8F%vb#@OsQk(9zJ3st_@pu|M>KHGrMb|Zjj!()1+vCIiOuaxM zW8|&WrP$;3!5YooyOg3cu~6>_FH4Ta)!;?N!zR zH$MMKegdb%%8}oCWP0VZaQY~l@p5pI&XFDdhfwtP@Ai-8RAGaw$bVnl-^%go(F@h@ z#8L9~_iUuLf%jDZ@D9iSmwM$c`t=+0CrsEMItiXQvGOTuvA;t;v5H#fhpBabm|EwD zsdc`%`1Mua?atr*PyJ6KC-{|`5!YDlA!;c!&Z9id4;Uw`<$Znox2Bzez<5&SuQ~o> zz$&L8iroH}+v>>=eKZ1^kMq*}%avZ5p9jtNkBfGFG$I*SZ=PTH==*upk{;{)gg4j! zzaI*38w3dsnZ#s@fq(ue`-^ zCpE=g^wWg-XS1Hgu*!|-l-HSu_bYVDPthqqMW_4}o$~v;US9R#r}?`(`wc5^37=TA z=UaAtmgb459!4@Q-Eyblje$nDY%py}-cGEn;Q06GmJf|?8D@0L{&S%3Xd z(0BhiQJzW0SL27$FB(I%b<2sB6X(|>6QvdCK}Rvm5I5U z|K!vT9Shy!@|9mE9`xvt=`ODT|L4Uk+Ot#oSaxVQ-|tc5H^i=aGy8y!px!52bq!ys zjQ)Fa-Je_krnQr`W^79~_3`wF1#kW^U|IjpzxU6cPZY50v4q;P zN%ptBFtiqdH*M`juhlY+s=C{~*H9}}V!c_oD6n7$vDow7tFP928;hvVI1T(X=kHx? z{Au`DI<6r9toh{;eu3weT+%qRIcbb~qewE$O?ksYht<*BF0Yw4pLYATjry>=;2mht7H@Ze({2L)652iEGumyVy?5Xh zwe=|dC!bz^f#$!3j2`Pxe}^mgJ}Uca%lfAr8=2>N8^>P#COtNARYH%wO?{24ql|tE z1&w|hORn*+p>R_DZY_Dn;ArN)Wm;Q<5%kZ1D0O4O%Ky|nD0GVEMbwiw%%^63GWGrL z8g(z|K764XW^gwDbMCW-T;5Rkez0;2_YX7#V)YfF*oeCpJvJg3 zZ2KK^{qx8#=Djl-ezm&RF^55VQ)_99-|Dg7_0xeDe#raH*JJgPGsdtQ&`qk>Z$$TL z9rH%yj5$>Y%Dy%xra6_3$49p`qWc=*L(R`_JdNM^eD5aSzs2gRy%jj`V0=XN27-xt zbjjkI%mXm85eggG@Y3gQ;1}MPK)Wd;sbvCI?|isiA~Q1oKxa*F9qQ z*U#v0x3Bc8`;*9ZKZ(zn#+-xo%)8y-%+p0K3nqoF_TQo7(!_8U5ZSO z3RoAd$0yYs{tEi*QTof(9l~u}sPHYVsWpl?58h+`bny!2A}kMB>CAyni_e*NpIaYE zE7u(1m%?e~*f7sK#mmv-J>U6^wq5*Gb1z@d>~luDnzOEXi$!7UnaSY1y2M&g2ab!V zcL+P@x!@cb&pMAe5T(H8!fL^{f-N1`vdpu|bF#g7 z=vnPOp?NHt;~+ch?p-1J*z%fg&xg#T-aZsblGmo;)TTGUvl-Od55eC(o*KCR0oBp( zqKqGb*%KzW-e**uq!OhI6XbBCfY$Z?h zUZ{WNfzXi3zmPjp{W=T8RK6=6^$YYkwqc)qbfcTXmG2{WA5=_4O4w0ep${wg|tHf32lZyMyol0$I+d4d7BtRr_|-)W*;0Mz(0TZi((=Td}FE z6H(q$fzGwG&PRI9M$JXpga3fdsZR@RZNLU+|GV`}^HgAe+UmNVTJY)jSoZY%8T+{Z`o}YP!)`@1ffcY;=8u z0Q6?8w>sMOm!fD_?RB|1b%nV(Pf|DYaHjQOAZ%SEy;NvfZTaT}3UZly18r(T2TSj3 zfj$kICk0KKr-J*_*yTgC{ny9QALR}V(D(rFH^IB2bt)L{2Zjpds|fj;1+IN<$HhVI zCE+W0!NuFwEwoWhy?xDXtb@Ss8uUc5Q)gdHU2`sdAstx*-HnczYxjZVQgkRn9~7Cj z5<=zPemN8!l3;Rp%?pzY|K-3Y7-k42YOA-CbDYGwXZz4mUb-BrE%#e}p~bnh7aS1H zDQsmv{ZVRzdjFw8{FxAIn~h-|s@70iO@vzdNLumo2r>9xbOzTd$-``3A082V8a+}> z-M66u{jy#Cfs7n28oWn+nBdDcautfpRhr}qUJU_P5peDGz<8fvbZXvW28uR~7AFZ`3BQ;~`w~6>EV*|tQ8%y6^Dmu(|`ife6 zBReM_Jvx-RaN*mhu@2ektf%I}H8wN4Trgz=)1;wC4~8NS45zc6**@rU8FYCb8+aLX znFb6lFSk};r?6)YFI!zr&th}1*>%(auh@@$DNd}NB)ebxGPZ|%_jAwq^2J)SS?jmR zCR4*GKl54pnNmG-3%X7Al;<=TIv5GBx_dxyRRcN?{gk7%UM%8it@Xlp82e-mQoiHr zk(r07UyVKi{y2$=P73z%kH9l2Vzq0%SZsSv@pE==p?EXv0qYw6cQNajR7lr1vhJ(o zn!cWsL7rt|@Alknt1tTfIbf)c;Da!RTOFqE2wkf4x+rsLG{-y|G;_>1;>WHdc5~wo z#gU2?1MhaP98ACY?QkkTLvZzg$!F)~XM70VY&s3AWIg(!1`cN}iQeGY^Ul$Q<6lIl zLE-kZM5mz+o$%e(;;Y&41rAB4XMxX8qu%_nBcanJE}fYBz5%)IjZP08WjICyM=^A& zXYHsP4tB2$u|9ejd0Ks@)xHV-eH8vh_Z?Ut$&7{2HI4Y0P57Bf@`b$gm4DtRSMdRM zSAMGKt2NC0Jk+gqbI*;mzeYV&^_kSy6XRBo4!3{bk*Dd*K`0){90X)8i}3{G(-9wT z=e~S8z8R1E{8IKQ@SAy)r3oMVNc!|m!F_qy_VEVcZyI=`IeEn7dBn_x zqpbyd@ySZHXN=ykcya_xXB^Iw^o_28aDY3NZ zh}ejsf%fQ{d#J5cjBV@kIR73d4SK`>YT*yht{rOY{1qRQk0TaQJ#`Z@^U%n99x*<| z*M`KJk)L0UT>MB%UUcI<;Bw==-gr?mau1xJ)x!c&l$OC#++{t~|h)cPFde)$sZ zX44nMf{yGJFPFa^AqJlK*wXlV@4}^yyuQ|t9bW0V&Nbm8zv*7&Ba%Bf77Qd}*+a>R z-$r@;mv{JH^>>aw{<~07ibp!EL z6YWXwSDWkj>o_9Qb&1PJJ0uDHTbPTQZAWonc-t%ZD3g$rwZPOSUk4so$NJktfm{B} zIQ$jOZ_vE}Fe_frn5Xw#fZS^0b`a^mFpNL%2SGwWwJ0?jAjNJm(Sn zxgdUW1LxQC+=zw2O(RbBJoh&H6P@ThN8F)!`8uAP!uW04XvP(C8UJ{3d@OCGWyaD) z;~n4A-ood^8sSlmgV^IS5i_P!hYemku=CkM#?fa`|LEfMFNcZK#eKx-+&Jo|^*y3y1Z>VRBZVaj1jWa;?r^$$wD1 zF)1*DwQHkW@_xDW5y^Ne8S(OJAvxgb=zu+$$Rj#mIzhSkGtdEN1p1XRFGT*81E>Vwe#o%oZPawDU>|Z; zgKQOZo_85~;r7R$yDZSZ<}%i0C=3MKF7wFIn>mLkM?Z(YeUYOTeeAEL>M!bN)L+*t zpZnmK`rKbykIg#I+Pd$2#vanFU*;0e)sAOfxM9{a|GC6^HVj<-3_wuaZ#4$tkX+lbAjy#uT{m^;WCuj4}U&ZS=4zaV*cRH5NJ0H4^G;{C18vBm=*m>8lD;s&99A83Laz2`O zwbpMK-AIg)(})Z-)%-u=-UU9&^34B!CNnt!3RFBT)+7XkpsiXDz@P4Bl7N7?t5sUN zOLs#U5D;B$ySuduG=T&;3{(c}%a++1AVf&2Ev2w(-Tpa55lrhLY>#fsOeRNyRnilw zz`Wnzb4Z>%OhD}J`{wh>XJ($meP8!=y07cHulu_3d(fRbhEYG5ejlRWt+wvmF5O9= zS2=xF+!mQkpFV0g`)E67nDNz|amJ)(+DXvPTy*JN^s6%t)-+$5M|*Qd7(JSc=5MuX zylc%;?HaV}JgfEFvT<6=eShQpo8TE@P!EwmpuJjas3&>@bp{SsP?y!n=z3^a^_FS0 zy@0mo-(rn%ZiNq6Sz9D`LF=cj?X0EyPX9;k>HajYh32jBh3?lz^nJKbmX8l#vK9#(Jk2rE5nVE|(9fLPymnhyVyIFIlc)|4lcd~9c z{M=?et9KPA(sw-*^c#1!f@kQyTXfgj?RFc_t-v@SZ5fyDo3v$|8e@##ao|pcGtrH+ z*4~#qR!u}6-vl?nV9Vp~i^=1?@SE`&<@$dr@=v_)yo)^cp5rUqC6zn|c~^NP{p9h@ zi_7DuoIa7q2kA4VJkpL!9?fxFOdhYJUF6Yx_CoSlccm$hCS5KjkD0V-%Ht)_tj$HU zf#vahy|4TS$<1Bxcq&@&VtiY+9tHKl)# zk!$1N$eAyvqKn*iXC}|5+jgh&9S*zRiTw<{i5=Ry3fmK1+54_-i(=o7NVjcKz54?1 zN*;<--!k|1NHcX(6UT{x)-WHk@2=%%*wM_fW1w3tb4M+(%!l79uvyXnBUTvFi$;B| z-HzicV8?Ed9qYDV9h@AR(9d@0$Hxv%)V5=Tf1S1+TwKTouhMg~88`Dm?{f|OX6{jY zX%);j{Qg%xXXB^$IU7Ibb2fe+=eeAvfjaM)QrYIhVH`Y+mF(ExNAo>KZpt>+G4sst zmz&?OH@{zIejn+&ehuFp9DVf?aWwTq;%Ks-o94mM_dPh`_pN#k9uN=p;t0Oz=g;ta z>?Ppn_nXMQIo2l|!3&JB9eIGy`|JyT523Gie6dXIiLvnED)_J+-z(GOi>2u~#+V5o z^ghR!GTnT@@6+FeKFEu5Z88~W@3V|6)9ttM`(2(j=~`&KpZ7=(d3VUkG2~>FSpFJ1LuHoGU=lfYhl(}Mh5GJ)PgIq z)r+ZVyb(q{aaDjyd( zwVZy+lF8on5+A?wQmmJB(~f-Pbo1XjOSX=@Kb>cpo}L|+4LzPVXYEF|w4Oh}b1Sg@idpx-F2+8zd?K~68Xqjr(EdVSV=?12jI^-x ztn`0By2v)H>|3WX<8aua?sZ%%Z#s28(n4sVHT#>vkJbZNlQG9qV$#RoCHkZ<3{Bk6 zI&O&X`&*1J9%VeuOAPXt(QC{(dap#ZLbpkFtEoHKz!?6xB-pc=_2@rl7;m5UU)}iP znSWc`gT5Q%zo!4X%jALAg1vFrf!Cz3uD`<^i$(7bBxB%4w3oa|N4A;Q#2@gec}?es zq}RvzuDM)!rM+h{Tw$2?f3+7vxv0sfXfG3cYcRI-Q0%%Zkin}N@5o@!fB(LJeyZ{l z&GV#)J$cWoQJzmD{%qke>KVWbX~^i3to8RVSzG_5Qv9y1;P~abb-lk2@;heMpy_{} zB=4ENn%>z)T#mfkNu~H|iqVb2PwQRlGV|yBVf9-^Tg~hx&|IT@YJ8%n)9~x8oQ?C^ zpHxbIh2SYAzd|;yWI#6W=Xoy&|0Vvj>Mf?uu+N&2o{~;+Uo&Nn{I2mDGq!TCya#-i zyw76|5Pp(O+#}gQK0As1>UWXi)@GfX{;-vTJ0IiJm~=+BnK#7PB~!xZ2jkb=A05BT z#AhCSmJQq%5m=HA9B&p4ZW^+uS{$#xs>325qXtnz6ErN0h97zL?^*v>2RMJw;P2n z>*WLT`JiFgu^;90R3X3B(1cw4^Ugb32;RKs9g(+b#&1Je{%}peAC}J6c}Kdgv&O2> zXI1hyY<;G_lyj?nH7mJS%e@_*d-9nC!$M%txkt6Y+(!P~lV_e>dl-1-Kfb~m{C!v-c++)@^Rwd`fRE<`R>*c zqTips-lr2brJ!FYb*0V??K|II=h=&Xb>v{AD>vI-x7p9SjSoI99cP?+9{39RWbJHL zG4py6|B{=0)+-gSt3-~P(M?4rZTshH-r0(t16K!((=SZry*6}IExEj+!^gq1a#A%{ zVspQhS9M!t6mcwb+zr;*xXyjYE^yz2e!JZ{^A69;R(3xZf~PXFjPQZe<;PU7Kg^tZ zp?2j*tG}nfueFcE+UK!^-}0q3{wG{?c+^7&r#Ag&7cHcpt3C8M<@a0rJBT;_&Y#{d zUtD$j(VJEtJu+1R4XTl;Jaj=dzgt-Up+>IBm(G5G3?qZJTJe#Xb-m@ozKlkn=5Fdjsv=+6^9{lYAZL9HHgJ9rHSF zh+M_Ktk`DWc@W!nmhqNRF+Q^9cKp5vId9DJ`!>kWFGeTIS5Iv2i@TXV4!=LUIk|Zo zvH!e^tFSGJUD2;43l?0loy>XPW}ZVPWMj3kuJr0~W3M?T_*Z&IW6NhhauVC11Dz#) zQ=a{Q0RNL_oMU)|=gmE6(g(V)T>63T39m_bXZl|nvvwJojmm%Q$%Twmc`(&RJnQSjXG2LS#(?bW7x+g4-vz^!MJnR&C1((ziDUI zku9A!E0&+xH9e1UEz6F^Liogt*DylQ_k=3O)Q`rNEJ*K_pIGnu~3u=H>e zJv{De_M$Dok8oY$-_(hKJ@=w zn3txc8xw$YBQ{G{0s8)5F91)e;Q2D}+|~zAli;~+0C>LafrsDETm&B3J*i}o>y4?d zx69szf5bE6yOOhxa4u&y=d2dkcK*T>$<%XZM{?F8=FBX71)a+(T5)!;c}Czw^wh)) z;Nj!K!&Bhl-ab5R5FYLw01r=j@WAgcTm%o-T%iB6h4de$|CxRLKd$~~4$yzt(?7pI zeUbi|^NE9Ib=9{dXT7#?{zT-szVIb-d->gtjnR%@n8YtUf}MCR_;Pg8iT4NQ=Qjm6 zK8p7II=Zn~aN}#F{Z_U%N>Ezj+;-6?`?LQwrg= zyU9T)Menc0_WserhbOK_S3Hky*-s4N2tLZ-Wab2~O8BPKzt!I^=Fh>tL5+*G2Fvf0nblj~^$%|R>$B^b zb1w^P&g>wbs56N5-firijj_K?`O|s8?VK5WJ>R`H@~!K*pBXg$=4V{z1<60we#~=2 zb9((7`IO{m&B~qa?6KSPdqO)&wgx#mk z!!`JG{HX%7zw3MZ!{_TcgxzK28j;1T?LKW^_JFzn{F=z}FJLR@-Wut8^IY%PWcz;* zw#L;-A5Qx-u+7g69ogG{%=Arydn)eJ*(GBlZ+wh(n0#bnBY@FzWfW`mmlI|%(AyX&bVVa&N-!)-{|1+kUhpDHXemb{W;^!hELt`4dHV; zc8WPJ+J2HT3dTJ866}tBpF04qu|qfHZM`$H!G&wZV}$Q&8y3Z1Vgtal#)PN8zbrqo z5}bs^Hy|%o32|ex)$9BA68sv(v>y1 z4ay(NgTBk5ul!!0J8sPHQqh@l`D{AZP{%@i=N^+2?-G8exnTdVf$(d}Pk(Xy8!9%~`cvj!t@loVKPCec_NROohnG!! zmRLN}0)DFuqj3!Xvhy=!=Syy}^PN~^1^c(-(4|>=0N#_nlz-e?-vC*>hCZd^6ble9 zp8?3TP4H*@|Tu`Kd21uQH*E} z^eZNZKyAD8Rm?Sb;MIG@;fY)>#bb>^aDwYAC6eta)xQ@fw{QtT^W(_M8OzSy|4+HyKjK=AnDtWKX1ya>|^^p zNY2#U?bMfi;nR*TwAvJWKcLOKsbkp1`wuS~JJHI$$*kYX96gq??V{$`YHE(Hrsmjc zYK~mS#V zI~VB1*Q-PN@YMpoTEJJ82VYh89Ma;!*K*)b2Vb=&zS6tM9h=nxzNUh&`QYm=@O2z~ z4FN}YfiHcR&EV{xtOakH2Zf_|fTIN*siunRf+cb)pweDH`qI%-MOIIXi_jXGe49tOeiQn<{`WKt6ZnIwLxovmOJS z^%&r+#{g$NRxK@wR-sd?I4^TKB(igmu|g~qbaGnThq^eZs^^ZxYv`;Q2}3ELS9 z{tLkq@xb#d7d$gkz%xnw1m92bRX4rzpFilXdg7Ca%Eeg>WUDUI?Z~ zJTU$D0Q9!vRsHcb9Qg8~lOH8(Y(XFsX0;Wmv3lJr48fL zIT7t&Gx2T5034Xqe;WVHxn{mip1F3Ud?VI2$gvs(@6}>|uf+adiT%A2`}?7#uSO4_ zDLM99Rz^4!$ZVX8FRPlL@?FcpK|68TOzPKFVY^pTKj;v9tI5HLP=h7nUo?7RJG9hy z(UfuaJ~!$LW7eyjjoZe(R~K66yXreN_9pcw!ojbKVmUVda<=ch8MsCuqI_Pn9Vcx{rrLRS6 zfobQzXGLEFo)CMh%dvO1lVc%RZl(?83*_)=uvYnCHS5e#YFu zm^B{pU$dBwYH}<(`MEVWZREt zd^^Fp)BP{7^Yzz#`o4F~4gsSfKv9<}=ETS+Zv@-`&3V&sSPH{X2F|Q%7$*_VB^qeyb_| zUoUo-bsp}{yS1Y`Z)q@^cV_yg+%px8dbTY3WYa9}o6@d+w)@b+6m3?X-)14YmVN581oOxt2e*_}`l75m znYa>8b)PzqvvhAR_hRT9GtbUQgU0@@ap)D|kzrtH%z@_>M{{C&25bKoF4D~QN{qCy z^NtBKZRj1v3SIAPbiZSLcc{xJ{hK)j%x`79M<3?%G4^)pS?}}Cd_KeUXZzN}5_U}5 zj8792Ujf~Vp?ey1PlN8o*n`E;y;wFQbe{s5I0yehlvQdp)0$5pSGCv55rncjXC&fLVQ{ z0h8jrF|NgFyV+R}tL$4>>|N)<|5lvfgR1^^l;RKd$g`;8;J1K0O}9N0yV+WA(7J=x z8?ZxqT1&_$x|#iAtSuZdGS}{6eDT|YJ-J4pF~-=c;RP1PO`5vxj2!WxIcCe}7hk#W zyT7;5&Jj<{A&Wh_8n^bzwR6AIbD#Qm=KW4|4>|UYhrv}l|A)!PIt+a>q5m}K-*!z_ zv`u_t&MVfMiRy=|zG#ARX&+eY1nPW4zuYuqLV|I|biEK<>s|@?=Kf6XZ$<0zjma&YJH95sxtT{KMo|@#= z`j`^~c8>$tLmt?F_7UOz>x;lke62sc*a_Nar1?>}jstr$u+O{*yc0eIyo=2B@oRhI z>xr4ri@c`R2f#D9jw1`r)0{Q2;2xOa>6mbj+%(_Dv+#`gMYW2o99`v3WYkYQ!`>I& z5u zaxB}Ke`BUimu=!fb>0`GJ25FcX78q#hwpw@dA@FN`0j_$(a{fU&{5v_OQPDC^l!*Q zygE4PV~pSA^@bFBsM44u9{+{6ugc&g<#~v&oj<3)8QA*n_0tyO2BV1^yh7aI72*a} z#0{#58?5}7NYj|5JG$rpLqqq zwe>*v{C7^8ZEH_YZD3ls_RQVK4zsUj=YLd~&$hO0Y8vy#_U`mYe%(DL(f`?XD409*JUQD;Z1enJM&N)%Yy) z=JDI9k05)QdL-?}RgsP-o_(>JJh{d6(F)(o@7m8Z+kvCwiP{&p@lKVI)wqIBlW*+# z%V+zd?rX9!x3Nxq?Rwdp8Rqw^`0m)1$fC(#MGk+J1SkEY%~uXTS@Ed8{GCJP#7@wS zA#`I%Yq^HMape17ZyI^#``v!#-Fauqj_r`|!u;WmJNvk|1DUOwGuEs*uDQg7wZ!84 z(L7(tI`ACUfopg!#B*xjS~KtetYl&YFuV1oJHDau=|7Qa?P*W7c9CE{(S6fCK+coQ zEl$itdfsbKx!ZTc$6Ci*TIxKQR&d-|g++ z96NT7_VcG4yT>+a#twAsA~*k#AGN_S%>1a`d9gbqHHTB=#Gn^NkKHTI*N57h=jbPm za|L>P8~gn8r~y6-+G@?h8M8CqPEY=pd%Uve8n9!$V=9BU+`N{DjH~U<8MbasW#a*J zr3dEYE_fYyEc>}HUgfs$l1X13BkW0*`|FajA((rbflv7l=jA>i$I2^Fj)@!AB4B+K zIAz-_b`@m&&w``F@W1lu#h32q7c$lkaNbV8?X;Bz{j-(_B1v>cJN&2XvQeBiocqej z#$NAYU3k`EwF?ip+g(Mw?eKx@yf)fBPJ4%GPrtRMg|FWu+q@NfAvQGFBm3Nv-xPBt zxV_1P+vi-k6;HV3$yx98;tkyNqbuurrmy3DU;OU0;q?W?8_K^ZmcM}y+<*^Uf)5XdjxK_nA?G4lVC~MVbE{vZw z6~$F=k_@2t)3Gzpk8c-8OYrqVtV4vLhvM8-Oa0NQ_(*E27G5mR4SrAlW_iH)UIm{Y zB%d;6=C6^N;4I}>j*lD~OKudgARjqEdDOtlTlZ-*H%jxPVr`Y=dWOi4>bK9n!Qx@{ zqxrm z{y-5f1GQ$*4<%=w*yIlwlSLjl2&4)acYwR7ZnuY=6i};JPs(~?vUUF#o8E}?o)6iE$uJ(WZpWgho3h39H z-{!aA(fh58qm41u8c%L1B{skuIcq-lS}Xeuo%2v`!1kKPwIsFOS#X#&X5swP3r6dF zluY}4lw}(`jEry**R=0+#`WmRg$rI>aJ&1NuWjt)tc)VA6|(oM^E&qLEL!kHd*Hy| zwSPLeN%8ddrCCwIB>o5grxpRrXwLdtWoQpi#iX>L5eZ;JVaG*Qli#_J{LUP5d=)bk zzB|cJIGlCh?~b6eurYgThaC82I{ch`-}v5g@Fn@z|8(Z}SC_KBd8V}Ae4{!+dOrQ1 zgUFphzM@sjNPRqQ_wg2eMEI`#rpk?NXHHS=oCewpdD@##d)txiV&^7ZxQuDT2ZCdAu81;|PuJf$+l$DKBeTw%t&ZC~xJaRndQ%`C?@t`{Lc^sT71~wm@ z-bLHQ)9;vfiWHf@D96rwpW(f2)Q{79+ms9U z^AQ((PcTTQ9T#oT-}?UF=J(*9U+R;!zn|-KF!gqc=l_K7!i9TIRa{AS>^b}!#~yd` zUdcb`)n^6hDX%|&E9u>YYCRK-;4=*DyCurHypf z#IzRDZ{G2znR`DR{x~{@IhA!p@kdb+eD&7Ii_h_P8~tbwZB}^jsB?H_b2;-@of*&S z+i#$Je(B6oaz)A*S3a`$&huZtKf3<;FJZqgK8VgwB@?=q_*8PUX*Z!8=ObTk8>$(c zX#K7NIWe~09w~$W3)$=4imYx$2DdTR40Oq1bje{`-nS!%& z$42crFGj_nd|3H8efDAVH24WV5`7iN6Wxkj{8Zwy&1QS) zwt>A4j7@xYG26`H7d<-{J~^3B{7n9q$#2%)?D;N!G~;{31V08J_Twen*6W7@_`vXt zf1v!F0@fP6_Kf&J^j-Yn=)1vK%DxWh`&!FKr*Dj0i%X&Jk*}Sv*BVpN*Nl(%@q4rA z3XeE@XrwpA8<*mT?@LpzoSj2x&kX2h zLxIoN`0!`H(RBA`_jTX>*`M(L`|g>`W<(cr{gJaJo7Pe9H2ch&aKUBa#$5Kpt;rtJ zSdf+7IPMdi$Adh1-&K9(F64T~vgy%mV$3(vhB0JKcv1S`a8`D9{Pvk}c<~q4H_oTe!T4q~@y#B+_VTE+R`x9G zF_LG-u+h2iZO?i3IJ)}Vz_f1JUD5TlU;FsF@U!0>92G960?&=U^v0XW`4~dZ#}INp zhLH0iSf1y)>LGvU>{Jt`uwc4!ed9c?bz!?cdgbNO+Edhb01o~3wz2x_r>%ce%3 zXWyXOsT#39{OUKXzN@e)KH&>Aex2IOZ}6#euixaE_s*_weDuuv@bg!Gy|IRCj}9Li z-9bOqc6;lVO^L2EhJ@GiY-q%~@Q#SpUJdOP`23CcK)-c-uH)VH)N+0v8qN?6hp%fK z#kD&2LoOPU9nLQ^BIR=&dX+>MQ6peH&le9{6P}SyPRfw%M&ZaE6VArwDL7kn%v(!$ z#+3S2xJ@$2C%Wo{Z zEc%r1^6*e&XutQ~tlj`g~)?s{yX|#*kyA zuJL>KGUJkJ{O*GHbUtp*Wz-kuJ9;tFK9l;XzO-;LvY0`>VFUhq<&eSA8vJ@EPqBDN zAlgif%A0SjI9Plrx(55Kj`gZT^+&F`%x%9NHSM>) z{K`LfeCv^|gls_9SPB@+XmUZc{<|N0cLsK0swW%6V68 ztOagzG8XUHyZo2w%xP1Z(`u2w?R!`JQu3y?R%gz_KJFTXJvbkIkbar5H-qQz;`w)m zyt-w6G(9?>x<;H|c>9zg4S!LE3=%)sIGgWt!~T(q-`+}l&O0laXQwjHrZdl`GtbtN zw^B>qN-cRSJJ)Y&dTr{??rBGU(cOOJRChaiXr!^cX?E%E?j>subhk5(_R+6x8d+4` zH2d+o?x=B~I|*#c#a(%3&M~Kt+NBw+an3omYw4V0z_YO`HzQhIk>1rhdes)eqw{Z7 z*J{VpE4Rqb9szt~&|9k*Pdl(jHLgwR(dj&UC^tRYf^J(5Ugr`=Wo%7z!IM*m%F+qe zT3GxC=QfAfS2_Po`LX@Pn6^=030#}G2McJoHSj7inxbR!@2d@e*J@<02%b~@tSmn7 zGSVAYp@U0}jIQ=usxU$!D4D_-=e93)HFiR&6w&DC0u=Vmk{khl2f0`uM z17A#gPOZERXP;T$dc4{?y~L8O-`L}H+Nsp~{GoV>(Q{C360@OZUC;Im_?*2w zZLEp<*~`;Tj5rC+NF19LU_Vb1eWALN2Y}%qFdX8&SLXyLnd7m26}^+enc-QSEe?J6 z9_862Ig+yfq^ps#%TucD8XcQcB%@_`|T{vpq3h`0dGo+kq@sgfVtV%rUeonsVzmm7u zL0)Jp`4!pNgN5nTKV!TFXJ>@h1lEMh8HdifAOG&sW3MlK_;eEcBuxHfi&=*vi+U94 z^{ROxKA(#&KQb&3&dLi;%Hhm_70g`)BeKF-olB0bWxwFKg$qyTr8DkqVpp_PP!^o@ zFmg~Wn}_ia$_@4m9!;DC9(3}3I`D6_#?^V;nAFM~X4SkHY{t%%`$>-8)8v{?h%-ki zN2V2>-Nu~Nf$!OQJUB`5F!z|1Q=;6c7T|7W4BmTM&%Q&soXmB?&!^1q%K!A&-^_Qn z%!%**&gMJqRSUUf%;CQon|yI^__!D}#6P;E6Kww}`vEJ=|_n{9^FFo;v|Q_C7}) z6L){!{_|+VcP{zDyb-=|7425>yyVaQj^IB*&XI!?;o~YB9|v5xaOQib{#*8qsq4Qb zzRx^|eEvOl;^=Y4opEF(wpldSd8YpQF0O~hDj(lyTmk;Z8I1pXoI47?#x`TqAXCci zPauyDzqg@RO_=Q(Z(1L2FI1b>et%+LPgms|cbc_wh`Wg{(`YxTbDY3eCU&xTiCVsm zgTbW(%Msoa9IA1v`_{Pwit*5{;%~XeowT(t!J0=}5PkZ{C}>E0c$6`#eS*<5gFXs@ zeJijRzDsRSK1Bm3)}ok*+LX*vi_yZnJ%(g5i#-|Hb;$==b0{BNmn9BcBYOp8TY7Iwviyi@kxf zUc1(~^Vw^Sy*q6@=!}emw9VM4g3lafP6m~ zWd7jHJX3}<>e~vD1#-j8wb0o-Tgv?q&oAKl#XLVDNK7!;b2ZOsolvsS%6@)7xvo>F zU(*J?+ToppyH{=L;92FU4cfQnmtD~IBz*Pg_ttG`+x_I0Ro@G5$*NuR%T98(3dq?y zO3v0%a<;k{O98%n0eNf%XYbooKrCU%Eo)g%-P*n8`Rr&Hda3vKn8DF5U~&7YkKjYD z!#Dj$@}vHd{HX7cAN3pZqkgpPN6~fow?px7!_N=xms|B1@7#iKdmnwQTQ)5E9`C=g z?9J#K__j~s+rGJMX!LPkf4_EE+Q@JOzxGGB4v$`buK3unKYVTDd%j`e#h&MMcGP$A zX@7L<(CByYX&2vmdDMYl=TK=*xCz~^eE|1hldUoahrP5+;LnZRy|HOzPT#)Yc|PTR zT!xGcV()8zxio3=LiLtKDcZ{Cy)`MWk2c%WehlsD$vUr1FH8$~eqoAs0xq~Tr+8ue zuyXnT=W~kLuOjCvX8@aU_g5|Z$k|h^7-2MpziH(c^u-q?huE%r^{Lo;Iy!+E(--HU z8)aKeMJMWWkUig6`pb%yYi_f2ueA;=d$D1@mZ=`*Z`Fj?5=Mlx##zfc6GVKa;oJ*P3}FpsqD4^Fajx8YspsyMdjDrl+NiK`js0%}lJ$#)K9 zhO4+KN63E|ZPGko(p)$bZ)$9*-jOZrw4>+d z1dKaP`v(8J1)IB0Hc6-PMddIo2glSXu=6f7-)DxakvZYtX~V%Uj5(qO-5^^%E*t&c zK0IH+z4kNy=yAjNQf%02YC0)jTx<0s$cQM0G)Hp-F8ZJ8a6G@`+Q>M75tT zM3awkUwb*Lph=a@&yvMUrArXHv=iH3keg}JWfyeGanVI*5@b0d}^IsC6Zxh72ltA6=WXfl`meWT$CwNVwQq76TEmEH{Qk?-V| zr3=$m{+LDEhds2N?$8!{J%KMUQ?$i?OJJ)hM?$o1w`r@|m5MQI@6d;#tpk&T55*_l zwDsQCdgBq~A~kI-Ur{j}jpZetmHc_z_`azhl?x$UDc)1jr1~=QDRwJIi_h=apU?5> zp39|c_kX2t4&UXPyL*Y-!%mK*VnGbS4iS3B=Hrn*^}j$<2MYgOX3@B zOUDj=6u^2vtgS+2R)7d-LUvMqwjtjRX zU6KV3v?l22k`~F3boEnx?eE}P4EUY?r2E`siDB=Hx8-|j%~df?%Wv}4XL8-*#el8X zvw4PEpV$%W(d#-Vgjj`Xhs=QAq&u6D9r4?D=fZFBl=w}#6P@C*YIv*$|A5+_rMCWf zSapTjyOPEFm1+y;>`OoOWAul{=8Q{YlulQ_j!yU9*SKofZ!McexM%%rZ8ms!>vZos z(&@UUXVk}5{QnbtKk;S8fKN7*`yUlo#4Y!Z_i-k}5Ajps{XtcgO()=&QwjXLN`K@8 z{$ro-ILP!JMT*#!o7C!7Uw@;bN+En-1g}h4emeX0qnbLZt)o05YrnIb_8%1wlFK6%@B)5Ig0YkuS>`;H4eu1%ymL3a zGXz{WKM3B@SL#1U{PQ4qKxcL211mgqLOk@8#X~p3E9Ev1Ery2*;GqK6tP8ka$eQ+g zn}^);aUFfkg)ZgD;_E5o2SH?x%IcDBAUpZ-j{AZ*zPl4ITb^W=CC zaxPj}HbF{SJivU2efGmL=zuMjz(#AqMl)lB4lTmaA}846rbRd_(4Q7p_NRq2E{7J? z9$Gl}En4`x#u0o@QH2JV~s4O~mV^~1HP-z?iobNq`u>*zUeJKr;L>+i+4`qmy8;aOw5 z2mE^NuhM_+v%hxOb+l!B>CcJxE8pB5?|1fsC9r8^o3|p9?eO4h*~Z=^dc$DOXDNX5@PHj#$LnN z6O27XZ4E!M@6egMSck1>tYYky__$hUD}rzGIX^qW`Pns`pIyoM*?z4*|Fp8{<;Q>6 zJ$ca2y5FgZbt^w4G_2vg^Ru-^zL0shl)R{i`OGsi-p-p9d^-={JJ-mtYEIc}IC+d! z>k;MXE^@lGkHS3TTX2^VyBbRlP$oW9J8-rG=YnOKz?f;mI2IV&fpI4=t^&r)rJ3i! zXs(kFd+j_JwN@?|cR_2(Y_;~MvJSPXcMt217uUjTrQ|8CK&PH~qW;A!YR}7t6)ke8 zKY!DolCvs#rkr=vfPFdd=CS`Z?}?fhITx=tk7*QRNaJ@gV<=_}bC;zt2J1XtjaUBv zD8|yvShh2k6^tbfT6*!V`oqP;4xKlaQpSQEYU1v%g>P`022YH#d1AXQ$J@x!nWh{? z<_mqFVtx;p-;4O}mSra=Lvy3*6ev$e{?&qi>XUCLx7?khlSyBewD-yT8uGl{>&x0t zuQg`HhQ^+zz1y&rSg%w3NiibnnKW<`VjSX&dhj1$EiavCv|nHa^(t15@P{8_9eCBk zhfeQe9a#EqIk8XWDM^2550hXvYyP8q75jefw`VsWFpLSx?~Y?@n(-*~OdBw3U9^Ng zT4r*dtKo0dGZTR=f!))B|6I8+bXu{JD*7s9ol!Pi^A*6${4HPg8w0d$p6z%A{UNiK zoo&Sj{ftHWPBN^qie`n#UOhbTjJ1%l9^&^())#MJtW}KlS#zuz=2(@_+KRq3*I~^u zX4HS#4F~hPIY!2+z4ppc3Nl77ERNoH!)LAirPsf#JSE1b_{WQU&lwEr?v*k`dX(-YyfylJjG%2VMP(p6>oS z;h%G^^Bah%_N0Ty3~;fZ9C+pP)!k0r(OQdcB}0+n>mNC6j)BcS8Bf> zO-c;YFJA#%LH1NxIIylcc_Pd0@oVn)%AYrXB?jLRf6@M;mpHFylJZfoxnvhkD#lLD z zy>tpbf_Sd{M^?>NFCiL~Q!^VwaaKaMc7A3g4}K~- zmpS2LeV1b2X{{>}CN~8CzV#{g%mt{$%75!7u1S7Y@i~OgO8a-Y^*R4OYNA4$c4*WA zt&-@=dT{8bk$j)yT(2x6_KRL`zmJ$bbZX#xi0=t#m0&%n=1k>Uzt0~|Kquk#{WR60 zTZTXKwLPH&E4Q=)-+bz9nElaL2Yu%F(!2WcB0QmW82LJisfjPtcmChW=ixkH`aNRs zNuM3qd^#IgwqplEncdkQw8+D?P(J`%e9IzGn1vH8RdOCBqq$+Ms2>K7Hr+Dcq@F^(oxt@J#-_^v9kA zvp;>>{k?u>?b`9Gk3(N4#2?hh4J{oMJ;AuT7}H6{R_ely#nt&_A_&3j%Nh*yLsr`^PK_A}7lNl&{E)9%9#yzuWy;Cz>M ze?z;+eS^+xcMxq}X180-{f4Q=tT(Vfe?zzDIU~Z6`j;LRUmedThJ$W;ig;$SfO94J z{w99P9LhG{mX4V-#*QTrLy!(=Eez5Z@>m0{OW?0+@OK;Zh%(mA zjG1}#H;U~gE#09xa0u;O&i{Mx2xXUm1~8#8~q#H||U{Ft)|W{)j+0 zgY~axncrmtwY|nT-(;MPWXL{8##+rPx4vjSM}9FU!C;T$=YpiU#@<{f9zj)yOVy*{^&Z5`-1f$@S?Wz8@vetZ<^XqhGx8&{<=;YS@@DOwyFS$d;C39WSv!_vd;h03|l>{>B~cw|kmCwtNSi8{lq3%)G%4emOD93IUzCUqib z`^hJg4myEM-NSR$zMRE62kl4HQV=b5{UkEC-xy*(C%O9$&mHHv-|*ZU)LQs4xYc#V zkuHXxKlgrq8Z~f<#kazD%1?+xXW44f7Y^QU0Ow=CulCmV?nP(3IU9^8G$wO@`Ge>$ z=n>n=|KDow`tZot@S{7Rm0-N|pxBNM&Tw(>l`U*LK5--fM|0WaUcvrqDDTN3}lFQE4spYq|Ixh5o@3eh*TK98Ti4d1wF&hMLf zzh$)&VlO#`~jbb|g^xjz$b~D~Q4L;Z(1ph@Q z{@Z6Vhm;ph>RJLn@J6)dSO||L;gv@|NY29107mV} zCRPlb4*vI<-*r8+eh=Rb-cd|z{9DOcH!Pep@yTTJj(;W29tW;w&SHFtXRI~-LG}OP z`u=_MyOo=${JS{kH;V6`H@{nT6YE{yckGT{V@K>WAGCG$XWJt+y2M}Z35}> zG~(7)zDGuVnEo{1%b#`cRZ?6`@vxf5z)2=DF&H@>3XQJ-?^ja?;EZd(26L%5-l5v6 zh4`|M!n0%XQ!}a2^3K$!?w@?wcfLeya`853KAOCJcf4ac_K|64A)DeK*+eBXsbLhm ziMh*~gG)zQd#W`jTXA}S{TtN1cempmi^lQA6yp$o8m>Rnf3LL9C;uD#_sag~lP8h; zL<4dUZ^oHJW9Ww@JesW5=LlHoV|9+7zU?LS3i0fKQN3j<^*{3YuN-ddYk{|wcYz(T zJ7nZUPpEz7jRbA7&v1im!-JghBs^R@0y=D>U&eiiYnn@Tq*ZK;AqV4I zxQERnfAU#mbL7KonqEGzwfi`6(>dq}*)Bfv&+}H_Y@RirKvr8`MqcuGFHD>0v0S@0 z)9fqHZEi*0)6oyab$V;MX#R+YrL!zOFZ|1f82dzWb252FU6Ogr+yg}2rub%X6SZ*j zC*&~b#|AM9f121F>~V4@TB7h1bAw5@%5>9@7auzRH6wywO~BjRhXh}0UaVM0@THao zMvsFR`oN z7Cs&v03WM7_~3Vf{2UiPsH6AM@!{}Q0(`cD&v=c6GvQEq?{3`Xp`WzQpuH`o?RE?6 z6Ug7g$eGrnHTMQ=-k2QR+FcEA_-^KzamK0qJB(RV##!r5&hwfhow(9$VwcpQ|AklH2>Z@%C}n0o1l^ay=`* z-OSg``r5{fg%3SZ`UJVWz%%U$Gym0mRxt)W+v`sZDc^`5d7`v}^UywN%$i<7o((>o z+Ld3eXZw7DB^$FAE_|YN7x3OhU4UKWQw+DB)m&rQ0NG}4(`@QkQD=E=_QFLkzW$=@ zk3n6b@!;kqU?Okz?iZEkV8sC5;n}-+R{OTwi8<(e_YU)&tS;(&&6;LVr;6vhs8^MB zHf*l_c43#5V`Id-le6Nb$a@L&EX0nQjQ=qKe+gTn<0)i@xg^e~YbxyFO3N*Ma!eShn$5`1K)de!V+N?=Cb>)m#mq z6QgmzCmwV7d^YQF)NNX;caLL7%%Ok1uYA!$ct3O{wkP{_O__ktw<@01pc;>T&t~$h z_~TRXhM&EuZXARL8xsnVw*+}6C0W?mHvFC9w}vaw zr!#x?=>})rV5RtNiHG0#{nWqw&*@Xm12N|67-NXl@X4H|Ia_nMcb<~2b>=APTeq&Y z=a2KoJ3`|vXT10JjdzvCd+z|_E%%I<-w*r`j@Ow#sKpOku`@8y{xy<~2g6~1*AYE_gyKIDCJx~2O=;F+YvMod}H=R=1f$u${ zc6o0wJUBELxrKf2LEhURck0Dk>r=8Ve?Xh^w}z($dwy3# zy_B@!UEA_2M%8(;ZpCuSP$)?tcA_1LtVgMye_@B3tmMrufl^wq2}!GnPN1Jq#K371&=U zZW=7OTkPjrd!Lh^n_fSdSdRO-R5*Ml1rCoge#?Glo@Kws4C*PK8+ujmevfA6y%=_t zY|RGgPISKP64?&Y(;Vz!?je%CGRHK>8q*Jm+i5*rdx47?UyyMef)>(O(nqn7FY-C$ z&dT{EZ)di28P~DduInMjIaGSu+LIZ(k@tC*_xDc02YnTrx0X0dHES4U;Bp=~tVVD8 z`0m^@?OgPg=8@iOz#^Cq6e3F_#<0h_d{58Wvzzg0_DxkS#RHc`w$j!%`dH32=?nP< zij|tVK){~QoE=)4A9)2^UgOX+fgECrCS4fYNbB7MFl)_Td4?LBd~A*FQP!VI7)z>g z|C)7u;&F^ydC=%;d)y($Js+43Gw#ETdp|LegUmz3EqnGe?lN;uqRxQE8?fNc)7tdB z!I5J59Q3PLz%Q>yhOl4aIemKWuRn&K%So;0l=}+)de@ru`&#m-@E1(`SYy`sE!nm9 z-src*zxFO;yEZ^v1uWwHY zc#-`~lH!1PT@7BLRUcmSEq-c9fmiX9gIDpBgLBcZrNrVV=UVGntqD?_CloZ-_>_0! zz^z)m+JiJ1`ARi*uY5Xw`@Y5J>pA)DjIY<{mAsD3TG4bWG`Xt*`$KZOhR>1LtZ4dO zXmaDX{#003okk7&d~EXBSv|1@Sv~Q^Sv^Vi;V19S>Y03{am@#z$>H*Hqwa$decv4) zIJVF7fen1%DYg$>L%cKw-z3X3>WDRMsH*s@NDH<|3_G}`(idr=pBC(*7W#O?gtU&al4z6Vqs8Ca^v*y{GxX={>P~rva!MI8O;7nK)^9a;`M>&YxkC*Un;q;!w&3*7xz@KG)V_&(k@YK7f;iCo9 zq1p7Fzt23kS$HDZte0jhunUTfTO-ZjD+azq*FVjk-m7O5(=6Nxk1aDTTuMgWcxuy&8~KWe%tS-9d{e4=ph{_TpuU@O1N+RHuF1lb7&}71cSGKhyOJXpMJQH z=Vw@aK4R-I!&uF~{>1O9r*xtD{k7xg&+mt5_fqEf0yF=!@4W4;I-~I4^RS=G_gt|( zxq0qz>N8wn>`iA~YJW%Hen#fv-o1~8Xg=J2=0B;yjLlHSZ|&QZKH=T3zPxtr{rj;4 zm}6$8XVKOW-xq_N3%HWA&ufFe$aeHv4SEfmq37Cj=-Z*jKGimESfhN3tOz+8FENMQ z;X}SY!&>95E3Ts+fKflPw-x|7i^!Y&jw0^oQ4hwPpZ=EdFn>Hf{+wkiAh)JWAwQZE zlF0zEus~gNK5GGzW#p^}yP|Bc)&DE>@2rzTaxFTiR7Lr*8(|G zuE+zbnf_+0k~D}UVm!J{X;3yFDb!@erZ3cfUX-TM2ZpM3sHTw|G>YuA9!=hxk@ z-^;PHwxV0iKDS;M$z|@U09P@56lnRDvGtP?2OixU0er>aNA+@QxF6zv8F@iE$4;<# z+u2GxL7q2w-kBGj_aERrYaX<4DmCo z2W;Fu?tTw|a|4Cd5Gz(v1H!M6ua z6W{3`IHeDMw}_g#p7~Dlf7F!EzWwdQLg44|k?V$03mH4dM=S)pXLnx9m1gZz?34|P z7CE%b2da{nVAru=HnZrHH-!|&a=ehRlFR>P8_u;3HGP@6- z;x-G%pWjDt_`rS48Ge2rTzl2k$BCh=@sNw9anQ%^yqkuc-v{zL;5fFX=!0v|(Z_M@ zyx2(O96hle9w~lhG%{Yk=fM5q=TAhIP!~Fm%=^HDb4|9a`RqMo%xAx(n%tb_;C{xu zf8C@=Liu1kzi6Om#`QfjC&e?peXX2Ph$)|)V?8_3eD>)kA7>sO5i=# zCOyPE&hG^G?gi(6HPKvudix-GmOAfDI>+Is$Dnl?ez<5|CR#r?_Iz3&xB#tVDQL~L zTV4G0Iq?(ch^mj}iu3&F`t$oRtUiG8eXUXFF}`h#5B;(sFL$^Jv&Lr11ixhmUqc_J zuJc>EPBNQ`%wA>7tTSJ$_LSRS&Sy?bp1)nSE z<1^elz#c{O-Z1+fpDXC^Ztlg%F*WZ|=gEAJ&lU7t!ac*emy16~n{)V_3ml*3p5pYq zzL4#!yKS8P3;S#w?QJn!e-6HmGJm<(;}pMm3%mOOehP8Jo&dNr{VU{GdB<~^Lx@Me z<>VwkInt&}iA9%<$+Nv{grdQ10Z(5&L&38f zc(wu$a?lfJFO|;L(fnM7EklmPM&TijJ=9xos>F(0Jm!IAi4BYTvtY5}FL^Fly!q0^ zy3d1WnEYLAXXeMAk9v;j%7PTw__EFN_6Pge^5 zIhulAZ$YmEHoY$O++&kgC1d)Xd+f&9Ke*r*><`rFKuAB3k=pYR6$HNO_=H@QDI@E z$;12E=#MO8ZzlMTk>{FolW}Sd{eEzTFQWKY5}!(`h`^Y@AYHbHF_*sY6oPLm)bl%B3@za;>!EfA9oAq(lfP;G?*Y@SjXs?v~ zoTq8?1n_k6{=Lb7!|#u~=-$ikiHq9{mOa(yFAAOw(oevX0X&(|EX#yP zHAU0R7_)M`EZ8#ZM>+b_wsZf=1DmrKQFxo?g3(!@`n7|@d<%y~F1?iMJj6~@U-XA} zH}GoB_rt>ct#|s{=EE-l^IxQZS@LP>QXA$x7t9)uo8B`_eKN9lt;obL_E;QvbvC!b zJV0Fga7XhFb2W?gA}k|3jPaBe(5i7w=lot!r$^2 zeBj-ZH-G*9U)i{|mX3N($mkl8Mz>TjNDf+*U{)4u>_w_G%5ANCM zk@bf?F#L-RgY=xqgEkDyT`&l~3+bE3?fF&u#@qjw=)ZSRgko&gVKnzF0)Xlq^4 zs@a)Y-}Ha`>zY4&kV0O8)9}CPtK-!9Q~toE z@b{(kpGn@L+iv;3r~myQrGL}k^~g8+H5Y%^E8nx>n*_CO^QmpyKyBLwYTJf5k37VA zeP<9{8WK;s1q0J4Zjb zbgKMe$%G>hmx8|s|GPi_LZ1E~`v~}(VdiV}pHDZWqo2r45dIWTVf}?%66Py=PC3Y& z^@`5YrtZD=(~n~PQ}&Vm^EsPgp65(IolmNF&9km)N9R4puruPU*_!yYZ3os3ck8_8 zBGudHyyvmI&TSs=8lz+D++mMX{@5E1t{wY<^<~G;(Efd|{<#!<&u;CH?@Sjgl9ww! z0=_N(qJO;TarDU?aBAveaIUj2Qk^4A%yC~4=U?CxEsj$URBtw*$?`m%@K9du)LPp1!|q z_x-=6ub)cv=l^M*{vY^X?%&_izyGnG{%`vT{m)3j&-cO4!4&hwo4;UBBiI6HD8S8oU;JuoCP@NEWkNu=6pe3Y1Nsj=gk>^ z=;<$;Y4#X??&06%F8mYtUfD3x48(AwJjA4`ImMKNLpiht)J&$;ZKG-bHN>VKc7|ATh_il4dlQ`}`wDxQ=|Kc&LQZkK(lS|MJ4 z`kNlT9&y3r%rXCN!=yRpQvB%xPy9&!-Yw|&T=cuw9+?1toqrCw?2)O*bpCh+yyez? z3tVtYuYcKr(ZQRo`?k6Cdb5o;hkq_b|2*|lfBBo{>Hh({|4Y$7ohj_;OZDH296!yr z8}eLmooD|$ID(Fj@B1qUU$)I~A^-iO@Yhj~-s(BsC-V+}1zd1l5`U%8U$;2+?f~<# zW1D@Lc{k~rca`hr=D*im;}HKHE3@>*CE2?v;^B^b$o>(miu=k2D)!h2oY5C{pO=@* z84PZ{Qtg57+ctdim)v^gLh@nRJN@;UWAAw3OJ$?!d@`NQ)xbJcf_178>s0xyQ-zim zBiGY6%{{ZC(a)NFf;IcRES(GXZ%s>D_jkXO{8@K&WUSjeriVRa`WJglz4nf6ZwzGb ztTFke|9CdQFBQypmolCZ>s$@2bCs~p6=I#s8qfXKc*u9K#u9CcPTk(UWY}xxjbox` z98>IZ^u?bno3zL^@1=@A9ZkVMZ=qig*!HuVe=bBHKlu@*+c682lPLOd}Oy?i+Eu8mJP#4v4;v$;NzA7;*AMs9&51d zqQ^XNEV1FZl=<~i`fvC2f3K(i*&m_*8RQCk*O%@agndnI6a&4U!#e~y3+3A;740m`ha|!54oK$TsM0wx!>{Bi7*jwgGVHxyD?t?TgRF$dgs<*}1bxae;~Rd8}d z{gPw5+o{!9W#jn zx|;syg=#*#(ZxFht;ZfU{nx(vIY^w0Jz5*8DuzZ@K-)@eQssQ!wN+8=p^?Q?Dd*6LT4me`-5&dNnYJ>V?t~K{Y?(` zw1B^&!N#4+Ne-a@US?}VyfC>Ej5n1Op!)F_ud`RMEcZhC`$*e)s!uJ(hRTssmSH6(;`KVrs_D5;oN1}vJ z_}E8#6=r_z$0N=7V|xaj+pIAw54weCtAsC}mFx;+>UxRY?t#xLc6~?WP(V4f%BjvW^GM^+Q@riqY81JnD|k?K`uo*4 z;&&K4Y0Lp?A_2=w!f9M%r#=#LGa{`5eDZra&;97F{`(WuPae38(M~RSYNnlHaHsVs z;m+I>$-Aw#9B<_rQ|DIt%>51S?~eX;){@2RpNH2KLzX^w{OA(f7IgUkREf1eGTW@# zdUfxbcah$M&x(oVHp6#8+K55>5@I6>_7IH*PSG}Y8?pi&N0EaXW8Y7ZYsq8=(_3a; z{5IM^ek4yZ=D;|-;^^`gafc|Rqr@RDS}4S&k# z$dhs69It~%hi|@{0-xEYz1Wu@5rZG%@PTUV=5I!4=R>w0)HA|MI&HRsqp{L~ihVGb)vg6* z@g{h3`fCMm%C|lYt`o>w0)9>)YYF(dpAN%cc?lineOG#m`DD^|TVFZ4N_tMZYMw_= zF)!Zk*j@9{%O=iCT(W9^PbI65x^V8u>JAs~4gQ?@O18LrKe)rYx$y2EojkKj%RiA^ ze2%uYU(9*m^2ht;&p7zdKErwNaTR>5^}#awF!5M%v&nC9=wQx!@U;P7n`5)*RVN3^ z%73!Yn}sIxINQ|yT)%Mx*Dang%dXZqoj<|r=%=IXBRe;=Pd_C~*w@9`dP(>}bC33K z`jM@9$j=n$T?^0EB3s%^Z7`M$Wa}{ZTHw<*_*A;tc}DNHz#nbstGjqN4>`+2&W@u8 z4pRHPg+4ULTJ*H^jpp}f>EkebeHb43v*-7Ffr&P!!_%5;Ti{jU^Sw3j^}X;c`bK&C zeK2R%!G{|T8>1s_$ei+$S{m4&3SP|ps=`fqdY$x%pD~q#hXc?s03NEirg>a@K}{XQ za|v{73%YEy{9bcSH=nt%qG@LW8%O*B48?Pdh=Uu;W)!Xc^peXq-grp*PP~E6GuPw6*#hwgywMC^oc>zS zgXzpoK5Rhgun_$#x0U%~<6TDL#lx&~!8;?&-}I;7ciA=(e0+Nx-P$_T;y>lYd$lc2y4K*!wS^A;|JK1j{#w5byZE=`vjgi- zUH{tfm9bA&B65e;16~miFfULE54OTb5#@X1%bPJ1dRt?tHu}1p=UdDkBEz&^(Tr`y ztNtqlpD!VMZqwA(y?*&7Lp*o&k@#n%1AiMjXXtp@0Db-FS)bs-FFS~>)7}q_TA%pl zW$}5$Bi!-9-cb&3rQzzW&)d8@RKC^8M%y1dZpI`7=aVKE!siuM@7xbsd&OVk2crw% zufN9lf^l1+(Q{>XJ8I92HQ3l9;_iNzKOrAO`ziMI1$KqXIdk{Su@}&Rdv~E* zr~K39ocob&^j3DI&X+m%LN|KxIQq!;jRL#6(TT_5m8s~gS-yPA4>P_|HvF&_K2faa z_EDRgPR$8Q&liUo4RL7i8A(XQORP@QZpY;V1T#Gh-$f zx0Ud5EAZTfZ=&)4^Y8RM^E^29j>83a%pJdRukoAw!ujA;<2S+S`a{*g`#gF8U9-Lu zx;mgZou( z_RuopeR6}Yiihhwr&^uQ7s3Q}Mop=s!p~F7u(IpoDj6cxmv(NA4EV*|^U(`Qd zX^o*9s?d#(U~BH-FNb{)W1LBky=Uya*Sy0+G6114!*BK=ibS>N3&;kVf<6~C)LTux#`oj7_Vje&tpQ%}@o06!XcNaX zx`6(p3+z2}DIZ9~**^lWU~}PU1twcx*|4<2Q{uDd|3W#ZFG;445~lNGGkF!KXhP&WTOi{M|)YcfsJ-`gmU8l;+#9%?{Ap#(ZKjd zexA|$Y4O2tyZgO5;~2Hk^G|2T2ZxF`rqe^TSTjU@zZs&wck@S|MNVwrWnlc)L>(96 zj}8TIdjI7wePIZAzw3cFSO70iMy8BkW#_s#1P0>uwm!D~mBnUF^nkz8S|%Gk;3qwZ zZIHib_M0kW-7)n}r`{Q~VUL-$ziu#bY&Yd{Cm5 zC!?;t_M829lKJolI!HdT^!#(IB`&FCUm0|Na(HZycr}^BJ9Lv`D@pYB3hf=Rmv|;N zLTAEAMq81iHgr>!e7nc<cM!)1cZy{t*=I|8Cb=J6ieG=^*fEzs zvpG-qozVmSq~Ow8n6^@1p>(JGJJDyEa8_De*ecsJi8$?my?wL<{r+wAdXnd*=vw6Z z@Lw~=5}{6=Ta-eFe|i;g2v4--#7InAGs5_O%;D$YV?2THvWoffEnzGE*gy1ba&@z- z7xir!dRFrV@?}<_XJtojP)-eXd+Sww_-E%GcbSKe(gsh2T-gcOe*Yld6TUibF@99t z#_vz_KSnyV^7}>3*K|^M^~5i@_Z@bJt~6 zrPJqP>@EG0KmAP)t#DTd`KveMYo+_EUj2COY3L4J+C-NaGEIKTbjGdi&{B3?{vH0x z-fG!;henDSNQRah{TwhfGT$f|${;|EMTBgzAT{jSqL;rTcV_oRrF4m4V zeeZ+uuG_e0FPSd%u)BZbD(3&2I>yJl%IKqXauj+k1aB2qZ#BBRnl+~#ck>$?-Eohr zzwtF0i%lBl>Tbuk$)XPYfNY1(k9cV6%AcK|HK4zRU+Hj@R}anH_^F;rFUaO8zNIU*4im?r@9<2L{sqCKa$eKprvx_a_^G2Sq(dXnwHW#uAK@H2yY$#h8;^C zfZxFA^g%o#J=PA-OAqKA0_8e{M_GG=@Xoj$-@JYEC%$iZqnkXb8y2s=ecZUG%+@C`B3!%f7LW9;>~oZo*(8}747;9)X&Xb0!s zc8ZyAaD80WyPx@-_p0}bA?kHu(;U%H{sfQTyHjvqzLkEM`q3k%e&)g^Ab%5~rQntf zv|TJ3y8Z{__?ORY3J2H^8~K-?p|kniI^2G^?YXeJ{nQ#{#kIUNyaAiv`VWeMIk9z@ z=F~qF&0neAc>Ctlj~n=lfzPznp!p{ItjwY2c!HX*!X~*gulRx&hC#N7{z?vJrty-- z@(!GA=|Ja z=G~Uj@d)m1Lw)6ey7c-Y`? z`K@oq^nYu|##{ezrhj}`f=v_L%*E{1JYskN?%gH)*7p|Q8+?1l8*lt$-=^=U;d7T6 zzYNa*+)ccC3;O@c|8(jowZ{j)Wbf@9$EOj!UZFnuoENg+#=EsQF0H*ErnOi9S8ng^ z|95czHl?+<{e8DLcs~*0(}%v19OfeD@^1`noOuA(hhLrE-gakwzGrWY*VE{C$oPkY z+fzQW{An}(xxw0pUEimC4(*}Wh3-vZE4tCWZRn9!^vStk(i|=Nd0%@D-y@@))Y*l; zPT|XSQ=fR?a}LbLha6W)S!_OXtNG9_>Q3SBbu&il&qsFpl%9{QaY#<@Ks;Z+8$G`b zETir5%JEYJ^NTh=4etN>;`{RVf$#Th51V-|`i}nJ(H{2sT$H&iHiKLI2)z>{$miU&(a^{62@j9QktS znvYR#3o$=a4qTaXT(x(YV&W=Sj;)qWkq@3nc|TYE_Ubd&euxM6IsFt5{vu62?EK#} z{vc1OUp}01iS|X--je4f6Y!yTy{lmOrUwRZyhy(KAArfMFL3eiS$~thAH@5H_Z)oZ z%1t`FOa4#8dk(%m7rc?b61>MvKFI(-lrU~BV=o%*vsXH%;pLKWV{Odxoh-SEc~I`F zxy~nk&=vUVo!^TdJ!we`F|!1IYt*(UB~7ptv|#EjGBEh{+}V&<~Q`Zb{gwYwe- zZN9;3IGW=d*MrTTJ&ZH%FJIoYA;#R%bNtqMj#HMG)Tm4mWwxX15AkhvWz&Y~e7lM| zc08JC>Nv(8ajN6RWvU~iMs@g+sV4G@cU0PS)Kf-vs1K4GT?>{6Yf7l2q@c037+4!B zLp5Ie^TiGCY${>j+>!>?RwLv17yL1v=U#s3&%f!uzhubw2YB!L1^x6xCR%0>9vjp- zvT5-z6fPg%K(5lbTdczmL?_1Q1R`g`JY(+Ke%3h2JhQ@c#uIayZSl_43k}2teGTQ~ z&9{v?@ww*Px#O7waK4>je;b-JzC5#Xz3?FYAsBtug2(bs-P_`4zASQT^pV`d#p`p! zx9riou(j|p)vdDjRgl{M1aAZ$xe$0Gz;hw6&T(K>JT7cmHC}kBtHytN^pUcc#ytI9 z^l#be(I=k*SAy#R?WnAQt$k9w9DJzV{%2Ja`=6Da8vXQ(l=n{_eZ-Uxgv~pHqcL9^ z9|j-Ar$@)F!^#U>_?QI_Rae+5UT-=0(QnruKW^ef1M(y~Y3!Abr<T_{km2YG%5{wLj--Y8h4jkV7N7kBH{lNHtGIZYpOa>pw zy<|7Sv!MG7xz{r*Ja_y&d|UBTF4r)y%6}k!a3u_$4nQ z9>H&jQ08LmjB=Sj%x{%F3y5BOuk^>UxJ5xSfa9BNB6^jY^mmTQ^4A9~t23syLg9?=-wwBKlt;aplR zaoSGbA9QVa@O**l4|AT0ANdoVT0dgVjtDPYMH?UIMu|52FSThC;#n?wUEe(py+%sL zBjw{?f|s^1x4_)!nL+pnI6Up(M`ia@HjIxbyoS-&mUPeLTle(yzf-nfZXEsQt=HwR zD7;h-eAVRinP>3VJf4Na^Tu~@CUiM)+V*AM_)f!bJO^&UUm*D5%Xe$1H4XmArSu=V zv!1{ne><=SkT=26fW8clSvI~>_xK{j^K5>GuEW#lT2A}K;m+IyEEBkYS01LE>0i6O z_oMoCvqOh+`sKDSJsgCVxzpy2uSB;>MwtIPBR;JWZ^OsAq4M!Hq#HlD>dGvPi;h3+F4#K3=?}->rAn)w<=| zep6Q)wk%9j_vOM71fa(C&RLC-9ndCLTWsS+Gj0#gu}Djj%4 zqc-4rzpx08-ge%NX5Ml}zS6$UJzcy(FW3G6!3bxYMNW3Z3v-YqKQ=~wOaOWX zPQ_Y+hR5cO-vNySBO*Cb^qBZqF#}z-M}o@hUVI>%ns@2k@k!2J6WsFkn$Dgx>ep9g zx7&6`Jn<)I9^7*NG0sF^!u#+vddMlb9ry#Qrp+IJ zFtk9nclQIOVPm_^efz}tV#Wjq1S#wyp!15o_S@p+GTT3US zzv?*iY93|6b+iS&|KSR!%bP4u*AYTRF?`wZQc#O5m@gx2(z5l;W?|&!%$V+ee`F)=m zp!J$__={7FzwPlCiErUI@6E>+1d!L5ZrSlx{D~+j{LSMUQ7(R z#0oSQ@WG@g+M9-W_}eda}V+ z5L#4&uQ~@`qQzW;FMm&?gRdm`%D4Q@=;7w+r>ntL5L^Wk+4z=PiqPxwLLz{68Bx7+xk_VvB7tP_37JZ>OT;(##QWu7sgqekIrRJmon;- zP1z1_Dn|TvU)}90Ga0-UVM}&_-#N=}-H_Y;fL*`Z^0d+4UWoS6^u5lQQVe#^vfDT0 zzQ#E+f=_jMzxUQh9sTu<5d4E}jOuSwz7PF6X0DMvf8c7N=cU(Q=H4skhG+AcbAcWK z4?RpwIlpq>V`=(5J^mtlF27s38uHiSJ=R$Hdo&K40_}qEbSJV>58oxhVF~Y7V)J)c z8SzQj^%QpfkF?=FdmOpee#6I}4=mm4ly}P=r`#(1f`jm3k(JehGh^y=-zyGKjn7bx z&)`1mroImNm|TuR#wWm*-J?BFIDdK?`S-?GsI#&w=2BM|Jaj32I0j8Mc9_oDzS1{~ z8Iy4y_cYe+9;wDxsKZxS?39-tI|dCS@Y?hdc6rU&q?fKMS1FBVK-$KDo!x zE0|bnuGxvZ&DEdy;!re$UYl+k(9fdRChB$Eum17;|E1UeK6+(2^vZDP6>#X~OQV-$ z>k1F8z6G6JdoX1P|5)oRa>LdU*4{LioQ`cM;T&vBJkPn=vZdr!?PF}V58IX~Yw&$# z3-Nc!pyW^InU`6pqt+u6-2hkwFXH zIUkvO!pK}^&v5cbT)*7?zMJyxj$iJ|*dfZfGS-d!#E`M=Ty^$oEBp88+-%uu&Hu?y zU_Hr^D6$npwlvZiAPegX70-~a!e z-WNIa9_`S3q(krFY4ny{U+1AU@$0kn@2-o^_FsybuS13l%L;r;cVcJCzGp2hN3P5E zT1$zwnk(|Wz8!m1VpY}V;?I$9Yo94k%+*5H^iH-%bu33VlKc)J3t4(L&9}5t^*rud z>f`FZlm6)7tcnS{t8112`rlOc$9zv2`5{Sshy2|uYL$Cw@*RnZNuGTCd1Xv7$f2I& zr;|e&=$R$I2)lV4xa6ll5%ifc_LG%X{MbBeY3HLWYwKul1?3iyN7)p)F5X1B9U6yQ z85Ir0w57|8-lE)c=C37Z`M?oiUZUJu_?YCf-xscOV$ImlHlA-)UKjUuT$!tkQ>TIH z7<%zJe6_4a3#N4gQ|NCZEysZ=XTG&`QhasoG4L}NnAebV8T$E$;-SS0rlo)>$CuR) zQx`FY=kd+!#(+!kRejYe(-+aNj_-5-vv0Qic0VzcjCcBumTXyBTM4})zLA zgU{q!>35)E1aX+i9^qU3Bid`90@O*~ean1H!;HcD zer%twx-w{8pZREUZ{|i{Zzpxjw)8bvORKLX!DNFLXGTcF*qB{ zzv_d^==wZ)-}6}qpgM!J{d4TmTI^;4eXF(}*kk;?jmQzt=b8Sqz6~D9#=cH~XY0YO za2ds(iC=|F!Bj6<=J`CHgV*(HPw&c*i;vPD7P#Br1N(N$)q@v}F@$^hpy{}Ouixs+ z7QRm}mu}C5H^Cs@mY zVWY$RJ=wX;dEE49yG z@o^rDbKaCQ*HdC(^7ovO&&Ax?7~nk_7?UXay3fe{>%j1z(5LACv3Ye@hIRdMo}FNg zuxNVmbJmf2$KxkYga_5{=j?I>0G@e@e35R-YVW~1U(k%X7E$)Q;o+Mf%0LF`o62`H z2RPa{Ix&l9D*p=Q>m%05V(J^?e_+o=d{eZ_x3m!)7S;NeuHmZsUIb^Mf3bD(@Qa4m zs7}es8`R;}^#XP6%(kv8@>yTmdC|Js>_30KMRia1t*Kqh{S@Cr#C;fZ;;ZVq3*9sf z9L$0?v!KmO=s=A{L^6CFePq6eHzdPlowf{1hklMev<8Noy^id2sj7YM)CEMC)F=uM>!|x;Z9*gik!uv??8xKSZhpYeGE59wt`*xmnP)7M_ zL*YQV_%56phY#H!H^19T>?S{Jhf7OvB09VV?dqU~c&rXugt$tV)j7KCp-`}9R>p{$ z>HBS6R`=k5d?=@QP1wI#=fnS$d#&4hL^)twA2wHiqQ<$dHP=vLwex!=SFiq(-QIo6 zfbRMgb64(oZ|x<6^_3sH^BnO~Kl-%nx51O&gGb9IXFUB~_=&k%v&KU5FJCQ>{6^_0 z@t5Sz`+EX8RKi(sOPtOH_AN@3lQk=1owv@k6N}meoAAU|;MFCgSX+yr&6XEA;>uBS7-rYzWDdk05na$8Mj_p5E$J&&Kz@LGSHsbWh zVsGCL-pBY(e5I@E(%LW4wUPFsrmeuM#e6%RdIg{I{lo zo>>DjG1UGCW3fiTLcvxAETxcr4$`e{~fBETL=Ct=?o8<$zW#68~ z*|OUwIJrV|#^ayPwx8L#LSg2O5AZC^9Co_DrFKearwG3A14qgIb54h8Bi#?n`z(GK zFp3A=cHM8up=lP3hoEZ-Fou~kPyc?Xw)HH%oI6(Yj^89FpH;4;SuYbv`~&xTc1Ie` zl2Poj`(G<@mV--jb-x2!Np|SGE~14&=wl zU!Doi%1&fEc488C;$~!g66ajbqJON(tP#GWEgQW?+iQhQVidPgg)gD8B7f^m8`)Q; zZIYg%&e;osk@Xd)OIo5K{;bTzDtxgRF@defO)0+OYry?*uB{igQ!n%S@$a80Zi!hV zdzv$9YO9DJF0fXa{4|w~PI$4l449?QWM}eyt7<#Y+cEU0^rGZhJ~w)9tkyVoHu?%> zhg0bHSJBVHmvCPBkM?@DSKm0ZN&M(zP4IH!2Dv-0H|xO2GwSuR{43`XRG+I!n-U3`KZ82KdbH|%xrXmxm$_PFTH;C_cS zD!xPatSO#PeT-$V4YHnC{%gh-))S+jHEvKHn@nB&#wJxk$Iiy$LeX7#>7k6~hqPuh z%sNNQni`kBT$O9v6ZsS36R$5J9*H`>1pQeTb!?At`@G{z$VSPRXtIW{!=FgZvosfE zeWhv)JW|biN_2(Bqx-@A9Bb0}a6{gpd?v+uyuQYud<1-n4rtQZXccxHv~|_(HxJkt zGlzwLVb(A=Mko_0{5#n@{z-qGtQukV+gZzgJAbMgb>usLDcV)%XD{}A>qzTwe7$Y2 z_P{7CT>M`R)+d{=9TA9OcgWr;G(6=6|5V^a4 z8}rs-;w!Dp!?wX6$u}Z}PvMJ4@Y`E^B83rPYAv#U*3SEK`4LW;$0-x$U0YEEeHb3U zANeu*2N>KjrWY2$Hq>+N)g#_I*ZViCw8zXSXT5X4tat8f_Vp$Wp8P$F7@M_HrVYG^ zCqE5-8!~~JXFl+h3!bheCrmQ7oc_8nOjeu7p;z{XpG)>=OR~2-Z4aFe+LWA0@A#3k zc77ivpT(7_D)`;pBU6$ucb)z`WGaA6NeB9osRMk&KF^19k&&e6h^$-iZaO_(9ntps zIdsGYz`4_fvwT#%AI`|T!?{_xI@pszu%_{x3*(Rf3NXgr2aI1i4;UpgE+2S#RC4w) zbegV7#=@6#@3n{WT|Rx&fIbK~vfnTNjkf&XEctItlmBDLe>?L37wR8}yd6XS+mV0x zwex!RszUzfN&a~z`QLdi`R6+$|M;*u$Zo&vU+?Y9Cwp>>in#gs9!Pp)j3oJL#r@fCq#5MCQ?SkCpl zlk!IP&+*-xjmUm!n(VhA`vyn;o|`25lxYJelKtDjt&x468QBL%*P&mBl>KW4%l?RS z@hfc&Df_fJNcQ>NLcYU=%6=2y43ej7B>T)qq|wurt0ZfDhx89F0M1=5oEISb-&QUM z^E88CJqL{Y{t7Twz7H7hIS&|z;!nx@Rp<>@?mx>sYiA7Gua_A}PrDB8zHJUBlXsM&FPM$I;I>9s$X z_&4J0Ib7AFJ^qN*LZkLlzJUfag7#iSnujU7ggB4u8%BNcaerYSxgy|IF5_zU;DG<; z!++JZtGHyPRrG7^FVnu=-CxG`x2m+K*OIC6_L+Rgd~f?L_{n^)7@GF9>Aa2KcUZmi z*tep3Nlv`uPJC$MN}Zp#dROsn)2%u7eltW zkyi!`$>Ewy@h8@ua?Sw=1dUHCe_eKXiGyc0LpAvI(-$9o(LAp5#@%?rVsP!<|EUeV zul=0bZ-7UzyP8*$KD9n*ZQRCHezyE>!Lb$CbMFnuNA`j@<)I>jt#??DT9s4dl{(J? zJSLGpKV!8O?A1d2GhWJ=sS5wDjdkQc_O+02sI}tq>uw=u2YF*GR22U*-?yRb(F^h` z@%=(^Vs-YOP}o_%GvDgFc7A`7Z{0nh3fyrX`gf2F^84eI3u@n^$`8fmZ{|`KzxUcU z@a^;N3&rnAlr_9uYVQRl-1hVG#n1+QBV1pU#?y+iY7F$GgL{|1&HUMU;`{Nj*2X;I zWL|vl*S;rTD2zW1&C~H+@ILVU2Dub2zQPg6W4-#HroVr1&&BS0+N^I)f4^*x=5Qu5 zc1Jfgr^rJ~5zoo6vTBq=A~~6k{JC&OnJa7$d~J`$NQ%)e0=_!pWzx$tui0>P(ltMP zYtl6>{I$QOI7c0Ezd5|ivXbN*VDF|_dzlwqp9(!+o09K}+}m>(jV9(BAhr_)mUd*= zJ9l~`-%92*_g;zoThodde`0TdZ6@Pw{2%O&Jx-I3@X}M|glm;m9q#vkz-GMLcP@`s z^qkqGZ;ein?xAhzkQ{sLdA5%5jy=&4*NA5|@8I}#=Kej#bQAgJ-C$#0C;lq)j>njz z{wQlCzsnr;Yy8$+*H-Yo0y=5#w}-j1Kcf$pFck7+!Sv`K{oM$~4+^lyMzF{?GzTrLiQnO>$ z@Sbg)o#^5!d=6Y0oqC@5N|6g=a1^%3z~aorOS|uzny;t`0jom@XdV>_;xWr^eVoE zw!IbJmmlU&(+6%}{`IfWmruTrzFhepeW_b9#J(5UecAl6)6cd+QO}x5*S|Uxmi-xg zUcuH6vxhkTRZ#Py@-A>%`pk^YxICfn7; ze%bA%R&Uoaty9P#<{3=<9lDjVgT_|7-LX|Mv6C72gE!(2rqG8eWV#z)^*Fw2J$g)I zE9L2Yh`Qxx$gggjBwtW_nc=1PA=dD)tNIjXXKIgJN2AJK^o-A>M@Y@Oy{cQ|vs+liyg_O%_0 z6fP$&s&VQzbnjNigt}kM9Gc6&2aaoRx(BtsMRO9nbAeNKsSP-tvEg9b1bpd!=|jMI zp}IE4H)fo`eEJ}ri)}VK*Xe5!@qa5=`SKtcbl$mr*!WlI!{^^eA3p8$LHK{SKDcn+ zbq+X(^Z|yz^T%BnFF+?x;2SS&>Ad8Ow;y%J+l+H2$IJgi=gydM_@L*X<9QC_*4DJK zgmg+@$=N!E{V)2*#~MGZC8p;+PgwG~Kg-%%bSvwR$;Z;zRnLfh6e{mjvaEbmAG|x1 z{?K}@IUZjAfWhzA4KL3TFE8=iysYt&?KkWmG!{d@58`Eh|BhT7c=@o$&pKQkd3V3z zCB6a2;3~~`bk+g7I!-o3dhs%JQwhGH^vMo%9J=RGSHJB?pLVcL%h4<7AA67b$I&ZM z#!ylERO;vz_xJZ`-^h&9UI{+&3!%)K6#iFNFjP}V&WLhVpCr#M)j*CO&vWqM4w177 zZ|>HZwXs`zpdWYaQF-CGTlYS2_uzZrPJGZXcGY0{clzn_q4=-N!+-NUV^{C^b=MH< z1I0rX;M@<-l{q|D2G8w>_i~Zzfps;?rDt7Di18G0B~zX;R-3+MY*oV8%B(eEY_)}N z%NRq6f6EvvsV-fUvT=;HI$R-4r8X- z$H@DY-<^kV(m$4~_SreX-}ITBVAZWX6^@a6yOnS11S8iD+R!;Wb;`-*cLA}a4uhw` z`OX9S!H$8M^5kpUI@yVfp`%-%n^zZz2JaLP=z#4W8o2(1@}j)^z4yiZyL4`uEf<_a z)?mfEs+codls8R0EFWMw`EJ|4^{t~--`e+9)wh1fU+-J=PMs6#PX z<=OekRaXB*7k#T|W!T&k;I5SVRUSI9b}u?jIBw-z@{69y;X8w?fD?BCS3Yu>SA#Fb zY;|94?wLc+dT`Hj&;8ej!09dzPQUNq)Wzpo_K5MuH-$&>l;&OL(P#0`jUj){j$mfZ zHsoIO`_l{dlmF^Fsk!#Y+51zu?8;|YN59mkQu;BM?^R~SaQZ{vy|fRKb5~8STs8G8 z2VS{q)#3eSFFKwb$)NoZ-#0g{-(UM4-v$2E<_dKGjSgJO z9moRi5-Yf_o_CGpk6-P;BY&}!dghW_vVuKFO8G|l18&)2)TeKt|LiF32WVeyt1ntt zplcQRC?=1a+<)Z+>Rvg48T9kNL~r;=u}PQ4!wp?C48231`wVk$^MRlH>GWp>{Slr- z8_@;*wf6~Na_c%pj!wF)<$L&o{mG1-wVZ$b{9(=t9LSF=WV;v)0MH2+wGJ%uW3DS)mGx z9GnuKi4RsV2H5WKgXl*8@KLi8+XJVb&4j-2$B`!ZMl=!4cUYMf@`6}f6 z;IadoQ^5B|>g>o)eLRa~~8PHYhL3FSEvpezm55Ozw zI%ENLH&ORN?BtGM)}Xrcu$6AzZ>H6)eQH$qt6ZfM;Jq3@yd$`3fJ^f2lfIzOx>v5Q zDf3^|Cm#N~S2>uKd^wUMuQ zn0H#o?UtSG>={7WBTm_qS5WrTJQr=fc7DDGZVuQT996g$59q40Uj6yLY>9{VqWPc5TT)xXy`R2lE+vLApdZzU_<~=+qpFqC8>irMuP3Mzr55A?7#2@;;=rh(y z<-pl^(ApHU24%f;;B?xaAL499>}r$b9DlPhm{FrKZ5jTJ^t9}b@cv!wO^|N|_dLF- zLKmt`4Skt|t`Pn7TYH@a>8obh2-{utKclH}-ULILq z6U>dQuREP}a=&=emr+v>ZWePNeQjAw8#-ZpkP|pBe{>eiZ-@DKy z;Lv5Dj_7Bh%NInKIUc$U;MmPKcI8C0(LdK-WE*?&;r_D-lg!Js7LgM>lk1h%8TR#w z$MC&7@Oz^T)wMc%m-+5TEzTI0TxuQ9f%buUZ*t_$v=+xZhPqfUs4(%W{2%DDMz_Pl=>QHgGRxURs+#BtiObCfwJwf{_QyNx%i ztixkIFfKmEA1NGjDLJCh?Db#z3X@OLzaP@SXa?ubkKWbSH-^89c1d^58+q#4zHiYk z^HY6)!}yu@`aWo{^Af#f)AW1}@Tk1v*?K-k&%a@hul4&8?1%QP(fhvd*lRmg{%(JD zt={WhM_@E-U+nMoTWc1($csoJ8z+c+E61X*k25yQtll};y1oh4$t$>aZ0F3(81Io8 z#;W9ISiR4~Pf6@XYkPn(@Md!KvePoquWH}13c^~FYT2I=IA05yQ<=y2*VVdZ#;OeQ7TH^sdHoT} z`9?LTmlOZgecR>}_uCH2ix2vLL%(z!iasZvtgG#efyXM%bKpbp-ErD^wQ71{5B&3* zk%f`))u_a&G+dnvr+I1R$i3$Kk<7njB^rb78TB^4ZTY`6?o(Vd{IU2w%g>%qY9)8A zeY<7OOYY2(4q^Sz-wuo`l#|s;u3Gzc)^n0e)5$o1c&Awpbh2@z(YH4hV4fuOI>wSgY~(OLl=LnqW}$b7$QgaReN;Ravv$3mKia-V?Q3#)33`$J7(%C>eJ%Q# z!V`fJiF)LJGIXv-FNAe<^nuEK06OYgz_lKIAbuz|zNA0?3hlI0UyS#vOFHr+Du=$Y z@FD8a6U!;D?-hfXW3g6}c{RcK65qP8m~WYjQGSKWO2;b~y;$oYDZ77&cFxtm6O=ze zuJTBH{S)LXpGfi7Qrvr@hbwiSc*EEGchqliScLunZ|&gFVm|a-b&?Yi@1V{gb#_o^ z2X%H(X9sn5QfDW1st;Y@@)&aW0)0M)92)rpKa!b|w5fOAXW06&C!F^f>#@g>$*q!E z=UElLrSN|YIc($k!}zbNYrEvsDI@ti=E|S*O!mXbU;pos#(uR+-pKRqBG)#RD(>y> zDegV~MltesTVZP-`P_k$-j4cWWRJPItP;+qbme7qf9~3#{3_(4^GVj45Z_E88{N!p zNIstVKhQEJ;v+16? zsHRqJjY7X3yU2R_F2P4`ys?qKQ9UChBm6$mu(I}b4~){sHQ9D7Q@YQFab#j)I(*Cp z_wa3nFJ#uMSHKsqdFrwIIHJFgKkyIkUjeyM8lSEJM{U^W*GdD0@{!X0qi?jmvq@#! zu&b|?mKJUg5`$&@9l$?Y!k&Ts>z^GT)eFO5d=J3#P#P?5{KM>ZQH8!;4R4XZ=jE;A zlb}22ruL8{_F5I|0N}Ncr1M%8dU!Rwb_w+M@Y?Z7*cHxK?YWXZR23HvHGgul@lsn~ zho!GSGDu%<9me^J3j^eQ26|h|0=@I_>xcoybuN=|cmf<|5HnERmpEVZswvESEz8`@ zn!nx~`MsKbF1q-wn4);b=Ch9&xoV3Bdf#ju8Bdme#91d~pKaTBN1!*4Sb_E(D3#8o zjMh1J_M$s0N^QNru#~eR1I=^L6?#8QHo<*|&UM#DS1|_eh?e3zF*i>8?R=+Lfv%kw zYpy+`XAaL-QjhpkxI4f-af2gThy7+dXIV!_4u?F-+)Vfa|L`Z{_wu{-Xjx7 zs-chYUV?rr1@C6>JYsiw#JkFABf_3VmAcZl_FD-PyQ7bVigV~$1lo%iBE;@YY!qGX z!}h*GPLH=Ol`VxoLTp}z)@0=L9M4tkEK=x)ev*&Xraf{Np;OlbK4K8WwaLX%yZFY3 z6|+!0Q~QvNrQJ!CSDZp^bUjd9=(evtsLJq5o+9qt;q*b{?i4oV?E112KBo_=CxuOM z>uKV5=Auc{1p7?#HjiN&_wQX-TSSa*iIIWGo&$pYZu&&OiiiP*7*DrdWA#o(SCH#@ zq?hg&IQZ;#vl2g}P0`fggKtIC z;lcysS@k6aK19E!F?F@axE_3b)yt{tt==^T*P$Ndo4Kl-9*x;W!>%FmZuf5+ZB6F8 zPT;KP8<(D`>+y^Db^-m_v3pf*1~ly>U->S0Bgooz*|-w=a5ns*#KVFg|G=&T-4AaC z7EQ)K2-S2le>EQ;;Wl9Fd(?MQa}=s?2lHSnnFm|RJlIO+!8(`C*sT3gcAPHV@C18o zF^}4;Hbpa?X{~Y5P;Gz7XN6&WL0KSlmv*8dQaK<;VOr*Tw^&4!NcKKNIB`M_o@40IK z)UBlh`z8My_h;!w`D^$H+ViC=2fdb$UYmqo!&iG1U#-XS)qYTzraR@U;iq-tYv^3^ zR6g{ZL<|5w?N$7=9{e=+Tr+V@JAP^F*F$E{h7S(t*E00$YR1jzRISA^F{cNBAqEWS z+BBRIDc^18e z=Zr)XbxshS@XJ-F^se+}F?Du5p#6K8-`Tygwi8*GUMu4FBK#52ZUQ=|6aAw$RseU` z9p|EFM&f(4V`xb`U3Z{|fR(jAMsG=Hb()x`azir`KZAztlo3pw=&2-nOTM7^Y9aXq zny1p7auJMntOXYFRwuG(ua99&A^ieB z2?w$%f=M>xQ`G%9WhLvvqh$STp3O+y>(EBBqdII`F=3i~N#$Z_PT2MhY#EXM^2*0Y ziQ9{IItyfm{6`1(@*8AtQs7>+n1X)lWbZ7|yc2x5GPQyn4aF{GKRSn$Z(FWrIek}d zscc9m@-29OPu~?2)qJj-r~4D~xrDbvTrX6np5+}U8u=Mc-&J1Y#144M9dqx*ri2_hN*O-PGQ6Vo zG8xdX3%~Cs;;piQ{dNYuk>>xHHs1P!BcoSBGxihAqTbY<+%x9rhNlC*tmdfy)U&Q{ zvkkaAE~hT)JDaaWv#i7)s8eujom$7`k={iH-U55P0L@~^dnd7zHp<#-d?I@;174fo z>{!7dUolM|idJ8K4_bZOLmQFE=sU-sJap~Z{$$99o+JlhGGqT2!!Ok4Ft2hGYl7ql zbm1oi;NMVhtfdM6;U@gRoqeev#Xf1B%!9ud{^{#2!<@ZsX7bIH>_Bs9!lBwC>d>BO zsn;UwhxsDwQ`WG=IIHcb=K0nlCt6FRGLj8lvvLpBrWjW~X?6c7b-Gw>nY{{A_)%-H znK{gFXdJVPoX#mvT^bim=KjQ`@pg1@cbT=XBR^2sg)Wh=cpP2V3C~GiO6TRF8`?ha z^4p+!8^a5CLpPO`FWipK?#M5tE_ea{Bkr>AIJzwXEr&V2vF@b@zl#knV?B<>C!NT% z%NHHQZd{!vxxAD5FQ=?qcPH{ZRQ)~F@fx~f1iDk}0?=oLuf4gfd$uQ;?hHK3-^L~H94dy zctg2VlHbrU#sJnD^5HI@Cf+r^Ep@v#A?o;SV~{|wv0YGm6+m6?Z<>qx&WW_iJAM~>cS^&S~k=8 zo;&f8*We?s!AD+$k9>UDO`DIC8!`1v>4wmQvo?oDuB{2_{><9uP`#XXgI1Jp_X~EqM{Ehv7sSSS+eir?(|LkeH>bJ-Ob#|yYy{=`UZ@qZ+90LiZ8n9 z<8jgEkKZ}k{_j72D|)=?t^BLI--?3w=;@mrU)=8V^A62S-|2IKaKJeu{r-mIlaFA$ zCVyiGvYs+AU|-MAkw=2P@$a2R7mSRozhd!{Y0^9FS!DdX*D8F4;wP`qGgt>@C9VVh z%cbM6r~P^e{bux#=;YCJuT>Nm>OAWn;k6Le`y=}eg z4Gs0pX+2!b%zyfuAgU}d=>pteVKJ+qLbUS zAA9z=MZW4h;-1h(>yZoAtU6jiK2!BF|K{rQOXJnkX2v`6*SoOeK7oxrw#3dA zlMYKgI}n5G8i&sK0sL~MwNE){%=h6pWhOq$T;%>?r+#GS3k!&yGS*H43;Rj!>twx1 z*EncQ3`6n62y)i`17h0b70Op~_Z5}x?G9K|GbV6GHTNmS3M^|~6*iPL!RtdlUvrb= z8z}#jcuGY+daRf~+Pco?T%RCD0^Ai{S#`A|X-jQrE-sU{74Pg0WKCsn=Jivk&+8}T z5UDcK|+$!uOr{5;4Xdvl!Dpi9TG7K3t7HT#Y{5x$NNP(3z5!Y;;OJ=h#%j z%Rk~fYy*5tZp!D`m!S1y@iSk2XVai(TRs*)mHw>!WAQ)otltm6*xG02BH&y3Z$w-- zwPr_EMA0HQ>;B~gLl2Wcp_kJTrOUm z#Q117yvRPB;>C98wH;m*k9Gz!nuE|-bEoaBxf_ZXGdP?5Jo&KaUHGs^d^p14L(OlB z4>iVfdHQ&P?e9*;SA_>pIy|^nJZSh2{Vx4%co1EAt$2`Uh6nNQ4G;4CEFN^|;_~1@ z=vxgBwxiGL@Bzew=|024WliL7mzezR7%@iipw8|Z#Bb$S#=nrxZ{aKBcY674xYg_B zw|Uo|trHgx!Eeef@UD-jBWE@5gRCFrY?B?8S@9kB&pRdjDTk|w@%C|W+eDx8eA?eo z`I1?QBKp>jJx$LaU&tDiZt}+^UsJHVMIYpBF8Csad}>|6T<)`|TY2K#U#I6O?o%U5 z@$b-sv?Y5`$~)OcwG%++Y(tJ$Ajd0^;}ytp3GEcqj^GNihE3yyti=V>q$`W?*V>t< z$U9x$GMC)Vyk*5LjWd@YZU5Tdx8|acOHR*kS;^em%w-wlCZSVO=ql;3e8wZ`vA*rg z8aK~9J)@;c<*Ngm-FozWig~PV+Rw=ioMe9q_B)EO|74_h9Xj=vV(V~4?)dnk#fzpD zS;KnPGABHF@ziO3VagKou4aD;l@C#V;o^mq3HF3I)8}u2qm8van!{5}rHt}gqsn~B zks#$WC_j_BQ{nOPBzeS|o74F}+gQ`%=Uc^7im(d-XrnsxeG;Dny=dBFeRA&%zTd(3 z+xWhS?{`slh1LY|y>Ka<3N}AwwLcI3+Y!Mx1v->4H&e#^QUg4@pLsQ(tBb4LbsoXQ zdgT@ptJ!F-?(6VEKzN)A@gjxQ*Jr?r+kh3 z9PeC9l)W7n;$u2`ciSgCauAL1j+i03Hv(VTn%Dl{jF(I8_~6ZXl8H)Q&4@K39C+9k%yw z)p)rGx!;d0EYdm>pS`!V;%0g_5xTtq&JRI{SzHxoo5=XvJY%fDesxFIWwYM=4y(5t zUqfRIGtYeuI{LN&eLww7aI^MQT6y~R4V~!kZPcfA-#t~y=31 z2Z7hEGpcW~LFsk=v)xv2dYyNwPV}z)0P0M*buJ%!>PIQs?88ny434C?E&imZlot}3 zj~ve7>>2ulJU4gaKd@G3FFwf8a^R8Pk`JX^ZAf@mt7mUO=VP4BkQ(zyZ5UsSGc4BsLcUY3o&PGH$?=WonM>aV(`f3&SDn3xx^k#X zXGh5HVegFHbH9INg8lvLe18nP*G-$NfQ7TfUM=SPPjRm^A}YDoQIG7RU>06mZ<9^b zSq{UE&et4(e5>2RTNm#R;-7V66H_;>X_g;((A5PF{=f<6SPV}TF~@utGLt}uuS18g zLx-xFui->8dF3FSp z#Wm=IL3LuQ&j-e@@m;#DUV5L$4@|SmU%$qqj~qX+&6)qzcw~yP$Aiy*RsZ!j37Zu9 z;l`tDe*MH-le?SW3VrP4TUiet#DDlgOLpX2M{mC8$+z07vp3J8+%WJt>&zEgO4ep? zuF!W6HskAlp(XHe_U2H~`UG?R6>Ffm*40lWj{48wp$H$oEx5Y28v3K}DpC&pWuwP! zdFb|^?A!j8GHYCgZ1{0-CORCa%oJb7x+J{O4nNpuPGpmd{NSEP;Eg1{-%R=L1y+0} zJfUy&j<(G^(KrGO)3Gge=-7|K8^ze08R$vo_^~xs&lGIlTDl4OAo@eih`HTrmSzCS#x?e)>&>y(kaa`Btv3>}Ay~aD~B#noUaDSM;DUAKs zV)wgD&RACBMRGAxfnihKSVq=^Sz8v2}J2RHF z$X`>=I5G7bG@p>o{jkI&c*4{P{<5G=SJ;XxpHKAE9)hjNzv9_HqF>tor48BM%>5u+ zJesi&cGw-aYaH}HKYljb0%$z<6jadnS4P(<;V_;z#K=`S|Mnchd)d zp5Xf&d|>6kXbjy!S&gA}oer`mET8p1H`@O^frVmE3Rpkt?V>L|OT`cfqG~7tiJV*I_*` zut$}0PTPRf^-%>&3H>Z-u<$eU?R9tX)ljsv^CRd(KVRYVnS0xJd%HXry!+4Z4b-FH&^s+wC@Sr;$ zzZsl(`LBdHSgE_N4IFf=WM2x_u~o5-Eebx$pmX%`s@e{Gpp}dlRxM+k(E8Pu7|)gC z_4veZm{`#CWx>q_pRBG~eyMe2OGncN z|MkB*wr04suRpgIIqSF@JPnWV4F3!}^O8rlBx7#>rm(KuyWa@wdi(pghQ80!+yi~w zK_59w_|$f%pB;{Dudq)2sGa&1Ytfl8x}UeKVe|ZD)@H>x7I42%_g3(`9f6$MC+Ytr zVqr6vWo@4H$<;N_Tfv$IzrC*oKjfKuaMbD89LZ8!*g8`A`$ll%&du67*82VZExEkw z$4#UCd=PG0uZ%z9;wH-)*w+!6gxiBXIvTp96xqi44v1AfL#f6Mh&uRP#`NcWa` z`u+Sl_+i%t_P_f)`oG5Me}L=x^gl;@@T7dt0X)bDb#Z|2d`=vUa&T~(JiFmT;9$H5 z2aO&axb$Ca_TLyhpB)nqfR{S)0N0qq1M}g57%_>Pkf9myzz%qTGlHc|r_Es_`}y(W zUz4kWuiegAN3qc)al2N=dqHv&6t_}NqV&lf^uP5Q_?)p)5}()bOQX$W(nrFv{OhlR zPw%__`~q;OTs863PUS69r|N%(`+i;P@ozgWvH9%4RfFZrDDjk+I{50ITJ9XB|?bTz(1-x}-Wq8!d? z^sIsR7qMUI+J{1$i{jQv&Z?e`FLz`XvNdbQFv>2T))(}d{Z~HA_j-2|??Su_EsmOZ zN%-kF^-iYV4E6x(q)a{ED9*N%d0hM51Uo+m|232S-t>MEJT=kEXnsEEGjlT&fsu9M z!~-+gvv2h}S2mTOraUz_ufVg`!SKrG#4DdiF2~_B<0~gAuN=^PY(ocdZN=V6jud~W z5S?#9K9OVj)d6@!{+^M=Dmz{z*ckWD&Ig{kz=J+$-hR4jo$8uHUDAp3S%2!)m9C!j z)+3qDRiBhY=iE1X?suB|EK_EO=YE^H&rU37&Bk`_duaEr#Z#t5iFJr(i=f$EoK;f> zy^_Gm82ZR9(4+#I+_m_wX+;^nljKj&9x1x>E}dR0;1ic#8{yejXd*bPopyD<+}sZ{ zFs$JI#l@GyGddTPwKC}D?bwxtjByt+559&_a zg1;M6j23!71aEu_UHlZW+3zl{m{td@im$#-ADb6nF|ADH&>uC(MuNV?c%RSN$rI_z zLUcQ}&%}F^w9nY{$SmrbMO`;3&P&~+SUhizghjz{c`qY&}>-Ww^d}z)D>U826CmWr3>W8Io2IpIL zRs{-`Z`l?lW=TF=iu`fyhkldgYpx?6`g3sCT4u2}#aF{VHgV+)+VJMbGyWYJD~qrO z!`HI~+$m2n8IAOAQvdEip15zXAZ~a!a#%%94>@!x^39b)I2oFiQGXH|*m-D*1rFBt zi>Y7b&Q*_cIyFYC2G&=J6-+(7Ze5f!y+k|ZKo<}%ZoiFjFZO#e@d(C?OYZ{CHuS$@ zbxC5h(h05~xAG5+yNiJNHefCt472i)kIP4tp1{T{mpzyHg`f1*-CpDySFs;`mrXvj zav91Pr}@E~d`i1-*~+UidMODnT_e0V3t9ZoR`6O_`RB ze46&icd*-G>`6Pq>)^JsJ#B>&r(53HG(|K!M_a<9+M-X>lnZ3fT`B&XK^#+S=d+k6 zCf+;*4UUUHsJ96JZ1J1+_%;ZfvI!;dk&EwvzK0UO1)c)n5&x;}4BG9_!)~;7yFG^* zOw1v-?_B}596%Ox5un;747i*qG^#M zZ}(N*KF+`8D>?A$%{<%QS4T`ND^UQhg`a*L!rN*$z0Fk)9t~Y-PwNH;@M!z8gYrc3 z8S`&o%)beJwb{m5ZaU8LfqesdY7_cubENPY2VZRVVb<^M`sCUEk+JuUtgnw+`&N^a z6tl7_IBREi?91$pz%_}k(mI_3oEsLi{7Wn7t8BUAY?5>Q|BdnslIX4WM%tH5-x=vG z7&WkNN4zu?4raJG;Cp>L2nUXz&^0blsCK?jJK;>uR~lDZSc(6m@^7OnM3W`xjSTh! z-VwPbzLi)7u~Kx9FCpK7d91N2I}3QdbQubs+%$MrvTvev;z~nLJJ;O17Rcovdo55# z;v&AEKv{zaWFtVXwZ;{L{1xWXwb!QjLFGP!j?5XuoCUTv2_B})pF$_JgU=Xp7?pkn zpTmT2^sC#Zp8feKde6~`W*$p;gx}lH!3E^%V86|nsf{)>m1iqm3tUNbu@@%Qkp!ms z*HeaiU3!u)wDeZ|iP&ZAamaW$7PgjFqOJ zc+`q~65)bW$_I$q1`uY)o3dDW3fucKq2j-OIT>+SmNwb)u)F?5|7iH}pClX-ghKTW=0IubXfjFT*nC@@DuMVo%&lm%NvapL|7{Uz88tJT{)Wv;MgyHy&cn>p?$z4)&pe@uX~4P9=MufK&1gmge$I^U@l}8~fwLx8Lh` zE8`1qc{fMz5V>Gp9LkUU{pADr`kCYZ2p>0JA$$z%huX^6&-W2)Zzf}anfN{0XG(L& zKKjx3ZF~Q5;znklmZsIjHQ5JTdoLZpzYx5d3zdJN*oJLO?O1&dW1>9r%yO2pchtou zK7R7&%=KlmPxNHQ#>WGp<|$`l8>aYT>$AyOf0cI2*#Am#nzBDwOJBgwmaVmxZUK(6 z?*NCc`>my=*rJ?l%j`4S)Lg7Xn)u{ZmX!-_}8g3;LG+grH;DKR{2x$nUL; z(N^IjsXhWWW6L-TW;ykDamJUP$;PN}%ooho+_;|cer(wx-_qmoS=q1b{dLNYU|ac4 zzr(a~J!K{`Ppk6(s`9^c+GKw)AGTO9s2{D=DIU{z_V2HoHUDLlvwz3-_<65-av0Ys z_tT}>T|B>#{x5Lg`Fpj;{wMTfb{BS3b>FII`|M{oI^|~S8U0kbC!A*`7ue>7z?V;) zCPm!RJ%7n>Wf70dOo&hAuV?V*JofK zE0fr}=4{Wd<3iwbW%l>vt=ayj=Ho-m@!ItYRxf-d=-Bo#tc66kPKDnlG7ozYzVAb~ zECQ#RM^?#**W@D*Kh@di;@FCB86F`&+N7GE@>f4u%;BW2RZjxVHrCtasJ*$aV9 zWByg()dFW-BhX_Z_OFAMli0T-C7j{EPa*H;Lh77^KR|waa|m4(LRYb#uIAY3z|!vl zFFMThkN1g(FA&y#d#8Lx^!1mg4(MxQU4>Q zqpLhR+VGTPXXJafyW=tEnG26#`IHwH`sLcwlZ`$zeqI|93>Wq1PqxOaUY!Zh{5Oo< z@`HtKRoGLW`LQWU){F$i!%@a^S&YY!Ppv)g7_OL}Rk$v}IUCs4%8#6SR=I;d{6dY} zx>&2CGahAoBIr%oB1>27=p2p5^QRXwmwjEbDuUnc>)Cz-dN3C0b^EamU8DNH;?$qR z-mtCc)OP%xxxkS8yct6tcK6-v{>3|++WEeN`jiXa#aK=9Er=dH6)piO_@`$`bObO2~B)F3TBvk9vi*1 zW6*IqWBl}b@(b*Gs`7`f=M%r}+mr`ys4ntkdUBy^}7 zmu+aT`3qO4dub?o2nOu@^{($UMle!$l=FG65u5(XwChDDo`SkDLQ`Mok zhly)YR|;8C4sCl>IpebN#-^V)U#06q)vL4q#501?3;%K2()_c|57eHCDdNBb<7MpF zC~NN`MFr{PE9o{%q$xCQemYKN%h+e$|m}J<~y- zo)0103(*7Zv{NrvLbkrpn+s+GxAm z-ZL|$Z)r!*jBF!MbN* zRsKTyr~2+87fg6pOz+Fe3qwbUpC9C2`4bhMXZM@3fy4sOGy8kSh&(IjFLjG_PZryi zX#YT8b3S|Uu^%tKrsUq%`9s02IZxrbj5Jm0qlPKS>BGimlgbD_qnB!b@Un2JNNQ_7Ywq z(bn9k#nj$EK`K75Eo!U1e{GpZo&+_iv}G)i|99#;{*0;uQw3IBX^-SWE z*nQx+-`Mk9#DYxQ*1M#~LfVt|6a6o`uZ8>0 zoW@w_9?ze$C)jnBn`ZkmmrWYz%k&=UpRd?<>cH`5F22;asBbQ@LY(y3e$Jf=w_F%0 z!FLJpy|QI$>Z}gziaJj~*652qzYlp;&xbDRe?D}fdS0F-zB=G}Ilt9c%^biY-#rgg zR_=2DJ$ukAxi9$diDEO9o~zO0SK)#ATV%)lT}({m`(RA8GWWcev5NJDS>4+h2hLh_ z`%8?mR1S4JZS^q<^Wcz@6sQF4K>F1YQ76kh1LN)#pi>ki-u8dE;+hFtMFCF zow5|I!q=@^e5;#+C!&pS1Hb z_*amz4F37Mhrz#FRctF;(Nki#vz(19?QHT+F#R^~iYZghU^o`vE{6}AZ~lhq>U*%E z$l%k(#`mdwSM-w`Dt>#}MEE?Sy7>%f7&t%JzuuspbLHiH@72FKvaW>nRX%;@VNd?% z}@yGGZgDoU`b9^6PU3m%&&?$|#`>IhQVYhj4)8_lp-sX6z5WV8(Zvwg@$e;L$EX8Gk$IOYlm?n=;_n z!}!@wJjSetGj@^s95}OIhyKQBPth4>ePnzhSmaVg%1*X=-=rS|M*C|g@VA_LO3t$Q zCqC+g9p}t+_Q$kyeC7Un>MMRd=WnL&neT;&Z;GBNybznrpFB_dr1&G{%l(wzaoU72 z-8{;R!jl;MC_ByS75yG3&RR;&F=vJyD&#K+om-$od`f4ZsC@Wo9nG31XHtoNll7w} zZ?+h``6c%({yFl#O||!Fsj;cpm#Zk3e2ivoD*|$ceUjX9&Pc--gC5bPGB)y^7J4_# zx>(}AkrFvO#ag_!n4JBTZ3yW3XzB0KYw#KIArf}X=uXOrjkA*T7F8TlbHC^UnO``G zeBSst%7Y&wYk5brE{>9ysoLGfi`xD7ZmAdj*KF@Q@Bz$tt<>jf+Dl^02WSW11nk*p zeI}kkQnU#jL_mTzQ@6nYl8bKZ6j-sW&ADj6Uz=QW^AY8pkm8} zH}kCQJu%kih%K9&z4O$HTHpA5zDrxj827sMb4s>tK0G}CsBOm3?shGv+xG zrPgB6FTX#dU%$wlN1`;e_|Y`&c?ai0q-)Q+>^3|fe##ua_`SvGnQy@Z_N61I@`~CO z_#0)ktH>~WHtxx!9bd~1HNTFI-<=U^uEHKBz^Sq_7j~)7?1hzlZcepfP_<#7(SEFL z8e2j8ZKeGRvR^y3WO>&3&)aU}RlDhN&wQiZzK?EH?UtRfX9cuX(MFZD*GffW=EB!? zdo`PKBy>o=Cc5*&Qjww6zRyjEyPf`8nWmizwN1a%-A;v}<{#5ej=m$GYJfe+p#S=@ zOF?v78}Y!WICE+@xs1D6YqHW}ze;2fKTGu=(YZ3t7hh~N=Zu-QNY)tnv0Xvz*sb6o z%gyrM2+^g+d*5@tm#Uj>2bA7sy^hG-G^Z|Os+;#3vS#X!hh6r~S!0w*ow81reNHpF zucp0LGX`DHI7s}t)fw#VO73U&Dc0NBz99R&N*%KoX48i9d^Ym;ij}ozIe+aLS+%mZ zTjmGYn{!QzCHefqgN%mX9sTEcaFG`e)c7x>VV~qFp}(Z8U-LcHH*NlWGQsYX@aI=U z@aGNuVRQXT{5;|#Iacp7`i;b7M3;)cUQeEc*frD6AlGV7=i885Q^$(UlrsQlvMv!F ztIiScEcGAi+T}mgF*?-TG0kf3m?-U^rP{x9vV6~8_z`8wH5n&}-j)3uWenQRXZ(39 z5?)mQ(m#&uIH8Pr(XS#m1@J%2*e5`IFl+@HLY9n~?QxZD3qzKyaTs__^s&1xdOVTQ z@EsQ)CRe(Ck&n{J%=4`#U4L91b@Z1H~A~`wK>r4Tkd`+@rj$y5xpUHE70%@zAL?9`;75IEk}(*$n#l6e)!qH-%#l5Kl}iz z;Z5>1oOfkilER#w2WC~%lQvc>Sj!oM)_7oTPlt7j##(J+)q7)YPKPyLV|~}e3QhK; zE0PZDE{!$M#H#nkdMF*%rMeBSGqFM!c+#~n9oA1YU6-0zS!11LVpV%% zU6Bs!S&em)iB<27bwN6;7c^GD#EN=j<)*{>mB#AXr{!MBs&%0!zjD%Hg>*aq$;2x6 z#!8aAGpG;!UeopF0IZ8V>1uaj`HRtuA8M@a{aB65t5aBw%ZbB?AABou7_)D`3s&CO ztsc=I(zg{>tH#=FVwGR)&^07hOFFC>nqLtUD{q=7*3Z&m9n^F^WMWl&V?B`$>#)XJ zXkuBHc+#~h9acuZ(uFsfSb5%9_qnh(axQDQ>{`aAB!-yin71fr({Z z>WTHWbXb>atXvZ-&l_ucI;&$q(-_nr=WDDM6D#jB&vyJU9o8(}AAe?IS(kfay^#*<0ZrEv zCRVvO)-TdwE!SA9Osr6`CtaJ;VLhU;?lZB$GhSj(oh~fZw-0E#rkhw%Z>%}#unuahNhX$+;YrtwbXbQq)`=!o-e9aY z+YTkLIa`<)*wT_2*@Vw2F&ObV&jEX*%vW$-o;k}XYv~y6=Pr5^KX;<(=S~Ep`W>hL z9Q;$t&uy%1ndtbrL)x#=Mj5e*wx4^gpEi4_DQ08gJ2WnjPW0r>k+Y0`4AwHS(dVBT z*~I+JZ%r&~k|)-F7gho55yCIPXU>~@*~H58#(IA+R!{hmuTaMao1QkYLf%-v9*ng& z{NcHg1Ua%lG_lIPvHoi?R!{g@P1iCLtJ)juKL=wWM_M-SHnHlxv1(mdVHrr?V79DSA2IhRaQdhFLGR@56S>cUzkdg79kB9-Wz|1z=iQe*2O zb>VMZShQnfc(dmHf0|e!Z>(Rsu%N3hJYh_v6uN3nta5Lxtu8D@7i;E37cMffTD-9y zABH?gc#{9s7lf7^u>7T$NB8!1KS6q{Ii-dJ;8 zSc+e#6)JvBF|o?Mv1X;iny;}=F|n$>u`Y69QOCOQwO>(sHPggu@y04}VNu7u;hyuA zF8uTZLr+A#u|^HX!VX=k^jFlxvZi?I)x+d3xcc_qa5+98_VG6+R=GD;mkUeD#3J^8 zKqh|Kk5#w4I)zm?)R_N0jkQ;e`SDE@R!e@Q60EHzR@577mkY};`W_uBe%RwCmUWK9 zuOaDbbYZD>JaC!f{ZbPv&l~HfF05tJhYo%zQiIOh zy|M03heaGvWMY7_j|QtwF?Wn8pF?O`MSZx3VCCFYcN(__*c4)mz!AS-dH!M z!#bd`CYxB*-dHmSW8vRhN>7|@VzqcP(8MY~-;?+GE-ZN86VAI- z`4fNnA45-6dt;4sVJ#C`ef?}TcHd`W)q7+8gZv1yZ-dnno&LcxxrXH;k$Gl zt4%EYD6jtblXO^*XsmCUSk>NG54*6!q9-o7P}#JbO{{uvtnaz7kO^$sX=;NGSjbmhc(#^_d=tw`&07v>(=Ho~)e~NQnd*-tO{_d` ztg~HM)NyY(kFh(p;~#%C`gXZD*0{k~J>f;?Dt>jESk>NG87?fvub*gs{lUbl_r~fa zcf!;YsvRHEbiHC?MZK~9?81UB#-dv8pEI$n)O_lY?YJi$R*u9(A8h)GiIwM#^^yxq z)$v2(yTn%?HnBq9SX*3JiuZ46-ha=;%1h174q3;w>9ATgR;7u>IutLRQ#BZi_^RgD z^(I!eH`ZN)u^PkIUaa)$WhPd=H`X@?WA%g&>i&4PiPhqbb>(2J#_$47*Eka^>Wwwk zg%uW^V_l^5YKDo$H80-hxv-Fl#_)1YSMU3Vp2+jYI?ja!T|ME$Bb6WhXA>*rjrAG% zJZ9ept1%cg4;X_R?*;v0O?|XTR#+twyjG^KHzt>oeMjU{c z=qOdkEhbjf8*8TvYo4^@UBu-A4>YYcu`HcOa4foh?!sCoSj>0G*uBcc%Jas0(uL(0 z+c70e>72VvtdKX>>U3C_YOHUXSk>NG-*sUX2wf*%uI%HLCRV*S);t#$b!-ejqV3~U z6RX7=>pB+}bk&9bsQXZ!i52z6x-=cuL5+2siDl^=j$_HhS%b0mhA-9p`s_X3x0T$7 zys=JlVTF~fGC#-|xx>UN_r?mO!}^iN`n`!&?~T<{p!7tlKhlnS!w+cr+G%37cw_x( zFcvyT%f!!3tf)8En}f0ThU?B#KGTyXR=Li3IaWJvcVR7)I{yA#H6B`RVpV%%ZFXTP ze!ZpX`mTvp?~N64VHF5nIT^~&nP+0Pcw;@}!U_x4CC4khdYy?C^~PH0!h)_Iv9+bh z>ZK-@Riy0Wv3P%z3u~UTj|GuJ^y*nAR-QN36)r4ASDmKoBoiy-jdg(w3x3swPn)Fr zW5C2J_r}Uihc!!M_58um6V={WIW8>4uh%ud{$yg+dt)W@2lj2nua`8x-ZZgVys_F{ zSbmYO)6Q4@al45X^~QQP9oG38YqN=EeZ^D0T3lGvu`c|;CCXoom{@tN51ClyIydfEa{q)23%Zye(zauviB;{5waSGBU3KBNw0zxUVnw~N?sH)&y57<{ z=L!?6TIY=&tBw_ev3kOLrzt&gfr(Y`jrBDb7IkE-z987$ z6z|_Pu|nQhpX3eF6U1PcM`nJg#l))j#`-WF*1u`2pP5)K-dJy>!+JzxJz-)+y|I4b z!a~04!Z)!F0h_kU#Ikgr-LZJT$%REb)`fqq>AKIv%JasmONT{27T#BwSS{XI54y0Z zBl?TnOU7wmGqIxHSa-UxR2>g%x~AJ$9Y1;3hyzr6V~rS$h0YP5 z{K2LVO{{uvtV6j2`?jj%<5N@}-!QRSys_FeR-H3;r;f~>Xu5u3W2x~_G=;Tys5rno z>98KrSer~N*3e4~hWh3?CS#VjW*Lv7+8sUmc9q z6F#K-(CH?Y<@c0{ueh+3tiGk?YlMlF=Z!Vdg{At?SaL+@+lSsUe1MQQ)>s#oqU+jh z)wkPBta5KGp9>4R>cWf2^89uov={P!_tXKM%bY>}6aJb3MT`tBkTL?DdxK{U7qs z3w0hkWiz&5ZXI8ln6GNXuiG^2lJ%DLIuHF=ZT4-W4B2M|%)0O+$HV7`nu`1Dvv+w& z=Y$>$Ypx56HX{zCa~!9bSa~|v>sVN`Tv!EC*Xwl-+9@Vh$Q$dT!B~yqm+bsM6RX}E zt6(q|V=|ow_37Iwov?R#i_Tp-RvkwT#%c`XYZc;~Mop}Go!@XQtixY2`Z4VY@Arl? z&Q$&7Hzrop8>`EOHBYb(ovP-He`#V_dhY*NbiFqit0(;XToqs6YGUPiW9@QbArs6$ zPf+^haT6=#jn(MF3X9xddXkd+r6!i8=dzDg$Dg{emI=RDKbnyIKNG7(&ov$kYfU<= zgBL2Sxh7U970(;eKf2$AMIFg+n4omktN~c57|D=W^Icf}5d6XxmZFy~GO^0Nv2Ji- z!LPdTOUysRuL2XR+8gU~7uGz%;+zMGGmbK`>b!UCO2vVOY{$QxHc(GcNAis{UAs)IJa4RhgRvUJ z|EBrXXkyiSW4-0Vq8*uYIbG?TpPE=L-dN2ptXHHR&nMQ!88B;1EGree8IoU5xv=0@ zWB8ExfK^TRn^@)ESdY1|{L&vEFH-*Gd=snM8>`xd1;5BSK3%PIxWUA#_s06xU@Yc9 z&rp5naucgs$6L-|OtytJ-cPZ{`!?4a@0(p%)Uh%AM;$ktoCfPyx^Siot3dd*T*q!s zHnHkcag8C{@j@3C{OSo`h);u_2=-(3EU)(-ujCKLstcbyN%8A1zf0+fp5@iv{`bhi zSdC%Ux|TxMJ`*eIjrEW51N*k(*R|UJe#^uP4egso@g0`pgXZUDsl5}OHIl7hdSh)#hh^{c@I4dD3OeJ{ zA?aG14$I!>q0+?4^Tw)5hh^`laJ`8Y8jR(PMPz?P+Pf}4nmM4o7l5tWo9nVK<$Qjx zdztoT-$Q9{)vxWfJx-fVwaZlP9rAAP>rDFD2N6uhWje1t&!oTHyNxb&VIlj-s?Nzh z&cv!7h_xI!Y_;Vu3Jr=E)|x*^jBW zMxS?Z73bF+9d$x#Ps!L4_A$SoeM#Bt$8a@KUqb?lX4 zP34@s%!X^XA6?gTKhK|JCDFf)rv9}?g2h^9|2)Z!wi=SB_Niyp+28C7Bzxya1EU*a zOF~K6!!t0Na|jm|9FqRHE5~{vVEH1wrT$0{&y8OhIy8Nybtu;#=>8dJUC16kM>re8 z8evT{%RSR)UDOLbJ-pXm8i@42#~!@AmkmATHwpdOkr>a#d2R>(n1j&{Ew54j?%AQD zPVNsog>~1y%-XYp*4ypu4SuFCb4}(cRWRL##sq9%j-AZQie0#B# z^anNnd_MR$O!IFU{Oe#(qL!Ovox{12BfmJhu8lG_W?RWK;oWX%Vy|RnyXqN#%bu!n z_D2%lHNd+L)_`~N+c|4e@hr%GpX|-}<bEd)4K`8}<^dWq-)GW1Njp zV)@qiPS*RKo9~t&kEy-jMzDVw@_5(r_Fizv;lHxCla@zl@sIBA8YS{L@O*EPLyBe#`kKcf&?Ni|mve+iF z$a`{@;Y`ZPLKdGw7SFgPRCKE~>Ebgemvgyakp0@?#Jy!NDLHfIL-rDteci+!nfGMR zu0L>3u5r%CG~t8L^%VTueVP^7-Sgnur{Gy%A9B=(9QE09G>tleFES+0wzKE{M#{#g zNp52QHQ|HQUt}r9`FoBmNngCfsr%=Ur<16=)LZ&sj5FFqmNv0xvdGfgB1@Z)CHh8x z|IxCv5t_nzR%9cz3tgL_D})@BAxpCNcsRpf8%CDG$da6sq2)oJ8{02S`nT+-{StJz zWh61WUq%+C+5fAz#;@e%s&lQ`2Wv9k{^@7M+t&N7$dN+pZE3G9qeE+-f~I}*t=>tT zDH30gUR%dm=C`oFvsD~fvgo!$<$>Jy^f>{#Ev3EgNbL)oq0S{agSzQwqz~#dlFHLO zlbJ`G!oO8DR!;|OH9L5(&&uqc3_n(KZ8vK!>DTPR9PF-Pf3!AaR^(zB=cEWv{)X%X z!PvrH#p-!5oabdvxD{Y*0b>goJ2qO{)Xy(Ig`GS^4b6Y zg{lmzcPIGywDXoe$DU|@^tYe>-M{y){@u^dD*8rM(}^x#rS20CmcDb`Q1^LP?$h5M z*YacIKS>)xXM#QsENE}#-E0dTN*zRR_&K95hK}ji8*+|#R>RFNqBr4N z(`AdYPC<9TLn&W$RR?;6^KBc1w{o7sYxG%>jaT?QX5ACi9lO%6W4!7^9m16qio9x@z*Ef=SkK%7M{swi$Pm3?%?3pUN&b9q@_8ILRroElEmUfQ5@cG;M z`%Yc4ky56#v-sH3&TrXmENv}5;b%7=U6)5}#CrO~NC|P`f`4T%>GML#1-BesS2OqM zx)b<|UMFX|pB&jRm$6oPUgR4$rr94DAE9zozy6oKP1#pk?S<~_r`ubq{e?R?Gx6xC zaVh_m^NV{q_kH$?(?ajwYFQVS@tgBIW(Vopx3V9u(yi8%0lF2MlCc}{P3SMJ34c+1 zj`*zA@5q@NsXkt+?bX>qD>9rmJZspnJ@*_xY)?<6FVYn-`|dE+cZX3P{$gaQ01W0b?WM#CE_ zr0qFp=kxUOk<#{a(6#tOtqIOc$M+PPQ?wxq-69L%#cm8Gn{9be{oUr*fcB0~i2Tpj z-7+vH@_VkC_CG#~wirWOY|`h)MMn;l1=(-DbyKM5A<9e1!>$bF58QDv{=lxx0scUA zx-S_k_9c4~nUQ$qut@GhOP|j5`@4UGU)(p%myFKl+z9K$$Y(DwhOEIKd(K+iS9KD8 z{W$(k=I@kkeeWV8#U;rK%X(4lF22s#XiYG3!x3m3ZoROR^V-^Kl#kZDFWdS~347gc zq)j%6e}vCEL&-o!cLBDhMU9;bBS)X7EqG@mJ}JI`-2mSo857@sBYu|n{?CllzMAws z!P<;}SIqe~o59~eIZxr=wmeYEKJQldFnpp_3(7CqogG@+Nqc4H?|!1)%4}G3(~#!3()=G5OfR8LQAzx^Hr0q*$!Pov-CTuzwk$X%Q>J*?=bdh zonDe$alQED*2Vr|)$H}k7-__VO)JVni`%)s56|FI@v@$ruW=8Mp6SUvej=q$! zql^O+Gxb>xg4rfIt_oQenWo$reQbw?&nsv0VPkhLns+FMj+J&l?=bPKp!H&+miPl> zp-TFo_!wI#i~i18lo{;F9b8k%@7ONnbq9V2WwAeQ_q;sx)1vZ2XYw3-@OC3pvsUd?tT)CpJWUr&2z{R>q!{?91NI`^+^P z;XQ4=r{=RhH9nkT@_tn)`6#?c-;8VB8cHs=0()BFspzBDls;m=W?LWia=ix`YpuyN ze1i;SS9$~4ksj*TS{WR4FFw(iOicDA^J%wy+AVe-x@{_d&xIC8-_2MYeTL8XGxXlg zyE4`IhA~=1_H3U~Z`pAc&c;Z^S#+7L*C2oF!(M{!YMo1d0Q<|YICw?vmcylw?Z77u zbG`jWU*t8;3SXWR+_TwtXuI^;Vfnv)Vm-EP!k5=S(Q2_TJm^vAPy)IET+E_IDZYep7u9G>im8*Cp6+h14Yw zAZBFNh5g~-Z(AkfC%Z0kKHpQ+<*9>L*6yY*=xtS(j=8=_CuiJm$w5Y`OBeK>ov-cm z71Sl@3pTWIo}Sc2?jcJN>6cQMKS4*ms*9Wn#rZ%fS~)L;@51XGbuF{uvy=MPCHd3w zox7Uk{$KfhkUwP)@o8hX(=YIca*u;2(9XG)$r*+(ji8E`RD8h|Ig5CL9fWeGegk3B@Mm5ItIOOd;xlgsn}FMf1Pub z68KxK=&e#>4!2#8PDi)y!)GU!FuUp|{7=!3*y(nBhm=2Q^SSC4t2du>55(W8y58#T zes{tHIUBr>^Aifcy!wd*erDE}AAX_( ze`XnN;Iy6ei%+kz9+z_~JC^jfRrFrkWGZrj@73`<-?!5~FCzoAX&igcTo&V$+=%sy zBkSNnQRTl{(*#4FPk@u)oy1f=c`t!&OYpAqj)Spu`;m1L#|&6jk??p1d{`mA5PaED zj{cd0jW6T9TVyZv+{k$RAc>PE;3qzAQ5@dMJL}<@=!QhGuL!>)8G|QZKZ`mQmlVl& z`gl==<$E)azOKfDwj78bv4D15kF8xQvI8#9CK+gtm3y(J5~~d*OR!OLZrS?L`Z@dB z;^A^_?0{>{;y177d^lgV^RD)5h1M{%#_3OGcDZGCxp8O=+vUo=iU+6**XG&fmf7Xn z*HpP>cDeR7Rj!;%xAfngcjX*3U$>kuJ)q7Lh)JLq*Pk}9&Zh|7$eQp$*DqA0_`vh| z-%DLvtoSf#z;n%t4^swQQ{#vA=c9w~OTDYk2pzx&n-)2yMN64Yi+xSeQU)#g-%h=oo;Md-y&G&fKvw?SYAHBfwdW zVfz#KALx&FYIsldZ=1r_K8T}_+pu>#?7BQ<`#@3`xh8d~pe{S?y6mv)A~;HCQ-++4 zzMC?RgWes~Wy96h>;oQoHy9Um`8j7$L5KS|Bx7!DR0;!Wh(>7o#+wMb_#!_-NaU!?IwIl zwG;N?Snc!yb6W0pa_ncH&2#3*)ZC4=(s2Qt{&^rlu zl?YnXq^`S);6WL(hFmy0Y(Dl|VhGXc1NrrmJWE;XEX(N<7s%+&XY6G1tYa4ZUI)K< zPIxT*j&m(ROduEgo@e_a!YkqN)~{HPmz-n0AoI}@TlzLU@aiA#{^FGXdYZC#8D)#U zbYna33N7Wwkd<$G$cn@>O<8gJ@E2+SQ@>#Q@67+_+TWBe=of5yR+c3CtNKV5ure&mgu8-R`GlOYvsGIA;kAwY;QRa|4UxLdfs*D61%KpG@6g!UVUVMthi;;E#L0n;#1CpmU3uH z&<69-yX(ufKOnS9-Gx>e>%B@S2(JyPZb+C^mYPSKm!P_Cj!%X{b| z7d^aZ(sK#-k44Y6qET8T3{XE5rqX=iOH zX;oN}IQk)4OI_wL_d@+z;b)L}iZ*x}5E&I7Q+J2|YcHXmtGHIfJ2%32c-jh2+bGwp z?`ob)+=wqk9L~?5X{Tc~v;nd#{D`h1FORr&6d$R5j?O3Pn5*+h4t&-(`yCZWbI!fg zv^zYw<_qxPki;i#-d#4-d&rHOcl(X^&Kv4Iz&-vHNF7)@|sIQ|-;a zaFmWyrK#7C41WA+sQ1#y?i$`R%ls|x8nLmu{Fj15mbt_zvt_9F(vb*4OUBr9Dw}~H~99cRS z8y*ct&QEh~GS|cha?WaxkD|YivD8_t5+iKSe8tzT>W-ny)_VB$=*5u%Rx>X%Qcr$PkUj34+}o#^16|3z-J#6LPVR{x)Q;al-gIM_YaL4G_!>?m z&rbASg1D8~O9w-AdW`adoq#SdRN(YN{up{bMpC9yE^ z-DMsyn?FS>G`9Mzixth#xC}ZN_cU*YHgyd;YPcrjX7Py}+IqOlsPWJ zow~*qSKXDR=I{EdhLfK_PE=LSww}@ezCxCr-(cza#81&ta-DI>+W$uHKW86Yr12%E)A4acK7^JJAGUoPn+A8EkbZD)=HPx1w&#IVzHe!^ zlK+R9Q#n{Ve4zYahwRTm_UHPNzdnw!>Ww}%CmiK^LhLg(_X=d8ttwC?awGFW!sGvh z#}WsfpR;6bTUDvb0cHNVAxN8Sp^bByquYRQ-+DjoR%NN!*hY(7e5)uDznA$~c$e7a zaAR&(-?RQjVz-w?DxN*E zE`F~X`zI3#K3T66Cg*zw{bD}-BEUR{^oLCHKBQlsLtk*7k=&H__sM@|-lP4o(#4tQ zTZ`MN@2iKeek@3?a_jx{0rHJzf`yD<6ki2CIna`$5Fl4q#=?H)MiX2gC%7##_lxhr z{V}S~A%oYIBx5(0B>#RkHnb{~l(|AFV|T`qwM)>&uUO+7#Ai`s#M0qP26x_!-n34O zyz))zLd)lW6W6t_a=6T7PS+kpbtd-=E-DYJ(UR{)TXg~Da%J&_7@8G-Q!!Dg0 zRxm?+OFi#f13yIvTKse7JIMzlSMBsvUHba0ZPn-wku4`5Md+8`3b)2m{LPm!fV2~O zBE$0460es$;39O<9w}otbE28hzxCwM+KxO;e>?ePk`Hpm(c)?HObvO(i7fig2=qY~ zdWL>umhow6fBQ&#)Y$FuHg$C9?^5U252W7@9m}k2HQy(75E+wteV%$qzRz;rZ?o&M zg?g;WIJA8w_1JCa#l1>BB)4J$^^o-j!W+@=(#FD<8C=UC$7BWd`#e0^MGo&3HcytZ zUw<5)BvL#H4B*Mn;mOZje7Vf#%ggXZ+E)HK{L$xo_s!35njXNeeh~7e7xDk z%l#R;&!;=zyEmZMC*47=)6r35Q++0SJ2HH?gZ0(y^W6z2%ZrZ=ZAGzv|iI+%jb&NU7Nrz`Xwwku;n`HF{ z$Psx~_{R76SZnqqWU-6qC-J;siM|y7Ms)N-unyelkJR2V>5^>nFcaig-U-$kuyW7R zSda0Xe1GM5a+J0PirQzQzwm3EddPfV2YyN=U_Y#| zyWnH7FVI~9w%nIIUhx4XFE%j;-qVILa$@7OeY2D~kviaaNsL9xP0XP_l!abukaA?+ z-Kpm+?8dLrH>!R)DyOD9Y}c(-)s1|=yEV<#cHQdjdMSNNUQ$b-?7b-dc8u8n@p2D( zM%kao@hSR2VugQ^oF8Z`A(#3SiJxg8hGQPL-UEbX(W3xuqx})P;1K(?EyPR`H zr%Z{olT#cIENMEx8lh?RN61C88XP;PDuEOb&0`)=*J~p-V0P4Z;~m+l|NP$)&I0 zzjxA>U9@Ek43TA-;}f3ByYkP`$8TW!kB&Mmr8{2X%u?p-BBjJ~!YY2{?=B#Y?`N&j zyan?PRgSi5E4VH`rEV*|hEn){`#Ulwd5AS%dY(nK(dFc$yfrp*A3QOi7y8A9HraLl z&{aPlxvNV9Om8Idg7?0f46_JIqKW2Zk53)q_< z{Zix{L$-zX%WT@;Ptgv=PZ9`Z)FU~+xNp$$?YhkY#(y6E68|dD>~sB{DbG{f6rUV*6rwxm(d$L&>OqZ z8?T`^_E^bY@Olb^tZg*&YxOuy#ylz}y9yn}xTy6}?7(B8Wcxboz>~xP){_gh$*HFu zgMFWJKd_QNpuX`B$mcISw7nQV>sy7^>{4`#Z^5RQ0;B!4^E0ZO$*pOw%&Bf>t%>r> zqVI>2KS>^4_jh96(JF9i^te>6$I7akw{cH$wfy8$i$2G8Dj5jS{$=E}XXnX!OZ?bt z@BzNbn2Yh3^tpvw(dXBMWWB-*ZS+H#?-6}3@}unn`>5K_f5@|EC|}6mka-I+BgV?e zS2BzB$Q_JLI~h;nA6?W5O|pJT=7Icq_&fYwF`{ps%6qz>wJ0})itZ$K?Kg7r&#nk9 z?#3^w<^AE5J%Yas-oM5gR$Jzq(fjl%*6jV$tz`FH>c~B*m()k(UDmag`TX4<(Y}?7 z=N;P2^UHS*4R)r4QzAAX50iQ{(`<1?XDX1|UNn!)uxcDH8T(U48@`*&Sw?RU zC4V;>eQ+h-sZaD?<|L`hLh6!hjp#0cH|_X*?dz=M{wJ;E0^%f{>(MnIh_0ZV z8t7aFhM`YHmx!*>`dI4`;wXFVI7*|$QU3N5=p>#{kGwhg@IO_uHyqyF)wG81^0}H% z>=t!X@fP++IXzN!#Xz4-Y}XHbTIY%nw#mpLSNb<#>)#Ux=c~rhnLP>mQ^IHKU>zIF zKnE{J2d_s5Tf{b^=vR3*{ySo<_zxDgYXr7S#wm}$Q;{|4|6;pXuZHa!(J;cwQMPLV z{bFO5^+J3MxraP+1J6jA-KjE1sCZm77hX=ZWegean6Bkmbb#1J8Jl(SU38811vGCT z%RnAzpBU{Er)?6ni^{cqhW>!P=y)F4-cFmnjD09%zllxk$+XK{W1;t)=!GU(ubU_} z*R1M$u|iE-Vlpyy-ar~VkxP^|H_Y^_4`L(EPNU-@~ZcCXpU0H z?SE&zD!elNCC88Qy5{&eO*So2XwaUX{@5;UY=3^<;bnv^2Kw?cF1^Fxv+(ypyH39|>g3c%^S6JzmGTc~+5RExR<-QwG0UIv zdBQILT#Z2wpApGrjo}Z_e`0GK-F7wcRj18`mYY5JyG^xs8hWn9XQcin6zz&wlrghy8J1@$f2gA>uz_^R_LN_s!iLU;FH6jZNx>)@l48xg+HCxkg^$8 zZ#8t4@p~!p4nO-Zlrg>yU~4Mz$;wBwhJ!zo&d>8q*=(yfD){71DtyV2gEyb&-Ou$5 z?dnBmCH#z!sv0nU-oQR*`F|W2*$h9&xcK=ySFCVfAAWFFD9IWwJzgmF>-|5-!8%wv zaQ_d{sd04lfOWpt;a@sqhWX^V;@?~;HsMC}*c|l7T=WONO)LII8~$ATLi89qt`i;C zg^t^gj_XFp9SCF;DV|FOX9(f4BB&v*AQ<-1}pKIs^I4a^#2W+$RKu8)~&{Cq2W zhYUW64C1SFZbAmPB7@H$gU=y@HNm3ZO4$<&AEhRZk3!i!+)psh9iLjuY5OS1XB9Y*^xFJAD-C~zx2(M#*uUYe*}sLi*wFtKZ{q`a zYtQl8yp0dwt-crgU-I@;c)QHSTjY3e{*>X7x$ySQCv@MhSNjK?99ik&t@QmL8hrh^ z&C`_q!KRq@C)Kyb9-~W_#e$QZR>BOGIzm~D5jNgO!3hRkKbYib$OdjTQBjZKe z4%7{0uXIjBM#J=M8AE5Nam-D8|A4%Mje&uE82iwee=s|88g;LA)qQ4~y8nw&cUj}^ z_*_o?yIlT2N?x#!CD3o!x*_TRuc7E%Ff8(y#-r;hTy%cPpi|oC9Gk{;@wFlSC;Wm9 z_;jiGT0r|xKY*6_n9yLGde_;J-$BdeE?Pb->FgrEU#8>q;c1*}ezmd7|F!7oIbcTu5ln|>CA6w>~B!-=D zS$k6PQoD^ekWV(2dK9?$NqYrk6b*Dyf&~3fb?%k8Y57g~Ysa8EdSD7nRhll{v*Av8c_= zld*?Ft&BrNZ-hU$-Uu|D13zRAb}pa4O{VoJ_vXKTa%2>IdC0|=uNZuBe5I>w-iRIg zrAuGB+c!7E>a9nIks4&zMiFhmXp)8ud_dr9&_~Xk0gHH{)7|98Lna~ z8>~ayhvUPKAbwv=JZlea;*PP1k0vtgjTTznt=9*NJiVU5mr>zsT zbL$*@)w%epW%#O<_^P+V?}c{Ur;ssHsp*6MlW`xru4elkE57FDk?2@i<9<3hiB9~$ z^hIYGZ7e?jYQuLBA41|esppZ;R`{51K6*bg$2z^_fla=mq2{Iq&+$iOFNdR}`tyaP zZ;+Fd9PR8~h_5L=x4V3?-Q!&}%Y3@zrVYR!E%@V8^WRbEOH8MXX)5o7`JfEe><1e* z5O)>dE{q(m#}-Xea|aoFSR=V-<>8fUGMP76K`w^Gp+Y>9$M-DaNIR^o?%!Z1B(E|| zKFRCsIhEUG-6OU`?p?)RIj=6b{gNH4t$UV=e~Hdl`5VNXWL~0!If>V-tlCcEd(*(p z^#!}HM!%wW$=?WeuV$>8;j?osB$tHzku#30ShIz9sw}J9$C`)^c-BRGw9=Q_&?`D0 zROifIDRRvEz&L$9L0@mBe@LFI>`Cav)Wm*i9j1M%<bFUvx5ufU$Udxx~H6+ zAY~i4Cv_cusBiXb)U}U$+jy?8lV{|UdgjUJVI6b(1?5Oykko4pd&A7bW^^rBa7ppQ z);;xL6yM{!#|O4N^EaMV<6!#PrEfFF`bXc3aVPFss%g_XE5U~QBnOST5y>C9Lw(n| zB)9QhuFY51G8+D!&q4Bz{EGb4{-a;7Ipf^#81mCw!`wRi@xDR6thpcWP-Cy1*@w3K z(KP{OLjv7b%i1_}Lk!(em`%PwPGC=*b}A*mq6%G|fv#STu3j#>8a-dhX9D>QS)t?$ zf2Dr3XN`h&<3I(*z;QFN7Jv|@hyqh#MkMV%}3~1 z9p^eu=PRR^C1>|I`1>>Fr#^zGQg4y>)5Xp(-j7a&pOdIRdNE`bzxV$;1}3&SL|=(L z2H)06Y|!fdD*Zo->=lxOE4KPK>{FN+1#h7zhFl0u(&h!Mi4>Z0iB-y&Ott?6xu>rW zSTo5uq#8d|{D&C#WnNmft^ItS)Q$SbsDA>zz7yVl9viaXh|Tr;20A{MP8YvKzKr7| zIDP3+yDvHVxVLneYR@}Z>wK_u#K3sby|OnUdEv~|4G}T&#*6{ zu^(YiO(uJyxpMvg0Uzc1E-Sf?F>|!a*BnKTW2NLe@F~7VYo#yZ%pc2mq;(bh!d(Y{ zl|B)@nZ=lVBZF6_zCTPb^7xPc9+uc~w!gFO>X<`OS99(>i#B zvUhD;+0(FE;%8apuVprLa9?N<8attjaeRZsW@B4vSNgN;izzw%5+`eCKkPGP%^p6; z+31@6>yasRK>SJOe{YbS^wE(Rv8)}9dJmNV>r)c&W+gWdb_&z4fwGIXqr7vpCl_voi~ z^nlE>?O)<6>a4^EE3;(%-JX&h-yX>&k-CdbEIWv=SHn6Qev{K#ROmnXV#$Fkb>flq zw+-|+m4kxLlXu=>eC4l}_w^d(82v)l<;c9XpL&Vyj6cf0ulJTDO9Qfwm;N?}_4rFl zimFdQCqIgheuDMFxs>tS<3nrr-Ade@d0z1|6<@25S32Sr-4@C&Jd5uUMQ`9|yjZY_ z`ES}(=78d0Iq&rRSE>zY*Z%9VdztTZuo$bcxAbi1ofvH*7%}y3m9$?nx{&p(lq2md>W}c@5E}YWPC0@6uz{IXRQ~$1RBmHpE=I`8R$OQ zGgbU<#=WznwR)|#gB9a<-+$UUD)3p}`M5Nc9LZkupHzmDJ;+6G8GbqTSKg1U)BEE{ z&O+;SWFGs}qSkMYi^#orU=*@)Jbh(!Ll?N`OZmmf)pU(3m_mCmWkr|pJmpOtJF0g6 zaP00#D|v9W)$_PNJMu$+sF?)|7k$#T-{2PrL1XTo>lfojIjr7oIPUM%P85( zdY`tLKGwbYk{zr!>SXOv7i*FBvlgkl%*XuC20FGr@1C0|QuH%GoiwnWC<^7R99^F(%Hlp*|3`#mCOvgf17TuR<(AJOfOyv+wY z&NESYkG|)W^EKZ2m^~v!_RdB2q;IF%0o~)~@$bnQ5j*v9%1({cJ_mM6bh+q$(fRG@ ze9`q%Zzo=$_Xp2t*iZT0{N-@(BXX!ry)QccZpwH8S;{r?iN#;tNA7}SW2YFoD=GUL z$kg^#<*#H9w6Cn8lzo~%-sJd7Hr?pT0vVUH&N9X`@ln3yNObJS<7IrL^DOh=V{9sQ zn+BihPpLd3bYaIe*ox~yD!#BExtCnB1MHI=JugI`aq>^Hl}-C3HRB{e^yr?UgZo1!E4?-rxil*<*U{{fWLJWr(j7ls>QrdHbD} zjK53&ejnTqu=D${EeY&N2X?g^8}kV^=2QIPzcaqwmBsv%kF{=@k@&8xL482#|3!KB z5%Q*Ff&EQe0%h;bKbUoKUm-qEU&c0cbzNmO=a}+a{QCH0J_Ei;gV4T??@w}VJ+yCv z_N~zV475K7?axE|c4&VY+IK+vE@&^zEK+-eZpy&l8l3;B>J=CwU*(^umsuwrhX^(t zCJ)P$@AxQaN5;=IWL*5nt7#`kzGZ(;oqszpUQn8ay%`}foQ&>rY=!t7GC!mHd7xp% z{mxp=fw2TBZ$CLMPM?ysY*Lo|)8h|4{@bR`2kMU>`leJj=Vw?KMXw_^cQa!ei#<=! z8|Ca*V&SuWm2*S=est`0>@^}jhv*UR%bo|=%1Fu8%oRo_MYc9j_Eg#qxou&dPV)Gq z&&gViUEo$)$1~PuFBWXLto0K+t96AQS0z5SW2dG1w~S>9@bAK$?Qv-Bk#&{mHi<9) zj4^k{qRK-nR4zrZyM*z!L#so-Q(ic)Z{4euy+xHB?9L~Ck*@5WU!&gDIgwZ~@>xn9 zu(dL-)HZo?r1PivEz=pFp)Y$Rh)@k<=NBy)1Vps)AB2eI?jldR_TQ>%-QAD|K+s@ zg5&2hx7cote^bT;63d}4`?Uz_ZogX{X*n(o-LoZ7_#Zer}T%bT=OpyFOHvwT(V9; z#*z|mkZXl%pB;aL_@}w#D&`{-(aGp@*89smrN~)K{515Tj3cX^_#5&ny2z1}jo;)P zIr1{=pcC7=SMn_@WY2)|V5D&R(Sg_Uf|1j?=F}$@Kcrq$jD9EmT+UIDdO81`_~16i z%w~L0#m&)w`P9#$U1U5)ACb7BjITw0#CLz5{Md5lZltY6A4Dfow=wv~PTic?BK^u; zznk3ks}DxHzmmQ#$-njM5UI<6^`dINwO?O3^fNa$fc|{wcj*4cbn9`652W(3jzQ;ZNjw>E~K6I_t`8J4)PL>f*lNUPv4S-Pn%KlH6j!Yei4VzHzeNClk74|9Kp= z*|*_u+)n)@mK*1{v|oEA_LV-hk+IKC<`KlE-SrXvCH}h1tH^v#D`kjpA#v0=es}yD zWV4JtP{{$8z1u5zZ{Fw(&JL??MsD>why0vo_IJx(jLX>f zPs;E!CXQpbj_d7PN4vck<5`(=icoe8T@pplNAd51+~3K4$!RaKz@)4xV6GAx(H%nL zQb(TgtG7U#MT{XXyn*jRLjayu@!YeY_RSU@E!X7!kI@6p_y3UZj!!g1Tgn`3m*gv< zQ)9$R+W9WIu^H&<`IIH&VXeP28YWO?89u_*_>LL0tN4>u#1)qDTXcuyy(Q3{GC#DG z_WAn(yG_rt+Z3!7yeBb;c67-;+IAlHQN@O6+cw^R#hzOdx;l7Y+OovemX`^iL{`91 zvNE;bcaio(5sr;dr|p#;WPXD7oedAGiSf!i@{G(k$FX^;O`$6)Wl1|<*Wb<`2>mzq zx3j!!w)HEt^;&2#+xjG-btYx!>b73v+@}nYg^@yguJF;*cS&-}<~Yo7n%=W6TBhHtC3mbt88!$Q8BwngmafBY3bWFh+_SpQ&* zksN!{rR>S6DP0z&AB#UNdTA6fa+%MT{v|r&6rmTH`~yB*h4cqxQR1s&NA_|}^rh@+ z%Drjwyu=9P`750GyYP@_OZYARp^O7t!H9}(fQQA79jehb)`_c1J?0zrFzv}%%HH?e z6EM0h>J%VPp_07mLOv7L=xG5vrZs_2wLSqGiT+jfQo7Q%DOKdz#<=dxN&kZRP5SCI zH4g)w;=8VJ=uFumTfYwVI}4tUpf6F63ygZC%a`t=|G4MpV(2`XpObmI8OW6ADW^>s z2jSNT8X6hPX`QcmC(p_|@~*_Yu~Di`L-;$b>Ybtxx5;v}+6*mAJh4p$c;xnBb{v;K?=7_Y#+sJ?%Eox70iL8Sj{M$n`XINW4>I z%%S67pd-LOp_}ky`t6vmv*71fYy3Q^C-NpVscT@%HNg>mA?->1^m%Zl1LaMPy~d#b z?6ZbmJ=oue#GjFQ)mGLiKSm$5?0?EXsIlkA&X+dqKd(|`vW0yJq;IB^!-{e219nJR`Z7c2P$eQZU z+`B=Z!+yumi(>!2%I{QvmRQF%A?}5e*U)#AOxk5!LvDe{qP#PU@6ulB@QYmd7Y%_w z)rDV0&faR_34YcFbg}qh%mcod&*ug{Q?}El$IXL(h@LX)^>GC?3zcPXZhcJ<{s`C+DUWMrdB1Y$ z0=d6^2z_w;5aqe+>-aPAO1=NZd6EN{g{~ZdOjL%7B+hM{6CH2crN^7w*mLISsN?&6 zv?^q=#!AlVV!nu2wUSMdb!>##HfJtZ=455;BlY(2C-)@oCb0nV8MNP{$Ap#Tl0To_ zumBmp!_xZXVRD7U?@ru{FOU9Exm@(4uG{Hb*oooD(*81HsJth!`%@`P<`YG~D>+9d z6Zpw$EO{Mcgd0PwpF#J-`}J0K_g%!Iu}NdQk<0yM#LRC`^B#IYtwpFLt}e8Lo$Jf# z{yw_$IA6}5?+3qMTje`W<)j=ycXwiwKAJ;3Wbw~l5__9x4X?fG6Z%pWv_RW0?~!rC zq3zP{2k1vJYJHXDRxe`L=X)NsO%>-gVftIQ5e?kykT^TR@K80nt4- z!n5n(+1*0Rvng7l3po#6=z$i|*&F_5$K#N!m zsAoN}MSL~J?@!km^M$+<%<+<^gpfeSl#9&1pHp0htC_a~S7=1*i@ntU>!J%KpPgbBokHX-v*vR5SQs9SCM zPpl%=T8mwS$1!9yaX-J8Sjo^TIj5vJ60ZzId~+nuIxg}o=T?SAS3b$!c%pZaTZzv` zHxc^~T`T*zAcG>SS6t2hnb+q=+VMT5ojc)EbeAu(lbqZ9Yfp-Nbqn=H#>BTi340y~ zBLS|&Yh+*Q82wOeMZLZEKoRHPNFI^4i#lgyIqh3a9e;)#2N%shBxib85o3{9^i$Zf zGQP)HquGW`J9SRb=i_#rE$U@auUH}w+4B7(>zsOu-PweUR3am-$hX6bx>M0{$fVqN z=#o6#6NEP8%%m+w%sk)9ip1#WeaLG$d-z$^r$(mz2%n;o7&iUXj$!j$cBBAVQ!(tY z&ohSYV0ALzD}7LWOwmhb3_JJ{HWS^}UKvWZ5X0Vgy;UT0^%IF<_dOqcsgHb)r;lSj z{oTGIY0qq~XFqt;yPfy?iuCvE-|f8L`9AC2PVyk+dMEEmS<;VM@AgGjuue8iJ1ig` zo=rTw>w)a?6Mexqd3h7BK-K|PWDrj7|kmx7H&1XL9Wj$ zQHhKD8g}!Y{Kv=RyeE4&mhxT=@5QJ~UY?Gj%l8TF-6OhK=Es|Pr{zYG*@=-qucIyL zKKU)pR} zTEu6CR$a~msd5zk%w=q%|0n4GQeWv0l27310kcm;*=s#*p8(tG6MHzXI);vR_ld9m zfIfjfHT#6rYddo3UOTcu)+3#NY2?r**8kEERlm3QT`0Ur^rydJgT03Xa|LP-hZWG~ zzE;gOQ?EK>P|>ev^!DplXZ-oJ;VU@$R-O097{Ht#kh#Fr{5~@Ai$B?OWKOIi3mF>$ zA1SB1r@x#7wjLL3`KR@{Uf($EO3~*7*Ee!rC~@G-qSn{I+J#=-4(`k75BgkR)d}04 z!uPFU3>HVHO8!#;<6YSYC$OOMke_`&B=4xwoReW(Byof2cG`Crdigc{fXXY2R9#*s zz8z2Ph#X2?|M#YoQ`d7Ne@R_m(j@U` z^*l5kNL_!RNqjJU{me*v>iUCC65H3;^CQvJ^@p0G*s&gLwCGso;ToO&n=_9wPbg#a z_)K_?{nO(Vat6L3`+rP}e4qTM==~w?!5@4a2QvX5caa0z4v)olIXQgaAU+_!Wj~n? zcz!#5QgZvqO&=?tqWkVZXAVPWu6bbC_z##voZ%b)rsQnr2K5|bC+)Qw>@M0)a_?ij zv+s4Q_W*k{GT&B|fo=_yTZ^;jTZ;uhu=Ad#0N-0H(YXt)X66*@toq@R4fLgaD?bw7 z@IO{p1p*7(iCv05bwBg+;WBj}`JKJ_@c7kF_Vv9e&#r{I zicWB5e5r3;U)5O2OK7YNv1jlmE6Ld#^}Ow zL&{-JO3H~!OwU!$m6X$>t`9D!je6CKA6<)lP%rT<8}PR!j!{9*aSR_&>Lhg=ZP$x2 zRHKaFr5u?95)G*tG}@Cj@BLhzPcuSQw36o&?}dvR#+DzioQ0=Ml>1@GsV=SFI#9$j}< z32VDlK5b6J7k!-E)=!l0GNR#La$od5^rIU3?zWn5J3iFB`+=L@ZGYZZq`zPP zZu@rU`>c1{U)JB-cle4#cZuG;l5t$FFSGkC)?i5A?tb1E`Su;RU9ub6??#7>LWk8o zFlu~;f8?9{uo>d_$(|_fjDaM#O~yiQTm3_LJwX4B9IXF-!MnRd?4Q7xs)HQ1H_%OQ z(tp|0Ozja>#&|JC9CyFs{qXJrcrSgr9p9$wUdD~ILFfH$-Vaw}wC}?EvmM^U-xTi| zLw3Ob&ig~nUHA5vi^lxu>5*5t zCc1z7dH6Hw^iLN3X#{<16#94!GCs~qs`@zeLtB(B zV;_2Q`p!f~CL$}7h~bHU;M{j?v&eNT{LS^T=N%q+{u4@ zx9oj%u+WN-te*Uf?dO{DiZ{+39Ixo><4lD<&Q$2j;qSO@ugd@dV z+xEP_D9C){t@txOW1qet^DlC?;QyoUZNRIluKfRVbMpoPL7{@6BsbwzXr)6-ptR;D zK@n+dr_ixe+9n}TLG))^=QoPbCJ+=6+j7(ntvV%upu~2hs8y>rKomr5MXlBu+j?K} z0z_MI+9|05|Ic@yb8gN(xfik1|MUF+J`d*JbI;jlt+m(tT6=H&1+(9o@^iAg%Eyec ztaaM6@wp4h@u24u7r~48aLU&u!#C}`kH4K;a%}YpcR}AS=DuS&bcVj_pOemvVUH3Q zVgIx?0)CMFK0@wJ_WpkI%w6bl)n?`YvVIQPEbK1Dz8{)v^)#A&BeX}fct?AU7q)x_ z-jRK7hiCMzF7)`Jxeoux26*q=elh1-Y#n7!2t}9eUp)Fo#e;_!BMDz=59?0+jLpPM zoQXEI0~ohK2lVbs!s8VAjot8jf_KbhKXB>3Bs|rCjjmU|3tvQjW(q#OmjjpSUEmqL zLw?LAV2H4fF+Sij)^APEU0ix&u9dTHWg$5O;EuTUlgo|}yYZa%AUE#=KL7g?j4ykk zb*!;El^ zaE*51(O&gI+&f%Y1c%`9)8K#ZaNy9p%v=D6@ag~#!E+zD_r`m^iJ4jc{_9w?$uWXXxOx6S6h4(3Mt zD;=6>^(da8H*DU024?mQ?*nsQ%TIxKwB!PK1>>QK_#QX(^6L@ydw72Fm}!dJeyOpH z3^@9;eU^{Dh6Z^p|IT>rv!H2~@mk=y%WuBGz8t=1T*LS6$g<*&!Mr2eTx>y)CefX> z!0LyyeXe*3c$pu`Z!z-OAK8eZqsJ_(Jzk9Leg@gS&A{Eiy9yjS@Dq-p$NSD-|CVb7 zKd^T+q|@UF`dV{o_y#zP?A$j>`&%yC?aJ>F@h`k|#K;G-0A9-uJF;VVb*}iVS5C#N z&xohRtH^K)9$fW}sW+&AHS)e3if3Q;??b=C@RvV-=kZ?!{T{W*O9j0R&B%&) zk(|mrk1p8rM-qb^zB(7#NYTN|^Lc#cez)M+q{p+~HIHZA@A7-oc&`ZF8`8^ruQWn|Fho(CchD@&ryBuV5Bk6{vmRx+?Miqx%`uz_x<;7`tM?obJWg73D;J zt$8C>R}JwcK8JztkNi!eQ%Q-P_((dP66h#@%q@NJ_7TRy9-BT0bcpnh7jN%$>FC5~ zPP{#vo;ZJhUF=G$XAv}96q;PV2pT>K4Zj8r_d=(A$Y&RSMZZ(fPy1W_2s-FK#cunE zJ-pw>Q!h|Hq6r%BlV6T*Xonw7%o5ILZ<2;PyR2{D(P4460&&V_^l;}zR!;{qsvN2O zD$nG|={OXEJNy;BMf6rO0fvv4416T!22_|g9Hy3k+RJ70YplCd{q zp<`>oSAMf_Sp_bc;Qz1hIli^v(!Tko7Xx`eH0WD93l~SGouX$kiO;n5lkCsVxHX(p zxPY;gUy%OQm>w;h__ANivy9mejv7z25KY49<`g{!MR&dqe$p!yjK7CG(j?~W{a}44 z3#|FTd5cxBuG7GmZ*a{HUw+HK`{2|1{fsa&4-WyOpT=o(1`fr-fxnuwp?vn{ZVaFO zy2FzR$-;#hWPzRlXaA3|(@$|2{{K@r&`+@jdauJ)_}4GdH>7Jx)l9Kract$OQ)g`_ zC)K08vvL{aXm*%hiDZs?C8#wIv+D-C>-E;5pV6C%aPJ3KlLJe=m9gAV}T>-R<%4(Y2`1q<_P=F5e}oS8YF zybEjlBaMS>#oh6y9P(BCm0Tj@)atN*AF=;T&qNGaI*LrIMz{M6*YYW!A)06{pEuUF z?HY@^fO;H8_N|G;kh|UOr#8G7qb|aIyRcoVXI$l5&$p1AYA!j|jup8hmlrj@e1Bj) zpZXY{0Y>#PU{lPQl5O-c$i}OO;fL>>-0-H>3Bo4{_(c6);uAl;2V|o+FnRR;%h}Ky z{Su`2GSM4d<)=3}b#jj9+pFC5bGuge=Kef;dKEn&o?VD$u&3VnFo(aOd|mqaF!48l z<4vn4I`8;no=k|>LUW1VxE|k#9{vr!qhzC%d)vTyAJ-1xuN{c?Bp>41!(4le?@z)P zu55U?ChGI-4V>p#rJkbSQ14=2zvN^1FgGwZyc>Hn+VfzCWCtJS2J9Jpi4Sws=_|@H z{bQ!Ds4Q$pwEi_(Y?n)(B**ZaC3#|ulsw(Zbsry(7ESN;>_ooFcY5-4Z6N?Mqw1o^wLo%pMFzQALwzK9 zYQtE`70*bn;ykAwBl)}<|4igcb1ynbmYzY*tQD8N(#YAM&oGYW4#$}5y<;vyR`Zb6 zHLSgT5?O5z$g0NhWK}&!?Ah^I9IHFGTN_>?#J@LcKlDYP@4> zVcXp`)EN)4uTb@h@I7t#<~8Jy-X=aO!!Oc(W4M17{>_#F1^2Y!tCtb?wBgH_aZXj+ z7p>`gO5ov*^jXl`x(A!0dStOhzv5KRx^s1j;JX?4I-uVsdZLum*5}PJ2hJwoGjqW^ z*9_A6%Dj`mIx|T5AB&oH8-80jZ*uvm#^^Emwp+Nj9)GPKzik136ZIyhGQN~}>=WNX zM(#mJ@t#E`@KU|#&pIMkR>rdaKgl(Eo4XHBPKR}?V7&+a;Mr%1Lri^z&zlvCaQ#Zb zi%-^pKPI>Z=at~J%jC$X*f*#zh(19Rzw!Hgy^FsKfq4< z-c_jD=DEH(1~uMMxOm*O zeFJ75pvLeL!QasPnVbFmn-IF`jxMWT%l*W5ZTQV=nD?uo#XXTB77Ca^U*oQJ#zK2;B16=UyVZ0$3X!}tm2 zJj!3yoO5`8lIySYuEYlDjy%1p&)lQ+uZ9ocFY#*}`Pl5wS4DhXrg%5 zd_R8E9r|7>JBm%|Y;$bNp@5E^-jqeh3NF_l8;uVZZvfVSj@^cSjyI(1Sn<`H zrTlsM;F^nstGv>j`B-A_xbWl# zzwIt0XV`8PKCe8U_L7=N--u=U7D6q-@%jbFYc8?xWxPHyAn{*IXRptzUe8PEHBge> z%dabD_wUyq8wX!Zw0f$zH!;%m9rPrJSv@lgupfhDlbwF&&LPM-G}roDvo>QSx^9^6 zan9ns9DeT@Vwv2k;F>9WhVP)y`>5OP#qRtSedwG~o8Qt%A5_{Jn{deK?SdYTpYMJz z0KOvhHn`38;g)HCi(}OTo&80};LleNO53mLX#F5NnPmT$Z?AlyILAFZV^&V@*%_>V ztSq(WZNj%HgU`)*8sy4j#psDEa){yi_b{+LhF|j_e;-1(R_Cc7W4+aQvAuGhdNd~3 zn>qV(Gwc74h6ixg*IDWBONM&dzCeGU^$F8^xbl3RmlUSweE{cfgjzs$Y_3Fh;0qK`XdMZk@rXC1FfOnJ@VHQ zz@DH+A>VaTf;fqIAbuTl0bX@{U!eHue)#b^*8i!u;+j$9dK*&fFUa+-pI~ym^y^jU zD%X27a_bCx)DKT?Fm*J>xq@*@H4eH+y%A=d!V65!I7XhAXV?e+Z2PA_=$jut6g#z{ zjNa%@{6NJ5wO>@;;uH2?*E#XYuDRlq3HJZ+Js)x08y#Wuw+B6XP=9nLk6=Mx+019th^?b|Uj z5kBkG2E)H87~DNbfng8#R~b2A-6?kFv~tjvmt78?jP}G^+1F1z9oF7qg?(`G%YkA5 z`i0i3U#Lmv)1lvFdnUniZV#sUZ3Vw6$Nzl1@A)aAD7lB*i|iu!;3nvx=RJKtb;8LF zPxH*?zBSSvk$L&{N!DCl8+c{{&lIC4WBC5@s~lZ7tph!d&5B<||1EYQrN8k7{Q3VV zdiq1J2zC#KF}4#w_x3R5F&6b@V+Ujl^q)80gmD`0ywuvjOOVs8>;EZ^YL5D?+3CkH{m*y7x2?6TN5|f@QfqAF{#LC= z=X)`~RhOVcrl^+V>{V}IZgX^gJNBrlF!w+k`#Uc}XN)0Vz5uwC-+h^yVRE8kCS+nt z6!`F4sNq-F9+A2QY0WKJaAQ z^O2g7Yvb!no|&%$?C~Pm?clTUh=a$ajGs^J(Ym;F8vFJTV^U*SA$SV953x7-MWQS4 z)cN2E`QWMY!Sn9gzOYEod<{JlgyjJj7V(klR@J}}2965g$YJ~tu!MPbA+S_{xBBQR z*~?t@zz%HomXfx+Bh&*c@rOg)r+O|i)f4x@ccSw=XzZO&|Brl5UWAW94VfGO>$Su8 zh<3{Fe@XLu5ivZ^do)Qfw=S_2|5U&~{it0%z~1?LnX|*p+1SY5yYoZ&E!*(-#rIqFJaZ=g zTA78v7Wnw9J_D@T_-in*>YZNB;!JpKwvWfks5fWguK_N9J;nIqub;br#ZQm%+2~c* zhfLtl%8!gE(|zQpefqVZ@sHEbH&9Oc)T!|HFnTZ<8ed)-o;GzsC~D65RPEx?ml$t| zW#X#@esK)H_><^l{f*-{tKSA&KXjEfZE7j}p5VJ`uey$Z$v@rW#^i3_j%QCy{7{l_ zH;>DV%YOuL`IW2ZO}(?)sdqYO^7Qr>7r__n@~lU0zs1^d`|eWvJ0bRa$U{%kQ?4F} zYu;Y*%8!>^bNs=xi`FgW`XFG9T>+e|=~bS3`cCDgS?`LjFncg=2{|>L7lzuG{@ck7 z+Kcrq>5(gp&MEwaU8qt z)G*OK8OQ0MmbCR&&b=vW*f}TgjMoRe$fePfE^R#f=k<&9V;=~AzsN3=ugkO7(N7#> zj>JRKi<`kgxrP{g{Pi~GgLR${u-}e)s_={OlSkU$<{8ytlt)LQn%+$WwnTE;q^GH>tM zkl8a=JSASLyqkNNFXeR-SHko28Mnsj>8Q7QIL_7yOkoEjqm>H}s8qKG!S`eS^H+yvzSuP~K~w zot}yq{YJwj@@>ydvmc*G-GZg({It6u`V#bW`9%D57oOr)h=R);@su$tmK_$ z%qGX@Sb^Q~`~Kt`4sN|SV&6i~pm-PGe@BE^VCVPY%WtQAzV%u+@Wj}Y8?I3=6Mjp4 z9QkIg1#CRWepkI*;~ZXq2X=Tp^3dYr349pltA}%+jNXW{_J`@Sw=tIC34U**ALO|7 zTY;mu9tOu4{@#ABdH&mM({I>|UyNL*@Y^IkZAGX0ajXvDcnR{jbtW=P-;E!~W#ITs z0LMn)(tbH-LZc--|488Zuk(Ca1{&@B8))3eJWqV;M(te3ZEYTmGK(sO>^j)=F>f8y-~@G6fk zdG+}F4`W>Z=AI(vPUlGnap;LVeD2ZAzhB$_Ec7bVTFF>Q>onGlw&Yd4Rcr^~e!q^$udgwDU$vIKKcLB^yu+ zymi340C){-)y^C!FDE{2%J6I@F-iHZRMWuEG+<3D@j7UDwYNcQSEK4VL! z%J#??(fgb={^0|n*LL`9re!_)d+z%s|8$>;k9b}_n;)Ju-j7A>Wz1>XwdRQZFTrcI z5&Jr>CBenhj}Naov7rw65)a`U9E`BPZ3wEAgwRfxYpU3YbCpErYX^p&%nC@7NHObyR zo_=zC$Kk2`fcjR{+mgh$xJ)|ZGtRl+nwuKzP7InQF5;dU_#5-_JLG?GZ>*eu_)a6F zOUk3p8Zi8edOr@utaUv}8jPucnn<$wIW z>G!@LWW_`qEE>otn_d?oH_5t4r{UzaRR>5#&(5yn1erG=!(eW`)f8TXU87{vL8PtFq^} zZ>qjqJsll2HQH=V?fM=yeqcMr+Mh`qS?j~Q-pOVC8#-UVby2g_nBINGp@QxQ@3rPd z*@NJPd&mn=_Yi(sQ>fZ`8_&j;ho^V(z9jE!=Qq)_A7gafPkxJBfyVNF)4OBKtEUSl zYINOiD|Z&k>0bMN^uhh)5DRk-+&m!fz&7yTj*Z)jjoZpQZ?-Nge-gulC(b!5iH4|bE_RK%xJb`9b1Ix_ zsW(N5F|Gu!P4rwfhAs9n*S@y}EuUeG1n{elKhp{yXulKR1zu3B_lF4m_3(;#M!X~1 z$GI;mdoel+9L_mL28OG+=T6{-R_%<}!F~DAY-gBtjjiaA3pxB%__|fr7}LMA3qJiS_}uu*ld0?S z?_%>Sjh_&&sgx~aX{=;VwBYQnv#m#tK8ehSthF)bcE+5|c;59e*AH{gh1}!eeF4{s&!#^5C2*kTC>*GD8yxhG3wcKk zIPB&fqRj;Jo)4M#_~GBryUg$Aea`QKU)PQ_Ip4i^sxGeIyzkOUi8-95gxoxX-spPJ z>Pc?ECNHlvGS*7Jk@)0rQB}{8S(hz4(l%gOmwNZ9O?FuQ*6m}Bde`uY_F>|u{piFF zp1<-D@;l<&Ip~T9om^FW0d>-P&KrUTMdYdPr_Vvpb@ALRp1WMnARqYjkHmQnoF7T@ zjK&eqZ~GO#0l!No>AB#&4d|5b(BB=u$I(?Iq#xH{^Eitt=f+-r z)rd@rUhzL7pWWz?dmMdKI*Gl6*;ix?_CkA&)G?>YWTolN%i~=YT-(oD^ZFYX9q)J( z+I8tXp`7kR?9r$Ed^LYLhx@=Sxw)((&N)!Unun^v`M2$`a@Mha>VW#{_EU2@Iu2S$ z2PFOHP*5jh$&< zQ`yr*?Wm)hcuM{>v{Vg=ddzySXJrj?T#F1ZBKCL)f7#i`!rAj|5qro~nHo)A%K|>D z?|vKiblgDQ^m=Rqy4=9!!Vm=pt+U&dH-4)0dg2Dou3KDpykP)1P~#8Y>(~=ucJVSe zjH~QnooG)*6xm{rqjqq)nHpFpxa`4hb|BwdS&JV9AH&Pkj1Q3?#BP5)i7z63cL}(d z*pBZX^WpGOK8ps<`icA&j}G4eryy)OFTjVKQ5L@*Jb+1ZH%9yl&Ew3$o)Y{aU|Yx; zQ60c`-+A0!;WFJ77(VjQCrnph>SVeB26TS8&Th_xSxi4;Jm6z7ZMNMa@RI#KFb%nZtv6pL!J&yie<1V(6;74kG7Q;G1aP;J+k% z=#8aXscLqU*t;k=-x+z4`7Pyq-6S+$Fd*kZF0wU~Ii`PWy|jOg5O}_LzlCV`HJ)g2fAt zt8f3eV%UU z-sahK_{P|iflsXnet!@@ySvTmS&E%%$Xosnayd_RoN4S8 z)wvNm%wl|G@AluDKJE2hpLYB_^j5XvB;MTyZRnS&f9hg;Cixoq)$(g4lOI7JbZsE^ z&{$UCy2A&s<@=D;kk!4Gz18Nh|G=a?_NM2%Y{}tP$Cg;)Nv=)6R?X&~BW;}D`lO!g z-#wo7yA{-;n&=a{JXCbx+PtE5N5cINT+aHm%g-Ko+vTAF>n3m=JN}4?=QvAI`#p%h zs#U44`7rZY5i0C{;m_1Dd^8m8Ji7gf-nh$mJN=5H$(&8-lr5aYNE|mZ)r(bRbV~PM zu&wx`CCKYF{lJIMyk}k_G_AY={|-N3UUvbu5Z`D4^(6UcE0;|?u50Rn)b%R*)!#x^ zb$zmA1-?5Xd48Amy;f+Q#)&gd2hWUNyzsd6LzU4X!|Z2n9CJL*^~5RY%oxwSh`hsd zW^S(JJY07Uv~R@`_*i>YG~lysBIlSWm^QVWcf3_p+4DBfw{l%Ns$}ufr#8x$L$?%J zV@JJ>9(r)uB(twmYXsc}eiIijJ+6BeV2i!qg-?;0zoPB|=#(Sy<_qxR?eO9zboAjc zJixU%tRY+geZ1eOGn&1lDwj++zJdEV>k?fWYFXQHa>Jd{^VPCZlGUP?w+@`#;Nj#S zf35DLUMP94K(D0B*)aQ`N+kQv@8!YYYe(Ck<@dB_&^NQqGuqpD#m)OE)8F7iT1oxh`qj^`29M3 z+=uAN9Ae$o&h=ZEzjk8P4s=)7Rm5h*tcQtNj}Wsux>M^599!4Uo+};51pU|DSHlPQ zTlwoY(oZmfwe6i-$a54H9Jp#g!2$e{9`?}fIZS+i_&UxyMfY?)#2!M(=^Env=h5$% zvu~VY4+qD7yrZDyk`dNjN6?FAJ(F~);Nfi1Bg@I5pAC;2o=|?Jutjlv?07-B{)4*+irSTu$gmrDnG&wTb?=7#&dcsz&tP%dX3cR;Vr_%`k6 zKELg|1^;HR&*zej#0O9LU9Yvfc8}|?@L9PF;U%Bu)VrsK-2ty};$M8ZYlkKh2MDL7 zAz;7`fq#|k6Eu)td6XW#MAJYw?sxj$iewG+dy3-zo*A1A&CeoLA2JNXOVi4CEi z&FJf@-+q+6O+%bV$~_y=SKKCQ+E78zLRT>Kg3^hT=9qbOP(wKSjgzo zxZX`IUU`roe}{D!@SJGp@!j%b@oE8lo7?hb;nd*bbWs+ZDzf9W2U}Z3eN{Lac)>|| zw@h5k>?)v2J>5hY!ty$gP`vaa%;oT86)vOijnQI zXwSd>HNBoWfgZq-)i7OauF8;}Uc)Q%f->^*mU?%aBIY)`U!8&AgCVhIBmZ+CJ zzq<;(lAHoe7g;@9=p|mcc+2Ce9dyxWleh>t=98!5e2rXU^4x*sH>Us#x@TX1&N4vv zjQsWbmuFbb?=;Yxuo-*ZMU9|+oaLPDRgP}bI1?E|^XrZkAIF|~Mla>G{FEN)1lOfM z`r&_TpWzTNXrJNg+{P!8v#cko3OQ%4+Im8{_}z?0?ri!Va*E99L5p13d+HyZ0j|}J z=AIb$Y$BK7^#H6yhiILC6#rRy4tv|32KNcAOddAB3tRJ?o@azMDXBTFGt%hr-<6ZIW)&G^9 zXRpL}u-yMt-#S)3+|(EP)oZ=Lh_w2G_64L-|Irw=g*Y{agz5|P!#(-*EOssp^%M++ z=dKF%#_PGemmRlO8WD+1;$6!^+Tz#3wy`L7mE{z zJ;vCvxxjKIIpWj3qxvlKj?T1qIPW)b_B*xVYw-DAlM~MGuKObSobXV)tIf+>7dY>x zK6CT{{>6)x)FsIK{F61WKsldkf6m8&z3TuOY~tJ(@I_A%_wIJ{zVc1F&=rSNYb3|G z3BPp)IoU4hePsQ9<>%a7h+_9L$mY9_bHVJIwd-JmbA% z&*i*>@ee~g<;*uRegR`2Vy+6fPkz`Q#=M^~3mDJ49_D%%_Z+&hzeo7d*`7!(BdDX)0dEU zwcPzMV@2QE*{?3T>g8!`X2V(nc*zy2C{WmJ+)zJ$t}yJJ<`S z`we2<-w-Q?&g$O(32WYWmi?dO*YUnne6NFk-N=jHXKBAaV&o;P!(InWZ@p64^Tz{v zZb0|qY2;ghrLEkWcYA2yfrs-3u6rxY`*_doXAimU_RyepOSuk>9xa-R9-Cj?vm5<) zl$ibx#L5FDhpg@BjdKSY9rE_W*kG+y#U?jUtJyz=TB73O>VCw<1AK9De{=tliQv!u z&4PO=y${3@()lyU$0wgeH&W+NKYnN|HocrUq?Mi=)(xrFxLLU?=1lhN>(8OLfiX_3 zp17WKzFqy2;syNZKim-QSq~0^YeE@&#t1IXicg2DpMmS}yV!5w5SBXF7RG-!8-M#whv=H5;~?6 zIZ=Mbq6Va~YN-osK_}ItljucyqKtm1W7u`+$7FbfkKUXkjt^PDJLOX+_k{(5 z>(B0Y!1=wP&+mtm7rB+vGOL!;VCs9=?;gA*YaoZ`J+Z(Vl@; zuDyNPlHAemA=J@%?RRru(!{sB#_3^O|QiIO8XHuktnn zt(?^O3Hae{^p2jBFJB{Hp8bLTYSvylasLGM&>6m5v2(2Kfbr>u+r~$#9czE;eEsg+ zJIZ(ONb}jbKHPWxL%}hc$J&z^BW+x+jpJIzd1&i94~GlTSsOWPiyTY$J?zU)jZ3s{ z#BPe#buKNsA7n0|YZZR5==|WarN`ffFR6)seB$B>$0tKOC(k{A7+-nrqLwjnFVCIV zBA?jgk(ih6hsYsqA-4{#BhXf~*4PVp=KyHDjQ85)P6|AkAgKCXMJkPGj3oZX@AWz@d-Z6iL1avSm)E?GAExYmv) zct;Ew`l)CRolmEGrPsTcGXLla>EZs!j&$f-?2E7Yy3o*GIqelY{~3BY=YFl&`ADVLy_ECVq^pCmw&IlNZ-6lnTfgz1yU%$22(!<4WhWa-&_(cV7=N%V z-+ILB%~Bju{*1fE!|gS0_#%1*9#yaLbFT&ZWM?{K#zqov>$lG-PwDjD7~I@3_Pp-e zHTQek{KdxFzZ$_D53|%W$Qspi>~p?#Vnf93L5(XfR+8iNpbn#tP_<*^pWfy5h?3pP zvy8Vxu`{;dU?i4j|D0=m=9u|??zQy!-QkNp{qwgUdH3%Ztn+Q-R)ux`cQ%NxY!7MDKLG%oWH zAHseqS_=%V_N^d)FvRJvB$t6N;q3X3E$Hp}28Nsf-M+z?3Fw$)?!NnGhW<+EwIV>T zVE?`+LzTob5%w#rAVwtKqm~ujxht%`*2b5ezmAl6{CXIE%p@PC|ChZ1E$CE(ZrsG* z5-WNlk{dnYmz7d0`gC+x>8R4&=+l+__5YUe(WVjFY;yUCUgjN1oLq)hxGShN<+@C`XN*%istO6)#0n5kjnz%Xmqv|lKA_Ke<(-eO;U zvqp`1NdTvMCgGb$w6||HYaeoXMmf4B)^#q(U6!`bwCJsTh2k$iKlOjboOk}H=32gM zJv?Y?!sLk6mzOV_uivX3O0{V6NA77zTW$4x*qthJEz`!&NlMjd;YxX z8;1@v!F}UGdamGK<(TqH(53X=$cL)O2UmYfEp!u&M}DmFuU2l9 zbLY3QU(5aMGqjq$%tXUy2d^ExxYjYy+Q?KpcSxV8J}^6c{7zI}A& z(a1G!-+l&O|7Iq-FqUZ35TK3n%Rdj$=kVF$_ulpCX1~a4o}Xj&Y(xi0CkmHKz+3Cg zE0GU#9s<9MFR*n(#b>NTcJyAGv!+71xs62)qwp1wm5ygv5CkU{Ga4q zdS?gk??h*Ik$+a5D1H%n=ywaIo(W*cTJW9tKZc+r>3l{J48*b zkBymP;HNLCuZ?+~F^!GkoN1t^P@SMMgKlbZ%x%AgI>cCs_d92!5Kf9J5g_DDN z*U!eT0Oq;y;QY)y7>8%uYn)F#yxgn3pQy@nzW*$M>TSliIIEHmNcy z+dIP^y@vU%0Dt(*GJCIFXm7X)-V#3scxxrGa7P6?)~m(HSK)g-eB{}=49{=+wa)FMM9`VLmEZETvLD-G&Rqe`! z$ z3Fbrot?_fQ%d*M4nN#g^AHNR$c|FhEfUGX3X4qi$bT(N%U2CkKL+i*bevf{cJFTAX z4aD1RxzmqrVeN8t*iNS9N1VLcwXBOs@lQSc0`0VxS-N8hyk+JuoM&=heS8`Bx^&dP zYA%pFzmCe&Tp%+U=K}db$7a+~4-Ip56!*OF+w3|@w()W8A5Z|yMZi1=`5c0LVkb7c zb71sSTaKw;O(4GdQ(Is^=Z(O;1v-n~z;AQ`^!|ltUC*_vxCYIW(7YX*cR=$_Xx;_Q z4?*+8(EJEA?}p}YH9_loXdMpIi{Q^iIr~%@TF(W(E72dwYz!J}9g+0PSstyKBhOFw zWXiEE&h<3EX$WvZgBvo?V2_KxcfW}TK6d8uz}nNr10QqtwW*ngAK}IW4vfy4U;N{z zOHLC5G%O3q`s3OCqDkzg1`K^?r8XMN-Ch?KBbm~)LBfQkEe zL}Ekir?}Q<{#?G@|8ig1Ro%jgOr8IG^KSUJ5dNjMb|&$x`VlhCzhF^Jt2nTRTH^!o zZwvp9lGn&*b6;^MUX80QK9b9`Us|BlTv`yV`c zV_I%yePp4VTk+Ao#NGE`aVC1A1O7EY%U=ZKVF`F;q6c~YM=Ig_3iv*T-<=7*JAtoK zXO7?xM6~|+nX`<~TI||T54OrIuw4;=?G4`?d-A#jdS-$zN#259)zjwT$^+wfXBgkf zAN9@0Rk6QIJ#|y%jVjT3tc#qgUQ6ZrBkBjk$7xo7^YKsGKRs}2gO@i@-9UMS^Yg8{ zqQv2fRVtDFDtM&|npW{yc_%~9u(v*4eJsv>{_7L};Mv(!{Lm{ywL|Uh51IJE@XBQ7 zBHo)nIT(5U{ETz)d!FedcTLuG*^6#^WzuYBQ*^p~MoC<1KJY=(@+bJl@{v!S%G<7S zJvxM#w;9Mw47-;g-#Zg~ZE&l0<40(89r$^nw0X9MTH|6|<-^0QWUqCrH<@yd};D-rW^n>tHZll4CD;E-1Dt=b} zSl4!;Cr0AOD`&J8+_hhUXrP>sWJqVJqc0r4x6QGK4aAqbxkvuImt)L!uY9abGPo0Z z`TXO9DgQWwj;P5r_t53qz`Q>VT|E6-Bl!=kefRUjgwf&$-~K5sKNxzIS=wjrCFNlX zBgh4Ql>8~3zqVCtRvUBdCvRMMyf$3?8g!bTqEC~wbSid9DWZaOKF}xk%|V?>(a(ecy1t_gu7RsGd{q-FfeH z^Iq<&q$eLZmYMgCPyPOcdGDmucavXhm<*is;(I*M=e_t#D;XcWpSJLe46OK0b>}#_ z)R6VHAEoJE58h8YIScQ(2)We=&#UL5LAhA^=lRX#Vl~Dl%X&28j-?z5GBi{^q+&qB zQ|`Em!{+katLW8Yzux!#u5~>@891yta%Et+en$po>l!k!+nqO$uc3v>t%&zGanAzl zvZ;bac}>3zB;dJ9?hV4|>4`tl@0OA86;}l8&!(aHGst@rd8(9ejgCo!_*F z2Y&cG|L?&i75-uQcc2~Z@)m96z1w~em_UTa^<=L|{ zs{diL{kr#k>wkgw`|E!bO#IQ;-!S?TepK!60ojz9_>htzzSm)syt-5!xdPRt%KD|( zrA9xUUJJBJT$sbIE}iGdn>Wr%x29Mfs40H7HGLe(ats-6Am)h32li;;j;k8iPgqNn zwkHp;M>1GrEg#_i;yNeRJT%9-9%0Ve)4a#IFUQ0mH)HRbpm#2RH)4xcl2gy+JL@S@HA&ST zKKcvrLVr4Snp|>1>_I^dt$rcvo{*&udTF)Z?9Ox8i(w9O0Ne?|Z7sXw6neg^KF2Pl zuAv-{dbdvLUHH7>vugH3Q_gQC`S0Wur{*O4q0j0&`zw4`OV3u4XY19=JC_^=_pi3{ zT2=?*=0(J|Tfu!3v8{YH!TTRMo)7Qvsr0PuL8>m+=3EcX@1zX#JC19rEBt47TF%M% z$BW^oxO9kpp z%RDN&%2zSI*bMwJe1Lz1e@wnfb23A|G5csFLw2$(?5>+}_IpooZ3OqS_Gi7;sAIxMv&2VJm<#+^?C1{F@L&6vG(K9N7M~y!8TjZRB(WPA z)9?}Z{5$aUsjpzS)@cue0_3U)8W5-45a1W>hZL;G=g>#L3c9K88Dc$#=JQo#GAfyb zma1>AhIdq}tVbRjkoP2cta|cTH@osk|D!99xh>C!Jb83tlr-9ue8~PRc%)s64Yg-; z&C{!jv;Nt|gY#)qIh&L|HSty7dgMaz$i)^V(NBiv@T_!cEjVogpGNdhjQBxyzEg_H znaBIBXt~x;eaFaq)TsfYPuatyXTo`WmtMv%?Shv&t&MjV_KTW5LoR2(jlxj>mYmSC zopE>`UAew~fU7H+AN4L?b~d__&*E>@4SwL+*EUBVrO}}ILv~@1F0~)B!#=vm_ecyP z4kd;ZjRptiT6#kDLd914&!g9w%=cG<^Nk)p)A|1FY3KV~`{lEP^Zgl5wvf^Y5A8S|R&7Y3)#_xY!t?{n?jgLJ7q*IwhJ zOK`sLa%tqrcDDJ}Uhw{WR~WeslZ(nh4wReBMNXb!Zz1^v((|mR?0FNtUx{ya3*Yn6 z1=ZN=^S28&{XjqHR6c3CcCN;QNgY8n`0uRWire7e1%Wi7A z21jTsJ1$)1Hy9fR?r*(HZC7;UH|fYjd^fxkcJ!kcZyB8j5BysDqWEmvK_4&p_1%&H zK9+oCU|;FkZEt+=tI^zmW8614f1qbH>)dEgR9gh!;N1Mcn;Y(V6kNQy5&v#=VgHQ} zW=}t_4dl<&Csvj-zTCtC@Sb?*TR)ea0VlRb^;7LJor}zg=Su0%GW(YUlVA3#kzZqb z@R9x3gLM6NfUf`L!sx-b-SoTljWWOW((05lqKGd?js`2Fo+Jo5ZUvqgVO}{k{vxmV0o{WDPKC0`@L+r?s zS2c3okLS|HDj8+x`o@~gSiYRb!N`41PQzCxG2{GYP_JDL+K=48JPYqN8TfI3fFF(S zf)AzhH_6d`_t$-} zdh+h=AHT%dfU|q!p9W;53BA3}>e+?uOXOZwE+1UDnEo(iLVkX^`tFHk)k~DPlKbZq z=hP6B*HeqX3SV(4wfO6(#b0l+Uenp9J=x^nr`_pwxKOD#mkxA8TCX<(QGA!41mt~xK!1Au3#yY=EX0l? zf5F_4^yh#>t}f-B9_;r3yRi*U%$%|fT`YjI}JYM!KE(>OKL}5BD|t?qefnCtzTX})?N^fo``Zi54~fq)sMC7xn`Br zk9v-Kbon)@4j1m1F9C5VV(_MFMgezrHdCjll=tx_OCF{2Co$v@bY5AwE?^&>zU5$ z%ajlB&u{7Z;5XDd_S|Xks~o-i?g)6kA8tPYx60l*TOYZrZ-2gr+a;&L?eiIM`z1Qe zo3GiY%a7xyG~f%~ij7lVJW4IP;nVONJe;70D!;_bZ&$i`@~|%tR!K||F>#Sw_j3J! z5=(P3-8uKmy{7k&Lzy=QCR7f*4jL*Sx`o(_+M4mJ%kb-J^DMIl!0?3kEPl=|?l(0q z#_(X;<)alO&&AtLHQpG)ZEEZeToJUr5ejHF3#8(Fxe} zy9b9kYYqRa3>j!3?+`);%aDsU)d`@zsS`lQI(~=VLlxtQ$Jrlhx?o!HGx!(ZUHiuj z*1P#z2w*zViCpXPca6=Kgm1qozIt@5g<-A43#B-xbI~HMo&~OqNIaoj3@3sg^@r<@7#PJ3a7SjB!r~&rH#r z^~%JBE`Mc|3F15>6O12}iC+(JWrBN-y_7*FT;J5Id;C^wZScgS zKK;Jd`1*bGzsWh^k1wx!S^=`KCckj1aOtcFO;11@^>RyZAOnxIlK*YQFVQ}0uNj=l z{mtRsSMct+R4rq2zUmWGs5&uMvFbOlG{ z0+h4x^PhhnN}!YG;a^U3zu|xK0b|L*OHMr5U|Nme+$czP569w?hEu8DDRC7%{0z~X_o${Bqy?H@k9gx&L|c-|v4pA3qnqXE+}h1?PiU<8PghFP?5bV#Dpp z?tCPYedpsFf8%_N^v%b#GnkLEzhOR{dQRW`E4J-KyqtgVmM0fEKDqcJ^B{jpd=#5P zj9(r-k&*}U9=p-iR&>Fr63cqJM1OOwr{&9OEw+B+I{kl^vlct-=n?U==PQpE&8UA# zcMz-Yh#Z{ga+?O7vRsl^sS{Qu^ zywaB+3eX}&hmSdR0gn#qpVZouO)mcam`u1w-L;k-*PPg}+aEVQH7pbE>lx0zBMa`5 z&y5-I-W#yTj&Il(-z0X|Klgro{}Uef=01sCGwTw7U+WOm4~xHS`cknI#)sDR2zpR< zLwR)NH0q!M-%UTPascjk(+^uSJY{E`nuE(99)12D`uOtI>mz@1_-_}q5#K#2 zyzwvM@;C57yXvDoR}qh#O5Ib?vNLdxVv#P+3GT9TbOs7*%=5aN8Bfo4;q#rUMHY#P zy5>8-Rr0xj_{X_7=h$=1e^-qYmna_Tx{7@l-TMDV{GZ*dl~zySYR)6^a!LvI-~GWO zo`2)`x`)s=>S^k_t{3J;gI7Vz%`VIuJH8a$xF-)7=!-d6&)x*1$@_UR)GGGFj$H+P zmRj8B>mjTT+oRP(2z?5Kr+hPVdFoNf8$fOVdMP)cb;6t67|PHQ{gx!Ym==IH4$cW^ z6oW27IO+t$d|;>nhI$_i?DwfYM&U6o$9hz-c)7Pq=oki;a6vCDTBBU&gQYwGgV}Ev zTGXl+fjN#suTO|pK00;rj*bkpnsypGl?CXu8#y#{NM6vRlYHQnKG+iF(ViC{PM=eJ z)?QskZm_G+#F=T=5*e=jF2l9gxuzV#Z94Bpx|f*S(}U+NMGq1KyKzRk9z_3U$RQX# z*v6Pfwz((v%gnN^`j&DCo#Id8LTcb`*PfbnAvN3=aqO>I7g94m^}AUYQsb@*k-auP z%H-4A->0um%j@ol{5HG&y&4)zPX%LH(eQ>0Gz_li%4UB}{0bjrvcEqSy~>~$G*i5$ z_nY{2F?hktTK7f#bU-iQ@LJzzcpmqxkBrSYP|Q96J0h_IHfOcg6TlS@=%$ zxhMmDg8s?c)7W1V*ZO>v9Qp6yB3rRIKqJX>icZq`&}lTj$?51cBm56M7ewH@BL8QZKrIn7Ha{Jdp&&OJB7 zw_C{{as3G|->x%Jq{kkDM)I%8g&$N-Ub*VksB`10-P+gaUU!{1V=<@9rKxip+we)AO&hOdgk2uI)_k7*4_p)MLH*|S zMO>VPFTd=IJuUw8;?HdTP?y4!Z@N6Wrzko#-^Y`0!jq~ej)R_K4Nn%dlodL2(~W*; zWnKS+=5K!YHT+d<*Io{9&Vb*MA@$%X*7NxE5|2-@>B?KC_!M2*hfm?%G(Lrv@5iTk z+4z)a)A*F{e?8!=jWc|TPklyw>cxwG|D$oXvYY zez4s2>yPs+`~Yv5TIY^P?Fjo}u4S8hukP@RJ(=~Aa%4?D9`NRWHnQ*Uul4kZ>5)Y4 zcH`rzz8gW74DY*r9)rDli~Bu|AJLEZ2HaF)}6phd|aeQWvMjsK4pl?PRp=*M^ zx<{ke^IRHn&!3;qKqKVZ^VQ`K#CB(wJAb_|o4n-^>m&kv{z2qzSK$5G>PoVE~_KC(&KkW}sGfuYg({y9=82cLLD|qcHU2|pS$5-{P+eP=% zuj8!S_4+rxdH)j6^wF`*@8SS`e;m+fp3YDoS%f~L3UZ8#O+MlD`-wX7S>Jvv!I0X2 zg?MT)bgLomYQ~RIycJ_?#aYlt`gxh3SNJ|X@I6g;D;_iB5Qmv@6n`dH{?ZKH-S1$FwTE-uX4OJi4O6Fa8pf+-7vMu6)pYC9N8GT%` zEh(Pxp2zpw#WR1WUansMhJ4L(-`wo_T5nHeNWFs#M>)O{dL-y8U90E(zEa6ZdvWj@ z`4>MnM=FGMkjDw$?!0uJ)dVQ1{ExyfM)*Zv2_16@$ zUtq(|jv1`q!&jcgwXRQp%09&TK*&YQ5qMwzj`}`Uum<(2FT>wl_h?g=3IBi{`$&Km z{yfu@KAq>MkHh1=^zqXp28|L^zzaH=I2Zn@LwAjZ=X7372RXJAeW?$N#eIZ;k{Gd|}kZ1K(7lLdcMark8Rol{;`_dER>T0^CCHgbtq^IDFx zZZI`};FRROrfv^T=b7K4%q=*ATc-CK7~vUkJtkPUat6n{(EEOCfZfHJ*Y_WvwXTcL zTMO5$`!m;de(mZLY>@S=d3r*>jvz5bq zR%@f-ZI4dv%#ZRMABHZP7xnXf{w?-3y^`m-U-5t8iBt2GLo{<3cKcYMje2P2(5oi? zI`6lxU+Cm;jqm)xB4mTP{Gfi}=b^9hotf9`o_l}4@JktJ?)5Be$s$i{&HDGu@+7@u zVsm65!a8`_rEQAU`M#1^TfJf0XHva%(oIQpN(`MMe!c}B*$Y35UMtvZ#mE>sWA|uR z|42@um-?F&b2V{)J@>26&a9Wz+#sjd@~jtY)$y$IHPT;3e&KKJ%dIngcj^4HU+3D& zf&3Wx(X(aDe@t=!?WO7Co-`<%JeJJx1+$M6sSj)Rch-s5}6o9;V2-!UXY2-te>$PJ@;lh1c_yF3zD)X_ ztY;qJ8|7+Z@LKzPo<-JoBZJ~KFaKTT_Qky;+SD*V$fWF6vYxq{k9;zRoy?h@S%5y( zb5YkO{^SgvxgVbHf-g=1lkxzk;O|}dEvgUJ0<-qWCI>O}^TZZud#&Ibn|-l?DHA+h z@RHew7B|sB?Ct6E$uU8J5m#pJVkjGrs0_H}py{CztY`S-hu;_lS0fxTf>l z@2>YFCEn2c66D{FZgu0PO83m^D%OMR%<1>ONc|xO;`*f2@x%=55eA?OMtC z_RYa-v5|IT@LKaodwG_5lJ9bBhWWWCp#QYqV!O#F_Kl|#&^PSPjrg>fIA|sMBuI}+ z=_u$S+I|l@%g5V{{nEA5(dUsMEt=1_XJx_%T)q&%rEfm5FZ{b$PvD=oP3T1NbQ$X# z7N9GeSYvJ0AXtNs-O8L&M?+3V+d2;IE0=(wIKxFm7KpRxzXGl zYH{XjkLC*8{BWo7W9BcEJ$LCaTvc4|Y% zQs!$4V^o8yd^$5{@^Lvwg`U%01=t|&k$?49Xj9V9nku;EkC}BwR7b{hI>}_yy{RS!G#|>bcvXyKF-O zJD~4BdV>4NCFs0h)g4EpgQ%~qPpc1NSJa0ldsC`C6Zn4bvnMx*R}CIKE8COg`BKd* ze|3G8r=wi>WMdWv_SC9p4{Dt+qx-!)<|@7m7e8*otLt$WC;SZEpX7VuD(Xo(7yO#@ zh_zSj>;M+o~a&EBIQmZ=0y_4+&kK#Yf#V+G3sINrQeKYS~$-Cp@xEDXr$lFL@XHInO9`+Fu4=X1xA4NToF={Q2 z+&Hx{&C}_=#|off5j6DiyZHPEPxk6fKcC+nn4cvR6nu(YwvwP=QGjp^4KK4u-;!g(>$=V>^C`vl?W!ZZOK>%q4H ze8&^ZnenZ3_|3K0hx)>?EB%^s(IzJyWo#7m~MEe@@KzFUSO+B{S+_F)<%J zY}P@+&#PqD`2Bg^>-v30zL>veeDC5C;z@iD51!QfT=~=cB!52-KJUt$p7Y+d8GEaD zJ;c2+3Kkj(gB8%Yrn3hP8$-ocw`DLo+{uBbE+_fz3+i zYr*gvcp}=*;fWmNSM{zMpZ*hlevd!lpWl#l9rIfnxZlqoF9n|Q=1Dz0dRF&VF;2Dc zGPcj*qnLb2e*aY9x^$wRkzd&Y%vQLUkAKw0cNeAzFh#(j0)NZIRiZ^n23nM)(;}r) z-5QHCmzm}_aLv`V(yvkNsZ@X-FN*g3g#CRzf8nt4uScbPQQ5X6w#w_lsWSM7jU2_$ z+vh%jzr`4(*nX|6Sj;@vpi^Ww)VBop-&-Ur(8< zr1Y2`*P!@cqSWgG>*#@QIDVq>IjS@CA_2GO@6L4L)*O3s zAenkC;7{#0@b>z<@@qThFhBVH^8c0VHNG$K>P*WKz}%yre&$fVmt-fEkH^Qnlr#1c zz-ZtG4+A&0PI}ev7Y1e5pKJS27TDFJ7CfKmgTjC0-BTO(p9cP${tobW(68d@T0iYG z!SD1&_4>0OU6b%iJ98l4N_92$@3p$?*;>)9b?Bin=wRh(bv?p7j&aX-XhlyszdPqU zv|^9l?`Az)>u^Um>-kHGkKfcjaqI)Pi+$jnb4!&s&TYAY+Kb=6B`3RHIobGEd-odO zq@1j`S3UFN%dPGJH2b^nojxwRI}5F{^>;Y^FlR`w(aw5=*7H65opUN$(J3zd%zA`Y z?sMqpoKw*{KJ~jX7n4Eg?={lt0b2aBFACq=k>#6px?#sL%++j z&@bEmR@;p}et-J45?8E*$LQ}!owdO`kMd3x4F~JT?aCM_wEn;6T<;tW->+x~CUYSkA;PSbP z(L1&19p%5|+r_82`7eA46QA?DVtMp+xoo5SR_&|0k?WgyPUp(3L}z*D`)ovK)nOam z>nHsE`nBk-l4$KHy+i8-|AKGh*IODpc)#M5TE_RD85Nil`7s_}4`W_3>N>^^+R11B zdU{=VkbR&s$^MT5{@eu9i`I8Og8oG7C!H9SIPU2x&O)N^;^}(#Or%!)={S0x-%fD7 zkFJkGvpUhu&1L2VXdr!G;_e;r8a-y4di8zpIrZuKe!YB!ruU)2_p;Dnw=dr4m!*H% z!~aZtsSq~ugZNS_jqgRCe?|1pR`R0F@L{|lx-+Wt?k0cARu7uv+dJ~0cz)Va>LSp< z^Y{JsRQvIooP^0A=d~OT@TEuF251}U^&@s<@xu&lC%q4Cr)8mSaK9v{|0_FxrRe)X zd@n=q58!*b^xkIZo!^Jv$~E}ut$7j6-?;kBX?}YanwLUzpRQ%Cse8Ut27Z3A=kzlD z2K!)Tl4<{bN!j+N_4KOne3td{TVo-u!6Sc|*Db$IzN&gCrDu=5qFyfQ5b%@e;Q09Y zE#*ttzYe(lI!@UE2`^&MAYSTI(|UTRuPsb1RW;Ro>PyP87T~)UwtT|F^L^s$ zYqH?^d_W&>hgbde3NOC%^QYz~>E(IdIeP8`%uSq_)^E46%}qrXnAIoh^KoaE z`S|evVm|WEa6SsN;O3tXuU~tD@maF>PsXdse~|Z3u4a+R&pWkGf6Yv_K=};*x>=I^ z$3kRI`bW7QZ++4)wI7e`W9T0Bf5pg$6w`P77Irp1pL$zklzuwL2Qsxf-1n$JN5Sp^7Z&Z^Xhn~Y6y28L7&XP??Q$&{`dG^l}B9_zHcXoL|ygh z)<;IzW2v?J>#8et7VUuZ?Y67XkDp7`sfpi*+dn!^?-4R1TYr!60QL^}B^!@zV^4@o zIxXA&TNAR#e-b>T1B@Su4yYG>h%IaJ5mhtA$19hflAJ5wth&l|n|U|+T*0Uul328msd-| zW6HG|{NN?&g+(ro&EWV+4;SW9`9}3vsE#s9xhv=)-#P&=RWAn5S@KEAS8I(1cxxRs zHlU}Db=TgSKfZrl>oryqcZ*)D+_NYyrT50vWf*JWeAa2>n~N_usrQL-HJihtnF?y-V$yG+aq;)6f+ok_(9aPWQbyu9; zJ`Tx3-|as7&VC<%uh^eI`sK{vTi$<85L1WOIq7(n}GoZsV%cj%W?*0K#|OXd=77#(19wfqwc3lQ} zP^1U6-FE+L#+|wI0HWp7zd(Wczdz@9&b{aU<~J~dwza%o!@c+SaL)I9pTFPpJ?FGz zFUNtCP0TG#)iva5v$dg{$c?!(7lfxxv$==NjbZ)GjNrlxWRHrtu6kxY>&{zXAN7e3 zKZ{;R?qy5A?Doe`hPaUacjwP7`aRDSIYCV{0YTslBYiCxr)678k>iwRgW(nnT2PY zz>DLpX81!shUg+btAc*B>>dJZs7qV}pKiyW*^WQ6#nvZ2#_w8we}fv1?NftY+Z)EE zx3h+AEbFOzgX(lIGT+<6S{LRJSx2x~>p)Z+vzva^-xjYw`Su0(cmwt?VlK@1Uj}}D&!ycX$-}olgg+mV zku@>bR&q`FlfQL2^!q1h^=h*0sc*ejvvzq=kUmr$JhkLR=8V|W=T+)8FX5Tjm>b9> zPe!+mYWv&o_VJrqurlaVU6#%cr;d6R`=_p=){1$kEbpk!96fQL-k-|*As?2RdAAda zQU_k;z2!wG>`Sn|;??RPJ*tR#1CM9?8d$+H9^K^TFI1bVeUty?zpURvAMMHdUzv8Z zfoXT;;e5LmJp1!qW}LK*3~vaK#mA^&3UM5^`SR2}{|jG-*N6Q6JZ+l(R)zf~ zy#8MB`dfq^jE-ewQhGKx&_E4TF@0*!CfTOE4_DH*i@H1mhaKB44~|^@3-J86g{NaU zdRFsi4lav_%?I;%$a2rgq?5;Eh3}yVd=Cu(-}*NQ-wuPnd_9`u%XV;=XilW@$~;@M(eo|~pVl*nd|4FBmkwWH{ck>g z6+G)$_qBq0Qt{82h14^*k4e|@y%xIG2f@A_*n*M?vuEsY92qQb$HTEC%vh>k z&+|ZZ{!Vp0K7V#nE5GqQ_FOK@d(KxAzW&Oi=kH?pX|2clKFh%v4gQq-FFD`gS!Y|Z#Y!EJl6X9bkeA9}JqGr~tNm~hA zs<%FkXS5E{td9a`Z{4MwXOZC*@r?5URMYF@a%%+cT^4SgSLN%;%^q*)%+9EO*lXw+ z;dkjTY_nvr6d22ZahRd0YKn`@dXY|I;c$QWvbKK$W}k1r<-wNIWzazUwZ_8f^qJO& zKI>qvw*2hrwBJPN|7O7ZXawGyjsWkM-XOf?2EP@#`WeF?$V(vo22QJjTa9m=I|l`Q zCtG)=2b1vjF$;&}!O*ucv`d>kS=kpu-?cIQucQAJwtx8vsyV8nF0Tf8nGIiNsM(ay zDqUshYGE21foXz;Np{_bsmgFP7o%V*O)KFfHxlZ-g|9yI=_oje-;{&Py9uF0}aUcU8E@Hc39 zsBf)dp8rVn{6PesO~(LFSYHv*$I!E#^K!-C9r#@?{>$0wEg_E+uk2F2z<>NTIa7NU zPKW9Rw!YP@;d1*ZWUkg8^yL3vJ+yRT1m=4z%)fTD&02rWqpkFdqvyC7d2sei@QyyG z`ROY1DK)I4&cSQ>|At84H`~5*_N&qQrXK%C?bo2`M_sPJ2S}Ve)KN#^*Wja& zelMaQGSUyoplnypo)Y&?M?X|?jo4*W#s9VS-uN&^9xYu@jlea|!X^LIw@n=$jRx9p zCZty(e2!jGf8#3P@!@#=(n5JFi_**T%8~qyMJE4L*#DA};E`t5Q#t%dhnm{cBg~np z1}%Xv=H|@Y9GMSqCpOZ_#7JafWqw|4N!9!MpAY5a;?Y+QEp3mC^`{Sqy5;8)oKJo& z?<+>vADQ#73_le514Gr%vtB9G&;R7X=IiHG7Dnd_9E*M)3V&P^;g6d=xMX9SEIc`R z9t3~PiIE@K*9PRr#eShbtoTp4!;-eu5jZ~V!6EzzmQQ%N$=L@B&rt2_x*_^=+Z=p0 z7d0*dpIe(DIN$5R>1x@eZ;hP)5BYPG{=1Oh4qcL$`y9Vn|FiTB!n-3zKCZU-9gOet zs|c)5$H59-fBn5sew}Q{Kk;!o&(ob9+;jHrSorY-)~Ne>=(`b^MCTuS@C=0?!}+2@ z{W%i-8N}&NTT@nL>oYVrsq+VvYvtM@)nfQ?T79`rKE&2(1v$@kxwC^(tF4s@i;G`-8A%w0>0Xx2YM`83>k6#Quf;05;9g=sIXr zWo_C#<)vL+Xbg>pL8IXwUPPmlEKasXXjF9|Z_}ddgQv#m=d01rDXX6yPQv_LYW>e6 zw0Z90ye<(8zh@r;`RsclFwFCOKG_c^k5kS3Zhrn+@t^cXUth`EN_^y~5Az!RXKBBS zd|#Hlbr*R=GbhD7OP2VkYeG;^-~E__PkCA3`?=sFPngpejbThZpuS+w7e7BF_&!^P z{bD~qha34f%BLvj+hpfRW->>z+|H5cT01iOPJ~N)f@zMV$oH zRD4;VzCX`L?c8&@5qN)2ro~Jz)@%67>d7hwDF5qD&ZBQr|tOP73uf%H!%LaG2?&n zXz>bhjN+A7ejOjLyu{vWf?Ih|@yDU>gff0C@k)85oys!h!J2b-sdfYPopW`d|sqUw9VYa{6f~{PduMX-ml0t2~&5w}&kpL*b_| zzAB72a`6@Nq}**0Iz;oKN$8kmzU?&lYx%UW4pcf~8+*MP8xxF7KlTyo6RaL!etU_V z-^MnX`RxRAZkjttFwZ>1;xbE{vaJ|v+zZ|-TX@=kvH_@5ma>*wuQbMckM^U>m~ zIWhcuw0NO|@flbw-Y@ZBasI;99uEw~Kigs8Da8L!{Mi}opYP-8-4WPKtN?GE>A|Ns zA>(wP#oIvkX(;@8uY<+n>Gj$|xh^{f{v1mGuSDqdOr-x__D+%SFckR+_iHHh=avk^ zf9Bj3*&FFCvu2ds!%B3|u*&?|?axf@e|EdM7ISv{3CMzf?@ZfHRm|D#ve&ZP^3Q9? zYsl}@@2I_&>^k4?*B>UIVRL+m0nTi9{`sQc9a{QT4|jI`qdBkr>lTN0?c*Vxm*Cs* z$$!Y(@aTC)W`Ca;|M*4cAN%+u7Lore{KnyQx_6$t!<(+T^V|z?WMi14;pkp)G~LgG z#+>8saFhZ^brBp%2Y<-J&z1;oIz0boEBE63i?uQNt`~{dRuHdA4<{{-w3mX}D}lIR z4?a;X_p-?^t)Fpx(a!41$ClLxiI*D3hv&W5a^CxlGaus&_@aL2z00R`JaP@=ugZ^q zN!)qwZu|k`PkQ5bdho4w{IZ2RqvQADgn{Z!N^~*RJM#8s83n!h(fU~@o7VTK@_h5?eD|^7ZyRgIef({Vz$aPV>cKS>{Dtyb=r78D ztt76A<}&V$;AyD`hi}tYT3DP-&%xvH*Uu_{FdqNI?X}?cUr_F_ z9G~krV&dWWWSL|+>s3lvt5Ry}b9zj@A?tKZ-NbR!O$=`v?({-SSYP&o2;5F@brEB0 zjh@?MZlgCAr^DPH!m6Xy{*%VnSQX|PS9-oibU%h;;m2{TEAZuGK?H8$dx;0*Q1HDY z#vTkM{=MA6mJD(F$p~yN{+;c?HE}JzqW-z|7mCt#u>Sep7<|2G^V7b6^ceF6+9N;3dUu^krZq*%QLEl_wS(2t zaH5GBV%epB?lN@vY7dnjX%>7M$72oQ~NeMP~^qU&8N# zGh6vxaAqsN4d2#}KjM7h63yve^}+mFTILIP<<`>L{BDQpV{J@)@VP@v`#zADRpDv4 z#nWadla|+4dU=q?BKjlT|Eo|Qmr&2!Og(QAGN=59>N;lP@2(0`?AupVQ2P{Ir8(wz zrZ;Py2ImF+3b@E`nDLBeJnp=p&FrZfJuk?OWe4y4G%}X|S`+f5>bw28ezI5J8+U%t zP~i1b#l_q`%zWS!G{Y|N80Bf_)vepJ}QgNNWw?WIm~R1s-;fV{InmHEpy9Y10Ouo#5if zYM*;rgI9GLa~`x`%O`m|vlpiDAD6H6X)wXVMZ1TK{`R=gpWTH%ls!&Vvc98wfb|{7 zc)|LPme9W{jqv2#EDX7N{Z*k4n($&ZpFeg)_#=)!RpLu}qbU+z8cb?^k&A(EV!fzJG@Fi^yDObs-Pv z`95$a`hS#m{O1*W>YZ%voe-z~I}feO!y=esSJJ_%yNU!8iy7|MA{*Ppjp7!AJ;|t;QUT?fUf35s(sBh}M`+9y#1fQ?) zoZ~k)z(l=ARejGl1dUk&&?@ius z$FGYb`k~syL!mz`pDih0kw5vvE3F@L8h%I#e%~1WbiDz8L^{E(8B|UA%&|xJOCD#h z3m4Zao^`UVPX}KpPkDVP{ng1i7OF3iAK91+h*iUNiDU7F{CMA&;qQ2TDPC~xhxyHX z`yJFbYH#cl@HZtF%nKZ-3s^&YaPluTH!Q#THS!yZi<{X`q9O=BXZF~|@2?y=f0<;o zcGSFO9q3c-jm|k)_-chQnGe@O53acNkYW6guh-OmLw!v}Yx|m#Yx{tenujH=?Gw{o zz~=VA&h3c}oEO!B@_3!JMnI0TY&-nV=;cJ}nSM&QfPiEY;IprfiE&YTE5KC0~oZ1a5QyxeqGyG+ow;Dy{7%b@n*62eSL|weSM6(FG)!N z=WVoKllaujkv?hmJl!h0WbS_>Cj#(v>O-CMg0TG z!{57c+V(;|di$=Epw`xLW21Pp+XG+e^n&z{4rzp5D!3JQM7A;8nrg37=&c*VT+ib%Q3)${1&tSoq^)9QZ#Kf&bqJ z(6{4^Jt(BV)?OE(>m^qy={)MJzlxk2d|7@d0k=Kic56_wQ+sFUa0~A5F0-&jct^5# zsRvh_zF8abhn@dgjIV0s-0I;tz3=O{bG&{W|NH)pWJc{tPx%E)uuSQ>RLB3UYJh^$q+tBC$R z59gi z7i;bI*D9?(e$dj)!3T~$YjN~ za>hH4>&e;E4g7a<{W5BWFXKGCVTobs@kgkkWB6e;IkFr-q$Z@h-9F@Fggy_p3mRsEu=}Wq2tk=&#_Gz!F&&=y{x8I}o+RMsL zS^a%6XFUu55AfLp-R?#wNUpoV`-xmPIJdf4^JOi?!BbgmgXB^Eq~=?sTeXMYYrw4< zaOwFD_CV5pc-`=n_5`k{?YXpFitW;ws`C3(2RM)R%vol%r*@33pe?hP9z3b{%|4Q} zS$eQ+qVo1}enRJp{xbilhySUZ|9N;se|!iR+W$_rSv1k!W3SOyZIW>Sw``T*a(gNn zxN5Lp_{*2ROZvOWu z?wk(4CkB7g2kXG0?27y6_<51xuXpA4!Io$U{@nbhMQmpqt zP_$U_Nyvl6X58*QW5dCp&W3BIUCmQm5@~nap}rp)yljc_o1mTK?1M2lX^+9jOD*g% zP&9I1`HAAO{^w1a^BTcPH~WF~@HdQc^j?8)34C4Rb!1-q#%9=)ql5imZUAq6%-qG{YGy1G2miUx>5337a18(`r=py=2OdQe^{qVHfF=Mf9 zbckPoZ?fiGgg-sc`~S@zYR0Do{%)S_pq~e!mH*5KbcQ+n*a0rpMv3^7=dTZfox3Hs zj6-KO>mAWVv{BoN$GYK3ou9nv_=WqriGzB^vIiRSoZRqFItz8ih=)9v0@7J(LnA%c1YFll#A1a$T7rMQM z-n`iMDVx+xzq&6N^}PC%{?K!N`E-Zpr*e*R$E5)R~_w6UMvX?!|d_~VJf<3jl;e~j)ujZ^aGk8>b?8ZiJrecI!vaKF_7_z6DB$o9cgar`7b zUF7kTvANLwX!O&24)1pjfOm~i`vMCG;z8*P;oRsF^L}_uG^iSY7uAM=$?}Txam0su zPw|rQZgdrGCTK@^7aazJ-yi*Ryu7aU@Vj?}Y)L-9;P$i4ofD;e1G-H9TZxrB`3~Fo zok34^pkv%QG1{kAXA|9sPcEN?1Jy=lu;16C|8_qSyfmEeV~~5}+sQ6OeLLQlp1e3n z?p%&7ksp_-P93blB@L(c2|JrUkL$U)mX^@IVxQ7o=t%jP(*5!SNAetW z>E{EAR$1DWU(|%myYXloI@_s7vJX7hBl}u680{u5mdghGzrJbR=(N|sq25_3n`CfOV*Jw;^y$B|ivDx$!^64uZM(vg@(w$HPd-(C znr$~>+Z8MU{NvjEj`*ky+73s4&@qa$<%^sZ!!zX1^7`G>OZ4||l`~pi8N9R@pVayO z^7%9-`QQs|{$m?75Y66+~Oa@=XD`% zd*LbhrrY0F`sDVDFMV?RsM06p|31XC+k;_uJ%KMVERn><7Vj%vxp3K;(0se`-^#52 zR@xRMpb4~{0!@TN#S_Nw1*hG}o$6zs;9g%aY~S7RS!Mt{Wxmy4w&K>Wh5H%z_h0)M zqvYc8gH887zJJQ%x?y)L?q&R!6_+jU)gN&02A^jW4@-8=#_!*Q9QKMwCV*FTo^UpU zvCjnF?rf00NPY+Ms_XJ+-971M-ItH^UhA8fXBdCnGvjzh?_}YjJ+z~}#f_hZz0;oh zI;ULik=wsdHa5dG@zo4!L{ulH`iqWaQ)uh9gtU{cGqkk7bGFd_j^o8UVsP9BJrpB2 ze2Dvp@mZa1knbTMRqME=r^6T~+14(Zz`v7UyMTME!Q%qf8*8i@zp3xzQ#nS- zR0n*Tvw851WGX{k)yeyHypQc?pHbfDp25oq-h)5gJGmH-ca(>fF0AF9F?t97Gw;CP zN7L=nt&-K682rc|lkOVme59!ZISu7*e*JpiQt9oM ztKoBaRykJbZuyMQ0b972Z*kkxJSRP@`+9CZZ3*vcL*w|g^cT2L%-t>B#k_=U$SFLt z4VhHj&3UWS6iap)c_?YCGBOpmskT+OrTribK3YQlS3J3e_tl=>#cNxA1`Mn@Gn${AGO}e^797kOHGi3l?K4MkINb|f`hxO(KSeK>CCYd9BGXO${uzFGQ&6_=E^dgS@Ujb8~YV6b?-*s>tp;s14qm0?`}Rt%Pjq^h{RONM_dvl z7q1j9z?*6bL%maMVjY76#w9&n2M)T>GxI$hbTNMUwc^R|Fh?psG3Pr$kErit#z`CU zla}ipCyzF!>q35Jk;7RHJl()ks0&MsE;KNq>%@b##lVD&v;v#Mg^?j}DSf&ex%!la zOL-Fchg}9Pr!T_T+QhiD*$G_Osi%~mTO5Hcs{388s4T+gE_Zy1<#(+QAII77he!0c zuh}c$bKsl-pSQx>n)4N2$YV_FLXWet^EAnT;&AzO=blNdkbW0kN_eLfdWX8QlvpYBRE3X9c)}C%d3|1+bj$@ZfA9 zHb!kFgObI?L8)!4n6_;06W!adEo_YPRz1jv+S~_CsE<8Kwoh#p(^er|Vg6HkC$=qk zr~(=d2R3qlJJ+kNGH^LO$oYwmKFhyRsD~VVw12&`&pS;1E^nX3)8ZfLbLn#Njr8vW ze9C8+OsRe4h0&3r|CbDPXj1jE@R0O#IJXt@SQeP&y9=+feUc5M|D~V7yK=h&<%W~Y zlc`O=J@YPY>fJ8rr}s^6nD%>KFPmua8^MX}+jTMc_&0Fj+qXH9{BSNW3{I5GJf1OY zJTn=q@k5}i_(rx@ajE#o_^ZgMY_XpkJ{Mon<%ZA2&g*;w*)Z92jnn0Z^-MTk?ay0c z;#T=Fu6?y@a>Vp)a>TY@U3Yye2Gm&!YWEU&U;RABr{pYbJ8XBwfuZM!%VY2;zvf|! zOCO(84S(hR1=$_rCrrejK~@Kw7uNi}@{r`tpOXJ3|4jZvTwYjw_yBe>9H;WiAs@Q; ziqH+RZNlMv+ST`2k#=)=Ve216Wla3^__F@;<*$Em=O68Tn{;6R^N$Mhz*k{IuK^~; zHc%e;Tyl4c6z_zVVk_T=cLLOK;JIlMO z>6{Erx)s}K49J0G44=j1f;FbDTrLCf#pxsH8wIy4uoSgDAi}4w|d3TM*VEdLXXlD%STkz@~_4{_)Ph;*`t25Mx%OhDk zH`q3X7v+YPqdbF8haZ1@arn_#grj4{k9$9gBduNb@uS#Ixb?@ZcN^$i@op|BV8=ZW zuPyke{(4Y&y}|NYfjx+vA2k?$Q>Ot9UT;}4MYd|?>?U@XDS*9hhZC* zx8NJ)>BR4G{A&CIk6*=aYRBhQwP$E6dcdcmgXnUk_}t0$Sp(quArIF+zUP?vo_s#g z<^JS*%b&Rzyp~uwmCwMuY&z#>0DBg_+pSm{ou%CIN{Ka>~Qd-(gN!^D<>7m!q7r@Nk3A+wg+%l}8glKtsi6F0cG)@)xS*i^JFD zG5C7K!&jJ3&ilJ=zUB?(lP7{#{AS^61~{6@IF6W4h6hbPnK2HSPxhV}hYuuwI*X0W z<&$|goHrU`KDi~7pPcQmzjHR!{*J@#D@*(HVlww6UqYD_QIu9lqOO z-|d%I=Duu+?CsI?zsoDHjlq-btzv8K-{b9rR!sL9(vpJ*QW z3FVQwuKUveZ$=)uTCsxdQ*9UIk?TS{MDxh+;GKdza^(FZ<&n>i;O_?(cMg9pzMNz7 z$%XM{=e6+hH9=t>`8wr`3-id0@IY6+t`9AbTumN%2D!>k^pa|slO=UK4UbrvldLFT zX>_b~@5t6=%JD23)v_#e6?C}<*}4{;a~*iBhj)pAdTNHANB)v%;Jrm{qo5+F6@_2&cT(>C7b*ia5WYK6Z-7|U~~8|v_TdXt0=!MzgFc}?b4{eh~$$^9$EOQ33*+)WaYXvhi`Jp z=yK(fuMe2lW;{jsm6tLW^BWy=139r??)73rbnhJQsn#vbC70|J9(7$c3d++d9=?=! zrjSbxX%e2HwE{Y8uVd*;)q-_^gX|U12fQk8RS!JM*%}?cCDawty#}X2>EcU*GTUCr zH?kK_{}!}|jZu3&(7qRbQoB2$kIqt1Zclpr657kdr}?Zh<8R6b>Ia`|54tJ$ul)4t zpm?Wpc~KkfVvzCyXtgw=pUnQS#Ng5ML)Wptdjk6zPzzqgx{ON3YVgt$m~~d_SH9`* z{!hpgFVOA@MVx`UD%>}&3Ov4A9iD;uTid7eSLfi5M)%*>elZPpKRxx?h%D&rNS}X0 zx`h32J}1BLNiMGrJUcBs9mC=A5zyDc#az42X6?XlbZ}|^1nFt_&%vj9{wRFofsdHQ z;G+@xiS|A`1#|$8wGlW}UvBVY;aCX`9UN|bs_TD83_V6_KOJ~mbIg7ndXy%@h3K-# z>tF5rwAt+S9k)I!TK{hLb65ZHu4+-@{Ez{0fouz&SspxwF7R}2{|bwff%dNm=}~z8 zfcSHT&bNhEOy6}OUtHwzh5DUh`_1uZG59 zZMd~+|EycbMAkcrzQt`{&e6BH?TdW>M-Nt?zV~~0lq?LDzC)3RTRa$quNK?)kmSLv zH_WexG4i1Oq1hkG@ss%ee&~D#>xi0XU%!9h$i(8!;8C`3K6t!@>)~3}BC|e9a|M^3 zIMCWC;j^Ue%p5*T+D_;D#okzae10f`&!L`Yw8QXcK3>)Mv>%<~Rq?3m4vus-=W{Pw z9<_1S$pgT7S_ICFlcDM(pI0*!`Dq;Q$q(zGRz>9cm9z44Eq>^`H9{Z^RER@WUPO!yd;E=+_k2=gn@|KYwJ=;!C*R&3dxa?V0y$**|R#>&oWM zK4ZV?vP}&s{?T6agXRr>Lrp_iGg97m8Sky+d1`Im-!i*$zvA>?algPW;scAH?o;iQ z(Z3~aX}+)XaN+aQPb^NH525+O0{!dlrM888&VP_CYEOo1J9W+3^KiXxp1%w)85>f% zuM^%ob68^Mp5uq@3=-t?OE`D9Tyj%t^v|WksG&H%bmtbH-%9)2*cUM%Yp4UgZHw1weW2-FwY0($>4kn z<0eF@f(H;1tgt#~tNo0#h}(e^&mXIR^GIb&V{tj!iyc!GMDVAR>U=gZs9 zXAd5KP9xcl+B=Cg-m^>x9nM)q*j+}QhxZzAI-S7LsjO^)y5TJu|+eu(QDv*wkX=x+sWXRZNW`aHCayumf811~0%>5i6S zyZ2Wj+!yN`j7R-8YFvEYz$fo?%+2?aq;K(2H~A0IIXBmlEHUwq?7d*isCI24zU)Ql zFyiY@;#bubXQl*P3%G{=JCWbO@lL^X95o_*KXq%E`!acA-ra=1L7rz?4{e-4f5Nx$ zE}XmZcBp;BXUz97_S1-C1;6@NZH>-Q7e0ma9{N>|Rk_z2h9!4Cetg-^PI&N4Z%ywa zcrin6v;$sLjf!GW(QzTQBcZ${+FDdc0=%CVyyu&oLArZ_2k(>+UI(k-&cVw)2k%B7 zUfPMmI~W*MzwcoDTMx#M^ZlFLgZA*ng!JtfVgtcRf^jLAn_%2kj9cd-QO~t;KI85J zm+-Ec`&Ioxmfx4rj%o;tM}j-XSUk$q?`~}6d980m*O}*w8qh`j{!8KJ3i{yvjCeA5 zNBVd80;=^ha%_1es&~iS!+T|^1J1s@+sdSo$Cjc{9%mzuEyacMxRk!W0Y9w*K4eq8 z)k*(dw{h(j?%fQ}d`2}y;XbRv@!0Evb-l>xanScl&VcU(w(Kn_-U<1&=QFl8U3T&2 z)PW2#(F+f6qm9+b`5yRf9Bqu7eo9((AM(*1?_X%!D`*S6?V!YOTL8W|_;s^+xn zGS#$`Z>J5dpZxsW4=rt;LhUy&U5bt{b4$o`-^}2pCq9WRAVZaAeg8%2(YM~Pzad%i zE6Kb5vb5RAKCGS4?P8sc#e7>k@{_GdOv=!I2jhF-VR*J;@+5t);@Rmz;z>TArUqr= zD%EPa`9t(WXt$g13H5L8cR0Uk@9*Y($l3U^ng^90)3|8Q>>s{L@9k`owBR!i( z88_Ev*naD6zxJBxS7%qMUwh5;tMe-pSG#MniADRapr7yZTnugsaDhH7z}4>4f|rKj z%j{;)Tpu^8Y1SHy{FqadP^P2w{PfFnWB#JS*O>*+Z8Z2gr{J2g8M|2@F%Mn}@fw3K z3yb#eHT_zA36^>bONfUM7PF7<#W_3}Sn4e-_BjJfy@kbIGq7l_#`N0Uy9S4K;Bf7+ z;P8ER-3L5W$$79r`7J3@rCf$m5Sz*>`GqC-E1&6JFE^fSEIjKBr&;!Xskz@^e(Sz`>YV*^vhbJi9nVV!9IREvDbv5+ z-<@J_D}?2;pY$ztwnKUv z-Mdcvbc_Cv{=9E#%I4cDiSxvRtqX$}TZ7VcE4uZxqTmAayRtOhj9onqd)tb=Wlhk= z)$)0HwlP(jp3XhRbo2RL%Wv6;8>yE`a?QPyxdVJG#-`nY?@0VT>l3L->>GK{wz4Ofd8;CSKxQ)yK$ZE9Fl1y_yBa;Kz#= znTtdRKEbnz54fkk-a@{_!KLS(7R~1J>GvS>|}5Tf@P= z0)Eig3t*b)!9)zA4uB5*Qx`TEjbE3W2@0nUw^@Jsdsx9{CL(0kw|`rhfh=l3~>ccCg=NGQuXVa0sDLH>HHXL26`{1zvsR8-otxU zet$EI2JG)Q-h0&py%*EpF5XkEN7a|%4dMdLDc(DB>eJ*f=*yi2em!S_?O-a@j=x4Dc*xXwTr8qLSbO^?5(`pp!o9ujaf-e1JOoY_fgo8g^&eN9eQuW8wMZ z^`8jOmzW>ZXFYv(ux_TCnC_C`!V9q3%)eLcbA4j>CrUTvYQVOH^J$_<^x9xyJ9P-K zO(u3Y3T#g+|6}x&g-!lg6gFg?d8427SRi{Jl? z{CB11;OxGOvbCMaXKrrW=9CQ&*n7V~E=}zm@0fPaCXZm-40E9+HWymjmT`0BE;n5U zOv8a~1hNWWOI~;1-CtgxjErv_Ip(nS=mpI7u--#^4&M=!?wrlv-elR%9S0ZPH8m)=bsy#AE{5TQ zuvV3^sm5(#5G+>BuWF-u!O3RrJr+Gsv6eFJUGX3X-n9ZrTm90QyfU=&b?)EA(9r4J zuUT56ZgcY?;d;ixdiPGoA^M4KqMxCo@_9j!zH0(@pc)&EjVF({#GP+G4?nvXJeQH@ zlh0qIIRbwFHMK9j(4kDe0QkP2b7^Xu-$ASqv=xIl#Rfgf-9oP`s7=$e70d^u;G-wO z?Mmq3@b37;=$#yH%G#uhiufzI9^r4{NIZVV0QmV=4>vx3!uh^DejGl;&kjcyoBUj` zVKngjFgRPel6+)UrY!x+t|Qw_@t_m=2vX*O8Ouo@5~b?TVSFSzeiXsf~Ne2Wsu!1M6Cs z>6xzNP3ybhu@FDiz@q$pqHXDW*y9%7(s$KK8lN9LE0)xHqnvJ}f5jO&-Dqp&a`){R zqW3iy(Sf{o!k1d7A>G_XTMN)L%Fk*H(hZukb9zO3Tk9_s%Y2HlDBu2W;edAJdk>?& z+URxqR68B?p&WJw97-=W1p9xeI!4KaJ}bc23zn}Jp#N64pO;>VF1X+7KebPczIZcp z-pkp;CxPDSK(BWq7o4HI!O4PjP$Tcu2>-Iz$Z0q)71A{rd1&bhjErh0oqR|~xwdp& zv2fU4UI%NPcgVxxdOG=h;*$%JWBD2b`FoCcKXeq{joQm`k$Q#>_`>iG`2HZ{s%Lyx zf-kcc3;A&K|Es~Z)(S~CI{m)@o&$F~7ocm*7_4vNaOU(!&dxaBC88@NgQvudLp6ia z4f>axPmb7o@r&j)OPJT(1nfU!45|;*9PHhULpE{-pYH_sCXOE)?p;s@Ew`I7p$oB9 z?eLCSv&FUT@WUGBJIt7@{T^^k_P*xWMYkuZUy7rf#+Y5)U(YyuKOeoTGl;6G+f+`n z9vMc*Pt(|1g2ZC+j&k6W8K3Hzbxm|@V$9F+oPjSmzreP)C+mNe)VvMPHGmVxm%1K~ zr~mUIw)6NN7g>KVd~Xf*|48^QrQHYd6||Sd+3297;fQ?MVn>^|Fb>gX6`$HmLiGcV z9-_s7cF5vee5rTDmn(SQrP@L!>Q za=uqFFsZ(*6__N~&A=r+_5x#+ZI=Gp!*}hiAe*m!$-B@Ck|VvNu^1mo`V3jqxP*ty zXs%<2I?>hAYoWdfeK!BQ(;edm7`J$^HfGE_7_an<^qJ2iju-TKwEGS}%zYKqkETAP zyv6YJ$Ea<~;5&6BZ(c8Z<80CI&&LMo+KFa8^?}LZd}Yqh!PdP$h3_N3O+L)KsUvE? zQgO~(jZHP!O17VTQl+_!6#!GqcV}eEDJdrGJsWlk-OcYC`+^ir31g z?*wPE^BQyTQQ>wR`=ce&=W({5__AGf4d^EyMx8Zb-W9I&E;z0Gn4QU6)+0B& zf}ooGRP)ngksZz5cj5c!x9)2`K-c6C^~nDMURSH3=M-CLuCt19pHA*oc5()~TVn|K zmXbea@=m6oyCk2C&Gl0;yXr!%XJ4iI7RgZ^>l(ntr9on6Z?bgf*n@Z6RTgNi0DGul zSHoJhaDP_S6-Yk1;TPHJYJ3sSj^1#+<`#(a9!IXiedWvc$UM82S@DKUPce67;9 z)o(epv>ji|)Sb|lWZYIGZu+#9+fF*?jb;>Vp=7iw8d*?CK3pO7B*D zhE7oIHV?c!z`ZrHedwQ3)l#7|OYRI_T+JNJ8s=cGM`vOu4yf)v%u58s->T6nZu>d) z7a>iCwdven%|kTP)&tP68UB@Rl26!)OwMGCt~ez9RqT3 zG0&-v%4vjnhi_1P@)w;+?JRiP#!^`JQB=c=1;H zn@N9lz@S*@A5?!LxkXoZqC4FfOSuE5E?e&e8ie=+eSCH9u5?&!B!3lPR9a_ruzE`f=lsZB&0-kPFo+ zDOPDDj&!nN^io}DGvavHzn@{OdanX`klvI&D2~X6uhY);WW?#T6k|XPa{rt>g!RUG z|H;Wg2A*@et%G<~_U3ozhPp>KLgP~$t9_j^&~9WT_Ak)2*o0vbm@)&v6Ye*i-~X!v zebzZ8U~QD@!kC`}kJO)R&^&cFI#}0rU(fB4Z9q3G&sNT#a=r#{2ZOc6@Vn-KTP^>w z*3kHFid99+=hN^ZV=SQ0mXJQrp(ih&Onn==OY>G{ofbO18~xpbPVG$|M?Em~M!)r7 zuT-$G9LC>vhN9W z9=dJk0^07@Cvx7MEZJEG9Nh;O+_fbrS?pwJHTa$d94+8m_CPV8;?^amf2;c~p0)3& zVue}K34FhTPhbB#9{2NopSv?}4;-(%T+v*Q#~i<}HStrP-+i6mjeI)(mrc;xT*=#8 zjGPx0@`jaN?E|nq748Qo-61>Mg-w*+R*uK%C&dyjR>#&qA{ml@+kr08I#={&x*Po` zJFNAbT8|X!g?w(p*9rdj0$Do|nLysoiNVXJIDDA(k%i~QqASh1lhcs1PWd{>nC6~@ z3)wuE$BxBIGR&JO=R6LXQ7qpBPQsex^0o|eVQ`DRHL?PZrqiEduNm;QYF0y^_JZ^; zIfpZV@3jwCvuFd)OTUVbj2^s#=aIvoT?8-7PoypR$I68(ehc>q4gDwO!DUagystcz zd>+YPE@x)jlF#TrgWvN=4}I)bE(*U)^4JTle3_B`*1mAD^s@Lc^s?Uz=mo7d-%-fJ z{(gJqrxwO<4Ifdgbyj-Mxy&gg@Trl(DxGD1aS|Vt^#{tel9!x;uTYyhFFjdy7M)Ow z?yExnS%3&{24%@WTeqNe< z&H;Rd7aQqgCVf0WAI6Sn&NKBlqL*o(-|8#v_3=ac=qS5=eQq3|xUl~?f+LKhGG-iH zyVdLCTc!_eD7fnQ0JwVRdHwsquNoLv=f>db+;qLyN2~f6-sHydV%3?a^zWnj2;*20 zGY+m@>h&>~KBkw1G@o1powpv>zmN7Kj3W~>4z8W+_3;t<@MylIcG}qfG*6vBFwGmz zFQhrYMe|W!ACtU3m}6g3RXn!;IEYOLq(|lX{prEA*T0tM-Aejc$yvgp`AW^>KM=!L z%^|K5@UEN3Sqbk>M|P@KoSUw+@?m(F-x^0JeHdBxavV=BJiK(2r&|O5IeRk>TiI_t zGdjh@vgo`Fdd>NeKf>Odwp#*I1N`k%3-biV{-G}(p}$NSx^Ou9Zv?uGzWp^pM_T_F z!jrEr(E73$1rNG2kYAOHC75q>@Yu255eJX8H%lTgsn+3G);pKS;A@G+myfHIgU#Zq zAr3Zhbz=lBtq1jSHQ8G$>YtD2=(i}6Ka*`djX&j^O88U0cQbau)oFw^>Ey7>v0d6< z5L;A*@1$H|EuV_jJ5E||=7AE}QsLX@CubXE!!Pn+*Etd5EBDXAS00%^aPSE>!6^8q zgVQK{KL)-Pz?TKS2H;YzOnJ}g*vCKfR0f)9uKC+7?bs`*ooVJa;G`*9mOHim1c6W$tsttWN(3HvML zcf(Kcdogqjz>$0f`37<0az3Z}{!iPtlRNQvj-Rq297p4)sfND`;nDg|M<4kyCBWm$ zq4ESPjsl;{p?@z1M)|{vw+y~4ob$ZB2b6bk_zL+wU%%njo11w+e83brMpw^~0Dnc` zuM=Ol{llt@`it}hW4v4(zLN35h%e+<8T=;0nCkN$U6nU-w=vB3UV9Wj{wHs%aM-*=!FoxD1IKXcfjrRd9v(qW3Xjb0@#R4g%_&(5;1 ztiPyu;PblMJ@}us^62unq_Hpi=(I)|!3)kX6OD z+4F;qP5&C)w3&H?V(J-cH2($s=)OtIxjs+vC;6qWI-QRfj3Vc=PWf!*25uflzULbJ z3}WF9@-2$3l*{UzfW4@bEi2x)Y7+bH^EtnL-ZI5$O~gsfw5dHNUZ-wM?`MdgcyFW2 z1uGA}oEoD!6X_d&_JP@FT&S9*)rx_EL-2I+mjoVtS8a>(2Fj&pKEQm($WxhXvS)AE z+6Uz{lt=$`WiV|HYduP5&$w{69p9z2OD??a58!q8kAs`4P70!TxX4 zdVzlv&)>y8;=`wU8OIFPUI_P@GpVg2?(GBjZz2Dn*puAJBf_KV5bAkPG+7M{n=H)T z78j>6X4wQs7tJHR1-hv2O>uPA(#7Q0EnSv_hdpC;ra^Mw{BREg$p{ zT?|dYqxKfoK9t)3Y7gV6NU%@B>A(qXx@Vtxp~j||S7Q?F+kjp468x$&)11Xy@PQUp zGxpiDF6;w;;wwkbxH0_t%p;FMytSpWa10grP8!3kL5^X@yMt-l204aJ;OscYFyoZL zkKx-#8H4EX(7WQt@V-Hgp%z|^9Rv9PKD;6RQm$N|^3(JwKTV&?Uu_0olDFOD=U4Jw z*ID;#uB|yP*w6z#&tU%y*>FAA3r&^V=!4Hi)3xkHK5WkQMm9v#?eIYld~hj!Xb-GB zUuteC(RTe&aAN4n8D(+2`8(C7S>Eg8WQgIJ{Ii6hG6a@zERQ({nGhKVeQQuX~CM zu8#xm@%*t?AN^3Y?=ARN(m&EUec-zppJfmIvnRkKoz>v^;b4;FY%l#iM}HNGa>IMI z=!VPZ%)YQbQ8rh&E+scBTx-vyy#=^d?PsEG_)%~z{+o?Gi^KJOKCY`HxPCY_NwtiE zc`tC*kQ;tX@XQ%^p?Jjc06FZFGMurZdBqI%LYmX-QQeTqG)%6Y41{>(WyTqyeQfgXDeJ<9g&V7$6M?9|jRWfxXr7tA>kj8$i?K4AI` zzppgkOWT&)Yu~b;-!Pv=ZU1EN3qN1yyFS0kXN6Z!Cf{?@{JaknfRn)cC;$AVmayJ& zEpvI%^MH`;4Q?)@7~Y=Acw{$c!2f3b{e(lP;>CNglWKQ9wC=)(8K~VK(5`$Z*N(|WPmzDcS;^vY^nr4{+eAa# zxB8V|lbI6Q!|RO>DBX9ZnM)~dGv{`J1I6Qw+7=9KF*?JY#Nj1v0dEn;-J6u zc%gFy@hQ)E?2yYZMdSa}M~K774>z1iJ~F?CW>?iIr<)wxJm#Woet1`H`|&2nM*eGE zB>%OmDs#M_|Jqf{Z{@$nP|ss@;+8Nz7vG)$tOMmI_8MOG>R09l8&zkbIu-GicvSXE z^FB4KAHI=%Mm0IX#w91GXU?8}Av)|P=CMp|gw_h1ycs@!NQ*?i{xyQyW#M!x@9?AEzE-557)$)#Jv{u)0t7^UBWTfV8DQ>{_WX~9d!$-gE?-kLczy#Tm3S-8*O znGu5fBw}0xcUbFN1>7Sn+-lRk+YRjIOlQG<68xO}%KAOPzL);bs(NA>bAB&f2J97y z;Kp|FBG@~Tmp#B~me)!}F3;)$&xn-|g=b#^Yf<^lj_E zpn5d;vLkuh`nlfs+1~eAd^fslc(76QPtW6>;i-)+9*-uPr{6=YF*n0HqV{C{uU_w4 ze$VLc@4uV~M&D(wlLOQB98XuK?(u)S=L4SCb(f#mVdAs={IKSMO>H3iAZl+&!CpzO zK{lWH4)!0V27?VHGzrr$?rCC<0I-{{#%jF{iGO! zku#ewas6Ll``_c?S~zt0S!B+C&F7cMWv{DhI6GYpF3k7T+3702Ge5(c=<#X%i~~;o z$!of~n{};~**4nG)|~o*Sv<44c|7_p+^2+3%>k`z zT@h)A-zT_sD!q0BubuYu`?r%hzYrdN_fb<2_TjbD?6s4Mfu|t?55HeyE#}`GLax(Ma+~`g@AFL|{|uGBdn4xs^br^LH3gIUZVM*K=AkQ>RGngU=%mTapU4-GZ@~Qb zy2i?6`l2tV?wxV)^*fuAiMd_aIMt#>pSkT|y}3UfnV4~K^qt@6>w84cwkm%}I|1!% z{m$W~eN9D#DfsE_6Ve%c2X`-nFOdP?sxisXH~TkCGWSx+G&Gr%0an4Rb81sb<~Xn= zncGs648E*AX>F&DIdV;M@z3DxQIFr|7=A0H|9IwWQrN)y?>ZkM?+gAN@4w`D+0uHY zH#hS#_k4R*Zt8LJ_EGh|eSJl1$px=#49-nA9^Cx|vG@k+x0bYi>}<2%Dg)k(-mg42 z-OBwe_~-%`(kXg3%ea-3F6O<}9}IS_ZhlvKIXS8h#xfJVr&>JuZ;Ede=WHeJX+>YT zSVq2ObJYH#1LdQR!EURD`__~5e6C!yaCepEIn56}VaKVl>YtO}Kb!HQmxnUmzl<60 ziT|6%`_7?_H;5VUf8L(ANdwV0T+da=&&s*)#YdOCiWP#OB(0h+;Xka&D{lMg7Y{ET z1Ha0D+(F-pQCFCK+{TA>_Ev6XGo?>_Sq^>Ipsnf7!kmJOCD(dzE0$Cq!|~%H;PUqu z?>JXChUD(pn^iPWSmyo+92(iohRc6vy28muK<(%O7-I!iyQ zxAt{YE4o(mE`3eKYq`$5Z)Hviy^o%xjy|n@A+q2i%NWXOOL{O%-Z!lGxB1H!8^e&> zkPXwiw&|rI?WF7GKdT&g!|ud9@A&5MS3()PZvg#yBzr_WAFe;fHj4hz z$xqVWQ0!4?|MUKG5&TfZK3U*leIq>41WyFmtj14FzNZU%wZa$Fcuv}8_@bySY51aO zUv~jt6qz-`Ny`_ycL{tUANzP{7L_sO2@>?B8i1ewJ-H@w8)Jfor?j@H{>nKoC&(R% z*5d7Gc^y6U6r#kZPk=wgi75#-{q-6i07 zK}j%?^$gE#hUeAEW4lqe?a>7{opRce46qtX5IlEsdIu|KdNQP;n35= zz7CG!^g?hNy*9zab4Oh;N&H!Baotgun)F}{zRTGsr9eMN@eQuKz!1&&7yJvDDjnwI#)cx<@jdv(r`| z74QRNeApYKcwv(rpC9jr@m}8lmhZ1IY5w~b)(|v6qYQle*+~CRmfLKbiuW9@^y%<5 zQ2TthnCDSdHddJMio7T)VZp8Y9I($tv@nIo7sIOj9n<+}y9^8FrQ6hN1>?HBnl7MT|m2XcCPk*%y zJ&xV0#P)9c6yswbzZ%w$qraxj!w0*c^{=&zQ}(u&af6sqHSDD%efR+PT2m*O+|+#T zsqVh!tKPjJe@{4--MH|bhnB9w_BICNspZg`4(*j&6pq#MV<&u*B8L^nt48i@T=OoA z3&l0j^UtS7^b_&tflBsd?5s{qx`O<+;?@de3swpX!NTQRzhI_u5KbDnm# z$#W`xVejpA0qX>O`8qCwVYJ zfA%2S-(k-C&9DE_{-k{u*_eoVI89-uB(t)+R35tUJ0ufd|B|QItV}4^ z#(Z|Xelzlyx0k9XcKO45bF~8bc>-qYG-zLTLMJAqC{5BsR!tXP& zTRZl<>yBX8vBqr+;Gz5Bp(1$bF?gs}>#RJxH4Of40mqG@-P$F)rFh=iy(B(M7X8u* zJ`3zpT^OS)4}lylsZAZ9R-B|5u@n2$$+(nf?qqBMKE#>rp>0+CWOBXGuNK}&!5gw! zie(HvZM#wWkF@kJ68&SIck~y{-{sMq^DGPW-;v_+(J}PxA%w$a&) z$9rg zC-6hS!^UUMx%(sE`0jT;S09X?E1y(0wdjdp(iUvG%dHeOC}$b&gHQy|HJjSX)cPzq znsH9B(cs9%(0ZS11@WZ4=WM8nDO$p~@KO&inv2P{q$WM(;U`+pC;OkkpWF-#@|!Q6 zLmmNtt%iN%^n2a{{JG}p^j|<@(bCDhXlmq{{0Q;(Jz9@4gMAuitWdtVsO`ef%6~vl z1A`flje!NT@P3MgGkX4dm|x51a|EA!_3^LuEnPuHs#um;$DM|4ckQdcJl5Ukg9HpRZNmQ$@zqdrQcZetvDL+5ceh_98{T z<4HIgUj!fUQj;lfpx-vq5dC=Klx?+NYVc9emt=L7hf&3 zG+1HvzG7+p8;pLq10M5bPwjn#_J-n5jx+l|<>Ot&x{7(V$Aw~6?RR131JN6OO(iCV z=m1yk2jFk~{VegRVnO+P%ERgRO!$);f(tIjS8OE~(4HUKD@gpg!0fqna@z0=u|PL_ z&Gt2wuB8rY9cPcHyC%>-v2|BVBCY+ky6CHmSTA#xV#Z)Y1G-3aCNt<`GI9SHWM~CG zLl^xnXirV*reB@)Had9d=}p0Cv&Uu$-%Tveb;X0H1BdEZ6sszpkH(*7KJIM%%kv9k zz_9j(b!9g8%=rVv=N$t)uQT&hyKUMe22~7eXlCPD!QEXQ){aScyaU*}@kv(WlaSBa zP{p6-A(=IE}Vlf6M7(I`zL7)5mf<$GIE6R6njZLitqvhF<1Vc-3#|``mZ= za6#}${F1eg_ZXWNA=5j6p=h0lwLUQjmm$PnlB$u-W znw20wtD%=<2Y+DS2k{4r_-^JWksHCT7%p3vpQly5w|FYVQ+{6E#AnDwwvJc~{wp!Q zcS+lC6{o}JX8kmBTt)nE=QY;F&1K>9AsJKch-_dgSiUR;%)I}I)-s9L zw#4w7cvAc1`0x??ud}(IUCRBOKrCnMG`2n$yTL~;$8%~7FDb`!M}(hVYO(uokCM;z zj{S#Ps7tI4p6Zh>y%xMR!t?d?aUFc$M@|Nu_BEB^dzR+(>W%wDy{a`QWyq9rZPKgy zy#^WI&KNI+w%gIG>{Vy>Ba~jf1KReIW9fm1wnN)8)+F{d4GU`|nomlLX5Hv>){msK zz$1H?1%?&Ur^w>{R-gV{dY!YQ9c&r&aR)RPysx1@ayk#1ipJRq=!P0-3=KjYhxt19 zzV`m=;r)z#Ue9VTZS4u=Kd_dtUO!7AiUB&!Yj!#y? zpLc+RK6F(;yrwy^7GSSJH_GO0LQiTgNo_xfo-E^DCp;&eukmK!C+W)$#@vj)a&12g zUBxqcFN@!+IWes#RW3`{qyzOS9jH%ZTljQ3P}c(SC2g*TFC|k(9$Cx13b-C%92saY zc~V|PIry%l;8^$-?tGkG`$Kf1k5_0Br9+%SBxKmjWvD#w@P|hZFHIm9_yrrzfTwzqjb8kQ-K_1CY-lgaiW8_UK!@sD0{&l#JUAaB!S}52 zglx1j2IE6mnK;GDglqFR@Q0ptet={_zl}e@r|}2)G(G^IP8RfxWZ{VZfMgOpXs48_mu$eFE5HAG!_fKtcQ?N=ey@(<_n*+_p!vNe5uTUKn*GBg-j?@= z=AtWa!7un)!1`2l;9~Ua9q9TNbU+ij;5PI?4Z0qk(1#5$HK|R*@sp0r`AL;l4tj6V zzJ=i#Lh_UJdk?l<{_|z{Ny8H7q{|c7?vgP6T!f!AZr;i1J@`q(R!&MUGJewWwwCm- z((=)IZvYm~)y@K^@sofhBfWnG@L4~pRdxrx8-+20-Ri(z3I5mSdNu(4Z}y}>ziOXU z>G3Z7oE~&~s8f=rMl;&pUfSCu`{%vy-tA_sc@JxP{r7dgb5KrSx1p<>=%rOJLz&XuCp@hwb5&NOEGKi9Y5Z& z@9brqm6Fq&Y4;Y|MP9p**KXvs2YKy9F7{lNI`G>c9A3H#Ij!Sw4*dMwM}j4nBdaxu zhR>Uj)n;T>*S0XG>0bP^S@Dl>imWc=UZxJ()j*?*Yz$;&bOrd3jJoz!RlHDWzZcR$fsme*G)Xcr-_I7H1QChCLZE5CI(u!+K++2oALY5@ya=NT^sVuP;mba z$)b9PSyLIxuOF{^B+8cvSwLyXntE{;q!Yk0F25 z01Q(8Hh`P|4f1#C|B(E(gOC4>@^``dH&6cRkc~G}{%(fHqw;s$P~>k*n4cJD_MCou z-u|JhGO{sq(O=k@&KuBMyUFKO@JY^1`CZK+-SUc!)#@X;34VLI3FbZe&5^KofXPiP zQEpLZi0OQy0ByNvAW0+bV+Y&j)eYAZUVioIKBhF>lwzML8o_N%ersCuF!Ai zT=X)q=_~-jYwQ6wT=2h!?o1_hpSjWsbUpgM6FX#Zh&^pj*8fWHm_6xu$2{ZbEbKFT z=uiE0ljGBQ0O20+!`dDvzdVI`W&E_A$}#tmWBwWbroNX^FRA>8&PA8~(D!=gBa+l( zYQ205`#301`8c@{5Zmuu2-77pRXQ(;z^Et~NSmK`fA$CO18lRR=YQ zdSAw+JgoNk(fG8tl{t$N9xj+GN{0GG_07(w4(BJ!+Dg$Am!c;w4N8oj*zM_wHRuWL zIiIZ-N5^`{O#ea;D^u+XQCSxv2HG`2M*5)?jnZP z`kHz9d8j3B9;%8O8MnS>GkU6*K6M78&V6LAz&xkl=(EMrE#2)4mgyPkl1k=kr)wXM z1AVG{E|5Fvs}ArYonq!y&?h;)3!W5bXs*lfp2d@U$IO|6W7R(U@5IeNAIm#B7f|bB zE~6$b+yg1u_5r>#XST%7nXS{D*~R$XlF19!A(Nsl@J8p$qcZ98uv1mr5|K;!*%Pd6 z4pu&=yxd(42!m2N9irkd43nC2QlM`w`|Jj%wq*`G<9_)Y7Z= z;b`*@vO%5T;7^s0edYV??}KeD#g;tIx-@_8;Y@6d<{mUJr@4nf`|cr6)rwa&FUNP~ ze>C@S8nP#!B?Av>Ootd#Gk#01P57dnXO3l#C39`ctPR(k(O~Bm<~a7{+PzH18QbJxJV~B)%R1Z*h8Bd3VJH;|Abu<@sg|L0{ht zUq$ux%dAfuG=Fai^9xf=y-;C(VNX+Vp!YUte>1fI3~M zd56FGU8ut~zvR~HX>Lrv7hq?%h4m-}YyI%)M^PV!PkVBD8#-L^K#!@3C=YY%?Pr?0 zA)P0fts}R7jc`c~5im4sZmcFaFyH1K9tAHA_ysPvp35=tY(b8JxY_W0UFtw~N@1Mo z-tDOa2gI7W9523q78x*j-x9_U&oQo4Ic>q~oj1_dTw>eL;H%#Z|KCFFd>gTIQ#eof ztM3sn1KU~1!cJsiF0xRc7;a?YN@QWV&86$wJbV^>_`-S#`jXG`0RBh@AI64$jl~#_% zAxBRlNB*4D74q?sqZM{e>Zo!AUmH0>MvVW@m?cN9UG3qUlOy=o$dMgWPL76v56O>_ zBk*}F?|<<-$dSWg48D&hN3ub8Y7Iz?f91>26+@JtU%;zT`S}q24AmaJney|)7v6OF zVL#%qhP9t9ijkj_|4ij)>vuyt^v95&bN|fcXYIG&xcvP1#y4Mn`ry^5{M=4IgO;Bb zJ6~k#CHmKYYpp}Lh9s={_Se%q|9mJXz1K$SnfUGMna*TAO|+hA4(n-D&-4Uqyz}); zw(gs_JBy#78jXUwZ{WztXRF2s!DpL{FMqY{9CIOB8>f1ISC_6im)sheE4-W|zH+yG zZ*;b5z%{?oLtGH8QKp9do?fp#odd0NsWZIqzpM8O>zP8|u7mMc65H%A5AIvQ8Bg1Q z@xd^T+2zMEJ8T@&Ouk8R%mRG8DttF{{qEqU24Wpu*IbNnycZvC4*rLG#NU=7ijAt*w&#NL=wOQ@|J9QSET_Rsu^D^4=+0`vEr*==qjx&pWQM{(LKRt}q ztZ|9pPGcAT9PTuJ;Vt=t%8FX%W}n&Nk%E;$8P$-+H%S-(}*Ncenk9 z^_8+ymwC2mu>RbMG4j+#dxMoH&7UkX>k%XS9V|zVP7;sC?@_5WiNr8(+MWm1F?$}& zw0jF?&ymRUX+%=}qBIxVVC&l)2A%gx$=nEA8aZoWN!{%i&3Y&;Ha-mLkv)8T>W z{Mq&3)yB)aqVs1xs(HTxdR>JaU4yAzEv+ko|hnt%5D z&^)yG$K>IO!Mmyx=`jy7cZROi8ZOtb*5OqBf9~D|KC1H0|35R6D;I%E)h=o>BythF ztry7JHWR|N)@qTiZE-h&fIzWpsokoJHUkML###pLW`)`W5Rj>EDb=l6+a-vi7PpJI zt!-_~Os-%=LEY9Ukl*|BoO5Q*OeUCE``_RHm)9$=nRDix=lMS0`}g~NpXXs6p*wdL zBM$hz$A?$_L1GP<^dsX=na|Rg;qUbMq;!7Xj2|v|zPlZM?&F;lem>pSY1rILt2cjtowf&}-#*O#9M8blAJu+6qv7lH{d%h4Ywg$bH2tLS*RxrCU1c?yxl4C% z9_m;6+MB0e`*T!b*Be~y9-{PEhN0rJNH_vdJ4e~$l6{s=&~Q|-qho9&~1AQ-+h zB70`^0Q(Ze(Oq%!iScUN=G~TI{e2ns&fdqNH@(v7`#oX|@zi~f^i5y+H(Q~H{F{eA zjQqcrLH-9yU$g&q|My#HW`CalP5K)7SN=qLJ0bs{{PX0W_`xgxLDqc!#pU1OkDOER zM|`ktFV1mzL_W}fR;q&WQ?MW<@sfp3#-gGipbBn9BFS5PxL;=dmZ&xX3wv zTQ;R*C4X=Q$+6sc!QxHzvHp^+V zQuUl4(B{-_PE6qVUFyGAzYe{=;Xc4ETxdb$vLlX&1G+h2irV1I^q0KePJpY_^bVJ~*km37 zP;YzsecBp`KfT8AUs7KNh->`H?P$MeVw;Y`P9JG|AwBHC{DuRw%g^IY{vnm$OwDX5 zvP(?YN{pAx>t!Wszu)b2^4_IsbFf^ybFk?=q`VR_WeN{%#ov}p^V`}j7PXr2fNIj( z;Q`eJv?KrRyR4G1d}rvby%UvV?0^r%Hh2k@WfT2?qNIa zea5vX%(Lih)lRFHcm+1YttAd=Up(4R=q~zx5B^H%E)Q>c`D&v0r;p#nH?p;6UodQ$ zY(mJPhnsiM9tE5sG9Z0Zmw}%K4UnHQosS|tZ{~5OcN~2qSzPYWT>Fuv)Bj`c}*?nRny%gN(OQbIhWT zEBom46xz7*USsotY9gd3?7B~9ZzAV6#pKc(s!0jKU-G>}>>aD|sZZ%HXIDC@^x63o)l_wV1`eva1Sr_!O`%3O#v68k1qHp@k zAMz#M?yz;jN6H^s57H0*knX$we}O;L?;863OYz4U{os!aJ|urgp40i`y{i86$FYF3 z{{7?fiAE;Z56wl_-Hc4%f}EBkdyB9k2i<&Te!_+%LHC&Ts?^rV*VmZ^W)0C*+`q;i z!+Uc*`UaVG^M?kH0cX7|`lg+CG=FRIcHWvc=b0FKOKU$=>!$v-@6!?T`tefm2ES|l zs(j~C>)K;&fv@Z=+EKecE?ZXQi=5bG@1Z^vU!V;gR!e=pa+jO+S<2q#tQpdp)sSU9 zv72?Zx~J#l^X?{Js=ZXGJe&{-32_N|jm#y+e%D!7Zr<7C zRr^7YX%C}g`=FJpXT7%hOUQuYHLq=+>aorJogdl^f2YgW=mE%==7;S4DpUQlo;PKe zZC|Wc8~_jfZ^i*R@Ib;h!!Hw$8yxIO`uq5L_+FOr_2loT_@{(es>xk>%M%^BUC zCpGaAXo6hCkqM1oKH0PYdul26gID5XPwnUL$3K%l`1EFYA;a^T_~4cKz4>4u^Fyz+ z_on|Q+8l`e{gCwk$ktWi!|%ut2kvmGMuW|MumfrgjhgAKf-!`kVDU z#Cc{t&$SNyr}Rbt!SL2Fbgtu{e^Im_3||dH=i-}x??cG{^%>|tdVut|_peTq|DL|( zA3m1+|KCr4@=A*JddWXyll->@?%a8im*(8>hs>wY{AGM6$^5gM`Y-dpo!49DAAJ+l5G z=>7$V?lbyBcW0mO8`9}s6Dk>KJU%xA{l^TD{{PR)yH$8f`b*v~{WIzQ3VxpC{e_MF zm-jzZet3C5*xFm(qqH{=dH;Ww-pylAN$*;J_`pxL{CRRd*P-{-1EBZ(KZD*?8R&iC z0O`F3eSLCRaz1n(XZ-~$ll%EA2c`KglYb<4RipTnm`8IT;%#?M#*rp7XZZ&Tk#WxSK!4{ME$EB5k?V_Sv*X`-{cl5 zlDUP);T6`JJ<(2oTRCffHD@Def4RN*Hi~DpZi)Gl1CI~~9lF)(KD@!+x5T9d^OPes z_Y+&rIIHb3zE|hTJzNUymqYt%H=mf5*k7-mceGcTsp0qL9%}4o1e5xE?W$0BS5>I{ z^-^kZZ-w50A!bjH7WOFV3=C#plR?q*eWC6N*{mfR&idwZtGjD1?M}i^USydZiFn{U z!1_$K_0mCKR@bc2mDT+)xG5$d z9J^ZQ3w}ECuh}Q+nRna~wDKZ4zhfomMzjHMc(_H*nZ2%ovz2{E?x1Ex_hXaDHNamT zjG>dUXdD`w`g&t-sCz$c4fp3oHqp=LfM+^qVr2P4O$%su24`W47TT|QG3_-%n>gQF z0;jPCD}6R$vW7RT*P8hSI-j$#D6$@Ux-qEggWIW9t7ZQM?O!8V z?EsGZX#bJ3v<@+Q-z@s?CH#&J)_l@?l*qS zdc2H!!&ZLR8ug8=J8cDrCXZ9W*vaGkEqvQN!g_*QH`8t>^V{D*CY9$}F~WL0ai8}7 zf%|5y7W~#S03Q9!Je@}|gt@@eqMwDou7dSrSQTF(_mw9?~PJ?e$*O1PhIWHO+8PfFvHsJN)L+ZXw9|wKIkA?W{ zCg8314e6Trr=B^Nf!C*@(R0u@_h`@KWqi(nH?`mKF3Z+~OF#b@xSr=-)rkL`_Y1PEV>Q%B<^jj^@ZwB;!i$FjdHeECRNtSMedoF& zANvbAZSA2gt$EdcB#pGCbxOjua*O(uZ0l3}6^9?(JfHT({3o8Ju6S(~`|&KG|M|dS zp97f{y@lU2AF~Mlj$x~$^A?!z(m$s~XPNI==KFNMOP1y|!25mZJU4eEJMtCPGUUR` zgG1dnpB&hH+E3!W{kbb>Zy^5MEK|>xoS(I*@6)-dw`HBEFT>~Yfp>FWaqST5FRX5p zpWw_?>J-UiHNvLYk>=oqJ8 z^{qcQ{-;<0|1Guu9rWKw|M)$2-B7vR?@!YD-Q)CoB(2{dbIxwR>GSgg>2E_?f7?Dp zf8)*glKeYACww6P_s3IcmQnj*R1!C zXjmV|2WVwar8aycZ$Bna+MJ&_|3JJTy(XRLea?%!QV;G10-tKpW&)q~WOCuNfNu)0 z1wTUg&is(@sb;GX_^N?#EBMnsww1$Iuipf0D?UQ_-n=2H>oei+SRi2U&;1$Vhd_2p z{1Dq_b;o~z-||EGfcE*r3yK|Il$hnSv7Y+PoZX}~@RiJ!S>ef%T=DFcnwR3;ZK@>< zb6|+AVdU{Hs&+w$`h1_Rk1AV*~q^~%BfAjS^r*~-NC^dtz z4OVyfYWXxpk=J!yFBt8)!IeX(W!%4Fz4ph#wy&GV_jm>R>{k36{7l7RZcL%|%lZ5d z;(svzL--%c|5d=$wumH-H#@!zV>;WNlHoKZIc94tlG2k|*A^HNZJ$ex5&mcA{n!Fx zfG+(0Bi|uT!?!<#@A+Dt)qNVi`!9Th>)t5m%t3tAoAAF&i4%MmS#uUbV|z^$dnD55 zPq)FV=#~P`atV&H=DY}w@Ac(Hv{tWUF23pg&~XO-D!x;!j(4xapSp&a;yd_m=&lyV zqIKu{&L<9IY~Zo`2iTo~wDTnGoHxh9l?@+Q=Ce4L`=L+X>f}-S+CUt7cdGMlIclT^LAT57Afa4;jx{*5lRmQO0_u;%h@C4a2QvkI+^F zwY~G`D=XA^;B5G$A0j(v{{dwG1 z9ICY#4da~Ot&PY7*B3k2g^eZ#<+*ij*E6pO@7@RwpF11>zsBm`TL>MXqdg~Y^VW64 zJ| zb;xHu(8!*D1Hs{E!C|bL`qrTJL<_tzl^8+%QEg>)Re?M4iE4hsMn8>;#JN6covbg` zbBa%R=PJc4z&&K~gm(uI_t&}of7=&o`ZjWS$>H9x3xFayz6?mbLRiN@{a z!)xiQ6TB(D^da;9Ao-?Q=ss+(@*wP|Vq|j3X(#I!tzr(UaZKbro}C#Wx8WnNC7e|` zI3tD|3(h*hnc6#?f-~)1m>=EnA#m1%&o7*XKLO5=AA>VwDS7Yyj=7OI*FW;& zjCVc|XH^++#=YxZoEf@jp;tIt2^zREEjgFGOV%#}mtJ0b5}dX0yMdQyTzK1gR(sp% z%mv}E@^hRq&$;e#?$sPQ5potR zgm17BZd@SyGC$2$f6DQ|-#d+Tb@v*>b^HefUTl@sHgY89RKra`}E_ zM7b4zC49|w8GIdwZXxPuEo*$lrkkCUcjFB2Jr`fznxW zmu&t#&qE$F+}E3NJj^>bOnIahkneY39&ZTotIHEO93|6?k& zsf9KL*ybQOEMz>w*BQ|9)m`_`UcPa=o}G|*Hhh+Ob~o=9lA8{WG(Psor`FWXUjA+S z**G@dv>P60o<--)DLjj3(WQc=rAU6K)m26tn&T1gX$}6Th}W$_)+8fO1tFf(^Vk-A z=UVisU{qVh&`-I$EYVEop2N4F!f5@;r!Gvxg@u~Uim(J%eA%S7UWyjLX-0b6PLn| zSzK?R5A~xQsrI3NnjB_g{lWzDDa-)|plKE7k|+;b#rvhuzY>~B*Av$f2WT&M<+B6P ze+5@@_@!k6JcCTfz?pE=3O)k4)+Eyw@uIh_jRxPzHXfplX7FwDmR5db9{no+t9VfD zs(tZm3%Zl|6FHt3xwwaZsq^#UKdg}daMNGedU6u{&ih{f!PS|W{D(hMZ=re6EMiUg zyQvnPs=Z7C-dL0C*LlvY0YVPt<7=FT-Ze?R>elCa?`P7j|M|sKn(87Tra2@=0sAKyz1Kwkj8K4RcS{yFbx0WjsSJjl9J9k@(5u^|5mJ zbC~Ua#aW9NJQ^_gbMgCYo=LGoFP>@R_nLv>_xs=tJ+iizoOKG0@rzP$%=P_gIF^pK zWy)UXXWI(T+MROyzV>R_Lk;t2{+V0emvemeJ)NcSjFnTTIq7GpbB+P`%E83KrSK7a z-in?!`-s9<+3?F#j$A1A{v|RI$40bYYHFkFwC=Egd6XB}!(p~~5?vaH7ZY*~IPEt6h%Z7;{>SFzq#YnNj1V2n9aEBrUC_4h@teOvUhqT-KM zcvrAXZacsme%w(jd_iR2&)xYZr@q3AJK*|B8eE!xvz$K{zWmeWuO#b3Qwe) z%W!mw&h)#jScG+KQ-WEG|OHXJ7Ul0$&QF8T$&g^7(YpRU3@SPU-&$p z+3M`oqCHbq;73eDu6Bj7!PpF~OOSrsJGHDN$IqH(WLRr`MtmN6NCuGg7I?1}eITCI z^NL&bDf_KY*(QC?%lFv1H2D?JC^zJl-*j~*``8Hc-mX&PD!JqZm zzgdjKwSPhI`a$;ZES~Y?Cw2tSzVt)czdul?R4hNbANKEMp0($9Z671u{@L<0IN=|q z|E}wlwXFlRkMpsQk}2_^>}0xqlx@5ZS`;8BoCR>6r-8P;h*@D+H*hci_ zseQ-O9J#XXXqxZn*ha--vJ1!+G4{mB#^Wh+wLc+OnQh~Kx3*}0TJC8P^y-go{5ua_ z`(qm~Kn_o38$b28srEwThZkyx|QqS@myxvw)LibCC$^?K9X0*diKe4W6dnV*Scb0rUE-_4%DcCEcr9IthDt0daeSqXJM*FqwU->jV&jdQvS{C9f2P<`d7ri@*S{$%29!brY~h%4{QXsgnkX!^w7L- z8_(2Qcdl!|-)YNjSifMV&zxWn{|x`#+G5icc|%C4$fS8J#6xY zNqU9Ji&>w{W}f9+JD+;5r@oAOUBN}nyCc{ZG<(lbhr7QjD;Q}bo_i}7UI54PtFU+Y zm*+=mw!x@b6KRx)*$8YoQfAY634Qp&)+u+IBS1i}X5BrK8_3)C#pNpULdXrXc)tW$N zzA(6Ve2}AaQe{LsGgCe|Q~M9~qy1n18SVe5AMH2yv;A3yf0FVRhL63zJ^J*hH#gMI zoP^{t#Gd7fMSlApwo&`|ICWSn#3S$y{JZ=_X}zAAluYdYU?oNG)Fgw59s`Ztezg7V_?P-mkz`B zD~@{lIPwj=*oP<5ZJp{eTO=#!KMUDDm}Na68`P#TD#wKmtObAAL2Be}J?z>oFW+ap z=he~hpyFEmsV0s2>I}4$4Z$~PdOA%Xj5qo-Isd^p&`Y6if?Hb`I&$QPu2Zn%A$}{v z<{J1sGNyhna{4{&k&g1O}&b%_> zQ@srI)7+oSi^|=t6fZ*CEapKJ&-tkpk=@FM7t?L9nHTZq@Sx@U)c=TQiKpS!vus|i zN!nWRs*N}MUP6bDvgvm4I*$$+6>9pShi4P|DJ>sS&T|W_CF>RzhSqJh{&6REW9c)) zSFK-YeP!Kh>zg}wnd{p1Rn|@GR#~_1tmb;t@Y?mETB_D&Q47n}Meocozb%;NMK`STXP}1YTWl zkH<>+fwJ?^8ksY3fbzM@krg;OG8dk6U%?MU=A>7YQ-#J?h($oBW; z+bmDyKm*ZnzZn=EAN|#bqvQ8^Z=iI%B%O{oI67m1bo|rY{?YLW&wV&LswUmp~`PsXQ#qLbbdEaE$_Qo^Qb4OqCcuha)dAm(d_FQ%5a-8`r zue=RNE(hDRyxv30wI17G@#oryO!CG^NG z=g4Qj={d{LGch-}Hh9N5woM-(J%{y^p4lHUJtdcI$|+-m)Au+1sOa}1dxWLg$y3sA z&WEJm^bbM5-%v~C@yXT(FFU1v?Nc5bsM+X`o%}A(pQ|4ZO)1K!{M@`LgFKi8((RK@yz;dgsleAP%CBV9W> zR93P{c}QXv`EAF4ZP%OWH`VGG8awe7wql+4S~M3AzU;u!4sBiiZ}*qvzeFwyU%BW& zPdzcy6P4d~(NAR>{#l#FKmck%Dinc%;A|=pv6bM{&&rhYq%XVDH(c=fm*A zDCD1995!wQuzzc(YPZ{8LARqb1c%Ojk3AJC;d+v;P5lh`i37(qYfdJflW(rySJ9?m z+#2$gtPrnVD<3H@@-%0cOtEq!0djIxjUyv%qp6|gc`r=DyB&v-yI?G*H`x1zXAw7T zAs6V~zqFXP8;Hv*iObuThHkf58?b7~H`eVc3@roJIlG33mWlS_Kk=c)P|NQPS)pZR z&V9kF8t$LL->1li@IsAJ^&$;rjCM{kyb#u2^P0CX%*E7XG^NJ#W;}!3cBeUle z?3#JiHMzNCH@`IMkIYS7icTdb01q`Oj}yb^5d4aP#J9q;?s=c)9(dhqYi%?lp)WDb9fRsSe&_?3?HMzbF1j{;$_xa^`s%i<1LM z*w~el8Q@RJfpGl{^%5pe=dEKZN}Gq^`rmoZYimVcn}_V2M;tlZE&ZcBjf1D59Jv?k@`7R~U&Q(<`P#RGgE`2k#ravp!@d08 z73hOFIWFZz|9IdO{x9iN>;Tqa3$W4~p^wDo_Ust1h2HKB>t}1k3 zQ?3@7w_&>0siTDkF?hnwp~2hO`-zbQtQmIe0-j}X=kb02*#0B5s zIpqQiP5qOTuXV&pN2_zLWJcJnNrk1i(Ex zb#EK4%zfG!SElu==6tv`{mGs)O{zg_El0l4qss3$e?hb)M-MGEPvR%{j?Of6D?-22 zAXlB}4&=(nmU8U&{uNgAd}t#1(wd)+a*fC89>+U(^Grh>&DX-9KVvmVS8qv3Rv#ufU;}arzzEH_HpEXHzcX7$w(pszX%oH6Y9BMBK zFCJfEeN!epPSGAm%o9qkymQO%_cW{<)&8TmeAcLYblyN2@WkQyGW4p8k04`P!Pwfc zFH_I5@iDcTv2iW`L%3+C9z*$S7f$7FUD&-kHHBv#J?rwUJ6Fkm=1t6 zL~n~Os*!k!_gcW2#=KB_v4^tFzW4Lc5iQs|`BNHS0ks&qr#!Bt?IIGb<0-WE%cuMefu22ky z?Zby3PK|fllY6Z!bAC(8ea>&u{jJXVEqkqZuV~~Q@7XQqPlK$H+`nur%&Bq;PffH#^Ixf-M-nkQ*)=6 zg^6_>e3zM8SKHs6r!#bJ`h<;d@RbqY@J9;1xy}RM;Du9gq0uKR$c1ewoMLnq~4?$^AuUPdQm{=FA$iBgkgAk6c!; zIh(z)Qgzx!bej1soE<6TH^oKFrR|@>wRm?2wHT)Fa=T7LeK*jzyZ*|xhilUEC(X#5 zawde;e_&WzS z$@?3vyl_%8ong0H%t@C`i$e0{CQd`J8QA1OAVMkl5A!L^~{(LY{g^Nnbe zslKPL_J8MT|Es5H{|_I~{t{DPpRCuAA3rtAdP(uvDn8{e=u9K#&Aa~7*iL`f6l}nG zix*7Zg&mgNs^vL9&+D_+_wG*`EPvP2!;;UGk(ZigW$oL<@5DR%crH?VeAPWcbiW^8 z?qPIxEpa6=R+C~R*)sKSYIo3)P1J$-K5Oe*-(~o0laYbYg9ql`vhA&1)~K#3WP0_N z?l~}h>5t#adFR=;a_SGgwfBx`8}=T*;r_kHSM7Vw^3~<>{7jzD`EJgJL%?y6@%Vmp z*Lt^|=d4k6?K@Vl-*QLj{^|I(dn?CA_8?c;qJ`$N!2RQGj0Lj`#)^K5vYc~!ai_Jah&Wg!)zAR|nXzmH_71p&^5FY@~S3LK==-gZ4xi{0fcayp2 z)swOd@+XI@HqQAzl<%@#F5es95#FEV;Z4;S&UJK?#h~9ql z_#$6EMn2craC{l)CA}Dkajp(9XfFGo+3zoe-xxzb%2#yb!q4)ao5RAk9S#1@-b*Zw zt;TOkUyo<}DcbL~p8sReybV9fTTg3ZMQ^SHJ&-5faP2?&4%saE*9Lb^e6MwU*!Avt zOMw$on37#vQ7WTgkgM_?RhvyVJI7r+)hxTi-n5 z!L=9P`DTB&B)&}?V&fa%(-%2;)W)~yDVZ0H<~ul7PD{0^mk{3<;_n84rIx&VE%jB^ z_|D?vB4Dh>-wmNR3ZaW=BHBO~+MgKdpnVTr_9y5<+sZAjaMqKH7TD3tb;eyvZjtN9 zs5j{kO*ZqKLlgXn%rr5%Cfd}x&L5LQgcdtaMGKe5rQ53=TuZlqSbT5l2fkN4_~G$= z5AD0Lge?cTwr@KCe1E>5_?|I9d|y96d>8cx-{?l~{&wg`+ctar#u2phP9O5ICM{ps zsQ7hiFtU+7g*#W9xcYJB2V3oUZLQ+9OTh68XK%!~a!?O^+{Q6_LGgpj(}{QunM#Qt zxPF&fjRdbc@mjk6$fO&@hrge7vcAuHRo2CO=a+vzReIYxzZoC&{rlOov)bCO+WUFH zZ{~)G>)?|e!I9?>ClE7wYf&6svjtn&!Mo2c4o(hYYh?!t#<4dixZnKXg9mCJYd;d1SW6a7?!mVTGIsf2vK87ZELP+v zHqDEkcl<=X=H>LP`F$p_cg)_S$la$RwwW^~dG^yhYjpTra!KH6JnxzF2NxxE?wU7` z*O$S+KIPRkH)v(q{8`tB&ShLFI+yEf;ZHNqm&ihT8AeG9`F;k3CPR zePvq6d3+JO=dRH=`=nh@Y&F)lZSlF-Q^qwVwBkT(?(I8&L~bZnfqlOPd{*I)v9`P_ zY{ydzu|Y0R*tpD&ehONJbE(@Tu7y7%qgrYYl;THDU`?27ho*uP%_(QZ3;i3|4Bp3? zy`kE@@VyT&-b`N3W3RA#O;y;d5c014|I`pUIU_$#{vW(Zp0MR>Ya8<;HP}h>opIFi zeX4`k1+-C)Z=pQ<)JEIS(YTIM^Pu;IPZz(&M{w{Os~{G+1-Pr67~Q>}3*H8UH`VuH zhb0#;&9r?4*)6l~1OH}nANugH(I3h9L9w*>OuoSsa9c_&a0EWiSv-I8LFMg;1#%eU zUi9KKjO$sCzvBA)UVm~7GNHEi@=4y}C%KDnoZRyW=O)vR?o$V|?jU>8h3TV|HMp(# z#m||3bGypPp;jYzqjziz1IQuQ1Ok# z|092|xgqaw^52vb@Wrf1=xVKtxY*{zJ(V@;LmRJojEl5 zzlQhlDe>77_Nf>iei;5Uzs1C(mR;8lJ*RMe4LsOJd$o-h8~!!lfkphA%`;oVgCe|d z_N_>?(>N%#9j-s+wiCN3*-rCCo_6vxw37x;V}4|U+fJnio{$F~_Gaq^Ph}cBTz|rC zr_lpX*aMH10iMD%c(~4W+o_zG99L*!a$HshcnZ_t;ac@VQ;AV)W5Z25=6mz-WILf$ zc*v8jol>cqTMxasZdJX5_8FoMChraW?!k7BGx%xr^R<^58({KXtf?|>G!KfD(T2&p z60euT51Zi!qia z-hyX{7krVh(^d=DQ@B=}KcTIF&QEW=(6nW2)i=(G%%`pY?yIfFw6?fbTMxT!v46MV zGHuPY+uEI>Eo5VVu+kSP^uoop+KPDa_-{wRBYO(VmikKZlNMjp8;_yEedDomaBn74QVRuixEqjCemdobB26tL3q`54cZi6G5#}ceJ(vE8fOM&*n&%6Lr1A>a zU-XRePL1(&doPwU@d|rH_-G@AS1fysUf*^jyh09lZLn}~0*`iogAE=_>BF{J$sF#5 zGfvjO#J+E?{z~6(xd7=z_mFQaK zv{&&tkNM4&{A>OP{+%QHnFa11{`v8G*_Wh$;^bf*dnr4a3v97m^d@$)uX?=~a#Hne zCU}Fy6h*+Gxz>ZgzmYwq1L*oO{OcMYrPp|FU_6xp#-rT4#>2S6d}=IT;J2{$o6v9A z4f7kHD{1d@UOZq+3?BGY&S540yVwiEi--CBz{9iClXys954PRp`;+#@rOVmW6O+R- z^q600!?A+?EBRl=bp`Y&!={f0UdyFhA@Zg%@hO=f#cv-(qwjlQ%e2493-sZ&huUv_ zEo%(59w-Zbvf!;+a2j^!x6|_LUcafv)0gWvX+B_tpFP-H?LFAbJbSQrdVDIEzh}X_ z>F`|Zt`h_%?J1QFJV~Eca-9`z`~djc6qCZUU(Nud@>Q`kI9K2czf)xI74Oz#YQEmC zmr2r7{H%Jt2KW@6HzxoO7W1#`70^C_A5+Xf*Gqj|yYvr)tw=HdExC8@G-tarhHcN{ zbGx+0ml1ES;M4!H@PS5tGkhTWLl+~*e9ouu2l?%T_~2~MxV`Ir51V*Cbv)_%q>OQS z<#V^jRTyd-!$0!5w9GRuSKoXCm=ZFWCZAvBw}dW2CXEd8IS)Bp$$z>Gu6W^t$JeHL zQb!lP04-g9V(uY@pH^mv4_r?@3Pht^5Yg45ogI+TWv=RTTNJ zF6C=dGdLP?E*aOuVnvk zp7T-j6AYgjQQo3JvBBq=$HuSPnW0a$v4S>~FZHGM`7NhUyS+0a=KL9CUOAMjgco99 z)q>jeOI!Ep#Bi>xS9oaY>LbbeL-0p>e3D*o79yZFrGv%qJ4 z{ZQ^5I}dYaM&5`u>tC?4_Z<%8b2ibMdsYFjVpYY`2A}0NJ|9^;da@h4K5F7j&ZmKA zbhc6$zEOR%1r4#2mrsR$;sfd6VbIRoj;#xFqwU;R?T_}r{Vm@Oe|Y?e|547(k=;#> zO>pr)K5hRi$w|B%8&DW3Id7kqJwrW&_NCee9UtMh9&+{bk?~Y|Y0v81=(*5L?;OIH?1YAz-|d91 zhoH6P^Vh|ZQ;qXt=p|dNI;C=OCw*NG{!A6`TifOBLZ&CbySc8 zx&YkDKCu5%eGB)e0H5~zDF=4#-L;DRUpuf*2lg_4JBZ(~64sD}P@Wp%LPvK0svUxMd;mzFW8W(S4PmQ;9-aOO8n@=(~Ve_Ux z`UKxU3f`R2Pu~2J3;zIlvy(c8kAgSP=?8CK?7}!e-c-Gi7seFc#D9&JCv~OxGJSo< z_%#1{H#Ji8G+!~~T;?mjwR1LlL^%rX?GFyIBAd|vS98zq(-Y&Bvj&L%?sNMq50zx{ z*SCK{{#CLbE`B9?coKd@qZP?64wY;n#>po3+Qpow_Eg_gY(*-D`;O@>jg@)!oQn8e zweCqB;E&Ecg#2GASwP>R3yqDNBp=KgsrT9$OAB&A{bhGMJf3rL$m}sljp%_<{>HbI z&t5_w0mf(6@R08;8b!SpZMLA7RV%4Ic9av)8U*>zdbWxhD9Oz%uBVf8)&9u&tiS5y z+^xG7kC{A=+A*G6_gDO0dfc~6<7mZCQ(Z#o@dD?%dgsTu9%XGfFvc3S?;!UV+pw$~ z!hK+z4SY+@yVQ0nAO8M{T^~!_V{8sQ>!w?Qea{;>^17<19qj;D3$a&QEdRbOm~Vo)aQ5Utoe4v(ZSfCU0gUhJj8lQ_m|+~ zwBa8-!##5r2DU=Dksm1B2xsCMjh{YW3Lc;OvTR&w$U0VpE)t%`4hgM$p1G5}Cq_mz ze^U+K?q(jVg!lCObNtr%_{d1-;(6w`e0(UkJ^7rS_$co6F8NsCYcKDqopJaeL7sWm zTxWMJ!M|FBAAi^4^Cmyb_^PpaOW>_-gY0{`_(7el9V(b?mE36M?AwzkJO%K1R^PMH z%EHER{sDVswXt@lo$)=)bB6zG9DmZ}Oai8U&h}vf(eJ4SiZQFE;z7^%fA)O8pYQAV zkC=OTJnN5cP5kbU*6}^v_xU&K>|Ebxg5&#G{JH+mlJSzSr2pAoiVuNI%Mb0`*05fD zq8$DV?!^PXeeyf=kiC5TBlv$(J~DWiJV`#bW)N~X-Z!X@H9L{g5w;B0AWLV_hSqVl z-D)*;9<)jhBTpUW$Q6AlmOw7o+CFQ(;jMX{$R<3cbz5z>hMQDJuG;d>gVbcgH?lp7 zO$3|TH!u*_=F|TyV)-EderVM4s!b#93ttR9T3+RS-ka~z!|_M+d3K53XH3L%W-QxO zt2i-K@)dnv7Am=i@sDSoLw)Kzg^EJ!*hF|!`+;L)=e!2p-sCskFJr$-UH?JX%*(pJ zKdWnax{Ucx{Vu*7ykz2J@w?7}boqS(ynfIc+_nAVmdKDrF~ zxI(b6UYC45z3e4R zC+}*u&;4=RnI%2qyd&D{dpl=^d|dA{{@uKPkk9StiyP^CONg3tUrv`|q3k7N5`7=e zPqw2N!fi)7+Wp?}NuN2t=V5SB!TGV8FFQOGo>)>m`C(+&+(Q@Sa4p)&N9}}`s-@F! z+sRLCLDsYReK@~oL-Tge@3V+;7COJ@>34VmIwsyfj9zF*x9NTA=8R5gum*KK&luZZ zu}aE)S^LNh?^8XV&u8m~ICZ^kuh0*?n9vOlFWNO-gQ7cByCq+lGd;fR`M%Ec{X3rT z_jS3Kd1jgUZqLbc!QoZU#{V#S~k<;MIIOmhJ!V{&cTR7Zf^D?yy z_forXFSQHzQoHc&J9lq*>_qv?|C&Fv?!v6o_KDB)kb#&vcVUbDYM@}7RuW*zjHb7c=f9B<7=#vwy{=IJMni1zJ+|5 zxvFi>#hwjDci}s=)=;ZI7X5W5`U@XpGkJFDUj4cH*Ph=^tq03Or?$akS_|GvJfivn z&WtcQ81bMt4mEZqVB3{O%c`ru-VQ~^#oxt&cYm@5{ymTLU3OXiW%JPk?f4RZ#15#Y zPkD?5#0Q*zye}L6Jdb#NI@h*M(!T0h(JS6$Ou%mTLL?SbenV%fDYw!_JJs|TfYVATLTztu{d+TY0n*jJ~1z)OL zbl1;oK38+i(i@KEjjc zzJ^b2VpfB1@D2?7-cKE8if`}WcV}9ET1VvWM{ukhf6YIZ@}pynh{hLEoz5iCsgiiA)$fjo&YyqrjKn z^>c7Eh#2=C)`3zwWf`5Iq--H~joL^e+MUPrI$9LAws`|(eZ;Vb0N z9Ayo*;b~`2=ZoK+O$j^ttUMH}|`=@2MZuwdk7mI0g-b4&e2H&p-NoQZzS8U1 zA^8P*elscYJm6SBx)J!L{~8ynyQ+=S+RM$3i~1-oN;3lOG!zTGwL@?HZ5I z5fQH}{wn^~h^|d<_sr2)j?DFyyxxmnT-=U`7BQwvK8Rn0Tk*`?vXWDcD~#Sy&iS+C zsjeaqSj)O-)%=q;Hfza=H=R6ce)MP5(ukM*$fn=OkiUzp#>#@&D)E36CLT}6Bv0zavXS2 ztncdjt4~LNWU*iT40Om<$R~Z7m(Q={n2TPcd@C8k$n6sckuDyX}Xzq z7JyH?zBBdR9Ny`~A9LT$$?)zMTv`O|^G#w^zDSwsJie$J(a_FTVALF!Y>@J;pLk2P znzF;lA$=c7dtYZG%6?t&ZqJoG=`fU5R#Mr+;m(Io1n#ey;Cd-ByjL=pg_3pWmQw@%LRnt%1ewhh=?fh`x<^57rh0{AC4LGL#BM?RVOU{N~liFJPk zjMDw-?_~45&I0*zhId|Y$CWmhu5s-2jN`x3@a@*;ZlA0%CF^r@kRANOE96tPobGEf z^}6V_9N`t?P80mH#x z`wWZ+W4>j(xz~x_?VR&;%iKGF51s;h3DKu*}HOHuYOxugIrJ?Rk*qzm^HQS5bc@Dd?i20{R z?2hcLy)TXxJ(rpu@ond#vJ#!gEMGzM&l;PbzMjT@ja@Qs@+M%NVv%p+S=pDz-z9&; zGiH8j5jFyUL%wz^v31q)>ie1RTBrSoRIhI4u4r>1xj5w$+wmPWe>H1-cGju8p=dM5*g%kB6;Nt@JEk;`_J+HjlgO9 z{^9t2xagav8_7CbZGR|7H9yj4qs}YpUS2JoW<>r%Af6; zYjs!RE4Sbq9#Nebv~PhYTCqvuCCR+v&^G+0LsexZo!F<>@TCqztFF1sgK9jxZ5`0C z+gkQIdw$gVvZAkp(+11>`duULTCceCqZr5bevad*4>68=fwAjmtDF2kdjj~P1<tFWt@bcA{Um!IuXTg zn)lCJTs&EAx8cKRANC&f&{xTctu}q-bhVIs5r2sn)tB3catnHAK7EbhS;?5_COWx& z9b#-_$eDG(Lz*X<56|?~&b73oHr#hzofbe&;^d1o$1UEP502GO96oS)=7;!^F?jqb zWYU$DCsohHy?^7=^<83vtrPKK=t}Klb*6B4ZuAeIwEcqE;1IvTgGFI}3w2NQ_@)+r zuD@{D?9Y+(Pvx7&@3)$$>si(Xov@W=J{vvWor}(r-Yf#ws=?7*cYu3S!IyOMCh+Xy zQ)dkh0|)K!zgG|MMGxPYK@b0w+7;s?-VeOcMtVdwtmv6Y03E!M8V%bwvVG2j%!QCA ziq0HvMS6($ze3*+^K6f719_BoWHJeheI}pk8D5J!yhJ~m3(@{?s%wy6s$9xz(0C8F zx`H;x@u~Uu4t$F?%Wv{h)5uFTlb5pRo|uyZhT!XV-Ovils%wESE69fz0gu{L?U5fl zME%iP)gL8lfw1Mige`&>xn2$qykoq|&|K?U^P<=CU7szCVVZ{r*fRutog1xm=pH{k z+_Z)De1-(}`;f zDxJ2hfO$5D-*RoIPvM2c^yI$;hYll4)bI-G(*J`9!zq&*hg{h91fJJk{N3&Q9}h(k%~L z)FKs-3xH12F-DI7i=I;qo-V`h#jwH1m}Sj2sBAwH&x@%Cy`%2o%1}P)n9V_|K5-B|0g{6 zVa7kVzvD;lrlyVk8E4#v_+I)Wciwu5Htb6)zI_X}S#=YtpJ>M(cVPQFsjG=WN7;GT zcXI1LA3uXyNN8i>hsUASXm~}n$f`Zo8ps&>Q#!)-nX^oNbPT>yK3+A{G2Z!;+J`SR zSD-pIL*E)_4m^#%ZP-&c2P8d{mp0z?{7+xwC!R(;%_dxN@H#-zDw{kB{0GaljPgT|z>{PJ&Xz2fCt<+5J((9o6N z7mU77%C9-68@fq`C8P4OZdd=vo)`YCzXERL&(I6`>qReQxEH;^x%L6WpD}wO)Tv$I zic6N=vGpO3qL;?@{XWL_qGxPg`CMY?lN_HrF6pOo^)G&89J1@J(B~JQU|hiBrN@aQ z&_lci4)ojK={@lobTQzm*z^ zbo_T@!2d&O_&=fd`how`(_qbn|25c9um5D|3{Om5z?ri6AXA5j)-|whJ&sK*GWM&W ztCiS|IQsy$Wzya%H*U7=yli{A9XVFgTOMN>`1M$gJs-A&I*gOU&Pe8z=OQx|@ZR;v zz%b6!l3m3Yc71mF#G2DEva8q!or7K7Z`ZgaedD5o`0Ll({`!sVyK$<#$$sj1T8NG0 zx7vALbTIG6(OK#{3%iR>p~mXG$u-u@N%M79Tjklnq}-u$!M3h`?^g0C=wEAA3=Mr z#?YzlyrVjwJ>*Fe`DkJcA9hc*J<6NR7u>wJ0H1v!IM80MTk-8y<0r<;P5r9b3*6pY zk^Z>%ZE&I3UgJ<3;*06vpn({1CH&*UsG4!bm@fcdI-d9T5f^=vwlyXf-Vp6p0wa2H zXQ3Mt)z~qS?8DTN_@&@W`boZ&VpQRzfGe?a?2xQ%y_p9 z50#8rJo?Eo_-D@!XKso<1K?xhCf>HFUYGkxnoycx*qwE$L(7ekG?H^+^Zcrk#BJFh{9oZbO_^SKLMi?T4>AgFSIHH9`Ubu z*UJmGpOPJ&E?(ey#mFBdb8l16VdpLFxs-*pKMlHMlLI+#ana;ylphrW<9{;>|=A(LjL6I%6B(Du2<$9n2V7O;VoU}q&wp9k@5pcTuOJ?GB;8C+Yg@iaMr_j^4NzI z_+3457cfpc8+ud!9%6l08Ed;%q5I}(t&pSpM8BVXQ##M>!ygSoheGK++DhoX3^a(L zyX13;7MW=9W5%i2D1`>-r@m;g2cG?NXmCvi8c6S{hBcK2InjFuK!cJr8mP@2Xs{I; zppzzRPlNz?*8T|3K!!DyzzIE`+HREx96ZLn2XwokE6Lx?F&};PEWmbiR}1y@e^&G@9}Y{r*Apa z&P_GBeNj{2awd5iPxz*q`p!z{x{R747a#AkC(Yl3k80){Dj8EX^LsJyrT2Z*Z@AC>1M?yzPpFl* z@hJN{l^R#?xU?VZPZ`%|(w@s2>^w(ZxyCQN?BuzS`u!>J;p0`WWnNKma$N?TZa!&sio++%o{uiDbqkf)Yo`smC8h-FG&Rp_I+sH4i#Mf=XCf`FH z*x5WM9#J3ZG*ervXiIw;Rx?Kv21nB4S@4kN`CWMRZriXscY0ygc)!WJ%GJ5gO>yU$ z0%>u)XkK9R-zU=O-dYfDs`b#`8xQ82{cV!|B?D2N#Z~ z!C5Qwth0efx~Jl7=%D8uejq6{vf^K8OKrd#&H8-6w`>B>xNYctjR)k7toR=9gB!_R zrJe;>yFK!UJgl3dNAj!B=4DM-yV@yLmm4V>4C&C4bS z+0Oj5^d<8}Mqe@qZ1RKBm!sivQ$tg3oj`Z*uwxi|t>xRVV(0M(9A9exsp6MLYCT#u zgqvdJp%c=dnol)zm-rTY(4ztLXaGIhiXJUGURF2nc-j53z27u-j-j23Cjt|FCFJ-| z$mXi8oB2&}%cdGTj!!B-O8Q>@-zIR;Ci_kN;==CwPtO2*D>_WEhjh6)CxUiDtRt~5 zE7tnc+Y1*L-6nf84PUV`ZC$F@-Yiia3-j|K;B$5KMEJwD1xYz^_~3-ucih?6{d1|j zz;BFgLb%WKP-YoQ1tvTN&?O z^xIhUTlN2dPoArO(YGul-G(d#!C?TMQ-jWtj@e3EXYh=^kK*}sz48V=xmU0B>I++< zz83JVSFhx8ZSa+DONK!|=iHcpgR4Xyjk&gecjQL)5X_v9Ux-&SSks%gy+gz$Tr(=rrpJ@p3LQXx3yRn~JaU z93Sdw;M5p8@u51Zll<(?Q4NG;+a_{(>Mqeo=d7l0gZF>Ao;Xt^+=iIT^ zD)#uCqn{j0EZ%|7$=FP+YwO~~uARvx zKam&RH~`#yj=oxMhDW->O`Y(UskLQ%aqy)6@_=-Bjre+!=%JJAY$)xU7<(m-{PU&ZfJerznYGu6~Te49OJ@{r?v>X`;X|G|nq zs8e5wj_F)(>Zcq#ItY1GJ?LQgAU|3#06uu}Q#Kzc=Vo|exm{27nrl~qQT^w`589hy z7By8`TOi&v`5VUKOYmk^*A$Pup7>2~S?wz(iVBW|Zp=>94>ZDq%9m}WPvN!&U-cli zp_QD)JO_^nc?8xDcv|b)9s`%kdu(G}o9fdppnk-Kd8U(dl1x=oFR&7rHLufIP3;nT z&MRAzt9^_^Ig<2#I;+7IIzX}`zgIMs4)_do|IC(iBcJhwZa;s?=-VVq%8}d+-&0?6 zIlf=F_O@v;@8w6AGIq@syYNj*!D%8dlF&ih27uQ&ec=_oC%j%uzp=DjA8VDHymM%i zF6*7=Zo{`QbGZear|zjyG4|8V{}rX?|Ke2^^=-&;1vd0mt7#$fyLG1ZlE!_I`pXya zIkwJW&v)vMmhgSoV%8NFA`|3KTChEFa${cI^XwAVNxvFyD#h*&L06YnqMy#;6aTeR zpWH9x^9^LYwAr`pUOhv66+W9!u6_L0S^-^&TUV0zm;a{vo*CjVy@P#?vwowUXSQNn zJI;1_Qj*@LDrGLhMO26Q$41NLkwt)|?Um$$rJ4f1)XW8YI(9xAq+2qz=du%dtDmof@ zq<_aIuibmoxh6ME9_lvN4!b#F*3b&rWxpm&aYh&IYeyGna8?;#pm6oywtWl)%M!D!mVKu zY}yyV))hWeFC@C#HZ8RCds?H!I9=T&_@tLVNQeA0FsAcoU%I*6%b$!<{22hwLX)o= zJy~mWvEffNV*kpthXXmcO|rXh^wf{wx6R1c{DgdEM{fpZjj1$-d?DwqjWzPeSnBv) zwqN6VJyC;h=fboGt~2dkCjF&3<@`%C>#bMP^_AoAk2h=BQ~iC`nj4?r_}J(m`TeaG zRuk*=BYO+AuWwGY?zR*4jbk{Y6B*pZUiqRyJHE^oD<`rAe`pK-khw0*0WW5LYQH-_ zwHJFJo8|gK@{_dpLM!*=k37vjt@4RlsAEvg8vUB}-sCNJs13cVHEkV^Z$!QO<9qRq zow~tM4x3Wn&(jN**hM0 zAD|dIQ*ex9jZNN>b94sX?S~eRF}VQMH9gEY7BG$(&|Lg3J+oN#D$rf?T&sxp1ee+{ zd5N=C-)hhCxVZ`GLPu{qIJW0?z7K5D*Md!QW%3fDm2%>DoNwZj=kr3h?>$R-@gicB zK;5A{>vn9M$&D*l(Xl+#y$IYdhS&0Zd69fys0q8Ak|X~l@G6!RoQHw$Fgkjdm2c)R zlXTbK=+ce((c2vQt8Eu9vws7&z0mA=!5Z^hL*4gC=b+0KH_u1cXdKSmuHpNw;BGar zXr62y_!Cbj=61Pv25=c0B3nQkf=|4*H^d$rz^ggl(Y75icys4?uN6&sN3y5>g>U&C zg~V{9@$2WIyMw>}>&SfI6Mp6MNf)*PpM1P3aFucnHLwtmB_>u0*a@z=t*Pqx89Fj?BO;+gA*{o_LtpGf#FdW3BE>rr*># z>99wS$8MSVZWwupl};%MBNJYE+VqdfbF>n55ad(Z&O|?sV*Kda$1X|Jx8zk+pVU4I z|H;w0#y_mdHS2?y6kBuNsmXuoq4!F+H~6i{i6ZNzo?+y^UYt_WIvTm1t3~gO3Ab5T34*PfqA=gttZ0Nb-MD1{x!9tD=KXo ztfanEw*5ZUkf2X@gLm?nO#x?q&~E>H;yCi|^ig>R`~TC&0(3_0X`Hn^Biy9?j@JGt z?-PQDbZznZb$C#@nMVDl{I5P^zGW+@)t=AX<2?EZ4#iHq3Qr*??pW&RC#*A8{tMhs z;5T?94j$t4JDPWjc(1W9KJn7p+7SEMzs<9MvbtN|2md{M0$WSK-_%-@ z8)+pU6l?WI?*1BdBmRj4pX%p=v={rY5d6%%C3tA%9r1gNzPef8clOt*i5gaB)4nF( z)bO5};hqgUXFeh$?1$3*WyTQVyubK9`W@TH7M-OQ-WAZMi;bhkWei;OlNZolnteg1@PScUrzf zn}Mvzxy~5Nus5oKF?4#_86&h|4U@@>NXKb?hOOIJufrJ$Kgn1R3E z-{Zg^$hXfDnc%|Dc@?98zW}(4fPbt5|8?*g@3j7yHjA<&Z`^G2*>3nuxp3{p8+(Ou za1Kw<%8s-!2Ju=LzN^Uq+qW{@lWaF+kmUxCEC=vcHc*$+K)t%z=LC7K_>Lw_rIg|#bSg1>5h+4k*CJq+s?TtBOT^$Usx@*A~2R!>sOQ_EdOrD^io2BePOstX zOV|8}c+U6)HFhjk-HdG`K9H~SEOCk(@3gb#)?63nkRM@g&=+djg0E)oh3pt8hyE3# zyYWrbj3K}pPT(cqqxryT#4=k?70Zwp!4{5G+>*_|Vi$XELT7}qj%@H9J8vMC^unxM zhiWcc_gGEy##)b$A0BF2{?&D}pStE>zh3GaHQ^D~zHS)YFnjLjqPkxCJo)Yo?}cYC ze`cGxo{29q>L(A*9`$CUxh_NB6%*goT4!;FN>Wk}EdN~bS~0Qe7kt)8ZyOuQ zi)FE1wAQ-Jyc6WQ%nIKwo%JHRYnGm${?P2X%O5d)1nI+mev)~9W6(TbqUW1={!@D1 z1M|j07p7vneXa$M=>0g)U&8Zq8}6F@)SZu+_Qx@%4ck`CeyZWoM1S^}3hejKO}_sy z?*mWD`$6((Hhh=c@R46*JoqA^o&Un~9~XRO-=96|C4=Lo^BB)FS8HD8Lc4wDvdXeT zCqfo;vVq%Kn-z#^K0cTCmcLy;d-=g13a$x0Y~x*=o6^a=LaCM8HIF?VXMpRO_{TQB zH4hSqPE)PPI~PSd(78G*W-v5(2R`xAc?El?0RuGf85n$A)5gyVn@67;C(kVy4g)*! z_{dRb-aC84$?XOPa>sKvT)lqws}C65O%OjkHFf>$xw$s~h*mc4Mw@my^E-k2FVG$n z5+l9umoa~5!{Im2?`9828xQ|vV0fN)p5>kQ_un^r!{_Zjll)L*-U)KfC$N`@zMtgz zCZ2!l`r6r7K5OVX!Fe8hUtyl#$i68yzCt@M=K06c#<-DM0btrui`^Da2f0@J!bux* zmdNzTSBHLg_J+t-gOf+V!K-yOvqwE`WMsldo4&k%k^MgF#HVD1epU{C%fN4?!LdEQ zU(^4$)7sleeGdEtyqDVVbM3;L#q%pPz9Z{rZ+Q7((|-~lh4%QM5zpT)e7p<1|H$)K z{;_WM2A}ghGQIUn)Jcc4cs{2q$Xq!5XKIzFz)Mq@gRIC}{+5qAkxu+Qt!s!+ARflA zRlcVczMgUebFtTly4jmjvBp~EViK{2vo1~Rm=tT=qB<6IL3~fRshQkzjGCJm@5&!< zDdHLK>&z_aGOw-@FH5gUPult6oMFd3mld{*!QLI?9n*3A;KHGEL^UT$)b?54yLw9#pgu0*S_q?*42y)4u zN7hJm_kJ^9$8Ueb7?n4bT~S+lzJnOY%rg@sC@*!YIXlgxX#DQHT^_I-9D#3pZVTB4 zPr?Va1!SmE&2O8g7)*6&oyAl{n0vS~c@B@UewJkWex)^)H>T~gpf#1Et^AimhVOEj8x~!|2X@n!O^f_! z06*n9V7d#Kbk44y^L6E`3-uzqmA|>{qR3nDt8%O@;Hq5t8=h58j{HsPehZt)N#eu27{FiQdl>j% z;Jf1cjnGkJFtCyT^uo0XxCE;gwkBX}qfZy-io4A`1u(SG|9SAN>iD;TSJm;4rH)^< z1MQwV{%81Yfp88?+knHJ7x*%8ZRT3}@d9|fk?-gLbaqzsR`Q77vW%jS>VSa5M zaxx7Z4u@vCU-oNVhf74m9`-=Ce-Ga-f3;_1;<`yP+H)3p;a}PB+y0jJY{`l~L_aIl zPqB6E5yszhw)33q{+VF1A#lZPevR~;p z^{aZL1@?G7_B$)u&HcaUe$t+1Mc?7xm$)|tTNJ_$$u7wz#RIZOS<%bTm!Egukxyd# zBU#Z4xqlV+z4MPh``ey+{|M^|@z6B#L+1@)eh_(UX0EQ0xjJh1*Q$13vZy?J9C;MI zVqBlUly}V>oi7?vF2?Yo&PSq-AHL~T#}5xHXB4|D$?NtUke%-xExt$3ijNa>ba#<^ z!nzekZ||bu?ne9b3#y5v~(aHrlm7U2uKiH>p1gM zt2TiEqR}Y_JEg_8;i_%4f(YFpkE#F%I9TU~SbO0En^ZpO;?BjDcdKVpr?jvu59?q=u zGR9Y^o&5>#sBUZ4$DAv-z&F}+wFJKD@%A0~`R)6+P(K2`k{^|Cs^FV%X6Nnan{P4y z1hLi-zWF9R1kVUpxqP!#`ul&tH<#t`jpU`?x$esDC#Y{hMp~Td<}d63$ec1y0+E0fN|1OHY^23SxE4sSEsiYwv5{ub#A6d;=d?A5PRiqgFQA+JK7+MYJkl220Q%oQGv}hq;4jeKPaV_|Wz7&!DS) zYLbUG&4=(|08a{a$ zxDSGJ`6V;p%fu7Fj?b4|;Fmr3ERdfZI+aIXMAyj2+X&8F8dKW<&KiZQ1=8!BcLmJ7 zJd+KPJ?Udy_IeMz!ufAS)av!1Z@PGPioSto|IFsUJYMnR$_yoB#L{bwZMB=q^7t?cs0y zlEL*`$XhkW1FBo(9wYAbV{YU4TndcWcV^yzT+;hNk%xu@|fwo|j=u5I8OBU|0f z|1kW}06+AATWV%FtGA@T7h6ymh`jzXH3+BC!DcSj_xLyXL;YDehVeak|HJzpejR)d zF#C0|;JgkQY^S!c5uOnIW04(;Ul*pr*wesd?bNltecQdvx#TaMqtc(!1@ax`t4J5r zGnRgn&C1LL-K{aL-O|`i=!7P0)+B6}_*1+u9eOeT#_4KGEqtzB$kvm#od!+|pI=u^ z2fp06vxoWUj6T^8%kQ?PbSd?nswpi5wnxxC#4O}rutE6Z|IFU3uQGR2*Up*4R@cme z|A+IBzR+}f|LC;*f0fJo@iwEQPvQR?nY->48R8$cou2={jIJIouB?H+{RdG z`n?Psx#MQ)!;v5P2fd74X!#49BYS)vbXrbq73A+h)+GJ%U~QFn@H_mLW-hDf!^G%D zuey98TfLopeR^JG;C_BLzLtlBo_Xl0j1CUP&iN~JGVe+6K1?3CS$P%q>)BWgpWEmK z6AMt&lf8G$-DBQ`E=;?=kinTNU-_{^|Ad~P-}EwQjL)N(z|;jY_le|{d$wMv`t`fn zOKR$Pbl2QWZ*To7>^J_2sgIcg9#l&zyKx6NmF$k^nSqD7iO&VoVSI(n_-0o2EF3=s zj^T8}a5A?*G?RV+ZubmT?oDP4d{=77?%7?zSq>IPBdg5Ce!qsZqJVjt;@21cy)1~Jc;hC?=ID&gkg@IYA2|bwA3FodXOOSwfMcIC&~=bl^d;i9 zPJDr1QcwPdGjQZzID_#w&cIu#{K})Dg6KPqtQE8NKX!HG*j1~YVdQ}( zH}%V{a)7ttYrmfkc$^xJ^sLCh8v07#0Z%gzzYZ~c22bYdDXSliy_v-slJXm{zt=O@ zF-9J(4;PAk^)K)VKd=wCwqG_&G1N_3>%{kXc!0Za=yMADB1VG0V({0_JvN(%=wN#W zX)!u@MC>14{qXXxXPM*FE`pO?NIZ5yr0KSk% z-x)soetQ^rPDkGwAAN;;@};K!*Y3?&1&v+*xFB|{_WfylnP@wkwP^aVzMXR2qHh;- zmW_~HSe}(%quNc;u@{^xPpJCKlk=e;{h0S@Z{Js+YGY%hl0cyUZRl2oec=3Z6SFnZ zPafy&F9k2RfS)Sv?~x9c9`WL1&yL!CHAS%-z?a68OetS<%6Q9sv9b7yc@P`#TE;#Q zV&l7KFP(JPBIvXfdtvK7Z^8cWhFwPkNCiF}+qPOduf#iC0_f+b6lyka={I_zItnH*4v60wo zo#Cc^xW=zr&-orlhuZ$GIkamB-`F7X<AROp=KEfq7trqIlGR@4MYWSl zPQX+8{x5u2-dr#wna_T{m(C-%*YdIGldm3MU(LEf0Q@Z1U4*}_LZ+}Q@L2#_%0J*f zkzKH5^oz?}8P{Hs$GFQ(^Vsas?sR%~&o55Z3#XIA2E!ZDVVp+^F8z9T>j_uxKWMz~ ze1!3?8E!mpKh_$?>wOg6(m)M-GrWLIDzBJ&6r9X=$SJ$Lx&-`6_C~P=+267i+$0z zQ|CN|To$r<1$&AHE{CwDb{e~-yVi8S+8{MUuAep{HkIEE?6L*GT@3smWDBMZLxY## z)8Tx(w8jGFQ|5>KW^4iT5)OjNr5A;R)QeJY9HHRnrxqA`0jl&xY;9F;& z&d2>&^rycVBEP#%Bfo1Uze{g9k!kls+LdMHeplI|;Bazp+AW}+!Ce8oKN21vjqW_l zL2tVI=v3!-^Msr=<+GTNw})=ov22Z>t?#>@I*{D+>#B%#E~Y-IhU-W0lZaaZZ}~cQOC2(b!4W z{kKuWwHvnMeo<3Kd=^R~y zPT0qKWiNB$+zR90nmltTMB;S1YK5zY!?{};3ect*d->Hevd)Op!QNd^7D}8SJ zhQ}^o-y!d9$A{a8Eop)W_jxvl`ZeP}?(=L8-_1HHfA2QqdA5e{d(C*Btx-FTr@zd( zzx$c?4cj)}zu|c&4_fFOIjkmpXe0a72S`5dN;>CmGPvymh$d1FmI6PbhewTsYBskK1GOe;T!^Dw7NX!D78ej$}_2sL2xSXrF@2-Dfg75>@Hek*S~UIet(?;UKHT^xFDCeh(5VC&xg4D#U2!R&nM1fE$hpsXos8Yt zdc5_)8LS5jz73pFvJgB)0>_?7UGC;Rj?i}sf2x7=7KJN+->DL8=<~r!`+FQY^Z#yY zM&Oe%r{NR-zK&_b@QdBoaoY1{sM+$LAFT6pja~8fUWd_7HdarAyJR_dsB-p_2QfBA zbp>DfIkvruJtPw&;Kr+!n1&56=L`VqIEFj#kGuwTV};Sx-dYO$=B=fueKwqc6_>w*O1zm!Bs_IKZZ8O*(R4pHI z&6Mbuqzi#NX~w`F&_?woy+9N}!*6evN@W)=s?LSv|a!Xyh z_QU)6@%sM-e4qLM0lxPzpEr7P@LloY@%`2-r^oj=7vHw)_m^q!=E|>8QiBk3DKEH&_8{| zd;RmWJf8@ifqfZ?+>F9L6~`Wc7JYU2)aac4dEAc&oNproZ`0=YOPqlY`gYGF84=qc zdd$bpGLI1co^nsxA7}Z05%QV%CUZtUs+@5DO8krNCB_#pzJ=nj6yGbLkAAo95^cy7 z?X*rPoS8MztB@OTB>e5Xgd9x;xMu&F{6qGYojr9`;I(C+jJ(mj*tz{W;!f2KjN)(I zuibNrMzBA5g!X`PZrupZu^MqTpE-lc)E9tT{ViJL;xvul)qvl%XiP!d3h=2tjmlTN z%UVSmI94*I=CqB!Dd6k|-X3tUo%Pv1^pEuJ3S?I~N1dCb7+ibC<%=(+9z<>A=Z!#~ zgY}F_`6mw3yDhg0$85 zo;l#uhhO1NHnInN%Esy}DdFu2A)d`abE<+IxFe+pmN&-zU?>SDY!cw5LBRWtcN zh|E*ch9*taDo}`x3(DE{9SrMpQbs2k%!3%i{aw37s)!ZTRnCM&Mqwhr@p1$9Hc_@8F zThUnbUFho7cglV`Ho6`8`ye?!9euCx)3?T@Z}%)WZWC@qFX=$hPV^G(; z=*7mBv*Fum+E1>%aKgFpFT8)p!@K$rP0d~y=yvgEoZ1~#9__fN@D_L@2`}j`Mb*_U zbON2^;W{ghuY9n>(Oo~m*s9lKh;3(Z`rJXQ$d|bXl|)-74Lpb>3Ua z+ohkMQ8_cry&>zRN1Xnh#4{zHo=co~e!_>(MX-S8Ux zPU$+W1>XT3^&7g*vYMzKXODDuTl{jDCL>jU=H=L@Hcd8bvNs@GOYtw3LW^qX zKn!4NGS6gww*Mtz_beCfA4*fVYWEOHW@iAS)|-dIs9afL?7Gvz=)op_van5thbHfs zVDgER&x}+~X_`nqcR^d9S3}BPBFYu z?BQGK?ctLRQ*6D$UlVG0m3m(EQ<{0?*8Id5pzGy75Vu$wWPDNRKU%Ue6~6)+WNL{Q zKo8nwe9c-ZeJDnA z`8#{wfrU}|lHM0j<>%AoPXAu_%%Zbh+i>cc;0gFD311y#&+vn+TUfeT+*|%DKn@P0 zdoJpAbBqh%Bl(u{xp!_EtbKqzUQ?QGo?a(AKpx~ga^v>*S9kF{xxC5zegt2!?qTQl zN$8}y-*Er?a;oq5MQVSUr2Y_)p6fo z*$&nsxx;BPwNOPoPx8DB*tQpj+j_{4^pGFv$}4Qsc@y$qUVV13whv!MK4mX*TtXk^ zJS*vPZts0&uy#8+lET-rIjEAr*!~B|kv#3KFBluAcp1J*A=k2X@{fYjvp$*r26PhM z&DuKrVEhYymwugLC&j;;lliVZUQm3MRXtI?@TT%BrUna>ycWJLahjR&Mxd(ato zU^jlvJ8teJ6#EsQ-w!X;Mb#EzEB$zBWlqA&b^JXYUQY2L@z2uuXL-*ROk=--iA#F< z{wDadu>9Bu*Dl}Zoxaa8-{;58XW7)e*jDpd@j@`R$$T#2bAIe6eAZw8@89K_WJx)_ zA$jR@(cNRAA324N(o=JRHn(%lareCMqcx6+cf~g+N1vNL4;3CbfIdoMr&t3swUxq$ zd^lsTYTW%<-Pp$cvK!FWwM*nXIp;QYDR2?Xjz+h&z)Rhi^EX7@FJ}qsY^^T* zTj~G%8Hc*ZU8;Lju0%Ov#nFMA&^z#PDeIEl;dV4ZF4v3$52P+dw=<67vF^*^3+V!2 zk*}k+J&e(;bzywBm#8V<%74|y<*`PRt*vtJV6i&L-c_4o?dgRV&_&G2^W}_fJ)JK4 z>&fUM52g$}z-I5R70iN7W9OkmP2CQ4ajsqt$E2eg-of``PAidb-9xeuxx45;2Wz$F zpG#xW_WEIHt9w3`H?se1K69y|ZT3D%b5=8P$qLceqiqFvlbe;XgN3uxS^N$s|&vBhQBg(*}x|{YWzHpj(OC` zx%;H@4ITfW8aPWw`Vk$AsVRxmcKc~)`KyvsmVU3~@#ijZXLGbWpFm$33i5=hx}CCq1lRmYVG<; ze3wP|SjeNhzX_cryZ(&uL*M9zr>T?P)fl-rO1_7Cmf;zAC=b~S@n3pdI!(D%Lu-4_ zIL}wW8^h@?@%1Ca;6nHCil>DSdp?7kqtBktpja@0?~_)ni?6D402BiX78Wyx9i=ZWWaL@KvZSD43LAK_A$$8Uu9w!#l9;fEFQLo58CzU9A~ z{%gFPH+Dh#MY_hEg9ATEzi-Aa*!I*~q6fvN;ePCTEqem?>K?Zge4hmWE^p~>r@Yvs zn~$$AW$i>hP#3u0+Tm2jFXh~$vCs`%r^>zhu$*Tj;Z@1$D(0Yk-YWLFu1a&BA32|r zNv?mUHJerRHw1p{t#H(Lp)0e`c)V$J?xe`TSZ6zXn8)_ZpR@Ble%z6-dcTZA0z`Vf==P6wr_2XreWZlS^i-#|Q2ju@s#$4xz*Z)~EH#ivD zk%WJQ$E0usPT`kBPRk|HM9PU?^$+eHwD#Gf3$yFrn)eglykGP2#{-7{viFn3fjdKE z*8c^kXq;f&D)2cDoX=n_a2z z#wWQp_Wcyep1M3y1KLf&ZY(<1^~muj2h~&I#as zz2|?&*z_9iV;Swv^$Xry6S|LOG`RvFe*4hXe)+C0U~F_m@}LuqlseI5zZ5+l$=TCbj_#Mv9!DS56YV|+mj<8o=q@^(0c^hmo|B`q zG%krmZa)H#Csv|MI*Oy?7^jT!q;Hjr6Z$!=%r~Dk=oq1Q|v*@_J zc~=v|OpV-)om}=Z{UO8V^A^r@jzc5&zT=kH6(^}r)rVOb%J74cpX_-}`P7>nhNe$~ z1JO}-FJC&RMRnhDITmj#_i7Z;80_?>!6gJ#Wm6 zyTT9gH{#qKUc)_XjJFbg&V!d!FCm?$e5b!J%hSL4q^mcE$PYE{{`J(nik7{L@{UdG z3RT3y70%xF0G_=2EY=ie(J^YcHMsAN9k0xqiq(>GJTTp8= zuo3&PIKp1t70RoIqc1cqp8j}YWL*id`xNqq+b)>-#E-t>{2A(J zDn;L&@Z8dwd=3;X+YY~Qj^(mO<+7+Vd6hXVzAjR^kNF(L-t0RbynT)A4zygNc_Y8g zz_gGx0o6;kaIf2@cL(=u(>bu{<;UPH#=!^6H)rvwUO+yY>x0Q};{L;p$JcjYTjJ6M z^kI2K@l*mEm4w&c4>z_?vmRt}>(cw**ge0K7@Iz|cEsVa+$)GpgCF++?;7T}8lLar zy9iEC~FfPlji`->h7BUEs>~ zaQ9c`-uK?|1=XL9j}`-m<`&m|@6H87#?<@{(dTgYz3+ezPma#ozjzh=Rs&sR*Cqxl zljXrm*}uWTyd4fa>TrJ5&e{0wx(l9hN~ont;L|0rZ4q(s0oqp6wv2iW zY{T9awC$mP@@=MOBdGR#-$Hxh^>qc{w+Gz!I3JIid&2_UmEh%1ov_!YOk+B+Z_}m+ zf4aAPMrCiWQ`tL_ziI40zC|JaS8oNmnNt2w@^UnBe#6&D_CzXE{gKLaIXnp;cEjWB zJ*iZV!KJsW@05R8=-q4o$TRL87{*?Yqz~O;wZy%u%6`c|DFK%=!KMF>Pjp%akJ8zH22K*X z(;oUJ!I7o=;0;6Vx}UFgH^!N9C;Cn(5REtbV;|O*$aVVPHS?FhGK;y-b}DThV7Gi! zcy+wRh5VOU;9@p-#*gX3_vl7H{S3TV`Fz0SBeM2dHu_IlCt^;Yg4VSqpLW;7C2Ojs zknWK`6;S=n=Re8(@bx(-$jA=*r$Ks^-z6*Z-8ac5>HXeFW%Y@IX`iAG`76s@+xWU{ zqu+0lpQN~Tl*Xd(JpM}7rN8vIp4v(Er&@A@6YwRyfX$~SGt_?sU*(#+7CqZl?(7ZY z&ve&B?mp~j^I=3c~y>Y>>o?-Tm5x%|B$-Z zwPkOPF#1b=FR|S&#dZnk5=U2CKR&UAJ!9~)aAu!v#ZOhgqOEASXRNEkz73r6u`IoI zKoh_JDO;pCxPf@14f|;F3&1b`LNV6@_$m@%trXgH{y*;TFR%BDc@f)z_&fvvEL>ZO-XN{ALTFQdpzQ&mF#^LI`$^!x`-M|`AJ%nz6O4gy-yk& z8j5YrM<-)5)n6LAXl>5KuJnx$zidDJqq#E9y3N!ECR(d26Y#ox1>tyxa7;VJSGNn# z@U9<@IPbSWqmROK;`bqaz#EzTa;vNNrdV8##AYDlsn$p(`XYnR9Y)_}@oDiWoYsI# z#q;6?>`d)Pflava<6gM=u(-bdBj8%`V4Qm1)8YYH>HCB$D@ON&1MMrx@RRXBvayo< z*s#Y#am^WhI4rO8JeSuE48%~%ZT%w133yOzh*C;7@{%T=GtSpUer;F9yW=SB98y50ylDtX?yy#<-k z^A5g$9$LpOe|u{W8D90imvB~GME2u5+{-BcoxZUd>2K-;;f&$TJ zpU&6|^Xxo$?8CH+<+K|?yZ9Y}=rQ)4E+qdiA5OJBVV#Lqe4#nZ)9klR8Y zPb-^Y?MDh)ybE3AKPX@1o*Nn2-5`2;euaH5za#g(`Fd}#V4C8l2JGEJ?49s)4S4bE zC(l2CPE(@)wNG@rcXt5%GzgEkUg`G_*5>#JF1_&&uFk>9_rQtu4{~k54vP<;4LDuB zc#*NM*?7goD&T03@B&W$k$t1iy^%-EIc>xQWvojCOZRW6aso$ZT-LsU_;z>MWvv^k zC+*)*LjGtudcn;7p!L_$HUHs6>*25D$ZsI$E`JG6`{grsd^%dmz9!K`ak=HAC&80q z(qZ`se7k%U&hiodfMTqSjNmi>Vb4$*nPd5g_P6@^Xr$|7E%4#(S$NFx{j>JNjqkGd zQ+}M$V`sa*?*#DHQsnNfi;wkmocEh_+|Ti)Gtb|0_0svYDMcS;p1eRLx66^=veHYUN%m6dxt|~Pdzo;*aaweok@=y&XZrQvQ2XzB z{eGx+-n`WA@4R*fM@<(+ljORFgQr@uu>HcQbdX{uKfKll{*UuqIsd+A&yUu)_k}Jk zk&K^}Ss$-@h_jMp%Twev?u0KEI0G-sw^@Mx03OLrBIVjn`NfJUug3P6F>6A`o}2t5 z`;d-spJ)YkYUSB^(N)+}<)P#+=39G;PIT>QUhLewlk4rf+Bc#7xf+K$YGY4zPueeN zTgBbjE!b0im(Q)dq3%xG&u?*KpPP3ZyIfonRqjrAr@6n~$5{96E|<-|u`;SyNq0Hv zw+`s6`<`2&YvXS#qN>-3fXf;D=lypYpS>uWnh!2KTOt^iGq!ND{5tILU7s?sn{ZzS zjyPZUO7FLK%37voe)|N!Z5)Z8Tjl1H6Z0cxO-;E@qmSs%(E3{!X6*7P+N8mQ&hG30 z*4(xs+G?zcidSZdUXg*d;_=z8ZAs3;269g1k~dGXX68KI#pmujRmYd#nP2+ChJEOw z7tuvM=%Q_x-M`_5NiU#_!dYG9(bUs9Ys(&TqBBCs#cX_gY}NUl=$|=^g)OuC=b?W* zzFzeL_)P=jv19g};jRF7Y>umc4p7fdlWg!t06AH%@&WKN&O^eMalF1lATXZ7+a zcK=@TwK;bGlfu_L@P$umVTu4#@~YG5>v>jRkId@pVPI^{fibnf!x`-zaOSuBc5UYO z=Vooc;vMX{(c9A3RzF<-A@oBBey;fLzZ44$qaQvEKMtoKe*O{k!|2fezx9K3LI-+N z_b=jWoBf33w~TB?n7?8K#WPylb!%1Kv&y8u{JO={8$)zTF?j75F}zMu{1wM$#?dLt zE19}qd=2thCiYf;c06-N1F;VK;7`#H`=}eQejoktLd6RkwxK6ZryByFMV8*VI=Ya$ zZmSzU#@?)4-LUFs|1;h2%I=}MVY20Obi=jO4!xgl_=lXfpP;Q@H~bZ_eN^4BEvL^g zeM&d{2Xg*Vb;CKrSB`F|1g8I~Zn!rG#@~J^s~ZNWi5N~d^qezPH@xTR2Dx?CpL>9N z0Q~FwI^$4zU2NFevaQ+pQ}TKYpFZJC6J^`-&n_af`FgzIn`+U)f8q*K2=U>V{E46)MXO_!X zlrM>If?u+>@hzR#=bT-S-6)g&!Ee(V5WkUk7!x(M5hd6}d}I0a@?li7<&Tk$v(L%Z zr*52(`}-erewR<0ARaJrAn<8E|CiV#Lj0AP+Zfje7yR$=TZepS-cvp@d9Hkj$nGPG zXZ&;a(ICZd%4z4q@>(t|^l9hq%131Pn;tBZT{EU&1!j%;D!(aC{GEO)aAS>#$D4n} zGs};e`YG-$^WSe1$8W<&TU&OK>!Yd9XX!J3n0gxgubbpI)qrbaDD4qxhktEOMeD_e zmzn1iwAsjce$ua&7V(-u^t;SY`6aC(sy`N})|+)JXs3L>#?y1t&!SI8zpH*Y=PiCX zQfY8$e=E%5e=YBHfM>}|;wo?f4N~ZLt?&Gdy*Mr%$*H2}6U1YN7h2t#L-H8AX0-V7 zAJ~B;z97EFT9f}M4@U2LDx*Wqvw!`f$$xxcyIXSF{d|~qgM)=TQp1e7AgAqfv^DbV z(X{j9uD*E~np*v`G)KQAh*6XHnW`NUZir*aorPm{4(mGj;}tnMJG1U_mUu?CS2gwS z9{J-A`RQrk6dtp=yZBk)5`VV6gL47A{4`^%t9On)qcxO|o3XNe%=@R4>suV>X}=tr z`M?KWEbihv_ zz1(&lq1fdbAA6ky?g)KpZ&wxXA0$smUiQQ|at$-6-Jm9+GsK>J`RXlB$m|ij>-CfC ziF=-A&Hluz9o{+`ysTX8^Q^P1bf$1t0(Yq3&uE={CNfds?NMJzKI(b=_!RxA=3R3Z z?Tkr$THm@HJ7mXZjUY32Mb6l1#Sru{&Kq0n z!KQXGXZ(FRz^IJhwr2RA}D#i8!G28vHZu`h@> zm#_y(aWn6`X9ytc#9N7jZagghOmUu!o}DjU#@~JTm`U_l3K>b$e&z9*Z7YvgKcc%p z)ra0OF*Wj{J&4->J3+c?nsdVRjV=*hrDsZc9*ERm7@rn7Vfg!?t6R9A`w{szKSk%| z_%?@p`OdXHy#<-L$LM^gg>Z!=tdxm`~#{7_@X$5}f#b!|**2AgQ}yTKD$H!$yIbPqb-zjkn|Xv?$B+yP~tqZ2lwC#rO3 zr*a?YisgLQJIlF$)#y3(fvs7A{LY}>?#!`xO6SZ(iI++4bIRt6^Q=wM?>|; zrIxO=zcGidTI0RSN7J>)sQd!^&)Sp8#G5BaXZH(;AFl_;ad>4O=fIY%p*~jYD|`>5 zE4r9dki7IvdTxGrDQBazETPrM;QA@AdW$jA0Lmw>MUM2Ogs?1b@MmDdbN% za3f!QzCiUo@Qr&$muyPNJ)aO=S3~?%&OUJk>^mxS2#3-H4(d3GB}vOBLyv!Zf?T0Ut0pv zTXSgfi}{(j$;j~-=)K>|sVtYj`_q8Qscb@SO-`OZL;^4rxNzmp9{E&-_so>(; zzLTm)c5V1+a55Y|Cgs4s#>0p4O>*Y>$((oZ<6X1XV*~B7puL$NsuHofRehfxggQ@^N{A*QCSN@NC>~o!9hSI32gr z_x#HN^ISSayoCN+NB(tMd>?g_`1Iq3tNq}4RZi`P+9vjSwWprXVd@5W_pg0)4+3iq zur}wwS_7=j9;`J!SZjba^V|n3Hh7)JY{8#aOi@2Z`!~Fty*IvoSMDU&m$UlpFQ^?W z%jOK%mK}4~oihB5{}a#gKiYpdRDTWr`Kff5@1h#+T;FMJPTO~AYkd^yI>)2^3Qx~j z{pQwtWY?nXpfR|MR#E18(1&y;`3%t$8AE#ZSi#63gjxzUNfub zragu)Z&x-@txL*S~OmPtCF3 z+vD-xv*4UObATN3Cgl^>x@TAp4u*Gt_d`ance4?de3Is7I0#ewnYckq;IT)tO0EaN@~e}91r?m?WbdigWV`^(Fb z^B>_G@V?g1EL|-AQ;$FwaJvgW+Y`d|yOU-hgvkK^158+&{ex?afldscCe;XiFN z@Zx{eK7XUeD|X>4&5oC3tzj|tRb!~H(X{o?brWX_q)pqfXL zzvt}dCUa+HS6 ztLA-c?t6O-PfgW*pko8AbMJZUhk|KpAwJK7OQ31pj|_~PL{q~q=LwuEO z`}N(w&bA%6Cud$|)L*)EDRS{cJ+Z&-0d%3|#an6n=&tY0ee`m}$5S~YrS`ec{$TE- zk3Md2lI80Wrmt$`G~3s`yML7J>+Ub+^p&7)!i8g$JAb}s+upZ(W43MO4YYl4Vs!4< zuWd2oHsD(_|6MCv+&L_V&uv@LH;F7&Bd_J&xg3r7nvKY61o@gqU(&xTsge3LpU2Mp z!Q2H8Y|6~X#cP3qX}^3}PcLX)v^9&@%JH;akpF|ZS1sP?!j$2MvrOBBdDL2)? z-Z9mTN>3{%BK)2MpCs>uL) z35GPWjQ(~5tL}i){#W5(vk!l1`cRFk?JMMstNJV9QaKfa&u@ai1s?wBvk(1h+o;c9 zGyYP|>&xtwg3p`Tk6(t3wzxO}ycYlJ+qS(EoGqYT?)(#<%hHtCh5gpfKtqK~+uXaO z_WN{7N_bhuTor#Yj`k8I>X^r+k%8~cb^A2uM)BOjAh-h1MYjA3V9|apljoFw6qyoD zGGF-#E$|g`=jAHHCePRE+vB{DIyw0k_{g<`gJ{E6^&(@K#gb5~^}IR)QYGUM>o)xYp1+*E6w zrQ+h~?+*a;9l$``@6KaNwBaYri`Y?qW*K@(`#Q?dO9|x}?{IS!skZ|!@f^Ht z%fU++yhwgiv>iuHl*uzLfd?hi!1+b^gUzbv{&(l_GtJ>P=1`NJ!)2NS`MY7~aN7sZ z;cs&0@a8;k4zxW=-B9ivCV6vMjIO`NM+f3d_%CGSZbc3a8Vn82jXo^+?*xAGqm~Aa z;GcaO`0xB+_-E$8ztzG|+x;H=e%*cSCdpGE_NM5dy^`c;r{DvTb6u;P>#(&-*hoV| z^vYZBa=s^WW#3nRRk_t>uU1LA;~vgd)ZeE(o%UmNxhvOSH~YWz+l$i0*tAl|IdL7Z zC=V1TCSCOWDf!i1Hot1}aKAXipI<$sdeZxa*L%S0oGe~duWIUT;BCKepA>K3^TBxi zeQc=Af6n5Sw#zbjb@6w@N5J3rJ_P=zdiZPb@Yk5Z-#r=p{U7irf7ip|&;BoK)CPz1 z0@1TR2#32)#o?90VKX?Km&M^1g~NH^YB(G=e=rWepM%2_b3NIj?I$b_3mB7nTvL~G z7B+(zzhLyx9JSUS{+zRI9RAsOe=_#NzrQw)?cgkkXj!SwI}60tp^HijoIQ((sqOx0 z<&7)Q&pN+Gxg7aETHlh-PrhGq{183ZfPbbsu8F)Gq+gwN^%iwQ<$O2wz~!#JQohZN zg(pSxp2QxouN9v!v%i0Zu`%qqWPIh$wFaJ;h(0X=*X!W3iJp!u;V-!w>HZdADb3m2 zy&PENJFPIV1Y)lMi?I#NTkBWx@`$NN-U6OW@X6xfR`~q!87@AbLeAWH-(A1C-sH@D z`vsu=Ai7m`D}%pee;x3dz4y)eI~bR}Y9piR%UNSVPSfB!&A4gaS8aWo_gCob8SJ9` z$=Sde;OqrriD~NVU37FLq&nxSU&WbcVk&dJ)LXyxa`Evw+(+^U@}KPYs>kjr4_d0f zIs3f!`}U{XeO~gL;O$nKG6H-GEdD|QB-wdSaOUAM5lX!dnY^Y(QubN6yJF;4ew z*?nEI-@+k!`jFOZzHMrP-TG^6>aMaUz546s0_9|OnVbwZUU?_C4SA7+f#`2{Wb_FA zToSz++UQ)7{p5=@U#&%@;3M&a@`x4i%6`rc((~`)7p1|KU{6B}t%2)v*L>Ez@L7JL zy%zMLv!y>V2l+i6UL|8A;nmUbgC}E`cs$`>-@Du659L#rA`||z0oEdem$64YQh>ii z{>u4uT{>59RA)d$Z8|MHEt}8B4^$if=S?n*X0!`@wkpq7Tl0%i(wTJe4fJTYM#{Yv0G*Pr*;AhadhX3+~(fllQ^TRlaf4 zIrtGz1>g_W9mqyFd^UfDJpF@b{NFS7)!?%vBcIw=Y-ItwnscN|kOA?Sd_(E{@$i4i zy@4HyAsUbs^tbsv$Q<`4#C(Yey`bHXZVX1B_oOvz>6ujqr{VsM9!|%DQ`M|<{)M^QS~yj%LGZfwo;k56 zfLrynTJuxgV;CH5b%JfOQ6cc0@5$R{`qa6F8Y_$2d}=VL!vMdkIqCv;-SlnF55ezI zeN#7jq=WM&{uBC1SETV1TET0IcU!?L`M%&{+4pffw`7;`ae#&pwfn7e8*rua|(s;c#o^NBI2$FbBcq zOl-V#mT)P(l|*mhOH|6o&Ehc}i-JS#HP{SJSbtwTdfE>+J_Q+l;Z? zHF$6B9o%kWZA|)E_%gV{w;K*u#eQ6Ic7W{1Sc@ah2{_$;v8CkE{pVZc;^)2(fuB*L zDgG6C7xu;kZ(o5N3ttvj!kh558GQNiG)s7@`fzyqBefJ}ov4+4$)~|n96xgiU*YEo zS9!pqb8W)V?J*~>^Dw#3Bfuzm-Eyq?jfG>-<;Y7GHqHm#g`NR6qi67mht)I4&z~R* z%A4rjF5Z)#kz6c-_ErzB^z^dyjAT}NM!HP%_($fYxZl`h=BBfGgTN`=tp+Z0F9kZk zo%3$CgTEQT&po=GtBa#ly&Hrcm?1#|t zgY?;c=KSB)XP;Az&xh1!<$gR`zaKgMl*J`}UJ_ll6MV`ykdL6V4eVJO;^l}F=+s|_ z-^|}!eMcVL?++T^kG^zodU z=N9TTTdC2k;+ccKlz)_zjW&E2iv6{Cs06stzq03z*qadiCckDV&$+$@Io`E8$FhNO z7c#zd+YtX3{+DdL30^ZiXK}^2(raBKJl^y0CEefQ)BQq;)&G4t@r>}XNWKSSOVKy?N`-s4d>SOPRMhhlBCme4ASzb-Cuw*g7Mkj-2qT$eM|DnBOA$Ze)xQ z@}9>W&$fxBkG?@4yrOcr(L0&^qApk9gxN;OKhv(@JVd8`1YJ4^XSlyfb#b)#ZWH&e{82 zy6|cr{RMNA2Xn6fo_k)O?2gWqcnf$e?j8nrW!@Q74WA{hj88VWQ+{Y8K3(n^RKU9~ zhvlr@+tZ_9u5w8a%kl*_dFX*pNo+>**VS% z`-!Dfx$0)mYBqc6H;GQ^vF}eOcP@rj!_mj~J1Up{TiyMYr=!1(e>#g?J@cy1zU7_| zY~=wO?WtpZbvZgfdQf-Cg^~R_&hV&auF^Mp76@kN+e2N>5ShO5+z*s#-IXidJ4CKL zezfy_jeZ+EU6IflN8a=g?AOLE#>a-94|#L9d8pIsS7UFo@u2dr@}(?4S$@}lSs_|WjL7iWc#2gQC{(8Y>3I5)C$C1)jb&m(vDN$0wI6~Ax~`8Q&Y68ifEvSH&v z;?OqMwuw=k+D(r0w5w+>$=DkISok=HbXJ@3aY{cGz4|8dbjBA7$FA`4b|yauPG;rc zWS`IGWcVE&cye?$J|~B6^7NeLlEn%8kNxM11%|}OfmkK=U~ zC+FyE_FbS8oNq}7M1Ud0*!I4aMZ~_<$h>m2k$Q5O2EU5=02*7;m5*nR=T!Ekvf0HO@dIIwJ*t$(AlC;_TQuVL$R|7XpK#9(^zA`c zp55fNxsy>jh$HYokUh$ax$|e6bUkxWE{-(|_OOKe`>2svJjR@tX?}~4kCl&L_61=3 z%0ljWYaJS|hvDx-&Z7H?FHPp<8F z^&6@Ou{^JLZ{2xf{X301L%H?!KyYlE>KQCfggfe2uF!8Gek=LL^6e$TP(OOGHbtA} z!eVGsJYZ`4=X>~P%tUBRY{Dz7O)Y>%^SNul;4K)l{i>~Eltr{p1J^3*P&l*A)WP&z zMcm?j7tDG$K|i*wdB6DBGtwcOslR%hyMA73T5{}V@K_i|7X(WBb=F-EwLKfbb36Xn zE7V%)-0?!*eYvUW*elRuGVdPY48j|VMs(g%Jfic+JZE5bfU_72oTqzdb9dh~)>f!7 z)tv^?Q;E6&zEx!R^UrC0RX*#D1B;v+iSuq8xR!DD5tl7QzsKi*YafoqpIVpFopcX_ z>n_@EX5RVmoxSJzarkW`cr^HeFC|m<^K@_*pCf+Ny>{e8!JGQKhA|iC6_X1Mwrx^8 z>Fe))`n!g?wls}DrZ`ji92;j=(4XYGcQ*AV(_FvXJ-5Fo_O|9W5Bo%as=3UgPg@J6 z{2eks@Ev5>)?A)RU*F=p;m^|ZO)Tr`EBCAo&HWd=WAMkkUeR0(EP1gP`5b5}n_gyQ zA@3+Tn_9!8&|dZM!odsBFx*rzeFo1~1dlzVI2M_#oypu5ahKL&=5FK)Kd(f) z_xnE`1+K1p(RW^f{69B8Kh!=dXRGrA%N^-rbPPILIm^)T!)wZsJJ~?lP}x#yUZQVb zLEpp}c5P1nh4RDFh4oI=ul#l`*N$)S;Iei+*MENHV(H@S{u9+eq>zbm#m=5MdPa9v zbfFu%(X(k}-Tq#{*oD}PBJ?)3N_$2iD_?_l1s8Bv1bUov!}t7#dA=M8M5jQX!lk!N zF9{U%FGNNs-raQU@euOH{ObQ)y8Ha-)}8o%(0?3l%jrYs_9`}8!Cu2z#d&Ro@TC82 z)W}^G$Beun%gUqNIz~K(j{twGzCirkh5qP9=l8;o+DB_)n}JWy-B+DAoM?XJhCpOp znKPnIupPjcDFwE@tfO7VT!PrS0>WS&<9u$S(*g~m>Pj&bcA?qCi9-nZ*g z%Xz5cC{VwB=;eF)*8g%|Ma_R54fqp~CB>zp0 z|6=+IBeyOexcg}QpY0v>JqAb0_k?0;^Vz+-KEdZ3xG$wHP}EQDXKkG`!t4RE))_{4w zpXW*Xt-in+s4k^H@2+8Ddb7R~InVW(W_4Jf$>qUL#`AopL-Mg^!OPbnC)Xn*RkBay zT3+KI7RQ(>Lom9xUp+ z8aa_ZA7T1KzUXh<8Qcp;e@Bo3X!@G&tz8D6FN4nm+$-C}IBPTxHdf=f>+|xfxjT+$ z8@zFP;SoEQ{JkZ#lYOZJ|Ln^#caJIlG%#XM9->_koa@;Gd=}3ox!cFj+bQ;gehHq~ zPObM5beyHhHfl4BZkq`GonWV-KQV0e@#PPu#0SK!@WCO;RfR_b@quhy0es;4tp%}V z2KKy|>NIyV2tDZw>D{j&v9_6_s`&WYj-j+!CB~LY>3u$x=YaC_}&+A2B%#+PL2j2 zXQ5-xMaPUqCzeph;yXLT;h&8k9)N%R>j4RTZsqn+YvQ{ul9I z`d|2R>0S)1qqq|?pBgmnDI7_Dz}YhreYVdT**^uGHR8X@N9!O~8-bs%yN0@WzYkwa z`nBJ*Q~Sage!!kWc)b{&zlggR9!7>Pk)OBptJ5DwR!f{w{iWntN}%I7cx%nw^~Y{R zkGvf!?%WCQ?}Ybv1_JmDPE_mYg~((vbbpI_pgO0x{}y1-JT4IY=!zbA^9VXZYmc(Q zUFGO7?xhfJ`@yjri;BOCV^^;7co*EJYGzc*zwIh_aohtx_q9hVk04k5;GKGY&YZ=k zWgLyShV|`2;9y;kTzz4G3cTFt6n6d|xX(E8cMrY_%!Tl=*0qEOmj?iA%6HM}Cf?pFSu!YAIDvVYGxp+k6sGi6&CLwsQWi64%(y8Dl=M@Rj!b?E-1#B<=` z8D{|P|Bi!P?oqwtGw99dBIsYY&Zm)hs16%Gih1q8XJ3S0R)POEeoV;tZ{ndv!ujLa zH)xu80-T5L+8r;aJ_qMp^BJonp&k{I>@m=5y%AhzM4 z&o(roYvAcCICfY+=joC|k-OsGE*sGA6o0vl%{}tQx65DVWX4^RWp?(EFxTwGP z_+YJk4)tk#f!45Fiw56x0aKd)1>k%Q_bE!|`kE$9f04F_@u6pf&nWYE>qLUFU-RxM zyo8Pkv_cA(l54<%pUU-!ZQQ@+W=P;q7U*dmKIk z4HPfD-}>}T;vICH>ey=VowPo!yr;EiqE#!jN`d1V&yUjQ->BYU8hLHQFJ5k{#$7`k z;#Z?@rDG3rKHv~JLdWLjKmWJq|L%?tp8u%-=KLT1u=8i`D|6=lypQ(MA(sA2v8(>` zS{2*a9HDYk325xvIrkit8`#sy8Kfq*k*$eCJNK-xJZyp92_pkqJI#;9-!Jy@X!NBV zIAsTIK1%VK_BQ(WCyOt|ds^q(_&LQU6QlQ0FDsc9U+9b$%adcFMH0Rt?`!Vlm8;bBM87r%ip_fCli2;8*nNFpfp7A}-OG-t z57tDVo{hfJ9*#zAi|BS_Hg@_d>^J)5exFaaAN#8OgM6|V(XGh-m0BZ8bH}A%Q||2` z^{}ehc!ECTQzPuh$j(bOpSq)?7u()<75Sst_)^Tfld1#Fq#%3pE;-g0Hd+7mJ4a7)s#^`{DRXb4cIBm;`iH)yCn?@viLg!d)vjB<9J_ z4w$iYj?mwTX0zRQlo#rf9Dtj+hnEC%Pl5wee+O;^)6L*h^(+V3Bizj2N&F=~=)9R) zmI=PO-Ot=KFJz+j5$4s)oHU26;3grvmR(>^>Tt($;4ma@sjQ2 zUKzg|IqHFato0)o!B`*fAA!aZ?p?CJMb-PzIt8t@24U(9!CM*{Yz59P=GBhuw*YG+ zud>S8E7Mv9qI|0Q;Io> zC&V8sL<8)lay`<2c22*9j}&Vvw=dgaY6+QBO7jQzy2DzrjQrX-wQ4#qECDZBIg|bq zKe@Rqdycca4(Na8j%U{L)~Xis`fE*nCV0(0n>oz0DxSHzDL*z{;{(eC{`&gcrFzdR zhG}~l&m^nLu}tB<5aB-w9^PtNI-R&Pb_V&*!-3*uan^Ro=bbyA{Msn~x-s0SSe|P0 z;7^Si@O?h1S|Fn@gR!%Ceu^%X{SOY+fiDotTYu{nb3R=*pQ{|MA!GZu1ftRJXKX(@;?k&mA^AwsgK2m`d|`6}S`*T9 z@lAB$)~+Vo})QX*ni7=gSDdj z1fJ{rlhhcEBlh_{viMJT-*)T|$l^Q5VtZh8e-NLu`0KYGYY&`ZWRZB^$fC>BKHD5} zKWh#y%th!ma#ym!9xVPg?ix#BY!y7DIPwnu3U3eb{~~x)aEV7RS-NccA3|ruK98?e z5emB9 zdDZ5j*wmYe6&?O%_}9dX+4T~CykKp#cujs=Bfgr+FJRArFk!ofNo0hQFkZ*F< zEAf?5z|u3;jWhn_X?%8Yrx>FLyP(*@#2N6Za*+A7-G`kn!Vg-_-Ge>AnMZAh8>8rs z<#25O9(!h$7aMBb0bIDWu+LndXT)&$0WY7B1Ij-Bs~SA$ZihGrxfc>1^q1`N8?@ zr&Z0IY}Wz&fD&X?exme!7cypYWZ>j$;tAeQAU{cPo7>-EeD-qq{zWH^hQ#ZwF8=R< zAH)YuO-<7anU%SF}^!{zs}|;8h{O4z>pVJI zetrNS$G^U2*VLqk#j|;=Cx=;2t}D*#r+}|kHd215cs$Ddp2r@irI&babFTAvZr^)e zdt{)6YqPXRA{hHy(Hs6q&4w1xQof4xnegQH;o?o}Kz{vE29DbC@kT+XB~1;}$!W(5 ziwZlp7Z-LGg<0H~J| z8*t+RLYM?c-jMVIWJ{1?s*+lsx>UdrvV zUFZx~?<(IQ*z;m1IomLfK9C%>6GKi$_oy~OYtSnT^E!p+t;KnrD`~%y9JFL9cwXM4 zaWAi}-{YJ$X6S;v@J_Uw`AWWi@h)rO9*jmOAy;b*KdE-qiTz*dekO1p!Hb35lTe)B z`4X@W0z*$h`-T@857}xXhxginF)KExU+!d$$v?XlA4GNKe@kDvxrC49@bO$TUREFP zFzW$B{R#OJ@+ortiGTUtss4oUoq`wr{=|Kc4)rGz@JJjUF>9dUryHNbpG%OgS58(j zOFR6q6C3dyvhy(bEEtQ#_38hYrS)d2kmk%3SV^kYsNrHg1IU9?~EIK12nj5>EteBz&r z`jVgXOK|I#H~;5$CzOf5wNGIM@Um6~yeo&mt8r6|yM%ESe_P#`xmVNk8C)MSFSbIp zVxB+Q%;)#hY2V}=(BX92eZXz?*<{X@%C$$bMY1y+%|5NmqhHwS+8fpe@H0n7cW$F5 z2zd{ZCnE>D%hsQ*BnPWJMjkn`BIe@iVd4ay-9_z~`n2!syZtCYV5 z523<5vrZRgU#PyjeS~98UVGt({?88Khb_FT?3i?16>A1<*nt|YHS@dH7sC9$8l5-G z;a*;zKYrH)@7+-URIM+-SE@;r&XmufKCz9jb>CHf3_s+xRNk>?Zl-U=x2?#`Eb$x9 zwJ!KF>w<-WJZxP-ehQI9(ANXlSmK{$4soU6 zC<2Zi;7Eak!@MIMDIAsGJ?WTg0u0}KwpVspczK)kia}%`#$SK`uYj*L^uLrb6>l}O zw($z~;1%Mm67H9F&}~}NbJxG}V?R{QA-Y<8@Pzs7+JWunv*N8#Y@6?$&E~VaZ|E65 zD_`UOF8?h*w!!@F_VFV=`{hUe?SYe7nVAM0xU%M-m6syonql+H=)CeDxiRl@&hu7o zg}wQ;(n}^Uj?T!+)OpdCEsO)th+mEWijLCy&T{Z4yJyzgv8~F5tpe9o_-RwnlL>rr z@vZEe>)TLYxD(lezp9*|iIvi4!C$mf9wSK`+2EJPMg_o0_KW0#>DYu{oo?OXKq72e&+ zyDwes9O}93Popo<<`6hjn}a-S z`1^kkJo)+A;6VHW9*T4Dptx3z_wXmf zV^xnib8zq{s;Ru0=lMME!8em`r8Z_=-@W-`RZBYY%=ET6OZ>FA zBoJN}K!*x12dQ$Vk#LkBI~yD+ zry{=4dZ*%~u8EPotRwFw_p;aITJTLC1CR0t{CJXXmh9@UYBtKrT?n2ccs-w(dMWcO zVty0OFC5zhd{yZ5K42b!UcUCb1!MO)`OC_fXR~rI=z3${xOcWIl-Ic!p55j+=8S*& zMaoh1-Ftj}i|)+?o(#t=qKPo=%|bz$sUcv|}ZBJ-E?sJ*`t z^OyV{f5nS}Wj}g1gw0n?P@NN6Rt=41Cj;cjjYXK?(^VVaDY$Q|2AVP?-kbF86LjSLFR59;WH$B zd2Q_ZT;1T&+GWKee+^9dQO|G>hL`sq9=69WxaN%)FZjkAJt-&J+jR4@+c@V@bsXc% zUf2*0P;=EZ;n|gpt@sa{TYC*KsTS)naFrvgM;imtcWB#HA?-{PUw~v`p?pRc=$8?=aZ+~{IvJv zDfc|-9jq1S#vjUuh4Y*}HP{@R6EiUh&$Tyym2>PTW2n93ov5uV-G_eL{O0lv;$t^% zInU%yCTxQLi2LM!m!l_A=xyO4eHHo?-Fl9AA3W;5GQ&Hq8Tm4M^fNw(_xw6+cYmm` zbL8>12X7!>ycrnWTnIH>=;$=Ms*AN4^iTg0{A-=npq!d=Yqn-SSp}cfL3pk{ zI3qoaI~LHX$|2O@Hy*@ym;crc%;;j{!}Xv8dhwY8VaK$^ezXsw7)-} z+WhD7)AAV0?r~blST&3l#!r*{xceepyLFOU2FXSZc+q&7oRo(@@zGvjkw5=S)f<6( zlb_@BbNrW{%;hD?pjrDwpZwc# zWh8UB7I+Jgg+`|!*1O!Z{(i0M?{!|(KHk3$yEe&j*J`%mr>w#!9b~SmzbqP4&^8Iavu&tPHnq)th6g4a zUQ=Cya)JHgFW|V>@B#J0TH|5d@xZ9qP~+=t%4T8{-KW%uf5AF3^|tw)+lZ@My>Vyo zTOQ-0ZwJD_YVY@4#XQoC8)~XJCLh?%59Gz_&3L}Ny@yj*HmT3e@LDMLDL!vAxaN!+ zV(J~}(+9w@Vo>fnxZ+p9=kjGJc7|!E+J|6lq}NB8`Rnp_KA-(OE1UNzACC^XKdh$E z)GzdrL;hpUh@t1d&kqbF<^{+_1qR+B=hJnNvzg64t+3grC4R+TtrNd?b8b1c`BCLq z;&ZB5ud9X^R8JKm2MS#Cs>#uLx(FXt`Q|G0(M?)Ms|gIG(4*bx(L#K|l7Q<6ECnBu zW%=hfbz|4))7G4*2B(_br2MdV!9yuItGMogzm)o>(6MKd_^C5#uRM=zO(XbB)Kr^& zU>#a_bUqu^_bOze!tj8*cC7YldmZ#FMQ2Sy*Yu$qi{Q21P-#r@qF_)yR(-1v)upL6 zVIMwxH}Ag88i{_>JNjMcqCC$YqwS2NT*U$86Bu?G7?5A-dacPzPmcv2BNN~&O`mps zUN}`8nnu5+(76rpp!~>Q+6sTlK_chOOEyNio6VeA~}YHDZD;o|M#YG<~AyEy)% z;+^z-#>IXPTRU?Hzu(Dk@T*|e`Avo3L1XvLi3~u`Jz9Ukwrjuh*{c2N1Kyu&-5j3l z2ky7#0Y_j&e-Qm>)?%Q7uA&X3)}JWQOT5~sW#pPXIwzT5f_aLL z#mpfNyb0#ur)L-b$2R!izN`3EvalF@-0b1Q&=Z_I?$xghBFh`W%byD`;Lg@X$uHR}<(N6SIor?VKn^@CGP2;>K>|47Rw@LrWCwA9~q$fkMN75(Eoyqc} z)K8jwpt`_s03Li7yxa5L;|sVSiaVi7oWQaGbW%KAMLb-FE=@45ay0S_rRVK$%aKq2 zZ{$$OHw9S(3U$t84X6v4HILEG39z%QV zs*VS4Cr4YGz<*WzQgyt<``)~p`s1_7GrT_D8QZy!=S{q)c9O;SJh)9;^09*Vy%YOB zrn$KNePg%HmnfbUUAyO-9MhhjEkW!lHKp|T679PA-i<8ixp03iXIrg47rl!d_SPXg zjjoQZqmD|svu zYjlU{Gth77I?oxXk-Y;J)t%Mxo^+4eL)U>We1)z?^uz-A=yK`jmc4>W@VBy$Pw>b# ztU-RY-d)ca#AIjpFh|YjdDS|>8!6@`y<%X37kbe-S=ilrp0H$>zI)MgeV+VEH}%ay zcG*j2_!S@IT;LVYrhrc|Sqk{1L!?{cz}Mm&n`ZK+z_{iu&Jzc2t((=0Z|-z+!6|%v z@=KlQ2=@+7_-eTmY7;*TR_UW8a4X*-nHj;HtPB{P?45gHgvq@ z|4wEm7eLWMt6Qu|2vLXv0-MH zm#9p&r50QH`}>tZ@Pe^h)ZTV&%Up7UXe-+rQ8EAb=X}3s<~x%KYG1qm-=Ehj%*^+4 z&U2po^PK0L11!WgL(h{h^vjTRiNUprHC!3mpK@i$%RL`UDEDkRNhtJ6Oq0I#C`^TTF|K?nAV)IPu@^Y`w;JV_~)3WawU0BM! z+~+^YHTgJ`d0ykr(v#@N8OO8r;}3o7&29bv!Ly_fGxh&*#+GFLUG z*uSL`9F}vwkj}=HPo%#3E09rW|MZ#E4kMR(PiqAR;ITnuqa;w&vzPg|`=QG~sVkG) zLacSH@bh$0?5E#A7I{Z8Y+4rK70IIXf$HLys)iB1(KEg9x#lX zJc2AV6St}!(&WWv`spS8sThZK1JF(RG3_6yIEt7trnLuJU$Pim)JI#=ll92C;86`3 z^9j2L=vTU4GC5N;;dd5Y;3d(epZ7(VZOEm3ZL`P06hAD5vHgN!3NWCzG-n|iC53;+ z(+@r)j%qmF+{Me((1`|yHhRWK8~N7>aA9P&+oegatW{oqV)Hq)k$Zg}*K@C3oPEv6 z?}u}*#V?4SlY6b>g6MRv317Lge9@n>WqBfacD#SeM;&YN_JcP$&ktnQFQD&iPD(kR zYUwX%D4*g-_z_|9QhU*#OTaU+^`(8-{Xfz6-qyhC7HG70FtECBUHca0a+Dv?zB88R z>$K+#=d?VM&TqQ7qjvAogzOA`kBk(dGm4GQ=t~8neb7a`Ah{cKs0qXOz8xK*brc%+ z)KC%gmDzND;X!l+?j?BgT1Q;&4BxC8N%&FE$d-yH`j9*6k2v-~x?cSY7qT;k z)-5i)%uhv+@J`{%nPxqwaPt^4RS0gLZ4JCQKtArdM(4$mrOxWYsCy>U0CMf>m$1<< z@}o31>78EMlYLgLn&2&9ZbSUr&pt8m3i$#z{?lCc>F{vUgHyaK82dSMP`MV#m4#ik zY;oF5(7qpbw>{%;?~=d$&mYa^ANk2U{+Qt%)ph-k@JqXSZedUH)$*-n|6Klc^U`tjjsJJ<{dfA!{L7xww}Pv$ zrjG*TG}WYir329=$ZmD$i<@el(p5=n9`%fJ@y(n&QQdW6w3;}~_-@#YM-P#wI=698 zCC?-!bI9I)=A7>X-qK!Yb>i9fEy{h7{JM8h}H13hF`6bOc zQb(-us;x4|*>lB>t0e`S>B4`%cH?Ga19V_+hf) z*nZ`nWye&vAIgczZO(aD9GT&H)yXOzS6;`>Ifv3Y=Llzv#BJMWP(KL0u@#$YsgsGo zTe1n;`P7~x#3Mb`?D^{8|M~Hq<=a^rfU`Lx**e+gKmW={ljOw6@DFqFp&B|rK5Pwu zaH08~4sy}Lh3sGfa;UkurR;mqjyEC}?^IXYE&hS0( zSaOoVhs)1)zQyBbi@)FeKEu<(pVs&K`RO1y@#F8^^3(nAz)xqrJAS%U^YY>&_`lD|CHZ*3+ef4&XN)QK5mEfCG1~EI-w*$OGFsoP{6Z7C{(AlzLe4SSkonYR zh{vn>{t3n_-KhGF5OQ%UzYU*uyE-sk`+$D@vuYnIsD0pF^hR{b+Q{+C*E+{b3o^A2 z9|H#26~U=EuZo&~ljm4u;vKiH#)C!l*vdGjlIzZ@ji8U*+6er{Tbq~*M&}c=;S*vf zrO%khr5;K8r{QbZuualI<+RD1$GjS9E$XSY*uJ9v$!h8>_LuG7LacbJ&Y1V(#K1u; zX5pZ(RdvjFjMYB5D${-~&pABjZ!0TKfv;q1igRfVU#;`;w59h#<4^^>BWi=49MK$NNc2QTS`ql)xQg&=5d2hY1`cqvqcnP{V{>+IyHpb(*Re8p% ze4JmutT**_?~UIs1D5~W{3d*yo5OFC;ih+~OWM%^(j|T#8%qcHpUEfNr{}@*BR<*o z<9lTee~Gu`!-&7+YslZSJhE8)1TQg%|6+*xGwF9fKP|||PvSoxKYd&0?!r&j^_y*D|>dr2m5|CaV;bNj5z>9YYGws<~pa4a9#gHQCh1DtA} z<+FV1_ig6W-Cy>TIrx^nxW|WQ8xPs}x`VUi6J+M=`qz=$X~E8X5r3xvUb@R+jt)Nf zoI~A4(BxuN2OylfyrJ6uVC?6ssd@f9{B{?-@kMk}1G$zK@`mfkMJay!Tx56w=bNo{ z>^Z}3eZVQ4-|27$WrF8&*IwB9LixRY+ugZ^e%e&~&%%4^kGiA>2g=cL_IuF|K;> zaWj84@H;RF9>FKrH2wj`DqpFXzp26#zxAAv3vbRQbvbyw);AvvzMARF&PAPQ*$`(QN;>TB4)Qqoy0aYW#_2CjU*Ji%Pv4p= z6FxMjd4$>vobt)0UFxN#(XQ&x!zb3zZkTpMu|@cCns2z5b}b%l+u7~1eviJ?RyT8f zm8_ee#pk#{3ALQ#dS;(!+i-*$i&AJjbQ60=<4ZLJ+??V60tU@TX>Z%1+Q{&2fpKlG zRyxD4)klVZ1D*G>|AuNYj-oS<;9Cws6Y_l?f1C;)$AiaHsKuBN8~K+Lo3)>$YBYzS z&2Jd*YvAWK-uVr5?4q93?!R-|N$4mz^_K$H?ZB$B+IoY9g4g47&7p~(4mixE0CNhM zm17m3PW=t}P9Lnl05(0VJc-HC10Q?7o*|soFh3x=vTsRG;fb{y66EaFzvhOK#odR| zXLabW3J+I(^t(fSB2VhG-|KTfdP(_L%`d5rA%iFPtg;^fgL0>ut4+@pRKUZ$(=Yr$ z_vhc_nHu1%rEQ)Qf5)$dZ*O+8WW#OS(0rT{~7B3ygPmGdH|jYd17!CjU=0f_t%VNoXZI zq`i9V`oKbHIuZKGzRUjK*Y4&XWQPXXcl}ByfLw=rDzJS6@NYk|ZRXj4)A)|O*Ux(k z=tt|!RadBfm@{S#O0cJxeLIWUxASV|(KW}`OTH`)@5|3zt-feSea)iYw1&P^CoxTR z66mUXp?mMl#ytiv^etP^?i8(Rq^5m+*San7uGTG;^fwOv3X#ujC!cvQG8t+lKN1M7 ziu`Hh#?$Ci`KKeS(;0;S7~`JJFA!hTZnC0rkLoH)oq|SDD%U|xAiQcu;f!AFWCFfxD z$P3c_5$D+L;9fC*?_r0%+u^mJJM(5>U!TF=Xl<Wc!BwtYtOj4X>my8CuXt^} z>}v~twr$BSrgI!Ycb-W4OME3dbbl^qotgJc?mNWjS?l@!Rq!B-t`F+Ao2I|lhU}s0 zLA4jI=C3!fuSX?wrrK|J5c^odUKK}?x5~h{RUPn@=I3k3og9(RNlnbXJU@WEEOCn3 z$nRm>3VNnv+n5h->nlQL$2-HltmXM94;H6{bpr5yi1=^(E<#Qd)npU$4H*wXv{ID*|R9J+?j zX--j36MBJMSkJT*ts5E{^Dl1~t&V>`mo^F7CB|(lW6XYfXkN(wJNLcZ->zR1jy+C2 znybshv3Av_LC1ggK2_HdOW!YyZ8q17V)yfzOYfr|y^o0A_=oxEz1>G|_5?Tehq?3) zJK-#PzX6`bdv(xTep(PZEzd{q!;&#@kABkr2A19{bLhR-8J9)xAo^AGUXep@@s-tI zqWACrp7Yi7(VKqNr=hp{6}^EYm);woGyBH(C{N<2bFS?FgT{-#RZKV*tw+)F&!qiD zY1)QkWrnuw&+UDR_UESW7sk#s*NbAO@;R2?z3jK6^)B&SRz4$dJ{WtPkPSkYZDAc# z9diUpaEeVBS|Qnl?&6DD=+uIKt#QKmUP0DJtlc14+s{4eIjvtw?+0vSJMJfFOEIqI zAQVFwIkETA0iyHk)E%jfU-LQE_(py+dVHhu!NBLAAE>}C;AV85*j>Uwp) z;WWOJpBy4jM(tuSb~8Ly;Og*f7}0-rPVCn{7+hQFn19wE(!8aAKFoi9`gi*5nl5*q zPqs2fd&jVirx(1t^V1JP5C8mx+P{vy#S+l4gEfjl#wx!;=P_#CHoW@M{o9Da;OTny z{V@B!Ou?TpcKn_9yxqk99uEeb>n;MTsCBSp59_Q#$#V^U zMMIafda>|_T&gy=;XvlM_MB@tGq5^=4C%gd*6H`I3#8xE+(pCJ1FQFW?F8U4E8pa} zCpR3*zLx|R$v*M+WW!50C?2hhRzASFiJTW7U_HyeD>&C=a%D8YUM&gy3Y~+Jz_-(x z3{$~dv({NL2A!p)*rGt|Rrp;?(~m(N>Fi({bjxxb@bwTfOD!1Us+zi`TMslVVj@ zGr0e2uBEkCLvv#)wQ`KoLTcG9Z)f3K+vUkPC z`Uy@n!nLj-XS4Dz4o>ZN{kHt<)&q<_AI|v6;Ih@jhwv;sYA#l>!ftRPT_IW;{aoYK zTI7uL-*U#8J0E`#Ui0fe#+6=I^VE8GU#3R0kB@ggQcI>E>BF^N`>&41U%DNQTjRCs zeO8(|q3rcOb1hxXt_cJl8@K?ImaD(l>)YyXKrZzK!*bQ=*Ee)mI9g zrF~Y2W7$_1*@3RfloRdvn8qBAuDFIgH_sUufzS0--F&6&?{WIFdR}yx=F#CHj}Df< zcIN2s`Ox9YB8`n)BYNYZFVr3HVyxOPtWwwDhaF#7e7u=!k|+5!e^}+}rTD|`Te5ut z>9A1jr@*4mmwhm$?eD7@Im>q*YOZ~eF4y@%#Gm-F;AOmHd=cp|$!_2aOOC%G-5A8@ z121*VX(zB}Q|04=Pvt_C2hbYZELc6c5U&2i2b15v9BXmwD-V*dcza@|zEX9LBa8SW zHXR|R9BC-r83e`vGMbsET7e_QfhT_C_$;-SrtHq6j zKXV@Zz;)fvy_e&7VM^<0qfctQdRRlRGt%|2Rq%kuR?R!gUDd$v!gX&= zLA0@qvpha>VsnIih4G=$C&KAe_`M7|Rzr`7M~e=|oa9~#xz`?L$}49*3w`vgo{6BJ z?Q=^#on3{Ul-`+7pKeY;X8;CbSN=gUBzoLycVr~Ylt>|eMLXvU24Ja%Z>ssOc{J@m zsQgxh>s4I)>wDkY+>B1HX8mZAm^%*bjUI#cvj0hFANecRmrg5)?&F+e>BSW5bu>Tq z*@vjRfiL~=)&p-n_FC|YzSY1hIHv%oYg=5}Np_A7o!Gn;I;8cB+5asw-ztAyzMt%p zba^>)seI5;aJhiB?D-QNyoYbGvHXHFqhI1)!pITh z0tfg|d#LT+Q}#*5);K4s`Q;yii!N}Lgr6jD)+YWv@3M#Fo~M5Njq5MJ^x=PKXN?kT z&~Lo?>knT4O4WArTe2pdzlIv;&iLukcH*TDp7{*#zOwKu*T2%g!#vl7PE0=+ai1&4 zhS@&TFt<9<>v-4SX97Pm{cgu;rVsg+_T6~!OOG30>ecr}t9bYF_uqg0D^EXa`lUAb z#y8L2c>S9lF8o<=G``QYCEqgL7Bt?9KUsd=C7g$p-PTs@SQ?J9N#@-E*D~)m2##Il zJI;=39nIw*SbO~|XMbljo~TU}p6bAfa-wg3t z$@^*_I?c5(|I@RceFzpZFQdKPZzY#-759#^Pk`DQVDGXkog&yz{v`XPk&`!T-%akX zD0TsBu&l2Y2Ts+@`QdSE?22ONBO`XsYZBi}y}Z3-r4m_*qkAs# za%^?FYz?xru^OLSvYgz`nWN}&t%X5HM?XT$FWs5CocSC46_cY!ziCa>LvzUc&(hqa z^TaHCl$SpL6Kv8v41Kepb@Y?7*z3(XG%yy6sBjvy=DwkY%j_aQCTVor(04 zY!Wcs3k+KG(+O>qqc{wY%^}bID{v>fAbbuTb@BO_#b-@{*$-iMwe~{@W$lL$|Ee== z>;U$-8X6>*6K|V6%rA|e62)$`Z*s)&GiZ?VQ3}Yv0=3#2Wo_tw;ZPiT`j3D!`5AA0K6|^Gkk-oJ#~*U%owd$T^Rvb9eNpVl zSMlG(Pw=^5?W<>grV={WKx6FGApON}0EgGICi7}&y>CwRnm}aUIV)$(T}OOJE_yf@ z?)Bg{19#YiyCk;O2e-w;I`FX0;DPm_;9(PZc&G8->1$^l<3{$|w3c!`W8c8oHAk!Y zLapJ-j61VtTk`%bZ`=cn^(f=i{s$W85#Bjki{HRL_44hFzXRT%qUJ3HPLklLhH-2D zu!gaBLo>UF=>cdqP)nTw<2N=RTxx#De%G4RD+N2aH29`p;ag)EA#d?2dDVP)5q~TY zUg%5v9S*`DD}4N6{R_oP;*U87KW?mO@B?26H%%UHrotD(mmfbaKe@VaDY)_TgK(tv zF2aS`C&KbVwAAGV_SC)?oN(sya4w8Z;9{Z00dk^!M&w@v(=ZmsWc$V%cj!Hg`#02? zSiNn=edc=`_l$Qj?ie=gn!byooD;q0VFE!<$+Au#f%c`<7$pfcF4A{V-$S&R80NJqb@IiNO;1!*%97E9?;ZO}cIu zaO=Hoz>uq}@bkUgiq<_kvA+{dh;RDgQOy-=UO|2B0KNn4my%%bpx)C8+boVdk;P@m zB7Vv6g}~ox{AbM}hGN&y)_GiO3_F)48A}a*ZmZ%!d@#Y>1kAEQ5%2ug&yv5zw?AZj z`y9I?`?8((tLsQ#I!Zk zv(-`C3ci<^{ikL{Q}`n$J^`*q=+Pt{HgYO)%*35@{C(dAKYfvB8?eQCH_n>>7Os65 zeX$2B?Dp_F{Y@ z)qRK`_Y>b#&##Q8#_McTcW;0B4|jq04?)8M+6mH5w-4{l;Ju!9>ha+e(<+{oZ>4zy zoeM30^vA6}-uW>2m9I4u9G?r0m1jQl15uZMSflCrET5szIP&|cbUmQ!Z(DqP#luGz zK9}%d|5<#jr?$tBkE!H#t0SjHYk+qtF&%t#!aqBF<1oG<&v%mVdWh@t5%-e+ zUWqSnawv>Zxv70z|N5UXwhG23+FF0AT0cAnOtD$gRlDcuu?J`q#H6^{PHSMW6%huTgAtLFvCPd6d|<<4ouuh?gFi#a29 z0s016h(oJSQU@%$xqf(t9?FF&2bN;Jg{=jWUp(ETQDQuFo`~*b-G!|KddVAyrPplY zMgM+@f;)vDp!z6{!#{?!oG}IiKQIzA4)4RZWSwb_ekX3o=}0~<7jc1t-AHXR>$`JoSK%$fX9 z0$({vT%dh2vfEib;GG3n1b@WA&GIvy%T#-*cl(#S@9SN) z;pTfouFan1+U$$5(Pfj5e?NggIaT>I^r>=1;tj<{9XD!Dh4U8gf6MGs67=D9D)yuq zdm^^WzJil5xsFc@fP(0y1s_%ot&ZYosDm8w!CI>qWg`&D4$y2n}Jg{`wrUnw|PMg~I;~!h{ z=vkf({3Y??wDY4W;#%ceRWDav(D>5d!Q(4h%{^fb2;MV$= zkLJMr$8!WXxPbqZqq%U5Hi7F<`B~7$hYP_)o!kS{bJ|SMru2(!PFlz1k^3R`6_jlr zOYVa{oo)4*{I=Qf#V+H!S^T1p#B2Us$HyPV<{}S?ikzI%7~_}Dd-Nn@ zxBAYk-zGQa*YC1N((i)tDb1+>vzwcV49|oXWuHV3k<)nYzPC23E~gMZgnxYK8Dh+5 z&?)36E>V74ddT?ZvRV9o;J2FdabgkjJx=2X+}f&^JhsY5M~&luon#z34<*;X*hxI% zpP&37G}uC}AQE)v8GviD&c}9bW%k@;t=E^%H55M_>vr=+>*ta$>dwv=h48<_WsILV zpK*0NoEf6+AaGG67vczSPhA%i*_G{Iz>Jv13+r39_H6 z2&VNSK@T>}&8=w6{;`gQgR!o+5}RorwVhh?4e-lVE0@ka{Cj9aZul1J(l|?0b)+v2 zk^5yIooE~N`irQQ7e6ZxR7n5h`O|s9nn#nLF@($nutV-S8lhOnwc_&`(b!hz$KZ>t zh0bM(%i#}lHsvN}#@;N@+UzAyPI-*lk5j&Fa_42-GjTUMMfWT5HOh(kw0A*m2XzL-TF;XjR6c@nFm{5UdrUlbXBsmZ5ve0bj~yD;Gc(dtk(-v6k) zHt2x*N zwncuQbltXb&ZW=edj{nTss9@8p&RRXCo<959mn1!YNbaf5C zfj(RKW9-8JCjY&4TyNv=GBdxm+X08l1NYZPhWo$9b?^*cUN3LGAlfXvq~J&9Ok}5b zodhoyX67!y>DlyX$u?_0OZiuqP=jjyr`gO^`s?lFJ4pA3>YRB6@Kg|f%C%zkF5( zKZ)^<8+%WJ&%xEz9(kO}J-G4rSI1sBPS=N`@|&#Bl-thx zX-9j0Ilh0ky(6aHGIRc_^%t+$K)i-cS3V#hoqFKnsNyN|bg!4=4;r5tx`ET-{fx1i zF_IJ7vz;*-ns$^%>$oRbSNvw4=i1w^p4e>rsGyI<{(8eZ|7vs}T_@=yo~IA4_4)c3 zM;}$0aU3e&amwgEoH8>GzrNbWI1J2XWrkK7hyAVbyg(n-(7Kx3RyDY<;d^~YI9kv5 z269|G$(vQdYucwn_mfl5L4PA3h31tI}ykG`)sDq

    ~yaBk$Q4Ef^scj+sB zhJ(IEzfE(78$YRbJ`#PIcA&||@~%tFm~30+&;c2`M0IeYUm0|;d?^}^m+Y!-?r))O zH$HM=oB6J}CC0f?Iliy)+wfA*_4_4LiU~dmuS&0oN59Pep0~qWmY+^mZ~gEa*?zp< z{{-*9mwM}!CLek7dgXn@NEO(pLjF{rT*Yr&M{Mhq4=mwKBKD|H;ma&0Ht$83H1gTZ zJO77!9R=LuS{-&tzR?;!7i0J2JMDEGQxpC2E$AioQPOiuu*r4UXVV^^oc~~Irx&B| zcG6w}I2Zo>`pCw^!owW!U}Il@yvICimVUP5kdG!FS%SYSJ(vK-TJ-7$^pVcqU>~L9 z75q(S&wQQH@eI7!$)9|@Ds)H^zI1CG+_jarF_siODcxMhK1zaD?ZtnPQxjMOAEGM- z^GGrS^H0XmFYgKd34cEPS6KLIBMm>_PX_;w-wpgmzn`7X2M54m5P1&4D-OI;2`^ND zPh_{JoIkryllI^>v~F?r`8SXy$&Agr@ACT2)$cn^{yD?nW!TNUeFE21`fD|PhRpsR zi|JE5_WpnIk?_O#is6NY)E-r`mTnGwz?vpAwjk@iG&aS~W(=MVHTfB0D(3c|sB{9y zK92vTGod;|)onWrjzUBCfg{z}sUE7Hd_*s~fDz=jm9?xo*H-z4dd_^s&Fg=1gV8hYAmVl2(rtEbm0KUN&IbE1vd6X_xKExTB#nkc^8{zXUOsoW_vc&UfK zUAz=#;l-tE1+mxvdVJqn><}@f@=`VQo8p@4F{s1Xr8*33tf^;=(6{0k^*c!IP+Grw zxc-5K1seQszPonqlxP*SlTEIMw$*&socxp11-EjZMX~Sl>?8b%&VC);oyh3BJI2s= zB}RTT@~|(!z7g2&rOJn3Z4Gvc>D^+wyt2{H?n4qZ@%Q7oK(> zJn^yMG4q)jeIox}a%JQaSk}N#T1WN*@GOH*RQs1gro+Hy)|<>k-}8>KJK*U;#vxlH z+6eEmJw|50XCdv$zT6A{wwiWBLlMr9Kfw21_GZx8#@ku1C_T_cf2#jB`2)uMOUA7F z?f^PUw$0$h(_c0hy@+STlj5~V4tB7|9>-njuHd? zPvGZ)cY&Xv4?o9|2S2|U{9v=+mxG(!{R$VFTI5Z=j8pIptwe@J1qd z*W=XVo0>(--_*$%{?@$5e0YO(?dI&+IJ&NnSob0HPle-fMt88Mh%>sI9Mxh4W16e( zBA-ylnUpEoU&{NM_d^dG-b5ehEMw!7HF9kl@ndV`yyzPGSc@!I!oLamH{x6LtoYW( zd#V$;WvTJmE;Bxpr(@KQZKrB@WVb7mUalMd&f-Zg2X6WB-@vocD~1IHh+_6 ztZZ)@gD#Jz7t!N(JReR48=cMouhKjg>V zPv3)M^~ajJ-2DJX;E9nD)=4O*!di*x%y)M-o*nJudLJ=LANQss=T{wXczJKAVCVp6 zFik6D{q7>s4SFnaSbyW@8H4bX^o-U27T1bHo?64%0q7cim!3#MPt`@ZHB_P4a^aO+ zQIcnrkDR)zd5dze%11Wfmvx|HRBQD#&zbocJ&WGbvpP>xIibWw@Hf1z@jQ%fGc_w0 z@f@vT-DXXWLzM;<6^jf3}`wHJPUbV&|vrH>vN3*ROmlZnU0!>YlN z&i3osBIM^@{0^O6dmG~v-p&M%?0YekA`dG+V-Q)J#&g{~r}e@8*!Hd1VYf!D*yQbW zmSrhA`%&zc^1w@Z9@?}m#cpq9UUVyX67Na}i(mYHl;q0N%f*!|Gba9zoF83`OfEqt z{rCLevus?)`O%+OfLH9V<{b|m$*;eXhqLA6aSxAHpC8QeN3E@s4>BJ+)b7;+EG2G| zFO}J;P7-`Kt*DqQe?#LpWAglb z*H#t8?gf60<6r#asL|S-vt!@2W2lMD%dOv7nL~egb#=E#Ps;-u%au;3XD@RTs%u!o z87Z>i6~xA}+eM6pI)*(7^4M2t95*!XF?ILQSMP?UE6qFXIRU;@pZo~)*ZO4ng4Pf0 zfLGl4i7!7s?W=EZmLJ&c>Eo^Nh8W^Me>RcX%mQPqZreXB_ z4wsM5OY?Eszx3{RgR^?45dSGSw4|$f3%PdozzOzrvjQdi<^+@>WaU=yvFdPTUkk-X*75xbynentruY~IflIWW46UzO6EsWpw^W5=-7*EKI$6K?T zmKB}P9*q5z`X+t$@Tq>R4wbC*|2iY@FZ*<+m3KG4kgghb)i4bK49*78rhPgdd5)dbZui85;1O z^!zmFDLucKw(_-+iwAt9jq=%Is=H1hSM09g z)3tp5TM2aa*Hf~N>jAB0OyP%U-@GRDk!TU-?-bc2?0B77pIzatjW1wLhii8~--6sg zOSc9L8;yRJkJN{cW$YGs)U%Q;#Y`>G#rQ$eJ@TvYb9(V(T>ANHJ3Kp8WMvOKHP(LC zB{}v=cGBj@lt+d#A9F0zxIMC_YK^#avs4WHFtGTAVjN<4neA#&){jBOK@ws`| z#LG^gtscHlviFZ-*6HwICp>8DNfnD|eqZ>KZYl!*veAk`8?a9)PdBl*)TUzSSnULQ zR`ACfho0H2A1kA_Li3pJnV;dToP--U1Y?g;k0=~&S6w3Ur{?P);d@$FdH8zjSDvl{ zUr+jUmH5EQe+h8;_Y2{?^UW#jZZA0k|6Ja*D0z8&Gv(+FeQf>+oF%;e+I{_v<-gB1 z=ci}KbDE1+Os9E@`;jZf{}xTo23bB6J=3Wv^v@B77<@VaU}RnMWh5!VM$OdpJW zvCY*@f~Oe1Qa(WamO{^J^d@zWJ>uWcgpl@!q8{Dkqc+<57S%HK!#jMM8b|yX!}r9P zrlv{tLW%+1+Lxl3d|%m!Bb=pI%2@EVhN`g@Gm8T~MH7m8`sgF&>%-=}dTC!{SAC{i zyHOOo+O+NN=c;uDhiOYW9<8r8^h?K$g|X8OAGviOZ}XnZXQ9|6!)FDtVXv)HKab_u z_cBX+pM7uf@toy1*WP64FWRSSoZ zpu^M(U5)IIRI;z(@3h|X%a2RGK7l(B%a|>~! z_J4H!PB;IyaRcYEgM(6V&;(uLwCRTl+n5a_GI(=7I^#wvx=_{m%Kkh^yG!Y>oxVCp+F#n<(YobU z^!v%$OV+~wH=zq})?B%}k4Zl=5(eL@Yf9VU*BjBHz>x%hdM5=AjqOI47lB9V>#3pR-%oN+c3fx41@!KuK=j9Y*Yr~` zv=1DbyaH`4zWJ@qPLTCe-aB2qqqZ#^)bj4p8cO*^(oL3j{m|}Gk9Lg#uTT8pUA!+l z;m7+s{m!Mc)=DDxW>4;isO1y?s2+=TpV0}xV9$Ra_bhW2K3L7#T4Yyi&Eu7vuQOBj ztI(B^9GFbLljm9mFFg9iz7w0DJ?qMs2RQ#>us#qiS-JelXE+1mC}X;+{FyDBZ5`u$ zvnM-&p&hzB20XX;_6V<_rsi0Rvo3hIzuSM-Md1)@s)^OuXYtjM8->RL#(*Cit<)Ih zBQeIM^xaC|eYBB#mIZO%t&Oy=nADHgT)as~v^$R3^LZKP*zEQ2R!Co3cc7eza(T*= zJoOB?^LVyR1tt{ujY;&nS)-56=)Da1jQ`@!|Es1> z`^xm8Z;pkX2O^>4Kal>}kNr(yBP0t!e6oQGbP{72!MB!AHdtKLa|C~I)+xn31!2Zi zBK){^`+4?1xh7C-*3mLCeaX;ek>T+HyWXW3`-We}wP9)>hV&g7kbh7baE7LO=Nrdq zTm30sF}^3TNIxp~v>#oypcuabUk!g_xNi(!tbEQDr6z=fJ_1u8>oO}z{ z=PWYk4&09&Sq?PXGji8^PE{7;>_yy zJZDzR2QlyZ&a6&f!-tZtLw+_@I;BIZ2VS$QX^Z;r1a|FzF@j!{Zy;FC=2^zSC&k>w z5^|)H89&ZH2+os&oAO@-A0dv6Yo4f6JcO^Mcl4}aFl&$b zZfxL(8~2PjMMH!5fFtC8YWN(04hiUxbP7#P$pKiJAJ! z$T`tD*6*tE#tkjR*VCxivh{fsL(OLMzJWmV+zt+^g7O$-n=-EL#YDzWyKC`e&^9#Q!$>oaF4# zQS>Q0Cwc(8>4#sjRX+Os)qewhcGAXsq0b)i|H!Q+tsl~y zpk(NA@`qi%GX(Li@}426JYTcpn0>^<)DA6k!sLU=r@)UNT8GZYR#Z5_HnRp5o1wg# z<^w~rk-V$9GU*gsi(zONv^pge`z1A3J^YQOFMj`vY<|=n=(BnBg`3aM%zygFt2~*; zJex5qM}V9X-?_R(Hg7yItL~^287W4WXw1xI6305mUKL`ml#}R3@B3p}jeUpJ7v7ju zpEuT6_T?GNSozVNCf}bKkNm#g?SXlspB_ZAT;#(8<5o>6O}Bv$RGkEd5Gd$N@{S^VEyc3=x}Zu;Cs z-Pd)^iB~J`A`e;5T1{xU$wA*?Q(r8nUFIz2+4%RsiltB1(_X5qdrJdnI96eAN%R9}UOik+Eoa{unge z=#zbgh?brQO+8k2KHui=r4y@(7c|eS^Fp4+&O6xoDxJ%xd;~Ftd{X5^r5kQV{`!#( z!V!x=mHJgFM==mPXAwm~t9i7T){$I z^6TGI`R&&q|6k}?@y5A1awDB8xUJqgnNHp7on`BX+vwyxde8sNSbTrS7G{yri6f8B>kR%a(tC^e*|gX&?OShan&Tdhl5O)xOn5@4&mIW8m<+yleHvY%`yg zsjpBil44rrMCy?@#oaoePd3$_|Fxg-uW8c$a^=#ObBWb15zp#OX{~QrN-n~2Lc|Zj z9@Z~ztar|do@R5FUQLC4UvaYfk`JrC&hvaTc?~HG2<(kf| z=tr(HIy@X}6%4d17-o@2?x+2y>3=DII%jT%Vl!lvTGh6GF&g^fklJ03J1OL`p~)L@`$+kK!Y86f`hKkw#WgRu`7esXirlk)MC=kM8h?5R1tr8wHoV=p)T$XdDn!m%1} zf2=w30WMlHwW8&x2n%YgFfeA>%bpNe?>tMdn3%mT}gbJ^O17dt6UgXr`4wb->Ah*@vK=G_c$)WXyC$nun`c>|NG=4n3QC~~E~E1mJ? z{I?@D&hUg4tLDDO7)G24tD2ze%s{BE7F*a&{-Tn7hG+3Pgzdc&7`6UPXVD2h`2dRj zh3ntm0IqZ<*hyee|3_+E7>2ONuL08nV7ZmE;I82;xLW$U5BU{duHo}4`kTq$e(<8Y zV^d!L#QI>+4Od{1+&Bz7vFx%9u4`4rKAHghUR(ck&#AA~n7{jcVE?P302=zoXg z1^PFRW1S2+j3Byu<;mz@3jNQ3{^;PN=vhnu+0+sE>E9kG%A!B@PloXM4~zfMA?B>O zF?e7U&EJ71Mm^8ms(9lO>aXqzBNAB}J#UoqIz2ewrbFCz{hR;!cf)8%R@{hip z?KAlG`u)EBI^;9u=EsyrR9>tXU86i%6S?&cof(H-zy=LHhdd7;^FZPFMg)7w z{`fsQYmsv*dj_c8lWYb}J)~m42xrF?d-I~M-)nM_ysviULn;?5pHaD2*S2}jftNai z11I)3?_%t?pJeR&J)5R_P}P=JGM-iFcj)qx=CdOB52n_Zd*)NdkAK$xJ!tZY8UI)H zW~#Z@TAFrz5!G5VmQ6wSrBQvUzZSaz8zua0)Nu%(%5)nDf|K+t7_Y*V=|mZGUj64FAj2 zIl#+qO^55ptkl@?OSIOi)^Ub@1ikF|sE-=1r!UPfh=0UK?z~v`d0zJUQ8o7-J{)gf zyZ7C#eI?ym?|tvbyr^6d-vtT+(~_$)ggkl z!-MrdJ^8Twu6(zDKObASt~2N2+B2KI0H6K>dozVyoF%j`)h|lZ_3_M~Qu~`-9}m2n z3Xl)AC7oR0t9{SKt6;m^gYA_Ze^mPyy8A0<9_`wl!}!}% z(R=>&5Y>$50C?4U4tLGids_!l*GN2qt?;jd5M9KN{xQL$n*>wHTW9)CYahnt(CJbS z7hOJF`1R9Hqt7$=u=G-#T)>_qN$T1x-EM+ziHTo+JV32Wxz;trOHNKVaARpF84&OJ z$7b8D%H@ZRWhZS{c35;CdC`>@)%aQd%hk75KA_j`T4IeR=>llJ*a@_04n}*7ki)rA z`bXCS1)1?q0WP0xr`K_uOty7Sp<=5nIkR%_@qd_h%RQa3So@d`e&oIB494E&jXg0Q z8coFZj6q+Q-!t=nvd^;BX}0YM*9AuR(dG6*eatSqk2pMbNq}*b$4`ltdE+o+;J3zeoO%eq zZW7)H4xQK>vvP%g$midc}uVY@^jLWDSUV3`fS_eBKB0Uhu1N1qqgGR{y9|Y zYiUn8eUs*r^1x(S@diz4_xuHIt(5xJ?1zr4`QFK6_X zbWMmouiBaa{J3lqV>5mt^w7B-CeLc}9jv7$w>T4hbeOzBf7jYA3yf|mGPlVJt45LKm5Rd9|OU6YkO8w59C*ZLZNi^Qc2H=-V{G-RnxZxvh%*&^?-uy&c<` zwI&{TM$n&+kgJd$DMrtgU_*;fao4~%6YHohUgy^f9>x1kpz>#B_`h1)to=2W(^vx> z`_PG{>Vq??TztCvw~0LwJKzz!rynwTNpqPimyM3jyK?s`m~Z*n)7$X=uJW$)q7{s* z96kxqj$b|&(@v0f`gg{s``27(dLA^OT$Q&MlLv?TyPtN1k1+idmeDVCc?9|v zQ@32q`9CY5ODS{-d32F~_#^5yrnARsG2<-`jE{x`yc>p>g#+#@9#&0>g<0pF1{`-^ zsBUa9`Qf1zd{#S-S%+A{Iz%T>V&GE^bT7F=zfHOynziz0YnImYUADKuM@!jW(R0g> zGxGgaA5ASi-TBMRdg%oF69w?itQ|Fe2{a8sQ_)THv6hbVkNt2NyA+u)=DKLXDBSvG zd_H&+ti9wY3?IS==KLRU#6DF$MlZn^%12M5o;J+&HOOQby)Yep@-*w#M5iL?Rdixx zx9BzB3AMG72k3-u{=KPk=~k;c8{@aQX9oGlGAb_jc*N#|h1(h*ZXfmG)-Nw5XJzMS zjK7B+^5a0dRC^Hw7(;=_bAEqEc1N(Qek6o05YHL^1=!DL3|TR)r(Z_V$h&U!x8zK| zWfi%`5Pgc@r)#e^@MrS+?5jmyf6py>`2BSHRQsZ*^1Ob1C|_1%lpe07{clMp%cn)} zwi;hF9BY&hihh;uT*G*5f6vn2a{810lpi!+HA?| zPVAF%h(#-x&s_(fQjf4{9lYAac$yhkJAK%3w9~F^r10m~{)c0~rtRD@l)hE4(+_jN zk&lQyN9V|1<$-^r_Rsgj@A_rZ{o&ZtrjKAOLT=t+4;8^S7F;e}!?7pLJHA|nN52;6 zR*$c)J(~^h+WZ@^nOqg}QOGlg$vLb5_tJ&k_|(rh>=DPGayHw&{U~ak!XedMXrK8eqaURgjZS2Ivd!OTo?Es{K9QBFt;n+ESn?bgadi^% zywS!lCzI!o=F;8MJHmGmK9nBRp1c+JAM)mg~sAnjUw2nUlr96aNV z+uDPbCjXEbZ^1OJ`C;!y#CbEY=!H(>wB2i!QHJ#?@sn+h090r<5#%-^oY_(aZF5HD`&Pkfts|GdUWQM47=Cz^wNaKQ zH6C{?p`nEMkmrK%qV#$`9yDkFpo6VF(fl3q`_k8`C6Qgxem_}s=yr3IejEvg+2HLV zYC{fFi_in?CJsRFh+m24@NGgp<@~AMQaR%e^hnDW-`=d60@0xWnk3*4!LM~KI+sX! zz#{mh6&~74I}2&Imp;Vn0Z+fk2NAr6M?BbUF5+DHMBl6Uoa=p;o|*1_znsqt`SZ)g zCp=!dBS#+;%u>BPd2!%tV9w!rXyEFp4F4-0HG7f(dp)=jy$?E~L-)vEY7P!~ZgCc9}>1?8n`C#JWQAZuB8O3uCiH3$0jh zn${~Gy=EHv6vp1qXT?CY^$z?@&b($HvfdQXW& zLttL~W>?1jFv^EaG*r!#e`?l^-3(4{BCcBijcUjlRXW4}MchR0a`zEvI~%z>2e~^J zxodF74K)!1n=`~O;+@O!6RzdG%lxz*AA9K9w>C$@(Dowi2KbSl`9GgS2iyQJEP@tX zznk$UnHQgr45SvQZEPWU);8o~GxN_u!o?S&v&Vfm#*XxiUn( zNHO&)m8$j1$g}+Bb@=@QH*k)!;|zC$Gua{4{{QhO%E<*{nzxJtk69yk89a13xVRSG zNB|jAb3jxFZRc*&l9`}U@|-x44Sz%;~#o5_2Zt5Og-SyE!Q7B zV)D6}dfyGoT@ddm2a-b8BuD+o&j9!y1n=^pU0!k5=zir6`hW&nGpby4?<5!Rk_C;W z9NdNR4I1ECty^hFe|O`9YX52NL$iRj&74I=KBRD{_`7Sj=xmpVy!|)^kn0iTAx^EC z* zp$_o@G0y9%L!(`d$JHAF_pHl{EWT|`jr3b6_P2VT_w@bKe9zTyxA|zX6_}*ojsZzZQy2bzCiO_&Ti3Pwo?7~)hfr~?B0u?Q3rmfb6w*} z(*GK#psf%7=?8xGFZ`CC1+#9)RaplIR|6VWeD2Tp#Dz+DS?5fjVHpm_0^pDZ3?FSb5 z2_^8U#;L!fjFsZs-L(OCtRL~lsxhj@@F-*MamKX`0rRVj`8CGe9vDAV0Dr1Z=_oR% zeWdKz6V%+fXLwCO=Euj*2M7J|wy80~M!g0eUPV8=%6qRZ;=RBr`16U4ePkLh;z)dH(@m*v8?hB$FT+{gd z`sX{(!#_pP0GmF44E>`TGQWQ)eQwvvq6aqx@jn!MH&WXlC}h3^+-NL|$-OKg2UB;Q z_RIfh^fu1W=^_v1{=P73_3ABLZzRr>@8{1^$^VlNt{m*}u;+h*SM8If`CF~6T*GHG zeYp99aIB6zPl{*Kwbh;-)$`^V_)K;1V?CGU8!!&R^q;=I6I@fgVB_wOBL{XI5yr2+ zk)O75^2PqPLh@~7xHxOdg0hy+EV=G;?m2pdHBo9Y2a&= zTfP|&J|||c_c~(Y`AqyPoT)}9gdc4DcJNn(U$3zT(Sy?U_1GP)3z!9+TJXVp`O}>8 zGsL`^{enYguEZf7yU< zJuMsKfp;Q2%s2-Qdh+3o)4yI=XK(o9E9(!h#|QG)zxc<$RP%w1Gcn1wvG_Td6E7$?qgb+aob!avL)=PDxav;CFY=>rU|Q=4svi3`EZk z<#(kIc)t|;q*!^Y<2>QY+xgLbp1h%-cAK28iM_%@=lU+d_L*bLiTJXGP$=d|Dh zJg+IOTl_JU*)U9CMflE|Qir;|3;fY&Dc%v@P) zh9072EA(*36pHvfFXTEFV1-}k*bLWMz_Zhy|8jr%*M82Qu z<9+e`IUfCT{ZUi@2!3<(2kX&a{`omQXYvE!Rr5}j)ZbO0C!4{8*3N{O`_$Pq^8F2b zUe56MjN8hf;3)Rsu;Mc-5TlTOiI|H|J7h_Qtu z&2?!nNbMD>^COCYyO_RqI>p3sB}0$F2jk$MTd{2^=`zXhxz2DgaUyG_hE}M4`3!t7 zo;SQgUAkh8O8BtL^Hr1B`}yJzY|oK1=$rP-i5rxM_$a=l*1lNYP|W*2;5N1pe$Sf2 z;5k1Z5m%e}67iAbbZwfC3S$ST8RsMy*To9Sln65z|X$;RH2O4Yj zuJv0|j6*s5;E9$E%DpSs9%md$_+Bx(_($VN!t3%om7l8da`X|8t_5k@+In31eB>r{1o&4EzWLEolAzjmh&J6(he_i!`uKn@llNqb> z*w~sURNE$awH8bHV%0e%y2*Dzzh4m7Qfu*q@So_8nEiGQAM<=We(^T=eDR8DbCs8_ z#xGNjIZN(5K2Gv}zWlVC->`d^xj9XvuaWT&`N!+UhF9Bh;+q}xjcEb+tAJ)k4NRN)Hr*-$ymh`Q+cO?ck09N0nbkZKhu5BFOprB z9;#{FW7fCw%tbBU>chhc5z*=h!u)o_*Idiq-w^yVpE@=RJ3i;$-}M+m@d3zY`}{lMfbK z$8ZSwvHA#my+^#4Vy`{Jd+Y%})_yj#CrKY=;&s*js0JwI%Rvu&r?lLJPlxIXx$(RG|fB72xBYTu%~i}Z!^KHA?Rz5sZDNpVpx zdN0NK6r%gXwAaGfbS=Q3c-r{VJd3|D%HLRmUYgE0m!X$LU(HRrd*23P-#8>+r!e** z?wdLp#xsubj9`QBg`bN9MU1I<=;~efZW+Y>U&HUC!Evk;*sx(Hx?6Lxu6}j%46mw2 z4mgw-H2M`>O1~zVcTp^9eIfbCeKRBIOL7W~S$gr{?=pH(GBh8(I6|D>ZS>-J^kUnV zioiId7i-XqLC(EO>qTsV==6fuzw#`?qx6i~S05N6=-@0~v$au--_2d*?*HcIls`_Q_xoQ=E!b*mC4d`uJ5Hi%iX#66yp_t%T70<$1E?k zVt<$7CyUSJ$1P3UU;GMcHAdsW(`&S2bdiS}YEYvVr-FYhxGST9W9Pgva^qTHl+SuE z@*-R+r__SqdIULL%DrNEbw4_Ry%&3~V!c`d{*$bx&?AlVmC-Nl8w1BW{y6eP`CB8q zbuL4SxJhdOh%?NYDI@qV0r+3*0tYL}Wf?wKjaPB(l52?N(I;{6qS#t7aXWqjxH0Qu zTwce|fR;y)H@g>K2ppN;$jD%&@a(Q-lKQbJ@23%8|BUwdNShSEN^Q?iPM;1_@!u@tn?|u+E&JW5b z2{T_w{u4XeiH|BDQZy6264(#sMZhsXOEb7$kY=tGS8Va9wf<6S?- zcq_@<)xnc?y!|)B$LJvcc$;&_OTV^{{+k)^W$!%Rb&Pi%;~ikUgWh=8dgHx!)OZVH zzxsFS26wy`zrw4=E*w2AUx}QW|DMHdAN+Xb4Cm4$dMib&PTX+F?mvGEcutTrkenqO z6;lRc`{^q&6`sL{h?m3Q>gjUkR}H_G4w0X{QT$t2hCYX1i{RJ8@Tu^&H*}TR6H)xz z{SnQrhlgtToCTjMRxV^6{MCFPM9*}xelG#f0y{OfZhc!3vKePwreF2p(K0;887^gf zVXxoAw7U=5DhAu@uvhbkZ}}6Vr|Z{l^E8OXRi_{kI(+*W76nJl+W1Idjc@o-(%rdd0XN47u11RcyAS)((R2CqAlPKKVvumZY8@{!UGl;&vJb~ z_f;Dq9te2)BZV*5i(e)CagE@-2{`eYOiTrCtFYZ6@Yn?3+4T|lHm%O9InW@?wf36i+ATy76%mKB>jWQ2zeov^m0W#a#aOa@*>w2X1@~ z#<%O4$as?{e}?fXSKMS`QFqOcWO6d&LLM&F9G7U&gg#VE+k{T^kBfZCC9-Eto?dL0 zUgY;Zs=EQ6#@@g@KTKwio_gd8e(tB;ec-)|G2-u>RQAMwzg_UwX8XS0tpm>o^5FSt z@GRNiZ}>GF`*a>$yL!#c>2S{Q`OyoCrAI<(T_M^oE1oAY@+}$%Mt>t)Z>8v|(-StNkO&f3~ebSCuD5%vyvw z@sS%9J9Xl(?uEAZQ;+jgcvbpd@+O!H_#8I44aY|K{G<2%Ek1w8pYW=jvEu282Y9C_ zGW^XGnR=3)X1+Un{YR=LFs~k5!neNty;LjaP$r`_;Mw~iswP-CP@c}8pRS=UCDr20 ztD29lIRlvrx@**B-?o#>D2K)~RBOT*2fbR8t?;iK4;02E8@i|84mgmmQU9{rZk{3M ztmT%fd0p^m9KBmc+l929;Qg7jJwok>+IHt$+_rU3zfyJJ zvHF6^oDW4!32XGKS-*=9zpI{F%_Ur8e&Uc_(}Z7rNw0KU$M`5Z(&+6ZzpMEzdj5;* zSiC--^7T=rb&|U#o3&odbG~lYR_nd4@n$_)Gky5iteO7f4R%aeSNH_kF8!G3C=<*a^e9^HrL-o_e7S@!xq zLl3U~g|Cml60U;o`o40FQ1e=ii_YV|TrLt#neG_F2T9IQ;7h=0Cq~_UY0`8T(Lx zPOZJ#IX1{VP@UO3;JoORFDyA;7cBi*g8lAIUqN@?!Ce2_(bwycP3O)F zqg&Cd{^z-V$obSqqv*=4cFgrV$GE<6jO&k%zTT*QZz~{X_)=E;T;Ju~F*jNT{{8Tn z=jRmWdw!$yu`#aSHpcb)@?JmWu&18rp40CkXU-VcFD}df{I1gc*MB+2_2SX(X#9_E ze0%c}bf|bod-}=#p|1~>pLJSv&z&AGdGxjZ#h=*sQ2s?$y(<2Zf4Dh}L+jgD}RjKPC9$0PZ`KijC9o5ZKICjE-&bKz{?<`-VyNzbNQdwPVL z2Y)?{?SDW0qYn>NH%`gwe=6{P<_mSl|C6{n5@b#lpUuGH&HV~D%fQW4_7kwU>4a}O zBjwTliIK;Jrz+{uZ_JH;4Ltq&?_{?f)d(8+w*Yq&Ix5ce&s3Ma=r@dSb`zu8u-iPVws~Lj&RR^VGQ*IDI;539$VNxGX)_ z=kU|UNs-}=%pWuor#blGW8p{h;#yzuZt(LL;OF8`F<0aBog*HOv`^>h1(D(3Z|6*= zg42hpSTFqh3Ma}U-r>V}@VApb-=0{Su4NRwyYQ z?>phAnz>p(ejd;1^M_ua?-oC~{b}x7_3aur^uOERSDg6xpBTI4yL1eJt?uypweiDP z=YO88KjNuT{e321e>KkC@()^a`b^bC?zZ(I7M~@C{@MFePb=1%i;$^XB^P(M=0!6# zL{=A8ME5SEmYiob@01Ew-5p#}{sqm?xj6A^7KmNbc<|u*yF76H(xbCzt$!B2y!e=q z#{Zry{NuNLARj)!MI@)s_k@41Kkz@Qzc;A68AWgJjKqqZK2sHuJ?{$t=B#%Q|1F#g zKL-A5g@2wk_-~2q0sl{)6#pJvC-%B>XL(U@y(j#imB#;Y7XI<~zMl^t;6I+z=X=7x z*B|&F)t~C;M&W;wn=k3k=~J~Y?+X9SOQ!jsxudc0Ke813^Q^&t4Rd=d%8#EE{~lc5 z%mY_0{_$B~cjladFaG7n<=c13x802|iLKUe$;Yu^*sND6`6uVb-v^6c{N@{#JKGD` zL$ktpvG-5p;(rSseno09~Un`n{N zwzf?|K!dTd)|n|5Gzo-jw0gjn4zx`IM&VdnYq5pemH-tMIvtUjX{S!db8?4x!}j+d zQbGQo?|$Dmd2=}7)^`5?-}6kK=VZT^z4yEJ+H0-7_S$Q&-Dhvn{u}v>M>|73;mc2~ zuesK)Cwh&wEqQoo$BWN|=WN{a>{sip(G{ykTXU~J@7r@e82z-lpN3E4;+JdYyz%oU zb6<{*xA>N|b3SN#(%f6MWEZKK24`(8mc3sIHBH%5>UMIVqiGBP-dwqR@ zAOAr1yVO=+ZSt00VdtGs-nQE<_GFU3j<#Sk>i8q}=XbGPIc4$h8nt-&hB+I5W5Z?P zn>+eOgits#7Cs(~}bl+F4WdnbWK zcEu=g#ehk18zpxe&|y_?3GzpMrS>kMug075gYELH*O>CyHcwH$$1VS9%8!2e(K#DC zx0<#ESWkNK&)=SN=g=*7Tj`V0x2~A;Mz;N4ed5jEIFVR+rcXX;f1mq-`ea*@+tyT* zch^N{2kT_DbtY$=Vn;LmpL2G&x{&fOrmdXw#+~1{>5G2-U{KAR4;pRylwZY@v)KP# zeVJW<(9@5s`5Ky8pSU0IqitSVkBzhD+OX!Cx=Oh}n|^s0ou7V%)-&w##HTnLx_FcF zqkYTfEPm?;YHQvkd^he)u9>s(l^>e6cd1|3RL>bb+`O+)+wFe5%6u=zT4FB^vo2!V z{#fF+52Nkgx_zuY+IYOg)K$Yipx(OfbLx6Jab3Tsj~4%N{hY;b8aVUBd)KdCH)r%` z?0ct=;OjxA?neB^dh2GL+Q7Lkaow9l>mHo!!X`4+;5gaTRlvQ$F>3>-;GG9u-dO>T zX(zDQeN;e<3l|pg=1yePCiWjmHi?h(xet;@a`zkZQ*`95@;*Ra8=w2moQ+o+nUnVl zcJ&v(y=u;#n+>hz^|d=-_YeMz?zh@1oOW+c-0mXL{U^USXX8dAck{C7>+z=DHV$iu z)pR!Po)!md4Kl;7Z-{}-$9)^^ttBqEfzh(AQyV`{xffS+uJ%zQ-#u+gxA9M3_qK^O zEz_496SwJY>KZ-udvoqw-Dv2$l=+g~muWVBXk#K6K1#VeQ@=Oo`UU1}@4QCJ!Kd)q zNK-D0d$%0ECKYYWzrAfpr@Zd9cA+(EdyT{KPxYsny^1%U$9fBAT1y`>b7(6yELUQSdO`+5<^J}x;z}Pjoug50`ooAGrKl)R~^A{PmyHnA#~l#oO{$|J^1`yYccEpnH8zNl^gW^&KKpgY>i3yTG6?~{K~GdOLT2@J^KoaEEMFcTOy8yFTD7%I*J27F`kll#N) z5eEkGTg&ypfDV;2_%twF4-D%J3`Y$Ncb)|d?>%%de{g>oj+k}f^vJ`4;np+6!>z#Z zvXO)T}$#19-et`{8n zXV@S4z_8xaAH`<@LxTQL40qw;LSQ(7T5NhCCX3wEoa*BN_?p=UXP;rfgWRzlgj}L!M+H z*M=e2MuvC~%%jn(j`jJdn)z^1vY8K0-@tshD7F85_)WfnT$PM%eS@(F`P$yfw>I+3 znGe4^nECMMkgfEgI|p{<_o@*~Hcnd5HBwdQWT>AQ38T)gG0 zx?jb);O^W}_g&~(?wnTllRR@?-ABUapo8s|6Dz1@vojXc;$?m-Z{A7j)Au(=59^Zm)h;0;b}j7VA{X(9n7H;Z4?6cKh)^79O9psvk6Xz%S@@u)eOjpfiUSY^A~}^VTMG4E0Uy#{TVZ zwnD#1wkC`_UA;dS4m`BgScL8hthLs))SKL$#l2{wmN?AnkDXR#ckb8ln@0au-+W*5 zwEC5EUVP|TgTra~47qc8!MVya*Vnyh(fd9tWafyE*H(Yhe6KM-F)gm7|Ly)xHSI0^ zq|@HBprIP!(3z_X7KbkB-wadduIu~b@K=`hLYFXV) zuc6P=)p>{DbZlILa}spv+7xszx?Da>eSevO+jouq4a1k{h=wlF599eV7aV%)mF)`} zdabEC&u%}qFE3w0L&uY?yS{fic=LeQo%eg-1Ftr{`|wlll^f`<2EMPI4BvkVmySKb z^ba;KyPcQV@Ll4m2VKh4^VrGtY!UwMsGW2DOWzkw=9Qm^{QL6SIWOM&1N$Btb?5(j zFB*021G+DPx4iFt*uRhi&&k(ayjC;W1II)Mj>RX#Q3f2$<(UVHzOXG$vT3^-`MEsc z$Xa-)9U8OuFZd$A^Vkyvi)a+O2bam_+l>>PK0;q`a5LVjp$+{u%>UDfegF*3YS}j=jdvtz_x>kIdQl;Z{Sp(}Z8g zexvu!_yk=BZ2Us!`lgWs*E)1rcQReB=R4kd*_$`FO*Ts67pm%s%6M5CgA|`}i^HRcyxY808mCZ)1Bu_@u$3#(CFf)E|%O29Gt^!Fus{se?!6 z-0|}CqjB}_LJzaY`Jkz%fP04q&Ul>v9e90l4>r^{HW^s^cqq%%*@z9#sq>7-lRebw z+O^bP(K>c5@Rw%e5BcZzw>!qCL%%NmeoT4SzNPXt$RzArlpkrA=iV*vrI*#%XcN)P zLg>_`m+w%wtLOcb=lWY*N70E(`fOg$)jBq>skY7Qxmw5OHQy6k<0b4Wt?&SLFZ^z7 zyO->1*u9=B0;RZ#u30Yjdba=fisKT-uZ7tT^AOht z<^%U$JJ&-kii4SC#sI|$@4U|<-Y#%dXztKw+uFl<=ndGaG*5^<4J`tD>>1LhZJSjI zez>QySeAow2pf6jm-+1)8ugTm#|qe=atQ>6x{Z+Sz(vxXS3q|5%4KF zj?D^xWaqq~qEtJ^S`l?ihoWuFcV5%}pjlt!o6K`goH!3#)!*?ue`_n_LF*4Se<6+3No3iiQ&VP7wDBziE^6Jw6hLVnq@G>52W{?N~k z<-pTHnZ2&Q4Swavuky_UzUgbE;zYMeW1B_2i;?+g%%% z=ES03*|?;G?{{oWsUEnx=@S>;F3)v4*DYnhJH)nyof6(M2i|KFz{|Y8AH3v=gLlz% z#|{(^uYB8O|MuG<~BCMJMuaU5LaiG%CtbdPPpi^m5YxV8zF zyU!3ucRR3Lp8%G};$R_9e^@pRh@;Oqu!IH6t%>PNI-1)DvY{FpyVZdwCjmTPi-U(e zUU(W7&HK4aWAox@>hjJ< z)!yR7_&*8v#ZG&#OwityaqT5f|MqSgkiQQ)cCVp=WoBaBOXocao|z6jnF-)|APye# zc;SH-j=6jiPYXYE;5m#BlJMKx2jF)_`KBqt^)&2oUf$Z|;P@rVWS+(@_tsAaw#$wE zpwGY1j-}e)zfAr#s=tUer>ZYlM`GwES~pp0O}lm;KIw(5>j-dD}%yfXAL)m^Gsu+%NRIN8+g#20{`6d$yd zb(I|Il;5rPphj~vE-J18b3c6Zt?FPnm9rAF*;|!^A8i@uR%Nn}zY*Omh<(ia-RNk> zJ9zgJ;Ei!zK;42jnn|6^N4Lze*PL3&yg^ z)$3mreT;UXlO)X&joNE&nHO6}m|M)v#6L1b>Kjb_Uwr2bPY10do1i_#FY#SvKM#;6 zhWyQ1L>=qw{x$6_N;Y~)=2X@pRUdt*d6e>Im)Lnj(gn`9dgJ37@y$-snhR*LQF0`)+I`-(Oyo&bH*?lGa^kJBr0b3> zOA5c&YK2?MlER}`gpOXn!aACn#2SO_Foh9R%!G+@TEvKF)>QO8s1Lq#g);ZCM|mMgzI7kG`|(<``O!cyZBuv#%%_T|Na{ zn$C@?M_1k&LRV%_=S%Qb3UqZj+sXIV#edIf zRvaF0q+MU6U52l{{NUhnGj=WYUx2i?ZD)x~)vaH@ zHd4RZn1jtrZQO#5Oa9KiZR8s#w-K83w$Y(S)!lZf;#=MQJzreE4WWG(Iqmbxfs8hM zpU??>TDNuHPX)Ioo+i)!foIqOw{1qp)1E!#=xa^rc(RRo>-qHi=*7sfR^(V4GD&L_ ziksJt-eIq0YyZ1Hva*Zsp?m0ivVGZlf^G9@yB?bq@;7>=tqlQ){rXgE^qP7r`A7)6tbB#s*k{sTjsC+tCPtkl;3`_o`!dFayU~Fv(1Gp) zwg=FGzJ?C8*y`!3LI+xg4zv;-s7^XiGCEK)IuLQ;%aTvhfm+b5TGtbg3B9re9kPwN zq2>ou@vW<0;=5nIdh^lAqqhRX?Z96|e)J+c#sG2~Svie;L9L`ZpWd7A-#M#A&*#Gf zwdi>B8IN|5ryYIGi*udxw>Zif)N%D*LA~;SSuR{sPfYl8`(~o;3;GQ4{uLuXhVB=S z-@6jjIaYP%JN?5vClgw|nEhLdT`qsDfB41m_4o2~V>92+wHurHF6X)4mwED(d-8nI z^L(D?`5m6;U+_Htl;``o*2I<` z2_2yu-umN{=bWz-3&YiCUHxVH%2Vqv^p(+Hc1nLKhMv%0j9&vAi=e7NHTvSkxNoX83#= zd|n2Rm%-y+pHlJe7mkS5h==5zUlEgZ5_=~ynN#`1hwy(f*X7KObS^jkigQJKz}mxn zaFpKFEI~ix**ts$hUpn~D4+A}LHURlkLveqhvvt{7g$FczwYLP2I&*=Nh!MAeA-`P z+HZ9)e2}?yd2ovEE!tN?`<|kGnfeYsD`u_2fpMn;V>|F@U05*g6pa6X9f)TyIWX>Y zV04}t7V?&_S` zBFiF9rhoq+;$+6GLD++J)>uCihA}^&r`Hb{{F=MKC(+|Jm6pO3;zSP zt?^zLJ{$jM)3#mrxMc@un>%JNwA&US?QPqLf!g-)$!((^wT;8wMrDH2T{oRs+jfY)YfgQa z@$56bWqT6x;HOXK!I#keGxgmmPG34O?{r{xc~CI#bYQl5%Z7O;`D6HiInNBtI~|yv zX9nh-4$RIo1M^N`_TAcBwr3!o+;fZFx8+tzd7S%M#U$H{~|yY}4#JbM)~47--W57&+Gqv&0}Gn&(huXav>zU510KR+%x zzlm|~Q33l<#Kp-Cg*toDMc0bL9bHbMU+epC`elSdD^B>k9@h;7<&fJ(uZ)%aM&g11^s~ zk`T{R65;s<P0AkO_c4*g`KTTQf%|D||O z*sqyRzmlr{=)}Ibfxe`Th08JIdKZl?&sN_{`24G z63u_Vi4D%ov6$!eoBv{)_RfD_)_nU)`+H|K|26YRd;a^?-zS*=GGFMO|6=3*|HJ%u zs(1d2UK&47-OfB$=k}R7>aEOCnJ3GB@MqSIelfs&cjteeJl}nadJ@ie)fdcFcjB9- z`EHYUzU#qfBte~F)#=W6FGU|jrfI&bGgW@J#66RPoH@`8>#18lzr4w z{=X<+%AR~5emISaue3d7Ksf3szk;$4dCLFhEXpsY{6A9m%bxPTqJLx0k?ioS$LBJK@vir|Yn58p^V++HAH^<)Y@3IUqxt>*L*0{5A_stcs-W8g#QDc}+eiwuI{3g|6hI&a7(1 zZ}4?jV{iWy`mPr)>G)YDk77iSXM#0%8hPA(E2?J;u(~lRTv+YzD<%cs$H&&d%APU7 z;4RxoeLnpCve@&Y`a{{)+{>un-NVugCwo}3OzZ_;w}s#FM8V+fM^PT>b#^`1ntB@0 z-^P*0-E*Qm@{4x&l<0mHaJ%s(-0#?JRg4I}gKd5Yb$H8UWtn~ew~9HD)ZG~D!>zk# z#I4K5t@h{px|@liz&O_ro?WbS*f1+jh_AZ=o%{%S+`Sj7N4RzObm(4mVB=PCBKSV_ zdg;JhRyw}V;7xHLeBD9x!vCOtcMpbJ-#kNC!hceC)`k81%H3z7yanir_O}&VA*p*8 zx}fuOzMWVLx{pDN)csnaiDv+PgL{`|z2&la zZs$|{0NRh9=xx6nV?lL_zU}@@HtjDV{(*dly>K;tgtNT)ZWenSgrh9(qpT?zI(7Ce zs4mfpyJx|zo4$K5%gQ$88vMXT-R?dIlZWrwbtjoTiqQ}yUZm=F_Z0N6E63z(#@2J6 z=)l>VqCBNMvuWiTlSewfTbH{RK>5l=?|`=ty=CR6 z4*bt?#)bK&#r<@_<@oKZzCIbE{(yg(^M-^6XMck7)L;|w85yD&4e$bX%WGAS<7=-x zq6gR4zCWCb&ydtzO1li4jtudZWerKVp)Z1_e)J%4Q)Te%`pBzJ(U_et%jDa|H{HH= z{oa+Yk8Tvtfi}T&^5b@W+k5LGc0-nl-QepkrS2#;c=fHtJVL4K-;xeI-tn%%+4KLE z+tD4ISg@sv_xLAAZ~Cn2{k!lc&K@na&Ns1O@vnZ|^{;NkcfFB!S;6zeLG&!y5=>t1 zWjnkApBwMkrge*~XOFLskMHEdcL>_`p2w&7d+%}fn%3f)iNSXxcIPU5CzpbUwvoOE zwIAAYVhYGc{iQj_*Iz`Qwvh!7$}i05{pix;%d;2Rsz#oh?7UCm4 zD0u(R_fH;c+inj%sQ8v6k`z19XJRMDI9tb!o%pYwu~!ouBd&eh2WsC71GO*DK9}qliQ1PJ+VMAOA9L&8_AzgaZ{ItgqJ8AiKApJs9UZ8B z4-M45^X+xA<%!yNeyHc1+6Udm$G?1!c$87}yavVLbz+hk`YN)0yFTrKPxMskz|-y0 zPnjJDGsZm8r60v(6y3OgF8y#;72oe45A!R;r3)#cj*1PMEHW<6%W*=cN^YP{HqT3USHQc&=1IpNj@X5Qw*&vIl!4%N z=yymWc%k3F3B0TqIPf~Ys1Cfu`V+iA1K$5A96+8p^cZ_4fjog8&jsE?r=Z6Y#hrFy z=6UJyM;`b@kH2u>`D@YRWeMmJf8YoE^)KU-@Kp)E9`(TErANW`tpvD=#nEA-hYsW8 zB`4ySe(*W;2YdV;|JLw1^agwh>1`bFec}}G-Sij2my4d|jW;cOCF=w| zt&GQti6Xy0$>nMbKNn<>Y?(>?qSuFdemk3adJg&V2WjDc9k9l*XJxC*m9|f^e3m8W z<(uM;<410VKbU_9=ORzhX{Y0_t#Ur}3s?8ZroYf}uU5Q{WNb~z=p9Ln8?D@*x9#}) zw$VJt?j^sTWS!l@9D6)vYE>qOXPl31%9K!s`+&;8gUOu1lpM5rvdCLQUY!Y}Gp$YD zX7X}>9KQ>jpKRZ9cdqUFX0$nc-Wf^E=h{5x%JX#ePj5W>=tS^={kIhyw}D@sMWS=9 zgyRNq9HV{G18dNeIBSu;X;+0~6TvUG#?71`qcOnk6X8tfa<+nh^^bws@4!r%7-d?> zBb>>GxlI0@^o6}A&L8&Xr*HVy1>s%N2OF*of9IW3%eXBAv|av2W=xYm0(z-;d~?s6 zT+O^E{=CVyV$Oe~%)$}YwigG#x?$n^^o*cElr88G_~LMt z19kW?RQZTW!*dRdk4*Lrsw?&-cNa2;iQ(JO#+h+R(2lObXHPn~);XdX*k*?FyvXwH zf5hk8|2At{A3OHwns?A8|JgUh?33%@3_MY7AG|)-e7%-{dOM6bK_~U(o5wlOI-AN5o{D|`?!q4} z+hBpWe4k~`krFPy4L{jDVxQk>>u!T1gLrOVr$^Gb{!qNc&u({WXoG-H+}{ zt_Xkl_OZBUSA~1xp9QZ9|A}XHT?5l-JF-ggU^K=Y-(1y@iIhk{Wbwy@$tX^a`|yZ zul!hd(_bb(9>7npSAIm329_VutHO^A&~8_Demgr5ZSbWn zKLU~VWNX_N&dEAtrPXb<()aJ=Y&}1|wUR5XcS3J>!{@id_sFtA__IGlz6xK;{$kFV zoVRPuhCvqqAI~~1o#UCdKkfL+H7mI<_N8@4u{r2`Go5982zgDL3y&XyXM^ynmlqH5Zj#U1Khct}SHSpsbyMyxWTVFER`}hPAH+3s z_1FB-F)*czWp}k-$9Ouk97`b8#2(Ak3%DwzRd1Nku#e2>!*z3A9_T}Rri>y41oYXn8>F7Wi*p72Ya7H!d z-u4gPKjiqMYaX?R)aiWqR`%JnBm1Jg-ya+a;lV@WA+@t*G6tSKKPQI9q@S<&krGIqqN)THsChwq+I8&Kc z`n8MxJ{06EP|9~x{w>OPp_d#&FPX-E^?)xBPWOd&ux@^JE4qmv7+cUyT7GnVeK$JE zTj(Sf?~yB4A9nPS7U?6j`#;Fz?O!`SVQS>*=Ot?c$bVuUaqY$}Y~*@N?|o|IyPkZT zdY}6v>pjoE!*xH|g)H9q*2%K?Tk+43#bKUJ>P#%>#P42NykX0!WpS#bKe+nS*~;Vh zX@|kp0P^@QU>!&vKac>nczL{#xE@~nRTO$^g??qf5;KgZ~A*MvLFxG%d@ zYUGL=<799?GzdRxZMs*7bN4i&zZqQ`o()MiB%f%!23*;i*ag3)SSX|7 z-%H=_)!nJ5YbLt8bW!K~PxkhIPFVR`GTHNX3w_1-$H@=xSyo=S7=6E$??SshMbNZ+ zW}DHufl+$8d|!;7&V3$q>*j0Yn?@&xC+53)`b3_g!<#Z8Xr23Uo-+7m_GnL?bauCl z{O^_^wpE5q&GiD|$cn~pr4m`1By-4>eQOYjProkm$bjrN-}$0rm@#0z!*55ao{4pHvw6uaZvS! zkhPtBuL~OBEaN)qm6L~1M~Zbo`eHG%_7!L_8<_Ly55tEpEd#gCbpAShrTlCDeB!5h z=(t&w*Z8{$z3SeD_e^;t#R}iMaPkyA*L%HV9yqsxcQZdcan)Y>Kx5-)sYmH&Oe&o` zEmC2wQz8pVT^^U7^^nt_C-3)VUvARy?yZKW&+k3+#vQ|p>9-8Vv-r7(Vxnw8cUTP$ z@*Umb5V}Jb_nGJpyIJQDJZ+2-w(gK-<{lpbM;b4>po@Uds_OzrU5wwUjMexLne#UT z;QtUjImxG3w2IZiS@Gb_J`-E}1k)q!sn#}kejY>im@`q)8QK{`4Xx1sEzpO*muCEi zW@3Chn{SJU%M4xk*^Z*M1Ycy9=7zk_rR-$rCJ*`vk~h;z?+!4wmjff~p!og;jPKt~ z&`1=XcIW=Bz}$8zx(V%BKpYfzJPx2wOXn!$dpZ2tSUXRK-rFhrBs8x%tYq4B<{YA9 z?>P70&v8B|Kg~D(MB0y!8K3@m_~h~F9iF*;@3l3>k3&bFO3dT#oM4fM*J1ZwexJ@d z=ZC{S+Dj|!8S7CW%)iV!P>&z~H0Y(+%IqG3j?+4mG2v$Wz3eKz`*X~=FeUs$?4Hd5 zY`fsV$Z~KZIWNCDAAB0rx(91MzFUyh^smWB-?aLd;P-8z3;E6b&-8=n&+wSv`0*pN zna^Jmet%YZ)__wNzqk=PyJ+zS&rPOg|34&1I~T!<`p@;33l*2!C|Yu?rKou$x6 zO0^Y!dN|_-u<(tZE-SS5$@2L}S05`lI68Rj^~t```=pys8?kyrZSu?O-lW_-c==`W zZz-R6^eJHf6|hfWAIr;pe=o4^<@RdqOWvn?m%+d3^tP|xbx$^6Pbj>?0J2pJ>?4Nai2e`Wvn7@WR zTMXP)=r+Lq=Oo4sQtZD*KPhzO9eG`Or#**WStokw~x=_!peCx!Cz}6V|ExgNT?SB&UaFsDKmU6a@jXB?Ad~+Rhy!Gf* zd_R`M-c96hs-Jl?on(HX8HHGVr%ptTeha1 z`Wq~No$7LJO1mY0$!F%C>Qm&pk$Zl>i6e0Z?{oRteQ)fwk7qF!UUul%`aGUXPs@sb zAG{(wiTC}=L@y8L@GKFpdB@7m9B2hOe+U_Wm@%vyx_k?|5kF3BI`tUZnFG!yg0nnu zb}92>+Vd889t+QU`7u3sX8h>GhiM4>vh#B5NCy66nZ6<2`{5(;sQ6C&Cmt1Fx;!bq z6~Bsa#oyvr@pvMg+Rz>Kx5BIbfPZ5f{aTOBuN=OqMnA5{?&rsr)B?Xo;Z>KuKN?5h z=beJS3(t|h#VhCtI|`xeLg-s*HuNp}6}`4VYsM}t`i2%o--&4U^ZGvR(wsBLN~$Zv z{;j;bxh~*3=J)Ma`Nm^4Ys4!xmak4U(gF?NjEw4}|GOT5*0EVhF69tAGg@KW(p#a6 z7&64BvmDN!O*3-pyy?g%XkB$^t-|o23nMhqMLx|<%F&(DnTs6ur|+M^{=`Api)_2y zpkBKjHtWduku#54gX?zs1{u4*>~^-?!ET4{Et}n8Y(&z%m3D)ldxy}M1?XqYo$Ik_ zqyNlx$0_M6(nroCZBmRzYdB|26*=Jkxyntk*}8naj=GZV+Q!N~9Fu z&ND6Fg}jd5&X0D;1}1xz<^Ym+nZ#f0l@rJejk(GEyl~zEt-OPL`Im+Brd&oWvUh#M z_mx@0sAmW`AKab6K6v%-y<acm6&dJ<98E;nIZgDEbkv zX|FN!=(!g`5Awe#&^7d-c$(Vp$h@X!JbIMD`!dVO>Cx=%-HRX3-N&XLTr;@p;5`fP zS=8A)Xx|`owr2(}IXH{;mKh5xjuxRutxS;~mA0>myl+~*Bloc0y>f79ZTawDts`#0 zd%3$Z!;{IA=hGNW925LV?788f$Oe3^)PL^!g5>h9&3$;$e7WEJ1)HdMJyPqBTG!Q@ zWCm?%9|_%utOLZ&CB{+Jx+ZJM+K%%jA5!Xacpe?iScg1c=C`(0v39L^O2WlW{Pr>z zc*#oH$6U5&LC`v&y_biW|FsT7{+@63w2ibl>ja&LckTWZr~Zf5-dMiisOA%8l+6K; z|D?I-FverX(4`-E=7oM&hg|afS7>+C_++F+KHYomkIad~M+@I><-4wJ=j$HawD65q z+N*Vk?XDgvWbxee*rd=N25By6!1-==$L)-DT(tn&&ANh2FK@3NDe6n(x`` zPpJ`NA*_$hL@qNP=2Iq!j&R~c^422K3ByzNOMjNGu$wcqI*^ku@l5#9+SE(OmakD< z&RyU?nq&KoRzrW=)n@Kh&gg#936X=*OTjPSGqmXH+|)Ck{C3>WJrAfsE0>5DtS z6SA%2_E67A=&_Ubv_p5D;G+|I?1Ub>7&}sZX?5fEobjZ^yvK&+zLzZIeJ5i}jCYzJ zw<1SnAJJS@dbWHU)K8)@&XkyI>@v`B8)MlE2+3+NAidR}_gRzeQPdo5-08bbFrga3)>U%a zJ6_&$Z7R|SzZxfx?EM*|d*@6e zHOBX)&$mJ+vL(I&%<`)-&yf?Yx7+;kZ)yuP)B*pPc0%JOo-gmsJ#_Du(|OU#8$+h# z%l8Nww3Rk%&cfPMPj1jUAYDCwtaW4|vb%j|sAntB4xy9f9w9SJj3Ldxzo$I+ zsMa9gpnqhumR_RuF_)I+yR_uWAS0{OBZuX$#B~?xnb4JY?jf8H8UW{B8uQLMz86Pt z3z64}?01sg>J#;W`a|QP=;>zW1NIuB?Pt-7%_52|sslNdX{FjR0w*F*=(8Aj7L9jO z#^}37CZ`&_m~~6=uCmdIya&hf-SNt4Th^pTesl)75iVYCJT<>*|06@0`Rk=e)BZ8N z{H8UaR$%WyKAy0WyIUB8n4@gF5gl9W7P-)e;_R=67EX}LAF%~}LHb5(2IYp)_K{Z4 zZS=Qv16%jB`KH&V=kL2$8yC_(z0>twq6cVa{u#8{)dkh|Ri|mYJNI<`33}U)toQoI zSKlTZ>*Vkje5)EAJ7Cr)MAAV}g}U zW3npuj>)d<9FtR-9IT(k-0g_+9cJ$+degQ&)}(8K4R6jW)Q|jS*DQgC(17CUI_ho z@$F}f#ZRv%oAE4#UllYLlWa#e%h$&CM@Wf0IsVxC63e<)bfUe?^2;mH8X^2uN}7~i z{rckIv3|G}O~#-};n?!f#~-}%IIjO)cm#`J5~FLHQUiCoP57 zm-5SmSAch};MF?D-;-bShh83V)}y^J{MO7eNk5uMO3?ZxpiCMU60?B%^u)-e1I z&&k(VcF}L(SERYRJ*T1EBhUo0*7rCzpAsvaOkFWYcC|UOYjwKy1h(qutdgW~3>oIm z0ll)!?Kh+UfS>X>{Jav^f7T=Y?a$WZ{qNPkN0!<4=&i(L_;A=qdS!BKG2_rm#*%gD z3ia5dsY~|gMr>XmEMEM4rf+oj7JQ(hUqfG5k8N%vZKRCyzx6aWy3KaEmMVB*nRJPa zttYAmZB?9_Mvduvl8958Vr(k*c@FpwqEl^_Pv_Ub&tl|I6>?}9W7#@%)%Do$Him!& z8{TGYcuzzB=v{3mlCH~y#@p*`+{(5l+_u4k?clb9aiN88Y3{cQ9Lr85JVuu#g`?z& z@-9lgXdTbV%V^c}XZ#<}6bAKW3N)he=~e82)yE1CT8vxzM!V|QcT~T=L;aoj>zt@c z->UjW3og7Zw5x^uEws(_FYRk3e``@vxD}W_C)ibnK8)Q=KJX#indTI-TQA3k+kQRm z1z&H1SJ}l{SyS!=kBWU{5j$IUdfPuIIU;-aZBx--Z{~Z{W#$IdW9)W}g`Lo`zNbFY z+3~Mf$!6VkH8EEX$zP3i_DR^+=ULe5=^w2tE0uj-wkGLSu6_O%?D0E!F8|m=$N<+q zzm#<<>};$n+jcUg9YxSm8F;$e>e-EKk&RS1w&1~b`mPGZW`%itdlREmgG@u9vU`*od@ZOf>4;1kI)$tB4r$t1}p$t=k($*mJ7 z2H`dz*g6c~>vw&D{qMq0ALDup*IoD=ymEZi8u?drL7$RiG0Cybwj2v;yoPU#A2f38 ze)SjpbCMi`Hsa-&{Jr0WCX76LGwHgl)5$ZwDS0+mH0sK;9B5ebhIjGuY_I$(&k`1| zT-%BtYIVF^)AuCT^gU?jN1Q2r;>20VwK7|-<oM*lQ&tW4{a zi|wXOb)zi{ArSmtdg&s?N5{1Jr7wbyNl++(y5fT6a!}we1oitBCBHH zSo*?v9z zG3wEn7Ry05pspBsW5PZ4nel=;Z*lrqEqLwAxB(koDCjZUbw zhUM(5ZE7Ai@LGc-pUyO2CbnsGLgE<9mk^w&Pl`D^3ctoPt;5Jj^=nbwdV&K>D)#VB zaL`p=GG!}2e8u(^TEwuXza*>O^@JN)PiUe~8#Yy@`VP-T)8{H*-~aBp$=B~EkguBm ztPV=H_U-4?eyCPxuH#Z<-VN4~bj9TYUhi)={*f;whjtLta|h=_?Z`*JS%~fz;JI1< zvjY3HuCx#x5I^P}O{@iScKN=1)+rVuj{}tJFBe($C%*B>Da?u0Z|8>b{4?Z#O;e$^s{QK?el1A>EyW}== zzm59`l1A;@wq%;Q|C96nPh%cFIO?9i-@bypzZrplGdf2*x<#jdMC2{__HF1S-xuhP zz$5wA(C+EPSQxaZa{ElaQ!)18gOAi$k3Uiq2-hvF*nW?1(7tE*o}NF-^Ji-=2tUK~ z8O&9?`L3Qn#`AY;CWX75{QLR-<2)O_bV@km9=neHv?brl=-!H4%2-sf{YQN3a@rJL zc>ngiq>Oz>_=fI(#C?Tt#J&U6t@|U+`%h8lhf|6}SJd5@EKi0T^Iz2#3Qq|1#eeCV?WFRIb{ z<3-_3tko5Mr~KeuU%c($Q=A>ZIdPE{pO|J}2U8j{9DMsrM!GfXDASvMt*Z03`EMwZ?56(E#%jA z;Jf7qr;~qc`NAoIg7nBj@|)|d^vG)RH}O2hml9FGu4bMWpkI*<`(82l4|KENf@kI1 zMT4&xJO;X7MYq#4(dsJ(AAxSI8R?m5x?ViOz4#*p{W6Xi+j_IElN~#|t^@XUgRZf^ zo4K2_78f0+y{O5N{qi3|mb~huFFWZ=CLJ2tW73h4T_zn7*=f>@$S<7tFDf!&W}$ca}FkuIjc^RIk{&gbDr|ZoSQu| z=WdV8S@{>poN|xMS?!TITRk#o`u_zo=LhnULgswmNh40W#iTLi&Va-WPA2-?E&1)9^#~p*iT>B z%5@OmmO$yMk?GLYWX9MTzKg=s7cQKV0d37(STUvI7hgHJurxiA0e$H{H!C9&fWD?J zWZd(mM>5gtv++;bT8%#jd%5x!qWhL+?31pf*zvb8M&*ydZ`&EG&gMHAd`I6b=R0ow zE{qL<0^@h4b;JtV7C`q=ySwnW4e@RKHMgnnweH{@^DKN%gp)^^e=N1E{XX)f#^rfw z(WLEJ^hrK`>ubRAMax^Zeg=uK$f|jqe9dy5#u-q_zJc`%QA> zH=ca^b!~VlJ@Sfq9*F!G>Dlne;SFcTBU9q+!S47hUB>HwQ-DACLkmA#zbWo4Tw;8_ zm$f}Jyyg~X{m5BE)4WFd!7C0Nhn?@Z_1o(OefyWSj-fee19XsIVxK3HUv0;TPQ&-W z(2Tn_!94z#*Bs+0ZsVK(S|MlgY7I;D)i0ms!_0+UTX<6(PW}K)wtdO=4><&nemLy! zdhOfMJ1BoA<(b2mdQUiWLd@lucN;&)uP|?5F3#NUHOtDvZkiOCpAX)dGZ`NS z+4r4yU*h?R6RFsa(v1B`wtm?#luvu|V)@jAoj`Wm*i8KNJ!c1J`K+stTuJEFsah&((L{q}r@Kh&$=?I&|=2 z(r4gh#ZG8;Y{QD3u;vE*+MK;h@}JE61aX_#yR-@VwBshY`<~My>DW~UVOPn(t|H$T zd~w)olIrX~!JcjGKk^5Ze_}?YfcUnyEOPuOOkbHf|8rR-SB6vm%go#9TjyEu%CHsx zEP6%wgFl>pE-zk4iNl%e)8*PkUvTJA^YPsO34E~*=f;>g6MT(0erkN}01r03_u*?> z{4?Cy#mo19lJ6szV&}sr9$v2Cx%}czoJir9x;2&=>WNLX^Jy(1 z2LBrwA^wKWU0%+{E|M)?&ViS6@R`};JLycN0KDwN7b9N_`R@B1G4ULE5Cv9^@vJG% zEkq_Oe`bk&ueCAhF`3oY5%&4aZON#5UgKgezQ$UQ1`j<8;E$bp#yGuz{=aLuY@C_h z)0IC>_zCsMMyxeQ*&@G#>KAJu+Yx7}CLUioO~xhsp1PwdgLoLCNyOp?s1 z&JPPuZa%}$e*68^SD#{xaPm~UYt7ER#t?n?F#bF4b*JaLjq8)fVR(CJ9Ibx-H1cq@ z8Eg8Ff9;GbEzptHqU2+s?|hbczw(JvpXcG@*}|HMWMv*QQ#fm794WT^y)v^6x?OR9_*C|eR{^UPTmIXhGe}*jhKF?0VCv@jsXOisv$+u4}3nC7_-SOs3@oW80;1?dN zh1bM)r^4?y2f**m3Gn-+cw90zeJ=hP_?>%(`2EsZ;&-|kpZe$*-h~$@hpRu?&p!$O zqh9}{$K{{2w3c|btR=99(<>JxD_DQHx`uaI(P81B<11nEaxdMk5I-5@5bHVy^XsFBpl;x<524pLNDM_@)_|T+sODtl+dsv#s(;vqMf=#Iq9Ty4p!^ z%zAUybbhy#zB#MGdDiTtQ75&g+w}yUG~}cuPFn4x4Nlrj8XX&~EVL-)``` z@n-A2#YLBdOVUDH{bK^NbH-dS+rnq;ZNGIzc}n1#K*sQE$DbF=bmJo{kg?K^!JeD$A4JbEGi&qqQxBoD2%tQk#K@{GM! z%8X7cb%t9$i#cZZFl*b4T}cN*^ikTFhS?JqO`3fpzxn+1EQ541zv=wS^{g~BYbfc* z_{|!#Y4*LP^|Q*e>SxW*vStzQVpR5!Q11Bi3V^dPw{S?!Bz-F|!a5*$y|5NKu(~i7 z0%Mt#G^5t?_k-1~!w0N&gMhWbf99|P|1jXZgx@Xv?&TMPj!W*ZpLH)VyKrm2k-@*; z#(y&S9}oV6DWTl#AqBLjkoFYihEi%K37)`M>wt?xZ<{Pno2G+z%SxY-MY{?upK04X z(^tu+uk^l__uhVS>(638Ngh7uGj{!jZKbb1LYpt=cN=~675d8CZkKl~{t7NYmW-Kp zP_pGx+CPl;4tSo+I#GkL_S55vB(QCCoJQ!a`Ys{p|jF44X z0gtYZMTf46MQ2B1-9u-Lom4qvY;NVug5i~e3I|mN#!jxx9h+B~5qo!Npdi4#eXVD? z1?k-9RtD08vjbzZDyMy=kJkmS7p@{;F9Y`bfTI=o?{i?!!%tH@bSgO_`K5fP%d^yn z&n9h)&$nAXn+cxhl|W}+`8DQal~y1)+kZn~b{YF3?giF+f%B2Em(CuNTyWpB-~_39 zt2O50N{hTc@RtSb!l~6@&9bVk14-~_&X~s8t@vw~vEDc<8XY<_8lC;+Xl&@S;OyD4 z7gzp(dWIAZ0rwxPd}Qn;m0t$86$KgQ-g`ZdyhYGNVJHc|)NK4x?Qax7d!h>$zpcop z7WzCu-}y&b+opo+T5$as@XJTzF$dR*uT#ZYSJjLSRaVlGJbVNcgQSlpf|cXZy+kYH z1JygK$Bddi{<7-ps>ghEw)V+YkXPj@@UKD+9FX6vp(SuO5IyOA7Vq;yKH8U6`Hfg? zXfACgg=Q|P{DGmlODeOSx(dlVllE4O%_dKaleeW`Ue#GfzKW2ad^zN6b@H|L%QxPs zvzEMdp=9!oCvTgRx2<1Z)!9V8XF@6DyNG=4PQLbj`6f7Z?j`U3P%3#RkhjCh+tDwt z>g*(6cPNc~6Uo=<F0PxiTU;k)lj&vf{?3OzgnJ7ZbMIuQH{JjHhh>XUQ%Ru|vO zA&#baH4ERp@yF_?SYNj)tH=0ei_UA<6WK~0uMFs=PiV7)Ih5uI?aUc;29W%$W{Q2w;GI!2ia{rsNs`%|g7I^RL zs*}QRV}IETJ%`3UKRath!)$O@nZ2TMHgsE=vjYAj9lv7pY-q0Xq7_fhhMp=XtZ14I zy;M$I@ziW+0eGICOS^kMXK_nN~-d0q$=M| zs`4GAD&I+}^43hdypL4nlSozGPpb0Cq$;06s`9C%DxXHG@=Yt_+6 zsya52s*cU1s^dvg)zL(%I-Vj`9Z!?0j%HGo-$knOyGd1k52?!kid5xaB31dlq$>Y1 zsmkAze8Dx}Z+vrBwKKNWkgA@gq^f5bsp_dERXxi|RnH1i)w7aR^)!&0c95EOkeYUo zns$(yc95EOkeYUos=WBB1ejDuDXHq1N2)r?NL9ytQq{45RCU}%sygl_RUOr&HT;(H zTgI=J-*SE{_^sq;jmc*W&aW)wSH`cFUlYH*{5tvFiwv$t$7y8j39_$4_e&XDHZyKy zJNLDW3r)!U@y`7UWct&{>j~UThM!87>iwCFZ_4-A9NSdiUvpejeSh6CZRk0TX_D!Y zgD2+hWj)dz+iI<(@Wv8bw(nzKP7SaYqZi$SEMLZT{g@|bzsdMF6Fb0O#=i>2zlyQ> zl_6)GC_%P}2CJR4!AYB)H0q?5=!twmCk;7iiIY~7&R|?oo(AVxaN4BV5#Z3X5Z6je zl#a=(41T5ll(cg$o=4Dh4oi`L6B$?;QJP%w`@mBq!jIZ+it9qWq^CX^I*HkdBXMCOKU)OUV&waB~ zrTaPfEOBsE?W7G(+U%rJC$(JsIBCd9OPsWt^lWfxjk#p@_i6hU&m7}#tzRV4EkvJr z|Epj8uYLjjYCOv()p(Xes_|?*sm8O5NHv~KAk}y_kyPWE%LfJAt9&7;$`_HU{8Unv zzmZhsZz5Isn@LsvfAtIWr2j$vVlXo5!AO={VAFte~C;c%C#gkA2tDairf^ z!-rQsg^rVPgKucwC~Jyz9O*Yr=oYg5{5A3D)l*~()t|c__-dR#llCXSmSnxqEc*)f zH~BZ+Sd!4c={fl~&6(QYziH{DzI98j5q%?UuTQqomuBxV>-P0YBf5Q_v$WcIr+7+oBc9J1zp zFB{+5vKskAObM5k&-=N~f6oq-jGNE1+UiN+<>m9X@3edslkmaG!q;t=-?}Q6NnAqC zGbcUHzQ^O*LwSY1dA@Z#ni)DC;~a8pRp~f`kTAmsNd1I9OitbNnWb zXNBgCBkv9i-$!f7!w0i@UN|KHEmZag8<3hobajfaj{ml&@t~c-f}6IM39nHNfb|&~YzpwB7i*4R!jT4Q}V#lxP2U`|l8YI=uVi&$R#Yt;~w-Cu@G6 zb3tfr(3&@H{*s5+vG?M&rs|8sjpg%AKdS8$c(%8CeE8+^`P+$6SK+50H`9l$>O=ag z4S#|!sP9Hw$F1Q@#;I?T0;S^$`Qi6*e1-ZCTVa;zzcF_IjduI5+U>t}r|Q2s)DNwg z*b-hG$v z{FD{TRWY1|hkkV; zr`3*lIU5Bh@)47aQVfVf>T=5qKUv3$4+g6(J1%2fn=J=E?L8C@UHDGl-jamved{rs zM&jGMH39xKW_bI=IvQHruf0yc{MM=SZD4fai}(LPPIbSHPf|8=KHo|@T*7#3eCLom z1CCGDd#`JKA}g?aL%}iM#?jnoS)=Rx)_ZG9En6v(~sir1ubihf!Cp7 z$r<&5+NCoC)DP-I3(&zzk z(~uF)_u^)xeRk_?7dIoTcf`lvGybe5K4G7~kf9B5k>vE3&H%9a#&7sex(hL0CkrlyCH{@b zydCoWgMKT@z=f_w^Be!!LkmuOKjLZc%MLAg`8S<)L9cufe>@B9AJCWi*68kEBa81R z?whqF)Q^uRxiJx4IpL+tXht~tx(60V7Qg!qo99KBQ4cI$cn%r;xBvcLqdy|I63Mi9 z{mMd5kbb2xvIN{1{JJnYa^jyIIJ73IZ|l#M7l-2TflgxUuY6x|lPvT^|L{wwKWAJC z>zdLR7za-U+vBe87Z02IED?N74t$CaWJBkH&x{8i{aSv%^2daxnvHMcmEkX637(BS zv;A(3Pwk?TqwT;sf6+xp7c2@MHF2S|?s}yiW8lm5xnhMN2g1^yrB}$e_#f$K`Pxe+ z?O~1}y;si-+>YKm9ltZlvZ!a={d-SeAD|sBe$(UlYgh8opURgMeT!J8)`20^uXre> z!0{M9uYYDuxX>?H*n5vGHDf+$5qZ&Z@k0&ueDJlZ=c}OAS@gHJJbUNY`=DF5j)BTo zLG$;zwBpEUaQU7iXCKcB4h~-&N6(V=(l0*lX{X|c#K(u-YUru2ztmTXF(sYn6?}yQ zSt()d%fSbEZfdm^PI2^}HueL&>+UCU@SMW?RP$cv9x8r=&M!%mEU|SYC!gC721f8I zIETl+P!Q5)Yk{_6B`EKg^W+54u_%5$e^PyFFy)7GW2M$yGyhkWWA0(~4N)&XbQTs;*Z zs+D}Ni@sikuVuM)^e3H*(!(pcUJ3rpbK+R_KIdA`Pb^74lFb;uDrAKRJ$U!gI_ju; zh-dIl#)B0{+3#LA=)s9cZ|(`LRV@BPqBo-p*=GU8@}Mhtr4{~Y15YN7P(J>C^sk8} z1kH8f!}BlTkF(g=zoGNX21WLB|1y4=TYyjd6twRriJ##Wzq5CPberX7hes)^ z>j$~^@{ikZ@xI0NkM_yWM6qffOVFRTzTGEJOXa)Td_y=3oJe1gY?VA7VBVTgc2&E) z;>cCe*CJp`Bu}T~)9;N}C;LGX{;`E)^1?;<<@<>N=LbjfMOqB6CLjA?Rh8dg(SCmY zhIC+a-;F+2Y@UnWl8=pEweiG>7nJ8E{A)Evm;4OeAhX=MHBM_E!E$J40sXN6+Np(h z=5sxtcjh_t()*liJ+Bw-Kqm{Jou?MfKUyZ*(KGmX^P;k&d+=}BylDJU^;aSAZ^C9o zAFoZeTDG$mS*JZt<{o%;FIdqtUU-s&XQc~h58X#!1Xs{iiL1vtGRMed=;8l-OSHlH z9bCW9wM!eq^EihFws`v5JAVC7;XC>NB7FY>ScPxl*YIK-zW>RC?{CH7d-o$Y&kclc zJDzo)zWCRsZ_#!WG_ErV$*E~UUyC`D->#`>1kW2TX$=wc3iXZ&YCH{DI(p^NC z<{7l9XMTq^%b?8|xOo6P^}~;6Jg;`}AX%{s+H=SA`1zIE?}xw3;BWZvx@7p(UL50u_fH9QD34 zGB99plCso{QbxcLg9|{S#wJG&+MfWPF;9AftN8(GJCDgRatJe5?91;=&Sb` zaO&A|hrVv~SyxFP)gIIsed)%2`>kMOUd`N&cl~4c#_KTdSST6zhdP@lMT_y{;3lUZ zh@;rEJD2enxjqlvW?RkgCt2^kU$~@TBmUfVg~z_MuJBmR{=y|m`#GnhPV=2?=JcBX z6g*e6L21jXM_%6)X?VZDs@X6vsd}w+oI>wAxB1wz{V6-X`Fd$>%IJ>p`qy_Y@r~}>Qp0`PXniNg{!T?H-eeK&f}~E|Gq(tb43qkAKeGu(w%oY z%U61Av%l~BCzs#1#@VAZFD_z?1vkVGJo=MD##nR;BcIH3@ZbBKYsoF)t_6M9&$s6< zns-#|8ksyx;#n#46rGV$x+wc-&>bHgJwxN+CEuj)k$bw%<65*SS`l5`;n2mu0lN$D z>c0}ayA#0Mf~*p})xcWL*-vP(Kk9P! zsfmA(5!0F1L_ejyp(DbxdCs1o#}z*r9d5@`_9wN%OMY;jESVo9#xM6{o&ay~o{7JV zowbGeRI}L&mCSk8)D3^iCLS^|V^hOZsMp8<@~Usg^Nm`*v7B!pZ?BfGZVKNp`i{QA zy`OKmW!mBE6ynRWUvEbn`OUeboP9SR{j(PRvzj^w3BD4_GEV(z-SPGF%$}KJ$k(Jy==az_{F=>{fr$592p%AnR(k#Vo|cE^i=VSeb_Q?A|Gpa*BILl zcI#H~GM}{GN-}4kXEjt`H;-Q-a~{^S4$7tzL#D$+qcnezOde=V-blM#Kc`<0(7vr^ zzTG$fgf7DK`A+>{>;4wtD;pD9S6gj8S6ebRysW%z3VjxC;8`XyEat&GHN>RLCuYM;pcZv#t@6UpeYifGv=w?Yag?to z9#>#2XZVJm*Zw!(4fI>vl<>4qIJ$>BheaQm2|Xd-pTCYYMjW+ENe#c}Sl6jv?^OG9 zs;_&Aw(I%S;myBKCU#*;@K+n^E#Hx*%j!3*uzcZ8|AWtSUf}+THGM26^Dq~;@w}az2uv8RuZ~FvhV0mQo#9_pe_GH43rq7%` z#r3pHwm%0_=tIxv26Bsknh_QB}*}6Z39c?pf8c)G@#n9L?XjZm@eE5Ae@aUXh+qRX%*rK_j zzMUGm^it>o*~S_Xb`Z`HxfcFH=jpf}UBl$TW<|$R?wwBGZ`T z?O2A4YPlZ08o4C7Df!sS{cqOt4fLe~-_f6XaV0xWY}muke_Xn!-oM9s74_%8XZjla2 zRQg%#d~2WsrA62i*i$@8`OpDg5N+Br&zA41^G532#2KEdPkg-q{H0*CLC@ST+@?Td z?Z}j-p#7d_2Q;?`P;crkE8I~&-oREX_|gZ}O-M zz~%KD4$-C=R?3=s-pl@pEuptQ)iohKy>2&fEyX{>txI_aQJ1%#=}sLvwDnV}1A14! za^?rp-=()pUr(m(!h_~()2Tn5`@PNB{T60V=?J8mZzZKz+in8Jz2Jc}13eW~W zbxx&>#;h`Mt9rCX*#WI~!cQ&_Nq;T5;PcUbFYc7z z@PVsS(tcNdjyK#i3L7E8swJw%ziA(ey!^b$=o93iw|bpIZI; zeCE)iqbl}o?V)|rH&v$(Udy7bKKe#uj>^}=yVGg!eA-&eyZPl8O;NuKmU8-2<+SGh zDbp8rJn2swIJE!0`t_L!`sFT9zhL9*UH_2mN;IA>jMMKkM_Jd!BtwX6$=UJO~*ge(!%PR4fOpE=yyl4<*(R8o3tL} z1NPzA=C$tQ?H^aZioUM$v_ta|-*CRg_xjop+R=C2x4r|Jmd!JeKQ6}SS3+*Uk-m(lCI*+lZkg+FpfmNrm>i75u zxxAuwBsuN)ou@A>{S6O!+QR*)>VEgaeGI#j@D9A!0N+}*Hwymkc2~cisQnrrz52M@ ze(IQ;6s%TX$d2`TBl1?UM_NW|tk*d2+AbK6(Xos8J~VuP0p*H=){d5ujQ@Bj%{r0iE!w`@Q-mYw74)p2j2cRycw|Wk22TMa~HnpX1;PV{nr4u z`o9=iDjijPS!E?vr0Y74FKD#k2b~omdeb~JoelPuO4DqZI; zU_w{fal%TiNPpJwDtGS*lIrd9%gRby`uC?AG`6%7P?qhrW^*u!^=nHLn{rzjo11)PW$h@rup zG-OQ!wx&|LtSnJZqsmAN^xD(+hu!~afsz!d~Fsvh}L10LOXqBp&hT-N-WdWmBcdR};~ zA8z0K;RDI*`cc;XS=f4#xnE|5URV16GWRavQI==^|2vsX4g?Ao6f9~8;f$?X70hCr zNrEC$Yg_5kE!zed5fQCLwyPFx5)x2|{&dhTU2GdLATrj96l-a_C4gX&9z?orx9yfW zC6f@X(z;zzvH5?#&-=cacP0~r_V>H4f37Rn%)E!^aG&q{xu5%CjMSpE?$TNqcEb9m zVXHUhLl654tZ8vab%C$Gj^KOUYzz4PJ3Fj)%vaIAx4|ux`#H^mh(;moP?mgq~AY9 z_S+)bU3B05N6T+r#F|;v&hlHwo)jHr$Un!PQ#*0_U>;bDj~4)Idh{UE?zIj?N19N2c*z^RI+o zBH(A;Jqu5+gO4>&*?|wjHwWRHn=Jfue&K-azU*oD^#SmA z$oL28cpCBV-HU+hli1GKCc7>2y36qC3?8jpzFB5ft=AZ0$PVGPi2IwMft9nYS67B6 z*g4-^dkI=J*Y-~|*Q_xMFFL@r4F0LHVQ%VnLKm_tL<2v)R5|VNDm*n7dMJk;#z7AO z`rrEMmyT|QA5F}h`71{w0iEo)k~j{}FN97OK_@=dp@L4zm=AL6$_3DgeELPuiQpz$ zX(oq6v4}Xd!gb~io#4mVbmBL3ay@jScKg;^oiX>(iSv8W)x>FEofMY5+MEY(E4Er1 z>{(x?I_Z=(QFi1syry=K#`N)GXYs@Vn@Kh&|{;61AdplJ8H}O zzQ%W@hmJ(^%F}kow-lY?9p5g4tVksQOCG%{m6>v93;Ydr0h(cb1_YnSAO=3f9UXsz!UwhVPz$k*{j zE|P3!uIKIE` zxbOZf=R2J9i?5`2U=BdmlU!t?}Tgsa$=y*xyoDQ`4}{z{yWfT zig)=GugD?S3LUwYXXIL8B&s|K+ETpWUU**e4LY8pHf75ev977_UYz#PsEcECteaEY z)|8g*imeHsC;aw#b9O!65q&j1CyeQ~NXHJG3qQ%6HNyc10W;41Aj!!K&jadaJG{p4sX%wSqrM z+ZvZ--9G3q@fd45%YwUG@QFj0HsK@V$1sjK&ky39A6q}z<92yNd~v4-hC8z4tK?-I zUnx(15p?YJ6)gT-{+Vp{7p3`I@0CK=7IIm%J`USi`f?ohR6gzKx9qgd)Uk}s;6Aoc zKC&xc@)4ex0Iy8sQ!yNyH+1ffH9~Z$nAx!bcw+=~9-9&DiHk0$!XNO4_(J+xbfvtq zeObJrxKu&T_wpjD%cb{@8U9$aagSAK_#+8#bil_tPs!#F#Zd|)4=JCI=QRect!X_@ zb#w~gk9_zeU$sw>=S|>D_C+9rKLU|a@Q3iZihGjzK5!^|t(@=jtJWeXr1yVG?cr=b z@#6F^jcLB1*la(4bGFf!9(;kTAa*Y{`EJ=e2}8+w0&? z`2BnF_SB@m4R2q|`QF*%?V`UEZxQlN%AjE%H0+gKUYvZ@gOlv@nu`tpWct@*3#}_^ zfpZyap?Sc)I^UX}=lI&HPcK{Wc66ugOxf&;J>JY(zjTsh#m(f&NgrtqOg>oCINSfK z$414L*d=*8o#*s9iBIhF_0U$v9uBU(mg}1IjXh7>4y?s@!4KogkO;P%xT)s zh>@YQGJJ>2Up}>=9Di~V^I*;=o_2V^+kf^LffegIc1%sV4BnW)qEUIxvLj`C<->2T ztsq%=v4f**`{fYlAZ5q@s*7y=R1q5yeroX%l!N15Mi=`|Xe~kQw&kz+jf=BSI5?}~vl>6S z1v)S^0u6{3^qk;-sg2XuCYsN;`r%dfqZfw#arjma9KJOWjSPgt9rFM79hCp4_A>h% z3tp=&;yK83AMtMa>3^2I^29`EIx(G9o|xz#dFHF|+<4v>eaqKv%|RF0{dwu)Dd=Ji zKIQ@1-HL7Zq=zoPLfc-tcxsg`Pw(@{Qm_6yG)na0@juXS`vMMqz^me0`aV*7(s$W9 z=%AW>p_e}w5&Yb=o9O^lAhKUKS;EUUEsIuSb2GAc!59oAEF0?>l)imHuwH?QOxBQ{rx;*S7|Mp(llk7Q?4-qA%|3~b+xc25eK|Gjo zGmp7d%(?QEZ@JDGk??$d)P=L zs*#h`?D;7JCz6v}-dDe#T&Kg;&U&MA2K21zF2=IjfY(hMWwcR78`UR$;p$CGkCxqY z9kD;;0eiAS!&){XyCP-$M>o`0jIkzW>`%^yclJCScxTL8bgkSOYR&H24Bx1YKAaEl z!+FL#2Irwk2Itv*lqvQCy}be+wh((UwC2QLQuOoEscVmJVU7og!N>7H@^q}Y!rX+oXbCr!X@<5z~^RS1d@^BA0M(>uq=ar#Qz3n3G!&zyPHk(efJwD zymGdVPA6g`%(XrZ)RW1=A(Z(aC$x(Gaw%gUH-6#j|P}e27P4DC!0pn{515k zK?CrUbeZ@`yfpJGx%sF>u+PCqdRKf@eR62H`r?m0R(5iZ;UV^OzSf_ImVDF8>)Ei* z9=ikUjQNU(IDjEH5AE;6X~sJq9(p&skA6HPdOI5)vgva`9tt=-bh(FzjKAAxpFgvm zGwQO>p8@YL6rziIu_J#BZ?}C?b=C)mCy-lcWbr&=5ZvFEZ(X5heCUrt=)V`)m4ZLW zabBMq_Ta`M^jE3R-p^i)jv9ony3Mg6zXRSRAII>S8ttplnxFW8$O!B4*yx4|+s3fZ zROp4r%Ag(BUXrhi&R<_OtPvJ<*Gir98Ju?B8E!qU_Pp(6^GW2TQyXTtfBEQCUmj;N zmvpC)NvTp_#b)Mzypnt#e3UNyOn3erMm}RZ(3ygrs&-ceB|~T_6?fYjeOIhNISV{ z>OYBIY_GvD#Xr_qCg7WnvwhPYUf*;)zA1+Mh_NPi6NoHd`|gGh^ILxT6ksqGc(`i? zS_hlJ8P;~3Xi#LzN63SsuNZB|X}f3*F&54fEAj<*vmSP3)bV@crfn!ZrkhrKRc=-9tDyGYm58@KeddZiaW4`r3Xo`JA@j zj6FZEnOKhT8Fc>7pJ_|-((B({SfBQ}Kj84FHy*X!tSP4BQHnj~LRVW&SM)BJ!IWDL*EUf zSi8Bv(%KDY*Lv1&M%aC=+GMZYY*TIqZQl_>{_);t8OK1lknB)>k`ClXYMzY?WL7_1 zeBOa)3VEG@gIRXG*WduY_u}A_+3)bIcwc==W)wNFucyBxGO`01*?wbYJnPru8NnU- z*nT5$M_y*b+>K>r!+bGts03yoV1APZkQo!tFFf1uW-@Cx0Z=8E=&OUn9GmU@qzWwR-4>uNlVO^U4^E~{o`UOjY zu{VC8e5L3ALJV&td40swY~9v>O|8h&ruL<~_VV@|?R~>(Pr9|5wd=gowEM@eq{rIr zj8!(d+x{WW&-La%Ool(kA#33@40h${)qG3TjYYsE*ysb zKaPx1p2Iolj1$O-7T=)mXVJ|u1j;eDO!eVlf5R$PkjZ+*yq-$S2| zX6rTSOywR+hHN3vL^{(QThu>G8_w9W+b%|DZg+I1Etm2ltS^mlzpJlx z^wY&WrZA7G%ws(B(3)bBea)IriaBUL3FfeeIdlO7)jkNfTT&SbL&b#7liLo9@xUII>Qt)9Wa;-UMmJ^De$ z@gc@@31fNGH{|dq`8_P}oaW&L>_5pX?Y@Dv#6QildfvLx>S^?y)0~(?o)La;9J>nN z;Z-}&Brj53hTV_sNkIR~(McdTU&rry10Uca+I=Gw?D=*vKAdlG_s^bxXyfbt!H4f8 zSM>FFA6hrq8r=LGy0VvhW3W@B_?Y`l9AYp!erRMrv>U~rRQqZtzJyQglQ*%AbdF54 zmfwu$dd7a7an4~bvzgOi{J)xY_I5}mByUEdBA)gZ8l3bxC%R=wwAJ*J%bm?Kg z8|U&z{!IJcc!H~ci?V2Ap!KK8<~&f(`Y~fH=U+Jk-vS3E{F|IoU}*S@PdoQ4KT^zm zquAnJ9|YNL$330>7q!gmTf`4p&+LBKtUZ@@|CHa=*z~3N@yhSIh4nPq>RQv(bGom! z7VXbbj@LF~ySiV<{bS@&?C1V$_HMmb-_j%AvB|ey54=o#1pGXb1v{-be1BzHPQ94L zPx8mQOukn--_sBOFrF)wXEBq1Zw?K$Q_Y@*7`!u+?=8eh8~Cm~&>DQLzMK}mH(LHz zLik=G*3X_LM??9@%H`3%Njv707kP}lol*xr(TVT@wwdy7pCy)GBwTP!`N(R=j~v%p znCdWWRc;jbl%r4F=t>_s8kOWPBlG9_$kQle|1fgr${4s*u8!>o+cHOMYzv_QGk(6u zct_*DhW{oj@QUuUHe&WX>3b{fYp+I#&rXyEPh`e@)$(ZG%$<)(ojeL2nVqJdQo4Y>I4%F6FP9sbLi^GyCj~d5NAUW|Y2by-H1N7P&$_~el?%T% zU=KX6aN)HXc=hFl_Q@E}o-P-Dz^hvF<<*G>Ua`XacDnNAb6M~@e*kz*JOg;m&ep%+ zbrJK)Lry9mw-%aN$e6X>rTpz$aBlx5x02s_PBOoab+_vLRlgDa2p+O?^uB0L&nKMs z1t0sj{l15@~0r2DV#Ae#~6FBhd(`^0f-M817_3V4; zYVUf;f8Cqr$?so18F=;dYTnkCrLcPi#Z{w(VzqAOQdH%%nZd`Ylp0dgS8-Wu$h zWy-1BVl{2td#?3@o?n11wGg{>5q4?vPWoM;7(sAnVp*`~o@)GF-gkZY&ehgi+3`Zr zLmb~l>(TOwH;`+jeE#-xtQQj4ut{u(ByGy3N)Qi?(r%1?L`&mXW5^rEIOt-p4)_Vx%$rt`xR(oVAt2EZHD-o~mrw^RYt{*uo*!kD#@~itkzeli$_a;GQwo ziQA!>Jw?_D(V1{Dh;izA1Aa(BzSVq?T2i{Mb;~`IxXyF3$yk4BmQA@QXq_lS@7_{m zndh_~W7Zv+r`}89AN4xzr-)%HrrAq7#GmHscbQd4ABD}@+xarJmb3@B*BagZWAtzw zT-dqK>>&jX%1W^RkssOD(CeaTQ1xA)SAzU6Q_S>%+;*D2QLqov9H4LJMXYhD{|B2 zA;at2JqYrP}_zR^Wwq8aMm|+*kfI0KWREX zP-VG*?tS*1M^5+xK&duPJJgsmPd9Vn) z>bWQRZ{}I8uc%H)=yvOf)+kMT^~K>uGH6@=7GmvM;^)lIArQ|j7t0RbBKowhF_4`kR^Bv)T~_Oh!rPnXVY z9NYe89KTmN4hdwg>d(|tQwY9QzZEUtvX;w^Z`nmYFW1Ho3*Mu#>~Y32VQ{eGm}e}y z?gMYcYs?roYb=bTopA&hhuTRZvy}5c(0DX<>n81S$qUzCguQnoI47nPLsq(bpMb-a z$vHu->6&$2!!P{)m~vvEhf?L&-opW& zJAj;g8JYQGXiRzi-OT%%CeAwuelV<>H`};Z1Pm1q*oQq-w3ONr#7Yj(mwa6Lu|~!M z$7_*0GkLd(cUSXn6Ym~lFO3gbl|UY8Kb7{6nPh8tR1Dq zMv+fiGwr)Jnrjn-J*wNTJtkX;(`>cM!|m`%;KKWlu4%9yJ!p*#latr18o!&U{bXG_ z5q+|9r}loxW{{kz_;4@rDtj%+ZQH~&h`oC0!~5OU7vBZW!jr4ty*z*H?*2S~t;6%K z{ap+#dHt_stFJ7T(nQt`bTJhGe~+bga+WPJKjWAw^miSH5y{TKz?unczg)I z${uHqm>T?=Y_)4qeJ{t@lC8mt?DG;1nenCbcg?;%^k*Cxmz(n(@*)d33!t~xzg_#E zwKq!gKz2*pr#0?^a4cbk#|=NV!O-8POAP(VrqQ`Jzn8qgAL`3TuE{a(a=R9ObM~02 z$=|OYosl2u_yv3LcF7;{V>cRG5k8cU6Jk$zh`rhQ&^j@V?m5u7XrYlF!mw<$bxaN3@1oc>%F6@KKBXF`GO~)$>7DS7>j`Q^X(+7OgzGjrc2rD_!K5#Q2#OJy&(@8zf8+svGwf)BT1 z6Q#hxB&+bS_7}IZUa=LsVj}-3@_e`QZ}!0xqtrfl@lh>y2>aOQR!y>wbkO!e#x$SW zSqH7r>k6y_>N@#Mjjdt8Px@4{O|TNalkk|AHsuHFx?t?RPHZgPg4|gLPM#(He#d;)kw23c`LT2D+vXYN)L4;c_-@-DoC(f%S8m8Y_{G24vf|@e@?q_8 z$%nK(AUj|Y`{hPcQ!u{TdbOH(KRFG%pF|Io-e+wuz0bG3bQtmvc&X3mr;&Ncj+>|3 z`^*JD1M5bc&qOzep|1((IMI?1nkk^YLg<&=l#1dDuQ^)Gey8GdYK{WSBgN>j;^L~K z#pp0{*48Wcv6HxN5qj)8Xts0+bVqxW#st4tRNVGi;&!`>pwrR-ZKEqhKPAxXb

    +R*=$n+MurpGq^&v&X#WyN`|lC-Ag+&bcXK;zv`;I6@glry?Kx_I!VTaF@u) zvOW=sBG;qk*dfUFXui+P@wNXRK319R(URJpk5HDkzE4wsYMyU7^~onIezf6h%VAsg zhbN2KceUKvca^!-Bh1z9_RiI5PpOG1vGudyPj^o#`Suhi z=FZhgjs)n}R`8jSeuAFA1lgRRJ-S~fW9y$anTF4+t%1Q}~5@!v|E zRT#RpXt@rz9Q)s}9rO2yd`W)t)T6l`N^xa{l z@mvlLDtN9B-DLJAfWO$sL;K&O*D~HPPV;Q_Nl&-OW%h5r-qvkrlWxkgZlWv;8_#JU zW$9i%uBd!Y2Mf)9uJza3a1tJ0eaCw8#}1#mV}=W#btYbEkYA$-C+14~0U(=STMurT zqj2^8&CLA)m-V^y$;kYna53L31TLvMm&SqqItw2M2Hs5hw^P38Hye8}if?BKo#fm8wI?YH`B{(}uXNJT?_j)8ExLFy z`4Z^t;Zo`7_FUySa3H%ZhE8wlr7f#6@sSxjhxr=5lN|d*209ru8_PUK);~#?Wh=V!G-eHmF z_W@77$;m`UT*bNcPPsY@r3<;*1x%E-V5|LZA$4M#?9qCdZJdW8e;s`_XOh-Z?sj<8 zEvMA^rh@i%0jF-@(?fohw}f(ZUA)yUf8kF1y69Ql=Vt(>ziE0_dN84Y&sv3Y=sL)pH0zB! zN-bn5G_Sep>FAg_A@Vy@M?#=1I%A8?3nti;!+J8P5 z`$k^7`+z~mt{nc4(}QyO(+)jbexJoYELJ90(KDNln|M1G^Fh-W4fu3p_u4W9n&jyHiYQJj!8{7v5uT$XkxMTZYer9 zzU-sr#5R@_pBE%AKK!FSJSTX@o@zVbjR$_hDoFSB&Wzs8SX)W|Xj{BQ{F>Gxe5fwT z00W0Qdq1@LQ6n3-j~dyr9Y4q##*C5~vy)lyt@ve0N2qTCabS}r)6Gj}mwj3tKbZQs=mr->UoP3(dA>#f@?;zK3>t?^^ik(+s}>mrUz zv3l3!9o?Ai_nle(iKdOe_g!FO2Y=6ZPmCVjc!B?d#;OsaGqvbfr;$C~$fCE2F^)4{ z7p+*{YvN7crETa`jD<5L(}>6J>nz5GC*HUlzR|uPvQKk~o0LB3?bk;2YpcclMD?*R z|AG4|TmN?Z{l~|F4P{~S(!jlGyThxlkGK=~=o}A?L(jcE$h-2@x@!%)=-c@Y zFR%CLQqo!m#wRmBGpN5CyP}G{!Kwng`k~PPSy z%U;&I;J2Rd+8DAwvSpV;)T#YwwH{yg4vg9W#m= z4Q|JGmc@E(OOd zFPQ z@?{mF4T?kTd8%pSkr~8MvQNT<>gHqFz6r@&pp{JSGpWlR>$M(6HjKCL*}k-77W&{} z{B6<)PBQ*$40|6q*ykUmne&e{u52VQ~Ir5vB{fp!H zjwC0uX}g8~FP+|hVCa0K@|U7hU}Ky?4VYgPniJe{J_8ZR(tE{9QXy$rg*auo4%28L;L>}Q>Nn5Twl~y`LE#jmq-(>8NbQc zk7~}_J`0;z6!|M;>!|;(esZ#CsD2Vp_zMy}{sQR&(hKT=M?LW9WDGlqzgl}p)xvkH zr(lOOKPH%|zRJfKE0F!N1s=Wt8~ir>$rJGtO~H3``OtCatn%KgGLbDgzR1((?#e>MEA63RniY)&tKb;F))$HGd&6+0GtB74%(Wsd#xcc#^CNInRn8?g5TnTI)}H z#2+@#OP{Ge*28$*jV{rJ-r%J6q4eU8-Xn_I)S%mGr+y*?Xkhfn!Yb$?&`Ux6Sah>}%NwWt73V$K0R& z+(})l(V?_|Uw0y0&`pdg`%uiNVlVEhORYYw-&lfAA>-PN#>K=AtIi(QXG=H8IMt^T&NOl8N4!iLSVoaq=W|CmL1UfRkr;X3VENNAzwAdhrNf25~r<$+_&q zW6IcI*e6+c|a%#{-Rx%<{4U*uNVqTE;3_#&0u-|8FLcq?l%vRMPMpD}D6 zI(RnaWfC)_ax*@@W@8k-Y-at-8vZ@#oNCJx-?8P3=8dEiPPn=DSRQ-6u}Q4!2~)9=lXQ0%!*KuF)S2$kuk@ecX|~1e3bb7LzaCO z*`tg#x_@*aE`N|#UHk~XCpA|NPpLioC{MBClNrMfQy%!+-4pdiPFN>8~9O2EMRpIud>^MhUR3WUqK_PJNMe4onGyWgh;0y zZSdK(CU3|Wi9tsk$r%Mu3?}Z^6{}b#Qgo>B>?{P-8R0HZokm#WKCwU@#B1Jp7~zS ztd%rtAf}TZC>{Qri68RK$4D>9v>w{W7#e6E{@V*bu6E6^94WDDc7Dq`%K z1;RT^teS*4t# z2K|@0_@}Ky_UY8KgMaqSFgV%!$-pmcz0KLGw|r`|x!-N|Xhc(Uf;8tyIa2e6yi zEB2Hb^9g9ue7meMN}gmbjBKD9#-bSG>JPAGOS70`U_9%bi+w;H3n?R;y!()Y0rY33l~3^X zY22Pcd-YsOJGNU^$3n|`Ug=XvPcXK{kc(Z6**ar0E;@jpZ}>4|zQdnYAG7&WympYb zyK9js>$(^+x{SS7!_+BSG|%8j&t(pd+;YB4IWgLs6S5++XipjKQEZgP{Z@@t$Wq0> zs!x*rU5wGD9~b-B<9V=8hPHqoej&T>l%x5O?K9FF7XnA@pH~yar7dQU#c8z3$Q@*n zg?u-5B7MxIkBXs`AHnn)xfJGEb2|4jUlG+D;I@fo4zRAk$gsYbuIH+lXZ+opiA8=y z>Bw-|nZ#N)#xAz6d&$>sVx#SN=H=vDM45uQ^ln41jxVkg94cKg6?R{3->mKz({I5b zM!c%`VL9uV25?+wQy3c{fWAL}P z{TdrwU*ftX@W=ojBa!cpjWWgWv##dv{#<^UYWxp_^QHY&>`jhc;>RTrMmLUYyct8; zq=5_LYnVj&Uc19v_cBl2T92Aq-%F;x!TFC6?bKYIc(jQ2#=yJezMMuzZ zyeU+GK0a8dbOhcH*YCLFTe#as~ zB=#k<9v!HOvC@aXZX)Y5J0G-Gb|Eug{D^h!B-VdSfIb(YGrn%6Rpzn=aw57gd$n|= zA;Y)x&d4})4y}n^gPhpO*xJKbD*3+?`qTYRM?Mg%y}O>dJZN^n*CDv*JPuuVI(~{; z_Q;i=ViRqZt-q6Tr{2nF+|Ib8y{5X@N3km~sYP|}q|W!bU&B7w#CtbL4_(8)fVyAf zj5}&e6Jv7`zFqaPew=k}9{tdIkYZ#la)UW`^cDE+ypN*O5vxzUY}{a}D>g!cbcw@SDe2$=u_$g0T;|r|;r?hYTB7i;0bNojcAkQT2iIW+lJP z_oaXN`>DfxFWsb&e$tNlrkv)#Tn-HMfp*AN;mpK`d~P|_f4LmNICac+;dF)IB)KBE zAoq)b{cLcqIb^fO1^zqj#EeO9N*`qJh|C)JFc;gp2Aetu+gd(~Y3N8{^twFx8dMhX z)_P~*Z^-FPH+ve0me705n7d%s7tOUS|BJ>~E_z-tYli*qsxS7bJw^Bmm0ot$498#Y z#HHcy_?Y7RG)7!#9Bf?_(VydjR zM98^ur})m1?~*eo|2(J*eSV403h}>(zxU_L`=utHcToN+&Q$Z)K5*uT?+dxFL3hdH zo-x4qI`W81&F8t8XT_)vA4U;0d#KTD&WL&!^_5xfUM7fzM{x^ z<(Cg^0sTfVf(vs06=2dVIR5xjv$m;D>CoOoTuu5mJN*%*(RcAt8 zKf$aKGx&i<7rOb++Uub7z4Yx8uE(g`)Nf)`KWSoAm!`m7W6PeCeB;3UImWdCcp877 z2cEz|>%Q{vW98Go1in7Si*4oV7mNf$u4VXqihva`9`EA{wiK^21ZIL)4rLfvQHEf3 zkxe7Jt*hDZ1seIJ`T|TY=lV6?Y0R9;{bRZZhL>@_PWQkkpZl+KKZ(Dk{(j5u?-j%J zcZH|FFM9jST$^`(z>U#q{u5*87(0$xazS+K-Lpt(nj`+|TlneFDUH5|o>|Pg%LH>o zowT(&N-QgUxEg-!qOU4r*&6cmt^AjoON*1Q*z!j@nJ*ITG_SZ2crIk_a0lx-U$=Zl z_ufglCy-zGA1ZT@NlKpwjcd=7ZqoI>-%78{;(0vfs4l~6@byXR)V&=8SkqRF9-Ggc zu58xL@J0=Dx(gU9a+%YuK|hk-X!HUn4yTiT)r_@Ps$HwWYXyJiP?^WcG`jLC#vr#o zUBmP@#MqjRO;?K_v>gAg@`M;ywfDsq#;yfc4mR05_V}?H!$a-6q2m|!9d@~~?~wPI zy2nN{dlS2LM(N}3zp;-|SKoB{s5!F(#CFNX+s75TdD?p8lE`NEt^M~ahsrJSPv;3} z(BYr^J@hoyobNX{|7GZjHF~37gfRB;?SLVv-Z+t?KiyA9ZL5 zozTz_`3w!QZg2<9neS*w8Hwg${2LA4SWih`bPfWE@W772>%>=oBXx- z-9HR|Gy3{f20&&?lWoa!u;{v*B(wH@T!L^1S&uRAf9D?VrGu(Q#*lx~+5Y`LCt{LQ41 z=US&s={T~hzbpSXd*&HDvi<^lxos-CroEGxqli=>bCi}q zZdRaYZ9*n&3gF9_S9`2R{!3)#t-k^$lU2_ntzmrC;ZYMJ@?|QfDEUiUj%nSp%3O^c zTS%F*Cx(+_13X@5kJ+hk&H&Cz!#~J6nafPPtmzZDkq(aYyw9=UYc9Wxw0!=l z<$aCv24tsGr)x`k=h-Dce%>=EKfH77%N!bW$74GlcF>*`U33BecKKnQF-7fgY3JDL z{}+8ietcM;K1ZLtHlp`leN$gHJAFAm41cUc7I@>)jjigm+iml9+HCHlmqq@F|3UV7 zDr~PeJW6PU%PbQ>$4)8(JQ8~H>k>V@u7Av_u$~? zp0-QRbm6~lnE1vtJr{b zCvnquI{t*kRyY2HbmLE0Z2Sr7jl_=`pRmeSY~@n$tuitwBRVSBq4aFhx8SQ?fUK5I zQ*@#Ad^hq;G1`Lp0NkrDjGU}D`)+b(_J#JEE5>Qf5p^Qh%AGz`QC@;R1gJyl^6ea; z56Gw8@_%3iOGD@$in|0w)>FNZuMtBJgau^r`_>1=7}{Q4Sd56Y)i-!cjzMy zT#K-Y5&fS4EX#mltx4*T>der%&0&z`D=7oiCY-jOUb{Nw1P@);X=H#>BqZ&Ue>Z_hwavWJ;kY7IN`|R7gPdE2{+$-%*&h-ymRhK&+e6-sh z+s1fgsw+>kuwA_CE7O_3H|-(rOK}%&8Kays-bs-Msq3@6e071#SJp*_ul9p?GoAxK zbf3O$*s$Q*mZwo<2x<8|yEHxE6Mz=-hQZNOl<#dT=ef7sj6I7z`TT5fBmAoT6SP_5 z%Wu0rxIT-ym?7h#E&DHwg!tA%4ruJtz5>OR6XQ(QV}d(!Q9iO%d@dJ0$rD2+<`P#v z{dvYfm656!KqEh4PiWCsHogqg2Pej?T5A@a^%N!GTXm@I-=giqjpuf}|DZlHdkyn8 z*7;_%;9=nElzM2d+|?=-LL3)D@<#Ez}i7{^?!m8hed- zSq|r=s6NtbsLKn3PT=+K)s8K&TYJ5&YQ6Lt>O?kZp9U+(KBLXzyqK?l!g_M$$E_zb z`SY_ffsCztGGNW;pP5br5$9{4}t3ZAp!R+ijX3 zKi227RzMUwOV8z>Ta11Ak%3t0IQB-A{tMp4me1_F`TpG@b0!{VEN+mloy*nuCxGwY z14EaNBntwZWhDDx6R=rWths8|4c!wma!qOF*fR3n>%I(IKt6;L&PJ+5?&a~Voo@C0 z2k}hW*P+U24>A|L ziGD5QY|DD&aJA(#V|Sbw`=8*y6)wxMD>OcuSRd+8nVL_iy65I(9Di~J@z+f{Hxpeg z0bQnJPakF+I6~Q(tncES2@^A{xM|adM(IrVwcfJ_eu0+~R}rJ7*bM5D?xlF)-+-Sk zV6la=H7?6GA%@tYDO>jmN%vu2xmd;{t?QUCw&#VHx3)lgf`2Lv9PJ!R1N9CK&}VBc zf6;;H!TpII&IFwOY9~sjj31zh=wf6?rA-r)h*Q+OrRHH>yk7?1y6-@TVSAy%&5P0AJWn?8oVE`NBwiD!?vYiJ$eJaB>}cTqf?Ip1bjn5x3X1n7wORbF`B> zP5|rI@0phjFz-_eUbDGh!v5h0?g{JcCNuY%jxKlLY+XYs^D~LtLVb&PcZhdAYl;gN z(+9-{eUEk@I^Wu}kG!?O+pS;uRj=w)U5|VECz^fN9dD zVDBB-MH}Gz))+M8=bc4Aayai0-}QCTYplMx$kra~g2)N{XD>}WvN7A|J2RD-rf0a% z9O|pWPC8vY!~M1Nbpd;wO0vS#}zE6C>6-Y>nuM z`9^R~gTLcu_G;O7w!Wd%A8hU8GV})gMDHhQgJL+lpu1+;A{r4~Yt#fm^bd$H?yNi=wF=egF&oz!Nwv&6c_uq64DDHoG>jv(7 z?t-pX5BC`;lE*bEJwlDoHUo>sdnV!pAAL9N4GOiAv_!`@%_HPN=n?ajKQtlY&u8#PZHKBqI zd)~*0I3wSj^+8k38K#5lgW@I72=XS1?3n=U^O13q53YQ3uM?4P3;AEh*@whf_ATbR z7d{U`cgo|+v@Q7Xy5P42ysmMe6Fv&S^9f|!LS)(t)UgKqZb#;5jm=Jr7&pcsKQZNT zcuaAhnv;7ai+&*!W6+}JV>Q;@ij2^BX2vOvP2f&3C7OFx8(dkV@hOcuw<2d&QC~gv zVgENK;D-w8>$1{2wt&yU`hqRrORW#SxRUy!l&?7!(Pz8__(K2M3r=xbU%*eIHN(x! zLmN5ZtXa}nE!_FRoz7TM+ce(Bh@<{EX~KW8>ZcEeo+(50WctH>H{Vp0`nDAM z5}(v!2T2Fn2A^!AUyJD1LHeb&N#60in!Y3`rySc^-@AYLIW6RtV#-aMG!9Yje&}|q zGq0fei2-;aLrQ6PCp2H{z)Ny(i32O$8{EtVF47^?58zcwo4zL=0|xuv!1qbKYb|rV z$Yj=VT4&fRY5tF#_iem)`R)7Mt6iz%`S0T7@zD6E_|_e}b#?VQ+rKxs|AFXPV%4x^ZCu+n zRxV>iE;_X4IKAmM4J>P|N$Hd9foDAZdDZUAc%AF){%n5roArEIH(T@HtqZ>TjrR(7 zHTkW`xqQwpdkT8oWb-RF+4^$M8I_N9B5kRsE!YTsiB(o#SCz%u__4c?G0ZPr7D=pu zFAs1QPNU{2?6twnRcuh~wfxpS;8Aii`V_ncy}RYb;YZD-b$=NhbG&ut6m-Z~cC^PD z$9P)SdlH_QmTQlx8nendr?VXWeja%;89zs^EbIMLroUspnYITP9qhZ>P-TrabJMpIpZA>ayawq2TBjF>hEJ8Vw=F!9K-RrcXZ5{_ERyW$ zMjpJydM~Y&8^`|(eBq@T8nlu06%*bZ?+@f@3*6Ayq z{M$Ze@^4f6#jLYSN&lwOFF+=^>0h+-KTUcgZCPfwhy7fAks{i&LHRd@`hG?J-}A1P ze^jv*_t}2WhRLjZ=v{VPV`cuf&mKR_b$gOL;6k!y2lrYhxfea?W$Bw!t@%%^yuWw3 zWj!w(!weU{dAHT~`!8F4XBML$&9soaq1M$o9UECYZO*ga;R`f&-^qtGDopdI`dY#Xtpny%wi1FJAE5>z75lN>Dt@_?dDG=T@#m>>_8+FcH|kge3B0rha)8emd*blE%kNsdw1vGr-E!UZzq)+d zm|Fgs#f+cS@ib+}d9Sf3oO5tv6MYQRkG;T9`rN0j`i-hrdDSOx-EP0s7xiOk9qBFV zd!aQpsdE+gpJ(kk2!4)$pC*+J4A+ibyKxclJn6vmC2(;P9pwc2iqc&i9RkkX)A55` zK9pZX-%;A-LqF0OvB;%shi~F~4-QJX8ov1*XUxH0zf(HnYMz_l;hWc#&e(csO8QZy zqvu@2_2ckBJMCz4+fpAiyn9%AXv@u9+r=YK+j}4HQ#!Pl!Id@~wI(WFDb)Ic(!qHF z*Gnn$S;`ZfC38z@b9A}Y_b6#OW)2sA!`A+`zFE$Er(M==YY+UJQPuj4(!tGTT(cew@mGfYz?{}18sotlF zp+XLim0#LgRCjk3ee`NX2J z#A2Rj3@>M;SItp9@-;Z}@d34ie!W3Esy*^?iPG;1^~HdJA3u?7^8|Se&K+45i$rgH{Jw~u6D*F~MJHC%=)FWrFzKr_JI_MECx1Z9z z^x5-T%DC4x&bzz0_v&iWYrYUAZw7D~Nqm+QgD+o;tDmKwcNiwG{KnZe(b?hQSEth^ z;qJZ+c=6%ZKH#gd>T6uvHMSkOE|N=}xW*gtTmjelz#BiE8S99cGjYcjb;%d}pKf{I zvdimo%3EcZx7+&Fv`7)2B}|?F`7=3Z+wb3+XTN&3t`F8-x=hTWRN2HvZRJQ}AyiAU&1P-S{}bT0Jc+L=pE>Rx`8V9P@8Q~C0TZ}C3E z=1av_L099&m-2<`=dMrIz8c>6bC?u5u?!fhPx39t`70hraXIpfmSbCKO=!Rh znE3|zG}OMn*TMBn>Yjys7CwNBa4!1T`WO5Ru8+aOr{($=%Ai&0wyI0(ZF;gD{{r;x z`WJej_c%7b>u0ci3TZ8i@OR1gZ2Sk%MHe`m3oKl}f#w;#egoG};M&7>If0h>l#|bQ zg0udU;E%oX|IkkP#9w5+`wNckDgW>xhcEHt-hY-A;IJ%Dmf;OFx@} z{nTSkY1p~qvR>B@{yFwNx5qi#4{qc5k=8d9M+JPP^Pbeb2fjLA!ljEi@5Ccp7$fd= z+EYPWLg=SzxBL;Kp%?ifj6VXHbOICOi{L6B#C~wDysi(T4xg3g6RI8GK^grR@Ev5^ zeggUS1vB{pjB@Mx%a)}vN$w%?z84u6jDjGtlrKKd-$EW}U1 zxjFWJuzX+4-fx}kH&$l_Iuu8;!-4Su>1E()2lKA(db<{uTctuDo{WeHUZ7cm7{IH1G%hVdPOU_$o&yFGmJUoM_W-JunX=d&4|SFShfH zGkJuY?GA3X^3E-fHEtcvRHQAMoJvE`EO1KSMl57564@GyOO^S_7Eocvw3f6Jz~ zbvf$82mR57^F#0C60cOkHO4%d{L}qa8N1L;)`zR}Sc}5=!x+?GmAR|`Huhy;f@w}xbMC>GX88n2FUHR$8@+B+pkpENV~fxm#sAEY&DR(@ zkMb8lmx9%HXns3uBozy$=f&h*!u`oWddIZUR>PrDzDCW*v0r{eKXOdtbB1q3V>&#pVzQtGW2o{hm@y(2$Zuj*9Ys<$6_);i;o&LI*0GQs1C zGyQusH{rfJ;Jgd)PWuXIUO{axYos1=?K!ID}7_wRF1=G4>y3oo$chGwbyS(oF1|uko-G@1*Y&8MKG7&Rwtn+iyaT zv_k6HjinG=EXJd^#bi*^fks;;_7r?@ioc-CI(N)T^CRCkqdA1#rUq(?{f7U zx|VIchB9!+m=&5RqPP+VI5pu9r+0N((hj5x^fEdrI$MP(B^48 zQ^!oM?Xs_|>Bb(~q;%^2IM=g$)5zb_9y{z6w~uu_Pvi|RKmPl7e3wDHN7C*w%+ovT znbsox@-Bc14TlsOxI7Tv!Gtrv5zxNl<{T&y{a z!q>d^!4Ta9x%N~_yR<)%+XlCOJ6?BiKBAa9S0RVC!T0s>z2Z_u3&dD->=@;1s2$~J zKWXGL@--V-lt=r`9+R8s^=*-(%X#Ioi>H4EKbxVO|HD;zQ~R(e zr4On5UoRzI;Ll@*#>d2vuaeC^<`E^E_h~Oa`V?GmX#(b_{>ea>pwYxyg;wAXITq@P*H&O%>yQZ}#T zd?);i&%Ui2ncc&>JjKz(+3V#Ldw^_V&%zM;SDb4RSH-i)){uW-Hsv${vzL%b(i;>{ z6~CssO*$^T(bze&x=k@Io4NlleTNK^jqpqE*=sr}--2L=zHj(YvZR=G{V~cK?p>7f zC0oRgpZS(;i)v0x^2N=MUOXUQ+_VKwTB>~6j(m9$`SK$2Wjpd^2l9opm5h8DNHejh zzQ!FM`O=vpUk-c&KB8}uuaYmor>#uu7l1_?vQAgdDl_MUoA=0~V)mMm95m0YMKt+= zm&wmn`C9}Zm4^&ce(9@vmTs-_M0%>``vpVcBwTHov$i!J)t~*x<8|zB0cSuoFv5d6_h1kEF;q79p z{Ws-f+kexE&Q=h*PEDxdmIfgm^E_+f9duml02NFZ-4zEq~)ru#<0P-(1yq-?=%*n{ur)`zh=8 zmG|{lUKrXik~6HI^-XWMZRO>?BY;7PFY8q4+5Y)k9iN;Z8%zGqiIkh_kJH?Jf;x;m zqHV{Z59taqcw08Vd}E5A=*cE-iT9dUQ~zg4$ADM&TIor6e!iaNH`6=eSTfMWKp5Um zYq|Q5#6eK5y9byTKCUlfuVV57qmTuUwEo!KD_&@MYa93KyO%CUof_n;h&`?vf0c_- z*I%_1{dPEiRjNPqCFXK{_&kI7JQc%ID4!?sY4TrbZ^BO2=*8%NUN38o;7_$j|1{UH zBYk!zwk0s`^7wW#D67Z#b}|h9GVty6WAh-f6E?m+4x~Y_&)5u%sIZ7wv|C!-HZc=h-1y_{MQXH&&c9i&gG(CCjytXJW6{H zbFcntT-3Lr&)#)haU0P3{2plS1iWwxzSxCLIn|fhvWwV`?R=Mot^O=&OMO!tlxF*@ zMqnSgG=puaeP5xuwBDkK>iDfgTQO)*H0ka8hrvWNG~LjUd|;2XPSL$|O=q6i$`P&E zbHceMpZ0Ejr1fJ1-z;yP;M{+NtNJMVlT5t-q)mH^J#^>#NeAc;9n$PSYSzmS>UYwE z@>xSu1+2CJcl-}$nz4swGhS=nVm0sfUQ(1SMSl}6^1y{3A9^nGk{FB)`;djiL$>&w zJs7nf#U2}MnOKWV43Zx_ysB@CO#YzBZ^O+V2h<<8Tzy~TDc74Xow&AK*}a#{PHx4A zQ$v}0j`K~}k;_HY>4zRje^q`b--=20xdP4@WBVZ=X+5ksH1r<9`5^Z$Ob7gV!1mOy zZP>cwrOxIROkI6B>;D2gi>%y+zXhH(PJS<(hJ&YD?vQ+c13Y5^UkA9RZNtNJxd)z~ z{}6b7{V%}t7URnsq)$VS@bC~i1?H*rS?$oL#w(YOiYD&cnBy69eT=zf(8}atXf)u^ z^a8#StwJ{q-fu0w^}=)+Lcb( zI^$65A4;I>1Z%Tvp=;W~`UvS8HZPSy*8%8S?USAo@|5AH48@-gt=E<{qdj;T@gaD* zIt4GO=ZQ+r`{8$uqq6IzV;erC|0B>B1dlZQr3)?V`Eul{;#PK`M;$_sI)t499>2Ta zswH+JJ$dlzdgG(p$~&E-rFS99kiD^hGjR)hk@<|_s%ISa6sGu=!}ykSjc?iCQig9? z@<%$h(V;@ss0`1%V-Z8EXJlBUi8d}9Xk$h1K)ZnPc67lV_^`^ zLVm@Hr}@%ao-uvQJhhKLzD#~sel0cr*unKYg~LhZSBS3o3~AVtwyu7_ zmf4&oH{@CL>hePX8cziBTgvx_JlgRh={m>Gh0h82RzBIK zz@(qP#wlmGZ?wm`c>Z@>?Xfjz`d^66C3_g12sqej-uK@Ax%4;{cn8S6QL+MCxcI(SZp?~>WqUehG#A{~53xZ{N zyFVfu3cuE?!1K%z;GzCXcaU6+GglLC4@Qz-p>61d0qi~bV*>20VA|!-cSvjP?i?3c zz*@0-_Neme8`9%m@wD?-v~f82++yG}I6lhOE}=~^+UXn5+&upGoOWVv->=%$@8~<0 z;)5n$WzLgayg97(k`GApXsP91{4dx6t}TikkeDTV zgZ-PqwPcLe9?6$54?CwGS$G1!Ugp%y#*B~5ds$-}{_Xj{g@!w&TTcl#)?YIF<$Bhy z)L%aP<+-1!J2ttz<()NuI`Gci+yC@V&%*~d^_>0m@e_%sj?J^0-^qw%YN>$b0E)}Z)%{p(d(tKU)h}dEUv`ak z<^(on73n_GPeL~%=);#OFOBorJMkHH!wac!C;+~)eFWD8a8O)i7xua4GIe&0U?4ll z(4gycpnYYuZyxRIciK14v@hMXZyxR2>uKLSr+t~MVT)=+Q8c!elqsYhL zV_%dQeJFIsL7Ogukxc4jk2*6pnzZ(`hx<)#zejy{%X?7e zArrmj#nC%d=C>%5x$Q^^^ZY7vI{utbtytFERC7Z=}U*oGBbWdJDs$#>wp~-@$_p$W$?h6A_qbRKI$Hj$Htx-)JN36&A=*lnyfkYj zV@jKcu6J9_;Ny#CU!}IZhl`GvfA-&w6@T{mcgi02ZwjAXa6BCJH|CO#uGxXEIV~Gn z2xBM5vMusIa(pYYr<@qkQgm>|+^OsbDUW%{HuOFt>y@ThtTabH>Dl0px-HTS?47Z~ zdmm$s;3dFZ`6aV&29|q1L|!k2{=NIHAj_snPSfZ4QRX021~j`nm-W}V&}lX_Z1zG$ zPhHG7>Z`_<#&2Hy@GAT#>`xBgPFhmlyAAya|2Suq2O8yne3bu-_;AvobNM`VKDl{j z>`Q~MALVbJ;j6+W`MphNtzAvxG5Vj&x6=QL&N}BSy855&B>MW_uRHWKk~tIlnz+S==PU=$!e<_Q#y;QEhQ&9ymW|`$JI+}6zv27$ z%WZsr!;wj9i}1aU`gE_qi|=~UQgPhm^jm%Y$uF!YQ~P@+5H#y+6z}qGAbsfin!~`h zL+dA5`xHovWPhdRnQVVBiGOr{9RAljd##&@@%|Uj+we7f1Ygwyr+Q$qI@5}D1=6N1 zg7)V?`!7D6wrM-Gzde}Nh`+8Q8~M5xA5rIAt1Z@n?nPM%#>!60R}4m!|9Q}m=B$2> zo+f>*dv2)h5asp+(x>%1bjTW(w&=6$y8z#8F>9N~u+D^-}B>CkZ5{}CG&Yeqn z+C!V7QI|e%L09y~yA+}4gfc>XKV+XbQ>UY&sl2Nw?*sc?0B^58tT+$#6}asVgS#-e zLsw~A;lMk_*i5&CFH$%hiGepD4 zvh1Yju=!{;eunJieaL=2%O}}nS;;ry-_^8b$9m=q{`HAt_nz4O&Z@h9_s*;{$#)J} z6FOE+Sbc2MMSI?v^_y4TSrt9|&S7i9%SRqQyy>NfGdAs551sfjUlxD7FzVpOg--=H zWm{>TtP{&MkcWL)X> zk?(w=|EX^BypFx#lk7Zz%-9=34Sv3WA(XC|gT>y$SeEGVl#nb_2sK>UZDS z`d`q%d6ENX<>}TLr|4(GIp=N+=w(_%7-y_50x8E*4frTHE4`Rl415=jvS)^*6OW>s6L7`8d83Gv^Ha-1GdfJ=cdV_SI*ckl#eK5l5ekGfv(?Kboo6q72_9tU1?x z^G(=rp}uzHR3~;;-5%^m;4a%tzBfPiFzsheR;JqDhW>tSfPE8W<32&`kAYdSJ%)Ji zWzXI5-`Gu`Lbqfbv$CxxLyA}ZNxoUPHHDZ6*+x5Z*gu$em+)_v4Rdf>WFPUYIVpT{ zpM!(c{pd~_f5;$zgpk`|#`A6Tt)70?04sAJy2->!6*BH*(XYB3tI?Im(CLtIA(wWG zw#1)TQm@xPbqiy&cfL4LY?*j0n!@((@$Kuis_M?gqxd{rqFaz?k_>12g2f zWR3PY@;i0A^yig@(>-+P%0l^?QEvw5ajMb32ji_2_mn917Z7uCU3@My!E=l@oA{L# zL9>tbg<2O#o+>-6X|0fyWc%4vMR`#k!id7ufgX-b@idbNGEhB+@jO7 z9|ddXptUGGCVew{0Dm01QKH;e5G_Y%=esEKQ2l!D7;6fsqZnTJd({nZ+q~!KBIFsE z^K)YO-{2cpw=;cbkBS3M-@W~R$>?W;{Xa_^YLI2Kp*5}bxS9Jd+Bzq}*^IAS1#|Q9 zkE_;c#EU_n!z)wgyHv7ib33HZGXAHxSz;DaUbL0y%J86N+tVqoa= z1dY$qohVcO7~x&MQPIZL-zCrMobgJZqoh4e-sp7v8}MNvb@{4k-!<$*f=!qG@Yr2$ zT`teDPnh67UNKVgCGVk5FU&-%b-*Z9KU3U-_k8O39l)0U3pZ*jy1{xxR^*w__dg~4 z3084rZys%m-ho_z2HL)F_fL2}?_=<(S;v@eXy-ckSN#~zwN&ZO8pW%X4h#;#*WUDL zN~iyd4W8_NBaeHOe>j?M-R|Nd3$$^G=>(`pA-wZ)>YY+x(cd*R;+{0%-S zOR``H|AX7hQ|N!KhxUiiKYjDsC$evf;V;=Zs?Y7;WAx3g&*nMNkJ_twwISshej40Q z+4v@)18>_uBHBR?cxgxebnwSI-HS}@uJ9w@T7!!xhfa1V9p1aqO?U9u%<~h18GL)Q zfj{Tf_6KeFvmRJ9Y~T;g#*m*e_)qqb?6G*l9`Bx@KV_70hJQ7GV=p=UmJ0uR7ygbc zcHu9${FHKB+4G}R`23adzIqsVKQ#=zvr_CSFP!&22%M3*UN}#qUk1)6Y&d@gxZO;e zU|I#-^6dAVaWECz`YWxs^8O~$F6I9${~P!lAJB)u<&!R4&>=*Zg2y`AZLfI|rP#j@ z(~t3ICF5(FHWtEn39i@%FV~`<8row#P?F;KNa+r}Tg6WcuFkTx)q>LcTCp z#iM%50tfgkv&=f+GZzi*gLe$S!P6Ia3|GvY3%`>_zZleKqM~zXJR5r|!P;ZZW!W+2 zoY5Cp(fWxM_8eC!XYWdCjEx-7g$u`6EJ;naOQ0$)2= z%du$5qTa=0Ih&a83yDFf1E!kq#ZKdzo=h+wyA8WTYhyIW-^{%i-t{~;ftzLETE2uW zTvt=>Le{2ejSR7*$oSw89I1`oGDHu`vmJQY_h~I#xEIfPVe!+WgZ!U5zAjCHhpP|a z4}Pjt>ywd5_{j0eFdu>sWGVcOjV;;L>TQei6&c$Zc%tiTuJ$Epp@KfmUQ*FpJT_p~ z+jJpA_oABz=<3=<9PZHavZ2!v5EQWV|~jKZ3U%W%OTkQp#2D z1($ys1}1AgF!@gpeXPqHsvj4EBk_%3T5Q=d*wSC(lGo66{>O-$W$aucA1&}Peu$Zz zV+bs;FZ=Lk0}IZ$X8l$@^rE#tUC^*#(24yhok(+DN)!F*yG49ghCfm;m`4A%u*YEr zFgUz~cuI5+ow?V;w|XDod!@+-labCG8-G9h9R{iQ@L0>C&tP&Y>lhA>4K}WU58bvc za_X4EKGQ0Hs%3Q?;(v;@S3PGN8rE1DjTUq&nF zoO6#h)L7{z-XRLC@>pY~`JE=RG&)epO0@Phw_~HOMvNZ@F(Y5%&*`(!ErHlGAAD? zWZv=!F|5<*Uk`tR^IuH{Ms`f4ty9l6HoRnI!Qa8;67?XdY1aOSo5zs@iBl6M57xzu+9|SAOMFIm)xpp&|7> zhraIxp842S#HV&_r{5>wLH2;{(AnW>-(Ag`YhOnX>FR4H=cKSMpbm4e1Y29ZZ zB~B&CI$$f=4vx1t^5J%0G@6GD^^yPPCAqyJ4^CaavV3U+Ye97W zXO3kxmb$Xt(P!=>o=ovfwOm*7UtykuEnnd(JO~!6oV16ymhvy*{{a6l@&6)!$;!`h z{YU=ynCG;Xf8d(+|Iqd(@KIHF|Nohptbj@@Zbi*Z5?RExf{;SZWKqPWZqzQeWne(C z&_2c5Rv)oU78JzV4D$O?u`OX0QnhI+)v0X_pe)6lJ3^+;h+Qp6~hY=X=f>$}{Od?v<4jpgu z%D;6UvDx`;=TUwpZQ%bOGB;M*d$q!+^_9a`hhhtS{#Ue7$Q)zWN`H2^XB2w+bBE2( z&)Tb!EwagN+|260V9RI8YtDf0(kON!^rdxT@jK_5q!!GZ^osmL#W*Fi^p~dY@h=c> z=hNfqu2lUou4nMBC(2>^T6^Bs{$`oX^?uPH8jRnln6yB>szORO^ z=Og#J(B%!L!R}+u(-~~dBa?N|K#aBV&03R5=OxFwv_75pyL84J@>4WYPo1Tj4{$Cz zni@9AFzef*>#5Lz_3_fx7WU$& zG;gvaBD8JSDZxu*Q2ydDV-#*p%p~i=_q}2a_hXJnM$v|&SNi(&vgf*gnVrKW=nlg_ zZ~i9P`ODfr-n?m!JRDCy9s_52vlqd~`OM*3o;|;&#^yGOj&+yjDZncIWnpmbo7~@O z?@C|0YiL(z)U7aq*{p?5Ca##=IxqH$))-hjZMk3j%ZcM{BaSCodW?RqJbrBZ{7}g1 zlS2BujkukDPld;?BzE^0d1TTxj~_3*JP7VsAKKmkjm24OQ=Ght-{Zkw8Te}ie>!85 zdl_vGi9Wl?*V9_Y4DeaTShv#mI{My={lMJ_&+2Xj&5Qj_EL*?1A7SBh^xI>K=2n5D zE_{Y7-8q&2H;tHTg0UEA;@mmRFTO&rt>m)>HCGS2b9JKiv>i4-AiF;@cfP#2T94hM zacgZ_c1tm|uitslp>VMPT-0HsRFRWXHkkWsLfX?+G&hax6U~Z`1p6w+Q3@V3cd{dD zd}BE{TWg*0D738SvTcYTZ#UG}_gwhq|*o0$s0!u4SVJ{r3#(H!xQtSG>C(R_Q)#&z5)L>tLQ{g6nq8(*^jF_)6b& z=gGj=zh*A{bG49Xk_W$}`~dIW&7aXcy`G=kgbqvO%+pK1U~bVn-gxA@8)Cl^(FI_N; zKWOZ+8ya_4a~D(tW70h*amKWoF?BL8wWjmgM)+3p$NonC=y$Cvf66(}=Nz8NhZWrh zxU*BVD!uZMcoqF)7Dt1G3-s8{;NlD5;W*F11!uxT)8Hb{hl^Z% zDBcnQA5|_s!rT`>_JRlhIPi;78*^a)BQOj0 zGCr>W_Fv?{{+kavGR2`p=l@>$VdDute;rvE#8zhgt0_Lj-WOQWAR0|jj-4F>K73XC z-Sh2*|0#o_N9sH}Y;fW>QQ2#2@{+`l+Mae{=;eQxUzCe1h&*^ELEHZP3*j~lZbxIA zSUk9GONRXQrELC%|DAf?sTow4!fu*9hw-gazAs~`hBkxbNv4VO-gQ&YGFv{_DX)eW z6TD~WOZXppLp{Fl(8Yn##ZC;w?bmQlhl!Qhb&3Z1_rnzZ@80!IfVaPJ2WNHo*NeQq z^XNN&^rUX`xOUbZuX&}?6df+YN0hy)^Yu!AOEBhBZx1%AmF<&9dHR2>WQO#ibRdS# z5a~Cqw<<2$%)XByKf?xvzarQ$vR`$clFq8C98`PoAi1SOudioc#?ZxI#qV~;=;*|1 z>QAB0gZOdlZ2o%mFnb2@qmb+9VC~0KUy4Buf0(_F#5mM`200@i%IinA@t>J{@q76Q zVz`WP!K@kMt}2QyQ7->pojuB)Up;ReRK0jD_fY2tkn1OCOY2;!y8t<~7CE$@xn2m} zF1%##xS~Koi)8CU?xWQAh3iJqoI3AL`zu!ry6WI6=v%%-m^If1cP@M1V=gqOkMIt*(&7E^ zmhSEoZOPZu{-sXNF;ic6{T4e9I5h7Go*yMI%s=nW{@$;(9Z{~23)>s^yUy48d|R6D zy60mrpTeET=O2EJ`sl@4VDOQDFTX3^=hrR2{RV3y=x=l{dk}K=n;`q3>y&MuTtoSW znNv)v1A0MErXGJ-axjsa^i3CrvP6pWPkQS~=CVGK`i|=Htde@FpW(ZB#g5mt7bIVP zx0C()F5I4cQq0XSYpk4acXD0px!+r`>Cf8Fv9ZZl@90_9TZgzSV;l2}ApHW1S02Vj z&3$jy=RN#8vQ+T=5O{LsMk|U=bDI3yMkP&y1^@!OMVDG?c-2?WigYKfA!z>cY8nm-D_=Vr@!0#>92wQ zo}nLa41!U3YxCi_&z!Q((J_$R3)jX{UJd^J@w>FqFD5=(+X@ zV59funOIwN*G0-RdDfq2(p!#=;^vuH8%43?9(1A3i1*vL9)Bz%2Iya36dmS+%SvdX z3jF6YkA6R-5cwy0ul%-S#5C92v9PZTSf#JLXV2O36xuml?~X@xxKDiS4#sl;d>pX& zV6V7sqv+t9Elly5wapA3i_J7d-&d-PXAhV&sXL$Cy=>i?rs#6`3ID~3Jv5^m z_n=T4GU3z&W%w^H&3f~{!R`mj`ujGXgnh!AcSYySK!xZbubDfb7`JU7`c2Nl7D1nt zo{euDud0YDFY{{RPw1}sCU`IdzsI24(pqPY4i2S&B&?_Yg)wl*vu=k}e(r}OvwXT~oX-HiXB za(Hi-{6p4-Dms~G_0dRKBYe65pK2{Wlwj{u4xg%gf$LjI*L^~M0kNChcB^T(gLZ{G zWXi5M?M^ox_-aAhZl7}NvjvGcIWZ%(TSdEmJPBsu`UNw8$#j#~(rE5$dw_QLF^2v0 zwVl3RBlmBO&HXEwy&t+1U%->>`6!q@6`ol``;yCgwh+0jHp`F|o(xVy1C8Kk5AE%t zJ;l5v`)0VZPq~7^iOTQw$-Wsbuj~2kK6$ToA<293qCVwwE{B#A^6{5mk*p)f?157p z9`KLte=@H1-ne4faT)B1|E+OJuN1gAkUl}LT72lcY(4g~oe`5y7Q5WWnr?8%=jr^8 zI6OYn-T$*AtNT0R(BaHzMWIhWdHjCB+8^0?thXM$<`d9s;!O5Lv7Zfj6h_}`O`T|)Qe1ZPWMW39GWnh9&i;#DxX3k={qto%OvLuz_+NrY_}TR@;JN1n@Z9kK z13Z#Tij_R^FW~w33E&y^KHwRd6EE~)FXFe0XF4$#*^12B#&pTNHu1)0`Ok*@b#gtl zCZICqV5uJVbayFp8}!+fDYb*#u`75&_^qhhgXMiV(vBw(fLIB4vLQ-_dVJj=DKr z6HV$0;>zgdU8Z#$?SH-Pc5+416Y*n0W~bokIL$15kvfz4Lth^<OtKPph`~Gg;-$3l|rOs%lUaR@GV?Rvbea*4vZ4vWELR=qzLGt2o4QtQA!3Q^38qA*mtGq2Qf3Bye zaD!|H`G4uv=AJNeIQ_V}CvzG1sjOzs%E%jS2>9m8*trU;ey6#|KnDgo;C<`+rB$DK zvhnA5jk-vdg@EVX}(3`PoU?c^?Q~{P{13Yr@X{H*z!Ht|{%aKgQ#yQsxO;_0j}! zfS&mU8)C$@B?Hf7Trp!db}-kc@m;i4|EULeSI_?8k>J}e9tkenf24X|l)avxd87l{ z2t^;=UGwF~kJKbWk986w8+!G^-NypWM|8Kd&ixDWyMy1Vt2Wa&%^p#^hD{g+n44qxaUW7R3jp&TyH1!l4 zv3b~*KjyWu4?FewMb5g1l~K^AViV$j?XebY>euT_zVbTy*h(L-xqZl%J8*Jhx6UE) z`VFA}*A0o@v(?O9@&+;4Vdo@vUrn7I+?AtoYG2caqdlY75qEnH|6nb3w`0E#c=wHk z&kv5ymES6RQL@zGQD;s>6RLA;t#-lxE$(aut`^|3zc0AL=8CLy;q=GI z6$6)?5T7Wnt8s+YFYssJ7v%*hmM=Xbe=`Vt%HvSZb%*NVYX*K_W%+OrxfvPao*CQT z$#xuyr%JaM0`K3!N3qv7Z3azXr*bIdmtHTK)f3t&MR^)L%&M}k8D5i zCb^_GEAeY3TfI4cO?8wjK>cs=-9N{keq3btpJeqTzHV#vB^TrCCQ_k%_DpC`Ui4!8 z(L|~-&y2Zwp;>Cns1w7s^PVGTQo)cDZ?$sFwfC$&hP_u#|HNQh4Q)Xuj?G3L#f!Z< zLw$9?X-fF>!<>+P_0kn~A48t_Qt^@FS6F+?xO6Fd;QFobm&-T8rT%&2RUU&s9@g_K zQ*qkmE^Lgc7q(xq50&}1upx(w7`NshT2KA-$9x|PEucdT`r5)6a^_zBUr7JC@ma6` z1IXTgo>J0#*YxGAqaoW{Bdy4GaQJEOw;7kUM{BY%=hJCh>oi__lk9l1``Kh0_f(?u z*sI>*u2XNIPtid7Z>%jbCgfQXTbw;;!3|GoT$}@(sZ6BoIBJ}6NEeECfBvhiToOJy zcu!+|`$gUpe-Dh>ye^$xWD)KD=fOA9t|$2NyRJvJBrd=ngf2$`12(qy)k`)=mRmSQ zJJ3w}R0mFLGeY-0J;4ok3SQ}PgDpQXnkqqmiRLZr4KDv72mQYV?{?rN9@h(_2j8Ur z;A{T(;k(9#&){ohfDfLu=POHx_+jd`HC&hl;|gF@+*>I0)2MJ$^PtWUy%avoo(V48 z>RARnYQK}@mgM>m9sozkb;(W11g%MkZpD{6>$-zF@{w*)J<;@K@F4We{HE@ttP^^W zEY$njzx3yu`o@<$+Ngmxyzfz$PCOdu#V_`ee?L=tBEB1A7>^#1toHjF8DwpSF)X+r zxK5S7W=7j_M=wdrS0zqvbFxR0b0+`c6H9@Wx$Xq++D+{FLC@fGSQ=ulx8>h@wIv;Q zg0_fP+qPpSXBRVPw4*t*@6v|$0DfI_dhvk1C-rxDl?EG%`eSgvSeKX(vcFSL0p#Q>Xcf!YOq6v>44p@H6 z<~L}4EFGHLb_f})yM*tBF08G~zKBxR=cZws#74M#BBDB*Lu;h$10Y|alNgoki3s)3 zKVw2?I{6U6c9Z-)&tt4(8|cQ$SL7-6uzvzOC1Zs12f(Gnla72?il>%<$3T+ zmipI%md|8OfWLCul8wWhbO*}aI6^~KZm*|Joz>{^hrf+9G%R{pkpqucSD$`)AUQa# zh!`R~jc>LDA4=<(t<{O*r1FuffYFY5f|I8uTX7{c6>0ylJ#)$VehKHlfqVMJueW+Z z^wZ(N5c2eZ1I0g2@#&c1#8u#3y(@WR>6CY0;a%Az8R8?o_9-%5Hj!YqbIo}qk~eAU zpaa^hTq0K{7mjuh4)=Wz|0D6c{I+lq+ebc2HJ>%}?t7$+oW#|{t@XQ_-(k)@q3!M= z_mV@5t`d*QH|!){nR$>nQ}aNpXKjohnyZDD)<8>LJZnr0Og0b`lKJOlcAZqPS(KR4%zBhNkj%Om5jd+W&a_`4D0uX5BMd-9>(#|A!iWc)+F zJTmmjefF8=%0$h}Vfu;VV@2sdM*r$p@nYr7pGTjTPLXNWz69^0U(xCZMXLiPyQAG& z!*pgV%WsbU&GMU34-T^D41RpN`cNWO4~%_yN3_q}f43NT-0zR^-IEQ1*Rvh=Y@rT(;@J+r0d8-8 zi*5Wm3$JLVgZ@{k-+$46BBw9mW~Z;86P?$vA;%u{^l3G|4}96Z2^%vq;nF1eo}7sj z+|Uy@_h^rBr)WsJN9S{)Cp&?&XPc==-zNJ8nGWyYGKFkV4UiM@!!Q?Z9nk!!CybH9sF!B|Ju17)emeR@xk^#!Qa{a zz?X}^)%e`G_}iQVW3V3>Kj4Eg7k}?VzF7Kun{%jg`8OB7PVNEEg>QKde6QxeSH2vO zKjrHCe;2-&-Vc1-d7ca3ojLHe^#k9ge*xe7&>t3mYx;q&5B>E6+qF5cE$#=l;35540-aAZx2YW!iM=ea1rO-6_1`pjsdX)?7SLmsW{)YZ}^LDpRz^f)7P7> z4e9C6k-7GmVs6(J+nC!Uv|UQu)tnDlMSIn>T`fD!wjFHwgs<&cw5_$|_t>X7?Kj)~ zARn>&LGJBs|IB{duk^KlR-(KfkC|-Rvam)bw ze(OTqvqKEJjPr%bnQGOYtd00MFUVi#eD5%S@*4u|dsKd5u-POJ?BE;>KIP}{<$Ey3 zcj|QVJtLcveZ`9J1c=M*rp)gfC4`sh`F71z`jGiPWD*nX{o7yj$xe-Pi#yI8(52rW z*M0?WO!D1IjJchyiz(5O=5}b`fAK32^?T2NU(>ulZrP)rG<1 zuO0S2qceNs!Hx7SpJ@T-q^-q=UBEeMDqFx_hQ~sQign}2H76IOfU~)`wvW`_#_pN+ zEHKl(XFRa*E+=K}GVJ|YA>BKk_*HWtsq?=_f!}rHv_DQ8!^z#suokh6y$72)^L!z5 zQxquDy?yqqq&K+NMEfJNlRuYfZ znQl{wJ4Dtbmek?w zyXxT2@%i%^(^|&6TJo#NJbgR##JXqeKIn-x*3?4iX&pZEeC9xFo!Vcdb1j^BQ9;XO z#&AD0rSWvIUU(zFJAgqkq+#^+0=QPb|491O-uYFGv-2|cuis28E-@H+R786P)GuyX zG=rEAcwIHY?(=A6kAUVO#TdslkA~-1j}qT}6)b*}_C7Bjxo6nXpF*F`c#2y}UAUj6%s7QO!Pev`o5j-lDYmE ztYT*5JG8C^Zt}HLx6==IPulaU#DBt35&bAuTL2G(*QcL_pA{4J-YZ~jSmm2@%k!cY zSFzrE|4@gHw?P~1wNGw?HdLm&9JfKs+~;WNc|W*60M1JS#RoIcO@O|G{2@PvSiW{? zg8dt*{ep9z*-$bsz+aF*_%H12{g$8Y(brcJtONUC-3wm!ftL>Yss)w|^V~_F>`6Yj z8UFU>_|y~3>r8iEHJ_{CCCzR7cC*yBYxixqcZmA>R6kwJWjXhIt_AiPv=P3$)aC~( zrlU5#PaB%Uc5sATd3h5!Qcj5YCjtM&;GZ!3lYoExxX|8@F2=H-aR_%S@+KYp0VO70nXv%Uqpt1RB^xn@RkKh5d z8HAs!;pZCo+0zRP=x43h4?I)_KMUpv{b~PFoW8vGwB|d-#h)kddT77Dd7leR8TeLs zA11nX&rdj&?-oAz!;{B~kNb5&So)->fY|)}Ht5*a7jKPz-Yoqa?TWYb??mq#|~;>DmD8-QOu-hCWAi>6D^xoWpC=J32j8-*>!E=?$xFhtv4 z{RZY=HbH>rf7Co{y#;+|V_c%?0Qwf*SMIdlbK>sKIh1wuCwN6eHm->*`0F;-yYPz~ z+IHf^C;HwjJVwt=P9+y=fe(+ne`c2c09b_o!wpV8+X0);mc3s*(-2IC!zLN$y##v5 z_Cc9+b0K@zhd%S@%|rj%d?)up%nl$AhTmci?ZYN4;e4Yy=wTRmJr6ofujafAayBBD zd<1&Dx2*;SagZ3peGuMI_WWn!NiMQ@;i(@m#$6c80!Uxy`-%I9e zP19?uj(2bLjp;j#=_Ma+^`S3&erfi+M4j*0Q$jBP=YS;~NlIr~zl}2KXv4h6(3im? z>=VXO$N2 z7esMjfBz5s5BmRPKmGrd_Jymjz(EyUW+3?ql&PNH2~ZC^dF*P+V)9R( zjj$#dZQDt`pXpudY3?+KsxR4lIWYKfrmT#K(~d zJmb94!O%N&hWwI0A~|9Aqt-ad?*!Kv#UOsJP3chi7nhone2=_{?0n0 zj+~IpUj|Ga;Kt97i#XHCzcyA)-!=4G20h5f&I3m)I6q@0I$i60cFZ--m_x`Eou@J5 z+tG^W2b;OGs3Uk}zs~r!N#1@o`mm^A@!DF>Oo88?CofZZrj6fXUn;tuy~x}vQ1DIbn-NM0G}SP`jFv2s9_V6@_mFR*HN_n|&m136w2rT)_1q?%M_kGnpr0}FnM6Oq zgrj%9uob+*|FQ+5z&4e7zrH(LroQ5wk<^6`*nqsLIh)V3v$ALg^%qFLFz0n=I`XKl z9XhkNPM}41rA$^I$X-t#Rl!Sj*p5};p$@sGKCO-_<2O300QjUoJNbPj?|Scv=fcdb z>QAN5JnEjTv8XOO@FUb6!0+Dn&~xR~$)_yC_fogsCDhBsal6hp_|ix0`35fqUEg(b zrH!?0=eKMXk55F8fBT8Uui_EbS9)y`KYcp;*|Tf6NIhR2 zwWE4{`%#W&A$QGY`+39dr+)C!XSUMMR=16<^i#mOI1}lo$L;5<^izNG(PuL7?{MZ{ zXZ-Ae*7lkFo&NXs(Z1g09Ix}mBhrETyuIk?GafuwQC27tPXr^G${J)3I-3=S0JI^g|fmiX30~B-k=peiZZ(gO~GO zh*mUm#}0OJlj0@Jjiv8Bm*Ef7rf8`Hx|AILE^VuP9c|styIb4Ye~T^=zl&e?K(D%2 zN@LwOKU(oq=pQN+l;`rn zO+G%TcKN{5Uyd!9&9_qyjls^5ZTlMbs$VwMGiS236Zjn#$9(TZW?Tu5b^il+>rNoM zI?-Wa=7hN#Bb!)!Bv~<@dXhmr>wX74ZLpzqR(1?|A(`j(6>()puFpM+_Z|J!7E-=o0Oxo=Mrh@WsSx_CCv*4|ZQ;pK|sds(in@uMuA|X>-uP z`5%dK>U%)4`ZR1*a9vK@)AP;c<8ixM63cl&B@A^i=;BWDnSAVlxU-3+@ZU`C>pFhVl*=K9XL*E0u>=SNM zY)Jd1Ja`1#dGNpBcmUWQfQE#-GT@WW(RZ(}$KAdX0 zf!dpRQq^`TZeeQ5AR&L$7)+ z`Ow2NjX}1<8^lRAan^}9o^8NA6S!9Zv-G%PT*A@4!21AtbsuthA$nYQhQn)@Z*u8< z1vpjxdKahvA$+Z1e++$ibymCl#2s4QGc7*zT5eKa{|fe*`f$1rxwaqq*0rU&qWrIg zmv`Rav>_e78n`+t1rxCG`ElA=4UJ62&PHcnJ{9?zImwKj3Qc-vS!E~(XG^A2)(D+0 zV*mZffOF47pK|C_<%?W8T?y>S0c$U5A9^{z9UGmy_4utAxPCWb6Upb1%zqKwYkoK@ z%8l!U92=N=+IKlM-#jh)E=LEHGvCwMf30?pLPu$IO#*o$`g;Mq^32B3KR{o3&BV?v zUFWr&$(Xe#LUZobT_fCpU*Wb3yl5^Y*YtZ3^-F0}KB3@!8#yc7^^0@-wha2`*TCc9 z9lTn+ix0ZVCs@fi>##M;!F3*VS_X~v&N1_&vHX>K_)BM0F`o4ci4i|U-}td67D;}I z9P4JSHN90x>?PW^5ZV9yA(K-5sld6C`cvs+rSnd!-ia$OTkj0k{)hY8?&Tf(dzXBo z``W(7?`sOIkJak=Sa%kgr86i?&ty!qk=q~ZSysjGUHnbq&)Q@og4QO3=9hkivY7gC zeKhXNUixv$y!YSa{Y&*8e>d=Vk-n?`kdy72)2-AeH`MNVFxX;&dGw1-W01$P1xob{ zeJ)$^TIycG?{oNjg1_;4CL6K!Lw3(d4e*>!nIE1jct`zv@N5O1llc8@{=Op1lc0Hwx_e*kY(l2Tb3V|P+^b_t` zpN4ln?&z@%?1r|4u*f|C+x2@O%A@ zwC8JQ&zlH5MBHK_b~1CVIDmX!<;rQl&VGCh`M)dp-oW=DK3xExtmG2riMbD40AHk? zxtc|P7Kd)U!0?{<|PH%09<@wtvXs|7UaX>&9jL z_;vP1XZ>f3U;4B71&(U)CAzKwcb)WK3%+%hN;x=eRxBL6#?XV<8oP3BjcJrsV{7=& z`jM^CTaK;aKkMfWbh6E_cIQd@O!0{r_N3!CIP@XhzQx#n<&!TSe=f>7uUG5!7PjW{ zWCY%1?l;!u0lU^c28WWHh_@5-T>5RwHR7u{tj?fy?^c2TU(QV7COYayG5M4n=o_XX&XCKEK~lt*1a2x z@^&s@-_TlfPIAp4z9Tam(W9Jk_jDJus(gV0V2VjjzEzCeyRS|5N_sqW0A0ymIG5*& zXLYit>{zI8-7?j!jHXh^$syF!nnwUxFJC2y+?OpGYJxBDH{asjsO0pVq2P6X+Yr5r zufaipPWd3GT>2(G3K*Soa*eJ4uCKRoFSWIqzU!5{aym%)-)UQYYi-f4x8Kit%ixk^ zoHKB&4~!h1!5Mb)H)ZqQ&bc^mKsS5YpWL{nwqhSP_e7rO^K9n4>Q|nJCiXCoYr+pK zCr+GNLER^b`{zT?kH=)6a32Bhu7zLrnu3ik^ z_r7;^&U==RMvPL-wPG{=!#en_gYlOlEB5fd+Lv6^pT}F@cX+FRIR&5gE2mVRBd6l* zwd&J$cuey6#~t0-+aG2BMOg+okUL9k%m|!1I>w2)d$CS$-@xy9Yc}3qK}Ro1Cnw!!y}a$}tlYZqd0uGx ztYLgF2j1WL;Pvasuh3r_SOQJN&X7yJ=Y+Za=JsRd1LN2ED~n3|%7+H%E)I<{)~Dmq zpyh%2&|q^I8Hdb}?JQc8zwWJl6!2X#V;_9C2e~d@(z&3Wmqk+@qEF%ndyyAi@Np-5 zci3-48FU1HE0?5@e)hv_B_A+zN1$Iy^3B|K&YdeM=6*-kD+{+*S3Hg`EPSEb#x4qx zK|KqH{6KQIkhz%xKcROf-$q*#+XvaR-Fi%Dw$5P}T*@<2Y($^pUwul)=(7+%UiMnG zso(v~NyuF81Cj307(&~F6`>b`73JhmJ3vkTYSEc7)2HBYwzDy_8DVK9g4@!<_wWUs*E!x6`M%ovxyiGe7fMG>!~)1@9j4zZbbHf1Lb=l-Blz`-`dLf37mk zi{?l3G@R!pCz-h+`Z`nJ&*E-S@(4;Ie3BPZavt}NGPd=h*x0Li9tkK1>g#R4LNA8# zx&Bq#gWbOOQ(rc@<~aORgS z;wgbsOaX4F zZ>iJY1eK49rs^sG4sBh)U&88N_LTzvXyQ>Z*?8;ENoF`V<`RBu?A}`N`WJb>5PHnH zuVX{b{i$02ix4;MfJbD1YdmTvgiM$U4#%7Nn=8qyXl6d|g@>T~ohy)W^8HGWetF3e z)~UrmJik269NW2KUTP_~^Wxg%{_l2<;3>7=J4e{uuMk)B&ynmEwfP4={c~jP1?1$H zJ)F67^jFotIGP&6=Z)a&4aG>sul>yt{XOIL=g!d^dY}3~<Ksp>PRco-EMfO1 zpPSr%C;0_m;a&EE2IQY52C?26XxU8p2Ff$T6Xy)=hU^wr!#h=^HAOj+w(6U5^i|M@Q#6(cY&XS)cH^T+GR&wJ;uhM>RlYkj{X&6 z+3o6B5B`z%{L5^9fNX*3=trG{w~2eErq4pxac<=de3-RonK3i)ZD#NpPq2o6mf6^l z7fsEFUN>={lw`^jVpE;Kt~1sD#NH)ku zaQZ1^{g?eCj926M5@XhRY&t`&#MB0{$T;;}^QCcmFt5b_ zi$wF1rR<-0YBXo;(eHffdHoX0Y!MtQ(VZp8x>3C_Jhc0@hn_t0+?-=@{z zqZo8WJF&P<=1n$J20GIiHShR_ePUazTXtVX4#AG&^B>vq`lQ7p-<|Zx*7D+=_)y(Z zWSZ=gFOd7dI%n(J@HpjA>x{3%3$eBKapwAdQ?T&~TTL;(*$}q4WEdyIO<|WMg!|-Eju^ zaL3`npnkn}cY&w7l)Gl%{aV}H{_qTr8**^`y?*fP`%GR%_1V!^f}As@xzxPs&*DEiCOMCMHO*z1cMY;4%)6FGU45fDp8`C&`Bito z6Mo%h`*-?$S$$T~XQkvbyqw$TG5XBy<0|?%z&JhnnUoW+w)DgL8@5=tzLP({O#9!X zdH9hDWLG0{ku{qak#Pm+lC8wI6ic{{Ip!{voqL%dt(R_YZCu_J%G((~-uU2Z6Iv|U zRf+CM17~(_LoG`*PvBH@8lvqy`lvI(#q$k!9WwSnqHpY1V^oYu?J0lq^oG8)>+ro3 z2UI@xo8+w7clF51F<-DJ}|EwJuN*k?a5PR(LN$P1saU06GM~5@l;OYBv+Qlxd z5PfZ*{5=z^{fsa?I{aA+w&jho;dN<&hMED^)Zz;1B1VKZsg3^xg+?! z09skY^DdrChv>Uxmi)c7zGo&n^<4jR#p`VUtrrt(i?&td^bh|f&6!ir4Kz(ZH%vc^ z$p4dm6o^~#03QU%63^q+WSI;B7SIv8sXPd*wipf!Mr1xh5OK+Rh*P3&_ zx%<1ricIqHc9Y!yJ(DcFW7s&oztT+mZeSdJsPCd_PFu**JwIf9|NExmMaH=2ho)lf zAU-*ptMe68p|j<>_)K#qXgsrgcYMfGM^;bVbfoh?-#!wWSMwNpeR2HwRgc6u*DX$e zoxd{`s~>%Icf+HpBMp!Kfxqq}@p)0VUd$ zuV8VU94*_qWimd!D>G zkR#7nt9h5RnBHAOTkuwsx!_XE8^pA=UiI#+l0QSE?{cu+GCQZE%XvP(?FF7c# zQ1y@OwJ;2FVL;}-n{oN^aE(7dK6~Elp+~^kD}g>|ZYuv{Ds$k@`^&mxgc#kyKSQIr zxXqilg>&_|F9uxY=jHEQ%N*>b%@=1y#+8h~{$hSbpDL?t3LKtA8x6G0Iek0HciCBX zyy3xi$w=(c<=&WT+!!EuuA^={`A?o46OMn~W^w$U^InT{@XI+|Khksw)5o4u z?rU2xD?Bb-!Z4H!d@!>uM?h`KV$LHW)`;4vu@A|wt2mg1u_yK>G#y$Ej zrXRn);0}#`@jKmp-&_AX(fg}T@c!fzyuZlKe|Ei2K1dpyQhCYBP1ky&Y)R#!YrQi= z96_|uflnko{0{k2mLA-=gJ+wHCdRsb%8ohF`F_RNfc~|7t-&gOtr(#EF5RQNfj;2% zRugsh1CSqP&*#2@Pg|aL^y^NQWBX3>%5QY)lb^rrS><&RYxp$ZExfKD?ZNBC%m?^j z?x3yT=FHatdp}5aKMDR}H?fB9j)|<%(?`$qlDqe|rTJ9ch_%V4YG_h^ymW)jSp$x# zVdBQr^PYEBlJ^WTWXTsg4-+?ey_?{u=qye(W@M&3TN; z@+*65BYWH?Upb6A~Bw$?4`kv)_T_ne5*7z zqvqJI>0qDFq>gOJ3wg(mr`(Z0AE(VUwp#}O?q3m%fP zzDxV(kelh!q_qQBn|^SxYxBAECccA;1C)-cE za}HA|Y23y=89c$OUTeXiOf5$hC9an68)rYkyGe_72LX7OmTes`0b{`3~!k0)3o((i%p?`HS+ z0Q0o1A1+Q#=XrUtdHRRUeKTzs$~14Hi4Tq8PC3poWN9tA^K!EkoB`ty&Y@#&Xg>mc zVd^%11X;rPUma%aG)2ZaXVYbfq2MDD=NqLqE3l)-zRH|_y7Qc5G$i_{{H=W+=4@7c z_$u(Oewq6rqN8`T*TEWhCvvQd`B;q|K%Q7? z;}g!hdZh54sXPd9YMApK|z3{PcX zI?L|=xSHRh>#rX6^r;HVR2UDtbMAj&(W6O zf18w}&mDR2q2x=Y@AduugLiZFx#M4F<%vTdSsI2$ID@Y^IRP4$-vA9Cs^)hmygD;Q zej;VxxD)&Xw|HMM)0gjeaM3PWOcW<)kfUhZX)jKe!W%)(A+~we?mcc6=H_tH)}g-Q zdJX)E21=m;8$&rXG`W`byyx-dzrnn=6IYJ8c_3A+L+wYlzDC&}!E>|b>1pQ-k&eGR zun2b-Gycu)Jos%OkB*-EeqWp!-#^d(IbdzeY`kTGE6>&uHzCHFTu0nQW%ewHm~%e6 z=wch|ExHq{hqc}W{@87-yJ$b_ChQS%@9jAW`@qcu$c>fJKzH+mfITPSaWf$4?fX4| zo!5yjEC%nZ(wYO)Qowg-e|T}r=JsI4>hOSyHCG2Lf2;(iQf$suz@!)qGU+|%KG?A* z!pV6#W4Aagudq3>Nf(E``YMj!H`7#fxv{`M@Gkz86AN_jzUjh-`=O8KJ^VTGf-Jq+ zeTlS#&S(AM!~Nz_e#L_=$A;3J{@B;|zJB_1_$%9A6}nYC)&Xrj!Wx|AFQ2ZwpZ3IG z{+u4=if9f`c;?6JwcWRK=0_KHhSslDH_f>_CN?s;?t0>C7(7?94W1RD0784`PIp-tXd(OvV@{m@gYgywk2e)9KHNVcC41*X8eXGy+bIwQZ zSsn@P+kPpKtirE9gL%$CQ&&P$qxm}z7>CiH&iME|XMF5oOluR)86Ta6*oNdQd9=G9 z+GSnBIpc%t6?)e_+yl(ug);{NZ{2rW)#Xh5Lt)qG0C(s}3@xAcwfsfdS zWzY3kPv0ZJ<@Q1Oiw`gkV!mUx+4*_ik& z`Vu@%{J1;!l$SBKa>jNgeXYP(>|p+6n`Xx+-p=DZl>C-YonU-3fvcJE`NvgY;bIRZ zW3hHE@7K~tIpdkm*%nrIVv`U9xBF~jIcHq_gB%#`DG@&KReIwge)`Xc#ul7mHs%U(6S?v`!*)Pp~Bv-Hb^F3xh#1=&Cwn*V0xYXBZziF_?_s-F}oaSB1?`#Qa6* zPx!t~eYx*-^86Dn9+8!{{r{qUZ$9=SGwXrHIoBtzB@CTwAEfr*oWyr4w;tlmH00KS zzhUD_jx~KCxe{A#55J?jLu7iu-bZY`?!Yw%;x8d(u;bpL&1ikvMSb&XjxGe&~DOoZ$Uj z`>*-qjMJQw%#cqI!6*9@_NZVN41awxYybIUAR+J{Z$CXbmASOv)2An=@m=c}d*}7l zksc1-^S(JF`+oS0-uHid!uPW_R7`gEoRjQ6fUmk^_Uwg8_WrW0f2v%MAhuLBw$$c< zW^{V2qi;3FDC>46F*>>9T5E6aikQM=DY8nuUB-CMLtZJ?F%8|~$d0qYv*d1m%ki7J zCrtV+T9{k~-8%k>BR5%B9PC}MdvERmbLw>Z`*FT zFu8_zC6oQ~<$l`kf)}Ry9u=%^-^dl263EK$F`Auk0I}2LhbxJHR+>E3<2<(};Xn zfKR2f0M_z+E$6YvXU#ae`ky@;Sp!W;2TOi;mLyVB1uOS7cx`y^W53SE&{FI$Rl_*d z-g&EOrT}PBDb zWi~Fkv@A(q6&6R_GbbEbe7oy{Y2pvxfcG?SqUTk_9@c_$58oSXzJFF8X|HyGJjo8} zwb*dQnNl&`sb@Z#%m`udlxopPUJV+_!aW1^h~pO%5k$nb5t^z zoEg^cR7bcEyfyC?8?$O2n4B^zalCTlXQ(hNtdL*q`%=J62xe$a*UWo5vvA z?z8J)zuAjk9Zo!mSeo$1ye|1Ye)ZxR*g}t(r8iCNS$6!h@U2_N>UY*9$;Gz!2SiNJ z?(O-Njh7OipdFKlrYs*c*;ruet}zbIcJuku3bT~Vp{1wPIq(RVR>!A@C8u4({qAZ9 z8Ib{Jk>+8!fnLBnEcZxNElzjS_^uj0E=kd{=Wfx52Y%!aQ6g+6mishnKkPjcLvkXC$M@r*IH^m;BOz9n%?hOg0vUT!#N`Jg|zmL}cD2 zHWsOMq8fh3`F+|(Cx6PT@3iZjNeY~YiK$I?+C5WoJNkFdHoy-=);PISd9>k|*W#}_ zWTfVD==JrxBjn#|?tl3wY&iVcFtnyvz4EyvCl@1kbf#58cG6qUIbM(WYzNj=msa{@ zdM`iZ%16d;-~-L0o!{ti#Y4L-e}^O){(1t&40OZw-*Ynez~(- zw3|pBI%?xRhs@Qizp}nNhw>@ZO-L7U-fe_<(M%t_PXn(%pWlOb2XpS%KNc=vl4Yacq3=wnv?bli9q!cCT1SmB zE!ZHlJK>eMNi2`gi@nkj3Z6gB04IG0n@snYkTL4N6d$mjb)#C^Yb3T_JBYJwWrL(0 zyT#)#otZL2zQTHkhD)RQ$y>;I(O9jVhHrqWVio*db+K#5(1!X5`0N!=uIvXdRvx)` zs${T(Vjo9-nA4LpZgP2_Hlf87ygkO^s@cJvh1=v?TkgZaVCTBViQmdL$e_oi3rd(@ zFV3~l#|wV@#+mP|e&`?uE*rIMF|qviE3A#yz?e*ewy^U$So_l4Yuw7o=Kk)5{rSv| z)aRVTUn3>`EbpLGHL z<_vt+75~a-b>sAcOFGWxa_c@D<=aCeG2-3u9{bXq{P%_Mr^a(TpHazeH{ZTqm5C4(2=I|%|WBC9)U|TJOS9<%ab^2>HZZ7v6y-)pX`1JRu{?%WX zCmY;c?wHEikFk#OO|+$WezV}eYn+YWfAWx{tGxN{P>fUhza=~89mF>8&*ASKR{mvu z8O6Y%!(EX}(2K;kWkX5UoBOau(5Da2p*?KBfb1#iRt_@g-E{MYO=#0P(yd6I0|%_sA_ z%dENF`iFl}d7Rv8uRP(D?^pTEXzJ^HPGW9VJz*#@XAS`d5D+=F|4)((zL&FN>z$rms`@`!4M@Yh5dRcCwB$#n=6{XW2dKL%3Xs zPfmPfrQTso^ZBHYUR*w=a&UR6SMK8S|EL^Xj^gtlw6%c0KDb1e^y1Rng99#aQ@=i3 zHmDu?o$9pTJGT2&&e)Ctza5(^6TaruPyLi~&EHJ*i_GeS%TZZeR(k!pxSXl?seffo zf9hZTz2Wue;_^0?v%g~{0kzKG4A@dtkYHj5XL(PcZ(^=8WGtUm+_~BugYyGRT%X z6B|2?ze*FFy%IU6{2qk^OnbRK7a&suekLM+us4L~ch-YjXeI+)c0hyj;qv&CzqE%r zTrIiDb3IcX(MCS9=qhBOnEL!EtBJER@EOPDzcVy8jR~G5ni=?>WdyPRa^8Gn2zlgbL=*3v7Pusiv!b%ImCqjXv)LM6y7zg-%O#;seG2uN04_* zgGYa~34CS1SBAdPH@m81`PjmlqdM2%QpV7y{P>jZ?s*5>SqIrTlIK&%iTfTpp=NOV zt6ki|+(1su^ugxk1^BJcM+Y9p)|uRh3?iSUZ4mY2L*N4wIK1Z!Y{^R&EUzB1WqA$0 zd(EL5aztw%sU95KDSuycUOhN(@f6x9g=g?3nj$fB5{RE|cI`shJ!Pf?Sc8j2ANIF} zF}S$w_)rUD3HZ=6;jQ!YF5iN?FgWt-AFcBQKFz!-9}C;xo4ae2lY{+lm=D>B9n7!h z+?#9VPimh^Ep&tLFgt=DrG25~5S`I1Su*4ld)GwtFODpct*C#VyjaB8{QgMv6!wCk zpIE0%k$;jZfS1#f+0k+MJzsCT2wqK>aX$mR>gVMVDjyzA{fzQOymKahMltZBq9iew zwy@j3Ajh5&ovs8%*#c8oudd>|Cy((Rc2&c3_)Zle?CnnC#pQwe z-S=V#lv~~l&DNf$V({-h8*lA_khKTOT^>}O8SfT4_CSMUza*p!-@3@kp~HXfUk;Dg zI21>4<#2!JY2?~xmF4g`W0(TJ_cxYm#u8*KrNkdPv8``oEM;~qL2J`!EZ#F`EI~UK z=&jeb$(6_cvHa`=V=2lRi}r|kbK|EMXFOS1i+-{Gq~c?emE6nNYQiPN91^=<8E=*z zM~2DQ)E=<~3DbQgaX;NFz}X0?1^7XdBZ+y&t|`{1L&;8lA0|(tS57A`an5g{jkJ77 zS57w(gX_aTK0oOZV(GCjlNL zO9J>&5oAIDKT2g9gVr%iz_Im1U0)Nqt~(JdeuLmwbMz?q_2xfvrFKpOh2tu=$VJ!hPta{ai~g6QLK`q8a&##1riNx_x+lk#P4}`ts&CH{P+s z;y;VO7TOWM?0DUN)b|j^>u+D}PNdzx#t<^3#V?l;*WE&FD^5IcI4LL&h6MNgn-qarCXB~5} zjeUbxBQJ~28I>#!u*U_RdjOgre_!;G4l7@ZXTOOY)VhJnk6AfcY-LM_D_itjF=ekE z)f+(H*Bmdryl^q+cM@M9hp1wv&NX6=_u{u}kJ(ME!J!+vzxki;{JLY)SiLcIAs_ZI z?|Z4|Z-3j6sB=Ha5R)1PF0_wy7`V_Gh0mI1ePI*Nh2K)1lXIQ&=CIwyiiRccVh%IIiPJLAPeN0|?=!@9?ep;Y$-u9h zh-o$-`Nvi0!Ja~Uwu9}HXNrq@{a4d|DSO`d-BiuoDb82TylKuPBV}g{r|mE{%2f1q zy^jd2*{=3!~JIH5LyiB>D9*o4Qk+EZv->-FOTjgF^3uW>(GQ?sM#=Xm6ixW%g zuRcJ--zTUt$p$<2c4zFH-Mq|C z5i=G&N%o&SI2)7n=IRTK8JXAW@tbYq&_&MN(+2aA()=lRP3tiimWUorx1|C2keGJL zevgVCqN!E9qcYom?EK`F(1M41ug|yWGXt%vUE#Wlb7abx*G}fCoO7IO$$ii}?1k#C zp95d#IcoxSb4+(4oS(deHl18Z@or+tgnUQ#=$%i^a%o!gzPhR+fIXn{C^i8!vxNFq z*Xj(XmamwlcN94|!7k(OD<|hJ_%CwqL?2f6xiPk=?8KLfZC>h+4mx8+*V_0~kU6E@ ziig~J^=tya&8RcN5+Tl*AP+1deR>MGq$Q4ak zSp-kWhCrtzpr;$wnx!AiKwI>$wJCUXm+o-JSG4ExBXg}C;FYV+M?MqnewFxgl<_L} zSnv9u>)m$j@i23~FN|#Gxnz4K^L{b3>mLht*)G#K(mDUb#k=@uEpQP}@7MlXWc6t_ z-e>9FjX8@>?C)~tT&H@Hu7yMJTrr*V5+rl}QR%|akhNtN(O>TU$9@||=S7G=$K&gU zq1`7%`@|6KxYoFSjN4xB{1n^u%IyA0wd3JSxH9;;+;visfrbR@xmP>1{5qe)o#Oe` z@KzPP6=hz3{4u*`u&WyT23g9va?ZK_l_Q*7AH7q~J@B$~lwb6@r?U0MLmvOeY8V4` zo3&n)4kks1iD-T@k3PD{eP6+vR2^%ZW$WQ(#Tn_(TQdkjxBTJnnUy!vZa%-FEyizT(1I z`YqN#kZ*B(9dy5qby|5(PJJH!XCwZn;tRcH_@FAwbA8Z9p~J}q@0FV+v~Tgjx>x`> zBeExf?_KH(4nHid)U|%-u0eLMd^BiA+x~!w^}vcW_5}2`#M0kjo!OV>%syk!@$OTO zU7>RC+`e>KRfTcoo8~_QeT2cE<&%)3xBTBN&#WJ3d1mpOtf>R5&cDrtcYk&NW82!# z*zRF$Ix|vsw0ujoWuWuFY0TIRT5m3a&gr|!j2my)`sUEL>UnbV*)@)wtoHODa!%)O z?I@E!khLGRe@bg7;sd>(s{>^Ns$6+8)%2^i4*6Ir^Jw=6jLqt+X2*UBhRql|7ucKN z+Sxyk{-SJ`fo`Gc6!GyfIrgylb2Dsi9K3j_n%~-w^$0m0+7s^8A*ZORvAIz3 z^=@*An$}{!=q!VMmvJ5{{3V_#%E#s;U-m(4q#fiA_HaKKw1B_Py6+8*yGI6wE`F1F zJ^$Sm3;zyo^j&_>^fK3$YS&t=qel%q-p)RHy%!+PW%YO;|6XTragKPu{=M_;ME?DG z`1jKJ?=a3PWVdo){5Y(}t}F#-vQxc&6%SK?%6akE?ay8my?Je?!H?U1Qv{rqGCrL* zVeJEC1ao9@XRN&*vboK**kTK0i(#*4hz~5ddz$WZnY#&jzX02vSX!$WUo3=Q_9169 z2gkt0dTYNI&OU&Bej0P)J$ugD@P*cfU+>!Rs-rlV*Pd6mn6?zB>aTpqJKzrf$hUVa zULoJTVh{Z8tm)>peCi%c``ydFMlLTlNF6r2WJw)1yJ8Vzux-Rg;Lzg3#;&0M+`e?i zKnFIrd@JoE7Ja?SJ`zj!?OB`qEc8zwo115{xxMx+O*fy<`YriF1!j!!FWl$i{pX6C zf%nJY`9|He%3+ z%9QgUp0ANlhmEG#DDCxspPy^Dx7#(7ieweJr5`)su5rw{C|O0$!8QC2%YIvWI(OhE zc3;JB^&@{-w#3ie{hhD-&f1oa?zNwC_LE31g^@v$gSmWI&Acl%)d62RiX0uM99HCt%ab`0A65?9OlKy14C)+!aBe#J= z$@8fOTNt?$Ki4d^W5O;FP1d_Uf*_HgADzQ7v~8kJNaD#9m;P~ym%gKEwr=b+|#o5kY_)2LX$D*ST;l_Hcbb=2lFm+ z(ArsgE_whSd#6!|JCtPq1lvurfO_(Obk1)zW7WL@E3oS{NB1&bJ=6QL6-D>8(0#d& z?sM;f^>A#!v0_1X?p!{|AX}z#_KNTo!QRpuz2d`F$Vfdazp+a3#a92lrD1F?jVpq^ zWygjO_=oSArQmp1H8@W5p5&PJ$#23>m#^K^lfMDFV2y}7Mv&Wf?i* zv{$M>{3_Yp@}Csj_vm$ljdx}Jfokf(r}j_wvh3zRU;AF0e-3T_m3BP(_vdh8YxeF7 z4H3(+zws&J@P7mQFGI-jc>Bf4X|z3+K9JW353sJIeC_|7YnDoHcCzj?^Si`xS)T=V zyAGu@_cK4l7sMxgeY)e1lwRq4jwVJb+y|b(SE9WPdMeP&`8~j*{l4&v&J=oCI$Cw0 z&8F(u7@Ipx{45nnC|?vDF+Y>Qt#XY5_?UJ44uqpG*M&^?(1*Us`6xqoCV*qtO0)El zKVsi8k0z$~i2nlTUzE>5+a|}Zg>QF7nuh~NU%R%qJjbr}+pOYWbb3pVJLkf=H-C$A z&d;;srSAy1-h_@-jL434F!78;=2_8lpECNbLbr3j>c$4*7UWN*)ZeMpOEV9DG7g>D z7&rcoA8*j(M$S6x5xPqTb4KYjRVSo1!gdC$#1ngrkbWk&;T zbTY3o%TuiBGB;;2H=W>qI%O+3a~FTQ$;;ajuKZ)DyyN7MPDDNb!hxod}_=Q#%%GIl^gJ_J5Jyb9(s@qmCUOhJ7xWiKf`(^GCh?+E|4FU z%3x0@PpSv`^#u9kx%e3ietzuARDb*=z1mcWPV<=mj@8U3v}5OaimCAMT|@5vd~$8W z#IwpmW}_h|po;sNJUS?Y4m!b=WUIv=@?Zhy;;$v&Ty)i^99*ewJc@7 zbtif^GzS?1J;j?Yl732s&;vThp^9@6Wpf1hl*}oeRh^m!Z%1Oa71$6qo~k~O^{pmx zdh+!v+!!+Zh~T*t?~Mlct&!%_rF-o8g43WIy;FuBx6j(`Gn*rdA5dZ2N}rxgRXR4f zzx^0xvKQaK?eE0r&V`o$o%dokri)KNT)&FkSizEOS1fL3etdQX^V(|p>fJ{@Kd+^SXWJ;{nSA!QUbT9gxjZX5H>ZBP;x=P3Mh zPZk%FY1gSzzkVjRj(p3~XMeP*GLN4c;U{AMmn&`{-myL|H1!yM`is_2&$H*2 z4}`aJ>%0cv&JX2TfBi+*Usrz6Huy~Q7lR)H*g#X^hmwEkH@dN1@Q=@M$e1#0Ax8(7 zy6d6Rf&b1r?>|>?J~g=V=);l!S^HCPdiHD~JZ0^pFUf97IQkPgOq}#Rw(qy7`vGtw znGcP%R>NCW@RZuKzu_zS`1-9sk8dC3J&*4SUB2_4?PK4DmwV%XNBcSaygluB&(nIY zv;XDK`|I9G`)TZMwIjPz@*lsddmMOFc??;o*tuxw8F1ste-A$+t$&@RAFWT+FppdE z&6pber4akIt8c8Wz_uN$wF>pEKM#jL0#>WLk!9CL-ixR(K*CnKIFvK?K9-3<*h9a&BTGEFKO&|Gj_>&@s9o}ma4f7+?ZF<9-8u74R5U+qBm?k{OcO#O!C^6hllrBPnU0u z4BPl9_Lgi>z3=bmZ|bL^s-nc0J1rk2N|I*qisg#okayXA!#`bF0*w8wyY;&lyT*xW zccABT`}>{d8l6@OJ=700V@sK<%>#%X07DGjFTWg~7@{#>z-R9J+gx~K_-s~A<405@ zk2-i)_BV0eUGYQ1v5z~jv4Yla=u>WOtl;A5uHDeZ`OE4P1|%cI(C!1CnCLv_(Dgn1P6*!ZL+n{RU*WeMH#TCX##sk#$CtIb zvL;$_yq@>v}5mdZ-K_`^K_;CP5q7j`dgTL$^J0% z%FpLz+M{`+V>6ZInbD!}r0x)H#f#A2YNLEox4y?&>l7d3Ck|PSu8t?h3-8-kv({^W zH{-iuFRkHOW9vt?R=|BYq1ktUcfBW@*U>$WY~SR6G}erUP?9b3S-_R+^{=+>E5w-(IakG@nMi1+MXt5XZCPMzuM zRMpuI9D?uF95{SD#k%0I$KZ<{K%`jr=>b*UvbwU>mPQG7%%vB^Bc44AGLP8PJW|o3EBU$ zC$QDAA)Ne1`AV|YmERboPCn1igMN^O+e;!KekLtfasZ6@H2iL#I z*)hpD5TI@O5S|9-y*MD8cb{Dj2iC$%49*R#)!S#BT<4DEGXC-^#`M?yJ%jO}M!#u< zZ(PCLu8 z=l=J+E4(v%ifKEBTow;k-0Hv{6MO(>zYaRW>#AEi(7X12ozv72LuMaS-I6KJzOxRM zqa&2@8v-vZWZexmk~fogN0J$!g>d%NBCoINH#(f7RnGQZyT)V|ug zn_ttOv&ZChmE*%p=Qoe`_EBGx`qN>{!tb^@aoQixF?%(>!@X!hxEx^Kll?stllI&C znPa^#8wgtO4MXe2=q<>l18vYEy2_>_%-0J3^`6mX9Ub5gGyAtpyEv2&()TmgXKgwB zJbj_Bjn>aT5Gh1%f5qvWOKWexVAGmn(p>#=Lz2B_=*iMrU?}PzW=%2piGH;PK3IZI zl8a1H3^~uedXg=N-mfP)@=3m^K|Se>K;QHb;m&#J^(M1zhTfmVXY%yvRJmrSoFo}QAVcczk$5m!P(0>rNPJp#|%!P-xua9&)Qn( z_Iuzjw(ii}N2RtOb*JM;eVRBU;rSZgKf-)0!XM*ZOL~&$lF2#;WCS|7){QFXS&2%{ z=)yN^_VX?zJ}gGN(uW08`NLh?M(atD=PkA^H+NH9@tppOI$$k( z$%S$5C|}fv&Xq&_Dt?Ik9CV8XGdRBkUbW!eqI`JPv{LGRlC_O}kF&l(ze;2Fexc*r zhRPA+V{vrGJ01LtqciTh1pLn)_Ptf$AJx0JOgiLMeHYh|hcVB3>q3Q7ocCQFQSI&`4mD2QZTR4@uWOa}>gi3;=WOdh^83a|M?Gr4 zgKyR{CwJfQrA_N{UORVWWop*b8*3h(zpm~x2iecD2ffbddg#CP(8NL3{;#0Sof}tQ z`cu9=HsJ?4^XAxN@29nAMQe`{Lo)O7V^M!@(jJ7{Co7gEzZpI-j{D{*_TH^$x&QNW zcqnr(Ip0Qmd)b?NIoNpXbL$C!lkRo*2CKFkJ(B!%iF98mv4?t3p(|)DYzZ+#`d;f8 z6VO*;AGQvdxds*sfyF{}!DKk>bKs!9l?x6f?}x)|!Jz~=OdqVz=*~^}jL|FVnM(tM z)?1B!-39J6qZ2lxpUH-LhxIp|eJP)Z^l0hu?)$nYkFq(Z=E;+^Qvi+?V3*$U{_X)-xnVrx$ojT>%03ZPfqj= zZy~OzqI>-ItedUBm z*Y5KTGq$hV9w@(9vR>trF52r0n(r_8S(}_>9oW@AZ2Dp5Ek?Ud{8n04Zw)*|Il8M_L0x^*-8q8W=|=Jri} z5{~Lu@AIAUhyT!LjozVkPB&($+=*G5%ed%o$49M1J$^j1(Zs7W?hivFo;uLO#zj_9hs$3Vf`=Ui zzI@JqoK^|$K(_)q+#P6oI$(ZQV|<=~FWGaTI6aC6`ESUJ3OE_nJ; zVE+iPD`tPgoKWJo!YR&%i4lhphc2Yk%62QZbrG|lZ5DXjLEFw+VQoEh!5ZRgS}Xh_ zV;@qEz2~eUnsu?y@O)VSe;8+z4e7(j=)+|Ca2xY>XDD$k?+6AR1%>%89>echi@i0n z2pXJi^N7}Zhev>`=6u{?;7zu}9~{15-Vt9|Z1d6q_#L(3cf!DL$GAvFRd=7h*SVYn zWfx114ZE0i>}~AS0$+CTDfo`!soZ(cyNYw0Fvgl@zBx25VqM&R>|WqDX&L7O2dx7W zADWfllg(NbG^n}W@JaY0>l(KFv*mb>#raC~JEzXJh2fu@(EW(_o@&-CDtQ(pug~9~ zfTzv0ZAfqoxjD|n7>I`8&9&w5$TISO7+CQwvN5p>I_{W>KONd${TKY$%t12F%>vKG zQ?3-xUNVFZ3{L(^&zBINKHA#<3E>9y`L1FPnV%SNb@5emzYtt8?Ze|1fh(QBS!)gO z@Y-f@<*3#9S~oec{&2DXnjz)jipq~V{=IIVt6sM*)vfpAluN$q{G0*#hg_A+Iro3* zzjLi;whtp<&a|=RrO#gHJ8YNv`NsQ>3zztlmazqMAB0AbA+dH}WD7Vc+IQQnLGH%k zeXd>xZR5|cms4)5rCl(=vyRgH05F%bW{vz!XN_FXCKGooKIzsWUWN{M zAc&449r_$PbRPUdxbY%*VIe1_*SolJoE!-6!wm=TNB)(0ll^}6*U1NU!CsSb?Y-pu z;bz{DqdDlC(AQMiMLA1DCZ<(7hSy&-6WcA<@onchzU`YzFYVjT!B3FNo+os%)*NI? z4tNtshM0R~itaCqNAOteutXI)lk}5cw=(ycz$6ozk>BCihS8di$IFTrl~` z*T@g&@fR$+QMT9M`JZbUe?8+@9&O>H_=fyy!ga1!K zjpv^J*l*6wJllJ&oA|P)v(}#2_QCzS$`+TA3eb-r2TGEeSzxeCJvyNSBOBBuul3KjqNhu&Xji!vJ+%bC!U*fE;xxLp zSozWkH6HC5lb=*}+yK0sb0BZc_|f%m){n^Q(f9L1(Vmh}lrsq{LVf-7jO_JIieSS; zk6mR=Jw+Y@&M<5+{jC}nnTwuxKm9N8W%ll5PtS&@mh~NEF97p3Zx3Ti_YIGHi{A=# z!{32dOX!dKw*Y^UTfUq+K2050u9|&vyYI^0j8WFS5nMmV_+IvnsCf>1ApNS)CVjsr z=h)WuzVwaRzU&HDXK?G$bJ5wU6!y5HlPe!-JLgi{aW@$a(vJ>-N6J?vy}kgym8;LI zOmSgl=+Zh9T7Ffn4aUdAS7(M2KOBSpMt(o}+T!DF`Oryu*OpMeJEuL!c^59;KG|?b zF9mm8n2cb|S2E^50M9dK+@pF$qwhN7{*g28-!txS=loY-onF5#YjybC_O z`}_W>A9Qd@Yas2^-$DI`?i@VQ+Gsnl=}0!DgMQ)UBBSZxA5&Sd_x|ei_8BelH=MN&ms6} z&!*^HG+rbc$7lTjFiu@j)_3Ea&J} z?6OC(qvmOiML2UM|D4rXQAJq^daZX2rrrvjIKrOkQM@xigUr}co#5I_mwwI5_c1zD>r@?M}Vo12(^~VA_z$NlaRz5}MM(hHXZ(@Tv_`1Or{u{J;Mp*4#?m%rKj zg9p#^*&+K$`V`~FuYJJWHx1R(zXXrE>nHtNG_GItIcp5)Sc=*bVm3z&JVD&Kl)?SQ({&G&cSKkYuXSTx+Vsqeg&{H*j@@i~qZ2D>61s?X? z*=J3fchL)_ABcYm2c%cY_h;vMw(aHrBqu`Ko%rvuZM8n4^@!LU=mHts0o|-2|Afx@ zQXduXs$cdL;=AG*_)?1gX@Oe?9;~a&AJbo%y0@pW=~)j-ox zx3AvzUUu8#J=s6fLtT7b`(KQoaTK!tzk~L6(oT^RAMiS7VR>PyI#1yj%rSB|wHLt7 z>tYP}lJ>h}+)W)vfn_(anqyf9`UNY#dxvp!-xf+d%kxw4>@M!#Wv;t*jZ8lUuUBlI z{61Hpv&*leGX~vyUD*BSoeu2K{o1JSe+@f${2=U7%{;43x4lofu;V@XDWwNUk6Obx zwAV=c)?48ZUO2_!GcJ5@5q#k|XG;^?c= z?e*NyK+{hQrb~az6h5P4$x#NiU(3oMB@IAflK?r`TfM78C_5CNm2Yi{3UK#Q^x}QSKH=QyYWWrv$#&R^~&|_fxx8tl||@cslD$aKh1grbSt@F z=(gB~N!Ek*UUrwy>%BuC0-m((yXT=q75x%j=(`()chK|a{u$ihUi&Xxx=F5A_#|Fc zOdaLWTTHefIH~WyRKoZD#5BYAd`;W8#)R*@>!&`orS&SktG)hhd?()R9XEQyka26Q zDYR3WKCAZu#@bUlsN2QhTN8yhv}Jtz&^$lJJWGd=?Xcd%TfFnVjJCad zXM`hy!6>!Cmdh-s$(ehi^+m*2%jaaDk(AnS%Quvl!PhXG?_}$spJ=^*>Os!w zOX2;UtjFp7Jl>13SHK-xIb%bnOmoK)7#NqWr~JEOgUmQX`?Np!S@@%YuWJ`FcbYe! z1KV$T=FElfy(5R(FWQ?S8Wl|3eB#O-zMXx#3$USWn1=Rk{{Mif3v-u`oxQ{69V(Zf zp%NZx_+rrTan1md91S$QNO>CY(R;c#dWa?dYV!eTZ-~xwIllP>^cr$u#?}u)CPJGyhRZc$7Fy-5*YZCt<_5YK3 z>~(%---mu}!`jsip5eR>(Qw#<3tsx|Nuu94bT(xD23{~x`K{mqkM%qF=Amcd+ajlp zOXXLz?TtZuS@@O;UFiJFaqQpTeI^|3f;M)CDYL8t^5vQwXT%WJ!Ml9K?ZmJy4R1M0e;f636x(fL@nJ%`Tk*Y~_X zDXBfRulC+>+jHnVq;lwd9pyWy>vsNw;ztgh&v3@-;&7wODvg+KOw^`Z0! z4mbWa8oCtzURXf=&|d)BmA<81*RE{1f;iQ`Ro;pQ;?yJhe3f z_qCT_?M3HHqQ`-;q(YCH{}_9ppodLf9`GajAJ*QwrZJHpM_gOY*7?N4rqEvZCFp9Vr){3O%P}iF7J>}?&A-U;~`L!`|+z1=lj>3C`K5TIEdW$YI=Ijak(Q~3kjI%J>X zQ>&F9XO^Qc4SZ|0Q(xc`^_l(0ratkK*3Vj-@zqY_JG1v&_Esmn277B0u}-bcb%SvW zvcHCuC&euU?7o|NSWj+r^L?y??+X_S(92SJN7uRdO~to=v(?%>4!fm*z53nI$0_hG z``@fY0sGMle&)~LgHE-S?+aG?_X;+-b@q2Z;k(?heci%!!OBs42j6w_1UPwh59>L+ z5LpsM2bo$hi~28oaIe+_a@hx~etcK;)ul#W({EF%DLbHR!56=85#O#3SW|MF?7SMc zcw!-Wr?m+ArF{^2JTJA%zFBB3`DQS^^hUq6;+t!L>0w~Xyfv1yABcTkee$DeJOgFS zwc}f}=emjfl;BiRsV(<}@9JkUFjV=#J-TfhFe_SK6wPH{LKk|pXzx49?Su|#$p!(g zCXOCl6(6(ctN4iz`Z&Yc*tS2zrV;X*MgM@GE-YU8GW)QQIoH6O;AzoM!JAh6XaAOA z{MU&`{VdbOG>`n{P+ep`^@^q^LT6r^LH(8uy`4Slb?75S6LjtG4RIYtR#d^yxA&*+ z4dd?#p)0OxAF78mN&m4vY~lyb{lae3%Ogayar{e)kv464_AKV^3U6ZXo{1Y-{f$ZA7bt;__UeV6=l(ZZ|ZW)H!pj>`G)5kAK&DV56t(1KN>@i z3cc&kck9X~$44Rc${r0qZkaZ+ms*KZa)AgwKJoyXeiHl4xCYy_?0$a5(`MM)Ci9Vl zZ%nzdy*MYn@BR(wV`e|jpgaqKPd?^C`h=hPQ2r;2xzKuAG588T;%A-~DMat708d2& zKK&Mgr~7X({a&PdXyH8gTlxUyw{vC~V=qxTu>3RS=Kb%ZV>3?Wx4oabgTnQ9CmOwb zo`ZLiB~^^`XC7IiF}VGoX!OZJ|GVhbz>IZ>mu@wFsMZ|jITt(Sb>c51!*X4?mQIR% z`8FHBz28lx%)rgj%hiW4eQ5Xe!EIk>2776*3V7r^Zu1SZSK8B`HEw^Lyvrp{tha0d z;gz3xcV&)j*8q5|y!{=}N%DRt<9BzSu~u`*J#Uf|s#`w2BZ{GeMid8MMBQ!h$!{%! zE_hD7gZag0*Q&jIe(<#jADW;1b-DP$i@~Kl&%Qnb-ypf)E&;nP#+VGdJAmDO59~C5 z-W+3>;v;R~i}*(#{A3OMMEb!(XsMdMErga<|G{teOczmBOj$YoEjIb~z}>^X$oJo~ zam`Pz9Pyn%(B?YA08|;wv^u=8dIE^ zY#;I$k@MKL(Y8>x&Bttde_n0jPto|Qo$*QDIJxi#>7D1sA1OdPe=fe>Yw}qP+CL%Y zzYv;Nt_s0Q`8EUeU3!>wF8K@%{R4;Mw}Gi-L+h1hovA`}%-DVWeqYbf$KQjFqq=6k z&U5YM3nh9VzVK(ty?o&lD#uQdJoNH~k5PU%b%n$iUi*;AJNkcqZquu1@@e34+`+5M zj*tEoGDfW*6pdtj;$w_=V0@Yf@i)eonKZsT)i1{JCjF|`Gy2}lb(OBE_psYvhwqKo z`@rA_lzYdQb?9ySff~ zd4=3#KO1gs{t7XXUil!H-c6gGz|@83MDW$i-y|Q-e)s(}el6eq(L>|j90x96$$^(- zS&bhku(B%Zu$@KsF?4w!c|VoMt_oi6g9p00b`gBa&zQ6yN;=v6m7({Y1>!!NX?WoK z&jRUy&wYxq&a({d*#6UEn?6jxn(Xs2b69Wdue9=|Yv}9^AGDcc6`0&D@k;0sdN8p@ z%)4;K)jz)dW$LXA<<~iT4-7n=`X%qZ_ws2Ey?3c|P@cVM){_VKqlrEh`&S6=DsNm7 z@D~niJc=_2k|V?dM);YCKehL7;n$lczD}R^%a$;09(LA^>4T5?KhIpLf7Bg)^FhWS z8lerv;|Ik5Unn9EX`muTtc~VXxUrqF{=%7KZwyfwypo<{@r`sHVqYu5;HmOv#}u36 z(aZY#eU2_iZb8OlaG>1Q<>m{P^g}#Nx|WZ+&|@M#`1;T>48n_v8iJqVWr|x4^8Fu? zYl8U^e$DqDdA^*sy!roJeBYb2p6}=d_$|gop1;|SN%+)N>L>adIzKqncp3eo(L%rY z{4GQD3scVxlxdtz%+EJ7sLRC@r+))@;^}WG{k_zAs>@jS^Uj5EG>*Q|MxE!$K@#J&1?J+RQaims(2)+NCNJ;SSW8JOIm z@q@eKPg?VF+t%8Rvkur;gfCk*%o<>HnRUQMckSL?2ULvGEPUGdxd-w|7`*`9B^TQl zeXF;Pxa~IR+&k7NV^x1dFCW%?&=1+{U*K$6hqk9x!zHrV7c=(}?zvVXnm`i;IUIClGyYmrI|Cx_V z`J>)6?G5r<=?c;lB$GMrUah=v zA$XnW{u*M!;Ypl3@wt5qu?Gbw;jwZM_F>}-$2Y!X|N7B+%Enmx{Z5{Nl51I?%3>Xt zZ}hCF$$Crik0s2VA3ug{?s(=Z#_w;KO?+P)FfuVR*sx_GE0ODyZSj#v5%Rk%$asKL zF?lPcKarm_vHUK+neKeEnR4{Klfc)=dU94m>rrUk#BG#*&0h02d#jsLoV>NE4U>sw zYKO+PmWytXD0_i=Xh&o0dklX&HjbGW{B#T9S(5#VwXKIA)Z<@s_mHJSS3}Ct9lU$U z1ShSFXX!nDwZFT*lz({Ji~G&~+1epzc=3KOO#7Rn9(g@zKNd zNpq?Hz?sxYC%Vld>`~#_qT2Vz(-X(}zIgiG#M8gDvU%H{m1)}+)uONah8+)ZR$*n* zIff>uE8~C4nS0qg(&@{slos*Y9e;x#)eFxz=)3V>zTb~pYkaGh@S`dpyIY6$dHSK7 zBtNSC?NC3er@lcys#{NP6YG0#$X7(3W$3pIxXPYwBhJFetnj!2-=F4sNO_X~Z}nZ| z)NR6#CAxY8Jf?2{{r0b+HJ)KN*SdD|YTEI=fb1@Xr!coB&Jp~$R1T-)+|FKJUMHKT zQD>wsCMl~z%{zj|vKx_R47)(by@EVFLJuj6mX zyaRfjiH%KO&ph;$*e`vFGJFZd4z<*C=42MR8Nu(3KKA5wz#H6e+kaY^*nEHgmNV_X zNN3)ak?d!x_GJ50dw-0a6I{?WHi;km=}Y^67lPB|8syz|BXriYydKj2nVV3ZC>j;t8bc{)^3gSz4p#F0hicGU*dJ*WuJtGVWLSRjAX3~_03#o^=12gy{|B?G~nxwKhAq?y!ZB8Y~P3Rw}o$sjAji!4lI4hQORre z5n-Qr&Qs?bWF)Y#&t+-n{vF~LhRiFxK)mt*@og@CNlv|4W8)R;(L?Y_>s@wy!{GTH zGx1a9dSu29a@*vBA9>)(EGy8mcAfS|XGiMc=kk4&q94Qxn1f=QR|_vPrXmZ9(Z^O= zdrOqhq5wLg+}}Ejz3i6px%*mE623hfZ2f;v1~!H7iElACwtbe0KH$-h4%_lR2YmGN zO-a~#qSskBP@QGqv10uK)EVG8I^kOZ>Xd#-?9c(hq8*u1?6ht6sYoU>?`0SJ543|r zJ;27ihddba9x}TP-kp1a_mGjwEgL5uLhtGyUl}_8gh=&7=8yU$yA>iBTfjlE3nLqC0xAFfG0 zob=lxJMiKDrFAH;5kAaz@Iid$83!j^{qkBaG%?7k!-dxj=lhVS?ghY0`(^#iV~zbgNxJ;&$HJ*9Q%{C0>808<@a*+$M0>#re@5l=XLr!@Gj>m$yW8g+sM1J z;k-Ju_>9Ku)dL4?ImbpY@+mYivWU5=r{9aPP4a-x8VC2rGPXP$M>$Pa3XZf>E7+n3nV9FbyhmG!6!7$`yyNP|$2AUg-OI(JWf=W< z(7$ecg}{9^=bRP++Yqq*#GQX#&yUcC;*woirC%4HdW`)rh)=G6gL+Nw{`XY()q}jk z3tQpp7pdDD@3ze3^SOQ?myB&cq!@nT2bTo^=<2`(lUj9%k{;+Za^g?}#T~DI<+9Kvryvpzghvwz`kq)5s z8TqCh{!m+FdESM8IQ*eD2b?qf;hIbG2h)fDrVqBf7-~NiIymx@XAZqSL8H@=QxFmloN6`K9>lo%>>~wQ()jD^Inr(K6>wg}*S=KE&U*shIDO*{zm! zZKR4=gPhpJ$nc-o{L1z@6-BG4k2!tI$GdL5KGtY=&<`K&!!xF4)5dn{mrvaFi+lSo zKb5|<_^yuk@wvmZuQls>-`QZ(x$(2}+_bg)e{Rc$qw8}U#P^9w_HvzKhTmnc_SKd9 zw*1r{oAA1WcD?>omtHc=_k;Ue{(_xn+A6l&(zie7+dp~c%1dv5%lAkAm){@wUw&Wz zzx@8Im-+te;bBHU?!nIe)8ULE`tfjL3+{Vp27BDY(O&Y_ya7M0AzxMv_+ay#45J%& zd=y=8F1lZVFHr-|EI%8LKF40s` z-d$a{2m5{=G0)QdynR*t^K$&`r$1VlDE?ewqMf!vpDr{$y22+46AQRk{gRa(msF_ZAbWCedX_WPh|54XOmr2XpAtKc zGk6|;uG;$Ws7M{Y1GT07hq39LB~zt5Y1V%G`3EBPJlDQ-?nm2YBL~WK_DU*qSpVP* z>JLZPl1nm9zv6sHf^9lNRP9pHO-RCsH>{4dB}x6Zg*54xV}iGRY{Z1@$inTCIyasAmg zPTBU!7xx_`W=c3B{P;AufzEq&HFy(8|2$2d=i-9q zEgra{p_TQX)99PSt>HDogV3Sy)|K!C=_hgOc!9Qx(3jDb&pyf=OlIF{4f|l$(_Sxa z6C73 ziRTZoX_1E=$S?7%J?m{fMEaNOTaxeP0}dY>;D1K{9MngA=ucW7Pf0RtFzEWh@?nb`8c6y5V~oiFkw z-j#nf>w(q8g=WrB&Hd*XF+bLR$a zyxsS({auiIy}MezYAcgHBeqW~u(IU&@|E*X28bzJxN`RMsiRX`>QnosYwueZ_FHrC z$kv14#SwhJr98)1+q(h$U9<9;=M@jfm|NW(!Nh}2yZiP|@+PG=Krf^3Hh!+uhP$2o zH+I{@2ijI$()UVc66#)}l8vC)w&bZq4D^GUk{OWM@a{A{6bAIZeJ|{aF9k|xb7w!7@{p^Jbn7vT` ziYCTTCYxZhFB&K%7xkD`C(D+W^||_<(Ty$Tm_v7V^zIJulzG(J0s5A`_HY=TP2Whr zR_uqLeOGOseR+EJx7LMzK2X=C`k(!y6qB#X&pwma*|THfNZ>27{bX}%A5BoWhrOkC z&)ftaO~*&+mZJlz{IpY^JL{oD9(9eq{~_aRwdqi~FH#zQ&U&A|efkRP+L@&@Yvk9k zbvWA(OJ9lIyUOex$a<*y#8}!zA3LFadB`$@9;D*9g>njR_V zd`H6*LSu=2qXPz(OehvQ?vZ1)+ZWDvI5&4j9`OmJo z*gsGH+&1`jNk^K&H_dS=`7*7rKQdRihg}j3`XUQVK2d+9>sy1k;J){tyl3kvw$2)7 zUi*Nr>XIx-W$ecszVD7$<2_q!=L?;9uhvkm95xKv64mtbf-<-ofTGrNL zZ(Gr$?7!`14f+)PY^f6?(f?8SF+R&qe&g`fwsOu4WX`nK7-L>GGf(Qzw0rG&z{i5W z&73QpC_)clO`*0vXmV&Kx>>W+UfT?O4&$y%-?kh0`GJ$lW9TbE?mOS6Z!4`xGyJ_7 z{ti#BY39DG!iug(2BcRFi)5rKUMQpDOIHu(|FoDdt8Pl^0&=+;80X7+9`8}t(ZXH$HF zbD($UBx_zbd6(Me!e3XedcJ)Quv=Q*2Re#Xr24bDH1{t>O)*sSkzPtj%qB5}Lilo};h)1M3F! z*;j=P&_tcv(Cc0JxNvprb79rS`)0286ONn56FtEd8YT>I`m!T zQfLeKrU2*d=l|FN(>cAeeLiDwJ{|OyT`vTBE4}vE#=CPAG6kV%* zU>5Z;KZlks=#!kP2lnyua5MvAKO7kDf@buY_b~fU$IQ9}5g`hwyhevdADv~S`vyLiY)d)WzcxhlcE0< zh>M<8b!%h3-Ou+ClpPRE!lBUh~(;QQ3UoUB|1 z|DYbDmlWH%JLjYyy1sk8FU!0G@2KkUpZY!OySFecG7*2x+=tR4%lUm^!MMmPtCLySW({;Bi(WAiJ!7=4;+>8pDFD%Zk8jcGsE|32_6(9p=W z{0cvGe!p*iQyRX@Z>iRjmu8tgB=hW%kG2bwyi$bJr4HRa@w+S}XJJ7qNZ6p+q2!z5c`)%U=y$ z93UPc%KF<>;i<+Pg4cz!XcyiV13%$ML-sEm!e^gD99Nt^60;jc|Bl|s`c+WtS<63S z_6^*9f_bEl=iV|gxV6^J_TGb#${EuSDL3zbl66@2_kLLA>_ZGwzKyyj@ee#(t?%bX z4j}_R1U%(?ll@0|t@YV4CNAe@2hJ`?U3k7}&R-ae@6p&p@cvSK0Bw1U%dy`K92f_5 z*Sml@@F@lsdh>Cuebt8)i|@c3-ZG6`KPE0MPJN1REC5!n46t$5wjWea9Ju@nU$PnJ zm}zF5md2S!{$<7)D`b45IX3~n;a_y0&3UkH`Ez#ppL7qrHu7r;zxH#M2zyX}uX5lu zh2M_?tKZU2Sn!&X7Rg~fvFl9(zecNil-Wbt#=YiOdi`zS2m5af9=h+wC*-+9z}74t@^IArr@-dzC1EXf1Vb|5b|ITzjPCj|=JJFlaN6w@dj#vK5M5-^fCB>IQ zK4|o4*2|7u**D$94r1H-@Wtj>Gb7-T9WTh*mh9Wd*^eXKD}-*7VZ97kmnsMC3k8uw zY2g!JWzNmG$Pb-M|KR)k!w>1~i!+B>o`|G*4kX_Pq zhodVLW3NArzo#7EO))u4y!9u;J(Ipz+V8z9&+PY}PF>#jJK#0#w~-GOn(BrpoMi2+ zPCV?59J8PBJoFp8EgXG{-=O;V;BCYoRqp$<%AvC-`L*=^{Zr8qR_*(P%Hb6jI?-}n zYtPrs?AOW+?K`D=VhEhE1QRzeL@s$YiopTm;GXCKmL;RCCrZJ!lCjnk(BeGF1)sq; zD*~R|vOeIMJLg*b)4D&z+1XZNoeMM02U-As`?kgjU%Z)LU~|SwvH9X2GyYKY_l!M* z|F7{~sbF{448sTOobkto$@g?)!;e=@VyAU z5g&Yuy+F=;t>T$$bLbne61@EU4~MR_M(x3$Rtui?H1EY&qhQ@Rs`URhJkFoUK1QC}rmC%3ZPgEJ?}pVzPM>hqR$^G9#9&0Dvuys`%dfFF(a~r-+J-J5 z-ZcW52EDhsXUHwU_b1wtEn>=J?7?8|7@k)vJ#8W1Dy}(BzCpiu0%NFxmzsXk-+!b` z@u)+_!??d?!^dui`rLNpd+@e{9}+uLXMn4nfN4kd#{>uJSAMy9526EsFQUtr!5#I% zeSRy?CC43}(ptp+!a{V*o_?%yFy5egXL#cR<(5XOvvulZ;ROfL{%1)7M`8F~nEBJ(OUHNnZT7A) zXR6n<2h9FLoi1GUTyr|`931&ap6mXz%o)j%8+ffVUCt?1 z;7-;sop(*&>c*K|l=w1gtDBrNSXiGEpI*dX*7~uF;eV;US71Y6AJo>vx3LfMn;D1B zJ`ViAnH*>l+=-Te?>U^K5C@iFazK_L zcZ-@bOg_^9``X<(Ev4KFXGGr121mHg;T`0kiQPB%b@rLi+7F>`v<`r+9{Dn3NUmdp z=8!&s*NsKcUJ-b$ep~_FDW7x7J?l?&`0CEB9^v1nSjL0soHg(C&oeUecI-Gq2iX;| zUvA&}DE@?Y-uaVqvU|QgqkH()539&0$@PH#X3n!6+&?VXtAFr;TKS!t8K34tb0e6E zo-M&@Br!{jyBr-r>oAMZ0fYk^u|cbmfgSJl?~mbU?tsqMqSGEkHx@5H2ye#@n758I zm6Ydj{k7;#zG1y}JX?1yK9y1O-G@(nkal<{(F}eygI@(!T5k(7q4OH#A$(nar*Fy5 zp>K+_lOC>kUadX4{px^5JFf{vyI!^Vkm^F;8%9n$@@6ghj_cu9>&SOZ4*vD)OUFghu_u)S`5pWz zvM2k|)eg~r{MQGtr(1OlsoQ17!BVj$k_O7K^_>%q(DANRt8y!wZsMMqDS%#p5Y>`%rR;NQh($%)g<&n$4) z#n(dSO*q`nek0-ANZ}iM1p^jq4B(n<>^8v(j0g5U(h;dByAaVY0|GSx%lw z`2#!2@vip=`sD1{5e?h=rEOCs-@Cfa0s1W%JNchXPD7VpEHnG%2km1Y_PplMk4;+! zzb@ilFojoaTEM;RecdDXHVN*U1LajK2jAPXt!PS9QGO?|J-FO@;zj6hA#!gv_Gtb7 zQ4z_CwePMxnI;;+$A4t$qP{mqrPL^%y@Pq_gr^!k4_Q9qN1U4>eReZ4n0SII=x@?> z_pxqmNspU11AiCibJ*q4&r%*zZUe`^FhS+mZCd}jiEC5WbL<~wEh$IOn4j%#UCY_a zOkG(j2M4}R`AXW);LuLb49IhpDQarb*^Y-;kKd+4?iEeP}MS* zcZ2dh?6+eKj&g6tiEbC9KgHZLcdgd1t~0)igWShH%DH5Ad94+iV&);reS9u$&OwgT zW)QwMg)-{Kei>!DroOL@J-sqPuyvwM|jOk^2 zOdHh>V`_E#<=Al5DyLt5eoenVKEd?s8I{wo3%pPH8S6LXp1}{cLgkF_hm`-CHkLYl z9>V|T<6nh#+KX8;h8KvwX2F*=Hut@@`FgIkia_saVs+Sin3%m{Vc%}})Jw=Y<*@H2 z?q(0N4jH%p6#8Z;!$q9mx7PxV96S+g4yjUnC~F9a!zc zM(!xE5;xFSLvJtJv^!g4naTcqdyE6LTcC1awbm|gwMJwayvTRPUP*aSbIW<1n%g^7 zUJ!~tMY*ZpBEL4g;TDxo4<){3*VAadX3zO}m19GoA4V<9M~s#==~4HcYwdS#)H}?} z3wC*{wb1UvwRT&Hf1&&-#*@y!ts@SLv@w?5(0)5UN6o*Fe~m8&9sicH(g(o1P&T|K zv@eZ%5|sUl|Kz^Rq3&~f-{_vhBKQiWx4xzNOORhX&i2nc&T}(XCr80KzUlOQqj%TP z7xb-Z%z152%r75{;?GAL+{Qlm`3(*q3)p`2_{Wfe=)*zgm-$TO5(n4D{Eht+zJ2zl z-n0@u>k%t4E)0(Vx5l&2ku&w86Gl`;PffR?6UlqrgFQ59-mLu7Ffq z^P153;3c)z_Z7GC%s$P({2PUKd873LK5}@>4|I=?JCk2%pw+tFw&7n@Ide1BE^oAg z6AjJ$o62W~qW=xt4b8lpX=q0CAA1Bo3BK>qwfw4onqd4PyL1no<+|l{cKJ7TKRp~B z!!LC;TDRMD`8AbeyK&N^%E3WfMr=|!d6rY$@_X#^=Tv?h@qPUM4tT8OU+WjXJ;d7} z`-AwLr3d6SYTeY>K~c$3>2^lW;@@!PtYZ9R*D#0s%PHT?{G!`z+Qct=lkq9!L>|ZA z%lyLM#zj7rG{3Pta!sSJy!s6CCNGr#36Fj7X43h(v3A?8b?f@!7$>fwRJohUmDnE2 z#~wIQWThN0;3au^KqDHgEQ7N;f}< z{e(`Wqb)2@PPod|W`15axd7|z@Xp^%} zrXUj{fWC$9_uk0CcyR+SOa3F~|7CkjLB?jr6&xR- z{U|(vUn@HEFRnf^be-oTY7_nLQv0dxd`N@#pbO81)QhZ`(pkgVv&iRq?iX<$_1Y0f zuHQ|2+pV;Uwfom@Ex>;H5_%l=NyUBqcA}4BuRhU5jL;GG>B(oZ(3yKvH}fa^v4eSC z#~v5th&f{ve|TdvbN&wZvLWTms|TKn(HziQ9s5gmDR$N7c3{4UcchcKb;|~nP4y+& zj?9tfbOG%xz&;)4w3o(t2Hy6x*G2liSD*jv_ibB6Ivx9nqN11HRW=;s#6LD(X8!gj zo#&mUSU~b{D-JamS=yFnO*OtK^x1)2+t^3yr*!$QEbtVaRQ|OcDc007>2s`^7sC6Y zFY*nEcPkzv&`^D$}iDe4AHAc9@dwa37V?{leU0sWOg2QN{EXx{ z+0Od6FOxYQZgF-Ld+Ly_>f3h;u-U+M*#g@CwYA^)Yg%)N@zK6V$v(kQ_$@o69vIdG z!?mor>;^{FqtjZ(ruR+n2&7EXdAr@gH@0pEh8@7Lj^`!7P-iQ>4h(bQH-)#o+u-;NQmgZM11{8NGB7=eaA-rM)NGQ_h^I ze33IJS+iH4SPgy^8yKxRSw1Fove;RtHFyO+`ObtkZt($o}Y7MJ7#k@3+PH(w8 zvk(7H+N2&}I4P%j>pRTb-FIx?+Rby~TzWH*ZNpYQ^L#zubc6TZ%$s5i*8}%Gw|Bjk z?n^WCwg>p?dXEENyAQ*M^g-u$q+cv~K7G~vlgF&|n&GR|hv6;F#Gt4T6P@yu;^D!QHQMAXdC^>DWFCUa>%O5Wl|nojCK9LL9hwNEiIo zJMYAw0Q;1N9mZds(tC>a3)x8DBj-S6Af*?7#=ISlzgo}saF!CXY`jD5{EY0%0v0z_rOMC-}VQLH2a(OLL+|)Ts35W(;4)Pjy0p4y-6u%Z&H7j zAKve8DPLK55po6FpnY`*Hdt`7Hfu zP)=WE_Fk=}Ka23;%tn6`US-pM5pvm2c{}}5jQ@Q4l0x5jJ}EoJf3}?dO`@*;O8;K1 z=ZJ^LvxC<*{TQAU-e3)j=1NQiGMuks&XD#cSvPo8uOOtieO@{_)LwpkdS5$s4 z(aGCSJNkogA`5>Exnq;}YfntdPwCE;WM2w2A>VKs@EOKDuV;?CmQLua27c&Dk#XXW zz~EUc!1?njPvin?cO2``e~zO6jAzW_(SL|tNhqI|En~NHK1k{$;xt;Mm%qq5kJ+P2 z|K0ChnE&uP2jn*cKq+2bK3@Tfoh+R+S9W+@EVCFhVia*#;fNkJa_BS zUbXQ~tgYro^Q<|mW`4VQc78^LFRJc6Z=0PbH>gQqyPI|W9oNwoxYet`>KiKhqfrftY zMY&W2Gq*2A%tsFYCDyPCKem?k8_fpy>Y1-{c$GW8PU?ccnen~I_~i5N92i?_gKUQO zztWy7|MnXFcF_MXIc#VPKT7)_t$fk9WZqiA1R17vp`+ML-SBvweco&hYgvaK(4KBh zlN{TX&YnhReXS7s?f|}w+2jR0OwJ}F$DvL9KGaW6CHiP&UkyHWXy7O??gqx1Q^~%U zJhD$Tpz`l|O|9r*-XvGRJ#atO%;~evoa)(z0PA#~x?iR4nZQZ=!p1JmB?fxvxjF-K$Kelp zH=TLyp&t`(SamXe*|NSKWTLJoES=cb&HS_eS0P!bv-aM1ex{@28s7b+Ezg&KF^P9S z8Onc_Zzaq1=gzmCuXRx0)%vRVb_f0%@r6$GU6Zc_*vsBijOgdEQA$~B)_Qb+ej=;i zl3t^jgI!A(_GPn{8Z-7RenoIaI8tP#wG>%a4fy<43G~y(^Bv$%9{SJwb-1Cn?Et(S zd%9G9tx>n)BU`nv?O>Apa`c&-z2irpdBZbycl>7q0i(}M%#%KoIz*rGBM(Z*D^!<5 zd{4S{wh8=+y=3zSAM!xFK|INpuc=0VAhscqJA!pY_PUDq;=eF!4Wi%JOZY>OJq4D( zSM%s2*7*?YYH@gdjy2l&rjRuzFJFMVQ}~xJLG*o#=!EyUC6^v+-6NnE_(nVWuh~yT z-EKYdgLdF=Q;rAdE>TZ^Qb(lLbZ!yP3!l*bDwF%0F?joq?;#P}qPkOSV$WNNzdTP| zX+Z1h1;2=mhbEmdxb2v;iSZA1+{vCV`gG7r>uo1qAA2=_$8dX}1Gxe>t4{Mx>1gA} zjpI*mV=P6X(OUC??pY(_m-E>Z%5Sr2nzebs48Hpcux9z(Lv0qSF)YGe)dwF9Fv+E*^En=Y)~xC5CJYxhS^+&l=QU%oL2Ba6PrGzZJ4;2U4H z?*jXC|G@M1nKq6nCtQrNNEcj8JKeO?wKO=xqTlFp4V6y6chT=^`dv-GtLgWmm2YgT zr{BBNQ{gjdE!j@Lv#CedW%!562l^d!`fatqvswZd)@)p$ewX_ryFC5g>*@Ci`bocQ zt!mqU{uAyG@w|@z+n9?V>Rsro4*sF}?INyDza5IN6YdC?JlDVFIwT*(XR{-P#HxPx zhlBh{x?kE;dCi5KW~EO_=5xM>Fwp{pO3+RiABy}+}o{; z-si@Vmtj7I^{!o#N@#+d(%{3W-0kb`0b!R>Yma`eUe4m zNB57^iEKP!)}^TXQuUg%J8AO>dQ>*@>tFfSwukI9;Me7)(My@wyRh5B0PN6UR@SDn1?;&U7C_hr;vK|8;*uBc%>p?4WN z^DDG<3;n`QJ-Y!v$Ldt(h<7GYUP=Gg;QKAfu+FyQ)6@J`H*VNUtjb$GfsB@k7b~Bi z=v%pIqHjb^CC}=hXJQ+S9C~*S=jiV;$e0ak~=l5}b^S%SGC+~^AUCwjVJHodF*gsuj_-Fc~N$`J)XRawq0&~P}qO6TLREn8NTft&YPEh zn6uLPy}13@L--E8;}lJb9@#%S<$;T(CtqRj>?^BEPyU{M`~;ijr`Rk%HT@XgaEs~3 z@ZLW-aJBm}+`#n~ryqLu82ymV?A9>?xZKy?Kcyf2u_rKmQV+jA%G!X3tB-2^p{v}7 z>?R%`UeH2ZxXTAF#beyMQ{aWA(sO=uwb?`VXU{szfM4Wla2#7x_C^=FtInc6g-$B@ zlK+K4`6Aw`yuixcB737N8-9ikcxpWHA0CwnYw4qhnFT>AO=j29{uH2Z#`ehAk*F0Ouvqi*a)CbeeK3Q`evae15 z=`*xp_OCBc3kAhD6XIo z-&~FrFl){M_RSWtCtPuS;tQWg_cnf6a4H5)#fjID&R%=RC z3(qnKI~_c5;lJ19*B`XMHGat>i}4pTu5!kuwI_UAjrG8OH)BsjPip3QGh?mBXU=)# z2V#>svlO3&#;y5c?i!WXu1NC+oh)R$)xivtOTk=+>}xaMjE^=9j@dBJNSdzXpQ6#yyMQ*80P9y`Sp9u`Rs%ATBLPI(M2d9nt_LLT^-CvzlN7-&YZPYV!4f9 zQ@ry$?JY4pCe5tjh%VBAqn_b6L~f)Re!axw%UXY>HGLg$XuiTau$sE%E0vE|eqp;V z+b=9Xm0gGJ6L#y6Pk3>rHElI@lBiYR#xvJ*2i|z_Up9mzUMs$Z=j5Ec+bI`uR20a=eAQv4mOVJb<0$*4;)dwJE<4? zKH)EII=3*~)+gK=xTnrCV8Xl}aKBZ3JJ3~B-_vS??^ItEdX6na9Xm!oqZPNBxVwK~ zJ<#&pKjhxevY$VYbbqgX-)cR09kExH`)0e(iCfx19ABY*&t9yXOx)H-lJ4`9?%CvR z+x^b_cX03G-7}xFHZKA{UH)({zA10KIPy6f3yi-JdjCNzu;iPZPjIo{iS5yPPHywp zPqaO{_gvAEL+AX!4&CCd9Dm=dfza1a6hHaWxrM<)#K72RJK%@wW#2zBFrj_Bo$_Yl z28fMnv8=R)v-CsHwC<9{_w)H)u&n{MrXNq+escEpL}w0L_i#3Qw{mVEZwGWbbKTa5 zdADN67~ajZ;JMf&{2E$;Cg3;uDbPd*@%)|mLFdD}b~)>K!d20P`wZO>zpK5Tx6ARn z>Ycla8fY;_+pPk@C2l059s@r{bxw;qsoi*Lm%^trh@;>-k z!&cquH+IpqvD_!uE4iie%hlO@l{KxC{$k_a5yuvp{Q$87b#^Xm#r`a!Zt0VqKH^ii zSdpW*ch114-XNMDD7#RSuCk*SveLh&bi99qEpAp*wDpU$4|!@=YsPdSe~@!{R@Wa+M*QF9s=( z!4pFKw;{(u*7zH(VDQEeJR!_A@!CHK>Kp6+E8Zh7WcI6h`F%*VzkIscfB*1zo&B=plv1wz|HFMuar#rHnb_U?-1~5v ziPgN@y?@PqUgX|CXW#$5dtYkbf7rd>V}C!*y$}0LeIK&#Tdgp;*5M_$a^ECB+Rfw- z0G}th_han)aqj&H`##sbzi@?l|3>%zUHkre_x?Bb{Rg=><6C%#8Q%xEcX>| zD~7FlC==hebTWLcZY;uTWN91z`>+1#Jrh%Q$m;t}JN7NKcS3WnZ{>%O?^(Vo@*U3$ zf&+?iD(0G;fh|SGpXhI~@crrAQq~;g3y;a3mOU|yUv%PK!{80H^+l(xD%!#?-B=Wy z645zG%9E@%@EHxXaTtFRF72J40`DHp0YcG5;2I!M6`_OODVyO62hd*!(k-@D@5 z=jQ+Z$LHR@`FBR=Oec*uPl9`Lcwk{N2dXv@*Obmu~;hvKPLF?@4 z^ZoNGv439SH(mS6=!^O^iE%3KN^_$4IgQz+SL6GnpR#Qp1O~1T*tO9QdSK!w#;?TL zLlrdnK1M|rupXebZvU8-C)+m=*U28LQetet#hOC!#El&gSO?$yoCy^x zw@eD69)iJ02L`e)-2N_0>Tig-i;X0fmOfr{6}%XKhEMxX@Uu!+^Nq4& zfHkIX@q840)EE_4r1isGC#Krx#AE8c9lRH3u7knU$c-Pc`MK^3b~$T&PCwPhX8JDs zb)bJH{&&!xQNR4a&Cs!y#NWjntfsD9>Ose>kq;x6I&_`u)UlH|P{kZ*Tt6KJe6BI@ zVQqsw2aNB#f*ECcuKzOb!@x&pl;#3IKWA4Jpp)!CM-3k>$}gq8AbS$S@O-a5P%0b@ z2Tjg}hh7_8(-4fl0gQypTE}-u+J)B!WI%HMgbda!vuQJiPKq5`n{&@(+0Xgv!{_nk zNp^`2HC~$zZ6ARJ4bEn-OudzXT~9n1^ZO#aQG9DSd}A1U3y&>b($_r7!rmuu*X?#L zW$|_S`q}4X@+rhieEEudjKiCAJ~^88&1d$-<rg3iI9iyYGa5%GVFC+(~SV+S@^$ z=uN#l!2x{ZHK*V)@V-P3G&9kc9+~6|MH{fChZ8S$->0)9$Cr-pOQGEW_vOp8BPGN! z#i1vy`RH5sJDr)jgMAgV7+)ne#_RAi{1LVCM<~AW>(^MDO~3F#>~!s9Y%fPw2N#4BE5~I{}gN5PYDl}H*(0p8_rbrh;S#Y-e09JwK9YDo;`d*h0uE;5ugkK} z>qAdYC|`f}Saf}GBX-{AMOqhzH$=hI=+*j$_rrm{>3YAwvMQP`^v~0rnXwf+zA1F< zr9VKA);cBU5G+9NswIvhhQH=YenX;-DKjHElIol9tkr1__dH>3e%>>O?)=&N zod@MJaW4s@N1>BQPK(yGwx&5NV$QZhn_mK-7q2K=Q9#VY2Ckd62N*w`VjyCyk4P?d z!LQ$jmo}C9BHtKEKatT!hmrppJ*ERX?1V@6(kC159G@-p@qmMS$#S;C@sDdfpJhDa zQRvntr-0Wd{w8(0P9yfgmFc#n9;Yvk>qJQGd%V*Y%8hd-iqjN%L1)BU>?TVdy)DGn0n!rG(q*p?9& zTFiAedQ}J=C`f*!HsprIn2s?f)zt>PMTd3BBbAFs9CDs19>9!ojWd^yt)cl!_w?V@ z56-Uf+wn&cou`&EB>qTpcr`j*Nhoyo*jJ1^&F>04wyzoekNpHK_mDSd*u`fzPOyg6 zyaP^_e;M0h8+yo#_#KN=^QBXtdW5;&0xlwxnw!X#0Z&?NSqG5aCP!E|I=A|-|Iv3k z__WQ@vtI;1i)ZI|qhFtT1bmh3*g~ui-)8VHTTVV`){5}Q`g`w#CmjbLGDoG=3}5DT$-xbGuS^s^P^{5KU zm$UX&5}w<;cb(1?SiYjb=kIM>tLup?#;v${h1OV3!}sq)cHNKcS`Oc@Otse?DsrsI zyXfv(6Z{=>EnN6lVllM7)y{bar^%)GBfeLi>1(Wc8mGoM{Hbv(7Soq^SeM-h4NO|G zctr{Ctgf==-S@kdCpFeyX!caV8a-)6#R|Pw4iD(#ejK?o?K*B=0j%C?_Vv9w{Het& zdVyIbb?p42HLrp?GM85L-MnbvO`JxjlP}sb@de9nfkIwySK9cI12qebv6T zpT5_>rAzZ9elk8};m25%0NP|O=ABxxU`4hswRiRZuS)*MID#u?}#li!wk)`7Xc zP~!enVi$awz4sz>s`(}k{uJWld-f%AZ`^GiF!^%x{vUJi9$!^;=Kt?=$&Cbvg2fg! zH;`*9RwQI-Cnq@pRIu7gt1Y$(BnTM1)n2rq2_z^O964ym4zx|U3P-I-u{C2mL{YrN zwg^tA-`W|@Ik^GB3f4|J70mbjS$pqfC&t>D@9&QvuUFXnti7(!dT#4^p0!p=r0X`} zCcFzDqWEh8eYMwozGxfiI&TX4+`u?C=zEUCe-iIoMLPE;!TJV&aI5HX;wI=4UYdA6 zRAk2|`W+e!nwUJrIFvGfLoDu20Y)c)mD)CWZxdc;0?RD)iHv9$^CFvQ6nkIb?uB=0 zJ+vhRFN97MSJ!o&m0SRh`#9G&4$N+A>3LLi8iy`)u2TW}hq3>ocgX*>8vN^+PwX6e zjO>{vE&@7I400Rk!wvqWFsG?e(ucxQ%7c0`xZW~?~j|j^xa3_^FE^Qc~-L8 zY1i%hk0|H%eWTOv4@_O@(Tah6zmUFD$JYk*eI5DzaeMr0ojUF}b!0}bA#WG>@jkeg z$R&QUy1$ODx#%h5+!E$qb8t81I*@n5rya;U&c;4zS@{w1g?#ic#rC!HEsXxuLB0Es zkK*mvS&@S_4T_(L$NcQ9ljkm9^Nup)IDEkC58X$*(k~O$iZ`h}^flVviG0<1M7Wp^ z9A81M=DcAQ9b*pHY7U1Ycff(9V6eb4a(OQ0{NRl0xRQ76L3Vwv`?fi4K(G2=t{~y1y49hy}O0C^!GPosTW@I zJ-(eRk)1HRx6T8q)6n$r=zdd=-QO0yGe@cuxi#`vV}YwRv|IiT_4yX+K5{m=YmvTD z-tDXU^R()upHG?k=odINpL~PDI{fjlo=e%mVErid8(4=q^T4!a_dTL_VEvFuvtd1h zI{Lvn&xZBoqz?vb?z4O31s|}c?t7g2G`8=VI&D~AOxX{?8vY|#D}Ht$tgBV0;X%Wr zOH4g>e;4W9f%Q3*`_+Xute*#;`(Pc|HALSi?}hbOR44tMXX>+I9Y>ya_gF>JLxl4u zE<-M%hrd0?N(z^66~5(K$r12?VaRRKh{hJCj$x$bgY!qR6`v@y%-P_~^}K5I4AFZx zI)Z&JHg|2ozy9qEYp+6h+YDPrc$;&oz2ASv_uMbDX19h%7JLKSO^iJt#L?txkKCAZ z%~{N^{**eP6X__O^ue`zFa zpp%MD8^QUx%!72(PXe=l0_Qb88*am*87{2gFR8pQ%(K4-c$fd<1of?>z6YsKcwT-s zz*b$G_y3i+g;L;sny1_DvNu9SlQ}DJnU6aK;3w zeII}8@aj{JAJ+Z0>8$*)!>bnn@AYTxyWf{aVUmCi5L3YZffBiHu;+4dwz!&S`%~j|yi{N!yQ+wjUxh+Ey1JCcb9R&j0?PU;Xo`Uwq>j`pPnJa?V)hoxM(_dA`3r@9?^h zn)e3gED;dxW<}TV?#}ya-UpxeVDG%IAWvzDFY-N}|9_cx`5oN848#r5>ZCM#-GGkx zjMf_s8+)c6gCBU;0>6HrH4ePzd2j;Ru{Qy(gt9})KY%yh`Ton9o>AdXhLW?ut=Yn@ z^V2pJFpmLr51lh6{1ZQrPvb($#;-xvsV>rA<+tiJ_h^7;Va``nyip@|0O4Rczh~Jv z_{OZifrDG=tJ|jp`qd%&G$;;+#{aKy@cv{U4yyitrG8`gg)g-*@5Aq&%-V8j^aT9! z!DP+hpO|&)u@o4lN05(KW3MXq4eMTtE!j&t`7?(SI`U!+6h#iXLL<0!kM>*gQBRDtd^~ zp3+x&^4FO6Op`8p(0ckf`8w(E5!R4H>w4zB&N}?{Gjkhsuf>CBOCByxS=aq4W5{B> ze}wLi0FMM?_%-ktw&d2+?`Ta3ye6#dnP=Aa*tzU+C}u1py3n*~znAy+#UH)Vyh~z=`=ejrUF*Sbndj|$ZswVTeP&Qw;C_3r-yO?< zM;bCN6C59oPBa3&bribo{!r0P@7q2M*Bk;Q9RZz@okaUcmVZD?e%PPY<%6 zaT~GNt7X$cj=K9)U&hz83BPlSvlrOiGdnuEt(X zyKR&;_CM0Krjz|}zb}2-e(I`>O^Xmilnhf>&~tXbMSb#9$0+006U;`&<~V!qYXgx5 z=ldGslWd!XWV-sHxqKsoar4{9I^_l0aLTbZ7 z=!4=o+h{wDdX*-<+)c-qU)`oSiDcTeJkoc79~YnLnffyLaRok4>@d^b0x#IRjQ*6` zyGPuP6H7Jv)ME}_XpeY0=Z3riewI2uYxJ27UZ1u3&6vGDYr#%`7Y(udFS?Q4{%!cR z&JPNK7YW8*!hX=N|FfN^#-)`y8~=1JKxMLLY8Cx<$A(YN#F;Lq|7E8CfojFx2@dlO zUfXBzmO1^`w*%lc{@_uyinBU#Ze%mCJ-xfn#~Ke?Mc&wfl4^&Z!>orL{&m4e(C4e% zkL2~Y$zBwM7CNAX6lh^Pv@jN0*v`Je`>d4K?ZH_M+o6SD*boFK?*mRZakf~z&R3LxPGbc&UMu!SbC3uA zDpo061I(s(Z8OWfZ)Sb&((4D1n|N8Bl?ZRJf`+A3tAhL%-m)KMlI5D=G594>;E&c_Hn1 z>wA#;3}15mg&*~9>KKJJ^&p4r?|HN{hq1Phy3tGVuMG8%IrgdrGvyJY{oDi>A>=Iy$I)EveKsk+qxb5F9W%qO2k zA1b_Kqu;_S_J#Mt;R9k5BE)Gm2gpgFEjIH>%*dpS4@A?fTb_`lGAq+#|i%okYBt^aiAsa*^C3D0(egu zf2`T67eWgK*hGKGNSM9!K;r7hWtr)*5w$A+sagY6U?z&LXp9a}~wicbyt8e>rtw@mm2;QO-{6x@oDzp;Bua^?78fxub z&G`=Uv5Tg42G~AgbVSqjAuIA8eXget*~cYs+L0yF5m&?a7g^RbvVUh%Zvr^EJpD(y zk2MW=0W-x)+?ltiFjJC-HqVeD5X31uQRbToGh@7Iy|Z z^iaU}Rpia%DPG80|B&EqaL8FFsqA)@Wo(Vef<|P4se>`9jdN8;g+u?QKKngO?;-q@ zJR5Ap0eUxAV8p@>j0`Zxk0g6}%U| z>-|CAbso@a<}d}FVF%?J@lPxO-v-YAKIX5Lyj$p-`kx?<;bne*C?9k6yz=GR`F=;f zU-H}NTTX1(O~6IAXPZyj{=#3A&#g$T^W^wHR4zFD4s?s{zkdzZZOS+qWe zaV-*D(Ay7qXn|ntLWpsI0GcE&f`s2d;TKeU}`)a*2X2JU^-v1tWhfKb|4evrH z&));@$>jZe;GIvtzXk74@qGZicU#}G{RlrFAWsBu|KEW3sr`0*(Ap63LHqm12XTK> z(g)0SSEKlR9`g`?*h+pAA4H4J34bEb#K>)YhPA=N_zii!&$kEU%V=b6?JbMEi9ci| zE8ViM+hrS6_95Efd4g}t2P=!*A=WZE&n-K-z_hzUWg9}tb9w$J-^2dB(u(Hw_YB*QW zE&IA%_8OI~!EQ#`-Fzz^tSmAnj^E&Xx9kbKY)EC7hmyag>}I}A8LaFW%6^wv5Vvd= z`vr+(yi{esi_D_z2EOGDR(3pP@8n!2d{btAC);K7RrXHqccyF|<<1?f>}1N`hR@9{ zJJ&8dLS=6YC3jKwTa*h7R(1+ytF7c8+_EQZ+z6^{btt)!vWqD99^XHNS5qmw*h>D& zEt{2Z#`|Z=#1@B=4LrX>*^a@=PN!_8mHaoi>}0!ar^;4xpDxeYl>O~sWj{yRa`sQS zW#`&u|3hWVL&;lsPN(e4gOv?YcD|Kta?38W%f6zr^RX}ToIu%U2P<1f+3T%j#4Wqd zF59fK*N2kV@ca~IcMVqd3d&wbOr~4*3A=1mWv^q6!!whz8wV>pm$KJb$vfS$uiIre zsq8hO^#cOwvu1A%kH+aY}&s^ zWoNS|hv$Fs?UupH-ay$feigUuT)XV8DjUZB#`8CP`^I2pZ=`Iol`M42F0;#)t88&7 z`DftN!nbP%D_cR?8CG(x%z zKL#sXOIg-MyWO&{vu7I~`#Y6IZ@!gh5oKQ)tZY4HSvPHV%Vu%^2W5@_pS4ptWhYX$ zd9bo;C_94l>)f*JGf>%oRl6g&4~*w%%0`{CmW96pxvRZEtKBkBj5KAQRGHz})Oil0 z%#ZkPbc+2!6VoUiS-QiYxT{p_x#Dw%Zv`x?xeo3TFYj5R(YL>j&ek8Y}Ef!p8z>G)hYETqqF zzuYwS$=!qIwK+HGu2Afa*l%~2&Yh(5Sc;zKJ&${v^KF}bq4~!BmSKKx#im(H88e5D zO;u}0KRUXFzd5JYx+9;sC2VRFOVjg;QVrU|ga0MkJuA zo|?d}82d$ZA7-4rU0S=pISyRlJWk(=dk)K{i*M#&W$hHstj;^_$DS{{?0D81*mfF9 zowFV`vo^#Zw7Z^u<5M`KyG9bwW+`oMv8KpZ)cZ|wKkjdA7Dd|`4{N*K+Zm&L1gYRc z!aBb&XR37v@R`S+#XBl^s$PvV0lZ3sR^dWoXG>Xg(w|d4)--}OusT@UGRo{9O<6JX z@IJoz@kz5UZbJv7Y6VY&^x@vpe| za2wyqf3Utbm-7zupEbBxn-RIssdHetf2N#w{_Opc><75j_RqTXr!)J#_8!fxpFQz8 z?0u|YpA~kOiFxV1)&z50${d$u`C9XUcU~H_G{@kx4;puliFn4SD7?*(&V**|c1_zzJkACJybD?q1$CtwyN9Ifg zow1bxtlV!ij8DftYeD-VH?glzdB)%?=;`tI;oVjn@1_aw=&$h3ZhMMpTehZr&JS_n zIt92I_&Iixk9v=R*WzuzsG{CX_MbU)?!xz&fo~sw6MPd6d_z13gKs|Y^>ZGv_;ZYN zj4u?7Id2%=*lb|joWb1vVHn>a7*oavEfqscS3pZT7v9A^?OFBGmF7kCeUNXq4Ej*t%syIZ z{f$Ofe%N+g1AF*}c$@d#h5gqZ*l+dlSQq|Fjeow+9|D~m%!77y|I12iNnsQ5#b?v3 zN8opkZ`*E1=?@3{uZ=a&rL=X7c6#d{Fu%bUO9hLbal0k+VRAud*=-7J`+YFM_|)M(*pNuq~#IFfmYrOgN7u??M zp6e%k6`aL$H^E%v3c;3+;gqMo}ScQx&u<{hXiY~1Z$Ak zR$rvE2Rve3p#I#c_!QOxEyTqo8t|neGeX2^l_N{@*u!IZNrinr!&bj_Ib+*x!Qas( z|KIS1vv@TQjjMbl{#$rk8*8B|a8op~J==O?Ipf~sjD0IM?$Il@f2oGO-L=U0Hr75W zTazxkHRql&u4Rndz}u-?@wcw6N_lgs_ZsZb-aJ0q%Nq}jfW;JG(bE&y)zcH)r85Zy z7ky8(vF{bw+(6lwXp?mHvz~J7uZgS<*}A9FW5m%^rDNN^V#L$ZbySW$S&zhs1<`l) zqn)%yXUrY+aR+t1Oy9Z~^K*>%EoaOf&X~2IU1K&eCX~lM&X_sBfw|SZ{+fR2Ozd{X z(4)8p+G>F|YSGCo`lvSJ;v?wI@FsL;@C4o1hmBORC_a1!iedFJ4liuH@1UpU)iI3R zxOO^nqqZ6TI29e|WPNRR#K>#tx1M+x-CI;4y`eTG5=V9?h-sA%>Yq=3&`&O_ZvFG_ zao0LMF`GG9ZZ#J$hW0jJq#aqhh&48VNC)dPL(rzypYcleH>YM7qSq6%Ir`w}rpp#8c=rBgoh7*T{todQKTn)`@|o{a>T07eVdlgAt^K*;(`C$$n^svn zEE1+(;j!8;pic25?^rdCL|Ao!m;7lzNE>5POtb9xt9TbJ8QdPnTGI-)N-mXXEc|KR zYsSmG{eM1Q>16JB!M}dv1twN<6ueX@k z*nW6nW19WHPGjFE9Xbd#njc>OaxIf1k9Poq^ zbe%Eg+{Bc~M(X=L^_Nk%(Zws-hlSt0mhkjg} z`tS>!ui{;AsE=-%&Y5b5ch#rEKky%}w9cPa^@q};GWe^$LI2I#8(0eN2siZ?S`$iM z61C%~iM9Kt&R%N^*EW}C*KJIYKaaYQS$kKpCX7R~tof$Nw-pCY3E)(65Wx2;Or3KK&RV~hugvG&4N<6R)0uJhVx->ox1Ou4=VSWnhyJvq^u zXJopgs|HwGwnMvhx%)TPSiYN?!+8ViU1gr~8^`b^#B!Hd2b;{3;Wu}w$1i$46G z)hwFQ+?%`cs;ne)w7&G@r_o(F|C03y{PFVIo%Y=5x5~SD+9{V0ZZJ<#tqa{b(Yi1n zoK2uZh@Z)3`Ti5sF-PzC+@9)rRPhO);7`7__xRQ%zt7GY=De*7_^y7dUg2v6y6kfD z4&e{IVZFr}CDI#end2DafG0O!_jSff-;A7PZrpjulN}JfMe|Y0d?5>(^{#non`9;b zowjRrE<{4{j@10L zA;W}!#hmF^!F(6zqF2F>oyh>zj_O{iC8hZ3^MleQexBxfrqgBeR;Lm@1ev0v%Tk0*;V(OGsbMY zY6#w1k{(Ka;SA>_feY4`m48TN$TsZz)TeV<8hOe#Q9d5|tuw6DHuqDkq<-Hz-h-i2 zZM5%uvsAIPg%)YD=SP5LNU_gLhDGv-L2YJEV!-1Xo}U7~yZGLubApJ6*vvSerhlqW zd^#am1Gl$n_hsk(sQNG&xpA6%gXqKN0C8S_qy0MuwEr(o`I` zk9pe1=5?xqa~(APT%K+8DW)-UhHVLF`_xiLn0Vhxc#P(b#mA^H_poC_x;zXIs?@U< z`eVIc%Dw9eCob3z{bM&t5YvJU&PK2@6x$sg+>R! z)@bn?UJRYV7l~($6^K9bhn%m4CT-c|*i5KT@?vdHBYue0bA9K2Zw)&-YI+%n8|N%Dsrq zr5^oTYwar5+WcNG{|W1kqD5!Zipo*i%CDw5>T9aay;+pn*+M%4nGp>@|x6LI!CT+1ot|i;~hhvBaS?x^Fy^( zj~DoiZ%A_2oX1T6-*_ATm4b~bOy9YWN3z1u9Jp(xTdmKp#U_kzBR9)x1>Vgqf$4?F znmfQd*|64EIyS5TcgStk9wOk!T3NQ-!fpJn2QLjg`JDs&o=1*`fM1MxO3;3pbKY+) z@DmNS14D2%s`+gOc5eI1>(>8M!E`qHm^0?y)Fr->@6;7?>O#k84q3SmsIDE9Q6Bk> zM6-((t0nsu?^V33?Qgoa^?)sxh1(B)!+K;MWn9|U)5YHj1I}CY>ufvbEX>?sCwL~; zoZDYuY{Bz8K6upDLDTiU8M$_Ofc%x@ufSFzx!oo`#;IfZVsOBezu1(Y^HJrS0v|3< zTJ?bPGd$%>X@3jt`*hwOxRmR(Z`$U!`Y~VSwXZ7n$;h^Y{pr_B%ZC1e5%%w17`gD# zUd(>HU=sXhm$SA>N1k(*a0l{Bym%7N7RmXOmzeYAj_~^sd26MEPbos*TE6G^Tb&q3 zc$M0{n0Cc?+C6Q1=V!3?e>9-|mz?%9?ebK;@2tY0|($g2hayzvQpR=c4W<1_Hk|3{yzNp z+ZpHfRPL<8hb@^KPOr<_z^LXZ0pc7LzucFMz-+|?2ipBKL>q;ELuALKK*if_%4aX-m%*Ez1A#@5kHKIFKYZ`*);-ulgb2p%4v z=kWMkhsVdp0as^T6~m|Q*7?wYI=%gO`O{j%zx(cMIRiX&|8@`aZ|vLXc&cv=b;T}2 zhf2vV+zfu@Ild%c3S(z2AiU7pN4972{!-Q>1(U60{uE*Wo%B-HC;3x7zq9x~-Sa!d z@6YwwwY3Ifo!V>XZo}Rih9(NIVapaEn{_ER?0k=HJRcjje2_Ue1d9|?5vOmmXNAbC zHR5+zgDOpHXUWri@)_IvmeDzIqTm$H)d?L*wdH;;n+v%VymD(M;ANj z#=;Dui>>$SV%wxUcyuvC*XR<8Px-rav2l(rM&I1Jytb%JHvDx$G;3a>^z**;y?C|e(#Q^cm5!b_O}O-;bmxC8Q_@radj^Gb9GWRm!-Vl6hTvf}v8eZ~iGejA^; zuVIzzgLirPeplwW{ww>pX{(90(1GwF+`O6kcXB_PVef3Z;!?K{5@o7heCE0uof z49lbNxwq)oPG|4A?yHtR-u?C*u+X0L1;~e;jz3;`meMcm`Xi4J>#_h_i|XtIo+|e~ z_3beArJ23#vezlyt}D&dwZo}P``MQux4pn;5yv@iu zVmzeZ-?6CArX{-lk@iZXBhB&fG#9_GL_T}51mt@=FKAhp`Sc=VJ$8Ak_GUB05mB3Upa7!!MhU3l@Zi0yP4=!^;ncwY{*J< zo&8$lvF}QHV?eT=dgK$gV`qZVUtI+3sYm&hrtfjSKjqZ#l`n$jKp5vaFcy!C!{fX* z$j@l*(x}^GgWSvd!t*wJm@t7vX5H)E%sXgt^zRWsXp6)}pejfSOm>W8^1)6D$4L|h?II#Kx z?$_X4ihV)AUD$HUYu&{hqo*_gSMGUV7!u4KALFXK=qa zX9%Q3@d1q7m&=_s@Ql^mE4$C>|30Vx+dch%A?L&We}Qu?&6u3N$hW)Q)BlCs12(Y# z?BnlOMzGyM|Bqw^ySLJRx8FOQevh_ZH1wr@&!&%6{A~rMM;WKap*xQ4{euhJ ze&qjgA2hz*YWe;4Z2m@uHq6R>X=5dS_w(1|jI+lXXBXq_qRt-X$v?`Pw+5J}uk=OI zmM)&&!#w#v;iUOSMAGhFe3!=A#W=f|ryk~M3uguIR2koSy=As=7m=yQDWh>7Wt_TG zW~XPIM;T|@t9Nb~4}GVPeQ9GO-;XlZjxjHpdD6Xwot!0bjQQ$t&VHCdU9(oCY^vn% zF)L_zNso95_12Td*}sN9bp~)(y6Q~p?xIe88;GOzj9quaH!}7u_*~qv2bWe&Z)EIR zW4q%B-d$zJUeDO;8G9pRFXenvckFJNQskSrjK;pk;AsD`uVL&##=e?9_RXipt2xzp z)1$LIvh65%8lQw5VI8hJF1s9AcClm`>+`k&^6bX5#OsbD9ovHTO>+-Cax7@%*ptNk zX}vAKtmrOQh#c|Ava2bp?>^!djGp4ivO38!>eRWhorPwPd2*bU)_MS$ny^yM{X3ty z5ZOk(cK!5K{!#LuR-B>Iv9C*h+V(I6*+LG=HZ)8&uTcpdu954+;eT;DbR@g$U?5^_mkkT zIUCz4tF@u(=`_CsQTgQ11^U72B48!H(NDgC3(|EYQzl}28mJGn1OK}`XEk{Bvkd$J z-t{W7Z!hbJXL{`+jvOauq`RP{ZetJ}sY2gsL=LQ^|0U==KK6r1MhYignQ@n30v<|_ zGIQ_L^P%4ZbQ*UYr*9a19ES$zmsgtmeEaMZ0q$L@$tL~z&N7iwdBD&qGrPyB6tiAr0(A^2n)6%(8`Piuw1tmpofp71r zbbJ{Lv90*ARY;%AW$YE?OF&b(z(;a+5$B05qK@tOT^6-icQ4}mOTbmMY~m+@%X7El z#}!?|+r2tquI#y0>;c1QqDl~kHwD7vU}=wcOgA^9V?Yg`5= zp|hN9aFo~!&AtA#9(sy4;>d^@%yVATIgteQmFjLZ>MvN5e;T_?gR${pAM(zmI>&D& z_iT4y|GW<#(g_ZZ18zI9!KJU98nJw74ca^KUw=jpGk)0+4cw52`S1g+*>naOn~EOQ zQ*v@JxYe@$R9V4IFiVH7WrOa88?ad*xB)*CbAo);o;Tr}IUmS{m18S+VfC#+VAYE4 z&V|*$^^gm%3Bbf_I}^@`=gFqBZv|&Ox${ZCW~g5^p`tu^o@BoR*E>p~70w^{FrEo7 zC?5f4E*|6q`!?#R0`@b}Upjz)Df~e3O++q9&*O}DrxTccA@Wj{p+&VhN-(T5a`aswikdOiyU0@g&?s4J-#|9C5VmL8z56JwWw zAMnb&ieO~>#qek3aN;s_GHAdax9x8YNjCfPnN>Z zIPuh1fAmp2DVK57=Gwl1g^p}_fpxBUf{T;0 zz(?*RieeLarX70F-jr|8{0w7N ztc7f7>`56}B_9Ox9XXlY1TR(l`dfs2--moJMZVYHwdnL}W@Xq`n=KU+Ycks>N`V#i0pntusSS!|mlJmo; zrpx|NG#-I~LLRulS~Tk!|3;=42*y?nB2}2;Q#-?`Oe_A7j0D6kN^83!T~ud_+^7 z;C@G#wP~?%LU+3QqZfn!qNz68>Ifqzp#|NkWoUyt;})VfY+iEl={R+9u3tk8oM+<` zxUTWvyXUoX8`odqY00nu!;6fse;Y7TpWStj`1xqzcN%qPhLTrMhvoU#tB(%rFTV^d znWvfH>n!>(8(-3Ra9rowm#!mz6Fft=8F^J6IO9t<`+FvlZ|>Rf;p(N!rpwN3^DKKU zyX?Zy;V0OyzRcJ1wRPvTeC-y_*{=2tePEq$NW-UxW;IAo{tDgT(|1oky_;C7?29Iu zb1L2Ull1#DcP~4Q-FWYBDBE+k*wEQi$c%S<7ewCi)iz%f;BF7@R?$6MM|`Q>`8;zh ze|IVR)H|Gg{torK^_}An6}^FN^?lNxI{W@BHGyH>y0ajSemr-!-28^u&wJ|Z=vTBC zQQyuvlQvCvTE2}u{v*1EWMBvWi<#SkMfN%%7|j|9tifyf-OdAlE5vtBUdUejnmwNf zuZ?|sL@4dLTdj9iIe4J?@8x&cr@Z%hO9lm4;|0KhAalEDJ-Xtxb__)98sw*B z@pY`Jp&jw5f(q>)3+)jO-<-mJH*miL9uli2J^+50V4qkUbkJ5^+swMY`a$SJ=cILB zgU#du_(4`mtM&*cuCwVvd#!Fj50qV{1D?~lyterW<*rsa$}~ZT@isfZbO>zRhvs_n zw~^;2>b(h^5nmj}-1ho@93J>_zr_>xSyuPe$kSAGf&1ZeOQ`d{B|Dy-Wt}cuLLX9n zsSQh5ALW2^vbT28f7z>#5*M<@Iz5eZSz9M?e}?EqXS9kwk0aYQ6O*53eLgalbm@xH z8OJ>mN?tWI)La6tE}?$O55@L%!jF%ESGuEQR1R^$%#Fs^3mbUvG4N6A4C$2WLpo(; z$4Vr7_Qo7}VA~yP_H1GOu6*7)ROUtcotIsbT={;_-bp`TZDeJ3*D>}BwD+%1u-EV84#S`F=-Y4iC ze$wE}B#&icn!WsL|GYk&W&Zo|E7=(es8jnrjsoif>eTyMy;G<5w)?f7B%k1|XD#<{ z2}c1S7`G7o&7g?!LyI8m-7ToUSyt|cM0*} zE?hG74qVLGxUb?Dz*BKat_X1X|E>Z4$G|qu3PFCFwJ&t6eJr9c*=1B3r>Z**&$FvkiPbMSs+PwWs;2q%PH=v?}IH z@<(^RAh)<@)P6q({>)@d^;Swl74xO@jKk}QHM8t^C9Q$V$cx{!br$)Wkje53FSLTK z3HY-1@NZPSo%%9De^&DEz57$K6w4V;1><>@@tE}_{8W9AzUPIDi_?ZDBZr52@LIgs z^*^2pq}ca;;v0D{kk;?MPsMq>Fxq;?&v*jBqU}@6Nf+}m$1?ktw9hdGJdu7ei*wC8 z;mP$&LdnI9w~ICM6;`12D0)X3d+yfW@I}r+O>4OShI5kg10BQG{(jH>hl+ipy9=;y z?n3TP;10(LzEIJt$VPr2oRC+{ea~H|ucDk}V{aNVQfU*BkHl*}(@33)S3n=$U5|er zJ-6sZ>M;6oZgFI-)pdG;Q%7&wnetbZw)Tu&N4#77%@?ga18+iJXm8ocN_5z*sgay} zSMJn3BEJF;60^Y{$)7pE1Nk$CF}7ci9O`1uW2Hr_X?HdFB>(sw^r@p8*@13FjE2!u zR=4}{!5vB8j{defi?c_;HRTunZ3q9hJNUN){Of|p_E1jvC;q5+;a}JF$Yd+6VTXf% z9hYfMl+s$opU$_|d8$5eOm*uoM&AO^h4xd*wk_TzIakiRcvph@4DTB6(DPKrMqZcC zwUO85b8X}`^vpU@`#YaQmvq}{qn(BDBfA}&M;=!@++U)0j#Kt3Ye>V*@T22zg^~|I zBn~&FG%pg`s3M{Ozih!y-2mZ*&|T^=5RnZeUK{)|=rwH;3TwrfgQj z%^`R$z9p^iC9}jUw1>8HIqMH%AiA2)j~u118Kljg0PQh{+8e)(xwdI0%|63Qy6o=a zNSwVRr-(ar=i@P8w^Q>mC3H9U3^tVGzZ%b+)bP}N9O22D5_OHz!6L+wLLSZc+?w7P=ejmS6MR%wrlb&jk0N z=TBbOC#Q7(n0Ttur#O?d*q`0~>J>VlGqoQ*8@mbP(4Npm@TPs7K@gk8da<0n?-l4k zH5T)1b;th^n+khv_fN74!!avzEwbW-GN+rgv6CRbu9Ct0ZlCyv8?3aA=oXBSE@VDvgCG?vVp6JXc zt!2~DneW-NRO#SfPa}G^(zjhidd;3nrGxWH(#@Q1yBu9PwCC$eho=7I=D+bDjqZKD z(!q(h-SjLw{fkNmPrK}T)>}_}#^A;rrGraxH@{QQOr_J$x7>86o?@lLfBv0x`oG(% z9}OI9_F#-QXM>L7Y5M;IoxfSL=Q4g@3=CWtw^OHhKQRd1ORza;9^=eoTe-a-dJ*5G zqgv?iiecKtrPt;?OKnK$Oo zPrV7|FTgx$eRJt>&Xfn<;zhE~GEAWS;l6D~WX|o?ibiGDnMDI{tf=hxqZ`Xcl z{l0|rE1_xo+dX`%+4G-#!?u~M1Wy&0{QMW)nBi2zTUux<2fZW%8^BNS8B~bA_g-LZ zLce8hEbWn{PZs$;#qTEJ)GvlHSNHDuHNT&ipMm;C6FSe+Vtg^+vx#(*cUhsyyPv$m zgRk;rzI*ZYmr4hI*YPy-?cnRrl@3g=cGG{Ma~x~-Jk9TI)ZHSSiJfn3AWuBn^JvY0 zzCT7j(|2H}zITH=raw;K8~MJ0GH<}6Tp0h7_wCHz4l9W7HPCv*@*6!rG0EnM-{*U+ z)~?Ig!vO#LC)$n4?pS4?5&ZzaeeBWG`A*2`X8&AprO-;=;KJf_HY{psTQK_u&svpF zXU{i#H53mgThD3w%J|k>(}RY#zGbI358+uM*j3rExRu`vs9SYuj4|N)^c=B?k1NT3xEy`TOUr2K10{9E|;p-VouEtt6Ba+AO>-b#) z4jG=?=HpPRs=PV|{B>g$3(9;N=H@W*36Wle`(cQf@Lhd)-sC%d7wW$?)p z@X52-F)j7G*5;FAHO@+Ka~wVe-mR;_n_A$_n*1VtD+nd`y0BSh^SJXJ*eKqr)`P3( zDjl5M>E?HEHB0I6&@Fb6D@DJM|n@I{f8cp7g($w@}|mV6Him{__1xtVb$@CsP8zaQU8JaX(W0yYQnsInNVb7-LT3xL}&Bz1(DH`XMrW}U&j$fkV{bd|Ub8F(4;p83Z%k}P39bsq9s`enB#Kl}1M zPiqX9VSD4r*zjj$l78==$CZ9tD7ltrlhW6JHj)RIF$S@&%e^P+IQhHnl+B(eReK-$Nm(L-eJ=K{sEntkWBmrc(OKA9^QBh zm79vNb_iBCYXMI5( zwl5xgRRY_g))xA{g?&WQ%}PzZ{_d6Nu;9@yTBQv+yJp7z%&%cl?j6y>nP|VV}#v2LBr4 zlmE@Y51W4e`BsB`e99~TP$~IEOFr;fd!_}WNltzEDGtiFQA8fKqq(wFFFwGDsuvoU z9}wUF!Ag7`RoDP!^IVAEica_T$*pHU^%!{Vw{73D8HAY+or&Vw|5I;*);KG|#MCfn z33&7`t4M=)%kC*TT#8@zzr-)#8>Odv_NtCDVlV31Gq3mZ1 z&Yh~0amNePzI}dx;C}oX>k*yzXVxoWpINUQBlh)!;Ujusp2j-mvGcJvz^}T1K^%VP zrw@s8bVA_QHXq(4zDNJQkO|MD?>XoZ(CR$kxFG}Bgz=TNQC55@K5Du zzmM*nzBDbnaU=eb=A-bnj0^EEoX7n5hP2j{Sf{wmcAm;-{V-J2m}1?rhWb@k7IP)r zXx0z8E9rtz^SX?o4eQRcBI~&Sn0%MM4c#fEV|d)R(_Eb-re!KX_;e@-Rv98nh;7(MrXdCHmmWKU|+3X{QUhJ8&Z(z zCdM%{I*#(0jJ29|neM}tJu8zjW--RM*WS9u8X8@nE+*?MU zbLexo(`Uxg*L5juVy`cK$u7R-G(AIu-TaE_@kM)W9ppE3@8nx6Ud?#o z=x(xEmBP~#jO`)LLWoHhKHt`*e~#Qu6w@dAK9%=c$@ExmWHWu*EtyPzKf@EgdeS<0 zso|qhr8A~@F*M41lj_@ceq;f9z*c>Owu*RGNT>Ujy)OO{zt_`ti}F5k3A)6JJwJG) z=h1R+KX0@3mNsalbPV(fom9GI%Fr8FM>nW`r|mVo)AmVg3THgwqpjDsLe@__(Ld2m zZT<6JrNf6t@;pL)x7u}bW<9nZ`tcq5@p*4Q&?Q}Xg~=O}Zs)+OnmSx~9mW4;#^}JS zO6>rz1nJ0~-4=R+{AAxyy3=R*|LHTjs|~N~^$mE*zf4^RU3h(w^fI@f4!q{l&k^2! z0E?CdRN`s#A9-(4nVR(_ zAU#6;xo#T{+{V)%(MYeYxzdh#`{oz=^qxdzsOUb=c{{GXc_})~Kzs8^;!hKG{q3zi zZ&}F~zDj(e^$(H62yj_>M)4d0uG|Z;$n-*!hPcZ*H>mKL|KavHn3&Njd zyO19#SZlw_k7V+I;}*1!9MPRXk;;?zY-kGvT4ld4#g0iNM{+xLZ>R39oV8@yxi*cx z9XEb4 z`B=pllWzsB^Pj7j(NI%k?J7mDc#$=C8*^Tc&E|1zmhyMhvNy+)osE6ZdDtNGfJZUk zbEnj9B%bF~oY+CVi%-c8ALF;3H^+=u?dDN;0=^vPT=ZhgcdC*Y!y3z~X204z>;nfa zD~G$ftY$~o9{Fs3Up(ro?49(+cg2x?3HZF1zsa61d2lD~yJMD(w+*?5z3@~VdrgHY z6WXKw5arCd^z1rxrvhSGF3!f*AiV+J(h0o?=kE)IlJ}n%b4GO!|_1F>UCi z+M93`da>h_h7jA75&bK5OMi`xvgg_O!;mHI=xG{LC%mBxo`hVCivFeBg&9j1b6jtw zx3Z6}^;jU-ntpce16N=V-v`{XxJ&&_@YlZkJrMmWZMb9kN8a=3zrCkIdnxQaB;y&& zE0*=lQKNggGdjE0oV_6a!+g8&jc?W5 z*k{**?@pYPt$z>fgBu$$VUT_(HsXkf2e|z?X8O~AznEefI>1G@PdbxW`=h=6>JT0X zH`PCEQHt*?aQj#H(fw0Ar+of`SI^uJ!%O{C3}+`eq}WZDU%CBVN=(wgvwCHFm%XWL ze*ZrA^rU=bzjfZvQDASwm$N+SKlfSoTi*-@U$_5V!hK+%as29I#?b}t9|h-sGst*| zJNgiRlJBpBv2<0UD^}wx1jgOOkJ!G#Oyev3sQGZmW!3^S?D1_8FJpZ2r}g6pX?)LQ zUL713{tO(S&PO^9tTfJt|ITq9gRYNXLhQ>R<6X;|#~V*99Lo>d_hZz8i*ec$uPv{& zPDzg!&k=u-e2`4a=lo{Z&o29caPmLD;_Pn%ckJ=m_?M5bw%~rwY_Ue^ZjlDbcG(QY zPsN|SdDV~pJaZ5n1_oam0E5?@F}nC^&u8Cx@*!kkF=NSMEISz=wvX-%p6%GdB!d$0 zLGdKnS!avyi!U->`C7g2rmuCjEkym4KeC4ys08(-Fn+JDq`4aJ>F58Uk8b~Vnf*R} z`vC-R=`w=%>#Qqs6w|%Jw@dhWcFZpgOcdtS&Bhwk9V#I_; zMxTO@euus(HcUE|Xxom{8F1I97Z2%sa!!A~Ap5@Ce|x`AU;Mt}8^uFqqjzPu^sjou z&ja0`2G(PjR8HS#`R~C0%emcF1jaT>eH6^?{sf}q3u%+FB?|3+YHk$A{73TE0-r|U zBY6>M@kLGodz%&mh8FcLU9rc&%hq9nQTEe5qV<;GXyT!%HwMozd>t4`zmVRcbz0h8 z7e9Nz^f#sZSM+xrduDr_{z^V6zN@oee^a7orZM-_*#@6%7rz9yUG%GiHf0Z2n@7+S z3Xo^QFZu0dZ!vfjc5oY6sq|aGBm4XEJ>TTri%V{d$0GygRi1> zaSxnp-|WtjVtM5Q8*|szXJbE=jN{y8V5R+US27o}71c3z`Sa>6t3kGK`PCEGFka+G zIkw9zbj+39^`3{^iHVm3U*Uo5GVS2C(Kjg5MIBnZ%Vu#Q?H;9F#hk6SGFlh#$9lN+ z;`Ut=HUa;BM)wQoHACo6G4HGa&^t1mI2&6pv+ckc(V>cUrM9E&c73Wf|IhFp@%Ux_!@BZ@?53;me?ULzKM4c$kA)t9=P8x z!^q42^zWYIBK^sg6F-n$6u4*(4Xx8(;f-|G1pSBs8{xd@ydO=#i`0kTIekbtc<$o2 z9Zxo(ed<=*>;*A<;&Yt6)&Z^i*l%3Je&dC#Nvqg5U0>_t{-w(4HS9ND$lffI#-8%J zyDH6|_yGHjE6>b6T+<#n<%g%#s|bm#;PZ3H#t}&Yc3* zqper)uZ-?Kir+#qAn@M3hie@8*EsO6^uWJ#5cro4fWOvul^*yffb~H5C!ilM{6#BO z+V7oi85(xsUiA@hfA{SV9u>?5&zf{!AKW<$J(%7H_mJQ;2;3{rlpg*#*e4agF-85nlxjr$7TcTC6t?5UX}%4EIYR_hwx7@Sz!( z{q)@#mmTJ>?cGM^cRYB>*>(-vgZzWKcC#7x?Z6!rRDJ? z?U2%z@Lg%a0sXBVS^s9=KPKY;9@c73Qyu$kj|bQ=x^t!A|7{0i_Pv;cx__#FjjBg{4sdrkfb^7NYm*1T`Z@xwUkL87H^>2RXu;BUxHllWT zpZawT^_FliLvG;o&*RYGO6+s2DK?a*KaVX6IR&gN&W{nkh_}27YzFI};OXt}V0i{h zd-;C!6#8+FLx;n8y8KV;FwxyVTnX)BHzJlKx!9v)dCzo-A+ser{gXo*+5+F&Lwu#q zojsK4%$@0*vj%U2M@xUkPuw^ZWa>RaXC2(#QPu z>>>T$!-wV{-Tm(J>;CZWj8on3mRh4*myce3XwxV5zB}Xhzj=3g?997iYxHYnEB0@i zxgxMBpL;Tztl(>2+Ejg#*Qe?N#{YNa6zsuuDgELVV?SqI-R6&Uw*~sGtF?B}9A)Dp z%*0OXuRu4QZzXFotW!7VTJy3P$I$dpav1idFO25y5FdLB@b?6XP28p@@r3Qzuj=86 z_0~Nb>U_b5dhL_WPsri>JuG^(W3Xj?ZAe3&D|M^jiAEol?=*^`WHduA!czW7(5JJ)PI#YqJ8a zOVR@kU4gXLF2>iDo&LbfRvP$Z?^)Eku&qfn*YbJ5I9kewQKdw8L9l+y0 z;L&|uC^?6i&Ml0sjd!#Dosa$xYy=~%HR9JWmO0!n#@#wb*GCsuTuvu<8_K5~hTpbd zMjRe=TsdXc#suGH;=9|IW&2g%Cck`+@~h6le>d0lIbPo1=cs%?`4`*o*oyyCenC#l> zHIUAFBFq?p=fW&}WXen1!_tT~q#pUSH6E=u)TfgL!AN&ONC$SRA zZss79aRgedh+B{R$;{v70mkxG+WjMO8Q1d^J!=gbuLM6AGrnrzeH-w;6P)@k>$~OH z>}v3>)-iwO_P#)y=cO25=>lZ)NA)EWc>92TF}{PP=&$F{pW91(k#)dl9q@UOKCvFW zyn4Zh$02>bA8Z2I(I>2At)bmrudI8Um>?eK9qOU`R8^Cuf zW0LP$^**jAu6wdq&?22m8wlXso9uo%7=}_#3jT z2bmCq7eN1!3n$SgG>-1|OdGVyT7Iu9|3%A&_IawG;+3ZV;h-JUMfstWH-3BQJuw6L z!C#C`3%;xRq|5)Iggk;Lyj(ta@tyx5O)@OeE5n?9Bo7JZlm)hJi+L9EtfsFH>}5xZ z1N-=OJeTvlgmV+onc8SyJfaf4NA?ykE*e_|X*Zqdc~p7LdXPROXiK&o#SOJxrZb~` z4d-O1G`RFD9-k^+KtGua58c}Fc7jbmd?(+jRPdd)RJZ!1HN0D2{CeR0-#yRtII#b> ziNJ-t>Q92a{b1|NcgHMyzVC;ZNH@?wcRfF0!1)igU&QBMdtM}qby^HquXOe@3cs~~ zuw@9?Z;5cj`_dK1KS8FIwl+--gb@{O{h*{wwgQ=m2XA1G`W$va0QL z7wb;-uQ!eTS4w-?*?*cIYnnIq-Dk-ll3Q>jBXu!WS{lI3ft2WH!V*(&g+lz4$HcjcKmspEGgzrR2^@uF40 zp%fUGGM*P0kK}2L^W`nh|0sG*xJRG)t@A)~xmViYHM~N4u5GtYjrKToiKk5l#|NI@ zdaBNje|z<_^0}Pb8~>)U6LZJBSj{yd>(b5Rt$AhHoVhaIy1Z;;sA!Cy=M$60yOc?M$2b;p{-gHV-M8eXXS>3p z?X>Qt>}%`$t>-d9yYL`?z8=GV`m%PsWU1KG~2jOA#^NI*@GKw#KVyf8#b~}D# zcz$y#&*%9TyN>+Sdo#Z)6eo4mj`6=q`6h*$&ur*<^ykV4?-#GDAiY-cNeAs%pBt6$ z8otrTuk!v2^3G9y`X6UJl0!cN9`Zk3nT?%rv>oI439TdeUcz|8j8|(#(ZMlfpw@`> z%-w<|RnH23ndFTX0B^zPTE+!`lzm?FT!L+5<~-SZQ@RyH96k#CP8i$$-ge+4c_=!! zWw#w~Cf#;>6YDGLlZ?}vWKpf+viiYXnQ`W-j_ zWIO-wm0l1^-p+FdeRz#_VybU)wmC=R5Pgts_arevniJ8++q}Ct+{Anv90sp9QI@`} zw^rDDRrafHaQ3S_M+&zbSp1UTx%_@gZH)uhfVYcx<(Ad`1iY~Tx*h{vj|I;z2G7dD zlU2yZmyl!Ip>@&N7UofLv$a-A!|j0qbV$9*v;VK0a|fP?R`)3u%z6KXdDmJjCECn; zu41F6j59HX-#24UGiCO8$~)1ptBXKM6u^GuKK;#mSejB{=`>!zZ%O;(ZkVf&+& z&PFNfc-Sf`g%8TtlnO6YJWLw&-X&au-i1qZfrX{G#@DkWCG5TVmIJ#XJb~#+>k4}h z!>vkh3>EDKekQ%jPG6$*O`)QnkY1}fSZ2@rLZv?%D%xqMAGFqwid85)F4i#-7 zJ*NDpFEV=!zoK;T>V#YW5AFJ|RXX_7NqUp;xXN$#DP5&>XI^LX9%URw`~lB{)``na z3`_~|lnjeG`qhJFwtmI=B)$5T*T>Jfd=ve^DU6*W*o6Eb=D(4((Jk<6`9NhW7X8~Y z&h|}iudpJILE}5oqjo{(@{vg|Er#zZUg!a2%@HR)Noh@dlMl5KSv(mz5};0>&(~0Z zf6sTL__eS57_^^&?LGN#^A9oT%<;C$g!#0jfcXa2|oUh25*}LB+X8TCEJJ-6j zg*h~EgU7n-2-%bcqn@$_7eMO_U%ib&VeT; zz<23fDyus4m^W{|E}d?5#^8;o7#OeO1D?h7y_UYaI;`fvf)>4Xma-NqrC(wCRrWFc zlJ22?z3;{!Ib(DCb&u1pw;b4h7`}b}l_33tcl5%x9oV}4lztJ&7G5BO&KG?9pFQjL zc_w|HMW62jmiru7Zb!$I?&8AI?sG5-zTy{g<3xhd4ZyY(+l7I}e%m*qal|vhW%Tf? zoUtI&2aWeq+-5&~ffvQ$Nq*6d)6Ua_z{#!uv!43R`M?4e|Gag&xF(zs{`i=ueDpQ> zI25a#KhJ)5W0i$BCFBvV=HDP&jlXpae0r?Irxk}KUNl{Jz;hsuvgd!|Ds=EMw4r@i zWoPCd9y=FY#c#KbztH3>4zFT-IU(!RD*RaW+4yIcR7_VH^-=oT81#a%=moQ+I|NcE z=AeTn&<|c-anIq$mMnf2eY^Sv@Eklc-(H|krF`2$9U=6GeCAU$qA_j(cPlK*@ln`w zr1jrV#ShSZo_3y3ndgc<`fcP5bSb@3@+JqFQb!x#+9(kGzr>vjd{xzz|IfWQFJ1+Oii$Qb z9s*izK_JpLHwlV@t!>SWozgZ50Rf{`s#71JxsdRX*vds(IxwAp5QJ1MWneUQT0km- z)G3euIIYeM_mKoJ+7d*S)&;vbJ`Wk)#y+IUR-zT%pjb&S&kcg-n73%2u)@gl$;<_?&yg|vTacFxJeim8 zUwnG;vZL6^tyV@|F0^aF#%3FOI3EWE;W;N zsoUqjv}P7(&uc8{zhpUQRzS;Q>%qgiSA?@Mnr7qg??v1;IDBQ#{O=w}PtJ zcBxm zmUV4BFsYz2%NhqQ@f(4g+r$g#W$^M3#Pn#s8if~xAK9^Me`IWz1J=+&v&VHWG%$7` zeDD&#gR)s~w)a+xKC&rq;~5ftPF-Pa&=-^r4!^;(+}NzSX0Ok7rQb%|6KMX@*zK~n zLrMn+7x9cz<{tj#e{6=o6@Y_=4R<8><%cvLkL|eV9e8~Pc;jyea zcbuw5o-IIz<@CcoLe6-3$<=4r%1yG9o6%7%yY2lqEATnH>(j(h@tr;o#!s?4Sn#sP z{_pg!BJaI(0dr;m^a~>A{Ar;kKYLGfj@MA+u51L^GkM5;Y&xSG1X~msq#FxQfos~6 z{T>+t?Pxbv z@^i?0S(1l}@i~Oxp$NS5t54CNoi}T4&R#?}#>3&Kp3=oEGB3p5qZs2Pp6x3z>)q(Nj6uOB&Es^oq~eNYH@zu&IMr&>zM2;= z4mO!}8DyEsmt9m~WQAnT)R38zzz3z-j{R(6laW_L!Cf`>7XH0bZ$GgGoOmB6UicPt z5AB2*3$a^5O@@be+uuI6Tqa|v4>G(z{i(6#NXUzm{>aRlU;*c?b@H@}pE z4?Z*Ye@dH@k1YUut=tXp<^dffJA^FH#*gxDl zS!a-@S2b)|%w0ToJcoR1@?C44NIrL9Xlg;n8eN9YT|%4M>)vT!q1!btH-3VA>?_93 zGK+iexF%1kb;F;PL9b?&hoe{z~wjJlzAYd0=yO@-sca zC!PFy3jRhS7e5YvyB+*>+60dL>kfyuEDCPj_X)5Hhqc|n*d6|EGQP2{`q%84VI3)h zwX)%?C8x7rQoJh|wLYpjy3Jd*9N1`080YS<&>U)#cpQ2!VXy06;#7}uZtb4=MTha3 zy`p){V*F9WrjF9O2Qdnz!4eftE}ul6-3*1iIS7XC~8 zVgU>Nl-_m>nKF|(aB*(n4%YU8An8@Pn zf(UyF(C5tS(%Xuuvp2lk=Yrsh9>3-D??b&uiHSaD`kK`?k~+1&NR=aVz{Q?DJSQa!z(B-%PuXFG#kS{<@S$KZjI4WS3v(Ezh^}E+1t6 zMf>4TTmDuTe$FJI`~q)zzIESzk|w}@f-Z%l>#gt)DBA_ke9)iQ{{)2-AybC)?I|;} zn=;<~Chtx=@3*_jYuBILQ>1uR?d|O7$k^=Kx6Bcn;$@8EN_5mLtEmGW*jYF{D-&|{yb$}Uhv}aocufO z{LF36FMo)0g{c3c9`h&Z)5)Kq;RfHm)E}2GYiyb5j<=CUKPCOC9q_Q}Pl&ZL@_y(8 zzI^!?LQQcqx03DC)sHH9K7g^~wWqxF>=@(n8|OZ*x56#di4E)Me;XceejA^xZ;|(P z@_rJ3x%p*(MJN-&w){upAH3zf^(XOT!?R29q~OO(uMT&-TAc3{x58W&zfv}KcXYO# zzb@smQ9C+(n{7BhZ+L72bx6j<^KH9w5_hOoa~A2s0Si~N24c=7B|rYnK;us0$BO&z zTpgnxFHeo1pIlEmr#<@9*=F!6)8-PVP1O@a2FKh!@3v{+fNmaMd;tftjyMHy`$OvR z;?*s4Zhp=xB>x>f=1=mR!6SVv84zk(Zw(k%f~>E!h@A_}-CBaYH|>Y6Gr0d-^}&&~ zUR<2h{?02*`%})N{f;VE9>a6c_sgC(B7F0Zr#yT~dnc?QJ~zt$$y>e$p6$Z_Zh7|Rs{FoBTi%5~NQ@%oo4n=E z2Y$D_#d(U9-~4IIqk~QVciQFUpY6mS-_9F#XK|50!G^S~cEv$SPJP|+ zthc=DgOKiw)v$(u9_j#|!w$}ZTE|gc$XrwZsK*b5o`3e8&>#QpozTURcLe)?dh!-1 zFSduqrhJIG*yO~>wcmlR)_IkF;t@Zhjy2S=hC0?zM;ZH*cFBKBypH;x!yLnHPq6$h zg)TX?;l+)&Ke51NjngHMSu<7pnopJBFPw2tQ6i0VAZ71Qzt4xSm2)BQ9>s!)CiK0CIt$6?ZCA9=pUWS%J(AqtIRYPE9{%9`zRUyg{S9M2FdVq- zwb9JR*JRtcbEXo*`~YpYO?A6}wp&e)qMropCVUdBr{t4AS{g;OOixadO`CUlcQJe97!ZRa}5S^VD<1 zQ#KWI_o(7R*A@y!EaJ@=pcSK4pq2y8#&20qc{%Y1`y!jbnRpJ^}u{MSNS#w z?1l2mB8^AMJfGzY=W$*w^ZQZNL#_7N?4z0VJ@(Os{NXj+7h4|4CJq{(3p(j-{7;&{ z&7e=Zqoakm$-lreHSnJ9GA;@SO5-KJNh_S z4hZJ|4J>`bTM_-)+v0C)b- z_1zEeEe5Bp;ItK6;stOz+~735O0jAt9-DLKu2s}^n4c)ah--~G-l-=CV*y;>nBR1PUV$sl}tD1T(IX->&eZmWk{Ybpv{HKgRIsX zNI@3g`KDNjDDoo@|D<@)Pu>7|cU#tW$yq=AW^5i^UUe){c4zEhb4Jo$UETLZ6M@Bw7b3yfOiDJcg zMu~~P&-_-O(;DY?rl&Q2pWka0@6h*}a0TaFPpL+h8r-Bc&f=T;>DqSUofQQ(?+_c2 zxVIbrIS!4z^4#zbcuEIP@}X-#B>m*<9h-kDI1gL=BV3Ay78w4?Zu=_yqkT9oFOc8t zoh~7-cx65`Pvw;i%4^Ta9Be6fFOJPCxt+Z7{Z3x-wFU6?`wXvSw<*R=y2s@Y(Mi1V zYw-rUMR@Q5qn|cjbm;Aac3LCN1OM88gf2Do7EPsZi%8dZ(OG#bwXX_UPmE5%dgx3W zD~4L}=UJOGbT;qMS?@y~I@daMw$v8&d2Q+boixp8JWaoLD(0s7i}-gr|ML-SE83Qh zevfZ19nJW6X!t}o^c#6)SNl}^%5?`U*?%~?i|v^jc2-*4`3>%$S$eGGoO zg1S4Tn>lZ33A*CwhneF>pqrPVYZOQE{}Prf`*jb?uJ>(Nmb{;YMRu;Mo1g!XafnSG z9fRD#&Qm;dGxoY-@mg7fb@3!Ttp9)9hdVR7@58zib{}S)NcJJ*>BEvw(T5*UZkEQ{ zdG`5s@@Hwh`D|UEX&RSKP zzOB`oRC;46-;bmB-@4l>;LMA}QfwO^cZ+HMrZ}J&v1M^$xQe&btPaqRvdh?OhuqRQ zMQ;r{iY)Ts3swAKG4ncNY7(+*G_T|Qi@LaHE?2}nG(tYj;r<1iPIZ{^&V21PzG3Sh zaBcluAGSU`Bl}0^flS0kn{LLIud11`qdmXg@AJ$U^O-R=-5F!bH;FUJKVm<(+Rk}Y2C4#-ljQ$;9bMsQ@zXf zSit^McfPRrOy;;f)Em^kBxnA6_rqrX%lY5-{I`mCLpR5t(PeEF`n%_*{z_*RW2`fUv`lD4csu7 zvhDuG4lQN(zx+|=xD&);xO|#Noq5!$^XS$y9uce`$To>t@3 zt$Z)RC*Oca+`8Q|vgb5M(D`V?Xs-c!5;L%3vDNbY9xJ_WGWDBxVAi|f)f~8p^o^IX z_XxgP3Lb7}Z0$j(b7n@tQR)~$Y^ZRs#KFNaV3592y0`yJ92oU|FEG0JbaC|$@QVCu z75Kv{kOP~*k6_kV`wek7Zhu@{-w~VoU9a;z{;+<4@?*d-0 z{n^uRY)$rC4LAF(e(9`dx$}~bI5SXu{SE4J`S+&5UHMnBNV3(Vqa}-NTe_0DeHnhc zXLLUw^R1!y2b#ehfk1;~Tgv9W2b@iZR>jb&1X|_8U-{sy8JxAypLx)1gP~c#%>Tt- z-tR9M-VGQzw85dB#yoOhd{er$lDfC3Znun)$IKT@EEIFTS$sdr_f5bon?rEvY{P}n zcOmq3;k?0y)716XhEwMYeHu6$Q)s#ddBNSY;f=@v&eki`H996b4+u;iy5~yc8p#w<4W_k40J>xbN$|&m66AIe2ID4Mx!4x+Hy(L znIv)M0VYn6xxq$wGcQD|O_8!tlfgXB+;&Uu({D*yQlXG33if z@W)=mADNx}q4YP**vmBhvDd>Nz0e!2Q?10oZpMtxGi{(xty7Wn)ccaDH_iB=G`79p z?fTP9{VzH7yZ$J}hK0=EoiW~7_BLCGybPXiq#v8$bL__z$E{<}kMw03+ta)Q zzuu2iw{(aP+eGtnBOAt`yC-wErGpRk_et>saw&pu^IwQv);mW8Tn>Y zE{pk6FKm+Iv_BGl5+3(Cczn|tXG-_tai7yqeSZb}UGujmkws4;iyj7_YGV@gS9{ft zUpz{ieKc++a&E{s6hDJsoV4ic&Y3XGH5HGga}ZR17<;>oe#FV3X^waH^;Eo}`?LBzujnnA!cSR5KXpg8DAFNpp*8bM+zI~N% z)3M>C3pnS~S$DMg+~}mCBaHu}_dM`z{2%F!BZy=3+G84%-@KOkGie*!t2_VMzLa?O zRDC5Iv6bHR!(SPZ$U7};G3=rI@@h;fZSK8)_&B0mB)S^?{G zl3!J%iy7?8W@73Ym$*2AvT)1}V zZz*Tw6FN`(V{hV&j8ywmy4!1e)+@FW8P>(_ywtWkWpi>q^C->;ZC{G4ksVr$t|_)M z!_)99Y8~KqGpEXEWZhV*5{8}8AeW-ck0#qQ;wXH?0>0`wf!#o z7@}U)*ua4KBh4K6hgc5UP%@;3mZ)+tY- z(_I)`9J{tzPdN5||2Q0f*@I)ZjN0|$WB`2~^D#IR-;Dm4?~0>$aizYFrLX1;F4k@@ zM}Bp##W?<6=@ajG<$ISH_>g?Or|f&K4nCOl4gUGd=gPS2OOi6~Gb!VFGyZ<>S)^Kf z)f((j*6W*@TMlE*z6IaKaMtZx8RsKdcRtFPy@IvvY|eS>hmT_<<8=z>GEC{WceQ+f zHxA2Ma|L>5Hus=qarUZyOFqaK>w^d7ua}J?f9&7-S@%T0)FKC6o!J0SYYuAPrOf&g z<7c6fgFfR&kQ{Ws+2hpqXDoE&p!^9X@YKuHZTuPNl|0(cr)~Ta#OX;pMt%{0UwoHg|8`( z(PjC;#P);EJ&w*=ZWq~(j(Z7zv8&@G*B8J8?tJXg(V~CX{Ys*hYj3)?rThwU=r8(3 z;Rn$$2CT9(ks0Q`C2S+J7E+5Y)Sk~}tUZZ`IG?{sJk$D1t6@@=k1vIS-6DrE&EZIx|K*{M(F`IOpciC8o%}1FxU6Z#c7Y zhGO8b=@dH?11DzxFZdJut-oY05B`o_9ct2^O8JAh`y#Oz8%ug%BY9rHS9QY~trz#} zv{jWp4L_sO}#dZqln#kQ9c*?JO|oiQ-?><=R2T%HMD=9GH*J4Zlli{Pwx z7aqLR*i7))a`6~vkrup7f5dC@zkb#5bf2m}Lu-vCrQ1Ah`(VH7@U*@^%lusP(Ff0S zEFEV~;I^xJ|DCd~-7x_;I#&P-iwUSJJ2=- zS*E#}WPB~(YWX(wY{#~G<}2(!4F3WQ5#~y^U%`&6P=74?BVUZ> z3i@;V)63kCoQw^Y4pB^-)@BQ7?=4{YFYKQvGCP89Di>*n&u#XGKkqSIKU43cj7DFq;JYUhkAW#i!$<|lv7WtJV>Xk zWR88NMS9~)l(*x&y6(Hs_l1h3;u$i}%*IEY_xX+t>7vW&yKvp`1)F!gexwZ^+;_o0 z@g3gv`|j}na8LMW?Y}$x&;3~Z_iDVIyE|Tn7j=%;tIVHof(Np|eO5X&%~EC|4%MLH}O5uf^9(X}*YrK_E)|U15xDnm`4!te&?A3UdJhJ^ynU`HzhquhN z?;`6nyUGMF&+XQo0mQODgv@#!8B`LmZP+fjKrTj+H#%z|UG=eN$@|@vCy&Al-nMhO z=QKCRGV(AlgL9FV;Y)}VYE6JW(bo2S-Yb9il`y`Dg8X!AoN%W99MY}OSHi9Tc6ODw zju>Z?n=;fP|3zvYaqKC#ju`ODCdtS5@20u+-uZ`fy+b_f@#x zd=0T69^8A!_f0AKLbki_*o}$oV_EVsZWB&Z+ucl`jqJcLrfl>s0dd zHRHcfKfk1Y=5yvGy3+NfX-!va#$Ni($?ZD-ich7EN`FC1J!e4N%9t3#{An8JJKbg_ z=0Jnq2dwa$(w~x%jHS`NIP?AC`a^ZTKKmsD-=yF2FsC@vPw<7@ftl z2^p_6{bmnxW5(s&{lj{)Vnz3amaZOwkKkBkaY5E48I41Lv4cGh(=WkaP(C1h#hein zJ{?^-UTS;|YF=y0-8=ZD#Gws0UxC%MA7n?~q8%3MF?gPYjwkH?Mf9CUGm@1it9{uk-{li)@$HDhlb#isgi_*44F2VSQsuFU!UEq(`R zCx1?!p+Rv94YYqnG|+m2+R^)y^dX1*%9}?!(wjOHNOey#b=$v-_>Xw}^eX6>zGIiU(NAbH)^uev8p?TJs$%o~i%J%u&^V>TN z?})yFTk|*VxmWqiO?mtGrRKMdkHMbbgZRA|n1|1~VnQu2i;tNncJgGlQ*U1fA9{Zg zn1_--gS_I&p{ya@XyDE=?RHEMzU|+q&F@T;p5V9mvQyWiBaN(CZxwJ}T2m{&74h9M z&6 z4ai#g<*rA@Y7H%l9G0xo_vTxYy5NiLtZmS)_H##&tvli2UYye~GEseaq%XKtV?#3I zIQ}vH)*P{1d2R+4WL=DLqcs&<_uF!}jdinQC#V-5#ZRz&B=cPS1O@C39oL)jr@J$r z#twLl`S3L6yc`sW&!%_P+stXjkDfeRlxL0c>GU=}ojPa!tGur=|J_VqN9Ov%IcJXS z4YAJZqyBiM&OWK;F2%IQ*2&-wd3x*?{C5A+u}XE*wy9S%T6U&>sTcN6n)UChAGUqo zLmzx{?wJbi{cNti)63X9$^BH)2a46y9Lhq!X&zM{u-bC4MZx2CKk!JN=v+Pd5?YP_ zBpsVt@+X6Jx6H;~{q6adVi05K2hF8~^AKa{+0UH&Z4&dSGUQwB&V{S%HMfF~)1lXn zG^?HXnNs|H2eqb13`VK3e}e3xqwNmq(SS9|;G-nz-_ZW^(o~*K!OxvN;OEzj7mL46 z{9wO(?ZNK$h=kzxH34FyW`k#Vtpa`=a^1p1)0z9)`rWa|`y}~zEi|=q{NeBY-nQf5 zgB4GbRvh$)y=64kihz~C+lHcm6Lw~Z59EK&KKW_kI&$mI$fIFBAQ@h8vYEpHfx&E zA+r@@2tK9XW_o^4_xvt1zu6~Ap6~E`tzx@sFEa7x6YllIGO|xtJXdp-Bf|!Unr8IC z|8s~HNnKwmhF4_IyLA2ddXVJhIHa&;;f6zV=glzM9j)H4x{$j8H3;;eI&?qVIQ(C2H*<#!=?UdnpcE7U1|VQxQ2 zZ8D#@Ry-t|?I^si^)45;vMIj1pZO9pQu?Q4cEu^hXj3t?_H#a{_IzbK**)|{Xa0NPUHrhzQ@1}b>{J77%BS@h zFlrr2d)DP&o6gy$8e7_XpfP{>uk3xYs#oy-iaKN15<$*5^VTc7_YkzSs8{FjzJlEA z^~&k7&=@5bj)-T`T{hewXok zDfETfC#p6yhIICl>Xc0K)87TO z=ObT5jup2;OeEk1@sXwHlA;TJ1@XqlYwaN)TUR_{x!KYHJ2@c2vQQGG8_-&680 zQy+HFC+?e;9VocRIXF_xsLLyQy72c(u@@EstM&^_gO1bEg5k=_$ps~>J!*cg_wvfj zf+2qE;%Vg*>vZ;rJ^pN7-6{FKd=U4JJiK-9+@vq>v%t`7w?F8Q7g$z=f4BWdP5ViE z!O({GU!eULXzzB~&+xNmdg8{!?VKeb+dy;j=Q)85*mf)!^0O(y?2?=b*3g4}A#sf(pNY2{;f^DxPww1Ae7W4gzvhbv>5mKlP3S3ae1O4sIlc?x zK=!~FPus)`CkEqEcw*x{whpa8hIP=_2I`fr-pN@6hL)zU zcA2**BmMUj`0c1p+q{vyt>DGL0MACa2gH;?ro@@ssU5`|8Jh2Q=PHkEy_A?Zjd$T_ zGB`SC{*fZjTz*`1FMVO(Uh0_G>|gWN@*J%kAKpZO9MoI$6p!s(7&hgmH{m#PcxuQNCPaYGE625eO#YB`(FDFV`Ji7qb!nWg1z$G5+Vq&`!V515S6+T?);)pP_u^Nr zJG=b4+3546{EBc6eJTxRy7hW!aDe)B#z3mPc{FwWqO;SN>F(Y_`9rWX)6IIS?6}Uc z;oxQ?xN*nHM#G1J%^md9@FMszyr}*&M=||JwsguQhxe~@VfElZJhQ>+|7#A+ZvXeC zz$=(OmHy*iEWzOAsY`(2uciNf=)m2R{<|rK-^EYY>nsrFtireWD#sn~9vk5VF}0~S z!Zg~_x~*vH;%9S;ehX5!75Y;6TY2b5?!#kpWdg7q z>4v{-{gAW|BiMSrqui6AyUe*eNc-8Cr<95w8asZ@z723TZZY=^7vG01$r>d#-xn0~ zHuPuMlGr4=hl6v1m-*3u`Y!#VHG#)lT>0kMve<~WyzAlJ(apUansFXdm+{eF)5qMe zy6;)t$K9{X{i^a4eHFMTKVxk_J;sNRDqzkpSq48&snEJi@3zP zmbNiPiK>o-Zuk(N#1eoO{XtU=UcO8jLB`$})~ zCEhHtnig8tcCEEVX}g1VBXvcIhg*s7gdZX`z_Y}cIKdsvt$|(+ycq`G=06lAK0I8+ zSx!ZX)+f-nj|ZtYNd5RKUoN7pBHCm>|4zfN7IK0Wy@(h`iEdag?zl! zVQHS_@(IIk|zhqZ=s-4DTC3KiHFW9~=S)G+^JotX3k)}{<|=h#(B2Zr6G|ClnD z^B)10D6kN>$C^>-(0}$pe$(b!+LY`xd|1=Z$a(5oZgIza5p7(`xj#{OTfTYGtDd!* zXG*Qo<26NzH_L`pr3%(Ez77YCGkrjm(T66F5FJJvGa38S-wpG9z zCs!2_XE&(L$L~`3;|RaumC{mpM(IWT9za>0%iS^&UwSoq@vv1Ox}zc+{Gv5C2b-zzYwS-a{q1?&X*mym zxF0^c7kZC@-q=7V{=+J;&-U%joOd95Cep)yIK~_cA3*be1Phj*5-i|sf3QF_jUVQ| zI%sVC4i0^FpS9>Im_+;I_k)vp(0Lwrecf9`Tkrt3VIlNwrjA9x+)&OxW1$7UcHe&q zzdZ|I{{kL=1|Dyr{Vm@1@f&@b_Va0PZ63S>5C0o7$K_k~LuZo7-#B1pu%MFh7>CE* zv`XNL1DE@*ai;O+j=l4Of${t%^3KJb#+b(1o443w?f9)eGu}=du?k}Fhf4$D|8DT# z44Li6@E@OdjlX?ioiO zB~DN`zMDa+yL~D;i#&6n$xiBzGuE4dyA`?|1@1}Yi;?ysK3}E146TlqPb%OXpKOFRTk-USZfQqOzAndHvO zJS%*1z0btXjP1qRg|+3I_5LAMCy|Sy?I7rIE$Qz)h0geeFR=~zT^7i0i=&ew$lEBf z0*aY!4)kq&UHhrX7bV~M@V2*~-aeivg!iV>C*V|n-(oDi^|+6iL~GnzHNf02*mNJU zQyrw~&iW{_8dw^)HnWb$ckbJ4D#jmB%p4*{p1&q6*P$zm1IQosy}F3lhr-uFdGOzP zjOFw0@BX61mA$QPC+T+x{(kR`qQtdnS>r_y{oWO@#-AL|cmwxQaDSirjjt46e_Jj# z=%y8EOgMZC7-1^_At?@q(7Ib{Zwo3=Yd$LQ%|J({s zxIEbOLGO#}J{V_(Kkx^eIx?&;oPtOH?jM4Qi!-f*;{${1KJZ_>?76?OwtaB5FHzy= ztPb?-81A)-zkxnP9tfW&@fAq+JDZ()D9;IXa2U_mOduPsrqP*azcRW>^Qu(f1=x-vyKUK90VRr|+-z9$fbteSeL< zAEECb(D!fA_YWv{QQ)Gw*ZhN*{cxnU?fub=(~b){x^3X*j;E|dD|NKcci9`d6JRWM zOg%OXJXHD&y!=eMb@09i?>a>c`gVAG``dSmulmAQ0~yzYSl8{{2)$Q!u@k_DYX{0s zQ2&jr5+B{2lvSzY_)X;2NZKz%&XvDT9b#iKMq%K&XT@Ho(We~NnE+I?mK6QH9?kmZC2UM*jYbVJ0P_B zL*%%zQ^8*poRkE$zUpgRz6UvA*2gnRJ~~-vPIsx0L^ptz(rA4z{}K+=;!8@$h-2W2Zh%`s1|mIsS8W zcf%hihAWsW55JS|@as0_lJ5b}`@r%Z{?v&2{J@1Krs;AAmVb6(xzoOa@95eGu-hV+}fM=S}L(KDxpIbcRw@6BIqCKqyF%b(u+B_d=PVH zS4K$Zw^U*WQ%?CMk6gKOpJ?%vJICzd$NsyjLwn<^`#uC>ya*vs93 z$FBA@{f@Sq$D|iTkY_>s_pQ`_1R1A!dt^Q5JYyG$CtGNnxaO5X*-K9PI%HjBB09T- zejuMBjAiBjg>37|q~A(0 zeP1L!GMO^B63=0m;eKsV`;+w1#lLX>_sHKU@+X^dy#t(SFZ57kluHvgwxtF8@*!~N z!l63;C$Ok}7oI5cP<`WWV(eF2mw#FG7!TeHyV7H_=utxYEu>Fmjl7U?|0Szk`o4KQ z^DoBWv}b>O=#3ve`_9B?UVZ0<-?zN8gEhG#d|r!K)BWhJAANJk=b!!oX;tg6v6-Je z_{LQ~`ljA<^*$k3u;Ve`++E0#_3+?O=G?U>`>~eI{Eqr{w^K84<%$n@*ZS}j=mx!) zTUXk5pxwZGfoQm%apUlj)_5;t{b3;K$dcvOeeeu?K9RhiC#@g93_!!w`Pw~3*qr{R@s%DHWfjWLf$CTo969{qLGKTmq(Uhu`YSecc0=N_lN$Harx zTQ8-)SQ+yJZ26!S*#9i`_ENp@nveNO6j_^h5*?6b&8-11x#hC4d~N81(r8JjsgU$4 z*<0uuwIg{Pr5)4WG%N9%+unb2mkV<3EcI*Nu#%_gmm_;lDIGX|?4~<+XTGEKX`FY! zGfrJE^8XFN$1?)|r87=GZfu^~zmp)P)P zQDS)5 za^ooa*5n}ua<60yX?ov*&qw<`vaLz&G4_14LLcRAeIVzQVheslUcIwdZ?NkxN%fVu zeLr7(OAe{+_i0ObGB(-Y+H>FgE(;#6A8yTEtG-RK?WFqa?EY&{H1qRP;z188rp~nk z1pAAm|MWo{X3-Pa4+b5YhM=iv`-tfF6$!Sx&wZ4`@e`fg-QD`?D zJ`3u+=8JQ}QS|HA#E-M!17M!Y?`Qe`W#y57?qbgA#;0~Yb?sCP@x`OUxtZJ*ZND$K zp61S&jL@Mk^PZhUY)2;Jr4M7JKfEyz*)rHN{&%gP9?i!`hFx|X`KDf<{>;RbALP!fI?nN4)=b`3^ui4GhA6%#cAJ&haj{*W ze4mOBO{cDxveN4sW>{Kd(0cwCq+>=<7i(Mx8?4Ma?)_TULVshd%LtCIqXVM!rvmwt zul?ZEgI{w+e79B5QJuNDqek~G_zUn4FRu+wASQ=C6*A69kCSfhI~s4!7+hYvb8J|5 z%QoM}_!z@;H}R%?Yewfazf6oTIFpZ5KHJXN*b@7!6Ma)Y`Bt)@_O~x&&$axO8@Z1= zld*9WS{(xi+3kV3vsrJ=emgLC0rJ<-_hopTdCgDou^L&o!It~KL4Iu^?Qu7~)V2qn zBfXKdIQP&gepq9zoPMkBsOlEaICX~HvQC|wD7%KVhurilxep0kK1sUT_trU8b-ovv zYvD)DP6X!eN`ZHdTZdD3m^x}ntK{G4sdC%4sU!Un(iAHZ0gv7`wjwLC&jjWMktfH- zTTK!8S@0hR{$76UGko^9q_lHC_1&TR;AQn)^$GW)K`ZvZaB^%s^Iqt{xUENIGOV}gV8ysBi_U9hEKey5T z6wt6KsOZC%&bw?CKkMLD}x7h1mdhHL6q zuN%5+^-!LYB_DhrTn-KmiR^!m&`i0d^h6Jx5#Vk80Rk6LEs{j zGN#|oIxaLUh>pOoJKDaJbfWsEHSH19H#%6bpMF`+UokO@CAS6(1pf?T70Rsas;l5L z^`+WMubP9b7T;*yIsY=<_Z_I?e%cASS-};GORAtxxt4#K`d3KV2);Jub<4Q;+lQ`9 zjek_^T4uH}Wpn6oKF8|2Osp{I2-3Z1$`8z@1`j zXAoOmd(Xp9I5Dc@i?cX)%EY_rjIIp!VcO?@XdD>Y)i`VW)NRg4p^qAiQTXF-(Of$4 z$_vbX#8vQ#8GG=|N`8xf7V{sH&H6O=%?0Lf{qgK>bXSd4Abu0Szm}K6?=_5J)#u?2 zi$Bq?y(G)5Z;s>+%abL&yR2_UZbARn^e%|AzR-*2nLU~#D+1bAk$7{2FENU><6Z1W(teZ}Fu%pQcX4D>fN?MjohZN8F?ck?rO~8; zCNA*vq7i)dJI3bYeES^#(*5xfMfgB$pLFvM))=icv+qD~di%!O>)>@-6TwFoq224i znaWG1*)p!T9Sg#{?4>Uf%hoB|N*MbdTSfH#woC64WI%u57>K@v-b=fox6Zffl@dRp zcrD*bc$2U=cuwrm6K6Zs?i@1nr%?yrc^r#N{k@$*!( zZ-P2X71N8Hx8qAok})oV`$`Ay*Bv-rd7{14-gqo`FHQ`Z5yf^8yg%VSlZa#ou>I3r zj_r5Z7~?nE16?$J1>0_Z4~IV6$s_oS6e}=>v)uoScjQCK0PCRqtCiO*T-|w&GvikB zZ<59-vPm&#oQc*{OC8APEv{eTX|_c| zDi?a%Pd^fw>y2L(y{~m?80e;M>}JvP`IP#_huy`mZl=H9`e!o7-N?O7H!vR8-dU7b ze;>9za#Z}Mwl7L)Tlx{9Wi?VkM@q zA8X2&M~A2Qf(3Wrv$_L#MbH@|0P`GV?x>*u&ft zX(qN`^+YK5kk-47!iQ~)#S-}AUB>?hc3kuw?B!A1$&|#sE6VV5FJMfT6C0p7l3Lck z)feK=w@nQfCF*zve^O-9qr{__aW@gz(bt+sEbf~;1L-*9U$hy|S&uu3k<}Sb=<4w! zE$q-jV40YNMfp<8kEC4oa$kECc%GHNRAcAB)#2#C;MUg|ultlnKMoWB8ReP#GwKAs zVd&!F=wQ|pwzVP)q$4DwY#S-l$W8C>qc1a$M%U|34EfF^J6c{QJ}qR0+e@7?*poesK{So5g`f`?t;*3-I z&(+26=5!r%u57NLj4SW<8F`o74<1L}xcf$AN5$bm*-JBQJT14b!9PvR-(%n@g6!$d z)5wX)7tMS__QHe83r&oSgcg$R8c&KbiVtSL1AQK_NJn0@Y@j#(N<7-oB{9R!D zy3&wmkI;^*Z!{+``i6D|uk?-LR_~&nPF*v??CTmAhu1sx4E5XtuNd0bbT6Y^n*6v2 zn*5`qhcJ!IpG%+PW`9}oE?=!>M5jU{#)i(3jord}zHCMMTf%(4nmyi2;p?N|Uwq$> zK3&fo{|4sZ4fxC(#&(^9E8j8rTl4UAA9Hl(;p{=(*5c?l@vO14;9vQz;qKLvns}h3*fWTKIa-@=cePAkBIivKMb8NJ4!f|o)fHU*WjA^vzZr4=XJJ28?}_- z4qRiO$Cy8A-d6AUdZp)QG8TLC_0H_Z*NdF*;_IF1@%3(?Kl#|fm5#4h^*6(JabVk6 z1suE!_CKKGa%3+%KL7o^|CaAR=ijTFUm{(4UjB<0`EACBqnm%LZ{tHvU*h>o)eSCu zvJ1dR^&7|=`Y!*f(aU@@HUr-t;G68Ag_JS%IeNK~dSaB(-2~FhU*Y{9$nyaIneg~e zdD=3`_GieZ`^`v?P1gq=>Q7(MS@<$KV}4`(8FL<6wPw;m`HpJ;X6*w| zEVvt&ZhSMLFNT}Z(ahtGf6Mq@kO!wFXTY)MUz&#r*O5x(0yM{mWA2%}U+@5jfxkPu zf_epaQwrRYb3Mhs+WRk(@ZT^59QR@D(9R^vT|XF~KC}*I+UrN!zoc{HBo8wA*BN}h z`2X2^9jo4i#zCLe1wQG7C~F!s92^V2xq{DwOAT-rpCj>Oc;~N@xw7Mr)2`0&ZNY|X zMFx4>#!qG9hvQm1A9qaW80>oWptz~znOP*p=oW-m0UCzCdxWf>8V`G)R0%Gb8SL2(<{wS@{Z+!DP z{I13~A3+XR*T4_IRSl&&w_8NY@XTrIgd=M4Dt=0sR|Z6(8G8e%rPXPPdX@z(sq*E7d&ur3X6m_6gv z`T>EuN^C{-OZ#lnw3hhvRpGJ$tYbje^qs{8@=vkXYwVFbt+~6wkG@snPpU=7)NUIP zmY+%IS~+!ZX|Qs;)UEu|&&bdw`3j}8%2f|GK(2VF6kW@>)cu>%VLrVh*NQCPe*dwh zhhoQ{dZ+l^BkwF6dHkK?`9*7rPfvfM==6g9@}-Inl6l51V@|DkXnc;D>u#}jW}4WE zKC+?EJCE8r>43G(UQVok8;>(O%bbn+#!DFNQV+*80Ai%4=MY$zQcRj z%-eqfUia~CX+6d9Kev-d-|yy0*#p*N+(XV?KyAGLx60Bt>%L%u@wV;PyqC+K?>oTU znGqw;zmvAjt<$kn|C97TkY;$SBx$orE)H{eW}b&fTzPmL-;UQmux=6OV|ms0Z{VhLiTb#$PE;S1fn&KTuvu>RpVdRF$h z&R36;j*mI~GQK3!e~)fe|64A%$IR|-`aja_S4+y%V(HEyp(goxvpJ)pLNbVPEL&Rr za^E%1HJ1F0qhfGX#u`x!Ig-b`Ew1$e;FBEKi2V*7$H_*@24Bml&npLt!N)=V%Y_&0 zs|&%4{HEp1B^Q9xLW}ba;h~wdBiY`-c-=ugl9OX7vsUYJPmc`mVjXT8Jn%KAo^P>t zPisFK>s}lSzn=xaUKk`pg{OHAo|-)R(wxyFuN7_4+~_>5i80XI(J0@BlH)3xg? zc*+W1${Y@uCo}G3yG`YZog`giS!oAl`{r3W2k{-W1w*0Ln!^=aX`FMG6E1`=a`Aad zcWC}sbj^a*@^yFSWjqFHGnF@^eZWh9@B?0i|A`L%kt3uBjqlMt-=!#%_DIhM_wt{I zpnop3kZlcrvDR(#W)5q*vOA<-jQ!F75wj){8CY$e^ws>iu9S}cVXA6jj|xIhrkor9V}Q2ucv;`WzSUZmG)i3Iabiw zyJ468A@cy~-qDoz^`vVVSLf(ar|s0X#LL+51;Xdi%N$*aFZXwzu`dL;{hwpb%SrOL zWL6DlrdE~*!j-@ihhJ0Y0UFnN@VcJ;dCCrnLBm^EOIRzubbQ9^7(R{f9n`;i$$K<4b#yrHd`$hA|_XZ6x@5 zjQ1h@ONJ$88ToL)y3=pgY;yTNh;Q$bZr1pm*t8*}e@6Att`A!!mwCULlcWEy@wSb8 z(pVRKI!8^klgyRP@!!-bnISkbsSo*c!1Y51co#iyLUxoo?H?k)$#ZO+@fUq4`3pXl z^PEPWH&q{F*@9-KJ;rR_`yH$Yu%-t6Qt8tv6QI+0mwz33z~=4F^+=aq_IxHee)AY> z#n#nkpWl38rFa~7tT=RX8r(#e7^XcfL@V06Zt zt1AXLusQqhljA96{Wl7pP2HhDSZjo}&}1ku)&gTKeu53aSPQ;uu^s9IX$Hm(z*XzO zXnq5u{AH}Omqy^P4(MgZ9Q0a9o#p&v1B5?B_jJM=ux%g%yYpMJLjC&Hux|VX;sJ2} z`VdEEcx3QCk3LMrxA@t2MX2c?;r9~OaExB~daz(RdvXe~|1_7(#TSJQy1)2z^%KQb zaD`?0yPPA{1;5xDk}GRHFbb}14qPt2eYCNFeH*^-1PgKp1XtuvA~ps&%0Bv1KXIV#{7D=)9Mwq^Ex0>Es74$@?zy)6hG~e}3S4(i$+1c->Wb z^jq>mV_3LXzr1}d=KGVrQ_rQbPG0{!HVv{cAN#)kPTySFS(SYM0NmH#=bO8ZGZlFc z>rB}ao{~4@EzPt1`-{jY{7yf;5OLZSx8mWirr@%|!DV;nPd{qb^OF4$eH-XYggc)_ z+Y<0y3BIep&ODg*t7oA5fHjC--i=??+rRGmtb9!=`M^t)^a8&3l@Py69qxD=>%g44 zf7`yVJL&I6KaY*xYc&-wwzd>oUk=Mo6&yBPHl2$H6eV5+&n1u9wnPo<#gmrX_HG`( z^X3PiCNip_V+>gkq$n(`6Wd3O>^^YHDCJ-8S9iuq%MWIFXsNq;a?Qb>9%%H#Kk)t-bp*kI1rCNt)*|1#^aHu%qyN$m*f1p*hWZa!dx^VY zF1JMWqpL3GN%|J+_hZdGZGqC!RfBoPC^MJ;$Y^9dcnzY%%N1YuEq{0yK8YWeW6#q@ zGxbjjx5L&gTdd!WGP9i|-_&e&lm48e2 z|G!=y&c*JVMq9$Ev4IBKXKro0)RAWcLrwQ~qd!KboVNupk40{MAp}puL(4yohx{o# zRAP82&?X*|e$$*zyqJf~mrt}LtH|aHE06OLrDFp4;L{oxysC4Jg9&Wf?TYEhgD!FK zqP2=3`zmv(SM#8f6khB?PsV8qU$MtwNcf@W4PS0?`4a2(gv*zewCgP+`&0Y?Pnxos z;z{TLPj3I?Oow)VOgB7f>=j`AsZFC3E>C_aea~24&J$V_XJYf@N#2iA2Ryl4Jb5Yj z=>k9F!tf(}V)&79_5%5H#CHxq##J};e~_n1clhzYl+HM~m*-dDiB~Bne(%DMoTn{* zJX8kH(uUTs)~EDozv`h+6+D9;etb#kv^$NbC3qZu+@W;Z{TrS+wEIiyGyM3w&l!Gv zjp{Sa1XiA+)6r0GR=P;{8*e}ZI8%)z-Qp4 zy-V{yKi31lREC=VgY)vdWemT7OSkMicujZ`zufHNcBRcP_X$_j(c8vhC%=4O>DZKM zJj*@&GMo2l)Zy|=w#zS0e`RBj`1cfl54>x52-+GRVoZ#pjvNmUeN*j0vt!W9q&qxx zv(n*P$+KrD^CkYp`(1cwZ@}B?O6y!5x`7-^QTZV~Uq+u~>R?H3*P^!3%X`cFOg6zA3)&Dpd1h~;Z0>Q@#4ax2JXX`k2Ku-NU-n}9xF_eO)jR0pOZ4$c`Z$z6avxxw+L4_lnJb)4 zA}tNMxrqLy;wz&YeC@UZb=OmuaI%nl6k^~c-iZ@8?#{-^BjDuW6uk6v@S=En*@pUa z=O?F7#*asxfWTU%n*^pQEo%u>$AxC*xfDt3RTDC1qxU z11~Lzbs5xwf7$ev^C9C;SmA05e)idKpXy&fDZc4jnq9F>C0UtesGBb`qzJi31_K1UjRJG(RXJ>(fn zuAObmMK2DMW2ig+x*neBiNDI2!(daERE1DR$?!GJ63|MrjEa(j*Zwy!|~s&Bi-1~ z*h%{K6Z)_oo1`+-J3Jk@Cov8x)Cb@{NHq}YM@NR&fa1C z0EuDDxf{5nWFvEKeA3r$;9D*A!9V6K=O=kD=3TOOSgy6w{qDA_H5B6$xYcgo)V;QM znE5+*{~>Qv>d)bh*XFyi>9U;twTvg#{Tb?3`odsVxDUVG`WJ(fR&cU}z8?iAk_UH! zlgKT|<;k)KgNf#;?DM0n_78gTt@B;;I3vBgysc%zweT!|Y*yQwCp${DCVl*YC!c=> zd^2I({>o$cbbP()B!^tQ+xwb&HNO7JS6pg!@IFD=$mh0M_EI#gVP%?fL6o!uCl6I=V8Rg z@VgQ}`b1>$c=qjp;}O(%)N{|wP;e~%HRn!%-{*3yl?yrN)P+s47msk(YJ4KFaeilf zykO+qWCt$BK~pWf&|GQ8LE>59jH!LzH&BTfeR z(t1zhY2XLn6~sbEX|to_GsvF){14cCg4p9&ex@UH{6^-)lvZsezW#66OCPZA1FTWn zimeZX2Qr_Ja7O&U(UwI!+31;9{?bu8jJoUL1>)99@7Fi_E4phuNH59Om@wE{`OnT> zU(x}R|LuW*k)Mx#P4SiKUF2u<7x2_m*fLM>TxBJqYaDqHVxO1ziM_%7Up%{NK|bqK zPl0dpH2;Erd-FXZxYNS@cH20OC?9#W-Vn^iKacNYI{(G^KZf#OZ~3cyImkEmcuZiu zN&Cd3jNJ%j#_}G6CkpAa^oNlhj|US!{OQ?MYgx}%pUoH!q#K#3wx+5M_(0`vH|i4({+aLJ=6h^}0~dFT z7`TuvUk9$7ONhBdT62$cudqp*WF2I$V*93`Rcdhuu@%Y+4|!mQ z@v#Y~TC)>Q7x0XM%O|iMEY8A-@+~)qG`YAZ5m&m`7=Mng_92~0e z^1Z8_bxs=(x%P>-?2O=prYuj&R?)}O8RfwTH}bE&aL14p*}lxGT++pFv+&u?(z;DA z+lGwvd3dYt0+?Z0+*vlM{n!LM-&5V>Yew%x^U-hFoZCtMqv%cbU9f(~=kYx`@Cg?= zz$kQ(+k8qMlUsTTw!yjpF zMbJigdbS5VZSvr$0-fUG>7T$8IOxQa@FH9Z2gA<;HxW0s$sLy|@2R*loK>nx0~ z3Ww~olD;XIPC_p);3*#9{>4?H48}C|#Fh{*hfVkJ$F%!HwQJh)w-w=AcIh-${EYuT zMjP7m6sHZ@qne8>fbR|b)L#kw&A`2oXC?DO*`UPJRq3pzV&02+XKkcPcQH)2{IB@m z%S^7nIy6kB(WiY+rD+9mYvueaetWI-C$tnDMNdOZ=6qdfi4DB5uT{6iL&swBXq~+k zo8V{-HZbR>%Pw0t`^o1OAATceh(@ZRV-2{W9nq{AecS@xi)J^FC#|tidFH_b)wC_$ zaX)mVj>x=VBEq|HDE$+4@qT|W@!HC>tI9cZN@Z?y>E@KVRkU)-?DEK-eUu3j4<_C2 zOA9sqO6_8+#?bRcyvrB!G--y1;E_lbcQnB#)(4sA=($hAeJZXqz;inP>=QNiS2Q0x zIU9V_&e2=w_pRUu+)LhT+%zH!mSSII6RQ{l@3Lj0ylY?9U(kI!&zuXBbifQ`JMzAZ z4w!-dsGSg8aXWhBclZ-3k?*3-f-eORtF68GK2&z7W$kYz4)nI+3A zvH7~w8BbB~QR>}9y_wvb+hFR=YK%Jd9)n)ZL##x6s&u=xKRVb->@jU*?9Zg`*3*lZ z5!YSUGTD~-vfH(XV5e;8AwjctEBv%f1~*fM7wkIla=XEcukA&CYwdZR!AnNtX7FO2 zJr^&jv{+9Z)vx();$M4e>UqZKcLUF_<9mfO+KeU;||L| zH^BRj)Bd@88KboW9y(k(D7YeI1sbzY`{rIn8h46xxzpyz&cNIk(O1NSwO@riRb7hl zJwjdU;gKWMHJfJxJ_OB+l^(}0sPs)dYx~|u8xI|3Zr!+{v#sp8uj1<%Vy$6bK4gFO z>Fl{T@m_@Q#Mq5Bw$I^6Brta&{K7tg_OJ5vw!Ise)W%Yt+?`e++owbQcGV3=Uez-P;A0B4T;PQhVpVgHgs-aUBJYERx<$q(Xzo3(s z9lQyjo0JFo%ZFJp|Ar@Wn;&BN(JH8b2D#ih<4aSy>aE^>d~_z+Z_$Q3k@lBS*KF{x zo<1|@8uU>|{Wpc1E5KtRJh2(NRLsBmiQHrJ?E2M~r;X0`vS^RkQg3^O&~*;=RLuY8 z6S;5AcgjgcSmui$^AOMR;USBkTuU%xcZ;MQk&y0mEI_c=7kx7X4R59~TF z z{V6y9&P&d%-%82P`x-ZYsGIzew65^;{B^wF~Gw7|()a1sIs*4i}i<-rN>4^d~%nT``yaA=q~vn{#Swc#A{1kZFVw{~7? zr$xq^G{aYpuTpZh40`HL80gXIukOW|@cOI2hn;51?Y8Aj>e&2R3Qy>cdDZ8wgP5EH z#n4yw+KcE|&6gC%Qn(5`vp@O@ogN)%CD`z1ul+l1sUG+5eCivWQr};$__+F#F|YVe z4#-a>`;wT7af;bdT&>pnHE;f`>Xlv{jopDQCVdt z+H(92@Ls}>cS***xb!%$@5~u`D(~XQ=C`E${@Z`-dMB>(Lv> z(UB4OG*%)Tm)JFU!Og2VRF?9>6UsXh`D}Q21bN^c#_Dp5wuL{zuh{Ge`mB%`7F)L4 zYqs9suKbC&2e;%J`DLGV>h#0`k}VcKf+wO!Uce>UHIz%kQ65Ut)YbXf`@ll8CC1B!_t}mvi^cU z&#ohre6zB$#$`?_D(IjNAGWi;sSbTxl9@GL-}X{Rhm~c{d#Nmyy&7m#{w!?g2J?>n zs(0+;-Hi1$S-V%ycp|Wdb<^!yUr@~D8(F_wJ#$Ukng(JMTG(sy0(mM|1=g%5=H>;y zRjx`~v)i)IsYv{~D@~cR98j#_I?m88X1$X4<<@~~h*f%I>sNTsDdzpYYs0&ULAs9j zeqT3nAP3l?5MDsqwWMW{R<3fTqs=~+Ye)-fF0|!36Hjxc{l3K-`z3P@=N0aIsGo_6 z8p?aQ;;L>O7S3g_Lk{m=*&zB>dFcCC5A?k$g`cPV>)BPZL#zSyt3OW9mwM`!yg6Te zBv~_zIHON&!;u%)rL-eCbKD~@dLe7Q@=SXyw0|JyH>~p@yDQ-_Gd?M&@%cIKh3c_i zPMeo^)28;}yJJI7cYH|Jd(WFNb^?9WeEl!nEp{`Yf7D|@?&HQKZss05wG}3I6IJ1uju5p zA6$H;!u#PT!29czdQ;)G>r2`TTX#6H)+FVfaJk8;$F&!dwv0p7PTRzOFaKZKJ3aOH z5tsJe=}6#w_KqK84UH44syavhE-@34T3~#qEHnct>x)i6tCcY7mw=h=Z*GrA>O{MqiZhIbj z%Xg%@M|>2xc2c zfyRr7=li6wlJ0@)|1$R`U{)4a{{MTIURZ=yi82B04FPu(P#~y%dr`ra1SV#pNq5tz zD5552CK@n(fksg@a!F>$NHR1a>Lr>GMkn@UCNyH)$buM6GA6NaZ=k3VBnd4@|3BY) z-@5m`FSi?9etG`*T;G1{t>v6kr_MQb>Qt4r)q?jQt6xJ0zW7pwGi`SR`cLiYtcP~) z>8@%ub0=e?RpM{o46l|tQxf3=m%UVV)*UaEy7!Hm{W$e}Q(3Ly%sZuN`&FkrxaX=< zp61uNr`Q?sgA{&p!S34S-dNya`B%P%gF`d(cXv)%sQId$n=dPEjhgwS*5a6(FRS8R zw&8DycQLf6&K`?D=l*QPm+2f2+oEmnd3+;&c}{;UYic_u(L}6DF}AhSyvp36eLDTN z7#?|uSlG$m`1bazc5c`+Z~7nhOy0d~&olU7=8agqedTeF@0t96zuq&i?ZBRAoe?iQ zH~-m{&(AMd`Oq?SP^j>Qu1MY~KOKx6fUd{q`b3%Rdhs|ukzaf!JI=|oM z{q#Vsd58CAJbYlpl9j!^Pw3m|P|WzlY#sUVWj_A*(db9cCrOMR>GY^QrC)ns)pHd! z#AZw}F-M8=DekummCjvorC)R3%UYSE*WlCk;JnEB=Eg?&qeo;6{+~l@#S@Fx-=a_AA!j`O)MEQd=~vV5?ZnM# z?ydQo83$G-@?B%npN7r2!Fh9-u^AtmVQk24&P3w+u@{rPo3;yFx%QVK?)b?SzwVBo zj6MuQpM|WeseBl|U~leoGwJ_Y`oEH~ZPMWje|iWTKsJ-b=VZ&no{R<7cbp<(nu(uY z2y8LgyEBRtmArqGcSrBPIoq69|BV3b&v>v0&vOt@8(82yU|9l;=d?4YDuSOXo(q}1 zFzln5Q1J)$zQ9*XTj&fYPvb`MoZc6ZK9e}pcE+#bWE3kF#=hs&DdJP*g6F62Lo_7<$!xu0PZyo zvH#4?rFUf0YQ8O4vUCgjQSe?v|1@)7ig3_R`be-e0gLog8+25hr~bCI%mtHtz9oGVwZ7$4kZ?n~vFRyBXbjEB=SC zyRt3Pj6Y$rJHBPJU-l?^_GaXocsbvhFoy9y_7>tG8Rz$@??MH;BwqyQ0N~t-4fFcs z(4;qRCANg~q;+n^4*YjlZ9{&dcT%L6u*N2R5^~;IUb-#*z>YJCiNo*l`sB(HTzg;)k4%c0~x81RQVt z_?`zY3Ei=A6@TBr-vfbH`Sfd>9P9ZJcpCavM@$Tm(p7$IsB!rvp+V~h6Q_1BviE*u z*smqS?udQ+2k%Sv4w>_3E5qKG>>V3DeA7FzC3jxw^o(teBz9iK+Vxe~dRMA1 zLW!}Iksc5~r&yb9{!Q-+Y>j25_+fX@7ek>{JN`Q5ePVm&TN!r9LVQ!o(|elEl2bn7 z`l#n8$8lB|>ADx)_U*2U%1M@vW6Ap#_6Bi;%M?fW26f#)UFFmxUV51Fy}g5yHvs>| ztD}j_Lb0B=YMq|bf&Z-r;BNr_TJ+~xPS0DEolDu1#=HLbvS!_jo45Yos6%*-p6J3Z z+LVoD-#WAuT-So9cr6!vWv$`Fm@mY7#z5~ehTjX*G~WTu<-;6*?!c=i$EOkZ6 zZ{fJm^ud7SZ2F*(J}9IQc3$D}&~)&a4jxy~2Uj~i;Mj7V`k>D111Dno;B55)_>G=L zA9(nd&7cpUt?^K4fqj0YcJ9NTotvvqST~u}MSXeDQhacM z#|Jv+Uwoi+KObD+@qxZy>+yl@6XmsiV*eJt#6gOWK*4l{9R1_(kG=a9;#0i6I+WO z5D#gNw6HG3S}S(rCluonCH5bG2zI<|Elcy0kS9OKS0EWP*jHy-R#K0Zl`e0DO`S(k zr|{QL^NYve9qm2)xMj)lS0hV+H(2jSl_eqSHL}E;-#EIjYH!H+y1((+?77P`y0^9f z8;SA9v^V|F+SftO?qOOW>WY?P}4uAM%j?S>CE?m&k zfE=kV47Du8cI<%mjl?}oAs*_$P^V`VcGd#&l^{#n;CIcL$IWM6$$3mEXjCy9d)xSG z&Nu7u?c56J$V?ABetN8xa^hLw>s#=@?G60N;!>H zTfTwvv&i2BuCs=*7mfLd=6ru3hD>>iv8zlw(1ScL&VnA1r>iC{LROVM$T^CIt}PJ8 z{;7%&N$9=!58+8`Obp3bgZmotrjXCQZ!wo8=6N@9XnuY!W6jH>_lu&pfw}IJiHCvL z&=MGwrwUlBfz|X2uvXBHzn(VQXdC3T%c<7xm z;-MDp3l!`X?5WTkPw)r_>2cX)f^{-JgR)q@@fVa&%Qy4ylj=t6T(IZZ+qR@pvHs9- z6?H72j%ys}3H5=CXLbxj)_5ddQTX2hycibe^32%G-a`yTaCCbPRKR6Khb;{&aZwLF(-;XQ++2eTuy8(8<7D?Zy;nE`B|H8uYjH4}al@hJQ^O{zB#u;B*A=|M)QQ zPs#y*R)5h~qqyh5-&YpDspkBqZ27Gix_gm5_3W$M%$hN>;r7Y*-uJm$hx0b|PHbfD z2KIK+w`~QD8)frXz|SGdkhkU4x9zE@J#;k|d*EuP5oB_hP1&+td;PZ0$ytEM83S3-U(LFDx9lfTrvJ|i4 zd=8&!d{Ux|m=MKcRbUri&-oo~w>rkJpje-^_cC72H0P?nh`)d9I`*xuV~@aMCvU0t zp5`-m;-0I-v)@_Q*X<%m!@`4>T$93$=l-0$Z-9{1Ig9qx`)AU4`$QIE5bQ z^p1QLz}_;GIjFy$f2E#o;KRrLV)u0BsW&r+z15v>6Z^H1vy(S=@q3-0@Ri)_;C|XJ z&dJvqyX)a$`NP_o_rAfthad3$()++SG-%gM_^A^=KwB-}@JYNmhdJ>$r^l5KCou-O ze*_uP!QE$_)c4;%>|Jpx8)@gVWUS}%$2fEO$Fczi z@4^>7;|=@|Z{v%2>pG`LexO~|`0FOnue6srJ9zN=lF#C2j-Q#h513C2z-(dNc@;i8 z=G|{xg1@dB+wVH=$Gixf1Q#&hTo~CpbnwuvZ|6au0i6E;{POX<72@n~^k@gLyEqJ8 zf2s$2GwG76?a)kjk?7nN6B`CC4bN|J{c{@kf;mMw=~D6j5P1IrpZz!hdEl2-uV7;w zGH$%HX?nSP)#&+S<1KxzR|e|)+}nNEx9daH*WOQkzx@#PJkB+21 z*1Y`di<)1k@ANYN6iXPV)Ig&-lf+v3Wgn9&$Vub<6Y=Y}fs#E=>C zJKA^g%6Ew&*_xxwBFZ$hjY!n_%kZu;ODTgbu$)-M4Nc7>64c_&_@rABtJE!#RGp|Wk$RW3hqKJh*BR~VlW@=CTA?VPQ;!yZhM zeTtpA4tO*k{V>?}XSWhx!}=C-u7$H_TPzLzbleXe+sNaNnd~*-8n3S&V64clvikaZ z!{3?p71>PkoybNy{(By;`_>yY=04@s<)3dINqvz%>N}yI`rPrHf$#rv)RC&r#MBP7 zJn6;M2IE(z2Jkg|-I?S3VdbH?`s>|W;K>TF-oE0mg7u4@(x;E+fLpZulUHw0{um#Z zY`EEckO6V-)z;aaZIz#)IYpqJ!??vb_7!^X@zg8Z8(9*Hgx}qk6R#C0pX5 z!Lgn@@$-yf>|96Nt=Is^P|q{KuW{_!^7-pm0E2u*xeiW73-=So}4I7{ZwKe=~NSr=PC0Ja=rYrLTCxyG{IcCY~t7 zJS@z9ApFYA$3k;j(f{(93eOPqO39zVdfN>3_ZZDtk#omlgUP3je3}K_kY#6c)=E-z z8wK4&Q^^Bt^6!*EoAY?;d~VHsDzQt2kNjt^Qm1?xDra!={8RF)cRm0u_|{B6D#oXi zHsO!-nIP(`V*2$j$S3io+AF6W`G)*;i9Q-PMILQ_7LaFCjlSud9wmLyqsY<&{x3JQ z3(sl8hDWw16dUy*c#eWrvO%;ylkP+C{yt^>F#7*q46cenG;y%3D=j`t_h*LZRC4yh zBEH3-N01H?=%8_8#wW2WI-|;rCHm(fkFU$&YjnY|GWzHDDXTubl|J<2=CAMS01a$EJ;XdwHr98& zesa8jRz5vXfB5aS;yCw2LU+@S_4mQE!#@ZAC|);uzVUO$X7CQ}@0?EjgU%P*FwUIC z{TZcme_@>Tm6SP!Urh1C6HiXmGj2b9X|{j#n;v|@crXj!$pQQCq35U{eEjfb{n}&$fM?vl@jSP0(X8__YBqe7<}A zUpOZceC)d67IduSj>+3h-gw88ieJr21D8eM@G5I=innbQ?+xSr1nxRpd5L(B^RlV` zNpHNVPrJB_vM>2PHNgKGdm2|RpPZ1mfwE?tzH_{}6QQ)X_v~OE{3>o9`bl!R0>57f z`QqVMlmF8n_G4SVf` z|6$CtmZmjP1&cNx}Ad(rfO@nEgUk|YG zd%6~eGcw!{zlCo=z@C19vZhYooFO#``(vo9w>c-vopTQYzM=RIJenB)_p(D{ORI9k zmR1v6S~Gvk$_wU4R*F_-%bcEOC;Gx6{`3z~U#_||UJee;-1lzoZD`ErUM}uU$Cm;x z86R2uIB>+TV$*jwIEi$v5_*iM{a4k##`4F^AMIKE88-as=gm*hc3y^IfHqRgC=vC$5X$ge8@X_v;$Mb7)Z@QC4y2Kb`-P`+4h z=@2{G&|%NB+{fqjgBc%-?D)v6Ih3H@oY>ezYAttrlHbke`a=w`{LjiSoloFj>n%o> zUPjER=1d2WuM2+4yp)*Mx~t@u9+4PLtUw2Hb)GvXHuiHFx_;;Hh8zdVV* zjeQX>P0Yk5Zr~@Ia3wagp;g4UKi2!(+VePujQmzSk)@@cmY%LY$n-^ffd00gX0IN* zKd7(r{|4{*`_GnN)<^lI(MK75$$Cvs1ph&_DAtq5+&rH(-)mm*>a2G0RGrdMvLn9X z)tf>;<=jt&?cn!k{>-Db*8EfWkyFJ^%lAnmCfe-XO%-SRllWiY{2A~z1NVOe|0et`n}+kF|2NU+o8Xn+Nb#t0Zosp~1~6bxH&m;M+vMQ%CO(RF&v~J{>o0>+RbW_~JZ$ZgxmoDxHo~MCJF#MdSV0eb7V0f0N zV7S-`y;xZC!li>tVwV<98GCu*^38(OWD$kQ|a?bPm z-HCIq+DD~{v-ILn_{AxuuU&d+Y3x$g@?NYuaM4T7RF{uSd5Vv!c&hIkc&hK4c#78R zcp6&s6s>pg6s-$^>u_}pCePvO5j<=5_dapBx(-**$5CFi5FJDVwI|%4;U}C+MwZ+( zlX3ju$Wb?S!@DuwpXP5zKRZsX@Nl0-$2uiWBF>zoEy9zz$M@0ktI+kU&P2yxyT$N} zmJ+Yzx6M`DKmR#^ZrqOyo`=70KXTJA@7<=9KeGm~4Bu1{zOG@+UmU08H+#`tdiHMN z9HesB|9x~g*0Z<6NvsMVy=yZ*j=kkhf`#oK>!b002t-1fqzz2}kBd#j^a=dt$P zW;CnKpV6k`_uMw4eYWYgm+xz@@Ce&0%xZ5W+Hy`m#*uPCcM)(w346&v8?>{+yZcf;ge*)TMH02rDMf#DQj(0Kvk zrx6iTS56q*_V3Ek{*n*S{*pu5ADGp?sjHv%@6XZxvJcSyvP0T`gEN;i_?x==X@Aur z?e9f~e5WdQ2=C?M0elaM-s)Hu|GnUAe{X}6pf1CMK_2k$G45UDyeL1KY~Yc|RK3@2 zoBXo#&K=81@4;8Mtg3F3xtC!eGMev+?-4ury~x>#9T6wd#(8vc^2PD-#3P)cjx4{5 z{Uh@t0}?kz*q6c@ht~c=OcP3(&$h8%2<$J$Llv(GhxggL7AK!WylA=}*5n=XYMn98 zJnT{Vu?BJ0<)Y#z@$*UF^sFRpCO_@(t^1PJ+fRoc;6nSod|yhs>OTsaphw4b9veN-=83SI8!B3yif4gK#RCj@ycZKSQ!2N zCD>ad-o1DpO#bg3_|@K{z9!mTJT}JMVdSn>?03ay>F+xJzOzo}z>M703@qjJO9SV0 z*U{!V1K88Y*`Wtm`&Ng(_tI+?e(Eol~sm#HG%6*bk zb<9&NKB7q!nydnbdSDm~jgP18=*gM1L8Ki+T9B@bpz8ytvfeeowL6?V`1UA%)OSMw zre5~apH4l&{)Rueudn!&KOw6G6KCos7Y+#}n~n=7?>sS*TrxVEyyuL(&*GJ5dbd(Jp&?!D&>nftBtht9QpVeyOS$EdH8`l_g} zn)+&}?*i((koqp7zA4lm`YxxwD-Nme9emUKBl9;FhezzX7kZ7L z&*p9UOrkDQ{K|gTyRy=&&-c>5;ZNT%Z%fEazdbv>I?qeLEjxWnp_l&k?DXovUi!ae zr*9eRrT=qwdiAkh`q#44w;boC-}Fa5?q`eZMCjz4|dye*EGenTML()s#8`aqL^L`m~@Uq4chOV1Ip zKzig8ZvJ>6z1pSQ2xoP6J&TIn{LY%}^ev;j^ar!kBd2)jk7TD;pJ~!d;5{cc5?PuV z&(i1Gucb3m{kFZat@E5G6yMQV9c$?-cM^BLIe+;x%nKgk4BhKWHb3%k$%02-(|!fk ztnM7lJwx`}u-L?hhdC4Nx4oyvdQRc&^7oJ(GbAI!6|X4mXwr7zb}w>H=Sdjbcda*9crPI z@0I)TBklL3?SOu^jqWQC#V>C0gZCthgx|A%{5n1eei{E+y8qBoowt5O{HpO~2|sX3 z_aAAig&#it4zG>wuOEt^?qhKEN+!#ExJmp@rJlf#S2{-4!QT)kd!pvW;XAI_= z4;ma-faAEzk2Vh1azBP}{I(BA(#{l)_k*L?M)w4_9sf9d>l^H%I?QfjZy<=!)Plwk=_XM{cKYss_ z#;-7qUl-*v__=f5-1xckT^GMY=esU`Rp3|i5%H_)`5iF5cWjjpzp9>12EQusbKB^i z;I`w(@7gqeMQQvV%fio{W9P=tonO279Xh{u@v8y9DIXEPnx1BZUyTpHnx4B1el_6d zw$VMoZO4z_8EO1V()j&z7JemWK9w84^LKYJ_KXjRXJ7OAvm|Sdp8}rKJ|dn|dagBi zPVwP6rROq(=M?aC+vuL)w&TZhFKerkr`C^Pb;f5X`%7;u`h5rsd@@J!NaNA^53+I2 z?LTmFo(9f!9}(wiJtrHSr}=Q6)>C9~o(9ft8{HG!cKkU1B#pD{x3D*IJ*RvCt-#fO>M}xYa zUz4_DXdN`jw4?T}op7kG`C6J5t`Ei1;=ifm`7|wj{u5vSD`pEC3_B~vWxf3L&*cZ# zpAsP^RrGk?&?C1$Wg7RO?k|re8jg?k==o7;qB_1-9_v{H{QCPF$7Xbs{dSl4?Yg0E zoBpU%Qw<8vOJ#>O4zEPgS5CH#i-8_&=G&!wO1 z5AxHmFMp7sU$sX+o*$Wh)FJwPPBh~0Ec$uhCV1Zr{YW$PK zAsU86C;rZ&q4%vD8&BU14S50&n zXc&fuVQ3hJhT${`E&b;8MZa+6AwEe%zeuHv1J934Kk5+uek>aCcNYD;Z~x|fGxQ_P z(2u8~AJ1I$o8+e-c`W@JgY*km8r`0oeo^Qbg?>@!7lnRN=tty*_s`OAf1mWL>Vtk& z9u8F>1O2KD{pt;kssi+Lzg_5kbLp4e_Wnp!PWrw6H{Td0kEP$4htRL8ANmzSze4C& z2>lA7Um^5kM`MtFp+3fMxTX*K)p+!)`55R|W9WCZp;1kMe(txwVju30)VSl9r^|nC z+e**HfB&9EznV1tUZbw8@f)t`hkixSuL$}TLBAsCR|NfvEcrbByNa`7`l8>IKIk{a z!(qzDK))%5e%Qv)Xi9*7?ze}$Z!Z63x2-a{=r=WsepAx)yZ;dSP3ebzCD5+~`jwdf zhV%dN{OrH<_$}y*e$)D(-!zYY(>@0JO*8cSilNc80R7x=pZC7G^viC0e`H!t`t|(P zKYpjB>8Jb4viWaXKlF=1znJ+?R2#tNR$}S7+!~YG_m! zpr89K-}~m$FT3sik-D7pOJ>opE=|8bV;g4EudW~Z#i3suipAl&IP{A{zqln|X8abr z^sDx4=m9)O5TA!{cu%gi;ajkyR~9(KJLb&WH;-rMoOw@v6d&unJZJb`>e>cwlll8S z{T6Bg(rH}X zbyJ@`{fxDzS;#w!UyNS~zv2AG^K*Rv()?J_2R&ndUwY2(ho0CQADEs|KRv<4PtU1A zdb+swN6#?y49EDD@PnRV=oxl=|I+kq?1P^1zb`$<_CwF3J_J2C{Kfi1;6HHj)AKLb zk6HZb;@TfQqtG)7J)_Vw3O%FHGwLH}X1w?IK~HD(-*vnz-n_5z-om#JI^M7L(-U0$ z^jsaJr;BTU^elv)h0wDQdKN;@Lg<+>9wBU+KYLf3`QIV((^>O(rDwb!dS3G(=vkOW z&ox=}yzCHq8eIFMXA$%)f}Tatvj}Z^suc_0EQHm(`hO=gAb4En5IsDyBtPpz;*GG{*2Z$+J&i*}r z%ugF<_Pj+sk5xJ^ZVGX?TZH{7>`CDK+pV3%VF@0UKM;xaETZgU;-upY^qBPirnb8VC3T*kGaFyu_^CamG0t}yKcL5%IF)#=(5`Z) zcwdZItCD!}zE)y&+U~j}SxwBDfoGAsf32N88l5Xb$?jF*>8N-K5(_)A0vMy`K!oZP5v74UqJo~$$t^~r;vXt`7ciD z?xgqkpTXY5=!=TG+JEcNWY3%-$-gxmmHf+9gOl%0AC!FOqJhb`D+VOroKTp2;=kd{G`_M?TtstB{2+hAt+a}%)9#vdjn|O^_zrEbyg^2r&&aZ4+L>wD? zM1CP$dwVxHvB744`&E?vJl~;7<{S5Esh$~pyTW`6XTG%#G2brZ+Z6LHn)wzlGT$!b zTc!C{nE4hv#(b;b+h@$TqRcmEnE5u5Z{y6jlFYZ(Pnd6?;@fHZ7L8@T#g8}NPT|{0 z`c~-w_7CP;Ip0pyw<7y5;|G6>QyC|AC7^&T-7&3p%j?PsueGQMh?KYaW6!$59(wMmM(}De8fp>Gx zCi{>#dg=E4mB9OZf%g-~x%Jj~PdgrG2j0ydXXMd6Ub=n%Vc>mx`kgxlfakB?`^fRx z@W%r06)|VGLrk{r5H4U3-2(PE5v$qLt1%7!3)ttxdrNO?@ssX5=a92UzLI@Uy=}#} zDXn(us(n_7^R;B|>iESNL!Pt0;`2F(e{5@@qpGNkl*YTXguXz4~ zN9?bZ^7Yaaz*0QF!qkgKe6f^0LB*WaQanG*FT$^h`a`>KAeO3P7;Pe(O5g9DAvh`y zIJ`089CK3X&p+w^mZY84`&Dn=t_GeDvFF9$?Bu`ED%`-gQ7|=M@ZKEO5mWS==wRV) z;+tRxx5UN3E!vbid0R`qHi$D;^Yr(wHKdnP--5roxU4~MX^+}{)UW+$x(mJ*8B_?3 zIsZRd1D)<2-)WU3Thd$Z zYOQ^e^p=OcK7NY6CH?lh+G=kj{q~2wekN@a??zYH`US(-QI*MiPWxt3aMXh1bF?RT z3P**K>rXpBX<<6!+^XbRHPy-5cxX37n6Ys1{N#e7JCbV#pPO7=be_RMWrmy^P8QWf zvdY@_3eazb{A!(|-RuK!`?mbl#I=#wq&pqw3F5TZ?{GXldNgd*Zw%+t! z@8hq9!n+nhx6{VQl5Z1#SLzJe8sS&v3|TsQWMy*jcn4gnlBb+jojh&))5)q>c=z?R zaqY-ZQr~Bf3Y+gYoE9;8ZXDm_<^$)Q@Y%P{ou5?RJ4fDO@-7+m&7|_)b6R8a#_`eQ z56?X}`OwJol8=l!AKcu263vDj6aBA3C>lMbX^uRY%X=`S3Aw-}uq7bKm^Q zu(@w<`o!FKo;_~vo?jn7ckge9&;9Fb|1fvoj!({g@6RLV9{AhHxd(esnEMcWNe}jZ ziTA5Xzl!f)B;P-g{|l76lJcLYo`0mi8Pq$S`aefIpQXKNw0p(ew!1E$+jc9qO3eu1 z!ltPj@p8|uOM&+i;Jz66r-H{6@VN-QE(E^|z_SK?tHHYp{40}fcg2zi_p@(nQSH9{ z*m=DXH*OfR4I_@q{A##;tZ zUgw0ce`9&AN0U8YGHIgM_PS%7p8DgmZE>~XuV3_4pY>2qc*el9iI`nKT*3Tqf5dwJ zOc{SZ)vbTQ{HlLPA9;iM&0c)P{`Z?dbB37c^9p(E!cLFTduuI%FX+!FHhw1Y z#KG5=Yzi0eT8&H;uhM^sUy^^X@)X2d#HX2ZPRm~@_X_1+KDcVh*9JN*|2)K-|3uu_ z)*!rXKZWvBDSz=? z)4q2Whv3ETPtT=;@SE|)UKx#}d!UQufk=P{RL=ej_OJHwtNb0l^6wI(8Kgt5@+$XL z%K7tV)i2pX{r+{I`M(hOma{(Ok%6Zq-lB60gu`W& z^N+(K-j$w9UijM+Pr73~-cp|*Z<#sJm80iUJ~+1bU!5M?$JD`>^~Yf2!oPmn<$_l@ zpGti(Y}EU5^vl7apGeQ2-+jqJw}j9!VRT|7x&PfLIwcSNl#iY&KwlNk9Z7v(XD{D> z?CD+c?n^Q9SCYSq{MF>IA^!#BzmWVFk$(zTLB-v(jJCM3(|-H~TLG~7aqxe)@+lO^ zBRuWDT>1AwD}S9fub%$=qCe3~oLvo%!6%XrZ&EfFU2Pry^6KM`KwJLr7XCj5^4Pk9 z@Q5BS2lD#s)Aw!te7Ehr5XjS4dp7^(50Kv-@3Eer^id`V?}k7=|9A2J5BOdeK2%Rx znEm-JysHCs+Ppz}+Wg=Bfcft~!u;YN&Bq7RFCq9R%y}TJF6o@)o;dPaJ~8o9jI%*1 zIU9uY%RUwIbdmgK`LrV*O6TJoks#mt@i*;Jcd$Lvmh8Liwtk#$i!!^e^4hZba?_y*h0 zqIIV2ELtzKZChIR(e?*v-x(fzU-$>x?~h;FfFtQeqx3j+{MjpZpMl zC-?Ws>F-)E(S9=Ri}(Ac%zh;N6pq2ZA;wyc{OgdkEUt2 zdnS_IAHR34w;u}Mh&>yk@AG~#=Na|Y{;)v%UkJ26>jSp$$65ZkXq>Zk*$2(}LY^Pl z#Z$D@zhM6FF36^b|9l{wLzQCRT>F{u`8f6iO~9t)>~zzIo(&qTFNN)S(J0T}@@VX~ z?EXJ`YPS71d~)`Cu)b*Ej@#h(!GZ6?tF!AH6?i`@@IJdHJAdIN+3$~kIr}}>{-D$U16l5#Z&K+yFT$Sj?mvIU z);otdi?$Kj=UZ7CWYG)$6}_%_yl;Bh@$R0Tl0DuwfJ+tf)t$G6*C+1D=50I1=YW&W zJxiZw;*Ig(*$0Brw)Z-E(vMsD_c+&nt*UtDK0L@7wxyrueV>seeWv^V{>S4Z5_{<)Ul3lVdJN< zHn+>WetL}c!TU1wD8v5X99?tI)@JA`7)$x#i{917S-`Gd$lMWS>G!icTvW?1tGs^EI{;tJ$TuQp;P^0;oy~N<3!B=PVMb_T}PHh%n z=+X(kah?k)bG@a7Xwb?zd!h-?cJ|%RJOWyD{n_P9@x}|@JUNXYu=)GX!o@sqdmc2_ zeTOqS*SU?hB{OQdXK_9K)qbqQ9ckgE(W1!Ga(+5vTzGKb=Zd<61rx+qMxI+<#ow0o z?#Tx6?*IDW`@aBu0|M}gZ$|MGz15Ev-u8k!HWot*#*ArOXH*+H(FcZic+RBUapdU> zj+H(*g8l?cFV>Q?=;h~!1>$RuAIj+eJbvPnZ2s2y%z5kEzUuL}`n1mLQ=T(9*Z-}X z4$t4W_+b6LZ@ixzkS8-k@$J8-zP@n&vacR1YyI-+Zg9%QA8Q83w{M}|EP4x*T9ch&uOKW$g|+SZz}+O_{Iy@U8vA*a^$Q|BqZI&qiR={ z?OdGQ&R*`pk#5PH&*iq0OIM19Wvm}X_|-a*IpRObyK;Vw$h%6t7je%3Ki=mUdC2%+ zjqkAXFxVdp{}q35KmGBH2e)L8zdwMl2l!n5AbE@rtdt+}cus%vxG#RJV%!wx;>TOO zvBh&?VSM{>{lL1?2Wwya*jM{cadvj^+#KVf&1;{h?4)7My>*H8PU&??L?TVL7H zlCdX({ZoeB@cVw+{Iai2fB)F=7aT9hyGe|bNsFAw3k^=ApY+!$Te1 z5wRx5J>1{RPvB1;wr~l5x1N=#rd%bwuQipa;{7-0zch39%zX_-&e8_b?b^NRmqp(A zBWA21Fb0qH;FdjM#`;=!43@IyZ0B&V1n{}r=!?L3=YFX;=a$l+lXU-2G#9g zW}7|OBokPdGjiXypQLWTFG%uH_II;l4`|OXBUc4*{()C-+Wz)%?$7?d-r$>AYf*c* z=)7h0f#j3!ijgf7qF+i22g2L2jhET`0lc}(9RWD*_TboIY46Qz>U}yv`a*QK|1AD@ z=fGccsdzv?)CJnS(QETa^@D9sXCe6YJL9{B@r_=H&ItwV+Xe7)F8g*fH1ylIm3qgI zHJYF7UFjcdr&&Ak@f&^iJ$9L~(Rj|p-hGU3hvT8Md_1J{0!p0N`yqZ#N&Shk!|@@# zkA44sNlD#_^?EPlouA%Qz~>C+ouBg8>%E9~ex^L|5&`voDL?a__i$@$QaL~FrFx+X zx%ZUL6@EH4sZ>AGXy4pXD_+rD!qWHk9R2x@=En4=$~jyQu?R5F!Rk{E(Q%0uU393W0jxs8+qi-C)K{b2j?S)%xlK_ z<~7LODDt+PUmkF-0}ji#x|1tUyvrO%{n5s}Mm|0N-1Baac9L)Z%{Ps4+aCjhG>!4jiQetS^Xs47&UjGt~?BW#XkIW{)WX(Pm7;>KaFqx@9!`8GONFYFSw2J@H2XH zB=7t_G``$Je5Cl+9tPizT^T=scQ!;CWsC3K=02X>_^uA%t8wYa*Yvj!U(?^C=x=@> z8h`FsK2rRP4}tR~cU(*6N%l%c^)=`CvX3U4d^GX19jxM-qw(Y0Ca))9-z znX1F4x53Z&927(F6mV4m*TCPA#=TJlf}3v^Ug_yvDgP^X`caotzUT~+nml~LOK>BQg8=v|SOR`=<|9@4B`p7w>~^KyK2 z*F8l4Qv~%+2*~y;UxD(^*qI$e!459KROK%Ex^@Jr&jP`4l-e& z_brP~)NAM@yGgWQou--mYOkGr4`v+*f4bI%3_UzMSnCOfcI1zXcH~#PckuT+ul24F z%$67Y<)GO%(Xo;z*9e?-+xE0`=90Y985&vVhzBTtTX3i5# zadxZ!9+>KZ?A;m1-Vk`KbFwR^LfkE(J7Xg7-WJlIX0J~Zyd^tDyf+lyOHpPud!ILg zR~z_xwB05iydHdG+|&D?-ZxubHk#T{J(cLqD70Nb8@;`eWQX;C!)t=4oi(vy&z9-b zx*K$ViMds?H{Uk&t9IkH+AE+l{h=7Gi)lOS8?c!^A`c3H-~w{$o6E)4h1u+SuIK z+VRvrHn0xkzS-wO2Sz-n`|o5o+x1-dcbo17#3wO{K09YWF~;Eo`=4u!gm!h{-`9M4 z1ZDMJFMktttfUTo(|p?2V-=#m{e^1ZyZ2Up4q(W-^VScCEg#|@Ie(qJKj(i>%RgkO zU)E;PyCj-uKi!odqS?Ez_paCz;BR++k@1(nA5SdcXZmoF>&pn%`Ae@(zs>pw>bB#^ z`YU%wyz~7};XKDk_WAzA9`~e{5=V@jmVB$>Jnp9Wd5I?IKPv2;W8Rz3OT>v2h5z4a z^4&L7P2Psq^Ahw!Pa*WI;=PLZ4*KjF;;ka2*)nZkr=5B5%-6Zw7X5S0)v-wraWCGp z&g~o5IrElpa*F44Id?uF7`o@hdInNfcQ&%tvpwJZGIi*oMfZ? zB@Kn_4IsY14x6AHcpGS^vCi3DU*yb4P3O)e<*jw|b}+V?mzs6;)_-(3b3BrG?0)V> z#RM&F{ZxXdS-T8z-)aik5aQmQ&Ct_-Z)&QR^r*wSlzV4u2k&2lj)n&!?m3s~b{o8Q z(X*yqbcfq+C~?1SH+Ht$F1pXOE8UT+-G)HBynjB>uGWjjqQh#TVF~omdnxZ}c;HPR1i8E~5 z&S=xN?Q3|Z1vzv!XZ$i>^z}9GJ;ZiMc1EF1Dfu>&FLk90Yw9YV#AQkTh3oJ|ll~U@ z!*TxR+Z+6ylTU8-=rh5i&qbC#=OywijIC$7^qD{#>X(b$HZ9D8Wr1M1m2^MMy#J!F zc5n9DMNgZ4skZG-PVD%W9T%s&?T+)>t?r}Un*;6g{=-1KG2N@pIsbkdn6$d=w9=~? zkMzmHFQAv4GZUToOLko1^u#}}eR2~Mt-yv2vQc<$j*)lCxh{;CcrX$J7@Mv>J~=V> zv}~JDvVH!}jQm}FFtdK|&Obkyj$N%Ti1pMAjrCkGDAse~v9X@(kT=Cn!LBeoRl)Nq zY&PA4*o7?WWQ=z+zR`(29q_s2l>LPV=dEnV=5YNQ`RhBe2Rh($@lh9izGiTAWjnH| z4H+Q0^9R10zegau#>9Gl$GfXzTpJ{)W5(yevD}AaU-Qq`vCaMZP;nR4;3`{)`Nxc! z+07Fx_`4k)UOjvD#Om246KiIdPIO^$^_{!dFS7n`^tINc|H4yv`}LjUgC&Jdwfgw5 z?cdgXTe|(*R^L{ATgh!Tx0T+OtNq`4?Z2F({k9#M{{DdNKj~}#N!ovs_Mgnv{!hI2 zpUBaE>xXW?ZeOPT`hB#&kM{TFYJY{-{=epEzqyb0lg6Kvv1e-NfAM-Te&m_(cs_IA zMYFGEEyP)R5xiePdKElhLi*y_b^8_+g_e#beG237IrL;8=k+20(dFyL);B|u!udSY~ zCY#Xm*Hm!u^S2+rFnHW~Tiw2egPo#z;GBcZJti_d^let6$c9v&WBzN6%s2VP@;T=!Y49(c+LFFomC#RTP9 zgwLd-!0BlpgdBno(raFxUAyw6%(#{eJ=Md*o)4_}&DV{8A;V9`mjN6L*-L40kbl_k zr|1ulCh(Ar+vVZ04m=h|_x=LU7rU|>vHvR{-J#=eALGcl(_~P`1|5$^#yT)>i>o8 zz3uq6!@N6eV$~MTzUE1MLoKN>+H(?J|Lz}qSA4$L8>2p$uA$yM%C5^n-)lpM!Xus& zebrZ0qBS(u+Gqqih6A)*?$L6CkCy)N?ZyXX_>DE_4OOj!(reJgoX>DEdTb_R+rJK7 zkIYK119^Q}L9F@n=(#%dx4!%NQe!R!-Op#dSMn3R?Aq`39*q9`vP08ilNLmrb3)8V zSm#<^TI0M}fi3z7a4?@)R^^l@u0qymFTPXa>U8agHgncCx4)g3_g)uB4}Nd;@&lut z^IG}mu7_vnqjNMuW8*D1(w80V+iA!Cr~=lRp~7=2m@_PbR`A)2$m6Y52O7U!<;0eA zG}uxG9{x0}Jm7@}_j)+(7>=@NoLI4=3AyN#pO$jE^vUSp{F#PH}ec zq;G3$oZWHS)%yb0YPj1LUv2TOwO_*jg-@ccXw?Ii{QR^$l03CDn3t;lFL?Fi7eQWp zZ1sm(7djlA%po>-e&B7T&H0J)le77LoJY4Opj(<=f&Py|uO{fV>QZNS2wN)(Kg^Q< zZh)(Q+XvmTF2~eJk+MR`FbeOgtRi?tCM<{?)f-heff& zZrr$!zq9aZ%TN4yYz7~#1;}PO*qNCJzBy%4@5y_?JH0n{@>3H5VlQEzsUWAGSUC$KVIA z_{UN|6q_4ZzMl^;`4ax#Oh=4>a9VMLx+@jk~HN z9(UNk!~$uae`*l#wrJuQAKrG%m3p{q&FCqQ=dC=MYUD{K9?Y({v4;D&*1hE8Ra!an zO!itG=SdW!TT8*G4gZOi!@@BIJ){S<_hbflKpH;s*2+Rx%ZF?HNgL!(n$~zQTVB-V zB|63gWJpO~;!mVmTfo1b_-02&j%XdMuXqMGzA|I)+x6B`@UyV14^s4j)?wRNvq@oR z3fC*y4_!y!%f^zt)Y@JOAJhpJH_rwaKL+s|9>lLXFY$vuaA^tPqWN5in3xLmTw8&= zS3~`^yEl}}KoY!B1-)$ZAAqM!dg_`MsS+h%Nx zZv5PB%;{C1_Q-Y72eOazfvdvF-?g5#&1>Pq>%ealzQ123OUj~kiNczzGh8gA%2t&+N!7A%%UjqrtI7G=3{O6 zZ5L9H{MGw7qrUA*=!u`UjrE4Tytm_zReUl$VrY5{xEtQNGS>6tOgA=KbQ~-?QR&O-v+koSWg1juv^d3`gRp`7Yq?-s(I(5 z@Al4+{irm3|95!N{{3(I`!IbenfJ2djPTE-A_eQW^S5mJcX-aCtrV~+23U5(DB7&W z?zs3U>=ybp&%ltkYa#C%i=Fgq2kRs=>DLAHPqFROGrc~guEmsFK)G(l=4xX)Mxj4|53q&XJ3UwG>87G>t_U-j63+%(%C)4-H1;O1$|HhzU zoV96{Q6EeGw@>!^6u1i2miqaMOg~2i|MW~htE|7TpQ5i{0TzE>e^IbrMBDOR)7QVU z-)Td<@HxR=EINkFc_^ljFJiqL_)4_DiZIE`;G_tq7S~D^Go9|%EVJBPC_!k##Gcm zV~yK74;Id?9lYrK6AUYtP({G&2Peo%*Gv}A7#ecDz|I^$U}5Y0e}7bNxZqjbq!_68ocgl``pP_}0{iTuxD!Nuw^MN%o1hSv2!tQ~A=f-0~%Y z2VPTolSX-^sa^58VuSEmdHc^@zldFDF#BGQW!$cHi1R;jeZ)sw>FADQk?U(?lalb3 z(PxYB$%Kn`T_2M^J1(uyv~L01!>lvs(ckOn_t89`;i>rQ1)p@xnRl<9>+DYcgEM0j zYt40f&SuS(XM0C@l9AO{IX#=O<7OihHetUvGuPb2JhBA-Qu=~V5VwsjH=5rjCx1=~ zI_F`(jpj!?bLx4Qp1d^V(`k#`^G;+BH4bLZMO~L6f7{R}DaNUl$L-Kd>-(J@Rg>C~ z^;#>OBYy#LGLj!!r)=k2dc7RDLg;nXo1W8=wz=GujjP~y%VW|fX9e0kjrUw_UQU~? zJ@3Mumfs#8lKYaw!TN^>>L1oe{pSSg-^4tv5Sx0F{4biXQ8#N>Pn7ap%`@13di;9u zD2{#;cF#ksQ$EA|{#oYs>-dc&y*O07>lyxz9KGs+PNPHevC|67{z4quE1=H=)u&iF z(Rhbsr>|c+Br9|DOI{EMd;wYq*u)&Hp81QPM)k<65U^`FQ_k%w0`(@fEm752G?F9R% zi!m=>cL(xC@CttE_hNW*;1FlV1@LSo_(;B#@tz-bmOeZtN(=G(5_x7yP2ROpB->cB>sb=%B+vLzl6EqU)Cy#_n33!6l1MVpb!vOOi2 zv=*c>b`|t>1~}(vJ$E(!T zf#qSrV%m4*eU?n7{mHa1nao)x6I8eCfhuBMWM4M$lzp`Td0}v*y#{dPj^>_)JR7j} z8k{?pHxl2|fz4mVdlm1sytnf{lRXzty<2cju&+Mqd$6ysB~I-ce$4xqdA_L)rFHp< z`J)a^`#Nb|*cWSMTfh@mrsa7uTQYVtF+h^3-Skl-HvB29PZglkuVWlUJs(vkJ}UW< zZM>4^TD&iP4d2vk_~|wH?0NWS-E9r~jBG##jG>Jk=!0I`sAL{6CP$rPXm=;_VF`8H z^Ey@c5+}5@m%7I?59p=tyWyn{>`m3Z4qjOYuQby}!R-zEdP#ePzjyFUF*kALP9d_r zV7>0Ab@mk)nd6tS(i!rFYtFGKK%2B|2X4*PqUfGgp8rGhtwPE*;YSe7n((1F;Xl}f zEjk;y!~51%zU_L*W#Wixh!#!e`UOgv|1C}w>2va^2wOX|cvg~;5tzVPI zGlh+!Ii>nKEG6&hfyVf$5F1aNeNOX4Rw5|=5g?mYUVnYz0p^ou?{>+aLHqo!J zg&h7_d-!^@e)|t;TWAn+V-9oqdzU!N?%g~nabF0TnkN}JXxCfVCwGJYjc?6=>Cx+N z-1mc{2Q8h$H`$35@U7O~A0__}NJB39_x3F-Ju8wZWB=u1_K&VR?fgVHdr5ah26ImB zp!G@inx6c}PbS_dXxzAcxm|B`@$9RfE@FVzEjcsMJ*aWxHGwjcQKIz~^m`lif0n21 zYuSmndo=OK<6C+J{iAJ>#*KMjKe%G-%3j3=KmGtuckH=qaBaZu#7;=0fWx1zc4}!y zdzbw5KH2#HGVw;O_(6)J^Y$nofsfNVzwgw}UeI@{KLuQYKdd;WzV zF;MK6JRva}+`lr9*eLQ@o;V#|z(2L34gHov&JaVjOfgh9v)?v_{0u3EiZd#0jAJO| zoGm>A&-D~5&WyTZ(-pUMa^jQJWo#I}PuSVJVxQ(|1uk!m@#y%xXJ4E3E3>|m!LJQo z5`L?ZA#o>mjvvRh0UR%259qp@VTlXbYwpMKtwisNi2)qeYpnh3y<5B+!MmQZA-pS*2c_p08@zpE*5G_PINLH`4VKwkbcp17Bk>XS&^H49)A=K1CHM$jUfK<~$D0f2s4%f0=2{ zbjifi$u}yyUv{xSo=$dvwfhIa12gG=rAf|cp6Jpm!{4$g=g?0#@w@xh?DH4?)x+br zz5ab5XL*ITHFs10`t^=~EdP@ahT!=u*9X=o>>SYfN9}_+CGpLL z@Je~whF@lFc;*jhYh6Y*yyT9tM|r=Pm>y%#%O@2-&fSOM*%f}6#`|FUBeV{KYsl-* z)`;)C4YS`fGhZ}g0J+ePOzA+jRKZ6xv3F`jH{g)}Lh1f|o#-axi$pIlrXR-#vP?dZ z2>IPuq4@UIoK+%!oVz{{nk0XAJ7c+nF;zsqTx%dJYHh!}_HSo#<)kjkX$~blr22F= zoO~}vPa>l#=uc$a4B4mJ+vdt>)(aW)i>S}Edn$E|iS@`PZllf`{B3c~kDQ4K@%sPX zX8f#=>#PFVE~X6S>m1fLSYsnEeHS+Sq1&nJ$K;PASFL@n{?fTGc6}!HUhfk|f7-Rr zEg5^>>J&PoUAhCk5iVs8 zhupWibTPid3(%z}p&!?wOV_}2KSxflLzg~;E`11I9L=|9*mJmrZ;G+$h7YVhT}OOK zJH9RTw=HM+rEI;rLWTw{ozsx;%#muL;)55IxXv`Q}^;B$CY@wa-!mKIIi>so} z?g6q}NoytTQQFfy?0Uw&Y{(R89msagn~V-Y?_o!nwfDx^%-4o-&ky#j^2{cWaMj;C z;TNqdbdmo-@{c+Oy~{ZG9dNak13Nlev3!;nifKP4d2=`C0>p|F_0%y3fuc3|tVhhx&i@TYl)KfB>U_IE6^`#YY6 zKX(AnSn?NcJ}*%aa?HL~*%FdhmQVM0h)<*IchH9Ds50FZ@DlQ_8##1XKCNb5o^qB) z#joO9|GV~-bVdr-cj4D8z+W1~Kch!ndSD}Llb^hlc+}FmaAM<$X0DM*D+wnaQ<}GL zZciK;=ASFSd4fA{K@Qn@ONqB{Zk4ZGC*?MKDr6IL@fKv&*$&^FI(P0YIcxIruDQ!M>2tr{mJFQ> z%zfD(1B|~b6VDbVHb26+6d%b}XhnwTe1Y~6tXuf@(08yNp|Q3f-dbq((MNW55sM>! zQTj@=mp)?l(l7M(((C&gWQKTAV|5{QC_Yv36(Q_~HpX`-M$8LyAkpEv?a z8uSl5Z~Wz%{>(`q`nCPo|F`tnjJ$TB&D-GW@82L^e>x$fZu=hfnRIHJ;&ei{srIdeByQV=)s{Ge}v|jiiaA3kD#|VFBxHuHj6Vjh+BDl z9sIwJ^E+0tp6Z~}^68If_$GU>8$B)AX!EFS2l`NR)lTGpH+tYMWZDkrn8a(u;voZO z+=(u1D&Z_y%E^9{9bnt<{E0J3x>Rvg=%IHU?k3ZETKn2i;u?H8@*Ax_3f=pY*rd9n zh^awd+3|@^pEL^FP<3`;V`;v(a(?XFc?b3{X^ceYbTbZREBe24_J#RY4_tW%Ml4y$ z*%!)(Ei~bpeC}AK4qJb3Z#1d3x~3d-X;pdXvQBhiJS)ynZghQj79H{o9m+jA;J-9f^>iAv zQ<~`ZQ|Q*^IOENEEkC6XvDaA~`%dbo)Qt_W8W}k&*Gxa2m ziA;P^yX@(!pwpGm6WdfinYPbq{!oz^NZhXE_G<6Ui86H5Q|PFU26V`E#%?s{5y*zt zJg%KPxop`@-&I*?;+5^VGS)NCjJy2gEXLhp=yU;edWgPwhH)o;(YU(~{@TH}E_g#R z5gKgJ2R7gmc&;#XOrqB*G(7h(bYAC;J@K1tnjMtsqKxK0 zI{TmlTd5P9v=e(N%|9KX#A5dL<2RHZKSz28|H5}-Bb*8SjzMticMS5qzcJVZe=24m zGX}W}`AEhfvZ)K%d<^@VP13zWBnhW7J2TPxr34%GZwV*Dl&w?UxUsg2!U&zIUDAf#Aua2 zK0E(HjYniJ`7^#1-rwbHuUvF~8T@n7`FNMk8gGWqyth+_Y*6JF{|oNBp|$?TZcU%j z^ptEp$x!GLaoV43aKc80rqht2N{e_hv;i3^dB?_KH+FK7E7Od8^ZpLn=kmeJ=J~PC zq9}l_gMe=+{Df_$b1R^afa#4S)(=X_aNEnU@!{x3lenY966{AciO zK3HJ(J@{?2%-qNIBU*R`;}Rc?e+>FFMrZpoQVrMv*MZv{#^BA?HYrHv(f1Dlo91y3 zL+c&LNZA&Wk%h>}!uMZ$PV+s*kg3mXp5ESqWEXNlby+_{?-j_)Md3-^%=va!(1-Br z$;iv%&;TPZp9Ak_Jb5WQMRP&HB-nORwwtojxf&Dg*icqp8lA=Sb6%-oRuiQk&(y1Vb+K~r}e#xMEiW?A^K1JCOK+k61t<>(;Xe~pk%3JSXA}% zE}zMx;EqgP#x>)K7gYy34;hRMFHA@V8<~m@&7v9a|3Nt)-P1IPXXws8+>Gw(C=S%Y z`+d}*H5sivX^iMRLI0RJPkn%1O^so!!B@6F#M{?G(>C;^+ZG-KCBmM->WGPc-wwW+pEyPiL~QsYW((q235x-!rwueao| zN0G5sUSFUyt_mnWi1I^$*^}2l%^|O+n)UjOze3|k=UqmTgL(4jVq@UL#ix+Js~Mld zgPhea`&4<1U%}&xtLf7eI>FBqRkmNxba_HDGc2CqeXRNfyo*SSQ~v^Vb33|U^fmZK zGCpqgn{1rmH_^!SscZshwc{!3lx@M^x!{+MnRT%D@ekb|_-XChg~i*`;lXKjk@2;o zk2+t@?t=$?a|6v0?0ot84>n)ka0K&Zlc$gQGV6~0&zCh z9hiq1Ixs%c^X1Mfkl*Mytv6-K@3o=CRQX_;%i8&J=OyGtC)zTdlv(WB(5}3rjOM-b zka?m*B|6^Bf8l@0Am-K^KJwfexu-VDxL@AP+mV~4##ZqtbvyEAd~dd&E;!x_1NFbzNByj~XVot~Bs)a5X$YBDO57H6 zs|}i4$#u$OE*_y7$a`1=gZ8vpY7M6lB}ckqw-4tT}yBeQsGz9wIp_U+ zoPA&K`>yxC-nEusb)OL*NPd)m3x1Mu(MP~HB_x}#n*4C(8pao*2Q$VSIVyGLZD)W_ zfBFQO8RW=}e3}cL_)hi3cKvk1e+e?4k;j~eAT-rDWD#RSMZhjPh~An5b0%X-@?pr< z(XUpH>1U4Xs55c>E_@%c#euCQP9(~O7@jm9*?c;Z;rBEMx{TlDFbeVAc{cc+? zxb@TSeEYG?J@L-B7hc&J7R$1PO+MYte;WQFW>xM}G7&~6C>E1UG~(BZ270Ff*cy?C zd*I#m*g?tAOrD3|;&iIL37Fu0(NB6%@2c+-JQFtaG5g*5=}Hs-;e+#BRT;UF#+%?3 zhu3v{H@vRA&EwGF05a6j5KPU7@V)ZMzazd8?-&~8JG{X474T;rvWb8EjB2`~z@=D@ z_@S$w{>y^zluH|fttw%^kcMH=F3sOoOwd5gqFBU<-)y^D6o~x``Bo=>GjW8ALmm1j zKzt)O>XifI{0`uEait!ASQ30rAKu{f;j&)r&(ak3NBIyVcfhIRB5K}T8#D{tiK4l@(Z?) z9o;e!{mvTSjB5nuYaMUtclVyH-vdU!v(~p6@6a=)=r03LscjoirEk3FF7Kb{z~`=y z!gs5lw@R*_WDUP@J7cEw@fLrq<%dUO2))4pADeuVJ#OW$lji;={PAhSBx}j@dC(hG z!qe4X%5O{8HmQ~}7!GjI#vkSbtZm@>mhs~_o6Sfx2K&F%jS8bxkUx&OxTn!)9 zuVn0kJ%t-rv92L~-aNjf%G6(;!ge$Sm;4 z=fB0eYfG51kCy|H@h#_ARZ+&|td#Qu%=^#HN36% z_p2XK>^Pft%hCpocj1@)u=!APW1?F`Q?*O7W!Q_vgB8KZ_!}1HuOODc;0CLB3wgU` zE%0|M{QZi9ce;ajD?IDRJKe!s_b%mmwV}SR5uK$cG{=tiL=P7x^|9N({|X$n4%Maa5fQiL_2z*X;LkF?$_f={rg%M@3U zqt1B=Jf&|!j{Z~aMS@Rky{BBe#(8yb3_gz9w)rx;tp>QsxRw-FNnV}i*XI<4XuBoIhR4+$=fz8 zR*%k+Z&2HSY=RR!zNMCT|+g=-e;URvnF+B?YmasMNHquh{P?^1gQxefZ= z>MUMv?%^{Kzi~dn$PJGEe75B;}x&5Jf zLhpKDs>ePTe?ZR#dX4+KKL-lm7iH{Pk3Bd=2kEqc~gV@cM%R z=(L@7Wkci#8J_?j51+tZV;(x8_e?Ek5c?#b@_cH3q<1X*PQ54pIY>U?>&T^--@V5! zt=zoX2_AaYA0O>f4WQ`d(kIi*?@0Lj>f48b7hWJ{!~X_W;|Bw48L-YqHqe^}&MsuM(C?@9+|cP-~U;R~+`{;Pny#8R%4e!`DDkv5DU2=B-*7T;z_-_SpLPPl%T z*yBeW*Wt&)yF-(BC6ugp|NMq6=d1^sgx_8>|1TLoAL*JrG`1adN192Dn}bt`>Pw(=QI3 z;Td+lKs7$)JoI8Z^MFSXlfHa%pu812kFC9Z_qMt7I%|mo_skvJ>8E)&G*`a29+*Yv zC#Wl`qps20hU(y&z@=F<=NYXl;^t1g&()*1qQGtNg0@ZIrul-^mSu3O?Jqh6%C8&n z(j&9V(^kE3GW)iIm-Nb~#KL~u)J6&W!$>!K+i`hOa`i)}e-v+O4XQZ*`Rt*_hVNwT zT|6?8J{kqSdGt{>{iB-ndVIiHCtKxp@`c>owj;mt3461L1y1{3d+5&Z**io!B2iD$ zJstgaEjqg}kkgG$?Iz}#0Zi(zHP|o<8-~WoiF$l_d};QC$%)CP&2ns7BRX8Zs%x{{ zXKY<=+qhYdF4wcfdgIOa`Odl2s&*GgHc3=1>-<=4K5J{JZSHA21>9p=C!iLcR|}ly z0$;YIG5SKeDAjgLUzO0O?zgqphRG+xH`=>Iwo!YC>N&MljjprX z3b*Z}&&JRe-|r&MAYU0#oKZEGwl>g~e5A)rTan7Wv?cz%KB=wD$_;#b1MoLHFrw$W zw70SBlxw%Xlk`q{n5{Po400%{pcHb{gLkpQeH9V%90i0PlMb&e%O7kUoD6HO3oQBl^XX z$@evf!e{IuzjZg)$`&r%-9%lXYCO`J<0g5$gz?Lr*4S9qpv8~W%^lsD&%8gEMlRkJ z^soAP9Wwe6btc@8$6U~tIr!Vi4b*jNJ$uDJ=A3$Mos$cB<#}QP={+y+OWqE3uDL0S zr`JJa;py5Y*H3!wbzA=Guut-no`L4*-uRzO|FLHMxCH%Ny4?e6#M92>%okR0`$vhzWb;Z zzK?a<&q$|#!)6A9Z(-=jCm2?y56$3D%Yqy3w4O}Pb9X} zk%hvA)+YIw;=h&jMIL?fkZON`PxMl3;HRtXnfxU0b zNL}bo;`c!1471)tTCC{@@+G-OjFF2@W&I`TwPmU$!SAZ7KvzYQjQTiif94Zv{+_CtBAKN72!Fh9DE>!au| z#ilOICkbZslVX6Z&f?v}t;cqe!)y!ko400>bW0r0QsC6LLqqNT!oq8Sk#jdj*+U(N zbiQ)iF7ASDJ@_lPt(;jl_-BK^@zub;$iaUk_zS;W@E6aGa`698ebe9_sC-$+v==S0 zVmGV*l{>))sR!pZ;ArF}-;P_n$9`S3N$VNm3%I)I9*_L&#rAsRS@p5_uMxdf2EL`} z;t(-J13tWHyNh;5k>~cxY7hQ%{pSq&7@k||w4Z7{b$dQWBAyyfABLdCY}%bo&Qfbq zM1ZG98%`Y5NIy10fB6oJpi>s_$p%T^dPQg97~YabNb zdB@ugeWJvf=rOmZ;8FCL@;%o(wfeGg=A0al>h!NCCXkI=Z*^W|oonMNeLDgl-{9ox z3kRoD9Gv8{xbUdm0PT(>@?+1%uO zzuQ_OpD@KR|zs+s^q6)_AdIjEZH284sckLGo()>#78; z$a&;nz~zmf4O@VK;_ z4J=_|PTBG%zQ2n8^Uj%(FYMm4$8EwUU#NK>@+CB1W+ySGX!5fz8(;U^VfyHLzP}z^ zo0iPlve;^RZYO@Ac+;GNtIiiYeFGh@-UA(@=p*Um7p>vtY0ypmiypqH0^ZiT`Dwgg z!Mi%HaNeyT$LP{Yd_6A(oz%Z`92!-5=(E@7fAPK<*D7ROYX*HPy`VMA^BM0+#qV~$ z+0L&zzQet4Ue%j#z8)NuPn0jOZ?2`z)yv08eF44H7gLNZ+4Gm;eZjr!z+dy4W&+<7 zPhTuX*U8osue0aN;pP1Yd}PO%UcLTVKC!C<2Rn3q+@mjC{Wsa~_d$QSM z%BA1Y)c>o&->*+3CqH*!^y+^Xo};0U*So%q&u_THfy28Wq^-}A`AIyVO>E@$yL4&|p&KudKeQS? zn2BCed@Vgw3oprM_4Y4wA`P!e|6C}(g7;<30-Q9hm_t~hk)>M{RYwEn%S;w;m zneW=^{%dQ_i)C|7xVrwG`s%ALjqul=O(B0{ef|f!XZe%9aSB(CM>yY7zQ^rvg1IFB zQ1(MGs1|P&G`yR!xlzcEtM{eHUWE1^6A!rijVl+Kh^vzK8`r%@ok`z>|C z^3{m%yXvguy}Jz^9X?5-*~qWP-X55sk7(1T@oQv_TBYkzQB6B2Ue{?Vexk;`U+mbDwqZD_7w2G2)vf& z&q71N*#x|9{yG<#nGLKP_*Xt#@XshA$IX9z#vNN;o%Y#l23_uf*-Kwr9uxeh^^dml zz25riV$XL{t$(!F#OsOq+$Dj|Us2al^AfSs$3p_K;$mx)#*1gLHpFGnTsD2C)*>Bx zN^CsmYk01^IJBvIN2qfq&uH$2_Zbr}!AJ4EMj0oN&%S;eIThlDm)L7KOL`8T9dWw7 zKVikg5AP~{xT>S{;Xm@<)iHbFwpC>Z^LO79!G8;<)l6cIln{26pl+y+>!Eju?=|wh zQodIT9J8!I4f6?VvJaNtHxpk^@!u_XD&AI(z=r3K@PdvP@%%Q`CppKz z4csf5F)lX4(R=#k1-wohZ)CluSjE@IwnMa0o1zV_E%mhV6m86O z+IWF=9P|GBycjy8YZSIK4?GO4*0|U#t{EEy9@wBN?D~a`;88YmTzp)~;J~@?x!Kdk zL;g0fB|X|GIYb+4d~I;9Hm>!wp?Xyp5BlRk*1hMYpw$_sKNis+?mA&><96r_uN^v& zS9^wO;~TW$)g9uOv*4H8JiKD@=km*|W_%`5PcnX z|8*g}Zt}bE0Quc2;J7e@{hO-ip4KTDRa+g@FAU`ftY(Ix>xzPr0XUw z(>RTtS4t0bUS!%jFbJNubNTlw7IWI_E)H*kmdnbvjl++z?D%ZkpqSRnV6E(!YM=G} zM(}ZIT1FpB*Gq@Hd?3H*@8Jc;%DdL$YcT$|IS+n7Z<(>hNsP%VJ_yj~Gv~5*FFawv zWAe#0U(}_Q==KqP6%9qS$d({4HF_ow-JfLz%S~PqK9_y1rO#5qp?E>!o;BoOo|4jP8 z`JQm}KI8QTv*0_E_re#P<>SA3zWBjg?=*~k1nh4n#uxWfbJ^GN;`SZ(dUku+%g4K( zUH3KccoDi_zGdctYhAeRVrnO-U-0w!

    >S7$Na4Ht|h9-gEf3YF$t ztiQAWy)zCqvnSt*bkj4lyWc#7t_|{j@;%t?16`l(`^jxN&Bbn50=t7}u?sxlH*a8P z+sWTK{Ei@j2;J`9j{&;O1wrm*4z}uI=}|g3Vl52U=I=(^JMXh7PSjo*O>W+NmSK z<<5An%<(=hiAutHdetuI2U7NlWuz3#_fY!b3HP%W%Kj;oAbr~n7a7jJslOTQ5`uj~Ar8@|l5ikn0 zu8f0zO`HT72i5&3(Uzdgb!dR!Je)xH+y7BF<#GBu=-T$O>g$X(!4lB^uA9Kv4(x|r zpvzhPONvF(V;twwCUQo!DNp;&$B#$L!|6A8hU`s`xe~Ol^!pwlt`9s%zfj(rV*9DZ zn>gic1LeWyTl!GHY5GJ|_s9yyiLhM~r&~VcII@d)IXCU^r1DPxSNEer=-!L2O^2k3 ztOg!SX8Lk^jcRe=W!+y}ZaGW&19`!F4}ztt1yhDP|!R&;GxhRtX2CFtwiHu5A) z+^?X0ZG@(Tz)1S4=-B#onBz{u#gk+GlkZ%n64xGX1O2|2v?cx^f{)8e^Vs&3*e-bQ(k6=D0T#b9JoWrzbey1KxFB;ANv={uQ%%EsG z9LL7IMIM3nSJp3FM4W^(tzXdo=Ae5uy4K%Iv8@M<;&jE|>BKF955NSex6BpQXH0R8 zn-1dd9g)9Gd3ech2B8~p_dgYzZ02P_`&)M!bNMhHo`cadnTKT1T+*TVQ0KeXg}Cm7 zU7hfFznO`y4cEWTdw!rj*z#JE#~h|jW_>Vm--E6L<7vYsq`dAo>s5Ll=D3q^@$^{# zc95QT64w(emeol??lrJ^Q5QQ ze;Fo&q*oqko}5n~gfXi7unSM5|4yIJhE*K*1>}PM`@7jc1orQn$$oPWcDDY?{ohf3 zKLI*Dq+jEkK|&IWvbFZo9@^kn>70q~BMEdb#P)yDHBE5* zYQZ&ex@jX=cR-wkuKZu#>zZEKDGxRsbpI~!mfy@n*Vf871x($g7LcH$iu;Z^T583Gcg02m%u)7P|gKZc1%`fYyUm)%kkpAMpYTRQ;n;Uj4 zbEi>yhFBHqAIH55IiPjqz2;vN_buqMy3B1~!f!LKpmg@iaqtId9eMxKg|nDn0?`Rj zK*XQ&QpJ1EB#%r^XS_8@i;cmz^kBjrCfYL+;))n zDeL}2k&Xq&;j-TIo3-fL`kc7|k`0yNjNT&ZDPrd^4B>I(?4Krrge9JqeV7bx*L4_gTmP#n(IYz9o7^ z+mFl-84p*wS=hVA&h$LXfN zPT%Bx#=oEy=yKc0EhoBN%KeD`3c5Bwdtmb@j0Nql=&kfAAmYZtDA2l{15Q6f>t-zUn^{VCIyN7{=b&|^T>C$ueSs1n*LM3| zf{@a+{fz8IezQuYZ%u6KLmSY#?SJICY~sej^wG{e+yt&Cl3&#-7o6A1T8{!u73pEYYRpD~lvZal+s4bSDfzRy0we`(e>?uUx_s=sPe;pR9vc5( z<6RtkUfbwDyi_&vry|cU=zNeokf8G+Z8QA|bZxtrj9yKs9j7bb+3Z8y2p9r7y>`3f zSGpgNzlC`VbZr=e%@kM*I=$rm9+j7{<^gou6lM%hLi$$v6X@7-au>(-hAE))bJ)k+ zXTVxm3?0{TtuOA37cX}6Q_uUQZTFi#%D)bS@%X}=Us>v) zgv=exA1WQ0pS_!7yMWfQ^Rr`J9nq4!sO9RU|KK;%&91hlSvPiY`=66AYIqv^-Xdfm)J z(e=7_jEc55nLql?UUcib{tm@<6pW739nbz-AYlgE9CYP9pc9mChdxl3`LGzYzhbiiBz(>G2z}Bp{^ls%-^q-7q;n(TC%-8*lyq|T%rTh9C(Tmo8Go+D^NoP^eF<$2}Zi~-BLY$VSl zNITZrX(mkWZof%I*Is`*VbdLYg4UIJqD#Lt^Ls*7 z@1PrqoFV;ZY()1awpv%(r=hOyXtulWWDb(dwwkil^&(>*<2@>UU%^JwAv;c2`jKl~ z-LKfnyis!1SY2sPr&#~?`^^$`i@5vWVe=FG0@`1BZtECv5@cLL`Xjp;85VnHW zoxF+n@r3A8z*V4i)2bBgm*pH}9!I5bJ8U{aXVAK@v2Vjf{;#hqHXU^TDfFA)_%oyR zA{(3UAq-kKbtUa1Na)7)Y`Q7G`%O7?ZNBxwM(W!@wpv%lQLabd&%C!ZVE`#WUu$}?^D~wwpOf-;NTh9ya#et)~+@2_PQxYr(@SNGkP8i zIesJLfK#5Jzf*ckG6AKH}fyQc@$k6uEeGRq=LSF%6P$R#LWaLd%LSSJ{G@QQjzoin{{)U z(es|iajW4o(Ec@E!x|HikioV)eW+4&wrp9Gt@bbMOET-wwe9d=Y(~N;(7MT`m}4hS z!uxC!l{dZ4FW;YJenHokw|Urn0lA=cE3aid51K&}$RRzqJm8%BK=*!A`x`2hWQsl$ z)x8Is-q07cuC(u2#Jvvj>q+M)(9JBIWcn)IS=fC93qkA3_hGgYw*%s@NBIeK14WX| zaCB|@{)XKNI0af)o^Pu1Df501zfP(a@Ai;<)BW0fbRWDRsw+8j1GbGp>)yhC8c68C zHc@|Bw?Ap;C7DSo9Xez45IhQ6SJurfByK6lx;a}%#m}CuzdGOYizb<$(534Y314D& z2>t=BJM%Nr9ri#Tm<`4RH#+5^PbKHR<%x;L^meL+371GR#fC-G;lg!%V+1Y(t=okC z*3b^7l7}0sMZf!1mpUeX>vYIUPBK?3-JaM>yBanO_1;o+q0(cg-PaSbZvj? zJ!}@iC!lr3-#qvc;{EOH`kPlGdi^vdlgtpMdjz{;>sez2TDLa)jiD7Z1Dy^%e{|A0 zM)#s5GaB7MPT`9jaUEMR4U;Q1_OmwFxe<#zInT!30ak@*{U&?P1KIQ*%KOlV+$5ZFuTa~~0 z=*~me*5eJ>d&{^RLrA2%#nqMiX7eqhOp+-y zJX#(WW4jhMg4Pv(!|)4;zq($Wa&`Bp@yX<}Nv0gS*5AX}$o1E=Ay)S;_PauFcmR?w zil##~ZiXc1wkUtirAekCy0*SOgUx8j0`0G~>r;u7Ankfk>Dn@($6>P3ZG)~Y57O_M zh5a1xqT%*m3Q50bA#rlOl_F(8b$=*YNpyg!mo+30+Vj=lbWi+vb&$LYv>l@Ac7uOBwO{bWZj zI$M;^@2<}ASRJqEn2k{#!?$ktVQ2Hl{{1A5(fRXVe_#4DDd?P5>2W^x7sI8X%a1%) zc{yQTcY>>a;Y+H1=Ac__MAW~U*h>1;W}C>rGv!wpolDWN<=g5sItLy3 zPIq#JBvT`SKh4fTN6JqSo%-kmA}PW1Qto+mNT4J6rRVQ$zQ2Y)8R*=Cjt%nu%X>M# zTda@nb6X={NT_vBh&>4@8EiblyPma_1uXan`^O}p!RCQi6 zvCo0|u{vIPzBiXRn?FI;MSO&vt(V{M+ja=Y*~z@@er1=1-5TY$t-^3mC^&f_2K~5nF%dJW3IFrgl5XT+(TD;>+13aXSCi zPDy#qKqq-*biC5$Yvni{o3Htd#l*MU^J$-Q(5Zxuy$)NQnrG12&4n&rN9G;#(W#4$ zEoZj8){E2muX@;r{0cCpb2BOTC;bjnHOZ7@emy>&pF4xjnbJ9k&eiDH za%b!JSakgS8Ml8ISwAwFI0>?T#I|#`&5^CtPuqXaLic8LZM~58ZyNS9;{3DiUn2kH zIvYkOUFm#){X+OSPDje+3gQy^73nutOEN=MdadEu|3}-|z*#lCaeUhLzC^SrLUK!3 zy|4(S=u+57ZhBFPZV5%QsDyCoMJP6k(94!m5;l?|xsnuNQz;ZnAqguX3IFeN&l&gG z)7f_W$9z7&Jv-;l^S#fRnKNh3oH=tpKr4|xPMOcQjeQdSU@P^(d%g(I9%l*M2NhS= zG0u3Oxrs<~rQg(ueT|Xyo8-PRUdOp#8vKQ`)!e+J1Ev73Eth84osX_Vnk&D@`3n0! zM9Wa)4!qCg-iOufx$8Pyg~tSV*C}0Za+~VoZ|wMhsdP^|e~-W>8#O?hds!vc(_r6i=tiWu^IUEze{%x7*Ok6L z4aepYv;k@E#t*5hsLo2}%b;$L@~m*QlMk)dIr9z9c%8hFPBNkRlz=&3`8yDs2hc-E zbKks!=VKqorh#Si$OOz++vq2=fxV=zgUZa z8Ls^8icL>+CDL4(e|J0kB#dCY2S9xe{K7a(~9#Au5Aa;#O6HI8ENkPr+JpjzIkXi${tF7Cmik^t{GBx((aE- z9TEMOa|7lrxVC+G7n@Jf2Bf*4u3>Bf9k`a~;;7e!wCNW(+&1nwg02tA3j(GXt_`)Z zIU1dY=;GSzL8gr3Udg_`NVmD$nR_B3p9hM+!HJ||lm+QVp!<>bPu2l=n|%^ivDN37 zt*`Q);5sLX$!g2}#)m1>OOVX z^>?s)p7AsrWZv~4YzBMmWZv~%?6Y~5kKIXppRE_e`D`>Ai}Z2G^|63`66Ct;cONPD zJGQuDPiT9Pw3Bvj)}ZS{sqZRj7cd>*gi|rvGt#w09gy}< z)>9tFzLCf~p5N=GU7sf=FAkW;;AXqr$=DU57m?<6=eqU*`y{MoJ6Mea+IsOuZ=Sun z^`fwSz|4Z1>vBKG=1259(%d7dNDWXc)EsrVoa<$G=X}TyIPLC1Djzt@JE+fyk#MheiVPty}{@QXX>Jl&w6!#)*E=N6(=1w3! z14)?8R@NEtjyKD^%Jq)Brlc$757&ly*u058M!NjvJ?%f)m-$)g@}J5x4GH;|2F#^! z+-xw1k}iUdN7_Gm{(V0C+97!_+tzP6URkSMwz^-K)h%EK!nN0h%dxu_-HkN2XM#5F zbKU_$XCYljd-rq7Nye=vro6@9%LC?KxDgx2W;R-eH20ihd`10HZ#3spuCbRn<+N&% z)Blj`!e1^Yr$@kSRQ|q<%|i4B(p*_L?Gq&73$}jkjqcy&!wuh;&WC02R-w;5Tsco` ze8D?6C>v>RE!M1;{MFaTf}R0$E?gUOu@Qe`Y;`+Ev6-&yv*l&32$;*Tv*j(n@6vj)h4lH+jri3l4{2sCm=f}@44Bv9 z*m`_3=@MuN(*DWw*@xLDq2ZRY>%~9)o2%&WD*wh~`wV&kY5)G*k3K*9)+3u|QWtVu z|MIS8T(Mf}Yg2zVl1}Qu7PdOyrQYsPj3VqdtK+J)!6~mQZ1r({Ux&3F*(X8XGuA$c z9}=boRllt_<3Ea958Fm4$HSHPyIZ+j`yRgJze9BX>hs9-37D_?q})jTxd7Yts1wr1 zDeHyK$W8kh!>;=M>G~cgz4+4y>EpcaBwqJmp9Jy8?>Ke+GS|?qE3Q3{?)GqZcOH%L zJCEQ-XbWtZ1y9Oz4qJVk^1G@F*=PNXTpKVg@yCX@`0PEj3hDZ^>SV_7+4m!|wvyYe z-1<}qr;9qSUr86($a5*A^GnvZI-PyzAZZ^ot1~QN>io*<%Y6denCoB+yMAZ}(%e3q zng5P{MO)Cu!!k{W_CYhEg!@7FKDX~;-o`JVZ) zNOLbD-W3f**P?A*7zfF9$}8dedsT1V4|Kmic5lEOqqw(YGZN(^&0R%&1Cp?nZMUQG zJDaxtr}Xo|pN>nfFA=?;aU-}KLMr@@O~wz5HzUoJ_1EgMPr_OB)rITr7wLLd47Uqh z+uuF`+a{=uhnq+IHZ&GJfaJM$FZu|Quen{EIpFdf-qwfssDN2V<&C5~p^d>t%B_&C z_E)aAudq*o^baCFG@_2O0nF5O5qU$`6>w6?X_WBT+ueAc;GU z7?gRV^VpXfmuTzogehV86O8Xa#CfaA={?e}N53PTpBHf6UxEgqJk(|s^V+c!&N!cP zGGn=~<#U^#W3ictrXbCIj`(~eA<0(mw=!vWoACX@mLUDZf657N30xcA!bZwz6#)^ana^{A%a!>&e)9m{qCD(z7CssQouZ? z{FV8qv#=}laAp3f4d?K`-*rX%YYKQC0@wC`7s2}&ec|ECdLEUwF`kHI9XFj1Grn}n zPu^RbXuo_i&qtKM)v&9L>LQ&F@;=Mf;mIh4J18()G7Jw%t%) z4_DUln##U~=w&ptJ#AMv`X}@U#=G@F#^LOFk$f^>YQwel_dRS<=RaHRZq8 z+G(8+_B_`9#-=jA0B$5@Vazw!{*M0ia1Z*0{6P|CAMUhQ^1es!GTN)0X#vw#`Fk9; zO;9uB^*6>o=?|_>miBjnTW;FlB;2bMcP!V2OR>M)!+nwcHq7P!^70}2RKO$@cM!aL z(0v}Rj7QF3p9JqXlwba4P3QTd;=YLO612?2mHz)%?Awaucb2ukMSl4J_j$PXy!aiv z>c283gmnJO^NQ=)Hxea~JO`O`x^q5snCpxe>G2ISGhntW?j&rIXf@K@Mhu8GMV(O$ z$$Cm1dO6(XKHU6S0aNY4w7=J3GXhNzTk_IA|NDw~2|92)>x3cgZ>yJg^*8=pz+}U< z=f$zuoQ_%}&F%CB?>Vq9fz~&3@>kX!ka_rn-Ep(cjPuy@E&6=G^itdj*v&$3AkCF^ zCMy3q@OW!ANck?sr?SMHE zj?K@*NcSfvK^?Z*KUo*9Ph;o%M)C#v`Kmo`eVvKJJsWP8>!LhQKMrOi4_BTSoX$Q8 zE!oQZUY%Q*)Ng)Tu8g19>un+2OMSR)_L6IsGVZ7HLDnPc0`oEtSJnr)mVFZXv+do4 z`%e6o^;oUHk`H$Mw>aFfihDaYN%C^2hb!Y+BVDfCZ~5h~yhm!wKMD6K#g%#5!hP7o zmHRk5Pg}Tt>k%v_e=Rq%EMQ)SYumxe831?|^n`~yUG}?SD*yY{SAD&W!hPF^`{Z77 z<8U|naG%*rZUXK$#g*&Fi!kSUxU%kt;hHOYpJ~Zj-jK^qh(R%@t57)N8(mssA_E8U4+J`6ECqd3*zx!X^{^qww$ANN#s-N}c$KyhEgb}@Pz>Fb3&A6dyh37@dd zIegdpE8|CNT>r8@2$=WbX1nn(uo3RJNOON7Zg{UxLWpg*y1R1s?VaZ4!`%ee=C54e z_Q&o3q`BVfn_oWY{4IvNL*>Ka@FaihdbkaV+i|pt@1kAJls8P&x+tSS6o?FqAkpJ9xkss{u8qK-|u__^Urmt816+r+>U$6ErEN5 z;!ehwE-<@!xO;ki%UTgIH~MgU?Ikw{?gMajedr4_&&#DvutD12^6GB_?vsjp6E?!V z)x(wF$&xUf{a$X>4bFXd4Oh48;_tH_uC(hml+{ly)&9aQfg5p+UWT_2E%I<{l0P4^Pr`b(`u7v8 zztW!Bern!I=KVaJKHp?~;cM)E_Hga^Le-26GnX`a94q4HFYf)54<&GqQC#_5kw+h- zi-x^!&vtO{WP|s2MXbM?8(+n^CS04pN5QL)PV{hPU4r)P>x#V3%No1>>imtY=DiQN zHprN44{UoO$xZiuJ;VEZUvcbiR>#?o^a(T{>Eo1fiDs2EOfFi~BRyU%$2fGobDyV= zvtSM5D2jUzb`PNmNOR?R=c~d*-s4>CGtL@c8!&TK{&jqn`#5aZdAQ@*FJXVy2&qDy z(&a64hsAH5f97M}i%{I-uxoitLtlXkB`0Pb|OBE&m{EVf4}R@ zHB@rjt`x!@2-ntoxh@`bH0!{7xc!LVf+S3D<$r&!-%~Dudza!Su)VE5V}Ty-XyWDh ztGUsyc<&dk4RXCrUdY?4@p%{{RWU>yW{I+AOdd>s4!fyiRUB#Kqm#%Kg zJXq3e&UA5xa6S924^oG7H#qx?;FS1q`j^4E!^7$3a!TMFI@V#zU+d33WpKRybI=56AY;PGl~M{J#7XaCH67o#gmDpZyo`zs{p^uq3Z^dshs% zxAM=H`(o^OSMFKg22#H%U~_0W=~tt*9y@6#KV_e7Z;G%Rt-jCNZ7jzwe>3l`spFS< zso!9;8R_G<>j8^jH5ixB$1le&K_7o1+~?rh^Ls12-;rTqB+Zraw;cAJhP>l%v)p_w zbslcv{cv@hXJXeDU4|;-n>{a<7IGb6-#S!C8#lCrQ$|T!?mq_1r^-LMU;U1>KOpU2 zMebK+{N1)|3AkH5++Sh-Sq8VtzE1y6x0kEjZRO!gK19mk`sKqWpL|Hd?G4wSuMOdyj4tqSWqqi-*moc5`)29;p2qW>>%Fe8 z@vS^(SKQNRk0)XKq=zf>!(x0Up(5igg>WD7;m+DiuKAhk16+Gumiue*cdm!)y2Ji=SsO|9mE=g`h1gdrvdC6 zjqXG8dnc=?dy=;~S2)jk^m!clmG>}}zq7EJkCq|LmG@FY`(>CTQFSz?DbMHlF5wRK znHP}r8~4GAdptJhpq@x`dmP9!YxaGHRwCgJYT$4exc=&VDBd104=e6(*ktUVVS-3= zdAiryW1a?OwQ2(^!@;k;SvagAUnYGceOu|{BII>Q3 z3(}sA^mX<`_xCm=((I0@8OvT|IVEzC+n(?TY_k-hr~4H{F;A`Fs-6e#?CK z`RrS)Y^ChBa1SFPzB6C~E zUe;N=ovqiON7*Mq)*F%gf$?0E?J>$$*UJL9UE$VDS+K?+?VqfdHpRpBwts%lcl3Q! z3EXScah{D!!kqfM|VqJQ%|*N5{~8Jt)4N#~hx>bdnhAI>9i zBJOdn!d}+fSkG4HpS(A^nSB!Ey;1Fx@FeJYgIOkMp7P=TxR=~~xG%$P;`+N2ULcEm zZlwK{_3961pM(b+`1_kRK3%UPm4are5BKoBvAvg;a*)1SLbg|<)AqVuI*RZ^(6Yj5bxac`=9kB{OXsq zLvc7ciX-Q-ydT%!C-t zU;Cia>GDZ8Sf!KtBj4YIbkZwGeFX1Z*Dgu=VNUwg_qAicw6$H`&*dY2Vms~cK0z~D zrN7)we@z+b8SlP{U?G~3~7pWRFA1b@0uHC9~?DDZIR(5MiFJt5zJ$9Rj>wL-DFKB*H zc9p6-c3Et7epV;0?eejc-=wsmk!#ny9J{RjgJ$2yt(7rR*Y2Wn?DDZYOxd+}?Rt9b zt|G4e%&HdTH|A2`myo{$_*~Yo9ii;1F{JhzaS4&EplPDMN5%t1f4QHh4w?F%L%LkW z&EU5pWz4GzTM3eGKe#c{T|zqB{#xDvDqR>}oOHcZy2JTg-T{fIbW|ymB;Ae5zqWiX z-`i28s}8T2bfXlnJD~mb(;S?MeG*>9jFqbpB49;3E{NDUo%5fzQ51RgpGuGuyE`!tC=eRoKPrMe_LB*Md z{Y^9ivpt-bh`*0E`Eb_4i5(F%k0{P+(r!fGAYFgHBc53^!}RvapU&9FY6s19#o3p% z(heTRR�-KMUph_|rs=>&T#)uQ<7+y##ednsYhvhtX0W&O9lvNYK2iIFFN7I8P(Z zd6u|va(#}g3HHTxf=1pku;=Mo(hBDrq&eRaKlsoLQ`5(vF#bf23YrqdIfAspX~@=( zGtP%ILh`3x&{XFB#`=@va$1zZsp)fEVf-jKI%p17oR%)9V;P)HKJ|Gm^||<%psBAo zU0lw!WpD=h99M72pX{JHQ*o|$Id_%8+3v&HB>8h(&|IuI!(7gzWpD=hyLBP70cD6sMQVxup!wcAxsZiTYf0a?tz*2X|A!_AhRSqpt5}0&xkE z#zB)cVb}Ci%1EC_`nsf#q^zCin9{#m!9R=oxRWk{RjN-dY41_# zgcl**OdsATl`cfTI)`-gNhf74!G7<-b8!jdwq{631WCtU&Q2K%IY-;=J8bYpzdedI}( zB;5?3bf0+A6_M^WpLCyj(iM|#wNJXQJ?TnF_k&NmA3W*I>6|po6Y!SXuby;Sq&r-t z+rj6eKatcMn%2~LzUT<2-V`?DzLWH}U0cC^(P|{=X+l%!!$-RH>`d-INpC|n_Dg@I zCR<5Q6KN__|7R1=_PJN$v`B?`i=es8;Ur{-ZI2eZ-;=8P)b9l8u2<=7eSOzWN7kkM z%O~9cmF`16kK^)sPr4$~jZ*1s`%>abS31=t=_N0rGZn#Qk$D7{tq)U*lK&5+^&!vy_p(kAt>0VLk?0LG? zlP>F=pjoNX+42k4b;{S4UzBuPRl0-uT*hUOWLt@BwdqcA?FvaBoRZFOn~zZsw}^BN zR61LK&-bJ==LSt@pLCr(>2gSSk4k5cyQe2z9_gM|>8yVPJ?ZjEw@9V4{v|x=lBCMi`SOS-ojH%|y-H`lx4@Gwhjf?vq?_eQ7bjgprL*nHJWslO(#=)r z>~Spdq$?!ddX>)lSL8`oOu9dP(yjBP%gPO!Bc`VF#qu_J(nU$v(kI~Io~7jLR1e3_v((Q5ElW5B zaC*YY=6?wj`A+GV`1$h`pN&6Y*YQhPkEaOEt#EArROY9a#c5Q`weY>;JGzV%HA4y)EBjI6dH0w0_I_P2O?- z=WrscZP4`lKaL}U-C*o&yYb9!&eIq8tgPSXh{1XA|M>nmb_M^3T^@EX{vUP;?B2mH z$E}(#b4+sIBIT&t^+oJ|8%bEscErKE=DR$9xG0r^@g=yQ!L{Y6^HFo<{RwHOB%H+7 zZ=RQ)pOJM@(EOyh<+Xoh@uF}lO;6X?6>@y^XD_W>`nW$~|5xsD%kQg|)h^lNE`(bL zu03w~{cmr6a;Tv-9P1XBEAvvy^3!s&VvHaB2i!ckZ58)te3Ef8c~`=gllUv^cJ6Tf zt;_|XJbxqY=zl4$T%+uDN^>uBs+1Ie>RMPHHwJf@;#S3%Oc=ZxRmxwPe|eBxxCpf> z;BU^wT-Ox$Xl&%2Gh(n%eqs8n*A#AzOho zSJsa^)8)2iTV6iISsQbm;x=o>y|a(M^1IWWTyFOYa7_pLd5SCVjh)T$oP)H#GM~P; z%a!@wwtryrK(_k4jltb-MmisU8qFGv$Cd6sQdA*%5B_?Wn|X-;{6ftwf?H2%Ekxkfs29fT|GpoD?=qjyF=Ljfa`BX`nv^iFIU{L*!s0QQ`rBk%dJSelhr9` z?pFCAW#(6IcK)jz(>bImx1PbBsJOe!-#w`hg>dI8?!VPO6vO>iad%hG=D7JQ^{m`{ zxP(UW>5A3gJ>eF^Jw$QsecM#e`DWkqlX8>K%JbKB=Ke=*?Hx9!9$ACqCKp?#3P9>+I2_iy_C zGQUgE+^)EFu{i;qjx@J5@eb%xB=6U2Zhs$cv@6fMR6bmVowt49P(t!P!F7BlLDtVN zHy_|GRQ~qI)|pO2tuBw75BF-74 z&Ml<#SJt5qvQNT(Z2j^<_jd}qGcQ4LYhvS9Zt}Y#N4ebk72xK@gQiGvPr=5o-#2uP zF;SO$UInln(r;I=QN+p_|=)t^b z@4MIeYLmPoXiiYv@3HwCWiUXY{XL#|QyH`%oX>X4nfTj~c`a%^H_bIya=yXMcE6`R zHpg*3^=GTObBVu!B&=e)u0H+t7RDs+O|KKzZUplQTu$<;pt%mNZ6Cb-hXT^c`R2X9 z(CwMcU)`T9fjdm)gSQ`Lx!!)1A6LJh6up}HdCFgTMkTre*?bUx`#M>WI!gJ>kE`EH zOu${BxLh7nb0s7zHTML?mCwrK=EGg}FL8DL7Qp>papk?g^*B_F#NQ`VM@~CQd=BrU zNsx8o%DcZPhMP4jT_1kH{&%#~!wnsmVGcwRf=p_00SB;eL4X-f;`z z{^-Mf=$O6Z=Hvy5ur*}l1UDxT2^yfL?^J#x& zo!)%refGv)=fexc%UY*5^7^jp^yUo+nih(?40{>dS?l3`P5dV$LEdNeD>r>T&Kejr zamBTLzU>}vjYbZ$7TdYUm2Q8>Z}houfqReQ$~xZC4?PNdoexckm$i;}p$|85bI>&6 ze6#gIt`{_srj>`A$^iF|eC~I>(D{%9_ZiwrFE@8DxlyceKXx;|tc&%H4^3LS>Dzl(k9LowX7iYx1{%RN?oY&AER_@1o4UU*B;{Gqt* zv2V|Fg?=9HQsOJoC+OULO6Tt^pY=Y9Zw;E$XRCIdj!lUAS)Hx+_blRVPbiN6TgQ{PF&`GLt-o@;kn=Rp!yQTdQ8W?BbyIUk`jlIAFz;U}?z7m*GlqF=wZHEW zUyarw@A`9Veafv6?wdZ`4ST@d;=_&H9yFVMxWDWH*L>yEp26M!g>?Rga-8$+K(;y` za)>uWXCv?VHpeG_bMD}}2{+3v$Bx*=(G^H@#}Y3<(^1QdOP5>rrMs>(n{y}6+2Pvf zfJ?BGdbX0S=6*|j8YJjGd`PWMX+hw*&$#Wc6Y$xeM}%U0(@KjMF%&ToUUmHME^9|rl9 zTWmPS9_mSKT5AlUh*Kl1}cx=#2Rope$$oS1>wwjyOG{YQ@>Y-?t(!VFa z&TR)Z*F4I7wc?(J-NooKq`A|G7ou0uA{q~UK2<$>SAX-yF%Nkz^&(Xw^p~;w0&PT^ z8$6x+2Xr)wpdt)1Pj>2kbGIJ#U`)-HTjDY9f7N|;Lu^h%XCuwcBQD`iw&(KvUFLh( z@v)`u`LFM*6OS`L9e+7JQsE)&o<(zz=Kf4PqgjTjjSfMBdEVW3rhA^c`4Hxw?jw8t zk7qtDTw8xn!=@E#k1V%_jNcHy8Qp=r&nIF&=Tl+=_fc?d`|5p8*Ht!|#m;q6b7Rw3j{>d@ zUCyL^MpvWC>~!-t^Je11(I}K^W2-s7W?tr;FXk!whblkEi9PMiG`8X&r=En+8^l+k zEocLh-`Sd4*Q9<=q?b>9jZ9~}Msa_`M*2k=ElP6_CVm{sLAL*0^$>?U$cJlYFh6cy zy8JD-*&c95`f!Wk9;UdqUR?xNf}0OPd!4d%Q?_!QDZ&1DAN%$dv}X}u(+c~Vsc$pp z66~%?7z(%)O-aM zvlyR3?a=rYJbO5TbS*MX(j6y}arI#?hlPvHCb+gedH|cp#13ih3&dYT5*D*9Iegdt zsr2`(zxi5U#BcPhdL@z3<_6IEUwE z=wUPhZMqirPUg!|ZcUDH`V~?i?0rxkb#H|7cQH0A&?=A_ITeCK&nfloUUSwy?6xc6ft=fxvzHCM*t zX0lJh>SXEuw4c9)a658d*m9eV?E>_=hx;D!jYxv`zSxf&dz1G8l)o~E;5+Pp@Njp! zOySD7gx_^q=Wi137R3#n$C~7*2GaTP3h|GTge`2#;}$Imn%*iO4*iVZkUyBYlOAqH zF5iVDc*kFS^Wkl-E3c&MZ!K)4|Js19_V*&Jf6eOq5k#{ur4|0 zn{6L*-U*s0TpNzYrAFB0API6Er2iWByAIlX&4(F<(^YW}z2BI|Fy7_6gk(9Vv9B?o z?T(iRuK-?ucs0cd!r9neh+;?|?={44K@#p}yPz&*T6NdJeVgV8~#B+x_pY? zW8Q@FcM5jTqC%v(ONg&V#b}?WO3z1LO1Vo}>GL)IKF{r3ZXT|FgWaDf^McacR>Zrb zThWbZ9QWSiPNIC6htQBdQpog!3?Z1j${5 z@CX_25Vv(oc4Vz&Ug@jypA&MqrhQAAEy()8CmHfQx!Qf{`WVCRQ0#2I`<3)n+A#Kt zbbdD`ejaLz9v@Kp_u$sK`K_Gy`P$_1U4NfB?~|aZ4c7))*Z5*=J0e|=E+;-=bh;iD zVpm`JBlp97NYfW-e+Ci1A4#al?*m6arM=c%uHO$~Ki0#Y>@tO0k?VIM+%Af{{ym;e z!FblgolktZ%dW_EHfJ60p~JQ9;!12kLF)E`}o^z}RQ>s{N$tk03 z=Zq66?l0K=i85oQxebY*hq|DPk>=L)@wcFu_vaN?uHSL&u0YyfsRuUD)EXyuB~Uo+3&4qQ6Fv+ZVko}Z9N-> z-6S-{!(BmqBl;1^c&~0(I=EbY{Vn;D_ln`#c3aN>9oYVfbpD3g@w|r5Bvj=0D|0r` zUsBuyv9E*bAyggC$X7x0fa1=<=EPw7JtE6}mHkUx?t2yB7QuZ^ zad+qMM=tmC3UCu&2h9@2^^Ut*fA@IY74BznZ9UqAFMpy+7dz$6EslgxE8^`@S2VC@ z>Gxc=`LruVo0w<4&@q<31F*XtjX^Rl=yshlpC!H=Z9ulnrM$*-51tC&v2Kmx>>yp0 z_Vjy@ls2wQ$T)%c*+}}>+iNkeYzyl&U?=CD3?H=Pvm4RvNb0d`7kZZX0<;1xLo&Wl z^KhphS?lr)^BvbmJ?@+HBhT}dKhlp}hu!DM`Xl!x6}g{CaESTvE^_^p1K9xQ2lNxt zeug?Q4-iQh-!^?cw{=^#Ur~q?Qz>XiOIUvruI(=#itX{}RHV805+8@2Mw5{o|D1Zx z^{2nv@6gX}3bwNThVnOw&3mW_Y3>)qw;&0%&MMvSw?6B9jsMIzEnHg<<$Cc8_S-#N z_wZ7iid--9;D(vUVY!px?u7aGZn#rPquVp#k~i6X~!S(aAy&J)nzYY zTi$UO!A&Tx%pY5Z-EyS;wZ6)BE@{f+#(rhqiQ*Q+6Mw(+aAjUkl}=7xWU(!e8~KfP zQ*jT$rWMLX+TQ}=g-F61@>zGzgC5R#;8*@dzwM!c9gu`e+3LDw*_xXV_iwnlDGT~y*j$h9 zK$`ms@wddHX7}Mq`$}hLFDRkR|`b;vo)cIxy9K0i2g#F+q^UV zN7NCuMTN98#YZ~aEiU)OKbV8;o~R{%vQ7+K+i&WH&Hd;Bq`3=;FGCVOVk`Geb51Xv zzq*|%_?!29757tYenr0{&6W9B2X%3{vkx!7{Yvm^#GQ(J7`CUNCP;JJ5$}d1%=*X~ zXK8iTZv3qjGNa+zcDxU^{n5=xa~~xBIFc}#t>1Ye?YO;9iDrb%M7TE0#AY^{gSh0` z`kS$kxUE}~wh+5#lj-*KJw9KJHX-d#^{zbAK=qN_&sv7m&3vE!VSeS1DT15LcSLDG z&%o{)bO+MhAQi7RYKl%ojpLMeFZ`i?PK7&$YihMVY@Mtykx zPb+%89tS%C@4#fbUdnaqSDt%yfT#Vm-zVF$u2Z@{nh!VQjr4QhF7SGyD?Qvn#D^dW zGM{=peHD2gl2Gr-=-*$7hC}8cxc2%t65Genc%=Q6=K!-@uG}x_^73m>ir^j#*VfAy zv0Z|edAMH@FF_K1XFK>9$6w2ot&GErO{Jjh_X(LM%HOz{cH^3gw7+h0voHIvAdU8S zo=^Qsz>O)c^aF-bo(Gn}6~6QXG}rp9+tmWNS1GO?r#^T$T&WM`aSP!NR$Ni=s~pTV%e!ug9zQFBJIROJaWA>?sv+~d$_Kd~ zioaKQxO;j%EP?x`^7rq`mCQ{r2YR?ei9d)W$UIlSa?|fk#rF%DkKsx?CgBlmr=b~0 z*WZQ2mmvvuo{%?xr5&@+L*n~~%x1V0MJg0w`#Jg&Y3{GYD{((2A&L-H`nFvAvEB%chZ3A{d$TU#gN3nSdJ&iQ?E#gH;!l!H(Ox@LA&CNP6 zWTJ4RDGOu1#74^PJGPqpC-E@%g%YZmb@4xG|So9h;-jF-UWp z5O0Yjv}L=g->&)aRhW5qZa(Bx51AftZT@z_rZ>6?Y3^9!Q_(X>=H+!z{w{ahN!_1| z)d-oJ6?ZOnZ=oWjxu!eMC(u#oFr>M~iu=3kZ_&XaGYYP)zsF;92FgX6dkyhh&@hxh ziw{cY?>3h!^~|0Z$wNYBvf}1rGYQQ^n)?y)uh8$P1Zi&g8>b!%_s$Hrpbib0m*6&W zqnTWY)Gt-VjMRg>BXmyO!H2Yt#LaBDjm;+V;0OHqxG*$5wMY5`3%X8$+S?fMjKpFs`vl++lw0;bzj=tA-9k-usFLE?4)f zvyKXx>)_h+xDj@zqSi>~!}Y{(MZ?guzcVMAes!z5j3qL^rpVyH#zO3ZXXiIazCiJ_I$h2!`%`wd zwm#VBCUQU2*yZZ}dhEE6S*rY9jqPSs<;v3edk*m!x(ani!W~T8F5FgJ3#Grawp#jq zmV){rQ=-Myy4=Lyvg&WHkH3iqA@i3H_nAH5cJtxJ8-`4^#p(Q&`}h?wH+s0c zyN}QF;YJ&U%;Ab_^C9c1is!>nA8zFMkf{&X+diD?;qI<|80T{JyeM-*$TWp(+sSV5 zu0R7l-0{SxqZg30llpow%jN3xq6BWPkH2quxV!T=>2h^@R+JMmUE$jB9lWjR7nH$H z8P6bO{7rmDZu&V*s?O4DIqfrZnhiG#ikwVg)-UamP_a%;uFveG^BB*QvIZzZa(PyzT~MP^P&&;)ji;5 zee1N_np=EY$ShL%&~2M>35=UW?>tIz*LbNZog?V1m_ zdbqpGhmAh@kUS$~j({6Ul?cC&>eh$39`5eyL)@o66rIWax(|2b9&r2naEn`n%;|7* zTz?O|miN!l@kp0jSK?QqJS6Km=yrRA%k9!TU4PA4A#p{_Ix`Pj^^&} zeB0tvZi(|kra<}I4c-kX-@|>M_{V4ylK$eXrj&Kmxvy^Q=EKK~bN}=Hb8g5y=fe&4 zEA8*@xZQlXk@M*{!?ocYcx})nNQ%Jr53VA93$o{fxqyDLvOAi@q6BFqd@6tV{hk@L z)l#N9@W|R^VZYhOUgmsBu=aW6fwqTEI@AZ6tfzR=`#y*bya3A}T9{Wu` z-_K(plZXA&KK2iK?DKuT|2*sy*f007f5>CM)aUzUm?|Ip5+D1q9{XY+dzqeAfPMA1 z`Ns{m{Kt9h$NBi5i%lW+r})@E;j!=RV;{vniG3#@`;IR;4%zZg_}HIAk|OK}_}EYM ze1F`>{w(Z^u^;PWKiOkH$j81F_9fWAzv9E`H4EsJl_Ahws^L*^Z#W?oEeeCCY>__<6AA@}!_S1aqU-8)I``90g zeFFQ%KK2Ve_Tzl)v$4;|euIzwB9Hw%ANz*b7hoS)#y@Vb<-f#ZU*uzd0yc%%*YmNr z@4edcU+ZHpeaIyC=la;cPk39BGeC(TJZ!Qd(g+BJ5c9Q#{+?0@js&-1ZwgMA+MkNMbd_1GtU>@UPVf&I%q_P=`Um-^T<9o6Jx|B;XV z4v&47kNs)b7hwOhkNsaB``!{ekcDj~i_HXIx*p|C#V9zoW59Vt=BKeb8fH z==1#-U|)oN%*TEokA1d}{pr{jV}HGm{r(>Nq>ulNurI;>0U!GVJ@$n@_6@K%Z9`_3 zkNv?Od*kCjQvvw>nvi+N$Nn&n{R|)b^RbU${|)wG@r6(uJDCeBb6xHITMg!+H(>v% zF0&%*i08xo3$DHIJ_B35ezx2X3HN;VcXYYk*p~PHdgLPN+w%XwU$~9_1Fng2eS>T7 zkG<~?xc7y7ylzVj?v;w$hsHqvu7~By{PiAg{`O^C-uoFPaEB=FE!gOFxh*%r{`+0- zmJ+z(Yg%)qZkdCYx8a$c;HlZE;_ z>;~rDqDnXNZXsJe|FgHdu7e);ERHkY_g;E@r#5!7ZfPU7n%jC(oS~_hxK{qx+ENeog!rBq8%AXM8=2YqcI5$mqjb9f4F5ljs#PE#cbw zTMe7qs1DNHj>1Cy(e+5@Lv`0*oew2fhRkKk-+Qnbk0v3_{gn9ED5F1fNZ87Fl=XM0 zI}RiMKHwaZDY`mj?uTpJof_D^$Y-_LYHnNNU66!cY-K*D<=VW^<6Mb8Av0ca`(Sem zdKzhNrvc;vnvY&Yk@?1Sc$v90ydRwxa@O(D+{lfb$M2`>!_U~rx`aE~YHrPe%=tkQ zj%PcLaYPxHv%bn!>cjnRK16N`nSpSlDGOsx!{!3C&n>07U))9B-pzNS&ZsYSam+Ey zm&f0%vmJl0XCBxHmm7UNWL}4B>qD1eJSRujA?H0g%t!K>-NS|+clX-ptH)0KsWv(oGtqkr~_J5D`^=*~Qt=Tfo&7Tr7p%2J2 zms{x`+HbT3>3ldOpLOa+XPD9GUQ`?3qocIgj(+3z>Hnw+1#RqQ*#bZy-JtjYAJ2&26r@6W!y^ z`GEOPaBaCw$7UgV18MG$#CM>;7~Y5atMvNysXJ+Qq7 zUFYH6OME<%AkWFOsxn8N0anYDt>z{^44I?g+WIgZ+ZWJFNc+2t_$nmf3%0u4EL)zF z+4mc=R))-JaBaD5#zxku`HijSRvycIDtWLn zoq#m=JmQ^@1bJ`VJ~y?#%2xcf+`LsG(?R)r8|RFyC)3@-y_R?ZpGlD4WAXbvNnOuM z;Kt$FdM5A3$a)huanq{(9SHZdQ4Y7P-!IVRmb039RdBN%6LS~#Q_!-#Ny6ujBU!&k7#=%tn$~(ETuKYfal;-9Tm(Yx@{Pv%&5B1{Cb0_`WG`1#W9*3Lb z`fItZu;&)T_M?KmUG7b6JG*mFE*Uty4(vs z37Kcq^|1?f!tKXam-~3)&!D-;%N^vyE%}u8o8!0V>)90VTi7l|x_mw%F5wHd_ML>R zpDUR*ZkbD;MnZI5$gESmAraQ%#O6m2@6d7FPolGs=JogR^49ZwOYtryy&QKJw%Wh@ zi9dyABh4G{;Uzx{nLiXy)>V_=|5${b&PTnj+L)vK-@_=?kNceWB`9~BkCwZ9FS!Z0 z3l(=9YnzI{A9=XN#J@ulD&lW3+$}!bt$WFh7Kh9}E7JL}6P~mql^-jezXuSng^oh4 z>Xy#mk#0TJ`C9_Fmg4^PSS3>*+eS#2TWjJSP#j%~Y+aCczrc_CMaUelxYsq}Jz(tm zA?>rhK`i{T!oxZiMWA7a1S!|+cJ)`B^$T^o9oZZ*H!AMY9RE!0o<*8#k6*T&-le#< zyfill?nuS8`8s> zLvGf0A@hR|ca4Yp`5toPa5Fwk_q%PmeeL1?ptxm~o9<^N;2x^DGS({X%`YDAq2rzW zjj)yVn05VK>|QH1H)~7Cw18{R3z{0!0Ndk{uD_?dTq(Ow6)3kT+;(syZegE=eJ;Ad z!yQJv06mAMBi%M+KjEy;b!L6WJzP$~_aW0AZjKv&6`L>7S4g)vM@-;e1~o;xzd6I( zpZk&iHavS>?{cYgJ!^xVKK`!6uS62$dS>4bw&$*FbvtfKLS~Q;x8GiJ3*in?$3Ga} zFf_u$ok{#9^cGr(biVd-^YsiFPjd4y`4jUb;6~i|T5RO{@HtzZ58n{qiX@bEeK?u& zviIXTTSI0l+$@*-JGNCP@;(>R+@8b-pdsjXr0eZE_ZlJVuvl(lTgc3YYr}omNIzsO zTk&q4^FhXR;;$%P&MzVJ3U;=<0=Yc_(EpAs^mS#gk_% zl5gL8cvU7jyezhwx6Z>eztY~pi=^nRZA$ukIIf0lb$-Q&cSl#DQH%vNcKa)GO|3b8 z*YlDxS9_iIy|d-%-yT2?(Tf%}y@{*l;7yYw(youAW)&qc2x%M@R?c>3>& z-$G`a;w>S)v>P9=)x2s2%(+BOk-Yn!U@T_d{gur~_Zn@>r+9nF9I`T9-h5r^cLw9w zXNPbp8z@em{By>HOR7 zwzu|plRHD^7I=|VZW}Y3^zWk|kgnf_Q@E!@wV$M|Ktmfaj?aV)sfRP3bjGb^e!Lx* z%C8hQk0?LoIh@?*UWcvb4j^uSKcPoB?Q2=}yBO|FNbwL(oG=?$5Npy?p%5 z4}{G@tJ3vh0(R5TETp+f;vb;(=p&^4&HT>sTl@kZzj)EMb;%9?I{c!)BxB>InnQH{ z>T&BxbpJ82LBq4{bU;gUnhLIz} z=0wG9hD|?oBhuW&EPf{eO+%BAtTQ&Wm*a23t-qR^UpH)GiktZ?@9m@WkmgQ%j{YPkbL$k+CZIMb#LEl1zngox zGlt!r_Fxh4YB>c*@=8e?1!KLfjHC#8{M?NO&q_DYP z<-?!Y$a*co*`>Mr5wD3PNWZ_la!bIS3fG>;M`A1Me$@AHTe-|j*m{4DuY*thO`IGy z%N4gLcCyaHbsny?4|lrk)k%MU^?97tIBbgHW~YwOnBmxdjW&C@7tSHy(NeSkZ7bq= zdY{TBLEp1;)hem;IXHqf(_M~f88&BslrFa$Uvk#FxQneWx6#B4kOcX?DE%DSwh{U{ zauM9iUG6OE-!s^LjY4xvb6dX5xF%YL-ayG$SPSlW=Q=SouZk&R9!M$fg<@b1CecwqaAKj=w7$S+C|ww)*(*B>oVR@EF_jjz8<7ut~zTD8;)S z&Nwt)@jzByO}y%>j34jIni&VthV%SYLSdJ%IZ4?cNt$fb5^>qH$C;TR{v>(@3B&#d zUoYA|3GvIqra2tj?yn%-C_a+kc-8r}mi-%$ge`3S`p0@)D*y7Z=?FKRvS7_pY(fio zri?6?{0h||9zn+6|_a=G=Y3@qmpP{di*Wal=T+<_LUiIN_ z*#qu8A8tO}j}`Y9cp0zp-Z0Ys9!&gb)DU^|VYv@C)-!CjDsF$;NIj3$J%2(c!@G;m zBvfP`YZ7j?wdwkMCieEXyS2X;u)hzxm2^I=ct^TvCH%_S-yp1_|O=y|05eTDckRD`_sY@6$^ z&W94XHz=;GE3fAX+xAp`M{EsD39>FzdF?~u%CH%#xZZiUmb=I6cEcU7^7k`*DnWlE zoew80%rIx7wx~7I^+DDuk~*RL7qP3uX14P83T(XjAnjQm`(JeHuQz}F>RB<|MQ|gj zoHOP&?Dcx)`bBSj#<}^U&VkWnB|CnIEU~;otH%3AZL(dmeAV zC%^Wgg#CZG{+87~==u=7Hf$Ow?!cpICts(XM7o|GNc;glJA$p38)p8K_->ALOsOE^KuK1(px!d}14f_Wm34_`C zwGT!6rRzfh+yN>d{;hJ0^y7ZX!@UcCMj)NPwmytzzqj0SeDb#d?i9rxhut(Z%fo$% zcoMyhyw}ZEKHT{AVKYZ@|E+u|hPw=|?f1QpKcAs*k62G1GLAxP(Mgm?pV67rsJeSPvbe?ZvWr?|HL zZR+9fuKi8;a3ce`4^Z5X=p&pBv$coYk@ydM7H8|N51Bo8?Uxk5eF?5TkFVew_HXn{ za&8WrrOMwv_%jgQj&%MGCq5dDLpQxs`hIAPPd*gEU8lJJR{f0)3Y!wRk<=B&n18GP zU~UPUN}vAw`I`^-5V*EqBG-#a?e3!8R| zI|RFY^aRq}*~Ay4cafL7)`y!vIBa?=uH3(Ug6&sGbN?VN_iy{Zx$E^JJHBiFMsE+B zI~4Z_?CPTvk>;LByfum;84uI<7Y%#vdLBpaVBAh|ZGW~Hn4KdOTEMc7Zl-nN^Q z@qa2hwgUFjPL^Q*y0W*&-=Ko_W=Pnq^|3#pg7#V1mtb%2m+beSjJ>oUZvKb(_n(l> z@kOWz@{GyeJIhw?m)g0hB5?QNVV=zwnKvT;pSByWe6HIi%huPE1l*(H+IrX$-q=I< zJ$n!LD&n^w3B%dy_gO4gkEa(84VxzR;UhL5oK?x3gZYEl3dPNbjE9NO+AsZlEoT_l z3+y7KkuZ_Z=b(3y&c8$7V%`zzgLu z*(!f3PbNMK&7dq6aITl|?xlpRd&A})l~1pd=0o%`(tcH1LO&JNMTaBFr{=r|CVmyU z?X1qH_-vjJ_{{EucB=nYlrh3uB>4#Wgy2pHRY`_#rKEJi|Tkc zpHwOJdm-zwRmYq04e`JD%s$_YjAXnDJ6nIZ^0~Zc^e0>GPnEZ6?~nw!5A%B-r0@5O z;I4-&butUH!?Ddl7a+}@M0_qPLT@8^zjWv_-XpuFvYAD{GNT#NS1qqE%=pb;s79Z7x?o&yJ1ezE1i3H8z)W{rQ2d=Du?RzxTvG z39{~JdF?_HZX9kTWkLC4d*CwqK}d6F6JLuey+b~+tw+7=wivqxmCc~I)4!T>X!^QW zJSJ=g!_9`f96ux2HAiib<~~mRE%XE0h!)&Ooj#cF;(V-i1^s9aB{)Jo$9*hpo`P$G zZErH(P1gfH+oipUVfTiQU9cRx0_@f)J6rFvl--`xJM%d8Sn;g?)fLazf9wwYJY8Sy z^|B^*IzMf`$aX4uS6=z&!9787Yr&IehDUq2&4{0iB(!HM=RqynizMY_uM7HoEqEeq z&W9UGS+L$JHdmwJNc;N%@gGpt<-A*ridwK%&Z*A%waLAIk$N@G<-{k1&6RL%yS3pD z=lAy-VXL{P5RW1W-!o=i)_bIuTMYLWxSZOl&>Gv$s5{c!VZ_Iy7tqtFD(!y$;ZFP9 ziux*fQTGF5o^Uz&lNhIjD{Ym8*RWZF-b0$Z-+PSDp_5Pp)VPB&{Z}(Diu0@9q+Q3m z;*-N>p2~;T*fgKWI{|Dp_bTEyAPIxnChGF6xX!NqkFlu~l-HE7`4Dczjo*WftZ(ro zTg_cB%=aB`6}C-kIrH&tU68H5F6T{UUI$zos$p|5Is(x=*nUFhiNxEW_Q+nVgtd`t zs)XdUu=!r)r}z1z^f%=BjXZzs3PVCgoQ)44BJ+!ggo zKZn)%@D-m)s7O8};0}iy6$3&K^3XmP5{k$YD35VuJ1!vQBw?w4nT&E(>A zejbgnC>!Z|G#JKRNP>J;UV9aX`^ta7&4c?PT-&ac68%eoj#^llxe> zw%vXe8~fZC@dH<6m_yO|8R`2RX^$Fa@A|%I!EEMPDDLstHAUwl&FxCO56VMzxc|}q z_I0oKIv*l0gv~XIo6n8R?br@Qnk(y`JjlLBkoR}@s($ZWpEWlh?%i+y{+#nvHMGWSnV7iKP4d{ z)QtG~NWzuxmVQnl{z%a83B+Fsn@{1|e6!qk9`5}W;OhJN*aF52mA{W;Fa74(9`3iq zx1sPy^bOhS>s!PvXYrS=TPh@8<9&$@X@9F>C){J$N;%tnka>LF*eBepk>)mbx%&RG zaADY73^(F@jk$?Tm-Zyj!<|8Vi4+LIyUvf3yMO<^^SJbVUNlL4SKQaJ-@*B}%ER46 z{BI;7xTdtfn){{m)h25Z&+p*c`mi51FJfMktU?P*Mq# zF8WB{L@2@_6(y4*moO5N%5QtS8ow_0cBedayy zy6&}a&Q~%;>sVLAwe^<%4f8(gj&vMmQT`U~L%$(iZ%eYB{Uu#*MMWuQm*O7xE%O4p z25IiQl#9@Qv>Rz|rRxvmM%Huv+J;!Y9bd#=7di`R?q!sFp<(C_)V&5{YfWc6;)`B!EW`;Bnz`sgKWXP|dI+$EG( zp{-~=8sD7vvrnX+wsYTv&pIZ1Gvm7A+GDrEixcAfb-!LTE6MR&4&3|T5~^t0i7$Vl zl<(r>a3bXfs3nr;YOQO*HS?{V_|9?t%^qotyKQfZws4<|54ZhcaM$~Av$m#~cj1Oz zf3Ji$7Cr6Z*7=_HfF_`akZxz$g{7nWLUNy0b}0uG`6b1Cthn>A*?_hn-5%Qfz_TLJ zljuGq?ac1qtakgGaF@9aAp9Hqm2ho;n~Kdl=sl#lTPUZjciP#BrE zZhwm#fB)os*Tz^Jwqf@t+K)8%t_|#Op(oJ8NOMQ{aP$7+e3#-*!saFPD$?BJHnO*c zYNP5%a~t+_;-LMF>`yU06t^ihZBaX<~^00;<-+1Hzt$M%kVqe-|=pI z^>I!lG1ZjX6dQlrVRs?A25EoiP?ofiT-LGrIH!ERvtO#`&FthW4IUC*_m3az8aX9rdfieYiE8@wd?R_mxEnhGkAPWtU4e_ruM0xy`WYhOR@J zJB{)Tv;@76Du-#CoTrkuyTaxEScy5?6Y9^@oeu~XrRB2m0cP`~mP%-)*EyG{S z9qrbeTvxv#!ErELG1a`G{4Kkkd#+Jcr2Sn)If9DOM%1Nc>^%J15HDkyVr*sIW^U+f@|BuTx>o>A0f@%O*!#rrwx}Q z-+O8-4t9Kag7(ncZ4Wu&R3q={&2;@e37gue9n#!x#fj!-^ccDi)ve2Ze;cRX(%EDa zwzLO%2c4w6Gg8ejaKq7(F|T2>5G_WUTkn@d(+qV%7a=`9ba%(e+SFT-%L&&`HBC3i zxHn-l6y+k#T~E0f1%71@0cq|Cmn-eTa`Wn@nk>aV1)EyvOr*I_Ql5+?y+p3LHonI* zAOC$kbXKbArMRzS6G1DG=8oCH*nk$IcTn}}v3kpM_piiXyPga;Of_TR){J_>v)-@~ ze}5*|+{<=yzZ1F_-G#KjOWc03t9NWaD5G(znWg+4hs_Jx|^N3VNKZ?zXe3v@y%gYnE#MP~5Aq z>y2(kn)?LhN$7bb_vdSF6PK&^N%Nbhn&Y=n2d=-dG$$itB+tKCf zc{9I7sySP6|HMwXX}`sDPp4cTH9=l(wjZ};syQESP1oOc*mXzOA?@!_$`7Dt&=?Wt zaqYT#pv#r#yiamD>8(@Em5MtZ8{y7Jn)?mqEoeXb4QcL3A8u}Ds_6@trCcW3XF=Gx^E)$6!nOVQ3~X;eeUaw&+sl}Yo<(^`$6Tt9z{;NGMBU5Ralzc_Y5ntS6u)@*1d znuhvKGiL8|PJ3wI(>Z?A&!rDv&-wwb8*Z}>o231$agpYZp`4H2K(8P@KBU~>>^~$Y zsPU|4s`&!0O~nry^F4OIpd>zY_s{qfN#+D}D$>lo#8y(?jj5&xjvc@5S!m+Ux7mHT zTG%&4l3J1{$9O>M<}4V$^B5NYm8%HJVL_cn+h z$8EdPT+=7jG=m$CS{Sn#TiN$cN{Ht+rhFli)aC>K_FATPEDn*rsivLccEVPUL;88R z`IKLAxd+>y*8B81{ZfrQ$HTUV8Q8v=X3TsKSKc@CE$eYf@;p1g{-xh9pLt6vYy24Z zOL)>2HhZ`xG06mxBv~UKikp3Fsu=>;&S%GCE7z;mBiHrTmGVt4_f~TIyd+y^l2`5% zi*Mm=spej|w%-oG=IvU>eB+vn+JlT35e8foru%43kEXUYBA{UfwLI}V0F zOf^g3E{R&OM~lrIRHj@!w|sh%X@PD*H=_Jj+>ctG^LcHPO!@Pi=kg7vk>Bld!k?s? z&Ky^U-STp5)}ZxB`@5HN@VF#%Jd$xx-$%a9ZJ+x7^a$J=eYmG!UsA65*@?5}<}PQS z08+AYc8XJP`ntKurc_gv_}F$b3S2y}n0zkdiS&zs$8#*g_48e8Ip-C5V9nI zJL^NuE#97Lw!*db_9eUxXp4vY;HgPw5}J?RL3@VK_aAWLTKz_6pSTt4`p(W$iaib1 zNyUuAZhW)({7v4iun}8H?)Y1Jv+4&@N0P?YU>*Kzs;Py&t)Fe!{Vukr#n(?d<&#lW zB=&^T4Y&4Q_R&#s$_?y2o)yz~}>+cgD?&11d0QX}b?zn%+ErdIm zdCaym>+ghr$&J9>e=Cjf?}s`PpbB{X*AU#~Ypgs@p^E zu2j?hmslL0#ZKN=^?`>g@2mORRevvMR4zjo9G69GK6lMsFX`(y zGWVsLpHv*y@;#*=m#rGlO|Hj&4XTDtLOQ-feELNMZkbO{NhA#HBhtWR%W|)9EM{x(c++sZyz|&l_j(>3hxEjNxdX0kXI-)TsWI1_k?Zzw2jvIR zV`$lxPQ8WLLy_@urt7a>CuDMR?h&}*XpOKBgq`?1ja+lzp}Z8WM4us9e^~Akm#d#^ zl*c>yro*-E_iJpnp`VfF?x$R_IAE`Lh!bbdULaw>( zDPMcW;5-|JV+VOWe zb~2u=^>Af8+s$YDkas+r=r``bJz+pv$oU~2ks zPdf~5B_FN{1kAZU-1>*Xt?R?hgL{?Yo(E6Xxmh0Wt(5#y#|x#e?>1Md@9 z(vtZZ`;&IY#w~gOn9S$rV6Xkkq&%9RNxJgGgt+VEVhJB8S_g z=Yiu(aruCmp#1HK&E=>o(%f9i0k-ut`Q~j-8UsNagP&2W!Ho2F!Z6wmntGM%Fcr$u;+8%J-vZ z(Gy78lc|Vv9QSW?`>SqGrb@t+-W7|lyw6MCbNUjtn)@o{QtT&5T2L*1-Du;W&$Hyf ztq0eR-?Ok^gTD4~Ppgw;&P6w%E78uL97o^i+>bbGva`<9<7|5MfVl;(jl+kWZY;3(;Q#W9mDsJMLNzwIl1#-=8Nx41BMwcO3*Vy@Hwd!wnK99h? z1ujEVH1)@(7Ik_*x#o_gJQ+zUByZTxnDRa1{e5?Q>^jf9dI8Q~$J*~=Y%ZynWI7|w z-9mX6y7Vmi2P$07@d?L1^8I(Z>s)<(SW&}(c}2yc2Q~xH9Y}L`Q!bN{WWuNt8raF0 z6*oBCnl~PJJ#l{HfcYG5IQk8ZISZSM(4|OoKcc)DRjkimIvV-~dz2Rwmyzt}_HxEc znJ@mnKcZ#86e)k-We$>gs2aAKTZi&jd@jj*Txr{cZf7}gcfxJL@6TlLIS2cz&ab3!N}sRheE;6=dPZ~eE)AGYKHMtUmy|oyha1TXn41*04Lmt6>FVJQrThTOLvmcA z{mt{^b_$qbaMRri8;70D!_&yMzva$hJ%`$$#%SjPo`bT??Z584ChgYFKLuR^W-{Ci zm)i*&iEnpu%^g8`9GZmWJw6%bW8>IV*I#)bn;plBFAtbcl)tZHcU(KJUnJMul*UP> z8tRD7MXQ(cJdX}MLx6q#7H;Zzxx2l4P2p43tlw z8yG5OUSwQY;e^~kR8Gp-Go)IG6rwKqQ- zhVDVypOmIa<_y#YwMSiPoAx}}9CzPdUq_YMBVbNZ-1pAmy)4+}AN^qv887F@eNnhozGw9>=fL3tlKz8Pypr1z70y7i*_Q^t(} za}ivdPQ#`lYJ+4{a*q#^b0|N7o-5IgDxPx(!WMDbH`IZ?yUh+O>rmFl(b_nyV)Y(jTJdpFn4BgR`cU!>R z?Zcgot&YP#ao729BRK){B-~8b->=|pMLk=_bBi-M58Z~n9<&toyo~eytW}#Z{!f3+ zxu3f-@4i{dI!99O{Q*<)k60Y;I+uM}^b*qkrk}@rg)&hSRCg@T_Ik*PL%w@H^L9CJ z?#3Zw6zd|m;pkuCxggjKLf<0GWt~-K_4!Gr!v#s^E;IlwdV_aMzf#8J;O~%0j=%am zfANz6lL^cs4Fz`YG;6?8c!Umg-)uXp)XO-qJ2|5j(gd`5RjhuOXg?nA4<`zr{m^pC6?iX!^O$U^XG+;2kZVlPV`v1L*@fe~^PTVC z+pRYlA0Bf1Mb@(cvsH0tV)H3li8Qw($41wo(P$WI(vNwb>#4-gaBat5&CPj^_1K@W zl-wrF*e^h`>K`Qdh4jyvr`z?;oA8A2OF6$YLaViL(1)t zq%87+(~No1-LDm&CF%GUPYswhaBV-f?e}sIHwtwBDM|YcKOZoIRr|djp3L((9V7_Z7|A@Z+i!+n`-R(8#bFF~)6hJm<4}uZa5)Zdjimi*?&w9%`BNQ-f@uLW)F%!( z*lX_L#-RvqCl!aG@Lpg&InKkKPk9+yjlMwI-?lz+D1I?u9#j5)i_MQ{JJS9>dKK^9 z<17QMaGHtbb4Q za9dNp5M7C6{MF-nS2qs&{n+7G0%k2-yI*xJcCuc-gQ#AiPtZ@uOE)LZ(i>|d((VAp56JY4IB zg`W>7hIZTu0Yz~i?di?q1#bEB=H@3iZh;Nr8@hUdR#AhgX0zz2ib2u zllHI)Tg}z}%Ja1j*&g8Lt2o&8!*&n%u-6YW0w%OKR&T$EWse!b=gDB^sM^Vp# z@$GDcJFe?Eq|XeP)8X2Ar~tbU&t&&iAMgHah>PAWWe3*<8S_~fVm8=JteFs4Vb=g!><3IV6zVWfHb#87g(qxIuEV5oNJRiI_<2V zyFQcg_iLAvH=BJRAAhgIR&)Q!-?~2jX1y0Mvwi#><>CI5zc2dun>&Z|oXX#i;jKhp zd$?(rv)_!Wpka49`)u~S$$FQo_X%?5229|uSbQ5|C&xqQk?T0zEIc#{Jw1qPAWmnU zda@JWG48mdudgVW$NB-T9nZ#KC+o?H=E>NsQ+(tee{LF{CHt4OZ7Nt~;y&1aI%Chr(Na9>03 zYenGpQ1NYnO$U^PGmhn8;S2Ma_#SG%A3$mWcQ=&@$pbMzH!`T0du>G zLz%0ob5sLq?kLLnXeN3+n$vzeIdM(7$vN)U>%NTT0dpT*J0GvYM%I%X$u&2nTaq~u z)k4)#1cRMO>T9a&ugu5xcr*LcfEf?BiQCRvU~>`bj5POA%1@)|Xc}r?pEi89GtYN- z+pnBQv-5mmg#M=d{Q#Q}*`HiauDRvAv%iBHqXtO)O@=G}j(54*-;B=#X0D2FXKbY2 zt|!;rhbd1)GtetY?;|dA;~??<+Wp=cUj)n-%HNN$S&h~r%`JBg*W#fTs1cHReg(l4 ze|M_*+I_jg6rl@MOI{#=~uW1J7UJv(@M` zB;&fBkK4Lj8F%bHLG~)H8-i=cou9Ee74BYg?QgwnxdsPagxVs_?dNj!e37*}VCpOG z4cJt>mS@C}YwqimXA2K~Ai45)j1M7+_99ONAIDTNORZwa0}N4Ob*=kZoB&&n;ochc0Bh3%3sQ7*K=No zyx*G~w=lo8=e%_;@6wa@R_V_K)6w1EDg2iGGv#kL?8M*R7?;!D4$2Zi+ zX=l3Liif=r(i{l6p%%*XhUEH#)~H@_Yf? zFN!t<%m%o2{CxzQ3Frl+xqnbTt|#L?s*EJQc0Jj#jx!I*d0X3$i#7#JEp=Sj0-JW| zLZrD@P`(~XlJ~Uf`Ayn_Bs~vhZw{D0@Yl|py|I=3s5?Adxz1@6pXDL%e$*a!KGxju z7OrD334e3#yg9+c{ik_zgj;WM+#gv#z_szU^V@qK?mx|M(_OBfFS51<%n#~#-o|&W zhkLm3jlgZI;;;$cK9qK2e7&7dISX||GH*(Iu&)Ckmqquf|vag5h4j<91 zB>R)uaC@kBHW;4tw%%2(06n8ham3lF@Al)w>qC6H&MzZeHqYy6e8U@pnhSELHw)z()4hcam#v<=&h#MIBHkl6A?>OB`<4tvBfxc09}36)9e>FG#PsTG9--dmi^U|%!HTQbTIY`o7(FMTMG8Ff0hs% z&+frS#>t1tHCM*TDK2+9`Jvv^k@Hu;REL}Hwud*dS%5x4n!AJYK6L!eoEJfw+t95y zeLYV0KGso+dkQu+(OF1y>}OvNu00Oui_Lv#G}7EPlsBW) zeq7ItMlR+0myeu!D__@{-%>aZu;+R6xCgllTszNK#YT>g>yvBld6X|flCC2k*e%w6 zZN2GvK9U$TeHFJCHgcW9UF4ek8s&G+Mnz6fG2 z+|MYlL)*{>q`4zp?&OnV{)R(A^D$i89(G{!2TI6^=T@Oy7qvi*P(kHb9LBrcP9u%s z&?=hJ(}Lz(#XS!jnTI-(Yk#{_z6nXnA-x{;T9YhG>sH@ z3pR4R`5U?BhHqznLyb`bq`8ZHxcSEiS!2iiwcO6wmXvFrkBtvD4tXa8&9#ba<2%&D z{ipc0@ZlDg51QK**T#2&hx}ymd*Kx?Ed@~x1WM3n@dTibt z;*RTj{LMQtXvQnD0yd0lTaef-U<6g00WZqh)mTSO-y&FxKj z0D1roL*lQ!zOz_y?YLh2pP(sJ+?m+Oe$;$&%{_GxduOO6YKSzq?hCQ@V7b{R2hB>w zy%ihTPaRCIxnn6$MsJ{(k>;-OJC3a!G}{$-5jMj8gj{pCQ{ICT1|P`X>%$G7!nl(Z z>lfv*lX0>#x#rfR+!URQWSrFg%6+RcR_gW;fqSyzT7NJ0aR15Q>V2L42hA-wHE0?r z?k(_SUv8*}JCpJU=xekR4ZNE5I%{C@v$s#ZWrl<1BE|g!8;Nhy9r1BEn{q333F?3r z^<@2Up~Edyaj@eT>UsDBY9K`=Isex_HZy>-KWsEP#^|r5JN6&kI}3x}QVv zzvESb>-FmJ`8i0ET(76k2V36b{LI#G5!`ift-rV8!(HeeWa~k=4^bYAo#vSO0o=0{_Xq5DAaiFt_XNtPq8dofr|I~1bo;yJ=GF?D3*p-1CZ>(Q z>)-mzS1%!xm*Xyc&Iw`bK2n)%0o zYtE#@zwpf5bl|9Z9lgDw!pTe{x0(IH|wmR zY3IYe=rFk3e7Hq$uT$Ks;oXF8_i*o}{0Mpy$-ba&zfFAVEiWTz?pEA<>|RAPk&eS$ z%FEE+Lay8M^y7{`-1Pb!pDV77?-w5KKedPQHy?QYP(Iw(6!&|0Kchc9+_FPC9z$Uy z*DdNewD93(HVB%9iu(h7^=OP|g>b)8+%xf~8R~#^d~c>a7~PGk5o7IdPal5^&JLO# zaP7Q#wE9JM!=MS3j`fS96^A0YRpHuss0Z#ID8NYQ&Up^m%B$Z@clGB*}b_DS~)I4vR1kKxU z?Kt^3?ekgm8q)O^p}ZD-kL3Cm-F`>=wBI7QpB#a|n(Nyhng-2! zcz*5Sbv~bsB*}Q@_q^NlXf9Vqe}la;xM#z)^)?^d<>))4{jE5RYYS0LWS`$;=i_xg zafq~FJ*l`W>8q`=y#Q(M<@32_fS+B;=iWFB^oc`O%b@9@xJPT;iNL)}ajm~s9K_!n zeEd!Bci=pf)hcKnQ(QX_-R$B1(>zqyhg%Hy1-N0i9{&f=Z@u#Z2A&bFZc>>$4llz3a27KHU6v^b5F0 zyFG;4bN=KQaP#4&q#pfoC#yryoO%qn=0fH-xVD}BoAu-dD#`9g<-zT!{5@L7^O+X~ zO|PTmuWr8)xWnMu_2gjMr{B8zem;K;NjliNTKD7ZjzROZ@^}0}xX+h>tNks8J5zE0 zO}%Mu?!`f~>A=xxzd8;Xm(t(hHi_1>F$L65GV8)JNRMX= z`1}(jX$5(XI$vqm)mymk!1jyute|Or1pXc>zWH#kglpUHQJarDasKZJ{MGY?jf0MF z1nxu1-!;U}Z@s>S&v&}<_3l4duD-7%r*qIe2R9t85w5l2IM{F9_Yj|tMUuSxJC>{O zvkzYuG_&E_dFW4kN*T`lh;)09TG+|L#FXsvfLy9CWv6^Em> z{w;=^9E`<5*6R)VuB|)m{oQc{Y@A-guAPrNQLiD4%~Yb_hxLp`*Ok^%;&>hZZhwSITW`T?gYhs5ZlWO6HJGQ z^FAZ@JYAW`_lN971dPpg~WF#_v8*olH_N85{6qk6dTtM z#=Rfr!!B3u`#sdYeFoe!;M(!*VBEv?Hxq8=G2mvw?S2fn*>LYV2Jy{-`^+)$Hy7^P zaP9c8nEtSn^9WLpwqNkyG7&!i7D=+tEwtxN?fjc|v(_`Ro z4&1HBfSU_9x!lojzj<&^I|kf*xXs|&dOKRz8x_Ots<^G_`^y;y^!Z~3g)$xZybF@_ zE^FaKt$%Z`3z|X4AP#wOAAxK4H4fH(4|m?ohx^(w@V5Z&hsS_h2=}{Vz>UD&e+=SV z1UH<1^!r;e+$L~szc^a!->mGQ>2wVI&4zm$+;Frf9liB$1n#47ZNE5L>)*`l=@&;3 z-$Si`^WlD`{5@LzxB%|Y%HM-=4|n}r2)ER6N5B0>;8r^Z+#KJf~;r2fUT+@T|ILCmS4)=Muw%+=1&$##e5L0TIGF=kQ zHSRjKHp|sRty2r&&QaXecXL0l&;D7NT8ZX+j<+T8>RjJ_TG=n*)Lt~D_Y9gZ6*p%D z&x5`o(e%VO*_Y!|bxCDzJv-6d;rcs~@1*am*2nXcqQB00N4Vd?4ZG!G*vfkpAMkJ= zrTnzZ?Z)#FWM4V!c=iQGOuIwYq zJvJiitK@pWIv;MC6Jqyqy@Rd9q0qx!Lb=~kCn$2BOx}~7!i^4L<*(dt^|!yhI6nl} z`uhd;@_yWJJlxS|QEz-EN%rjzR}v*CuL7QAjc!Fj*v77usi6rLIOljHB0YX0p( z$2WXa(6m=^*bYzLYqiV6{awl<9Dn6LAN{^?8)F@ZJh<6#?fe$R_5t3@S)N?Cvs#oJ zy4*J8)h}azr)zw@tx1dB|D4^M^GD>?(*KT_K@9&`$ttAWL%f?DGzzLZnZ|U&ks^>`ne%F zaG!!((=~h)p2Xp44|ft}Z-2Abd)j)F=k(b2Yx)MwbRX_Z|B{;r_k9(ISK&z?nd#xq zqP!4EI#~PFaVUoSx#HURF7mRDZH#Bi-y&?p-z`Y{ z8@iwK_UKUl+V|cS<#1j^`CAp+Ca49{+z%*!h9nh{AIx9dk8=kE&3%fy5t|)oH`3hm zA4oEtkfa>)gK=$qBZC-s6n6+Vx#(V`xv#T+c!SR*6_Ou{n{h|b%uw-NjLr9GBhuXV zBRT(oBwb7H$JOm2`@bB|E3Q0;t`~Owk><+td|&0W_t8uw-0UjOJXHA>=X!9>&AXHS zRw34YmtrGv_?BFAQ+S5miKDnL3EAgY+4fs`nsYzAex6S8T|sj$+>Gcqxtavzl>S?}mL z*nXk?ErffQ;=YFcduX1ATbq07H}RRIpUC~@P0fuAV?PzH?Z>->_aI{>(*8E2+!{%` zfZUHO{rFqvMoHmZ&R-~hFUIBybQRLvJ1O6XB;}F&am8Qz{FLzUpm|yOI}V#y(Hlr} zTRp_Rtw_>Udoi8C`)i_if4xkfcw@{kXb46pad+or?P< zHtW&PNOS8vOkHLrnl|L;AkA&7`mr4+(;wnEpkk~acf{s;Z56JOrCubT88WPNDo7nup#&J*&l@!x2&a*!r9QaL}|>{z^ao47(L5jw^kP z&m`?2*KyGO*!r9KNYGpXw^G!C^$0epk8o{0(%e>*J0MA2$o;soUbp_{J{mMPz_tCj z8#Xy;Aky65C?`JZa8Drj<4V8i?mRBRiVcWxX-HiF2$Es=zC=S749#T z_oAe{1Fy?msf!>@p)&L+nwi2_;K}dRw3MNaBaN} zCaEOPtH>A^GznZ^X#2%g_|yyaN4nl}DL;fBN8aZMtoEt5Vz?*5wegkf z;-A5GD$-ngf9$}8i3eQAzs=?9>tS-o2hCYOHyh3OaOFPirF`}o^4=d{b{_cL zgY>6@=6s(xtoCsKDGudbu5M=$xZRY$N2}g4pJrXH{N03~JJEiRzhxg|y@SHYdmn2} zAAiFWf@ZYh%Ju7Yux)^Jz1jPDoAbH%e%=-?S6{bM2zQ!_gRQr7J=}k)w=AD}%bLi2 zfXd&C;B`ekJlxwU--kvc@Ab+(ed3Vw4EH-Jf9-MiIG6jOGoF@lyLmJ#$#tZ;aQ{^P zJ`GQfyQg`$FH?RCNt(OWf1gXYv&>1{Cs8TZkLO@JaR6h4hxkIhJ={$r!Ak0~&sV{c6Q6^AyjQL2Z!scRA&+ z&?fX9%0D4?zv&{LS>)vwy~%ZLaKlm|q)Jaa`x-UKh3jsimT5#e6G^&Qein|cckFyo z>Acu{Q8<(9J(a&*u=#`Mdi4=o7?%4K<*7*0o8+r`r*w9e_> z^2r?IdfQa9MXNoqlUC~o?kplJ=)&YO0QKi|WR0^NUP|I%+A zrTcL{+^%qKyTC4XL+v&bVsw<^|1U6<>KT*i^LL!;J#ne;#-? z{(fHD9_rMJ^|u1JGvL~FiRJD%0`B!dZ2OJC{Rpm2zr&OIHqSWkt9JWwVu130knB;* z`;oKX51Q4=pQ`-qGR}iFCfDur8p^$qq(S6Ec_wMs*75yG`;%A5dQow0eGhdRu0N&y z&dbPpHXr-_KK8jKv@gK^q?2O(c?5P6kJ04%dyS_&#br(>AAeeG{IT^njPYk`^qU)# zIX`F`!?pGICN^)+_4W1P4>=#C{CX7|Iq zx#r4yoaegS56S0LJur^49vdv*i&OyjKDc)N{REru(MF`XXFbb(=SWf~@-9^lj%VcgsDA&ubt_-u1X`Te@8pz&)PxF1Eeb zJ&3;-;^XB=Qd54%@4UWV=VyM#z7Sm7KfTurxbci$FJSj?S{;O|kNb+?UZA*7)iZJT zlUi;&Se=oiZYAL6ea`(%aP7R<6B~V8ZR0D?f$Z;cOLAOoz6hE-;fAB0aGn)gyGF3> zRocUFJ|FFJ4;EitZ+URX!L8|XpTO3yJxt{DX)gCQ@*@72_q^!6Jn!GmUl}WcM$W_8 z_V6Y)3(-=f{gvb2FZgT&T8H#FGejNt*>R>A?q|m!zS&>W-;P0ii{b7)2Jy{X88l@p z$J)a-V&_+H(vN>flH~kEvN|sD>&F?ZxQ-F7?Qe@2XT0qURGArV68}C&@FTzD*N=67 zD}>upam{l{<`h%~NqblUL%5@+upft(qIsx$4W6sZSUzief+=#}@2Th6$hWK);o5fA zZfcTgUKTrY&7DN~B_wG!dB+yURHx6|7)UP1ljEbm!8yb4f@UmSo4#n4U>0My90|qs zH~CA->(N%E$MMm$T}ip$2TeX4J0ASX@BP&&(Ih#?pLZWQSLBkS)&ar5AQthjbP+ug%mc9J`h!j^UPp|}Nb*DJ2|H^4Y3 z^!9Eql?H+FWX*~DFWw&AR<99r!ucOM@ zz;o>t*T&(09PxEq%wMz1@#*TY?U7WWgo{>uI3hw`@=?$vN@8iVZw zG!;oi-Fi!&MR_gy9_hA_@Ad<;IcRQ#W5<Ga<9!8#vq=8qgNDz5kW(^5|ohr@mTbOGG&71zf1ERVlU zC?D*3xWzvHW^Cnofp8@iqjuPLLEVtFtIf`jO7)}sKXgBm^+t8Bf6QmXN#4bIaegOr z8|MXhE{9G3d5HZyu4jCh-O~(~he)&*5BIKD_4eY&*?^^9+(_ znM-?e{VKDncA{CxXUkFUbW3Q+!pGj(4HTIn8Ty?#t-lq*y0kh!R z`S4qyAHjYw_BO6| zUg_<|)&2VioL|_>-VCO3G0|}?;)hdwxHtbxZZX`?eYm&&ORo7PXp+JQ#^G(^DDC!O zagZ4NQykLap5k&x(iZyT=ly81$KMr{H=zX1mG2~%_3JhyW7ay}YqAwv9pA{WL9-aH zO)`GncM)?m{a0#U{4MGDHG(ggv4i6n_5G{j$J6Z7*C*HC|9Z*;k);2TA8H+twKHhS zRf&y@qp=ygG0{vS*WC4#_ajLuFFD^oyGnfflIO|U{q(|JoPSl^a@hRTn0HE$Yi?W0 z*C9z41pL=6`Z;yQzj5CmT-zUdVOz5**ME7qPf>y@4L~tcNNw$H*9=>#J}##~X_K zB@J&VR5&22Ajo20qs zub{aDZa5k_jxDkIorz-sx#nh`!M@CX#~Ha!+wXn=y)TmucbpG*>A&O_!hO$&`}x1* zhW7dK8UB%NQHVV>F}<=jYxpWjYfgInQLrhg=gf z`{3Fn4A=Tr0z()Cs5)g*Hgs)Fir&6u=RDkq+lX<2y z-{|v!dC4I&$;Z!cussq#i{ZWR##83S@8JA~O1&2EXEVw&FJ4W4G17icb^X-wEGQi^ z3Dpmb=UvzyiJ$3ZLZ${h8Lv8m9R}wK^c>Rh{Dg85+JvOu<@nRqd!bLg=cR;9TOU9F z!2U@5EQZ$yUf69&f592BInkuN9`9!r$_z-|~Cg*0~><+ss7)b)mhxaV7U zcgJfzzl4J!v&ZGi7``04AJDHzb5ASaS|ZdGeX=jUpYC<*OLGf2n5a}EzFl=~n`k;> ze}FS+Ru(N8Jo~uXaE|~nD?x5UR>&_Zec0&Uu@<3uW`SB zm;=g1K7PK2?UDGI3vZi`pEKZ<)X%9tex{!sGG)&=usxmh){*&{1MeJonbg}lzUZlN znxY(}{oG7>4?6K}&ZD9gyw}>+d*%71Oqe~FesdDcC$4LeQ$wb+kDr%ddnED9I4xub z!fTJ8F9PTc=N2>-X+KYThj-Ya4yX-U_F}Bw$KYoK|7ug|MeY%FR@IPs(#OwSY>&jx z0(f(L{2T$Vq<)4L9O!4HM#y~aF;Bhe)hqsF^jbc(td8CobYav z38P9#`un0TPCpvbt8_G;y1%E_CZ2F@vg6&w*dA^?N8?Biytm-Vc*pcEUe-G{WF zTPc^G&9&aB0vZ#J9j~|Voop_}C4Jpf!I>fRt&g8gu{~Tr<#;{49tT^s96u`qXbI<9 z^k1a?oKHD|eny*+9+&ztE_=tN+>DT^0@o%R&%k?!@2AAG2wr<1Kg+@^sh<%aKeNte zz2oEO6-Vf20lYkTEL}`>;(0ZkyUbQ99?e2el2XgykohQ1KI2N3D_e^I^)*pgCwJig13_&YOGjvoC(? zalWuc$Yj8^$+pi`*dB?W;g%uO)yL1Z@Ji}ucE*8z^3Ypzr;net<{g=z+3=o&m%l^uoLgAvjGv3}GZS0AuFX0xWaj$#nehJM`zh;>RIvY?X z9Dj}kE62%q!y1pYpZ|26T(iD&Jimc8h#i-*E)1EMeEeK_gnkylTMAFwXM6mV{gJO= zZSnY7VgAAQM+Q>wTd~#cGoxe3Z1C~3CY&RRC%n>i4~%DBc>fenUGJmacB z6Ru6R-uoV*p9S!;;YmCt-3n(o8sYJCXd~_!;4?|*bw2d@u7XQL=5CjpgS*qPor6C1 zaDNfz0-Pco3*_}e>4WI8{5&Offr(D+dh45Cne&+JGPJ(k5 zYK3$?^`(3_8iht6*>AIc7SNt#eWTk`?qwnKvyYz>u{~TrWgIDjmv&~Xo(Azw=X_Yx zkoGf+gNVnP8}k;Qk0!Kwe>l@;e>61R2&N z{oMV5@$NcQk57@yL#6{E2*DN`W)zI`qd$`#K+IhN8o4l z_ygWncvA1viOCgk`lCFLpA|mf_zAT|Ezo${mfaUBW_-%yOUe66Hn>%tb4|#cP%pmT zdtlcK9Z9`M;AOxQKV_e-51e7>F{I?Zu!i^?sI_p=q{PN*yL*833G&-WNK?0O{o#*lg5Vu2=`|{)bst%$5wQ> z{Zq!}TzF~qWA)x1&ZX!EB&#pE-hz}oi1KJO0qJW)jNd0lJvSJdqBvXuejd(yDe9qr*Js;RF!6CEDhr9h>a?|e! znUn^x>nircJL6-{AtD_IvyAgUs2}QymVC(dj9lw4F_7y+B-h9D`MDv}2(GPv3Fnj8 zjYpb0m2%Z+bfZgK-}vh5CCzZor~7bU|CiisxEKpW@1O-AiD8?BO2n zb=}$bgv`@$!>&Us;QfGp^>CYg!u*eJMAxEXj!CjPHjx-ichB2aI?tG|T~5J>kXfMo zoy>Q;I4teXfYUe{ZNe&+7Z(avtRTnBrE%_B3=l(%eU{ z;(BL3Yl-A}MsuoiJR5edPtH?ZdtX)hL$qJG{7N*n#jXpw18MFi%KOmC5$;Dt65lQ? zrsez3a^oQJebVI=a534FD!!eu8G!Cbn)?;yztCx)@jM8m*XSDdLbfNEscyZk zE*D#Gr#~4of5NrteER3D*o{KsojboJ&!xNseTwvYW-l?2ln3WO4P)c@kNlo|?_K2D zzw&hwP3jj(=6EFU5!C&5mg}D$$J57#Oar*#=wIO$XzWf$wZxv!?EKrD@&!oJrR16` zv6OUgt=RM93gNa={$4?ymSvo|!o$6qavy#sX*760uHH{g9~Uy0Du3mXnR# z-JS8J$n6hjvfq$kU3-T0or>$n*sMfrkmkzsx!3cVB>SGfe_DTJ!!6w?Hs5T;_7C)z zhg;!GuJc9B(Ah}F!_f_#@nxs$uZ%C_-S1s6DP+pQwMoX8^RerQN;1B5qzy>Qcs68C zg=5!=gRy@IJ%{x7-b1?+`x~~JTYJ^Pxf5Nk9M4*RBU3}B3tZc;+F*YL>Vq`*8Ok%! zGPDqBe;4`mtGpLNrl$}02W(5q-R8s1dNE`M!3{@ikv_DVbv&wtG`A(?j_5Mfwrc$K z&E<2PaX{~1o0mdnv=8^%!{D~?;TFK1=EJ@HFt|N^xY;j<%t964`{8958S|KjJB9L+ zWT(Hp#{czrC}W`{Jsw8jeg@aB6F)oCn0K(7?cpw>{3(*Ooppxa^ZjJKVb^n6uY}Ax z6^E~|{Tb~;y56$au*O4Appi(P1JkyRGk%SBdX?)k6?ZB&Z=#h*b2Gk5 zGUuTyQ5KTxeY2}L+Q?D>)L{EpC z@|%v8Teluh0J`oHKP_hQw`f2P#+I>3gvkyf<8jy>vBH4rBiQh-8j55GS+^>?{Ity z*QQn2Y(u5Kj-MwlpnN&%jbu-?pL;C5jy@r&XcqH$<5+tg&hJe_GmvgqyD69chG##a zTE(&ZE~Q<~bo;HI$BSok{X1Nns$+LH>Wt(s+v9|XD8GQ-M_e*&n$T~BIf82oC1uPF znKKpV8-DL}jtMr9%S`Wb5`Uun7qZ711=uyl&dz(u-!jjma%(R> z*rfY+cpm#iaBV+qj?D$=Vx+k}DGxxy(Va-HYhK}gx2|q|>Up{l?&Ut*k=T}$+s}ua z{XYHMhx_bdaC3dQrZ8lN!nNr?y%WsaFyBSGUY1gBz|U-4bFjM~J6kVb^7F^J{R#5dYkhJ??m}_iM5ias7je@1NM!`OuiO@8aW7opN&|sXe*OYt=dKw{2c> z-R=uN2$@YP4xO;M7WGHE-o{dX3C%~dk#NV{;BeQuS$=*ps*3cuRiAPu>VV`p zNuGr#F&jf)kyP+e$h1+MEPn4A)DLOS!;~kYDaiUDoEKeA;ZpVo;Dn=8V`lJsi_vPN z<8#UnoX#T{9u(~vG?xU!59@hZ6oZ?SH=0Ui292&ZbInw^RU(c-KbMJbhi|em$ z*O_oPDX#cCi9M=O$d4=hlB_4P;C|u5m9^Es;bz1AQ*k8@-|$_(J4hVFUvC_wO-Ryl z$c1}+(^$P(?s^Y*6J?u9!p(*M=DW6HzOBS`myO5D>aDSHL$064b2 zdY_+W_w^3<`Dy82hRg+uJBh!){=`Hh&n(sT^d#ly`I)5G$PaZsF@0sobXQz?kK5(% zndrGd&6W4Kz2kE0m2>X@^X|Lo^V0=zZ-E<*dUD`%+1!1nGKc$Iw#-!_GXic+m;1!z z_~(0B?%_U{tqAUT6^DBk#y^M0)|)(sr_hbVMcd${M9i{P$S+-&?5;a;4-Zup~_{OnNeEc{i-`~uh3 z+j_p^cC-^o9KtY2Wlq?@{YL0q)ExD^#F+K$amqL_hq*@b(j#NX7X@oWW-nYlj?1{$ z0b9+D(%pYbGA|j2H(@eol5x~Bxw=3KJJznNYec+ z>+6s?4{kVW!MjkfS%%=Uc#iMR9k)OWMTwGo-m|DgTDbZRQ$aq~jZL+gV(EH?ofoH^Yr@9c+F+jeFwA zHMhqWuK7ojhLa~(JMg*L_rJ!5yBpugR<7fL8;)9V?HV@noR4S4md|XzkoVDi>2kjz zm*=?3ai|jk=U=He_t8LXhVjGZv3lErO<#Wan}>Vc^@*nHkF3d1eWd&GdN&Sw-Chj0 zHeBoPGkia(w=1#L{`R1JE0VN;-|>6@liv5t{wZXd!_ACZ@QeU#A4ZQM&AnqQ*9;;_ z`Q+O;dEuRhN<|XP4=yLXBV;aCahQ(Hd=x>NTXh@Hqeb1&B}k5gZG4x#;`9rN!+4il zypw%exV9e;!$#iw`4GA0K2P~=BuU^hWK%)HMvA3<^* z-)fW_p!TRG8iPT06{kJ!amObaN79`tFyW*$^95WxUs>*z*lO-=lr49dha1}M@TI>$ z>G~H=PBUBJHgU_Nun~VB_i$gN{3eoANWP*2&pK%zKThlSF@#H{nO$&gzg&#X&2S^+ z+TZUfZ%2~$kjuWSy*E3>t{~p;<#{7k4`CY?ix^BK^XiU(F7snJ#c`KYkXQm(aUNa~tnq-ye-a!_h#l zVQR~HdwG6i?+?mE*BkmgbL6-*(@Sx$;~A5m(|%WAtGVA({sl=o*g9@5=Y#F|ka>KX z83Na~vv0U>R>qw@9`1QuERnL);Vx?9|6U4tE|rZ#1nz^1TMpY3(aA{rdp+gRNYda+ z@%u@(zkOOR=5M5Ynt2v(IBH?cIBbU`81t-$`vv8nT<$aYl&?esP%osp%iQ(As`EHM>iTCYrJ2Rb-v_aI0!>0X4$CQTLB&Y+)pYya z>2e>Uo!NQ||0m6CgKNjhKe0RhH}-as=7x9k%oFqq8jl9{q@A7bv@`QUO0=C#`;@tn zeJDxU;WU%pDi()|dpM3k=OE2}kMdV2^>?myL^b=fX6x(pi^{!AN4e{X!_N-Zq}NC@ zHQ>@Uqv>31x}u>-bDRFb8Ul?%!_nw*#PSKp-@4Nrf5)+|-{^93Yp0oJaHYTH(++;c zrtzN~(<04%iSj2%(y!$GMzL4YI?-g+bFS@^wx;`A=2>Z`GhCbYV$+R&QD$#!UBr?& zB}lm<(rX*rZf#zkKU)Yd$A@>y5%MxK(##`1yedb?D}*=QhgahWd71Uo%u;w^H-NR^ zT!aQ7T`v>wGvTY#Oxf14`M~fjOc}3!!B%st1*F9LgUM?nJ+4%~ z{lN1XncdP%J-9Xwt*{YpCvwfb`sPG)3!h0ELf$bPJKnPG^I;W-?CxpiT;=a@Y#u}p zBh7t-@*=bXeS-AyR$JF!-Jc@Yq?s#xxSOyoDYu^wH}kqQbF+#=Fi4%FdPsAZr6rqk zWs}XVs255u7sS`Qp|zGYl@_il%Dil1&5D6lw0mlqaH@ z=p`igqvkep#;aU+-687(yS`1&;kZO`KgQ-O^fl7l6Vqu2s4Z%Y8nQPxwXHM0j&b84 z+zSEX#;?a^eVafVl~g={c~SXmc*f$_*sVvJ`zz(YaZn%kc8Wk^!zEdS$VeLR^vh~pB)Whrhd zw&%Fs!)-RvIj$A%75rECV;f)1Er9#G;`W5spgH%Od$^BMei}_f^8Q45K58y|Q_=S8 z#zAv)2B(>mGh=ZW+%~}sU=26J!&!gwdCs%fT6?Xv*WSAbZaQ2UFD^zOVpECw@P&svjrFdBE?1sU zF838I4&rZJXKiCNv00e#Q1-9x9U%N;VQvcV3+sq@0HAHP)k6>*H<4GtXDtXRvt*y^b_@ zBjr!f7pN2GRPAqe9Dj4+ehJqmSs%Km9eabZ*T==XK2(I=kJ#CH#a@2@H}nV6{!}eX zpNb^4CeNqu^uE{ZHQKjbZ_T|c)%*?D_D3DCk^ZO$x#kX`JQYb=Kt0pn)3(FK^!HsO zzd=8m!+E-8w7ukF`viIxY3{F-6Urr<0J^rnGheai|8}=IV@Z8nGAE{*#&B&MYGKzO zf9sQL?)8*!LnF|3_6X|p^d$GVNPDs8k@UM$O*^<@*Z&FFwe7~-f?RVq2oLQ?yHR1a z==pz_TaV;9ownZROiDEal)p)5CYz_|H_jl}+y<1JqxR^_)f_vuPF{MbGhUH(oqxFZ zq?(a%ZNJkLz-K? ze6qP1-GXjJvQDx*!|6ZM&v3?>GG5^oospD1mGd6luv=b$&9f*UY3^pqJJDfuK>p9O zO>BLb=hg>_?_Vw__r6rKMfrPLg=A9!RYRKFf^uhcGr9q3e;c~-m33$9Z^8YkW;a|L z-@({y@5S0Hx#ljTyb5hVg)3tB?JbED-^}T$<}bLm{uW}l8y!QMJN~R>GaD76HK^kQ ztiexp;#=sBi#Ou0-5;DiGu2dW73ChoCUiDq9;CU8D8GSrAuqRknls+k+}zoz<|4Q@ z4yorPn;NJ#(%gBJpG5o6w`k|N(dUhKU+mNe-HyZaQq2{LTccvKsobBrCb{Mgr<{Xk zqgo#%nxn*^bgmPJ#qPXVbBiBNHGSaPdbS+94X6-lZpOLErYFilqmb;sw)N~Ndn2V! zlYP=QzPSrh%|sR7rP!=O?;*`Kl^7SJ^H3!u_ql9y*P&Lq<5wNu?8j2gJh-;KHOHnC z>Mpj_arZo3aw_F{C?7qGbp1Wza&>#l$V)Z(D!yy6*?|rq&Fxj0b1+(n<|3JQG^^yq zcis@EKIr&{7jgbl+)uFi2^~S2+clib+DEb(jO6`S((l;#HoV1I&xqkZm1>SDZXR|o zqIF1ff1_NY3b94yQ4DvfGZxa^tfx~=@Um!qXoO8?v#d~ zL*AitIktA(QSM~#r(&E_2(Opo72n5RVOZB8er)S4E+?5Xs1nj+#9s8dk_ul>HT~e& z`tRL$Wb6N_?mNm^nQF!bWA`0d z?j6KIuF**v!~ajjEr7d7aetbb5cB*A%e@=ca=G|MlKVAJ#LZZhYF>qF>#3N^b-5XE zq&{8gpg2=U)5%=7%Y<7Phdc9sPkAt!j&jf}46>>?^O^#8{2~27z^RHR@9k7GUiq7cjlB2$MRLu3kMa)m zBifC09JaY!y?>>kAl1xQ++*0>%Xm0cBbM8lazAu88iRBkmbh_{^Ozmy23Dt<*WlXm z(mZS=zR!?re>YP868(V=ARULjuD>#Vp6$jnYYpofaBaJIT-pKeb55-p%XNP}lAX+c z%pAD;6<69@Z}!`i{SVxeX>Yl3liEbA14o?pq1$nIJ?ox|`xAC! z(pUq(AlBcil0!N#HL_GtfGxINX3h8vDp81oA@$z0ip?rifHe0gWq)1A-!Qq1p92kI{nhXJ4S$hpHYk5(AB{Yp zwFb7DYxn1fJKp^{HV*o{8UB)bru?lFYd+m3G_75@vWcEdKT)9x}v?=oEwHa^U5r@K3t{z&HI*l zu=2MbHe=CBq`9N(C7XND)95PpO;mV^aquy&Zyw_PH|w1Fs%{s#d%4b_{QVodv+L7` zBh6h%`FXSsy@hHJi$P5sf0wxPO6_mvK8_m?RJQT`8k?WduSjz%HelTXNqXzi`11?x zZ`OX+Tj1LGUW{!A)EQ~+EXs?Jq?gE-RA@^uVeEe+JZFq>W0at z50W&PJg22G>uGbEtNkr1PBnKae@A083(Z5Cdzf<4MakwIR2HSNUYNsPFuC3`EKYqW zK9p*ng=@#vRk5j$E=8JKKzSQFfOaGOT!pk@$6x0S|H}G>ibL|n^kwKwq`8+-?u8`v zCztC(-uQk-yRhe>;@?=GhZ~Mq@XQ`;+TX*z3v$hUXd&+f&alxa-cK-%AS zly5?JpQUbtWTmebPm$~E>Qm3_-6l|YMz11 zsXLMyVRJRQ7HRHc%5NY^o5&@;-uE7Mew#gKk>8;HCHTw=xVD~sip_WE2c)^3o3PG} zBn>0iaj@)AF_}+!h4D=w<+`W{KB1x%Dxi;0un8Tj_SJ$)jl0LHouI(Sn zVUvz-K$`m(<&Fs@d67tQ?knpviQFt?k6W1x_9&pMkmhcn{4x3k{eU{MA8&arhdXSwv(BrJTke@Y z6NDTzkG)08jdd7d+f|xQ6o~pM8qte4*RL6t|z$^`Y=ApJ}hS zUt)KpQ=-}D;hxcoW*|A7Q~4|5!{Jz!;x=j%+1(H9EOu? ze=nM!Wajdjq)z-_b8Q^Xy&&2y3M%@{JjKn!_B^<6c(|o6qaQky5@9_$XI-;m~B zcs=*Sx2AtUwUPL1k6XSQU+r(WiqAAv+*a81Mp;O6=Tm+b<)e354AAjyeEaeK=2rEY zPKvt~J2`GelWfjH-|>IVU8DTno#0e}>}o!9GhEw0)W9xhGW!_GHMbw- zY$WOS#Mu3(wm#_op)k#7M!{|D{24P6+lSDXNOM2Eoa290 zK$?47d*%V?G4vqP@tqRqxE0s)nRgWT6>Q|Vts&Q3X>VKjOw#8bu8ptwyVE^xh4p>r z1Gx6MeS?jD4zpda9x;*qy)M^2uhDxym0q{cY`}R4u1#|N<1piZQhbnzgj~>2;P|xHA;@8f?;F*8CT4I-h&@ zf$ewWtGNYmS1PW(?s3t-aK&R;hdt_#?uWDWQ*#U9eyX^az^lYMT00N759Pr~(lgA} z<$7&J)~y%2`?Z9vxfz%E%y)2YeYg|b(>UH!JzTk;eWuHmbxm7Ot*?^ndS3+hPsNpb zCUtC{hb#5$X_qVaBkXU5wXoH9Q6Xl~Q)G^td zfe!bf-n>h@V_j!2^XeV&bUh0<^KpI!=%y;zT(m3ETtLp@vGq5pBjuY={u#WNp@98H zpF1{rm-}@^G=6CKz_aR;X4^ytz$vHmh9#A)4Y%^~dr^O9WAhYh(m9qp_)5Mj`U!oH4sT5` zU3kuQ4)rO2@bUXAa<8ENEA9)Kj2{Yl76Q5UH}lyRcH&t%?s9(*4+gEW{V4HLe=PjiDeTMQ!NK)x8 zw8{5*ANox^D}wqOw;f#PGvncgBNn{>37eXzHqzW4ly5$%5FZt zzZkuS__Nk7`3uTNQMs<{QRKSJ0@f2GF54LsNeW-@Gao6AcU&QVKi;?^2fKsV+5WyZ z{Gn6=sjE7U4fwn{lGK)5pQr8d(fxh)4a|$LjB+!v`R!5m^w4o@ZZ|&f<8mvujK7b7 z+m`76Vx&Bk^~p97M(|ODV5MMd)Lc$NKCf&QJ0l z=Nh!DpRkqlNS+faliP=J5L}z&xJVoOiUEcoh0Ad%pjP#iY;fCR^pyHLe zj`I>~fi(AV%A3#uv>Q#!;~7{*&U;qUUf}&>@GhE(e{r+Op9vd0=bRpN=zLbX| zN#n>*)SsB~KC>?l_wN6Zn+G=`Gur<>1W(3Ok9fFp|Lik-CaGt)#F+Vjjf1|=BK=OE zDF@faHy>Mx!wL^~4dstq?oj&b{5b0^5?_0MDTI4L9DlcaxTorG)?Gf6p}4!?iN6Ot z+~1|#(}~0Dl^9cS!uQ_)t>a*Fe5Q+vgCAR|XBEhGeMqBR*X2I7J|X5jYvZfqPyqLq zIQ};Aa8K3WtO-7I7hLIE3en~8u0hv(xWg#lj~1diNcO#CaLq>guV!xlrN>!W6FDEk zwaNBh&td!D^j`(=mcoaZ}RWE}rl!kre!-#a|qQ}s9dKGvHRcRajTIj>LhaOHg^xvsymPv%5%D2Drl;?Bi(Gu3RN zhx14E9IJAO<4it-`!C(`5SJnELD z{AoV(rtzTI!C`T?wWsX#S#(`nVgL!tIBzZnlyzgC$c-iw`csl(F+;GH#XWhEo zS|08tC&68GS(KX#x75{9ZfoqNzIO6(ucO=-NxGFhp1;EV#tmWm44LuH4=^88TpNcO9`4D+LAW*!`EZ|!6NmX8?y1Hhoa-|i zmA^I)PkXp06Nfid9CG0vQd}E{wu5* z^9<}W;@Gb_N&8IfZ^qt^OV?v}2u;5swq5%BB%4Rjx9D@!muEY49z(N{ z?njo>hYDAZcQRHmpXhQtcPX|y4*!X}J`T4SZudCcw@-n)GY&WJb)R_zZa5MJ)~Mlq zgUSz#^|#cmTwg&CqI*z{LF~t1olU;~(QlmkAoB^kZkP40&s^Fy$}K-gY*=5oEtb14 zJK2;P%$gPIg*MG(ZRawFJ87+R|BvS8Y~_00wNY+~p{%WOjtY|N_?}O>K9baw{AiWq z=fj$twasT1!?pFS6*iZnE0E^?O4+8@hdK4kJ6_TCEPDszbhtLj`#0al?tPTRhi*Ue zukYV1cF)s+&wb`IICebs8TR|ougLnx(5Ym~aL)564V{DZe(~f#occP4e(qh@p<=it zx*gB0i|xsBE4W;FPLAak?(~@kak$M-fm_?<%KmoC&Hut@vf$cw>wRCW#8cvMs_%Y$^L==>-ZMHy%28Lt#_~B=ey_wkH0%8??(HP?6=kN9q0P1*DbQX z_L;76xWAnOH#ZK~eB(3Y;&4lih;0}D$=@gAaP#0UQt>?to{YEU9TU>tK0eLdCV?pmeU+ zYkwn-y8oQaeKq-Tcg5kp;69(;`g^L}0=P%u+J3w<-&M}*y*+Vw<0|gY=d*j!-SuPR zFwMQbrPo`scd_npU9?@;IL!2LPu1TXxaY&Q{yri;asSp!9_}BMQ%7=b51onham!*I zT8^9cx9~fk>8-dIVnYp`AkwD4_BCyg!|8VeUHx!fg6rkFt@@+?qeI_ z;mY#_X7Je)=wYPW@e0*0{&G1vdpWPewd2R7*vNI$73A7q*{8RS&-S9Pkmhc3xq4kE z_j{jtQgMIAX6UCp18`I<_wmMw<_bQORFi85IaL{laI$qG;QXt(>HC;B!?md!w$hIK zkV_MG>u=)il*c1GPsqb=s~f+Hm`~wnvX5adx&EH7P%c1{Hj>N!>Pn#>qXR+{dty^^1IR&F%dtdlmTXSF{Id z?qSO<8TB`#*k|g(l!=VIOy?V&QCtmL-{)h8;Qe6 za?Sm^OQLz4&lV$jzLEB~)Su4r)9p0lkk8x!*Pd@*#!mXHcRk$iDF1|xAa8$_JmUEM z0>yBrC~neNr#+oXuKn%WhiAY?4|97ylO*E2<}m%7}Q zmbRP#2`RGblfcHlhNgM zmAQ-a8;bZ#oTVO&bGfpQ|9;os9OE~S!p(5G=VQ|fU5+$&7UgG)yigx3yc(^tibw#cy7PYtOgKuvv#T zAkCHY;xRsxRC)sE+jEaUZu&mJoRWUCCJwg@w*Lz^e45{EQE_MsuM6tt;SQyICz5o- z{k-G2O7#3D$4-*2zk$>J<~zlmjO}FB&}MnKQ@IatF`q3%E!iV4+$j zUeS71fSt69EgtS)luw)J_!}aR_x|gS1ET9;fzp0cL2=K*W)yX$7P*dZZ^{FZq`~AT z;-;tiO>M;;h0Vig0n*$e$_LS}={Z*h?NtGJc1 zzYx_!nmeBI6tn=%Mw*+W{O#)Y59ww6=5x5Vy}gFbhiEg>+?0D*zd@2d`0K>imkP@I z%|5uc|2+rW#?K_0i^(;22IcuK_bKvR&TroR>(c+)4s@P3q`Br?zbVr@>hDBs$Te5q2mS<~NqXMHl{P0yxc%Muno53i zE?hf~lJWOT*uCQ6Mu6@=Px3qZeBn@I=f7dN^%Pg;eXC&F=SsNad`6(rbTaebbhwwp z4ZCJL!nNnO-?1q*g?$A`$5-labv|o? z>LI;OILocS`neK0VZRxo;vmnJko%?Wb0usXPW8DG;VQIa#g*quw8S6#TnWqlPtTQD z?E0(6eFbozR@`QB~^`Wq;-@L83@?44O*xBbwSbzW1b0waP zGp^37<~KXw+WsN(TnV`Lxe}K9pPnnR$>r+jO5~^c%|XRo1oIWN0_ixcXAZxE&m?_M zuIGiep6PjE;dy>j^7?4~?aBF3?sGrn;r{9}g_|-pcD`=8dR&rMopub@rgrah{}FcQ zBBs}NUY$Ig&!?eBkeyo#Zvkr|kyOKPYQVAmK|1zr&_E>La+%X_lw3x6J^B)TiuCah zuQ~pCX$3X?CRcG!yN|VYbQRLvRg}L%zoH*e47c?0`^Lky{pKCGcAnDUerLU=Il1Px zzngar^O>Zcasn=`r;a;!&{g(gBys3|edo$%s)_EkI%syvR$8XvwZcUykBHY0q zZsuaz7oX)IFLza(cAE)zyW&p9POk4i=;2B~^8}wQM@x~8!{IpXs~GN2ifjFS)5HBw z{uajZH{(LTIqimMJ+u4B*Lt|Jk9;ei?Lgi*?25z9gA{Ca*fP;tj#BkPz`$u;+3%8QYte_Pj%S$C=LHzQPi zICnN{@XQlm^l;yyT!=nJ-uE>hiF4cv;7-6_+wXjdoz&mm@SB-z4 zojyMl!2K3(W0$)F`#tE8huiJ}+61}@^+H9kg)hFgcH>)$MHg<-ilp2|ep4qadfc+H z8H?s2?e7-K2T(#TYjNcIxK-dT<#y!amaMztNVwn7JhSxdS=`4Q`pshhI_s| z+)b1}MPDNCx@_sAj^DaI1Ty@_kH41tJ$Ax9Os@Tv^a zn}%v384HPVUA5#7dNxE}P^u8g>lzbe&Yv-w^wcp$T zHyp8Wo(Won{T>h3{jsSw%ju8xn6dOIr@w6wjB@kfKB)X1|Cuqhv2BF3znPT(VAEJn z@~>IT)7)us+O28hH!I-Qa2*PYC)eEj zD9=WD=!(SH_B9~e=@&J(sDs~3R^0PArZTTy?cqA#&iQvswb=8dtrKthqsOfn?xTvk z0p6RmfNdV`ACwQV&L`=#xv_DuT-`6`b@ZFp6xaG2!dAz@@znYE-_`;2x_my|&2VkI zu-vo%3vNt*0C%tAR)SXtWq7!<5A9|?yA65!nTBq=(A?}!ev^39@&0z_S<|N)2hGia zdsZB739ifhFWg+XbrqM}&`geeS5F-Dal4k^(e1+42kmbG+{@wG^Y439rH5N4ng=}G zm-y^iK9iJBuGd*CSL&G^k7aiDn=H8Y{QEjKGOu3m;r>ARn0z*m^#`s?Xn%XT$4##T zgs-GOQ(Sq@u^-zI((%1@cA^RMnWO{E>Ef+7>GOIX+!s}RZT&sp!;JvlfBvmq==kQt z-4KUc>wn}H!2Mcr>%wb=x_Y?xQ~u-w_UDnyc}T}MIsf?aSbnD8{0`UFhh^ApMf;GB z@63mJt|VH4UO<|g;c{d8oi2WJao=ct*osXN+J`jvtofYtrt(f^@)}5U8@m0vym!N1 zXUy;FH&?^8{?6vy)eO59NOK=*$6geECdoT*)%EwE^YOKeOBGk1U(}s-!nPi6t$JM7 zce!%j)c(ffX2G4RxYxkD9ZmLdH&fn=j-sEDaOL^;-MOD;r#o-e@ipE3=4BP%a*r@> zLKh(&hpv>fP=DmT|7DWf-t_$$d2ruV{*JkQ3jg6JNEsg1##9Ri~9IY^373y$6~h*?M9mW z(Bs@+gw~_CkzB`Jd_Ff~AHsI<@$=U3&CG`t_cv@>J;6OdNOS8hN;X%czNjbC+^n_7 zub*b!;x}#K+J0vdHfzy-q`7mS9mXO?sX+yAIxoj(_3+qo?@>Y z>VY)3?9<%8iZW3!MI{2Y?Bj6B|XQ~R3< zcdFvbNL2dC6&~)Bo080Gt~X2CNB?~yZa&1g-Ft3@}pIbzpgJ_dw$Cp>o-3u?u*#Gh2BM)`v>LIo^`kt$k(vvr%Mwj z4)#2x$5C11{pR%k(fV5%nCIXQmQNO42hU5M%<%^gGe9`qENk2JTVI&L<;ITKme zQrvuOBo6P9YwpjK|3aOHC79EmkLC7?<8S`mesh!JhOiNCP4biFX2;ArnF_OPMiJ6!=1#t$9C|UB)NYwUVYH} zOLO491D8V^Nnc}IZVA`HkdDJr%I~7j&}OtagZrs2aQgL0ZXD!&O8@wKAJ@EQqPu&(h>64fTxV4Nj>KjjdJSoR%e_GVfUZPsk=*~a zri1hRpT#a${I&bF%nas*Jm{*18;9Gm8G$As&7Dj63G@_yK1_KrdJDabw7)Cj%rC+ZGLBOIevM73eAb4L_ICp1d1yI$9?AJa`Umm% zh#OzMU!ZW7-)vL*I=}7x)&ZBk0zRWF1HD} z>|@NL{#supm-&#rUJ;(_H#Onfh4zpLIu7>U!Qg=hibFhdj8g z;HEq7n;WoOh+aZEzFS@*?&uHnBPyhis1at54#(}VTOZcX1=V9u0ob!a=%z@j^^>;HiU!&bfb02+$ zeO2gP^eP&}xVm*qC%y%49BTfNVC0?klG2~{n`Lk_A|>9fi_LDdA8GE@ud?2OMx()K zS4YNYH(|tsB^J2-@0r_q=doKKiWjpV18&&mPQhj_dJJjq4$9x560cDY$@kvH^OJ`= z{%&*qm3n6DL+0~-^9fwr@1$Z^4Yfs@TX_X*si+s~DB^iXOJ+FzWV?pWby8WUJ?M_3 z3iJKufbus7o7pH2Y3@$Sdr|4vxz>c5aqVo$Q;xrTmA~ok`fu*b%mW5S<4_)(I;bns z+?FfZtAOU98R#e%Q@ga`{qeN7zPCE#b?MLS`NFL9n}%?0yO8y>HQ2p}G}jG(Bs-b) zvvj!a;oAE9b6R5LI>;6e_j}4mkfgrJvFpmVE$jMQ1h#v`3B_wG< z=lK1ZaQ_+ayx}+F6!$!AFGQV?j>G+w=c6TP5z_O`HF3rdMXT6PqT(y_?hmjlM4B6M z)cxm4e&MNjgS;B5uwa_I)UB zskgZH`XKuR$ThbvC68Cn^!%cDo!@j+ z+?TL<1HFYb_vQ~0%_n>&$-eiyG4uI6&O^2x>v>lGdw$bTalgWLFWTqf{!Y2n+YZ-H zp22%-?SABV+`RS70~Gg6Y$~IwNc)>kxdoCW?`LUTHU4~)Q*tC_Z{WH)+^}1|99ubV zS9-WNP#)rP0yB3B7}~zw0kdG`|RUHT}=~ zvBxbd&T-55nD(ap^<#H7s);oBR>~vLeP{yG?P8eA6@TscA@>vRgW$S|9ZzP_q#njD z4{5G@Sj`eXzsWP+nG(m}Lb%6N9A3umEwtIgmHFFGe0BuM{7u*2{qFco*R#w|{if1w z(Ry~q8thO8(*EwCdrpLG&h&>Li99} z>lgaCl^x@()9U`L_-pnN!|m=Km{+iS3#Dv`%)uKY(!nQ#B$%<%Ck67;x>84Ip=K7@!h+ze+X{tubntZ zeX#o!3Xl2CdACR7@D6q|E_t6^`+M4Zyfcr_B+0lWIg9rUbo=*lNzPwfA5z?JvE7dj zdbs62PBvlG95q6-wi%Ptf#*}^fqgM8Mpl zxJ|K@^F?cN&ApoPjV@RA`|5UV&llpa9j6w;U8%SOupNoUAkCdmc`1^#oIKunNXH?o zRKR=)*VeN)u-S80x(3)M1n^DjyxMH&gwNJ#KlY1E3kGcDeH`Y`CY}~HEcGaLZrDzDVO=o;npCZatCX26P$iW$2ZUU z6_e=;nAAI>?VYfIV{9Z2oyawJH04|*=_&FPaRU_srUP7CAM&wz8@-D(cRS^M zNYWwlc*jkz!(^TnFgGaf@7PGYDDinLw*uw!k)-nX;bW)Bkixe zuVX+}rxKmaeFk}OhvBb1&$oxy9rg5Z2T&f0B;83a>)>lz$JPf~M_lau3NJOG{?f18 zaa6*$31%{O_aW`?w7NW7gwGyB-to?wIOC`sxcB34IN}Lw0N8Cp+mPmdx08FDP>V0P ze-Q2cJi$z1PmjD8Bjdg3I-*^-&#Oj1skm9#3`e7o=FXw~6q57;dA$43^!1^_w19a{ z)rVKGDL|`{=042xem>_jNwSVO>ip&@q?$IO9p- z7Bb$|*N0d#`)B-+UOiyGQ{2~zxF75NBy;+gvHt4)QQg)hM4o5pUDwduT(~LO(c>0^ zR|VDZaC=eikH(`BNMFy|?$!rc|Fy@h`22u58?LQqldzeCo<%yohbSLIWxirwh;+Zc zKVChn888i%ztyp6ikc(M?MeA|Bxy9cwBx*RY<%^6$kYm$&dT43*gSw9M4BtlCwY|5 zBwavr*8bZ1pyvU3a0e=XpTzcM^p=PFG38z8Cv>2^(~i^J>zi^>Q`q9Kjc-BifSITK zJ&K+9ds$$!&oO3mwcSkzDeckiCJTKvk$Y18#--QA5JzP5v7>3Pk^f1!L zt<2ZV$5AKL1l7LJm|k3Ok+?P<>a0gq_%p!_bx%Bb^#bM(#T|jogJ=$l;eG=bU5T2Y z{nMk|DRH=k4Fl$k!O`n_qp*?t*e8=~uH47|BA-dRd_zLa{qf?nBz=E;;Y9&c5pG7r zf_u`imFF;Q^l;DpmbQ&LqNb>C3)ZFTIdRzT`YX>7Y2r5AyhZ_2AFhq>U~IlwkZ5wq zwZCg9e}wj+FHr$wCfo0nb?dLh_a=9qm3c|Pbc37i`uig`f1$)(vD}v^zlFX+AEUh2 z63l=*9e<~}^$T* zM1HA7z}ypu+xCCtW@H4+BPzZ(!5fXnd$_+*F8Q6~Z*B5TFY_K|Hbgr$!TDF>n`Dn$ zn}B&i`Fk-o?Kp02$n|l%f$~5kX(ai-#eqZUq_zR`rt&ujo5g4e(%i51Fos9f_p<(j zy02y~vB5cR727!TLh<(^*Wcn!0dp8`y8CAqV)Ml3iRMLe%`N>s<5W}^osSx`uDsVB z|1NjygS3myE+=qRz?2vge8c?%W-eU*d?eK?cKYAu7YZg!n^r(1ueU6gVURPlg-S**B)*nEY)MVforPs|t5&8RoZY836)lgB#!gm6<` zZur)KS*5t+v61*rBiG!cluI4LPgEW?pGk#_N1nP=( z9M1cV{WoYJ>VvvmlxQ-_rkD!*c=x1xU0S%c-1rtw2$;%>I~|+H&=W{=j~wB+{mx!m z)B)A#kz{gCbNp<*&RO>qZgrO%xIbW;!L|MG^VqCF8Wtc;;-1yF-e^?<#lI8`>Mz}SclDQ9?h3GY; zxexrsx)EBBR-(l@?7JH1)U$@~Iq{v-pZAx!{d(4dfY}2#%jN!o&FOzL??IZooAU4I z0+V7YqUA5K|BilK+FLWX|7{lJxSj5Ravu+v1op^Ue;Z)a40S`A`^nHG^8lYMLi3Rx zSC4X!o18D~dUfs-0aF%k*!A~)Y>H6jgjjC*#1zvM^+H|H_A^*lp5^#E%WZG6erDGv z3l|4Wb+}nBcPTdO(H^AzZJ(54x}uTjb~KN<>?U`-zTWj$>Tk%czj@EI9tGE)hw`v_ z1AU1!w^eeA>5PV;en`$2Wp8x+tuWlFzxq66UI>`>Dh{`oW^WpHOOWR7pu8LXj*5|v zZ>D?P^mE?KiviOUZiX9&QYk6sT$F}1w+H2ZXfhfjKdTmPZ+%^^^k?~EM9Rqzm|InR zXJGRf+AX&He5KPaOU^8jVje~7&?*%EHo;VU)QLlpyAC7qt?0%#e|f-6fJ?X{DOfVa zR6#Y7<{qH@JE~YJ#gs+MxsFqt^?Rwm<5a(1-sKj&9xzK3w+1%#PzKW6fs}`%>F8dx zeFSS-tf>k&{F1X5M9y!6TyFLo0kaOSonI`#rU3OnEtY%Wj1-enI>ih?J{k%r3YAHxB2erkJ*<1JeEuq5LM2w2@rb2VqOn*U54|44A~> z(RTbXHb0?SzF6*AeqxTgppIzPo2*H3&PeBc5x(6yzsYm|eslYsz{deo18xP^-#OS6 zqB4P4?#y6{c?$i74xx;4iDpX8-C5 z%A}Zf=vLGl$@_I1y6tVrdrm*8uMZV}6EHWyO?UlWj?Mchm2;xzrj(<-pf0EtT0G8} zcG*t9KCHTPo|E&%8Zjb;_Xf;V#eEr@4e0bUW4ZqFDdv21J?e-wx5oL$b2APEOdedf zdYHAeqlbI4#{^sLuRK3}GoMM?P9Cp5=y7!++!b-SU;U5VtRDlW5U#BczrahWKpc_w zH+)u#X@Gj5j%fd4uA4sTw6`U0J(KGUSN1M?)r0)X^TokQmpGN*NbFjk!bC%-Ddsj=G zlVXBMbL&!Wh1#Rq`(xMpo^<;&eVrlu7uHJ@SDvqOEw=rT=H5^FG4vEFKau*bu4naf z`?DDCuL09habLx*0G(4Ymb;qrm*`J)5FKSbsv_eZX}>w^o&G^{bAJz*EX9@k)b44Q zXnLF*%RSZm)QaE^Q`{RWGSuc?mYY4?r7WU;!TOh^YOJrH=z2@$9|1E(afiU`Pdyv& z;XXw9X(VYG`H8sce=?qgYumBxH(H6^TBMI#1js)h^SO7w(J1$PtlM!G+^hRVxpKXw zZQmqQ7m$Du1hDTMIQoI=*8l&qRyR0@Uj~ z#*>xY{e5n`&~eEBD`0+r+b-e>*POBW2>pmOH?wkz>4_$wVQADC&KE-*f78}G{ez4j zD!b$AViPn+;nr}u`PjUTzCoH>Bh2_0U5VPEVcd6M@5A2a`dfcM^g6mp3YzjGqy5=1 zY(DCmWX6+g?gNw`Lz3jWQ!~aX}y{?3bhBhE*qf~LRXK7ftH;W2W}T|xOHBX`A>Y!=|OWp+^{%8Is?1v=pv-KS5xkdhM=2x z&&Ryl(RGc$%g%UJ-+z&LM$qJ`I84B9H>y!BmfJlo#mq(9(0Vjz3FrBz-1EfhRAb{*}ab!`9e8rQRIJquR|nnD%d;mjG6s;8I| zNOR>mi#?H~e|xTk?jN$@?onJHyz;23hufTTd(;nIk2Xyu4s#rT54-hDbF2mF6|G15JU_slZ)$G(IYD#QsA&K212*RT6jKRl?#GmOqqA$^bAYuS z=Ep~nw2KukSN9L;RfFatxVHW_#_mcq1ZnOsloM*Q{)9>+?XSGUNch^{za{5^`zX&2xZ(p-6tT75q2h*~1; zZ^d!W`keMRyGGF5qx|iO%|LV;(p=f6JD$%Z-A69_D(v-GiGd`2JvO6e&@58^&cxsuvUukBh6Xvassu2=2tj&-ghRyR|{Q?^!FT0c^sO9rXzd2 z<#{UW-F{GyL$hlKP3q_<_i=2Nq3uX>JJqHiL}SnpbcA()X{?cDvCn?N`sg^{_A5Dc zgXU7Ww%)&u&3d#EX|A->ulY<;cbowcwdx5xHZx*lbw2hELeZ7ODrU5x$TNFNt^ zF;fOrLOPzUshg5A>jljn4kt&-AA%J5>Nvi9FTcjrWc%b;U!?v8xKFYO`#a;odF+eh*ym!O-Y94`DEr@70~7VC8~gY7#))4x>u$x^ z?^O0&(ler!9{Ykge?QFMFKQe#2eA*!!6%J+JSlSgH&X{}{Vd02=m~s24N1C${6zaL zvM&jmGsZ;6uMc6<^$ng`2SRff@cAf~5Arif&u~wO?w1{E?0F;?ZfnKejO}|Du(!nHZ-X~^uD#1$$G(UY zaZS^p=?mBPS2c5!;`-YGZhd|x=@N2z53Dy1df!wI+zJ05{4Iw2#Qz6>vzu`qfotan zzJG~Bc|Nb|#zBsoem<)`ZgT&-tq;X;zknN#M2@`_*h>H9t-o#g{A!omi)Zs~ixc0e z{iEEROM~V&6D;v32*s;s8GP=oXFJ{VjPAEhbH-O=qxJXys-9)TZ3_4Qx}Fuo z?eYJ?->eov-o5pI?{5*@nabZv9P4=PxE7yZj3k{*JI>4qnx%^CeSfQrgQTB4)%Uj+ z!d<7h|5yHIv<#Z>RD9b~KjnGpSG)E12j{Doyqs~tcs`SKAGxe|WL1ehSIYiUP8E@q z)hcKb$0e9d+L)w=uqg@aF>*n=+!C)+UW@dY!?xf2)40ZbS4m$;0`C z@-fDQ@i?C(Cz?DsZQ(SIc*FC``TZm4D3W$+zh|#{%q@|mVdP8BJidSZo-b+pmAuP? zW+2>f#DcY&0f~|LjlouP<$aN}`0Q!45N%3}#;@3I|1tB5wn4K>ahGAU9qmM#+qr&< zxe-YkK`zhNYsehH#!zzM+T)VlfqoFKJugng=AvDRW+u7jzD)UDRD`x7eY}(ZcKEu# zD()CGv*Fr)#kQq=*lMmDrbs5|%y{QTJs-^K6f}P+e|LT3`2MqpE6*wJ@`*#2=Pkyo z2io5PxYfr;uWSAZFTFvEX^6DHA5-3qBpoFmS1o#7)5dtvs)T=@=aYVQ&}723=dTj% z!O7y;GUdoMw=U%-s4e<(HEUe#U2WaciE9NnzIr_){hFZ3gKO*W)!2tGkcis``5j6GTSpV1_U|Qi{8>Ic4-ZarLwTdKJ zZ;3bV)c$3`?E=@fgInH7G>!401+rY}r`u8PhN@QPUNLfAUu(x{2c{?IE9LJk*o;8; zAkBS(@-nmc1wM&-j_7Z^%y+hd^(} zTPhCwu=x`uHj4GP+^R%#2A_q{nd!0Zwo9Bi=|Q>i4*1 zXR*!;*Vc!hv61)ICN_@c`Y4};Bt3J!6NhchnS&pSK8HZ}GetKB&3MJFj;-_uO+DOk z7bTfaF85k;9S7UKVz_;R<~g`FzBgbq3@t)B4wWuRF_)sN&=qLS^_(BruYZL5Siw-|0~xHi5|z>|9RoQGRL`BNmRh_UU+KqZyRk~|A2fsE+IsdqHuApKBjh^1?YN&k)WqS+I**)x!!=^h>$*Oe0YUSS z;+})8ypNE_WJvJb!inn}18t z6e)in!baX({g{U<&!PRp<)$`0al6R8mGy)P(ec=s*hs(Ah+M~EEaiLA67&=rbSdX` z`ZYObv)uJqJ#H!*6f|Ao+T->HHgeqFC)eD)lz&5#lAE2_-~8KH7gPSGVp9!GM4CI} zQm(V1&1eIX=L*hS!x|v%IKPRr|EB@#5MQ|UEOQ9sF~x1toV8X&YGM5V9=DA7;SGg+S6~LOr-rCNBIHtEXqSi>#={B>y5Hca+Q1B^tdT|R?swu zo8iV~6*i@>U@f>qEVsm!DduN%B$I1ps3;`ZU3O#aRJ;}irW?&X&2XexZ^0_k0i|} zm;Fje%!^w|cmnuVsH33U%Y!9@@!X(Ta59;_oiEp6PvN=AED!1K0MG z)v#%d+9Dl?TPcq~xo9dX#XTXVvK?-&J1)`Z&5U=0CKoPUQzR|KW+hsSH1}J|Kcd9$ zjNiy>v|=v;{lVTn3Fb+cTlFJj2D~-@}an-G6HEJ16ot9qz4gZ7PQMH!5+RGp};TzsYHo8=%%m)`#uAF)OGGlENE; zJj2B~{<5~xf#2(a1|xm^U!%MZZ9yL(S!W$p9`P)OVHa_27TfJ}qw66B@3a1;{QEV? zJvP`KL2|TR{}O{Co@t7#Z^j&dr_}x^dk>A+-A(Xz1;MjLDNWa%VedP3sD=Sxicx}qmR&g zXx5Fa;dFJld2zVeU$S1WxIbX?H#+;qSne3gv(YNF91R%7d4+4)GTusVbiBXeuesi& zxS?AU%~#kRLfYT@eNs#()C;Y>p1!1WbltM_cxOL^95)-^jBkSG5yc&f-9+>#(%gfT z|3VdRVs8Lia&h$jvW9WE1>XkEa>Z?g&E=>c(%iQxe~9*?uaM^Uio?y^9W)=pwdd_K z`Vw2z6lv}v%AcS=&`)UbMCRLWJuADxiSI1V+qNAS?qz=EJMph;>hVj~k3mxd zuI+a!U|R=eAk7_5c^X=PW}~B3qU)@a;>5S;AnW;xy9}F^Xf4v*FDMtIKat#@zMa0T zStY0bE>YYoBj1QQd~whWg4@n5pFV)~9&{ek+$EG(qi@g-w48lov)py}HSRdMZ`DMT z$GBBe@y|i?fQs+PZxSN?Z!xx-`v>LIZi)84^1KZ@PL{qwl8$fw;h=c|uGF*r{H+kS zHBoP*xfKR77DaQ=G}QW6o`2Q6gz0`^2~)s%^C&0h=b7KwdRF`=^;h|OX9xCFt>if= z*lO(|+oYa&TYxGo@Z^zQrBaZLX!XfB3p>uE!5uRueQ{=SDP z`v*~%P-E2WY36fFo%7g$IQ?N>Lde_!SB_66puyNoMo%Nnt#ljv!caEqgDNuLXvac# zA;)JETv;^N$0xHy$jpRmla1qCY)>YRh1kEY;`j)5OVJ9X{n|qLYjhZ$vo6t$qd%S0 z#QDC5)i}eppKz&=`PBWs;@jWYmAak#c#!6{qudSkM_H&gV|6>;+UB-P{e5#z3z^@Q zzvmE8sgJ|3)!aKNPe+nuymg}E9zH!}%1?EU&k|xh2iqlRBhuVPcd(Bh-HS$}iqG;q zt8WubK^>m`(U|-G_+{;H*cUR5;M!!5&r)np=J@1c-y8dY3$WjJ8TQ(*Q~kaf{*W0B zx3SB81D-tpbG3)Nnet8~X$$?rfY9;RL4W)x;h*tZAP_Q-DSyAk_7_wtJJ#Rkl-r}5 zPw36k_0`6|BPyf312GwF*;OyT_k zk>6n677Cd|a7(%6x3Jlb(g(+K_fk$8!tq9BQLpouJK>D*j=JmTdY+nBE@aNVFFLQj z6`Qf>E~NdfJd|-Ol5`Duy!$@pFt4`lD*vpIX$jZHp(i%CqC1f028Yp>kfb)`@wk8W zk8(|=kQoTq&b#b9wG+0Q8v(li{M&lJp2q~>PE!6}1y7D!mWSJy@>nEk{%~jhJMRuB zz7k_e`hMTc$|18*aVKJX{ zj!ZGPpm)(qG^rZTu$^_f$!lA}WWDdqKXv`hN~b>DALS;GN-<$n4e9vyYr}o_eAWxC zY38)GLgq5^{Yx3A9_#hGdcu|Sm89j^96&!I&22WCYf4B`FLHSvOBND;ZIb&M=S6;lpIsC(qZC*6_}zrv z%}8@|T&9>!<^M;^9^dZ>*R~6DamdV8TzRhZ9q%QX86Iw);y!y4+$^}S!=!y-*e5XEuTrsB$s|Xqq^g##Pdg7(*0L% z%aCc~@l)Pk*A3hM#?NASH^2)=JTRsQoLkT!r2Sk(c_n%utw#E}6&2lnK<>}q>4q@t zGTIefdmfYiTi!E0v%2%V275i+{j-tmWY!t8;Xb0i|Gt}v>HK8&4n@B|u*ARlyu-oh zp78?gUQu?t`F(l6Z!tO5$gck-mm1G_5>-XIj;He-CFQmbnGek|_Yc?P_jSCQ zQoaI7`nTs*>hp8BO~~w3+^evi@J^EH>*3~5e!%6mxoNs^yu+jh>g78 z?get~?>5RmqtrWzBbvuLn7tm<+C9EiSO?1!BT}GU$aI8jk8cHRB%amCHTM$A9g!sO z`;z1NTLgC~TzkH|2HUaJ?>-)`%LnF}bs3Ye*yB>Jd9sdj0uKyHv3YkrcI}w|qdpYlu>p1MK&GYE^>{TT9d+Osh zD2~6mof!uz?wis8v{%*>Dp&WOhM0&MO;Ly`9P zGs-n4aL*^Y2I)A=YV554#Bi?-nL3I)1e>wwPNcaDD8Gg_qIZ$@w__ZC^SgyiTgBah zjnv;?$ThdzME1y`cBlo?+#D5Od))G_3z?e~_eyN~q5(*A=Tm+iZA5F3=FW=4E$kUG z6BTz0HeaJ%NOS+7T<&hhh$xIScX1qUPVbO;A`bULY)_WEDh@aOhLBkuhuiuTxP@`J zMOh)UI}W$UDR6hi;pX-UnNkl#>u)x^d(adQ_esjD(Z}dRq~m)e4mZ1R$W&I`o!Cgf zvxi*A_ZP}@CPlil+gSxLpV+xat4OX(~3K_h&86Gc%F}k z>wQ0s?$_h`3wM>`)__;>GWG#^xSc2uKx5EQq>o#}IR0i23YpDuxD&9|$L&9H+r{A) z-xe}^;&A7l0=HKjZuT7^^H&`1(o^7O$Ke)dhfJB=X#Zg2yZRKklj3l*hlEVcINVQ9 zfjch_w|HpCWW?d_I|c5NINa>vA=5n$_wQ5S7R2Eej|iFD;&98{d-C;cTO4losF1lk z4)^?1;O>pXEgl^*^A*?5Lz;THk&ev$N9G|%{mvZMwqeP2zi!5a%*$}?__qbT9_U67 zcO2!(XfApX*?k4V8|IF8*tYY}xt4Bb4YXRO@W1OMAsqNXZ2(UXZ@s^yAG=77X>*Xvp{i2 zV^ij0-cvxXxvx@QizHqB8f!D>vG!6Wc3nnub0^YI!nJYOg6+@f^r^AjK9onJM^G+G z>&yB9KFjwX<@&4RP&_HbyI7;#<=DK9-bLEqg*;Q|Lq3xv&*zTUuj_ev&ONM4Jecs$ zJo;m7ccFbA?%$Ms_c3Qd=b~BRXdI5Z^;h;S1!Pi6%D*>cYQeSjtR6O#I^uw?t02wktDf)LC=XL#*&hm8ryZRJh;OZ zcL%nY-On{Xq`9fn*fW7TqSmOwrO|oT5qEx}{mq#XGPB^?d0~HSve8haxzAEwf!;@} zQNu2*6?S*(Lm=_^@lJYf$gEKQevHj7v=3=+>U4ZW)zFjdjnMTW&E;x;12aSB6S(0> zK3Nw;@R*$VbUKUA@?LQQ`m5b}n#QO#dJM?xn2=YoBMI4dIC>R5q1L zVN0bbmP#RPB)PVfq~f=!D23I9O4x3?vr(y3HbMv+MF<Y{sBMWQvSkXO;LM&xTP0WUd*XiIL)# z?DyQydGK2}Ax#b*@5R&Xv!&nLu=6u!{q&VEOuCMvUf1MY{rKmog%i`HDcpK73z1xG z%=_SG4XXXSd5&6jDCh5Uxesy-`hKKdACvnC&z+RNck=FIiukCFFRSKpe!R<_ z%5h)*W<5%~qqwuM(eGp1ID}70HEOOLEi`2aBEGdd~OchGvV6$;6VJ<&o6S}UiBaNn+G@VKkzpn?sT|O_kR1g zIDAQ2*y)xB^PDW`zA)|1KlM1=wf{jJ3gLcJNpaBqu_CyKPxRXLe~ZJtl-&p1@;i=W z(EItizfcUf8QjXgFG}EE0k<;BuZ}}0+>!r*zidn@bN&NvD%|yz6bF4DN8$eTANZRI z_sB;ozdU5YZ3DNm@8fK^*TSvra+U*kY-Mq)di72&+~?rhe*eGS$NN*C>H9bj?w0-F zRmcl*%Kj0QjO_N*T+In)piSheZn0}P$mze!$hVe6# z_GjOU)W_3g3|w0texwcCiw=3n>qi@Iee%uFS!lg)yw=?9pX>byvz|zkxr*BvyQ|PG z$o6*(cR2YeXc{`YPExGDW7mOn3g8wznI^Bnwf9>e{??%W>*Z z1+<%RZNIv*%2_eo!zOvxt&qQS6uEwG6u7mlH7l$)3jZAjSQH ze(px>KlX7;IsYfx#(6(?KmfNGZfC_ENCojNwmm~i*53;6_cSw2 z-h*q)uYbQM%dPN!PjG)!T(fRa@26$Bq^kW`A8-aSFsb2T`yOXSXVD%{_WZs6f?#gd zu8DkG%#4uPV~Ksb_I1A%!R-y#)@P<2GUJ_jw@+)d=Spws4+r zoAFSxbDbqxNPPy^mWQPA{JpIAO5>=x&B>pOE=Em1j;|*-2i(W0i_)aM;$DHBd4KyR zj+$%UyT6xnChgZc3b?%#_W^9Dq8UE!&*T#)u%|0J4C(l;y}RuGpP7r(WU%7eJx`9q zR{I-s)cvO&_l@QTm9sp!f2;Cq@3+iyxchUz<-?tbzqUSW0`DAjo{w8V{u%TVT7k5` zrEWRX&q<4yrpYrZ4j*D;-iO}BQOCjT6OcL4xo&1&*35giJuZHJPtTX+E=!Yj%HK1w zZNxqS?Kx`hVDh6~?ueI?q|-yZPmmwa)#Jj<6=||VaVKGG_E(zi<9WfMfO@i|C{0dRT$$wD#|LxN+^K!| zW(ns^YRFMPU$N!a)W3E;N%5LAxe%_cA8h$;=Ht4zMC`CX<+lWGZ{=@GcxE58Ha>1& z^8Z67-ODkLGL}<2{<;}|C&qq*e_rN3R{lPOjVWh^9CaMNA^$rvsoG>`eWIVM%Wu)z zG|5+78;5jkH8%!y|Jk276vLgTxJU4ArrD?K2p{)kUihxV&rI5%_qVfNNs~7e*ZN!A z$8}we9rnlHY`9;*jk<;>z%%Xf89r_v`G?RnGzDcc|KIft=ekLf^Sr{eL$;jdyv95& zTw9+l#>VVl_ZmkX-()t!`jT^hp;Dylv#`t6_gmIFo|{kgxXDwT`s{d)ntLhv-snMe z7t-9FZhK+&hqC^byiU6b*WSmIv3UkPhcx&2$M{YH>WEq+vtQieZcZG+|8v?QeZS?d zXZ?%f_QqxmdI)Lmu~T_36?H=$(VzkBe}AjPt-r*1uS55v^55Y(DO`IW_r+!^DnOc> z^aSropgYiwsOx*&Z$~4K>&1&k z@lF=^kV%HhB6*S-F(y>6-BrpX}%p1)hM`4Lr_70&C&l|8{?}t0J+6* zuY_ysFWa7NEQh;4?O6%jX#w1i4v-C0TaiB(nREe1vyV)aO2xTi z&cCMpwcNZv)8wF;UVJab#>BceN6j_+z2v&w{n_uO1n&88qs9@^9oXifF+T1$k0r^I zoSTE}J{WC}bNp?k`V0R&$J@jEZpz>1urqO3=i@%aekdPt&Lq2@b3mH&ezT2*zK?VM zN|P6qzgw~W6{XLQk3)a*ccV#Yy!lxU@8NWE{4H_obrWCfZ`R*w@|*Ja1#HYX`we4@ zZ?=ATdpzG!=iGP5u9vm`X1j6F{$}zOfnKw`>$V3wbKR;gi07u0k0O)y=ep&?eOz(t zVq1i^Bkk|K3t9h#zC&N4nuFP&CfA8?+miz7$?74wW47mS?WdV1LNk%(MxLR)MAxD# zP+!VID(?@OeK6{r;nb5l4uz>9S+2MvvDuDl6vlIJBY!uVgQg?Hwfhqk1oUr;(nE60 z9M9kN*lgfl{D7nO_stOBxaXWnn~L^5FOVGxNms=!#nzOEzkS@J7O|!ZndF~$2`ax? z86mkJZZu{g(g@oubS~2VUQ2!e8iDRYrrpe`?Udi%>VDhna`I}1qzJBUhsI!I#@SOi zYVHd1Zy}T3-x<6f&dh7s_E?S#$jZD1bW2$tQU0?V|WvT zT1%b&?rp^HLfSBs3TlO<^;|Cw%dzTsJ6a@HH_ z`?%zoklY5Bsx+1sV7CUXM>-C_oBU$dK%;b2V;Vkv>Wq5^x$!-WKE=(hzxmOS%!X_3 zU6bl!a|UXSH1{g7kE~|Ig{ES6ntOk{zKvMA^8Sw zG-kmIZ%dfJLlLC8_iayNGdcU^$L(Yhg77~t<_A2-O~4);0! zZVB)=^`wye3fGpi$Wr?FXg1REed>9}L1;Vr6b+?NZGJN$w$`qGD`%fdUCv4ygk{Z`P?Hd0%ngz^*gpcPmHDEn1f-e{s$v z``tlX9?Z2fNtZLp49UR@z3Y~|oM(XOMx?n3D|jZ0&O>d`F2=)aH#qIkC{;h$`Yg9e zNX~|9<9kvBf9~h`E4G?zzgISd^Je|29&aWmJN1N)ZxP&E75853Mvdm1B|h#~j3s7r z&ZK{P&qQ-`nucVS;?BqR*<<)ljgM>kQ6IQm+mG^p2SszEr-$T2#r+i9jw6%gJ0JJR z7g*1UOfvPEj)Qa6;`i0eY!;G3p7!EfAKPr|z-AnEd{;L}ly)xH^mlYU8N|(pdoEnt zzFmOr189Pe`ziTv(C?_uSI+ur+dtdvmIqzVid%%_&H#T?S00$ZnP-ILS>^9B@UB3; zecZ+5i_mN6t|#LC?cuhY+TXlZA^Af2y9K+i(KkrPcQ^T@RnB!Y(CQGavJ3dw`Y z-<#l#M^k*`IIt~LT(lIzKc3a3f{La4a zixRk#W|Zara)8_@3wM_W`1|((a&zDw9Kfx<`oQ8)0Jk)N8#+L43EZ53_#S~*J2guEV+b$pujSi4o0QY6?i>OmHr6oMmUS#{YX8xfM=S;Hwv!MA0+ds=`6O!GE zd#lU6*T*&U1XC-(jh+*d28Eu#vt8~=ANO7IpHzTb0yigsyZr#U1#Lqz0j{mj_QE^l zMfO5Mx_)RuzAL&4&7K%KB^CPx1&KwbF06WC?|AxCM(VSi}`NO zI_8d2zjpd0rtQ?v6$;_XBClQ_39kUn_i;Cq{}$CK;{S*G-pC$tcTsM>N|4^}xJCD? zvpR;PvEpW6^ZS@2X=CguQ+B>&D{XKt=S;ebW6*xdnp=2YNN!Tx5!k$pUPGFD*c$f9 zLnfWdG0d27Ky#;GZTk zt}PFyzjHbESNgaW?e7%9J?dHSy4?tGEPBYtokxBNGRf?dq}w+e2i<>&UKo;#;6`H> z&iHL5_AmRm<&B5By5%=++zt1BOZ!`N3H8o%UK~2#pCk=m zVINtf%fnFeW6(4-37PxN){|r1`@-x$^NAbJqV6HNQgK&c^D+7ZY3`-3nr{p6i~+Uk zk|Z7avE~Q6f{&TIxU=lMM(L#?d6=KuayA{i8@naSLXMg{V{?+cz&Vrlr{9-zSxDZ1 zYx~t}vHc8vGE3)_YB3o1KTIiLLc{i@>|h&XgkvP#bWomX>P%lA<2bnLk!9+`9y>we9BF}8JlJ*n@D!kmzFhHK+s>a)(5^Boc&x1#k~ zYOj!tR@?>fS}#hL#td#98@0kI5r>dOK|JO{zAt6*nW<_^l`ttJxP9Z zxmCyTZH)A?`>6Hl!x~Py^(N(B9g<&^zrwRh6W42K>0fxo26(K(s6i}w(>pBZMl>0HqkxNahMrUesix4 z$p>(w?*HdgY=1Y*H{!V$A4grzxt8df+v3abGMB5%Z&9C+9Q3@$ZI9h`=zgUA{gM1% z=*TzeJD>$)n5TW)seebE;XRkO@lCy+`D(Z}9rkvjbi}R`GDXJi?<9^k=lGdj>yUE; z*9AL!T_*AK*=Q-!{%jy$g1$zkKfZ--n;lngaqBDn-gopy`k`=b{rW3*tAF8}Wb5O( zA91b@=S(`4quH<4?yqI9xnAE8y(uJX6!&y&9zc_k_BZ7%z6F9Bqf<~F_InPW=ai%5 zJm-12-uF>*L-Lp6nswN%v1^Mox1#&E7Qk(|%)8zf!0U&e@^M?gO+AJNqFiL!+d+07 z)?GKD%aIJ=`I_Rc!e%{s4{3kDBwvdDLZ*H--$}5~tJVjU&tkZn6gT-D_R~hKkmhbF zOq54BHy4fI`(x($<;HWJ`0flSpCtoBQhm7>2kY!~h zhS82|F6Gmd-*G-}dF7#66>lA&tp_vj3CSqMoeA$n^r?^AVH9f)H?lVr>Ws|&Hffj> z-^HptSZ>aUkh}=j){}#=8HPq69ft?V+w^bWxz^*~61cy>we{rTv~^QqJn7>evM5pJ zxop#~3!2Z<{l)B&AvyI0kGlxl6==1OyPf>Oo2VaAEi{2YIQcdB-zUgAx18zvH}AfX z^n`2U&={Lm=xn6pa5?#b=zcUD>2s+r^?gzJKuE@{^6DM4PRZ<(d-wxpUw)jJP`5dTr%-P*3c2;^L$*h{>gmrst4!&>u54vZru0* z?q6{2bvvCsjIP19kB@8Sh3@9uNaWvFwZ7Zm(e*<#KO{|8d)!Nyi)a%#t zGn4$!8EyYe_w#e%-U>Gwvk;j9?+vuW$L+Y8@iw{x-GFw{H`_)Z%`j`WD%&0xj|<6k z#hr@H>u4v^<*fUM^uy7^XapK`6YDPN$D8`h^xX~Lv~RYZ&z{KqSO9kgw)@K+8o(`n zG{iprUVKmZi1iq#9n#z(sX?>n^H$KA^Nf@vSqCq(||xHl=TZ8uXN56Pc!ZF#7JT|3kR={Srd|2TR9 zEk>q1G`Ykn4_)2ztFK$>6SQwd-ggn+#^ww371CVULi>hHn%|RsgO4uzo{{;!_I2*i zsq{(4LvZc=W=@;Ez9TR+cjo#e$$r%_^54g%jG3hGx9ozD%uw8;;nhQ@__$_V-JEmh zATzGk?R=gaU(GFsTcWtu-}8Lj{qgr9DldE8GN*;)$TeOZtiKoexaIjf!Sz>j3*q)q zT&a5M z2fgIQ_fB{t(0xAcrS~Ms1kOE){QbU_0ry+ZjF5CtTpQn~eBAxX8qmZ z0uZ1NYQYmtB5PtC#3^9ju@nH`c#6n7AI}zoZ=c348uSeZD=<<*ccb($a#m;a~ zs{pr2Kzvi@@!aDTFTU;JU4(l2xbq%PlG`~q6#3iv4leiEgS`5;814;GuIp>PdCoSXKx1KJyM9mu)&JW2Giu)#Z@1w0qbJy|iXO+*WBhlmdrQ6M1m%B=F zix-6CUAT7Kl7ZcEr~%U4Y0VR*7w7t-^Ah9t1sLIS&3v?NhjO0|Ny@7U5;YwTQh)63 zMvo)SJ^6axL*(2}^d24dEap?~dbpvgzhk+1&xGX60PbNW`_G*jz|AkDKN-O7UIFg< z0B*q|)}ID&pR53PR{*#0*^qpxxL?Ej2_3REJ`RI|! z*F3iyz_}sF%q#2ot_*+4qiYeOBbgLAS>Rt3z@< zTwDJ(!Y&J4gtWgmlOKfcN5heM?$n7j(dPZv8uvK&v7R@|ela99xW3WYUnuezHuKOD zq`AdClH@(keTzOvhHL#TcIPK`{SYl;Jseyc2QxnY1G_3;#dFIWA8!nZLkZkr%HLz* z)klqe+|m7#q#frjK=wI~Ex+3X%30x>kgQPLZrI&~`Xe2O4H?Pu80VItc_^>7_gue; z8($L#`@FUIrI7rtxJB5!i*_K*J?U%SRYon5`A(d!AC|fOC>`I_wIQj``vLa4^}z0C zGze+#t*ilmf^&0`X*bRNX5aJM6A*{!DusK29?s9hNc&UK=a&Vq@!pH#Hh`Cpruw)?>|k9xYLCuB`uSx~_qxPAzg*9{ zYsEFsFJHQscZ0Fj{#N+;CEW0O@48$GFBc8>ao3Pvk2awPnY-Fk+pAxz4e{0s+4?H_ zc1X@w+*0iRMhATp?{EKMe0QF6jnVN%&hzye%txB{_(rJmY5Pg3?}X$Y#XSqVY;+^i zaac-z4Jt;)-_kSL+rF989_(`GqfPm={^l1m&!V{I`Q>le?nRng-t(%|s%6`moDCtK zQ+x4E{g!p@s14HGiR25=GPDS3fAem0=Fhdi(f3#nptzr5^ELVvX>RIHzUzhRpa^Bg z+)sA>Se*cW3*q)x+{W0oLp_n^_WYE3g>y4e&MooZhwc$j9#S{44oPv>VD}#S9%*i) z?|9yXI-*%ESr@^20lP2w&{k#VcMIMR$tQ}tiszR%V0$~#-144ZHV=qH_6H$}yzN~# zTORK7amyYi?K)8O zG4t+lZTtT!Hk;69W6ST@=gJSUM(AtKne_7m&OVd2owi&v{<8OJ4h?y&cf5N0HU8vM z?0@!g|0Lh{I42&<8Jq7+^V)yQot5H^>q_Bvh8x9?o&@ZmABaCX3u%7`k{^wxqbX|SWCUEBUchE8dJWm@!lSZkZ<2o>+4jl$sE>n8m`Xyj zD&X(`1Y7NAMgRVMxaRx8QPT7$waz78r z3B}&^>WT45a59drW@6qY?X7-wCZV}vf;M(VhW__nA z2UUKG=T>xmXXe-Rhc|ff4Z&-On)uK#DXwk5vv-7Kh~h58?wdc@GuOx6L4Ftd8!a9g&z-8c z_C2qhZ*IV)`wn ze^ldn=e>4)Uu2esaNQ z%DzLW3DR8C@4Ae0CUs@e7d!JK)o6f6otGpx zz3G&Dy*?v%Z%F=D+>5cBfz~6<9s4Ki(9lj)g7ke_ZDHB{tFn{A(rl9#-(&Z%z8f_~ znrq_QnRAz*mi)J_uj&l<<~i;4&P)!=^@`gIyMgE~q`8yH&p{`g!MbV2*=AjS*Je&R z+NrLay-%~Mgyk`~wmuV32;o3l_mq`78Y{^gwOjpp&+9ggzagHCRI zPwVS_H@&E8Sk6$~b8?en{`T{6dvg9x&RKsm;pWiRSYOT2aP4)=trnJB;oA1#9&GPN z5BRvV$S*@CEqI^rWHn_xcUC-C&l}`d56k0<`!crc(K|@T;al>Fd+G0?Utdm&eK$QP z%c)e0=OWg9FxRQ$ps$-85|-9*Z8;l) z%^37N(%fNxv&Ibljeax#{SNiuG09TcGD&v3`wF!>+-qm@!(n+6u1yUkMVg^Yka?TY zt+$gGk}pE9AyXHIxgfhwO_J0>Jai@HM#8cVPQ6%;u?N5RJKBS^e}^Wd$kE88lR0kB zWgm;7@qc%}>*&tMeuIB%hUGWKZG=r1bO+Mh;}TP(1-cSlf(n*W2KFSxeB6wWCa#A2 zq5G%i*9yyto4t5eyNvhvu=^Hi?iH6aABP5`0Z7l6X03O|n|l3!(XnCHchR4A{a>Aw zBE{%qq`9fdDRLBQicUr&>Uj582e<#yYn8|t(-@glJ1ip7 z6?z%za`jP4inOlEbwj3H?dG1H^jlTg66IkgDXV^1&f=m)V>#Xp;Jq|6oTp3skAE~% zRflnYEHbGDM}3{_->v&s#c&6}we^aBpLp9}spvlOxedZH53arbp=v2{-{Ue|<8Lj_ z*F`2Z9&ApxcFth;8L^W@tuQ}2wSKHivhwcv+H4n>DxHi7OVAHWUQTB4w+*$_{U(^Df zhI*bxAF~B)`o&?l-tO|W*Ul8T2utF}UVYF38?%pYcaEBCp5yo9oJoT?n)SS~=Q40@ zeD!mg!ZX6s8Lqu<|HH=Y=l-CNYu;CzXL#o4NME;luD?3Ic`d^-N%{MlvBTeDj@sW{ z;P`bSz*@pdF3G+p4lJ$QXls& z^7&{Unr42+7%AM#@wd0jjqAr}h2>GWw%u8R&0jq0TWxH)M)tn=ocu57utQQL1?`+j zzk}xnW}Gz0<=*y!S03`(gylQ9_PQO3O%B)oB#xSUKKaW~F1ikx_e1S_Tw`5s+;uxA zEN6e>)n`Mnsm{H7FGtPYz;my0oHJ?Yi_EFe&-c&&neRaUQ$Mt&eF)%AK0s~}-1Ts6 zzr(DbH}4L?N40WE{e5m#hjdl#ncEx=U zn=UVke9lo{x1Z-F%b|xk{+jO&1-;Lz3hUU7VjU6WP_htsf zq0>~aJe0zHAFiz@>%!alDElh-xHFhrzSQ-%FUJ8Fi|k_l%hqM)Sft_`?G%=1i5K6S zu^EVlA?o7iaU)mwv9Cni+x-j zhx8*PFus~w0C$PvE{8W{82eTGxSx^#2AT91#~Rc4z6;mey!UToq5C&-A^lRgHol3e zl;6h5(v+i)Lm%?DB9rpWk>_o_*$=`p&C&G7Y#fTR!_s_ff@H-kL`Gus6k3in_XqNS zqwwMM%TUcz=npNUE*q32lic!qYewQf+?+1-OW@jivMx67qFqRHe@RP`K_S}daEeqx zMYR&8X7{R+dSMFB0iFJ?sVDDq{VTXJET??#aa&+>0lFAz?rr2pBa^0Z?0p$=SVQ0c z3}>#+#37D*OIU7(OE)u?8ev+0c9Kl@aTmEv^GnMNSFL9-Op`V;&gV*a@ zN|2$KBuR6|w*+rsk_!+o56m7D1Q!ZI38)D6h7*q?#UL%Q57 zBfl9PQ8PsjMm4G=%G#fjC7*p8w!8JYF4xhKVR;R%Esu?{xuR{dwCAX~SCGF6ne{1{}?6pkzF^Iq5z+S%{Dc35*u$1u;JxTZW#$8HwV+!)aP$CSr? z#UVO2EVZ|LoW*^cEkBTqfwp{9UW40bLtnBe&nF}ZC{w>|HABi4D`tPk$D@9I1dFVE@n0M>8 zFHDitrpeNCy)&PGI(672x1KDR5|(e2e+AeqL2Hot75n!l9i1W()CjFDVvnfvop<)u zRdcS7{d-Fv4@<)xUO6(?dJlC#2ITDR;)iUH!R0}>&+AF<#&%bmN5j<@#;vvCo<{LhRL$|R-RSe z5#Mg>_xFqEhvgc@?T_t)XdKeq)#NuIleTdjzE&=2hGn|qev8feC^4)Z&+T!1 zihPFdsgoi@(N5m4$ezQqBI@_Ch0eav`uRlZ>acvFxIbXi^aQv_`}+&|nI}5_uI0Fx z`I2qj%KB@^7saoJ<)&sWi+lv* z6QupyN#3TP&3|W<9gm!{J3*)hoV0;@O>uW)b8Nj7ISy&=h2*bBCYkS%NFBzc^kr<_ zW{#R$@-FjXihCorQG6 zU-|t3tX2GrqrUEIFH4pxC-eL-V4ljbvOgq_aBTZkgWs)(GLeqsz2v8(t>_&zmS^HC z>+lPF_h^9)=rr^JB0{sGlNHq`4^wuHSdOc@nm^Ff4yV(Gn)B!xV=cu_?lfM<2WcnF{ z>U#bfpH0&3P|&MQ{mcjdCF;wGtfMw{XMNQ&j!(GG#vF_g)hG(%P8Vd(~Ym5|IMqKF1z4n zx&BVX=8>pZ=U+X4R?1?SM%)k4m<7Lw&0$SaB!o1# z3;Em7!)Oeu@jBlv?CA87>%0EyIONnwXWf>^os7*o`oJ?eYVNb-S0R&H#xDY6jFMx&T8T%4FFSU-^Ux|E_ha&3p}pug zv@DnV!hIe)z+LxauG@79&L5szCtZ%+<@F~I;l8{Q4My7E56K@yU2ryPhI%w$|NhJ* zsYf}hah6-w;O=$fS$aykyadrV^ecNff zYOR!ixT%@xQuP;)I|ZB9&{s%vGtXo`ALXGzsNQh)^By8G?nZa~Y`D8!e~TKYODDyh zh0Qi}*je%1hsdu+zoPHap7E@8Sx-BQzY9)w)~RTJi(912LvZc*vBBB+gC-#DZ(0`5 zxzQD<8%kZob8em~8*Zn!%Eq@iD_xGEO|jg&uz4PRj5PPU*2EpXgyo69 z`?$!B@84Xvo89t|+96$fDej-xG-<>2MwFrjx_gzwmerxE6}rOCjEupby@!eH|G>5zS`g7Zt3zR+${GxeveJV zc9dbHxd*kU{YL}QEod3nWHIw?+YR>}$KP+?Pms6VI22uxE+_rwm9s)@enrQe8_!)! z{yUV_fp!uJeeU%$c^{E+ak#$Y@4>2^74%7$Tj1Jsa%=h+&$DhFTT^BBFr7M)lp*Br zMRwh)Zr7%n-?%Pa*1)m-uLt7f|L&K_Z$Mw5E#_zRZRW6kAkWM_E_3Dp^mE75 zzUh)lKRjywAEaH_%<7mTewn+Q?Jo)!fYBv2m)OI=jTlO6{ z{x(0`xo@?_B080B&gXX(~JH@<}rr^^Po zbb(`OJT@!P8l<`3k^dbU)AekS9wNtB1aZX67ElEh|F9`Q^O5F$LH<{Ccn{)$OdN{n4;pTMfWI=2c3p96Vbc~} zfi!mw`A^W1m-0LWEnb}1_{dtaFNT7Qe4rd?Ou7T8>du1A{t68TS2(q+`4 z98DZ{cT18Y{M{K42YD`CHY#pS?AoJ#NOS96&YU?~hUTFGr_xt=nsF%pu5;TR?Qg*g z+;4w*?b*-RoYa%?9@5#n3;LPOiJhNDV#S;hdp$GBm^+dfQg$hTLiR?S*4%jGguHQ%GS z*j?Xy`M<31)$K!+3DHdM>!`Viq_^|J2L49jx>X1);V;s(&f|yzNs3spzF%t+k*bOS>vnALv7C2Mf`fJJbp3ICLYQgRVnnKO%i!>~iY|eP3jL zoi5FoH?sb&7@Q=xV0$~#+z&YaIog5z_gl4toOxKyErdG=Ze^F>ob9w1%HPT=XC-hG znb)v!sI2-SXGglUh8vBQ%>Az?w*}1W>-Q_7-=xb(7USxioE*Z&Qc^HZ9I5gQ;&WgytiQYwKov2>lTgxqH zx<1R_nJ(iM_e1QyLcbvEuc;^NKg9mw*QQ81iryOE9%lw{i@r;jgR6M{*1^sn2g7Z| z`Bumzv(HJbfc25u-|X+xJzZ{82oJBpi+ z-E=e;Y3@?;8_-s?1sU$7e$Kr7+TmsQy(%tEmmlET`{EmH>>6s#-NX5V`#5p1^-eZ* zux*3PQP&T-Kc-8I6px#RZ5?z9(%dHG&q3!QKetCfy_5P=y4(%d);kwrcMZA)Y3~2X zKZ53<8EEXWjE9+jG=AO`6yKj2S1ErhD-O|J=@RBe80+tI`0_G(8)<((AzzAqL(ARr zYvY?2;BU?^v~P-=cwKP28Rq=)$RyjJv|JMllXUsb{54$`Dz3RNPR70w(*D}};tbCB z>=(aIe?ox2MR0e(t?Y7^^IJOae|g;2_|pYl=JWR&^0%Qok@*ghX*X>g<^+_p=x*W* z*Iu{Eif<|0Lgnviw6}TqbRW|3O<&13kD9U0mh-0G(e3=o0Dtp-PnSQGzmH-!8$Ipg zE+@Ypy@#T_qiyO38;9b6>z4mVx^$^t`EkhkGhH55TvN_I!l$iB$DzD(wk^QlQn>5k zR(3hd-;*w>2YFmm&b~oE`ur`gob3*{ZrOjO%Y|?&yPQS$rc1u^*OaqA@HL@te0<9* zXEhEE==Z_>Q2Bchyd%*GK5i58=b{VH;OYJ#`)%6aot2ANm-p1il?1IJt zHyR$&^_k@wwn>^>40nLynsPP_`%!3r%UP2Ee{&KdvIwp%XAi>*YBz2BX8g77o8MpE zZc1WAe)|u&1#p`)-(K1A%}t8P5V$rDrku?n7V~`ZEw7w)2qi1dVO<6z3!m-xEV=WluCY*K)~nbjjQ zOZoc?ysFoyNE*`h!wKY@qjS({Jg?F1=7NChR&Y>65)P~UIOHB2;T=SeYs%RL_|y$) zf6FUpMFIXwjfmvIwehX2a#jHMwf}&dbx1_2r+RUytou0i(1>(~YvW+b*_FihT3>w2 zD`y)6%2@&2$v*BaFmL}CZWrd!{QbV|0o=^PBJu-VJDwj3?*W!!ns;k$d7$a3I&Xfm z+{e#MdXQt#{tmp}`p^7X4lfcUAMV9rGB#!%;9`!3JHwfhtU6{=vb^SU&Hl}?X8?!A z??*LMakCGP$oY!Ns@8{&$p4;N67Sl?f!au0^*R97Lkc?qvj7J zMX@^-orjFS&$#~HL;eBu1R8cJ-zIL!dz5XMOKhGbQ{Csqd$0B45DiD9TBt1dl?rer z%Xtp1xh3fl=^DV@TLEtG0B%7>M5e>77mI?(={GWuh;opQLjn2uXeBzbV|*Oex!l(u z_2Q6wL`1%a%TOeic3`&~g>H)HUPQhpx*3`8F^y=)`rUJ#_||Xj#No(I-glF-kBUgM za9Qr83UKoSxS2;sG%#NKN3BT z9x*@b&GX_{SPM3gXZ>x;#-St{k!`B{zJbkq=qqE(-(bsc(tX(4wOf;`Se{ zx7=AzqWvwZ9g(zj)(yIGXoB74s~Gcf)ZD)0`y-Q%FXG*~fO)PG*1OpG^}^#K(gSXD zmpd5S;b;QV+^5MeM=v469Z_5U*{^D+J0JBB>wYY^;P{BtiInBOR{?H#gfq{jx%qV> zavR(%*Wd5pCH7+-Khpj_OMW%_41H*R)|0g^y?Hl=wfaLFIO~aY9HMn2vP}7VS}xBq zwXe!cN zv(NQAocjpnT@}9{ZN0mlbt<|%$}?l6x#s%>Cvh$lwLOmgcbV(6 z&s$P!IO9Ui%{nR`=i>wU(W|b8${#-xVC?1uFpK|5A?cc!EJI>S?+;e z_Z+z6;o4-b`$GKP-|L=>{g2p3U4XgY3$cF=>2hAt`#rT`M6y}O=;y9JKyD%2MR4u) zc^%%nXp@gSknizr;haftHc5!>PvzgYRp0NKr$*#(_6M_EbKNgZV1HU4HwJY7*`ND8 z8}7{k+ylMtxp3cvYm>R|7vS&yUiUog>mB1=pD+14xAbE?;rn}k=e?-Ict6FYKlxeE zdj@xpQuSMAMD7jX%5CxGsiNE>xL?7w*XLk(7v-|omXB+`uX_~dOfus+^S+SX2iV^4 zs}A%0&2AKtcE@^LbKOtG{y?vLF5HQVYpzd2+%nSlRm@TMpL+aGQ2ngik36_v!?nqB z_xHNzW4~PWN5)-8ALjTZIms8tHsmjIr!W>ni8^xa-KjhfMm2|6A?Q* z%Ax(^o_AJe0JENR8t>f4g9F4Z0WUIJ{4OhdFmU<7SSVSvx*y zDE%DX*;?t22Q@dp72_+oQTGpRgk5`d9@5;&Y|g4Eobcb^&IjSAd|XrTwl8^w*m75|8QGJ{Sy;n`xA~m%P9|o z-0{`HeZ2ZRwS7c7)$!(EY7Qa}=nSN}y~y8$MxY^RTL-?Mb*aN$=W>U$p3UBG1?NWO zp#bg-Z1)Cp{_uJ`|J6oUSoga~O8W~&89>i`Inu9dg z?0dM9b0(SZ>jk~1+@11kxtX0J(haVycg**0U&j7bA9tBKk4&2IFXJ}tZ$8{9idzit z6ST|6J(#ubM-OI=3^MaNx;`5l5Qp5(5h-B)#rkW;@h!1!k8~U^W4x`$@tWJ*tsk_% z(F-C{_e77|pFh=n@8?P%_x2fytWS%DL3*+7Kyz&!p}Dzm`@)SnCSv;aePCYi<5sv| ze2aA$33M{65khe%EP~1H{Jivg&U%sv|KKsJj%CiNBX$#|2B5m zpK*L1+-u?5>t@Ea_rrXk9Pa*%YYX8ng#d0aEjdllyEK5j+Fd8Kgs!nJWQ~gO6L$aZf(nB-$Yx2Qv=% z73S|gZiUAIT_fyC=-qE-9FR7Ib)rbulNBBZbc@K1#KE>hW*l%F%oBXv3XcOWiO6TF zy)ff|wlL52abp+E{b#?%0o@}~h`+YpX+yo!6=wHxxck$u&W5{NaeKkbMUVQppOD{S z&JCsi%Tf1#qvyEqX>!xreqX_*5jpD=&)=rlnfSKhsIOaZ^8JxXX}s&#^MtbfNz?C} z)nJJ4Le4<;dUv-4@XQ&FRJXLUGMHf~T-u zh%DDUhb?a%L5>>-z22%6?veoR;tFsF1aR}Nj!3wH*ADsD@0<7n1*jxx>eOhV!MI`yH8eh<%UaU54YG=MHj6*>#>-eIv3-`D@f0d3hDZx zy!ST4E?3tN(d&8M-^h!D<)&4DTQ7hsH$>zyxHb+)!#fq7?&F?Gz5}`lnQ@_xL#u!| z6vEx>^S1}KSE2olLw10_`8Tp&@U-|i814-f;PwvS=H3*M)o^VbDyyC>g?mh6&tFqd z-j1&oX)gu^_?ve#^L>gt6sCS3)Yj`6yqG+ipP6LdPutgfIC2Z?N8wg>9P;2E*~E)O zK0ZB;W+Gi47Ls3vUPk`+Hpd3UA+sOrXyICaH_#V0eLwRIU2_|+qQB11OfvoTpmDbz zzZJm!1TI~mSUQO~2F3S$xTm=UTBCVQMzQ6f!r@^gke^YN|d~tf& z>-I(ku3JICbt{6~2d=$tgSj?A@ip&Pj&rY@|NTlk&eGQ{>$ZrjQ~th(pZfhYdtYqf z{MX1N|9d!=tLxulxJ{U+kH#!SzQ9#RKJ-lhV;MzEt{!SZw>ge;gy#CIXfH-8`5s}5p-;3d0 zh5Goo<~{$LIrmxT#4_(4mj=Y42=3v$w`AjB`a1)#AL8Sd*WXD#v}}JTXAt)>TpI^d z9`1oT+Q%)gJk)f#`hLs0Ga{>$zotA)K#%#j<&}r}0sa=lJ-VeA2h-n~4s))LTV8)B zD}b9fnEoVO8wblzS;%pt4~Q2u_-o*6|jU-NMf9m@CVIJXJe_hsyS zRNnx9i{YN!%8Nr~wVPQiBpL>{vfH5|xSRe1e>3lj$f;*mzQ2WV?}cmcx5{eYGVi8e z0@s$a%4#o);GT6><+pD+|BJ{}xRvd1Dcm3b1Ap`LB67~z-gVo;{j?MPhIIR8>W9Q( zd_xVH@sRFM4h^{9vW7(@AFk~`JWl=Hi0+5oZ^rf?7IJVhUOi+}EvAK-8CJ=_;rmG5uf@QD2HKj3DLpniaB@3%oKSyRE^ zdNa~-c%1&^9DX*G^Y(payFPbjKpaZpp4i&s`uCHt*R7)a?&OY)$iV-ATMG9T#Wm&k zKK|BmzBrUuewPKrq2ONDYcTm;+2uF;KHlemYp+{n#kUylQ;KWui^tIdUmVK2FV+Xd zp>P!Sj^dhfwhHDtAGf@6RuaI?9nHA#oXU?wDcq5Y>)#i~mfs5RKXgCqYySgoDclp= zdU2>Uf5$}R4!E{ovWe^Uc7nHmi;csVoG(Qt`NtP_T&VYNk+IB|z_smLE&69c^?H5I z@2g(d{og{kY3(YXoAUtggTl4HVbeh*_q zr0ex;@|UANsJ(A~XPLXsMvn{gAELk0-dk@p5<9(5oAvim&QC`s)j2OY_Wr7EFKl^O zq2Bk(&X34_aHBB`k-7iE)%(90Zcsb_BkSkvI-Asoc`ouFaEsv{e{SW+A%9#%Zh~7G zanSvp?C}vPf?L_;w;1lh9X##}T(>vT7NpDB66PO%{Ua;k-W;SI#ETzA3J0 z->MI1uUVwIw*T-jeE&Sxu7LI;bz(%GfNSfsBjBBa+W5G=$@fD;(euo&nC}GJb$BD( z=f}D}D}01?$#89bHW|D5=q056-A4WgRCNS2!z&EnmORG#D7dzqnewm+ zyRVS;*OrIBIPWhHz1{Z;b$KY58evar@4h&Yae%HLvLB~DJJ0iXA#>5GBU2;;X@65_ zhu+|4$MbB_-@a8ltnBhW59j+)}vD!Hv3c$bfeuI@!k^LjHbKfF>fdE@)Jyvo3yu8wb7KUgq)q zSo!-5HY?GKNc&rxIM{VTTliTX>zHzC$FH|H-w9}#;5b+cx5I_rdLy&`Ec{6o`P#>= z==w8Rz&dldw%x2ciuH0R9ch2-l0OZZ)Pkc~cjfn2zt2zv_d~@sdjR)&g?$Hn+-n(w zbaJ`>wocb@ZGSSlka1SF=da~#I3xe@o%+RNQIU9D!f8kS@QPYu=kQ`}z3CLz;N zug->hH{7V}khyN=y~zW;ZaHw*!`0WVKE594b<2G&B1f=j-S6*#Ubj5B*DJ2MZsvX0 z1HEnqaF@Yt?#B02VsIYn?7MEakROd6Lyw?Il;6J3JLN2Sq%$5mk9M=4%gJ66kv(v2 zKZ^g9r?8ugOmf@f6t+7rQ?9CR63N5{=pAIs zzu|5p{{z~K{QbK*Zab#uak8FgzcA(RfD_}_r&xc@`jlb(%%uHUpHc|7LAT0}L*}xG z+@-j`Fu!@o{d`{o={VHRuOcVl^YNVbk9$_SanSw7Qn;_cr5cK*melup{e*knt5#o| zD3_R<5`vsSHaqvIK)bXvz`X5;lk;~!Qa@vr;)B0=@JdKGDgk7xO=)2nwT$tJV~+40^#`<4b= zCs|3k>R$Qr%!PXg+yjkg>MGXh{RjT#!L8ck!2OG^W*;;-)nX-Bq_XO#0=Q4WwdKgv zPwlwY6{(-L1=LR^FEUP4{#I7~lwA~&)|Xa(9E#zNhg;e8NbZ`5d;!~GoAi$h&_O&&{Bx(2o4yNW%|cD}>a;dtkJxw?HV*bIQFDJIf6zGgZA0lubGy3S3so5V!T4*(;n~|F^16y|ee8B;R*_a5wZBuzzkrI-IwXA0b?TW;e0#dwN6t~) zuOqS@uB{)w#^x~goGj(2xj%lEB)=IRsW$USdL4@$E9!Dq47bXaUOA(BU|uF!_WHQ) zWsM#7=l$LixOEgaX@cYLp&YfpQSzrElUi{sJ<6+pt-q%Heh~W&ezu+Y9>r~k&8y!h zN_UQ$`#AYRWYQ}fGmjBTWj@U^%~9VM@=Zi;fNR@}cd_{zeTy`=-$d3}B9rdtxaSP! z7m(&A9pt@dSG<$*tNa~@&CjPL%WRICyMcTOGU;cIyVw_RK=XL6jzh_J)Mv`yz1SG; zA&HpAAi zzZ^%+{pgoOnQ3^Wb1sgrCvBO~<)L6N{WBHc`PkNC{mCjH_jmHu9!rrU&?zgO`pm|m z$n{s(XHm(JL?)%|b*qD27vkH3qxN?=`EjTa%|@oZm`UHn__{HGTbPg`brknSY$ot+ z-HjYI_t2@t9GTRLqba{5+B;ku2kmcBQiimITQ6oI(hi%;(N#!uZ+)CSFVPyb1a+Fv zcS2`4+=Auqey7*5pRC(YEvc3vJ>f=OZuAM>zdn$jpCI&Oz_Sk&i)$T(R zJvKuQ>E&_n#^!=>ij3!|xh-aKtPMpj0FVuBef^6h{Zu8yPEpB{Aa!=U%O&Vp$^>A(Kj!naP$qcB^B$dq+1e$-<#6h(v}%=B3yf)n(t5dpnl!uC=i!}GNXINi_Zb#Q4{l43rJm-Eg*UgT9vpZ%;4JPz$eKi3a)9;wUQFEUo z{}M9kO^ze#lw( zp7!q3!t*mEM{y6sCKEM5ntLVrn~_O_Id1Ia-52(LGu#cXe{w;FjDnlx=7(Wp+OPXL zYHlI<7m-QpIj(C;9prm%^X29Q`H;HFq`V6$56a(7*!0V*BGnhgbLW$P75$99M75ry zpR~d$XM5c8Yy5r1!Af4Y4EYhREe}=<*B+_xA4N$FMnLZnDhdsJZJJCd#{Q1 zcNh7;U9QI_+>xNYE>`r$$!_YU&+B9q2*+?T)6Yck|h z72he?oZmQE=5o~j{!D%^GO7Af#@?qguJ%2LKI>%4Q|vd`cf5Co>{i?`Hl}_!o}=bI zO8zNi(h`nq8}Lk%F}tlB%u#bQugj1luJ!J>B5X{3_6|qQ{fm5!=N<02d#ePNGyR-D zuP^na;)bv_7j^9^5|4-xlyp`EBdt_8@-^GU*eZB?WP{zd1K#NFH3<&fkFTl2OSr)W@Ab zezwaU?(R42??>tV&hl=|kV%SLh^;BVFZ#G|kuPz%JD4X9@>g^7Z_1Eo;M(}og^oQp z-{IrN0^t5bbsadK9Ljmy4=slKrs7WOQAJ8&{^sNUUb~89jTBjvnkcp(l}~@v?7LaV zt=DzGB=hDB*{--%m(j+cqCZRFNjH9;Ib-3Yn&iYQxm3|r0in3|r@FF(# zj^kZNj+%RqB*|{hne+gC=b-p%ZZX`RaBX?GyF+4Zztq2d-0_^Ry4>NKecyt(dLAH} zn;}CL_fTwGqjpI9`y~1K$fVUA|BY++b;`XhL!MOJH?jE!eUCJ^)(XY}s396yGrpYd z&U5-_^VNJv?f~jZ6<=E(&ct4G%PSAf1Ij}&+&`7So#9=9R`|HnU*LOR=o|DonzNBQ z_DHTvyCmt9>5M1!JV5H;48F_hUAOC3(tkEu74PrlBF?R0?)W9vOmbYu8o)iBt4rSQ zsV96s(&@RT(u`cNnd#0hZ z#Lk=-?>ep8{ZIQymN(?xjc)n$?sG8fFg4xhPz3jSkH3vyPm^ZI#LxEkg4-*Tq>_#`H6h=Nif!i+ekEW6@M(`@5LD zKJRagddiPm7!K25kpA z5GnU}$^$9AIr;V|7kS4WGkmyZaQE%&)~5@w>w&IBHup91+mNO|IO@8FcYeGzsO+tOvaIf;zME%d@-8$N4>3f-CP6f+(yP^CD*YvmguC?c} zTa9e4^JlqmW*+v1isPA`cPI9feGb!cxfi^jCRd=L=munuLkoT8-EzLCJis;OcOo`l(O%8rXmgj7 ze-&w(asEG#7tQ))DcmdIYWus6*py=X1^Nov+|m!Yen1C)$URqR8S_moHzrBhm=u{t zeT(tSdvMN_-|}A@%6PaYjlpI*`xz#1)TtwrkcsseT8^0pB+kLn<|4VMpo`$l=itk`}fxam+ zmZN&-oR_rvAF)pZorGFak1~$uxdmx7n#U*FY>lm^LQ2lY{%-qsEx&&ox)a%PUGWKR zNLiYUL${*TBa>y?*@<>~^=EbC=WTj3{tkaaQ}Mw8`3|mWPwH-O zcBFBgc4MM`e&f@g#pZT=Z! zVbl*@jrz~ynf#Oo^>v5S&(7hzZP7|iD$5GUla{~tVKWoWM)rBzPJW+li8vg|u^atX z_A~!nfAbmzWDQ)?{vCr&TXY7pxxLB9&}eiHZL+<8R}M<>?d!Q%I3OQd{*K3P1$qzJ z+zUUaokowM@kp;@%sz?+4%aRZ`A1TIEq`CY<_c=qTO4if!*3* zaP4`SNRxnM3~=M{7dHEU!QLcfbKCPQ)NDRG2_5b!zoAiyag5Ck9~I!;l$Gm6#KTRT z<;1_$DQ7uw+gjY&__Boh)}adS9FM<#^&$`M#c)me&4s7)bQgQLI!`x*&osq2>UE-b zKFwY)$~ih9H(T)?i_O3t$?~v=d+EigGOBZ;J%9dd|MtNyXXSA3v*KXtanmg+70z2C zvWb5+zPk@dj6qEd^k|neX&R6vmcQG%zFdN@&wBh_+?@OMn3sBm&-MLvcD-olQ!n!2 zzH7yI9d^^(C(C;tu0DVL6F$?#aHIm)_-tR7NjCMu^0&nysqzK(KX|xWevjDBJ2_EH zWVgS0KK_=$t$(9iFCy6JdF#T_t`}Rm7vefT(^Q@FR@5vYN5l2@7Xv)pIMDg0I_Iqz zZYRrMJ#RO|9OB`c^L8(vd(T@3rykqoEZjUGL*SZvaX)t24;6X16WD7!pU*T=H1>Ml zO5jem{Edv`+346m=i#O@3H%kG{fT}?_Ic~&bKZ(t&|g^GdOH&5Ex^$}Z(84S_)ODD z9Br;CXBr1Hu8p<~$U3;*^A_=N<3Q)1>YTTHxIb9_ntI$}FWhpUdTgJ!7~BK%-ScL+ zx&H&#u5X2KkAZ9YO~dWH7p`BsWBXeK_dK{JzNTHztAbmdcD)2{KPwJh;a!e;dAJv| zAQ4`fEctw{_m$Z90Twvr%wG4+J0>7S7WY={VraC7tL@qSeD)yHak|}3j`QJ`!F?WX z*eOGXJKMvZHZ$cPxkV1w-nW#0Y(O@^&33qp;XRF>_i)c(&%`@?wiSJV#xV(37ZtEi zdzr(v@57EA7m#1z60&&Ofz9)bOMc*J*Ef9+({FsHN$0Qp-ovEpvlqmFgZ?ikAcx=N z`m6ViD_6d($kqG1>++f5s=u8NrH}i;9sAk-mccz2uJQK(Y_*>cc(_f-ALnpS;W)z@ zN166P{WbIACC3MNudRFDjK61jxc?z<{O!<~XP4k_@j-lF%ijv~Hmw3O!}7Nq_I-!f zk?TC%f#h#Tn(pJc`YPswE>4WAZGZoa{|4jg)&W@yH{#@{V)I|L5ZUJ~`z!W}AWdC3 zmMjz5@kB-LG0fYT^OkpVK(@hc>u`Hu(+gdXZ0_CU3sDi8j<_vcR&!EzbV!l4PC5IM z#@BEQPoW38**$Obu+e>3#T;$!D)Mh4O`AE63G?0*;%s7|N4uPrpBj+HaE-rPvC(q& z6-S%~LFQqwD48aEli@BKNLg&hLY1g;r(O~+Q(;UD*KOUS?BaCIMv zpTG9?NYU8=iCA3Y?*q7o&hkFA@zw0tRZ)RShJeU3(ZXc&S48lgs!)+XG z?%m`Ik*4V!3u02~dT;H4$ui6txMXw+$a1*d;ugHG6dNrM3pm=`C&{lwn#PZ>BXgMF zG3!Jo4*5qU3sZmbR0?+!-26mVUdDC<+Kg=OwC|W#Mw;H|Sau@M25pnLJ~!N_7_{B( z_*;At*H3UW9PUjUivzL;ZrI_zhK=rv+sx7C z?k1mJ&RiZ^b|vp7vDS&ot#OPQhnHUxknkY4USwgHgIXh-dlmV7q-hvOzw%(0vyyHB z>0oh3V58+>B1fD16nSkQN;tl9MMZy8dCrE$Sh>dEvhD%7!Q#H*a6j;H|0G}U2ln}+ zgHY$NyIvOX;YyEyOoeOufhO4Ke9$o*ZGX=o-wA2j=ji14KI%N?ET+-Vn(|=x1Ep}E zu>8FcTdi+V4|g#6`yB2Jj+0O3{gA9d8Kxd}UVB>nFVk0E9+0;zf9GPO?Ze|7ZGUw< zSK@HB-`0KKb&rzxdv^`n_BVP(K)$j3eHB~nw>EjW-;huFF%gH`N)q?SdFO4^-zkp2 zrB^a9c8gnn_s3TKZOGB~w;B014p+wo>Tl^`A|+OQ?eSbJ8j$1Qns)tEY&E`}Jlw0v z4{^9-IPNXJ(W?W})$(^DHaaeNkfZJIqxbNvw8S)1d|cocU)x`~CLjftzb3wmJlvYb zH@{av9)asEzb|>XH7&o9-T`^p@^=Hg&(L-c_mH1xH;|^&IPNXJMb`!7E6ZO~e$U3% zj&DuNZ(bkD8Jo*ZdAJmwmfxs{JBa*Pq-oRZiTB(2m0vSnF6kSPc5uUS3lUR(CwaIv zEx-Bw0&v!)Rk}C!pZwLI?TuRq_Z=&~-sfbfzf4V}*Yr6)GAJNl!Zqz#_d-BFr^&v^ z_^aF)pN~b8koS2zEuHa>J?~foH@ToPH&_F1#D^QZB_LUFO+VBOUMqB(!#zly#@~y` zUyg1-eNb^*<^Ue0?wyn(T^;V^74G$P(cpmG>ccI-R*}`=_VMAC+{!wN5BI(raEJSF z%L)S0d`RUuJW>O0p$}Jv24pnch(?iQ>e@4KH92ueD`kGdd;Jq^$b1j>U-{UttfqYw z`_4n%zyBh3x)1Ahj#QJs|NcAVx1erk@|;Xm$et@x&()8@VF6hTCok?b(~$h`pBs{8 zpI<7T&usFiB2Bp*N3Ld$?_GD!MVZCzlI2Q=6T2-S`wesFwRGNF=e7UiFidez+ z)hm*u2>YRyy@_v^YTB1#|Al4W9lIXPYhKL}H~x-KK`LwZe5QWrd~nf+?srl@N^TFx zg~Q!A-^A|@d@orhakR^OG5ME~rZ>AYztn^}6sy=DZc9s+o8rGgTNew+3b>{{S%>Wg zv>n;pwM}{c@2@;p1L=NF9oL4b)Ee)}&h@Fi&n9*!alg&w=3sXoIv?5G-sA@%O?PtC zeL;q+Y)#5#C=gF2BN!jSjU=*iFE&fir^x1Bwku6;MoZCR)Fgv@LVie>$VvGBPGW!A ztJd>bOUJM-3zt6?PhVrR6YW7ZcR*{NZ}uB&80c8feHkmAIN0m-`S%1Q_4Z^baJY@I zI~9#UHuucmc@_$~3k^fjPr0UA#8dHju1DbJI^50J)c*rE zvbj%?e*@Lu&F84ylBD?ief#{#9GSBp?j-6TTXEtkI)(XV%imM6xfDID_WXuvS1;Q` ze9=Sbex&}!+A`nsXR2i9R`xgl!GIiphwE=SHckGdtw1(+J^AlZ&R^WOfoy*x=Op%X z+y2VzfZPGs#P>>UhM}p*=GKvP%6Ph*flfx__NA?faxIL%O$H^(gU0t_XWlVyF8zSz zZxox+=n-UdzaYN{9h;OcN27e^?+f?v-dEzg?zu!8r~cM+_A!PRGVd63{q2ZNZ!{m- z+xe(on2C16yOv#IR*6!#O zS?26P>wgmWXtL(3sqE>1TmaXcw_F^0~!rvQN5Pg0>>t-wySO&3@@pgr=cxN2E&e&-G+Xw{+>hq+YyT zQ?4_OF2$Sazel+J(@FcM%Sd#@0TsD3Gt%WHbi#q@atxYr3S(^YJEql<)Xx*#XcMggDZ0HZkR611L-m>GhJ>$<-Hj9O{>fP;d-+B?0x_C_wVvs zH&a%?jl`oZ(l9Gs+M+JVj>81V-|Op^Sz@DGG)5OO*$-H8l%&Y z&Ap9$A$k@)iB>MBA5Nh?qh74ExPQkXkSW_O?gngrMhysz=*ro0N5 zp+G!+g3S)}2eP>*9+@uf(Ix1xCiH8AM0VYo7(Z-t`pvX4?)W~|GE)w_+pTYXu`5I? zkj*{53Fi{^LOs!zM?@kYC&lM8i=B4eu5U#-nbHq#zT@viY?h$|j;hE#=;(Brjy^`4 zQHQgVr2+La{9ql)zBy5kf1!Oa>j&j0XUbD>P5XOZQ_cw*jck8Q$gfAq+3E5-$0qNH z#Dae$L zUdWl5avoe$9=^k-QL}WJgKX}e=IOG!1!b@$?K3K;{Vk&rpZ{dKi z+a_J!JRx1~JCXKTbzmJCbojoES<|KSvdaGE49S$1qg{WGIVoMPLraj&y}NC?%tfgu z(`RzrMR{0z5q%Kjvpz!;d#vqpmVZ~K6u_f|f zU+;W{@wcY)75Q-IT3qjabB25Ii^=lc(R>L~b>1sc4tJk>-0}J%zT-CPO*AL*Tyy1; z()GDfOPx5ZwFK7=s;0mrUIdAzniR-rI&N#|G zZ{?#i+eqHVzeypz*b%L z^LN3JIx^g6e#qwL!(9N^)Qh9|jyf;?dlg*$xnCSEweI_j!TsHbYwqvx^S3(OLb&JO z=lc66ezs#X*}ap!_-h@nE1WmD9ml)%?KF7jppG8yiVNuj`An0pvlcYv-f#8_ zh^ZIh!c19eakXBA2JkKc57&-^zW>2~{*$R2Ha7w{c>*veX&mkuz`II5=X!_al!r9G zay6Tu=V5;l_P82PQT(|M_4D|36ZzptlRl@xk7xT;1a|>kbAE24LAeY2Q6BD+Hmut_ z+#`siANQ9BtT;~0WWvCmpPY>C6X-b)_apK<&@S{7TG^iSb6TQbD09l`^PAj#f+dqO zr6*hyhdu3hb{}>r?JAc4n#LjHe%eF0;dtbDCmQX`rL3p!>)|>-jvusr3Dbvp=bu|y z?O{IL_4>w?=vT2>Qx@xv`Lk@7o73$ zxKX&5TihS`{%NPBOFd-!tM^+R#%HEI)N|IB@u>DUJDqZ7`x|~BQ=YWACJsk?xORN2 z6NenQ``+)C2g7atKX5CYH@MfqHRny+!((9{@8Q<8JuHX2!QyH;+xl6GwDoZ9I8>)S z%$SxbN1MfKj5QA9C}U^9)wH+vFpT{W?9KPp_ORH-_ zMtQjF$$y0oIh}Db`i6TEmo??uiTQ;3T*qj=`m>dL9bG&lQ?jSH=Uv;`qp-_Hb~&w1 zJ6mU(Td#6vX3E`ga~ywj;9ZD%dbp#=PeilP45aPsoK{Zz(jd_n+U;y)7T2Y4O?>q^ zlb^8vU=g;qzr%9bf5&H<^!Z4B{X&KQ2JR_S-8g7Fd(A5;vcki4zE1p5opx4=GG(mA zT?g-5RQHUE{&ptc4c&=`A-kRJ@6*l}J;HpL#ntlv2zGOk9S7Ur>a?>Za8F`DZsM!u ze*)$Ie;Ie$?N%w=dwjV6%ed3#mcjkl;%YlPkG;MNJaMS1oeeqV%;pw7nkhNcD#zh} z8F$*;Vz{H=hMf~*;`_ghJMDJ11n$R{zuL||PYg;taj0oKn?Hx~>~uE{TFzdD`MQT| zm$T}$vxRV{!!=3c@MU8jD*{*3-rCtB?7y=7(sp(Ow(oiTs%bl04)@Fl-FEh4c>6}u zr6IEGRWI^`&`k6I(ss7%v59sz$0<*CJDaf}Q>MTT$G@G3wzF%7@?I@$ZEj85*+RJA z!8Psdlkhg9Z65AH?bGFObR24i>~^+;Pdi)w81t16x##`1_t{6VI7Lpy*7o--@-5mV z#lKZ`+S$BCT+dltJ@1ofU(WY%oiN1@`aVCu>zL;caQmAm+?{a4j-kf43(QMAT#fJL ze5Og~y>y&B$Qf^G->B*KF)p_Z?tf;u+_Umiq!;$rdANEX)GZG8q+uzt0jBr<6q{SP zI8)}pjl?|>8IJ7&^puC2c_w2ebTzsJZCQiQtfMX;oFe(oJagBEJgeQ|lrG7X&NE$q z2VO$Lktuwp$@uHNUaOCXgm4< z^*oogiXT&DIr|pc@m;h$bY-rb<^FgoeJ)ex!3{gy+qp048|v|X9V&7s@OdVmY0~>I z)nA=gT)xe{zPIBWUBSEz+&qUH#EX5^e-_fD&$n93HLsW3h&>bMB&wuDR%XhD zv)uKfPS{?Fh9Wx-o5}A$_0CS0B$UT`#yZxM3#5)La>|*#UR3e|*C7_S2{vs|1lio- zcgPxfw5WU0UR}XREP!6O|&Giog4XE#$YO27G_-^YXfE zj zL;2@P(%*@v&5gX8DHmAWvDhs^?<3patIkcAG3aHq0u5rFtmn1tCm;^(Zb|Idu({>y zh=axb1)FBMtidCj+nam=($uaC@7v~l?Pgw3>y=41H~cpB0IuoJx)3{!@7)f=j0^nY zspmZp`|}>DY(KV|_A%^dS@sjLTZBGCIwNNO{?Lx;G8HXF{a@z#f_r^7a}Ek$PpnO; zFPh5MXG%G|NIb`!T{tP;zNK}dJo1_0)hDmt$-DNTvC$OWkSXUp>b5)Dza5Otp~#MR zjr%va55vuf|CPk`ZX=kDJzVF<@k4d`<8rt^TK;Ok*%W4T54WcMX3<90U$~HoI1aUi zcRjk*!+n|PDi`xH;WId!%Kd-?)K?7!=F*F;hOk%%on){yFti~uV25Z_a(=y`+V(wvlwpY z|GMR21iX9EeID)<@>Ea;1?%JIpb8r%_F{S6O5;#Z!_gHxTc+_ z$(IS(O+q#|@!N@i521_nyTA5Y+FBEb61Z*WyWDB;UK%Ab%fp>VehJbv`~~*TQ69YG zRGS<9j_Y=d`z*F)DCL5R{@y@-B6=OYghrO~-gMp@l6`B6w0t`;o>cC2iDq5$e#(?G zi~AEc;k1KOnk5MaN|JdpMQ$4 zT^^!v@9^PX_b<6IxbIrr8{plGR(ZH1FJ#XQ+K#rO@IJJG{pv|>F?(1$CH7(2{+8^? zl*S9)@?heS%U%*YzSW6?9p5szgW-l9L*FzE16wGn-p3L22@s>+f0EU4ptJI}X|p-N0v>265Eu zH}7?!%`Hg^%3!!={9xiR#KU#M6hDmSy20=I&7LPKgZr8f_l|$bmE@o_TIBkBH@wN{ z0S`BaKH@Px`~EYY+kI(8f9IR_*IGv^gnP5a)p?C6%xf(1aP2tg^E3Arha$M^;D#MT z6W`@kaQ`X370w&nqZhkz(D}kuFkkd=Ydl|=5|l|6SN&ZJ^9>KzjzhKP3*mkS*CdVa zyD(=HV@+lp?KjUqo1Yh9f5PML_tp8rjo5GY_*LWiLb&7MhSdqu=pRz#6PTZRxXbwb zOFq-2!_ykzHReAb$nA8Qp;9T)`UgIf-_l$@7W6 z*Iqw~rUhl{6K))IUhf|4#vz;QJFj;@f@}KotElvU_q%YvwzztJCLf(Deizb|elc?eBPdJEM9jD52U=vi_site3(9V|ZQ~Z)r;N?1=v-uT?;`&Y zDn+Z&I>vY1m=~GGIANvJz8thG>F@h+BKrm9vL{`Cw_vje$t4xJVe&1Irc*c;v=Qk) zzv4JS{q2^NaIk3qpgd-A&&Ec%mvOZH%_lz$X`0sqKU*?>ZdI{7DA&YSGJ?`@iF@Ae z#r7feF0#27U79Y}qWjT(sL84%nIGhN$;7w+8;NUa`@F>t2})nM=Dhutk|br=eTHoA z$ez4YiO)3Ya{+a~pgu>dn>GJt`&$lo6oL~?gKV&qj!vP2vj zaBM)kvms9^T&G>nct17qD-sO{WuIm4dCS7432KUL?g`{OAWhvyaV>dS<$8RA)$YWO z2+CD(DSGjA0k+*x4`g%uk}p7-RvzZhZNNpEDZj;ygFMUJ<=%zuI5Yv-+}Y%d(F)X* z^3Z`8nCq!+PJC@{`H?}{??XkbG@n!G57tNcHQbOI%0T{uZ4Ol;vtRu6ykpPnMcM`BIk+YcIhs9pLMx9uXhQ|?jCMU=k-cX3(8G! zY2xBZ=k@fw_4aUUIsE4JP*PX8TwM>l3Fd7cZdL1HyPW>Q=H{Irl&)}d zoH*!u*t0NKB5nH3b7R_t1yPK2IrEr%MpEMlF!8hqWn9l2XQF zZAK^dkJ;;Cg%<`Tccoizb-m_v?Ajxn>$o33RA)V`1n%$n8*vPEJxtI4xgKs+>tXc| zNz7^5>q|u!1!bn?udau6fjQK}t!h22>)^`kVR_wx@~g#7zJ|RPs5P?Va1HsvNYkAh z_qHAuy(}o_JnzO~6gE@PG-Pv^kbemhpiF~n%9S~9Td>t+ z%GE!uvxR#GWrvUbr`5F2!~WD&?%&sSwjJ0u>Q%jUw%m0U*V&4rK^Y4#68Ao_&Zh0= z)A00C$9$i?t+VA^6_iilnD#;Y`R(O{#C2Ai+(i3pb2EAc8`t^bSg^lFHoDf62{(JI3N}g7-E0 z&cnSRH${@K<-Q)YFDhtCSz#Vd=S|x<^~Cm9t_{kE7FWk-4Y3O%JHB=t{%Ky%=4QZc z{i0hQOgRfz!TqQB+UG3??tO60_(A9Oj)wVf?>{Mn`~vc{TZ&Quex5@lJ9$*=ltkprLG4XmHQZR>EmU}xX=Y2t7VpASHq zZsC|`#n;RSWWML#=ae%bDA{Y=I1J$XY8-|l+uy3X&R zuOlsIc6liA;g;MOly~6T<>7s7%aHA_DGz?{<=o(KClMplk45r>a@4DpxnI_RyTgZD z0(ZE@9oi&WrZf|I8rlB7H5rRuR<2W7Oy{R^(2zxs}t z`h61Rw>tjHz@WSj*OUkE{oAHq)cC%8xH+%6aX1*C!ss|;$03(|7jzl&mfzhz#o1GResChj)z;@ zAv~`_3 ze$eYdm0qixa>iFr1Rx%T#LxWZdF}Ot9JrUjHRnyo4^xTbOiwwhYW&dFDQ9;35FQeg zH5OOfvpFyy^Keaj<~M%m?87aFoAss}-`W~K$4tztLitSKK_=% zeG6`$b52U&+0W%L?b*A0{t?o&jbnp@+;NF1zmeANeSxLJ*dOqgJO0&i$(PubBU2u9 z997l0WRTUG_t^zx}wTJ(SN5L*DV( z7@zpc?Lle(w#(IVNfT^ad$?7NOJ?|R%i&IeYwEFzjS*Maf-3dBNgpd5FTi&cm&$ zUH`_1n>Uhmw)Jj&YpY!^g?lYrQ+~BwAAqm7c>JxZU6+Q5@tNJf<=-8Y7va`+yPiLa zeHj}nw(G<3^)8RURkiC49DnV0J!f=K2EwiFc3s8SNq^-BPJ^B1Pq-g-h zy^VKr?hDFU@45Tj2V!$K8i#D|6!LS>V`#m;(3O2fW*xJ@@i&;x^K%lH<`NmtdJ|kz zFP12epYbadxGzzD-*m2zSMxi2n}-QcV4oRW6W`ac`4D}oe7>_8_btAI=lk;6FG!y= zq}TJt-*G{th$|jnkj8Kd{Yz68E94 zb+~r<&6yOG%i-q4OAz;OVB=TL7V`PCNK*;NU5u-Zzh+!L*IEaP+#i&u;F|O1eJ-6j zZ#8``UB+bgBYfb-;p-FY$Se4>4%u;7!+hOFv<2yWiPmG|?-rjp6v6H3!`)Z|Zn+OP zXG&0(THJ{|gU@f?sLi!$au(8L+8yJsiLZU$O5vt|=*IVB_0y-mmGgN@|HOHl&i)Xs z7y3Lw!_=eQ9~VyzO4Q=k)_IFPzYKZ#m@8LKmP;Nd4{Anli^dhdoCp z*5z$~^QQ$RV~ZOH?cXlLt~au|RrPPF0iSWnbmk}F)^`6^4tKrfZ*BE&g%5Jy!$+>a z+P@VLgF8HNsH%SpIB~GcSm9&T0rTOS{8xF{(1Slpx={O1w3&>!#5 z&ootMzPcFhR=B3V9fECBbS$#ta4Pvu=u)KnQ0@Ki!ySL^@>@PTC?}S={o57F^JypZ z`Ft4Cw1Kjr{hL|OGHs>Zzm-11`ZHW}-gaJ-R^d6krhn7;K6ra#J;00~yj;6Ii#^JI z1h^&+I<6jpU-zir_-43O&4U;E#6jk;A7N`{?xY%U=lF1AaK~8O!7Ob1t>YZTeAIY; zrl~sXI5L<02yjh&AHq++ep9bE=kqg7W*k*je2d_=`qbst)_KeOZ%`&!TvOkk@Wj`y zZ)TiouCtc=)Hj(IlroE}^AF2mzTn|jHUF^Ahg%N!g3sJI=={SPm~VQxRn0$?`EX7IB~H1i|}IN;KMz!2HXxl+# zsd-NXmVm`uxR6Q+3u&%i#WM`K#ld zGbm%{c*--X2WD%8gl-qQo<+Hbt89x|* zV~)ReyIu}AAFgTFH)7}4AD_n_=gt3d$7g$6@6Lak{YG$^N{FZGTo3)zxcV{cIxFuP zuHU|K{xf8A_zox#mz~1IoRo~|O z)VH!{8K+wQ>Ule!X&m!D4pScVye((HwWjJ^2NXWXKAUe{fAu<`Exw-N@wck}ZKaRD z87o+q_TlE%fLrRrErk1t#r=%$>Q~On`TP$j4%Hd=Wvt|W_V3*Ca3OyBjURrPkRn&` zGfmaG4k(5@$>P@5d5b>JdaT9mjZe3t5y&oQQ^?OjPa=J9kzIaA`pk2ctm6KN@7*}W z*Kx3Y71`XX=DD`{)QgfA7^lKD^`f@caUvx_saNj$TU+CYGPsw)HU8>6*9XL4t0xXs z&2#PYDZjB7gR;o-SLeCDf?1P!uKK~s^N5j`f>P&)+Mnmjdztq;A-nwg&2#BIxIRy^ zjZb{b;r6n)dfj~p%#ep`Uw51K*IWp0QZg7Pw4Gybiu^?;n$xqjQ}#zEI{ z&L#$(J#naN9cQFZ97^E!@!?)v1MV~*Zr&TLUs&AQTE{7ed*IJ*d~0hRr*s{0u(-8# z-iqD~$}1LE*Kw{Ow!J;^t!f=-kx&0t_*PI3{l$%g&U4)ivnKanEb^&uvA2VAx5d@# z;~{Wsa{on%4>zNfd3(5~AF8c>vk>mFzq)bId9E1#*5v++4L<(nyc6V|#%}vC8s-D& zVPvpxy*e&I~?wTo80>YGvlbJUPoaMGV8J}?8;2M7y zWAhSv2ie^H2XcLdPC_lww4oyNM<(_^bau+GK8Iin_Xlap-x`#^EPv0zrp-esatBA{ zeyjh`KFlM(6lr>kb=4@jh>7HbX#4SWNVeiiT5w{YWd&9ClzlOta;F9$aqw-6bE&1CcdvbjsiuR@yM;W+Xt)-UoZKG#b9 zHRmn-HRF;$-FAI5Hs7M%$mX7zT1Q&m!t-&_S!hNH_qFcFJKHG_Q768gHo5-BzU8@A zaLswU44eDVL}YVcBwva&m5t(_s-t;d4)<-D2u)WYRKc^z&zZoxC-vHb@9 zglulsVAhn;dFU)O<1zL}9Y??TU6KrP{I%nd_apmW|Ee5^i?Fr1RmEY9PaKMO2IX0} zCJtlZy@+1%aDO9T_tr!lGS=7OIpyqy;rW;U6o=AZ8COfn-~HPW*fvMUAlu*e4F3_74=jJj!&`tB zdAP5Ve-~-m%JG}_m7n*f_v1Vq{|)w5?&kiiq?Etg$#1Yx?$5~fH@Sd4e@Igo?l;o? z1R1Yae2!d&esfPy?uTnq`Mn~CW8Vzvr%wC8pGc8|(c#E`R^tZ7zM5ix^1b1hczV|r zl%w~Z)O1}TA|rrpZfu_9mK%z0EClxZV4>+>GQb=?B-0AC13d9`1Y1|JmQw4%fba zOj5FBG+dJ=UzQ|kL%6R8=~;5(klc{`(a89jkKH4doo=yE9mDTvIzi({AY=UAa-ZKj z-t&8f{N9^BzjuP?_lo$vZTy}o4=3~UGf_vR=Z(vGP3gN<){#s2>~f^fCp3O*pT60N zgI&KeQnMr{)h!Rbu=_nZNp5hsCp+BfmWQNtT~_H+Ty(YrIz|L%6KFZ*$lOn+8Z zCrc(<+>f!-Ir?uos=tPN;PhmvGn6?bv_I+`CieKP{(j^5Yqwv8X<72M#SLMj?}|R2 zqs`TKOP$AO7ol@l7t?*jx_?XGgDRoQt_+%NzV6Io2RkW zd#zV_xcYqaH4azj{fikRc)9lXkL;5r&%rh2_HArGMxT4Q`wrvTC#WSl3iWBscg;@t z+rT+rcDar2n>wnH=pn9M~dNy75^*bPdveY)tb+IcPG*-QPM`PX;N! zeirLVuD`cnqxZ7k&e7(cd`z;8;xkRUU0?leb7X>RVr=^>`(;TtxF$`+b~;*)^i!uk zq<%%d-f-Tjg|r^bI6M)9X*{DRo({;8O%|s;zo+Lvmm_Y<6^UOfp(*xPllumCorx$nDIID%-KHYR~lr=Vz{~djdgsn4D4E<J2s=yy-0sW<3N2(_SVND><+B!#&0~o zKN}Sz+aG;T{kwejKI%amWZ%!y*(q=KIIpN7?E~DX-DO`ljVuTmUfA?$dcw%V5(3&Exeoi3D5_~_P5a}o)>^R zp|jAobGVQ9nnan~?K~Ii!ZECOIPuFkCQG_%!{DT^uT7Tgu^WI){P151xNVHX!d~Ern z?W>;8dDt3%s@uL6aPCXt1@>{<*T>+jK!=a1=;xp0_rHf{pP<%gK4YZ%&n3z7)|8RK ziRXOU?W>%WCD*{^tHjfMY@S7Hkp2B<+{?K~2aRP85)D6{_l9*ylVaYfF~})D_IZw+ zktI*SEp@n!uxW;lK{oe#^7kT5PaZ~W;q6+MRN=kgDNT~)U~NQ5IcG86fZH~al?B*7 zd7Q`+5BDYVZ=wxI`vZF)Z#$=6Z{6UYuTr>Y?dy&c4fjJ2SNj>8JC2iR_L=56T)Usi z?~o;fe7IlNfZNN5n{jrQ%=O{^Q3Gy)54RZZMj!6J<0_uFs^T!thnsg!mei?VIlfsn z;1>CC%i*2~x2{tjW>dLZz&zH&b$%Q_%;9(J_Rp_h%s4ko`ucEN{Y!2R+!;RH6aOVQ z5AIt&+*AG~Hy^I-S2@0?|4VKm+}3cz&WSk_UKiBU!wuZW`}@!&bT5j2nk2c$rAZ;} z*$k)M(e})Y?_+scaz9)%{+fqPF2l|M1;S{&ex zZ}ggW^=CY94LdtNxchg?=6C$+_vdso#-BpCSHd;zhT%^7AGr2-x(M$5mcLWs%|ie6 za5s_v79|yOUCS|hlt|mbiSoDFDcAORHvclN$1U#u*d2lb$c{rR@@FGWx6DkD4nEgG zb~!2PktOLFiSex3oR96{l&ecU+^fjOO%Xx4QrhhVAbKY*Pg8NV9!9H(MxcT^Nu0w{w%bk%d4|=#O$$x@04PYM3ubkQA z=#tB`=HDcdMPd3^@%M`d!+5>6o_?zNWZG>$PI-g;;gh-E*q7@K%9uW1R#VXpwBOj9 z`WoSP{)74;6Gxho^y%d1pvTay(gq9%XE^xR%C~GSF z%TNpS&7-WR9h=|=e7G_=OP0aSPMk)$5S#vJ2-4E9B*9Jlg8Yx@FSI(Bb?&>VOYAfR&i758 zL*BH_`n#prH9drKnE0Bql%Ico821!&)Q?P@_M6W9Au3_)8hW&jOk=*+wCxd$OGi?F z;e?%dci?ybVxIRu9Boct@*~lrw}>e+3_YI8{8z@PEO}o2QRhfw`Q0O)OqH1&wLCcf zq<^=QYj-}=r1uZl?W|!|=*Qshe<6_HQHkax{4@?;YLken({?DYN1MB~YqGTAGfkoPNqha?`S)Z=YQu`( z`!wt$s3zaL_}(nJ1Wq{qmqjkb{#tYcviecDa3CX*U{wYxL{FHo@`mfKAjL(uU zEv}xQ@6o?KKP7NmXS(x=Kf+Aq#H1q=SM6U?A4-=jq)G4dk8ppFxBj&14 z`n}gW?fzBd2O&+vIO=+nnXfYS+ktAtl>Ey40x1P|DDA1|JA=~ac?+h z4`j){A@_SL_u!f7az3gqccc%u@S!Z(12@O{J8!_-fVO+M`##J&$I$ucT(l0~wj5kX zifPaDxDHpp8^0|w(TQJlW|kauxLfb9!loa(1=;@Ib7P8(=Ces?CjUPfN9rG+Xy1D| zb=0o+IS;eW1lP2qGqGEYo<%md!z`YWfMTcs?ZUU{VVtv5xrTQ9t$3nnsz5uU`_o{6|=a#=fl+$Cvn>&1es@{kpk`bqcfrtwZ@A z^B%nG>q*<8DH3}(@xGCbE8XXAH(r}7I9PS_3q|Q#4Ok{K0lg~$E(OqcVeD-lb~%kK$&#K&y6u#X{qMuJ5a}s! zxM|bK_bFrjgL0~M(m!s0~v`1ibIndRZk+Y6@@PBQmzWyh)9>&fqzqB9>& zobTVA?>S-)`|nWGx%7P~!k)g!AN(%A*YfFlaUXA_O)=MXu@|zW5Uy#LUcu%YRF1S9 z8SWwfWq%^lbSlTq4HEkbbREuoXKj}ZH{+!&*$y`nw-9NM%_XQivbp)>hapYlI0l%f z+Rb~;?R{sDr@8NuFMBylS{>z{Z=Ls%Oxi<-8%&F%oQf3xf6@1R_+8)H=UY~1$pnk5 z&-TxzTs`RFE_QrXatZ&xH*P81ui-`$uE;CcyoKID8VBR=X7ZmQO|y=#BW;eU+>iD- zD_O3L{|56nuVl$7NAv6@C;tt$`_1DT3fbJieDWl0%aQ+``v z6Gd~8%{_e~YpQ52nuV6{pDax{7UOTuu!O%iv+viGvz(2rcVwqXA14l9@w;h{rOWZi z=Elg+LaWg#)TU*!6n3H9-;yG0ooh)u4n^;0$&YaJ9q#wo{E7BkRFT`9{AuVCbUteG zibxEfm+wiHwNC$MbHiJ*q+>HT4!yA%g=Qk#-_7K=p*`qVG<>Sa=2w!W&yPv6#fh&S zhvJVJSHm^e|9ajUEN0FQ+1#qmTk5^;z7P}Nj54mvn!Em<2(KF&?cweqpZ+-OVkjGJ zpbqz`TSs;cN|7?>{a&`edE2sNxW&C3n}O(IWc&L$`MOWgo}osl>{Z4?9g`)}Dpdj_ z6LSE%PH+4z-_AM}+=z4DF2ZIE+ON1G_Yd+Np5(cwXe=tBuZ^CSCPnlIsZ4xny%^5^ z=hK}2Hvh*g8Qda8iX3iW345T>Z^-sHx{UD*`UCxh3J+i}Z6r+!s2B53OSHe^sK-}1 zoXB5UvKg+a7jvFsyo#PiHus496j{S(n)E#fJC5Xkj;Pq@*zwJgkVIOh{QZ8qH?jQ` zeeU7@LO$u~1a}{fyLdlVDf_zmP%ktFn(Xpho)nS=a81290Gq?nG067!eDdAVO{gCV z&3DI}EuC^^bE7FCse6n&u8Uza13iOm?s?D9hofRN2ZbJ^ojxvAav!K8eVp>3q%;W0i*R$}XGEma zb3FF}6(ZZ;7Ax=)myX_~a{m?r&iO^ieL9GWaIC;Ba>$3xQiShrn2a3$kw zbPKY%U7yEabigY1O`$QD(Z`&YCfPg`V7U{A8~9sh|4+18NJhY|>-hWh%49hXyHk+i zGR#h2&*vYbv-#XS&(e%-x;pa%_B?4h+)piT9(I?b{vPfy^5=F=mZ=;cI;>x=Sq(a$+R4|9{dbX=fU=QA#t9}_ijx7WTYvVW1sfSu^qsBsLS0s zF|7x8#(#r3o}7@p1=sWs7hrQMnuPTH4{_r82l+-NoIeyru?ESqv!t$+UP?QBccQ(u z`}LxeD6hx6=V>%H3(z`bbMszg|0wzxZ9+4c%bksegyis6?l>>y zrNlnkLpj>qb7!YWb3W5_S1bSZ5qmu{r+r9a-J=#KjGu$~2SI1+9E8RkJ)`=C*TMz86KsMK$H^1^*_wYnpX_wzv_mHfH+sE-& z%kPaaZ}xD_dGjm3A%|<1-*AtR?8g`|>TtFE-UV}%hilH8U-`{(xOVw1?irGc;hOXI z0K7$Lg@^kK`OH_@pNv|fwOly1X~A_d?ZY~s^Ok=l{Se%U<8LQyx}!eGj_+jhOVKN6 z71Hyzb2)QuTF!jVTmDrc*#_72Lzj(DmCe|FhHUO{|s7%fHW=PxVLrHoNGc-0N2Dfj6bc=$;kMtni&?rKDF#R>F!=+8*!a@6>G zpNDS8H{<${9DPdd$2Z(RB>8Y_JHF*`pMq=0w=>_f3$o*2;_Fv_C;P-VHh^{=u8FUf z-(E1U_i(E!zbk#pZzMk?9auZ4?ed#{Jb088UIcsUxYOEyf0O< z8S9j>$88Mr0y^f=)V_&34;Q&PB)`G!6SrVL1hz}i(@5iMxU0y&i8O8E*zI<`#;(X+ z#{I!&elLGuNG@vUUcY~Y%@^n^WOIKcpY(cy`|-=%o3=OZppYzs8;N@&vJbWgqlPGj z&m4c#nvrjd&PKT~J9BlU`y{$KZEt`!C!Pj}Qf2!SNhoZsiu87_Rsj(52&VnxF94AJGplaIZVSl}4 zKNP#W&}c*`{{H?G$UlrU4rTN;cKOsegolLWSvcNuITstd{M58u<_%>W6RBJ-7kjuh zEth%2n5Tgo(UVMi3f>E72eQj$?>89Vpzl!$^Cp`&)RVf8vM+IcVlKs$%kmK+`30V7 zM-E@d{VJ$8vcLZt@|(~f=qEI&L?m`O^CZmQjx0zpTXQ|efAN$*DkNRnyWEyscQ8l095o_;EK=64Te*I-+Bs!K$A{z{ zIMFyYu?OxXe*aXY$<#-^&hpmBE!>w?jQz=HRkm+mO?#OTk_Ub4&#k6?9`=na|Nnzs zH`Ei^ap*&SAj%yjmG&Fx_sA~{NlJ&x-(x5?)rmt1_E8`EST*f4CWhpBANx_&w2xvR zJiD_0xEbO+56~I zWa^uaXTK)@C(0;g9RjUvOkdb9(JoH5t{2R{-st^|2jJ#74mHH48ES=W?y2O@M^SVs z>df5u=BEL?n;N-kNwTY-`JFp zNvo?Y#`w>jgjN%&^27vzDEEcD?Xifwhd z^~WWyZ)|RC8vS^#>+jL<+M@OzZYT2BGT+>tqnU5k{!IJyQYQ{JH)DE8uJ++ZYrx&+ z!!3gQybrf;4Y<2}xH%7oB;3)BgZFvi+J0*Jt?B!*i{RdBac{=Yk?1~;zf;LCK*cEj zoVA9$cjWX$`K{k5F{ZWSoBvQq*24AHi)TFCs_I49;o9}0a0cygr^@xB#KWzsUbJzz zcD*Q^8In8T)^+OJr6;rYOH9pkkxhL2@_7N$^k3%1b^XDVGc$g);}Cf`BpcwGd5YKY zb0B|2_rTfp;zK_F3TgTiuI_)U>b+MvvqIA8JeT_ewkhv&-z&1YN04ue&PQh>ZO%>9lKe{>Nl1NcV=E5~`=#I_xXb`fwe)Y}x+ta5!l)}yET$y`Y4Y>I}-019( z4D#WQssVST54Rj{nZ=y|Z#F9Sa9<=}iatd8o{c`l*Nmm6`EZLL3CU^f6*uwy0=r!( zX??}`?n7SJ&oVih_RPe0kq%IaKkm=miTZ>;qLL_Hmd=5gAX@4CnT4%r^p+J zRyE-6@ZpxjU1f1kh4&wHiHGa=oK_Rx-9Fsd+>kW6z@1llcw5Tf`)svdG)z?8^eH)9 zd-Jz6jXR~zUgrg4{|(9Q7Iy%)=^K*eaMoUI?k#*CbGQ>Y?rpxYd>-p`a80{24Vzi$ zQKZ~}H-7>1DsW9X)8}fHW53hG z-FE}ePeDylWA5wG@lKPJ#CRuzn;o=m|B63r#ydp|Lo$#1Gz?eo@4KEjHoUfCe4Vco zKVP9APe>qRNtL%LS37Z-WBHLVwUi|9Aun)qG@uNTVqaA%NTiq@dHtSj$YF0zt` zd*%O?DiLSjfgOjE#~Js*wdYIT$2MhS#qwL#d`ZTT%JU_WC9H#9T=BZ^8kqeM)ylMI zm9G1WvCGHKw1fIw|AE*HxBSs@vw5G>U3~t>O=%U{!6r`qx7UgCmWJdLxaNG{i`@(~ z*TY>zegJ=SCC6uw-CnhIxH`Ty?MiqV~^q?&-Gc((_Eij>TeoBL5Kmn+YQTHj~?#+ z#xiWaMBgHjDLRXMCwx%``teFr&rUy5c`W*C&-QeHJ*Lw{QVBqv@gNF*vGz8HSNo> zPrkza`+3-PN0%dwxcUCQ$qzyrhg9}v*yTv$Q2J6x&WGbIm&35J%TJBVg}GK#MgZK@~Hx%|JgPGrhu@w$+lcV)$K z&yUzNdB5WKuWH;g!)M%+QyP;0T3lTxx*O(354WmyqLKqEuM@>Ka$OI1j1$)zKj3-| z4M+C*DkMJ(Ekz4a2gZNPX-BkeTJ6-OJLn&-aX5LKLb4|6a#vyVCVB_i+)v1Vhcx}l z(Qpf_c2Bts&*LfMy^w^ia`!Xq_12&4DU}Z^*3&-BNqVm{b=@V5{RkiX)N0!2V87MJ zzHT+`BiIihE(M9NBlWRsh_aAf&tCr|MVj*2m=WT;epC!6_iC48;&9w*rMUI=pW;x0 z{i8ni$MQF;V_%B>pFZ~EodRt7`uJa_pb-u|Khz_Oh9ATCd7~ z|CDOlXJ9`Rdy{ni>2z$*Mb>$&bR81I?gi}3bx0n+e>J)unR=n)WWV*NCeJ0>+s#gW z)9Vnko|FGR6QD}mP>o?Dy{bYjsjl-=l&;CJ3M#2p{UvwJ0g=ndV>o?DC zxN<~d3{zpA{lk!Khik@LE8)F`-t%yM*Po6}%*XWfxem$rC?scGTbaAP2HcT8+`^AT za=*p>6<)n9JZp&gcKf{f&4+70sqJI~Cl2;FIs8dTe)8cS1iQN2Y#(kh+|JjzaWMX7 z)qva1hZ`vi$zqG!1m2103=h|D-rB?=&xczIH@T1NZ!Wyc&@~>e-}=+?Sfc#)^5GV3 z4atRY&Gosd7yUils_I37!?o*0$*1(kaJ}{777w?odNI!7+V!I3vyi0rb>nb5JbV2~ z+f{8J3i*5%(qz`3OnkMhX|l^%{ZQUy||FNif zqWmVPtfOLM<`W{HhvW^5y9wJJ=vQQO{nnp0Kba)j&lfpyu-BjRzF?lcpBsm?k63#~ zM{=RSKvC7Ki=8igV(LI|TMgi(mXQc_7Kr9Z+XBw><- zVv>X~L`5-`6v+^Z==VO)y~q7Nw`*oJRb?+R@8!LdDHaLk^hjq;y?YbJ9aDdn$yHWlBIZ*cAS z;dX2$Y^oz;IGS{@{!StO3^Kud56wK6Es2RZ>OB~`oh;bEJUe+|xi4Y+7J3(HZqqMV zkB2TsXQPpKvd{I+lmvHRNcxsmHIj=I_eyMxzXLgH?nvf%Msm*jtLNEl8f$-@9~$v3 zUfS2S!S8G@ z9SY&@eXW1LW4<3$1@jMN&U*EYKN0@@pvHHZyCUvoe`7ob$BsjS-}f{eGrqZ^cZS@A zOfcWKH_xMk`zZ7{B=7e|@*rG$-Gk?)O1+irQ9|~*4Y&1eX)>RmHQ{`{{oVG~&J#=t zDOa+kk!*mQmGDI5qf?XLuV~wuwawGyaF{0KbKKr@`Et0e`}*8V@kM{{$a2T?-m@$D znF%%do@4$Wjbw!4?!~*1OkFT#-KGPmx_PWoISQG;vX1TgTLE{u;_fJa3;tvsK|ep= zI+1o~p(~N~*W_ElZ5c9}a}$vH4vlUXXNTll!B*B|D(?AnSv!pF%K`3So|)an&lYgr zyjM_j7lm*|vSkTeTOOL9nVz(c%jVmmoc{o(37>M@UU{g38^6v^hgH~Ap`BJGr$Za! z?a@gn|D5D>s0{HpD>YkghHL$u*@bWXP_68GHtX-poWBI72{qaGTn_gg#XX9Bn`iPK zl}yT#%{NeWGntP%%S=uYF66kqbSO;AmfY+8_F*H>HG}?|@{rEG$;4aS_Q-x0+ty>- zPwMs|D?MATfa@eY;TvpRt9iGvd3Uk(*Klv){A9|S38O~UNqYWkx$*J-_@)Bx9Jn@p zcT{~VtdlJb=$kEfN7c7VxK}CeHtUz%2DH}emnt)|Wr5-jCml=BB)fjecD34^zp8frFcxqgR?6X&jj728j_VT#XUaKRsJnq~YaGiSDa;f4jz~((P^jdGd zmB)SP#SHn-<1VWKx2S%$yrj6to}MBru`_$&wZC6+uFB(XtpT@c=WK~^pKHs*j`BA@ zD_gq3ElA{uh~38)S?#tv4ZU=z?LM}=U9+VeZf}ok_pxOKxV7CcRJdEV?8P(aZXVa} zV`~`T)^@*8;qKXT1KfO%Yxl7^a7`=YrNiIuW83Jpy?^Z&YLG42^esVN%Np_`arfTZ z@{0G&mX{UJJRdas*gC*7!TJ~We9|z=ux~if_s80wR73kp?5_&3FQ}n?)?V4ND8&A( z8rtV$pL4VCzum{y9edNe*z4ckKDMle*>X9YV7crG$J9?--fLSf^Y^A7fEz5AeFEIt zmdpHoDDU)h`S@l+KX|vG$B{0V`+UVc2^xd+KDNTe$@|y}W7*ORUKq-RoOUO<|(e-$JTgFGPk zDRviN*U-C8yU*uM<&Wv_!=AI)eLju6I%vib_Bl(*f!XpF+&qtK_xZdR;D*g7+kHNH z9#_vNmo;bnSL}~Z>^`3*0dClQvgLO0xOzUh?4WEJ3fFDMMeIJG$^bX?Ig7W?r!)6% zX6&Qq2l85E%jY57s#cLAvZdu9-(S1WN51yUk;%8P=PY*rMK>=Uw7>a>WXtFf zZe}gGeL}buaK8=V?p6zKaR|4tWwvzYUe)H?HtW6kfk}tjuBWSj`>^8LeLnjJ{0)1~ zV)yxs3Guh|&}^xK8>|qU91Y&m{#+F#>#TQ3d@aI32qb3CrD7v-(9 zFyiVn+`U*OttT5x=QpZf=EJ-#kFJX=m3;&YE0&kI`B`zI_{ zQq$xx(#C}2Ic{%!UDAf~pt*tjILoc=eO%rV*|HI??PpHKm-Ep@$n-PgymYvh_&vyk z2RSb8DpI(M+uqpwt&7+!-I@6d6P%;6<%HXP?xWbuM6;3RzDfKOWWp+r{kX1vIAfXS zsJVr0vt^v(euItSZbq6LS<9RvswubhXxazGwdv3phUV5b9ZK3|OWUFTI;+<3&O(<5 zxDOJai@rdMQO7S*q^hMm=R4JVKiK7Mc`vkk%PZ18Tke9}KXHX3KVnmN9q$4|+TSk3 zd!swht*9fDOqI;b%w|8?B(Gi9+@j-YAK>=(xD&B?9=(M$_h;e}7LqqZQM83`K~^!p zoy9%&e2;q<{=Vz^ThK9E^6&7uM`Lq3x)^EhDB=&G7tsvV{rMDWSS(WfeTr0g?Stl) zoRlq-;db==osZ2j^fS`jeZOVDJ31A$M;*@LdqwQqF#fLh{C$gcal9ft5z5$@yBTgb zk9!d|H=qefbC(d`fOcQc91xOyd2e35Ix>v+lr|XU){n(JD_G)jD^JUoi-#qbhi2Fv zgEY6g@~|nSJQSRfEi>Ti@^CH85dm&><)N+TuPzVeXEMJroOJN&^&EKpzhk}S_wKmX zYacT9+eq2{nRiV6N*T+lCr+=OWa=K7Qh$Z}t=5wcH={t>j6vDbWQ5OKvx$8?o2e7X zj2$dryJWyluq9s8D7J|bIgQ@r}WGv9^=BF(#I3-6Ucseib< z-Unq$1-yPAy6Mso*yOqSN3?ej8VKd`2EeOb!sGu*OCdtyU~Zp z@Ct6tluCHZgS=<6+o^1fBElc z%b$vOOJ+o7pbbd#zOEOM4m(BU4rKhB-6K=_pTate08f@>%ei-P-{;kjSNZ*w=!E*o zylZ!k$oHt=e-T-JA??pw^`w$I)8q#CUdoogyfye|c&4%tX7KxS&__tO4?FJ?k>;p9 zItuk>9r~25ynDG#n)LMQvH2cBC(o~}b=jQv-v@OrHa$=uq`5{@6Y@F8+r5EV!i!Z$%!(?q#$DY3@zD`(!Tq8GVQP@gC4QC-B}$ z{Ovf@eZS~Ro@4j$IL?pE%iQgAcVSKJf#^7-xl@S0gMLK!-&99Bu-2#QG5V%MGk8w# z_Me(t^-DJ2mh`!GxR;HgHb`?P5`PU)x#$P!oBAf6xuYB8dD6W$u zgB15y>~`NHBF&KIjwJpZT8TbIhP!AM`_5YN9^(*hQN0{ls<<{Ce#TaF!_uMZdDbMs zof^W;-z7&{-s7jk*?UH$FB*X~cRlgl_oAGjBa!j9&CI$|*g8X2hj5(+IWkglZTg;x zt>#vjzRqjgrmwSi4&Na3{e1zR@%N(uH_YD#q{CAD?H2WPDI9` zO0*R9{~=xS-^i5lQyBYv?9Mmo`c`;kj-=e{_Xm4KBQgo)$CBH}evKn?*?tjew?99- zGE-W0-$^!6erKPNJbtJ;J4en?JkuXsdjNG6>Gu2Y`h!-V1p0%EbL0udGyT;|O(K%n zG@18z{nhjUFRKsNJI23W>t9B*WZvKT*LX>?e}&iQ$XW1gK5d25>cEJkHc#e#L0a8; za76ZLL0*rINKx0Fr2qY--zYb)ZU0g_JV$22v+eaNcqum1QHwUo+&hnm$U#R&WHOqFigscw z{8c?EIE-%`kSFGT`uom2L-shOujfb^Tzj9h-%&8pNl5$qB=I$9ueNSKFy;7EDV~`j z#msNa_r8A=fqQ~C-Y8i}I*jwj8!fRr7Ij3LYsMReoVyA2Me9fLPT_?qiSImY^2Qro zhVh*+_x3^LZOQ}OhWKC3)XE@i#-aC+=H?&Gml zV^RWVI{E-__zVo;f@7>4GCMVUAeEzuhv%E4#3MOvrXMb$}iJ#7w zIr2QbCfQnxJZR=C%+8pT#*9MzU z^^f~!*DvdG_|Bhy{kA@3!PD1YU43d5cKzSvNOY2W{ZptQjTI+t#PzA97>>TpR55zl7~S$^S}tE8yAue+AAm^gYtoe`yEWJ2V?Tjk;aI z{TugLWqc>4v)5mp*^51VUOVml!g%rlpZg{@6{r$v?q=dy$J0)sPABkAYW5loJjk7= z9qHX~8m_%B%-@tF_bYA_?2bXhk>;LsLPTyy6=*)%Nb1a=N;`cx->Mqmet$)C3%2I) zjYQwyolj&efUZWGyIaSI9F1;4*P;%urbzdF-TTb)f!lJ6>O|!U#eEr@6)3w?GIt{J zxo87gV}3@z((f>Lo^K@Oz_kCy-(Dt@30d``QuiU>-=-%;qzf8{w7{q(>JeiRA!X=^AE!dA~G7?hctIG@wv!^1sprJVn2NAmphl#xb3Wg0Y{A->TikRo-#c28_{*#VY#xV^3Z3Ef&E6z4@{AY5CIOR#wiEk>H#zH3CTLJy;{$YCCQ zb~kstnZC>~XMfeV)=^oaxbv~8M0=i@%zc%3>RAyv5gm@Ez5%ymx>QllO1=9xQy#AL z%5TY0QOSG6_xD`B~u!<%#g|uf1Pup(q)RzU5w2)XtxWJxmOaOg1$f>p(Z>dn{!D- zO5hF*$+yxAqB2u)jlaKPR~vt)7H^xrC6`2HuSfmz`%~lO^`vGzOQ<`6^`s|U=tg>` z^ZhKoUmRSYslTI>e`!>1{tviSa6kVKxTU?K((W-o9Zus~&u*A1O}p~ldlJB=!xiic zILk|i3ps8t9V&ZAa4(BW%HzJjJ1XBwE|1EkiW~fngZ0;Z zC*vm1-$6C-xA2Onys5Yatf$uNbuIU7&X4f8_tb#v^oh#;Q+IqiRKUGMad%WYlwKK? z4T^g>YpC^lewz+&jY*YTSQBkRP1f`0T@{scp77IQM{&#H&Qsj8=)Y-Nh1>e1dU5VY zX>u7qGl9n@q4i=MHn#oEx;iTHY5sbR;Qq7|+;_Cqb&2l3ru7NCpQbtbi(3S@2yVV- z7~G#`xz+7YTkiG8dVgAJQB+=1{@VR%6DgyneX!ix?oV^Bp&mc!r^7UOFQT~t?#_ku z?dUjkIO@-HoJF(U{b}93aY@qpsJ>A-MRCn{aJyjF6={FHWJ(;S@H=|Hgy}O)(A+|} z4=AqPpVmFVt?mA_ihfb~UUBXIw9x^s_Sfur*j{-kzAh>!O!wC@1^0W|e5-E1SNh%V zxLxn}D!V=^BjL93918CDvfS$Sdo}mCdcRlI4N>_NuG`a!6p|-;znA6ebm+nFY%d-1 z`bQ=Dlz*QY-0$UaDH`GXy}IJ733)e0uelNo@>#S_tvO1FZ2Bk?#r_IR@;49#l=y%NpXYw zvMjf@>-n5PQTYI_t;fNASvKElyDzH(?mo|^iId2YZTDqaZf*BvmE0DUE8yDlu%qgQ zGdL=*EAEb}7o~7xGyL^tKT*CiFXA~4GUe=CZ+vqu@j+-hnvCY;r%LCG)1>f*G@0&| zvwN8zVcSw72weURqfN&G=%!s8qZ_G3LsZt{GN<`&!;l_t;m{bU(73(z-6a}V#q zvoACV-GK6DGw;GYTp{1t88*+I&)86&B8PbME?Ff}xlwVaVDl<^A8BrSPv-s5vFI=~ zopdPVxsgfVDPB4lZYz&lJ~}E(;p+4)z^*pwyC@`m3&&C(W+s=1o^WeY9*Vv4P##hq zWI|MKg=_u266Q_l7NpZ*0`aNHgl9RLd@GFoeZFN)j7p{AzJ$$kRE0G6DCR8AMFUV@ zRK>fe)*g{6<&?9HA?Z-`KvWKS-cN@S*gS+DN1FQy@gLAGmqsK5Elx?5MO)l_TO5)O zS*6SqDej)w?1!2m&FwI9aj>}mK)pZ8%k@(SlhGxdQroO%6)whDlQCS7ormv}Q z!?3GOd1zGPjvsZssG1Vxo9KSMm<01#^di#!t|Y!0?b3^MKtoQY|64@fQGVBY>0rw5 z;a>Tzd@L$=Dej)w?1!2n&FxCO7c!xUE&N0d5!ElfCxCK+A@7=w_Ii^)lpMj>g}Yy>@aA@g>NFjT}2x@SlC$bTxTq!ZP(9Bj>58JP+57&!u-n za!@m*xeJJAT*fm{bTpb-CskIrWj^xIbXn`IH*5Hs|DDUy=c9Zd-tULb$EFDNMVecD zb*kLKITP+;t~YFauII~&W<}-X+1qkQ{Y!5C3sIQ>*Y@+1;XR9H2DrcTY~oGMnPA?d zP{|<3?7uPJ&va8aIeoKcGoFOoBw@ij39$Vf{TSf(xSX~KJ&Govf>}Hd;+chEcJS&& z#xUj!ymD4NCn~qU==)oa%_k`3isba|MtlI8ghr#03wY?x`oco;t<4?o^BY|rO3Rt& ze97m&iA@#Sf^@z;-G}mbCC?jBXS6mmRr)thPkbL~i&x(?x9F{?EL7Y}u(=7{iZpjB z@mG-vA9C!-^S0hsCD%92EqRCM3NQQquE6FeV}DgL_Y~qqXdJo|EqXy@VVhJbB;T_3 zbMsDf^WLZ5RNP0fc@e#Ww7)+SZ+Nxq@6jA1i&7-Q*u<6vbJX0bkD~I4;&#I30@MR( z?oi?rkO@z7Y&({`XKep>T=^s_ht2WR!Ej$hHR9g;_uQ2w%f#Ip+2;2P2vtkIK&>ejbDEKk-wlqSCY6uU~Va%xWrfEIjR}`EJHXiND}} zPbTd9H)j8!osTYt`L35nqMs z-@tiPFoSeBkniijo$uYRX>Q5yQOS5+ak1%&N{u~#%hrRf#CPw{bA4pfcQxso2X|>m z`sQzq%4LdsC3d%=X-IRwBwmGfyODLFX!$!LLv~J;0>=G)ym5$5-@+6}-dEg%usIb? zM4G#q_|7-6))rZR3wm&WgTGCNx#JL>4q0^^Ie5OG4yK&-!uC0&xz&}k{vq7*h$D9@ z?rsAjawxhIY3>5zpP;mX5&4~C=ULqQHcL(TD_pNFXO-lM36(oJQl+@fusa!zMVedh zX4aFUOVI@=j{#jF3+2px)gsn?1-XS;j?8((PY1(&0K1xSi?4RM-3D&Ut!&^h7WD5g zgYz!;c+_3Us=Uw`Rl!yFgj(ns1HS;51Q-1CI zh~-u{KT`i5w|&2QnBNbT9^}YTZ~6ZI3bXz#j1!TmZRI|ex$gKBfrD7>0svJK89=O;Vied^Kd0c zICB0wemWR`m+b(57K+RnQa9^**%BH!QOyo=>lH}A60>)-Ue zOXUd;-)8ske}eNamRs9-m$DNbc`k%&=Ux6Ox45GtDewB}8=QBs+}h5&6m)XrB)GPm z1?OEXx4L+?r!Fd;qYzeT`Idca_f73I+%Hv6_j5)?_#;t z&AXI&^;pk0l%4BH-upf`IPYS)wVijV=6OT`V&yI5{* z=UwtHapaf^KOKVeE|wcQ?^4bDNPaKcNyRno!#eWK&W~7bZQF;^%N^MO*GaTG?)=CG zxORTTa;uvk>GP?3KcweJs;;HK_`q);%>2mjaP9nv<<@q7q^z$aLqoWBe&nBWi~2e8 zF#?`q*vYtpR0hI?yGxz)@^77cRb4v)*QVw?G#4m%~1wA%TcrL+&h`JAG`j(iQ* zhTwdT;nrq8rvlz7i{0zb$Isw=j`g#;`JDCm8Jy24xZROiaBZ-D+WDN?`dJ2VzmNU) zAUL06{jBYLPTo*QZd2Uge2(Q-cc0zc>(BK4d*yIP)+nx-&ly6wvhz8XTitw4Rmgl! z(Or&A`NU5LGoMod*UslyZgulHvcEguul+3;$w_pvI zepK8G;q^n02DtTyFor-Uq2th$bA5kH8o2wqjlb_$f1h>a$mM=ISbqm$TT_1u?h`;ih zBWEeD_4nccx4QOWeTcu#JV&lk+(Gc}L(c}dzY>oOkI23#n7)lVZ=1f(eCAIT*ZSKA z`5Ahq&2oy};;*j*sdfSm-6xaIuNPt^idFUD9Z{9nO?Dn}| z-{!$vf->$*_P2=mt>`{;o-y3)0rZjAiWFSQy9Wok`vrCT;JoL^m5OWqeJ8-J&fk$C z{^q~WeU;+c^6*W7TU~kRc&9t=)BaXfIP$RKT7Pp!CZ|Jn{>}{XH|s-3<|?i!4@bl7 z7T`We+?0o>I0nnZ>ag;#*pX$5YyEvYz^%^T6^}8H#1H%`DVvw1xp<{NO5g>I5ohnt~`tnDG&0gBb^l2`db{} zR+qlbL;Q6HckcNcv{2U_KJA)dwh!XEeMH839OrYMLsK5Iy!c>j%sPru0q)@a)8!$~J%-HpiuC@l z2HyRqUdLDpcQXE3?o-&AeOj{v+;@pDM^)%+q`6H(xCLJ@{)OvaA@8NYCX;E1jJuQ5 zAuGz92j@&^#?Lj^lra-V^Rv?uzrp$_xC0qiTQ1u%r3u>9)&0JQy}$5&J#jEU-yT;g znSUXDEqCwh)8#z;i3a>_Mpnu>Kwp;3k0HKQ-~U7;bu{pKq-W zOiz@D76EQMFKrFFCf~1;FR90Hn|QvQj{S{jSb)2n_}3_{gnjKC$MDXO`iHppZ(Y6m zmNCrFx4c!{AH%ijyBl@~pu>=^7bA$@haN>jyJ)@_Sma3JJrTohamVYrJQRK9NMFT0 zXIh=a-*_*;-5ldRT!u;DleF6{4;64HD()(5%{RO@1h}d9uqOaDL?4$YbK83LLi<~| zhVr1&H;SF{YJZM89rB33w1GcJF#eV|*mnPZ%iezamcw19xJO}c%I|Rj?y1DjK_-~; z+x7t2W?w-|#m)Pgeh6;EgoVh(*j|BdLE7J4FG`hXIX4Hz%US#1n03S1Zh2ViwdFy-?g+u^WZPBF%k*_-ynB3i{hWgq#1ZBNr*IO@~DRZY6P>4%0{z?eEAC zuCv~e{)+oO_J5)}_a^(hH}PiZa1`{nG=wYPIWkIdt-r?vxYhYPGlW|S_ff^|$+rwm zIXgYT-8m;iF5p~E%URI|M_vx$_WGAx`QG6>lYYJE3-2~`SAhEr@pf1oCT~DfSa8pUl{L9 zJ(_O_wQ}2sVJaPLyOZ@3&m9$aPwe(Xry|XLh4_2uSM)t!&m3YRfw-nFp_+E*Wlp>@;lzK zN<%u6Ofk<>n%w2~Gl%ZVy9iAt6Uuju$zzJU7`s*I8>G2?2c^rOoZIa|)_0@Q{Y6%L z>ATVM*Kk+3SSi~rCT}b5CKjUZi{1W6bI&4v4Z02eQpP*FM)H1}5pMc68tbNq;ZE_m zrI`<__teDyMVK1T!8t>ChoJxjgJz&mT8ez-osZ`&?Btk)UOuEB0?UxA)u=yCRMcUss53?r$ zU4eR_)rZsP(uSFSX8C(=zo_RI%AzqD0yoda%6M!ZNAr;8I+K}GKt0fTXwnqQ5^K^8 zR|dP>)5+v!sD-Q-`~Q#nB1ngX^*<|LiIW7bl8)4<=bvL^yRp{bdW=0 z@`U2Xus7{*vjDdh@pj0BjvOa7=07>f^-YhHD&bZruDxGBEx@hq{d#`OnEVmKJ?CF? zOW`*A+Hco;z`GTV3vds3EFx#2d(m*zocE}fwqkz`<+qgal4;MHQTC{UiBQ!hCSBk* zaij7KHm01-;;8ejocKG)1k;{vZ{DKth?v}>xF34lW&e^}0ryG8y=F*S!rxT^uC5m~ z@i+g-m@HM?@8Fqwu`$5?lX%M#5{O{t-L{tw<#6k)_1oXf$LY^e9O?A!Lc9=NjXqf~ zQr4Ps%sr3EuZ7&tEf5LHqBjb2e04M^&RfnJ?{Z9<0#{^32(O-S>~0q!sB964A=BSrn&k6 zn>A?XCz83B5buwMp+Ttoe%$wQzhm}a_QBte;PFY-zvgesJH+I5xHi~zaL-_CT17K& zZ0<{H`W|@ac*YIz8hXIz;JlAkB7Ob2)0qE9{ZJoN^&b1OPsotc=IPRVzPo?x9mf0i z`=oJpc!%$rvxc%=O!TqVVLH90S+* zJBjo4pQLP|wn%g55U)Z9P3OKC%^`IfrDaO~wMS51k4f$ybh#=xJ0>gOn)+q#SL-~*a~G6{GX;`x`vB<)+@-~3pL4Cs(5J3X7sjS@c?wMNG> zuGP=umV5n{eoj&e_b|=HZo;vt(vhR~_blRL*0|*%`25AT1DacOX-v+BYwN)!*cYK& z1Kc^p-$(1vN~Ha5^oHARe?{`!a_01=oWZsI!6s~WoU}%6 zJTxzM$6e-o6E=ObE|1B>a2+nOiazZlY}TT>&n0uuB7Pkjj&4I$j0uJv=JtoP;oeAH zGS8DOx1di<-hgX^X}7zPZ_}`?ZTn)ri&6&fd(Th9d>YPNv=Hg*Z#^+hzT#XJnlL+6 znzvx?i|aReHOK3>jGs1LORkJb=6ZiT`v-RQXY$+zX>LE_ccA;x7}W1nz5`n5a@(Hf z)-!$mC0EDfYQ?qwR$!~S)%m+R#NVQ#n2b`~4TkqTZ3EKWABpcgi#mb!M_JF)&&>4v zJ;l90*Z!9Gi^*!mwf;`PR&%TKxBh+Z{D)58((7W9{+*w`FTi^j)qf$GJCFDZv% zvtDxj%|CTpf2(d}epPX;zvs_R=2qu#s}O%HZi>mViaP*a33?&G&3=(Oi#nlW(d_=z zhbvrvI}CE`nNHt=n`3f;;#z-;v8`$Pb`SA4@0OShP+aTpLji7e{#JzeTUH#C@rrBx zO@FE8{tgN8w`5REo>km9yq4&Q0QX>?Ii16~i&2;JQ)N1BjeY)K<+bNJeT#2n{!VeN zzn2BL)s=_oA^sK)j>%VwI}D!jcU*v*e|4I?z_~Dg(+_a(MYO*KLm2dI@au*3w>-eD z&fmo${^s2tlYJG}rtcR4ZguI~FvMSHDE+14T7S0&xYhZ)CB$F3gZqBPwf^S3oLtVT z^S613zg2MiD6aMQm;kpre;f0Ha?@{^e6#&U#juzRRa{#h&JS>_D-Zc0{+17qNvYym ze{T+OtMj*Wh`*&HVlqc@C&8P6z6fy7n#24%8i8&@Z6D*kOFSep*WdlNZQHY|yJGUE z;#z-S$F`>JS-%i}D@Mhn;rD*MSPAb}VrX)s=_& zA^sMRrTi+cP2YyECi`1m`pyjTw`yEWCM&M>cR+w!oxkft{H+)tlUEei`a3bet$p%eS3du)-zu6 zc$%!jR{NU(djHg9J!2N!lNHx||KMww-&Dh$!tdz&GUKZW`hG7D?iGqVj`gu7Up54| zTZr2bTsP}dleuMZ?}TgbBhC6t!` zB>h638y33xR_fjFnEQ0wFUpjde5SZBVfPmL5b1o|eIDa`bR0Sy&Ft)R(+k{ss<~B< z#$+p8$4k8PE=rSL*j5?_x}=QF>` zu{mon%{RbIS?KBctGP0b`x3>CVRs1XhBWsh;%iX7H~1bJ$KFNE0~Wj7wO&82xn-9vd>z_(0p%EJuCvq~A82mgGmO6!_XKRtLN_DL-S6=w{Sl7V9CNak>2lZ|iTtEY__k z?n~IbjlM*hd%{~0IUik*`uxb+AH|g++j8??jL9s;eG%DaGVcf0 z>t;u)@?gtv)=M#20@t>`=6gBcWBVu4T(8=Q^ETg9zL7P`yZiH*Gd-?eH(Lbv8@NoN zNdfI&3+&nqO_O#UHTMJJ>&>}$xE_vO&*2%>`OGtY&HJ+%-RM+bYNvX^%aB=C9`?HCeY+i9r#(i{TkRhY&vz&Zr~Pr8`IM=S##tMjO$3)Mp&^ zm*>;Q&))c15%4p=JSKO9_*r++Kl8H`-VAsh&4n|MwG*5e%0t@Ertgv-=vLGh&Hj?- zrO2$?DyM!$_~k)!Qsf!hTobYuu#OK7u-Sy_ zE=%Tq&RpX0oI4Mlj!b{!U}XB6<*I$*mM;jRQ`^_<^ePXY3@AYAD~ZB%bhY3{;od2EoTF% zx5jUiZOLna+M!Zp0+p1+z~w4Qk|#k~QWVst0c z{x-ZmRUYHqEc6W0+^%8V?-++E?(5imh}I#^JuF^V4qi@KLr0;iBbf(d?%nvi&|4p; z{jJ!*dJ?!1FW)Z2<|=d}(%dJBzk(K{caeE-uYJy6;-#-1=N4A+JX-nt1vVSe??`j^ zTS41~PD1U`(xE)`zTJHmH!vg}W=&=p8?-y!}Bihj5E* z8M1a$x=iu7`ni$wYfSc6+@{#HLG6*|_9A{g8jNmXY-j3m5o_ekv%^J-`&YlaDJJ=F zP5a=`(2m0H5i}cVZsZG|f1`ZV25otq^rbz^JBasr!{w2mn00sdId{=-tdE0hgLz(J z`o}Y|)$Msr*AG;{y9J)?O?V(xc&~Q|G;``)F zXl$hK3^TXNNE8H_&7>1`V9Y8q4}_ z`_kbww_VilA1O`EmB=stI>y*a@*bUsH1{LozoJH~7$c(o1Iec|sXyd@qc7b1kwNeC zU0d(^i|Xb|3%Dj-O*jUd3(>_$bB7VX7nv}&R~=bh$g}<)ZoM^i*M#ey_Sa=pMRHl= z@Ao^U*iJ<+BhB4F{10<(HSZ@mB~8qGto!Zewu^aPTz~cV z_!^#SVgj=$;ZzSQKM33?u=5NAY8=jA#L1^kuw12D>i8N^ntg!Rdg*X8$4xESmq0nNd1j7XhWYJGX>P8Z05{9y4l%YTrOLel?uh%+dEX{` z0nwQ!a}Pa|{((6PlW%<{y6uTzOojL*4cCD`;<|%de!S$)TL$^Bv<+q`AX4Fu#Z{{GNFxRDYLL**J~8 zAl#3bHHD`9UQPL}qAr@?9G)wmz_lSVgX>$AChuTte#L7S)0Plli4y(pE^dAqn-c7Q z#om_xb>?@_?@0SKgLZV+D%M7#^O(2S^)=5+N4+l6X_G6_-~DuqW7iV3Mw)vk8!}Jf zoC&QzbK9+~cyfK!?N-(ixpF96Ct<;>Az zDjlA~b{={I>2&y*cqKC7dyb~fn*KcNIk~@az1_O?Ieu*Wo07JOfs0ZqfW?#d7eqZ;#d5qU?J&C_|o~rbiTzQ1`?5-yw=6l|zoxKWM&GoJ>aWL>+TR90u}=#PKz-4qS4i7^(xrrXi80(iuBEc*_Askcu6zmC26KONJA1pH z!PeF*Zs}^gPoM~1>K4DAJqO3M+vOa!pLM&Y%6ptM!R&Y1-uOG~B>-c6CUX8!^62ev-g@>O(7t{kEKor=w~Xg1RRt|9&d+Vy9i zWufL%$p_|8Onq4G<(F<3vQEpD)8N|B2%E;J39{+R&r+`^ejBp)30Y_4$`#6P1V0;t z_V^`v{Fn19W4}$b`KW|CH0Homai(WT<96yX|FgTPbetW}es5=9xClrURE=cf-aEIf$Q` z(2ApeK4;szr2C-0xzZKxjxJ|KaIgIjxW#Zst8~~=<*WqmbBep8@-3@hu6*<#q=N&u z>ObJ-!QJIgzx?i~^v#FcLUE6#Z2tNH&-xhW>hk*~{Ypo#{GL{W@+;TTPQ%^Ng^8-_(n4UcGpCOx^9~ThR@SyA}6M%0gIq zF!xJK=DPi6P0EAx&y@*^dn0}B5pzVIV-JunXXZOe7kU2nu0cJnfIC}pGmmojKVO5b z;jU(kM5w#}?d-wxxUU@>-p}iCT>g!@@-AE_Va}QdZ2#zzDw6`-FNlBRaW``;JC=Q? z-g}vBziIBn?6@<3K(4HWYulYq8K=)`${+d7^>>Zu?|sZe%;7%QgnEyK`>XF0%Hig4 z#ZJP4fjhi2M`y^c0q(8DN1(}Q95U-5?R{hYN`HN7sYyIS<;}S=6mAnYDnDTp{heou z$oz`+_a5TUqxaB!WS(Ez`MDt;cbCg}e&rS!DIJ_EKPrE-w(z`qVjaf%$=vgZUyFvK z0cdSofB!`X@4j3=x5*pI{b&m5K)E&HE^HRz=v0m-H9dbbwh)j1!Moegn1%jYr26-} zb6pR3ewGZ&l|56_{~Dim;`fc8mvhwD|2FXz=m)eGtvf}KN*gfeqUp6-lMUZqfW1# z@2Vrar?~f4`*7Ue{Xy}#TxnFtPp>#OeV3%lQ5F37~kJ}#Z*&a7<68%Po-%i|%P1zZBWD-a1?^@!&qEzy4# zecGiQ^>v%)cmp|S!W|s9SB@&+z5_QeVZl5mHbX|I%0mI}X5#fTG9`}oMPtt8eG<%B zo4#j@*Y28iaBLw@gsiE#GAYx~r|#H{K%t@OUD2jA@KE-P%Ond&P^>2Ev zWYzQgpPtx^L-!-i-AX(sk|`}vQ>5FUyrFK|>h;l8Wt1zpHXRDFG5+4gQFG&&nQ|yH z;Z%-|Ph{S{L-IVUNr!G;Iut#hE7KJB0&K>i`;q3htd}XrArsEvxY*2xwom4sH_30; zvtG=VZxr`DY@Va2T+UH*OU-#S51IAcs}H0f<|0kL&GzQ2jK50~f0?xnFXc+^PUM^C z{}8HHD43fo=fbo7WIul2yuW)eN6i~c zd@6bd={C98t5=p+_zLwPgg2{(yfFb@(W{hybG@#+%=1%L&|0L^v3LDU8G!CXqtF!c zrxlHzNyn)kvnl1&j=#$0<;r38{dAm*P2Qn(%@oCt$?qR(ply%-X)+M_CnxAjkg=ahb%;b*^dc08v_e8jkXLuIrbq%^1X>Jwq zEhuMK+9@;!13TVae7`$}Gvh*=@1-kplJ7%sCUT=4hTX zI}}3et2vtWv||&$!T9*|TuJ$#@9$06n0k44fcqKo4akJF-RMsb<3HXy8Ot{QPD%U* zbJt(;90;!MS8V$J*}z?A@K4jX815w@+$?<3>EOAMIMgKHO5l!D>Cgb){^*bZ_cG%B z(MU8H>2kJ3<=b-GU#%j2ck$Erer#SquORL3kHr5#8M`x{*_rpv9N?FSIbJ(p(wAu? zH++>V7c1`0*tJ3(kmi;VpMzGRkI}|6{Pv~sB)^=k^!zPfn=51B2J`JFY&F-qVU9JK zf3JYM5Uwr1zry<+?b#ridlhjL?&Nqo(&G&I)a_sOdho1o84qRo{p$>DK1JUk?eDxj z7-OQX=qFUw*smA;zI5*!FPiJ$-<4G5%0{@h{qC@5rd*5eLYkY+q;f0N1$9De9iKbK zYinEf_Up0pbFO6X>Ze0J*0FqhLaOw^R&yQBU*olt^Wx#pHx6v-b4%c!370>g2$p+8 zfO|v@xR12=x$;Y{l!W*@B*3k$zeR8thWLATfLjxP%ap&BaMO0%Hhm`rxV81S;MZI^ zNR{8=m8pq*dpy9M#yb|DGq359>;%3{TR1DmhW zw@7na?wu*eBNMuDG~5oz_VMPZxkVC}eH!@wUW!fAA5&!*N6r0!_-bUruN=3>El!Ke zWpJH@1zW!M$&`aoKGNJLiNAzCKyRQ9?7whYy8c$Ee$(EENZmN^c=XGIxqoA#KvrX` zxz~>+;oz9ip5M{^kWC9c?#qY!3tZd3t%tYszM0YpX>M2Iz0eRe5SeG-<8OEU?d;P;!p;M6N z&LaLUGNF>=_VTT0*SOpR*M<$)WOh!KpE;VM=#BeQBiY=SBQusZD%&kCv($B(@#362 z(&f~Ye>Yw%hr3>J_vdd8dW|)59QAdcK>SQ(Li^LVzs{+A_qgQj>F0~}w`IBeJm8;> zZ!6$-Q`|y)I`WBhxiaAINaFW<{!Zg)#`*UCA*_7L9&s53*M{e?nTuXSI$ypbUXYV1 zmE_6l57=MOC@!xkyMFv^Ai5uMn`QGe{Uzcn&?aQ_)cCQUv6TsV(YSmG$CkHKu1lBQ zqul=>n-6>Noa1`V4?@GxV{Ew5bU1gmCLR$>p~??vM~})_!r>7{YB>3-0(3ZW-L>d;96o z6yBLHOXAyZy1wo6aGJE@XC|0*2wTsl=OGIAkIR++0k;b7jQ@aJazI>u{|~r%P2zG2 z>l5vKSHYR-Nzbos`+qj)FGeOb;<>GE&ulwAjt1Da4^?n)fg4F!_-o%vnM*a4O|;8| zx`}_ie`<37EluNcKU~xP7SnJaMV@y-=OELLd)$n>i7!B3pytCF1M&d9;8?z$z}Up> zFut3nX((w*L@7} zGtp(J5SjI-3$J577#}C$V?KXek8`9&Ty|$4wGGzKf!O{NKMUctRJ>w1=DFJ)9924| z-%ETNdLHTia5{C>g#5g?TnNXOpLl9&Qu(p@T)r?>7O?KYgqo~>kVE2(D}C+{Jct_G zl=r_QosQ=FlXLLRgilF{u<7sI_@anInI-@twmGS~gPTQ1!NHij9v?)l!> zHtRe0`pe+G4$qF4SMmEBP)e?w-yW~-H0ERX<6Lu8UX{F#V7Bl(}p4#k=?;{l0@!z|BwyB#Z@?%>s%MOjpw{Y_k79s<%9f2kwef@KZ zzl&C*$gQkzdLUA9aTuni51-M?aCk}T!#Iwjf z{pY#19j$2U=T{NjhZWa8GkCWe?zFxc+vS$SeIdYI0dw`=a5r*3$X)BDgZ4M;gt)u| z*Osr}v1_$|rnEykeMb|25Iv3xPfwGnF@L^sj`#dAZGOsM<+i9}oO>^y`yO_tE%=0^ z=6*{2D`bNCK1jEaeT14@1vfL>FAp}~)(5x=p!ZKr@-3@VTpB5^&9@%|+%2B3X$NeZ zzFR`lw-D}1m2ZWVu^y-%_BtK3zghfjd*!SYZp#pV_Xu#Uzwr=%8?ac%lwn;Ss^Fdo z*WNER$L?6vF~Gf)_%*0MI^iw%docyOx%d5TJ#M2{{CZJ!Qd|Zoe+Oe{>hWlfIvr*a zH(?&fxyYnLXH)0cH!#NTk5~1r>}1Aoifh-ZFAH#O`u@!MAFoZWZx!BrxlRYCb6gfF zu6aL`8E2$7N%q%r_v5^SbiUPJ;O^1U++w(2D{d=nOuc9q;GRj`gdQ9(Ksp_IhUA-^ z5|^wTzg}F0jaegjGe@1iPZBrbMUFF(<}Ua83hi$N+*XRa7#s6keicW}J*R1=^g(^m zC*6|U$x`q6iRKoc#ypVXzJi?@&%Db~a}&<;PewEPXr%q^y2|a_G`FyTajfFne2ZbL zxrY-s;TVp=eCrsJZ{={GhwCJ)Sj&rDKXfvu79Geu6EgLz;~nmE zq#t_u^`iKUxWuA%o zO(E)qH1|&86VbzHr%UUK!&qcCV=CkC5HB72!)0keA{2LxOFy`_Kc0czeDo30+>sZh zN=kFaBB=Pnf|bUEs2)Q#^Cp5pcw-MsN+1?AUroh##fO4#S# zi_O#Md8E0Shi1y&s3mHS47b5WZu+kG(m`{xisBN9`StA#Y|QslF5sxS{fOUzOc=#c zuOl{f&IB{>K~lKknz%Gk+_Bh9L9ZjtjkUs0bOJgWnRcgJJJ;Xtr@QT>X?IpwZr`|^ z1=ptUi{!KE-!8*ea}PL<=fRvaVN9I4n(d5#3*q)v{`SXq0xAt~KOz1D+PO9N!zhpS zxm~?=9W%Z5%%nrQxyd1vTo;$Iifh+(G{RQ<>;AU;?}vZmZ#r`twmg)=eJX_O{7Y^b z+&AFb`|QT>+M%-o+!ErG&@;$<&pvUV<+Z=%UcQ~kkF38{H^gO&;x54MI}|xAIURZt zzYRTyo5;-{fPl+iIgQGR;|C0Nc;N}@w7HP z$3**}g|v~jo$RpMtrw+BQ)F0*3(C8Vc?{)mJ~n1t(ut$yzBh^e5}Y&P*?m)z+I6=U zZ{4cXA!{)67>e5yThl&V9pDZkKE~tT&vCo$!;rYVs<@M}c?Qiw+TYFRrptSrTZUfD zNlB{5{k;B7`&$b47sXwJ-R~&lh-7Ya;zyy=&HBNPlNbLDw?F5De}Y z{fn$uBIx!ZYZT8Rl)nS8nblNeC`X-dqlrI&On9eNayc_h6LdP1z+DX2*5fJIzKj+i z&E2zYro>Pa)UzMo-%|b1mv;a!cIU`rlDV~QcS^?bTuO0myVE(qt!=wgJf3o8_jXyT%=MK&T%nQM_^?w}iD$x4{?fmY8oF9)rCOphB?D^1M{MfeJRdBn)brKdL z54@6^w9eZ4`xNJABNKwpW39g?Uo5xu!MI!vx1r_UoEDl6&v5=FWP(WtU5+fbJ%9FW zkCXpUT!yN2`1Y_mN&7LazkAH#n`T}**!Shx`(Mj7&&lllZw1^*aBaS=;#$Wx^`CQC zZWZT$_tL@4YwB^G^$^vi)3zRuRqXS zc{ncb!*#rLscF7#Y2eQTSbtZmd5bc*>y*Erl&8w(M|rV=S!O`bmuK}I#j|PsJJ`I-@-@Z^2mR{t%SQ!aj)h&2ckQW&bLR2m!TJs`EH;t zXH&g-0G$rykHvZJ;FpI**eye=k>>7xQ<_}JbDz{>{q(ivVN(dV0 zn08&4hq4fV%ixwM?vBd0yeH%GwBjB*FI67EuNeVB33zvs`z9-oQ>{th0HCU^0(yEz{mKXeW0 zH;c>SawA+@&dmLdau>k@B}6b;{ne+jKDFvqMSSL0)~U z$$PO%;I8}!{_1wpmIvKV7Cgr|O8IO0i-{)B1LeW?Z?iZbYyMlI_080a zH?Un4;66{;HRH1{IUlSSr6KjA67G?Tdp#3FVdcT}L!->35urxq;rY09{|~s8a0e>x zO6pY=*ZO-P9sWl_7r4TK)3qsh4LTM%G%1V(`HbMxC zB!oro;s1T+oYy>a8nvn3&*$fO&(8DhndiLs^PV%oe$$nQ9nAgr{O6mzhCiJ z{No~JFR-uFaI@QSz0rY4%Y)-yPkt_X8+ExVOD0{)JyHL;oQAJ?^Ec(X^^)@W?0-5y z30_)7`*3VPPUx`Md z+t7e+j00HHEc%My3-kTlp>N`S83hYjH;1d^oIz>C1DiSM6=b)2!$g7ku^Znhv+D6#g?_bm3St*1!51wnkg8O0Jb=uPXu%SgkG05w9QFIx_RG~%XJtwo&S`4T(auxcwX*vb%i;b6H!p6%Tpt^KZoXH5TSERR zr0E5Y6L_~tpVO1q4fVNWSFZA3ZzA=ZC&s1alWWVX*eyfW-@nQ4#f^ccXphTTUp*@E zzNU44f2RJrb=RDwtVbGd9(MZvqV^mucNrTMhI8&AG#ahiC$a7-2YB}tZ5#@h@w^gT z*WSAONWXUVp4)Qq^}`fD)MUSU5!_3Szq9b=md=^-8b|BzZ{!tFoC{(tno+~&$_G29Q~y7pxm zJY9ExFTnkfd^OUf>+Y$z>HQMrwdma@@}uGYf^B*y_G}>Q?{(yFK_k(y`TXt=*U8PR zhx_rg+`RW#&pR;D9?Zv1>+MpGmh0YouKot!d+zEjMdY9QRRQ-XxNhF}F}$Bq+DXaW zGu};?V>x#UdVYQKy5NA(FZ&a0@t+%XJJ=_Mj-3&PvoUD_p*`RU$^szm3|y- zdrIOU(!ND1le_VzP zzs}p|a9C5;K74NFI-ajPDDl0z6!0tuIv?5kay9v4bO+LRt{3@x5n_IQsr;si+;2Ez z_?*V)363T{8LyFFf%IL0tEew4+v~qV`i^-j_O9RggwIr?tkaUe-vQ(`9mBELeaZEr zjo&WXawgSHWU1kvj9m|O5wdZ6@}(?!mU9cyTx9FTTz_AL~QFfYNNgwIr!~jIXKxP zEN>g0^W&Xl-bQ{DVfPz$uK#(T&wqy2ARCtkz1U}gG#$iI-)pes5uQt@J=HR%sm;z_ zo2;KHZy1(+S|+ZS`+kRFYrbE4a6F!~XIR=|r|n5?>edl_z8mU?tUvX8*O3#^AapS* zc%EksSYJ~=3jFp@>-{?4h0uOs=?gaocM|a`!DbSgj4U_(EZQlgsgUE~J4A|?q)Dm& zJ;(Cl(}weVxBm4HMZz-7e9ykv=yfdO=)NbY^dE9EWdP?~e^`v&m=k>&WS-6KYc?vi762_;XQx{O@V&Nnx|FtT5aQvAGpJfGqbL^09M>AvzW* zx0IJI>GNiTQgDk~gyko=A>ZF#*z`e{Aj{2JmnGL8l_A$~Ue__)?-=%A-d5ssZF`ZE z7p7lM^moPBjYHoAxHAix3nMv~XZksIzKgjao%gRlaNR%m_H`unONWIe$8h)BgSiE^ z9gy|c|2px*F#cxyJ1t9^EVttDupR+R+XS~Jc|1; zV08Iay!W#)^@=`EeI4Vsr*_<0ab#E~8}3oqbwDQ}d);(ics1uV)#_F&{@ktOx;Q9z zpkGgO+Jxm5!*$nfNPrs$`v0lPbqm3L+r;-Kco$xqEq4UCi-z*Mj*NRW=|0O;7)vQ;$s??uPdWdMv-CTUjjtNWF zAC*J^+7f)yPXmR_x>Xa4p3 zlh5zlhjlV!dFPNHh^|MjZPn{v=C?KOy|Vf3!cq*c*yok-`6toSNKg6mmh2VecesFc zhLQ}Kd?L@7#IW3JI1Tyisi+sSemzKjHTo5;Jb`h?xxD)v)@na?%F-49K)(;s2?8_MjP z%#D(7k9wlhk-pC;bd1NXSLXH4chye3H?XK@Sk8l6?3bH9*p#B_$bSEE{TN50{VrzS zl9MH&-nFFSYubLFS?_qy&(ib4vKSu!L_8hO=R2XE$bSDD$UlUhLKAsz+m`R%KGW`p zs6Ia|>)~o#TN9Jn*nNOLLzcV$C0rlW6P<<@4dL_G6N7dcG7Rp;d{4V>S$JVsjyOyS zUea-r{x0r?*lOstT-J0PxE4$WymR2W??0pi|0b+Uk@a&C@1vf^vmKf!>M7eJ`~7n+ z3d@afbA6Op}6S^arV7@dszUX~$a>Uw?i62F|bZR**VUJ{n);L$|K)46>9 z$y0dmAV=%xZu}n8wVczW`-W4sn_y*#{kjEVqdK4d@OSBK>wxUIc^ zMkZoYj^?N>=lu4r)?4I1ML(dg(Snft)6TE(xjMdF;dAl_hNUB17hmm13k%ZaPi!sM z|9JeM>#M2WQ+qQP-(9x?xC7wk`{gU`a@Gk@KV-|-BUjJ|T*B3SpQ$XIV=<5xprj=pYKQcn!(Z4D?XY10{P{rn)$;9em}3&T&K2N#!@(Mn(v$Q zV5YRZD??UdW4~`T`5mtEuDhHS?fgo-j~nkqJxn2C!c&T)CcAFOpEum4G+nPf4^0J`97O}$i=^M zcv!l_)p%(gzXUt|p4W18{%E|0lYbQTGyw zo(*T7Rt0Y=yqFIxhw~zO2ifoY7x_I0P&QB$jcv<&SeT<~>}xOf=BPSv`^7I`g(YDo zmkDk=YzCncWV!3fAAfZnIS-wQ=1$>xzj|5mzNcLZZq>-JG=i(`+TfiSe_}HleTXdg z#{bbz3}XEm-G&;nNo)17>GAtpMawDEeAw3K(z3AhhwGBYHS-#t??UeS)HJSDV5;E_ zGrS$(L{T$j>RV<9^4(Eiq-!eU_Vr>~O&QWu@JLwhgX8*}W^MUhS3Y|cvfp_*MvcewJCbnATX@{gsko1YyC;7+!FE+qbHHBC#k)ff&wUBI#pp9+{mmLoT|&)J6SV4~L>$)n+-9r^cJT{r)e~XqlY-k8+nREB zd&DabmYefbScbq2`Tn|cc7A}nsdCoF=h|{6lfyC+t{aEk1aAZyAK+Gye+zw%K0-a1 zXSwpw$LH?No;?@eoGGkF!3~zP-?6oE*i<Z+=UZhy3!eRKv~puiI2?W}@ZD#^Fcu*+bZ$fEMy> zP#%4~i*M$mUU{(PxA2*;>~Pe^+!*#X9>~^$c(?AV2Z7G#S8A zpVzkc`7)b(V^h1Yu?p_7DY(~d0k>faZvL}j>79am>lSdEr{I>sy%w%ttz|U4ap>Uy zcgJoSGL3VZ^!KCfyifZKO?KW>Iz22UaCIC#nT~cIw)JmdeuM0F%PMB?0~&}fL#yVc zNoa4b_bnMxyvkeK&~fzL@qd|d&D^kzhwIXGZ04Z_$o9XVlK&pbjo$sn&W|!aYr}m^ zVxXydURdTDPAxu{gZ4v~b1eB&P%otSEyvR5=x^?J^*MPj(k~j$#eD86G!XH%|Cxtg zOa5l$#-m=ulK(rHuT=)`2YBv!lwk7+`U%;%&AEy83H^b7M9pchSF#SR#LU~hxY_Gb z`EpoJX1wpXy@xUvKm(EG-a~#0nvEWLFfD1nL|?!BSZ>vVu$&Fo&6gHpw-hZ$mb;St z#PJ$gp5eQKy~5^sQx}DAD-!puiWjm@YW&st(q}MAF4L&~GY`v76;JiA6#F6AyQKEI zm*pp<$=z>v_GNtjPCl>WPfcI&Z*4#_Ectur?*i_@IZfYxo}IM*tEsWu zd+2jy{oLVJ)+N!w=m4bcNdfCB>gQm}*{Rr`NSObbXT24cqf_|l-v79ze&($ROAmN4 z{OmwHkH&`{>IbrZK0xX1AGL-x`!7SiiIjt~FEbA0Z;R>ix_#{+(T%sSR; zY_~L?!-!{SWmxX<{YiBxPb0N9}S#IqS zw6&-WYK63It#`QRZ)u8lrr^`CtTWu>u{i~ujx4vNMY_C^?|sMpX{%lR);PFi+pkKv z>Bl7Ekj=IFmX}7I6X0g>9{Gznr>V#H$@`uh*WQmQ`YbGa7;X`^x;}7IfIFT1i|7?J zG_X$B)gQN5Zt3c`&x-31pJgiT_ zE%+)d6AU*GyPF^6_bWNt_>TT5U3zd%(+m9F`kShp6@JY+0{iw{J=SMv-eg}>zW~>Z ztjJK#>w7OOcY&N2SpiCxzlGo>uR9d}{6yui7ID7epXW(sb_y0BCl?h@?& zz9(Hi3vkg-$oO>zR~)d^KDo@gX`vZx!AQq-I0y&g*n;s0Oy`T zlTf{U+Sp^fcBh@s)%{d|`2nl^j(r~1Uu?cZP3}tO-d)O`2=p;pf^2+4A9~|4^|z2V zT~pz2VL9;F#C1D!BzsJ6;@wajt-mA5m!Y}n8D#G_Eiv&O>tQADkFey!4f*-kvC;T` z$kB3tA-~foubl14al#3_�Xj2UpJQ{JD4o{Uux%-w-y3ph9H1_mh7Ny^Q7}J6|g3 z>fO`O_*VJ;$zNf)z;M69=8tbP5BSyFiUdRcR5a zb6_IAOR>@NyNaXb>U;HS-_6_v10dRYpYagzNfE-FKnw&Y%F-`*z$%ax_;2?!tiR=O z-!$9~@cN-)0q*Yi@=OKFM^8*(O_%#RE6()FZ^O|WKbKuuCn9U$>bO+Xb=ZwZbCLD8 z;aK`j)CwJhY<%bXaX67`J;2+ zxY_v$f5%{V_#YYaaezDiKH3GOX+B52Z(Mjlay_>GmhT*q-3)gzHagyUkE8YXvP074 z8=w1c`z|cEV3&x540k=Yul$rI8TTi1zg?d#dvH!uJ7Qqt>)IX5m0cr}XSn-fdj#qh z;J!wFEvoYXd%#hTE7=#oSWcPs9`pJO%dKhM8laAWv#H0ppX_pY5YSSQiP%mH$k$$dyiv3D$;Z;M}2RhTMu;p+J2~TuZS!*+z!~Bg$j|4!=2=xK$@m; z+#EN*QA9q0+d6K+{2CkOE=HDHO@4<5J??HC3%FMn^!G~^hu!*cXy1tZ1~=w&_raz) zYJn{GT=Ij_o#axZl&yR2Yer$91IhFfGB-%F7A3uoARV`Sf<7l}*li%kd z+B4J)4QR*vo{Oyk2Q6FT=g#qqsW76dc&S~Pd zZW7n|y9a-E{Y6f0L`K04#VuHq#P%k1OMv?-`L9q$8RH?2b4%Hid%Jht`up+Kdci** zPeo1XkKwxVyDxUR=m2En(1rX!r0GVEt=qCL*4*Pdf3^HNe~S)?$Xjq-`Mm|32T>Wa z++)wSH@G{kfz-@Hri)n zu9mZi{_cZKYjiBK+;hnfMx)ROR7$%u$nQ6c{rGlcUB}G>N?TCh;D+L! zh}?(GbTkK9?g!+5M)e-y*%Q>R1xtuWdhs3ObM14j1uY|T99);$A0)CXc6%YaJ~;2q z49Vr(K`6eaQQupKo&-}q6sLv(#&D>uFA_h+GNRmCv+C+2@R!BFi00{(kffdIFVlO;+Z6@tf|?ANtN`zjgdy z=b4JbA~F_k$j`rz&6nsKWVt6!U>^d~bOFacC-JKG;cNzIFk){nC*Ojnl%Kai&=Jj~!O754d5h>IrBJ<(8`lRhuoyWKbjm-7V_CC!P zZ_e8}RByknn!#L0QyIKB0=%}^bp99Kg#q5M055cOL{`Cb*Z*ohKOI#d`@QoX=bi|< z6WxM(Q|;V%U|1{feT??{=N->@_V~p0pM}jA=xb!TQzo)sa}v+upp#HVCHI;-^ZOX= zm#OsYkKPYj>BqC|q=@9gb@3d8&1iHl(x%a0=g*#_`6ueg@KC}}ca7q)JT)Sxz|nq0 z+tm7ec0Y75vi{vg{t>hg%|k2u344FiWhMSiPSKB4o)(eI;ku;zl~!W+0doGO+OL#< zdPMHQF5fr&h|i}zNt=SKKSz;21!=m7W1o)f2iPIGTtC9Ts*Cj>BNcUx$P~DJy{r^r za}64dEcX`jBax>2ImU);9Jj9frOWxXJWyG;h*TJV$73@Cy@V|Hd(A(^d#X{}g=tdG z7}f2cUE#;Cb5qu-JggLTkH|a5-$vLSfQ~_yJBIv3v>44s(_iAgM;|W^8+`6#)EQik zr~ES`vJS3mk3PXBeKPl^k>!TTACEMh!Exqb#=gjv9aq19RU=Xv72!`4hjXzhLN_4G zeU$tR^b*qFEt<4%A`Zp={-|B=OT?k-tcdK{F7Z5DC3YX9pONJ@o5FkpbwYb}%#gVc zCi&Wl=w^NwEo#w@1wO=po z^C`vWMdU=du3qklT~SGvH0Efzt;nB*G@Z$DK`-9F(k(f@y8mp68jE?hikBTykWN7AKQTA>_}ecc z)8RIZTd<1%>lR*2e`5T70NZ)!{Q&pPa`xLl zLwkybpin#3txu~ZwYhI!;jee9zpMP~CRazKpuNk8{Mm**0qmvz09&n+emk9h#Zk57 z3(mRcm6mln)zm}o(QC|3_xtn0fwZUQ-`D$` z1;lGVY}~(35vkF0gSx-60^S^WuDmpXa|}8T+3Q+F{$ZqPGRNr`&@NH=)Hj!Gc`3Sv z_71MAH`B4v-`#zUqvd``z8Yydr+-qPY>GHBaLaDr-aq$TWe;>l;Su_V(?l0tbn$DUX z+6VQ&hyC;H9amrL9pqgr>u;zyB0W-Y55%^n+)xT`(M=J#-EjNCy8;aga4R0KEw7{7 zI6n;8_M?^Iy82iJ_XWc(#pWqA6~n4T&wo53pBZimHlxubWVw^7 zGh{yJ-a$*zp#2l;4>SGpuiSV1ekOk+>+8G^B<9EE!3pW|1$G;d>)lY7oGM5E%yc6v-I zzt2bHXt*vF9+oD8qeR$u^)=PyN)|Ej-P^UIkNHI z@tJgK!QV9L`(W+5qeuJu?{k5;{v$M#`4?OlZ|B$a0M{dW|JD0^wq84~jdvd0rww-| zJZ;}z4RF6FzX55g|B|;Kvt8SNzmAo&BD_;9;cr81(tgd72uB--r=wYN1m`r}K|D6+ zZ`o|>pW(K{_6&4(fIEczNHh+ebwDzALyC5&YEDElIwkyl6g$0clQ~*{f1R5pyXb@3 zq;9;#< zBF#8#?z-j7i%4I?b#Yh~;QAqmA8HbZ5ZoJ6aI3bGn+JCsTvv}TZ$eq89Vj|0xjfWr znl5+nH%YIy0^;U8#;U1iVyM8OVRd5U7x^=2gX@h=+`A2}eU}c76%=h~{?nm4ChHHP5)~R0L zK9%veF1Ba#o9ugXwCzp{@<;mI<2j}(XEwh1FEYL~To>QY0j^haz5mvvzbJrvx8aVb zk2$A)x)f}J%hX}B{uaTV3OD3C)ZmQ_=?b$~fV=$i3~9yRjz*vJ|6})~&&EifWyxvb zt-sj$Tuuf35L}nk-+nMRbmf0YZoSU+=Xrd7D$ggle)hAo)8tY4C_Bww={u`ue>8jdE?@@K-$8vM#N8~HR-GJ@RFEbBE zmU|relhJu7I1X!_!r!8oBl0&~*Z%dxZXmh|S?)OUQ_*as?;+HETkiK6JNsPQP8BVP zNbSxE?n3NVpq0pSKjHeU;hZLY&yjMc`}dz+94t3)A>&-Qp|}OlwD{cL0$lywv3(YJ z+%QLdKUHuY*{=Ur!)G)>`H+<4>rOqQF!C?bcLIOuP2J%`;a zWV!G9OyyQQUMpoivT?|HjeRf1-;c2W5`7ck)? zV*EV>yY{Ffvi_Eke-vq&!u7ZN15;hMiq|7@K3q-Hsgh4(`yzT5QLSA4%sS>3p6x_M zsFd}k9+!ISO9NP6%EzvBSwsf-9A)YH(ye@U1k#$W^}MF*;#Ig)4R3^rW5wTTawn|& zk^R2f9zDUiIcOTPaV+%9zl~$*8;mPV9FJd+F0Wv>7+LPu3Tv{b8oyo zz~|a|UUg+e78-67wLz_r<@O{$0NsMFN0vK01-JN3)@@U8@58pH+;J(mIV)JVHC%0% zUw}EcPpu@bUQ3s>A4&Bd5sibJC*{G-J~`38IPUy_zmBQLns5u??g!WP|F6JXk9J>_ z9ETF}6VVd10F|(A+x%hgx()8;-M7^K-_6epRx*!<>-w9ovH68(wSVMjEmAn4?{Hq%7v2b158`~&qhFpE%Z|O&o?}S|cSNL8;&cLp(Z+IGi8;0&h)}Qs{ zGZu3{9feSzH1-b6_WUXLulInRxtHdDv7%M%Cxx5ubC1HN2+c*7J7@{_mQeOm;=r+( zy|-ge@z!Aq_we?|KfjXx!2fDxYa&ttH|BFc#BS$hJTrkTcMbX7-(Z~`9fk&vV;|b% zp1-C3bEdja%02&9{x$1Ta6>+K1U9qKDrC83mF$5)^_FvO(E25`(~SGHt=sJj?|SP# zsmZ>-rQfq}#&A!=rVw3+EVrEei|7MXiQIie<*xMG=Q(uF8+>l)N9rkDSB`$h=5Msq zo5|b=`Bvy?r1Ndd9p|tA+wny;++Pj16Lvk(0A&4rfc(>F9=hrkZ*AGVD`b+tUTe99 zKSiYBDT#Xe4t5`*YGk=PyhR^{nxgI>B){Kdf$y(v2lIc9NV62&BeAb3cU=l@=oi+d zQgFL%0e82F-u;!&xk#@5%dhO$G29|}*Psyr?lkfX(YvS;X}{{$(c1W28wdG~`!;Z0 zd$ksuKT(Sn$#EzmKLS018t|-#Ee}DU?D=d)PaFo{_}$t7H67qxAu}_ZjYA__FKUtkEOu?=h@HUCz0? z&@E^(_llcy&p2L>mwN4wEx$Q`vF;Gq$9_4#1N&rvyQTZsi{MVh-;n=BpMzJ4-VJbn zA-~f*wCQMXG?((=_N^`O+g}}bO!y~YQJHVzp!?$w#I6;xaoE)U_?14_#-UuI@*!MT z&W?k3Dmp#D9ZddSq-g@jN%@KOdyTOs+b@=;N98Bu?-XoaM6V$0?>h3e-etana!_xx ze{Wq1e?ys3iJY1!zm6Niwx(Rk^X8dJamb2Fcerl8bOO8{s8@h{4f!!h(}NtXzg`sn z{(BGp?AnL?T2U!V!F?QC>u*iCw%w_$9hH(4+y(!EYyB;(8(PBdJ-Pt*mw3z6lPkk|V} zk8%w9TaqFURXI_)#&BKxJ0rl27hL~8HCZpJhC32&$hVmd?+x^6fLr^0_Nk(lD2D9) zz3INc_C8$EE>S5r{nW+?AdR9j9yp5hj!!PrU_@zf1c#|+a^W(Ap1mR4%|@O6XucFrGLnNYh?Z1oqP;w()U+| zT5Q}O>%7JFL!o`6vJ$SV7cH^PM}3gxjwC-BEkN^-uG@*fZrAP%Z$4!Ei>m#il5u*1 ztMh=*vHJyC?xyAeUH$83`-_TDRCa;u;;ZA-dLQw8G_u?+9j6xTAC+c?tL@||%zc+1 z`|s-(+D@igx3KlN5N=z;)p2SFUylm-yQy(%L5gu|L6fLF&>|5Beco~mD*%H7+$|la zmc#9izacF^q+8*YqK58RyjfKC=#tnUR}Y)rQ6przhmy}n9g+UNbY+x#Z2NfSX|Uf8*ysKV4v0!i z!#y3lbI}FJa_=BN32AzUW2*St=V1#Dj7k@{?z-vouzKBQ2e_Mh9=4BP&h)x{7yp;} zPm8Dwg`4l^*TH+|WZpFv;O_GY&jTV&$8#KT4$nsvFy8&no117^>&NfZ{L_B7jLKth z^L(y8XWJRO0%YT`spo75`TpAHY^x55%3R~GK4+`tVN8I#spo70;W%I|PPKDQY*?a^t-#^H7H zJAKBw6WSlGIDzN4-sIi3>{*@U_hTJ-&d#-4rEQ{;-8IpV>A0~Eb{8Sb-O_Pm{xMN$ z2-o#vI&QoP<{bg9|8-K18z=bn!uB^6a1S#6>bUV~n9l^bTRLtmI5sLLz;*RvF1&^4 zwE%ag)$Er%{%YGQXT@yW_4~!SPWU0+)})(-iDxpn1r0zaalJ%KDr+M%P;L=Z)Qc&gnka zwmW(4qjI;2Lp|({Ku06Xy@331r0HIcWvu;gIDF$cxbbNDiBXvhH$QH{JuqyRqPLOd zX0D+O3aSJ*{<#ogDh)o}K5whGH$ls1Mjpn$y=a|b*ippnj zT|K@Zn^)0W$Z~i5f<6LuK*yqzhZFvGxZB%Dto696miNUgPGQ{GEm6*TU~>_=3|a0? zr8*)p3__8UpG6Cs5mt$2fz(^|BN{9_yBi$fLm|>1b3CswZG3>Q4p1W zW*nyDnuD@=Zl}|x$Bmm?H?4%*0e@Zlp!;%P#*timxjI{%&e~R_({v`dbP29>djjy-#6&8Q^Ye zy)d)o#_M{8U07#G!QF9fayi=+w_yrybyw;eTvyKYy&^4PwhC~!^t~dbXGCSK;p%%u z&V+eZfV-vd6)EZwm9#Sw?WDd}M7bjZ+%0{tNWqy=*$1xcFLWIB49w{P?xx03&HeZ$ zjiY);r2wuS@2r9ORe-yx@lL+awd0+Nv!l`%ZoXfkbi8xWms~q!+nr5~ce?sqJKiZR zjLOY$T|L(I>Vi9N=zheRF+^e!k#b#%G4B>zhMh-WcF+YJIbBit<~2UQ|9XTwULM z6z1ar?xxl^2dChM`b6bt!(9YV{e3^c{hj>IUwP}XdvUbudZj72#TT&7+dUCq*Zywm zcZ_2-XwORFHihfzv9516!JlTxmWNHPZ#H_uTi3Jmp`44N($V|`HzvNH5^mzdq0ssKjdMh3hsj`xZiChxBSv5 zzjeB?zrSxKxA?NCEQRapv6i#jxQ{t|E8oXe3U{^fH+voP<06rrIokN{NB$tB=}?ZT z`eVEPR&aS#{)8KfTkw0r*mSxrTTbR^xz~{&g(jc}k^S9@nSOb&SNYuf{Sxy4xjHImz|D{UE4+IYn{Uwf$Z{KhOIwdlM)|0>*+016=W4s| z<`?om*0YSih1gt<1|rKHPX1n0hJxeN+C0mm@v!4m85EWK;Qmw2C}8ekQgB1p zL}eLVmm+F|4ncZp-9FsKA7@Bg&bj?arPzIoooiQIed^3-?DuqBJ^ov}t?R??x|G4) zwP&K-pAN4h_X5rhaIYXg3~9QbzZWx6?7^TyuZK%^oL_Y<>rIAx7q$w@Bg<`5&HZ;&i1fW_zf0oSFgu)7|8kIeqd%%8ufZ2iD9opE9^tq zciRg4JnS#u3j2KQZ^PcTXP>>0F1pq=1G(}|Q(LQ=^M4>s6JOl?e6s@X!*D}!3-(-K z+mdH!2z#m8sjo-)gw88SW1GtPfF#?n2hz zsn=&njK7WL{8fvS-=EtfMf+PiDk|R??zW0=&giJr>$UB#TPfV8+ku-ihVjF8;FiMe zx*fPVcQfDI4%||>#oK|Ka}Vn3>kTEcy88{htZ`)j$C4@RXuTsJ$XRZi;K1HI4WIuEmS<|b7iUeA)UXuact=R}q} zcp3E#Y5KSMQc`_;Bq~j|12+fm;oE^5f?EJL6#s@^3{u76^ElhpOij{EZ9 z_Sp{p=EEKGAN;lNRCVo{^|t`-eQ;g7vo+CN7Rzld!$PtYp%8)zt1xpclzx^$&p!`Z6C@WjmlAQU4QWo{lVSL zv4ZogZZGlt27l93lX+HX0_$gR-TFl74cT%pem#VozuFH?;rv9-O+$xYm;Bu67{4E~ z`$a3^US|B=n(}Mgvnselw*$8t?!DWAE01v>5^gAdMYdggmIHUecJMa@_oM&d@8;UG zJh;EXb@gIv%7bms^5Hf(XUpTeIe!b_9tw9``&$UN%XaX$2<}z?ftzYvV*8Cf;;p-a5q525N^6LY8|p`Oc^d3UcSB;8r~umE+*L`u1v?$TGAXIj&x}X>HTx zW6o*f)mWR2Z_!hXC*f}E_*TKaz{KHfzUL)qAaed{d~J;44DLg-9;(K9=`7t4_HI{YSOa1w={yy{O%5Too+#iSQlD?m4 zJ@+p)-a5JN7hU`NM-nVc3Mj{SXa2FbX2XReO#rHVsuXOi!a-QS4ak#FW)pXvxxpEeQ zyJMe3ebfE@stL%p%l_AiAM|hbzL8sRw)63PxJ}`Pe8W`!Y8)(A*WFXSCsUv2ba5zv zdz|6U;#vpmn{r36hvUz$*x*5`$vzI55tZ}cvaKtg7Q#(+-IjBH71H#_75r|*ZW~{> z2Y8;w`CA6}hCqBj!+sq~72jVuAB=CS6!%jr;67yHpx113+*=>!d0(^tvA55)@vVY8 z+xVOI3%|?!FYCf}`J1MitP2-DAC-@dzdQd6cQ4LIe6Ie^k@eS=vm}4vrd^OIzuU~; znNbPD4aL79`)jwAzi`_bf49}Td*LkZ{~B&h>RV0j_Z7jt!Nfti&56aKC{_7AhV#LC z{Hs5{ve&H`?pWjRwz_WI*p?Z_-)(i>is3GY>)KzvXP@f6y>+;5G) zsjeHaT3dR5vI_3*7beQ@w&GU9Jrb^qLjlhi1^Z+5w>#(CQx-Ix!f|tPD4)Z=DZ{<# zWf6TB>a)Bf(UmjhHf1+zcb_|r`_`M|7SClrB3w64)i`LmpF-QM+*^3}opR&<_5Y)P zcjIo?=IGJ(Z>4aD8SdHmv=A*pmis69dcX3{4isL)`%C=syz=TDvhj0fl`pWaX1IG} zH-q*!%F%M~NzagjIj2eI9hR$XP1fIn7o#%CaF4*Y13ERpeXvW0T)?>^r1N~s4W;lm zry?pd4flW8slPV`xFs!kKMdz;>TfCBWpG{kZCpltZaWeNm&aYV^!v#FvQxs(&`Yd; z8-FJ8_vcUra`Dsg!O`4*e1miEpz*}dj%Qk>_@0$;e>B|Sx`UP@Dp-kfxf?{mMH~uWj>^G? zyRH1KgxdkG8#nKZKe^~&r2dZZ>*>kl`=Ej7ax~yzo^v|J+n?Lp_cwcZ;=Mh23#tEx zdm}b_?|d{z%e^p{XVy5UNq@&F)p%UFZd{l5N>uJJad7R*)BraQ^#42Zs zEzx~fWlME#qMh8}m$QQjrhCq``cwA77;Y!*F2vuS9Id}+-IOWUaZb~n97F6gUBx>) zG!8B)H_g?z)x1v-ZhqW?cYI*;IGTqncgJ*C=qPju8V<7 z#NqdWtOsIu7P8!%$&W!#qK8rE;}Y+A3qR%U*H(X@_RB-w7g1>gw}Xg#Vtm68}A9S{~MVTPvkvE&IdZy7u=}Y#yU8I-8^A$|~Ni$2mhc6KwcL z+CTN8;w$=jxGueQWST6&{w<`du73NF`SyeiS&hC%cFa7CwpUZ(*HJ0+IK`URxsB>W z-bL_{_TTdy<_vD)j-i$FH8``yx&CU!+}Z%r)FUnQ8a+=Y1EIi{aLe zTO{^cKk4@)j_dz9eyGWKB_Hl>DY$c(M_PZklv@CIB3!C`JYB(ey%F7wEcd7^+Iln? zU53VfmL~Nc_2RI|)bDQI5J4(`kZPz5$yN=vid_?OeMqzcoOcjS7*i-}157e%kt7_GeV;Uz*^K z!KMr?LY7-lhc*cHK|yX=3T{q%t~52=QP_<~&mhY^pe}7a>WGd<*59#rd+$54{^n=p zN+DcV&Q^b#Cg)+-4_R)(m`v&V4$oq9{*y+D`LWiCu_@+tWpIbUb@k#p?4~hDx+TDU znBVpp@~+pI>--?qc+fsqoR^&|qYZZ?yfLfO<^BNo3Gy?MriC2!{if~CO0I8~TU;ww zrkXftJ8;&18S-WqZ+`G^^=)(S-z3l+o(U!XzWl|>LPva$G%sf zv)`ZE_kdN@&Xw;|aCgPNrrZH3xYc!XW#`Kh*X>YvJA9idX9T!6kROFKJ;qVv+x69r z<2yF~34TYXUamypx^kxReewbNOYV1DfBlcg589q>F1}@OPlD^>`wYI!MeicZy^9CK zcBofZ8ldN=^1B%g68Bj$mwE5u*Z6+v9M~yWMyB8%f_+W7`6;-C^>bx9T$e6^cO|+W zY5(t+v&`Y-??n$G+y75?{eMobEbutR%F=sQs>k@erYHS=t6_@%zc%M`cFvWLQ`m0^ z*#F9UX|Ug0%ee~de>e7BcdRR_9!UE|_wV1cQ(bAD!iN~=G!^WYE4y4Ck4LfQ-S-%e zou;S!?@`3KD(FY$o_t{UTxn+P_u3;(R38WIJEZWT3j4waxsq?}pJP0)8d*R2-!Dw@ z@5hek-`_J=&M@|e&8V|Cmk36 zYHjKBUgdCKf$Qq)zj1F_#_wMuO`|y4`s(7C)E>h9ayxJ<;npik#8>Z&9zzV<`|+LZ zkMH7+@}C0E2k*C5r05^3;hqQAjla8NcOkkuz`dXR6f^_r@9OA#C&%%dT^fV6et*6P zV;Z-PSaAUDg7Not>{g=BkY2Zc{N25-)JF}_P}V$czdP7(w`_SRYMv`U8-J$^%ZQh` zTbmDYacGe%bKo}gxh}q4u(jNC$lLgCU=HE@ zburd?gyZJr<;qtnxR-4uw-oN4S8nX@wOh%phT8$Is~68#@orpVa!Y_aiu`z_sV3#D zpk=OH3pW(EV9zOcee}N4qyTp|`PY2z`+O!43F4yZe*7q-`b*}tj;_wzWAEHl?Q$! zmBv>kuG?~KJ~@KlSmS89z8iAT-n2gp(vtjLY5aBVjvSjSCm60ii~scr>CzVaR9xlj zv-&m;w){G75!{R6y7F)qyx-r=mWu-1%NlucxR&FB3CZ*R*u7qSZ5(or&t?5C!Mzi^ zv1lB!{_e1^$8ExKZ)D>;$Z(y%(vkiRZpaVd;n>V24##k`T>sB$i|^dsIFXs%FtM3`-|z3y77L)`dfHPt_(0-ZP(9c(zLb@s4u0cDz#!_ip2FGrs3@L(}94jy4Ww zlD`xU)boMyPEIRt|A^K%H{Pk}mMg!&4fzG>M(oC+iE7U|H{SV}{I_VQa9znlcD$3v zZ)$7XW5+vX-E-xD|0U|1i|^Kscce$IoSA~Vwd0*axVNR?ZtZxd0`5$>uAJ$3N6W+3 zj(0*m8TY|;*G$X4F`T*1d+48Vw%a%_rhKcC6X8!ZoZ zyi?SVc`#fThm*1Cj(Q=>?bzJop3AW(vhCzxpKJU1@ihU@xcU4Qr-yLBj49RA>ZaQz|dx9fI(Tm|>YYZK)my*0j~ z5VG9%B2qm4s@BWNGd z!6?`tw@%R?=RcS$=UkVlZ%1R-1D&t-)B)EYKR|vuT7h0iwm+VfqCd`mm~|MqZv5-w zyS4ps8Ql3PxLeyFOBwe+QgFAnKQ4qD8l0#X+8=9q*xLTM0`BQ>L)uW0v_F2W+t&BT z`QvkCnBi*s@CDcVD`d-q_pf^Y4Ym)iJ+tj^A>65OU3pj!?=O^oWHNVETiPO|X+6hO z>m_zQs$xN|yk+9M0h{dOxbKCmzq@p*D~*w+W*luh>HM|*eAOD}S;pUkv1x#eH zWxFfRtaqC09{an`H@-K5`-|G``(7oyJ=VnVAY%MqLsQ({**4c8MzqX$*`il86 zTsPhs2(K6o3vfFWP`{C;LXMk@L;jz+a)sgc#pX&h5LthhboH34Ij&Nf^{91z9PGS1 zv{OtTf*Xo^!d{&3VCo?VSd#?8TnWXsb6O+r~hV&mHorm3c^ewX7J9{%WK=sa|-QhU4lIMip z;yv)I)A-#o-cL@_`Q#FRpi#JgOvV|1Uu>Qw=U_VoS?(j`pF=O8?>}e%p1D7| z=wM{a*>wKq%7Ys>OI}QVgB#-7Yx)qI&r!V#let~V4@D*DoDpeB{cWhyTW8Vs^)C-2 z)o{Z%CgSiccJt8}$okv%BI++1g04nmLd?+`d-W~9%G>9ZL6_nDEju_Sr^1c-|IS2g zo<{|JlevR0=KjGYb>&s`B3g6_zsJ`uQwr{{Eydq@anOCD?)TzCZDKM6u1k;fXWtO| z2HE!O-b?Gs8dU2t_Be69D%oSHZ9_@9S3-00WAZT^S6+|jnZeF{whOY~`-dDpb3m5V zM|xk;?leF~e|=rv^h{gV8zD5Hq7^$gFk!|m$tkKJu@qMdQ;6cunUfa}sO z*zJuPBOA}QQnkH`u@17_d&$p0pP+Y3Y?64$pdEB;SQML|q@ z!FAVnrvY^(I*R)X94+@~@|}^UZXE6P^}J2Kf1Y!COl~yX-q>7%u0)nQnfx5I2%P}l z?jz{!w;MJN`CVf2EnL@rzKz|B?{i;`qvd+v&in6I(>FivE$$kV9fz4XTwPago0Km5 zapc%-HPurMs?%E?33*|t#F1?D4-oIJKQA@BZM=Qy@@~xjO!tNyO-1q!~ zzkmE>x_r;k`g1XBGdH7qQ7N+h#3X+oz3nF|ddB1t^F8Nd^Ez6FEO#~eAJOmV9VTYB z91Sq@e^;N&&Wy=YxFL0(l=eS-L3<#}{d`%LwBTH8w8Mq9WJ#EP0!_SrZMe_X_Q%Dq zs245y&58E>SnN(g-H_#8L4Fvz2i=7loOi& z%iYp(PUx(d^n~l`(^K$f@|?}=0QU#-X@l77f@&lE9cs5*S( zT%I+cUD*p;>u)>qU63a2hr_4Q4xjAB*VR)k5AM3`eKLbDHWgx8U{T z8|`bi^S!)tW6}|>yKY}$yB_@-;EuVbu9P87&r!d${Dvr^F1C8K?N#;pG3jr(PhvY8 zy@0I0;cM9!je4W5XhX|H|CzJg8$VfY=%Sd+HQfJUb1NEwEO*{@tS1bnO-K78TaP=Z z;O1Qxlbvo&l(Q4CIRl-IEVsk;j3ZDHx)|y2E-hlueC_ws*azm_ue1A@E3S%3E4VHV z!loGAhHQU7jr>b!8M5=g66&y~@&PgF0moe@o&UYdXSZbjH$27nF1$J>#c)IMe?{a6 zm@S7e?nL%`$8M<0JdtOb&{$PvV*WRYhXeHb+xcI`H8GiD{QV7^^kUXrk>$20-vgbC zg7d%5UvGThr1aXDyk)q>*xiNhN0vLC{LAP~r0uw!|4ldjm1}2;u8YYZaBaKTs$=?A z&;KgnMusP@+lTnG4rSb!>~Bl*9ng8G7qaueNh#)2)z>rLha2>FYv+FjLuhY}zt`Z) zo#-)SX6hGp{iIPP>`?J?NZUlDR!^rTs$F(38lv2V*bVcpO|gJSKH-OVkUU|8*O_W%IuU zetom^zlz&pawuFEhruvMpmJp6Tkkg3E>K65kL>)fD#iS-ctlJJ;nF0>)0NoVg!aBY znR`hI`8#P7Q3GV>e~o_Jc>Y&)PfYHD>(X!7)VYiP3fcDSXYw6OX%ms1|IK{HFQE^x z{s+gESDpV&<+EEd|10;~S9>3-5N?y(6W3`5%-7M+$i{Q{$htBWy@3`WJO9gEk(eL2 zaZ>1^7|$0b>TUWc?#H1JvfO;~r=l~_ibXsxW9EOWOgrPo9aV4#8g4)Au0mfS%l&e6 zUHKEW8pGakWXtQI<2Np^6_3Q^VYn_mkIjo{5wh3md-8HOeIv5{Oy(4?pDBAZCNCTR zw4Z6fXSbxEkvBK)w+kl3Oj-7o_NCs^K1ExF2G-4*h~GcjvK`3Dg30y0%VI zKhvC;x^a=~XR4lz$%SxTJ<##D-p|_Fb;kUsVp3}SJyQKa=OXLxUF2t@x6x8$`+mJ*KJH&2>+ebA2clb%_KUWk8Joi2yz-bdE=jbn z4`DY+?e9DLDu}ydSw0m_96BYKFppL z)E?P#rfYAmJh*vY;jEZk4cFBR?Psd7+mdz0Hhz7x{Y=5^n3S0~>`}&87@dTyzmJk% zj8>x$knLxRKiPPlF*G+Oufuiy%#PzJ|7aGn+=Y*__v~@jTu}(werDz`8}~Eiuf^nd zxGrT(tSh^sQ;==HWDr?t|nfqi2!suTLtkDY%7iGA_C^ah+bk?sfDFve)VQ zr?{7aGA1+6*Lz$vx?1)N8hY2M;WskWYfte$U-WrQPB5RZ&w14@$nw|vpAUUOe{VkTo`d?%|GV!`cBp>xoL9e7 zE1vVq!@f9$eI9cNP0l_ig?)4E^Ra(2h5ge!UvBLyQam@;2>Sx;mm7QCC#?E0;D1>P z`+C?HWB;qM*Zp&<9iH~$>HM!sVPDC)oV798`>uGoC{}-8ZRV*P_9ouhH!3eh48r)J zsTj^NhEu}ll{GrRnMJ-h1*gQj?JCu9&N7_&d|uzf{91tX1^Ma}->J9HDflubgAK>M z*P%MV={%J&dA>W^S_l=U8t};m-j7d*%NYlgWm2Kc6p0uOp3GrFXx-R*bpq zQRqx`I%+(71a==HjznlL>x5kv%-& zZ=p1m-;KZLVpD{MBJ1yYcVx*^oST94z4%Lrt$XffiO*GkT^tJ1no6UQ@$wh{j)jM% z#rK)MhP}3wetgrvcqLs%RG8nF$F7yJdymi0UXdkhIcmS<+hra&lesPGiAuS*)!|a_ zI~MWI3QZLmP36`UoB@2kCY%*Mr#h>tl%?Rzsv)N}YwMaqwVTSU6r8_m$QkEz3hFkM zH{rN-iFUIXAER55yiy6k(&PgC>5r_xM@`9; zTRArt>F?&XxkIEs^=$YzX|mEE=h^k;oSm9VJGd?m4`VkSy^1XNb6%{qj&m7vSYKQ$ zGW`^u_c_bsuJ_CB&UF*zwzz&%xzzaEB%OIRwoQ@cRO+1`QyC67;|A4kmWu~{%N!fy^8YZi~L%T=gPQl>-;$A{K1VM%Xe-n zv*EgS;XQ2DqOXzVj_Qj~oYTZqNQU9q^e)Nm&BCUMI8^S^R6c~;+V?kSE^}wJa$Yhw z<0aM=(P!ub)cm3h+3mhM(z*J>f5;h^;D(wsmD-~d*X^U1*`t7}k@fe~4%E^G zp1=D1cJmh8hdwUZUwhrE;T{Ax*?V=~ zb2_Q{V|_l~c5BbP&%Ar>b=zyLy*6Xe=wq}1W$w>f(m(L0b*gmkS}js8Z2IO0v!pj% z*Z!US9^*)#@qG}EmOF;{BS^y(j^Q>UOJ8Hn67|+WE)|xU=B8a=aXyb!Y>!+~0{;S>SOGIU-eh|4*dO_0$oR zH^;T*IHyULtbpsvvG%(Mv)5Aw49kr;>i?tl!zR`oxOT#EAL9J3asfAaeDuC$!mEp# z#BsY5zYJZ4G(Xt(r=4HksPcAkGng4_NjNRGTx?{|3s*nn9+xGrm~{B9AWfP!7r85r zJAwG~K3CVrl+s^x^_jbGnhuUz0rwlYuHKoA?E>@}vi|lTlp-}2F_wo8LXs=emy6VT zeW*Vk@(cd5eNrUkwaAhK*q_1GJK5N@MyDXlJ(u{kNW(20S6{^Zc>CCNIEeE0LF6~+ zSGUZPli@mlZ^z~VGyz%eRN`+T4M)73Cb`E(*CV=gP=6=*+`JRAuU!t#( z<;n--1Eirf#~n}8zDvjZv`i1$s)sDf{o_0@6?t*?fSjH6W?#K=WiX3>jTmGf13_0#gBx7lW9C2 zjHd7Zu<7x7^!xAID6{I!h zRgwDZxE(p)4QV)SNQ(65kHyzJDRZOy30A=E0oRq|CG113&uZ?wO^&;g^XrfX-Tx)g z`gASF&fmh^EV=nV;AXbTlId`(MLfaJMzQ--JAZZG>%D#FM-jXHg}Vf9z~^RhZxY?N z!}vCeyKlq!c739DXr#Gsfm5?2^`U5eb{_Xe_b58!@!0z||D$C27-`V&gRHK-`+Ymk zJYSW;JqB(dVj=Qx`CHI7OD^~ixS8#;eTEX1H{0(kfx7~(D{p(^#_uzfsJ!i19xZRBa8r2i&6T%3 zapV0>RNidAuMFN26x_nz|HTJB|pG*CmQ=?K@A zi}?1>c+1DHqZ?OLoBBQ@L>5%9e|A zxS>b)TrM29vgM+nOO|y154dt>mK4I>Q@L>dR<>Lez?}wnPvydKD_bry&&rZ7;O?nh zIBsRjMJe2>6aRgG^YgOg*#CelU8&dM?x|epo_hbEa#0NTUbuTI7mi!ma#7eVOWuUL zr}n~eD_bry&(4x{{{gocZmmgsE*H+<%9e}F?pe|r?w-np<5sp@l)xPbcTeTQaVuLc z@_S^-BmaTFa!!`K_aAVJ;qHLz!l7R$MfMZCiT;#6{cPYFl8`)__(RCOa}qc=OR^q| z_VXX(XEV_(q%_~I>gT~^S;4vQP;b^%==fs^s?ZnZj`PMgJ2L#>`k|RUvm_6$3*Te6 z4W)nR%@h6L`IFj&_-QB)IiGYKq$PEohJy35XTfM)2IwTM4 zlqPp@&b^nGk6n`lc13%!E5)v30=tQOu?zHN95;d8)VMS`MZl=$@`bh6R_g{Ukeru0VwQ3goJ@YdS<2feEXK&!|u5w?HB|{Q$Pkhgt=l%b3 z3*bHk*YzKM$Iq9zr!|*)>EO6$5$}Ztpi7bZTaAuT-kmAZ*v}98Ud{yXk|c0#mV98i zw_x+;{d~88qo%Lp)*H(=A366q>P>#N+}4Kc(xK$KEY?y+{oR1wPITC^SnjpNZ$nR_ zN6`2a@a<&$?ZDnw)cu+#?0ZCcgR|r>xUS##AvQYZxss#xw+Y_|`f-sruH3F+;`?^& z=;(cuAz5DZ%%j%vg6F6G#$@lP1Bdu}D*4z{uR))Mqvd{2{7+QpOV$#g@nzz%?er~uO|%}h?7%tz)~xq@r@D-~ z$6Hr1zIw8}<#P(3-uocK*%RWv zBoACXgXej;)%?HH8athPJCmbLhuXdPCIja*T+T63J7oJMg)_-#lcVW-EjD+f*~oH_ zU(FhQbUC^Z&Ay6xbkjm&GqL^?Q=ru%ghHD?!nk~Mdu;QeU6 z$V)o0M0lHWmT0|3N>-Fx1a~f6SFbyNx5jb(KN~sdcgPdv2V0*N!~GJjYlnV?r~6VQ zuZ#7!(fO&eALlgG;kfvS-RGsX9dhZL|5}#(3D@NZ=kF15+z8PBXHWjx{7?Y5{*-7t ze-ym%GbwUR99P@<)|}JOkz?n;?*68Yj`|yTJxg-oy7bM%M$_T^IPTG-(`1;>9l_B) z?|Hew>zBB6D2Lkzu1nv$vC;SbC&qD8Zla#?xl1_apG5u*#jaD(^leC9(~$WF^<)Bn zzmDTp*55L?j~Rdeg16s#-t9v+|DHwsLZsmuj#GzGr(f%>FLCLh{`U0!%_(J^3$Du# zH(+x+x*J*U=51;6DCeF;`kfD3-d6hMSc{D-Z{={e!gb|%8g>mXtRf|G+#kP5k=dNn zP~&N@|KOfmoWHi7%%7Jf2R$7v$Mdi~{H;`39LFu|nIbEF?i!AJo6pL5J4;%@b^hve z>?Z8C#Bn2z`v2&2tWAeR{uaRPW&BO~-t%{Vjy8SO--WqcKj(Fy4O{P2_~~n(hjQP^ zlHtbR7TEPc55;loZlDi@`k)@Dt1d87B0w=2jIGP{&8&d`RzH5 z*5B?MDGO)_x*FN~OxSlv)8hP(qvg1GQI-UsiQYF??>vXC<=XV!Q@vyR>m_izz;*u4 zf~VzpUL1ENH|rD5Y0&SY(GWcuJ+dho9Jtz^ZCC` zht+<&Y3ud!#jI*}48v76Daige*<(_t0yEvV`b>|4jt*6Yjt=PWJ96Z{0r`#4KV z;JR|0i`^Nh8?xMMrlrbY&fSC>`rpZO{nS*}r0adN^?G3$>#I#VtYdBYC~U{XaYym3 z)GwY*m4`X6?dEXPkE-KyZ8}uItuWkT?6h8gK91Y(L;7@_(@?q_P#wzd^(zgCO=UnhMV!cx4znP3qNB%%W#)sw+8))EVpnA z?+c)rXbReXwMfgMUi%jK&U=qChWk~PEQH(1_rG=p_YGb0V=Q;fPpsWVO}FvsLC&~+?Ri?A>X6!+j*Y@&0mrv^|n&} zx6@Ad^u~29H}E^_jo=1+f45^(^*7!rMK&D<6Tcfhg1+jXBICRB-12FXl&(pVzJ7gX z-)qU=ktHv|b>R){7N7%v_r}TnahTL;#8;x#NZX1|xvZz{QB}HUdVS1d3CerMzf=B* zU9Y1YofqrO`E!wm6Igq;*Y+$aC>!9q_N>9xvFqa;H^lklk%ss9)~T((ywVl>{z5U_ z^yyLVXx`7f5Wg-(EG zzNBwvYEUK`eEi=hf=unjK809o!_CKk@dIDt!Wb2L77Dl z&rXgRFYBKmeT%CEWz~P+Z(dqZ(r8ay{$0hjKEQL=E6Dm=!TCS@ba;k`|GnkkGPp;< z4Mb8dnjczoy_WlT`C)j1{7_OgD4mVJ|5knoR13=0#^1B>vk$r|&fhzTk3*Bt(Tig9 zLs0^M^Q#ACg7LR6b;=BEUqUt=w0^jTp9NEscFVt$6Xb_7xNjPN=fZm*Esx_S{mJ`S zs1_P~Wo&tC{=C?xZ(({+s?3Py zhkvWQYakj zpd|B7pSy3}Mx^Z4UT`T@&*OXmUp35Qu6S?vtsHKa;a-=*x8q61_Q<7!a_{E*$hYw` z4P!a(jhk~oP`ViI-{rH5$!i+)y}v|U`+ide+-v@ZTc>6O70JJq;g%d2l(BGKdDE<< zEw*>C(a9#dw0dFDCcA#^%A8BK1(p7kv}e;cz-OMRYCSKYnm zmD4aNFT!={a4R<92a@G}j+XmvcfOOwISt`Wq|@Qvb6|ho_qFNZ#v?1>ZZ-bS!uCsa zYHBR^@ha)^CR&HSLAlw?i%nx3s#Tg4oZ&rJm9du2y~kXd6_jQrQGds#rOOkj1X+J8 zh^JIdm%6An+T^E$`a9H52fc63-_lS}rW$S&Y#w3$HJ791N^*+y@W>ZWQj>CoG6 z=PkE99F#+N-_E7)jo9gTB*(^a3#X?@3Flr#vu=w`-%$y;71=?#({Sfw_c>aNtiOj< z^X^$T$4OMfwm!@8%Z1IqnN5T8r{T87?vK^UasfxnokV;F(xC4@YWildMq^L;A?KK& zba*kE4zFVSDf$XoZc_Dh$wWt?!%@Al)Wdgs+;+xaci)Pd1?3*YJqDZ3s1LH-hloFo z=ArBM;~5)n=leYFWPcpP-nYW$LHWpVmtr@bbXd#La;w!ymqU<-sf;7+tz48H7nIDG zqUE>&wlA_cCdAQldoWZQyu+)1`#u*<-y$ZD(_fCJL!bT9S5*CNL>d?S?c3%gkpswQE`5vJ(XWQ`@w<9Uz4_}E zB$gX*tmqV!?QmT`>04~7ACNAGBFkM*{O|+Qr5oyiR*vWWToxJV`iq5rdtmz=fwO|r z{MBeVy$zf3=pkgeD~M~T;CMRgN#@eYaq~Sh{CeA_Uuj-YhQM_py;i!^LJg31XZ?0O z^?2f^q3)=HKT%QBYr}hz1{zAb2IWcP-zEH>u6MhNqtXZP`-G|!`z6Z=&S|)tqxH|V z+uFX86p>KeEhulpb?K?!&6zOLsrM#%^PY8BU#)4Z~vqEEgY@C z=?9V5kcJS)?ZbJl7!>QTa(A__J%cg_E|(Mu&9G^M@{#2}P5fn4iteb9B;`$`@70g@ z%WY@&3325%r&mzQ;JSM68|>DjEy!|r60dP^x*UY&H1NKAyz(jPr#2}v*S~MJ|565b zBV1Si*Tb#_>VPbF1o8XOO!PEbeJS0W(M=KH&x_uE~)Cl>^z=A7uf++1uvL7R}} zc0Po1hz6s1kETeS1Ar%7a&A-x*aY48)qFM1F;|MdBG3}d&CbM7TH z9og>*toHM(j?cJ$ThV3Iw{TrKc({qgjE}o|yd%%kuffwWkE89!tDhQdImqoFl<(lW za=Qo{``)y2)!${DFZa1Rud%oH$IIZ#Ytj3(e^E-z_?P1z!uf_sgN}dMevs#F?Du{1 zE)TMg)xXazgWDditHt&9?!iZDE;6DB3DRT!u?5&i!F#wEilG`@?_0 zEgBe<{a=sXx2L(rME9*DdAFONf1l@f?0!Tp9p1Ps>TlqxpoHPJj9j6}VS7m5iC0zK zmA*&vJCYzBHop^1-*UL!;CAx4jj_?aFZF#gTkl-K9vjyq4af33#XKX;_Uka`Z}PV2 zehnp82ic!2TJOYwOeUGK;>!Fx;SPjbnf$BsFvD4^8=rs6eoB(7 zBiWLE`yj@@;8v!*OgY5I0`d6si8qREWS z*?!%2zu#or-@pw)nF80<2XnBiPO_E8aZ?z}{*-eX;>V?2y%_U+4)=4zU4d;mS{KLN zNxVT_#$(XAU#7%-Z!)8$HzuxJHy%@bBkd0B!CXHtjNS2Q9G$Z| z`rP?Prbqguwx3sib5K%QFB*tkA@9O8NSA}rG01Y8T$m!4bFKgt_K6)&oa~QF*?GgV zTY}OGuJd;cc8{PZkmW8Q{xw>M-1ui^hSzrv_~~HBRRgy&|8KaPvHKHc93IO(DLX}u z=iDhs_XD)wOweVkj2?qqM-@!Sx%u5Y2g-YUl5kwH0-_4+P-zr}7Nx*`yp z4)+{Ex}$f|Tgc{zv5aeK9=6=#JA!f=T$c{lHe_rQJ%j9hYeZgZjyj??s1p@nI=dPgKYPe&uc>qm9miv06bol_SKueJA_Xiq#^Es9qxSRBSJDLtT|6{Bc zoq{a4?oo^@qhrwBYhv?n!S$ZMHXU;BU|MXYmk_U<@cf1xNS-;kmM2Dd!HIt-yFW#B%;c@G2 z-u?Sw1rG!zdw!IA#~Vq~6x-90h6a`s+DuI^;YUlnV^E>1!g- zW4j1h?sno;gOn$v-{)5Dgb^M$f0egR)N;$=-etJDZ*Ws=TO-Rom-rRvdZhl^@92&4 z$7w9L_@SW8HQeX&Qe_0TlaS?pO#ExK1$|HY&Ul7mv!)7>o2wCnj;uR=4 z%={t8`Mg)#{Y1~-V&7j|4-`MjIv~TXkKIwI4YJ%@h(Cg6pee|5bNOz$=3~pvn-rA6 zhPwcpGPDL+ZryC!V{|%di@IM-dAq>#cf6l}Ew}tJ#)AyE4>tYLO~`UzBK{Hj62)^f zws_^jatn%s@--8Ts!h|SJ~|jJJttc4gnR8?jss5xr8V4upFO@?#lFzkbw!rz|5)zg{Bf(9 zXEXC+v;Fp5_hokNZt>)x6c~S>!fpn7DUQ3G_&T&1X}PfVcWHw1Rx*Wtqw)6->}uqs z%K^yx8zO!pIuo@=6|B>D{hHo>xzPU7uKwNAL0M_IJ+Qd~U5_kx67d;mA$kK@?hfBy z%dL2Z^j#25-_NmGi+(_sTk{zDqo^6mLY7;Qz+agbl%a-u0yb??M`XEgH22!IPdL7h z>^RftbG-K4?x!s;GtUFp<=;z>V{QXogDltOhsG^g2ZL-sZ1L;S_S~g!+3P{6u@G*O zXE_#|N6~boqicTqmi8C%15QYnI!NY4pCL#2X)wvJ$8z2bN*j2cd`FJv_b+HopOd5Y z^FrbSl|{H9#Pdb-C{ybi4KMMtK9S$xx%4gS8@MhE!geIO3mHFCrx2fo-a-}NRm$4I zn7f9&(x4>0ALZ0-$UG&#`!TYd`&!T!;+%e`-Et;yy&6j3WW#ayV->&q6RLJ%>~&s3 zd>opFoU1wl^P<}ET zcb!SCVmW)d&Kdr77Q$(`C|XVq!2Sr-3)%Zwy)|tdx*iQgGoELDxkMuUs%kC0ewF6u zo_;>ddp{^Ad=O2)+1NCzs3!9`TJBQf>yU=77kJ-qa{Yh3uNt&IcIlV9C@9w&?q+QF z8-xIq&wa9Njblr-p=Sw~e%2|t}`Fs_2KcJtH%}4(`nfr$Fkj+P>{{7GV zgmsv3Ts~jG{d<^oGd=lzrBCU(oDeXhPYmuMc?zSmX!X;2}fqO&hFvu)nyUqoLw%qtjDm`O&oNM|yRy zV~%_y>Sz9npqvQT-T(8k9gHR+%l(V^0d43*qA;4k^ThU%ex2_3^Hwls@2)>{Wl&Cs z>+);-_`A!my6(L)!>WUxI!_>yf^n>(aO7XWpE>zBj4c>}e=n6_lB9UH?hivThTd zge>QpjE#>)di{ecyyq0<{_1m!Hw2{xTvv{>usI%`f*e=N#r~{=@65S#k$z{uu0I;& zr?0M;a{0G#V^Dg*b>mF=*jdHX)ri(S1%FH}eFqyjgDk53Cb{n;W@{?5~C0bvUnU$1Jyc2c9{R zhPoW{6U;~0^-_78S;vqdeFNB9?%$>F#02S^vxVmgxGw)@!#fKV_}nFaz4Jct73deV z8LhvL#^ZVKdsy52euu8-+3sI=?$)5>ltsCRbWE3H(aA{tb=-X7SEF0djmXXeH}cch zt`jQzDJW;ab>-qNY+gVsk>$4N#F`}38+Aqb4WiGNoBaG+m-*U9y{T8p{UswMjy3C&C!l~dDs4a&)>qe-gC!s zAG2qU&nfzg@jbY?e*6Y(o!Nm1GZ8 zkrI+2aNT{|j!o?|;UeqrO~mg+)6tV?>UT*pc7|7uH~Hz%ocnf3RgYUzH6%rF^L&3_ z!Da_aKP#5|0`WIcIa-byF(=vhTE9N?>)*4OkQ?Z8i!(wp&2YD1lbXle5wiYXO1uD# zMz^Bbx01Fh)_3*&(W@t$!|mYbv(o)TG9Rw1&-A^c3l2|_>>H}aaQ(}P9Q3`TMEz)6 z@07t^3pdv{d`f*m%aHZAQP*^7irSzPQSDaIb%ZN@f3vx7C;IJ>91vpv$mo6Ri_Hya zBC_1yiKlhrexgHA0S^deyiXZfN9aHI4f{Ar+W6^ESSuv8C~qzubd0|vcHNNWx^%dN z^X=o(q4o=2dmNJvaGT+;Ylp7F?&BUQazh;V0G=U6b56s(9Bn(KZJY+XZnv;@Nb=x1 ze|6pNZM1z8;<%Mvw_6Oi!1y~6Ugn?_c_WUyiuhKfVJFAE`6~y9+Vl+(KOSjl!?ESzyZ6_%9s0!QWF8WdnTFd5o9j^_vfSCkKR_E%IjS~@v>ND@ zx7PlBQ|^nTqlThGL-LVH-(Rpfq&v@}$Z{(*-h;LT9gRA_#`{vV(fXaZQhyx9=7+-i zA@=`^ro(V-#-MwU^&?V7)whfypQ3V0{QAtMLq#L+t#dxl%BVLw1LfCCW{m=6n{>$Q=Cwm@4o#Nx{d|_wEF=%Wb>VSr zrlF6Kj)(aDlGHlAc?LjFqf&}T#w;)ImXZb<3R{I_3LJNzv>sP!U2Xk~{~piY>hU7D z@4$8K*&_b_=V&uh?qt>Z?ft9sSrsr<%5~uy=3dY8e=+lvkZdyPxfI?`-s}5@qo$|tZ)(j8 znY%-fPIq4M~Hg(e%_cc#RvTNSNQZ{+&+T1zn?OS<=HurQv^LJ)^nC6=Is)l_S~JW#u}yw`rR&vQzRK$mlEAXvxyNH~)8X&9jX(FE zt1Y*%V@P_!b>-lEc&C*yo*2gs4NR7sIj3O^$2uo5kKZP?9O!t68(%2u6q3PkZGE8W zH!hAF0s8;!OZpbWeaxi8gYce0uf%bWzKG`%bS~^dOF)p3A><|a#eiz;$l z?Har7_cJR&zpfl^`e)Jdb{0I{$NEB_yWOuBhqbCALpZ15E{?hnd*I~Q`=;g1-M50g zkQ`~a%bCE^bt?D8ao2IaE#GU^p!=2Ca_s6IJN{Y@_awM3KdidY8xJ0SfLGp}zx~Eg z*L$y9MD|(OTlUl^W@HWZV;* zzP8>eKRYD%z;&S$0}Z+l;>j>Lh@TG0oru@GD_V~Qx`*Ux>;k^wx%|96?|WXxQE4vy z<`7?rG;HCxeh@z!7VD3_F9qj@gu4N*tFMlMsr6MZN6WpG z_#mWVB*#SgNb4(C{)^5F$xh?1o3FShj{7k2=KZ`jdg>myG4~tpVV_6q?dP$16TOS9 zziF2;o{#FFXDD#CJy_|Ne_Lbm3Th74B5WSM898D0%wf5?rZtI z5oi)py3eUvrypY)=mc~OvisTQ9Om_d?R5wGgydVe0pGzwZ0<#mAj@4#{AaY^Wt>Mj z4WiG7`MkHF>8a(b+~;Io6p~iUqxVUl>-D+4v)c1J&R_r6BM1F?qWo(8&4+s~To-!7 z({IgQ!qKMZFygl(orARLS>mT>1)R%_f36>NH#U3nZ(rJJxi};v5^zf|O#MgPOt??N z4fq#+AAbJXmG9Zd`CCqWBhrxC-)r~W`U1U28f?3l**7F_8g4CY@^g}<9!HxFVdAZj zhB>^qX}>?>Q9Z7E9?ZNnB+CuA9kyqqYmw#7C%y!gqlUlJMpJla^JkRVoyiqFGTk6! zB7d3rkbWWg)o`7^JL9;O^|$mg#0Pg` zH%)ZCcD-H&+-aU)>Xy8P?IN@SX?;@N`-7xF6eym-s^ph&-Zp6xo}q+u4^Bb z{S9|t+J`*2f58p-3A6&BpbPPV?7nj+Xl#@fAoz-ta0hTvtOpNxkT}#Uny;mEnHp zb2r9u|0G`fntkUMjtt32lfLz_T{D9{Y&cqf#}c3Db0>35RR6@>x7&HHH(af6_4^0Y z&NPIL2G|pvv^EM zdaR6cPsXMXx)E7!&LE!Q(ADT7wCP@+|NQ6Hsb(AlbR-lOg`~|_QSMl5CZcj=x%opF zdquCH87ecbHT8IJ{jU1!xOoqSWDVR-{@-ajly$-AYGk?Z-@tqX+KASmQpOFm&eXiW zjb|P`>iP>euATcR^J!lzK??Ps{x`B-9t}Vm>ihS-C*wkDYeUfr_N{&_Bpt91M1EW3 z$lHZZ+Jyu>0<@6nUJZ6>Ue^uhLO z^dhp{VK?*M3>t^_JA=Kt>qgfX1Uh*4N7KRG_rfXk+sdQQ@w%sJ&09!gWVsPX`R5AG zzryd>b^P+Z_q=7_XOO2uvIVYd&s}@tsF?l8o=7+)uGvhc+Xd z4pj=NQ&3$LxF(icI{`O$YDgZ08}R*Yh+R|E0a@;Ye2=3)=SHDn$d-%Yrd+sj$H26Z z?6)eKe;>tWDtZ-JuI|tF5$Bd6w?CV!2PXSmn}3VpwukG|cQtm~P{&(ixyy-fLA6IP z$A=2PV$Z%QUfmF=>(#TGz8}@_F1&DNNLHQET`orVqT5g*dv4BP zkWBAa-g2)$pxj}8hRuH=Bu&>S!3#^c2TQU05@|o&&u6L2CiCoxHlhlOvr3tb-9m*I zLy`~2jgzgyz5@M$lzyyV4%%PJeC#OZW09_(w*A4@{{6S>9P?fZ$@PZY47+yd3}m@F zU(la(*Pu5UE4JLc1l;^t%<~xTQ0&H|a%8#3-p=zgnux}uj9=Kll>LMB+QTcn^tAp~ z%%%N?8}O1-wqm2>1-0&o<(@^n7t(MgN1I=jtwHNAmtQO149RA=uAUi;jn2Q_#?ksa zg1a`!=T7Hn)4`+0KIfFa6_U)g(fjriHd|5J=veL}#NR}Jpr26dHW~Btw+?^Pu7`KrAm@kjJgA|?Fz@@abEn7V6FdGPYeI7Rf50t)dyV0`{?a&q-|zl@ zd2#8hN9`}|wH||er{T8YdUgMUyE=R8`W*M(15#;sy!$b4$c)JeUIDvyUj1(_PbJn^|U{RJ8M{~Jc{kpaoobIDQBE}3;oD@x|Un-C2#)6 zax38O_kGmgMcDNimnI*@aU%)q|D!**eGpepr!YNymj64M8$;3%uIrC9yq9&z=m})+ z+pzoSE1`L44%*h2by1xd^WgpP32nV`!I<}2wuR&@!@XggSN_LywA^<0Gk%0L^xAP8Mc<|UtZ*}FXL%NaEBT0*_5So(A9s#)t}q@=KQtgq7?1~ z!yN)IvQKUtck#GX)~|W#@C?U9?}=D$!S;~61lQ%?5^NTrkC07=t;GM-bK}|n_^;Uf zJJ#>-*?cCyhvZ$uO~>x9rO9#>N6S5x_ytHqjSYOGb0}r}n%H{Max4A_$r89OpAEqF zMf5$g+=UO&-$&sGnI}Z4yimLJT#sAr3$Gv9nlT2KfAf;VveWoG2Aen0`)Z4CuHHHM zA)c?%5ES~5@3PaTX86w$J%ajd^NX<<2YLo|ISV)rFlhb;HL2|O2~#b`bnK9*;9 z)~)Mz0XjYI^;axc(!+8iT$c_h4}1H_?9b718xe1XG<4@1%!&GY_WhIGjIi7X*OiM? zvDNwau5sMMUaun8_}nKa#pZ`Z`8RLBu*@+27GkU4BOepTeT(=apZmih%qJbPd;dVo z@r1|~@qYCFVVP&RE*(CJ<5o5uN@|8>rAdc%@bsOQt#RBj6H;aWN4)es?#sQGGQ9dGl`# zIa=&Ifab;FVc*X6S-vD13zMvj(SeF5Jf;GBkb4HM6k z*?g8?FD$L$Humr1{n+Y!;iGZfX~gIH+;{c=&7$)IE}wNB%{-gmzs|28ma`0ZF*awv zC9;g8^>-cd-;suguS=6^a5Lii@yZ=T-K?RgL0B#}>Co*qZ-1YZ$6~pG3sdFCpS*s_ zp4Ls-bdbZta=qbBU_V-2kF{SMSNEwsgmW79gu>21VR-?rs~<|S`3zNmJT@I(C;l-?D<+*e&i*h->I71y@PriUe)jI` zGcu13%a?Eikt^gK5$pz`_mRDCtDoR~7u4cO>R&XLIx?4cFSJ~wZt%D<-yzHn%NFCW z>;F#2)^hzn8#(Mt|F-~c>ZWM9cn+Sf&zKX()$cAW;GBl@SqGYEJl3YKGzrV0a9w*` zhV9EmX|g7cd&pCa=b#9e_@ zgUI$%Czy8LjUQwl7nV1Szxz|~=shgM)^dM4g1$(RcX#!^?aki;xL?2x=mip%!_)Dt zRdL*(h$m0+(xLD4*l~YX|Jrf?+~dRYo8eZ+_E6LqS%0r0ek+=aicvNCeEsj>eF*wH zEB$&$xqo@?N#F$9w;!VU_r^xC-$~Q{nLf{deq)M^<7XQ7nh=s^k*la<+BbOiazEyvk z=VH_hWg*)hFZAmN+a6b(On(xt>z7=0LyDY)T{~pCV>tgHT2`1Qy05kMccss@^>5KB zVR;*_t0&{X3+wV(Wxoq6xwLP_-!Ays3tb-PZz1t9XdH_F9$!TQf6L(hXt-N1s~Sm% zC*ru@7c$q*xkTxZ+R7Wxv*}RKCM;DqNAKGU*v>m1Jp})#e`)BTb@j5=& z_RmUA4NHBvF6cVZn%EwOwAXZvS77$IPBaWtLvGu!G=<~t6U}U7oplI~(tVCM02i_F ze!jPQu@LU*hT9TeM|5EvcLDJws2t^VuM$&_m)zk!U&gc#?ZYw&Zov1Y?o{@lL|u^e z_c7u#(Yt6avg?~N>v{bftryFEPGQHeY%}TkWUluO*uSu~>3Q%p_6Xx=M{u-bIk|p% zN~f@-Y>B3)>nAnl_pN{apN$;$X{RG_bKja4BwuT$<9m;{%YX1~DC60Rs@o`AQ zvmEXEBHMnsd7qrq!*Z_SzJ`rHm%PK#ro$5A-yseAvQ9MTjIb2Ib@kOoY=1}fr^j;p z5x*XdK_ig;PW)Vde4#CQouQ0K$nPAMd*HhI^*L;GebK8Nt-qfTUx`*B{cf@4cK6F^ zF=fwjbGwjVO*(AAPPG|n3A|CuDeD+#K1(~nx+IsD?pTdHs-f__usjFHmD7?LUO)K_ zj_Thque?|Ni1-2bdB4SW7BP9$F>QIu>=l;J4fiYTUtzvsLmc-(zOT2Fa~gC$c{cym zb$E`cN6RgOn^F%pJtcG)vi@chZ;jd`-T!zZ>ml-w@VNc`^tAJoh3C`HFx<}A zslPoqYH!6)hqQ}`7a$$C3vg5GH1Xy>)lcO~Z}KM`FWFdU?sJC3aqfuY^fw$GM=FFf z5{|ns5Ayr^|HnDn>(u9gUOX#kh=1=+ebQjluN>}k3Aoe#AvgB|`l|`JFa1MqG2ALY zM$_|@$E!u2zu$=C&SbOi8fzoT5SeeVb*PsLvHK=xUKo}ZaO2Z=K^(WT>01D|H(VD! zfv11t3yvlqCAV!;RetB49Oq{lc4HG<=ju3rDtn!|eZumZxz5eLKflIt^}AM^Zt}d| zmwZ$V_dCON`7`Ocf0jQbKPioCdAuEZ5~v%PoRC6|QTK`eA!D8XU)M z+nevbac&IK@e4bjP~`jDhq~U4qX#Yy%cpQ%{WK0ceXse6IIceTyvjKZx*xmN%Tt*P z&NcPaA=FcjTLCxYC(qvus-seDm!Xw$+^xj_MAe?>efDd;btyAydG+#S{5^?6V(aDH zzF}zx*M&pJz~=e6Cibp8@qDsR`^GUPI~i~laGyH6$k!gA2IX!*Jf+rj9jIPRmwr=wSqen*z>s^p$RyTmx&>;&bY>@xc0 zhO6~~-lsR?xRtF>bNch#3)kgWt^YT6NS1|h+{)IA#c*FU{(cJYTeLoo`&Qp%NiN|T z2z}KmwtuoXK{^y(9+pjTT{sxK`lu1o{=VOjNIjl-d(;_KkhUtV2g+e;D87R7^mCM> z{e9KX%u{Q)T@!@<-FEJct3TXPtxB-(n85yQ{+&r7ktGlBg`)+Jc` z%mnuOP*;Ziy9w-XkF&3nz+T(Sa_r@o-LHREEiZkX|D6)pvmJy~VBa=@y?#$!gR^g$ zz@F-kMQC9en!x^nIQxnO>96-W6Z_c->?g$8uTNmF9tN=gC4v1`t#k>_|3Cu&^*3^` zZ}RKz>Gx>d->;UyUf(Lu#lBwxd)=QwgZul96WDV}l861&1on@`{r#K-_MDP@?7vH3 z|3sX9ZUTFTNu>b$X4`kaewY95@XJsC1oj7FUx@wi1okffIs2Xo>=j*v{rm*>F8?|E z`~>z)drL9)$-nLH|5*R}o&D$p_AL3A671V1uy^^_*%u_Rr#Y5V>_;cCclp=Z7bdW$ zJ(e=;KTcrp@~^WWn!uiJhLmGp=l9*O-{oItpO?VCCiWHB_rl)w@6RdWnGIcol&bYG zepWr{mNXg0xl!nernH+4qtA)${Pj7uUsgOIEO)@wd#s@!dob$Sd3{!NTuxV=(2Bj= z_?ZUn@7ZxpSJ&G9Q($0NW*L9)#-EMjtI9*ZzuO{}l2m<%_}56ouN(`PvSzR^HBO7@ zbEx%K3h3_{e|KV2_XXA*BK6mC7ZU#lWxmLHG=TN2W8d<|9S8X7VErw)J}mYAh^9jh zHmlRCORm}*Zhzt<(G2t?(s_hx1HCqDo8Nv~ZpqNF;vVLU0#P?OuZRjR6yfjHNj`P-ERcq~Cr=2G$xQTgG<3}+zQ_)LE z>v!Le)Hgomom9?!gl6N9_K^!JSi25WLj|1g3}*$ur}OjQa@5@6u4jwJXL*b=3SjZg z^wV}k^KW&2rt3UvbF|mhoOoN*8O5*j$nmes=7*A7!qN?{%fDx1r~4{h#nEy{6Tcs6 zc#Na&H?e*c?F#FgZT@xrU%8d>Gq{0>g~&8)wxL=t$8u*8FGcbSdz*2b)ra?~+I#D0 zmizk;rBIgc&_;+*aC=zh!gbFplcnVVzVEx-D`&fScZX#yJXg<@^825o z&B&(bR(+w;-hr-FOKvcve<0lOZkCo=gaZR|zKauw%X zy%pFJy+7(>eoL-^fsXbQ5|yNq}RsxrsB-dRkRPvv^o`*WV|dUNg%%Q5g= z{;9+7--CWe_Imewoo8z_4&8++80(l&kRq93_E75;{oaFnF3Fh~md?h{->}(#F6*$7 z^;6%M=*qd?NUwQYfHIbyBIEr!%K2G1DJ)kT-qrm6?PwCRyz9F%_r$qP$fn^a|DHHr z&f{Tu1Rj4b5>nn^{~?r(>~(i*SVhj}+(6V1Wi%2gr0f*qV|PFAoE(h4KVMi(J!AYF zj?HaoG_u@r#3vyQx}UK6I{G#8Gkqji9@STuo<&d4{u+NLWBZBPzZuJ&O8iUI55Fy#Sk`=sslA^>^acOL?aWHD}Pec2_SA zS{6sw_A4+jBP=cdissJ~`2Fta5@dM~6Q7FaA?1yt-Y6h{7R8mv{O9Pm!pn_#OS$Fu zx1zt0P0wTIk%!PoGz=|m$NHj=NK?{tuAi5tu|Mb#pA&d7EJeo8d$IWr9r|{xpC#|` z9wKTxpL(?hd)YTim4%^HX>?-r-55pY&11Y2o~t)*<@bL@UEYoL^RM@qhg`tDL+_$S zl*^?VeEXw&RmN?0e@{Q>mZANtOHqC` z$yn!cZGI~Ln)YaC^gf-on7Rn{K{j2dv!C|$oGV028Jn>4dF}l6NV%@v$p40Zy5Zh| z-2!yrhq2r##NS81qphf3F@37Xz4Zt^yLY>E%JB9BlbF84)skEH-^!o)R zaK3}1_2>?CEWh_8dI?$odVfNH24#Lq-wCaJhO)@SUQ6=S=wh!d+5S_-wy@L?eS-JG zp<~$FiVeR{e9!yNg7!D)_wMs}S>Df-&jh>&7N_iLhbqG>f!8kq??|pqtC-68w-|%W zU&1mz0q>~)C$9kB+wfeu%z~ro*PNrhFS>8mYnfi9xG&@7WpK+4_f&XYQ1>|QXXK(w zI9Gt$z8blO$Ey)h-Re?soJrvi_D4{}TO(HX!ZK4IL?x`(=_W_w$j~ z^Sj!Q-@!19kmWu=dAnb^@1`%tJ~vu6 z7yE6=z{XK-W@@&4X8ipayXEK`WVuy8qs~J0(U0@1N?}Wp{9Nk!wMnwtZ%>9Be~YVR z%U^I^KdLcyEzpU`a`k<{4xH0)-J&Gfbf7l|ss6g~M$M?dxoO#QL~@j?&rdpL@a>V_ z^Qo3Ef)3H`3gbRX-YYi`ZhOP+f=}bnqjCOT|2gZ%&{Q-L>AL>aJ-xcG(9geioqTRa zwhS`d7qIyheXX{5==|-xoVErHMg>T@^Lu&R@d>zjHM8YGxHGcPOR!^2w{E9KZezr7DiTeBa zSNa{yDl&tk<*xatip=7ihEM0xcS(?ct-m=9vgK^UeI48P(ED-RJJu)5CqDNc=G^wi zt$=&8;V$>NtKzt=r&p0XPOcvDcVDubyn@bM?I{x378bsoC-t z+<@=zJZwHgUm(kExQ_iIQBTwvrE0y?&f{jx^8B{>x2#>Z{A{?_WAh+-Lv8t6u3o=j zJ@q+y6y1+D71JN)9S2Q^=G(k+5z8&=lr5QQ(R5gj%}$i^eJuAD;`gAJ(M;6(F8bgL zlceWr@|vFxw*JlSoGmxPb>*!L8|{~T$I<#5+(0@Y4JUIP9iW{*!t+;s)}Y@_;&tvw zDDRRj6XEh}km57pRCso_d}Fv*V0S$ljx6`bZ&G9|=k7=G z>ls!j;7a#wsZupsKRkln3Y4=c=D8_t8}Za1cn1M(noeFQ_I$1I`;rIxW9qr*WlJ_Z zS003S)vm5;9lJS}`!Mk-Xg0cp z{(*hYEpM>Tse-x+fGDevNJc?qt|r*C4r0DXjPI_UTA)^TntTF$$E!?`!BS+l6m56%7hRqHFa zpGeLn*|G|5p6~BY?0Wymp8m*k57UHs?^tx=B z0N0hD&DiMoB7Ws)uebWo)JaIgAxEUj?2){aGc-2e$CRJzv*k^=xe*KYFT-{?`UP2T zhu;`;|DARf<)N}~8Gp*DE`^Nmq<-l2yH7RwDd*m7`P%qfS|gect+71=U4<-nCh_^G9DR-^uqMX6PcYlhPnH`P zmo5DgaR0=1U%Azu^6F{J%^9C9_rT4MTp|1K?Vvx21|rKn?@#grdJ2t4waE{o|HqhY zjjGbq=W2d<#Lo`}k7Ua%$uRukpla=3+tyB%KDos5?w zo4$RB4@P&R`1I{GdG~xKPiD(>!*%KVbR4&`>6;JtQ^R%XTN20pyY!uqz~92j*|NiM ze}K0GrAS6hI-EiLMszQ_18E!9iOG(h)RXHIaLb?0mafb@P{l{W)7ZR@-a|HhGmdQ9(RSzpZ04cVDzV(-(=y~bv>44t`E_{* z<nEgkAzpw+AkDjl^u;ufZ6}Xu zsQ55j2EuXoX&k@zB$|Vqf6QA{{et-SXd80tkzIeTcY^zr`*F5BVz}uwGNe8VBFk+{ zyc@az>H9o-|I29~)W_a_f6m_jKv}lDW4KpfHw2ABmOGNYsvhFpV@Ug-_PJwJ0&W@H zO>oJ=kx<0<-x#8gybJHR{GjS-BU9vAm>S~y;p(%7nEu=+ep={twx-ux|Ek}WSAe?Q~7H<781o?LL_d8;dkIvv>D$%iS-{xOcHTGln`~JQ*ZDi9 z0pkYP_C%Jufb(CYb!h6;)X02tCUw60S?Z^Q`s>zt6qRR7gIdx1_A6t&x*y@qaa=#y zNS_K!`6*Bdc^h*qE_$nKB5J?!lRW%F72>TGFrP&9pW{>PdVbWF`yZr!68uSCb7 zyVt~)K{+P`VvMyULhwJ(~3xdqI(bn(BO|kdQrLP`!A0yj;(0ixB_Dc%jzGb+s ze)yl>Y{EU7QFsrf6XRf>b@bmys3%IXPdPZ6j%Q+bA)4v?b+2C!9)B*Q@DRtQSKl-k2@PheZ2{qrXgx^lARUR=cP^H+d&FB7QdNg`9oF7y4KlD&X{mLotnn%lN&~=zgRwy6gH%?NOat3t1a;}k%kL6_U#b;E`hrP%3ba! zQE5fCY=#?%Sg_^+o14+?$Z~%szF+MOX^IXWmem!Gf3=4NyUQf_OWaR^m)|I&v! zHyP>vrS@L!@ckVQ)0OM|U$Ui_;p+ZL`u)FWi70^U5iTx$F=K3Dt1!d4~=rG zVVi?)Le}5Gbx2qAJbDIgJDatq7kTM0bhNhyvmKer<%irVO{520m%hJXQ|-_UISg6u z8N|;)m!J-J;qT$J&$RvO>r(%@>*BT|Yqatq6s0wh!EpIgkx+o$Q|LovxfdPAGaj0T zo9yONQ3SVy_okM+;f4uZ#yW*E`2NDZZO<4 zvDNpD&yV9?PJEEhy_I7{qiDa%azFFaw{$-qv<{1=gX50=huot5o5(?M>qM?lgz4(Y z_~e6e+)=!DUF`cijboyA)UHRBnoXp!;p+Z`I__B#$Bo~gaBtiKxF^AN`HU`qWS(wz z9M`{`$bsdfd;N}bA>2z1SNC_D$T;}iIBsS4cPoQC)^MG_rE%QK`dbe7b-4X~!};*^ zd*UC)ala(K0crS|cwiGrs=NDr%cvJy-u%mn z9QNhD6~R5qaNT{&jN?}JzLmp0-EiG~s~yL!tiKg-2g7yutqwe`&yJ4cb|KyyX}FT( z>?;%Bx6A$emS4MxJeYtx=pS;+4r(H=z|HY5^bvT|&?|A=?}-114yaFig4(sC9qQ|~ z7d!m+LdU_s@;QM+n#i|?TMwHMYKCn6+l%<+=uT9KW_4qpxU0u)>DTL)n_s7i>@eIS zY#v7?$a2>b{~6V7kRkh{<-;QSO_5dr@&{6X{$pntxqBYmBYsRyLpI z9@a#zNWcyMLv9h=yAyD8{vo#%{CQX5ecwuC5bBq1z95iNxf{_pdhIlj+#c5L$d|IX|6 zX*#p}y!V-B&N*|=nKLtR1MYb=-|IH*dSegwXusE;b!xh7@!>Z8FS&(q_oz5f?4%jY zRvvC=^1adi&lBX`!uWAwd$*iT<(TbtKC4E$q?{HTkKK&zdg5>^TT^7*{(9nY^7kP# zeC%D1el>QDup95jZw5bm`Qap)&sLYCb!I;@X$RZtFVpv!?vzj4KS<#|LT9&skav2z zWWu%AMf3i6Ihp$A;YNY(KMVOCzka^%-xk2VLUBjF&ls2M;-?<2xgWUS_4mV#N9LxT zkxspi`OC01T8@75aLsoW%AeuH;Z?>yNAfop?%i;0fAQseD$2IWNs1TkZq=|0egq0yWd64O~;swi3{O z*xZdKA|2o30##%H8iz(8b6bxl-{t9_B)#u1FYP$c zI6oVv%XS|>XJLD^evUDI!aMGa(#JjbU+_kNDTa4BJTo3`N{sX26r&2Y;*a}l@-1pJ zhk!<)#ylUM(;``l8YD~R1ZUi6=G*MNZhj3!W)Ih46~u1>6Ez1m_d<8Pesad>!f(GU0;Pwm-i?k(hpA(KwbV69u-*m%~q|6fox?e(bS+;j=Stsk{u4Fa}P&{U+k%gL`n zCUHw!*4HZCuk6!@S4F#=!lvocN%{K%w%;53y7AoZcw-LpUIpgT7>4Hrej3%Z%N{PKRl~_w{t(;aA~%pDfeQ=vo&Ma z6*GU^|K^Hv2wNQo_t&GFR{YM9+UX*=9pKt|p0xVhE1Z}lA-0;^Jcs9@*>@A_fy{bV z^WH=ghq-PX^gK^y%XAs5{5AK^E4l?Q6n`!guvk&PSUoUjK zTF^FK>eMRt*LPW$WBVL>6KU?R$I(T4K}ha=u%}R&%!;pDaDuXOdYDaHRMa!tJfNeX)H4t@3a`CchV%RKoU1{gazydqJWd%5X}(%$7x2Jgq! z=dB3t2E{ewqN}j);^7|cxG0dtJcJLo$A8JqfqNKkAR0OD7chS51GArp>m9!w>AP^n za8IpWnmhQv3YYZM`u4S@W){kCCnyZkVE*f6|{Vf;&=iZFv~w z@%O09!CzOgEf1eyW4PrT#kV`=J4^N1XVSTB{rV+3zS22evfc-C7lvJmktQd;*pZSyJr)}aMHv57;_Zh|}CrU1ydT?w%q#D2bDryjp z_b;mn^9Sctkrn51e;ExpC0VNNttdlzj<5Ox=RUpZKid9%@%VJvt+(!yGp?KK_Vebt*I&)ex{rC1da?6V4Vw%UMw;7$d_QE;f7qJunC71o-(N82 z$@*I`k^2jZI~<$IC?9EV5&2KhpXdj)uQ_WWA`W+x>u-N`e^(}_OFOtWzE#hspTRpw zYO>YbcI30sf6&cH$DzRO=jr}=;r;0{z~vs~7>8jq9?e9WyN3Lm=ri;_GWF{a_ukC7 zc@x|VDW^KVB~#L60$iKSxY@Le-(zcvw3&zcr{iY2u9B6<{GK}gAK{#M0rv-y_H*6$ z<)lCROuCz`Upt`v%$k}mJKzSQ7JQczo7reC(%jYLUqU9m&Gs<&qC1^mx*T+N>s8*g zblDHrwp*WKvk&b@ntN;ml0z^*<&+=l~A`Tc89FQomcbRqLGs1>>pb-SDSk*8UUepZq!=f3!!1m3mB zIP98;-O;_mY3KUhF;FIS-}FAlDy0lPeGM^JQoq(*EotpVXZ7 zfT${3-HNrxJ)Ls5lXBM|TXR4CR`bV5Idjuxrt-&@yGGbre~zZy6~TKMo;i9^Ig7bY!VPfz`zUrFU~^21DpCt+Za(>U z&>!d^n*J1%VuyL&sSRb2`Km1Hg=r^kxhYuAya-&I?0Kqn@xMF%v?tQ#eZ|Wrhy&kG zkb3YqZGW{l4axhB9c4sexLcb5ZXbxsJcV zy8p&J@6Po$6F>BMFDgiv77a=t_W*4F&3O;5V*U%B@zbOnI5W|Fr2TxK{2_EwOV$;k zO_%e24aU7@{m4G|dZYc!dn#S#!Zp{MYJdXRT#ULP&3%*nFQ{HC+G4bJBV(7;L@A`b zXu61Rtn$lxzOHypx_shu{4KEkH^-m3miDlrQ$D+Mo?5~A4_bw^pO?0#twVRCdTTkS z?OEg0!>OM|XH<}3{Bcu0|AEp5`b%yEuU{<|8M-vTF-b1o;^=*!}%7KAnoTV zZK}xGs1<64%s8PLb2a8X$wkguAAOz*pHG*rirXF=Gj8n4R&#G6e>)n9s&Ki{*O_WQ z+~5o8a+}L#3RcEoHw`U7ntPc1Np0!pp;}0{dwaNEn0|rwH&Dp@s!v?IVf%05nhS53 zTTjioGS|cIux>!wPxGC+TiJIfn&g>BsrHO>Usd~A1ouI>c6>1M&xC0IGCYcZ@4A+F%jO&Xt#$ux*cU0eTP0nz2Bx@U6v%-4U=WW z6zBQ#IPNRy@{vzm8(jMD;+h99<*d@>|LlLsD}fhMybzr8(S?dfNRqB5-y0Qhucy&Q z`V!3u5~=vrbh%d9-^TBZM7hY88)JVz`FSXfG9F-@9j!O~AZIi4nb=eHr4grVF~9RP z+JtmD*-bv>GVZ^lswl01_IxGJ0&}maKJ{cP?mPoy7&58wwRBmc{IcytLu{>IN7LU3 zyq+%GTt5vz9nQJve5C#CPu`@FYU z79h>tNdA5FE!vGt|GB&A=YLBK;C94T*AsaoT~29Kx||%w_TLdI~K?(*v>b$S$tCrrpu?qxdc6m3;hs8{2>5XJ%2l+y~FL=R4pW*MU9) z(tZ|Q&bYE8V?cBl+E_F&+~DZwqKO?QMw#(kH3IE)7RK!WO4riX>Q;O z*8icQ=oVB!Ih}PH?}em&sKfIR>)hiH+EcSTT~0jPX841(5@a@ZbCErM_9p(2mMne4 zv3`0sb{Ao1$DK>~{VG?o_7Z7-246+JLtmnusDQcetgv&OMQ*=R&)4Vf=YF{2p4o}# zRMB}zb3gboQLbj6NhghF9MX*AY~s{w+h^1Li`8cI(U-1wDkO zqP6$%em0&-H_YB{{n6#T_#hKi=`rq7Y@S7%k@oi>`J^s97mBVsEB-p0&3Q3=%?_$EoQ`#uuQEl$XgK8l-qHP>l$7Si0| zY;%>w)@tP{q1ZnPB*RuW`-Gy#Pv;M<3x&}Gz z({A^>^4i}(KidO<<_R=^powpWZ<+6835O|582q< zhK3@|%_ILXGO2*AsmD8+L$OS=)%7^%^bDD$B(PZfUXjK4Lvq+W)MQry+pRPW980BLUf8(A-bUPUjW>2%uD z8aw0qo$fo2H8&W{kd2D_CpPJQcy=6V?uX=mM#tPlJdpNx(gmgc&25|^zbo!}*mOqM zA+;n&vW2tEh<0(tO`*C+Y3XK9ya$i<4=0-G#!71G?n6k6ZsO}e)N-vn=**`XLK5}-}|0>CUahVmur$+ zevj=JyDyM)MTXRE96N7yusaWRL)zcD7lqO*qn&!BF$}2{(960 zndg#pe22RJ>iFh%$&i&Q4)Z@;R#XANm(a&sP)%ob@$24uS3&azc|> zd?#Y_7}_`_p8Mob-j#yx7{>h(WY&Ky%u15+*H@569h~QTH84B4u3Ko249 zZ{o-*ax!X!Qr_iS!Tj&~xs37YkLP|G7wrqu{*EO-7cE2I-IpA9z3A)1H7^W#U2$z3 zc6+#G#bK=vH*Iu=98%oV@8%gS6h_+LG~T7xntdISc|P6Dx8>AhEXj8lR{OM*1#s(} z8#`~;VAl@~L7IEo(j=M6zS(Fp&86WkWIiI3`S5(7>s#(U8FHoK+BhuqaLbBA1)l%* zwhwt@Gi0>lehlwhbjZW4c1@yG&tix;Z|uHJ8#zC2_9}){+j3O zz40x%FGJ2(T$gslMn2q}2N@qLu6eIo4QwMw zm$S0otG34{4tcXOSTj-jyybYfWyK-W$KMjT4bP8pZ8;m^;g(g-nl3F}&X|0Vu8M2V z+w&f7S^jqN@i!apXvMYV>@^R!ta3Kq$KS$v^v@L6`rB|!{CO+O-@ZQn2IgnT2a0R` zJ;%c>%io90Ww3T776ylwXJxA3tH`Al)G zzmq-Ovf{hY$KSw`3`uPki^FVqOVE2BZpJv~uu%`x8JT$vd!KcH&vi3%Dc5<$we8t7 zZ2xI{R(*Nta+bY3L;5N1Tkt+cpL)3Su43+(eI`BsP5ivFDZ3`=aZBI{`s;85Q41FE z-OD@{YLB$P50hVk-bSyYG4%PCKhF9~`hC@Yip{6m^=&yTncq?V+WzkWY&Ey6{_k3! z^OjkVA?X*!&YP_l$BmEYmQ^qM`ouTu$qeZU*T&&8cZr+;5O_j@jCH{Q><8SO;} zS@hbwB!%Z8D@uFD%_hEPKGnt{YjcLY+dSrPpFH|u=!B{9-1BCz&J(?jUO{HOxxEeF z_H_akY5#d>rCEJhc22G&uu)LaVQ#tqVwzY`-+k2_sOWzE?k&H$Uvhm@T-!d(^l-~+AGZ3GvtqbU zD6WmeA`iE$ICS&zw`333H^u!D-j674PJDbXBi{?%i3TG*ud&33Tl95?l*^2rx4+_m zt*&on#i7_I4#96SB&fK5#lgcZD-MTz{LTE9>zm@*IDF~hmKBG#D@vD#!2S#wuedem z5<7G~(s5W%{vGrU`V8rIy(qi%cqsGx40%d%Z5#sg;<;tTVU~}-SqB)$Dz1$~PY<`O zIPCG^27k@rNPkG3LdyeATc73UbTUNVXp+)KOQ1(w5a)aX9_-^)a z%ZhK)m8Hu=&Y=vMs<^gZRGc4w-pYzY4Ih7t;6CreJ?SX8K_71Lmkjw@ac%#hu7_LJ zcxb#&9I}4PkdrSiT^@RQxMjtmrH{V_a9b*_J#RT4ZdvDTr;opdzh}r`xb}Ly3SRw( znFB_;9$)?l*EO^XEkc{P_g8p5-~DYGmuuH7I9aQo20citRu3cYu$-1#o-&a7P^lH`j-oc1%#_DXy&- zQ#{P7v6((OYqEhszT+H$rP-Y=-mqWCy0B)Git4pv~FGjFfU zS=RAENog62Z{@|@yW?I0C6<$Jhhe*FdZy^75Iy15@P zpbq!-2J&q`pLId`rw1jyRg7!fhaDbnS?$9tpZ1|B5R@Ag_pY|ABjVoXxsS)kVe@_E zlpy_&Dq!|0SxljAt9zn&-ckFBA#foFrrRIpZwdK4dox%7t+4`Vw2tZpQwf zma~I?<*ZRqZc$u2ud%_yEo)xmuupj?PN%*p?&-@JAEO3O#QS^wO4c@^lmebvV{5KM zMW;FCw|9nfJ=XO&yID{^R$P1CY`!X8)b<{3S^d-{KHR(u zgVIHDZTao*;g(f?`}&l#{ELDzLvd{!mU*~k#bLdVzmgf0BE_}ya?g6WWzEa2_3=0R z;-I9qjm6jcd&-ml{Ja(U_*)3Kt>RjL>wCCm`CH-1()BpdDkx*&2BIyM$OL$Aq9#wp z``c?Z@BctgqsP(owdVP~M9FJiUN(JOx*iu_7L>Kh-*cX>BA20#NY~@H$bXDX+RN6| ziY3`lmA3!F}XIpY=>F33DyA!-JD9P<&=gqb| zk9oLdUEc;ADt(>L>%?_Paes%Gx`y|iAnor%`&}L-fuy&vmhi*RSEv;)%dce(% z9wGm%<-N=(4QcM_^#KKK3et`17R;x5Im5FP()JogpyKcZ9Cv1SgLIJ7Tf zJ=fVuGHYV#^>Ud#g7S*uj>KjhnvAr+50hVko<`Spb)G}FaX92t--_UVr?~5}+k$o= z&27tjH4d`xH)QYY*>wt4E-pQu&%Zt>)h~^eGuuv z8t37DMLuyo@kPfW6W^UrJLMs}SLyOAy@N79aXVtu0}Vqu4(rHoL*Js^$lOP_-%~r} z<8NA@pggF!HV&1ZkLQ*Zhqh1ov}b*TvL0^0trwTUy9V9p;m#(%1igTsLZ)A`y(#N8 zS}||G%UNfx+lS(QLD>V>t`mC$oANI(rbIdpACUhEo%SMg*{H@O`Z_1@e93g4$r$al zlX{(4<}E?F?Xp;T=#EX3ms8{xwwgPa{4!+HTDIoAW!L=scCu&?^$l(yYQcAmv3V11 zLz?>qd7E;tkAFYEZG-hVppcIvzM=fJ?c^a3x2$$@w@*76xRvp|;@bJi%M0WEEo**q zlTZ20ye%jV+Q;H+%h@syx2$qD%cq=W-4T@TaBY0|!Asb{x=WPy<%yr1z zCo|)$?!P$oO_#I4u%Jv({@U^J!`N!>(Tdme4|aDOLX`?yJ$F4cL80k2CM?P_r6XWC9ns&Vg@0YW&HCr8r;JBb9ULHGd zr(!b@4Mv(9d6{+@nKY2?l2KfT#>R6^z4#&_`YVz@F(^T}-t#sLTg@%&ytV(;=lXVk zP_9*6J5TVIhim2ug0J|`BTjPT8yAPXpiEL+TOKZgq5UnZJTzTh`udhRH7GBt_~yc! ziB@>HKbrij^fi&0-_hk^y1U+9x9dDCBKwrTLF_I@t&sM2IQjdLNpsj9={i(6BPb_! zjFpGQ*gT8YBhB4K-X_yeJyJcEnL)W2t}PF5(T6khFbCi;^=IGH8-4H2Z|w7XXMs6i zS#bI)|7^RMxH;ZG>zmn@)h=>-I-0WK<|%Fkc*mm?J>0kMPnP=ZGbzM&7SD>Nk=6C9 z`X#aVHm1!A%HwdWM=j{DVABC*Asx?~$lr-f8p}49G1X4yWpjDH$+GqHoq4l^vQ@=% z5;l9$w@7m@dX0B?Ad{|TYrZqtvPHbVarIy>^LxtQ8?c#(RwB)P`gPU}pwqW-4#)HD zc%B7s+?@9!v5t7WTMvxCGopW)`Lsu=w^_0CKN!0w&__sfo4mn#YP1V&M_YN$>tL(I z=yT112THFi&sh*Y#zZjYH6x;5!i#yMaf3DKJXPj3#M^iyT zP?o}_iy2Mlt>+!&*u9E0*Zr{^VE=b$Idii1{l&>^oaax>_hoE5p1Ue2FR3{Efz2sz z@jeZtx%Y^#cK)D7JJRL{+jKz z%yatHTmAe(;2G*ITw8B@!+R7x7?QP&$#uJKr2R5_O z5~Th8m3+;&8GoZ7GS7$PUg7lj13u%m?Dav}qPT6a*@K$B6VLr-J7es3nR7rBP&V%x z4jxXCV(MG=q|)Qog4cuchvI&P&G#r_M?Cj3@;9Tq(9b;7zl8U~RR7bd!;ReXpzB-S z8{7xEGS=Rj=RohrwgBlkl=U2Fr{1ytf_<(svnVLn!?ow_*!PGZYKAoTS@IvC-_U-v zlV^Ai^4wGb>!Eh~T+ede3CeWkuXzr%@=nJ7NOO<&Inbe41xGEOkv#}kEb|KBZei!$8(RQ>IZC=H@2v$1nZ?#rF&%^JbomAWlKH|PEDny!F z_%Y9Zp%Xu0t{zo+mS=EkB+DVnZ$Zt{>!I?#qrSnl*P*Mixf6{x^1q;(pVFqG@yucDUg2;%`PGYqLHQi6 z9lv+OW-59TX@47k#ylmu1qH_?N}~n57h;$5JmFfmUQD49Sbu}R1f^%E823T!UPURN z$8+B$|0z0QH+?ds+sW*2o$HWpCky^yUKXycZ=JE3fF>jD?=R%5eL;JV&O?Wbm=`$R zxlT0pY0q+!Lb6eDJ76;kEk>H#<4ejP+K8S(75HXyr;8k}d{_Fq8K@MJ^E=1<{T`d+ zzv7vBq`5uGk3e(KG-Te(US+y--rD;3Ta+4-+Z6XvY__4jNOPy};kjM(HTn!SWxYf7 zw#l-ScBkpo(*BlI4axV4d+c7;51_?Jb8q~b_mQC;=r!~ImlLGr0?s${r<;7ZX(xvy zqf0Cf$9_XOLS2#OE+fAVy^3~Rk`Qel3g|maWL;Q{p&fEV}CsNck-u{aP34L(bg9dq>vYgjiBAGvyi-@xakL(Cqko; z=2rTV`%LIcbSa9i)9&q*v&{Xa+u!_5&KulJ*WX95DL~I5&D}ex8zXKc#s z;UQ-}$2{7=h$mwi#9O{$50Gaghh>9}z{LJPcelUh;ks@_H|9Ejr1eGlaCa!~ah#gXTa)As57&H`={@$DWWLLE zByL)Vko*oe5VhbL3T#hgUC(|GcV&+xN&3a%J{&41y(wpnIcVFao2@Rt!OKHZ=h|3& zZ5*n?(D8NuY;QpJQIb@R#b#Ex7@F+DL@TTZM6Q;*n7eExc;sWB+5va zn|D=6K2h<_;k92EVwZ_Dw=Mau$fQb(6OLTYI)$V}`P&2AfhY%Q?j-Uvkx2{KR$0n( z_!q{FyN7;Fk;^sLdB1g|`g^>=E+IJ+Znvl>v~$=N zqt89ugx~NH)j_ABwp*CTzTffpup8g*75V<08{f2UA-NImc$a$?HW#3akoI>X`I%@n zT8;wD-C1rL;|){aKC7B2x47J_YeOr z%Mt@Ogyc^jP7Q31hEv=-BsH%qCtQA_sXq4YPzMiZ5cxaN(4n#MhjUba{&_6(<|TbX zawQxtInlJVVS?Pt@86Gf+~3<@LFTgWQB;NS2hw8W#X4>|G1pUjeagNm#CzUi<$5W0 z=6tU5aGxc=9hvkY+k!@=<8R8f{XTd}-;m5u{(gqd&*(R#{cZ6FYfsPuGz$fJx9IA6 z&U}7TzXa0Z^3$|xw}fw-=+%+bJlwMS@tb}6@g=v0B;>;# zdKBF1&y>C&DYu8@8n}UIv_;mydmmLuh>yci@>9?Xv;a+SD^h2Bg5(k3`jegbn)+?q zjoe`&xm)@BEjGWSZi(^S!{pPFQsrEffy{X;_&h;`^h@Fa4N2ho*m-*no6pcMNOOmkPn8MiIkW^d zTEmt@e!%x6#@`aa{7hd-VWVR}27 zisyuQcU5eBa7?9Csf!vT&Fw{g7@CGAA>A+D?8d>&``C6ee;(H-xHc`o=1G)TIaQL_ z>Gm^|2b0f7Tao#W&*r914DxF^5lmYYl5KE6M^nGcMLItxQW1#uFQrqWTz8KlOY}WV zdVbkn7vkoZ;r{qP;ASlj$%#BC8i;yg#?-0uCe@MKu7CM^f=Ei6yd>#7$Z4c`6h?OY z&GV>vlVZ4+!>#XfPlM}?gW)!0e-mVq`TpyO<4a$6^t@E=V<8!*xXu2C8{Aq+>Z%7W>a}*r zoFwBs@wIVin4BQqI1KS=XY%0=@o@h?;+wWCBvTZ(YM=5l1z#WZ_}iHMm!M0LDZl2t zWmR?Bgz-N97QlTPu5BNNan8-!f~TkgwmeV(Q*zn=Fn`OWC2Wt>KIASB$%l$tR=cxr zveWJ~r+yrX8+d~G0u_f<`112S+CwJHt-q#Tyu|*xwRoW-sm`U&JVc>;zrnBk7Q?N< z`cGSax7G2l7m?=^(v-3Lz z*xi7gJuh!_JTsUNe+KE}{E+>7-${w$&!bKB8&~T0?*>hccqG- znQt*Nb1K$foJ<+ujDkMGNR*#-(kuNEye%J9`cbAv1kV*Uboni`~y?)vHRHW_$mB78@f56Rs zG9(YEI2^JJ)Srb$v^FivAbe`q3j~?JIUy zQUB|*HQa|?ZkT*4WK!R1%;&VGPt(q6w{0BEceW-vRYx*chvYlOE!Qhi+7X%F{0 z@;NSd+SBD_duO=U|2;SB>5x=roq|1Y!?87O>wO;X(g%`cp37a#)~rjn_dl$^X1$#q zkEJ~mlKP6f5}V5&7Fp-vR(zFq*X0)d18yPQwu)QGdN*Y=Y#*Dy~8*Vf~2u)S(bIVpck{CR6aJ`;689g%)+rNHNUTeOz@DsXLm>xs=2 zGzaPO(DB$*xd}~0<51AtZ(Qk|w_NxBzV44_y%3U0?6>}Ygv}mw0BPZTsXI+8JG`B)zd8=`T1fiAwdMC0Y$_a|D#s%2 zZ?`q&r8fK0(a_4}qtAoasO_u|+~;!jc&r%i{VKjqu)7$wLz+8zc(Pp2zP_kMFh0K0 zvh?#@xv$gDS8*7G-KY&oa-WAgBbX>l*|!RLzk^!MH<9+Y z#-xgJn0;y0Ql%o&{rr~hc{6dC<(~hvH@H6v*QQgkIiL4L)?sU!CbvCHYD~T(GHv7P zWBKL^->)$#^UaX7!`_~Edtas-zpMR<{<8azSud^qvh`ITZx-B};o9=QgE>9jUow7~ zeof~MiSivkGwCtPk{?%(Yl`6J!L9H5avgpSLU$^E4fkI151}W~h(oHX$1a!%gm8Ube7rJ6gOxzTIl(a*L=ow%sa$Tco%jVyCaW zHV)>x+x53f(W5%=Z~EPuo4bwsCn^qm;Qorroe=MD8u{Aj0u)B(db7Hl6NfCHI267e zlC+y*acGTA7t|B!I5Z?a1K4*Pdilnbxc0lZPaN{!2}uO5Ee~e?Iv3k}UG55}0H!>; zGf8ImV*M2R&HT0Pf15Hkz%BpD6kQwNwCy43r2L(S-3GMvM8{vtJ?&(UA3cj!p$g$d z*>g#G$vuy6yli)#*MDD~x4>8Q%i-F35k56lI-uUj#KCfB4rOkiealdzdhz4(-Lxad zZ(T3)_k?7L;%>xlH>yx0p8Em$Us1=?Ql$;r-iY^6uPiUK#wN)@cV1C*b4o(8UUBci zW+7UJw7*-(e~k8`=<~z1V)q+{y5~)E3%(D@$8ha=W4V^>+fzwOJlqt%Q6DM}0YO_WD?1jWdt0xoN+JO@(EPJw5xP;Na-e1UzoEiiw(5WCrK z+?w)-YxDa}QCFmoZ$9}IXdBvsc2hP3e2c4yderD}x#;)nblieTVcDnrF~`?|n_4B< z9_{hf;P~?3RqW@K$LatMz^PE1vW~Q${m2hPvrt9Kyz#S;4*{37NRn=x-)gY5pT*_E zaw=S#te*`=l>1kHW|j|2MDbSQ$9nW4vd7KeN_?OEZe;oqvzW)qObJUXW%ms~JBTXP zapuL{^OxL#d_G!=tZlSS_{f=SDozbcM>w{fd4b={rjPYLTN9^Z_xeza^>X{zXOdY@ z7%daWI{idjx<=rzEw9DLgk=C+dtE<(?NgYSuN%+(jWT~S`%J3E)~_F8`dxPXRB$Zi zR{47sf3piZ%fpQV-G9u_Z5g({Mq{9^XT@;W!VS1KVR)U;3=j8}da3dQs&{6poQ|qI z&fFFAZsz-rC4TqcP7cd1xb}K>2R8Sk_mPS3S8jagHK4zQ_Mly;G3$D=UV%%0arzqP zev2-Ld9^ri{bSr!4e2wXw~*#0-;gN3u`lr~uD_>xu9H6PVovR_^iteZ>`p;7k><9c zuhfElUD4%8pSLQ{I^z=KuRU*pI-EDSHub?~AR3BHNp$0oJeK?{^f1!rY!cVVXsR2Q zeC1!4#(Zm+^ShYeH~#(X#`BtYlB6F$GiefkK>KIQfF3Vp!QJR`CsD_qfOi0;H;U(u zIXhK0qf^tlcZlXTVa-CN6uv9X+6UG&3x}w=flydNH^+{Mcy^Cinv@?7%hhmfJ^hN`YtSiKeqyVS`;-jkdyz?|pHZDPeZ8OLyu-4` zt^4)Gk+9sUxQ(&xi0(w1`!@N#C?%LGf0&;!cd{^xIU3g4x1~R9*qWPjPFM=y+WH^H z?iuDIE@Z2@O|~*$!#=_+})ff8;2}xZ)N@0wI1#O^21&3IJSQ0 zU;A5dZdl$^ahQV5>=udg5L@kUttE-F!sR~u54f34!}7D@c5IO#Jvj3lJ=`7S_qyC} z^uv$jZ`yfbsW%|jUX>Wz5a$PJf7_719Zf?M(WDv7_q^!Yx2LNN)hgBS5JH1!H207n_lmIegKJYGY%V}oB1*tt*Rw(7$DtX> z%!iL3$az|qTDL*_(-eTVe$gFSBbDqDymDzu01*iS` zJAYTc#P_ycPFClzTnE?IgR=ZR(*4cjn0B+=Y`Ei89L$=O6Y;Gs(($#2)0+J=HpGAD zzQipLUvhDESH;1sfA5S>-T%hl8`*!t$viu!%0qH1=Q^zW zH$k|+!L`@3b8%SDTiWvb8VkklVoubg4pcn9@~iuyg>dUK@VDIAtd;YYUr;HgUwmHVq2FL3E1N`12Xc02y-X3Si3sR*&GHEE= z=>aKq-){FMvHMCz*oxbqY%>E$>j6VdbA3e{-Na_cDcsiWD_itZVbyGaP9dv_0&AC^A@(6 z>-@6w@88`I(f6y;;GX)QSbRtKswj2GCCED-?q=5f4Pc#+Nzb0{Uyc%0`&t0^JjMMG z-Ya}3;Y$xU{q`jJntdjB*nFHsOsS!Z5)c>J_gse+q*yG-2ue!L=QJ> zda`ud;RM1w_pIj(tiQV5&g>hOH{sfLa8PaLS>T@L;hOK%PUdGOO=s&D2R$E?5BGbx zfv5#@o$#8WOb@qQbMA>DlNz)2YhO(}Xzvea4WxazH5P|v*o)iajBv*bIu1qmgr(VSF>Y!r?t7pfNOKR7&uGnD4r+xAcfh%hze_GG z?Qh<_%r7Z_XJNAltwx$#Ouk$ju8ru&8T5xwiuG^ntaGjx+TXMZVR>5ldn$JMg%zYe zTg^4|%NMh+1FCj=Li9e1y<O~k=E=x_N;P$*_v|M7hg;&gwqX9Fq)%p$M0sNyOEC90rKhXSUZF+LDk3b z%x13h-Wqcs*)XqKA;PProisHp>)_gW-Hy!!v=C`-l}mXB1a(1|qec(VKC z?m{1KG2DmX+VgMjo7j6NHohFXvw$`l1?Rqs-}On?m$Zk%^1}ZhzPWHeRB>p{v0jCG zdE)R!pA;F!zFbthFg^}zed3Tahxs?fweg+e;g%KOtv=kWxm>4NlVJNR-<(rU=EGd% z;hwNQQ7WHXPO2hr`7L(2x}7VA+X8ODJttdO_3f(~ zYnM&kHEA|>c3hl2FD%!>wP`iH7tx!@)LWOEe2{!f`&6llY+Gko?P=>x%AFsUg>dRe zb0RhQy&$>-nQ~?Q8%#bI%|cU9Va?b&$sz7_;~eHQJG<>w$;0&1;M)3S#;eP)dj@Il zz%R+Jg&y^C}`IOxVxj|cMe!}6ty=U!~gc;F|tn)~R4Bq`Uy=|`CHz>(sa`AAq~ zSnT{)!S+es$#W80%{AX&$z)#}v~W^ulwuKjrqAQm)74eXe{jcD1o~lF1w=X8+aESlO$C- z#&fSBe*Tb$oqSoVd~%B-_>!*fjb7SO(pkH_F!I%OnG<98Gj;4jz^~> zUEVjj5p%t zT>rW{+~gOBfcH7 z&<jy{*2iBn+vh~2|L?9ZsYg&p#wj_52{CVg61Q~+unG-5gqyF+I`Q3#{vKxJa zbUE(EF`AV3YFL)QvF+h-80NS}vo-$R?4E~1>v>O9-voJ({oeQN3~=M6+W~G2OP#x7 z+zBIPKp<}wn`?^`H=&Yk5z{TORILcy%=1Ghu+{$7CEpmC^mpG=*W;~1xVzy7q81_-VB2JOqIB?Z2b0fpxwF~&#o@3T z4`jYaIU5~|Z{d#>qjAXhaGxRnuFI`Fze3zRjgGHvpMpEX(i5)r_hW3wOih$;J>09V zr3@gGMzZzu*S!DFp0}J2h%a2*K8(dCA3cS1e9!Gp+l{i&1{MNpZZp=K8lQFh5cnu8 zqwa~dU$kph@G)H^D@71rBBww-B{(VpW zFfwT}_sQ-3!L`%_8_#t+MFzQ?z$an(+J~ET-G9d|fqMqeb=m7vD!kt)R}DPef#ma0 z)ZZ`S`ykd|{r;x3&%$!K;?Bgj@mZ{I_HZXn zj-YDDyoV*|&Q~^l*6A=i}>uAQsxOFLhd%KmBvo>*Whm&NllWy^eZp?V(Nbh$m zg!`=Go{KN-(e+4kA0__`+Ke_J(=OWU!vMEm7U%EYu%-7_$gEQu!SiXx-|n4D zkM{xbp&aCmLyg}{$04suL|#+enb_r{l}K~nBL5ls20e6@ zbKfDWsuSPcK5+;h6OljQ2Hb-GD|Rm|NtR>#$8#H#?}$w5!M30Y>y)yc@q~$mNoIWd z*L!)=B9d`mtiNy*Hq#p?%LumG-$mpLkx6f{_2Zg;^X<;%Lb9tyq^IKU#O46{18MF# zH`8B2ccCHZ;8m>g<-HNc&s}c2qq%_-B694+Sb3O$&C}zPWiDIIeS!RI$fSAnV{|z) zY?E|7&O9+99pT#RMG>}NphHM=n++hoXdvo^OuabFx@^PCb^GUW?PT?ctXJH;*@@A0 zxVhMBZaePRPiLP=n^>po=da<~{zBTx5h;P&Hfq5)cd&g8{p#Va9>{q^@1QMc5;q6T z*wFM#r@Q6%hTjt8EVo~pUn3&(CdJA_@-57Dp#Dhvd&(fzc%ts8liAWv9$e$bVTyA< zE{V9?aa3BZh_s&^E5FmQ$+Q=|!>(278 z$2z`Q!HE0-*QQgjt%c4)3G8(H4~fmm+kUS3-QsXWPMZ=dpHIwBiq6~ialF{Mj_-8)NxFPW>xew^KrFtMhw^+6s*5!DGV)!} z0CWS=?duYsd6ht$h-`yv>(d?Bj6oBT<~~k-Jt{)4BHga6ce&c%U|Z_H;=YH?cjyJufpcb_sh%AY&AE11lL3K2%3RR|JJT234Y>~Gd+J; z+%+OQ;0D}scMzN7MzW?9Y3{7M=xd-)(0l06-8`c++_}zF`NQdd>E}v|dPJo5^jI8B zJ9x(3+)G88d$jFfVb6$M4cE4V=6bNcb)ro4aF6zSkliaH_rs+riKaR53eai~_bc)T zkV#c?DZl5&-nVSqhaB!z)pM`oa$`hZQ2v_s_0-knyl!8EH$|ix>uYQ~cpC317{u?~j;ud)O;Rpoe_M0~dL)B$T`ShU7WvfE zVz{l~+VgS&{V}uF+P(+Tw%ZjMKXx&LNz(Ofbv?E5i|e=bjmYiF-+3dG|SSjjH1tlCZc=Lm@9cct+!L| zv&TB)8C~uR2ha{a7&|YAusNe&Wl0$A%$vL1#Kz=XB71)zm=lq$%Il5-5rs{hho>GweVg=Z+p1S>8l@NU(z_|eHxnE$vtoSK4V@k@r7%Xxi57L zwkIG{Z{2eCxA&zE(KeYB9L2Z+j;*)e_e9$AYTgrh#lV9Mv-2VRqZZ_OG|ARQ>z}*5j5IsVtjQw3XJDTU?a^W6^YwJZ>@jX)c)$3yN z;D+Y@KXJM5XUA9haQndhC*|QtanR+V0PZ}varKz`-w4@yZ2E0(_@xQ^z3YRjv~k9; zUn_qL;l8D~&9G~SI(fKeec`*qlH>;Vd)F5Re7ITnL?mUN$6rsoqy060d;PU_L;ITz zx2fXZfc`4M=9q}gRNM!#e*`T@+TVA{??Z>t0kpoBNC1xUwXqvt!|moAlH`t!$jd4Y ze)Zzt#5WJ_4{!s~$cY?B-_S1(r?9`S+kZ6gSMa+IndiuDy+|7uk-+>|eM`BQ>uRb?7l%6RKT;fYdC0jpB5UE= zl!5)4&v_>_TXWQl-G2Tc^5f7nRKOh6_SaZTH8DwM(HAqRWCHPgI2O;P{ND3u6Efw> z<)rK({~J1PJkQ`E^PIxw7EZZp>z1pN=ug}JV&=q%T&K9zu?ew`CBjy7dy*f4Oq$5n z+)rHJgudOEv3W8*&mfZ{G6k-U=X7i~pqG*69zTJ3LS#}Cwv!g~e96O(zqa0*cG3Eq zGlly+aBaJoiA@*O3u*2zyR5?kMG z*-d$2SU$&MQvPh(amBq8+X-kE((x@MzXk0@AETjTV%+X-y*Lr>ZnvuD%!$auaBVt- z&5V->#3W~2@7A}(YUIyCc3fXHmwpj;wtRZudtTsPSC00*=b7^&Qh7n_yfo%->gTSF zKc@X}!T$EhBr}hrzh7YEH*`nryp+H--_OmATJS6fw%O<=WaDSJIpl|<(a602U7zn9 zH-4I1Fh3%9DeeU9=Agw$bJvi61?@ubpv`spK3E;6K8;aa`<~|Fha>Wg;(mqAFR1F| zcy4p@9ne6OjrdH1@X501^>wRTpNzl7?kO&MgzF$&+wb(wquBQKXy;M#7DOcd(HJ+A zwff1FU9;xQ#(~hMnD=Xq!%vf@u=TsXns(dPr<_M4awA+@&Sqir1bPV>t|@1vlw z_(zueaAj#kRw`}|He=BvNOS)ne{vpcBhdM%5o;e-r*mHxe+&J%PcVK|+^ew}gq9-B z{dOwv=bJ{`ik?D(zkB#D*IMrLtQ}fCJ?Fq`+oAu}&Aq^dKI z(!F`<=Pq-$MC1@$d%e99o4)8Cq`BQ6;(kAxjUGUamWgy<;M9vWzFlqFh$6yc*AwIx zMI?1mto(kB%`Yf%PCVDl16F5WZItd=$GqJ=Z~FQb*cOrcihBWTavEZLwuc)n#qK`? z`I(-dvF(}W=DbaNrnvvX=3bQN;a+%lk}P50Q^?#$)AL_@eEiLPhkmCzZ`st}U$c0A z(8JaKQl%er*xlb#QIH=mzg5)ZfD$O8y>X(wW>(*vdWcNsox+ zUJ_fw^SU12?2O0wvt`w=;5aqPUA_slFM#&3GK(EzyrEc}~tww9A` z%Wpp147m2X`8K>hFDJ?Su5WI6C~xmc>3UE=JmrIkWGVZPu-k(UAT#o@_80LzhSYhi zXGFHIWmt#Zx*BEi`)MCWWH3B?zR%?M&q3!ST|RFoKN`(LGm$ypeKVZ+rL}d&Gy`Wd zm*B>t_#?`vieFt~^91o*gstYfzaHKE-Ta2W9+bd+L2>PQdHip<0lsZ!&Wmmb>$v`E zZraBY`9g8qx2Y1XPfvNc=DCNL&G94e`_`KJaC70F{a9?=@g8=E&|#$GaPfTl1*k9T zftIlLw1_cd$@d9z(CvS{@oR!y=Qbq4Pg(zf&Aka-}XLnD1ci8*OvQV;8l2->mSnozO|e0z_G74+7OIC zZ~5-J@hPf4$rp_Cm&CXeu$zt^MVf2w3v6KDW@OfT>+(>8XV6V7bbql3?vE-C<~s8( zwmUss8wayB*BQ;V@zv!_zKlp4{I&7j1urQ-RT?7g?|kx0(N^>#>dtxFRge0;k9)V% zOMj1E_C{ogibKjH%tNBONON!FdF7t$8-{X_?l&j*bJi*7IOKdCkp;?MTOQ_nxHb-c znen%m>u=_F5vixR6R}y0RwB)P zpZsq04Qlanf^<8PwJ*r@$H%+=8g7U(Xi{1U>$%|Cu-G{K;Ng}Phq*p+$b~ynacy}> zel*@+#|!`Vp}>cm4|j|T!5(f|{$}}bv*1pGYs=Yicni=n z5BCuHl*PgMJBIo6g1NB6K-Y{odpi52wfg_6T+eiM>~UkCYg1@Q5F+>dK_}Gx*w7ccc~2Ro4)(inquKBME?mCi zT7UE5-l@0~u$#^7Z#<#jTa{UHw*qxGU44AbJd^8tx}vj4LEv1k7Cusat!J09!6?_Y;{BJIyS@@tVvZ?Vl^Mc<_h z-==4N*&eIDKboJ~Sh~UuL@h)vy{lrhe7@)5enS4S*JuDqrhNLnuem?haa- zx4z5$+W7Q%szi|X_jB^Up?XW12SydP^Q^#)Nm7CSR^NWk_@*=SC`^$@Q{ec z8JhuUIMUpY$nQb2jJX!Jx;|}nxq6*z<_V4ErWLXBIga(+KibX(zN`8F zkW3eqk|7kzQj&xrB+(=k(GXH$-4wzk3dy=q2t&HKE)_-p`aeJ4b3VWC`+Ih@t*y`F z@#^@T?fvxL`*S&;^EsdMISY|VOF8=0BRvnCb7Y!44%hatW<2n7QKEe2GVHvP-}R~$ z^Kp6D&%)j&(;kb?h>@T&) z!)-X5@hvi`4M$V&>d@ENwr7s|dRE#XO@fMhE;c>Ttw{TO;VZOdv>APaMz3N2hijd7 z-NhY$X>Lg%O|DQ}GoL??^+SoTMsvfCy8oE@e7}09`>()pX>vDQTW&Y=94-asksfaL zj2QM&X3mj{;r*^msZV@!;T9-v2G0Vgay>l3!>#OoMn!NJt2n&+Ty2?48$QXy?MZ+# zIcJi2-mm9bY}x7fW*?s>>)_gUorUfB=qeBQLGmx6Ptgacl(~T6S$ubwbtPl=mYu(m z6Vl|6!m{z*gsrX*`-^Yf`A%Q2>u)yPlN5Icyx7+mnWD>s-XTNO6|uN}(vaLxQ@9_JoKZ+_3a%+#CCXFBz!wOh|Mw8sehfr^mkZe#7$>T?ogHRsJfWSTqBn_CZ5_C1v{@zJ`BAS7oMg1OOJ>8>Dxh-|M=04Qkf2E$8 zCX-Yg7Gm=$+JZE<>+6hr(S2w%nz4xM!~%z#dY#js>Nu2~%{WJKpT_1Dv;b*t=0e7i z=qdCl+Ev2(k(1d+f^oA@?@V8!xhWme(&dnSHf0v z&39ef@-vgncU^V;wf(;?w=B4KDDE(LccTY9+)bn6WE$sYpmTZePjmBq+FL2ysc>yS z`5JaVpu^sb_IDcjCFroXSeJp;@8DjacXU#@-znPWJSWo6bBepA$*J=r^}&qeOdQU_ zR>#4Kfb(xf#&Id#)1gQN_tBLbVX1#TJ_o*rU(&RU|wm+-+4(}qOW0CgvO!C?2CUiY&KacA? zGVgsYcb^O7(4Vo?G@MfUa~)D~_;h5gu)lX%AA=W2o4}&3%_OqUa~|4Jxh~Ba{2YhW%aYu7ldj{%wD|{>p$f=?XXC zxG&!`D!7aI9$gge?{lLPq$%f2GT%clFTQzjhr_k)q7}AT=pql-JV(BVbCc1;`)Y>2 z8_+w|iNkcaz3J;v@zrT^zv4cR-CXn*((yI(!jrcr$r{dk*KIBG;pSeGCeNt&euZ5r zs{LLx_bT#tqnFXsD6o=sd>@MB@$Ig*?)Bmv_Lcv@jc5L#H2G8cyBeGA=x?O`J!J{| z^P^kQP}E>i4apkHTnNvRN4i|oKd@{toJwv;lNPT#^>-lEXe>5QppTK}UivJL2&Myo+Nj0)P5F_Ux-Xv%5iNw=0TsOzoH*Eewx&GeGMUO;Z!n$ z`$f3+diF6krvLh!qvo3DLf^Pt@BETOjUI<&-;yTV6?Y@HThMPFuIonlFzCa`JM@-m zj`}*8cYB&7ER6JvW`1cfc0-Z&S99C8LZ%`UI4YGK`H0h0~nCqk;5$wl3-Tr97M_=Yc8Q5HnZbO=T)Tg|MfbK`PqUrS0q3*G=oN>_}=5_M;Wiy_&i5(y{4)&O@4O#=(6#XObBQn{~wA=RCSxO5kpG<7aFJVEYhy z)x-VZGv2QuK!ecbX!!`yqPO#*L5{5A8<6LV_IW7ukc&HvM; zip&>h!|kBBQ{cUcKJ;)CR}o*7hJIo0HH~#48!vPEje$PxFl8p=2)GPk!s$Zn?ngf& z?eDtPtg}E3)=+=Z;#ndqct^~PE92OU+LT{^=7SzFm4uX1m?m@J2EsY^Ld9kV+K4oF zLm~G?YwOCT=prul{e6qZzM+N#3d~KD__reM{~l~+qSuk;{zbmV=gjw_ z6lA`ey^(Uu=@2XZ+;(c_@%}eHnU^Lr)!Gww+dV+>;BY6y7zipN1KN(+PD!+RyRipF$?h<~Y40fVOZojjA`qjW&Y4WV%HpQ+Nx)EvaM)FDPxwfFw z&}`;*q<)Od$c&ZY`^wJ41l~=PFI?_e0(mVqx1%XYb9a)jOT%x58lmCT*#RA#@>+|( z-6*f9{^mXI-{9J0%PSMx11YbpC23NNF<8I_o(ZQj>VmYNbJODGw^h!4n^_0oH~*sF z7cPR^1g^cl_J%hY-Q(eYzbQr*aBeBOk-@n6e*A!5PCH0k>|F14J4jucCTA;u8*i!^ zzHWc#;f`HiQ~u_hNqafArw#NtCi=Q<{I%^?K4AVu`J3<+V-VB^={P)1el}Wy-a?ZY z=ncrBjh#YlwmbLn#^3*Om$4o~akpa=|26x;BF$}0{#;~ISB|68%kE31xv9(3WC~n+ zo$QHCe{?0%+`vt-GJN~N&$HP6G zH3$#7+^?5J&lee{NxI(V!CeQ}rb*aNMYEBqRqpf8xaH)(Mw^h?r)_E@$JfLQXb7ad zkJIGjwCdi_T<7IRv8B%UsP{zQq<#S0a=Ch z`o7JUn~p<%?Vx<7xTlSZ^{o$Pf0h6;$r}ehZlF$3wkz(}`1KpwfpmP&dY@-5oU65& zu?OD+G~=OS)-9Rwc5k0@le*O3cO&)T5bX5688!}KN8Nvp=6A}ALmu1=xc2^_F*dec z7>vt}577B|=YwxejFFV&p!8OLwNUo@?=|0n9J$!JR#YU81#m|zzfOfajK*NT^9ngRImtQX^Pb>e-{hE=vC$s*6OBl`GQRVG(r0Y)s+z%ADy2>Mv5|qt~TV3%i zgqu_psXx^fha$MAz-?hF3#p4Lf0MW6G+M3Ox9#R8<|VTa2})OG-xK@H#jFwH8m7y+ zKj#Ob|KbD=rC)<%`!%!9m+7hSx5#ukKg8NHyUy3F2P&`s$%Q*n#Vr>f^3eUra?N$Q z=YV+0=iC#>?31b6-3>nNIpwgREK=NOuq#9hk>)NT|0!CJO#iO?i98>!)DOy6Dh^DQ zM}0Tclm{tlJ)2o~R$d%Z;qF%ceuqEX&@QC?4br#Q*uwnH53y3Knd9$9#`k8O(Ih{A z4-d*w??vimEo_fO&5-7{Bi{q{MICuQrQ^-XGW2ck}%1vU{9yhj}lfy!u`Y zHwf2`zaA!L1?VND>*WhsNm9tUw~)Dxo9~R<_s$pl)XT!7gK~-T_lNW1%EW;`Jz)gx zXe&Q6$*i*}&)?Kzf^v)U*X-xJ1fM?g_`ARTe2abjEr$Dy;#OBX%5E5xrHWf!?Vtqi z&x%`J^|usm{r3<2I+u4W<1A%=px3$VMnSn0j;)u~RUXA~M=Nf1l}Aov>W|`9S9#>Z zT?*G;?^jdLz5R)8N4@7b?I@0YrOInZrEq_OYwyFqfot#YO-xYbpEvQ7xf!-`v7^(Pzd zBDl8xT+em&zxs*eh=EBJ=_iWeegoI`6aRJJ<5%tvaNm>DEXc%Q#J(l}?;vW6%qYe7 z6CKEBqh3g}cDZF^SSDpPr@v6V{as)Bdsw#bF|3ppLFovmy8E4cxPuk9y6R2f#Gp)4 z-0G?~sc_$gYwJyQU0({}{-n5-?RQdJav#4e;@5%pJ0);Vf>Yh)oYN{Oy%e{)%DEKo zU5Z;>8t$aBmL%q=CfZz$|*s4PT3E^K8_2r*#}Zzmv7ZQ&Z+w}b8k8U5+UrIs_jq^X%LB$w7;e9x zkiy=d$Dk9D*$33DQ@86~>U44D_4RXz>{El1_)(;st7|{hBDkl(wQ)F+=NR7Wr;=J{MQKQqaUryBZj zb-9(mou=YDk$Pa~Z7dg5!glt$oWjpcdX8gx^{hB8C`Bs1)m0y|fP} zo_BR~>%(jO&e}uE##etwt{Cp&A4ke;%Pl88C|Phr z;mC;`O`HGwY4#IfA%Nyi9g-l6f8)UtsR_T+xqexHQ`bfI^9^J$4u)&n#T4Gjx8r}y z1(nbVAG^8!_Wcik_4BS`xR0nf%%ZFpp?8txnmGL2I7uGoy8%xl^W0iLPYk&IgI-UV z8w$!ism+T}O@45lFB5NOS!) zmtMzJobG5}EWO&#lU< zXQ^idr43wLANEX++z;Av1C{Xm4!)&@OsYtID1m#K@;Af84s}PCYy7>E{9rU3nd^o2 zx3h|`UB^(+HYm5krHcxu+=p40HKt?qVQcvet;gKPWsHT2(p_006^n~_NsSr?FXc2JI85sB}el#922Fy*#}*naEA zcPziN-lyOB{JluOQwsNdxVD~ESHDw`6_lId+Hu!I_+r*Szsk|{1_SB8N%0?$FGf>& zrqi&A^Ss(#-%p;(eEm5=c?^ynZ+_43nrHQ;98G<7ISFRp+B&~D*RvxzmN(B|0(YU} zn*B;T;8*}#&3&<3oV0ei=J}ppXK4M5dVX+jP`*^$Ahzb)dRZQB3VTBIcDYw^EYII! zxc>*&)~g$DikBO(8|LAj+b>4$=iEf}A>U-(n8CYD?VPn${nR*bgwrKUPWzx7_i2Q? z?U5QX1=|7-_j=ydoXfel&~H3@HT|s}Kj!*yOW<~f+c{j!B1^DaL0~`jaF70#_Z5&y zojC?*kluA`vw6yG)4Q)i)-`?(eOI>fXyE3n(xN*O;P7Vc-=8hnL zFPerPM}}*@!*2Zjbzj-_u_f8G2gO~A&3#?sq=cj9cKn0)taqDz8uh2r+d<~{TQ(%gr(vBw{( z@h9)cTofl=+On>@4(nI=_Dfzo19-_GBJ!SL$ z?H+8kzmT_{XQ6X=|A08maNC6*KWASblooJp|8VF|*4(4kNOLde zo!G9Ny9_<|bo6?HJwEHvb8ZMqH^m)@-8|xZyNCNS`97k#T=huO=qSqm7fAfa1PE~Pj9M*cc`-?*tpE#u69F$dxD}U1uuV2j29pOL=r=BhKDYyKQL3tjo9p|2eUHeTj z(uSkvhVQRAXOh|X&difpuJu><4_UXe9$NX^2iu-4Vr7VjJDL1zXc=0J%zIY#J30RT z>f>+9ZCu}0N9x0m{hfVnzQR`fYxa%$fpaFA@o9PS&4D{WakpZ-oblYB9`1C$b^njc zHTUgi-0K~m>vmiM_d&QezOlR6g9#mnw7>1h_dr*p`Rn4O!A&9~uXo1%^S^iAF*fnF z_wBj2GtZ#>we8}o7i&gw!vS#rG3}zfIOM@yuehV|=l2ZW)#s@Fok0FMWYSF^bFX$n zWZY}(gN{St9gNcz_ktg5$jjIldbsAk;^*gUOA+VoeMP=m*Y+p-v-n)!~hC|J0RR&@(6>ZS2N4>MEz6^{C;DcXWJH?&dlK*IwUje1F1L$H5J4_)wAf z2H=iT+zz+%J~H+un5jEg8ps zvEtf(=Splfx3c|C>VrYqpt!c&uJdsBS8hc<2v6F<*$rp*xW2 z*LMwd>RJ1kvi(l}#Gvd_{@VC<|0OXh4wa2>0o=eBk#bvwFJCr`l}#LVd{ZP@nxnH3 zJI_R2kLwqe9ara13d$6?_WEZ1?S`%9R>WUDekg$Zq2d;BUHheDjP&+!=WyPpioEBN z@>o!Is5n@Euk>&&(;O?*ufsiVT_g_Iz`GfZ^>7!F{{(%H)}vpUgR=c^Yu0j`Yo~5+ zxsUVw7p}Lx?ZvjT@zwoV9^6ri8&e}$S{%<>a*mqYi2SK2gv@wSU*`w9{%UUa6G2&~ zxb`~V$-~{>b$*XednmlYRQL>?ecL zh>ah-@x2jS9f!)+ha9-qs(yVKyeFHp7lwyBhWr!Aq!VsSh>EY@I4bX{pmg%__Zbh@ z>+ha=&OMQ3nxihae7M*9aG$Fpw*c-VaBctaBD@7?sfW9n{68o;Hd$&S{am}P+wbUh zQ8bl#IUj$AY>ux|xfR3Rpt!dl$9`?}J5BIO*N0QcpM^T0mfTn>i_tu!%WZ&Pxjn-=G9Q0e zVXNcojYE0k-(t9n6xWv9=N|6<%B`tixlIeoKE<{D+4mmq{`#|!54Q+z^RFWD-3G5l zT(Y!AIu1{gUx12`?a!8;?(}C{eEPH8=Yo?8 zo)5}Yxc2$YA@C-#H(bEOZA1P-WKwUArQ8$R=Pb5QE9Q1-o%@HCP7lg^%3nL~yTZfW z-?*=fPr2p15R|QOZMzr>?=G~|!@VXxSsp<%(Q|0WmF#zzyxj|7{g(a5{RpVW9hu zci(keZu&Zu2lrmMHojfqU54^J+_%XWqfO`=WUlje|D)+Xsb__7kJ%7;PTU5&ThYBp_YW5)CCk-l z0=gef?*!e7G;dwdH2Vzb|^Y z`y2n3_>^18{Gb&3_}iIhhE?&m6z<=OJOARCaJhZq@plvXoya7+FRXWee_ekI7BHUt zrfhuoc(|2~Zz0@HaJ})BTG8dUzxX!%vF!bYEDXv}AAeIl+{*f!0(Y|Frol7cPdL-V zJ&$}2x)x1ke$%vz_Q>=N!+qLCU=i!O71y@oAs(*R-}1)4sc>t58;S2t@a{tS9_~Ey zAEH&rJKh=ZGv3L0BPgfA^|rT79Ft$-YN9q=E0o-*T%OUyo=Ec4|h!+ z?%nDpOFNW-LJN3y@v75~N8aZ=_t)c{qW8IODu4f1&#qkXcKb=)uNQyFbDWY$eHe|Mc`kAwUO|aCa-Njc<{M>#e`#wc{eV$9*4(gXJzQhg)8| zD2Ce!uB~Ub|6T6k{zQHkO0LH|0UE=z5qlr7!KWR|$3e+e{@VC9##Wcx{^I+qUwq-d zr?@r_%{|;o#~1FeKHOI2aLbJ^+{1q;8{bnr-2KHj?!CzO3+!`9SrL?WaP9TYwu>$v z?*7_^bS*nylKLt0XFlBCmEhL*;pVJly@ul2esX|^yT5+2g%7tF?m`vc;qb zg?&`ElOo ztVe{~+xdcs!zyE& z$2vTYntS-??5B6AsR5yPNwkMC_ z9V3pKn@0Xzm)niwqA~3EJeu{Firby*=qi^}{AEz~zzw+h%doit4MUpyJo%5&2J|^9 zvn&0o!W#7XY;E&arZzolOXWx~eD{pNOTVh&4|B&4}#kiQZQM}twnGa}q#mwV;4 z5pLjH+6CM!*WU-Rc?!LVG`E=iW|UZ;7^8-dvi{+d8nWd)_AztItsNg*c*x}xl?3Hm zxb}K+7&gbFlaS_KMt(G!fNonV(zHGAqx5&yPqtS5nJu@RAJ`A>C#Rm30D2C)TYrj^ zxg0fj#No6D^fp?6dh>2m@uxMU1$&~8<-VI`PV%r?pIfv!D2w6R6q=kUyScG$cm#3g zq*-rd*5`KMd^Yl1zhvr|NsGV)wghD(JlpRE;Eb#xatcT7=egv&A(QO$h5fBp$=b@k z3Y#Kvy#m|XzsJc~4|gf~e_d|ek^H||BWAzv;&{1lpWe5$i{g=_t-h0QVO0;K&N z+JJIAiZLcS51IYX2X>B=0QI1KY1#Fo`8yexDXtvN*z=_rsl`!qyO6&T-G}Z#roUOw z7_~Fp9&SC*<2~6$`&Ha2*t~{5M4EffG08FoEk^Uv4KJ}LCf`Xl?JW0%vi=tB;k|;* zP8>$_+@NMdp0}blNOQ-KUx?PC6==o{%DQL?0>7HG!+-Wl%9cl3yB>vqm{Qvdz=HPhuPxV9g^8k^zhL8Q5#kpB}U zHDM}yYprG`-de7=`!Aj+Zx-7a$CIX%)@DJYOQox1UKLY@CJCdqtza6 zkK>c&(6o{%hG)r*st zIck3&`=zF=;+#pFI1ap<@*5fbo{70W*l}J_AYHn<+!X4^AK2_eM>mV+PA0zw{e^x< zv+1z+WXH<-aj~+P^$w=qK6g~a-$1i;84cGa+b^EjJi6Xiq+gs5CJ){$c($K82~IjX z6Y0PI0`mRQwaAQXOg(6SynDauGp@;Ro-V6=xI-$z9q+>}Xpt`e_;5#8f?MFjEj%$@ zj{i9lhjH+xp;tZJQu0k&(9Y1?FDHfL(C>4nJ=A%;?0W!tt<&Xv#qEyWRcIK}@vV0v z;{qCPp`6eX& zLKg4)nQM>k7Yc&uG7WB)Tfx?2W5%Q3bJX1bBcIrcwF4+?5c2`7iCb}|yZ+K={85;m zE}trYkH)Sgx)^D0oz|=aLC>Ja(U|!>r%0?B_P1zJ+3Q0=+jQBcxJf4^O8^Z;nmgg- zWI5s#{(tB^G?s7sjD5bQ>>|E7&63K*p}0f3Tuz&}?P5JP$EGrFL7IEmsmXE;dKo>7 zQW$tPXvBDi{$|X!vi_!Am@av6?Kmv%wB+!0ryfVmoxUPgj^Uh1-#7GMQva^X&g z8wgv79FJ`V>f+(vPyR_X7tKPQ2l4FVCa2s+yVrHok4<(t`4^?jGPpJ^!=|u%O)2IW z!%27Dcg&yUYn;w_yf(In@~z~H)1^ek&)kO@nQNZ?I~l(vSgtu%#&F|^FB`9iu3-+Lce>np5c~?jeX$CDWnup@_V)VV-S^t|iP89!B|zg^vgZyNesUt93rwe80X;hqh*y6a65+yMu{-(tA;9Rz<%;1(W$ zzkc)b57Ss|d`sc3I|%+tpLF@ZgWzup+`zW#uMYvZ=fll%`w_Fg%*d=EGs*V5BYpaj z-pmtcV?XpD_>}|qi7NP&kNun2+kPa2hPje?Tl@VP+mC!SiEloeMoT)6qu=;Sk23?8 zrpu29;qOg_Tkp^E`*Xi>d1Lk|$;Li}eRcO2IdF5T;8z~@_Z|el^5M>f8wi)2bB}0> zaew!Trr#~EUnqdP;UM^12)E|;>i4$@ZY#LeUGBwjyTi5fye764iLc*v?K&Ev?RQJy zjywqdmco7Z0OITCuf9%5U*<6mg1;$n|2PQo4Zy9xqx$PZD%=p<>aGu2aQhqtf3xA< z1NT7hS97tSc@X@{gIin$zY4J5eh~aBgxhFm_1BvsxEJSLKPq3b+?B6|6 zI=Svz�WZ?|9gulb&-8D;y0685MF^iP+b2f?pYxTCA! zS1$Gi2f?pAxF5qkkbczkH-*@5I|zOi!98-!QQYlKqxW02_p4KQf2NPyey^-Z`-S^uIdM3k_6s*|clqVs`N*>E z_vfYTYo5crDE9j+_XF`O0JnP;{L04u7VK^L4(b}cPr5A!^Zl*s-EtUSfpRE?`|LsZ zd*uqAe^lV_P2?GucYJjh{X#1CyAFb1S#Xd0r~LZyUw-9c-wFHbt{-`DbKxH7eL(^C zj~@iT3gNz01;2{1|K=e0RRTBu-}1}RZ~ShqJ1JMv&atoVaty$|xC(w{V?V4MzYgTO zlLPn3gTT#&`z~DDFICq#HxKUSa{N7zemEcQ5qqk?+za5ggKOhZUGuuBS8<;Sw}m?% zt<1WJ@cb+GQ>tK}i~W1p+jKkE6tiFTeH_i~^v(3&q?k$MUqbeq^>TH(tWp2p`TXoR zv<;bYziXH9MjGoIkx4r^ntew{Bfah+hBZA8I#c12eLeL8u8ni8V6rquryxa2to+27(xfr-lVp$2^Bn#C3K`CQkmA~B z%X>Xs_kSBc9L{>v^0)!GPpSCEWw34$oq%*4E+KyndI;T%#=gavu}`d|vc5Gf)>(hp zo%q^$<@^z>$?a!i9w+|-vg;Ug?qhz!$8K&p zcBR z*YT8xS)U8n)DQECy}@TY>oG@j)aAH{{3mEVT8#>rmu<^E+;ZkzR!~1?5Q;0_j794SL$-qfA_iM z`=i^?Ftq1kewp{8X0Xn;l=^G>bREy!N7JRR;@*$V)97uax%usQp9K}8rD)f^tV^aL zZTStAIPX_zZpvi(N4QzWS<-Rm@E#)?jWqX~b18qc5q*Ug-N<(f=pz%e;w0x1XZ`T! z+-I+IFp@PbU4DR@;^xn7&)5b z*}InUCP&SkPJSW!6fH%qmtpXs6NfA}4!QWdtd;}HeYn* zJ_A~T-a+{f#md0l36h-^C;9g~^>;1)7P;KO!gTfdX?#BKdLr%byHjdQ z56)eVvii_xHI3|B+Hi?;ebfDW)}nODglpqF1iNwQNu;^MF5tZm^fM|!yBLeyusu!& za((OUj&noAVQ-@IhX>y0xhC9HHx4zr@ZJJ?32E-O3t9i(6<<*ZP31kFlKL?+nK-1L z=(IO;J!YHXa4P*MT_(ZJa=GiUX>(DsoR2iOZg#R{qkGZq=-1X<=U=ZOy%~>8I>+gE z)_qn(?lzq?DQ9&$`~OG!$rad~*dtE9=BT+fE@nKAjzMn>jg|UvcZHn#(8H|{W}IWk zWd&=vKT+J4*qOD{nH)9u3i7$=HZ-bNG{Q%w*ct8=j+*-c`L#%M8=mg? zJKBev^+mcgV7%7C35!_nca`Ag`*8EurOUZK+}hnL?(cLTZpnJq^C@lyyjb?X?C9ZM zc6Xfg=bT9ccgBay&Bnp@54zmst8}^Fj9c9}48ry~^p1x+wma{kp{?k9w3v5JdNgG{ z(qP^v?&Y*&Q-4Re^*8%F=DFcEaJiu#>ZU)?Kr&w0MS736K^%%)f6e{MWA5Lb@+0et<05f*9-DVj{3X%cyU9O{7ND7Z62kqNy>Cx> z#A(Mm4kbVFUIAR2_F|XVD_QCwbARoQSK}I!ABFBi=Kgvt*Z4x-?Ye;&gwt<~Llx&- z?nU$Y-6xRd{F%c0`mJh8J*3}tT|`|qDF@CJI4R+r$P3udM_(fyzjJygOCNLx8i^V% z;(FUXR!Xwsr1QDX->JtPg{3@4Ropq){M9=~ia2WS_($WUm~$pI;!o52X4-nM#~u0G z()mtQ#NRKmEk$+vL~{dyx-y7!_oLBBKabkumUk3)JL?AFntE^6s7=S_UGy>1{+5!D zy_9=QR38&_|O53MB2|^$p4K3eUqgD8rg>NC+iUNPNB@)_XE3-AM94A{N22l0yp3~ zdO0?u&;q2n-^}E@a{buz744px7_RU3J^GRE`@Ltij9gy||4o;x;o5%cR_tCxpCZl8 zx{P<)&@Jdj)Q{_Im+{VZpegY)b-~=%*!i!Ned%(m;uc`@C92s!n)?d*H_%43!Dt-i z#eIW`!&Dz`PHcue1lRU|M_isPtx!j#{T)UAUNi~W{%<&Q0%rWV+>L{7_XTko@|^Pb zHS9K^El6`a=kT|q2hd$;;2Oq9$HX}0=3ZZP914>%WP!_VKv_P9%}n$*(%gOIYhOWq zKu4pIJh$KQEdCOQ&`+^4fpXXPjj44qWCdKCGO+o-!Z^v|XsV3cPsMg4KM0vVs`UxZ z-*0SE>t@JS701aR)d<)7;ry=ltAy`X{(?;E^Z`;3)V?NyfQ*r#6e(#^`7`em4 z{gFmIKhx>s&OMc_H0a<=|7V%DKG|_lG2D9bk$P&m_f?UblAIv{xVApoI6Um(RyGc~ za8Fa*$KlOED?HpouB5L<&C!zH&UkxAfW2ck){x8Rq+9=l=a>#L&6 zZQ8ZmH=~$=>{rb(l{U4$ah$YhM}K~*^FDr5J#CyJV-Paq2_j<<2-> zbBkJKuxD+gJ}kM>xqhwUsQvwp{LjdwmogKi1#|Yhj{k3e3tDH$TZ+3ATN8(v+-UAg zT@#o?kB)=)`LOmk>m=H%5BJC_a!cTT1J{nXPk@((LLTlNYgh zbNZb<9`4ocW2DPir+=Ho*h-HNY(3NMA`k8e>qp{rm}HJ%q}}WlbS(0hMO2J5$3uX zsd9sIV`pMV1 z0u8?-NxbFO(2avGx9m`c%v0R9@Gd~tdAQ$@FGcag*w2TfdH$9{9X91Q_6Fzsl7?%) zi<;LaLq3KZAZ8;OaJRzl40JZq@qLo~m#7pyx}~<%d6fQP1^Z>eEu{awj@asbOR~<& zkdqT5*IhGSEaILmX?WziYvyY!GF}|Rc(DLpUwEc$n{t`03+H%r64HKNPW}$`B$|MF z-^6}wduvEe7SD8uYaYKm5r(Y?(k?^p^zrirY|Yi&J|C!vpW$&WyqDpbc3}K`8O|H1 z2x&h{$scwz&o9u+&nLh@U2& zf%eQ+CprB~3(D>k{AiCZLfX&4CE-)l&NB4@vzC_gXCkRgiu zIX3&4&)CdSbN`Qgom-si!Lb}e%scns9>n%3=BW1pD$34~iR$lfhD|COj3`n&-i-T| zeB+VqWrIv#l}Lp#bKgt2z*k)LIy)|8j% z8+HHR+wDhmeNVY0Lq1g8FW4(Wf6v~n?+HDbBmUjpN5adsf4k=9!`%Yc_Wx5(mZ{eeszo<20}V!|o6a*v0uLbZNo4(|BKIOA8h|JUP;oW2=yFI-#C9%)%q zMq&FhN6mem{CmixJLs$YuCJpBlkHct`(?;9bB`Itd^Kv1GLe}#DMY)t zpIiF9GasY<4fM~D*A@3>Y{sCskmjC#8_&*BPjum0o>iLt?A+^M!4GA***O{VEnItl z^Eh^U>&D9`9HY3SnSVp!IB*PKUzeStK4#nf13OZ zWZt_Rz`XG;)}Yw-ux}mLud6fUu-cJv{A>JfyEo$H9gf<+t>kwglMcC^`>0vWZ=wIO z_>aIL^d;fnAlBDrNGjYGZvJR&PC}_jbFUyj5=}-ApwgzqlY3>uy}|8g%sh;p*T@=_ zA=ksT@tlUu>u3qm+-`TUuM~O!-Gy2|!*jrC4mW#nWV~YQRnCwMnX9-nuvz(Hf-K~y zxy$LxKjWN9_oO-doZ9&v8w*`dc{ef+Qrz{}{*HooMsp9(qrRd(s5>fN&hxK&>|@7s z>w&$Ud1%eezBxnoDDGlxzCl}&_V>KIsH^B2WaeMZcN_;~I&t{b=l(Xp#K%!}qT6lT zhiX>2-KN}{A!#1&&G=N+{y;`$$i<2~66T}mairrgoBTp#QvYVGv$>o5+cz1vo$K7= zo3hi_ozmOr7vb9aTa0Z9+K4na3eVpqg{b0c5hOoH^4MduoFqUV7XgYcVWgQ(OTV9Bl^>8P* zbmk>)K02~aE$6umnGZL|<(~HdeE@m|Y3>8#nCp9xdlD2xBY$A6#A7@I7{mAHdA?*~ zQOJbhQ#BpgC`mf$>q!CLdIeUM4*KByt}yK~>L^uPVhf1mkZxY=O~>N>W0Xd2So#uK>b zMNgqeQR~$-fD_`Rkb1VL$fy2(oFTs`e-~r(3Hl0YZeo72oPx5Dc`nrD3Fd*bc!tMy zc%wT%qvMdZGD8k!9f&Qri?HjBE=QVsGx>b*&#e!2-go+mx2R{fe@I!KA-T%mBe83NIw8$% zHj(y?#-h7X$qM#OWX;4_?oFCL;j}j$hrBN{WD;Ck&tAr+7=4K}_v}Y`9)j}GShR<} zHnki3JZ_>ryK&Itl9UqWJ5(H|U^4^FLYn(7`IX3|LwWYRku{bD0cXC$v|*D@8yFdv zW__O_U&G~B!s%;lO~3xLhx-rtq)85U+Nm{tx#=fHxH&&$NX?W;xmkaYfKe5H^MA~c zR&Wzte_O(9gU<1A$C00diqUe^`UMR3Fo#V$PIK#nzHSCKXUGV+_WHI3n->}1|IJbR zoAelcBRUy1N8$VbF_azm)r;M7)A!XWTQX#_;$~tqXae66bXNEL|n-cyDS(1p&_h=W=p<3dv7&`7xr!!8fqgEV(SpBQG*U=!wl$=vt)Xa1Z&F$fT_t{pznSx7_5ATnpFs z>t^01rd52E@3V61h2(C(4GV{gFR@au{*qW}%%#Se7S)u0y zxlB)`9vYJEuAkf%$VfO-&}^jr{FeM~RQEaR0h+|U_S9BpUOZOjGw;A7t|&kA>WAd? z!^-;E4BG?ovjpCy@N9i;2`2-cg|wefyvnx+ICmxLi*^wY`}}m5+t29rba{t|<94fwijWar7|S zFq`);V4E>V;(KMEmy{kKk{NJqy?O(iuh5@JbI*Q}?~|Zw(dDQG>mJN}uHnvh#|L_x zpVurTixu}yY+gjKBF$~|68Hb8H##3}>?Jb%D*6@HtF86nrnCylFN!+=n_*}K(%iA+ zpFk$HZpQasl)uJjleEA2twR!fcq9(bV7malfi(AP@_(XzXgAW_G`D?eZqdnH7Zo>t z25k~GM4H>4d@s}=nRx)s?d-!XNexMc;$DrNiNkP?nwv*{0;*^na!w0LSH*oC+ga#U zq`4oG{~Ve0MQ_F%<-|87EhN{&O$}S{9tO6%js45f+#K>ZpnK45sC|3hHyq&9vwm(I z%({~EOy^9>O%KVv%HMI=Ov|bvk8srfK0)55XZY{({FRK5Oi|qDv6+kBK$`m{`7P)V zWWHOZxqE!-Z$T&|vlVwQc1O)*E(~ezP2?Xy)6rC<+eNNVeaLPbl6Mq$7B-)v^+`2}5ni?c%VrQ+U>%|!GV(%jd`FF_`qHk0dLIrX9N zoRDl&+)uDI+!Ca@d&wU%yW-sZ_900;BGQhJ#0BPQ8> z=M7Jg>o_+Qnfjpbe;W*Op8x1|xW(N<@+w?=KRE`w$I%p|x#qrPHs?$-_a%Pgaed#H z+dU*7!nN1q1=ub@A9=XV{)&-rIkye<e8XB0 z)A^qxp9bPer%mvAF?kA$;pa)8Fquwc%-?97A8w0l!;D3<~?t_9(jN}-kHsF z1p7R&uuq6@jz#K2Z)}F4aY%F5lmF42o8w$J8}JM}G}Q68z~$=tP~0~pxp3|H{21&~ zQ5w?ReDYJ#Vl)q>(I$5AFv7%PgUkJTAZwJ}addJ2kgSHQ@B6;SuBy-1iY^byA8>8@ z7UmX|GS^vm;y!1Nn@hgqJgz~gxHe90YFmu#mid5V%EfzkqA|Tk}4z{*H>RXXbt0nQlEhxt{;Jdc9sK zXLv|+jrlF~aRxIB_X2w_Oy#4Z^i)HGX~9FGjxNXj;KC?wv?6Ka<~$?7ExW5h3ZI z{Mq^kEo(l{4UuV2u3duh=McWL*Z_Iw(boE0ujH1H^l`ay%%>a&FNAJ%xoaGM5@Hu{ ze~)fOLs1;#mtCw;4%{CrfxmeEiu1Z$Qb#lXR)43te>QzVA8gFuX}Fb{=gEin96Z~f zEXIdr=m+DA%j1x6-0M8kL%q?($jnCtS~&f4gU!zUb5uFs5t29IW?^j7Fl_#bsUf2| zYVK_E%aBQHIW8K;-*aE|bEk!DfRJJSI8w=-A^8lhy?_21n*@Hgk)!7RPJTBsDQ+Qa zug_$h)rK_?+ak}9&AiOo@Ne+!BrhbJ;M#VS-7`+EXIxSnTg~mo`J*^z(hJOUgy)r; zIB{@ld-V4`^X>{s{Lzv7u%_5{LDM|ks~7QH1AU2Bp*`=gSARP5sa#Xyb~y9OFT5qv z#*IVq{UJFHt{uOnzQOY>bPm$~E+)SbHGh+JlBksTG6G5L4`TK+aO-W`Ln7@n@1c-n z!tLzFpySVo?`~KnmM7Ls1#keJju zMv7Sv)0=sk`n1tWi7_(NbuedANG8Cw$+R=`-Oy}oO%YV4osETE1n(7iwtl_Ax&y=O z0Z;qc>eN{Iil3Qez6V$Cc;GSa7vb7^VAjbSZa)v#tdoCz18!H zd2nNoiHu(dz`GTV_HbvDUx-$rkJ0kMa2XStdN9>3FY|nt?Rvr~_lc0Sf@|x+25eT- z&Ng$@acDV-Z?tmGq&jt+>x$RksCoeR0=PB~d$5gvo4GEexl73JMh)I!Ooz72r`{Ag z?RSQnujAFIa4L8zBzG$AdD#5>dz^IVsJXMqe~3)_^$+&mc%6B$8qRY<9pA^ozaf%0 zEhJOn+Vm5)p`EM)=cwz~PVx)htnaG zA#?wk#!Z0XE%j+%h0lg$16*5g&G*#SVD~%H+?GYG4@Fm?-e^)Fa((#K-O(x72ke=o#VbNA8ZGFvAGJ}fwaFr zlTUh|J|3Nh#&CU@%=Mu+gQH!l-rD=Q+*d+!D_ol{#O6{o3~{Rv?!P$1Jw^U?^Z^Qw ziRwAm-qFk%m=t&|B(qdJ*L01Mzn^A~oAssIzb&m}C4=?ACS`Ffuiq+x`+?#fd2;kP z(2kE%&ySNckVzNfczN91Lgon+cQ#|wjYq~v4)058f4|zvnk4>alQwfKmph003fJ~q zC(uZZ=xU?5qgV3XNMw@vnZACRI$)BnuX%6}Keqb0`EXA^2;2g=*>G)t;2po)a;xn4 zJ#{Yg1d3Zqne;5GA?FoGms{SK79b6*ch zKgF#-A~t-l*~7#A?BO`M%8f(&7*rf55yqYTq#u-#zYqh+fy6`ff<(_;8zGYube^ zxBYQbx;giHnp;#9lC3`6v`TQB`f#(CFfSJ<8;1^+;D&s-CGRsnfSc;Zw--EfAAOC7 zJA(WJ=p|Hu7Qe{*n(lMxE-ttGtC4x+!Vg07pbvL0wmQE1Pm3O`fvlEu+HJQvgP)Jhr7ReHr3_odRDk1B!hgoJ1W5~^xkJU9KLF7s0&-u1)7)cLBNtnd`dSKg10pKN{VS%>83A{k^%aOLyl6uV{5h7Q)GL zK@<7C=TOqJ=y;|rXDusQgbGpnCd?g7WNkn52jiLZH_SS$6JOQm z48)MZ`WG{d{4>a`8H#Jhc(EiT&6-5&<1Bt=?23?XmnG!4Ba>1-=DGD;{C4grt|^7V&;uU+y=L!d7!9o{=OQ`I$+d@V=MXkI(L};86GN)7RIO9~ocy zaGO+-n-6y(T-)!R1n>9mF%tA}&Hf-~bIv5QKUg8__r3m_e$U1sbz?|2`}o`0!>w!_ z3gI5rG*WIhzTK+GP5mh(7sB<%p`V9a**Fx#&GYg18V|R!amd~jl0qMDZWX!3aDVWL z!zd58vT?}WO#gI3q}(259{@8CGseT6zb#f?;%6qA`Tz3Tg=`7Qxjx+dDsuDT-VE2) zheCWZ?P98jyOi^vx&BtDU2F}>i*QrIf1z`4JM$^l)O)z@kHd%my1&)^bQavzaBZ4& zDf_R`K|e8phcTRV`{|e?Z%vS9$liMuV)qwz_I`Udel!{uBWqlL2D#(*9pqy_aoYcq z4bHv5WbO%UUuBN^emn3>NSZf`_>+w75$ITCt{W~lt|j?1QAcF186ub%KQo( z>!0^Itl==lTIuJo1#n+cTsy~bA%2+JH`x8VZ9L8Kzsf=X-Gy*JfE#cP?Y-;8`{B+U z7VkSRqWgdOEhOK#@yw$@uYxxY%|a%gH#+{-{EK}23f`AQGl*yV)10-;CCoDgm})Bc zBP3@xkCcmjuGN;`H}%ADh-Zb?FE=z(SEbySC|*u_jqtbWGhcM-o$FW3<_}}!!J?%9 z)w?Y0Uct_m>y1sE=WA!md_gVg^>FC=ZdAGFPAMfi7uFfRN(r0!zT7h6?^)QGx!DUjntEm9Fo^s}bSLt@C)U=---6vCIhyw<0Sje&FHm zG|W}38$iFYrc2LDbzb7E1E0cp+^%2Bip`W)TSwYg0K1l`9WpJ)Ew{M7ODOKlR(_i_uuc-Y@;7(B7f8Y(<5+n6iJN{bkkP~91G3QKr`xlp6 zFM3^o=B6ZO%BMcuW>w@C!>xOAB)&Ed=^m~V0q5U}#Gw@K#fp0tyj4sl_wjJ+vKPf* z&YAQLYkR`+-A^2flQLzJ4|jMKxrMbdzV1+dbf{}Q68?D&oFx|n{+on z^Xq5K`c}H?a4LrTsp39>&0%aXR^Z{D&ia!joHMB(YX|>}%jG?sic&HqIW^+1SsQj6 z{(k1+y1y>JbABt*+WC z9nDQSlo!ZYXlCOZG}iqpQs42rJJ8=q$FtSvJX=O4 zUC41X#ZU*Pa|L(){pEAk5E~;>$q|{-Q*rxYW4J>(YVOnIXCss5e_c~rQwQw(ah7ek z@44fHq6V4r65K%8f@fXWE=Qjr%`GLr51C}vyZb$7)AuO_M`y}D#f|@heOpiiq`8^o zJ0p|EEb-r0O>=V^W=i+dBmQ25ZBmyQ>F?p5xVff`b-AzX_J5A8xdq2&$}Gj5fbDtr z#>z7u?oiGZx!kNl{`;zFZegQLiBF68yA0dh@ipZO5BDGPN$Z?AnD>p!i*HUKQ!ZEB z6l?>iDbn$sN&a};yagX#<%5h^O|N#OfV9M zP1u_F?(}e564N8sJN{NAzWFC)%GHY72-{s3#>hz=bsSbsjg?L=cg`{8`F(nX*xFZ9Ti*!>w#RD?TZcSMefoxEJ2dy!SrI!+rhdnzF+6*SzmpUVFSFH0wCRK!6oSG>mirWI)j0aeY#8J1mR_wiVh08VjVwC5voR%qVGb3@Z z{mwuSx3c|C5!}apxTC7b%{x6)HY={J592-D%GQURG~&=E5(nFkU-WP*+m3UCnewpW z+J0xbhg;e9mYtp{f55flrXS#$b=*5V+~#BBrOww*Ju}w}^ZuFlxsjd+NXf{QQ_qNS z&Hc~e*f&7Bo`ox}`%l}p{_S`ZlR$QSo(lIy#cc%dGIWE7`wsb!(K@sWnfhzr=ZcGW zo6>9>Qan#)BuSk;5IA_uZj%$0ek8|hf=aa3OSF`(E7M__YEtS7NVzY`iTk7E! zQI<`dsl_ti1G3{u?Qiy3vDSyw#t}E*4!@ZVsLy+Z~_jy`$ zWIqodZc01m1r+yY?8cx6k**Jef2t|ncGZ=q71w;nVc?&9AH|1T1h>aok@!x>ZV>fs zj)!aZw|Sd$CLO^|Sb61^eGc1O`Fo_?}{kG}ppcdqboZNGCf=e^${YwhPR+%vKwvZ>x+5E1>4_|=C0xV zx2X8-m~j84=f_6-aI-GVloscd_4jWNcYpro`*FKw$`H7A+;nIO_wJ|_(*CBCZ--9L zuPIGgm#@ody35t?5y?fFGDrDq_TSh0rL@zi(A>F~NktJ2m5MN`Un;3-K~kC)lomr#DVY{Zn;X$0OiH3?Bne@t zh_*q0L~d>@*Ob*<#N^5iDRRHTt&4pg zwx77Tt=QipD_(~2E)zALnf|WvD7S35YvHP;K9&CBIWLwC|Nl8%y$*ZiSiJm>R4Uc? z0&Yx^zYTvsq}}xJg}E=e)Z7~ zuL8IQa939VH{<3M`ODzuGp_xFqP{LXZnhc|FQ>8ZJTz;K^`2fmkJ{!jzNOugB3HC` z;;ZLT$u4ej^Qe3eZXVn*23Px=;^G$P?=cT|^4tXsKmbBz;+y>EEWqYBvnCsL_2^C-EEb_`dyw*mP10jEzN zB6GeohU>VKkxHt)nfJHob(e;BI_p~5a3@y)*LQo0?5F^42<~aumVX@5GE$^_1#t7= zK3xIaj5|_fZv}7*;MVU@{_)M~nId;q05_>uiY%!BZVueT6~ImABR5U2EC2ZB!o8;g zxat2(kyqgAb>veL;)|TOsPn?w?5~eh+FdhB3ThU;U+QC2{hFhrh`l{$}(~k?jWe0CvYw+&6`}rx1r) z>^m1#;r>hWe7=dtIzjSX+^?1H#J34{0dzGo{k>#tjNHV&TalaF#=~D3z&LMk%PYQF zaHksFU91uJ#iv0oe@|vz;}`x`>v^7|;a%}&9J+b=dpGelxaH&r}$sy90E)%ACk zD-Olg-z<+f6u@n7a5uvH2z}||s&%=a*!Mef_dA_E+FNKa_azuy)sEx$avviy+na93 zb=dE2ZzDapSwm7}v%yv6mW=IXF0P)hKaSt-b}`)}4l*=Fs&sPVdur>-k_Pi?7gwz# zzRTL&CH&pJj=0dn-)y)Y46gRKlZ#uNzl%NmO&XRWQw*+-Zx0u@xcF}K@HZdsHiNs4 ze)iwimA~O{D!JpU&s)rKDC3?Ksn*$vulu2pRo!&Btpn;d^@@SL`L9UK=cRbLq`P5GNj>V0J;`I~fqiqz`r zaPOxcJdKvy^siXz=za8O zNcCr$8+Mfc)MvkX9@BhoV=>Q`s2H2iMacu4x4_lw1b*zgpbQsxCiw*@gx)_<_`aHB zb~`rjtI6g@*V*0MFZQQz|IH>A?O2JzwdTI%>Jrb;GP#&SKryK~-h7PgaS$4O(hCbuW~ zQRpc&747WB{m(skMvD6=67XMf&F_u)9!im);rha!h`fx=#k@!5Ew&~%pZw3L(s%fb zren~C=MNRPjm=f}`<}2l`46W^vzwj!(`#XK9%_OVcfB3oE6I03ebA|^;$+WbypN4{ zCFOh`CAGOXM)})mh4cQ9>)%-2zCWO8pH-vb@l z>5RvNxbmb~qY`OztxB8_{m`8`on;UP_y}!n$w2ja_a7 zXNufl$1{CyihK@N$Km(URpeZrU)<~B9wmPQsno4!;d!d63o4m$@I9L%b#8Uy5O;|B zK;Lx|ThreLu!YEl*tSDmk;%P} z{G;d@r9+hq^^;k4{}A2JX>S?JS+9nx+wqF@SgHR4@BDXh*N}e)sdVyXJfE0a^m!B2 zj&-?ZuAra1y(o7_8M#?6rbtJdTbpH}FX0_iejP0whrZ;WL2sZ}QNknK!!}xE0`E&) zPr3DHecP;Od9S3%Ot?C!`&7Q~7ANmvtCHPMM(c4hpWlCH{C)?&+k=iGHEXedAKR>e zcVeP@QHc9brgyRKAzM#bsFb}nMb61^+WABLZu}F`@-$mjt{>X{^IGydkxFmZkCEdS z@GX{lh3}`V)tYAn!@uC)c#Z48a8FKGGxzNp+z+tbjlM!AH|A&F1A&6*5|p-@`*8l|UCG}@Nwu4->n0}G_b%=64yRo8 zdj)RaX1y<4#g}!)QoUDz$MGZ!-b8r1KWc*yH={Ag^z(1>)sOM6PE-%gS;8|@eBU9& zcW`Ig&jYKt>i2*aY~wyko6Dy>7ozO+bHdvXc^D_`3Wtk6RJ+} zKeL|;?c{!;o<)!UJ8aceqDYQEi{nrFI7LRm^QnR*9fYIaH*n6ch5bw?-vg=i=kW>p>SMvdC4Bu zE8*&->(vl!|4Upm;LU@lj=wg2)4gyep{J1P=PL3W(I@Bwq~61xMn9mw3)q6==k?}= zzPA_pg6Bj${QL&n|KexTm)v*P+iL$5rF;t~>Ns;~Wcqmx`R-^O8ip2L&%JiJl=Iaw z(hfgo@?&$}mzL*VM9<2e=E|Kevhyw~BWcDhi-1kQ4_2AO{5lRt_o{my)ct(s5k zc=oX4X||`#Z>UfIE9&RT*#8$l^WfbAkAGHb0XPlLW#~#|`Z=8ZBj{zcP>FG5-*r~G zXX0lN+y2b^b^o8dKSf^f@be99|BIj5@cxFU`@Of|ypkO+JJ_0jM*qQ_9I4cnZ3o`r zx(w+yueP7k@9FE>X$Ml|>OK~C80B;wHZS8~Pqrra`eD&B!R9{Kq^c}_kU7XY>pO#r z$*FOney`wr*8Sn?r0dfR7?B>o>i5%s;C@aIKWCTGPdP;Yd}mQVH~dFGGvM6=PnFX$ z0{AwZuhI7|KimGvxjUMI9zy$gpL8Az0o@o!##5hm6C|_Vr~kE~DEe@17X z;9Z8ujOPL7JMMU9i(hK=FY4$0xz_heBb}EN!0QRmUG8o1#q_hda$n{V&rqyiLLPoj zf%{*|Jt@vFv3J??CjgJbS%y}-{QQFaAte8BUe8vIOS{jp`ukNya))MkT*= zhO3h<_o~?c7e901ErI8rk0in~<5}E%Bo{y3^O2;=emU&n=Y{{#&rEoi4zT7Ui)phL z!|8y!y8L{I{B*P)El1Lr=Svq^^O2qSsp_XWA4#w3mj~eLq~rMxw*MubA$XhNx#PJN zUTNcbz$2bg-7nSdF6!s^|IyD3c-`Qs^E)%1hh2Ua7tg;u;+dA{mmCj2&yvLd6we%Z zN8q{Rc`m%t#xtpF(fV1CM12}qG@il#=x2Hjzl?|Hj%O>EpT)(qE`GY}XYwh2`M|@^ zLI2UuYn`4W__RQQ_gd=zv*@T5;Mf9 zPY3%%%R1~{N2=c2aftqh{ns9KzB!SDT?%$Se$tm8=JNZ`(O1ayCm}9T&P6Ku*;ad= zYYAUPNy{|r+LDhsX8T4?{L<^w4&my0(-xa_)Crkfb$#?^_Ng?kS>fw~I)-YT)W<0e z{IV2ogRlkbR@nAOce}VF$WK8kO=p|SbxdK6UNhD9ES?9~+_Z*%`Ob*nENpVn0%XQ7 zME*^r*Jbmtt24A{+&8=I+;R6c@=JH@e7H4$f8afSuj0O+tr?%h_(Z9PRMK%DPJ2zV zaz*5tl+1MicxxuuDF)`iqtxVqlnif#L?ani@d9Y+2U zo4bee_XcMZ|2l=^Zr0npi~Le$m=ix8_o*<7i+e^>zg&%-KF&G(ei2%N)Nxj~+kJQL zTYH6lDyiqiyzV16*KhOS-fwW%WBU%;;o`O*7bE-GcLc3XEqs6a1iK$Kxf#iR`PAV4 zj$J~fL`g)Zzn77}1`R@YqIMq;zm1$5vffs0i*;SpR=qFFzRE5!kLkTad{eQ6*8HLSLaz zP%djF`AE$tGVS{$Om1>pzub3Uykvwu;hTimggSBEwrXMSRph&%-YC#1Muxr0y&WU0 zILxuzm&whz+Apse-21RwiM~drzm2OWN^3M64ME2{#z@vwYYaQU`M9dHCfAqlmp|a9 z+x{-Y=AV-&m&C%{<~3-mXd0TN{{KnQvhbQ{IUW}$weGJ{gqwN0Urs#W#G%>A*w##x z7fvnA?SCfyDSGrQ=0PaAL9BFZ6))<$<6GjY7U8Bp=$Fe!I{o7O+Qb2^LS`I-7skkY z>{IDuw(33~UxUK^f!WXaM*HPXxN5yar7y8rKP^@cySOoDC(21kr8C&hVa#=NtI*Hr z_pl^o`Q=%|-}AAl`E@0^kge&j`o5RCpFt&ce_=`ecn;i;;p+Y?1)lP^or~Lzd@rQZ z0Jf`G^KkbwnS5uXeRwe9`so?hjUbQ`|MSzxfmVa?gX#cvc6SCa5Vg{Y@d?0jcC0921`3 zx$BuZze{@5FK@ur{ck61`=UX}(n{nC7N zyrfxKS&z+bv=^D&R=z~J4h=_{sL537@Dmnyr`=Cx!QI8RSe3FK^UGp`I|Z8=Xf`sr z?~wl%sq{PBool(rMXY&(@>wOt{oLmIp76_FxVoN2otG%5qjQnT?M8kynv8zyM_)6B z^SO|9ewbmGn>ns$J?WRaS3rr8=n~WjnfGUf?0#L{NA*Sch`8rq zhF@-ltII77oBrqkGPx(}BueeNi82#qqiQ>uFI`Rl%X_7^w6pqOv)u9*_~q>}j=#+> zV2+HsAd~wr`Nz>q+oEMY+jir*uY);*nvX5B>w`MKV@e)Q+0XgqkilJw&1Uo-GPwuI zN7u8;?JTy3p5gwtWmbK#O0DpDW5FW7oH^EM7wSDX-J^In6}BeV4qJG$kl)lyvd*bA zQ*8^ii^YDq-rzR;C0-u=oBIo0+#A`SX8U_B+ul9-e)f%p{Wa&0$uIb2EZj8Pp&POJ zUE<|V7xw}34Z>BL4|e=^M7g zGPo{#ZDH>D+gWD_|AIEN%rCnQ?)TXIgnmILw|f0VsfAQh=as5mbbHZty)oD6Co`A( zC1IT7?*-WUQ4pEjF61+iN`u%|^B9knza7KB;5>Z={SMqTJAW@Wuc2R&$-T1y>j&t0 zl!JOK;(1!Tp0)YKT1Qav)!fi3zua#48`UsT&PEp?lY0;O3Ft+%0JWpvsr!l*-%WNq zHs3Ftw8k$};QDNTS7Wmoy^Bol(4}$m1N&5J_E3U^D4_h>g}-a8+S@{#Q?S-AtKd@2 z!>Mv3)@jgr$mIUab+(r5Q%Sv7stxy(aj4;bUAGN$zLUSsFP|I!w#D{l)W^l0Kz;^# z3B5l#MtY}nZ(dugf7oruVF@QyI=;Tw{c_rPryak6-4?VBng0Gj{#T^Z*{dqcc;XxT zQel71_LljkU%JB8?c%J)iBcEUM<%yD`OZkCer&r9W!=4BVeX>0ocf!*!7q;)+)Qkq z$*C;E*_zz3R{6UKncUaOZ$T=3#dgjMA}zVE zNtc=0n&XgcVjb)uXP&wbo5Sc=WOBQ$j+eM5%vF(kFMxXAS~t#J)%)Rg+WmU%JDqaN zhZ``sue?=FPRI64WO5slZ;4cD&9;EGz&5Q4$Jdrb#5?afAXK|2m$iBaAg1vre_Up;-_~kfUom!2oBn|e&$sFvX*lC})Mt5MpUdvLy z4Pobd*lADC@%xiGPkD*0>5uwO@&@*)KWn;Fdv@NXH7~J=;{S@tSaepHpf1w?} z?NQ-%Sxg4+a2Qz-za9@C{ z&vzPQzjkvKxzxqI^VE15f>fHlTY(%`m+*A4Y@amSLMf@Y$e zceytbZo;WnJvwCfD`q{)*v5IuBaXiduzLxuMP?j!kpCL}j1D2QehMFnNKd_0ph%!PZ_Y2NP6WOQI)Twdd`MCSJ1~a}nANXY!T-{%thHYbXsf&9H`95eY zdI0U?nFc){pJUHMt22J-^U3r)zkFo)`xrKJ(Mn|c`xp6yripSEItA5Yy-=U;6=Hu@dmb()A+%Lbu)oC9#N6-lr!%n+ji48Pku7NUo z$mG66egoQq)O-8d@Q>+sThne|2R@0CE}Hud>%tWf2ieR0E{{6>cq;Q9^(~Id6q5EA z7b;ceCeCA zCw~;hx1f!%J=R>L1J_1X1Oi^%AN-OJSH+dULsufzzHEQvA0+=IT8FxEKf3Vj zo4O}=H+|w`{B95L&r>PsDA(a8JN?#s{Qgt42bq2zBOh~#71wHP*RwvHaj~ns7{{2( zhErC7U)I6ZNnK|j^bX&&$5#Ez%1>4GFJs}X1%K0X472?8|K|}9$%hv=C0;UZ;OTIh zpytRt?iuvk@|GX1^ zIen_b8^rI2qmf9*kAEsYoBSeFm-X+2y9$?wVr5IJbc3VX<9do?6~E0x2a#F6*S1WQ z2hjrb3~E5^LU+Vib%yz)y4SAI_)#fUo`tKEF5fq>)&50NzLJnC2jJ=U{T7@ZC@Q6J z{9Yly2UYj8j>e)&TJxCj+%Gi48k2SW3KCQ0!pEF-p#Z<{hVDdWd2A>D2Rc2KwK1*- ztzrFK)w`Mpt+hwZ%dMFzzrjng4|wcGDKu{Aexf1tdazV#%C@BEZnIBKm0-5RZHbNf zJg?@~<69tC*xb@Q&nu^;%1F3+UUn6>8OfZ-vsLAOi`}pFsb5)o*xb9=w&5P`eH4Oj zduqFMhDe$+Qt9+mc^R&r_uh-mJak&1Fn52D>nN8q&Y@hip67V-U*@@+n=8p=vDVvG zbHAWo7t3gvDu+G%z5R;9+(`Y+Xp|~-A9wt{8{UKHc^5Y)jWvu`v@w*4#-AT8naeB5 z@$Qx6SiDuYl)uxhZd0;TQsp+ddc1!gn^)1rR~GhnUTemCRILql0@Ym^C3SD&n$qQ* zqt&qHPv3vS^A&o&cV()~ftz4OTb{&b33?To<#vpG)wcY5s2&>6Tx9ySd?y8N-FJ(= z?=`D!s_ZtnL2OR!v&*JuAbZ(yh9Xdk(_69>h}UiPU} zwNIr&&lf7TO3jV?PNaRRJPKE*AFw@!>Re^@3wFDR-A?`ly5wrk1DKyS=tFtE6ffg{ zwMr%QOQ1Kh!m4^SG~~KZs|aO4ZqV^#?QfvyNxh4XJ#`-I+g)=imPt z`P*6X9B8-Or1puDhDM=5XwMYx)1thNb3eoJ53G7Mjd^VwogPW`kHxbs$2tC$Dt=SY7RM= zt;tpM$kFUm$^CsatCR{qf0uMys!V~a`|2y#<+~a>jCQd zemyTq>zOJa!0i^c5NU^v`tE60wyKoIS@Dg3fc(R#8f&2=7ckf2IXUg;nLLac>YXZ; zr#t=YG=94PEk)|MZBC`Luj6_>3ZQAts!K9$Nq-k@vR&^_u#R-p_9y4gRJj4JZvX1J z&tF$Z$v~blHo5lC!D#(e*P_S0-nA-IowaNFQlaooQMt(u!@rrMg^T)6LhaQEgW zl!==MH{r>macH))QnB2U;*bxwjlsR-V0CFn47#}DkaRBZ$>Mu{1K8h)`fPGLc=fM+ zQ{_Q}tIKW4K&wB{^&!%7%Z9t&gPY4eMP(_s9Jv1&-1|As@#qm(9A=YWg5E%{ATtg* zUj25zR2lJ9(Q>=1j&)x7U*nJlca;bCU3@Ao4yM1l4x9Bi9qx|?_ko+L%W}TI{l1I) zIr$^#1o{P;+*KZN$c1|mb5h-o)%CdB6QiZ_^@aWYj_+;jw6GNII3I354{r4`a;1N& zEb`#iC?nSg_d5^nsb%D*!M$Ln6JK3!XSleD`C><#lYCdIJP%ioXS#pzm(ZVi^}pu*>}hcKdvKq~s9J2hD2ba6 zx4|qYzKuElW~jX@4x`A=L`%>Dq@MrvHL%8uVP5^@0OD(KbsRogTD@3*&GzQijc>e~W8x0grl?2luGK)$xtz9p7b%Z$8{+&p7_-_7OsuU`>Nc;6PxC;!f9*2H%`5Wmt6oUJ;!PWkraB(B`Hy7?X^NPkH z`i8>wH&SjM+zbzHd>Og|GBY{oN> zx}q3vuTpT+;0`dj+TYg2a7*KFHr%BKSGS9f#c=;^K54EKV!q^TvhIatr^K zN{ZW;f8Tvyjv0qcxC;z!Z*0~1@gSGKPw~z02W;+nO-tq$z|HsIjxQrO^M1yQ=bZTJ z`jGA7T9LK>tLj5Z<(36E!{DCukQLwQF78b7i+OLKN~I~ce7JKBuJ(74i)(pm{kJs! z7Qo%_!F~19%4HhgWJIboe%^`iOpaC6-=!{pe?KoyCN|~-i&UC=mH~ID!PRki*~PUY zVEwl=ama+b!r-okr{;Z|TwHa%YA5?t`igBy?IQVsR5=9K7q$@5=Wjo_xRK6FLU0={ zDmsrk;^Nx>Y)y{Q!Kq5$qvgL}r8T$7@I_`}6j z{X_JPR(w_eP*Qu#97+FcaP>T@G7NKG9qBwOA8zBtP8{@n{Ztn>()qfKN|nBF-Sy!N z7dO)SkOlWSxbAuN*)DFR^&uPXej^V0eEvKax4859ksjw+z6V+Fd%=mXZpW!EuG`;| z>O(Tzr5@ZX%E(QF`=bZ9bs4$oaFdrfakv_uT93Nk#qCM{-`4vUdc-#u?!5+Ay_Z9+ zdk%JSCy}3vUO?`3&vg4<7jv9XADt>|J-F*5;7<17=EMEV;Oh3a%f&V8LusyyNLH#` zxzvg8lu=e3K67!;U(EM7*caW2=Z)B!^=z9*e6!&`W^i@6)xh5DcZw^wV;)=?lPWt5 zu5K3>xVUB<{;gj(%Pk3Rtz}LeG`C?Hxjwkv4X!S?3;%`Noc-={i|uY*LpS|RgZs3> z)&92p7p{s&Y2uI$_cIS}pp4uMxMwXd8sD@sax>xHW^i>qYvbY;SI=tm45B(0FyosK zcY(ppyhy_1aW@xt0Qu2q8hR9&?V^nbH)Aa0g~8R=-{xa$wu?37|E)h8;K9vx0b*)QdaMycq z^Wa_$*JlS%&r^SMaU-3Vq>oRP32@!>l0RMC(v+KdeKP~@HV^JUW#neUtr>FStLHm0 zoeS6B;^sU1JmM=4rOJ~AS6^p1+r=&Jx?Z*Si?-uTxF5rHm)pfIZlvW_0JrAKqUCmp ziyLXV$-}8~lLt4YjNBx+bKvUp7JVKNba5j+56FW1xxv-rQ0`gP3iW61IF!^sWW%k+ zeS_Lx&28`UH&SknimwOvx-xP@aG&+y-cUwvF5Clf-SxMNiyLYEO?xC&>b+dF{&sh9 z-SI8y{5T!%ogUm<%gD`uy9}UwsMi|dXv9 zhTGE4r(^R!G#;7r=r76tjxOlRv#6-{eBQr&vGt6~9Q*ms%w0TBWVtKJPjDS?wNw6W zu$hf^Ad{Qcjr*3+P;?iX*@SzgaYnsAYVic?87H%xvYzDn72IyNze})Lhu%O&JmZg& zKe;>pq6s|b6x+s%XAisYQuk1+lr$?n9B4^XehS#juW zw*%$xlXe`kH>66;Yfc>Qz-BPIADP@w$R9yfdsE*~n0uGS?d!qK*pw>m;p(K`dwL3X zHCdC<^?<(>dGBcmyRq2maa!A*hOOz(^EbxI(00~!4PNh2;`k(Qr^-6GKHDK5yr$?% z7dMmqIP@HviCWyuv#C5QuD+|c#V&7EE;-5>lJA{VIR-b`%1SOa@1i_p`kTu=tHakv z$*_&l;rFCXrV*r{Y;i~0@$0n0>7PPylX-AZ$3cB>a?{Z`$#-$peETT-RC=d|_xHoh z@yWM^`=$);acmR*$8~gM`a6OABD4mDkh;G#VU1PZ*|xtXH+gHSylQaY#AZ9%g-q^w zeR$RlbwwSK;x<@maTj`U^WRUEzYXqf*xZdWk;$D)ekD@r{XO(caP|GLs*S2-`kT3( zb<5YC`mhe$&(T-Ne zn%r^Zr=n7GKVlwab9?YQxCPk0jJ`uA_v(Jc1}#9dQHU2B8~^4&4;JQ>wR#JAz%N(eqMPOeGGaPEkQlr4#4%<`9s+JiJ}J-<{q6EEzQ{18maF=w&D4D{oKzQ zyMB%1v3ed?3a6a!cwY5Qr~kVKyPHu@WXAOb`E%}Od_XB^+j8o`QmY;;Gsc%}yI)N^ zlq&bY)p6*6&8_GOWOAP##QUsJN+#ngTJtoe&MzGVKLDzUi^SI2j&i(6cLw|T@@{z;XN2KP^RRR=RhBh%mE1!Wa!aZnkgp7Xs}Ez&hngaj`_=CWypNc7(4j|>IeyoA+nN`c@l8q$ zNWBe?zYDQhh1MgJ+vXmgQAdxU(a5Z4e|gk1-zfp<4_DW-C$O21K1L?@!+V*B+{bu^ znxMS*MFLf1Fu8+$)< z4OADI{_Z1Rbp+*w8Xy(lY6~rHU%T8?ebDVVy?#I@z}4|>gUt=7GcvjT$&W%RO<>!S z_cXK%T3kI&H0x``w?RNYf~(Wx*gTD%L&khQb}ji$Xe(0h!CACOphDbQgg( zkJJ8hc;i0L*2ig%vw3h=!`1iu_CHuv9{D^r{4OYydoRz=UW;!k{o8#B=Ka3ujRW!< zTwmD2y6;1AZ-ilTBVE_ZgX`bqoWJQfJXXTd0awSj3&*d%kC5StgL>ck+s|-1hv&_Q;Oi)tzf;Liqi&yhw6fGdYQ1b2ZB@M=?U+3-n(d+h?oV)adItMt z=tZRGUHmP23;9pbV%mOy{v@esKrY+t__L3{{fz!VW<9Dpl5=6y5S`zZXE<)>{SsT4 z6F26&<2QR;4^9rqaD%JseKPhYSNp5BrKz9ka96|C<)Xd^pz7zdoDZ4Y>MNt=W6ot% zQuWj8J#bNkOV8VK;r%L-dtE;2{o$$f&+qVCv)tAD z3b(UQC6<*u-$!KjOPMVKa`L;*@$SO*Ao|tCZ8D1YET9{aa897=f9$mqeuq$x1nd05 zY>%N!19A!FquaSIpC&JGU?h9JGG0BC?|v@-7tY6Wu^-}Lf4BPgOJSdfeK+H{24kn* z=b6RU7{}u)zf@Ur*tZ<1es+9)>zHJS^{zSPi%R*I1>`A%r;jHkwQ#$$er^4?H0`+n z?k>2x9_#kJ34hFTjkG;yv<%2;?>Y5l3p~}HKXY-_`(jV9ukwRM+w&Zc_MDy)kUY3P z`#{xocQsEa>+_R&a8KFl#6icmtj|y8!@U)*u7|ok*W`H3_!ifmlResVhCd+l;p(K@ zb0fH=Y0p`y0XdAlyFFj(@+;EzoD^WbwawvP4)1m}#Kql3{%=%oH1z^?c#OI4HoiUK zkCokzTI=QNJMOw4FSsHg8w_qQY=)!J$c*Dg@;lIeboCUzHO+bFOwK#icf_}_UZUnN zX8)6PWk7DCKI!t&<(`mLx_0ive!7Q!wNlzAV_)Tc=ig7lPW8*@vNijO*5t28w;;2h z=4e^}r0ckHXdUi zybIu-zuhTseIC-p#f|tpH1sJbCQ2igzouOq4Q|CaUVMMSC5aqUH%p~K6djOAKM4y8n`-*fHx6M zL1z13Nq!Gf?Y}oc%kB`6Ck=n}ael{d%=WLjYFnClRu0@x;p+bLAUxF{{o&%CAYXl~ zRquCkVsanlj{ep>rJQ@ zEk4$s2H5d4*Y(mn24o3bUEYJSdmU{+CO0&W_dTKx8tdJPn`Lv&^3J@C zbso67ztZL116z|@TzOCTDDMKeX&*V|Jp|rZ^e{5YJLV1YhtY24{h|4Be0wl1T$I^8 z1M(R5`gnD@$39fpFL$|@RKIiJegU_oZI}S>babYR+p%2?-(j%IUA=#=Gv%(|lda2r zK7Sr(b257ciSx2fVoEJgWfi zM7TP>mu-lXUZ2GAeWSwheRdY#&9vjNd2URJ>rYv|IWL9lv*V)ryD|9N*~N{tzmxw3 zB<5qsUmf4Fu0JKgy&A4r|8K?DzAk@@tN)8V>VG!ehvDjUKfDQO0W#*1u|JWIdzgD) zkUGb2!u2#&zjksCty1Vt=3|C``nXGaznxe4o9E-XaI5SpTCXm{53}7zTCbA(GT(*k zu2)yMxRKVYT)2}Af3Jn7>eWpyZq3Hg(vy8Eo!8X+z6Eo9PU{zt?Qnfz3u~QQar?Qr zk=EB-xHUd;;-Jgz)e`!HlKQVaxHrRf*Vmyge~YWH>pkjgdjEjTg{#v;@TQ}+$gHom zA4!zUPzPkz*NopR+oZb#a=`FUA9vz6#ozZ=QhoKoy_%1!(ScWX)dlVN3|`@c}oax!%vIWs~IkC zarG+Cqh2Ks3dmh>by^B<9r_rV_3DBNT+>6>B7N?s`oRvBE!(ugTqiL6)5qPP-<##H z{~fh0%{(w2?h&|peAV@8po<%6y~>5#@Ux=z>RuN&(t4FXBp`QsaL1OBn-BK|5AM`5 zax;epbFC12f@|lujj8b@WX7kkrxjt(t4Hr0QaYS;rOfLThjaAN~%|BaPNZau2-+P{4K6t9rvhLxp0@l)k)7^ zx5731?SGrUZnFFB{80h<(eO_ncbV72;3j|R)GOU@pE0R$y^6Ho&Ulde3fEn)&U0}i ztycwbSHgAIs|#J+Nb6PR=z#oe_^ac4nTxB-QEf{zAIO3m_^N2VN_BCIt5?--DS91T zvI3F?S0_CmxB;$Nul{X55U66=CXEfqdxn4dxJ!B;Qc3-l4{oLWqV?)o*KtQ$ud?B` zf$OeUi(K4D>y>XD_r1XN*#Xu4)ypn!r1dHX?k2-u9p94H-Ad}OLU5~oU9?`k?((;| zdgb$|SIOf8avfZqbiMirZfWY(D!X2#JN>Q%-B?uXc0v|il;w>0&tNma`>^U;8Ghoj4Xb$*mgXC-v0%fH4v`}E)l z%Vv5V@AV7w`;vKZ=NViT&+DV2CHFeM5k~Cv`_M`gPm`MucfSX>r2FZ-+P}#yfZJf7 z69?^YO}_J47Jp?@Kn8elXO}R4Ey>>`xGOxk?e`b|-HMX9KDfs`xc_B6(~NI2+$;7w z@m23LQQym6;i_k5eNgW+Daqe-xZ@43F1NYG#CJz2>Td?z%^utiWsGko+^XLejl;?^ z#vvPSx(9bv8Mz_2PkC@xmyw$X_frq2EUJxWi5ybiWhls%ORZJBK{_ojkZ546csv ziZag6^5M?#;MR8eYqpEh#J2$McLrDYJMQm2ncUL!4@r*&On%j%cAAH%=GlQ$^?-eet*)B>me@KSA z(SzH%7;b6mLmJ!~KRR*H?fB|qxTR^w8F0HBTpfpNi{X~W-%Pj*4X*aLV=>&)_?r#) zpa-{88Mz_2&3-Bx->zlk=E2SK;NDV3ZUNlw9^B`yDBHX*>G6P^`*YDa++Ie1li?16 ztJhC|Xci@{qN1gji@TS~wJIel-0WIk?7d#{DbHc*^TJHHZ+rNAmy2t*<5JZ#xF;Pe z8i&Jyvc)$9x3dR#P#OKrgZnI8_qaK<81BEdV{?4Vhx@$;x1{gwdCkvEZUNlOesR`& z@59g0=n=#+nO;wgeu4Y}q@Pzyev?BzMt5_4*#OdH-kT zjDYMjxO4Z#$iCB~!{1Ujxli(Kb)W6;WPe=A+?lk~U!6Fpep^YEsmUFQzhjU}>Te}o zm&=0NvjVu;aOYP5HwW$y6~GO_ZOFZLx}KF+d~@OUuK;cy+!x{M{`KGdeVDp1#jX!e zu=V=xsCnOdKHT3bz~2J6Ess0xtw|T&gGI1!;oWv-{cX!xaD1c^Wa|eSNX>`AMV|7^*n0! z%y`d!{gXz~l4|$sZA#Iv=gsE&a7FkF_izPp3*a{VyZqxTbBJ#RaFgIJt^lqN?*0nk zCc~|FqWs%M8r=SH%X|Ki4tG%na5Lb3TLIimxaa><{&C2H+ouA!*>LAo05=EjmlePb z!97MGt_ zhs^VUTI|2o=JqZHw_q;yH>&*OAkPNme-*$@g8N(raD8wOR{%E|ZjyDNa3 z4)>)B;AX)6xdOPEaGS@Je|)pxW>x?<8}2I=z|DdCV+C+SaGS=Ke|&S{4z2)h9^4n< z>i)MH3p}x`=T&m8_ubYhLGHHu$zi4FCqp^(4;A2VF5HXa%0Iq&a0gTXHy`dx6~HZk zd$a<$GLQJimw$Yd;0~?;t`BYquCBk?yzk%xF7ted%yGUw@AqC>g_n|$)O++wTJH`iW^hSBnk{Z6@qY`xaO)w;cYk5bZn;#kM5sM9UHWrqUw*T`#VAogo|UNP{~J+jn@+$t@hK$!-2R>-IKx^SiuL+~d6%CRY{& z4l6>O&UXM+|Px12M9P zE7Mf2#m)9^7`-o%rf{c1Z-~w#=j4(wFgGNQ0}#i_2Zy;>L?L z9^-{?c|i6UTs-1%WJFLOc6!u@EVzGoaQj8TJ>bEWl>xansi?n0BH;ez!OepE zjKM9p{tWJS23N=Tfe8Ff>QVH$^vst6a$$|4aTpr`x2^}b0Pb*uTVCxg<7M8zYjAZO zCPv_IOAmkZ;Z{D`i9>mnTly;AV^;y(T)58|Tpfq(2;$JeBMxb=aQ(vImRGrj;5I(R ziEnxJ>&dTje~G~@FMo63zE%O;q}2h5uIa?#jI4N>L7B~Um0PPfqooCZOGT$87e0^8 z@F=$&xYrrn@|vId)&%4UxaED`k^?ut0=T}l0cmuq6JOmfo^!>wxOvGiulT|p>cL$W z0e6B2*SC)Q(+zHU^*h;ctDNS_zDL2Q66F%Ka7UEX zM5??R*l{qQgUJ4h@1DWc>FLX(pO>WNKfZThw6JK@TzIskWe@{!7o9#w;qyAoiZ|?64nA{ND4F)$8f7CrS zkGuR`O8!-((nhwbJ`6y|n_AyiRdF!ugY4&g;vC1{53p(2IaZFcHOnn=Cf~O~Dm7$l z)-%Oa$>gSe%XcpgZVPO#LS2x_ok)HrT80)N6<_^*x-IrMVH8)FTh@2HPsiYHz(#RD zLT+xQS>D_xL#=O8ncUn1v|EFFGPZS5b7XSW^FlYXZvg6rOn;LPTQN4d+204G)wxc5 z6?YVxjJ&uj+3)7AGTNJtL&gsQ84Xvrx3{o+AMJK=@7^CLN7?r)n%7hcJs;BBuD=`l zIPpz7$a}kdj=xb)C(1>r3o`v(NB({E2l@#W@csF}_^z?4XT956-))^x#ku~Pb|fH| zpXYEdn9cX#QCnnk?398Mg5#8y4GuKUS?f`I%5S10xT>A<#=r^1ewRFKXBE2 zK0rCWfX$oeC^ET^%uSRJ&~NA{>h_RG#%odHYZD`j;ieI6bN-h1H}j#oPPwT1Gw7Wd zssF4~E|Juqjc&Ju%{=?Wp&Sn>D@vnIie&U#R~CWhY#Hp7aE^&!8M+`ukKgv19J4 z(o6iUqVE?#>{ltNQNZS8@vzMr#d~DdO=kU*%7%%mP#Fxt6 zhkea@m1Ji4*COw6+&j^3WR^>l9LgK1w2W?en=hHwsZNWlg%lp6qGyQ zGE|4tDr|NPj+Zytn%r@`*Xn(ndtTGR>ykQFRTwuq+MLXUpsa$c$GM%@ey{B373MZ0 z-wNG~-e(-@Fok;`9<%D_KD*t2V2pE8B`8`qJITRUt`f3wNYMk+npC{DJW zSG3-bqdlFl{mp~>1YGU!U3}kI#bKd~yJ>ffykv9#Ee<`oH%Z4Ky=qYQ!`1C+Ew($+ z-!AS0^SPe~EkLLJ!gth1Fh~us&IdZrvc4Pm1Jze^^Qs4>WrIqRZu`F*yCdk_1%>0V zjQo1E7k!RuZHbaS6Rh~=+uT5{XnEFd8W}Z$G6}A(58HT`o^K&z9x~(mE`#A>zJ+@Q z`>*2!$-F--HqSbLG3!GC+;$Be?lstTM%`T8hsnQ!RNBaPLO+qrkTr(tdS;FxVoM%A0H!cV)qs@xeIyk-Zq>2HRq|Z9`|LL^*r4d zl*^kq_2wgNzd=8`xQ!Pl%B83SYKvxa&sXnWmcLEx_G7lo^z(x<4z8{@iMPbcCdRMZ zu{Hhu=@!1_!#3Wk?Cn#Is>UwjG@mKYGLtI?-J;aeV_cKb&>$~h` zy~&1K{X&O(+qWVQVV~{dw(b!v*P})3-_)uww};(+Os=nPP_BZjM?;$h3eaPQ~CZa6V zBZqPJ3X8ku?bvX;SLL?GZZi4xsAq6>J==R*l;mKy2$|expO2Mv&SM^qik8VVEVDn| zW4BAQo+Z~0N{fq}cJT_l_2_LE_xGD)6qO90kS*o)&xu=sqAE~6StD5mu zKCARQ?-}W6b3$+*gPUgO8)B>G8O>bW0QswJZaUjl9`lT@zeoN5JR_?~P`1MDW^=n@ zlYx36)89elMv1|{KQr@h_CdCsDE<`gcj@3vT( zZgbUrv0icbmSE~QBwrMiHgI)(?>{wOW@A6!#ht+Zm)W-tsd{E|7uw~f;;Z}LJh(5y zO$#3(Yg5>%_-=G@BaLrP)1Z70SI75#cq+cTT-bYPLB11G={B~T+7&+zWjAO34OjOMdK~KG;zl|S6~J8xSNCU`@J6GlF76ic zAEEEjH^>}^w%O%ojze;3P`-mp6AC9i4*i9#S$`uPhjQUIYVOqEl{}Xaznr-hGP$|z zZ^*u8XwLOgXdF6b`)iID8J7j+Zi8DnHAb$$_9_?m?tanInSHYkSCKlb!ua4chi+M44~PD|!-aCN!O!!Cs0 zL1r9|ldrTQQO-gqquoP@#rYPuo8AAK^G=^XD5tk@`t^wgF>)z(t&quG%>I7t8-|uX z5-XVj<_{dC@^hy>UZ{SZ<+E_|r3R$~T$N|$&KDAV zPQRWN49ZxzKI@)+*)A^k@tsJ36B?#ySQq+`0;0ptG@qi_Uo!nsHEDP z=E{{pIbv{U!JChkySN{>swy9{Z#U}tx%HjZ48~5yOFC+uH<|4?A8!9kojB~r?il(L zne`!NRIHpGN|cLHBebvs?V_i}t>w|)lG+4i30z%&TVm4*^+zUmA^Fv4JKBtr-xryl zVR75o_1B#DWn2}Mrk6SOta{_>@-23Uk;y&6JKY}a6)$lsSyx}l`PjLf^Vo4{V*9J+ zefoSX>1xiS;OgT zFThO;=R^i$mxX2^le?dM0ZMo&QKC?Xshqp9Mykr~n0+37IrE(@Hb<^u{R6HZkLzG_ z1-c2D+?U9|j}D+O(S)y~WEkHzRovsYzpIj?<#l`Bmwa7N&Tr||-^wr3x1e*8$xS7H z73zrIyif|oA4ZyhTR z9qjsR&UcbJ2IU#JI==I;3!#n39E;oT9cx}~&L`!DpnM5e z$MM=AfMIcg8n8pPYxS$$gi6B=bq%twFgRu6ukt;NnI) zzGcE)1XuTy1@P4R!|yI`)N0P@rdrnp>T(ULr135JwxAq^>mJ{#!7<|y>G&3cds(Ve zfA#oQ)5VQ+eDmENl+kc?{jCk}0+j6H?iv~+H?yx7%6>GaP`|TY*9W8j^<@NQHC$bP z2Vyr$*&;IzpON2>{zS*naMnk+jJ4|TOuK(j{cj7q{^s5hlpo>h`g`&kt_!2K$mGr= zzaD*p-bWdG=zp77{qF&rdk5c!m>q9-?Eec&lYkT7kluV;#qW<}4FAV2_*o>~b^b)%krH-;6jk!6p@5iA-+gcR0Ub z-|c8#Q^w4?tVdCaRR5T5``bUsnMY;!3rek^6JK?`tPi$>TwJ>}`S+yNj z`I+;xT)0_qb$lPe?lJU~i~BtJm1xlUF>(vn^Ue9>LLpgIFeAi(64%> zIQ*{iuO&)V^u)t)vU`9t-)Uj{YtDaj?&5sjh(iX)cpA3nA(N})(476fTyf~(5r=%Z z=Uwi^;d1P*MK`**n^-^V!@j$b`W}iIhczB?$QlroTj18R9a7~s4BJsI?j-UmJ;Byp zZsR@t4Z(fa@K>#KsdAg`;w~k>4tbT^HV=Q(?xxZ3u4-Lw8?gNdeS^&Sp1+YAc)zFGGptKTu#Q%a`#@j8ZWG#$Ozzj@520UB;%(eJi@&;`JZ6`hnxE-@ zC;7ghRBq*rZ}KK~s5UaW*OBjrZb!?TM#;#4bKc#-_E*h+^?7&R@SwDYtK%>Ly9dxz zWOBdWm>?_Iw-&9soohvPo%4WUMjZ6Ir;K3!09VIh8+M+MDycH3NYzMhxGb+Rj+IDClRwJ_fP$u`%lzv&M%KWpv8p%->T&=_QL7m#0p)*^TP-DJc;*Wav1n4iJb^>+() zpP+A$$vt@!$AK^AqBfWXfQIlUz0zKlHO*1hRphV$Y{rJ z+2^sL$;{7;IGlw|GHQiP?hx{$&;;bJzYX5C`d_pDCQS`W{WeYpj2t=%pY!n*B=dbanr7>8lLyfV846bH^Ana<7Va)K}mzF{A-MO$)p6K@otpQ3?Bc3<-v>Ms;x+Hf@`ywFH0HmCzpC8Syziik zTim>_w}-!3aO+;>_^aoAf4I2C&HJW%_?t96C_Uh&+X1Zh4(l-J0%X>+TgdlE_aHTH zn)CI=9_1E#GAK{N)#aw=eIs35U2b0UzR4bOkf#{uuXf^~=Y5a6xW&!;)*Erq^S(T| zt>Nl8EQPll?Q?N6w{Y(*=682v^5J&-)fBdk$XTkE7$@HSZg4 z_dDjiPi6;Yy%7gJ?|aw9EpFbo%8qZLc07l19oBQnen)5!H8`|s)#GMfPEfuz z;t>BH>-NZp%s8ZzzXc6N1CTlItCmr8-j_8$C>OMM;-JUP2eCD|#f_UyY=6ypU()kI z`5#;zha>P}wsO9MOzxO*v2qprZa`CyL=}p|7LRc=dr?pp!%efxtv7b}qshqR=8@ln zenUr*Iqw_pF>WR;3Cdx(y1l9KqS`iMj7+X>Z}r*l9xqneT(iBU!#(dBr{7WiZ!>Iz zE^Zg{>i&`pw(j+k&USpw_LdK~D_q_0+=bl;^bj)rT}ggD+K2{n&$ZeAjjQAzq?JIuwMOnx?+ zkKF4!+dTYDS`n0CaCNyY$L>w^9x~$){{gWFV zmsOO_B?3;+xeG2A!N$p)$f2QiM9ybf% zp5MWV!*uL6pgqX+cjR`~u+buPa93QRadV;VuUUU{S8@FfuCBjo+cY zd%dI^*XGoDq1lepUg7#1TwNdH^61M@9b|HEo){yY*>?+4&oP==k$|nvD<<^L8iZrJ5`k* z+4mQ6kDG1max=%xj5R^I5w0FLtA5CO0IGvb?)BumqYR|(%Qx3c2H0G4+$>m2zXMmt zp&xd`(Id#@-Y_Iuma%U&a*vy}f3n)Kd7hQ_T2QtbaoB?0C+J&ba%=D4xmDB(`H?wp zPB-G9&o|}upj5lwi9%8mUBKs0hWCP$YvQR0bgw6QMU6Ns458p%4v{ z5C$QH|Fh?w?X0`!bgTc&oX_Xm?VOqY%(`o@z1P|M>~oIwLyR)rP(P%(uMOl{3df#8 zZr+^d#jo~5&I0Z~fgAGze=g-p(AP+F+pcOLG1MK+ejs(eBs?V9F7$j!@xqR>8m?_` zcD#8Fgfsp2X2+YiINWsO&9HaAquX2JEyizfZU1Y>oA*21 zbmPso9#{7}C5t*r5nSsBJKmh_aIGJL#+&N{{1AG(qkOCUV8@&9Iox#P&CUUSD1v)X zu5Yg$Z+_`;(~URlt*$svPzrYf-2eJX&S}hbhMyg7y7A@(0ruuE?kLOQ+Iq9&&Fl|S z<1F2HGe4l-Lhp2xx@Y-*u;a~R9j>jnpz&tg06*lxy#=oIgB@?4>2TAHH%BTz*u0tZ zF5@@2)(>{Pd6~maH{P5O;D^#>9c7F1gB@@F>TsJp>SnTb&wb z>BgJ2->o=LTlPsuIkcXKexVF6o<;|_0 zA9Q;wg!>6x+wa)C`LV-Imp3RN(+;n+!tH;%OGf~R@IB=~W zY~I{`O=`VaKLq8?=4&eEp<=i-MN6r*JH2o;Gx`zrNaz3-dnb zellgR&6~LnH(lQB5@2ru+?MD1_S$*cUJf^1-fSLVZ}^Lj(i^VL7dCHR?QqlO&GsHw z*IV(I9pw?Yw%%;seA?mKdJD>%g9H2!THjF`boc#W^X5E}WN694SZQgty-dwcU;ZAE_PcD6X7x|Rq?mX>6kE`>heAiKqg=_Q0x0L(CFh5T9 zLu2-vp;pMfK0ny=ug;sYiTM(^J-k3NdGlz>Mvxv~*u2@tu$}9hqdcz8n~Cqae@OXZ z0Of8#qaE(sw`IvQ9Gi*U@#ZGw2b(ubejv{)KfFn~73fo>?XCX_>y6PN$epL1sQh5_ zW}=Kd)YJEa$(wB{8%3IH^X3a2cdu_Y{3zK^>bx1+%=JRJHXi0s?tN71aGUb%htOK) zG|)as&sR?k$eW2@nU8{N%b!~k-uI_)se{vr!C*9d5dHZEFMSt?+NI^C~~sdD`C`uC2GAdD@Wyevp5-exdwe=4p5R ztby!}bbGV&v`2H?ou|$IxZ*r*3EUPJ_ z%!u@XYvb3>)1E+iZLjr1&^+x(Z$3)5<4{&ao`7rP!Oqk6cev^1X}5U&nQq6i?1-#~ zYx~KE;5~(2a<~uBPrl2s73iT^sq?g3JwNEY8LknLeJ}L;$QkF>q}e~z6firjhHVag9SZx-(ok=-xy{cr~5 zZbWw?&6O{>7Z3| z^R%T6BJv>Im>2j9D7PB@fHe2$FS&0Xorm0c+Ah~toTts-JtCjNwe8K0H-}JOb8UMI z8gEYV{HxnrA>31X`R&b)H%B_$bmPq;?|etMx12p9ax+}p|Jw290}eOccypo0)%{MQ zVMJbmYyDuyoAVs5^+V8jb7_Ddis6j@uu`nj=Oce6*r2= zZWsH0u;a~+4%gOO(0H@SCl%)jLX9JG2VCn1JKj9o;iemJHuUT@@%!I+6Yc`I)(>{P zInd#z8*jD<@Iyh9i2S4cV8@$V9Io|4(0Fr#*PrQj9NIS`9eewJu;b1DeU(~o>BgI# zJpZP&%G2Ew&|u;a~_ z9B#VtW*_ATn>Q29BQg!H^@AO6e(7-2jW_3c_UgPDY7vp|l^^VQ^PCN-ah7hpxzUSX zoi`JQMC9;3z8~y(^HztOZoE0zJ1^1mw9+af*TJ><;=oLvi^4Pe-g3CMy_rw*TwndX zOf$wZTS|L_I~}g=cb33gfj)J(1^HR>3&;LM#bv4Y53LVqZzXWQf@}L7(?8Vsn)S{o zD9^XycuUm2jekGG(13m?_ppdG?d$u&Jb&<5%EhlId(6au}`WW>aF$1Eq0zZw{=7&D0^+aO?0?BTW@)Amn(Y<;XQ+9 zI^1{I{|J?$y4*vg*Da7^=t#EC;V%ERo=oQ0Gw9%V zlJ|XuF~$&AdG_kOS#)$n{)B7u#o^rNJBzY!J6vn;mmJ@}TaA=;L0dhp&YOAdBhtRV z?}z)D-}#xczdGFTVSI7c4Vo?EJJyk@`^l^?biOEsI}~oLyadn6q)a2!66tuzV}Ag; z3B7Yi?ecX&6UQa}(EQV6zoYX->9G-+1K0ZDUdp|WK0=y%)F%2)bOGv$%y@I?^+|5~ z_bQGzOFKs7Z{>&UC^G_$Mw;9D+AMjTW6z+LtR>Ta=;GO{{ZJ5z$O)JEet3~`Z=sLt!i;cfqy&j*Z`Ll+|3%{pBA!k~fRs7Q?muj?J4r9d5e3 zInlFMpQq->Bl0_3+yC0Ud6mPp_6Ft6nE`pT3~rmteLvW|IeHu1puD*_p#KdWACb%9 zT0hvl`Jls1mp2y%_@NB$)5>03Z!;XO^@I7`k$RI8BC<}|YxCyI4mVxi+!SDM3EaI0 z`1NM<=DQ9zUEXZ?S+X7Ld=Wb_B3xZDc*~jDR zyjcSGWVqH3HgCSge8G`#J+?ZF;=FMLm zZo0fV#4|HhkVMr0mb>j#@R2RPhxd2>`i-b|d$d7tuw&6{sK+;n*} zdtI`B(0McG9P;Lsz8`GfEOof)@@6ZKtIr=|-6C=)T-)#1{&znDv@&@!7w&6tZF@8Q zZ!?%}9j=+@%H>#h_hgX87EQ9D0@C|JuCS&*9qm4a%Ek0eQ0!?!|DeA56cK zfO*$8xP=^d&)3%m^gE?+ABJoF@EqmlpyduX=j?3xgJbd&&oAhe`uvh2Z+>0-p`?36 zK2Y}BdfSuom8rKUqP+oJbAA<5`foHGwLowXXl^;yrJPl@lhimiZQyh24n@g1+Y~C#E6_Nd~ z@$-d^-!~ktwby*^NZypZi1dUT^9sHNZx#B^;oiKVj_kUb>(yv^v#gZ+H`jRmdP?5B zI3oAM?cs5MpCrxca*cLo}Qv>!fY{~L4c zH}3V}Q;#=gOY;2?dY-oEQt}X7dmd%;=E0QL+;n+!SU}#)>mQN#lpkX7x}obF?wjl{ zLmScONRKxc2lydzIoEjy`|ZufZ>`@`?M>El^4}d9w-mtb4Aj(3>BlT7acOYC_Z+5(Ssl!b--rO8uZ_yQukKx*S zvw3s4!%dero0L`@Z-%dm$d}3wHg7)TaIGJL@@6cc-ePc@UhDh8jyGpI+;rp3PM*Cc zer?{2a8e3A^Te|UP?cXboH}eNYu~jWvp+x6d2_w;gB@??T_2HdaIGKAc=IaC-RW@ccyj~C-Fe!^ z@B8Nu3%utAbzM7_dd9`-?4df zsKd4P2IbAJ0eLe&!Tg!>gXw?G_09XX!41lr{R8^n0=PA}W?}tc^JbyLO_w)E2KXWW zmWUh=*Y=aP-sU)5>xUh!w*=f9l)W}@zV2|-<;`gU_U4X=$V|Al-fZ4n<#5yG%~c*( zpYIgk8j&BBA56WO>znddYJ0PO2+Eto0_v?4?jbk&^=9*CU5A@4Z*En7uz9m|WJLPH zwSKU9vyH<|mp2muc{4OBB9Fth@sNif%=OJD9j^65P~MyukT-MTexdwe^XBUgH(lOr z{zbAs)9pAhIwH-7`TeAg-z^T;+H2$2Ov$9XzF7eGBDgWHpv{|G9d5e3*~PP0=gpEk znKy!K^M%cudu@@jZyw=rcQ$Xzn278(-1mdcn-PbbE^kg$ zez18{#zv$&TGEd(fV?U9a^45m&6~>{Zo0g=(6d+1(-y(~O!>j)&95D< z&YSM_%}oJ*D84@;2j1kjHyghP{T&<+Hh#CaE~o@HP4maIA?G~>c>-JVS zE+UKJ+J498&66Ci*K8yxZx#gP&G2}xUnoDA^{II<2W*3z;P|=xj=nD4c1v;`pwHKH z;U06d?}w(tYsy`eeca)m&hd9Rwj8xUh!w_Lc> zl)ZMI_FIRWZk{&Z^MkfG{2=pk3BTS<-mLi#&jv#JyxQi?ILF;}K@GpGINmIn!1)j#@Ra~-brLr~tF5|B5G;I4pcU`3{b1*5yE+?BUWG($Rmt-U95++7z`yTl)7*?HRh!iZcC*ZRTc%^nVSXY*zm+*g$! z`oJ56?sB;2AG@o(&9RS>8E5J7W)II^J*Sx#P{k zfO%SZiuF;q`hKwUv_CoAba}Ib*FU7>O}NA0#=MHzB{L-Zp^iw~dk6dXp=szzq{o|6 z1N=}jm38rOZF@8MVhQC|AkDS$u%6>?zR2_1h0Yi94A+N7`t9vU%56beS*hH;*>8>x zL+3w~DTPty*Lk;*StHiR^Mmex+-<`;23>Gl225CP$&;A=|DKgJ%)A3Lm5D&4JSP!G@T}inw(Dz7l zYt;tEd2O9OPi^>T#q-ocxC`Oh_Xm&)7 z8|B+uNVyl#9HhCM*#8~XuN{(1RQ?{k^OF6;umF2wb6Kwp*Tz|6${dM~MVfma`&Xc0 zsP0P{DeJbI1lSvUjd?k^HqYO|vkq^i?43w+*WX)P9^u$C=y9a$ZHi~F&Tl1fvqt;* z?M2GWMGKJTu3-OD^eviwb(XZhNu>X^Nk8Ox_UiMU(ENx*;M((@pD34ACnWWd<{rX+ zTXY;U{f@aVJ(%~E_xP5!=h>_03G#}Wms9q3qTD&?Jfyi-vVT1qg=#OaCG{R4zj^Q1 z>l9#b=^GJwL)m)|<(@?^A<>lvp}WxL7qN9# zvfg?qKiGMV*dp!&glp?<5@lXQZy?S6p8YLom%7v|YF;eTws+DGojiN>b#z(GxErqR zckKDj-jvl`+wTOO@8kybJ2`NVxXW+H_I&41hnwzvXP{@VKHte%5|K;c+IAd=cP_fn z;a>4Hk0;BxD6{)$>7(@$!96G8UA$NA0}zuxTm&QX-t_S$+2I^P)+P;a4S% zbaA-p&UfYo_#ym0_vOR2_0}Jrskh+{_d)ibLP7O5F2E1PB@ro6_RgT}BD5T7Km5f0 zR#dBg#q+530rrMgM5NK(zP-Cs&eYpsd}{8Q>|ca}>TPO(y(KFn(hII_Z#K_g;c#ue z1?Bn00reJJ#q~|Nw%%->AMJ3{<@tIW{PQ!L=LGJ#qp1nHHhu7lYd;EN1^ZZ^8H(j1z z@7b&KeBP(zA-FbQ90cz;)XCvq%>F=h9Wwpow8uoIwBj7%=L{L?*{k!stm8ZiuJwb> zn+b=TE^kf?@Pm{_WWMr)&6`g++;n+!i}Hibnj3^P%9Qq$I}T}X{TZ2Z0>{i|-dk;+cNL~m?7d{>)4W&N zt^)~u%ldV=xgNI*WiLj99qy~_zlqkPwW$BwB3*e8z2Rm5<*$cX>iMB?6aIy3+wqzU zYRJfSb>uI~YJ0!u_!eZghc;%)O!fW?!#11A^S0jdzK=-kUcaC0GQF-WluXIoJ(as~ zO_tQ*nA!Gk6YK{)4^s+v1YB$H?vynvlW#^1xxcZ$>t2k<(V=MZF3iOsV{h}Xlb?qBruTl+#NS-syswtz zdG_|AOaeWEw7r|y---@w6q0>W?RJ^G8!%~SY-n;_agW_H_Lg5aDh==V`^jGWF#m=|BW%S7z+6w2yF zWh7jC{_rhj{zXljq;hv3TvKl4SRs043hyPDE0Q}S$(`cW+p>O)3%q_Or$JO+QQWsE z_c5x!Zz}g`_FqM%Xbs9)B~sWlQ%V>Yw*9JBxgRvQc=xFMsJP9VQa|Vtr2SCJ{*S2P ze*DeTc9E^K8E+OP?T!7BY;T%duxC_Sj`RI6u3MIzNZDMZxzjj47xm@1c}}G6C);{) zb~%-A`^mh$qH=-a9!UFs@ZK!Rceq}7mw#+)y`1iM^5H%QH^(bzu4k?PGE2_6JNP<| z`L!whPAhD4*AwXRPyyUO;ZE?lgRyfYTIARp-9IGHqg@W5??C;VWlPsTYss2hd2Zr{ zWW6ojFH>Id;-TQcs06IUikww13CvWXcU3GuvoBO}l8}y(iwZHM5y^G1;@P z;Gn21RNMphWepSM#yi{`-mU%qumxi4&o8+1KO=VNIRl^Jkz%PsM_uWpB1uVF<$ z==DbVaOFYY-udvBqxB9q)Qs^aYKcxbJ2h{{ygWZjoj>Fs5|u7+!=Aly%H4S&F@C+{^HApAkminM|7se;L+D;K zC6D&;Hhs@08PeHn$0zIlw{KKlSN1+mnVINSq`9px%93|DX10}lPHpbLKQKNx$*dFLg0S4ZU~#XXra=b}MKbN}~44S9iM z#i$+sZ^-#hpH4|`?dy|ye#rksR+oE<`%nf&<#)yXigKG#-8QM*6WBi+^+XFuHZh)i zVCE4`zL>%_6XW9sm-_83F*qv6J>>hrTsOUzvezSR@8cZ5m1AamdcH{Mp8oS;Y`tl& z42jCkihCzz??n?G?j4+)zR0mf=ry#J^HkHP8D_rcU+srtxNpL(?fJ#@>&q#(3Tb=2 zAD4faem$pAMSJh#r?%fIg`4qkMedqPa^>2n#NdWKgVw_P4mHe4wfEC!>&sw{jX}4e zfm{z*gG`(a42XyD(5T#|xNlIV1bvOPANDz%J_j9%%<~3~e+x0j#6y#MemvMXE4)4` z?4c6 z0C#XDxnZ~~l^;wz42Aia!?p2{c|^r{C<%y%*zl+{p6L76#>3H+*Y%bz9>xX4L-9>f zxlnO!JPdHSI~xzNo1^l$;@Wr^;&9W&!-Rl%kVI6zhU><|T@H6=;~@<9ph*?E_f(P_ zgWC@-O|pEuAKv5WeTUob$dJU**{I0}yc10I4{dL#m@o22L}i-d+IYB&@;e$2_3Bsb zAIffx%Fl{xigHm!%Ge~UH>pL zARfY_qjHzx+IU#+aCbHy3gIqSTpJHRINWscP#h2sd3Q#oQDMb+$UZ97zdIWb3Ao(@ zxV09g6Fb zF0|u|vIm*pQCu4jCsAH=cQzjKCq!kc;@Wt~b-3x`VQWA<Bs zgnm+SFQiOAGz95-D`fu#Gz-n_m6eh&@@`C?r>4Zi#HjqCxHcZ%bGSPl50j!2dCK>L zjfd3^H(fl0`X#SnXg}mkj>@fY-FW!k;qG)iz+Di){i%}Ne7KoU`+oQp-an|uajEsT zFZ(&@cyyfk*@evadFzUsdw$UKTxE|&rGw(yd5u#{S-$*I=1tjZ*>P;pyv9N=9<+Z$ zk2621xX;3yjY=GDR)>)6j#{Aoke=7*)1YD=N<6_lxZ>J4JCU;5-kpsznG%)SQ+@y1 zI6Kqfri-)o0dZCgw+mc1&iXpsaxZ)T?8vyK6z-h?+{-G-l_#UJMET(gcq7mZhufed z=OieC+M(Ll(C^G)uKEh{(1wcrPT|w!H!gODz3(`LGPj|hk*>GQDAy2CH*`8`@)UD^ zUnIHt1*> z`K_=h%6oKtu8oH-@l`KaB?{L$_*{Fax%bi1>hil_( zEW8I%p~HQF{RQY<)bLuag&ZhSuut;5Z=&Z19S^y4nKx40Rh0V@Z9&=(dv{{(4mutk zgEY7E^5i-m%`KQ0mBXj|{_RPb{^%B@xzpJ%Myt?!$jqOa^IsDW6Fjbths5hq8LGHH zQYJBZSNW4q&0T&~mSmoojNd`5d)VG}k?{Pe%vanxlx>LiLz;W=plmssW1Y}({9j)e znHUfcQXG|k;-MJs>2Pg4oIQeT`!M@E+%5BJNIu8R_V#Ys zDgBOZ$GYBf-e7%+;+lTvxiJmodWXBS{Z0Yg62-j*UIBXA;Vy2SDL-=TH*^x$U3EXX zF(A&07cky@!N1OX(f;%$#KRsZrPkY(M`p@C95dTQ)^TaB^@F*NZu3Rnn^EZuw?%mg z`aa5bn^jj1bGZBS-iM<-uIV2}wid}gK6#zYa>sDd)N*qdvTg-#*yA2g+0)P&4z~yU zmmsrU!{^2!tY0S|_gL?*-_iX};w`Sf!L{*lJ!M9ryO56G4<$>U;Mi+4++ZMgYI{@&$Is)GTR@2)Rry< zBGblfJ0BOk6O~gHx0JF!qS~EP{ct4vr=sr2Uf;C+Z~GO=eqHy!MN6ZySaD7Nd-R8O z+lrU^uOzdi>!0FJKO&j!>#vH zs=XUv{^W3tz0a3nld zIf~=veFr*kw($I*`?FHGBNVp-QqrVMhpx3E9P<37k|VGi$}Xp`En&sm-EU%y_uA}U*yy^F`ymew6>$z+H7{@84J z*5kT<2(q_eWmJxu>HGI3$}T`l9PSNwX2~}k`xpI&)*j~D+mN*!hOPZju!{3ZxJl1( zum7ps?}%C>U2kWw-xFPqPI#ZS@NIc#lIMpGUcKq{XL%n+WiVXZE=<4P75@%#xI5dg z7s35WaZSHI9A<&TP1mn?@cf|LThZ#MH76t&kvd_Ygn(*#;>ul~hgYo$`xQ5@MLsmJL z)0gr%uyLlj1#k!9hp=amdEagA>+4ANX{qtx{kZ(&8P+=(d(&~t;Jyks*DF{DUSrhE z;dbEO;Nv-V3Nq(?*^B`!cc|xwgTk3IE+YvFf6V-(;&!FnSae{QRC^<5Fm^?cpnFi; zgEOUJt7Lm9_14q&Y|OaMJI5&fGAhTv;@jKqOmZW-9O-s3hy9PxR^JH?%jnjXm!9l)D0rbhyv4KL;&CZ=o{A z#(DcE+r=<%z2_$_{PT7BHY&Tm>T|!M%w}}dS*i6lh5eV%J7@vQp`WzRX;}Pqa{f$n zb2dd~GF+R7_B@+BgbqWx-lmpi$;li$1DW&GPRb93o*y=nhq`&+JLmhTdQANxaS-7M5m*n*NC(qn)Jg`;?l&#ybnbdn?h_wKSt%yS-v0cqs(JyD$?9l z?Ei?iqK6r?%>W$evGrC~7L{w@T6?p)a(@sy8fory_DfLhZp`=b z+2q3vnOMJu6tZr6mRE06xDREZXK(0Nu5ZHSPnB=`P_8*T8fosO>|cv+LA@GhmycV_ z{nBO~-db!5tRBUAYt7wE^7F?@^fx*S5EB;Qfs1oSW+3 zT=sjRLFjUnIDmY_{HO76*HH3$KuLX(@t(tSw?yS{xM6Sq2%aM_fpU)`U2kT5F`r{A z(L2bTPug|GW4wM+pYN2xJzwISIv!4ar7FP!6Ma9{hIdAj5hwWd7yWW!5uMFqtQ!=G3KTF5U zhnM>g>$be_YizT2wdOnN`muJK&mC#6d2l<=^XtcQKip2<-Cq6V!+j90?YEA=&XdvE zj=i_De=nMXmR(Y-yr0dcQ#HPv>BYak4?rX)?&73*5-xM z%$S@C*T%o`Z_}sh$%~crZyDSI#WmxTwO7`Y<5#7g*X->0B$gGEj}+J18%=Xx(~iVh zF5D)sSM%VPB?9GQeO>sYdJwy7zyu#r=keMaJIW`LI@)Z5a z0e=78nEu7Yh3;R<;Qj{Jwu^fxSA=FE9cO>CU-P_>v_S`>_H#Ig`8%UL-?Z|$I(|!Q z#^i|kKKE$KoP)X}%^lBvF*4g~KBq0@yz#Bn_|@F-E-}f6YvVVM_+3Z2FOcT`=Uo0{ zo<9}TpJiwG?II8EE6Uy<;QfR4JU^9tJ^KY{26_f{c#!L(wBz#Yqq`;ZuI?Wa_3BN{m!!!=tG&SHCz6!F*&x_pGQBEGUuVo zkmgQi|7G+u+K7r4aef!glmzQuHhbrHFLQop`-hy}V=@e`&AS;F^2`O)3Tf^w>=&R% z(Xf5$NZYQAEjuOaZH+fhJM<8rD|^OdHe6e8FH&v+`VDFBeHXEI2dzV^QIDA!GOl%| z^yhpuXI%39S;ue5-Z7CkeC}SouodMZ&263+l05VTdITBn%$E4!+AK-@nXEU>Ee^-z z6u8z8rr&vtKJuv3vQxO_mErwk+A)vSt#BVHzLL z)N^IHWpMXdP|*(`KUJerT-iS+d5XJwWDQw~4?cJN(Cv|I*}!$O@6qh0yoa}uKYx+^ zO>(|L`?nD86N+o=?ebCEz7KXqv*2-r<`%*IHh{ZgJ9%?^@lXu6-J8CD&AihLzUvmp z4>}&qx|i*7OW_VvTg}xuGz1utQ+nygnaL)+f z%EgsyZ(+C-6gL}QeH3!I=l02xi;>yhZJQdu_8d*eSs~nY0o;a_E}1M*WL=?hTpE}-~B4dEri=QfZME+ z+#i2vb~kTT@%1*{65*$($&_6H)f4dK(Q*R#(@uzu9*O-l}mNvYxvqs#>KDAM(_hW+2s zUYD?*0S%nQHG-#-?FR3dH?)2vYaw*r3a^d8kk|X&2UTBbG z&pP&hM>&0%dqV?PWyt0RHKgdcENQVaxsFGF&w?Xj@+4g2@rkGtWzIq8BKPYN3ywobWe%;tNIVZ=Y z)-vCon*9ErsBvn!nlY|>wC31G3^(hLi@C05>%!O(?##R?98+U6(J}mPXLKgg^?C{W z*PxLn)shbxsCD9+*BIj2u=?YFE@z8b*J0;*L&zS65;>X{){Qj-z4y3>L682XivrUZDl7Y{$UVEzFADHjG zXrA966rCTF6W}IGhZx0|LnrO7Y?`F0p36N zEz1n-|1~!U?k+5_uzs+4rG>+_dBt4QbMwk9ug)~L0PfjvZM?RFcOvTJaDRTjt~|-H zS?H2$SOe3Z*lLrkw-&>a_y4scUTr^KdQnX7RopNCqCcSQM-KO>rI~VJJlXDyf6epU zUH@usUN7eV6nFTA+44EeO#$4DtH{~Na_xGcDc*U8=9a?UXNB*Feg|d9-jr>QbUYN( zZs!col6D+7_XQYx?Rmyh&%c_R$csr&#f?)g7Y%T@y$-D@4|41&^z`{W-@iG1f)~Fz zTa$gX=9XR@lLr*n`u7coyVL&d&2=ca{OR(|#_tk`>;1U=!;J465}4-PFxk?Q|JLp2 z$3uSam^5DLj0<^f8gg|%PrzuPS@Lx zaG&|mkKYow7s9pn9*-^OU~BJf*n1Pl;~(yl5)VrQ`m^w*oG&P@wfF9AaE;wN;)fi# z>lJsxk_@>Q<^+dZIw4b@=4VfF+~gr0zncU4$pW|yTKfIYnn{^5ow7v^_iK)yaCOac zH_zs0tH{T0J2ux3Z61>TF*)Qzzg@gendOFgb!vO-%YFilL3f}niW~kbdEM**Rc~dN z#iadezuuNmW*usKO)B><_S+5O8PVvT(`!nTl^L=oUQ$yIlxV?E_&s&sTiZpi( z`(L9U&`mcm{%h{%%_g274A;hQ$qk&ZEAFq9`v=vzE|t44`>oJX=x)Zh<~+5}VM%)j zdiAEcg*V3Jb;XTQ?o4zM()NyEe>|Fu%zH%)cj1vqZcc!`dBbD!yW*PucRFQXM4Ib0 zbD7I=)BoyzvQq#zA8yN!{dzO~LosC+Z-X23{_-9H+yc0lC~k)~+42F*&mHdX?AIL1 zH9*udE4ALn1^74TrkFgWxTkZUNn^@3N7@fZvEK=uhTP}q4h*n2=Vs2M6xaIqT!)*^ zzli{D3~mjsiP-jL{d>_ixIz9M7r@Pf8&zEE-^(0sI{(fK@UJ9da;@T8{|HIr2 zz+Sl}CNC(i_3zydH=Tdy1#m-f*DJ2|@Az$SgZx_(z|DcX-&()ktbZSKxas`6KES^v zaJwt6_3z6LH=Tdi2iRLOg7aU+wf=qE;imKNmH=)k+_x0h`uF{9aD)6?@A70G(*2~| z8k2t&*ZTJphnvp7^}b8yW6dpu+wN1p-mHIrbhzpK8xF9yaAZubQe5lbjO$bTopklD}ecTb0#&cAH~{F{GUOd5Sw(Z7c{+;slEAi&=I z+hcN;;#&V6=Wx^cH$Q-zfP07H8vmXEv-38%LGP;`8Ne-s`=;Vr|8{k_>HK>^fPZ6m z#AK`D+W777aMSsBLV&%oQ877sonLR(zc)DCbpD+dz|Dnwh2mQOj@Sk_$iKw_+)&cCYy>~-JTH*A}`HGmtsD<*d}!H_qh7{UTbHRkW6Db-1-}WIi96&3%r78M~P6 zK7MA$7vZtAx6hMYb1kkZW!s`oNZUJ@{YTI&RD{+t-poFmXAebqXDIgO^UIoBS`d?= zaP4NUJGPykC5tJ`pDB-row@E9yEi8D;o0-krEoq)jfbV$nLC`ZAZm0|NE)D4JR@oS z1GQz#vDs2~S90FL+&5+C9dahcq~;gCUwcsIQgkKK-~Z;zvL(T>yU+>DYntcy*!j*b zUVWu}f4Ijhu6fSEeUyF3;hN_L{Me^~{BU}M3eP#n3*hEXj>*l6Yx>7;4iKq%Rr>Wo zdR=WY3R2@B5AFiEHf~p*!8{hWKI_<9%>Mgm4Vrd2YqlHt^Dl!vd-d~5!jIA(6!%NY zZ9#t_?caTFW?Y3jqDEISM{+LX*KXX0w1Iao1#rs>8CQJi&zo64bf&!K+W0e{W}MlO zFX+zKA2Gpi5As+{t`FdLsU$Z9cc$W+{PQ;LH#ZG8v^Q;hci+FZ-n6|raDRns=fBT| zXX@<|hx-KUH3xCbY-7jPkoHad__f?W)%ArkxH;=9a)(utTl9ELu7r!r%eOJ`#-j-i z_i6SQAhXS8Zm#Ub4Cxe4&O2Cp&HIKpT)q`O!8{+_QOR9-kFuYl-;s`oM-t4RptEja z9tur3i1!#hlf3U>pm)9LTev+vPDxQrhJ5As4<^peDXJ@GeX-fRycW1V=v%tKQpzu( ze7O9#Mf&nL^U)xr?KAn%i}i!?tIb~paQFDyxAzfvPoe1!cRu?+ zy;D<`@!9Es)bp8%UjL%~8+#=tm%_F7=3&bRlwIp^t-arJ+}wwx?Je@S+TH}*xr%G! z=_ksYZF})lK>6J^`t`niZl?T7*{zOUd)>-2j8Po5M?FUHzAE}^k@0&M^b_v(E%R4CdAbQ&29zBxx zgP|#CBC2;R_d4#ITz@q+pk3y?9+Q9ICcP%|3T56!A0ln7vg>O3R=jhNh^ zxUW&BA?Gs-`PAHQ1llr>Yu@wTCG59X8~^(JMHX=1mEx|Ztm#iTINaaZuXB6S-iCb6 zqYZ4ij_Vtay|!J+o7~q1H^+QIwtXnm5*?1Ty_d3o19}AAk2V#E#JCQT&-$uOo`2u} z(0?yy(OWS&k^r&iagS5xRWt`_?ke`bMrOOQtfmyjSs(G}w(U*49h1R|`wwOJxPvu) zNOR9(KM!4j4&fflsWIyBa4COo;(9O6jDM{k!b`Ys5Uy<(BPe$-nuavD_9)^EwL(Wc zTeEzfY^Sct>n4elE8f>8?=pT?T-y(vLwU_DcYybgIe*dZ&Bnuh{M_0bf_ut$zP@|Lv!kY9`xCcI+AA;^vz@7j3p%CsqoBaNv5w`4)4n&$8WB(Fl zwgG&OY|8q{D^t%i%s9;U58;(D=>gYngD5isjYcMW+x2|2Z)hM7bL>fEu20(ad@?Yj zyl63;M-<1r7jPQC`vSrRmXm4UH)z)%=d6m!XOy$?Xv@7qIsLtCIrGQN`NVep1$Y1N z{XA;9uWg4L#&z!b^dstgI`lzI`oOjJetSfQEQI;C!~L3j+yCKbW;=oQxIKGw;XbXn z*4||fcW3=j4EI~O1?85I^WlAkes#D5?&SOwm7$GjWOv5F&(x5O^n2mIld=9}$4q%S z`IV&TvzQ$CgC95651DtR*0=S8t?x3*^;6}B>_&T~Ons-^x$U!LPmbAgv32-|a@Oxn z_*pB|7wI^uF^2np(Xps4YDJ)jOOwxoo#ZC1Cd@Ru>!2siBc=Vr>>gJvPkZFe`% zyhXiGXeIAaVEjL3OtM|g^X{Y8aT43WdW9c-d+(#%bX0;gx9eE?Z!{b|IH|rg<{E1I zK}l}g-IMDTw7sEkVsg3SK1;dzXd}|xlkQUaalzo8*>x*LzdA-^JuP z#T`$%BD4}|?&$^0Nui&sCOrQ>Ntu_?Yo;v6>^$0E?60?a2jUfIGHJypsej)zKD#qUhl-2!>8-Fp%^`V@NqdxrpAXI>~ zJwFxKk#!u~gig(5&V@F-IFj_=P;VW*_Fw5{?&F0UE;o*6X57cKiO^9clac1$!?S`1aBL_t^N{@y;C`8XlYZzDaDH64B_?@_J2uYxXv$7@ zxbNs0~v=KK+pN8u(s|E{3i7wBh)d+a#YbfX8+Jt+5I-dBHV zGLAz3B>OQFM{j$fQ}z$*B;nf4_G8abHeDR${L4DBpMC$uYc`M>lqp8qe`cO-1IKAsNjicioZn`*H7+`Nsc3gVGO?dw83-2m)oy%oE^FhwJk?D`*Rn|@M%s|r*bqMH> zitEH>JY2ikINFEu>EcLsiOXurg}s8!`28c$SxEb@=b{?&496Ct4!lFa)OUN@xv{7D z9?3kR>pQ0&{@d*P?`z6sPGHSF(%fF`UyiOrC9_iFQ~pi17hT`Q_2Y8B;@bKi>u}T6 z_r!quPV5?&Ns9X-ysuFEhf?h=V}C2!`(f$^nS8nC748YykRi42PR@s?*t=U?*1=79 z{vAx2o6zk@`(Y9LH6CH@6xsuo*Eh+=_%~P8x9vBiQCyn*TCu*HQ8rzD$0*lJm9ytR zhdSll^Pd9BJx)2Bw~plZk4Kjv{XIkvWXTjca`3kO$zaJ>~H`;4r zD)(acuRtSEhr{ZWpZ^prOFmC$sK?duSF%rBTKwkQ`zYn6p_h=h*F1;(1CHhME)chW z>=V#GCYr=$fa2Qt`^@2{i@${d@fX`SF3&4&=A@A9i`pV>Z`0fA%MBd61N}O_M!A1C zN0aSvW`KW-o5tlQxC|l6x5p_r4ZVsqcOCn?PY%hUs2LheUlTq&IbXENvv>2+nR0PP zl2f)n{{7weZ#&9#M>inN{h9rLP=iM~$DGV_X%6t8(=*ZQH*|Z6HIGYQ#qB`3b5K8| zxzDoyGAc$3JEZm-WdVLDJdpT>YscHGDR)32b2~_L3m@aW6TOAzBeR~+o^Rxzmu%mc z(>(3`KwitZtWfq&=lWCRan31_=9=qLAE4eGcju#rdU2-b9ZKNtwZ-?Z};Ehi^a25{_VbS=`{#ol?i=7tZ8OQGVv%e9utl$(w;H+NjNEa2D@ez79BF%>SXWO5aO`fBKn1*CqOe_(JJEZuqn<}CJUlM_6n73~-bNdc=DyjN@%>Zy z9UX%-x5cF7d4=Yd91)i%71!E3h_afS&fb{;TxlDZFW}}RyEmB*Zyx&8;TEr{D|5MN5y5ozbg870A+X7-lZN_`=O{^T=Eq65qQs{ zw;b+n7iY?M9QzmjhV=7`8?Q?C?|S~Q@M!u;#SKs8d!nvL+dGNP^)^1~1}QowE*s$5^M|_6kmJ!|NOR42%U)ygyL4x4dKH(sHYR z{xE_vccW*K=9>34Ea%u)Xsyv6{&nD49@o5I!uIR2#R)az|YKP<{P)iErz>VagTu4U|p8P9qtorvgCA* zna$))lP~P}HOSta4smJrkM9TbKBBIa@8xjK`-raQ*bT_#b_mE9g>bJ{+&SIq%WagM z;Ba4Ie+l{sl_2ehRz!}mS;udvV_b?A*Tk8rx9vR-N^^t!5Qe+Qzka^hge@7*F`hv> zerK}(F4~AnkK|C(sD6X}43}tuJ-t0Xq+M75& zE^X)?Y`$0o?|t;M!)^UMYj99cbOti{VquS@ABK5coiB<`h|3VTu78J7c1P{q9AIx@ zr?|{l+*jbefz~)&d4YC_nxX$8oiF-hfvG>8FY-=|%Ptwdy~k4K6x0W4d!J-~CR&aj z=OHI1Uvzjp>4$-P`Tn)}BIo3|bcbvE-+lSP&y=lGl*&Df{SGJ>os4w5=-QJ4e zPJtWt;_gz)T!}^_ZSTwMFGOq5`zR$}cwC(?@;WolQudm5{0rs&M4IdUS;?MJF<lUWI?56!t0Qb1e+W(zT8hd|Zj;Stona!@7 zuxqeqj`QFMdTfP(P?zUx@n;$JtkN=9`E{B`6LgWVu{fk{8?9$v?hh$0< z&sO*R*>ZQ;#n0!VQ{pm+?`zvtGs?C`9UZQDo<=v0U4-_cagSjgj?Fh^Uf$KuQ7VKx zPjSuj6t1A`V269~@vKK`Tc`XP>E=FG-LA5)NcvWDTbMeYcvf7n?+6vN%ES4HmamE@Mdy(F(9 z_s&XkOW~e+aYgRfN^;BK{(NOc?tPWy%4u;qA-^K`fl6{iaLWR?e;%9uxu^QP#^yI2 zXJNSa+*Hxt)y%Ewyt%V+mIL>zn=5i3uB0DgaK|MoatBqipUj2(+pQJ3E1#=hDL>@F z-ShT}+y-B;HVvoRbp$)>-+Z`t+)hI@EcML(R$y8ZwcJm`&YEL#WQs) z#Vv)~s-4fZVEvG& zohj|lY9OCG_MUTpt^c0WYVIcsvRBW~7r}j1aleDtn}-el=5TAj$a-01wlJUOeRB5w z@YWBSn|DTB{(#FcynH)^GDo6gk&fSd_U}MbQ6b9PGgD?=lDsb8*c-R>z=`($j>K7U zIVQXIf8*;HC^H)^MVfo@OI*)IlhFfc;prk>y?ON7A0+1)^m8|hy2WKMT)WMn%v|)` z%+z(FV_#uh_bT%N$bA2CTQj6!VQuO3IfFsAf_}_z!?C3C*#34)5gsM;pM86Z)S7e^ z&kZuc!M140_Sf^urQ~(Ry`g!g+&Xku=`+j!-iEvShAg>{pT%-&ls`{S_lvDOf9i31 z0`Ac@e0wK&e)=i2aYy zdKBxKkUa%b9_OY! zfBfE&`dP-c=;cUrPvv+wWVQ?V)Z=X14)pw05!^^MaAO1FG7PSbv%#zz4~nxRU(1wR z_?g*uB+iQ9zFZC5@IdCTs)1Vow@t08_k&y!m&>Ywn-BM?YT%Z_{Yr8BaBo^`V*e_ zCg66f25uSLan-=hyE-l(R0FpJZi8K_-oLSH;?kuWxJ7X9ss?U&P+Z=s25te|%(_+Y zUl|;ixZ=*?ye2|lcB0dtne&}5&^O3DKUe4ZVFCSF0`83g+%7x8EePPs5a#LO+Vh=m z@Oq=m9PTyj--1RV_xY|Fq4^GX&v~p5 zy`JZFbKD&dP2roFv5OuT7Qk)Q!1u4UceTS!XK!hMy`f>OKY(ld$%k0Cad=IU(;oH5 zSqxQboyDqcE`?hF*ZTJyhJHrpBFi=YEqAQhqx^ZeVz|5Q=G(hwIPXIskDGC=D!)0fPbek(uN6j0R`=Kj-xSNA)5!%T1{7?#a-`#ybEXRl2 znkV?m^RGKDG`=vKj^Er7`EcK?25u?bP@}5%L+)tS$5jKj81D3H;O5*Jmp`k4TL|}r##Qg%&|PsETMgU< z+)t{3TL$;wy{q02d1K;|Uk%(6xO1z48@oF$wf@8xvg zQ&Mt>KW-_4dr*_A=f>_Ozf}Xb1nxW4z|Fgl`#|=sdOwuG?OP4p#Qkx3t{S+ZadG*z z8n}gU<4vpHzd7T{Z`HsphWkY|aC0BvI`4i}?}t*j*H!~J|3S_ttAQ&MSf3oOdOsAv zJ-ZsX;fLZfu^PBVaKEbtZtUT>9Jznh`?mz{@M_@ZJwlvS1Gfxr-2;Cy!L1A2aR0B8mSX`cfTh-^2C2+s125#QtaXIQhe}4T5 zeD^H+oBOHt{Q8`qYRK~(H`}XxZf{;WZwhe+*Uqnh$QrZpoFBh}EZ5Xqw>Nlig17$6 zy*{6uRZg8(E`|Gw;#Sr5?%XHi^0(re>sdke+Ur@y4?ALS3Eb#G{(ZW|`0n>f+Vy3_TEX`T^4}*M z|7KZt=ZD|Lsj+LIWNTJOvSA#KNP}!tQxqX zqPTpmxK-tc0=S1C>if5<;!I{Rey9d+KHPVzfm;f}KCJ5f8=A?yP&IH9aMx4=w+!yVt*hP-c`x(40mc25_jc?_er$ql9x~@8 zW?fYn9gOTc4|~4TrH0M9uU_wxm=%|Bj_-%6s<$$@{S~*W z#wGc)<1#~WtE%2g;r>w#+}t^FIq`6R{Ii&P2^wGAb$fmJfS;MojL(_`j92viS0!-A zRRcG7F3;VCn>@4SHS)wz(0Sj^-hWjL_uwOZuI+cuaN;*zzcVnP-^rcF^TpuWb%EwR zBd&jOX{`ygiz~eGy89kUJ08^c&6U8N1=o&SKWSKBx?}4_j=kpkW%s{!kxMy#j58ie zc=qag%X^LU)FUf$uiOdlxBzY$+%pvSI(V)hOus&o<7-Y&&NuByoaMhxoGEUT8?!2m zhYYtB$7j8sTgLIfJnoLnTNJ|Gx2^Brs*G}qv$E5^Zf11W4*w!hkIt0 z-?w4%MVGxqdaUQ2L;>xs3~tM#d_PoGz2z_9xsh;fd#kE?3%|+vZ#CFk2>0h|us3%h z_bs>c{aa;m1~;L&HXdHtiFlY75D)op#bpUx+yBmo7nCoSa$MgRo*j_ibpKllx9-ut zAF3+O@)pJAbhtU?nU?pjVwXFAX8N;lIKCN~?Z`egrHp4R*z;eTFU<1??Q>6a-j2)N zaKq&#ME;^|P&=+Yk9RkyJRjr-{d~M4xT~tc4>^mOH)>z??X48<1#oRY*_``H_TW1= zLAu|GbNnUpaSM*S;LnY&`&zt!ztT-8{AF--0UAJKF?a-;XWzFt*Z8xfZOgE z-w)=w20`&)=H<Gsb&%dIe0vMw9&nr=XH|6{ zMCg6SZ*Z-D58=B8`QbF4!(iiKTh~QiV_0MR$pW~~!L@#x2Bhxfk(uK287V@oHVlGmjT>%xsFt!-NyG_;k(-yDaePVTnoS!sT@;5Tir?~YgXShxH)b{4Ee;hg< zx!ihJCFdnIx9A(ze?{%th{)-b>yAD|rWf%1klpf4-am$JMdtZOV_waWQs#rYG)i8J zi~SUrk#KCk<>p7j`9Ipu2hNJ={o~Kx{n!6Cq7bblrLdAzD%;+B`$Je2LRdF&M1?R#FYk8!4Z-uujRo^$5R znVB=@JeKVFF#`9q{{c658{e79b?x=`v)0~ZpT91HdnH`kt^!L~_ZsbwY&{u2v?1RC z9gn>8kl9W>%~9(gmHf)Q9^8B1w_yLeaw#(Dos0OM^9fbQ<(*l7>U@V& zw7rL<_So~>g5S6=sJN$M?-hiZdHz7#+lBR|!pNldqj^ucOMH9te`ovw*GBA*Ljw}V z2Lp{iU|fQ8Ntv_yrAddOoG?hUht&05x0>71|DAVB;C`pLC*9IehQb`_;hOL9UeCT; zkeMgb>tVNZ#?P9Y{RhwC+ ze6g5vrmOJsG|To^hE)#dQ^he$l9_dVKWE)L?ML%BZ8HD9JDwfCRKRT+bo(IQJGc)D*Vg;7ZRs0vU=C&Vad#pgMCMx5e#=)M zcg~+&FDj0WpT3mQ_9YuXMQ~e$T>H+3cM%%l;hOJGJa}P>T*rR1uAuhk1fTe+fIC`o z@1UHCpQ&th{M^HNZ6^D?@zdKAKly*Lj+)}lp^WkA%WSnDZ9HoGv>!|1G!DDRYvX4T z9PLLNJ7$|m{6ydmft&3VwDI$nhZ`?`X8OcW@!vgUk+L^*P)hWfwXZzK-Snx3@*Vqj z7e84$d0wZdd)zjDe(~6sZ2T0!y-;y&{QTqL#*3eoKJilqw^VU${4{(wvG^I}iJzQ* zSof!wd;B(j4uqFX{1n4EMR9EW{F@(Jf8F-uP8dWtiNsF{-05(=@pCBl>9~v+Kihrc zr|{n%vR&D0`=1`3@pF~OkJa@*1#pHdj*Xw|J;$4D{1n1{5w16W zZt`&B#ZSobqdtG-rsPT5iSBXR_<7WG+||WTDVza{W8>#3kA2C;j|B4MVa2uaGvC9F z7e6C>;-?Vq2F11UvlMP3@iWmAKV|TaKFRf?jh|0FeylEja#HhToZ{H{`OmIi~fBoY*?&{88#c(cC92-CBODp$}$;MAP+*cIW z#?Rg!ZoK$e=o3Hr>3LH3WcRpj{2U55k@%VBiJwwaM_FCZYksLE z2eWT?^;`~T|9Aoke=QC3#ws4t3D51l$9s9D6Z|V=fO>+zb>ZyDplV0*9$y$#p|yJ`SjPh zjq;?$neOp6`YzUAuZFAp>*dS?f5pDt_1C3vMk$W1=S?2_q6h2zCy{zChx>{T_m>)S zv-YAL4Rnv&+WSWhxw&vp_2KTSA-53j3?FXh@|v9wOW^+K!);hYZW-L}XI1rYlNxem z?>w2TxVHam9*3Jq|CbGSt>W5vI4lk~k@(Grd-&N^{cuzbxkYfVQQYI;<)M>3+)K!h zLzB?;NS_B<`t(z|jq_xg;@bZ2KFaEGSG@kOlMh$+$&-E0as6QXzsKMv(*I>qez+=c z`@bhWcE#)eCRS9vE{VWhq`0>KdmC;t{a?<$d6G5AJw6*hD?Iik+y5279i_OooRe4*_DJv?+U%Yyr z>r>AqP4nbg#kKX^9Bwl8oV8z`{Hr*&o)7cbmux-f!tHyW>o?o49TkV0NWWG9ce)Sv zxEgYc;Qr{tJ)wr&61bgtkJ`@LSpW8l!%d_gE`xiA5BJm>a%KNK`O=4bW(~PHaE~c) z{b1wa{5af1;vpaIt%_^?dvP3YBK|Fc`b(K%QS^;;l;@W<7Gu&kQ)q(@_WUs;Q@!7bn@Yt7Zzgi5p zKyhtc?uf%pBrZ$gzM#1Fyeum#pQqxTm#6#GbKyaGvQu$w{511$zZIp7b8# z`q#$K;cyd*AId+Z%G>xk(qmV=_}S?fKXA7wu8p6*aFdFk>^$juk$ZeLeg=5#OFDkw z-sZy{R6}kA?i$6laXBOoH<7q3hkMx2s(u&|hnqaI4_QMlA z+<5))5}$alfZO6?*AKQGP4jT$wWGB@+|m|#a)sjBb~FoaBJC(b`Q@s-ZAZ^|?26Zp zT5hd+9aDHno*X>PJzm?6mcdP?9hJiwt2nkDm3iz-wjE`) zahU`693O6|hTH%6<5N?mrt{<$ueQU@q zHh%Eo4yYlw6z(^QYwK-L9Bv}lN9Aza^1_dux3qp35{H{ey~$BrclmHf)R3DE_ah(f zm>P0(;T|%ksvjoQkXrzEtPgi$4Y@^d7yEE0*N|HRH|t8*4>r!G#Nj3qXJv2;e7MtV z$d#NtDfQvbtRXiC?oJ=>+!}HV;GQ(Ls(NxARq1 z{jjoz-0Y(n&nd1Q$E@;j4Eo;eMjHb{tdT;l>-sjPv1^v}YVM&h>*G$NUR7 zk?V|7%3rL?+i^_b!^FoiOZ>($$K=U8#kJ#@Y`95{W8myk9D9Cg?XgdfV-h*PRKPv+ zYS(X;n^Qw>RtKKj@!@u=AvXtZ`uM8$=GKs#5BD_1wf%MPINU_~>ms!OW_`IZB_p+sUf!v?$tirl{Ms6zR~pU;}-(>}}L4pdy*?hmHCzTS@4?w9#+OFHMtBZ_O={ZVieY4@d+->k|X zL%BS3vd6AV$&W{Op_`F@99a7vz6Nzaj5?BkO$XBLcT^k$c>>p5>#;_QtE{3LkD!SK>!; zZ9O-Dn@BwuQ~q&P-q!P89=qbzb61~w&h5teOmS^J=fF*-o=f3$xWV#S`UqW$hT#kpENL-du{$Ewz#^rS$yW+*=5TCd#$mPDsO|BnpTuz6Z zOk9@1c}Q_=T+Z~^muy^C!2LmSZT!rQ!%ZlDdT@VaqI=vne&%_&@#3eQPd%5zy-jg# z{FHgP@!}`fhg*`DCuNFjB_J$A*5pUHml6XdyN#kKJxA14_< zaONwHjh|X@c6a_tq+hFmn|h0T+%|r);&2m+pAgUSDy}^*HuZ4hofilA)N?u9M-|t` zPX`Y-Ui=L6;g*E+WTWER_{oEtQ2bE-=v!Ss+W6_|u`6Eu%=3$%p3MI$u8p4|aFgnP z;4D=f8$TmF_C*iY`A z`n3r@@gu$Sq}FY&A8cHfc)0Q6ve<_kfjdBPZCpMFH<7q3qx>vY-p1vN9=qbjAo) z9Tmdud57x<%dMy(w;1lDKHMEO-$tSx%A0<+6<#2mVcKu+vwQ9)CI*Iq^ z6xTe@l?C$v5BE6o=6$LDY)?e``gEpG`z(XIL2+%nKhMLB*X|eiaEtqLKk-i254PQp zfSX9WFQNQ6Ro=GyLXTbX+I`xuRjw*tuk@*p(o^!}NyWAG{F;Xwub#_&xP_Uq0QeH5RTCleLd*7LrrD)(#g>bcexRj-@#`{l_Oifik+CEP^nxq$MW?s1RT)^lr* zUGeI9fKNSV_2)dPxVD~q!cC^0i{Ml!jy->!;;~QHb0X)(61aWtb&uO}&!{0c0=LA6 zdtME><#7L2TpO1|J=}P4*~}+?N(SUf{(Y_=Y+T;x;l_*093O7M>5LB**T!Wr+(hEC zkn({ku3a`Rr+Dm&7nc)!;xhY;JULHs?fP*q!qssZZ~Z2-zE3fn1&U+i=QWRg$;M?V z+^qZEG{G3mJtGG6PzJi-n{J?24-90`V zKi_%mOFDkw4)fvuTtjXd+*f_Lzt@l}1$na1BUSzIZwZ5FJ(5w5DIz-00dBfI`+{*XNB z_n2GmwbSd%*m3iSeU zj(@X%UoPS~C{=C+zyAV#i}c?=WDWCys2?(A^E-)j`YuI6#H>jb7gJx4yT@@JzZ-@| zApQ4)YqR86R0d;7hk!(`=6zzy*^=!(dBex-#4f7dVV8( z+D-m=o-0sX^WDAk_%7`b57&Hm?=tqi)~f1vy?6Na6L1fB!nJoSWp6?Ec(~s!&yW)K z%|YgSbHiGQWE~>W?@iYmQ+0l%_!^$?S6uIRhRu4W#t+GUXILiW$$N_XGWNWUK1SNV zr}It6W0o|KP3*s7c}k^u-)1RQzmr`8x7keB55H3`^>fxqMVi}SLaH3dzLv<#&Gzv_ z?zN0Z6!$2~bwz!UANOn@?i8PRD2MyD;@Wt)*u#w%4;_5$ExayI_I}d!gZcj8XqeY} zxaRwVliBwG^2S4NA8z*b_(5^^R6G>JeN%BC$DZfWBBcFmzk~Y;`@Qux&?g>pit?n< zEY}aF-qxd^JX{+OJAJr=eEd)b_X5SW{X^y#mFc#hk_e;-$QY2JT&!ilgo@NnbB!v>#tD2IEE;@Wt)*u#w%4|9F&Exeig zMT$F?e$t#TMtivN&KD6MZuTvCvftCLANEu{6vMqpacw-@;ITJeJe2vwL(Z+N7o@m0 z9;SM@@#0~Xj~~k5{;jw+9-j1YQzg3nsCS{4=h9Z9Kf};l_)H%|7;4z@4MG zwtrac;l}G9cKUEjZeyM7Ij+5XDju?Kr~g%48xLh3d*j7Jy+GCRLn+(^ifiLxqlX(W z9qIGJ{#xHcZL zJluHk(8-6JeJAnotm}t86%WO5&rw_(56wOH#*2sEKJk!qSDwsOTpJG^JluHk(AUQg zWpMw78@q}Z3Bv1-20PsQobLy=`jT-O+J=5WQ`!V%NTW92e8fQ5|Gl&^yqbfU58wA^JnwCo8k_l%m`GB zG>8-K&M_)trvxt++LicGrlkyL4U z7VE3`k6pL;*<11g@1s5M`k{cbg=h@Y+(qQKB9j`g=Q@^;`>yK|>v#RQr7!bbl;Sp{ zOj~p$(%citUw}+{?VD6tFji#k6}z`LdqJKQEAAM|PDGQC=FTO*0-4mNO+8sSRirPn zwwi4v|Gvh2m*Rd!*`Luiq`9rX&5~Zoq`_~Al&s);m2dB!D{pYUS?c#~a8&>^l-2hUOi_^)cT^G=81#a9>}= z1#fJ6Ln3fD!)@(w+vV1kV=0%5G`AP~`>}5*Iv=fSC$gPyq8jcXr(Zv95}#3VxJ41Z zBl3d#UD&Pnq{!uz8;>;i()$B)8~cip`M&vteckVtPIS2DJMX7C_Q_(_lY*P$KbL(A(R?(mnd^sA#}ECV6RGdmD{t`}4%}D-iQNC0$lH`#jB|h;`05|Un!AJi`*){DkIMLApz?$9u}PmrQrvzL zZa28r-qj!1meh?|l7TdLZ}KgWNe9o*kcq@Y!NFDAg^jbw+gu;RweirFvRzO&q`5=M zUye*_avAn^#SczA#H`)5>j1t{J1zPP?w7xlCr`k&^HG=balDC?ztzLtu`pfcXEcnK zGT-&o?ZR^P_jTl5*4&~A!Y2_ zfWAc8$GYupmBVcs6#3HOeI}iMM~c+TCC-i{E`Ere)3g2 zy{)IrcJv3*_I@)UAaysz>}||ew_{_gNxI&$SMq)vT>D+_11Zx9orE;^j-jb?Bl~8c z`%%*yMJ74t&9zSdVEVHXQ;1alexBS5H#?dWd4V$Tqfe3MzPdR}%2ECA`Cbz0JD<7f z=VS3Z(HZxd?tps7IpZkfhyU#TB2R8m+%=ThhJHty+waFL zIS<{6u1B+9O_3=_#Nt54#$ru#%f9A0NX5OEGH;=Gk>*bMiMEDL`kD5Drj!w1m!wM8 zh7`%>IZ6``np^NQarUz7-!CY$6CL$SW$u;aZ$|f{-=}6o&&AW}gAH%Pz8TSN6E*%V z+(!QkH^+&GbLk70QFaB=_Ksoytxi9=?xGB7eIRYXnFlv)ll1u_@+A9Q%rQ=E+vLHXe@JMvS2#()N!2m3uGf zZS*?oJzk{Ns2F$Pr?Kl;?cegWptOI*Z5Mx1ruBBtLr8N!_$^ERLOp)Zl4H?`r$x5R ziE$(MXGZ<2zaN^@Feqc-T6-gu`36-W&CUBGOHM~)(aP`Y$bwghUkS+OpHd{^v^Qh# zSf}49+AApEz>W1NBHtWePj02`?MQRG9g!+i*=N!dZ2i7_W8%S{kMs8qN~;BKzdn~T z2i}t@^F7@6$ge{tZDhN!JAEPFfR9B&?7#YaT-G=!m%`1BmcVC}N!dZ)g0#IClfMx? zg6=o}78aR!QOv)yoqBu!_Y}!;#!@{3#Z)vlj6vDM>7iBX4 z%92(nm7R_s(t42}g>FOk-l3_jK}|BEMN66oWva4oCck_Bp>%nPt+DSU#)+iNkI8RE zP5#c3Iw*Syb=o^1*=h}iffTva!+n7K_YpQPW!!WQ5NjV*5WQcyk$*GEj63yt+a9mBFQ-jVPW>Nn zOW;m{n;o@8WZYw^!W2X_mbAS$uzxZ#sWaPkdsnR=J$}hKJSeOF7xu#4e_`_W?rdC* zy={YX!T*38fjjqqz|C(LlpSzw#O|p$i@-hMjpY4XT|DF;5tJghu^vO@L9Q*1ri(o3 zQMX+XTA96wt$t3NowJ)b)8j2UGAN6cy|aF=?Hj+nis2%Yp655K=mSmrwQbF8+fQ@H zv&C?C{SUa=M+K$FB6l8W|NZOAACGYEWWb=?+w@VHvhb(aIph$2)7vM0bJnQ&1i071 z&5jZ}uOLyr&id8iC- zzT%qs8Z#erGUr3hjRKwjn19z}BirVFV1D$!>qod#;M(!byV&#%+U&8n(S`h-e;6O3 zCdka^=62+{E9Up}o%8x<9OppJVJ78w49ar2k!ViD*jtbvkb`D%uq4M18I!pF^3Erf zG8QSI{J*OFVf@Xm%#|F;7Sw;`dyzjIZQ;7!%+D2UcE?wSlYd-Lx-53ALbE`_>{8JKGr-nAqu* zYK{t@!Wjq0*6X+Y?pIWASLNd#OnxeQ1wD^ua=q4g?{w*nA2+D^23xO^8=CQH*pYB|z==NBV7nBF#+VmvloIOtZ_>{}M&NdQ$MwUL*z*cngtWaY$bXK$K@HD~ z-S1k(9EFLY5+8dby@N6wu5BeBcTATJP3TW^0{?NTrp#8v^k$eQZDs4%j`Vmh(kCcS zD6V%L>GVrUk0T3D49XXdA68<^U)WMR&`2613X!&R8Tnt(-l>hG4qCQ?xLq2nuN}_3&t;QD{&4#H$SFa&Y^lpVoHDuS zRHV6&lYbBWg1$pL=W(ukEyi8NoQJVfbIVQ(${e`aQENr&rP0n-1>^v>n%j^3<>*c{ z5p}v0r(74~E^+!jeV-uGKPcZSdmp0A^Jo#$+^yuZ(i_Q<=up)1WX@5+7`ONJvF8D_ zy%nbi<=|zmA1t>QWfSGj_2Fg@49fX%Z6u6`cQcyo;m#)iI(i>1LAoE@;?w_^!=0k+ zT}zqGsD4IedoLz`3!0CfMZ;dCE}Z)hn|sIRS-%+Oj>ifH1*O}2?s44vW1afXJ(uegxHf*9Q+6f5)@(Jmfc#BpI+}v|5GCF9&D}~qt5zdvj&2LruEbsEaF5||HahL1 z?1G^5RNU^A`-d?_PqvynhWs7qA#~}Y`jxm9e%!%9xzmR`KM8KyRk1NbZiw={@yyHH;H;fwpzlC_Jgt6q~SQzaGNe7+^+At_RfL#I{MnfT~WW0>_QzHG?I2G>$en{`DA+3-rlQY_oKAEay|VH zT(7;uDO(eJ3*f#BH{0>UD0mamY!7#I!$$Hr`Ut&;=B?r#p+nPTShrM}=Gbf6vF#@# zH#3j?K~;NKM^bBKZ}u%g83fn%5C33G{VdLlNc&*|`RCCp^v1;cviY?Xnba>;a(+&c zF-|;~{=wc?&b~b;GZgm^%4IZaBnKkRy@dP}^eTD*^(|%2oM-ft1?2BWv(Po$1JaahrlwcK`khW|V)3B4`NctL`JwBFcPO_CZ9>}KBld12 z1JG6IGPH9pV>e>j*gMIGn|ohSE`n?0%=A0o4@{TH$tjh%PPjxjiCpjG!(GX^&&xf1 ze(d_pj!%>27Qo%5#wFI?$LiF~-a@#KDgT;#AWtn$lPUO6`&Zj*?vYeC{x66769!O;FqmK%A1>nk5W9OdCA>xZIgLHXFn-X0!qvi24{ z7?i+AZvT7cuNiX5gmmfe;TDj;3YqlhIRV+u34KYgSpQ(_ts`?C<`_t#m$aLm871y-mg}0{3bEEhllG8tA?C$(qM)|!zcI~p|zrBf0K7sP( zls`k2{{q{u;a%VLp5ywK&aUC@QDk&JuDa*=vLE5R0yjHWM1FubRQ)x&ML57$b_ zq?1=M*D!>8JwL9l-|Uj0oU6FDehNI?7%}$WM9wQY za34|JA@D9olRexex}EQz2%PuWrO1WOPQ>F8_8iv`*$SyBJ?Oa z?MeDQ#T~;OvT2)@xKA*jxXSgf^+W&D8dl;a>xT-sT|afX1vDEIzY&kU?~=D^Fu$p; z-g0IJS<|H|_rn@;3*jzPT z4BUNt%b69FUT|%Dt9^W`OyD}YDGVJC=6T$f4)+kAG4}JXZf_-UZ-;C9Q`_E-@NkoD zZxwJqR9x%d&K|Cf1+z`0y~$HS*=vn!Z#Q@+qKiD-2g%Pw3()gOw~GNj?X7q=<9fxl z?d=oFYX8P-Z>2u%t@s({hu6CHT0i9WuUUI5fqSju+V-|z)5`WH+uq9IzU#wnUPEs7 zoS-!Ptg0Ul^>CAoha9-4!OeCG-pX_DU7k*pHXiPA0q&zm{V24$`C!_}0% z3B8DPoJ~6*O}4Xd@BKJu@c+})dpBL3`5N7?N1hK#^Uq!X4m-ED3=9P%kMf$kEh|mN z@NXuW`Gji652f6PP+S|oeLY;qZP864?KlVS^Ki4Bg0|lBJ=~=0?S-Ihh3l=i^E}+7 z>+MC_@fWUtZM_ZiaO2h65WjkxM>|$rTW>FWxJlRBe9mu*YwIoI;U-;gaO&=cQ zmw33zjwcIV2}&Qhw%+V`vfRT>c05@QcM@Fh`R!*9H`()B&Vr!4r?`K?%iO<_9E5ax z8$kYiG!9*{SLN%FVLs=f@>iL+`qH)6*4y14uD9N*YsVFEPljv#dmp?f(7PV)5eIOt zL|389(7e7P15S_iXIq@}o9@r#4d&tD+EmDMY34d$I%Un3lXKk^c#iyHWbQ%ipx-H? z+$ZWdSMqP4q6(z_*S;C|3eg4VY-IYuNZXh_lYQD##UjQBU%CD}yhlp3ADlp0%{B9? z^Sbi@4Jna%)%-U(&nWIhc$3jn9`0x4ccKOd5)a5+&#udf**nk2-tq|N8Mrn*nBGv@ zP_7-){+l$qjx6t9_rLky!o@sqPdQtkeOibdOPQ`nA7`*fru6JxUmCVeuhQR7aN2vIWlMr`CLC+u@zmSt%!W~mb(x4#m#&8YuWcTGS6-6aqvu^ zb|>%RPi5}|9|WZHLY~d$St!fJ#LOA&pLRm*{P`H$>g+9pdr-OShwrfGblzj^Qx?0A zZ|5Dq-v@oy%5-_ZYg7+p{0OPMEC+>u9cFIqhZX}RV-uYrHYy!HN+%xdi|Sr(L; z{{wEpd(1;CZWHwX8PCzK&bq#IK%zEnUHVH6L#JL5Xu$ z`fv+Z24&y%u73}pE%~+M%UC0z&M^(5^>%my^_KO1Q2Hyb_c@f6&hsM4KF=J1d#Bz8|^(ne_-vKW*RNEqDB&-+!$5fcZhVw%&$OZpGL-awS_+Z)y9~n6fXR`KS`Nc_Voktw3+0*~^%pM25G{ zIj@-aZ`SdQi%F$xf-)VhwKwo{18MhEs{BD&&27T|R>-6-FQirKCk@*q6KD25Rl!>3 zrIfv?+1&d=#~{tUi2Nkip)DFoZfHOXmj0XrXG!S4^?eJGm-@w%5+3wWc=y)A>&r^Gte7odwt$LYY>o0H>S!E+Bla1vd(!&t9)Bf z{(@(ZeF25msv&cLDE$3rF^#MZpWIhS*ejcK#h?{OCMFj{!CTkq!iz{{3$-h3%F zI({~Gaz0Jy`M|yyQUR|RUP06Xp0&k>E~q;)F1N?skNml4!c1bAbBDIi9CQ93T;C|p z2!4AvDnr_TXS8Z0x$-u|vOLo~^7kj(1&XW0sen8j_=bsOq8|AhG*g>7r^y! z?nVzGZQnxjpP&sWpY=l)EKiBr*9`kiA7Je(&IrkC@TmG|`i0-8wI+6vj+ev8cR?qj zFq+q!`&OsK>LUlHsTchocww!Or2JU*xKE>Ovd3-Wr3_wgc&7g|>2x@Eqd7?1*{luc zZ!{OpLi&8T)_D#>k2i7}gyc@R9F8=@+~t%>JDlgukoM<&>I|pKD%|*b`ohClJgYjJbrsI8jbXE-cJ4zGz+z+z1egAOs7w@$62y}NFGzX7x=xg z>osJL)7Vu;{tL7_yKu2|PkIQK!r=W|F z=IwKIBRLwKhYI!!ND0i|T~ej%ewB|m`i&|7KEWwtnlwywT9Lw*>BaaP7EtPx&|JxR5*pH#=&{p7U=R++X4DY5(SS3Q5nc zd)~hhxKrWoY5(ST4#|4Bd)mJhaNBO%^ZqU95|V4-+Vkz6ir;d$EB^=f<{uxDX20%v zd&}Tn0(VcxLqXS&yb51-`(qm4;c^W zbrS6P?dMMQ%$Q)9ttn?rA&RdfQXuzQQoqFL13NKE1(z zoVtP;l$b)K+!I5x6|U_cHc)2xF}&l6 zGEo8wvL%EW?i-8zfO~_9&WPhsud1n+{ZPc<)(Mx-T*otX?wpX-}3lIaxJaaHYAO9y4(jS^EO(FH2139M)EVdtOxTRs5NULPnweyd@+xBK$;tG-Nkv%HMYK=oO^#r?tz=*_`$5Z7z{R&o=9_(U3al~YDiWo zKMa8P5L)ixULR^CAE5oh_#ZXn9{Ioyf#_No(+XTaw2XC4Qu0_x_WQ^6!)VG(LbZEV zw)Z#kV|vlv&<)5u2Wsb`+U*~kYcTU}_C8d}Qz7XC*QULCHOPk0`i_iVO1b7uOuWo}5${I{0mM=fFQopNT~x?|WH?ih!A zD*2)4aw^eXExn)%$#6S=>~du^sK zFiGFn%bFjOiHf_LvgZBjjUMg+CowmO`k)?Y;ArOh+r-|N8|chuYi{l%$FCG_=-#na)*gpo9@t#{6_tDmFcKx`97w3y# zr(MFaY0B9t@?+0{6kHQq2g0!@(B$e&X@%?@pezi@D9YLX^4{<3%N11aIgDwwe|{aF zD*s@UN$u~detc2^_ffdEy=3%dosy;jX)}O(wJ?l545c%hvcD}d=`ikf6z9f{FBT!O z|LXRVvnV8GaBckcUY9BDDc>1s?$nPm`KT@T==TvlfSB23$M-JC`!2-po*t9u?GAMTHeyA<9_lw0lL{!IQK zwAabZ-46^%-@6%;?#=rl-FUXeFCN|rNvDA8hlxA`^AUaa!Iam22o4HJTlSe`-oszn zQvQ36!}>wbhZn;=A8t;xgh&UIo9IHu1?}p?S z#T`o-vo6COY_+|QkuOCiEoM8ekbZeW<@-*Cdxyi7Wg#h5eu!`#^l}^4Sod(xV4S|b ze(bv5tXEZ?ABy094wn##rnT@E-4~Ee9_}vk4Nl>{9va`Pt~9%gW8Ej#-_LgHP2U&H zTF&)Ws>^LfIkN`j(QLIJUgsRpjeRDW?*jVG-)n9J?g+&VQT8l!u7~>)`47-<=oi%W zW7fqP%Dttwsj|?=-pB_bDS>O_;UCI0JeB99k+s+Klby-;MnlnANY`7L!`1axP!^K+ z;oA0gC1q|!Q<3JrME)(b2HiI&y>h#7&i|Fpryqx82VC1fY#*E>4 z|0*<#>opw@8ytIeyQqMBXqwCY6<%sSYYQQ5Z^!ZmvJd+XLM=~BtHj;m!!7+JB&Wi) zepnp|$f1;N=i%=4Cg)uKZ71@sJ67-NSf8f-kh6;W`EYH$9Sbjv@;%(ayqZDs#9z6-0*2OS*$>E}EnYeI4rTwC7-^keJ4VSe!}7LrYHZ2fx28Mc1SIO96n zkV%O==bQaG1Rb0(YR|dY?nJ++?3aE&L)R zw=3?R@`J47{tR4O|Kq8Lzc~+n&(_qyT~7OH+>hs8kx6%MbYs(=v(1)f<<2vG#eG1y z+0harhg0@w&R3_g)!Zw|Pjt8svNio)Gun|J7nyae|8+R!U-O(urrUlVr_7H$hdzg` zIR!iR2G)?@gzU9+WPM1Eqntg?gSZ#3=l@JObKYpn{*K6`gw_H7HY9`LwvKfHvX#I2 z7fR_Li}QP8{>wO${AuVyRB(Q(^yNC&_-vtb&RE7Zu1WbDL-LQZ(>$lx8ojeJw$6;h zi`~G8mPqV9*8;d5Yq|Z$NbHz^Zbha(EcXTS5wr@uk7nnJw3|u4#&un9r~feLp*7Cm zF8z*v9WFnMrmrdUJ34ScW$v5g|3=+UXU+@dW(1^sDCdJ2=`z!qH~D-=id^MzN`GPe z3)j}yNXqnQeajo!YJ2Y`{|GXvC(jj|{;n1kX`XpA{xwOThsrBLl3v^8&ZO*X=p&@L zN1s7Gq1({B0~+wH8lIP|oi4eIf7j7BdATLOh2$i-_Wbq?<=#YVkme3Pvyt40=Ab7~ zGmNW;OuTP!V&Pow6WMq#_$ws$DSK@^WDuj8>$oktG4WE}`&)%@Kk(sxh)p%&7QwAo zhxXtYWUpI3iNiJ5EfZM()O%lRG|#2ldFv9mLAW-V?*XiV`4uv~vlG9&{T{#|V%Mb7 zze6$-jy<28!SjrH{QWS}$9?uEsd5SbX3}K-Kz04T?Bsb$#XTets5C!k+gD^+K;EUl zGAWVwXCiRFQQVr?`vAvi{h9R-_w(wy?chiJXx0M#)v2f1v3@JF(LlzH$RzXK3;o`E zv~hXbSJuBFDS&HIIXa56-OgPZ?-f(o9AdzC#1P&kROR|K;w|{WAQ<;W1i?7v+kz~ z(!){$*CxA8X~_$*=a7><{s_E3;pIBOVr($$M?T6{+xaZ{1<0f?c^6_@3yzEWv2|^> zx}Pq|2uuI^u3r~ZHhR75;hOIfu5-9QaZS9?him*g7Mo1U&J4?waE)I_;Ma|&>^WTP zA#HCD@&nNrG!iYiiMabWMap}zjvIc>rtY<0OKXK?8(f>LUvHwU`P0ezHLG@5!VO~m zelr66RydEKl}Ov!Wf0e)Xe=6q=A9u@w2b2nrApKEH2Ivrt^56=dSRIk*CuP{Qip|Gsf95v`OR%AP-WyGs zYtX$&a~G2T0{x19K;wx0;savmy$%jnAAd!|usjCW+FR#5?&Y9%NOR98e;t~E?n92UMN^pSW+9+{_p#zF1 zmGa;BnTnc*@%s(tjgDswl5gKY0REaxX~uh!?o9^ zfeTp25Vb>^JBs|B=t(pK>Gf$_uZ{Jyx_>R%KP+;1ka<@$5)DNm zP7ZcFG0x$dc>`;2QM0fNhHL%MhCa!R0g5TBx%smLau5BWNoE|NucxgabbBa+J0Gr1 zpLAi3IGB$jire!{+NU#FyBz(9^mXrCXPi=aAaM%E`qTUTtJ6;<{d}<;6qb|rcFzN| z%<*#E=3HQp+gt~|$o@BwNe?avNXy2qKkaer^FTS=xo~?&OR$#PZn#%*zvNQBpJGy< zt5Rj<(N($4x$kkV!-+HxOQ3OWDRlDh!{u`i(Q5%rw*7U+XYAjAb{<)k_ezNC)$Fho zz_I@Pk>CD>4jvqL4Y5@JTId&7D_dE6!9uk&maBUoY zO_?nyb4X=wnEWtw9l8od&;L&UH`k}1DmXMOA1SUK_jg&98LcO4uVY4ZW5)f}#b+Vh z+WWZnhPc=GAok2ervBe_{4k&V60`yxd{m6vmo`#Z!98DM)c8TieFfZHxHgr%#o&z0 zYRa2>a=3wOdS}RCtchi>%kx`>ZjS+;2I)YlyEO*lK%!Gx>{R?WYG9g{Hpk`>MuwCTag=9Tt{@_jUdEee)ElPx;2k z^c#-7X}g97%xhM6eNzVa9=O?#!&+lQ zH`EiE<6h##%_#CWqesvbRBYPg39<3RDksi=TkT%oM%r+mqpmwS+*y=)9W6(iyPbUI zQ0{%A7O3mpyo<)WdFDGaU2ll3ha9ZMeJT@dr0jNK<`~`U(C(BuAB{qq8zKJ*+KINI z-lJH@sVK%Ran7Gz-sZcAQ7Ys0qv)66+J5AKi>G{V8ki!Jo4fVD z)A55o&t)AQmYk+;yS#yN#pnT~xo-{$$g75l%=mm*3zysS@2cao3b=)Et-a4qjI9g( zk%zm0{pS5SlgxLx^?5lKt(D(1&u<@=QpNoYo_Vfey@#91xc_6PzrSL6_1p@$70M5} zFVu?ONBqIVP2(M;6R+h&Kr-{a)%ANt$AsnR{apWUgZB@rHLS9KFImoakte20OZH#S z|7-4MpMEd5Ls%|V+^g27$WfH-=;1!nKUK<>^4(?h#*dZl-RZ-XV;N5>uI(3(@7FMT z%uajT?fRivl;5PvujlV>MInz}tLa_#U&i9$oULCgx?!_FpO-ose(!~4t%Euj;ygExBMs`e>eOy@HQRQAcy}mrozfYtb#jU^6 z*6?oDtL%@cvgY`*#>d)ZF`NSraQ}YOJ4MWWm?@sWpSnI(j^p3#-!G%wX{y{bem@(P zdj9@q@^vraeQspR=F=f}qHi5T4472ZB`l9C&Y#m`_xGFgd-DsY-UAQrs4agqaQ}YR z@nKn|%2~S)bIR?Coi_qryYnfR(#$>H!})y|l!uJpoN{SblAneiMcVG^j@@P5!mRb= z#@QTx_cB_HOuw2L>licdCRV>>-v)I1)s@$+Xh|K|xV6_0#oh6T;+l5<3uS-zaO1W6 zPCnfH6T-4Vac#S|>;5|S?zY_*P`=%P?(y1opEkVm@y2WSOMKdWR&H3vD6VbyE#R8^ zw{}(6?u+2OrZ~3UAMUXa_qNMi%3Y(% z+5Y5W&)?r&f3n4CmldI~e4seCKY7&i_r3i|Q8+AV*=~K5 zM*c1|2VMMo{ph%E+BmK|k57~Q2V&2I>+@WsPgq7Mu6-wIrHA`7d6RarHP1z8KXmo+ zL*a>x>lF8V#tg$ztr3;&y@!1zs1!YgG`GN~U&}rzEZY^=^p~$wuBC??ufH7Q!!3u~ zxrOUr+h4YaYmyTWyX`M4C_hn^xBX>Dk6rQl%OO5~Ea@AT4;9z;mjmFM{?gi2U4NN% zGWQo$T-yF}kjK90!8-p*q`%C8JJp9fq=wvlxJ?gn`xV=-ji`LwRr<9G$`z?{re7ON znQM{h*BpQCwqKj%^lJsDgk`miCopQS!C(U#0 zE*TJ(Qx0|8QQAnxgJ@r5`l&0OeziY&lZLWg#&eja-J5x#1>C#K{Wmt>tox~w)5FrH zmCLoy2;c1CKJIW|U~8Tm)%{7aGw-IkIcJ3B6~%p*a+^?KRAqYylD{5JM^llxULMer zdK#H3oqnv^ujZe{eB)uRy|({bL0RpGc>UjWpMFZt4oh#vHT~Zvm_K{C@%q0~A8rKh z-HL1bznySRa_Vij{a+d7*QxTh|C7rqA8)+=Z=Fy7S9A{b-rDt}?f(vfYg&r6tGfQL z0?z#^E^YtU%41*jV4eRY(*I=*3QM^U_sAM@bKs8QxNWliU&qSFU8Vmkquf`joaz5^ zDbov?{?GB(Zu`F_PXCvCZdmf#xPRaFBWHU4zPJA?qTB>k&h~%jc>ezG`oFY)V*OuE zL0CRh9NYih=lT2I{x3qgMu%6m`(dZti@WLn>-rt zgib)3JB<8I=w4L!CDzxvnm+ZG*u3dlr``9$J@)#ud}vs@wRP=%kaDxp^GI_K~KXsrJVUbXoZK{@p7KuMHis6(d0*X#+~&d&3vp}6T4nE z^P6j&hERM7^B{1oA1>u#K{M}MNLg*~S*!sxpLYdKGSA=nJ*TVJiIL&l*H+vK@C^4> z57)fctJk%uj#~(~T|3ua+pm5+D)!u!jR)uOq8oExq5{*+JcNw}v(@$%!5yl&_hV-X zddg$3dG7QT_ANqY-qhGT2ASu?8aw{g-0VxkQlhv+TLq%`b>H!Dryb9HY+mg7BlFz0 z=31LIw*>CTifi7-G3V#^JzVoX&S&f^N9O%;&28;tZ_bFYbUMQIuicG9PZ;8ge6WpM-1M+urb6pkqDUi^z{dH=uLy)pYJ1 znsLme6H}$cx&NWRiy0Xemep`=fA$dNUPo^s-QL!b{}ug#?y_-~@A$XUxT`QM zb&hno_tP-+{Uy^b%>Cm>cs}u2(`ZPEJV#psx0m9kE)Gcg6+9b;ti6Vt&Hm=>YlZAO z#@5~e^yMaowY>$GbA6|{M^o;{yVIq+hil$v=)=Ch`8V(T3`2bUP!9Js#qD}aeHlRc z^F3U%ZultnU5!k;(Bs;1KHS35Vc81T#)J31zx8jj>x#)0VL9w5_x_!CeF@7=c3rU& zxM#z)apqlD%yN@mS1fA`<370deBoV}$#RojSF9NB`*8QPf3vS-zB*^m`!@o&J={I* z-<+{w83}h!`?nPClW_O6e{-*5T=_rnZ#mpLN4x$V-!f2X{W=?GYxpj}z5JU=-u}U! zH!Jl!;~1AJ?w)EFWpF3J-P84!e|1=1fV-#btsL(6aI>SHtGeEv^>4EMPSN%G$-T`+{`yppSSQaZk?5Q{_f%`AqJsoG+*D~%q#^t`YFw3{Sz0Lj> z&U%riy;b*oN(tOiaBaPPSFe7h_t9;fdC!~W3@Yq%g0>x-b*t@lR?c-ihYB~xiC^#f zUzVHf`d{U6KZV=L;dGfgB=-|egcl|HRO?LgS+@i4bfQxIQ$-DlS z1W(M`hhef2RDqr^ZpGa1TD#^~0WO$JsaW+#}pQ-HuD(PFMEYdYh6&y_NXXTkb@j z7x3Xek_30254Rj{{f@4G?L6Wvhr2ZvD6tD;C&m+*N0ghnkE*!#{_t~gxQW~!&Vf5Y zabJdKuDjpya98Y|CaaN2i981tf%}r;ege0*1wmNpM*-$qo^tKT;rU1u9eO_zj@!YY3z`sbW&IjJ+~X-@zReV3tGPEa`+6Sx zE$HZBY$KFSobC}FNlgxE&bGU=1b(?Lhqx#{HA4F-p^-F)%akhB6PYjR8RMqi7<*n+bLH-^{0i6hlP6Q|LNpR-?rr3! zp;Gh|3K0v|-j$BMdY(3?nEQ&IUGD3Yc^|DpnrqhA_-O;>sIUkWoH4rV;x=&KFP+uqfi%Q?&~=IOdm-8GBh5U z_wDjq#C%yRBQ5I7(g&C~_Oa_Wes8Wyll5QLH0nd~?u0WHJ%yBAX-mnkM?WEBS6O!K zUT?i-8PTdNcrYw0;Mj3t+SRf53ioDf>Y%qRG+u30_-2cAUQ_Sx>@O#^S&F^g)ZAa7q=RaY7Q{8n%Io!(?*SmhIvBS(u zde=|&>(860`!|IT^PCM_JMQhuahdgpPILU$*74g=@|QcuJdv$F|M;CJDyD~JC){l3 z81JOaJhTKEKUi+d@!VTP<4_^WVST)&Ez(%WjrS307lv)l!}dBT`*E(Xy1MmY-oKti zxx0~x7l*ss_pjT*G%4o^uBYJGdh)K1VeLzHeT;Iro8X#Z+)OkbyUaUHPqQ`0-P!Ty z>*PN`Caqyx)PnnW$n;z0n73l4e!nL&Gc3nuUK5^a zFU|N{>)~ugJCU|?-)ne}7Zi98N0W~V$cyYV z$-Ez>StgE5((9p=!TkrWy&ip)vO7_e{*}2?$j?EqqL+~FM?#zn3|HUh$$yUdcfK2H z+tVt_G#OA|+9Pf6Eb?!l73dwLxkV0Fj{_nvgyj~vHkoybt{4=M!W**0v}DH*Rn{rW zd6Ds%vgZh%W9W*4$k>zb_^;@hRJn|O{bRW`O z({DVzVBYm<5I!rVVz%+|CU$KHT>K0l**z5nXDU>?`Ml(Y5u z5x?Jpenr}zlg_9w=b=l`_Yb63I^S$}#*6wrpyHRqvR4n+9`pX_7|I@YTis|JJNE4M z{m}^=qe(fh@LVJu8^_ncFvoQxTVvlqryh1JOqceW+5SaAswDbIJEdgHXlc^V)DQm?lZpe@O zMpzcX&5r&R)`X^9oq_e`K%}|%k)MMiXaSl+fl#y9_6`+7D&S`SC8c+TQc}*OF)0XVNQd zb^9@Wk4YPuC9&t7(znAh8Ln*y5z3hL89(%JH=8j-eSbqf5)?a&$Q?- zIL|E!%Ti@;9m;g2(eA@m+j}Va4#*_$^DUOG$6W>QFs}_aJ6b~Ic*>e_*U294<>ZSU z?t^Uo{IIi)J3cCZH!MelUH_W(MU5XyJlvPbf9i1S&Zt%C{XJ{1@vrTl%9e7zglp~n zin3<@<0lWd|2f0}GU-~je)b;2u*cS0*7C5-fouDRn<-O*UP9Wx#|@(IM)_zl6IYtM z(z%Y-{X=ABScdm>`>!h~SA_0B<~;25J8937UxGeC`rJ8%*fpu*ecr2vlM~I+AMm@@ zEmCC@TW#M~@;i}9W`4%bODv!rSbx5@mTx#ZoX7_}hvdUeJ-24u;t!cWfNRgg_2HRy z)Y^EsBgq$|sJ$C2k3p=xAu7d=yGuV}{(uvq~Uz*HwxaRsw*OTSy zc2N9rSWflfzFtFa;U_$Ap}6nCD@VV2xP8u}|3ZV&6?;`a|1Wg}f#x4u>Z+|G)79JcgD=Obl|5z^cb$Zth;hBEF#<~z*I=mZUKB6AI1 zZfQkW-c;P9Dboe@L7ICB`Elq5)a2mGKnlv02r}tIwtieQ zZXWA!CD2obEACp#{EGfXn%nVG#!KirGzM+&&%FlL_cV5HaQYq1jimLI)RWzKxQ#ON zC#A`Bwwk+${CmixN1SyCz4w)MJd~&Rl&)}Xzg|Y!jc5nb+^!?=FB*w1M5bNrWL-LA z?@VWWUa6m~)l(i;TyuT>V2^+lQC4%!_4O3?nUu)->7{U&!R;L_A@VR~-$Q?SxbsF* zZ|D=W0!?Oe#Q4FCOUE1-YsZ8CP7xm2ji%gsJ*D6jHy+YP)tBSYaHQ?s|FZhh4GlsA z%$9y~`zubrJ}vehM=E~*@4VTlr~Cys+p+gP$`tZl^VMuM_m_T|(!DU|hrTbSRJuMh zJ~l~@&r2Hjl(wh3_V%RgZRk#YWDS>>~53?z2{P2p0yOjKDhnt8WO5t`^+%GBn z?b)?ui-#+7Qf2QeV)mZPy(qtNl=g2$^PX}UT$}c%Yzx#DrLfZ(KLomyx8q#%+oBdd zS)XB&W*h8R*`9j4sy^>pbVyIx>onIMd!O(-?h~5i zaNT)xet#^#xBc-HzU%uEhySq0j;F}K?AS6eFZLa;dQD>OFV;#buMbktl6DO@JNj2e zo}Cf9uXqW5(8rgxC0#COpGoGvqFE=!yZ&!`E(&cssepScTzlPe*X0?}d5!TN?%|wp z9^>CkGT-qseNZRPcY0l6JwI1)Xis@o*?S|r`_Oa`_qZ#$zD19thtS+NSkt5<-&mr5 zYrG}a4^8EKS04S#%s(92Q||BQ`uE$vW8VXK)8pS`R|e#L$G_%#0OJnhdj62z`!@o2 zzT$q3EkC2*koIpI)^%w#w!Sn)b%$nFdY@u}bN)Du5VQU*KB}jzQQYQ~I|}tentR7p z_2pqyhL)jn){L3Q4Hpv&3!L$#Zr9SOr##-@t+%@4>dXGC#iSDenK#b}n#MO>G>0n@iKZ zX@uNQ38iAFzCtmjX6Bs2NRcFiP$Uzfd(%}^Oerd1QWU~SNQ&t~Ni>m)!bmEL1|dY> zv(DbjerLCvW|Z~&{oCzx&il-}*L|(M_Sze;`2qcoH20GJRV5SkLDN2|ByGsQcE8Lf zZu!*Qf)=UljqLe54!if!7f5q29Z*$M8DkNhiAAPGQ0q!>KH@QWd1$_myPfl&kqK3@$-m9Kcgx#)GV5)T(`^-f zRjRatYyCCt(h2j+%L&-(cqnVTl+rm>dc(D$HM}s&K&D-??Lb$~b-R>&bt-#ad*$>b z-ZOp&zqtolf9TRBwB+-2bU8BX6?)Y1>g_!N<+Kp)E9yEgpdV}ZZm?Y3N~p-V`%2Sj z5w7E?%c+e&-QUgbk}97oe;;R^;81)W?eo{HA1oSDUVcYr{h;=@!eD3os{7}mYf`2B zRbKq<9Y+4_Sy{>rckT-eaN6gXCY-lHrhPH*Y|H7EDraJ6({uNV7+Fuf{*_zb4|3b} zm_h7kit3>@ca>+YmzPhvy7h)Bhjtz?@48gUhnpOY8Ii`u4z))n{w(+2!K|@C@1Z5g z%nR4M*C~gE?(^BRH!@e|atd#zzVGaD+YjNHKGXwg?r_d0plRr-$Jx)!?bn+$Inj+j z%`LhmRZ_0@;=$a1n1Ssaq`BsKza;KI~hU~sBNDzd!))xxVHVb{hNl* zRxZYMFE4s1%{r(oxNj+6bG~L~IL=I)0~cJ`*iKd1xhh z)Q(F>y7{c`aWTS{L(!1YD^*6pt><#LWAiI2pIw~$0OyaOSJ4ZoZddNRBa|E0sN*z5MVVeY2J98}Jjh+TVM~4_PlzmBx^39VyniP4gOz>nD&=HA-B^jo z-qdc^e*ImsQjO2@TJbDwBgV;_ym{*==gw4lmhx%+FzZX#vRD3brSu~Q`xo%T)<;Fl zs>#XNo`!V1hdIwgJ(0N|Yx|Uek%{>J)x*J()ssd&O4y1k-ZOS=Qr26`B%qp_Pwd{5nNj?x??vAO+uQR&-n)Q z1u9tJ#P4z%;S~Js?DoTT{!Q$kDvi52{biO*$j{hS8&N|}K$?3Q=iN|$)CX0#gY~Je zaNn8ddFR0WjF{K+E%^geWfI(aZo;JZh>>Y$kmlI(Xa1>AayXxfvWZt)es#T6I4D&< zfMdgR{5GF__1r5JqWwa*UW$2{&vm~rWpJw8jGaw~<$S*ueS!3KrL!;R-+UH7(pfKU z@}qrDV@JR|bK(&CS=V{vizMtCqf3$IF68_J^ey@V^=00+<8@AZQ@4UM9y0MY*}bsL zZ1N*q>u=mB-pP&5L7IEqXH}#VpJk#Yq^tHf+busj-{cKTl|G7l3wE2&;61QD?sU#y zLMANaXyz-^=QAHfzOm_{xyd6^<$1VvJhTLxAJ9)o``cwS`32>mF{r|Q^b;uihP%(r z=gUc68xI+yQ>AUDS1zYxW8RngEJw|Klk<0x3FiKx?%!E|b-7HwFIDb=YvcC=Y;LuAM4l9rKl}3@zCOAXC5ZgO*b761!GcWA>2^Z6WSDP`k_HcbLVls7@4q=W6*vM zvGu+C4uub-$`-|4i_JSv#>)2`HMi;*o*h6YoWil_1g{@v;MF2INji zl@FCa8?o7rb|RV`TmQse^ZL$|H~K5;%}J@!=msyoCh@yh(Hls| zSM{;fnaG4QITqDDFda<)@}Ku^KAI}s;M)59Tx=HhuOzKGYVIV?XQP$qEi~&&-f{a5 zf23WkY;@B>*XPO8xSs--sv#OSVRQ3aaZ(Y4sWRhDy8Gmhl%$S}k z)o%3iO?&LFM7JZIPLnxbfYu^2Up1XFY0@cullkkk9Z#l8G8|jJ&A56izuk$fe+&T= z%((jEo6Aczp3U<=mp3P%{*>HQ>F(qH1oQU*?!m_Eivqa0aHqqy>F<9(x?5fn%=^*X z{^rEbr5q16zmPeDe6Rf7oXwo_c-9sp9S_ww?|6EQoW#-0hnRN6_CE>&{7rm{`-L>^WZj7+%DMlGPX!_hj2a~O+lSUmyfP1ANQ0q z{@5G9Etr|gvzK1{`sZ(K{FZh8CTkYuOK~TE%6&cN$4tJn{_@|1rX$!73z@K!*{O1g z;^ts$;$fwa+vRcYm$=+E)LrJeCi|S56TAEOUsd1Z7Q*cd*OoUko-cs8&c`+5`OSQ1 zg1N7u=iMw<&o^hzNtKxa+|7r{Erh!%fV=fDxtY(VO4XYWjE7x^$t{GN0@v2Rb4iro%ithaP&BO6q)kWgZkUt zCk(mF+o$qQ1P3efQmRzG#Y-16e$HnM{;T^Orma`(&&}~*<7eIPO@!M5ZavqqH-3&l zkNW)mg8Tn#_-s4+!hCnC*Dq>MOqsYa{h}!@Cp#}yZdCsMflcRp_O5@Zcsw-YJQbO6 z3CE!NRr{Osa;l71+$*uU3Ehfx{65I}3&@0}*O!y_Eyzp6vGLOe%`JE(RbE%zx3Il^ zQ8{_f$Nil1T`u=$j)(F$bAGC9himIAn{NADhRt6=`8{rVXL_|9zvUA#UH=v zZhp}I=EHqNaoeX=kr!dk^Ks2{8}FF<3i#Dj5t-TLK&KgtP99HXIdDecLvUcFWQ;TrPwTRcn1QOCn)r&pBo zyE${VrXLVAZ=OOuYul5|Wvq{Zo8tN#g4dn)?`$9U0?t#B3DNs{%rE%oy&7#~uSxQD zG%Qb*<%)Ybwzs1@k@ojH&f_O>UjrS3R*t014R`X{bT=Lhw+U;lOekEz{es)P_#H~z zwZSfoG&i5mKSm~Or&-f#kKWh684(wx)GRvrvz|w;NAz< z)@O5wJJTMY=;N;A^DmJJ-*KFOhSy)R`N5R8TWkhc&;2sEw%_N?dO*er>%z8(SR@CDrS51LC0&ZWFjR9^#+k*-@D9 z`M6i{`ORnm>VtGV)GX)p8%;di;KoDVr>W8vZav3+`3+vVDclD}+TU9_ABCo&i72-b zbICe?R5(t!O7|#k2ICxwmci#b4+8YvT7D zH$Q|5Q>FSHUOjmoyx!;@ANM)Vm!M6k0Bt_WYcDd~a{N4Pke%-@`YKgg!?oGj=Cgg+ zYJW?L-yH$*o4JMi*@|n+akXj1xo$ECmg9W^+-$fn2XJeZftxtg8T;vaJs0lQ0B)T! zaO(ze^Wh$w<(0QOGkFFEW>X(`5udL{+tHV3Ye)JBOL<=@^EAyjJN2(_=kvC){#$XU zz?+ZW@Nqjm#{Cd90o{)#wPF96tDW+;)oq7zYQ)GScYKktD^+sf+WgSDXH2v|`3bf< zKitmeRcAT%r0Guvje{PgvtZlfe7M_{zcsP_9Om~vZf`#CkEWt=Xcl!tS1PN_3y23d zeoZ`F;P#^men^!XeZ2bjr0Gukb}mQl?*p9AKyRWKk!g=@{X52u-WX3x=GUG?) zQ{dWqat^-i!fr3p+^u}R8~uTL$HYd+k{qTm5TT=ay8Bi`Veod8%cY0h~KfLebI;j!dPwgAP&4Sw+u5E`tfwvWX>*F?k zf_HbK?&vC{+o2Y2`)0-$72N!gwU>Ui^4G@0L)hy0Eh!$x1o&GBcfR7=kr8HGKMpGVWpeTbiE_{Ql;iy-u*3k zl0FowjdVOb%K2+(6Iz3Gy|dTtr+&(NQtx#yEK|}X6|POUqjKS*5YpTZoZp0oqP|F{ zTX#3zR_j#7~3cINyxbSIkb-iPSu&SxzTNVmMWH2Fqx`(yVYdIV|ii<~b( zE76bv&bY;LHwJKXD!|jXi%=my3=E13S++MVdq&7bIm3c)l8G__jv8V zcl`bjbnY|7uX_vURcG@aOLRW!`UFlFmSgP%@869$Of%nT+u6+HiBGsTUp|b@(aeKP z=cv;;j!g#V@tFx`{f4=xTZJ)+xle4byR~{QEaikWc@3@&&8RCDWB(pf*B|%dlL^v` z@A@M>=Qy9dV?q&}b;`ey{B8@3ZAklP-e)nH?@TbyYeiWk*unhEIWbNCP+args2^bd zTNv*}a_ zHw~^0$HS|OoUln!OSy!(j`dO|ed4M)9iaS{X>z0T?;a*tC)anL8M6Kn zZ3*Um1rM6ZS3+s_BTu<7O&(I*P1~xY>m@X|e#W?f>+=wD`Jyw;Uyy^uLy8PE9cBuje^z{ybLY`+T@tmA^gl=^+zmK7Ysa z`4sddIyK+fpTe#;lk5Y>1$ilHQoWz&?=#rVfccz{d*|v((&8rWX)caA;JpnsU9MgS zn$jvw8Y^xG?tAL@V%T^v>)pE}6H2pgH4pA}aBcZthQH@fubMqub-ESs`8`~}33mN~ z$+I?Y%~99$nXS`goZ_C#{`U6WY?^D{UlBqk_}^b)*_vAf_YK9ZK|Tt~zfqw3&++_5 z&m#qKvo0n-C~iG$g8Xeox#-8dl?kQsSK5#t`g`$fij%K9+V{$&LDo1P}OC~hTe zx5NC^$8E*u9nm!?^}XWzsB{nFhG_>B_ehn`0=SFeCcBY$EB@H$yUa&6zlLbMZ2H@B z-k~=8%0<#-hw|%)mG5?>`#{gHyYTBS63gt(MDqUQ*C0N>4;{?EA~>z!*mOQp^@Oxf zletoZya7{R!&vjnk?2ZivF=jR)1>P6R&$Idc zk*L@6;U*69{A>=_*6Zf)T0gaKHs2WEGA>Dzi?Babx)@ej;x7~K5am}Z{JIofi*)=w zI=sBx$!GnM_AxHTnNzp%7rHb}7XAl*Cd2(n`DxR6jL%PV{U-R+xuMU`On7GuKJxLI z1-Bbqe}0@)NzVllnuv zc+^~zzK1F=$=G+r-ja)|XF~0>58b}zz|B+snsvxunK<+LThjBr;{yCm?vN&hihHEm z!92LthkEgQq}s8RE9hq^?vZMLGT`=sYs+O>`>BQ4Kd$WmZ9g@yW176DuJ1^tM{=h$ z*`v5eDn0Vyo|5gQ^N~uA0=SpLwdLp|%AdcTwdJVu%T76p<2|)O^^hJ+f$Qsu4)Zd17bwjRvBCQUMx{lBdTGrFe9 zSap3zDm@C|zNNTFDm^l1h3VQEpYMfzFiz+?#shF{KkP`Qb1vL(6?Z>A{7heIpRd1Eeqe00Uwr(x zRS%da%MI!;Wu{53k)FRtD*xoeO;g+>m46E04uEUh(c9>E9;_X$O&pj|s&@4HG?@d} zwxb8@F9oIh{mknXV!uw=pUK~jf06qSNRKPq@_7cj3Tf7SH*E~dg!~)QL`Hf3lvM9@ z^Revs!mx5~Op}Iij&y!Z?9O;YagS8K$%Q*kagS8K$%C5@*XEle)&EMqDNS}OZdvP{ zJnT;#?fLa@>z&M-(G_e8_CH%0(0+z` zrAbx*w|*J8n*+E7aGww0o?8ZPQ2;ml_B8n_fO|n1xN*Y{y#Jcqn{so%cb~isy!Ply zWYXyu)^QMG?%{kgvTa{ZpEPNUolTd=`ED6nflRvm?${;#!TE77kzQ!o9NtC8Jy0Xl z)^+6tOy;QP)3W-KpW)j2z8Q9xqU(|7Zkik~Bl+wp^eEEn_u?u!>p9c7ET##gq3G^3 z`BHKH@42eRJ#|7tS>JP&drz8Fe87tbQ~t7h$H+UYW2637cezoz`%h`^SLVTO9>ARk z+r-1a<>te^Er9#T%ZZ1@Er9!Y0QXfl-Ttk=g>VZ3xNjULw+L?B*aOq8ki9z&Cw}GL zG-(#VU3{4SCc?cffV<={xgoey0=S)@KD>BHhWma1w-V189ZvkFz}*Me)(*HFnNX^A9dPT7^SJ){!RFtx)(@He7~d-H(+|cM8~0dlP2M5$4rysZY3AVz z;f{rC>)+MbZbv`4`Qcc%-Z?Xmcdnv#==a&xB#u3rrmqqSHDHe<_a2U}e-j6$$**v2 zm>OR_x{j+G_NF~J+2O{FxwDe2y0G#;^?5FK^~QU4;X3STicN21#!;?a+{LXDBsION zRBsUfkF99~YSA`D!=NyHNGT|;#T>rWS%XKcs`L{Id7INV3RosWU-dE99Wb$==*WU|Yt|6D8JJHRk z#iOj>f0*Za&St+Hcb&ay_v|{j?CdnD`Jgu*wfDScU~7WQ4crHyL4Ecg!M-K-HkkI! zv|mq`!hQxudD!2Ay-kN_v0IJ`kiM?-=do8Dx(D?}eJ^J{MjIzhQ`~-wUf-2Fg8N&_ zui@B?L(d_T-`wkp+syf&sOBrqzB(K0I&oF+bMx1kKN?ND1;>`7?lX$76Ehrh|E&S_ zRv*4I;a%Ul4wLUp(B-HQ?kc#UsD;QbZ0-6Bd)qWzK7Yjan*=YPWZa)7O&;>n z*}hkE3AQA6l#9QmejjiiyngU(y1xTw6Z!*bKd+q6b2Dfbnug4Cd!c$xy7wcEOuQ~y zT29Cg(U3Ea@~600^6m|@57#nmHMh&hvC@<8Oz`i+XqYDG>o0`+6I`1QOg?WE<{gXU zt4A4byatvNlkP>>r{#F|rksspjr?k#Us0I*PpR%Nk56M?MvrU#TIKcwZF*~NY5JET zxZekG3-H&3LtSq&_H8B{=$Co_d1>rZu%8rQPcv95`wZ-N2iPCewRC?!6Z^=-1O5MT zxRYZKb^Te`&j_$L{k+m#e>V1e1MDX?a5^oA`ujQ9U-IyQ{-3*vLQOc7eJ=LX0_@k7 zGX3+g|0ckGV=3+Pv2Q!cYnP_*+_ib1>1JPfd5+JwxlB{<20iDX_w!GFFil3n4Mk%? zHlc|zM-BpA#q}wRG#c{FTs{h=?iN}E7TEXd=|?(RFQ@=oOtNrw&#s0Dz=}J z@i_D5k2?PLr3hbx-Gk^+q`6;nz8h6}lh2W9*LI;$8~U?w{qMOidXoMNTpNzU=C`Bb zB_UB>FUqr8>Qx-e#VX^IZ zj(eTQ^5^Y!hGuf#W{SsMj-7d*@fwbrYu4p#;xiLI!_%OBFAdk`qg=Q>6?Yr9RTuHB z71G?Eoadqy=xwxXEaRi`PP)u;#{=5moY}1RQQY;|{D%HSntRS-p7%rD(KV<^8=j@O z-sJ|wL*cV&@;lt*=oO0GhRrZE9cgaow|GtyO+cg2-fa48uR8Nso85h2`mhe0SC&OX z{tL_(PW9sVEo{bisx0qw)ZC-rraYlbP^ItKmo(({J5~q8L*7gDHx>7K-e=Pt+dGiv z-p~0IG#AZ8hMQU2iH8LN@sOLBCe@~S{=SY)!AbNnIcjc|{2HvQ=J_S`K$RHTcMkQ+ z`3`q=05^MHnmnPnVeGo2@kn!bbG{$dUcxhBXnuR1U;en9%-KOd@f4?C(fO=sewx&M z%=0$|8QKCuk^k^p@rOEdEBe7KEuZ3hi^G*f6rOQyeI00u0kf=c8uitxgW|&p&P%Z zAO3eVm(d<9N|PM8w!e5gHXosHk>(D0hvy#Ots&>32B_El^a-g@O})DE?E~LSSg@RN z>l0r5ezUWJoHn|g%)?f5mvVl}Qm3zDp5F<2UPG7Ttas96h2nmK{bsb&$E~=6=cG_` zbT-o5J#M+s{pQSfnMZrl@i(I!?<&LQYSaU1f2VN%DtZs)BU5juuwRQAkL)3S?Rdo2 zXN4>1U&6J)j7LVbi;<1k+IqVzcvSd+K)L?-De`-&3>fS8?!GvX{Y1i_uBDt5r4~suV}vy#g&cpU*X#J-OS@$cms1&K7XS? z_n)>6NRML=9G~m?mSni6JmqoCc+K1ksCB(FzwY)ooKCvS{fPW^C~gYe&Tvirn8$@@ z;OF(|5ud-cKcK&b2BN#rE}p$=elZ45#!E;Nq&fesQOWC%B!A9*u$f*t%g1IdYWSfu zkK+0p_bcbut|4EeT;|*AO|2kP;^Jjrl4F~@Elpa?@;Iivnsge)c;?@fSJ}>ba(Fg< zUKq){7vWVeD4y=Kh}#qR%mkC}tLu90xRaZleQ0g}D--T_idz@kv(RNe?pV&3qMy-D zROK!94q~5n!_1oIlq+4oChp>Sl&3v^Yp$gpMOPrA-1ajQ-ZP(nL_L6RZ&6vAyu`la z=dlixc4n8`ei^R4Z&g^t{5)KS5z){KySvdyq`9wg{t4QS3Q_ij?W~tVyyG* z!@xD=LQ zX@5TC{1uM1*6a9lWvry17bh8`opFWEhef}o$#A$f+#RVRUu7mpD{Qqt18=D; zm-CtFr#Gh!$=;hL8?m$XnJsT!`HcyO8VBcKpFI0O`^-|>=VCu5z`lDa?enlN#NPIM zdSKTN%|kjqAO3{7Gj!g1-kE@wpBf{ppDj<{g!?q@ocw6wbBY^*Ddo~7=~*W}>B`9v zY{sKW$n?tGc!^)h`3CeI${~%L-|Do;g zQ0C3OU86kg)+xJR`2F9g`i5eEKdv?Bm!K}l>`&j7XFCd8$4U>{L=*Dk(xu^Z2d0nN zCsfBz^vCW$X8!9??*lJ@J1BsAJANDvw-D}X#r=*p(6obneB7^ba{hTlFu}Bghw?WR zpDxEd@6|8;;Y~vC__z%=){qG5kM2S{K4ia zHRuv7%;nYn>%>SZ%tiH3&hvQgQaeKb<|T^nU@`njdqN24wg zkO{BWOWt*u@@jbLKAyk4+PK!o5WIYNofYq#RaK=utc>Ekm;tOUABAlBPi~aXx(p}% z8JzjbBjqlQq z3lec88{V;bUVIIve>oY}<4Dz$(fgJ!@Y#~Ym}2)Elc^_7D1>vR;@Eh4t+-zY#8bxE z=`tBR+s|2!D<-|(LOPxj>c_|~%9jaOy-Qz#JY?sYY?|qK%7eR3`Lhb%TJ#CB@dPU7 z;pH*%6`$F3ljL+c>Sb@dyo2w4LJ3=n`!kjE9jN-(e1|46XHYlY=^wRm`y011Ubge6 z1x?fCLAbV^zMCXB{+xoXzRrv}?62WuhvzBPobJXL5(Erk916&(_71_tkiB-LK0fSy9UK>Eglawx7U#CcCarp z+JFkW(av92iDz|UW%c(?dvD^`_G=TbN|&5hym)xv+ZysDdL8NbUAma}xAED2v=^Cu zm@;cS^AWw=bkqIMjLy_gaO*kl$}!(jkD*pbbH{N0BwCIZpy@dn92FB?XE4d-UOvY2 zH|LskxpBTXzWo53Z&AX|;@s;w&qlAJ=TX)h+!sFI;Vy9dJ*{8#_OndPOlPj&>rcI2 zNV`XV_y}9=?-{%^`!mK1CLF9hy~IV^_|1ab18yj4!JI6-YP;Ca3Tf`ooJYQ=uZ2dT zOyXc~oAT1{0^TX=&L8M>%j%gf&%?F(_h$AY$i;3J(%dQRX+M|GOfc)>57tgve~aMm zQQTLtEkK|7xPNng^ba*8gdVxSeDpmNRh|;*M}MIWb(<+~x?ah>EnQl^=J|UDcCAr& zr2Tz|^Ia%mH}~?-iI@3|9on!Ljo~d&>+`I?xxLe6G+bLhgs?js^+%ff8|UX1v5zw{ z>j`scPp1r}E~LH47pGk4eb=-5q{|xR?{MrMLXRQMeUtO`=qt4PD)uZn!z&ky-2AKK zA@5Gg+v{F_*u$LSE^PN8&7FBa`%C=DI0zkuiYROL{&r_Ke*agW=aAiem2p?P{0TS3 zJ+F<;IVg-Y_YKasqL`mp*Tb<5?@ij%$>~>Yb^Tqtw44lb`!^Z)q)W;IFWnY)a@z6Z zuvhIt`3<`(MBn`yRPUPW&xbP>jtysEpNx7S-Ci!?d=D!3v(v9%{y!(}_mK7`6!xPX zhhxV*XY#ugG#csatha~xSo8oIj&{9WjzL1KBr~qf%JuevxA`c4aJn4*hL?}t#HIkn z{ZgFUne%(m!)P2b^N}`P7P#|qx}C`#nl4@8rn?vZ8a8XuUr76#^(*(R&|EYN)#}Ur zH0s!*Pw6Xv>CE$)ak$<8Ja;(Ug-fX#aJH`3g*ej^W{n@|_j{7&+GFDFi`#5v>p zV)Nc3)8$FU{dP;dWMlUL(p>YNnQ44B(|lgL_;ahh-26E}jVlY_eiOibt_I{`Fa%89@zLh5l8ai6{+j*4(Bd37HL11a{d+CkA6iP2k^c>=A5!wzu4KW zAB~^(K2Tn6x}2BqrZZLl$&w_E(8Z`2w_O$a6n&4jB2%B|Gd?%t$T`GoOD;;+=Y=!U zWjI_L>^Sm9xcd4_GfvKm7fE?4UDm?0{kU7;WT62*KY!T6{#$%D6?LbhqW1|{6p;Q! za8Fv|adWZThGJuiUw=mVBpI5JB#{b9(i%;#!&(I9NpeX4Hd&PptZ$a4%S~`?`RPzG zNp3+yk&f5bIbVe~qfbzeI`p;aZwvE|UER7-$7|8Dbjfr5Whz5{#-?JWB*{jaJGXL@ z991PrI-m&ZOS|6hmpGY|QC_+Zs3_~GoOM3PU!5*ZmL8a13$az{b-+Ai=mX|2v9s6t z7Qg=trB*HO&-vAoWH5RTRb!5$A@e42t=I>P`fvHZ1Mkyjf0Qn}75D3I<)Y)+iq(sA zZyw8hx9j%7)*o^giaT7TciUZ;0i{mp{goXHTIZWDPD*xQ(&b{+7hu8^F!jm@Z3Q?sV#@4)AVA z_xiXqIiH8#MQ@|Nm-8Ot_vpVc=UqVg|C5N){)RqFmn!cZnD0NpR^|Irt;@})p2~*T z6`tu2)MBs0wQ%YtCCPB4ufOuqNpj{fN%A6k26gQaD{b~ykb2J~NWB{>N(+AcDUWH} z{!3vI_Z!|V?&k@|lE+Y4{cH$3<;QgCqP)aSV1Qxc5t9?C-Pqef<^Q_1fR(pFrm^;P=`5 z{@#G!x8K1ecEIm*`29QlKE!u5>#>FzKh~iuk1L)|FP@Yn15cq|4kbw@N~s?wi()Ft zlqcfpt5%X^;<7Q_ADd1^CxoTPO0Qhq&37h#rqnLZE$h5i%86llEr9#fVRCce#=Ymo zvuUSIzM2cStoh2c(?#$)D4tEXzj`}=!=KJ_Qdpkk_olq8rZURo@4k!9s#83^!lx!l zF8UO$MJw4qJN=GW*+Kgox+Fo0NC$I&&h~5M^ssDGe%R|ey>7AVI-otv#IErw$Dak% zGiUPqw&)tfpRoBf;eO6@(E{{>`9EW%P%EcDw3T|MKar=$i<$Mpat~Y^tUoKT{WtNP z5ASW)Ps23h&-Y<{g0!C{jX(Fg{UJU6%&H%j`1if>jOBh)25yxRPJ5=gp)3mmPZu#PwY-QJxL}Y%^iJ4 zlFUHs&}y{j2FiU0XPi=xb>gP4t^4nV$zk~nt_?OHhwBB`S4I53{%Y^~F5!1w(alKv z@$;>*@&KPbYQE>*Ou?zn-sR@+hunB8=EpfEa+;MI43W1mnzNh%}l-x-{@MkZXi zntOYUSLe1UVVu}BELXy{!Hg4)f0w{e{v9|@#O@jFOg?Lm16T9=f#?;a{W<$g`o^d~ z>Vq0iq@VB(^PSAg*19iVxb<3WJePTXSiV#Kthl?9M-+#ApY`LDG1K~1|@ z2=9A%w!dwjU#bD?Xr!-y``2dH%n7A=eo4~9a(;mquP4B3j=K7|TR5+Ac9NWrPB^)e zwC9})x!j}4;`-AIojStA>p%UNOTsb=u8G%d%IbC4jX`H77xy=EPLfPUJ5V8-RVPNe zc1w^2jO&^|M1Pix)9aA(t`5s8xHi~$z2)407q5w3!gBOlZ{GMeIHS>0q~kTxI7xb< zk!TPaH=VUO=Q{JoQ{3w>wtlN?SSG_Y>BW}b@)9;{QT-;xxy_qWzn~Y4JD%Z`|2gh_uJ*6smat^PwdMaQY@SE& zBh9VB%OTRy_2_EUqzmn-JMXvEwq^gZg?pt|JM z@$M6ibmv2+-R#9@s8?8a!L?ynvvRT*+kHs46Wf`~{+o3|wrtiZo46l$qf;g_%N@90w4iTT zzI6TU$Tc)_uU(f!DjvoUu%a|KznVJ0n7?xFqurls zSZb~J{I%Q_W#Bgd>OigxqTP16c0Okt%pxDRr1_kYq>+C)Heu|CZZbRDNM|h`|T$CiWP*pVdJh;hDIi2G63pF=1EG%EEcsLcC z3(+M=b8qK-5PAr`@H=zItapgJ!Qs}8cka&?i-+N18M4uf-|5&bLo1NxCZr_E@u(4M z{b}*{YRq;0)!h7%Vfj^Y)3Lh>bwQeI`mt-Sa`NFDCl`NDh0PP1n>i{h=YHz>n+0zu zD)4bTv`Uhj&=7PFGW(RbXy)9X3{`Q;ndWAU3Cq2T`vx|~-<2G-zr7pB$nevtC<&$U zw+QYlin|%!E_7P!;@rnMe-`DVcV2YfBb~$8G~=goQu8UN9@GBjjt$FRxS^;g+$+T{ z>0$Jz92eshvQ ziYA2RbGWu${2rT%ZIh%5(%crDUxrK=xIFkig^u5xhr@F0CXd?<+iTV*NKYSkH0P6D z?zr>gqxbvlIyU303B|aR!qOgYDC!CK99j2}i~TGgcRQb7+=mV|Vd<&C`{C>TIAn5I zM#D|#_vzf9oeOUr`q9U|C6%;9pQ5#>#b4#5d$oAUVg5s65@Z;*ixOhwShwNLpB|P! z;o2}{NJ7-#zpz#9dW`@6Z1Uq_X}#IA+jdJiDVN5$8(BM;2dw+d#_oRXs0yQ@2ERWY zor!dMrgMG;GNBvCU96$oF`RJ<3w51X-@m`k8n3?3eY%=LxZiv-Ykhcs&=|Kr(Vp^R%XjX~u-pOH zO4Lf;%^kt{gJ>3d9A&qnY~?a9$9%waHy$)so(s$CaH(RW;U#RAqm4*& z&uovMs1v#rwQ0v3PP$Vs*W2Q>PurH3lb>8p(evDY_|i+aENq6N5lC~Zc8Zmmd}hL2 zj;3DDTjAWWv{hVlpXycY-tckFeVFUHS7pMS?v)Q&-zUF7eFWEzj~De% zlw~ki__%91x8eOJ#n&NNf6e@u?YHH@U8VdrV~>g4moD^iEz=xJGY-s$8(Zkb?^by6 zm(brqI(|oSo{K(0D^OjY$IG}jR&uhrFBv*;ypjKMST0mtbAR5%@1NLeuDL%Sf2k7} zrHS9fd0{%8p1)PFJpna9n%j=^F6a)lzH^MUe~7UfYk_M~E|v$BHy`egihK9K1bGJLb3X2Q zjd(vWpP6t8)w@|&W#2z&<6koMzm z&R<(vT?~h88GZiHvJ9sX&d-Wt{ixcZbbiR&)N5P4@_ZC_^-u=V`7MX@=g~^k=e0Pg z`7-NJ=R5Jz{4r-<&Wsc6{hItGVd)9ihMm~`g3_-jHZK>qo%8>7WPJ}3rav+Yop_c( zj&1&`uuRdMn`5Hw&l-NO;wff7pSNSrSvwz-_9>o3ukV4i1vgui9N zlN@!uY4g7xZxq121Fo&#*7A&>-p|&QN0V-i7so``;To=ae$D0=%QQzF4=HQHvOxLU zlY5n&xc5_$x<>nJ-UGdBJRcG+oDq9Se+%L6QQYCnxP?!7Ht)gJ-1^L7&vE17o$1C>?duy_%lwDp{!IMZ_rqv^r?M}}Lf79B=N@{T zSOE7m#l3<;ZDikH8`NJb%|5X55%Wum+l&sI-FIL6`yTsG4KX+V2&VlwR6fgr+jxgp zubFx0J#VwX8+%(Hkr-Pb|;=ryk6L+p(0~ zZ^&aNlxm+?xDPAt0BpArhr508yJ0}AOys+iRV6Q6%e+hoFd?02?{s^8{& zTQ{fi=WTnM54Q_kTb@eFpJlnuTtTN-7dgS-FVOZ;YCK)E<~idQaj;6C^ta6_Nd&in`5Jh%xz zc=L_N^9~z-f6(OL>Ae$V(f3X}eJa1{%ZL8@A$dc&f9i*)%4SXT!C@yx(9iZS8(!YMDCR`y<4e_Z!r_ zlDR#k``WvhyE7r{tFWw5{+-V6nxYoS^ov|h!fl*CfSyFpU7aAko?=|Y*xx)`n(4ON zEYp|Eqg0WUt*k>V^2YhkV8?ACd6}c;F5$cYneh1q!S~hfq`z;kJM>LhE`w`>d9T6- z?7u+zx)1hVg}(S|Lh?4|DHUfY_CKNDT~0GM{^G7;ofQ2`BOQNZTuuR;&2Vi0WCeI` z_sCJ$nd@{p3D@zCiQdSBH`oIq=zgbeUo*F}-tI^5KGq5F+C3>!*T+4J^Yf4i&3N}> zP0D2!H@^;cA1iT3STf*Re^ao%40S=;-)znwLeo+2nAqt3?@5iF@#=Ipy|uqt-*Vp# zZUrZLWj1!p(ECVp8+Ya&2^xq}+E$)ijR$5SAK0dHohMk8I|jzi{`Vx9Mg7o;jND54EpVBHSzB+F-fc z+>y^na(@o(h zNBptnEgSABKYQ_I_N_GWKgGv2`&Q0!xto>-m*a`pS#BZR>s{_h{Col1W#}Uxx8c>S ze@30rWj9xkuAA%pMmY&_zoce)_D`VDYi`buVR;&^4K}~@#NI?@S@O#mrn!sY?RNb% z%-i8Sh#o;YUMqBA%_nM$&O=q+V7{IG5I1t)Y`L4SwVy@5Fi)_@>wjE=&0QN<)5}qF zhj2a~nef5Y@sh`l!4@gZ({X>+_RGyW9~-YZzlEg_T-z_7g6-SrBc!=!U6UkXbPwu{ zs=Ppcc-|@BUETF9+TYNhj6W3jA#C>5;}#M}&E3fPPGrKJ>~lN!0s0A4iY6YcznYu> zS6Kd5TTAbu?KVwROzsWHXx$_sVp8Fe{{AGOB^;}A9MCQN^MXylgZtVVE7bDX-YHmK~?;{gF<7n3H?_sX( zVCj||ACa$=zh7e$-;K3hNOPa&{0+1XeTK~axQ359>DJG^@2maItr(F<=(pN%&UNHZ zl#Wb$>DDW8H*h`-O+=<&HwD+twXY*?O~|Vpk(F?4zM4!0r{}fYa+UBn@0WSORDOig z%o~KNM5OX>M~18GtsJ;l7_Qrn%;37tc{oO%<7lp^hts|%EaUt$^aI+C8dBkQq%fIl z->BN7XI)N4wTS$x{I&Ibr&ptwY`KB;yvg^O*r)IHuGiYna@z^luRwcqeOcH)8DKxV z6!zxtXJh{(_BPml&o5lN$q(+|k2_euXBTl|La2H~8vX8-FaP|WjbAgr*SdX;sEz6O z1daEO#T{FJ<-r{a*QT3fQXilO$fVnCZn|Z1{wVqY<)bN~IN3NOUOLk*Bvy6SKj?l$ zcFlj!5}ko``R+~~XF}1@#19gYqgeOMCq(3RxHg#ku(MDTmod!EFE*d#@%x{YAI}~w4yuz9D)%GTi{Pr2x|E{jf=F=Y3 zpZ>q^w>Q_3iT%ZYd-=)QzscV^ls(fjl7;$&dU=x$`w%jEMxoZpA0q8zl3 zwT$+;#+q)q&Sx+AmCm1)jFTg>Lix3j`xBE%FOz1PYwlZYK_-;u{!Ibgg#F(2=HiRa z=O(_5zqNDX|`7wLHTfb)&$JMz#+>7V+^2&aBZc&0;~G`ZQS7tA`oAZ{FATW&twpA@&<=<2c`X89Y7bAS9YR)#K5l+nn% zmsNAex#JwoO{qh9E$7AW!`Rh=c?vS6!1cHMPi#K?3g0b6n%Tn53x;VzF1#r|o~geY z!82LK&(ka$r%~3a5!tRdHqHO8>Aa8E#-sV0Hkfoj7|+IIBHZTeH)7knZ0Ox63<;(hg<^A9v=)Sn9rVGKBBV`%d(A z&ksuHx)Es*>s|L)>`Xd$M>?G+G>eg0eCJQ+41YSq8?1QGV`Jj73)^mXyw$gVOnQ+Hb|R>HHMj(xh{De>%f!6Ys^NP3JscJlgs}=R;jy*nSJ&CIhP;OIed+NKb;9R-z7;*t zKd#ugv7Z}vx*boc7m*%{d+!$3uEYG=$9?zk?oyEta;{v!+pZue^Ha>rZ zYl5w3gVMwJmxz5#f_J@J_`5%%UwnS8C)XU$HJ^n}LwcMXm*C8s>Fdph+d*+{{d!dQ z;`KsF^{e3}pBa%{#j*X^6X57_XRg%-GY-)H+5D&d%Ya)Hz&-Uaxmj>qR`BA}`rF_z zxjAsB1aKQ4CN~f6*8$uM4wG8|H@V`0@o@2Ba*N;&QQS<@`bO05Al$3@+$uU*yppbW@)||t7sa*p^}BFQI8=R|kA2%JUOX=4de)*nw!xwc^-xF7o+juGNOpGZD^ zkS`OHBXXxGL1`S0zol^qRqY!S>L@z#VIxqHdOG@XC0o>fi5gDMkHl5#xYr>(@IS>1Hl)X*o zH9o&eO6NfV>73alB8hC2Wykq8oxg`$mUJ$FbG72wbpFNXpG{+PEKNEW!JQev{p&Ef ziA^K2JAfO1bMf+AR)3S>UYO*?r+s#yY6)EP{D97vLH+SexZ@Sq=J%t0+>-KpkAQp` z`XBu|#kKkU93Qu&{5~jvTL|}wZCTTcH=BQMFM(UC`~!D{;-0|X8bjYt zl)HW035;!@;qw>JZ2qtFWllgkC!WVT2*tJeXM&GgQvR70z%77V?PxC^Z2ox?t_g?A zKZV$LQT8_f%=GzHQvO*TkbiQ{kH|BMYxB<%xMj&daslIO#j)x9p3gs>e@c_i$#9z= zHNKqTT(i&4&dgsh{y+uYt#8pxTQ(weC$s?*1KMt z&ij3Sm6XnV0@69FWkl{!T$|1(-BPx6E`;-z;@EoPG&s87sMEPL?V?;5k&3mv>$dr) zQ3>2q z-;B2U{(h4l?8Ap{L&i3P8~e?-@vc7dmIhOuZe z>tQa9$k``)>3sHQiE=C7--~ShWA3|G8x$)i@m&{m*Q(;{K6?e^@65|0a-ZVXZ}t;4&dfwFs?hvi-*4Wv*Ju=4oAm>c^-S1`&?>i)@#b;+^hpDV6Ow=L)+AJ?Yaz5s5UfOtshKz=yci-(4!%~vpg z@Ntjk8T#idRgtUs-k)xh0`fxv+>wfF^TU20x1{{gIl$k{E0`xz+)B5yZV#P?bh;I6 zt13>@OS`}sOQ^a|i6c8o~FQ@nUMQu!ep?qJ1zjrfb;)73tIJMoNn4;A-U>|#mt-af9)4|N0bLv}zs*r^l?kd50e7?Erk1u;%?3^&pwEWGS$azIkdct)UKz_)DJ5_OQepu||mXseB1;j(j)vUXRYr{LWowZ-9;hJ{l z6?fg>M$R8yUFn~8E+4z3I+Y~k8gA$N$*kl1)%C}}lYnPD;%{jKYkoS%?Exw

    RZ zu1w4G<55mz9h(r;OpN`G;IFWd%lO)qbW6@^n(a zQXO{2E2wW9MD(r_UNy*uF|`&5)#*O&UiBdX%{4dhZn zQ5gj4iJ7+(s8W7eAVkZln&VA0>=YXJ^gHn#B0fc;zZA34Ih#Or|A`ply%ZnkaCryt z?6@-kKo7QkZf)`ia>$+Cz)3mJ?h{V#HGE(0dORqUl=qY)(`hD@nt8osHzvv z$9+f=9NjX%6yytsUBv}XR~rc~f{`|A(w9XzF?K<>Ys@OygwN-f`sF|(V$GTOZMWMT zl1qI4gyrPfPm!k5`;x9*={zSD5!v^m_-&(~pP-rz_RP=_kBBV40wNM1v1)uPB~XbA zN9w~Rr?Ut7YR7zc_f$T2rl3#VO|vyJek9MXrjMJOP;euW@8}S`#f!ysm1IF+*qMDx z6l8aMO|R)yCWR;_jIk87Yd5sJ-pfTzlpHK^ZC$hP=-7PpZW zwIFSG1Qp_a6aM~^a|O|^3VjJqK$sli&Ds{Pueuw31ZgwIt-F`@Ey)*L1Y48$A!9cl zU(VzKd_+$Dx7irEujo^|4pn`_$GZmka<=F%K{|wunkZ$fBbh6-tvbw+!n75q%Ci=y z-ZDU^&M;c1hGU#~wHc1Yp-2l`x7z)ENB1tBtThY66_!4zSd_ZA*e21~ra5wDK zEiym6JD^t=4HoYf;R}ji>`-4O}BQfDmW}9%`L(Tz%Rz=!Ra4N15xgWeu5T7Ec{b%@oBE-&_N|X$6_0>&* z+$01_REPr?)9_@!j(B)aqoI*X7P(LFaOwuh1o0Tkrd%WSvHgIz{rY>5RM?jIBxN~A zmZR*D7{V@9_ro0>@TWU=TWmU@)VRn@C|J_dja~s2cus*}PR>?f^%fftPqgVF4BV2& zfw)*TcpKD$K!U-#IZSkUxc$caApQE*!ZP@(V3m%p+v<2Mzl##N5%c}^kN@#v^HhDG z-Mssx9sr@oV`xNc^8BKVdfHW&5-lO>ZR29}bv>27Y)MyFJqb?EJ{9W{TWI(oJZ)zf z68XRcD%Vti)9I|fJ-ADJRiAIsk~`$pZt)TZdRaWt;c;eSx6L?1*-VcBMkqcki}zjR3A18q?zi%p>L-mE{J_!&p1V9c*bV2}3sA;U;ZcklqU+mfy>{C8K@}>UP7MmZu za*;yuifNY_j~e*!x8-`%v;{t$s&Fp5MX|BIx2Jp};Ze3kB_$ZL#f#%MZlhE54vBcD2p(J)vF843M_&L|Q2gtQ zYkg7QlG4J(^gLPf8rddqamS2>7`t6e0T6Bn>XYwbK;h|htTaHB zCfnPFN#i}pdnJ8{ET5K;u*DFd;(qa7dfWm2qERqgdqXZaUaI>O{EE(8zYOC?JE4{`cD zpM%`4lR?}7&3U=FZFhJDpViLiarsOB)H-eyNX zjf5P_(~#Kj3d5HUau0mNVNS!QaUhsa#w+&03pwIxoSA}j%+oN<9u7O|DfHB+6_keYyU**DU~CQ`s_Y;w-_ zmQ4e*h{7?QEmk2U#x>ry!kc8P#&*S4EjFB%*Ugr8wu==OsQAO0@-5&6h(`HfRZmQ# z_1F%hdh_HZO#&7JNyDF^Z77cSh*-zx`7b|4nF>#5f=;F_5c=a*p3vBNqc^VOYFpXq zRI4r4`A{a!xej^)!(Rx@@Bv``afd%@P~2&|#9@T_`6r(V z3d2Y&omm?&2!;Xru%u-VKxX*)>YXnJS)R;0v$L(rNLzGIjkbCaGSHZ+;|{#K{)l_( zwuEhi-IZP-+k%;oA-{!sOiijpde=Aj7P8$My7L#Sv$hA2b7d0t0dr%}%kH${SnoPDlLY;f)${=wn6|zN zoJ3on4Q1%^JGKDKHHO7mCZjGde4R7)8eRQZtju}}UxMat0$EH9Q;|7B4$S<;=}aX& zWA%=r9*fQ#%obDLW71y0wudkEQ{8;4b#gz(&ajze5V?0_I%pnDH}5ZA{qpMN$D&%@ z;duF-wVi26j{6nxd)Oi>aUP;8KNNT6%9fwMZg&YNdP_{YNs9ynAfY@|{f^m0ARI+= zHjbu}9^975ftPMaIHch0sRxn`I%w%O=-?2tLG7{0%DKAkn_{Uh+>#*>Sm6ZKJYb6| zHa&%T2i&>?7;sm@kFhJHNH8G32oM)?L)`)>R#;dppRekRM_8g&<#4{+;q^C$8ng!k zEYKQ}_`Yr4BM(Mr?i`j#tB8F`-U@-aWBHupBI`x}*mP-LFcNTD7)>w~9Z^Rv`O|$) zt^WR5@Y}K1#(Ci$()fB%Uub;wmHQjB0kNWSDi~XuysEo$Vd^U8?R%f`d)2HsVH*Q= z28ti*I{+8_Z6T#*64nxN5ZZ$56b-8{K31I=415d2oSno@i$bzU`Mr+C#?Aa37wRmy zkZ>0_A2hlJ{H1=x9l{m*0cJ@LOz25E5D-WkhsU(Xp>QaOuQf96bnWVe9s2~JEKvgW zOy#FEsM+A@Q=wy;=dtE{OMa3L9bu8n*}_B)qwQgN?O8L{s#i069vpykrtCOmnx712ZfZdHD1-<{s@vEOe2|G?-Ymu0!BFB|L%! z&6R>miJ5K-m(rEb(sNDdU>2zA7WjbrsDVk^Xq732CH%>mn)P`CP!a~| zS&$Bu;8J9eS`fpd8uPJ=wAo&$vR^n`%^8CVEOyZKdQDv1B0doDm;d=o_gpV#pK);K|M-iE_w_Gl=1;>I{xbYM3i@)Uc=1y2 zl*OLD960ZbIAolR^Pt9VJc@35ihgVCJF1V8~%!KU^NV8C32^Mm^KFAGYxr zk9uNbKSJUu&O`NyeQe?64<&R*DU1DDVyJ{4*4#@J8S(+FtM=sy3;#-Zj79y;o-% zP5F#nx9$RO%4d zgrNYvTzkphQTA1QyJk>!zi8PyQ?6zI!rcc5;M*t2_m#0 zFd`xovcfII4ed3QOU+pa+$Ny7d8lE0>2~(dBg0&nTom>OpTm%wOtkhN?pT75{tnBUaFSQG3X%EZl32#zAUf z4vX#MAGp_pXM?a%#e2zicbT=`foh+Cb;8`Qw$5Dp)y7e3s;u$)3$5DZyJO@*OyL66 zcD9XZ;QwF#h->U7BA#pd>$zEg&s{v0mlyBm=Yeu$7VT1AOV-Fz;FJL!XvGCIcv!d? zBu9{<_=u7gCs#}cKv`8d$MPF;!417Q#^2?mFY7r_{oedd$@edYfSdZh!WaIKu6!zq zIk{IWb0Rbh9ZIvPC6pjsuuD?$ z+)hfy>r=SWS|h_eS(}`=r)?wLq(Bv8(g>Ema$rljCYt&%`@HF695_2H>e%~ z;pu1y<`Z2!soe;MK2}x3n}?E;LI`?;&jhhEl3^HiU)G9qTtfZbSqlt@VeUy#zMXm7 z(tE!PoFHxcuMG&EJ={>FgK3EtA=g-&)1~eRr=@t=)2wdky_+u^vj__nEgK$f#D(!# zEiNmX5B!n99bJ(^Y%h*Xnus^JSl=$i?RM@4dzVhMR%nC{4G8eh?Zw61q@wJQ($c)L zxxnL)tJ03y%@%Z}==8|U2K^%_@no}E_WD39_4OnX;g2lPWOt z79Cr<`(Cn5qu_n!FE~-_h9%Ny>g72t3FGa;RUiRkOQ4KSR zIBhb0Er_W(W%&Kr2-QZrXpp9^gf;>ZE?WarX1Vpos%fx&b7dzZYCf? zA}$%Z2a|y!K;>~P@r;P&+=cyeMYQi1^!msr=)M20qSt$inihHfk7xQZ@wKs_KEz?peG3(>(uneHI z9xR&Aumw!PhKN&IBP(dEa6KjPN)c0l3~~OSB_GJnlO^A3Jo4dn?7rv3| z%^7&^g>B)c5uUY@w~2?5DCQax1}((+73vBs1Nn#{(tT8Ap0*`-z35ksMxu!lNFO^V z;uj64tN`0|fDsXVlwRbjo`2HkR>i~+Y8+2|r?bd_7{DN%yxXnU&(nKB@)RcvdmH=Q z{&sU?c8BMP7}10XTb-mYt(fiirsU|IGkH@9M25j2Z#_2ki1r8RfO3VE(#YX+R#*tN z&InIJj+n@x!9kWS&@-k3|Z@-C_T0-ieM}T1exxt#PEs^YkA}iOK7@a zNKxwSqqw+YngSNtoU^41Eb?UDzXqv_0pb9@sQs&-Z=;M4VILcqv}5skT@dLrSu zL|UsiQV?;5TkJ*>YX7E-)m4=IhI=_x#|>Ga;qwkA7fyP~)2hU!|2)|sm%-hUVfvy! zDB-x@r|8dxeqa6U5Hhr_EitGZeE4M_V<7GPvOmxMMDCzsg+0BVIia?65s~)bbn=AO zyNT05+Rox&7ruBt0kLN1 zb(0w-nuJcyB0!?s9p63->qY=0(9VoB1ntZOgP^YA4FNl@eF)U?)`Or^L~y+I5M9Rs z4}wk+!SU8ZbR7pg2s%Xsc`g7gG@(zmSUNjN>?3MCE?&cSPw42qCp6qq+K< zfavzwB-DfW`cuFZ-cHv~LOn!m$9AUh_2z^j31&r z9TGDF^=nfo2pBu!j8Q_a$+C_iINKD4A(LS(8yTSK7(^7(qKDO3uh`!21p8PQntieF zf@CNOtJWt&Fly<64VBC93uONv%D4%OsLch{?J*6?QV8u6?*>99Lw7!?Z-^tbrB%lJ z$KVl>-3U+L;Z4Uejqu`514d|yWS^@%X7nsLV znzV$O(J>U=)HI}lb2;HI(tH1KhfYd1j6kzqc!xU-Py6E5S}mm^gcN2XOj#Kgl*#re zbURL2Msbm05^8|NPz=MC9JWh|$|pyn)`63cH9Fb8qc%v7jlGYCk{i8jcpi-(E*WS( z^~dP>8GKF+H@a5FXcwn#k|h+TGIWq+M8r9t&!HhEAKpo3O@kCeVagbl-P;QtHrP>- zJGyu!uD>M=K*g0mVK#TiRyqM1#(it2t4m>r8cjDP%jfflw#3)V>Mg#DSeGs4C(%7d z++}u;i)4+sX*iSkDB*-MB8+hC_@z5Y@f9DsI_(xe(v9_|9hBkZjPH(`N;*x`QV=sm zRYQpT%Q~nuL~Q-Vb!oRaV~==-pMfe;1fg4XD!Nn5` zc7W`W#3h35z)dQjE~wJAE11HVKJJb4zGJXZ^T^F&Uy=}xAGxdH!m*ig-fw6Xqu)Q7 z{Y^ZAVJMN`W5Rfm_X6#P;Y2O&li}?)K2wO>&qT?70O91!1qwd>;DgN{ang9{>0Lb2 zG0M~ji?H8`-q?FRhJ9{xlxqSUi4?1D3wg5`r~ExWMl~6ram?HJTRdDD%~O z3Rm$m5$MyI-eG3wvjFxJqDVdu9FY=>Ej44fEj~FjEnI!l)-V;b+WdYRNp00FI7)M# z1+XAG4ittUq#GZcBJ1Xo#~GVZwt&pxW;;3I{n#kjtH5QX>cwa-0Kz?ut7O z>iAY0Fu2^c8zHBI(U#b7W2%wR5&mN7Aouk|z-7A|0U&Rvh5&GX0UMNjm~^oyH`YQ< zOrj>izu}`G@GsXz)tbc{`r<(3iF){*4o^z>wPfS)|6A{QK&sf-PqPGJ%vVNCX->|Z zz^e~LMkeYYc!Wu2VK z8j-%U6)&!A8n=-Z0sXwALCFIS_Of-g*XCyWKQyBMR;5sZ@Q6CwAU%x{C47GRw|n)B z^Nf5qy+G3!y^xyZi<%Cx2$XQsnxzNT-wUEEZFXz=y4x0S6vV5))GM#n7{=Z!0(~7{ zXbfsu!I&bcGI|u*8t%G6(4&vMK5n<07y4bzqFYqe>{dMD&Yy-2)nADZ<8VFQkHw(b zHnWdcA1{Rg5#M+v9yW+q{yJ32Hw45tgoA9=Cu;l3ld~JFEy+pJ8uJ4_pC`UqN-YmT z@!ijNjVqu{2CjKq)w?oEuj=^i`wu0(KJT;@r{301QBS>lsy6dYAwPL+3b<_SJMwk| zsByje9r9~@h4Q!JYx%w^S4(45d~Wiyi{z$DA(o!^=;|D zfo%4HSsyYrv);GklQXm49|U&2H1##U9W|@E+vcgHZ$`8~r~igZ^W= ztO|OrL<13)_)(YTvb(Go4L^s$NSq4PIPWT4#qIEJJS>B&dG^=Uq72bUvn*e|`spP| z{m}6NPQ0^1Ux)alnBrcwBkclLe33lnQUN7P#DyOrjDTT&yxtLjcspdlZ%%#J-y~;n zy4?6(fb44hCp~SU4sG>%a7$&}Cg{MjWktMZ4t-F?;2%z_sX zaYMS51vt7YexJ^6;r#qk7-EE^$y@PbRxFKKVnUMrlVo4&N;aCKFT#28=MFE-EH~;q zWwU#%m41`D@hZtpppwU75WDLB>l&6omv{eo#KV6b`=TId?=Z;2{;(;wk1y__HTnZz z$1984DLXk^75{vOPEX|rx#RW1vf}l0X8XHSP481WMeh*n+H(EgtYC@c1D%Rqp?C;( zTOlmoA{3*RsaHv8jB&5N2tkl$!w|6M?dgo_m@VtFr$9f2Q{#8*U~crrW+fPpvooy3 z5{uZ0=ZC)HJ0-$P*Z}A$!S{5=ulz|v7ta8M+2d0lRj6X*_OH~WAz z2Y)fVAK$&9DXmAkOzH0v99pj|6WxTkDGZH#dD}G z+TF9153j8uH$N_dYMT#vhc`RRKcjR=*ZicLi>XDJ;kwRHWrux4TmBxE-@Nx~NuV%Q zSra13RUvv8P227^@T~aKn7PDo*j`~GYvIubKy-I$6J*ci5Q3G$LWSWrFjMlS{A{hO z1{aV$i^2?>d`n@XzVS5N z7?EvC;mtG?^!SL}Yj|W?9tJOGuz(>a<7ymFY!yKfk=XzIeoVg$`BCfuoT)Q*c_ITc ztXu~CShUD=4eNH@v?YD4X$+1GVE&ApolTBkC6G2GN5vI+U-`+gBw&}Ot67{~qDLfc zS^zQ?6B>y0A{5zz@9F!f&!HM3qg*FX3!m@rX+5eI;tu-BndL=Pp2CCD4iN8;`p)y@ z%&PaDodv)yPfyPdD=h437W)Jz?kiAv{)h--TKItJH;x+exAZoZ<8hTDXdmpwqFwy- zYF3qHX;@02<_Dv!Xcv#?W zc5CQaP~N0_DsM?9Qy#(PTCO|%YJuuY!N%uF`w>>`(ID+f0=mZ^{#k7(+2NWzm-jKZ zGn$;*kF2CUm zPFR$)UmJcsm(QVwP8Cpk@C88Y?jB2Su`3pZ+aY6$k@VsYAAZNf!OhcdbAy*2gZHtS zZ~!3@7(*OPZrcjM*NQobWZM+kWFMuWuqLCRSQYGA(eQS+Drd;dhy~9i9!TOMA-KiY z-jR7gq#M_T%MXpOl+7gzd2)usGooW@xgb}p=}bu_SVrv2uULL9@O_Ih4Y^JAq`tZR zkS@b;H!6Fq$=0!1TjBxZvK6oU;nlxJgqG0;52ItDhG{wtS$x>|Aa)hroou&LNEqe^ zFH6zNTBpp@#5O4GgYIcuwBbwL7552VB;0F)h7t$gI!J5E$yr4UB3{~2us$#thr3VBn(@?`VJPZLxUzhO~Eb^BvA@SU11lCMr%gFcF$RN=!#Q)|-#TCJ{*l85AdddVjG8&RQHn(%J9@hInAo?pJ4360Ii@C& z!%9Rnd~=OY1JHgoK9hwbK=}R{-f2qnFD4NLaTSg*>_LT8HKEA_&g-8}VRkhz4=%||0qPG8P5^~KtrRhj9iA)L)lcxDJgLQJT%!d> z$Mc^-slxEF)SiY`y5zfFyZV_DH$}L1_9T2 zeSa9Dq@B)@jubEn>=2m18Jg4CfQQ%W_OarQT_bVNi};7S6wAlqc4E1k>i-QMWBQf8 zmU~t0f$H6=!JgsqnP3fwPt|0h7{uu6ow0}A79UIDjd9i_o#8C7>=6gN)6lncG+lfV zBM|}DCO-c$kM@EsUDc(-u9|OU8;>2SyBy-!*BO-K)r&`*n|_M#1}d5g5J$`Cj#IS| z8?{3kQ7AY|#67?lD;NzsRH=f6kTH}mYaCcfYFUWD3MUapjgvH~njkiKxdGDb{f@&B&r< z`oKX79&cUy(jbL~k2QfepKJB&v5me~2`=Nrz7Hs`Bq1)4my7InwD?l(*OED1sw)&j zV)L;kD2M->0w{LheYx0c;!Xm6?;}8mON7 z1z0$Lf1c6EyR5%fZBs|HBVI7UzfmrZ1ud#&y9Zi@ecH*qmdzSL`yPl>`Z8#$bhkdSTj|LHp-6f!bAl%6 zNhYbw$(T}|lkp6VDqJ18B(~QekromgLjcP#e4|#oe|$t1$vJoij*`W_H8QuE2u|tl z9yW88hY--bdkGJ*r9@J+PG24DAt+3p}zuWvDh)-7C9k2COgyL>ocPLELLJi|%hh8F`WiH%Z5)U^D$bUfF!po*^4k)w$ALo6 z7vyZd2aFg_$q{Az{2N?&@4u-7`*HiI7NLxHu0uTSML}_ORwFc4i~=%5#9Y`fs#||W zNw5SYkLsbRsmvfK&|;Lzg$<-eN5vHZc!kySO@s#T8WZt>8~&pk`k)9k6;m$I)>!$c zn_DGFvIImz%<=-ua{VqSq@U+_8lB5R5Lou z$F6_Xub=5Y{a9ZA=r3O`^sl7pTPFa~gmFwpWVTdn6?lz`ayvs_0nB^>+u^Zq_%>zk zdu;5EYXC7Uh#bfMH9l%V#*fIdvb0*WLXR zPdHfCbVPtQHU8%40;Yg)Bn6y0`jv#CAmjA14)yr`FC+c9&|;Vf8{w71%L?-V{nERh zr*<0t;Y~iFH$Qa0+}>WBB(4Sl&3bx=LJ`sFwl&Xa@(NHN61!4 z1DvsDY+9cn@e>l$ujAAknHm!!c{@^zJ9DRVoG_*c$24eTt#A+g8b_*2n#5pR8T#$` z8EZByrvsWPK`qFpC&T3johQfYM{gUA72H81fka8L6^v<|a5MJgxbeN3C8*Z+W=o0W zM_M>dzurQY;?r)mxWQb$=*i>fQ6Z##=#t)IUZ1hRC&=4|*C8n-mCB~3{t9;-k2ml? z$KxN5Pg~W0jr4fNR3T_iU_v@&gPNkhz=45jkFE0>bAVXoKz=hMe}DRpSrZlVZI7e@ zGj72Hy#ZiE`Gi?8{mJl%skt00G*puhZUv7@%OjQhQLPO|CD3&G%xtuXsyB|TzJ=84 zWC#uW97DRlh7`)BZoMAA8wPx*1)Eeb>cAWNN1c2?=d!V!!(jpFVBlVAH>j?{W!y$f zc-s1*hv6#>Ngv#hxx=SisBvSz0P9-dc)p>aLvz64-iLkNfi_Tavz3N0e!nuPAK!QI zs`mQx;RNfp&+p(61Y~IPyPpt#KlFDXX$11@qEvR;c~wz3-PyDbM_e4C?O^2OYY0u=a5INM)4LzK(Zx`s;4bb<@0%Yc;2mWD2>((sFgQ<==a2nquo-{A=he}KrI2=&}&E(ORDszo63G;s#_g$%+H`YcZ2Bc!hG-+RK}mZ zC7JPOZ}n#Uc{*w~@TB=s&XI&ZgzFl5DUKG#a8qHr#bZj~z5*8e_^)|^+EY5<9gZT6-7Kq z1wHNaWtQp%w=9k-1DoklC}24CyIzXOf)8ofTU@h_5yP(IyY3!d7~MQ!reIjcij~?N z)SaW)w_)?}Nc4KWEmp?bqJ#YY(Hd+C$b8;I4!A7J^7siWrS}4&B|$1GQ4kCCjl!pK zpa5h(p^E@9hPGOBRg&XA!F`llsHGqel(^a*HtX&sy)ckMNgD|PXu+HAOUGsTu5a;0 z+8U7m9WrlGlG_~d$01wH8hLrV?FLx4Tps(l!$F1gYDA(kIBz{7*Tt0)BQ_%7f-^%zr349v%TizjIDe^H3Di+7NQ7t5V5 zU@~1UbOU>VaLGAVn~U`g&&^^0j#%0)hua0nL89O-u!Pa|Tc*q?fZA6}K#j#{iz3e0 zEwHPUk(F~SmX~uZm(lH5D8rZz5f!|7CG+fgMKc_Ff1@qc-OJ?-v7Rv~0wWrD_ z#6U-Z?e_{fypnlAyrLONymB?7Xo4D9vKAhDJuP?#2PI(lAnN>)!l>KY(z)mxLg&>Q zmd@1IE6C(NTD;sA0qIq%rvKe9E(N1NiOrL1WWZAQ&@|@XXHB2Q{i|M*` zUkHE+-G1266AbX)V7kAzWwNr_QhC{Iv5aiCOpR<%I3b%lR9x;|oN{^Ioq`$eol+V8 zVIaBLDYt?XtqBR7LRsBAU-@wS>DECdDg~q8P3K+8OCmn+hgg3 zW^I|wVEpVteNm}TRc?R8*83x^A83wJ5RQZISAtz*o47OBW09!1>y)9G2`WrZo8SmD+?LiNHGog1Z zl-Gg9Du`#x<>a%4ssx162?<}p0jl@1c>&y#84=uKHA3L6h=dT<2|q!)?Ubap z&{cdb1rlA~D?Mbmc{Oy)-;1SeRa88|v;&p(8>d`Wo0hS>b@UF6cI%9&RtQ6pki&eg z@FBlwMjF3hULdl0(In_S#X`4wow!02zi6IAzidWqzhI4R3`N2=%7#fGI0cgk3^3%+ zLefqZS_x)D*@Cp+k!o;?y^c;HXHjq=9@D^6`l@)SR#@c~dn^IjOP{j!DV9F&x{rC* zA$guTLY?CZj`u@)t@wJSU3FZ;VbIh#MG1E}_WQKS%v7RW;(*!o%f(uss^LK$36!P|j34{+B<#C#yqKti+osmto8l$#LcG>SXyE3zj$=OJ;Z*3u*3*i^jauEdM2%gZW%& z#-><_e^V~Qy(yB@tTV~ZD%O@O@-;3LB*WPVmMj7{gT^)JEN8Y{i8EU;qcU5j!rs`T zV1S5?Ibm|AM8WD#$)XrzwK+k?QaSVE7ywS!>P3;fo}Hp)9$na^k=@#JT-q(CEQ7jK ziMMgpGK*%472(VZZyrsRss>A{Ot0_ewB>B^WO=gXN?h538Go~7a-6vamNT_fny+qzO4g=flHW&&>=LP2xILzq5KNK$N}b)*%nGkdInw9) z!*Qo45gx|^h3GgIbgG6ae0aXq-xEtJ*MUoxfy^5?k*gS~*>WY`Y{5)3vSo73$QBw$ z*HL9S#^JJeQ8fyI_d1VJ>sea79vw)S76W%3&cYzLnqF-PW zfKtlA6(GzCLce|1zp2Kkew!|m(0v-fg16WD;EKTb>ChcvUhNAse*La3Z=e&ro0^iF<#stu40=vP_=23=Zoo5*kVojB(A$*HCZ)Y03JRpJ=qHJ zFkum7bqY^c$4bQ3Do4e9TW*7!8RNHQu$(=9AtxrqrF4S0SND)vd9ocnqCCNUh#LB+ z1dtDLnAp>r1god6DoUFu_QT>YId%xISb!=FwoXQo!Aoyx4Y3kukwo$(3|7O(3bB}R z#8jQ#*X0)1Ri@{HN1Q#}FU-;F1*24vU4MKT-z6KX*sMFszyYl)+(>~Wm6#v%D)KwL ziZlJ$8W=^hlZ_N}SjbN0bA{Z6yIeV{kr1<`qPvEpJ}mD!kV{A*mG^Oy4oam^KzMqe zaoRsG;6&J~ZgMEm=kVna+=uW#sqen0Sf<^$_?58;6dGD z(YM<^9o9%y`b=DgBie_>x`um9VdoAy=o0WS!}KHi-+ zTUeUGCU%IrgDwzkT`X3x{&rM|L>ma>!UmsUo0=Gjkv;VN8h;N+@aITZ2wTWhdb*9g za6d)G+7BIUI(1Vg1SP)P{2nn*_dQm49bODv93VG(NWN7`&V0+Rrfuu6yoWsVlO|_= zj!FU-hQotfi^t9}AnBJ0OH(($~1}j5~$_LvFFj@gfL&rZd+M8Txv2Kf85A zJhmz`~oeu-K(_h2v z4Yqmw-&co&i5LC{;wXj$6sn7bz8wZYKGhnA>-KuS|EW{CcjMYSyC6dtKMg2phHgD9 z_-Nvq|MS^JM^umqK>a0Pbn;zolLn=Br!{mBJ~GUM@kY1*Bfj>dj#~M@caRHn=*%<* z_lhu&ct8wCMQFw1@+ou+b;oV`JH8kW1LS{qV7s@w01o7RyF0x3SMW2wg&q84d=@%l zpY4fu)b2x23K7-xvp`K}=qk#9e%5qu4@N0r<9k~Ej?zN*|Ip_q%qBc#T5j6UVc(Wy zbOmD&Slsw{I$j>brZ)xGCzL3`M-o!`rePS%>K>v<0Y`WJGTNB*T&%w|{b3%6B+7EQ+Z>1G@N6ng7d>k21|<;sLw~@N#&KW4t|b0t zSgqlSr}#I7O@H~+!BMo;#4WKG+22Cq%7916LA-;XgI|ercx(uA!B3+qDh?Lp;w<2q z=wEN99=SREdP89ah7_UFO$T|~|9bQB17rX>JYs&CfTw?AppRGj&jWO!sZXC^X8e60 z{|YlBR8~+E@*3&k|9Jqh;vEJpa>hTogEu;HdAZ!FVO8jP#?Q_dUb#dQ97}f;hXNVg zYH2>1u1(PwtHIG(elgXQNLQsx7~V5HZ)pVka<^87lT#GsDj9>mM^R$o*)U2uDFXQ* z-^e5o9;b~DRvYL6?$~hW_!2@!#GXeAw6PDbI(&10#z-MMI7PgC3R~k*PXd84yv^nt z6PjxGJ^F<>3rZjHDH$ICg2VI|%6$We8^hX;^zc}OMLg>r`FT1nJ>mfL7>1H#Y@7{h zPbe3@fXET$(rZGLge8z^`~W-S!MD=@tF4i+3h9ktNo1-qC?5}A@Zp0Qd4&?fH%K78 z>R^5reu6yF_&Zeead+$k<_^OOmfsbBw(*4s_r(4U6*X^I_*RDL0QgqSft@dKwczIR z>gwfo7t;~;6Y+?uCYNU7=2sjutX(z)N5IT9KE>Gu%@XVeX808~39KZ)Q?HQxiamVt zqn?A<@5i`IdMGvFTmN1nHxUW)qP;lwzjr%$ijrPpv;T%$Gv8H)e9HYc>{qZ>pdKKC zM;l80Y;d9uT(+Rz&Wp$*)EO-9LF`2vn`_JmtEB{AY88jFh%iqW0m0HB5?%90T z?{|QrhwcGV1;Nn4d^(&qM_dn9uSuwfSX51vnGZ-%KJ$=;B|E!#qUR^D8rYgVJt03X z^#Stw!P+Nu)wqOdY6DMmf1jx0p}$krV&?9ZN`$8$tZ*`3EB-QNZI-@x$=@)uQbeQ> zF*JzL2>l6@pWUCj9n8_8$-Dqkd=!FSLU6P@DqhooRE{zNK=?S(h$#XOS!hK>= zl>SPj&MQN{c@=H)Gc4_!S4biiJ6{9)Pz>@z#ru33?M{ozFigF=cYV-eWFfF-BJ zL%)T!Cs>RJ?*Wax!24$X{XM>KhL1}pO2L*yH|&;MqS^Kji>uvz|GL}5vVScFzEcc7 z%Oj$GgGcffCTQC%3CfK!;M?U-@KO#;nlSe~WP>jWm87f@E=gP#GD+GfY|41a`m~&E zI@SLtTqRi>Nyn}Wt$5F-(vtBBNi;qg$;Kx`;kG-ebOK5ePe4cV3F!V_lC4<44x^&+ z&Nv$+;(ymaz~=nle<;ES=>)&~YgsVH0*r`m4M7x2axtR*rC z&^?&NYiwj0s%%@fe097CDOg<9w_RIJWkB-FvzV%l3$}{NXy=z_u~Zv#Y!y{)E#+@8 z529B%zQU17m@&d`q?tD+`T>uCMskUQrVU@3?z@Tw7!|8Ck7m9J?=HT$-+hH~z~S`t z*Pmd*hJXACk|G4ZQxlKW0aNy44;j5**x}K-gQe-+dT|HoYlr7w@MT9x^{STFC_yg# z3&&<9oL=uDGXP+% z3|@e&Qjo5aE28rtcU3jU(&~_ySs`GEgsi%;$yWYzvW^l-j~$1y&H%~#PITmuo%VQnJia03d2 zbfzNAr7nDytk}3A9&h1g*B9is`X7s%XE-|Wy_H<|j~OfGD*suZo5=|urN3Mbu&4z= z4TcL+1-KYOFv%O~nPgNXoiJ9xR zhVb>~0gfGTsjbko4JD?AtqicHZ0*H3{Ub2nz)s#D zfs0G&u-o!SK$D^V7~pO9agXQqvqPL}&r;rt8%K$?7dx=5h7831^5#3dQhorA)iFA5 zkcfHN$6eRo2ldS2zVBfRd-*V{h66Ugz(x(e-nE`j8`wV7l;jU+&f3Li4Gids)Yi^oPeKUw+hA+uh60{PcIxg-!1w}NgiE?TG)J@cBgLHB zpnx$aplx$=f+~-l6EWfiUvQ|0XHVGf0MAB|n;yhtY>HB?)b{ot*X300u(5wdmj`9! z>K3DnmKNJ&q`0du8lx+r_siX8r8_sa-L=&O1AImKxv&fr9a$(+;iy~@gQc73iwj8^ z#-Z*Oattp*JGEJvZZXJQ6!J|-Szhkp#t@qrDg-idI5Fhnc%lJBt$M6nDz>Oq>1u_| zLQ_-gVzXUZfQ&XK4118_oa>Nq&Tw3fJ70(wlmZ;-vR(iq)c)CpS*L7_>So?;2bv zX}>_z!}En`T8s}lK>jVDE*;{DP8Th?X#K=e%hvcTIgC2kUhNX=IipC&z?B1aRzK z|1EZp%`Q<`4DihZtUzDFg5~yd39p&fXp@LG2g+pduK$)_^zy6HRK@dvJ{82yH}FE? zb7_L&Q^E5eaB&{iQp_b3@+xW<%{Ay3M+XM%VzJd5y(f;=T@r}=u@laNSSghM7f;uGa=$=9LSaCv?kgZVB;^xL$ z2XX-u4h~&JE6oeb>=29|RLsDT*f#pKZ+##MTaQ&RNmQJ5CN!hikWz={xynyo6Fh_{ zr6G73MyHqlfVr*sG0ow}0b*P=^i9RwyT)uW!}Fr@PF^tL)x>Jk3f>ZhM01pU2A5`X znqa_?9ioDUF=|RdULvmE3){05@-1)^j6dtdg`lZyq3{mNFPY5Bio8ToSu*^ z&SqICnt^EMg-(9Aax;Q7^J4@~~81B4o^9HFIZ^#$`q?sd%iJ z!Wf7Omv%cxuw7|F&tjojDJYS4ZmCe#B_~+(a)&81+e~K#1*lngvukLx=q^B;okL3W z(5OO}N0m6@9v-(5jW%_gg3gY6Rxb=<2BKMG)ETvMGlDep1A=LvZRx}ulxB`dxEXlz zaGJS72Qd9aqozijX0DVY%)wWH)XbTuuUF67o(-WP4%p0RAom=crXZ!f!bA#UuUFQixsIf%jh^&rjtVNSX>BhRpQBNxC0JR6mKR{*ysP{-AEr z$*9P2IMO*a5^Z+fC(vg|E3?I4xsu{e)FwYyk1?vrWEygb*(!30vpS;f!NuicxBC4G z(q+S=Xt0}@O=YDhXjzLzL3HXuX|{`sO zR+@B@Kd)92scElnoP`j5@SKk~T|OEI8yU{=xVC#Z7H;1x8{ zu9^H)JH zRE?GL2ry8q9XQ2-il^Zs?M69AA?sz-KeP(#8jL<*0j~!`I<@2GYxhpQ0-fn=bCtpw zH?hYo_qAHShZ*wW5nsESh3T3RPSQeeHevQ*B?(2P=%Gb4FDoQ+OsMK?-9YPQpJ$*glMJ@q<>V~K1o_@)G0unZl`orAudWL;uYSZ*}+kdLcV2f zF4egk6(3;X!*rxIbHJeU^2y80N1_HERm-Eks_Oyn;Z6WrexdKNsz0mDW=Wl! zp;m;;{1DK6rEE)9^%J($RaRNGrS3jmE9=7Xgy*Z; z+)!x-^khdS_jdX3=c~fxDqVHyhE0yLc+VqET#?i(O1dt0wZRifoE$2;=J?cPn9F``MgYlsG;*-uXh5w6=T)>gPQ^DvFiti?(2+hNhRgw#2x13Ba?)Ls^)vz;9ER5?B?i<0ausL*u^x2z z6KlcJOWoK4Kw1}_ErhE`3qk7yY%jFr^qhyBys0@^CJc(KML96~=p?zOTqxVYHS*)* z2m_{-4qLBWCJiG8u)@e8+8eAaW>^)vS(La9j@p?xWN2zx(A30EB7PzBnAS{43NKjy zdh_vvY|uB|feWHXw)@_^n(1E+(#Cv-75^n)kv|az<{TEIhE1 zC#JEBP-w9I>+XJe+DhGT7HT_+6iNZ9M2<^XY1=)}*rORmM|U9(N+Tp~t60{R>8?QB zlWO|P1JyBCCZl0qOI)RT?2endg>0u4Y6RhUNK=y_?4gJuF7C)?Bp2)622AlN!a-Y_t6P^5zs2SPf!a3C6n2R=&U5WxYH4ih{G`wwoUwS*XO zB*O&{Kr&?T00hGZhh8>x@Bu`_2M0nvgm6HF!-y$@cqrjOH4Z1DNWz}o!IBIs9P)Ms zWWx)Gg*m!8!nhKyb?a>cac61irCp^3sJQzZ8!uRTnJp~2*b+X1)DB8|u^9~c)oy=c z&sz-f$J4Qa8pf)}p<6z|l;d){=_=E5IwMxYh69AUeV3j)4pFqCEqz5Q+tSz7wrs6yscWC-iN!H@`3tw$B`a_)hBO|> zFc^o5fc!v!G1!BbIiYkSL{ zZNH^MIFxXsf!=EG2C|y-B*&+tRaSi-oyv83zJQ!S{R)S2LeYs{kL6k*?69l_M2`l9 z5S|qnt(AAN zWErh#p4gEG@Or43sPa6#?_tkzzADjE?#Y^7#TXf^Z{|NB=W-UZQ#$Tfb~g z#ABgpy%AS5;F63$4VqG*08I(2@?6zxN}19$@f_-sPUbZWhFsPpGzcYugdTCjoF1yK zR2}jY8J@awe7gYrMqquHob3V~4kNJc1>J<@`OioU4^r_+eWl6#&lSAM30)xLN-g3T z44FH|xKT*_(ClJK{kwBqWPrtQu4ZW1($G9SdO`c}=-CbAeglWS#4W_37Bmr$b6Fel zAetJ9hh#jw$rlWWteHglk+u^LOxjR3>ZN7E`XIX3FlFN-Y!7Yo8Kb5{vU}HO#Z6X; zAREg#I*@g0J^;Jb;-C=PtrYUI(ELdtvfv;&w zS%B2UvN)oN8#JwEW}q>t7iks@xy*MEgjT2JrZeP1`x$b%5gi24XwcPx+#3uR%`Rbp zjA6Oa#TCb3$ecqj?#o4uzM#I1g?`89p;=Hdww@IpATA5BqF{i-0|7alQa*ab!>g3NCvheI(niKR{KD~Sh z8FmKo?k~d8uSMX-97`y7KLg?$}H$pOU!2wn!jNJ@LMKG|W- z&M~otF&B(IrbZxh_=nc)+kGVgJTI@apwXOb9wgCOySP1CBb?R0bW1J4)=bgTvZwzt zi~bwquH}g)W3zBHV>@b&xK_Mb;_ZkwQ?&H~8)K~n`_wgTZN{5`*?dKBo5e{Cpk%i+ z&SG=_f}QdCqP26;D5hs=QI>+5VGyZ+L&V(aH_az zkAMmXp95Szu$S~Fx^51mhMfUkYQVp9=hqRAj*smiGeu!79ilacV1=Y-vhB{;bR0a= za+^b>+U%PlA}OHO@t#JRDUv9(#sHu|+5>>XX>PbKOk=~qw_ZGsM5h~ndHE+4Lh@>LoG;Zd3NE^OVX#^+x%-H{#|mB06svq1d!#u zUqgb&7sutp!saZl>he6&_sik%xU9?1?h#fWMcX{>w~II5_x*6B!S9$m>EnGBzaap& zXCdj$5f#iK-gXbm)w3S{{Wf4``eA{=pza(V@gBuctgscJIhjciI+>#(*{rz4fBy?d zsoER%80&TIfB!)M;Bg=U(3K0S)|4`5en(FAu3xSl7`Fa3Ew?$?V^LST`~G}EZ}s4N z8XL%_{O`)=cF3*IE}qnL0-w73ZMQn=)^Wbr_q6X(FHnJ{Yc8H<08ZR}*wlqK5~#nw zhjtBA&=FQ9mL@t=-OK%cTle&aNA_mh)g5KjTGw`0=Gz?5c6MvJuJ|X`wg>!#W3;b7>IXP*S~-Cn8vM050W&#&yMP9chT6i<`ue)P6 zz;orB!*R0`bMg7mT`plpzvijHcZmAh?ZazE3bqy|2(LGX)pA&W-u=Goztz1?M(T7N zggKt_?9Zh26~`p@ngf#-#r=8cPkSj{y^)oEB$a9HNJz1#A-Zu$R?l&SSklV`^%DfM zkBLDrdzcsmvwtB7-ujMXbRMB=a~`ErWxc80>guVSam>vYvX4rgOm}4ghQ!x0NKBW@ zATd2JgT!<|7l}8@F~bc#)*wyS+t~~4M9Zt)5AOm1!~RRyHrlOaLU`STfCr~%Y*t^r z>LaSFC!UI2PaBHM>>#Hu!vu&3&P13>&jhf81F|=h*a^cDayKAL=xyIk#L~b_Jzjty z3Cl?wW>8MzFhg<@hZ&GZoce|pIz~O^#3$-WeOKm1?~q|0^@M32`SPGUJ)W$u`kt|2 zX}T94mC_53Mr(sdgvLXP5B)#7fw4=-;i#qZvA~$u5dQ5b5CZVGxCZ*w&^uwebl_a5dc$SbG z#vS{J*_UG=7kF|~RJDLmD@{OYIF;yH85%2vWzo4BWf58d$=U0>98W|hts^9p(iM|Q zY6W##RlT?l%OZMPyD0QhLt#?7s$!B_W=X|NVn>mtl*6JNIb{YKmscjK$1Rg~MrPLTaV}wCWZ$tClL=P{ISO*}nHlNK=z&Y8IObAmWpl|! z!MIV*Ws^%g*2)T3zD8N3F1IW~Pp>S>QAlQ#^TlKmyMi)FJyDsoqp(gR<3?uXydr?H zeo=f-H8V*)eKBcAeo4_x>WPt=^d9FD21fQBYcZK{g^;5lCopyRE8~=*X4` zO)l+ND=S?28fB5X+_DHgy|O4rA(>Im7n4cs3d$t)L}k*B!a9wN8<~~!iU7v?Me#w^ z%p~>n#iSkiB}Fr-Cq`z{dz?!c7}PjISBZdFyRW}*pA7FFNz!oxp^xKiEJ{hJT{%fBR8TcHR&3;#7@1eu;f+B zqVzSyB6XN$#v_kiCaupflh|R|abRv7)W#JdI2?%DpRSup>nn{(?653}K2u{e>-U+L zu;57G7>&t>Cx;w{c-i(#M$#2sGmps3)7~N(XY^^*&8yCe#SM9ma9mPbCo60@6|(38 zg|cW}ow5k6h|EA2Fw3NNRK%oo1!a<2QJuEMj?Cz^B6?f9EGl5VOiEW(Oj64%shCL| z8kb4#vMs6J^6r?4$$}$+90d7LQwq+qsj8Y!r?ti>blK#_N1s_PwOcbQX8F~!NCP#o zXkC7pp~vT#NgVLZq;|P>oS7T=jAMx)TpmPC(bUc)4m8K4cDa@WqKMI%90dGJm~e$~ zY{z887e$VP+|UGr9}?MQT6t_bhevKiQ)<#Ra*3UKSz*bmltt-lh(+o!%Zx`JyG&Z2 zVJ5M|vg5$qIH-*)LU1?`wLe`qlh#)nlh|Qd5`Ct|X4daBFJZxvz%d$=4Nnd^4D#~2 zKiyTn1?6P&<5GFkGfuG83g^~0O2!R)O0}v!F6~$=D|oq8vIqmMvS>ZUvM5I>nGr8w zmr3nviAn0o%A_5ob=ny>N-K8~0gUyFVuY%hN$Tl~NjvgOie^$zjLf9>IF~RmvhP@n z$%HF}90fVyzF%Wn7?)0Q%%#%G=90OUfo3=B<*~zz`t^;`PH>iJmtUNy~7Oq*kpDZ4R= zw0uk|rz)9I-D+hBR)PrKFOZ9lx{yfQVV zGinx-SM$sAGl_z zfn&7X0$jbA>ZMZ7v$ch)NiqMUo`D)T`SW^FvoW65tKp83459{((F25Vr{fZ~IrNJ+ z%*J((ua}dD*V``WKbYPBhwj^Dzx&z^@Lo}UoxAQE+-ZF{ZI^?k<~GI{28#n7e=Gy_ z#Ag?Gklxo4o-eLnk=l4IFu?e^Z^zJY6<@zna4A*sNoPJ9*o>P9*o>PF&Ke)JQ#_2JOHkF4#xq8 z_^pj+f+8}`1Vv<<6bjEY6BMRpCiGmx+~Fowt6f46ky%0zkyR2PJfnmlOq+z{Jd^CY zZ}=>SH3?_x)VYMhiD-Z!GG%}vvSb{CXUG79X~%$?XU4OOr|xiAKEM*AUJw!5V+yl5 zeCT)A0WDqOf!K2{T#W=BI>k?M_X4ECLMln}0 zE1Ou_pF4K@va~l1v@hv>Vs6v6RV(uMY9m980%m)&?Vh@wTnD!U91DOmyJ8-+Ba7*& zAO5`iHgI-wA;iO0tZm$!%3+7p(p3h9Ava{;unj%FSGy>d_z;P)pj+mjtCH-Z2VET=%l^Jy0TA4A&CB58sOU4EwIh$o!5Nh1I!N4@4k!p;6D8a2< z5Mo?%QG_||o|ePmak>4tKW_TnVR3bM-Q6!wTUMxjuVy>=5c2uLLUNQCN2r+Rgd>?a z(3|haZg&6y#XRB3xF+IOS&#vZakK4No2s5p9=fCKL_v5uLHUhXC))4S2w@K8SR1qA zou?ahWXl0M^uuv+wL7vP-@rnQY6{H$VkCUs9ah6;f9zR-&@wKo-Lw%!&F!v&%JsyM z;~oJ5sJ$C-seyNvB1Aa=Cz~}ps>fk0PYrV2KJU9(?7Ln5`}u0OIda26Aesw9CvRBi z)=FTEqmE}6opC{5N9POtH%H}3Ac^9)-NSPAjE(cd@`=HQqI=gb*GS71VXPG?&lk*C z5|T>8s4VY8?}*F%5o^#GFNV-ekmhG6eV$Hq-i zz4cryLHuF4JIbhEYU;M~)9ag=%)-hAIRmIJ@MH^5C%68mT!9{QX|aUp?~56?YGcvKK9#nH(16N z*UJG`P~L7hi8C@l^wc?s4S-CG>UU|xE}4+h^41oqCm5v;6Pvw>0mwmxP+d4_waGo_4kb`AJO!frxA}g+=*&^9!6+9%^TcD zxgi{ya6{)&ubizNPUBFAhSQt=#ilPMqym$-!4}!jW zzFr<5>sgwBjB}`0&%EI8L4E2TAO^veSJs$LDG29KYc+ls!`2W z7K~+v2^YL6SCpJPXL9FlT9rI55&$#t@u`EE0?sSzjbj*6b4e`|`ZnJ{NvPSl;RC5< z>bH2Qjs#+?kr{Cui1zv!{_X}>(-R&R5O|o2C(7~PbC>-UnVp%}i>~YIh6l!w)+pPF zPrQ}07yxf6JcjUd&+8Cl7-OeVufqTb`o9C`Fi1!)TPh1t<`ASwolPEr+d*nyqQMNy zU4v6EV3;kho4LIn8jp1*AS7m;3J8hWTl*mZte{f>m+S7g$Ia@IIrtB`00rv(S2-V` z$7T%nX@gJ@3I;lTf?Sk6uD)~6MTJ|@ygnkJh7EDS_VbfE@^Ev6LuKa+{V(2l)*g)3 zAh?LH`zv?QE=#nXXF_LK+1wmp~$85(wd3ub?`KWH4UfyzE8VAR3Wu zM9CM9$RyHz-U!4~L?ZbVDPKTECy@|T!%6;b?DyB7MDkH>eDR1(A|2|5EuJD0$)`y9 z0xCL*gm1UZxAn+^no1<2rsWH%3B^*f4M`OWJyp{RrTptp5-D%!CNVQ`DmU-^U(ct-lw{R2iFIlDt zAb5K+0Wp81xZJ;iW!q<58{sW+z%lZXlBYC}RH8BufTu8zl&!8n-RQ3R6d0ut6}LYG z`rEGmwxh*{1AnHEji5GZGlDlmzegft z9A+%kI>(>iFZbsQ_FbaRoSr6f)*^9OH*=9VBxfxWhs3N!;*glVNE|q>jtZQ!r*;{S z@*>!?$;_>m1d43OB>^_aTI=euTm4S%UEl2Paobe)QSUd01Dv4Ywy_9Ad;N^GwvqZt z1V#szf?)KkDF{X}k5&gfubPLD=!R5YjP> z+LLVY2A2z=JGc-+e{dm$4&g#DJOY;;sQcxuka}dKe+JuAVg|#T18;TEPDJz(2gw3q zh`~Gh6;d;olb^g}9I0t-~i4tabPR`~z{J-6RL%LJUx#UVf|}l!O?P192e+ z`#_up(Ax%f>8B~mg<#rb!uA!S34><{Ba5OTN=rBmvD)Hlh}IY%6L2koGK7>y%n(Nw zIztp`3=MH)!8AmXMb!{R9$rJFhBzBSH3i%dtSRz_U`-)71Y^fyJtAT!C)RX}m+I^) ztosit3*rKd_VQTYBaJ|`4ZztzFr;+ql6BU^P})tbLp{T`_tHc28%Q?Qy;s9sZfCPR z_D`GDhs{>gpTj2hhM~NjKA8^(YVp-+$kWE-0O+Npcv^;|G;=G7V!7?{-H~uR8hh&~ z&XhWY#9>GK)A>T(Rl8Qx4CXPWvkMny%eb2EQXbgN$fKsC*_=k`P`_dwMGgpA?Khy6 zE1E)w$kP0v<1&qh{^eX_QeP3%vUq3RQXjJvRjp~IX4d3#o#|7Ta^C;?Qxos(bDNI4 zz<8f?5$MUwl4vmrFRFv%bMp#Ya2@yy*V5c7hpSQjo9XG7Vr|%f@U^{6(s%=tn5v(L^-LaFh;Hx)trv|6KlRemq~QZ z=Zp7rQy})=+6N0b1Y`SV9|3<%>f)g8(^M26)^-U z`0}v)9Dx};W(v<7k|af777tI!%+kV`Df+TZaT5>b!6dmtvxvOpiW#U`8v`%tXND^{ z@y1G&n1`YTrdd2}&OU~hOfDlKH#t-W$_%@z2cj7)mBV-zwM)_==QzVWCNO8G0rfl# zA|j2p=Fl8BS8_&Fe#+X!m`FBoOM=<)6}v^1A(=zA6d-%lQ2-JQ)>4SPky;9cKTJy@ zNycayEPkJq0TYkTGMN0KSqh9fE=$5l24!h5-iR!X1KoIicum7_$6^^I$v`X(#~X#E zaOQJ&-uNrU4|njD!C{WPl1OT+yWN*~W3CiC+yPe#hdtU#0da>~c^qDf;v|-Akd=kw zjj&Qs+~HLU$BwOz?Dg9>=K3%1>;w$-hT&>QD~z9S-~QM6;>|Gd-W>}89JKo8HRYo< zE1+5*|9|dTd(3+5h&nu9;G26b^mYxp1%z(g;(3}4ECT<#Teo1*YBU1y-RsGD(p5md zg#{Vd-?DGg3L#qQ^+7X1?I6FLSRK&8A+|m;#Az390%z04#f#nvF!|gG_PfUckc~m^ zB06*KlmcYWoeDsLxl;;}H+M>*@aIk`B+1+(fW;m(~hILx_I5{Wx^N&)faPDvEz zO9m+%_S`82#GO0kad>m5B$jOMl!fEXol;QTxl;cbLI=cw+zQf3F+bsuBnIso;X~JL zDE!lG6G;SDo+cP@Z>C8Opr?~YO(4?ydlP90$jti~`*0H=_IOVU&W3>ao-A>7+P`E)(#a0H`#;Rjlx<7jW!SG z_|_Eb;q)jB8^s?c`0O+d7#%294-^-R1(B5LUB}278)t+Ckz|AdCjT5noFyR`o{b(8 z8cQ3ekHKBy@u}G-5<(G}t=X@gn(>jnq2PiD7EDoN)mstw@Ps9C`0BL5XUiA#XVn;sux?i^`RtB^>{rjUcBDrCD7*fFCqn{H`;Q2+`i84jWP*ut)XoU# zCD6CL_f&Im>uP)!g=yyAt?HhR#u)6278@XsgM34h89nwOnw5)z3%qiZjGJGJgx_j*QYyp3HlEJ#>*#v z0Ic@NTmHgHqWOUiu>YSG@TMES7M|B;`H@{!p3UrfyfPc!O@A6z-6c$;OAFsD!OQ1) zqHtqe&}~uHV@_a%@pXbjTuEbV98DTmCurjjZ08tB#}Furr!k=7Nsc;Cz~*jFzRx3I zcQ|(ITS+{Mi7AdnQ7|KE@yJNE^5_Kq>u!}z2v?5=>u>!od*-Pc3)}ecwOh|8t3ed` zu=O(HN5@;~XfFXKj7JHyrl^#|l*Xn6=IH6{2An{IpzwJ|Da`f*q+!!5eQfmDPKwmx zaV(+1<6uqp&Ol1d9fxeNb{r6lEo#tdwE6bkXw#VXIA(G_5LVPRC51(_dDTa4a@|R0 zNwBm#y2m)?(AT?)Hx!~>OHy*``HGi%c$mK)`rW+Rln?9^$|SY^s9=};USE$F%;vu~ zl59L4#}dZGI9O9m%s@(GVjOaGdUlwI14?6J5>4uc{!)CCw?v_Y&Jx9H@|85A)K#L0 z4W1IklR8QYOctY4XtR19h-xMPvMEK1OM@y3{0K@)8!g-1O5%78O(hQ4++H%UEsZ7) zJL;DmW79TjX+Ci_5m7e&%yKDhNqXgTR9=&FrqG10nSyI_%q*zXEmNSQUfE8Wf|R;s z22X8>&dH(F9Tg{|)|$LA0VZ_D1X`0X<}jtMn7|x$%C>U?QR;|kxT_sxSQkxy)0iJA zZTsAy!e!7jo0r>7w>yGsc1w6u;9*7^VY}}JIWlgX>*g$98*?Cp&Cg?_snJc5q)p93 zYG_~{4m7J@mtU7HThZ2B8VlM$H(YL)hr_OL885LK;+RiEzCUe`oBg&!*7@53F@b;X zcHOW%c5nW5T5b<7cWby?{m5VhJ<4fL$?B7TsQm5Aj*dF$UECf~j-F(~JA7|nX3_GW&05_kU00w>e5+1Bv&IkJG zboV@0G?-(1Odoi#y@_lQI7AWl{~=7%5FiRB9R-A74FiD?3OZZ;6PzRcZ8Kn(^R&#q zZV_#!5!??wJpQ^{!#hnQzb{uS$nGTQ)gt%}F*JhqUSH~F2fPT@98H5Zof;d4k0ERp zK1freh(Jl3gby`37~6b45HyEN^zU{U46~x%eY~7PTfe^^=Hchv^52ppq5(GzZEm9I zQZDjnoSC4^(bj0ssNHCl@HYHTM@Vx2lL?? zz03y#S8Mc-3Emt|qL)7!T_i*iI!Fl9Ki5QmDB?7Dlj|h<39AXL3x?>WB61rOytI6roh*H;!A~rZ+ z6c5}G7wg#Gk^%!a+#NUfn{J?vY&P8M{s1q2e1)4?$9aK2bPvlv1o(9iw-UQ~nN{9C zFXqdKhXHjUWYxbkCvDpyim+LSFikBw3MOsLAy`8@4xyk4zw2RV1}-77o158ST$@{u zQUgYSgf@&IHJLGmC$(e*ufdoRG_dE(-L5~%EIRT+TKnSP7LuB`getUk3AV}bRp3%D zD1ndP*==$pjav}>1GXs!{*Ffl@S7cfd$$5sPcfQRVNM;>S?0NXIRKr>l>^jSJvoLw zmm>$*qjBdp-fV6ha16K-FUGaGQCQvb;I{xB|H*H8mEc0xt3+>dK~5b~SFEgKv=ZAT zD{BzDW<9>dMI&>rFF1LF=XJyhmGYQEhs=XE`C$dL)cx|%4PKWA24^!yWczaw`Ks>W zwdlsBKhOAL<`~j$Hwh@Tw#xIMns>$Ui2U1H9QU`IE~W;Ja?Q zhBMul{nHaH81c_#=CE&v z70}Wamxpd>c6nfF+bg0ff5(&D>`tPH{i=J|@LP8gmOsR~2l2kBSEat}@in5m)BTsV zO}ejs`!X!Qq5XdT$JO=X{5s){h5jJBteO*F7@TvEx8hTQqlqcJ)2kM>&jv+YFkvU;?_83C zyofjQKabfJr*m3eAPrIRJ$cj zrt!JdW$@Z<=_1X|-5l05{LNubgC(-3cP8UYc*LWrm6o7IR;~eUFn9@GX!{bZ&<#qk zB9FisfQc0Nr+N6L$rsX~A}`3pHP}B5EVO(YP-ycsV9DA;cfajc#}_p3S;PEhaoZ!> zs4g0d29&=pI$ul+vV;-xe-jC)n90otd?JDV$3|cJO1hJ`Pdy6H~a18_<@T}kyx_HpjyV^ zzfbUn66|c0%KOTt+O%0)XsIPv1>uRTy7u~5FhRJ1-IvpLY0dx(G(gH*n^BkmKnG?T zz{reXPtH}4Zw^{%5DP_C8!KxtTmVuL@FKovY-hpB^5{77a*r>&l#9c@+3I(0uxE75 zw&?r1kwjvN{9)LyUM!EtVRHw$f)0zbiDd)?TZ!k+jvYLatbYOuCLy{eRK8t?a)8Lu|kZiLh8#ddL}Vl zbx!Y5Ue7KL&oJuRZZG@Y?tB6L|AEJD0DwmtwlCLf7_u;A4nRJ^PIepp6Z8|UTtM7; z4UE9Hcauf{2IZLviu&qVutu}DsG9is(-GFl7mMy+&_3#$iQ{-I4jejxzq-^iXLS+S zp6U~e+|-4T`e=Y5cF+Jv?wuZx&^28Q<(CO}^n!J_I>9(vKg(%GM{zfH>F|_Fzk7K) zKH_YC0jCuFUs5jZVPLO)<1$b~b^Gpys>HezOJLMNxHTCXVAIr>?G0Vp&--Kl0MuXs z_8+?Mkem(9n!qT(Tvcw!;%h=X@%e(|`DYiFOw>j-wXA{rm9tyk*@YpYM}yB7_2KF4 z!VgE3M#%rE#yGC`Qu8nM^sdFo2Uh)-O^6d2cs?x`Z^kzMxZLf!?Z06zvA)AbzQ^^H zhvS*iPXi+;4Vkrbqe!D1*Q?Cm=Fko50AN&W9N~feZQ&>uxoW zN5am^Wq;y0r4MwZkim0naJ#?$bOUb>cZ+u&BS<-PH{X`~dZ%;<-$7c+dO}}T7+l=; zd+pE+6iCBfU*)RbKSSfIC&=;0?dB#}s`)cyO(D$0iHg?k{AiqJt{S5ocvO3ELJ(#b zn6MJZ>D*o>H${#0F)nT8+N&AJ?YeK8x~o`!G*rA{CYFZN0r7dwRG#0K1H2&mz@X3@ zzO@xlaRxjLlTS}i&(v*FCw}?3*;cH!8g2RX>uw7Vqc%anX28QkH@qgKdd0^0xaqd{ zSNFJ>#TcXdKrq&&LDi8r5+|MN_7004T3K)+W!S7ZGOZM)%rKT%XcbE@Hi<;H zA4IHOAErsWK9o?q2U=T{>DAB*HEPJkx-*ttWpznbp-`!X|Lu0v-W;}Irs~kDyxPI3RyY>Lp8)yhuxr$OPRJYH(Ap!PSm`j3f)C^N0E{y-diJ<* zL!5wI3878EXMR*5Ua6?}9N5&dOStE}HQbPtw;JnKOH06fna8!KqP{V5!XovG&L%8i z&EU{MA~SfdFrulwPQ35}SfqCGqT8){OxE(^pND?8fZg^t_(OEnsziKtp=tFg@?-=n z0jcmUCWpP4?)!(XTfc$xgnKxbE=CF^db{oOk5MJmssxf!hg@7m_d!ZZ4N*P=uL2Ko zU?2wwJkJOB+S*{~fK+1E%n%B=c{vQr*m@fS1>Qm2!&W999BGrv0ZR6qCB6~|QY@Km zyYve+V0{5Z-y$6^flNk179`=aj-ByBMr<#`LPYq$i1+!^J366H2|b4e{gG2@1m?8c z_j|Z(054OvLJ@j57?s#t7%iHiRITMU5D_fSP1#d;P;f;gEnXQabucey_&_jo;ULFI z*#jv=yy|1ci?h1D(jZ6gQdN#3SbVM=#yk9S(`v_p7zIV?^qTI22!VdcVEW9 z)-yw3A#=}w^ZEpDa2K-cmxa3BJi#%+`09!kIKp}y zO9Yi>Y`pi+RBVDfFjXm;4ih^&ZCuN;7qZ zQ~CSCW9Id&N#QaK9w1I{VkbKU9(N@IOEdTWbj0WC=V_`kurzb=yQKoH@qw~TQ9m`0 z%78NoTAICUT;ft0Sh$ncL?CHEOtUGO4X4rQX8IgKlMj?-N)~_CSrwfRDFtm>I(PoArDB&lJZ)cj&ip ztrpXlK&A`0G(s1m;0`H%U{ru7zyxwMz?(JVE zObJ*3w%V^gAYla#9834#kITbjDtU(`HR9k{BA4yM65K8!?O<%tp49XN?|rP{xC?Ba zZ-%5@ZK?OKbB77sVwZ4BDy2eO?$EtY9$Zn2lyBT{b3d^@xy@l5O$ zoE?B`WbpC}tVu+7P^<9rLzd;ND)8FUH*mTi1X0kXaAm1rQA88!fk19@<4bzIS^Zv>=D=2#6&ue2L6#Hv zf8ju)Du`xV!^00YOPd-&#oMl};Gig-rZfhk|Fu{w{&zyRwndqNTB4lYleEG;;6;5%etm$X z601jO#;>et4>gzRYk`uRkz^t^UkVOWILAXB3-E?yzwKuM!?RO|qtW6Y06C*3S>cGK z(ocG#oQ;(%#8N94fz7VVnn1|nRGG+yoss8k(5+z8G=7_WY07Ow1DK%yQS9c1p%q#% zZT);27q(n3G-Q z#JVSq9>lHfvnKk@FN+klkQ=%eiE%8dW}McS=8Do2;CVZi03K$eY8AGva|uy}JfH6G zX+8M!?hX zV!MfxRYsmE@#{<;%M7bkWh<>6OsiB^&ZYxWyE%)H zhZpq3$&2Og8Fo1Jb^|WuMHsb&wyw?7e!F<{ecum9x;ms@2$>9lE#b6AyHF4v?q&#K z;d%E=_Y?L0lBibbU~+;^`5mjh#m&SawnAR!TJQc|#iq*D)QOdY3VO8#U9xgg_*R=) zda3py;6@ko%c3WjkjkXj>Ri#`u*3(9INqjxh5+DJDZT_I0;oF(IyKvU?B!)>@bV{@ z-I!62&J!937tw{{jHwE|B*rTlKt++>T80z#7(+ps3&U?!VZ|sF{Q_Gi@Gdq!>@~iN zt#H4fkw!x$*oS2^k^o)@!<6^S{pRojU$;2GnEZq5zVRz8WCeda4nq4cN0U zlSahDNw=kHoNSY-MuG7TE_+A(n*%X}T7Z$)u$Q^n#yXY)FK*ib_xYmShY=%Y!slzz zv^=gmWhIt1wggo)!mRbp6FOODuA#u*p!pNg69Jz_PiMhN8+CYx$`UvLi`ll(ht3#=lYT^QDf-1d=DV}t%pLffr%?jx3v8WlufbX%QMR~><038zs9 zl;%n}hebPnE)w~b*(=^fI>*lSM1Ey;k#Ry(yr>op+_hAGbvkSvAA4M9;wXhl=~t_- zPjl+4CGjhw6Z4#E>If#4)VEE?ub{4aI={-wzTGEs?-6r!!lHAlL@vdloCX)HZeUt9 zzXd9m)i`6iB8?j}cKdv?LzCJ?$WvuD4)TP0aKq&i&bdTpY5pOkiD>wwdS-7T�Kt z3{q-Eq$50V_bqXdAt9rt`uWrKrP^z&SC1x*o&=!Uv?9R|llP>?BDM9BSI2dt!HBO? zjafBmAUtJIQ!eNF4iwx{z?)@RMBBblfpAA?y@0XBUwrAVw3La5{qc3=WPoHfh9hzVN2+T^qFL0|koJVpOOLJH4{+3PX zXR2=TSU<3oQ)7VI@#x8-A0A$Oe}S>}#Sx;};U1p*pascDfzxh-H}hWHZPuH`yT1SZ zwEuM4;XX?U6)9ON1?PeR_IB97z;8>~=73)Xxb5$=Wp#K9%N)AZX;4xPr){@*4M#lT z0%{MpHwSfUKBVx(gV7WuQ#@|)zT|dE8RNt9VGXp8okR~y!yDelGI*zP17}d-WrK)5 zLqe37j#8EQ32Iobzv7i(IfI{WA=%2rDPrtJiW%kN;{$MtY3Sg}Z#TT6^TzOGSO0c< zIy|!JpefMV!B7=mZ6;s4q=L;3BImJ+Imcrl?ZIm}tnsw(?TzLvhYl%=ZlXuU?&sYB z!Zcf%ir6qf=b^J)CX%6Oj%O{$Jv$ z)~tB&J{Wm;_Y3qmrjTH(Z3Tj{keg|%zmOF~Y#zQgqSW#w!Rzb>Epzu%VdwGgFZ zcX;(3^CUd&)n)dqWmHFtgNhGtFH6vF;lCA2BL_5EDL99X4e*Q+bhlNUL}ddWUxjoEcYJXwAqySu?0WCu%T3V(pK+rOraCH zWW^@FO*kud3XYPVP>7rE;R$BUW%hJ;@C9Q?xwLW=NM3dtc2&K{x<@V5_unY><i+>?UH~S^7{S}DJ==b-{p3?7^D4e)KZu+`JU`I%m5yq*& zjF4a6L)b6X(B>pZ*I-LKqPeW{8GL9J&7^^{f*^jLUz|2vyKpQ4^WpRSU@ z1H4NG8I88^8YA50QDd-@4yOwpyYBd6v)(OX;c^cx@f|I&#M)n`Af-8RJUv(R2cN}g z(L|B63-B^L-*yg}I6tc;r$o{1@~+#`o`BuDiSdWClyWJj-u=+8AgN}e*0T$$SM|DU zb(1(&tyd1ah8n!cI)zo92M7h#TYs^tmxt9R7&2KDbbL6q^zUF`VZY-T92S{g!D?KB z;jjA8)63m@GRLqmjyex`UwCtmDG_7LQiUrxMD@@QK^ajZkM$6M8A|M!Hys zOUIV<*94QE?k7u07SE^#x4*7WyJuW4O(I%9H&pM?pA*HkS>D5|jrW@{Qrr5e)IT9% zB5p?)kg$^sMod1==J5B;uzXq;>cq|`DdirNV0P_d#)kx)`&7eFz^^xOyd)vY({i1X zK;`#N(5a6(WEe_7xO6+NSe&=|nih|QcUzjQq{b-FfcBF`W?K+ub;a;+3umIf_FgiC z+2(fkA7X}~#*nidj0H_xHIS3`{dhd?U*P{9PRB!JTLF2;&p*6)+`~c}B@?jkkOo}2 z<<2f1Va5sxC^y}9eTxryz`8iBc2CXiQ|U7_ngW{f`{nnWXejjQ-YBN@1E>1LR2a-$ z5@lSfr;M)(|9v@Jg>%DDKdR&vK6Dyux-JLKLym{X{-DyH{kW~?h9VM!o-m2$I>nbuC>gr0570`q*GIjIyY()JkBF(muIx3fbR*?Eczb0Ccih7|H`pm-POQy{G&@*kAUINPJ@zLYWZ zGCp+2Pkn#X9o~oNRK{%pYKM(OvFpCU$gUgU)J7TpC9OtkZfbNA8&XjS`v^I(!{zhP zYh%O*8qDRD7Ngs&Z+mKFdD5D3I@!$(CbF{&Gjo9LvT!_M=+YA%*Q`!}$@719;S@bz z)Qv&{qME_ASBrLpI#KrUoCOXD)f80Gz(EsyUnA3Ge5!a+TxPq37GiHdMgbvjyvpI< z@5%!^go1s`ih?UZtthsqL7~!KMe+3s)~0avNew2e=^n?q66(65CWnG7Q$g|;mR~yR zRI-s^@pij>I4tP;Roo&3q-0yDKN3#9a7z{{Mdmany-)VKyF1}a5HTl%lUxom&em!4 z4|-1#U`OJRq>5==7=}ZV+uXpyZ~!H@{X=C*7yy6jPKS;di7W_H1i@tsDlnv0)PrJW zS=7M$lTkq?UIdk=MsJSvdINP%r3vm)SVm;AayCTIn==rzofa@ry#00G>`7><=x)Vft@zj~ck#1uMJmQ)MP z0$-as5Lv1uWWIBYVHf?9-dBj4Y*LzHb2avd)03&Knnn{;mxs9i+VoP%7&MUsc1k+% zuwrG#1Z3EgZ$h66z{MtUf84L*$?oaTEI zp9EU#^|0xoc?6r8BWI*FmntPa#{JqhMk>{yDLlj2^%6QDh>QBVYSaftV_6?h!IC@% zo8tk7CJX%O=2n@3gKUYi&@fSf{sdkZgWDbj^hr^sFDB_r4oQ5O?%G93Nd`ObaGDV| zm!CFz;L2n*MV{wWIl)+SnmtbwoA3m znCW?^gsMJTcVyAg5K|Fn=!^m}JYe1Q@9g5OGeY!;$|{FNYo$tj0X8=e8RLZ|QS(RG z5-C^XaYds1C?QI$L63XTG<;VAk##aIF%oSKm*I^j6U^O0?|!>U@%$BM4Zp#~GN#rmLKof}8|%|U#KIDgDMk8DX+;;h zdR+j^EE$4h>pmLq?wcjQMMte+NYARI3b_=q@Fy>crx@Ge*&1kSsG2b?b& z0+*cz9=x6O{uM*=kO-Tov42WI(W;@(4h6x5ezpS@z400*( z_|x+=ybfrlc&YIR#mh?Z2ns>VFI!^8E+3WqL#HSM)e){_M_WNk(Y8QA1!K7qqt1d< zSpi;Q7P6y+gv&YD1>xM1B_`apuCjc7X&!c2LKnRtqF1!Uhr8THgUhm@5fVWyj>sj? zo>Z9f@JYdfrl#dff|%aFQdL3m(qJ(t&SZw6QLmzuHoZaxP5Nc?a{6UULfSREN|lG@ zx%dn%`cZ9bL`a_0Q;>XGzQmTZNLVTRl!9MJS@N)! zg5ZEPb4%Ncu=~k#SXw&Ixd+>^Yc`2wx_1XW@P-xo-D$MajU-<&AuC zBt9KC@bn~I$9SzDQi9f4Nw?m7tuG9V1BVXA<&fdlU8{*!weR5Z)ob`)3LaA#;+t%* zx`)jUml7_w85zkE1f|yS1j{39IP{{HiqrwDDBm`X zoTYeNLSlgS)5kvDK@Pk8OrWezm9#ohde2eYVNlG1fdqo zz#G!=*76i&T2LM7pO$=mdfI>L4v-l0&_#eqH&d#!i%AWbqQ8$~L<Lu$B-1_<1cACe3(&&9iQR?jF{( zFohq4HKiG2I~vv$UEUQ(ch`85Y$n7Nydt_g?Pui@&XRARU*5q>(X+y00MjGES(Lef z5yca%>bcXznY7xUjt_7l`;UM&T$`1wnK_;r)^MxVWoF{_fzDRV1hxk=%>)Hjha}A3 zpeH{L{TBDlKXv~)!F`OG@K*}hq{W2nimc!fki&Ii7+H6a(BYa11cv~h@MHiUzXthE zz-Cn}dF3sxX^y`5&p*Xx%pH@1e7%%%=4n%cOp|ZpjcIE+#=H znEf*y9ZSw#>~Lfk_y$ZU~u@A?-StsoN%>bBH>!=QQEyt(GObQiJ^;%$9E9 zaEx3ls*kU&dyG;+sClGjEoTFCI~m9|Gv!YWn&AwOvxN-+jE`fQSv8SY4F{XyAiu@- z*@!JSvNW97hNlKYlHtJEnZt78?+g)O;=(9>c0r-{zfb*f3H@)k+`@(WZO0#b?9eeV z*X%cw1cfnh(Zo;7=ezFZ`kyD}7-BP}7mNf9O21=wA0sJqB?RsY-gLv)ZqOcoYgPh^ zCJck>&FK!8u8MSHK-?T)xdAI*vpe3+0Uq-@c3WJ>;8Q~$tEkLo(TTH=ltNnJ@)fON zT|O>%AK?K5hGxI3tobmDDI3NYw%{+eV2TofylrX%4G07|v(CGdKHXu%T zq`bb3suAA#;s?sk~hNeRmHpcJ=+3t5t%dab`XVWBJOpXTJ2{A3n= z5)#|j(y@u~1Rj{Oi-R{Km#U*v(d0n5^LXbJ_s3bRG{yaCeq07346xuqhp%d>FGWW? z&@i?r1W3D;2Su;+nsV!eL@((O?7CYAPbYXo>FJK!L z2XnMt46kbcX}>%^zQ9D)_!l@j@$!z-jls562hTnY@HkOD4>;NS<@Waahy3vo>-;Nt zEeS?!ASX2$MTI_jcwGM8;rW8v#*dSa!}D&1E$_|Ono*$H%7;1m?dA1n=yPs2PaVvY zi{jde4qU&aeba7@Pbxsh>qAd3lhn2!(3Xl4*L}~hG@R3+tNTh_l%XScw#RDQ23Pcs z`c@8Hq7`79NQX3|XZRI!m@uSue1ke#%(l=#{-15+f8oSB-?P>5<3HN!|9{)aIlX>_ z`=3}{NCbd0nu(DASDW;lF;aW1hqf7bq^VS-d z`2rULRxaTbUWpmk+K#F5C4<^Q!VD0j6dz0&pb?>c;6tbci z&Ok4)9xYhst13IC143@uV7m~CXFV^9k{0Dg_!(pP{b}0>Ln8tf7sdtQFd(F}!Shfz zP0k3Rm+#5s!FqcR09XQeR-oGP#Hk!&Nn3O3aEu&9?I6s9;_ODV7&^l18VwtkBe@dh z&HX(-68^PQQt8Av!p=!SI+CgB4@*AJ@{e@Xp=#*ic6XzYf*sM37$)jWx4om+y>XUK zv+Y*F?bW(gAkle(h$Re8>$F1I)kA9t_z|>*m>)x9O@V{%@&9MZz=h?xAd7;sDGDf{ zfFl9|BA_B7s60iK_le4)KHN~={~vKr-ncg-;%*Vw`M#g^`$gT%n-S-nI9r_9H9YQ6 zZ!1N;!Xyloww4LY(Bxp*z;s+^h_t|-qmcl$t)Ld0xty{&w1=DyLAk^(21P5|W;sp+gw4hYzR zQ5ps>Z3Da_q}m$J-lsD2vy~TBWkv?ij4oYz_)RUxQ(hJZvs0VR$_F*g%+1C%?IbE; zG#J71K&zv!<-({laaDkJz3Thup1fXe(n5!Gz+8fL2Oz?)92mv?7P`y!M{Oi+PR|@f zTdQn0J|OIAH$ISuV)UY$^9Nx9b^z7xKj#_(4P)LFZOiEbxVCkJXHhpPgo4vnsde>) zsxZvTLu=9(71h$zHS3Em!U$8lhFz@m9#GYd(er?u;W@!OI%+kHB6lHe7tr+ zUEtDCf~txfsIIv}e34HYNLxNBdTNPXH;CL@tvOPAVO*{%O}fT~C}a+zEiW3*fryr* zy8v6p3wmpE+o;2Y(v~d&CaZ)+2B=y(ms6QGeR?6J?xM+p%BkXQ`HJ;gZHxXS|CTUi1-9n@%A_C3?VO+JvUMzXRU}wSG*Yk3uT)SfD^EG zH&kFFclngcIb&b0@R1=d*{M-@B)3!6D}%+zn%o-2uxMhM9Kv$*v;7GyzD7xG0N{>E zC`XM#iY*+p-K!5$D>Iyoq3dHVl}^WduSaiREr_py`h0&nSmTnq8fENAl`E|?9OMC0 zXQT@|-7jCEtZLK%ca^V`aq0TN8YPveHj;^+YGh+4RmkzkAKJgeSMj z#w*O%V&bp1qS-)j{;n45GAimXkI2eO4T!$t{t-Vb2na?y;O%L()W}$^*B{JIwb?{_ z1_F|$#kF`UJw^-?p|d#OVA2T2q4B6rgO*jlc4U$jJ*#&QPfv}8bv6)X0Mr1>XjcCe zfeZv9B%Y32-R)*Yb!616Xp$Zz+psiT7!wVJsJeUxlwvLO2hI;$ADCCJx|&~!@)FL1zs%QWY1j@#wm3KRt+f@0h}9M zn$$Wa3IJxwv#9$MkW%N!0?QsvaXgw-IdITL4j8S{4{h zw8jD^m3!HF!JwQn|wB8XOm8lt*{u5MspPpk|L^PCo!JL~IR2js3KP zqNnj1SW#M;8s?LhNYAjZ?f|7+6RAttMpHjhxS70-(hY@eKxisy0Z|b1BYVBxqa8N| zp|)Ig;u7rnK6bmVC6ndJcz3iu8J{1F)XgyJGGc2WYb$|B_Q397=;`6jOJNi*;fWRp zQp8ou8T4U*XL5Rg`S(d$cyCXAs8h!b25u?`tU6^Yh4~m)9S^Zvad~|-E#atS#fYjt ze8WY|JT#ON3V59>5?loUy*N-cl-0EYjCdNg{+*9*RpyByt zPJJd^L+vVHw^Ll(gNtX5ovv3(&1O}c$;wr6tv|xCPF&=5upUPCk8yC;v|@iMk8}&? zpNht?7?VLaAbim`)v0SqT)&{4hL=}isl#ZU3TCxHE zHxD9tf{k;(-8{F?1xco5%t6e?B|&T<^BS@DPGE7umV2JkTISqnyFn?QaOBd-0vg`p z4&wIKq;6iU398ac8Rz&cqcy_aKoiwXI+z_N=&GKzsK7XTFui@Rbj3v(7`?)+H5hfn zqC@vytlbP03J%FYm>naE}C?CsRlrO zmev5=$=&Vq?k;HqfD}r=ibL$1xYIa@s8d*hYJ{uTy15) zIUvoYnFABBT21Abqo=vxa$wq9*mq(-*(>cR;RXXFR4cuh!)T)sb0F{ewWXgJ=)ERZoJw8N?Q)k*&nd3W>?$4>i~!v#dtgeU$b3T=t=tyS>B zZdxusx|Gev?d`QyWOJO^gxhrP$4zPIQE`*n<^%U`dfRwE7gw9RiX22ejv83_0yL21 zO>jY#Q~(E)xd03%Z~@p{+NnQRGj{F8oQKw2zKd|$3N{b1jYRX1+K4g_$tT1462ZC4 zFIkypDX?eXP))XDRVmM+m|PsJCHiCqtwpZ3uMCui5dzYIVSnwy5C?lUA_ehLLn5#< zC!I^cTEd1fuu_h*Y=@2}BVHyk#^T)(_R`m=38>J5NUy@%7^uTL-P@Qfg2A4o!`nNv zD=j37&}?Y(fU|tq?bw8xoW>o(jTpPbrXo^n6oQyM;=t)8&GYmjSJII$9M%p=-5h%TKP%#;V&^1H$(D z*|9LCcG;Af=t7^`9>6-G+`H#{I46HuZza^rezE0n8CJA|8{p*-y1JNfl#AX>uO?-2 z9ZT(c;$#Q4Y;r!5*93$nq7{f#Uj5;QTEN|`Dw>Y@SaOr99ORx&T-;T^Y#%4Soo&GX z(RjSGG8kRh+tYhb9V>V(et6HmtZcPq@0q2ko*R{~*Gq2dRmW*}N!52jWEAA|t_gsg z)-CZ&ndMpk{3TwQIl;CF#Z5GjkjrsyKzC-q#tbY*a{hb_`#jvgDs#C|BO#nhcgZwqt(j&s2dPuKc89!|*B1?w2cchaKw?w#(BaOaRSlRnnb`SXT4 z_0j)xIvnHAbaIRqKbd&g0%gEOPguZlFu@WcCp4uk?w|ER^X}i(7OFD#DjZTRF}(ss za6Vk$R#rEu*O^+uR z>EjL#afnRqQnUvJpmIsj23rNqIMSTPRH=HP(!pY&EcMCpa-w zhP^AuGGAF$`ZVknKH=QXI&_!kh}H(vU%$x4tVz-1#Mwwty5xafoFOo4MD+@KILQId zJ=Cu785m8Y>hd7DQKRaf9naJztlG5ln8)2&(voD}Ptk-^XsvJqQ^lg&{ma$uAiGqr zHcM1HeCj;h+r>Ul;jCJ*6N3>rdHr~IB3?$nX)d-75yMMCjM2(>?l}QgBSRrvF>mppgC(E9FNt$DC zZ<1`dXfm@ML6oBoHMin4bMB5jAU7sSQja?JV;nrBvW<4Avdpw8H}(w5JahN=#T zX+1PR)y;C@F65jf+vAItc3KP9nz;Ov56!O8)i7KcsDE;4ecX7=uf1wkJ>^Ytk@R-;sB zz`0PKSG~Dfgjpk53t5hM)0Pv?lyg=tB6EB>fjOYTj=P=9WrpQc0$Sz>4RIo_NSCo% zxt&A5ovaV~9yeit#V8YX1Lt9095}j27S3JlPk_KS5MaqnlXP)o9Xf7UuOlvyTrMd2 zL-nlu;V2P~*5Sw(4{Gi4Oow4YpOC#vr#?>XUfyf|?jY(c16HR)@w+)4=DMn*e^n06 z=^l(c{-D+u&g!$p{5}eEq5a2SSb;$>ZBU^ow|m0Z2#H} z*CL$tsywp!y8>8eFkY*i#a{=glZI3=+am951K?1wVu!VHLACyXBk79}lwc8@sHZkR zoQPr@R(9p|*SY|iora1;l=m+Ru+^%KiojJ~KjqulmpvY>_i!5F8n2GB`f|zS_eD5B zXgnzgmSyvUQxIQwh@(Pu;!$ zd9IR>v#LKr>YHF7UdS8=$Ie% z4FlyedOTJkpWA8WGAh4iEC{i31AXAbJU`1-Pqh|L<-lr|Z0x8EtnOg?drXR1bm?VG zGBSFZl*{L1l990zlax5!98y2q*<(L#Ug7VRKuw$3^5$Zm(c5Z6HKau@2We#0Ky zT=QeqHdXO?hsSngK32b8I(SeHyuT3_QDGnjtheRO7Exf~9oCHW5I>$9o#$|i`*4qW z+-aQM3{StYJDgq`AnG9yLGQq8rE%`NY?Q(!tgQ*uv{HL}{)4~mW%ODd+=_?L3In+q zl;YJo&cl>_K;)!WX+EnHu2&W5a(PUmnbkVLZW2LWW5lU#J-8 z&TWxZ%6FwAXI*z7Q!#i!!Up?`>DkE*u;`9yD&q#_eJcm;3IUyOg04BCdJzozTnKWf zY8a=w_UW?qMVRWl``!UNZ@ee0qey?zuq)TDyzD$~bMU7k1lP^GcKT`4?nBPJWg5_% zVk>i?mYQ;81S&)TZZq+hYk-x;qHg1=h4a|x;`oBcLs`f?n#@k=Yg@32e0>);&(y-W zSiC`H9YEMKbZDgMYWPvI&+@d;o>EZHCwBkI{jqgk5*tdCTmiycLBAwnn_7JXH-jx`o1pc#f(mI7Bf2i z$l4YzhB(KwdUYj_aeeDr!c%UYjPsT8t11j1!9t2qE1A<)&*ldM^qp_?Jr>O&av9vz>GrVmdqL z@Nap)wcWpRKH0y6sn|n$xjL3;a!V-unaAPgVQBS}{zsV>EXG#|8r2;WzMf0gIh5S` z&~ddRF>Ned?y;2GI`T#jc6j9o?&QYW@8bump-g)l?Rt5sksCm&AxC>w9#xr|X%wi# z7_8pF{98R#aLou!hmXfbz6o}#RMOb80N$+1V6-;j$+WoQ2sh|BM-dnTr-A2Q>;m*g z%Q*K|-`H8w)5!p0I43LL)<6k2A)}yc7rKVSu9kg zXn*~2yVKd}J{FyM%rHX*rd3jitOTrZ|4`lMTL}T~Ou>j>naX8NAI4j?a&lBti?^(B z&Pf#TDOI>%70%fT-nVH%XYVBEh4ZW_)7ne~Hd3#4-tn1Z&y4h9gvQ>B8%GSzu% zEm?`F_L9x&sOYUE5i3?_2hxl;4M^p)mGJ2{9IunFiSI*)B!`Tc|=h#P|estHwRidmu#d6c#H7xO) zVru5hY1d7aut#sPGMo}nrX0i;+KQ|+8%w1_x=Z5V%5vJCPS^=?|EIuFefUmP9rGyV2@hAriUo~8PWUVI@*jd7eyIP#i|Ol z`B{p&u&o2?dM>PVz_5}FZ!upvRHI2%ON1REBmoz)`eEbxRdp5mdwF{tC?y`Ebj5$r} zKLRPGKVQJ#)6Ed{u@nJwC+fu6(qW?D*l&Pku7hTI<2i0fUD(`#OCesT8fqE zx}`)aT7PusFV~=YXA%xNlmrD9tVX#8SkaB#uP5!@>T5xo6>EkwH(*j1bFOd${OJEr z)lH}sM!79@hliJ#5*?E@y#d%&2P`DTBGrp0rkg8+$0r<#)RT|B^9fD^a`qma#rhiv zqCCh}u;IG_GJ7#EGG2WSKEmHjbOl{hsT+u$HN~9q4r1x4UyhQ?g=3AQgk-e;iY`Se zBHBaPUa8T#0OF41k{qnHtMqJ)4h~G&^*aaEpbA`#TKM$2d*Lj?w zqLIhx`i(r!p(CBgRec?K(~OgeHiwefd(XbdjR&I|1<>R?q)@^|j6UwnAMpYl<5rV^ zD&YL`kdpy<4l6lv<9LEb*#+00yDA3CLsPG@Ov}+M6!GIii=YvdLq3yiVv%sdvtT&U zSYBX~7AVg--}vnqqShqRWoZ)pb;@`S`%9_yT#t-UbI6K~RLlhPh7}YY z#(n+Sv!}0_mnkPN;mT{zOo-HaO2gKxKy(8~wptfb!+gLQ-})3E6VMq?$6|sceLJFs;Yid*yU_fXqdGs&t_%&i_+tqtI3!_W+h8WGghTi z&(T){o#m|xeXZhHtH>}L?2_RZf?!X%g$LlWU&aFOrNZ6N4^O#UytoV~*6T^?&ZM`fOe@J2Mt7rCwU# zji{D)5^V1%w}@rcdB8#&z1By^>|ZaQ*R~2qhK1NsylfS!=FC9bMAJ^$=>sJMWSWCy8 z9ycA2I1=95)Hg^Zr~A%38@W^sJx9!vV@mh*csN+|PhVZZQECWt2(kPIXn69E9B8zjPa;Fv6>vc;olJK_;i#WXYXU$&b+VX`;#bM3v$AJlC^sf>R>Dy|z%lxc7hr3g2ba;mk zHyxu>wLPAx?M!YRHA`Rvlk<)~$bTVgNuBhtV|GBKm1eoe%|qcf)*h2G&eZEquFTUk zUr9E0bj^cdtc2l;5H-DBno&i2^VP_u*;PM!Qkref?9!Zw&(mYUj3aTZRT}b$7H)|w z%V<^!j8FUJWu^4$Em=xcmV06UP$^Z@HMPi1FK%+Fz@B}sl_!{?_bol~74$E4*|Tqb zGTu?^p7!><%b(`?(rjfsB1e@XlyApkU)Z*Crb?|H1=CuW5vhjQS5(`eh8oNA>o&bc z0qsxqIG{Ses|zRZ8eLyl-11B^V5*eN&*~9kkL+8 z^p;%zq-KWZZnccDX?{0qPiI?q)UMjtF6Er8TN+O)>5~jMmcqrbMyeBq32cl(a!ylU z9424Ro;q~OQc;YP&&Iq}lf0TPUl?Jx%`yj9uI!vg8>vn-RqJ}Kn<}c6b~bX=ik~Kl z=|!21YoLIfNj7+fNn;@1tFFD3!QH*ds@CvT$+)W6tiP^K`j-g(=p&A~=eMPxRaSK{ z)MbDgNxx6sQl%8BxMk7oz17rZFzDmG99C^47f|n5ucy3-9nRNk(g=G*l?Z&0KG$PEk zZSUX?v$OCHRg3V3iOU$8o=ms6nFiN&;j78gy0o6onR7;QT{xyOHiz=?hd+Gv+-O@@ zuT8ZGDCJUXFuVz|Ef77E(2g;O^oh#nMygpbDYC2Ao_%V{8JBLR?pmw28%$l9V=V&% zElk-R!?=I*$^p*FWOfPbJ6l58FH807(IO7DUa8finEpO6!69dpRdgLDwBe+`y?VX6 z>H!f{J#c&WahhJkGr;LcmL2X<10H)pa;Tv$m5NmuU8-BReB{!w^rDljrm-pVcCIc3 z(#FrFAX+*(14?5LXToUa-V6xMe47EFokvnCi6P~BN~Nq9ZT@UB9-<*#UD?{5ts~lQ zYQAOgWHhTDm8x!-i?3H|Wwt&TvoE`vuHTrCSha<7c(l9S#scP)HIA|j2u|z{E7vvB;@;)U~f77=7$}J=;>2jg>p~ zN+~a+>VS}g(T4uqD&$Zg3}|g44pl2G@~T%Wma1E(BwV6rZ`3m?jhNIdO1=7((8|zG zrmlhmjzR8xYA!If*?e3*z#f@p>siBroKMk(1KC^!e05Jp-s_r{A7n$}mjIp5#Ma}f z;fW>I!6ZqjASDCYG}K_NUH-L|i*f;NsGHhDxqvp;&T_bo{ga#6h8kK%Ya8!mC$^1q zazJb-f482hfrn0t|;DS?x2>ea~&OkF@w57?@v23-fxkqsu-shkyrj2|}vq^i-37Toi$xT`?q zM~3Q9QeVPWx0jD;_V$8Wa}hY(;CiyJM03EVU3;M--Ay8rN|Xm{D2f!-ZZ0X1i8C0%3I+nSD-c6Hfm)PJ&5pP|x(~0}a4j1xFLTMi$rc=^>x&JBEGw!=0`E9B0~1Le?`lgrL0BpMh!u+8+$GgI%Q? z8304dFqh)A!%!ZYwu6tJ=k?>MZSl0~iM0lvE*VT!DGrZNha*^tec%fJk8q|(R5T0^ zaTXPJ9Iag0K0h9IgzWHToOn2eRYt?Ne>j{Y(ZT=p)P^snZmk^0ag3vK`8WitRkh}H z2XtABFa!9iMWDf)lmqk`=kAE=2EGV7kXu>=3|r0&thMr4;m=?Cd$YGH>QLM0X;2U3RxxKM@mE{T^Agw%puxHdo4VsXcOjsAI_ z#9$gwpj5#PA^!s0K+-Qjh3wTEo=o4Wt#H6~pIuQ^a2q^6Vlp3@Uu8M-dpa_2zS^m` ztS1BR9Gee8L<{zE(xT^F2o#h4meVD!E#>wZ(cs89Dc@4vS`@Fxn39DgQF!B79}pa0 z`O1bUD7&p<$y$jBHOw}MG`6W}!SUD}k$zXUSf)b#Y9K3FQWF+g5cRB4IpS-lo3)U& zSIm0oN|yRmkX>P&&Wcq@*`73MHG6X1UAcQ#*CQw-<$0ZPlb|b7tG|~6#(Ilsp`yCz z-X23T#>70?{!p?5wZip0gDO*`6@VTdt&P_)d7aI&Rh`Ce1bjYd(~2WF<#Y}xotnnc z>eWY_Jf!CMkUKjG_Hj5UOx{%j#CYRXDT&s^w)#3Gyv&0s%tIRwm#aBhHJ5B8iPF~C3 zt0_i-Q)nhD!e&+tykY@4^VY3i1|d3gE%=H#6=_j&Ny@bp9=EL6k!RF!7`k+7Ro!*_D8;oXGy?-7t?^by!wry4Fk%mSUT46YP z$*i9K@FdH92Juu0GgG+CS&4&b{u?KQS(&dfv(|xqsSLKdyw0ogDQY^A(!eic*F1Y2 zYFX&U!3d`>%H<1HDKkse#aN~BHkeSoHBJlFfIk|~5WCW~mjt=W_nuU_t10Eic(Rt% zpaj!Yyw|vf#LW^)1m2)E)0BmBWkF8LR^AKA)<=uJ8W-RZ*WG9I&D)?91NI{wLV+Rf zxv2&o1!(-W3n>p!v(y%@s&Sl>tm~2666dxfHHnt>>D?L2yFqFPEjpchdll41M~UeC zmiGKIuob$fS!V6#%iOz=f!rk~mqC_3wOk;v{P^MEyuQ_8JvqO-xx9X7 z5dbNQjMoNj*BGzW&BPhL^}*CyIyGpcVESf(;vwU^44}*;+jMY#U_b5|opCJY(16F@ z+wIbkImK@c*s>zIGaA+SE?0QWPxUUtSW-L)4GM_Ey_Qr24zp1WP_8-YoHS~J)ze=2 zt6ADco5hdLPg}>RV0uB1Uj_BJCYP@9=IQd9En?U|T36#wj&bSU!AY{78#u9?5C$t~ zgIbBR?A%!l$hwJF5FEo;eg;eRt15B{4UUMR1`TB=)t2+YF^b`$p`vP=6>qH6bd~iq zYwk~Y*Voh*z3~9VObC0>Wuo?xc z;l;?uuW$&qhG;MNhkyFVx1CG zw{agEO_R0ViEGte54XS_#IzgzI$|>4<>-0_RF9*h#HpPbW?!7RQ@9N4OW;<~X_J?V z`=wUCP@>d7E|e(shYKYtcrUIighr%S6zG`?L?!bB5B$xQ_Tf_Mm^x$IDtkGS;UwoX zIEC-f5yxqUGNFFGaST_P-@yP+X550*Tb+d)n*?o5IJ~evD^fzI7im#4ZD8rsTvO(I z`H;F_Q>;qKE5wDY_CmP|YG{^Ioq^I&+AMLD7l>}`4(pfnbv=uoSL&snC6XwxP!*}> zrc>RiA+5y{)uiPpS3z2I8U}&v#jx2_ugVy+Hr~17p6ttbzR3W%KT8fK6US^smKQgl z?q1f{8dVLnEk&xy$5K#Y&a$fKidGEMjEWtq6l@sWJIkxHRfK7RwY%_F8-9GjPF zfYFGSYT-1>RmEEHfaU0n0#)6SQKX_bDwa^Sso>D9q6D5uhqv8bzXAt3t=P=D=ILHmkxK~ZXNZ#+$vlptJQHzd}T;5csLucjfXPoS`u@p zIw%UWs>S=LggF;zMuoLSu+4K9O)%L8qA(s_lNK&oiulEJ{UC%-p_DZLyiw+2HsPz&3oUimrfNarRLVJlhjy;Q%Mj)Ds@iC7p$ylBRwXY} z;xc8(a#kE;HVf1t>3Ylo;Y#2ONy@OQRe=MX&H8IwHH#_XoW+U`pL}M?WYWhB^mcmb z@>QE~u^Y;ba~r4{fn8{A;F=p@L(_a#U0M+u zsvMye8gB7)>mcyax!N3!r?bHtHcn!EYB0MJQbBCsgKCNmL2#9^Aql8EHt<1}$c7+_ zHm$5}CENYglki^2`T@4J>N7mg3G6rzsaPeLg6dcauHfocf-j)vm0$|0geAD5=;NM! zhpyo8)4>{!rQ1#BCoTo?oJH6{Rjvs9G`nox1+}%?SSyM%ax!KV76rGIVja+>#4OiN z-_@09%_Jar$du>JhT_k>`3WbhMvj!UDtZ;1_9a=#&=m>gorjP9{m_7|Hy9{n% z`DK8k$gluDv>Y?=QDqrA?8?XnWGt=F;J^|^34FLhD}n=81Z6n4vpK=EJ1l>^i|vU~LLobj zz^Y(J5=9d{s6s1(9aRK9P}guE3>HP;m~kA>;KLMHCw!=)Xhtc*(E8y+7*R{Ofpqlmi*KeT)e_z?uk^?1@8 zgqCR@c3`pQfk%<71x0A#=21kD@9ANGB=Y4(gU#TUYr_y&);1JTB<@5MTJAPP5v0F= zXJ>dNuK2Ae0?XfuBZ>mJF@@FuE2ao4aBQ3VQAG!$bp5O-0;_-(M-&xsV+ySTR!k98 zfQ?KR9mZ(oP3VCIUnD+?%&ka5i@S&wgDSKJ*il8$ z0~s*@!!8cApmaAPwDEfo1=a`;rYLGrhA*^kc<@C~khx+=U=Ug{EC>QCgatzsMR4H> ztpFB05d@!GA+yTWF`*@I!w^{XHWX20??e<@_%=ixNgs{UN-|8=X5&e)Sz%jsfM@>N zy=l3@)6XiLq*4$P%I z@F>=4K@r+6^C%)%WQsuUmq&9PaB)TfcpM1}=`lr|!x2fwf+N0=>6~~EX*egLH(05q zL&2Ry4t8i2$^nm~L5nDYD^Lza4E@O=fcnH)f3}(`kl9iPTsvK?gu=!p2oZ6JFfbkx z$=bjy0|~cM$3(P)`xmf)BRGzE3>C?J81Un`5CcI>H&R3s$(0yrM7hE@7X}h2anO)l zuQgrGV+goI6~`cHZ<5C#yozA$c|;7z2RPz0w5jK@=tDeRXUaC{xmcNYaJ;>PjaHHC zf}=*KxNX683{j}c7#a}673bxH8z&>VV`Hm)B!`^C5XU9wP{ee~i-;n*X4=sz;!AZ(t@j%|N6=TOntkEA2 zqQL&ZgDHwzD8m=pJ9zL#a1u6bGIkMm_{fK;0~L`yxMSrW{46V2&I3s9m2}Y=@UfUJS>AMh0dmc8*EW_53o=W99Rn#2Pt~6DUcBra? zQZ=w@WBPi>It$F%d6(g0GTYYOSpM9PE3ldPkwr0*3MfOHh#zGH1Mwq-k_I2^E5#Uk zF1Zw;9J3Rwy>eg_rxUihDnZtb8A{cPlH7wNtXX zT*hJOW^@Z2tF@|vF|e^zK^etjDkBbUHdPQuu$?MsW3*)z@dgepy;#Lxgl%Lhq3qIn zq?+BEPY!dZ_9K|PHXy+pxhcrT#=B_<-1s6XvKwJkEiOSDONHHNBkHdkX-xO;#Tv=^ zTX2e<#&P`~gx%STRIzJ=$>HtLVgzruCL>rQIecvqII}5MsBb|KSVb)uqNt<`PiPgi z;EAAe7A$nja!FX|fgd|M{We(l*+e3C6V?ISFho>msYG;r&LN7a(1IwkMhluqUX!PF z$Y@C{$7#nASlR4IqNtk(RcM8?ql%z%c0@74TPLQ2yORlaGKU?9bYjD;yBD#=D456g zAkxcRgDzMqU=t@1wux{ciEFr0l`bqdhbyw_3a#ABx za;$x<0LP0eu>E^+MKS+!jG?XHi!p-nd-25xaLN!K3wI2X4V8YE%qJE@Z(y#5vjf9e ztY~Kz;y~SnsVt)I$YvH1cV#?Q%wdOKH42%FSFl&DXhXN#HpCz!J=G#?DC@`7fyHJO z>&#LMD7&!G3}r`_nIVKl7PU6qK2*Q@0CkKIle3W7GSyfyo(oH0n{c6tVhvtoq3yth zEP@5NP{nACJh%c6-*_-VJJeBaL5ENl@Wp9zoM>WOmQ<%3)5>9sZd-z_3*!=8u&%HX zms2w$H6#G549UDwELL;k#}!!h{m7!|e+87GjlhpGf+aW*iaj9a3V4Y|39@c9Myl4O z%H(i%q%(rEd!@;XIoND(9<1$X#2Ase>>oC~s*Z_bdDRLC0~<;Oj8TlGD&EirQvq)T zqp5%u8Xh>__8}Dq5!T07!PuexN+mm2;2h#EHCPaLtipm8Ivm3d&)qMyb-X)Si?##P zgD9}tdN4)N)-rsdmDGbTf^K@Sg?Fo^$VRvXGUU}MHiTkvVg0ucQwIhhl>!;F@rh(Q z?QaHLlPPyN8%`vLunQ9qgdN#{po0;d+MVHgnqcv`PgA0_0vm&2vO3$?8SZWlM%S+H zP(@ZJ{Y&KJ(MKFR-P_n5tz8|cer3o4p&5(@v)+9I0khIf41wUE8x6L1^j)yYx)T3- zGSO!~^JIG6CF=l}^_<%d@Jehe?jt+;twZG5G*QsLf={-#gBm-iv92FZ+vorn$7w~Z z9iUrWGT#AG%R06Wuv+F*JHVPBckcipF9;5VW>sA4>fEWWUf&yYPg}zmt&Toqk?J>ZVWU-Q0YjvknC*A8 z%Gi)Zs?TD85Uo~jRFUdti9@1Q&Vwsb?JV(5wAy)aMXFssu8LMMJDNy!V(1pFCMNKp z^at$M@7b3P*{`l77n8|gc4cob!U&ZW&*9N-xIMv63|-ac z2Fw@|C_x!kqbeZ#FQ{W^%`2&8Xl*P(7gR$%Bc*$LmUuIm&3O^eJ6heKn~zL&gU%A@ zc7u4abJP*uiMrcOMgp~TyFs0gy}QF1c=&zKKCit59Iq|GWE!4wqhx|(Q_o4@YDwTaINsjrPX^QRXlZkd16ekEgT_ zTOO>B`hX6j=S=S2-r4c~m4nBQRfV3TYkfQ_4d1O58YP!Y=ZmG_^kt1Z0-3%WSi3H8D++&B1gwxpGy1eSLyuKQx2> zWSUG4PbOoSnR=8N!U7O!K6?#`n3q2`eMB-DH^*PyKHPQCr;N0%$@Tr|Lr3FFqmwY( z=}v_c@7x3(n;zI53}?sS$>5)N&-d2G+sj-1>DFLvJlR=>dz|z)V0KrzK^%vu&u;Zw zKsYwld}&U@;hT2*!_xi3i*=xSih``DHL0~}Kua)9bXhG|==`iDDFjiQ5ar=!81d=# zlAC(9#hF>^Qga~b{?FR9s|HhT9fg}{CQB1U3sW`0w6`-8T60s&LuqI$c_58kp$Vdu zC(8qB=srv!)jXw8)7hcaQgijt=$FN!toxPS&;Ff0N zmEH4Gb>3zqcy(tp7WgL4bH8r#+mp$&T$AbS7;i*(bI{gVD04aB1$u)v)4xp-~n=r<11rSR4wkq2R*rs7Cwj3sfy_Y|nZajvCE|je6<@ zaEkNy3suGYh62=*>D$RTuDx2?Ve8n(VNG?ZJifH9~h5}NZM(@_`r zz^dv(6P8!`vFtz`$^#9|mpt&W+z_72a9lR17>F}&1cABaMiiD~w&Br0yt09A!6l0& zpXpy}d=S3PmDwl`%WiY5I1rmnkS*A2}`_tXS4p=md3-ik#Bv&)lp!-^$iV1XRgbJ2GEOBL*dt@+bg)ezt?QDbQ#pTYjmZ9 zSq8VwPU|w*jF9U4fHJ5}H)@x`rQCvZBU=(NKUO59g4ncWiYCszf#f zQM74s-qAc7BBWxKU<#^ZCAfmCTM52^npc7;s1laoim8vM&OZ*Py+>9>3z8UGXh9Q8 z0WGM)>z)Nk47IbMiK1~h4$9a=(fG=1Yb;QN9aO!Fz|}Na~XBK3~NjTsaNMp;glW9Y-;X2!gAnfgpxb z8sIrYnVt|BsB;6QFTmg3-tJFI4@Ow*MpsZukbfwd^#?etA%e;SdW!{o4)W&^xf>$1 zSrvc>wyXm5D8^;O5!${AI3k!>0RycJJ4zZXfOIGkrxL;bbelXTahhD~SqXMv70MGH zMT0CTLMu=nMFjnk`I^xFA%h!Ot{LDcGA)1)Ezb;mR9V6e1P#wJvH|(Xus_@GH&~qE zas%oR#?T6=JN8&@txk{))@lpbD9V=u9$NJTcm%~0&`^$a{bF!_19ZbZ6ArBdKxx;6 z{IIQ?1wmk4v|xy$mM%P@HPnJ9g0jjo4w1f|FAME{Tv!6DfD26&J@6t6tqd+?5j4WK z#w4^p*l`5b20M}{y5K<-S`+N3BItproGev~>lunz0_%dSGEua_i!8K0xR6EE2rhdq z$}4QNAeFLViliAfR8h6Vi7=Li*bqk06746jVjtX#GEibc5LhQH7^0|x3r}bbu;7Ux zcylpk=zt*)JFvL(z@tdof+Dn#^C%+7cX8orXerw;1eUc8MHGoU5rvk!4N(N?Th{)D z7QYomVEJ2dL{R`YrqCK-#S}pWEGwKttAG_nU=^_9h@t{+Orcf4iYbB$u#sULsZZMu zE&U?&z=AJ=k0Ns`lF;HVB8edB+*GPMK`*qlZ5RSe+=e2G)SZYzOWua4Bk5y6dL+?3Y(m3U9pIV2Zg$jxW0GSIl}kWUl?JlI!(AOrJYm<)rp~5_gx_(WOXy&%h~~s# zge#P{gNLvSc>0&4;L)3YBN@K{k7M@&J*LU$a740p!4c2U1p{n+-m(POSOZBU+cPl4 zGCLDRXo~~)p{n^iWulA|dk_V-L=UDYR#}EGw1s-`MX**IHW{4^yTH?jsRI>}N_D0q zIfPv(i6HD)OANUN3w#WiX{ZHV+!>Fi$=)7*laB zb)~IRy>8VthqW_(6|7wqizvTPvUpt*U;M5%koL z5K0<+yt@=*=ye;V2<5DlU~Pv3qnLi!mZJn&H)beR>(UN$I6E>#!P%W93PzY>D(Urx z*L660nkD)ZshyH|M@B}v=?b{81vZkh%0;n~N=QSSNg2`zc2b5iMw?XuXQb}Og2swJ z2-}D_D=6r?vJk=7t%>BYc4i}jwM!!roRQu7;yDhnIw7LDK8%r+*M~By{+1$+rNTbM z5w+NdHm18T!5hitTd|7W#&P>zlwDenRI_{Y$zkr)egt#Z1|)bRH3ix_j5Bs(wE!MO zfmPRoDT>0D;R~&%9()m$(}Rsp9k-eHH^!6g(8ED~wEEXzBSAJ~Vs~L(xerqZW+0X7 z%nou0yD$Vn*pVd&x=7xcr!z?3GL~bu;|Q#bb|g{M(1R+p0@_hUP(3@M7(ulY)4|=z z1ZNwB9o2MVJ3Sd(#OA&oJ82B#DOHP;YwAyu-qK3$fhf};@hrZ zg7M-W+^FVcpo%ex?NC5eEVT759!wXjG4x>yY*{{3QOv6pVQ3rkA&g*XK6Ejf$`X7q zg7GA*eV1Y!?~JF(dT_r|f;Vt)tOT3lYnL8IIkX5-g0-IFv%|&;UQ}K9HK|s2jxC3= z6VE0XyK-%UkNSyaz@sGak^`^O0BO3Te|jd_8TQx0#p-2v)5><@0t_C<2%*ZVdOX?e zuU+Bdu9YiO?9C0?u8Y`soq6+MLyttzHo^p(#eUBGo1mEMu7bC7JLl_~jDn%K? zzm_2l99ET~i{w^I(Wd)|gATyhk%}`98(aBtb>iTpVjX(89LjE7oS^K?#|c6>x!_$Y zzt%9M3p@f^iZDieQ;IZNfMYqvJXV0?MHSfoy||*7e>uj`*6+m_!T7!SVgxv42#h>zf0y5i=j6tSHszXVJud(GYfH`?!r_SQFmlBi-@~29xLXsL$4Zz%*89%t5&q3 z+ie?SkddBR5jK?dSZIc_Bg@PX!Xk@W8*W#tUwwc&Mu^E-NG^=k z_sGPG@myE}+k^{E6l?Gz3vCB3WDzXDg(^mCTxM;~$Q zbZ=vKw03o%`IjetE?bK&^F$ktRR7kn+Uf9bc=J$9U!#~ z{C0rV(gEoJYrdiC0HJv?S0Hq&;^tNteC_J>{n7d`33bI&1x!KP+6Sl>nqE*g=D^l$&QBkzod2mIlT|WAXRxvx8NOdv;yl6GDAqiTafP({j z_GMECt1HRHWHOjt+1raSzGcO8c(faC>8%q(SG760yL~=bIPZ{5;L%$v&thDTr!P%e zO>ccUFl+FMjR?7;2 zW2lvZBD5YEphGK;0XnRv=qp2wo7K85EKO3;SZyb^SwwXp8-=mzb=m})m@EuFD$5HEJ%yTP09q;-c=hCjQ(Xm;GX!Dt&8 z>;|(8qAw1-c8fnhXV5Kf(Jt-0TH)T9;O1&BZRjnUD7W+CCZRy^4_z7cw+CyG-)_5| z!5PVxRwFFUtp_aDaiLl->#I(C$H#4N?Y(ZAOfcLr9B*!-Z_qn5zBHQ7CP{xgMAc^- z9`Jf$Pb+m;;K$*~WIQ=I-W|15vjw;}_9r8-r#u!a`mQ zw8Fx-L`7i{SbCB15on~@9>p-;%vO~mrXcpLM~nl4T0JlvuU!ZUa30}A0UAbL>A<@& z<`|M#18h)o^{h@1N}Kjb=7D{0&%UE)P9KzZ<@9hD-H5$C-HbIMu?+IT;Q*(^#(>Ov z#D(6RD}&K2nT-0w<@pYR-kD@`fFqkG!usaGGnP-;7u4?daLFZ>k0>_V%WLwbMU8 zq_WPE%Pn=&4Ob~_%gUEPZ>e}0^mGU(2uE-nO*>Hmfa2Y?VZgK$flw2S*9#rDcGb*; zxBxhW%gn&f`)JZ?G@*Om7-d7J3vgSE9%fF}Lw8uVNFP(UqN@{#H+JBG8DvKimP>TH zO?YAxC}D-Au4(f!*JeT}m^1#D#L&PhiQc-+f9(Z8x*lQ4$OSX~0K$>F%-GW0l-Rw8N|H0eB2h|MO*7VNe0!vr0c4~v7kO}JsBc@c70$}Pjip-8uY4okab__hh{7E8214y=n7 z3?Z1)et=N=UM`(TT|MN{%K@C> z!1i7*xv94~m~HKz@2!oum$&-Ut-;!Ova^gqL49Z9Rr<7%t2W0RH)L>o@j84;*JSi2 zNq;u$uWe~&>|bA>y!8!NFU5fU);Cn`z;8_Y+sUQz(ZCypz~LBJ)tvprDF#+G={cyYQa+6*)8(yXxRc;H zf2G#$92=?c^Es%4xus4!a5d<$twA7v8T1~lFfqhz<50Dkk5kl z$Z*`BUDwJ~YD!oz9~=GG;60A%t^Wc>pXgT| z<)vPA_w2L!=WMH8EEnlS+?9`Z5+E)liW!$;jpnIKF~@Y)rO4y?>r&LwTy`nuSYEpn zaYV;miaVn3F2x9&-@(00+vD}Y#vqxXKYY{f z0Qu7U=8kP(d%pgqMUdMLaR3kAjsOl9DmGkc)^b+CzGt74^Q{`s*0?+3zPJ890T=^4 zGFV~`{-p1&!pcsp9GeHG>MKWiroAILl=gHo*&a-%2u`>^w`XgzTjSZYZxK^E@OD-P ztFE1Q*1097xY;BU35Rdm?dN)Pk?<@UPb5Thc2bz8lZ=F~Lv;bF-Q);17%_|wy2rS%G7{hQ< zV!LS?@5y&8AZ7S>DB0-m4rgU?-b~u4tLBpu71~+BRS|bdu+a$(;e!n)6EIa~6M-|} z3tWFE`fkPGBqO{eM0I0mavnB+Ma5K}542co^bcr0|HjHMk;gyDr3UO=bQE?i8BWH|IX z0Nhm&vm%+t$xUxJbMHl$lhs8Q9!5nHTxU0v5pDk9R3 z<9imV%qLr_4BK$=lrdCiRwNRNV;gmmm{a;X*10&Jvo~joOt{U=z!_xe9zq)Bw#QR6 zx4g9DH5z$52f1!3f{)5$3EVswF_Bo`-rl(#F7}BnmqW=g35sQ>Kba=;5E8A%tgs`u znHJBrOI%g1=@zbq=avK+2I`XI)g^Qll(mY#7H*hBw?NDmJl{*to1* zT|oNCUa$A)YMUV3{mUJ55s2kD=^cklu~=Z^rlk zfzJ;^I*-ry#k=cK{*ibR-jnhCHoU(HPyXEsF#Z#tSr`8P6@dQ`q#dNEBK)-MGd*u1DFI`%i0q0-g`xEf{ zb*SI7@&1u`J|5|%NRI)G7X!w9k>@#hviyhBCqM54PCm`QI|0@?q-P?%7U^lg!QY>c z=iBl9ws^iA<^BxMe?YnoaDD^QlR@^Y@clRv^ZzcMj{@H3BmIU25A&FR&j!8bcYb~Y z-c3>dJ$U}V>F*x`tZzWw`TMV+E}u)^-ywZY3|y~5{qKvsN0AAF<(`5k%l;^y&qsO%((fYuDbkyenE&t7 z=dErBok>5lEdQ>-J3jCBWsqI^nct7%^DB`)ibPyb!t=L~_?!HFJ-!n!@yR=RKDLne z-|_uw;2=E@!}Ezqk40ksZ9HFq^h_keBfek3=ifyly`+J(5e9KmCkW@G_?<9Vo-kRC zydZ3rBW&`GdH)IT_~bj+-xuFL`~5z~XUYG4mUr^oojkwoPk%dw=OZoo2FAOK#^)dT zs*E1NV|(5MWqt(dMM$jUYtrWj@%)lIEG@kQ&uj2J4JXI)=kS@&ufg*``uU%c=i^A^ z0pSV%$Txv^>MNF({`dcr=lOTx-Q$o5k23m^J869o{p5T8y)n&0eWPCS9d+u-c>jxl z`FuR5cU)S!`OD!)@T9JN2%qnS&;N?&EAf0A(npc*$}%auXQa;?f%hHh=Zooc-wT$O zehTj&fb_?B_c5eTBK;@Q9q^7c+!fDzAstS?^W7#s-;{oT5}v0(AN}jsfDY;(?dX;G zEIguKvYgo26Ts6SM!NQ^VXJt)1c`Ea9iD%L^kjVgYdrrA>Fr3g+bty8F5%n(`1qu4 zi%#?Vt5HtmM7V@cTcF=&JHz&d?FaL+Jz-lwx=ANx`mKOVIv$PZgZUYWdFgLxC-gaw z!@KY1Z^-u?JV_sE=6A~Jbx6O3M7qT12<^nfeDA^UA4ZbzMV%qe;@>|aKlO~fWm&?I z^5pv$APFx{0f&^Q4)OCf_+9)L_3P32{!}F9rL07+sAJ4;>X+$5sB45n7=&HayBpK; z;-?5p{+@~7K8HlQ`Hp%)o>Axdoqm$^Tn+u>cd6fNpku#@^j;+4_n+W1%bL2u{Nxes zl=e*9pA$G|#LxQE=L^5cJ7uR8dBQfMOx8YLP-d(< z>qwd(izoGy^pbYIyMT8>AK#ny`~&z+{4Ddn2;Z6Km+`zAiTo0IlQ;7BT;%0v;hXU6 zeJJx6NS{F>9k))~4z@XLw}|5!ygP*SaHQ`>dLhy;A>E8b+|;=b;Pc-ik)O}GGkh}A zo$=j-|2cgBa=gDk(iT476VHbrJqC%inK~KWQXx>M!vzwjvFz3-yq2MgK%D^s!PG){C^h81PB|Yw#4=G7t5LzyBuQUw0Q> zj^DokpZSh7@IBw%gePH$Ui}5WQ{V1-*QKSO$LELP`3$7rMq2tB#O_}UAA$5qB#DzA zfcGP$mm+->>F#&abujs1%J3A*ek~I9l66qDgJ#N)w2@Eb0r|~(Q#P~*(odRK0RN`1 zgTCSUDWqS)=kNRm=mVbj`}(D&OGv+g^dCrs^JM(?P9(~Wb){@6Q;{!u5Tf4q0e;qn z{HHuAXU5u;CGA6WpY}rAF>OHfo;E-`qD|0#Xcx38u?O0g*c9!F{Go1=m*gFN8u>CWGT_!;SANDo222jI8A#q;1j(as?K3)0HHG>=4Y3FmL_y|hHw%+K%qt3wy- zLArhtuzw1$uHFNGiS#jie-OTtH}Aps&mn!qUc^s$?!%LK=qnH5v&fNrWz0o;CBJFU zEZ;|-T_nQzaXhJ8-;bxM>x4`AgiH8@N%(|A{L=ms2W?mEo$z0V{6(IN&XPZb$-knU z`0ktE?;iw5hMu^C~*~Y~c79(skbo--7gK zNR$hCK${^i$y4%Dc+5KSk20j4Q@?5F;tLNQT;$b-`!4FejUO8F=RYredD}IbCwxyn z-xYB9`DQ%V?z6N+Tj6)=EuXLZ4(R!VmX^jyPXSN=0cqts5!)i&`@x8-kUolZWIyVM z^bFAY`$&{=?iUnA}!o}#a09?=PYmOoQJOguI^g&ykY-S4OUpXf5-N#8?aeZKo3 z^6@#vlW`C~m;L?Nwf1~pn7(IxZNf17E`0wpz_kx~$)i;~36Gy&k0*75bg+NS-@5KU z{4e07&tY3jn(lI)e%|BTbe-OY?>1jTx>+~U&bY#?^S7eRbCDi{Br#EyK2e?6pL`;I zvoFN&{QC#sW&2GXd>HCM`HUXq(c1S;245MjNgBd<`v;op^Nkr-is{o zBsQhbV2nij{_NfDaSU;bAE?^q{0DG87VQo3vpm}#;;_YdF1+F&C5Ed@gRQM&Tj*-< zzU)Be*U4+f9n@FG%j6;30LJU|@r;+*99|5-7QSQLrSz|1EJPR*qcC3Kcm6R}Va%exeg5-|TjaCr$+*V#8)K0!VjjVNXYh)j z8T-gP^EtrpjE5K(neXMZ&DYZA#qR6K{^H?GZg+$)D$`TZN77Q1jVYI+Ohm7w4mNpo zDTjNY-o-erC=ZbVb=bvo)~61?nP2b6lNy zT)ITr??2{_CyRO}x@C(s#Ftc!JDZMmaGZnwhQ8*H9)iBgL$QY9IL45XO!=9grR_A| z**=Rco4*O~`Hua&+n>Oi5~L3!J@6#f1t5JP7&$=tJ*2BoFD*R_=^v3E`7n$VBVBz) z(? z-x!1P$v=t98IN+@PQT6mv)#?Ueg5-|^QpUhSJctJ0$>$62vx0F3q+dreec`Rn z+GBOXlyPd>fazOB?_GT((kSsyY}+Wd!^ACrMct+zC#dfmktEO8oLgG@fxg!1i}*~v z{t%wua)Z|IXW~hH{xqHsy)i2%<@q#ijrQfuXEHzJYmqw_V7l$qn+I2 zyR=N7j%QJ(q_r%@ByOL7qTgUlMj6=JE|zcVlO*mD-TMUUKpmrgea9m(_7B`QKQ`mn zkK*0`M%w>K&1>RTfA~(GKk8BFTOiS=eC?w(&%Xyx@{{>KgwN#Z)sMlLHqwhw?xT3# zcUAN7xp;~{Eb@}&Nl%eiXiJ(r?dm+JAN+eI^R|CI@G zKK&EmHOq;5075Q{9U5Qlc@jnL(~`A zChd`WLY<&ZQZHza)C<}p^@6rYouI8z2WV&S1x(u3&jBvfX6beti*`jC89V;}(YI}* zzHdch9r^c-n}{2x+TNas&y@3D;CbIIZD-HL^HWGVcmBVrf3(5l18sjV!}H&fL^tTu z9`iWu&wd+E`pSJ5H2;4T&!R2J_xk28Pv1bn7H`v9Kz-hs}d{P*MeK_v2Y>!RlAx80<9`8+)T+rQ;? zG?st+G?piNRYXphtl+9LIWwnjamoly^HU(^HI*DC<`6nxvB%h}w@R)%CS_=vlHKYQJ&Ag z!BhItUwZ|5jr1&}Z+<-dJ<=7VpFui=cW*}e6cS7m2iF!c}TN@iO+X>f`0co zeC8aCJ z`8LS=rQd_N1nH_LqHcJ10MCEH^Ue6}&PXy(!gYct@!ebxOIYTbzOwnNn^0cn!OV4R zvfkF5%X%{M62AF&chG6_g0lDHKZo>H;Mc>EI6ua9xE$Z7j2{5J z%ul`Hlk0FPe}3lrS3Wr}%k`MlALigAJ{!+BBmDsq%d!mNy&T{9 zndMlXD@O&)NGmu`7^e0Fxd+YCATH1?r7U@YyFF|@A5@8W8 z%l<3Ao8`ab`>;j~$t?SFd^gLBUfu=oSCI&dFyD#Kg!w5vU-(seU7>BA6!|A>PqUDIeZL{k=}`P05sBG#`w(okiX>h$MO9}{6;@apKSUr@`FB_K8!w_zMQ^T)@%@` z>D%aw>EHPNBj5$wGOo?1JVj3Yjk2KZC?Dz`WkflX*W@|>o{uMGMfp%(zl6_EL!yjn z*9V>s-)R*hpDHpz%Kdu?z+&pzb)`?Os(iZ+T;Qqo-XKjkvHWk~Y;+pwl`$L>&`@`?_ z&(u5WVJO`*?NapZ(eF*=`X0eygM6<-`2^|F zD0eN&-yiQbLC?Q~-gl-nfBQSIhV1P+F1sygekjtr-=b~nuYMEj;_&&!NS{G^J-$B` zc}Y9}p7J*RS#7(hZ=^yFKZ9eiCc=9gDY!%PXzXpB_^}pc{ zz-J`Z;w+Zu{;Bq!{jJs64mv{q2&`@rv0ONcAsC&kavXPWWZTk!p-k?4m>D}5`= zu+5e=xc`XHY$JVbT3M`Owr7+tWzBY)c-dBeJ#bUTr$9g3a?(KkqCcjtQSS(Ycx26$ z_*?2F^_Y6e_K*FkYw+3ZOR2unopc?muHP%`E13S7vMBmy>N4v^{k|Db)`@K{pJp2z zim#Lz+ggzuc}%%Ud`CTPgG<_Q(I3X|j43_`xU4^Q$E=qrbJE5<{3AWoNzzJvBtP!* z1F#FEpGVq35`CnP_#nPB&lkb2%zO{W_p6bff+TSv%dre~nQ&O{Blw+q!#Iidc{37i z)W-{7jK)24tSjq68JqQ_ZV@MA8uE#FnU6Y6+K8X}&w7(~)`|Hg_7UE)9Al!UG!iFi zB%jF-;ugDNT(ycMJfjSmpFAUN>_?F%##?+c7Bk;77Gr+?kctqDd?8JI^3Rmd_ouMf-(nxh)OGfio(w!3 zD0&@N0nf zo4+%*;qSER7vnSiKl8pZeNWvcJhmyUv)CWY{x$NDAI$$p`24R(w|f?B5@iUF?FY-> z1@DMg_OJ=>ZU#K^k86<0->U72$-6df3*#ZyV;|^~dXpEduh=-_nBx9n#x#sYxM!F# z4$JUwt{31H_jwaG<3#e9Jd!x^Rd~nzchR&jDI+$McJ_Klquy!9tlqlJ{z)6>p*y{+dJ_6ws^l6N$NvBvQCsSeGm1T zd_D!fJR13)VdND!H{spOkeKH!c$#%3Y~o^Gp@BI0oqx0o;u9Q%@u9Q~-}5{34WE;h z;rH9%`*leC{RMcwKmDEWC9jmf{d3_Lk!DDLfb=SBTzwnzn7k#= zw!jnCi}4Gee-HYfg}SicD1Am5_u%i;Y3eck0{sDfB;#<7bMW`qqudQh{LH`C0v>&Y z^n>}1GIyQ1@I;iAxYZnsDvm*!{XcWO>Gx2cvK3i#Z#4Zj+Y8z;+Xc1-^!v1D`U{>X z@E-g|f8p}srvIYPcAak^eF4))(buv+!?s0yCvA%Q&wed+lV=7|Z|S>e8`Mqmig6-+ znAjbC+-q;8`@qHiE&IXj_t7WPCaC|Xpx^%pp4{Q5-~*9ZZ`uxRk$jTJt7{`qUZvCp6NvS@w^0~ zk2+1Jy_X&9ZD-vlo=^>3mFYCnmkme$t zzlh)Ni1N=tdIi#*0Dl>Yw2^-5lkir25aBSE5Ig1fb(CQ~%8F%JFPXdJI12M~EQNG% zzL4{WoGTQ&;CvzH4Qap6Lq2n?hd#&jVf0C~WBS12m@R!%h%su)#PmtU@g@30`U)8f zWqd`yA+n%eQjXM3>W=V=a-lrPGs=SUqs)u)rEDo<%AR_23i`pZR`Rdwc!acaELO&j zDNDYSKk|b5&hKvmjkG)Z9qJG3&oLXuUQ!R%<$cJ<=a*tUmF32G%Gd|%Xv+IR_>K9g zUmRnizhGI8#j+e>@caKtpP$5&=lr<*9`TvJ&%{+Hb`_g4{UT`~eEPzl0aMH&{%OIgB^GJG#^h>zu2 z?!zd@{4cS3^3rNh*IubA27uvu0N{(w0#yjx-i;*Oj=;V{_Ds~9&#++EF&_IdW#&GhkqQm z=Xn0DUxKlEBpKKLS$zIOq<;e3F`mr3kNJL1eqCUI;xTzDQfpk$uq=PiDoY26!@OyEtf^?BSwhc08Av*k#v|iF)5jJ6v z_dXh_BlI=YY0DYd=tw2 zITC#(Vf{Sbts&87=qvvgpUp8`mJ>dZr{pK=Liq__M88CD6#u~kvFYWPWwIx{D!MCl zN*zh3s=Gle>pMaFZ7%UYETv&z)bT=ejsoX3lqU4vY9WclDxI zX7zdWFCy0c1r7frc+Yt;&VO;<>o4&BZunjF%4Sn9!0-R|a;!%H-VfrlwAU}dcgpsc zKnLf{I0wf$v_4?pHN{7IO+MLpME-mPutbk&C$t%srM*y>c*YU!lyNgMJx55^iaMcd+LnHU;F^&&V2kEgFfmw^-X*L*J_b6Eg3i0V2C+Dvv@_E9mG~?^;VEcM;|KfBiBWof}Vfu9T@w5t*(Eu&&EE&Q<0DHdX+vJ<=~rh zkhulhdXB3>!{sM}z8}r{#L`FLIu6oe`cl%$I;e`_8JoT$ZPX?5j(SAeIWEL86ppu% zraI$bLSH3*hfh0L!)ylCq@_k^ThjiFRZ5DQHX5r=Wflp4qqHcmA1ina`h?w7nQ~ zo<|~mzYcqL#k8b>xH;BF`ou=XN3ujQrCE>+Wzz3FRJ%lHuiS-s9@OM}J z746W?Hvr(Ha`!2sgdy(~E9224}h>tLyibOu~JNZkPvet^9_r3vR z{qL%dhcHcCgi9QxUB)>CkGU?*=FbEU>!-#SQAb(3MqL$}Nh4|HS~kAtXIaz6@B4mD zzvDVG%9-W(-i)L8PUPW=`D4Xe#7$k~ld&Onn=&c3sni*>O=Wy6eFDZBj0aSI3iW>} z>guX5`D3o}yQT1g^pXeSyU7#M%C&d5G`Z2wm~@KlC^O1W{H*k|s>~KiHK)a*i|k!QZ%U zmQSv?B^n?d+&=cTX0c8}$_4!78L5SEl@d&KyWdH1|o$0Nd9;w%0=9C>~a ziTU4*=Vy?Zhwmk?l>gS>z!(eCbC5ob^j0M1Va)T?o6&9}eHRjKf^uVjhvOoI{YJdM z?l-aC0nar&S?>0D5+~~_Z8G5s4ih$EktV`=8p`p>wa#4sO#Gbty5n20e+|hTqZ3+2 zcuzc1mt()B=i1rMa_*ckIM-b419dTPWzJcd>!B%US?lry&`X}Oe{uPVSwD$9s?*o_ z4EXR;z0vageW5EA3q~As2_ZPnpV~FoWT>Um}H{_A{7wZ1? zcu$zFJ`CXz7h_`41;S++%D!k@TtCm>UxO#%OYAAWjK6&nzlomFev3L}_P4HiyVkX0 zp5u5=`Eo9m^OmBQ)X7_d4w66oql~Es)CbCc0JK#%N2_Bi?~UxhtCm4%!~evCXAUsIk5j-xC1;T}bAd9r~)V;w)M1cjyG`Loc`c1QLfmBEczAljrAj+=nIN{ zR@RSjrLXsJ^hwQrA%A!Ef4L4x);KV}ARf|8c;ut(tE0`3PetCi)@hhLlYMoJXGjZW zLivb)eF5ktZy3LDKQa08r)eGd`QE=%y*`9Zxw0JhD)ISKc=EI0rVjA^@29_W9}|C* z*qE`htDkF*g~*t9jM$ic8PjL6-$NQ{KgIb6?yY(r(npZaAf{%0ZfX4>TYae4)MxrJ z`UlpJxrahaUCFGu>B%mU27^SSLWj%eGbazc6PZxQq)jpXVsX68-0#W#j@&&(i+N{!qf@pX~FbFEaOr z^0(WjJfa`wo=>(pu05YI*ZuiyLi$hK%SxJQzw|}?Onv0s3H=Uz%0BoLwvTM@+3qsW zU*AEuoorWRT$}wG+q!wq>vN8u{g<1O=-1c=ihVHNVN6GxQT=-GpZyv7yo-4E=lD!J zAl_oUz;`3mfxmMf>@BS=kQh+LFh2|$U39Vz+$U_SC+$;WN7^fGkA6UGT=splouQ6X zKWWc|W!kf}pSRR@lWjkJ80qF8ZBhIgztfL#e$(8~Zu&AACu933_D{cM`T(E(yX;=} zdeaZm2h#u1zGW{s+dl5gemN55%l4S|!#OvO>zRAM=?|ox4Bd~lwU1T&0M`pp|G1Bu zPuWL(ONtY@zq@GvG3-M2`G?X&>TTD$NSutFMeoG_a9_NQkCgW<&3Dqz(Vx-gUI6-} zPemW_ANbDpO8T6%HTpfaS2E_yc7}X-6Kxjnsn@;t-}37Dy`bs8^*TFG!{=iu&!SHA zoCm%u@{oB&hd7@izRX-xC;eYpTgNi|qfDqTZ~1_ZU8r077yI5o#z)N0JRd?C#yWCl zMDe@`^PC8d4KU7^@;q;X=T5LZaT1omA?zY7zT=<3G{yI_v!XM#@$tU4YS7QSA`p_cX|LyDTaR=pZ^YuRj9#V%W||TSJiu!coz=w@oxq=Z$+YhQcrDXXY(w{uliG* zWBUNC_jw@di1Mr}>3I+6;@Uy>+etg?!2Y<<`IUdB_5GIC))mhizs*NAPvl%+^5&QR zFMDqSCrMG|kLQbs%(}b!o}T+2hJopt?zy-bL2*?C@AW{6>h9{EV!ErEs_r>lcR9pc z7iAR?4^U8%RaadP)(b@3pX-5&h{vj+AnJ-PD(m`NUHN@qL}pfIRdsh&ceS7WfBxGu znUxtC@gm~Ii+9D#j0dWC+VyPnedtl(fuDKb#pdh0TlO<}=JAyo^!u&PLj2Ae*ad6N zH+%Uz_ciIM%W7z*}cvjB0V$h?aRwxUS&%dG%%iEBHMpo^wpgJTKUXc=TT5 z%i! zLLGC(hzH+?Z022XmKEH-+SqWGEzCoipE6JUw98ljC+SJ6eq7I^|5s0HO-~wp(2VW> zG#OPZt2h13(5d$=ZKl~T{?w%Lwf8;kzXnb4z4u*tzP{8g`)xe)bb`M{zZ>oQR4cbU z+0JktMw!~@bHVY-J@cV@oq*@k|1^C61KP=b^zb|J6Zj2rd=3Yv^Ph*~mp&ZE@x8cT z>85eMpiZzOFh;ewOBTn|Em-HdA>LLzdAv4IswZdp3lpv6EL4+ z-ow0x=OgO`%ny0aGQZ>b_~+6In1?byWu0K~=k@&XK9|?>9RC0NUO9{d{`2fCzHVge za612ayqB+;|M9QK`@DUL*#6+~Ob-X=wc&`xN!@}FQBDhyYqkSq^uVuT9b!WEK*k?lkq)?qBEaxme7Y=by&!OZ)KNeLvo##_#iSEc9)D{$69F@AE$uFfPRL zSv3n1O=fX4hh1-88+W%}^ zGd*#eYx}{v3AfjyH7?f$npkK*wIEG0T#qKV{i2><^7H>M;Ogo*+V1V|#B;;LV=dme zkB#cEQ42~L<4pu+cW3I`sz{44O&i(OjD>Jhr8f9JrL#%rpY9Iwpe!ei+sW%upDpau(jLlR7z z8ZR8JqmZfmRDdOTZJ8R)fo_6@-6uoAwDDYJX0kL98kq6PQZCdIR1hpvOL>*TOG5SF zd6wbs4ng%&!x-~YD>ETvPmSct_QW0YGSl)pnF!4) zAQD_S*sEG1KUk=MwU%??u1|~}Db)bRh|Yu<#Z)b^PM0zHf_0(UlZC19a3ig@&2_ZG z-L0h`q)mg$LZ|{Z3&qe(;F6=c!};PwXsCF)h8i}Vn}7(YVL?9Ys2r=XXaVp_VYHG3 zC!Z>Xroa1I$DGX;95ZPHK_CIub&Tk-j3AFo~g=ou2{*3uv;9NE==dM zd(7RDN^4b$rWZM%B5M&k^L?dW=gpXpF$lgRdk~RodB{~T4z`yd(*~GJDMM@ zORPXW8J((3%>N);nmK4N?g4Xuxj8jS^^i=PvLh9(`PF8xoo0=n2P=Asn;ewRb}v*mnF_c)w7 zQ7V^8)v7$`J`B(tIMhtW{pDJ?7{~%Z#*Z$Pj8M&070x}#ejpZ}UwDgH# zK)#}Xhk3$l_EjjU z`|>euKzd05yUlAh6qxCQMl5+rlld8FvRtK?GMa+~&5cYN!R@71Q(X4t*^Az-&y2hT zk9B$XV<0qbt#M^u;uK7S@!6u02!=0aw8pu6xSXE|T9#gkAmgu;$}^ctK35*q=8L)Y zq?EZs4vkOF`4Ud@YSWK(ie^lnZtiob@u`^*ghDA((9;GNQ?rvZ##k<8JjG&~4Jkfx zb@~S6W7>rh;}!hpC+7M{Zc^)`er+=laG=~w{;1Id>mImd?WcR31>e#|q{73r|jF1F|R#17f9E@;OrY+4$HT4=Sj1yfEoA-f%G%G$o_7HGD7^ zP*bcB7Ka)I%y>s9OL>SjO(h}xXoc`_D4jVXw=YC>rAh{v;(X>RfHNd$@#;Q=NOi9m zNZ_(+`l5tJ027#-p`1GcMyDAsp88%S@7nJ*5A*12uSF0Awxu zHj#f5?hjj9Zo~Mp{$a2p;MdCwOuNz)fM=k52TE zZO1pzUNo-2kTKgJ?`8`SReF59B$leRDbtg#o50KD{&M^MB%kN8lLQMTW8QnaY6W-1#iRVR!TCNjCv(OI}>j%7`^eTe!Qj3mu!{oDcR>8BM9i3IN% zK_N)KgG1+H&BArP_@yw%LnYu|4c%)9jp4$GuY{ZFN$w!@y0WOTz9c#`RtUEp^kz(U z9~#uNEhu-{c!1xN?b+oIYfb#mqrp6RJ`T)P;R}G9&tj(c)*xvGtjOnp3+mSxZaxU^x;95}pdaAVG%MV2J#b;WZ1v2iZy?Uo=$}=sD_x%>=K}q0Heu2M+HU+&wrn92lTh%VdkQQzP?s zuR(Q84HcLPIM36?1_ccvWnC|1%WZ`{TRyg^8hvj_%XL<{S<6LzCA;~OnzHr8X|+u2 zNHujWiU8cAi@@q)sN1b=G3Y$1d4Kb`G_$ZZ5@RE~#S-31%BQ#hy&Fc(Q1KV+FGgwP*mIy|rin zjVPrx{7zy8p=L~515nT6S}R`~x!Cm$FB%K1ZWLw;hii$mwT8G3`bD>5W_H@xEQ^QW zdQ}$V;w5bD^CXw4?)2g(sMUsfUzmm!tm6A(gr28^>V&a zDYVkPg&;x4%um+}_jw4XF}&7z)7&uH)0!%tG`wt;hZZqH+5FL*S&V6p&KkG2whpZD zOhIYQ9?BofLbhac#ajKPWuz`t#j^LqXhh516}OgU?~R#=%RDZol4a=&$Kx2Qs6BMs zmPy}ef-Qk#YBt9w1Gi>UEf3&^dVkB4wQ-|0IkcnMOBt-O0(?I!}YQhF0ZlK{+=FThma?cv0MW=l7XXtCU+E; z{M5ATSq?wYz7HP0n&h%swhO14yZYRf!qoI+VO*mmTmoz9h)3ilXH9+XLyi;SfRRH1 zP@b#T&4P8&>0BjPs9O0V*`V)#@s_T57?v_A>Hr?hPol$Z1*z-c#jtim)oW+%!emRf zP@P^?hsTB+B+asn+3%@1*H(|mDlMMmxt=Cv;tW=czSv(}+tLD<@|SqUL<1yeixfjArs`T+auyaZ4(})m5xw&lEEg zrJaQeu8wi9u{OIeV{W~Gka=5EC?RIIX57bfGlhdNb|y<$?1d+GH!!L1YV!Hj>xUd% zXV!*?cAM;+V&YQuAYsY501dJ*>HgF}tLjte&_RR^O>pIVP&b$Y?k4J1U*|5N8-!Oj zs$*VV)SkPPj!3Fq!Ja#Ni*2gRjG;u+okqL^2bngVe`2yUVnR=v6BZi3y9Q4(_%$!= zjTiEhV?06}C51~~D{W!QHUg;!(tymBTd@-x0Ye(r`4AaYn8e~AuI9u}-P+)M;P9+H zfDk>0)rBQu%08}V04${mx+JNR{mVzZ8$ddaLAWX(l zzMO4OyOxZe3f{>)hGixFQdV>0HMbh&4gW&iq;9^<4RX9(np!@+Z*J&q)BJ)}EY-v8 z>#Lq_HkO;oW%!gu(9dYOpgBVG++`lLyDDY10z{)O8(^qxz7MorH0bxO9j*4fkM3LA zTE)yR<7gIVC)qcP_W>vQH7Bt7tk%L?VD^6hy#?-hh)1u7AZ)&3-W^=(5Y$trt^f)g z%#>y7LOIX)V!ZvikhV1Id!Eq%;C4=k`qA*&?{bnbW=CO6&uXmUw;>c_9)vB=M0BN2 zt2lxTWV?hl-5Gccm#Tm;gw}PlxhFruj}9ZcMTfX($*~0XsMRAFU&Zl43o310+YA_l z?6(jIGzXBSM((h`=_<5P0mr-ln~u@q6q8H0i|Uq&2+b`!TcrcHu%qo2Xcvv?_{ zFkTpicW+4{kY;U$*PoW$WCIFbrZz!hMQy3NhiQ{p8d@^2#zSq!MC)Tq9gO-4v{{m6 z;oYtQpR0~#>VTPU%iIIElI7}xp4QFt`X=Tw-mL&?i!|;y3hp45h)N>9x z^9-+&0e^NH?O#^9ot?%FVVHsh)$MCcm>)FWeD$(ECc%r)?wCs z*~8QPtZr&hmqF}S+ue4FTLs-BcWMe3%O+l{&Gw|-vPjnYYCKWL#%ufd*-UA9nXnJP zZ2@gQ#AQH2^<|p2teE*tZ96OXAuo$@;zRdL#oRPLvW@RP7TU9t=)*T+DBo69z6Q8A zZQ90UeE7>Fj;i37OBnezv|nC?Kzo>Phm`XHx6cBv0oj)I8((Xw0&mTEKDTW1Aug9> zGjhPpczl}>uBdhlTs_ofb8t1P%E*W|>*)SaEDQ8T-B=bb&p}eAGXClvu5>J7`zBbU zjx3Yi(Wt8BVb2X~S}soAsIvAm?YU}cC;x6#$Dfapm3fh;z#hHj(A9l*u$+}NLZDZl zH&DxD87yx#J{Q`z?0%qqOAnjz1$>~{%OV8=@Y`-Y1Yj={KMvH;c0bU*%<^#dV4Gc8 z*mfVyzD)bscc9(N=A+q{X`A^JXzp?efIt-H*$HLK!^}q+^W!mCgHy2QQv)hEUyy?uQKYT?`3fUdBD9X(>5;V zBWHPJkq^H8;vxjv!%I6XeIIc9EXW#=%i^MGqiFM+yIg|JufP*)?Uy&&&e*psUZ4=v z<@Ey9RJAM`x<44p0=<45%Ggw78N4(B1!Gy@H|oeTSsjh4S|0w~sHXO_>bYuZC)aLN z$8xc+Ms<0dj1_dRU(2A_2CFeIEVQqZ`MQN?Z8iwztL@K#!1^lmC&>}qkB?N0@YnaV zfseb@KEr47S=9(7`(N1(rLr%pF01)wet44wt`#NctW`s;2W65qDBq_uf#zZBRdmGP zf)!g$j+M$tLENPG@eypSm>DZ#%bH>Z+xu0p)gxZl(ZAf_xk~8m&@zaN1P1lu^86X` ze)z)B%$6t%=hHp(Hj0|RUOy{#^}%Na&7ND$7SY>FVH+;}((?R;(7(X;H1p?e8oL_D z3!_743--^a0CVB)d%=KstZ@{k%{iPjna^Q|wMp~-ZZ+pDpbQP`y&-+T6-K_!b}B2|g}_p8C~!z&OEwSl&|G15>{V9zVg!EFeaIS4Fx)$(>#i6Pt%H<3YxQ4@F&0_@UI7z($#eiZ#wR;cia`Cx-a%g3f? zN*VLRo%Iq5)7Tm_Gir8dtx43+0-39ma&}~9GM~ZHP>!c$Aj_x=&ur%$hKCJ~13B?2 z4~78}hi?Is%-aDYT;^!W+ugOU&1P@Dxw2Qh9{PEy~BEI z^m#jiJk8e3Sr=1Mp33%cJ?nKu(Z^!4yurHCy$aH>zO?wKCWt+#74szoE6&h44`;cfUdc)yP3 zi*SpY%N^Lfu(<-&uid+?&5w>%av6ON;4YAwEtclsmiaM!ynL)Oym#-=$>w`&8M7g9 z?GQK2=(5bJ$ng2$9NDMF_U&o0F~OZ`TWOR(DH^va*uVhN8fWHjH|De{Hg5||HnuSq zgjn75*M+FJZsb#-sGr7;H7Llu4Q<26o^lq1#q%+cIX`B`*!>MWDT8*V4~1Mf(Hxx0jb`{11UI@TQyvWpA@GPHW)wm3;HTBr6Mj%f zi47n7G=ZmJa$HxK*M-s>)L1QKIF{kRRr;?l?`swF&FzCZyy`fN4_xYtAjP*(%5Td& zWqk5>wZfogIZrXuE;JBoB9CA*S>3*P5^A0zextBo@3EoXyY|ASFc%BdRbQ|&JJlri z>dW$`>Dh^r{?=%7ee{~?j@$4qFJXapd+7AC*Ojlb$a&DVFqD8i^@ZSceky|_Fb`RF z;NTQL*TMYJ430pqqkDIq3^svJ+46}WuVKBNB~Rcmzvh=P8sA3QWRp5aqqm}l@g+}vc? zOw?(!X0K*Q`34iUM9x-b3+@)v!DpqZDSS$>POUV+%&z2t?D*cp806fcJp3N) zwySC7bh)vjaxZo4l5>C~haI97i{kH%HXm)VtWwQp4v?HD~HF#G2 z1UBz=#H$g!4LeM+vBD_0qTb)y@Ye9-gV;`e3SXRoAkWST!^^}QB6Hm}RTPT4ss>NS z;2cLI_z8cG8!o=l-NWYGD6PupYI6q_l)7ggOYxgE@e;W9CuWQI;c6PODyESPHeo7O zcq7{C)x7y(GB66TTm2XlYiWMyq1?uH!3^dvz0cRCaH(=3k44UT3uw`6+Em6g)Q#hd zMHL$2<~7&ABIAuwUaH^~Li1s&IWg_^N*7{`gJ!fhytxvE;`FSh`X;ku9bn$>hnmA} zf=>UE`7stM((-8Pe&d^Wt<>QW=UhEurdJp%=JaX)f%CI+6Xqc(Ki~9h@t8N;8{yo~ z*bFABnddLH2U;hO$Zm@Qu85;a}Q?@>b>Rlx!KHB$HROL@j)Aw z%E0|j`P$&9XVDOuXn+Y1Bi%H00oT4wBYgU%>zwF_6dpeJm@r1(I=TuF<2S zD*zik(}fw42WO@x5xg+tZjxwj;pQ@-58q(`hnTMqNap#V}%p(p{~NzoRxSRnO4>0aA`kEq$b(NRydvS z>KlBqCWCO!iz}luN9Syo4j7*EsfWM%nlvH#!Y*8+Yth#wvc49mYNC{xDILle&6%rU zx-UEoX3w~fyvLLqfZRPyPur)b<~Mc3Bd_?=m)t>00e)+eD6?j?+{Mq zPb0g(3~hm;UI{Jyi!Kp0S*G<`&^B!HaCo?hhJkd8{Ehd+n0mZ;>)&u$tu~Gq4`*;R zhNW$Wk=b#^5h6W?s^-a9o`-%6F#^Wd?4o;C3x-yKX`;vYmCGe}v&_1Ys%wewWYSNL z6w3JwpPH=N`{uqb9J*Nw026VybO@~5F9izpnb{>_LIdD=<9=Or;o%73(7W-#RB~oD zsD4J&4Xdvf_~Yvt@?Z+p%O&9A7J<`5E!G+iz^C7=6-*4 zVPe-!hPypKiVr;(w8qc`L77teoW&cL2TNnklA-OI3KnU- zrb}ks4Z@lotf_pt#o^TrY?78tXQ1P|``9$ws)}o4H%&cUpapFCJVQ5d3A3Gd02-e{ zfSqQc#$sur(f;)G8v=U+QUPk4HanU`uMdVjh}@Knj&@jdX$G;R!iW@VdfL}Fo~zGJ z=3b(0*jBLUci%t&$6Q)3^oP%z*EQ;U0-J0!f3P&^?d`TO-TN?nikQhwWN@_F6TDk9 zi7zP>cmo(WcC-~#>f)36iQMQhFk?Tey=4$?*{mzg7S)SZ1&NPC-3fQ&@kMGT8U*{b zMuA9}zm?`yzHl>^R@$^cFAOdUg-7x^9TL5W@oQc#)O5J$xdU6Sv?WO%uGJuF5py;$ z(B1~wEzDM3dMWe7w41j_Ky1X&9Hy(5QVq?`VC$DKTTLsf&dZiZ4kol0WxLq2S%16p zR`Ksv&Rdx-YLeu!m-(U!x_olU<(JH+FD0C+WE zMlYNNHjXeZKJ&=sCwm8n%{{8cYB08rF>4OZmTJA40(`b+HNDw7LdI`(o9B6Z!%BTN zV0krJ%=eWwnctsz#%67@ly2O7(vF>uqRI{s>;<$Q~+|juf+1q%Jt8xoWWO00NpV!X-7vnk_IN zf*Mm8c=`<1ILuGu(FqlVv!*l&T`n`HHq|)0SFVXF__JypxTJSE^dgw*2`^L+Hongl z5hR-NE}E#v%c>W6;1Y&t%W_P^Yz}g^iSkU(9Pl@mpVyxpYG<`fGkni);Yh9mwZZLU z6HW7(o>ztg*GBW>vy+u01?>1+bK4R`1SJ5^v&9jP5_Xk=I+Z-sX}>j`S~*t4Y9m4x z=5WF+P_l$kX71a#$#qP?s84#zW^%=2n1(oeYSV(VYT6V>kzld<&gP4{V%}pG|8@@V z8s4>Q|IpB`;h{Zy_v}1r-^nNK+c>c-Nkj@u>h_Z-4`)qStCoh=Trn9wHT*R_B7< z8k;TaSZ&q}-AfNpvmNxx)d8sM>bwZ%ms`=HscAIDzizcHe!<0q;34M4=VrU_SJ{}T z8dGF=(1jk24wsMn`P;gQW13Wi5ESHcgEY%;qW9@$*(PMVcO*5VE}R$R_LXXw6V{ zfFcn-;}K+o@W>GK+N^=_$a(Vx!z1U-I4>p|)jnTubkG~0bad_v=boT}g6H&ZL? z>0+(4--lu1Bbq46^MNCKaBd>EuTCt+H1i9)PM3`P8}ciFfmDOGH9E#-r^3<1Jd5;` z>3q53uHn`f^K!M)D}PpGM#iSIP+<#rr^eGznxmj92+$#36`#b^SzHswCrd|M7>fhI z7|6Ej9ILjU-}J((ZqUv0!=i-fp_7Wa4t!mVzi@^nALF%ZrDjI^3JY%5w#zg+_`OteOCccaJCW;XTA7HPc#d0EE5Uzb3$Y zoHT@&X39;EHmj60t$84-GVhJ~yo1RQ;k*h?!Y0`WkAPM>JZmH->L; z=9*dhYo0y>4!y>6gSANb)ZlU++TXa@^Llgf>KJq)tXuJ~$998s@WB4?q>#(n4 zrF4kJSb0`=2x|f8K*@Z0bpdgWS1~8?ia*mEzE#ZEEd9)tSIzu1J0FBB!)*yn^(C_A z8s7Azb(_iZw7CUsH*^II&0wc`4-Dldrw``v_QUujzpjPV(z%vULael!zX^~n;4T2y z;G>$LCt#IMs-$}?H#K{-x^gsh($KD<;i3I|ckMlC=kWN@*wFa!uJQeQ$Mm0twGB24dj08T%VZQ&(AMG2@l%~zg zX2CQpYL>OvD459MIe`V@;3I@p=!giDmY*EQrz5r7pqk)C-Qh(+eABgvcL2-}W4|`7 zYMeI0W*x5$O!21jYu@DYVpgS_Diq)gP36~>EUIMz?%s6kbZv`jqT&BdS2X1XIyHp^ z%q~ypHC+P>j%rT|rA(ou6&HR9*(0JRhpehrHEJ!^e9AdqT5?7A&WRGUuc1AIyE8N6 zTBSI=w<^eyq$T`berT>dCcQk+L;Si?6_^OKvxPBMId-AVd_5;Gt9G_>c$B{pUggxh z#y@=Wu3f|XckkXgzH9HU@x8l8PTs$JPi8VVlAp}tTTjNP)u;`Ng6lS+iN<;nkvrWD z1@r(x8wtEBJb$a^0)XMw8&)i#4O1oWBTo&GlnZGG8Mu*A++!BusoCA7{LNL5zaZbGO+WCNmm8VOTi{Od$H^v zn`!d4DQu#Ewd%pzSG`)Q&Nn~w1$Dmpv^e?#)e?qC>aCr+bS6Y zaA(Hdy%?8CG6t(^zhrCxyt!GIbwgKd}FvJFM+btOzRMGCq-$u#E ztkv7bv<;Fm2(As1F@Vb|D{VI+R3R_Jq^kmNQ8L!;$L)37pp}=_wFTWOmKTDn;bpP% z*MffN!`$h<(~9qiX;%TST)6u*X8cFK3}~K1%v*u4E|?vm{d({%y4>i@pm=xVHVfWA`XGQOj*h8BsO{-EX#Tt5IbU?0f1Vv>`B~uC6 zK@Rn(O{kb~oGe8g4N^o;5$7sJHUU~(M9vq_qG;*`;)N6={!0icMMT&{Yn>jEprlGi zxho9jgF*<)I;bMZkPs2-igYC-VrS$y5sPl(Y*FBxNVoRvYX#7&g za;B|br#GHvY=r)$9ihViy1G^Yk85oYixUQmqhtfx9d!Eb6tSXz0dOL@NeQu;c8KGp zh;G33M%pfplSwqd{9EC8K+X`#viihMLQ1!Aczh_K97)K#5^ygX$VM%(#Zp_m5^Dun zRwuGWfW$ZtUsNjOc2r#V>bOhkGLo0ZEOC;hPV!3aVl=H+5sDL#!b83bxh-+e5mlf4%8TJOP+NLngseMBZLN?M}RQk~XaGKKuqY27E2DE>2$ z(f0uHQ5^rJ7}Oguq|&<4?zP@;C#}!goz}gMvhKsd1QxZ>77@8Ia={Ien58DIi(g(I>L$Q(Iz>HjveSYlMckrM3c8$*AO0d#1jsh z?oNPpT(D0?IK@$$xIhmI*k?wpk0Uqc2Z%9ZSp&+J_;J)aOVEKn&SI%G)|WtfD=kYB zPAe1$LMlC0P8Q?ALnxVMEi0nj3D$ucZlovQKy)LWq|Z{HlQ&S>Ql~i5Ru0+Q98`w` zWMD^eY_;y8s1mOPKt+)#&koE6L6V{v{8#8?DeS9=-bD09!qC2ylJ;jvewME#j;|8k zO_)W36rsZFF=x;uP>T&%>93Od62lY7r|#l1$d43MhQpBw`aIDW33FB`M@4Ljv5_*7 zHhr||tte?(r-?1pEjmE85lyvt991WXEOlE}99*J9H(HRRq~u;I+;6PwDdXo!8Yja6 z{3LDwt*PtCx>5iU*EUAPH7+6yO2yl`Bd;S$#xxFu>HR+t-5TnBhvc5yF^#EekK-74 zx4&RI35ou?RAbZMq9V&WRh;h6P&|sN9pW!Bin^~!^bHJ&y72pKt0QWy0S~dnxzYwoIN?|C(cNeP~-xy@CzjQ1p*qWoIDboWyWJP)Q~YBfw}7}b2uaG-;r zrLU&6vLh)LNe0Mi%sNg`T~bTmGb}41I_Y>Vn{?3;zvv}iNeHFnnNd_SV0{q$K3;7R z*bD1#HuN_wok(<9x4BtZv02F~K&R0IaFxC^&P~0T3J0t^!G{h0#4&mm+SaAIR;teQ z3SV-aWn|+{qg$NAEhRdDu3tt2wQwVV8wcFetw&tA;+>k>1H^O{aYQqAbg8d*>2t^Z#2uZ1oJm0x**G>@?}BO|`t21o zpdiHbzvILikk10w31^*iHs&~J0Ye^f&Q%Ek*(!0^(5N6o|3%2Vg^buqO5mRmpAz(G zhe zYX$&QQ08nL8_@w}y-6~aMy=~XE;r(M503ZaxDCf=aoh#PF!}>=W0JVnG&pFee*n5$S|Khe!nZ4ZPPUK8jKMXwO@lNn~J3bwCT$(^tF^u;P z=z5@eo`r9f^e!kQm_jR5v?G!58gK$Ppa)n$ilYWuPb1o)$tYP1mV3ZtbiDN{<$@LT z8A*5XD5^-Gig%=Z9G_@V+|S5l8akf)){PmtI_m(=Nl-tXZYUZ3O4%zUv?=eO-0Z9F z8QnOs0jfL5J4Rbrz3V+wT5lrfc!J&@*%7r)luABE^ji|Y15Uy3g!ls^S1Wwf2YsE# zj2Q>6(QG`5utH0$d;(IZb$~4t{8v!>nbo8i3+NM0lTonALif@HA8jEtNG@c_!5R$OX=e zPOv@;6AhYUT>L94fPVXZa)4IVL2GC=dbJAlx=OA@OQRb2UT{QEDCz){l-=NbYoW_R zD`k4JaVw#)g7_Ha(7^*o4A-fww63TAlA2DIBGWzA9(fY&2lgD<5lM;;@$o*i;q!em zAyd+pkMu#=6!s_jq?3p;GQkso%nsV7U=eZsr&?A&aF_&gdw8fsr+~if z5!@=~TXE3~OG-e^?z(}M?T9`L@2sp>0RsZ+HJT%sIM586E252{1dNlgBT)rw1XbIj z--XrVl?Oxv3(yr>u@#d#W_?7%gc$}C3~08|En7k~!T3?)-6Y;cGOFv?i3Xw$+wO?Q zBf5LAHBcDzvlXp^{Gl7gYHfoHeKyxoeSMlf@6qQJ>Q0>OoYMJbqHD;0GpTDxzL_LU zofLIMai|G(kS1a{pT0kKG zVcRjFJ}n36R}uPU1bBHQqJ9DEQT#X}e*_a61NsA^AA;z?CWZVd(a-q$gHiSFDBT>T zuMyotk(>1OkCgbFl#dDVO+ohvdO*?-B*Seu20^cBNpR*}t*XFPUv))_@PE z<(-N?rRX-6{AdFH{>c`fhJtQ?UQt}8AwtvCiRl$nUlig)wx-_CLC&lMk*-#!z~WZm zz;Qdp_y!Du&54mc1bXTeCo{K9fUKGMd1UQ?^+)3bcZGtZfpHe$UnSDATXYdC92DzX z->>>Q1_(k0Gn1SZo!y`tCeBzkf}!b!;{>b;#*$B+aYLQZc{FvNs40pGIaZ(xR7V6u zvd(${vmRY#1qa9?xz34X#dDO51Y2DO^J79#8GKLyAshD&e z<~Ry-7<`xY1Xx}$V%240{o_QJ2~l_6u2Z%>4&~^2Iuj%m$FT`V3`eJR3(JN$gz0nW zX&{t-d7LU;&! z%jvn+)o3kDVMkt0;E7O}UWN|QmE`o%d9)ee;7XzQvCb1ajs`&{r;8`TgzN(ezb-+q zO~3)h3P@5u0W%7-$`@mYnIN{SUeQC)7C@hP;;1#^9H@J6S3!#e|6t18hLIbzoFp_E z_8x(L;Hm4?Y+$WE=k)pA#&@?$-=y>z*D1@{0tZEjbrZb2T6A^?cQ#7 ze|xMu;Ua_hI3kpqp($Ae`J64!1seWSVAgzE($mrPr;D!&S}7h8@>fy%9Bgc8S3-T7 zjcwAJdz4)a7);C=2(JX(0Pv}>?T?B4&6xO2Y~!zE@**&*4H%v`3c6H4>2cM6kbD&N zp&SZ)farsKxq()Knnd*X5&Dk^$^Z~>#55x0FlFe`i1Qy2`dvia9sz~+lWHkp3?b+6qr&r|s~hfvXS-9;i{#Pf0w23fbE! zlIrE$!!MBd2GMm)ttiU*=#|`y*GRPyll>K_5DLgz_1E-WLh|>8^CF0UZndOW;KVFH zhKZSQZ2Q@cBlbm3kFOVya;bi2GsIfNM)rv6hY(7OyM^IYnD8uwA*F1f3Z7S}rRn76 zgh*~oBs!3i-qB56UEL02z02;7<2QmMrhm_Xsz-fk*tufm<~2C4Wq}GeS;TT;diZH$ z%(_*^z|AkEp9!!>jR!c1!P-vFrY&dKC8ibD-72~Xe$6cqAqE9Jc7Q3-2cYt&%wfL= zqX^hJ8PiZdq9?NMmQyREO-towlzyxzuyxYd@dt$>+J0@2Lbt>0AzO(Fv0lK)XXliZpFXb z^fH@?TKgu%qtB=Rcs?3+{R?<@$Tz=0{uN!T@ceq)hI1M>%;BgdE7se8jSt)h0WI-=}3@~*&z;`S-y0zAATYu8YXoG?- zz^rt;=9NmHcj&XN&qMkg*XJ7zbG_gO0WooU4MUB%q_9!*QxQ1#x=*6+@9Tv1rbwg{ zO8v7jg`Y)Fm*-KhoWS);Ug~gKyc&E`+Wu2Fx~DjW4b;n-V&v^Ma5hB%*w3Krml*h zEL?u8#MSo3H`?;06psu0T4NJ4+r1IsEb9!-cG*~F*1O4xGP4zX!G8Niw|$Qp;4o>w+&3aiJvtG(BZYc-QO#zz5nb)*ZvJ+Qb>ot1?zwYCsSF_ouX0xYlaMnXt zT5oTN<2QmMrhiZC*bD<=V``0cYc%##3@H5!riW0M(FK=wT28+vB_pO!bBS)i`g$zJ z%CQo=pz*{5Haaeou_P5u(Go_=a6IPlGN;Q9eJO<+W4FnMK zoe%GIN^O&!K2t^l-1V4)8`vB}zaS?8NS>xU&a4(TE~Y}#CG3=SbKFUaDCE)QF;LW% zaRo_Yb-)LMA9%$vlqr;g`z>ZUz1AafEXnXflx`7hJ0Lj<-3>F6b?AiU3|MbUXugVk zzRuL4m1yMCx>C1wGi>a2=qel1>H&Jn{qVzgq%NZDi4PO~grq*NwY~#?Jz5XD=1Ttvn|V9Ev#WtzDW0bT^tXqD(^ehFnq zoX;sl=YlicA#%41x@63|?rA3X1TY;IW}7`?U0+*QV`` zv)91r9!0KdjXDuT12SQgiPsUQ8Sw+!dUve%5O`Et{5AcJ-3gUZ{>>U|Q)C;h2Corx zHFN{n1HTLwl(7=)V7dxb^{gDvQ!Ea{EF!R!!em79c+)A+A8c)OKC%XgyNuSe0JhBu zuH0SLJ`AK2!FoaRLc8FkKsl@7TH%phc|UsyA0Yj+TAw%Fj|IB!w~F)B)3;jBgDnXn zgN|tn7;7Z9g0MzeI}lG@BRdoPmtu^ zlBz3)20)T2+RDh;1h+$X1P-3`9Rc3mI`fd>2`!F9z=LO=V}DyA>^AGY8ztRM8~ z4tmP%1Yq{<7^m(75%3iBPU3*x8%G7uM0iPosQI_YzrbSIX|o!dLr zof&a^hQP0CMg)of4NFE|FX@hF(>)NV>I*NVFTN0+{qhUd*I!6qdm%mcEc^CnYxQ2f zj$KmBG=O#}YLafmLj}py;WL$m3N4P8+zJ(`{2q$>^VBWL(-L*cQ z(mVmVfKj6N08boh!LcQXCjk$4AU9&^t(`q-WCSMVd&#;EbCF3n2@+m4V7*OqK9@Au z2m(G+7+TF}yReeu~xM=iEq%fcIfho>PD^oRqZgL+S77w0ps_ zMC1yjl8PNq z+h{9R@tHt*#CV!B0)*HNb63zN{d6OKHv)e=&mQE*R|^5ZZW7)F+6WTgg0r7P>Kt#v z)Qeop&Ed85sQo>X-zN1PK8x>A^xH(=AxEDf1vk5`=vS|Xh(ImjGD4S0=-jHVjFj|p zl#;IjL5mbiXN^;DByUHDn6T2aOZCcxS|Q_VHSN@S%{k2lqUsI|__^pjaDcxQNW@&B zyXZ1V7&0ZrkMwh#LBedp5ZL1iRLe0A;EzaW!3Wmh!{UezlY><=C?v?ttUHhciYFFo zV3K?S-d_;YUBdbx>kQ{$sqe{lHx&FH8w-poZ4cwTJGKtz^>#nbE9|q7=WLsoJNKus z_Ng-VDL9`B{g$QkDx6ox;AMb}IRpItOdATAN+9AysN?J%IG;f0!fT?ObLBHN?ZQh< zkc+_DX7HRh2^%U`Onpk|_C09Y_o%S0R9F~Qv1pHK{I3`3ovP!^{wH=R`D_<5Tz?vJ zoC9qzKU+KCQxx4eQaBKg0&6-3{T=_&L=m~nej7cG6`EDIkoAy?qG_m#bvy8&WDNY5 zwIrQ_%lHZii~%gkL@^$)LepS+m}_{>qw;n=_hOh&;M26yft5lhi}esNqz`dDT2(aTc+^@l}jU&1hu07myJ}*C~^L_BQ z1NoxXNpO0y>Bzdb1LZzLr=Vjt?WJ9Gy4*(>&}*=At@!*PN5qWq)h84U(U9Ch4=8$E z(q;O*Rqn_0hs`ye4zC&P9P}z8&UN6=wbucG0)`_z_g_%IKGQJ=jA=apieT-&KlGjw1hvmkp19Zx5U z6TlGJY7k%(2%duw+oNHD2ILuZIy^K_K$VJ~Z1co94_D8$pGVK7=Zn9DUT8`N&o6*& zvjOXqv}wKdA;eCpG#oBy3QK#eY$=O2SPK71rlG_;SYSajBg(qdrkfD&sPo34w5PE) zp~Y@Wi`}Q_vssjS1`FR!YY+?uUCEBQznk3OT`OtT9_t*3nGy^xXzgj*j%gmp_^y=a z!614fH2aG{M$s4(F-Qdp36nlgm@WJaydNsH?BATFUkUn!*xZBVwk~bs@qkPEFmgkE z(1lZo)a+GwDr~1)VD1SAzv&pnFl*Kv=N7d~&US)WUxP{{<}uEZO)#rvVi(NnJ(hsw z(Qz>qQc!cnYf1erw}s<$Fn;v+L?7je3brO}X<-fAV!ei$FDsQd(y1CZu^V70Y}#2) zTryz&j+{7auONUfS_c&cv7%V<`8oOucKkC82QIq6FcYo-m-J*7z$+CTvsf8~4q)6@ zPqi$_4Y=wzb)k82>x+!gmkaeOv`=i)4cv_Ldj;Jpu$akR;;1lqozOyFdjPMpFO!AG zVF<~m>T~jOXzH7~0nWj(Zl%)8vb!;A4wh%_m15Nj9H7`$$6HtMiZK7_fh6OCQCLdo zpnn%UHZW%~z}=w3L13z%w!%w>n$e_A8V2PGI;`N}7aQbS%&ooLdfAI`MF?!#4@y^Y zC<^REw|CnxIH?CYxHQTGKZ-^~E)4~an}8u*qFGVz>lF@8;o;VPQ&vwPURqgv*(LUB~W$HZNmrp~5Id?y--tV)gFq9Qo=s{LJi#fDg z1Mb7p=kH8bOfLf|?0Q*$oM= zmp~kZAZX{&`fSR22YkpF7vMRiWZGX3*v2J#fXy_wn!^xm91?xK4eS96cyJP-Bpgf# zb&2v10(XL0dyw@joE6*wS)4_?EKM3!uqiT&V$~d z5imC3nS*L*$MBEGlZnZOEC)TLRS#1`6cOEk5J73Kd((F73RZffh)4}qy`HOvjZ&>T zVyaI1RmZKX5wn1a-33%)K%wJRZ7LgX8%!j2ZlK{&1TUk~)u`}JggbF$3{w~u)NR%Y zBohJ0JVO^|{dFTUAAquGZNmC59K$vn@Md0Ma`U`klb%U)Bioo;K%ZOUZy@_BTKNVN zS0UVI4^tU!kptpn*f|*Q&L{#+*!UZu{i|W$xww%q{V;+%Fs|M3w`qboj~z*DvB9uK zBRO{Hq6B)~4Vv5%L73E4wAOklaJEqlK%0rn1dD5gk8@~+Y2^k+I5ba8D&{KaECTqs zQ_h(VBE36V93qLQwJCu0F6KT;Pjok+evtdNlTTY=M1P!~_hkBuz1DfCnE3@%zP>b; z!{Z7eG>ALv$DG2H?t>c#ZU2a(e^E35^Mn`eV{#32T}U}7VM-j2l+EyDWNmJossBnm zgOf%jv^bmFL#3j*6+aV!91#l8bCB~es~EPV`l?n zHm2ssVU*v^(-M#Spbnv(arp3fH3T$mpWq9;r}4<{hyMcpR~^)FU=5;)Y>luJt#?3* zljug!1yIff*ZXbX!u75N*{~4RP2PqETt>r;x)`7OFSXH*3#_kzmvWPVD70n(%R6XE z8f}qk12ko<5g=S4=4`ZWe_)==1Cvq%G7egGqA_HL3^X1yTRxeG3Ki_(T6BG@_$tMx z4nCz(@9}4d(+6=p*LsD765{lA!2Q5AZxuff;%(5%=>)W0s(lcAYZY9q66yhF{HLV2 z184%FtibbaD5b#FSRiQpAw(^%@~r*Bf5mRy51^@A`MDj3yy|v#+i`@GARH8o5?;7% zm}&|5sQO`%f`Sk<09O$ss*77{Um8POw^;ATRA3wd&Crv4ABn_##`rKp2X8^K8>vr= zKAV-lkJEPR&Okv(DFA_?$Gj|s2T5J#K(`)I9#uLZKttP3v>xTG{GtS$Ax>PRe0tc- z^=(E&Ilu)a64v%!>qOHyJx|#kza7DDCP@?BX&}0bv$nMZUYI)|6YPE!1>u45Vr2rM zDq<6c9Lx&Ns;APh>_eQ9u=k2PNPY|zC04?V7UKf~iH`^j-0B>CFVMm*S_Osb#l{*F ze@EI^euMeh443&GSiato98tLx#-I;zHgBOL{mH&g-1UsmN%R(qjZkg~w-Fp?TMuE; z82lqDJ|@)1K^5xLq&`n{7l{#QSySw>VqSqYuAAauBsa&QE3SoFjKVPGwnVr%qc9oS zMLU_(v5W#^MOr)wy)1=Sq}E6DQ46bBgyzIkW@}jJXF!mpy#2 z+HlnY#(oMkkQmIWwcnwzC z>;Zx>esH9~kaQBVU#`JG_5g(_2CYpz1Rj8Qfpk1;pA)l>M3a$D#8dUKrjY=9r6J&g z*B8##G=DtPyfUYhwWDvu&I!Dx@)k+zxvt5m14UldL+U>^%8Hp_7Dg`A-qpr-6# zdN{|rHwljjI58JNV3pI<7I>l)7CX9OvI?x3ZX5a zLkfB+LPsJ_T-nc+V`vlJnn6D${H1$9)}JK#c`d@eDaE%P`msYlVsY_fa0y7I5AZ?@ z)>Y)KNs2p{BlO0B(sPTX8<0oB1QuV5ihH8)X+9Vg53^<>=;u-KD})O3H7FnV915Yt z!x5|oydAub|M-E8)w8RxmZP)1(xzA0^csdL?APiB?S#ojBUmZGJ3ZijW4HoX6#f#- zQWDP=uaAj0#GI>Q;!QC`x(fPmgd-Ba4vR73d@Wef7bSfzT+yewB1AgcpK+^7&|lG$ zF@ulNl|;9bI2nd>2VuqIWkeNu5_7H3D3B(_9-(fAOB_yw3{}eyz!7l<%IuXJsh5pJd%8iM703bfKmsatO3m{mxLp^Ti6AW= zp~slM9l1&8GQD-szNfQY0ACga8tCN!oefHYe+g_IGgEE1;fcFNsqey-tN-3d3NJSx zidk!zU`gOI--P(Htm80=HrN+L*F>HaT?sbUC9Z&(oa`2TsaR(s9YusPJ65$`x?lc^ z*8|qz1w`vFfd|wD4uuysaLqak>jms&NG4+m)zOLQMR;i8%-swd(}Crb;@B`a5S&$= zFs}8pm1lspzKpOeuNOks;2n@11K`#v>o&Mu(LL7ZnVa`O27D|f??|D}Zn@DHk{ek) zNkeG@vRJzxK+nL=daZ|09vI=kUsoYp3)#q8zr&TpzDE(nhkcLi?_xdU3I^}cFS^0H z|E-&T!eQ(WciT=R5e2h_Zm~{v8{1`=m2VD8fKj3Os8+yPci6!kVw?3YfTEka+$nk; zydBO83=xSl#1JE%(FP`8H54TLT)&?yud{5YdqGFy7d>z`4#BSlrwdAn*!SU5fZuhq z`h1W2INKfED#?yC%Q_G3LyDuG1!1B((N+#JMo_5T3%3ym3EW7%{A%EiE!Jar-xe#s zSa1Vz^lIA$T5l4s`TV|@-NPU}76Z^Nb+NO-F1*F6(>2TQbvbJk?+n6kCTN6mgfs(ln%rg@rR$h&E$eTL={@9U8Frs*4LVEyhiy%$WBKG6&B z#2tM=0$4c)g9CmxvxFwm^S-qD2uxLaZwI}n15BxlR%1n8(i^$VHGMS1uTR(s5TwEG zM}cF@+NM^(8^9}H1Bj5>l;~!_JZZcr)D&V%Z0J@iSo|}kVBr#DhUFsUgdC441P-i> zqY2;=l(6B%km(b=BWRTt{@I>nL4IN(=c_ z){n7>LGSHUw{|k?P#^A8AHlLM902d`6u03D$oxScy+?N4B03Pq+0m^#Q?n z0~eBXGhT<_Aa1nTLI1XJv{^?jimVXlBc^H5fMb4rph?h%x zNJdw~6ZRlq5zgPi`wbARodO{!UqOr{^vL@<)Yssz)A!ryDPY5AaUiUDh3syM{0j># z^nI697z1D-zF(Y#9$k*eWVcW+EZft?cAD~1R{vJgV^U4gIbwVC1h}zr{|c;)Nr7{j zE^%hmkgp;A5U94S1DNPL)yX1bA}J+w57-KzE;i3FVL9XrXiNZWEOO#J{2f>X!>{a& zrl~uvS7Yt8-J66z7*;q(dG&Vnu$DxzwVWShlj2t+nD4+yav~ghjd&Af4aP3)d~wA3 z3Y2B}Wv}y!->m|ePn-&IsjnfeI&j`+pHf0 zjKGS65O*OE4wH!PP;hXkARbflbxC?<5?61O)WJ)-^kbkDP5fg*ys|^Sszd!ZOXfH< z?R6a;^fFugp79QT2qyMzZiA`yhwvv(QyYy3MNnzQ?2hp0c~qr?}d_o($;m319ywu2K|EvNZ<_ve4pZr zQohrnn;r3RoF3#iA{2eVp~sk(@Crea!@qD1pV_@~u2L>iZi8`3+np*>z7S!gT*;*jQt*b(*8#=(T7;4ED*eDd1es%y60tV} zDXV#gFj7+DN%JEGXwXRMt3gT^ka8ozOoRMR>hn%k0S1{fGpY1c$)wMaNw@X4a9T=! z`-(~ACL8#;-j=`BZwb69MsGCuc-+Ou>k!XI?}K%Se?&K9UeS8{mmVJ8fQ76OalAds zc=*2VZj_1R?`*;h6wZ62jE4sd9-a)Xg!!JN3hTLDh^#pUJQZtIjE-%figWl&6pd*l ziq$usEWOM-`cj~n2wo?ll?Zc2l)yX9J7Ufa0@Se?EM^O^5Wi4q&e40J{oO(i_1O2rYA3Cz7eCjUMbK~uyKqPWJ; znY>m6zU(l8IrLD3W0k=w#ity)!=amEbaPDH&MF&Y@(xzeZi=ao#^9rP%%RI8>U$1Y zt^mvZt|K4ipql@5==YBOpN{B5aNWloBT?xQN9+X;{lEGJ4Um}nOw9gxjNlJ|Y5*0i z2cDNx>B})aOPP>WbU(M|a}mrmEHcAA(~B419*6Yf(#rW!Og@CSJ(){!}9Df}T$@1Y+l`W`$)@Bv&OmDfh&EVG3AiK5>@ zJ^~d`qUb*q{YI%@D|$?~N8Qhik4b<%D)?9pXrNO)O+EvRuTOQW9vI&nMF;E@kwP~1 z1ic*#h3wvvG~l2U=3^hO@D*{yTj0$!_=Hl3T>@3W6N4BF>a}}pm^H}Xm%tif1b$|* zHiki@jd(94726^?mXG=~D^hEy{ z1*&e1(jRTYs}3p5IVEn2(k)TEEkzIMaRJtE#hFbWrZTyDWoe=6?VH1EfocFxnu~-iVbRhX;yUQ&6*-*aY;{QMi z+o0J3bP|5shxKkSTpR0qs5}va&W)a>)^r0CJ)Ib1RM)o(OMYMvc&*prfDEG5of|sW zv+9=Gr0+N4J3i{7+XyO%z-rpyEXIm(?6V$7I}j%#ZDF{m|S4Xy-*ZUh}V%=bWxI}No)aCr_0m|5V{aO|-DIR%Ffq_5-y)PsvA9$n(yGco*U)5vl}kbBJClzO0oZ=CyJUTEQ6pLX!R&%f{lh z9Zb<*VqLn64pUbCU5C7;LqMtdEe4*pAZTI$j>Qf<+l-a672r^1EM^0dY zO7g3iU!7#j5wP4x7GZ*>q+tw4l+Zw|gl zIGkC} z2rnIc6z^#B(kT)U)phy83iUT?@HkeL$ zRp%5$h9ZQTk&MDSX;&P!8=k^P7K_W(_Fnj3HmZ}rs8;gZBpk)&;APdKUi1ZLVFn6T z!`x&g*7FCqTlaKD`DNr3-hBVEo(_nuKrBf=R)6slHq^l$cEs{qjTk7gkr$(xXJdU0 zUUU$;tzXDRP|TS+9Oe)7IKDVG*rf#tX-kN$A=dQxmyd3DVzVep;9z5+AF?QkUx{Cy z;WqNE#vyUA*y8(y&PUrA7ArxkQ8w!4>9?-vMl+wJ`*D`$1V8GcuM4>alz3wYJr4rs z-@E8h?Hlc)-|#QIU5|A^&nO~z;PEcH3<@k=-c48V@5{RB%5KoaYt!OktaI|4+~0@! zBtO&Xin7fb%RkwHp2aJ8IQ+$WD!b`;! zJmbEdqzAx&;CnbECgJnHmgrq1SJDQkCJ!dXLrEZ5M81}0b@b6BTyQ7Tzb6H*kYq^Z zX9#f>KS|RgX{>DiV~TD~(O=N{VgtRrhyKWKmP5G!t-ypugaLGBLL))Q|K3f%VMYD7 z-Sk*D{X>fWIYI9in9gU?3>W=9#~$HjRTP?_gEjzv9Gowz^>(nlNpT9jn`jbT;A1Je zLzl(O;5TqNyy%mk=V2x@=^gtv744aB{J7b37Ya5{hJWy7xZm^ghP=pEL>a0A2kWEVD^cc>rh zCxX7<3aIaOvTuh&WHG)h>EC46GcowL^_IHP~OjX?Q@d=`po-2&;L)@`<%PaE^Dv#>-89mk2NnV(=mpY z%(wkGQ2dc`2()s?8nux4HZ$Wq9pr==Ze}eS%#dV=lO-1iVI3O@K;`U4ECw=i^do+} z+_V>nGvME(f}eh0KE(T-ea~U6dfgQW<0XmKW+ZbF))0A=off zq2~B78;9c{!sK|EyiiOC5XE#HW$tK;muy()gMv=Vge)1I5GLgxPe}fz3CTB^kiued zvx!rscp;b%Z0RRjPk<4Dz_EtkhrRLU@eDuHj~>f`oYAuq&f>S?d`;T1mhyLJab+9c zJh0>l(6yNZ(QU!@7{Dkl5%U5J9o_OrwSu;q`}e?M-Wzn)lQoqX+SWGgb|@aCbB$5J z(7vq-hw-<~KW4To1na4~y-<(uskimhyX*d^b@bCG>->^DSx2&c7giGgH{(U^i*AbT zj53O@h0x_7UuE0DkpT5Fu;;rGdS=)%w|!7Jl^fe4G8m@InP4y>*B3j_!pT0E+AYrA z7RpQAp{NKB`b$wAkqo#MWawL5f`NPWO4Cc6OLva+lj7>?l!}Q2;m3O9AU6yL7%u$dvjfq_--6-g6EeBnY{R1q#sVcQ zgl9ph`M96fm$d@j8yf(;Sa6OUV-C@qQwqQ@&1lXnb5>0kgyTKY1@Q(vNC{z$aoVzM z_o9ea?TKnwHtbiiT@w3?V|RIMKHCjsD)p&t75wvkVt;-><{>W zsTPamfzZpc$L>CUVeYUBP!`Dr6F&89Q1^am_G>FtK8%2E@$GWi4^jCL-B9^rdtHWr zpz;}*hxwnfAsbY_PXvaeWxEyHiN*(p^`NfQ(`Bwz7>iRs36^>?YdZWUEl~jDwmGB-quL-s6oElKtPDs~4hZFsB_!jqB!5cU z)<&W1B^A8+W(BVGNTra=T(aJ6x6UCUoMG#T_z3q1h-mwPn<+~qT+=eP@pzLX;4~z@ z64qQxE9@-;4BEhIek%vuoz=d>7(U50*}yT}OagNg1g;;TDkC}mi0llO==;egBG>H| z@cMB~ZRqJTPyam8etlw>Rg5r@+`o|6i~8-Q#9mIc|8)Y#{iAc|$#zMY_~nwg{yb{t zRo*#g|2grPAU@a@xPFzo=Vi`f&YAj;yVnx;IzQQ6v0Mqdf`BltB3#41Q?@^sk&InD z2TcoU$wol#Nsaw%_+T*|EeETj!A0JFy+r^ra;WJC&QbVs+^xZ^B7-uz}Z%N+*?(zpFM zQ2dc`NU{JHyYOvR#(6r(37ffDwg2t<{H@pLZ@Rvr>rXO}sV9s=4>{iAuxHG(s5v;x zj~>Iz%XfyxSqW$HTXDV~a=fMd-C11Oek0Fl-7GYuS)zuk2nZYHaidS|8@=D#o?487 z{XcwaX~R>y-tyG?hNu2ozA7STMXuUB?%{@is1bPFu$#IGmzw|tkFn$Hc1%4G%TCt! zH9TA{e$A1(8aQ0pE~wc}wfN*(o5!70^B2|NaaYvr%35+oE%3PGyuX&{cT#P{;>u_Q zL_Ddc7dTL`xih>!4}(Wwb7iE9H#54=5-#&u&K1Ud#y{@;)7asmu3~jBdG~AYaD2WB z6MH+W`wo zc$3vlfCA6Dki@Vbi`|Ci#s+BAn(^DL#&HF!JKhQ?FKyPGRpzW3Yb;iGJQc$JKVfxW zXtTOQ>@B>GbmI)$gCkTY@H`T-?0du%Y~*?CMtR;-;(5=R{jT77q_vImysJ0mc^I}= z$^S2&cZj4-@w`K^bYN7Fne$T{r0nkm0yWC>1_RIIM+w~GdFT9J^SpWwR?YvF>vge6 zAa6M!wm%-O_p>DbdF4%9?>TY3JH+*V^fs<{JzTF;+#?VKxSr?$l#EUEqfJjXIRZvQ z%qm*V00^QYW!7CA)P>*50h?#F?@*Az`TT_yu1z6zO-J;qc;9^m@B4ni`-m&tXl}Sg zypLKwa64yDCiYaK{nLqERKbb}?|UV1JL0qw!??}^QZ7BVqFZpvAa^+=^&H$zoH5AA;*5U^gkvLT+zZagkE5LN_Wz$b zqd4OHO}Ha^yK__U)!|H;v`)^H&BJ~|*iQ}ndf4Y-KPBw(7}Zc~1~JR-kGVr1eoo^A z<-YmZHpg)weA|x${Gr3))crWDAGs*wyq?+EyKqp?CV7!9=1>+ct<8?-lsJ;IRr#)8 z^6*QCZqHF&(-jToqx!juz(F_sUxHrQCsFzYk9lH2@`a$YQ$nRoku!g=9g2F{v?B^N z6$}WT_g_g*yA#3E2%b+Y()sRjzjdN@< zo|FuGPi-oQI<17{okEAItWpeQ<;Yzfe7c2h0i1b(oH^^;k;C%?^h^x5! z(3bo?*lPYi!B+lu*h=08TNw}}IMXk0hpiq;7`zR*h?)fq9u>V3bWw44L0W)U2hcU( ziCtOi+M`2#Tzy@ql80Ipb3aBRT3Kw7L z;`dsJNaECB40sEC0lz@KQzgM?t=PwDx)I7=-vDJ@K-mJIY%8ksj0eg>IEkPv^*?zF zlr{gape%nIlqGM2vJ5Dz0cFYGfil??*JFkXfRwHyU-vc}Pb~76tuKI%Xw-=ohdoh7 zB2iE!)R8u^;+H&7DUNb(a-t=iD>>*yD~GF6&aHFhOg_7S9l}KBj6`Rm3%BLov@Q2u z*6^1Wa_=~>^h2QAhl6!zcVJ{k!^N_$1{}n0J7m-gyw{$@`M0_N|( zR^vyjZTa_+s((>w`M<5&@2bgft04wqE8s{H&c7=HfqI~}$`SZkCW-%U@9`44xEtA8 zYkiZq)A9d94!4l`V*mmCW3YnFc<`Vt#-KfbZK#ei6%)xy4dwK-*q;pu6H!4%4584e zzc6-}#16a0WmqGEKzs|fAA%ZreJBc+1&jzy_YT{QxS^ICCO3+>Z7chz77s-ai@pXR#XlyGQxVi-wIy^x(zV z{-Z53f8Jh*?L~}lIn`y!x6iS@&$mx<*A6=*QA|g!(wXkBu^pOl=Qm<^C<0U4WONF} zj{<-|8*)#~#w9M8jEJ`!6`#>~HkyoxE4qGEe7<2+e7TW=*qUO8!BDdIs1<3EomsZK3Q2l0=DkH& zk;eUeNq?qDC?VKXDzE--(J<%>I1-jF!=VbViA4FE8(QYk>05lRdhru>Vu zl}qu`(=7qX3Q-I-mDv?kd`rQ3y%%2+9z;Dsy-oK4x+UG*xCB7OZp~$i)5fgA`*M0t_&cc) z>P(^uYtnLyux0-7E0MX5APR}`m1s^L-Kac9z_F-B6*`4mNgyv8gk-!;eyGJ)CWyXxJQpH6{w4n~fgQ~&Y z#f+#bU7U4LJUJUCz@T`*#{}19WHoAh;8$PF?RbcD|Eh)p+!Ytg?g7j~!f>LuE^F5Z zz!4w~$>%J}q=k3Z-#b7O{jWXtD`M=uBI_wAz;MzSmY&)+?mhm$?Y|NQVmR_HYAKUp z)V%NX&uVHGlymA438?mqqL~2Mpz|7%(Yi z31wc1>(>otP~4=r0X2zY)t#tEb0$W|lHy9l8&S@l0xOg)OjKtDwRTyM3~OOuC>?#_ zy9@gzVZU=UM~&SyodJ!RPI);RgkO}6Y*)gt+TDFe0H$)vKfC@+JARO$11-n zjsK169_Wew<1AKt0WklPrTsJSk8yUaOS;I&iwWQVqskp&kY@=miIW}N_hUOX@jJPl z6`v-up1R8{A$C*A+~5lK5*@n{bPa!}2s4CK49B`GeQ^W@g|V@hdEa zyDOu5AT`oiJl@W1;gR5TSPtk6$_-r)2yw{sQWl~M(^_9MZVU#+6{3askabu2G|FW$MZ}plQDI|h zFJt-{$%ZTX9N+$JSfZO~(Hfh&T5dx!t=Q+$9MXWTNoY>vZEJff=|rq;>Q6}k%JpyR z5%D)70Nsxh_dF3?6j%GPCh#wsz$0=yI@i9Kz*TveKy|P4c1W&h-5b3c2)u1cPR@y& z(phMe{?f!B8%VBwJc@Q|PaHW5nz(V$0FPw~(q9+!!=5SAL4|Q%US*|-n9M2_q%KUA z^*{`ez6dc5RC|@}buehBDqVx^7cTMX*#zkNPSuez>Go%(cD5LW^S6}TT9r77?OP?g z7Xt{yGFOBz(@y9^Za<**^XLoTD;gp2Q{@hW)nD zoDN>IyZvfqK6i+&Rv{Gf)bMPX(uWo{)Flbi2~Y zmFi7*JG&ydzHxkhgh@Z&djeN?i;wv+#m z{gHxYu7}xUfe3L@@H>q-zbv!gHuy#9g|TCFIgdn_W(BTd8hMg?vD3zJ z)iL$t@;dh9J^dM7c6OJY)n(^&*(`ifFPljD1QK?~Qlvrh64BjuOP71Ti=2)LZag<5 z`<&bHUz<|Luh+?*{C<}`1*Ie=89y>-Ki9=Rp~$^}^U|ifyeVDxD2Z-m;uuHx7a+9_ zzRpf*xl=JHy73%meE?J5nPGpgWj|O zD;@T=4!C4Y-YZ8r^4$)*UvYKY+tN_aOHUZlI{I}T_Ed+hpf>?6c_mzOm)K70w9`9z z=1gWC1@y8+=`G}_^fRv52#`CyvoJ&&MK5~mP&Ak)0i!25v;xei|6ykk3Mm`g-G(U8(T^tpOlC|Ks}$RKFG@=z{bh;k;PL;RX*GtG0U_PrF=$#1EE@x>SuIO z2&@57nx_UI>6tZL>Vc|+J5*Bbc zpXes^QAkmdzBMes9q1%2d_SG2sj|1Wu)A(X1l1(gLakiaTVZYe%sSeD&7n})ZM_0? zn6kDel(q|uk&+?^K;=LP9Yz@cAExoT-uOm!B0hp2s28!6w-Pzgf-qcBE-m%jj(pla z0v$}L|Jh0Y4qa)()_{e#uY*KU^v}T zIR+ZX@ibn@twvtQRE2C%jpm%{qjUO8eIc1(F7Z%kU43?@D)~WIAg!9dh4FMETqNv& zrQaUyRjJ9FFwooANB_DQD~sMMw&Mo;i35t+=LXK+7-OpjnC?NlWx(IY@gUwn^#<%p z9S0rA@3`2LA83zwn-JKJF8pJ!{Rxi969p6ccTArh+ea3Fs23{%WU+ri0uRb?K!l_E z?bv>IrRaxPuQ=?T1MbEFH$zAY?CZ#v2HepDO4;SPd#h|FF~9othJL%UpO|wX1MXEP zDsMCBoM3RGpG9D;%1h|C;7VbZ(D9t7qTf6vCOq!3XsBTuHzGu4jNLoNORm(vJIC0~ zWBeq3Bez((F#|auywipK_O*V$`zCMjN}s*j$0LVqiCxoY*D@Rpy*&fB_t_noAvT$l zANJV;lz1r4vd8=EygtxvH#?bGVp>G9em`I@58z7~2!w@F7X$Y50e1v7{v~`DfNfC845lO0MjcXC7UtnA{Ij9^i095Eh|I+Wu!K zs-?0ARHv3&TnwnfEPI0R8B&$H5%c?^hZ#zaGy=9!P5@lxDdY8&YWwb1tygTrlOENR zRElyn@yQ-)t!Hr`4^(gqjk_8MouB^4eiO-O-JZNXXrhiDCO? z&baaORI@R6hL<2Ns=zvnS?}H2J$tRCH z8nvXFO?E@T|6IC!z02=G?HO5n;7bj`1@11tBpyN?D#m|0vX$%&dqGe*$W)QRP9Z-Y z+RrM`$U-G2m2GAelLU0ORew(SG}=bDf@Z0zjtN8M+*ksdZ6y7yswz_@#36+RF7w9n zM69<(>m-+d*}_M89S>Yco@YE3H|g+9s%w+X)98x{FN6(33=Xwu4aON;liBKw`}5X7 zD_QvL- z$!F}-?sEbel^ues{*xWZEFEF~NK1~eKvVG!!@>TAQ(REQx#?n zi-kVMOv~uhM!K{M)Xk%(c(`gzuLH_8r=U8yNFJ7b9refmK2}|7&=(5qP*n&c{iV=$ z$X5ZE?-14K!A;H)%~WT&C2FW13y_vFiH{LuSWdIbL{hgKyjgRa-u(k42{{!X5T`oX56bPArr=qf6C%2dh( zNlJBetOU4o0YrEjJi>oX@T(P9jTWGqK7%9Etw3rZ>V)`Jgs*J(3F;)*Og&}KY zw}9nS+pUG8Aw!CB^=V0?ZLsi)vOzZMbO*Wd;*6dj)Xao{e_YInY~1UBAdDINQ zaV$y+^`uNo4<&sx+ER3?OTQP2*AQ0tVh}u7CJp&Op8T{?6kM=FCB9H*RY(Rf(DDNj zM9|G%N` z+dNl&(l{G0qqiH!k!?#8*e^nN?5KU-!BZA6gT4IIO`3L^ zxi84%n^VM$JI{k-^xAUCQPjP5k`frCWE;ZkfK@8c#tR6~-vXp6WDUk`=KvrGkO)3N zP(0H$v+3onsWLQBDTs zuy?ECLTv0t77IyI2$z}^mhpU)gbzv9HoEpph?v({@;i-lL3(_Xj zY6>)CIY9yAi=Rm)=Y`0v@_n@A3b+z{@T43&|5G3dpuuK>0cXUH(@LY~^tK4i;oEVd z$e=1S^Apu_sQ%7uPkIl2%C8mLY!z<}C}QU$$aNRL3?udl&b^2W9XW;0pdCqfRvW^e z#H5gv$ZErRp)gQmMAvGPv^H2gz7?i*09*WAGSsIcxi!k&yauIm=uNA=M6d=o9HDv; zmu<&AV`xgf!_QD~EWpifY?2D`FTmF$}rr77a#+XUq~xc|a!hx)n3# zmu7SxUUA_*E3Dp4a`r8r5!^`iXz`BGzj7j6UP?U=*Ym{bWI&;`xL%OI2~A66jG4m| z3Vo_akDj7k<=`}0yf+Mr`yky0Qj?+1(!tQiVt|#6jiK;f!3ip+!oRt^MG|0;+uLrU zwcR0TyHf^R5gS?y$13)M+?Yg5r5W}_*E&?N>3&!RNhshyj#nxZr@;r7BP!`~_QC_w zXzAi;J?oz+jadYm2YNO2pwFF~j6j1cHC~)=&lWB1i=L%vXrSLp42NNG7S54pLMzdb z=h(e{%mA)6yT*vRU{6pIQCs$VVokmOqxOOu#sqn5^g=f?H(uqcBym7TIA5!^5+}gY z0mLyXQTuen^`c)YyK_r=wS>yc$5V-yfNk`f+rY6SWr7qf)G{SV6HfmnGdQaQbHIfE@J_$ zxdTQx`7x484KY#uo&!IhiBPx{U2Gd7>EK$V^>WuS)#9TZJ%G*5M(n5WWzaXh-_hRr zB$vO6f=i!DY`6@Bg+rk|pSFhnqRjWg!}|mci1vU%A==X_Ow$hM!j6EQH|U#HP+rC0 zS*nRZt7j{}>9ZUy?dIm&M)#peR&&DKZ^`{_5GZe2=NB`7#VM$taUT)bhg$V5canfWrfGyNk;n8ti5#QEwe3> zEz4VU;hODXlY2JVwz*9SIdI;!=B}~ow)r;8M$hJ`aW>q{OH$k{I=Ym>B#C%@2vBhk z8-5i9$3lp2G!Wvu97RaJ7gKp+IGBE)rGLqiYFba_4q5DfoTnG$c7C2-BANC<+S(+K zP@6YhKmbT`ct#xw>JE!yGQAKqxijO}N^X^Cct8wFtmGHwnTkMBQ<1XTQZ+wk@3u!! z8PPKz&Fn_L`5Q89aP|0C-f(@tB2U`yd}+{*DJ933>N(i>WZY(~ z`^x?{7i?l|!Kc1-PV{ps=t`f9p*g76!vI@>dXtLKiy>Z$=eN*)mkve`P+J&} zk@Mqu!d#%QBI8M+M7%42IYh5>+@kTGAtuq&s*EB*?mDny;{dx}ulUz0{&y9KTk){H zB(`O4SCA{{7o9jQHSr>OYav~C$~=(Y$%B^W!~>+jU~R~cZ34AbzPkXi{ej9Q!0l9y zwb=6LyecH=@pAk!^;$&K%64%j`CX~@?TQb|%_*g%Zm*ToL*Y*__NslaocusRxqq&@ z*MkAI^>O#5svTMbPOnVzOOqJSaS4kVl_K*vO>p(t4=c%I6<5Xu=R92te_u-eRH6#S z=*wZp);b{K^aaa+NFMeEUJ*tbv?<{&{Idq3Dg!Pl)nAbwsH)TtO;f3zsU1nHg)cxV z-zu97?^-%`Fde8yKd1?9FhMfU?iYFbw1`k1*v0^A6=M2W*koA3ZN!jvjQ$`;hZ^TV zK(sob1nRFnM|Vl^=2<@cBxnipHSmkklCkmUc-ISe`A$=XvcsTXZib7IfnVesnjGDJ zT(&CviGL%tRoRc+8!3aF%#wT_X2JS=KHXyBw&^yFZr_t%YeZ&s0VWfngfkH^ngwAl z6(7lXN7I-}e`AbfMj1wGeKB@s@B#O2gZR#IEUpNVh|-Bj0onOPKaxD3Ee>?P0`!sO zUq?+n0WU7^b)weyth$|^+0mJOweC)b$or$Spc4d|Li?8~6d{-{Cd67_=F@XY$ck@C zs9=LbFSYX<{vynplm%4y(rSe9O(6Q&8m6V7#-wTKmv#RPHV74s7jGr*uxhW><3k%f zl6wO)4>jO3zi#LnTUUq2Jk!8lf(!NvheL30sluiJ$d8U1b80f?{H4`28(SyRB)r$eJcze6T-v^VnjM|FR1 zE%{<#ZvZF=Lmq74ag*Id(dL8#@HpXaC&Mc5$`lH+kg z=!!UX4`*|yL{uhC7RsZoP!FWjuKJ?dL`+L61KSLW0q!0Yg9K#flNP)?SqKJ^}Uw24DQ;z$K0bQkp=C z7-Tjkkkneh*X<#=T|87}DfXl^G$coMS4bK&^JLvFp)*m%Zm)Ru->6W4-_EZ4>DhA? zySi#uRXuyEu0QVF@fiA0F79gBeGPk})2*i+k3X#Gj}FF7x2GdS=5;~|TP}I2)9&lC zJuAD}-Ch1(T%sa6(m^`P7+ayh{;IBmkk25#>xo*Jg`d{!+f8?WlSN_Xd*e8ya^kL} zJapA1r-MqSVC$AT>bWy*0Ad@ycL7I}^B9gK9zYB8|c1(D;{R8!~}6-~RN zHC<)lLh8oD(q&y32YGz_6JA+r$8~~0r*}zl z_Op|saTPCTbb^&ThIVGisa>U38RCV(9H5#ls064PI><$wp$bSMy2_}x-VR=87^}&t zw`4u^f9Z$eHaA(cz8f5-MG&Wgfk4CBTxnb0>#dUfCdhoW%^t#6--Bn}k9%j!B+Ex5#p` zN71=S%EIYLS|5hJF)&1wPaz`B3HD$nxh?5qQR-D-Sey-pwc~qx_DAC3xXo>f4_AD& zFKljPLE{?H1-)1$X{2D!^+30e>_x%(W2e10ez40f?2Iqzq%p>&o&NGpySpR4x5NJ0 z&0-wdYp3KBAYa&cknRC-v~lslAZ9D|GBW9Rr^2b{${a>!(piN*ugw=Xbo7 z7u+wpv}BY1K$ioFq6#y~(^9S(;qE~_Y1%kgw8$pQEV<%qghG#c#-ued3uxto&^?*d z6`7<)zBIeUSBWnTUnQ+R@NW3w>Uj1Onv;b{Z7MjW5iN})yr>*<%=;=^Bz-zQ7;BS@ zmX?cYY=6v&&Ze*|nPk7z>mEw@oxP%0eN|Hkj7ziU&QLEPqY-bEnRXCj=9r46^Bf>S z&T@+6iUfyhd8_PG2Sd-gR=7Qr74e>K1@-s%-d^3IVi0fsD~q1(6X|eyenp?VQpE;u z=!>uKbJz6wYy12aeW3d{`wSOyzyDbuXa!{Hp%Q?A-yiid?w|JAL;C#>Z~y%T{r+;F z-vxx@I;QJCwLBFZ=AZ)i8eoCi(v-sCB>U;Cz~1=klcAtM7FakG76p@Gym$hV&Nghb z*s|^G(Na1@{;VG466l14Z~3L} z8~VkM3HBc@QR`6NVLFU%R=l7HW>H-RY!XBtOqcXylX(!Dm4-K&VU;K%v@9d`W^#1D zrKi#t!8&ipLqOzcPnZi?5IYrGw!!ASP|p~zVPl-(Xc`Y-p(C_I6W{443#0o3HkYDh z$Wc5H6Dps;gLOuK65;y1JDPSSrVL#A4B)kL!4zj$8wD;Hf1oEt0KD1_1ygX2i!?Y8 z!u^;Z$h+^ivh(AK#fekhfyV@iDuH)10Q)*`_Yj`%~i-juNQ z_V87qeXZ>f)RtP4xX#M9bv4;@MC%sU2s=*qxbSq)5HuF%F+D#l5MqfaO8fG+~yri*=kb5s}S_;yHp; z;Vs-JAp{f)QLr5rU8BO%Vv~-rKwC$nO%K4JK9YKt z$U%2>c#=*KToA`g*FLr&wgFP)vTHE+_?VJNx9V?Lg^t{h=;((wL4ciw07H)06sC{Y zD3GAnjaLEP0twV?4ZVs<^KI6=OzmQ8(GO(ibu82}_dfVVVk_+c`!}r6?%US*0qPt; ziXDu+lXxc1Cm{`NK#(r9X=JJZwsLo{OOEX^IG2`H@k}X0I0nq8VU-QWwg0mJ_RqQ2 ztHe8rEhYH-RdouPkaEG?G}uk;q{Kd7UnM!>wHO?%eL3|*eoVZ?K4t%dkhYPhe^S7* z55}#4ihH}ULPP{HV1?K)?0=?~W3C?FwpPO`NQ*odk9>uI>5(K_UhPO*^+gUdBBn$H z_0jKR(OPzn{xkUHpFu9*9e+i0O1`x0(Zt=IsKWAHiTkPMEOkFAejC&c)YdbUO zRTffGx?xhw=SQ#dSos_BK|hy}4Ad7`S`P*RsQ@b*?S+_z&2o7^G2*nBl!cyVj38Mz z6ufSKsQ5o(DTgtqNsIA}Ft9NN;py;zd_UMYGnoF)EX;jhkhyPpH&fPP+gx%hD&2Tg z+7snVDr0ddpCfNJsw@Fa(ZF z!!3#%kJro62t?NHZcZ&C5c6Lzee;oh3P%75#Yq#iv z+hVUb$4L%>!idRygYJ4^XcJS0SwPf@Ou+^r8c28!qTfLXRnVRhTu?f`cnA6SOGW?-cfdGq4gyGk z0m-udDW|&;(K?Ao@5k>KRnv2;{zLqFYbCv*;_uc)f2yXxt@;U2JO1L0Zs%AOeGD;0 zA`Qes78z&~!Yf;lqp;WU{$J-bv?`E?vjP(@e-C0&)_MAH4-)UTPU#Tu|DicjL4$peHWQsXfgXsVTZ7>xQFjw$B5C%%=5r_aGD=m zuC~H?eh1sp!nZ8!Ye4y;=mM-{KqU5Q#HovOoDuP*IYD!8GGW|9OmT8mZYNSg4Md>_ zipF5}DON718vD=( z7+bz5Q)nQ#t@_ zZXn$BfXH=-W^T{yTY0n0xxBqw8;;#%I8a23DE4$(maxIIUOJ|59_nTr3)7!lWVoE_+> z0&kgVX{Z5^sh%#NMqdB~XdEEfn*5`yb6b=Dd)R;3R+HMiyu?(=LN{i1ZO*nxI=c`s zNQ^qcA+iX^bGqu)?dp(E7wWns9Ld?rL&;cN!TA8&#OSt4=|Sgz=oG2`Ej&C(rMbtg zrkGh6gZy5vC$(>}3#|2z9X|kOXO<>@wOsmGVk8MiZq4t8;f@swR>W#7}8y z&8|4ltaT+bKD|`O&T(G(eDQfd0yQT1K=+V2Sr8r~(Z`S~xywtU^pn2jB67X8Oc)Kts%syQQ^3cpQOc zg3NS%7(+agdO*Z}xt|~!%=r=k*pTuV7R$)H5qfjJGFA)bcd$f=0pv%D6r!HRr2#w; z{F+kT_CFZ%T6?$<43^1OuzW6xaUWZPay$mMGsyP|iZI7dv0HRDUN_8AWD*8As<{7w z4Y&@!IRZ~f9P5+$Fw7olE1t~2j%HMfiat&i6J1!-p+XxxQ0d#q;L+rL1^ODaAC zkK$FcAei zf?wXno{V{<3jMwr!Oa9NP)c~~@F^YSE6o}eq9v8a{;#x|s6wLQ7V;hLV;`nV0Gg1( zdx@IUrJp6hdGp}lC?@t?1{_82KulFE7$H2wxDNT5Kv#m7Xo!`<53Quh6fAu`#2?RP z$O`D70SBR34JxXWaR(R*BzI#iR-S}Ly)u_ZR)}VGX5X_C+prRKR-hLBttEmer;_}9 z<;R<7;k)>In)%MQggN?F-PYFKK6VC~t6^UGtC&|fgX`y)1!1XJM0rtgR_shoW88*Z zdv2?70RhX!+c9@N$#D(p_lMwRmHn>4%Lf_t2!w=r5pF58nqrTnwj(z2&y%qUt)T?d zHswaCj`dqg|9a~T_%K)5q09G)j_j(wA@?RGA^N|1HZbO2S(pYlW2Bj22Zw5Pt;<1B6 zt+AbaSHnTytTc!VYGlkWRVBt|(Sw~?*}h)~z22OWa8Et?dMUXQwB_HBo9w<@wFj!0 zHosT0%S-V>Vy~T_m!49M&&E^1NC{Sr2dEe4sChJ*%6oU$#6giQ_1|c=`)xIH?f8{A zB?)ZrvLkACq_6=EhhW9uRPEKOe~E>OK@I;j*&z^srn)7(+%j|;ZuqN~zp)knLPfZP z{Ka{8J!6cby(pnv1E0E3aI`RqWUq{gJ1P_fRRpZ)P=X}{eJ(@dNIHU*UUQ$49cYal zjmCFXI#cqB(3Cns7YKz2$3b@*0TRibTGfT*G0Cn13>Z0z#Q)8V&g`x(D%KQW6NicY zICOwCQ)sx{WFG<==i1H?xbZxWIxO`1^qAj=K)1&R?2!R`bih9{;GXKB_RYo%_J=4u zLNmw?@PC_4j(-I7-gwpul#soWcLONX0Nil^E>6p$El%P-spxJ73%oJHV$>OZVG_(4 z$VVL#jR-uU$ENIn1lKFUh|_pGbY)2ssM$v)1iITr_Ixj#p zy)1^v?C)V|I~ncfSP%-2iO_?}8o)WpsfaNImGH(5RO7&SJtQrZb7_o)y&CbytvhCW!Psw(?+)CTbuKT6>-EAB!IAE&sS?I9?yB`G;$E7m+7| z+W1;T5A^svy-BT5#~#xWACKR-b^^^pI^fx7b+~gnKqfTLcmnS?-sdHv80C?I$1+8{ zRfzd;BVw)m_3jPa^of8~Lr8ZyRk^(DL!arxj;;osxH4o_{VCv~G$dhyOy)gI)mQ}4 zE})BY2buB*7VnIe7b?&DLGp+vdka8x^L}ZxmdE_ne+p+_7b%` zSg(*!a=u!MZCr2Dq{zOAV@<9c#k64y=h6&;7sOU3Ux6RfWmg)+CXwL%*dvaJ1?PIA zXlv0P-AJG{NugMF&|K1%x>AZ5#--^-pvmekJCE!SjIey8y2H=wc4?Qp9P5sq-(~lx zaTTWV_Jii>K{J_gj$ra&$}uSf>7GAWPzA)U#rATiHP_-K+@lQFg7t zMo*>b;R>fFOyT49lf+Xt{qe+wqUmnE;*p+A+%x(lR)FPzr7DP-a01z)l_-Xm&G8() zo|*AWY&V6gVXi4N4N6-2hWt74sR+-(qEt%0q1FXxG8k`Qnxac}|1H_zi#fcB`zSZ) z-DJ_s@MIAP(Qr5eSO685gee4=-UoQZl@^lkmVp|5bTx~#2SGKIoGGR641Agx`RFl? z?V8-~5D)oPR(drfvV}lX>`&9&J~Vu3(qPjeChb`20(eufc@~A6DUOZ7O=ik1kuH%+ zQ50{9@%lLI3o&IC^!4F{;Mon!|F06)`x!Y$uo`&kgNQHa1^9efRvOQL|N2FXiEB z*})yjL3@&U)pVCbf4@ob=42&U!b)HZc2BiYToI3y57dj5=0jom*LbfCfa-^Y5j}K{ z>uDR><@H$5{_Y8E++*Ulb#=C2OSYLF9a$ykAx}ai6!I0l*~uKcrf3LvL77*xi^_Ix z*`~&?i#H=2!56SaL9=BhNujDTzPyvf6NRAiHI4U=qKU|+5;@rTKlI{S%pfMRDUGed z*2$KTiL^)k0(0ksMQE7v+vKUf)r=qv)Rh^Sr|Kz5g2{~dWOFB3&&(ZnvYp39j}k2c znS>eJT~&8>%~laauEb zu@v4hm}8i`u8XRG9PQT?G6-U!18760$~|F_N*f|8fW+=3^V99gl07XC01PZSm$8!) zTHw)bT&yZIUH0*~pTHTht&lI8x=Ta8sHEdCJ%k>`+%ZfPxB~=KJ&iSp9Iho`hO-{^ zS|Fvgt2G5dXe`*a%0>>(g=``zpbVe+tjcEP=y-x1d5M#1?#ng%Qq4}S*(o)5I;sw! z=j`Wcg&v*??jFbU7>>AB7zA`6$E6VBxEBXMAgi)>bUo>`LKuWX(H=g7&8C}6mv9Hk z3gME4+jIJk(SzafL>@`a=)qb`k^sQ#5Y1yhAsCk>$B;iEI-UA%h7Ji$<8Hj`<3+27 zw}*1)5D#rV(UlFD`K1+qbtT@_?E(gWBZOPcN9~(Wak;%v1S(ugQ3OrkB)t&wJ3bR! z3R9y!9Hw+352(o28-2Oy&PeSyNql0}PN=%$38wa+u@jo=*8?M!#-qEzQswhX;Qx_L zjUpzAcZc#q_N3~o<>sowlI3O2nu5%>2l9TpBsx*}SC9KpD7$Hm-n(lH!i1f>iJ$7f0t?l71UEz+YpJ5B#<}6o43PHSW6k$EoV#vJd zdvK5NT?I)?Ks15rxQ7voR*vv=&o+jkFpD{3EVDv=(W$-Iq)zH|UuFt{>O4NKvvDHd zNn_3IOP#i+le9|W=VH=RDBZ>5n9LlRUy@j#W@L!l_GvaK=LUi|ST0M4qM!BxvyXJT z$8_V|f4j4BAK&~hJB=fw zY;-8WKlWF0)fF}PN@wF$-MrKO+-Zk*QM*uX>hYAg=0l+5*zSS`Fc{I7hkE^^L^_3l>IQ5ZJ{Ii5DJITP z0j7%Yhy^E+0bq;sd{R2O58aTw)Ud_T^-8X=#|;zMgBH_aGNu}NjMJ*>o7ie!Ow%(I z$c$`2l;b(T0qJs|fOP&R`(0E%{{|k4MI+uVpe+jl;4$H(hrzX)D4H2D7!HLS+fhs6 zAtf3LCbVKCI+bu;SpY!Mf{rJcbeVdLP=Q*q#=`twA$<%5UXhGj}dsBJNjz zfD03U31St+d)(#NddM8F0UkNd@9=>O2BHaj?qez@#bXIxR}gaaOyUsIev{Di&7Sw} z2}_?6ibZPGE+)tDk^F*97PwduN54zL=sy-lpG7PFJ35rd!Y)a`g-~Hr6fSe&m~xL? z8?1p!S}La0NP67EQ$B%j*lPTzf^DhGy-$l+@Ne%wOxilL(;e=g@T&hLPv-Qjl2&Wc zDwS}(MIOjUkxqcfDd}`ink=en2_}J?uAs<6dUF^O@0ij|62dY7fgimW2CN(vZ5vzW zrrC5W9#Dyt35OKS&Hn`3G)g$%7ixIevG3znH@zSCk~<`|BU3vf!R>c+>Zia5AWU+! zgP0*Rzj!P>MnQM7W=ozx`ZEHOSwr_PZ4{hsHUoogD>;-SlPA&xl@7mD+yVD8zYbY)YWIn`eiSPi04D=@g@9_Fq!> zXEkqd-=#`)T)P4-6^C6)F|Ok?J1#@#>vvzy91XA!jqMFy&ApuZ5ne&e2l*YTYjT}j zbATGrpTBP+D76i!-p=ODB{mYx2#Og&BPo5sMtL+y?m{yUF6ZDF*+epIO<4IAqGYZ{ zBNm`mWmP$YEFZEE;DpW%EYq^p;R73%t(c)aI!~hg9hN)-utEGI}%eP{%~7akQ$O)!`+YQYs}PKA>2k zTBfvOA7Ej+F@J@OZ11<=x>eRX7(^Y6PQ=;FQ$)?{SOcWwuCjeaRGdyIO)5`zlicJj zDVbvvv!H=YucCqESdq(r%_Pn4;P|`^0dQ20L!*SrVnIOoqUY>2q4M4}h^7o*TE@u) zB)WnUy-SjbOo5_Ef{T@!B+e9>5%JUeaNjNPJ5w-`?`rkT7~MVrT@DQU+8b6`1(RLT zEO3C{mGB+OT9t&*mE09jBFk5~__{^$K`KL%6<={0CY>}Lrx*}^755PSJNLALHYl^i zej@O#bl&^CQ04(|KlJV^CA%4g)U(f?ha*8F2%ETOv} z@J`D94Lo*scm;J?I;fN|SU)9U%KrQcaJIIRT$iS|Y9_AJ)i+m??c-+?|Er3BI`Nxr z2wQmoi;M~pQdI^TGk}0DNLh#sqXG$?2`B2-49u%_ zFtK{vIo@@reVFt*)F+UK4iOQ~Ok(R_RPIjR0URrMBcQ>1ipVa-qoVpjCR3_Lrlpva zJqfsLY>(BlFK!j~W8sUYlo!oHK=NXg!6yXbN{bVHvQ0wy$M zr!0Oxvv;E5f5G-b)!Bp6HY_%gfC>VoxH2}ES1SHhhKvx`ue!SwS4HBEpsWDo&q z8Z#h`6#`!R<1Rm#4j0OYAvb=}rYMdQJr(5v!vhXZghj-KPHfU-992~6VQ~+uFqdtB zjlhG&eWHq)q;Gs8#CPTK%@*H8{wA6r*YonKkCkA$VAW$q$SCfE?~d!U@XmPbvv^T`ym>(7QZYtjHIsf^mi9lN4u?NU#Zy>*4*1p zuH*RnRn5L(1n&?La;Y^4{&}i~FCF9mPt?iS-DQpMm^-ot@J7+$JhRX!js#*=J3|;i z3?^|1)F^>BAZZgZuMim2Pg%my6vzweBpU>J>zer25hIzG4>1?BQ2|%T)5|vBZB@@2 zOKqzLgdopIh-EIMXlUb}cxi|a%*uI3biKIF6Lnip<4&GOb+WoW9lJ9D5Qg;QdgER~ zd+8~{0)DGry#v<>3w(RMax%feHG2hXs6J0?!2e{%JAq^|ss}Xvdl4-L?TCguTvVBw z4k+nhA$e)#wRLPC{b=$NpwS=xF&kc%A%TBj$7l^MBfv-WGsamyflq7;;@$`!;zRmR0ZOr>R3D@A zbjOttJ_aEisDWYxiM&Geo5IZluK^3o0Smnf=oz0u!MF>ejdXKHm!eb3K{*%* zyM6-`N{D9s7ZVyV1DqeG;01=G!hL3bCyjjxW3L=gi9Yaw=n^bD8W|fG@rm)9dOgxt z!x6*;g?$7AEX+N`)+$E%M7>81_Y7JK=IRO&t7!g#82Y`UXnWvhkVmbu31V?cAv~9( z4{RI#1v0^$lEw!c<}P7+z$JZ)`;nn4EKLLd^ z8EU{&nz?93Iy!cc#5*)VAjQw8q;zmK`d|muuu8pg->%UQAa4oY`6M-UW(7%;H5PxB zs15=)DJZQXInmab0|?X6*EIeQv84uU8~a_uy|>oA^Mjd|Ci$eb88HR6;+aLUt&EPm z^!9%&u)xKSi3HLi@<)l@4DK%LkY1IMbnT6-?6)QgV9*s`mFt>s{4>MdlCYJc zHI$XArnXK+TV9u!oL22kEw#;a4x?C z61Lbc*(AwkKgV*>LDN-GT6)+Tj58=LGU9ty5P^z`2mAh5o@bq|p|96oQ)t&-FZTMe-tSBaJ?oQk2Y5Ev8(&drljSG;~IF ze@^UmG(}Mfdnx7>ew}!wic=mcL=v^3s7MAX1km|`9DF?NhZOVs!D`4GZuAWi@zdAa z$#{zbYkdtUT3?Aa93#=$QV?_hlCm*3mP~t5G5iTZ@04!+T|hmUAIc#H(H314s<5H4%T!L80OCa_^UoCzby_)QzOt9<+@Muhl4kVR#Kwm}9L;q!QG zrA!lw!L?;i_BjUCF)|WBVfh)83Lqws6ymh72=tXZgK|>*<|;jydgD$7oQ^QBD|ZC@ z8*Iq|%r6x^pvjHCsW7d+=;x&EVwk6k@TRYNqZ|kR0)>s<9@`zf81hItWM?4eLxsk; z$HgcSrig#>3pO#qd_Y5=j~$M{cPJ2Iz7TIRUCE(zqQx7>&o{@MrEi+jK|Xa8&;;#Nn+xEbTa2K*nqEkYXjnWp=i z9^2La(9I>k*N*NV>zo~APmSJ|u3=OBS3y_&85+$Cp0*DtwTeb6*+PFuNBoTryS2lS z!iZ#a8!4>4H+AGci78;`A5tG*@NQmAbw+nR1`Z<|cenP4b?bNse8ztwt0nP=7Nwpm zjEs(}N(^P)8KI*%vVwTekNxEswX(agw2OpLbsDgze~`Jq$x)rg$E1ymBpv*)WH$oY zDlL@#uoOQ)gYfKyQv4!q0HAg%dNdvy_JX&Up}Nvq+9fQ1o3{Rh7L#3EjxUkA=N*+K z+$29c&SZe)zk86NkPC=(9&oQX`!%D(8W7Vt;q9;Hci@_bVt+JxqkBB|KZ~=lXMpYQ zvEU+H9pBj>h<$eURXQ@*CUfIYGwcN1-A<-`gU3O~s*8@rp4Q&qX#eFemy6?MA;}S) z5QZ=J*daZ{3>peQl*V4wDj(N_fOMivz9;m+uCI60^HRB}w=T0SKpLKHOL*P>gjiWf z3(|+JLXdz%GgaH*S>2o1lj-rq_;4)R;ApAbU78GI8ctj2ye=mM5`mWqx|8;sGF|(? z*NH<$;%?wq56+)Jc|@y7dWH?eokYZ`!oRQfc;r89_SE8Ks{EMVT+tQiDFggk882E; z8#fjSX$U=j%+$sdg^o3+$J5HN;BHdUrp;;1uFNCceY}mEKp}@F*OeCf1?iS}(zfjfc$bv#8r8hu&b%3SCWK}3T*vKg zUIJoQAPB9w$-EZdn{0z~n*qVA(KA$3A%*TonR_^kzg@EX5Dx9N)W1%~kh?o}h~6kd z_`DvQ^| zF(`g;0)kU_uWVL$McMkI2k{MJ$sj*G$YCT~>KTLsE3#D1)pdFN3_0|S9eN#(QIY5Q z+&!23=Vc~%A@{!{xKbq~!GLWLpD8PnL|+%jTm8Q+qmfBo}?e9gRet)O{DR#Qx!uQMzVr2`Y+G2ePU>dQ(%0H5 z=qXE;2pJ>M>lKCe;WAV$f-TroA(J3TZpQSndYyhV)}yG7hOW~FCX#Xwg zOUQu2KUPoo;(1}J^>8#JNjhaINBYs*tiobAiSI#l+Xd*_f1A!)S2g+r${Fvb`3;1C zPiP}o@v4C^@HYTJp$5$>RJaD$i2ZilyGqm~*#=mLusrZ(8<ma5iT#=5&;lW|3-DJ3F;&jQyQocN7qQo3nk`wvb@YW zwfQz4(#q`|)@&=28wmBhh?et@vmZA4&01M~;vzQQyi1=X=-Im1wQ%;=L5R zLuDqB*m?%mdVjsj#4=h?_fm;PmFIjwrHCQy8=!rEoUUIR>#`KyhRP=bfdiw9{cR zyMPkdiU=I5<3UHH?_^#GvhD(p0ht=u@v17dpaXz8Ram(&XK{tazgo@+iH6deDLlt) z-m}Re&YHly`|Xox|9ry?HKRurT!amOLy~0K&n!ik zWLQsM3Iy@5DxVbJ(cy1b90z?o(0^FSU={sZM|^1?2QKUPU+M5u7!uB7@OHS6zRfSt zniQjA(F*0Q)D+QYDSa?bt+9zxkZu%-5Q=NQL9ax8e`K8LgtD}t0`g9c7B0cslC9wx z^Zq?rk9Q7(UIis*0?xd0PIntn6Ntd>2PA@OJgmT5Y*ZZKSbs9qCSBeRa!}BLcpB^2 z$q;4X;Wwh;{Z=@1JED10aU)Ph6d1A^W2QtR9s3#+@-ETZ4+#oDCt;wDRhIoX6 z`($9$%^JFVg}u}7Mz12-Nz!;a>vl*2cBWUUCn797G}+taQqf$6UPw7#esGF6Gn%)I z8+JykDoiM@1WM@?|A<%Q{l2fJ;KW}#zX1DGm`K|b>px6!X;GlW{JW!Q83UBfdX<~; zhWu-vd&BZokkolnpv4Srne9RV{VsVQ8qF>p9F5tmufk`I4R#s8gq$n>Mo;S{h<}$% zpD=etN#KNBfg32?r?g8wy0-!-eJ}I(Xa0Mc-H}O&xFELkk&WF&aZFJfbb?rYyN<_6 z1~_A@!N}n7BcG#MZn=9h^`uJwB&|G6jxDiacV)E)#JYy&L^~{Z6r_4h&V*w#{kW2KAzOS^LSs@9NE%EM z2aOO>%p@tAOyvLq#bTt_ai|cX?*jM-XRE;34o512I`K_JMAlT<>%o_-18D%XmRA7> z2Ne~?T&0*aS{=2PIFm@J?6M+wA&wo30Oln~N{PTx6jV3&PG@V~lCb~qovyK#(afVU z11lD4w4(ufHk-X9%s&O#+Mk=ZKa=+763Xl4l;r_>7>YS(C>IE1Bjj4)uVE1Fl{S_u+(e`?*R*h z1G(Dfa3B{9>8^W8G;d;bW?e>#dNb|^5|C#CH(Fx@N`anNDdvB6XLMe@@?u>r%UsyjziFHxakbY&_4C$%%G&8&GfKcg6`buw$43D2mxq z?nn(r8Fy`E#{o=7ZHk*ZExKRc0!de8a-~nIy7Le(Nrx2$Ch%H0wwiRLpN*Au=1MU{ zy5&LD!Xb^Pj5_6%MUmxvTC@y!lr|ULYIaelJE7B-`FlHvg3^r?xWZSEWS@W@7y9r~ zzf;8kn6}y!l1M0u42Fs_mGd?xjBo$l(f<4YF!mmBc9ix0|9qckW=`L;yJvfLvn`wK zrZ-4J0tt{TM8E7^w1FzkxL0EML`5? zfJlDt&od_>=)M2fKXB%poik_VDc@dO>hFhi2rlCG1gfVO&f4+TTe(#Q@kNX1^l_`X zTg=^Rc8ldZ8rt)CIw;dl&xrU`vr{Nd0b%Tm?rX|FX4onK%nrMvVpmoC51Z^JWzk&G z1g+ZG#13572+;pbl`iD8ct#6@g_E=^FvPh-ZH==FoXtVr;F(#DYt^rkpwTE1hyLNuK{rSslMOX?9S6Se^3b*zJDsn$9fodVBf+q zdw;MNUk}oe;6PfmKR$6MN>MjJw^m8q8rd%!{fUk7*~Jv^`IXI7?n{Bk z8bl^%-*54oe0&UX)^OEOlkL7nz;u0!yS2sL(qdP)P&9#DqU9`uG_N$_QtVlV>Z#7lU1B(40i++RPeCK$*!)vuQZum47M08** zaZQ9qU{TJysqy=B(?Mi>o-FMY?20?M_vt5ef$^ttIRTwPl3;i+le|J+sa8{}G()Sb zsTr_wtu3TTxz2nynNvO0KGz#FU_Z_e(js_ha2TW>@sj}x5sGOEp_vJmjCcnqxwko$ zodVh`(A?Q>`S-b{Jb!6^&xSn=n@IY8)h4jLh|~Sh=O((5+=t_R$m$3z&hLYlU?2Oi z->0&y^3j<09L2kW>%<*zLAsb0qzi~cahdyQx-9-^yv#njly^j%bie4;R#2eB5dryt za?+gpc{P5x8vnd%w^zk|C{9Zq-L!|&Um;A4Y~hq0SFFg6jJ_dvNn?CzqrFfrUsx`| zKM}U}bj+DMH6R0HlM^<<8ZJPYtJ7jk+(@ZCokfGA;y?(HMR`P=l2}&5XEL)?CnHIneB`2YXkNw;e?eh3J5J@){zmaN_f{LZ z?$R?6*fVpwtS4+6mM$o1%kpwGv;0r@Y9NaRI}cViYL(g5x)(8)tK2#Y)19w zG>p-mS+DvnwFevQp)7ZEhxJz2fHpF-8?tn^H8fP-A3fimzn_NQ61z@n_Ge*mE#%$$ zT7}T4Z&%!}8f`0(pI&j_3Q@|ZRQ#!xawo$XWe1XlTPwr2A`rdxVem?3ct zz+W>$_B9q?AF8W>k?;B$h>SUZ4D-FP+rHBp7U$co@lUwF`$&qmAQwxb`XW4YBri-S3&t=2sAB4lCtAMhK>iXH;i%J%7_e9<4Ad+iy7VU#Tj)N zkTO+f-?y9>zGh05FE&TV_23cC{uS(&Zo9qPJ=txWXuD?jGYkJvH#~(f5r{n?De%?s zFy%2aFjf_Jf7fa+x7tgstlG=1?j`*Nz{_Crhiv{Yx1vw}qZ@P3Sv_>33w_OAA7kI> z=Kja^#5)IeCZYah?l1dQ!431m_D7&l+<=r^e6@WMSMvxcCAi5bZSEw{E|3!(7cTjXzn+Iu%-O!QVy@F)DR$FA*h_xIRCJuLH2 z^?(gMteyl13|QR1L|6v!h8@BwAVKV8WDAAbGIP4qLNfLg$w*ceqnW70m1=!Uwn3%q9ZjF7eZ7h|K7%t~ZZ>5>K>#W}Z=k z*vsHw@5LsILI4sYxFgieR_bmt5oIy&KSX_T1QgEhE=4lgiON6++j4wu|0YE>*_Zn$ z2#u11y-fR@J`6k3mQe4<^7lKv7#wg=>hrU`acjIN-mg>yR-jzK^h?Y(ismr!K3+=^ z#{zwOB|x%dx|kOzC_*1r%;%98u{k!wb=34&_8owO^o3?1UG?>gX#TVgBxoW53*bi)+jQnU;~ZOt9=BA2A{y9zM%MFm(k*7keO*HzSt0byFb0R&mQP=FZ9{( zDRRj4M5~1sf6}D?+J|ne;k6=b6x^Uh4s9|w_oSL)trST*P>7Z+M~KOEAYaVYH>w(K z=m&wtBV@{GvLh9sy0)L^2<^Vn&n8{fPmF$VqA&>Adog~o3`C?zmE#G-lj}KEJ!dA* z>0VwqFpl;=FnSqFTrzC!6~#k!AaznZia?bSV<9omRkoVtJ|c??JA}t?OlFWv5$L-8 z2)Ep1|NgX*37mi03Y%EF{Y$gcS>xEjy`qhniGyw8U}WsifG;P-?!>^^-M4UF$7()| zy@yJ2{`lAti-P3h4~P$sC0-5KAVN1+g~j4ZKB>G!>b~H=h|fnWT8TfjHQ@Achq1RA zXJ7+yqvb5V)VZ&T+OQjp99;;*j*K}~_(+P%uBIS4UWAX9`q5ig`_FB5bgb?R$M4u? z(j51{!QqU;S|JhZNVQXkgDqejbKKuzMc1BT_GWAsCXP~Fchc&j8FvuAGu&15R&@5F zVGR8>QR|5fCC`OlTxFD0Nv;-0Cv;4x6mPx){aR0F^RenqkbNXB|P`4 z!ppQeIw(|=ZABW5{SeE<-X@=MKQ@1r`S5_;iuVi#=mP)dVF7u-ficmn(i|gc~he)eXBj|b1%XykXEYpEq$3swPzzh{64{1vf24p z>9tGnZsMO!)0Ze&rb>>^E(y0H7U(6Hyo#tv6AE2MJirEY<8Z4t;K3lQvp1c)i|vi? ziPMdY6yk;Y(}Jm4*hlq(KCbGij%8AbgF^;yS`Dg}dBGH(o1@{! z{#9~#$3^#r9;Udg@%+SX7=L&+jH4Qt&~UglqsOF`RYX-o2+qpMJC5Q@8{+?3AKQj_ zqYH11;rRabF<-c7|3}g3-N&PEQ{aFI94L|-Tb#@~P^}O@CovbqNE2Zsv4k9_hC+k; zaX!5~ue{C}y2%=-)52u?Pxl}3U-H^akm~p(c|xd301HQg;wd)8nBp>3fT&oMQi;;t zpvpz=G3S1TZ4(Z&*%_r?fWDIQIm>ERO0; z3WUMZ?%dyF!c(b=)G3H(?3gmCf8DBl?lbg||6u{3zL|GMtK;~ZX zu8T?*{ZC5nX5bl=`e@QY8SihF+=(S*v)gjSmc%_I96ofVhT&X3xohbX)RnSHWkPidT)CkER=^4+{arb#oOpPNqIYj~mc|UA;Em*`6 zHxX;;6q^Vi>Y?@k+p}l^BtKqQiuV7Yd=5oV6(vdh{3nZdgVAlAcXKjRs<#d-kSuF( z3p5#w$MIR$cG05kQiUPtS^&X}76QA*GJ|o7OLuonbk~eCDPRYoXV+GCh{6!ph_ejJiOiL(E=HT+m! z?MUO@x-bhWdd||JDB1;K2mv90si}~W%|fJOA0Y7jQOh@=NaD9~T^vIj2`t(@*vM-h zEVrQnpkxADw%QsA^It}iF&m)O2e_b$K$~JvLP}9e3eB=IYoAwU6t9*DAr{90E4ndT z&pe4dPZ=3Ms3&qwVZe@}0Y<}{jB<3579WM6s{+U-yVQav)1`WV%PLjmSzZMD;uT{< zX8IYqYTVe#HnY2Iu|WA>x0;QIi38{*$;0r}_x!~$SPVjx_#RfzeI`XGuqI$4tbMJw zqdkn=pY9#;`7KE1hQH=G?~nFie+ltm#D3%A-#QxwW(Aq}785GqLD2Z*8UGeAcpYuv z-M?TYFCcfAf8kvK_^UZuF9#svvdTKHYE3zhdq>KKS?#W_OXkMvpu-8E`-G zb~B|W!^xj{`-@KEQ1YvZgr&-@cYFFHa7h{D*^YEu2Sn@K85o1M6MSuDK6kUQ>cQE9 z^*AA+ubfO~J6ygst9?jLo;%j4b`jiX2krfFyBsCo@6zE~XkRsK~FxFW!gm<0o7LHlyO&lHEKmuGPl*gk&K4v@* z=q6M_2E+j2ltkr5lq=lejircK9cQ1hLm8DA)kO58Ibp?I`abc>%>)R?fl=mX`^B7b zN5*zkoVEkP-WcYz z@3KZx7sej|o~}qYY2;yYeXTfxY;C|X_a*lR0S!}BT=A#hlTQu z4S_#|>L$3YC66L$;s#?!CNcdKS^J}sD0Z@YllT}h#*?vgrFITnCxA4WLWnZ#935`8y3W$A8j5-X)()zvA}s zXz^Ej|INgonD`sLZ{51S-$EQyzW`@5Sk*ybB}Z6{)Yq`s760#X3eiRek(NeY4BQuz z7f5t0*@N*C=to{B{pN|xMSWx|xm^#jgq=IS^2&i82Yr~%*|2HBmuMS!g5U{eRnunTnowx?tBL?4Lc9cc;B5q88iMWr|NR{p zIf2KieQHm5Y&kmU;OHrSui`yCmk-c~Tw|dDwF0(~!sALno*D(rBOfd{8$TJjFGmNp zUTk)e6;vUODneuG@59llm_KwcmPk;78pe&<0G)oLaV(NBi_DqVOa2cf`?GY%Odk46 z3E#Cgyb;ZHl;VlrSVlDTCfmu@(%!OYYu>&3$dX&gUDz^2n*lvf|6rQ!(1L!Ri7P0M z?8{M%uR|RGggw%!#?-~AVbCEI=I|Kzs(3FCnjUS^{FT$(E)vCVaYMW^IMM>~)$jlh z6#zoOp`*z`gJBIiqAS5i2mzJzVU31IFB(H9vW4{LP zLR}kCD$tmHXMLiB+AcPKkrl(SnH)yQvhI%2MMhhthM=)(bp#^@dizhISAr;RreUy0@G>`Q@|FAc|9IA(VJ z^7+`|R+Ld|{oZm)kcjKM^1SMQj^mqVo|1%b2VB<}{wO2GcXW~}#+TBF^-d6=e%_e9 zO^w#Xxp8h!`@Dl#eFHU^eI(PW)6?pBjq{r!2FS!BW&TNX6YSUO0e=)BnJ}}7NFlgf z*fMk&f&rvsv3+_G?sSjY-IA@p0L9p7SV-MFF>wj1v4n$E%_KG@v=3(E5bFwX_H8bk z<7rs${OLN}6(hs3)W9s61E-ohT7s?}Df}X-<`gr+d%kHbDZeVe4*ltWZ27t{#C)F{Wa(tnzNX1xf?gRv|Q?1jQM9NDCyqtbM) zoDq)$&U@iM#D-#DE#zy`;$)pTa3MhIc=_c3Pa*7FHQT{#+nV)8IeWcf=FU!5qsNo< zH_o1S?le!s`NnF+HW6a(4K$+EL#MwX$&thO3i}hN#sw-B^D|)Ht{}MFU6t7P6=Z&O zLWw$>kN}tcm^M7Zabs^VIz20IoleX43n8fygV1J zC;_Weqjv~^m-MY92i7PL^dK*K|7TCUE}Q1!*U5*KACf|Ot)WnN6SNBghC2aNjQs?O z6G|P4irAD%OABa zC+L}2^H;gI6NRASqY{^^A;Ay?!>SNL$B4p;Fd9TPOlj5}EZZ;-D&9ln@zEimj052uPh zVO)1WB#(>E6)K+@|D1Pbao1iJwN|S{DS7__c?@c zG`8f?wDcgNKtf$0K>9}YbAOaNBUtJYi(n%3E1)coeI?*fd`O=;u(3`6c3WPER-{xQZel}-%|-N#TdlJuQa+v58lCa7t3r zNI+k|pc<{K6@Jxhk2kwNH5;X;11IhA&H0qbAOB{WyhAZ)0x)DZz{l7O(4Rp18dIn6 z6Q|S!I!8<?nS z9W|o_q^1nNlf=OTZ_@+sBnC1?ThvWwBb@B%f|#DN;HO9 ziQ_6G0T7WYj3H81C0;ldTBCi3qX!V2#jHskljlrutkP8txKaZ9biPl6lMz(1scaZI zB-(u!N54fWlE}kvUo%`&b|PhA%=nCtN_x&XOt#~}swc|(QM z0E3ga$^a$EEUNMZc^C7%;_$Rw^s|hoVKXe=LRp^hC>(GQ4sZN~9uw9~<$_?wI>)<@yN_Yh9*5!fNbhl&Nu_Y> zeEw+f*HQ-@#~1|!RrC=}>IdFk?X$EWu1k|(=G3>%fR*wZlILJcAJVEI)zd}(&5cR2GFL`IK;KZrlGAw`*xLxwPxj9`enB^(}gbm-xZDWBH;Wn~Xl1qvac3<-w6g<8VTE&dWc*X3bJ#fdY^Z1OC{{i= zm&^<9M`XANOG*TdOs3eO0jn44d!1#3Ct%{Q{?uW}gBKafD?b(@3Y(f;cf%A+$0TfU zDKT=1N(R+8>yvWO{~Iz_82CY3krA~g1s&zk1n59hCB;_Bd$*=;LKGCsw%R63sOm+i znoA*B9D+xc({5#2rsT$z)!S5Z9sh--{4%k9q7kZ})xbk62?bDlS=j=z z`P^Kso}${)8ePu@tANbA37C)Y2YH1#$lgT2pEm)H97RF&R^8e*^pv@?L%J*l-6=l= z2JPYYgkTo9ypw1l-efXsi6+O<4XVJYj7K}LHJUsfcWY=4PX!2{kQAVDuoVZPvID1b z2|wwAXadRcgy=1DYZO2ZLv41qkz3}TB_FW_|0+1hgr~M|L|PAVSIxSOs;rJzRd($u z&IAQKkrxw9?hJP{di>IIA-iMQ9Z9N_9aF}W#@$%UE=VhOT-8QrIfA0GNQuW%=|4Lz zx=?BfJ&V-&31Q18gAARRPv-jB#^_X;2QtZ8_0F;Yi`>FE`t0P0=22}i0-Dy<(_QXL zY9nx;36A!uX9Rmd+^6A>NOD(SW=!1yy+?wq^7U{muLnRsyX!na*y0@u^N4Ml>*lBu z0%f@8xVbyd@pDTNL@h`T0fpf*JgDLqxhb$VnZihyXOQDXL2MC{9W7mKu`TqAaQ_La zsVWj$S>Sdkpr2%4jRAsM)Xd=i)E(#F4NAW^^)#I2yRjg4Aa6U>`9{GOz{sF5q#L4!A3uA|Vq7 zTqsZ)5SUTC1bapfnymQ{k{z*g%R(G7y1JGpl(%ZdGg{zPj#?NG|KUv(DJB2#yTCOh zm`@k+DW%FSe11SeOJ-_gm$(-mrzAS0^gfZ;#l`F`7p-QyA(v2>PXBlq7k^GiIrt6nfiYwFFE^EttW|l9O2SP|SP(!14EHE4hfw4*d~VF%(mvN)jvkT4?3)D;`*Pw!kQpVtV1%G!q}^PIWk!CWYW&_hox>|)>$_&`TPM}H_#D|dxYbM&L7ZBTd%RwwRR}?LwRy*Ojgr) zxd=oGvZM#@K&%BVvp`Vpg>uI-?~lmGB;);nq!?e!FjgRkX>42oDZ~K`7@7&!K*03d z@Hb_T8f_Ye_paOW9IeGfUmu(M)=mIhA zHJ3~aOT5LF^gJUXJ`T+)pN>tY5Cc4{)y~KL6fBHGQ6E{A4waIp-3$_mcw9=orIes7 zmo*KLZKDt!Ixd>conbD_8T=+*22BdsQ5Fa?1XLBN0#hMB+h9wA7?Fl!9; zU2hG?{71_B4pP$}=>hd*v04PcuZynR5l-X|;EZBc9JY2DkXg?A&65$Rm2m_7IjGcG zI!J}u5)45ZJJZ!~iZ%Bi*5Bl_1BAr(B!ij;B`KprJ8=6+4dph72EuBPEl(l`yORAh zG-w&tbdfm^?MA1`^JJG3vN`??e!!g_fu=)rX)&!A8dt5fccqeEMw6VN;Y?odSt^q|B5U#_#v zQxmJ!@1et}Ck%rLDAp;K4T=reAft5o3^$SsP?I^IvCji^gGt_$?L%R5yVVr6w@$%gmc6 z=0i>Zt|=mPzZ0YRG6&|P4jL(XT*8#GVX!&nNTItJZ=#4uv9J=|t9(Q~>aeKnfPSY1 zX|)bu3~-_k1iAq~KsDtD>n!uNkvC(}x6x1q*4eKC+He3sAXPK2uT&1Jtj!F2t^v>tEp%(pSxhK>A@f zD(&0#uWH)PG8mtaj*<1Oej~zs!e@QGZkzL0Z*%_UZO(7p=KMq3oEO0Bp1Kc$_SVlV zej{9DWk+-$;&-CRJS_x*wicqgFo~X!Sk8HNTiI<%^!u$R-q`wSEmS_cNb~B17_1x@ zogCni97UO*iY$nr@W7!!c#>%4+~_>%Gawda1QfCgDsTk8H~_)W4HP;EkBa)2<1Xcu zGekix1b84WMlS}?LO21m_@{CN0mS$_^*eGQWJ?R}b_vM%q0P){Wk`JsIgM7}^I>)n z)~Mb6s4ZzN77F|BhDWeKJlK*rx;aT#lUyY$9w7XWV9ooxrC9Th^fE$zC-J8z9>>tVklwPnk8BbNRI|5{8Ibr7J}-PK!uKT3VAR&)es;-=Pj+j z5ZL3H6=Um+J8>0Ej|URynZ67+W3EgUQp^!fg;xz3I*gyDtc)LtCr~msHOxGl|3?7m zkPm<<ENPVO_r9alL?bDw5JF5rT;*N*A7! zGG;^pmIN!F)KF6+3Yu!mdIm@1n&VS{YHB-&+uLch4M(eImpw)_iB~__>eZZaqFR}uaX}`HA$ot$TaZXAb+x)XdZC_NYIa3Atqutn{4l= zjlfJ|7Sm|ufzd0}7bN#kL3lziVTY?KD25i*usN(t=()&~RgBzF=ImT!VT9$(cIAWY z3`-tG9f0#3K$dTE@kd1!rUmlIV-`f~vZz6B&Pp*%v9Vw+sRs5^B*?1_#nJk;qp!VP z(3e6|!p2TjjwQsK2L!9YYS+FQ^0KlIYZgu_%VR;M@(34bDBNS65yAnB=?urlaO4)8 z`EWQE&WEn9tjV8LEj7-@Ui$(1T}X6g3h$)x-&1>AMp(8Z{HumlS$cB*^L8j#e!+cF-{imI{u8mrC(GS|m?LM! zg9#nc>Uew}un|SO(N<|kto)RD5CPlK?M<~Rd}u=ClFf#hd>~A5t%bQvk?nM40~r~e zye9LS$7_1@SP3E%yGfGBnZPL}`?i{7Yuq`-Nnj`cAHE^{vK&u9FeV5Z?RFldXm&iy zQ~nbJY0hpb*+b+WF?%cx+=+B3;d%__5hsr_K^SNrn{U}4@Xt?;7l#G?2)WM*kiPZk zI<`tJH?W>jbO_Z2x~O~|gq9iZi`FgxmL37FL-h5jf;ST5KbV+9DMQQyII&)VmD?#- zk<`MZh>?r&38eZa_vWLk)FcGNRz)?iMRSmB&LvghNLa+1jSbSKaz?_ zUgA}}!MLyV(LH7P8>q=%r88}_dP3@7DQ*(!*6mdV0)Pndq~vxAfv7}N!xDJZZ(=F1hP~JiJofm{@xi9g8TM`F+KLh;r}i^u&*D7^SI}`Y z+;LY-%?%QNVpd7gC)1_=hdYd`^l4IjG~*R-iYW*ZWI%+mcmJXSZ8#fxcV#5#LatIp z?Imu$Ys&Rupvsr}3HM9NZG}8tX!2y@`J|xFyb5ai1)cX7K{nA^t8n6$=vBPZ8YmhS z!Xs6eTy!Dz6v0`c3BMBqB$H++12f=PDOnjjtW*hJ@ZgkUfK< zT_8hI>QNls*+f{A(u81>2Pzqf#vraWDbgXH0R15g)UCh=Q(p1`t3&U~$-BpesX8ujJE z6gRbfil4f(BoMzE3Xw;;%JFLBRpnKxf8$oM&}+G>WyKn@L#{epXvM=`* zK2fSkPO?Mn;-V*u>w|s=8qeZL)^GyVr(zE217*8N@aeGtU(Q#^5L${2MZ1VVR7AXS z6xrIv9;pBQ1tgtuRFd4o&w?(gOZ43M@ltke_8nqkm!|@7{IhLOyKE@8cz3(j{Vwk| z`pmWjlePczvzC}7~F8+j+MEbHy<6-2CM6eht`9@!E ziJl4!g70{U6e(bzDhDE!q9>tBs?@zNPmkW_-oh+MGQ5`uBv=fGAaHp?*F9p7B(BwN zY=FXVWFXlb{)oddx6SA5%)cJFrV@R5YAq%CzKl0lN%-WZ@VTSrCYD=0S=FvB9YO1b zeK}&V#!?V%X7m^`3Sw!|U19kvWpZ^%zfEMq=K2`(UyG33C#6unF0lY%PS$GvJGz9b z^hW4#{Ae+LP;oL(y!Q%9VB^yYel#G#eVdNBx$@~oG5O?l!*`foo^z+9nQp@k&$Qwh zXs1bw^aBDNipf)neAthQ`-pvoeTj` z=v}bCk99bIidkH2-nu0GptDdT5Rijt0E*?L1I|!Z=Dv0s&4?Wrg$i!DVr48k-%Rb0 zHA^MgepM+teE(=~(3V94;^G3fLu{*nHM@zGM@;`E)2v~t{Q)eYFMO1n87*iMosS0s)ctiHnG&*bRPpuCc zy@Eu6a5a<+1EPKuSd5Km`&dU6O4ZA}(1Cc0!2#;7NHb8yyU9$QNaShYll<(2&@fC2Br`sy;u)1}P(I{2 zWG4>qh@KClhjdVmMnVRvT&BR(G}2UuUL8Jy@#gSzEc&YqIMSvhxaz)=a^yt;{m@$9 z=XRAI#U?ItpWz!cMcgMa6Xj5Fl&UDE=By8Z##qMVB~=E0MmR5}6+e|aGw}Q4<^I&| zyh0zCLJPsYB|HqAPUF)pI=nAh3zs8TR%RDrGXhJp&J72rLwr7p<>7Oq6R}4IU5q;+ z=n=gk9}QxjQa=%BqRY4k50*#`f6CFwPgqzL@HznJYo9-Un%-p#tqJcO` zm74~LW7x8t^M5-(&!oqNBGmJMOU~rtokNC21{u%m!CWgCS!YdZclZi}jqhMd`FAUC zcz(BRK2ne@!aP*>>C_-o!u$`POwIHXS(3=Z-L$mUd2}sZHI`|K(QdLYKaGTQ_})O* zjOZK;?tNN~Ss-LWAQVkMa%{6ioSPgs5JfaIySb4D4*xJROauH6|7$~NV{v?m2T zB}Nvj>}ic@F3Z02{=d`$&um6C+7dk~DW^Wo4R&@Ghc$0Kn>9K__@P1&)2qyV-+o}x z#hIu^85XkGQoDK=J98I1YZt$Vz29D2WEU@Do1u4CY9<~}$u&`q#W2~?)s@MTL zC^Ni(Jd`XD7*Q2=lrP84X?t#>K$sMjF`)Wq{TCo#ODXtGa+t)I!d_w91PBkZp)3+> z-oxTvLGVttpkWy#BIx_zQd^B@xTNsRzI<;SjW$NAhR@1jiw+Bf@hZAK@Sq?j#|O@Z zFOAm1l>JKCqQ+7@g9~WJbVclLjr|2mc(@ELjJvG0{1GUrxl*En=Jt~DAhlO-dyN#L|-4w723uo{h~LG?{$_02BK>WZ#U(zU_Bx0 zP2Sag+A?ebkqU&#K;qeb`G9=0cE_pl#3StXa|hMUMZRPzZ~>EtlkX>gKYg;aqTjS-;z z->s1M5|!^?eAf#3t5lHyYGy%T{jCXm))a6Bv!?#Tz%dCkbWk7uCBk|z&lCX;z{69v@s_&Dq~U6Mh-@Y2zdzo~-k;wq$^NWGSLRc8mEiv(1N?)c z`H#!b!0>2q=HfSU_7_|-?hTo0H!G@tO`fPDoPt};Jf9U+s6w}LxGd>H#@K_cC-EOg zv0)?#A^|by6V#zT+|;IluhgQ^9DAv%Bdys;^3j??4oCjYdH2h_JqGKO+G}?cP(f*l zI#b3S8@N4l41xk|9GfnTOuQQBIEyeGoh9p}+OZP_2>4-+m6i<{Dg~80LA+?mCU*^? zZ?L*d_LoGn+CC&6?^pR~v~{+d)l6;Kba83dUcwoW&E&DR{4etE5$qg{@5#L1lus{+ zOP4Z37-^9XpRu3hM<8{RrBY%N=A-(wG^1^#^r=<)@dhG;!p79(y&SD{QRQMnOlqzK zW-K-}Kiox~xIA{dj3nMChEQ7UceTY9UTL;u!(=v1j4myvQwbC*Qksefncrx3guv>d zHv4%St9@sizoX4Iw%Ofn9tNf*adw_d&W0M)|BCa!Pwj;?NG8YU?L=9MNaLV6E^67I z(GlSzzmEOmvC+e7%Mrej+V5y|>))cCqPQf5?$gE}5TgmN!5Y`Y7Fez`IYQi?N~&yC zzaK;_nn#7N5)bEe1<;nX0bk$((M|Y5Xug9@9-&uhQLH1yY;Yk6ZFv#?Lc;nmlbxtt zSH_15c8^YuUN50ouiGJa{thAS2WbjfT^?S1e%WrTaQJ}@{33z+o;*9rzv_)HEeDFigkU(7dxy+; z%B&zuu;-g|p5(AbTUYkympQs4^6scSF~$-ADH`gFM8RG|0|^wjtIKvBp_Kk+{%nZ- z0mv3c!=qNT_~oXEh6U*nG5B%r=bu+bbM0=Uo!%DEl_y(Xf4oHA6SXl zN@;d+*3#$G0B3URa2x?7Y{1?eC)SP@6iKE2p8ahGhP+3XTU&=fRMS87869NL>C z(c_f0!Hk7TU%q{oCIp)@cj>AP;8o@s7(Cxl#J>waDnz4?S#(ZAK^_-r5P(e+fmFD8 zW?`9q(lKPe)qwB>g{50NS<>6yd;V7Jg3yIw92miLkc`c=a3#hHKp%wR?Z|kT4TqqJ zTPKDB*;ea+hf;)##v*dG;ENt5U`gt0^nufR~ec&o===jhWz->=olml(A5WoImMJG^SkhKc>KuEh#KFH|o=w|BiC;2vHsGz@2;7&mo z)q*Ej;~wGrIE8L0Kwv!ID#&Y{0Vr%nVL>u~AbO`!=2W|;nvfoa*w4ZZ!Lur)dB4P-4U&A%A=1;wF#!!VyuLXB)YOG7^x>>q#i8>TuWy)f@AsU@+OAz zhk~74w3DErG(=Z!wS5EI1Uq(A(N79QsXh40;O;^YjG@@%VAmRIL$ryWly+KUaz-P+ z7h|me)>{Wjf~^Lr{O1rdH=5^1x#(q{%PxMenp|1Mwjd@f$399SOeR4*%7v|?ZSfFtiO70q_LiWL<#^@8^7y&w9LMH1MUU2UXNsKL zxlkr|N$hXWI2EbWvPWZ$)+UQ~X_25{MzYLsH$tnEi4ge(96@+sYXrIGzmSPW$eOHx zn2gWi@CQpUrdL$WBTue0Ra1$_DN>)@DY74NhhD8Jp`3!O8WcnVt0=$L-+*ZcVf{dv zl9JW?baX-VN-G;DQjXh#e@H--`H*FsoAA<%9nlyHjBJX#u}uY4tZ88`y1gyMP0eGV zL1gI2hfl1J%$endKH3D5ai0HpEWL+$>}pbMB$ov@{J2#-z7g37o!~@^50gICknL4V z_Ez7(4hC0w&zY8JHEu2>4V7M-$^gFAY^oJcp;#q~k?6gSZ*J0N=HX=wmCBw9nFr3=krhJjU3{)udX z4p^BS)|7p$FPQ=5Sj9T1C-{>lcV&}(ugPDjcJ<$H@<)0y&zaY)9r#9Fg;GF{s`XHF zq+^5rwgI|qAKn&OB<#6%=KXR9Mh8|44G3#4dw_Y7p8(vhN>##MLL=#k!CK$do;=b{ zxEj7AyQY(;Jk-hWeyXNi8#?VeiU#nTA1Qw{7ylnJh_+Z@&f{hh?C0Qbh6cp5NczgV zDv1JJ`AUw5lXX_C)RE)@%upx^j74@*QFT7$J`vXT0BS)s37MNJGNuyqR%{O`dE3Kc z9Pm3jl&w@Ldn-rhbpi1Cc9{%b(1?%flH~{l_?t%kRwwu-rDM=xUS|d2`$KvjC-qb@ zs7-sQ3P+j?Dwx9pL$m8`jyRPPM(#IQX?k0JO zW&d7}Ti8Fh4LC;5>L=HQRO7pDcsd`fk#9bZk9tB+lHpIx37NV6Y z5}8AzaH2(~(s62skXiq?PGdzrM4X2|!t#{i4%7+Q~E?vgCgA`vKF6;cWqR zhh%C3IJ z>+&}d%xedypNcQ3#FtfQ498N(+i_z)0G!}0Ix_`_mF$SjV2efw4|E|~+{P!?VMCYyd6zv3 zDYJXK0@2;rMX8J^QWteGD4rkzzZ26ZKZWrZ!3(Udix%o>b>mK*7pKURbwRRj<#pL+ zO1yG1?s2`4rx0B~kp7|HUhQ|s4%i6;Je^of`IFWR;4yP{cb~tn&(81X%!LE~>;d-l zi~)=$r(~bF;&(mvvWjdTJK#?ku;csf#D06N$NsEyI8K4X0(uJT2>uE(NYBk?!({3L z6LmD?y@dn@`vbk0`K+Q|?RZSbkoeoF6qsPe9SP71_SK;?&gL}~y*j`Op+WH<6jT^1$DJJhsPH%=Ci0I+#$^XvLT4jBvQ4rZs;?&6p{)slT*vDdei zTSF%AB!FO$S3j>FUZcEJF005ZUJgg^om-ky>`2D|V*P$>F`kk^Npto#12ylA_DhM@r z5x&9po~iTa4GDAnh`p&hygiN!_Ttx)tg>xb69loz;8iyjPuV%NeaI0)0UbNQJPiVe zIAlXK4bLZ61hMP`{&M0&ML$a=jjA)E6uPnW*;45VSPk!4fdcioA=_1ol9fyG{XG;LYChWsGhQE-Z^V6XL&A!!c`$iK=m3n}-&Vwi!@z7plD@lLWHWn~?l zCpmTz1e(PFmN4Tcn<$e>y8R}f9ew!R@h@kxZzpZ@?QrMZe zF5hBS*HxFfL7S!BlL-r@u9(h^2jlMy<)AZnw%BPS8J)SQrFe+_)jY-T;iTXy4#*Mv z>qwq)gS@9qE~C@|z|y68>v$;|l&GWdsGxhUw?JzkLeM z^x%kpad=30mpV1Wd1;b=byC0wN(T{l%`X6(ik&yhPMU>03&z@CCh^QuaroKhi9BP? zWEjXBGwm-kWys(O_s7XS6g&*}SR~xxgt}d`?E3BPS0A&-KL$bl@%Flo`^M=|(iG20 z*6` z0r9-}I}P@5e|kaI-;LXx&GY!@hS5-6~uxmxhVjCSEqqNF+$y1fO7sI!mj`}5;C4poLZ zjx3q%Crz8`r*uuXX)!@Cepb9a$2oono45S}7RLPi_bZUW{KEFde%FpszTK^DY&_Xb zYU|1GX?uvSg_=7PpzB%8CG>hM=rkCuodS5K?)Ay`m&x%PY`Xq&e3KI+{_PR0rI*jN z@9|u=D5XJyLXxJja=eKqql|IzN(oLvRZO>Nv*Cz8W!qTHEaa_ma}cTK#|z@o#wAZ! zbS=+zZw|*tjl@5lw6)UO&z37^48S^Nww*fL9Y349$M(hiRkQG$o;Djex^%XkI~xU% zW|ve=KWCzxA;Ac7_C!L<_jS_%yvZcQs;XVVrmI(|-^cdGbowcTiTh^RlgQip36S!K z5q&^L{*OzjhulGd3D}D`Wug93gQjHHKgSLogdv1&Nn8!9d?b z^}3>sQ}Y`~?2eJ-&XFxMwA)7fwUeMFKb?e;?VL&3cEvYNvZJShv=>eV8BUr4ikymV z&fhc=-!(!Eqc}oBh&)?1563s)2x4$PABS96m7F7)RK0-Y!075Z8u^vK==PpZo3@7D~L_Zp+gb zWfG)PS;<4dSdu+$we2K*uAoD_^)Ozas)(wisDg5m7cx1p?#QjcRqFhrex_RI5iJ9C zeW{qOFTJv+QE%!O?RH1atLBzH)NVhRnvvtjJClia>@?Q$(rG{k1xxTE9zV@aoW{yt zG?kUTbXroi)AZ?#X~{G!boXk}>lCQ@glVw*M*E4r-!Lt$^3@OZ`C5LTdx~Kx1sqg2p1hoZ`EtIS;EcDT}Tmx9J*-$CbCCdL%NLJRI3b>8M z*p&k!e>fbMhGS>I;ASwm6of65AKvSlkL(L|Z*Man8+kcQDN>Q@n(8)JOpbob05nG! zSmImkrOEN@FdBRxG*__AlkL_iuq)WP{e7~%Gui$z*;Y?cL>XPm`56PR*)!AGr+22? ziQ^qT-Je-zFD?_8K_Dg|T87Y*#@kENSp8Q-16TockZY&dgUjr)DW1FW6gGbf2Z$TT zUrwmz9IFCfM9qCTd}Xd@X_^+A0*JV3M7lbSO7A z?V;)cBf*=A%^9s+Cg|~ufMT&>G4$IJh^O;2Lf8<5*S5>iQ_awQ#Zgwszt(LkP@Ed@vrM=15(FK@V65Fz!$Qfn zR8^WXJ0kg+kUN!(M-?L%9VUz>5h7YCGR}9juHx7(FX%cWHw|^EH5^AmctrbE@D<^E*;`|@ZkFHxNRmWQ5$EapFuBZcVkcnAhW^w<#F_d@PY<66}fY^zIT`y#VTe1 zL#`02Nat~x1xu6~u#}>cXQ%hiw1;NegR|`6S;~&jj937lyd?+jxtz<}QNl=VS};F4 zXEyq&5HgLiZC^%bt!bD8)=g#ge+j>`SEm~KDkxhbDn&I5guYrp!eSgfpCqeI!=QvM z8xtx4yR0uGM7-vEu*j%E0UXX3Ygi!jUrYVbb%G=1z(cJ>rRuP_d-TBU-1_l$>v+3m zyt|#+7yg$#0?aL*>>50J&dzs8%T>YNc;2N$#)0r{8<3k#b5|{_J`s3 zM0UJ99L$W3ssJKCBaS^%5~Qsoz6kGw-WDY9Ewl0fX5GzN2Pk27jsm7~PW2>6i1lC( z%GbOyTj~X?!ZK3~SvF|K8KjHVHco4jpIVqwm}^w#%FiiB@60AkWBv5P24Oa3gyUoT z?Sy`8eDH!3Irv&wXxvm;5OhHf285+NQ2?W*`fWDz_J@?%Vc-_(y!){j+j4JC^K z@Imzy6hLyoEVx(mpuyo;819gvh`xRP`8>%ulxslxdOxvWyn;61YIV-eaMm z4T39PO^oEdJJHWh)Ym%H@>)&kJrc;4br5e$>vO3_M{Uns-t4!x`|a;6M*2>_e{hC9 zJi{MLhd6I%&-mwAoB(bx3;A!Ugdw+&mQACY^6u)v%P_hizk!rn0iRY*3?iLViq6?y zMM3Nb1L?H`5K^V&H8M}$N+5}rel?MDne2qJF3W$eIHm9*h#7F>YxU6&M?Yfp%=OI~ z_Rb8xT0cRXkl@2XJkC`&Ou&Ic+9P9tF6pQ>W4%~a&TuDoop)lvj-O$_F#qgK$A=S0 z?Z&$DyHM?V^S>;>+nyC%%nuuBe~GH25Wr*~S!Cih<|m+`wJ3X9EAn&p3HpG;V2b~c zs6&qFC1foIEA!TcDNK;3r3sp!L>uNXQc~6!Eebf}rSb)LlUGW5pgdxStwIsnk2UFz zZkme;4=86ey1iz@+^CG*38E^DN_CSUOu^rV14RG0^RH*y;~>7S&c06^d+3cAf`<4Y zxo4a|EQxrz1{ zN_&lNef>P&%fKtNM@|qlwYQj*^ek<*Pqqtk1y(PznRP z!5m23pb8v%x`M&AWI}9^gQpkATsgXD0p>|9O*6V$;=VJ-PM?EC0DTvsnvF+tDJUkW zmp#SvEPJ(!-sXY9HBWKVd;<}81g)Y`#nEv)l2D^b$mCcM&}!EdYvmViv-@>3BfNjd z^j8b)@dfTr3+%7lRFDRKy)>UqdPS~F%)xPcxEGiOvsBdz{uHYaMrY>55KwiXxN+sZ zEO7u}&%`sg#Rb?A-LoTn`mUn8r)a;P`_EL0li%1e2ws5llZcR*3qs!kKu4yF%c;En zUf!5VVGiDSZYQGsPZtQjcGS>W2&pq+OZ-x{K`;>eK1~AIiW9>1PiKMJ?`8EtNpZPq z3;0}Ti$aTPhuN2lq{daAl8l)EzyxP?mCr@b~F<@(lmY8PI??Xw*hg z0N|va^)9o_1-1VJ>j3q9$_)dP-#AXDw zzP3Dxj#>ojaC3G`lt*Qf)PzyrufsMHpq07{7=WvFCzI3zNh+Ua38*;U>33;dQifJf zz}?s$UAQR!LEDQpK}>Kj&9ztO+8^ioKhJfq&9&F(+F$0|8}kFIYM!zG;Y@eaOs0US zffC6%_AO8;51*09)znAxnEfPul+WJD*6oD(>eyK-!v3kPmYB6@E&LOw`0mX2u!GBI zri5YYJAhNbphiANLk^hiQ9F=og+G<}nYvVIBq3$F&wa7EO$&*EdNG68&?ThnQ&T_IVOXY?sl?k|j+o{dAp;`)omtP6TczqR8 zIDhx@ZhJ+~?u@#G7$QwW=^5%~&uT!~Rj%89GOPTvS!BV8?Xx{vA66}CA`lIO*O+(= zyD1P5PN`BlMiNSH|$GYnHj|m$~bf*$vC=k7Mlj|9tKlgnv7C7oh55ppVe8tY-DJfD*x5-WTnuMoz9zO>{K1L}S+Nmmq_y1ia$0O8AI%EI|p}Fdwz(5-N&HbBCoY*lb??(ObJf^at#} zHNK~ILFKu<+uzo0*%3?pF0^WRVi*1nt8z!Towm@oWN6u79}MA>WBxyZ zr5L@kD}nKX0-nW0UZ&#_fBs<%tL*Gf`Hr`R0m4Ua{pWKxb^!x->{44l7ckez@!pa{)y=i$f{T|N zM_beek7HM55D@TF41X~Mf)q(8={(!To_jX|@2o|vrlf?NBNH)@00l=Q;*_EXmN3nf z;2r#Aa^Yi>$N`jKF;|2}3Pw{r7j0UimEd%o>}Kz?rQzDekliAcv3XMvpnecXuP>22 zokW+BTz5IID|ubT>uO#ux2aHkx?r0M6T|T{;W+>76#0El}wjVg>OAP`L?AOv!*#{d~U8W3L=y5Z5TI zVbQ0x0aRlf{aUnoDVxh+fY`K1Tm+9kv1;EWcpHdPK>OPb_GCl+RM2-Y-MYsAZis*1 z(C|Woe^KZG5v(Rn7!1a_T@gBPPzon-jwBybtUrPfuNVtM%<6z#Y?Jc*H`tA6AL#}b zd$b$)R;)^C>pT8hQ9>JAe;b?GKX6;g8uH=jp`}Oz4^)!7NdFE((9IRQOnFoR(0Tvy zGCN@(yHSCY*Z)snCD&DG4A#fj*DbLPOX6#mVsv1LJd3pF|0u$6NVoJp386AC%$|tc43XZGTmHbBr60j3Zpi^R z2z(9UxjLKuBvKTW@CdG!_dy}KAdfMS&aO|Z$-hT*LCP&q#Lc8mmu7<$3ZNURO}Au| z(*>F&2q9KwVn|V)%CynQ+q1TPm;>K65NJsMXo5trh?a&bN|Q{gY&6t^wE;#Z8$lb1 z2753Ys84{4BNDMZYGQQhQgmD7GGJy3QC~biA=?n6H5QT(OvE!7^do4T7Tvv+v1JI8 zrd__5yK*o4>|S>2UQCN}AfqHjt1GP|*^QJ3XRO3Uj-Erqzw z);dSavtRbFOYP@N-EWuLi#&in#P+LwfvRVh2EU<@coMqM(kpV*%JD7@&?Y$8jb@w7 z{nfTDoT-HE_z+9EZ?Sgg@iN23;q2&!{nBcw8Mo){Vm)}1M`k1s&!F1xBPIW6DGytF zq-2kkps!4B36yKkETwzT?I+1Qo|kSXl`g+sOn9x9OL7S)fM6@c{C#Z0KD2s_9}g^^ zg)|jU0$!9%?WX-`;+AE6`&Dj_LUiyG-UqA|7LWa$^-4HB-1iuOH3s-bc<-u&EH_=q zZLFv~i=048(cG3NX>YlbcVU{9ZqGM>7_S&eB_jn&oHjitq|vF%@EQK|LbrBTJ8@UH zZdVjYP;K=c0@vqXUub9V+UAlz9#batAjd_HLrJe&V1!pw#Ij__C+u?fxNIa~>@cy} zKzfF8SPU?+`&%O;yTfq{w+u?}YdjeCzc(?6u zoA&n`wWSL26zYFJMX&9o1MGYI+a>#h;%?u+F-s>ui4T*Dx7XoS+zuN6m0qUV+aHS_ zK@5m*KhX`(?$0kLF7qcZg8&}G_3lZtKWd&|S=RbSCkX&Jz&>|?oppde^8k0&0o;Qz z)L*`zzmkH-B;LI@EVacL_~8I-)SCM-HH^R}Rp;`Afy+ z!~dVRA5-%mt(X1_mnkv?rsf<6S6+bD_$FF(lNav-JK4zY6%va=2ZGZkZd zby&7#H_`Q?O>2@5nLY7D?OVdHz83hUVtjW&Unb2rYZ#j-%N9qQX+&Rvvl~Tn8KtRv z{-6}b7q$YA4CpQ5DRyNQzUaf=r7+ipql3OJ=-d{%=)&b16A1`d*ucVK>G0|p#+V=- z)F_sCp{H50UQs_i^HWGhy3@?)-h;znvOegDKC%17p8ml-?Wc>Sw}Ut?`$;%}^x&sm(Bqd*s364a6Y#;hJ)Qt54L*` zE-}xvDagCV(!a9k|EXlxv(!L!_S1t=ytoIK+b@;_gO47Jaq>1DZ93SGCPM|iEA;?x zWjJU&vv?iG2e_2J0wD=yLRh;EY;in`=v%Zys#>pnqG8<@&g#l&J=7e-tH|4-8Qpn^ ztg`l-1MK+&ghNAlGa0$0Y+Ykhv`BlkA(fnLT;ehAI+S}9)Q72!Kj=Lg=-4)7{;Qc? z2QNl5ryOB7A4G{(XCpWkX#ri3xpQDX7>Wx+wgFuhUz9NwHDrpJ@FwWmMf#XJTBJ4% zSCB9u32NV+TC?DfMCuB(!wpUne7V7T^z>npeR)>hfAuho$aftEi?mb%TjtvLw{IVc z^mFTBC`jgWYDear9gkToe5hh55qQRW>-8_wla zt3qVX8fg1K`*Nmiqgp{y6cPN8W-ybLPyCz<-Tqi~4_)QDFCJ_cAIzh^xx!tuf&@F? z7haXL`~ypF3SA|C)XkhCa4XKJYY?)^lSu|VPz>a!L}Y4=;b9~^#;PkQ>-@6JEe&N~zpoG8kd548=4+WJH7 zibL(C!@*}~9bqR?$Mvs$c34(xV|#rCYkAEPAkguN%09lKi9Js0$OAy?O?0pPQi@kg z|BC(u%*2bfXhq>)BKMcH<^F=UI3@rKK-Al`yojZZXn8DEqkE44Js=kWXLlTGcO6Q< zA9MCAQMMaJJb_U@-}ks`_c+S@Y@{>=K{KPpQS|u-j<6rb{%^bytMks-zI!-tbmtL% zd%Sn1&~?%(DAigTkHPfC0lvrqC6T2{$sAhlcdSvK8N7IEJPOH(8S(Smb{ZF5@D3JQ zW`8=gZS7%*ld^7t^i`b<-#sK1{6@w}2e;P(x3GVK0~^op!c;BWk7qL7PQx5m`N%~J zljA#hO`c>|9oBUX4Z1Vb-Wz^3K6pF0n-7D!>Ov@!D>W+_>kxOF=MK}*Gj4{C|NVY3|JX=~4MkK(I_G&qT8{C6%v{16<>yQ@FZY)6gCc~BS?t4ZT zyps~_VLHO_&X!w zo|=K!e_WD+*q%1d2$PQ$3h-Mu3F-AtewXBCC4p&V64K+0iG z&F!Gol+-rIwkDYowjT`JV>ZW7lc|AgkHfaShb`8pz4#We&7!GpS~7L?wC2>oY3))fe_dsdt};-N{c@FiY?Zh~0;x%p?9b5+Us{E(@ z4^-O8`k3Yl5E&XKm>YaJF-r3|L~oOA0ikEva8Tr3nl z0qrP9^<-OAsG|Uyxjcp4Tc09kag*B_M6(HZ>ag1(Z0BxtJyG*f7d@fed*nm|7aY&$ zXnU8PX!cd-Z*~4VR8@0+KeQ$o;?X6Y>Fs-}NBPxIL$zez5*#?Y-K7+1zaO*~uKIUp z=Q)~rC*7lZGl3E~e|x*e+gH7jQ1)7H*Rl3A7zwF=WT$5#W7z{b5X-Yj*#ocFp?Xr1&djJAk=u~@TaUehB9r3 z=}pd}%RYn=w^^AywzS484S96}_OZ@_m9N@KGM3P;8BxX+S`(yesGtmO_I^^P#As zYqSlO21s4jkJ-|a@lkV9be)*SA5uV^8e4JWR=_g6tY8aoJ0%b;W}UqM(Q#y;4C@?i zI*1(1*~NnkQRE<4@(mVC({$Vp&7_ec0ga-{N?IC5gz*DZc}aejrT1rcU#7azypNPs zGu)`)v%nY1L9_6sq6lT1?Onof@d-(E+y|p8SVWqf(l&0UD-k@-lmJ|E;(%E6sXf&J z>vwwy(MuLkqMX^x{&->PW5Cpt7x?Hn(t0X$GUpu$oq1I58`&y_cquojpvu-Ik&%*>h26% zkI#ymtCXL|y{qXOyUUPAm5R8DpLpxIGr9+NUk#t{S2lgn9GNz#FxiwYlcRF`ST_d7 zn5jz0IY~O9PP7yYn{u*IRvm6(u<>JIiB9osIWZ|6&u-is=h6<`y{DtE(jrk25aDEm zcmR8p8wV3Lg(SM9_Q&10jYo0eyJ%+jun-s#P+6eWKt%|d8w-otgheg4J!keCOTum8AHoeV@1%2)lGv#(c5xWbb=#$pL~{J11Iuz0@HkucH%8=DZ-4aI z=}u63M7zS=C8$&AbqptjR;6yGsI1q=8!Zf?qc zgeWx%sD_N`5Dv=C&>3ZjC(Vl59swW{wLONmrmVYs4_WWg-{Hilb{5QD7RwRMd;)M>lF3^#{d4e=Ug(vunp6SJK5}n*{!dmi?41C z=Qb%ba)|^m8Ygt=a-qV^ZBtmqlY~Q>?sgG!IL3MQ731hNqVW>DGI3W?Lko=un9&{D z^5R)ew)si%l)#(RvI7|H_uAjV;c)jwzy&i}W^Gbifhr^dTC6)ZQO|`I$7t^mUMOJt z!DIq{#i2(63p=@FzrhY?PiOY$Ji8De!6ybK09^*k`E+HQ0xwS%&uhKIdcy+!0IK5{ zOHN{Am{Nh(Abd%9NiE>4g~LfH*8$f;a8Zhi5^)l9409^grG(agJIlk&Fv%R#1+HQ3 zy__b$_4WczNSU1qtByu1OugIeZH)k#nD5Na%L)}fSnv1V{=iB8pP3nTM}IGz@qgIH zf239XB6vD9LqnK{q(yY30Q)o>wh0x67ikX{B=0C%+ReL8L$)j1vj$5BHr5C_+?nkv z-1+%sJ4Q@`rpD=EEglvGgDDw`73qHB?QU<^7Rsb>`+Zcs6!|NJNADi;x{vCsx6?DO z_@#b7je@wL4VH)hNoIE!zfn(q8@m7(6S_gS`3HV`6%y-U=C-k`WBYt;KmUK*3%4Jd zp$RXB+e3!%;=jYJJ=`ioVjrFu2r0)Bv-5I<`wmx;8xf9K1cYZrOcd>2sewjT> zb|mh1C|&Hi*nWc_hpK|YgCx}kz9eTP6i92Ftu2%llq0zDXr|JGu~m0bA||{oAZ2zo z8he~O;uXG=_@jYzio4ESe?DA&Pvs&@S0?@GQAs|O3jhjKpf}F80@zGvZ5?LXztTfAfGCrl&9*o=GkT#o- zoHR{ZtpR-RocBqb!rEIuDF=f2^XO~A{ zafb8J@{<|`+8MQ@0&w|E9DYy2kB-t-Ew5p3tRjstOHkD!R({Q@O+lpN$s;|k>-7H1)0F_6r_K5jkn5usoG>NeZaEYPqM%1xfr!UdE6NyLn)q9SbG3Oj$fqESIO|9^*oq zt`O&-N-Fq(mOJuLmSK~@Kq@tRx}e4@-eKitK0kU`j96gyXhd8a^TR)a&6zCcR@;YU zTHr1Io?kx6x&8PSI}E6WkF+>yunG&At+JWxet0UWF@WbZ6XA8)C>+x`i{U`=mSQb& z$bdByQ6H2u3umyc$te!L8+nUsX$^#jcQW<|6!BgHgrK0vU>{z2?omo__Midk!8!@|NT z?$ktj3SNC2HI4KHy*TBk>FQXhNM`525xLV7TS5@xI9_3v!|MbYj!w#;rk5?Y8Vt-~ z8b%{HaY8uQHd$Ga<@jUv3EJ057f(mk)-W>gs3fw~ZLAAk22Es|f5?5Sk(yxcup zEjeYxzblDmpu`0_K#Dd>||!1k`6rW|Lup# zj)ow0z$9@J2+PEjh+$O%E(jLj9%`ODgd|z=9ohDSWR8QA7iUe9Xt?nXhyS_PdV&TK zRNEu^A`LW1t}BGslIstR>i`tA&qGJt=zNri33h||fR`K7P(H?E|94~aVK07rTt4FQ z0dN!Y@qU_3b(8Xmo;>+(N_Q6fdr=p0P4aoHo^_Rem{d}J+85CVU9OGOKdS>@f%FQNvu)X zBL36kC(18cx+ejUxz;YghrwC<3{}1MmAo1DjU2&_?;Uw>*!Se4!+umg6!v5CabZ7_ zPYU~q`LwW~n$HaTZSpx`zimD*?6=Q%3j6u_!mwYEFADqJ^Ce-wXTERP@00Hz_RI3+ zVSiA5SlAz$za#9A$XAB_k@-!p{k_N!%W~*hZnBE=dVo(Z@ZwkP?viroO2^p^wp6f415@yS< zqg`J-77o{u`gt0->}hG+JieduxELm_@n|h;S(|ifB)l`vVh`Ct{~%u1-SMShz2XU?)(Q9xB^5djkGMOTgBOCX9$=kQRyVd)Pd~&h3FY^q@ zNgtm5iY(Pgd$|oOKz{-+P!SiH!sl!sb3nPoaDj+?NCdSX3KJJTrD*la=<86v))OV) z7tj10GgzYN$fx2@+cEVIO1$PxhV?`=8%2YMia2(}Q@lLS;LmZ3@jIi-h|m!;2g3Vx z3Xh|Dsz5^G1)JOYV^p!}Ynu?aS%CP&z0HT!-DS2zuCg6v43{M)f^j(sE&t z?jlqk%QVUZ+RL!*Fn}zmt$%GhsoUG*9=UoJiLvX^Qv_D~v?p#f?P5#*S@Sy`^7(;IN6{=)jrC|XDyz^*A6=HlC#GIqdr%oKq|W3qtqL;RY&Kity2G{R5Iunr1TRiNlz~8poVK@#ANp+SKIZneUF;Nd>!bptfGl-1 zE`a6me@s(ZcXEZT`UXiC zc8%pY|L?B5qoNqGFbjfP z7xaA<|9&P16v{i{;G_VC3CIqNa5^FBMlt_{oAo$7cFnL|9JXCydya*j3)^bgt`6Iw z$6bYG3Y)bB6d(f`4-fo&V82=*BEzH|Re4YIWA5Wq6)^-eosiPQvcbTl@sh!w)TfTq zbEZTeRAEJ3&9E5WbY9PCZ0F{VLh!9_ClDU>}C^FI#3=E>YW zo!c|HdoH(|wp@9Of{-ze!Wf-Wc5BM^Gh*!GdyrTBKCF0W2iYnaTc~>D)?mc&N?+!`)T5Q&=xrc!y(?VIc>QozZRcl4j#(ZbeuD`5eo`RC64O!VLR70fDQ zBQ`+FY_v>rn`2f@R!OTLlqW+apX~67kyk?; zJyiuW{5VUgS%it-LMj@D7aNomz!kjt+;orxPDj#dNI-^G2!r7YjAj1qXDu0s@5%hn zGP_rvx?fA(b!q&I%pS}@D9{^Y^pR{9?B+;*HS4yD9G`Qy;0jWfK>T#G@lY_>H2myd{?5 zP?{IMAbO!LJ(&n3QYl=LyWEujY4yxnrM|e9GFH5CYu^!F++culO9W-#g1l_leL3-y z*nUx}JPe^`T)I(vc7QM#RBbby)@;KY*M1XyW+{EOWPd98KR{X-f23D?rj$O1xuN8L zt(ACXT>dEnW#D&WqNugtBs7p+*EE%-K-%>jr_J7}8-dGJvMV zXY@sX*n0jnjJ3rT&X_BJeG=8Vsp>(7c4k8;0*@93Oa6E@=#<##3G1b@YJ_b)Y`11K z;CvR&l-{)ESLo?5ps`={sPy%4)+j{M@+3f|>bM0K<>*dD#lBQY|4^~tSNtnjk(iw}(Pph`Mk3VfUSqq8@7_0h znat<<2i%u1@5LzBuGT`(Ul6idJi)hdy$90D_zmIZ5K}NxReq^y$;AVO5psJLNQ`NB z^+e#cJ-QgzL>f_~TmhPR>{Tm2CJ{HwVwZR+FfS`&!E$u&qO|Z@hKgdMNio0?PKZ3Cq`#6ca9A4au-nXQQQ)6+jgZ+DiD)T zlI7QdcB!3SGfE0y9wd#=WJ=VxG2HZt!M>Iek7&pZYf97jdWgp7WdofUor=If;tg0* zEq2>WB2jiih4cC9>@&7H`3$KvKu!Avebe@E4|8o6t9mw~14U#BSe+9vC{xTV#0Z!N z;!Cm(p7@&RQal6-Kfngk_CN>KnH3^~lW;Q;y94Z!JKE*^n&O2po$-U0hYY~I>%n8l znHb22vO^CZS*2fDt6%li>1W#b)S~MpeN&RyIkeUI4m&%`vi|HFnyt%d3N?9xDL6%5 zOvY<8anP^^+~FW}ni})~1BPfV?Bc=95OYS7zY+#YoDfbm<2f1&A7RFMNbNpo!omGTk9k7uBKh;JrRMO(|0-Dg4tRQZo%_nH- zZRcaob^VQVdU-lD|E;a)YMJDxES$MuTJ&p|QGEvL2C!i9g4SkxxNibF?uHZxf-(-S zufblY}t#s3MAV(3s=>7h}6HrUFC2Byg!v{=4eTC}ystTsqJUA~U4vFuufTX@rZFg;%LW|MuGXh?AE6(@T zN2lo7B?j@!fQ{uBwCwycG7A0Sl)-AwUslB_2DTt$Wwh~;TgRz3GkO-3NoO(Z!}&Jx zfK<-$8Kjz+6?b8X=>>f%3Bwwjt+hV>gi1rKysbKj`;(R%J%BPQ} z@k6OSm{M(*<(T~<96uSm-<#*;eGmZ5qMb-!WLrMjqqZ*uJP~D=4#AFyUC-TQe5ik( z#*d^hMU$EA?!eAhi+Jt>R>qt;V(Yf~IoEQ!AU%dNGsFs1AM6(s$)h1)UG1$d^hS@8>liPy zP*5uQc5L`4*6rFDaq2-WTEbUCT$|Z9)s-8A9|p-h6l&2QkJBZ^$Ruz`fK@+p$0=+o zxaQIgrR7;;BLcC?2}v|qX+5|a_LeIPau%%>m#b7=kLV$HiH5N1lkdyT;|cMIlq=#% zQdN*qPQInDk*ftFik~uwJg{RJCV@xF9)m49c~v=1u5pt$OQAD2Y!BQFg&rL9;rK({ z;pzAUkcU~Yl(fE6u&868)iVt0VYtq>oIVQLMn~5df$}Nw%mX&hA^%Vh>JofoUHpOg zeOe+&CI2eG@a|H{OsV}l1kA5Vv<$NmAcZOVtD{*xZo=V0sKEHv2{?v zcsXXh1|YovA4?Tw=O^&cx40&XCbDqL?r@NmoLvDM!4m#>EX38ZCX$ApCiZfi91J0PzyG`_6k6NNzO5O;Cx!(6c#ql-Rhai4Lay9N7{%R=aCB4yf4!K- z9c)p+;CXT)Hxv=fpXUb04Lif>Ej0|NkhvepZG*8Y_S}mo!pM_7UgIu#<{O+N|1o1- zgBT^Y18g?fSw!PoOh~ZL>6u$`N)9f;RTUF12opDzoK=tEA7Y{WG@a7-hlCNXuajYy z>8Wt-4Ytq2PN+wN!ymQ}P31!ncg~9ze>g`m(T;QgBo5F&yD7I@a+{DT&n;D<;>l=^ z;*MYBb}NNBy`#d#4nTyUC$YbGE{c{T8X$Scb&7Q&e0@5KhUvGQ^Jj<2-!V+Pf7ABx z00PIMxtboGSH?q%?0UXK%m|wTEH%KEh*RF0)9&cxH z>g-8!mA6N^Ec*?5Cl)cz^9WP)ito4 zFz+wZG~JUMjubjchZ6YeJjTUbOD=NDBeI*kT(OrRr~YNJKAVdNzT)64!lPexc2aTl znzPRqM}Kj4N^!Kt+vkcSXKPVo*z!oZyphEqyJ&k!S8FBZd4a#6WQ*asQ+QKXg@zYn z6dxSLI^LF#)}ZX`_f#R~*hTPpFRMI{@C20a`&Ij|3W_`YzTn%snW}fwUD(57d`^ZM z=pQpvmJS4FLmGX}+Apj2Y!!XVLlt|r5+4Dj8pZSu&@~m9ZxJrJcP!%%n^QQH{@IgfeS_TbRNrOvWD6_7Fw*G+mqtKUDJxy2@gsxZ z`G7k#uudia9rL#v1#NyMaN64Y4a%L&S#-!x?i*e%(0r;oai5VO<>yxX74_8M8|;WOJEg(O=4D739*W4BfE z+X<5k2#mHEQi{gPCk|H6?^eR~a7H}cc0{Hjjupfuf;JQQ*o!x00jt<7%Y^9yz?DZe zKmuh|ka$z-6>8Lwuknkim&kmPv~>x$iC%#Gl9*7Hi(Nkni{pX#=+HON3Pp<!TS-hhHBpVVREvNj2{n^27)Iczo1=(wB~>TUnxM~hvI%2=2QT% z=9lpJCv4{95^lyR)5KswQmL8NBB5zH4%}zKb@_aRDNCc1JMdxYwS151?5DNpyvA zq)G%}PstGEdm?Ql&~q&y&Rrz+0hj01K+#6TVTf+{A6iH~l!xs_d;wK8ck{dU?3V6o zyH$5>?3QeUII&y2Yn8LMTV>ZuI8)_}zSTeMKSUwrA9qMI1xjHqQHuUH^>_$_;FC|g zW06pgjFArQKIxQRAipr63=os9l%DFgJDu+ajeILY_qdF5FNnHss9qM3U1PM zhZs&}xPV>j{mqhuw=@$NSt`V%8FRuhFh@+>m!Z{B|Sy`n{pIW~>lne)^)>>p;obM?7wTNe5=wdrW+ObHN_A9dADI>u+l4ew#)XP}-)hxnj7(o? z)Dcw}T;b&H0!q#|r-1jw54#VIL|3B+3miC3<4SRwU1rf79PoOrUb~Q?2Gf1nh^(KcS;Ye}$+0d| zE>I$`e&z$$81}fwDewiH1YjX@fQTwy4m%#_4j>rrJw~V`4+#)D0n*or>Oe))3eG9U z?^08>4Jbq9Qo5BwiM=Cio=dWLB9x&GVPINBAVhAfd5;a&T#uUQG@^MwUBb+O^MJC9 z7P-|rH(Dn@O^b+L!GwX{N*zuie2j)7$2gP6BLO$`K5o5SI|s!;88t`uFv zuH{TQ4w-P==*?uUIn8!LPl(?pHi6J?iFggJ9pGBdRN`40<|5%iSzJYeuJAOQ7hMJi zVB_3)#TwggFa-Li`6Kp$ZwzHTITcUb4j#wEm(Usz2bqv)C;l~L4onwhG&d=m0Z9zw^K8%H*ISqZs!}yzGMq;iY7OXDfMNyZ+X`p_<-2?VZPm)n5 zwL&=Ff4vpTbpgivqZbKo)wE~$dc~q?9II>@{5Ljz$PK+0FU}vU32iSyXF8`BR0IXN z^$F3Y(sPDmPA}QClES;w`y(}2ZvOy>nc(nJpHc#k8k-_`VNj&Cq#cL=V3x!C`V#KR zKyQ^2Nxhaw zCxjI$Bxzp}hzhOB;ei-kHKLFXd544=1seXL=u&x=YXvg^S%WoN4J1g{EDnQLTaVy) zn&rC$1tjtiYRsK&7fM0zf*KP50{`w(+c}ADiDfc!7m1B3)Q%UD=^`ld&Wi~M^=HNI zbFoy3j1tfQ?qtQp_9e8kD2KlSk<2cTm%$vmR0lb8$gnVIf30GxFnMsJT%wLH2_0=y z>iN^G_O_0qDGi-$>{8vi65S7zgF(Au-+7~(H^+nuOJ8{drJLzY(2Ty(MKmV3FsVkt zcSXlP#aX{ z)s0e|_in@m=QX88nM)|~_VFH|ee%-e&@YB~P&P~-kB?3VVV(?&jh`0BozdE@&c=X4 zwkbjXp4g`3-C?thup-WN~e}`&)YQF-;+%tgzDqZX5x1t%n~gtb`?xHND0`jgx5Q zF^y(({G95xRQ*P{5_Z>M3t^AfvUfzVpc@A*a*TOjkso?;o4uGee}ktIE21C31eH!`mpc>iF$2&Z2Y zhT~s#zy$?5RA({{Ej>KAP@5bhmPc|*FJp_u=q93v3OF%~KO|ubJdbeD1KQ*e&UZT? zW?>WYDdy8ed|Ej(`Z=CLcCxvDw3}4JBettE$oYDy8cNw^WPoR)C&HMptG@=Af=F;jZay;Q)P}#AjfEk5*2=b#T|{RrC&SA6V;sp?K?yDL>aG2xvgtOI3RT zER&L`QJ}|cCGJ|$8bBM^!;!;Ib-dVKZj5p#gT&!N#eGhW+jwDM!`Fk%H8pGx4cmRg zcJX@O9Kd7uX6=mgPHNaZ>$6+^)j0-cZneHAhvfb^YHr0RI;#-A8$^F4^ zC4^{{Gtla8A|a;7Gf2J>-^q8W58ZdGAr$0>DwFo@s{Np1pMb#KR3+B+ECgiqS@ooz z&i9MP$K@|Lf0lq<5@drKE;wMO=ezgM-HUjfY3*?vDPQ7N4oQ!-XJzM%T&`;84U^I(e2AeZiL9>Wi%JYizjS^#j8n zHoWYpDe2@f(Nhhm4V?l-oLFc)*AfDs*6`#Y&&Adk-rga1j)FZ#i=Yn9llm_Wq4-a< zGU%h^LXp9?9<5vwy{2}FmXWDdQT5X2;?khlpW>x=))2Pi2Ujgh0+;X(xUdQNhofRT zVV9znqw&CjHXzhu+ zBYS{1Bn3X{B}v{2VU9C6Q7Ah){}^XQB(~ZrozND&STxetYDAeP zDdE*>WKiAeqyyjD=yoMd<2Oa_`EhOx(<7=00|(>FAR&Hu2ipXCV*Wv-<+zo6n?m{IO3dB(sa*#)#&S*7J2GGxph8Y z;G$c@g{(3#EWv}t1(0MnYBSy*&m%HD1vg%%ax4}OjUs+Mp^SNiqCPy#M`v$6x^(Li z&Ex(NU5}6lKSM*k(I(9ATJ6j>{!MfPX%Lp?el96RFNZsmXe|Q^%K~t)^v{4{)7=}` zBTmvoo*h_x8pL?XX*_Wx-Wmr|Sxf{`>G68;@=mo3(%7_&0 zh{gf;f_%aFQ*uf{OEtxIbqn=uG)0*9UjUI#)iz_+yFRE$qjSD%@3qslbWxGnZAya0+1p%uKYT(s zdm1y{y$}hyT_#KZJem{`ki5kYl zd`t2BZTfu#m}77lrAGoNbs$tKx)cG!Zv%5NqKPp7OK6gOe-UuOne>mTjDM7W6k;x{z<_LK$k%pPZW8Nx7{Hk4;Z$J(hP-csmbe z%;o}=lHWK?$e&g9zYsP;H!f9!5=I2nxV=SD$m=JOR z!dBj$;T&!6=Q)@jZt?Nga8GbQmVV?WxhLF`A+g6;y9J}O-9ntc6hvMveDjDnbp8-| z+W7;q>&m2&+0EckV$@F}+f||p(E`}S{(~uqqNCyw^fRQJhw8^fy3!EEnA-7CN-Fhw z4_foI#w{iIm>*FPc}wAd7^@~Aj5Q&~6b=)IvI~6(LUml}0IeXNH1{ypznE{F* z$fa3Wh&}CLK+yzpZcj3AE%ZB+b-q6t1`$q+yD{)gLTd3|M~$Qk#SIwJ{8cDUV4YU# zv4@foa`{DCK~xdQA<~Q!6hnwl?c(p2_S+C+j}^Uju8(swalSjW5_e2tf#d$+?u&_t zv+*5s=+W*W2anXnouL&XqbV4hFWg z5&mZRarEry=$3Lu3Utg?gG83$t1pHC*qMXojfE?XR5xRV5W&n5yFZ5r@oDav#GXss zK3vsn6Wd8x6NE|L4>nKN?GVp#+hPw+i7KAstH9+l_M_n?R9xmrkjD6cDMUve4wzzh z-p8c_h*y1}mMY~>=?MUUEG(gb_$SFb?kBv}alF*gVVJi)p%yJ)6x}VkpNB(~rHjPN zh-`973EP8{5<*pxfXcff?Ee=5FuZ0cY)YuXmmkkqd@?#6FB-Tctf077l1z~I4p4z^ zeTuysTAR762og!t!>xze+1-|C<^q%~i}%A2b#(dx?)ea%#*3Sba8qJZAGa8PA@%2Z zf9WupHJDyU5)68(Idns5R|e^Wi}BC%j>q#VpX41k*~d5H3$pxuLP9pJRN$g&bat(T z<|gn{^ikZ1oJ_+?7LN+$1jp!mfAWBrGlFTX&vb)V=gScIfpj*}1K1luOZ4gpP$ zX&;FeDJ5BH#|R5x? z2v4{%s#T+bg>G}{L-NwvjxYN#q{v8&B#`xP2mT+>^!jOebVf71qha?n+%pY(u7Pz# z+6wYBvsHYWszd#;j;;MQDj$P+sE;TmrdENtvH`K7_|8CI7eQb1BkR%fmC?g^F)%a1 zeuNo{Y2xh=z=U-92$)zmr0aAk%2ecT)ksJPSd#CS($!F13zZ>X6b*E!T0e@`+tfNm zdrohoc~J-84#ND#19T3Bj?Tj`f^AEk-~&AO#e?F`NrxE_rRdTY1fY!T2#Gu#Wlcbt zuFESY3~$F8I$p|)qCZu*ujZB>oe(W=M$ffj1Y#^+#$k8@Tnb!xA>NefDxS~$&>77W zX~HmD;%Cb9X&R;>BbNAh?1{&B%+oX+Qa={I_Tn&Uorz9HZ>Bs9^z;t-1^y+gkYAB^ z!zPuwlViiPm|XLCWf17d(ft`wG_v$`V`qY1G6Fb7NQ}a47${67!~O&FEV@8pUbNW0 zL;lta$I%_PAdil(77uUV(uW(=2aU44)c&YmJmB1>kQH4B0d}yM*OZYhm> zzeL@TFBC@&OY5QVldtGOn{3=h*-he&*o}|hDLOd^-dK^4#gdp3S#7+M!VCmB=oOzY z7(g87?kDWD0w)~*IOgKx2ls~-eDWk0J(j~ujk7%wjGj#GX{MAeKLcR87fBxsC+Y5H z1YknSZXCgSq@@TN4f4WbWza<56}z9sb}w(_?*NCARZOS(L10VY@ITNPU}_`ZSaHOO zi*;Ozzame5j?RzmJX)}GV)*+X2SZ^c!-DAC7t}BeF9K;LK3#3Uxm6+o1h$@5uwA|N zw@XO=`PXMJkL}X8oW!Tsdr&nP)9 zrq=j;Fb231*x}U?!`bGe6sZYaL@(;v8x){zOQ?yq2zD$HhZWsXicyx zTR4BVz-^nHu84Y5uEZy7Y(VHU9@pHrg~_Y`y?s&%w`|*3 zsU3k7hSQIT;S+r)v=s#df%s(bWNMVE9TOmL+>_Ns`(X%`P-8=@M0mU&wcqheqDx6Y z%0!2Gq|fTNRO{57<5iVTraK&oHy36A{a~@-P2w?I`?Em(Q8xNqnW<#xS;&KeaiJ=7 z0EJd(kbl`1i?9~mT}{tSjI?QIqR4P(flkwZO6&;_%1z+Qd^%eRsyXxFWV|)x~?NVC9rrvVY3$wOnv13Lxxp zWgKrt+QPETvMAX;68XaM2>6@Kq^8w*#26Pj0m-1|d)4%yp~~iM+)CqMd@$;57zV zc#U+tx$0getYN4DduFcc{=E24c|NaM(@_+altMlxvmf_*oh_ zcgW0Q7m%(yWLk77ahp87lrGG%U@+SU#fP{BV2Fi&Tl>#CjMc4;Y=?Nq)-T)1B&&Y_ zM<~++PNuwG4T0;`dK^rZ_$y(Q0UpnXlDi8V$?onDz_?@!$b4BG?S+S2xuuE55=#qG z?BaNf>b`@ddIat%1}mB2Y7eI8 z1pYQhQqu;p2vPxb=4ech?~P7wLX72&9Iu=lWOV=yuM>hLtu`}y8ggq_RqUDyUQdbr zOT})GCO2j3@G=*lM;G`?KWG87W0trre&CspB z6H?roqT?HMpf@^$08%a#uD-8s4^!it6mW8=(@OAwHurWh7HF+ga9*yoD>9oGWvNH4 z*Gfv(o8N$%`1m?a4n&t0O{VU*b$hX1k?OJ%a`_fb4vWj_Vulmub-yH9?TW^BK#hm(TEYH=~D7MOM}6l^FvZH(SS#$6T-~T7+o_8BPPwBXhhs@R(pU zg*PPzyUPf*A`b1t+kRYuk?%26`;Kr2*&|$6X^GzIe}4xkank?jN_^2zVKQ)0`a63sRAh9z8(pJBQ}3f3Ut6*3DsOXb`HB2^ zh~YTj(A@7VXsLeOK1SxICHQw2K)9ttbvV$XI}`0BqZ4~*r$l>HzA48)E8D%wy#Q|o zM<-Um*?(XhgZSKS_GKeL9+U*KMkGw&DH+*6BF3bxr0js( z%D0kIc1 z3m~6X`5UksVDMU*T%BEEq+#$^<|*o`fXPJLz{E^5zH_;I#NxeRfu3>k2t~Uh_zPZ* zN3wX3-=pY=cr32PRJ|zAciVw}#v%_6AS}v1yt8d?_YPfg_W+-5yN0_*bxrOa-7}_t zo4(TM{+NZ}rL}xQhpWumuUyAZBtyrQN?t9+ zOX3Y>kM}`45BWD>1H+UhGuX>FV>HrGH+=h8KD~T~5$k&RR6<;FB^yAE-c-_FO0V7= zSJTR{WIpT#D9VxzZr}BeK+$zYeT;NH*5)&;+@fL%K=RW))U7<@J0x(;^9lBR7XL?P zFJr5C(?UC?#2Nb?(M3o}srSM3agsI{T%!P!tMvqGWL(&|%e)7uXKhVmB zfDiD9KBkAHMPgo^@(>lboB{iKC)T-OOJNa^$Qd4JlkFL#D*_Ojw7wm4wSBY}2SU(6 z0jnUv#vX1@BoEp|4Tc4iC!@cxuUq^z66%IQhcn5#Kri!Qm4$c{J4!0Ru6TsdZmcjU z2TB>g;j%!mZ|24+coxrJxv-X3t}ok$a=e~uAZHLO@mK}pvQQD>F+6B0@GWI2WE@h_ zLG+pyS)a8NLfgPaWdv3Qb)p*^<|f(l=+sQ<3%NCX)l}rqX@I04-O)Bq?N=%QBBcvXWqHhz!kb5VB)d zV-x8FEoeq0c1&>$Tz&2e8VE0!9tzB`(+@SN7-D`sg8&ohC}-<;|#=I#lS-_tL7Z}ehS6$DXMu{30$a1&r3KV~2I|G?-AX;LtT$tOVusiqh$ zrb44a&rz31XSsrBy@BLZ%26o_<<2mc)GwL3tk>&+<$J#j!Ww38@8u0P*+Cnz`kul0 zhiim6Kn^4xlkp>jIcQcu5@A+&aO}r0i&&uOD07d?B2p`uNFEt$phlYwEbce6CeN_y z^c0*^h0BJoVzTBkX_~CT=wuuKX}N!Y)e~zas}-RnZmn}C3U#k@ zr4s|qY6QxN*?+n6WuETs|ad#RwwkpKN3wj0sji3&b`TPm%3W8!R!_O@^ z2+&=Sf|N=?FuwoHhNR(5)*hBTy5w4PXFUU9hFN1&VM*v#2OSYm$t`GQdSpj*KgvCM zV^IPm$GM~*pd%#`KsO?w3)Qx_(UC7Un#FQQxpN0x7iUMmu9J@9%TjwV2tjT+SK>vP z%p{||3K=4ATAiTKM%qn!!rBWtbgAA}OGl8gYGEY{ovh(HxqUK}$pQ^wyE`0=rj@BU zH$MeFLP(}9)7WjW)e=_Eur$E7TheusL6(w}EL&$Fvn3g9tK+j2|H0$l^8Itcnu*Sd8A>FHQXG2ab=kd_v5+gSwx(wOZ5rFW_2Kl+4d5|4Qv_@|M%b@q`z?H-M3DOGt z0Le9+U?i$PVFwj>@~G(LCUGOe9!mKE6KX@?$Eq742B74|4!V4VHC@O3MFBxnnsV)w zUm5@#j)D^=p_87|aLed>XLLO(HTucWuzmn=3ID;LF~b^@@@WJkk=FhQ>a6zY(KexW zr5c7;LMs6r$M*ed|guUZ&{0`4Ri<@EL)(AO*@}BA<1-Iso_)yY3=oMbC z((pQLzk;6l%vySO&7WCwXVt3sU+{Y=o(|5CmjUmJkq2y(^cCdY`}aWZ0s9_iSxP!Z z{VnW6XMF+4qDDSTKZ>=l1zYIBh6Mvoo0u5CGl=oK1!YHEs-cdFNz4i()2ZB!fkeeN zQ|MqUcS8yajbnQ-c*&zbjY{L94>K0z>-YueK^iFfph{WFqog~yWJvKUX}%K(eS`?^ zikpv<_J~{QKH}BYD$VtV*~+5Qoaj}tZc>Eeq(t(=8hIc^j6oaqF^q5t{-}?3rH)Yhh%_*v-=&O%N0>*e0%^d4 zM%ly^yK~w_(od`d<1nmyQa=He@j&5r1qiX!Ph_;gz#2>(+rz$c1n;`ZDxqgXVT;!Y zs_|{!)Yt7>eWU=neGNASKj!f09(qf6(A~jt5j%-iv)>b7MygSwBv2DhMXdcy(eF(P zfjmb2zQ#GShFu3-s_%-{4Skm`h!B)yS9&kz#Vh_53O7PPQ#HjON3j9rHt_I35t-TL zKF7O2-^06LK*qgLIWG_AZ8lhCy`e#!AGUGWj+T0`H0H0~W4Gv14Rv@A0Ryqf4G_qn zGQ@--KUZQOLqXrycuGY1bu6#YclOLp=zlUD;3@k3p#q{qm$97y*-#8gPyti-xNSgA z`0tSb@NGTcZ40<|18=fIlMW^-wXd`IBA#)<7rd*$nIU@Sv;`~Dt3}p z!*koHX#<(t8-U!-W~Z~>_T<^h3}e4c-J5zdMm@Qp=*fIPg?HbDwW}fE`7wAsMLE~% zjhH*S8G5GoX(OQpAfz=I@<)z?N$5VZ^tQ1G{e!$@Kw;{Z8X08Y)~~&3(Yb@{a64AL zxjCaz7az$J-rCpw;{(WEp|Khzas$W4-4uY!aX$hFuMWR8}XRx7u zJ`M_2YJ|}nh@Pci4Ecxb1M$&s>(>V=$GBBY%H(2hFy)C6*fJW>{4guohRU| zMA+V7>&eMf8gp27=+z2r#DfH881+cT;E)nQ$`2J&Aa6w%9EKe>*HaJfq`acL=&p zaBVuC-j5ILl(3c%{6#J!C452XG+@qfSp zCqu=A2X~e7SS4bv$crx)>5iDv;BH+~eE)9vc1Mi&1cY-OoR6$lNj$H;l=DZ@PedlZ zQ;CThH1Q}tZShkG#WH>~PXY%f&2vN*@f538nw%4t&IJy*tN0s?ht2FD#fFiii2iXg z*`;D&sz#iSl;r%PQm5VF%Bk6(V)v>bi3|BPwUbD%BNrlG^`Y1vj$<;9{W%7Mz2$7< zFSvYexhKwSbL?J@-6_gjR(6zQ3j|>cfc=qyQi#5SfM5o)vXZ7}UFANCBu@vAr#4)* zMyc6}RE5_eq6c-OINB!Z!y%g0&#?^JutDnm`1WeY=ydAB8RdcQ1`m?8;|~Y{OSA;R zSBtUqX^e1B5%pv|5Owg<`MJto#f{^ow(V%N2OSDH4F}$KaH>2j^o=X?j!~W5L}65y zh(}&H7A!l+XB;2#6$NjRN3Q`%(Q)965;^0bryxWr66q(!PZ`VNxD$;@_SoQgCsOZ<<8T z2`7U#DhSHR6EMijkn!1N@jHd~-UqrP%j{741>0pe@`fK-K8)Og(c$Uh^j>-`37fy0 z@vKQtwd!wj6fVz~{Evv?i1ubUM{7uFhX`|WLFi54m(GRxUddB|AP}O1kHT*X#TbMG zc;;j&`t+NBJ{JLvG8ck2At|MVRA?j`1Kl7P2>x#wm~n%jar$b zUuo?x#4f5=q^;c`XcLJJol(VkJPqLp#r~k^OP%oXssB#hZpHJ}ZmZkv_`o0ugd@&u ztlOsI49q;iHC6cXQlce`=e>ZAkG`?)6Jk-L-Q%eeJQPeKpv1LaNeQ!qq8Yu>bC@^* z?TkWGl72`pAN{2hRwA6@B@q|`Pfj#UBbqT3{V(3$1kSFa%=BAbFJh>Ri$i-?E_h=|CL zu*jl-$hhDFdB49p=XT%jgysEzKL0nJbMC!$>eTwwQ%^nXsd#OH%3!!)35Zk<96)1p zOM*JAp)dDHF-1A14*dNZBa{xrnUPjaf3#gU{$Hq>vql(>w-a$ zo}UD~98mn)uIO&juAD29R5mTNvNOc}nrd4QJ--It-KkhcfWo2YAR?rNNZ<~g#x)YT zv#aiC2UdE(WSog3VjO%iHs{3g+49lJ5tNMz` zXai0VVj_`{w_?`Ay%4a1d%h#Qi=hW($~XlvN79M!ijHbT&oJz2c76=|kUHpeE3HkV zqw24eI?Ea}8qas5c7DcXM-5lU{4(D?-xDr<+R@s4n`a-#!c5C5euA@yJ&Ep^7^Q^7 zoN4SCe9|Y2cVvhVX(3v>reojac>TQC*b6ik7WRfYn{WIPUQn864G0dy!2m@yIIlH( zaP9R5A;%YGgfz*J@=y!k`9%P*Gz74{;tce9*ysFEG*pHdT_NTzI6fl*utr_fCupkM zrpGh@g?!2p_rRhRk6cMg*7L@h`QR<4ws#gCRT{NnDCS`tM@JI#5B9C}?2Y#Iazn<6 zS_??zU>}EWKE%nVVe!1^D9fw8VI&#N=mZRfyurr(UT6P@Fwgkd)E$ufxOOcK(#zsq zA;>I_PIkp7Lgds(4GtSB7tAw!F9CX}Re&5uKo0Y`Vkq9DG*R75N|nzs9F8PEY^&|Z z*4$|`gx+_mwvE6sv+zlawUTxzS9LflBp&ZxvGd`l#AY(ya~(M2s9Fv|%@gDc zd63p)mLdp*R0vRa1WJjAautBNf*dixs9DixZ*(#qxZ)qkD&iqD=QTm9o4w$7&OXBi zg=WFHk;%sxbZJhntJ`0Y6b0G<9ikl0B(GLn@h2_*qk*wIU5rED0C^p+H^;@L@nk@X zQfN~#B}|I!9_{5W`#ZRQ6@&ojpc8<)&Z!3}8UdeqdMy+S|0ZJh7@7~hhLHl{N!f+q z_3HU&2{uWUd@D1+(9RYi3ct?I-`ix}^-v#T?YTN<3w*P#wf6}?u7pysmjkTkGJU(m z#HU$2fZ0a@WOG5>K@ead%KX6k^S74%V+Fgfup+|-MQ;ph2N2{PFbLsjnY}s6cKH!> z{qYOsI@59Cci^szb8{Eq_$p!OI6j|Okm#_`q(vP?l`Up8k)UlthY=0=laVqm?T zLr6owQb37Tn!rIgDh4lYmuJ}{`X(-P;@{xq)}DYH9g!>SeCM)~wmSC(reVHMKv!Uk z;ryaa{$kqFYsD~sfguY3&s@V!6+wh{+*I)vC&8`d} z)RtwxI8+nT)NLr*uVZ(!#}Nb_ET5q8=9d6if7^{U!V!kU3mkVA*X=u-J8>#x4`z+N z25n!!1>n({nZQk2xpYw^jR?AX2kkF$WWylN2lOx@g`lzVGW+$N&80h+f3`cT_Riho z4>CUZET#2Lx0pjUS@1sy4-?KBQIy2bkgnVTELb9*2CSq|0H+^LxfbSM#A310g@?m7 zL-P|ZAg!c`xRql?c({XEP6)Z^_lH9S{W&pz#4Sdkfdx$VDF6wOlEOakYNbXe{bMmk zu$LByne^cm(fd~fm42Xsuple&x)vR0c$-mWt9cVz`yXA68pc?3jr=3YTmy2N5IZ0Z zPy#Y2R0qVqSqx}#kbyv8VB=lr{%Q$(-OK6C{3t!=tzOD>q zl>P)2Q?}UDel|0w2XMnt7W4qUV(f95%3fi9?!~cN8{_#;Ryq~?3V5@8(F&k{z|G&W z+<=QpIXVWC@jqx$AjFPm=JRhHZj=Ec^%#yBX9^AqFazZ zTfpOOf#aC03&|D2GY^HBvP%fkT+71=*P?q;jG}wuOHzA9Dzz}7SG)iTA8>9l_orG5 zX*|Fa+*Wa*5!%(NiiP7vG;)MTNW)O1sG~`gYUAzA*)rxl4-;z9{P43-N5F+HvR1S+ zoE+(aapL!DJi>6{ss!*(mtbsA3-~=3^)A%%?}TtX#&pp9E-q=*3=_o-PJwt$ReNk^ zk4K#81WtetUmAczrm*0%%$<-9G`d;qtZ5uLdbJzOR=g0ss%2*IN>QjROdM=-rY5ohz$CeRK!(Oe za(T&K$#Mh1X)wZvc8mXLM5}V342VVUehxx9vdMfnI$kH8E;AC3*u9aM3vvN-Sn1eR z^)=L{#v(_ELk7PL>v>0t)r;8|ObkGWdo_Agbc1~U#3x!b!vA98zj8{9=Yju-s}@!Z zyNXbPgiOIwY9Vbv@jXasHX-CWm0cK|!i{m)ss=ta(x81COE{%PsA-npa*;axWE^?0 zNW&zSw~7-3dXt7K94^>Jpjaph!&D$hE|*F&7~yrksx5L0iPP5%ArpErVexgfG5ulv zr_t#?ta-7$HMhJ@xDMoVIp0y8w+Ziz7%h-UII)lRsdM zV(bK|ZYJ$ql#!xsV{nde4+mdK(W=qQ+Edt5J<7nSH7s-gS3Z~c$9 zO_*$LjH?aJeE!G0oMIzlb?LVz@A>|K+wiB))-_d1sJE4xmzC#k1?J7(7VV!3CQuXndhdH&Sty0-q- z^FN=NpISabpZ+WIxahfNj;-|!Y#7LKRwDoLbBM0B@FP~`^w zMoqA^F5IK*dWS_1qdWm*LtLc9kXz?G_vnV!BT+vRva_<%$t+u!dG67TJmz;JTi5X1 zqnq;IBiXtUKRJ>`H|uw4a&>9lYR^5or5BAyAqU|>HWef=v|9TOK4@%t5>CuIcuss~ z(XDx2DBCUa(l_$b{s}rT!IHm?yh?H;(eMdcen*j%kwjxBXziUviQs6N2!zhCE39@% z5}Qb-x<}l+Qq-@lfxoupQw%)^+O`RR5EgYml_r&}{JFSbT3p&MrvG%PY5k#qL9h4) zKI%tYzXYDMV~$4rJR6}h6`q{l${pFR5g*;w4&5^$w^ecL1<}?|>l$vdkw!P?zeg6X8*!5(DU>_USvYufS2&((O9TCKNQ%ewt7T7?!d68x~bw_$bj z7Tf6-Re;4UZq0&C=V!VOeO3LPJl=cXJFtN;)2GFnIWpylE zAbhHnStVj!w-7%IJ)y*m5*en6tTVc+C@!Fpu$YJ+NJA)4eHZ0MQB;B6hJ}MunVe|w zHiJ6RXhwJEZ$kJP2KzV7Q;0df>u?(7OrO6+JceAPWyPn{=})dYT7+k!CwnRv@C*XTIU% zhz%UwjLzpM_d=QO2+v{sD7)vlmE&Iai0By(MS0mSpm}y1{-P^Tg__2F;n5P1bQR2f zOa3T-Yt~LO{Yv;Iy^EQDGm$N2$hf!duV_mgJtg8n&!f|Vd5w*}%x4^39PT$2X%N$K z=lYm?fAnbQ6wz9gGPRKeg0i(a6t%Tl!V&U${vvB9-3ewrqhvp2Fjx%vX7+gIyR9Gs|oL)#{VDYsP+v3-8s@J-t(%4w>U*0x|5RT3IbB1ZGcQwI<5n4YZL?E|4Z5;oBgEy-DyHjqZZEFp&b1R;LYdE{CU}WzP0q(bxpTq z%Vn59`@bs1qFBM`y*9G(rt}q?Q-@(~Ud;1XJl%xsLUi z*}OQK%(G}t!@+2zhxaa<@m}klw$G3~l!0TS=$={G<0*S38be)0-2f@60c@`7mGlUqDbqGNnKy;YFMnoV|aqczdjhzP4bQ3wc%Z)I(? zp?{Uozk7Y&oH%;8_@-_>-S+*tsqd|pB)Cp(y>(XcO>bQ|mHN%8Z&$ZHzp3r}om1Zh zTMta-e|#z({g$@x#|2VDEl8qM+P;U?Qkv(15#m5aSLTmeaM7UGt?#pDLL(B!JRZr4 z*Ae3sv`DL`FZ8mHZvDT?9a>tQs_Gof+0=%qs`QK5nU&JsYN(@7NTn!*eN=4v*@bNR zd%6%Y41`}QVYF^~!Pmh*EGI!*Vk2IIR~o%>I>qK{V5kyv7=x;XR5f)S#H2Tb?uwX- zTE6AAh}+PN;seLLP#XV#|9c9F&S8D=<%j<`w!oMDES? zdPdM-z{m{wh%}}W)TAo-<>2hM6h#*z9>ey@6_2{%<(bxnQQWdR|~nd-`k3<8I81d#>`BA2(wikt;uG9U3yfw?629 zl>cl!`X7I`oCxwt$227niqLv6-Y1Di(}K$?@c44->?6~%ZSbI3P` zcLN3XfXE#nZ-ThG&>W7izq%ml2{EX<(S?f^@Q@F}Mudm5v10c1KB-Gu4`pBB6y4Ar zKG1r&to0D9!u+8ObS$z78|@~nie7(M!47Xsyg15>as*dFr7t-kIvmL%AyrtRb8(T+ zK^F&m4HTroYluL?z7%)+T?I0sle>z+g=`v5y?jvy2T3^`JMUOQq+PKHnm9JI-1vl8Sm~1ODEK_FSW3siQh_5ps$ z&Mi5kX<0m=p2c^99Ag!@?A_a$xL^QSJPjdzv`7Vrd1Tz_g47E?|KIg<28}jOCIyn9&I|0(AA}-Nd&7g1Ubm(erU|ZL&AY^#$Xw zlcq=m0Y4vXZP8M)N~aeaH08@8ymE!2YK)%pFbE^$(e4p6pk@3eOPX&=3>ZvjSbtA? zhxQQq3T7KpmzvWE10VRXeoio((O4jdWentX4{DI=Pje7dJu zP5H~sw#m|28rPyWZfon7a*^E!8m$BXem!U`%M3w1(fsKc~RoG5m@sd}H+U}lrV zb_u|>#_v0;4I-Q^W-aO2qOUO1IPYEL5w>7U6L=7DLk^jb zHK@Vs$UbH0r)C64Q_(l!t6#}=4HwOjLc8aZ#P~XpC>{BU@pl>S_Ecv+-o24hBQU<~(LR!#XMlBFD*ldfK0nNfZoRE%y zkj>WZ6II4GVT5V3EG1fJp)-ssIHZ#H_j z$;UqzUsr;Agb+Aoy2;1*ZoJjw!O`975^M62csZk4jD%=2 z)`V0q*&OIEdMa3W2XBqiYn7q}DilOhq1Cc}s4`NU)XJ}75NPbbu-Ke`pE=K%W%h&d z72aI#9ibsE_wk3~kA>)N>Nte1K#SNuEoE+vA(aYi6;;Z~MMw0M%0}V%YH8S>hua$O z&hzm_=rl~>odBf;M6{Ne`XC}HK!b401e%|+%)TXg^`|c0 z&aRy5%1(?al`Ka;sOU- z)$~NSR#^LfGG4Myn#OV4{k?79Kh*X;Sx33<3QJTl=IQL%oFm<~5~|AfW(-7(A_n}- z`};f!WAJM6cVdBmc2V@d59NBV=m071flOE@!cFF@-d>EO7Utq2Z!QJpny-7pem5@i z?qY8*(o^@7)ZP)SA9m>m1FFo!($s@SR>v#-5 zL2Rc^U@f2Q`7S#{z?ZjM=)j%g1= z3%;#Rw|yAz*j}Jrk!2-sj4RQgr|Yx~dL|^$()?Hf)DHaZh&_&@=%WOgA|lV$&h(v(L!?uK7~9-|yT53=yVjT_H{swLyG@ zUIif41On!G2BfG-(-DZ|h2hTkdURn;>bRw33_eq%2`*Lv2jq&i=ui>4NnuZNf)MTu zmSN;6W8<_MXxw18K^JF(T^8s+X;C3h+- zSeptUr+V&mLeK47N(LSIW%|FY)CEz!X}HLYwx1m~a(BXL0-P z@M)=cS{#U7?adFF__oc%o`X{_V?J%-bDd!$`Lsz-k(oV<1|r4Y?=4<7rZ8?Ig#kQN zChmeb-q*iE+YNZ^Lqvo;E2nQ`dknOsP~=J=pZ!g?ee}+h1cdq=MfI{sA-YjgB65~` zUm6d_hy4t!Z7#=heK#Fma7 zuXu*d`4S!VI8HidAZ2k}fNK-pU~Wc-S*X6^7c$Oc76n9J*NX|xqjm^00EK4Cxc&_r zB?KzIYT^|T1-qoH%r2EZM2cu%N%tJs3+kVkklf+W;dpsW>bR3;URWyVvvQQhp2BVu z-6|w~U(NiqMpg1fhr26UGlGi(&+-kj6m9n zU+S>S!yb?-!ba{PiSANKbW{qA=wjz9yvZtO=u;*}B;^K^t~Z>A7Oh9~GFg=yQ~}|5 zY4v>~btu}7(lD49+MyIunW({J*1K7FcbD}XJdy*WQ)o1~5F_dB1`Dtt0Cy0XKBJsT5r$R*cX^N{VpEHw1(Ewq?+jXL-P*iD69`*3-2gCeGe zFfkk_<+TB4%atM84R4!@ zZucB0>To#b$x;z+o90e?Ehg=?;8P}#M@HFV-_DBiYV6L06{E^O#O4|K zh0Mv_U&ZkRmc+RfZxf1)&<~Hbr#&R8KC2YOQ?CCxuH4W?`)Cx19YB%=|J4qawdc0|kp@1mc1~ zpaQ%mdcYhnQy8mdx0~3Rxap+K)!RYVdC0nCw3zt8=yU}}Y;Zbqw&Q5?{7j6bIYr~v z*}$|50;-DQ4z8G*LKwL0TT8;uk?&0P@O^MSS_a9R;8W~CptVNTW9H1ievz^F$M!qk z{@HkJWw7kf@sYz27HK{{$2;Ujk1-qOD?Yx%5AH*k#O>Ib<-8+DXjW(!rVkwRVQ>&D z5S*KKkVny&*XF)3C=Oa-abXFEnsmBML!oe%oM~2rFv{q)2|(C^8F5!Wlf$R~Vqzu} zw=VIMtTgk*q=-W_pK*c_ISOKfhdJ}j0P9%hs#O$-4vI+N4<)uw2SufnnIm9FBL|X) zPkB;65Sz^6jY3!}!#!@@S)@Ho>6@e10RTia0?T7DXm2RPH;Mlm$KQvSgj=g&w6k^G z!f&)RYb!5jqdCyLJl;=K5c_5i?N#OPq;e{rOABPd*oDG9?f|fN%u+PvQR2sVs}%1q zZ$QwNESHr$1dem^ zOge=TYeF}l8JlxuWrhW46HNq$3wxEse=9a$mhUGUpAnn0h)@-XHW3hYSg~rfeYjMN z=_4gPB%CcJ^>eTtHSt;Ek)$OI9rHC(3vr2K?oT`))YYk5$kuz!3tUFuUkPm#j^q z>tLv;y?C1TiI~PdMR`LtOn{$%is5FNwW` z);O(O0KQHR%cApC`20}#7+chMvZUA$TZKxkpC&F8;?2ttsg%Ju=S6HQX%&`rac9z( z5yDepC$(o!*h|f3V*6I9PFQL*NeRq&Si}1Zdv1x42biDXpVf=M5X_oo3n!Jmj&htV zD%P=>Oe+~NLGdeS)qLs)<1A+h_PK>jIgiqA_R@uP7cc%bk4{NIRiOt2y}!X+#*|EVz=4}i~V&4@n$0e5FP72ppGB5@^7h|x3@14Nn4vYh~Ureq@JxTDz+XY5t-MuH| zR-e3Ca>$gMnTl^@9kvc*A2A3aT}`Ev6CzAQ*{OaLAe_2`LY^O%z@GO#X>M-MT$EHIf?Vf6qI;ya<(2L|a9b3#ly5tlGvEt)^z*vo9d ztK69YBwk_g7fucSHw-`rk?Q)RNzkkP6)U#@y1T6Vl{M$Yc5lN0STo1jQWW$jZI}YA zl>aoH`%%OdmF<%qfjSt)J&;y-AkqZjXEJd;$J+XFM2&~f*5z>Z#-bbq>c^Ogh4DPJ zQ&z^6VlGm~nLwHW7V~+~zARtX`821Am?Is?u*?MvQ!jG5NOI{j5#q5GehbhrgJ_V7dSzlJ4J=-q{+aepCiBY zDEkR#i}9B%Dq7x-4-RI$d-Gnj@WC+JW!+FcSoGvBTD#a|zPMG4u&TfabE0y8bdLyb zSV%=J_~m76fN*iyydZpW^Z?8pKn(ci1PBF-^^+jHlkww_d9P(5u#{4j_ym?kA;TZ8n?eUzfbN*=eMa&1d^}IN~ zD2~5I+b{v%Gpta~s5Ea0fGy-BVv~~`F3Q5H-N$WX2M8pK`^EBL3F16IbI&93&B;!p z>*;Nvb=1!=g)kfO#o)Imd?LdL)-@pLGM1BZ2s$)jmI`t$du4eQ^u9Jo9fukikby)r z4Y*?}4vGY`X7E7eQi15t#oiU<$(;6JVD1%Il#9fi3=n!4iamj2^9}k^4C^_BJY?D| z{xjhYRA>epmBj@z;hSQ1!GL8KQOyG6iH@pR6Wg#X;YUCZRBT;vlwyKD0y0{WZ!L!j zG{j3wp&E|Ch@O7aQ%Qy)Fgw`B8_0>Za|ijFge%EnZQibj7)ErktDprm@L;7d@Nf%7 z56p#tOrm5sx`}6Ty@^*A`~}cVrdY^6Kj(hitb+zgZje1(T1GZHz{JlpO*|%yV8}Sg z-!gnU96-!4yml}(!~)|!NCBLDnOYi3oQM&`+VYEtZLD>T{p`MsR6dPNNce`=QJTfr zF*7zk42$IvK&s!oNvICrW{U)b1ms94Wp}e5b;-h9E=uHh)l~-LOEhZ~8k{20?HEK4-Xg+25r5A_7sp8*CJqCOm3m%|22GMg^mQ~~y{svn zA;TehE|Wsc*ytuW2h56tmoj8`gw@zZxKnxr5v283iH8E;RuS z_vlk7Fqpw^(eOAlH;d^nM=>~w!je#hJuO#M;xcJg)b(BSc8${>9Nl;w*udzFVqnu| zz-9>1D^a-S8vJT@N5qDjql@ae-X&EB0@P<1rF?`cQDa2}yCtAk={8_#OMhwRBAJ4Q zS0oB1a)ZX02&&WxyH*~N@%KqV6K2`kG-|AhCgjkA_hFfZ(x`m|P?Um{)-pT@oO^_= zmpNQn%poqygA|XlQ}!Hf;0#P~+C5?B2|x7fR?@9YH@`NE8b?Oo0UVh>7jx(VKA$w^ z2`!Arjd_euwv!Ir2;`56k|RE zQ2Cys|C(OOLPP&0bkm{_{ut0nfjIqm9$Pl&eV5l;%Bz=#%4=B(WD7#=3SX|%e_|IxtZ1tf`;V4X-2mj) zt5E>Kn;q^p$t{>(2lA~WK7JeDhoeS+bVXn)jl6vxs>eq~_rQ~qPb|@&Vl2?IG8{-q z=HfSH%h(-P7ceyEScuykz7(OV3LJ=hDlwp9JL!mJqDCXS5MC1#DveaPdL`_OxVRjA zw$6j1a|FABFR4ytIB1sQep16>Dj{&J>%&u@a|&Bad*I(FM5HiQAbDP<85hZA%*#~# zo`F%MD$vekW2CHqG;bGvGwL!2~p)SU= zDny8OKu*@;$w}Qu00h$5$Ed8~ezb{cNV-^d@W&LxixYLwzbkaU z2DR?(+EUcHDw^a)dnkt}$_80?yARrrLJ4()IxjHxLPMAb$bw?b)Z-eLG#<3MK)A`Y zC{t)RO^&qqID`4lsJ{^%!Z0yy#f%D*#ZmWobPP<#hC{3{P@n}BicA40EdqD^9m&kOBhGBIf3ybpTLca^1DDQl({B5h7<81>gW>jSlV zy(_vEu?-R;cQWomIwz2jj39~mq(7lpsaD@%F=}=f6HUap-P~yNSvIM5hIQfHNUgM>0fS@@8(wq)w z>M8&+hf{;pYXJwT)9x&(6cTujLP!RjJThNPs1kRL)I$@Um1O7tAgk1F3KS@9)67kn zF+nIgzmnybqTT}uptlscP&aD}>JqkE1BHrzw;$y^0QV{2HuiYp1@^FkFDaIpW<`S_ z4KM~_Dbt_friZ7@cTOcly^ZK@9@CMQ1SOv_reu^U;T#-PR(f|7{z9&Y><-ZpQ{35H zz>$jmj#umPf_O05wGA9g%tJR-GxhU?hM5JPCP;zgFH*xp3*@_}H!2TDXQ5w|L#58R zl*pE$064|O&ZmJC)BvpoWRSJgk>?#&^mJ5RP>v1-GLSI1DU}_5)4DJj8RsUEP!o12 z@T0a5_eGnjgW-;PsUhHb)<~c5JuuJ}EInb!GV!SYr(4YRmZCHdjfMvS)h5ek5#Nt4yMT#wz zC|exe#pWcAVt~y=e*McK=7Tj0r9z%?z3u^;eSV98DC;`vG@?(?=q_Ec{LRnNh04^$OJ{ zVKda^53wPhu4k=+ReSM|!lk7i%DlQghPT946i zgwkM|2%sXzOqxD;Rtl@Yz)4cDHz%kbq9NmxUx7|VCx68R-o>_ocTo=apk8$`WQsb? zh)BT%01ez!?Qf!t6S;~^ag<-~NK0XSW4k&Z+a{=>6H~>ouwEX{58Z*c?bb7Ez2mrN z&5LG25yFQJAP&?KpxOkuNl9gni84Vho68h`ytfl79)W4#;A|J&2}4DTk#^;Oc z*g>0_R394(@yWUa4HA}4*xfcu7Lq*Ay|kHu?ma4cRNm-#H)f~hNY37) z!70K2v#wT4D==IuDav}WC+^Kyu_FGFxn&Fxd9l2^xoc!{{hkKGWoXWJyWeiCTA5w ze|p!VKlaG+4M!V}3&WT)1ikQPAStR*|KjLkC{vMZ`P8!%kOt!#Eg#ZBp=inJQb>2< zKXOVxainXWkNStB4J>4WI6zhf7{KtMARQQJvmHFZ{tj4jQpC$ISMCVR8#){t3<>J? zWaB@BGP1#}fM9I?69!XoV2&bD*U3v=!8%}GiAF|zL6k{!l9t{%+fuj`2ic~Zx>jxM zGMl=Rw);WhdnMe*Tj}+v|Es8NwzVoQ>+Dkchxkz6(1vSzb#@AIsMtD6gRlbTK}&Id zOM6lUQ>^+C^x+lIIbY8je3mvYV^Lis4Ijy#V4T3uBD0Mk7>2CqK5~_l>irNo_EXk> znqcU1-fmB`{^K@2-gfN|y_9o!IBI}h862DJtgTrBmIZb(XT0us(Dx?2V%I>%*}Hl4 zRaG!O9(MPehQVc>v*&b3#Vz%TWORipYLc*ugUz~Y9#1gVecLwEY0 zNcbyM@#-9^y4()7ng`^L?dzg?19O}Vp%g1fbdrre&shs$P;^hgoYS?lMM>2qp}GwS zH8l9hqwsDSO4qKf9hSYQ65TfA`KD=18NjPP96cS*tisD_zV(Z&3)?;?JrdXX`CQNXwWis_rD_ARy@{;?B($8{N`oG)C$>MxSR9gg0UH zGhHx>@$aGeo(n**gu1{}^MtvKo* zp;I9ZnDnHopp~HqjnISAI{XOMS4FpSu2wq$j-nlbjTpm8Ar!Hoz{U#%UdDm8{ie9F zF~+ZE-$w9ieNFV}^y{)2o@zM|s2ItfNL5ipzottI*0Vhvhf7ZyAWdB; zj7AOIqG4DBOM>BRz?~(f^X@}@$75uy*O4S zsDRM0*jB2(N6R#f*b1o&?$IRtsYg7VUv9ge=-*_Z!ZO=#^-Xj#<@p5siTs60BOaU1a?Eij?cm zF&1T=%Z&Rv*x9#ELd&U%RV}7gAAAGON3%D-uISRdxMNftTD&J2!an)q4QytQkl?dL zaca+Y98GQ}ci4ZAB>VgPQTE;bNc%4TA@{-7zFQnsP=6J4wDw&Q4jat&>)CDh=$h4~ zzUWa(WuH2LGGFfxvaj(6+E@9%cW+Tw3MCD7OMkRSV^+zX(Ih3a9LvN8voQD~;%CdEnS+$WRvd6%zD(0Y93!zpP z3(Wiz)x6EW!@kr1ll^D^R(D7-#eKzU+AUvAy#*YTIxwrM9DRZZsH%5XRm0JDLRCyk zpyf_79{2TA6y34L9Vgi9DJt7JuMBE6j3%kQvntEo+OAkzjUHfQ2rCj5qB=u{Rt4V`Fa>r47)w0J{=BN8SMZKN1mkgY`eK z_9p9pWbG~1f6u}dY~>ZWPnd1jX3<#)v6-^p=#5R*KWObk)<0tHqt^ezx_b~VwM`wJ zW62a<6n|;b>=w|pYu!OWxFi{Y6+2R$HK28+MJJ>LnFno6B$$&rOiLjKS&8?H*>jik zL{YfM`TutIKIebp+-)4d(~5uAyFW@BS@`bd0pEcdGh$I%--q%dPjtvQP{>v+Nt_eH z%OYgZQ`u^ii~V6+sKqVT zV|TEEqn7o0|BBRqJGF#B`)+ElPW>gRyEMFCApPxfq%RvptxHm8ugmV}0S27nz99+d z`I)~cvlnOnlFVM3`QT-5syXGul4y_a=rn1IVf|PfbvSGSKM#<|gnxr*>-PMzzo=|4 zF8fQ$_R_LnS0-$@3MohT$^$QkRuZyJR{gnEdtTLFP_-9U{THh4%xYfMGxh8V><{cy zHS<`_JubnCfa!LNX%M1(=?wxrdRi3E%G-cH{iS2_3)~ zmI~ml%>v#=0Nyj3rBB1Yx2HDDCmZf$m~zx7RP;M+!R@c>{)xJMvhIIZw@=sogLU_i zL=`ai(^~TBhC88Afbc6gkFZyi0tkB$WM2z}4-yrWgK%vY2qXNbfoksRFFn0n3_7%IuScQ^enoA%zO z-`KR9n*R2tyMyo=0N3VD_e^Kef_>TQIB>`+j&&R`6;I?rK`2U|^k<`}a&(zAqBMig zs+vDG{hyomFHQe!(>~Yqziqmwkf7x_q!c}cOaW+L-%ZXdy8XAi?N#0WyWRHcZhuL) zyA(4dt)x>2(oe`e!b$z+*nW3>f6^}pzK_u!qIZhWHO zP4t(e`vx@iVdlP#(86BU=P&QGSM>RB_t~rZ{6&54;=bvbJ7I7t_x;L!PoMwqK6_uE zzrW8u(C2^J=k9FFt<7WmbKW57=V{{Kp6E@dN%({qC8NUEAm;v-3vSMtk(n0;0j_=^>2= zqWT}JjOzyc_Xq5a1OA5t_T~Zq-2r#?09E!B_6n<@AE1kRi_Mi(akSg1F^N(p?7o}D z;6vG&yW5QE;vV?C3j6JB%1h@U9eeAL`N5F8c}M^N*CIBT4AQLg2mM8Z z_ToW*$)LS-(61YGlXBOWBds3|xf_NGRPmY|RaAjy#a2K`S5?VW@E=Y#g{LI1-+cXOx{wpc54{Z3(*zi>`~@IUFL#|Qmy z2kldX{(lDT?+5*_2HnHN92SHNlG+2kvbaGAEiz;_CfDL7h{>F^YMzCOWq&_xo)~sd z4Qp5+lYcfuT{jQ;9}h8L{`Mhz$B@5X!w}ZR?}pv4hl?F^zkJ6OAwrlq-%xCAg(+N=&s{N~~eQL=6&yfB7kpI(=eP+l%HspStS9``B zcgh?I7e|&M2V6KX;HvngXe80Xq_=Cpb^1+dX9Yb4$-)a7Q1ML zi*|I;Du+5owAvxJjt+Fu!7h5Ui;i^BQTVDtVsjQ3NHV&Ri!)nv1=kH+o47v3LOX@) zGOnw*uIAdnbpzMkT*tvLy^!lNt}D2%;<}paCa&AKu;PpE@My_{)T4V{3%Ksc-F>sVq>Jm-ijX73 z&DL)0H(@v@cgS|j#h(QZ8H1<@0~A=#tXDBKSuLJ+x^_TcgOSH zcrGM45vcwy>@c$cfW3=2yPgn09HwIkL+h6a>g38}DVN*379AsT5nABP{iqp%ImQ6M zzhm4G@AiW42LmhJ+BGb5HjS5)k(A7F0wSt3fZPK|9~%J-^8w zx)H4N7u4xFyL+>P%y;1nHi)*08xCMkCaoC95VBKd>MXT*Wx#>4J&ZYF@@sB8Izz^`*@47MX=;5k{;5*%2XD3}!#X{X} zhg$s`hGff(IYHLg6vrE5dmDOX0*%_UQgISvU9Eu!%aC#1?oAZDZ*{p+@e({BMa0faj@C+U9W>=2(-Ovyb$}CQ z?C1xO>-5*VYkiHLj=s)nb69FdUEMg+`yOn2F^FxK$P#9E+l{QcOH0I~qIHZWw&F

    lhaF5~AEvE6p|(8!x%MUwRV*rBZ!`gXBe%q}B}<91-p)Fg_)MAXKxj<# z)Mje4o$hapqf@7_M&P-dr?dZMgUNQ2ui>;X9KicBc)Jt&e3}>@IegTFk3VAUFy2k^ zTl;)6$S2kv8|6>``%kh?g?9A5`peLU-f?}dReTD%PebEZ6RYf`#{9bXn(kWXefv(u zs6@N2EydBF`U3Kac0`ZDn`)HK4Qwv$gPTS_Twl2ucv{>OL!)iOOJ?u(RR3$tJ)%6H zIOjMrSJ8*|ZEF9A>g!fPA8uVJ+fVqH-(PF7sA!Ap47n5HMU7<~?`uuJ6#CHmDe|r0 z-9*gL;eYY2l^a2B3viN+_%N^?6U3$@tG2dUS#@hs{NqIvL(0cLb~cg2vB<^=wHHpY zMi(p0%&~Du#YYq;QB3ht=xf(BFZ*d|Z8yAk8L}loEGbEBO>slJb{NpkI(cR1RB(lV zU;}bv*EC{#5%RH#?Hx8ISWnImuz39@azqw!RzVZ(6MJfNIjliEPI5~y`+R8LN0YO% z6WSJ>J|Dp8XyS4^!P5gF9&-F+^MCU7mW-^04x7-K32JYL<4B4jDOaAnh;6Ekuzi|a zGaPT}2%0o>1by^NN6=RR9dUg*v>`e!84le+KZ~IsWe^qoJ*ykulPd zhNj$gIrtvr73BX2R%adpR{iBe?QOC9`RtiN$G>x+g}Nfu-miB+Ydsf3XE#7+*TYZH zTZY(lx{>~%x8!W-40?NAblKu%FBt{RKx>BPpuOEQEzNxf9XGs;bv`tkfcBEmpp9D( zM`jFeCl|9d3C$^YST))V4bFrH|KaL)3=PgkN6v}UFZ{QF_ZFhVuScicKwSFbfCizz z-X>_U1sa?cqQMp`n`Jva2`tA1d{+#!&e6I z#{z4?4{ZtJ34E<}Lae6Ae0o`}PD_zLiZg@re5q7{UiJ91l zPA11JKRB7Zk2xO=PiX#cfB(pN;fav!4cjk&zWj~&O`mk~S8EyIS$*{K_f7H>jzs?U z@LqwuJwo~Wt3$x3U-?^aOK(j=N1f1)WUiqrXy^;bTtin^Kv&4*bUk#1>@~SS zqAO^s2b$V}{FScH(N%q3&dxasni4%V9s*Wwt>$EFIN$wNlZ%z-w?5|GH_h(zGIEey z(>iiZqpW@8CzZWAn_SbF$-j#(%mlfn?wQTMi<(?h<*#XffZh?G-b*||Jp1fs=pJ4Y z&ndSxsyIjdeBvCy82(MwQ|CZDPG2d;5@p?^`f45ERW(f7$ia?aPbxoEeu{PHQonpS zv1X6BC2~MEJoy#)AK7P(9b3isDf*LdXPowSM5Wa6egnT&MdVInbC#S7Vq&8n!d35XX9fsHP^>2&!8yNWgHTRfI@UrKL zekO=^g8c>^oDVPpypIAlEq~sAgO$KJ0l!{aZb(Tx z{MniSZnDo^Es?XNJCK26$TO{Fk9HCrVf>KD73&u&!SpTNVEjSABnj;&s;Tjl_6~|! zm5d|Di*d9nXbaNK*BrT6gq@R>u%mx)FG7?1g8-PvaFqHyN$ z^IFiZ{C#fy_@enfzkZD2_meLZ^;$h{&ywlNnI#x6PKo3>U-`SZYmcNFU~wH=zMS;D?!?O8SFk2ZSb zLE-a5zt}jHJ@-j^sjsPgL-KUKLyr+x^^?#=Lb?gvBVB2I2DVmOG8XYyR)atJnfg4% z*@u6Iqns?^8SR}ufC>BXuH~wIEt7mEnoaXPEYV>68TlswS zj{IQj!L|Hgx?aFH?CBY0`PuHv4gYpH{hI)%cZ6t8^y1dnb`L>*eXaGg*3q%si78Us ztBKlP@qzdrW&!)qvvJT>Be+Tn5BSiU(b0ytW+9IPJ0Tozbal2=_eC~dQasH(3@))T zOuelUA$)RPhH|T_z-0qDK4b8u;Zwab$y&nrd$Iq-*T4Mw`!>!(pY!lp)}7k?BsS1U z(S=|qo|S*=SlJlZM8J8E*L=2rR|w9|9+9t=Z}WK$Tn_=xTC2rJ;b-xV^$m<$^6M3~ z9lp1O{bY3=6LYb#@H01-@IB!vx9&$?blzDgFTNk*?*aHH-yfFOUzPG(|LsS~HE4Qd z=4_i&G><%sl7Nq9z>Dkfd)|XBO`h15mC&T~w!<)b(OpE zwafOjPC5tw0WfVgdhRTLR(`(bS5|&tLXwd0TCE0(+v2tqOm;^=!$7 zwb^mReH~wo0^g#yYVL>iDKvAQ=FflQWA>T*1m39wc6H>BO0Q;uHAxrtsPt=+9F9>H z-pUjB#1T>)N_z*2{f~RM+ViI`;!Nm$TMN&h?)nL~#9i>{J*@pU;gdoRXwP_ZEwW-g zeLR3K;bHLpDEIpYZHOQ{`uYZ2d#B@LzNx>p5IV0WFNSuK&_a^$BgDy*$Q8kK`!mq} zJ?Mvf$zK?U?1s-bf7pAxB5_g8wbbTHJ}iCiJto+WL+&`*mTxqUkG%vwtcDKBiGCb@ zx-v7B9Q(9tx|RCrmeP=Hw>kEzDc6FIm+lY`D{ioqywauYvCg2=#*y2!G%?=K+`v9G z`XsIk{}1$2jWPc**7`B-sTPLnFg2TfFVyuiv=M8+5&CYRhEWe=rp}(JzwjyO=~IzU zm@}CdpG>X2W8zt27LTcpmE;v?dAxEVIUurgq}y&mj#O-(Af$^n~E5IONz0i8Oyua zM&bTHME`w#LpKQSFAnv#O^gincie=}Yf&Da!iV4)B|oJ_HO-!w=sz=er*omK-x}RAzm^$e14m$-8{lyeFgT(6?yx_)TqLLKaRD- zQt+L+jJZ>XxPPzC>BOdI^Z9ov3h8%;Se;Ywr10oWSOar z0ZrEOzU+5s<`oDe^d_cqc&glJsj*I1VW)$*sbl%@Dxt&^3XbbeW z=L`7e?El00C)R(qu%4pYZ>RmE$``;6EROGvht|g>y+z@c&{6zq0MU z;GbL1Z7A{w*?P}bj_54vGI**A+gLU6x}YD~;(8|o9qDB&py_n&1S#dK>vHdDKW(ZPR+02gW0J4V&|R6 zJ>c44_GL}+m+=lXQV7GFER5vGj5YuhuKUQ7F#F4!h^3uRj$sRbKOV{NCt1YxMuqUOc?n&H#M@au7t*gwVl4OWhC>~H^+bk)_BF4ro*e@gjETjE+9cf zUdFfSj|Y^?voV~@W5#_+um_HJZf>x9mb#G@%H94RV@er&r=-1hpvSpg;1z$x|8QQz zVz&ng9jvu+GkMqEJE!_p+JnUU(5-jQBY#wWEXgS2=V%(dVV=&Lj8E}Xv%PFxl=tUA ztH?v?S9q57X~gfHQb=c7rxfo~x`y#}B9BVZm5xpf{eTPcr({wZdb&#Q(Z1QIw7|uvf+SQ?^F^KPA|w1Z-CW+r)6yqrhLuJNL2|Q}qS(erLc# z;-_~PVwcD8_e)RK$FuS)r_kAUy=#3G;yKy4shPkd_{RAs5A}^*r%v=EjM3mAXv3c0 zYWsC zbo$tymzVeVNe8BYjq*Z7Z^BUtYpe`%R%`g1@zF}pRe{gV%2}-jM*&{TsY#YV-hP;I zCAgmy?!fOlmjkxdv;Ifk8R^FE?v>NuAo>nux@7sI%q3AyJA-H^kmaugGCT(#a~^L| zzSw+djdjZ=cCjTGxAgefX4d2HZGS;?tLFD2=GBPYz(4gunt6`no@C%sWXw|TWq`ve z+}p&xbq$`sj(hG*UF{)jBwl^<=fCsH1q&a2vuxk9ZW~_Sdy{qne?!9F% zm2>{?OwQl!URk#41@dqDu!YP1{pPz}8$I6W+e-g^`Q2K#Y5gVLE88tO8NJYay4{Bi z4&vJ5y>gmsB{Tz0S44N>Ou74l_Fz8Cs815T8elL3D^ zhh2Jksp`~V%S%U&PW3bjXVJFhkGx(M z-ev@N!}!hFBg$cpFkabE9Wh(q(&UdC`=pTmBEWqraL50#u`Y;ruA#PuotGWL5xM@i@?1@6ZvF9!PQ@ZR}x^qs$db@ZM)UYYu*pT4iRG3p z>^a+e3OT)iV(EdgDZ(XQyIf_!P6hjH0Y;U9QVcy|4Df#>o#z7^uP z5n>#I&zew;!j_`iCoMtkla`?N3H}ah6qeyXinWj4#6EBN``GhEE~&}mH*g8;wCAzu z|C07&wC}+ivZcc9N@qLY)#u1zRv)bYHmU|H>$I9@f_jT-<~^VJEQLPsPspEpr@6qzr=^+`aFHLTD}dR9wA)|blJmm#?ccSs>E@6;qW-_JCojUsxGz>(P@f>Np6?#@ zObwIG_?oJeZ~uV3r@82?5A|o~S!(4Z^9*12UV)8N1@AqIJY>C?!j94UeE|HpcdgDy z2%kA=&q%n4Gt#~~c))D~qP(*;9G|eycg$kmv&plVLykoww6Xwwyb!yvvA)LSq1}X^ zznUC3zTL^XGj9*ta|5()O_76kr@qhz#hxgfl;>v4AWn znjf$X%lu3r0|noY2Jj8berLz83;1g{N8Nck1Zt&QPY^2TSiPvV% z1uxLj^-n@0+kxr1aqN@|`7$@wHJAIcTQV2(T{Zp(#%Sy|jkAw9mVBSh)WDwRW!sL^ z`r&y0m+bvq!|ytNr?3+f*nEk4@YW3-^v1K_=X}nwX20KwzU;t6qn9;&Nxp^S%QWMd zk6qRYow$1T%0;f0|LXo@{S3A4U)^<}HN|`N$cHB6Lo;;R#GaKnf2)ZJBQk0yer>0PmisF~x)RNS)RrT$_9$;LCYoHO3F}D(}Rw!LaWVvx4*7ww4)sk5f~q zmOc9ye4ITke4C-aPWqA^eJZipwx~Cyhw%-ltKFi+$?@j#Bw_hE2p10>yi;wXyiVV1I2fTPI^3c_h zpIFM6E@dv-PkG^K{y3c{(3r20n}m110n8KB-}TrZBz$I=-(p~#WZsK`F}i()*4jBe z%sdwdFkTYC`2SPh$q~#|>%F;^5!PhlS?Uzgm)8A?iB?O7)R!PbBBAq3te-nJL^1$B zIL|ZnVL!O_BVOGR&tCJ4&ZqJo@4Oz_aRb-0L>*plzy8A=8mz=`7g7?G&Y2zn}w!hYlu7}@x&XRxJ^LGHhX_1QF zU%brpPvi=8~NR0?F6;`$J>tF zKHpn!{S!Ml-{AdW`FMHq2CaLd$coqot%cfHvnH-bj@$&?^ehw)FTv)L57ovMO4>~f zg1UFZvDHhO*;Cn4tT!x9%$aUH!~YPH`Sw}u0PG8JtTl7pU}AZm-Rs!0Y)@;1{S>Or zHHRFEG`_y@STfMYGREV^kfIIcr|Jxqova5BJDz%K9UWpk5qM|sTIFF!{LZc6T1a-k zbz&4_#TJmQm#&7#CIsucdb^&~xE6=TUxt=~F;9o*W%m@&FZ6W{^c7w+eI;z4v;_I^#s^y%ukS-2^*ycHmgKmozU8@g z?N^QbarG@rItKe|(eG(w<}xq+#5yl#YFV3Wbfm7A1vb^P$UBqe(~v$=%s;kKdsD1W zU;g&nTO_l<3$}-H;Fa6Nnq@^}`~+$%@;+-$?V(9;#ka%Q)JK}}d2Q_ZQ|^vr1aiy7 zPtd`N3z)NQ*J2-4hv98ynCABG#pt$}{7mQ`=)kQ{l?x#qZF$wk<@fy(S@8ky6vMu} z2=>aY@PdDCJ#e`7{G6X3EH7U9&XLOtt*0(JM15&SV%GA1Ez#HxzD7f|tuOq|1bh1}5_hhdmbiah} zD!8shh6J`kE%9~L{8D|3T5^N69*pta-IvUlT>2Q#+!(fCSJvUTSi;|W*0+j9pTu_w z=F!YO%}L*#%RQ}af?wxHC`I0cZK9uiBGY}b)0$*$Jg?RGIdr`j>9OB1gzvf5Ki3j7+ z;a4;f#fPW3*tfvr(+6Dcxs?%y*1(mM7lQ9K0em-xbdOZfk?5b(M<2Xb_an4-r19Oo zfqiiuId<<4%i9;S10-XNPJpK6o85Q{@8?kKLo%y2L0yo*o{u4O z{^Uy*d+oK76Q?ttDe>$lfTPA!iGI1}c;It7vJ}}Ydr@cl3jUA5`|{~leTesvYqHIH zk3)~b194>AK4Q>&wkifyQc%++hYReb6wf~gE{sg1-!b&Nc#7hh6MdJznZibsFT=!X zZVTl=Ok*5Voy}EZXt)i0w(xx;-_PauJjV6U!Y}<)fZxv9=#cmO9?#|cqI>$Ftr@JZ z*JaN2JFycxsU_CQeeu8Q|91h0=kX~l57hzeBVPL+H8zRAQA3IvfY^_U1GOm^^7lav zz*s*1_SqT4->`jT$26OGc*Gw`ewJICGuJ2Q^%GmW1Kb=GTft%Y6@tW8g z^U;`>sqQ2G8^L5Xa8T_(;X6|w^{f7ym>Tc2ac}p39U#V8&RP)r7WmGHaUc6uYw2S6 zPJ0Rb0&_jHJYwPQcx2WsRyJc_=l$2lKcA1UID5M!jt_>j=oh04Y+HdGf+zHjZ1Xg5 zjl`+bNM46%?jB%1*X;{}#uaylUhr>(_60#l_4uilYF|+GLHmL>HvVF?KXC_nRlKLO zXvXe=hW8=2nOBB+X|JtpDpxz}ski&joe0O7P7LOqv!_N7FF1t!d=Z~{_`E~-=hbNy zob5_HC^3rpGN!4>y66h{V-T_(J)pTifnQnjYb?*}?d17`?a2% zk4|&`Ptl(IpECmgXIBt+kpEN9W{3QrGthI|L#B5WYfdaDf0lN2=GO%#?oi%-&SQ*k zIrGO(a{alsx-TZz7uwm5e{nG|lT2!4ELvAW-*--DUAZ(^SDI`3*7fv2zb?(4kyO&Y zpMDICkWtcs(K!9#LrlX%CGfoVx0ik#pC|ITY`T0E$hql?4VKwjlh9v^aem?V?8(Mo z74iP{m1OksHy3*yZ%X&Z;U!PJgnUgxucv!9PeJ~JCTM?t$I`o1GwQhanXlxWXdjze ze5(0NSI9m*gY~NB$?9j12kaxvml%M~Y`n7v7!8PYKQS>T|0 zI`^t2H@8^(%|$p(BFhuV-6U;`-~aJ|g=K_(tC$zEw`OeM#}}=3F%Hr4vmsx;=H=*5 z&tD7C^RvOcfgy?^rfKG}fd0C}u`S)BPu*J(^eG*TMK)4|v z`>libTs*@$W7r&q22(SUd8|LSl6xJ;o~^=X5a!!4s-?m@S@fEF7oVoyJzo9=##jOj zWbc>4PhH@-o4JzjeCNl&t-f>5vA1eYfgZx|ZGs-U3_X;Zn5yU@{CvNm2YVJ`S3nPn ztC~0}bbjCw&NS_(e~qgGc_QC)ML_qr(Et75NMqaK^}yE^X02eZ=||T)0^Hzx$no?G z(A?qXsX5+C+b_~~cs@EyLv~?*b1>(>1~mN(<`8b*!LJlq{4}z-68OsobTsHegKp05 zU5#N0V_@AnImO)Syo%do)25i0ey4(Y@jRGUwEa%z6~=Xgsn>IsUqyaZRl@*({4dCJ zFS=L7J@w`6l5=im?B(QihJ5hWey_0c)@s@B0}JA<#A~Rf5y{qJ_on9Xdn-2K1FT2a zL$k9YMn>ygT=4SBaOR-(yXJ3o?m(kYc07%3LA;fifr&wNZ6z-rA3+Z?KeHZw!G`aA zfLN#2%#CG5u@f6#mEIkIejEt>e2Q}{FXk-BLD1(Q`q~K{FX9}_N#-2OK?`?*OZi;f zv#I7B%RwgYI4L;CQtzbK!h=s!%VQIH>5sCXVwIO2N*}u)rZx^SGSwpajPT94lguGC z2c5VU9l@A2UNetX#6})vzx$?m){V{eyZd4GEQv0TAqL1d1Hv7=xOKXO$ z@UkOTat=vHNlo$C9%XDJ;Jtm3x1LxT9btISTr);p?+eDbQe#}KHTuZ*swe)k@u~eG ziBf-fB{l9_%0s^XA!ZNYkoV%*VeiDV*R!sAV^k!&YqZsomjcW0GTt*7>qC(d29{?q zPW?V37$?ukx3INko(89VeJ5;4yo~&Pm3VzMwQt>d@XtfnFL_!&t!Tuao{JoBK&EG) zfo0g!MrLC7n6p8(zy8Ll!TIK8{%5FI?|-cSsX zI0*B5y*`{5I?&8fwDvmm)eC*?gikJHkA{bDFZmP3b&rQlMy*-!XyZ`Ir7me-%i1mt z9X630mAOZ`zf14VK$D$6Aunn8vb#H>*>(7tx}e|f?9sVB-FKyYbjs5>-q_~{^Q`1X z9dLCzxjK?6ICHZa_?mp70KP^i8~DcB7XV-4=EN9_@>yD}JdixdW$={KG zOTFhbwIefW@`9;9+SN<_`^I54J=FBy@iyNzjozS~tG($8f6v;XetPY&5M5e--t=dH zGc-B91D((B3S>`a0`~IhwOM=?kBL@d+?!4ux9*$qtj^BJ(5LF5Mxm_;G$vofDOJQ_ zp}i#XD1}_Y&xOBcuzxW*u2JPYbezNCJ7$fy{3Z0bKE ze;4;fCr^_D5{+}s^Plni`HS!+BkxT6%|rcjX+HtoN9d!x1@9J!qb<Y;En00ywREh7qT%s!9f@8J`Z1Y zKOf0HFS?ff1U&X`EjRG)E`WEr;gQUKWNsh4L>ZP{iWgEzNQat zVEwdWX*0FQ)8Mz8|1t8-q31MqZW{Qx9Fw{1N1Zo{9J0z9e>S?ZQn>(Lm5*P5JjgTs zp<}@@x*MG1|DNXmc#@&16?GlQ8k%z7M!_-kwJlr+G0B*eA1V7NB0AC-p{t3)d+;uH z$eya^3BKx^)j~6iMVH90NO*q&*B|1WIq$Gv6~5BCF3B9;T|mA{jCBcXMDgXj3-i|r zWN31`^Ro;x_C)d}Y;EEiiB0mcP5aLV)@TV}c1&}CqrhKSs`F9c+0FtQvTw-0GQILuhX9y1%)pf7wr3?`jSC)%|@2RvFsM1no_yz2;DR?z+GBQm-OUuxH+d z_v3u$@!j6oK*L*!0=RgFH~N}BOx*h94SCoM^qZ&`vlv)aDYv8-T78564{J`|W0GCS zBvS)F`4)E6tMKOAoJq%iFPFblRSK^%ud(FtkSDdL@r0>9^8As``tn>3)l-=Rt=cQt z^IFixb}OSr3m0nK)TioiepfvQ&ibK|L?iQF;AK+_;hF0_&cDEJy$SiX2skdGoNtj^H=s*zLXR&(kEiSTmia6v*Y7s; z^d0EwyW-iu4|I}?59~1U%6vYq&R5>ZIa28jmpbMvCI$ zb<9I@rk=S>M>dus2iCE!{A=XlrbmIVYW!fd+cg?`Kt`sp4X}S|hDQYc+F?vYrv&i`Qqf)}C*4 zN;G%wse5L1imgSZ+*|1soqHT+f-vq0!{tTns+A zuN<5-?^}Hmsfhv8`8^la+b<1#Rz0S{0%;OR^X4xclo?`Va@Z$dXr^Sb%W34 z!^jUf-GjE#x%9iaf;H_~9yP+T5uqEt!!9_V^C4XAyib^zs>8GFz$M^0L)#_T2=Z4L z`;Y4h;M(l31ILQJjOX2(dAI82e4~s{KI&*NzJ26`cqU(X zl>cSdA2mv_jdL_#3=8wUY++!L;rk5p(tgb<=2eRgB3&Z8C^?0{%r^U4U-xW^J3)x&wQA3-)(9o!Y zE9A|;?AaHeaeQmrDOe+-50@yfpghjH5xtD=9ACuG_AJPJy}t{1w+oz${x3wPhjnf} za{XO+VkUDdi9oZZf&*u66WbI|h);Gma2CPY-q$*at*Bm(e7%b2dV(3Wt6bS0`0iR@ zSx_4STq##MrhM>kj`E*TuJYP^{B39IK&$HCsLgA@&vW3Xi}uRE&vOkE{4UzOhBluA zKbz^R1N?N+roj>INH=J0)lNG`MiF1_h}qiWCjz6Ng>;d}Kc|nbqYlUW!}9Ra9?lf< z#neSa4$CfCgkG8sd}jdPGUU5_<dD^nNKKV!H9{pH?wwssiyo3^@qlKyG;(dI(hMPDCPKI2=!q*x#Q zkT#E2A59!psE?#S!g#M62JS~tKM4L1&MTmS3Vf~9>8Ke1{s(~n*Mad=e66n={0~^z z8~9q?GmHNL#@G6KfPcM{2KU|Qu?+Z<9yGcOUDpLYXdn1>^tS`q^pgDS#OB_75SSrP zla1hEro}@Bnb--=y1+{}a*y$C)cAJP$FpAq=L^C4oJdLUYGUoKPVQCUyN$C6##q}h zw+}978`91}dz*BxKiiOgWE(yVJ{rtE^>RPMc?)CE4XT|f-5P0N4>aRbE{V|xjNil) znL{_UBtN-@6*+&*<=ShAF$QwQ;CQR0q2l?O@rV3z>7p1}n(@jXmj>pFbG8_N=K!<6 ztcCIF`-JM|G=IeZ31iki=t}81?;QV8uFcp_^`1PtVNXURpe zz93@*Ow;<)>UC2Cmbs26FGy!bFJ&$b{4Wh^eskQ=^j&47nag+p_a3soSHvU*WqWhWc$&p6@5E$bBY_s;2{?mUW5!CXLu-< zv+v!rsm5ny zLAG~i#li5_8Y)ix0oiDhvrAN409ZdlF2^Bx1{rY>&*)x%JcCRT&!iZm#Zx{HLpZuU zz|oJ2@Ux+)zE~eRqi>FK$f6qzY(mv7ZZ_M9ni=vf&Q2$+|2?;;4d`?8{%B-yr6%#4|oUosL)!M_}t_poeYEqUdP7Knt2fYFWh{N|D{O$$uA-6v}P9H4UUsf1nsK+_HW2Z zQXZp|JzxD3ISkC>Zt^B)#B5F){>hEG+8(Sg(mY?(Tw%@;T+|W#^#<5$)|5J5u<2}@ zho0iyTHb9A_C(%aON|lkxi+t6-`%>7)66-^*rD5=OPuC!!3Gr{j3IV}Y`;=+w~TQo zf$P$e!tWDh-sHq+#>v@0VfirwxIPP9(Fb?Ro_(Gi<8E?_=@JYLoO2&d6Sc$!^_Kp5P4zMOO`745(WPtE3A4-dn1J;M4e1-7yRYn$AKZ^Ec zJ3k8JoT7ez-EQ(%jGR$>$`cyPS}BfQF8lrGA0iLW)gHmFQSMTMYL8qs(XUeN5$ts{ z7G(7CQ^|eA&XwHI+Dz;II@KPzh1w(2JX?DN`zOWNQ`kifLG6)WjL*w#tvlz5ZbEBT z(alU~rW4t%_>5cI%3g-H@_Ll(Pv||`H~Ep+T^83iH`4r01hq$)XRh{0I^zHCW%4As z*T&rM<+tGOcxhdLSKxZ5)~N^S1>NgUFBrU*v|j~YjSOq)-*zrh%p1Mz)_s{!?9bz0 zPX89w<23rB34MY5{Xf?i$am?B8PJQ-7o$S@f^}TK`hu}}$esk_>*IG=<`?UQwH;R8 z_b2Or_H7HFr;7CF;pF{x#%W=mm-pYHogS6D zUGiQz(295WZeY&X(<$s{@*+)tM!pZP&6bTso4g7KEOmZQ+L%EPMjhuHdrJMsO_jmvViPoAglMsnlLcSo%ZeWepxNb_yMdoxe@BPo6vl zyAU}LK`taEOIfox`&+VQiR|ww=mO*jHn{cgaeWqfL(0`u?Xe7eTY?WuwxX$h0!Y>(3AAl!(XG7$8>TFv>-hm)i`Vtf@%zO7>YW6zb~ZQj zH@aLhwfY0n(JB4lBem%0@G;TEUr)}(UOZ&sj9qRIgVlR( zti7}?8$Q>cf6qwl zzkJPrQuf}IFpg=S_w}X2@434aJ90IDrPD0^Sr|%2SH)GMkNimN3a$Gy=%B@XD}GzT zcc%UpxxmUBYQPpwPgA?G-X!>wuSEMZ6X?fp9oVV-;VF79nZ4AU)2OqeN_v0sUf-2T z-qE|iX6~}Dlkj_ZEP_!IxtKyOYHisTz{=TU6dTR?G7IE$(SAeisgf=ljl3*r8=|$~ zioe!cu#EP4wC+Q8bwTf{iUS8SqD`J~%M`}0{lb~cvyn_oN7 zx~ICrPo)P2dk3SvzwG0zW4>)5t~D3_pG3aVUf$VLO}&tU8Y8yO=-z5-#qgZEQlUIJ zo3~g=UG(H~#&?s}q{p%*9kC%r+i}{irR`I~^JwM0ReBd)9r&x2kJ_`GIM`Yf2iq8q zgYBT5vD8R!QO%wkKTO?2;#O-*a``^rVQ$F5k#_8*jJ+Z>K09{7)%w|~g}@yC?gZe9 z-@VQ|`Do#~t#R8K{`3H@3+X%gG_qi8Jey#gE#&Aolh+`e_-&r@{8qRc*d@v#1BRJ` z@!7g1@+Ty2K+d$VUN`Xo#;IH~-e03LPHuo#T8IatAGA(4ykBo~*sP5{+>b*Ki6+m~ zd`n(0JRGy(dCl|Bpr3lt&wDZdUh0^Ne$HW@!siU|c>(y8o=P?mONsGbLyS57(<7x)n}T+=wqoKc_k2;wC<}sc+*7(9>t@JYE zsfVu}t>yVUCjK^b_!46Z(_fmsSbuH$i+%w8iOv%6fO0fX591+_R|$MmUfX&8YU0-^ zXvz7p?mc~v*(a^~6%MXpcsiTvpZ~$yR2vWBuer|H2YLHUG_q$cGORIHAnTgndb_oj z{LU!*t7Dbq%X$397pgoMt><79XWrMe=Fxr8PYHNOk42X;vb|K-HCh>E zzlv%+gzE(cbRW>1flZ)y)K@y!SIqP!zmfLXhTlt|6GX3PkfUeTp$p)jh1ULx3$6>m z+d|H74D8jt^|oH(t>hc+t1qmVm}-q=lXp>T?hbN>SCMyJjm{aves<)Y;_k}1->h6( z^pAY1+KZ;XQpln-vMmE%I*|)q$f$1Q+}>(xn^m({Ef%g}7%{n{$+g&0P!ez^H%*~B^1TwCi+muR=c-M$hu*_(w)3-RhKSx2-@S#pUN={Gk1ypcoTic9 z-Y-I*f`RIm$X<`IKfda{f&Loqt)w3}UONZ&bTFT1uxFdjx8F*CC|_CMRv|;GK7>z^ zI{wStx6q%y8H>&5p#!`xo#t0j1Eo;!l$tz|Y4FAA#5%x7%{uty=^pl6vsN0*`-=N% zy(SKfl*>?K7XW>_pI}gXo1^a#ixF)f4`uonEN9DdRmz;I_Zwh#s z%759Nz}@3no!hH3jr;ZZx5z2>zJ#nA;C${)=6s`nIPFlfDi~8YwATymy#ejLW%=vc zZ^B>Q^wkS(y%Fa=`E8*!j?Go^L3T{{BDYCitVLFl6KnQ4ZvoCp z(HZYH9HV?Y@ljd(s*{QNKv!Cyxi-4Mh1MOK_j=mvW4(4NGAxZe5=}4h%3r#g|DCbY zm%4X;>($QpmVM`0Vkg~v=i2TuvZa)E%E4LoAE@^+C`$l$^1LHx! zc$kInaKX16_znWT!{XToL$EDaKbragoHHJrHQqpZSQO7%JzG>u}|72`+yi>a5!{m1t z`AbfMX6s^cWMZT}j$SCxPXSH^zaP+!!{@GWdqw!`U>+Xl7+Cn(u{!t_%%?4wPg~J^ zxHj|Q`EC8o=N}nIGSvS?CLWac$H_N9?WaAScdq~T7;JO+D1tj#dm8wgO+rWE9G4Wb zJ{tCebNyxdwQZc^cc~5R1JedM0sXcCZxyt`^;NXdVa}+UTOI!=D$BIPtWqh)Qb;;d8_}q^dGy5 z{1Rv=nuz-66v5fqc75NlINuS1_e4{xD4+jga#fI1vXf*lDYqsw0-nTf6HT>2Q;q1W zTXvIYKZ1Sj(3<>S%I%TQxxvxgR?DmI9pjJYJ?W9+cMAL|^d-3bCK#)eH>#8MD&v-{ z(LcxU8<4H<4=bb>(TMz37UyU9*A?LW!xrb@6n&n9ql=@cUVoJMiixA(%TwO&AIPb2 zxc}S{;(i<791i!At(xagL-Ty8pZQ%>gn#YZs0AmHOY&pS(ZFW{8fcFC8|gnRGaU{5 zQ_x>esIM?Qsap*^3+cha@jQQ&;0S&U?{G$6zr2H30brqOq-1an+@}22fDxh3a=(w|2|i za^s?CTgxalzvt_7&S&P#5EQ%p{_*4S;E_2q=X}ol^S-~|pZDkeDRpl?1+Fgl#}CTO zZRYIOJbqM1Bsq~>W{^qSlP!vj$ahv8x$}$h`%2BaPBhnB+x|Ar)G~Oz7fStg9n)JI zA7m1~q{db)(swo^yWlbjZlvSvyP~mp_09BumCarq$Ztl9>I@^iM|Fk~f9;fb>9k#-{t8mx~723_K=A{SNS9v=(-ZRmKeI8Tnp&Y)vE<8@#$*z`oJ$; zs#6htElu&q>^pRJuW(Ttpk)cP)P5)74*hv=iC>qYaaA*_GoV@xJxe;?WK8Kw)faBj z{+%=AYYcKHpXcuniFAjoJhs&pyZ=E7uNbd<%XZD4vyND0E>zwRdblo-RI{Dc0ryXKIlSis4 zcc+9{*N>{dzGGrSkcujU3{Tzhn@=E$< zL*EOiN4|hM-G|`2KE@gx>N|cNJGQn*kn_)5=#RRVbGh(qR1+b)QWBtr zcs;EiscYlh!VKP$c<6?c^AVY+8G9eN-S4o6RJ4j#r=EazkMUg#JPrLa zP296m``Eo&>B0Qf9+|_Bh#!Y^WSWS>nP2xx;_w#5;URjehS|eSPlLyp`xBb`oNCG3 zVQA6_O{lr69*WEjWvrvnWdk+r!;H)gZG6?QVYk0|GB>nwF>(7aU*>dAA3F5Vd?))c z_0M16WUt+X9ss7`J5Pdb0eeN!vxnxhSJa2azGpZ(_x9P&jN#;FN8lIDcQ|7eT{x2e z6`_%bcd=(fymdRUe;$$P@~|7h`yIgF1}(Ofun)ZG{BCkv_m?n7*0AMwHN#_OPakuM;h&|*GY4}9HOd)0 zS?SK7{Ayb{^wPV{K5gg`=YI83uF@REBDkXAH+TK=XPJI{Qh9|HptGF4r5KT zhSeJg-{Ikjq6s(1QecMfsk*7z*#K{YXR1$mwj&#LF{U-C>n zd*+JoO~5C@fox%#c`bvVh4Wj%`Gepb9=vxHJ$fz;=lc(h0_VCO<>UNVqm%tSJ&0ai z=44+(2Wbu90eGXB7hYW!=XdyZnDC%pB-BNdb4rr~$oR6kN9z!blV%*|b8Kt;VlyA* z6q=Y1apq0Z$$EAobLs>}Gl$0f9Ij*zrk5G-v-jT4*?*yl;Eeg!pUWA(x*u55+%tvy ztEjDSp#D$z7T+rmq&Pr-L-0i$e@-;WG!TEAv!clnQ2&^O2Hd|x=S504s%IcND%*V( zwWFP0ALO;zg`Ni18G`W?*Jo4Xb2W3+UMKn`XRqONdGaDx=kWHx6Cv_CmFJFgHrWuPtpDD&_nVV?!@-;{Z48#?7odB`K+_7*FeL1 z{+IguHdG^hC*#;0zxHi-@Jw?j>HYruY}~5%;M?WnR<1WOwjaBYuTh@~OUL5111}#J zobzzaxh_BF!Dh~1KD{|(>x$?6WzCuIrLR{05pzB?Zh$#6UcsEXUiv=gEL*L9l?mi9 zCZ3)LEvp>kyIK10=iSPITKex3EaZO;{i{wv|9L+BXBOdt?`H}Zd@o#F^+(`h+d#Nr zyaHTsUHLw7A^JnN9i_xJ>^Z6J$@ZcEd^C_<7SM8g?xp4Fj zy-mM=*!lcoVqLSo1#ZRD@`a_FG~e_+=q7O8eV>zUC+D41E`Di=yP0*aH0xaQ$0e69 zeEc2q|K!{mL;H98`$s;MSPN~|IoY`BAwG*W=@R$Jk@AQATs!%h24^B;kgMT4&(HFB zy9;?yy^HFlC*p^6@gAcix1Z%IuJigVdU4%g-W&Y=73@t@#Eb2MeHQmIj>)skMc*w1 zPIO%2M1NayF1j5U8FO}BlLWsCY*a~xL10?;LyLf;_-oN?y7yf5zC#F-?|N%3HIAn zKay#z)y2!$CjtG;_$^LuFL5bjy`TEWyG_0~AMYj~Mpi~U+0-M*i`mOi<^Ib#=q=tG z^73WIURnE*dIT8_=F7MqMXitQM{F#yC%vx>j5c0Gj+4l63g1;c^Va8~$34iveeix; zJZt;;I@*uHIRG`tdS@hmUgF&*|B~;|k;K->#+o`cu+R!+Sj>8c!a;V#-I~$hM{XMYhcpLs&#C)e7+}S_|T)b_qjlCK<_V$ z-tex?>wd-O`CR_xT=9E;zq{$tifv8JhhJ{Qk6i%l_=$F%S$lTn8)?sZZIl`V;w8m8 z*b-wuN`PDE-3!io;7o%z&U91$?0~HmTFU&Jn0qPudkJ%w?=3yMi1}-d?I!OZbALfy zmGCS%sL^`vjwvPw8XBwhh(Dti3VbmBC)j&X120rM7qhm5Jq3TB9ta!!lmSmUFy1=a zdAy9@6g&2CZP(l7!&zTB#hfyX*&Lu5Jn|GgGkuj$uhpU#e)HwPyAd9;^nO_I@~mP= z_1(snD$m3k;HBDQVD=D9quyn!O-OTM--e-D80E=WVoP&k>+!^p6@6z6P zU_anId6~PZXwTU5gNQ*vr)aSe0px*T6CK*yZyO)Zi=t~;5F!87lEFWH+7ueHK! z&EVI3j$O=pV+vrPlp!CD`++Iy&P5LDq zjDxve0F6BQj&zePA-8Hc^$+OUT4$uml`g?9B5&IzZ?lm%>6v=yU&gy`saM^nS6?h% zoXuFGMR0D!)dv(;J0a$XJ%N9ZRVEzc^JbW5p8w2HaSqDRy&{ECgh!dh)0{$5Bs4C?aZHpJL0SD z>W8qxry+iv;^^G?%yD{#xtA2t>o7G8#WEFQj^2A@JM;GJD&C_#;qCZGv#`gj*tcZo z`U$-kzVg>f3f~K#71&X(e>}i@eLH&6{LbOM_B}J-=lmWU=soI(FaREdG(|sS69(4L z?fAbzo>X3>+vY{^&&E@`V`CEWqx48{>{ICv`F<;xpIUDyCnP;#|8+(dp`Y^qtp4aL z@{dEsBXJuBEQI|Yss0a%3<3(ws}_;AKj zdl0L1jeJm}a;U;T^C}QCoXtCq4KNx9kb3D!WT(%E!+PN z^%3MxwsVVn2hUnLxB0TZ88zx@n>|GQFc_Vp7+ii>n(trZ*+J+RofU0*+;Yz$zUzZe zRTDqub!upjvJME3h#ul&J->LAXg%1}Rcd@Q9;en#yg7gJ=BIC2j0;ekSAai%!i1j`kOxR&=6RoF*Lz7{gWR7PjylE5VTW2 zphM7X%BqMvZ4>99)|Ce8_`ROieKTva7Yt*6Rh7;bEp-o74La$bbjzIT%oEu9o#=(9 zu~U11b*U?YmuOV#ZFt0ChY%w*x{BG7U#AB%~$n7?G4fx-pSF?@FlUtzMJ@Cyo-}h-5Wc=+uo)KT3 z?)}q$0FN?`#w#AHK%XI>*WF&I!!GmX$jalp#qW*KE2xho?`JaJ`-+A#m@g;p@{4{b+=%YVfzaP;7oB^-t_j93-FX2Nr%H)sXci}|- zY7G2*{WAL3fe)i+{M^?r@PdB2SAO+LeH!!~_&KQ`Ds<3V(;K|g@K_OkzT@L3xF75F zJzhVUYfX=UeE&<+_i|RKI@y5iEkpJi@sF3|kFP+k$We&ry5Tq5cdjfR`d{~*Q=hR? z#(5sxb>sVMKj16>0!)eTlPBqvg;}@HtSRs&LFeCcjj+c4@Cxr_kQN6K9V{8cRBiRs;~R@c)5l+V>rZy z)-O>krP%azo;}@n^gV*UU=&8B68`_gK1zxL+@+|xQ_K?$P_$_@f)c=y0RZ~u{HJ1Lz{^#UaH)20;8p~c*#^ikT^2)Q^sQnx|%Prw^H*@P@ZkNIHh8K~EYa$xg z*132*WPh_fZuqOt`)wY47rZXuH+Za}h{sw2KJMx8R||A7;|KWblJ~`5-ud-+8~!Rf zzrG>QTjq;S_o~4X>Q|J79)qdt>a|;=9-3{c(53kI%f*IbIR=^s?C# zkA6+VON#Tm(63gve(S$|K5HoEvxxB#4WIE_A)k4_{ownS&%EmbK0~ibpFP)jvOa5i zpZwMXU5febUdBCbeb(af+Xbe7^%=Q67}_7&kImK`rOWWu*4sME5_C@lU8dMaYnQ5N zT;ta?+H(-?ZyU^drdQLr#$Q|0Jqh?N)dc-{PlWMG;k7h+O?mWJ+rSGn*S^tI6SRSr z(q-h>*0;vTxtW>Z4_!v>pDVvY>lbO@jG)UJu-#4A?l`$D=`zLe+H-ewkl9PL-t5yx zpC!;|Y2KkVpE>O744xa>TCi8Uqyzo7y`lAT_kLf${l$;iYs<6vec6V@wbkjt_-eqa z{kD59cfO(ce>1r*yeJ8hUc+;ZMf`}rp&Ua3TVUj>f5=1q_*{~k-Rx!DL;iLjx$GWfEQNffk-G%)sUBxq zzm}}YS88SNZ&0otAkLB<>0_M9mFNW713rgC;GOR$AYXl^4o1I+yqGW&K3T?)trW7A zMz)k=Q@x6nv8P}5W$YAl5)Q9sKZ)s`4DPzm#Ai%QFnyG-2LE%xUqOFsXqUzYW#9?r zmUiyXq7axC?LDR{K~t< zbH9hzi{*DS*OJ#s7lL(iG4Z8{%u4?1Os|>RNi^Ij8J}TZwNZ_oMmkeCl&mAF-MDv(GVG`9XSySF$F` zS?l$@SNGuuv8OWHarqH{uP1zrJ~8#Z@^hrGh$UwT9_4kE;~mHMakH0cD!#Dyy=vLT zTMvz7PZjHWQSwi$i>}u`I_CY9Waet>O!j`*agi63x3A;6foq$m_=^=@e&T%kvuJHr zx~?1Dr+vpa)2E>aJ;FNGBK88-5)WHAyjuFwj=OpP1fBDRZnR@e99g=qhcke; z0TXdauE)tfVA{jJ!L8_(t?{$miMLiAzlgbQk)GkY+vHE89n%b4r5zLbZ4U460uJW4 zf${e)l@I(BH9ZCn=6GQ1L{>%UFl2;~sRhJu_SDv+@%@O;6og_`%qadC1s&{-fKHGg!Y3{&pkZ zOV>hI)=X7j!1>(yejv5zC^P39&hUC=;G1>>gM8+vU+{aq52SNOgM+c~8}cpv^W<%X z`X?9&wHRoefG~m1S zG~l!G-UTBI<2}({F<%MvjiR$!vGb*I*4fY#W-l+gM*eFv_J&;LGX830*aWHL^rSs5*5axo@L)K7@VY~I#*n|#;J;72 zt-WXRneCf+0&EBsxdo@)~YUMi|o6%mifxucg&u3y;Hu7 zdIA*ir4L_Fe+xF<7liG!=IGmh@%De;nwPyV_;%m&bKd~_#gouaF|^i`Q}pyJfnV}; zh#1;M(7A6n#UE9_$U(?Ne}BaIujd7Eg4`w~zu;t*!O3X17M-6?%f5I%&p+pIlHcQ> z>pM~B)!2xh!h?qc@4LkYrV^7|)VpK3_fB<_{(IZ0ty-)#<>xBM)31Cq_}+gwjrUsG zXr0F6DaWUS2Sb5>g1!^3zZ}4IY6Sc>8ap4*Z`T_Aaq|8k0H$9T(f?YbEAsv1GT0o&8|wWl+tY>ZNW<6N=#V+A zBee|UtPxW;H`(1!jcEe;SB=sx_@s(Cu&;c3rE`V1E`koIXFlVp@sT`>7qrf3YJ9O_ zhNrMc(gihP?m?fMoH4Q-_K(I>|%_|ct_ML)Oq z*Kxn)+4}eK+-&ol_S<=U{$B6vt|JFqH19NX%3y<4|0a9f$@}BXPjxk$&{y&~w-INx z^IU}!I@}9Sq#S2|CI8V``=j(s=%i;t0pAzR?{x8TN*?yd`*-TqD#*uMelhU^ylic^ z>R-h}&n?UA5X;xW8ko=ed{t~OS)jug&-0gfs+9g7cSfBnl((*AeFvX$$D$ZD8|>Ad z0B&Y}?W-^D{L%N`*l@{@`TyD*8__XIa3naXjaaYRh>OH~(k)}Ocm7g$GS{1sch#O( zvMwfq`GOKO=#zfX#OoC#;^ z5>>m*VZ*r^1TTK_^2LK#4-fXs?`nhx8j$ma`06X*jb-SA<&3|G@3c-upQxoDU@wdO z0pOSYP+eT6QT;}o9jn2!>cAiQC^g{x9X|~@r^Z4#x_W+BUPk_!&hXl(UczPMT(Hqv z6P28cCR!tHr0%dDA78Z#H}l-qQ=H|Yy^Gp+>G8@mchiWYZN>EO!dHOy#!pN^d*yA$ z8Tu3B5DN~pFC?#PJU@bdMb+Zr#hj_9b(>E78BaG}=(h4s`6MCYiX?KcJ*UMmXfG7L zOCAQU-=bEb0{<1+zgIOxX~u1^`lZ>|s|}uBm0vJSa|Msu@1!^(%{w!^uWK34DMw=b zE%oc^BO1Bdd@(&&5Tsl;RO?E1Ae56?lfSKPp2B-1h~-p zX`v4F;0)@-G<+r8c(U#Lhh@;r%1@Clw0i+sZ+Ulp*n>{Fut>g?|F~d`WGi3)+l5S} zu&uTZIDI3uSm5Y9++z;CvfrTQE_tKJM_MaUE&3jGSpzXV{`FI>=rU6a7UZM()ZP~J z(Omp-Y_GA;mXGFnwl{^(pOh{|cH2jyU!BRW*{i|tUw}sSg91JvW2b;84J^&rwdV5U zPjn;G+S53cm>}%X7ZRHhGyCN~WO5P1hH|cX6YF{8$8@fj^kce$G0+p#f+1_u+$Wi* zcvtdZ=hwjeT9{uNTt<*1>4JC~~*om1xVMa1Ka5H>)* zpzgIXgYq+od|E{}=A$^ZSng$S!bS5rL0v?O`P4EW(HMK@>!BI$<3D@NoLg;b ze0YEGeU_K=HLrrN@E&hIk&dUu6YpZ{WhZ`e^QrlI{s8>UqFn($i+9D-hp-QaS9rXw znpf4c_cdZaWJl0Rw&q3spSq}D>Sq0|hdtDsSKHP=Up=$m0UfSbvKv0!3-6k^34Per z01q-pgCqD+{#DG^X>oL#>eJ-I%GZ!i+aW{NvL7ms;5?T*>L9rkILXyiG35%G-9 zNzA}M>Mj2a@@8x4C2!KR1@z{e{1bkMI+Y1qw zUvl_JTQmNUwK-o1dyuZeTxj@qJ^t&-q~f zJ_7@Be(`<7xGy#)e_wnEHS8nfPp$mVul)JW1)KhMku$C_iC-CJ-$HHkB=!!64_DHc zLHU-~Tgb=3JNdOWuP>r>Y_bl1MX#mCId-3;@ipCH_?qHH-`D&a*SUR;wGUg@(y(>_(wbB2St2;Mm9@&&+?PM#}!zn zxwrFf`>smfC0|x!g@gK^>t4pq>yR_NJxX=n+RM0q|N5W5@|lMWo)$yX6uPsv`3!@n zB=m|wbM5I^fxl(=)_*R7yb$NjNG|u|v=v^QmY4P)sRvX?yh70h(_kSxq@V$6v`Dx<8gJqg~ zkaxp7=3P17VXOi?aQ&$~9)P)!cTSo!x?R3QaL&*29_e2@=UrSU@$rNEf-M|5d70fz6t!B>tzHs>g z1JQZDKj)c6bLRWw)M41Y(7)sJ>eJ8>md-a1G-uvXFlVk0GOn*9PNH*=&uwl%c4%)y z-alvz)UfCBiKZ4LAMc9~!jqZ*1oom3A4Ou+tdk4zU_HzIb@*tTgYDM7HpL2YZ26Cu z(jOC=)WnQl&GGAEbX^=g$`7nfc)9cMGY6|D4a_ZGOl|w}R*|QiK#sXJrXGj*3dX-3 z?(SwirS`WGcMH1q`55OPpzkv9afo~BO^)GQcNwr{fTMYWlYLhEr181!o+kNlt0#M~ ztfnSFKIytsz%tPLziZ!#z6ieax_5ggK6Al4xxQVz0d9B8?_n-VV}ZQF)Y`&4h4?@`FvsVCV7*ZoylFpydbxB) z^7~n-%fZ*k*P}{T93AYh^A@ecn0y7}UmW1E)QEUC*uU}G0rJ(RCL$g_t^TGlqnD$s zRg`u#41)jBcNy?#$N1m$H??CI_c#3y&NotjQ`RlE@2&Uync_E?YkJu|i|r2b7uTl0 zX$|*RGOrlFldBk0%XKZ+;W-U%%UXqtv;q+Aft1dA4 z>3l!NIPY|TxdIr>XW-T6PUIoj-_-mDZ2Bz-t9+SfbFexlM=KuM0XzfsH+{(Lf6l+Z z-o%krZl(5{;{OO2_T9+MQ}`>>cPZywKfy)LjZ^1at{y6nT<8W=p;dhsD$j!4JbhbB6r`J?uRp7#t89~Re> zoNoWtivs)_l>b4dpJ%=wru0q(y|V@Vm&6B6k0y5lvOz!>r5BZIuP#;IW#>**-P zpNSFp=lJ?{j4_)rlxMU1s3jwc#nYp`_0FO1^xt%Z`B}LV4@Uwpz8sjl!#`^epEvSU zsQ;8B)tYv@IrsPq_a6u2A0g8r4!{qIExUdfax;mG` z0@jxo7s~&s;C;7#qY1%Ft@THNHvz6gOtZ4{5^_Ae3;YUx3%C3_e3t3**$et7aJ>t- zy}4iFeu%N`Gr74!qk_3|y`x~Rp_6*eYObQmzXs;HKR^>pk5l#=jptz(9E*WHGFy3A z<($IqH+X-L=dCSV;=k`y{YLxD{*^+1NO_4wxLMy5&ytKEBi^X-`LRy? zi2os8{n1e88|w4Eir-elt1bN2r5q8zD}UKr<^A5wx>AVT@ipIMFDN|K3=b>L&^ps! zV~Z2m-+skq_hKh%5s{YHi3+23w)+>PN;hgTuLzpZlIF=1+Q0^?sx?!LIcZuqL2 zr_4IgaP(pG4EKLZu~p!HDc>*6IN7DWCMR^j?w`IHJk%#Vo3q3z!?#e4gVRyQoRy0c zZH1S)%%8fQr()78j7MI{jIo4q$x$?>s5d6h@KnNoFLZqIyhG53d+QST!x?DJ^Qskm z8hVDg|IROd>7`}lFP~#9)h-R9cIh_3bL;uXrMm@(d@{2ao*EM6M>USd(-@o4Pm6E8 z<+$qbp!s@-8n{nbns9YyB0;@Asiy0=j;SXQW5%ztiQ1@dNO~Kb|H(P;+hegFZi5 zJTWR)U#xR*=$(_TS6_4IB6k@0Nh~z_V!Msomtgl_2e-$_fsI^!iJMZt!1~Jr^`%~( zNi}5B+2;4=OI*g>t}%Z&USpyg*@vMq@%7fr*Q-U|$%CzLs1Lghd~U(cX>CpUXZBQ# zNwuI4^j#CQ;Je>2{_C8xo>)N7KmENCe_MZvS;bEtZkXwFcK5b05_;F=P;~&0*}y0^quzvsu7dI91{b_r*EA)Q$Z1AU2+O zI=q9w`1<7FOinKR41epm{*{wG8+gL8sGDZYbAZLrhjA@!J|Wtm&%$x;Va!q76K>}- z;||wnr_|M2-VlAJ-*S2?_0syB;4|-t^7+JY=NlU1KhJi)!Ca3~zUi)HZXwfKMSX?g zF@CRdqOQf;Y~)S(<_I{8ZTI$&O3ox>$EfKT-wX`Q`zW97GpwC#Z@B7A@k%v$^eYqO zU7pPzX-iA*_YY++!?4`C^^Np%!jIi z7CG5{=!BlwL|5w?lknTsA1R5Pn$OfxCiuMjWpY>PaIWU5rt=SmpNvl2%#Y>O@v@GN zU!ik~(c#%SjAho8{jusb7Bv7m#^(2* zrO-`j^yg~w_V%;t6QzG9;J-{{o*Cxdg&t6UCS+j8oUzmcCqCpxps8y0r0X_Kh#P-B zCioY`y_z-Qk9mp*PW7DDmZYD$kO|>s3;k7c>q*F#@DVF@X2ktoDlWBU^3U-JcT5C# z_@?y13$Yi$$?k=B_QI?534LlUyw?LBsfRYa7xrypRJ?~y(DRf0=X-d*4BNSv=kDY= z?N2K8>sG_{=ti!8PtC^ps*i+^xG%?FrvDamH|yj#jc{uR+nOl9XNuqN$E<;)uY?<| zm5!hu!1H0f^~?f#j)o@K-=F+dAx#zkd<~wG{e8X8vyazKDO^8F-NCaf(J#nAKQ$oQ zgJWch{k^T|p(r}7gqnBJtQ&o_fju}6m_0Zpxqk8Xx1DAWPKnu1_<+9$$MlOw4{41` z?-9?GFy=OtXa=59%r!tQR?QZ3vGZOy)rY@4b#)b!rlq&TjkH;ziiQ8bdKkXoax>NoZ5E;KNa{NVSK&JN^A`D z*FHS6R*aq3TCw~)BlrAX22A0&=jW8@v*eolLVOmUS}vl`7`gE%bv_f}shgQwgnfb1 zap88y{k>{T@O{?6FJ0&>*)H*$bj5CB2-Psjr|4!ZizDqnSmZu5(31VquiB@-rhrz1@GYVp(GMPN%gHcu#66~mo@|tKo_e#$PN%v4 z2{8VO>ou_=7}0|kM!_dI2ZWK_^je->MBVpz;u*!i&x{GLQ$5n0-jy$fum#WFdh_ud zKXF!%VEh$4H6V;Li(uq>s}ExrJh}-UE#}YXi^f7{8NW;Zm}npLBkpA^>A1HVh(9B7 za!qzWuV=?S{ZZC&Jv8<{mv&ss=L&MN3)OkS-IcG+NXFq!FTIb-*b>W9X3CcmTguIpXztw**oFGTd<9iS=mU#5?&iw34^<3*a+zj#yr-*`KVh;efYdH6jOZX z!8gd=2z-jo&A!@Y+Iv83h8{>^E6fc~hy3<+t?$Aord|r3_!MLG zHw~lKY4}6^vQ>@9i*LKs4`B`R*eZF(W@h-Ev5x8diX^&P@rvSziADS<`I~6t%R0_x z+Y{{B;GH?R4H-0X3%|!r&$7wxB+jDQ#P<>veg;J zR?e%m+}VHi(9-?SqBjr5oPT7^gT1VmV#mF+t@j{n|7~b>>xYQeple#@FyPgAJ6d!={ohWyTf=8%AQCMYknkg?Hg z-79OVdz#oMa*DZ>GnZ?ImhX>7$$8Z{)unTsYUY#MTL(W+kA$4;0W+WSj#lRLW6h^b z??12O?>_CxIr$2c=dkj9x5*dh^V=cjr+OyaTP871^5@6L_s$ZfD(y>m|TZkc;u*xxt60cz=L*UQ%KHQZR)D6MQTk7efaos(`Bk zeuw6D$e!w+p8g*DSy_L?r(vyxeGHR;(X7?blNei6sr4;<+wqJQV@&DWN}dg_L8@=R zM}yLi-~5ocsfzn5EI;S-h{9=wKZl=zQ_o-Z&L8a?;JlCIW5D_Z{^~~lZ{dHxQ{CS* z)bx76r#Jly@PDey@iWWtU8QsS@YCMLcO7JUVU#r0?!9eAhvKFAUw& zi`>W;)%$d|$PmUnj68gWedGyh-ac~|ynyVfHd<$d*!OGPUSvw|J&c^nh787!9Euj(tmDrk$RCE*@hPt8tlFXkIySk? z@$^z%)aa#fGxlTw-vf{Ms_h=tjShPVolh?8Dp$HR1)fsq(=>W64c!EL8rsE89;?DV zA9;|^MGj$oFy~M~tcC9~M)=vZ^wl=|drCG2c(L)aN1mSp4Wj5M-5-r9-@;iKe0Lwu zsn#h?ZmOaEVpp+CYX)#L#A7g{3cW~~9Z*23qig-_u#D;`Thf90nV%=fL0 zd4Ec>_|}&Eb)td$vCm%Y>hX%;+Xs9-z{i;x)$G?bXQK20-;_}Alh=jH*9ktIlVZMu zXZ4+W)CfM3@>h6p4enSBT$;CRHo2YkCbzSKz1!%j@=X(6on1p5WX_QfMbXD0d|T7D0o^dPhwkMAJb#i3U%=j|H5X$JFMz+5!vud@bbcy_S+j}drQJl;8# zvnWiyEXTW|T@rc|FPhjwc~j*o!~?HUC!tu?K5J=c_!(Lk@UtJAMC z?f)z#Cb?swUDzhVc~{32shy1O669@A8&eT7JENJx8D8YszL2@Xo<)amlsk*A2m0?sM|Ye2LbS0L{i~QvIV0sB^!wW; z$Kah?(Cz0KbYH5<$=*s%L40xi&R5&Kc=d936!g)$>|%US*(z{GUNO|67*_Nmt}%9Z zf-h^SI@w3x?m{oce68S0w(IBgi`+%7yR!L%uIHzkyaKc@?4c_;y~WTfpI2DH7~}=a zy(X^!4;1GWYEImZS!S(ZBB;DI@YiC=6Bu;{Jk8xXZ-P0*%1eycmIX#!qA5#M@e6I)I{V% zXz!$_JM8tTbcdlC^B&K<$HPB@NBUa2Y$5#9V)!TA*yZz2@OQ6IOxW1@7N37~-_1Vn z+~)DldgYi_Q_nRJ?}%@VormuDu%4X3C#AmK3HyBWCN&1y!_xykd$Ij}*nSdRJI?=r z>?r=zMVGqc>CY`)Zgr7*tBdA(Z#QG=S>e&po;lYt=iShnIo&It{iL3I`VLwLd+ud& zv@YrR0JIK{oq)~`y=*Gj3l-8CC(!1P)$6hg-Tw=_5JP`E_?n)dImo?p<53fP|HF5P zcN$K%Bl5>pJ79C#U;h;RTgH7uuu~(buPZ*!!}#a<{kt{X7w5j((cF)3UN;uIfF7C6 z7?}zu=eGyz8;$-R$M03VN4C3y{R8A?<=4(6cN)VFBA&f>!Pjiff#>JS$GsZ({>S%k zwV$YXe`Ou-UC9`;f$L`cOzTU^m$iOuFMKXP_CdqrWsQCCuJvQ}o0o(2{MZM5{?3LO9)@`FBIog7LE5E5%y(XAwXL$Ny*Jx981yw)uLWTIi7)?PM21 zlekaUz;Fmh&#`b{PMBRPuGw@Q0a!$=JI^9RScltGwqWwPJ+3mm6zVBL7FPG=X zB)ZqEf8eJ^8Q=CPjg$Y=Z_4|n@I!P@Vyct9{b%HSry}p`p&x$WU;dQqnOu{XGk)bP zbO^Rid+B;iER5}EeW4lslHfU$JK>&R!N00$O2QkeTdw7K`PvD7(|pt~MLJY^NwlnI zZ+8;Cu6WVtE_g=ctuA4Glw3D{0eO*O?q$@hhUg2ZbKd!zv$g1LQ(u(fnUbKb<@zCN zNyLZB%UYW(SyO)2_#fESG}jw-AMY>0x5>rKz!bvwG50ldAJ^aHzL$Swb9WvOc)sY# zpM!k~g7*~Y8TcWCEQzLn3r&OiM(ZuwSAAE2x5Q$W-h+(($;ac;KS|`Ub_BQt_jNp< zMkZ!6hV)My{?op`@6wwtF^PLGT zS1Dt5gR9Akl^4KUi{LTdr#)@=w1T?@%xNKWS_B;*G&%*}vywPS>&oKWl8%pmKs=;e z9_s~F)To+#rI!!%d{y>n^Vq?v)(oaxVN7ATiPmH3Vj4yExOagf7r{-71^Uh3kvz;Ujy?0dc@0b+|8LXzl}r-^R?T+6}bkT zcXX_dxUi+fpLgUid8nKEH?YpIJ^obsKIf^3WPiTa9l#;;PTvTBg6qgNd-qi$ zV&a>)2LG7`hyBHT-x+a7#v}CB4(21h-bN8;c6G@Y;jt!1dZjv2zUry;kkC_+q5K`e z-@6!V9b-pdh-!6CF zOMh{_oac;h2tEpY z!(r5lDGvB;nb#-8_=a|E*!K;2UpHg)@T~0OgTQI~zvg1;83V-9`mQLJJ|upYZXp-- zb!1X=v11cA(^Kmb)9*JNRgQg-*+=NnwY1}$|6xC2ls#pI&ulN}3}kBAvI9LcjA!a2 zh0mzxVt-TlL*>*-m#>=Y_Rci%`}*=E@%t?NjUwEp>hLq?((fDiw7%X6@9%W+ z{GRilKk)}c|4PNI&_4$K701e^8M%#k`H0}>0$q=e&l0Z$b^It~IH%9qkNnPvy#1C< zmYtT3z8{*jQp?kdE?tUE)c5*bwp+h@>r412*E!#)rRK(q0la!ca)Qu*q@iTzQo zxgY#QFqaLT)2XrKKIBw=q|*49l5fR$Y3`4YR*s_7J%_X0<+nIypTSk`nYso?aqZ)x z{_G5{LyT8ReLa7(o1lrU`6Gs!Zu|`7S$VuD@>(wWRO|+B)>0o6j{9rW{NBQ~&I;5S zN#~;v_VRpsZak|#58dEgITqQ)u>20bzeCTrtM49l1^m8(Ypq?}Pu^W|!)9uaYMZOf zd0xgJI1-4&*-(uss!2i`{=mXIL+{w4D8 zg+rbh&$S&}{;uhZ!S_Z_W6#mI)zIZilPf|u_d4BAmWN7B9whf2_FUif`f)-xbJ>@P zXP-~RvoA2GL-a};GU$bKZrwC^+@VPMltuK2OyM(yzx1V-#^1K&xcJMH-H^Ma>quLi z_g&9C49_`dx_=KI49{U(ig|8zfai>ls=4$2Bh>B4Zxn9i%Z9+2Sr-CFT33-zn*<*r zc+Au&fD_^D*F0zVjeB0v=XSp5zL)tt?uDam=jY&>;Lf*jIqESvfGmhMq7m>24*60> z7Wn=djUD%3-Nk1EE3gUHUChbADi{STFq&tZJs2OiaPixteE!|@MRnxZog^{Ia%emL zpS^frd@Wt`PoMB~?+vHWFV}JoVXz;E`co)}6o;p!Yir+^WW{CM{Io~*|^{<9CZ74l<&-SF-D)8IJh=g6*qzldK4nfyq8eOvV_2cTaaw3FS4 zLr04f;p#HtRuAqxf2`p>+KXjqSrsz-J3;|k9_2UdUvZXtfqYxq1%0d5!Sv_7(W9w; z7k}#i5^~Op2bN-Qm9tud&$JbvsU4qb6TV`Evno>1qL$bo#p6kzWfAU6bBlE45{4n1*a5NDAD9+Hm z&+Nzd;B!4aEyOoLUXnljZr20x$`u3f%6&esIQ+BpyPMwV?~Ew)|I*MXgZ#-4l&{mj z(>qU@+(YgxYvm21{<@Iz4_Xu27g!ULpQSY+lbgVv+jFe<1@aH_FZG@ja-OV1&UmkC zS+5}%p}w}N!@j*4T+c#g>fjaRGz~2?&{2M#WVw{7?2V6b)x%9Sd|k+_Y(*C^bpd;n zoW-1SdYUbrQ{9ChuoxPsp4IR{U|i)kf;kP7J0;I?&M5Y-!;jCfr+$U+%O-hlyzU1c zd!H9WvtMDfS2u?rYxv0Wg|XT2muPMD0s8qD)KjQtDT54XPO6p8F!n0Ow&SLlx88Hy zoHvdg)B1Na`IHEK_qCUuc`{~o1{ztv)Y`km&Um%qn?0UvFE%>Ko4aUg@6WB}6y4u~ ztuG#+U?HeGTDduP8(*9rYviMl< z5-*Fd#mnUZUf$VM$jg?8q2Kz}&atj^pm;a~53BB4w9UZ7r{c{OK2Id6RZ+|-+0fcZ z8eURt7UY%f@QVD{26#DwJvbGg-2(rLzhm3U-~K~B)`>@0gR*wt=cl*7`7W`}Xy7MC zk-stO6udEzK6*F)m^uJ|{PNG=AAek6a;tfNEA%UD!-<2>CBavi&kNy=TKwo*zLRZ= z@ZCzjYlt~6YYES#!E*`UZQ#4sdd|7wJG+jqKAH{K-!-55%8PRvAA2ME+h^a1w)MWT z^^3DNY(4Sm`?j8F-CxQ&`_-(o?_D3=u&u=T*+KPV+`cBa7QfFKw=T2&&Tof({n-T$ zm8V^NCHjPZb?6flb30>*ui4{N`*z-T$qx<@A86f1dqw3RR-%_ficyfoafyF@apoJ} zf8&)<=Npy0M=?vWo>Kl=@qzS|iB-7%-a;#vo*t175M4Kbd-)?QJm>uZYK(*ZC=~k( z$1}kfap3`*)7^|NPQl+*PU^VUgwW&YMXpaQdQR6>C&oReI+F9Si-{q?KLR@ePswjc z3}Ic~IsR|q9+t^Hv*%#y4Vd&)H<r0nTuDbD)>X7wCH#f(MjGR-QQS_fi@2`jNIwQ=IYR*;nzAjyA-z7l2dYYoIYx zk)im{Lpqi)p2pIcHR{b47_u)0u zu_KLt*56NE7j+G#rg!U9w|lLVeSr1Jy|MG%?sbm(Z|=AS*d;5<(`FjM^*!MCKGrqp zO%cpHc5kGnNV&(V5^@#VTNmwE@R+wxEZOMSKJ6(nIUMCKle3`ba%lMkc-{$K_mE@R z7tem>bl|K1)4(_NRPfCMzPZ4+!jlJbYvj^CW$FV08Iwzp7#)#MRj^J<5HvxUs$8?wKGp5a=E>rz~OQ;p|a`2y;=J(a{>FLR~ zN87|o>>v7F^w%1UY7Fb)efjf?;icp<-pick;3vu!UyZNcy~xR)cpg1;Bk<4X_dA?y zr`corK{rM1Rk8{BLGK#<=I7K}hy^5zHfI^-ooTLB>-ed^G&!;Zs!1~VoJDRDUEEX0 z+6B7z8e)mNc)l09aQ>Oed6uKg(p>8dwQB><_d<_SVurq%(Cq_`JDC1Whi;7Ptk~=! z{D8p|oa}Xs_Z7xFbO+ay<(D{P2CJtM*C}#4(-}`^%Wq}QT4zZuf={S-Y^c8oJP~g# z!ym==cP&uey5p*L@*sO)zWcj=>c4pg`B8nm^k#C19AWa5@cq#@N?K@AQ~tgx(ro5WRr8itjDGW`m!l;D?-m!HxL&7D}oInJ078n!SBT z6?rnns>0Q?_yt{&=>DxIn(o``eCgg0y~>q)wd1YAM-$#Prt-DI)yN7@AA)C$-FM&(WbzSk;Q8ae-Dhrk#~S#> z*kR}`I{wQI9vwIMzJ4&ieBP|5=j%0;qfs5B{DMx?@8l!yC}4YC7zikn%$b z>4h@k-O0{{cYEOTYvA8r_=7nebMX6rrE{y9D>-NCl|Sgd%r$eQF0st!cFmk}br$f0 z@(hyAu;#?|eCDM6cU@!QXYe3;+r4ZP$vbOQ1pntRKTOF3p;hv8$ zj`8JY#j_vM=T5%o-Whyet#`o>SMd4U=s(4d%AY3D2X4dZWL-_x6sQT?KL*1q(=bo`kv9%qSONDhYL-ABL6cVGR%S?)^C5?vQK2V83r z!QVHSJrv$q;OqQ76gmq$GbzkkQkb)+!ddO7=v#=+?m-59IMY?(Y+`IU`!&`{|6jcS zV$SV)jrz01*jnCM3vOz&>8e`vTP<+a0#_~YAY+TL2Mgm_3qx>j!q+hL(_N*`82$Yi ze+TpT(9TeGBYOL@=<#9r*WX)pnfrZc|2_EVYv|1(+%uH_qrugdVer54Nr#}zhj!G% zOYa5Cp`A6=hmoNp=u8X$!+~)H%Vg1Eo|8TDG;5*8E=)uZG@J9qJbMv;wC#7;iFwE{ zc8L7McJ1AI0G)RywkiEIehYFfeO@A&<=Q(VtE6KN^+eL`RoE!u?o>GQ;EVt#XCTT3 zfNMLq;j`Jl9%l_3TX}dbJxwkTWsj^w_koYa;BE=H6JDeX>gCU^MJBbMYn}QTlpJor z-gI4FWAsj9nQUPwH_s&B*E6>Xf-h2&Ro$EBEWbkIT+Ml8?ex=mU}SjRHs;;KyxDW` z6gGDHF6KOxIqzo9%8SY_4Pw61S&A9${Tap)EP}z(KyxeR8xIF1%s&bqwC@`WAfE2=HufcH9SmLwHh- zvOzUGz_5!PWu@~0*UTwVIE=?_oR5oY&Am!N0Em`%_)28?O!<1FB-hnJOe7tYPv!ei{yKR}Nce%H7fGsAZY@La`M z6L^nu-SV>(+wlCD2KM1Lapp=0d&8VgI&NCzosZ;!XPb zS)PcJ_Z9!BM!1`I?F!6c5_4F~9JHTrH}e<{T)Q<7uAc&a$(E&&o-Hl9wm20&MeEds z;IavvP7P(dTEH(h7#uy`gWm0dFIY<>2XTda9<*nl0%wY=7m(Q>_F`{8y2tF9zRW$7 z-*;(`sxx{(Ke!iI%6VS07nYvn`fI?eIJXbkoA4QUl^8g+0-3JDmh?0C<-kx;lbzJv z-H9TT0Ez1pFlNzOk#@&vG}A6TIK7SCusC98%#U_`6r5@AXN! z-(RybXBAIE_pgM1?jRQhkILSf+C}6h4ll(%puFq^_gB<;c`?nOoixwg(50KXXfH|^ z^OFy+_nZ0h{l}Sa7+r6AZ}9s^x%TodB^^C?5Ys7Fu#&&%W=rRuNj2Fr?1qVn>cJb= zvv{rtI+dYcdlvB*ovQoy@qYPIW!Qus@K-j$@#;Z3d5-Td)%#=c3cp>#=R^xK1D(q* zg09%u@@doyGtP62(~IscpNzkVe>Ug}f1Eha@_mKIY3DP)oy%wOs{Xeldz+BSZunqt z`?;*m6N|&&wVeNFXok%={u;HH_1o55)%)D`f}eM}#^uEj7q; zxv5dRFdN$@UEItV%5}hpK4Vfo8c3kxs)1RWA^RIhYiD{!uLN@i(>em-|kag3gbGrvbK8sMARz`tGlDPQ|7?|Ll<|9V>okb{53$?)G| z;pevoK6`qu!u=IvCE=A2GL9d#KIjXk;UD>Q!b1siu4~!*8+qQ|n@FQ;ks;~f#X187 zn<78)pDui-Z54VaRfipHli$K`{7rIwnBUr=a|9koH}7aDI`2YuTDn|uPGVLl3!gLZ zY3>hz6?*07yBd0>XTgs_d(HKQz=zD>+ns@bB74X=Gssy|@`ik2BX?-rPTpMt4EV1* z*5Dtt;vX^A7};pgPttj)B^~S3dz0ttxOX0)`+9g!8a_-&w*C9# z+`oje<9wF@wm(t^%%0<78Q4N?_dqf*S~39t)N@{w_;lZ8oR`KNL%<(qe!{Qz*#21O zmC?@yxiEb7De&vdL=MN6r_%I#iNGU4nfMvC8%8Gh?I)_^_&u@%FGyZyiFV*a`1}2o zciP^|e|rxdaO(NTBJMLqI^d=6GXMAKo2B4QBd_r1A0w|_D{Hcwk&(pjvG?1+!^)6i zBhzC~=j?j?Nd1T5mni&FYGTy%Hu#BnQ*q%&eEJ{JyDz6(?nAfmzaL*Dafhc{#Gi>f zkSX|V7Wq?pN8FUWuO@qJ&v1Odkp+7@h@t_A+ay_g4RL-UDucx#L(|rCN^$DHA zfzh$ijvs^b?qxOEz2I2=zT|spE}3N^`oqG9_bA7TEu9g{-V)%!)N5WoF@29mgT#y) zk3SX9rM+75V*LN;1boRH@O#$VUJzCIs?vAFx9eN+RafGxdi$j#x&6|?-@W}^5wpK5 zxL^8N>z|^3|P4bYCL41+S;s>co-WcUNwF>c#+N82Hy0X zd@K1?t>DD>tFRFf-$s;lw4JJ;w}6kh{wc7Z4j(FX|f?WBG&u6^x#0r062B|O^R@?cwDee8XOCi0r^DL4 z$@d@+T&qsIYkp0(9i6P4sA7a9wkk0{gujT+=AH5fWMe#EV7ST07TY29Hdd}>`&<2E zuf{eU{V9DSdA^h9Tk*?xGyW#^256pT;x_S$jdydg@u}Bp)@!}WU#nTKb*iI3rBBQj zA4h5bZxucWYhZ6Tcz^qU5mMf2`%hMla$kKSlE>xhvCg# z$k9fwH{fT^C5|yQcB9ni zsO08`yQ|r|Y0oCxOkWK7tdbM;!i<@i_*^$Gc|#Ybc%SO>d!b(sbb5UrJhL*Mor;dF zAeS}J_^HT9{Miv5>lj<(YJBoKJA&g+evk24C?7M>*g@D=oC5Yy?=f~a{3o7MkL^Tc z6#lcfXStJnZUQ_jW=!InE8bWN9R2+x9?I#eCg|AWm~+i)w72FvG0p{JZ)`f>t1ElH zUw>8S*IYqMa#hL^ga32fZ&C-SHNuJ$&O@f&2>d3%?_>1j*u*+frTpb(W{-7tmA@a9 z*v8ArBYTRKXUhkb+~Bh-1}H(+OirRvxrXK!CvcDUd&E6Im-h~K@8G>jXs4Wv9k-Hk z$)`-uKx_H8vYla#&Gl>4jL44(`nE;~`o67vU+Go(x5|?%{x|h9{=B>HVBUjl!O@TsRyhqJy#t&nVQ9lBaEEBI2(sxy&(D%-jOm^BXfr5Go<0zPG&#D&x& zF;;pZvB{0V30=FYoa~*-tJpeYV`JPp)@Zmzyp;%wkOP!CE^AO~~Uz z`MTBMqiZ>EPPX_Uhs*WD;G+xtMZw?s+;=DUb%Q7Rj^^V6t~YU?**CukxdF~{>e9-| zLHADOGr8-&%c*Z5cRhtMzQP!Xp#9*W?&NwsW0aGh?n1s5Q>Z2=HP`6O?G4RSJe|4F z*O}nW=uCK5b!lIHv;U?B;jN7M4RMSfyJ2o#kNub5@AvhHe;&z1)hv(6_1mZ$;^B1m zIOGJ}&Eef$;PYy9Q8&70?r3xY`cb;;+A{PMYkhs_EVB>o?c2&z?Gs zY;82o89_tL+F}B}(R$hCKR(iijeao$4Z4_{`oQ(@j$UXZ9NFj1x;JwbZ`$v~Zwbzy zK&GJS#cn4xk_q&oIRjSw%~=tZG4Jdse1>D{mGuPoBpF9M1D&(A_#f&W7A6*M)n0hk ztKoIC{u*HnbO3S7(wRx=0IdswHgKA#v`x$Cve ztA`j`{ZYK0bzXlIt+xb!f7|R)@_M8Md)D0wj#U>bnkLZU#If6z%fE%|C48@Q+3U&W zYd+7*)ZT-tv{9X_@2vK`^MRf(J;n1zH$@_5%~bo*CiA>>kLuZavBx2Bo#I zysIX7u&&XX88+4A+5)i3Mo5re;E7e)2xT}e5-TZ&m19k88>h}tc8K~^7pKVwd4JV zVo2toG5KYht`DR2>)%g3Y;i5D>SM1i zgP*a9bFrO8^|1I}5%(}5rG4#rRaf2xN)20m;(>`^{jewTk` zdOMExc>m4Wc|Xg>i@AE($PjP;)YIyxHLS26mV8KxJV^fr{?kwX?Uq3%7hvo+HXT2* znjU3W_F^aR#>QMg4q+U%u9HozYq{waE}I_weWs~(EjM}b$$@_18FC3-|a&BUXNxe9|MVEj~t0>j`o;J8QVNCYysP0L$R(iBq4Z_xMf3 zsrX?-Zy-*^rhb-~O7)*t0bApLfSVTVX%je`WbzC6Zlm0fA4LbZAlvYJvdNS6VtMGA zRFq%fdf!JG?_umGa6Ld@{?b;b`hj}>-bKB_(_S1T`RS=*9&v2_!}zt>d+m8iRfS}4 zvsYu=WQ%&3qiUjhi5*Nnf^`q=H6cf_T{#M4k5>Bj2;V{W=z8UhcwTA*J8H6Bepz+V9kHagjE#@W-1EhL8T0r$Q57Jc{?&zCxn zH?S{`SU9&Y&g^UT;`rPdRxp+t71Kv8;0qXaX71Rr0bEU(<(E;0E zy%irLv(eLs@}<&zz6RRcd-PjkCo~-gU&FJiC&E89{g1lgU-dN;eN{IkAGNezz8HNb z`Rz)^2{)tj`2BJ|JL-u*zm@L-55D>VTc-s-9MZvNH59$%8@tI#9zpLN zA$NP2oOs`YQ1;M5{vuy}tO0eg{?)ULYsTtBPik*pAG%WU#UOM{A7^lMOa|{4p@YbK zHB#qZk00C^!givE6elUCqk8IwVfgy^!S(Vpp_!qJ z@i%ms&3+2ieD7wBHbI=AdaHz~PvqPQ_LR!M&h+8qi3jS*M}WV*#02}G1M%AQ_D_1W z-rT8v`cB6;p+Tw*|7`#`4grU1>l4^#3yTjEHeCepc>y%6QYsOyf z`wXoy*>Nv7^d-hm%trUc$*)k~u6+0=A5WTpGx39gl{r4Z9JgqW__t<`)G8+yp_lgs z=UCeD-S;uS&uD(kqg(S>1m5>~xARaQ2Sntr&Y{F^6L2{p^kZsBN-8_ z_FjvVfpE8*`P2?4HbSo`f4%=0^&9)47kD-X_~ct!qOyNT^W?)MKLQG9kFSg(}a z@7X57Le9w5TD#^m33#;LVDHb&LPw!%6hBC3DTh{2yUw+8b!Uqnzfk^<+I3)4jGq9$ z7_`_!EWGO9Sy%oAF*iCQP`hr{`vuEpavQdG{W5w(mN@Z~Yu9;Rwd?rwW{(>=fs<<2 ze?O1+fXk&kpR--qkJhu`4|?pYhTY5!Th$C~Rh%0_Ymq1oGP~RuoDo&qq0X4gO(PDfXljp*A7Szcg4Mc=TUd}67_FZer+B) z#W?75V++M6X|6xY+>(55#~wS>-X$)_XPN=*=;==6#nj1T2i{_BCmx}86kgSyh$QtV zUe0Hj$@y4b6F#f(&(3Eq50D>!06xvpb%OWq2Z(v)BV59})wf7Ji)#5BXKe9_>g6r$ zRq%TQ@_wp%`49Shq4&xUR?fb4GQ7+#e7yVpX54YbBu4Zx|7@v*N1qfj5+Au zsQ#h{H7~1=H^H;X1}D22zD>QtnTN|W;O z=Few7=#=T*2f0Q+oBQg~<6Qrn?rY?Gd_�SNEm4Mt63NWnI~~LE(1p=lc%s*Y}%^ zeRVn>;96@p$ydFO>X8ccA4iAl%|4Gp4cGsM9eG9gYkG!GRWxRRv* zk^DjfBB3=A5u(P-*w6|-l1Ma@WRm>Hdi4WA#UwMaG+MvU_uPA{Zxsb%;`*;YYxSb; z>zsY|+3&N@J|X%jLY@}$XY5Mmp-g(e8(NxYr421&6C~DI=_+_VJ{5g$aDR?{g!8xK zQym?60`Av=D?h(-y+Am{Cp&~sRvNKt58;!QPPb~+?_2ac3m$zM-zMHof8^6P5FZij z#_yVkE`-O*fmdyK`R|G$D$mV(zl(R`uLI*U;ao5Ay6 zeJ(-Ih(LNBZT7ujrSH)B0n~!L{maB+)YnzW5OCZ9j-O_JOnjgG-BtL0{+xR8n2|rg zv>KS6LT(Wgzb7@Kp7nv`V>>wSN_>^QM?7Blyz`FMs0Q*2;0zpm@*kiN^hP$H4Ee15 zcfqp~7-GogMk50qIVs#OLa&Y;Z|!a5xydh|1aI;8ulPC20S`bIHRM^33A_2#uhZAE z2sR1wivQzWZ{k@8G!Nxb81UXeyS*=QMvwL&Ap0wr;}~!W4++L^XjJp%_TBpu zat1tddK zzpc_UzV{n>zm4`auc9UFvfW-SA^g$zPfNfqTKbVY#$+B1N%wkml%*eJQI>wDfHVGH z!(P@tOwrE>#;tux3G}n@mG}#EbZjtsoAK9qImlDUFN+SQzWk7!9AwMg%bDQW)2!zj zy{bCD)+P48_ZxcK?fL7gkm)Jf&B-t0x(0en0k76=#v%LRvCERcos)yi^+miV9Vg#t z2Yl4S8J4j}&=1(C8n^UdPbo1dWOM8h;guYu<-`U`1L zAuSgz5GPnMkf$ve1lRYqhRgUqui8e<_35$7OJ3^cCC_0UhPHR`*R#{fEAwy?XKa&I zt1pz7S2jm$k>oA{cMI_=la~yfG34HM^M7ufk#PxRI_2>z`>-c~L=;_TTwlIbV}QQ^lvGDdo8DacSuwV-qb+_tVmBA1!Uq zqb0`mZR#>>4@QtavpMdwnM38cpMsXQ_drX$r@7D4(x0FMA1#TFlF(D3JlGRxX*>3h zM@zKxerV~+JX#tFE%p8ZoehrVhsyR+eoD_Duvx+HeJ*|-UR91tk%<*0f!)uqCU5Ww z#H!H1!zDvQ?U~p7{z8S&Xj{<+Av6(CJ z-^k;$+<&SclFi?kl9#`sZ|C6`^Ue&uQ$5g`6KI1t$E<2})D&_zXt%$TJTv+@GL1Yl z`n~gPYwu>(=I=xgu7@|9i38qD9B>G6K-Gs(tZy?hz)zYO;E?9mi0#Qv^PbH!@xLJ^ z{`W~Y{-<|RHHt-A=~mi}MXmJD(63iCGuEi!WQ;X}QSb>i!6lgRHLfRa=fa`Bm4|RM zb8{Cy+iS%4enxJ|3jt#0#q5_03_03J9)fg-a>ruSuGoxkkFD~e`Z?V`ymrNJf=#}H zcTcjus?@sNGW!NDva886i_K+Dsk;?Gt}W1+2m?7M$ka>hbCiolJ15CGF*M`FOG30E z+aVaX?2Y8>n4FWj%ppF@>ExWW@r`th##+EGMdv6c7;*AW^54O>=)ktnw=1zxlphlY z-}UINF!$vjR&l=$`D|br0KD_wIM=-Rml_6Ught`>~RkOCkLdGY1z|2ddWnZXynMAw|f6>d^ z@N5S!Z$mT_>;l(wBI)yaKQ@bZfziv?=%ao}KlJNAgCxVbC8A%=kJb{rT#Z+{T^gRn zytr_wE${noUyjC>Uz4N3d#&MtIci{zG=`O99lv)KaSi2Yyh+}KWSYM%jnQj2J`H>@ zm)CL+zh$@oEKJcQYk<3zSERbfJ-)ifT7&dIck+syvoL#nwU6`jituO59^u8%-9qN$ zNz2OOLvh#dxp?qkk*o-EU-VWD4!VB#*X0%Ed>{GC^NRXrL#KSNn(8KBu^QS#zd|GF z@r=u?HA==|`yU~uv>iV&oA&~Jo4x(iU=lByJQ-|5$$qUjPS$!ObFZ;0w?aDO3m*-iqHi9=m=gK56F1)-C&?!GqM6V$bvQ zebis;vm*EOu-~i)ebS5GP`p8Wcwn&n_6j3U&Z;@Cng|1fI>4?%zU;hv2A4d+iN z=Q&<_n~{;&0lTaI?9>Dx2gk_BpX(iTuX15yjPL2+!kgHnI@4SFc7adkOoyHqLC=lw zs&vnyu-5XRW65h|UjuaQ$p@|Vnpoxv^f^3yA3Qsg?{DDy?eMwy^nT__alT9WE(Pps znWt9f>7e7A8JX$%WL=Vvyo0=U^7&kunRtM>Ah@gtm&z6XCh!wyWxba;YYRAQ6W)kj zrmnQBs5ze?S6F?z!)g|`rTqlUt1}9pN zCq(AsqNSO*JgXR^#$71q8`+p!Ghhqj`Y-%)?U(-XAbYjhFH8)9xmC@8L;r{M zCfe!%2LWit0uNq3r-@6u^*NPeUugx8ma%UDpTeHc+G4aCUczou&b-#QSMCKactc}t z)cMEO5c?tRH{x6AzSUOo^T6?QXzKZ1WYAN8UVW$bP^_{_))&!t6>G32c08ZCoFAx7 zVUMju=Q(Ya+uxzBV&1Di->ONWgIA&#&9l})c49vL))4=3--(arY^?dLk-GPd?xioS zVU;c-C-KA9KJ_x1suyZRp9d*e-bt_eI~_Zk{U zA0vx4%3k|H3cg#WXN;$bm@e%ii^$1G7A@*W%UaMiGnAagVxXPqSmzva9KJ?fq-50H@`wQm<(bBsLLD0#4&>p1ct zfIJYa0px)nt^<+>z%O}_n4@(I$3_cE9&rCn@|1L6u>KFflgI(Z5Is52m@fmO;H25e z0BG+bdy(LgTpy4DhkdrM!R0)`7(J;B*y!b38yV1?Cj+>C0l5AW8L(etD=Y&xR#}o4 zt_{rG#TJsA)O{|RJp@&WlA)E*(mESmVo|IIix zNL^VW9`nB|Ue$Xyp5}Y^9?feHy`Zxju7zIF&7B|Tf6-kbUsd+T-%rDCECq(az*_;l zBk-+8K{xI>#+Lif_@`|}Cf{vWSoI%Ea`N3W&s*$Qv(lM|tlB^q-=iBUt#>(hyJT0u zF-33HC)XmWD!XIC!)FQb8#zETsQE4Qx_=CTi%C*BuHlef3= zg8i4+7Y3YMjk^0B8)Qtl*!WE&pj-Lm7k&@lx0<{i-fLzob>DN}i#YF<^Imv2=eIRF zb7lCRbp?DjbM7`a@jV8H{B;GvRcKv7a3e!&z}0c+jB|x@Vy)-_WX>>KdA13j-$cw; zYZVKSYl=%(A=kplix|&7!g@k-Gkz7d>yJmVbJ}vx1*I+Qn<_hAOf(zBadfKgl)#v6j`JeyR?1^w{U_I^nE_$y|Ye3+vlsQ-I$m>IG zMt)2##ADDK`(LycBfN+v>K-%pnyG{1`DArJcIP$b%0DEE<>G90h@U1t>=L$6ftY!#^z`%acbC3u^tb6{kE4D+_>OP z@!sbSBCDrF9uH%G2wvs42%nW!sQCbOuIp2*UBsa6kagh}D{wT#-Yof#7eb5BT~4eZ z#=JbpyhtxqK?ir>t6Y4Wccz-#f2oD;IluE0f8)rLKl*B0ON4m!aj&L!hW|XS`cnG( zHTrb@J13l#GK#i-PhbA;j}-V`F}P{OxpWTtKeCo4Sr&c@oA2Ed+YHjCciz(*QCFT} zoBc7GC(pW(XD=YnIIqN$XGdu-{sQp@wT--j&N(--)=na?RNt4{LC`S&OQz|Zp_U>? zrgdFmC*Xg@EKZPVp@6-ExmCN>$TV!}jh=5_41E_v`?5dfm*3#}<)T^nO5U>-hOQl- z{01Lg>ue8CrcFSm&AGvqY4l}kOuKz~?My&U?SxmW?}Ja_^Hg`S%csuS$DZ6s@J#Wv zd92}|=knz$A6*h98I+28vMf73 zBg^oa?6Hi^$T5Du%5T|NMvg6UQl!2ig~`Df(3`rxo3G73VC9hQ0pvOz*4#*NgF&b}*Od zcSEyl-p%YY`jolb$=oeLCvI_d;wo1sPG` zk!ydE>|G3wPerF$dFjF!WBwbNfB8X@mrIdhsTHogbZJ}mnB?WVS2*(WckfeP-g@VW zvh8`=%9ocn<;hE(pLa3mB}I_CkG^wa8$Y6r_j5kg1$pgT%=3TsxHf6qK<#>swc8!5 z+Bf!Ow{t%Hv)GgGR-BdHuiAAkF$(&7pRkxOBGuUjv| z_loSf^+(_vdsq3Wfe)cy`L={_>v?xR`mO0a{BL~Ah01Fmc@Z{9WRI~8N+WyzXX^3x zx-#pHyGF3yfXvkX!B*9|Z#~aGKTf;QkLsWuIfpjzG3BGn&sa+z`ffb*sq@;rSXzTQ zTY1Hv<;RIZ@$DAgSvkboSHxLK(>W`t=<7wBW9U-FPSjTKB=QD0H*!sxy2x)XAHUJwD+|=O|-Ytvi2qUriwl~!G-oWCa|kBnKI6nDc>a@K4Qkr+RHDGwI4V` zbts8j%>usJ{9&gxDt-a%;z!{uK8JWVwAwRQW6-$WxK_3DnH@jVJkG3bB zqU{7ei1cwGynWl>hle-pw}N=9IW^t}odSmZv90j;`yP1vM%m_8cW zpJSnGkWG)r&^3+9J8i@t)jMJ59oY;Ct{b>+;&~I#w@2Llkx@sENrv46EOAeMMazso zeABJ69|z_5!>U)al5>MBa&fKSQKNiBWRLKMFZZHiN~^)M;>g-NW#X`{XV@X~c`Jc; zG4Oiz-SCAjBNlIB+d<+{`u;ZHinlSp#JsmMCS<~8W}g)?RbpS){v=fex;pSA4z|A&>QXH;fzCdfRQ7= z(KqXmTZv=%_M>-YTF&L~JpRt#m3f=C_(u9Lkz{UIL-ihW1W1&61%6n)E>Py^5(R))|-{V;-lowT&Hz34~{tRC3x>^Y2-6~ zs$I3|wWl1(8On#8Z}5vun_@oz>~Z8{HSlSTFbG~3(tpnWZt!0$T7VX-!JqeB>xx=a z6wd3x`BreQbwt4t=6|h|1;D#xXV>v$ zsU1s}yY{zb_SeL8?|Ccz#%tswYzRCaW89WtVmyjPcTwYCv3=3m5#dVledy}Tj9c|O z7cf?ToKrPyJ$eyc^^vcz8rolNeaz|P0_+d_B%+2)wq)s-v$i!V&m>A*-@HEng_;4X~?!{dX(2qHb3pp$KE1N)iOM6dl zU`*qgi?z&!V&gY39`ikTH{Ww_kNbTuysh)o4uY#be)q*D+cAD0yb7JGx-Zv$+~mu9 zXKr=j=X>}&Pxu2LH-Nu`$dN*}JB{T^QegZ4Okc-DH~-TAl^tq^kw zvc~}3{Z3i9@%(48cb*t*9bQpgW-kau-U)MWG4_DYkF%^BzI*r=`%T1> z8HYtJk^N=p*e1n&936X8|B14u|G%9voj?=5c@|A91lAO?Mmcp=-k6XrIb-7bb9rNm z6glI#(FgPPlfnE-ar&)Z`zEz1{`gSe#3@gmDJAAAq*C zhAi9Kd)COaINvkp$QS3i-tBwh)NOv+-{$t*HfO6%zR$MFbJHec^=hH7gU9=@ePnAq z06b<5Z#nWk%6<)ESz1?{Og)^b=-|Zlj33+AlQ~mq->mhxGG_wxmX$fnPG9Ei__!-` zu!&D8bFMESbGY|S_xry_=2(p7bY#xg=u3WPj?4ju9RB3`E4=5I*ZH_h{lDODDfo18 z_v@E@xLbPqxcls1iMyE}0PY@UET@CJNvDassyy5sY3BUMm6qL4UWf8}`syO&-dpMZ zX6St=YjgqlupF6L%pZGj%ZaJ6zh~p>$Rx$8jNcf5zNM$DpmFb+;&57D@SdH+Gv)HV z(&q5PR`fv?IU4eJRqIUWbv)PqYI|ZD`~lx2k<-o|t^q&oyFB;W7o7dT?)4)ZCpHOR z7MYTm!`x56R@Pc{tNdfNQDP6GmTpzCRpZ^)J+sa@0pFZD;G>DVrqExCjXUp<>pzG1 zBF{5?tLL6g#@HV>HXi*R-(F<*RTukgyiz0g6i<>Lkl;CX>S4?JkR9OsA+L=-;3eP6 zR!yl&>ft>2hs_{YhFgF|pVx?1VV}EV6;|oMBHEeJ>fH@34=)6HAB_Amcn; zh<)hn|3Vka7MzYfB0Ekw7vCj6M>spqSqF}68DjD=78KAIjrsNnZTuVG8+!&HUb01T z3fVK7i-qov)_YzzISnNzGwbTeq15kPjPYQ#XyQ(+-tAKVn6O@ z7r;IDD&6n@8ryZ2V``Cctk&ZohHNUkNH-vAdINPV?Cm`dDPue=#ZU8@CyYL0EE!A~{ zN8rT-v}k_AYiiFLV!eZZX7+Y--_-e2d?CbK8hg7HzUBI1aAaT^X}$4f?CR~vSYrD| zX6wAGBz}v|yh0=yOe`EJ$_QF!-v5?zj7K%$ceMbCVH=HPj~p=Q;cxoR~I~1gp7`u zwclFSZ#b`leO&Spz(s8eT3d-+6@Mu=C^f-}*-TSOIlmd*!aF;nQf*X`G%XQy76kDg~i zx5y*uw>KM+xz=q!~pSO}26?W8h%GbhvzD_hTE({*R#`nvS zm38Fj2+lDv@kxk!Xss`f0!Gc}627~U?^^f{f79eAwz%&v^u0gWeLs^4Vb2%wSG+3& zEz<7BgOPK|6D7{V-1R`0@ky4+^Y4cbMX#wOI)Sl>c2bNdX3hgfp3?ufC*bcfK8^D& z=zn^Mbu_K#|29(VrwidApQZ}ki_wSL^MAYhpNK)^wdctmfBmF`A03cEi3(_I1pMK~ z&vf4LvnRyw&dT`vG=?-rs%vP;`d6EXZ%1mo7>B8`!2544LnlB77V;qht;FW={apAInlba&?bO#a`WajN z3*=8~9jVd85Gw7@>Kc0QF!ff(*`Maxz{@(WUteM;JbnPa>{;jJ1@-`^>N?5Z4~F4U z?jIsIBN*W~&z|D9as^YH@S$AWtc3V*as&DuySjHaG6DOz4|*>pC$d8AH1aLa_oJuPd<*Q) zUgl}Xu(kL0)LH3a5z8jVnAJ0-jJFiHRik?#KIHgGiiLY~V)&gJ-H+mL#o%-4?w&e$ z+ifd^K2pq**ve%ZZ_;w)W`f^eVjLlKRTHu-7Nv$N?KYZoo=WYP|I3@p;0bfNing?N zS>%fsYF+ZPw5QmanK$M~G3K%K{S@z;xnnMq^b=yvN;PM#&YWGvcbX$To562y3`M*n zxKiM)r;YExqjK98BDWf>arRqA_7rtCLchwnPatQFe$;)lUp;JW9qTZ-nZq;iB0E5K zVUl^0t&==Wz7S7{H~f6z$;qpRvCp2`x{_}lic*tv=>z14J{7UPVdhDi5X7Db>wfo@9S+u3I0{iAe`{7#ZOdW%gmYw!5|m)Lb&Z)Kb&C%PKn2R`)dZ%>{`R~A7_sY$YN zTzMio;{GGGkwkJT~%I?9Pi~A#0#b*+H^%hcg!rJQv%Q^zZfO+574T znl!eBY^@~M-==NFELvGRQ9T<4 z$@FFO#V6WYh4f`D@elt-^R;1^b5gAK+Ot8neGQRMlICiXQh zlK#X{XwldQPOM3_G$Ysu3yF0(=T3z>Uw0j#eS{@UO)VQ3+$h)jHEvWEzLnj&Si`xLC#6xue1a? zKPZweKZDranX;8+`;6!u@7Xa?#|O)Y@3kqpIRA|cUj)3>)4pQe@bX@(wVoLKK%H#p zYIha+Up%kfiawV9_UdJqK!fHwuU@urX1V{2eG_%^7jL?`aQ@=aw~>dxLdN|T{&*RC zC&@YJ)DU=$ItIrw;OHgnffuaw>(qP5u!p3#4}E$R9r(JHKJo|Rj(@@iY8lRY2#CHF>ZP3K@obeDp+N!fuA4;mN8cB7TI~3ma}$c9x*zQ+WY0U_Rb}{SucBtKDnP{O(xmR z|G<+3FFM;?Fr=t=AbFAC+)ma>h@}m&&lcS9t=6|?!z^Mwmi_U2ijfhE(5c&i@jm{7 z{3-T3lRxeKYwcQfuf{LAz`G+QmlR(N@>}y_UHuit^bXq{>8>oPSxg7!}Z*Kb*O zzZE=v)rsX0x7mHNb@v&x<2_F$k+<|W13HtO?s<8@ZY+)<=egE?zAJp+m^~)UNw@5t zFuaXDH;eCg@_i@_jc2$AeQCX`)KXor($0x|A8aHqiD%<{ZD}84H*R>?>B$sr~JMC`^v!RqcQxtK4fjO z$&U9l$Kt${8%n}J*~XAk3ccwwhwLlE;hUiIf8!2dP&WEE#^h#wEt-i_hAw63Un zwvrETbrXLJ;V+=S6PwZH>*;q3?Qd{xqG*Yc>yqhSy&To?lubFI1KaXDk@W5Gg!lY> z?gxg`4r2_fO~zFZevNGO$AZDLY{lu|Sv2p^e^KWXo4JQEN;Y6a7(P#OeFxw7%;tW? zSF@}Q-83CqMW&Qq>GT^6laI&!+ju`13pi^6JpUK2dzt$_sVyE{p_EK=!55CI4^O0Yn?--wKo?uwGtxw;ewuNWjZPM=!ckO|1=IgqPXMFcX zev97JmT;Mz2!D*FeQ>0Hm$F)&5;lpYV(s($L7eEZ7V=<{3MK04UH z!u3VGH>l_8+AoEynoP@?y9QMau|M(7%g=m*`EEuoH9vc{JwGt`XcxBl;QAqUGtXYx zWTlU`TV}0B-@LL3x@zYP8RDtUf$`@3l^0sqd39SuR~h{>G8hTk!|6|JPtOt4`~)>@ zXBT5X1*p#fFL*Z4Fz^%|D*7GV8HY|2&}}0;A-d>g&il|s2G`(TG%uSfwj`3}l`+(` z9dvCZJ@}ePddPLyY}Az95-2)K-2A%a9Q4{0Vq<2X%|K0C(dtKjK`kHJ*>;_Yaqjl7 z2X$QI;B8x@Q`h$8%i*^vjC&3;rT|>o+O|Hp1V_=emZ@#KFt4_48#F2USOx7pL))RB zM$$#kvbUSD=sY3CRXtp^f{Rw=a|u?)c|YUau5l8xZXsTKKy_`WBCD?VkF%une_uNN z@$J<3z^kciI~BQhz0>}Eg5Ouy7QZ?NPsq@my0+h>9r3qd_13hSIT(6|POy=xeD~#j0GCn@LTpS&a;%;eAt2~`^d>k7`xM|_2gF+zG(vv`F#Q4CA}YBHHlQZi-qZV~aW)_*U@^(1wY;cyZ3 zv6%4}bC!|LI+FkKMcyx@)3Wie&CvE1aJ7NH*5~T9_xeuX=-d47s?h6IjpJqKrzJOA zi0L-MlaUe9@gKL>G6#kpsA0nY1N;m=4uB8oHpN&{j7d3IWgcB{|Lx0=eZn)(-sHE| zh>ad$PUz2>6L1zl<{Nqfr_vv<^6tf3$s6Fi4(e4{v4E{S(8LDW#^e>by8d+VB76G~ zK9AyBJAg%Vq54+h-B=X3TdbV=Rx8nsRn)pyUc2O5GV0b}n&qpP23)VuW(?h``r8NC z%iUmo+@AE@vG(2-#0KeySa_%AHMN3$c;Ht1gjCN}wzy~{hHOpHW&`p;_Ir!+hFHrw zlYOmMA0nRd7uq)exD;O<+R%K<2GX1x|JAj9a{R*)z&FYwUQNuV68%+;?wx?%orG_N zJU)uN(%FBnPP5Xl)!~PMFU7t8Wpb`hnH&L5M@4>iUWsYaEc+swg>EZb-?!Yo0C@=+0*djSKAxee-dX5RmcFf z5vGmQLB$H(SOR1E#bE0jl0Dtz3 z`(Mt>#s(S~TZHi{)>BvJw$p7HyH)MHHOblklKtMqN6ycFA7eg+FRfpM$hEVmvmaw_ zuH`qe_I)YZ-;AG64)?|#*swd`L-{QU-dT0C!-uOHu|v2X3?JskMI1Psc*u#rMO%XL z=fD^PhF=vJ@3UqEdhfd3UU70w+T4vhT?+I`J!)5I4-PJH2lD~K4&LYf2Hw~GZDFpNgY{g; z;8*Epa(@o1)-dZz8+DdQYN+zCi|jA`j6T5SA@KMNIMf*;N051a=tKFBgUajEuPo!d zisALF@zLK<&ODez%~R%Dy!VFm1^>&>DdJCdWO~|!5 zW}m{w9ao$!8m}crQKQ(%XK6p)!ki$}obz=`JOBNB>l+PbPn2>UoLJyW_8C>3JKX-? z|3(iX(-nuG`xTv2!~AV`=M??;ALMBzb`mo{H)3~eRLmf2qiknR!7=`nW20~_8FHEM z+Dto&CpB^gJaW<44=oN2%6^cqp}D+w8*4%QZp3a_1dbb_Rn>7_h>lr+ZuIIhw@OCw zp6WFAEM>ltO9vxo*sM3F_j7M8|MyO?(sw=!txdo#2mj-_58ULcBiHDA8*66Ti>0|w zvHsMvGy}poi9gTaOmrM?x42a1@DZv z2LYevc&p}P$Z&g%sjX5De5IWmn43Oe*ZOWIL(B{tw2c}pO>)x7E3cMEK+oZs0)_&^1pW*%kd>3S%lRW#L z+CYA-2ET3Jg9h&7{jp9vi{R_fMC3iVlArp2^e*#LG@W**@c&f<{Uw>R5PrO9DumxI z9Tvp4)BO$V4_iym?&7y}ka*M2d&$kL$pMpMTCw@ahMmxK6ZXPp=o#LS{TvNID^tjO&{0Oto*>1_7z_%H0zeN8jc#b}5d*)$#14r-mjvQSA@AkpF zJ=$!?n-;K_BP`%NawIz2^gB*DK zc;AD!jWw9;8PvcX1MZ$C#)lo)%bY3pdhCyx>%?PyH4dL00UsW(WpNHX$?L%{H}Zvz}J3s%mHF6gPFglTL!u?l-z>!h-Ow-V22qwm%9Ex+%;Q^8u}W8-HzH0Z3$9JrF_e0u;L({Qn1 zbJpwH)}K``UTfM9{Qo+ux>VyBxT{!5v8nSzApen}@$$ zh)9?zN5327FiyTqWRh2m0T`rN$*3b}-*tS#N<3Ha4}MY3rPjmDog4aNWi_ zOOkPGZMm&0SR3J+dT=r0DR;ke$Qi%JtK63y_(vPx%-9Z+EvuOm;Uj{sm;OM zm0xw_N3bho_94y#9)lw{r^=h-t6ex=_RX;ePx&Ct?|?n7HL;?@LEG5NtcTri!Qa#^ zD1m+y^ZM=ABb(Nlx);tlw~D`d&zw9O=ZxERZrzK1YGcGIk;^0CJKF7Kd}VI^_YI$6 zUMk_~5yS?V2h|ShWz3b~(0`VK7hgdZOA6rVOmL+3w=u45 z&>!;tp0>QYFKuq!mo|Uh7id{LHS@DBj$I$c!}0Nn4j-YI4Ic@=Z*-TN{ixI>qF&_S zoc*ZrHfp%93z&M(iz3n5v4gFeMT|K$$f_xNs-gBi{*Sc;OiqN})B8opD(HM)aaTia zPnlIS7QSjdS3E~v`9AEj7S8P9ofXVs)8UZaM6ITlBI}l<<^cYQx3SlAoz9gZK8!4t zEhHOs@$rV*V&*snK4PLb?q&60_h93TEmGg9t84G0UWed7=kHBn18M#If(p)BL5Ef~ zMr&6pUkW$^yi;`}c9HZFe_pLR?Ug#-MD3_1@2s+b*-IJMy$x3SyD|LvQGv(BSJ>|( z^}h$Vp=}o)!7ck%c}9B2|LkOA$bYW~ot>%+)RqA2cxde4t;jQY@E~&N2K`S?!Vs6f zWtU~;P$@Y@E-sBus;f78T5-xH$YbfhCA8N!m$CCZZ0ZTtVndX4{s;RWLeO3kp7+|w zhf8tJ@Kw|Ud?3>vuD~|tdJ(dAH9Awd3-Ba*v*_sELy57{cZ_*!S!AUHSKa<%Jkas` z1Uk6t>%q-u0dvQY$UBXTL?a8oyW}u5%J%_e>=>>a${Nqte$^1a8^a6FpN>9?MjFp= zw7&Y?+sl+U#e00)K)+*XKW_93`)U6l+L^_*o=5aOx^s!+H!9{Mnus9xGnq56Q7d-E zmqgOWrj%{8o%}dr5uz{oKwcao{Mf7QUB%Wu@n&Kcek$#7w%6VWviG*J*raY>;pylI z<||D5hnR;B=1KkIL!5A4hVUv{K2viy2f1o;J1@5HCike`-Fqv!zY;m27&`W(vByk2 zpX<^~oIH|7#pK8%@!}!*^W~qPMU75uvk(vIJ8#bY^m?-U9VVx5iu|69RgL9#_m|-f z__NYGy8&D1c#?JU>fCx_F_SMw?lI3k%X&DvLbdksz1jC(U1V=l&5bX9#O}toc#9f> zMc_{~5rh`%XgflTa9z!}naoh?Ko)g2QNt<rI3OBvQwFZ{memXOC&w^_na?*PkcXP z>7C@nN%7UwJ;YGjxaXgvZ%{uwhMyt3Gpw1$G>Ygt#jdf#}P88?;?oY{A z<~`*bieJt764=|?lQy4kbiPC!zahzYh0X-<+LG<4yeP$k-(g>Z+Dp*R3~Zww+S2(F zGvFb`)R0FeCL^1ld2!B{;CBtVLS5)XXAQWxvjTn+e@ka(^Nq3Jt0p+QGd`F;(EpeC z@}Vw3#=Tqd;jI0hK<*@=i5NJ5Usho#WU~Q%~$LHi0&I7X2#njrp4Xb!?T<$XWQ}a`nwKXI~z6 zH}8Q3`YqIYEDB&vab#DM)59|1n9 z>63SR;QKY$I9sp-J-kCZj}zy)YzuZ^DSfSW?LduR^Y<%qp(M+)ddmkx&nWS!WeaXI z4rnHYja!Fac_p2>E^9lU&$sQb^JEw}7 zuPM9&%Ww7@Qt|{-2>kqK(#=o#g{ zdi~3$>1D3_nRmzLDDBL?hy76KJ=x0Zs;rt)=yNCZEE>G^txS8AG3A``OP{Sb6QhJy zQv6;++*^BAo%-8W=WIhSCDbK!zKfp&4@eHY2b`tMlW6)5?3!KJBIKCd^Cj!ZW1k3= zuP>o5bB#@{>o2)Bbszltoa&~T^P2{Ber2w+uBiBd);^Sj@|Nr8s_h0~Qhl~4eN_AF zsDZmv)=}g6$?B+S50BPHiExV{fury8Rl9urfb?>2CL;aTKK{1a#N!H>$9_>%s=p!IS25rb%d zexS1X6?9>dd#(GgfV&IXuWW28=F>TMp}g~UWUs}#)5-AMfUNM(djs>195DWx_{FPf zD7hye&fJ5>R$IaKi(DEj;#`Y3GCYRN*8FOZ-7huAqxn6-l^Y>v&FU@qFoLYJkag-e z0=-$#n?=7}@3UWgv`fAIe&nMmBfH%G)Q90S`e>q$Zu(%3?vZZ2pSrRKedpDgdyGx@ zyfZtLKN3gZ^=A7j>D)qJMz^8k#NXoG-Xe5fCFA8@e*dfJcbhvl51-;!;WNKRx!Ial5A48t zsBHHP@-wrA{XZ?GyE0Lu`!_a4>ex>zc~1-%dmy=mxD3x!<2Y(+fqsmvb}4^+Cw4@f|2;hhuFYAX@@=NW-?A5~(P3I| zYa*7a`C7oblgd`~uj- zgW^fWwoKd&*c5kby9VD9Toe&cNI_Gw`#;2cT3eNj^lU7R>C@1Yo=ZO`kdua{yj*N> zB;6z5&VRpWisISeh<+8{RQ{iMG6@YYf_@fbsHdP@gjS6kK5fEANkP9` zh#UTd^EvutPnK%V&+puXUnp9-g?nB+YnNF|ADy)q>!CC8Ndxc6zOumkErX42JS^P^ z@0t7>%`bA&ldU`99vd0RQ;Mh+noJnM&AIJ{J}dl zKIGEzBz#t#TPqr$1zwS_8L*#VU03oWrycIEB&S9;?4oz@f1De`ag$r{2%B%>;LfkPvk)O{ht@0rAp+!H=oIBhkoz& z(eKqJ9y_rAqgXxyGD&k)yqa8S_L&y1hE9N3*62eI`mhJU3njT7{Ct-wJK-I$?r=bb7S&7tx3qg;?B&o zM@5rO<4;mgx&*pDlptbf(0m)3NGgnyG_0Gj-hu-BkrzX)4v=pBTjB~7X zAF`ld^JwBjXW9p!H~DX@iB#L@J+qF7J)8Du27Pbxrc+M>AG$~L5k$5pxt_*+nEhX@ zjfoD5S&JFZ`)is1UUY}@HMBMpL@!DIPT_s+2~`c5Qr6P?;hC~9`6PUE2j3i-?c_t7 zZ@Tz~>oI(z{N`7XM}t^;)}N)U>wMuF#0=4gue1KH4cm!|mOb)a96yZp%mV$*q`$7eqQ9Pbu6@EB1!M%bS}_+pqg%oY&q>Cf+g-PphX5<=~liN1)e6k@HXcvnttJ zNFP_D_dYQRxdLyF2zmK=xpv8LcO0_KJdx`4S8nq42G-vr>Pv8gQ`vs^VRJsM*m0yx zaYS>j{T8d_Xd^zWZ0~Z(`_a(gDA8e2=es-I^ZJ0(oFNIUEAe3#@a;m{>+L-@d$D}1YcESJB9EOlE`b_*YjV9|Ca*8 zvIy@Yb9j&EETcPhpS}N+)j`%eoOAS&mFSM^`D+=xD+A9UJ2$Rwy~0j$Pitg}`N$IP zD|d6Or8=x1vr~1z5#{;zps}$&g0fdug}>iLZCgj?RN9{*FIV=p@F$s* zU@oI&&-RaOsyp)yUK)Wa`Oe(39j{NCpWHA!JYyusk&!A7Yf` zeCvxi3L{%BYu_UD-Rj0j?R`TP2XNxGlA(3XmHAdUrq0o9;(oCj>^bQoi`r9+!yCg1 z`lp8eke5dPgwYLLZw8*!H14C9q+`Yb{~GB8Xqdcv<8SG=t$dMcU<4=B1){b~nW;lc z-L8#&jb(NpwDcr2SP!oxq$jaYoP3JX&cBELT8V|k;SKUt<$D<$Wet5Trms5s5lpfb zCAa=reSx2`Z(@)0|CpPZ1MKnB^aXdjzTn}80bg);L0=GfrlWT~cs!daiViluV8?(j z__yx78DEg^3>`6l(jlVZB=aYKKx>~yu3*P>h35ZKxp8su_cpwg_38LND>Fx+JFzoP zkeQrqlg%$j#u%Rt{`Gu1lUwe#Em)S(zH);OM(`P-N$nq0eTW{~R~%k)!{h}*&-jeU zfz+)EBoc;gsePt;?bU6|I@J3 zW+D0etf{XvVBd@0!zN$sQhSMV6+JrvdLG00s)s=@mpVS2bf6O-W^Wn1+b`ZTxG5qh z(23)Q+4G&_L$>A0>Vqz9h2){ed$q}z8h|f^&5FHl{EsBCg|Jn1j!K4kfX;WXw%GRu zFDdR(Pi|9HN44$74D4!R(BezUs71(mXPo5!=8qHFtKyw{9xI?f3ekr@ zpM5<#B401hq&@Gv1%vPLx$6<$+JV*$Oq>DPglsW6Vs)(F#f>k{_^{o*c!K2k755Ws zMi0hj4a8t1hjcC9Ju$~Qzg4+CtRL^5#wM&%Mw@)>eFvwoDst9?;c{QD=c& zz!_gRA(xdar8q~qyGHhk;g|BxGsulfu&*U_GrXo+QSj4c#JH05wTOGGk=4^V4|@@G zv>1KS108Gsh-mN;+7rCnd~wwGlS?%9ldhlb#)Q@Psc@z7slV;?x802w-$AVSf^_MBwdHS|%%8bIJG*(98YMUACG z?F+v_+9xKuyMZ&2-zEobmdQaYZB}lRY(($bJjUM=Ds5hX{WuF8aE|Xjy;EIeU0%i9 z1(?q&YClZF->C{)wl{Z*!Bty{H+A0E*|cY_srR7k>OYTuM(6wt<9^Qf$eTjnD+X5R z`*V=v9xWTWkezpIB6!4)(;vAy*2uI8(y`QDLM|%qA9dxL>yuz31=|c3Y(X+@y z>DdR7YjNhHNA03p6_54wwrE}UwPFL3HEW^u9YfHq!?3C00WXg;zfH+Xefw!wUi$Uw zWxU0{W?d=8iMZZ{HT# zwELa6p_7W{H(dJho;~r7=%>Qa&+c~|`q4YDUQbOc+I$_k{IFTat>~OTn=vjyzRg3v zVP_pdO_9P#nh4IWaMGo5^`i(XZ@X(OeO8DqSEO>eu8{NMEObZw+nBx7xwH z9%N3jnV^{v?>f4$OTP05G!Dt9pM&p*kx#>sM~?*Fcx+j4xRFoh8vN?|5pXM>+7y(0 zsz5%C=zRSz#HWW#;n9&nm)ax2omrp4_h=wry@6UK*t@j}#uezYDPgcin2Xj%+n3Y3OHPMO96zV%Z z7dZ_L$yS$-nVf48UjP@#9QoFXsFi;4ThM$B{D{7n4bo`#E}v&VM&6ZYyC$I3Ahc@6 z0}{APK4Wh~ofDhCnX?^5 zFL&n4$PvgeWbUc$3?mE?Cs3oPDgGI zg^pjv@9ReQ55!4_k-Is3S5ooLE$oX$&g%U*GB}A09@zIq7BX~>tz9np#x+~X!v;4X%Td2FzL0wnn# z*&5O5F?d{doQWeKN58PejR%QOd9MRKuUM+u+``-%oeB*qN9_h^XAAQydtoi}>#U7B zdEN3i){`@2VycYgKJq%e`Y+_~9#{RBhp43(V&01wOAqbeN8H))9__Dn+uwe%m6rXm ztuV+wm9!LHrs8^T_4ac7x+W9Y!QZI-Yw&1+`W0CYw_UzyN@CU3<(c!JMseOUN zvGwn|8ai)gEcE#*^4BlZHvq%yz&?jKm!})Q^EC1X9Qbu2c9B`jP3?4aqSg(h6O&v^ zwu}IuqKi}ML+MQ6*XYEPz#|(A&BWT}zGm8`)9SnC!)Y8~gX zZO7Up#n3+OE56ils}p0At%yy3%G~G#ww0qdFScibSK=kRz4gJB(4~>*tOW^H!ym}^ zF7i0E9zt$3vAQ#fzgT-6U$@A_iVEtzZs(cu2sC%Ip)>zCKLw{l(V2!X9{!L$`d>Xe zZCLYbuASyRbL_NXId+=f`5AMv5;Y)*&Wp%fyu`H;pd-~!diaOrkYJ}VCx@Hz=Y)Np znh(v(T+NB((O)trO=eDZTdfz{@u$q3WcMkVIcY-2`sak}c>{B@QFG$Qt%vj1fZc!J z(!MD6WIsb6acWM9pBAW&<)4Sz0ovCbM~JbhHpa{O--3$(fByF3%cPIloN$1YaBbU3L`q1oU*4eV>8HjbG1Vtmx}Rl>d?G z*uWe8`;L2-p`(%O(hJ4Nb=l!sj~)d+ymxz`w_?UN6B)49kn=Z!w zFm{3L2WY`(KOAo2d?;f-%y;dF*{=OC*Rdb&!hUdN#zy%vvT-jjU`xnWcwzL3w!*va zx$%xY;H+;S`5V~-dF$KV;P;SaY9f~6=UfGj%jmBho-BtaMfb|(n}+Z7it)Y6n~%CY z={$6L3;d%&%B^V?H9 zqFd!D$rd=-J03iu-9!_6J&~);*hsP!KE`)N&_gkEs{QFsPJ-4p2Ah0_R^(2KzSr>0 zjvFKC40=v`#^1tDj==-!Uv`3YNe~>f9^m9Q=IupGf>XsHl5RYw&E(;g(@&^#J9u+= zuh@ytLqoE`vpGBHujANnN%n#J&v)-)&$r3h;n~kvpB@%)aA4wu$dN+$O44>R3J%Ck zn2lX0Ts)7=Z{8nLJ+9kZimh8T*IH8;%-9~pe!460QTuM@=Pu^yF7W2XuZQx^QEFYU zLjKC$&{!hiD?#7MC_Yz)JUrx%azYGUU{hyU6|{$b?srO-H+1b=%xwF#d?ZX84w90XtcwMNG|jyl8Q%iYLY z##GODRlFlPI}>{MYJIIkuJnNm)rga9LH03+;D#KQUTEqN?f28J>JOKpuj;i{K5>*i zCR@|NsXMG(TMM7n|4ociBe^y-|)5bMU8=`NGMfmCBy*Pc2p-owmI(w8Z@wv0d}>w7ufT0_}9>WYE~ZYW0P3OamDu)*Gf&b(!KL6 z@&Xv&1auB?$7fmTF`JMzQ_ww=prPy0v8Ik{&@R)Q7`Z@6z2{Hmwp(m@4J{^ z?t5+AL>s{v_ju<9uRVCA7n&(S53ZxFERCQKrT0q1=sjqp-}u6%ou4z`m38(^K>i?~ z>cPWIaDdN>&2oXGb7moLfwhCVRGk6ix7G~k9X}7`&)qEPAmqoL$PdL%Cj2h5H?AI{au=lj+d--tT?`5iOS$I)E>Jhp*$ zHZhjXz_cA&-f5-#A0jsZxt2k8susD#A|rTZRm+EIII zr_0oU9cN#2fH|10XYj{{Nc!9#0w??uhbI*0F|rmp8e)yFsp~9TvR1jD$rU{3zH)$) zz#@Ms2|US1Snp_I(sS$k2cHm{n;<2qxJFUujK|k%;muc_1#M;-PI9O}Y{$KK^ z;twD%fh~F~e%M#BSs8aeTZx{1z2w7p|lciWzapzp$H?qIm;7{@E8g!Lplx*W0^c`c>cO_=5 zC7m;T-#zKZb8g_<{CLjGoM+jJPb&Ub3`hJx9A%>~jslLzbwidZ2Yep27mMh>n6`?w z_KQ3c?mS%RT(%Trs{$73f0M@w|9|sQv&VCzIY)gdG_wpjf$m#i{1&%%Zj*A<96k8z zpWY$=Z}2XyDa4^M@y}ar^b>OQ*r{kvv@HFl8V9ORJ04iZF}L@3ATPfI?yzh0Oz(~6 znPOI2F9{=46O2dobMdE*?^X?do4{`b{Axa@gWn|c@8#$pB^N>TkOBv5)CcYFpdUxZ zPb#Zf6~JuWHI(P2XAv)!7-cdCOy> z<8scH(Oi^u{)E20_LJBH9jg7)I?8Tib6NQ{dwH{ap7UTNMB8 zdzAkf%LLjfRUKVqO)0qS10SV~%ha&Bl$fUAX$1zJe@pGf_{}?;^t*#Pn`*nAI1AV2 z{19S~ePe0k3a9NQz^Gb5@aRa@2U;T-Ch$DsJYUE2K6G*Ebj!8Rs3*kr3cWXp`&aqi zL&ua}?e*)?mf9Ds85&W)v|mL(hTeE~zF+`HJ)$vasfuy0WZbG3 z5O8I-p#`o-@a|{tdbPdvZ0zukI$M62;v%so$prGbUAYiJE?DB6p~4&(|7M&U(L-a(8gS6FGVY|)YROZ?aDP|Q(_AD zSdWl?_G)f^1RLaL;4ajEzD)FB_mBOXUm(8~eCU~nBmeUp8)yXZjY1}k#)hecSJ4gr znwyGSY#o(rBfZxe$HT-lOgtm%oHwy+h}Mq>_KVe*qJPmT(F*WRpVJ3NPF+8RV%XH7_^5sKNo+7= zcEp_3bcx-^wedkFT93yE|LY!|uY$dFyz1s6JAmBt^X4jOJUM|iNq9#xBf)R+_7})6 zl3m<}Z^^U0MeeyO^5-NE6i-&{LHkS{I4-uIrC+aYkAKuQ^3RbQw5#hVZOiT^9?1Ii zKs}5Y<6G_J!bP2Zf1209%K{e8ulb^13 z_AW5_bOZUt!e@ZC#Gik9=iT=G=)VNC7lQ`l(4xn;4?gUhAI8Q8*>A)~LDM6k>CrB) zGv8ey@*YbqaC?5I`Zu|PjLFbno0~su=x<>El|}!SVm|0(t)t#1TN`^wc$ZEwc8otx zgYGD_w+f$Wx3{-y5$o9{d~5iu&CSP52J8#TwMo?xKYfqARbE^18pg(cEa{3M@-xpS3Ie@9F{`aphTu(jUoEB5%p!LK{-%$ecG)+RFhh$Anqy#CB-7)S+SVnX$*PUH{S?&A)SDf63(?@lTLB()xWpGDbA%r@!*i z;;8}pi?2Xmx1iHx>&_=%)5}S}-ssVdW%bnk!=~u3rY-@xL;F+uoA}N9{m^AU-;{xu ziD$7_iE-uZRRR~W<+O7Jv_tHtD1zRdjy-pk?3_rJzZ44}UCth*S@@x|t@N(p*1q25 z#IEpD`WeUDTkr9nk+tmmM&{L45u+B3jZu9Aa@(en+g5Ml>j9J7 zrWl?7xs%@(FfsOeUw&IR@neIZF!~32te@!Uq0@!Q>`7oxoAy|ox0f1uW?vF}h2}B- z`OFP?YGCgCdxb{$-@}HI9pvs6+L+xd)U9*SoV`Np|46-i@TnYE51;kmQ~FZ46i##S znTN|l@5t}luUe@E_6jX6&|h}1P=WsDe-68*!2KM120idkXXV-}=ehbo`l$Rg_PgwW z#!h#?OT*?aSSfkoOmt1h}z%Y=;nlwbN74l zd6X04z0<=tCMQI&ea1>(#J4#)A)j|_uvPnmCXSxq`|P(~PDpF8*5rgNix@r~0-xSJ zl>IQQZ4X%#NuPnNu0U3Yn3p2(Sqxsk7hqlOi>zNXD(>v$f@mEt9y)_{kP2cFLpuNT z1AH6wL>wJqQ73`*?%i7NRxa2g+ENa}O7eHUeJ^WmrN|$~fJ{qQ-5N=6#g>x|zL5VL zTpLvDZL(WEU8}lm@u(-`FSaNA`-ygF9C;n^+o4=<1qXgRv{kVq7f#XcTTMPWJvU-} zJR?`4j@@*EjOSa$qfh5s`HOMdJolji+<4!4zLTEoJ%68**(Y=t>#3}T)lNp{i)WbY z!`~;*VKZy051M?`Atuj3GT;B)$#ocFWd4J0PO6vdAe>7FO6E847eSVqe4xuXSCw3c zPqOFg?(+t6gIX73XV>Dhe~g$RG_d+J@Yv_6h0E_d|Bkh+1<(U@)Q7wmJ^Ztu23W^} z2B^E?&_I)+0qVJu^Y9_j0Qo0>5e=XdEVBpZV*CCd8yYz5&p(MHlXGZ*>+k>#9F{L~ zvibMs%Rd+1y$5__JDoXSZI7jht{} zD2h+Xe~nLquCNLH&pdm;f6tp6#a+Jbo0o0woOtpDzY_T}P|wf!7t_$^;I1$8Mknv#pTS8`aciC}|O~{cC_N!F|!k)%<=x z^zk@-`|*L!xJ+&3&aN>o|+&jNbd<+?A_8B9qcOXAv@V4@Vv~C!OFSN!l z8+0)|sr{W=Ht(DZ(2>?`4DE28I_I_awfG+gsb9-`>2>_>i%m9r)enxu-#2TYAF~&hQlA4{cx#`^ z0qTOzwGLqT4}6aE_|Mf*2KVl7KW?5FJ|GW&?8A+x-`^l-p)NS==+%>zzmR(#k=1Z6z0@@32pVdz}%WxYKRy-#pSz+-b9wzJs%mj=aF$j~SwYK}UbW zc?ODo_2HlPw!m}9isUl-nnj;cU|3Gvsm`-UFSUc3H@+W({HTV`WMhv-E-2@;7a7u5 z=ZiB%MWb$6=XVfE~TLa>If0ngXsr2e;<_2=232B zH|_P*AdeZdu{WDcKH0|X9;jwwEyx<>xb4s$sCfgqWLuFRU1rU>(!K~>C{|ecXKR;Y zLt0yo0rPBVr^>5`w8Y4?te&j~wkBXZSuK+90Go6`k~v$1UR?~`uVMa0_p&c!H%ou~ z3vl#oaCAz7KD<4!ih-v#4CKUUZ!NlHw`xmBuQbY5U|dF@FfQp6?SDn@?Ut{qepNT1 zXT7VhmI`N%zDm%xYD@X`m1!G2bwWLYygu&o^^u~Fhv?(7x%hzXC-SH#yAu`khut)L z*ns>_RFMDR^8r2mcENelZv*v!mX8g6=uLSl9f`vJn3a_C9dq*R0r*Lky+rRR-Zvrm%_@|#muC9bP ztFWy*v=807$lmlAbT$cIB>pVE3urAh{1KCHfLe=RT5DSa-1pO82Yo#aKRNUO z@6x7t=!AFBd%Axf{fFKC!SjG!?*mh&8%*f$UP_^-rgDJG`117DeSuX}o}9%|PXo4rux8h=dJy>9;cTC*3br1Ou= zuQ#{;`IOD$zg`Jkt>CE@n`#X)#ovahk-}IT@$J=? z+MG;1|0iFgzCZV)=yugcYMRXW!9kC)C5x~nT)yX>{5AuOIY1oG;G1=udBpH8H0w5l znpG!3@OaOrnSBw1O#JRbcg;rcB*2+y7XM-20$`ATQiW|3W}b~r*6qX)#LHJy5I2VR zWqawL`1g%&XFta-_RpVeKS$;fC$8!2>*Oq1ba>_=6Vu;#*Zv9iF;{;dt1hySp|9iU z>jck_p`(xSZ8o-lZ6tj&a1KGP9)m};H`KA^od1(eMFVxN(1Y6Zq5UNBHu^$0YER-B zjI9Fv7EMIof$OpedgcmZ&{x9S*lz>-5r=~NGqClYIP_4D}wH~ZIdigzCt9tI$ zciQjPc-GN3I>E#pA3^SfusQfHwhkE3AT_h9e)d8MyOg2Y$*)b?tugI*hIb z&(gI`z~F~#7;qVSdlI{nv1M(w0%PlGadj~;WOeaeba6`|UF@s9H`mq0=u1x*C*cqB zc+(4Iy8)Z@wrsJ)3M*X=-A!kXl#f0GT=dMh(l>Cgcbb)Mf^Z+|=K4##XZD@ZcM>@B_nl4T+Z*Xadk>5*!ruEkwawUecze!f(GPK; zo;vO^M(s68%tOwd4d3MNHv^BxRs)YOQ(tJv|57Ie+rUi}d|PMO8M(I3V?JBQ;$PO@ zIsbjwJNQliU)ej?{LTBccZgR>kKMt%Q?o0p8@F*!cE!t9`O%d|HXuU+(gzL7jhRsQ96(P(6jXBV9%*x$n*GO-oc9=eS@V4{-*zcv5B2ZNw68e! z|3iBSyFvOi-yZtokk{G==h;Jw$KP~Dfq1awIdWa{D249qLDu&o|NF309;mQ(H?O?N zuCxXp4WQ%0=*mgR%rWSMYWf~~F7dK3`}yFh3GmiL^r`lEYHd_!UKqGSPTW%Ms(r8R zl(8d&+1l31ds94N_?Mq27aWB~*-us*$462=opRD;_gCs3G%H^vS;P3sy1p=Y z*#BkjT;QWB&-{O8CO2+^qN1W^hJcFF;tdheGD%RYcC~+H*WKEdgix(ZTWf8r)(aDY zqSdZB+HShN89;1F+iezgYu0uRqA0a0)wZ_VTIZ5*5ma#9Y81@>`+LuMXU?2VLIAs4 z_~bKZ&YbgJp8NB>&-1>{!#XFlmzdcm?kT@rXB^vk+4h6;lg$zF`&DhGd{>=EyoEor zC$pKKVviC3tWFOu`}$syj2{ndCxE+&z_%LQ)c`Z>;=7@PbR{?$#r(!Hzwy9v0&s-? zwWhbZCfO&S-^%~nS*s482djG7ZOBS&wOLD#OulgM&z!4urkC#H2bwbyd$84O$Tdxr zIlp3lPcPlI_#XVdyB%uQ%=!&us~bfQ7e2jYMb-EnZSBt6Kh-)(HD|qEN&8wCNb_B` zV4CrHu=Q+w-J7YrKi(CL=W;E4TNr4rmj>qg%K+^c={K`~V_`j4ap){`Hj%mE&$bSB z#!-dwUCI}2_I($8H**frMB}@Z8{ehE_g(bNxmr^N4{BR$6W=+Vu>)_DKMO6{z9QH+ ztg)I}x>eXNpTc&DV!Mbg%duU&y6N(cY2++vzDok@uCY)pbd0g67CPqpl1;4bDW=mn z%hrNA`F!2XD8@F{qmdB-xQRyCd_DPm z9uH6pPp)1xkgF%3&;I7Y&CAn^`fxMna3Y5o_sow9UKb^ay;iP{V4ft%VaUMi={dj? zzfZB~478A891Z3?lH=U@SETithsqRYf6lcu?P`LG9eBC>5B%Yi#iE-Nd z;(eaqSa;m1zcp}ck!L@@Ac1nv&L~*1n+yp@58pg)#M`%%)f{e3+eBVt4 zBvzlzd2uM!)x7uQ>uqydBRelZel?FSK9^*``#*wiL+`&f#QW(Q^iqINs|BZ;B=?d= zmOoblUS9n`VZFT^d<*YUa2^BaWzd)Gw2kx|l&=;S6+SM)`6~LoJ2wBflBN1*;kTN- zGJ@-Wl2ODIh#j8n-tYkY2>e)sZPgn6wS3QvBG#z-jq%8F*63G=?|yc$t94gm`K`gY zziiGFaYpHd96YU9)GOrD*yr>+bZge>%l&nF$>m#+p`u^K7nDorjps!7Qu;Ttig>j3 zMb!p0URbB+`>*IjlSKi_FCzPxV(0m>q7wxV^`l${^>sge zXn(h%;Gi`v#T+ag4k-l(+AD$s-|wRBI_6$y=Z*}+fA5>@&)v*3J=IP6W3t~ht`zT* z4+b5?-9FA|Gx)~0H~5}*jACJZlaR}G!;0o`1ZBxH$Z1AEe_j{ABaQlT^Q)&Nz(^)N6e#9 z>viApYx9DAbe}MIAL$bY_QAawfj<6~K9-Mw7Q8-M6IHWH%wyW%eYBULMeZFL=;Iso zQOnu0>Z4Zc;tj`@=wpa^w3nC%_hNxQZlsS!kwH==BlWl|2V7w$}0cPx%ggw=Qj{aTVuw%)G|9*do{(2N?bR zTk4w1_^p{e#y$Q$(w(C5pp&HEW6a$?FP>_qy#(zg0_|;}1}bl-1?360zj)rr6ULY0 z``wI5daapQn9fvYE}c5JcsbA6`A&iVS216Y7pJk;YLGXlG48UC6zy0%_5B-iSMrUq zt`(jZ9y$nm#gPk)@((;FtJFDOwnUrsE}OntK-p`goE)mUF&~ z`bdax{y4G3JiIguMfpP}gGbd7$F{M?H!qe<&N_y_Ca2;TKE*dzoh<>_ZU47C44K zeQ(yjZ0Kr}mxFzvJdLNny1lKN+5p8}8u0hER(1=Yjrjdb_U@yMvaIDZ%LB^>@)elh%@ zb_4t}6usXbo?n1|47~*CXF2l>(@!iwKcbsv=tgpDGJmQ;kMO7acCON0ir01zW4_N- z7G%P&L-V!#dgXxeOGkQq8u94A5BfJ_5Z^`_R}FZOPd$Ze?Xy%&>ss54bzBGjB-4!S zOL=()jeKTfH>|mu-}Z#7_Q2SG!`SV3!|=BBE!iR&Bl(gkq9;$jd=Yrb$JKbWhNt|I z`}urXYq`L@fw|nr-wNQ}XkhN;5?K0LI1G4S6BzSg@V=eCg7xn5@5gbrdO zIW_K+S39582A;+7l1`l=!I#s-(c|EA9=jeZ+~y(@gDm_ zmJKHVm+eD;Vfb5m3Hmq1_K;_P%!6KJ4;g(5ofzAn&%L3K%Z35}ttIr~=L7mFi_g0! z9c68eIf4EpYjs{;aGjwsU~4GXS$4GjXZ7W<#siLq(wTNV6W_P-6!sgE{j&pmA&vbN zm7Rmlpqjp*Emr%zf-aKG?kn^7RQ6TS_R0j{5nfNQ@R*7$3HoPdeFyx+S+9bYW~qOz zUC742r?1%Ost%3gMSmQsVKU>$`RhM{amc<9PV)VS)X6-mG_>7xM2* z@#}J6Vr^eLw@)*-w2j?>59@y}L8i+Gm3<_=^+}#<2WH04fsV~{d@fPkh`+EMb@4D@ z));`_NRW*iN3%s9+-a*pfRcDj!q*iQQB;&%A{E_nvs?0e|M zN1ArbHRpKc+i^;aCmtFP-?!3EP#%d7eiwVKO|>85ZT++G^!$T@f1)@z{@OUX=&`Xk1x_+&W#w$<2Qh4ttQMv;G2d$_wGLj8}fn-6!d zu-B2p-9_Zte}wyYHXiP_*y~Rn?k=_0S03)(Vy{1YxO=O;P8{ww(~fy}`Qh$uTu+6* zrbcGCuQ2yCIb7GC{%%oR+K&Auf9%2iw`|S0-%X3`cghlzMhnIQ$w4vLM;Cz z`Wwt12*W2ggZ0n&F@~;sxL%q(hBa5>GhDB7j&a+$p3<_bt?(Q^wBF&l1@LVQ+SdAM z6FjZ8%?!UKcrWg+J7oD@$9Ii+g5{%i9z4ZI6^vE#%ks}^1CIj#nD)~rxJ|oWzHJ@t zJM`!9Jp%0{l9Sx;oyZ!O#zP+sjI|LQFF=kOm<06J_9%P2mVo~VqyGx_NPa(!`ob7r z;@vj`?+S++@6MKT?>sN|)OfR{vgkZ7)?Zo^$ubwY+*dc=d1w-AZFQ;R-0Zd3f0763 z8drJn*=yl*Y@d{5ZTbw!FcU-78hYf5o-HK%c}I>Kpqfhm+=%G5XZkryc`Skl>DyW3xSHqY`bu}=t;x4% z-|DL zGwY^|zb-WyI!QfWPdgr+SDHM#;I(*bI&}MYKHXaW3fnL3=6s(s$rFMmh@1VH{Zn&X zF9kWcl6bEWV51C))7^_O6i+HoB9j8P)+-nK9(~f-1^R;(f)K1E~SKy;c!$()sPLOwk*W#m3Kz|EM z$bYlnOh{ja?Y(T!-n%i1-4|P39d}F)gzSvC;lD9%lJm8^ev4z|AEIyBZ9RkZf1c^T zu-+&;ruI;Hvi(@rdYlgD6!4ik-R+!CEdl(kK4qu0KjhnuK5trEYm(nz*nSwy-Wp;2 zp@RM5>HkrN7qri>;*B|C^Q?7~i(Ig0T2~L>p4sh?BQnVRr-tk&?dzlbG}Y&8{yFAs zYzF60*TQAhwA~)8eVa*h&*wcdM&Ue7pLRW8u@~jBtDX(jZ~o=wsj(jl_OtS5d+B!* zF;d&_T=20Jd{o+g>pfd7+;7iH&h4P@wI%xQS(%(ws{c~+&yp{zc?%A9&W09bI{}A7 z>^MrzpZ=GJ`qvrNcD}34d<*nes{Iex_CvIFhu^N^i?+RR{6X}Yl$`<)FhoIxXZy_~>%l6<>lDBhaDUGs>lj+^ z>NfjPN8O+QV0)X{YYN$iozrQ3P3+1UIu}4WTk_4Lan?upK7(AJ9KM9s85)6gB7TOE z70Q`zu;=rKvYzSGYB!%=FOK2R*1 zBoBU0yMx6uJ^5eoUsPvIu3#5&8nX{Z0-j(UX@>NoXh3p6w&R23VwgG97vQbFR`_!W z%YRG%UVjDt_w@}qfcQ4FjlS6^eRDAMAB1DsgQfM&t%LOE@v-IJf`1>@H*0mSMQTWW z(<%S?&F>Fi-!w9&{nR(~Y4nYO%ZL+-aT=EUg8N(_4mQ_*AN7st7kxvH=W*_$=zBl(O@S7mLBZjAJC0H^g}Il9`rm`T8PL9K+qZn`^W*F9d2(Y|`UZHtY};um z=82d5c7poG@&^}*CJipLiA!&fa% z&$-wX7a+%G4%y3P(j9zP&EzWOZPYLx)l`ss z(yaW~(W6||mc`AULbKe%XqPsLOVk)&!t_B~LAlgSADd`XHTOn8CA~hrM*HtD&U2Vc zrkqtj=ih>?u!2CS3LP)OU%YquKAA99{iclbg2{cv5W`rSakgXx#mrTxjgP4}2|xm`c-{Ymks=88So>Ns=UA9I$IN6W=>?1w(y zg7S4xeIB1$q|f8Xub@63N1byi8|ZGokFfpF9V^swNvr4SKjc3eeLgh2(J3do&H#8P z*JxjtQtKhw#Q}k)%jZbsI>ry)E^FEG){P#!+{TsI5!u~0B(K`~(QA7Hte;ep4 z?4Op+lKJ0wIkJ|)xq8LK$hQEoN+XyX@m+3%veD1Fv3 zR?Tk$zh{^)cI?1s=u^)eV4k7Im}iLhwK}YYnm81&kPX(zm=o<2-M9}AGe*8E{_+B2 z4AQZ1{n)#&w%s0xkA>|U=jWFP@}$D{f|Z}8=D&maNBuZb9XUQpJC1;y zx3Qzo1;&ui7hCD|Kb(BAVZ(!X)}G*TL0~LJ`F!suJg9*i3LeJ?#;`B&*dspTL-#*& zKl|ShviC)w;{y4Wo^IYl{{K4#|7CCU|HJmO=|AS>kXRncpiHKlp37mW z%L95VZ10tlkHgj1>-_%yuk`gwzyJSBeZ3?whJDdb9{&u(ei??oo*x*?|CPS}P+$!E z0*_MkSY$u#L0=!epZ#xmAN2L^xBoiz^^1XV{Wa+82SVf77ya{>)Yo@}#`k}%udfJ= zXJ6pu$(v$*^Z9^18rutfUB92>*;((Mzka1TgQ>88UWB;Sa{o+5$DDsN+x>VmzOj6| zi`a)4T{xF#Ci6@W>*tD1&B4F6`4PrP_4ioo@2^~)$wl00x9~peD#os4O(lbGXxplz zE#f>6s@6&SZ676Hopl@K6|x`Z!8vRM#pTt{5wxS6=6cSjNb^j7-Gb`{w4rekLo$0l zs+RTyYJ-F0>7DKES8d@`6OB^siPm&S}dj}Vj6AP_f+rK zGm|`f)}T~JoSW&Gy~efAr*dg^{xSRE5KB4SZKRGmjg61b-v6=z)TZ)< zqFOuSx&PF41J|c;{ukHpEn+`X=AB^P+EYSnM8ABSc{84`F=xfjWNY2`mM3FB$32IC z*8eUgzgzLYldMP8j!pJ`jQE0uufdD&OQ_AOXjAK(!PrA>ptd_0f3^Kx8H&f7{S|?A zE&V8eOn(16*pTvZtxuDNelpl*$3oL)457HR#_|z=ezI+bibu1*YZvwR;OAg>GkG?d z*{LpY)MeUT=le718)6^YvMMJj!U@AJXg*b9Eu};OXRP%KD z5B=H)zYp=A;#LQck5{dAIKR&`{5}VZ_j>Rv$Rq6Cjdk=d9v5HQ+7Zcq=uYSU(3ETef1MOG%?RUpYuMcev(ZlyRU)jVr z@h`H_13pHpe2g1~D=${pS50hLu{_C@q5KWaZ_}S&Z7ZS&lTTEbpYk~^Z`TpOevG(Y z(fS+vaw)&n#u<}ZcXy6+f2lKd7=wX7Iq1CGXJ~=^^>7W(;XS2mc<%DyWO?)v#;SN; za6gW4{mu!aoQ<}A$6Pmi^*iP|;??g=;~87OW3K)B9dqs1@0e@9e#cz<^*iR;uiqI# zjDBilbiRIP*$JiVcfRJ2dtd5zf-tlEBOWVNzw=}c_#orNHw~h{LF#uBtal_*)$Y2L zrR#T23c>vo{`iMezw_r%{Z0etCuzO%*VK*{)8ydmm9_L2j)%6R3!}ttA|_7aoq1{X zvv|ky=k0r--xVSH9Z0(;xJQL(SG;ZL7}^ybYaiyV)SuPH%U#KdD}j4Zj-=tkG&wy+ zZu$CUv=75Q)t~*Z({FQueqTJkH2uExKOW!h7yTl8n=I_0-$r0piiQu}D;l2U9u%Ts z!M-^J`ycz`FGatrL-O^ULFjif^xI3@TGuJ2`9HN|@ zW86Padd(XfeKauEM(ChaecId*yevFM82`DD-&v|YZ3gcSRiAd{p(X2MS`*3X?j*(( zJ;c<<00*x=#^}3HeH!v~$58cYJE_|`5xp|5?t?C8DsHT6KPgbd6*Vt%X=LM_1JKi+8XjBv^Lwo`k~V>-S`KAdYsle z?yV!w!am>4+#KMjJYRDSe05En)6`m^hssOy0+`ze6{Vv0ofw?V)^B~kUUG1d)cV{ zc|SAC&9Zl^a-ZdsDp%-&7m9P5OrO5*Al{!(KjHYU=kFKR+w<-JabWwW(0;hh^Jz1f zZ&oVbGlSo1b3Wx~=IXI^mG5bCD~@y5eh1qUe><4(iO)ivPc?F^u(s0>$oFiJ?@Erx z8s0Uzn9u>VgKuz>e1jqLJ*R??G_eA+_bvV>@a#-{e45Gk#3#nyo#TFoc8xDfZXciK zTS9evZ)Vc;=`WMg;iCe%+gV&!Rb7|Cl&Q z9p|km-}6Yfu=WyOm%ORO90$wy98SKGrQ@-pW94TMw+QAN+4+U@jqF$=!?pkqMfDWF=X)5>hKrpk~+fxe|#VEjpmhr(Z1vx zd2^pMWWLd?Kwkso(*)&@7v$4p*lnSFpicSA^HhIFE{u58!prKMTojv$J=1MIko~S$ z#WBE*d?3??%?GNbE#=iH-qi!Y2lIh?X=_#4Bv*E$ z;+d`FEZEgSWKDw9ZNmwKGXMN{mZ$dri+USMv<8SN>51x?c<3E5~Rq^IF$eA(N6N$^r|0Xxzx++F{@dgtViUE1H*@WjnQQD_v)=>pEW7^;HhC<+Up{_f zr{YcGqi?JIe0}+1Q(yi`)BfT$rcG?9eEX^5_M2#5_7C|}o!Upi+Uur$zN`Hf+7Ij3 zFTC+;+gX8l)mCE<6zp}aU+++So>;dXYdv<~aARY~LucP*FR`F+`?vI|xQy~Kg0ap_ zV4ZsCcwHf0X!A817$5QRF5>EnM?ymfyX(FMu8$oUkGwuKo|F9XW35{?F2>;Fh-%w_(VwVrQaSmUkr z*9Kr%YX7R$A^*taClH@*m%j=841Lslaog#kJ~y*>PEmeblLx1v^5do&_!Q&oMBoz# zKIB_=5wGeD$9okkN%`^K|6El%&ii#}xiU1qNB!|-EKGbnE)T#&`7S~GcR2K}cutVs ziPhp`l#bOZe=ftGSwVXL7k^y)Lhl~Fiuti~nE8x1gz>d<&-n7}^QRT0&v==|2Wtp_v3!6%j zERFZ0vd4nsEfIVAI^zx6#yi+Y+UoG|7*~}Tqt1E`+F{KBn?v@9jkj$u^+kuhy}N}N zb&d0@^tsrF7Z9_Wi5=81Tl>PvC*&Nn+3r%Vd%0efob4{>Y!q`HpRE}F?lkcYom=pC zzuMi_IG-E|;vmw^%BAi(*Ynd=yPRU(zrVkHb$@@wYUM}JPhXncjC7OEx{J7~c~Okd zvpbV(KDYQ)?X&%m=AI>som@5-Xe+g5kryT_)R1|MKuM_$o{v6l!p6A*++79Eu3>*TaFbi4Gh7|cY^dJ$H|VXE#GIR0 z4|gTn+D>Y%q@1X7ndk&CufH5%BOjioP=BrdzK%Cx%xq^Ni{#p5Qp2__?JkRU>@JjzroLT+o+Wy65=KNeEk2yaVc|5C} zys`VBL+vMezti*Zdd^~%yfNQ7-&f!7_s{n|C-U}bqPZM25IfN!&g9XGXnf%&#yAI< zTtHqu=k!ABtxHoMbbH`M(Qi+E#O+}$YPW~+M3BP^kPX@g2)VGsaSn86{zzxf5#OkC zW=dXnj}vd7?B4Rv@BlPHMq;PV^=#(*a{4ysdg=@|&apJ{yk8$=&as3x%-%PX{P?dq zONls^_)piu+neMg5F36F9(*w7pXDjNK|E@PcvEvbkmtQIoaip3Pup&ScAI%l`wB&D zyR<1;^(Wd@Owc)0V?D?f+>J~^b_oyfz(YxB$AON;^NKx6FL|^OG3#CA8g}LRU;R!8 zCY;%+*o$yz+o`3U_z>;fbs{*Sef1OWBTR47A1hxSNN4{TqOU7U_$w!(Uz3%|zIUtb zK6(Y6^f}rb?tbArV^MEE)yb?^$I6QKQ|-S2I4*rv3fU^x~@3lc6E#xo-+| z)C-IihjNq?##;8uFGDxbTy|Nq?=teZlyf>M{#u*9*Ft}m?j(b=@MGH#weNPSD|;^I zqrwyVOoOk?_=r31+U;$MpXz&J6tUyI;|=w>`#Ig?oS0)3{hU|x(rvxraTmAQ&f#+JDTm@_u*b(@P33kG*N@R9>(3xGfTb$3*- zWd6w7F1=%PAMYfg=P0Azld1dP*+L3^weH8Vd3i)z zML6X9f6#7F9!a-l&P9%Zi+64)$f9&T^FG&?L$NX=hk|pStT`jc?VRI#JLlnJaC!F`tJm2vBv3p z>uAn}p2#!6T{1j_EYsS(lhqrV84X?n{;_v>~omra0vy4&t9vrkLQe#<* z=l81^D`U>Wi&@^y!W&thpVW|?wSseHMOTwO`O6#*bhFnm?`wGnzB>cC+4J8z1Jdd0 zrJd!0x!UJW^5?mu1)BmJv-;-dA5=%n%%0fDI&bd$b_46n=OSlVr+|J=aj*G0umIi} z`byL16~wh`(G`i*bXWSZ7M_Hs41Lug7n_iaN!Bza_vhj-ie}{>^peAoW{eYfKZE}v zyHRqzksN*dzId{c_Z!HUkUh1afw}_hB(?Dy-dCQ+IrwzzS&Lndj6Rp^&GG4On(Ota zntc7v#COKIbtA1WTh`HyOcLDRY4Y~Q(syGw)W;0JN|)5~zGB<5VNSV$HF3sC?nqZ! z^z+}2`^hf>17PE5@2FF-!QShC$hMh`d3H&#&6_`H{Y_dvt?C+X)`s-pd>;-SWJlTb|eFqz330nib9E@-!DSH0SZ+f#4T?&hIb5b1~^RuJ4Bi zjo-xieoMfO_E2cScgw-=;)5RgY!2|kSJ2stT^Rc3w<7w7#$;n&&Ayi6^Bw5cp8B%V z^v`dPFph&6hvxjwJq20s*_xh=myaK$nft#2UC=+ivPUy7IPS0TWwG(yYnV$G+7r!e z0Kad2z^9FMUR$CK$&~|rdiZvL28M(G%Szz?Pp|Af{#OqJ|LsQw|FfN*|Kx{Qk*H<%$dvDV`vli*AtU`0-4{- z^(qsGbQF_p_2QHMb;E3PuKHZ^FzvbN@H_g%oSVL}ZYer=)Z#U_!INe5(Tsk>XXN)I z-532FCH<}(l&Eq$cplrgkN94zJvZI9cLVtM{Q#qb@_qm|fcyaIp)C4CIVf|<0aC0b zsk~g`k|th=E{XFTF~$5oH0{!1=oSavV%spWM850X^pk1Fz&uv43lhNmM}y$cvu6tN ze2o`+X|;O}XX&q~KE~hgT)CoYVj8kV+sDh_pY6tej9kIiVLUtP8p=&=ffpYucN>AF ztyPko{OF7RIDOq9{ie3oGk*PUWzQR1J^CB${L8Jz9xLp(Hfof!!`91~YrkH`T>JGh zqj~1eM(?~EbM4p5m}|dY#$5aLGUhtrop)odmwV^kP%qOuwYfT9FZ0OJrRxpW`g7Qq zdV?VR_EazP?r(t=`b2Pqjy4WjFJty-p5VUq&!y{SJ{7`&>yN)wy+L?A$IBV3a- z7upW$k~H-52suVUS+RMGCo6`kr~6-*50Rtu^5KD_O3Q~Xf86^eAD~&S%^A3{CN)?+ z(i^`So{Y$7oy3{xzV?k`86miTA_Vu_{qdKQ5357#o!PQt`M`P{x`X{c$yeT+dZf?L zXRscrUHpx2Iaobi1HU_`@3~&7ls+O4Ugg)_B}baNyF0*5F^w-?6Ai)ogFdYHLLcVqN1^?Vi<-UqQF9&f z>POLO`T9|FUC@Uc?=0xUjdvFG;l?`)`f%f&zCPS~2=$}Qlk)Wb){&*@efMUMPxq1D zH#Px3$!J6Gf}!Xg7`C&H7d`{-v|@Vi96~2T??<{P51{wOYnGE26_hj2_~S1{?;Aq& ze#{{BKDSjdMw1I{^3@Bq&4cU3pU|&e4;~i1qi;&-5{G~0eRNS|^5FVXx-`n~(wA0W z<-l>1GkIA0YVh}K_V4}Fe)dmZ_@4CbQ2H(?5B8+*;>I>U$UT!dfUoaL%YxCqENB>O zWWjB}4#@)6CHu+W3DV&SJ{|5s-~BK1e?i~9HE|IB*V-aJ<@>__f}8jsxRvC8;25xp z2j%~WsUbhrJ^AY)eFxl^hv5E9igG0364v*dug8NUIzvSXyl{}9W;u|eTl$PhW`{RCJ4(hhez+8 zJfG?Q=iSBhF1UXn1owaN$3Gl-4nY^~S7ZH`jbHO~SoT7m&koT0zRL5xrsvT9HlBTQ zn0xS^==m_8o;j;qvZ4Vz6!|Lbo&6$tO+h&l`>UkqDS7$*+~K9^`8Vv}^S;?9f}7|W zxRs*k1NMrZ&u~YE=s6ACuMfd}l|TOB(DQqt{Xr}}9|=8YXnSwu_cHpm_Q{^)_a5x) zjW+(gC;J*(gxEa!TxM^06GQ3@_}b*y`thVAefmw;82at}RfvA6;XF13$4h)T?m-@R z2I9^6^VRXM*_$HoU+2$P$G`5pv*2HM2K?*JfPdW?@UJ@q{`JPGk%IkEJqZ0y*+2U2 zEb^}fH_D z7u)ni_cO`?rR}|;-xulE(r<&}MMLawW9XY4HN|vG#hWdCUuoi{h58b5tXrGnN4r`N zxsU6m$)nAgAgj1ua~x{_8`FNeu>VcBYLNN9_7LS@9_OBR;A`I4=%azL4z~Zz zQu+zT=PW!%n0&)RzI>_uZ@$F4Z4;d*2s3uIs`tIZjl}tV zvRUgRZ?4?*RYM$VG5Pabk8tMQhix$z{W_O-9tUnVAMaCIv!h+s>kh6{UOKq>Fu3u? z7&tbM~B8ZB0om6Ug(dBH6v;@%3bBM-%EUK^&!r@9&GWs4UxXN3nK%^ z_VI|xX{k$(G-FFJHrodIQS2jhs5xgFJ9)r4_hy|by>I8-8`^C@%D~akc=u6e%!U_I zN9Feo%HHAh_1vZWjhno4?ukKXr$@RBttXE%`v~0+-LH=yW%d#J0oPT?$q|v_^X?75 zbsuT=5n9bNQ-QIPQc92Ok%)OL%Pwi-(%fN|yKMc1M544jk(T-E19q#>0xSjSR1LN_o zi^t>L%gZO$(lxGSwBy;3l>_z#N)sDZ{#YHfXxE14a4kKdoRrUGUu}EW&&_lAXXVRQ zBVP*jV5$LI&N_YK&codWO9}X zp~&6#Ir(~(2Ad=1ukRP-Z;kizb*3-}>Cb%r7Hh79?eDU|z^kC2V#o|rKW%C?A|0HU z)Ty|5zF%LL*nS1G5rO`~`nvE8J^b)$x((mdL`S_i~tf&9JKR?m$fzki{^MRK6{ad=r*O%so zzh6bE`R@qUZxa(rS|0FoM}o9?d0-6tQa|p=j{-l~{W}KiF93fG#uFx|7`~_vj752r ze-U_Ke+~tYNr5r!3q1CSkND92NB6V;4JG(tT%g`Ksv0}^bSM~P(gk_=*HlmcNMKwh z&lWlTzMppkzX(3VIUlGkG@d-Yt{gu9o`RPdB5uEuL_M%b#w1Kyo^6LJa}CY z8qdDK%ab>Sd>SinOl}>u12On(xcEEveHhQ}27d+nN#hazQht3pwp3>+TWb4%7TZ!E zzP?0#Ix_LSmkYcon$P2}#@iogZJ;i_!$0kw!@O1op`%K(> zCZ>F?_{r?e&+n&jKDODzajg5%+t`~-Ir-Q!@-x>4Y8LU^XUN7g>*&~c8_3~Mt$Pn+ zD8mPxj4ilO&)|!iXQ(acR-Okor0l^S#!-fEntu*o(maPR`R_dE&9l;++qr~!N+vQF z_Srqs)a$32^V%8OV{lsDmXdv$vU+r#mn$07qhAl;X}NEo>|E#7lT5|eeQ)f6`FfH} z3vgY=Sm%QS>dP`se7^#`kYk>aug0Hj?sEQYO?qxVbbS%GS5vHkRv~a zvnFPe#|w;AZ@TFM57z069AL{k=aPGit(d*k>8m+Y{NbH_W^!qfb?v5RWQv=ik8hE) zouT~%wd@(%#HM??Zr9>_>YN+z&e8t@CwfPgcCmYBr5OW0)PvY{r{(;yoP`aiI;u(P z=TcACmFg$O{&AWsxSy5g`3%oq^WHA*VatLG$C>6{^v*kNu?pv*Ui!ID=T^{%&cJ9Q z?@;p|M_;Og%RB1=$9HCe#>$W#^PIEZJW${nK{6UHa5|=&OJ|G!tdaCRaN=Z zPmC^qdO5VV0=lv^cr5gFg?vNkQnf2;tJkkxIYzX|cflwNJhX3vXj?E>U6X1ZmI6EB zZanYWoJ!foo-OOwk;E#{F=f=#ly}It6TXALZ<(F!D=+8F3Zsi+9fG;=(M#Q(>WFi| z>~d@>!MGc`4Au;0c()@Le@VkZe)8uOi)<5UI<+bcs=8g{}KkBD{ zDwd7XZ30Z(fG^p{VK3mR`HpJp4x{y zeqU!Bdbm;VmY&OV?+q~*YM**0czF2R@O-F$>Y0%2d(Ov25Fb;GJ}Ts&r{SFp^ep)W z|F$}*IqrsA(LKyjF`Kk>k~7wQoO{R$;*uwrn2+UE^pL4V*IuS&!MFh5XG1^I1-Ag7 zTLmZnto-zRW)Eh1H-(&RMn*1yCZ2)rr5lMc5O1F9>P#R#qnbqFIg5X0$NJ?{UN`%w z-om?Qqx&SI7ScuoG}XeN?XLmc)bV?`uOi;B_w>r3^ymLx#0&7j|GZSp2djX)^^Zpw zf4yKY)m2jKtGEI4ttN+h1^&X^>)IbyepeQ`T6^7cuFDpsU%dBQMjlz8(U(IVz*Kd7 zKj5?4uRBm(sQB@Lz&Nyjj__{(+3}oLAzfH(k7SVF8kf!*iutrDctt;7piRMX663C6 z+>?Rt*~p}Oo$_s2>@W6i>57{gN92~_*)sCw%RBm8INOBxB-_^`Z`LDks5R`m+?VZ& zAxZv<7COn{FucrldOrJ3a$j<9GBnk2-K2-p=qgV>57hl%3e0qA(@#^ue9INDWtTN5M~VByy-XZ32T!EU{w`-g^U6_*bzI1t(ib>=J96wdQe$i1 zygEGTxh(h5=fu`VxbLziDOxhR3Y{ojmge`h`i@A>;lwL9W1b_$G8BG<=gN=+M zGu!dbfPzQk#%?>z&2nB<1{zmgx8*@%Q6@ImI~#fG$L*uoTG}_|V}dJvg>^_T{f^Oi zuube7Gu*qI`2lm+w%u!W33^QJXs;Ke{}}WAqoa4^b@g?V-d0Us7C9(i+$CxsUcVGwi_Yu4%<*`>3Ah^hlyI*< z`SrH6;Kp;Z#XLSKGcj55rg&kTPZKu>=t1>abXer?%^d|TL;Ka(H4C8S`>$(wyBj&R z9-R#zZd(9<-gjN&+e^6D!o3XhoAF6}1=di~-}iZRowr`)`8}M6#oT3EJj!R7M}P6h zf~@$1KQ{5G_|vWz-G1S~^`dM)aCjG7y(OFVK=vd!h`;fxcf`tB1F7_DFg-f#-zFGv z{~o9B*{{=Ib)+lvF8nJ!)$iLKz`2GPzTHFUQ}BZ3yPWxE7CU{}8|cg6O!~LHbjn&lr`E^kLZ?gRH$bD> zqhJK|R{@=hW;)5eh^C=g`us81_MKzm$-ZNeNmtZ456Yh2GA`Nm?cd*f@eP0XlP^?9 zCNA1?q%-fbJHL1FBag2#-c4h4LB1Z~T?< zCx6G-2jJG&`n+4oe$aN0e$|qCI;Om%4&JUcyd5ja+Xsg5KIVPEdrI)T)`QG=UMK{rj)%gtPBJ>3Eg`|@XuGtbhj=9Ggr>!8U!>6WWC$AH}VEZ_H6?xe{< zvGn&6*Ta=Nr!q%Nf6wurrN0kyUwblUXCrs8KRx^$;MQsE0lD)b;b*#!pV@=p2b;E} z+~NKjjoYWcpZMb*4*lK7v!&=S`!49`m~o5OjLkY@f;>k>6Fu-xRJF<8v*?hE;4>I$wF@vNg|a054JEfYtB-{+aam zEqpFP4$97{=DiHI-N`)H9`T<;=9=gDlzrRCpPs{ZnWuTkKRbr!dS`KcksH^iOQ$V0Xz9pI7lqmou)!@6I&w5Tlb6yCe6=z$p-a z(wMgY-ov@h7jXDz;jv*4;~B|#(xLGL+qdKT_&$zny+5u$27Hmd8DAEBnehQf8^U*Y`~Y=5QZ zH=i0L{IPk+lQn2Z-s}qVE7@N>-(Od}D%{^qYn~aTzsJ>23yJN&6!b zuj)#Ik7t6v&EdCt+GAbV>G^=WoE$spl$FrFbjms3usX%tJ2(S8KLI?YdoDAdH?R2z zK1I9Ym2D!`Rvv_b~$b{djqTHS@CSmW8PQoJiK`6ryS>@a^86YIjHeQ_%nRr>rUEf zb;^!#YeVhSh1!w6E@uyfRjJe6UU1esk~6VBA9H)bR|>ny={d@+^O0RjHg~*HtM9CRXJVhz zb6pYQV2Os4UBy>2_&SLcx!L&H%h`v)?iJanxEHY@#XO?Kgx)0gLF=;0$&}r5BkNXa za3ddAbd|TatQ|3twvSErW%2Qa<8jmx2#11;!J~c7x67=|ewKZUg1MFd;mb71PrKjk zh+~L1hW5M7+<|S^QZ_4l7xRSwwfAiq^s|)p;0QFB8SfC=V?5wJZDP}7+}VQRcx*Y= z{#W>WP}CFeX<_a;>`}%2l;c~bm;>Jx6I%lu?6cLooYg(p-(|pd=?vmw&UmwD|1Dgv zijQ|!0pELBS50Wm0X%y4H*2%l`8R%oSUYxY7QR%j#DWjAe;j;Z+m)%aS`6ajh|&$nX5e z_B+{qXEF8=e36NL(d1(~+AoB?Fq1dE+P0%5>SkJEzWj@rz5C3*!k2i@XD;QFSdU_L znfZLuccuwAvtMl%e^D`6JAT2nhI8b0V(+Wn^txE!yj#bdcdPiS9hdSvvOM?C{{oI^ z*S4ct80qNWVFPI`;J5ljKK@#t$jZzz{14#XJx24W!Um6ad={TT@-^@qb3fJmcDa5- z{$^rdS;ITrKg(^@J!G|DXxsU??jgg2_b$~vcr#93i{n(f-v^eKhqT6FVpxnvIVip0 zvK%@w@y8_e#Qkb$Dca!Rud!~-?-ThhAHN)W#CPg?BI?Z0Ub|7~Fgt-y_%VAfpTx?t z#1^8*@i~XjX?)_#Mo;B)CZDJCNsJ|WCZE&!O!5gIMnCG{FTu~EXWH#22SvP{qwQU~ zPIFEBeY#GvZzFyDS=S9*)6akFx}9tK+M(-iuIcYpU8lLG&sTKqu+~Jsn{}Pyn!bCu z)*5ZLW$vsc+AA8mk5)Ndk}ujnQP^2^ujrYz+cY>QlJUOct|I}-5f_tKEue-Xay##n_ zW=z_5HWC`s_i67H+S8ump3E!DuldLqH8QWonI(U#ReOt7!avA4`PjLZ-2Fhc-ZWJE)fEHVuX`Wc|7nT#kKfDoM;L#- zuznr+sP<@0J^!;$8K3Gj*+D@V<@J{DQ&`x=4%6kdx zZ_!y=`v5_ML49r3FGKh^RCa)$Gh=gQBvXSpkv(DUCrA72rDpqQ5Buwum0lcYo!_U< zrZDzFi{}q)FlV|Rn$MrpnvCGPW@8z_+3B7uo11+;Q_-N#{HucvCy^@2_=}^0ce(TctoZ=%x z)2zcnx1LRgPC;K7xi4E(I_5%hiA)>QOdA^=hjmBV__W`K=-%>%=zksXk$oZ^w$RBw zyp;Sz!6$!@Iq05X#CgOIErkzE?t|7t#c%X^;5hau;QY!Ac7u2_%N%N=w z0zB&fX5sile?B^!#*;5ze(na=gx(u_P+q?DUqOz;BL42>j1Bxv(XO#s;7Qh@XO*`{ zU8@5&`8wc!Uk7Xs=m7oph~Xhm2k0Cb=>R>GzSikeJLf`Mz1UHb!>>EgTcQ&G za5FL}hy2=%9IO1W)AxP)Q2r&~O|EO~Bff9g5OqIG?uz8Ae2WXQi8G8zxf^l(t~z)? zF=^e4Cp}zT+2}umJb*VhN>7S6W5^lth}JJ|K+eoHFp4ee^Z1!9Y_9}SG;lJg8MFJVLV?HwC%W zYUC2XJ;1u_IAn!zEL`iXq-0F=%X9_ z_sf2)EYbd&y=;H=h+=z7v5_qFEuJfbKhRqntuEYey@hV03l#3@F)q;G`_ZDA2Vb7hau_%x6Ie$FA87dDKoPNot59@0L<4;qGfd<#Rq`L*% z*f__%57;h+SC=wA^rATf>r<(ohcyrJ?57x;^yVL+Z{i5pZD$Y*yV=AQrdC+eEJ2j0Q%fu=>Wk@oey$ zyNG%m;@reVitrp0p3%!C@eDqm#CK>I<2=-Of$T8&P`r7d)Q8t`4h;7u zp_3fsug%@;?;o{VaSYYb$S25N#Aj3BOeAPhx-oN4#Qo6%;^dr<$bJ?(n~BMaF0HPT zPd7Q>(+QT}h8CU(=yaWF=-GP7HTwMz0lof2fF7<8{(R2JCfb($U#r}V+eW&RSUboyasCeUrG442+x~i+>C-vPT}z*j@vg>mj+Nc@o}KE+ zHQ$!4gw~O3YPJOjJa9)P{5Y;vA*n+J&pSUY_cYI4 z#&6H@3BTrE;IoO(7x}z`&p+_Fh|ib#yoxz6mRru$8bP_cV_nqU)D(;_SD5(nts*+ z{Eb_^1(E}FIdDOwo2Y3taL6}SKDp_n zlJ`bIt7D-nY&gZ!dM74%hP>_&zsbKnFH|q4x|Dj}pUeBz=!~<+5sSlL&C-|b#~l48 ziQ!!L3~^@KPKb7(v9IGdHNtxdcuziq)}<8J`yle#n}cWDc=~s`yPP!#ov-{FzJU7C z_+Q@mYTJMLV+^jBtyVorXuZsy52^Js<=t!jtbeRzK*j2XjAJR|z|MoO%R0_t3_%&N zmh*xn=h7#@$IAxFfWD+;0C6rNjSQfF zt&1##kF5;RS%$rLfP)Lb)m?mE#OFPHUgGpMLH~7z_6uh&_8=pAkSjfs5!cYiBE}hm z?uq3Ed0D*uK*JvR`4rwo)(I}bv;XA7DJJCMrK~hR@5Q@<`EdFO()zB?dbGY^JT%K# zG^XHq!n7{>xEA^d)AyGH^s+zn{P-`6={Y^$&@+4M6w~upuyaE6jE!&Td86q0i~v2K z5T@sP|GYAE(3|ze^-*c)*w_frNQLO9pEEf7k%|3dS9@_L?`-Bx(2sP(Cg^7~^k-wb zK^q}m6LqJFHn0(Pu8g`n^gMZ$6K_qvJ^NPY?dqtfPZZ<36}`WSKE=c5V54kmBF{nm z&b?ZAzn&OK4qkE0{za#_Zy=*`SHK56CtD>mo%KQ9_56nNjxW!8y-j)4vTK|19n*`* zkL>Gz&^()qxL*dY>9;FSQ{9;Al?*J=SF+nO$3m-|^UnIggU6tc1dmPFNyZ+5j>Ur- ztL&0S#U+0?*3GRf*d!~kQ7(RkS|$376Qj=_%Q(fa(3ki%L;rtA|4Dp^i0m=i%IFz> zKa4!$;8-@-z$1=xhx*H0hK>SOTjnDZoyfLV{@g$B)A*U`8jZJd_2a?bR;p7%np8k4U?MUY#(KtElvo>QpKUvOs zSHNmAxmdD;A06#n{bA(?bB*5Fv6S;IRU3ONa$UK-D>$F~zo>DW8-t$c&-#WbVs7bo z`yWgrXETz~vbioO*jz<2vBk5WvAH%n?01#7xvY#1y;~&T{dc9yDuKgh;Gi|3Wv37$ zCHHI7=!!cwAxCVyAHLd=xNoXEiJT&06?uFA#;wNQ-?+YeLf*&NO#g~|+p(X+9J>`u zoXK3_DZ@{G|MEdZ^TuaLR^{7}pVGj3p>U?$f}o$0o2PRXlg}F-Jpnr%UsH1G2%f7k zHoLd4!wT|S>mEMA&9NWtSAX+5xuKxrr^uVP|nIzb8B2F+A+^PS;Z6Cq2Z8^nD7sjH}2u>}_+d zKbyFO^6Nj%zVQuH&>!%O zE{bz~V>GaLXp2Du%OK^qglJK2p& z2GtaJ>as29c4TqhFYJ}U8`1){mk~Zb(~|?q7JSk3rfD!dg5tO?ja3*Af2b zVSJi;8tjWHTx*V!;X!|1^7ljd)#*y`HwyTSMdo2kts;*~_K{hSrY0`9z9GG`SUKU; z#;Hy0lIs_PyOz=56#lOPt_#2)>popA$k=sN&P;DT#Hkh} z;t}6Bva`J7+CJt2zv4G{MTiS~a`Qv(C&+bFyt5uTpmULPJfpa={aw$$sk%2}7OxPi zH1vS%s$;D9%d;LscHs-(ovT5vg>xWu4>>j<2Vx>HMRuQtJTIb&dM_@KI#4#>3GU^b zmyK`GnsCm-&H_IgJ8}Ny^lx*Eo0Tuen3bb!a`=+u@bUc*bCfCofAi z5n2mb$@O4#@H70;FdZxo=y*#H-g?&&`L+Cd=tQ_+pM|a-&H=Z!ua)Cp`9eUBht@g< ztaHrqct2*=IRbJV7=IJ{-jm~H1v!2!@Isbu;`eTkhdL9#JizR$tMzIdJKnm<&y{cS zU@y9FV7^b6njf*6V1Am~7k%fDO~*jn>!Iy)$TJm9lVjUzX=DjBl7;_bsjSg&<{G+) zTKyK(88L4hFOy4^CLZ>3m2-8Y;-gj${Q69H335O_wznoy*6}cNaIlq~$Jwi$y2X4< z61@JuoBjFu?W!H@>dwUJo=yw4bH8op)ME#L(t!mCFqY_jtQmwweuzw+kf)cG7pdsekt~DKRG4Dhdi0%xC_bsx)(U7 z*dtDH1?A3eW&P9WU*$i5!}o3d8$M7j*i*=F5Q8a;#OI}MMM=p!(h$45v z3whP}<$S+|JSNFYqnpXSGQMOzaaa5or?QZ%wp_kz=c#UX)J<1NK=FW5ursmMVZazUUqm-f zkZvRg8NYN*wOP{!KK`0^j&aMr<9FkW@q1S$WV0U?7<1UKmn_){eq`IcZa!~b^D3XR zebml>aV>qT>leA!7<$L>dkMeS*hAx;F6o0^zwq_nc>KM9{WFw5TMch}c9>&gPHN{D zv@=|P*4S637O$XBjodZYsCkj8RxDD$)r*6L5^pNc#(eo1zr?h z3@;+DnvhrPtc`^)F~G*sy;3$7GF3L#OU%K;gQr)6c)c}%*OeiCBKU7L`u_h8{=fM1 z(C|ML_(y=hfg|{_c*z3CbAhAsCM+JH`PM{Pxf>l(tQ%JMyxtbX-xL2(j6d_o$?+H&qJLj?ez|%ED;OWQ!p8f?qS$lH>@yz$e7V=@U7eUAOpzF~iVHx!DRlrg) z2xLLKsb`w)o^c6wy=Wh~A=sfTT?sc2J$g14qbq}8*cyEgC;deON zN0q#gFMWYEihJN6WSP}3`;q9EfY4s_Ma`McBvQoFF(%PPb-@CZ2v#fMl^{|;Ci^-o-AhU|{A z6KNm4Q$~H0>L*lhq57$()kd0YetRm=MtXwmk+bQ~vQLV(Rkk%o@=>$l*5PNhwG1#@6>O-gpUnmeJ-mc;~Cg z?{sWbN5}sFm%D(A-{+=FlFD5+ecJftHfVMva(@0H&dy&FJD-1`v$I>Dd{3$NhH=k7 z+}WAHE*aU)$?3>*o;yu3(erkzcBg95cH*6)m&=Gn>U$&aoku(p8~-8wHiq{`lOyyh zHsUK6$#x#o(K3v&y#oJee6Q9g`$n@KHu^B^MHuUlb~rZ+~%+@I4Tu&7wvxesZEzTecR?E_n5nVM(=K# z4{Z?Z`z*5N$ITPn#gQ@F8i{8=O)T(P_#Ho~Z!ODti7+bo)P45Y5ythPp19KtgV^7 z6#IM5Yi(zru6#h^B>pp^ryR1;lM7xRl5&oEu0eJ*d3hH$|4unb>TBNLzuMM5ju`uF z?D{|TKPcMLp44@R64Q=5Zs+6Jo!G6qpM^G7KpTo#)km^L`Ox*yy7HmxeOj+Ev?p4R zb=(0?^p0e}GHRqGcf?z2Ge?^(w7JgDuNEDzgO1hKI-idD-KXPN$91&j`EXVF^+U*0tlI$}!A3ALdd`OrFh;)~zF#o5W41J7 zacpcB<~9_b-+R;Gxz*`Dbic-sHujpyYiU(p%ToDlMkbEw$dVhce6>-kMP!Xkw0hmI zJm2nfBYAER*ccmN6gVD>4KUub1C~6=^OeAI6tEl%AC70uY?%Ju^s0gNycg2m-uQc4 ziJJ%QS*=6$BMbUpCT>;3=i+h`yIKnW+1i0}XaDP=WH;xK|LRY+a~W+Oiw^kzyuAx} zRn?jQzt1_janXRFps3^|Afi@O1f-~(BzU*ARXViAmO!-Xk509Y+EG%SF%yUQb^EUC;qu%&KT3vQEtESho`$*nuwWz?V}Fgo#st zx0jED-0_ZJ=zYOiK)u<2Ay*+oj8iqfuXPHZzmR|3vBKw9zQ6LWNlx)9t&Mp#g$r9Q zBd?IU#=e_;9)GsD? zN^cEGFbee6xs3St-1KYPk?v0{B)q&-(SbNcX)q>as<=2 zKtF7XbanDZ=yfynx`nY_LhS@%VMTS0YxVr!V?A5G<)7dw`4`IZko+Dcz6yQ23m&oG z?e#Iyug1s3w`^v=iTueL{o+rRk)NZnk&l7@F?}dH=>_LcPuv|DYJ50zjegbj3%-8+ zQLj%myyZ7}a0q{2Fp5~Sex7*osv*ua?SUw2&iNjzkjKTw_ZVh;kKyf6_ip(f$kl7e zm3$BTjNX;~cnvxD80(7iJyzp;Y$gW%!eRR!!&_dj2Da~e{Mhk)5BbfKH~AfV&L6<< zs7_>0JMVSF&nHc14+_4AnP)K$MHeTCkq;%$PyP`yJP#h(8pv_>^Zt|TqV9};An*V6 zp2yg?Kn?GK_dlrq@}8@lHgLQzbrtg~cx<*4T^v7S`FELfpCW!+O1+iZqgW$c?cA1{ z=d?+t+x<1L4dnQxrm((6J%}{VQrjZC9D3U`m$9YOy5U`XTSI3Pr{#Jaxm`LhRe27@ z)Bx$Ge`(^LyNH4ACI*bFh1hUoK1Z7POV!Oda>0EYnHoLCvKZu*#6le zg^sCjMVxZ(B}2@$7gr@dw0mBn?G)OE4sqIc;Wws$p9X%0Z*`G7xt=&c1NBil&0Mym zW%rvsP3@csmf=159YI~b9{vsPLy?U&*YIy}4~iFu^Y&|b_TJlTV%rtt47N)?b!pVw7s6Sd=}|m0 zhJWNwrNApC+JIYxx%nFOgRWJ#N;Fe$+icF-rG0LSbsVpqx-qnij>O4sQ@;+53)s{t ziQ7C|8Zl!&rUX1fZKA2-DQEa}WaIQ0#Y}9xZZLay6?_o3cOPip0*v7KkZV5Znfq3S z`$ho1&Hoz094?%%*)zu5k0ZNg$Ech!iq)Xo7$eOMK9J&7S8I%z-`Q^ohVp*(jULv#u(_=poFZ4}DJa)N zxq2D&r1&HQu7&844fXw!Ut61Z+hc7@+FhKHhNk7RB>@8Ko+6<*puNsfP87xp2_ z`_iWunK^y5Wm*U~`AGV1=Vb|=Pf)8Doy9zUCALU=06Xx>#22zF9q4i9s%_HIv#42S z^f`Jg&O9&8`;`voReink#RX1e@nrnE;&T%(cE`LNRim?!jXpUOe6L?TUu{Moh3ZCt zr{ej$!QbqMfKI`+zCL?Y>Z687O`bIPo=o2JF5;EaQ{O~JOWb4Jl1O4EYq84FyLUI= zJSDP=7)*)Djq7b=KCHG={Q2-H_zfxY1c~F_W^%uX$ryROhg>&uk@UUv1Z)iXBfHCT zHfFN+Jo+}~26DA`LvL(~S;JdLO@|@m!dM$4e>iAkD!87^ni#sLEh+l~>@=`5e5dPV z#*1-LzWY^g^fc8G2kG4_bQtu>M@QweiI$!$dUTZj9Y-#v^zX6e_x4R=lpsC&5>mds*Ik>VVH%%(qhL5|cN~ z*e2|Ji@BD3G|xVGJY(ir$^{QRr)M-D4?ZW}YS8{Icx$=&y?s+1zm~WDk-sf({XhN| zZ{1qN{XE~aywwO_h_{vp?1RRCF#Gce;}Yht&woh%x@1IO|3LOeen7onmxHyEzqx*u ze1QUB67!tVfxWl&tDfFRpW!L3zu50}jA3mE9nQXh1Dqu>_i6Z~8Jqt!w!cQdw5RZC zy2t@5GQP4i`svZmfz#lnr^(~1;kS!CcHI-*Yr)_8kcX;y)rmjyfbk;>@V|;$mWc1c z?*#0IV2S_B=D;`jEB9TQ+XtigTH<1_{aduBM-eLk&jh+Uf*pDoyv;N4Y$b9q?cE;3 zAM&LK;jKO&I{tsw9}4@E|9|q!)B*UVlkrw<#Scrb z4FP&N{#Xk}RAao_aaHH^xP0Txz0ra8;22sue$S_4(4Rc8)ywzy_U9bkn{(K61^VeK zPe&OYG)}%B`_=HTJYD+{SNp-z<5b%UolJWg|0~TqY4m3rouzTGG9;caK;B~biSUW3 zJGTTsY=!Z|V!d_e?7jPqpXk-oQU1F8G1Z+zuiutrP8|bQk$gpC4`MC9ejOfJAbzjB zP2bnrtL#DncA;y z)ju=l@Q8RdCSEoDjJ4c2KtFE?v~+3AZ7P75f_BmGtK=wE;oPRV*>jscos_Cb+;;khu#bD-)3AN~H((v^{7m-u zIkR6cS5LBP80-DTS~Kz1j}pF4Z~wEuClK49_=50W!na-z;rpDahn9nv#2#wyn<37t zxx%0EosygfohD|hJp`<=%~g)UeB`^Dc%Etu*eytn8oEJ7jG39UUg}-N;xwpa9-~tZ2@k8zR_e^2UI)V=! zDPFveIl=Iwxuzy~TI&t?xSn12&VBs#7l4QUB_6rMsXN(S20fHlLq3n^XZiV}TNQ_7 z9;rB_VvR}a467d|9!dK<^S2H;}%$d@xRlT9S6L1x+BH*z0Xsu;&9-`({(8lg# zZdRTQXSr3Kvae|k`>0dc4(&lf@Au!Ed=WYgo7Tm*wjoc-!83Zb>_~EXa(T3i$RR)F z6)%VD4#vgi25-a9B3|*~YC1ws@mEx~4EvQL)?s+xj}NB7r5c_g->I#ZctW*57Z2K4 z=x1V+9gI`IIy`Fg{WIBA`De!8FyAd~>0r$DjfC_!wF#VocMRcpy#g#LfFgb4IZ^a^RDfCbtq0y~1QMZzN zadNwYIb0w2b8e-B(}FXOUtlSBOmY{5_Z~If1+R*A77I&qAsu6prw_`dk(0a}dvwVLYML zKzOE~?mu2HgXdq1UrP|b0qD5<#Sk3_!S5%Bz;8D>ULTa^_T$TsE@*dLY^&Mp`2cnv z-}i5-e_I5+>!s`A$u9W5gRxP~zMehM4nFE&zG%PKRf;|)p1Ga47<*K+-RQ#c5w8~2 zN^t59)ZiSCzQ*S^_1xvlulkuMV{5^At*;XgRX?!a%z?c6flt5Y`%7CrA4YsBUcAAl zVYuFuiBA~*%hAu-yMAZ$_kZ_B^Z8wG%$nk@+3C!xg^Kgh??{>ERgsn_o}^a0*#~?K zwOM@KYrkvi{+T(dsR=Tz(Ce3Qxe#1ZLH-K)XXN9!4}U!8;{^Q~+n;HEfA-~(r;QW( z%9Gg>^wdb|81_BWzYwDy<&Ib1LH)B7|_%Sx{OB*qSX~2VVl78mxOIcTZ4SZZT5yM1xbIVUF$DMhn=HO#2f_wbJmY>Q|yrl!d+zH)(t}6<`8|k7Toz3-}fi?%j21NQ>p z!e=|2?-loxBXPse1{hTy0}mOi0g#U zyJ#dAp$>bZxKWJ0>P#|LwPcfQ%3 zhl3AuRD%!m(=z6#K^r7r_@BV%cOiTl|4Mvr$b-*K(5D9aMDQP?&}TL=vyIRvL4ATC zE=lIGRp9bi2$z5KaZ&$+v{@LS%|Ped9Tt6b?wU7V{prJ+%16MdF@)2_eg?(kzcKCj*w!eNq+!){BLjN`73j@(0TUoX$t^Fn&%Gtc<+ z@-N?~W(2b8oo|@HZwro(<_an14=mI^Mh~Df zvMHT+Il9Q`CbLdZNA2Nh4(Cjr?^dF(SQl@#=g6-^mu0wD+kC!TC@jFwyl;|QXz>Cco@=e8?OW=* z*n-RQ-3JD zl6hd!_Nfr8MZmi0P_Uen`_qfIst_#I*7+Q;Du6j4y~^^yqHRhD)>>d(D!g*z*q`=u z^1!0)_z)AuWDw*7$S7~bs!$Nm%61@ha{TX>+(bf=xRnB~CwShH=Y+sxQ7HwY+ z!Kwn*-M|`DhHlLRi?+{)U@ZdHZNh6X8TwuxShQUhf|VY2`=&1dYtV6gA`dLu&I!R< z3tm?lyawU>WFAR(H+fiXyu_c>6Vqgt|*Ts2Y(bhw* zNKm%Rnadq_D0k+>^6s&jiz@n`=1Zz34o;(z+vQzu>1a1Ekg0%%$4;>2D#d%=S z_Rk?$X<+^9p zptAkDJg{hcDg>(vSic3QH@b%ma(I&xK)eR^F|Lg4LP_7HyY? zVR5eSwTJ5Cjy$kvn-PLl&bsK8!fP=9>#aPnXqym%RRyfsf;E^f9DaI#{-SMU2-YHC zopz``&dCFdwhzeP2+H$4vIEZg@eI8h}?FqqJ3#=l+8f-55ojkB;`&|gu7GS-p z+UbM&g-_&xMccC>SZQD-fwgWh8Ty|*uxQ&9f)%C4%rAg7sLm;w(tjLjTOEQ`4y>Q3 zkL0!v=og;R4_0F>ZFhUHS{=uW15^R)L10-uaSeM2LUDk`4T(IkXuB;0YZ0*SGkAG1 zg}ku7mi~q zTYyzN7`^K9z@qJv5UfSOy5>-@ev}6mZPP=rmILdP>Z3n*&r7f0<$*<8MF`efV4V*v z>qpn3qgBgM^{Lp;Hm#t5eCm?3IM>yWM|*MK##-7&gkWs})~Sc;WLOw)L zw$s2G3#>tT_2N9RX!}zbR`HTeh3eyA<9JgZShW2%1gm^_-Oe|tIX$SJSf2+LZO?>Y zRRQZ&U=4~_dmdP{{bvZ)B4E8Byatn@xAMTE?FS)P%YoH)D7;2b?LUsRtqQ?f3#?_VC@ntV(;>!^V0rjd0^4@lQ67dU*Dv9{q=*v8a=H)?P+^31greWx}95qW&QiS zcwLhR7H#*1U{wL@$AabaS6-#N^m;!JEZQy(!Ab+G7FdJo!m-o)k0WicX)6!GDra5zJVUQReDYiK;6+<$2v!xaPBE|s)2n%4HBNWmC!ZiF z+lzoT23XZT-{=l7w3UR z+tv`Q^q8fa{s^o=dE(YQuxM)y!y1>^^gOVt2i0GBV0~|f`~5Ji*lnAh0M@#}U_H|p z7C8$0YiYa7gVku`0OcdgBH;!8ialUiNQzHxDe@ZVADv0@l3-Rxf|`hc)7y zKI3TcqV1XxtVO_D+LvDaVI}gwqV1C*Sj&O+MPONd53icDv8^9XKL7rP>(A*Uj|MN= z&JV#_3#`wmk3O&Fh4pA2ShSrQg0%%$7Xm9Vj{W=iR-Qi6HZ}w+4XmjKuU;M9AJ)k; z`_o=+Az0Cobvw&|72x~+urAI6i?%n&c|lL)_zPG^1p1hlUSFKqpZ2u98iG{?tb^LC zl#40!$E!IHUbMXsg0%=(-N3Sa%!}7kdGMmGEd*;hu>MDQUoDZgdI0QZ!y@`C~HDLxFj?a8K)!%Lllpb;czF z-DAD!s{`F*{pcSDx<~B)3j^F!JbA$Y_oBq_K0Uy_D(-!9fO~7Xcj*B4ws5a{fO~1~ zojbt2D6yVt1Kca;-sypRK^}jG_1KY4t@UeZFh5}hGF87n?vf0@T8CXdnFKZu`4&06t@xlU={96IbRNu zjf^G6njBN&-=pnyhI{4Evdo+XT;|@-xf99;tTk||^LjvDe&Nr4JPx?kBHYonpk^R5nFs_W*LcU?o=u$rHX4Nk! zD|Br>tbxz9@?rP?#LtJVj`Z$#fAv52Hl6==-~E|G*n<$d4tpTn&@-8S(0gP*6Xy#@Nu=Ih=W+CN60p}|@7Il*39=h1@` z{eISad*TFd1Mv0_0Plul)Zg6s4ysRUYBoKM%^vNTI@gA0{BuI8{TdynZiLa*r@N}v zu|80%V;DRXL*|0dJQ=9ju|8O{gYP9Ta;RBrYT3+40@HC$cRT)xP(4`TnUrJ#$t2 zqCHmws4-p^b^rIz-rksBz3HE4Yhn3&b<+M`ZSj6rYi`d@n!T#3H(d!#D^IE$7u>H? zRSb;_-+f&Bjbra$@NLyFf}Wl_4SErGA7X@52~Igu%t(J{sDTxi|B^d+OnK(C^P#UhPx->?@2e* zv%f~VM10%9vkg4EjCT9neX^mmRQtMa=keepx?nhyF7-?cRtRRTV*v)yHBUhT<;FxvY+x7zI*AK!cudNQF5F5GyqmFyh8R*Z}Dz2q3 zN3`v2viF69{l5LKt*a|sx_Pg=Zo2BSW+#k@uDYJ@lx#lJ9YQ^k=a7}E*S`MZZpLZy z_2uu@V~>aGThLB?pP~KjC-yc~v2R;?RNp?p^=|g{1;?zKy-OKe4}2@+vqO{owOz9Q)J3 zdDfHp{`km{JKON+Qu!OR*toc)w!`wFt2PyQ(?&$>+&V`jRrWDhfFJqp;=4PhmS} zAiq<5{(=@=)Jd`Q*;Nhyo9CStOS{#;FG0V{w@A zruZyFU76ABDe2@}hR*P+Vkez^%Um~m*H%8XhnD-((zAU%1YV1HUcPp(jBxKF_|)QM zac+WUs*!&@^5dPoP}Fj)`MaDwBah9J@&)<@lDE-lI zMe)0j3n$h;%z48N@Yvs7&*Rr*u&Kg(WkBEm!z-#?TevZ1e8xEEbMYK9V|+$h;wDI$mC%HF4b=SD3 z{m^Oj+gg0B4#t$eXYa?CV6S9$5&Bzo7R#yOvHaFWPh5j9Q8nS2??%zzY5X_UCsnO> z`L?Q2I_dn^n#%rCJY9QNwYSysN)@oIZfZcb8<1_C?;zVGU8pfUxETL4=AG3L#I?%! zh=nZ|;1fOxUKaxEI`HZNuPFL{!>!jnah>sTwtu&febw^M(yAj9!cX-;gyRS2*-yf=@>9jXANTq9>I1$nSMSr*_vPes{L_DU zJgpi#9|w-*=R?&SZGsoV{!10G4%dGX{P2A1;|~dU=akmV8EfYQu?^M34{oz6S+!?BOqByPUnoz4QTQ@>+@l)Lm?A2u+(il&iZ05A8Z=!iFK5FlN z(`Ddh<}1|XDuBnL@R8;#$5}l5`Kx?QyI;OIFm40QXKyg|0CML)R-(I7@LYniRvp%I z>d7RSSICD+fxGG%RZ*WM2|ub`^E}C%smTY={llqmHBgs-E)TXiB^zh!MUqfS~Ph-A5H8p8R_l{}L zd~ij_q;KSV*P&BORUflxV+DN?-`9Y*&W;i;wr{3}qZtG0W6k3I>!1VnNO~s?yfiqc zfs;6jx*K(6?m4|c1fW?4}0r2cVNJhLGYl%%G7?b3C-k6{p<_2jL{97{9 z`J=r}`RXekN`Jq|c_s!{AeOZgScj{>ZT&`_ITEbj*i%ctZiGfRGv?F)mF(4-^G0VO zORNtZl^EJlX%F(KT4B7b2VDXE2=UAU2XCtdV1pkOXFERG%*k0XU#8?+2Q|7F& zo&sd2aAOy8*p02~iZLGWO_H%lWgOSq6|2Xp8IPnxET}?pKW|;a@b^~F=0IcOiDmBQ zxqWC%ZHrzS?+}f}FS1X;cWsR46rWx@0<^OF#>kuTKXUan6qoGjiFmQb_F`B1Oa4K$ z#&N5NO)bZkIQ*Teb=)Uk_I-|kt=AYG;eRt<{h3S9*TMLj?7M2=@1N0sY+fNY7Cdjn z&_8rOcM>^6ZrjE)zj%6_bKlw$&Rs!AN?wCDHEL|FZ(kW3`4nknu3EMVommsM!4*6+ zhVybqVPBmi+#1G!^Sauwb8T8Tj9^2tv5mpntU8}fHrCij$t~9}JxZKo4DHxWVy@;4 zV)?{T?5cSVTFP&Ff#=f5b2YqF1wCr1StNhb`UehkFzego^F^$`V|mQelLPxMMy5u2 zXRWV+&PJv^E>#vQRX;0U$=_+M-}~$Ud&wQ zV3XnF%Q;JsbsXwQGN+O)kF{L%+&({EP+;t{YIRFr7#_Su`nJ@cw@q?0Tql=seKssD;+C?2kP@-gqc-;|usd)17k)~%e6xO;V8^gKtgcGjsT zdOq%a#+0!Ok7>G^u?qUQTrXs-64L2)r@OxwEOdOo_vY~)dR=2|#*OQ%crPit;!JX1 z;Jszc72;0B)0ZJ$(%Ch!ATM!UEgmtnb6O5IaUFwq>7!yE;$O*v&Nc428Je5gxp8+B z-!XIFx(S?HYI6M=ZH_+lnkIin{Z@R=_=8+e<~xd&5tlX3Cb2CY3*cesaE;|*^mHE{ z=6W3Oc{HBk-p6-6`c~xapJFA<2XnH*^)U4h`#FbsV&~#SHiHdR9k8|X*YQJ=Mjv9^ zi0#bzB+t^%Qn7JyET}Pa-&hN8{-_Z8j zBVLS9@xk5v?b&~wm5Tj8n=!_Qc{DxV{hY@9GDqXvSk)d!uRB@nI)9((5=U&?D!Rgx zqO0ttbcO7CL^^?X;k$!xL=#+d{}=r2(QS%*p`}}US$?|ld>^`T{Zrl_kZ$;HLAw3< z6M5)%QGU9~@83*cDxsTvgtgbl`_hfJAMoue^$WV)&)-S>gU@X0A?AYbT%W54Z}gFW zM(VYDeO>QgTU}&*l9ja^9jXM_JQu`6reCx`4ug69_EpLzN&XV)(W#+w0~XW!p# z>|M@&U x4I}3XecKbV-^OlZ!>vxWcKcHw4b^Y;?X_&*>3p}7@7nL>!*}9M{cEk4 z4S=ub&*bcLCAe0V;+KKO_R5OJc_HI0eS?lL zdf;Tn(i=06rq-YM^G0uM2CAR7F*H7^S9TNYsrsho@NwuY|1UgVN#LrU>Bwjz`_?+I zE*aDU$f%3 z;qmQDgWvcxcr_1yT@vcQ@o(t!6Vv+h=sMs8{hI?@{q->ukIkL0A-gys;@oF^8qF!B z=dqJc;s-mM6C2(rbK2i%Joa_YiWU!h^S2E8G=t8}z?&KLcUpR&A~!EEb2tBN$u%<> z(^A&L(c!5nJbNl*1r1k$b7~6ndH$||o?82i!%uUZ#BKL~>Fz6669-;M+}h z$d@Dht@um@wwQUw4omf_h!tPJ-y6O;&LwU>^FsdKcK0}U8-Mc+Vjtt&V*c(ZD`;s* z6t*70?iJV;;Lc&vOlLtFoBM(~}UqCZh5#TncYb55+eW=%=gQGZQI{%(70!An+u-C*il z=jzdE{wp0d=LC2b-s~CAI9Pe7zj|NtuDE8rNOLQV6R}jDy^8oja-8fovcdSP#=7QZ zdgl|&4HMuP(O7a%{D3U95ntQk)Qxs);2G`_6Ftw^<)FQSb)A%<(F|ey&i#{=fZ99}~-(ceZD_YeOAP4IiysCghfYj{pJRy?9M>4=Xr&W2y$Iq}P-T+1h1 z2yPZ9)>_)G0WZl^wZF%<7XA_6Dc&d8z50slnFGLBN^N@eEyLJoj1HpPG>52>yo|9m z%spNUK9k@XC(ko){)zsE-V5r5VLqQqFXW4N9xC2<>Tmk5*Sz%Lhluypd-imQi5VQz z8?({5RGR;#ICDiYUNcvPKZ5r3sWGo3@8Y9kVr?ZG6+2bT&&0E^sW!eAw4=Y8!Mtf+ zB0Gz5Du+MKSoypk3*^ZuKW>hnAE)z76^r-aa2~2z>-WyGnuAW%SypQI#-Dt+Qj-s-IiSgdqmPEq>7V?dUS8rHjqk%tCboT9Zv2g&srT&2HyGF8 zwH;IIpZ_akApK+g^9|^sUVR<%e@wkv{6G1tkAt@dH>Yb75w`9 z2WM|w9d+ElR5-uReA~&U?_pe5N*_d8-kQQWL`xX2Tcq#FokquZAjj?6`%xEjQ|Q!3 zK1M&T^2XG}&X;(yWM$0GbvthHbbFz%+s&Mjwgu!qF>l*}7`nf^0$I3O`av;;8OBCP zZ!qVZS!VKOsrSS)mB?=}X4H8z^SPk>a(xMKJ7+Q9Vh+2$#Iq%u2iFo;@4PCJ)mh`p z0o0thw?DKmr9TsR$9_Y7w)0~7bQdy@yNPK5KET}gWc0}Obf6u*R0P~D z*sd=0q2_awz#~K4xf2>$9hzL3$hMa_kG8)-Tt)OnjyxJnb(=(k8+{tIPxEL1O*Id; zIF<9g<$Ny<@AiqSa6OFgSz0yZqt%TeT5ru=KHd_K{_2le-xt+(r9{!Mxu}C zl)MP}J`5V25u(u_`Mzj$3hm>GL0bIh3V-G9wI6BdkPk=B^35vWN3nz;jz{=7%I`9` zA*Xu(0>LnHszNacuU-aV_JhH9U>uV+O}Ucp=iFanyLq z9;TLXmMr=rIRpKE0b{oqJdACd=uXgBUPnw{eW*Li^r7DvE@lk*o@`H)?`63DF5mL_ z;Y@dwVAT5jknrjl8<~*rjL#Fall8J?*CBtvvvQ_u$=V8FTDpGlabTi{`{7axEk7c6{yN?S4ef+&(%(py$n#c2!d%utU@LUk08P^{R z^luyR!tZp>5Ai+M3EnY0l}A4qzMtKfr*6F*-N3UJb}!%09+>ab-%ez|Nxs))c=W3K9A)z4>X0v|eU!V1^G&LB zei!>RI*`*&zSo6*IjN+liMdQ}?iDLAv1>aQH1^GJ^J23lE&oX$^&MkJhdH^kqsGWa zpV+c_gKtlVF&3rtYZUo1W3bJEoGoi#hnV?LE##ikahb+j~WlocUt{ukzEo#|+8M1=!D8E!^^mU;(I;9uU4e1Im zcl&3|r8|M4HLVAo==0sN;^!|$Cl&u?8bm=Ja;?d(~-vIu%e7TfjU&urs8T03^ zVVM$d?DcU<1>`9im@8X+4&XzY^{unyPZss@CzIRhJ29_y{+g2fbA3M{dyVd@+mHWq zGkD^IdG_uj?mXe|`9H03=V;Fs+zj66OsjW${huq4S9GMYoe69w*Uvv}?cC|^9Kk|| zhu`bGF=Pw4{weQyx~-6JdNCa7M)|u3FWuX8Ejn!j>rC=9t^7T}7~dhAi~g6*RSc^@ zHk|7&-jxhL2wdsv3VbX1BFXLKcM)ru6Z6MKbYNZ>_LoyUS9XSH$Mtu4onl!|%eR3i zJ$S6<$@m&&qtHW6%pIb>qVGqk9iKzrvT>+{*{eO$ZLRIyv(}c--UxJv;yNk%&~Y95 z8Jn=4HP(*B{Bo|?Q2HY~vAm8xasR7)dwH|xqkNgaH8;}!jU+m-l9*onA#ys<^&fqr zr>O&+>(1cZ7}n=D)RmLl&U}2D*6L1We^DZP>;>L4%XkKR!F;03t$D^fW1H9jy7eqG z4og2me~kZAr+xue26;5ni!{N$t9daA8nn3LhaG6^~Sw( z0l$ow@d@A``HzYtWVk24LoG)7^!@Ko0x7 zCpsd#Ue31Y&-E+3rx;%^eL4THm%eosz4X1)r*GZ4iR`ijJUW8?Cae*xAaCmq&LC3m zdM9#sKYGv7kT|%>9WcCkj`v;ty}aG)^HY4g_q%1W+;^Rcz29Bze|H&UzQ4A>?Oa#r z=QbAxa+^7;n|mjd?+{}glKg#uzvVAgFz@U5Ht}%Y@4Se$WORY@sReI2e`Eg}9mc1v zigT$8OwPE+Z)bBKo-?|fzA4_6_)E{Dsmq+K$!F>*C2wZL#^gnbYzq7Tm&(_g))IR& zvGJumQ?KXndF6NMJ1gP;%fMk3{HHa5r-u14bLAG`uQ3KUeag=*h!uIce?3R`!tV^i zzXjM!_^0)XuYc67BnF;VegXPHa6TV`qnNv7*Yoo{*s?*gJ6EjpY~c-o^~xItiHBTt zu>U&XiNHAAd^VF0Gsya$<=MEk=g6eSG+O4kXTUF}46IJdunb+D9K&7^WL$GR{T)SSWm|_^eCqr97YBWO^4V|G z|3UD1{`$W7y!r0o^ zWiMi6Z=uNrIonN*ffw=7HBTnSI5UMzD4wW1k#>_uc(&^%IO~YNxT8gkm7oyj%TsHnDN!|r`x!#$FtH&LxJ_7^a*Ek2hV?!eoo78V5~&z6yug2kG{iS z(_B*if#=)IG(Jz&sUDB}{tZ6QO!qvs!Pl&%VIPij|Ald449J%`!{p9reyKPTeq`TT z1kg|Zg3gyMU`!PEj3kt&F8`F60rx*3-$CPK_V)4IL9XSyT3C8l^Uy;44D6PfbIMmN z#NUt(Dr{zNGB!zm-5%aO{TTS%;CX^u3!d;1a^~@qcu2ft^{RaNE%HCXL%C6!vkOnH z?->7u_LqG8GTeKSzs(xpI1itRK0fJc`VT&a=fFq)&Chst7`S*cf4-Xl7yDi5(#?FA z_`BlGAS`kr2PrrkCXw6d!p5&TzmT7%MFjqi21Fpe=W5(b7~DUT%c=blH?(4ZQh zS2U=B2JOtV1yj#hoTT?Wp7nCh`}khunMs$1`B*%)x4A$6-tF^|rf8>tuuUGDBL7zQ^J@@0snzd$~d;HZ+lGnxy>BB6(&vgdfn}L`1 zS8%3%h24)>VEl$2cu_t^<}&`l57LRs_sPIJ8F&SrxYz7&JTjnH{+@)^SLNoFko{XNEwi?`uj51+5~;-h)G&V^56BPVR%PfiVe zhX&)F@q5TInLFMYap0TS|1`XprZ2Mh>DbpcX&p5wUfvpUr=Q~G;%FYWjyP;>qQqt0 zEqg6Ao6VY6C2+iXgLHmj%jZubPovP8Azd7NXU)N$N8A1N`nNAOen4x$57-ee%lQG7 z_yKX?%eG+uTl?65@aSXzxxSYCmM-YCZ7%PSD--|SP&dsyp^x2%cJ1)7=Q9-=-Zbw> z&bhZ)XHx!XjH@%fB&XsR@lE(0kEUPSG#a@P&xQG0dRjbwb{-y={kb%tFAr=TYxw(; zli}~J$MxZF!A8zn8=5D&4dnGdgX|}`cDRlkziGO=^%r}a)=wi2QO6m(j7dE-E1bq2 zf98~HxF+^NyyBzoXa4igP4NnRPx!4T6PwvnFTFQnV^1xA->koxd%<(^X^$Mb-{j7w z>ly!*@aQURrr@F%ibN}8+qG`x?cvruxQlv{e>e;NS_%KGf_H$Qz6`rU-dCFMtp&#_ za7=(xC9r67+kXvCCx8<&v107&O_`m#?dtP#|H@f0`nPK5kCbnkl+ zt)C$?A9d%#gK>Xf%p$EN>_5u$b)Z4|hmmah#}V{H?)i%Y&oAWpIB<<^*F50I(QN9G zD0~zZd}v7j~3Hv!*LlE8g==sQhy zL&cA*M}GR9rmgG=Nl)RqQ~B;yW^C@JZx7i`h3az-@L0VQnG5-0-oocp}aGUcS?9ibrT*!hh7^gd42-_ zc2kQ$wGgU#z6c#s%s+2#ah%aPHf|~(S?f1i$LVGa6tmXaTku(HPi1ekHmr63Zsg9> zYxdmh|691iLEp3bQ1h~G@Ko&+;T6XBaG&*RBMfQTNeKrk}>vkgtSjp`{tri)*|5FDEyzk2;O18OE7QfKaTYCaJ3I(>5&^V z$Xe!R>1^!&EuOwnj(n=Ne_r|1rxSC8S2O6vCCJ(}HI91$I(Y**M68$1Bo5qLKSXsy z?(pk|sLqYnR|}zK7qWhTpkBxweh!hIsR7=D${|7qM?8;zf&A!O+DpjXqp?AA@A>o_ zndsPxuK^9ThR{I{(L(fdnQG)v+agU4(cSF(YgX)yn06&~5_5bPYjHoZkNp3k8$@MA6I{sv6LTIg|4sK zf1J104ox*)6N>C!U+-N@qjV|X9K}ES_U89Uk3ai#Rn&w`Drd*DVufP zbA98kf-QKj`ta=j30tpf$dRH+u3i-}%IZX2WPhak7()zpR zZk3F)zV&J4y2F>UQ|lO$+PYcf$Dy-$zC(P5{gJPI?`eU&cixZlermSUR%Yr-jB(e3 z7d|F=?~3o4oUK-y+gz{M7vIuapJGpT{aEq0u@A5>40`HW6Z4uK%6n%_mG^F9aM&fq zSv9{K%6lIhxwq+2`eVj-Yfk<(et-U+C-dtAW2Y&-)sGvEyyx-@4mbb39k~A&`R~RS z+5C6<8T0diJF%^ZdD{yU;ZOKUvQ=YrR*Ab^ZSb&(QPw%` z81XRjZO6SDUfK$eXl#j-WVPoa=JSd--cHN6$Wt+V!#(lMU0j>|chBG0Vf+pHv>v=9 zqtMgrNv#F8_%C1n`)vcjc$z&NS`*2P!Djy*^53VvN`J@rdMLoBDc_b~=JTp-`CpU& zzL+sJG7zxm#{lzi?fHSNUjF-Y%sDSGn;Kgedz*QgZOfZ7;`!s@7e0vz90Y5uIqT$*6tXe1>Lp%{=WW-YPm^w=|8K# z2J`Q_>1&uD?gi%I@PoCp?J+MOD|~I@q4gfW>^A;R-~AG4_{GGWZ`}U2G?N z zBR;x;_jl4}b0!Ojc{LV9%q#m%kt%OL5XpbfS`3dG)T5G(F{BU@(+45w)$Ad#HPx{w}Cx;>Xr5dLbTgoj@ z4r7e)p>Owj((>bg_LS$Vcs@}~y#Tw;vehwjIKh4GyMLWM9gP24aAfbARdOlxSP3uIGY-ZcMos?N^IP!mW7OSXjLh7n9{)%&%9Z|{v4=W3 z{Svi5gle~;CaSr^PwGG*R;q{;NLw%?x z9w)!^8v3F&*ayfJ?p{Y+fxRaMv~`UzwKTJ9$OW=A*89KV{hprT^!bR5N#1*zy_u}* zH^%FRyD4l|axwq%(fvlB?l*H^v57gQ?i%IuROIr4P6_oRE!}h(j>dr(y z6(3G7C1!!W$RLMvpsm(KJl%AZ`v-EIjDDd8AHT$c7=LsTzE5M&KTaW+T4yMhj!NL? za;QvU)Ca8(38ukKu(*DMe28g2Ze?ce_AK`X z;e_3B%s$Su-D|lH;{syaPGhh8%82=E_XnE^0C(Q_@wMGYZeq zvkvyvN5$|)z)pPU-+kX@7<`4^|50FXg2R8-UJRzcXT0Ax?jk#}2)KuS{N%nHb5b^?-ZfYCi$C6^+TvFei!*^BpI+%Bm`b)0f#B07C zRNwTU?cd}N^Zi}k_y0Z5_b2?7-+#{R|H$>fXB_rnfiu&OUo_hIMYP>!4zMp)zDOg@_4eP=>Wt`ujGt`n^BelCvwjy5w#2ImrZ zT>UyYF63+bWB5O>_`bG(ZDV+^f5+of#SgrZ^ZswgZ!rEW-PYf~{t567hd<{tHx2sK z_IuBT;*V);q=Q_OkI$v)!K zw6&Yu_fofr++1Uy>WYkgiih^g+IW-nu(1!|@C|Z$I%Xu=3aG1~{1kqB?NbN#N%qP- zU*p-*FY9^qUIBb(`Ow(lvHo-Lyy6qr@m$OBa4i^5hg6!iYT_o)B#F@{6gu0zr&Z0@z=3?(>Tx$JG502p{tIv^D>A(uhQ@&1D{QOHkUx|MY)O+*6 zjV7lxHy@O)tt6&V4Ie6IFo*X#puq)W@Oj~l3z69_a7(}&Cy@iZMLsnAqWQSu(aMRE z&5{4OJlH4rGzpI?H>4&!7lMB~@dY~JXX8^pbfUXiK6NHH7kcC|yWZfFxIVGgN6eZMeG_gS;F+Nh z_!f0Hf=9r@v3FLx`|$BNvz z{&R01{c(kcDd?g&Ma4|thS%pG^A7a0&GB1L-;#`DDlqoSA5o6qv-H`Fe|4eBA9;@X z(p%NVeey?=`yBX~@6N+7Vc$aLI`F1$jp4_qX1ixh-KTw$kIBYp9Y8ux`#Kg4#Xo*D zZstK+^JUHQ-k0y)*Oa3F>bIV?`7v70#AzID^`q`-eJ;Hi8Z)joSL6i7HMxX2@<`>E zp6$LpoAbvs_ox|yEkPHcL+oCf71*5g5@ayw7jpeY@@d2?HOgtJ`KY`9wbz@{`_OOf z$H?GcyoT>)Wtq8_*~6aUe$DZY**D+8-^-Ke4Pbl*Sc(gn+^FmD(HY}P;5cTzl6tZ8 z7-#l6$!1r8Td*Eq2hXD$%zVM<2d*ywo_$XDg_q#%Uq|jmrl?O&O7Azg_c-|tLE0%! zlAaHbBC{#v^8(HUN%Gun%D>mc0)G9 zX{j^0*TdbK^Ss&vl2Ln4Fm=X5`j*^ydHYQjJ1J=SG4-W_cxT(+b`;44lf3Dd(B)VyhV%Jst7J9KF&BHb3+6SwAfllxpPj25S=)2@q@L4T% zl04r+t$xl?(R@ndyeu%5-(_!93>v9@MVZ#(Sl77-8q_Kel$^<%mA6L>zSi!w@$&ZS z3@@Bu@|M%wznrnsT6_gG?^xySr&$KvIKET6*{=(4L9b@yBuTBQxbn|iN4lCS7basbb6*I7NHz`g70R zUAHcJcYK7LNAd(U=Gr4>Y?S|O_l@vO!poyp9*MWNTlrhXE%HCo&@y==JcZnLTp@V@ zp9PLt4j*HJk!m)-O#q1cS}xVOvsfg z!RAGXu`GnIhu~{I2M?^IpWXB$6&RQ0*u$!uPIb2)<>gL#xh{n*Ut?ShOz;p+2dk^H z7scR58wagE%J8$~d)1k&U0+d^t;Tno!?#R+X(RcmMxVu69vt&pQ~N#6^d!$DKA?UK z@~*tIv~<9a#k*D66(_StZvy-ap8GSUZmM=+9!uWVj$6=PD>e1a=qAPFq#>_1MWhM)gTrU$+x7F7nlI|^)kt<%CX(IV9m)P_Pb9l%UnKk5 zo005Z@=sqU_cR$B*>a$Q7-?)o%l_DrZr9e*K%RGz$@8w!*pJp&MBE>WCh$SCvEfI! z4{{y!amvv@2cYMEV0L7V2*4^Zu;fo9--9=JCe1Sm6Hohy`P*b<_ zf&G!&EUa~Bc=55dbrCm9j>k#F!XB98!Fd2U7oy9zkyHCX!i%e}b)s%HZOY%>%ky0; zE3@6Jbk5oMJ-csq<~AU^4RvEVy9{3E-xl=LR`k@th5L=17@vO~x&itn4E?-X!O;`x z`*!f1y{{?x4z&5UW6u70Z)=Isk;s>qJ4GIDW_%=@PuHzgKGfZ_-CA;QI(X08qgkH> zCbaxMuwOf$zuyG@{osJl@b`dU;lp1c+}}hV?#IrdM;<^|L&L|??^rz+buVG;jecwP z^jmr#{6Ud#)wds~88K-62^^?qObe zw8kLjDh_=C@8Vlclh55JZ-i^*jeMPV!Dolnw`ph(KJfW8_W*fWmB6z2z?VCMvF=X# zS{R%UaD6@SF5sOFd|&6Kh|k22UEtbhe*o8?<5^3q^d9C6=<-_f4wI{~8~DrVCTs^j z;cDuhM#$yu`XPE0c<){Qtt-cU=|^AbamFoP^Lb}(ndGu=lKU+9hH>opF*L*OOOMM3 z%WyrL@5(0CmnnvlXxjjOiW5uLgmV$kMxpOCo{J`+Gwo;bw|w+MWU;qTP4p?a|BUOC zd9ILnh~Pd8+|Jd!!(69xJHN=S^m8-`OxjNn{2Kn|-f@DDK9mkDI@hZKw37GJ=t6KX zYZ_5xFT-^y&uWf@ZEUS=p5R^u%++J54LdJKqgNij`^x)2{vU=$%Rc4I<*bt1#!-7# zG>dTEO`jelzK|-dG&$kvVc3W(7<)4poaTN-IeAy0GoW3Nrdx#5PlWS-Eq!wKYN&C^*_MqnBnogXewUrgw7f#jj8z-*FWbu zyT0;_aD={EUr9q-?GZF|uk+~sv~X8Oc_tLUvqN}|}8GP%7*dfKJ66^(2u6%Ny z)%R1~Q^6fux5L`QxMalcm!0SNWa0g?*lqljz<${$L-N4&zk`d$e;eOksJ#sD7rJZF z$I|h=Hjwde2QTF-cgb&?U6s8MzfEn{kF(dFAM5#XDaJR+SjYW-^*Ps}8+~{qwBnfz z&s50v?Aa-)bm3(VfHi zN@nLUrh2b}_FCF6;N4^f92O_C{{;@rV@z#?3^*)8Mwv78)(W{6c#26F|0L=8CuVOf zI7|hO<_5+;QT&oIFyk|KB7Cj<&f8hHDlq$(yU;7!(fgC&n-1*Wgc1C{2;D;TPm1Qy zv;FtrI2HbqT(H)3A2e0W(vN}m(YGDwKX^W;%eWp6Zi9>a<2 zM6$I*(Peei4V#aSpg*Vd@(h020@`Z%=krr_@4YFkYtz1%fAme`d~WdGjkMp)KjfUywANmUTrGodQt-Fd)eH3w@+h05cfQO!j~1b$;E&DpX(6>r zCe%?wJjQw%w#51o6To{pK85Dr_#fH#Dux;#?!8*?7hD><>&|t%FN$O*VIR7ikK~Lj z{PipF+pppu&v!6y?qEH*10ARR>lU_!+rfNII$gh`2e>~GT5Le)K1jc|)3408weEtR z!#^wMS2{y&v*?%lm!bU}{_dDh{fOD#8dDm5m_}AJ(v8;`+Uc{<>>%^ z#+(wqjx;f+np51^(S2i1FMsUtVor*mtdalo)=;;cxt!|6elTZm)3Z~sjnKHx1OD{p& zAkMTM@N+M;{w0@*K#Ed;ple^)51Ao&CY;U4-)ow4b4o@7ZsCmhV=fcjV)mZv}EASMe>? z&oDVI>%4DO25M_)zk}od*Bg&EYrVPsD^>I6da56MRqWL(+xAk=3pW=CYrl z?Nsy*xsLI>r@B?4SXUDH*7|yClK0-fpTIhX@gb(VLzT0J--r*@s&#GTKa1bHqqgQm zS94kAn>7$;SMHtaslG&w8}HfSCZB5&e1renYS;IS|BKE4J$?HEJgWGd^?z?>+~xni z$UTj3HT2oy)4=xs&QQKaCH*bO4wb=EmA;(_)A>x`40JvX2{PoG=JuZno@iQuo!d%G zB?0U@=iSFs!Iht?gJ6~_3$@R~jmmwXbu_~8u zM~y?(v;8Eoqh;(rituf%LCOx76W2|TgZ5>N^BB=O((-NmzM5jEN6ODU-@R9PX7GrySK42N9|Jwj`f0~_ ze2QS)h3lb=Q3vpX{=e$cYF@yc!J8*@?eLs*sI~7kTE9u23JJt7CnP7#Y;Qx+1s=_k35CPKM8F`_bB`nho7{DE#IS#aSo1g8X6>+cPY>0 zWyT?RFX`*2NBE}nQ}DbgZ?8w+`eTZRWUfM%nEQ94n+t|Gk1i_4|GA8DzDQ$j^Vzlc zyU^^#w(Bd=?CVXETjg)Wi8Izu!>9Labkx!Zt)bMAH>Mmj6Ay;A-uiE><>sT!+UQQn zej5EC+pe{O3jA#4wP=5$S*yH^@$8jr&ci{!n7JhH0lROm@(lU_tj<|H15Z2Op$@2W zBx;o-;q6g8^I@M}F)x=x{zSE6y?1jKNb&8P#5Wqxan<GVW;} z#JppF71#2QrYQf%@A2Ok87Y+yo7owyklZQ$g!EP)Qxm2X=85CYIB^| z@eT0VQQJJyWvt9M1lv4M+cAM}+@o*co9P?NWXtb6rvEn*gM6bV&o^lMi*i}~eteB@ zEc3syP(IGt6Z(I{Icng3lpWQ-AGCD@zVSKrV-z*sJzDLLf7;8X?nA4@Am6CT^9|ab z4}4>ez5!qB8*!~6?I`cxk9Ln%#5H^M>RQIb&^|fRtQq@bzN3n3jmsv!F;n|&(DlnE z<7+N(ZWI5fpLATu-%sC3TrkCaRNoGdbqt!;eqy@Gs}XE_Exmd_urtH{c~b_M7FG%# z7wjFt%m7n1ofufF&3Rc5z6HQ+Xq@Gu-wpo=mVry#9l)%={O+CkU_L3B%&qgmoB$6u zG@joFW`%SBZC?gv?bLhj%?I-VU`nP0Gb~FJv3ncHHK*UbcmlJrmbR+}^O3vq!gK>L zZQpCLffcN;p;H^9v2Cs5euigfb8YNG%(Hj0 zL#KZW|I)8-p?tMFjsKC$FF;PRD;hs&k{(LjL>z#zP%UK#e30L1m0$JjY*n-NOhj5v zvfrrA?y=}!jkbEeHH!TVf)Jam1E|Gf3j zCWrj*<;(@zO6|V89FEe(!t+o6;^8UXo6q0fZR&^S_6t{F(`1_!`zhq#0w=bo5*o&^ z!zc0YRjxOKgZ8?l@O4bRWc9(f>1~qZDH| z^j4f#`i$Rle5wWXc_5q`133L}fZm=y$N``=dqId=ImPw+u7OkyfZA)7cf>lZ{UV5tMsAU3pK|F1?+S1mx1P~RhZKPmJ z+tUWITB#w!v*g7*wxJ3}GZJCPZ|9RJ5duHvOJ-0M+eEvKSPiAKCz1F+l_xoPf zyWX{SBk~acDQkeAioNZjUB)SK&*{{{srX&@`5E1()UApgaR0geFI4?!=kqGoqW@a@ zuc7~W^uHbcian~Qe>JY9j=gvL9Hsjddr(7vyN&VXYQNgoJ~>M2lxH~eU0?g}d?S0_ z)rq?O)`+|B+ZmBN9w$D?&NrSsk(x8?S`zz~Vje@DhV_|K?PlsHB?piq|0Hpws_Bun zLgElLMk59pLZ7+zr{usxi^V%r?~*?9;Nc%Ddg5Vy9z4_|k1EbTRd}FAUFvpSJiJon z#Y2Mm>yI?w5*iEttNSzO*O%mxf3@yU$)En}>CcqE^zltYHrr@_kH(oRkDT(S?HVv3 zWy!T_LieZFDuwnX)P$l*Phg zXWcje3-{2!$-kWPkDp=>C?NlvwLDCFP*DEtO;+-sg8Zjt<^S;>@?X4hx=;Rdb$=%P z1?5kFO8)d$Pk&zdFWz{xA)8v-FIoPyujEhtUa zKWn{%>}KjBS7S3p{_5OGFu=ZVFAkXBsrrEc91Mhxc8zthKrY^QtN0;nPi5Y~oU=*t z3*dcAm^o6IvF^v_jQ?umqvONQn)~=EPK|?#!^FnRncda|d(UOeZLw3zF4tY4)}fV; zU|qQ${c-KH*!-Edc=!9c_W5zmKR3_zr+b`OLh{Cbf8fxc&9}}z!rH&6dJN~n$I|L^ z;~4u|_j72By(ko$bt(7UTR+BL>VCdvjJ?eLyl{+thx_>pW9&QK&(See>`XM&h@X`u^G**pN0>;_M0{2 zuqBodezxBXpNMnBug1kTk!Mo)*D;J^dqW$d)QCi_LH27i4+Z+<%Y6L*cTK;X)8Xg; za-aR`-xI&ef9*fLc>ncj`t$p*R`QS$;o&37w3{9S@`zyGABKKnp z3f-q)8bl;*+bG@k!eXyp)x41gs=U+3| z!{|y#>5B7Ccd@TBw~>3*b*&$={@}LbUU%AOEn3B`&NG(r&y~;m0{-JEa$4hWv(}Hl zEyVvY|08T?rEXp3@7O8!B@o|4?N7=3s|>%&fDc<9%|Pt>t9S zKmX7DMW|oKUyRP7AIJ5jehA-0Kj2%CetZl*7UeToPmIQ+_7yX{J|n@J&({0A_G$0k zj(!K}hxjgYedRwU2kXZI>gY1(YZp21d4Yc2d`)YK{=&uc@&b6q-)8Yl4XFpqYR&b0 zd%e78C?A#w>lm_bsKWB!{>_JF;<(TIc=|2PQ(kPNe6UMzAK@chgPUOcm|xnJh*EvJHK+E(#jx5UXpO+afifDmG!igfrJ2 zsc<^mk5lRop0d5Vzwa(b_g^+*MR6N0{Q-DwGvf8OMc_%t>urldnRva;h}Zu$yoN?* z@cNTq1mpF;^ceaCufjvYEARUa!t39^TpV7B*_)zPh5hE4KD;7>dY=sbQ`29J{XI4Z zUdsfpv|S2bzeK;iwZC-|&k&FFCf+dd-y`0jKHs#_YM#m-HF=*?UhI$5*l!-AuzxRd zGUM`Q;;4v^@6$Ek3&b0T7w?UuGkAad=fQXn^(EegZ-RID7KHb6O2YdI_6#51h41UA zy^^_-JHLMM&f?>Z&rAxo&mWv_Lu4t!st zY3~zzF1!QT&*A-E>Xl45BYf12CY&L@&3c-@C-g5{8_O5U9D;F z6MPEq1fTFO2%rCRV=4HYYX9MMA3ovzMLyo&py@9r-gvh%7@xbOu8+1$i8rq7dwfze z8?k2}QKHUu!YuYc0lnt;LwHwHWz@79+pVV&oTE zjQm22kzZ(;+BiOg&)GTf`O$w3pVSW;`32#f;1k{j;qxANY54c1y!i#ovhO_2Yd?ke zf1~Edv<=Y`@cF|DJ?v+j7&Q@OhRGpE1Vq10RoGSz5GzKg{?Xm%-=Sp9b5{^_uox+D|V&g?EBaco&4v z)b+*Tb1P?sL^%)oFQCC)A+1ATjBFR;i>80>ljCwk4LAzZ}B-GgU`2r5{%DKU*c1EC-{VSLHInUBzzuY z&+y?>c)yPNCewbtxWusy#o+TZ(O~=eLGW2$B0hgizkQF-bL?-+neF-P=cyW>@$(fv zJHO<`XM#O8pYrkOZq1|joqrD-jO?#i%PvM>56W#^k^FDZ4jDL6R=V|uW zrhDzD@ctcYZA^SlEdifTRs`d-S>Dr3+okyTK>_$&ADmw*!G4}%AK<+(dGUFsb)cLY z(6OVIyi{$CT_L0$QoLo@h%?8#vJ`Glss7<@YUJcb?+KsPKM{kN0ss2ETpSj;@&NwMXW_=fSDuPfN6) z4fN@^pZ_{O$Jmz?!spoQO?B~zvv+wbFlD)dN zfc-pAGvpboa)7Hn5-8Gk+J}2|nRnE_{9)Ub;TMjvCHfb9j7wTQok= z{>I5(`-H@rnZ`}TV^zTPy@cHwN!T8*&>FyJJ3hxA;@GciV)1NB=pX|&0+lgL$ z3hx*Ac;BSQP{_X@p97x*!DoGm_`Hce{q}QvaDFM{-wV~}#ngKWCfXmD_crCTp&!v0 zJu{2ZweZ#S@o~m;tdCD0(0nSPKK1b0)5h%nfT20?I;t=6Dtr{Y!pB^Ay{t&Qu10pz z_!RpRA6`WcKc$Arv=tq<73c479NWX5vfjygFOy{d%wn~Frssax;5{_Y(x;2pX4xO3 z_mc(fe~Ihs@@}mN`&A;;9m-i}oE6=)%<9j(dCIyPWuG~Fkfb)1XJ1pAA#G~K=Q7j2$=h44=F58ma{zc0W` zBc92*uakU5OVpZSFP!T27sC5js6R6GuPlfD$=ZmS@4fHX9{NYVV!C}B?-EVw{R}VxT2!EmSC(p}!Z5)3QjM0y4jNX~W=x85CTjA5!e0=&D^d_h) zEY@EfcDy!b@w&7n7_ZCq82SXS!bia?e9VQ{t=AQY*O1y%c82|5Q@nT;IZX4(;p2J? z{`f{{G4Z-%OfX*CDzkW1=O~nLhQciR_Mb=6T)=<0_P1P}cjMh(&whmrzSaJE_9OJz zUw^iD-$JX}Pke@bR3V(#X`H{3#rda^hZz?ocu(ZZ)c%XZ{h!!ef)3MWANkKZ;wyOf$w9$ z_i7a*ly*MI68e?%HR@#lO`iP=tz4H_NcIzl*{4%zKfSu2z4syZ-iJAdqtN|IpHAie zGv(eK`;o8Dz28~U-&Q>FB#=j!9`;Q2{LA5-j~3kT?b@8|WJbUTS?(aYB`WVXU*L;k??ZhQ9*RD~ z!(93}37!@cAFby7Xi@f>M<;vzjmV(MCxc(;G5Gb-?{7YIOt8N>b3#@hOZ7M3qwiAv zO{?f9x*0+@!{}X6`i5?Xly2tGw|H)SQu?;6!1cQeT)(%#^#uj=y*c;uuD%rIe~UQZ zhVwko`4RT%oF$r9=daT`e_~eWZ~v@U=VRdQEoyU2ov+Y%d*AtA=2-6eHeHVg>-z!D z@sSw0PyDa&PxKxB<HW zyUI)Sh%bY45^LyJ{BLuCcv9&b`kl+asq3)<`hs1^`#km_*L7E)g7OKe8S>7d!u8=X zId?EV!LFD0eK~%!#mFaQ_nm)U>(G^19s0pFULC4KhLt`UUanA3~cxmWQ&NC9oCp1N^p4rv2J4=j;USzw_l2zIt>I{b`bX!gUog zKXdAHO35d@M8D?wa6$Io#HX5X#RBGAr+VjG&0_D_qx7Vl)twKk*K4famc?qwht$FGMpzlyN;hZnD*K^c4hr5^;_`+w84_tM^b@hbciyu!a+czt|9ad>6E)fTl* zw%1Se;#K&6jF0~p=D@2zzI$m@FkXK#K8x2<V@0Gvcyb^Ps#aa-y;Y9oY$vbND>EM^O4zA1UUEG`fiqk*xd944O zXm79d>YwobY#;9z=rI(Ex858Xtbeca9yr%uloD@!fPORij^@~`_a46|+mj06H?Hwp zaYrUka6LRX@tcU;x>4%qO#F^`U*b2r-~F`>!T9ZzGn#roU-0@5;ho?Y-sQsYaV6pR zWP6MczruT|pEG&CNsplrers~zcbec=?{_aH-uWi|X7HQGU%2)+DBoqqLz3_EpU>w% zFREG2i=syLCf+5L*A6e!IKCu{<6qAA;<$qMMV#g1Wqkl1y!3nWU57ay%GQsZlmpMF z1<>!<6)W@49nW%=f6VUxpnlnlXW^mX86M`s^Fnx9O#B{FXGV>-ubJSr$0CE5sVy?` zY~{eSKOXwph+uns3-6S3@my*=l;ljHQsbf467$h6|NBB8EO{psdHo;pj-b5yaJSZn z8?*ZG&w8&u#E``eK3RNE&PejvM=$+-rVp9@_{?E5`|;K1?0hz}AD{Uw`|-2qMO?c+ z*uH-ufc_Hnp~*9!6&{K{z{6bnunwLY`jB%^e!Z$s8DOuDdi6nMFw7@|^Yj=B+4tWb z<<*Beb>81}d($}dfwL&29<>zvemwp5Sw4t(zfgRWLm%4Qd`|KHp`YC~Bcl&ZMqVeo z@Bdz{4-aPbVTMm1>X60b)Hj*7=}&T|Qt|rGV&r!+=Tng1$(&E2@Llhm|E)e}>qSb} zhmf)V|IuK5SRX)tuk}HADEa^obLm5}t~h;2%KAGwjz3p;^+9BCsZR#C=rQ>9!S5gX z=g^1!yrx0Bg8GYzckK#Me*ol<}+fxeZLX*~or?a|n6LK?S z{y1{jL!FMP3rA}?lu(aynDwC|lRtXxkzjr3lrw&O`rK=M5I%}Nz{gzra9m0HFx?*G z(+82m-99;N(qr)JgMYoCW_YlFn1((?^?un>{KGftw=evI8&CYJc&|`%gY)dq^DZGB z3kBQ$2Q=RIX7T=$d0xCX!{<|ceEy{7^ZOR>jaj@`=D_>ZzQnumQSc5QbK$)nz7`V? zIr*Bf{ps;u`!8~Mo_ZkD?i`eJkI-2^-u?Ff&SAlLzy8=P-b=Orf1+={{cn}{pZRaG z?}O+oyes=2A85DmuAIDh|CYx4(RXHYI&Xi*i}zOee4~%g-`9M8-{L)VT*kg%`*5&* z|AHPvFY}Y$_+R)ac!!U<@V*Yd7K3*u-kD~vKHiIWk;5>b9L~#ucfWoA?a*MnZyJ+5 z@2C{}emwoY|Lpr2_FKGvC@tMOiy#e0o zJSL0xQtf*^eZR-{y~Ul+77@Rye>EZ&zQ7c+jhcz^Ui zsp~QEeuCz633zWZ=Chgo@XTj3=QS{g&79YuK4<5%ne!Ud@7etine!Ud@2fNWADX6y z24?L08xIBJ{cmzcQZMmd3qL*i9pR(k9X{s5`^g60W9-q$bzTGZy)9}Dw5R&;E^_#m zPYzG(G5GQBx9?XR*~7joyq^c&-SfgqvF{Jl?_sd-MdO|Lo$*YzZ{vMLV&8M({UMEa zJB#;cKjp=H1$@51$LG&!KEH4A-k8Pv89DGit1s~`d=$LH$6R>70lvENOg_A0-<#xo zk}r(&+INw|tJD;kc4uG?ybCSn{)ul63C4STbQbTW+IKmxs;}&Oj(lYX?~<I$d}wBo1Pzv3N3c`^T}#{AE+m_NdY`53%z^zr&}IseFKAKm$fL%%0~e|YVCWA?ng zo7V>0_uB*LFE&5Z!@dg-1@G`M7v49|Ee`LEDt|xSeqyW_?;?W=pA0V5V<=?b|7UP8 z-k(02e5F2buN3=!3jOwleQ)jKdL1wRy!(;JZHK7I`osEH zOVlc}lgE1XM`Z93pA2r(WAN*b-(MV&Lx0{HmDQh8{l%y0+wU*x(1-ua{YfS1Pl5eI z)Rwkb7H6{;(w`QsKZEbeSm6 z&KL6Of3NjNcqsY<4|D0ys3P@;`qHK-c5k>(e?$gxpA3GW$Kcl=|NP>dLBalKBKqT= zr&)^s`5OK9h5u3dmS_D~UC*07dzbH(dXrcW`sy+7pIdabZzR?`IRL-8^ly-H zzJdDO=)C_R~ipqct5(*{1T$KcmL zzyJE=5k2$|+dSRAaAa2hO7&ll)A#$$e<^*``)k8z7pael!u#ur(#OL7ka%*UJ(qV> z<<-ZZYJL1nRv#b!xK|%r!NPGqEL;+R=l6|1hRQPja6}G$91}o)3I5QlkHSOIM|hY^ zA3q9Di_u5+*X@`3k;{(p>Z8cu7t}GC`nXHZ5W=ST_0jJSzfvBok98x6C-wQgrTD|& z((nJD{b7#%P8ok#?0%=1%;`A0=|6bSQC=PVh1S8lvO4(dtGzmyK>kucXUhLNE&oFM zoesZ0%CC;A8fa_Qd<@Us~GBOlTdwI{_K43@axx+8UHr-`@#BEA3%Sv z{hRPm^a~#5(ywpB(_-|C^(6Fbxc!ZzefotA%6u|7Rga;NfBWTtVEuY@IQpf}|1QP9 z9Yw#z__t>ACt-a)M9}#vE?$cACsxn-)%Ypi{j&*G7dF-2!FzS`V*Y83`9Ebbf0_^T z75(EcJxUFgY0qAkGkC!K`_7+)vUp$hy3-r-*^y#M*C;_zNA`E~1j z`%k01co+VE(8vET>oNH8?)N9*o_NO=PPbnlmc@Ii{^Tn9_WKisZ(R=-gl}c<^PHd1 zT4KIEpT0b0oQI&|uOjp%F8UImW*?i?mlh)@kv$vXH(Fo9cV}{f*C1arCm2IsuTn>3 z>dV05^`*_NH^5h9&PPz6v-yb3`3U3}GUp?x&)IxL=6nS8do~}DIUj+1MBCI*_We4) z|8B6p{7KID@%gtB{6mW;A0hk`eSv?u^kukLUvi$0fPZL;S|jZtK7A4X-{#~0qk0T} zeeutKX7umjAC$gS82VDme%E{GSNwy*cM0{9z14@He1NGB#l%bajy8*Z{8#hNEA2ai zb>Vrf3nyiDVa*(`F4Q55F+N#b6o4mJpZ)8z3is7x?D?Ts`taz(s7$;xG>1Nn3ZTE& z`XD?MeSn9#^x-miYQ#%9^#T8}KgxNrmyGoK50Sx7se3Z*QHPx2Q$#-C#(u&2@TsBr z5B)xhQsSj&=(m`7sgS==*Yo7Zy?FA@A4=5+G7L8gKW<27h-!p$Wy#Apvs}Hju4E7Hn4WPf*`XD?MeSn9#^kF$XEk++4|4?b) zF~X}4B7?W6$1(MxB8NWsUmxYgzwrJ{AMfk* z7z)Kl`y#>ke`QGa{V%2XgBto3f8gS?FX9&`mY-x#E`-xpG)^DR;`By%YsT`e@Jj0E zOj|K3K;B;Z{}1hTDEq#**S;N$*G@UlsjuRB;i2Fa9_GU9aYf?QvDZi1V|;iO8QkrY z!6rQhKVJRzx+Vu+rx|!H)n0#tzW` zFZ@-l2QOsxpyi`pJxCyf$vzoesbx^WUbh(Y+01@$?09BBIP=pM_kD-zb9Q|_vmadj zo?TyWao=~Se$TG2b3Q`$eMsYT;D6G;hW{qdd{%fT_=k77@c(IeX~Zi{IqT=;{Q>dw z>`x5$+H2wcZ>T9UZO~hCrcM#@`;xHNUdQzL2%jIEeIHUO_WBR>EB3ljeB#=}?ZNRz z2ER|4@do%E@7vGqV0f0jiTC5=#c)Dn_+S>p-5>E`c+l+|zvAQL8qLRI>*Ez}v-8pS z9?zlinfd6VZw1@)8}t}@8Gm^3EPNC^!^d2BUJqZ3$8(jvZkP|x$YG>U4zV0~_S^IS z4h7@+r-QP1F4dk#>DzD5ReW7SzNXiBKgJtl6T7ro@iXj$yk93T-a9njqsudS$XXxX zD+a`0`WdxQrrp>fXBS~N-oJPsk-__qRtDpJvmQgA;9dAAc!!U<@V@u*;_$vzo#%0^ zy?dw^?;?kf`{b}pkHH_m`16rR<-q%)BeL%cE5&|)mVS$|-^#w{Iq%ZNdyaTLW8Wp; z7!Jt4oArPS^VUrJ+(MY&r7{1ZEavY-HfFpYgV$0&XJUS80A9TGd*b!O9Is^Y{?~5? z<2^0sEA>8J_u6;iq2L`J=ED1FCE@)z`(z*9MF!vX$>2A741T=(?fb{9VEZ03@LsBY zUr*nD``#?;v3b_3l>IN^JbxEY3w`Iytv!?Xg;gAB*ITjlLwsHqJJMdl=XHEuXB}xb z^Lcsl?UmX4thD;fee*fHY8z+YG;p?egB9Dd7F}A+b5WkF;95W4OSXpZHGFT6SQ~Do z#zg7DHp`a$Lwn@-4WDD|e=_FR>(zPC*?g#Kzj?CVaOkzWx6ytp{aJk9I+9qlVz?dt z`d)`N`ly3edDq(ffw8oybJEX8=w~PWSo)vKkMfZ0ZySH`ou&M*v|c;{`Ko7Yvou!o z>|4gO(u6#JU}?V>tHQ&&rjE7dytQ<|i{JZa)%sOo%a(Sc>|>3#j<6>{Q_UD_Gv|I$ zKXs)2WI1ubkrGFrWV>g7Ip0sQLjySrY_OG9-&x-Xk>46WlJCrgqUrJcIfN~dm)rI&!Y7-y1OiF0gur<}$6V$^%(zU;hnrNXNE!-4jQJ&gI# zu%{~RFn?<*Cfj50j2%4pPV3#a24G)JiKXG!Id9E6lVGu@^7~g{}Ay z`(ZxsxQo75Sm}s{txl_L!k@o z4{^_>e7<+<`S!hX|2FP@mS>*R_t#yJy}!}8zxo2_{uj9a_uT(SD}A8SviHNEowWlD zo(xbtne)*@D<{ZaaWD}>Hx%!YSFP5Y3a(j+5egIHd)gzR4eEY=dz=~$_x@(aW;GA7 z$J2)T-0FOe(M~gRSHH!b-=rORFQMWqzdh)0r^09_=4~f_rkv^NZD$F;)$rSLr=1p= zYaR+{xGVt@(u<^jx|CtK-%UK~qTM`Gy|_9#9~Y8s9sP7?bR z-cX0Htt+=SCuXz8)*rtt*Eu`=VV+H%#JN_E4^cK)e8^I4fBU(-3zqlFh@CB~ux$CB z!tNa>wLO*iW5yej_(JSU;y4v=B!)thRb@BPE^QKLj8i^H^+8)(+4~#C&PVB^kv?|N zW`E+8GWrO|oId)|{y(Af1B@kEOB?~MH8PgTv2;geEZxcY5>30M)bIwKQ*jV~5Bj$7cjZ^E%Vga2nS@^{c+q}FfiY{JC3S2Q zR6KWqJ?v0dW=?62RmONjz!;x5#zr`sdH-E0c(!yMPACA+3D)+k_{jzF{AT~s@w`y# zTflP^`zCnCUhI$FJJy5eS7}$_IX<~$Jb#q-O+2R1S0?u`LD9 zuV7!)zQ7{vGrHem#lwAq=lKD$ey{MniZKeF$&+HAr)Tjj`ymV9*)!$`#ydm{Mg6GC8o?D_Lr+e`HW!hEtnYuOp;y;OLii|gQ zQ{T`N&y1x6`#e$bd}eX>+3{tw`UKBEl(UubrG|4COTqIm@R#9X#o1@aR!!^^JbxfS)_rWBGk9Lg7`1(Fk#i|C@w1G(5T2EN z)?*I9^SuXi+vmMa6^v%KHV#PfW{QX^w2!9EWZJagVnG5HPU%Q%OtFYNPu z0kVFt@caTcRPbCc`_AD{2G26?0(ka}IRMYE{3AD>X9bM0FYp{!d8SkB?cttyPN-Pq zw1W2eXFOXfo=?+w-b(&c@LVtR!C~ik@ca<%Dm+`xI-(Ij7mPQ?`0$)!EHxHmDFM%O zkhSa=E(Xu7qWkQV?h8EsMa}~9*{=5r&to;7lki8*^~&H`#$5o=|cLJxzE0VkJnJbc-nfEiOSRA2sR!wS=UrYrpXcBiKNu<*&ri_4iD&Y4 z#LvS^!t?9cmoW8lMcHRHHyYU|c>YR&tos`i&-jcs+1LEI)f3MZ5^u0~HV>YgB){=}o^|oOMxQfK zD8DgE?cmw`q@GRpl3eS4X0eBvm2hR%w z#@H8lwx~B2%%;1$df4Z_=KHwFRtEn08fa zUe|`GfgL$jY9>|fh5KD{s=uUW#BD=xoQlLY{)x8QdH1W-YCMGfbn7-Jg{-r-hL}4~ zt5ldwaDQ0U431MZgXK6ZX>%L*G;q%&wC!GR=iaq^KT*f_LjM}*s)4Sx(A`YUsnnM| z!@0rK=WTJnC&BDfv{yrWLenqhTyAJYH?}lGn?-&+Ozp>0j5Ec(5$I`1jI-zKv8w+0 zF4$j6|3^swDi`DB-**|adjE3({}@kG!=vLe{Bys{SiflUk6IGp-*VcLG5Pto4jR`n z=5=+IHZ?Fx7Se{22fxkj(bnRPUlCdGo^^j)S{6;wI;VahLEmbu)W^hV+mJ<51NU4= z+wS#t?v3&NS&2)>J6M9pO*M>B`f_>S;FrbtSbB}f3|eJ;b4^)j`Kfm3PufXx{}t+< z#liC8x{_C&PhNa)=h|p!{Jzjg-HIRYr}k1_VUx%BvJ~<1tW`sagKE zS{nFmyT2{y=_u6JoU?nj#cxmg+FFC$U!*OOzn?C_K=_r?>#Lw@K1RDkle#xWoP{Nz!$maLDkMzgYIdoVSK`)`?yEhWy4;Duvc5L1?|vP zhP_(WJkF**PT2#+55CK_tKmmX{0#P8Xp#D|W8Zc#G4U*`Wf`^N@|^n2oIpOW#U{#r z2kO|jJVYPrTI>0CT(>`g=W6&a_4e|9JI+m|{qyX4_MAxjVcKutvwE)1X;XcUd)sfI z{k60or9G+ruQ1!^yR<)<_RXA{)OsDw*;JRjn?0{!yKg^56ZLIvVQX`1$lB!6%KRW* z&Ax)FGV8#0%bHWi{HdNCm(#Yh4m!9S9H8S6CB=j^ztj+PTwQ25O zyB*s|&0tDu`D70VSh+~(a(txo?slF@fhUnkM`ZCvsWnfaZ;ECeyS%m6%eNnBn*ZX` zTp3b)t3H(F+iM2RF1_o0`&ESAmXNi%nY|m-K017=b@=p0U!PyseeQMpY;gD#eK*_Z zKHaC=pR@nTE3aYj$AUk^M_Ve{JJA5%WnYKvy%7xU219W$)Ch(?JMeAKo*%){`QWI< zN85Fpwvce9pXgr=G|scecPag2|580UIaB|nu2pRIK5B*Pee{j_ z7w9WSADd;Zk^J{v)XW6w%{wC)iVH0|zk5dEm@l^0u0p4zY)2ojaL&Ub8YS#;0 z9vzGY>fi_;ozH1HldfE~4z4!jDtHv5;mWfV{rku3UY-Au?ynU6bNJ!aKbIeV{c8Y2 zi@}i6KQPn?hVC5T)jtxs4$?iBt{Kp^-bYuxrmHvl zw>`i<82(S$hm8LlsQn-7mG#U~P5nz?*M~ye5+7~nXxjSH|0#WopJG2oy-Se3)%$1| zqiN`kzHJZCw>I>x6@7c~fLGs?|BDZ@?|?2Ha}h@p=P{=nPpzs)2Z^VG{NU+6+V{xW zJJ^a>eL5I2bnwqy>y7@6_Vx9G?yD62E7|{nA*Fv{s1Xc3+~2Ezf}`81kK5nnwGEGI z+TK(Dr)jHZzk84l3T+>Qw(UOJ8Z~Xb(LcvNWcN#`cm;fkf0n&^jj|UdV6V~#Ps_a* zZM8w4f3L&GG_B@-4#AJ|+uFWI4QxsLW!m>b^i~VK0ejEJ<)QcA^3Z$Y;h;BQFXaAH zbMyC-JoLURX9c0J?-hR)9s>53J)MW%b@Vp55M>H z?ho3#`uRNc{yGo6|M4EvTQB++uop0vhu&}Jq4&e@F}>J_{Xu(2N9LjT3wh|B@E+3} z75)b7h1@kgw|%J2L+{_^?4|eCKC}hxE&fFwdPn7<_qXpcy{m=40eh{R^3c0`cW(Re z{r8^UwxGS|3-ZwWUwP=g@n58O;Xv>DjO?wIy|i2V5kE+7U4NIkvEh? zdL5!la?tDzCEwk_c>$5Yfy}_#rpgh zJ2~j98&k|>T{*s(i@v2{bryuQpPFZ-_lxW+!}j>EHaW(LD1$_6aB0C#>!}M&EagbKh0weKWZaOso4U z^nDf1eY4H`(1Ap)zHf?UchK*WDcnbnzS_L+V(y!5rCZ72Ti=B@ydzC8ExB{S-G>J| zm=+v5IMqDxVJ&XRN%l#9%fOn6w{oSg*?dKa97LF0#1g?4`M~k)d0x}sniF~bw%^xY z*Kn|An6*OkbMpRA)&Djp7Z>6;)*aIk_C{A(k*;mvSoFQZiaZBqpQ}IAcn|ZK6-nq! z3}Srj%}F#^v%)V?Yk>ZRcrHawC~AdQggC=)UYYeoJ$cCp?MC<>mcO(wd#^*}Dy7z9 zDY?}utE>w>n8SOJpF=;MTXJa0Juxe?!lW&MUQDEJZ-mtDL3fnD1Nm>B>2;>&*Uyak zg^TB@M|<&{oXZ%%96Z`zGfwtQ$2PWJ^~TEa&>Vx7)Lh|PxNG1@Yfg=2J;z@7=OTxe z-Xj=U3T0D(obhC=l+}#OTT9I>$>a+W_(qa)pasFn^b1K_$xlkTu**0r=MkDZ5eW3_ICH?4*Ksvf8^|`j*E3$ zd{4^n(_`t(^Z#_7-#vimud6$I)laP(8q?ST?)@##ivO5JUNMaAkv#z^Z4VNh5o5hY z?s*WlRP2cMAsek6wo%(2Y+93*IKfVG_KV5)hYCD*&6!rqI_m_x8B9xUob-3?mG7)% z-9BT}O__-8Z$~a2=!*CNky}-m^+Js!^Im!1<45=}_kE1NF3x4{A~yWrKb*DUA29IV z-EeBxdiZ9Zk0JhA&d4ya-p|B3vJ|Y}-Orj+3)Znw&y^ioc25%dPPEEau&zH+K8p_* zybB&WDxm}0;PPM{JP`kri1gdA@rrj=*04SjG~Ni~b;jxVH<2a!wMlaEBFFZVtaP2| z!IVjM6#HVzF@`*1!dvd0^nk31S{sH2@aA-bH$T_B5ql{qk838EmBAQeO)zG1DEqBVC)tg}5~hFq(-ChtOt5I?1IpOO`bJxmvuv^+?q219TQvBaA@)U4OZ;F2)0OUj>JR<`|n$s>}PEr|9bxe zt=R6jyH~w5-WuC=GUKZoif+U!?3<_$ib~BP`NL|7lb?6$UPK4i@GjyS)B7v7i)>sgl5i+S6 z*pq7*o4;PGx-urT&vJDpGv0vw{xH`6EPR2)4-!YnIVrEc+pTroi7%RVWan7Y=La=E z<@_ddjc=>5hTLW7uiO7}l|Rqwi@AR6_V2`~;SE0`PgSfA?<)7|@B$yb<21dQ_2Y)( z){l4N8_n|$h2H(x#{{;_rC0dn=z_zmi+p{*bE$(p;fLZ?gR_pDGppjH~p2v6{Di!{z1DtUVN& zKc~mxo=KJowMtle8f?GEg~PVDwB;s)_!(qF5kePeAz&54*-H_86Z)pG7;VuF3$ebfnY zE}v_Yg3eaDN%Pmt6}z>j%r|?~W4Qb;S3c!;kA_L)nSswns^SiE<75yCk zx5NL%bF2efiD{Ggr|86?_8R>4Tij#HXwy5vGTK&7y-^MsUG0-m68WY?&d7KNG8Q?S z&v$jduH%9LnO0QVf3*wC^xfH6za#TN^SrFD8!{F9cwlK*>CGScy(O zXr)uD(5bcP)FbHBW9Zb{h`oPpncZI7FF>aTVJ8Ojf5`eIcu(l@5=(CGfX`*}cLlnk zbxO{^{0@AUwsPs!k)k`IC)dI|+W4Bt1)Y;;gny!!iMzNCPgAsgr*4nhgP9$x;Pu*A z`d8GvG$P+SiH%;{WZjU!#{O!Yb%2;=j-1Cj_Xl6Q;@tmy{Kj7~k6F#NI|j!7{lQcI z^9uPM<@>T@VzXBLG<1VtB(ajd9(329%araNAO|5l8Jjt0)v+-L+Jk@Z?miM84dwr^ z^@0hp4PqB+24Hg*#nRjQ^A~*7a;}_=G0uES{M(fjs!0t=hKK zKZWmFCqK1Z#ayGa{^D{goxIXYr>+LubHVmJu-zd3g7@O$Guk7O9mS&?Jv&N{-W0FFWR3k;4fyv$MLko^RIBP%SSbbnoJ*6T%*kwx#sx$fZWdr=qK)T z&&zxFL%H?eKfjSVhu<$OMpvMNJX&m{=wvlIQ+3F?Avs{xcO;MJ#&@~=%CAnvmJ)L{ z65Boa!+T$v`{5tHdG7PizxnoM``)Z#evw4y8VAO<{QP%!TygH+$8Y4fMWTm`(Z{Xm z8vSMTQLc&pRcn2e@2jD$8hxxnACu%9ghq*f#UIOGmqs`KbLO|%e3!~e6EnN>N6D#l zGI!cBlXHU4wbHw)tn}_$&I`WSN_WlXK4dJiUK|Q{g@}!kks~&I0eLh>tQo13xQ3j> z?{pxidE}<*q3;@zWeEQw*SIIe^>(iR{yAb=YkXJYkyYPO@+6)Yeo8(pS;>9ip&cx2 z&vhSk$h;D%ArS_JvcgU=04 zd>}d@c1!7|5hv`CdqdWYxz56EcaWnWJp3Y|%53J=(?MhlPjyIBejGf&I|UmB@~mZ4dbT&?Mf={D_s7ST^+->oMT6;#_Oal!4Ck zQ)9$3*t+Co_R9F$8Q+iC2)UdTip^TQ84QExyV=(;aQMmgu2uAbZ`ifgN)JIsiAXtf zl7Smqpl|+k=BZpya!q_!5_=*2%l$4*RfCDeXxp4iM*rEp@~MeD3%yBb^*^(F74~K= zdI(+hV0kKZRY4c$FV0Ck!nhwJw{ex@wokGN_^g6on8`z3uR zuB2b=e}$ZjXj%5=1LReR5o$P(H%wkBOl(wh_DJ?wv92j+i(5zA69$r#x)R)i!8>G6 z)5w$U9rP_WB7Nxfl{+tI{OoOHFB&zBr`a|5wfW>)68dc3R7}>ptPRIgUu4Q$Vyo1b zX!mAvBed0y&+X*@!{pnZVck^WIO3egF0tsY2g%1ywGON}#+tL0JxtL#$J#Za_)Aa! zmNATGoZQpSJ&P~34t&mQ!&;)7F0kh#pDo;L9f=L&z7+RYac}!6*sx1kufktIgUTV^ z%DoNNShe0FYhY&}^P0id<^%1{oM4A%PS9V?v*kSE9gFd=_>Ub+!3FKBevoN9GVMTq zoyhOHLs>cOSd70}3N3eW&kFAOI``ap`V(Aq&zZk-uKYmeFXd&w7yQAmowZ> za_>jT8O`UroLeAqaAK~NP7RivE^8$7z%BLnHO&+3RD z&igOmZ*md%LeFHLCA!vmEAm3$2JqkHtJE8`*Lrcb4&F^52V2A0ohgm4#7^4milx8L zwG1D@TtcvRlH_8^-;wKt7iy1a3arUGTPJvHl{KX^&$RKC8%?~uQ0Bp#;_uhsZztzy z^@G2Yutn=WSg!W1b;93%@b?b*yAHgu#2k_;C@Z}=xweY1MYZdFT*Tib+Quy+7>NSeg!<@J? zpO^S4b*oxSYpFT)WIOdGu!N6jzlr$jTKwoDD}y~Xr$(oPFnFLyEbju#yET?~V6S$n zb;g10c`EnViaPZ3Q&P7^e>M7VjKAZJe4)$<7G0c;dD`9y$OlH8eC*Uw67P@9%&(J- zE5Z1lD#ve<8&}bztIv&*P6|jZoIJ@x2P)e|Up@!%(MYJu2%t z&72#K9IMM&;{o6J-~G}3&RK}!A0>COcBIsLoI{?}d~b-8Lu+8|ql&olGUlXZ!y;;Z zc|mvgX1Bke^>Ke{{T{!R!f#F>R;#6sqJ6rRE~A#BV%gMuY$v{A9lk>8EMpC_Wt~<0Zu(BX z|2K6U#o)k=`32XTKaj=shjonZ<_or~xvRGxi$2Q?9oaf-B{5n59yY|@>Z=2Z7icRXYcXFwTCGjH?FtPy7I>~g%7yW;cl@EN+pXAfOgOO ziq-mJHosIUKA!&*k$XS>%bd5G{8ofDu@m_J8sCZ2Rjri7)=~o@^&qc2OAJmPp&cEr zXAP|#eU`Pf`8@L?*CcL`xrL&~%^M9sp9YCfIevp>@YG!|llqQJsMC0NXny)uGloj~ z>96UF@;yS`)d~C;dRIfgn>Tam{Q)$Ap$xrJrxKSsGTK;Yj)k*Q)mZpDpZ30A#8`fJ zQC2_y+rYunoH=~vYPF#rIboIe=UHkjdR$92p!dWvDu*=N$bDQ%yt&B8eaz)MetQ*s z2E!`HB)N|{@F`#JBY8P(W2Yqte+l>UtXd-w9gzIH%16;|4c8pZIKJR#f61<^2jzby z2O@a-ydeYsI+El&zKdMc+H!kD?Te1SmEEKKeXhCo^b(~XV?46@2=#8*txf$!Chg>p zJTh_SjhUP%wo~PY@Clvxy1yLMbpqQQ`*)`?9-;dJO?M(gpR?}XXzVGH{iH5^>lJ-j zd++XlYKFd$&{yfFFQn!W$)WImgp=+r~9Z|5N!+9gpr-_8}XOsv3$T z$S;)_umhE{UKgzEW<6#SEGE$H6nZ_MHBHF_sd@o)*{m06c&303GiOU&PCGpRaqcyB zSk@HWwd{||HOWV7U6A!^!JLtgZgJPGKOpx?J{ldBc(9~=bi}a{32LXMmY{K@_{ItL zRrkEU@&|v;+6~dO1zJAhzm*-RbnHOVumffdfhnI$6o$R>`3M+}f#JM%x{u}a_OFYV z&wlPT<)hYIk&)#5cXQ3bvctc6AFsw}Uj53)t40IMTMaA=q+R>e*Y-2)v!643wC<~Q z^sX5Dd7#!=UoBVlIN9|D(YGe_EohBZ))-;~tW9Ns{gb=ucn&FV}(Uu$cgCkN3le#NZW5MR5_ z#Z5!lIfLYHSsUoC!8!Wn)N@S5{=F6P)^mtVcrWZ`D`NvC<_U;};Q9Ww#59Z{%X_zG z%9%S#F42rXlnuN|+rV4BHgE!b&lks-vC3%fHFYdG4_V#}PiS)(*O&{;6uX)v$Ex?|p{)>9boo$?%hU8VKjNPlN>{{%-P=RZ&$O9Va_qvu6c81x6GONFYASOklX1bUi}qoTX&=5DPl0z z|LsBOX^i*aSn<)!`$D{DmYf@W?_jRgfA{MvJJBh5M%vhh?T~rByc_T$@->~2e$TC= zUV5E%`+Xs+-wKI6-L~Xijh~ZuH6a_3T}u2hZFP*LMibh^Hnr2H>{qBDpCj=>JN~`n zO0KW<@e`UPZ}A`0;Egx(ZZ3b_nhtkOQuuvW0KYp%qXYEsu0i_e(@w4AF`4+g9sZ`^ ze-i#D;Jx(SEcL|J`Sw59hbeoYLaGM&1gDN#=p;WQ^Jh~Qt&%_ZMWua#$b@|=vX&xi zXtFLO<82&h@!m*F)f_vrS-er|jZE33SVwT=!ag^yt=dJMK0K5k&U(wrhar_%R6az2lD#x!&(jzT}uNEWAeyA_&zlU-(A}){yH`Q z8P}G9w}E;;T1f3j>mC$JTT*{Lf^~GR?`J-dz=mXPtEGINTUR4($v;qKzOtt&#Ej+W4Jr<0;{NP~Y&{a>u{a zJAM;S=Nf#-<)4b>$D^7b$aR0sw+4~dW)0NmuNMdK<2wQTSSJ3OHacm;g9pa-nE-w) z&$bcVH_!dz*~0quk62;-TFzYG+@F%bri*_Tzb(FcCq8r+>+rHqdk6kd;*Sn|tBdz% zT>F|sE~Z}-tiBXLlj+m`$H4D_ZO(k-lB0yiQ5m0>m%^Kz*K90JH_|J&6e&C9^oojFG4vk&ZNM28g^bNyf=_gqG+QS~@6<~YO@DcX;#42A3alM@D{q%Ltj(v<;jztSY_E}sX z4v#nRe;EJObDucN9?IuadR}WNO~|6 zn{0@s@5gtk`I&CtAJdxH%vC3OLIJ$)tfVFf`)Afke$<#BEL8dUY&>?+0AdsT#|H)x zpWsU*mfAU(Iu(iG(Y?D^+uYfFye+k<qpwF<*ZWTC6@=kKD2M;Q&Nv)__VFE zc3O9wz45QF7v>NCO5(RaGT(6W7!KA&KYv@bcjb$kes_QLdNl^`et+2`Ep;Ou=->`? za2Gnb2OU(phYV%y5#6H}>PTDGKPC2*7!=)W@#$WR(miB+(-++J7l)q3q48Zm0&8!C zR(+=l{TTMiv+QBvRo~eQe)dHMD-6A^@HA`#$*~92Se81^mMZJl;k}H11LIF1qg-?I zAbG#e{D6ZiGPy}Jo_jCke^DO!pI(CeuMUv^hfMj`4p93=E*VRHp|;$!Uu4I{A!?UH z>D^a`(z`AXrFYH_rT1JNO7FWilPL$g`ywhlfSKKPm6kKOBlnHIDhyqeqSND<=X7(^h4&g zuk-u;{J)%QS5~LLXI@*$?+@y|Z_kgnQ|+=Jjq|ASpY_Cpe|VcU-?`Q48e-H2>}msb zgdNzn&a11_JMgQL(@3J%5~sGm`8sngrIZxNc#sFt`iV=IaC+m=lkYG35!4O%jJgXz`j^CY%KPm|ark%#$Qhr}

    w#Bi252=huKHyyy$mtelx?Kura1=KYY^#X&WO~&Omq8{*jYEnCX9-Tp47v)@dn+ zUisJ6_~o;Pg1=(c84P!I|4!iVm+$q+_jYir`Q~I&;~((8`{x_}FVY-)z427nwY_7sTk%54!^@ECJN}dX2(YicXWJThUd8kI-*b*c;2&h^ z85c%(QO>SN!Gxh5tp-Hbj|U*q%fTWZmx zo?R(i$-ZzDGvR$PcJ>_ha#0SG@J&T+uy?&yNBiP??!e$!x@DG70!0%akj^(Q_4E;g~V!-|D!dyw{Kl_ z6R?BF;*4X)1!ldFq~XQFIQ( zz?U=k`+hs?-oy-{>oYvMzKS}yrskiGS8j$D{Oj-6jEwaE3$zzOKYX?TIt#gT4Tj$u zom4(S?7XARf14W?|K`JOGi69ZN$pRIk9`P-l~{a^Tv(YE%Vb&xXwwM*YMj_f)o+qS-^F=g~2SHG}{KLy_um!#t% zx$GC4qxP@RN(@?xLsPkI7_9;LY7Tm_`Ay{XK{M%mwZk`azGpS|F#NAI{mOHa{oS(+ z+L4^8g)ZhpQ}dt^Y*{<^FMfCDceQ_@_M6lGd_&v+i8=8EHm%uvLAED6EZb9Sv)OZ? z|4=RSL`#^TUB;fW)xh~G#)5r1vef3451!BE&)4gPz7Ij)hoNuH^}ZsT4E{XlB;eBv zO&)?K4JU(X>n?b5oJ zw<+9%bKAdNz_$rK)iTLFPf`1DY43NPX&Iix9F3Q+6DD^@*8${TKJ!EtZmwSS&g@}4 zTEAjto$&s{bKwidpfxF0_I%UBsfiy}yYtCcU~m6zczXZB*lNb!44tS0nW3}F`as7pgDs4NH!zy)*Xhrune}vrX zZ9VX7H!>uK&Ec-+QI0@f`+D+y#ZLnRh5Qw59=KNci1a6sN3lj{yY|nh;~Uy{W#N{l z2jlagzmdVH=7%DD_W{Ooq&5_NEg6U=+JeXDk7{?${QfTZ0=X7PZdkr}m|VpSzPR*a zmoJbHIr#!PmcbX?f5`AfCjA`4A6_3~Wqco)nDyAmuul5YHJ!0T%kP{6e#*cPV>fG+ zkyDB@bxn`-e*&6z=k5}h{EF0`A3ZaZhPA0~R#LC+U|mHkkmv2M{j z<**aiAoHS28GGzT>aF5?(4_Hgpvf-q5NnL|pN~vGQX7oEhCPx%My2B%t_(VIW2FBz z-Y3dJ$Gnq1O+XilA6Qvn?Uw4r%W#WVcx?c9R$PbLU&%jhR#vUn?} z@4JZ&NS^JMJp1KGUA&=pa^bCW8GfZ-o^k&@@=zp0S0Kl#kYkEhsIM9QFtMA{qh|?L zH)X;~FuIBS_ao4tfl*@)7~KSnM5EO?X!K-Y#QGA&N^`=ffc^{x=flDINN_$H{EmU& zid}kIDtao23~Dpv$`?~U>lMU}|290m9!vV)@~Z5Wr{HDp%mwD2!+j3^?5A%BM;Fo` zzHM=I;8$6^Wpz$*ZX9VYJA=2luLei<+sE+KZdd0dmpEVh)@|(BG&Hh3$-bM?u>*B^ zo5|zYp1cxSvLx~~*}4W#A^fmfzdj8et53alWml*4O{4QQ@#sjwbTlxv`ld1RwXJ@A z)9B{g$>#R&ZIlw1)_hiyyF{z;S~A>?yw2BA8A7_R0GS9pRRMjveC8ce#Tgg zU+bffk7d(`mA!+}$LuWn;QmQ+Y_j2c44rs=$dJ8{x%h0Enk91|i+nB9esJ-5y|EwC z_A@XrcCodaiQ%oW^M!l9@5b<+)7;-R#1OFcO1V}(9cu2qrCM$Z>; zue0ASWBz>OsEQ~?>L}IMJXfwZZQRe_W+i@_jsNL6wrjf0SrsN1M{O#%Qna;4Hcsr^ z=uT)TGEVY&95kRcE8+IL4!_YXdZS;{-k$I6jSRhXp_g|o()nhrQ{S@U!8mlZwZlyfFo9*VK|aRoj&HtvF~^~w?Sfo!u` zvTu?7@^R$fOn|1OyHvm7Y~mr-#;tZ~xysBP1p3ZqYz5>a_l5({7qZt{@nUEBB;q$c z^-i>a{eETRS{>-Za}4pCaQif1=>SXcGtKx*z(O&shNA;>rH?dzql3Kfsmy=T)^qeL zm%k{v^y-vjW&Ni-xrDAa|7`r=3bQ^uGr!8lwmAdm@tum9IXQAA!L8(Bz4mc(MnpdY zUL*$t=wJ)mRIVgr%E*=E{=h}_A3ThQ2TY#i%&a^~?)Oqgdlu(Cg(bJSPpz~9$W`hm>6SiWjTU%B5% zKjQR5-?y^U#fklHBo*JbG2z0~tS{@8$)TTxs}(tL)rn5|&LH?ILUv^5!&!W}`*erf ztC176?7h}Wtl{>+$@QaVkbWq4T?Aw7%|=h38Tt2tl)b4rZp|NdqsNl9z<)k?KqhM5 z+i$x`c1Q=E@z6kXbzyqF8#xrIyo3_QcOHCL!5p}JA^$tcESs|s=__Z`?Xu;~0T4-Sj`P}<5=C`)gvi?batm^s857v&QGx^VM4!k#? z=6z?QkyAyCk+UPv@ed|U*%X?yW> zt3`d!AqTa;(0@XQ%DG)Ikv+Ja3!{l~TE{gi`q^jDuP2C`iO(K6`&gMMKC|m3K9+;u zj_h{n{g7ENo?b5z7mY*nN$9)lCZ`_+F$&_TbI%L!L9O3%or9%#+|%`llBD>IToJ(KnMnBfWi9dTept$sX9i*v3&$ z@>FeT{fFkzW5~_KRmjf5y!}rT_irV>v>x5Sy!jft9zuE98_>Io8;hP@ovS^6MGsE< zZ0JGsDErmcQ~x^k9lo!97dGI)WHr>mI#@%*B(C!mYleezHK z&>{H8zyG7rIc30RqGR^U2(y-;_B6pb++Jhmmt3B|XZst?9mJ(Ao{bD3o+rH}J9-g# zsiAHo@pIWjvSU==UoK-T(DeUI&ZOy=d^GIFyYfxG-1S#8zgAtCaUOMiWS~DWIzXOt zpueju(7*C{y1oqnwKrAE$4z;qExPCk9fq{h!3+>dTq);roj;Co#IRe*rS1wEo;Eb6IPu$V06Mz9I4l zYMl?5m}>-@mrR%Lio>g#C;SP&nk$Ua$N0obGiO+%wLrx6#sG&{3v}&ZgVql-HfXl( zlN?^jdO0t4S^|G@A7!k^^vgLXqhGb-bcRStX1~y@yRgfvVk4uP+f1x;`a34dEg?v?Op;Oa&WhR9+3^;a+m!bJUa0XvIEroQcs#o`yD?fg^G;yoJ7uWVbOdnt?okhbS`nn)(Nb%KZ#%wq%C3u{gW6^P~+p> zc&*4f+6l z>LUH|hkNv-R`Qx%6z8?2K2HvMQj~}VdkG@9PSg6n!w{uJ! z`iwEINpd2u6=bJe6$2QP&%TFSWvAqBx>Uh?2T;Bko4Pt zKls5L&ES&xxyV+nt&`qJ+(gd5@iAvc4|C2V?;jU!7?>dwRbOL{5!+VzQaz(iiJoQ2 zrfJ~*-N>dNkPp-a&hq@eh;ZhQ4|4yI$`KdO>u}1AAISLS&&9AQOU7{K5xTYOL+JPW zfCY9y@)zi-{p9T6b8M{tz%enI5M#HxUHZDSk@XN|k}H1?-79w>(0dX+ z&W4YTAJ2U;W0f4!zBdzq(@K?tRx;N3aDN8nVmDKU{_lZ5_RznHT=$d=i6*%2Ssm#g zAddvPH~L5TH0#S4bAtGh!&Qj_H2SSyQm`` z>JX2pu2-g(_s9Cru1<|(D;nQ<3iNv|vg1bdi#Z2*dbCEcxzLrPvSkC%KsJoJZp_mC z-2a+fiLNO;M^>g};)r_j7uch!>F>)u4AGrY-wE^Fa*j5vWugFFtjs$%v|1#J<`e($0u(Nc| zx#X~5B$&xh6Yt3O%<#RuzHER`tKie2PqRNe`1l>)5gwBCP5tk@k~Z%{rUCmn*P7cq zfNjPZr~RSz%%5O)E5|jt%IRNJ&-%=^yy$CuFFmIcHuCpK64}hV&a!-;YC-ShtCJ7j8zjk!$?HXb*CEw$^WBi}cJUA0iZt_Rv-jblO9E z1<0}<=j`ZP(AaGH7o&ek>=*ghKL#hWp~oKRu?Ji$-k^1BJ@8o16n>|>eR>P}uyu{k zbRqJ-0$Q4G_d9j{z~5Ytz6QreUs5Lfy7Ch@G)`0BLVoghw+lLZT7I>%nGx%<`8q@6|56!B{rmZ zww}j{b@cMQnCCI#KiUJYSaEiqOLkTf53})j1H*^inEWfi#`{Jp4zKnWAcxgA=^nd= zLeJOZ`{}v-Ra?)-+Wqw;ziq7D^pEeTp3Q-E&)g(80v?ke8!IDTG}O62z#O^ck1O}w zxS`>5;@*yOFFE&yGTJBqK@?sVs{}sa) zpJ#u|o?UepjkuK!i|NZi{=mX;Uw0xDn zteCH2zl!h8*zrfEE-2Z@_ zAxnR5>@(257`V&7Q7kJ3_eNI^Ti6Qjw!DF}_r3|;*@X^J%uPDJ0vq)l4K zU|?G(a#1=Y2ED|w8@>$;BHDih-7t%~;!_)c(-|y^lUmsPKis_wd{xz%_rK327esDC zy`fD)Kt;S&t&&pBAptGg){Z#!ouM-Xf>npUW2w_xsx`qxQSp)^woJ7hf{04gnn4{) z?F_*v>gcqn?bsP-#&gL9OfR6mmZ)vs?{DqB&e><@oN$74{`3C(`Pi`cS!=InJ@@sj zXFW?Xw;kYRy4ryg^(i|vyyi23njZbwl(KJ5+b2CFyKdrXyt|sY8lMKd3dgFsBK-DX zYgBVa`pG`apHMtcFucTXX03reD_!Hphhel<{!STq!YUCgvZO*5i$xi}? zG_Xik{Ip4+Tl~0JTQ?su+#z03?veCduw6b`u(=Y-u~c56WMgUp*|5G$KQgF1LgK$U z^#Es@e4On5uwoO+o3J^Q6|C=_sB?EWb~pi#DCXhPID%ew_aS!vGyKn-#Seb|H~hf7 zTsg6|c3s{yyoY?r_DaSq?|m8GJ5IcZ4E7;|UGUy^c<*B7p zwGKVr&wKPKf%p8rrRbEfyu3O$a=Oggm7U1Yz?5;mD>ybq~`}G3P57Ex>9&q^AOc`FPcX6(IEOs65>Rb1H zJ{}WK-84PFzWr)GeOvGDKNQ1HFAwJ@>{T?wPoMs8;HSpo_{qQ}ep(Am8C{m;r=51K zG7>+<4h}!H$)<09nRp?-ytV1(-?=uu;Ca-K7s*dka`}n6ukIf9N9CuttBdC+?O(X- zfowf^*<j+mb{-VH`{XQP{`wP2GP4D6U zg7%H&Gt8&HXtmvw1)g^AOrO<-x4%d{3I5oC&!GGbD{tg~V&B|7dDd*W>jAy!+2qB< zm@2VdnxppTWSh|?hW00Z1llWKsQ2=KE@=$t5}v<9JL~(SOR}`buKDek<`QKNvey}( z&YOekfrY7;W^6e+$E>j~bmt)|0{$-naUdfhojJMMy?3i05X1$c0&$AgCdB5r={Eu4!C)(=yy zu=LfAsUy}*9PMau_UHUHYjI$9<35T3xo25b`$y}0;c8DKxz8KJ-Z`x@_na2*HntC~ zyMepA6=za@-2LRvv=ZyQ5xTVU{l(0Y*d6f{w|1iTTi$xejeEMj{z>tA@Y_h-Q@LG= zO{Kw&8{0i(#P9sl`;KW#4D<%ZY++2rneBJ1d>EdKxVg7E>j&>$KAclbZ+1}^?jclRGZsq=kj=IlSF*Om_U-dj4j>%r2&)Sab+$u*_o*TMdcrGxW`2`FED zPxT4$-HkInJdZJWUO;Z$%q1tscbAn6?j{bidu+*IdP2!y&*TzfI>f%ZPKoy%!80+1 zo~b2+y%i;cebwG?Q%;We98bSljB{!UHOoreJt)S}IXU^%TYiDxb?15108_08#R2C7 z+j)a~x=)GswVdI>Qfgosy0#QQv5Xvy@{SqN=2w6A6#2ijQ~obw`eJsaZai<}OwMrd zo$fP+{dNPsVDcqo_MPb9o{i(i&ws{wvNNjVz3&|7jZtF8_@MgucvF+JIRTtW@(mknnNOs`&1bIm zpKW(@zEhLuZcV*ZzI89(+C#fkq}n$xugy!J*_wKN%+|fH9Ua%0sWXlr-sbfMTT|Q0 zwm!qUx~}SQl=VuqqXHhUtZ>dwd@#@52c>QEQLHVOU$nBRm9z2W zX(ZQQTr-#R_{pFBWet7L+zT%EFn03skNd_A8G2}**Vi-0rw=!CBp+{Bo8(yLIJIu& z)M?I<$>no?l)8M}%Do#8i|?UN^4_C|wSS{h?XIQW=T;^kF4>w|GA?&klJcK@n z#nbm5?(5^`$R^i+UbSlXzQA3!qO0sclJ-~sD>1*{MhBD6V-v}Hah&7g*Z(tl)XyW= z=whQQ*rQ>;&BPLVe>>0QuDRXdH#D~=zj^D#eQyP{rS#3b6={7ml2as^ZX#~^27#q z4vP&$Tv@X)e(WH?cyp03UVnfv{)+sxkBY~|MZ)-}ql7U5&6ChR1rL1rVdQh8_CdzS z(=CVPk(~>S>^y{?$jVM>{C??i@hjiy;X5`SkfR&9!}on)OYwIff3+?j$@ckU15>I- zwt+S_aIRa&YRV50O8@_ieXKvht!Fh;`8g-%*vI6;5@H6}vBlW8MJ0oKA~UcX))sp9 zryl!8O!yQ3AU!>!u-!?c!__}>q7Q$rO-d>L{@ci)Y>(f@$d}9782LfkBeL;^6NlLr z*_57lBF4V#nLIV#``X8IZ436n*cM=sZF%_|U{1SwH&w{CbeC@3%eVH>E|vD{TFm+Q!=}o%)Mso2cMQsquoO>=JznR2VWqsU71|BGI{A3YzcOOcF8q< z-gfO%68)T9ShkYd9oP?K;Ne5!={4hhbF}uum4VMt_t7r{>7Qdi2B0nWBVlruCdYq6 zzNF87m~);P`!P_TYd?7YGC5}GWYey9;e2C1^4bgLF25x4yNK)sYb#<#ypz57-j0mD zFyG1Ai~79w;;(%6;ymB@%Xr^#g6!a=_)nOJPk*&lSv#OOEP9LczeA_*b?xG)%W*wkO$>^wrhPqo~5sE13!iIwbm$)ROHvs_jz>%{rY$F z2_HfKvd(zriU0TX?^izk->ZM`Bfgg3w|DjL37a?vedzrO%>$JM{C zUb4O-e3Q|?TDv@6SpV*Q9DT~~$+g4vt|NW>IC_~j>9vOp*SC+k{`$@AgJtwB?N`5+ z)weNoS9>&m7x`?X(YJ>nGgjXgr)Q%XJzM+S==7{&&ekvg6?qhPTLMirB)$5@kLTB`kL0V@ zT7RtT-%`8t-TI1L{}x{{g|CqQATro96v4ke8voY%jGlj+j<8pB-IkS)OTQ97C=^#o zPr<*Xf5h+qW&PXa>-axw!a4r!*b)8Pij04&I(BJ%;}kwrPfK`k&ubIny=y1u`nKJZ zJ>Qo5A@FTKHV1e&jy3QW^ljgX5EGfex@Igj3nutN4UN6XL1Y zCJ%2jG;eFFKfKlIOXWl7#7*uE8{hVojpWoyx87Ul=3f#wapc=RJ%1&26+GY8h5dS9 zZ$P(__tdF#8fpBa9^wtXEp>zD3=X&+#Q&|HK)h-Iysitoae3DE)>gj@Znc(3y=h|k zojP+TxxTlXIQ{^8kBZ~3tINdkd*3wgrWo00Ec~@6%(#qc?g3zJkystpz5w4k)yolx zZCS1FvA%QTUevWxyl!>fpr2kg57K{k!m+QiHe?(V3uk_I&r@^Mc!{;)LCwvMm*o8} z#!^gN@avoAjLX_O_=31N@$v1%V=T_>T_1JkK7wic{@T;CZd}{xh?BdbxcC)5JzKt` zfSw(y&+pH&PRZG`(BDMf_5Y8S(pE<4M>v9me&T10=7$vgzbV+ z!uI2X0Ncq$!d6`*Yzg=!316h(Eh`hQ|LWqk58i))_RJ zM=vp7$xnpuC6#-sy$s^T7h*Tk{i+c_jUD)UJ@M9)J{Y=0G9`G9g+CqORBpT4+)w{n z+E6RPoUnEPF_=j(H7%vWfccCc<=W1rXfcHx| zx1Kzne&k+Q_?HsDPjQ#Q1?%DU$=Yk&_muWcbRWV}@&Uiiw~{<7e~^5_Hr*+vnoYL? zS1q+wW^qqdlsseImn@nq_v8@zXddq`%$}q0!?OdNYX9I(_JvL)-*NR7U!J{-=Zfvl zijB~_qSsk*1%Iz7kF4qMa$e~_CiYr?w0zA6i(^}coT&q2$;(XhZ|wzp3W6{AlIt_n!~n!gHz-to=*XTUGApGmMoYr=^?myuG!|94zdOz`g{S z1%vFnA70xgRqyVpeaR2&sqQ|c&a`eL4}Sm|_&U7(4*5Uwg$Do9s|)Dyk@$NG{GG4< z-$?nkcb0kk>n)D)FZ7+%)KTW!npz^+dSq#EqP)6!oSABEKRMpYU4~KiKVmvV#q-<~ z$yIEa6>nQWoD=>}Gye~U9OJJH4MjIMQDNe1l9L?fO-f!;M+Hsx%Ch>5nC_0V!Ek^VCkbX zE6UT-c$QAmjlZP^YLwsD$2m)IYk#o`S%ELjx+?_F9L1Q#w%DH-6F>V|&cONe0b}l2 z7Ui0R+#K09|D7Akb<4?B<++3W9LbaPYXi7bO*69}!?VtG8u@K;^CP5x|H|VLt4D0E zglM}4+6Hq}{q;nYkMSaT3Bmh_Z9YZ<9i@Ch@!)*uxvAmg_$KH(!_t>$L*K3w<3~c@ z1p3LGk43&pknv5GGvk}UpKB}Jy==);?;X_4rY*Aa1m{+2zRY39nBu_b3zKt(94IGH zevUc2H7hpw%PqNg7YFBSb3;C#XU@w1e^$1{_dhrO5;5z81@O?pU%RmuW*N7*47WM`oZ1td2sjQ zXTaTK%(ol8^t{<`Z)*j2;!78Is(T`v8SVHkxKmA2>DJXw^F8X9d>sCL3fw;p-nM1G zGnKfIAI^L@^Y5z<9X*_1ggd*h{Gz?^l5{Kuk)#`spmfUNWbY! zcn~Mg6CXAD!pBdo;3O(L0UnwqgUE#4ANW&npuB`0^ky%-(g&~DS{rVSn9`2uA)c=5 zc6HtU=H9iRx#!~_&41(^H_f%!`5iLC{NA`d|NM3rIll{wnBSGAwnA<`K6@)q zNbk4uSN30WclSRHt=n)2&)BFGzKnA7HJ%iteKNn&hSH(TpRh37&`^wOD8nD!#fZul# z{t|Yi4t-L`+ISv&+{@q@*%0|(QT!I!grmq!vTdf*x8+Rc!rj(U_7yUH*mE#_+TA{f z2K#)PKC|h=+2Kqd&J~+J3AfJ>c{p~Q9_AFSblbK9Q=0ijraSKWk4kED@%#?$m&hM* zxC>dj9bCBj$+c(l!T6oC>}SQ7QbVb(eOyjm@SqIK#=UyfaGiCFkAL&k7iu5l(svnu zEq$G?p>?Y`TWo17I$PSzg*F?2O|+Sd?_Ko;_pE*L0BEzthqGd7vnkl82-^IuuTL?w zx$TcYo8@_EbB||3tbTcsnvj0~qXC*|O)yQgK}RZA?aF^7PaN79|L}+`UEbK9rHhf7 zXHR!!2Aw!snfa^_U&Yd;HrS^Kx}5IoBirhinH2I6_R9><$I(9P3x3*_2QNPs{}A1A zR(uJvQe|bu`%SVU`8dR*!Tmnl?eM=YY?JVO1Apzk_sY4I49eEJ|5i))e_j6e=!Ln= zb)@!|z6%U}v-(weqg~JvyEu3wefOzJ5WOl0MI&9nVkEei-fQv${@r_UpgA^z_>2 z(|v1?9IpHB3&_`K@IP-n^+$)}zfJbZ$;E%?Ncf+|d7zQ((+con+l&VPjlO=x;Qvw& z|1r)}IoKROt}UPY-+_PTYUGJ~8uo8{&N#^U?*aeQ3gExJD~JC-686Ttj>`g`KAxo6nn|64~oI> z*9+ixU|Rv6J^=iF$%m)W;P>;se#PLo?vI4u$|CVAo(;jjT3fVqyFRN~lZbaGXLs?z6$$Q6`LKeB#!Lbhits`ANZE) z6J+`mH}}^!FmrZh$LomoJi|Jul5aUYR|(G8toY~W?OT`qzCC}F{r=za{oQ=OnKSmz zC9~t(sVgo&%Z|6ejF*kKSU;(S{FX+}dMtxCY;BqbFHWhr=vTl0o*N4a#6yIiRUUqH zmc7rzQMi(r%XINsxWhmGZd0!{8~<(BnwYqTcrr|Eyo5c7QuZK@<1CBxO=E@5lZ-cY zx9W8U(5#7B`w_D#p*~M3HKop@HmZq>z}wqR?Ya{8{ucCrzrW&v+DFxQ74tYX_&w^Z z(dLN~zR`=ns&>_!%Wiy#Ga2Mb4RNkW>(?M$gF4?OTR?nD=RWKC&b(t7+rSbvb@a>` z7RJ{(20Q)${rvOMxf{(R0`44e*9aaOIJ2X^29DXM8aRUU_&wh-eAeRnhLxiI{gv?z z)<5*#OCO6~AM@ySZytVL5Qs;GfF&$g@NF8Kqtwib3=nrUXMl7zNAy)(ElIq5F0`uy z=5}hoIh+qX{>j3%unfGOoM|m@`y5?lA3K-S$6VP|eHwSA;r_qn_n86vO$>#)aqJIq zKhP@bM8NM`=X~Y1i?4m;k*}?%u5=RlXyksNsdwCQaTCu=cosdP;NUWFunGT8F?`{m zg>OkVv}aYt{F{F1-UHe6bN4<8#iRZ6JaAmr#D7j58RRi(BZ;_phMFS7D#@khPd!E$IVUM8kN4eK+B$$Wdu4F0_dKJ7zZS^|7&$N9Q9j{m%+ zzT>V3EfsU0Ej(`h$}BwX$UbrP!E$IC0VdV2T;}Nx1J_BjhQak0z?D58rTPNpIr}2} zlb`t>{BPv&TrRx9`DEaSPyF!;*<;nFPy2Mk64gh!jysS!r{brr@Tc>vlHutd4AQyM z_rdXk&oN?xPWkNkl8_6hc+-#X;IoBybHH9`O>Jt0UXZP2)(Gxx>{8>F7`>2kmfHNT}bG;XW0`@7(*m$=#k=-vmh z50}FW(y{2zosB!)d)agrQv0)7TdU8bUY`fyBh@1I+IKc)^li57eU>Km1$3?V-tzj7 zy}7-d!z=K3SFFa5{}9jUl(Ul1MLH$)Y^+8;nr&n0aiyu>n&tllwlhggBwY_(*hkf# zsCY_tq}k-m&xj|hL-D`iPE5_$?tN;HP-jZ|h?^K6-Z?q`yKfKX*b&Qb{yo8)0<=ow zXZ;&<6aV0s?5z6g;qrTO<|c{Gz;F0JThB>$U;B8K{Oy0*j-TCg5wBnAjj8+P^ez3* ze$S21=Hep+4a4Yy2)aP?6h7U3-SEI$)H0dDzV5aYxMP+)kRJTr6l=D$;zi(1{Gb^4 zv(PzB{7gRmWlr=Z&iTF~y?E&AS9&7Rml{88y|o8Bz1oSaX@Tb? zC%yR7@(C3GSKi8cscBLwna}n)0?O4@1vv;$(yclVY)l{?B9QO3zTFrrPHt|gpFQ>h}p}3LeDZ4Gb zBO9)I7Dm^!xZhG;2<6$l#W)p;uc3QHi&Bpk?LJ!g=`qH{>vHMw9qLOjEhm2uSW2Nw z8FZ1pev|raC$e|i2d=~iy-w*%{gINFp8s(5t>IAF8n+e-d-saJG>7ABuOqe>+V_;^ zw2W``g2zpcvt~W`>&9=njCqRI`rYi!v$t|1-__aWTG}*t{;cv^tiPDuV~KV=^*v++ z`WRo0ZzMv_+2%XVWAc7SzM#MVgY?(fjAP_@Nwb3tM>_tL`TKF}|F?_hXh&NB&yP%Y zbz+ByXUp%mz`sHJAv($jS^vb~x)61cwVrD>H3;0i#Z=_0TfVZD+-`Wi-P|2JDSpgP z-dk6#v)aD%m&%)gKg=GD_(lBxUGhY1y9)5z!?&XFr~D?fPjduv=J94&yvg$|^r>L( z;xobKw_)Nt|FhLG;;pN^Im@OM+ArOVocQat$rc>7ZE#(k$MYIfb=h^7fXm*2tmH(xL^?CL@8qAuxxP8P=93Xi zzXb;VY&=PPD1EIxPvuS6F%E;bdVs4JxI*Zwl;jWFpCrfYmG4lu8923%ulsvSo@l;D zFh$Wz3G|BLVQ)WIcKKy;yA&VKhj+hj=SsO@`5vlmTo=2JL{? z!@waQ!R5hI$rB8BysUb?%+>OQ_*J^7N-!H;!#VUh%HiYe7&<}vGtKQ?f?5 zl8je4;ei`iAE>_PgA<)K(y`N#3Ec;EGyHusdbf-m*o{{lzfV5RE~6*QI$j}1B!$li z-^a^%uW#9Y`j*C#>~NoX`~~nQnDVvh2VS+?Mw|7(axyS)gg;uHuz`8L2lI2ltbCUy z=CzbI;fawo^L((jda}3-SjkN?u=c?J(w`3itL#N1ut+!B@4SF6bl0A_df&eLit-=% z#-E$Ns`n7>xQc&^mVe4${ci1od{RFjefzNCd=#t?B$=^#OK{ZzUoANJ-^@SCJv7SO z+t%f*K<+Nt*5j;r2zXn`A#5cVtA+VXKDM=nRz&b8w*75r#Y6b1t*xQV?~NxoaqXdR zi-uNotId(26*u#@m3%IJqm^&8&_=n4tn&uOemHcAbd%;Mxa4=;=dHKoH`#Y?o`~#a zuK#T1+ttrm|3*4jJS^I&UgLBp@{(jS%{*t|D{OE=&^q)|E3}T1pQ?6RTMCwP;CJn` z``5J_u5aXkFT>}|yZ(xX*_Sb|P0Z`d%}#t9xoX{QE%)5Wdz-)ZAn%pK*4uXDJ!*%J zdkuePc^A4tV`vSLU`|?-$zORFz9~fCl05Y7qM!7H{h!5$8}G^LJL$S5#8_BI)-*lh zte6WU)2Xq1CE3*6q;vebPkzl}@Qgw?yoT(p_$$7B9yrxl>EoTPPy8O=>G;@I>d@9G zFJEyZ=?&R~)$rlabZ135xS#4gWa0!%nMWgeu9xp?daWfIS<|RCPGtENe77m;eBw&@ zD?%-F(NuqJ97+DZAGTg{+3YtP>6^O7y;Jx(d*8Fli!0@qR-wIH-Gs>lfRs;Z)EDtlK1Pb8BdLGV9l8LJ^3q{{N-}xFSk|2 zJ{3=*^Hq-sxiPuSnve3AucN)@=<;kffB74{M~4;6Uq1S7d@yWVFn_s;Z%KD4e|Z`) z2AjY9=YJSlS8MZ^@d*__wDgysXY!XX4CF7jxbQSWZ}CDC@^~V&eBg@4+5J2Zp?5Yy z&mr{A75qKFJiKNH^i&?`j%b<5Uw+feUrwPvlq)S>+lan^w#MhtJL$DP@NphF%!{$r z}}S) z@7Veh>`@!Dd-2CNd z$ndfvD*cIX?C5+t`}I?}?_~*c zAHvU=t9VrOoRRi_I!D^CzmXgg_BBkK(d?~V8Pg-7{hpt?Pt_RIT^a#qAjayoOaDTsBdfxJJt?!S_?5FB{l3Yx*j_*weB z0U9omPl2tKjg=iufj50;8Nc;n6FBqt(mY>Wa0%}d;6}8#6Iv`GZX`P#gO>6?6ffKc zkECB;e@`?2c71ctf2G|#_@R|OzzY1h4XjNCi(O+J%{;mkbLWn(dE!mKe*a3u)hB!- z1UwdpRp4Zm{4MOi;%dg8H86jkpJM)=yz&EgTMBT@mYN?|0V3{bSwWeS(EwWoAb)t z`+(*{OPw{T!|$o5-+AywAF^fmf;oS)eQ=%l40;TT@4%^I=$-x;`VIIp@@H37f?pHM z33dFX@@6vf@5Knq;7wqi<-zLruU=%G;Lq1+&|dqlNPI4N78^Ok6my(2H^765$Vzuz z=be?~Zi0&|9QK!o*1uZSOuQ}6DC4+_joJFYg4# ztDV7LEpi42*7D3cZ1);!f7gPO<;cV3_~_Si-ga@Qrso=D<0|PP?L)Y6{hgfUn>z{p z#d;%o4g7O0zTo1yHNT;TZr6C{N$Hy;@3gi8rA$BA3$l=$L;HnR)+0u4^t+W8S61BjMh5h4zB`MW)%vDvLJ}LL zK0meJJezM`RNOZ;pXBApHQzON;I3sajPDyBT~4mF;>Jl{ zN?-USxd7YIenR|H=!ChE7;8?}h3Hj-3t&lIn)^My_v0W(rYB3k!)wT9A3C@{5~@-C z`Q7N`x8SV-VEz^Okvv^9E?4%oc9G25^I`pwx%6c}dlvVx0@DC<`xSUR$6Md*t#|9; zzW8~`;N*-vq~Y_PCSYh`ZdWr$c)br9>1}idQ`c~3=OpKeeq_V8%i7Yz;{Q&*iPgn+ z?b`?65xdB)eR;kFK2(iT@lL7{n?$|m^tJFI`d>CxajGNHElaeo(B$G%?bJr!bL*U< zpXYGrhG)A~qi(L+uP(0r^Cxho{v_holi+oDe>ZaT^iOZUc+R-TzE;cqF3{x?!BA1f z-7)w${65I(~wi?jaFxEFrQ? z?3@QLE0@DP!x!yXhR@U5aJIQiO!tv>iN`;U&VwGwtKsu&T>A7tuU=@?2OUID*)Y-c zDBxJiJVM5=iyFUfDR*)CgZ@z$$EDj`+cL66if7A zP`+6Y-%`BbzRXyq?pW}cfsya@@Ex1?W&74YIkfIR;FT{UIF?q1YIKj7_Hz|KH8NZ8 z>9aiVLhw@(?8Uu1A00I?DfD-T-Lx|5A6E4 zzEKVAjUMbx9_;3w2YZtTyLsoqu6BaG$%B2^_dM8hzURT-i4c2n+BXVy97%ieYV%CuLC%@%;YB*0VNbb^I=U`CX2ypS>~}Mk z!7DtR1g=VWC4Rxabq+c=i7#UEn|S{}9^dUAzQM0#*5cdD?ZW>@c&5vn12$AXke$Pb zJab_Ip5gsEay>@FGizwSKc4v-Jo80(W+WM`LuqLPhvZc>EI4S@eaH`%_p10Shr$RKG}0VGKg$y ztvemr)EZgxd9Dw~m7Yu*S;iJkM=rGVuAF}U|{rHg8vB9r%N26U&E;ueXp45YXV&X~2wAK`9 zeAN~6Az9i4v$+M83ueH~G*xv`R!;87^FNqC#-sjT|v0jv~CZBF`rR&r2 z`!Ju5b^{HpedN!qHC&6=- z{9o`}iEVoy+}1_pkAynrk@IDIH+WI!-SutxQ`})`^3oEtZ>GMc{AtC~Bu_y<>_KV+ zwBuhTS${y+4B!8!$%V|r_wbI^u$G24He=#de!j;he*qc}<9jdWl3Jix+syc%Ln|{M zU~7QK6ib%=$OqGp1QT~Sgosg8X+NNCwkwOHfN9nUFlo)`_xE02O)edE@{+ul&HgOs zN>cp$f4rTpJkj_?8QTWTG4w4tYHc=`Z5jG@uIC5ML)W_bjocLnU!}-h(0-Le&O}8x>qrPp#J^Ie+Bff#|uW^<@tAxkDm8;zT14w6)vijSTNU?K>{;uv>!^PrUNgQ(qt?U7 zGxFX;4T}){6*un>Id?nd#C6Oa$K&Jg{C%!IoyNZE9&Bv%KJFZ*|J0je`{vx_?5ha7 zcM5C2KY?DCTxuNqolP$h)0VFB>{$=v-iS`yhE7YO)7Venvne(yzL7a7|9cbglqyz; zE>O(+GWdx##h}(!;+;Q%A13neZTS0I-}WwGKc1NI{`zZOqW*K~p9Tj@z-JZs)H}uI zWLFKpw79X`lzeJ*Wi_xyWryGg;j;l9^31W=BEBJ8l)%rHjuW3)TXcT_cQ-Hxt+R7% z5zik77GsOBXaA#Y5w+kC#1?(`C;PWWxBJ?punW3tDv50|wy55-Mc{UrEyB(ut36wU zUGm$a#6)aSEx(_QEdsAWTNFLtvqi*@v?j7X*r%XVULWlE0=5Wym*a!+{3y9S!)%eq zLy|GS-v9hfp5EuZ^!`ul(1-l{qw4(#_PVhMU);0{_~PbWz!x{~JYU@Wn|rFY9?s}} zV3yvGa6Ymay}t|`NzQEhV)Xu{ULW-SPInD#^nRz-z%EQPg8`$33vQbuP*(Ld#>g} z;$G@wzq8njiRPuLdjwv1=LasmXVf z9zZje`CD?CGX5K~og*_mC&=^gWQK2g>lW|q zgB{zYTXs(&7J!P z#7&0HU4F9byPCP5QfTh@$a&`uPIBhX^M-tLug}g?bGyx(+fM`Yxze2PI4To+R}54< zVd%-<%$z))*uk8PzpM3(mjLgSTD8Ned+D2>4x#qROWU>R))S`Xl_#r@X-;0x$!(9-`w)#R1KD9 z<>a3O{N$eR8$Q2jzWM#z_eMXzWd~t?uaoOCOh@FI-}VETA3oh{E>C`Y%Z3A(-$@5y ze(U!)zj{~C-D2lgAFBz{Z?id%ls%t01fMB)w+H>sKG0VD(yg)~darngc-Nix$}MT~ z9G4cuyOK-vpw<7s{$T;#QAjS)jX843b3?wl`*fgmy=3zOJNL1i9myk~R~{z)p0&5e zzi2x=&YH5Ohn#KUp#*!hsjDXbfYbA%9ptua&m!mjhl_94`v*RpdNcQbJb6=S-&rPZ z?#$c(9a=qTV%VF zoXJiB&kEUT;3sMG0ww_cOvjYh_!6ktgRy*voEIRDLk``c-v*1i`JPS z-3@W;Lic?mx$_1VPru0rlJ2v)^#0$h-D>gR`%l3|PQC-KlGIr1in#SgZ2roE@q#g% zzv7Go#>-t81)tzth0kYkq8uIVL%s2nA>*?rE{9Jqf_~_a2(Z_a0}=vW#SHHH6gVPg zq4jTycJrCvd9+Dkdn3Tq80F4X_#lxE#giAs22a;H$VIfDgFeFkO3v%b+}i0MtcE8i z6QAXbspdbIz3Qqj=uUg~R~Hehn8W&6^$ilIoB9U*m$Gktc5H9~-;^J1a7Mcn?abK6 zxMOSG-AB90v~%(3#>XAzuvG9b1P=V86!4{hDGlst;F3Wca^Rw!@)Uo~*}NRMl+)y|AL6@LS30r8qxTyUH;eEBl@}A1Y_EmUT`Q>zy(u zw({P;zU^YgyQ|2Npms&gP*-S0JHLHW?TEcE!H&^xtJ+Py^ZZlyc`m+K zx*j?)UJ@CT@B2LZq~Dnt?`LjT5JxIcPL7v{6yFM&J4KZcUzw1-v7?ure0H5M>D;ow+Ev}F2%4mf6T5etM zW4SNI=tcI+JiX}V?|A(-950%gM39ANc6u zp2yA7I|?3p&_O+uIZI&nnGTDG9wmR2^AG+tnaNisrly#eVAOZ7B|pfob7IQlCx64w z8=A9lF%6v75py&95VqD{fPWTwu>Zmb?*db=H|uZ8Cg|L)^kt*!^+MMbSa#JBf#5KWRW;0-`=C#|9^Z$F&{VgpY>~J)n`MljX^)N zZt=w62}=F!GP&Ct12&3SBmczli;YM3)ij!CIWp^Y#vcba~;>(bMJWV4ouB z@{)SaAvuFyO-mn*q^DPTw8?iqV}JCJ zkM_L+^mymtgGY~LK0FmGCzl5M6hV&*e0_?c$GLw5dK^0fJr?AVk7s=HaVux!BpZ?o zBOjj5YJ(QCubynQW$L#cfX)i}a8xWU-W?l|ry^+4@9R?xE#9F0!ITZVhTIy?>aJjX zaDVjp%?J7EaneDg#}9mXDwZB?!9GRMqs7;!72U$RK|c9- zf&8C?B_B0DJQYiilY)JUphtzTPcihEe6Z=k8b|hHZ|K0~;E@n>*V{_d*`G7nH;dW)Q`7*zx54wZkBwz z`8oK8JF8|-KVYAIu8+>6IS+k?uV0Wq^7-J$)86lc%fIvccJhUVcmF%J*`Hr7nT>jQ z4%VmIY}V&l{5tp+;*V!N{C*AmF3E%6ZyrSa?j|S3%Ij$G`-ZPy5WnUuW5AdG8SRBb z)}lM>Sm$VMAH=bLJ=-9kyDQ@Iwr?HeePj4~HsEJJ=(u`vlW#p+O#ST5_Yb*uA_RQ8 zso;DA@P`h=BP{EY_hmA-z()Z(9#5AXHaIFxwU=n?OoSzo&A#w^~w-*VRW z#8{+H_6!l1EhApyi!*KX>2MqWbN8RK`XvF*rN1|N`bBZ$&pkp-7|!t4O04-ze(tn!m7u=Kqsw=C zF&1)C^RM6I9`5t)KQA!%HTv*Pd`vO31o1Jg52>TK_34Z5ym-!p`@goB`094{BV2u0 zPW&=Fuz`9cbJ+81J`TIyJU0G^2YomvS3`SH)ttw*xT}NDmwNejHec@R%vo_U?csT{ zzsDgy>YwYPvhQBJsP=~jh7hq_14FY5!z$vo)5>F8n=cRyhnRYFzwG30FzG}1&%*XP zu&EYr7=1{+6ce|r=blvd!8%nFjwDUtNU;AWU8d&-b4J;HPE7FLQ^%)*{PA1qJB`|5Hw+D(`G5HSv=d@Ai$9F4n9F^w z(@t{#ouqD9CAj&GH@=n6F=jt1s~?H6KS5mGz!hPyNA;OY*`Fy<-ZwbYxxn8O3-{{| zJAV@wrj7qMt2?AK(%J|0bVkCbEBx`m-GTiG)d^5OjcPbZZ%AJ(`R&lU7WO>NI9?1H z{e^uwCvNvxwRcwWR$$+vjBl}qu`$YRK6n%>f71t(#m|C3K8KAzA03Mg{yX~tUxr6_ zIH$({9oQ)7^@PqemSKm=u|qDtl>c7F-h%e;bXKd}oNM&ULKWwQ{m%#T4U1XY^N2g{s60I0&pdY#BOD_hCNKViPf+&*ot=)1Xa1$^rPw;t<2ru#)1h_0Zj257 z=5qFi7sm$oEC+^##HQ)1JhId$VuR^Va;ErX;c^_jH{LyGz&O2;iPU(DcJxOkB=woR=w&Ya~?zt303 z1}~b9Y?*H}cXA1T177TR-V9ANby0pZhTq1~9=`f%No>%5|IN^(fh02j8}_Z2`Ccr9)hKcApFJ z^Q+YPvpU4?Z^;gSArC*x|J!ZyU9$Gj%5PQFd9oD#m8^1S=@aFw_Z{vz;~dQsGvVc# z+dmZ_a>fkcYhO~qUvO~A^XS4c(4#g~HqZe61+#K2x{&?t=<#RJml0?Zg;pidu0D8g zrQJ96Y(!?x-t#K_O>dvCP5XSc_kwG9H2A)T_Z8%TKPnaAF4bh_SN;@ohL+AX4Q0)IocHN!6ja3@?y-(BG0pin*H zE0OVh^@_yPhg&bO`Bk4@>%1U7J3c^sL3+)v)1F~Jcsufv z&^p7^b3ZcvDEPCu!!L5{_02KzpWRR8`FL=rGi)u4uNv5@#WS7u%j93-GRfJbBxw!$ZtKQ;&M`%awg=75PGKB)cPtBbCF@a^f&)HOH$*{!e6 zU;g;pCGS4>cFDS3Z*RJ8-o2YX{LehH&nf_WbpUpr9|HEI z-RBGBH(NOu{qFiOtN+&Klkb4PBKcMhpUGb|^CX|lonz-nb2Rx^=mF@14}MDg!~1jS z)0Ux+HFMrYat66Y(&!0NOgX=%Rd*X0n1M?1U{?r=o88>`-x%>-c=u~7L-`k%*Rrd*EN|*8*a+#vt zeEf2oKa~ciVE$C?a@b;kLtYqsfVv;ZHN5Z{HZG4D;mh3>gAik{HZ~{8O)zD zV+Zo5x@qV7wb}fs!vsJ6<4E~aH;x1s{*&^ja^S+BQ~uOzez<6-{HYwcXs7(C9|Yin zmU~9ZpL+5GSLO~hf9e;H1=b{T{jRk=**i=36p6P@*0-Ion6 zStBX_t=y!I_=?N09gWzK%ckl6qf^cON9607`;TN-ROeT|t^91+6#dn68oj1<1MBNH zr+IvQh`c1Nr|^Nyy5BG789RpFMb~ES7|&lPkH^GDSW{d7Fo})}`PbAuFQ*+jek()h zi5#6=#&~0y(*)*J@2r&GyTrpyCf-yZTlthv|K*cM`F|tjJ0(m#fWzX?F;DDsj{eG* z?^G*z(b4ingfrHhdq&82>Quf{H8Ry`<2V6&S9o*s=R4hE*1uW(mOcYKpa)D02O3-2 z{H38y7;ibTGGnAT^9qSIY|H+5`z-b#DX0w1T%?kgma8$VCW*O$*mo8f$6 zeGxz3Pj+Qd^!m>GS)1=)^Q`mH%+hP7+3(BpkL4T7N0xue3-AvyBF}F)Px>zjuk~Do zen3VN@SM(t_QHpj_kKp6WM1B5U99+I{Ryl;h+oK0v3xbp`rG(4(vxK|)f_MDi1~Qp zc>1PUJNC17EJLTAPoK->qoeOkpLVy;8NojAUO#KhGVYwt^r6O{>638#9OvuP4-b{W zduqFy@AqTR%KW^?^U>lxcu?m8($WK0#a7OM4>z&DWoj^>XAK{A=f?g;SF87F->LJ^ z$DylsWOSA19|w3+{J3{;I6t=ec+syvZZZ6rOV6H*oWax3Q(9A8NuK7+4WEe545^Oi z7!&spT$8~4F6i11P33Eg)<&rnr@8$&&)j6oY|T6Wd78cTZoKSDlcRb>=8T={w)8AkU8mUKi{e}6`!0D8W&FGE zPG@B=Jl%sHO`|^(%u#-x_*u0e`U!MPp_DSew_!pa?oc-Q<{Iok`E02ed`{CnVq9=4Ud|aPh>&h0(UlzYe7pbP7 z*6Q@@?1!IEfS=1Z*n7S6uZe^7|I~iykA5_9Q>$-X``KEBYs-*{9D>#OWN#Sm|{CFO|!a*-#fMcH4WNj z_P^@$>mnQD{+E5j^^s&YXdi8S+dbcsjc+F#u^rbqgXQ4p3e{&=j2y0aR`wyMy~t<} zG(85pQ>A=!IC&v|;bGOTORkTtO!B*>_lbq* zy?8jit-JFs_?B&}^Q~H&E%Wxar)>OLKplLi96rma+Sy zKx|W!&R4toFdxk9H!c~6Kgcj zoWs;}759}@>kKhI!&&bSt=oe?$G&j9;`&t&RfNL>|HA!KL(75Tn%H0p9!y^w8%)E4 ziAG?$ocd-L;2$I=t3C|%&_nT_7S;%ETw;%VPP3#V-4q+V27aH5PD_Hr6gafJ`!9c& z69?E?b=m~i$7USG9+UKyUa7{eUao?z}`iF&@L`3Ck_@omNFcG7<&eAv0y?Pu;Ocx5p(uLoYyYCZoJt^3e< zJMht-2Y&r-;x+I{na4Y2F^6@mn+vqt%K23&Zfw59p`&z&seGt@!6z4{s%YUj=@=i?+%kh`PFx_~c1(zx1PtUk3ej%QpdCCOdb<{~4~Y-po_~>HzZJPHA9s>6^UokjW_`>jp;s*Ulg6!#}j6F?aPkZk4;y}l^bt@~&xzm<~16;tl_D36#TtYvX>+mFGag2xnD-H9g~ZRKiR`KPd4+60!PVaGr#Ik{A}j8 zojff6{F>RbbefNgC%%syFN|$vUR#rbi5v#ye58R(^#j@8+}e%Ks^#9R+Ur967v5Y6 z4phrj``xnt7OuJ6?UdphstNLW@?T7xs~Wi2mzoaFrlTjO;Rgg^u0_YTl8% zl*2oUdn(VejQ_+-^MvCjc&KR%|Ka0<2ZQTKIDU+9O-`eY`P*1&1%1Q|id80O@wfXk z`;zqw_Sv<}t8=_PX7DNANv|>d1-+G*9qIVmCUO=QgIjcsYG@>&Q4-uH=8|VoFC1s< zYMA}XMz^i*u-OGZcVnY;hwH}-?8re=nadw7@c-X(hb=H`u6CaC!}^!Uw)RuIuAjBr zuG-kv@-bb1UVcu)mIW6$J7;cp_YyQu(XR*kUCw{yq4oDv^Pl|2KJ2i)-^A~?+c{gG zT)OZd-pT4hOUt-jpGCs2)P^Sxh<@)zqObhm{o2jz!%qD7)y^x)HO^qqI>pS0nIDUP z$=xd4+j&XtO75P3j+)OQ{AYEsd@(<5#v1rVPvo}=`E44vc?kIwJw@+b-Qjo(G*#YO zvL4#hLYp~^c`fV0?hE(5RsY$2yW!8b#&UnNXm~d5&Y&Is{qCpzG#t|r5)JWHGBiXd zD4uy0G~A8Myamp*PE>5r#OLvw2jt5@U)61~{FZ^OJ{+G2Y`gD`ZQZ@t*}9vx*;|Wa zTQ7i47eJ>Aq0@5cv^*p~-sVNSdyTSL!bu;s=G|Q468P#6@~6kbE5wlmi}9lre;nh= zVHDx74}89IZq4%(oU`vA&-&&; zXz(~VehggmJNFL{zA5=7Huxs;n`AGn8Tzdv2jd2E4O_@HypjB#R&sd$=Gmcjd()Bl zo@(w6PCGt5TRQM4>!ZC9e&hGPjnQGhC6E#M2Nrj(T`w^>>3uLp4Ik+Fa16Mh;p39Y zNZh%{vxyP6ogc0%JK&dlnFBo4tXlcbnD}+%oOW|(S_FMruR2XXKRqrVN<0xkclz~m zi{k(H@*cfvd{%s4J^z-x1AOqERn8pNe=eQ*_T4=3(#qsK`&el0xfho_Of$wt-{OTgb!XePcK{`baueq0Ou=rGHVzr3daKcc(x^5fb7Kk|HGA%4sQgK+Y? zWVC(+e(Vm#_wakq#v=J~M4W`;uVeoVzj^Hn@?*~LdHB)JX9WG&@9meozc)W``u9uz z%(H*Wuev3WpC&t_{Sob%q&>T&*kj*CSzhHb`m^wRpS&gHoGp9K`n|2Sd7QcXsl}5s z=`u5S`~aPSI-VT;5PYk(?C+_0@(emp@)&Hl8~Q7kz|=*S|AF1=#s2hNgg?bMb#Ixu z$7Bw^mBp_&h6~4p5#h)u)7Hi)ZYMjld4D*pjtzGDY)!@=^yGae@v?mK-h*A)-R;JF zzk6{F zv1uCH>JRCX<2T3-<#vU?s_F&$H z9&vy*>DMFJw_fa9-&4>UoicTpPRYXenY!URrTcrM(<)9c{QawC=-Lq#udIg#A$FDz~M?R!) z#+dUf!|$8+pGV93h~w}Z&DpfJ9o*aC`jbuOY}#9gJDtI^X$!Xxty{&JKAqi2OxON+ zdHh^>!oLT)IH$2MokH{M_bkFz***$F6XDFP1BAxO50{D5x!-L(QE;xVR z*%kl%=dn+zJ3xeo>^T-64t(cWCg;wdb$EIF4}WXs-|5fo&o}>X9^m{n_rJ(9_u%=R zF!OV3h=x0458BcHVf?ZX_Cn`7^o|_hHk-%oo|~0sb^q5+d$rY?FsZw4p`B`(30G=s z@w?gNt7Yq@L>Z&UtCa#zfRn@GTl3%~U%v1e;6!@MuI-4$wH3-2W*=#%moMB_C|`K8 zhbMo&u$zCB&G!^eQrg!&9v%iS;>nZm&aI!<<<&J<%{(^ndq{C3a5qx@JmROF{(O+& zp58w4ENq+Uz)(zG!+~HQ@*`WxkF@(C%aAqgy_>yy_CmA|@?X9_@|kVCzm>N6>QB5% zd(prlwq8vA3EC0cI4fSo9j1lqPyGFFU0rsd_48g_o1Y%l2az6k`|wmOJyr+%6hV(~ z`T7(?kH7vS(BpIarAKalo@Bb!%YC@R=C2=t3}Cm?6|9w}QoG!fk$+l;{>$dCw^iBv zb>dgrGpP6F5L^DA=k3J=W#m*Ju8O6}v|yhiX!0>%A5#aXGMmq0_710eJ`4L|=?Zc( zMHB2VI;b;~|A1^6yH)S{-~_ zj@5qX^TmTepAzB|y7TIJax*LqX8^-S@+CKsFFDda?vI0gpwA|BSP6S_nY~|6hm{x| zR?_jPuaDMMCD2E0Z$yXnLXVOFeKycOAAN#(`gVWQPdDlRVR`yNn$ji$U6s!?9lh6T zbHGQS>sRy8H5fmWzvjlabN#iROSQjE98mATqxv`l(9<56atxG#j z_x0&Jp0?0hZExcHsxe;br!~*ViPq>AlMjtw8AT>r$${2g(wQ9SNY=NMZIcgbV#m-> zXF6vX_((*jf5?d(0GDAz`HsY64o@%2Z|y+@Jdo>X)+EA#pMNv)aBt4WM?eR8`TJS^^?om; zgQS1{<5z|C&w=E(wid{5wKVxmA)3_Y;nhW>2lOpft%T#2n3<*!VKhj-!~fZ8Mr$c4K}0 zf@`;Ywd{t-Ye4?nto_Q!f5hbv`I^GJ;VbW*rxVPXp0NK+kN3NH%EP9eE32S0Opr=)>t~Xz?9iKNFY6hqJU$Ez2BVmgie&@7L?fgF6r% zzTCq(Nq*)$ojq?k^C;<*?0HL_uS_-)XSR(E(!istwpw$=L(9%^+=FrOn$PeDQ zE;S4XsGm7OZK;vDopXJBFVlAFDKEc$?N{8kN%AW`H<7arx7~5E##zGi!|-42B*uV0 z#)Y_N>LlQ}?NI~ADq>cGRWNG~>E+~EEp!G4>fr}(Zmsw+nwRFc>PYQTlyp=&wg1}8 z-gjbgjQO+1zdS}?_A9Spzw%mgq!yA_RnOXkv6Y`^av1|{Io}VyhWEKi<6Xpf=W}PC z8LzD1cxF%hqU?BfUnuW*=QAE{gE027Pp19fx#Y99^6&Z!6hF$7E5kml_E&0;f(F!X zGPpeX_KUB*U$KX*yWo`j^%n7$0rrU;Z{vQgv8vft&UeRjT=N5T1i1>zb80vHeUGkKS^Ed>__FQFfMYED zGy#4>pZMc5Ip={+b^WEb-NW^pY+fc$109>$PsP_iCSZ^3ewSO{G`ruGr~nRPG;S<- zjH%bQ3L5Dhxi{$GqvL~dbR6HWMxLtJQwxDBzi+-oKC0tn^6OWCqZB$(`Ss7>8`L#V zjjLX-r~h|mY;U*gds`pIU7uwAap6b0{ZD*z58iitAoF={l=C^q%;(!?J}J%TS7je* zKF1#9`NT&#pE1m*j@o;s4hl6}>+b$&^x3^D%bS)y3FO$nCu{ldmOSe}@nE~^jXL4@ zUurHD#q-*~l6xb*@~!{a_Z#E-$N~Pc`6Y$;>?z+o3a$S(oAb80=f#x+6-73b!*=fN zL+e7swr5ax``!n>fAPI@@B7*|XX>mf&I6R74>kc?ty40vfjp}D$kGh?708C~Z!wj)@bz1i=d+DGQ@u~h_l6&Pxvx%Z#BEd1yX5AW z_t14dbXNSe7vBYWX8mwFB8USNrgKR-IVYk}$Mras9x`X*y4HY8?H_UhKK?+EX|$MUGNF zfA6zCTG>49VEl7$i(9W{w>eLHc=o);BJh1F_{Ns^VXt*oS~=DU?8F_=Px&CqJxrZJ z8*F?pI+*ibgEO#uir4%aKcpYKT+98B55W&WtW68hhG< zjqgP#_hCP}@iQ;?@x~Cmk%Sk@Sd;X_8%=z33D2wHjehP?O<(HPc58$enmk_UR^2~z zYQM(|s%0!*FtzXCg?^70n&5>H`7^xV(+Dq|4=<##ef{v5<%JvCkT>A->-Ld&;eB!v z`k-+syl@=6VD>ezpQV0Y;CT=2EDr44O>Pvp5l^_e@9tmmgq~GTp%=UF@`US01bO1e zC(E{!bvy#E<>L*%9hL2Pra!BjET8!8<~KY$Y4y{UfqME$a8&|-JV4&}jxpqYLqES< zN*;GWj~&p%FPD-nb#N0`8`jbs`q=4#&e-@A=-+jpDRGqJAFQn zrRNy4-<+$j5I%HtG=nw7t7ou;_HTm*s z6ZpkR{MZzJ^3Sh$Z(Ype1!Mo9kr&6^*=YH})2o&rR^JIfu;wV1ABM=YNFuNKa%-)= zGPRoEG3><@=}?{Balq~LJ3JooUUh|N3YICod#~L-jr;u()t1YpR<18xdWWa{$=8(-LCD+u4~-qpv{wB6Yt+q02jgh zxy<}c{oJg-FWMyI9{iKD@H_e7pB#Xn=Wh*zKkLH>{VKt`)Pwgw3eaav0KTc5`x_bx zZN?_R&(q^tA0>b@{8cAj_u-p2r@*WHMLiQ!puSMJWA9{Y%;JA&ZeP6B=Fn%?5rQM; z!I28+`xj09&5vh%gSs-}cG%vz$fayOI^mLt6RT-*LMxh)>$-+mO&xbpyl~n+R|mFa z=Px;Y5Bx}XY0L;?_Icxl8l0MZ{_sp}LcaRsV;TQY^ur;{$}$e?q+{MJo*Ffq)h6ZCHf=;pNHY|D$X1USBgm({|4TTsZJ4hW3Rd+%e(UbZUDzU z$TU8i{&RC)dH#SL5K~VDTW|e9lN-uB%oclpv?4?~A|3AWZ&ky~AbxaUTz5_`8sNe+2w}4*Uh>d$tcpBgyv`=AJX>BIR3iUYBRiJAC|_sXu7e zAldqZiHn@UiO23+w~;dzN%CG5tCxOJ{Vs#&dKb_Be>?5Ufr@lQnw>axLgIVi-RxQ4 zh&h9nzPx$s2Se*GZgPl`At&kO&0Fz7SA_Vt$p^qsF}#kymu3yK^uxNfijh_tKmJh8 zi-tSSS_3bjpDj*we?mR?*wi|afnR+vbjcgcFZ#`C`>G})-@NbPTfOj5trH#iXXNb$ z^uzsEZ1~aQ@|J;a?zhpo(FA^xz9)Z6Yn#Y7m+TW9DR@rt+az(o_7kZ$hE7<*Hxu|W zf}xggtl=Bl3ss!}oiF}R#y2sWBUl3lE65)UI^shQe;JvVNAsMv(~Qr>m57SoyMWys?F$fEH{ z8YaZiKlq}~lsbHrI-ccE9}d6SG45oH$44m1Z7|%){WrnG|mU)@OaS6gDxB`QT<#<)nDKHxG9X zlMJq2@{KW%F;;nFRB0aX9y@#v^@C*1##h>_ z|5Br{eA0^>fztw-TdIUnA=XiwGkbY53c6~ z*CS`;e2aN@HuCQD;J5G_|B-K{`DXB2GpMsbT&Jz-Wlv7gQ`3m6*R`Kw=q3HFIU5|( zW-8ydzbnpi1kcSTU!pSJc3YO$keNMo&(>I8!;dohrLD1fywxwJrh-quw6(U6_v;sA zZoJ{OKadY$$GCG;bS-x3iEU2gyHZwHT|i?g_jO)QM7hKaej z;#qR}xNnS;7-LD))nTiIt1pFz&x5@}PZtlzRr|!@^Wfb*j8WzK>N{<`?mlD%J-4$i zHZ~s1>OJ!;xNfJCd|_xcxhw&rFC{(Z9S< z|E@g!c^9+&r@Q_4T~cWN=j56HIq}on{%y`}r!)U=Z`oC-e=JXb-c`~c{C7InRmL}< zhkjY8e{-Jxyqjp@zki0A{|klscjf8NJID5KbLan~JpFs1b*po3Mi#_3F8$Aq?;$VZ ze*NA)+nlf6#J@LDe|9758T>=+$fv-|bz44v^Y7NN|9MyRG^ZwdCjZUmzfU_g`pww# z#6;##zP#+ZGs*n>Irz}#0zUxnpT}=Ix+ccEvb^6}$Ft!1X%TRo3=BOH7lw+R&Nq9p zOC^378hkJ`yZ_D$Lo5IT&w}C6B49W)07DNxti^-zcd-4dn4jzWOf>%v+Dn6@t_ium z56^<(wg3!y12*g>)*jKUB5N!Ll}Q6=K5P#F=m$5 z*K_AmsN;0z8G+sr$Em59=zNp$YP47A`nZR|E8ZMAcc*^`$1`(`9cJdJxT-teVP=jC z8BgEJjv4Ma+&3Qfx27V>T`G3Ggl{}&a^dm10^{*4oSvO$y!XMOou9@dcdtfsOxrOV zCL6!i%(vP7cW{n#;peK@^ibyI5N@>gc5jdB)!ZTLo89rqyVcYSjj zZK~u)``VcL{DLbwGcMomDB8^B4kFVA*>zZVgjjcMM|RCOWV^atpGWhZ<~^%!-G7l| za+&7K`m#}fS??v?c^f||4SaTvL#kn0>W5`|T>I93nBSv~Vob#9GWHWb`=r*2@MJdL z!Sgo8w%?Ww(wcgyU|@ai!O&LsCGu;*g>Cm=e1D_rrugx}TGQaZQ~KcgEx({m_qBQ3 z?5x{!I^S#B^0L~L=WWwjSLxEQn>LX{3beVT23_0y>W^vDcy@s{_q%QWo;K-81={?` zZSxRqTBa6g^RnA!J#DJ5E6}F>2s8KZ(x!V{-ZuCv5d-t>v}r8#ojpgH@3d+x)>e7& z+*Via^5?Z0D?csv)N$9b@ccE}q;uN%c*c{1D`_L1VO^f_o1^&diXn)n#bbtN6D|)c z#$nbf{C)~NWPei(;zXXUKfUpmtj~_G%R0ar?jv@M;3FpT_=volRVitn^8(0Qj>#%3A)*)@q;?8G7yfA{M2w}1Hdv!SlHU7x|VRrCDu z6X!6acNM4P`<-<>Kku7EOn54DV<%?s{E@2Rb8uW*Slv;@_cx$B(AS(3o#@xsZFM|r zE{*Og2U=J=Xl{|5wj8zB<#y$FutfZR`P@#@+|} zkWUa7H|OznR$pdF%xq5jQ53bDKTdH|4X5NW1Y8DeSn-r#IeAr?9YVF9!`pVQ`Hht-M9bD z)V^}}R#y4oN{(gS#~y=nums~-9*nGccu(Ar@f0I8@K%Qmyj34&;r*`wyraR_tncRH zYmpBw!7}*(@U_6~r&MJ2GlZ`%fUg)e4Y0Y?jAYM~d&jHT*C5t!?hVHdUs4r~)l?lC zyQ`M?uC13K{!={E(6rv&=Quq8<6CdKG)-6>HM%ri<-<{u-wuSIPW?_UekKRTe#skq zH2gFg`YaEO|IRma`T5~L^7sSP4e-m;Yk~3C{E^4M=I-3_9}kSb{Es~TJAwJH4UB)` zA9?)7!1z}O#-H^^9=|_Rr^l7Og@N(M9>DkqL!bWI%0fw*OPnX7=+hGPX(_g68#(L=^yoHpt3!^X@|Km; zt=#To@HuWo*Y>{Y)ZB!g?R&$iSxs&I{@0zF)*3=$tGlgz8_e1_|Nf))w{9`}t-1DvyG5RC=FVsN15xl%0zTG*k9P2}-m^9GZ?s?M z?$1TZVJXS6D;8I*onQT(Y%2S973A^X$~Tr>(J-6*jx+Us*$Lc9@L^=dD)#Y~o#g(z zihnnr=EOIh=DeaBzx}kkIWX6lH&^AS8e8t!sk!fG=lU~^>-{fduMGXO`2oiNf&P`y zKg3+a%vp02+^j{W2<}Gq!7H4Q*}t3z?5cUX4VWvb>#6#8?4kaB12yEQ?fLd=bNOp% z)Z)r`BmG{R$HZP+hJP95o%~kDxN9#kw(`7Q-^Xvd5B$u(V%hA=z>j_x zZ;SpvCr9f101k%!FMDqS9#xel{NG!ZrLqu`W|gJ0vc#z9*bPLxCzV8HHP{2)b~n?L zKtvLwQ5(C}CLsxlAcq7R#AoQxLFKq*wc!kE-lRu?{E{ZJY1+ z-X*yy5*E9A{?Gq;CeL$oPMv$!_q^MA&wI}OPn{MIm@wFA=wFukwtnwU=DSq$Pw1*b+QH0;BIp6Qd_ajArVqGkH`f~c;r0)Y8IBfI0QOiCs>mfOxB6@}3LL;HJ|M6mq z=1Xt-IaqNvvSj?!RK_d&!LjIqi%J$u9Z&t6$J}kgrh+>3(oc8(hlC4xFn&8Pg~Kuz8Kt>ezvLb6S?0IeA33Auj9h+!rFb- zX!p3;u7SgX|EB(Y!f3ary?*rP8_@?FnKSWgjH1nGO?T#-8t8hWKb!uBhYAe&Z}5-T zE&b`?^YGPDqhBVE7k$sFFR!=gg5mx*G5ExNF}N>%Jr}L~Lc#ad0OVBAOGQh`mB$h zX!=P z$Pk_k(It2a@r%i2PVD%8jpsSaZ_PJU?4H;_fj8XmXC1381nH*z5w_YLq7Peo-f77N4Ow^d^|f9C0K+Um-!Mo|K|mlpTBqu zeBNUI#6G!kPp{08-|g@8{rxA)d*R=b=a;+nJQDA=ycc_jq($xReV=Zr&wT$+miJ5g zdH+k}z1iMZj5bVsTczn&z4K|#Q_&-weU|wF_UL(h=NTV-!lUQ`3(&6{{fcV=Pa3vc z7xT5tuIF7a5%`j~ns7P!>v`8RNBBZ&b40iRpUCAr0(+UGMqu7EM^lY_gbTRyX*o~$ z9R2hP=4j&|bv`IGHjsaAXFvSs6#9T)^Z{(C%Dkzr-Hg%7_YObOmk+Hn+6kKc*3b(A z7Jhqd0Di06i+bTN`t3(zUxQY}$4|j-lrFv-&K%c0@TX#UmFQw7zRG@$skezgVF7Tl z@|>3}eYNTg|7d}Y*xAHCSd$gax=yNEbcX*l@H=SWs>ln$%}Ew~li&Fk{5A3Ii(S3= zJI(Um#NPrVP0E)UxGMFV?_aXK=YIMgoz8s!h4J2O@B0>d+8Negdsu%*So&j@|Jc&s z(U$jSduf*bP3SmAG$f63C{la}&ke?PO- zKg3d>`Q8fu;(p$n@HgAD8TFa`qciM0VLCV}dSewhS_6+3+qB3C(PPFD7kzOz@-?!^ znLVColM;1slj8h%9DF=-jPtGWJV%wtvh~nqWJ>j0<9XzFs{GF2J&*Pteyy*w?VgAK z@$&q-@snO&a2R|x`=1%c|N4_>HH^_J&s2WfkwfEoL_d&mntapL4`$P+T_T$d{XpZ1 zjDI;Y@pj(%P2EA{oA66Qk!^p^J58?;xws2|ZYfXL#2)9AD;Vd!mT~U4@Emizm(=f= zBP*Xr- zl>-f=G2Ru7cV)cVP{{8*##_sHtK)4Ate2j%o`bJ_EcN^fe6+>iLe@*6CVlPP3~W9l zuFYAWaYlOH=ox3E=QZLP1B~;NKlIXtjI+l+V~q21_L)+~@x|a?`PCo&1cX+@^yj+y zpRFxYlqsTfY5R_X?@j~X37gm(UP>OTEVJs*FI)O8^6AUq_t78r#qYI7omYe32ek3` zo$tFi`vL9u!S5#cm*DrN6dk{9{1*I9<@Zi-*AMPqJdbuyUe7$*Jvqd;Tl#Fp*Afdn zWFCJXhOagF`kOWi>w4qA17Gj7;Ooo*@YT^X&PY!r@y7-j=M7=wyjpxc0G(Y9Uq#l~ znV0cARZ3LZdQH~o>%QN9|MIdX(%MJnLG&3DKTD}Q+}?5{`lge8*%1#I_8x&Jg#oSGamB-}=&{*!N`bRqT80v4-RfRv%i6*7u&*8h!4ee*@l^wD0vZpMBaxt`F4S z(!WJ}=nw<7SNJ8`iwV>3#O9n~$gwowDSF-lXsVaL%lRL^x6AszXFZ4BqpkZ07XW|J zfs&DV@c*7QcghvmBqkaC7n~CQCUj-~ne-K-(RbhZ|47b?Vh@*dSxv~HX4Y0V`XD-j zvmadO;j4yELXxFj;jQA6&=N+Is%5R$%Db!X4|sB={W<=-UfTMb^#?q<(*7Ly3;Lt; zW&N8dXD2z^7Py)D;tXX=juM&%FKN^6C%E|gb@F|ed;ZPf9r?OV)YKJB-;x&Q zU(PiPPp#~)zwA56T|S?f^IEL?n(Vg7O*tzUj&BDv`tQ|$r2o%>Z?b+DeNT7}dyJuK z6VLYcwFR2}lYTwgPru~+s&!qSYr!+I?}qnhMwon){)qpHNuOd@OuhORzzYU}Pd?$Hy+?D%YWq-%ozulJpHCy_p z0wWvWPtI$+$(0A(SU&~*(d%AFX8%y&F7Q`*pUV5xe%_n&(b*6FpF-XW?wj*#*XAO^ zbL-6p%q=t^V|vRNQ;+?uSzlvaiT$j!pZ3K+PVhXrpZ0oqJFu0uU+4#(SL2^>HRE4t z&UM)MAO9PTzpS73!pHypzsmUg?x)K9`>~%k%J~_5)#a?Brf=ozyszfLzU!{+@bMR4 ze*P73%E})EU#)!P%i!nhH};R8N#XtbE8*wbe%cG4pa1&J#q@q9_?ZU%36B+9%5G>x z_PAtijvXbKE5D)tbRPLFb`%@%Oy$w+D8~1iOgoCeS^6bB{D*(1^KkQbtnu4~cliBc z*aNfS1=+QV{a`V6K0Esa{n-R_kz0}IK;wC^?}hETMW9pKJ&)dPS(6~cv^5FgLdrbE zyUXplt+T*#p!>y2HTzAkJQo;->$~e&^PBQi_os>UJcO;nZ|+3_*Z%a~0C2yTe4-c2 z9cyXT&TO&o-9wnCL>z<F-{(@!ZCS*`^aw|h$2GC=xMY5nJS43Pe{0n&>u zPM7i5tvkPVA^TY36E8ZE*xm3c*p_-;b-6gBWrdIE&Vo}%ey#JKhruTke`3PyT^jz( zR!%Pmx0h>YPsg}&;WMIBB%@PofVVjD!P4rl)%m{*UogeEYi@U@`0mHLUL4hXACa{E zhS7Gozly%!(5p|G?eC%eG&xt`oZP2zTu9MmSFN1ykT`dpNqnPm1_xfQ-CL0=XD@(x3h#`wW7;?b zmUHlZ(dOOYS2C}EPv8F2f={c$@JU-gp&wUcKUD;W27pfv`^Gb_5I&#Mk9!{It8&mTG5V{GH($r|X<==4AJOTl$G%jow|Oc1(gCf#Fnb32)h^ke zroCIb4V|S{Z}Zx)Hk*t#W&c@Q7Z~GIEjC2ykBJ{!`z6yR=`YrEHC=?UwyuWH$T>yPp=>;ICuJ??C;Zq2w0jx(-3(mh z+f!*$=4S4_k}|Bbg}(?b>M*;-b^GJs4eLMuc)2fXg6q?z@F2>m(A@g4bClZsP~6=h zek`^W_EV_$0en@o?;mh)R157!B=VkbZK2m__r;5@62X0vTA3n!52i@Uu&#{Y`&tnx zN+^}QHTdC)-lFpTEiLaZ^78xJy;E znS#!^%ie1P5qdQ5n_9*F=wA%(y>BWo7g!W>hazQ4lax2!jz921>Dm}~X`=EA*-LET zThi>Ozaf4ie&|$WQz!W3LDy?gVjHSdHE1V2h#%XvYHUNH8WGIno<_Obu!TDgMb1dv zKZiEJ%~!&~dx{(Dk1`U4J6S8Tyqvs6lKkZTM}r8g+EhUZ*{Q zJH*AGbrAR*?}@}`IbK_H#0QI^qoYcEko#EYwLv?r%&pw@+RXemG1mcXexmONC}-NJ zbX!go?ZkN6X{&?2{x65})6O~A^<(t86FY{TJ^cwPcJN5X8Dm>Wx<1YrPa*N|@CZHWi9nM1q}-udHQ-vRIXq;dbyx5Cqk;$5>zYyQf>IBMScD0KSmk99c}PN(Kw=ijr? zt8S0$)hER6DR7YS%i2=~&qOX1As1vGUt$azuh^^0t3G{C8RSYEfR3bJlltjbxIFmF z`N!9L_(#see;NN+g6!$xAJw*j`9~4=Z;cpuZe;AI4);GNSHeF!$MnxX#P59nXyG6G zUnp4{?S5~R&Od^DKSKD&I+Yo4v~HE#CCXP7ksjlamS$l z#j)1POu|2fa>woQhX(!m>H4RYK@9=m(F{CV;eGy|_TxP%Dmn)J6&*z6W+wjbxxhpE zQj2e|^rad8skKWeeA%?Cw?o$&-(;Rm-q{A7caYvG`$ddf(`|r3&svK1+sWSn56l8) z!f%_I*AC{pGlg$rP(DccW0dbeFX==t*@8~v*nN{LhVOvj^Yis)bQ3w-(}Zqv3w}94 zbdqD}Bnt20D_`$2^pPgfM;P}__>_pQ8(%Oea?}d2>c)Qbh{@+y3+GI%JZou z-v#1kzLS>pvr@*Y)543-3=d0#7oP}EgBN#_R-H63y<2(le|^+H-J85P%FrK7{rzhB zaUSEo6hHnC`f9Fit$K~{q(lAmEu0^hYInc)-pA+%pPIqn0C+6;EcYz?(eLDLYh8cK zcC~4;QJ=H_i>WOy51@Jo2E-cvrf?s$tO5ogRT+&E?IG$z8{(7 zw?DdF)~(_1Mc?kx-KpoNoORH2QKS9d`M-sG3RpWQJ45q-%v>S=bUpn>R~-7j+!F`x z%DQ=*d8cF@IIHR5=;`9qrRnMPxfZ_>GoRd9uj%B_#66~-K7llJc&&^RT<7DXiC%98+F~jlrqWCkI1G*)?=6)b=hRV5xm9@sIApLO65MXZw`P1 zrfxf;rUi`eSet{Cv036>Ce(VyugrBL@A!`#Az9{x?@%8Ara~B-bc$2^onCpB% z?(&ZIOrQ@FDVs?@x{v{dN^I~tbiYFGh2H`Xl)a>DsWXK-XAYyks_js_Vms7<4m|zy zC+i)^zzpQTINB5Ywa7uK*9os}r@anvpj~k^h+cW^AnJ%z4vW562(Nt)989CnIn0Mf zhbAt=H{}k6kC`jUUw@(d%`9}>RLYC|-GE%azx2MTPem%O`%AB#D(UiG-YuujGTzPl zqWf!depF=RHtLb^RV@^qJleBYi${8P6Ph$Gbp4wTb)K^(Z2rvk$X1P}FJ6xnGH-Fn zv+%V?JM_E--C-3l$T4(>PIQM3ekY?l?BSbF(jWOokiPba*47?h0Y)M(I=~Bus&M8^ z33VX9qmb3(n5PbV)FB7(?}R2Nst#=pBD#GGaO>3IC+EsyJgxE_2jMs1Qvlv0{se94 z4DwwG4Of`|Ch)`FgEMyRp5_2;r_r|1aIuCL_F#j?GgQxPSsU^`ld{)>H(B6M3VD;2 zn4kmMUP2!y@N}Y2#C*Q0{tj@&4^8*1{poYdBy z2=Kj?vM+-3vW69&HiI>X;IUQC&0!u3cx1gXo3IZZBcEms3rj;j-9ef;_g4Ncv~86` zcNsV_(3;>e3$8%!J@h_fwCJ9__rLprz0AQqoE4Tc%G1G@LhPG^IbCd&x4Pz+<5SJqSAl`X=Yfgv`DD&GtI%mm8tZiSFJ9r?t^RFu@-a8f#<^^{ zvs>1G+B^vU891Uqr@O`rAH3Q1Gs;T+hHYh=-0_%d*giC#Y_+Y>{_x*pCz+=6<(655 z=qdtFdBhg;1bm|oyxJ7M>yuXaNFAYkt2pv5B@{7_v2xGc-!qRz+CBCuu4S}eW8CFa zBXY0)ua>(+MYj^Wv@W-G*(c}Kv~?tXX`&xRz{UFBtp8rAKOWmZ;|Pdd z+nI7j^_%6tBk(cq)m$L`D{)*=`S&;<}%i_I;Ee*X@?qYO;XWE%);@{NbvL{-x{TAZ= z(Xa6F;tzB_Zl&2#CY>U$cG-LFO|o9M{?_bIcJ*+MEit%iq|orto;z&C>r%bEe=&Oe+WzHrU}@F% z)C$Gjv{LK{YS6*=1X~tEPxP}D{&0s9*&uc!|ARuSQ4Qk%)4s$R>L#!7=zR7$o6DS` z1Yq0*j3ut~!&_XgCGbdSQ|gvFg}1iBb45-GZAqQNV;$Jh+TmBta~X?*yg`1L{JfNP zaOWH)bg!cPqN~;!N}`>GMqJvIv_dr|SY)i9gTj-MfwR^4hIOQGq>u0O`+n_rY|sY( zGx=Ag=$i8txu;X(XOGM8yMf(&`ur&TY$^S&g5K%-1-^F_Ae8-n(NFSBen(!D-v#al z*DbtG@THyifq3Uzsg7OWPX(VP3~=|P)G2aJTlb=`v@nj=mB6O~dn#>pcRRKQ_}#?2 z9DD~R%GplJXgrp3t-w&ub+C(twpDz{Xn`+yYD{A&bpcM@?8@R#^_nHzOI5M z9Kt>q>7u7Se$o3lS2geZlxd7}EhVi#TC>W^_H=LsKHmwC z??Q$J!OLUdjnHG&uP&xXtM68OIxw36%-|DUlUNrso@2myEHrDS$C#8Wqeu0teCrW< z*?E(4I&Lg>V0BRN5OgFoDs(6GCp0Q_Y0{+7tpECNCp03M>_ncOuKt?{YSAHtu& zb*V%4Dl{52`v^{SkWbboCFo8utVO!)F^6Vivx>!Dq}%Ocd+c`DtUWKoXP#E#8+P)Y zBeDC7-A?B_*zM50#b(!K*!?980-yT_F_*dMXRMvqVbiXm@1~p*eMLoH4I_+X&wbOb z9M?wh<3;$7=2yTw(cP?cc%}Kc|LnA%K0cwX?Zl?X`K8~UTYIJDJK)#;xjc+RY+z!q zk~M(vyJQvKGZ)?i44dE?B6A~nto^(bTsZ-M`LJ~1)Ei3{PCcn69^`vY)H4W}#|PuM zLq_KJe(r{0?RB`OvhaxP^XvBditYbIUoCuNTPnQf0qpMjJr&WOdwDPOENi>@T0FwD zKraKY*Z9-6)RcHv5oM^SHx2$XpEPM({0s)t)i1?=3g7>7{3q~5@BZ)%^eF536%!`} zj_3_N~RYY#-ksS^W8JN9yCN zj@(yz-(&5&Vh_fmvw7nyj?8AiWoBvF`F!-Km64)HMIYQm-lK|o`abrD`Ig)2lEin` zl+IALW!8*wT}z%URb+5^=<8(Ng29Nx+MPS$_TgOyOz2!*?P6wPPv3Es8ZBaQkiSKnT;=)9~aiYc28 z9RIhhMF%5~MbE`wy=Pr$H+9I0?e8&eKljKBJ-yNsw|hKc@Ce_x{P)_lV8iIImye->R~&$hZ3+TfG#k|yvG|L1o9fd@Ms4g+rh^UWJi=5-H;*a$de}RJvJ=!z3@Wbx5F0$yp#2@e5X?EBeGT%JzKM# zFi(PG4dAe5mjQ=ckY#RYw-Z`-45K`7HD#;pJ%}#ohyThNTj;Kx{2j<;N6fD8JFs0z z*nwQuXp(*ktu!%)X8I)S=T`dLMt?e(H`zxR1rL`z(vJ=7UBF9Z4fRHNe`I|(aDSpN z+aK}Q7^pAp^hIRwIYs%YhBwCdo&2Pqz^};4U##?G+Eau_3*Y(E!TxE>wC#&N_(KDS zO#5l3=AYW@e`3x{)s6ah6mMlNL@(b3&g=Wi*b%u`ce>y+@bq(jI)(e{gb(|rAIxoc zm3?b~{n)|KK`Xf5#@IK-M;&ZUhA!!YysKs}Q~D)*r;U2vg=a}#`TefR%kvF>6Rlh% zpJco{2N zkv@xGjg}6dXr2pBK`+0Nv4BHug~m9+aqSzayw}DJ-kasbe@OBM;3+xqXYr5P%9v%% z!roLUGetQpx_Zu7<#Z{$yLA@+ETna!lV$$7YE7nExq9ZHU7y@nl6hYCApgkxh|OB` z67gp+ap@itmrNd{@#+{)p7^N|cU~c0S=Sx{^MwPz+=^q?HOJ4w@U2wCx8C_M?RUbv zWlm%cWIjY53O-F^J)rLq>V6h-M%|Asstvd&D^bA`U?lq}nvVx?794ML;4Wn~-yC4v#9UhWw9adyJTX@Q8-YdgWni&4j9+Wt6Vt}uEB~eM&EQ)b{IOe! z2sR;uSfjjgJ36-PTV#SC>#%38Vw~NCo#?Vn=nJB=HOEnIFk>I0gzjR#MK{pKW7p}X z$EIibEo0n$1YHo_N#g%OT<)0oH^M97GlCB?cK?CP^BTbe)1RP+9^v)Y^U~M>w<*;r zu6g)YtvBp|xnf6rZ@6X$T%UDU-8q+`Z+_ zsk^tlqQ)KkK#e~*Xll)tjmpT$S#{3yvw5B(J-$vkzfnn?eEn_C9R)lesDoxE+@|c< zs5mB1%5Xk*7f+&X@XW*v<*|)yvfacvh`BsVY)Lbb)!E_pHtoJg@W%>o^ZY>?@=WfI zkn^?y;qCBd@wG9}AKW$P()TIY(yBk6Fl*rZ6uxW0kN>pt@!5(C z3V$a39q5Pu2(OiO2zwSEDN2UxVf>WD=P@09EDczvGA}AJ*~VV6mG%}udv=57^s}Fe zrwzX%S*z=78p=Hdyy3O#bJ%=}xc8L00tWADF?iRi73Kq$u}6xHK3K3ne(RU zKfq_#dwu!Odlp_R<5iyOYkyXr>-$^a!FMt>d-T?1nd7hY+M|~uhgKp>)}Sk_!yZjt zVvk;r&FfD~mu^p1M+djy1Lc1dePJ!OIX7dZjO0JI85`Y3y?MVI74)wR=uhU%>vsLOBTrm6F z#JHNs-^AFo`DJ{~#BTirHr&=*887fU3S7l5 z*36!AJ8&EfeEiy(1hI#S4@iVZ?A$U;s zwsb<^CVmb=*DaHP|IJEh8!(iyUW5bWl{pd}A^`l^!wWqwI6&S&j_6qITfhUwKc>o9 zCu=r!;8iR(_53iKda+?sr(V;h{!Q>&@`;^P?DRc0^;+Gg{tNL%)aFRDS0T&eU2hDM z^|J1>uu0xCZ!&)#;`%&BdDam(^_ZtFsw2*|kvjU+i_Pn2r1i&huhizgVLx?7GY3ZT@hSU~vLMxBqP5V!KN-7*)@&qaI;+z97m z;_rPDoY45$Q5$CzFT>AhQ~23D!BJ>J<7esMu<#q+h4Zt0;#YZ z`=Ns=;2>r7d!FH0)KLh%KFMC?BKAwT-{Mf-=PT-$!z+v6Rc!{ZlJF>NdXrbRLudGy z96q4=)7Ug#CH{@NKTT9{A-q)VF0vLDol3%{Li(8xe}Px|;Z*@(Ec!wQ{AvRHs)M=d zfL{q;7g)6dr#9wI^nzA5^pZ>n{KRh83OvM@q1oV9vd8f+vCJFe2~dy7v_QIz^PYs{ z4G8S1Pm>qad8aYQA|J$#vjyHNyj<2#>yZVm;GOUZ(JQ9Ve~HUpLo4TvHdS9@ufgC? zSDG&w+cY}iJn45e`wgISf!xZ2uh_vn z1^-#*OL(=ppKv?-37eSH#)`rtatDdn&}NBWT^OJJemrT+?L6LzKmANXlc!FR{G7QE z|FhZQW!Y1hC1tJk!C&tnO>kQ1Qs!$QdzIC$VBOQ4xsN)(1b=96(KgMZGu5ze>vJDhLr!?u`%ep8C>=OA6%|5F?XWnZZj z9gzD$-rB@o;3i39pQ03g%(si)Y9|dJy@NUNq>UntdiIgFkF<&K6Gx14I0ih7<%#2o z=NZIvg6|!S1UECWWe$04$&O!FeD}ytzq;(mPfH)!vBoy!;Jk{vwBK*=dx>r6!8a z-!Y4J%Em4`GJBfx(Ni^3Tn(jVJML3s4|-`&((jz6oO-1u+T|sECTrCo?MnI_(ofcm za0QM0hiLyU(h`?XaK+uH*Kvrk3IPfbtMI3uz4pv_VA7~)U|}XYf6{wc-WS7@CbFu@7MW# z6EK)dUGn>k@&0w{8gieJcaYRIB)H{lx9D<1^D4i4ByyU3mo&w-fxWuCe0pYQ}diro)zDmuE$fNJTHxPuGZ3(D9^o=llVUJuO$EGlEqW^Iio$B$*;vzqCL~d zuf_50SxJ70x08Ph`L~pmOl@~MJk!aq#Zw%f67p+tXnPC!CGPmwk|Q(7zqO=vsv|eX zQ%ZgMgC2sN2-w?nb%dU^Bl}8yy4(`8vGqW&RdXHvO{q2Jq?bI-~n_yNfTUs zPlJaeD0@bdCOExLXoTNFA5QQWIilItcS$_Lu(M0tp~o8~j{RL*yBT|Ne$G9MA7#4u z{J~37jWF2=$7*4MXS5a$@m!;YNuCi}80Q&gydNT=e5Vq=ny95!Y4Jf?Tu+ZBZt|~a zN!Qwr_CyfBQobbX?}_hT86Rph_>Q^0##Vbtev^5H{AN`@{AN`@{AN`@{ASfv@|$Ze z!Eer9hTqKVhu;XV5uU@rIfLhblb7Z>+pIk2P%qEo@z@=*ZRl&SW34jIlY;ePrAn z_}e;Z8-L9=WbS3(!7B3PqY45t|*7ZzbPs#&%2LJ+>y$haT}wxg+x80jn%7Jp<6JHI3rPQ5Irek+o=wH1B&^Pavi`A^2K+n3lw#NWCT8vSDM@E-fN|8CZ1^I4m*hWE=k0VUn_ zNEyB$th+To$A?%quoh=+_mTLCh#hW632m@u(tH@izHhwSPI`BD6t<&i&3+`dez9Rl zJ~@*Y$e|wW1Y)-h%u+%%#{Ckhtff-<=JM&A*-zQ1x;pc1uF)%;=Wku1oKLpJ1Yf}~ zPUyw#pXOsjzJw<}TPtU7(^YH@k(`l=;f&NEYz|4B*%{^x`R}IP`K+H=cfZMg%P#SO zZ~UrD%Jbhr!Yl2Fq6sJQ80F>z;~c4?sn{jqY{3o-%sko{*yR-rP)bC9&&ppR@Vz8^kVpoa7t|GoK_~LNZ zBnll%&YxhkzRy%^_)lnaHOW;2PNn)|T|aOzm)5k#Sl4&M(~4qU zb4j}#Z3->?APi=*e`>Xf{=&dVS&#p>z>9r2^NxutfmhO>FAcAxaM%E^`0zB~6@7*9 zO1cVotwKJ3F?eJz?Sfmia%Yk<+{Ky9>~|8m`whDClkU{c{7iP$+y^aV;|R=R|4wKb zn}7&nJ5c0q9@j5klYKxk<}u z&~lp4ayqn}j?c_q)k4cQjg}qIve~}?`I^W#x{k9$20!rASCR1x;EQ?iWXYdgr2m$^ zG0|g^tNG3`ysRm%YP-nAOni--sS7xS7C|37B@H>fi21)aQEZ&a!5NZ2THxahiH%tH z9K{y-FYw-K+E#$00vwC@K2#mQ>mr7`>iErfHz(`;o$9(Cc$)n*`PM1gjo6^LP9rmV z`Bp^FSjEmM>(nOlnd3fM%e;(sYUw5~()d$KigA~N&XcsXqGXrA$;_wmf4lxZPJWTkU6aOA7pY+GN5~9P> z-~}<^Y4Cyw(k_B0cxT;b65g2*2H$Yr=`rAK%9|^NukzmkUuaD3q87Tl6nvi_0KV(` zf$uM)E{5-G;c3A4Wzwz$zQ5en7k@7Y-x*=wql0$wl}&M7SK7xvX`97A={fOFYMP;Z zl*e8|F8&Z!UV)zX^#Jcu8+-kew7mQlee(tUJm5pLk)ZJ*^u#IJZzW#mOZfTt+3Od) z7QCeHZK?3A6#RWO{`I0>4!u&#Cwx*%kI>6&`Qd4j->O3j?mY->O#iG-Z0=og>{kxP zzX17N{jhU(4*QG^(9JG*a_;)0vs0!|EKo`&7C4PCpR^()UTuW8ryiX>gXhi#M`t%0 zX}gTjZ-mMWy`B^!bQ)oi5mp;vqY>^R^p8y`FM3#+ZR%iG)Zg#Y&SUh~2(|ti@oFRN z(_bTPml67nQ2Cx-Pl^#bjj+fFtBtVH2zL>N_qPN1b^_ln;2Q+KfBdTQ+|t@aS5dTc zt9^{4Abrfp0tKJ3<96lmN+KPT9dU_MGKM)b$B)g;ylq&`#5=~;Of0uo|3lN5h=M%D zUSI>3b;_WbuRNYScc(h?hrddCdKCW8r=8!3NT^eknVXb|nfsK;ne9r{OtZY)3m6=% zyfJgP?XZ(MiXPKgF#fTL1-J9u!y{>NgxB)S;3<)`1=vpLv;igK8#9TaF~4EPahtTG@RvKX`s36w(~k&mnZ)=9GycS{ z-dN81{383)^oN|YQ+bN{zI7c>HTjDKU#sn|czhj|F%!$)AtAIM>G9@(CB*>ewsoJ*<@_t`Sys z0qbY!zxZf8YrtCW*QxrNa=IGXP^H*TXW=6tcaZerL`r!Ex|iTehNJqe>M=tLGH$HS zt{!tuft-^oBd?Sz!@mkXa9I3iHCzH_1L2drPvw1dGVUEXG?lHjO+@M&71Ad8N)`@|8L5TD-p&>2m>3FK=x z^0oKLCw@3zhVK4V^h|@EtI)&aurn4rmBT3yK~uCl(42gkw&YvU>D;3!w3>?VUdHF^ zrYb*C%B#ny1%l@_*nZ@$VJi>l!B23rjWv|45n5R@v}EaiRRA>nM0| ztj^C)fTvsFU72Gu;YHV${{!)xzIs!+DRn1X+ZO)3Ao726B&hdC|xS1v(@Jj%0l z!O__}lmERS>jq_BJ-nbY`R#(ACI4H&pOSYLR6Klib`{S-c!BkIL$%FyoPDo-;Is3q z+Y3@xG!_86^0XD}3&7j*^cBz_VaAG$1>juyxD_uJfKTP)S8OT(U&<$}c&Pwfpg)@n znCtSQnYx~|fG`!lwU986u$Zuz@E*cC!bOCe2=67_N4S`x^be}YiTuOO82D+#51BcYUEPblR#5K8%tgi`)RLMgwAP|CkVDCIX3O8H%cQhqm~ zl;1-r<@XXw`F9AV{JVrwejlNf-%lvz{e)6JKq%##2&H^8p_FeSl=7{FQofB)%C{3r zd1aPfUL}0n9Ae8b>LMfk1DCP4ArF=f2l)sHo%HK{XVe7z%OawBo6V?CkNv4K$P z*hnaKyhtc@Y$B98ULuq_HWNx6y9lNHZbB))hfvDzC6w~-5K8%X38nl#LMgwWP|DvI zF>>yOT^He_23q13aSQ0l2AlzQq2rJg4UrJfapQqM|4si%=p8wa5_4nl1lgxWX= zwQ&$?;~><=K`7;gu8QcB)Ukk2>R3o9brcgy9rqAQ9g7I1j(Z8Ej>UvhM>Sy$&vKqx zo;scUcKs?Bi+YxgQ=}jgGS(*^|P#4*9(t*|HJ2k!Jj^ zLoRHB=VutdSHROZ!>`BlTX^`Tc&WU<68R?i{+hB)>icWTHL35fE7KCbluQ$z?m5yu zZy)=SrfjQIY%X_^&f5=iE~kdR7NQs32QRNBzHZEm1xJy8v#OP)p}EoJ(|0uTL=G$(NhizFPA zRi5(Dx=Z5DmyyGAHoc8Il*`a1KR|yHA2hjxpje4&SV2F^o+>N5A+V z{Q~?Id6q^f@+_TDTBG1MXiaeV@DDuptgIs<~`8+}?pHC>|ZzGiQw-ZYF zI|!xxG(su=Kl%lF(to3V5swaWJp8b-t=F{K zJcG?fUq}1>PW#p%+UqlW0%k+yy*t|@cC~MIo zL+(`@VWSc5GD5!*D$wy?TgTXhEzh)Dtio>bWT5p++ww%e7>^D2|6AQDr+g7>eg)jL z>Nqc<-^6{xQIN%%Yte5MXJWbNIC0o%vp91tI*#Z!N{XaANVg?qaqe1l9MNx-#KiKK z&~f6vp(bPvRi=uLBl^uIbPKWl{59cd)lJu%N|kNTl)T4&-aPhw_j&V3aXax#>)4J<-Vn*=X=k% z$=MIt>y-4vq+5UgNPbrpZCBYVQ`zO~vDmf-i2sB1Q}z;_Q(XDXUmknd(&rlbEWQ92 z_1CWV_jdXl#hHc0JZ698-V7;wss2h|A29m*JNl_(S1*2TW&h85e}MRn$eiBF(_~+| zeV_QjvDa?hTeQOAI~F*|_gKU0KM-C&d*q7T7tR@s5AlT)p9McSjcvKFuN<(JzW=>Z z|1nG5R{Dt1@Td2_4e?{??pDDa+g2He+~w&n<}5P)1GN$05%$CYzvJah8F9%2j%xm$ zQ6=|GjVei<8d;Jtm3epNOx5otE5>*59z{JAS+Zd2x`&k0d)d1Z-?c#8vhBV1))~H7 z*cc_b+o{;gro(@# zl*qCfjM;2=!Ix-P?tw9Bw!7QDwHf-&5&sXyrQL7CII;xSa_|k|oodX$urd9cy?@!kj37+<0qZhkBC~yYDnKdXs&y z?=-%D58D!bFH>(R^+r)|n?3o3>E!Pqe+ThR*pQ;sVGZw5){GGQxd*<$m|qE2G_$D-XJ-RK~ieR_<}%QfYI?*hhHx*oOH$YP_!?AqMiEoQXjDJHIr7X z+8b`C&T-UrJN4X79g7sjC+CsnJ~GZ^u71Dbko#8^aqeTl>D9{j-9N94cWM?q608b-!sF;ys649BCWuJCEPrACy7f5cLLvr7C?;%n5A-shDBU!*P4ch)x4d)BRl9!FztC5_*ey<#OlH zCrXU>!dlURNBK@I<(`Z+)Mt12Qtd;1H;@;c^&O+1^=fQGSCztdj$*v;lQ*6`*O6zo z8sR(ks1iC3{9hTwHdi zNWI4Uj4jreVTS6;tjpGuB7Bj|dzL6cb-!#F@{%)Vo*O zrrtE_T}Zu6qzmrZsCzkeFQ?un>J+(7`i1UU@DqFTC!&X?C`$c8TWUS9^7u*bo~ExQ zQk01Lrnv$);~nYU`R2R$`ldOScSgE@7X0^3Z4NcRV<-BTKcC;+pOm5uu3xXUqk5ct z+o8KQQsehl*=5T0mA~w(Kk)sx9vLF?-IO0&ukT-e;Fqm^lfBsskF411zP*Awwc$^4 z_re{>hH1!#iSXhX%=Jv>dX^gHy$-m^cWwfkxmTfLx4WQ1bsq=sPk{G(ppC)c#wmFA zX^jq|eGc3>Pg;nyQTE~9M%z%|IVH(E#UAIo%MO22Y`!~a zXFTofqdt)v!^!ss`OXr5NsVgYoO{Dr%6yG7^C&ZvGLP7ze8VdDx`$WV-JjkHuLTzq zgeRy8-bnj!Uqt0@x4lwzw}9u(&~J${%qREj=c*&T;gZ1q{Yjxe{&eVH z)%lj(LBm2wdfkmZ}3@Q3;)cu zE53cU7)>TxV;XSnDAaK_7W|9{KfA!$r_sZnK@W40wuUs} z_0PlW{};S|2RM{%OYn_C@3Zpy2)pp|IE~kXr@j;PRlebxK)w&)$qBr_f%mU6j&NQt zJYIPHZ`9Zet@Kf)j|=Fd#_Jm_ynbab?%1hUc)g8!)2Md?^@j6$;q!Z_^RLJ22Y(4( zpKw`TFYEq6zv$)joCDQ(yw&C+_v+ln!#!u-@$l}PN!n5;uW}`