From e4a60f94a9fd9c31144280148f5ff84607983f5b Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:34:30 +1000 Subject: [PATCH 001/148] Convert kust to helmrelease --- deployments/manifests/20-dev.yaml | 18 +++++++++--------- deployments/manifests/20-prod.yaml | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index 0e1ebe5..49a48d0 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -1,14 +1,14 @@ --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease metadata: name: home-server-dev - namespace: flux-system + namespace: home-server-dev spec: interval: 1m - path: ./deployments - prune: true - sourceRef: - kind: GitRepository - name: home-server-dev - targetNamespace: home-server-dev + chart: + spec: + chart: ./charts + sourceRef: + kind: GitRepository + name: home-server-dev diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index 1f5d4bd..c64ba16 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -1,14 +1,14 @@ --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease metadata: name: home-server-prod - namespace: flux-system + namespace: home-server-prod spec: interval: 1m - path: ./deployments - prune: true - sourceRef: - kind: GitRepository - name: home-server-prod - targetNamespace: home-server + chart: + spec: + chart: ./charts + sourceRef: + kind: GitRepository + name: home-server-prod From 49941189be0eb1e3be6b21b65e91a80669eaba6e Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:35:58 +1000 Subject: [PATCH 002/148] Use homeserverprod instead of homeserver --- deployments/manifests/00-namespaces.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/manifests/00-namespaces.yaml b/deployments/manifests/00-namespaces.yaml index 73496f4..6b84b30 100644 --- a/deployments/manifests/00-namespaces.yaml +++ b/deployments/manifests/00-namespaces.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: - name: home-server + name: home-server-prod --- apiVersion: v1 kind: Namespace From c27c7b3c29e2e9f86c637b8125d8c6ac20d9cb49 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:40:50 +1000 Subject: [PATCH 003/148] Set chart to root --- Chart.yaml | 11 +++++++++++ deployments/manifests/20-dev.yaml | 2 +- deployments/manifests/20-prod.yaml | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 Chart.yaml diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..14cdfc3 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: home-server +description: A Helm chart for deploying the home-server application +type: application +version: 0.1.0 +appVersion: "1.0.0" + +dependencies: + - name: dns + version: 0.1.0 + repository: "file://charts/dns" diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index 49a48d0..183d44f 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -8,7 +8,7 @@ spec: interval: 1m chart: spec: - chart: ./charts + chart: ./ sourceRef: kind: GitRepository name: home-server-dev diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index c64ba16..286eb99 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -8,7 +8,7 @@ spec: interval: 1m chart: spec: - chart: ./charts + chart: ./ sourceRef: kind: GitRepository name: home-server-prod From 72de10f09da40ea7d53c64225a4a4ee65e09d2e8 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:42:42 +1000 Subject: [PATCH 004/148] Repos stored in flux-system --- deployments/manifests/20-dev.yaml | 2 +- deployments/manifests/20-prod.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index 183d44f..c313f7a 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -11,4 +11,4 @@ spec: chart: ./ sourceRef: kind: GitRepository - name: home-server-dev + name: flux-system diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index 286eb99..77b349f 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -11,4 +11,4 @@ spec: chart: ./ sourceRef: kind: GitRepository - name: home-server-prod + name: flux-system From 6635b1285cc118250f2bc7f2a92f821d0c988cd9 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:45:41 +1000 Subject: [PATCH 005/148] Honestly. I'm too tired. --- deployments/manifests/20-dev.yaml | 3 ++- deployments/manifests/20-prod.yaml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index c313f7a..300838c 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -11,4 +11,5 @@ spec: chart: ./ sourceRef: kind: GitRepository - name: flux-system + name: home-server-dev + namespace: flux-system diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index 77b349f..9dd5a3e 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -11,4 +11,5 @@ spec: chart: ./ sourceRef: kind: GitRepository - name: flux-system + name: home-server-prod + namespace: flux-system From f798f2be87fd0d18a2de2a340463ddbea1ac2123 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:49:08 +1000 Subject: [PATCH 006/148] Fix duplicate declaration --- charts/dns/templates/bind-slave.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/dns/templates/bind-slave.yaml b/charts/dns/templates/bind-slave.yaml index 091e96e..249e40d 100644 --- a/charts/dns/templates/bind-slave.yaml +++ b/charts/dns/templates/bind-slave.yaml @@ -119,13 +119,13 @@ spec: apiVersion: v1 kind: Service metadata: - name: bind-master + name: bind-slave namespace: default spec: type: LoadBalancer externalTrafficPolicy: Local selector: - app: bind-master + app: bind-slave ports: - name: dns-udp port: 53 From 95f83776a62d0cbe7de68419e7b843d421255de7 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:51:26 +1000 Subject: [PATCH 007/148] Remove slave for now. Master worked never got slave working. Need fucntional to move to dev --- charts/dns/templates/bind-slave.yaml | 138 --------------------------- 1 file changed, 138 deletions(-) delete mode 100644 charts/dns/templates/bind-slave.yaml diff --git a/charts/dns/templates/bind-slave.yaml b/charts/dns/templates/bind-slave.yaml deleted file mode 100644 index 249e40d..0000000 --- a/charts/dns/templates/bind-slave.yaml +++ /dev/null @@ -1,138 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bind-slave-config -data: - named.conf: | - include "/etc/bind/externaldns-key.conf"; - - options { - directory "/var/cache/bind"; - - recursion yes; - allow-query { any; }; - - listen-on port 53 { any; }; - listen-on-v6 port 53 { any; }; - - forwarders { - 10.40.0.254; - }; - - dnssec-validation auto; - }; - - zone "." IN { - type hint; - file "/usr/share/dns/root.hints"; - }; - - zone "hxme.net." IN { - type master; - file "/etc/bind/db.hxme.net"; - allow-update { key "externaldns-key"; }; - }; - db.hxme.net: | - $TTL 3600 - @ IN SOA ns1.hxme.net. admin.hxme.net. ( - 1 ; Serial - 7200 ; Refresh - 1800 ; Retry - 1209600 ; Expire - 86400 ) ; Negative Cache TTL - ; - @ IN NS ns1.hxme.net. - ns1 IN A 10.40.0.110 - @ IN A 10.40.0.110 - www IN A 10.40.0.110 ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: bind-slave -spec: - selector: - matchLabels: - app: bind-slave - template: - metadata: - labels: - app: bind-slave - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - securityContext: - fsGroup: 999 - initContainers: - - name: fetch-root-hints - image: debian:12 - command: - - sh - - -c - - | - apt update && apt -y install curl - curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints - volumeMounts: - - mountPath: /usr/share/dns - name: root-hints - containers: - - name: bind-slave - image: internetsystemsconsortium/bind9:9.18 - command: ["named", "-g", "-c", "/etc/bind/named.conf"] - ports: - - containerPort: 53 - protocol: UDP - - containerPort: 53 - protocol: TCP - volumeMounts: - - name: config - mountPath: /etc/bind/named.conf - subPath: named.conf - - name: config - mountPath: /etc/bind/db.hxme.net - subPath: db.hxme.net - - name: dns-secrets - mountPath: /etc/bind/externaldns-key.conf - subPath: externaldns-key.conf - - name: bind-cache - mountPath: /var/cache/bind - - name: bind-rundir - mountPath: /var/run/named - - name: root-hints - mountPath: /usr/share/dns - volumes: - - name: dns-secrets - secret: - secretName: dns-secrets - - name: config - configMap: - name: bind-slave-config - - name: bind-cache - emptyDir: {} - - name: bind-rundir - emptyDir: {} - - name: root-hints - emptyDir: {} - ---- -apiVersion: v1 -kind: Service -metadata: - name: bind-slave - namespace: default -spec: - type: LoadBalancer - externalTrafficPolicy: Local - selector: - app: bind-slave - ports: - - name: dns-udp - port: 53 - protocol: UDP - targetPort: 53 - - name: dns-tcp - port: 53 - protocol: TCP - targetPort: 53 - From dfd175956c8602d09097951f05ab7c2de45c52d0 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:34:30 +1000 Subject: [PATCH 008/148] Convert kust to helmrelease --- deployments/manifests/20-dev.yaml | 18 +++++++++--------- deployments/manifests/20-prod.yaml | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index 0e1ebe5..49a48d0 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -1,14 +1,14 @@ --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease metadata: name: home-server-dev - namespace: flux-system + namespace: home-server-dev spec: interval: 1m - path: ./deployments - prune: true - sourceRef: - kind: GitRepository - name: home-server-dev - targetNamespace: home-server-dev + chart: + spec: + chart: ./charts + sourceRef: + kind: GitRepository + name: home-server-dev diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index 1f5d4bd..c64ba16 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -1,14 +1,14 @@ --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease metadata: name: home-server-prod - namespace: flux-system + namespace: home-server-prod spec: interval: 1m - path: ./deployments - prune: true - sourceRef: - kind: GitRepository - name: home-server-prod - targetNamespace: home-server + chart: + spec: + chart: ./charts + sourceRef: + kind: GitRepository + name: home-server-prod From 0540bbe6f352e3f83004979ebe8b78e9ddea0eec Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:35:58 +1000 Subject: [PATCH 009/148] Use homeserverprod instead of homeserver --- deployments/manifests/00-namespaces.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/manifests/00-namespaces.yaml b/deployments/manifests/00-namespaces.yaml index 73496f4..6b84b30 100644 --- a/deployments/manifests/00-namespaces.yaml +++ b/deployments/manifests/00-namespaces.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: - name: home-server + name: home-server-prod --- apiVersion: v1 kind: Namespace From 3bb8a876d2be20c4ef8e0aa25620087e6a61908d Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:40:50 +1000 Subject: [PATCH 010/148] Set chart to root --- Chart.yaml | 11 +++++++++++ deployments/manifests/20-dev.yaml | 2 +- deployments/manifests/20-prod.yaml | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 Chart.yaml diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..14cdfc3 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: home-server +description: A Helm chart for deploying the home-server application +type: application +version: 0.1.0 +appVersion: "1.0.0" + +dependencies: + - name: dns + version: 0.1.0 + repository: "file://charts/dns" diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index 49a48d0..183d44f 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -8,7 +8,7 @@ spec: interval: 1m chart: spec: - chart: ./charts + chart: ./ sourceRef: kind: GitRepository name: home-server-dev diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index c64ba16..286eb99 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -8,7 +8,7 @@ spec: interval: 1m chart: spec: - chart: ./charts + chart: ./ sourceRef: kind: GitRepository name: home-server-prod From 081e75688b11f124c151069005eb91961ced75a8 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:42:42 +1000 Subject: [PATCH 011/148] Repos stored in flux-system --- deployments/manifests/20-dev.yaml | 2 +- deployments/manifests/20-prod.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index 183d44f..c313f7a 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -11,4 +11,4 @@ spec: chart: ./ sourceRef: kind: GitRepository - name: home-server-dev + name: flux-system diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index 286eb99..77b349f 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -11,4 +11,4 @@ spec: chart: ./ sourceRef: kind: GitRepository - name: home-server-prod + name: flux-system From cd400204fc32a4ef4fa1026571c37c158464ac01 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:45:41 +1000 Subject: [PATCH 012/148] Honestly. I'm too tired. --- deployments/manifests/20-dev.yaml | 3 ++- deployments/manifests/20-prod.yaml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index c313f7a..300838c 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -11,4 +11,5 @@ spec: chart: ./ sourceRef: kind: GitRepository - name: flux-system + name: home-server-dev + namespace: flux-system diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index 77b349f..9dd5a3e 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -11,4 +11,5 @@ spec: chart: ./ sourceRef: kind: GitRepository - name: flux-system + name: home-server-prod + namespace: flux-system From 99e69421a86718e05192cb8eb86dd3aa153d381c Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:49:08 +1000 Subject: [PATCH 013/148] Fix duplicate declaration --- charts/dns/templates/bind-slave.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/dns/templates/bind-slave.yaml b/charts/dns/templates/bind-slave.yaml index 091e96e..249e40d 100644 --- a/charts/dns/templates/bind-slave.yaml +++ b/charts/dns/templates/bind-slave.yaml @@ -119,13 +119,13 @@ spec: apiVersion: v1 kind: Service metadata: - name: bind-master + name: bind-slave namespace: default spec: type: LoadBalancer externalTrafficPolicy: Local selector: - app: bind-master + app: bind-slave ports: - name: dns-udp port: 53 From 94f86472e7cbedafeea25c51555e6512d29bf0ad Mon Sep 17 00:00:00 2001 From: j Date: Sat, 5 Jul 2025 23:51:26 +1000 Subject: [PATCH 014/148] Remove slave for now. Master worked never got slave working. Need fucntional to move to dev --- charts/dns/templates/bind-slave.yaml | 138 --------------------------- 1 file changed, 138 deletions(-) delete mode 100644 charts/dns/templates/bind-slave.yaml diff --git a/charts/dns/templates/bind-slave.yaml b/charts/dns/templates/bind-slave.yaml deleted file mode 100644 index 249e40d..0000000 --- a/charts/dns/templates/bind-slave.yaml +++ /dev/null @@ -1,138 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bind-slave-config -data: - named.conf: | - include "/etc/bind/externaldns-key.conf"; - - options { - directory "/var/cache/bind"; - - recursion yes; - allow-query { any; }; - - listen-on port 53 { any; }; - listen-on-v6 port 53 { any; }; - - forwarders { - 10.40.0.254; - }; - - dnssec-validation auto; - }; - - zone "." IN { - type hint; - file "/usr/share/dns/root.hints"; - }; - - zone "hxme.net." IN { - type master; - file "/etc/bind/db.hxme.net"; - allow-update { key "externaldns-key"; }; - }; - db.hxme.net: | - $TTL 3600 - @ IN SOA ns1.hxme.net. admin.hxme.net. ( - 1 ; Serial - 7200 ; Refresh - 1800 ; Retry - 1209600 ; Expire - 86400 ) ; Negative Cache TTL - ; - @ IN NS ns1.hxme.net. - ns1 IN A 10.40.0.110 - @ IN A 10.40.0.110 - www IN A 10.40.0.110 ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: bind-slave -spec: - selector: - matchLabels: - app: bind-slave - template: - metadata: - labels: - app: bind-slave - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - securityContext: - fsGroup: 999 - initContainers: - - name: fetch-root-hints - image: debian:12 - command: - - sh - - -c - - | - apt update && apt -y install curl - curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints - volumeMounts: - - mountPath: /usr/share/dns - name: root-hints - containers: - - name: bind-slave - image: internetsystemsconsortium/bind9:9.18 - command: ["named", "-g", "-c", "/etc/bind/named.conf"] - ports: - - containerPort: 53 - protocol: UDP - - containerPort: 53 - protocol: TCP - volumeMounts: - - name: config - mountPath: /etc/bind/named.conf - subPath: named.conf - - name: config - mountPath: /etc/bind/db.hxme.net - subPath: db.hxme.net - - name: dns-secrets - mountPath: /etc/bind/externaldns-key.conf - subPath: externaldns-key.conf - - name: bind-cache - mountPath: /var/cache/bind - - name: bind-rundir - mountPath: /var/run/named - - name: root-hints - mountPath: /usr/share/dns - volumes: - - name: dns-secrets - secret: - secretName: dns-secrets - - name: config - configMap: - name: bind-slave-config - - name: bind-cache - emptyDir: {} - - name: bind-rundir - emptyDir: {} - - name: root-hints - emptyDir: {} - ---- -apiVersion: v1 -kind: Service -metadata: - name: bind-slave - namespace: default -spec: - type: LoadBalancer - externalTrafficPolicy: Local - selector: - app: bind-slave - ports: - - name: dns-udp - port: 53 - protocol: UDP - targetPort: 53 - - name: dns-tcp - port: 53 - protocol: TCP - targetPort: 53 - From 07a524c68eb0efbddc843800735008b1d2467475 Mon Sep 17 00:00:00 2001 From: j Date: Sun, 6 Jul 2025 00:05:57 +1000 Subject: [PATCH 015/148] values per env --- charts/subcharts/Chart.yaml | 10 ++++++++++ charts/subcharts/templates/namespace.yaml | 5 +++++ charts/subcharts/values.yaml | 9 +++++++++ deployments/manifests/20-dev.yaml | 2 ++ deployments/manifests/20-prod.yaml | 2 ++ 5 files changed, 28 insertions(+) create mode 100644 charts/subcharts/Chart.yaml create mode 100644 charts/subcharts/templates/namespace.yaml create mode 100644 charts/subcharts/values.yaml diff --git a/charts/subcharts/Chart.yaml b/charts/subcharts/Chart.yaml new file mode 100644 index 0000000..24c4e23 --- /dev/null +++ b/charts/subcharts/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: home-server-subcharts +version: 0.1.0 +dependencies: + - name: mariadb-operator-crds + version: 0.38.1 + repository: https://helm.mariadb.com/mariadb-operator + - name: mariadb-operator + version: 0.38.1 + repository: https://helm.mariadb.com/mariadb-operator diff --git a/charts/subcharts/templates/namespace.yaml b/charts/subcharts/templates/namespace.yaml new file mode 100644 index 0000000..1bef2cc --- /dev/null +++ b/charts/subcharts/templates/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.mariadbNamespace }} diff --git a/charts/subcharts/values.yaml b/charts/subcharts/values.yaml new file mode 100644 index 0000000..b7386ca --- /dev/null +++ b/charts/subcharts/values.yaml @@ -0,0 +1,9 @@ +mariadbNamespace: mariadb-system-dev + +mariadb-operator: + fullnameOverride: mariadb-operator + namespaceOverride: mariadb-system + metrics: + enabled: true + +mariadb-operator-crds: {} diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index 300838c..a904cd0 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -13,3 +13,5 @@ spec: kind: GitRepository name: home-server-dev namespace: flux-system + values: + mariadbNamespace: mariadb-db-dev diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index 9dd5a3e..43225e6 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -13,3 +13,5 @@ spec: kind: GitRepository name: home-server-prod namespace: flux-system + values: + mariadbNamespace: mariadb-db From 2a56922b31d23d3fea0cc01d07c242b06126ac28 Mon Sep 17 00:00:00 2001 From: j Date: Sun, 6 Jul 2025 00:11:35 +1000 Subject: [PATCH 016/148] yolo? --- charts/subcharts/Chart.lock | 9 +++++++++ .../charts/mariadb-operator-0.38.1.tgz | Bin 0 -> 82024 bytes .../charts/mariadb-operator-crds-0.38.1.tgz | Bin 0 -> 69872 bytes 3 files changed, 9 insertions(+) create mode 100644 charts/subcharts/Chart.lock create mode 100644 charts/subcharts/charts/mariadb-operator-0.38.1.tgz create mode 100644 charts/subcharts/charts/mariadb-operator-crds-0.38.1.tgz diff --git a/charts/subcharts/Chart.lock b/charts/subcharts/Chart.lock new file mode 100644 index 0000000..e6f2224 --- /dev/null +++ b/charts/subcharts/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: mariadb-operator-crds + repository: https://helm.mariadb.com/mariadb-operator + version: 0.38.1 +- name: mariadb-operator + repository: https://helm.mariadb.com/mariadb-operator + version: 0.38.1 +digest: sha256:488ca12800fb05f4a89dd178558f544c44f0d7af11bb07010031e45e38df3a28 +generated: "2025-07-05T14:11:03.425098652Z" diff --git a/charts/subcharts/charts/mariadb-operator-0.38.1.tgz b/charts/subcharts/charts/mariadb-operator-0.38.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..828bdc5ab0992a6222e9556627ba006c09b17c8d GIT binary patch literal 82024 zcmYJ4Q+Or7wr*oPE4J;VW81cE+wR!5ZJQn2=&)m_V`rV-ci($%J=Rk_)K_!XKgJ}A zfdPR0X8~zI=!~UQm`$bRf5>@rbC|GcFq^4zSnH^A|4`J>_#v-pXJhPO=B=je$S-AX zXAg4qwdJ$jo=uGK;;av;qkY+wS4MkHzqu%Q-by+d#j|TgPLXx)Mk$M!J9Ft58CRFUW+L4p))-?z7-EU*O%r==XEXS6^P>?_KY2zuPy# z;On-h!Xolm(Ralyx(;>xZAlfQ*g&CFV>E)0oE_BI!^ipS$=&J6xd};@Xg`2AcGIs# zY%lVAmJANQix$}EeRiR5m>`&+XD9&86|EIqP$6YG?2|A?CM(j}5 zTZd?rlBWBjNEL}BZ_n}G%t9rXX3qyr12XA7ZMO6%`|Ga9v%{_syqkN*aTqMyl z_^-X)Ev9AQ&R6iapcswHi*MNE7i6Rk%bu1^tgYn?U&E{0U)Q16o8QxU z=kS5=_zu2I`9xROePLF}H;x~My=%N+x4)f(0||D`ls?kt3)R zHZ(TNAXZ`pQ82SHzFd+WUl?jG8PWcP5;GzF5W@+)_CPYZwtlV@aY5ks;o|64OUIty zH+QFwkp+)Ju@P)J4D$#mRnRg7s9+ISw(LIFF#a!)S8AjQRx#9qpcb5cun>`;3j*05 zMqPBTK?I0IGPqXJ5iDT z;1gh;H7oYoij4ziSq|O0IGecmpwqE}xL`wE(Tp6uVdg9xVFfE9iz0KR1<~ukkWRrk zVMWpZy7L6PjKD!>QIkmIG1HJbab>{E1a*t$!l#N9B0+H&6|WNnEvl$xsK-!^PoMsc z*};PGXW9BNIi=WsF}V5YVS2G(dN#PZ5ozt|1DXKC1-G{Lc6PkaORmqcd_S08UiP13 zLcgvZ%SQ+0@qb>SQ-HE<%ogJg&0O(96(5xzL8OiD&zcvx*rHeDL z2l2N_g_0zPQN;T*ZJO``!dtSmzNZb3UA{ScWkEu$7nED|L) z>v7IS@|od!tZykF${JiiL^%5N0*p=U%V-S0Kap%~S!`Nra*2`u0hyPx-yb@Q5~IRE zUWgMp#osH0al$VKq=pq|FBu^X-SmTgON8_Y1!FI=L|J$-vXF_5mR*q}9D=Ygi?fM9 zsx>vSL{Xv%Sp~+Ibp6hRYvonihK~)O-HOUcO+D-~{M5@f%y_t0?2J#b10@MwF%4qHo z4lbx~AFcrrSzB+QXVbLj3|D8q1p^*6)dg9dz5ph@WcIE{Sj>luU>*gN@hFOd7{}sF z8yRd5R!M9Or4mm_K9k%2lLQn${NL49fzD}Yc@bBJLAV!jmtzxBNpTtFt;rupWtp2&q~@ zZBg$Q%j(nJ@1r3?AlS)rEz_E-4#+7%vzVAnqYDG&NXKYKe27+us@}*$aaHBWe}GSH z=t@V}P&H|Bq~#4JS>#*@{)kN*gXm1P#3e@6O4QZflTrndz^?$YMkA)68U=lXAW5p> zrR?9Q2u`qMBi|4wUYPyyw5zx>S3svjIa+Rr<&<0^JrFMd?qY6PR|QF&4qiSXm_)i* z)*%!?I=9~9Ew(gX;W;4-z`)px4dx49eoIF_PGZv9Tkgpu9Xs+XcO2WtWhhJcCfy*$ zC5hjFNMV?C$k8D-$3h;`HsjZbjupL>4wvX_V<3yKYvXUZ>PNRf+0sQBJARdD5@cW< zI~@@miltmaxOYF8M}=k+q1$+~`T2?1`^y+DgxY*2MJfggjwdGwD1(MFOc4Z1mJ9?( z8Hx0vK5&ZvAsp0z`syC|(GYTr{AcF{Crq@FE!tGZVl-eHlExs&v7vsBqG4fWmaZ#+ z2FsG6?hO|r(;2`5D!#%G0WH$lBfbntvW`d}98_+b_7*G+DVhkkX^Yu{2YJmA`MbSw zM|!&-Ias%(iP{Cc5Mm88iDRBAt8Izg{Nz{;giox?M(WdtY?V#to36T78_QXm;r&a2TK#^A`^zfqXnly+ewqr zUo>1r<>+J}9MfHA+SD@jsGTcipn;HlXbPI1L3LwPV6}y`eWT(JJ*qgTc^-W@_07s9 zME^-^lLJYe35h}yAbZwUSQd8Ialz!7mJyt*sU+V@Nu}Ci?m);7FkX#A&}l@jfRx4h zSq81EjIPncxK@N%vlQ{P5UGAX@@_R+{b-WMVfs>n*V1Z=0fTlBvKg1JC-$D0mg`nB z+^EfD9;72f6JDyukOr<%G|7Up5|*LH<6cl9Ltv|=laLf@V(o#8rO=OuQBBYyf3eC+ zfui0`;K}?PRGrF8bE~Fts}?+A>j^00cqh2aDEp%vc;d$Q^Riy`{%G7_=`K@VrRsPx zP*?5#Oi_P@Ph3b|hY+z{dR{eiUWOwrA|+wA;kqe zBNbald*rtGq$NrpkiNL1Ii2X3>k(u=alfLJDDn^UsS8QuF<lM_UyIgqPJf4@3`i z4^syg%^7W{&QVAICijHETl#iLkeKT)S`0`SH!M>Ip9^ucdC=tJB6m&n#eZc%_ zBpl8mMiI!4G^U+uV=6N=Dw`8H_|>$%Un8OjJ_UZ0e3|kD#M*-!ctBUrfOZ8_rYQ}& zC}X_8w}})=nKR!WCn6{pdgUnown%xYHxb_`Iy-8QnhZKXn#Ggq^8+-6*|@jwjNv<%6Vr+auXa#X zVHyj%HQit}dN+_Nx|)Wbu|*1mp1A^x6H>(c8dX1JnZ>32DY8g&F(|Sx9G;TxY=oau zoT`W1Q=PLL-3OW#RHt{y3n-=NCWL2=G*hFqgFMrcvW@C!Sul(Q!6v2KALqQdPga=8 zo-}FY{lQ0%LO~R1N@c48+tVhOTpaZx)OS!pT;C2k^7HB3-G|RKf+}<`x?ZaSzJ`aL zh9j*n#bi05^5gd=+Nd%|#dO_a2N&g>(>SqdSw!Jkbr?1o z-+__$<3zdz2@1C+B*70Muk~cd0(@@~7; zMsH)KsG2)7k+Z?P+>L~f&OJ>fV69QwW z6t=7nf(5@TUyt}-8A$Lk8kK(*i^h&Gmw}mSq^})mnk-xSZQp6*-*h%J$uw+6a*7jD zu9~tqT)ic2mPIWO0BM2 zmcN=_t%yfvZ#aX5J;6(YPn0Lx&m6|ipK~>ZejNz6TQR;VktbNOTEQasDpJi}Gg--@ z<=rT_5@|>woJiE>?`Icvcxe6cqk8P%2**n&V%WB|m8Fuvjx*og0CsFVz`fL};XA;# zusOSS*|vRMp!#Xn6;z&pax)as)lY9}-;rR3_kHocj=iUc$(Y@EP=`C1W`A~6HU#8bM}VNt!S<0h!O8?-E5+Z^EoI<_6W9X% z3INqA0`F0{bhMC*q_x|J!Gz&WDsWTm%Vi?~>NoCnyeF2>&R@g(^ebNEWBqG(BJY60 z@m9d^Yc~E_|1$wug8fywwHJJ7qja%+H_aSW8+_HJ5v3)t_peb~=5U0!ph{)}bVq2Z zTK;QUbgBV0RnVZ7uCs5$A#ScumGZ7`aP&q~^`v&g2NT_a1w+f5=7YIw^yab@G>5V7d1cJt#-4X}fz1TlZK}AdJG&(+@b*2!W#|^7dvXww5}=LVw*QS)jFvO zp{X+>8%?qs1_RyDOP=0llvKnAp*Aa+ks{{}dCM_&D&+F)p`$(|VVQCJJ+&_>G*5+Z zI)qR?K?AUucil=9iitS?yb?uS4)kl*-zG=mYl|v!67|yrlKLkX*_@H+x>_ynF5eRw zUAOfU9MRbtF2ScVLq`#7VM<#ytRJ+ewq3&)*0wwMBQpZcJ8ZXY*F2tzHB|0|c`q9c z%@J15_TgBSTKMghrIs~gR4b&!*3rej__mYto4cXj6~`FeNswS>N@G0ONOmw@*$@>j zzf|)_Ky6Az_L(T+R@nX~1lpA{Xt7Uu{2mhM4=-auNJyIEalwA1@#cih?m04v1%W?I}TZ| zE<7)+WqI^}KmId)ov~F$3l9O_KVfr~Y6D>=kp32P-Jhv8HmcFnR2TjeSOTV3m6oYwP|otRF@IW*j-odjJ;v!EX&*(8pa5(4yau)Q ztebLzH;<$Sr_G?~>;wgXtD>G@7#Qg7?sGT2Rl->Tsl|$@pYLWFRrSDS!+RrBB=I)y zctuiV{%O=(CfkKBg|q35Otkv#euL7MQ?8 zPYKV$^FEtik()(vc^a`+?AKcs`pxuQ@l_9L-2=4$7VKfG#xHXge;{kBzWjchIjfg;S31+rf0#b9sQ~gx|Igo;22q z^@g;Z46a^!i6H6)nA#5*RABO8?%IU0cbuu@P2}w&Fyt%aNjqzmgD(leD->s2cjfO{ zT&+jEGb_m6M2R6Z1Y$>u?h)yqI2E`40OI&5|D?s|@bX2(Xs;q`_@=`V9Q6?3ODiq^5pv1$VzM+amXuK9UC>1Z+AYLt*o$K>T0;g>>wozhN_OR%%p|I6 z{y~F|iqaV)M!Q;`o|mKiVr120CsZ-0?@+MH`*qnH%6%WmUfqUl0_DDoJw277Hp& zVpViK4K>}9G47lPRxX>@$9>;k zoCKtot56AS54T^|;S5_(Tx`Y;6$x(AzV> z$Jy=a<{+bmQ*tl2+ncDP3lDE&55G^KkL&&TX>)xbmq_2gCa8j3vc5~2F~$DRN6NCM zUcfki(MASxi zrcp|Il2XO02*tLqMXEEaw5aNr$VJUT<17>{l&{SqPpbSzwqkJEiI{`FLG~(ZzbpK- zGT6-m_=5Fz5_Qf*IlkcxyB=$})YG(t7iZ~YhT(dtaTGot)#7_(Oz0Fu<0~hu`P3OS zX0t?FmA;sxMYSx0bhQO_jMr%AYcGZqBsItPrjYdVi3m6!i#Y^ZEe0}w%5&7U+E0A45i&)#B%H7>ZHfYirUV z68rXC1Y*xsHh@dTd|P@34paj7e47Mcf&5aFpMn?LEYb6Vk$4iG9Wmp_7I&39v}+-& zw8i=@W`q#~BjbOFltV>4$0Kn;7zt513hGBOhH*SBi6U_)`tpeI_x(o@KAU!f-7ig!+2K%(Na*_3m}+KrD0q&~yT^Ia63K&GZgBI~Q(>F-=dp*qn1fjs`rF7oS^46tca#=aKN zv|vH)vG9a_lorrs`GS!~5OX}s72UZ6@CF?*_BXZZ=R=Ehg-Ed?;3p0!;_su@N!N&Y z!<4s!G&3-0KaTv?x@iRqn(473cu?AbI!r9lMr$lb`J`NFZRcIZh$jD;e0FQr9iOz? zx&X6-o9rw445^XkM(dfgdI64pw9sANzr73aS(lzcn2ld~Rtk(+HmaUH!JeUE_th0; z52P-Te99me54#ZDa156CgH4XGsJXK zNjG7oa~T?A+{-%8Z9L?BAJ@a6EWU}>Gpg>za6DbJ*zDN&pn~*REjsnms-C7uya+lK z!m4`7y75uCKw#UIHtj#5epn?xb1#5JUy^)+A5$h6THzf*)`j8?W4+rNIS11Tqp<&LIPSXOi_d z!TuQOqWI2;SRI?c@0?PEyk}|1hP%^~8->n>TKoi;3$;2Cs1R;KF@XXQQ3pt4ihL@C zjE&7BI|I6xfa(ZBvyXw6zPE*yz@1%hf&WxkKdW~^t6)JMhQIt&F#6L+b+UDwR-Mp@ zFNJ?Jt||S3N#px0?kW1JXwdxZ+$Cv2JLoK09l(4DO={6Ug*owJTJfm!Ig~q zs5o$)_pXQ0{(BD^dOqg6phxs`{a0!TX)? z{Vmd#rykN@cVOqc9D){4<@VbAaI5Cd{p_iq{rJ~*+xJOB^@uS)ULmzehhYg$5pMjG zQQhpek#JD|Xe@fSU!3TSyzen*goa3kh>v&zX@;NQEV*<8x5&`)RDO*Gfb6BVDLzg2 zE^BABMlXHLf^V}fOC38kSwh3fU7lpdepa14yjBW!v+Bt@RZIg(48BEL;o%NuFvt2qh7Gu0Do(}lgA6iLND&a-mxy$AnG#-M|u0U&XBnPF$= zbd%)d*8(2u1?oBT3l)SdGBk`dW&9CiL<8+>1*jd!*_CgDo_Qax5yy8AP@BE~ZujWK^)}AP z8CUo1a~ZJ2ZuRhAo#Vu)`*I}IRx1oa%hbubRKyT|O)cksFmukjsC}m5*zvxtSM;BX z%SfIM%jqsyaod{nEqFJRy=BYDO2-havR3G06@22J!@gV7t~VbOJn(MMd@*4ALY;NJ z2svk7tag}|)0}bL!PlH|vi6vE)y-TV&P}&qzh(QXa@4!tyJRiszMyJzW{7xI^e<0a zZ=V*c$u3yovur{tcxR`Q%dys_)L!{0E#C-hRFnVv#pTHjfc}`TUKea13na43_#E)? zg!-5dO&vD}p1Xk_f7yoEGUl=GaqA0MtM@m^QZEPB0$F9i-&piz&e`=krfCpMC4HpJ zIF_FDG_(;LE|#Wr)cF6FrIv3(_vNzMJ|^j@WI6nb=&EIHd*z!cOT$d^j+~~$`jILf=>PfxM#tM1WerT|q~#BDPZa>2Z4A1BOd@*peM{2U%Obw+{rK1OlMChnNc zxh;7(k^eCAW5V}Q7S+&o2(0bQto)vi@8FNFKY(HJP?!W9YX)iU?iCK_MOU>;`gMKw zz1I6!!}Wvy+J}I2$}$M(&)LIv{3QeG*LWnm@XWugOR{A`d?Ma0l6V-6E=QB-XH@tc!;+BN0+ zqw%YGe*D1kwh*ZM^xm-cdW+=?`L#C}6FLO^FrMlg2@IH!9kJmEzEpzvp+{?x;D4PF z(`EbGy@V0*)sQCsWi4d;9f8#|`kL@{oo5Ub6g$rVwhe*KA0*JJUw_gHpADOOC1G$0I&qGeYz0g$XP2ktkuTCw&HQeV# z>VqA}-_V;@p~`2#)sp9L8hJ_27x4OqTiJuN>*8~^n}wP`?3P4o3h$Z)z= zqEugOOSsjiX-EvYu(HRx1JY=jUDB3DB!eRCRLv|^x0*-?e%=HnxMh@Vm;8LTSl?U zm8i!SL-rJC794^yPbRY1J(v08J20?e5O~WcxIy&#uM!mmyH0Qyqk`vxaNO>D1d}q$ zJMAA@A(@=%|Kc`DS+v}@3C1y!rbp%*#H5B9x`+MS6?Q2R^jGCSt{}?vm&{Y~ z0R~`49~Mu6z<&pWmST~{=HlfxFOim;+)EmlM86{IEUQ+%e_1^G={+K;OXTCAFJlcf z%q7h0<<1NHe*bN?3-p~w_UMTD2=wg)0*$Av9+%hF<|Fpm{<7zJGfO6EAx=OqQ)HqO zjtxQN_JTX^=?5>TwA4(tES?nvcI%8uya$XG`Hs$;;Pqp}ND-k%ObRy~_v zOs^DduTF4gCu0wbR{V&*GY{&|g-lG?bc8KE!+AX|P}z0&ZGLfSUS0~R=hsNn-?#kM zjF&ef>TGAl)hAC%ZCoJ~-H+RFr7{G^2ZiYkA{U4RO!kIPFP^o`4{DEaA&f)`;(lo+ zgCI+Q2>%Q%>z9)-ShakvE!>t(R!Si;oWWHfnW!E}*HTS*ztY^STk0_!>Y#=R?g&z; z#`$``Y*3xRBpbp3i8cW%ybV3j9Nd>zo2JO6UQ-KlLzZAIM}|h_x{X4_OWY25TEXsuHyIB4Iu*<9++#gZr>C?24R{QokA7eO%=n-H;`S-} z{}}QWG9&c(OZfSZ5(Gfr4kdYyuI9Rs^2es0B63mnTR|TYxKI-OA(CStbw;6#4W$8d_1*%9^aK6J(cE=v zs+DU*iZ=7Wmu<{bFa~244*4_D&|s)@DW!rs|07^vvkVzbPGU{hMH03XOYg@BSJKga zUTDPTZ2NlWg_h+4Yx64V+#dMQFWy?42H~S3i`2iAXNWXMv5|Cw7fSd zZyQ}{m+}ulS;&I8M(Ml%s3k|&*|Mc0tUz@{Y2-m84Yjxt30>&>>!NgAHFgfbX{ESoezp7;d{hx(PGceOiA`3>}76 z64^+r-5kpSbjk*u$2|NQKhr{A_{3YpiO7Rr{|hde)i-@-qnV-MyJMOZ2x}8Sl|@5- zf=1HZp_qo`yGEb7ijDsH8?6*{V}uQDrD}8UioycUO03B^7;2AlK>a6D+8AH$`E7dV zYj$bD(HSL(Ci_t8Ai@;)d@apiu5|P!YhPQW}G-)7=l>b z=>OA8h)Z${x+pFrnK&aTQqsk!O5CHCscW%CM_8GKDCy~3U5Jk&Jt(Ydh3qqg;j6)+ZUT!e)Ha7KnQV=MEU^NC*5 zw87)L6qQ0aFgguM6iMYB`%--`POS@(C|6hO#b&Y$=bB8yFCXY36n&+;G`fEoH@;o;a<>sV3kR5kwyTX`;X2=mG;(%?KFLQcmm z7puMihBMRtu5ehdk{O07xnwXqdmfI?BMV!{92$e^-ea*GlUVa{P`9+%lDsY(c1gEy zK1ZafY26Q-*b|EUGSdg6N3nyXXy`ME+CC|lAE=2Tx?Y)Q_|a;=E^l$S?c~^i!iY; zIIKbd;o07h!QO%U>n7WWBDmUMsD-V7y}7{-rB%neI6OA?XKZfn$osjwe1Ny>8_G+D zL_a%#2o5F1AJ!~fnds(5zTHsanUnm>#}c5PpZBtsT_NpYagV;sB|V@MO;+N-o~CAH ztxnekYoAK1nX~10d&4-&iMTV(5a!pRvmR!3f%gV+hNJF5<8C2^qxQQ1A=yp8=4px} z?KWJ`K%IJEvF&;dVlStXEet)VB+Dexk$HtIgVm$z>zUhGXF$D=o`g?tnMX>~_c%;< zR;2(#I+=%&6RFIL!E+iL-!QlFF_cpIQ&RRCTy)XOamPlV%>T9=?@+j_-zY{Wg+`e0u_ABYkdck}zcP9Eml z%GBL6#fDVai94Bw_LV4Vuy14}*R)?|WCP;hVQluRE$J_tv3V_s6K$5rmvG&V9A%(* z*p!%&$Vlp~U{P}a<%E4a{EH!q;VD{McBS3k{OsOO^%p7l6!9P@2#H(N50Ri@a3`u9 z-Pso{8kaQOcgttxQ1sCb%oIsM2o4Y)<)Ak9!#_WwlN-^mvR;YHVRnoeDRn3weZWl{ zAyX~nZn5g5a~NZ0>7Mbj+T|^ME?f|uCZpw|_j#=BOpA{#$N;@P!l@<$GCWC7J{Jyc zLZ-G`a~4L@XtU9>bz%Ed{AfR^lhLVvY&4AZ7uA_I34X0UmgJmtBvii`yY;+O%(yS_ zmPdi!V|#yGh~p=6!>Fw;`YO3G*BK(yc@FMQ?$icfR-UVU>sBAEeY+tcm&FQM-NIJZn5`Q+QfmC+2lF6e z=qmy#pwUL478Fa9#Z9bDthxrdXP}=aE3O@_3M(QJP}a$}A+YfS?#J7S#zi+>(F8|4 zX?andO(%82KeJAtK=s;xeMheDoP;8T6E%^1OKuQRqCPL%O>^owUJ-nAC>aISa##z2b=X|J67$i|{{NMKl*%8xi)Vdp{K{2+5z>l@P0C)ag29BEd??Mt@MvzMe0CE?7$b6G5zXe;QMm!WOImQ5uL zkDjE}ZaubGl!1qJZ7GHD9=@oZwa|(sJL}k=>SyTeOkNos3@XMcroK-kTUv_yuP=q0 zl;M%EDn9hCaHQv`>tnsQt((6BZ!NoC4;s*c<6z%;z_`~7<4b{|CO$WBBl~*-N6`_u zD#I)_>Zz57ukQc(UoT1tQPZuZH>TYS+fjeO%z8inAW03|hCL(8SF3%MwSB66DMvfW zvLG|_|M^T^Q~%dzQY8Ud11+lzUnz+S&~O{@<8TD0ftM{VEV9vTU~*q8{{4doF3Uc# zhcyVwATH2^CeV=RI@h|SFxz&@^`yG5IUYGivSxDosB)s3cSGYZN39g*b-7LTl)ldD ztG*oelwxJF(Bl}!Ug!i!Bgo65`SC!XW1dET+sA_aszpq_nu;2w+)W{3rLI9u4Fp0d z+D610{E8WtXIg>{OKWj*Az?kke&F3_*LKqBL6y6lt+=0Y;PHMf_5S)(Lyg$B96%E- zW=m)<$8J0O&u72cQMVk)3o#upIfb^iMZNVQ>eO644oG+9>Fj;oLUG4YbLHx+W~kjW zx^2wFZAsHD3gVtqrTgjzZy8i4QJnuOBA5eDIuB2efw*jcT0}gsHUXGdIXKVJx`+lG zXbDt`1@7$mJ2Q^}1;pMCk^f>%J{lBe2K{0h`ss>&`m^gLVxjA^xgAXXT;_uADOPw+ zzo*d8>XlW(P&BaqVL@$WK|p&pjTLsVT643o0Ma~LM-=3?fH|ncrff23SJvIO-2k7+ zX8=pqdckH%p3)D)VQ!G!DQF!Tj1}(!-t`AYdu7vJuqf3{GUeO!FvUapx!wV zltp@f-dR0A4%>5%`0@J$=xzP|g47=I7MQ3ay*LE6OUx|(Uu$QB9yY}Mgz{~EANV~F zd>W7}p#$SX8v|Wx-$P^n3NJOtA=WSv5_3>zZ&B&QzDZzOsDuz=9RH2m~ zJn_YsdIkSEm&*oa=f(->W71YvFjPykimVhK#TzOC7c&i}e3FY|jVi27#KmY{Q$7xg z9tLtAs!-C$N2+;^IMgZW?h4XqL>k-o1m;yL>Ky~=iT|W4w(q>BzZ@19NQGQd)Cfx& z>eX4>a;D+P;j31v>DU3J zWBd5WI^C^!j@DEX`PmgI=aAXbbRtOUNL(&p7U^4J*<#F5^-hu45yrXT-t6;-gAuqi z?>^oi-JT~5N|^>BawY(Ryn?Sr&n#aAAq9YntW-85CQM~@Rk%76xszLfg~$}z^%?P( z>Gj9H+xz4|N)^)d0RpoEb#95Y4nuheifit`+|2LZ@U5oW_oCp^VnIw;em?AEakO{UtyNQ zxGIB6T_O*OqMZ-`=?{4{?Z2&JDwSV9l^~qh$+(+V64?{NjM0qyx06?3710%_x9%4a z;o7nD6G)ygGszOD0QN)J3CBXD$1d3K1!X_i^jgZyYof_T3CbmvsGE!mn|@A^ShN_i zhhSA?XjXw|X4Ba3%haU*H93(qQWejix;3lK3bIC%v@LLqB}MuN`I~0ENeKo=RxpML zWt*88_F40nm^8Rz23Zi4oe*$*_PfwphR00MaxH4S$h!5li`M(I=DKxzO>8it{(ZPI zwyXq9GNbE=^(iN31d8RVc5e&sp-!gS?IpKE!2fX5%qpseHZMk+f-7&beO24o%WkEX zuy(FAVX-U<_dppz5T7xWh9j^^i+qYf+Y0X=W<6dVEu~qg;wX($zCBm+$*J!S+CrH5 z6i`T~HiC1b48uYzUBz3`1hXV^cM6rauvj- z#M0V`jYvwirRa&=r{vy$^q56kg>jh-QV~wKueiU9T+vp|EAX3isOZM1+as9v{u5?4 zw>ID9+$L*#?q=sU$N>CRS2_=@DjZ@hfHx}Epf?p`1jz@stXyqDfj&`#VOi)LeP&5x zdpaTr`SS%W9_o0jjaU}V-pvj4KI{6IV9cmHQ&$3yj3RJXyy5dau3fF~HQ@VFw*n#T z+{jxr4V?0bzVbRjaJ60u?v#qU4boJ(Nh;J$TxTAh`mq$+%u47I+$YD4o?dR#Nt1`} zi;)>Y3_*5i_(`pH4X^!F8MF*W!DajcQcb^S!Hi_0N~hcRiG$rWBuR1t2S7pOiaU5w zs^O1tv^o7+kLm0R+L21%PddB$o9J4MMRJ;Bx~yJ5;$-k7{75r(oJcdB?=Z2YF3S#> zd8}T{GHc&_XcO7`xVKO1OpxHVPA>}t*;k<$=Q*_do=>c_*#J_2n- zG7iv51nh3%R(NSHq-LRF8<4sQAeP`QY|Ok*=0+a1tjxTjVq7Sb!BUvhLgaOo)>xET~-m{E1cY77_$z1+`98|0=3zakHdwOv>@C}b;DLIm$2r`WsgoNJ-X z>m!$+A{{X!wc-*KFt6F384t0<$AnHB90Sd?lr%4OyQ5K@&xRS@&C}l_j|)HEwm^dk z<{qC)x(7?UP4v@lVrkE&YD4;S<%r5LQvK3a=4jYT@`S*!*4oI#4u3#u9_a}OetH}m z2@^4TgnvIBS`7Jc=`3W`K<07jF68wgu%_q&#)5%}D8Q;&NPeX~DT^EGf`*AbR1I28`iUT3?vxmAgj&QNTH~-Ps+>m>5_(@!1raIC_Dp=feelgZYU;qUbTk^Mg&!P z;IABB?q0t^H~@JAN|ev^s}@4yHP8y$7|dhnYuJN>N|Mcu(8gE~p|vXaK&A%D$OxEO zb%(Lecl8gg?2XbGWv89iJl|Dp44T=Fw7p*%o`4QxLg^btD8uqqb3a0Rnt^MlXjn7S z{rG_9SXLq6*PfZ)Wo57&Wxvr0q*v`s#)(WJ2077}NUr{Ys+@LgUTe(gBzUd61Lfys z9p}ZYRAKS1T;jGznK>B-$5GL5;2L3MT2d|nFL^i!s9#9{&{}zIko7BU%TKqb7sF)7V{iWs*-ZWvSDVV$u@}-^vyv3@#cN zcvwC6(3eia(aY|ct5L__N8`j!$7cOjpA)0PkUnt|IYL9t7HgHsVYi3AxRi4Liu*US z%+`97?|q?Dh%K#+)N>I{Za(!QjKsdDD8IdxKKSwe%)oF@WX2HHN25eckxD7IriVF<+hIa1T2$|abUXV@~7An*- z6H_KV-()~UTbuQ+mBF5m?#0j+W#cRu0hCDx!41N8QapCU?&E=q(Z;n!i$5>)r;M3J zI)JmPpJ4K-7CQjwM;)6`Ap%?OeiK`j5GIGFYiMZy@~aBawu5}eWIfKrZr2W^sh+)~ zah2hmUqEIa6d-OQ%}8t~&y`*T8(R~JqQT9;l5HtEC;gXKEk>n2Qi^pphq;JN9k^-^Ya(+7eq~&0pV1|20Le>|euO6Jx=cmEUulbFo1Fqj zuP$mQ@49YD^s|6+aq+8Ir~Plb7*^Pd6o!4&5P8@wPIZ%H!>;&GgG1^rUo1{1%Qy6| zm2aVoLUk3%93tgXiOW_S3)Y=of5l-N;hyGYnf$StM+5&_`=<*9-OXcM<=?6J>N@At zg(Gig{luUuD(&aJudm?GeZN>d$`luBZ||?(o%|JTI#jA|P1cV;7zMtK{2jU3vG4zN z$TxEK48j95!c%NLx<4vva^#S|E!HrDJVWY8mB%11*vm=uY@n`6OrtSeT6;SEOj;U= zvN zO%SiG-L!2_=k$7Ox3=wgx;NOZJ)>WcJ7^GVZsm7> zYAyIxKN&1g8!Gs~W921{dYE|6qb_5^<%iW5!X;(p-8ouhv0u$ty{6G1Go^Ei=Ly&z zHs1vI-(IL<@rrSv#WeW^#$L6s6${p_L#tbAAnjxIv*h3}u6kqctlCzIyD+CWlb8%? zTk;4rNLdk%OnZxbnuS(hs~o*C3+*mc(vwsJ;(qEq&95`FbPAMv}^9Qj*?^Jw;V>lS!oaHNXySR(D29Sjb_Xrhf=DyF~Rw z*u6_jkiP)hlxq~UUQpm3lV(p7Yg`GCj5jj))-&A#Ob#t(d@Ym)tP%mv_kD9p3itLM z4X#-4UHNOj>UE8_n?So}7=^2bCF`gQqf;`z`bGiosVi1RvWI<%sse@0l8-?E=arvz z+U<4kUJzfN%8k9mVgIJDOk~HDGi4@hpg(0Xy#xogInKtO#l>fukI|hl) zv|)o|+qP}nwr!hdc*eGE+qP}nwsB@==Xt-a-L1`!Bz1RENmVM{=}Un?j9R)@i94+k zl=k4**2gKsGp_(FukFw!uoaxhYIj2aR(ZaZs^f+dHKIV6LNssri;?9hvJ5J;_%y@j zY+c?<3C9=m^+ZJ@1UT3WZJ}ZHOc_oYf&+@W<1%e-6h$!@RT%a|faroFpd*a;P?1z| zi{fSF5tRGmKy#Zrz`Ruy6X$qp^ zIG;{HLBWePWT~oR%0%kKa=9h=eC&zZPmCANgW~*7oS5ArgwfB5RT>?`jA>X|uRA)n zYG#{3Ik@o6k@^zcPTx@1raGp3c)->X+_LP$HmTJQ6Nlhzw-wIhuO`;F-W9py@~4CY zbqb&(^0(ildqZ+9A^O``e6NFm69oVloh(6MVI$+rbl*>MSz3BCA>#h<;k=w2`v;v{ z#i%-5Zwp4|ON-1j(G*!ODTp~2Hk29}IS*vvptJN*2KEE6EWx+&=ueNs9>b^u+mz1i_R zD!=@w8DXlR<1#w3So#8Iw1|^)DtsqxPa_=vo*?-Fr&Kq2N`8WLTc-2~M|a`*Nir*E z#>}m^A>)=@hI=6{jJEDYXBlM77D$y5kC1FUb`8>ep6riw+uQ9ETqLjvO(b%_n)bkP zV)NlVuc|yg4b_Z%MGHv;vfoYY@5Kp|GDEUX0gjLH!e=8<$NqInIa z>j^iO6v$~pk6|)bXLV?soieXw;4?z}Hzw(KZ`I)K6TYK8&oi1!eC)uO$A zeXrRrLY9whrU2IUJ2gyjf@UnO0QTLkkRP~-?xm{^M;N2CN~{{g+5vvjJ-?T|QK^9Q zO!lt?v7l3g5-vdlnr``MT_MUNLOKsm$nsuN)L~q~VzlBDWsjv(H2BSs(MS!}wgb0c zL|E)hqNU%u5UFXojBFhCXrX*{0;)S&59M|Q?@P-NwWcH4zZp+nQw-Pi7f`E zV#a>_yFF*D-pONHtI%qp=IHxt#CYO$Qv5})d`ZFw$7F8p>#*kTr|5rl&Itk1xPBHi zC3=Skz#Fm@af0w8ie=L^z+333gS~|rTb6E)3Ks5)=I#n+{7R~B_M$C=I|=c8arAie zJ4m__g!(Gi)vB#(TO2BTJt>*Qc3FV!2nzG3swEs5?HLjHM|^{ro#+MaE$OB~$t}Ej2a*8yEJfiYE4|SU9NHf14`? zC-9**>_8Y;KEITQYdG)3U~LU!xd^Ed0$StjUR<@Us#zsb05`J?GaPVm)_t z&qjnQ>MP@LwDGE}yZ!X-1do%QTddIcn}U(xfZ4QDBB)HHZ5fL4XV7!@r3Z=hX9&y))wk!V%1Y@R?#G)E34V2hiu&W;sH%}qh=M?l=|Z5H-xPi%8jnOs{q zl1D207;$bFj6ZDVVZbKVVZda=_NJyFwzPtVH!o!nGlTv!W0Wy@(%=QmLVkAdJ#3la2DLD zguUIdB%er7`-ZB0D5zJ-C7-lLHSE7X6p*FKk=avKd;oybr}Hn2k-%+LPN;QGp|{s5 zJ67~p!gacVVODIxhX`NX;Tr=LH7?EGX0|v5yTig`825E1t3^9{gxO3% z&PW7W?u5QQrJAysABP{I-=_-Odx-Tnu`H~fA zv@3C9aN4Z|_C(!$faHp2UBe89oZ=#^T<#rZdj44^uAV4f zeK_R(qV@k(@M!c?UMPOCDdMO8+q84s^NOq3LvMZrB>o`Mm2}D=u@ts%815U&2Nr~( z9MwY-fEudFLe{e0uzP)!Qa>VnkT_apqONgvRRyt-&q&L{P?R|;E_kS!9%%Vfaf7=| z-P(f6#0)~Q{haA`CvS!{0JG;ILh+ERiNdp;i@f=*vWb&o$AGx+N7z$-E5@2BKC9Gn zY#vmAEz+-?J7zxz`|{QZ`Q|PnX{;k1^y_BR>V{nWB%w$kXErgw=1JZIfD=BdgvQQE z*XB+-ud<`9I<=BpZ&pPghX<0#k&|j0UN$JO%>Y8S+8$>NyXB~+C@*rQj=+-9*P{>4Y=8Us#a+tWP-d~Ap$fY1yMmNd zjP0Zy2_Pru-!(lsjq!JA{G#*~F&NkR`%`N>awiZP=Lklag)(QL_AG6WDyyNcKmw<{7yVy1k_5<7CJr%q;8MruiDLEP#UTFjt_8rZ)M_fPIj<&a_QQfx~FrWR0-Odv#d z4Uvf8e8dfo^He4}{Q|n3!7?MhvV@7Lq^$XO$sEE&BZf!$vVP{v(GX%txLBR@R*qq%ILC?+ZM&H_@^c3S2R&8UbL{ zK~&c~z@l;0Jvb;yQCX9h`==-&ghy+@YvPFL2gJ>-h^hWK55mq}MQ6SPEFLav8mCEb z;h|+F{n7eCvht~nO5F0e1pwRO>-8dQW9;am>4`IUWzXKFzY?h1C8W@4SG@pQkVgr+IP@aq{b@#lvEw5Rr1lpf*Yz0mhi}o!{{gyK6D2F z3TN(pO60h?hE?>8Xe2YPA>>_bA&nRawZmG zGR@1qBF6@4pL?YeTb<^)`tW>7RtMzfezUCf^0CL}{Bk_}WYM>|K0Tzi)#pYZ@1>3{ zb!7a1zptn-w;OXNt0X)5YW7a4DlJ>`AF_!&lWUhMs=bFR?K!VWS5zvg0K_z*HE; z^?AQm!!=O!ecK)V^Ln@bygZV$3ZRl5cgA;zR8=n*hW}epwAI;|Zec+pwl5%(rg=;S zGafBx36$iNjwP~a;W}i9az=<WXg(Pw-ix*+%(z2xDY zjSI5e(A2zrsftairbHm*lf3A1HXP+0-KjDo9}GKOmzXYtuT-AgmPB^1LhvHt5=a4# z;$ecfzpK1fF5NLjH9)#bQ(LpVvESgPaHok9&L;RvbX7QOsF09m7~6&Ai4QP@Gw9n% zdWMujk|)`|pMimD!_1Dxc|uRck0M937(|Ua5yTT29Ny2{mHe_-TKdQFDd)le8zyM8Rtp8{uAwjMRIl*Qw8FLk=BkCU?g>90z|TGLun za0gwo+>se}hbHKO4R47a(x}TrIwdZQ^p+90M_SUhN;%DZc%Jn#gxIJ1JFp#HPX>Vp zkJ9FJO<1jwJnfnoaAh9_-O1QSBbZVRDhe9Epb}z)zgXNZSU}s3&8wZatu%9E4AtE| zJ;7(@yTTE z{1gkfKdVhFL+08FY6`7?2Wd&FN6Sb>kv!A8$f^c#hOvZUa{45zMq&N7x0Us}(&%A% z{b|%T(nf-AvF@dp9$={%ZaUetA-$VWY9n8jyAQZ^dW));XHQkOZB0IOLe2(u*0 z9EBzBdqNd$)2wun>{7O5&*HIMmimQ=IC-%Wt5?X7#>BJ~E^Wfvv^l!#UUz$=7KOV< zcrrq-%glU7wyUliRn=8iuBL_zjn4~!84REYysC2fR(om_+-}?*q&Ny#di(|`=A6#Z z=+==#L`?-53a;q2Qo`F~u-ak*{vnGGOqbMucmwf&xLYA-uN~T8zhW1L*Gg$41o1H) z*tl7Kzs&HB#u=HvNVP7X)Ae@dww_nNpKYEB4vf9oE98DVgX8N6jJ2zW`ET=oDq6MR z_}l&B?5}or^FAPa9b&z`aPYc?U#YQ7KRS6f$w z!Fb|NOs+$!elh5Co+m)zAc7+&mIUqQZ~{!ZS&}MGzoQs2xj|(IbgGxyMa=QE&c$R# zSG4kMmzDmZi#!T%G$?vC276?XAVM7Hi$R<(cwU#NizJdmBn1#lxC_-K`6zm+xO(Z{ z(b>h>W#Qx^c?2T7;t+V~VG|78XyD-e=!t`kgj8pz<4q7-v7oFKE{SS{QuV&vTUAx! zcqJFDfEaQ0HD8Hzb`_tVpFz^lDM_DRuqMrJi!OU;4y9HfwoI8)47k)2sHBdE;mGk{ z-|U+JC;dv%LdLeP5y#;}WRyIpYstm1A?=w6C1`Mbza?YM%zYGb;ULnmnEPsMDd zFGMZ|IJt&pq|`tkscjIqKnhuV()qCo4id}WhO21QY#9$B#a13DX_~*9scLmjcE^NC zd7ii50p@>eTBaK?-F;yd8YtpJfvZef<+!U!_Y8s!0yiWAX3Y9Bns|L+{mxn zO0a3#1aCy%N&p`kyWK3-7k{ohp0@ENj5&ml?bYOKe&yJZ# zmtDaI?K+01VkMFFYtJ9rNnSmG(g^qtXnc%l7NGd^uu2|SyzqS4ucVn?9ejX|ljpIl za%}9i7-5%LwDP^kAxjuDa}lCd-8>0!u+Jfgzp*`!dr6^D@)F^IpHs{p@Df`sYMf zK&5=Ov_GAvXLBlByhBSgW72tn^O_@ygAGAml}a>JCa*c*S`kyn%@GwDx5*kn3?N`f zhzDI;7y*$Va>3%Z-ni`wIZ(b7nmM#A5uio?)b0h34jwKE-os6 z4S!w<$QWQp07t?H)kLcfE&)t5){doq!ugb{7j7ahb3$r~;= zs>77_?mc1O0&-)W)q0^C zG`tEG9J=m7ZW_hz6g(B6Cg3rvrbWqY?dV<6JnDL(5-obaA2op`>&VN z12-Bc`>$h?4E*mh8el}0$^H^G(nK!T%CkF7@=I+rgiR7Q)H(s_?4x{0nI+tD z(sE#(CXlL9cj7$)>0+t0G0S;VsE!?Y_tQX#mG|@G1wJD?rvLi3(yU*KpyPcUXv(;K zXmv%yI9v=hMeZU{$2a^!I^)2DC!z0>DJdsxr?E?n5qft%ay<{LP_;VS)C@O z&&v_`Ltkzn7C2@GP&?J+@%wf<)#bsXcMAP{I5rya;?SN=EeFVD(Voq02i)M$odplE z=E*CauhPDDol382?>-j)-%^az|3x`k)3e=fd##FcwtU`|)~g?T4EI|+V+4nMqM&gx zPT+$l{xfgUtPWlNI(n*awxR8Np2&!Z*$riLQy9|1hmBYpEeX4x%6KuC=B~+v<8WRj z>uk)A>2^IF+|rnZA2;9xF;wpfa@k1<{LRGF6m?jtmugl_1}oF&YyK5uK<-B=WAqjj z2^nTwUaz`svt+>lA^(UoSuo|)TKld3=U3NBPpR8NS8iou&iAw?66wbTht_c48b(2m zcvspP0Hu31d5FcAh*QxmTIPe8OWQzL8((3&co1td3n|-0Kw*@l_+V#p?K>9L;>=u1 zO41x;MI2`BM%zVqUK*!R1nr?`x-^ER247@7nd>IblZG)e-PMXd#OETLPlCtFw2;z{ zDxkcsk4R3uZ!BjxvU?;%I!wUjk+m7Inw9)?dUv zGv{y^@DW!YGImB~F3u%|d#WGtSEXU{sdh3TO=VKXTWg+5YHmwQZveXZ#JCdBFT~ZT zuKkL3H}C=DnVSp)=fZvv;5WuQGoJ(Qj_)LEa(jAZHRS-pnsoRL)7*!^i1FKp0Kk8N zINLI2?*&xuc!NLcT)GiAkV<9U#{kb%wRfc*d)-(rEgB4}WtqNo;$=9FADzxvxCXev z5Vw{h7vizNuVS*m2U~GA;00f4oE!zdT-V{_TXCM_gAwm@0D%$rdmJ4^oYUd!AGSG7Sgl4bom zt-1%I%}v1G<+*~u7r25n2!9Qeu&+1XQaG%|y3c!G>}Ml_7b4`bWJ2D1g_QSa?p1XI z$lf0~w}7I1X@gRv+m#v=?&xuUq&Dn55N11HX(Q{9su$szm(X{-RM{uLS$u$FpQ1B* z>tIt&ZwL^Mu{ZQRaQ;D8wjr@9io0BEL{}~Y!zsqX1>$>i@#k&x^S-h6mmRnC`ZqlL z*Xsix`Tg+mmr3`s|9;zSG?&l)e%j8oubGkmJ2JcTgF?FB{BilUm^*hq8zYdz`*}f6 zi#wT3@_%@9kx;+IBF?6QE}gPaJ>!w*9%1#ja}QI!B6y*D1+3NM8YTMRKZ252iMe8;!U76k;Ho*p;K5k zy3t*t_dhw?ak*5rQNNzrU&Niu$)`Sp4LwUm}+$wt1_m_ z|37qvE3T%vw)l3`PW_3zwH}sSXX?M1eH`&eX;Lxnv4>`qBPMW4^1EMaT#!%)%Ymm9 zat&exV8>yY7=y&|&wswSJ*QjDHr+jeEA1wbI3fnofTf`%2t9=5h%WOj8=&@jLl6aw z$79HnJuxc~Ho>qwzHUNwZv9qUim-ELIF(xF#Mr2`E?t6%EAL^Z-1=y_%9%Ls(GU`TZDfs)4H(QeV@y)(;vUV(N zFKjH_DA+s>P^f#cU3bHD)CaOKG?KJvCCj`xGtRQrhYmPu^h!{TewEuIQ?P8->AcDo zOdhjnW)0O#7*El{-V|s3y7=HbxKK$51BnC)s>(<;W-tSUxJ^$Xn^g7yi31BUtnN!5 zBoB&{2k{Yi`(TCuXBIhZJglClx-c-&XSz36oLv_ z&GKOe=QaTK2O!WCkcZ%7PjG{yR+i77`d9iX$3wLOj&D_kne7Ij!W3Ti&d=TKY;MZv zs(T9KNh-;lEB^H@Mv;O}#CQO30PPE#m(Cw3`ksuT!0D7@NKNg``V0`b-(}|0MYuWH z+sEl1tax;92x3ZiY>7SN5?hDTnVqt6id^RjUc`cRMnp-*8^qJP)vd089oRW||14=z zO(lH2CImyhaEp7T?J25HiG`bF&2Pc8a+;pYKnq{ct{^5BAj$J5-YOVaGFyd89}dVb zUxw3yq_sP-1CMcwJgj#}Y(#u$u(huIUlo=_H2r(1lz-HWU9f1pVY>wu79}3;Ar^Kx ze@l#F^C8T5VPUv-!71me7xnA{7W#&t1%~Du*ySmC+I|yaC%ybECnpfP%GeL5SKmWI zLeXOgk*{Fz$7H_)Ho7A}TB9eLD@3@OE9nJG8d{)IUL4Ar%n2X4A5&n)-uMxLnGmn4 zo)e%QB0&<(QuG{mYCn%D?T|b}b^3!@^fi52WsD$$Af<$AL}n3rf1W^P8inhSnnXnJ zI9C!M5i+S*P~qt4^(}5AJ~}&I$_qmB)g4OUByl3f2vvY03eqfJ#zJ1lfU}0g%Kh#` ziCXFPUl{~U4nUkl)ex;-Ok;E7v^+`Z;?#di2e4B`PX<%9THR$uOCdq7AUCT?m)827 zW(?r7H*+uRihk)ZE>;>m+~l)OI1Pg;RQbUPHqbfcyE)h7NwU>?QLmmD&ij^NoV|CR z;Y3JqSq#>|CV946zd=w@^PW+b*Yl90@>Lre1NC}kE8AqXY$;4#f`CSPAd8w0*zXTT z-_jWclS=P?&B*JQU0}Jz>>RQNC6K)z6hxOi4I5r@^5`NTu7X#f$fm@>=imvToh@Iq zn1aL7azO@fEhvO-UP+Pc81(sYPCiPdZM0SLkKy%PplT88g73O9N;+UFU)G`i=h6?| zA1zJ_yMxu^!0f3O0FdbmY7B{0LKf<7Y5Z_QhyA3pzG~|B}xa7-6*e) z6(D#LttW;_Q7*~d$VfFnQ7(I!IW_y0ZyN-0t|KjnV->(?R~bPm<4k4N`U+WUH6H?* zj>jqY7!tt5ZL~B!m?pF^)=CI^#~6t2G^w~%8LT>FNTR?=6 z8tv)w{A@^FJA&*GHh1<2X+kj@?cBr`TLLR@<^R5R?tXFqxnJ)6`O%}-``i5IYkB%| zRloA*b5S}@$iE3t!Z-h@!;GR}T!rYv+)Rw!dLUEq{91=|z-G-T0>p@uj0=cioI+eD zjYSNX!mglYO603>gUb`?DA;@2|4ER`W!*sNivDC43()p;2Y@OsJQ)Xj@2qLY8!#oE z!4BCd9@2!7FePm+D9!?UD%HdXvKO4sn8e4Sj)plQ9UuM`{hsz$SVML_+{-Xr-a}i zPkuxWW|4Xjiuo1p^1)D$ibwVF900v({B?wg^L{pOy2JO*R=1b;$>rW_O05vrY-G2r zj3}LV{Pz(L%pt;-Q$9OZlI}@vE@BdhNlJBXL=4)x3A4@|6|O^iA&scEZIgglad+q? zHD(5^>GwSBe%t2lU#-eY-SCqCiqXX$ZjF%j?frdnb#U_U^RclqfANr)n@ZfYiRd@! zHfLUtdt-5%34wynLVDCo;|+SB*Vn*5fHrg(cZ1EV&f{w>U+>C~Y+ z{fwjtF!Oz(?{Vlo!Q2A<2|9Q#2OlVl&L;*&gzXDROr0y)-j#GILXY!LeZNA)?FSQn znO>nP;63J;8tt1>(K>12JIH|zDKcl-Atd) ze%fP>sL>LBEnm!ewLyqR>~_;32{lvVwBDyNr^ewjRv+vTX4fz#nl=IFt~RStl|6FJ zoI-328inUmqN?r`WGRKe47`DG4|+!w(86+CXw*o@>hM5{4#u|T>FSdEJ(^QiR#Jby z-R}Bp=48iqh3PqMxm^{n?fK%$K+PT;!{f(cY89rt3E}5t&TQtJj#3Hx2r<%tQWYZN zNg0f-5s)&1`V>{GZ&S(EO9 zt2>rBTx{l0$aDnvAmh7LhR1yS`u1ewFt8*S!ssOp|n$A&GMY z_m3~?sw=r#o{DCe6ie`yF0o(Up$T2=Im1Z%BbR+oM__$lM5YqL&flN&S z0S(j{oCEJ({m-vs7nynVGv6%K?E)9cw+xb%aJ6Z`W1O;e4|e6gix1D{9l=klPJoe1 za(7jnQL{M}(1VCc1T%!2RQ$hx0zz@JTXy`0vSsLKjjpjGYb~m(M-K>qovNeKFWrPZ zud+xZskqE4t>uB}bt-v=YL%n~=;`(%1&-T?B?^0#7PA*_f9gD8Kh)v&mwN?I64`rE zYzhTW5=h2i_7RlLHJ|3||8g$40`zq(^?k8`M5f56C7h88v0H(;XPxHJxGxoIEqz@r zN*H=T^QbW3^<5_=j6g*KC+cH81{|Iz4zqfo8X0W=m_D^kvfphyr;=ZxpeZQ8q;+uh zt?mKl5Ea=YWqTHTvWSodzk_wXUrCl$iRP5Vxd?5Q0Fd?jeoGz~<{$x->DQA%+Q&}n zzh;%9kmM~j_JmU=2(kP~Cp#^!;Cx(PtCWba&e-DR1fxy}pl<8IK>LgxK*Y}!hOmu( zr#WRNaougd?M$}5Ssg>EU*Jlh!gsZno{|8Set1cobOwKWPTpha4%#OIfe%)pr-N^h zV|`lGq!eZtuGd;qy)4v(&0Mbg-)g7aoYh8c(2TX}C;h(?_Q1>(qI-@etTnG{e~UqW z_99b!sOZ=8$`&-_bfi+ARht_2wa@S?%&7)W9*`aa>*%}_3Mv1*9D)~KovxE1q-SWm zEQeUd^Jip)62w&eWI27VzLW$A+Gc8r>=z37;z-Dp3+v*tiwo)Wq-j~-E}`Q0yH)TV1nt>cfvmG%p6qqJ&0LdZ;uaj zUEk6!2wI0uz$-zEGf-8AZZr{ z*t#{B)S!hGsFKFFCTD|dlufRLPVm2ggBP~nLbP%KMNw$+nJ&d+wmT){<`^_Ife$#H z3Oy#Bl{$)4J)@XR^CpW?x(UeNDf0`$KCoZ=`ad2>Us}`Ng5f&LLDuhMKGzW?dQxNE zGz7?|h=&7hcHT_f3})aXSAA)?7~RUVa8c|2jNA+#x&PaQ)G<2`Wt+PhG~sRkdE})H zpG?~1;^$}O<5V!L73Z(Tf^FAXETY`E8iJf`jxCER{!lm}MJEU)njhC{F+yX>a%${T5w0QLH+i>yM(?u+_I=9lkTohu*Yg`Zb zIQCy|<^eJYZ_M{L=BG9&I~sfXSv{qVTjWaQtaTH!wJCg1UURiRQ6sJ1;JG;YURNu8 zKwc7%v?H;nucLmoo3@K0V(b|vSs&LU)rwU zjwW|+IWFC%Z$_@Zz_CendS5J$6jqrbIfTEb&8;PLrqXMb*di_(%kS@yhtP=_6oPzJo=!(!;XVdT@6JVZ_Cy|I1Y!k~OuCy0L~B<cH@S~)f^^?)2>4EU+dYFw!|cACBMDR-m`hwq?w0zj3ne<8B1!Ba!b zq;nwl)s=dHOeTG?B#kVEqyq7b|4jNr6$(-_SCH{XF;ucEBSAVO*v|hQ;~!OQfAad* zjbPu97edtwjuX;M>a$GRuN1Xe z-luHI_?A&U$5bNeBi|0qbq%cqFQKNyM`tjDVjn6m6eNGi?~$7G-JgDgs1otPulFJj zZMveqxu@voMLK*9Z7#ZjD~)4F3r{Jz3**4F#8-ihhFIn|ozj}`;<_<3fN&<60}2y} z9Nk{Q6Gjd~z=N>m{{RA;Lc*haAaP8SLPfLN{t(q8=@Jp=bkqx-t%0cBm}%57t?GyZ z@6{Tvjk>UmHDc}VRgV7Jf;zRKAlM2U7#fd}=Z8fx1gkg!_<#_^K0 z5CGxy`e_2r1T2YI+yQ+!jp4RnS;+Kqu#$VypFD&DX-m+=U|*N0DwAu%NDyNys?BVS z<}HB(%bCTh(MpSh{|6A5wf%nqfefkK9A_sGy0W+*=NG?YQc}rNSkZq0P|vA>`)YxI zEv7Csmk3EVnurxk`6+)iv0wT@}gqOC_pVJ5duot2>7c39&cSI61NB`{gYkEe?pw{o6ayAr=;VO z;r9y02?S2&)K_Ujv|)v+3jem4UxSsrpv0OASQA&qQc?c{2R+X9t-Z5!(exE7Df|2L zLgR)Bg-dp0CwmxV7R&sn1bwM4|8zgczR*$OaN<^{~hU&Rp16{rdqki!EwVW9PBn(9Oh3%t)7OHX;dTDylRW! zN-zApL$Li^Ht!i6UPJ7aHTO?7#2(W`yId(XS?q^u_d&lQ7|7gEr+d^o-n@7IZv#Td z9FGKT+qn#MpVQ>K83;C~SfNmBLb;}7+rE%61S3apQ90Mc_Dh2^@p_N>jS`1DWmYFj z1-S-DW+w_)PP_Cz9t5DXdiD1yq}y^vCrZn2DIY!Vx4u>Ea8l|e$NIk$W^|!Ww zw~FuZU2n;aPMv{!+5vYLE&ABmu`?rwSoCuuhtACDkeHvQM2${}7@gxW@Ijp8)7m9u zW|`5$(<6suRE~Xb~Q_@1T`K55!#6FT7oG@WuuUvtb;w#>(UZseE$ zobU-b;}brLfGkaYm78^Bd@4_Wm7jd8)P$dmh@Yf?DnEC*6m;35C$3CPf!=vk2 zeo@bi3VjX7b>99GLR!$7!r_5;2y?qFOVXAy?^9Rac+pJPJ#}A#eYA?eU$X_&G+xNRk5qP6 zG6L@i)%r+8wQZ;8a%qyqHx;b!OG^U{EKcA_#UXRM8%-h4G+mdN5HT3f#zX3L2B@>M zVnlcx5twr;zyx+23XpJ_Q}?hV94}5-Nk|1`la#vL z_d3zFxwfhY%n7E{(M|{hp?vrSHFE-~F?Yk(7Ko!=cnzJ75~_T!K5+nB*|xb_tzL{+ z8Nh#-!wy~^pX&gDK0QrS1n;BYkC0q6sux#id5cRppa{^LzXKJMDTQ=&=%B>0>SmizRx?BZgG5j`wSW_N&sRUD7RI%&(%+y}3wR~}KA zk|KN`RlJ0Odtd28o%l7r-c&wCtXWs`s-c|nWuKQ+L%~fB#0WcWINs*;kglQry%Siu zCHGH__{Cu>mWOiHvoYhhOH1$eqfN@NGEe#p9_lZA_F7)|dh6S8na}{@N}uWMBq=MA>Lr=0T}2lvPP0I}Na$cyz}evKD$KWdY@4@p)LKwu;i}_>{+3`E_wZ zu!CYgN+ANQ7gQw+xTbKF7uDhgP-5#c7O1Hj06`GkCh(0VzJw-dFu6HHIiwLz0gQzgIVe8 z6V~cL;G99|EFu7os;x3pS)Pf`yL35}>J|=};NiVqJ)PVbSgYB=r@p?xbI7gZ!4uip za>tn9jjA6BVz6hUpUpoWc|!|(%e!7V$;6yHM*cbvIeAzxCIJDT)9Ji=?FQ^((K*W$ zQQ0?>E*tlZIRGt3TTXMy4tFzwPF}M5i?Ch}Uvz}}40gR;kmfzK0@Z^c0;)rFy``@H zJS~(5u+si(HjT&+VCoknbDhPSVgj&14FB3L*=E0ve!Y}%qhtI z2HRAGY0kfE%7y5!IHyF7Pg;HY_m_!Qp^k?G!$25a3U@G8a5)mwbs zFGwb1u=WbVNqzrtxZId!!4>fTTGehO?Mg*&*1H)ux_lN0VNC9z?+#H;Y#ngjjqn-W zUS{`AsJYLv=>o_eN*z8bmta(_eH)}7nkW87z&#-T9Q0cGS;F=Y{q5D>V~INkIyavt z$xFz+^Rn6V@V%!bzV+_pvjGH5(lf{C?)0_b-`Zk^`@bTHyAk%gBaFFG#Q~9aiaDyp z9fMXad%uVFw|9E$^llxGFgH(m6Qqc}y6~f(20A-`mGvXfu0I7G9kVzM_ulz9Ocq!_ z8$8DtKxX&j-!p8z`?9{)ls&fOxFEb8&9$jkK${;orpUNDGifP3vXf_bXrXLRuFa3n zERU|O53p88m)p3l9<`Ml7C?(|R)eM8o(1S2_9`3w2lGN49sFRld>`ZlH{@goG4W%)g_Xd;5i^$&DZwF&$SQ(aM= zkBuaGZW1Y&pH`F69*f<>tF-c<3LaYnwNw6n&6P91+z0%m=H5KjpV0$2%oJGRef!r4 zxWeO>Us7ZF=Iiuc<<$2;wH-eY)aM-MNP(QL$m*r%=^TJC6n+(QN=$UJhkaKI+49+5 zd%G{GT~~M>%DZx>GHD|uN<)=gLTUs7kxi^ce*f(d3sF~5NPKyd3s`&^MctzO=}hgO zHAckcN+;tG@ULF!vQ~_ws?lVXx(`gvOpSft_;I_Gv&ZMXx6N>gYWQryg+o_0ABF_` z%3b%@AG?HbT=jL@22p{RYW7nj@a!l!GLkkJ&NxfyeGUO}c+g|Iwn3|fTU`#g6yX7l zR-pY3S1Y8DBpM)QJw{?u1r05HC8F|VrK7)Ga>@$4qTyfCWAD7C=dN+RuCLxtKJ@bC z-|TI|+6vn)cJ&oxVFOX+DbTV*E}3d7FSu^a28=oA9tus`BTJRe2(oFMqk5}+#8HkJ zbcQ3u712Gch447`foiwwU?1M<1;HXhho4r`O4@rfB44t~_~z70;JpxMTWfI9JJ1j@>dMy zo7=V>H}5|?iqwgJXf3nEnUV`X2E#>C+bv=R;BFBVM3X^4 z(@0wHD{~nG`Z;g3TBs@0~D_d)n z((e|C-BkE*$A|-%maECgdK{cgoKQRT0Db0?dx2V+A$ox4wD2`lR9DFII<#zOJsG^} zMKF=fVe`I>*ZFod4zP3M2cSR>Ik`5n#zq5fdCgN_r3tCDjtQ7mew}mWPE@Vc@LunG z$ckK>M0H#$1>-OJ1?QMrC&PdcYij&4P55?6WgZB=6##ZJ(>+n@F=6X_q4ye<~Z^G zHN|1^$+BIPd-P+`jNyi)%hqSVQ(_ZR47m?M*mjgo3dvsLBAWXobR+R+H(_ZTVG9}8 z$~hz0zHu6zQliT*|-K&t}ULE8xMULP& zInGf0$*)(et!ft;=9YI6{v0t5=_=)AHQe&*)PT8ebsN1!qg8e1SjWsG>Tml8hrc^`LlWD*~&^P3J{@kcfwH-z145smw=L1*-1c<%`5!9R#8eLM@**F%9Fuu zFr2eMqypqew4-{_d3Ai_vJataW{G02_K2}^{&t$e2?q3}4|97z>;#bbE4N0_{jqUz zK8Uj4O6#D+)QVQrW0 zw}5i+4Z0zLNA7yIc$9(f=wu6i&&-1|`+jtJpis)a6bcVqb6A)tBLk|8T*&Rs!w>Ir zMB4}@_dn&7bl1~v@j9TWSkRH_<42FxiSuB#Og5{DOl=Au+2$)$YyV9{O3Qd$ ztrt{}X*W8@{h2c)DG#jywu;muHubIiH z8sgL_*Q(1NcY3(ZA0R5g*A?rDcKAP3E9T>WsTL;Meoe`Kq7&A%-@dWEiEED+itMZ8 zvQX_(U;Hoo?n<+M{26@s`Doy(l%YgEOPK1arOPbfjtJmDTW@1?4Rb6aJ%n55HIWQ~ z6yaEv2W(pDPhww8$^L`8Bnqnz!bb*E43(unI*RN)yA%)`58WB;Rv^}3X>Fr9@Aq0P zY7PHayorD<1k%bw67$$3JT?7ADA|{#AA^klwa4@IEZ-p9i9A*~w0Cp}FX?*_I+&tf zxD6Kbeazttl=>TX7Kk$UfLlN^zZ*13Bd!?feO{8y$+57TO| zO)>nri&vSOYY;kbN$uk~HHzArC;TzJ3Z9ahM3&8gaSczsppO))jrftzRAE+^{vO>| zC7KO2Z#2_BRiWF9pM@@%E+lvL(-DOwKZknxJq#rOXTELlRvW@0l@+mXpv7bou)X{P z@-%jZQ3!x#Oj!pCspZijx1bQa0w;CN;Q&?3nri@My@VknzkAs6f@3q%px~|_Ix~fE z!zY8+r&ic2j>H7B2G92YkG0C#5#>RKe+LPbO2yZ%7xiE&$rgevhf`rTF8@$Yycb>fWZr}J#m7hqj_0t@HhU^Y{uh>_hDPnvbrD^w@eTv|15*&$-ek0aX6A3R78Q zW-rgiZnExEoL~r=hCc~<)o54h8f1gvksC25hyy?xfg|mM(NSwuv^8G)<`RrH88ZFx z_6-~I?(OdeHGDT@TBBSf*$>NAaY$o*)(BH^{9>IP^+yurE|-F(eYwFQI43Y+XI`67 zr+I=^R9FsAFG79}8nvCxN#7))q0RPSAkk5(aQ5&E7{e%e+fX1gTTq5^=}&8ryuKfZ z5x{1A?A02q?vXm=`Be6BlerTM^@iKn2Nn#*osDN-S73nJXp>ydqfdXtL zeBk$rBRcg%F09Ic3&xczUQ8QnCb!yx8eHMl0$ccUHLIHQPb?Yi-w%7|&OmTC!9y-` zZhgj5251XmG5!*S9J?|8Dl^4m6}t%zJtWI%{ayAg|BU|?lS>3y`1{mZXx{-E#l=Ow zuIK41I}+zn!W3?lKo0`MiSB73xR6s-(1L2`GfZnnZkX_sMpeRFqCqf5nfhTI01*Kh z2@_-(hPzLADnGbeu#a4H#p{bkk?ug!@%{BwZ@&I@fQC*hyt?A@S^=vW>Nx}&JX+5? zDNRq-0vGgXs;#QY{Y{PQm(4r^KLFg1AilByd*_jb^a#oag;(h;&uA8*^TK?Ddlj$CzWOJ2lpsL;`wy7u1T8v7}Iocf* z>bHf+HH@#p-q?oFUhsTFtipkp>^s|}w<=Kn@pu-tUf?XT<3<0MZMa?DP3fQ!&=Cb^15DvIzZoQ5;=7=L+W7yKxZozbJ zgK+Pj9R=xqzX&SiD_39Dt{tNYU})6ptUP;)as(T&hYNaLf7lI->Tw2_xTA=+U zm&>#Rkp~SN)%wsyL-;zlr29HF1QCi%1=2<-mfn_KAifMpDOxH46m4Z>YD4iL@<4C` zb;^_-8`}~D&`XyDd?(9^rFg&-`3O>6LBYGGN4}X--c@Zsn-)oK9h}e zB`!s2`x;nn*HIqbh;8{Dq_9KiZXd)U9rUfNjqADfQMKNm&p^o!>>&&vBj9FZ1+8|% z4RG(&%XTr9A&fkp{TQz_#g#HF=DclGp$c#F_}YZbiH%8-r;HS`^56NcbETHo|pIb9xdcTX=aUh?6%I^4PTY~!P&S2}zqsnKL8IvmfI>foBjdp*`WS#s_ml?dy()t zlXKk7B4t?oxrR32HROpT)?plb8V^~l=!KsfxtV$S!rQF7l-kl zO*jy*>ovN{s`>Ry>d5PKl9V5_F%L)Ari;8S^e|fQJPo|Tyq`-#SyWuPu_=u!%Sf%R z6aYOu(p9+FOHrk9S@kiggyp$WT6yw5@H+HE`4p*WjzBa!bJM&5&&IVdCVURNG)1m3 z@m#2b)Ing%jZ+>HuddyFlUVQE^CYr&A-R`Wd+3fzz_22Kp17MDhbSo-8eJUwkl-HH zOZ{(5#&L~0%(MJ?d>0MongoD$qU9}>R#!Dds{6gi;P&OI!jH?h>cn_O)3VMfWT?H9 zPu~0kXuv9A6eIm1jeOfc@B^f8D;oyrz7lo1GZv-?aU3X0N=@V`e!;4OR32U7E=R2%THOpV;1w5S}t_{DPDh1rC%p<9vS3FM+!=2ocmwnV0#KCe-77iQ# zWDQ6+9bJ^@JB-BcigC|u(?m#HGnmeS>?Ck7k z{Ifoclgn$FTV5E7o zRa&Gta_y6d;F;je^}NDp!Gzk$ct{B*1_mE;k-H3W_WoOO|2S1fj@k=8NYZ6)AJha1 zvYU5%Jr&pd6Ii0G3@}qihA-OKL#v;8q^yD8>*_WoilR(c%g3U{71d;HTp^#ZC%ptnK}^l! z(ZK|U*t)CMF_!rGPF0m*%W#5tlSP)mN&_I=Vx&b=lE_iTk0}FTIlj>?^s4CnmH7$` z)L$uVUUhz+3P1~^9NKXZWmOYv=A#VZM{{$gvc7+Knw6XgPud42j3U=lh{KKo{e6{w zYRjs9Q(L^pvo=>dBo;&eVuoog&S?e&DPMfH4_AP3f z5R9<$YT!-1svPqux|YJ>a|_AxJ(%Q~;M>h>v{@RHThtLJCj*sX!*@^89at5WX?|#R zL33^3?tZG*?Bn$K$F?i_SpW?c0E@p`vijjj%9G0AD3>Js^AX@Wg&t}*l3OT6_B;w% z1lvUzfW+|)#a5qh;w)$LQ1?7ogtlj1(l4aif9S*{!vtI!5TI8X*=BzjEX97Pumo-$U5<$GrWuXoX?}gD4RUW6O`4#<9}I@_j>N` zmim|npbvq0s@~^--8-ylDM^j`*;6dI7(YolGHQK;GgUXuhxBl@DOmqri{RmanjKpg z-lYIf31PHvb@i$Dwruy=?f(3V#qjawd41{kd>-}5t@e4{qyO=7uzfDz`+9Q_h2{5g z{l1<#-q5p?>i5Y)b<6W!)6?_B!u=|6vJrk-IHU=DSA9)@L2)kDWg>>m z49`S}nzpR_WmIIwR}zQ8Ta>>iDISKlnL!AYDRaq*k_z`a{loMH&lgF;FM#1D;=M8X zC)biTPr3m6_}_Q(0lchyOzuCh69yVLfanDF0LZUgA`(xXO{!gnc zrsD|PxjZfr5JVE5MY~z|44t#NVVG#t8h1k=xWzVs8IIxTeFR z%=1@jytQ(@2mq&Nh);x=M1hAzu=Y|osrmi4@EWxr)K$pjxR?sXY61_08de@Atx|5; z@;xdNZyn4d7w()?otOtyN1|GhQRgR&w^LZN1a;2^3|%TE>ULn_c&1hpOY)ylKh@F5 z?Um1$B{#p}jV;f^+VDT_GNrtUW`b z;6JSIZDYhlVDFw2p*^3R=Yb$FAm*yt-WC91d(c9%K~ z;Gd;|OMd~BJg>#Ut4!|mBmT2~a6HYPL~XzRv(qwyg}ZP_`4N9iL^Rn3QkpU7%xJmS zwQ*x6~K;|f|d&ZZ_$urQjNM>Av2FbN3+vPEh)aOcd-LtJt1B=LGwRMqt%K@Q#U8_eS zyh@l{$FQ2YkrPegcd03I^Xhp98y%I%msB-s!P$6gN3@d{%1=028V)HVF)!Km7p|!x z-D@B*rL*O>)s-+JqJ2&whDbpDxr}|sV#KF3Ct`lhK)WW!Qy58q?*7iXm(b*LF*|AB zhzxP)0Y?;-dAEb=ZGEWS^cE~8-3K6%4FaKR!D89WZLfjff?1{40KX1Ve#T3>_Ezh7 zWh{fRDPxVpw_rlH%Z|rOD#;q0Z`b;KQ1CWl@0HiEHa@X@G$VV^<4)bPf?18k|0U>I z6f(D@yi0^<^C>oBb*7$4X1?8k+v66`g194X#xMhfibP>Ib(YtSAj{=Y|FE5 zRBXtz_Ag&vn(Wy2&ZDJU;S26bI*64nMt%FM|K!AGk?VxKq@?KipG!IrL39Io3; znvnJB^WAo!Bvlh3T>Q^vW;9Fa4ksu3}Uv8ZcdkAtN^q59b~%UrItKlPrEfJ4rgWO(L%Xa<$MlMd!${A)|T_ z5=zl=4&iT^E;UzzrJ-jT`mAFqqqlsEkj~a-&N$7qjz}u9j~mho`@rK0L_<;rbT)Dk z`bYHQ9R%Lmq>bb4tpDv;gqvLj=V>irqPiPZ0D~gT1sp&g&dG~r8M~YJ78SBg~2w{)fLVFkc}Lh&9e_`e z_g@gRB=d)!4mdYOZY^i=FZqDrb)zj&A~Z7cq#|9ocFc5i%EN|VPJ}HoHNgYPBoVXc z>GKh0af8#Yt`&!EBooSD*oOAT?7Yt@Z**xy5EeZ-br;m_0K}E99N&|+r^5t5W0!%YWoP;Jdoe;|H=`<6{CtA zD6gaLT~=$G){hfTXC~~y9i$Y;HTCqf4)5QIE;n=wBaIty`s6zQUV!y)3R7N`n(tZj zrj_xA!;hCtOFj7sq7m8TC=lBG+@)V17|qh zmV@AwKLFahxO$Js*~Y6*+WGE&L87Qzw>i1ss_rfmV|2wEFbs=6y{LLa=w|+^Bk_15 zQc=*vwKAuC-pVbmt;H;O3Cqcs;Afrm^sUisi2mx;U*(=ryVnqmQid(+(%>083mv@| zfr}dqhUTKU9F|GxlF#PtUI%P+UmtKsZm0U|n#;2<7Ol7gjt&dI21c4(*?OnYGsIY$ zHNbp9;~BQ@N6G^t>Fs)+uuPHy`XIPxJl|%5t&QP!eoC6|etd5-8rFUV)Y?hwQU|Ip znl{f;&Y*HUbD93G4sgRPaYigygF`ICx zTzCezCHGD%w~ic1*Jd*oU~x^#il=$kb`;mh5kX#1*-^;pc6mLq$j9g%YJdQ#hhenl zjmnI!eXfZqra(P{wMFs~mueeJAvCuBcOn%K|DD(8&8!=Q+*McB6uVOIt&KOsj~WPx0ku^F3}tQ8d1j~rkZU) zv4@vOK3iG{ckU0YuFQ(-5@Enq`!55UBU5-sQrM00h4aw4uFh2Zs^n%MZXQaMW zhPwF%=V%|tEWs-t{yonuO9Q_30tq)C+~55y|UQ{@Pk;! z8K$R1(ooWqm;HkJKa0Ar3sF`lhSOoaF=2;e!WTPD28wx$f&@U<+tej!y4=q1@b<5n z9W>`n{$O0Fv+gR#Zy1W4gMFdW7)ju6isE* zNHbt<{%_V6?OyY8ukNHF2ZCBMhFxt4z1I?}l!uowZ+(Dkpk`fY$w)oBlvT%R1~5{= z(Y1n@GS~`|G_Ty5hqTtCELBn$d)U&6jVLBofpMIbJ7zLks9t!dsb?o*@`rXAo3J6Z zv|;fD<7RM_wRVy6jI&$DZ$V}5>j_Jf)FQ{<8zLz;Q#YI1jS`v;0EkKbIPQxX-8CVe z2#@v)38*|qwvHsbz!d5G%&7k^gw!9cozi=R(88BwlCztX>nO4ZXqeGm zwtmNhGFIlz*&nZWwauWIb>v0z3N*3u@*Hxv($e}oJh~~EkZ+U#kieoW6DajD_98n6 z@DgyL0o-7lL=3RN^U?)XI9h(7sZ0)g9H?RYIQb6^&d9@NaI=Zix{%_5UQnsG)v#51R~o}*u9cZEK)-@=v8*m5K_5XXCeV=_ zo5a1vFFnQN8Uu)lb3&m+Sc&NS%6o}HH|<&hZ(aj1HNpIVj3B5M z`oSfC2W7~3GOypHZ?vs`S&DKMvF_@tOVKnTxJ4h+Jg-+oD)nd)7o232#4LZS?X6+g zC-}UmQ13~|(|pmj?$#np%0H4v8IW)5;!A{M5ER5+G731%pva0W^|4~cSBlI--qQuqU&LCXrN zW+?9vyZn}-jBI$dJTrfPVs)Ut;4~1tz*c_szzV*mV=BnH+&{2Xms{O(G3hEHE@=ZI zo4nNT_kpLSEoWbh51WbZOm=ZFgWK$O^ps5#)V_mTR|u^a4=hG;Ln282-`)NtAx62j*}v)bQ0 z{1R2KD(FQiV5DB!CcZy&^Y_ePK|Uu`S9L1hl_ds=F}rt-O>=Ad7}T{UEo%xOO#in7 zR&CawwF!qH4N5nHZDOZp{)we9&ATkIY0W!?Pxo(po71Tjo>NO<&v0oq{?BkQAMV{? z8`G(7kfI{^@TWP7p>|J3>QM-dU=SQVcikF|0}44Bm16&a-`e=o*WYH#7R0HNq?2%+ z*#U0I(#EJ(TczdXv{IY;otwsl8vzN*DJR619-*F)*E$zefzc zlF)TgEeJIp=j3`nIylrMKwtk-8Thq6&a3w}a>HX+wfHNw!(-R<_+N7)tiT_m7ie!v z0na^H?_;b|7knP_HoNYIN2Vd@%*EB$3IEuJqE(zdVlo=JbQm8Zs) ztHmlus&&`ZPm6r+g+B zM*$IfTRyR@^$7j$8HQ^BCGFYy-zL;FDrGkDYX5I6{yRvP;y317s!59O90EoD0mRh0 zKEQ_;Q#?vJIXyuDKL~jc^I9%-XI{z`x#evh^~pJaJ=_N@DL~<99G;pUXD>Wl0nnqP ztK7Fr-!f0x@~^sh5gQDj7vS8PXW;g>6>OaNK6g(j5_j)$#L{7$NLWr{>^MDPS52yu zi!O98vDkgthx1)`dCDA&Ws9JGwm{N+1rnlLCh@~p|bSgDAe?WZ+QhODw`h+_V$splA8EDH57fbr{_!i=Yk z39YciDT6}-&@IVh{-NhU1CLTiX!owQaOprv@d9YP9t5~8fE&IX1L8!&2lnekCeDX$^_)jO6stGHb)S$s%c32;H0$;Sn^DT)hxhf))0Y3`c zf9LOa5~qBpqFPrvof0miUS3EK4)hwk5Qg$)fUdBD#S51zR1ZsMcV|@TA!NXWtq{(0 zFSoijM9S%E2=_W9WD<^ZNkwf`c;k<9)fCcgxS3+rET>$tm0R2pS|mYSTm2VQ0P;Zm z3?TQXW(^bz+JOuG)**^zD&0vP(aTlOhK$v|r$6MG_VLVB6Dci@0tG@CQ2+>3#?;j+ zoMQEWXYqhS7fq8ANyX3E6V|o3IDORf;nZ8{>sOlo;QW>Ne^!-4(H~4M+19_D zP}H@?kyq{09i5{+pixqew7P+@X42HecF7(^oRpS0B6u$YF2Bevj!35tWfz&D(u|HC ztx~hyLXxW|dFmYG7yn%dCwx|X9vq+xDRfIqLMDs^p=zfi&Sn!(6?0xJo=^N_J-w^* zS~FEpkwQ{djOrBMqS{4r>fq)JzveG*Fr-!q+hET&k@FN|#-)SPot4Gvs{Td+?Gb2& z=kUH>|8l>!p!<2Zq~;m-G_^*iZeAmIujFZI1>dQ|C5@JWbv+jO7}#MOv!Q0H$Hs~S zFHCM8QcnAuS5AtqGxKDuxqKLoa@gA_xtGVZHA zb)jMt{#o5AhJ!YZx0p6hkP*Lf&1QQ#Wy4y`e=gbMbiMn#yR?Y99#XX>+`;v=c3NdQ zubneXJOJ(qsPC7N;X2?9tQKc8Dya5s;!$Q4&#jCd`iIdAU|7iez1)oy?WJ3t@zFzY zPe#5U4OaQGfS_LBf+KG|D9i2!Y1-%ifQYZO;z)_iOx9C>{mDr*4xpekKyCA#ZSNU?fnat`*uA&_Pjj|`4LonK5aAjecoI? z5cc>y-wZ_wd_H}gPadr5Uyb*CrYAjTe=Kk7zu{!RliSCqem&X4>wi95P#UMB5x8YY z-TJ!OJV1W4}3LMcViz1n>Kwdfa_C?N%M$%J2wOO z&wkC~Dw{RlKgtp*g$jhPe)0>XK?O6o{#Qx0b31O_k*i6?8dM}C7I4z1ACEUgBePrs z3GL6XHK#OIHhhNU%9Tjg;*pu7VPBcp&GxUaYG4NS|3>E{Drux+O3XZ8|IX4N0GJHo zL-8h& zjzvDEqnN#O!d3{?aO|(zrZMpm4rH{CDd1^bR4x5bMYr1gSc=)>X+-S3Y>Rzwn{OcH z+ES8BTte`B@Ne7s%tw|NzSWjxW%RV{II?u@U?Bs1B7l-&U*=N<)s1`_VCld@C{whH ztRHQ(!cgv7>1c2SXcZE+Eg9L&!;m*ws#4!&y({;hwJthpevbMf+!Hwt`%+y)nJNdP zVr=}OmHSe@<7C`|$j6W>)^*2|iI0C;8to}_1h*^MDVxTFdc3G7adiL#DX|R2c9$vh z2lchtT;sk-IV*>D%d%M-wOL60qFd}H{P{E^ML!Rou2!gqLoVt0OxrMilV^#ezYFun z`0q)T>j2{`-NpXx(zuE{#0fw(w8Y-XlffA=TZdLd8o7yi5Vm_lMs*}!R(R_0jzYMS zRQ}d+_{mMX(8G+jOud0*6Ga$)Cltd%EyxjWvTTQuQc|jmi}2xkC|C=VVmq zIYMy%63^xGHP5IvUfQHVJDcriI5nl}^+vFV06daRl|V><%`hM<1kD(cPJPuDd_Kdb z@&3D9b9|PDnAOU|`1Hj`4B=6{VcJP&lb00rbgcEZ6P}VH(U0kn1dZh~+&GXiLV7;7p7*Bc!^ zv^AV|f1p%z8$bMG{Px3EM?7A{%(v5(pxvjATnqiq4EK0hq*_osC>h(0=E`Y3Y{&g| zz;~+OPQnM1tP}dK{m=lo@KvJM^3!fSf1bbJoara)D!sj=JukdJeLnSk%VMCUd*)Ig z5G}j;KugiKlSgQ<^{P<7<5k_NOLSQ@4pz1a76Z_l zPE;_%9=?AQ2~;3LugYCqRi?cW&&c1|4S=++(iY$U`V_SH6*7#71uRq^lO`&KQ@djgHA;Kt9a$!zvQ?ITFTR}2$|hsM@JpU@S}t9b>Xd5*LOELnme94KZ#Z0S?Pot~}|(m+Gez7Z&G6W48lqHfV4blL?hXz^0rY7c_w zO1C=b9p+VT-d++V(##5k-y0 zg|9cjTE=+nL#x}=4OCh6;2KSlx518S(^zlg8iJ!@p*HpL4q_|ATRS7xo*V?|x>C%& z9^73uK3=88NC3~-Jd9q+nmS8>yO?>TZ7fp*kEaG~?Ic!Ca_YZM8Jk)kD*BpQ__@!OotZ6ZqD);)~2qH=8PcFIIvDwqx6A=;p--dzje(9oWjh!#{*u(Y78g824RN)3H^TEd1%c zXk!(&6c1s#3t9}v)y6x4g&$H`oaTx)e;aAaLDKzmTrRodwO}7vvFW^$AqQQv$SM?5 zGW{bcY)Q}Y&?J=1`l%|ZyD?y7!>rV$v?f&f0O4u#Qtz{3I&uYA84QaRPZkrLre;Cz z21@R>ONO-u7wR<9T)OzTP{)2#2p20~&?6z8u`SXJ*DL4+j+GxTcD_r~c*}c!Q0eF-gr{Aiy^B#etuG0kuUs3lKGE zGuvum&_G=iod--g_>moyU%XiXZ_591Na4`3wv5BE`4MpwzO{1DuDGV-YB`ajJWje< zIto@)i_1*3f?VznxPY;Y>xMNV_>pt>R1q0UBBbV=YJE)pA9WNW^gngf`agA)y|LMP z|NmDVbs_HdrH(?t`yX`_&e6g@b=1DYc>#5g_3-jC4CVC!*kpD=;OW~$b^$({nw+)T zlTvqO59fqtB9;*Z=gawkztOMX{e92>rH<7Md)5?dD31T_YSYN0fx1ANr(83oNEP0+2 zbA&(iOx~9Ghp_)_MeRULa(B?r)PYCbY)L)X)+isxvEAkN9_u~bl1HdN_$rR|I!1wF zFi~x`eoTF{-yb+tUFYX3_k|tN1iY8@*LZQqsKEG9Oa@+65lgsr@tWT)K!(2dpK?(3 z>tJ4`vo3tT0^FfIIt;w(8w)KyROmZSiedOaLk2}5>Pt2Zq2Xs)@-;3w{2K%!N|*f1lRtZ3K1kvJ z-u{dU?1=U50gFI`rOc53lS_K zrAVGg_(W+Fy*Uvyh&wd7t)&uw7k*VYj42P2@16KZQVo#PzEOOwjHlVdb;>*l#*Y;W zZ0M-|9gmt4%DAVVbTYEK2Nb2j25aUz_hqTj(p+LW;8qoo=oW+kf?X{U;9LH3#4YVv% zNL@ndo_5K!Mkvr8!H+6!9Ovy$7?-~wWMb*bmjw&g44U;TscF_$7piuD?dm4|IlfPX zRj2m*>Z%(|M+L0oazJ31Ynm*W)_Xi!e%#pI2D7}fhjClJa&|%mjTDj1f6HP z({tT;RbKIf4-58yQ8`~Njtw!c;;rOfBzP5f>u2qN`RtW1(M(qePOD+OeU-icEl0M7 zRSZa!Ry|m9nsRbg@P?8HUfDj9>Z!!!37uO@4T=Z(^3w?ikY}8P3P(irO-HeNIUKP%IZ{N+W(z;qgjZmo zhO6a7F-UTylIKDq*w$87PkA99ibTJpa2ZpaFLA!8!JcI{x*)#bze@1~y@WLzCg!YdgaQVrw54eE=kPa_KP z$945sq|HaM5WAmGI4VbcQyAW8x1TiiLj+_P{pk1mf9q>g$ONR3NpAC$TE72zTsXSe zO5Ep>Wo}=i>1x0=@%P&{BAE{L&QB4b{j!Okti)j4@_-!lgRT)ZCx7~3Pag>D)AP?(z-qdD15IsbZTFtqq`oUFgbL z6%dp?gFFMeNr%+RoijWb#%VKdm~ueWar5hxlW%N-4>;hwDdLI35tLobXFaf)?_Cn) zhrn%LM=Kq2l4tJno$&Oed%IOK8i66KaxqH?(A#{>4P{5^L7(JHrd8rHR~tr{-fY{> zi;fyz)CI|r3e=o}GHHyrR*^9bhxZ?WVv&Y&FP|S5EQe8{bYsNS9&gh3yu1rE-*ux; z*5czox1&!65>|T`dr?T~Um~Gn80yP?I-?g?6o-^ZFI%0|oPP~K6Y$!gmKIYQ) zoH$@JlbK$fBNa+-D2C4cx-*rM(@-oC#B3&`kV`ko!#%D?ttg+Q-mWp2D8h^sNh*=|6dpYR7Tth@10jLa&b>$7;Au))$(4HsqjZ| z(6+~I`MOe<>j<5}$dld66>(_f{mGHjp*eUwGxrRIky)3z<+zz@th5`$SpWf%wx2MF ztU$cAmst7JcQZ-o&uDzB3zWT1!iO2=fn=F;#wnx{t$x}}%rVXUXnzwmO0$qT{sv(# znxqEdw%bA(15PP4twhji_gtK=>wwK9(_h06+CGhS^Wa^d-ENiR{`~eWkDygG4&c>E z(d4ac9EvoO$r7e{0Sh2ehhJ-t1DW)umFSzzdxR~XI6c{+Jca6|Z_39Ng?kXB0Ljcez@;V7_$;_;-6fR!T_ zb1AgWbdd|h5v(!dpc2?}5av83QVR+H73B`JH!r=h7Ks-e&< z;8ht&jL^B=N{rsG_Z(o=-2}A>kcu(52lW%oscuDfa`zkn(*!Nc|L6giG&ozc6ew2t zHXKcaMDYgssYG_4ZvrD_su;Dzq zwZ9a6DGFZqq6{#xo=AN5vMP&00>t>6fL$Sh>)FQ~>3*Vu3`Uq5N`xGvtsYLVoYY@hBPJgC2ggRd;Z z_%rh^9wezenvPQIawtI4DWl>a#Ft~#j}FD1oC@38W;Zs>ZEaaOI4t@8>vw`rHwe-V zjg9S3xF=6YZr#Hc&GOZhk76+vgqFQ%U?uXfGtr~e5W&0iSQAE--0zY~g+^5k$()JM zG4ZA#z*&dS;+gaNgC%E2KQVcdY7{5bk;`s>@F66|6T3*eGFv{xo4pa%5$*Y3Y0up! zyT4gqQ*EvEiHXmH$OFG*YIu|vrLL3#gQ}gs{Y1*y4+JAXkJr#^aOV5~NaubM9(QnDi^_^jE04rMSnq`Vj&3_R)-sg6uCtIIUY58RTWYjzzbN-xo+LbiE~!zNaEfImaH^ z^#F_O2qfWDZ-r_@RmD$JtThmf$I80Zw!(Ca5{63RKanQeq#-1_(Kmc@x+$F$Rh%?W7^>LO;w*%mA&Uvfjrm()#Ny@KfR@zl}**}I0mya*8 z>rWsxx>?)wV@{9z5P>hN172A3!D9dFs;=SmVaS{eP9Vuw6e0b#qM*x0H#2QwhTmy}(#^uSNnfck%>?BGtu*q6Z}iN}8b zi15wf5*YW~o(K6mTTwcxeNTyweg}1e+xS;+u zRb#OHOVFkz*uOqAA^xz^b=xAe-KCYxtBBlZ{UbMV9Rv4XeibP#1aVo{-fQ%&TtD5K z6*A97je+`ti`<+|(fZ2;)O!dOm+_% zsZQvJxOQPkX}!E|PB8_EHh;?i&wWse#$y%zbzMANtNSp@!>#e}0~3Haub$Hi(qV z3pBgwiyN*D58>kr-RWANA9QxuLgwgvxNqHMQy0Y{5J-I`E;;#TC&{6Hg$_JTShz8& zV~xo7NFc&Ul9kE0K!MN>WdP^K+{|feWbjOk_>r`!T&?oJ4EN!bzQV4&WUZ?wr$(ViEZ1qZQHhO+qRvX z_q%_)wOf03y*~82Uf)L3s(D7FZu!mc` zZ`#>NU5$oK2R>24ado^%naFqBI4aSb0R5uPxg;R4(E7$>bz^HP}U{PI>%jH<)&%F~K zg*g@gX$U8;IYWuKF+f(h1n;VR;od@Cc(+IA_=V3g*FS5s*cSvJO9AX@3;k%Y2GOuDPTC(aW z5}9g?cL08ENl{!$5d6fV2sJcb3S~lwRGU-i0tU%XXiMA+#nI!}62JYbW#UYusU%ox zWvArifW}A$z-@7LC}J{YDgHL}qQO@*w1ZG9xC}A+wrd!ayi`-ZVg)H@(G27Sx}iZh zAyxXaAFYY5n9{h*>ys1@zo%S#e?itNk@ zieYo2JWsYyN1r>4ume$kMvJVMwCoGklBx_IK1fyzV2JedkDhET`2aXNbxf90AAT&p zdXRXyK$vNI0K>0Ug-%3Nbif^@>E-`#d1fXal{biTaq>F+z0zV}-hP4Ze-6mbHDO|& z7;IjeT%b}-8tW>biyOd*oSX7nH!0I4MD{zLh`!C_t%f%X3|z0hSg(ud1?fuWls7&F z*D7b!_z@n7_`NK!it99?#s zQji{4sg-YF^*sRI`oDrnUP+@zsc{n;Y1#XKq6{9dIQ=}aFF1I3l^`G}!YbPD3iwB- zXUV?}2Dim~K?^<@JS6W2S$d%!nMHpMHK>>6+-y0hDr=Gm?SP>ok8e}8%VR#{8HhjvP|1~da-n4g zCk$>$2TK{j({quL6sYJzW+nFf8;kw^w+6HQ|JGoQNxDvo!}uDvFI11Jo41ch;KcDc zhj>;zWy4nr0nk&Y!;=jfq2M5URUA~;6-bqvSF^3fuVC} zaQJ(-^kr}%;(@6I&;)qJtTbv5j3j)K(mvp_-ry2mY*PDzQtN_3k4~=Rf}W+{ehb(z zNtbYbU9&sUHmvZbohoAZ@KfQh_Wvbol}57}wHn7=X3+eOwy4wE9tD zB2py_0H6lB+Z1@L`k~qq+u$P)3D%ZQSl*^UTO{ibx|HKr=C*7&02bi!BV5hIbF zo6;HzZ-N2x8unrrh2_Bt!Qy?l=0T}x%G+w|3R{S0BTWn?5K877mY}N5Bt;VGfUFns zxafkEg1<>@mVRNxV;K=uC;ys?k8%`13LrguZQxw>&Q=d*;NbKe)qr6UE4?pLb^48} zqXr+S0}ZD0a3u;g%Hi~{c4lXz))|7h&GABaZ9N9vd-*cY^*eS z#foVYPMEgzADTEZ&Fm>M1+&g0CQ6X{gf2c<-2flAze;8q|B3eU&aY^W2$aYQ0Y&~t z#k!xRUlua9LeNgcGbk#RBdlR4ZdwBr5Q{StyN z2eXhd{`1r5)KWY`i(|Y%0}e36cE5l(+i4-Y(%|z;Hgb*vRwE#j2yR>~_ba_(2p1(o z!f?y_4~=#5Y4QHh$|D%~dkERYLKgWToP;6(Wd_;XEQ|so?NVY2MU)n0Aada$UXFI` zF{-ew{(PGpS^1~P)1!ZFkm-|7d%ceX$8%gkO79ntt)@aITVCyZ_b=PEdxTX&sO|!d z?!&YQqLW(uv{$<6%=d&8>LRp8C`Bc7!u6O7NZ97DNLeb~W!4i5Kg}ibPaa#ZVksL4 zU{@=sR7*}PB*4Zkk_7=NgTN02{`R@-vT(p^spI|B$pI|N^a*opr5y8?q2UqtG?lP- zt%Q^;%u zVlRhij~8W}dSZEe7{_P_j9@)-jkV_s<<`RqE)A@LCy8KcXWMnLlY zTRZU3`D_vjWjze=UCOTiRc&DR?;-20S$wrDL7mA7L(|aMa&=f~t292*FuL26@Xcer z&GuZS4oE_PGU@*H$-?&e`|)F8g|^4d&AOc3bpp zyH8t^w1X{K+5uHE(<2#<>zTJ8)io?R=sb3g3gtwV!GoR0@9L7=+}{OP2NN!FA%XNu zk(l^rPWC_q1sqs@}67_iF4`9h# z*_L>{^jaQPLzZM3!qI9Do{vE#3Gq1Qld{8TXE3FMrcuLjpl8_;qhj_VQveAOcQz|t zoEO_SsluNH{^cnCqLP6^Qo%xAG1td9RD-#vhC(ja`_>P~!o&!O-zoKd&G;?wAsj~B zszICB&QI-afl0K4vGHjLHtwO3Ex1Duh~b1YC71J`-rVqI4QPBbK#J zaZ{L9qK1dC9gM589)K~FJ|G)P)AbCJ=Lo#(ePPS-L4NKE?Qim4!OQk!21o)1;+ce=vBAesfdUww`kFLc|5Yv$f(-ClbbEH%!APo9-V~F@h;=I6!Ma%byXhxiX9OHxzOUju@PeJ*r=y z18sNP+svdam*o2O5@~hQ(m;O_a&!nJAh6 zfdAH9Mh>QnVt&SFSkX9edE2W?=zY7Lgk66KA|Yr&qdCyf@4hUIBT!oHlsIoih#dft zv{d)0rA$6v(?c-TJaI)JIZq-`>u;spbRHj~`hi-}Dnt(T$*59+c4Lau->~(YBrel! zGZ!Fnu!%}r5er1%9VvA~6{uXO#yac0*-3=$P7y==WLanPg1!_fA2ZJ|YG;zB0Hc4PmnS zw~H>k2kgrahC=X@qbV{HrsAf zj%ob<`fr|L`SHLcM3?;rMzmi2^|q;O<_U$-T=0gI`q5q2toq7}*rTgL5x3SO-tIa) z3z#FQ>RTg?*JBGGkm;JmOXNW@z955NyB7D!QTUqfba*B2yJ~im*t4eK@33oR*Xg2O zhY@Tq%O3&uxJr)*aw81Lj4i~3wk`QbRqm=XK|hYueFU1=1J$lTW#S4(j$ltp%_L6y zXw*A>6_M+nXJG`e__ z3~A9Y3=Am70wvo%&u^-%Yfq~Q=L5~qFiraFArmGSdOGg-Vl&leTEWZ!;zPY)H~?gQ zg`tPGtKphn3XITq={A1|EbE0B(~W^56{eFLc+}W1BE1vF7Eh1-SYC@2abcb1M7cdC z9*joD)#)WQQ}dzHZhR>EhY~Fx`$xjOJIT@2AY<*{OS)cVBC*PAwp;2U4Qkp~BG2z# zi>7ap_05A=OccDT8OQNNd6z>Cd6KP#qSYJly>AIUAZ!wsrquza=Rm$VsP;EyMyzyU zgIavI{H$|CJA^j5X=MRF*ju@EST{=bMR%luXyDk?=t^6bu^?oDSJhILJg{-*fGijL zGz?`eWNRt-3}ja?jaN4j_ca&9gYHk*jf!bD@dTft+pHGNd1Y*tt7DG4;IP5Xvj$6w zo(5J(jHCi0Km;R{D)aDWupW_q;tUt1(yWoDS`;P@Gr&vFgvIw{k8;np;D< zM$PV!#70BpX(4o1K!6n*nik6=w1A;oM~iD1FmR8rMW-~659X1Zy>z^khj-8fG``qG z1eilWp&Dx=M;H{zaLd=Vyrk)w(Xp)L_Nc2v#pIs(3WdIz*hbCp$|P$TCcIHyR~`r} zr;B5_rhTgHD{Dr6fNBR5T?_8AlDk9By*wy{4VU8 zK=4HtVFiQ-X=UsB%(~C-a{m@P(gY->xJh)<@bE*z!YMwCd$NlAQfbCt0bnc;qSHVM zl|~7bqP;**UuqqNS4`R{uF00p`Eh=KBSiH4BjH+Ln%D8qi-b{wCmuLf`Jzxs@2jc0 zm#Lcb8+1E!qJ2>oB9;6Ug;7Geuh4}HlIdZ@r##@cnjU})3=-B^`^|QnfLqd&I9;i>0lsc zVfvp|f^3(^;eBxfpeWN^6T$_{^pf(Nfuc z>sfVm^M`dyzW29TCAkH#P;m=U|xA^@Hy8qYn>&5{kt-5Ry>tq zavUo{X70B_|1uX5nee#irzlLiFkcnaGc_p>|h|F;L+^rLzs!@a2 zYfLOGZBtxMduQ@v=S+ZIKm}XV{!StuKlh*cK{`r|MhIlhD^A^Saf^+`9+t5ghFPJ9 z$V+BT=>v>4Cd4S~L)dn6U{~JxSpdePU_Y+suh*M*TI4?MVVQx2YxXU5PyLwT{#!v@ ziWVymZb9|a3JrYD(XyR1Yei8%t^f}RBV4@EM(6=i@{9}h?{W>(cWY(#2(QN-IJ`Z# zW5)6ak6P0^OhMdmneDPWo-XEt!J-jL>e0&F2U6R}(j1uC@+5{Ykii z#T&iT3Ud7$q~ckqE*w72i~A8xY_nU$wM19QKtO2%MaJichx$hXU0kJ{0Y*bgaFyP* z%u0$lm4LmJ@=8WKq1nQO2^Qn-oW>xB zsImBIzie?aKza^;BX>%A|rnh=?LtL=97Mpt(^S~g>@04i^eqvTDS=DG9vzFUU-h&i>cmx;LWFjm8VbQG9#E}P7QuWHCF9ZU+eYfL3MFHu^v{zwUw5bT4TgCPKl%8{ zrse*v7>37oeN>`Tuy#18$`b%6E*9mD&!-x&qjmql;O+Wyd%YCuC@LtHRp;!5Q=pYs z`q!mTq7@-qzEYeeHIzldlp_?DRs&fyS}WR0P9aB@+{i(rM9%5AobIq$p|0dq3bS^mmzPvW*GPi=7H>^5nvBT`>33cLG*B#_( zj9C4Zy1OMjRijiJi0Kx%CnV5i6}2t$Q&&kaQW(ud(db#Co~*LDsbLfLyut5+)m`b4N~ zSN3Myg?jA(PWpXohO@yr7%)mi!c103dEKu-p$N-PWV}?BBv$A@LYy4< zMOURG*-JCN`JdG8es`2w!xfb+Aqtp{qDJNba|GARA5dL3zcu4~SSy~V;_aiAi=yQ) zmu409HUT%J6cy@hV|Wa<+=vM4i!LVBhKq9ywd~jpeg>m)DcDf72p9hLgb|&>m@P(zh@!L@TcF+Ere>)Zwtd5GE&wv)Zz4cXr{SLEWJ99 zFoA&c!nSuV$l3^#Y)0g;Ck&Okh^6kg2FeDGuL zAM+Y*A^D28KKYQ1h9HU^bGP4&$*QBzN5#bT!}>cYk@dCx&uu|{#&;ciZ7iwC;}CF< z9E)0w2^^d*QRK2wGLg`?<0C+?DWtb92q78W%)T=Y&RkZ9P{rZPDD)qu64LzI6bckV z-wG_#ZhHO1pA|WU%0D#~;S7COzcvdb3o;2!8~h00%FC9)Zt^XgFdU4p%x0km5zxypn|9q)#B^;7FOx?4l7_=3 zOnfKtzbJ`U*NM-?HU0D>ObZQP>{Edh;fpSzwk!Mk)Di@S;SO(CY?0p$xVF+X;%MN=9|LRWQ3Si&X_A850`tn2SA zOvn<1qZ}R|RU`bT_2~D+z@<}tyXc0hTpRtXav?MO^2=mQtidk}?hid3hZ0s!NioVFhHcht9E5kFi(T?3bd^tY83(KZw(#_~yF~z?-K}3a) zh(-<^vGX@*s$zIF_X$iwna~?LQ6a6t^8axP3s}x?Md^x4Y>mw#LRcL(MLz0GkYs4w zdtt_pO1GickGU(OO!eZWH=0gX36E2l0-rQ*>h2;$Xr{V~soZd-h+Hv>!wk7dk_xvd z%YhG$rtJQ}d_Q00kc8-BV|lu=ynT)6;(l6{f8VX`sfO^b@p^l?y4v3EZLscWWp;gr z!uq`Po!=|`JT3HrJ>DDW6NiN8eu)+uV9$kxrOL6)5!%<6y=VUe535<)tftTE;t3+I z3Y%RiF;a$Hyl3|n=C2XV==OGJ*nSeyF-bHmML5U3qIqu&1g4oSG*imveKbqu-3k(F zF#CS4{Bkh7dSMAWz;G}?FtYYoLpiu!aNB@5_Dxm;N6ZH2AE?BnnJ}I!tB@{DG*wzC)Qs{rG!R7FjAJA*Ug!3lCh`{mf7$&=I|qKAA=j0R^{1K&Xfxk zwPT$}w*cDb+k!jW@vel|1aJ>Z?Z=esTsp_!6-a}0)hP0^mu}$;}eXRMx>wWNJi>mU_HR(bqE_hAV1%D0j9G4+@7}9a)Tb2Lq zGW=DOVv&}!#DK$o9F5|9-3pxEz?OLI@Hl4~H8txG&SW3?FZG~6#9W9FbusM7Xf&m~ zZz?b*B!0E+43$KF0p~VBBJF@GX}NQ1cmgsh2V)PiUesVK=!a6K=N?KOtHjJ$vlI9M z^`{jbMBbj1jrxqv#ST2f@HRcff1dkK;qf(%fBwYwQsW|uM!y8jo6lI5LRGR4(`}!n&tByi-%NDyxkiCtoXP8P% z3}79@v)$0hf#SW|%@1aOt~`p;>#o7m^_?q-sp|QgEh_L^YD8TEp#3+?sdru06Taz2 zOSYz6K^r+53!hp<5BcVTI;)IhX^>Z#9)2>ZWTG~Sn(X&x^0kX3T^5!_6`Dn%Vi(*Z zhg6!ppOiCG?lI9QN-(fy7R<%6#|vgfzP_w3P{kN_&^b8FndQd%!u7~Xf2$IdNwH}& z=rMh$b4H1jqjoUM)#9~ql+9$LL1Ic2(0Z@*H2pz7Gt77u@)O66FSan0A=KZVSIq~E z<{;4-emoT6W$s=!kL|Zz6{5(e1aSY!CwCoBO4$@l?s@HPiNREK*^4Pk$KJ;)ML z8)xCd*kU)+E?1~6b496$MEa_1f@2$QitZ~PZn-(3TEZ}#v|~vg{N$VgqsYdIr2{uf zN}0wW^%mfWYZ9~yMG}JXQMSI_4qUcE)zx?llDwgqxCtM5eE!p=i;W9yDV>V9!&+bb zw)Za!sI)sencW;-Z`&hX^4rQSAO*01=NGDx?hA(8o8&-Y8%-?k-G0hsXy@6W6(1`7 z=Ll8Hh%ProJ^cRiq;5UXU<+yx!-D3Z%o)MB*xd`#N~Xh`&H!GNud}ZbG0IL?DytAG zuO5T0baA2H@okb$&rr_*@-gM~QFiGnHxXX0OfrhRF4F?-1|DsPZaA%4;Y!%&UqbMW zC&K+so;g8~aTVSm2HKoSMa#^K!Mf~ht^KosZC!pzBdnshAg_5^nB?nK$`icER?gF= zZ9q=Vb76oAC)Wutvrs7MUFk8-`2fSfLg}_*VSwS(r{Q_*-RMtm7aBdGsu{_N`gT2|8yGcqsfZO{C%SLuIS-HO`q59% z)CEL!TzFRPV5gn5A|Sx9S5aRU5_Lef!Vzi?J#iTS4fOsg@Wl~k!=lFTryatfd!*qK zhwp;MGgAtz7-?6VxB?g{}VcmREO?0T&we3R&{)ZI7qmVNF3A z=O^QPRejR5v5>Vrd4NEp@8MHZvsv~D7t74qZ@C20&>IN3W_CcoN{ppN^U*1l} zSESPj<))=Ifc%p;1Njotatcw0i-egyy`x}P44eGda+SJU-h~%c#`juk268DOduPj8 zM1Bd&MRCkLoR#K-L`+bAx!Xd$N_JaLyEQE-#8V5$lVxoh9EmfgF!X*83|cBV^xxfZ z1zeTeg_DF!-CKKjd|7J>v~fjY7K?p+D7kdY$z3y$FnK;!AX4E5=8Ch#oSMtVgdf-z zC->3yOv}fEm4@!~$;Q{)GSA1u)wgE{?~ZlnDoMK07UiS72jNF@Q-DZu^Sq8pl?qq zEBv{TR>A9`3MK+H(hA_MX^{QHh7@|Kf1*8w>+V1DQ6ATZ&oI^ke!?<^R5o3z!5=Dr z5Lo;1?*(=Eal>5>FDycbD92^G^n0;PI<=PZ-*hdlvLj*8iT&sDhUM4(|w&8Z6st(z>h2FT~zRK7Tg34pp5GyG+r47Hv$WYT3ipf3~Cji6kvF`O|kA0 zHJP*(7~ea6A+JnJb33G2MYqq%57NQ%O|J-KQMG$IRUd1g0YrZW}c-rgsqkDf!c9N$!&piO1a2N%QE7{~PU4 zljX@Ail%eYsr&Ncitc@;Zwgat1Q2%${DF|e8x0!Q03MT29tY_3ZO0yA;x3!Laemf>?gE1?dZ!UmKaj&gyFBe9ysNwAHfIafkIO3y{g z)POWN9y$^a8!hr+)eE%Oca1dcIlvsa0|m$#6br8?4>2!?ejzVMNN?zx5zcJNE4UZi zIfuU1YwJYK3X&SFIKsC`+2zP?UI5*^QA!M}=$}x7ZI!x7^8y^omI>s12_cbl4!ngd zujZo@8JF(M8boEyN1?!rQw|bd&l4@ezpr*#hEd%e6Tz?!!uoQr-6V*gO&fp@YQ5fu z9l&01NHLFRO}=@PmwFJW>pSND2%}w`?vKHmEH7<|i827t`@unWHWK8O0ckRh&{#nd zPg2v7j`o1o6wGudJ-=6DE=!Hy%o@8>?Z=N4FxC5IaKYvmby+#BVY z+lRBV?2nC*FO=FHz~9sEM?R?WK0Vzvdv|eQuP&0iq;hV@j>#GBQ1I9(z zx>1m)@Znvzwg^HIT3=dDiHo`u1=@(p@Jl=#V`3f2{zFA zMb^9Q1GKDQwsz?KgXvu{ps+aXe#mJYS=oGIyI+`&t$wCrf>`@?8O2@TYc)--_u*~h zq65&u-QYWSfgUB$WN&;J4BJX zKD4r&I|ps_9k$WZh1_+MR+$6(T>O}`aCc7=lT;8b1p6%4wj^(ABkrR%lC7JGZS)n& zs1pGsPdOe+;Ss~)0W|I#^8%Xq`!3PtL~z-fc`YLkN8p)otcfwaThZ9k|E=HG0u2c& z`6Rq2%7NDl`%blYz-zkNM}_P!^Cip|e&!%gmL5j43% zg>Hvzhlgt3y>u9N1}m?h(eIhj$2Hz{NL+%7NK%@amEJY>fCg`UKvtV4IH_+J_p4r% z4)li2g@c+ozr8{rY7-DBDir>IH9G`+VS~bQ$|IG9myvVqGz0`q6BS#u*l-`=$G#kJ zQnLCkCe7u6@w~?uEsc7Sz%dPvLo>)n--j5Y^-zQe|pKMyey$RjsEuh@?3kW-M*>Y29Q44nzG) z=O?b!DA|kAI6cjQ9#}PYz3j^|X;(Z0C+aU7ei;L62wM8=^==b=&gRv2@?`ib${;cs zYyV9je3aDR_>zHt%tygVUBvt|;!jq=9MXAgg%B0=hHsQRu$j|F%FZ!wvu0 z<;-_Y%GGj9X)Y8rlu=K1JxZH|GgHODz;!^yJkRtQFx3vqaG=WRdHX@oh}z(kZXlHu zLm_is1P(y$MW52mvT2;Pv;>)Ef}ul#K4BH>wf|fByLaX>U)-V8SnM)O-a2s)3neEP z77@3Y&+xNI(7yv-W@hisDN~^CDLUjXf>(5-K*}n=-ye{s*0w$i>ebZo5jwkJnW02wsSZln=n;} z=B*TBZGDiL+8UTtJRvgZm?hIN6Gd_0mKLw*yeOa|+Z!hv=j{-TX_H<~wt9;2U~)4R z#cewvlfa9Yv?}t~cLPSF$n8~yPJS`s76d_%#bP@43?Nm4V3HaOO;Ff56H9UXxb9C@ z)Ie4TCW4)4U^3KPYn|;4CZzwhl=UHV$si`QJ z0~1ywL*^ksOvqH6Z#ux&DJ=`Wj1##m)SQ&_4r}^wAvsK&Fg=JuUaA&eqZL||r#bbX zKlc7>8DX~FL!MZTR(#&xnDlD;OHO6;wyHI@KtC`ca|)(K0@)I!Cvy#2h8W=Nj71i1_p-bKM3HU z2KJjp`RDcWwqhXX61Rtki;L~`_A0}MW?IL4Fof3&&&jRq=lyIK$o-AJE`DI3=9_T7 zE-oznv0;pcO0b3=Rbz^^It&cD1WqkKmS2~LcllRXuM(2$pL#W1PsEON$E|zyW}f1i zBo}%!YrJA=YLVO#D_m7~W@VK@3E}QFe2Yvo3)pptPNl~MPWUuW7l53(2RNdtwQ`wq z!f^#9NZciWmD$C~`?Vuur8jL#+REoS1QPzo0g55MpEUB$^}cY`)KyD#{SN94L}5t?wyNx!vO zQ3417&{#4-Q>TYtYpZ|kOY*eC@rVaL4$5B0f3KWx7dFMzsgS@rde$?V;f^$`TBd|4 z!D);a!!n3>)#r=6QMLFwv3;l&_NZ2~JEdIZBv}?(RbGsh?5rf11%!4&qLMERZ*TYx z7)7|m_E81fw}%QIpi=-n+aM9wtmy9%Nvya!%8ml!a(Hxan!Tu%k9_&0W;u{n!Aj|v zJ_o*%HJMS5a1>@M$sDnUS+yc>)1)~R2Stow=wOOz65o#E)rUiwrf7Y4K{D|b^XCNS zB*+hKmo0e%m`^5$2eqEHpZn#HWjMZB$S<`6N;NTL5joqa2(ADr zPGi$CAU5V;KH_%;f3&Jki?pzb27F*-LqHQJ0QA@jAO18_gJMP1`mox)TRoB0XLODc z)C=g=gsRUSB^~1<=n%=q?n{_P?t#isQwv9H5Pd?g=tlk%42MG0c!^sIQuqtKPeGFt zv%_8_&#rpsfK@lGARE1EeeVBs^`Hi*Wob()gOlWfs-b=Xn}*7r{b_8O{yhXD#33RX zgr<2@CdP9czXo(TBo4GwbT+vqK&@o55xHD_Cvam*Y}1Ow9yHjk>7}mo`|7ky4|Oxu z=nCiMwlPx#h0v04Q`7+Qnx6s{6!vFa$^lHBj}Sw3a5Rn5q>7dO=;bRJ0TO~F+retv z;B7hou6&=X>XEP91hHi|;WRUQO9=Hb!%GOz&Cqsyq2ku~DT<7m#c!#~O%;()pV_qg zO4-ZNpVa+vdD@w)>}HWBI4gvYC6Uc8Q4oKwE!&3YEN!{TPj$8}So#wyXsHwZ?%BVS zinMrJHXK}L2zf5A1a#$B>?Ez*fV7f35SPUbERHNiZV4uuC(K}}wgBS6t6h8|rnjeTAeaewKdz~}0*gEa#OYum$>dC!^ad^ry@7;`JbwvtN>efyB=m;y| zZ%9@3G=Utr>soiz;^`iWl3bF61%F((h?7XKa$=H1N*TFc9zu9!8~`O=VU1|NIJ17R zQG^A^7dHMRxV6zyaeaW4L}f4ysvA@qYV5fM`XIFHD!8>voql2}&qC0BrC|w9$(xd8 zS6=`m#~vyms-2mUHokRAJIA~^13iN2IU7LzTZ4i*2?ckPGGWOdjJ&2HE%t|cr-=+k zBP3z&mlSs0V&nbe2-N8j<1qvRoQRxUe;?k?KXDX976^ z_cOgW!^EsCw5lFBrZtg;uj`SLa2+sWOql6$eeMW@(acEIkzKdrev0a~hAH+)W5jY} z3kE5%*Ww8G5$)3AD|6n^;rUX2xe0S73kX{9(!B|3-uyJrXqE{AcKfE7>dYDc6bA-q z?QOSR0i^!*ETZDg3%k?a1S_V-g3YE#^anJ%XuaWkp-k`T&0H#fuDS5^b647aV!L^w z<$$=6`e9mmu>zUK^HqgI9j0Ja%A?$yav4T; z@5j_yCNABG@74}H#wo_yLr~DS|Evu?avT-?RpgXi$I9&??}_rPlJE1U-W7m@wUpdm z{u#rop9_kGw6@XOz(CtLT@!3AcFNl{~guYgOdgLA0WaX7t}i+&baRl;a5>oCM+w2P=+u| zvcA!;)-dwo7b4M9QXQ;KE1~aLvCmPc;mq1*Qm4%|iep1$yXy7s2=cfG1H$7eqc{_i zfw=p>od4JuytRb5;FyS97xJSO`|bSWZVm{xZ_00gn(GcjpF7Sy*zCQu2H&?Hxy?PI zMGHxF%C=O1-&aQ;z$%e$C^%l6l@2(giF&TU??dwc*}&uTP%(Tu6ZYG1BY1+r@4gfV zl!!Qkb#*Il_U*SM(w7wa#UbZyWVwFcTkj_WEsVoW9(fPUpk)nl+;%IvqNTgJs`9gv zNv;ar0QRdngOuYvgWKA9=1iKZ3*<<{Y~nY5l)C1w)}im`8=vZr!KIYUoQ91dUg2uS z{l*+;jMRP~yD;iwfMMA5p_`VU3pxAZU_<#+}F&qnUW0I$1;Bq6dGx9R(X1P?(f^(xQC zd4C{Rd>z@e!Rwfy?|=UP=NiLaFaOImh6D0T_J%P}-K4e_m@9>!nwDR%?8Mnd99#8wJmbOyQC$S%+4SCaC&eOI1Tl`h7#u=YXL)uh+|HEW*M#8YM=egVfLWm%5rAfT)Iz7SoB%WW#!+d&0S*gDi;K za++mIb8J^tS=E;eXd9qFZ5@hs%7Fem9h~&Ho6M9~W5+`x1;|HZw>zQ<4P!)sG(o!; zASji9qC4WD70_>GKDaaYwkwRZl%$tRD}D3+6D$=^*-N{jjo->!>RNc(oh!kt18FfQ zr7%20-Vsa%=HK^*Ws=={V$HWZddqubuIVzT0>IdQ6V2^RtyOpB!D|$75Ef>gdIDuv zW2%O_RbLs^OdzJE=xkO|TkW>B{UOCCzqSi3LgaKEg(x}&1ANi~Qq7wyaw|Ook`jp3nx^}8f6c~Ix8x7wNQ?t=fxq$M1$i^hYz@Rl z9_yx_MIC(II5d5Mkvbx|fIxZ##DxMKg@sTA{D@{j*@;D}Ho<;V_DCl#P)j5tWu?cC zc-WFl7aH%{Q<)7Y(*fIrskD&)(wpZ&K(IXa%#C$f_jU8Ie!$&4ZUQ1+!I^vbyx$Xb zI+CuQcn$Px`gRx!bW~9;%wftQGkFKJKLqEPKyiwc@oYDStKs1oDtk5Gy z;0x2-@W*xhAEa87|96aa<2`2OT(rKtR=2R$>?!f^SSEM*J~Q4RYLC8p|B znmYDV{C6SSRc!5nb0ly>5D}q3<*?g$3p#d7-2+Q__1wNuAIU<~&mQX3?nN7HNIu>i zJOW?ueUmv?&@A64c7D^#%gT$(L$(O4ZXfuPtv|>-R|hoHa;7EjvKGw6)N&fZFWLC1 zx{OqCH4s$sy$ZuDgh{d_BdMzrj(^L?=b6j}H6!5L$`|(}RP~;zby+`8wG{##&rqqB zBYiFrVk||(G3C$Oy8@t36E;2fRpMur1C`Z6Hif02GOlma1^7tLDTXM&Hp$yx#CJXl zZ@lJTc+Na>9=l}SPuBkTeD&~GEHcwGVjnbp6%-zi=5X`ANUK4M>_%qNEo#%;6=>b$?_=P_FdZre zK31oXn>Rr8jEpk$FG+STY7;x+^ONW8V901rQ50?vnZ&Wc zNJ2Oawwwl7CPYMdyt%w>A}?VxfVaHEoQq3r;v~kUCB$|Gw0*|%i$kXFEy}XG>p2+b ztp@EwAhakT5-IN@&88xfx>!fU(;<6|=6^3I&JPx@13VQ;PT7(Jv`^6XdSVmzj3f-w z;Nbv~YtYj=&Zue+FuSF*AIamFEVKMepXP56yQDQc|H)AyzU>0y6|@%|h%+%BVOu{0 z^J7ZIU|?z5e2N}lFIWemc(4vpc8Cyi&Bd|xw!9m?sc)kX>9xh=kkJ)ZmYz-7<0#Ky z*uuMw^x%accuv+HXtG(IGuP~KSAy3fZ5?A3_#~+<90N*Swsj244#%Co7cciSQ3lg8-xAQvbp+iZZkn^SlFAJI_ ztZ?=1?ILA^vgYQ4!g5gXg<;hUD>J9ZS@B@Zt5Mz|Nr=;Dt5@`SoWkQRVV|ne!D$&= zoUTJRfzp}#4M*V)IwM(u!l9dYGamjFYI>a0X=6IRsF z>so#yQU=w>Prd&*k4`O71u!r4PzFFhvavFtKNgUcgVDjR0qLEwYT21K_#7-z7Tp0W zgJ^{tgtl>iv)Z@my+^*E<-DQ2k_j@^(7m^FsIxWZfX!g#?wg9)h7#pc4_l9ZKdyIv zdB&AhHxS6o3*bvgvKN#qd>5?kx<>7W2BRp%OX{%i%cfh{qNqypEV7dkn+(o!mV_vZ z)%K9 zgZuTD1j(#7rQ-u$t^B1p2`!(%V~4~rUcdB>E48J(YlF(SPuOQ&9}L8sQcbb@DHvD$ z9;K$re}`vr7obWUx@%A5uIeiKAQHfTSuepN@)gi&h523?03;0g@!!Ui~V=Ia;D5vEsIVUgyI-AF9E4932^n_ra;F+}lJ zb+D9_FwYxY!}K6aJx~P%8Om%ZIKX6=PZ`WsJs(TZFMKJFJKJ2W^tZZ8tpHwHZ8br( zGa=D#udviH4Q*@!y`7H^zY5MhIpxk}Zsb=$qJh44JIoLYtoQYBHEfFeG%!36R0WmI}?kb8k*?rj($ z(MD`hFJ78c`FS>oT7{5nJH^bMV6iG!phMqx!gqu)jH8yGUW#RsJJQ(}+Z)UHH2pv7 zB+U5miDwOjumx%=_!mL}DD!|P$EL7S;Wt$bI9Wg{4S(V%3hA(k)Jec}5FW730dn%E z$*oNbe?|={_0!0=6CB8&@JJmyO9+x|8k;O?*0Y{$T|ZQItwb|#qEwr$%T+qN~~ zX5RPSy?3j&wsxzws;m1{|J!xCe&>8X&+|1jm(mDr&|)#inu{hpg8%^FKTLGi_B^+4s*o<&Vw;(9hEF&4YAvNeAV^V8YILE>*^e5P zu4y#gF)0Y8kl3l4oF(0ye8Q`|ZO*|_>IU|~Xbv(qY`KCCkKK5OK_gYj7arTZ)A6-D$YDAit4`}oB?1c z=DO%domFCO?LtDY7&Oq*Xl-mzMV(K!?n_a5BDzAfkV-(clct@Q$|t{OW)J()FIjzT z{~n4#bp^D8Qf{h@BIi^>VH(f2w(Dp!L1j@VTRFJXj~88ksVdoGQp8y_i#DOTPp3F& z&gYGyx%k<3fquG|1U&KwtA~X7!R(vrY*(!O-%rEEAqd%(um`|A^ zkyHKARASz>5~MVPcx@;R4D-Y(gl}aiSVb`YXSL>Ci4iGQXeICsO1~#((AktqtNukX z$p{1nD44;w0!r&BqVq%!0aF#)y7TcFrK5&SjmUB`J>T^Z^=M7DfeFdf-<4ibZ_(vY z$$nkSLP>oAItw_YKoi1}&^(jINMos%vyoasVe(AS@%JO>VtGJ-b}K*#WCeO6XC2;A z8P!>ZazbYGVbSPz3`^{b?S+eErj0R*g{IQ`e$O1zc6`YDv$2uo@#ONp%YO}Y?+n{; zL}jpk5>(VjB(hD|Zl5q(L%-{1#P|Lq5B4H-9&Oa&ro={(1$#6g@d!M4MFt)^tk3nu znNg2DAts7^nO)WySvL%VbEU7dLynMeWwY|7ce@m~H$Y6AU!l5|-!~3Zr6#{&E_D{u zQ6)UBQa8htuh=BvIK6DSkJ|#;7WCO29@s*vuC%qYeDt?p%QTHb0MI__SlSyJcurxq z67`RS;l7&{i+FZBlo6i&-2j0;l}}pxT}$ZWZ|N*eu2{61@X@Bae&&)|E-H$`Oi^71 zN<~kQ)F$Q9%s1ayMiHr09p!Aa#*-9f#*2sGfLML7z7!0|E>vPTbX*HtMWPb6m6mCi z36d!$B}fE3lb4;2d#NK>!_a9+4&TwW0KZE`w^C`(kdR3F5_V@g<~(Z(0!>ue^BZp@ zt%|4_sYn^&H20jA)$)Sasu4B94wAPc0lu&4TTvwOs90Oa-qblqMT*w-LoQ^67U7^1 zxqfpZT15=vO>aNp8lPGgk54Iu`_vLx80f@qF=p4oxVtU<6)Jk}05Lri6SKJUPjUYLdbyHXr^l(-vNyH?7EgfZt|lx6;v zFlK<4r|WcM!!C}bK)Zeob#6~84Avzz(GRE`-Ue)Gp-Zy$u;HL!mmzaqvs()yJPj#K`_hV2$JRVKpX0{p55BcuNYPHjfM*11%MpA;$OA>q zkb(Z9VpLGF8sR~xeR4tyKhG!pP)l37hDIh@-LIX>-D506adop|y7g|){f8>!?QYNi z&v5!7w0$kMAY^aOfuAlezf+3|L}A)KSI?3fpZKTPpy3kq=@5;nQGvalKMfe7#M5Ip0pV?dG;$ z`vF;H1ru;g-f#34m{u=0_5IZuKSPODs6qTXa{&){j18;Pud*7Pz0<@K4Pd%_BH_aU(2pYqrxtP#mC=XX%77VrqMwZSaN&FUWv$Q7wauH2w& zaSH>F%a2*Lcuu0AKN(5x&%t9@&}p}6X3Lox=H$1)Zx_CTf{R@;Mq$Qq`=KP)A%~Cn z>sQ2{JO1!$NO1w}rUKV_W@BJ|t_|@fr~l9_ko*D(-{LOmIa#75n#7OiC39H~MwE1# z?)+SUv&j>qt1gv$68o)_PMZe7AwbJu1Oqoy7d9)o$jl!(ehH2wP>-sh5cIc$V@2en z6fC;+;qvaV$1x(vPw2L)pRaRG=C1E7Qt?*0C!Jh#F^<-;0o(?pN`w!FgjY>Lx`zAW z+SgHN-u_rB?fF4l2#B$=0V$9;bfC!L^zyKqAgFnL*N+1Ritu|9(cc6aNYRk{ocajp zX{V3)y#PMIZBqCLor{f+=Z#gJiwk$_$%_klLZo5QXs@+;_7%NRmxIH)Ugv|u0Cg`n zy~nQQX9ccC4h1@Gd2sZR_rfd|1TI%=$~|u`dEMNJG{XcT)|9e#POCu+7)p&sUFFxc zN>o-^?*E2Ae&hWYe?+C?{lXs|hq}M;N8t59WUvRjYCk=E)X_)^cjHbVlWqb6yL`0`ycwT;V=CNMNQ^JnF8* z$NNEB1j=%lGjSSobx@2-`0HM!`*XMB?k*%#d9pJxu+4f;?rXwAs_r7tXd_brk%qLv zH9Y4W?{9VcyL{J3ouB1bOY|8J>xfzgdWsy1M)3CiKVa|j))9&w?(Hu9oR^NZ{n;Nv zNYt5ZU^0D35~)KN+wh;WWj5Ad&M2M9a*?Z%)YaEVWeRGMs(^$zf5JGNo(-dUm6*okTY-q~ZLdORNhW_| zOls*+*;Bgr;Wq44s2xY=1x<*;2c_5l^e;mjwF zqRXsSWzMVzx}!yoI`t|cg?XVHB-cqLU0JUmEEn7+PD*_ zl`zXns8Ku#{$>7ot7UAf`&G#PgPT7C$(pvQR3jAy%E6 zKxlDfvzXC@x_iO&jt}Dhf>E3|{C{E;wbxmJVrdM;1Bb0^%bCr4C2o{V!Rw_sv%7~# zE)^DKB0A}MeM5$C8kMBTrmUGJ$x%QO6R)>+!G^Tu=?X|&~-sCB7n{wD56xW0Zal_=AtU4wHg)5 zbS5HKG&VG=JUf><$7Xi5sfW|u`K)*p(=b^+;D#!sma^EP4(uH09z%$fgGajqlDQz_ z5X~5pr-2~16v4*PN3TYys)7zybESDR-F#X~TOqG$TnW$NU?{+(ZjNTfyGj{o$o^^I z#vg7TwHP&@&!DtD8@y4EpFKeVD#x z*L+rlq{cHdyJ+q4DP(3jJib=3%#-g%sO7;Zp3;=^&jMRPM42>@`&_d zMzBMbmYrXb6bkFED$Let*8F{4znJ--`d*quZV)%y)xnK4LB_FgI8Wx3xkl3{9^$vZ zL-Gt;+7$k?yC>UM#(U{ALybTV0YYxY^$^4s%u|1U<Pp)Yb~7+!RC_86DslL zTAEeW0?r@Rdh*mv$+&5{yWR6VfAzCD?>o=2*;?3i@%66ml(NXba$InErRD2t?h<2# zi>~{Xq|&B%hI)LInbtOTsiZc?BEyR9tKJB^54a zr;Ym9rDBx0rW1|vTl=yO6=j^LM;`dg&ha?)UYC^%5>AH0K3NH4a5id@=G&jU$r0Te-lZ=MU(c`O+zO#_HWyWQdl z-~a#B@cQR+zgrm+k|xO9Ln^{Sp@n?19QNT0S=sdjnub78&mcb6h6wA|a^BB^*E>A5 zqrJHUAi9ltAv=u2U`B$jC=0)^L!xSYTFWMmb-3g6qP7Q^4;HRtQJJuLo}FT3`!5t^ zp=j@dc)AqIEwai3gQ3UoEi#2;J2JZ1Uxl5ett&^y5$Hlae`e*i>e@s^abC#ZOfi32 zLW~tBw_$CL-IuHcr>{$-d`{bQz$;RIM`M`PNV3#(%}%^5_mGy3N|PKmn>eh3v3midI3=wz679;7qyj9Kr5~ zQBalGlxOIu*oMxkH5gQH|X<&*{&^Q4#xwgU{B~+;Grm4P8E>*6WuI8XZw+i z+njC>bR*m;H*-<;I5$rNbO{+_;iq`AFQXBa-}y(tA3L^7-9kI?y*?;6#$T6?R6ia{ ztz4NMR}05Dsp$1Q!t#*}l?3IB?7EbPV(;jNrd+;;-E=TyYzJ?RIuIIF*VBWN4U>Yk zuD49-b}=mR%79mdu=bbaWLK*tJw!WGuSdWrj|m~8<7){@bE+;7(U%90oy7?d`Z7pF z(^D$z>1PEhp5l@X%ixyDf7~~m08#9Oh4*spm_Q;W8#)G3=qu#{H55GO1x1$hbFHL8#6g`Tqae~+vyA3kW6Z5)=Ds78P= zyPA^wY*vb#3LLT&d@C=+d^0~{NhxN$uT|{Z!1d_H4#BlIEZ1&q-F-RUVZk{jlW1AT zx)z)&88$O9>bP1+xRT%?98km*z7Ke)v6=UT=zaS^p?XDuT5a!tf7uyKHchvtMbW}n zLzR)cN1e}t2-Q@67X{Dx#CkYZq*W#tZwseepUC3&Ffu${Sn3BOjdn!p;MlU(DS7T* z95Mx0&Tk@uX-wrQwpvn{45i}7m+#+A4Lv^snA~Y80Hv{Vs zv(bzl{|z6wq+;L{%yh`$3NisQEiii&*LJN@vf_e{);UH?D6h^|kM8#kTRo=5XXq5C z1!Ab}#J?)K>7@ZOuz@Vp)kg0}@8SnKvap*kh&qu%$qeG@MUMD9+fj*$D)*Rp&Cn+#un^;$r#!d}Fie$70} z1bw~Uwhn*9G*M~*&>!1_(bY^jqZt5Eq8qmwRJ`KaS3ZPh8uR;NZD+Y1{fdKC5q!_* z>Efm#@P}cxz{+f}e3=Wnb3n-@vi@iSWHs{1Ec)0nX;m|@kt!TEnSEmX%${0PrH5!3 z5LEyCe3W(vwO8||kNgg3tn=gGXH)TKqAsw^c~VZm6TwpR30_h+;^7Cex7cVS_9tCT zmIY>(`HLZ!v;8j^GVsY?4Ea^6ROF=@&uZY8PS?$jc_3;c5w%bU?K}(w#3(YVdA5r( zM`1l~x3~W-1v_iRu}Aeho2Df8D!COwsb_V-`Ce(zbWt=7OSl1$d#1)pP5^0#z|-+x z`uImT2NO;7>3kfUI^cR<8_J!Vb$R?G^#QJqU>=%6mX5?$e>oZm^l!1(b^zbP|HOF5 zd~eKiReV&+ot043L-?Q{A*@^2zWe(@f)J!#pu;@;qyUw}>cbp3YeCO090(#d2o*bN zuM|`IWFpGa-Fpx=;HTs>Qo1}7k>4z-Jl|sQS^(l$qP=8vkJguOU3XKz)nB~HO#snX zYH-{~IeXF!;l~^S*s#39QWYBVjF`Z|b5)yZDG8hFsD|xrh7t%lQ-QdpxT-$Z+~o2x z#QzpPCch6a^TQkysG7DW0YHL-X%^&36E*QGE=(j*aMJ_*aX@k1$^^nF+T$Cp{SmM5 zV-6Ss8Hyndbo4mN=)25lJ+Jjjds@<}pp^P3$tPW_QrW_--5w`QH1M#oLe3PIlf;oS zvQ3R5=X(rGS3vN3>ttfCDggTeFk>3s^AP9Qd0`pJdboY_m7?-O2c@nKqvFNLjT&`+ z+Cc`2YRKaQ#VoWB@1f@ClpgK<8aXtiMgYuQ^gUk-d50(2+r4-rw{5hNvmkD8eVx16 zWw{5}!Jf5;YH>4o_lWt!izy;F`qgsPRby$X58nte*w}I?1)ZE#seYng&>`OgfU`ld z^j{0guN~OX=z9{uU=iO&pFCDsQyDJ^J`vu{(fDlny)GU0q_BJ=wqkS**2HbBK0Ww% z#a$?d&sB{T!yVVreRqGzc%LjmWBNQ8MF29DLK%s+0P9n(1n6yqGNu5CS{t!1?}L zu8Lg5Z;aQDY0x;!lCmqlW8BGyO3=xSseSE7CQ%diyQ7tCYD$-NzvQ=d?w(F!9Ltwt zck1}}c2rj-mQeV>Z67zt+zW8v+90`?+QoZw4R(Wa)8xJ{G=QRfpn-f}Fs>{0W|o(q^MW-WI#JGPPve>rv~} zoGxWdQvX@=S7svJ@KZ%qKDveere#%b)onUO^o;}2SdFYMEVQMQo5b8d1)iV@J8?Ei zIyhZiDDP?gH-$NF+8KXDlLL#@-<|+S{R1|bUKO`I;}M)ukaOLoisHed<#g|D7K zDQpc%KoItTtU5|&AMo9{UQ!r4sqdNUobEcobyC{B(=lWQMeW*0-r}TI8S;!fJg9;{ zdd+B|;`!R5aB=7+!%U-94@(c2#LsY5;5N+ua0b}2_$`HT!Nv1j8;Z|DOz!*xSmX_; zje<;}g)dF?=t6exVgCIu4G^X97hAu<>ekB#Cxbv;2|5P$Qp-KQ*j*+{_k1- z-&B6|n1nmRf>El5E;8sq;61w;u&Jw*S*PgFQdloru4ptdMtuqlI5z zM&hF%{6!5_T#({GLc;7Ft8k#iP*U(i?TQ_jeTS03XJ3ZnvItu`1WU@5X$nJCpobl) zl*=0B4+<=y!&DTe;1HI8pe8(qC6I)E0%*V3!0~U(YjI{*ZhoO*aw0L~sGun9Y(E2{ zF5$kVO)aB$TezX!&bVml%q8=i9yqk0^hWI~97ZAGYw3S-2nf+6c^RkfmFRhiTZ{*z zzW*HHs~v^M#u!@p{<4?NdUkMy-$svhpke$^(eC408WFHVE_NO$@CcRr2+QwRjY*7CxD^N* z)Onfduh{P!9oHdar=PYqy?D#1Ubjw(nXo@h>?GD&&v)9@^jcHRui!6VTc}k$!aRB= zy75%9zZ!*kt9m%sjD}^wF_}*0^$BwwGmu70~mmw346j$hrx1lW{PY!sz{B~;lV=%;aarwZ2-y8eC}r`* z5G4!-B9jIkOB4gx4CEbdZr@gpfJv<+|G*<3;(zYA-Kw$wIU4?U7h@K`_4$509+S=C z>vNyoogYvkXJeWDy*cfD))FBJJ9^$!@@P9?;TWt607MN)Td5B#!sj3BssL0za{Ti{gAJ=AlkdWMUB?T8NGpPrfG5oc^)PdvmxJ zaOxcngh#%s2As=%X=>hVu)KVqSCm}3=ji8#;p4w*czAqVZ)5I1+2bY!i@$za-X*Px z61dK*hUqi!!q%pzL9x$&*iZ0z!uy3@UpbO*Z#OY9awXayAUwQp z>=)Phq#54tBL`S!3{h4k?YhoVN49&vT`3b})`*@H8bW<^k|pS}l{NB}O<@Jv$Np7F zy3G^{)iB|!J zA0elyeV}!*$~;+kWLPa`A^bX{gN-|I9;f8=Ke^RT^X+Y2weeKKZI$mTQZH+^1r<+)w6^lX>>H8g3dOZk zT`KC`uM4z=>Y?DL*Baa6Dv9UBG>Set9n5}^3$S?sQ>9r^PH@R*z!zh(=wfwyU&B$*(N2@{?Bp-QrabEw{7g*$-1?G)WJfzwLx z4U>MW2E%j8lw|=;ZiBJa8E@n(x;?F3+x0u#)^wVxC?wGEcOaG#%bEoMRpD(E=U$7x ztU&LJ^Oeery+{Ca*O4F_#N5Zj`s|~1BU6(TQRo>cKlekdo6!-o{dFv_20Ld?32?D&?`r796+V~~_Vwx}E!oO00hhds<%=LV<8zBA&o=8rmvn}iF^}lA z@E3%xHI|&ZG(SezzL_Waq-RuxkUp}?z)LCdTq*Tpg}#9TeYqdaXBo8a3mMsKF}ES~ zNx{elQR6m)xqpLGDISounI(kiXKopai29%eJ5K1bPLG=LSZkZ-w zckVhURDR5UY<{Hdli6;0pU()K^!xHXnEMR&2UqNdph+W{#KC3-ucrO@-tREdlF^jH zjvrNGcvtt^!8A+LD!$?3A*d)V>Xy@%*uWL;h$cM0^(_3f;E~wbi&BDn0`};85yM%b zS%CdG2EfL??k%3P8PF3dJIW_=Kgu^_`XbAU$J=c1&loz=jdW4%7m}M;JAQ$*2;`!M zNVV{rxhR-#pQey=>ricOXBkw@PnFR^>u)ud*V;9e&{o*T8&|#tPyf2~K?5O`8mMub z!(QwVc$~96p*>r}`=S*iJXiFaKvs~@IfM$r<*$B+*QV^Tyv0U=d~@z9*_>a1TP>P2 zH^{P@2uX18Z&_3ZWnNpuPL^Qt!4`tVp&H7U+ITNb5uV<_iBd5Nr?9R1ukOm9Ts!h)I|X2Dwgib!%?z9N!k zBq{SrGT7erKxwq^Ch#>uXB~ACDf3_m#NMH{cA1Zgh=?E?)%ZtCUwnbw8(QUV2TkKj zeHOrjUB@m9)i48TnNHs-dKr21-l!k~N0)wctug2U$-otWi&3%cTX4~h2PIifVDbJp zX36>+vm6QkjajZ5O8E2X*&knb0ET=OB?&+*{e~`r;rwj1PNSL@H3cG5CM@wFI;AkC z@4C3xGKR=b9K%6~rX8zFhuPEDsh9-$u=)53LHqW#!5I{;~l^1!Id#(U*@*CF~nvRwVIPK*%bFUfwf9X)W&_P znkS_M4p-CoKdYnS4!y)FzB4MwG^ilBaVi(&O84#gk1{2kIhXSrzN?m zbjl$-h|s7ErwH6#N$dEp2LW|@s*USK>gijsNaYNIj<;|mmJ{LigmHbx@MVyqzc@;9 zbz+@=>qY0sGDfQl$O5Uqt@w4DqD6V7-^_mHD-VtIBG8)qpBtV>?;ciH1J~)ME6c04 z?yjZH!iJfjt*33?$#`2@TSV#LVj803lscsk(D!$;GCC$trR67Sr0G$76{{fEvSlg> z4U##%pUi(K*>A0f;MFM>2N--7PtnzaJM9+Kb6>|1iQ>j}n!Z#B#){f{EKe-S53s1> z+&euMw%)cXSv~q8L2xo{a-NGOn_cZS2MK8WszYcLeD2R!kDNA5N;TgKUmwnNZnV>; zI;$Mu&GmKOH!BDvYdzWg^Z~e8>2=5~eS{_bclxqQu^P z>|1R}^*`M9Ulw~7yL>y@nrjlg1|;YOzPXrEdpjB|f;4W=M#pdeN3sF}_m!-GF=Z7U zaLJ6hzHB>YMvpnSaZLUrBmmdYevQXvW|GzqkM4!M z)Ag{mg&|MBY~V|d56h%x<}fP{p}60tdPd2{HC#p9R}^&B_qF9tTx_hzmMaGwHW-P{ z)-;?s8S>wjGg~U9z{ru{5rd#Ji zUtw7gT7*COJeL+XhHT#6C*=IQ-}NOzwH517hyNTYCaPj(vzJ;@+RABX;@G1T8(e~5 z14)HnTJU+ogC`HhwU0+8NNHUL3e)myg9r9bY=`#7WY{24F0pDACVyQwPm#cUufM;~;q;jeVkc z5da8E-^7Gyz6l^DW>C|Cr<-okhsqJ2@FY9bhGdG_ZcK*b#Zi6Hooh6CIl1vaJETO} z{F$*RRhHP+TN`)AmOs{G5N@Aq8bo3FXpO7Ce(vp2Tl5ObD)NyI9$WmV_$VWLbjEnp zRCReV1Z?=`nH=e26sK-(ZmK(d|@`1w`#1(88F z_Xwh`*QVLIb+MQUV3(mv#cr-Zd@0Z3dhGkjgWYooU*&=h>J7*gDvzwv$4ap45&XBhaOvkP)OtME@Q#{wIbABm0dC8!LOYSL;Yn4227y3zI4+G7!P9!(QF++mqTdN}L>>O*@BQmh$46>V#g zHlU7ylGWLw>KJJW{2O^`H6W=&bu(cC=#)d011(}mBm!)<-f>K%|0Lb!nl_6_jQFsE z(#~3EOH1nauC4;tI>TpC<9KN~=ciK1Uwe z@`OEh+s8-rI7X^@-$g5ftLdO-67D? z)bKa_#@9BVvS*vE9{bjRgR~?id#wCBmmIG#o-KHLSJP9eJ(ZLE0L8 z!#qd3!siBl#CL!{jXKb^=XN5=y-Zk>L|bZ{LNjJ$n^3c=Zl}epQ#lvrO%kSl>|$u` znDgm}g!LBnl`ThFHqaZKPd@A5YV(Aio1ZtL-qw!fI?E1+ArP-rgG*!vqHuF~ShYL5 z%oqPU+FALh20dC(y?4d?b_(Ok0!gVBI;J4aH!+x zjktFXf2}&g{EZ}c#Ut8;VT1yRfMv2D>E~JEom2-)`yQ=vlY*`~_aM|{piE7T%0!gP zHnIh~)k$DoW}2OAW=6;R$JuUj9{LwwDkK8UZ}jHEWsmUk2)X?!H_Vw0PRQ_!r5BMLST@HsNA39ptenZHwtNH^#MeXNl#`FN|F>)!0Mc+ z?Bg|g40%unl51^*8KOhI-}s!zBgvkWEC%<`kk2Hq3&O&IJbN`49LVL8IT)A#)Olg+ zCo@pzHc5USQY-V7&a%0-s&Nl7f+@oK?ZX)oX$ZM4>dZ7XJ<^DA<`yfYxQmT!ze3oF zP7tK(1QgY842^3q%aXQbKi331GQLk~rc4}Jjwl-TZ|dFq40Oh@i9Pn`Jlz&wnz51f zE~T4_FNq4M7BeNv1#4Y+oG?QU!|A9?{{hv3vB~y{Qj%yph5#?uLC!q|mOnhn{hHxY zM9#`{k8x@)+w5{>GuxCiM+FM}%#j^L7zOqQmWL|C9y9V|>NY``0r0}>olbIkA0PGR zaKCBaJ2~^3_3pf@`@`4e{;7oJ{kZ@>RsbN)cI8Q8B*I2EtOsT>>{+LQ{noCQ4_Gj* zw-mBTL-c5r2(hw?$Lc}!#58E+)AY1h90Zb~Kt=zOm2aZ#vDi0e798V!p5J?PexEww zA|$@XpQ3103KB@!GXJ0mD%H$zJxn0U&NU!F1!TN@MDRD5jA@X;?8;OGdy^Y=+!qCj z+!;y_fyp2f=Gdz}7$RhLg-vm~G66}m%z@HB$JHJ_MeFi9*DCqR8`3H-9OF9!V}G^cCS2)EWEKR* zULd`-sr5pi1?$4PYZ^}^zY93J20y%2DEM}9z6ceBzDLsGc9XDc@bY$rQ&O9ogIQ$8 zN(GG8i=i%z8k}MTFW8n4lQ|^paLF7InEe`%S1D|{y3UkcE#)_R67z?;k_@~ku7tj$ zw4jD`WfY{$I7lR<^ZJx=&@E>kja14wWU^M(#sr8T=2u>4)I^pqU1dd4R%6Rz1uT5W z>`VfyfLsj=lx~^SD94v+972*Lpl)pH+y`qT31Gj+>pMQVzBm|sAbBxx{_|L>U|$Zg zeFk^QPs;qtw|FnJVR2U;!8I@i5vR`SZsyl4{!0}=wt89iQ|DJh3G$|8G=~;KZY(}S zHsi}oGEJszwxLJ?$bu$)2B+^+TelLGQNS^$LT|wBudbHW=&P3LqTZlnhW8?64hhUV zYAOsBDRxGvT$z^G_aJKV)nw<@e!?sT5knQo*pBHw~S7tcuD|{4G}u zT$(rPU$_xQ)qa2Ahn`YRk7nsN1x1-TSIae>WmWN zTNo#i2umR|qkRsX^fui{ z*FMDi&1LV>ma4@iEq{HWi8u}&ke<)6X;aqcs^RueGwaydZ1!UF?3>JgMvG3t@H9%FZ!o0lU%rs?z$ z2+Vg2b2)lpxs(a4N6URV3tcFESA(c4Ow5~K@8Oc_f9z5(a$Zznjafo=9rsgC)nqIH zrJe;RZI$2S)54JF&knTP9}f*vsj7aWmAgH*SS=Y}F$2P<^KmjX>JJzOL=5wY(z7d? zUx3bOvNHpCGzoPJ2NP@~;C)p_JHk^PM^uDhfcC;Hey4T@(X3Q@bIX{Z8?N%YEVj+# zx!tRHF;Q7TDazJd4()AuRXbL)$3I*Vc0l;m(ZL)v-%I?;R_1S zfw5rAB3`hv{XVkl#RjUJnVt`{lF-5^|0!-KH|SBGS7e z(X1iXVC3{NPPC$k3y=VT(JaIgC;Q2P+W1P@4c~c^!Yg|ocdNqo!OkO{`~`~_WiHVs!)yDKpOHHU&FKnq$2&aCOuHd6@=2d2tu6B(lfagMk()x9Q7wh zJiBk_-+auu{c9a}0nZ-3z*vCmfS`uPsMW}ppGSeoTK9)`Umq9yjhXxyH1?9|FL~wV z_nqFR8~yJ@VMybZ!Ah}9Hlzwq-a4`r0%rmJd?=tl_3&w0>YM#%E_Y|TAi~hzG$0@^ zfCWAMrg8BbzLuv>|G5Gd#3si3`<)HRg)fBQ>+$tlT8xX*!#ePq4|l)d=*Q`+E;Z6h zj4AQtg#X!(Qw&(}K)Ecw(9ghL{fE!(x0O4wVt`(Un**<#!^ipk%=Y>D%E=!h=4Y_i zi)=wkYFxNWoh8eo51}lw<1ul~8sy1oEF(DngTtXfx9DPF(M+;MS?b#im_j(wxFYkk z+u9g=B<-kJBNmuVqa^37Wufbg+)aVW--{hYZUX#rye8ccRGqeb_q@W|0mCYtK!0-yX*AJVW@F z^(sTyi2Lh}axS|yXKre=n^SI@i<+E{*yH_F(KS!o9>EJy2J$lfJizx@7zXn$=-&6N dmWMm^=o%-h>1YcW2ucM#ZFkSKZQHhO+qP}nwrx+l&+NU=k8>k#MN~%Rn^jR6QOI2D zc@sYp66M!_wjau0)cO(%42BYa*nYcnvKla}Fc>ManrkR>vdOBbu>DcBve36Na#xbK z<&`kDvi^0|ed&VJTF=nodr4`R^hGNP6`E8vB=baiUqUHmQU!w`$?a)9x;f&sIz?~= zzVXXr?A|5k_>=o*rZZdo70t#w{TybFnOMQa(0KU3iCvBY1=?9yIfAqQ-f4hoPmPH$ z+>Iti1}$xJ5LG78cT>>w{poyB*7wKrYqwN3x8~>Xd1Op@%@f|R2(bQ06VIgOHq?ZRq{gc_(b2L6)oP_fwpSG`;*$0tT zBQ*`E#JC+aCj{-`kW^%4?~(~82D*X z6KNk5PwP~XqVD0W*4N$Tb-XlGmRuH}SAsDgfDEmL08U93K9WH4#9*ux@QT14CNu^T zM4{3qHQi`Bi?`OB>9P;fKCuTjpq>&3SqbJ=N3(kJhL4cTyXNzi`S%Av&Kai7=-2aA z``z90!|(kPYX9RKw$k+tSfJ?#49$1`RV_^oeNeGs6x)6O@iF}3_k2HZ`^GO~b#Q9x zlNM0?6(NErN-#ttn}ABBB#}je_@jIF^W*!y`*YhLNF73yVge;0-~g0)8u%sTSPPOw z>IX(JVIw!94vI)TzQtV;2!V|&A_Z{2*Bje^Xdhbawd=EoMsCR}JKSf7kywyKE$bZl z(Qf@u2e)2u&NhB>d48V$=6XF?dH?u6tUvyzyDG^)c4B)fz{QAi-;;EZb)7Eu{U$_TMM<}~Yg9j57f&C4c~P0u&qbAg{kWUQ8o zzlTuh0zy5(F$<;eVs|LO{;lT9I-tayhcy;5`xNTrCJ+KLJd9HPPjBu%&x>92qYJe$w9VC;OCW6u;e#nqjq(|0B3EO&WX?eh|> zY8tZzPYj>2P$K~?bih*S?9NkrNHBs%d2;`NDboPvV}iz_ArPUv_E#PJ>Gks}^E93xs6wgB_+T~=D+>|YyVw&b%4-IO_cWi*Ir?pROc_jn1gJ{B<%7$Cu( zCv@3c?g+YG6vBX+1YLvx9uop+>B{n% zxg_k*4^%vl*5x~(?Ly2thbMgbL>D+UOnB%d=~L;67KLmn?>#PF!WJ?Dxd=5DBsjD= zN3lx?XDN-MH2J%#q~Ya7a|8&9%aFBsslF+!*jy%D3)lQcq@>+Q3um}4=tv^&4fN4W zkVJ&()GmmbX&yP>BNC_N-nPv+pn&ZPd_ALNU9Rte0=^g$e6wZ>Wl~v=pK?h%OGk$g zB3zxak>a=#+s*#6uuk#}w(ZSkM7`nz6w5S9uKXtq0IWn5FRLh;h~qOQDADY6xt(Ly z5?kW;@cX*a?JJl$LdFhy9188ue^shFBCSmHPNVulzva6@(DvA$J6a=Ur7mm|wqQdn zQV_AGC141!8NmPn z#z>L&;+jYZ3)ON{aU7N%B906Y&6Y z4XYL)3RZ_2ej$)DABNvI#8aF)?!J!PB-5bA}}MOBq?Ed|r*53W3ETtExT z?sv`$gir98e3t<{!9&-Q_+%gb^?8I<8&nE$YvNkas3{?3#}uERZ~}UL={=rGwNT|f zYV5RHa-#VIR9IBwut*y7VpR$2oS6e=a;anDPHq~&{ zywwcFg{_VY=Mg=3Ve9(~&h6@1;%tEJPHg|YpbPWnKPL`;ip+MR)Nzg8xP`rS>AziW zrO%2E9+x4TAa__f4639owNqTDr5~JSOqS@IQfT zIe{vOvf1z;GkZrKXDekAe9VP(Ph#=7WI;ga8 zcL|#@dGAplSx*>3#3#s7^6cC4j?K7hvfRklPZ0QIXG7Hm5Mt`S$=z3u#CDvw0~s;1 zDSW974T~5-=~(Y@UlSiB$+2$1Jh6oJgsI3c`fwHrzQ5LGIEn{x~o4-nA6@WPIqa-X9Z&$Qf41|GB@IVr<^SE2+Q} z`p6?mM|eQ+!FIa7aXI5t6+<>G*~lXq=c&?ARPtwNYVyJoPNWa~^KJtx(#}9;`k+we zx<{6A5eij9##`Ever_<7*7iw)1rH#A>`UYXlr`2G-P+DR=cD4=ITODX8v<-K8g0a& zoo^mVyh0egNP7PgBpf@s{zL3RGWXs<4n1Tn$qeGs}tF>i_uf^cEWGq03DVv%1dH?9V ztacdLr4hg_Ae$G9Cx$vM(5`PBSHp3!jzI;hnBhJ|w5A9KiBS~>AUer8McC2{WNcvx zi{!K>-&*pdp!b^45Y9`@j)rrbc>~a)oSO)k!B8mInyV_?ZZ>?(01+14puD~j23;0w zceqaSaBUk|-SmGiNV>3~ca=vTrw``q-7q70Wd|Q0rVWz!R2;N&g6U@G^OT4V-(Dg) zcA3z0g_0bJRLP^H+O8FUR(8Z-Qig<_nI)f)$gdoOiY1>w3J8%XMB|d5k}|j1XQRt$AvE<*g8_$O16v{XIw`QZ-fDaW8zv;!_xivS`xcviEF% z=QGQAb?~-VZOLPX5<$&roWgE1 z_-rrlYc7YgVQC^qhR8_*k;SSrYT1%29@-Ex7hWtF6@OQ=1ti$w_1HsttnDO*Cad%| z1U@s_DGxydXq_e)S*^u=!78@z%N?a$Yvr)BfF}<&xjK+fz%Z&^3d)DTX zS|W-DkfTV}KxT8NMZMG+N#?YOUYmoYxC>iPCmlBt{?$T7uBIMy^yt!6xV4>4gB=P1wxmgYPnK=7Rj){29bLkWCV|@*zy0b){svAz}Ch&jY|l zy%8;d?VSM$(fzjee!*&u6{o3WzG|UmURmhJd|UVtK&sbd1=02X3a^jAF;a5{r7=)5 zThkfHYr8FlU012C8mjH>Wm@+a2Mf3$tT??_ZgXOe-ja7Yc)PHo$TE}${@Z3AE&s1n zl|d5HA`+Pd+d;#8bSh~FDDZQ!oFxfk%ZVymh)Rdvy$8=0M^)DK_M_u)I@V%&vRr-{d9HO<1Viw^PUUkS zS->yNLah`930F&5BBb}MEMZyOTHFWLsWun#VOjFRk{2ML!^^ORo66eBHX4CdzlqQ> zt5gFi2pgL6K`MBn=t~-@4xnQj0u^Mb763k#=m8CA+LfDl%XHR%SkQ!BqSyTK%kS_w zr-zlODWjs{6st5#?NTjv4#lJZE{-$f2_y`mib(p3T2^V<^aGeV2|-Qx_|CCPIGF>C zI0`MG{xiF}IbWvL=!$!Rr%5gND8ok(orQK=NVYxjOhc@Yn!PZc7_J8$TFIhv8F%v) z&}k>A#=WiF!HlM~DreDeI%lN#@|=4wek%4;A=ZSOI-Wdxue^U$(4)pxNr37B01c*G zxAhm_?eEZ;M}K-r&{6pz2P)pC`N?PmEj!y~VlCfFprZ(A%fhIP$quJ*LBK3jwr)m% zj&MN@i_$r$aK@h3w#P+tQ43r0> zC7ADmFEhCi(O*rf$Z21sSg6vrPuUo~^L%Vdf=Yy-Z5jYTDn9}^mI!&xF}qy@a7x08 zW~7S{S?p^#vtRe>{zZb#O#3RS{OoyNL!E1fr1P0)!?|^A4i;whW1laE@Ls`d05@|0 zondZs-k9J~xR2a8{T#sPYQv)ijh5lx#|w2&$kn27$EEa+Jy=X@GepQG#$wwf+`h5^ zWh{!XDFx6EH?^p2@COTY^HgqtcSm4d-Li90rz%hk-nNg*KX5-m@_} zgQYQ{hRWPI`las#N3GqfhA!y>rMooQ9eAk+J4srbY#_EdfnD1gx5Swv>1dIrIM+5= zkHvoxDm3}1<+3=zL7D5sEI7_7wD1fonWa-@qOQAM^_N&5#2f<^#(-Fr7UV%wU{OmX zO!}eFWdM^`;5JR^hqIgX;+MS9eS*K+XwkRvsoRt6GBapoiEDRynLL;?&Y$9?=DBfr z6l3MYgyL_};@CM9Q;W%;ST4$Eo43^Gp+Z9v$ZT>sPZQdpWE&5NB{DuyO6jb!#LW%r zXg3`RUsUsxU)wZk45K$u0tJ^*{9Pf-gMl$+&Z`wyhx?e`W-~u!?_wN`dm(p| zZHl@6_6$)QKbm~*xbPlgJgdLBxE5N548=xr_q)2?xliwwx<#(*Z`xU(dUc9lNd%%G z_n_w_3H{C(Sl2MM`YN`4b~TPe(OHKHn=!<42H-d73x)SQ?EweBe{zlGmVv%OX*iTB zXNC%L4`t!%P4$$PT=j=o#da6lzU#HOiF-=>C+WAFZD?-VR987xjOC_u+HSeI9t{eh zPHoaKX1{er@JsLxrmw*)Zmmz;yojLpxf1Kz{GmjKnPe+MK|JxlA&K_|%FVBr=x;@L zSmbr34m`6ln+cVJJ_|)2oYMpupysNg1hx{Rkbzb&$zZcAtYuUyH#4kTz^GyobBgMh z>WJ=_A~uihmoltNF#oTvWNlcdfUPs4SKQ17PW`X>UsW1AFnMG1-!=agdc*Wc@3#g` zJl?uY2DPQt`lpuH4j!y5jb*F26y7OPj51J8dar+1>h@pIu-&uj_E#_umEMW!IB{`;a`8zol~Lzy@@3yikuIZ5^;k?}0TuugAo# zJWlsUUeJt6IQ#}Q%ZdhwcGjZii^s;`@h;#9p866#3pwN7i06__Fx=AA^`x+gc5A5% zJ~rozjLYq4&COtAP*k?)=K?i=!A z#SZG<=G6>U*jB~f+hN}0wV_pc$v-lsM}0Gm7Rd-2(FO>Ey#h{}tlcw}5uG|7y?O+&iQe7KhpeVp-9y;Uk?Q z+??~Hog)8)e?o@F$)~z&MA*1{(@);7U3p2C- zvw7VV-&EcOR*?h;HGxQ{4%}5u;DfvH@MrfzquO4H&qYByJZ^X-P7S`Mnn>ZmO#gB& zjl4tS16uNT8H+)EG?WdQZLpC{1L$0Ch5omG1u;+GPZ;h#+3>4lOo(Sojn*I6;TtcinXH0DV}*)j+@~f zmTJy>(<4$FYI@aw@RCT5h;aYB9{sR^;?+Azl>rUFp0CKoUNFcQewnV`b-!N0d_Rj` zeE1RU5)D-1n*Sl}PUhHI#COcXDM(G8q&z8ou{Pk_3A61al*G}uq3cb{jsBlM8<}~eEZr;W}RhBy<6^R(`ISrz_c51 zl9$)EbhOswVRIIzJ#L8^Fo^*|?flO3cq?^+Lh>KWVuHUnQ(*JntQ zBoV+{+bFYnTvMiM{fx3#0~U`pEa~+p4L?d0e$wqzKkY_?c2q1`u^A}H0fq2pGW5?W z813K|SwJyRtlJN-+|buDwQj1*T*$&|vJOAOUY5+3z3^Er@851Y??{`&qVth^2$1?x z9wmm+cq=7hjpCSkj$!gN-t&1tG+_sc&jh;;hZ6MQ?DkvV2rT)Sr6q<5H|}XEy(F~Y z>N!{FRY`{biZk8srxJ1U+zb$f;cN~{eMqy6RZ_t^y#XP_c93o*n z#7JjX#2FGh6y-dfJFua)%fpA0l=04}SY+Ly$;|&8=Rmkq)4pG(ma;S7 zqi`XDp=zJjL+OmIYsQhlG_E{5DIzuaE_P>j1a3)C8#?7dgN6D-94gQ zWwlwj!_5TLIv7H{%5B1dng>mKrID(ot&3WFX>dWo>jV5ui%uu+G}r6p93KM4Gey6P zttB~zLR2@(`lXFd8mEN7K8lntEASCPi4zK9N`N5K>l6|e{ikC@Ji zPylK^$dG{Q@e&>`HBXSv>!iliXKUNbZIuR%bS4X7X$SCMvS>^%*-$}j4w>n%qo;n< zFsrD7j&Qdk1~{pa{=Q7b&7gfK{S;j#q7sUqa`63cYco zocoecdpWDGpW%#rglt3W*VYnA&aGi$;GV@PfV5e@P*PIE>KxF&DRN}8=-evjt61T# zE*q@LN(I2o^NivsLLpMytPkU{fe}Uh4+zW+Qqp)bcB%bQw!b?d(&qPce|buTC!*f5 zXv9R9X||0e{|P4N_x`)~eRzH(yNloTdefTB-)s3d_?fAJEWO-{)uQ>dIFSH{73XX) zX?hM-m1>td3z9=XSJ8W;nXsZgs@@#=NzQp0Ermf4;Thw4_IfR_c?h0f8IJHmG?A}B z&%8-UH>0@#(=e3n?3=;hT>gIRG|c10oZg$~dqu9_HMTc<&G&2N>*?rm^oQfh>-(rx zd}CDuanW^GMrwfT^QKjnua?J?DQ>Ex>M{}Bz2=^knvI2z`FHJoeE!CWctiWdIYD>H zePJ~Ibi10pKqrZQvhKsV7#(G&!uu(bkt}c~Hb^K>v_JajzHhhsqrAjFL|3!6f*|Pc>i6r1P+^)j(|CiN4 zupN|P!B+y+w@RTb^UH;XU3k@0<`+DVmcVd#fpwq#`AI`0?A7qR3xNz=p&93tu|UMo zqQh7X7P6j2Mk&5u;vrJ1>|2h-BOoCvN%`%Y_&-z!b;(E8{7Og)eutcLL`f_5TB@fs z3eEy0{$DgFisJh=ISA8tf3cr<3vUT(!BC#dTecu)Yzc=^(BnLXk-Dt!2|iB1#lkL4 zbwj`T=Q&5pl|9%9)4tE95+;1HYUR)#sO-E35q|pcm^sS`#tL4>8y}|AdVnc!^we~h zr?={>tDJiCneGPqe6^BD5ox6w6xOMPwM|Q4IgL~uNmci2Xr^cBw)vd90Uqx!-ZD^! zZS(YD=l?1%>5;&;-bl-R&6`h1Qyt+eJt;(w@`Nu=Oe zCR=buhf7)eijAn8-AH3dcR@N{msYU4Lp>62dj9sqHA_n!S|Oo61|f zhG|pMZwTsQuH#c+Hl_7Rp_<~;NFNhMGMZ#vUSW#s;aN=64$0V4Z;hj8>@Ul!pC$Z9 z70Hi;witF2wTpKzJa^_~VQ||CxAkjXgvQi$@9N0bST$va!c(AS{U#5nmci!!DIvbC>Q=J0vwgig;cm5Rk3g9hcYbJCUm2CM-%ZsgEoyM%;44>}FnLL_t~2L`Bk& z=#0h%k#TFcj_R-Bxvn2}lE7nn(l!o;1+9wg-KY0d<4mMfUx53%yAWz?u+{(vvgXaFWx+)7*aTdp#bG>m)~P#*yV(ogE&I=W1CwaA=UH4*5p9hKH>stzaUnGHA6N5K+meIblc6 z=T!zUF(`ra=?ql7n`N6qA+7-#&rt+Si(`ZX#q{mI5q&35E~V_Yq#LeR?4t-C5?hP` z`CR(cZr1l5@HG&4k7v=7)oF9y29AN%XPZN(DqF#ZQ8yTc+#_c(j2-_DJ+KX(MlrS- z#ayH2t9kJLTiIx26#I)ebjJ1ZO-JOE{jB?=G;-RJ%U<9ZSq}%#Zs2%0y|&ecV-PiE z9XS<^mUbus+)D#&|3{o0M(b_5lstu`IL(y1{Oe?15;M_JVzn^1dVZ|3(RwhLopAG4 zDPXz_XfmcCI&!S*MD5T(wn`j}nsNiu1{Ezte&B>;K=K}Upd;ce;`j`lgCIvSbK-q| zeE9r+nbO1E%lUKo{`j1jIIL9Q7{gAhiE+;jmg9R3I0jex9D%(id#=VgO_CZyGBJNi zqs@_XvuS+kPj+%lmgvU2H;#m$PA&z|@5iewQW6Wh$mP+R9!=p{6f`$U4EB-xp|T!| zSu7Y6t?ymi2<&P4h2O57YLVMP zTL%NaOD0Oap+HfFaaN5Z$NRZV$$cq(?()e)M3qT#O+OU}wpPCy;-Hp0GaJjwj(x49 zsn^+{?L&Z4gA zg8A9CT#o9ZjpgfQBiGbg_5MR{30*JFuAyH3Y_I$_ zTo~BQptm@>`i#%pF%R?2R~ht_k)yM@`{mg|zcY&4j=&16;T3A4>dpy&U3on-u!=r< zTO)?Pe@29(9n=eoo^OKv_1*sf>RLVM^h>`nO{IWvQ8=5POW=F5x4o7|%t zn=>(DMVmz<3H(@6T(NsitMjx;QvIDfV=M*5yNJ(*k+#9IHm`mT6un~EvcIVTw~=9v z(AC9h*R{7mb!?;NS+_WuErxb)e+C{-tm)<$t-#vhAg+3IHi4_%UP$fQ9bL0EpUnLq z&F1+2ziP8-A@yIpHizm!7xbB}3fn5D(+ypAoDLhkz+Sl2n-cL=ABK0QP6$S!6;5)> zlS&QK=Up$J#tnQ2O3oApU0fBH9Os1$B@G?i9b{88(qpwi?xp#nRN*CORMPgizTvZ5 znvJttoUd&B%-%(tQ=eEBZFehOO9@B!nSjL@L#pu0`=ugjlX>ltFWYf|O43TZpRPz;`OP}3u`x2wCi#=>2S zIGpW2DYIlqhjr&w0y^$V%&BIN#WTR}{~zmzd#YgdAeoP;8C3~cgrwx2Is1s$y~=P- zK*>ipHxU2`N+iL4*F5w$t~sZGSmdInb6@z)?=9oY;zZ8?=1RO$fnxfL0VFdGORm2q zC&{gyJ19JAOgH>twSrEK|FeBW)@O^*31Fvg&kn3jSjUC(qJe}AS`I3!RBwm0?SSVk zNpyTe!sWg9GdP2RHnnP`BNVT=F29-CXr~lSuV_USz5Nj<)2a0&ncwx=MpxG?kaV0- z1x;`>N-#4@AWpQhAWo#&sEw2K5Ox7E>M?`TpwV`Wfhj4m9af1C z7~(rnD63-;p%vdhwfzMQGV`=u=As=THIZ&*LLbqQaD6s|f&XVf0 zsCe4FBUIV5y7>zWyNK4UhfaM2z^2=b#)c2uO)oD~!SHGEsqCz7@1(IUUaX%xArzPQ zX%9KxYm&QcBeJcV#oMA>C0ewtw)pFnud2R~u;pRiEUeo$WKD10sZ9+_f*pwCv6bv2 zGCybTeO%wC;8Yu04KKA08{dHMcCz1T>a<|rVJTd)c|Hl;OpUMEW$HI(qL4#Y_d!*^ zo<`tH#5&nIUU#qXTJ-;Y`AZjWH87b ziYx8%Cr`QFM%ih`Goj6&Wr3Yb*hH3%ED<&z#9mE8%ytoRf{bv!M@sP8x+rw$(3|y) zlg~S_hiT<1Z&w|c&NT~4KJv$`dM(#D(&xBCzy0#!xWl6Bp1DSE-(?CcT|L<6n|rt; zYMytMt+b*(oK5FheZh=OdxTcIinn9WWehoVD%YOd4>^8O?-+b%i}j_HLAKVzJ9p>n z$AHjpL39w^XqKf}4)WNWg|Wk1AI4)|BnxW>C$+!$3r}ioN`|FdYUcTb4Z_1YZ{%O= z;ofu!cRKFn3(D}IT#X42X1SZC2_wLX-NejcVccGBxPdyg+(X`(A0jc}0UaXw-Mm0T zhOE)s^fkx5`g2Kq*@M;u&jp?Gu01^O%mr{Q^)QkG!SpOM-BLaEHGBHlt~A$yaNOZl zTM9$E#hUF#z`qwmo=yDM>H)INOHwy%NO-s)Upt?fd=rPTXf zd$l)bQBS!F|x&Dtq`;=B|Xo`Hxz>ajSF_(YHTbeBP$dq-vW# zDs_A$njPY#oNSXPs+IER6McG@a&)utja4aI;>0tmfwb8w*a|^N_YUX%7q8EOypKQJDe+}O4C_M+$3pQNF9=Kc75#_oRcxIerdj_&ehf1Y>l@_vuz ze~;Sc{!2fY{vEx|;c@?b-K^c|>EYu4is5;C)66JcJ*myb_k}6lb$5CAN7{dOK-8{D z2>*x6y9E+Xw^gax#)HNGMf~Q{8`#PF_JWisrFL^5|CgF0C+QEk4x(zYe#F;^b!^~j zKldy>2DshCGoC%T6B=QhSSl=?2`l50v3!4g}OKUk_TD_f%LVnP)x z^d$3zpLve|TQ@@GN$eajI*n#Q4vz5u$0!OMIqS79ycDf7=aCzt2BWq-2Ad(%e<_inOV_C%K99YxOanvwPr2)cQ`}=o&sG;q?)AKN24#r^9t04eVMXFmB7;=_C zYPEweqf&5*XS<_f+Upp%a)$3BY8N=CU)NeKUOOT@xN2QAXNB=@PZ$yvf@1IH=B^_A z4U<_4#L1QHsWCrnP?a_z5lR9QJbxs}16BVEDx!cSPg%RXdT6~x)@;$Oe%JoBSs1S; zch%kn$H>MhG?zI9UCQ_Hd0!a`N0H=%`F}vgzetFrND3JlAPV!FqJvQK;CB;*S%!3W zJkx;ESHMvKBnxqznVa1|T2YSsk5;rtPlI*<-MbEXaO!}d9DiR&0k=5K?fKw^_^hV2 zvg?nriEFsQ{b{^lDz(taC3UL_SNfbhk{Z$ z&Y{>q&{WZ7x?m05UC$^QXX5ajVAr&S<`0qt+)~P(Vsg4!j|*YXkT@iu-Qo2VJ)Q|> zS9U_Z@)lL8?i{Lt%d{5&38jQ}IsA|HkA9_W9AvS3TS9gM!kxaSp#Yd7MkP-~11)H( zQMd=RksoRWs!jgvvJcK|@GdMK9N2U30E{7S&t1{sYB^WICxU+KBr%9!mq~r;$xf~+ zuP!t*7}f67WK1y44EeHV%x%+1=8ct$DDZ7D-@;X&Y4MZ;&4d%m0m{j8HkDe>Y0v@5 z0h`{r)t-wAV=mr*s57|{fY@A$=A-bn@#rwo+fIU+N+bTK@^IJJ=A{NylLt^M>4 z*jj7Ly1S4;FE*g$eQ#Gmjq02Lq_AQUsW4haddQDo@f{e3?3C%4`N5E&t?EKVM9E&S`rnE|Fs&bore{v7s#S@uak*6MgIA{uMcHeRLG3DCHAWx>=eD>kyjT*Cw|{w z6lY~ntGUg@=YtW#Mq532v<|jSK()g!U<~;y58x5X5bYVFjj+7(@OWq_E^h~stKfTnDaT1hmLOmTZ{ zx%Lb@tHgp$qUOKgUU`j-%wXM;S0_IT0ZHBcBak}K-_)g4q4NUlCtQHb60xa6tsSdz zb2zLkM0^Nxuy47xAF9hSlJ7>$AuV-FWSgr6~5re+UsafxxD za^_AlwNcUCM3Bx%pdohB+gIWphzw9Q_`7_=SqO24n|Q%r+A4yp5aFc5gm{~_)O!Wj zs*m(nn9)*fJ~IwWSv7yg@0_6w6k61Od2-7Xh0#X-kT>mO2;MA2%8_s$1<}~4KsIQk zp5_Fzme2=caD%WGZHSjpNELPfX^3J)bqj@8GKO?YxM0bDRxrGGejt?(m|hANQXC<6 zbC=76pT=hEc0+j1IP?QU3(qZFzl;b&gmC|=kP7aCm}fZM0QaX*#-e-k+cdx}orM34&;U4}#C=Bk8nxmMC)kzv0%D&lHT7*& z0~uP2cATyr22w}jlnhu@2puulp^l_d>|8BDVP~nLZUL1^6Ysp0C%T*gpDLI3P)eVw zY7yL|&q!5e^iI_E-of(tqUpcoO1Xb>_&Pn_pMt-4eR%~LQ}kd3E?{U^ zm4%V6|BzbXIc|1lBdfPa*_v)3oeZEE#`P%*{Q=cWVgM4_u#6&;+Y+;0_s{Tjc7H+{ zLw?qPSkOGLn*={J^sVQ|23^|rq%G@XQ*ki!Gc0vJA+DQxwa3Pfj3SS`uOE8VfrM)5 z^ZLDl{^Pg@Pki28`|*)Q*>ftH=4@O$F4}c+>zG(JnsC4<(+hTNSfBGM-xIrR6gE6W z9Js?^8BQ+mt|7@oLqfO`|7&uLw>bi~CCu%r+DCd!+yLx;Q{$_nmc0H+lh?%swNVlO zS?xduW>j2n`?Zg{a}#-cG~!;LqIlI}Ur=gO%i~>*1~sS0k{@OmcPq|QP)#FI%(NVd(0z>+|($P0KJP1%eGnqEav{rfwxMg`9Or) z^L^ck=lV35CvCKT%p$wj!G%7AsBcwR8eKR9pRBRzcF91=ky= zH(<-g3KJu1p<6-^OZpmpr-!fg$wgOH)7lvs`VAM^+nsq=C2(q@_e<5R=8gHA+XO;c z`+ha9or5ZVq@7R%nz_1Sj?NI}W^m0~{LR(KYy0T+kFLM>p&y=u-O-6(gfiZ(@VsCZ z`hP2)yqiA6R84BIn!4jqXU5q3g2m@0Y%do2UP480)9fPTZzH^dOk-vcWQ4%$;^~{4 zJZDlpI&K1d3XnGL`UcMzj>djPga$vdj3OA`kmcXYA|-a;18<2Y(H3Pin( zRw5XBIA;B_t;?+89B&xfF`@se2c{kK^1lNlg33w?9YIsh{MGo2aj`k%XjVBd4>J7Z z!$Y6Q8IM6U^#_9P$kSkf!f$+J+k}O!nU0L^cwldWtGB2lQjtc&Da$jo!+U?HR>rbp zVUbB%AxlkjW5G2Orqge8aB363_h_mO1bID|-AiZqG|Ik_ftQGI<`}rFNwfLU_~*=F zR2_t9%9I1ipORL0Q=SUU#s-Z5y^lI&bB7KI0Fy#qKcHn#ltz*mY+9=K6T!ga!SZcP zd-1jt^3vJCPPSx=X%|~=oFz`E=g5^RbQl7=?$9Zvw1|bh0{NYX!MMt|RK9qIVwNS7 z=9mZaP+_oqPI5Og{M8~*_^agBv<%XP?CAm9)-=#^2exAIjiIWQ&NRsKZ!U?PUQF&U z^5JYk{kld2NFg~j_?11Sh;Pc|fkY~>z{XgVNI`Yv(A>|GHx5Cq53?-7n&5=$UdN$k zy^Cj;6j&U>C<5;+3TFX6MD=$rRjm(+ESj3=&!%GUqtB&}m)2OAis5u*mXy?zdD=GX zEeT?=Metmi4MnypF_CSgZhLR;&|V;dWji#Bxd}S(^6eOxi{4T60^d6kiN8$p)Q|0n+ z%w!GUrw}0kJ)yon4dc)&A6Y>?rPq_(8$s=$O5cjQpU{v9N#P*m^3J9tH?k2uq*zcs z^|+WI{vkGP)!FANckgR;t~Lq+G=M@2WjV4vA1~Ne?7});yK!yX5<>S~L(JpZ5DvT> zOx++`ytuDuJ=WwR8zG#byH2!-N@B=DS%*j_IJRlnA;P3Q=@tJ_IeEW+XDLOf=?KfB zRUzcMNKRP6JII2z=?xHbdi;{V=83fb(EhUM#6RC`rRkt50DBcxQYr+ao1uGl4I2_5 zO-IVK9eOHhZ-UsJgRo6+7dcH+9LmS<0uP4;dKs;~;t3K)>Z4nW>=tZ_VuDFSD3kM|6ynv>VRecNo<$jfDoE=j+yVVZ=Y@aD=cdr?RhPb1Ofx zFMHD4PfUQ=!jtFYo!-mJr5OuRXofdqXJ@(k=wpN67bEfMyzb&CpAWp~AD6UubJHFA z7@?L2=q&J~E!N6H{#&rZ^H%5=VzE`|Pg^Suim_I~aTAMgnH6HGSc(p?+2(84@hD`9 z{%|#)3JopLq{=y|QWthtzvjdxjqw`wJrp$Y*u-qFIT&$V$0 zEh6)(@v3>Zc*QY(c5I|s#!&XGZafD1yu<oXu0pWYV1Q5QAaj?x#F!R>HG?j$U=;!>U%`mW)9e?=R26-%%gc8E!p(C4$I1P z7>TtKz-$>-?B1tOYF#HZxA{F0-*@M?t_8Z6@wk9uGBiV1UNx7fy+)=44a z89hbg^6?$#p2_Fczxc{$CfAi^%Cd2y+;xun zstBXVs0!kxYeeix*;XWXM9_Q@u6QFikqRSLFcFS(p=l_3#2&f}dDh~&v$6X!nNSB3 zC9lkmp8NT8sGLJHkkz)b;w*qXuUNIxBYJ}a*?5HHe^x%#y@2E z7=?B8Q7J^)e^RAL3;TaF0HXq*|Ca&aBJU%PbQ~f1;BT64hWCtF+wQIWd=>sv??l9Q zv0_Y`J~0{-%u7WwYou2SDUMrCid&ne@Jo_z#AusETvX7YmY>iscwE#8gJ>yvR^KXk zI@3_1;Wg)flmHg|*pWgHm0oPq9oQZVa3pnWPXf-ZJE0^4W?sDGDGmd{x?HO~+LSHN zai1zAb+a}oYHl0kU+yv-4hxifHziPz$kk85B z@phfWZA4$GE6-5g3rV+K|yU*OE=L!OtE;$2w);Es#Oo+n|mP6JY`#OZ%_S; z2UFK*MoTSf^uC@L^Fmu~y0z`!KOkfDls*G?9|?HKnp4k3AQ$4G#R_(kIMsd(R0sR) z{6AS>E|Nb3WKLHG1}zjcOz{tB#(%khh$o#=RL*QHiiU(i@;p=zLZ(PV`YC7l8&1qc zgpv)WLm1inc#{8u0WHFyO3U3Shj=IJn&SVTF3^ruogq)g9v~Ey(x^C0zbc=42jIim zR3e&6KgOrRZX*P2i1?-adMg(5dxe&^DO4HyDvndTYV=wuBR|H3;Xi_z&s2?bE5NDZ zW2{JePmUvzGVcXQAY(q{M$1v6EP}ME(&SEqrDtR>Dubv21=QCrxI=VNO4 z`QTPzzmzSUh9&$r>Rh*fHqT#z{gARi?kGUmE55QnYDCbFv8HmfFF+!0D>>`8zov<0 z0fwAIp^Hw-p?jTg#A#k^j{4XCdX%)q?mW{qrHT{HMHJmcEM^J|U9r$iPmh(OA`|BF99hDNxx(G#B zuL@unks}YrHV)kNMii*KeoYNMK;q$m9uRJ-ADi6B@;3x4u0I^0_xcC(e~#Fz$;3ty zD0O*MPx>CEvbI&7Tw<4n5wULSI3!Q9w)iAZJkY`;9`Wlqt7I)vv2Q9_rL%(^{Q9^A zYoMTJgRcrinh_5r-^cH(D}4rgMH;_Pv9;Q)#`ay_qyFcY2bOQc4KC*K=1s|r4?PDR zHphEI@|iG{usqKH{d>#@eKuJ4&-lm!zwc7Rv+(_p#Y=gQQcGvjLpjC0y3Cz~?Qh?= z#ibL`!s6C)eet7z% z(yOg#e-H}qK-EA^o{t*+5h2<1_~SV-3u{;NZgcdFf_=}$@-;s7#rkeb(j`T+rF*d0 zFEdH_>Y8?zlS>#k+}?py7K)qJAU!|13A%$BEj^8OBjfo{&A+iZ=b{0^Y;+f+W`hXb zltwj_Bt%O$w%Ra>v4jSq+-pf@xjuENW6athR39UHn^-l6E35|GesY%)yRU*nuOht| zb*asX^MS!{D+R*34J9!Jq92tTV%^b!mL&0ef-N2mD{Fl=EALoEWm{He$F&d2CUyh+ zt$!bR=gS>QM4nN&%7mImwow!Z;}CwQbL3i^)vu)J0Nz{1xVu1Tx66ZU&yl35GwTxc z+LCdcCY?ZbDL%*kBBp)W#?h$BY+rKkQ-C!PziC7zjn7z2&P+Y<)Z?0 zQv`Crvp#=UIR)+I%->jTnG3tZfBcDB8EgPCTpvatXo)gaj6kC**Szm)>9!z^lH0H} zt_>9iDpZA(BzHXDYEP$*1nh{7qhYvnrh7JH!zaLQ31KBRU&p}M13_W~m{KCQQ$0=J z?S`#NLoim!zHI_>!{?wI>VQ70w0w|_V4&#@CEHA%Sm~Yn(<2ULR^o99`ZC_b{EK!4 z9vxZg&(8_c3GFIUu{w0;eFZz-P2Sy%%YXIx6?upOwq_FN$t!sGC5Ty`g=#`>#?W#|f729tD=5@eGD3XISyLwYsM zY)Oxcn9wAjK1tDOe8upMbKxWKd+zH4T8JVPiD*?ltuJQoDp$J1T zN-x0fLF<`SnzqsKbwg1tGIKek$Z0KL29vPHdm>Yi$&hL{mp+2V5GfCZ>~w} zn?Q%DHBQ)JJQ1FhXR^uNwhtLz;y-SljjVLfTXwLUlwWPlURDUHvW5EOL*cTnKzS4+AoS!sl-#eFW{AKy<7U&T-(?+Q_@@+3vhtYMblL^$j69caWh-F9*~=8n zc3bG4{GGQb02)(uYRr&14<k>Bzh9GpKu&E-dunv zc6>5OW-7xWG*i>8MUiUFyV?$K=;(;9{z|{VFjlR#T|Ws#Eg2RylUMnEX`q;FFt*+E zgo4xVxWQ>8oz;9~BU>aPzau%jxF|M{lTY^h0`zBvlz+?9gIQWT*8M2`kP|ap%O2o% zMhl3>wd{Ya{ejv)5Xv${E)i}449z=hcafKfuB^v7GQGQ#8okPXP2@oT0HUeX>!r=2 zU76NWv>Mc5g+NRF+%GJ4oVhw&!gW5OHlT0!7OIdC>I;8|Q}$0RGAZm@v_-QpBy$~= ze%4u7jK38s^Vry7mgWDKhBe-5Op?RAt-x?+TSJjHY}%n``!#lXud3f_>3yFxf5Ohn zDLwJH2J27bjr!8Kz~AXukp1YW`+LdN|7|9LV6KWKw#WX!@alZfxa!2sYetNd4)_Gk zu6cO&F#+V9tA~PM!M9q7z3yl)ezfhQZWKn$$CoERo5f*+cL8d!PBdG6tFaMVfQ9GG zHRtc#(-w7MW;j|~DSFpei2Z!Wnw5;39oO!#C0>f>I65*czd5Hp{Lg6=fuvda!7xn;%R?)>N z>YK9L*RWYfP>iuj#uG0EeECf$>+D_CdaCbp|xTZO} zR2FS@b!wmXw5W(9pfkv4@nT<h)92`94ZyU0SqXnzww4JK}bQ zu+vz^KpLxQ&aWaf8SiQ@pElAwKPM*e)juFo+5NWkf~joPgYh%KP~ooKdnZY9!fp#( z4W(%+?=T~8oHQua%D+YVlZkfN-T(S?-1H4&zAf8)Dv4$KB89A_tiuwxL8;`yY98ct z75R96_{3V)GKBu#Np;u(AnpiWB~^d%raIs@I8RDw|A%Xm#Wa)R@vdczdqo<3iPp>$ z6Q5x|Ly1;LX?z(3zlBEzd@zJUoP_O6ylVrxK^lWSO{=%n88#l?KZqutBpkTC;hx1z zxV`bc*E(ALlahA4bjwV56R6IP%J4e}4!symY$oz>@{0av5s%}WskORjniN!fzo^Ao zW@>_?0{U1DxCO|m#~_EDgUe2`%be&Lq@hK2(R!zbqx>!1JiuZj3vBjISy@sbgnVQ-Mb2sYm-vWQap&yMBphgOHs| z+F2`O{kS44Xc{Qd7Iza4HGT~^xEd7J?Dl`=3VKg|;94^NZQXtx19Um;vZXh{=$~Oh z|7y@gwVAGkmJ;j5vRDkP?&qI$xI5dO<^foT@=$4IfI<`dpm&n7Qv*EjYCL zPB|;2+i&P80+3QJRbrP(n(Jh}+C~tk&+0aFD#oT*I~e6o}wa*32vI`du+YWS15O%P>5t3Xcj#bOEg zi4c|#d}nW>p`hXHavBI#S13z}Cr}F7PlwQ-K`)Payh;P+AI3a!^e?^)9Kt#VK=y0) z35Mc0{mq7?AL^OeR`sAveCYtXM%@c3Ry%)sHC(M3?!H-ep?#+t!#GrV1ASm=z-0~X zO#Xw*(twSJ|NQf^5*Dtzr{jY})?A=zYaQI6@O98!VA5vz>yvb#GMH8lLK3-_C!_smik=O`|-B^Jqk8s(=ZN4mbD*3;7`d1%)Jaw|QBo zoIEx2%L{+=t4(!r2i;c)&(QNz$w570Z(5%yv2$m&$Rfj|KW}W*6O%u=sn4_*=9eEP zwtU)i%yWR6P6c17GfrNmS}gaR`!dYe5yq!dlL~(09=Ih*6&;BGWQXGHxd3Tv&as;l z0JBG}Z9Z4kx8l3s7gA)ch(_CXVwEQKL5#L}OMImJp~8DF&1rWwLU|n-k<=cD|8OF3 z{#*yov&#a}=rUt1$%o`?tMYE*@43H0SJ?UHT1q_T|L8dBmbwY zZt0H|JZl&LGyy-8D@QLW0qH;`*}ivit5Z<6-?`%6v1JZBrQG^0Wv|~(3{7U++mX8> zuXOWwwX|7-%s9+QPe$owG*VO$ITVhoisR)GqIt->1pfssd;3-$Rx_dUV4@`x^qpYF z8FbS&a$*aI&9{s~`b6hYp<%`2q{q11P`@3X|KU&xC2PJP-L(prI zE0gr6awT(XV(5uLY9Q%`VwD|eSPPFxL%=Z)%%gj@mD`$3Ff<`s--sHUdDX`OxAL3f zsaD7JfN;Z$gu7z`y%N|@8vSJmoeA)RZl$$V&I5SHW<#Gys1Msrf5m&h9WAa9risr% zo9=Zl1%8?t*s~vhQwCI{?w-Cu7N|fX;<*DhF{5~SO>%=f;*&YJpq-^C3tf+Zn{TJf zZ0-Ffst7^KqWfi7p03lNXZRmQQuwSPs2vy*;%5hF%_P=l8w21g~E$QcikeIqg9-aM%aT<1|n|Ed_Ke)EnGn}5p zsPk3mNsi+>)JdZQQNcfnD5hbuij?H$WcH46X6hAyR@f#nbW#S@1PsJ1j(iCk?=7Sp z5^ISDAVlb_9%|a^yow`&xC#-q20?Sg4?Va^T7x6E&f{BNs9~@Ue<$<*bS-^V#;%WK zFl~ayc|#Eky&gHdS%52hFxL#C{V6M@gzl>G*OFD%rqOTz>0Poz@5rqV|7Rpzd2rLe z%4g9hRzH`Tno)v|F=yHt-G8y4*wqn@hI%>@50p!nWz8)r0sqss%+ae~skq3x5|tKd zl!d}6WjEK7k_wyYacL`;czw~yH08wK1ncnHAS&jReq)MPlS74>x_Ak9{HJUQa@L_W zbp$3{4&Pt&Y4^%iKoP5J_Z9k%F9ggz%l%Wx9cmxxWlF~iYBb=96WkfulC44UD?9^m zE!dO>1TaZ*p%_^#XsJby6ED_=k9+w@zCn@_(*!cK9fjj%J4uv&rEj7*h?38`jPSPW z%YD_du47+6MW`}{wyjLDYmv`m(cwa7oVBY!5KdzWg{#jyBNlShfTiZh$$LS|3X{GH zn*1Kq%e=wfb)qZBl{02#mJTinjvyi{#ncagr_$Y2x5zaozh)=9VLkn+Q^H~eX?}zz zCiQvPRtwLv-*Tv()YHV^=Q=eL*t9TQ7cBto+sH2|6x$jF$w>Psn*jNMoVhDe6Zs`e z+OTQyRl8C+^Z%M(Xx9FJ<`*(do%t|+u?kTYsAHoZfA&WQ3c7`!KA;LW*EL;S&go7b z4_6*y#P8Z31=t*+t!|IvEbetFvb6?R`gWxd=3kk_D#1=2HuP;bNDoj7%ShZ^*|2Z6 zO?ktHM3+)KsvU{kOtAVOY%yVR-wWJKtt#3v+EjTm_3Wkx8jHPfhldRd`}7QwP_$|8 z++?Rf>k(z+oj+O%U6f+Y_1znFjAeDRKVo>;?UZ@u+M+gUcG&x%r;P)BTz&v+bb>NW z30tqb&3b;rLidM;moxSTP-XOIe6Bz{y%aVf3o>xx6fRKIL%~gYhwHpZ}stawq;-Uo}?s2$Ly| zM0ZUR@<;TXtaCYOeFluxzMxyHOvcJin-bSLQODzI*gevkB#0dyC2dWdniugK(BKti zm>E|K?mbX8RIbJ9eptU6S_*9MK1idMx5LG>Zz67WBW?t!N5=UJsr2Fm?$KK3%1mt4 zV9p~vbi_HYFNn~?SUj!Jj9{&cHL%A~{^!kbP)5`&YAUqq^FCXj1sL8MA7%1(lz7yW zn$So_r$(~k|4@Fg(}w=1V4Cj z0K=?;E%Yjeot^1#o|sh8|MC?^TKb|g!tV`|zh0u;t05mMhPvYi3_mFZuGc}kZ~~k# z{#;S~yOecrH>R$Hf?l_nZCp-j=7wG6=8g1yBr}Qn|8{LyU$77sX_c!2{x#(FWd|@} z8cR%$?6`vcHiZKEvpIyKMK+FLrXd(TN%&mx9@+>ok*WVo zN}7uM%Ssq=P>0R8-DQ`=lJr;TvHxvL?tWJ$X6;$gHCNXjt(Ptb&+4oFiXAen6NB`k=vZJ!r$s@zV}u z>nXn45?3^N=%8G{riCVNOr#T-2!hFmKyC`YC}>@m3D2bgEjY}(+8qrof9R_JLS<_JW$ z2wESo?m~G{qK3wt+vnGu+rx+8u%nX1aH5j_*dzLWLVnlu?c8!V-!1p*eU7s5Vc@ef zzR9PLpZ(e0cMm$mK`4WhmLXTON_M15)J|yrFrYg@UD#){kq!`C{&rA|uQRW+v%+U% zWOz=EvRrrr`b?oi2`r&Qc@KtMS{mO^xpAhq;L@V_-dfi-)U*S;JHUebg7v-`s8A|A zzO@4`9q9`KiI=((QiFODB&vvG?7#PH-B+a&yD=aBD2eMP<(SQ0tH91dLL62vBNwew zcVWIwH#Q5Ziw1Gfe9ltlJQ=M;VRi}x>gIk@K2D+$BcOLQA-6X%cja8{S9+WPOrpl> z3#s5$>E{~dlc!n4P*(%`+bVATS$3=Xx?k#syA7LuGxyELM^q4)1S+r7lfb^9WbL`m7M-% znopX@%MO37$BzgcMx$QZ3&cdV6MycHjdsBFA>QG>z~C4!<1o*qS0RN(tP`jkQ`k!y zQ%NZA4iRUfg#bQZf7QFYKA$57NjrG{WECTKoD9*}pX&=Q5WzAgABNc99k##gI2#1( z>7d+6xT!{7+Dt)oLpDG`fgko>p1V_{H_VauU1#Hxjd_wwILj zd_}^rX?!%5eV!Y0P-m3Uic!^^w;do)LL6 z1fEcK?0TC?)%R0d{rp{CNm0S>O+;HxVYm?vAJ0S*O8z4RCCvvMYSq{x9ssH(2JgjM z=tn+PQ3W$jDYbW~vsBcTCpk0P6=sLdI8iwfaY6Cr3vecZVX5ImQo0+5|8DImrN~Go zXp+N%z7;J3;dMoWRrJVNCuk*ux*a6;lTj%U_-^hv&^V7s$ zEXG(hH^DI7B%$B0%QZ+U0PvI(vqeCFqV6x^tRCqST=AT4Q(`Y!ri%9I)RcuD&ihtk zY(!PwsN*K0&ZD zGy5lMr}|V*t_c#+N5uWo=A(#LCT%G0nzntA_Ax0u*x-KqfePXDR1h&&tWj+cUFug_CFk|DqV-{ zt0mlSbI6!?%FzIh5(jqqg{;@S=JIFbr>d^Uj4gt1^TP`5F5CL7YpGk6irT|H^Wu0n zY>{he&@t1*K5T(^Ni~QJ8^Da#&4nN7^$nElztD;BA0E11y#7auyho-k{YPw`-`RG! z)0&^T1C>tW8pBTvR#3QbnM>9|I&YL@Gm)-aA{z6S0 zXx;}Gnb=CZjPC^R4GlrD*Q6m>ji7t?Og?FuPJ z=gGPTm4-lXo;K+z`k_k=zgP^KBN6raOZUpEji{*t+~(bb2O_f0O-)SU)Uh@$9&{M*a*75H@=nop3Y6yWk90F) zd|v_TdYygbNlZ&pZ4s%NFppDs!>$hLVeO@lm>vRNeZ^9mxFksIUZ6sm^AP!~*~O)Y zo;!N9wGfGc2_RSMJR_BJ*|7<@$aLge9?UCJaxvJR8^XaO^aTK4Li^23LIh_gX_gXj zcTUMy%~0Y|HI4i;!Xz^;UQej@fxcBet=~&VO8*$xwM6yfvorV_irZP8rrTZ9tPVRI z16E(fvo6_p2ZxlI7Px-Fo+2}|yTzocPdp4N)yCe&$#cdjX%vbnfl`wT<1&Qx5SkEK zRsJGdR^qWoN^?HH)>yYBNUp?&G`T4Cvp(y`R#HfJz@mi3;<*$})aT&UAALh`nXffZ z(4HdGQv(yIG=lU9@0!Vhj=xwvw(CL~N9s<00zQi1i*^Zy4&jQ5&fT;TH43aFl(-^_auD@h{q}`Y}q)e(sRXS z;LBNdB8~#4udOC|AHavXI)8YjKK?v-wz7WtV9fdoucNw^g!AxDZ72S9SpBiSP#~_} z?@$bNeY|%D|C7kf_5iL&nd#vhLCwy-WMs3ix7jlm*_I;xkSYdnO+4&yE5(2ZfF>8H zO{n0Y=(hJtB}7$duZ{SAurFUI=%p)%6_D$OPLdsP4sKG3 z*sM9DKfrdM5wnAh3nGKC0DTP6>CU51ux`RD&OopqI4>8Ovuu%TCja>-3P#J@3y4Yr zc!-;AL0kTI%`2QVcew$Q-^QqhqU5BR-}>;iKhDPY6DO(e>s&o(Jt%Er`+ZZG5(}t3 z(gBrA#;`%>NUIQwkKTTd2UcrenJFg1>CA~c>I2IwWnHZ&n)SdxmERpFXbt(2p_CQ* z0@x?_t7~wjH(8Aam6FNnb?d}^W96WG6>xVI)Wt9qKubEp-5grguk#g|j}8lFX6!5u zkqZxQLK=PLDQ+|m-N%r+)2G9+O|?zL*IkGy>?~=VEs0msy$i2-7iRrG)wz8cL*&S` zR?`u81ZU7SdIDI+op4Z=XMKyRO3+Bm`;`q_|A2*>H8t`-l_jRS8h?W)ROWh^ z9_W`zPp_>ziWr9U7BI<|$U{~vz6DHf5Ybz2p4(vlIg}Fhc4@FXldobTiG^*xx>FO_ z5nY}3R_JhTr#~+o~jV1>EFZwD^I80V9qArIwyG2JZA$HQm;ZfY#si*ms)T3ZaOd z?=yLp^h2Z`L|5Y3`Fy}aBBmJGD6~&;`DK-Uzim-0o|UE728TgooRON&(f`T0yvZY< z4>jtss2VuVsH*SeWnp?=Cj^kcy>0qVHGAQy0qgsC(&1*4;Ps+@5S{vjxnbtV5bRoG z^~X9KF-y6aXzF7#_iy2%`%-3J>lnE%p~K^|8z`Xd3)fwy{=w)*&YM_^HD%Xcf!5hH zh^JFrFt`6n=pMIBzGgz=>&G7HPKe+%{hLWTU-noFZ-^$dpOruh=a6bXVK&{@@ zMtitO?SMaQ9!Ltvss;)|Zij_Z1?WaOOB{NI#d&akgX$0%TQshEn!H#njKK+UJkk6K z{>H@-OWS4WT8)ON$e?s;&k^iT(!}>Xsy@Gn&iQ>Ul~OSLXiZ>Pp7RKS3>L!!_f>d|r_;Z*Z zDknu91S59yg#@}Fkb>>VQSYc>Z^SwHl(dPIYsd*wNOstU#Cz*dcvR+70qihOMj@1; z-3TTO6ev&;yenxfEoW91NW!lV-^B5KQbR913maQ{IW6J+e!=ia`n!V2pLnguJ;0%E z01>DKf#UUtB9tkc7P_UPv09>=hbC!mq*+vQZ@5lR|| zq|*mTA?0*;{A5PXIqf)#=+ZL#6YxnXs68sooH8v$yGoZUp`7y~F$+OdA{+|m?ypRI zFpd<=7crL=Y@%nnMps*nNYN{QHbWXx{l407u0xxlZEyX4Bc zE3F3{T8(3a1!Z+jj6nm(I4Brjq)GZaB3AN__ZLS?wiLy91v^IMBLWg4`TVcy+n|~M z&ov}wHnYFm%^Vt%gdOTlzZ4f%0l~GxAECSO2wl`8 zw7ulU)U6B+^c6YEB}`6&cfbGOg8)U(2YA3WK5fJ`%;z=I0CtH|m00BXG19v7=C zWJVKu-D)$)Of=}J1+&J`8_O){%}Lsl(*F@~w*_V4D_r=MYW|bXF?+(x6&1d3RL=ZK zwvK1NY{!;uEh73Ztq8k(%{y%0>Ec$yDfHHAwH^9VPm74no1K={H1V5|dWtgPH{0RF zS}BtiEv-F5-SSvbM%m`X0=RrmsrkATIPN;^VKP?DUOkpbnzd=p5v0So=WTCr3~HX^ zK?L^9L{+sQBJo|ne*ZFv(IBom2C81ii>w-qeV`tsVc~828A+24TXLrRBwsE$8z!2UxLXGeXaD>@~s{jE9pKD={qEv zkcy^Y*5dBml=Mp+5X!7Wq%LmynV7u?&+GXPs0BX7yr{$B4}CfJ*Ax0qE-Ck)w`;!B z44(vb`ata)@vRDt5#rYI;XB_&e$%Vd4x~O zq?;yxo+TP2Iz2r1I2bBxd+Z4l$J3d5>z4FB9Ob{-jzCd~8Q{e&b-YVjgsR|lVZ?~N zWc5;B#R))9Nm_xI-IRmaiKB8(lx?Jo7P|a!xJxViS=FZuAbK6I17=UQJpQZD#i6u+ zZhd$h3f5PvG1Vih+`miKn<5(JiVE}S2mp18W?3ADqi{CEnQZCKFuF{EDK3GbMPoJ_ z-CT~L6L^-oEmu$^oJDqd2mKhMU!TqM4fdxC_?4fM4gRCYEvxJG3hzWevu+Z6yM8>D z0W1?nS0KXla#8ep_THU5Y>q<*0Jp>Gs})cPOniJ@_taK&>{YGlZyc_*0pN6<#R?3N za<|nX{n#1o4mP3Kn1nXRJ7ov)v4Kqk{xG$7?^QLLHuW$9t%KmJ>V=TjU|IRO7@SZ+ zCe*WzTnO_^y-BoS`{a-*!l&L5C3)e52H=2o=Pg9RIrd~VgJC$31FhDK_s}fhbO3ol ze3;UTkJUT6cn%;H|#-f4wo)yhA!T#ncH4^t>i9*(Gy<<02a0xwZ1T#KA(}xouBHv3UKQ)4OZDG}c z3q7uz*h%Ym9GE-A5w#VxuATRSq7A3kF<0*|ut)eQl=H+zLK?_%&-XP5tR>o(d;$kp zd{()HBsvS#J4Pc@B^-jcEH>X~*H$WJe{EX#`prT)aI1!n_Ck)-VGDY}fH4tXgx$oa zLxdRUGiqr7JgCciKDcteXh8)h?8gt81i|Rvu0jLYgZW#~nxhl#U!UE2&k> zCnSvOJ636DsliENiJ(GKdd^ncJPLkJyO3h*kTip1nEWhZpq>V?4#B-p$b|E_JukdL#SM{}gP& z!{|{d?71^+Id4pq`eyFQg3-dsPdV&UMeu(62NZ!&r{4|<3%Ctf_<3wPTdY{A}s(BHe`C`7{U zFLzf$9j1PL-3^q{XZS1&wU`(!@8iRyo?l_#9Vr>Z8pxbOQ*t+~!{!9q2TT;Oi_ief zV$>XIg>F9z^pSyEMK)aEOhQ+>{RjMlwy!j*-+WdV%Ftc&wb*qt7Nur7W)!m zpv{^sPd7l}R?oAgls~qP`)nW2^lEjBuMA<-3=`;4kB1R>Ol1jzi$})Cr;&M|Dsu8+ zSlM3QTuv5^Lbc}lOf+e?p|@q;t3R-T9I#XH%F_uwY5IeK#{d*3s)^>ho(JD~OH zi6{i!=_VdJ*TnJvPICQ2mNBhCmx#0SS||wEV4J}VR9p6ZX5_s)_~oVKd~*QhHSua5 zaog}tB5tgRh&&91K@0hok5g@8qS;7b-f~c`R^z&T`QE3UK5vfkN z3W3w&UZ>IXUj`VA0D%k#Yr}J~U{;4i@EaA^E;Q$&w(vCf-jiy>7;I{4!c*gjm{5-; zu=Ef?CXC6<*sB{$vg{H`MKJM4>2$CWye}nqiUo>hI^|8PLFi%s0#|xUs2BPf^5HiF zg@S_Jmk#MQ6QqJ6mfzkqf@5u;dh!5E63K=JUf$OE7pMcxmcJV`vn9{h{Xaq@_${YZ z)2XCnYSH0&!M(8N+xxS$2rP=8#2IkdOS8m7GJFLEY4%fepYEp=@nkRGlK-o!ew3JEBIyP-3nha#xbT0qRo|8emgSiN{k}&}7B} z{v`K>0Br^$XKwcE=h@F1w@oAIw%OnHxh!(w?GOi%Voe;3!5tpHb-I-DL!xPuwT={o z5cn0ans?)99hDeGP%eSMv_GGksvoWvf6lVDR!6syw^Y&&VJ{l^@C%L_8%1|00I}EY zm{#TB5bKh_{YLt`THO&gBnlzQNrRe8(@C>~4JBpA40r(V$qRS{-kBr|>)Lfvq3P|q z1U|LRw>jBfgsfUE^A8`xT+u4Zmxqf8L#`H6DSZ(RQ%()4+4^F}nwpr$VvNhthf~uf z_jKtpw#^*j;MzqW_tb{(>8>>^q(Z;)$Kzb3DeGk6shR@n-_um(G$JAW`;}FdTB^{W zKZVkLVDYy@WP8YOR&SEY=9k0HLz0$dwIq2LNZ5b~2azItsv zC;Ds>hBh-@^vN{f0Y)cBSc$hCPkO~2>z7V*G<@w)`L?Pez4jGb(%AyOpJy2rR#mF{ zCD@W!*f+ZBZ{Ccl@>@crsm@SHGZj@?vU;&=Vy;o*3_S#z?otfKME9qRfV9(~_@KU>Pf9~qF2@%xSc zbXi+L;XFP>t2ueFr>uh-X?f_@3v1|DIE!cWhL83{FcvKXjV zj_C!O6N+7umOjolF@dx7^%u+eQqGQwtHavxe;P2Yxmc>va4FkAgW~A)G6G>}B>FP8 zLx9?E1tq4OM52?*g1Kc^mNZ||K&E3)bX&fJpJ*YlJ)CWKeWrrXdQO1vIQgIFk9w*k zJJtbg7`bGX0=#!2%{*|2lh=mhAJe4b9AXfN%^Nd+MP~OMmkW(Ce#5Oc>B{)%|ME!T zvwp=LTU<&nt1=bdSEE278>c_b-M2oen~)ki^hw51j>V4S6g=W)g#Zf8vfitQlF$Ch5oky`{bAtNS@;wEok7lKektOy}W(QFEb0Avea(W zbi;}yKP?CUPkn&O0xKssy%;LMf)I6`s`H4YA|XAS5?Z9<3$%3H%@Re!&vM>`1viF* z6{Bt|mg47n_Hkx8{6bHbnO?=()~l?$^djAu~5!smb|`@HM9MY4KPXqFJ91zcwpNP3F;cg?3npcc?Vf9nSH#97#^pquRlNk9)09(N2;E|C&F?m}4cy4-uGECHWa| zR4_KmdkiMO025)@PyZr=l|V7gBP6LH*EFMxkir;MO1F)O<>HT3e*PzyWUqm zx<==I!-dMnH9ckn4(d>sp4NrX&;*a|z8e6Nlnm+zhs_iJNRd{fOj)H}G6a8N@=S|l z97_3Z6kWmXsxM-piGyl)p-DS3-53OWB?_T!=JwoXRYom|t6$Ic&;DYsX}TR&r+?+< zh;_h#1%mWuYZbw`2r9~c>?nGVaNjmsu-t@yGo=pI#@0#=zaE>9)pNHOlszH8AsUJD z90tt1=*Q|3Uz4xpdMf;~#!>|h^4GVx&-fQ5`pZH)hQ=pp+)5YoNpD^01^HiV{ssf=Lt302 zzi3cB)?ts+I43Y`5dh!SEZ5lR(owm{VbH+`=SPkWwzr2N7YyXQyGLquOUP$U&XFtn zRr&b^)`c6jbOczD+!o(~qAv}G;Gc1d6rjn{cfI-CD)N*Mru_By?)2u4p6E@8Air@s zNWjo;KX?~Gnpv+h6A8JRY&c!%;E6!=1fx?{x`|u=3b;}+J9iPIi@uJN={}dC5hBPM zm|f$2scX8)0!6b0d>T2wQ!qG^!pcSi-pbWa;vmL$Cw215nebdaGab|L&B z4v=HSpd!z~-*`d&W#t;vnPk3=k&CYEf(j7r3x06dx1mBQIJB#xwRcx#Dfbdojz-T< z@NCuhm$?+=$DXtcv2;R`#LWQ>6xww5qthb)Oh2rZ%QDQwanE<0-IllCxhF>~VcIx% zkqn>Yx({bQ`c0mBTfo4s!flDrvNXxLK^O)jc_lQZ^l640hhG&GvuosLuaYCIN2MHx z8`moZcp5FzYY0Tn`ED4cd*+rDLQx*C%NR7H@rsn1P~@M&62;FZ-%Two`x#Sp{FRf9 zSS&56A`YK#+>D?w#Z>MEJ%;*SMFgFj=&mavLa7 zz6GGJ(pt&VxeI=XplXu{Sc0@__v{$27kv$0V20|MRb>BtHH$h0>!^z!Ktbda_N zD&@}|m;#L=N)phQdt_4kABz!+1pLk0c)#H#e+K6pQ`P21)!xB4PpS;j31B`N$_f|C z`9t3@tu!>Vll@(+EJ{t8OEO^}k@cur59j53E~}`SD+=f5y77>(>6!C(F<&>$1SKor zAHoxMH5aBeuj8 z3I9KYy>qN=QP;1z&)K$Z+qP}nwr$(CZQDHCwr!ie-|yb;d%xW7bW&NV)T*SC^+(M) z$9R6v$aMlz8S+n=YvCPpmvZsdicRLlMcnv78dDRW)#eON27#d1aP_)$ zMQx9h%9H)LxVgo_3l?;VUFfpGimDz*{#F5gC~TepnB4!wF+(Yy)`c6?zrPO@*1du1`?P!58M9GR^rfeXt6nnwd=^GRAkG6wj-9^Y3Ji7$F~mC$&tDbS*TjvKohoF{bU zMib_fyb5$(KfVxX4ot^v^#07FMtuO)8)V;+k9iA&5;$? z#+16if~91#(aM;a$i7Ln=d{m`DNTG>e`5aQvT7@;ceCrM?Og>G zWHY^uqTk zrWvzPYgYnob(d2rgy=d6Je_{?0dd*S)p(nY?5>ni)2JC3e@ZzL*>ki12ZIY--7r5@ z72dDQ+PlsW%*M}9*RTZ*0VA-Ei8tDR{30vD2v^XDv=@Ojh&g zz6Sw6QqW`kd!?iMcb{P*7a%Uq&Y3wwUPuu#yxG*d+CTR@i?{5v^;UG_C}By&8efs>SGWfqMZ*n1Inlo_*taz!sFA&3CguC2N;Dz5N6XqH#6>9 zBN9w`dPjQL3)U}SSIH9RUgEYB4q&A^b@XZO`DQy{cx?1qV?taOxk-PmBF6}#QBsTMd&Jw zFGb7aQ;*(-L}lU%<6etsYmC@e#j~9-@%OqH~$Go$O zxkORYU2p2e3-S6KF+2 zfKMTSqD|Dav;{NAb|cb`c_ov(eXbd$qb^Wlaw4ih@Mj(v>MsGo=4Nw!N0XE(_Nu|J z*!09{`1}Y0sz6@~2>jOnKF)nMe#rBl}8^Or`1J_E`bl?9*p$ ztTPBmNu8FTXPUu>BDmyFwr(FdXMOsLE?9jERuou%4Isu$X1 z=XZ3&qba@eOj}{pzKM67S^1j&=}aJ?9bQ}E%`9McWyX+7<>bn15>(vDt?)#yaqB!5 zDz@#v-T76??vd2q;A^VJBBTJiC&&IHD`HcILCS(3dalnpTQu~aI`q2;*vu4(zX zn|kqQC?B1K00EUUON;V;)*9BcbLk^0H<;Z15;`50qD7VMY_s-Z?{6z99 zhy>B@laS!15e&K)SzrckeM;K)<1PU=KX!r2t2Q|1OK_4ZBxh^-sMFKE!mdU&(knqH z?8+q!P5Ryn_Wr0q@GW_hx*`0qd}~=BLy1J}OPyUvS$7K47+w!Yw!-mWRl2Y0y?2f9 z!Mv7qzBG>mC6U#Q?F0gdMyJ`1YCn(M(AuuG>i5XT=(<+P+v?E_eZ4ni3#Nj-au>KT z7mqj2mm(5J+yfqaVO3#j7eCk|55@CFMZu)GGh6mURQT5@d;*Ui3}r>YN~s{!lXQ}% zCg_b(v?e9p(^kd3?Gs^MZ<=`VoP7gGje{4^SeHRPp)jXD&V4I)UQ%9RE3H^3>M{3} zyqz%%iJO~=98xRXMWFVKtLhwmET7opuuiu#{GdE3!|eeu5!1)u^)=TY(EJ9@Zrn!J z$50u6e;)?9$J81m@N>LH`?C5Vu8+Y+NBX^#6nx4v%4U{eV;1s1xBTCr$v~J=SRFEQ z7WA#c4K?5i#dO|g-{Pu9&DXkTDXI`;Z>U1~5@N$QOtHcg;a-i?1<_gNlzsuhW#w6} zZGlsB)2h;$hxAu7H|*N{hWjJT+I*B$jEz zHN$GHah1SJn-}LJ!ZeildoVeVG9w1k`~=*K)d;5guf=H1;7sd890hIYi=G?knLgm7ry&|wbC@>>r+<44QxqO;utOgNm#39oKX zkDIUO+tbmovlN{$U7TTXBST#hJ)t*s8)+e|_g^5tf^Y!zU)clA_8vjf@%LPcE#9QP zz3g&=5s|!>P=P)cg`AX4t7pMr)FdL0?REInTMm#I8|WtYx7O|RVZR#fgVaB0S6DUI znM9tc^FP0OQc{{zSfR20%(8371POh3)oqXBL{VHp4`i&FPyk~kYPc6KAWHE-*WEZx z!258Au`+W53O^{c%(=!OC*O>N;a#3q#lXkR5zWT4;PPg-wvKq?{OG;@Nj}pOLW;Ri zUO*^apF7iFR9%?YF@iD>k#>s4NmtJK){^&3ibk*$jU@FDh}V90NYK=WJu1&WOK=>a z27-M+HVE32oAwTd=Y$=3wyxnW&dI*Yo_SP8qdv?}bUmEUX7-=Ot-Ja}>4g!v)qol> zM=uUDQV{;zMaNTrLsn(%NyNc9Z)BWFMxJ*bIdQb;GLoo$N{GUfv=`f)@T2*;Z3_T4 zD`=I!bh1rs=ru64rMle})XEyd%x#?(+@5APPyhR?>eS$0}5rv=~-4&8~g3~n4Th3@gEtQwU-363rdnA z?>eE|rx7#2;V->Vgh{Jm%XilV4ApN)NqA+@B~+6WYxF*19r(w;_YadmsIkB%85lZ# zyn^xGfG?5BCr1^T zeb2_Bx|uHiY*kBJoNmh88>Il zQV{35)&iLR`#H=koUTlaQ&D{w4mE7g-16iM!(=;mizoj)mq$KiDs8pD>~O?r1w!{V zp#flqTU*@7-K;kz7&ouRoew-(9Fs3p-!l|jY22*`6O{XyaYVoNG>tsvX-pbF`Zw_^&-b)+ZV=my2Mk?xQR1KXWUVxs1#*^3 zsD}y?ni~;r%;Rv7aog@sj2Xty1yxvSQ_hn5|7&lF#4Tfb`a~~qkN@++Ds65Bl=@GO zt$I(2FP;C89-pW=&ugHRZJ!u*8-qNvJIL8&G0#E@5lR31SyFrmgMXu%LZ)C@uumR8 zY;hSXH#5_!a!BvkQVY~phYMwZh+gva%Io=?SzLAwoe`V5L$04SL{f8eOwlPsZB6s< zKW@N4I-ThHVv;%S@h~($XezX!4WSj5!#@@_!h>tp=4CR>9^D5()aB8{Kt>^_XW@XsH?OrE7P!wD$IAu|kl zZO}|Juxy3q%+c)Nsh2?AClWt9!-PwJg%XD?Wez=Sc4;|B3;($5sxcJ~>Klv%=g%4O zIj%ZzqftgFhSQ+$4-^ns5ODitPf8_bI*AUkWv=lEaX+Y0InD{(rzozU;l+)A{~ignx_!{L7Fq8rS8JzgX50iN zN!yXo%*Zv)ON9jY^nRQZG!7_(lsLq0Sn}jon#%VZcx%mts0@deV87+ohH6eechyr? zW>UPFy`J8rtLT=79(vp$-|D=WlQx>*h~q2Roo8($)0|ch3a~uJ-rm26tBov0OBcgkRp$ z*~cV95{d+R^e+A3TCayDF54#-1TM);?!*oRj%F!A(EP}=VR?UEIK2(ikRZ84t$i_6 zJA)-nX}rO*Ur5Hft6bSj35W~~)dM*q?Vn=s% z)J^{>%(RYW;JZxj$kybmXmG!ka{D+oC2h|JU|V;o6h)RX5imc$J9)mpHKWu3VGI6} zNHW{Rav0b7%h~uy%v0RKET3-mR!=sQr#|{t3kSUPdWUAK>cMHPbGfaWWW!LBxivR= z@qYW)h4#OBsS82NxM5|i@rZrtX^vzi)WM~6)-gZ|_RhEp3GFt*3{C)iFtt?|?1eH~ z<-#q7=mw{m*&vvEKIgJ-KE#MP?8)E=6XZ^$1!|O?QHrK@c*?3)?k(hncPDg?U+f%n z{j)8*olfvE?T-g-lfSJF8$Y?c(4mRwX;(2lQx)LuA$b`oOp<6f#K(s=-ukO6A@C&C4x-1e=`zH<@3qoeSZ6 zFqU1jA(MF zWwKB<9%LammrLq7A@50m+3+se(Ji$4oDgx?b_pUr(@Xk{T;Z45~Rw zC!j(6j1!__wRkJ|4c?C?jTQ*B2q~zHK zsRa7u;>}35(8+NKK>UlW{!L+O8Q%9vVWkpbX<0Dvh%me)$OgROaGhd-VPR+3s8w(9 zhyhEhCLd86nq<8vK>w{sZ7q3a7clqz0GOnwt4TE5p!z3J0qg#l?>|E{vSab`jJf`ZABq=5`snof<_#IoBO0RoDA{$UKoOh-!bg-vRQq%LuZh< zgzoyN#v`Rg)Qg(8)atMZ^WT}|zx|5i94@G-`pD-Zu%o2zwujxTI2`$qTcx&bD zha@eAHrw6F78Uam=ZkRW>We*iXIhx+h_il%rHvxec3{XSMQ#5^#a`@X`#?i3D)5gS z@v5>c!N{?2!Z*lx&HbCN>iUT79ag-}?Ak&qg{rY=c{vZe)f%u(kM{K^Vqd;C2+~R# z`tqj27dqkIrvS;}DXrT20af(tiRV>68@ZfpYZ%rzW5d8szZaE~P;8C?Na|p` zh){Xu)U~)#XxkJJuF(jR-(0zB>~$Rxd4up3MZcja&lL$Z|M#q3QVPzzwt}*tzo7zn zhZ>x|=@P<(TZJdVR}uYj9$)d@l!@D(g@V95QipcR{Sb!+u((@JCK91y5o|);X@rsG zgEBKn4kf{3ABIS)kMEBS5+dhlV^l-%+7OsRn@x}IoVh>nbU1;43b;)*D)*?*Ij~&} zZm;QYGUM2gN>=-WRR_AudeQhdh#?weas@0)4c?yA;1NB2KDWvYw5u2%b+Yz5Yj%Y5 zU!wv%>)QV$Vgu$`fZ@UQAq+`^AyC4ET!yQ zMFLW(n3KFTN@wX|T6QRRlztKDnXA_1h=@jma8q>k_{k7pj3)?Rt9iX3DT$5 ze8t`?1x^1q?rSDfM*&Q)QTeCfc>*9707=7JTdxK0RN1%H=S3@#pb$KTQ4Le&`5ssT z5}rQ_RBwwQGN3e5kqKmea)hz4(^I?x?HH6wVNLzl7bH~$0PN~HzA?n~O{d-7&%yet zRg|;`rEgr@fG1b=EAa9w-@SW;1%h4)_g8#ecgLqfZ2skAIboA-{K{O1WdA-HG+iA4 zadTW?H+i6o2-n8pX$XrFD|Shx_%wpU!2aKKY=o3o5<4S(Ga$-qfTrrzdWRc+(wb}wnqam|lT?-T z2_ol0^VxZz-iCRagi6ehU$H%<84ALB;}7V#p#|r9r3az0O%LK&BIN)~#;9#~PxfHq zb@VUuV-*nQa5+#+SavpSD?_qN(uJ8zx+A47v0J(;YLvvM6GD1U8QwgP+pVLZ+X4IX z`HQ(cKTx!_b-(T2p7*DQqYvJ%jjIDM6gepP*LSq7MZK4DW}YmqXq)5yVqE5;xWEsw zkZzS|Y6wA9_6lmWv1;T|uDg_Umx8YAd0h#4dNVJ+=AA%!1=xd{xNFXJkpsTLz>1Xe zz7;?TvC~{0`+E|t64D+@B(18}>gm9?o03b9r+r&?x&aHQan!IeLA13y(Intl7lT2~ve@ zFoCu%kiHLy9CFdb?vaoAO&v|MpUQ~oxe{z@;dn_oWT>N+C}{Er6)C`%U|84WK!Y#M zqDx3HIdPIwpe^YdK8BN1N+BRmDzfSX=-*kntouF0>bGPzU;5?!%{+ZczM98md6kze zRo{y$@eZG6OhP2T3-I#S$)X=xXtE#fMrW{3y5KE#Ep5R2S6;UQHJUly)DaI^)=Vj* zNE8`G;Y3PjET*80;U+Wpl8}c=>mkZB!SHQYPjJZ%&>SvviVZO(Xg!RL7%E@u8Ym*1 zel|tC)|CPL^}?Iy`{Vk^{{FP`44Zw1Nhltyyw-2r$(z%^_3KjT2-$bVLsdWvWV+qN zuzCd}&O(o5JOtpb)u|HT-bN?V^hiGkss^bM6jUsro0=5Lf)9FPp-^4uN4dT_ae;xX zvo}>u9eXm#OfbyRFSh|ULD=mqj*s!2Nq#yGbJhq`avm^irWRAS?F@q;>$fEP^Vb7^ z!FF{d&@$+~=R;pSYNx}99DXgMLD;axD10rTsFdXbPSrgBC5o30?5|05k&j<1hJ4|M zkl?C5o&~WCF+6X3L1$RDLJ=z9VeI}x} zhV!k~;*HXqEb|w)9{8Ot$!Q*y7ujb+~?ki;lm1M~YQEa~a=^?W(IU@0@` z=iOcDLQb(<`1e&2AZfDL4NESeY#JuRk}MGY<;1yi&9z&ga=hMfU)rL{2HX|ogug21xOu-JH=1SX9Bgl;bEei|ulady^zz@{E_w^2>yKQu9e>N5F-` z;lL&laY~MoxSp$0mm{ZGCq$g12|#SX79pc&#p?i^iCV}ew7>C*z|gUZ){w`iaq^dg zwM*W+%Nt(owI4U;kJen-p4T(iXy0$9OG!wE2A<|}AB{zeqv8cTEaogfx+6y?N(qO6 zo{@AS(o;{6c^feK!FmP_z;7v7W+!=i!Q6hV!QPGb(t@FrCkyuCX!mfrr$k8+wBC2VUT_gHusKU|#Gmw#J_)&X>|(Qt#_&@#Ev}Mkk=Qg`gzY zCu=Fl`F-Ig=4bx(%8elXExK0PyXJ+tlI8K+Bu(c=HpIfycV6yh{9I6mWNo)5j(FB% z?W{KV%hZ-F2z2zSyw=U*pTa#G1kj5-ESbhY+$g@^yKw#!@uyw`c!^L{w@vhJp94sp zq@N#Nf=v?|*@9C0bxzV$wh+DU(64aO%a0N9Tl}*kHbyNgJ#;4X8qoAN-itmxBy>#B7tL{v2OI#w~ zN9i03f~)KVV=R~GN1-#Nh(A^+7c>*$sTqD9d^NcWAiAF7L=lIp8y~ElI%xJ}&O1+k zIlz+l07=^S1rF|(244R7j$bmmr(HMDTI->QLg^P%-dS7haW^ps7z@Y0xRhnx9+nD2 z3>_*Ub)}8D`pQgb#ww4E(D*VHbbl1fS4y&R?0kZ(+;mlJmJPaGRt>nUb`&5%2&||D zU#zZSob}s9#&zp!HpxuQP0R0eP$!3OQuwEIL!!`f1YGQ96A5-zar%}auZsv05C$Y% zs>BnY`(NUJ15gZVcL|E3S#qPe3VJ4C2T{QH+@>Qr>vV=WNy9C zOG%g>rt?X-PfLC0HxFpboI8xwK_81pPV68Hi0|c>KH>b+*n0jI>S_N zlB;sI1#6v@-GbesBbzPYp=zGXs@@j?UHx?>Nkq{@LwAPA&rPonW9F1kAmn*XA{-5w zyHXH;|M0?xZ!p>V(n+tskK`%VyG(mt^9s=Tp8T}Wfq^E|rXA}dRG$=^Vt^?+d?T=a z>B|vzJEeIF!k@s-a@ATH-k;o3-`8kq9zJ#-AT2aHtx2PShaEGZ(|l<~ip8%rC_PeE zzuv)ERu8IIMUmq7mZy`}MU*JA28G=!`qs4)VpKSB%h9a-&$({_^u_Ah-q+}D{u=Q= zJY;r%i#0DP^!?N)I03sKXWUhet1!N86B?gkSoZzC9Ugx;mxi8ie!kb3`_JAR4{~KR zN80#tKc6#6tXX7sgUHughfHEJkDKHZS2t!dO*;J0Cv;LppjCnu_|+jjTd9$!BbVb$ zk=sn#C@{u9yWX)V7}Leze^H5;t@Z<8{omz}_w%mg=_I;ORgfn}JR`LdEI%R)FQa6E zc7EuE=~ad~t^3g24eEnAdZgaEp7sa2PA9pW+*;&ZiX9v5a4Ef{(Wp}^lCQgHf308=9zTZdUXlfMNd~g85=oM zUGp{94ib?$HnZwj4LqXlw$*{jYFD4Rj9@&j={vS2W+Boqs5cuo{TuTI0`Ge3A)TJF zU89n~*qL~fe!AxamjPVJyrHGuK$|7VpP-Loyc+M^m2cTYMwJLOb$;{-QXW1VGweTt z6WX)F`B^FwbscVju@3{ew5&JQ|0}GKUSKnX{dmu_fmI`3^ZTdT<4;t39nIvK)bfBu z1y-0ejXx~O-@K0~NRgrJzz zj}{1`NF{8nKTs~I66i9lcoY0d*USk{z4f&+U8&o=j>@1nMRDcBUPIkuyV=H}WZZ^;?&ht0E&4s>x0;kc5si8RD zv*5$T%P5Q418S(ihU@PX;u7%~cRVm{hOE~N&P&t{??DcuqF2xP+M?C79#_Y1TSez> zlLb0vJ(~f?W_nG%B|WwOB;%jr`e?6B#(;CuL8cndD9@Htf`gnk8-{Ce*W~h@sB@Zw zoH7gPtrf%gX5tJ#MIUK#mQ9tWH>|Y75l6iQP?C1QG#IJ-c7}guV>n>iRNeC2W(K1y#$C=&JoVzFl(C))_{`wH?=mwNCq z{mYDfYy4~MWSoOD{A=c1pvEV9@HlCQ{^BmVfQeRIzrRHpNrzGrJ{!bp(PEAdMAf3F z5kh;{?T-B+bxj1BV^CuDqT!IIa>D!6T}1yWULkKXx5PB+GEc*g7>=!}c+l7=Tw3Kl z`3|2X*F~7lnMg17eAa2gXZsvdOF#-SS|(|jTug4ljzQ}yif0!jwZmP(DPcjiJjJLZ zFKn2s%%q%{UeHt!tw!wVz>+*CFIa%K!Yj@V#S7uPp+5;{3kj`hASQR|Bg4z9QxJ>u=U9BLC zS^u@Pz1HF)B2=>S#Ej{3K@F{#%ojuAp7$Yp$wq0*m(BMwPXm*}eEyFY?)GZnZ(V+_ zAO2$#tG-Zq;mqPptOMP@(aqMO3j+h(ItvG-)Wb&#*wTWSmkK36!QRxMzB1)*TN-@? zispmkU$Z~eQbRIt8rWZM2)pG|E~b-$X*?BgWn9GRwBKOP#76WqfTZJiO5HZ8gG8Ihlz-kqOA;JR$XU?}}Kw}lD=}fWqM#GvBS#R7lesU$8 zm+-<_a7=c_A*6KUSHKBd;$Tmi3qmorGhXm~!AvG^xDl z{y+^X&-}J-2s;uWMw;Y}^V7|SZMLo*5p~>dn^7l{|M)fj*m%2YWZkWiX2)=1P(LJ0 z2@N9~HvZ!X%iFO;-Y_vvR!-+AmLi5s5~#o7dJM!EifFtYk6E+kUc_9-C}}kpvkrQ? zW;4aF?frm~ENq*ay_0^%=RRR8LLqpyO<`qoc zY5ToTd%&EX$%!PCeQWwiR^qpKaOL5!tjlR=C|t|RBk-T1c*%!%;30J#AY=uxL!oMl zf0;TM?77)qRfV6QxAhRsh8R146E$uU87LeU2boU}{OBkp%pZpKz^d^t$+-?Q`yZtnAQ=_ zDBdoBWz+115s_Q!<~Q#kSq3HQV=yl3eJL;-<|vMwsY-)`BAOO8om#<=trObLbB}v; z#Obghn|+RP8drZ{6ef6{m7?P{u4pw%HfQs(U6yX%$w29BN4B$}I?vE;BfuPyk6;n1 zTzNx@)A%=QfLEt>%NCAS_-(AYK--r*U>qoQY|C_S#38}r>MxQXIjN(ZJR`m7c9~s2-5w$$eG0!QV{DwQsM%S~r1L3<4WLJ8Msu@)f zLBZA$$UTD$Esz_QA039VG4;k?{D@h~gXz=IIP4X?K6}sCrh(b0V*K{LD~o?LAkf#H zJwi-}0>H$J12QeUjV1fhzdVaAi6tjdgbo@UO>fW}95a6ibSHEhP&J=E0%15QvxN6Q z=6kkbIBSlg)Qj*bSes}ajS4;pEzC7;PK>QoJLxGK34ODIf!hWnOpRrx8KoXH6HwK) zCP!d1b=lRJRaLKTy|2nO`l!J>-uE_v%*BTD<>jaNBueC029Nwpq2f=?xI)&TetGL7 z&KwWS$k2wUf_v)c6z%n$gt9j$+w47O%3%A9Wst=s*pnr@!6Nk3z}C4#+uLDqb@sV8 zwky9=jH2uFMB*t0ezhff%h~!_AiT7eMBzgc?yYy}lEp+S?)~EEo|HeQ(6$cM#I+Ym zLcb${2y4`7o#q~?3M?W?G78Off~gNSQ{I0=X3e3|qgG#AehXzjCUfPlQ>}#!8xU1U z@RyK}zOmo$AG)TazU;qgvZc!%pZBjhUD-WeAJ@;+1KllNA73vor^kcVo9#^>-Ox9+!;lJY#jJ+} z@&lf!NQL-}Y4~Y|?_I?A>rUn>l38O)AivjoGx%*+MMs?RB zT>92YYyhzFZyU74@RmcWLVVqS@~Smp`CIL@@g|^r%!)i;n*6MJw)WBCzTEyNr65Q| zyVwDV>}A;2G#t$(Y#NrVjxvAC0;=DIVJInWpoJZ`Tw|rzkC!9SXM%YTz|4wF+)53- zR4!8MnstW_Mlgb4$utB!+WdLE2R%mpC^*i55ML<#iRO=D}?s203AMih`3E#gw zvfN_6Gke#JB?;n2(1|F=Oias|Cbxw@vtVoy>n;zw1DoA8F3(qH!~q3}3@=l_#aF!VY~BL4*ye#fHY-)a<=ulcUC(P@Hn zDHTYDwAGb`Wq@HsXa1XH`fcFaGaXogXmz^cL>kj*h;2JaaBf{Cbm&SoKKut%AV<1l z&~B?Ih+H-B5TXiGVNUFC3qNKo=$k4+AeL1qCGMHjZVQrjy306GDE1VJ&nR^S0*>`o zT=)y0aUg*E_ESnsoR#tu5Xn6oM`Ros)#TH-;t{PMfQXW}@S`w~Jl%B20>MFl?q2-G z+?0;^Sa&!dw#8129>nV9BDl~GBsy6HFaTTQ|iuSI>I+|70KbpAR$N zufFSmAP*NeBFa;p0D|{v^u}u-h%w}1GZ6bVf#eOm*eQ#hTGe)WIDclkWt5S%M6^Pp*X}wN zQZ}jpSkoE>L%svT&u@qgam_6P_v!5Q2rMRwL=k3LEXNA-Fr<~5=a7=(1FrhhLUYYz z(E^7&^Ya1*J%7UO#oTo65m+tN>NzzleyOMmR-Y;t6e16^OkH8qfEYMNk>kZat%c3m zWNUnvn>9N2KVX+NCd(Y|amem;g_5!{9x8h`Awts);q9jhN}-XCM<)s;`jrAdM!MNC*v)*B{T6?JymvV&3ak);gI=!3KX#J=*C?4#Gg^C z9#W5}H;qPCE&h#<*vU5-Nw5ZxRrDD5vuf*6GUbTc1aIcW)^g`g%>I>4e~MnA0Lm>%R39O0pU*py$>%3 z7$qoIa$}!>>6ky~ts~-mw#Tt~3@ZNG4ko2*Ij>NaW2{}P4QgYa6a{osbXsksVj8D) zcP{QX6rI=Ga4xcr*IMNIjoNaVaep&V5gTJ&W?!Sl?$iu-n*X1gaVpG&!7IIj=MCje z7`y_qMkwT4LFqWtH9(ySSa12Z|KV2fgZdxvXNWNndW-H3T4yeV=@`Jm10di0!^<&O zVx7g*mRi&L?*t|9%%VSO&b>=T%cHh!?(OTzCss7EEz&KWKoDz$^i^J6`TT1MU=`cY z6hhf%-OC$S>t5Ev|6n#HL0m7$#4+oL1SA%|3ASDG$bgdoa|4=sovlleq@i28am`P8 z%9B0oY+;|Rv8X^lp7nM*PV{zgE;jtBrnZb@Bhn)x@3pZg{zBDNFOF62uaf z$m}I<&T}UK2?puz5)e(gf<`8FoT#fpL*Ayc|F<;F%{C*=eI5NdI&8)1~+0yVhIPI@3A->7Y2rRP^tYZoH{IzYwLli zA*dnB)0CHj+{Vq}#|kY@0s{P&3lrtB+%e8On@#i0x%Q+FP+%*cC2w&pNpb_}ukCYy z-LJY5ZA4MDXBTO|r;YOc^4^L1Cf}DdT13TRtmby%vJR1z5C2_IeK((C+rJiDj(jP*+u^%eC%C8IxBSk3}Y9ae~4ViMgaR< zC1|Q8AaMjo4A+CjiaYG9-NEZ$jKSAg*yr^xOgUwdpAvc3VQyeb14J5RXGX18mP*tX zJ>rD_!|JmVl*ioLG&vbSFL8zilk_+8b4U)<81ivSy)H|4sncvqvT2AipiTh2Ux9yx zU~-wROz5}Y4x$vQomX|GU&Pji2PP@6o~FY}T*=?HZ>|JW)Jq%bgC-lk!@k&wE}MT~ zHjDMe0X&M@%u^z#vBv?~9kMUQ3euQFO@kVx>f7T+B)+EWU-TiAs_Wsvq#~KTM1TzM zjwLd>-yE*3TN_1Phrmv-jt$?j8D9Tiq8^bIdn;bTaldv_h?hbUp-vM(8&Hhkq!F7S z_Y$j6cLGStmfZN{<&2p$htMliiM5_*M-YR2nvk_BKVv1=Ft&0@^bCviH0J*$=&7t* z^=jes_6i<)X570>H-%IiO*ygT)kMCq$d6&i9_k&k-a^)}=BUxpsX z$x+aygVZ zZK5fPrTi@tqj2XQ$~J|6s9U7Y|G%Th2yz=JGu?*gqmN)6nM4}KXizj2F?h7BN)dV4 zdQ;4-gQgKy^Y7Jij+wRiXdYT8=W)7?QeJro@VbiS=13nOrhVms#$pH_1_L7r%!XkW zlg5+`mJ{U$kae%8qBT-ebap^Xs3)f<@YS*jf8rGi(?1vfg)3C1tq^`qeDBcHnCsg1 zH>orK#y2bePR+GgLSDtLU3A^5?rQCjV~pmG`XOG+0hc!68&4B$%U!$V?^q)po?>Em%ocildz=iCkq4lPE^Ck~(@PRhPT`jPGsP#|H`n~USspdK+^jw%aDsa%-l>N;JS zx6y*X|8A?<7+u&ZcWiLW4RHSFH0Pv}{O9$4XYPFI?BvJc9fDzL3#!?mCC@^AJDY^d zSN;Fc@bp9McDrFKgKq{VnMB{hBlmL?##A9+=j@I9jHz;V`Q-P8xP5iDrnGsET(0O@ z+rLQF&|h;7Jh6wDG3)eW?L*Drh+9ZunB;}$v4<~szndx`}2 zCKVy&tx(zyyo$tZ=lqTK09CL=S=N$rbR3a{e9NsK!95((aQaw#8-kZiBY>p!g2l&# z2>eGtY1n_0;-Cl2pMp>SZUD=Utf}ZJ{AJ5vkmj;*sMY5MXAT{4)85lM;mRD}L~a{yWmnqXJ{Nw%(wMz=%uBg-4O;N<6%nI(093iY-c1Zc zB_Rcd9&sWyZ;@VV1CatN#|sq6%xbf1=J~7QUa??AQFj% zAZsf(cil{ICcr-x$Vanp<$;^|i?C_I5J{76NBONT5+4GZK9 zX&Xp&3`E`Oy}yV#zFqU1ri`2K&QX@Kg`rXP^~T)=<<7Thaq7`fzc2&O1ms|@m!Txz zwms<=b!=Wb%~SEV0TtS-2=zObZ%BpKd$-r#pEHKLCJ_@8gQ%YwQm8&(W*uOY9CV zF7B^B=c<#nRTY(Y?m*Yq$k@mB`{`mX_He&+j6Wv!=YHp}pS0DYQI50&Jh;1LF@r@9 zv@}-*S@2%gE6wB6gJgJmfrWPzgw(K&O$t*mf_q*ip!QWl4S`MqXIEn-Q`7WR_Kiq& z$HK^ zF3%uGL;-YjISpG1zZbbh9N*L&u=}#mpf$aPWJx5ZZ;Q7MUNj?>|hc<4n z(*udtymu6M^xs4|(GCIWP5z{86B@Lj-REFmqX~3GkO{Nw#Ao618DbWQ>ANO(+^y!- zhd|o=Y!+Xra>m<^iMtq1g(8h-VM^`wX)FGkj7FyBgumEE)cJPABVJBiLf zKD5%8Gu`Rgr*|?I2~IYzk)jmIpSs7pME?c<8kV?t!Zdbf>yv*nf<&2hjg~;g2!FfU z^d}4CSr>RV_~2h5|1otChjf(&u!JI9aj(+G$S+X|l;E2grX`-1nY$3_>V8vvMa$rS zjQRSn`U6BEn@65{hMxXkMyM11gpEi(J@4P??J++~LqyHiVe))Y{*Pz6cJ#CK zjr1yy|8eGQ$J9MBy2RRcA~LaJ?(gK$G71gOWjV$EzZ!GsLBTP)&ZUb;(0|(S-6?qN zB6>7BJp<#oVa_m>1ZqNw{x7P|DY%w!;kGe$Z0^|Hv2EM7ZQHhO+qP}nwv(IlpNqN= z{jgrUs#jNkW6m+p2ewA*nWQF!seSltT@_p>pP5N`u|bNSF=TMu(xoCr9nUwgsIL2b{<5+)_+IW zl)Uj(#997FDW9mIF=|eL^edeqG%tZ)Tk&HNV9}}iTGMQ+qQU== z0+?{E3HHhvuB*j_Ya@GF&pc0H6Kj7aF?T;g9dw`=x>9YVfFD%B4IeU4rPhT{soQTW z%{{{JvRP(g-ew^!TN;{On{6h_XPVC}qRA5eGz5ySfNg2fzVwQpoCYa>%UoDr(PsKm zg6PaO-sEriI3iiIl54TW=UO84DNTQLH%!$v$xjNMH|}%f<3M1@H{R1L=;F3(-!X|( z^ppu?55y?}fDI7i$3JH<%tAn4ut?o?T5?*qYRO@RELBYI2jEBgSyjbak3@Bg0CH(>LK zb4^{s`FK9nFeEfHH^|PMJ9S~J`ys)ib{5uQTVWqa+IP_;4D}F_p{Z7E!H%c&Sp9ey z1C84*1NcC^*Do_x;}yAL_d-hXR+db$7Gu%J}P4#29tdA>~ICc zHsyusuSvdeBGWg}JJ;MSKfmhpSTY~^e4FV+fK|>Bl!d1|3d4TWqj@R^4rd~<6WZ*e z(+2JpR7OXETpa!De{?oUEg2_UU-?D1+i5&gQ9aZJki!2Xl|LG$_$|@>O638A4eLpZ ziAds!2)qlapEU5AP-n(Jr$tAxdFDGO<3Nrs z2*!N~f+=w?8~6QkZUazYpG$5pbL07VXWuB$E`LonN@S_#sw0X7tIa@tzC131M}7cw z!-|-xntHkJZli<;QVWnD_xlOv`&|7pifpuXeYhn)y|1c(dPgUJ zwv0Y+NEduMpnrCQ-y5Vj)kpyS_NO-Cbm)Q}vrnPFL`V7-j1ObR2H`Gs$sjB|6hi{4 z`1zFmcFV8$BF8dw(&=ongnnt#OkzxI;P>RK8OEKc9qvKY1bejD$enSw%!I2C#i~eX z-D%`=iT_qk8#lGVmzgfyHdhG4JfW8P$2f0Jy4&}EL^ehz*CI^b`;zxwCb2wdFdh-m zcXnxeA5#!J9we`@^u0X49-EA{tEl&ANN^|*asfUuLIz6D?JV2xd+YmTt_=zZ>88#& z75|+efL7}+&g%3wo$^?bctMD{5;DC?zP{K&95PMp2!4?l ztC|<1R2N}plk{rwr|WP#Iy&3EA5MzlR#yh!>Tlxb>ZsiZV+g@gfim0hLC|{8CO}ry zdQZVpY}JW!LUzCUE7vQS!kzEIbk{d78G;ESeEI9FuhPQSy|J$bJzffOqTUBf)!CA1 zzGtU>%h&7w@q}RU%`w=az&yH%ZZQx#*1w-`yd;W7wF)0z5Bq+DzN3OW35wgZp~J2F zH9a*m2Ub{P3YwB_`evEtX}^e-P>Z*`jh)oEci&U21q}H<%Yuyh9D51*3~T0iz&UT$ zMYAu?RG*F$;V_hqifaiQ!LtMmDFJnk=@g#ug8yJU?!M8fN|F*>7XD#26KYv@N#Fu# zp>3$0Nx%(d$50X=b)-hGPGcxjhP^)$%hip_thGO>3S($Ooo*e6iW5@e2UXxMCL~g9 zF?R1t_hDBA8$1b$5L2ntyBVo;;lf{zT2O>%8^vs|)abdWuR@pm zm2h_8Ynp0fz2{Np;@OxI2@3+gRL6@D+e^37_Q-M-;E2so#TZcut8L zQe^E`^OJ0$zVvb>3gAeKM=P+9@NP)>B82VZ7Y!u3;li$7C?#yK$580)p~_|%0mq$m z8mDEoJKQm&uc0cO(=3v?23ESb&N1#{Ah?|wXar2wkmrgKHxXLAMV2`+$~%93?hOJv_K6&L25N+BRx& zgeg&gPy8(^9;pz2id2`6?difK2<`g1GyMFG_ka7j9(pb4eo+TFegmNdN+q?72wWz$sdeU3eQli5N{7!WY(FNhG>f31KFC7@DS`8+Ac%-8FV!bk zD482CnYD<_Bz6VSt7VN^-(Ow|)kM?POarXk!~`;Ebx$$IxB7I`saWQD3Iz|8OT-K3 zYLUV7L$KxBgpJ$A4a2VFl-lK3F_xh5|UJWmpWJykbK7{`GQaI4i)1WEX38H z*O>XA-`CkPz5$;B!-a6_;D8-?mI#+isIP;S06E_^@8Ts*7NVV9W+)pSzh%ubC1Bs_ zC^~iuhADCmo(}vlyz_Ku?0(jdn@Wb{u-q!BzX8~cJ?*06EldDl;*6ONxu}5>O@W*0 zjxx)j#Y$%SDT2I(^B$Bb?~~%7b6JYx@r)sHN^{&HxoGo}!bS8b{c}%4Q`GDo?STl} zo<3}vU3?io1Hxa&a(olSF!0q^|q!pW|zR|y?(qlYF{x-+paz2C9S!GLlw3qBnZUFE56>? z<@52Pd&_T|LW@VN;atzj71arHM~@B-#t<;$iX}8{A-ukL)gBGltx{z0J4B)1MQtVP z>_43{0K&$p4sB}CN0ZV!3IT*yK zm9tg(h{V1D5V`K#DKf8h-|Hlcjtcm}?LU3mTt101(;)JUT=MWgX%CB^?6j(yCjQ;| zt`hukMn^^-^+SJtOsVJ(ENwL&Gs)HfD+zQpTlgv33ayx9#9h4qwG!givS>khEigUc zdn^>0GpBy`3yI}ydACy^Ul0Y)%Q=Px+kMyxw`@i5fVWxMdu$4;=A2WQGnxur(ff=- z3=xqMEO~HfDWc@c*MY_T1vY~**Tt}GirX&K8cug!a#Xj)h5%or?56_6`ZlZ(1Q$~;4I+*lR4!pR_9fT2gU+}*U6%J2`E&Jfb?*L)vl(zDs+z8vdSkATRb~8~ChN-v z-f6EDqN)sXXH@W(<)5ULPrwySw!+(GhMJP4c#yW5gmG>bSF+yOCB3S&AOL|5-KsKs zB#4_0PQI`U8~RA(kTa&TbGEhJytGvEkl>UIYFAj(r?NlF?iRVv7d2x|8%|)k>y?$& z4rD}YXR|6AzD3m=KH4*sK;S{8jhMtFjES+oGpqf;w1Cg5o+^DM@l^V(|;uVr)^aO zc}90Dc8ItoiIL0!6q8Phc=Ez;#2Nn75{=(&rH?9@`k5;&9p>W!MJX7=;~Gfoa@D}W zcEgv0`D9ZV$Wl}1d=k;kCo>oLgfe6S_)8-QH6(|&Kofxv?ZP47WCi-3x$?fax<8nU zns6y#12}AP4(=rAHY-boHLp&(w|mgsW)8uA;rXw`2NR{n^1nXq_|uvwobT>NIi?^a zBWABNOGP6REV9;pYJx|av)O(TBZ60HS}QerWKh;iZhhb}K)S3E_Z3*ZMWkOL+9)bwauzQ{Y{`D*La{!M>r<|X;@23;| zm%mO>e06Koa-$`(6JWyGIBnJd^Ka$VGP7psM;3{QlZARbnM6tb)GXrP)s2EK`+v;{ zQ`z4s?9G&}iF3-*$PnrIPw)aJba+>L4og^wDAK7o0OfDv84GJ5OIG2;WA4rhk+F6W zU&{=u>GuRU&U)!rS2N|jXq_qqml!D2M$KzWSQL-%d!mk_OB^y9G+4||;MJRuP3S%w zs@|mC*P}O+OKUEDu^D6MDQL#t{TRt1SQ9AI*ZyJ-&q^{zWY$nFZ5D}v3~+nt>>B!K zyUzl>mmC}A^C&aicIT?F%ANC0C;dSXQ9T6^>AH_QB-sNG%`ClpPDDyAGz0_S^t<3- ziwXyUDpWp-k4S&aD~_Iy+OadV*i?Mg)Us4Ql}X=@1vy#|7f`5gqk?tx1{r9Js=5tA z;k90haoi8Fpa?T|v??z^oFhK)9}LL`ak+5V$9l)iC}8?3$YnRiMk(vd=G=zj*XM$iKJ?Jn5N>d_>~x$4hiQQI07u;rxz0yvyzUz&*I21 z5h((I4O7cQ@UB=-5ZNdaE3rX7S=$G!scBT13WKoci4>{D6v(5xn&&6QMXPv&?Z6`% zLQ;y?B>7#K?FPkWnsDw-JW(NmjF4uIY4*C`C?;ZdcW5-76$GxO=Z#KkF3}5^MYUXk zc=bBOGn(X8W0*tDNK3Vom^DZa%qjmocjM_twW>eDp4Lld{P|OiS1)Rx1;iGkOmbqL z!RTvW!XoY}o`P%jeor1oYC6tHX!ATqgWhCh%AAPAC{$T0RQOohs0DgZ9ULqpkW0Y~ zj^MfFW$~E4sR#s9;bmQhqy!i=rI^^`Dri+!^sp`4vvI^UdH6KeU$ky`EUxhnmBGw8 zI8NE8F%Gyv{7*;!N$KzY3ADtSUKw~TgbG3UyI}&CYFKP_nKcL3m!T41UmQF-far!XVcyg z>lj>O)ab=7%A)0kD`~9(axfmrPq6?v1s&v!Ccp(-Vbd5*({OcM_rkD$U z1h>KFDv;5lmIh~Z{$&5^EeAcHauP#{`7p5eIU>Lz_!<0dpCLMA&2sqATi(xr3TJ0j ztGc2Qos%^pK=-x-VZC>2xwH-vLR9Xb2v&g3wRh2rat_$h88^DmSZ z<}{nV^hcl(vMQ#`%(G$hrM)%JtroIqUTDYMeHKHtjB$1TUFOt%&GX5romv-!v{rh# zw(uxgLGJeY5}+(g*ey@F9U*`6E=NT!;!6OrR$81Dz8X7=RcEZXV#$ss)|YT9IXvra z=y8%P4EfWi*KEjJ*?^VZre@NG2JBA~Ek4)qs!_p?zKUA)4XgQ4ZA$raQ zfvIR2p$wvIsJ^I6pI#5To3_tP5Q>{L7l?6m`Ov;X;uIs(INt_oeb)Xs`uZ1+=oa;g zCrKS@#eCsZByJO#%#0Rw_WPo@BJX~S+oP0BU^f0-b%_{I3V~XEvN2UJ)CMYv9GSUptkVR&EsHSQA=l(8#`+i-scou!>F%@%qqIT)-ihebko;O2o*X-D@c} zYvhrN<&O z#>)$P3(iF9%h!dv&{kzRa4{hyi6IR?9ra-#uw4Q+UxR|XORmx-| zd^8DsvLT(wFh31+q?_1Xc@ar!s;*H+3Eh-$Kolx}A=_uKEm%=qd4ViVO&M<(K_I7D zNa*)ezDpK->o!@dTEM3K!6#WCSfkLpsiTwult5aXi9Xxz9k=9gE z6$uGjahP=&gMaO$=;6Hvx^J?(be*GbXwcbPnnWfG#39baC%-O9o(~$MEmPAe@CH+| zH)dK20=Bib?6tUtlaibuLsWCE-$fU2a=jwS=9i!UkRXvoQ%Q1_5M@#E5E2rYuU6(T z@xcmorTt_?eZY4+CQ4gVxmh`2(!X%g@@SnDMzKk zR6hvdp@FUikJ|hIBW2E$pfGU62&GFytLhQp>cO?A#F@?}sPc;P|mW zQ9Y+#l|nNxMXSzH8GPaiiHEGiY}r&3^waoi_d86>a|h}Ll=aMr+z0(zZWv_-qE>|G zpT(fU^};dT*m-SfMPb?k3GyJ_U2ZI87=MyZH|B(Smd>gG!U|iP>mqEc1mLN=Bj@$* zia6z#ygImumdT1F|E}fa9`rHG@zr*6ah$4)+eIhkYW>M9W-W<>!@Q;@^g;sQZp4Zt zd;vBaH0bSTN8_X+aEd&RK=fEoD7lC{O)`lujm2W((6*$C*fW$^o4=j(<~c4Xqf8$aAyC8jPY@E(fww{`K_1DCAh$K`E*-Ir*A~zY89|0$pmRkd7Cjo zOu!JXO1=SUh5AR%GGvO<^YhTJUIhc1-c*#QTSrIEaW~F=ZZ~qRW^TLoZsLV$LsDf0$$t8e$pUb#7@n| zOnA!~4W%_ayjN@HBR&Fwm!ln0bEOUkSfR1*Zt})DG&;#m8kv);*)7@?sSgUDwUVsP(+a(q(@*jPlBpkN-;FlX ztFrt^-dkjMW=)cp{61IY)RGuaM5t86TNdg2&I^$w?Ecv;L$9m1IrtSwIAl7nRx35G zYMUW2@F`F&zZ=_)s7`;?C)-GZ(jeJDj5I!uQ}7%4<65*YegrX~?<7zL!gn9x!NU-V z{B0Vzr54bg7gK-@a356kxk}#J_Gib%1Ss;m1S%k9IkUpD1kH6r7gwM@1}^t88!6pF?_Z`JaR1M^)| z#hKP11$4BbH*Ut!tc8D)hX+Eyd2jA)X!duBt@3Da5j_}j?*`C}oYyc@(rL~;Y%gF+ zlG@u6m}|W^OI={4;)`5^vEw_qWXz>zaeev`*bhcL7JSlhRH}<6?jpcl_T^o2lJ?_4y>XvQGGQ!#HcV*?UEX;v>LqOlCj)hn-;lM zkh@%;-@Y*?&dpw=IyiSf1~Chpo~??f{Tn#MaF2TpcG96TN)Z;SeWm))q=`Mg2;|!_a;NJ7Evex`dk-);f5=B zm}@&})R+P(Aa6#^(@U|{*3C*g#j8-656^24MHIrep%}icJac7<>5$NOeWh)rAm+>y z$vhkUXtDWJVF zqNK4Cq&fwL*Zwc`nHZ`9`q$(MJ4yWU{AcNaKFh%Q1rxLlm&%~B2UQtn*&X=n%3tV* z_*M83(02~3*lSE3fKY|2CXkC_>b!-T#CT%S!Ia4F{qtmIZM4}e`z+U_y}^BHYr?1^ z*C>#=HjPvj9j@kCs4f{=SGNmOF$c<{$)RIUFA$)J>4;1yH{=A$cx1y)U~6L9=1Y$~b9SO}0*@;X@P;H}BVbi8+W`dH!6P48@4;RG)x@0y^fD;4aj7u6 zUlHbfLVJ}rtM}(UuSe-7fH)z;S3QQPczJSLibDTSe8Hkx37@v87y=54Eb8RWR@ z;$~0VoGrvsloni>2-z|@EhQB!@$$FZy-qX6F;*r!dqiO?*DK>nuHDEjM`FY0Ejp6#b7VF9@43^j8`9e`zR8bQWU`oRmr(6$LTA%#4CXq#!1F+O& z62)x!XGh*aXy9x^B|u1^aaH5dCY3qjTDU-{t4V!PqCx1ZNn=rGKqw&875orNvh9TD zYvJZ?1^@@kQ5}K`Cl=pA_eLPCp0a1j`Jo5QM@dO#ldXz-NMIm@lj>1Ekq3_Wt>vvI8vdgUL*JvKcwlKh+jAkncyIa8mWi>pMbBL| z_1rDz&vLED283SSB|m0n_>oo-pG8)p@%W^j;}}}R31bn{c)M8L3y9Yecl1q{I>pOm z^Fri4C#hL7%P#jgL3n6l1cBHx86kfb9DMM5#3c=#&x!1Tg?vJelZBzI^iGK5J4B%| zz0H-BqGNIaN-`NzBP3ar4uYR?%wE5h!g^C4z@~Nm^TmP;h^;6!uEuZYN_@%PJ15y01kx_rj%ovK8`m@70>c)mm(?v0&4%giLvZcGvfy3(E zK0T%L6d6uwGR`AnF|o18$UYqaj#NfN&@5*1fVXWvl<}S_n3q?S*>_|_gD^B5gJ0BH z6(#a}M^zOdN0;EloEUCKsN%z<%#u}K4I_`dT~O++8CUF9+{_f>Ep1+Fd%uaT-uy0Te%V#ASDm218COn1xja~m^GZ=` z^BHTD);@8w#(gm=C8h(Az)r@Sr8{VNX~+D*bZHSzsfoiFK|Hbh%z7gqC&Gzhf}?%S zTTqz(@@(ZETPTnUKRlXoX|C96+W{(;m-dbmi04%ZQc9YKOECDjFor@AoV_2jpI1Q_;Ri%Zo8(wIg{#dDeUJl;UjD8xZkDtnrIam^dKB0WSm%KN!YJYo~R^>c? zgCr-Md2*tP7K8%X53g&M6~d&aNSJa^Xy$APikL;xWXXYod&M&9KHWeciUJO?$eJm# z5=ixzEObsI(Bb}4JXB?QK`EJC$DMpN*Zl(inBIv}cug%g`9w41l-Alt)az&C3+-V_c-lH%eYJy991%jitF1KF;NkSt_m(~d;iRG!WG+>l<{0| zm%q|UNlZGgI^SP$KDG_8I{tB(uDPssT-V$P9mubrcc?opbyvjPRNef|2quynT%gh{ zvqC;?5SLOidKq1DluEEZuu-u>a4%YW$`6aD5TsA-#OQ(7#Yac$lzo-4d)G|@Ufs({jf zZ3Ji**31ZAUc18E;t3D#63f^iU!^X(c)IA=Z~K?!p>S|L*IWGFr6oW*bS(v*B9u&Q z%i9ZC8VXZi!X#g!!2tzHa}`c=ilH`ZyhZnYkN_g_R=*6}l{VU<-kmd6k8gJarsyfK z;X8waVCJ2LwUeZtDx^(v@+i>ht`UxyKF^**ac;IYVEI)(T#}n(C+m5~D)?^1IuoWV zGyCIm8}sx2@_O455YRGmV6*eJ^84j>J2EhE1N&q3bEgv$0uFBD<9e48@vz|Xc)Mex z7N>pg^YyVy&E|!sI<~jx^5Y^9LQyHE#(k_`DFS~kTKn&Frfd?1zA+k%)0SbB&oEkO+fdxDx#BT%@z&;* zuf?38vb4>cU3lRTv!(^uW`sHmvmoWLJQzU(U6%XW9-OmU5K}csq2S_VlNfx~j|nrY zYdWxoLOvho#Ic(3PnM%0CA@eD7fggpKRo<1uv*R#JHat{eYF#e4UE0|k5N^PDw^r; zl0<#;pERNF94_X+0V$1qPUqZoO~NtYp{dOfsj=v(9I{vG`~DmP%#`zFLux8S$DN@x zVxrbnH+i`*E0qs_oG?)SoG&tQU@~2a8)cCyR%3<&L)Nhw5X~pkj-u0ha5`2KZcg=S445&! zW=R5Lcq9bTv8SaYADSPq^LXh^a?=1O7fA6?oSu9%8Fj^VL$xHci7n-c9h0f+jZTRh4$pUA;s{!4bquD^Sf^=uRhl%j7NfUm1y zg*NMd4gRE+4T0R5EGS^AF|yzm=xc)psSR|{7ZZNb4qZ9*eG-kpoM2=5*piN>{BY?o zoa_ScbgVzc9G%6?m?!;I^IC70L0EIZm`3#Zt~pDY9!t!YgdlDEQ1n`@7G@iK!k9M| zQC~hXR43g;Dmq>hDtJ<3Z1ST~CUnAw1Zpr$*tK)aT+*M({0Jy*YljwHjpj9seT(RFHNc~6NDcO$Zx zOGi`9}YO7jF-y{i>0(CjF5CcuMvMOq^tSBYWFmyBZuwZ%DotM>wpaRx%5d>p%og=_3Bl!o$S>^U22>}ta)?1{C9WVYGq$t|7s>Z5LF6!CN zHku%MPiMp)87(D0Uga+p+6@W`ShS^_<<2Oz&ux&_;U>NVk%}T{U!!~#mM{~*x<#$e zUq&{}2^L3paoUtmI0cVYNlT)pFzv^3j4_|#Xl+AeF)1EW$P&MAUS8l~QsKpkp?z0y-0(*zPqG~rJ|&)6@{zVFUFSvC;5-uSK72FdDxY~?h=|^c^%p2DwFns+e3XL+ z+R3v>RyQ|L$vh&RVKWGY5(v)?Rs=1k+luV^>Se_WSgf`hkxh&E6KAtlXm+hHbcMy6 zGm3~Ehd$(MT;WQB#!5ONn`lOmELfI4M-d3_j>iMrfBiuQ5WM#~v$Y!CR~o(N8{ij+ zF6poPIE)`sysLK8a_J=n)jW%AVm|gGag|uB{%yc-GKVZSo(x&m$so*L^ZTF5FnhLx z_V|a?{DhfApemc=YG%P$_|$!M{N0{Alah$`EF?B8)IYT<0tu_?KqGx zz~w;4*WRC5t+JDW%+cY0%l0`1>p^=fa7_r*z1Hu;T3glV;!{!A9Cb;;@nG5d++eSo zL}fUc+y@}MVIkz<$suh@@jxq!(st$%j@ z4*RfbToRVCl@h3haA7{^^KXZ2qp15yj?9(Wl@J zl@u3~ytvL`j9zV}(&=@XwsVVG0izpar!G)F79f!)_0t$ZSX*E;E_{!))jE>UH7keW7YBEw~%lmA9yRbw%T$wGpZ60+Uwl(7UFKrhX*Ww z_sk$Sj*wNk6B+C1jKvi+-CmpAzKW&^YsLDyU(Tdw_G*Kne1dr3eTlaneUf=lEqs6B zTZJ*V=7G-t*lU9qw(G*3h8C!KJ65GyawFMS5v-&&H3?O#nmf|3K=nfP{<=K8I~du? z4-nb$cHrdpX5{vEwDbG~`F>fz54V$U?Bn+WY>&e|Hllf@`%+I`pJF{#szP-Hn?}Tf zMNP;IO{D*;g+i=}n3nO;$}YVwIGZY*?m$pl9jz1xw!eI@IE_S*4zFL)B0nCVXN#mK z`Ut~J?|Zyg*DWf?4BL?WpO`?z+B-~dO0`_{l4ma?2Dly72Pv0T%B&bEtr@brS!UYKBdUwDYX zv6_aN@{#oS?h%lICsH@eDJ2j2f$h_0Zmj;%Q3X6y{u+$|p{N;@3oDgYb~_cbZQ&;U z{^}S$CbKMzJQ0oeH09L{c$XXQ&0z z7^=hnbJq=vo&!`2F-?z8-OnVt5Wq^Urp0Bv>)+B<;`{%(KTMZdguLnF-xzVVUBGxX zj5F6GlOglpnb|;;qLuO9C*)k$WjEpsO-g)gl!pdu2SQA+6-T@6*qd^#JX6P3&;9A- zYhZY0Rp zomx1AxWPk2Sx%hU_=DN`)*EpaR{#-v$pE8cU`s?w2MA}^?jYIO!PwZ?mqj}q4j61L z9ckm78(ymFylr5H=S}0UQ`?10hDfh#Um+NrSvX8m4E6`6JSzzEFDTx6J&JPz9`Nyq zDmKn;<6cWF?l=BI4|sw>0qmyzJ_!YGp6~ne2AA2i8@R`?K z7R3M2g-p-RVRK!>AASV+-|X+nJ1-rf37xmuf{NC8w6ig?&5W;&Qc54@D4#5!O&EOH zU#vh4Eim_G9u`Q=SrG{|B5an;eSDcf^btuW(hZd3W92^pkcx8hL7Ue{D=K_*{nfY} zus{eoj%wt=7`xp1Cf=KUNL0MAa!BozMdVkVYo~@nZj6@=U^mvakc}V&K2hm94P|iU z@*e<5!WA5(a9Yb(^m@#uH{tmN!u5ThQS`lsM$; z^YK=pF_~h%jR@9PA!6CuG1Tt*FbxoNCZ4)yTGaOAFq+a})B!WIrbELEBs-4fAqvRE zMngdL5Q7K>Uk5U)l$|u8ph3TVd#*3|MY0^M-s^4NmJW6st|%c6FzRyKt{nmbAU6`0 z;@HL@0xp0fA`bKXp`9-DD(0 zO0zW*oM!4(^sL=PB2v|OSTVi9h~y#jQgQzd3)!vxqq(~jYRO}9CR~z9zV9o?Pb8e5 z`|I9MJI?RtoC4At9QPm370>T$WJ4!&g*V04rOOoMfZEM}{!@vxvq5B|5L^RcM1+ro z0bA8!vQNC1?-&JMN=gZB_L0wdQO7UES9wHc9Be8O`G3wQexwWOVtRNR^FdFL0tPw5 zT-^`1LoDTDx~~so0$S3cw*Pki&FI1TU8?BecpWKx`q~>Hti541c7Ji!q+dSV`u(`< zbO`}otGrUAtDZYCkHBckd(J|2Z>nKjS?)IH)y6suE&npT5b2_I52iKfeDond))3`2 zj?4eQ@T6PLM1ClMwcwD16uR11islCZe6vEtBPDT2W>yT}AzS_Fs|<0O_pobm!lNt6 zyIqopTN{yCu4LbhFCi78bd%Z3iPPTrVVAc*(g>z*O!LK;2QZs^X#99Ry87BCCO zs++lN&1s>1qv2(2=M~#qv~<$v*4tCMh{Pxv8Hlu6NvZ<{4M5r09E&h*xE-g+8VwTl zIe;tBaB%6dvoUP%fGcovclX0?s3o`A(=K27YjWwk;Sl;V)+v0}1^kCW4*Ir)=PJjx z>C>U!=ha$%Peh9K!+qui(}oVlqO@JxQG%i8F4~zMQEHsd|0hu@58mym))vH-4s~(Z{QS0)JKU<1s#XDF3*pnyyL-tx$O<;7Rww4 zilKI~jlpVg4F!QMP?!eeYiQ|8Hx_UiAAAT6{!UVG+F3AIJ_!Uc#J#Wc{hSZPTvjic zvBjQh-%R~qdJTRZK`T&OtO#8j!B|}31Rd&J_%YEq6koKh@W?-SunYb8VI5X6b;61k zXUbSEu40ieV&KxftxsB$KJ&vG851<(LCnd-Fjg`+SE+}BQZbBFRz55g&LDOz_dkE5 z#rOUxP68s0^2;v?dS{yMX0!1L6{D^wGoGfE^m-n)`3nrGO7YMBBFI(aJ*$J#SoMg5PA^)Hp~JE-lZz{0;ttGJxv?flvy~oD2AV?1?jy{Dx^ccOYu!m%&GYwAML2uwI}k_bMn{$GaDA6q&5FFu%1=BxyK1@2lw z$CdDF^Ut9uPoAvEJ0u`yJu$Fe%p(%C_aWL3nX0U?Ja+++SvU7C4+nnR(`DeHwCFZp zjx+zg0?Pl!DCfNRWv_m?J{XIREZAbB*wI}Ad=_+Ek;w#Hx(nQ*`9NID8`)4dPCo6F zy9i1rlZ$SAf+>mTF|QpQ2-p85Cmcp6u(!|8m1;cb)8Q4;cWr((x;5ei;7FAX7ad+dCgC#B?I>CAhKc)?sxu-nz#1%BPT z|K=9q^y=$HZUz$Q+`L|=UMtGm_ovOC$Z;^a5B2g=@;}|k#(Io$mbOaUd)PfJ3)CY_ zRkEAKM|c96oJ~TXxYsfCd6)z&ZI&Ec)z=ej+-Ipa)3K|A!Je5V;h+?_ZWQ`3gFge| zQ733-3(HiOi|ASFFm^q3Nt&d^8H|ou+YcjzfaeQV*Y?T?s8|N|;EqOL@2(|Dx+>9mh)W-Fg=BRb0X7PDK!vx4of& zwLXaffxD0!Tj};~{p_CQ3}dZY85nxOgrWlM}*nhE`gkFh3wL5qUgV#h9c&F*W-44_~~jWxMKrani68rX()&O~2# zF?|Q-J^G7I*mX*_6_;Sf{|B8|Oa{l=|4-@(xpCZ`aui-5mioW`se z=H0<i+d zz#7(b?{auXOykpYoU+*xX_e3LLGRW>C)Js=w0#1U=5-b-iYYwUh&9ir(q#yS3Suri zqfU-(azaM6!k*V)2x8b2@Aj^<|=MtZ1Hm z3Bym<53)~CExeBNO#eS#IR~7=t>r|$v@$FF9Y_{VVKDvxiUk2UO zI+zb!HWUXM#U(rjf?>lT(Gha&)MuZLm_UROl_gx7(mq>*E7}1UB1!d|rrM2*SY*r7N(02~W&AH)+2vpM-hf%#M7h;1=K=hkG0vVPBcf@K!=G{cv}{%? zKzf7(4Im8tGZB`1N$$j7N5ngn!Tn|yikS}l_imiHM#8PnoOi=hoY9~b)$(0W42HV% z@RI2SCZv=`kh+wQd>6MoBA&CPvehlA$<$=&@7LlFKy4`#W`0eKshoi{2n@qn^2=Vbf(EIq6Qtt?NDXb0brT8%PN!4Pao8B9E=LV__el54>M+eDtorlc z=jx9OkGa;w=J#r4t)`pv1CI-jkz#x?}`m_eyyMr8Ta5Cas0Sjn@q&jX-Vk zrtk)NNXFM35}hC-n2bBpN@R=uR91`EAr-wF4JI&0A13{N{iX?HR-Gux@C!dv_&p=+&x+CW@P*|_z@VEcBOr$#gerTaouxI?{ z{d~4=w#EN$V~Pd;Nf>G&+cO>OkQTKvjJp2Db^#kQtBQuA`g0;OVt0ibWB;=0ffI8V%LR z51(cb$C4(Wd2x#35o{(OdbMY5WaPMHh50IxquOOyHABGoU-lu;@?Z8*NaJD#1*{Hz zM^oZUu3TK*-1a>=TPbYB|K|RYK``g2SCmdDf0}85&dochWidO#!Q(#|Z5f*9 z5Rn2RTPHUKUjat3>CAp}OGFIW!;SVBPGTq~Z4{W0JQ$)?+znykDvh+>8K9UYZ&%qc z4jF$>Nig?Tv9|W3Y(6(eC)lU@puGpivq~6rkgR$&MU&7v|DO|dEeei0rRoU~0;fk) zPMA|tGXAfCt&s>&n}32fQ7=rAZ_$as1UGw$1!$JQ8_wy6Qu1djnI|)*{D5`-+7~LQf?&rE(TcR14_&U)slAZw0yTd{ZPcY9t}DZ{7Fra z8Zl;9m%8~D^=j$~nJKu!j0#!TQ%#u8C7mxnyW2r;sfSb6a6Qjo1~)xZVT zd2iKn|EsLK3~Pd2;{XoA6lDk#X^>Pv=?0}k5C-B)DKSczzwy|dampK`h5F6|NH->Mr{&>%*;cCl@a5jgab4vC>Op+ zuH-ywkiZ4XXx$BAF(0KkGcRXL*fKA_EVF}nF%3`_#z;bu1F`}^zZhh4n-`fi-s9>g zyq`G)L{YpSr?z$81IzDfSC5)qQcUVK)R3%A*o-eT#luk}b=uQ+3&Pox1Z;i3|FuT* zzg*@Mu{)wTl};$IXLz8&rw^GRP4do$zvi&d1o)G!>%yp4se5b)KFgg^4W=$E>gxmhm%bK=_Zpj4 zYNr4@?yjgQq^Oxu^`)9E*Ah|#XpIM^he}B90}XY|KaDozho;!1 zp?KnGsCt`9>6&hTe}<`NI9Hlw8ib;kXIC$C(6#Zf-q8bg$z*w{V$Ke*R3Q;jSFf(G zRzt};%qXy8$MiCnPrsXFg+kCoCpZQvY#PPUqL9Ui3(Q<^wmnS`FtEy6zJB&f@~+z& z5^Ip384T(g=4{sI|4=R4Da%yK9JaZ_A9q98Ri0>4zI+x$ld^mp_F!x?Q-O|8&cv?6 z-GUK327ZbyORX~Kt+m~J+syyjTX$RxBCj0Ve7d}*2prWxwj4%jyn!lP0Dq^_Bm3KD zwlj#4^iAkvVkAA81}=(S9X7Rf=6Q{hdT__RmrG2=Lw`1W@VKr;a}3ramY^SCDy zXz7iB57Z^jvtH6pxm3vC_aYdoV^Y!A&<4?%Y$0Qx+~|lq36Pi#Mm8uY0XH(+Bzd8B6yt%5^b{A9?7P8te&=l}V7eqw=!~`qYy6qOVz2 z@cffPg2^+VfwUZ*{c zWINdH!zurmtR@8hY{%SP)3}hMbSSO6u&vy#xt2M2DHP;{dL1AXESIhD-y}u)_%D*8 zjr_*Ap~~`&0GqQyyK92zKLb5Sdivj@Zbxh3W* zhvdZ0%K=x9FAYPhsn;%ah$aP7lrMZjE2@1hfOaSgH4#Y}&MmSRtsmEUyoDNedL=a0 zaX=FfGEVq4Xua8vph)9v9b0%*RyB$5xT+VKh-vUo&d9W>Q*a#4CR{(a&qJN*`A_JDPc$BYDK&N^&C6 z=o*c!Up77A{91o&C_gy+YJONrwA`9q>+0#BnzdxkoXRiHKLe`%odG7}QycIE=;i9R z%||;jymuGqvCbMaYiOjGgpbgUgIiY8ivb^(9OZWm3Su7^!X825 z2a#-}bJrbVQMaY&3X|8=W6^@zEKW5~pI%u;7rcmDOa)mWdLx=5Gd|E5q*2s}!PkX; z)RUR%6T7u5!)YYogO7>D(9}un=*3~hJ=81yi(LNds^r}AgP)Zq6+UwUqs$w9EUOMA z5RaVsy1a_uG>YwT8S z!lO*`x!3g2h)(x$_ z^~7fnbm(yOV?$%BFK?x|x^h%PgVgiQq$O7M z4VFN{na8gT#tP>7Inv60HaZ!a7TdQ&f-}r}NPpZXKbG+J!eXfCW|>ydq@lZ45?l=3 zj`?IhdA!>QhnKnfV>Hph4^wzTsmcd|O}x@fbaj47daACI#X3tvVVKtM25-faXmVQ7?3Vc);j`Nw|mV|H`> zG7Z`GNfN)7Y!+8br|*YD=oxCI1!7EG!5Lh58Fa8*y5LHtvC~Za*=kDHLYyKPN2d!N zGBI#Z`cPk4W}50x-qj&zBIEtMTs&gZ-?gXMY(Nfn*m$j#jaid&dHt=(qyqhhDLF1s z-jPA2kurBWWMEST>d9IAu3sn^{_l}bC2`V7GuhoZt4py#fcIlxN2fVB36IBcgL?A2 zB6*5GoA_RFW+nE~5wmKuU;JZZW2G+;ry~oq7n?Xj^U?CV%9!S()$MIU47=~%9`PL5 zW~-e(x+#X8_r%t_IJ(2KyLJF_WAXHT5kB2}R#buAuR4S9H-sZH)_tw|BGi*##+8zB zYu%{TIsDF<;Z+P0%cyLc6^%OhERr%Ot9m7kgVM(ad2%uKqrJyDw=r0Z>#+(`+B!I^ z?_9PA!-0V0&}O!8e(M5u7<~QI6~Fv&>!RTVk#HnDPjNnbUiIu&@kPx=qValB88jxp zhbu^c#EtMn&B7i*&FlUea{!AkTy+(~6K5CA2LPWSz*2~sy`J9E3=b_U`D}0}Is4D~ oz>6knOgt#I3+LOvu{j~%Xn#;Ef5A&aa&hrSMwf-;{3^-60BmvZ-T(jq literal 0 HcmV?d00001 From a358fc1df9404ca557641f3b0cb15fa56c8b43db Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:23:46 +1000 Subject: [PATCH 017/148] Include subcharts. Everything seems to be pushing to dev --- Chart.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index 14cdfc3..d6c6e0b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -6,6 +6,9 @@ version: 0.1.0 appVersion: "1.0.0" dependencies: + - name: subcharts + version: 0.1.0 + repository: "file://charts/subcharts" - name: dns version: 0.1.0 repository: "file://charts/dns" From 912b379cefe3b02eac49a8f61708abe009ec1b04 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:31:36 +1000 Subject: [PATCH 018/148] Scope DNS to release namespace --- charts/dns/templates/bind-master.yaml | 3 +++ charts/dns/templates/externaldns.yaml | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/charts/dns/templates/bind-master.yaml b/charts/dns/templates/bind-master.yaml index 4d3328c..3facb5b 100644 --- a/charts/dns/templates/bind-master.yaml +++ b/charts/dns/templates/bind-master.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: bind-master-config + namespace: {{ .Release.Namespace }} data: named.conf: | include "/etc/bind/externaldns-key.conf"; @@ -51,6 +52,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: bind-master + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: @@ -120,6 +122,7 @@ apiVersion: v1 kind: Service metadata: name: bind-master + namespace: {{ .Release.Namespace }} spec: type: ClusterIP selector: diff --git a/charts/dns/templates/externaldns.yaml b/charts/dns/templates/externaldns.yaml index 814af6c..22595c4 100644 --- a/charts/dns/templates/externaldns.yaml +++ b/charts/dns/templates/externaldns.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: external-dns + namespace: {{ .Release.Namespace }} rules: - apiGroups: [""] resources: ["services","endpoints","pods"] @@ -18,6 +19,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: external-dns-viewer + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -30,11 +32,13 @@ apiVersion: v1 kind: ServiceAccount metadata: name: external-dns + namespace: {{ .Release.Namespace }} --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns + namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: From b2446584aa42ebf61f5bdc66ab2ac671a789f920 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:34:46 +1000 Subject: [PATCH 019/148] remove prod for now --- deployments/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 1451599..cf86131 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -5,4 +5,3 @@ resources: - manifests/00-namespaces.yaml - manifests/10-repository.yaml - manifests/20-dev.yaml - - manifests/20-prod.yaml From 06ef3d543b9965a6212d31f3a79e0d5242890708 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:36:41 +1000 Subject: [PATCH 020/148] remove prod, add mariadb tgz --- .../charts/mariadb-operator-0.38.1.tgz | Bin 0 -> 82024 bytes .../charts/mariadb-operator-crds-0.38.1.tgz | Bin 0 -> 69872 bytes deployments/kustomization.yaml | 1 - 3 files changed, 1 deletion(-) create mode 100644 charts/subcharts/charts/mariadb-operator-0.38.1.tgz create mode 100644 charts/subcharts/charts/mariadb-operator-crds-0.38.1.tgz diff --git a/charts/subcharts/charts/mariadb-operator-0.38.1.tgz b/charts/subcharts/charts/mariadb-operator-0.38.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..828bdc5ab0992a6222e9556627ba006c09b17c8d GIT binary patch literal 82024 zcmYJ4Q+Or7wr*oPE4J;VW81cE+wR!5ZJQn2=&)m_V`rV-ci($%J=Rk_)K_!XKgJ}A zfdPR0X8~zI=!~UQm`$bRf5>@rbC|GcFq^4zSnH^A|4`J>_#v-pXJhPO=B=je$S-AX zXAg4qwdJ$jo=uGK;;av;qkY+wS4MkHzqu%Q-by+d#j|TgPLXx)Mk$M!J9Ft58CRFUW+L4p))-?z7-EU*O%r==XEXS6^P>?_KY2zuPy# z;On-h!Xolm(Ralyx(;>xZAlfQ*g&CFV>E)0oE_BI!^ipS$=&J6xd};@Xg`2AcGIs# zY%lVAmJANQix$}EeRiR5m>`&+XD9&86|EIqP$6YG?2|A?CM(j}5 zTZd?rlBWBjNEL}BZ_n}G%t9rXX3qyr12XA7ZMO6%`|Ga9v%{_syqkN*aTqMyl z_^-X)Ev9AQ&R6iapcswHi*MNE7i6Rk%bu1^tgYn?U&E{0U)Q16o8QxU z=kS5=_zu2I`9xROePLF}H;x~My=%N+x4)f(0||D`ls?kt3)R zHZ(TNAXZ`pQ82SHzFd+WUl?jG8PWcP5;GzF5W@+)_CPYZwtlV@aY5ks;o|64OUIty zH+QFwkp+)Ju@P)J4D$#mRnRg7s9+ISw(LIFF#a!)S8AjQRx#9qpcb5cun>`;3j*05 zMqPBTK?I0IGPqXJ5iDT z;1gh;H7oYoij4ziSq|O0IGecmpwqE}xL`wE(Tp6uVdg9xVFfE9iz0KR1<~ukkWRrk zVMWpZy7L6PjKD!>QIkmIG1HJbab>{E1a*t$!l#N9B0+H&6|WNnEvl$xsK-!^PoMsc z*};PGXW9BNIi=WsF}V5YVS2G(dN#PZ5ozt|1DXKC1-G{Lc6PkaORmqcd_S08UiP13 zLcgvZ%SQ+0@qb>SQ-HE<%ogJg&0O(96(5xzL8OiD&zcvx*rHeDL z2l2N_g_0zPQN;T*ZJO``!dtSmzNZb3UA{ScWkEu$7nED|L) z>v7IS@|od!tZykF${JiiL^%5N0*p=U%V-S0Kap%~S!`Nra*2`u0hyPx-yb@Q5~IRE zUWgMp#osH0al$VKq=pq|FBu^X-SmTgON8_Y1!FI=L|J$-vXF_5mR*q}9D=Ygi?fM9 zsx>vSL{Xv%Sp~+Ibp6hRYvonihK~)O-HOUcO+D-~{M5@f%y_t0?2J#b10@MwF%4qHo z4lbx~AFcrrSzB+QXVbLj3|D8q1p^*6)dg9dz5ph@WcIE{Sj>luU>*gN@hFOd7{}sF z8yRd5R!M9Or4mm_K9k%2lLQn${NL49fzD}Yc@bBJLAV!jmtzxBNpTtFt;rupWtp2&q~@ zZBg$Q%j(nJ@1r3?AlS)rEz_E-4#+7%vzVAnqYDG&NXKYKe27+us@}*$aaHBWe}GSH z=t@V}P&H|Bq~#4JS>#*@{)kN*gXm1P#3e@6O4QZflTrndz^?$YMkA)68U=lXAW5p> zrR?9Q2u`qMBi|4wUYPyyw5zx>S3svjIa+Rr<&<0^JrFMd?qY6PR|QF&4qiSXm_)i* z)*%!?I=9~9Ew(gX;W;4-z`)px4dx49eoIF_PGZv9Tkgpu9Xs+XcO2WtWhhJcCfy*$ zC5hjFNMV?C$k8D-$3h;`HsjZbjupL>4wvX_V<3yKYvXUZ>PNRf+0sQBJARdD5@cW< zI~@@miltmaxOYF8M}=k+q1$+~`T2?1`^y+DgxY*2MJfggjwdGwD1(MFOc4Z1mJ9?( z8Hx0vK5&ZvAsp0z`syC|(GYTr{AcF{Crq@FE!tGZVl-eHlExs&v7vsBqG4fWmaZ#+ z2FsG6?hO|r(;2`5D!#%G0WH$lBfbntvW`d}98_+b_7*G+DVhkkX^Yu{2YJmA`MbSw zM|!&-Ias%(iP{Cc5Mm88iDRBAt8Izg{Nz{;giox?M(WdtY?V#to36T78_QXm;r&a2TK#^A`^zfqXnly+ewqr zUo>1r<>+J}9MfHA+SD@jsGTcipn;HlXbPI1L3LwPV6}y`eWT(JJ*qgTc^-W@_07s9 zME^-^lLJYe35h}yAbZwUSQd8Ialz!7mJyt*sU+V@Nu}Ci?m);7FkX#A&}l@jfRx4h zSq81EjIPncxK@N%vlQ{P5UGAX@@_R+{b-WMVfs>n*V1Z=0fTlBvKg1JC-$D0mg`nB z+^EfD9;72f6JDyukOr<%G|7Up5|*LH<6cl9Ltv|=laLf@V(o#8rO=OuQBBYyf3eC+ zfui0`;K}?PRGrF8bE~Fts}?+A>j^00cqh2aDEp%vc;d$Q^Riy`{%G7_=`K@VrRsPx zP*?5#Oi_P@Ph3b|hY+z{dR{eiUWOwrA|+wA;kqe zBNbald*rtGq$NrpkiNL1Ii2X3>k(u=alfLJDDn^UsS8QuF<lM_UyIgqPJf4@3`i z4^syg%^7W{&QVAICijHETl#iLkeKT)S`0`SH!M>Ip9^ucdC=tJB6m&n#eZc%_ zBpl8mMiI!4G^U+uV=6N=Dw`8H_|>$%Un8OjJ_UZ0e3|kD#M*-!ctBUrfOZ8_rYQ}& zC}X_8w}})=nKR!WCn6{pdgUnown%xYHxb_`Iy-8QnhZKXn#Ggq^8+-6*|@jwjNv<%6Vr+auXa#X zVHyj%HQit}dN+_Nx|)Wbu|*1mp1A^x6H>(c8dX1JnZ>32DY8g&F(|Sx9G;TxY=oau zoT`W1Q=PLL-3OW#RHt{y3n-=NCWL2=G*hFqgFMrcvW@C!Sul(Q!6v2KALqQdPga=8 zo-}FY{lQ0%LO~R1N@c48+tVhOTpaZx)OS!pT;C2k^7HB3-G|RKf+}<`x?ZaSzJ`aL zh9j*n#bi05^5gd=+Nd%|#dO_a2N&g>(>SqdSw!Jkbr?1o z-+__$<3zdz2@1C+B*70Muk~cd0(@@~7; zMsH)KsG2)7k+Z?P+>L~f&OJ>fV69QwW z6t=7nf(5@TUyt}-8A$Lk8kK(*i^h&Gmw}mSq^})mnk-xSZQp6*-*h%J$uw+6a*7jD zu9~tqT)ic2mPIWO0BM2 zmcN=_t%yfvZ#aX5J;6(YPn0Lx&m6|ipK~>ZejNz6TQR;VktbNOTEQasDpJi}Gg--@ z<=rT_5@|>woJiE>?`Icvcxe6cqk8P%2**n&V%WB|m8Fuvjx*og0CsFVz`fL};XA;# zusOSS*|vRMp!#Xn6;z&pax)as)lY9}-;rR3_kHocj=iUc$(Y@EP=`C1W`A~6HU#8bM}VNt!S<0h!O8?-E5+Z^EoI<_6W9X% z3INqA0`F0{bhMC*q_x|J!Gz&WDsWTm%Vi?~>NoCnyeF2>&R@g(^ebNEWBqG(BJY60 z@m9d^Yc~E_|1$wug8fywwHJJ7qja%+H_aSW8+_HJ5v3)t_peb~=5U0!ph{)}bVq2Z zTK;QUbgBV0RnVZ7uCs5$A#ScumGZ7`aP&q~^`v&g2NT_a1w+f5=7YIw^yab@G>5V7d1cJt#-4X}fz1TlZK}AdJG&(+@b*2!W#|^7dvXww5}=LVw*QS)jFvO zp{X+>8%?qs1_RyDOP=0llvKnAp*Aa+ks{{}dCM_&D&+F)p`$(|VVQCJJ+&_>G*5+Z zI)qR?K?AUucil=9iitS?yb?uS4)kl*-zG=mYl|v!67|yrlKLkX*_@H+x>_ynF5eRw zUAOfU9MRbtF2ScVLq`#7VM<#ytRJ+ewq3&)*0wwMBQpZcJ8ZXY*F2tzHB|0|c`q9c z%@J15_TgBSTKMghrIs~gR4b&!*3rej__mYto4cXj6~`FeNswS>N@G0ONOmw@*$@>j zzf|)_Ky6Az_L(T+R@nX~1lpA{Xt7Uu{2mhM4=-auNJyIEalwA1@#cih?m04v1%W?I}TZ| zE<7)+WqI^}KmId)ov~F$3l9O_KVfr~Y6D>=kp32P-Jhv8HmcFnR2TjeSOTV3m6oYwP|otRF@IW*j-odjJ;v!EX&*(8pa5(4yau)Q ztebLzH;<$Sr_G?~>;wgXtD>G@7#Qg7?sGT2Rl->Tsl|$@pYLWFRrSDS!+RrBB=I)y zctuiV{%O=(CfkKBg|q35Otkv#euL7MQ?8 zPYKV$^FEtik()(vc^a`+?AKcs`pxuQ@l_9L-2=4$7VKfG#xHXge;{kBzWjchIjfg;S31+rf0#b9sQ~gx|Igo;22q z^@g;Z46a^!i6H6)nA#5*RABO8?%IU0cbuu@P2}w&Fyt%aNjqzmgD(leD->s2cjfO{ zT&+jEGb_m6M2R6Z1Y$>u?h)yqI2E`40OI&5|D?s|@bX2(Xs;q`_@=`V9Q6?3ODiq^5pv1$VzM+amXuK9UC>1Z+AYLt*o$K>T0;g>>wozhN_OR%%p|I6 z{y~F|iqaV)M!Q;`o|mKiVr120CsZ-0?@+MH`*qnH%6%WmUfqUl0_DDoJw277Hp& zVpViK4K>}9G47lPRxX>@$9>;k zoCKtot56AS54T^|;S5_(Tx`Y;6$x(AzV> z$Jy=a<{+bmQ*tl2+ncDP3lDE&55G^KkL&&TX>)xbmq_2gCa8j3vc5~2F~$DRN6NCM zUcfki(MASxi zrcp|Il2XO02*tLqMXEEaw5aNr$VJUT<17>{l&{SqPpbSzwqkJEiI{`FLG~(ZzbpK- zGT6-m_=5Fz5_Qf*IlkcxyB=$})YG(t7iZ~YhT(dtaTGot)#7_(Oz0Fu<0~hu`P3OS zX0t?FmA;sxMYSx0bhQO_jMr%AYcGZqBsItPrjYdVi3m6!i#Y^ZEe0}w%5&7U+E0A45i&)#B%H7>ZHfYirUV z68rXC1Y*xsHh@dTd|P@34paj7e47Mcf&5aFpMn?LEYb6Vk$4iG9Wmp_7I&39v}+-& zw8i=@W`q#~BjbOFltV>4$0Kn;7zt513hGBOhH*SBi6U_)`tpeI_x(o@KAU!f-7ig!+2K%(Na*_3m}+KrD0q&~yT^Ia63K&GZgBI~Q(>F-=dp*qn1fjs`rF7oS^46tca#=aKN zv|vH)vG9a_lorrs`GS!~5OX}s72UZ6@CF?*_BXZZ=R=Ehg-Ed?;3p0!;_su@N!N&Y z!<4s!G&3-0KaTv?x@iRqn(473cu?AbI!r9lMr$lb`J`NFZRcIZh$jD;e0FQr9iOz? zx&X6-o9rw445^XkM(dfgdI64pw9sANzr73aS(lzcn2ld~Rtk(+HmaUH!JeUE_th0; z52P-Te99me54#ZDa156CgH4XGsJXK zNjG7oa~T?A+{-%8Z9L?BAJ@a6EWU}>Gpg>za6DbJ*zDN&pn~*REjsnms-C7uya+lK z!m4`7y75uCKw#UIHtj#5epn?xb1#5JUy^)+A5$h6THzf*)`j8?W4+rNIS11Tqp<&LIPSXOi_d z!TuQOqWI2;SRI?c@0?PEyk}|1hP%^~8->n>TKoi;3$;2Cs1R;KF@XXQQ3pt4ihL@C zjE&7BI|I6xfa(ZBvyXw6zPE*yz@1%hf&WxkKdW~^t6)JMhQIt&F#6L+b+UDwR-Mp@ zFNJ?Jt||S3N#px0?kW1JXwdxZ+$Cv2JLoK09l(4DO={6Ug*owJTJfm!Ig~q zs5o$)_pXQ0{(BD^dOqg6phxs`{a0!TX)? z{Vmd#rykN@cVOqc9D){4<@VbAaI5Cd{p_iq{rJ~*+xJOB^@uS)ULmzehhYg$5pMjG zQQhpek#JD|Xe@fSU!3TSyzen*goa3kh>v&zX@;NQEV*<8x5&`)RDO*Gfb6BVDLzg2 zE^BABMlXHLf^V}fOC38kSwh3fU7lpdepa14yjBW!v+Bt@RZIg(48BEL;o%NuFvt2qh7Gu0Do(}lgA6iLND&a-mxy$AnG#-M|u0U&XBnPF$= zbd%)d*8(2u1?oBT3l)SdGBk`dW&9CiL<8+>1*jd!*_CgDo_Qax5yy8AP@BE~ZujWK^)}AP z8CUo1a~ZJ2ZuRhAo#Vu)`*I}IRx1oa%hbubRKyT|O)cksFmukjsC}m5*zvxtSM;BX z%SfIM%jqsyaod{nEqFJRy=BYDO2-havR3G06@22J!@gV7t~VbOJn(MMd@*4ALY;NJ z2svk7tag}|)0}bL!PlH|vi6vE)y-TV&P}&qzh(QXa@4!tyJRiszMyJzW{7xI^e<0a zZ=V*c$u3yovur{tcxR`Q%dys_)L!{0E#C-hRFnVv#pTHjfc}`TUKea13na43_#E)? zg!-5dO&vD}p1Xk_f7yoEGUl=GaqA0MtM@m^QZEPB0$F9i-&piz&e`=krfCpMC4HpJ zIF_FDG_(;LE|#Wr)cF6FrIv3(_vNzMJ|^j@WI6nb=&EIHd*z!cOT$d^j+~~$`jILf=>PfxM#tM1WerT|q~#BDPZa>2Z4A1BOd@*peM{2U%Obw+{rK1OlMChnNc zxh;7(k^eCAW5V}Q7S+&o2(0bQto)vi@8FNFKY(HJP?!W9YX)iU?iCK_MOU>;`gMKw zz1I6!!}Wvy+J}I2$}$M(&)LIv{3QeG*LWnm@XWugOR{A`d?Ma0l6V-6E=QB-XH@tc!;+BN0+ zqw%YGe*D1kwh*ZM^xm-cdW+=?`L#C}6FLO^FrMlg2@IH!9kJmEzEpzvp+{?x;D4PF z(`EbGy@V0*)sQCsWi4d;9f8#|`kL@{oo5Ub6g$rVwhe*KA0*JJUw_gHpADOOC1G$0I&qGeYz0g$XP2ktkuTCw&HQeV# z>VqA}-_V;@p~`2#)sp9L8hJ_27x4OqTiJuN>*8~^n}wP`?3P4o3h$Z)z= zqEugOOSsjiX-EvYu(HRx1JY=jUDB3DB!eRCRLv|^x0*-?e%=HnxMh@Vm;8LTSl?U zm8i!SL-rJC794^yPbRY1J(v08J20?e5O~WcxIy&#uM!mmyH0Qyqk`vxaNO>D1d}q$ zJMAA@A(@=%|Kc`DS+v}@3C1y!rbp%*#H5B9x`+MS6?Q2R^jGCSt{}?vm&{Y~ z0R~`49~Mu6z<&pWmST~{=HlfxFOim;+)EmlM86{IEUQ+%e_1^G={+K;OXTCAFJlcf z%q7h0<<1NHe*bN?3-p~w_UMTD2=wg)0*$Av9+%hF<|Fpm{<7zJGfO6EAx=OqQ)HqO zjtxQN_JTX^=?5>TwA4(tES?nvcI%8uya$XG`Hs$;;Pqp}ND-k%ObRy~_v zOs^DduTF4gCu0wbR{V&*GY{&|g-lG?bc8KE!+AX|P}z0&ZGLfSUS0~R=hsNn-?#kM zjF&ef>TGAl)hAC%ZCoJ~-H+RFr7{G^2ZiYkA{U4RO!kIPFP^o`4{DEaA&f)`;(lo+ zgCI+Q2>%Q%>z9)-ShakvE!>t(R!Si;oWWHfnW!E}*HTS*ztY^STk0_!>Y#=R?g&z; z#`$``Y*3xRBpbp3i8cW%ybV3j9Nd>zo2JO6UQ-KlLzZAIM}|h_x{X4_OWY25TEXsuHyIB4Iu*<9++#gZr>C?24R{QokA7eO%=n-H;`S-} z{}}QWG9&c(OZfSZ5(Gfr4kdYyuI9Rs^2es0B63mnTR|TYxKI-OA(CStbw;6#4W$8d_1*%9^aK6J(cE=v zs+DU*iZ=7Wmu<{bFa~244*4_D&|s)@DW!rs|07^vvkVzbPGU{hMH03XOYg@BSJKga zUTDPTZ2NlWg_h+4Yx64V+#dMQFWy?42H~S3i`2iAXNWXMv5|Cw7fSd zZyQ}{m+}ulS;&I8M(Ml%s3k|&*|Mc0tUz@{Y2-m84Yjxt30>&>>!NgAHFgfbX{ESoezp7;d{hx(PGceOiA`3>}76 z64^+r-5kpSbjk*u$2|NQKhr{A_{3YpiO7Rr{|hde)i-@-qnV-MyJMOZ2x}8Sl|@5- zf=1HZp_qo`yGEb7ijDsH8?6*{V}uQDrD}8UioycUO03B^7;2AlK>a6D+8AH$`E7dV zYj$bD(HSL(Ci_t8Ai@;)d@apiu5|P!YhPQW}G-)7=l>b z=>OA8h)Z${x+pFrnK&aTQqsk!O5CHCscW%CM_8GKDCy~3U5Jk&Jt(Ydh3qqg;j6)+ZUT!e)Ha7KnQV=MEU^NC*5 zw87)L6qQ0aFgguM6iMYB`%--`POS@(C|6hO#b&Y$=bB8yFCXY36n&+;G`fEoH@;o;a<>sV3kR5kwyTX`;X2=mG;(%?KFLQcmm z7puMihBMRtu5ehdk{O07xnwXqdmfI?BMV!{92$e^-ea*GlUVa{P`9+%lDsY(c1gEy zK1ZafY26Q-*b|EUGSdg6N3nyXXy`ME+CC|lAE=2Tx?Y)Q_|a;=E^l$S?c~^i!iY; zIIKbd;o07h!QO%U>n7WWBDmUMsD-V7y}7{-rB%neI6OA?XKZfn$osjwe1Ny>8_G+D zL_a%#2o5F1AJ!~fnds(5zTHsanUnm>#}c5PpZBtsT_NpYagV;sB|V@MO;+N-o~CAH ztxnekYoAK1nX~10d&4-&iMTV(5a!pRvmR!3f%gV+hNJF5<8C2^qxQQ1A=yp8=4px} z?KWJ`K%IJEvF&;dVlStXEet)VB+Dexk$HtIgVm$z>zUhGXF$D=o`g?tnMX>~_c%;< zR;2(#I+=%&6RFIL!E+iL-!QlFF_cpIQ&RRCTy)XOamPlV%>T9=?@+j_-zY{Wg+`e0u_ABYkdck}zcP9Eml z%GBL6#fDVai94Bw_LV4Vuy14}*R)?|WCP;hVQluRE$J_tv3V_s6K$5rmvG&V9A%(* z*p!%&$Vlp~U{P}a<%E4a{EH!q;VD{McBS3k{OsOO^%p7l6!9P@2#H(N50Ri@a3`u9 z-Pso{8kaQOcgttxQ1sCb%oIsM2o4Y)<)Ak9!#_WwlN-^mvR;YHVRnoeDRn3weZWl{ zAyX~nZn5g5a~NZ0>7Mbj+T|^ME?f|uCZpw|_j#=BOpA{#$N;@P!l@<$GCWC7J{Jyc zLZ-G`a~4L@XtU9>bz%Ed{AfR^lhLVvY&4AZ7uA_I34X0UmgJmtBvii`yY;+O%(yS_ zmPdi!V|#yGh~p=6!>Fw;`YO3G*BK(yc@FMQ?$icfR-UVU>sBAEeY+tcm&FQM-NIJZn5`Q+QfmC+2lF6e z=qmy#pwUL478Fa9#Z9bDthxrdXP}=aE3O@_3M(QJP}a$}A+YfS?#J7S#zi+>(F8|4 zX?andO(%82KeJAtK=s;xeMheDoP;8T6E%^1OKuQRqCPL%O>^owUJ-nAC>aISa##z2b=X|J67$i|{{NMKl*%8xi)Vdp{K{2+5z>l@P0C)ag29BEd??Mt@MvzMe0CE?7$b6G5zXe;QMm!WOImQ5uL zkDjE}ZaubGl!1qJZ7GHD9=@oZwa|(sJL}k=>SyTeOkNos3@XMcroK-kTUv_yuP=q0 zl;M%EDn9hCaHQv`>tnsQt((6BZ!NoC4;s*c<6z%;z_`~7<4b{|CO$WBBl~*-N6`_u zD#I)_>Zz57ukQc(UoT1tQPZuZH>TYS+fjeO%z8inAW03|hCL(8SF3%MwSB66DMvfW zvLG|_|M^T^Q~%dzQY8Ud11+lzUnz+S&~O{@<8TD0ftM{VEV9vTU~*q8{{4doF3Uc# zhcyVwATH2^CeV=RI@h|SFxz&@^`yG5IUYGivSxDosB)s3cSGYZN39g*b-7LTl)ldD ztG*oelwxJF(Bl}!Ug!i!Bgo65`SC!XW1dET+sA_aszpq_nu;2w+)W{3rLI9u4Fp0d z+D610{E8WtXIg>{OKWj*Az?kke&F3_*LKqBL6y6lt+=0Y;PHMf_5S)(Lyg$B96%E- zW=m)<$8J0O&u72cQMVk)3o#upIfb^iMZNVQ>eO644oG+9>Fj;oLUG4YbLHx+W~kjW zx^2wFZAsHD3gVtqrTgjzZy8i4QJnuOBA5eDIuB2efw*jcT0}gsHUXGdIXKVJx`+lG zXbDt`1@7$mJ2Q^}1;pMCk^f>%J{lBe2K{0h`ss>&`m^gLVxjA^xgAXXT;_uADOPw+ zzo*d8>XlW(P&BaqVL@$WK|p&pjTLsVT643o0Ma~LM-=3?fH|ncrff23SJvIO-2k7+ zX8=pqdckH%p3)D)VQ!G!DQF!Tj1}(!-t`AYdu7vJuqf3{GUeO!FvUapx!wV zltp@f-dR0A4%>5%`0@J$=xzP|g47=I7MQ3ay*LE6OUx|(Uu$QB9yY}Mgz{~EANV~F zd>W7}p#$SX8v|Wx-$P^n3NJOtA=WSv5_3>zZ&B&QzDZzOsDuz=9RH2m~ zJn_YsdIkSEm&*oa=f(->W71YvFjPykimVhK#TzOC7c&i}e3FY|jVi27#KmY{Q$7xg z9tLtAs!-C$N2+;^IMgZW?h4XqL>k-o1m;yL>Ky~=iT|W4w(q>BzZ@19NQGQd)Cfx& z>eX4>a;D+P;j31v>DU3J zWBd5WI^C^!j@DEX`PmgI=aAXbbRtOUNL(&p7U^4J*<#F5^-hu45yrXT-t6;-gAuqi z?>^oi-JT~5N|^>BawY(Ryn?Sr&n#aAAq9YntW-85CQM~@Rk%76xszLfg~$}z^%?P( z>Gj9H+xz4|N)^)d0RpoEb#95Y4nuheifit`+|2LZ@U5oW_oCp^VnIw;em?AEakO{UtyNQ zxGIB6T_O*OqMZ-`=?{4{?Z2&JDwSV9l^~qh$+(+V64?{NjM0qyx06?3710%_x9%4a z;o7nD6G)ygGszOD0QN)J3CBXD$1d3K1!X_i^jgZyYof_T3CbmvsGE!mn|@A^ShN_i zhhSA?XjXw|X4Ba3%haU*H93(qQWejix;3lK3bIC%v@LLqB}MuN`I~0ENeKo=RxpML zWt*88_F40nm^8Rz23Zi4oe*$*_PfwphR00MaxH4S$h!5li`M(I=DKxzO>8it{(ZPI zwyXq9GNbE=^(iN31d8RVc5e&sp-!gS?IpKE!2fX5%qpseHZMk+f-7&beO24o%WkEX zuy(FAVX-U<_dppz5T7xWh9j^^i+qYf+Y0X=W<6dVEu~qg;wX($zCBm+$*J!S+CrH5 z6i`T~HiC1b48uYzUBz3`1hXV^cM6rauvj- z#M0V`jYvwirRa&=r{vy$^q56kg>jh-QV~wKueiU9T+vp|EAX3isOZM1+as9v{u5?4 zw>ID9+$L*#?q=sU$N>CRS2_=@DjZ@hfHx}Epf?p`1jz@stXyqDfj&`#VOi)LeP&5x zdpaTr`SS%W9_o0jjaU}V-pvj4KI{6IV9cmHQ&$3yj3RJXyy5dau3fF~HQ@VFw*n#T z+{jxr4V?0bzVbRjaJ60u?v#qU4boJ(Nh;J$TxTAh`mq$+%u47I+$YD4o?dR#Nt1`} zi;)>Y3_*5i_(`pH4X^!F8MF*W!DajcQcb^S!Hi_0N~hcRiG$rWBuR1t2S7pOiaU5w zs^O1tv^o7+kLm0R+L21%PddB$o9J4MMRJ;Bx~yJ5;$-k7{75r(oJcdB?=Z2YF3S#> zd8}T{GHc&_XcO7`xVKO1OpxHVPA>}t*;k<$=Q*_do=>c_*#J_2n- zG7iv51nh3%R(NSHq-LRF8<4sQAeP`QY|Ok*=0+a1tjxTjVq7Sb!BUvhLgaOo)>xET~-m{E1cY77_$z1+`98|0=3zakHdwOv>@C}b;DLIm$2r`WsgoNJ-X z>m!$+A{{X!wc-*KFt6F384t0<$AnHB90Sd?lr%4OyQ5K@&xRS@&C}l_j|)HEwm^dk z<{qC)x(7?UP4v@lVrkE&YD4;S<%r5LQvK3a=4jYT@`S*!*4oI#4u3#u9_a}OetH}m z2@^4TgnvIBS`7Jc=`3W`K<07jF68wgu%_q&#)5%}D8Q;&NPeX~DT^EGf`*AbR1I28`iUT3?vxmAgj&QNTH~-Ps+>m>5_(@!1raIC_Dp=feelgZYU;qUbTk^Mg&!P z;IABB?q0t^H~@JAN|ev^s}@4yHP8y$7|dhnYuJN>N|Mcu(8gE~p|vXaK&A%D$OxEO zb%(Lecl8gg?2XbGWv89iJl|Dp44T=Fw7p*%o`4QxLg^btD8uqqb3a0Rnt^MlXjn7S z{rG_9SXLq6*PfZ)Wo57&Wxvr0q*v`s#)(WJ2077}NUr{Ys+@LgUTe(gBzUd61Lfys z9p}ZYRAKS1T;jGznK>B-$5GL5;2L3MT2d|nFL^i!s9#9{&{}zIko7BU%TKqb7sF)7V{iWs*-ZWvSDVV$u@}-^vyv3@#cN zcvwC6(3eia(aY|ct5L__N8`j!$7cOjpA)0PkUnt|IYL9t7HgHsVYi3AxRi4Liu*US z%+`97?|q?Dh%K#+)N>I{Za(!QjKsdDD8IdxKKSwe%)oF@WX2HHN25eckxD7IriVF<+hIa1T2$|abUXV@~7An*- z6H_KV-()~UTbuQ+mBF5m?#0j+W#cRu0hCDx!41N8QapCU?&E=q(Z;n!i$5>)r;M3J zI)JmPpJ4K-7CQjwM;)6`Ap%?OeiK`j5GIGFYiMZy@~aBawu5}eWIfKrZr2W^sh+)~ zah2hmUqEIa6d-OQ%}8t~&y`*T8(R~JqQT9;l5HtEC;gXKEk>n2Qi^pphq;JN9k^-^Ya(+7eq~&0pV1|20Le>|euO6Jx=cmEUulbFo1Fqj zuP$mQ@49YD^s|6+aq+8Ir~Plb7*^Pd6o!4&5P8@wPIZ%H!>;&GgG1^rUo1{1%Qy6| zm2aVoLUk3%93tgXiOW_S3)Y=of5l-N;hyGYnf$StM+5&_`=<*9-OXcM<=?6J>N@At zg(Gig{luUuD(&aJudm?GeZN>d$`luBZ||?(o%|JTI#jA|P1cV;7zMtK{2jU3vG4zN z$TxEK48j95!c%NLx<4vva^#S|E!HrDJVWY8mB%11*vm=uY@n`6OrtSeT6;SEOj;U= zvN zO%SiG-L!2_=k$7Ox3=wgx;NOZJ)>WcJ7^GVZsm7> zYAyIxKN&1g8!Gs~W921{dYE|6qb_5^<%iW5!X;(p-8ouhv0u$ty{6G1Go^Ei=Ly&z zHs1vI-(IL<@rrSv#WeW^#$L6s6${p_L#tbAAnjxIv*h3}u6kqctlCzIyD+CWlb8%? zTk;4rNLdk%OnZxbnuS(hs~o*C3+*mc(vwsJ;(qEq&95`FbPAMv}^9Qj*?^Jw;V>lS!oaHNXySR(D29Sjb_Xrhf=DyF~Rw z*u6_jkiP)hlxq~UUQpm3lV(p7Yg`GCj5jj))-&A#Ob#t(d@Ym)tP%mv_kD9p3itLM z4X#-4UHNOj>UE8_n?So}7=^2bCF`gQqf;`z`bGiosVi1RvWI<%sse@0l8-?E=arvz z+U<4kUJzfN%8k9mVgIJDOk~HDGi4@hpg(0Xy#xogInKtO#l>fukI|hl) zv|)o|+qP}nwr!hdc*eGE+qP}nwsB@==Xt-a-L1`!Bz1RENmVM{=}Un?j9R)@i94+k zl=k4**2gKsGp_(FukFw!uoaxhYIj2aR(ZaZs^f+dHKIV6LNssri;?9hvJ5J;_%y@j zY+c?<3C9=m^+ZJ@1UT3WZJ}ZHOc_oYf&+@W<1%e-6h$!@RT%a|faroFpd*a;P?1z| zi{fSF5tRGmKy#Zrz`Ruy6X$qp^ zIG;{HLBWePWT~oR%0%kKa=9h=eC&zZPmCANgW~*7oS5ArgwfB5RT>?`jA>X|uRA)n zYG#{3Ik@o6k@^zcPTx@1raGp3c)->X+_LP$HmTJQ6Nlhzw-wIhuO`;F-W9py@~4CY zbqb&(^0(ildqZ+9A^O``e6NFm69oVloh(6MVI$+rbl*>MSz3BCA>#h<;k=w2`v;v{ z#i%-5Zwp4|ON-1j(G*!ODTp~2Hk29}IS*vvptJN*2KEE6EWx+&=ueNs9>b^u+mz1i_R zD!=@w8DXlR<1#w3So#8Iw1|^)DtsqxPa_=vo*?-Fr&Kq2N`8WLTc-2~M|a`*Nir*E z#>}m^A>)=@hI=6{jJEDYXBlM77D$y5kC1FUb`8>ep6riw+uQ9ETqLjvO(b%_n)bkP zV)NlVuc|yg4b_Z%MGHv;vfoYY@5Kp|GDEUX0gjLH!e=8<$NqInIa z>j^iO6v$~pk6|)bXLV?soieXw;4?z}Hzw(KZ`I)K6TYK8&oi1!eC)uO$A zeXrRrLY9whrU2IUJ2gyjf@UnO0QTLkkRP~-?xm{^M;N2CN~{{g+5vvjJ-?T|QK^9Q zO!lt?v7l3g5-vdlnr``MT_MUNLOKsm$nsuN)L~q~VzlBDWsjv(H2BSs(MS!}wgb0c zL|E)hqNU%u5UFXojBFhCXrX*{0;)S&59M|Q?@P-NwWcH4zZp+nQw-Pi7f`E zV#a>_yFF*D-pONHtI%qp=IHxt#CYO$Qv5})d`ZFw$7F8p>#*kTr|5rl&Itk1xPBHi zC3=Skz#Fm@af0w8ie=L^z+333gS~|rTb6E)3Ks5)=I#n+{7R~B_M$C=I|=c8arAie zJ4m__g!(Gi)vB#(TO2BTJt>*Qc3FV!2nzG3swEs5?HLjHM|^{ro#+MaE$OB~$t}Ej2a*8yEJfiYE4|SU9NHf14`? zC-9**>_8Y;KEITQYdG)3U~LU!xd^Ed0$StjUR<@Us#zsb05`J?GaPVm)_t z&qjnQ>MP@LwDGE}yZ!X-1do%QTddIcn}U(xfZ4QDBB)HHZ5fL4XV7!@r3Z=hX9&y))wk!V%1Y@R?#G)E34V2hiu&W;sH%}qh=M?l=|Z5H-xPi%8jnOs{q zl1D207;$bFj6ZDVVZbKVVZda=_NJyFwzPtVH!o!nGlTv!W0Wy@(%=QmLVkAdJ#3la2DLD zguUIdB%er7`-ZB0D5zJ-C7-lLHSE7X6p*FKk=avKd;oybr}Hn2k-%+LPN;QGp|{s5 zJ67~p!gacVVODIxhX`NX;Tr=LH7?EGX0|v5yTig`825E1t3^9{gxO3% z&PW7W?u5QQrJAysABP{I-=_-Odx-Tnu`H~fA zv@3C9aN4Z|_C(!$faHp2UBe89oZ=#^T<#rZdj44^uAV4f zeK_R(qV@k(@M!c?UMPOCDdMO8+q84s^NOq3LvMZrB>o`Mm2}D=u@ts%815U&2Nr~( z9MwY-fEudFLe{e0uzP)!Qa>VnkT_apqONgvRRyt-&q&L{P?R|;E_kS!9%%Vfaf7=| z-P(f6#0)~Q{haA`CvS!{0JG;ILh+ERiNdp;i@f=*vWb&o$AGx+N7z$-E5@2BKC9Gn zY#vmAEz+-?J7zxz`|{QZ`Q|PnX{;k1^y_BR>V{nWB%w$kXErgw=1JZIfD=BdgvQQE z*XB+-ud<`9I<=BpZ&pPghX<0#k&|j0UN$JO%>Y8S+8$>NyXB~+C@*rQj=+-9*P{>4Y=8Us#a+tWP-d~Ap$fY1yMmNd zjP0Zy2_Pru-!(lsjq!JA{G#*~F&NkR`%`N>awiZP=Lklag)(QL_AG6WDyyNcKmw<{7yVy1k_5<7CJr%q;8MruiDLEP#UTFjt_8rZ)M_fPIj<&a_QQfx~FrWR0-Odv#d z4Uvf8e8dfo^He4}{Q|n3!7?MhvV@7Lq^$XO$sEE&BZf!$vVP{v(GX%txLBR@R*qq%ILC?+ZM&H_@^c3S2R&8UbL{ zK~&c~z@l;0Jvb;yQCX9h`==-&ghy+@YvPFL2gJ>-h^hWK55mq}MQ6SPEFLav8mCEb z;h|+F{n7eCvht~nO5F0e1pwRO>-8dQW9;am>4`IUWzXKFzY?h1C8W@4SG@pQkVgr+IP@aq{b@#lvEw5Rr1lpf*Yz0mhi}o!{{gyK6D2F z3TN(pO60h?hE?>8Xe2YPA>>_bA&nRawZmG zGR@1qBF6@4pL?YeTb<^)`tW>7RtMzfezUCf^0CL}{Bk_}WYM>|K0Tzi)#pYZ@1>3{ zb!7a1zptn-w;OXNt0X)5YW7a4DlJ>`AF_!&lWUhMs=bFR?K!VWS5zvg0K_z*HE; z^?AQm!!=O!ecK)V^Ln@bygZV$3ZRl5cgA;zR8=n*hW}epwAI;|Zec+pwl5%(rg=;S zGafBx36$iNjwP~a;W}i9az=<WXg(Pw-ix*+%(z2xDY zjSI5e(A2zrsftairbHm*lf3A1HXP+0-KjDo9}GKOmzXYtuT-AgmPB^1LhvHt5=a4# z;$ecfzpK1fF5NLjH9)#bQ(LpVvESgPaHok9&L;RvbX7QOsF09m7~6&Ai4QP@Gw9n% zdWMujk|)`|pMimD!_1Dxc|uRck0M937(|Ua5yTT29Ny2{mHe_-TKdQFDd)le8zyM8Rtp8{uAwjMRIl*Qw8FLk=BkCU?g>90z|TGLun za0gwo+>se}hbHKO4R47a(x}TrIwdZQ^p+90M_SUhN;%DZc%Jn#gxIJ1JFp#HPX>Vp zkJ9FJO<1jwJnfnoaAh9_-O1QSBbZVRDhe9Epb}z)zgXNZSU}s3&8wZatu%9E4AtE| zJ;7(@yTTE z{1gkfKdVhFL+08FY6`7?2Wd&FN6Sb>kv!A8$f^c#hOvZUa{45zMq&N7x0Us}(&%A% z{b|%T(nf-AvF@dp9$={%ZaUetA-$VWY9n8jyAQZ^dW));XHQkOZB0IOLe2(u*0 z9EBzBdqNd$)2wun>{7O5&*HIMmimQ=IC-%Wt5?X7#>BJ~E^Wfvv^l!#UUz$=7KOV< zcrrq-%glU7wyUliRn=8iuBL_zjn4~!84REYysC2fR(om_+-}?*q&Ny#di(|`=A6#Z z=+==#L`?-53a;q2Qo`F~u-ak*{vnGGOqbMucmwf&xLYA-uN~T8zhW1L*Gg$41o1H) z*tl7Kzs&HB#u=HvNVP7X)Ae@dww_nNpKYEB4vf9oE98DVgX8N6jJ2zW`ET=oDq6MR z_}l&B?5}or^FAPa9b&z`aPYc?U#YQ7KRS6f$w z!Fb|NOs+$!elh5Co+m)zAc7+&mIUqQZ~{!ZS&}MGzoQs2xj|(IbgGxyMa=QE&c$R# zSG4kMmzDmZi#!T%G$?vC276?XAVM7Hi$R<(cwU#NizJdmBn1#lxC_-K`6zm+xO(Z{ z(b>h>W#Qx^c?2T7;t+V~VG|78XyD-e=!t`kgj8pz<4q7-v7oFKE{SS{QuV&vTUAx! zcqJFDfEaQ0HD8Hzb`_tVpFz^lDM_DRuqMrJi!OU;4y9HfwoI8)47k)2sHBdE;mGk{ z-|U+JC;dv%LdLeP5y#;}WRyIpYstm1A?=w6C1`Mbza?YM%zYGb;ULnmnEPsMDd zFGMZ|IJt&pq|`tkscjIqKnhuV()qCo4id}WhO21QY#9$B#a13DX_~*9scLmjcE^NC zd7ii50p@>eTBaK?-F;yd8YtpJfvZef<+!U!_Y8s!0yiWAX3Y9Bns|L+{mxn zO0a3#1aCy%N&p`kyWK3-7k{ohp0@ENj5&ml?bYOKe&yJZ# zmtDaI?K+01VkMFFYtJ9rNnSmG(g^qtXnc%l7NGd^uu2|SyzqS4ucVn?9ejX|ljpIl za%}9i7-5%LwDP^kAxjuDa}lCd-8>0!u+Jfgzp*`!dr6^D@)F^IpHs{p@Df`sYMf zK&5=Ov_GAvXLBlByhBSgW72tn^O_@ygAGAml}a>JCa*c*S`kyn%@GwDx5*kn3?N`f zhzDI;7y*$Va>3%Z-ni`wIZ(b7nmM#A5uio?)b0h34jwKE-os6 z4S!w<$QWQp07t?H)kLcfE&)t5){doq!ugb{7j7ahb3$r~;= zs>77_?mc1O0&-)W)q0^C zG`tEG9J=m7ZW_hz6g(B6Cg3rvrbWqY?dV<6JnDL(5-obaA2op`>&VN z12-Bc`>$h?4E*mh8el}0$^H^G(nK!T%CkF7@=I+rgiR7Q)H(s_?4x{0nI+tD z(sE#(CXlL9cj7$)>0+t0G0S;VsE!?Y_tQX#mG|@G1wJD?rvLi3(yU*KpyPcUXv(;K zXmv%yI9v=hMeZU{$2a^!I^)2DC!z0>DJdsxr?E?n5qft%ay<{LP_;VS)C@O z&&v_`Ltkzn7C2@GP&?J+@%wf<)#bsXcMAP{I5rya;?SN=EeFVD(Voq02i)M$odplE z=E*CauhPDDol382?>-j)-%^az|3x`k)3e=fd##FcwtU`|)~g?T4EI|+V+4nMqM&gx zPT+$l{xfgUtPWlNI(n*awxR8Np2&!Z*$riLQy9|1hmBYpEeX4x%6KuC=B~+v<8WRj z>uk)A>2^IF+|rnZA2;9xF;wpfa@k1<{LRGF6m?jtmugl_1}oF&YyK5uK<-B=WAqjj z2^nTwUaz`svt+>lA^(UoSuo|)TKld3=U3NBPpR8NS8iou&iAw?66wbTht_c48b(2m zcvspP0Hu31d5FcAh*QxmTIPe8OWQzL8((3&co1td3n|-0Kw*@l_+V#p?K>9L;>=u1 zO41x;MI2`BM%zVqUK*!R1nr?`x-^ER247@7nd>IblZG)e-PMXd#OETLPlCtFw2;z{ zDxkcsk4R3uZ!BjxvU?;%I!wUjk+m7Inw9)?dUv zGv{y^@DW!YGImB~F3u%|d#WGtSEXU{sdh3TO=VKXTWg+5YHmwQZveXZ#JCdBFT~ZT zuKkL3H}C=DnVSp)=fZvv;5WuQGoJ(Qj_)LEa(jAZHRS-pnsoRL)7*!^i1FKp0Kk8N zINLI2?*&xuc!NLcT)GiAkV<9U#{kb%wRfc*d)-(rEgB4}WtqNo;$=9FADzxvxCXev z5Vw{h7vizNuVS*m2U~GA;00f4oE!zdT-V{_TXCM_gAwm@0D%$rdmJ4^oYUd!AGSG7Sgl4bom zt-1%I%}v1G<+*~u7r25n2!9Qeu&+1XQaG%|y3c!G>}Ml_7b4`bWJ2D1g_QSa?p1XI z$lf0~w}7I1X@gRv+m#v=?&xuUq&Dn55N11HX(Q{9su$szm(X{-RM{uLS$u$FpQ1B* z>tIt&ZwL^Mu{ZQRaQ;D8wjr@9io0BEL{}~Y!zsqX1>$>i@#k&x^S-h6mmRnC`ZqlL z*Xsix`Tg+mmr3`s|9;zSG?&l)e%j8oubGkmJ2JcTgF?FB{BilUm^*hq8zYdz`*}f6 zi#wT3@_%@9kx;+IBF?6QE}gPaJ>!w*9%1#ja}QI!B6y*D1+3NM8YTMRKZ252iMe8;!U76k;Ho*p;K5k zy3t*t_dhw?ak*5rQNNzrU&Niu$)`Sp4LwUm}+$wt1_m_ z|37qvE3T%vw)l3`PW_3zwH}sSXX?M1eH`&eX;Lxnv4>`qBPMW4^1EMaT#!%)%Ymm9 zat&exV8>yY7=y&|&wswSJ*QjDHr+jeEA1wbI3fnofTf`%2t9=5h%WOj8=&@jLl6aw z$79HnJuxc~Ho>qwzHUNwZv9qUim-ELIF(xF#Mr2`E?t6%EAL^Z-1=y_%9%Ls(GU`TZDfs)4H(QeV@y)(;vUV(N zFKjH_DA+s>P^f#cU3bHD)CaOKG?KJvCCj`xGtRQrhYmPu^h!{TewEuIQ?P8->AcDo zOdhjnW)0O#7*El{-V|s3y7=HbxKK$51BnC)s>(<;W-tSUxJ^$Xn^g7yi31BUtnN!5 zBoB&{2k{Yi`(TCuXBIhZJglClx-c-&XSz36oLv_ z&GKOe=QaTK2O!WCkcZ%7PjG{yR+i77`d9iX$3wLOj&D_kne7Ij!W3Ti&d=TKY;MZv zs(T9KNh-;lEB^H@Mv;O}#CQO30PPE#m(Cw3`ksuT!0D7@NKNg``V0`b-(}|0MYuWH z+sEl1tax;92x3ZiY>7SN5?hDTnVqt6id^RjUc`cRMnp-*8^qJP)vd089oRW||14=z zO(lH2CImyhaEp7T?J25HiG`bF&2Pc8a+;pYKnq{ct{^5BAj$J5-YOVaGFyd89}dVb zUxw3yq_sP-1CMcwJgj#}Y(#u$u(huIUlo=_H2r(1lz-HWU9f1pVY>wu79}3;Ar^Kx ze@l#F^C8T5VPUv-!71me7xnA{7W#&t1%~Du*ySmC+I|yaC%ybECnpfP%GeL5SKmWI zLeXOgk*{Fz$7H_)Ho7A}TB9eLD@3@OE9nJG8d{)IUL4Ar%n2X4A5&n)-uMxLnGmn4 zo)e%QB0&<(QuG{mYCn%D?T|b}b^3!@^fi52WsD$$Af<$AL}n3rf1W^P8inhSnnXnJ zI9C!M5i+S*P~qt4^(}5AJ~}&I$_qmB)g4OUByl3f2vvY03eqfJ#zJ1lfU}0g%Kh#` ziCXFPUl{~U4nUkl)ex;-Ok;E7v^+`Z;?#di2e4B`PX<%9THR$uOCdq7AUCT?m)827 zW(?r7H*+uRihk)ZE>;>m+~l)OI1Pg;RQbUPHqbfcyE)h7NwU>?QLmmD&ij^NoV|CR z;Y3JqSq#>|CV946zd=w@^PW+b*Yl90@>Lre1NC}kE8AqXY$;4#f`CSPAd8w0*zXTT z-_jWclS=P?&B*JQU0}Jz>>RQNC6K)z6hxOi4I5r@^5`NTu7X#f$fm@>=imvToh@Iq zn1aL7azO@fEhvO-UP+Pc81(sYPCiPdZM0SLkKy%PplT88g73O9N;+UFU)G`i=h6?| zA1zJ_yMxu^!0f3O0FdbmY7B{0LKf<7Y5Z_QhyA3pzG~|B}xa7-6*e) z6(D#LttW;_Q7*~d$VfFnQ7(I!IW_y0ZyN-0t|KjnV->(?R~bPm<4k4N`U+WUH6H?* zj>jqY7!tt5ZL~B!m?pF^)=CI^#~6t2G^w~%8LT>FNTR?=6 z8tv)w{A@^FJA&*GHh1<2X+kj@?cBr`TLLR@<^R5R?tXFqxnJ)6`O%}-``i5IYkB%| zRloA*b5S}@$iE3t!Z-h@!;GR}T!rYv+)Rw!dLUEq{91=|z-G-T0>p@uj0=cioI+eD zjYSNX!mglYO603>gUb`?DA;@2|4ER`W!*sNivDC43()p;2Y@OsJQ)Xj@2qLY8!#oE z!4BCd9@2!7FePm+D9!?UD%HdXvKO4sn8e4Sj)plQ9UuM`{hsz$SVML_+{-Xr-a}i zPkuxWW|4Xjiuo1p^1)D$ibwVF900v({B?wg^L{pOy2JO*R=1b;$>rW_O05vrY-G2r zj3}LV{Pz(L%pt;-Q$9OZlI}@vE@BdhNlJBXL=4)x3A4@|6|O^iA&scEZIgglad+q? zHD(5^>GwSBe%t2lU#-eY-SCqCiqXX$ZjF%j?frdnb#U_U^RclqfANr)n@ZfYiRd@! zHfLUtdt-5%34wynLVDCo;|+SB*Vn*5fHrg(cZ1EV&f{w>U+>C~Y+ z{fwjtF!Oz(?{Vlo!Q2A<2|9Q#2OlVl&L;*&gzXDROr0y)-j#GILXY!LeZNA)?FSQn znO>nP;63J;8tt1>(K>12JIH|zDKcl-Atd) ze%fP>sL>LBEnm!ewLyqR>~_;32{lvVwBDyNr^ewjRv+vTX4fz#nl=IFt~RStl|6FJ zoI-328inUmqN?r`WGRKe47`DG4|+!w(86+CXw*o@>hM5{4#u|T>FSdEJ(^QiR#Jby z-R}Bp=48iqh3PqMxm^{n?fK%$K+PT;!{f(cY89rt3E}5t&TQtJj#3Hx2r<%tQWYZN zNg0f-5s)&1`V>{GZ&S(EO9 zt2>rBTx{l0$aDnvAmh7LhR1yS`u1ewFt8*S!ssOp|n$A&GMY z_m3~?sw=r#o{DCe6ie`yF0o(Up$T2=Im1Z%BbR+oM__$lM5YqL&flN&S z0S(j{oCEJ({m-vs7nynVGv6%K?E)9cw+xb%aJ6Z`W1O;e4|e6gix1D{9l=klPJoe1 za(7jnQL{M}(1VCc1T%!2RQ$hx0zz@JTXy`0vSsLKjjpjGYb~m(M-K>qovNeKFWrPZ zud+xZskqE4t>uB}bt-v=YL%n~=;`(%1&-T?B?^0#7PA*_f9gD8Kh)v&mwN?I64`rE zYzhTW5=h2i_7RlLHJ|3||8g$40`zq(^?k8`M5f56C7h88v0H(;XPxHJxGxoIEqz@r zN*H=T^QbW3^<5_=j6g*KC+cH81{|Iz4zqfo8X0W=m_D^kvfphyr;=ZxpeZQ8q;+uh zt?mKl5Ea=YWqTHTvWSodzk_wXUrCl$iRP5Vxd?5Q0Fd?jeoGz~<{$x->DQA%+Q&}n zzh;%9kmM~j_JmU=2(kP~Cp#^!;Cx(PtCWba&e-DR1fxy}pl<8IK>LgxK*Y}!hOmu( zr#WRNaougd?M$}5Ssg>EU*Jlh!gsZno{|8Set1cobOwKWPTpha4%#OIfe%)pr-N^h zV|`lGq!eZtuGd;qy)4v(&0Mbg-)g7aoYh8c(2TX}C;h(?_Q1>(qI-@etTnG{e~UqW z_99b!sOZ=8$`&-_bfi+ARht_2wa@S?%&7)W9*`aa>*%}_3Mv1*9D)~KovxE1q-SWm zEQeUd^Jip)62w&eWI27VzLW$A+Gc8r>=z37;z-Dp3+v*tiwo)Wq-j~-E}`Q0yH)TV1nt>cfvmG%p6qqJ&0LdZ;uaj zUEk6!2wI0uz$-zEGf-8AZZr{ z*t#{B)S!hGsFKFFCTD|dlufRLPVm2ggBP~nLbP%KMNw$+nJ&d+wmT){<`^_Ife$#H z3Oy#Bl{$)4J)@XR^CpW?x(UeNDf0`$KCoZ=`ad2>Us}`Ng5f&LLDuhMKGzW?dQxNE zGz7?|h=&7hcHT_f3})aXSAA)?7~RUVa8c|2jNA+#x&PaQ)G<2`Wt+PhG~sRkdE})H zpG?~1;^$}O<5V!L73Z(Tf^FAXETY`E8iJf`jxCER{!lm}MJEU)njhC{F+yX>a%${T5w0QLH+i>yM(?u+_I=9lkTohu*Yg`Zb zIQCy|<^eJYZ_M{L=BG9&I~sfXSv{qVTjWaQtaTH!wJCg1UURiRQ6sJ1;JG;YURNu8 zKwc7%v?H;nucLmoo3@K0V(b|vSs&LU)rwU zjwW|+IWFC%Z$_@Zz_CendS5J$6jqrbIfTEb&8;PLrqXMb*di_(%kS@yhtP=_6oPzJo=!(!;XVdT@6JVZ_Cy|I1Y!k~OuCy0L~B<cH@S~)f^^?)2>4EU+dYFw!|cACBMDR-m`hwq?w0zj3ne<8B1!Ba!b zq;nwl)s=dHOeTG?B#kVEqyq7b|4jNr6$(-_SCH{XF;ucEBSAVO*v|hQ;~!OQfAad* zjbPu97edtwjuX;M>a$GRuN1Xe z-luHI_?A&U$5bNeBi|0qbq%cqFQKNyM`tjDVjn6m6eNGi?~$7G-JgDgs1otPulFJj zZMveqxu@voMLK*9Z7#ZjD~)4F3r{Jz3**4F#8-ihhFIn|ozj}`;<_<3fN&<60}2y} z9Nk{Q6Gjd~z=N>m{{RA;Lc*haAaP8SLPfLN{t(q8=@Jp=bkqx-t%0cBm}%57t?GyZ z@6{Tvjk>UmHDc}VRgV7Jf;zRKAlM2U7#fd}=Z8fx1gkg!_<#_^K0 z5CGxy`e_2r1T2YI+yQ+!jp4RnS;+Kqu#$VypFD&DX-m+=U|*N0DwAu%NDyNys?BVS z<}HB(%bCTh(MpSh{|6A5wf%nqfefkK9A_sGy0W+*=NG?YQc}rNSkZq0P|vA>`)YxI zEv7Csmk3EVnurxk`6+)iv0wT@}gqOC_pVJ5duot2>7c39&cSI61NB`{gYkEe?pw{o6ayAr=;VO z;r9y02?S2&)K_Ujv|)v+3jem4UxSsrpv0OASQA&qQc?c{2R+X9t-Z5!(exE7Df|2L zLgR)Bg-dp0CwmxV7R&sn1bwM4|8zgczR*$OaN<^{~hU&Rp16{rdqki!EwVW9PBn(9Oh3%t)7OHX;dTDylRW! zN-zApL$Li^Ht!i6UPJ7aHTO?7#2(W`yId(XS?q^u_d&lQ7|7gEr+d^o-n@7IZv#Td z9FGKT+qn#MpVQ>K83;C~SfNmBLb;}7+rE%61S3apQ90Mc_Dh2^@p_N>jS`1DWmYFj z1-S-DW+w_)PP_Cz9t5DXdiD1yq}y^vCrZn2DIY!Vx4u>Ea8l|e$NIk$W^|!Ww zw~FuZU2n;aPMv{!+5vYLE&ABmu`?rwSoCuuhtACDkeHvQM2${}7@gxW@Ijp8)7m9u zW|`5$(<6suRE~Xb~Q_@1T`K55!#6FT7oG@WuuUvtb;w#>(UZseE$ zobU-b;}brLfGkaYm78^Bd@4_Wm7jd8)P$dmh@Yf?DnEC*6m;35C$3CPf!=vk2 zeo@bi3VjX7b>99GLR!$7!r_5;2y?qFOVXAy?^9Rac+pJPJ#}A#eYA?eU$X_&G+xNRk5qP6 zG6L@i)%r+8wQZ;8a%qyqHx;b!OG^U{EKcA_#UXRM8%-h4G+mdN5HT3f#zX3L2B@>M zVnlcx5twr;zyx+23XpJ_Q}?hV94}5-Nk|1`la#vL z_d3zFxwfhY%n7E{(M|{hp?vrSHFE-~F?Yk(7Ko!=cnzJ75~_T!K5+nB*|xb_tzL{+ z8Nh#-!wy~^pX&gDK0QrS1n;BYkC0q6sux#id5cRppa{^LzXKJMDTQ=&=%B>0>SmizRx?BZgG5j`wSW_N&sRUD7RI%&(%+y}3wR~}KA zk|KN`RlJ0Odtd28o%l7r-c&wCtXWs`s-c|nWuKQ+L%~fB#0WcWINs*;kglQry%Siu zCHGH__{Cu>mWOiHvoYhhOH1$eqfN@NGEe#p9_lZA_F7)|dh6S8na}{@N}uWMBq=MA>Lr=0T}2lvPP0I}Na$cyz}evKD$KWdY@4@p)LKwu;i}_>{+3`E_wZ zu!CYgN+ANQ7gQw+xTbKF7uDhgP-5#c7O1Hj06`GkCh(0VzJw-dFu6HHIiwLz0gQzgIVe8 z6V~cL;G99|EFu7os;x3pS)Pf`yL35}>J|=};NiVqJ)PVbSgYB=r@p?xbI7gZ!4uip za>tn9jjA6BVz6hUpUpoWc|!|(%e!7V$;6yHM*cbvIeAzxCIJDT)9Ji=?FQ^((K*W$ zQQ0?>E*tlZIRGt3TTXMy4tFzwPF}M5i?Ch}Uvz}}40gR;kmfzK0@Z^c0;)rFy``@H zJS~(5u+si(HjT&+VCoknbDhPSVgj&14FB3L*=E0ve!Y}%qhtI z2HRAGY0kfE%7y5!IHyF7Pg;HY_m_!Qp^k?G!$25a3U@G8a5)mwbs zFGwb1u=WbVNqzrtxZId!!4>fTTGehO?Mg*&*1H)ux_lN0VNC9z?+#H;Y#ngjjqn-W zUS{`AsJYLv=>o_eN*z8bmta(_eH)}7nkW87z&#-T9Q0cGS;F=Y{q5D>V~INkIyavt z$xFz+^Rn6V@V%!bzV+_pvjGH5(lf{C?)0_b-`Zk^`@bTHyAk%gBaFFG#Q~9aiaDyp z9fMXad%uVFw|9E$^llxGFgH(m6Qqc}y6~f(20A-`mGvXfu0I7G9kVzM_ulz9Ocq!_ z8$8DtKxX&j-!p8z`?9{)ls&fOxFEb8&9$jkK${;orpUNDGifP3vXf_bXrXLRuFa3n zERU|O53p88m)p3l9<`Ml7C?(|R)eM8o(1S2_9`3w2lGN49sFRld>`ZlH{@goG4W%)g_Xd;5i^$&DZwF&$SQ(aM= zkBuaGZW1Y&pH`F69*f<>tF-c<3LaYnwNw6n&6P91+z0%m=H5KjpV0$2%oJGRef!r4 zxWeO>Us7ZF=Iiuc<<$2;wH-eY)aM-MNP(QL$m*r%=^TJC6n+(QN=$UJhkaKI+49+5 zd%G{GT~~M>%DZx>GHD|uN<)=gLTUs7kxi^ce*f(d3sF~5NPKyd3s`&^MctzO=}hgO zHAckcN+;tG@ULF!vQ~_ws?lVXx(`gvOpSft_;I_Gv&ZMXx6N>gYWQryg+o_0ABF_` z%3b%@AG?HbT=jL@22p{RYW7nj@a!l!GLkkJ&NxfyeGUO}c+g|Iwn3|fTU`#g6yX7l zR-pY3S1Y8DBpM)QJw{?u1r05HC8F|VrK7)Ga>@$4qTyfCWAD7C=dN+RuCLxtKJ@bC z-|TI|+6vn)cJ&oxVFOX+DbTV*E}3d7FSu^a28=oA9tus`BTJRe2(oFMqk5}+#8HkJ zbcQ3u712Gch447`foiwwU?1M<1;HXhho4r`O4@rfB44t~_~z70;JpxMTWfI9JJ1j@>dMy zo7=V>H}5|?iqwgJXf3nEnUV`X2E#>C+bv=R;BFBVM3X^4 z(@0wHD{~nG`Z;g3TBs@0~D_d)n z((e|C-BkE*$A|-%maECgdK{cgoKQRT0Db0?dx2V+A$ox4wD2`lR9DFII<#zOJsG^} zMKF=fVe`I>*ZFod4zP3M2cSR>Ik`5n#zq5fdCgN_r3tCDjtQ7mew}mWPE@Vc@LunG z$ckK>M0H#$1>-OJ1?QMrC&PdcYij&4P55?6WgZB=6##ZJ(>+n@F=6X_q4ye<~Z^G zHN|1^$+BIPd-P+`jNyi)%hqSVQ(_ZR47m?M*mjgo3dvsLBAWXobR+R+H(_ZTVG9}8 z$~hz0zHu6zQliT*|-K&t}ULE8xMULP& zInGf0$*)(et!ft;=9YI6{v0t5=_=)AHQe&*)PT8ebsN1!qg8e1SjWsG>Tml8hrc^`LlWD*~&^P3J{@kcfwH-z145smw=L1*-1c<%`5!9R#8eLM@**F%9Fuu zFr2eMqypqew4-{_d3Ai_vJataW{G02_K2}^{&t$e2?q3}4|97z>;#bbE4N0_{jqUz zK8Uj4O6#D+)QVQrW0 zw}5i+4Z0zLNA7yIc$9(f=wu6i&&-1|`+jtJpis)a6bcVqb6A)tBLk|8T*&Rs!w>Ir zMB4}@_dn&7bl1~v@j9TWSkRH_<42FxiSuB#Og5{DOl=Au+2$)$YyV9{O3Qd$ ztrt{}X*W8@{h2c)DG#jywu;muHubIiH z8sgL_*Q(1NcY3(ZA0R5g*A?rDcKAP3E9T>WsTL;Meoe`Kq7&A%-@dWEiEED+itMZ8 zvQX_(U;Hoo?n<+M{26@s`Doy(l%YgEOPK1arOPbfjtJmDTW@1?4Rb6aJ%n55HIWQ~ z6yaEv2W(pDPhww8$^L`8Bnqnz!bb*E43(unI*RN)yA%)`58WB;Rv^}3X>Fr9@Aq0P zY7PHayorD<1k%bw67$$3JT?7ADA|{#AA^klwa4@IEZ-p9i9A*~w0Cp}FX?*_I+&tf zxD6Kbeazttl=>TX7Kk$UfLlN^zZ*13Bd!?feO{8y$+57TO| zO)>nri&vSOYY;kbN$uk~HHzArC;TzJ3Z9ahM3&8gaSczsppO))jrftzRAE+^{vO>| zC7KO2Z#2_BRiWF9pM@@%E+lvL(-DOwKZknxJq#rOXTELlRvW@0l@+mXpv7bou)X{P z@-%jZQ3!x#Oj!pCspZijx1bQa0w;CN;Q&?3nri@My@VknzkAs6f@3q%px~|_Ix~fE z!zY8+r&ic2j>H7B2G92YkG0C#5#>RKe+LPbO2yZ%7xiE&$rgevhf`rTF8@$Yycb>fWZr}J#m7hqj_0t@HhU^Y{uh>_hDPnvbrD^w@eTv|15*&$-ek0aX6A3R78Q zW-rgiZnExEoL~r=hCc~<)o54h8f1gvksC25hyy?xfg|mM(NSwuv^8G)<`RrH88ZFx z_6-~I?(OdeHGDT@TBBSf*$>NAaY$o*)(BH^{9>IP^+yurE|-F(eYwFQI43Y+XI`67 zr+I=^R9FsAFG79}8nvCxN#7))q0RPSAkk5(aQ5&E7{e%e+fX1gTTq5^=}&8ryuKfZ z5x{1A?A02q?vXm=`Be6BlerTM^@iKn2Nn#*osDN-S73nJXp>ydqfdXtL zeBk$rBRcg%F09Ic3&xczUQ8QnCb!yx8eHMl0$ccUHLIHQPb?Yi-w%7|&OmTC!9y-` zZhgj5251XmG5!*S9J?|8Dl^4m6}t%zJtWI%{ayAg|BU|?lS>3y`1{mZXx{-E#l=Ow zuIK41I}+zn!W3?lKo0`MiSB73xR6s-(1L2`GfZnnZkX_sMpeRFqCqf5nfhTI01*Kh z2@_-(hPzLADnGbeu#a4H#p{bkk?ug!@%{BwZ@&I@fQC*hyt?A@S^=vW>Nx}&JX+5? zDNRq-0vGgXs;#QY{Y{PQm(4r^KLFg1AilByd*_jb^a#oag;(h;&uA8*^TK?Ddlj$CzWOJ2lpsL;`wy7u1T8v7}Iocf* z>bHf+HH@#p-q?oFUhsTFtipkp>^s|}w<=Kn@pu-tUf?XT<3<0MZMa?DP3fQ!&=Cb^15DvIzZoQ5;=7=L+W7yKxZozbJ zgK+Pj9R=xqzX&SiD_39Dt{tNYU})6ptUP;)as(T&hYNaLf7lI->Tw2_xTA=+U zm&>#Rkp~SN)%wsyL-;zlr29HF1QCi%1=2<-mfn_KAifMpDOxH46m4Z>YD4iL@<4C` zb;^_-8`}~D&`XyDd?(9^rFg&-`3O>6LBYGGN4}X--c@Zsn-)oK9h}e zB`!s2`x;nn*HIqbh;8{Dq_9KiZXd)U9rUfNjqADfQMKNm&p^o!>>&&vBj9FZ1+8|% z4RG(&%XTr9A&fkp{TQz_#g#HF=DclGp$c#F_}YZbiH%8-r;HS`^56NcbETHo|pIb9xdcTX=aUh?6%I^4PTY~!P&S2}zqsnKL8IvmfI>foBjdp*`WS#s_ml?dy()t zlXKk7B4t?oxrR32HROpT)?plb8V^~l=!KsfxtV$S!rQF7l-kl zO*jy*>ovN{s`>Ry>d5PKl9V5_F%L)Ari;8S^e|fQJPo|Tyq`-#SyWuPu_=u!%Sf%R z6aYOu(p9+FOHrk9S@kiggyp$WT6yw5@H+HE`4p*WjzBa!bJM&5&&IVdCVURNG)1m3 z@m#2b)Ing%jZ+>HuddyFlUVQE^CYr&A-R`Wd+3fzz_22Kp17MDhbSo-8eJUwkl-HH zOZ{(5#&L~0%(MJ?d>0MongoD$qU9}>R#!Dds{6gi;P&OI!jH?h>cn_O)3VMfWT?H9 zPu~0kXuv9A6eIm1jeOfc@B^f8D;oyrz7lo1GZv-?aU3X0N=@V`e!;4OR32U7E=R2%THOpV;1w5S}t_{DPDh1rC%p<9vS3FM+!=2ocmwnV0#KCe-77iQ# zWDQ6+9bJ^@JB-BcigC|u(?m#HGnmeS>?Ck7k z{Ifoclgn$FTV5E7o zRa&Gta_y6d;F;je^}NDp!Gzk$ct{B*1_mE;k-H3W_WoOO|2S1fj@k=8NYZ6)AJha1 zvYU5%Jr&pd6Ii0G3@}qihA-OKL#v;8q^yD8>*_WoilR(c%g3U{71d;HTp^#ZC%ptnK}^l! z(ZK|U*t)CMF_!rGPF0m*%W#5tlSP)mN&_I=Vx&b=lE_iTk0}FTIlj>?^s4CnmH7$` z)L$uVUUhz+3P1~^9NKXZWmOYv=A#VZM{{$gvc7+Knw6XgPud42j3U=lh{KKo{e6{w zYRjs9Q(L^pvo=>dBo;&eVuoog&S?e&DPMfH4_AP3f z5R9<$YT!-1svPqux|YJ>a|_AxJ(%Q~;M>h>v{@RHThtLJCj*sX!*@^89at5WX?|#R zL33^3?tZG*?Bn$K$F?i_SpW?c0E@p`vijjj%9G0AD3>Js^AX@Wg&t}*l3OT6_B;w% z1lvUzfW+|)#a5qh;w)$LQ1?7ogtlj1(l4aif9S*{!vtI!5TI8X*=BzjEX97Pumo-$U5<$GrWuXoX?}gD4RUW6O`4#<9}I@_j>N` zmim|npbvq0s@~^--8-ylDM^j`*;6dI7(YolGHQK;GgUXuhxBl@DOmqri{RmanjKpg z-lYIf31PHvb@i$Dwruy=?f(3V#qjawd41{kd>-}5t@e4{qyO=7uzfDz`+9Q_h2{5g z{l1<#-q5p?>i5Y)b<6W!)6?_B!u=|6vJrk-IHU=DSA9)@L2)kDWg>>m z49`S}nzpR_WmIIwR}zQ8Ta>>iDISKlnL!AYDRaq*k_z`a{loMH&lgF;FM#1D;=M8X zC)biTPr3m6_}_Q(0lchyOzuCh69yVLfanDF0LZUgA`(xXO{!gnc zrsD|PxjZfr5JVE5MY~z|44t#NVVG#t8h1k=xWzVs8IIxTeFR z%=1@jytQ(@2mq&Nh);x=M1hAzu=Y|osrmi4@EWxr)K$pjxR?sXY61_08de@Atx|5; z@;xdNZyn4d7w()?otOtyN1|GhQRgR&w^LZN1a;2^3|%TE>ULn_c&1hpOY)ylKh@F5 z?Um1$B{#p}jV;f^+VDT_GNrtUW`b z;6JSIZDYhlVDFw2p*^3R=Yb$FAm*yt-WC91d(c9%K~ z;Gd;|OMd~BJg>#Ut4!|mBmT2~a6HYPL~XzRv(qwyg}ZP_`4N9iL^Rn3QkpU7%xJmS zwQ*x6~K;|f|d&ZZ_$urQjNM>Av2FbN3+vPEh)aOcd-LtJt1B=LGwRMqt%K@Q#U8_eS zyh@l{$FQ2YkrPegcd03I^Xhp98y%I%msB-s!P$6gN3@d{%1=028V)HVF)!Km7p|!x z-D@B*rL*O>)s-+JqJ2&whDbpDxr}|sV#KF3Ct`lhK)WW!Qy58q?*7iXm(b*LF*|AB zhzxP)0Y?;-dAEb=ZGEWS^cE~8-3K6%4FaKR!D89WZLfjff?1{40KX1Ve#T3>_Ezh7 zWh{fRDPxVpw_rlH%Z|rOD#;q0Z`b;KQ1CWl@0HiEHa@X@G$VV^<4)bPf?18k|0U>I z6f(D@yi0^<^C>oBb*7$4X1?8k+v66`g194X#xMhfibP>Ib(YtSAj{=Y|FE5 zRBXtz_Ag&vn(Wy2&ZDJU;S26bI*64nMt%FM|K!AGk?VxKq@?KipG!IrL39Io3; znvnJB^WAo!Bvlh3T>Q^vW;9Fa4ksu3}Uv8ZcdkAtN^q59b~%UrItKlPrEfJ4rgWO(L%Xa<$MlMd!${A)|T_ z5=zl=4&iT^E;UzzrJ-jT`mAFqqqlsEkj~a-&N$7qjz}u9j~mho`@rK0L_<;rbT)Dk z`bYHQ9R%Lmq>bb4tpDv;gqvLj=V>irqPiPZ0D~gT1sp&g&dG~r8M~YJ78SBg~2w{)fLVFkc}Lh&9e_`e z_g@gRB=d)!4mdYOZY^i=FZqDrb)zj&A~Z7cq#|9ocFc5i%EN|VPJ}HoHNgYPBoVXc z>GKh0af8#Yt`&!EBooSD*oOAT?7Yt@Z**xy5EeZ-br;m_0K}E99N&|+r^5t5W0!%YWoP;Jdoe;|H=`<6{CtA zD6gaLT~=$G){hfTXC~~y9i$Y;HTCqf4)5QIE;n=wBaIty`s6zQUV!y)3R7N`n(tZj zrj_xA!;hCtOFj7sq7m8TC=lBG+@)V17|qh zmV@AwKLFahxO$Js*~Y6*+WGE&L87Qzw>i1ss_rfmV|2wEFbs=6y{LLa=w|+^Bk_15 zQc=*vwKAuC-pVbmt;H;O3Cqcs;Afrm^sUisi2mx;U*(=ryVnqmQid(+(%>083mv@| zfr}dqhUTKU9F|GxlF#PtUI%P+UmtKsZm0U|n#;2<7Ol7gjt&dI21c4(*?OnYGsIY$ zHNbp9;~BQ@N6G^t>Fs)+uuPHy`XIPxJl|%5t&QP!eoC6|etd5-8rFUV)Y?hwQU|Ip znl{f;&Y*HUbD93G4sgRPaYigygF`ICx zTzCezCHGD%w~ic1*Jd*oU~x^#il=$kb`;mh5kX#1*-^;pc6mLq$j9g%YJdQ#hhenl zjmnI!eXfZqra(P{wMFs~mueeJAvCuBcOn%K|DD(8&8!=Q+*McB6uVOIt&KOsj~WPx0ku^F3}tQ8d1j~rkZU) zv4@vOK3iG{ckU0YuFQ(-5@Enq`!55UBU5-sQrM00h4aw4uFh2Zs^n%MZXQaMW zhPwF%=V%|tEWs-t{yonuO9Q_30tq)C+~55y|UQ{@Pk;! z8K$R1(ooWqm;HkJKa0Ar3sF`lhSOoaF=2;e!WTPD28wx$f&@U<+tej!y4=q1@b<5n z9W>`n{$O0Fv+gR#Zy1W4gMFdW7)ju6isE* zNHbt<{%_V6?OyY8ukNHF2ZCBMhFxt4z1I?}l!uowZ+(Dkpk`fY$w)oBlvT%R1~5{= z(Y1n@GS~`|G_Ty5hqTtCELBn$d)U&6jVLBofpMIbJ7zLks9t!dsb?o*@`rXAo3J6Z zv|;fD<7RM_wRVy6jI&$DZ$V}5>j_Jf)FQ{<8zLz;Q#YI1jS`v;0EkKbIPQxX-8CVe z2#@v)38*|qwvHsbz!d5G%&7k^gw!9cozi=R(88BwlCztX>nO4ZXqeGm zwtmNhGFIlz*&nZWwauWIb>v0z3N*3u@*Hxv($e}oJh~~EkZ+U#kieoW6DajD_98n6 z@DgyL0o-7lL=3RN^U?)XI9h(7sZ0)g9H?RYIQb6^&d9@NaI=Zix{%_5UQnsG)v#51R~o}*u9cZEK)-@=v8*m5K_5XXCeV=_ zo5a1vFFnQN8Uu)lb3&m+Sc&NS%6o}HH|<&hZ(aj1HNpIVj3B5M z`oSfC2W7~3GOypHZ?vs`S&DKMvF_@tOVKnTxJ4h+Jg-+oD)nd)7o232#4LZS?X6+g zC-}UmQ13~|(|pmj?$#np%0H4v8IW)5;!A{M5ER5+G731%pva0W^|4~cSBlI--qQuqU&LCXrN zW+?9vyZn}-jBI$dJTrfPVs)Ut;4~1tz*c_szzV*mV=BnH+&{2Xms{O(G3hEHE@=ZI zo4nNT_kpLSEoWbh51WbZOm=ZFgWK$O^ps5#)V_mTR|u^a4=hG;Ln282-`)NtAx62j*}v)bQ0 z{1R2KD(FQiV5DB!CcZy&^Y_ePK|Uu`S9L1hl_ds=F}rt-O>=Ad7}T{UEo%xOO#in7 zR&CawwF!qH4N5nHZDOZp{)we9&ATkIY0W!?Pxo(po71Tjo>NO<&v0oq{?BkQAMV{? z8`G(7kfI{^@TWP7p>|J3>QM-dU=SQVcikF|0}44Bm16&a-`e=o*WYH#7R0HNq?2%+ z*#U0I(#EJ(TczdXv{IY;otwsl8vzN*DJR619-*F)*E$zefzc zlF)TgEeJIp=j3`nIylrMKwtk-8Thq6&a3w}a>HX+wfHNw!(-R<_+N7)tiT_m7ie!v z0na^H?_;b|7knP_HoNYIN2Vd@%*EB$3IEuJqE(zdVlo=JbQm8Zs) ztHmlus&&`ZPm6r+g+B zM*$IfTRyR@^$7j$8HQ^BCGFYy-zL;FDrGkDYX5I6{yRvP;y317s!59O90EoD0mRh0 zKEQ_;Q#?vJIXyuDKL~jc^I9%-XI{z`x#evh^~pJaJ=_N@DL~<99G;pUXD>Wl0nnqP ztK7Fr-!f0x@~^sh5gQDj7vS8PXW;g>6>OaNK6g(j5_j)$#L{7$NLWr{>^MDPS52yu zi!O98vDkgthx1)`dCDA&Ws9JGwm{N+1rnlLCh@~p|bSgDAe?WZ+QhODw`h+_V$splA8EDH57fbr{_!i=Yk z39YciDT6}-&@IVh{-NhU1CLTiX!owQaOprv@d9YP9t5~8fE&IX1L8!&2lnekCeDX$^_)jO6stGHb)S$s%c32;H0$;Sn^DT)hxhf))0Y3`c zf9LOa5~qBpqFPrvof0miUS3EK4)hwk5Qg$)fUdBD#S51zR1ZsMcV|@TA!NXWtq{(0 zFSoijM9S%E2=_W9WD<^ZNkwf`c;k<9)fCcgxS3+rET>$tm0R2pS|mYSTm2VQ0P;Zm z3?TQXW(^bz+JOuG)**^zD&0vP(aTlOhK$v|r$6MG_VLVB6Dci@0tG@CQ2+>3#?;j+ zoMQEWXYqhS7fq8ANyX3E6V|o3IDORf;nZ8{>sOlo;QW>Ne^!-4(H~4M+19_D zP}H@?kyq{09i5{+pixqew7P+@X42HecF7(^oRpS0B6u$YF2Bevj!35tWfz&D(u|HC ztx~hyLXxW|dFmYG7yn%dCwx|X9vq+xDRfIqLMDs^p=zfi&Sn!(6?0xJo=^N_J-w^* zS~FEpkwQ{djOrBMqS{4r>fq)JzveG*Fr-!q+hET&k@FN|#-)SPot4Gvs{Td+?Gb2& z=kUH>|8l>!p!<2Zq~;m-G_^*iZeAmIujFZI1>dQ|C5@JWbv+jO7}#MOv!Q0H$Hs~S zFHCM8QcnAuS5AtqGxKDuxqKLoa@gA_xtGVZHA zb)jMt{#o5AhJ!YZx0p6hkP*Lf&1QQ#Wy4y`e=gbMbiMn#yR?Y99#XX>+`;v=c3NdQ zubneXJOJ(qsPC7N;X2?9tQKc8Dya5s;!$Q4&#jCd`iIdAU|7iez1)oy?WJ3t@zFzY zPe#5U4OaQGfS_LBf+KG|D9i2!Y1-%ifQYZO;z)_iOx9C>{mDr*4xpekKyCA#ZSNU?fnat`*uA&_Pjj|`4LonK5aAjecoI? z5cc>y-wZ_wd_H}gPadr5Uyb*CrYAjTe=Kk7zu{!RliSCqem&X4>wi95P#UMB5x8YY z-TJ!OJV1W4}3LMcViz1n>Kwdfa_C?N%M$%J2wOO z&wkC~Dw{RlKgtp*g$jhPe)0>XK?O6o{#Qx0b31O_k*i6?8dM}C7I4z1ACEUgBePrs z3GL6XHK#OIHhhNU%9Tjg;*pu7VPBcp&GxUaYG4NS|3>E{Drux+O3XZ8|IX4N0GJHo zL-8h& zjzvDEqnN#O!d3{?aO|(zrZMpm4rH{CDd1^bR4x5bMYr1gSc=)>X+-S3Y>Rzwn{OcH z+ES8BTte`B@Ne7s%tw|NzSWjxW%RV{II?u@U?Bs1B7l-&U*=N<)s1`_VCld@C{whH ztRHQ(!cgv7>1c2SXcZE+Eg9L&!;m*ws#4!&y({;hwJthpevbMf+!Hwt`%+y)nJNdP zVr=}OmHSe@<7C`|$j6W>)^*2|iI0C;8to}_1h*^MDVxTFdc3G7adiL#DX|R2c9$vh z2lchtT;sk-IV*>D%d%M-wOL60qFd}H{P{E^ML!Rou2!gqLoVt0OxrMilV^#ezYFun z`0q)T>j2{`-NpXx(zuE{#0fw(w8Y-XlffA=TZdLd8o7yi5Vm_lMs*}!R(R_0jzYMS zRQ}d+_{mMX(8G+jOud0*6Ga$)Cltd%EyxjWvTTQuQc|jmi}2xkC|C=VVmq zIYMy%63^xGHP5IvUfQHVJDcriI5nl}^+vFV06daRl|V><%`hM<1kD(cPJPuDd_Kdb z@&3D9b9|PDnAOU|`1Hj`4B=6{VcJP&lb00rbgcEZ6P}VH(U0kn1dZh~+&GXiLV7;7p7*Bc!^ zv^AV|f1p%z8$bMG{Px3EM?7A{%(v5(pxvjATnqiq4EK0hq*_osC>h(0=E`Y3Y{&g| zz;~+OPQnM1tP}dK{m=lo@KvJM^3!fSf1bbJoara)D!sj=JukdJeLnSk%VMCUd*)Ig z5G}j;KugiKlSgQ<^{P<7<5k_NOLSQ@4pz1a76Z_l zPE;_%9=?AQ2~;3LugYCqRi?cW&&c1|4S=++(iY$U`V_SH6*7#71uRq^lO`&KQ@djgHA;Kt9a$!zvQ?ITFTR}2$|hsM@JpU@S}t9b>Xd5*LOELnme94KZ#Z0S?Pot~}|(m+Gez7Z&G6W48lqHfV4blL?hXz^0rY7c_w zO1C=b9p+VT-d++V(##5k-y0 zg|9cjTE=+nL#x}=4OCh6;2KSlx518S(^zlg8iJ!@p*HpL4q_|ATRS7xo*V?|x>C%& z9^73uK3=88NC3~-Jd9q+nmS8>yO?>TZ7fp*kEaG~?Ic!Ca_YZM8Jk)kD*BpQ__@!OotZ6ZqD);)~2qH=8PcFIIvDwqx6A=;p--dzje(9oWjh!#{*u(Y78g824RN)3H^TEd1%c zXk!(&6c1s#3t9}v)y6x4g&$H`oaTx)e;aAaLDKzmTrRodwO}7vvFW^$AqQQv$SM?5 zGW{bcY)Q}Y&?J=1`l%|ZyD?y7!>rV$v?f&f0O4u#Qtz{3I&uYA84QaRPZkrLre;Cz z21@R>ONO-u7wR<9T)OzTP{)2#2p20~&?6z8u`SXJ*DL4+j+GxTcD_r~c*}c!Q0eF-gr{Aiy^B#etuG0kuUs3lKGE zGuvum&_G=iod--g_>moyU%XiXZ_591Na4`3wv5BE`4MpwzO{1DuDGV-YB`ajJWje< zIto@)i_1*3f?VznxPY;Y>xMNV_>pt>R1q0UBBbV=YJE)pA9WNW^gngf`agA)y|LMP z|NmDVbs_HdrH(?t`yX`_&e6g@b=1DYc>#5g_3-jC4CVC!*kpD=;OW~$b^$({nw+)T zlTvqO59fqtB9;*Z=gawkztOMX{e92>rH<7Md)5?dD31T_YSYN0fx1ANr(83oNEP0+2 zbA&(iOx~9Ghp_)_MeRULa(B?r)PYCbY)L)X)+isxvEAkN9_u~bl1HdN_$rR|I!1wF zFi~x`eoTF{-yb+tUFYX3_k|tN1iY8@*LZQqsKEG9Oa@+65lgsr@tWT)K!(2dpK?(3 z>tJ4`vo3tT0^FfIIt;w(8w)KyROmZSiedOaLk2}5>Pt2Zq2Xs)@-;3w{2K%!N|*f1lRtZ3K1kvJ z-u{dU?1=U50gFI`rOc53lS_K zrAVGg_(W+Fy*Uvyh&wd7t)&uw7k*VYj42P2@16KZQVo#PzEOOwjHlVdb;>*l#*Y;W zZ0M-|9gmt4%DAVVbTYEK2Nb2j25aUz_hqTj(p+LW;8qoo=oW+kf?X{U;9LH3#4YVv% zNL@ndo_5K!Mkvr8!H+6!9Ovy$7?-~wWMb*bmjw&g44U;TscF_$7piuD?dm4|IlfPX zRj2m*>Z%(|M+L0oazJ31Ynm*W)_Xi!e%#pI2D7}fhjClJa&|%mjTDj1f6HP z({tT;RbKIf4-58yQ8`~Njtw!c;;rOfBzP5f>u2qN`RtW1(M(qePOD+OeU-icEl0M7 zRSZa!Ry|m9nsRbg@P?8HUfDj9>Z!!!37uO@4T=Z(^3w?ikY}8P3P(irO-HeNIUKP%IZ{N+W(z;qgjZmo zhO6a7F-UTylIKDq*w$87PkA99ibTJpa2ZpaFLA!8!JcI{x*)#bze@1~y@WLzCg!YdgaQVrw54eE=kPa_KP z$945sq|HaM5WAmGI4VbcQyAW8x1TiiLj+_P{pk1mf9q>g$ONR3NpAC$TE72zTsXSe zO5Ep>Wo}=i>1x0=@%P&{BAE{L&QB4b{j!Okti)j4@_-!lgRT)ZCx7~3Pag>D)AP?(z-qdD15IsbZTFtqq`oUFgbL z6%dp?gFFMeNr%+RoijWb#%VKdm~ueWar5hxlW%N-4>;hwDdLI35tLobXFaf)?_Cn) zhrn%LM=Kq2l4tJno$&Oed%IOK8i66KaxqH?(A#{>4P{5^L7(JHrd8rHR~tr{-fY{> zi;fyz)CI|r3e=o}GHHyrR*^9bhxZ?WVv&Y&FP|S5EQe8{bYsNS9&gh3yu1rE-*ux; z*5czox1&!65>|T`dr?T~Um~Gn80yP?I-?g?6o-^ZFI%0|oPP~K6Y$!gmKIYQ) zoH$@JlbK$fBNa+-D2C4cx-*rM(@-oC#B3&`kV`ko!#%D?ttg+Q-mWp2D8h^sNh*=|6dpYR7Tth@10jLa&b>$7;Au))$(4HsqjZ| z(6+~I`MOe<>j<5}$dld66>(_f{mGHjp*eUwGxrRIky)3z<+zz@th5`$SpWf%wx2MF ztU$cAmst7JcQZ-o&uDzB3zWT1!iO2=fn=F;#wnx{t$x}}%rVXUXnzwmO0$qT{sv(# znxqEdw%bA(15PP4twhji_gtK=>wwK9(_h06+CGhS^Wa^d-ENiR{`~eWkDygG4&c>E z(d4ac9EvoO$r7e{0Sh2ehhJ-t1DW)umFSzzdxR~XI6c{+Jca6|Z_39Ng?kXB0Ljcez@;V7_$;_;-6fR!T_ zb1AgWbdd|h5v(!dpc2?}5av83QVR+H73B`JH!r=h7Ks-e&< z;8ht&jL^B=N{rsG_Z(o=-2}A>kcu(52lW%oscuDfa`zkn(*!Nc|L6giG&ozc6ew2t zHXKcaMDYgssYG_4ZvrD_su;Dzq zwZ9a6DGFZqq6{#xo=AN5vMP&00>t>6fL$Sh>)FQ~>3*Vu3`Uq5N`xGvtsYLVoYY@hBPJgC2ggRd;Z z_%rh^9wezenvPQIawtI4DWl>a#Ft~#j}FD1oC@38W;Zs>ZEaaOI4t@8>vw`rHwe-V zjg9S3xF=6YZr#Hc&GOZhk76+vgqFQ%U?uXfGtr~e5W&0iSQAE--0zY~g+^5k$()JM zG4ZA#z*&dS;+gaNgC%E2KQVcdY7{5bk;`s>@F66|6T3*eGFv{xo4pa%5$*Y3Y0up! zyT4gqQ*EvEiHXmH$OFG*YIu|vrLL3#gQ}gs{Y1*y4+JAXkJr#^aOV5~NaubM9(QnDi^_^jE04rMSnq`Vj&3_R)-sg6uCtIIUY58RTWYjzzbN-xo+LbiE~!zNaEfImaH^ z^#F_O2qfWDZ-r_@RmD$JtThmf$I80Zw!(Ca5{63RKanQeq#-1_(Kmc@x+$F$Rh%?W7^>LO;w*%mA&Uvfjrm()#Ny@KfR@zl}**}I0mya*8 z>rWsxx>?)wV@{9z5P>hN172A3!D9dFs;=SmVaS{eP9Vuw6e0b#qM*x0H#2QwhTmy}(#^uSNnfck%>?BGtu*q6Z}iN}8b zi15wf5*YW~o(K6mTTwcxeNTyweg}1e+xS;+u zRb#OHOVFkz*uOqAA^xz^b=xAe-KCYxtBBlZ{UbMV9Rv4XeibP#1aVo{-fQ%&TtD5K z6*A97je+`ti`<+|(fZ2;)O!dOm+_% zsZQvJxOQPkX}!E|PB8_EHh;?i&wWse#$y%zbzMANtNSp@!>#e}0~3Haub$Hi(qV z3pBgwiyN*D58>kr-RWANA9QxuLgwgvxNqHMQy0Y{5J-I`E;;#TC&{6Hg$_JTShz8& zV~xo7NFc&Ul9kE0K!MN>WdP^K+{|feWbjOk_>r`!T&?oJ4EN!bzQV4&WUZ?wr$(ViEZ1qZQHhO+qRvX z_q%_)wOf03y*~82Uf)L3s(D7FZu!mc` zZ`#>NU5$oK2R>24ado^%naFqBI4aSb0R5uPxg;R4(E7$>bz^HP}U{PI>%jH<)&%F~K zg*g@gX$U8;IYWuKF+f(h1n;VR;od@Cc(+IA_=V3g*FS5s*cSvJO9AX@3;k%Y2GOuDPTC(aW z5}9g?cL08ENl{!$5d6fV2sJcb3S~lwRGU-i0tU%XXiMA+#nI!}62JYbW#UYusU%ox zWvArifW}A$z-@7LC}J{YDgHL}qQO@*w1ZG9xC}A+wrd!ayi`-ZVg)H@(G27Sx}iZh zAyxXaAFYY5n9{h*>ys1@zo%S#e?itNk@ zieYo2JWsYyN1r>4ume$kMvJVMwCoGklBx_IK1fyzV2JedkDhET`2aXNbxf90AAT&p zdXRXyK$vNI0K>0Ug-%3Nbif^@>E-`#d1fXal{biTaq>F+z0zV}-hP4Ze-6mbHDO|& z7;IjeT%b}-8tW>biyOd*oSX7nH!0I4MD{zLh`!C_t%f%X3|z0hSg(ud1?fuWls7&F z*D7b!_z@n7_`NK!it99?#s zQji{4sg-YF^*sRI`oDrnUP+@zsc{n;Y1#XKq6{9dIQ=}aFF1I3l^`G}!YbPD3iwB- zXUV?}2Dim~K?^<@JS6W2S$d%!nMHpMHK>>6+-y0hDr=Gm?SP>ok8e}8%VR#{8HhjvP|1~da-n4g zCk$>$2TK{j({quL6sYJzW+nFf8;kw^w+6HQ|JGoQNxDvo!}uDvFI11Jo41ch;KcDc zhj>;zWy4nr0nk&Y!;=jfq2M5URUA~;6-bqvSF^3fuVC} zaQJ(-^kr}%;(@6I&;)qJtTbv5j3j)K(mvp_-ry2mY*PDzQtN_3k4~=Rf}W+{ehb(z zNtbYbU9&sUHmvZbohoAZ@KfQh_Wvbol}57}wHn7=X3+eOwy4wE9tD zB2py_0H6lB+Z1@L`k~qq+u$P)3D%ZQSl*^UTO{ibx|HKr=C*7&02bi!BV5hIbF zo6;HzZ-N2x8unrrh2_Bt!Qy?l=0T}x%G+w|3R{S0BTWn?5K877mY}N5Bt;VGfUFns zxafkEg1<>@mVRNxV;K=uC;ys?k8%`13LrguZQxw>&Q=d*;NbKe)qr6UE4?pLb^48} zqXr+S0}ZD0a3u;g%Hi~{c4lXz))|7h&GABaZ9N9vd-*cY^*eS z#foVYPMEgzADTEZ&Fm>M1+&g0CQ6X{gf2c<-2flAze;8q|B3eU&aY^W2$aYQ0Y&~t z#k!xRUlua9LeNgcGbk#RBdlR4ZdwBr5Q{StyN z2eXhd{`1r5)KWY`i(|Y%0}e36cE5l(+i4-Y(%|z;Hgb*vRwE#j2yR>~_ba_(2p1(o z!f?y_4~=#5Y4QHh$|D%~dkERYLKgWToP;6(Wd_;XEQ|so?NVY2MU)n0Aada$UXFI` zF{-ew{(PGpS^1~P)1!ZFkm-|7d%ceX$8%gkO79ntt)@aITVCyZ_b=PEdxTX&sO|!d z?!&YQqLW(uv{$<6%=d&8>LRp8C`Bc7!u6O7NZ97DNLeb~W!4i5Kg}ibPaa#ZVksL4 zU{@=sR7*}PB*4Zkk_7=NgTN02{`R@-vT(p^spI|B$pI|N^a*opr5y8?q2UqtG?lP- zt%Q^;%u zVlRhij~8W}dSZEe7{_P_j9@)-jkV_s<<`RqE)A@LCy8KcXWMnLlY zTRZU3`D_vjWjze=UCOTiRc&DR?;-20S$wrDL7mA7L(|aMa&=f~t292*FuL26@Xcer z&GuZS4oE_PGU@*H$-?&e`|)F8g|^4d&AOc3bpp zyH8t^w1X{K+5uHE(<2#<>zTJ8)io?R=sb3g3gtwV!GoR0@9L7=+}{OP2NN!FA%XNu zk(l^rPWC_q1sqs@}67_iF4`9h# z*_L>{^jaQPLzZM3!qI9Do{vE#3Gq1Qld{8TXE3FMrcuLjpl8_;qhj_VQveAOcQz|t zoEO_SsluNH{^cnCqLP6^Qo%xAG1td9RD-#vhC(ja`_>P~!o&!O-zoKd&G;?wAsj~B zszICB&QI-afl0K4vGHjLHtwO3Ex1Duh~b1YC71J`-rVqI4QPBbK#J zaZ{L9qK1dC9gM589)K~FJ|G)P)AbCJ=Lo#(ePPS-L4NKE?Qim4!OQk!21o)1;+ce=vBAesfdUww`kFLc|5Yv$f(-ClbbEH%!APo9-V~F@h;=I6!Ma%byXhxiX9OHxzOUju@PeJ*r=y z18sNP+svdam*o2O5@~hQ(m;O_a&!nJAh6 zfdAH9Mh>QnVt&SFSkX9edE2W?=zY7Lgk66KA|Yr&qdCyf@4hUIBT!oHlsIoih#dft zv{d)0rA$6v(?c-TJaI)JIZq-`>u;spbRHj~`hi-}Dnt(T$*59+c4Lau->~(YBrel! zGZ!Fnu!%}r5er1%9VvA~6{uXO#yac0*-3=$P7y==WLanPg1!_fA2ZJ|YG;zB0Hc4PmnS zw~H>k2kgrahC=X@qbV{HrsAf zj%ob<`fr|L`SHLcM3?;rMzmi2^|q;O<_U$-T=0gI`q5q2toq7}*rTgL5x3SO-tIa) z3z#FQ>RTg?*JBGGkm;JmOXNW@z955NyB7D!QTUqfba*B2yJ~im*t4eK@33oR*Xg2O zhY@Tq%O3&uxJr)*aw81Lj4i~3wk`QbRqm=XK|hYueFU1=1J$lTW#S4(j$ltp%_L6y zXw*A>6_M+nXJG`e__ z3~A9Y3=Am70wvo%&u^-%Yfq~Q=L5~qFiraFArmGSdOGg-Vl&leTEWZ!;zPY)H~?gQ zg`tPGtKphn3XITq={A1|EbE0B(~W^56{eFLc+}W1BE1vF7Eh1-SYC@2abcb1M7cdC z9*joD)#)WQQ}dzHZhR>EhY~Fx`$xjOJIT@2AY<*{OS)cVBC*PAwp;2U4Qkp~BG2z# zi>7ap_05A=OccDT8OQNNd6z>Cd6KP#qSYJly>AIUAZ!wsrquza=Rm$VsP;EyMyzyU zgIavI{H$|CJA^j5X=MRF*ju@EST{=bMR%luXyDk?=t^6bu^?oDSJhILJg{-*fGijL zGz?`eWNRt-3}ja?jaN4j_ca&9gYHk*jf!bD@dTft+pHGNd1Y*tt7DG4;IP5Xvj$6w zo(5J(jHCi0Km;R{D)aDWupW_q;tUt1(yWoDS`;P@Gr&vFgvIw{k8;np;D< zM$PV!#70BpX(4o1K!6n*nik6=w1A;oM~iD1FmR8rMW-~659X1Zy>z^khj-8fG``qG z1eilWp&Dx=M;H{zaLd=Vyrk)w(Xp)L_Nc2v#pIs(3WdIz*hbCp$|P$TCcIHyR~`r} zr;B5_rhTgHD{Dr6fNBR5T?_8AlDk9By*wy{4VU8 zK=4HtVFiQ-X=UsB%(~C-a{m@P(gY->xJh)<@bE*z!YMwCd$NlAQfbCt0bnc;qSHVM zl|~7bqP;**UuqqNS4`R{uF00p`Eh=KBSiH4BjH+Ln%D8qi-b{wCmuLf`Jzxs@2jc0 zm#Lcb8+1E!qJ2>oB9;6Ug;7Geuh4}HlIdZ@r##@cnjU})3=-B^`^|QnfLqd&I9;i>0lsc zVfvp|f^3(^;eBxfpeWN^6T$_{^pf(Nfuc z>sfVm^M`dyzW29TCAkH#P;m=U|xA^@Hy8qYn>&5{kt-5Ry>tq zavUo{X70B_|1uX5nee#irzlLiFkcnaGc_p>|h|F;L+^rLzs!@a2 zYfLOGZBtxMduQ@v=S+ZIKm}XV{!StuKlh*cK{`r|MhIlhD^A^Saf^+`9+t5ghFPJ9 z$V+BT=>v>4Cd4S~L)dn6U{~JxSpdePU_Y+suh*M*TI4?MVVQx2YxXU5PyLwT{#!v@ ziWVymZb9|a3JrYD(XyR1Yei8%t^f}RBV4@EM(6=i@{9}h?{W>(cWY(#2(QN-IJ`Z# zW5)6ak6P0^OhMdmneDPWo-XEt!J-jL>e0&F2U6R}(j1uC@+5{Ykii z#T&iT3Ud7$q~ckqE*w72i~A8xY_nU$wM19QKtO2%MaJichx$hXU0kJ{0Y*bgaFyP* z%u0$lm4LmJ@=8WKq1nQO2^Qn-oW>xB zsImBIzie?aKza^;BX>%A|rnh=?LtL=97Mpt(^S~g>@04i^eqvTDS=DG9vzFUU-h&i>cmx;LWFjm8VbQG9#E}P7QuWHCF9ZU+eYfL3MFHu^v{zwUw5bT4TgCPKl%8{ zrse*v7>37oeN>`Tuy#18$`b%6E*9mD&!-x&qjmql;O+Wyd%YCuC@LtHRp;!5Q=pYs z`q!mTq7@-qzEYeeHIzldlp_?DRs&fyS}WR0P9aB@+{i(rM9%5AobIq$p|0dq3bS^mmzPvW*GPi=7H>^5nvBT`>33cLG*B#_( zj9C4Zy1OMjRijiJi0Kx%CnV5i6}2t$Q&&kaQW(ud(db#Co~*LDsbLfLyut5+)m`b4N~ zSN3Myg?jA(PWpXohO@yr7%)mi!c103dEKu-p$N-PWV}?BBv$A@LYy4< zMOURG*-JCN`JdG8es`2w!xfb+Aqtp{qDJNba|GARA5dL3zcu4~SSy~V;_aiAi=yQ) zmu409HUT%J6cy@hV|Wa<+=vM4i!LVBhKq9ywd~jpeg>m)DcDf72p9hLgb|&>m@P(zh@!L@TcF+Ere>)Zwtd5GE&wv)Zz4cXr{SLEWJ99 zFoA&c!nSuV$l3^#Y)0g;Ck&Okh^6kg2FeDGuL zAM+Y*A^D28KKYQ1h9HU^bGP4&$*QBzN5#bT!}>cYk@dCx&uu|{#&;ciZ7iwC;}CF< z9E)0w2^^d*QRK2wGLg`?<0C+?DWtb92q78W%)T=Y&RkZ9P{rZPDD)qu64LzI6bckV z-wG_#ZhHO1pA|WU%0D#~;S7COzcvdb3o;2!8~h00%FC9)Zt^XgFdU4p%x0km5zxypn|9q)#B^;7FOx?4l7_=3 zOnfKtzbJ`U*NM-?HU0D>ObZQP>{Edh;fpSzwk!Mk)Di@S;SO(CY?0p$xVF+X;%MN=9|LRWQ3Si&X_A850`tn2SA zOvn<1qZ}R|RU`bT_2~D+z@<}tyXc0hTpRtXav?MO^2=mQtidk}?hid3hZ0s!NioVFhHcht9E5kFi(T?3bd^tY83(KZw(#_~yF~z?-K}3a) zh(-<^vGX@*s$zIF_X$iwna~?LQ6a6t^8axP3s}x?Md^x4Y>mw#LRcL(MLz0GkYs4w zdtt_pO1GickGU(OO!eZWH=0gX36E2l0-rQ*>h2;$Xr{V~soZd-h+Hv>!wk7dk_xvd z%YhG$rtJQ}d_Q00kc8-BV|lu=ynT)6;(l6{f8VX`sfO^b@p^l?y4v3EZLscWWp;gr z!uq`Po!=|`JT3HrJ>DDW6NiN8eu)+uV9$kxrOL6)5!%<6y=VUe535<)tftTE;t3+I z3Y%RiF;a$Hyl3|n=C2XV==OGJ*nSeyF-bHmML5U3qIqu&1g4oSG*imveKbqu-3k(F zF#CS4{Bkh7dSMAWz;G}?FtYYoLpiu!aNB@5_Dxm;N6ZH2AE?BnnJ}I!tB@{DG*wzC)Qs{rG!R7FjAJA*Ug!3lCh`{mf7$&=I|qKAA=j0R^{1K&Xfxk zwPT$}w*cDb+k!jW@vel|1aJ>Z?Z=esTsp_!6-a}0)hP0^mu}$;}eXRMx>wWNJi>mU_HR(bqE_hAV1%D0j9G4+@7}9a)Tb2Lq zGW=DOVv&}!#DK$o9F5|9-3pxEz?OLI@Hl4~H8txG&SW3?FZG~6#9W9FbusM7Xf&m~ zZz?b*B!0E+43$KF0p~VBBJF@GX}NQ1cmgsh2V)PiUesVK=!a6K=N?KOtHjJ$vlI9M z^`{jbMBbj1jrxqv#ST2f@HRcff1dkK;qf(%fBwYwQsW|uM!y8jo6lI5LRGR4(`}!n&tByi-%NDyxkiCtoXP8P% z3}79@v)$0hf#SW|%@1aOt~`p;>#o7m^_?q-sp|QgEh_L^YD8TEp#3+?sdru06Taz2 zOSYz6K^r+53!hp<5BcVTI;)IhX^>Z#9)2>ZWTG~Sn(X&x^0kX3T^5!_6`Dn%Vi(*Z zhg6!ppOiCG?lI9QN-(fy7R<%6#|vgfzP_w3P{kN_&^b8FndQd%!u7~Xf2$IdNwH}& z=rMh$b4H1jqjoUM)#9~ql+9$LL1Ic2(0Z@*H2pz7Gt77u@)O66FSan0A=KZVSIq~E z<{;4-emoT6W$s=!kL|Zz6{5(e1aSY!CwCoBO4$@l?s@HPiNREK*^4Pk$KJ;)ML z8)xCd*kU)+E?1~6b496$MEa_1f@2$QitZ~PZn-(3TEZ}#v|~vg{N$VgqsYdIr2{uf zN}0wW^%mfWYZ9~yMG}JXQMSI_4qUcE)zx?llDwgqxCtM5eE!p=i;W9yDV>V9!&+bb zw)Za!sI)sencW;-Z`&hX^4rQSAO*01=NGDx?hA(8o8&-Y8%-?k-G0hsXy@6W6(1`7 z=Ll8Hh%ProJ^cRiq;5UXU<+yx!-D3Z%o)MB*xd`#N~Xh`&H!GNud}ZbG0IL?DytAG zuO5T0baA2H@okb$&rr_*@-gM~QFiGnHxXX0OfrhRF4F?-1|DsPZaA%4;Y!%&UqbMW zC&K+so;g8~aTVSm2HKoSMa#^K!Mf~ht^KosZC!pzBdnshAg_5^nB?nK$`icER?gF= zZ9q=Vb76oAC)Wutvrs7MUFk8-`2fSfLg}_*VSwS(r{Q_*-RMtm7aBdGsu{_N`gT2|8yGcqsfZO{C%SLuIS-HO`q59% z)CEL!TzFRPV5gn5A|Sx9S5aRU5_Lef!Vzi?J#iTS4fOsg@Wl~k!=lFTryatfd!*qK zhwp;MGgAtz7-?6VxB?g{}VcmREO?0T&we3R&{)ZI7qmVNF3A z=O^QPRejR5v5>Vrd4NEp@8MHZvsv~D7t74qZ@C20&>IN3W_CcoN{ppN^U*1l} zSESPj<))=Ifc%p;1Njotatcw0i-egyy`x}P44eGda+SJU-h~%c#`juk268DOduPj8 zM1Bd&MRCkLoR#K-L`+bAx!Xd$N_JaLyEQE-#8V5$lVxoh9EmfgF!X*83|cBV^xxfZ z1zeTeg_DF!-CKKjd|7J>v~fjY7K?p+D7kdY$z3y$FnK;!AX4E5=8Ch#oSMtVgdf-z zC->3yOv}fEm4@!~$;Q{)GSA1u)wgE{?~ZlnDoMK07UiS72jNF@Q-DZu^Sq8pl?qq zEBv{TR>A9`3MK+H(hA_MX^{QHh7@|Kf1*8w>+V1DQ6ATZ&oI^ke!?<^R5o3z!5=Dr z5Lo;1?*(=Eal>5>FDycbD92^G^n0;PI<=PZ-*hdlvLj*8iT&sDhUM4(|w&8Z6st(z>h2FT~zRK7Tg34pp5GyG+r47Hv$WYT3ipf3~Cji6kvF`O|kA0 zHJP*(7~ea6A+JnJb33G2MYqq%57NQ%O|J-KQMG$IRUd1g0YrZW}c-rgsqkDf!c9N$!&piO1a2N%QE7{~PU4 zljX@Ail%eYsr&Ncitc@;Zwgat1Q2%${DF|e8x0!Q03MT29tY_3ZO0yA;x3!Laemf>?gE1?dZ!UmKaj&gyFBe9ysNwAHfIafkIO3y{g z)POWN9y$^a8!hr+)eE%Oca1dcIlvsa0|m$#6br8?4>2!?ejzVMNN?zx5zcJNE4UZi zIfuU1YwJYK3X&SFIKsC`+2zP?UI5*^QA!M}=$}x7ZI!x7^8y^omI>s12_cbl4!ngd zujZo@8JF(M8boEyN1?!rQw|bd&l4@ezpr*#hEd%e6Tz?!!uoQr-6V*gO&fp@YQ5fu z9l&01NHLFRO}=@PmwFJW>pSND2%}w`?vKHmEH7<|i827t`@unWHWK8O0ckRh&{#nd zPg2v7j`o1o6wGudJ-=6DE=!Hy%o@8>?Z=N4FxC5IaKYvmby+#BVY z+lRBV?2nC*FO=FHz~9sEM?R?WK0Vzvdv|eQuP&0iq;hV@j>#GBQ1I9(z zx>1m)@Znvzwg^HIT3=dDiHo`u1=@(p@Jl=#V`3f2{zFA zMb^9Q1GKDQwsz?KgXvu{ps+aXe#mJYS=oGIyI+`&t$wCrf>`@?8O2@TYc)--_u*~h zq65&u-QYWSfgUB$WN&;J4BJX zKD4r&I|ps_9k$WZh1_+MR+$6(T>O}`aCc7=lT;8b1p6%4wj^(ABkrR%lC7JGZS)n& zs1pGsPdOe+;Ss~)0W|I#^8%Xq`!3PtL~z-fc`YLkN8p)otcfwaThZ9k|E=HG0u2c& z`6Rq2%7NDl`%blYz-zkNM}_P!^Cip|e&!%gmL5j43% zg>Hvzhlgt3y>u9N1}m?h(eIhj$2Hz{NL+%7NK%@amEJY>fCg`UKvtV4IH_+J_p4r% z4)li2g@c+ozr8{rY7-DBDir>IH9G`+VS~bQ$|IG9myvVqGz0`q6BS#u*l-`=$G#kJ zQnLCkCe7u6@w~?uEsc7Sz%dPvLo>)n--j5Y^-zQe|pKMyey$RjsEuh@?3kW-M*>Y29Q44nzG) z=O?b!DA|kAI6cjQ9#}PYz3j^|X;(Z0C+aU7ei;L62wM8=^==b=&gRv2@?`ib${;cs zYyV9je3aDR_>zHt%tygVUBvt|;!jq=9MXAgg%B0=hHsQRu$j|F%FZ!wvu0 z<;-_Y%GGj9X)Y8rlu=K1JxZH|GgHODz;!^yJkRtQFx3vqaG=WRdHX@oh}z(kZXlHu zLm_is1P(y$MW52mvT2;Pv;>)Ef}ul#K4BH>wf|fByLaX>U)-V8SnM)O-a2s)3neEP z77@3Y&+xNI(7yv-W@hisDN~^CDLUjXf>(5-K*}n=-ye{s*0w$i>ebZo5jwkJnW02wsSZln=n;} z=B*TBZGDiL+8UTtJRvgZm?hIN6Gd_0mKLw*yeOa|+Z!hv=j{-TX_H<~wt9;2U~)4R z#cewvlfa9Yv?}t~cLPSF$n8~yPJS`s76d_%#bP@43?Nm4V3HaOO;Ff56H9UXxb9C@ z)Ie4TCW4)4U^3KPYn|;4CZzwhl=UHV$si`QJ z0~1ywL*^ksOvqH6Z#ux&DJ=`Wj1##m)SQ&_4r}^wAvsK&Fg=JuUaA&eqZL||r#bbX zKlc7>8DX~FL!MZTR(#&xnDlD;OHO6;wyHI@KtC`ca|)(K0@)I!Cvy#2h8W=Nj71i1_p-bKM3HU z2KJjp`RDcWwqhXX61Rtki;L~`_A0}MW?IL4Fof3&&&jRq=lyIK$o-AJE`DI3=9_T7 zE-oznv0;pcO0b3=Rbz^^It&cD1WqkKmS2~LcllRXuM(2$pL#W1PsEON$E|zyW}f1i zBo}%!YrJA=YLVO#D_m7~W@VK@3E}QFe2Yvo3)pptPNl~MPWUuW7l53(2RNdtwQ`wq z!f^#9NZciWmD$C~`?Vuur8jL#+REoS1QPzo0g55MpEUB$^}cY`)KyD#{SN94L}5t?wyNx!vO zQ3417&{#4-Q>TYtYpZ|kOY*eC@rVaL4$5B0f3KWx7dFMzsgS@rde$?V;f^$`TBd|4 z!D);a!!n3>)#r=6QMLFwv3;l&_NZ2~JEdIZBv}?(RbGsh?5rf11%!4&qLMERZ*TYx z7)7|m_E81fw}%QIpi=-n+aM9wtmy9%Nvya!%8ml!a(Hxan!Tu%k9_&0W;u{n!Aj|v zJ_o*%HJMS5a1>@M$sDnUS+yc>)1)~R2Stow=wOOz65o#E)rUiwrf7Y4K{D|b^XCNS zB*+hKmo0e%m`^5$2eqEHpZn#HWjMZB$S<`6N;NTL5joqa2(ADr zPGi$CAU5V;KH_%;f3&Jki?pzb27F*-LqHQJ0QA@jAO18_gJMP1`mox)TRoB0XLODc z)C=g=gsRUSB^~1<=n%=q?n{_P?t#isQwv9H5Pd?g=tlk%42MG0c!^sIQuqtKPeGFt zv%_8_&#rpsfK@lGARE1EeeVBs^`Hi*Wob()gOlWfs-b=Xn}*7r{b_8O{yhXD#33RX zgr<2@CdP9czXo(TBo4GwbT+vqK&@o55xHD_Cvam*Y}1Ow9yHjk>7}mo`|7ky4|Oxu z=nCiMwlPx#h0v04Q`7+Qnx6s{6!vFa$^lHBj}Sw3a5Rn5q>7dO=;bRJ0TO~F+retv z;B7hou6&=X>XEP91hHi|;WRUQO9=Hb!%GOz&Cqsyq2ku~DT<7m#c!#~O%;()pV_qg zO4-ZNpVa+vdD@w)>}HWBI4gvYC6Uc8Q4oKwE!&3YEN!{TPj$8}So#wyXsHwZ?%BVS zinMrJHXK}L2zf5A1a#$B>?Ez*fV7f35SPUbERHNiZV4uuC(K}}wgBS6t6h8|rnjeTAeaewKdz~}0*gEa#OYum$>dC!^ad^ry@7;`JbwvtN>efyB=m;y| zZ%9@3G=Utr>soiz;^`iWl3bF61%F((h?7XKa$=H1N*TFc9zu9!8~`O=VU1|NIJ17R zQG^A^7dHMRxV6zyaeaW4L}f4ysvA@qYV5fM`XIFHD!8>voql2}&qC0BrC|w9$(xd8 zS6=`m#~vyms-2mUHokRAJIA~^13iN2IU7LzTZ4i*2?ckPGGWOdjJ&2HE%t|cr-=+k zBP3z&mlSs0V&nbe2-N8j<1qvRoQRxUe;?k?KXDX976^ z_cOgW!^EsCw5lFBrZtg;uj`SLa2+sWOql6$eeMW@(acEIkzKdrev0a~hAH+)W5jY} z3kE5%*Ww8G5$)3AD|6n^;rUX2xe0S73kX{9(!B|3-uyJrXqE{AcKfE7>dYDc6bA-q z?QOSR0i^!*ETZDg3%k?a1S_V-g3YE#^anJ%XuaWkp-k`T&0H#fuDS5^b647aV!L^w z<$$=6`e9mmu>zUK^HqgI9j0Ja%A?$yav4T; z@5j_yCNABG@74}H#wo_yLr~DS|Evu?avT-?RpgXi$I9&??}_rPlJE1U-W7m@wUpdm z{u#rop9_kGw6@XOz(CtLT@!3AcFNl{~guYgOdgLA0WaX7t}i+&baRl;a5>oCM+w2P=+u| zvcA!;)-dwo7b4M9QXQ;KE1~aLvCmPc;mq1*Qm4%|iep1$yXy7s2=cfG1H$7eqc{_i zfw=p>od4JuytRb5;FyS97xJSO`|bSWZVm{xZ_00gn(GcjpF7Sy*zCQu2H&?Hxy?PI zMGHxF%C=O1-&aQ;z$%e$C^%l6l@2(giF&TU??dwc*}&uTP%(Tu6ZYG1BY1+r@4gfV zl!!Qkb#*Il_U*SM(w7wa#UbZyWVwFcTkj_WEsVoW9(fPUpk)nl+;%IvqNTgJs`9gv zNv;ar0QRdngOuYvgWKA9=1iKZ3*<<{Y~nY5l)C1w)}im`8=vZr!KIYUoQ91dUg2uS z{l*+;jMRP~yD;iwfMMA5p_`VU3pxAZU_<#+}F&qnUW0I$1;Bq6dGx9R(X1P?(f^(xQC zd4C{Rd>z@e!Rwfy?|=UP=NiLaFaOImh6D0T_J%P}-K4e_m@9>!nwDR%?8Mnd99#8wJmbOyQC$S%+4SCaC&eOI1Tl`h7#u=YXL)uh+|HEW*M#8YM=egVfLWm%5rAfT)Iz7SoB%WW#!+d&0S*gDi;K za++mIb8J^tS=E;eXd9qFZ5@hs%7Fem9h~&Ho6M9~W5+`x1;|HZw>zQ<4P!)sG(o!; zASji9qC4WD70_>GKDaaYwkwRZl%$tRD}D3+6D$=^*-N{jjo->!>RNc(oh!kt18FfQ zr7%20-Vsa%=HK^*Ws=={V$HWZddqubuIVzT0>IdQ6V2^RtyOpB!D|$75Ef>gdIDuv zW2%O_RbLs^OdzJE=xkO|TkW>B{UOCCzqSi3LgaKEg(x}&1ANi~Qq7wyaw|Ook`jp3nx^}8f6c~Ix8x7wNQ?t=fxq$M1$i^hYz@Rl z9_yx_MIC(II5d5Mkvbx|fIxZ##DxMKg@sTA{D@{j*@;D}Ho<;V_DCl#P)j5tWu?cC zc-WFl7aH%{Q<)7Y(*fIrskD&)(wpZ&K(IXa%#C$f_jU8Ie!$&4ZUQ1+!I^vbyx$Xb zI+CuQcn$Px`gRx!bW~9;%wftQGkFKJKLqEPKyiwc@oYDStKs1oDtk5Gy z;0x2-@W*xhAEa87|96aa<2`2OT(rKtR=2R$>?!f^SSEM*J~Q4RYLC8p|B znmYDV{C6SSRc!5nb0ly>5D}q3<*?g$3p#d7-2+Q__1wNuAIU<~&mQX3?nN7HNIu>i zJOW?ueUmv?&@A64c7D^#%gT$(L$(O4ZXfuPtv|>-R|hoHa;7EjvKGw6)N&fZFWLC1 zx{OqCH4s$sy$ZuDgh{d_BdMzrj(^L?=b6j}H6!5L$`|(}RP~;zby+`8wG{##&rqqB zBYiFrVk||(G3C$Oy8@t36E;2fRpMur1C`Z6Hif02GOlma1^7tLDTXM&Hp$yx#CJXl zZ@lJTc+Na>9=l}SPuBkTeD&~GEHcwGVjnbp6%-zi=5X`ANUK4M>_%qNEo#%;6=>b$?_=P_FdZre zK31oXn>Rr8jEpk$FG+STY7;x+^ONW8V901rQ50?vnZ&Wc zNJ2Oawwwl7CPYMdyt%w>A}?VxfVaHEoQq3r;v~kUCB$|Gw0*|%i$kXFEy}XG>p2+b ztp@EwAhakT5-IN@&88xfx>!fU(;<6|=6^3I&JPx@13VQ;PT7(Jv`^6XdSVmzj3f-w z;Nbv~YtYj=&Zue+FuSF*AIamFEVKMepXP56yQDQc|H)AyzU>0y6|@%|h%+%BVOu{0 z^J7ZIU|?z5e2N}lFIWemc(4vpc8Cyi&Bd|xw!9m?sc)kX>9xh=kkJ)ZmYz-7<0#Ky z*uuMw^x%accuv+HXtG(IGuP~KSAy3fZ5?A3_#~+<90N*Swsj244#%Co7cciSQ3lg8-xAQvbp+iZZkn^SlFAJI_ ztZ?=1?ILA^vgYQ4!g5gXg<;hUD>J9ZS@B@Zt5Mz|Nr=;Dt5@`SoWkQRVV|ne!D$&= zoUTJRfzp}#4M*V)IwM(u!l9dYGamjFYI>a0X=6IRsF z>so#yQU=w>Prd&*k4`O71u!r4PzFFhvavFtKNgUcgVDjR0qLEwYT21K_#7-z7Tp0W zgJ^{tgtl>iv)Z@my+^*E<-DQ2k_j@^(7m^FsIxWZfX!g#?wg9)h7#pc4_l9ZKdyIv zdB&AhHxS6o3*bvgvKN#qd>5?kx<>7W2BRp%OX{%i%cfh{qNqypEV7dkn+(o!mV_vZ z)%K9 zgZuTD1j(#7rQ-u$t^B1p2`!(%V~4~rUcdB>E48J(YlF(SPuOQ&9}L8sQcbb@DHvD$ z9;K$re}`vr7obWUx@%A5uIeiKAQHfTSuepN@)gi&h523?03;0g@!!Ui~V=Ia;D5vEsIVUgyI-AF9E4932^n_ra;F+}lJ zb+D9_FwYxY!}K6aJx~P%8Om%ZIKX6=PZ`WsJs(TZFMKJFJKJ2W^tZZ8tpHwHZ8br( zGa=D#udviH4Q*@!y`7H^zY5MhIpxk}Zsb=$qJh44JIoLYtoQYBHEfFeG%!36R0WmI}?kb8k*?rj($ z(MD`hFJ78c`FS>oT7{5nJH^bMV6iG!phMqx!gqu)jH8yGUW#RsJJQ(}+Z)UHH2pv7 zB+U5miDwOjumx%=_!mL}DD!|P$EL7S;Wt$bI9Wg{4S(V%3hA(k)Jec}5FW730dn%E z$*oNbe?|={_0!0=6CB8&@JJmyO9+x|8k;O?*0Y{$T|ZQItwb|#qEwr$%T+qN~~ zX5RPSy?3j&wsxzws;m1{|J!xCe&>8X&+|1jm(mDr&|)#inu{hpg8%^FKTLGi_B^+4s*o<&Vw;(9hEF&4YAvNeAV^V8YILE>*^e5P zu4y#gF)0Y8kl3l4oF(0ye8Q`|ZO*|_>IU|~Xbv(qY`KCCkKK5OK_gYj7arTZ)A6-D$YDAit4`}oB?1c z=DO%domFCO?LtDY7&Oq*Xl-mzMV(K!?n_a5BDzAfkV-(clct@Q$|t{OW)J()FIjzT z{~n4#bp^D8Qf{h@BIi^>VH(f2w(Dp!L1j@VTRFJXj~88ksVdoGQp8y_i#DOTPp3F& z&gYGyx%k<3fquG|1U&KwtA~X7!R(vrY*(!O-%rEEAqd%(um`|A^ zkyHKARASz>5~MVPcx@;R4D-Y(gl}aiSVb`YXSL>Ci4iGQXeICsO1~#((AktqtNukX z$p{1nD44;w0!r&BqVq%!0aF#)y7TcFrK5&SjmUB`J>T^Z^=M7DfeFdf-<4ibZ_(vY z$$nkSLP>oAItw_YKoi1}&^(jINMos%vyoasVe(AS@%JO>VtGJ-b}K*#WCeO6XC2;A z8P!>ZazbYGVbSPz3`^{b?S+eErj0R*g{IQ`e$O1zc6`YDv$2uo@#ONp%YO}Y?+n{; zL}jpk5>(VjB(hD|Zl5q(L%-{1#P|Lq5B4H-9&Oa&ro={(1$#6g@d!M4MFt)^tk3nu znNg2DAts7^nO)WySvL%VbEU7dLynMeWwY|7ce@m~H$Y6AU!l5|-!~3Zr6#{&E_D{u zQ6)UBQa8htuh=BvIK6DSkJ|#;7WCO29@s*vuC%qYeDt?p%QTHb0MI__SlSyJcurxq z67`RS;l7&{i+FZBlo6i&-2j0;l}}pxT}$ZWZ|N*eu2{61@X@Bae&&)|E-H$`Oi^71 zN<~kQ)F$Q9%s1ayMiHr09p!Aa#*-9f#*2sGfLML7z7!0|E>vPTbX*HtMWPb6m6mCi z36d!$B}fE3lb4;2d#NK>!_a9+4&TwW0KZE`w^C`(kdR3F5_V@g<~(Z(0!>ue^BZp@ zt%|4_sYn^&H20jA)$)Sasu4B94wAPc0lu&4TTvwOs90Oa-qblqMT*w-LoQ^67U7^1 zxqfpZT15=vO>aNp8lPGgk54Iu`_vLx80f@qF=p4oxVtU<6)Jk}05Lri6SKJUPjUYLdbyHXr^l(-vNyH?7EgfZt|lx6;v zFlK<4r|WcM!!C}bK)Zeob#6~84Avzz(GRE`-Ue)Gp-Zy$u;HL!mmzaqvs()yJPj#K`_hV2$JRVKpX0{p55BcuNYPHjfM*11%MpA;$OA>q zkb(Z9VpLGF8sR~xeR4tyKhG!pP)l37hDIh@-LIX>-D506adop|y7g|){f8>!?QYNi z&v5!7w0$kMAY^aOfuAlezf+3|L}A)KSI?3fpZKTPpy3kq=@5;nQGvalKMfe7#M5Ip0pV?dG;$ z`vF;H1ru;g-f#34m{u=0_5IZuKSPODs6qTXa{&){j18;Pud*7Pz0<@K4Pd%_BH_aU(2pYqrxtP#mC=XX%77VrqMwZSaN&FUWv$Q7wauH2w& zaSH>F%a2*Lcuu0AKN(5x&%t9@&}p}6X3Lox=H$1)Zx_CTf{R@;Mq$Qq`=KP)A%~Cn z>sQ2{JO1!$NO1w}rUKV_W@BJ|t_|@fr~l9_ko*D(-{LOmIa#75n#7OiC39H~MwE1# z?)+SUv&j>qt1gv$68o)_PMZe7AwbJu1Oqoy7d9)o$jl!(ehH2wP>-sh5cIc$V@2en z6fC;+;qvaV$1x(vPw2L)pRaRG=C1E7Qt?*0C!Jh#F^<-;0o(?pN`w!FgjY>Lx`zAW z+SgHN-u_rB?fF4l2#B$=0V$9;bfC!L^zyKqAgFnL*N+1Ritu|9(cc6aNYRk{ocajp zX{V3)y#PMIZBqCLor{f+=Z#gJiwk$_$%_klLZo5QXs@+;_7%NRmxIH)Ugv|u0Cg`n zy~nQQX9ccC4h1@Gd2sZR_rfd|1TI%=$~|u`dEMNJG{XcT)|9e#POCu+7)p&sUFFxc zN>o-^?*E2Ae&hWYe?+C?{lXs|hq}M;N8t59WUvRjYCk=E)X_)^cjHbVlWqb6yL`0`ycwT;V=CNMNQ^JnF8* z$NNEB1j=%lGjSSobx@2-`0HM!`*XMB?k*%#d9pJxu+4f;?rXwAs_r7tXd_brk%qLv zH9Y4W?{9VcyL{J3ouB1bOY|8J>xfzgdWsy1M)3CiKVa|j))9&w?(Hu9oR^NZ{n;Nv zNYt5ZU^0D35~)KN+wh;WWj5Ad&M2M9a*?Z%)YaEVWeRGMs(^$zf5JGNo(-dUm6*okTY-q~ZLdORNhW_| zOls*+*;Bgr;Wq44s2xY=1x<*;2c_5l^e;mjwF zqRXsSWzMVzx}!yoI`t|cg?XVHB-cqLU0JUmEEn7+PD*_ zl`zXns8Ku#{$>7ot7UAf`&G#PgPT7C$(pvQR3jAy%E6 zKxlDfvzXC@x_iO&jt}Dhf>E3|{C{E;wbxmJVrdM;1Bb0^%bCr4C2o{V!Rw_sv%7~# zE)^DKB0A}MeM5$C8kMBTrmUGJ$x%QO6R)>+!G^Tu=?X|&~-sCB7n{wD56xW0Zal_=AtU4wHg)5 zbS5HKG&VG=JUf><$7Xi5sfW|u`K)*p(=b^+;D#!sma^EP4(uH09z%$fgGajqlDQz_ z5X~5pr-2~16v4*PN3TYys)7zybESDR-F#X~TOqG$TnW$NU?{+(ZjNTfyGj{o$o^^I z#vg7TwHP&@&!DtD8@y4EpFKeVD#x z*L+rlq{cHdyJ+q4DP(3jJib=3%#-g%sO7;Zp3;=^&jMRPM42>@`&_d zMzBMbmYrXb6bkFED$Let*8F{4znJ--`d*quZV)%y)xnK4LB_FgI8Wx3xkl3{9^$vZ zL-Gt;+7$k?yC>UM#(U{ALybTV0YYxY^$^4s%u|1U<Pp)Yb~7+!RC_86DslL zTAEeW0?r@Rdh*mv$+&5{yWR6VfAzCD?>o=2*;?3i@%66ml(NXba$InErRD2t?h<2# zi>~{Xq|&B%hI)LInbtOTsiZc?BEyR9tKJB^54a zr;Ym9rDBx0rW1|vTl=yO6=j^LM;`dg&ha?)UYC^%5>AH0K3NH4a5id@=G&jU$r0Te-lZ=MU(c`O+zO#_HWyWQdl z-~a#B@cQR+zgrm+k|xO9Ln^{Sp@n?19QNT0S=sdjnub78&mcb6h6wA|a^BB^*E>A5 zqrJHUAi9ltAv=u2U`B$jC=0)^L!xSYTFWMmb-3g6qP7Q^4;HRtQJJuLo}FT3`!5t^ zp=j@dc)AqIEwai3gQ3UoEi#2;J2JZ1Uxl5ett&^y5$Hlae`e*i>e@s^abC#ZOfi32 zLW~tBw_$CL-IuHcr>{$-d`{bQz$;RIM`M`PNV3#(%}%^5_mGy3N|PKmn>eh3v3midI3=wz679;7qyj9Kr5~ zQBalGlxOIu*oMxkH5gQH|X<&*{&^Q4#xwgU{B~+;Grm4P8E>*6WuI8XZw+i z+njC>bR*m;H*-<;I5$rNbO{+_;iq`AFQXBa-}y(tA3L^7-9kI?y*?;6#$T6?R6ia{ ztz4NMR}05Dsp$1Q!t#*}l?3IB?7EbPV(;jNrd+;;-E=TyYzJ?RIuIIF*VBWN4U>Yk zuD49-b}=mR%79mdu=bbaWLK*tJw!WGuSdWrj|m~8<7){@bE+;7(U%90oy7?d`Z7pF z(^D$z>1PEhp5l@X%ixyDf7~~m08#9Oh4*spm_Q;W8#)G3=qu#{H55GO1x1$hbFHL8#6g`Tqae~+vyA3kW6Z5)=Ds78P= zyPA^wY*vb#3LLT&d@C=+d^0~{NhxN$uT|{Z!1d_H4#BlIEZ1&q-F-RUVZk{jlW1AT zx)z)&88$O9>bP1+xRT%?98km*z7Ke)v6=UT=zaS^p?XDuT5a!tf7uyKHchvtMbW}n zLzR)cN1e}t2-Q@67X{Dx#CkYZq*W#tZwseepUC3&Ffu${Sn3BOjdn!p;MlU(DS7T* z95Mx0&Tk@uX-wrQwpvn{45i}7m+#+A4Lv^snA~Y80Hv{Vs zv(bzl{|z6wq+;L{%yh`$3NisQEiii&*LJN@vf_e{);UH?D6h^|kM8#kTRo=5XXq5C z1!Ab}#J?)K>7@ZOuz@Vp)kg0}@8SnKvap*kh&qu%$qeG@MUMD9+fj*$D)*Rp&Cn+#un^;$r#!d}Fie$70} z1bw~Uwhn*9G*M~*&>!1_(bY^jqZt5Eq8qmwRJ`KaS3ZPh8uR;NZD+Y1{fdKC5q!_* z>Efm#@P}cxz{+f}e3=Wnb3n-@vi@iSWHs{1Ec)0nX;m|@kt!TEnSEmX%${0PrH5!3 z5LEyCe3W(vwO8||kNgg3tn=gGXH)TKqAsw^c~VZm6TwpR30_h+;^7Cex7cVS_9tCT zmIY>(`HLZ!v;8j^GVsY?4Ea^6ROF=@&uZY8PS?$jc_3;c5w%bU?K}(w#3(YVdA5r( zM`1l~x3~W-1v_iRu}Aeho2Df8D!COwsb_V-`Ce(zbWt=7OSl1$d#1)pP5^0#z|-+x z`uImT2NO;7>3kfUI^cR<8_J!Vb$R?G^#QJqU>=%6mX5?$e>oZm^l!1(b^zbP|HOF5 zd~eKiReV&+ot043L-?Q{A*@^2zWe(@f)J!#pu;@;qyUw}>cbp3YeCO090(#d2o*bN zuM|`IWFpGa-Fpx=;HTs>Qo1}7k>4z-Jl|sQS^(l$qP=8vkJguOU3XKz)nB~HO#snX zYH-{~IeXF!;l~^S*s#39QWYBVjF`Z|b5)yZDG8hFsD|xrh7t%lQ-QdpxT-$Z+~o2x z#QzpPCch6a^TQkysG7DW0YHL-X%^&36E*QGE=(j*aMJ_*aX@k1$^^nF+T$Cp{SmM5 zV-6Ss8Hyndbo4mN=)25lJ+Jjjds@<}pp^P3$tPW_QrW_--5w`QH1M#oLe3PIlf;oS zvQ3R5=X(rGS3vN3>ttfCDggTeFk>3s^AP9Qd0`pJdboY_m7?-O2c@nKqvFNLjT&`+ z+Cc`2YRKaQ#VoWB@1f@ClpgK<8aXtiMgYuQ^gUk-d50(2+r4-rw{5hNvmkD8eVx16 zWw{5}!Jf5;YH>4o_lWt!izy;F`qgsPRby$X58nte*w}I?1)ZE#seYng&>`OgfU`ld z^j{0guN~OX=z9{uU=iO&pFCDsQyDJ^J`vu{(fDlny)GU0q_BJ=wqkS**2HbBK0Ww% z#a$?d&sB{T!yVVreRqGzc%LjmWBNQ8MF29DLK%s+0P9n(1n6yqGNu5CS{t!1?}L zu8Lg5Z;aQDY0x;!lCmqlW8BGyO3=xSseSE7CQ%diyQ7tCYD$-NzvQ=d?w(F!9Ltwt zck1}}c2rj-mQeV>Z67zt+zW8v+90`?+QoZw4R(Wa)8xJ{G=QRfpn-f}Fs>{0W|o(q^MW-WI#JGPPve>rv~} zoGxWdQvX@=S7svJ@KZ%qKDveere#%b)onUO^o;}2SdFYMEVQMQo5b8d1)iV@J8?Ei zIyhZiDDP?gH-$NF+8KXDlLL#@-<|+S{R1|bUKO`I;}M)ukaOLoisHed<#g|D7K zDQpc%KoItTtU5|&AMo9{UQ!r4sqdNUobEcobyC{B(=lWQMeW*0-r}TI8S;!fJg9;{ zdd+B|;`!R5aB=7+!%U-94@(c2#LsY5;5N+ua0b}2_$`HT!Nv1j8;Z|DOz!*xSmX_; zje<;}g)dF?=t6exVgCIu4G^X97hAu<>ekB#Cxbv;2|5P$Qp-KQ*j*+{_k1- z-&B6|n1nmRf>El5E;8sq;61w;u&Jw*S*PgFQdloru4ptdMtuqlI5z zM&hF%{6!5_T#({GLc;7Ft8k#iP*U(i?TQ_jeTS03XJ3ZnvItu`1WU@5X$nJCpobl) zl*=0B4+<=y!&DTe;1HI8pe8(qC6I)E0%*V3!0~U(YjI{*ZhoO*aw0L~sGun9Y(E2{ zF5$kVO)aB$TezX!&bVml%q8=i9yqk0^hWI~97ZAGYw3S-2nf+6c^RkfmFRhiTZ{*z zzW*HHs~v^M#u!@p{<4?NdUkMy-$svhpke$^(eC408WFHVE_NO$@CcRr2+QwRjY*7CxD^N* z)Onfduh{P!9oHdar=PYqy?D#1Ubjw(nXo@h>?GD&&v)9@^jcHRui!6VTc}k$!aRB= zy75%9zZ!*kt9m%sjD}^wF_}*0^$BwwGmu70~mmw346j$hrx1lW{PY!sz{B~;lV=%;aarwZ2-y8eC}r`* z5G4!-B9jIkOB4gx4CEbdZr@gpfJv<+|G*<3;(zYA-Kw$wIU4?U7h@K`_4$509+S=C z>vNyoogYvkXJeWDy*cfD))FBJJ9^$!@@P9?;TWt607MN)Td5B#!sj3BssL0za{Ti{gAJ=AlkdWMUB?T8NGpPrfG5oc^)PdvmxJ zaOxcngh#%s2As=%X=>hVu)KVqSCm}3=ji8#;p4w*czAqVZ)5I1+2bY!i@$za-X*Px z61dK*hUqi!!q%pzL9x$&*iZ0z!uy3@UpbO*Z#OY9awXayAUwQp z>=)Phq#54tBL`S!3{h4k?YhoVN49&vT`3b})`*@H8bW<^k|pS}l{NB}O<@Jv$Np7F zy3G^{)iB|!J zA0elyeV}!*$~;+kWLPa`A^bX{gN-|I9;f8=Ke^RT^X+Y2weeKKZI$mTQZH+^1r<+)w6^lX>>H8g3dOZk zT`KC`uM4z=>Y?DL*Baa6Dv9UBG>Set9n5}^3$S?sQ>9r^PH@R*z!zh(=wfwyU&B$*(N2@{?Bp-QrabEw{7g*$-1?G)WJfzwLx z4U>MW2E%j8lw|=;ZiBJa8E@n(x;?F3+x0u#)^wVxC?wGEcOaG#%bEoMRpD(E=U$7x ztU&LJ^Oeery+{Ca*O4F_#N5Zj`s|~1BU6(TQRo>cKlekdo6!-o{dFv_20Ld?32?D&?`r796+V~~_Vwx}E!oO00hhds<%=LV<8zBA&o=8rmvn}iF^}lA z@E3%xHI|&ZG(SezzL_Waq-RuxkUp}?z)LCdTq*Tpg}#9TeYqdaXBo8a3mMsKF}ES~ zNx{elQR6m)xqpLGDISounI(kiXKopai29%eJ5K1bPLG=LSZkZ-w zckVhURDR5UY<{Hdli6;0pU()K^!xHXnEMR&2UqNdph+W{#KC3-ucrO@-tREdlF^jH zjvrNGcvtt^!8A+LD!$?3A*d)V>Xy@%*uWL;h$cM0^(_3f;E~wbi&BDn0`};85yM%b zS%CdG2EfL??k%3P8PF3dJIW_=Kgu^_`XbAU$J=c1&loz=jdW4%7m}M;JAQ$*2;`!M zNVV{rxhR-#pQey=>ricOXBkw@PnFR^>u)ud*V;9e&{o*T8&|#tPyf2~K?5O`8mMub z!(QwVc$~96p*>r}`=S*iJXiFaKvs~@IfM$r<*$B+*QV^Tyv0U=d~@z9*_>a1TP>P2 zH^{P@2uX18Z&_3ZWnNpuPL^Qt!4`tVp&H7U+ITNb5uV<_iBd5Nr?9R1ukOm9Ts!h)I|X2Dwgib!%?z9N!k zBq{SrGT7erKxwq^Ch#>uXB~ACDf3_m#NMH{cA1Zgh=?E?)%ZtCUwnbw8(QUV2TkKj zeHOrjUB@m9)i48TnNHs-dKr21-l!k~N0)wctug2U$-otWi&3%cTX4~h2PIifVDbJp zX36>+vm6QkjajZ5O8E2X*&knb0ET=OB?&+*{e~`r;rwj1PNSL@H3cG5CM@wFI;AkC z@4C3xGKR=b9K%6~rX8zFhuPEDsh9-$u=)53LHqW#!5I{;~l^1!Id#(U*@*CF~nvRwVIPK*%bFUfwf9X)W&_P znkS_M4p-CoKdYnS4!y)FzB4MwG^ilBaVi(&O84#gk1{2kIhXSrzN?m zbjl$-h|s7ErwH6#N$dEp2LW|@s*USK>gijsNaYNIj<;|mmJ{LigmHbx@MVyqzc@;9 zbz+@=>qY0sGDfQl$O5Uqt@w4DqD6V7-^_mHD-VtIBG8)qpBtV>?;ciH1J~)ME6c04 z?yjZH!iJfjt*33?$#`2@TSV#LVj803lscsk(D!$;GCC$trR67Sr0G$76{{fEvSlg> z4U##%pUi(K*>A0f;MFM>2N--7PtnzaJM9+Kb6>|1iQ>j}n!Z#B#){f{EKe-S53s1> z+&euMw%)cXSv~q8L2xo{a-NGOn_cZS2MK8WszYcLeD2R!kDNA5N;TgKUmwnNZnV>; zI;$Mu&GmKOH!BDvYdzWg^Z~e8>2=5~eS{_bclxqQu^P z>|1R}^*`M9Ulw~7yL>y@nrjlg1|;YOzPXrEdpjB|f;4W=M#pdeN3sF}_m!-GF=Z7U zaLJ6hzHB>YMvpnSaZLUrBmmdYevQXvW|GzqkM4!M z)Ag{mg&|MBY~V|d56h%x<}fP{p}60tdPd2{HC#p9R}^&B_qF9tTx_hzmMaGwHW-P{ z)-;?s8S>wjGg~U9z{ru{5rd#Ji zUtw7gT7*COJeL+XhHT#6C*=IQ-}NOzwH517hyNTYCaPj(vzJ;@+RABX;@G1T8(e~5 z14)HnTJU+ogC`HhwU0+8NNHUL3e)myg9r9bY=`#7WY{24F0pDACVyQwPm#cUufM;~;q;jeVkc z5da8E-^7Gyz6l^DW>C|Cr<-okhsqJ2@FY9bhGdG_ZcK*b#Zi6Hooh6CIl1vaJETO} z{F$*RRhHP+TN`)AmOs{G5N@Aq8bo3FXpO7Ce(vp2Tl5ObD)NyI9$WmV_$VWLbjEnp zRCReV1Z?=`nH=e26sK-(ZmK(d|@`1w`#1(88F z_Xwh`*QVLIb+MQUV3(mv#cr-Zd@0Z3dhGkjgWYooU*&=h>J7*gDvzwv$4ap45&XBhaOvkP)OtME@Q#{wIbABm0dC8!LOYSL;Yn4227y3zI4+G7!P9!(QF++mqTdN}L>>O*@BQmh$46>V#g zHlU7ylGWLw>KJJW{2O^`H6W=&bu(cC=#)d011(}mBm!)<-f>K%|0Lb!nl_6_jQFsE z(#~3EOH1nauC4;tI>TpC<9KN~=ciK1Uwe z@`OEh+s8-rI7X^@-$g5ftLdO-67D? z)bKa_#@9BVvS*vE9{bjRgR~?id#wCBmmIG#o-KHLSJP9eJ(ZLE0L8 z!#qd3!siBl#CL!{jXKb^=XN5=y-Zk>L|bZ{LNjJ$n^3c=Zl}epQ#lvrO%kSl>|$u` znDgm}g!LBnl`ThFHqaZKPd@A5YV(Aio1ZtL-qw!fI?E1+ArP-rgG*!vqHuF~ShYL5 z%oqPU+FALh20dC(y?4d?b_(Ok0!gVBI;J4aH!+x zjktFXf2}&g{EZ}c#Ut8;VT1yRfMv2D>E~JEom2-)`yQ=vlY*`~_aM|{piE7T%0!gP zHnIh~)k$DoW}2OAW=6;R$JuUj9{LwwDkK8UZ}jHEWsmUk2)X?!H_Vw0PRQ_!r5BMLST@HsNA39ptenZHwtNH^#MeXNl#`FN|F>)!0Mc+ z?Bg|g40%unl51^*8KOhI-}s!zBgvkWEC%<`kk2Hq3&O&IJbN`49LVL8IT)A#)Olg+ zCo@pzHc5USQY-V7&a%0-s&Nl7f+@oK?ZX)oX$ZM4>dZ7XJ<^DA<`yfYxQmT!ze3oF zP7tK(1QgY842^3q%aXQbKi331GQLk~rc4}Jjwl-TZ|dFq40Oh@i9Pn`Jlz&wnz51f zE~T4_FNq4M7BeNv1#4Y+oG?QU!|A9?{{hv3vB~y{Qj%yph5#?uLC!q|mOnhn{hHxY zM9#`{k8x@)+w5{>GuxCiM+FM}%#j^L7zOqQmWL|C9y9V|>NY``0r0}>olbIkA0PGR zaKCBaJ2~^3_3pf@`@`4e{;7oJ{kZ@>RsbN)cI8Q8B*I2EtOsT>>{+LQ{noCQ4_Gj* zw-mBTL-c5r2(hw?$Lc}!#58E+)AY1h90Zb~Kt=zOm2aZ#vDi0e798V!p5J?PexEww zA|$@XpQ3103KB@!GXJ0mD%H$zJxn0U&NU!F1!TN@MDRD5jA@X;?8;OGdy^Y=+!qCj z+!;y_fyp2f=Gdz}7$RhLg-vm~G66}m%z@HB$JHJ_MeFi9*DCqR8`3H-9OF9!V}G^cCS2)EWEKR* zULd`-sr5pi1?$4PYZ^}^zY93J20y%2DEM}9z6ceBzDLsGc9XDc@bY$rQ&O9ogIQ$8 zN(GG8i=i%z8k}MTFW8n4lQ|^paLF7InEe`%S1D|{y3UkcE#)_R67z?;k_@~ku7tj$ zw4jD`WfY{$I7lR<^ZJx=&@E>kja14wWU^M(#sr8T=2u>4)I^pqU1dd4R%6Rz1uT5W z>`VfyfLsj=lx~^SD94v+972*Lpl)pH+y`qT31Gj+>pMQVzBm|sAbBxx{_|L>U|$Zg zeFk^QPs;qtw|FnJVR2U;!8I@i5vR`SZsyl4{!0}=wt89iQ|DJh3G$|8G=~;KZY(}S zHsi}oGEJszwxLJ?$bu$)2B+^+TelLGQNS^$LT|wBudbHW=&P3LqTZlnhW8?64hhUV zYAOsBDRxGvT$z^G_aJKV)nw<@e!?sT5knQo*pBHw~S7tcuD|{4G}u zT$(rPU$_xQ)qa2Ahn`YRk7nsN1x1-TSIae>WmWN zTNo#i2umR|qkRsX^fui{ z*FMDi&1LV>ma4@iEq{HWi8u}&ke<)6X;aqcs^RueGwaydZ1!UF?3>JgMvG3t@H9%FZ!o0lU%rs?z$ z2+Vg2b2)lpxs(a4N6URV3tcFESA(c4Ow5~K@8Oc_f9z5(a$Zznjafo=9rsgC)nqIH zrJe;RZI$2S)54JF&knTP9}f*vsj7aWmAgH*SS=Y}F$2P<^KmjX>JJzOL=5wY(z7d? zUx3bOvNHpCGzoPJ2NP@~;C)p_JHk^PM^uDhfcC;Hey4T@(X3Q@bIX{Z8?N%YEVj+# zx!tRHF;Q7TDazJd4()AuRXbL)$3I*Vc0l;m(ZL)v-%I?;R_1S zfw5rAB3`hv{XVkl#RjUJnVt`{lF-5^|0!-KH|SBGS7e z(X1iXVC3{NPPC$k3y=VT(JaIgC;Q2P+W1P@4c~c^!Yg|ocdNqo!OkO{`~`~_WiHVs!)yDKpOHHU&FKnq$2&aCOuHd6@=2d2tu6B(lfagMk()x9Q7wh zJiBk_-+auu{c9a}0nZ-3z*vCmfS`uPsMW}ppGSeoTK9)`Umq9yjhXxyH1?9|FL~wV z_nqFR8~yJ@VMybZ!Ah}9Hlzwq-a4`r0%rmJd?=tl_3&w0>YM#%E_Y|TAi~hzG$0@^ zfCWAMrg8BbzLuv>|G5Gd#3si3`<)HRg)fBQ>+$tlT8xX*!#ePq4|l)d=*Q`+E;Z6h zj4AQtg#X!(Qw&(}K)Ecw(9ghL{fE!(x0O4wVt`(Un**<#!^ipk%=Y>D%E=!h=4Y_i zi)=wkYFxNWoh8eo51}lw<1ul~8sy1oEF(DngTtXfx9DPF(M+;MS?b#im_j(wxFYkk z+u9g=B<-kJBNmuVqa^37Wufbg+)aVW--{hYZUX#rye8ccRGqeb_q@W|0mCYtK!0-yX*AJVW@F z^(sTyi2Lh}axS|yXKre=n^SI@i<+E{*yH_F(KS!o9>EJy2J$lfJizx@7zXn$=-&6N dmWMm^=o%-h>1YcW2ucM#ZFkSKZQHhO+qP}nwrx+l&+NU=k8>k#MN~%Rn^jR6QOI2D zc@sYp66M!_wjau0)cO(%42BYa*nYcnvKla}Fc>ManrkR>vdOBbu>DcBve36Na#xbK z<&`kDvi^0|ed&VJTF=nodr4`R^hGNP6`E8vB=baiUqUHmQU!w`$?a)9x;f&sIz?~= zzVXXr?A|5k_>=o*rZZdo70t#w{TybFnOMQa(0KU3iCvBY1=?9yIfAqQ-f4hoPmPH$ z+>Iti1}$xJ5LG78cT>>w{poyB*7wKrYqwN3x8~>Xd1Op@%@f|R2(bQ06VIgOHq?ZRq{gc_(b2L6)oP_fwpSG`;*$0tT zBQ*`E#JC+aCj{-`kW^%4?~(~82D*X z6KNk5PwP~XqVD0W*4N$Tb-XlGmRuH}SAsDgfDEmL08U93K9WH4#9*ux@QT14CNu^T zM4{3qHQi`Bi?`OB>9P;fKCuTjpq>&3SqbJ=N3(kJhL4cTyXNzi`S%Av&Kai7=-2aA z``z90!|(kPYX9RKw$k+tSfJ?#49$1`RV_^oeNeGs6x)6O@iF}3_k2HZ`^GO~b#Q9x zlNM0?6(NErN-#ttn}ABBB#}je_@jIF^W*!y`*YhLNF73yVge;0-~g0)8u%sTSPPOw z>IX(JVIw!94vI)TzQtV;2!V|&A_Z{2*Bje^Xdhbawd=EoMsCR}JKSf7kywyKE$bZl z(Qf@u2e)2u&NhB>d48V$=6XF?dH?u6tUvyzyDG^)c4B)fz{QAi-;;EZb)7Eu{U$_TMM<}~Yg9j57f&C4c~P0u&qbAg{kWUQ8o zzlTuh0zy5(F$<;eVs|LO{;lT9I-tayhcy;5`xNTrCJ+KLJd9HPPjBu%&x>92qYJe$w9VC;OCW6u;e#nqjq(|0B3EO&WX?eh|> zY8tZzPYj>2P$K~?bih*S?9NkrNHBs%d2;`NDboPvV}iz_ArPUv_E#PJ>Gks}^E93xs6wgB_+T~=D+>|YyVw&b%4-IO_cWi*Ir?pROc_jn1gJ{B<%7$Cu( zCv@3c?g+YG6vBX+1YLvx9uop+>B{n% zxg_k*4^%vl*5x~(?Ly2thbMgbL>D+UOnB%d=~L;67KLmn?>#PF!WJ?Dxd=5DBsjD= zN3lx?XDN-MH2J%#q~Ya7a|8&9%aFBsslF+!*jy%D3)lQcq@>+Q3um}4=tv^&4fN4W zkVJ&()GmmbX&yP>BNC_N-nPv+pn&ZPd_ALNU9Rte0=^g$e6wZ>Wl~v=pK?h%OGk$g zB3zxak>a=#+s*#6uuk#}w(ZSkM7`nz6w5S9uKXtq0IWn5FRLh;h~qOQDADY6xt(Ly z5?kW;@cX*a?JJl$LdFhy9188ue^shFBCSmHPNVulzva6@(DvA$J6a=Ur7mm|wqQdn zQV_AGC141!8NmPn z#z>L&;+jYZ3)ON{aU7N%B906Y&6Y z4XYL)3RZ_2ej$)DABNvI#8aF)?!J!PB-5bA}}MOBq?Ed|r*53W3ETtExT z?sv`$gir98e3t<{!9&-Q_+%gb^?8I<8&nE$YvNkas3{?3#}uERZ~}UL={=rGwNT|f zYV5RHa-#VIR9IBwut*y7VpR$2oS6e=a;anDPHq~&{ zywwcFg{_VY=Mg=3Ve9(~&h6@1;%tEJPHg|YpbPWnKPL`;ip+MR)Nzg8xP`rS>AziW zrO%2E9+x4TAa__f4639owNqTDr5~JSOqS@IQfT zIe{vOvf1z;GkZrKXDekAe9VP(Ph#=7WI;ga8 zcL|#@dGAplSx*>3#3#s7^6cC4j?K7hvfRklPZ0QIXG7Hm5Mt`S$=z3u#CDvw0~s;1 zDSW974T~5-=~(Y@UlSiB$+2$1Jh6oJgsI3c`fwHrzQ5LGIEn{x~o4-nA6@WPIqa-X9Z&$Qf41|GB@IVr<^SE2+Q} z`p6?mM|eQ+!FIa7aXI5t6+<>G*~lXq=c&?ARPtwNYVyJoPNWa~^KJtx(#}9;`k+we zx<{6A5eij9##`Ever_<7*7iw)1rH#A>`UYXlr`2G-P+DR=cD4=ITODX8v<-K8g0a& zoo^mVyh0egNP7PgBpf@s{zL3RGWXs<4n1Tn$qeGs}tF>i_uf^cEWGq03DVv%1dH?9V ztacdLr4hg_Ae$G9Cx$vM(5`PBSHp3!jzI;hnBhJ|w5A9KiBS~>AUer8McC2{WNcvx zi{!K>-&*pdp!b^45Y9`@j)rrbc>~a)oSO)k!B8mInyV_?ZZ>?(01+14puD~j23;0w zceqaSaBUk|-SmGiNV>3~ca=vTrw``q-7q70Wd|Q0rVWz!R2;N&g6U@G^OT4V-(Dg) zcA3z0g_0bJRLP^H+O8FUR(8Z-Qig<_nI)f)$gdoOiY1>w3J8%XMB|d5k}|j1XQRt$AvE<*g8_$O16v{XIw`QZ-fDaW8zv;!_xivS`xcviEF% z=QGQAb?~-VZOLPX5<$&roWgE1 z_-rrlYc7YgVQC^qhR8_*k;SSrYT1%29@-Ex7hWtF6@OQ=1ti$w_1HsttnDO*Cad%| z1U@s_DGxydXq_e)S*^u=!78@z%N?a$Yvr)BfF}<&xjK+fz%Z&^3d)DTX zS|W-DkfTV}KxT8NMZMG+N#?YOUYmoYxC>iPCmlBt{?$T7uBIMy^yt!6xV4>4gB=P1wxmgYPnK=7Rj){29bLkWCV|@*zy0b){svAz}Ch&jY|l zy%8;d?VSM$(fzjee!*&u6{o3WzG|UmURmhJd|UVtK&sbd1=02X3a^jAF;a5{r7=)5 zThkfHYr8FlU012C8mjH>Wm@+a2Mf3$tT??_ZgXOe-ja7Yc)PHo$TE}${@Z3AE&s1n zl|d5HA`+Pd+d;#8bSh~FDDZQ!oFxfk%ZVymh)Rdvy$8=0M^)DK_M_u)I@V%&vRr-{d9HO<1Viw^PUUkS zS->yNLah`930F&5BBb}MEMZyOTHFWLsWun#VOjFRk{2ML!^^ORo66eBHX4CdzlqQ> zt5gFi2pgL6K`MBn=t~-@4xnQj0u^Mb763k#=m8CA+LfDl%XHR%SkQ!BqSyTK%kS_w zr-zlODWjs{6st5#?NTjv4#lJZE{-$f2_y`mib(p3T2^V<^aGeV2|-Qx_|CCPIGF>C zI0`MG{xiF}IbWvL=!$!Rr%5gND8ok(orQK=NVYxjOhc@Yn!PZc7_J8$TFIhv8F%v) z&}k>A#=WiF!HlM~DreDeI%lN#@|=4wek%4;A=ZSOI-Wdxue^U$(4)pxNr37B01c*G zxAhm_?eEZ;M}K-r&{6pz2P)pC`N?PmEj!y~VlCfFprZ(A%fhIP$quJ*LBK3jwr)m% zj&MN@i_$r$aK@h3w#P+tQ43r0> zC7ADmFEhCi(O*rf$Z21sSg6vrPuUo~^L%Vdf=Yy-Z5jYTDn9}^mI!&xF}qy@a7x08 zW~7S{S?p^#vtRe>{zZb#O#3RS{OoyNL!E1fr1P0)!?|^A4i;whW1laE@Ls`d05@|0 zondZs-k9J~xR2a8{T#sPYQv)ijh5lx#|w2&$kn27$EEa+Jy=X@GepQG#$wwf+`h5^ zWh{!XDFx6EH?^p2@COTY^HgqtcSm4d-Li90rz%hk-nNg*KX5-m@_} zgQYQ{hRWPI`las#N3GqfhA!y>rMooQ9eAk+J4srbY#_EdfnD1gx5Swv>1dIrIM+5= zkHvoxDm3}1<+3=zL7D5sEI7_7wD1fonWa-@qOQAM^_N&5#2f<^#(-Fr7UV%wU{OmX zO!}eFWdM^`;5JR^hqIgX;+MS9eS*K+XwkRvsoRt6GBapoiEDRynLL;?&Y$9?=DBfr z6l3MYgyL_};@CM9Q;W%;ST4$Eo43^Gp+Z9v$ZT>sPZQdpWE&5NB{DuyO6jb!#LW%r zXg3`RUsUsxU)wZk45K$u0tJ^*{9Pf-gMl$+&Z`wyhx?e`W-~u!?_wN`dm(p| zZHl@6_6$)QKbm~*xbPlgJgdLBxE5N548=xr_q)2?xliwwx<#(*Z`xU(dUc9lNd%%G z_n_w_3H{C(Sl2MM`YN`4b~TPe(OHKHn=!<42H-d73x)SQ?EweBe{zlGmVv%OX*iTB zXNC%L4`t!%P4$$PT=j=o#da6lzU#HOiF-=>C+WAFZD?-VR987xjOC_u+HSeI9t{eh zPHoaKX1{er@JsLxrmw*)Zmmz;yojLpxf1Kz{GmjKnPe+MK|JxlA&K_|%FVBr=x;@L zSmbr34m`6ln+cVJJ_|)2oYMpupysNg1hx{Rkbzb&$zZcAtYuUyH#4kTz^GyobBgMh z>WJ=_A~uihmoltNF#oTvWNlcdfUPs4SKQ17PW`X>UsW1AFnMG1-!=agdc*Wc@3#g` zJl?uY2DPQt`lpuH4j!y5jb*F26y7OPj51J8dar+1>h@pIu-&uj_E#_umEMW!IB{`;a`8zol~Lzy@@3yikuIZ5^;k?}0TuugAo# zJWlsUUeJt6IQ#}Q%ZdhwcGjZii^s;`@h;#9p866#3pwN7i06__Fx=AA^`x+gc5A5% zJ~rozjLYq4&COtAP*k?)=K?i=!A z#SZG<=G6>U*jB~f+hN}0wV_pc$v-lsM}0Gm7Rd-2(FO>Ey#h{}tlcw}5uG|7y?O+&iQe7KhpeVp-9y;Uk?Q z+??~Hog)8)e?o@F$)~z&MA*1{(@);7U3p2C- zvw7VV-&EcOR*?h;HGxQ{4%}5u;DfvH@MrfzquO4H&qYByJZ^X-P7S`Mnn>ZmO#gB& zjl4tS16uNT8H+)EG?WdQZLpC{1L$0Ch5omG1u;+GPZ;h#+3>4lOo(Sojn*I6;TtcinXH0DV}*)j+@~f zmTJy>(<4$FYI@aw@RCT5h;aYB9{sR^;?+Azl>rUFp0CKoUNFcQewnV`b-!N0d_Rj` zeE1RU5)D-1n*Sl}PUhHI#COcXDM(G8q&z8ou{Pk_3A61al*G}uq3cb{jsBlM8<}~eEZr;W}RhBy<6^R(`ISrz_c51 zl9$)EbhOswVRIIzJ#L8^Fo^*|?flO3cq?^+Lh>KWVuHUnQ(*JntQ zBoV+{+bFYnTvMiM{fx3#0~U`pEa~+p4L?d0e$wqzKkY_?c2q1`u^A}H0fq2pGW5?W z813K|SwJyRtlJN-+|buDwQj1*T*$&|vJOAOUY5+3z3^Er@851Y??{`&qVth^2$1?x z9wmm+cq=7hjpCSkj$!gN-t&1tG+_sc&jh;;hZ6MQ?DkvV2rT)Sr6q<5H|}XEy(F~Y z>N!{FRY`{biZk8srxJ1U+zb$f;cN~{eMqy6RZ_t^y#XP_c93o*n z#7JjX#2FGh6y-dfJFua)%fpA0l=04}SY+Ly$;|&8=Rmkq)4pG(ma;S7 zqi`XDp=zJjL+OmIYsQhlG_E{5DIzuaE_P>j1a3)C8#?7dgN6D-94gQ zWwlwj!_5TLIv7H{%5B1dng>mKrID(ot&3WFX>dWo>jV5ui%uu+G}r6p93KM4Gey6P zttB~zLR2@(`lXFd8mEN7K8lntEASCPi4zK9N`N5K>l6|e{ikC@Ji zPylK^$dG{Q@e&>`HBXSv>!iliXKUNbZIuR%bS4X7X$SCMvS>^%*-$}j4w>n%qo;n< zFsrD7j&Qdk1~{pa{=Q7b&7gfK{S;j#q7sUqa`63cYco zocoecdpWDGpW%#rglt3W*VYnA&aGi$;GV@PfV5e@P*PIE>KxF&DRN}8=-evjt61T# zE*q@LN(I2o^NivsLLpMytPkU{fe}Uh4+zW+Qqp)bcB%bQw!b?d(&qPce|buTC!*f5 zXv9R9X||0e{|P4N_x`)~eRzH(yNloTdefTB-)s3d_?fAJEWO-{)uQ>dIFSH{73XX) zX?hM-m1>td3z9=XSJ8W;nXsZgs@@#=NzQp0Ermf4;Thw4_IfR_c?h0f8IJHmG?A}B z&%8-UH>0@#(=e3n?3=;hT>gIRG|c10oZg$~dqu9_HMTc<&G&2N>*?rm^oQfh>-(rx zd}CDuanW^GMrwfT^QKjnua?J?DQ>Ex>M{}Bz2=^knvI2z`FHJoeE!CWctiWdIYD>H zePJ~Ibi10pKqrZQvhKsV7#(G&!uu(bkt}c~Hb^K>v_JajzHhhsqrAjFL|3!6f*|Pc>i6r1P+^)j(|CiN4 zupN|P!B+y+w@RTb^UH;XU3k@0<`+DVmcVd#fpwq#`AI`0?A7qR3xNz=p&93tu|UMo zqQh7X7P6j2Mk&5u;vrJ1>|2h-BOoCvN%`%Y_&-z!b;(E8{7Og)eutcLL`f_5TB@fs z3eEy0{$DgFisJh=ISA8tf3cr<3vUT(!BC#dTecu)Yzc=^(BnLXk-Dt!2|iB1#lkL4 zbwj`T=Q&5pl|9%9)4tE95+;1HYUR)#sO-E35q|pcm^sS`#tL4>8y}|AdVnc!^we~h zr?={>tDJiCneGPqe6^BD5ox6w6xOMPwM|Q4IgL~uNmci2Xr^cBw)vd90Uqx!-ZD^! zZS(YD=l?1%>5;&;-bl-R&6`h1Qyt+eJt;(w@`Nu=Oe zCR=buhf7)eijAn8-AH3dcR@N{msYU4Lp>62dj9sqHA_n!S|Oo61|f zhG|pMZwTsQuH#c+Hl_7Rp_<~;NFNhMGMZ#vUSW#s;aN=64$0V4Z;hj8>@Ul!pC$Z9 z70Hi;witF2wTpKzJa^_~VQ||CxAkjXgvQi$@9N0bST$va!c(AS{U#5nmci!!DIvbC>Q=J0vwgig;cm5Rk3g9hcYbJCUm2CM-%ZsgEoyM%;44>}FnLL_t~2L`Bk& z=#0h%k#TFcj_R-Bxvn2}lE7nn(l!o;1+9wg-KY0d<4mMfUx53%yAWz?u+{(vvgXaFWx+)7*aTdp#bG>m)~P#*yV(ogE&I=W1CwaA=UH4*5p9hKH>stzaUnGHA6N5K+meIblc6 z=T!zUF(`ra=?ql7n`N6qA+7-#&rt+Si(`ZX#q{mI5q&35E~V_Yq#LeR?4t-C5?hP` z`CR(cZr1l5@HG&4k7v=7)oF9y29AN%XPZN(DqF#ZQ8yTc+#_c(j2-_DJ+KX(MlrS- z#ayH2t9kJLTiIx26#I)ebjJ1ZO-JOE{jB?=G;-RJ%U<9ZSq}%#Zs2%0y|&ecV-PiE z9XS<^mUbus+)D#&|3{o0M(b_5lstu`IL(y1{Oe?15;M_JVzn^1dVZ|3(RwhLopAG4 zDPXz_XfmcCI&!S*MD5T(wn`j}nsNiu1{Ezte&B>;K=K}Upd;ce;`j`lgCIvSbK-q| zeE9r+nbO1E%lUKo{`j1jIIL9Q7{gAhiE+;jmg9R3I0jex9D%(id#=VgO_CZyGBJNi zqs@_XvuS+kPj+%lmgvU2H;#m$PA&z|@5iewQW6Wh$mP+R9!=p{6f`$U4EB-xp|T!| zSu7Y6t?ymi2<&P4h2O57YLVMP zTL%NaOD0Oap+HfFaaN5Z$NRZV$$cq(?()e)M3qT#O+OU}wpPCy;-Hp0GaJjwj(x49 zsn^+{?L&Z4gA zg8A9CT#o9ZjpgfQBiGbg_5MR{30*JFuAyH3Y_I$_ zTo~BQptm@>`i#%pF%R?2R~ht_k)yM@`{mg|zcY&4j=&16;T3A4>dpy&U3on-u!=r< zTO)?Pe@29(9n=eoo^OKv_1*sf>RLVM^h>`nO{IWvQ8=5POW=F5x4o7|%t zn=>(DMVmz<3H(@6T(NsitMjx;QvIDfV=M*5yNJ(*k+#9IHm`mT6un~EvcIVTw~=9v z(AC9h*R{7mb!?;NS+_WuErxb)e+C{-tm)<$t-#vhAg+3IHi4_%UP$fQ9bL0EpUnLq z&F1+2ziP8-A@yIpHizm!7xbB}3fn5D(+ypAoDLhkz+Sl2n-cL=ABK0QP6$S!6;5)> zlS&QK=Up$J#tnQ2O3oApU0fBH9Os1$B@G?i9b{88(qpwi?xp#nRN*CORMPgizTvZ5 znvJttoUd&B%-%(tQ=eEBZFehOO9@B!nSjL@L#pu0`=ugjlX>ltFWYf|O43TZpRPz;`OP}3u`x2wCi#=>2S zIGpW2DYIlqhjr&w0y^$V%&BIN#WTR}{~zmzd#YgdAeoP;8C3~cgrwx2Is1s$y~=P- zK*>ipHxU2`N+iL4*F5w$t~sZGSmdInb6@z)?=9oY;zZ8?=1RO$fnxfL0VFdGORm2q zC&{gyJ19JAOgH>twSrEK|FeBW)@O^*31Fvg&kn3jSjUC(qJe}AS`I3!RBwm0?SSVk zNpyTe!sWg9GdP2RHnnP`BNVT=F29-CXr~lSuV_USz5Nj<)2a0&ncwx=MpxG?kaV0- z1x;`>N-#4@AWpQhAWo#&sEw2K5Ox7E>M?`TpwV`Wfhj4m9af1C z7~(rnD63-;p%vdhwfzMQGV`=u=As=THIZ&*LLbqQaD6s|f&XVf0 zsCe4FBUIV5y7>zWyNK4UhfaM2z^2=b#)c2uO)oD~!SHGEsqCz7@1(IUUaX%xArzPQ zX%9KxYm&QcBeJcV#oMA>C0ewtw)pFnud2R~u;pRiEUeo$WKD10sZ9+_f*pwCv6bv2 zGCybTeO%wC;8Yu04KKA08{dHMcCz1T>a<|rVJTd)c|Hl;OpUMEW$HI(qL4#Y_d!*^ zo<`tH#5&nIUU#qXTJ-;Y`AZjWH87b ziYx8%Cr`QFM%ih`Goj6&Wr3Yb*hH3%ED<&z#9mE8%ytoRf{bv!M@sP8x+rw$(3|y) zlg~S_hiT<1Z&w|c&NT~4KJv$`dM(#D(&xBCzy0#!xWl6Bp1DSE-(?CcT|L<6n|rt; zYMytMt+b*(oK5FheZh=OdxTcIinn9WWehoVD%YOd4>^8O?-+b%i}j_HLAKVzJ9p>n z$AHjpL39w^XqKf}4)WNWg|Wk1AI4)|BnxW>C$+!$3r}ioN`|FdYUcTb4Z_1YZ{%O= z;ofu!cRKFn3(D}IT#X42X1SZC2_wLX-NejcVccGBxPdyg+(X`(A0jc}0UaXw-Mm0T zhOE)s^fkx5`g2Kq*@M;u&jp?Gu01^O%mr{Q^)QkG!SpOM-BLaEHGBHlt~A$yaNOZl zTM9$E#hUF#z`qwmo=yDM>H)INOHwy%NO-s)Upt?fd=rPTXf zd$l)bQBS!F|x&Dtq`;=B|Xo`Hxz>ajSF_(YHTbeBP$dq-vW# zDs_A$njPY#oNSXPs+IER6McG@a&)utja4aI;>0tmfwb8w*a|^N_YUX%7q8EOypKQJDe+}O4C_M+$3pQNF9=Kc75#_oRcxIerdj_&ehf1Y>l@_vuz ze~;Sc{!2fY{vEx|;c@?b-K^c|>EYu4is5;C)66JcJ*myb_k}6lb$5CAN7{dOK-8{D z2>*x6y9E+Xw^gax#)HNGMf~Q{8`#PF_JWisrFL^5|CgF0C+QEk4x(zYe#F;^b!^~j zKldy>2DshCGoC%T6B=QhSSl=?2`l50v3!4g}OKUk_TD_f%LVnP)x z^d$3zpLve|TQ@@GN$eajI*n#Q4vz5u$0!OMIqS79ycDf7=aCzt2BWq-2Ad(%e<_inOV_C%K99YxOanvwPr2)cQ`}=o&sG;q?)AKN24#r^9t04eVMXFmB7;=_C zYPEweqf&5*XS<_f+Upp%a)$3BY8N=CU)NeKUOOT@xN2QAXNB=@PZ$yvf@1IH=B^_A z4U<_4#L1QHsWCrnP?a_z5lR9QJbxs}16BVEDx!cSPg%RXdT6~x)@;$Oe%JoBSs1S; zch%kn$H>MhG?zI9UCQ_Hd0!a`N0H=%`F}vgzetFrND3JlAPV!FqJvQK;CB;*S%!3W zJkx;ESHMvKBnxqznVa1|T2YSsk5;rtPlI*<-MbEXaO!}d9DiR&0k=5K?fKw^_^hV2 zvg?nriEFsQ{b{^lDz(taC3UL_SNfbhk{Z$ z&Y{>q&{WZ7x?m05UC$^QXX5ajVAr&S<`0qt+)~P(Vsg4!j|*YXkT@iu-Qo2VJ)Q|> zS9U_Z@)lL8?i{Lt%d{5&38jQ}IsA|HkA9_W9AvS3TS9gM!kxaSp#Yd7MkP-~11)H( zQMd=RksoRWs!jgvvJcK|@GdMK9N2U30E{7S&t1{sYB^WICxU+KBr%9!mq~r;$xf~+ zuP!t*7}f67WK1y44EeHV%x%+1=8ct$DDZ7D-@;X&Y4MZ;&4d%m0m{j8HkDe>Y0v@5 z0h`{r)t-wAV=mr*s57|{fY@A$=A-bn@#rwo+fIU+N+bTK@^IJJ=A{NylLt^M>4 z*jj7Ly1S4;FE*g$eQ#Gmjq02Lq_AQUsW4haddQDo@f{e3?3C%4`N5E&t?EKVM9E&S`rnE|Fs&bore{v7s#S@uak*6MgIA{uMcHeRLG3DCHAWx>=eD>kyjT*Cw|{w z6lY~ntGUg@=YtW#Mq532v<|jSK()g!U<~;y58x5X5bYVFjj+7(@OWq_E^h~stKfTnDaT1hmLOmTZ{ zx%Lb@tHgp$qUOKgUU`j-%wXM;S0_IT0ZHBcBak}K-_)g4q4NUlCtQHb60xa6tsSdz zb2zLkM0^Nxuy47xAF9hSlJ7>$AuV-FWSgr6~5re+UsafxxD za^_AlwNcUCM3Bx%pdohB+gIWphzw9Q_`7_=SqO24n|Q%r+A4yp5aFc5gm{~_)O!Wj zs*m(nn9)*fJ~IwWSv7yg@0_6w6k61Od2-7Xh0#X-kT>mO2;MA2%8_s$1<}~4KsIQk zp5_Fzme2=caD%WGZHSjpNELPfX^3J)bqj@8GKO?YxM0bDRxrGGejt?(m|hANQXC<6 zbC=76pT=hEc0+j1IP?QU3(qZFzl;b&gmC|=kP7aCm}fZM0QaX*#-e-k+cdx}orM34&;U4}#C=Bk8nxmMC)kzv0%D&lHT7*& z0~uP2cATyr22w}jlnhu@2puulp^l_d>|8BDVP~nLZUL1^6Ysp0C%T*gpDLI3P)eVw zY7yL|&q!5e^iI_E-of(tqUpcoO1Xb>_&Pn_pMt-4eR%~LQ}kd3E?{U^ zm4%V6|BzbXIc|1lBdfPa*_v)3oeZEE#`P%*{Q=cWVgM4_u#6&;+Y+;0_s{Tjc7H+{ zLw?qPSkOGLn*={J^sVQ|23^|rq%G@XQ*ki!Gc0vJA+DQxwa3Pfj3SS`uOE8VfrM)5 z^ZLDl{^Pg@Pki28`|*)Q*>ftH=4@O$F4}c+>zG(JnsC4<(+hTNSfBGM-xIrR6gE6W z9Js?^8BQ+mt|7@oLqfO`|7&uLw>bi~CCu%r+DCd!+yLx;Q{$_nmc0H+lh?%swNVlO zS?xduW>j2n`?Zg{a}#-cG~!;LqIlI}Ur=gO%i~>*1~sS0k{@OmcPq|QP)#FI%(NVd(0z>+|($P0KJP1%eGnqEav{rfwxMg`9Or) z^L^ck=lV35CvCKT%p$wj!G%7AsBcwR8eKR9pRBRzcF91=ky= zH(<-g3KJu1p<6-^OZpmpr-!fg$wgOH)7lvs`VAM^+nsq=C2(q@_e<5R=8gHA+XO;c z`+ha9or5ZVq@7R%nz_1Sj?NI}W^m0~{LR(KYy0T+kFLM>p&y=u-O-6(gfiZ(@VsCZ z`hP2)yqiA6R84BIn!4jqXU5q3g2m@0Y%do2UP480)9fPTZzH^dOk-vcWQ4%$;^~{4 zJZDlpI&K1d3XnGL`UcMzj>djPga$vdj3OA`kmcXYA|-a;18<2Y(H3Pin( zRw5XBIA;B_t;?+89B&xfF`@se2c{kK^1lNlg33w?9YIsh{MGo2aj`k%XjVBd4>J7Z z!$Y6Q8IM6U^#_9P$kSkf!f$+J+k}O!nU0L^cwldWtGB2lQjtc&Da$jo!+U?HR>rbp zVUbB%AxlkjW5G2Orqge8aB363_h_mO1bID|-AiZqG|Ik_ftQGI<`}rFNwfLU_~*=F zR2_t9%9I1ipORL0Q=SUU#s-Z5y^lI&bB7KI0Fy#qKcHn#ltz*mY+9=K6T!ga!SZcP zd-1jt^3vJCPPSx=X%|~=oFz`E=g5^RbQl7=?$9Zvw1|bh0{NYX!MMt|RK9qIVwNS7 z=9mZaP+_oqPI5Og{M8~*_^agBv<%XP?CAm9)-=#^2exAIjiIWQ&NRsKZ!U?PUQF&U z^5JYk{kld2NFg~j_?11Sh;Pc|fkY~>z{XgVNI`Yv(A>|GHx5Cq53?-7n&5=$UdN$k zy^Cj;6j&U>C<5;+3TFX6MD=$rRjm(+ESj3=&!%GUqtB&}m)2OAis5u*mXy?zdD=GX zEeT?=Metmi4MnypF_CSgZhLR;&|V;dWji#Bxd}S(^6eOxi{4T60^d6kiN8$p)Q|0n+ z%w!GUrw}0kJ)yon4dc)&A6Y>?rPq_(8$s=$O5cjQpU{v9N#P*m^3J9tH?k2uq*zcs z^|+WI{vkGP)!FANckgR;t~Lq+G=M@2WjV4vA1~Ne?7});yK!yX5<>S~L(JpZ5DvT> zOx++`ytuDuJ=WwR8zG#byH2!-N@B=DS%*j_IJRlnA;P3Q=@tJ_IeEW+XDLOf=?KfB zRUzcMNKRP6JII2z=?xHbdi;{V=83fb(EhUM#6RC`rRkt50DBcxQYr+ao1uGl4I2_5 zO-IVK9eOHhZ-UsJgRo6+7dcH+9LmS<0uP4;dKs;~;t3K)>Z4nW>=tZ_VuDFSD3kM|6ynv>VRecNo<$jfDoE=j+yVVZ=Y@aD=cdr?RhPb1Ofx zFMHD4PfUQ=!jtFYo!-mJr5OuRXofdqXJ@(k=wpN67bEfMyzb&CpAWp~AD6UubJHFA z7@?L2=q&J~E!N6H{#&rZ^H%5=VzE`|Pg^Suim_I~aTAMgnH6HGSc(p?+2(84@hD`9 z{%|#)3JopLq{=y|QWthtzvjdxjqw`wJrp$Y*u-qFIT&$V$0 zEh6)(@v3>Zc*QY(c5I|s#!&XGZafD1yu<oXu0pWYV1Q5QAaj?x#F!R>HG?j$U=;!>U%`mW)9e?=R26-%%gc8E!p(C4$I1P z7>TtKz-$>-?B1tOYF#HZxA{F0-*@M?t_8Z6@wk9uGBiV1UNx7fy+)=44a z89hbg^6?$#p2_Fczxc{$CfAi^%Cd2y+;xun zstBXVs0!kxYeeix*;XWXM9_Q@u6QFikqRSLFcFS(p=l_3#2&f}dDh~&v$6X!nNSB3 zC9lkmp8NT8sGLJHkkz)b;w*qXuUNIxBYJ}a*?5HHe^x%#y@2E z7=?B8Q7J^)e^RAL3;TaF0HXq*|Ca&aBJU%PbQ~f1;BT64hWCtF+wQIWd=>sv??l9Q zv0_Y`J~0{-%u7WwYou2SDUMrCid&ne@Jo_z#AusETvX7YmY>iscwE#8gJ>yvR^KXk zI@3_1;Wg)flmHg|*pWgHm0oPq9oQZVa3pnWPXf-ZJE0^4W?sDGDGmd{x?HO~+LSHN zai1zAb+a}oYHl0kU+yv-4hxifHziPz$kk85B z@phfWZA4$GE6-5g3rV+K|yU*OE=L!OtE;$2w);Es#Oo+n|mP6JY`#OZ%_S; z2UFK*MoTSf^uC@L^Fmu~y0z`!KOkfDls*G?9|?HKnp4k3AQ$4G#R_(kIMsd(R0sR) z{6AS>E|Nb3WKLHG1}zjcOz{tB#(%khh$o#=RL*QHiiU(i@;p=zLZ(PV`YC7l8&1qc zgpv)WLm1inc#{8u0WHFyO3U3Shj=IJn&SVTF3^ruogq)g9v~Ey(x^C0zbc=42jIim zR3e&6KgOrRZX*P2i1?-adMg(5dxe&^DO4HyDvndTYV=wuBR|H3;Xi_z&s2?bE5NDZ zW2{JePmUvzGVcXQAY(q{M$1v6EP}ME(&SEqrDtR>Dubv21=QCrxI=VNO4 z`QTPzzmzSUh9&$r>Rh*fHqT#z{gARi?kGUmE55QnYDCbFv8HmfFF+!0D>>`8zov<0 z0fwAIp^Hw-p?jTg#A#k^j{4XCdX%)q?mW{qrHT{HMHJmcEM^J|U9r$iPmh(OA`|BF99hDNxx(G#B zuL@unks}YrHV)kNMii*KeoYNMK;q$m9uRJ-ADi6B@;3x4u0I^0_xcC(e~#Fz$;3ty zD0O*MPx>CEvbI&7Tw<4n5wULSI3!Q9w)iAZJkY`;9`Wlqt7I)vv2Q9_rL%(^{Q9^A zYoMTJgRcrinh_5r-^cH(D}4rgMH;_Pv9;Q)#`ay_qyFcY2bOQc4KC*K=1s|r4?PDR zHphEI@|iG{usqKH{d>#@eKuJ4&-lm!zwc7Rv+(_p#Y=gQQcGvjLpjC0y3Cz~?Qh?= z#ibL`!s6C)eet7z% z(yOg#e-H}qK-EA^o{t*+5h2<1_~SV-3u{;NZgcdFf_=}$@-;s7#rkeb(j`T+rF*d0 zFEdH_>Y8?zlS>#k+}?py7K)qJAU!|13A%$BEj^8OBjfo{&A+iZ=b{0^Y;+f+W`hXb zltwj_Bt%O$w%Ra>v4jSq+-pf@xjuENW6athR39UHn^-l6E35|GesY%)yRU*nuOht| zb*asX^MS!{D+R*34J9!Jq92tTV%^b!mL&0ef-N2mD{Fl=EALoEWm{He$F&d2CUyh+ zt$!bR=gS>QM4nN&%7mImwow!Z;}CwQbL3i^)vu)J0Nz{1xVu1Tx66ZU&yl35GwTxc z+LCdcCY?ZbDL%*kBBp)W#?h$BY+rKkQ-C!PziC7zjn7z2&P+Y<)Z?0 zQv`Crvp#=UIR)+I%->jTnG3tZfBcDB8EgPCTpvatXo)gaj6kC**Szm)>9!z^lH0H} zt_>9iDpZA(BzHXDYEP$*1nh{7qhYvnrh7JH!zaLQ31KBRU&p}M13_W~m{KCQQ$0=J z?S`#NLoim!zHI_>!{?wI>VQ70w0w|_V4&#@CEHA%Sm~Yn(<2ULR^o99`ZC_b{EK!4 z9vxZg&(8_c3GFIUu{w0;eFZz-P2Sy%%YXIx6?upOwq_FN$t!sGC5Ty`g=#`>#?W#|f729tD=5@eGD3XISyLwYsM zY)Oxcn9wAjK1tDOe8upMbKxWKd+zH4T8JVPiD*?ltuJQoDp$J1T zN-x0fLF<`SnzqsKbwg1tGIKek$Z0KL29vPHdm>Yi$&hL{mp+2V5GfCZ>~w} zn?Q%DHBQ)JJQ1FhXR^uNwhtLz;y-SljjVLfTXwLUlwWPlURDUHvW5EOL*cTnKzS4+AoS!sl-#eFW{AKy<7U&T-(?+Q_@@+3vhtYMblL^$j69caWh-F9*~=8n zc3bG4{GGQb02)(uYRr&14<k>Bzh9GpKu&E-dunv zc6>5OW-7xWG*i>8MUiUFyV?$K=;(;9{z|{VFjlR#T|Ws#Eg2RylUMnEX`q;FFt*+E zgo4xVxWQ>8oz;9~BU>aPzau%jxF|M{lTY^h0`zBvlz+?9gIQWT*8M2`kP|ap%O2o% zMhl3>wd{Ya{ejv)5Xv${E)i}449z=hcafKfuB^v7GQGQ#8okPXP2@oT0HUeX>!r=2 zU76NWv>Mc5g+NRF+%GJ4oVhw&!gW5OHlT0!7OIdC>I;8|Q}$0RGAZm@v_-QpBy$~= ze%4u7jK38s^Vry7mgWDKhBe-5Op?RAt-x?+TSJjHY}%n``!#lXud3f_>3yFxf5Ohn zDLwJH2J27bjr!8Kz~AXukp1YW`+LdN|7|9LV6KWKw#WX!@alZfxa!2sYetNd4)_Gk zu6cO&F#+V9tA~PM!M9q7z3yl)ezfhQZWKn$$CoERo5f*+cL8d!PBdG6tFaMVfQ9GG zHRtc#(-w7MW;j|~DSFpei2Z!Wnw5;39oO!#C0>f>I65*czd5Hp{Lg6=fuvda!7xn;%R?)>N z>YK9L*RWYfP>iuj#uG0EeECf$>+D_CdaCbp|xTZO} zR2FS@b!wmXw5W(9pfkv4@nT<h)92`94ZyU0SqXnzww4JK}bQ zu+vz^KpLxQ&aWaf8SiQ@pElAwKPM*e)juFo+5NWkf~joPgYh%KP~ooKdnZY9!fp#( z4W(%+?=T~8oHQua%D+YVlZkfN-T(S?-1H4&zAf8)Dv4$KB89A_tiuwxL8;`yY98ct z75R96_{3V)GKBu#Np;u(AnpiWB~^d%raIs@I8RDw|A%Xm#Wa)R@vdczdqo<3iPp>$ z6Q5x|Ly1;LX?z(3zlBEzd@zJUoP_O6ylVrxK^lWSO{=%n88#l?KZqutBpkTC;hx1z zxV`bc*E(ALlahA4bjwV56R6IP%J4e}4!symY$oz>@{0av5s%}WskORjniN!fzo^Ao zW@>_?0{U1DxCO|m#~_EDgUe2`%be&Lq@hK2(R!zbqx>!1JiuZj3vBjISy@sbgnVQ-Mb2sYm-vWQap&yMBphgOHs| z+F2`O{kS44Xc{Qd7Iza4HGT~^xEd7J?Dl`=3VKg|;94^NZQXtx19Um;vZXh{=$~Oh z|7y@gwVAGkmJ;j5vRDkP?&qI$xI5dO<^foT@=$4IfI<`dpm&n7Qv*EjYCL zPB|;2+i&P80+3QJRbrP(n(Jh}+C~tk&+0aFD#oT*I~e6o}wa*32vI`du+YWS15O%P>5t3Xcj#bOEg zi4c|#d}nW>p`hXHavBI#S13z}Cr}F7PlwQ-K`)Payh;P+AI3a!^e?^)9Kt#VK=y0) z35Mc0{mq7?AL^OeR`sAveCYtXM%@c3Ry%)sHC(M3?!H-ep?#+t!#GrV1ASm=z-0~X zO#Xw*(twSJ|NQf^5*Dtzr{jY})?A=zYaQI6@O98!VA5vz>yvb#GMH8lLK3-_C!_smik=O`|-B^Jqk8s(=ZN4mbD*3;7`d1%)Jaw|QBo zoIEx2%L{+=t4(!r2i;c)&(QNz$w570Z(5%yv2$m&$Rfj|KW}W*6O%u=sn4_*=9eEP zwtU)i%yWR6P6c17GfrNmS}gaR`!dYe5yq!dlL~(09=Ih*6&;BGWQXGHxd3Tv&as;l z0JBG}Z9Z4kx8l3s7gA)ch(_CXVwEQKL5#L}OMImJp~8DF&1rWwLU|n-k<=cD|8OF3 z{#*yov&#a}=rUt1$%o`?tMYE*@43H0SJ?UHT1q_T|L8dBmbwY zZt0H|JZl&LGyy-8D@QLW0qH;`*}ivit5Z<6-?`%6v1JZBrQG^0Wv|~(3{7U++mX8> zuXOWwwX|7-%s9+QPe$owG*VO$ITVhoisR)GqIt->1pfssd;3-$Rx_dUV4@`x^qpYF z8FbS&a$*aI&9{s~`b6hYp<%`2q{q11P`@3X|KU&xC2PJP-L(prI zE0gr6awT(XV(5uLY9Q%`VwD|eSPPFxL%=Z)%%gj@mD`$3Ff<`s--sHUdDX`OxAL3f zsaD7JfN;Z$gu7z`y%N|@8vSJmoeA)RZl$$V&I5SHW<#Gys1Msrf5m&h9WAa9risr% zo9=Zl1%8?t*s~vhQwCI{?w-Cu7N|fX;<*DhF{5~SO>%=f;*&YJpq-^C3tf+Zn{TJf zZ0-Ffst7^KqWfi7p03lNXZRmQQuwSPs2vy*;%5hF%_P=l8w21g~E$QcikeIqg9-aM%aT<1|n|Ed_Ke)EnGn}5p zsPk3mNsi+>)JdZQQNcfnD5hbuij?H$WcH46X6hAyR@f#nbW#S@1PsJ1j(iCk?=7Sp z5^ISDAVlb_9%|a^yow`&xC#-q20?Sg4?Va^T7x6E&f{BNs9~@Ue<$<*bS-^V#;%WK zFl~ayc|#Eky&gHdS%52hFxL#C{V6M@gzl>G*OFD%rqOTz>0Poz@5rqV|7Rpzd2rLe z%4g9hRzH`Tno)v|F=yHt-G8y4*wqn@hI%>@50p!nWz8)r0sqss%+ae~skq3x5|tKd zl!d}6WjEK7k_wyYacL`;czw~yH08wK1ncnHAS&jReq)MPlS74>x_Ak9{HJUQa@L_W zbp$3{4&Pt&Y4^%iKoP5J_Z9k%F9ggz%l%Wx9cmxxWlF~iYBb=96WkfulC44UD?9^m zE!dO>1TaZ*p%_^#XsJby6ED_=k9+w@zCn@_(*!cK9fjj%J4uv&rEj7*h?38`jPSPW z%YD_du47+6MW`}{wyjLDYmv`m(cwa7oVBY!5KdzWg{#jyBNlShfTiZh$$LS|3X{GH zn*1Kq%e=wfb)qZBl{02#mJTinjvyi{#ncagr_$Y2x5zaozh)=9VLkn+Q^H~eX?}zz zCiQvPRtwLv-*Tv()YHV^=Q=eL*t9TQ7cBto+sH2|6x$jF$w>Psn*jNMoVhDe6Zs`e z+OTQyRl8C+^Z%M(Xx9FJ<`*(do%t|+u?kTYsAHoZfA&WQ3c7`!KA;LW*EL;S&go7b z4_6*y#P8Z31=t*+t!|IvEbetFvb6?R`gWxd=3kk_D#1=2HuP;bNDoj7%ShZ^*|2Z6 zO?ktHM3+)KsvU{kOtAVOY%yVR-wWJKtt#3v+EjTm_3Wkx8jHPfhldRd`}7QwP_$|8 z++?Rf>k(z+oj+O%U6f+Y_1znFjAeDRKVo>;?UZ@u+M+gUcG&x%r;P)BTz&v+bb>NW z30tqb&3b;rLidM;moxSTP-XOIe6Bz{y%aVf3o>xx6fRKIL%~gYhwHpZ}stawq;-Uo}?s2$Ly| zM0ZUR@<;TXtaCYOeFluxzMxyHOvcJin-bSLQODzI*gevkB#0dyC2dWdniugK(BKti zm>E|K?mbX8RIbJ9eptU6S_*9MK1idMx5LG>Zz67WBW?t!N5=UJsr2Fm?$KK3%1mt4 zV9p~vbi_HYFNn~?SUj!Jj9{&cHL%A~{^!kbP)5`&YAUqq^FCXj1sL8MA7%1(lz7yW zn$So_r$(~k|4@Fg(}w=1V4Cj z0K=?;E%Yjeot^1#o|sh8|MC?^TKb|g!tV`|zh0u;t05mMhPvYi3_mFZuGc}kZ~~k# z{#;S~yOecrH>R$Hf?l_nZCp-j=7wG6=8g1yBr}Qn|8{LyU$77sX_c!2{x#(FWd|@} z8cR%$?6`vcHiZKEvpIyKMK+FLrXd(TN%&mx9@+>ok*WVo zN}7uM%Ssq=P>0R8-DQ`=lJr;TvHxvL?tWJ$X6;$gHCNXjt(Ptb&+4oFiXAen6NB`k=vZJ!r$s@zV}u z>nXn45?3^N=%8G{riCVNOr#T-2!hFmKyC`YC}>@m3D2bgEjY}(+8qrof9R_JLS<_JW$ z2wESo?m~G{qK3wt+vnGu+rx+8u%nX1aH5j_*dzLWLVnlu?c8!V-!1p*eU7s5Vc@ef zzR9PLpZ(e0cMm$mK`4WhmLXTON_M15)J|yrFrYg@UD#){kq!`C{&rA|uQRW+v%+U% zWOz=EvRrrr`b?oi2`r&Qc@KtMS{mO^xpAhq;L@V_-dfi-)U*S;JHUebg7v-`s8A|A zzO@4`9q9`KiI=((QiFODB&vvG?7#PH-B+a&yD=aBD2eMP<(SQ0tH91dLL62vBNwew zcVWIwH#Q5Ziw1Gfe9ltlJQ=M;VRi}x>gIk@K2D+$BcOLQA-6X%cja8{S9+WPOrpl> z3#s5$>E{~dlc!n4P*(%`+bVATS$3=Xx?k#syA7LuGxyELM^q4)1S+r7lfb^9WbL`m7M-% znopX@%MO37$BzgcMx$QZ3&cdV6MycHjdsBFA>QG>z~C4!<1o*qS0RN(tP`jkQ`k!y zQ%NZA4iRUfg#bQZf7QFYKA$57NjrG{WECTKoD9*}pX&=Q5WzAgABNc99k##gI2#1( z>7d+6xT!{7+Dt)oLpDG`fgko>p1V_{H_VauU1#Hxjd_wwILj zd_}^rX?!%5eV!Y0P-m3Uic!^^w;do)LL6 z1fEcK?0TC?)%R0d{rp{CNm0S>O+;HxVYm?vAJ0S*O8z4RCCvvMYSq{x9ssH(2JgjM z=tn+PQ3W$jDYbW~vsBcTCpk0P6=sLdI8iwfaY6Cr3vecZVX5ImQo0+5|8DImrN~Go zXp+N%z7;J3;dMoWRrJVNCuk*ux*a6;lTj%U_-^hv&^V7s$ zEXG(hH^DI7B%$B0%QZ+U0PvI(vqeCFqV6x^tRCqST=AT4Q(`Y!ri%9I)RcuD&ihtk zY(!PwsN*K0&ZD zGy5lMr}|V*t_c#+N5uWo=A(#LCT%G0nzntA_Ax0u*x-KqfePXDR1h&&tWj+cUFug_CFk|DqV-{ zt0mlSbI6!?%FzIh5(jqqg{;@S=JIFbr>d^Uj4gt1^TP`5F5CL7YpGk6irT|H^Wu0n zY>{he&@t1*K5T(^Ni~QJ8^Da#&4nN7^$nElztD;BA0E11y#7auyho-k{YPw`-`RG! z)0&^T1C>tW8pBTvR#3QbnM>9|I&YL@Gm)-aA{z6S0 zXx;}Gnb=CZjPC^R4GlrD*Q6m>ji7t?Og?FuPJ z=gGPTm4-lXo;K+z`k_k=zgP^KBN6raOZUpEji{*t+~(bb2O_f0O-)SU)Uh@$9&{M*a*75H@=nop3Y6yWk90F) zd|v_TdYygbNlZ&pZ4s%NFppDs!>$hLVeO@lm>vRNeZ^9mxFksIUZ6sm^AP!~*~O)Y zo;!N9wGfGc2_RSMJR_BJ*|7<@$aLge9?UCJaxvJR8^XaO^aTK4Li^23LIh_gX_gXj zcTUMy%~0Y|HI4i;!Xz^;UQej@fxcBet=~&VO8*$xwM6yfvorV_irZP8rrTZ9tPVRI z16E(fvo6_p2ZxlI7Px-Fo+2}|yTzocPdp4N)yCe&$#cdjX%vbnfl`wT<1&Qx5SkEK zRsJGdR^qWoN^?HH)>yYBNUp?&G`T4Cvp(y`R#HfJz@mi3;<*$})aT&UAALh`nXffZ z(4HdGQv(yIG=lU9@0!Vhj=xwvw(CL~N9s<00zQi1i*^Zy4&jQ5&fT;TH43aFl(-^_auD@h{q}`Y}q)e(sRXS z;LBNdB8~#4udOC|AHavXI)8YjKK?v-wz7WtV9fdoucNw^g!AxDZ72S9SpBiSP#~_} z?@$bNeY|%D|C7kf_5iL&nd#vhLCwy-WMs3ix7jlm*_I;xkSYdnO+4&yE5(2ZfF>8H zO{n0Y=(hJtB}7$duZ{SAurFUI=%p)%6_D$OPLdsP4sKG3 z*sM9DKfrdM5wnAh3nGKC0DTP6>CU51ux`RD&OopqI4>8Ovuu%TCja>-3P#J@3y4Yr zc!-;AL0kTI%`2QVcew$Q-^QqhqU5BR-}>;iKhDPY6DO(e>s&o(Jt%Er`+ZZG5(}t3 z(gBrA#;`%>NUIQwkKTTd2UcrenJFg1>CA~c>I2IwWnHZ&n)SdxmERpFXbt(2p_CQ* z0@x?_t7~wjH(8Aam6FNnb?d}^W96WG6>xVI)Wt9qKubEp-5grguk#g|j}8lFX6!5u zkqZxQLK=PLDQ+|m-N%r+)2G9+O|?zL*IkGy>?~=VEs0msy$i2-7iRrG)wz8cL*&S` zR?`u81ZU7SdIDI+op4Z=XMKyRO3+Bm`;`q_|A2*>H8t`-l_jRS8h?W)ROWh^ z9_W`zPp_>ziWr9U7BI<|$U{~vz6DHf5Ybz2p4(vlIg}Fhc4@FXldobTiG^*xx>FO_ z5nY}3R_JhTr#~+o~jV1>EFZwD^I80V9qArIwyG2JZA$HQm;ZfY#si*ms)T3ZaOd z?=yLp^h2Z`L|5Y3`Fy}aBBmJGD6~&;`DK-Uzim-0o|UE728TgooRON&(f`T0yvZY< z4>jtss2VuVsH*SeWnp?=Cj^kcy>0qVHGAQy0qgsC(&1*4;Ps+@5S{vjxnbtV5bRoG z^~X9KF-y6aXzF7#_iy2%`%-3J>lnE%p~K^|8z`Xd3)fwy{=w)*&YM_^HD%Xcf!5hH zh^JFrFt`6n=pMIBzGgz=>&G7HPKe+%{hLWTU-noFZ-^$dpOruh=a6bXVK&{@@ zMtitO?SMaQ9!Ltvss;)|Zij_Z1?WaOOB{NI#d&akgX$0%TQshEn!H#njKK+UJkk6K z{>H@-OWS4WT8)ON$e?s;&k^iT(!}>Xsy@Gn&iQ>Ul~OSLXiZ>Pp7RKS3>L!!_f>d|r_;Z*Z zDknu91S59yg#@}Fkb>>VQSYc>Z^SwHl(dPIYsd*wNOstU#Cz*dcvR+70qihOMj@1; z-3TTO6ev&;yenxfEoW91NW!lV-^B5KQbR913maQ{IW6J+e!=ia`n!V2pLnguJ;0%E z01>DKf#UUtB9tkc7P_UPv09>=hbC!mq*+vQZ@5lR|| zq|*mTA?0*;{A5PXIqf)#=+ZL#6YxnXs68sooH8v$yGoZUp`7y~F$+OdA{+|m?ypRI zFpd<=7crL=Y@%nnMps*nNYN{QHbWXx{l407u0xxlZEyX4Bc zE3F3{T8(3a1!Z+jj6nm(I4Brjq)GZaB3AN__ZLS?wiLy91v^IMBLWg4`TVcy+n|~M z&ov}wHnYFm%^Vt%gdOTlzZ4f%0l~GxAECSO2wl`8 zw7ulU)U6B+^c6YEB}`6&cfbGOg8)U(2YA3WK5fJ`%;z=I0CtH|m00BXG19v7=C zWJVKu-D)$)Of=}J1+&J`8_O){%}Lsl(*F@~w*_V4D_r=MYW|bXF?+(x6&1d3RL=ZK zwvK1NY{!;uEh73Ztq8k(%{y%0>Ec$yDfHHAwH^9VPm74no1K={H1V5|dWtgPH{0RF zS}BtiEv-F5-SSvbM%m`X0=RrmsrkATIPN;^VKP?DUOkpbnzd=p5v0So=WTCr3~HX^ zK?L^9L{+sQBJo|ne*ZFv(IBom2C81ii>w-qeV`tsVc~828A+24TXLrRBwsE$8z!2UxLXGeXaD>@~s{jE9pKD={qEv zkcy^Y*5dBml=Mp+5X!7Wq%LmynV7u?&+GXPs0BX7yr{$B4}CfJ*Ax0qE-Ck)w`;!B z44(vb`ata)@vRDt5#rYI;XB_&e$%Vd4x~O zq?;yxo+TP2Iz2r1I2bBxd+Z4l$J3d5>z4FB9Ob{-jzCd~8Q{e&b-YVjgsR|lVZ?~N zWc5;B#R))9Nm_xI-IRmaiKB8(lx?Jo7P|a!xJxViS=FZuAbK6I17=UQJpQZD#i6u+ zZhd$h3f5PvG1Vih+`miKn<5(JiVE}S2mp18W?3ADqi{CEnQZCKFuF{EDK3GbMPoJ_ z-CT~L6L^-oEmu$^oJDqd2mKhMU!TqM4fdxC_?4fM4gRCYEvxJG3hzWevu+Z6yM8>D z0W1?nS0KXla#8ep_THU5Y>q<*0Jp>Gs})cPOniJ@_taK&>{YGlZyc_*0pN6<#R?3N za<|nX{n#1o4mP3Kn1nXRJ7ov)v4Kqk{xG$7?^QLLHuW$9t%KmJ>V=TjU|IRO7@SZ+ zCe*WzTnO_^y-BoS`{a-*!l&L5C3)e52H=2o=Pg9RIrd~VgJC$31FhDK_s}fhbO3ol ze3;UTkJUT6cn%;H|#-f4wo)yhA!T#ncH4^t>i9*(Gy<<02a0xwZ1T#KA(}xouBHv3UKQ)4OZDG}c z3q7uz*h%Ym9GE-A5w#VxuATRSq7A3kF<0*|ut)eQl=H+zLK?_%&-XP5tR>o(d;$kp zd{()HBsvS#J4Pc@B^-jcEH>X~*H$WJe{EX#`prT)aI1!n_Ck)-VGDY}fH4tXgx$oa zLxdRUGiqr7JgCciKDcteXh8)h?8gt81i|Rvu0jLYgZW#~nxhl#U!UE2&k> zCnSvOJ636DsliENiJ(GKdd^ncJPLkJyO3h*kTip1nEWhZpq>V?4#B-p$b|E_JukdL#SM{}gP& z!{|{d?71^+Id4pq`eyFQg3-dsPdV&UMeu(62NZ!&r{4|<3%Ctf_<3wPTdY{A}s(BHe`C`7{U zFLzf$9j1PL-3^q{XZS1&wU`(!@8iRyo?l_#9Vr>Z8pxbOQ*t+~!{!9q2TT;Oi_ief zV$>XIg>F9z^pSyEMK)aEOhQ+>{RjMlwy!j*-+WdV%Ftc&wb*qt7Nur7W)!m zpv{^sPd7l}R?oAgls~qP`)nW2^lEjBuMA<-3=`;4kB1R>Ol1jzi$})Cr;&M|Dsu8+ zSlM3QTuv5^Lbc}lOf+e?p|@q;t3R-T9I#XH%F_uwY5IeK#{d*3s)^>ho(JD~OH zi6{i!=_VdJ*TnJvPICQ2mNBhCmx#0SS||wEV4J}VR9p6ZX5_s)_~oVKd~*QhHSua5 zaog}tB5tgRh&&91K@0hok5g@8qS;7b-f~c`R^z&T`QE3UK5vfkN z3W3w&UZ>IXUj`VA0D%k#Yr}J~U{;4i@EaA^E;Q$&w(vCf-jiy>7;I{4!c*gjm{5-; zu=Ef?CXC6<*sB{$vg{H`MKJM4>2$CWye}nqiUo>hI^|8PLFi%s0#|xUs2BPf^5HiF zg@S_Jmk#MQ6QqJ6mfzkqf@5u;dh!5E63K=JUf$OE7pMcxmcJV`vn9{h{Xaq@_${YZ z)2XCnYSH0&!M(8N+xxS$2rP=8#2IkdOS8m7GJFLEY4%fepYEp=@nkRGlK-o!ew3JEBIyP-3nha#xbT0qRo|8emgSiN{k}&}7B} z{v`K>0Br^$XKwcE=h@F1w@oAIw%OnHxh!(w?GOi%Voe;3!5tpHb-I-DL!xPuwT={o z5cn0ans?)99hDeGP%eSMv_GGksvoWvf6lVDR!6syw^Y&&VJ{l^@C%L_8%1|00I}EY zm{#TB5bKh_{YLt`THO&gBnlzQNrRe8(@C>~4JBpA40r(V$qRS{-kBr|>)Lfvq3P|q z1U|LRw>jBfgsfUE^A8`xT+u4Zmxqf8L#`H6DSZ(RQ%()4+4^F}nwpr$VvNhthf~uf z_jKtpw#^*j;MzqW_tb{(>8>>^q(Z;)$Kzb3DeGk6shR@n-_um(G$JAW`;}FdTB^{W zKZVkLVDYy@WP8YOR&SEY=9k0HLz0$dwIq2LNZ5b~2azItsv zC;Ds>hBh-@^vN{f0Y)cBSc$hCPkO~2>z7V*G<@w)`L?Pez4jGb(%AyOpJy2rR#mF{ zCD@W!*f+ZBZ{Ccl@>@crsm@SHGZj@?vU;&=Vy;o*3_S#z?otfKME9qRfV9(~_@KU>Pf9~qF2@%xSc zbXi+L;XFP>t2ueFr>uh-X?f_@3v1|DIE!cWhL83{FcvKXjV zj_C!O6N+7umOjolF@dx7^%u+eQqGQwtHavxe;P2Yxmc>va4FkAgW~A)G6G>}B>FP8 zLx9?E1tq4OM52?*g1Kc^mNZ||K&E3)bX&fJpJ*YlJ)CWKeWrrXdQO1vIQgIFk9w*k zJJtbg7`bGX0=#!2%{*|2lh=mhAJe4b9AXfN%^Nd+MP~OMmkW(Ce#5Oc>B{)%|ME!T zvwp=LTU<&nt1=bdSEE278>c_b-M2oen~)ki^hw51j>V4S6g=W)g#Zf8vfitQlF$Ch5oky`{bAtNS@;wEok7lKektOy}W(QFEb0Avea(W zbi;}yKP?CUPkn&O0xKssy%;LMf)I6`s`H4YA|XAS5?Z9<3$%3H%@Re!&vM>`1viF* z6{Bt|mg47n_Hkx8{6bHbnO?=()~l?$^djAu~5!smb|`@HM9MY4KPXqFJ91zcwpNP3F;cg?3npcc?Vf9nSH#97#^pquRlNk9)09(N2;E|C&F?m}4cy4-uGECHWa| zR4_KmdkiMO025)@PyZr=l|V7gBP6LH*EFMxkir;MO1F)O<>HT3e*PzyWUqm zx<==I!-dMnH9ckn4(d>sp4NrX&;*a|z8e6Nlnm+zhs_iJNRd{fOj)H}G6a8N@=S|l z97_3Z6kWmXsxM-piGyl)p-DS3-53OWB?_T!=JwoXRYom|t6$Ic&;DYsX}TR&r+?+< zh;_h#1%mWuYZbw`2r9~c>?nGVaNjmsu-t@yGo=pI#@0#=zaE>9)pNHOlszH8AsUJD z90tt1=*Q|3Uz4xpdMf;~#!>|h^4GVx&-fQ5`pZH)hQ=pp+)5YoNpD^01^HiV{ssf=Lt302 zzi3cB)?ts+I43Y`5dh!SEZ5lR(owm{VbH+`=SPkWwzr2N7YyXQyGLquOUP$U&XFtn zRr&b^)`c6jbOczD+!o(~qAv}G;Gc1d6rjn{cfI-CD)N*Mru_By?)2u4p6E@8Air@s zNWjo;KX?~Gnpv+h6A8JRY&c!%;E6!=1fx?{x`|u=3b;}+J9iPIi@uJN={}dC5hBPM zm|f$2scX8)0!6b0d>T2wQ!qG^!pcSi-pbWa;vmL$Cw215nebdaGab|L&B z4v=HSpd!z~-*`d&W#t;vnPk3=k&CYEf(j7r3x06dx1mBQIJB#xwRcx#Dfbdojz-T< z@NCuhm$?+=$DXtcv2;R`#LWQ>6xww5qthb)Oh2rZ%QDQwanE<0-IllCxhF>~VcIx% zkqn>Yx({bQ`c0mBTfo4s!flDrvNXxLK^O)jc_lQZ^l640hhG&GvuosLuaYCIN2MHx z8`moZcp5FzYY0Tn`ED4cd*+rDLQx*C%NR7H@rsn1P~@M&62;FZ-%Two`x#Sp{FRf9 zSS&56A`YK#+>D?w#Z>MEJ%;*SMFgFj=&mavLa7 zz6GGJ(pt&VxeI=XplXu{Sc0@__v{$27kv$0V20|MRb>BtHH$h0>!^z!Ktbda_N zD&@}|m;#L=N)phQdt_4kABz!+1pLk0c)#H#e+K6pQ`P21)!xB4PpS;j31B`N$_f|C z`9t3@tu!>Vll@(+EJ{t8OEO^}k@cur59j53E~}`SD+=f5y77>(>6!C(F<&>$1SKor zAHoxMH5aBeuj8 z3I9KYy>qN=QP;1z&)K$Z+qP}nwr$(CZQDHCwr!ie-|yb;d%xW7bW&NV)T*SC^+(M) z$9R6v$aMlz8S+n=YvCPpmvZsdicRLlMcnv78dDRW)#eON27#d1aP_)$ zMQx9h%9H)LxVgo_3l?;VUFfpGimDz*{#F5gC~TepnB4!wF+(Yy)`c6?zrPO@*1du1`?P!58M9GR^rfeXt6nnwd=^GRAkG6wj-9^Y3Ji7$F~mC$&tDbS*TjvKohoF{bU zMib_fyb5$(KfVxX4ot^v^#07FMtuO)8)V;+k9iA&5;$? z#+16if~91#(aM;a$i7Ln=d{m`DNTG>e`5aQvT7@;ceCrM?Og>G zWHY^uqTk zrWvzPYgYnob(d2rgy=d6Je_{?0dd*S)p(nY?5>ni)2JC3e@ZzL*>ki12ZIY--7r5@ z72dDQ+PlsW%*M}9*RTZ*0VA-Ei8tDR{30vD2v^XDv=@Ojh&g zz6Sw6QqW`kd!?iMcb{P*7a%Uq&Y3wwUPuu#yxG*d+CTR@i?{5v^;UG_C}By&8efs>SGWfqMZ*n1Inlo_*taz!sFA&3CguC2N;Dz5N6XqH#6>9 zBN9w`dPjQL3)U}SSIH9RUgEYB4q&A^b@XZO`DQy{cx?1qV?taOxk-PmBF6}#QBsTMd&Jw zFGb7aQ;*(-L}lU%<6etsYmC@e#j~9-@%OqH~$Go$O zxkORYU2p2e3-S6KF+2 zfKMTSqD|Dav;{NAb|cb`c_ov(eXbd$qb^Wlaw4ih@Mj(v>MsGo=4Nw!N0XE(_Nu|J z*!09{`1}Y0sz6@~2>jOnKF)nMe#rBl}8^Or`1J_E`bl?9*p$ ztTPBmNu8FTXPUu>BDmyFwr(FdXMOsLE?9jERuou%4Isu$X1 z=XZ3&qba@eOj}{pzKM67S^1j&=}aJ?9bQ}E%`9McWyX+7<>bn15>(vDt?)#yaqB!5 zDz@#v-T76??vd2q;A^VJBBTJiC&&IHD`HcILCS(3dalnpTQu~aI`q2;*vu4(zX zn|kqQC?B1K00EUUON;V;)*9BcbLk^0H<;Z15;`50qD7VMY_s-Z?{6z99 zhy>B@laS!15e&K)SzrckeM;K)<1PU=KX!r2t2Q|1OK_4ZBxh^-sMFKE!mdU&(knqH z?8+q!P5Ryn_Wr0q@GW_hx*`0qd}~=BLy1J}OPyUvS$7K47+w!Yw!-mWRl2Y0y?2f9 z!Mv7qzBG>mC6U#Q?F0gdMyJ`1YCn(M(AuuG>i5XT=(<+P+v?E_eZ4ni3#Nj-au>KT z7mqj2mm(5J+yfqaVO3#j7eCk|55@CFMZu)GGh6mURQT5@d;*Ui3}r>YN~s{!lXQ}% zCg_b(v?e9p(^kd3?Gs^MZ<=`VoP7gGje{4^SeHRPp)jXD&V4I)UQ%9RE3H^3>M{3} zyqz%%iJO~=98xRXMWFVKtLhwmET7opuuiu#{GdE3!|eeu5!1)u^)=TY(EJ9@Zrn!J z$50u6e;)?9$J81m@N>LH`?C5Vu8+Y+NBX^#6nx4v%4U{eV;1s1xBTCr$v~J=SRFEQ z7WA#c4K?5i#dO|g-{Pu9&DXkTDXI`;Z>U1~5@N$QOtHcg;a-i?1<_gNlzsuhW#w6} zZGlsB)2h;$hxAu7H|*N{hWjJT+I*B$jEz zHN$GHah1SJn-}LJ!ZeildoVeVG9w1k`~=*K)d;5guf=H1;7sd890hIYi=G?knLgm7ry&|wbC@>>r+<44QxqO;utOgNm#39oKX zkDIUO+tbmovlN{$U7TTXBST#hJ)t*s8)+e|_g^5tf^Y!zU)clA_8vjf@%LPcE#9QP zz3g&=5s|!>P=P)cg`AX4t7pMr)FdL0?REInTMm#I8|WtYx7O|RVZR#fgVaB0S6DUI znM9tc^FP0OQc{{zSfR20%(8371POh3)oqXBL{VHp4`i&FPyk~kYPc6KAWHE-*WEZx z!258Au`+W53O^{c%(=!OC*O>N;a#3q#lXkR5zWT4;PPg-wvKq?{OG;@Nj}pOLW;Ri zUO*^apF7iFR9%?YF@iD>k#>s4NmtJK){^&3ibk*$jU@FDh}V90NYK=WJu1&WOK=>a z27-M+HVE32oAwTd=Y$=3wyxnW&dI*Yo_SP8qdv?}bUmEUX7-=Ot-Ja}>4g!v)qol> zM=uUDQV{;zMaNTrLsn(%NyNc9Z)BWFMxJ*bIdQb;GLoo$N{GUfv=`f)@T2*;Z3_T4 zD`=I!bh1rs=ru64rMle})XEyd%x#?(+@5APPyhR?>eS$0}5rv=~-4&8~g3~n4Th3@gEtQwU-363rdnA z?>eE|rx7#2;V->Vgh{Jm%XilV4ApN)NqA+@B~+6WYxF*19r(w;_YadmsIkB%85lZ# zyn^xGfG?5BCr1^T zeb2_Bx|uHiY*kBJoNmh88>Il zQV{35)&iLR`#H=koUTlaQ&D{w4mE7g-16iM!(=;mizoj)mq$KiDs8pD>~O?r1w!{V zp#flqTU*@7-K;kz7&ouRoew-(9Fs3p-!l|jY22*`6O{XyaYVoNG>tsvX-pbF`Zw_^&-b)+ZV=my2Mk?xQR1KXWUVxs1#*^3 zsD}y?ni~;r%;Rv7aog@sj2Xty1yxvSQ_hn5|7&lF#4Tfb`a~~qkN@++Ds65Bl=@GO zt$I(2FP;C89-pW=&ugHRZJ!u*8-qNvJIL8&G0#E@5lR31SyFrmgMXu%LZ)C@uumR8 zY;hSXH#5_!a!BvkQVY~phYMwZh+gva%Io=?SzLAwoe`V5L$04SL{f8eOwlPsZB6s< zKW@N4I-ThHVv;%S@h~($XezX!4WSj5!#@@_!h>tp=4CR>9^D5()aB8{Kt>^_XW@XsH?OrE7P!wD$IAu|kl zZO}|Juxy3q%+c)Nsh2?AClWt9!-PwJg%XD?Wez=Sc4;|B3;($5sxcJ~>Klv%=g%4O zIj%ZzqftgFhSQ+$4-^ns5ODitPf8_bI*AUkWv=lEaX+Y0InD{(rzozU;l+)A{~ignx_!{L7Fq8rS8JzgX50iN zN!yXo%*Zv)ON9jY^nRQZG!7_(lsLq0Sn}jon#%VZcx%mts0@deV87+ohH6eechyr? zW>UPFy`J8rtLT=79(vp$-|D=WlQx>*h~q2Roo8($)0|ch3a~uJ-rm26tBov0OBcgkRp$ z*~cV95{d+R^e+A3TCayDF54#-1TM);?!*oRj%F!A(EP}=VR?UEIK2(ikRZ84t$i_6 zJA)-nX}rO*Ur5Hft6bSj35W~~)dM*q?Vn=s% z)J^{>%(RYW;JZxj$kybmXmG!ka{D+oC2h|JU|V;o6h)RX5imc$J9)mpHKWu3VGI6} zNHW{Rav0b7%h~uy%v0RKET3-mR!=sQr#|{t3kSUPdWUAK>cMHPbGfaWWW!LBxivR= z@qYW)h4#OBsS82NxM5|i@rZrtX^vzi)WM~6)-gZ|_RhEp3GFt*3{C)iFtt?|?1eH~ z<-#q7=mw{m*&vvEKIgJ-KE#MP?8)E=6XZ^$1!|O?QHrK@c*?3)?k(hncPDg?U+f%n z{j)8*olfvE?T-g-lfSJF8$Y?c(4mRwX;(2lQx)LuA$b`oOp<6f#K(s=-ukO6A@C&C4x-1e=`zH<@3qoeSZ6 zFqU1jA(MF zWwKB<9%LammrLq7A@50m+3+se(Ji$4oDgx?b_pUr(@Xk{T;Z45~Rw zC!j(6j1!__wRkJ|4c?C?jTQ*B2q~zHK zsRa7u;>}35(8+NKK>UlW{!L+O8Q%9vVWkpbX<0Dvh%me)$OgROaGhd-VPR+3s8w(9 zhyhEhCLd86nq<8vK>w{sZ7q3a7clqz0GOnwt4TE5p!z3J0qg#l?>|E{vSab`jJf`ZABq=5`snof<_#IoBO0RoDA{$UKoOh-!bg-vRQq%LuZh< zgzoyN#v`Rg)Qg(8)atMZ^WT}|zx|5i94@G-`pD-Zu%o2zwujxTI2`$qTcx&bD zha@eAHrw6F78Uam=ZkRW>We*iXIhx+h_il%rHvxec3{XSMQ#5^#a`@X`#?i3D)5gS z@v5>c!N{?2!Z*lx&HbCN>iUT79ag-}?Ak&qg{rY=c{vZe)f%u(kM{K^Vqd;C2+~R# z`tqj27dqkIrvS;}DXrT20af(tiRV>68@ZfpYZ%rzW5d8szZaE~P;8C?Na|p` zh){Xu)U~)#XxkJJuF(jR-(0zB>~$Rxd4up3MZcja&lL$Z|M#q3QVPzzwt}*tzo7zn zhZ>x|=@P<(TZJdVR}uYj9$)d@l!@D(g@V95QipcR{Sb!+u((@JCK91y5o|);X@rsG zgEBKn4kf{3ABIS)kMEBS5+dhlV^l-%+7OsRn@x}IoVh>nbU1;43b;)*D)*?*Ij~&} zZm;QYGUM2gN>=-WRR_AudeQhdh#?weas@0)4c?yA;1NB2KDWvYw5u2%b+Yz5Yj%Y5 zU!wv%>)QV$Vgu$`fZ@UQAq+`^AyC4ET!yQ zMFLW(n3KFTN@wX|T6QRRlztKDnXA_1h=@jma8q>k_{k7pj3)?Rt9iX3DT$5 ze8t`?1x^1q?rSDfM*&Q)QTeCfc>*9707=7JTdxK0RN1%H=S3@#pb$KTQ4Le&`5ssT z5}rQ_RBwwQGN3e5kqKmea)hz4(^I?x?HH6wVNLzl7bH~$0PN~HzA?n~O{d-7&%yet zRg|;`rEgr@fG1b=EAa9w-@SW;1%h4)_g8#ecgLqfZ2skAIboA-{K{O1WdA-HG+iA4 zadTW?H+i6o2-n8pX$XrFD|Shx_%wpU!2aKKY=o3o5<4S(Ga$-qfTrrzdWRc+(wb}wnqam|lT?-T z2_ol0^VxZz-iCRagi6ehU$H%<84ALB;}7V#p#|r9r3az0O%LK&BIN)~#;9#~PxfHq zb@VUuV-*nQa5+#+SavpSD?_qN(uJ8zx+A47v0J(;YLvvM6GD1U8QwgP+pVLZ+X4IX z`HQ(cKTx!_b-(T2p7*DQqYvJ%jjIDM6gepP*LSq7MZK4DW}YmqXq)5yVqE5;xWEsw zkZzS|Y6wA9_6lmWv1;T|uDg_Umx8YAd0h#4dNVJ+=AA%!1=xd{xNFXJkpsTLz>1Xe zz7;?TvC~{0`+E|t64D+@B(18}>gm9?o03b9r+r&?x&aHQan!IeLA13y(Intl7lT2~ve@ zFoCu%kiHLy9CFdb?vaoAO&v|MpUQ~oxe{z@;dn_oWT>N+C}{Er6)C`%U|84WK!Y#M zqDx3HIdPIwpe^YdK8BN1N+BRmDzfSX=-*kntouF0>bGPzU;5?!%{+ZczM98md6kze zRo{y$@eZG6OhP2T3-I#S$)X=xXtE#fMrW{3y5KE#Ep5R2S6;UQHJUly)DaI^)=Vj* zNE8`G;Y3PjET*80;U+Wpl8}c=>mkZB!SHQYPjJZ%&>SvviVZO(Xg!RL7%E@u8Ym*1 zel|tC)|CPL^}?Iy`{Vk^{{FP`44Zw1Nhltyyw-2r$(z%^_3KjT2-$bVLsdWvWV+qN zuzCd}&O(o5JOtpb)u|HT-bN?V^hiGkss^bM6jUsro0=5Lf)9FPp-^4uN4dT_ae;xX zvo}>u9eXm#OfbyRFSh|ULD=mqj*s!2Nq#yGbJhq`avm^irWRAS?F@q;>$fEP^Vb7^ z!FF{d&@$+~=R;pSYNx}99DXgMLD;axD10rTsFdXbPSrgBC5o30?5|05k&j<1hJ4|M zkl?C5o&~WCF+6X3L1$RDLJ=z9VeI}x} zhV!k~;*HXqEb|w)9{8Ot$!Q*y7ujb+~?ki;lm1M~YQEa~a=^?W(IU@0@` z=iOcDLQb(<`1e&2AZfDL4NESeY#JuRk}MGY<;1yi&9z&ga=hMfU)rL{2HX|ogug21xOu-JH=1SX9Bgl;bEei|ulady^zz@{E_w^2>yKQu9e>N5F-` z;lL&laY~MoxSp$0mm{ZGCq$g12|#SX79pc&#p?i^iCV}ew7>C*z|gUZ){w`iaq^dg zwM*W+%Nt(owI4U;kJen-p4T(iXy0$9OG!wE2A<|}AB{zeqv8cTEaogfx+6y?N(qO6 zo{@AS(o;{6c^feK!FmP_z;7v7W+!=i!Q6hV!QPGb(t@FrCkyuCX!mfrr$k8+wBC2VUT_gHusKU|#Gmw#J_)&X>|(Qt#_&@#Ev}Mkk=Qg`gzY zCu=Fl`F-Ig=4bx(%8elXExK0PyXJ+tlI8K+Bu(c=HpIfycV6yh{9I6mWNo)5j(FB% z?W{KV%hZ-F2z2zSyw=U*pTa#G1kj5-ESbhY+$g@^yKw#!@uyw`c!^L{w@vhJp94sp zq@N#Nf=v?|*@9C0bxzV$wh+DU(64aO%a0N9Tl}*kHbyNgJ#;4X8qoAN-itmxBy>#B7tL{v2OI#w~ zN9i03f~)KVV=R~GN1-#Nh(A^+7c>*$sTqD9d^NcWAiAF7L=lIp8y~ElI%xJ}&O1+k zIlz+l07=^S1rF|(244R7j$bmmr(HMDTI->QLg^P%-dS7haW^ps7z@Y0xRhnx9+nD2 z3>_*Ub)}8D`pQgb#ww4E(D*VHbbl1fS4y&R?0kZ(+;mlJmJPaGRt>nUb`&5%2&||D zU#zZSob}s9#&zp!HpxuQP0R0eP$!3OQuwEIL!!`f1YGQ96A5-zar%}auZsv05C$Y% zs>BnY`(NUJ15gZVcL|E3S#qPe3VJ4C2T{QH+@>Qr>vV=WNy9C zOG%g>rt?X-PfLC0HxFpboI8xwK_81pPV68Hi0|c>KH>b+*n0jI>S_N zlB;sI1#6v@-GbesBbzPYp=zGXs@@j?UHx?>Nkq{@LwAPA&rPonW9F1kAmn*XA{-5w zyHXH;|M0?xZ!p>V(n+tskK`%VyG(mt^9s=Tp8T}Wfq^E|rXA}dRG$=^Vt^?+d?T=a z>B|vzJEeIF!k@s-a@ATH-k;o3-`8kq9zJ#-AT2aHtx2PShaEGZ(|l<~ip8%rC_PeE zzuv)ERu8IIMUmq7mZy`}MU*JA28G=!`qs4)VpKSB%h9a-&$({_^u_Ah-q+}D{u=Q= zJY;r%i#0DP^!?N)I03sKXWUhet1!N86B?gkSoZzC9Ugx;mxi8ie!kb3`_JAR4{~KR zN80#tKc6#6tXX7sgUHughfHEJkDKHZS2t!dO*;J0Cv;LppjCnu_|+jjTd9$!BbVb$ zk=sn#C@{u9yWX)V7}Leze^H5;t@Z<8{omz}_w%mg=_I;ORgfn}JR`LdEI%R)FQa6E zc7EuE=~ad~t^3g24eEnAdZgaEp7sa2PA9pW+*;&ZiX9v5a4Ef{(Wp}^lCQgHf308=9zTZdUXlfMNd~g85=oM zUGp{94ib?$HnZwj4LqXlw$*{jYFD4Rj9@&j={vS2W+Boqs5cuo{TuTI0`Ge3A)TJF zU89n~*qL~fe!AxamjPVJyrHGuK$|7VpP-Loyc+M^m2cTYMwJLOb$;{-QXW1VGweTt z6WX)F`B^FwbscVju@3{ew5&JQ|0}GKUSKnX{dmu_fmI`3^ZTdT<4;t39nIvK)bfBu z1y-0ejXx~O-@K0~NRgrJzz zj}{1`NF{8nKTs~I66i9lcoY0d*USk{z4f&+U8&o=j>@1nMRDcBUPIkuyV=H}WZZ^;?&ht0E&4s>x0;kc5si8RD zv*5$T%P5Q418S(ihU@PX;u7%~cRVm{hOE~N&P&t{??DcuqF2xP+M?C79#_Y1TSez> zlLb0vJ(~f?W_nG%B|WwOB;%jr`e?6B#(;CuL8cndD9@Htf`gnk8-{Ce*W~h@sB@Zw zoH7gPtrf%gX5tJ#MIUK#mQ9tWH>|Y75l6iQP?C1QG#IJ-c7}guV>n>iRNeC2W(K1y#$C=&JoVzFl(C))_{`wH?=mwNCq z{mYDfYy4~MWSoOD{A=c1pvEV9@HlCQ{^BmVfQeRIzrRHpNrzGrJ{!bp(PEAdMAf3F z5kh;{?T-B+bxj1BV^CuDqT!IIa>D!6T}1yWULkKXx5PB+GEc*g7>=!}c+l7=Tw3Kl z`3|2X*F~7lnMg17eAa2gXZsvdOF#-SS|(|jTug4ljzQ}yif0!jwZmP(DPcjiJjJLZ zFKn2s%%q%{UeHt!tw!wVz>+*CFIa%K!Yj@V#S7uPp+5;{3kj`hASQR|Bg4z9QxJ>u=U9BLC zS^u@Pz1HF)B2=>S#Ej{3K@F{#%ojuAp7$Yp$wq0*m(BMwPXm*}eEyFY?)GZnZ(V+_ zAO2$#tG-Zq;mqPptOMP@(aqMO3j+h(ItvG-)Wb&#*wTWSmkK36!QRxMzB1)*TN-@? zispmkU$Z~eQbRIt8rWZM2)pG|E~b-$X*?BgWn9GRwBKOP#76WqfTZJiO5HZ8gG8Ihlz-kqOA;JR$XU?}}Kw}lD=}fWqM#GvBS#R7lesU$8 zm+-<_a7=c_A*6KUSHKBd;$Tmi3qmorGhXm~!AvG^xDl z{y+^X&-}J-2s;uWMw;Y}^V7|SZMLo*5p~>dn^7l{|M)fj*m%2YWZkWiX2)=1P(LJ0 z2@N9~HvZ!X%iFO;-Y_vvR!-+AmLi5s5~#o7dJM!EifFtYk6E+kUc_9-C}}kpvkrQ? zW;4aF?frm~ENq*ay_0^%=RRR8LLqpyO<`qoc zY5ToTd%&EX$%!PCeQWwiR^qpKaOL5!tjlR=C|t|RBk-T1c*%!%;30J#AY=uxL!oMl zf0;TM?77)qRfV6QxAhRsh8R146E$uU87LeU2boU}{OBkp%pZpKz^d^t$+-?Q`yZtnAQ=_ zDBdoBWz+115s_Q!<~Q#kSq3HQV=yl3eJL;-<|vMwsY-)`BAOO8om#<=trObLbB}v; z#Obghn|+RP8drZ{6ef6{m7?P{u4pw%HfQs(U6yX%$w29BN4B$}I?vE;BfuPyk6;n1 zTzNx@)A%=QfLEt>%NCAS_-(AYK--r*U>qoQY|C_S#38}r>MxQXIjN(ZJR`m7c9~s2-5w$$eG0!QV{DwQsM%S~r1L3<4WLJ8Msu@)f zLBZA$$UTD$Esz_QA039VG4;k?{D@h~gXz=IIP4X?K6}sCrh(b0V*K{LD~o?LAkf#H zJwi-}0>H$J12QeUjV1fhzdVaAi6tjdgbo@UO>fW}95a6ibSHEhP&J=E0%15QvxN6Q z=6kkbIBSlg)Qj*bSes}ajS4;pEzC7;PK>QoJLxGK34ODIf!hWnOpRrx8KoXH6HwK) zCP!d1b=lRJRaLKTy|2nO`l!J>-uE_v%*BTD<>jaNBueC029Nwpq2f=?xI)&TetGL7 z&KwWS$k2wUf_v)c6z%n$gt9j$+w47O%3%A9Wst=s*pnr@!6Nk3z}C4#+uLDqb@sV8 zwky9=jH2uFMB*t0ezhff%h~!_AiT7eMBzgc?yYy}lEp+S?)~EEo|HeQ(6$cM#I+Ym zLcb${2y4`7o#q~?3M?W?G78Off~gNSQ{I0=X3e3|qgG#AehXzjCUfPlQ>}#!8xU1U z@RyK}zOmo$AG)TazU;qgvZc!%pZBjhUD-WeAJ@;+1KllNA73vor^kcVo9#^>-Ox9+!;lJY#jJ+} z@&lf!NQL-}Y4~Y|?_I?A>rUn>l38O)AivjoGx%*+MMs?RB zT>92YYyhzFZyU74@RmcWLVVqS@~Smp`CIL@@g|^r%!)i;n*6MJw)WBCzTEyNr65Q| zyVwDV>}A;2G#t$(Y#NrVjxvAC0;=DIVJInWpoJZ`Tw|rzkC!9SXM%YTz|4wF+)53- zR4!8MnstW_Mlgb4$utB!+WdLE2R%mpC^*i55ML<#iRO=D}?s203AMih`3E#gw zvfN_6Gke#JB?;n2(1|F=Oias|Cbxw@vtVoy>n;zw1DoA8F3(qH!~q3}3@=l_#aF!VY~BL4*ye#fHY-)a<=ulcUC(P@Hn zDHTYDwAGb`Wq@HsXa1XH`fcFaGaXogXmz^cL>kj*h;2JaaBf{Cbm&SoKKut%AV<1l z&~B?Ih+H-B5TXiGVNUFC3qNKo=$k4+AeL1qCGMHjZVQrjy306GDE1VJ&nR^S0*>`o zT=)y0aUg*E_ESnsoR#tu5Xn6oM`Ros)#TH-;t{PMfQXW}@S`w~Jl%B20>MFl?q2-G z+?0;^Sa&!dw#8129>nV9BDl~GBsy6HFaTTQ|iuSI>I+|70KbpAR$N zufFSmAP*NeBFa;p0D|{v^u}u-h%w}1GZ6bVf#eOm*eQ#hTGe)WIDclkWt5S%M6^Pp*X}wN zQZ}jpSkoE>L%svT&u@qgam_6P_v!5Q2rMRwL=k3LEXNA-Fr<~5=a7=(1FrhhLUYYz z(E^7&^Ya1*J%7UO#oTo65m+tN>NzzleyOMmR-Y;t6e16^OkH8qfEYMNk>kZat%c3m zWNUnvn>9N2KVX+NCd(Y|amem;g_5!{9x8h`Awts);q9jhN}-XCM<)s;`jrAdM!MNC*v)*B{T6?JymvV&3ak);gI=!3KX#J=*C?4#Gg^C z9#W5}H;qPCE&h#<*vU5-Nw5ZxRrDD5vuf*6GUbTc1aIcW)^g`g%>I>4e~MnA0Lm>%R39O0pU*py$>%3 z7$qoIa$}!>>6ky~ts~-mw#Tt~3@ZNG4ko2*Ij>NaW2{}P4QgYa6a{osbXsksVj8D) zcP{QX6rI=Ga4xcr*IMNIjoNaVaep&V5gTJ&W?!Sl?$iu-n*X1gaVpG&!7IIj=MCje z7`y_qMkwT4LFqWtH9(ySSa12Z|KV2fgZdxvXNWNndW-H3T4yeV=@`Jm10di0!^<&O zVx7g*mRi&L?*t|9%%VSO&b>=T%cHh!?(OTzCss7EEz&KWKoDz$^i^J6`TT1MU=`cY z6hhf%-OC$S>t5Ev|6n#HL0m7$#4+oL1SA%|3ASDG$bgdoa|4=sovlleq@i28am`P8 z%9B0oY+;|Rv8X^lp7nM*PV{zgE;jtBrnZb@Bhn)x@3pZg{zBDNFOF62uaf z$m}I<&T}UK2?puz5)e(gf<`8FoT#fpL*Ayc|F<;F%{C*=eI5NdI&8)1~+0yVhIPI@3A->7Y2rRP^tYZoH{IzYwLli zA*dnB)0CHj+{Vq}#|kY@0s{P&3lrtB+%e8On@#i0x%Q+FP+%*cC2w&pNpb_}ukCYy z-LJY5ZA4MDXBTO|r;YOc^4^L1Cf}DdT13TRtmby%vJR1z5C2_IeK((C+rJiDj(jP*+u^%eC%C8IxBSk3}Y9ae~4ViMgaR< zC1|Q8AaMjo4A+CjiaYG9-NEZ$jKSAg*yr^xOgUwdpAvc3VQyeb14J5RXGX18mP*tX zJ>rD_!|JmVl*ioLG&vbSFL8zilk_+8b4U)<81ivSy)H|4sncvqvT2AipiTh2Ux9yx zU~-wROz5}Y4x$vQomX|GU&Pji2PP@6o~FY}T*=?HZ>|JW)Jq%bgC-lk!@k&wE}MT~ zHjDMe0X&M@%u^z#vBv?~9kMUQ3euQFO@kVx>f7T+B)+EWU-TiAs_Wsvq#~KTM1TzM zjwLd>-yE*3TN_1Phrmv-jt$?j8D9Tiq8^bIdn;bTaldv_h?hbUp-vM(8&Hhkq!F7S z_Y$j6cLGStmfZN{<&2p$htMliiM5_*M-YR2nvk_BKVv1=Ft&0@^bCviH0J*$=&7t* z^=jes_6i<)X570>H-%IiO*ygT)kMCq$d6&i9_k&k-a^)}=BUxpsX z$x+aygVZ zZK5fPrTi@tqj2XQ$~J|6s9U7Y|G%Th2yz=JGu?*gqmN)6nM4}KXizj2F?h7BN)dV4 zdQ;4-gQgKy^Y7Jij+wRiXdYT8=W)7?QeJro@VbiS=13nOrhVms#$pH_1_L7r%!XkW zlg5+`mJ{U$kae%8qBT-ebap^Xs3)f<@YS*jf8rGi(?1vfg)3C1tq^`qeDBcHnCsg1 zH>orK#y2bePR+GgLSDtLU3A^5?rQCjV~pmG`XOG+0hc!68&4B$%U!$V?^q)po?>Em%ocildz=iCkq4lPE^Ck~(@PRhPT`jPGsP#|H`n~USspdK+^jw%aDsa%-l>N;JS zx6y*X|8A?<7+u&ZcWiLW4RHSFH0Pv}{O9$4XYPFI?BvJc9fDzL3#!?mCC@^AJDY^d zSN;Fc@bp9McDrFKgKq{VnMB{hBlmL?##A9+=j@I9jHz;V`Q-P8xP5iDrnGsET(0O@ z+rLQF&|h;7Jh6wDG3)eW?L*Drh+9ZunB;}$v4<~szndx`}2 zCKVy&tx(zyyo$tZ=lqTK09CL=S=N$rbR3a{e9NsK!95((aQaw#8-kZiBY>p!g2l&# z2>eGtY1n_0;-Cl2pMp>SZUD=Utf}ZJ{AJ5vkmj;*sMY5MXAT{4)85lM;mRD}L~a{yWmnqXJ{Nw%(wMz=%uBg-4O;N<6%nI(093iY-c1Zc zB_Rcd9&sWyZ;@VV1CatN#|sq6%xbf1=J~7QUa??AQFj% zAZsf(cil{ICcr-x$Vanp<$;^|i?C_I5J{76NBONT5+4GZK9 zX&Xp&3`E`Oy}yV#zFqU1ri`2K&QX@Kg`rXP^~T)=<<7Thaq7`fzc2&O1ms|@m!Txz zwms<=b!=Wb%~SEV0TtS-2=zObZ%BpKd$-r#pEHKLCJ_@8gQ%YwQm8&(W*uOY9CV zF7B^B=c<#nRTY(Y?m*Yq$k@mB`{`mX_He&+j6Wv!=YHp}pS0DYQI50&Jh;1LF@r@9 zv@}-*S@2%gE6wB6gJgJmfrWPzgw(K&O$t*mf_q*ip!QWl4S`MqXIEn-Q`7WR_Kiq& z$HK^ zF3%uGL;-YjISpG1zZbbh9N*L&u=}#mpf$aPWJx5ZZ;Q7MUNj?>|hc<4n z(*udtymu6M^xs4|(GCIWP5z{86B@Lj-REFmqX~3GkO{Nw#Ao618DbWQ>ANO(+^y!- zhd|o=Y!+Xra>m<^iMtq1g(8h-VM^`wX)FGkj7FyBgumEE)cJPABVJBiLf zKD5%8Gu`Rgr*|?I2~IYzk)jmIpSs7pME?c<8kV?t!Zdbf>yv*nf<&2hjg~;g2!FfU z^d}4CSr>RV_~2h5|1otChjf(&u!JI9aj(+G$S+X|l;E2grX`-1nY$3_>V8vvMa$rS zjQRSn`U6BEn@65{hMxXkMyM11gpEi(J@4P??J++~LqyHiVe))Y{*Pz6cJ#CK zjr1yy|8eGQ$J9MBy2RRcA~LaJ?(gK$G71gOWjV$EzZ!GsLBTP)&ZUb;(0|(S-6?qN zB6>7BJp<#oVa_m>1ZqNw{x7P|DY%w!;kGe$Z0^|Hv2EM7ZQHhO+qP}nwv(IlpNqN= z{jgrUs#jNkW6m+p2ewA*nWQF!seSltT@_p>pP5N`u|bNSF=TMu(xoCr9nUwgsIL2b{<5+)_+IW zl)Uj(#997FDW9mIF=|eL^edeqG%tZ)Tk&HNV9}}iTGMQ+qQU== z0+?{E3HHhvuB*j_Ya@GF&pc0H6Kj7aF?T;g9dw`=x>9YVfFD%B4IeU4rPhT{soQTW z%{{{JvRP(g-ew^!TN;{On{6h_XPVC}qRA5eGz5ySfNg2fzVwQpoCYa>%UoDr(PsKm zg6PaO-sEriI3iiIl54TW=UO84DNTQLH%!$v$xjNMH|}%f<3M1@H{R1L=;F3(-!X|( z^ppu?55y?}fDI7i$3JH<%tAn4ut?o?T5?*qYRO@RELBYI2jEBgSyjbak3@Bg0CH(>LK zb4^{s`FK9nFeEfHH^|PMJ9S~J`ys)ib{5uQTVWqa+IP_;4D}F_p{Z7E!H%c&Sp9ey z1C84*1NcC^*Do_x;}yAL_d-hXR+db$7Gu%J}P4#29tdA>~ICc zHsyusuSvdeBGWg}JJ;MSKfmhpSTY~^e4FV+fK|>Bl!d1|3d4TWqj@R^4rd~<6WZ*e z(+2JpR7OXETpa!De{?oUEg2_UU-?D1+i5&gQ9aZJki!2Xl|LG$_$|@>O638A4eLpZ ziAds!2)qlapEU5AP-n(Jr$tAxdFDGO<3Nrs z2*!N~f+=w?8~6QkZUazYpG$5pbL07VXWuB$E`LonN@S_#sw0X7tIa@tzC131M}7cw z!-|-xntHkJZli<;QVWnD_xlOv`&|7pifpuXeYhn)y|1c(dPgUJ zwv0Y+NEduMpnrCQ-y5Vj)kpyS_NO-Cbm)Q}vrnPFL`V7-j1ObR2H`Gs$sjB|6hi{4 z`1zFmcFV8$BF8dw(&=ongnnt#OkzxI;P>RK8OEKc9qvKY1bejD$enSw%!I2C#i~eX z-D%`=iT_qk8#lGVmzgfyHdhG4JfW8P$2f0Jy4&}EL^ehz*CI^b`;zxwCb2wdFdh-m zcXnxeA5#!J9we`@^u0X49-EA{tEl&ANN^|*asfUuLIz6D?JV2xd+YmTt_=zZ>88#& z75|+efL7}+&g%3wo$^?bctMD{5;DC?zP{K&95PMp2!4?l ztC|<1R2N}plk{rwr|WP#Iy&3EA5MzlR#yh!>Tlxb>ZsiZV+g@gfim0hLC|{8CO}ry zdQZVpY}JW!LUzCUE7vQS!kzEIbk{d78G;ESeEI9FuhPQSy|J$bJzffOqTUBf)!CA1 zzGtU>%h&7w@q}RU%`w=az&yH%ZZQx#*1w-`yd;W7wF)0z5Bq+DzN3OW35wgZp~J2F zH9a*m2Ub{P3YwB_`evEtX}^e-P>Z*`jh)oEci&U21q}H<%Yuyh9D51*3~T0iz&UT$ zMYAu?RG*F$;V_hqifaiQ!LtMmDFJnk=@g#ug8yJU?!M8fN|F*>7XD#26KYv@N#Fu# zp>3$0Nx%(d$50X=b)-hGPGcxjhP^)$%hip_thGO>3S($Ooo*e6iW5@e2UXxMCL~g9 zF?R1t_hDBA8$1b$5L2ntyBVo;;lf{zT2O>%8^vs|)abdWuR@pm zm2h_8Ynp0fz2{Np;@OxI2@3+gRL6@D+e^37_Q-M-;E2so#TZcut8L zQe^E`^OJ0$zVvb>3gAeKM=P+9@NP)>B82VZ7Y!u3;li$7C?#yK$580)p~_|%0mq$m z8mDEoJKQm&uc0cO(=3v?23ESb&N1#{Ah?|wXar2wkmrgKHxXLAMV2`+$~%93?hOJv_K6&L25N+BRx& zgeg&gPy8(^9;pz2id2`6?difK2<`g1GyMFG_ka7j9(pb4eo+TFegmNdN+q?72wWz$sdeU3eQli5N{7!WY(FNhG>f31KFC7@DS`8+Ac%-8FV!bk zD482CnYD<_Bz6VSt7VN^-(Ow|)kM?POarXk!~`;Ebx$$IxB7I`saWQD3Iz|8OT-K3 zYLUV7L$KxBgpJ$A4a2VFl-lK3F_xh5|UJWmpWJykbK7{`GQaI4i)1WEX38H z*O>XA-`CkPz5$;B!-a6_;D8-?mI#+isIP;S06E_^@8Ts*7NVV9W+)pSzh%ubC1Bs_ zC^~iuhADCmo(}vlyz_Ku?0(jdn@Wb{u-q!BzX8~cJ?*06EldDl;*6ONxu}5>O@W*0 zjxx)j#Y$%SDT2I(^B$Bb?~~%7b6JYx@r)sHN^{&HxoGo}!bS8b{c}%4Q`GDo?STl} zo<3}vU3?io1Hxa&a(olSF!0q^|q!pW|zR|y?(qlYF{x-+paz2C9S!GLlw3qBnZUFE56>? z<@52Pd&_T|LW@VN;atzj71arHM~@B-#t<;$iX}8{A-ukL)gBGltx{z0J4B)1MQtVP z>_43{0K&$p4sB}CN0ZV!3IT*yK zm9tg(h{V1D5V`K#DKf8h-|Hlcjtcm}?LU3mTt101(;)JUT=MWgX%CB^?6j(yCjQ;| zt`hukMn^^-^+SJtOsVJ(ENwL&Gs)HfD+zQpTlgv33ayx9#9h4qwG!givS>khEigUc zdn^>0GpBy`3yI}ydACy^Ul0Y)%Q=Px+kMyxw`@i5fVWxMdu$4;=A2WQGnxur(ff=- z3=xqMEO~HfDWc@c*MY_T1vY~**Tt}GirX&K8cug!a#Xj)h5%or?56_6`ZlZ(1Q$~;4I+*lR4!pR_9fT2gU+}*U6%J2`E&Jfb?*L)vl(zDs+z8vdSkATRb~8~ChN-v z-f6EDqN)sXXH@W(<)5ULPrwySw!+(GhMJP4c#yW5gmG>bSF+yOCB3S&AOL|5-KsKs zB#4_0PQI`U8~RA(kTa&TbGEhJytGvEkl>UIYFAj(r?NlF?iRVv7d2x|8%|)k>y?$& z4rD}YXR|6AzD3m=KH4*sK;S{8jhMtFjES+oGpqf;w1Cg5o+^DM@l^V(|;uVr)^aO zc}90Dc8ItoiIL0!6q8Phc=Ez;#2Nn75{=(&rH?9@`k5;&9p>W!MJX7=;~Gfoa@D}W zcEgv0`D9ZV$Wl}1d=k;kCo>oLgfe6S_)8-QH6(|&Kofxv?ZP47WCi-3x$?fax<8nU zns6y#12}AP4(=rAHY-boHLp&(w|mgsW)8uA;rXw`2NR{n^1nXq_|uvwobT>NIi?^a zBWABNOGP6REV9;pYJx|av)O(TBZ60HS}QerWKh;iZhhb}K)S3E_Z3*ZMWkOL+9)bwauzQ{Y{`D*La{!M>r<|X;@23;| zm%mO>e06Koa-$`(6JWyGIBnJd^Ka$VGP7psM;3{QlZARbnM6tb)GXrP)s2EK`+v;{ zQ`z4s?9G&}iF3-*$PnrIPw)aJba+>L4og^wDAK7o0OfDv84GJ5OIG2;WA4rhk+F6W zU&{=u>GuRU&U)!rS2N|jXq_qqml!D2M$KzWSQL-%d!mk_OB^y9G+4||;MJRuP3S%w zs@|mC*P}O+OKUEDu^D6MDQL#t{TRt1SQ9AI*ZyJ-&q^{zWY$nFZ5D}v3~+nt>>B!K zyUzl>mmC}A^C&aicIT?F%ANC0C;dSXQ9T6^>AH_QB-sNG%`ClpPDDyAGz0_S^t<3- ziwXyUDpWp-k4S&aD~_Iy+OadV*i?Mg)Us4Ql}X=@1vy#|7f`5gqk?tx1{r9Js=5tA z;k90haoi8Fpa?T|v??z^oFhK)9}LL`ak+5V$9l)iC}8?3$YnRiMk(vd=G=zj*XM$iKJ?Jn5N>d_>~x$4hiQQI07u;rxz0yvyzUz&*I21 z5h((I4O7cQ@UB=-5ZNdaE3rX7S=$G!scBT13WKoci4>{D6v(5xn&&6QMXPv&?Z6`% zLQ;y?B>7#K?FPkWnsDw-JW(NmjF4uIY4*C`C?;ZdcW5-76$GxO=Z#KkF3}5^MYUXk zc=bBOGn(X8W0*tDNK3Vom^DZa%qjmocjM_twW>eDp4Lld{P|OiS1)Rx1;iGkOmbqL z!RTvW!XoY}o`P%jeor1oYC6tHX!ATqgWhCh%AAPAC{$T0RQOohs0DgZ9ULqpkW0Y~ zj^MfFW$~E4sR#s9;bmQhqy!i=rI^^`Dri+!^sp`4vvI^UdH6KeU$ky`EUxhnmBGw8 zI8NE8F%Gyv{7*;!N$KzY3ADtSUKw~TgbG3UyI}&CYFKP_nKcL3m!T41UmQF-far!XVcyg z>lj>O)ab=7%A)0kD`~9(axfmrPq6?v1s&v!Ccp(-Vbd5*({OcM_rkD$U z1h>KFDv;5lmIh~Z{$&5^EeAcHauP#{`7p5eIU>Lz_!<0dpCLMA&2sqATi(xr3TJ0j ztGc2Qos%^pK=-x-VZC>2xwH-vLR9Xb2v&g3wRh2rat_$h88^DmSZ z<}{nV^hcl(vMQ#`%(G$hrM)%JtroIqUTDYMeHKHtjB$1TUFOt%&GX5romv-!v{rh# zw(uxgLGJeY5}+(g*ey@F9U*`6E=NT!;!6OrR$81Dz8X7=RcEZXV#$ss)|YT9IXvra z=y8%P4EfWi*KEjJ*?^VZre@NG2JBA~Ek4)qs!_p?zKUA)4XgQ4ZA$raQ zfvIR2p$wvIsJ^I6pI#5To3_tP5Q>{L7l?6m`Ov;X;uIs(INt_oeb)Xs`uZ1+=oa;g zCrKS@#eCsZByJO#%#0Rw_WPo@BJX~S+oP0BU^f0-b%_{I3V~XEvN2UJ)CMYv9GSUptkVR&EsHSQA=l(8#`+i-scou!>F%@%qqIT)-ihebko;O2o*X-D@c} zYvhrN<&O z#>)$P3(iF9%h!dv&{kzRa4{hyi6IR?9ra-#uw4Q+UxR|XORmx-| zd^8DsvLT(wFh31+q?_1Xc@ar!s;*H+3Eh-$Kolx}A=_uKEm%=qd4ViVO&M<(K_I7D zNa*)ezDpK->o!@dTEM3K!6#WCSfkLpsiTwult5aXi9Xxz9k=9gE z6$uGjahP=&gMaO$=;6Hvx^J?(be*GbXwcbPnnWfG#39baC%-O9o(~$MEmPAe@CH+| zH)dK20=Bib?6tUtlaibuLsWCE-$fU2a=jwS=9i!UkRXvoQ%Q1_5M@#E5E2rYuU6(T z@xcmorTt_?eZY4+CQ4gVxmh`2(!X%g@@SnDMzKk zR6hvdp@FUikJ|hIBW2E$pfGU62&GFytLhQp>cO?A#F@?}sPc;P|mW zQ9Y+#l|nNxMXSzH8GPaiiHEGiY}r&3^waoi_d86>a|h}Ll=aMr+z0(zZWv_-qE>|G zpT(fU^};dT*m-SfMPb?k3GyJ_U2ZI87=MyZH|B(Smd>gG!U|iP>mqEc1mLN=Bj@$* zia6z#ygImumdT1F|E}fa9`rHG@zr*6ah$4)+eIhkYW>M9W-W<>!@Q;@^g;sQZp4Zt zd;vBaH0bSTN8_X+aEd&RK=fEoD7lC{O)`lujm2W((6*$C*fW$^o4=j(<~c4Xqf8$aAyC8jPY@E(fww{`K_1DCAh$K`E*-Ir*A~zY89|0$pmRkd7Cjo zOu!JXO1=SUh5AR%GGvO<^YhTJUIhc1-c*#QTSrIEaW~F=ZZ~qRW^TLoZsLV$LsDf0$$t8e$pUb#7@n| zOnA!~4W%_ayjN@HBR&Fwm!ln0bEOUkSfR1*Zt})DG&;#m8kv);*)7@?sSgUDwUVsP(+a(q(@*jPlBpkN-;FlX ztFrt^-dkjMW=)cp{61IY)RGuaM5t86TNdg2&I^$w?Ecv;L$9m1IrtSwIAl7nRx35G zYMUW2@F`F&zZ=_)s7`;?C)-GZ(jeJDj5I!uQ}7%4<65*YegrX~?<7zL!gn9x!NU-V z{B0Vzr54bg7gK-@a356kxk}#J_Gib%1Ss;m1S%k9IkUpD1kH6r7gwM@1}^t88!6pF?_Z`JaR1M^)| z#hKP11$4BbH*Ut!tc8D)hX+Eyd2jA)X!duBt@3Da5j_}j?*`C}oYyc@(rL~;Y%gF+ zlG@u6m}|W^OI={4;)`5^vEw_qWXz>zaeev`*bhcL7JSlhRH}<6?jpcl_T^o2lJ?_4y>XvQGGQ!#HcV*?UEX;v>LqOlCj)hn-;lM zkh@%;-@Y*?&dpw=IyiSf1~Chpo~??f{Tn#MaF2TpcG96TN)Z;SeWm))q=`Mg2;|!_a;NJ7Evex`dk-);f5=B zm}@&})R+P(Aa6#^(@U|{*3C*g#j8-656^24MHIrep%}icJac7<>5$NOeWh)rAm+>y z$vhkUXtDWJVF zqNK4Cq&fwL*Zwc`nHZ`9`q$(MJ4yWU{AcNaKFh%Q1rxLlm&%~B2UQtn*&X=n%3tV* z_*M83(02~3*lSE3fKY|2CXkC_>b!-T#CT%S!Ia4F{qtmIZM4}e`z+U_y}^BHYr?1^ z*C>#=HjPvj9j@kCs4f{=SGNmOF$c<{$)RIUFA$)J>4;1yH{=A$cx1y)U~6L9=1Y$~b9SO}0*@;X@P;H}BVbi8+W`dH!6P48@4;RG)x@0y^fD;4aj7u6 zUlHbfLVJ}rtM}(UuSe-7fH)z;S3QQPczJSLibDTSe8Hkx37@v87y=54Eb8RWR@ z;$~0VoGrvsloni>2-z|@EhQB!@$$FZy-qX6F;*r!dqiO?*DK>nuHDEjM`FY0Ejp6#b7VF9@43^j8`9e`zR8bQWU`oRmr(6$LTA%#4CXq#!1F+O& z62)x!XGh*aXy9x^B|u1^aaH5dCY3qjTDU-{t4V!PqCx1ZNn=rGKqw&875orNvh9TD zYvJZ?1^@@kQ5}K`Cl=pA_eLPCp0a1j`Jo5QM@dO#ldXz-NMIm@lj>1Ekq3_Wt>vvI8vdgUL*JvKcwlKh+jAkncyIa8mWi>pMbBL| z_1rDz&vLED283SSB|m0n_>oo-pG8)p@%W^j;}}}R31bn{c)M8L3y9Yecl1q{I>pOm z^Fri4C#hL7%P#jgL3n6l1cBHx86kfb9DMM5#3c=#&x!1Tg?vJelZBzI^iGK5J4B%| zz0H-BqGNIaN-`NzBP3ar4uYR?%wE5h!g^C4z@~Nm^TmP;h^;6!uEuZYN_@%PJ15y01kx_rj%ovK8`m@70>c)mm(?v0&4%giLvZcGvfy3(E zK0T%L6d6uwGR`AnF|o18$UYqaj#NfN&@5*1fVXWvl<}S_n3q?S*>_|_gD^B5gJ0BH z6(#a}M^zOdN0;EloEUCKsN%z<%#u}K4I_`dT~O++8CUF9+{_f>Ep1+Fd%uaT-uy0Te%V#ASDm218COn1xja~m^GZ=` z^BHTD);@8w#(gm=C8h(Az)r@Sr8{VNX~+D*bZHSzsfoiFK|Hbh%z7gqC&Gzhf}?%S zTTqz(@@(ZETPTnUKRlXoX|C96+W{(;m-dbmi04%ZQc9YKOECDjFor@AoV_2jpI1Q_;Ri%Zo8(wIg{#dDeUJl;UjD8xZkDtnrIam^dKB0WSm%KN!YJYo~R^>c? zgCr-Md2*tP7K8%X53g&M6~d&aNSJa^Xy$APikL;xWXXYod&M&9KHWeciUJO?$eJm# z5=ixzEObsI(Bb}4JXB?QK`EJC$DMpN*Zl(inBIv}cug%g`9w41l-Alt)az&C3+-V_c-lH%eYJy991%jitF1KF;NkSt_m(~d;iRG!WG+>l<{0| zm%q|UNlZGgI^SP$KDG_8I{tB(uDPssT-V$P9mubrcc?opbyvjPRNef|2quynT%gh{ zvqC;?5SLOidKq1DluEEZuu-u>a4%YW$`6aD5TsA-#OQ(7#Yac$lzo-4d)G|@Ufs({jf zZ3Ji**31ZAUc18E;t3D#63f^iU!^X(c)IA=Z~K?!p>S|L*IWGFr6oW*bS(v*B9u&Q z%i9ZC8VXZi!X#g!!2tzHa}`c=ilH`ZyhZnYkN_g_R=*6}l{VU<-kmd6k8gJarsyfK z;X8waVCJ2LwUeZtDx^(v@+i>ht`UxyKF^**ac;IYVEI)(T#}n(C+m5~D)?^1IuoWV zGyCIm8}sx2@_O455YRGmV6*eJ^84j>J2EhE1N&q3bEgv$0uFBD<9e48@vz|Xc)Mex z7N>pg^YyVy&E|!sI<~jx^5Y^9LQyHE#(k_`DFS~kTKn&Frfd?1zA+k%)0SbB&oEkO+fdxDx#BT%@z&;* zuf?38vb4>cU3lRTv!(^uW`sHmvmoWLJQzU(U6%XW9-OmU5K}csq2S_VlNfx~j|nrY zYdWxoLOvho#Ic(3PnM%0CA@eD7fggpKRo<1uv*R#JHat{eYF#e4UE0|k5N^PDw^r; zl0<#;pERNF94_X+0V$1qPUqZoO~NtYp{dOfsj=v(9I{vG`~DmP%#`zFLux8S$DN@x zVxrbnH+i`*E0qs_oG?)SoG&tQU@~2a8)cCyR%3<&L)Nhw5X~pkj-u0ha5`2KZcg=S445&! zW=R5Lcq9bTv8SaYADSPq^LXh^a?=1O7fA6?oSu9%8Fj^VL$xHci7n-c9h0f+jZTRh4$pUA;s{!4bquD^Sf^=uRhl%j7NfUm1y zg*NMd4gRE+4T0R5EGS^AF|yzm=xc)psSR|{7ZZNb4qZ9*eG-kpoM2=5*piN>{BY?o zoa_ScbgVzc9G%6?m?!;I^IC70L0EIZm`3#Zt~pDY9!t!YgdlDEQ1n`@7G@iK!k9M| zQC~hXR43g;Dmq>hDtJ<3Z1ST~CUnAw1Zpr$*tK)aT+*M({0Jy*YljwHjpj9seT(RFHNc~6NDcO$Zx zOGi`9}YO7jF-y{i>0(CjF5CcuMvMOq^tSBYWFmyBZuwZ%DotM>wpaRx%5d>p%og=_3Bl!o$S>^U22>}ta)?1{C9WVYGq$t|7s>Z5LF6!CN zHku%MPiMp)87(D0Uga+p+6@W`ShS^_<<2Oz&ux&_;U>NVk%}T{U!!~#mM{~*x<#$e zUq&{}2^L3paoUtmI0cVYNlT)pFzv^3j4_|#Xl+AeF)1EW$P&MAUS8l~QsKpkp?z0y-0(*zPqG~rJ|&)6@{zVFUFSvC;5-uSK72FdDxY~?h=|^c^%p2DwFns+e3XL+ z+R3v>RyQ|L$vh&RVKWGY5(v)?Rs=1k+luV^>Se_WSgf`hkxh&E6KAtlXm+hHbcMy6 zGm3~Ehd$(MT;WQB#!5ONn`lOmELfI4M-d3_j>iMrfBiuQ5WM#~v$Y!CR~o(N8{ij+ zF6poPIE)`sysLK8a_J=n)jW%AVm|gGag|uB{%yc-GKVZSo(x&m$so*L^ZTF5FnhLx z_V|a?{DhfApemc=YG%P$_|$!M{N0{Alah$`EF?B8)IYT<0tu_?KqGx zz~w;4*WRC5t+JDW%+cY0%l0`1>p^=fa7_r*z1Hu;T3glV;!{!A9Cb;;@nG5d++eSo zL}fUc+y@}MVIkz<$suh@@jxq!(st$%j@ z4*RfbToRVCl@h3haA7{^^KXZ2qp15yj?9(Wl@J zl@u3~ytvL`j9zV}(&=@XwsVVG0izpar!G)F79f!)_0t$ZSX*E;E_{!))jE>UH7keW7YBEw~%lmA9yRbw%T$wGpZ60+Uwl(7UFKrhX*Ww z_sk$Sj*wNk6B+C1jKvi+-CmpAzKW&^YsLDyU(Tdw_G*Kne1dr3eTlaneUf=lEqs6B zTZJ*V=7G-t*lU9qw(G*3h8C!KJ65GyawFMS5v-&&H3?O#nmf|3K=nfP{<=K8I~du? z4-nb$cHrdpX5{vEwDbG~`F>fz54V$U?Bn+WY>&e|Hllf@`%+I`pJF{#szP-Hn?}Tf zMNP;IO{D*;g+i=}n3nO;$}YVwIGZY*?m$pl9jz1xw!eI@IE_S*4zFL)B0nCVXN#mK z`Ut~J?|Zyg*DWf?4BL?WpO`?z+B-~dO0`_{l4ma?2Dly72Pv0T%B&bEtr@brS!UYKBdUwDYX zv6_aN@{#oS?h%lICsH@eDJ2j2f$h_0Zmj;%Q3X6y{u+$|p{N;@3oDgYb~_cbZQ&;U z{^}S$CbKMzJQ0oeH09L{c$XXQ&0z z7^=hnbJq=vo&!`2F-?z8-OnVt5Wq^Urp0Bv>)+B<;`{%(KTMZdguLnF-xzVVUBGxX zj5F6GlOglpnb|;;qLuO9C*)k$WjEpsO-g)gl!pdu2SQA+6-T@6*qd^#JX6P3&;9A- zYhZY0Rp zomx1AxWPk2Sx%hU_=DN`)*EpaR{#-v$pE8cU`s?w2MA}^?jYIO!PwZ?mqj}q4j61L z9ckm78(ymFylr5H=S}0UQ`?10hDfh#Um+NrSvX8m4E6`6JSzzEFDTx6J&JPz9`Nyq zDmKn;<6cWF?l=BI4|sw>0qmyzJ_!YGp6~ne2AA2i8@R`?K z7R3M2g-p-RVRK!>AASV+-|X+nJ1-rf37xmuf{NC8w6ig?&5W;&Qc54@D4#5!O&EOH zU#vh4Eim_G9u`Q=SrG{|B5an;eSDcf^btuW(hZd3W92^pkcx8hL7Ue{D=K_*{nfY} zus{eoj%wt=7`xp1Cf=KUNL0MAa!BozMdVkVYo~@nZj6@=U^mvakc}V&K2hm94P|iU z@*e<5!WA5(a9Yb(^m@#uH{tmN!u5ThQS`lsM$; z^YK=pF_~h%jR@9PA!6CuG1Tt*FbxoNCZ4)yTGaOAFq+a})B!WIrbELEBs-4fAqvRE zMngdL5Q7K>Uk5U)l$|u8ph3TVd#*3|MY0^M-s^4NmJW6st|%c6FzRyKt{nmbAU6`0 z;@HL@0xp0fA`bKXp`9-DD(0 zO0zW*oM!4(^sL=PB2v|OSTVi9h~y#jQgQzd3)!vxqq(~jYRO}9CR~z9zV9o?Pb8e5 z`|I9MJI?RtoC4At9QPm370>T$WJ4!&g*V04rOOoMfZEM}{!@vxvq5B|5L^RcM1+ro z0bA8!vQNC1?-&JMN=gZB_L0wdQO7UES9wHc9Be8O`G3wQexwWOVtRNR^FdFL0tPw5 zT-^`1LoDTDx~~so0$S3cw*Pki&FI1TU8?BecpWKx`q~>Hti541c7Ji!q+dSV`u(`< zbO`}otGrUAtDZYCkHBckd(J|2Z>nKjS?)IH)y6suE&npT5b2_I52iKfeDond))3`2 zj?4eQ@T6PLM1ClMwcwD16uR11islCZe6vEtBPDT2W>yT}AzS_Fs|<0O_pobm!lNt6 zyIqopTN{yCu4LbhFCi78bd%Z3iPPTrVVAc*(g>z*O!LK;2QZs^X#99Ry87BCCO zs++lN&1s>1qv2(2=M~#qv~<$v*4tCMh{Pxv8Hlu6NvZ<{4M5r09E&h*xE-g+8VwTl zIe;tBaB%6dvoUP%fGcovclX0?s3o`A(=K27YjWwk;Sl;V)+v0}1^kCW4*Ir)=PJjx z>C>U!=ha$%Peh9K!+qui(}oVlqO@JxQG%i8F4~zMQEHsd|0hu@58mym))vH-4s~(Z{QS0)JKU<1s#XDF3*pnyyL-tx$O<;7Rww4 zilKI~jlpVg4F!QMP?!eeYiQ|8Hx_UiAAAT6{!UVG+F3AIJ_!Uc#J#Wc{hSZPTvjic zvBjQh-%R~qdJTRZK`T&OtO#8j!B|}31Rd&J_%YEq6koKh@W?-SunYb8VI5X6b;61k zXUbSEu40ieV&KxftxsB$KJ&vG851<(LCnd-Fjg`+SE+}BQZbBFRz55g&LDOz_dkE5 z#rOUxP68s0^2;v?dS{yMX0!1L6{D^wGoGfE^m-n)`3nrGO7YMBBFI(aJ*$J#SoMg5PA^)Hp~JE-lZz{0;ttGJxv?flvy~oD2AV?1?jy{Dx^ccOYu!m%&GYwAML2uwI}k_bMn{$GaDA6q&5FFu%1=BxyK1@2lw z$CdDF^Ut9uPoAvEJ0u`yJu$Fe%p(%C_aWL3nX0U?Ja+++SvU7C4+nnR(`DeHwCFZp zjx+zg0?Pl!DCfNRWv_m?J{XIREZAbB*wI}Ad=_+Ek;w#Hx(nQ*`9NID8`)4dPCo6F zy9i1rlZ$SAf+>mTF|QpQ2-p85Cmcp6u(!|8m1;cb)8Q4;cWr((x;5ei;7FAX7ad+dCgC#B?I>CAhKc)?sxu-nz#1%BPT z|K=9q^y=$HZUz$Q+`L|=UMtGm_ovOC$Z;^a5B2g=@;}|k#(Io$mbOaUd)PfJ3)CY_ zRkEAKM|c96oJ~TXxYsfCd6)z&ZI&Ec)z=ej+-Ipa)3K|A!Je5V;h+?_ZWQ`3gFge| zQ733-3(HiOi|ASFFm^q3Nt&d^8H|ou+YcjzfaeQV*Y?T?s8|N|;EqOL@2(|Dx+>9mh)W-Fg=BRb0X7PDK!vx4of& zwLXaffxD0!Tj};~{p_CQ3}dZY85nxOgrWlM}*nhE`gkFh3wL5qUgV#h9c&F*W-44_~~jWxMKrani68rX()&O~2# zF?|Q-J^G7I*mX*_6_;Sf{|B8|Oa{l=|4-@(xpCZ`aui-5mioW`se z=H0<i+d zz#7(b?{auXOykpYoU+*xX_e3LLGRW>C)Js=w0#1U=5-b-iYYwUh&9ir(q#yS3Suri zqfU-(azaM6!k*V)2x8b2@Aj^<|=MtZ1Hm z3Bym<53)~CExeBNO#eS#IR~7=t>r|$v@$FF9Y_{VVKDvxiUk2UO zI+zb!HWUXM#U(rjf?>lT(Gha&)MuZLm_UROl_gx7(mq>*E7}1UB1!d|rrM2*SY*r7N(02~W&AH)+2vpM-hf%#M7h;1=K=hkG0vVPBcf@K!=G{cv}{%? zKzf7(4Im8tGZB`1N$$j7N5ngn!Tn|yikS}l_imiHM#8PnoOi=hoY9~b)$(0W42HV% z@RI2SCZv=`kh+wQd>6MoBA&CPvehlA$<$=&@7LlFKy4`#W`0eKshoi{2n@qn^2=Vbf(EIq6Qtt?NDXb0brT8%PN!4Pao8B9E=LV__el54>M+eDtorlc z=jx9OkGa;w=J#r4t)`pv1CI-jkz#x?}`m_eyyMr8Ta5Cas0Sjn@q&jX-Vk zrtk)NNXFM35}hC-n2bBpN@R=uR91`EAr-wF4JI&0A13{N{iX?HR-Gux@C!dv_&p=+&x+CW@P*|_z@VEcBOr$#gerTaouxI?{ z{d~4=w#EN$V~Pd;Nf>G&+cO>OkQTKvjJp2Db^#kQtBQuA`g0;OVt0ibWB;=0ffI8V%LR z51(cb$C4(Wd2x#35o{(OdbMY5WaPMHh50IxquOOyHABGoU-lu;@?Z8*NaJD#1*{Hz zM^oZUu3TK*-1a>=TPbYB|K|RYK``g2SCmdDf0}85&dochWidO#!Q(#|Z5f*9 z5Rn2RTPHUKUjat3>CAp}OGFIW!;SVBPGTq~Z4{W0JQ$)?+znykDvh+>8K9UYZ&%qc z4jF$>Nig?Tv9|W3Y(6(eC)lU@puGpivq~6rkgR$&MU&7v|DO|dEeei0rRoU~0;fk) zPMA|tGXAfCt&s>&n}32fQ7=rAZ_$as1UGw$1!$JQ8_wy6Qu1djnI|)*{D5`-+7~LQf?&rE(TcR14_&U)slAZw0yTd{ZPcY9t}DZ{7Fra z8Zl;9m%8~D^=j$~nJKu!j0#!TQ%#u8C7mxnyW2r;sfSb6a6Qjo1~)xZVT zd2iKn|EsLK3~Pd2;{XoA6lDk#X^>Pv=?0}k5C-B)DKSczzwy|dampK`h5F6|NH->Mr{&>%*;cCl@a5jgab4vC>Op+ zuH-ywkiZ4XXx$BAF(0KkGcRXL*fKA_EVF}nF%3`_#z;bu1F`}^zZhh4n-`fi-s9>g zyq`G)L{YpSr?z$81IzDfSC5)qQcUVK)R3%A*o-eT#luk}b=uQ+3&Pox1Z;i3|FuT* zzg*@Mu{)wTl};$IXLz8&rw^GRP4do$zvi&d1o)G!>%yp4se5b)KFgg^4W=$E>gxmhm%bK=_Zpj4 zYNr4@?yjgQq^Oxu^`)9E*Ah|#XpIM^he}B90}XY|KaDozho;!1 zp?KnGsCt`9>6&hTe}<`NI9Hlw8ib;kXIC$C(6#Zf-q8bg$z*w{V$Ke*R3Q;jSFf(G zRzt};%qXy8$MiCnPrsXFg+kCoCpZQvY#PPUqL9Ui3(Q<^wmnS`FtEy6zJB&f@~+z& z5^Ip384T(g=4{sI|4=R4Da%yK9JaZ_A9q98Ri0>4zI+x$ld^mp_F!x?Q-O|8&cv?6 z-GUK327ZbyORX~Kt+m~J+syyjTX$RxBCj0Ve7d}*2prWxwj4%jyn!lP0Dq^_Bm3KD zwlj#4^iAkvVkAA81}=(S9X7Rf=6Q{hdT__RmrG2=Lw`1W@VKr;a}3ramY^SCDy zXz7iB57Z^jvtH6pxm3vC_aYdoV^Y!A&<4?%Y$0Qx+~|lq36Pi#Mm8uY0XH(+Bzd8B6yt%5^b{A9?7P8te&=l}V7eqw=!~`qYy6qOVz2 z@cffPg2^+VfwUZ*{c zWINdH!zurmtR@8hY{%SP)3}hMbSSO6u&vy#xt2M2DHP;{dL1AXESIhD-y}u)_%D*8 zjr_*Ap~~`&0GqQyyK92zKLb5Sdivj@Zbxh3W* zhvdZ0%K=x9FAYPhsn;%ah$aP7lrMZjE2@1hfOaSgH4#Y}&MmSRtsmEUyoDNedL=a0 zaX=FfGEVq4Xua8vph)9v9b0%*RyB$5xT+VKh-vUo&d9W>Q*a#4CR{(a&qJN*`A_JDPc$BYDK&N^&C6 z=o*c!Up77A{91o&C_gy+YJONrwA`9q>+0#BnzdxkoXRiHKLe`%odG7}QycIE=;i9R z%||;jymuGqvCbMaYiOjGgpbgUgIiY8ivb^(9OZWm3Su7^!X825 z2a#-}bJrbVQMaY&3X|8=W6^@zEKW5~pI%u;7rcmDOa)mWdLx=5Gd|E5q*2s}!PkX; z)RUR%6T7u5!)YYogO7>D(9}un=*3~hJ=81yi(LNds^r}AgP)Zq6+UwUqs$w9EUOMA z5RaVsy1a_uG>YwT8S z!lO*`x!3g2h)(x$_ z^~7fnbm(yOV?$%BFK?x|x^h%PgVgiQq$O7M z4VFN{na8gT#tP>7Inv60HaZ!a7TdQ&f-}r}NPpZXKbG+J!eXfCW|>ydq@lZ45?l=3 zj`?IhdA!>QhnKnfV>Hph4^wzTsmcd|O}x@fbaj47daACI#X3tvVVKtM25-faXmVQ7?3Vc);j`Nw|mV|H`> zG7Z`GNfN)7Y!+8br|*YD=oxCI1!7EG!5Lh58Fa8*y5LHtvC~Za*=kDHLYyKPN2d!N zGBI#Z`cPk4W}50x-qj&zBIEtMTs&gZ-?gXMY(Nfn*m$j#jaid&dHt=(qyqhhDLF1s z-jPA2kurBWWMEST>d9IAu3sn^{_l}bC2`V7GuhoZt4py#fcIlxN2fVB36IBcgL?A2 zB6*5GoA_RFW+nE~5wmKuU;JZZW2G+;ry~oq7n?Xj^U?CV%9!S()$MIU47=~%9`PL5 zW~-e(x+#X8_r%t_IJ(2KyLJF_WAXHT5kB2}R#buAuR4S9H-sZH)_tw|BGi*##+8zB zYu%{TIsDF<;Z+P0%cyLc6^%OhERr%Ot9m7kgVM(ad2%uKqrJyDw=r0Z>#+(`+B!I^ z?_9PA!-0V0&}O!8e(M5u7<~QI6~Fv&>!RTVk#HnDPjNnbUiIu&@kPx=qValB88jxp zhbu^c#EtMn&B7i*&FlUea{!AkTy+(~6K5CA2LPWSz*2~sy`J9E3=b_U`D}0}Is4D~ oz>6knOgt#I3+LOvu{j~%Xn#;Ef5A&aa&hrSMwf-;{3^-60BmvZ-T(jq literal 0 HcmV?d00001 diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 1451599..cf86131 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -5,4 +5,3 @@ resources: - manifests/00-namespaces.yaml - manifests/10-repository.yaml - manifests/20-dev.yaml - - manifests/20-prod.yaml From c553b5cbaec81311bec2449d1a0a944efc4d3357 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:39:35 +1000 Subject: [PATCH 021/148] Add namespace to externaldns --- charts/dns/templates/externaldns.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/dns/templates/externaldns.yaml b/charts/dns/templates/externaldns.yaml index 814af6c..22595c4 100644 --- a/charts/dns/templates/externaldns.yaml +++ b/charts/dns/templates/externaldns.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: external-dns + namespace: {{ .Release.Namespace }} rules: - apiGroups: [""] resources: ["services","endpoints","pods"] @@ -18,6 +19,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: external-dns-viewer + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -30,11 +32,13 @@ apiVersion: v1 kind: ServiceAccount metadata: name: external-dns + namespace: {{ .Release.Namespace }} --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns + namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: From 4b209f4649637dd7a8f1b518f438113b33ec3958 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:39:50 +1000 Subject: [PATCH 022/148] Add namespace to bind master --- charts/dns/templates/bind-master.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/dns/templates/bind-master.yaml b/charts/dns/templates/bind-master.yaml index 4d3328c..3facb5b 100644 --- a/charts/dns/templates/bind-master.yaml +++ b/charts/dns/templates/bind-master.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: bind-master-config + namespace: {{ .Release.Namespace }} data: named.conf: | include "/etc/bind/externaldns-key.conf"; @@ -51,6 +52,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: bind-master + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: @@ -120,6 +122,7 @@ apiVersion: v1 kind: Service metadata: name: bind-master + namespace: {{ .Release.Namespace }} spec: type: ClusterIP selector: From 7363b6db542e3764c194e6fbc5961495811b0ff5 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:47:26 +1000 Subject: [PATCH 023/148] Remove dev. Use prod. --- deployments/kustomization.yaml | 2 +- deployments/manifests/10-repository.yaml | 28 +++++++++---------- deployments/manifests/20-dev.yaml | 34 ++++++++++++------------ 3 files changed, 32 insertions(+), 32 deletions(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index cf86131..e3a13ed 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -4,4 +4,4 @@ kind: Kustomization resources: - manifests/00-namespaces.yaml - manifests/10-repository.yaml - - manifests/20-dev.yaml + - manifests/20-prod.yaml diff --git a/deployments/manifests/10-repository.yaml b/deployments/manifests/10-repository.yaml index caab7b9..c40cd44 100644 --- a/deployments/manifests/10-repository.yaml +++ b/deployments/manifests/10-repository.yaml @@ -1,17 +1,17 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: home-server-prod - namespace: flux-system -spec: - interval: 1m - url: ssh://git@repobase.net/j/home-server.git - secretRef: - name: flux-ssh - ref: - branch: main - +#--- +#apiVersion: source.toolkit.fluxcd.io/v1beta2 +#kind: GitRepository +#metadata: +# name: home-server-prod +# namespace: flux-system +#spec: +# interval: 1m +# url: ssh://git@repobase.net/j/home-server.git +# secretRef: +# name: flux-ssh +# ref: +# branch: main +# --- apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: GitRepository diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml index a904cd0..3edd87f 100644 --- a/deployments/manifests/20-dev.yaml +++ b/deployments/manifests/20-dev.yaml @@ -1,17 +1,17 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: home-server-dev - namespace: home-server-dev -spec: - interval: 1m - chart: - spec: - chart: ./ - sourceRef: - kind: GitRepository - name: home-server-dev - namespace: flux-system - values: - mariadbNamespace: mariadb-db-dev +#--- +#apiVersion: helm.toolkit.fluxcd.io/v2beta1 +#kind: HelmRelease +#metadata: +# name: home-server-dev +# namespace: home-server-dev +#spec: +# interval: 1m +# chart: +# spec: +# chart: ./ +# sourceRef: +# kind: GitRepository +# name: home-server-dev +# namespace: flux-system +# values: +# mariadbNamespace: mariadb-db-dev From 2f4345783dae689faf9f3a4012f3681a153797e1 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:48:20 +1000 Subject: [PATCH 024/148] Switch prod and dev for consistency in format --- deployments/manifests/10-repository.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deployments/manifests/10-repository.yaml b/deployments/manifests/10-repository.yaml index c40cd44..919c5ca 100644 --- a/deployments/manifests/10-repository.yaml +++ b/deployments/manifests/10-repository.yaml @@ -2,7 +2,7 @@ #apiVersion: source.toolkit.fluxcd.io/v1beta2 #kind: GitRepository #metadata: -# name: home-server-prod +# name: home-server-dev # namespace: flux-system #spec: # interval: 1m @@ -10,13 +10,12 @@ # secretRef: # name: flux-ssh # ref: -# branch: main -# +# branch: dev --- apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: GitRepository metadata: - name: home-server-dev + name: home-server-prod namespace: flux-system spec: interval: 1m @@ -24,4 +23,5 @@ spec: secretRef: name: flux-ssh ref: - branch: dev + branch: main + From fcda90f014a09d2997bcdf7af6f7d3aede47e86c Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:51:45 +1000 Subject: [PATCH 025/148] Fix values declaration --- deployments/manifests/20-prod.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index 43225e6..abdc815 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -13,5 +13,5 @@ spec: kind: GitRepository name: home-server-prod namespace: flux-system - values: - mariadbNamespace: mariadb-db + values: + mariadbNamespace: mariadb-db From c091ec8a14bb0fca4efbf7e6bba699d09b3e2a6e Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:54:27 +1000 Subject: [PATCH 026/148] Namespace rename to not be so long. --- deployments/manifests/00-namespaces.yaml | 2 +- deployments/manifests/10-repository.yaml | 2 +- deployments/manifests/20-prod.yaml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/deployments/manifests/00-namespaces.yaml b/deployments/manifests/00-namespaces.yaml index 6b84b30..f2b0bba 100644 --- a/deployments/manifests/00-namespaces.yaml +++ b/deployments/manifests/00-namespaces.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: - name: home-server-prod + name: hsp-system --- apiVersion: v1 kind: Namespace diff --git a/deployments/manifests/10-repository.yaml b/deployments/manifests/10-repository.yaml index 919c5ca..c829c71 100644 --- a/deployments/manifests/10-repository.yaml +++ b/deployments/manifests/10-repository.yaml @@ -15,7 +15,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: GitRepository metadata: - name: home-server-prod + name: hsp-system namespace: flux-system spec: interval: 1m diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index abdc815..d00bf1d 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -2,8 +2,8 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: home-server-prod - namespace: home-server-prod + name: hsp-system + namespace: hsp-system spec: interval: 1m chart: @@ -11,7 +11,7 @@ spec: chart: ./ sourceRef: kind: GitRepository - name: home-server-prod + name: hsp-system namespace: flux-system values: mariadbNamespace: mariadb-db From 7fa37cb93ef13aa01a90a15c8566aaae79c8ea91 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:56:54 +1000 Subject: [PATCH 027/148] Name this release after the release --- deployments/manifests/20-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml index d00bf1d..6b9102c 100644 --- a/deployments/manifests/20-prod.yaml +++ b/deployments/manifests/20-prod.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: hsp-system + name: hsp-release namespace: hsp-system spec: interval: 1m From 3b7e8cb30724e36e1cdc37f6c1ccc74caa44062b Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:57:57 +1000 Subject: [PATCH 028/148] Split repos into their own file --- deployments/kustomization.yaml | 2 +- deployments/manifests/10-repo-dev.yaml | 13 ++++++++++++ deployments/manifests/10-repo-prod.yaml | 14 ++++++++++++ deployments/manifests/10-repository.yaml | 27 ------------------------ 4 files changed, 28 insertions(+), 28 deletions(-) create mode 100644 deployments/manifests/10-repo-dev.yaml create mode 100644 deployments/manifests/10-repo-prod.yaml delete mode 100644 deployments/manifests/10-repository.yaml diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index e3a13ed..c0e6ab1 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -3,5 +3,5 @@ kind: Kustomization resources: - manifests/00-namespaces.yaml - - manifests/10-repository.yaml + - manifests/10-repo-prod.yaml - manifests/20-prod.yaml diff --git a/deployments/manifests/10-repo-dev.yaml b/deployments/manifests/10-repo-dev.yaml new file mode 100644 index 0000000..fd83749 --- /dev/null +++ b/deployments/manifests/10-repo-dev.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: GitRepository +metadata: + name: home-server-dev + namespace: flux-system +spec: + interval: 1m + url: ssh://git@repobase.net/j/home-server.git + secretRef: + name: flux-ssh + ref: + branch: dev diff --git a/deployments/manifests/10-repo-prod.yaml b/deployments/manifests/10-repo-prod.yaml new file mode 100644 index 0000000..157c0bd --- /dev/null +++ b/deployments/manifests/10-repo-prod.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: GitRepository +metadata: + name: hsp-system + namespace: flux-system +spec: + interval: 1m + url: ssh://git@repobase.net/j/home-server.git + secretRef: + name: flux-ssh + ref: + branch: main + diff --git a/deployments/manifests/10-repository.yaml b/deployments/manifests/10-repository.yaml deleted file mode 100644 index c829c71..0000000 --- a/deployments/manifests/10-repository.yaml +++ /dev/null @@ -1,27 +0,0 @@ -#--- -#apiVersion: source.toolkit.fluxcd.io/v1beta2 -#kind: GitRepository -#metadata: -# name: home-server-dev -# namespace: flux-system -#spec: -# interval: 1m -# url: ssh://git@repobase.net/j/home-server.git -# secretRef: -# name: flux-ssh -# ref: -# branch: dev ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: hsp-system - namespace: flux-system -spec: - interval: 1m - url: ssh://git@repobase.net/j/home-server.git - secretRef: - name: flux-ssh - ref: - branch: main - From d150842efd848a199bb36a6d74fcf62d8831a558 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 09:58:30 +1000 Subject: [PATCH 029/148] Rename helmrelease files to hrel --- deployments/kustomization.yaml | 2 +- deployments/manifests/{20-dev.yaml => 20-hrel-dev.yaml} | 0 deployments/manifests/{20-prod.yaml => 20-hrel-prod.yaml} | 0 3 files changed, 1 insertion(+), 1 deletion(-) rename deployments/manifests/{20-dev.yaml => 20-hrel-dev.yaml} (100%) rename deployments/manifests/{20-prod.yaml => 20-hrel-prod.yaml} (100%) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index c0e6ab1..78a6183 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -4,4 +4,4 @@ kind: Kustomization resources: - manifests/00-namespaces.yaml - manifests/10-repo-prod.yaml - - manifests/20-prod.yaml + - manifests/20-hrel-prod.yaml diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-hrel-dev.yaml similarity index 100% rename from deployments/manifests/20-dev.yaml rename to deployments/manifests/20-hrel-dev.yaml diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-hrel-prod.yaml similarity index 100% rename from deployments/manifests/20-prod.yaml rename to deployments/manifests/20-hrel-prod.yaml From db2e311c93a5156bdf62de1e9bfa9933409f5084 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 10:00:18 +1000 Subject: [PATCH 030/148] Target specific namespace --- charts/dns/templates/externaldns.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/dns/templates/externaldns.yaml b/charts/dns/templates/externaldns.yaml index 22595c4..0b0085d 100644 --- a/charts/dns/templates/externaldns.yaml +++ b/charts/dns/templates/externaldns.yaml @@ -27,6 +27,7 @@ roleRef: subjects: - kind: ServiceAccount name: external-dns + namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: ServiceAccount From 6040dfac45410e7ad8bcce3432857c7d76ec40ab Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 10:03:19 +1000 Subject: [PATCH 031/148] remove all resources because nuke. --- deployments/kustomization.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 78a6183..8525795 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,6 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - manifests/00-namespaces.yaml - - manifests/10-repo-prod.yaml - - manifests/20-hrel-prod.yaml From ffdfd52c239325a6c6f11a01800a6b83b50f6fe3 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 10:07:21 +1000 Subject: [PATCH 032/148] Re-add --- deployments/kustomization.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 8525795..78a6183 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,3 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - manifests/00-namespaces.yaml + - manifests/10-repo-prod.yaml + - manifests/20-hrel-prod.yaml From d2cfbfd45b1e0d3e70ad3c8307afcbfefe29de80 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:08:26 +1000 Subject: [PATCH 033/148] Add cert-manager as dependency --- charts/subcharts/Chart.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/subcharts/Chart.yaml b/charts/subcharts/Chart.yaml index 24c4e23..8c79440 100644 --- a/charts/subcharts/Chart.yaml +++ b/charts/subcharts/Chart.yaml @@ -8,3 +8,6 @@ dependencies: - name: mariadb-operator version: 0.38.1 repository: https://helm.mariadb.com/mariadb-operator + - name: cert-manager + version: v1.18.2 + repository: https://charts.jetstack.io From 27006f8fb795ca4ec1f405426078419c91f84e8b Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:19:56 +1000 Subject: [PATCH 034/148] Add cert-manager. Hail mary tbh. --- charts/subcharts/templates/cart-manager.yaml | 39 ++++++++++++++++++++ values.yaml | 6 +++ 2 files changed, 45 insertions(+) create mode 100644 charts/subcharts/templates/cart-manager.yaml create mode 100644 values.yaml diff --git a/charts/subcharts/templates/cart-manager.yaml b/charts/subcharts/templates/cart-manager.yaml new file mode 100644 index 0000000..89d09b6 --- /dev/null +++ b/charts/subcharts/templates/cart-manager.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-rfc2136 +spec: + acme: + email: {{ .Values.ssl.email }} + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-rfc2136 + solvers: + - dns01: + rfc2136: + nameserver: hawke.hxst.com.au:53 + tsigKeyName: "hxme-update-key" + tsigAlgorithm: HMACSHA512 + tsigSecretSecretRef: + name: hxme-update-key + key: hxme-update-key +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Values.ssl.secret_name }} + namespace: {{ .Release.Namespace }} +spec: + secretName: {{ .Values.ssl.secret_name }} + secretTemplate: + annotations: + replicator.v1.mittwald.de/replication-allowed: "true" + issuerRef: + name: letsencrypt-rfc2136 + kind: ClusterIssuer + commonName: "{{ .Values.global.domain }}" + dnsNames: + - "{{ .Values.global.domain }}" + - "*.{‌{ .Values.global.domain }}" + diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..f777320 --- /dev/null +++ b/values.yaml @@ -0,0 +1,6 @@ +global: + domain: hxme.net + +ssl: + secret_name: wildcard-hxme-net + email: admin@hxme.net From c2016332501587834bcdf4d04af2b2fc4330603c Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:26:46 +1000 Subject: [PATCH 035/148] Changes as per GPT recommendation --- charts/subcharts/templates/cart-manager.yaml | 39 ------------------- charts/subcharts/templates/cert-manager.yaml | 40 ++++++++++++++++++++ values.yaml | 14 +++++-- 3 files changed, 51 insertions(+), 42 deletions(-) delete mode 100644 charts/subcharts/templates/cart-manager.yaml create mode 100644 charts/subcharts/templates/cert-manager.yaml diff --git a/charts/subcharts/templates/cart-manager.yaml b/charts/subcharts/templates/cart-manager.yaml deleted file mode 100644 index 89d09b6..0000000 --- a/charts/subcharts/templates/cart-manager.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-rfc2136 -spec: - acme: - email: {{ .Values.ssl.email }} - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-rfc2136 - solvers: - - dns01: - rfc2136: - nameserver: hawke.hxst.com.au:53 - tsigKeyName: "hxme-update-key" - tsigAlgorithm: HMACSHA512 - tsigSecretSecretRef: - name: hxme-update-key - key: hxme-update-key ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Values.ssl.secret_name }} - namespace: {{ .Release.Namespace }} -spec: - secretName: {{ .Values.ssl.secret_name }} - secretTemplate: - annotations: - replicator.v1.mittwald.de/replication-allowed: "true" - issuerRef: - name: letsencrypt-rfc2136 - kind: ClusterIssuer - commonName: "{{ .Values.global.domain }}" - dnsNames: - - "{{ .Values.global.domain }}" - - "*.{‌{ .Values.global.domain }}" - diff --git a/charts/subcharts/templates/cert-manager.yaml b/charts/subcharts/templates/cert-manager.yaml new file mode 100644 index 0000000..a13f295 --- /dev/null +++ b/charts/subcharts/templates/cert-manager.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.global.issuerName }} +spec: + acme: + email: {{ .Values.global.email | quote }} + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: {{ .Values.global.issuerName }} + solvers: + - dns01: + rfc2136: + nameserver: {{ .Values.rfc2136.nameserver | quote }} + tsigKeyName: {{ .Values.rfc2136.tsigKeyName | quote }} + tsigAlgorithm: {{ .Values.rfc2136.tsigAlgorithm | quote }} + tsigSecretSecretRef: + name: {{ .Values.rfc2136.tsigSecretName | quote }} + key: {{ .Values.rfc2136.tsigSecretKey | quote }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-{{ .Values.global.domain | replace "." "-" }} + namespace: {{ .Values.global.namespace }} +spec: + secretName: wildcard-{{ .Values.global.domain | replace "." "-" }} + secretTemplate: + annotations: + replicator.v1.mittwald.de/replication-allowed: "true" + replicator.v1.mittwald.de/replicate-to: "{{ .Values.replicatorNamespaces }}" + issuerRef: + name: {{ .Values.global.issuerName }} + kind: ClusterIssuer + commonName: {{ .Values.global.domain | quote }} + dnsNames: + - {{ .Values.global.domain | quote }} + - "*."{{ .Values.global.domain | quote }} + diff --git a/values.yaml b/values.yaml index f777320..25b6ed3 100644 --- a/values.yaml +++ b/values.yaml @@ -1,6 +1,14 @@ global: domain: hxme.net - -ssl: - secret_name: wildcard-hxme-net + namespace: cert-manager + issuerName: letsencrypt-rfc2136 email: admin@hxme.net + +rfc2136: + nameserver: hawke.hxst.com.au:53 + tsigKeyName: hxme-update-key + tsigAlgorithm: HMACSHA512 + tsigSecretName: hxme-update-key + tsigSecretKey: hxme-update-key + +replicatorNamespaces: "monitoring,authentik,nextcloud" From 8f01bcbde07a73f759b221f36cce2219ca831b56 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:30:38 +1000 Subject: [PATCH 036/148] Copy nextcloud over from original manifest. Not helmified. --- charts/nextcloud/Chart.yaml | 5 + charts/nextcloud/templates/nextcloud.yaml | 136 ++++++++++++++++++++++ charts/nextcloud/values.yaml | 0 3 files changed, 141 insertions(+) create mode 100644 charts/nextcloud/Chart.yaml create mode 100644 charts/nextcloud/templates/nextcloud.yaml create mode 100644 charts/nextcloud/values.yaml diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml new file mode 100644 index 0000000..e08ae17 --- /dev/null +++ b/charts/nextcloud/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: home-server-nextcloud +description: Deploys the Nextcloud setup +type: application +version: 0.1.0 diff --git a/charts/nextcloud/templates/nextcloud.yaml b/charts/nextcloud/templates/nextcloud.yaml new file mode 100644 index 0000000..539925b --- /dev/null +++ b/charts/nextcloud/templates/nextcloud.yaml @@ -0,0 +1,136 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nextcloud-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/temp/Nextcloud +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-pvc + namespace: nextcloud +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 10Gi + volumeName: nextcloud-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud + namespace: nextcloud +spec: + ports: + - port: 80 + selector: + app: nextcloud +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: nextcloud +spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + selector: + matchLabels: + app: nextcloud + template: + metadata: + labels: + app: nextcloud + spec: + containers: + - name: nextcloud + image: nextcloud:29 + env: + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-secrets + key: MYSQL_PASSWORD + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + - name: MYSQL_HOST + value: mariadb + ports: + - containerPort: 80 + volumeMounts: + - name: nextcloud-data + mountPath: /var/www/html + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + volumes: + - name: nextcloud-data + persistentVolumeClaim: + claimName: nextcloud-pvc +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: nextcloud-db + namespace: nextcloud +spec: + rootPasswordSecretKeyRef: + name: nextcloud-secrets + key: MYSQL_ROOT_PASSWORD + database: nextcloud + username: nextcloud + passwordSecretKeyRef: + name: nextcloud-secrets + key: MYSQL_PASSWORD + image: mariadb:10.11 + storage: + size: 5Gi +--- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: nextcloud + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + namespace: nextcloud + annotations: + external-dns.alpha.kubernetes.io/hostname: nc.hxme.net +spec: + tls: + - hosts: + - nc.hxme.net + secretName: wildcard-hxme-net + rules: + - host: nc.hxme.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml new file mode 100644 index 0000000..e69de29 From b3b5d48d8a586d6bbc57bd3184816951f2f192fe Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:39:03 +1000 Subject: [PATCH 037/148] Forgot to add nextcloud to be deployed --- Chart.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index d6c6e0b..7991e33 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -12,3 +12,6 @@ dependencies: - name: dns version: 0.1.0 repository: "file://charts/dns" + - name: nextcloud + version: 0.1.0 + repository: "file://charts/nextcloud" From 2b1ccd960ef7f53e945fb41b49147a043c9c9487 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:50:14 +1000 Subject: [PATCH 038/148] Remove to clean slate - nc failing --- deployments/kustomization.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 78a6183..8525795 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,6 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - manifests/00-namespaces.yaml - - manifests/10-repo-prod.yaml - - manifests/20-hrel-prod.yaml From 9a4a80792c6efac7fe84987f189a358018d9451e Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:54:19 +1000 Subject: [PATCH 039/148] Re-add to re-apply. Basically reboot. --- deployments/kustomization.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 8525795..78a6183 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,3 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - manifests/00-namespaces.yaml + - manifests/10-repo-prod.yaml + - manifests/20-hrel-prod.yaml From 464135d975a918835f9801c197e31c878e52b9be Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:57:00 +1000 Subject: [PATCH 040/148] Nextcloud to target namespace --- charts/nextcloud/templates/nextcloud.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/charts/nextcloud/templates/nextcloud.yaml b/charts/nextcloud/templates/nextcloud.yaml index 539925b..a6ae33e 100644 --- a/charts/nextcloud/templates/nextcloud.yaml +++ b/charts/nextcloud/templates/nextcloud.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: PersistentVolume metadata: name: nextcloud-pv + namespace: {{ .Release.Namespace }} spec: capacity: storage: 10Gi @@ -17,7 +18,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-pvc - namespace: nextcloud + namespace: {{ .Release.Namespace }} spec: accessModes: - ReadWriteOnce @@ -31,7 +32,7 @@ apiVersion: v1 kind: Service metadata: name: nextcloud - namespace: nextcloud + namespace: {{ .Release.Namespace }} spec: ports: - port: 80 @@ -42,7 +43,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud - namespace: nextcloud + namespace: {{ .Release.Namespace }} spec: securityContext: runAsUser: 1000 @@ -89,7 +90,7 @@ apiVersion: k8s.mariadb.com/v1alpha1 kind: MariaDB metadata: name: nextcloud-db - namespace: nextcloud + namespace: {{ .Release.Namespace }} spec: rootPasswordSecretKeyRef: name: nextcloud-secrets @@ -107,7 +108,7 @@ apiVersion: v1 kind: Secret metadata: name: wildcard-hxme-net - namespace: nextcloud + namespace: {{ .Release.Namespace }} annotations: replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net --- @@ -115,7 +116,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nextcloud - namespace: nextcloud + namespace: {{ .Release.Namespace }} annotations: external-dns.alpha.kubernetes.io/hostname: nc.hxme.net spec: From bce94b467e824d49099cf6299790e111a198b8f2 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:57:34 +1000 Subject: [PATCH 041/148] reboot - remove --- deployments/kustomization.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 78a6183..8525795 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,6 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - manifests/00-namespaces.yaml - - manifests/10-repo-prod.yaml - - manifests/20-hrel-prod.yaml From d39d3035111b7b7c407c82d1da67452c7f3b1878 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:57:48 +1000 Subject: [PATCH 042/148] reboot - readd --- deployments/kustomization.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 8525795..78a6183 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,3 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - manifests/00-namespaces.yaml + - manifests/10-repo-prod.yaml + - manifests/20-hrel-prod.yaml From 152c52164418c87d0647412e27985e1e454c46c4 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 12:02:52 +1000 Subject: [PATCH 043/148] remove values --- deployments/manifests/20-hrel-prod.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deployments/manifests/20-hrel-prod.yaml b/deployments/manifests/20-hrel-prod.yaml index 6b9102c..ee0a4dc 100644 --- a/deployments/manifests/20-hrel-prod.yaml +++ b/deployments/manifests/20-hrel-prod.yaml @@ -13,5 +13,3 @@ spec: kind: GitRepository name: hsp-system namespace: flux-system - values: - mariadbNamespace: mariadb-db From 0786edbeade2567352b5d0263b0b7093f0d31328 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 12:23:43 +1000 Subject: [PATCH 044/148] Reference globals instead --- charts/subcharts/templates/cert-manager.yaml | 14 +++++++------- values.yaml | 15 ++++++++------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/charts/subcharts/templates/cert-manager.yaml b/charts/subcharts/templates/cert-manager.yaml index a13f295..febb491 100644 --- a/charts/subcharts/templates/cert-manager.yaml +++ b/charts/subcharts/templates/cert-manager.yaml @@ -12,12 +12,12 @@ spec: solvers: - dns01: rfc2136: - nameserver: {{ .Values.rfc2136.nameserver | quote }} - tsigKeyName: {{ .Values.rfc2136.tsigKeyName | quote }} - tsigAlgorithm: {{ .Values.rfc2136.tsigAlgorithm | quote }} + nameserver: {{ .Values.global.rfc2136.nameserver | quote }} + tsigKeyName: {{ .Values.global.rfc2136.tsigKeyName | quote }} + tsigAlgorithm: {{ .Values.global.rfc2136.tsigAlgorithm | quote }} tsigSecretSecretRef: - name: {{ .Values.rfc2136.tsigSecretName | quote }} - key: {{ .Values.rfc2136.tsigSecretKey | quote }} + name: {{ .Values.global.rfc2136.tsigSecretName | quote }} + key: {{ .Values.global.rfc2136.tsigSecretKey | quote }} --- apiVersion: cert-manager.io/v1 kind: Certificate @@ -29,12 +29,12 @@ spec: secretTemplate: annotations: replicator.v1.mittwald.de/replication-allowed: "true" - replicator.v1.mittwald.de/replicate-to: "{{ .Values.replicatorNamespaces }}" + replicator.v1.mittwald.de/replicate-to: "{{ .Values.global.replicatorNamespaces }}" issuerRef: name: {{ .Values.global.issuerName }} kind: ClusterIssuer commonName: {{ .Values.global.domain | quote }} dnsNames: - {{ .Values.global.domain | quote }} - - "*."{{ .Values.global.domain | quote }} + - "*.{{ .Values.global.domain }}" diff --git a/values.yaml b/values.yaml index 25b6ed3..6f807c6 100644 --- a/values.yaml +++ b/values.yaml @@ -4,11 +4,12 @@ global: issuerName: letsencrypt-rfc2136 email: admin@hxme.net -rfc2136: - nameserver: hawke.hxst.com.au:53 - tsigKeyName: hxme-update-key - tsigAlgorithm: HMACSHA512 - tsigSecretName: hxme-update-key - tsigSecretKey: hxme-update-key + rfc2136: + nameserver: hawke.hxst.com.au:53 + tsigKeyName: hxme-update-key + tsigAlgorithm: HMACSHA512 + tsigSecretName: hxme-update-key + tsigSecretKey: hxme-update-key + + replicatorNamespaces: "monitoring,authentik,nextcloud" -replicatorNamespaces: "monitoring,authentik,nextcloud" From 950012fa3d20b5e73943d97f005e92e1f7f56a47 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 13:56:45 +1000 Subject: [PATCH 045/148] Difficult bit into kust. Strip mariadb from helm. --- charts/subcharts/Chart.yaml | 6 -- charts/subcharts/templates/cert-manager.yaml | 4 +- deployments/kustomization.yaml | 4 +- deployments/manifests/20-hrel-mariadb.yaml | 56 +++++++++++ deployments/manifests/20-hrel-replicator.yaml | 99 +++++++++++++++++++ .../{20-hrel-dev.yaml => 30-hrel-dev.yaml} | 0 .../{20-hrel-prod.yaml => 30-hrel-prod.yaml} | 0 values.yaml | 1 + 8 files changed, 161 insertions(+), 9 deletions(-) create mode 100644 deployments/manifests/20-hrel-mariadb.yaml create mode 100644 deployments/manifests/20-hrel-replicator.yaml rename deployments/manifests/{20-hrel-dev.yaml => 30-hrel-dev.yaml} (100%) rename deployments/manifests/{20-hrel-prod.yaml => 30-hrel-prod.yaml} (100%) diff --git a/charts/subcharts/Chart.yaml b/charts/subcharts/Chart.yaml index 8c79440..5bd7f27 100644 --- a/charts/subcharts/Chart.yaml +++ b/charts/subcharts/Chart.yaml @@ -2,12 +2,6 @@ apiVersion: v2 name: home-server-subcharts version: 0.1.0 dependencies: - - name: mariadb-operator-crds - version: 0.38.1 - repository: https://helm.mariadb.com/mariadb-operator - - name: mariadb-operator - version: 0.38.1 - repository: https://helm.mariadb.com/mariadb-operator - name: cert-manager version: v1.18.2 repository: https://charts.jetstack.io diff --git a/charts/subcharts/templates/cert-manager.yaml b/charts/subcharts/templates/cert-manager.yaml index febb491..ebe0c26 100644 --- a/charts/subcharts/templates/cert-manager.yaml +++ b/charts/subcharts/templates/cert-manager.yaml @@ -22,10 +22,10 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: wildcard-{{ .Values.global.domain | replace "." "-" }} + name: {{ .Values.global.ssl_secret_name }} namespace: {{ .Values.global.namespace }} spec: - secretName: wildcard-{{ .Values.global.domain | replace "." "-" }} + secretName: {{ .Values.global.ssl_secret_name }} secretTemplate: annotations: replicator.v1.mittwald.de/replication-allowed: "true" diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 78a6183..9b9016c 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -4,4 +4,6 @@ kind: Kustomization resources: - manifests/00-namespaces.yaml - manifests/10-repo-prod.yaml - - manifests/20-hrel-prod.yaml + - manifests/20-hrel-mariadb.yaml + - manifests/20-hrel-replicator.yaml + - manifests/30-hrel-prod.yaml diff --git a/deployments/manifests/20-hrel-mariadb.yaml b/deployments/manifests/20-hrel-mariadb.yaml new file mode 100644 index 0000000..26f7f39 --- /dev/null +++ b/deployments/manifests/20-hrel-mariadb.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: mariadb-system +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: mariadb-operator + namespace: flux-system +spec: + url: https://helm.mariadb.com/mariadb-operator + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator-crds + namespace: mariadb-system +spec: + interval: 30m + chart: + spec: + chart: mariadb-operator-crds + version: 0.38.1 + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + install: + createNamespace: true + upgrade: + disableWait: true + timeout: 5m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator + namespace: mariadb-system +spec: + interval: 30m + chart: + spec: + chart: mariadb-operator + version: 0.38.1 + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + install: + createNamespace: true + dependsOn: + - name: mariadb-operator-crds + namespace: mariadb-system diff --git a/deployments/manifests/20-hrel-replicator.yaml b/deployments/manifests/20-hrel-replicator.yaml new file mode 100644 index 0000000..13d4606 --- /dev/null +++ b/deployments/manifests/20-hrel-replicator.yaml @@ -0,0 +1,99 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubernetes-replicator +rules: + - apiGroups: ["", "apps", "extensions"] + resources: + - secrets + - configmaps + - roles + - rolebindings + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + - namespaces + - serviceaccounts + verbs: ["*"] + - apiGroups: ["batch"] + resources: + - configmaps + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + verbs: ["*"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - roles + - rolebindings + - clusterrolebindings + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-replicator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-replicator +subjects: + - kind: ServiceAccount + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: mittwald + namespace: flux-system +spec: + url: https://helm.mittwald.de + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: kubernetes-replicator + namespace: kube-system +spec: + interval: 5m + chart: + spec: + chart: kubernetes-replicator + sourceRef: + kind: HelmRepository + name: mittwald + namespace: flux-system + install: + createNamespace: false + upgrade: + disableWait: false + values: + serviceAccount: + create: false + name: kubernetes-replicator + diff --git a/deployments/manifests/20-hrel-dev.yaml b/deployments/manifests/30-hrel-dev.yaml similarity index 100% rename from deployments/manifests/20-hrel-dev.yaml rename to deployments/manifests/30-hrel-dev.yaml diff --git a/deployments/manifests/20-hrel-prod.yaml b/deployments/manifests/30-hrel-prod.yaml similarity index 100% rename from deployments/manifests/20-hrel-prod.yaml rename to deployments/manifests/30-hrel-prod.yaml diff --git a/values.yaml b/values.yaml index 6f807c6..c51a95c 100644 --- a/values.yaml +++ b/values.yaml @@ -1,5 +1,6 @@ global: domain: hxme.net + ssl_secret_name: wildcard-hxme-net namespace: cert-manager issuerName: letsencrypt-rfc2136 email: admin@hxme.net From 76f617f3fe81fc7949e89abc870d486284db5d0b Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 14:00:24 +1000 Subject: [PATCH 046/148] Remove mariadb namespace because not needed used --- charts/subcharts/templates/namespace.yaml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 charts/subcharts/templates/namespace.yaml diff --git a/charts/subcharts/templates/namespace.yaml b/charts/subcharts/templates/namespace.yaml deleted file mode 100644 index 1bef2cc..0000000 --- a/charts/subcharts/templates/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.mariadbNamespace }} From 771dd6dbe9b34dc698743a48cbc92e1f8428738e Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 14:00:54 +1000 Subject: [PATCH 047/148] Fix namespace --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index c51a95c..1f1d786 100644 --- a/values.yaml +++ b/values.yaml @@ -1,7 +1,7 @@ global: domain: hxme.net ssl_secret_name: wildcard-hxme-net - namespace: cert-manager + namespace: hsp-system issuerName: letsencrypt-rfc2136 email: admin@hxme.net From 12a04cd1e55df53282da0f814e6d45c884cc42a9 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 14:07:16 +1000 Subject: [PATCH 048/148] Remove operators beacuse they were auto applied --- .../charts/mariadb-operator-0.38.1.tgz | Bin 82024 -> 0 bytes .../charts/mariadb-operator-crds-0.38.1.tgz | Bin 69872 -> 0 bytes 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 charts/subcharts/charts/mariadb-operator-0.38.1.tgz delete mode 100644 charts/subcharts/charts/mariadb-operator-crds-0.38.1.tgz diff --git a/charts/subcharts/charts/mariadb-operator-0.38.1.tgz b/charts/subcharts/charts/mariadb-operator-0.38.1.tgz deleted file mode 100644 index 828bdc5ab0992a6222e9556627ba006c09b17c8d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 82024 zcmYJ4Q+Or7wr*oPE4J;VW81cE+wR!5ZJQn2=&)m_V`rV-ci($%J=Rk_)K_!XKgJ}A zfdPR0X8~zI=!~UQm`$bRf5>@rbC|GcFq^4zSnH^A|4`J>_#v-pXJhPO=B=je$S-AX zXAg4qwdJ$jo=uGK;;av;qkY+wS4MkHzqu%Q-by+d#j|TgPLXx)Mk$M!J9Ft58CRFUW+L4p))-?z7-EU*O%r==XEXS6^P>?_KY2zuPy# z;On-h!Xolm(Ralyx(;>xZAlfQ*g&CFV>E)0oE_BI!^ipS$=&J6xd};@Xg`2AcGIs# zY%lVAmJANQix$}EeRiR5m>`&+XD9&86|EIqP$6YG?2|A?CM(j}5 zTZd?rlBWBjNEL}BZ_n}G%t9rXX3qyr12XA7ZMO6%`|Ga9v%{_syqkN*aTqMyl z_^-X)Ev9AQ&R6iapcswHi*MNE7i6Rk%bu1^tgYn?U&E{0U)Q16o8QxU z=kS5=_zu2I`9xROePLF}H;x~My=%N+x4)f(0||D`ls?kt3)R zHZ(TNAXZ`pQ82SHzFd+WUl?jG8PWcP5;GzF5W@+)_CPYZwtlV@aY5ks;o|64OUIty zH+QFwkp+)Ju@P)J4D$#mRnRg7s9+ISw(LIFF#a!)S8AjQRx#9qpcb5cun>`;3j*05 zMqPBTK?I0IGPqXJ5iDT z;1gh;H7oYoij4ziSq|O0IGecmpwqE}xL`wE(Tp6uVdg9xVFfE9iz0KR1<~ukkWRrk zVMWpZy7L6PjKD!>QIkmIG1HJbab>{E1a*t$!l#N9B0+H&6|WNnEvl$xsK-!^PoMsc z*};PGXW9BNIi=WsF}V5YVS2G(dN#PZ5ozt|1DXKC1-G{Lc6PkaORmqcd_S08UiP13 zLcgvZ%SQ+0@qb>SQ-HE<%ogJg&0O(96(5xzL8OiD&zcvx*rHeDL z2l2N_g_0zPQN;T*ZJO``!dtSmzNZb3UA{ScWkEu$7nED|L) z>v7IS@|od!tZykF${JiiL^%5N0*p=U%V-S0Kap%~S!`Nra*2`u0hyPx-yb@Q5~IRE zUWgMp#osH0al$VKq=pq|FBu^X-SmTgON8_Y1!FI=L|J$-vXF_5mR*q}9D=Ygi?fM9 zsx>vSL{Xv%Sp~+Ibp6hRYvonihK~)O-HOUcO+D-~{M5@f%y_t0?2J#b10@MwF%4qHo z4lbx~AFcrrSzB+QXVbLj3|D8q1p^*6)dg9dz5ph@WcIE{Sj>luU>*gN@hFOd7{}sF z8yRd5R!M9Or4mm_K9k%2lLQn${NL49fzD}Yc@bBJLAV!jmtzxBNpTtFt;rupWtp2&q~@ zZBg$Q%j(nJ@1r3?AlS)rEz_E-4#+7%vzVAnqYDG&NXKYKe27+us@}*$aaHBWe}GSH z=t@V}P&H|Bq~#4JS>#*@{)kN*gXm1P#3e@6O4QZflTrndz^?$YMkA)68U=lXAW5p> zrR?9Q2u`qMBi|4wUYPyyw5zx>S3svjIa+Rr<&<0^JrFMd?qY6PR|QF&4qiSXm_)i* z)*%!?I=9~9Ew(gX;W;4-z`)px4dx49eoIF_PGZv9Tkgpu9Xs+XcO2WtWhhJcCfy*$ zC5hjFNMV?C$k8D-$3h;`HsjZbjupL>4wvX_V<3yKYvXUZ>PNRf+0sQBJARdD5@cW< zI~@@miltmaxOYF8M}=k+q1$+~`T2?1`^y+DgxY*2MJfggjwdGwD1(MFOc4Z1mJ9?( z8Hx0vK5&ZvAsp0z`syC|(GYTr{AcF{Crq@FE!tGZVl-eHlExs&v7vsBqG4fWmaZ#+ z2FsG6?hO|r(;2`5D!#%G0WH$lBfbntvW`d}98_+b_7*G+DVhkkX^Yu{2YJmA`MbSw zM|!&-Ias%(iP{Cc5Mm88iDRBAt8Izg{Nz{;giox?M(WdtY?V#to36T78_QXm;r&a2TK#^A`^zfqXnly+ewqr zUo>1r<>+J}9MfHA+SD@jsGTcipn;HlXbPI1L3LwPV6}y`eWT(JJ*qgTc^-W@_07s9 zME^-^lLJYe35h}yAbZwUSQd8Ialz!7mJyt*sU+V@Nu}Ci?m);7FkX#A&}l@jfRx4h zSq81EjIPncxK@N%vlQ{P5UGAX@@_R+{b-WMVfs>n*V1Z=0fTlBvKg1JC-$D0mg`nB z+^EfD9;72f6JDyukOr<%G|7Up5|*LH<6cl9Ltv|=laLf@V(o#8rO=OuQBBYyf3eC+ zfui0`;K}?PRGrF8bE~Fts}?+A>j^00cqh2aDEp%vc;d$Q^Riy`{%G7_=`K@VrRsPx zP*?5#Oi_P@Ph3b|hY+z{dR{eiUWOwrA|+wA;kqe zBNbald*rtGq$NrpkiNL1Ii2X3>k(u=alfLJDDn^UsS8QuF<lM_UyIgqPJf4@3`i z4^syg%^7W{&QVAICijHETl#iLkeKT)S`0`SH!M>Ip9^ucdC=tJB6m&n#eZc%_ zBpl8mMiI!4G^U+uV=6N=Dw`8H_|>$%Un8OjJ_UZ0e3|kD#M*-!ctBUrfOZ8_rYQ}& zC}X_8w}})=nKR!WCn6{pdgUnown%xYHxb_`Iy-8QnhZKXn#Ggq^8+-6*|@jwjNv<%6Vr+auXa#X zVHyj%HQit}dN+_Nx|)Wbu|*1mp1A^x6H>(c8dX1JnZ>32DY8g&F(|Sx9G;TxY=oau zoT`W1Q=PLL-3OW#RHt{y3n-=NCWL2=G*hFqgFMrcvW@C!Sul(Q!6v2KALqQdPga=8 zo-}FY{lQ0%LO~R1N@c48+tVhOTpaZx)OS!pT;C2k^7HB3-G|RKf+}<`x?ZaSzJ`aL zh9j*n#bi05^5gd=+Nd%|#dO_a2N&g>(>SqdSw!Jkbr?1o z-+__$<3zdz2@1C+B*70Muk~cd0(@@~7; zMsH)KsG2)7k+Z?P+>L~f&OJ>fV69QwW z6t=7nf(5@TUyt}-8A$Lk8kK(*i^h&Gmw}mSq^})mnk-xSZQp6*-*h%J$uw+6a*7jD zu9~tqT)ic2mPIWO0BM2 zmcN=_t%yfvZ#aX5J;6(YPn0Lx&m6|ipK~>ZejNz6TQR;VktbNOTEQasDpJi}Gg--@ z<=rT_5@|>woJiE>?`Icvcxe6cqk8P%2**n&V%WB|m8Fuvjx*og0CsFVz`fL};XA;# zusOSS*|vRMp!#Xn6;z&pax)as)lY9}-;rR3_kHocj=iUc$(Y@EP=`C1W`A~6HU#8bM}VNt!S<0h!O8?-E5+Z^EoI<_6W9X% z3INqA0`F0{bhMC*q_x|J!Gz&WDsWTm%Vi?~>NoCnyeF2>&R@g(^ebNEWBqG(BJY60 z@m9d^Yc~E_|1$wug8fywwHJJ7qja%+H_aSW8+_HJ5v3)t_peb~=5U0!ph{)}bVq2Z zTK;QUbgBV0RnVZ7uCs5$A#ScumGZ7`aP&q~^`v&g2NT_a1w+f5=7YIw^yab@G>5V7d1cJt#-4X}fz1TlZK}AdJG&(+@b*2!W#|^7dvXww5}=LVw*QS)jFvO zp{X+>8%?qs1_RyDOP=0llvKnAp*Aa+ks{{}dCM_&D&+F)p`$(|VVQCJJ+&_>G*5+Z zI)qR?K?AUucil=9iitS?yb?uS4)kl*-zG=mYl|v!67|yrlKLkX*_@H+x>_ynF5eRw zUAOfU9MRbtF2ScVLq`#7VM<#ytRJ+ewq3&)*0wwMBQpZcJ8ZXY*F2tzHB|0|c`q9c z%@J15_TgBSTKMghrIs~gR4b&!*3rej__mYto4cXj6~`FeNswS>N@G0ONOmw@*$@>j zzf|)_Ky6Az_L(T+R@nX~1lpA{Xt7Uu{2mhM4=-auNJyIEalwA1@#cih?m04v1%W?I}TZ| zE<7)+WqI^}KmId)ov~F$3l9O_KVfr~Y6D>=kp32P-Jhv8HmcFnR2TjeSOTV3m6oYwP|otRF@IW*j-odjJ;v!EX&*(8pa5(4yau)Q ztebLzH;<$Sr_G?~>;wgXtD>G@7#Qg7?sGT2Rl->Tsl|$@pYLWFRrSDS!+RrBB=I)y zctuiV{%O=(CfkKBg|q35Otkv#euL7MQ?8 zPYKV$^FEtik()(vc^a`+?AKcs`pxuQ@l_9L-2=4$7VKfG#xHXge;{kBzWjchIjfg;S31+rf0#b9sQ~gx|Igo;22q z^@g;Z46a^!i6H6)nA#5*RABO8?%IU0cbuu@P2}w&Fyt%aNjqzmgD(leD->s2cjfO{ zT&+jEGb_m6M2R6Z1Y$>u?h)yqI2E`40OI&5|D?s|@bX2(Xs;q`_@=`V9Q6?3ODiq^5pv1$VzM+amXuK9UC>1Z+AYLt*o$K>T0;g>>wozhN_OR%%p|I6 z{y~F|iqaV)M!Q;`o|mKiVr120CsZ-0?@+MH`*qnH%6%WmUfqUl0_DDoJw277Hp& zVpViK4K>}9G47lPRxX>@$9>;k zoCKtot56AS54T^|;S5_(Tx`Y;6$x(AzV> z$Jy=a<{+bmQ*tl2+ncDP3lDE&55G^KkL&&TX>)xbmq_2gCa8j3vc5~2F~$DRN6NCM zUcfki(MASxi zrcp|Il2XO02*tLqMXEEaw5aNr$VJUT<17>{l&{SqPpbSzwqkJEiI{`FLG~(ZzbpK- zGT6-m_=5Fz5_Qf*IlkcxyB=$})YG(t7iZ~YhT(dtaTGot)#7_(Oz0Fu<0~hu`P3OS zX0t?FmA;sxMYSx0bhQO_jMr%AYcGZqBsItPrjYdVi3m6!i#Y^ZEe0}w%5&7U+E0A45i&)#B%H7>ZHfYirUV z68rXC1Y*xsHh@dTd|P@34paj7e47Mcf&5aFpMn?LEYb6Vk$4iG9Wmp_7I&39v}+-& zw8i=@W`q#~BjbOFltV>4$0Kn;7zt513hGBOhH*SBi6U_)`tpeI_x(o@KAU!f-7ig!+2K%(Na*_3m}+KrD0q&~yT^Ia63K&GZgBI~Q(>F-=dp*qn1fjs`rF7oS^46tca#=aKN zv|vH)vG9a_lorrs`GS!~5OX}s72UZ6@CF?*_BXZZ=R=Ehg-Ed?;3p0!;_su@N!N&Y z!<4s!G&3-0KaTv?x@iRqn(473cu?AbI!r9lMr$lb`J`NFZRcIZh$jD;e0FQr9iOz? zx&X6-o9rw445^XkM(dfgdI64pw9sANzr73aS(lzcn2ld~Rtk(+HmaUH!JeUE_th0; z52P-Te99me54#ZDa156CgH4XGsJXK zNjG7oa~T?A+{-%8Z9L?BAJ@a6EWU}>Gpg>za6DbJ*zDN&pn~*REjsnms-C7uya+lK z!m4`7y75uCKw#UIHtj#5epn?xb1#5JUy^)+A5$h6THzf*)`j8?W4+rNIS11Tqp<&LIPSXOi_d z!TuQOqWI2;SRI?c@0?PEyk}|1hP%^~8->n>TKoi;3$;2Cs1R;KF@XXQQ3pt4ihL@C zjE&7BI|I6xfa(ZBvyXw6zPE*yz@1%hf&WxkKdW~^t6)JMhQIt&F#6L+b+UDwR-Mp@ zFNJ?Jt||S3N#px0?kW1JXwdxZ+$Cv2JLoK09l(4DO={6Ug*owJTJfm!Ig~q zs5o$)_pXQ0{(BD^dOqg6phxs`{a0!TX)? z{Vmd#rykN@cVOqc9D){4<@VbAaI5Cd{p_iq{rJ~*+xJOB^@uS)ULmzehhYg$5pMjG zQQhpek#JD|Xe@fSU!3TSyzen*goa3kh>v&zX@;NQEV*<8x5&`)RDO*Gfb6BVDLzg2 zE^BABMlXHLf^V}fOC38kSwh3fU7lpdepa14yjBW!v+Bt@RZIg(48BEL;o%NuFvt2qh7Gu0Do(}lgA6iLND&a-mxy$AnG#-M|u0U&XBnPF$= zbd%)d*8(2u1?oBT3l)SdGBk`dW&9CiL<8+>1*jd!*_CgDo_Qax5yy8AP@BE~ZujWK^)}AP z8CUo1a~ZJ2ZuRhAo#Vu)`*I}IRx1oa%hbubRKyT|O)cksFmukjsC}m5*zvxtSM;BX z%SfIM%jqsyaod{nEqFJRy=BYDO2-havR3G06@22J!@gV7t~VbOJn(MMd@*4ALY;NJ z2svk7tag}|)0}bL!PlH|vi6vE)y-TV&P}&qzh(QXa@4!tyJRiszMyJzW{7xI^e<0a zZ=V*c$u3yovur{tcxR`Q%dys_)L!{0E#C-hRFnVv#pTHjfc}`TUKea13na43_#E)? zg!-5dO&vD}p1Xk_f7yoEGUl=GaqA0MtM@m^QZEPB0$F9i-&piz&e`=krfCpMC4HpJ zIF_FDG_(;LE|#Wr)cF6FrIv3(_vNzMJ|^j@WI6nb=&EIHd*z!cOT$d^j+~~$`jILf=>PfxM#tM1WerT|q~#BDPZa>2Z4A1BOd@*peM{2U%Obw+{rK1OlMChnNc zxh;7(k^eCAW5V}Q7S+&o2(0bQto)vi@8FNFKY(HJP?!W9YX)iU?iCK_MOU>;`gMKw zz1I6!!}Wvy+J}I2$}$M(&)LIv{3QeG*LWnm@XWugOR{A`d?Ma0l6V-6E=QB-XH@tc!;+BN0+ zqw%YGe*D1kwh*ZM^xm-cdW+=?`L#C}6FLO^FrMlg2@IH!9kJmEzEpzvp+{?x;D4PF z(`EbGy@V0*)sQCsWi4d;9f8#|`kL@{oo5Ub6g$rVwhe*KA0*JJUw_gHpADOOC1G$0I&qGeYz0g$XP2ktkuTCw&HQeV# z>VqA}-_V;@p~`2#)sp9L8hJ_27x4OqTiJuN>*8~^n}wP`?3P4o3h$Z)z= zqEugOOSsjiX-EvYu(HRx1JY=jUDB3DB!eRCRLv|^x0*-?e%=HnxMh@Vm;8LTSl?U zm8i!SL-rJC794^yPbRY1J(v08J20?e5O~WcxIy&#uM!mmyH0Qyqk`vxaNO>D1d}q$ zJMAA@A(@=%|Kc`DS+v}@3C1y!rbp%*#H5B9x`+MS6?Q2R^jGCSt{}?vm&{Y~ z0R~`49~Mu6z<&pWmST~{=HlfxFOim;+)EmlM86{IEUQ+%e_1^G={+K;OXTCAFJlcf z%q7h0<<1NHe*bN?3-p~w_UMTD2=wg)0*$Av9+%hF<|Fpm{<7zJGfO6EAx=OqQ)HqO zjtxQN_JTX^=?5>TwA4(tES?nvcI%8uya$XG`Hs$;;Pqp}ND-k%ObRy~_v zOs^DduTF4gCu0wbR{V&*GY{&|g-lG?bc8KE!+AX|P}z0&ZGLfSUS0~R=hsNn-?#kM zjF&ef>TGAl)hAC%ZCoJ~-H+RFr7{G^2ZiYkA{U4RO!kIPFP^o`4{DEaA&f)`;(lo+ zgCI+Q2>%Q%>z9)-ShakvE!>t(R!Si;oWWHfnW!E}*HTS*ztY^STk0_!>Y#=R?g&z; z#`$``Y*3xRBpbp3i8cW%ybV3j9Nd>zo2JO6UQ-KlLzZAIM}|h_x{X4_OWY25TEXsuHyIB4Iu*<9++#gZr>C?24R{QokA7eO%=n-H;`S-} z{}}QWG9&c(OZfSZ5(Gfr4kdYyuI9Rs^2es0B63mnTR|TYxKI-OA(CStbw;6#4W$8d_1*%9^aK6J(cE=v zs+DU*iZ=7Wmu<{bFa~244*4_D&|s)@DW!rs|07^vvkVzbPGU{hMH03XOYg@BSJKga zUTDPTZ2NlWg_h+4Yx64V+#dMQFWy?42H~S3i`2iAXNWXMv5|Cw7fSd zZyQ}{m+}ulS;&I8M(Ml%s3k|&*|Mc0tUz@{Y2-m84Yjxt30>&>>!NgAHFgfbX{ESoezp7;d{hx(PGceOiA`3>}76 z64^+r-5kpSbjk*u$2|NQKhr{A_{3YpiO7Rr{|hde)i-@-qnV-MyJMOZ2x}8Sl|@5- zf=1HZp_qo`yGEb7ijDsH8?6*{V}uQDrD}8UioycUO03B^7;2AlK>a6D+8AH$`E7dV zYj$bD(HSL(Ci_t8Ai@;)d@apiu5|P!YhPQW}G-)7=l>b z=>OA8h)Z${x+pFrnK&aTQqsk!O5CHCscW%CM_8GKDCy~3U5Jk&Jt(Ydh3qqg;j6)+ZUT!e)Ha7KnQV=MEU^NC*5 zw87)L6qQ0aFgguM6iMYB`%--`POS@(C|6hO#b&Y$=bB8yFCXY36n&+;G`fEoH@;o;a<>sV3kR5kwyTX`;X2=mG;(%?KFLQcmm z7puMihBMRtu5ehdk{O07xnwXqdmfI?BMV!{92$e^-ea*GlUVa{P`9+%lDsY(c1gEy zK1ZafY26Q-*b|EUGSdg6N3nyXXy`ME+CC|lAE=2Tx?Y)Q_|a;=E^l$S?c~^i!iY; zIIKbd;o07h!QO%U>n7WWBDmUMsD-V7y}7{-rB%neI6OA?XKZfn$osjwe1Ny>8_G+D zL_a%#2o5F1AJ!~fnds(5zTHsanUnm>#}c5PpZBtsT_NpYagV;sB|V@MO;+N-o~CAH ztxnekYoAK1nX~10d&4-&iMTV(5a!pRvmR!3f%gV+hNJF5<8C2^qxQQ1A=yp8=4px} z?KWJ`K%IJEvF&;dVlStXEet)VB+Dexk$HtIgVm$z>zUhGXF$D=o`g?tnMX>~_c%;< zR;2(#I+=%&6RFIL!E+iL-!QlFF_cpIQ&RRCTy)XOamPlV%>T9=?@+j_-zY{Wg+`e0u_ABYkdck}zcP9Eml z%GBL6#fDVai94Bw_LV4Vuy14}*R)?|WCP;hVQluRE$J_tv3V_s6K$5rmvG&V9A%(* z*p!%&$Vlp~U{P}a<%E4a{EH!q;VD{McBS3k{OsOO^%p7l6!9P@2#H(N50Ri@a3`u9 z-Pso{8kaQOcgttxQ1sCb%oIsM2o4Y)<)Ak9!#_WwlN-^mvR;YHVRnoeDRn3weZWl{ zAyX~nZn5g5a~NZ0>7Mbj+T|^ME?f|uCZpw|_j#=BOpA{#$N;@P!l@<$GCWC7J{Jyc zLZ-G`a~4L@XtU9>bz%Ed{AfR^lhLVvY&4AZ7uA_I34X0UmgJmtBvii`yY;+O%(yS_ zmPdi!V|#yGh~p=6!>Fw;`YO3G*BK(yc@FMQ?$icfR-UVU>sBAEeY+tcm&FQM-NIJZn5`Q+QfmC+2lF6e z=qmy#pwUL478Fa9#Z9bDthxrdXP}=aE3O@_3M(QJP}a$}A+YfS?#J7S#zi+>(F8|4 zX?andO(%82KeJAtK=s;xeMheDoP;8T6E%^1OKuQRqCPL%O>^owUJ-nAC>aISa##z2b=X|J67$i|{{NMKl*%8xi)Vdp{K{2+5z>l@P0C)ag29BEd??Mt@MvzMe0CE?7$b6G5zXe;QMm!WOImQ5uL zkDjE}ZaubGl!1qJZ7GHD9=@oZwa|(sJL}k=>SyTeOkNos3@XMcroK-kTUv_yuP=q0 zl;M%EDn9hCaHQv`>tnsQt((6BZ!NoC4;s*c<6z%;z_`~7<4b{|CO$WBBl~*-N6`_u zD#I)_>Zz57ukQc(UoT1tQPZuZH>TYS+fjeO%z8inAW03|hCL(8SF3%MwSB66DMvfW zvLG|_|M^T^Q~%dzQY8Ud11+lzUnz+S&~O{@<8TD0ftM{VEV9vTU~*q8{{4doF3Uc# zhcyVwATH2^CeV=RI@h|SFxz&@^`yG5IUYGivSxDosB)s3cSGYZN39g*b-7LTl)ldD ztG*oelwxJF(Bl}!Ug!i!Bgo65`SC!XW1dET+sA_aszpq_nu;2w+)W{3rLI9u4Fp0d z+D610{E8WtXIg>{OKWj*Az?kke&F3_*LKqBL6y6lt+=0Y;PHMf_5S)(Lyg$B96%E- zW=m)<$8J0O&u72cQMVk)3o#upIfb^iMZNVQ>eO644oG+9>Fj;oLUG4YbLHx+W~kjW zx^2wFZAsHD3gVtqrTgjzZy8i4QJnuOBA5eDIuB2efw*jcT0}gsHUXGdIXKVJx`+lG zXbDt`1@7$mJ2Q^}1;pMCk^f>%J{lBe2K{0h`ss>&`m^gLVxjA^xgAXXT;_uADOPw+ zzo*d8>XlW(P&BaqVL@$WK|p&pjTLsVT643o0Ma~LM-=3?fH|ncrff23SJvIO-2k7+ zX8=pqdckH%p3)D)VQ!G!DQF!Tj1}(!-t`AYdu7vJuqf3{GUeO!FvUapx!wV zltp@f-dR0A4%>5%`0@J$=xzP|g47=I7MQ3ay*LE6OUx|(Uu$QB9yY}Mgz{~EANV~F zd>W7}p#$SX8v|Wx-$P^n3NJOtA=WSv5_3>zZ&B&QzDZzOsDuz=9RH2m~ zJn_YsdIkSEm&*oa=f(->W71YvFjPykimVhK#TzOC7c&i}e3FY|jVi27#KmY{Q$7xg z9tLtAs!-C$N2+;^IMgZW?h4XqL>k-o1m;yL>Ky~=iT|W4w(q>BzZ@19NQGQd)Cfx& z>eX4>a;D+P;j31v>DU3J zWBd5WI^C^!j@DEX`PmgI=aAXbbRtOUNL(&p7U^4J*<#F5^-hu45yrXT-t6;-gAuqi z?>^oi-JT~5N|^>BawY(Ryn?Sr&n#aAAq9YntW-85CQM~@Rk%76xszLfg~$}z^%?P( z>Gj9H+xz4|N)^)d0RpoEb#95Y4nuheifit`+|2LZ@U5oW_oCp^VnIw;em?AEakO{UtyNQ zxGIB6T_O*OqMZ-`=?{4{?Z2&JDwSV9l^~qh$+(+V64?{NjM0qyx06?3710%_x9%4a z;o7nD6G)ygGszOD0QN)J3CBXD$1d3K1!X_i^jgZyYof_T3CbmvsGE!mn|@A^ShN_i zhhSA?XjXw|X4Ba3%haU*H93(qQWejix;3lK3bIC%v@LLqB}MuN`I~0ENeKo=RxpML zWt*88_F40nm^8Rz23Zi4oe*$*_PfwphR00MaxH4S$h!5li`M(I=DKxzO>8it{(ZPI zwyXq9GNbE=^(iN31d8RVc5e&sp-!gS?IpKE!2fX5%qpseHZMk+f-7&beO24o%WkEX zuy(FAVX-U<_dppz5T7xWh9j^^i+qYf+Y0X=W<6dVEu~qg;wX($zCBm+$*J!S+CrH5 z6i`T~HiC1b48uYzUBz3`1hXV^cM6rauvj- z#M0V`jYvwirRa&=r{vy$^q56kg>jh-QV~wKueiU9T+vp|EAX3isOZM1+as9v{u5?4 zw>ID9+$L*#?q=sU$N>CRS2_=@DjZ@hfHx}Epf?p`1jz@stXyqDfj&`#VOi)LeP&5x zdpaTr`SS%W9_o0jjaU}V-pvj4KI{6IV9cmHQ&$3yj3RJXyy5dau3fF~HQ@VFw*n#T z+{jxr4V?0bzVbRjaJ60u?v#qU4boJ(Nh;J$TxTAh`mq$+%u47I+$YD4o?dR#Nt1`} zi;)>Y3_*5i_(`pH4X^!F8MF*W!DajcQcb^S!Hi_0N~hcRiG$rWBuR1t2S7pOiaU5w zs^O1tv^o7+kLm0R+L21%PddB$o9J4MMRJ;Bx~yJ5;$-k7{75r(oJcdB?=Z2YF3S#> zd8}T{GHc&_XcO7`xVKO1OpxHVPA>}t*;k<$=Q*_do=>c_*#J_2n- zG7iv51nh3%R(NSHq-LRF8<4sQAeP`QY|Ok*=0+a1tjxTjVq7Sb!BUvhLgaOo)>xET~-m{E1cY77_$z1+`98|0=3zakHdwOv>@C}b;DLIm$2r`WsgoNJ-X z>m!$+A{{X!wc-*KFt6F384t0<$AnHB90Sd?lr%4OyQ5K@&xRS@&C}l_j|)HEwm^dk z<{qC)x(7?UP4v@lVrkE&YD4;S<%r5LQvK3a=4jYT@`S*!*4oI#4u3#u9_a}OetH}m z2@^4TgnvIBS`7Jc=`3W`K<07jF68wgu%_q&#)5%}D8Q;&NPeX~DT^EGf`*AbR1I28`iUT3?vxmAgj&QNTH~-Ps+>m>5_(@!1raIC_Dp=feelgZYU;qUbTk^Mg&!P z;IABB?q0t^H~@JAN|ev^s}@4yHP8y$7|dhnYuJN>N|Mcu(8gE~p|vXaK&A%D$OxEO zb%(Lecl8gg?2XbGWv89iJl|Dp44T=Fw7p*%o`4QxLg^btD8uqqb3a0Rnt^MlXjn7S z{rG_9SXLq6*PfZ)Wo57&Wxvr0q*v`s#)(WJ2077}NUr{Ys+@LgUTe(gBzUd61Lfys z9p}ZYRAKS1T;jGznK>B-$5GL5;2L3MT2d|nFL^i!s9#9{&{}zIko7BU%TKqb7sF)7V{iWs*-ZWvSDVV$u@}-^vyv3@#cN zcvwC6(3eia(aY|ct5L__N8`j!$7cOjpA)0PkUnt|IYL9t7HgHsVYi3AxRi4Liu*US z%+`97?|q?Dh%K#+)N>I{Za(!QjKsdDD8IdxKKSwe%)oF@WX2HHN25eckxD7IriVF<+hIa1T2$|abUXV@~7An*- z6H_KV-()~UTbuQ+mBF5m?#0j+W#cRu0hCDx!41N8QapCU?&E=q(Z;n!i$5>)r;M3J zI)JmPpJ4K-7CQjwM;)6`Ap%?OeiK`j5GIGFYiMZy@~aBawu5}eWIfKrZr2W^sh+)~ zah2hmUqEIa6d-OQ%}8t~&y`*T8(R~JqQT9;l5HtEC;gXKEk>n2Qi^pphq;JN9k^-^Ya(+7eq~&0pV1|20Le>|euO6Jx=cmEUulbFo1Fqj zuP$mQ@49YD^s|6+aq+8Ir~Plb7*^Pd6o!4&5P8@wPIZ%H!>;&GgG1^rUo1{1%Qy6| zm2aVoLUk3%93tgXiOW_S3)Y=of5l-N;hyGYnf$StM+5&_`=<*9-OXcM<=?6J>N@At zg(Gig{luUuD(&aJudm?GeZN>d$`luBZ||?(o%|JTI#jA|P1cV;7zMtK{2jU3vG4zN z$TxEK48j95!c%NLx<4vva^#S|E!HrDJVWY8mB%11*vm=uY@n`6OrtSeT6;SEOj;U= zvN zO%SiG-L!2_=k$7Ox3=wgx;NOZJ)>WcJ7^GVZsm7> zYAyIxKN&1g8!Gs~W921{dYE|6qb_5^<%iW5!X;(p-8ouhv0u$ty{6G1Go^Ei=Ly&z zHs1vI-(IL<@rrSv#WeW^#$L6s6${p_L#tbAAnjxIv*h3}u6kqctlCzIyD+CWlb8%? zTk;4rNLdk%OnZxbnuS(hs~o*C3+*mc(vwsJ;(qEq&95`FbPAMv}^9Qj*?^Jw;V>lS!oaHNXySR(D29Sjb_Xrhf=DyF~Rw z*u6_jkiP)hlxq~UUQpm3lV(p7Yg`GCj5jj))-&A#Ob#t(d@Ym)tP%mv_kD9p3itLM z4X#-4UHNOj>UE8_n?So}7=^2bCF`gQqf;`z`bGiosVi1RvWI<%sse@0l8-?E=arvz z+U<4kUJzfN%8k9mVgIJDOk~HDGi4@hpg(0Xy#xogInKtO#l>fukI|hl) zv|)o|+qP}nwr!hdc*eGE+qP}nwsB@==Xt-a-L1`!Bz1RENmVM{=}Un?j9R)@i94+k zl=k4**2gKsGp_(FukFw!uoaxhYIj2aR(ZaZs^f+dHKIV6LNssri;?9hvJ5J;_%y@j zY+c?<3C9=m^+ZJ@1UT3WZJ}ZHOc_oYf&+@W<1%e-6h$!@RT%a|faroFpd*a;P?1z| zi{fSF5tRGmKy#Zrz`Ruy6X$qp^ zIG;{HLBWePWT~oR%0%kKa=9h=eC&zZPmCANgW~*7oS5ArgwfB5RT>?`jA>X|uRA)n zYG#{3Ik@o6k@^zcPTx@1raGp3c)->X+_LP$HmTJQ6Nlhzw-wIhuO`;F-W9py@~4CY zbqb&(^0(ildqZ+9A^O``e6NFm69oVloh(6MVI$+rbl*>MSz3BCA>#h<;k=w2`v;v{ z#i%-5Zwp4|ON-1j(G*!ODTp~2Hk29}IS*vvptJN*2KEE6EWx+&=ueNs9>b^u+mz1i_R zD!=@w8DXlR<1#w3So#8Iw1|^)DtsqxPa_=vo*?-Fr&Kq2N`8WLTc-2~M|a`*Nir*E z#>}m^A>)=@hI=6{jJEDYXBlM77D$y5kC1FUb`8>ep6riw+uQ9ETqLjvO(b%_n)bkP zV)NlVuc|yg4b_Z%MGHv;vfoYY@5Kp|GDEUX0gjLH!e=8<$NqInIa z>j^iO6v$~pk6|)bXLV?soieXw;4?z}Hzw(KZ`I)K6TYK8&oi1!eC)uO$A zeXrRrLY9whrU2IUJ2gyjf@UnO0QTLkkRP~-?xm{^M;N2CN~{{g+5vvjJ-?T|QK^9Q zO!lt?v7l3g5-vdlnr``MT_MUNLOKsm$nsuN)L~q~VzlBDWsjv(H2BSs(MS!}wgb0c zL|E)hqNU%u5UFXojBFhCXrX*{0;)S&59M|Q?@P-NwWcH4zZp+nQw-Pi7f`E zV#a>_yFF*D-pONHtI%qp=IHxt#CYO$Qv5})d`ZFw$7F8p>#*kTr|5rl&Itk1xPBHi zC3=Skz#Fm@af0w8ie=L^z+333gS~|rTb6E)3Ks5)=I#n+{7R~B_M$C=I|=c8arAie zJ4m__g!(Gi)vB#(TO2BTJt>*Qc3FV!2nzG3swEs5?HLjHM|^{ro#+MaE$OB~$t}Ej2a*8yEJfiYE4|SU9NHf14`? zC-9**>_8Y;KEITQYdG)3U~LU!xd^Ed0$StjUR<@Us#zsb05`J?GaPVm)_t z&qjnQ>MP@LwDGE}yZ!X-1do%QTddIcn}U(xfZ4QDBB)HHZ5fL4XV7!@r3Z=hX9&y))wk!V%1Y@R?#G)E34V2hiu&W;sH%}qh=M?l=|Z5H-xPi%8jnOs{q zl1D207;$bFj6ZDVVZbKVVZda=_NJyFwzPtVH!o!nGlTv!W0Wy@(%=QmLVkAdJ#3la2DLD zguUIdB%er7`-ZB0D5zJ-C7-lLHSE7X6p*FKk=avKd;oybr}Hn2k-%+LPN;QGp|{s5 zJ67~p!gacVVODIxhX`NX;Tr=LH7?EGX0|v5yTig`825E1t3^9{gxO3% z&PW7W?u5QQrJAysABP{I-=_-Odx-Tnu`H~fA zv@3C9aN4Z|_C(!$faHp2UBe89oZ=#^T<#rZdj44^uAV4f zeK_R(qV@k(@M!c?UMPOCDdMO8+q84s^NOq3LvMZrB>o`Mm2}D=u@ts%815U&2Nr~( z9MwY-fEudFLe{e0uzP)!Qa>VnkT_apqONgvRRyt-&q&L{P?R|;E_kS!9%%Vfaf7=| z-P(f6#0)~Q{haA`CvS!{0JG;ILh+ERiNdp;i@f=*vWb&o$AGx+N7z$-E5@2BKC9Gn zY#vmAEz+-?J7zxz`|{QZ`Q|PnX{;k1^y_BR>V{nWB%w$kXErgw=1JZIfD=BdgvQQE z*XB+-ud<`9I<=BpZ&pPghX<0#k&|j0UN$JO%>Y8S+8$>NyXB~+C@*rQj=+-9*P{>4Y=8Us#a+tWP-d~Ap$fY1yMmNd zjP0Zy2_Pru-!(lsjq!JA{G#*~F&NkR`%`N>awiZP=Lklag)(QL_AG6WDyyNcKmw<{7yVy1k_5<7CJr%q;8MruiDLEP#UTFjt_8rZ)M_fPIj<&a_QQfx~FrWR0-Odv#d z4Uvf8e8dfo^He4}{Q|n3!7?MhvV@7Lq^$XO$sEE&BZf!$vVP{v(GX%txLBR@R*qq%ILC?+ZM&H_@^c3S2R&8UbL{ zK~&c~z@l;0Jvb;yQCX9h`==-&ghy+@YvPFL2gJ>-h^hWK55mq}MQ6SPEFLav8mCEb z;h|+F{n7eCvht~nO5F0e1pwRO>-8dQW9;am>4`IUWzXKFzY?h1C8W@4SG@pQkVgr+IP@aq{b@#lvEw5Rr1lpf*Yz0mhi}o!{{gyK6D2F z3TN(pO60h?hE?>8Xe2YPA>>_bA&nRawZmG zGR@1qBF6@4pL?YeTb<^)`tW>7RtMzfezUCf^0CL}{Bk_}WYM>|K0Tzi)#pYZ@1>3{ zb!7a1zptn-w;OXNt0X)5YW7a4DlJ>`AF_!&lWUhMs=bFR?K!VWS5zvg0K_z*HE; z^?AQm!!=O!ecK)V^Ln@bygZV$3ZRl5cgA;zR8=n*hW}epwAI;|Zec+pwl5%(rg=;S zGafBx36$iNjwP~a;W}i9az=<WXg(Pw-ix*+%(z2xDY zjSI5e(A2zrsftairbHm*lf3A1HXP+0-KjDo9}GKOmzXYtuT-AgmPB^1LhvHt5=a4# z;$ecfzpK1fF5NLjH9)#bQ(LpVvESgPaHok9&L;RvbX7QOsF09m7~6&Ai4QP@Gw9n% zdWMujk|)`|pMimD!_1Dxc|uRck0M937(|Ua5yTT29Ny2{mHe_-TKdQFDd)le8zyM8Rtp8{uAwjMRIl*Qw8FLk=BkCU?g>90z|TGLun za0gwo+>se}hbHKO4R47a(x}TrIwdZQ^p+90M_SUhN;%DZc%Jn#gxIJ1JFp#HPX>Vp zkJ9FJO<1jwJnfnoaAh9_-O1QSBbZVRDhe9Epb}z)zgXNZSU}s3&8wZatu%9E4AtE| zJ;7(@yTTE z{1gkfKdVhFL+08FY6`7?2Wd&FN6Sb>kv!A8$f^c#hOvZUa{45zMq&N7x0Us}(&%A% z{b|%T(nf-AvF@dp9$={%ZaUetA-$VWY9n8jyAQZ^dW));XHQkOZB0IOLe2(u*0 z9EBzBdqNd$)2wun>{7O5&*HIMmimQ=IC-%Wt5?X7#>BJ~E^Wfvv^l!#UUz$=7KOV< zcrrq-%glU7wyUliRn=8iuBL_zjn4~!84REYysC2fR(om_+-}?*q&Ny#di(|`=A6#Z z=+==#L`?-53a;q2Qo`F~u-ak*{vnGGOqbMucmwf&xLYA-uN~T8zhW1L*Gg$41o1H) z*tl7Kzs&HB#u=HvNVP7X)Ae@dww_nNpKYEB4vf9oE98DVgX8N6jJ2zW`ET=oDq6MR z_}l&B?5}or^FAPa9b&z`aPYc?U#YQ7KRS6f$w z!Fb|NOs+$!elh5Co+m)zAc7+&mIUqQZ~{!ZS&}MGzoQs2xj|(IbgGxyMa=QE&c$R# zSG4kMmzDmZi#!T%G$?vC276?XAVM7Hi$R<(cwU#NizJdmBn1#lxC_-K`6zm+xO(Z{ z(b>h>W#Qx^c?2T7;t+V~VG|78XyD-e=!t`kgj8pz<4q7-v7oFKE{SS{QuV&vTUAx! zcqJFDfEaQ0HD8Hzb`_tVpFz^lDM_DRuqMrJi!OU;4y9HfwoI8)47k)2sHBdE;mGk{ z-|U+JC;dv%LdLeP5y#;}WRyIpYstm1A?=w6C1`Mbza?YM%zYGb;ULnmnEPsMDd zFGMZ|IJt&pq|`tkscjIqKnhuV()qCo4id}WhO21QY#9$B#a13DX_~*9scLmjcE^NC zd7ii50p@>eTBaK?-F;yd8YtpJfvZef<+!U!_Y8s!0yiWAX3Y9Bns|L+{mxn zO0a3#1aCy%N&p`kyWK3-7k{ohp0@ENj5&ml?bYOKe&yJZ# zmtDaI?K+01VkMFFYtJ9rNnSmG(g^qtXnc%l7NGd^uu2|SyzqS4ucVn?9ejX|ljpIl za%}9i7-5%LwDP^kAxjuDa}lCd-8>0!u+Jfgzp*`!dr6^D@)F^IpHs{p@Df`sYMf zK&5=Ov_GAvXLBlByhBSgW72tn^O_@ygAGAml}a>JCa*c*S`kyn%@GwDx5*kn3?N`f zhzDI;7y*$Va>3%Z-ni`wIZ(b7nmM#A5uio?)b0h34jwKE-os6 z4S!w<$QWQp07t?H)kLcfE&)t5){doq!ugb{7j7ahb3$r~;= zs>77_?mc1O0&-)W)q0^C zG`tEG9J=m7ZW_hz6g(B6Cg3rvrbWqY?dV<6JnDL(5-obaA2op`>&VN z12-Bc`>$h?4E*mh8el}0$^H^G(nK!T%CkF7@=I+rgiR7Q)H(s_?4x{0nI+tD z(sE#(CXlL9cj7$)>0+t0G0S;VsE!?Y_tQX#mG|@G1wJD?rvLi3(yU*KpyPcUXv(;K zXmv%yI9v=hMeZU{$2a^!I^)2DC!z0>DJdsxr?E?n5qft%ay<{LP_;VS)C@O z&&v_`Ltkzn7C2@GP&?J+@%wf<)#bsXcMAP{I5rya;?SN=EeFVD(Voq02i)M$odplE z=E*CauhPDDol382?>-j)-%^az|3x`k)3e=fd##FcwtU`|)~g?T4EI|+V+4nMqM&gx zPT+$l{xfgUtPWlNI(n*awxR8Np2&!Z*$riLQy9|1hmBYpEeX4x%6KuC=B~+v<8WRj z>uk)A>2^IF+|rnZA2;9xF;wpfa@k1<{LRGF6m?jtmugl_1}oF&YyK5uK<-B=WAqjj z2^nTwUaz`svt+>lA^(UoSuo|)TKld3=U3NBPpR8NS8iou&iAw?66wbTht_c48b(2m zcvspP0Hu31d5FcAh*QxmTIPe8OWQzL8((3&co1td3n|-0Kw*@l_+V#p?K>9L;>=u1 zO41x;MI2`BM%zVqUK*!R1nr?`x-^ER247@7nd>IblZG)e-PMXd#OETLPlCtFw2;z{ zDxkcsk4R3uZ!BjxvU?;%I!wUjk+m7Inw9)?dUv zGv{y^@DW!YGImB~F3u%|d#WGtSEXU{sdh3TO=VKXTWg+5YHmwQZveXZ#JCdBFT~ZT zuKkL3H}C=DnVSp)=fZvv;5WuQGoJ(Qj_)LEa(jAZHRS-pnsoRL)7*!^i1FKp0Kk8N zINLI2?*&xuc!NLcT)GiAkV<9U#{kb%wRfc*d)-(rEgB4}WtqNo;$=9FADzxvxCXev z5Vw{h7vizNuVS*m2U~GA;00f4oE!zdT-V{_TXCM_gAwm@0D%$rdmJ4^oYUd!AGSG7Sgl4bom zt-1%I%}v1G<+*~u7r25n2!9Qeu&+1XQaG%|y3c!G>}Ml_7b4`bWJ2D1g_QSa?p1XI z$lf0~w}7I1X@gRv+m#v=?&xuUq&Dn55N11HX(Q{9su$szm(X{-RM{uLS$u$FpQ1B* z>tIt&ZwL^Mu{ZQRaQ;D8wjr@9io0BEL{}~Y!zsqX1>$>i@#k&x^S-h6mmRnC`ZqlL z*Xsix`Tg+mmr3`s|9;zSG?&l)e%j8oubGkmJ2JcTgF?FB{BilUm^*hq8zYdz`*}f6 zi#wT3@_%@9kx;+IBF?6QE}gPaJ>!w*9%1#ja}QI!B6y*D1+3NM8YTMRKZ252iMe8;!U76k;Ho*p;K5k zy3t*t_dhw?ak*5rQNNzrU&Niu$)`Sp4LwUm}+$wt1_m_ z|37qvE3T%vw)l3`PW_3zwH}sSXX?M1eH`&eX;Lxnv4>`qBPMW4^1EMaT#!%)%Ymm9 zat&exV8>yY7=y&|&wswSJ*QjDHr+jeEA1wbI3fnofTf`%2t9=5h%WOj8=&@jLl6aw z$79HnJuxc~Ho>qwzHUNwZv9qUim-ELIF(xF#Mr2`E?t6%EAL^Z-1=y_%9%Ls(GU`TZDfs)4H(QeV@y)(;vUV(N zFKjH_DA+s>P^f#cU3bHD)CaOKG?KJvCCj`xGtRQrhYmPu^h!{TewEuIQ?P8->AcDo zOdhjnW)0O#7*El{-V|s3y7=HbxKK$51BnC)s>(<;W-tSUxJ^$Xn^g7yi31BUtnN!5 zBoB&{2k{Yi`(TCuXBIhZJglClx-c-&XSz36oLv_ z&GKOe=QaTK2O!WCkcZ%7PjG{yR+i77`d9iX$3wLOj&D_kne7Ij!W3Ti&d=TKY;MZv zs(T9KNh-;lEB^H@Mv;O}#CQO30PPE#m(Cw3`ksuT!0D7@NKNg``V0`b-(}|0MYuWH z+sEl1tax;92x3ZiY>7SN5?hDTnVqt6id^RjUc`cRMnp-*8^qJP)vd089oRW||14=z zO(lH2CImyhaEp7T?J25HiG`bF&2Pc8a+;pYKnq{ct{^5BAj$J5-YOVaGFyd89}dVb zUxw3yq_sP-1CMcwJgj#}Y(#u$u(huIUlo=_H2r(1lz-HWU9f1pVY>wu79}3;Ar^Kx ze@l#F^C8T5VPUv-!71me7xnA{7W#&t1%~Du*ySmC+I|yaC%ybECnpfP%GeL5SKmWI zLeXOgk*{Fz$7H_)Ho7A}TB9eLD@3@OE9nJG8d{)IUL4Ar%n2X4A5&n)-uMxLnGmn4 zo)e%QB0&<(QuG{mYCn%D?T|b}b^3!@^fi52WsD$$Af<$AL}n3rf1W^P8inhSnnXnJ zI9C!M5i+S*P~qt4^(}5AJ~}&I$_qmB)g4OUByl3f2vvY03eqfJ#zJ1lfU}0g%Kh#` ziCXFPUl{~U4nUkl)ex;-Ok;E7v^+`Z;?#di2e4B`PX<%9THR$uOCdq7AUCT?m)827 zW(?r7H*+uRihk)ZE>;>m+~l)OI1Pg;RQbUPHqbfcyE)h7NwU>?QLmmD&ij^NoV|CR z;Y3JqSq#>|CV946zd=w@^PW+b*Yl90@>Lre1NC}kE8AqXY$;4#f`CSPAd8w0*zXTT z-_jWclS=P?&B*JQU0}Jz>>RQNC6K)z6hxOi4I5r@^5`NTu7X#f$fm@>=imvToh@Iq zn1aL7azO@fEhvO-UP+Pc81(sYPCiPdZM0SLkKy%PplT88g73O9N;+UFU)G`i=h6?| zA1zJ_yMxu^!0f3O0FdbmY7B{0LKf<7Y5Z_QhyA3pzG~|B}xa7-6*e) z6(D#LttW;_Q7*~d$VfFnQ7(I!IW_y0ZyN-0t|KjnV->(?R~bPm<4k4N`U+WUH6H?* zj>jqY7!tt5ZL~B!m?pF^)=CI^#~6t2G^w~%8LT>FNTR?=6 z8tv)w{A@^FJA&*GHh1<2X+kj@?cBr`TLLR@<^R5R?tXFqxnJ)6`O%}-``i5IYkB%| zRloA*b5S}@$iE3t!Z-h@!;GR}T!rYv+)Rw!dLUEq{91=|z-G-T0>p@uj0=cioI+eD zjYSNX!mglYO603>gUb`?DA;@2|4ER`W!*sNivDC43()p;2Y@OsJQ)Xj@2qLY8!#oE z!4BCd9@2!7FePm+D9!?UD%HdXvKO4sn8e4Sj)plQ9UuM`{hsz$SVML_+{-Xr-a}i zPkuxWW|4Xjiuo1p^1)D$ibwVF900v({B?wg^L{pOy2JO*R=1b;$>rW_O05vrY-G2r zj3}LV{Pz(L%pt;-Q$9OZlI}@vE@BdhNlJBXL=4)x3A4@|6|O^iA&scEZIgglad+q? zHD(5^>GwSBe%t2lU#-eY-SCqCiqXX$ZjF%j?frdnb#U_U^RclqfANr)n@ZfYiRd@! zHfLUtdt-5%34wynLVDCo;|+SB*Vn*5fHrg(cZ1EV&f{w>U+>C~Y+ z{fwjtF!Oz(?{Vlo!Q2A<2|9Q#2OlVl&L;*&gzXDROr0y)-j#GILXY!LeZNA)?FSQn znO>nP;63J;8tt1>(K>12JIH|zDKcl-Atd) ze%fP>sL>LBEnm!ewLyqR>~_;32{lvVwBDyNr^ewjRv+vTX4fz#nl=IFt~RStl|6FJ zoI-328inUmqN?r`WGRKe47`DG4|+!w(86+CXw*o@>hM5{4#u|T>FSdEJ(^QiR#Jby z-R}Bp=48iqh3PqMxm^{n?fK%$K+PT;!{f(cY89rt3E}5t&TQtJj#3Hx2r<%tQWYZN zNg0f-5s)&1`V>{GZ&S(EO9 zt2>rBTx{l0$aDnvAmh7LhR1yS`u1ewFt8*S!ssOp|n$A&GMY z_m3~?sw=r#o{DCe6ie`yF0o(Up$T2=Im1Z%BbR+oM__$lM5YqL&flN&S z0S(j{oCEJ({m-vs7nynVGv6%K?E)9cw+xb%aJ6Z`W1O;e4|e6gix1D{9l=klPJoe1 za(7jnQL{M}(1VCc1T%!2RQ$hx0zz@JTXy`0vSsLKjjpjGYb~m(M-K>qovNeKFWrPZ zud+xZskqE4t>uB}bt-v=YL%n~=;`(%1&-T?B?^0#7PA*_f9gD8Kh)v&mwN?I64`rE zYzhTW5=h2i_7RlLHJ|3||8g$40`zq(^?k8`M5f56C7h88v0H(;XPxHJxGxoIEqz@r zN*H=T^QbW3^<5_=j6g*KC+cH81{|Iz4zqfo8X0W=m_D^kvfphyr;=ZxpeZQ8q;+uh zt?mKl5Ea=YWqTHTvWSodzk_wXUrCl$iRP5Vxd?5Q0Fd?jeoGz~<{$x->DQA%+Q&}n zzh;%9kmM~j_JmU=2(kP~Cp#^!;Cx(PtCWba&e-DR1fxy}pl<8IK>LgxK*Y}!hOmu( zr#WRNaougd?M$}5Ssg>EU*Jlh!gsZno{|8Set1cobOwKWPTpha4%#OIfe%)pr-N^h zV|`lGq!eZtuGd;qy)4v(&0Mbg-)g7aoYh8c(2TX}C;h(?_Q1>(qI-@etTnG{e~UqW z_99b!sOZ=8$`&-_bfi+ARht_2wa@S?%&7)W9*`aa>*%}_3Mv1*9D)~KovxE1q-SWm zEQeUd^Jip)62w&eWI27VzLW$A+Gc8r>=z37;z-Dp3+v*tiwo)Wq-j~-E}`Q0yH)TV1nt>cfvmG%p6qqJ&0LdZ;uaj zUEk6!2wI0uz$-zEGf-8AZZr{ z*t#{B)S!hGsFKFFCTD|dlufRLPVm2ggBP~nLbP%KMNw$+nJ&d+wmT){<`^_Ife$#H z3Oy#Bl{$)4J)@XR^CpW?x(UeNDf0`$KCoZ=`ad2>Us}`Ng5f&LLDuhMKGzW?dQxNE zGz7?|h=&7hcHT_f3})aXSAA)?7~RUVa8c|2jNA+#x&PaQ)G<2`Wt+PhG~sRkdE})H zpG?~1;^$}O<5V!L73Z(Tf^FAXETY`E8iJf`jxCER{!lm}MJEU)njhC{F+yX>a%${T5w0QLH+i>yM(?u+_I=9lkTohu*Yg`Zb zIQCy|<^eJYZ_M{L=BG9&I~sfXSv{qVTjWaQtaTH!wJCg1UURiRQ6sJ1;JG;YURNu8 zKwc7%v?H;nucLmoo3@K0V(b|vSs&LU)rwU zjwW|+IWFC%Z$_@Zz_CendS5J$6jqrbIfTEb&8;PLrqXMb*di_(%kS@yhtP=_6oPzJo=!(!;XVdT@6JVZ_Cy|I1Y!k~OuCy0L~B<cH@S~)f^^?)2>4EU+dYFw!|cACBMDR-m`hwq?w0zj3ne<8B1!Ba!b zq;nwl)s=dHOeTG?B#kVEqyq7b|4jNr6$(-_SCH{XF;ucEBSAVO*v|hQ;~!OQfAad* zjbPu97edtwjuX;M>a$GRuN1Xe z-luHI_?A&U$5bNeBi|0qbq%cqFQKNyM`tjDVjn6m6eNGi?~$7G-JgDgs1otPulFJj zZMveqxu@voMLK*9Z7#ZjD~)4F3r{Jz3**4F#8-ihhFIn|ozj}`;<_<3fN&<60}2y} z9Nk{Q6Gjd~z=N>m{{RA;Lc*haAaP8SLPfLN{t(q8=@Jp=bkqx-t%0cBm}%57t?GyZ z@6{Tvjk>UmHDc}VRgV7Jf;zRKAlM2U7#fd}=Z8fx1gkg!_<#_^K0 z5CGxy`e_2r1T2YI+yQ+!jp4RnS;+Kqu#$VypFD&DX-m+=U|*N0DwAu%NDyNys?BVS z<}HB(%bCTh(MpSh{|6A5wf%nqfefkK9A_sGy0W+*=NG?YQc}rNSkZq0P|vA>`)YxI zEv7Csmk3EVnurxk`6+)iv0wT@}gqOC_pVJ5duot2>7c39&cSI61NB`{gYkEe?pw{o6ayAr=;VO z;r9y02?S2&)K_Ujv|)v+3jem4UxSsrpv0OASQA&qQc?c{2R+X9t-Z5!(exE7Df|2L zLgR)Bg-dp0CwmxV7R&sn1bwM4|8zgczR*$OaN<^{~hU&Rp16{rdqki!EwVW9PBn(9Oh3%t)7OHX;dTDylRW! zN-zApL$Li^Ht!i6UPJ7aHTO?7#2(W`yId(XS?q^u_d&lQ7|7gEr+d^o-n@7IZv#Td z9FGKT+qn#MpVQ>K83;C~SfNmBLb;}7+rE%61S3apQ90Mc_Dh2^@p_N>jS`1DWmYFj z1-S-DW+w_)PP_Cz9t5DXdiD1yq}y^vCrZn2DIY!Vx4u>Ea8l|e$NIk$W^|!Ww zw~FuZU2n;aPMv{!+5vYLE&ABmu`?rwSoCuuhtACDkeHvQM2${}7@gxW@Ijp8)7m9u zW|`5$(<6suRE~Xb~Q_@1T`K55!#6FT7oG@WuuUvtb;w#>(UZseE$ zobU-b;}brLfGkaYm78^Bd@4_Wm7jd8)P$dmh@Yf?DnEC*6m;35C$3CPf!=vk2 zeo@bi3VjX7b>99GLR!$7!r_5;2y?qFOVXAy?^9Rac+pJPJ#}A#eYA?eU$X_&G+xNRk5qP6 zG6L@i)%r+8wQZ;8a%qyqHx;b!OG^U{EKcA_#UXRM8%-h4G+mdN5HT3f#zX3L2B@>M zVnlcx5twr;zyx+23XpJ_Q}?hV94}5-Nk|1`la#vL z_d3zFxwfhY%n7E{(M|{hp?vrSHFE-~F?Yk(7Ko!=cnzJ75~_T!K5+nB*|xb_tzL{+ z8Nh#-!wy~^pX&gDK0QrS1n;BYkC0q6sux#id5cRppa{^LzXKJMDTQ=&=%B>0>SmizRx?BZgG5j`wSW_N&sRUD7RI%&(%+y}3wR~}KA zk|KN`RlJ0Odtd28o%l7r-c&wCtXWs`s-c|nWuKQ+L%~fB#0WcWINs*;kglQry%Siu zCHGH__{Cu>mWOiHvoYhhOH1$eqfN@NGEe#p9_lZA_F7)|dh6S8na}{@N}uWMBq=MA>Lr=0T}2lvPP0I}Na$cyz}evKD$KWdY@4@p)LKwu;i}_>{+3`E_wZ zu!CYgN+ANQ7gQw+xTbKF7uDhgP-5#c7O1Hj06`GkCh(0VzJw-dFu6HHIiwLz0gQzgIVe8 z6V~cL;G99|EFu7os;x3pS)Pf`yL35}>J|=};NiVqJ)PVbSgYB=r@p?xbI7gZ!4uip za>tn9jjA6BVz6hUpUpoWc|!|(%e!7V$;6yHM*cbvIeAzxCIJDT)9Ji=?FQ^((K*W$ zQQ0?>E*tlZIRGt3TTXMy4tFzwPF}M5i?Ch}Uvz}}40gR;kmfzK0@Z^c0;)rFy``@H zJS~(5u+si(HjT&+VCoknbDhPSVgj&14FB3L*=E0ve!Y}%qhtI z2HRAGY0kfE%7y5!IHyF7Pg;HY_m_!Qp^k?G!$25a3U@G8a5)mwbs zFGwb1u=WbVNqzrtxZId!!4>fTTGehO?Mg*&*1H)ux_lN0VNC9z?+#H;Y#ngjjqn-W zUS{`AsJYLv=>o_eN*z8bmta(_eH)}7nkW87z&#-T9Q0cGS;F=Y{q5D>V~INkIyavt z$xFz+^Rn6V@V%!bzV+_pvjGH5(lf{C?)0_b-`Zk^`@bTHyAk%gBaFFG#Q~9aiaDyp z9fMXad%uVFw|9E$^llxGFgH(m6Qqc}y6~f(20A-`mGvXfu0I7G9kVzM_ulz9Ocq!_ z8$8DtKxX&j-!p8z`?9{)ls&fOxFEb8&9$jkK${;orpUNDGifP3vXf_bXrXLRuFa3n zERU|O53p88m)p3l9<`Ml7C?(|R)eM8o(1S2_9`3w2lGN49sFRld>`ZlH{@goG4W%)g_Xd;5i^$&DZwF&$SQ(aM= zkBuaGZW1Y&pH`F69*f<>tF-c<3LaYnwNw6n&6P91+z0%m=H5KjpV0$2%oJGRef!r4 zxWeO>Us7ZF=Iiuc<<$2;wH-eY)aM-MNP(QL$m*r%=^TJC6n+(QN=$UJhkaKI+49+5 zd%G{GT~~M>%DZx>GHD|uN<)=gLTUs7kxi^ce*f(d3sF~5NPKyd3s`&^MctzO=}hgO zHAckcN+;tG@ULF!vQ~_ws?lVXx(`gvOpSft_;I_Gv&ZMXx6N>gYWQryg+o_0ABF_` z%3b%@AG?HbT=jL@22p{RYW7nj@a!l!GLkkJ&NxfyeGUO}c+g|Iwn3|fTU`#g6yX7l zR-pY3S1Y8DBpM)QJw{?u1r05HC8F|VrK7)Ga>@$4qTyfCWAD7C=dN+RuCLxtKJ@bC z-|TI|+6vn)cJ&oxVFOX+DbTV*E}3d7FSu^a28=oA9tus`BTJRe2(oFMqk5}+#8HkJ zbcQ3u712Gch447`foiwwU?1M<1;HXhho4r`O4@rfB44t~_~z70;JpxMTWfI9JJ1j@>dMy zo7=V>H}5|?iqwgJXf3nEnUV`X2E#>C+bv=R;BFBVM3X^4 z(@0wHD{~nG`Z;g3TBs@0~D_d)n z((e|C-BkE*$A|-%maECgdK{cgoKQRT0Db0?dx2V+A$ox4wD2`lR9DFII<#zOJsG^} zMKF=fVe`I>*ZFod4zP3M2cSR>Ik`5n#zq5fdCgN_r3tCDjtQ7mew}mWPE@Vc@LunG z$ckK>M0H#$1>-OJ1?QMrC&PdcYij&4P55?6WgZB=6##ZJ(>+n@F=6X_q4ye<~Z^G zHN|1^$+BIPd-P+`jNyi)%hqSVQ(_ZR47m?M*mjgo3dvsLBAWXobR+R+H(_ZTVG9}8 z$~hz0zHu6zQliT*|-K&t}ULE8xMULP& zInGf0$*)(et!ft;=9YI6{v0t5=_=)AHQe&*)PT8ebsN1!qg8e1SjWsG>Tml8hrc^`LlWD*~&^P3J{@kcfwH-z145smw=L1*-1c<%`5!9R#8eLM@**F%9Fuu zFr2eMqypqew4-{_d3Ai_vJataW{G02_K2}^{&t$e2?q3}4|97z>;#bbE4N0_{jqUz zK8Uj4O6#D+)QVQrW0 zw}5i+4Z0zLNA7yIc$9(f=wu6i&&-1|`+jtJpis)a6bcVqb6A)tBLk|8T*&Rs!w>Ir zMB4}@_dn&7bl1~v@j9TWSkRH_<42FxiSuB#Og5{DOl=Au+2$)$YyV9{O3Qd$ ztrt{}X*W8@{h2c)DG#jywu;muHubIiH z8sgL_*Q(1NcY3(ZA0R5g*A?rDcKAP3E9T>WsTL;Meoe`Kq7&A%-@dWEiEED+itMZ8 zvQX_(U;Hoo?n<+M{26@s`Doy(l%YgEOPK1arOPbfjtJmDTW@1?4Rb6aJ%n55HIWQ~ z6yaEv2W(pDPhww8$^L`8Bnqnz!bb*E43(unI*RN)yA%)`58WB;Rv^}3X>Fr9@Aq0P zY7PHayorD<1k%bw67$$3JT?7ADA|{#AA^klwa4@IEZ-p9i9A*~w0Cp}FX?*_I+&tf zxD6Kbeazttl=>TX7Kk$UfLlN^zZ*13Bd!?feO{8y$+57TO| zO)>nri&vSOYY;kbN$uk~HHzArC;TzJ3Z9ahM3&8gaSczsppO))jrftzRAE+^{vO>| zC7KO2Z#2_BRiWF9pM@@%E+lvL(-DOwKZknxJq#rOXTELlRvW@0l@+mXpv7bou)X{P z@-%jZQ3!x#Oj!pCspZijx1bQa0w;CN;Q&?3nri@My@VknzkAs6f@3q%px~|_Ix~fE z!zY8+r&ic2j>H7B2G92YkG0C#5#>RKe+LPbO2yZ%7xiE&$rgevhf`rTF8@$Yycb>fWZr}J#m7hqj_0t@HhU^Y{uh>_hDPnvbrD^w@eTv|15*&$-ek0aX6A3R78Q zW-rgiZnExEoL~r=hCc~<)o54h8f1gvksC25hyy?xfg|mM(NSwuv^8G)<`RrH88ZFx z_6-~I?(OdeHGDT@TBBSf*$>NAaY$o*)(BH^{9>IP^+yurE|-F(eYwFQI43Y+XI`67 zr+I=^R9FsAFG79}8nvCxN#7))q0RPSAkk5(aQ5&E7{e%e+fX1gTTq5^=}&8ryuKfZ z5x{1A?A02q?vXm=`Be6BlerTM^@iKn2Nn#*osDN-S73nJXp>ydqfdXtL zeBk$rBRcg%F09Ic3&xczUQ8QnCb!yx8eHMl0$ccUHLIHQPb?Yi-w%7|&OmTC!9y-` zZhgj5251XmG5!*S9J?|8Dl^4m6}t%zJtWI%{ayAg|BU|?lS>3y`1{mZXx{-E#l=Ow zuIK41I}+zn!W3?lKo0`MiSB73xR6s-(1L2`GfZnnZkX_sMpeRFqCqf5nfhTI01*Kh z2@_-(hPzLADnGbeu#a4H#p{bkk?ug!@%{BwZ@&I@fQC*hyt?A@S^=vW>Nx}&JX+5? zDNRq-0vGgXs;#QY{Y{PQm(4r^KLFg1AilByd*_jb^a#oag;(h;&uA8*^TK?Ddlj$CzWOJ2lpsL;`wy7u1T8v7}Iocf* z>bHf+HH@#p-q?oFUhsTFtipkp>^s|}w<=Kn@pu-tUf?XT<3<0MZMa?DP3fQ!&=Cb^15DvIzZoQ5;=7=L+W7yKxZozbJ zgK+Pj9R=xqzX&SiD_39Dt{tNYU})6ptUP;)as(T&hYNaLf7lI->Tw2_xTA=+U zm&>#Rkp~SN)%wsyL-;zlr29HF1QCi%1=2<-mfn_KAifMpDOxH46m4Z>YD4iL@<4C` zb;^_-8`}~D&`XyDd?(9^rFg&-`3O>6LBYGGN4}X--c@Zsn-)oK9h}e zB`!s2`x;nn*HIqbh;8{Dq_9KiZXd)U9rUfNjqADfQMKNm&p^o!>>&&vBj9FZ1+8|% z4RG(&%XTr9A&fkp{TQz_#g#HF=DclGp$c#F_}YZbiH%8-r;HS`^56NcbETHo|pIb9xdcTX=aUh?6%I^4PTY~!P&S2}zqsnKL8IvmfI>foBjdp*`WS#s_ml?dy()t zlXKk7B4t?oxrR32HROpT)?plb8V^~l=!KsfxtV$S!rQF7l-kl zO*jy*>ovN{s`>Ry>d5PKl9V5_F%L)Ari;8S^e|fQJPo|Tyq`-#SyWuPu_=u!%Sf%R z6aYOu(p9+FOHrk9S@kiggyp$WT6yw5@H+HE`4p*WjzBa!bJM&5&&IVdCVURNG)1m3 z@m#2b)Ing%jZ+>HuddyFlUVQE^CYr&A-R`Wd+3fzz_22Kp17MDhbSo-8eJUwkl-HH zOZ{(5#&L~0%(MJ?d>0MongoD$qU9}>R#!Dds{6gi;P&OI!jH?h>cn_O)3VMfWT?H9 zPu~0kXuv9A6eIm1jeOfc@B^f8D;oyrz7lo1GZv-?aU3X0N=@V`e!;4OR32U7E=R2%THOpV;1w5S}t_{DPDh1rC%p<9vS3FM+!=2ocmwnV0#KCe-77iQ# zWDQ6+9bJ^@JB-BcigC|u(?m#HGnmeS>?Ck7k z{Ifoclgn$FTV5E7o zRa&Gta_y6d;F;je^}NDp!Gzk$ct{B*1_mE;k-H3W_WoOO|2S1fj@k=8NYZ6)AJha1 zvYU5%Jr&pd6Ii0G3@}qihA-OKL#v;8q^yD8>*_WoilR(c%g3U{71d;HTp^#ZC%ptnK}^l! z(ZK|U*t)CMF_!rGPF0m*%W#5tlSP)mN&_I=Vx&b=lE_iTk0}FTIlj>?^s4CnmH7$` z)L$uVUUhz+3P1~^9NKXZWmOYv=A#VZM{{$gvc7+Knw6XgPud42j3U=lh{KKo{e6{w zYRjs9Q(L^pvo=>dBo;&eVuoog&S?e&DPMfH4_AP3f z5R9<$YT!-1svPqux|YJ>a|_AxJ(%Q~;M>h>v{@RHThtLJCj*sX!*@^89at5WX?|#R zL33^3?tZG*?Bn$K$F?i_SpW?c0E@p`vijjj%9G0AD3>Js^AX@Wg&t}*l3OT6_B;w% z1lvUzfW+|)#a5qh;w)$LQ1?7ogtlj1(l4aif9S*{!vtI!5TI8X*=BzjEX97Pumo-$U5<$GrWuXoX?}gD4RUW6O`4#<9}I@_j>N` zmim|npbvq0s@~^--8-ylDM^j`*;6dI7(YolGHQK;GgUXuhxBl@DOmqri{RmanjKpg z-lYIf31PHvb@i$Dwruy=?f(3V#qjawd41{kd>-}5t@e4{qyO=7uzfDz`+9Q_h2{5g z{l1<#-q5p?>i5Y)b<6W!)6?_B!u=|6vJrk-IHU=DSA9)@L2)kDWg>>m z49`S}nzpR_WmIIwR}zQ8Ta>>iDISKlnL!AYDRaq*k_z`a{loMH&lgF;FM#1D;=M8X zC)biTPr3m6_}_Q(0lchyOzuCh69yVLfanDF0LZUgA`(xXO{!gnc zrsD|PxjZfr5JVE5MY~z|44t#NVVG#t8h1k=xWzVs8IIxTeFR z%=1@jytQ(@2mq&Nh);x=M1hAzu=Y|osrmi4@EWxr)K$pjxR?sXY61_08de@Atx|5; z@;xdNZyn4d7w()?otOtyN1|GhQRgR&w^LZN1a;2^3|%TE>ULn_c&1hpOY)ylKh@F5 z?Um1$B{#p}jV;f^+VDT_GNrtUW`b z;6JSIZDYhlVDFw2p*^3R=Yb$FAm*yt-WC91d(c9%K~ z;Gd;|OMd~BJg>#Ut4!|mBmT2~a6HYPL~XzRv(qwyg}ZP_`4N9iL^Rn3QkpU7%xJmS zwQ*x6~K;|f|d&ZZ_$urQjNM>Av2FbN3+vPEh)aOcd-LtJt1B=LGwRMqt%K@Q#U8_eS zyh@l{$FQ2YkrPegcd03I^Xhp98y%I%msB-s!P$6gN3@d{%1=028V)HVF)!Km7p|!x z-D@B*rL*O>)s-+JqJ2&whDbpDxr}|sV#KF3Ct`lhK)WW!Qy58q?*7iXm(b*LF*|AB zhzxP)0Y?;-dAEb=ZGEWS^cE~8-3K6%4FaKR!D89WZLfjff?1{40KX1Ve#T3>_Ezh7 zWh{fRDPxVpw_rlH%Z|rOD#;q0Z`b;KQ1CWl@0HiEHa@X@G$VV^<4)bPf?18k|0U>I z6f(D@yi0^<^C>oBb*7$4X1?8k+v66`g194X#xMhfibP>Ib(YtSAj{=Y|FE5 zRBXtz_Ag&vn(Wy2&ZDJU;S26bI*64nMt%FM|K!AGk?VxKq@?KipG!IrL39Io3; znvnJB^WAo!Bvlh3T>Q^vW;9Fa4ksu3}Uv8ZcdkAtN^q59b~%UrItKlPrEfJ4rgWO(L%Xa<$MlMd!${A)|T_ z5=zl=4&iT^E;UzzrJ-jT`mAFqqqlsEkj~a-&N$7qjz}u9j~mho`@rK0L_<;rbT)Dk z`bYHQ9R%Lmq>bb4tpDv;gqvLj=V>irqPiPZ0D~gT1sp&g&dG~r8M~YJ78SBg~2w{)fLVFkc}Lh&9e_`e z_g@gRB=d)!4mdYOZY^i=FZqDrb)zj&A~Z7cq#|9ocFc5i%EN|VPJ}HoHNgYPBoVXc z>GKh0af8#Yt`&!EBooSD*oOAT?7Yt@Z**xy5EeZ-br;m_0K}E99N&|+r^5t5W0!%YWoP;Jdoe;|H=`<6{CtA zD6gaLT~=$G){hfTXC~~y9i$Y;HTCqf4)5QIE;n=wBaIty`s6zQUV!y)3R7N`n(tZj zrj_xA!;hCtOFj7sq7m8TC=lBG+@)V17|qh zmV@AwKLFahxO$Js*~Y6*+WGE&L87Qzw>i1ss_rfmV|2wEFbs=6y{LLa=w|+^Bk_15 zQc=*vwKAuC-pVbmt;H;O3Cqcs;Afrm^sUisi2mx;U*(=ryVnqmQid(+(%>083mv@| zfr}dqhUTKU9F|GxlF#PtUI%P+UmtKsZm0U|n#;2<7Ol7gjt&dI21c4(*?OnYGsIY$ zHNbp9;~BQ@N6G^t>Fs)+uuPHy`XIPxJl|%5t&QP!eoC6|etd5-8rFUV)Y?hwQU|Ip znl{f;&Y*HUbD93G4sgRPaYigygF`ICx zTzCezCHGD%w~ic1*Jd*oU~x^#il=$kb`;mh5kX#1*-^;pc6mLq$j9g%YJdQ#hhenl zjmnI!eXfZqra(P{wMFs~mueeJAvCuBcOn%K|DD(8&8!=Q+*McB6uVOIt&KOsj~WPx0ku^F3}tQ8d1j~rkZU) zv4@vOK3iG{ckU0YuFQ(-5@Enq`!55UBU5-sQrM00h4aw4uFh2Zs^n%MZXQaMW zhPwF%=V%|tEWs-t{yonuO9Q_30tq)C+~55y|UQ{@Pk;! z8K$R1(ooWqm;HkJKa0Ar3sF`lhSOoaF=2;e!WTPD28wx$f&@U<+tej!y4=q1@b<5n z9W>`n{$O0Fv+gR#Zy1W4gMFdW7)ju6isE* zNHbt<{%_V6?OyY8ukNHF2ZCBMhFxt4z1I?}l!uowZ+(Dkpk`fY$w)oBlvT%R1~5{= z(Y1n@GS~`|G_Ty5hqTtCELBn$d)U&6jVLBofpMIbJ7zLks9t!dsb?o*@`rXAo3J6Z zv|;fD<7RM_wRVy6jI&$DZ$V}5>j_Jf)FQ{<8zLz;Q#YI1jS`v;0EkKbIPQxX-8CVe z2#@v)38*|qwvHsbz!d5G%&7k^gw!9cozi=R(88BwlCztX>nO4ZXqeGm zwtmNhGFIlz*&nZWwauWIb>v0z3N*3u@*Hxv($e}oJh~~EkZ+U#kieoW6DajD_98n6 z@DgyL0o-7lL=3RN^U?)XI9h(7sZ0)g9H?RYIQb6^&d9@NaI=Zix{%_5UQnsG)v#51R~o}*u9cZEK)-@=v8*m5K_5XXCeV=_ zo5a1vFFnQN8Uu)lb3&m+Sc&NS%6o}HH|<&hZ(aj1HNpIVj3B5M z`oSfC2W7~3GOypHZ?vs`S&DKMvF_@tOVKnTxJ4h+Jg-+oD)nd)7o232#4LZS?X6+g zC-}UmQ13~|(|pmj?$#np%0H4v8IW)5;!A{M5ER5+G731%pva0W^|4~cSBlI--qQuqU&LCXrN zW+?9vyZn}-jBI$dJTrfPVs)Ut;4~1tz*c_szzV*mV=BnH+&{2Xms{O(G3hEHE@=ZI zo4nNT_kpLSEoWbh51WbZOm=ZFgWK$O^ps5#)V_mTR|u^a4=hG;Ln282-`)NtAx62j*}v)bQ0 z{1R2KD(FQiV5DB!CcZy&^Y_ePK|Uu`S9L1hl_ds=F}rt-O>=Ad7}T{UEo%xOO#in7 zR&CawwF!qH4N5nHZDOZp{)we9&ATkIY0W!?Pxo(po71Tjo>NO<&v0oq{?BkQAMV{? z8`G(7kfI{^@TWP7p>|J3>QM-dU=SQVcikF|0}44Bm16&a-`e=o*WYH#7R0HNq?2%+ z*#U0I(#EJ(TczdXv{IY;otwsl8vzN*DJR619-*F)*E$zefzc zlF)TgEeJIp=j3`nIylrMKwtk-8Thq6&a3w}a>HX+wfHNw!(-R<_+N7)tiT_m7ie!v z0na^H?_;b|7knP_HoNYIN2Vd@%*EB$3IEuJqE(zdVlo=JbQm8Zs) ztHmlus&&`ZPm6r+g+B zM*$IfTRyR@^$7j$8HQ^BCGFYy-zL;FDrGkDYX5I6{yRvP;y317s!59O90EoD0mRh0 zKEQ_;Q#?vJIXyuDKL~jc^I9%-XI{z`x#evh^~pJaJ=_N@DL~<99G;pUXD>Wl0nnqP ztK7Fr-!f0x@~^sh5gQDj7vS8PXW;g>6>OaNK6g(j5_j)$#L{7$NLWr{>^MDPS52yu zi!O98vDkgthx1)`dCDA&Ws9JGwm{N+1rnlLCh@~p|bSgDAe?WZ+QhODw`h+_V$splA8EDH57fbr{_!i=Yk z39YciDT6}-&@IVh{-NhU1CLTiX!owQaOprv@d9YP9t5~8fE&IX1L8!&2lnekCeDX$^_)jO6stGHb)S$s%c32;H0$;Sn^DT)hxhf))0Y3`c zf9LOa5~qBpqFPrvof0miUS3EK4)hwk5Qg$)fUdBD#S51zR1ZsMcV|@TA!NXWtq{(0 zFSoijM9S%E2=_W9WD<^ZNkwf`c;k<9)fCcgxS3+rET>$tm0R2pS|mYSTm2VQ0P;Zm z3?TQXW(^bz+JOuG)**^zD&0vP(aTlOhK$v|r$6MG_VLVB6Dci@0tG@CQ2+>3#?;j+ zoMQEWXYqhS7fq8ANyX3E6V|o3IDORf;nZ8{>sOlo;QW>Ne^!-4(H~4M+19_D zP}H@?kyq{09i5{+pixqew7P+@X42HecF7(^oRpS0B6u$YF2Bevj!35tWfz&D(u|HC ztx~hyLXxW|dFmYG7yn%dCwx|X9vq+xDRfIqLMDs^p=zfi&Sn!(6?0xJo=^N_J-w^* zS~FEpkwQ{djOrBMqS{4r>fq)JzveG*Fr-!q+hET&k@FN|#-)SPot4Gvs{Td+?Gb2& z=kUH>|8l>!p!<2Zq~;m-G_^*iZeAmIujFZI1>dQ|C5@JWbv+jO7}#MOv!Q0H$Hs~S zFHCM8QcnAuS5AtqGxKDuxqKLoa@gA_xtGVZHA zb)jMt{#o5AhJ!YZx0p6hkP*Lf&1QQ#Wy4y`e=gbMbiMn#yR?Y99#XX>+`;v=c3NdQ zubneXJOJ(qsPC7N;X2?9tQKc8Dya5s;!$Q4&#jCd`iIdAU|7iez1)oy?WJ3t@zFzY zPe#5U4OaQGfS_LBf+KG|D9i2!Y1-%ifQYZO;z)_iOx9C>{mDr*4xpekKyCA#ZSNU?fnat`*uA&_Pjj|`4LonK5aAjecoI? z5cc>y-wZ_wd_H}gPadr5Uyb*CrYAjTe=Kk7zu{!RliSCqem&X4>wi95P#UMB5x8YY z-TJ!OJV1W4}3LMcViz1n>Kwdfa_C?N%M$%J2wOO z&wkC~Dw{RlKgtp*g$jhPe)0>XK?O6o{#Qx0b31O_k*i6?8dM}C7I4z1ACEUgBePrs z3GL6XHK#OIHhhNU%9Tjg;*pu7VPBcp&GxUaYG4NS|3>E{Drux+O3XZ8|IX4N0GJHo zL-8h& zjzvDEqnN#O!d3{?aO|(zrZMpm4rH{CDd1^bR4x5bMYr1gSc=)>X+-S3Y>Rzwn{OcH z+ES8BTte`B@Ne7s%tw|NzSWjxW%RV{II?u@U?Bs1B7l-&U*=N<)s1`_VCld@C{whH ztRHQ(!cgv7>1c2SXcZE+Eg9L&!;m*ws#4!&y({;hwJthpevbMf+!Hwt`%+y)nJNdP zVr=}OmHSe@<7C`|$j6W>)^*2|iI0C;8to}_1h*^MDVxTFdc3G7adiL#DX|R2c9$vh z2lchtT;sk-IV*>D%d%M-wOL60qFd}H{P{E^ML!Rou2!gqLoVt0OxrMilV^#ezYFun z`0q)T>j2{`-NpXx(zuE{#0fw(w8Y-XlffA=TZdLd8o7yi5Vm_lMs*}!R(R_0jzYMS zRQ}d+_{mMX(8G+jOud0*6Ga$)Cltd%EyxjWvTTQuQc|jmi}2xkC|C=VVmq zIYMy%63^xGHP5IvUfQHVJDcriI5nl}^+vFV06daRl|V><%`hM<1kD(cPJPuDd_Kdb z@&3D9b9|PDnAOU|`1Hj`4B=6{VcJP&lb00rbgcEZ6P}VH(U0kn1dZh~+&GXiLV7;7p7*Bc!^ zv^AV|f1p%z8$bMG{Px3EM?7A{%(v5(pxvjATnqiq4EK0hq*_osC>h(0=E`Y3Y{&g| zz;~+OPQnM1tP}dK{m=lo@KvJM^3!fSf1bbJoara)D!sj=JukdJeLnSk%VMCUd*)Ig z5G}j;KugiKlSgQ<^{P<7<5k_NOLSQ@4pz1a76Z_l zPE;_%9=?AQ2~;3LugYCqRi?cW&&c1|4S=++(iY$U`V_SH6*7#71uRq^lO`&KQ@djgHA;Kt9a$!zvQ?ITFTR}2$|hsM@JpU@S}t9b>Xd5*LOELnme94KZ#Z0S?Pot~}|(m+Gez7Z&G6W48lqHfV4blL?hXz^0rY7c_w zO1C=b9p+VT-d++V(##5k-y0 zg|9cjTE=+nL#x}=4OCh6;2KSlx518S(^zlg8iJ!@p*HpL4q_|ATRS7xo*V?|x>C%& z9^73uK3=88NC3~-Jd9q+nmS8>yO?>TZ7fp*kEaG~?Ic!Ca_YZM8Jk)kD*BpQ__@!OotZ6ZqD);)~2qH=8PcFIIvDwqx6A=;p--dzje(9oWjh!#{*u(Y78g824RN)3H^TEd1%c zXk!(&6c1s#3t9}v)y6x4g&$H`oaTx)e;aAaLDKzmTrRodwO}7vvFW^$AqQQv$SM?5 zGW{bcY)Q}Y&?J=1`l%|ZyD?y7!>rV$v?f&f0O4u#Qtz{3I&uYA84QaRPZkrLre;Cz z21@R>ONO-u7wR<9T)OzTP{)2#2p20~&?6z8u`SXJ*DL4+j+GxTcD_r~c*}c!Q0eF-gr{Aiy^B#etuG0kuUs3lKGE zGuvum&_G=iod--g_>moyU%XiXZ_591Na4`3wv5BE`4MpwzO{1DuDGV-YB`ajJWje< zIto@)i_1*3f?VznxPY;Y>xMNV_>pt>R1q0UBBbV=YJE)pA9WNW^gngf`agA)y|LMP z|NmDVbs_HdrH(?t`yX`_&e6g@b=1DYc>#5g_3-jC4CVC!*kpD=;OW~$b^$({nw+)T zlTvqO59fqtB9;*Z=gawkztOMX{e92>rH<7Md)5?dD31T_YSYN0fx1ANr(83oNEP0+2 zbA&(iOx~9Ghp_)_MeRULa(B?r)PYCbY)L)X)+isxvEAkN9_u~bl1HdN_$rR|I!1wF zFi~x`eoTF{-yb+tUFYX3_k|tN1iY8@*LZQqsKEG9Oa@+65lgsr@tWT)K!(2dpK?(3 z>tJ4`vo3tT0^FfIIt;w(8w)KyROmZSiedOaLk2}5>Pt2Zq2Xs)@-;3w{2K%!N|*f1lRtZ3K1kvJ z-u{dU?1=U50gFI`rOc53lS_K zrAVGg_(W+Fy*Uvyh&wd7t)&uw7k*VYj42P2@16KZQVo#PzEOOwjHlVdb;>*l#*Y;W zZ0M-|9gmt4%DAVVbTYEK2Nb2j25aUz_hqTj(p+LW;8qoo=oW+kf?X{U;9LH3#4YVv% zNL@ndo_5K!Mkvr8!H+6!9Ovy$7?-~wWMb*bmjw&g44U;TscF_$7piuD?dm4|IlfPX zRj2m*>Z%(|M+L0oazJ31Ynm*W)_Xi!e%#pI2D7}fhjClJa&|%mjTDj1f6HP z({tT;RbKIf4-58yQ8`~Njtw!c;;rOfBzP5f>u2qN`RtW1(M(qePOD+OeU-icEl0M7 zRSZa!Ry|m9nsRbg@P?8HUfDj9>Z!!!37uO@4T=Z(^3w?ikY}8P3P(irO-HeNIUKP%IZ{N+W(z;qgjZmo zhO6a7F-UTylIKDq*w$87PkA99ibTJpa2ZpaFLA!8!JcI{x*)#bze@1~y@WLzCg!YdgaQVrw54eE=kPa_KP z$945sq|HaM5WAmGI4VbcQyAW8x1TiiLj+_P{pk1mf9q>g$ONR3NpAC$TE72zTsXSe zO5Ep>Wo}=i>1x0=@%P&{BAE{L&QB4b{j!Okti)j4@_-!lgRT)ZCx7~3Pag>D)AP?(z-qdD15IsbZTFtqq`oUFgbL z6%dp?gFFMeNr%+RoijWb#%VKdm~ueWar5hxlW%N-4>;hwDdLI35tLobXFaf)?_Cn) zhrn%LM=Kq2l4tJno$&Oed%IOK8i66KaxqH?(A#{>4P{5^L7(JHrd8rHR~tr{-fY{> zi;fyz)CI|r3e=o}GHHyrR*^9bhxZ?WVv&Y&FP|S5EQe8{bYsNS9&gh3yu1rE-*ux; z*5czox1&!65>|T`dr?T~Um~Gn80yP?I-?g?6o-^ZFI%0|oPP~K6Y$!gmKIYQ) zoH$@JlbK$fBNa+-D2C4cx-*rM(@-oC#B3&`kV`ko!#%D?ttg+Q-mWp2D8h^sNh*=|6dpYR7Tth@10jLa&b>$7;Au))$(4HsqjZ| z(6+~I`MOe<>j<5}$dld66>(_f{mGHjp*eUwGxrRIky)3z<+zz@th5`$SpWf%wx2MF ztU$cAmst7JcQZ-o&uDzB3zWT1!iO2=fn=F;#wnx{t$x}}%rVXUXnzwmO0$qT{sv(# znxqEdw%bA(15PP4twhji_gtK=>wwK9(_h06+CGhS^Wa^d-ENiR{`~eWkDygG4&c>E z(d4ac9EvoO$r7e{0Sh2ehhJ-t1DW)umFSzzdxR~XI6c{+Jca6|Z_39Ng?kXB0Ljcez@;V7_$;_;-6fR!T_ zb1AgWbdd|h5v(!dpc2?}5av83QVR+H73B`JH!r=h7Ks-e&< z;8ht&jL^B=N{rsG_Z(o=-2}A>kcu(52lW%oscuDfa`zkn(*!Nc|L6giG&ozc6ew2t zHXKcaMDYgssYG_4ZvrD_su;Dzq zwZ9a6DGFZqq6{#xo=AN5vMP&00>t>6fL$Sh>)FQ~>3*Vu3`Uq5N`xGvtsYLVoYY@hBPJgC2ggRd;Z z_%rh^9wezenvPQIawtI4DWl>a#Ft~#j}FD1oC@38W;Zs>ZEaaOI4t@8>vw`rHwe-V zjg9S3xF=6YZr#Hc&GOZhk76+vgqFQ%U?uXfGtr~e5W&0iSQAE--0zY~g+^5k$()JM zG4ZA#z*&dS;+gaNgC%E2KQVcdY7{5bk;`s>@F66|6T3*eGFv{xo4pa%5$*Y3Y0up! zyT4gqQ*EvEiHXmH$OFG*YIu|vrLL3#gQ}gs{Y1*y4+JAXkJr#^aOV5~NaubM9(QnDi^_^jE04rMSnq`Vj&3_R)-sg6uCtIIUY58RTWYjzzbN-xo+LbiE~!zNaEfImaH^ z^#F_O2qfWDZ-r_@RmD$JtThmf$I80Zw!(Ca5{63RKanQeq#-1_(Kmc@x+$F$Rh%?W7^>LO;w*%mA&Uvfjrm()#Ny@KfR@zl}**}I0mya*8 z>rWsxx>?)wV@{9z5P>hN172A3!D9dFs;=SmVaS{eP9Vuw6e0b#qM*x0H#2QwhTmy}(#^uSNnfck%>?BGtu*q6Z}iN}8b zi15wf5*YW~o(K6mTTwcxeNTyweg}1e+xS;+u zRb#OHOVFkz*uOqAA^xz^b=xAe-KCYxtBBlZ{UbMV9Rv4XeibP#1aVo{-fQ%&TtD5K z6*A97je+`ti`<+|(fZ2;)O!dOm+_% zsZQvJxOQPkX}!E|PB8_EHh;?i&wWse#$y%zbzMANtNSp@!>#e}0~3Haub$Hi(qV z3pBgwiyN*D58>kr-RWANA9QxuLgwgvxNqHMQy0Y{5J-I`E;;#TC&{6Hg$_JTShz8& zV~xo7NFc&Ul9kE0K!MN>WdP^K+{|feWbjOk_>r`!T&?oJ4EN!bzQV4&WUZ?wr$(ViEZ1qZQHhO+qRvX z_q%_)wOf03y*~82Uf)L3s(D7FZu!mc` zZ`#>NU5$oK2R>24ado^%naFqBI4aSb0R5uPxg;R4(E7$>bz^HP}U{PI>%jH<)&%F~K zg*g@gX$U8;IYWuKF+f(h1n;VR;od@Cc(+IA_=V3g*FS5s*cSvJO9AX@3;k%Y2GOuDPTC(aW z5}9g?cL08ENl{!$5d6fV2sJcb3S~lwRGU-i0tU%XXiMA+#nI!}62JYbW#UYusU%ox zWvArifW}A$z-@7LC}J{YDgHL}qQO@*w1ZG9xC}A+wrd!ayi`-ZVg)H@(G27Sx}iZh zAyxXaAFYY5n9{h*>ys1@zo%S#e?itNk@ zieYo2JWsYyN1r>4ume$kMvJVMwCoGklBx_IK1fyzV2JedkDhET`2aXNbxf90AAT&p zdXRXyK$vNI0K>0Ug-%3Nbif^@>E-`#d1fXal{biTaq>F+z0zV}-hP4Ze-6mbHDO|& z7;IjeT%b}-8tW>biyOd*oSX7nH!0I4MD{zLh`!C_t%f%X3|z0hSg(ud1?fuWls7&F z*D7b!_z@n7_`NK!it99?#s zQji{4sg-YF^*sRI`oDrnUP+@zsc{n;Y1#XKq6{9dIQ=}aFF1I3l^`G}!YbPD3iwB- zXUV?}2Dim~K?^<@JS6W2S$d%!nMHpMHK>>6+-y0hDr=Gm?SP>ok8e}8%VR#{8HhjvP|1~da-n4g zCk$>$2TK{j({quL6sYJzW+nFf8;kw^w+6HQ|JGoQNxDvo!}uDvFI11Jo41ch;KcDc zhj>;zWy4nr0nk&Y!;=jfq2M5URUA~;6-bqvSF^3fuVC} zaQJ(-^kr}%;(@6I&;)qJtTbv5j3j)K(mvp_-ry2mY*PDzQtN_3k4~=Rf}W+{ehb(z zNtbYbU9&sUHmvZbohoAZ@KfQh_Wvbol}57}wHn7=X3+eOwy4wE9tD zB2py_0H6lB+Z1@L`k~qq+u$P)3D%ZQSl*^UTO{ibx|HKr=C*7&02bi!BV5hIbF zo6;HzZ-N2x8unrrh2_Bt!Qy?l=0T}x%G+w|3R{S0BTWn?5K877mY}N5Bt;VGfUFns zxafkEg1<>@mVRNxV;K=uC;ys?k8%`13LrguZQxw>&Q=d*;NbKe)qr6UE4?pLb^48} zqXr+S0}ZD0a3u;g%Hi~{c4lXz))|7h&GABaZ9N9vd-*cY^*eS z#foVYPMEgzADTEZ&Fm>M1+&g0CQ6X{gf2c<-2flAze;8q|B3eU&aY^W2$aYQ0Y&~t z#k!xRUlua9LeNgcGbk#RBdlR4ZdwBr5Q{StyN z2eXhd{`1r5)KWY`i(|Y%0}e36cE5l(+i4-Y(%|z;Hgb*vRwE#j2yR>~_ba_(2p1(o z!f?y_4~=#5Y4QHh$|D%~dkERYLKgWToP;6(Wd_;XEQ|so?NVY2MU)n0Aada$UXFI` zF{-ew{(PGpS^1~P)1!ZFkm-|7d%ceX$8%gkO79ntt)@aITVCyZ_b=PEdxTX&sO|!d z?!&YQqLW(uv{$<6%=d&8>LRp8C`Bc7!u6O7NZ97DNLeb~W!4i5Kg}ibPaa#ZVksL4 zU{@=sR7*}PB*4Zkk_7=NgTN02{`R@-vT(p^spI|B$pI|N^a*opr5y8?q2UqtG?lP- zt%Q^;%u zVlRhij~8W}dSZEe7{_P_j9@)-jkV_s<<`RqE)A@LCy8KcXWMnLlY zTRZU3`D_vjWjze=UCOTiRc&DR?;-20S$wrDL7mA7L(|aMa&=f~t292*FuL26@Xcer z&GuZS4oE_PGU@*H$-?&e`|)F8g|^4d&AOc3bpp zyH8t^w1X{K+5uHE(<2#<>zTJ8)io?R=sb3g3gtwV!GoR0@9L7=+}{OP2NN!FA%XNu zk(l^rPWC_q1sqs@}67_iF4`9h# z*_L>{^jaQPLzZM3!qI9Do{vE#3Gq1Qld{8TXE3FMrcuLjpl8_;qhj_VQveAOcQz|t zoEO_SsluNH{^cnCqLP6^Qo%xAG1td9RD-#vhC(ja`_>P~!o&!O-zoKd&G;?wAsj~B zszICB&QI-afl0K4vGHjLHtwO3Ex1Duh~b1YC71J`-rVqI4QPBbK#J zaZ{L9qK1dC9gM589)K~FJ|G)P)AbCJ=Lo#(ePPS-L4NKE?Qim4!OQk!21o)1;+ce=vBAesfdUww`kFLc|5Yv$f(-ClbbEH%!APo9-V~F@h;=I6!Ma%byXhxiX9OHxzOUju@PeJ*r=y z18sNP+svdam*o2O5@~hQ(m;O_a&!nJAh6 zfdAH9Mh>QnVt&SFSkX9edE2W?=zY7Lgk66KA|Yr&qdCyf@4hUIBT!oHlsIoih#dft zv{d)0rA$6v(?c-TJaI)JIZq-`>u;spbRHj~`hi-}Dnt(T$*59+c4Lau->~(YBrel! zGZ!Fnu!%}r5er1%9VvA~6{uXO#yac0*-3=$P7y==WLanPg1!_fA2ZJ|YG;zB0Hc4PmnS zw~H>k2kgrahC=X@qbV{HrsAf zj%ob<`fr|L`SHLcM3?;rMzmi2^|q;O<_U$-T=0gI`q5q2toq7}*rTgL5x3SO-tIa) z3z#FQ>RTg?*JBGGkm;JmOXNW@z955NyB7D!QTUqfba*B2yJ~im*t4eK@33oR*Xg2O zhY@Tq%O3&uxJr)*aw81Lj4i~3wk`QbRqm=XK|hYueFU1=1J$lTW#S4(j$ltp%_L6y zXw*A>6_M+nXJG`e__ z3~A9Y3=Am70wvo%&u^-%Yfq~Q=L5~qFiraFArmGSdOGg-Vl&leTEWZ!;zPY)H~?gQ zg`tPGtKphn3XITq={A1|EbE0B(~W^56{eFLc+}W1BE1vF7Eh1-SYC@2abcb1M7cdC z9*joD)#)WQQ}dzHZhR>EhY~Fx`$xjOJIT@2AY<*{OS)cVBC*PAwp;2U4Qkp~BG2z# zi>7ap_05A=OccDT8OQNNd6z>Cd6KP#qSYJly>AIUAZ!wsrquza=Rm$VsP;EyMyzyU zgIavI{H$|CJA^j5X=MRF*ju@EST{=bMR%luXyDk?=t^6bu^?oDSJhILJg{-*fGijL zGz?`eWNRt-3}ja?jaN4j_ca&9gYHk*jf!bD@dTft+pHGNd1Y*tt7DG4;IP5Xvj$6w zo(5J(jHCi0Km;R{D)aDWupW_q;tUt1(yWoDS`;P@Gr&vFgvIw{k8;np;D< zM$PV!#70BpX(4o1K!6n*nik6=w1A;oM~iD1FmR8rMW-~659X1Zy>z^khj-8fG``qG z1eilWp&Dx=M;H{zaLd=Vyrk)w(Xp)L_Nc2v#pIs(3WdIz*hbCp$|P$TCcIHyR~`r} zr;B5_rhTgHD{Dr6fNBR5T?_8AlDk9By*wy{4VU8 zK=4HtVFiQ-X=UsB%(~C-a{m@P(gY->xJh)<@bE*z!YMwCd$NlAQfbCt0bnc;qSHVM zl|~7bqP;**UuqqNS4`R{uF00p`Eh=KBSiH4BjH+Ln%D8qi-b{wCmuLf`Jzxs@2jc0 zm#Lcb8+1E!qJ2>oB9;6Ug;7Geuh4}HlIdZ@r##@cnjU})3=-B^`^|QnfLqd&I9;i>0lsc zVfvp|f^3(^;eBxfpeWN^6T$_{^pf(Nfuc z>sfVm^M`dyzW29TCAkH#P;m=U|xA^@Hy8qYn>&5{kt-5Ry>tq zavUo{X70B_|1uX5nee#irzlLiFkcnaGc_p>|h|F;L+^rLzs!@a2 zYfLOGZBtxMduQ@v=S+ZIKm}XV{!StuKlh*cK{`r|MhIlhD^A^Saf^+`9+t5ghFPJ9 z$V+BT=>v>4Cd4S~L)dn6U{~JxSpdePU_Y+suh*M*TI4?MVVQx2YxXU5PyLwT{#!v@ ziWVymZb9|a3JrYD(XyR1Yei8%t^f}RBV4@EM(6=i@{9}h?{W>(cWY(#2(QN-IJ`Z# zW5)6ak6P0^OhMdmneDPWo-XEt!J-jL>e0&F2U6R}(j1uC@+5{Ykii z#T&iT3Ud7$q~ckqE*w72i~A8xY_nU$wM19QKtO2%MaJichx$hXU0kJ{0Y*bgaFyP* z%u0$lm4LmJ@=8WKq1nQO2^Qn-oW>xB zsImBIzie?aKza^;BX>%A|rnh=?LtL=97Mpt(^S~g>@04i^eqvTDS=DG9vzFUU-h&i>cmx;LWFjm8VbQG9#E}P7QuWHCF9ZU+eYfL3MFHu^v{zwUw5bT4TgCPKl%8{ zrse*v7>37oeN>`Tuy#18$`b%6E*9mD&!-x&qjmql;O+Wyd%YCuC@LtHRp;!5Q=pYs z`q!mTq7@-qzEYeeHIzldlp_?DRs&fyS}WR0P9aB@+{i(rM9%5AobIq$p|0dq3bS^mmzPvW*GPi=7H>^5nvBT`>33cLG*B#_( zj9C4Zy1OMjRijiJi0Kx%CnV5i6}2t$Q&&kaQW(ud(db#Co~*LDsbLfLyut5+)m`b4N~ zSN3Myg?jA(PWpXohO@yr7%)mi!c103dEKu-p$N-PWV}?BBv$A@LYy4< zMOURG*-JCN`JdG8es`2w!xfb+Aqtp{qDJNba|GARA5dL3zcu4~SSy~V;_aiAi=yQ) zmu409HUT%J6cy@hV|Wa<+=vM4i!LVBhKq9ywd~jpeg>m)DcDf72p9hLgb|&>m@P(zh@!L@TcF+Ere>)Zwtd5GE&wv)Zz4cXr{SLEWJ99 zFoA&c!nSuV$l3^#Y)0g;Ck&Okh^6kg2FeDGuL zAM+Y*A^D28KKYQ1h9HU^bGP4&$*QBzN5#bT!}>cYk@dCx&uu|{#&;ciZ7iwC;}CF< z9E)0w2^^d*QRK2wGLg`?<0C+?DWtb92q78W%)T=Y&RkZ9P{rZPDD)qu64LzI6bckV z-wG_#ZhHO1pA|WU%0D#~;S7COzcvdb3o;2!8~h00%FC9)Zt^XgFdU4p%x0km5zxypn|9q)#B^;7FOx?4l7_=3 zOnfKtzbJ`U*NM-?HU0D>ObZQP>{Edh;fpSzwk!Mk)Di@S;SO(CY?0p$xVF+X;%MN=9|LRWQ3Si&X_A850`tn2SA zOvn<1qZ}R|RU`bT_2~D+z@<}tyXc0hTpRtXav?MO^2=mQtidk}?hid3hZ0s!NioVFhHcht9E5kFi(T?3bd^tY83(KZw(#_~yF~z?-K}3a) zh(-<^vGX@*s$zIF_X$iwna~?LQ6a6t^8axP3s}x?Md^x4Y>mw#LRcL(MLz0GkYs4w zdtt_pO1GickGU(OO!eZWH=0gX36E2l0-rQ*>h2;$Xr{V~soZd-h+Hv>!wk7dk_xvd z%YhG$rtJQ}d_Q00kc8-BV|lu=ynT)6;(l6{f8VX`sfO^b@p^l?y4v3EZLscWWp;gr z!uq`Po!=|`JT3HrJ>DDW6NiN8eu)+uV9$kxrOL6)5!%<6y=VUe535<)tftTE;t3+I z3Y%RiF;a$Hyl3|n=C2XV==OGJ*nSeyF-bHmML5U3qIqu&1g4oSG*imveKbqu-3k(F zF#CS4{Bkh7dSMAWz;G}?FtYYoLpiu!aNB@5_Dxm;N6ZH2AE?BnnJ}I!tB@{DG*wzC)Qs{rG!R7FjAJA*Ug!3lCh`{mf7$&=I|qKAA=j0R^{1K&Xfxk zwPT$}w*cDb+k!jW@vel|1aJ>Z?Z=esTsp_!6-a}0)hP0^mu}$;}eXRMx>wWNJi>mU_HR(bqE_hAV1%D0j9G4+@7}9a)Tb2Lq zGW=DOVv&}!#DK$o9F5|9-3pxEz?OLI@Hl4~H8txG&SW3?FZG~6#9W9FbusM7Xf&m~ zZz?b*B!0E+43$KF0p~VBBJF@GX}NQ1cmgsh2V)PiUesVK=!a6K=N?KOtHjJ$vlI9M z^`{jbMBbj1jrxqv#ST2f@HRcff1dkK;qf(%fBwYwQsW|uM!y8jo6lI5LRGR4(`}!n&tByi-%NDyxkiCtoXP8P% z3}79@v)$0hf#SW|%@1aOt~`p;>#o7m^_?q-sp|QgEh_L^YD8TEp#3+?sdru06Taz2 zOSYz6K^r+53!hp<5BcVTI;)IhX^>Z#9)2>ZWTG~Sn(X&x^0kX3T^5!_6`Dn%Vi(*Z zhg6!ppOiCG?lI9QN-(fy7R<%6#|vgfzP_w3P{kN_&^b8FndQd%!u7~Xf2$IdNwH}& z=rMh$b4H1jqjoUM)#9~ql+9$LL1Ic2(0Z@*H2pz7Gt77u@)O66FSan0A=KZVSIq~E z<{;4-emoT6W$s=!kL|Zz6{5(e1aSY!CwCoBO4$@l?s@HPiNREK*^4Pk$KJ;)ML z8)xCd*kU)+E?1~6b496$MEa_1f@2$QitZ~PZn-(3TEZ}#v|~vg{N$VgqsYdIr2{uf zN}0wW^%mfWYZ9~yMG}JXQMSI_4qUcE)zx?llDwgqxCtM5eE!p=i;W9yDV>V9!&+bb zw)Za!sI)sencW;-Z`&hX^4rQSAO*01=NGDx?hA(8o8&-Y8%-?k-G0hsXy@6W6(1`7 z=Ll8Hh%ProJ^cRiq;5UXU<+yx!-D3Z%o)MB*xd`#N~Xh`&H!GNud}ZbG0IL?DytAG zuO5T0baA2H@okb$&rr_*@-gM~QFiGnHxXX0OfrhRF4F?-1|DsPZaA%4;Y!%&UqbMW zC&K+so;g8~aTVSm2HKoSMa#^K!Mf~ht^KosZC!pzBdnshAg_5^nB?nK$`icER?gF= zZ9q=Vb76oAC)Wutvrs7MUFk8-`2fSfLg}_*VSwS(r{Q_*-RMtm7aBdGsu{_N`gT2|8yGcqsfZO{C%SLuIS-HO`q59% z)CEL!TzFRPV5gn5A|Sx9S5aRU5_Lef!Vzi?J#iTS4fOsg@Wl~k!=lFTryatfd!*qK zhwp;MGgAtz7-?6VxB?g{}VcmREO?0T&we3R&{)ZI7qmVNF3A z=O^QPRejR5v5>Vrd4NEp@8MHZvsv~D7t74qZ@C20&>IN3W_CcoN{ppN^U*1l} zSESPj<))=Ifc%p;1Njotatcw0i-egyy`x}P44eGda+SJU-h~%c#`juk268DOduPj8 zM1Bd&MRCkLoR#K-L`+bAx!Xd$N_JaLyEQE-#8V5$lVxoh9EmfgF!X*83|cBV^xxfZ z1zeTeg_DF!-CKKjd|7J>v~fjY7K?p+D7kdY$z3y$FnK;!AX4E5=8Ch#oSMtVgdf-z zC->3yOv}fEm4@!~$;Q{)GSA1u)wgE{?~ZlnDoMK07UiS72jNF@Q-DZu^Sq8pl?qq zEBv{TR>A9`3MK+H(hA_MX^{QHh7@|Kf1*8w>+V1DQ6ATZ&oI^ke!?<^R5o3z!5=Dr z5Lo;1?*(=Eal>5>FDycbD92^G^n0;PI<=PZ-*hdlvLj*8iT&sDhUM4(|w&8Z6st(z>h2FT~zRK7Tg34pp5GyG+r47Hv$WYT3ipf3~Cji6kvF`O|kA0 zHJP*(7~ea6A+JnJb33G2MYqq%57NQ%O|J-KQMG$IRUd1g0YrZW}c-rgsqkDf!c9N$!&piO1a2N%QE7{~PU4 zljX@Ail%eYsr&Ncitc@;Zwgat1Q2%${DF|e8x0!Q03MT29tY_3ZO0yA;x3!Laemf>?gE1?dZ!UmKaj&gyFBe9ysNwAHfIafkIO3y{g z)POWN9y$^a8!hr+)eE%Oca1dcIlvsa0|m$#6br8?4>2!?ejzVMNN?zx5zcJNE4UZi zIfuU1YwJYK3X&SFIKsC`+2zP?UI5*^QA!M}=$}x7ZI!x7^8y^omI>s12_cbl4!ngd zujZo@8JF(M8boEyN1?!rQw|bd&l4@ezpr*#hEd%e6Tz?!!uoQr-6V*gO&fp@YQ5fu z9l&01NHLFRO}=@PmwFJW>pSND2%}w`?vKHmEH7<|i827t`@unWHWK8O0ckRh&{#nd zPg2v7j`o1o6wGudJ-=6DE=!Hy%o@8>?Z=N4FxC5IaKYvmby+#BVY z+lRBV?2nC*FO=FHz~9sEM?R?WK0Vzvdv|eQuP&0iq;hV@j>#GBQ1I9(z zx>1m)@Znvzwg^HIT3=dDiHo`u1=@(p@Jl=#V`3f2{zFA zMb^9Q1GKDQwsz?KgXvu{ps+aXe#mJYS=oGIyI+`&t$wCrf>`@?8O2@TYc)--_u*~h zq65&u-QYWSfgUB$WN&;J4BJX zKD4r&I|ps_9k$WZh1_+MR+$6(T>O}`aCc7=lT;8b1p6%4wj^(ABkrR%lC7JGZS)n& zs1pGsPdOe+;Ss~)0W|I#^8%Xq`!3PtL~z-fc`YLkN8p)otcfwaThZ9k|E=HG0u2c& z`6Rq2%7NDl`%blYz-zkNM}_P!^Cip|e&!%gmL5j43% zg>Hvzhlgt3y>u9N1}m?h(eIhj$2Hz{NL+%7NK%@amEJY>fCg`UKvtV4IH_+J_p4r% z4)li2g@c+ozr8{rY7-DBDir>IH9G`+VS~bQ$|IG9myvVqGz0`q6BS#u*l-`=$G#kJ zQnLCkCe7u6@w~?uEsc7Sz%dPvLo>)n--j5Y^-zQe|pKMyey$RjsEuh@?3kW-M*>Y29Q44nzG) z=O?b!DA|kAI6cjQ9#}PYz3j^|X;(Z0C+aU7ei;L62wM8=^==b=&gRv2@?`ib${;cs zYyV9je3aDR_>zHt%tygVUBvt|;!jq=9MXAgg%B0=hHsQRu$j|F%FZ!wvu0 z<;-_Y%GGj9X)Y8rlu=K1JxZH|GgHODz;!^yJkRtQFx3vqaG=WRdHX@oh}z(kZXlHu zLm_is1P(y$MW52mvT2;Pv;>)Ef}ul#K4BH>wf|fByLaX>U)-V8SnM)O-a2s)3neEP z77@3Y&+xNI(7yv-W@hisDN~^CDLUjXf>(5-K*}n=-ye{s*0w$i>ebZo5jwkJnW02wsSZln=n;} z=B*TBZGDiL+8UTtJRvgZm?hIN6Gd_0mKLw*yeOa|+Z!hv=j{-TX_H<~wt9;2U~)4R z#cewvlfa9Yv?}t~cLPSF$n8~yPJS`s76d_%#bP@43?Nm4V3HaOO;Ff56H9UXxb9C@ z)Ie4TCW4)4U^3KPYn|;4CZzwhl=UHV$si`QJ z0~1ywL*^ksOvqH6Z#ux&DJ=`Wj1##m)SQ&_4r}^wAvsK&Fg=JuUaA&eqZL||r#bbX zKlc7>8DX~FL!MZTR(#&xnDlD;OHO6;wyHI@KtC`ca|)(K0@)I!Cvy#2h8W=Nj71i1_p-bKM3HU z2KJjp`RDcWwqhXX61Rtki;L~`_A0}MW?IL4Fof3&&&jRq=lyIK$o-AJE`DI3=9_T7 zE-oznv0;pcO0b3=Rbz^^It&cD1WqkKmS2~LcllRXuM(2$pL#W1PsEON$E|zyW}f1i zBo}%!YrJA=YLVO#D_m7~W@VK@3E}QFe2Yvo3)pptPNl~MPWUuW7l53(2RNdtwQ`wq z!f^#9NZciWmD$C~`?Vuur8jL#+REoS1QPzo0g55MpEUB$^}cY`)KyD#{SN94L}5t?wyNx!vO zQ3417&{#4-Q>TYtYpZ|kOY*eC@rVaL4$5B0f3KWx7dFMzsgS@rde$?V;f^$`TBd|4 z!D);a!!n3>)#r=6QMLFwv3;l&_NZ2~JEdIZBv}?(RbGsh?5rf11%!4&qLMERZ*TYx z7)7|m_E81fw}%QIpi=-n+aM9wtmy9%Nvya!%8ml!a(Hxan!Tu%k9_&0W;u{n!Aj|v zJ_o*%HJMS5a1>@M$sDnUS+yc>)1)~R2Stow=wOOz65o#E)rUiwrf7Y4K{D|b^XCNS zB*+hKmo0e%m`^5$2eqEHpZn#HWjMZB$S<`6N;NTL5joqa2(ADr zPGi$CAU5V;KH_%;f3&Jki?pzb27F*-LqHQJ0QA@jAO18_gJMP1`mox)TRoB0XLODc z)C=g=gsRUSB^~1<=n%=q?n{_P?t#isQwv9H5Pd?g=tlk%42MG0c!^sIQuqtKPeGFt zv%_8_&#rpsfK@lGARE1EeeVBs^`Hi*Wob()gOlWfs-b=Xn}*7r{b_8O{yhXD#33RX zgr<2@CdP9czXo(TBo4GwbT+vqK&@o55xHD_Cvam*Y}1Ow9yHjk>7}mo`|7ky4|Oxu z=nCiMwlPx#h0v04Q`7+Qnx6s{6!vFa$^lHBj}Sw3a5Rn5q>7dO=;bRJ0TO~F+retv z;B7hou6&=X>XEP91hHi|;WRUQO9=Hb!%GOz&Cqsyq2ku~DT<7m#c!#~O%;()pV_qg zO4-ZNpVa+vdD@w)>}HWBI4gvYC6Uc8Q4oKwE!&3YEN!{TPj$8}So#wyXsHwZ?%BVS zinMrJHXK}L2zf5A1a#$B>?Ez*fV7f35SPUbERHNiZV4uuC(K}}wgBS6t6h8|rnjeTAeaewKdz~}0*gEa#OYum$>dC!^ad^ry@7;`JbwvtN>efyB=m;y| zZ%9@3G=Utr>soiz;^`iWl3bF61%F((h?7XKa$=H1N*TFc9zu9!8~`O=VU1|NIJ17R zQG^A^7dHMRxV6zyaeaW4L}f4ysvA@qYV5fM`XIFHD!8>voql2}&qC0BrC|w9$(xd8 zS6=`m#~vyms-2mUHokRAJIA~^13iN2IU7LzTZ4i*2?ckPGGWOdjJ&2HE%t|cr-=+k zBP3z&mlSs0V&nbe2-N8j<1qvRoQRxUe;?k?KXDX976^ z_cOgW!^EsCw5lFBrZtg;uj`SLa2+sWOql6$eeMW@(acEIkzKdrev0a~hAH+)W5jY} z3kE5%*Ww8G5$)3AD|6n^;rUX2xe0S73kX{9(!B|3-uyJrXqE{AcKfE7>dYDc6bA-q z?QOSR0i^!*ETZDg3%k?a1S_V-g3YE#^anJ%XuaWkp-k`T&0H#fuDS5^b647aV!L^w z<$$=6`e9mmu>zUK^HqgI9j0Ja%A?$yav4T; z@5j_yCNABG@74}H#wo_yLr~DS|Evu?avT-?RpgXi$I9&??}_rPlJE1U-W7m@wUpdm z{u#rop9_kGw6@XOz(CtLT@!3AcFNl{~guYgOdgLA0WaX7t}i+&baRl;a5>oCM+w2P=+u| zvcA!;)-dwo7b4M9QXQ;KE1~aLvCmPc;mq1*Qm4%|iep1$yXy7s2=cfG1H$7eqc{_i zfw=p>od4JuytRb5;FyS97xJSO`|bSWZVm{xZ_00gn(GcjpF7Sy*zCQu2H&?Hxy?PI zMGHxF%C=O1-&aQ;z$%e$C^%l6l@2(giF&TU??dwc*}&uTP%(Tu6ZYG1BY1+r@4gfV zl!!Qkb#*Il_U*SM(w7wa#UbZyWVwFcTkj_WEsVoW9(fPUpk)nl+;%IvqNTgJs`9gv zNv;ar0QRdngOuYvgWKA9=1iKZ3*<<{Y~nY5l)C1w)}im`8=vZr!KIYUoQ91dUg2uS z{l*+;jMRP~yD;iwfMMA5p_`VU3pxAZU_<#+}F&qnUW0I$1;Bq6dGx9R(X1P?(f^(xQC zd4C{Rd>z@e!Rwfy?|=UP=NiLaFaOImh6D0T_J%P}-K4e_m@9>!nwDR%?8Mnd99#8wJmbOyQC$S%+4SCaC&eOI1Tl`h7#u=YXL)uh+|HEW*M#8YM=egVfLWm%5rAfT)Iz7SoB%WW#!+d&0S*gDi;K za++mIb8J^tS=E;eXd9qFZ5@hs%7Fem9h~&Ho6M9~W5+`x1;|HZw>zQ<4P!)sG(o!; zASji9qC4WD70_>GKDaaYwkwRZl%$tRD}D3+6D$=^*-N{jjo->!>RNc(oh!kt18FfQ zr7%20-Vsa%=HK^*Ws=={V$HWZddqubuIVzT0>IdQ6V2^RtyOpB!D|$75Ef>gdIDuv zW2%O_RbLs^OdzJE=xkO|TkW>B{UOCCzqSi3LgaKEg(x}&1ANi~Qq7wyaw|Ook`jp3nx^}8f6c~Ix8x7wNQ?t=fxq$M1$i^hYz@Rl z9_yx_MIC(II5d5Mkvbx|fIxZ##DxMKg@sTA{D@{j*@;D}Ho<;V_DCl#P)j5tWu?cC zc-WFl7aH%{Q<)7Y(*fIrskD&)(wpZ&K(IXa%#C$f_jU8Ie!$&4ZUQ1+!I^vbyx$Xb zI+CuQcn$Px`gRx!bW~9;%wftQGkFKJKLqEPKyiwc@oYDStKs1oDtk5Gy z;0x2-@W*xhAEa87|96aa<2`2OT(rKtR=2R$>?!f^SSEM*J~Q4RYLC8p|B znmYDV{C6SSRc!5nb0ly>5D}q3<*?g$3p#d7-2+Q__1wNuAIU<~&mQX3?nN7HNIu>i zJOW?ueUmv?&@A64c7D^#%gT$(L$(O4ZXfuPtv|>-R|hoHa;7EjvKGw6)N&fZFWLC1 zx{OqCH4s$sy$ZuDgh{d_BdMzrj(^L?=b6j}H6!5L$`|(}RP~;zby+`8wG{##&rqqB zBYiFrVk||(G3C$Oy8@t36E;2fRpMur1C`Z6Hif02GOlma1^7tLDTXM&Hp$yx#CJXl zZ@lJTc+Na>9=l}SPuBkTeD&~GEHcwGVjnbp6%-zi=5X`ANUK4M>_%qNEo#%;6=>b$?_=P_FdZre zK31oXn>Rr8jEpk$FG+STY7;x+^ONW8V901rQ50?vnZ&Wc zNJ2Oawwwl7CPYMdyt%w>A}?VxfVaHEoQq3r;v~kUCB$|Gw0*|%i$kXFEy}XG>p2+b ztp@EwAhakT5-IN@&88xfx>!fU(;<6|=6^3I&JPx@13VQ;PT7(Jv`^6XdSVmzj3f-w z;Nbv~YtYj=&Zue+FuSF*AIamFEVKMepXP56yQDQc|H)AyzU>0y6|@%|h%+%BVOu{0 z^J7ZIU|?z5e2N}lFIWemc(4vpc8Cyi&Bd|xw!9m?sc)kX>9xh=kkJ)ZmYz-7<0#Ky z*uuMw^x%accuv+HXtG(IGuP~KSAy3fZ5?A3_#~+<90N*Swsj244#%Co7cciSQ3lg8-xAQvbp+iZZkn^SlFAJI_ ztZ?=1?ILA^vgYQ4!g5gXg<;hUD>J9ZS@B@Zt5Mz|Nr=;Dt5@`SoWkQRVV|ne!D$&= zoUTJRfzp}#4M*V)IwM(u!l9dYGamjFYI>a0X=6IRsF z>so#yQU=w>Prd&*k4`O71u!r4PzFFhvavFtKNgUcgVDjR0qLEwYT21K_#7-z7Tp0W zgJ^{tgtl>iv)Z@my+^*E<-DQ2k_j@^(7m^FsIxWZfX!g#?wg9)h7#pc4_l9ZKdyIv zdB&AhHxS6o3*bvgvKN#qd>5?kx<>7W2BRp%OX{%i%cfh{qNqypEV7dkn+(o!mV_vZ z)%K9 zgZuTD1j(#7rQ-u$t^B1p2`!(%V~4~rUcdB>E48J(YlF(SPuOQ&9}L8sQcbb@DHvD$ z9;K$re}`vr7obWUx@%A5uIeiKAQHfTSuepN@)gi&h523?03;0g@!!Ui~V=Ia;D5vEsIVUgyI-AF9E4932^n_ra;F+}lJ zb+D9_FwYxY!}K6aJx~P%8Om%ZIKX6=PZ`WsJs(TZFMKJFJKJ2W^tZZ8tpHwHZ8br( zGa=D#udviH4Q*@!y`7H^zY5MhIpxk}Zsb=$qJh44JIoLYtoQYBHEfFeG%!36R0WmI}?kb8k*?rj($ z(MD`hFJ78c`FS>oT7{5nJH^bMV6iG!phMqx!gqu)jH8yGUW#RsJJQ(}+Z)UHH2pv7 zB+U5miDwOjumx%=_!mL}DD!|P$EL7S;Wt$bI9Wg{4S(V%3hA(k)Jec}5FW730dn%E z$*oNbe?|={_0!0=6CB8&@JJmyO9+x|8k;O?*0Y{$T|ZQItwb|#qEwr$%T+qN~~ zX5RPSy?3j&wsxzws;m1{|J!xCe&>8X&+|1jm(mDr&|)#inu{hpg8%^FKTLGi_B^+4s*o<&Vw;(9hEF&4YAvNeAV^V8YILE>*^e5P zu4y#gF)0Y8kl3l4oF(0ye8Q`|ZO*|_>IU|~Xbv(qY`KCCkKK5OK_gYj7arTZ)A6-D$YDAit4`}oB?1c z=DO%domFCO?LtDY7&Oq*Xl-mzMV(K!?n_a5BDzAfkV-(clct@Q$|t{OW)J()FIjzT z{~n4#bp^D8Qf{h@BIi^>VH(f2w(Dp!L1j@VTRFJXj~88ksVdoGQp8y_i#DOTPp3F& z&gYGyx%k<3fquG|1U&KwtA~X7!R(vrY*(!O-%rEEAqd%(um`|A^ zkyHKARASz>5~MVPcx@;R4D-Y(gl}aiSVb`YXSL>Ci4iGQXeICsO1~#((AktqtNukX z$p{1nD44;w0!r&BqVq%!0aF#)y7TcFrK5&SjmUB`J>T^Z^=M7DfeFdf-<4ibZ_(vY z$$nkSLP>oAItw_YKoi1}&^(jINMos%vyoasVe(AS@%JO>VtGJ-b}K*#WCeO6XC2;A z8P!>ZazbYGVbSPz3`^{b?S+eErj0R*g{IQ`e$O1zc6`YDv$2uo@#ONp%YO}Y?+n{; zL}jpk5>(VjB(hD|Zl5q(L%-{1#P|Lq5B4H-9&Oa&ro={(1$#6g@d!M4MFt)^tk3nu znNg2DAts7^nO)WySvL%VbEU7dLynMeWwY|7ce@m~H$Y6AU!l5|-!~3Zr6#{&E_D{u zQ6)UBQa8htuh=BvIK6DSkJ|#;7WCO29@s*vuC%qYeDt?p%QTHb0MI__SlSyJcurxq z67`RS;l7&{i+FZBlo6i&-2j0;l}}pxT}$ZWZ|N*eu2{61@X@Bae&&)|E-H$`Oi^71 zN<~kQ)F$Q9%s1ayMiHr09p!Aa#*-9f#*2sGfLML7z7!0|E>vPTbX*HtMWPb6m6mCi z36d!$B}fE3lb4;2d#NK>!_a9+4&TwW0KZE`w^C`(kdR3F5_V@g<~(Z(0!>ue^BZp@ zt%|4_sYn^&H20jA)$)Sasu4B94wAPc0lu&4TTvwOs90Oa-qblqMT*w-LoQ^67U7^1 zxqfpZT15=vO>aNp8lPGgk54Iu`_vLx80f@qF=p4oxVtU<6)Jk}05Lri6SKJUPjUYLdbyHXr^l(-vNyH?7EgfZt|lx6;v zFlK<4r|WcM!!C}bK)Zeob#6~84Avzz(GRE`-Ue)Gp-Zy$u;HL!mmzaqvs()yJPj#K`_hV2$JRVKpX0{p55BcuNYPHjfM*11%MpA;$OA>q zkb(Z9VpLGF8sR~xeR4tyKhG!pP)l37hDIh@-LIX>-D506adop|y7g|){f8>!?QYNi z&v5!7w0$kMAY^aOfuAlezf+3|L}A)KSI?3fpZKTPpy3kq=@5;nQGvalKMfe7#M5Ip0pV?dG;$ z`vF;H1ru;g-f#34m{u=0_5IZuKSPODs6qTXa{&){j18;Pud*7Pz0<@K4Pd%_BH_aU(2pYqrxtP#mC=XX%77VrqMwZSaN&FUWv$Q7wauH2w& zaSH>F%a2*Lcuu0AKN(5x&%t9@&}p}6X3Lox=H$1)Zx_CTf{R@;Mq$Qq`=KP)A%~Cn z>sQ2{JO1!$NO1w}rUKV_W@BJ|t_|@fr~l9_ko*D(-{LOmIa#75n#7OiC39H~MwE1# z?)+SUv&j>qt1gv$68o)_PMZe7AwbJu1Oqoy7d9)o$jl!(ehH2wP>-sh5cIc$V@2en z6fC;+;qvaV$1x(vPw2L)pRaRG=C1E7Qt?*0C!Jh#F^<-;0o(?pN`w!FgjY>Lx`zAW z+SgHN-u_rB?fF4l2#B$=0V$9;bfC!L^zyKqAgFnL*N+1Ritu|9(cc6aNYRk{ocajp zX{V3)y#PMIZBqCLor{f+=Z#gJiwk$_$%_klLZo5QXs@+;_7%NRmxIH)Ugv|u0Cg`n zy~nQQX9ccC4h1@Gd2sZR_rfd|1TI%=$~|u`dEMNJG{XcT)|9e#POCu+7)p&sUFFxc zN>o-^?*E2Ae&hWYe?+C?{lXs|hq}M;N8t59WUvRjYCk=E)X_)^cjHbVlWqb6yL`0`ycwT;V=CNMNQ^JnF8* z$NNEB1j=%lGjSSobx@2-`0HM!`*XMB?k*%#d9pJxu+4f;?rXwAs_r7tXd_brk%qLv zH9Y4W?{9VcyL{J3ouB1bOY|8J>xfzgdWsy1M)3CiKVa|j))9&w?(Hu9oR^NZ{n;Nv zNYt5ZU^0D35~)KN+wh;WWj5Ad&M2M9a*?Z%)YaEVWeRGMs(^$zf5JGNo(-dUm6*okTY-q~ZLdORNhW_| zOls*+*;Bgr;Wq44s2xY=1x<*;2c_5l^e;mjwF zqRXsSWzMVzx}!yoI`t|cg?XVHB-cqLU0JUmEEn7+PD*_ zl`zXns8Ku#{$>7ot7UAf`&G#PgPT7C$(pvQR3jAy%E6 zKxlDfvzXC@x_iO&jt}Dhf>E3|{C{E;wbxmJVrdM;1Bb0^%bCr4C2o{V!Rw_sv%7~# zE)^DKB0A}MeM5$C8kMBTrmUGJ$x%QO6R)>+!G^Tu=?X|&~-sCB7n{wD56xW0Zal_=AtU4wHg)5 zbS5HKG&VG=JUf><$7Xi5sfW|u`K)*p(=b^+;D#!sma^EP4(uH09z%$fgGajqlDQz_ z5X~5pr-2~16v4*PN3TYys)7zybESDR-F#X~TOqG$TnW$NU?{+(ZjNTfyGj{o$o^^I z#vg7TwHP&@&!DtD8@y4EpFKeVD#x z*L+rlq{cHdyJ+q4DP(3jJib=3%#-g%sO7;Zp3;=^&jMRPM42>@`&_d zMzBMbmYrXb6bkFED$Let*8F{4znJ--`d*quZV)%y)xnK4LB_FgI8Wx3xkl3{9^$vZ zL-Gt;+7$k?yC>UM#(U{ALybTV0YYxY^$^4s%u|1U<Pp)Yb~7+!RC_86DslL zTAEeW0?r@Rdh*mv$+&5{yWR6VfAzCD?>o=2*;?3i@%66ml(NXba$InErRD2t?h<2# zi>~{Xq|&B%hI)LInbtOTsiZc?BEyR9tKJB^54a zr;Ym9rDBx0rW1|vTl=yO6=j^LM;`dg&ha?)UYC^%5>AH0K3NH4a5id@=G&jU$r0Te-lZ=MU(c`O+zO#_HWyWQdl z-~a#B@cQR+zgrm+k|xO9Ln^{Sp@n?19QNT0S=sdjnub78&mcb6h6wA|a^BB^*E>A5 zqrJHUAi9ltAv=u2U`B$jC=0)^L!xSYTFWMmb-3g6qP7Q^4;HRtQJJuLo}FT3`!5t^ zp=j@dc)AqIEwai3gQ3UoEi#2;J2JZ1Uxl5ett&^y5$Hlae`e*i>e@s^abC#ZOfi32 zLW~tBw_$CL-IuHcr>{$-d`{bQz$;RIM`M`PNV3#(%}%^5_mGy3N|PKmn>eh3v3midI3=wz679;7qyj9Kr5~ zQBalGlxOIu*oMxkH5gQH|X<&*{&^Q4#xwgU{B~+;Grm4P8E>*6WuI8XZw+i z+njC>bR*m;H*-<;I5$rNbO{+_;iq`AFQXBa-}y(tA3L^7-9kI?y*?;6#$T6?R6ia{ ztz4NMR}05Dsp$1Q!t#*}l?3IB?7EbPV(;jNrd+;;-E=TyYzJ?RIuIIF*VBWN4U>Yk zuD49-b}=mR%79mdu=bbaWLK*tJw!WGuSdWrj|m~8<7){@bE+;7(U%90oy7?d`Z7pF z(^D$z>1PEhp5l@X%ixyDf7~~m08#9Oh4*spm_Q;W8#)G3=qu#{H55GO1x1$hbFHL8#6g`Tqae~+vyA3kW6Z5)=Ds78P= zyPA^wY*vb#3LLT&d@C=+d^0~{NhxN$uT|{Z!1d_H4#BlIEZ1&q-F-RUVZk{jlW1AT zx)z)&88$O9>bP1+xRT%?98km*z7Ke)v6=UT=zaS^p?XDuT5a!tf7uyKHchvtMbW}n zLzR)cN1e}t2-Q@67X{Dx#CkYZq*W#tZwseepUC3&Ffu${Sn3BOjdn!p;MlU(DS7T* z95Mx0&Tk@uX-wrQwpvn{45i}7m+#+A4Lv^snA~Y80Hv{Vs zv(bzl{|z6wq+;L{%yh`$3NisQEiii&*LJN@vf_e{);UH?D6h^|kM8#kTRo=5XXq5C z1!Ab}#J?)K>7@ZOuz@Vp)kg0}@8SnKvap*kh&qu%$qeG@MUMD9+fj*$D)*Rp&Cn+#un^;$r#!d}Fie$70} z1bw~Uwhn*9G*M~*&>!1_(bY^jqZt5Eq8qmwRJ`KaS3ZPh8uR;NZD+Y1{fdKC5q!_* z>Efm#@P}cxz{+f}e3=Wnb3n-@vi@iSWHs{1Ec)0nX;m|@kt!TEnSEmX%${0PrH5!3 z5LEyCe3W(vwO8||kNgg3tn=gGXH)TKqAsw^c~VZm6TwpR30_h+;^7Cex7cVS_9tCT zmIY>(`HLZ!v;8j^GVsY?4Ea^6ROF=@&uZY8PS?$jc_3;c5w%bU?K}(w#3(YVdA5r( zM`1l~x3~W-1v_iRu}Aeho2Df8D!COwsb_V-`Ce(zbWt=7OSl1$d#1)pP5^0#z|-+x z`uImT2NO;7>3kfUI^cR<8_J!Vb$R?G^#QJqU>=%6mX5?$e>oZm^l!1(b^zbP|HOF5 zd~eKiReV&+ot043L-?Q{A*@^2zWe(@f)J!#pu;@;qyUw}>cbp3YeCO090(#d2o*bN zuM|`IWFpGa-Fpx=;HTs>Qo1}7k>4z-Jl|sQS^(l$qP=8vkJguOU3XKz)nB~HO#snX zYH-{~IeXF!;l~^S*s#39QWYBVjF`Z|b5)yZDG8hFsD|xrh7t%lQ-QdpxT-$Z+~o2x z#QzpPCch6a^TQkysG7DW0YHL-X%^&36E*QGE=(j*aMJ_*aX@k1$^^nF+T$Cp{SmM5 zV-6Ss8Hyndbo4mN=)25lJ+Jjjds@<}pp^P3$tPW_QrW_--5w`QH1M#oLe3PIlf;oS zvQ3R5=X(rGS3vN3>ttfCDggTeFk>3s^AP9Qd0`pJdboY_m7?-O2c@nKqvFNLjT&`+ z+Cc`2YRKaQ#VoWB@1f@ClpgK<8aXtiMgYuQ^gUk-d50(2+r4-rw{5hNvmkD8eVx16 zWw{5}!Jf5;YH>4o_lWt!izy;F`qgsPRby$X58nte*w}I?1)ZE#seYng&>`OgfU`ld z^j{0guN~OX=z9{uU=iO&pFCDsQyDJ^J`vu{(fDlny)GU0q_BJ=wqkS**2HbBK0Ww% z#a$?d&sB{T!yVVreRqGzc%LjmWBNQ8MF29DLK%s+0P9n(1n6yqGNu5CS{t!1?}L zu8Lg5Z;aQDY0x;!lCmqlW8BGyO3=xSseSE7CQ%diyQ7tCYD$-NzvQ=d?w(F!9Ltwt zck1}}c2rj-mQeV>Z67zt+zW8v+90`?+QoZw4R(Wa)8xJ{G=QRfpn-f}Fs>{0W|o(q^MW-WI#JGPPve>rv~} zoGxWdQvX@=S7svJ@KZ%qKDveere#%b)onUO^o;}2SdFYMEVQMQo5b8d1)iV@J8?Ei zIyhZiDDP?gH-$NF+8KXDlLL#@-<|+S{R1|bUKO`I;}M)ukaOLoisHed<#g|D7K zDQpc%KoItTtU5|&AMo9{UQ!r4sqdNUobEcobyC{B(=lWQMeW*0-r}TI8S;!fJg9;{ zdd+B|;`!R5aB=7+!%U-94@(c2#LsY5;5N+ua0b}2_$`HT!Nv1j8;Z|DOz!*xSmX_; zje<;}g)dF?=t6exVgCIu4G^X97hAu<>ekB#Cxbv;2|5P$Qp-KQ*j*+{_k1- z-&B6|n1nmRf>El5E;8sq;61w;u&Jw*S*PgFQdloru4ptdMtuqlI5z zM&hF%{6!5_T#({GLc;7Ft8k#iP*U(i?TQ_jeTS03XJ3ZnvItu`1WU@5X$nJCpobl) zl*=0B4+<=y!&DTe;1HI8pe8(qC6I)E0%*V3!0~U(YjI{*ZhoO*aw0L~sGun9Y(E2{ zF5$kVO)aB$TezX!&bVml%q8=i9yqk0^hWI~97ZAGYw3S-2nf+6c^RkfmFRhiTZ{*z zzW*HHs~v^M#u!@p{<4?NdUkMy-$svhpke$^(eC408WFHVE_NO$@CcRr2+QwRjY*7CxD^N* z)Onfduh{P!9oHdar=PYqy?D#1Ubjw(nXo@h>?GD&&v)9@^jcHRui!6VTc}k$!aRB= zy75%9zZ!*kt9m%sjD}^wF_}*0^$BwwGmu70~mmw346j$hrx1lW{PY!sz{B~;lV=%;aarwZ2-y8eC}r`* z5G4!-B9jIkOB4gx4CEbdZr@gpfJv<+|G*<3;(zYA-Kw$wIU4?U7h@K`_4$509+S=C z>vNyoogYvkXJeWDy*cfD))FBJJ9^$!@@P9?;TWt607MN)Td5B#!sj3BssL0za{Ti{gAJ=AlkdWMUB?T8NGpPrfG5oc^)PdvmxJ zaOxcngh#%s2As=%X=>hVu)KVqSCm}3=ji8#;p4w*czAqVZ)5I1+2bY!i@$za-X*Px z61dK*hUqi!!q%pzL9x$&*iZ0z!uy3@UpbO*Z#OY9awXayAUwQp z>=)Phq#54tBL`S!3{h4k?YhoVN49&vT`3b})`*@H8bW<^k|pS}l{NB}O<@Jv$Np7F zy3G^{)iB|!J zA0elyeV}!*$~;+kWLPa`A^bX{gN-|I9;f8=Ke^RT^X+Y2weeKKZI$mTQZH+^1r<+)w6^lX>>H8g3dOZk zT`KC`uM4z=>Y?DL*Baa6Dv9UBG>Set9n5}^3$S?sQ>9r^PH@R*z!zh(=wfwyU&B$*(N2@{?Bp-QrabEw{7g*$-1?G)WJfzwLx z4U>MW2E%j8lw|=;ZiBJa8E@n(x;?F3+x0u#)^wVxC?wGEcOaG#%bEoMRpD(E=U$7x ztU&LJ^Oeery+{Ca*O4F_#N5Zj`s|~1BU6(TQRo>cKlekdo6!-o{dFv_20Ld?32?D&?`r796+V~~_Vwx}E!oO00hhds<%=LV<8zBA&o=8rmvn}iF^}lA z@E3%xHI|&ZG(SezzL_Waq-RuxkUp}?z)LCdTq*Tpg}#9TeYqdaXBo8a3mMsKF}ES~ zNx{elQR6m)xqpLGDISounI(kiXKopai29%eJ5K1bPLG=LSZkZ-w zckVhURDR5UY<{Hdli6;0pU()K^!xHXnEMR&2UqNdph+W{#KC3-ucrO@-tREdlF^jH zjvrNGcvtt^!8A+LD!$?3A*d)V>Xy@%*uWL;h$cM0^(_3f;E~wbi&BDn0`};85yM%b zS%CdG2EfL??k%3P8PF3dJIW_=Kgu^_`XbAU$J=c1&loz=jdW4%7m}M;JAQ$*2;`!M zNVV{rxhR-#pQey=>ricOXBkw@PnFR^>u)ud*V;9e&{o*T8&|#tPyf2~K?5O`8mMub z!(QwVc$~96p*>r}`=S*iJXiFaKvs~@IfM$r<*$B+*QV^Tyv0U=d~@z9*_>a1TP>P2 zH^{P@2uX18Z&_3ZWnNpuPL^Qt!4`tVp&H7U+ITNb5uV<_iBd5Nr?9R1ukOm9Ts!h)I|X2Dwgib!%?z9N!k zBq{SrGT7erKxwq^Ch#>uXB~ACDf3_m#NMH{cA1Zgh=?E?)%ZtCUwnbw8(QUV2TkKj zeHOrjUB@m9)i48TnNHs-dKr21-l!k~N0)wctug2U$-otWi&3%cTX4~h2PIifVDbJp zX36>+vm6QkjajZ5O8E2X*&knb0ET=OB?&+*{e~`r;rwj1PNSL@H3cG5CM@wFI;AkC z@4C3xGKR=b9K%6~rX8zFhuPEDsh9-$u=)53LHqW#!5I{;~l^1!Id#(U*@*CF~nvRwVIPK*%bFUfwf9X)W&_P znkS_M4p-CoKdYnS4!y)FzB4MwG^ilBaVi(&O84#gk1{2kIhXSrzN?m zbjl$-h|s7ErwH6#N$dEp2LW|@s*USK>gijsNaYNIj<;|mmJ{LigmHbx@MVyqzc@;9 zbz+@=>qY0sGDfQl$O5Uqt@w4DqD6V7-^_mHD-VtIBG8)qpBtV>?;ciH1J~)ME6c04 z?yjZH!iJfjt*33?$#`2@TSV#LVj803lscsk(D!$;GCC$trR67Sr0G$76{{fEvSlg> z4U##%pUi(K*>A0f;MFM>2N--7PtnzaJM9+Kb6>|1iQ>j}n!Z#B#){f{EKe-S53s1> z+&euMw%)cXSv~q8L2xo{a-NGOn_cZS2MK8WszYcLeD2R!kDNA5N;TgKUmwnNZnV>; zI;$Mu&GmKOH!BDvYdzWg^Z~e8>2=5~eS{_bclxqQu^P z>|1R}^*`M9Ulw~7yL>y@nrjlg1|;YOzPXrEdpjB|f;4W=M#pdeN3sF}_m!-GF=Z7U zaLJ6hzHB>YMvpnSaZLUrBmmdYevQXvW|GzqkM4!M z)Ag{mg&|MBY~V|d56h%x<}fP{p}60tdPd2{HC#p9R}^&B_qF9tTx_hzmMaGwHW-P{ z)-;?s8S>wjGg~U9z{ru{5rd#Ji zUtw7gT7*COJeL+XhHT#6C*=IQ-}NOzwH517hyNTYCaPj(vzJ;@+RABX;@G1T8(e~5 z14)HnTJU+ogC`HhwU0+8NNHUL3e)myg9r9bY=`#7WY{24F0pDACVyQwPm#cUufM;~;q;jeVkc z5da8E-^7Gyz6l^DW>C|Cr<-okhsqJ2@FY9bhGdG_ZcK*b#Zi6Hooh6CIl1vaJETO} z{F$*RRhHP+TN`)AmOs{G5N@Aq8bo3FXpO7Ce(vp2Tl5ObD)NyI9$WmV_$VWLbjEnp zRCReV1Z?=`nH=e26sK-(ZmK(d|@`1w`#1(88F z_Xwh`*QVLIb+MQUV3(mv#cr-Zd@0Z3dhGkjgWYooU*&=h>J7*gDvzwv$4ap45&XBhaOvkP)OtME@Q#{wIbABm0dC8!LOYSL;Yn4227y3zI4+G7!P9!(QF++mqTdN}L>>O*@BQmh$46>V#g zHlU7ylGWLw>KJJW{2O^`H6W=&bu(cC=#)d011(}mBm!)<-f>K%|0Lb!nl_6_jQFsE z(#~3EOH1nauC4;tI>TpC<9KN~=ciK1Uwe z@`OEh+s8-rI7X^@-$g5ftLdO-67D? z)bKa_#@9BVvS*vE9{bjRgR~?id#wCBmmIG#o-KHLSJP9eJ(ZLE0L8 z!#qd3!siBl#CL!{jXKb^=XN5=y-Zk>L|bZ{LNjJ$n^3c=Zl}epQ#lvrO%kSl>|$u` znDgm}g!LBnl`ThFHqaZKPd@A5YV(Aio1ZtL-qw!fI?E1+ArP-rgG*!vqHuF~ShYL5 z%oqPU+FALh20dC(y?4d?b_(Ok0!gVBI;J4aH!+x zjktFXf2}&g{EZ}c#Ut8;VT1yRfMv2D>E~JEom2-)`yQ=vlY*`~_aM|{piE7T%0!gP zHnIh~)k$DoW}2OAW=6;R$JuUj9{LwwDkK8UZ}jHEWsmUk2)X?!H_Vw0PRQ_!r5BMLST@HsNA39ptenZHwtNH^#MeXNl#`FN|F>)!0Mc+ z?Bg|g40%unl51^*8KOhI-}s!zBgvkWEC%<`kk2Hq3&O&IJbN`49LVL8IT)A#)Olg+ zCo@pzHc5USQY-V7&a%0-s&Nl7f+@oK?ZX)oX$ZM4>dZ7XJ<^DA<`yfYxQmT!ze3oF zP7tK(1QgY842^3q%aXQbKi331GQLk~rc4}Jjwl-TZ|dFq40Oh@i9Pn`Jlz&wnz51f zE~T4_FNq4M7BeNv1#4Y+oG?QU!|A9?{{hv3vB~y{Qj%yph5#?uLC!q|mOnhn{hHxY zM9#`{k8x@)+w5{>GuxCiM+FM}%#j^L7zOqQmWL|C9y9V|>NY``0r0}>olbIkA0PGR zaKCBaJ2~^3_3pf@`@`4e{;7oJ{kZ@>RsbN)cI8Q8B*I2EtOsT>>{+LQ{noCQ4_Gj* zw-mBTL-c5r2(hw?$Lc}!#58E+)AY1h90Zb~Kt=zOm2aZ#vDi0e798V!p5J?PexEww zA|$@XpQ3103KB@!GXJ0mD%H$zJxn0U&NU!F1!TN@MDRD5jA@X;?8;OGdy^Y=+!qCj z+!;y_fyp2f=Gdz}7$RhLg-vm~G66}m%z@HB$JHJ_MeFi9*DCqR8`3H-9OF9!V}G^cCS2)EWEKR* zULd`-sr5pi1?$4PYZ^}^zY93J20y%2DEM}9z6ceBzDLsGc9XDc@bY$rQ&O9ogIQ$8 zN(GG8i=i%z8k}MTFW8n4lQ|^paLF7InEe`%S1D|{y3UkcE#)_R67z?;k_@~ku7tj$ zw4jD`WfY{$I7lR<^ZJx=&@E>kja14wWU^M(#sr8T=2u>4)I^pqU1dd4R%6Rz1uT5W z>`VfyfLsj=lx~^SD94v+972*Lpl)pH+y`qT31Gj+>pMQVzBm|sAbBxx{_|L>U|$Zg zeFk^QPs;qtw|FnJVR2U;!8I@i5vR`SZsyl4{!0}=wt89iQ|DJh3G$|8G=~;KZY(}S zHsi}oGEJszwxLJ?$bu$)2B+^+TelLGQNS^$LT|wBudbHW=&P3LqTZlnhW8?64hhUV zYAOsBDRxGvT$z^G_aJKV)nw<@e!?sT5knQo*pBHw~S7tcuD|{4G}u zT$(rPU$_xQ)qa2Ahn`YRk7nsN1x1-TSIae>WmWN zTNo#i2umR|qkRsX^fui{ z*FMDi&1LV>ma4@iEq{HWi8u}&ke<)6X;aqcs^RueGwaydZ1!UF?3>JgMvG3t@H9%FZ!o0lU%rs?z$ z2+Vg2b2)lpxs(a4N6URV3tcFESA(c4Ow5~K@8Oc_f9z5(a$Zznjafo=9rsgC)nqIH zrJe;RZI$2S)54JF&knTP9}f*vsj7aWmAgH*SS=Y}F$2P<^KmjX>JJzOL=5wY(z7d? zUx3bOvNHpCGzoPJ2NP@~;C)p_JHk^PM^uDhfcC;Hey4T@(X3Q@bIX{Z8?N%YEVj+# zx!tRHF;Q7TDazJd4()AuRXbL)$3I*Vc0l;m(ZL)v-%I?;R_1S zfw5rAB3`hv{XVkl#RjUJnVt`{lF-5^|0!-KH|SBGS7e z(X1iXVC3{NPPC$k3y=VT(JaIgC;Q2P+W1P@4c~c^!Yg|ocdNqo!OkO{`~`~_WiHVs!)yDKpOHHU&FKnq$2&aCOuHd6@=2d2tu6B(lfagMk()x9Q7wh zJiBk_-+auu{c9a}0nZ-3z*vCmfS`uPsMW}ppGSeoTK9)`Umq9yjhXxyH1?9|FL~wV z_nqFR8~yJ@VMybZ!Ah}9Hlzwq-a4`r0%rmJd?=tl_3&w0>YM#%E_Y|TAi~hzG$0@^ zfCWAMrg8BbzLuv>|G5Gd#3si3`<)HRg)fBQ>+$tlT8xX*!#ePq4|l)d=*Q`+E;Z6h zj4AQtg#X!(Qw&(}K)Ecw(9ghL{fE!(x0O4wVt`(Un**<#!^ipk%=Y>D%E=!h=4Y_i zi)=wkYFxNWoh8eo51}lw<1ul~8sy1oEF(DngTtXfx9DPF(M+;MS?b#im_j(wxFYkk z+u9g=B<-kJBNmuVqa^37Wufbg+)aVW--{hYZUX#rye8ccRGqeb_q@W|0mCYtK!0-yX*AJVW@F z^(sTyi2Lh}axS|yXKre=n^SI@i<+E{*yH_F(KS!o9>EJy2J$lfJizx@7zXn$=-&6N dmWMm^=o%-h>1YcW2ucM#ZFkSKZQHhO+qP}nwrx+l&+NU=k8>k#MN~%Rn^jR6QOI2D zc@sYp66M!_wjau0)cO(%42BYa*nYcnvKla}Fc>ManrkR>vdOBbu>DcBve36Na#xbK z<&`kDvi^0|ed&VJTF=nodr4`R^hGNP6`E8vB=baiUqUHmQU!w`$?a)9x;f&sIz?~= zzVXXr?A|5k_>=o*rZZdo70t#w{TybFnOMQa(0KU3iCvBY1=?9yIfAqQ-f4hoPmPH$ z+>Iti1}$xJ5LG78cT>>w{poyB*7wKrYqwN3x8~>Xd1Op@%@f|R2(bQ06VIgOHq?ZRq{gc_(b2L6)oP_fwpSG`;*$0tT zBQ*`E#JC+aCj{-`kW^%4?~(~82D*X z6KNk5PwP~XqVD0W*4N$Tb-XlGmRuH}SAsDgfDEmL08U93K9WH4#9*ux@QT14CNu^T zM4{3qHQi`Bi?`OB>9P;fKCuTjpq>&3SqbJ=N3(kJhL4cTyXNzi`S%Av&Kai7=-2aA z``z90!|(kPYX9RKw$k+tSfJ?#49$1`RV_^oeNeGs6x)6O@iF}3_k2HZ`^GO~b#Q9x zlNM0?6(NErN-#ttn}ABBB#}je_@jIF^W*!y`*YhLNF73yVge;0-~g0)8u%sTSPPOw z>IX(JVIw!94vI)TzQtV;2!V|&A_Z{2*Bje^Xdhbawd=EoMsCR}JKSf7kywyKE$bZl z(Qf@u2e)2u&NhB>d48V$=6XF?dH?u6tUvyzyDG^)c4B)fz{QAi-;;EZb)7Eu{U$_TMM<}~Yg9j57f&C4c~P0u&qbAg{kWUQ8o zzlTuh0zy5(F$<;eVs|LO{;lT9I-tayhcy;5`xNTrCJ+KLJd9HPPjBu%&x>92qYJe$w9VC;OCW6u;e#nqjq(|0B3EO&WX?eh|> zY8tZzPYj>2P$K~?bih*S?9NkrNHBs%d2;`NDboPvV}iz_ArPUv_E#PJ>Gks}^E93xs6wgB_+T~=D+>|YyVw&b%4-IO_cWi*Ir?pROc_jn1gJ{B<%7$Cu( zCv@3c?g+YG6vBX+1YLvx9uop+>B{n% zxg_k*4^%vl*5x~(?Ly2thbMgbL>D+UOnB%d=~L;67KLmn?>#PF!WJ?Dxd=5DBsjD= zN3lx?XDN-MH2J%#q~Ya7a|8&9%aFBsslF+!*jy%D3)lQcq@>+Q3um}4=tv^&4fN4W zkVJ&()GmmbX&yP>BNC_N-nPv+pn&ZPd_ALNU9Rte0=^g$e6wZ>Wl~v=pK?h%OGk$g zB3zxak>a=#+s*#6uuk#}w(ZSkM7`nz6w5S9uKXtq0IWn5FRLh;h~qOQDADY6xt(Ly z5?kW;@cX*a?JJl$LdFhy9188ue^shFBCSmHPNVulzva6@(DvA$J6a=Ur7mm|wqQdn zQV_AGC141!8NmPn z#z>L&;+jYZ3)ON{aU7N%B906Y&6Y z4XYL)3RZ_2ej$)DABNvI#8aF)?!J!PB-5bA}}MOBq?Ed|r*53W3ETtExT z?sv`$gir98e3t<{!9&-Q_+%gb^?8I<8&nE$YvNkas3{?3#}uERZ~}UL={=rGwNT|f zYV5RHa-#VIR9IBwut*y7VpR$2oS6e=a;anDPHq~&{ zywwcFg{_VY=Mg=3Ve9(~&h6@1;%tEJPHg|YpbPWnKPL`;ip+MR)Nzg8xP`rS>AziW zrO%2E9+x4TAa__f4639owNqTDr5~JSOqS@IQfT zIe{vOvf1z;GkZrKXDekAe9VP(Ph#=7WI;ga8 zcL|#@dGAplSx*>3#3#s7^6cC4j?K7hvfRklPZ0QIXG7Hm5Mt`S$=z3u#CDvw0~s;1 zDSW974T~5-=~(Y@UlSiB$+2$1Jh6oJgsI3c`fwHrzQ5LGIEn{x~o4-nA6@WPIqa-X9Z&$Qf41|GB@IVr<^SE2+Q} z`p6?mM|eQ+!FIa7aXI5t6+<>G*~lXq=c&?ARPtwNYVyJoPNWa~^KJtx(#}9;`k+we zx<{6A5eij9##`Ever_<7*7iw)1rH#A>`UYXlr`2G-P+DR=cD4=ITODX8v<-K8g0a& zoo^mVyh0egNP7PgBpf@s{zL3RGWXs<4n1Tn$qeGs}tF>i_uf^cEWGq03DVv%1dH?9V ztacdLr4hg_Ae$G9Cx$vM(5`PBSHp3!jzI;hnBhJ|w5A9KiBS~>AUer8McC2{WNcvx zi{!K>-&*pdp!b^45Y9`@j)rrbc>~a)oSO)k!B8mInyV_?ZZ>?(01+14puD~j23;0w zceqaSaBUk|-SmGiNV>3~ca=vTrw``q-7q70Wd|Q0rVWz!R2;N&g6U@G^OT4V-(Dg) zcA3z0g_0bJRLP^H+O8FUR(8Z-Qig<_nI)f)$gdoOiY1>w3J8%XMB|d5k}|j1XQRt$AvE<*g8_$O16v{XIw`QZ-fDaW8zv;!_xivS`xcviEF% z=QGQAb?~-VZOLPX5<$&roWgE1 z_-rrlYc7YgVQC^qhR8_*k;SSrYT1%29@-Ex7hWtF6@OQ=1ti$w_1HsttnDO*Cad%| z1U@s_DGxydXq_e)S*^u=!78@z%N?a$Yvr)BfF}<&xjK+fz%Z&^3d)DTX zS|W-DkfTV}KxT8NMZMG+N#?YOUYmoYxC>iPCmlBt{?$T7uBIMy^yt!6xV4>4gB=P1wxmgYPnK=7Rj){29bLkWCV|@*zy0b){svAz}Ch&jY|l zy%8;d?VSM$(fzjee!*&u6{o3WzG|UmURmhJd|UVtK&sbd1=02X3a^jAF;a5{r7=)5 zThkfHYr8FlU012C8mjH>Wm@+a2Mf3$tT??_ZgXOe-ja7Yc)PHo$TE}${@Z3AE&s1n zl|d5HA`+Pd+d;#8bSh~FDDZQ!oFxfk%ZVymh)Rdvy$8=0M^)DK_M_u)I@V%&vRr-{d9HO<1Viw^PUUkS zS->yNLah`930F&5BBb}MEMZyOTHFWLsWun#VOjFRk{2ML!^^ORo66eBHX4CdzlqQ> zt5gFi2pgL6K`MBn=t~-@4xnQj0u^Mb763k#=m8CA+LfDl%XHR%SkQ!BqSyTK%kS_w zr-zlODWjs{6st5#?NTjv4#lJZE{-$f2_y`mib(p3T2^V<^aGeV2|-Qx_|CCPIGF>C zI0`MG{xiF}IbWvL=!$!Rr%5gND8ok(orQK=NVYxjOhc@Yn!PZc7_J8$TFIhv8F%v) z&}k>A#=WiF!HlM~DreDeI%lN#@|=4wek%4;A=ZSOI-Wdxue^U$(4)pxNr37B01c*G zxAhm_?eEZ;M}K-r&{6pz2P)pC`N?PmEj!y~VlCfFprZ(A%fhIP$quJ*LBK3jwr)m% zj&MN@i_$r$aK@h3w#P+tQ43r0> zC7ADmFEhCi(O*rf$Z21sSg6vrPuUo~^L%Vdf=Yy-Z5jYTDn9}^mI!&xF}qy@a7x08 zW~7S{S?p^#vtRe>{zZb#O#3RS{OoyNL!E1fr1P0)!?|^A4i;whW1laE@Ls`d05@|0 zondZs-k9J~xR2a8{T#sPYQv)ijh5lx#|w2&$kn27$EEa+Jy=X@GepQG#$wwf+`h5^ zWh{!XDFx6EH?^p2@COTY^HgqtcSm4d-Li90rz%hk-nNg*KX5-m@_} zgQYQ{hRWPI`las#N3GqfhA!y>rMooQ9eAk+J4srbY#_EdfnD1gx5Swv>1dIrIM+5= zkHvoxDm3}1<+3=zL7D5sEI7_7wD1fonWa-@qOQAM^_N&5#2f<^#(-Fr7UV%wU{OmX zO!}eFWdM^`;5JR^hqIgX;+MS9eS*K+XwkRvsoRt6GBapoiEDRynLL;?&Y$9?=DBfr z6l3MYgyL_};@CM9Q;W%;ST4$Eo43^Gp+Z9v$ZT>sPZQdpWE&5NB{DuyO6jb!#LW%r zXg3`RUsUsxU)wZk45K$u0tJ^*{9Pf-gMl$+&Z`wyhx?e`W-~u!?_wN`dm(p| zZHl@6_6$)QKbm~*xbPlgJgdLBxE5N548=xr_q)2?xliwwx<#(*Z`xU(dUc9lNd%%G z_n_w_3H{C(Sl2MM`YN`4b~TPe(OHKHn=!<42H-d73x)SQ?EweBe{zlGmVv%OX*iTB zXNC%L4`t!%P4$$PT=j=o#da6lzU#HOiF-=>C+WAFZD?-VR987xjOC_u+HSeI9t{eh zPHoaKX1{er@JsLxrmw*)Zmmz;yojLpxf1Kz{GmjKnPe+MK|JxlA&K_|%FVBr=x;@L zSmbr34m`6ln+cVJJ_|)2oYMpupysNg1hx{Rkbzb&$zZcAtYuUyH#4kTz^GyobBgMh z>WJ=_A~uihmoltNF#oTvWNlcdfUPs4SKQ17PW`X>UsW1AFnMG1-!=agdc*Wc@3#g` zJl?uY2DPQt`lpuH4j!y5jb*F26y7OPj51J8dar+1>h@pIu-&uj_E#_umEMW!IB{`;a`8zol~Lzy@@3yikuIZ5^;k?}0TuugAo# zJWlsUUeJt6IQ#}Q%ZdhwcGjZii^s;`@h;#9p866#3pwN7i06__Fx=AA^`x+gc5A5% zJ~rozjLYq4&COtAP*k?)=K?i=!A z#SZG<=G6>U*jB~f+hN}0wV_pc$v-lsM}0Gm7Rd-2(FO>Ey#h{}tlcw}5uG|7y?O+&iQe7KhpeVp-9y;Uk?Q z+??~Hog)8)e?o@F$)~z&MA*1{(@);7U3p2C- zvw7VV-&EcOR*?h;HGxQ{4%}5u;DfvH@MrfzquO4H&qYByJZ^X-P7S`Mnn>ZmO#gB& zjl4tS16uNT8H+)EG?WdQZLpC{1L$0Ch5omG1u;+GPZ;h#+3>4lOo(Sojn*I6;TtcinXH0DV}*)j+@~f zmTJy>(<4$FYI@aw@RCT5h;aYB9{sR^;?+Azl>rUFp0CKoUNFcQewnV`b-!N0d_Rj` zeE1RU5)D-1n*Sl}PUhHI#COcXDM(G8q&z8ou{Pk_3A61al*G}uq3cb{jsBlM8<}~eEZr;W}RhBy<6^R(`ISrz_c51 zl9$)EbhOswVRIIzJ#L8^Fo^*|?flO3cq?^+Lh>KWVuHUnQ(*JntQ zBoV+{+bFYnTvMiM{fx3#0~U`pEa~+p4L?d0e$wqzKkY_?c2q1`u^A}H0fq2pGW5?W z813K|SwJyRtlJN-+|buDwQj1*T*$&|vJOAOUY5+3z3^Er@851Y??{`&qVth^2$1?x z9wmm+cq=7hjpCSkj$!gN-t&1tG+_sc&jh;;hZ6MQ?DkvV2rT)Sr6q<5H|}XEy(F~Y z>N!{FRY`{biZk8srxJ1U+zb$f;cN~{eMqy6RZ_t^y#XP_c93o*n z#7JjX#2FGh6y-dfJFua)%fpA0l=04}SY+Ly$;|&8=Rmkq)4pG(ma;S7 zqi`XDp=zJjL+OmIYsQhlG_E{5DIzuaE_P>j1a3)C8#?7dgN6D-94gQ zWwlwj!_5TLIv7H{%5B1dng>mKrID(ot&3WFX>dWo>jV5ui%uu+G}r6p93KM4Gey6P zttB~zLR2@(`lXFd8mEN7K8lntEASCPi4zK9N`N5K>l6|e{ikC@Ji zPylK^$dG{Q@e&>`HBXSv>!iliXKUNbZIuR%bS4X7X$SCMvS>^%*-$}j4w>n%qo;n< zFsrD7j&Qdk1~{pa{=Q7b&7gfK{S;j#q7sUqa`63cYco zocoecdpWDGpW%#rglt3W*VYnA&aGi$;GV@PfV5e@P*PIE>KxF&DRN}8=-evjt61T# zE*q@LN(I2o^NivsLLpMytPkU{fe}Uh4+zW+Qqp)bcB%bQw!b?d(&qPce|buTC!*f5 zXv9R9X||0e{|P4N_x`)~eRzH(yNloTdefTB-)s3d_?fAJEWO-{)uQ>dIFSH{73XX) zX?hM-m1>td3z9=XSJ8W;nXsZgs@@#=NzQp0Ermf4;Thw4_IfR_c?h0f8IJHmG?A}B z&%8-UH>0@#(=e3n?3=;hT>gIRG|c10oZg$~dqu9_HMTc<&G&2N>*?rm^oQfh>-(rx zd}CDuanW^GMrwfT^QKjnua?J?DQ>Ex>M{}Bz2=^knvI2z`FHJoeE!CWctiWdIYD>H zePJ~Ibi10pKqrZQvhKsV7#(G&!uu(bkt}c~Hb^K>v_JajzHhhsqrAjFL|3!6f*|Pc>i6r1P+^)j(|CiN4 zupN|P!B+y+w@RTb^UH;XU3k@0<`+DVmcVd#fpwq#`AI`0?A7qR3xNz=p&93tu|UMo zqQh7X7P6j2Mk&5u;vrJ1>|2h-BOoCvN%`%Y_&-z!b;(E8{7Og)eutcLL`f_5TB@fs z3eEy0{$DgFisJh=ISA8tf3cr<3vUT(!BC#dTecu)Yzc=^(BnLXk-Dt!2|iB1#lkL4 zbwj`T=Q&5pl|9%9)4tE95+;1HYUR)#sO-E35q|pcm^sS`#tL4>8y}|AdVnc!^we~h zr?={>tDJiCneGPqe6^BD5ox6w6xOMPwM|Q4IgL~uNmci2Xr^cBw)vd90Uqx!-ZD^! zZS(YD=l?1%>5;&;-bl-R&6`h1Qyt+eJt;(w@`Nu=Oe zCR=buhf7)eijAn8-AH3dcR@N{msYU4Lp>62dj9sqHA_n!S|Oo61|f zhG|pMZwTsQuH#c+Hl_7Rp_<~;NFNhMGMZ#vUSW#s;aN=64$0V4Z;hj8>@Ul!pC$Z9 z70Hi;witF2wTpKzJa^_~VQ||CxAkjXgvQi$@9N0bST$va!c(AS{U#5nmci!!DIvbC>Q=J0vwgig;cm5Rk3g9hcYbJCUm2CM-%ZsgEoyM%;44>}FnLL_t~2L`Bk& z=#0h%k#TFcj_R-Bxvn2}lE7nn(l!o;1+9wg-KY0d<4mMfUx53%yAWz?u+{(vvgXaFWx+)7*aTdp#bG>m)~P#*yV(ogE&I=W1CwaA=UH4*5p9hKH>stzaUnGHA6N5K+meIblc6 z=T!zUF(`ra=?ql7n`N6qA+7-#&rt+Si(`ZX#q{mI5q&35E~V_Yq#LeR?4t-C5?hP` z`CR(cZr1l5@HG&4k7v=7)oF9y29AN%XPZN(DqF#ZQ8yTc+#_c(j2-_DJ+KX(MlrS- z#ayH2t9kJLTiIx26#I)ebjJ1ZO-JOE{jB?=G;-RJ%U<9ZSq}%#Zs2%0y|&ecV-PiE z9XS<^mUbus+)D#&|3{o0M(b_5lstu`IL(y1{Oe?15;M_JVzn^1dVZ|3(RwhLopAG4 zDPXz_XfmcCI&!S*MD5T(wn`j}nsNiu1{Ezte&B>;K=K}Upd;ce;`j`lgCIvSbK-q| zeE9r+nbO1E%lUKo{`j1jIIL9Q7{gAhiE+;jmg9R3I0jex9D%(id#=VgO_CZyGBJNi zqs@_XvuS+kPj+%lmgvU2H;#m$PA&z|@5iewQW6Wh$mP+R9!=p{6f`$U4EB-xp|T!| zSu7Y6t?ymi2<&P4h2O57YLVMP zTL%NaOD0Oap+HfFaaN5Z$NRZV$$cq(?()e)M3qT#O+OU}wpPCy;-Hp0GaJjwj(x49 zsn^+{?L&Z4gA zg8A9CT#o9ZjpgfQBiGbg_5MR{30*JFuAyH3Y_I$_ zTo~BQptm@>`i#%pF%R?2R~ht_k)yM@`{mg|zcY&4j=&16;T3A4>dpy&U3on-u!=r< zTO)?Pe@29(9n=eoo^OKv_1*sf>RLVM^h>`nO{IWvQ8=5POW=F5x4o7|%t zn=>(DMVmz<3H(@6T(NsitMjx;QvIDfV=M*5yNJ(*k+#9IHm`mT6un~EvcIVTw~=9v z(AC9h*R{7mb!?;NS+_WuErxb)e+C{-tm)<$t-#vhAg+3IHi4_%UP$fQ9bL0EpUnLq z&F1+2ziP8-A@yIpHizm!7xbB}3fn5D(+ypAoDLhkz+Sl2n-cL=ABK0QP6$S!6;5)> zlS&QK=Up$J#tnQ2O3oApU0fBH9Os1$B@G?i9b{88(qpwi?xp#nRN*CORMPgizTvZ5 znvJttoUd&B%-%(tQ=eEBZFehOO9@B!nSjL@L#pu0`=ugjlX>ltFWYf|O43TZpRPz;`OP}3u`x2wCi#=>2S zIGpW2DYIlqhjr&w0y^$V%&BIN#WTR}{~zmzd#YgdAeoP;8C3~cgrwx2Is1s$y~=P- zK*>ipHxU2`N+iL4*F5w$t~sZGSmdInb6@z)?=9oY;zZ8?=1RO$fnxfL0VFdGORm2q zC&{gyJ19JAOgH>twSrEK|FeBW)@O^*31Fvg&kn3jSjUC(qJe}AS`I3!RBwm0?SSVk zNpyTe!sWg9GdP2RHnnP`BNVT=F29-CXr~lSuV_USz5Nj<)2a0&ncwx=MpxG?kaV0- z1x;`>N-#4@AWpQhAWo#&sEw2K5Ox7E>M?`TpwV`Wfhj4m9af1C z7~(rnD63-;p%vdhwfzMQGV`=u=As=THIZ&*LLbqQaD6s|f&XVf0 zsCe4FBUIV5y7>zWyNK4UhfaM2z^2=b#)c2uO)oD~!SHGEsqCz7@1(IUUaX%xArzPQ zX%9KxYm&QcBeJcV#oMA>C0ewtw)pFnud2R~u;pRiEUeo$WKD10sZ9+_f*pwCv6bv2 zGCybTeO%wC;8Yu04KKA08{dHMcCz1T>a<|rVJTd)c|Hl;OpUMEW$HI(qL4#Y_d!*^ zo<`tH#5&nIUU#qXTJ-;Y`AZjWH87b ziYx8%Cr`QFM%ih`Goj6&Wr3Yb*hH3%ED<&z#9mE8%ytoRf{bv!M@sP8x+rw$(3|y) zlg~S_hiT<1Z&w|c&NT~4KJv$`dM(#D(&xBCzy0#!xWl6Bp1DSE-(?CcT|L<6n|rt; zYMytMt+b*(oK5FheZh=OdxTcIinn9WWehoVD%YOd4>^8O?-+b%i}j_HLAKVzJ9p>n z$AHjpL39w^XqKf}4)WNWg|Wk1AI4)|BnxW>C$+!$3r}ioN`|FdYUcTb4Z_1YZ{%O= z;ofu!cRKFn3(D}IT#X42X1SZC2_wLX-NejcVccGBxPdyg+(X`(A0jc}0UaXw-Mm0T zhOE)s^fkx5`g2Kq*@M;u&jp?Gu01^O%mr{Q^)QkG!SpOM-BLaEHGBHlt~A$yaNOZl zTM9$E#hUF#z`qwmo=yDM>H)INOHwy%NO-s)Upt?fd=rPTXf zd$l)bQBS!F|x&Dtq`;=B|Xo`Hxz>ajSF_(YHTbeBP$dq-vW# zDs_A$njPY#oNSXPs+IER6McG@a&)utja4aI;>0tmfwb8w*a|^N_YUX%7q8EOypKQJDe+}O4C_M+$3pQNF9=Kc75#_oRcxIerdj_&ehf1Y>l@_vuz ze~;Sc{!2fY{vEx|;c@?b-K^c|>EYu4is5;C)66JcJ*myb_k}6lb$5CAN7{dOK-8{D z2>*x6y9E+Xw^gax#)HNGMf~Q{8`#PF_JWisrFL^5|CgF0C+QEk4x(zYe#F;^b!^~j zKldy>2DshCGoC%T6B=QhSSl=?2`l50v3!4g}OKUk_TD_f%LVnP)x z^d$3zpLve|TQ@@GN$eajI*n#Q4vz5u$0!OMIqS79ycDf7=aCzt2BWq-2Ad(%e<_inOV_C%K99YxOanvwPr2)cQ`}=o&sG;q?)AKN24#r^9t04eVMXFmB7;=_C zYPEweqf&5*XS<_f+Upp%a)$3BY8N=CU)NeKUOOT@xN2QAXNB=@PZ$yvf@1IH=B^_A z4U<_4#L1QHsWCrnP?a_z5lR9QJbxs}16BVEDx!cSPg%RXdT6~x)@;$Oe%JoBSs1S; zch%kn$H>MhG?zI9UCQ_Hd0!a`N0H=%`F}vgzetFrND3JlAPV!FqJvQK;CB;*S%!3W zJkx;ESHMvKBnxqznVa1|T2YSsk5;rtPlI*<-MbEXaO!}d9DiR&0k=5K?fKw^_^hV2 zvg?nriEFsQ{b{^lDz(taC3UL_SNfbhk{Z$ z&Y{>q&{WZ7x?m05UC$^QXX5ajVAr&S<`0qt+)~P(Vsg4!j|*YXkT@iu-Qo2VJ)Q|> zS9U_Z@)lL8?i{Lt%d{5&38jQ}IsA|HkA9_W9AvS3TS9gM!kxaSp#Yd7MkP-~11)H( zQMd=RksoRWs!jgvvJcK|@GdMK9N2U30E{7S&t1{sYB^WICxU+KBr%9!mq~r;$xf~+ zuP!t*7}f67WK1y44EeHV%x%+1=8ct$DDZ7D-@;X&Y4MZ;&4d%m0m{j8HkDe>Y0v@5 z0h`{r)t-wAV=mr*s57|{fY@A$=A-bn@#rwo+fIU+N+bTK@^IJJ=A{NylLt^M>4 z*jj7Ly1S4;FE*g$eQ#Gmjq02Lq_AQUsW4haddQDo@f{e3?3C%4`N5E&t?EKVM9E&S`rnE|Fs&bore{v7s#S@uak*6MgIA{uMcHeRLG3DCHAWx>=eD>kyjT*Cw|{w z6lY~ntGUg@=YtW#Mq532v<|jSK()g!U<~;y58x5X5bYVFjj+7(@OWq_E^h~stKfTnDaT1hmLOmTZ{ zx%Lb@tHgp$qUOKgUU`j-%wXM;S0_IT0ZHBcBak}K-_)g4q4NUlCtQHb60xa6tsSdz zb2zLkM0^Nxuy47xAF9hSlJ7>$AuV-FWSgr6~5re+UsafxxD za^_AlwNcUCM3Bx%pdohB+gIWphzw9Q_`7_=SqO24n|Q%r+A4yp5aFc5gm{~_)O!Wj zs*m(nn9)*fJ~IwWSv7yg@0_6w6k61Od2-7Xh0#X-kT>mO2;MA2%8_s$1<}~4KsIQk zp5_Fzme2=caD%WGZHSjpNELPfX^3J)bqj@8GKO?YxM0bDRxrGGejt?(m|hANQXC<6 zbC=76pT=hEc0+j1IP?QU3(qZFzl;b&gmC|=kP7aCm}fZM0QaX*#-e-k+cdx}orM34&;U4}#C=Bk8nxmMC)kzv0%D&lHT7*& z0~uP2cATyr22w}jlnhu@2puulp^l_d>|8BDVP~nLZUL1^6Ysp0C%T*gpDLI3P)eVw zY7yL|&q!5e^iI_E-of(tqUpcoO1Xb>_&Pn_pMt-4eR%~LQ}kd3E?{U^ zm4%V6|BzbXIc|1lBdfPa*_v)3oeZEE#`P%*{Q=cWVgM4_u#6&;+Y+;0_s{Tjc7H+{ zLw?qPSkOGLn*={J^sVQ|23^|rq%G@XQ*ki!Gc0vJA+DQxwa3Pfj3SS`uOE8VfrM)5 z^ZLDl{^Pg@Pki28`|*)Q*>ftH=4@O$F4}c+>zG(JnsC4<(+hTNSfBGM-xIrR6gE6W z9Js?^8BQ+mt|7@oLqfO`|7&uLw>bi~CCu%r+DCd!+yLx;Q{$_nmc0H+lh?%swNVlO zS?xduW>j2n`?Zg{a}#-cG~!;LqIlI}Ur=gO%i~>*1~sS0k{@OmcPq|QP)#FI%(NVd(0z>+|($P0KJP1%eGnqEav{rfwxMg`9Or) z^L^ck=lV35CvCKT%p$wj!G%7AsBcwR8eKR9pRBRzcF91=ky= zH(<-g3KJu1p<6-^OZpmpr-!fg$wgOH)7lvs`VAM^+nsq=C2(q@_e<5R=8gHA+XO;c z`+ha9or5ZVq@7R%nz_1Sj?NI}W^m0~{LR(KYy0T+kFLM>p&y=u-O-6(gfiZ(@VsCZ z`hP2)yqiA6R84BIn!4jqXU5q3g2m@0Y%do2UP480)9fPTZzH^dOk-vcWQ4%$;^~{4 zJZDlpI&K1d3XnGL`UcMzj>djPga$vdj3OA`kmcXYA|-a;18<2Y(H3Pin( zRw5XBIA;B_t;?+89B&xfF`@se2c{kK^1lNlg33w?9YIsh{MGo2aj`k%XjVBd4>J7Z z!$Y6Q8IM6U^#_9P$kSkf!f$+J+k}O!nU0L^cwldWtGB2lQjtc&Da$jo!+U?HR>rbp zVUbB%AxlkjW5G2Orqge8aB363_h_mO1bID|-AiZqG|Ik_ftQGI<`}rFNwfLU_~*=F zR2_t9%9I1ipORL0Q=SUU#s-Z5y^lI&bB7KI0Fy#qKcHn#ltz*mY+9=K6T!ga!SZcP zd-1jt^3vJCPPSx=X%|~=oFz`E=g5^RbQl7=?$9Zvw1|bh0{NYX!MMt|RK9qIVwNS7 z=9mZaP+_oqPI5Og{M8~*_^agBv<%XP?CAm9)-=#^2exAIjiIWQ&NRsKZ!U?PUQF&U z^5JYk{kld2NFg~j_?11Sh;Pc|fkY~>z{XgVNI`Yv(A>|GHx5Cq53?-7n&5=$UdN$k zy^Cj;6j&U>C<5;+3TFX6MD=$rRjm(+ESj3=&!%GUqtB&}m)2OAis5u*mXy?zdD=GX zEeT?=Metmi4MnypF_CSgZhLR;&|V;dWji#Bxd}S(^6eOxi{4T60^d6kiN8$p)Q|0n+ z%w!GUrw}0kJ)yon4dc)&A6Y>?rPq_(8$s=$O5cjQpU{v9N#P*m^3J9tH?k2uq*zcs z^|+WI{vkGP)!FANckgR;t~Lq+G=M@2WjV4vA1~Ne?7});yK!yX5<>S~L(JpZ5DvT> zOx++`ytuDuJ=WwR8zG#byH2!-N@B=DS%*j_IJRlnA;P3Q=@tJ_IeEW+XDLOf=?KfB zRUzcMNKRP6JII2z=?xHbdi;{V=83fb(EhUM#6RC`rRkt50DBcxQYr+ao1uGl4I2_5 zO-IVK9eOHhZ-UsJgRo6+7dcH+9LmS<0uP4;dKs;~;t3K)>Z4nW>=tZ_VuDFSD3kM|6ynv>VRecNo<$jfDoE=j+yVVZ=Y@aD=cdr?RhPb1Ofx zFMHD4PfUQ=!jtFYo!-mJr5OuRXofdqXJ@(k=wpN67bEfMyzb&CpAWp~AD6UubJHFA z7@?L2=q&J~E!N6H{#&rZ^H%5=VzE`|Pg^Suim_I~aTAMgnH6HGSc(p?+2(84@hD`9 z{%|#)3JopLq{=y|QWthtzvjdxjqw`wJrp$Y*u-qFIT&$V$0 zEh6)(@v3>Zc*QY(c5I|s#!&XGZafD1yu<oXu0pWYV1Q5QAaj?x#F!R>HG?j$U=;!>U%`mW)9e?=R26-%%gc8E!p(C4$I1P z7>TtKz-$>-?B1tOYF#HZxA{F0-*@M?t_8Z6@wk9uGBiV1UNx7fy+)=44a z89hbg^6?$#p2_Fczxc{$CfAi^%Cd2y+;xun zstBXVs0!kxYeeix*;XWXM9_Q@u6QFikqRSLFcFS(p=l_3#2&f}dDh~&v$6X!nNSB3 zC9lkmp8NT8sGLJHkkz)b;w*qXuUNIxBYJ}a*?5HHe^x%#y@2E z7=?B8Q7J^)e^RAL3;TaF0HXq*|Ca&aBJU%PbQ~f1;BT64hWCtF+wQIWd=>sv??l9Q zv0_Y`J~0{-%u7WwYou2SDUMrCid&ne@Jo_z#AusETvX7YmY>iscwE#8gJ>yvR^KXk zI@3_1;Wg)flmHg|*pWgHm0oPq9oQZVa3pnWPXf-ZJE0^4W?sDGDGmd{x?HO~+LSHN zai1zAb+a}oYHl0kU+yv-4hxifHziPz$kk85B z@phfWZA4$GE6-5g3rV+K|yU*OE=L!OtE;$2w);Es#Oo+n|mP6JY`#OZ%_S; z2UFK*MoTSf^uC@L^Fmu~y0z`!KOkfDls*G?9|?HKnp4k3AQ$4G#R_(kIMsd(R0sR) z{6AS>E|Nb3WKLHG1}zjcOz{tB#(%khh$o#=RL*QHiiU(i@;p=zLZ(PV`YC7l8&1qc zgpv)WLm1inc#{8u0WHFyO3U3Shj=IJn&SVTF3^ruogq)g9v~Ey(x^C0zbc=42jIim zR3e&6KgOrRZX*P2i1?-adMg(5dxe&^DO4HyDvndTYV=wuBR|H3;Xi_z&s2?bE5NDZ zW2{JePmUvzGVcXQAY(q{M$1v6EP}ME(&SEqrDtR>Dubv21=QCrxI=VNO4 z`QTPzzmzSUh9&$r>Rh*fHqT#z{gARi?kGUmE55QnYDCbFv8HmfFF+!0D>>`8zov<0 z0fwAIp^Hw-p?jTg#A#k^j{4XCdX%)q?mW{qrHT{HMHJmcEM^J|U9r$iPmh(OA`|BF99hDNxx(G#B zuL@unks}YrHV)kNMii*KeoYNMK;q$m9uRJ-ADi6B@;3x4u0I^0_xcC(e~#Fz$;3ty zD0O*MPx>CEvbI&7Tw<4n5wULSI3!Q9w)iAZJkY`;9`Wlqt7I)vv2Q9_rL%(^{Q9^A zYoMTJgRcrinh_5r-^cH(D}4rgMH;_Pv9;Q)#`ay_qyFcY2bOQc4KC*K=1s|r4?PDR zHphEI@|iG{usqKH{d>#@eKuJ4&-lm!zwc7Rv+(_p#Y=gQQcGvjLpjC0y3Cz~?Qh?= z#ibL`!s6C)eet7z% z(yOg#e-H}qK-EA^o{t*+5h2<1_~SV-3u{;NZgcdFf_=}$@-;s7#rkeb(j`T+rF*d0 zFEdH_>Y8?zlS>#k+}?py7K)qJAU!|13A%$BEj^8OBjfo{&A+iZ=b{0^Y;+f+W`hXb zltwj_Bt%O$w%Ra>v4jSq+-pf@xjuENW6athR39UHn^-l6E35|GesY%)yRU*nuOht| zb*asX^MS!{D+R*34J9!Jq92tTV%^b!mL&0ef-N2mD{Fl=EALoEWm{He$F&d2CUyh+ zt$!bR=gS>QM4nN&%7mImwow!Z;}CwQbL3i^)vu)J0Nz{1xVu1Tx66ZU&yl35GwTxc z+LCdcCY?ZbDL%*kBBp)W#?h$BY+rKkQ-C!PziC7zjn7z2&P+Y<)Z?0 zQv`Crvp#=UIR)+I%->jTnG3tZfBcDB8EgPCTpvatXo)gaj6kC**Szm)>9!z^lH0H} zt_>9iDpZA(BzHXDYEP$*1nh{7qhYvnrh7JH!zaLQ31KBRU&p}M13_W~m{KCQQ$0=J z?S`#NLoim!zHI_>!{?wI>VQ70w0w|_V4&#@CEHA%Sm~Yn(<2ULR^o99`ZC_b{EK!4 z9vxZg&(8_c3GFIUu{w0;eFZz-P2Sy%%YXIx6?upOwq_FN$t!sGC5Ty`g=#`>#?W#|f729tD=5@eGD3XISyLwYsM zY)Oxcn9wAjK1tDOe8upMbKxWKd+zH4T8JVPiD*?ltuJQoDp$J1T zN-x0fLF<`SnzqsKbwg1tGIKek$Z0KL29vPHdm>Yi$&hL{mp+2V5GfCZ>~w} zn?Q%DHBQ)JJQ1FhXR^uNwhtLz;y-SljjVLfTXwLUlwWPlURDUHvW5EOL*cTnKzS4+AoS!sl-#eFW{AKy<7U&T-(?+Q_@@+3vhtYMblL^$j69caWh-F9*~=8n zc3bG4{GGQb02)(uYRr&14<k>Bzh9GpKu&E-dunv zc6>5OW-7xWG*i>8MUiUFyV?$K=;(;9{z|{VFjlR#T|Ws#Eg2RylUMnEX`q;FFt*+E zgo4xVxWQ>8oz;9~BU>aPzau%jxF|M{lTY^h0`zBvlz+?9gIQWT*8M2`kP|ap%O2o% zMhl3>wd{Ya{ejv)5Xv${E)i}449z=hcafKfuB^v7GQGQ#8okPXP2@oT0HUeX>!r=2 zU76NWv>Mc5g+NRF+%GJ4oVhw&!gW5OHlT0!7OIdC>I;8|Q}$0RGAZm@v_-QpBy$~= ze%4u7jK38s^Vry7mgWDKhBe-5Op?RAt-x?+TSJjHY}%n``!#lXud3f_>3yFxf5Ohn zDLwJH2J27bjr!8Kz~AXukp1YW`+LdN|7|9LV6KWKw#WX!@alZfxa!2sYetNd4)_Gk zu6cO&F#+V9tA~PM!M9q7z3yl)ezfhQZWKn$$CoERo5f*+cL8d!PBdG6tFaMVfQ9GG zHRtc#(-w7MW;j|~DSFpei2Z!Wnw5;39oO!#C0>f>I65*czd5Hp{Lg6=fuvda!7xn;%R?)>N z>YK9L*RWYfP>iuj#uG0EeECf$>+D_CdaCbp|xTZO} zR2FS@b!wmXw5W(9pfkv4@nT<h)92`94ZyU0SqXnzww4JK}bQ zu+vz^KpLxQ&aWaf8SiQ@pElAwKPM*e)juFo+5NWkf~joPgYh%KP~ooKdnZY9!fp#( z4W(%+?=T~8oHQua%D+YVlZkfN-T(S?-1H4&zAf8)Dv4$KB89A_tiuwxL8;`yY98ct z75R96_{3V)GKBu#Np;u(AnpiWB~^d%raIs@I8RDw|A%Xm#Wa)R@vdczdqo<3iPp>$ z6Q5x|Ly1;LX?z(3zlBEzd@zJUoP_O6ylVrxK^lWSO{=%n88#l?KZqutBpkTC;hx1z zxV`bc*E(ALlahA4bjwV56R6IP%J4e}4!symY$oz>@{0av5s%}WskORjniN!fzo^Ao zW@>_?0{U1DxCO|m#~_EDgUe2`%be&Lq@hK2(R!zbqx>!1JiuZj3vBjISy@sbgnVQ-Mb2sYm-vWQap&yMBphgOHs| z+F2`O{kS44Xc{Qd7Iza4HGT~^xEd7J?Dl`=3VKg|;94^NZQXtx19Um;vZXh{=$~Oh z|7y@gwVAGkmJ;j5vRDkP?&qI$xI5dO<^foT@=$4IfI<`dpm&n7Qv*EjYCL zPB|;2+i&P80+3QJRbrP(n(Jh}+C~tk&+0aFD#oT*I~e6o}wa*32vI`du+YWS15O%P>5t3Xcj#bOEg zi4c|#d}nW>p`hXHavBI#S13z}Cr}F7PlwQ-K`)Payh;P+AI3a!^e?^)9Kt#VK=y0) z35Mc0{mq7?AL^OeR`sAveCYtXM%@c3Ry%)sHC(M3?!H-ep?#+t!#GrV1ASm=z-0~X zO#Xw*(twSJ|NQf^5*Dtzr{jY})?A=zYaQI6@O98!VA5vz>yvb#GMH8lLK3-_C!_smik=O`|-B^Jqk8s(=ZN4mbD*3;7`d1%)Jaw|QBo zoIEx2%L{+=t4(!r2i;c)&(QNz$w570Z(5%yv2$m&$Rfj|KW}W*6O%u=sn4_*=9eEP zwtU)i%yWR6P6c17GfrNmS}gaR`!dYe5yq!dlL~(09=Ih*6&;BGWQXGHxd3Tv&as;l z0JBG}Z9Z4kx8l3s7gA)ch(_CXVwEQKL5#L}OMImJp~8DF&1rWwLU|n-k<=cD|8OF3 z{#*yov&#a}=rUt1$%o`?tMYE*@43H0SJ?UHT1q_T|L8dBmbwY zZt0H|JZl&LGyy-8D@QLW0qH;`*}ivit5Z<6-?`%6v1JZBrQG^0Wv|~(3{7U++mX8> zuXOWwwX|7-%s9+QPe$owG*VO$ITVhoisR)GqIt->1pfssd;3-$Rx_dUV4@`x^qpYF z8FbS&a$*aI&9{s~`b6hYp<%`2q{q11P`@3X|KU&xC2PJP-L(prI zE0gr6awT(XV(5uLY9Q%`VwD|eSPPFxL%=Z)%%gj@mD`$3Ff<`s--sHUdDX`OxAL3f zsaD7JfN;Z$gu7z`y%N|@8vSJmoeA)RZl$$V&I5SHW<#Gys1Msrf5m&h9WAa9risr% zo9=Zl1%8?t*s~vhQwCI{?w-Cu7N|fX;<*DhF{5~SO>%=f;*&YJpq-^C3tf+Zn{TJf zZ0-Ffst7^KqWfi7p03lNXZRmQQuwSPs2vy*;%5hF%_P=l8w21g~E$QcikeIqg9-aM%aT<1|n|Ed_Ke)EnGn}5p zsPk3mNsi+>)JdZQQNcfnD5hbuij?H$WcH46X6hAyR@f#nbW#S@1PsJ1j(iCk?=7Sp z5^ISDAVlb_9%|a^yow`&xC#-q20?Sg4?Va^T7x6E&f{BNs9~@Ue<$<*bS-^V#;%WK zFl~ayc|#Eky&gHdS%52hFxL#C{V6M@gzl>G*OFD%rqOTz>0Poz@5rqV|7Rpzd2rLe z%4g9hRzH`Tno)v|F=yHt-G8y4*wqn@hI%>@50p!nWz8)r0sqss%+ae~skq3x5|tKd zl!d}6WjEK7k_wyYacL`;czw~yH08wK1ncnHAS&jReq)MPlS74>x_Ak9{HJUQa@L_W zbp$3{4&Pt&Y4^%iKoP5J_Z9k%F9ggz%l%Wx9cmxxWlF~iYBb=96WkfulC44UD?9^m zE!dO>1TaZ*p%_^#XsJby6ED_=k9+w@zCn@_(*!cK9fjj%J4uv&rEj7*h?38`jPSPW z%YD_du47+6MW`}{wyjLDYmv`m(cwa7oVBY!5KdzWg{#jyBNlShfTiZh$$LS|3X{GH zn*1Kq%e=wfb)qZBl{02#mJTinjvyi{#ncagr_$Y2x5zaozh)=9VLkn+Q^H~eX?}zz zCiQvPRtwLv-*Tv()YHV^=Q=eL*t9TQ7cBto+sH2|6x$jF$w>Psn*jNMoVhDe6Zs`e z+OTQyRl8C+^Z%M(Xx9FJ<`*(do%t|+u?kTYsAHoZfA&WQ3c7`!KA;LW*EL;S&go7b z4_6*y#P8Z31=t*+t!|IvEbetFvb6?R`gWxd=3kk_D#1=2HuP;bNDoj7%ShZ^*|2Z6 zO?ktHM3+)KsvU{kOtAVOY%yVR-wWJKtt#3v+EjTm_3Wkx8jHPfhldRd`}7QwP_$|8 z++?Rf>k(z+oj+O%U6f+Y_1znFjAeDRKVo>;?UZ@u+M+gUcG&x%r;P)BTz&v+bb>NW z30tqb&3b;rLidM;moxSTP-XOIe6Bz{y%aVf3o>xx6fRKIL%~gYhwHpZ}stawq;-Uo}?s2$Ly| zM0ZUR@<;TXtaCYOeFluxzMxyHOvcJin-bSLQODzI*gevkB#0dyC2dWdniugK(BKti zm>E|K?mbX8RIbJ9eptU6S_*9MK1idMx5LG>Zz67WBW?t!N5=UJsr2Fm?$KK3%1mt4 zV9p~vbi_HYFNn~?SUj!Jj9{&cHL%A~{^!kbP)5`&YAUqq^FCXj1sL8MA7%1(lz7yW zn$So_r$(~k|4@Fg(}w=1V4Cj z0K=?;E%Yjeot^1#o|sh8|MC?^TKb|g!tV`|zh0u;t05mMhPvYi3_mFZuGc}kZ~~k# z{#;S~yOecrH>R$Hf?l_nZCp-j=7wG6=8g1yBr}Qn|8{LyU$77sX_c!2{x#(FWd|@} z8cR%$?6`vcHiZKEvpIyKMK+FLrXd(TN%&mx9@+>ok*WVo zN}7uM%Ssq=P>0R8-DQ`=lJr;TvHxvL?tWJ$X6;$gHCNXjt(Ptb&+4oFiXAen6NB`k=vZJ!r$s@zV}u z>nXn45?3^N=%8G{riCVNOr#T-2!hFmKyC`YC}>@m3D2bgEjY}(+8qrof9R_JLS<_JW$ z2wESo?m~G{qK3wt+vnGu+rx+8u%nX1aH5j_*dzLWLVnlu?c8!V-!1p*eU7s5Vc@ef zzR9PLpZ(e0cMm$mK`4WhmLXTON_M15)J|yrFrYg@UD#){kq!`C{&rA|uQRW+v%+U% zWOz=EvRrrr`b?oi2`r&Qc@KtMS{mO^xpAhq;L@V_-dfi-)U*S;JHUebg7v-`s8A|A zzO@4`9q9`KiI=((QiFODB&vvG?7#PH-B+a&yD=aBD2eMP<(SQ0tH91dLL62vBNwew zcVWIwH#Q5Ziw1Gfe9ltlJQ=M;VRi}x>gIk@K2D+$BcOLQA-6X%cja8{S9+WPOrpl> z3#s5$>E{~dlc!n4P*(%`+bVATS$3=Xx?k#syA7LuGxyELM^q4)1S+r7lfb^9WbL`m7M-% znopX@%MO37$BzgcMx$QZ3&cdV6MycHjdsBFA>QG>z~C4!<1o*qS0RN(tP`jkQ`k!y zQ%NZA4iRUfg#bQZf7QFYKA$57NjrG{WECTKoD9*}pX&=Q5WzAgABNc99k##gI2#1( z>7d+6xT!{7+Dt)oLpDG`fgko>p1V_{H_VauU1#Hxjd_wwILj zd_}^rX?!%5eV!Y0P-m3Uic!^^w;do)LL6 z1fEcK?0TC?)%R0d{rp{CNm0S>O+;HxVYm?vAJ0S*O8z4RCCvvMYSq{x9ssH(2JgjM z=tn+PQ3W$jDYbW~vsBcTCpk0P6=sLdI8iwfaY6Cr3vecZVX5ImQo0+5|8DImrN~Go zXp+N%z7;J3;dMoWRrJVNCuk*ux*a6;lTj%U_-^hv&^V7s$ zEXG(hH^DI7B%$B0%QZ+U0PvI(vqeCFqV6x^tRCqST=AT4Q(`Y!ri%9I)RcuD&ihtk zY(!PwsN*K0&ZD zGy5lMr}|V*t_c#+N5uWo=A(#LCT%G0nzntA_Ax0u*x-KqfePXDR1h&&tWj+cUFug_CFk|DqV-{ zt0mlSbI6!?%FzIh5(jqqg{;@S=JIFbr>d^Uj4gt1^TP`5F5CL7YpGk6irT|H^Wu0n zY>{he&@t1*K5T(^Ni~QJ8^Da#&4nN7^$nElztD;BA0E11y#7auyho-k{YPw`-`RG! z)0&^T1C>tW8pBTvR#3QbnM>9|I&YL@Gm)-aA{z6S0 zXx;}Gnb=CZjPC^R4GlrD*Q6m>ji7t?Og?FuPJ z=gGPTm4-lXo;K+z`k_k=zgP^KBN6raOZUpEji{*t+~(bb2O_f0O-)SU)Uh@$9&{M*a*75H@=nop3Y6yWk90F) zd|v_TdYygbNlZ&pZ4s%NFppDs!>$hLVeO@lm>vRNeZ^9mxFksIUZ6sm^AP!~*~O)Y zo;!N9wGfGc2_RSMJR_BJ*|7<@$aLge9?UCJaxvJR8^XaO^aTK4Li^23LIh_gX_gXj zcTUMy%~0Y|HI4i;!Xz^;UQej@fxcBet=~&VO8*$xwM6yfvorV_irZP8rrTZ9tPVRI z16E(fvo6_p2ZxlI7Px-Fo+2}|yTzocPdp4N)yCe&$#cdjX%vbnfl`wT<1&Qx5SkEK zRsJGdR^qWoN^?HH)>yYBNUp?&G`T4Cvp(y`R#HfJz@mi3;<*$})aT&UAALh`nXffZ z(4HdGQv(yIG=lU9@0!Vhj=xwvw(CL~N9s<00zQi1i*^Zy4&jQ5&fT;TH43aFl(-^_auD@h{q}`Y}q)e(sRXS z;LBNdB8~#4udOC|AHavXI)8YjKK?v-wz7WtV9fdoucNw^g!AxDZ72S9SpBiSP#~_} z?@$bNeY|%D|C7kf_5iL&nd#vhLCwy-WMs3ix7jlm*_I;xkSYdnO+4&yE5(2ZfF>8H zO{n0Y=(hJtB}7$duZ{SAurFUI=%p)%6_D$OPLdsP4sKG3 z*sM9DKfrdM5wnAh3nGKC0DTP6>CU51ux`RD&OopqI4>8Ovuu%TCja>-3P#J@3y4Yr zc!-;AL0kTI%`2QVcew$Q-^QqhqU5BR-}>;iKhDPY6DO(e>s&o(Jt%Er`+ZZG5(}t3 z(gBrA#;`%>NUIQwkKTTd2UcrenJFg1>CA~c>I2IwWnHZ&n)SdxmERpFXbt(2p_CQ* z0@x?_t7~wjH(8Aam6FNnb?d}^W96WG6>xVI)Wt9qKubEp-5grguk#g|j}8lFX6!5u zkqZxQLK=PLDQ+|m-N%r+)2G9+O|?zL*IkGy>?~=VEs0msy$i2-7iRrG)wz8cL*&S` zR?`u81ZU7SdIDI+op4Z=XMKyRO3+Bm`;`q_|A2*>H8t`-l_jRS8h?W)ROWh^ z9_W`zPp_>ziWr9U7BI<|$U{~vz6DHf5Ybz2p4(vlIg}Fhc4@FXldobTiG^*xx>FO_ z5nY}3R_JhTr#~+o~jV1>EFZwD^I80V9qArIwyG2JZA$HQm;ZfY#si*ms)T3ZaOd z?=yLp^h2Z`L|5Y3`Fy}aBBmJGD6~&;`DK-Uzim-0o|UE728TgooRON&(f`T0yvZY< z4>jtss2VuVsH*SeWnp?=Cj^kcy>0qVHGAQy0qgsC(&1*4;Ps+@5S{vjxnbtV5bRoG z^~X9KF-y6aXzF7#_iy2%`%-3J>lnE%p~K^|8z`Xd3)fwy{=w)*&YM_^HD%Xcf!5hH zh^JFrFt`6n=pMIBzGgz=>&G7HPKe+%{hLWTU-noFZ-^$dpOruh=a6bXVK&{@@ zMtitO?SMaQ9!Ltvss;)|Zij_Z1?WaOOB{NI#d&akgX$0%TQshEn!H#njKK+UJkk6K z{>H@-OWS4WT8)ON$e?s;&k^iT(!}>Xsy@Gn&iQ>Ul~OSLXiZ>Pp7RKS3>L!!_f>d|r_;Z*Z zDknu91S59yg#@}Fkb>>VQSYc>Z^SwHl(dPIYsd*wNOstU#Cz*dcvR+70qihOMj@1; z-3TTO6ev&;yenxfEoW91NW!lV-^B5KQbR913maQ{IW6J+e!=ia`n!V2pLnguJ;0%E z01>DKf#UUtB9tkc7P_UPv09>=hbC!mq*+vQZ@5lR|| zq|*mTA?0*;{A5PXIqf)#=+ZL#6YxnXs68sooH8v$yGoZUp`7y~F$+OdA{+|m?ypRI zFpd<=7crL=Y@%nnMps*nNYN{QHbWXx{l407u0xxlZEyX4Bc zE3F3{T8(3a1!Z+jj6nm(I4Brjq)GZaB3AN__ZLS?wiLy91v^IMBLWg4`TVcy+n|~M z&ov}wHnYFm%^Vt%gdOTlzZ4f%0l~GxAECSO2wl`8 zw7ulU)U6B+^c6YEB}`6&cfbGOg8)U(2YA3WK5fJ`%;z=I0CtH|m00BXG19v7=C zWJVKu-D)$)Of=}J1+&J`8_O){%}Lsl(*F@~w*_V4D_r=MYW|bXF?+(x6&1d3RL=ZK zwvK1NY{!;uEh73Ztq8k(%{y%0>Ec$yDfHHAwH^9VPm74no1K={H1V5|dWtgPH{0RF zS}BtiEv-F5-SSvbM%m`X0=RrmsrkATIPN;^VKP?DUOkpbnzd=p5v0So=WTCr3~HX^ zK?L^9L{+sQBJo|ne*ZFv(IBom2C81ii>w-qeV`tsVc~828A+24TXLrRBwsE$8z!2UxLXGeXaD>@~s{jE9pKD={qEv zkcy^Y*5dBml=Mp+5X!7Wq%LmynV7u?&+GXPs0BX7yr{$B4}CfJ*Ax0qE-Ck)w`;!B z44(vb`ata)@vRDt5#rYI;XB_&e$%Vd4x~O zq?;yxo+TP2Iz2r1I2bBxd+Z4l$J3d5>z4FB9Ob{-jzCd~8Q{e&b-YVjgsR|lVZ?~N zWc5;B#R))9Nm_xI-IRmaiKB8(lx?Jo7P|a!xJxViS=FZuAbK6I17=UQJpQZD#i6u+ zZhd$h3f5PvG1Vih+`miKn<5(JiVE}S2mp18W?3ADqi{CEnQZCKFuF{EDK3GbMPoJ_ z-CT~L6L^-oEmu$^oJDqd2mKhMU!TqM4fdxC_?4fM4gRCYEvxJG3hzWevu+Z6yM8>D z0W1?nS0KXla#8ep_THU5Y>q<*0Jp>Gs})cPOniJ@_taK&>{YGlZyc_*0pN6<#R?3N za<|nX{n#1o4mP3Kn1nXRJ7ov)v4Kqk{xG$7?^QLLHuW$9t%KmJ>V=TjU|IRO7@SZ+ zCe*WzTnO_^y-BoS`{a-*!l&L5C3)e52H=2o=Pg9RIrd~VgJC$31FhDK_s}fhbO3ol ze3;UTkJUT6cn%;H|#-f4wo)yhA!T#ncH4^t>i9*(Gy<<02a0xwZ1T#KA(}xouBHv3UKQ)4OZDG}c z3q7uz*h%Ym9GE-A5w#VxuATRSq7A3kF<0*|ut)eQl=H+zLK?_%&-XP5tR>o(d;$kp zd{()HBsvS#J4Pc@B^-jcEH>X~*H$WJe{EX#`prT)aI1!n_Ck)-VGDY}fH4tXgx$oa zLxdRUGiqr7JgCciKDcteXh8)h?8gt81i|Rvu0jLYgZW#~nxhl#U!UE2&k> zCnSvOJ636DsliENiJ(GKdd^ncJPLkJyO3h*kTip1nEWhZpq>V?4#B-p$b|E_JukdL#SM{}gP& z!{|{d?71^+Id4pq`eyFQg3-dsPdV&UMeu(62NZ!&r{4|<3%Ctf_<3wPTdY{A}s(BHe`C`7{U zFLzf$9j1PL-3^q{XZS1&wU`(!@8iRyo?l_#9Vr>Z8pxbOQ*t+~!{!9q2TT;Oi_ief zV$>XIg>F9z^pSyEMK)aEOhQ+>{RjMlwy!j*-+WdV%Ftc&wb*qt7Nur7W)!m zpv{^sPd7l}R?oAgls~qP`)nW2^lEjBuMA<-3=`;4kB1R>Ol1jzi$})Cr;&M|Dsu8+ zSlM3QTuv5^Lbc}lOf+e?p|@q;t3R-T9I#XH%F_uwY5IeK#{d*3s)^>ho(JD~OH zi6{i!=_VdJ*TnJvPICQ2mNBhCmx#0SS||wEV4J}VR9p6ZX5_s)_~oVKd~*QhHSua5 zaog}tB5tgRh&&91K@0hok5g@8qS;7b-f~c`R^z&T`QE3UK5vfkN z3W3w&UZ>IXUj`VA0D%k#Yr}J~U{;4i@EaA^E;Q$&w(vCf-jiy>7;I{4!c*gjm{5-; zu=Ef?CXC6<*sB{$vg{H`MKJM4>2$CWye}nqiUo>hI^|8PLFi%s0#|xUs2BPf^5HiF zg@S_Jmk#MQ6QqJ6mfzkqf@5u;dh!5E63K=JUf$OE7pMcxmcJV`vn9{h{Xaq@_${YZ z)2XCnYSH0&!M(8N+xxS$2rP=8#2IkdOS8m7GJFLEY4%fepYEp=@nkRGlK-o!ew3JEBIyP-3nha#xbT0qRo|8emgSiN{k}&}7B} z{v`K>0Br^$XKwcE=h@F1w@oAIw%OnHxh!(w?GOi%Voe;3!5tpHb-I-DL!xPuwT={o z5cn0ans?)99hDeGP%eSMv_GGksvoWvf6lVDR!6syw^Y&&VJ{l^@C%L_8%1|00I}EY zm{#TB5bKh_{YLt`THO&gBnlzQNrRe8(@C>~4JBpA40r(V$qRS{-kBr|>)Lfvq3P|q z1U|LRw>jBfgsfUE^A8`xT+u4Zmxqf8L#`H6DSZ(RQ%()4+4^F}nwpr$VvNhthf~uf z_jKtpw#^*j;MzqW_tb{(>8>>^q(Z;)$Kzb3DeGk6shR@n-_um(G$JAW`;}FdTB^{W zKZVkLVDYy@WP8YOR&SEY=9k0HLz0$dwIq2LNZ5b~2azItsv zC;Ds>hBh-@^vN{f0Y)cBSc$hCPkO~2>z7V*G<@w)`L?Pez4jGb(%AyOpJy2rR#mF{ zCD@W!*f+ZBZ{Ccl@>@crsm@SHGZj@?vU;&=Vy;o*3_S#z?otfKME9qRfV9(~_@KU>Pf9~qF2@%xSc zbXi+L;XFP>t2ueFr>uh-X?f_@3v1|DIE!cWhL83{FcvKXjV zj_C!O6N+7umOjolF@dx7^%u+eQqGQwtHavxe;P2Yxmc>va4FkAgW~A)G6G>}B>FP8 zLx9?E1tq4OM52?*g1Kc^mNZ||K&E3)bX&fJpJ*YlJ)CWKeWrrXdQO1vIQgIFk9w*k zJJtbg7`bGX0=#!2%{*|2lh=mhAJe4b9AXfN%^Nd+MP~OMmkW(Ce#5Oc>B{)%|ME!T zvwp=LTU<&nt1=bdSEE278>c_b-M2oen~)ki^hw51j>V4S6g=W)g#Zf8vfitQlF$Ch5oky`{bAtNS@;wEok7lKektOy}W(QFEb0Avea(W zbi;}yKP?CUPkn&O0xKssy%;LMf)I6`s`H4YA|XAS5?Z9<3$%3H%@Re!&vM>`1viF* z6{Bt|mg47n_Hkx8{6bHbnO?=()~l?$^djAu~5!smb|`@HM9MY4KPXqFJ91zcwpNP3F;cg?3npcc?Vf9nSH#97#^pquRlNk9)09(N2;E|C&F?m}4cy4-uGECHWa| zR4_KmdkiMO025)@PyZr=l|V7gBP6LH*EFMxkir;MO1F)O<>HT3e*PzyWUqm zx<==I!-dMnH9ckn4(d>sp4NrX&;*a|z8e6Nlnm+zhs_iJNRd{fOj)H}G6a8N@=S|l z97_3Z6kWmXsxM-piGyl)p-DS3-53OWB?_T!=JwoXRYom|t6$Ic&;DYsX}TR&r+?+< zh;_h#1%mWuYZbw`2r9~c>?nGVaNjmsu-t@yGo=pI#@0#=zaE>9)pNHOlszH8AsUJD z90tt1=*Q|3Uz4xpdMf;~#!>|h^4GVx&-fQ5`pZH)hQ=pp+)5YoNpD^01^HiV{ssf=Lt302 zzi3cB)?ts+I43Y`5dh!SEZ5lR(owm{VbH+`=SPkWwzr2N7YyXQyGLquOUP$U&XFtn zRr&b^)`c6jbOczD+!o(~qAv}G;Gc1d6rjn{cfI-CD)N*Mru_By?)2u4p6E@8Air@s zNWjo;KX?~Gnpv+h6A8JRY&c!%;E6!=1fx?{x`|u=3b;}+J9iPIi@uJN={}dC5hBPM zm|f$2scX8)0!6b0d>T2wQ!qG^!pcSi-pbWa;vmL$Cw215nebdaGab|L&B z4v=HSpd!z~-*`d&W#t;vnPk3=k&CYEf(j7r3x06dx1mBQIJB#xwRcx#Dfbdojz-T< z@NCuhm$?+=$DXtcv2;R`#LWQ>6xww5qthb)Oh2rZ%QDQwanE<0-IllCxhF>~VcIx% zkqn>Yx({bQ`c0mBTfo4s!flDrvNXxLK^O)jc_lQZ^l640hhG&GvuosLuaYCIN2MHx z8`moZcp5FzYY0Tn`ED4cd*+rDLQx*C%NR7H@rsn1P~@M&62;FZ-%Two`x#Sp{FRf9 zSS&56A`YK#+>D?w#Z>MEJ%;*SMFgFj=&mavLa7 zz6GGJ(pt&VxeI=XplXu{Sc0@__v{$27kv$0V20|MRb>BtHH$h0>!^z!Ktbda_N zD&@}|m;#L=N)phQdt_4kABz!+1pLk0c)#H#e+K6pQ`P21)!xB4PpS;j31B`N$_f|C z`9t3@tu!>Vll@(+EJ{t8OEO^}k@cur59j53E~}`SD+=f5y77>(>6!C(F<&>$1SKor zAHoxMH5aBeuj8 z3I9KYy>qN=QP;1z&)K$Z+qP}nwr$(CZQDHCwr!ie-|yb;d%xW7bW&NV)T*SC^+(M) z$9R6v$aMlz8S+n=YvCPpmvZsdicRLlMcnv78dDRW)#eON27#d1aP_)$ zMQx9h%9H)LxVgo_3l?;VUFfpGimDz*{#F5gC~TepnB4!wF+(Yy)`c6?zrPO@*1du1`?P!58M9GR^rfeXt6nnwd=^GRAkG6wj-9^Y3Ji7$F~mC$&tDbS*TjvKohoF{bU zMib_fyb5$(KfVxX4ot^v^#07FMtuO)8)V;+k9iA&5;$? z#+16if~91#(aM;a$i7Ln=d{m`DNTG>e`5aQvT7@;ceCrM?Og>G zWHY^uqTk zrWvzPYgYnob(d2rgy=d6Je_{?0dd*S)p(nY?5>ni)2JC3e@ZzL*>ki12ZIY--7r5@ z72dDQ+PlsW%*M}9*RTZ*0VA-Ei8tDR{30vD2v^XDv=@Ojh&g zz6Sw6QqW`kd!?iMcb{P*7a%Uq&Y3wwUPuu#yxG*d+CTR@i?{5v^;UG_C}By&8efs>SGWfqMZ*n1Inlo_*taz!sFA&3CguC2N;Dz5N6XqH#6>9 zBN9w`dPjQL3)U}SSIH9RUgEYB4q&A^b@XZO`DQy{cx?1qV?taOxk-PmBF6}#QBsTMd&Jw zFGb7aQ;*(-L}lU%<6etsYmC@e#j~9-@%OqH~$Go$O zxkORYU2p2e3-S6KF+2 zfKMTSqD|Dav;{NAb|cb`c_ov(eXbd$qb^Wlaw4ih@Mj(v>MsGo=4Nw!N0XE(_Nu|J z*!09{`1}Y0sz6@~2>jOnKF)nMe#rBl}8^Or`1J_E`bl?9*p$ ztTPBmNu8FTXPUu>BDmyFwr(FdXMOsLE?9jERuou%4Isu$X1 z=XZ3&qba@eOj}{pzKM67S^1j&=}aJ?9bQ}E%`9McWyX+7<>bn15>(vDt?)#yaqB!5 zDz@#v-T76??vd2q;A^VJBBTJiC&&IHD`HcILCS(3dalnpTQu~aI`q2;*vu4(zX zn|kqQC?B1K00EUUON;V;)*9BcbLk^0H<;Z15;`50qD7VMY_s-Z?{6z99 zhy>B@laS!15e&K)SzrckeM;K)<1PU=KX!r2t2Q|1OK_4ZBxh^-sMFKE!mdU&(knqH z?8+q!P5Ryn_Wr0q@GW_hx*`0qd}~=BLy1J}OPyUvS$7K47+w!Yw!-mWRl2Y0y?2f9 z!Mv7qzBG>mC6U#Q?F0gdMyJ`1YCn(M(AuuG>i5XT=(<+P+v?E_eZ4ni3#Nj-au>KT z7mqj2mm(5J+yfqaVO3#j7eCk|55@CFMZu)GGh6mURQT5@d;*Ui3}r>YN~s{!lXQ}% zCg_b(v?e9p(^kd3?Gs^MZ<=`VoP7gGje{4^SeHRPp)jXD&V4I)UQ%9RE3H^3>M{3} zyqz%%iJO~=98xRXMWFVKtLhwmET7opuuiu#{GdE3!|eeu5!1)u^)=TY(EJ9@Zrn!J z$50u6e;)?9$J81m@N>LH`?C5Vu8+Y+NBX^#6nx4v%4U{eV;1s1xBTCr$v~J=SRFEQ z7WA#c4K?5i#dO|g-{Pu9&DXkTDXI`;Z>U1~5@N$QOtHcg;a-i?1<_gNlzsuhW#w6} zZGlsB)2h;$hxAu7H|*N{hWjJT+I*B$jEz zHN$GHah1SJn-}LJ!ZeildoVeVG9w1k`~=*K)d;5guf=H1;7sd890hIYi=G?knLgm7ry&|wbC@>>r+<44QxqO;utOgNm#39oKX zkDIUO+tbmovlN{$U7TTXBST#hJ)t*s8)+e|_g^5tf^Y!zU)clA_8vjf@%LPcE#9QP zz3g&=5s|!>P=P)cg`AX4t7pMr)FdL0?REInTMm#I8|WtYx7O|RVZR#fgVaB0S6DUI znM9tc^FP0OQc{{zSfR20%(8371POh3)oqXBL{VHp4`i&FPyk~kYPc6KAWHE-*WEZx z!258Au`+W53O^{c%(=!OC*O>N;a#3q#lXkR5zWT4;PPg-wvKq?{OG;@Nj}pOLW;Ri zUO*^apF7iFR9%?YF@iD>k#>s4NmtJK){^&3ibk*$jU@FDh}V90NYK=WJu1&WOK=>a z27-M+HVE32oAwTd=Y$=3wyxnW&dI*Yo_SP8qdv?}bUmEUX7-=Ot-Ja}>4g!v)qol> zM=uUDQV{;zMaNTrLsn(%NyNc9Z)BWFMxJ*bIdQb;GLoo$N{GUfv=`f)@T2*;Z3_T4 zD`=I!bh1rs=ru64rMle})XEyd%x#?(+@5APPyhR?>eS$0}5rv=~-4&8~g3~n4Th3@gEtQwU-363rdnA z?>eE|rx7#2;V->Vgh{Jm%XilV4ApN)NqA+@B~+6WYxF*19r(w;_YadmsIkB%85lZ# zyn^xGfG?5BCr1^T zeb2_Bx|uHiY*kBJoNmh88>Il zQV{35)&iLR`#H=koUTlaQ&D{w4mE7g-16iM!(=;mizoj)mq$KiDs8pD>~O?r1w!{V zp#flqTU*@7-K;kz7&ouRoew-(9Fs3p-!l|jY22*`6O{XyaYVoNG>tsvX-pbF`Zw_^&-b)+ZV=my2Mk?xQR1KXWUVxs1#*^3 zsD}y?ni~;r%;Rv7aog@sj2Xty1yxvSQ_hn5|7&lF#4Tfb`a~~qkN@++Ds65Bl=@GO zt$I(2FP;C89-pW=&ugHRZJ!u*8-qNvJIL8&G0#E@5lR31SyFrmgMXu%LZ)C@uumR8 zY;hSXH#5_!a!BvkQVY~phYMwZh+gva%Io=?SzLAwoe`V5L$04SL{f8eOwlPsZB6s< zKW@N4I-ThHVv;%S@h~($XezX!4WSj5!#@@_!h>tp=4CR>9^D5()aB8{Kt>^_XW@XsH?OrE7P!wD$IAu|kl zZO}|Juxy3q%+c)Nsh2?AClWt9!-PwJg%XD?Wez=Sc4;|B3;($5sxcJ~>Klv%=g%4O zIj%ZzqftgFhSQ+$4-^ns5ODitPf8_bI*AUkWv=lEaX+Y0InD{(rzozU;l+)A{~ignx_!{L7Fq8rS8JzgX50iN zN!yXo%*Zv)ON9jY^nRQZG!7_(lsLq0Sn}jon#%VZcx%mts0@deV87+ohH6eechyr? zW>UPFy`J8rtLT=79(vp$-|D=WlQx>*h~q2Roo8($)0|ch3a~uJ-rm26tBov0OBcgkRp$ z*~cV95{d+R^e+A3TCayDF54#-1TM);?!*oRj%F!A(EP}=VR?UEIK2(ikRZ84t$i_6 zJA)-nX}rO*Ur5Hft6bSj35W~~)dM*q?Vn=s% z)J^{>%(RYW;JZxj$kybmXmG!ka{D+oC2h|JU|V;o6h)RX5imc$J9)mpHKWu3VGI6} zNHW{Rav0b7%h~uy%v0RKET3-mR!=sQr#|{t3kSUPdWUAK>cMHPbGfaWWW!LBxivR= z@qYW)h4#OBsS82NxM5|i@rZrtX^vzi)WM~6)-gZ|_RhEp3GFt*3{C)iFtt?|?1eH~ z<-#q7=mw{m*&vvEKIgJ-KE#MP?8)E=6XZ^$1!|O?QHrK@c*?3)?k(hncPDg?U+f%n z{j)8*olfvE?T-g-lfSJF8$Y?c(4mRwX;(2lQx)LuA$b`oOp<6f#K(s=-ukO6A@C&C4x-1e=`zH<@3qoeSZ6 zFqU1jA(MF zWwKB<9%LammrLq7A@50m+3+se(Ji$4oDgx?b_pUr(@Xk{T;Z45~Rw zC!j(6j1!__wRkJ|4c?C?jTQ*B2q~zHK zsRa7u;>}35(8+NKK>UlW{!L+O8Q%9vVWkpbX<0Dvh%me)$OgROaGhd-VPR+3s8w(9 zhyhEhCLd86nq<8vK>w{sZ7q3a7clqz0GOnwt4TE5p!z3J0qg#l?>|E{vSab`jJf`ZABq=5`snof<_#IoBO0RoDA{$UKoOh-!bg-vRQq%LuZh< zgzoyN#v`Rg)Qg(8)atMZ^WT}|zx|5i94@G-`pD-Zu%o2zwujxTI2`$qTcx&bD zha@eAHrw6F78Uam=ZkRW>We*iXIhx+h_il%rHvxec3{XSMQ#5^#a`@X`#?i3D)5gS z@v5>c!N{?2!Z*lx&HbCN>iUT79ag-}?Ak&qg{rY=c{vZe)f%u(kM{K^Vqd;C2+~R# z`tqj27dqkIrvS;}DXrT20af(tiRV>68@ZfpYZ%rzW5d8szZaE~P;8C?Na|p` zh){Xu)U~)#XxkJJuF(jR-(0zB>~$Rxd4up3MZcja&lL$Z|M#q3QVPzzwt}*tzo7zn zhZ>x|=@P<(TZJdVR}uYj9$)d@l!@D(g@V95QipcR{Sb!+u((@JCK91y5o|);X@rsG zgEBKn4kf{3ABIS)kMEBS5+dhlV^l-%+7OsRn@x}IoVh>nbU1;43b;)*D)*?*Ij~&} zZm;QYGUM2gN>=-WRR_AudeQhdh#?weas@0)4c?yA;1NB2KDWvYw5u2%b+Yz5Yj%Y5 zU!wv%>)QV$Vgu$`fZ@UQAq+`^AyC4ET!yQ zMFLW(n3KFTN@wX|T6QRRlztKDnXA_1h=@jma8q>k_{k7pj3)?Rt9iX3DT$5 ze8t`?1x^1q?rSDfM*&Q)QTeCfc>*9707=7JTdxK0RN1%H=S3@#pb$KTQ4Le&`5ssT z5}rQ_RBwwQGN3e5kqKmea)hz4(^I?x?HH6wVNLzl7bH~$0PN~HzA?n~O{d-7&%yet zRg|;`rEgr@fG1b=EAa9w-@SW;1%h4)_g8#ecgLqfZ2skAIboA-{K{O1WdA-HG+iA4 zadTW?H+i6o2-n8pX$XrFD|Shx_%wpU!2aKKY=o3o5<4S(Ga$-qfTrrzdWRc+(wb}wnqam|lT?-T z2_ol0^VxZz-iCRagi6ehU$H%<84ALB;}7V#p#|r9r3az0O%LK&BIN)~#;9#~PxfHq zb@VUuV-*nQa5+#+SavpSD?_qN(uJ8zx+A47v0J(;YLvvM6GD1U8QwgP+pVLZ+X4IX z`HQ(cKTx!_b-(T2p7*DQqYvJ%jjIDM6gepP*LSq7MZK4DW}YmqXq)5yVqE5;xWEsw zkZzS|Y6wA9_6lmWv1;T|uDg_Umx8YAd0h#4dNVJ+=AA%!1=xd{xNFXJkpsTLz>1Xe zz7;?TvC~{0`+E|t64D+@B(18}>gm9?o03b9r+r&?x&aHQan!IeLA13y(Intl7lT2~ve@ zFoCu%kiHLy9CFdb?vaoAO&v|MpUQ~oxe{z@;dn_oWT>N+C}{Er6)C`%U|84WK!Y#M zqDx3HIdPIwpe^YdK8BN1N+BRmDzfSX=-*kntouF0>bGPzU;5?!%{+ZczM98md6kze zRo{y$@eZG6OhP2T3-I#S$)X=xXtE#fMrW{3y5KE#Ep5R2S6;UQHJUly)DaI^)=Vj* zNE8`G;Y3PjET*80;U+Wpl8}c=>mkZB!SHQYPjJZ%&>SvviVZO(Xg!RL7%E@u8Ym*1 zel|tC)|CPL^}?Iy`{Vk^{{FP`44Zw1Nhltyyw-2r$(z%^_3KjT2-$bVLsdWvWV+qN zuzCd}&O(o5JOtpb)u|HT-bN?V^hiGkss^bM6jUsro0=5Lf)9FPp-^4uN4dT_ae;xX zvo}>u9eXm#OfbyRFSh|ULD=mqj*s!2Nq#yGbJhq`avm^irWRAS?F@q;>$fEP^Vb7^ z!FF{d&@$+~=R;pSYNx}99DXgMLD;axD10rTsFdXbPSrgBC5o30?5|05k&j<1hJ4|M zkl?C5o&~WCF+6X3L1$RDLJ=z9VeI}x} zhV!k~;*HXqEb|w)9{8Ot$!Q*y7ujb+~?ki;lm1M~YQEa~a=^?W(IU@0@` z=iOcDLQb(<`1e&2AZfDL4NESeY#JuRk}MGY<;1yi&9z&ga=hMfU)rL{2HX|ogug21xOu-JH=1SX9Bgl;bEei|ulady^zz@{E_w^2>yKQu9e>N5F-` z;lL&laY~MoxSp$0mm{ZGCq$g12|#SX79pc&#p?i^iCV}ew7>C*z|gUZ){w`iaq^dg zwM*W+%Nt(owI4U;kJen-p4T(iXy0$9OG!wE2A<|}AB{zeqv8cTEaogfx+6y?N(qO6 zo{@AS(o;{6c^feK!FmP_z;7v7W+!=i!Q6hV!QPGb(t@FrCkyuCX!mfrr$k8+wBC2VUT_gHusKU|#Gmw#J_)&X>|(Qt#_&@#Ev}Mkk=Qg`gzY zCu=Fl`F-Ig=4bx(%8elXExK0PyXJ+tlI8K+Bu(c=HpIfycV6yh{9I6mWNo)5j(FB% z?W{KV%hZ-F2z2zSyw=U*pTa#G1kj5-ESbhY+$g@^yKw#!@uyw`c!^L{w@vhJp94sp zq@N#Nf=v?|*@9C0bxzV$wh+DU(64aO%a0N9Tl}*kHbyNgJ#;4X8qoAN-itmxBy>#B7tL{v2OI#w~ zN9i03f~)KVV=R~GN1-#Nh(A^+7c>*$sTqD9d^NcWAiAF7L=lIp8y~ElI%xJ}&O1+k zIlz+l07=^S1rF|(244R7j$bmmr(HMDTI->QLg^P%-dS7haW^ps7z@Y0xRhnx9+nD2 z3>_*Ub)}8D`pQgb#ww4E(D*VHbbl1fS4y&R?0kZ(+;mlJmJPaGRt>nUb`&5%2&||D zU#zZSob}s9#&zp!HpxuQP0R0eP$!3OQuwEIL!!`f1YGQ96A5-zar%}auZsv05C$Y% zs>BnY`(NUJ15gZVcL|E3S#qPe3VJ4C2T{QH+@>Qr>vV=WNy9C zOG%g>rt?X-PfLC0HxFpboI8xwK_81pPV68Hi0|c>KH>b+*n0jI>S_N zlB;sI1#6v@-GbesBbzPYp=zGXs@@j?UHx?>Nkq{@LwAPA&rPonW9F1kAmn*XA{-5w zyHXH;|M0?xZ!p>V(n+tskK`%VyG(mt^9s=Tp8T}Wfq^E|rXA}dRG$=^Vt^?+d?T=a z>B|vzJEeIF!k@s-a@ATH-k;o3-`8kq9zJ#-AT2aHtx2PShaEGZ(|l<~ip8%rC_PeE zzuv)ERu8IIMUmq7mZy`}MU*JA28G=!`qs4)VpKSB%h9a-&$({_^u_Ah-q+}D{u=Q= zJY;r%i#0DP^!?N)I03sKXWUhet1!N86B?gkSoZzC9Ugx;mxi8ie!kb3`_JAR4{~KR zN80#tKc6#6tXX7sgUHughfHEJkDKHZS2t!dO*;J0Cv;LppjCnu_|+jjTd9$!BbVb$ zk=sn#C@{u9yWX)V7}Leze^H5;t@Z<8{omz}_w%mg=_I;ORgfn}JR`LdEI%R)FQa6E zc7EuE=~ad~t^3g24eEnAdZgaEp7sa2PA9pW+*;&ZiX9v5a4Ef{(Wp}^lCQgHf308=9zTZdUXlfMNd~g85=oM zUGp{94ib?$HnZwj4LqXlw$*{jYFD4Rj9@&j={vS2W+Boqs5cuo{TuTI0`Ge3A)TJF zU89n~*qL~fe!AxamjPVJyrHGuK$|7VpP-Loyc+M^m2cTYMwJLOb$;{-QXW1VGweTt z6WX)F`B^FwbscVju@3{ew5&JQ|0}GKUSKnX{dmu_fmI`3^ZTdT<4;t39nIvK)bfBu z1y-0ejXx~O-@K0~NRgrJzz zj}{1`NF{8nKTs~I66i9lcoY0d*USk{z4f&+U8&o=j>@1nMRDcBUPIkuyV=H}WZZ^;?&ht0E&4s>x0;kc5si8RD zv*5$T%P5Q418S(ihU@PX;u7%~cRVm{hOE~N&P&t{??DcuqF2xP+M?C79#_Y1TSez> zlLb0vJ(~f?W_nG%B|WwOB;%jr`e?6B#(;CuL8cndD9@Htf`gnk8-{Ce*W~h@sB@Zw zoH7gPtrf%gX5tJ#MIUK#mQ9tWH>|Y75l6iQP?C1QG#IJ-c7}guV>n>iRNeC2W(K1y#$C=&JoVzFl(C))_{`wH?=mwNCq z{mYDfYy4~MWSoOD{A=c1pvEV9@HlCQ{^BmVfQeRIzrRHpNrzGrJ{!bp(PEAdMAf3F z5kh;{?T-B+bxj1BV^CuDqT!IIa>D!6T}1yWULkKXx5PB+GEc*g7>=!}c+l7=Tw3Kl z`3|2X*F~7lnMg17eAa2gXZsvdOF#-SS|(|jTug4ljzQ}yif0!jwZmP(DPcjiJjJLZ zFKn2s%%q%{UeHt!tw!wVz>+*CFIa%K!Yj@V#S7uPp+5;{3kj`hASQR|Bg4z9QxJ>u=U9BLC zS^u@Pz1HF)B2=>S#Ej{3K@F{#%ojuAp7$Yp$wq0*m(BMwPXm*}eEyFY?)GZnZ(V+_ zAO2$#tG-Zq;mqPptOMP@(aqMO3j+h(ItvG-)Wb&#*wTWSmkK36!QRxMzB1)*TN-@? zispmkU$Z~eQbRIt8rWZM2)pG|E~b-$X*?BgWn9GRwBKOP#76WqfTZJiO5HZ8gG8Ihlz-kqOA;JR$XU?}}Kw}lD=}fWqM#GvBS#R7lesU$8 zm+-<_a7=c_A*6KUSHKBd;$Tmi3qmorGhXm~!AvG^xDl z{y+^X&-}J-2s;uWMw;Y}^V7|SZMLo*5p~>dn^7l{|M)fj*m%2YWZkWiX2)=1P(LJ0 z2@N9~HvZ!X%iFO;-Y_vvR!-+AmLi5s5~#o7dJM!EifFtYk6E+kUc_9-C}}kpvkrQ? zW;4aF?frm~ENq*ay_0^%=RRR8LLqpyO<`qoc zY5ToTd%&EX$%!PCeQWwiR^qpKaOL5!tjlR=C|t|RBk-T1c*%!%;30J#AY=uxL!oMl zf0;TM?77)qRfV6QxAhRsh8R146E$uU87LeU2boU}{OBkp%pZpKz^d^t$+-?Q`yZtnAQ=_ zDBdoBWz+115s_Q!<~Q#kSq3HQV=yl3eJL;-<|vMwsY-)`BAOO8om#<=trObLbB}v; z#Obghn|+RP8drZ{6ef6{m7?P{u4pw%HfQs(U6yX%$w29BN4B$}I?vE;BfuPyk6;n1 zTzNx@)A%=QfLEt>%NCAS_-(AYK--r*U>qoQY|C_S#38}r>MxQXIjN(ZJR`m7c9~s2-5w$$eG0!QV{DwQsM%S~r1L3<4WLJ8Msu@)f zLBZA$$UTD$Esz_QA039VG4;k?{D@h~gXz=IIP4X?K6}sCrh(b0V*K{LD~o?LAkf#H zJwi-}0>H$J12QeUjV1fhzdVaAi6tjdgbo@UO>fW}95a6ibSHEhP&J=E0%15QvxN6Q z=6kkbIBSlg)Qj*bSes}ajS4;pEzC7;PK>QoJLxGK34ODIf!hWnOpRrx8KoXH6HwK) zCP!d1b=lRJRaLKTy|2nO`l!J>-uE_v%*BTD<>jaNBueC029Nwpq2f=?xI)&TetGL7 z&KwWS$k2wUf_v)c6z%n$gt9j$+w47O%3%A9Wst=s*pnr@!6Nk3z}C4#+uLDqb@sV8 zwky9=jH2uFMB*t0ezhff%h~!_AiT7eMBzgc?yYy}lEp+S?)~EEo|HeQ(6$cM#I+Ym zLcb${2y4`7o#q~?3M?W?G78Off~gNSQ{I0=X3e3|qgG#AehXzjCUfPlQ>}#!8xU1U z@RyK}zOmo$AG)TazU;qgvZc!%pZBjhUD-WeAJ@;+1KllNA73vor^kcVo9#^>-Ox9+!;lJY#jJ+} z@&lf!NQL-}Y4~Y|?_I?A>rUn>l38O)AivjoGx%*+MMs?RB zT>92YYyhzFZyU74@RmcWLVVqS@~Smp`CIL@@g|^r%!)i;n*6MJw)WBCzTEyNr65Q| zyVwDV>}A;2G#t$(Y#NrVjxvAC0;=DIVJInWpoJZ`Tw|rzkC!9SXM%YTz|4wF+)53- zR4!8MnstW_Mlgb4$utB!+WdLE2R%mpC^*i55ML<#iRO=D}?s203AMih`3E#gw zvfN_6Gke#JB?;n2(1|F=Oias|Cbxw@vtVoy>n;zw1DoA8F3(qH!~q3}3@=l_#aF!VY~BL4*ye#fHY-)a<=ulcUC(P@Hn zDHTYDwAGb`Wq@HsXa1XH`fcFaGaXogXmz^cL>kj*h;2JaaBf{Cbm&SoKKut%AV<1l z&~B?Ih+H-B5TXiGVNUFC3qNKo=$k4+AeL1qCGMHjZVQrjy306GDE1VJ&nR^S0*>`o zT=)y0aUg*E_ESnsoR#tu5Xn6oM`Ros)#TH-;t{PMfQXW}@S`w~Jl%B20>MFl?q2-G z+?0;^Sa&!dw#8129>nV9BDl~GBsy6HFaTTQ|iuSI>I+|70KbpAR$N zufFSmAP*NeBFa;p0D|{v^u}u-h%w}1GZ6bVf#eOm*eQ#hTGe)WIDclkWt5S%M6^Pp*X}wN zQZ}jpSkoE>L%svT&u@qgam_6P_v!5Q2rMRwL=k3LEXNA-Fr<~5=a7=(1FrhhLUYYz z(E^7&^Ya1*J%7UO#oTo65m+tN>NzzleyOMmR-Y;t6e16^OkH8qfEYMNk>kZat%c3m zWNUnvn>9N2KVX+NCd(Y|amem;g_5!{9x8h`Awts);q9jhN}-XCM<)s;`jrAdM!MNC*v)*B{T6?JymvV&3ak);gI=!3KX#J=*C?4#Gg^C z9#W5}H;qPCE&h#<*vU5-Nw5ZxRrDD5vuf*6GUbTc1aIcW)^g`g%>I>4e~MnA0Lm>%R39O0pU*py$>%3 z7$qoIa$}!>>6ky~ts~-mw#Tt~3@ZNG4ko2*Ij>NaW2{}P4QgYa6a{osbXsksVj8D) zcP{QX6rI=Ga4xcr*IMNIjoNaVaep&V5gTJ&W?!Sl?$iu-n*X1gaVpG&!7IIj=MCje z7`y_qMkwT4LFqWtH9(ySSa12Z|KV2fgZdxvXNWNndW-H3T4yeV=@`Jm10di0!^<&O zVx7g*mRi&L?*t|9%%VSO&b>=T%cHh!?(OTzCss7EEz&KWKoDz$^i^J6`TT1MU=`cY z6hhf%-OC$S>t5Ev|6n#HL0m7$#4+oL1SA%|3ASDG$bgdoa|4=sovlleq@i28am`P8 z%9B0oY+;|Rv8X^lp7nM*PV{zgE;jtBrnZb@Bhn)x@3pZg{zBDNFOF62uaf z$m}I<&T}UK2?puz5)e(gf<`8FoT#fpL*Ayc|F<;F%{C*=eI5NdI&8)1~+0yVhIPI@3A->7Y2rRP^tYZoH{IzYwLli zA*dnB)0CHj+{Vq}#|kY@0s{P&3lrtB+%e8On@#i0x%Q+FP+%*cC2w&pNpb_}ukCYy z-LJY5ZA4MDXBTO|r;YOc^4^L1Cf}DdT13TRtmby%vJR1z5C2_IeK((C+rJiDj(jP*+u^%eC%C8IxBSk3}Y9ae~4ViMgaR< zC1|Q8AaMjo4A+CjiaYG9-NEZ$jKSAg*yr^xOgUwdpAvc3VQyeb14J5RXGX18mP*tX zJ>rD_!|JmVl*ioLG&vbSFL8zilk_+8b4U)<81ivSy)H|4sncvqvT2AipiTh2Ux9yx zU~-wROz5}Y4x$vQomX|GU&Pji2PP@6o~FY}T*=?HZ>|JW)Jq%bgC-lk!@k&wE}MT~ zHjDMe0X&M@%u^z#vBv?~9kMUQ3euQFO@kVx>f7T+B)+EWU-TiAs_Wsvq#~KTM1TzM zjwLd>-yE*3TN_1Phrmv-jt$?j8D9Tiq8^bIdn;bTaldv_h?hbUp-vM(8&Hhkq!F7S z_Y$j6cLGStmfZN{<&2p$htMliiM5_*M-YR2nvk_BKVv1=Ft&0@^bCviH0J*$=&7t* z^=jes_6i<)X570>H-%IiO*ygT)kMCq$d6&i9_k&k-a^)}=BUxpsX z$x+aygVZ zZK5fPrTi@tqj2XQ$~J|6s9U7Y|G%Th2yz=JGu?*gqmN)6nM4}KXizj2F?h7BN)dV4 zdQ;4-gQgKy^Y7Jij+wRiXdYT8=W)7?QeJro@VbiS=13nOrhVms#$pH_1_L7r%!XkW zlg5+`mJ{U$kae%8qBT-ebap^Xs3)f<@YS*jf8rGi(?1vfg)3C1tq^`qeDBcHnCsg1 zH>orK#y2bePR+GgLSDtLU3A^5?rQCjV~pmG`XOG+0hc!68&4B$%U!$V?^q)po?>Em%ocildz=iCkq4lPE^Ck~(@PRhPT`jPGsP#|H`n~USspdK+^jw%aDsa%-l>N;JS zx6y*X|8A?<7+u&ZcWiLW4RHSFH0Pv}{O9$4XYPFI?BvJc9fDzL3#!?mCC@^AJDY^d zSN;Fc@bp9McDrFKgKq{VnMB{hBlmL?##A9+=j@I9jHz;V`Q-P8xP5iDrnGsET(0O@ z+rLQF&|h;7Jh6wDG3)eW?L*Drh+9ZunB;}$v4<~szndx`}2 zCKVy&tx(zyyo$tZ=lqTK09CL=S=N$rbR3a{e9NsK!95((aQaw#8-kZiBY>p!g2l&# z2>eGtY1n_0;-Cl2pMp>SZUD=Utf}ZJ{AJ5vkmj;*sMY5MXAT{4)85lM;mRD}L~a{yWmnqXJ{Nw%(wMz=%uBg-4O;N<6%nI(093iY-c1Zc zB_Rcd9&sWyZ;@VV1CatN#|sq6%xbf1=J~7QUa??AQFj% zAZsf(cil{ICcr-x$Vanp<$;^|i?C_I5J{76NBONT5+4GZK9 zX&Xp&3`E`Oy}yV#zFqU1ri`2K&QX@Kg`rXP^~T)=<<7Thaq7`fzc2&O1ms|@m!Txz zwms<=b!=Wb%~SEV0TtS-2=zObZ%BpKd$-r#pEHKLCJ_@8gQ%YwQm8&(W*uOY9CV zF7B^B=c<#nRTY(Y?m*Yq$k@mB`{`mX_He&+j6Wv!=YHp}pS0DYQI50&Jh;1LF@r@9 zv@}-*S@2%gE6wB6gJgJmfrWPzgw(K&O$t*mf_q*ip!QWl4S`MqXIEn-Q`7WR_Kiq& z$HK^ zF3%uGL;-YjISpG1zZbbh9N*L&u=}#mpf$aPWJx5ZZ;Q7MUNj?>|hc<4n z(*udtymu6M^xs4|(GCIWP5z{86B@Lj-REFmqX~3GkO{Nw#Ao618DbWQ>ANO(+^y!- zhd|o=Y!+Xra>m<^iMtq1g(8h-VM^`wX)FGkj7FyBgumEE)cJPABVJBiLf zKD5%8Gu`Rgr*|?I2~IYzk)jmIpSs7pME?c<8kV?t!Zdbf>yv*nf<&2hjg~;g2!FfU z^d}4CSr>RV_~2h5|1otChjf(&u!JI9aj(+G$S+X|l;E2grX`-1nY$3_>V8vvMa$rS zjQRSn`U6BEn@65{hMxXkMyM11gpEi(J@4P??J++~LqyHiVe))Y{*Pz6cJ#CK zjr1yy|8eGQ$J9MBy2RRcA~LaJ?(gK$G71gOWjV$EzZ!GsLBTP)&ZUb;(0|(S-6?qN zB6>7BJp<#oVa_m>1ZqNw{x7P|DY%w!;kGe$Z0^|Hv2EM7ZQHhO+qP}nwv(IlpNqN= z{jgrUs#jNkW6m+p2ewA*nWQF!seSltT@_p>pP5N`u|bNSF=TMu(xoCr9nUwgsIL2b{<5+)_+IW zl)Uj(#997FDW9mIF=|eL^edeqG%tZ)Tk&HNV9}}iTGMQ+qQU== z0+?{E3HHhvuB*j_Ya@GF&pc0H6Kj7aF?T;g9dw`=x>9YVfFD%B4IeU4rPhT{soQTW z%{{{JvRP(g-ew^!TN;{On{6h_XPVC}qRA5eGz5ySfNg2fzVwQpoCYa>%UoDr(PsKm zg6PaO-sEriI3iiIl54TW=UO84DNTQLH%!$v$xjNMH|}%f<3M1@H{R1L=;F3(-!X|( z^ppu?55y?}fDI7i$3JH<%tAn4ut?o?T5?*qYRO@RELBYI2jEBgSyjbak3@Bg0CH(>LK zb4^{s`FK9nFeEfHH^|PMJ9S~J`ys)ib{5uQTVWqa+IP_;4D}F_p{Z7E!H%c&Sp9ey z1C84*1NcC^*Do_x;}yAL_d-hXR+db$7Gu%J}P4#29tdA>~ICc zHsyusuSvdeBGWg}JJ;MSKfmhpSTY~^e4FV+fK|>Bl!d1|3d4TWqj@R^4rd~<6WZ*e z(+2JpR7OXETpa!De{?oUEg2_UU-?D1+i5&gQ9aZJki!2Xl|LG$_$|@>O638A4eLpZ ziAds!2)qlapEU5AP-n(Jr$tAxdFDGO<3Nrs z2*!N~f+=w?8~6QkZUazYpG$5pbL07VXWuB$E`LonN@S_#sw0X7tIa@tzC131M}7cw z!-|-xntHkJZli<;QVWnD_xlOv`&|7pifpuXeYhn)y|1c(dPgUJ zwv0Y+NEduMpnrCQ-y5Vj)kpyS_NO-Cbm)Q}vrnPFL`V7-j1ObR2H`Gs$sjB|6hi{4 z`1zFmcFV8$BF8dw(&=ongnnt#OkzxI;P>RK8OEKc9qvKY1bejD$enSw%!I2C#i~eX z-D%`=iT_qk8#lGVmzgfyHdhG4JfW8P$2f0Jy4&}EL^ehz*CI^b`;zxwCb2wdFdh-m zcXnxeA5#!J9we`@^u0X49-EA{tEl&ANN^|*asfUuLIz6D?JV2xd+YmTt_=zZ>88#& z75|+efL7}+&g%3wo$^?bctMD{5;DC?zP{K&95PMp2!4?l ztC|<1R2N}plk{rwr|WP#Iy&3EA5MzlR#yh!>Tlxb>ZsiZV+g@gfim0hLC|{8CO}ry zdQZVpY}JW!LUzCUE7vQS!kzEIbk{d78G;ESeEI9FuhPQSy|J$bJzffOqTUBf)!CA1 zzGtU>%h&7w@q}RU%`w=az&yH%ZZQx#*1w-`yd;W7wF)0z5Bq+DzN3OW35wgZp~J2F zH9a*m2Ub{P3YwB_`evEtX}^e-P>Z*`jh)oEci&U21q}H<%Yuyh9D51*3~T0iz&UT$ zMYAu?RG*F$;V_hqifaiQ!LtMmDFJnk=@g#ug8yJU?!M8fN|F*>7XD#26KYv@N#Fu# zp>3$0Nx%(d$50X=b)-hGPGcxjhP^)$%hip_thGO>3S($Ooo*e6iW5@e2UXxMCL~g9 zF?R1t_hDBA8$1b$5L2ntyBVo;;lf{zT2O>%8^vs|)abdWuR@pm zm2h_8Ynp0fz2{Np;@OxI2@3+gRL6@D+e^37_Q-M-;E2so#TZcut8L zQe^E`^OJ0$zVvb>3gAeKM=P+9@NP)>B82VZ7Y!u3;li$7C?#yK$580)p~_|%0mq$m z8mDEoJKQm&uc0cO(=3v?23ESb&N1#{Ah?|wXar2wkmrgKHxXLAMV2`+$~%93?hOJv_K6&L25N+BRx& zgeg&gPy8(^9;pz2id2`6?difK2<`g1GyMFG_ka7j9(pb4eo+TFegmNdN+q?72wWz$sdeU3eQli5N{7!WY(FNhG>f31KFC7@DS`8+Ac%-8FV!bk zD482CnYD<_Bz6VSt7VN^-(Ow|)kM?POarXk!~`;Ebx$$IxB7I`saWQD3Iz|8OT-K3 zYLUV7L$KxBgpJ$A4a2VFl-lK3F_xh5|UJWmpWJykbK7{`GQaI4i)1WEX38H z*O>XA-`CkPz5$;B!-a6_;D8-?mI#+isIP;S06E_^@8Ts*7NVV9W+)pSzh%ubC1Bs_ zC^~iuhADCmo(}vlyz_Ku?0(jdn@Wb{u-q!BzX8~cJ?*06EldDl;*6ONxu}5>O@W*0 zjxx)j#Y$%SDT2I(^B$Bb?~~%7b6JYx@r)sHN^{&HxoGo}!bS8b{c}%4Q`GDo?STl} zo<3}vU3?io1Hxa&a(olSF!0q^|q!pW|zR|y?(qlYF{x-+paz2C9S!GLlw3qBnZUFE56>? z<@52Pd&_T|LW@VN;atzj71arHM~@B-#t<;$iX}8{A-ukL)gBGltx{z0J4B)1MQtVP z>_43{0K&$p4sB}CN0ZV!3IT*yK zm9tg(h{V1D5V`K#DKf8h-|Hlcjtcm}?LU3mTt101(;)JUT=MWgX%CB^?6j(yCjQ;| zt`hukMn^^-^+SJtOsVJ(ENwL&Gs)HfD+zQpTlgv33ayx9#9h4qwG!givS>khEigUc zdn^>0GpBy`3yI}ydACy^Ul0Y)%Q=Px+kMyxw`@i5fVWxMdu$4;=A2WQGnxur(ff=- z3=xqMEO~HfDWc@c*MY_T1vY~**Tt}GirX&K8cug!a#Xj)h5%or?56_6`ZlZ(1Q$~;4I+*lR4!pR_9fT2gU+}*U6%J2`E&Jfb?*L)vl(zDs+z8vdSkATRb~8~ChN-v z-f6EDqN)sXXH@W(<)5ULPrwySw!+(GhMJP4c#yW5gmG>bSF+yOCB3S&AOL|5-KsKs zB#4_0PQI`U8~RA(kTa&TbGEhJytGvEkl>UIYFAj(r?NlF?iRVv7d2x|8%|)k>y?$& z4rD}YXR|6AzD3m=KH4*sK;S{8jhMtFjES+oGpqf;w1Cg5o+^DM@l^V(|;uVr)^aO zc}90Dc8ItoiIL0!6q8Phc=Ez;#2Nn75{=(&rH?9@`k5;&9p>W!MJX7=;~Gfoa@D}W zcEgv0`D9ZV$Wl}1d=k;kCo>oLgfe6S_)8-QH6(|&Kofxv?ZP47WCi-3x$?fax<8nU zns6y#12}AP4(=rAHY-boHLp&(w|mgsW)8uA;rXw`2NR{n^1nXq_|uvwobT>NIi?^a zBWABNOGP6REV9;pYJx|av)O(TBZ60HS}QerWKh;iZhhb}K)S3E_Z3*ZMWkOL+9)bwauzQ{Y{`D*La{!M>r<|X;@23;| zm%mO>e06Koa-$`(6JWyGIBnJd^Ka$VGP7psM;3{QlZARbnM6tb)GXrP)s2EK`+v;{ zQ`z4s?9G&}iF3-*$PnrIPw)aJba+>L4og^wDAK7o0OfDv84GJ5OIG2;WA4rhk+F6W zU&{=u>GuRU&U)!rS2N|jXq_qqml!D2M$KzWSQL-%d!mk_OB^y9G+4||;MJRuP3S%w zs@|mC*P}O+OKUEDu^D6MDQL#t{TRt1SQ9AI*ZyJ-&q^{zWY$nFZ5D}v3~+nt>>B!K zyUzl>mmC}A^C&aicIT?F%ANC0C;dSXQ9T6^>AH_QB-sNG%`ClpPDDyAGz0_S^t<3- ziwXyUDpWp-k4S&aD~_Iy+OadV*i?Mg)Us4Ql}X=@1vy#|7f`5gqk?tx1{r9Js=5tA z;k90haoi8Fpa?T|v??z^oFhK)9}LL`ak+5V$9l)iC}8?3$YnRiMk(vd=G=zj*XM$iKJ?Jn5N>d_>~x$4hiQQI07u;rxz0yvyzUz&*I21 z5h((I4O7cQ@UB=-5ZNdaE3rX7S=$G!scBT13WKoci4>{D6v(5xn&&6QMXPv&?Z6`% zLQ;y?B>7#K?FPkWnsDw-JW(NmjF4uIY4*C`C?;ZdcW5-76$GxO=Z#KkF3}5^MYUXk zc=bBOGn(X8W0*tDNK3Vom^DZa%qjmocjM_twW>eDp4Lld{P|OiS1)Rx1;iGkOmbqL z!RTvW!XoY}o`P%jeor1oYC6tHX!ATqgWhCh%AAPAC{$T0RQOohs0DgZ9ULqpkW0Y~ zj^MfFW$~E4sR#s9;bmQhqy!i=rI^^`Dri+!^sp`4vvI^UdH6KeU$ky`EUxhnmBGw8 zI8NE8F%Gyv{7*;!N$KzY3ADtSUKw~TgbG3UyI}&CYFKP_nKcL3m!T41UmQF-far!XVcyg z>lj>O)ab=7%A)0kD`~9(axfmrPq6?v1s&v!Ccp(-Vbd5*({OcM_rkD$U z1h>KFDv;5lmIh~Z{$&5^EeAcHauP#{`7p5eIU>Lz_!<0dpCLMA&2sqATi(xr3TJ0j ztGc2Qos%^pK=-x-VZC>2xwH-vLR9Xb2v&g3wRh2rat_$h88^DmSZ z<}{nV^hcl(vMQ#`%(G$hrM)%JtroIqUTDYMeHKHtjB$1TUFOt%&GX5romv-!v{rh# zw(uxgLGJeY5}+(g*ey@F9U*`6E=NT!;!6OrR$81Dz8X7=RcEZXV#$ss)|YT9IXvra z=y8%P4EfWi*KEjJ*?^VZre@NG2JBA~Ek4)qs!_p?zKUA)4XgQ4ZA$raQ zfvIR2p$wvIsJ^I6pI#5To3_tP5Q>{L7l?6m`Ov;X;uIs(INt_oeb)Xs`uZ1+=oa;g zCrKS@#eCsZByJO#%#0Rw_WPo@BJX~S+oP0BU^f0-b%_{I3V~XEvN2UJ)CMYv9GSUptkVR&EsHSQA=l(8#`+i-scou!>F%@%qqIT)-ihebko;O2o*X-D@c} zYvhrN<&O z#>)$P3(iF9%h!dv&{kzRa4{hyi6IR?9ra-#uw4Q+UxR|XORmx-| zd^8DsvLT(wFh31+q?_1Xc@ar!s;*H+3Eh-$Kolx}A=_uKEm%=qd4ViVO&M<(K_I7D zNa*)ezDpK->o!@dTEM3K!6#WCSfkLpsiTwult5aXi9Xxz9k=9gE z6$uGjahP=&gMaO$=;6Hvx^J?(be*GbXwcbPnnWfG#39baC%-O9o(~$MEmPAe@CH+| zH)dK20=Bib?6tUtlaibuLsWCE-$fU2a=jwS=9i!UkRXvoQ%Q1_5M@#E5E2rYuU6(T z@xcmorTt_?eZY4+CQ4gVxmh`2(!X%g@@SnDMzKk zR6hvdp@FUikJ|hIBW2E$pfGU62&GFytLhQp>cO?A#F@?}sPc;P|mW zQ9Y+#l|nNxMXSzH8GPaiiHEGiY}r&3^waoi_d86>a|h}Ll=aMr+z0(zZWv_-qE>|G zpT(fU^};dT*m-SfMPb?k3GyJ_U2ZI87=MyZH|B(Smd>gG!U|iP>mqEc1mLN=Bj@$* zia6z#ygImumdT1F|E}fa9`rHG@zr*6ah$4)+eIhkYW>M9W-W<>!@Q;@^g;sQZp4Zt zd;vBaH0bSTN8_X+aEd&RK=fEoD7lC{O)`lujm2W((6*$C*fW$^o4=j(<~c4Xqf8$aAyC8jPY@E(fww{`K_1DCAh$K`E*-Ir*A~zY89|0$pmRkd7Cjo zOu!JXO1=SUh5AR%GGvO<^YhTJUIhc1-c*#QTSrIEaW~F=ZZ~qRW^TLoZsLV$LsDf0$$t8e$pUb#7@n| zOnA!~4W%_ayjN@HBR&Fwm!ln0bEOUkSfR1*Zt})DG&;#m8kv);*)7@?sSgUDwUVsP(+a(q(@*jPlBpkN-;FlX ztFrt^-dkjMW=)cp{61IY)RGuaM5t86TNdg2&I^$w?Ecv;L$9m1IrtSwIAl7nRx35G zYMUW2@F`F&zZ=_)s7`;?C)-GZ(jeJDj5I!uQ}7%4<65*YegrX~?<7zL!gn9x!NU-V z{B0Vzr54bg7gK-@a356kxk}#J_Gib%1Ss;m1S%k9IkUpD1kH6r7gwM@1}^t88!6pF?_Z`JaR1M^)| z#hKP11$4BbH*Ut!tc8D)hX+Eyd2jA)X!duBt@3Da5j_}j?*`C}oYyc@(rL~;Y%gF+ zlG@u6m}|W^OI={4;)`5^vEw_qWXz>zaeev`*bhcL7JSlhRH}<6?jpcl_T^o2lJ?_4y>XvQGGQ!#HcV*?UEX;v>LqOlCj)hn-;lM zkh@%;-@Y*?&dpw=IyiSf1~Chpo~??f{Tn#MaF2TpcG96TN)Z;SeWm))q=`Mg2;|!_a;NJ7Evex`dk-);f5=B zm}@&})R+P(Aa6#^(@U|{*3C*g#j8-656^24MHIrep%}icJac7<>5$NOeWh)rAm+>y z$vhkUXtDWJVF zqNK4Cq&fwL*Zwc`nHZ`9`q$(MJ4yWU{AcNaKFh%Q1rxLlm&%~B2UQtn*&X=n%3tV* z_*M83(02~3*lSE3fKY|2CXkC_>b!-T#CT%S!Ia4F{qtmIZM4}e`z+U_y}^BHYr?1^ z*C>#=HjPvj9j@kCs4f{=SGNmOF$c<{$)RIUFA$)J>4;1yH{=A$cx1y)U~6L9=1Y$~b9SO}0*@;X@P;H}BVbi8+W`dH!6P48@4;RG)x@0y^fD;4aj7u6 zUlHbfLVJ}rtM}(UuSe-7fH)z;S3QQPczJSLibDTSe8Hkx37@v87y=54Eb8RWR@ z;$~0VoGrvsloni>2-z|@EhQB!@$$FZy-qX6F;*r!dqiO?*DK>nuHDEjM`FY0Ejp6#b7VF9@43^j8`9e`zR8bQWU`oRmr(6$LTA%#4CXq#!1F+O& z62)x!XGh*aXy9x^B|u1^aaH5dCY3qjTDU-{t4V!PqCx1ZNn=rGKqw&875orNvh9TD zYvJZ?1^@@kQ5}K`Cl=pA_eLPCp0a1j`Jo5QM@dO#ldXz-NMIm@lj>1Ekq3_Wt>vvI8vdgUL*JvKcwlKh+jAkncyIa8mWi>pMbBL| z_1rDz&vLED283SSB|m0n_>oo-pG8)p@%W^j;}}}R31bn{c)M8L3y9Yecl1q{I>pOm z^Fri4C#hL7%P#jgL3n6l1cBHx86kfb9DMM5#3c=#&x!1Tg?vJelZBzI^iGK5J4B%| zz0H-BqGNIaN-`NzBP3ar4uYR?%wE5h!g^C4z@~Nm^TmP;h^;6!uEuZYN_@%PJ15y01kx_rj%ovK8`m@70>c)mm(?v0&4%giLvZcGvfy3(E zK0T%L6d6uwGR`AnF|o18$UYqaj#NfN&@5*1fVXWvl<}S_n3q?S*>_|_gD^B5gJ0BH z6(#a}M^zOdN0;EloEUCKsN%z<%#u}K4I_`dT~O++8CUF9+{_f>Ep1+Fd%uaT-uy0Te%V#ASDm218COn1xja~m^GZ=` z^BHTD);@8w#(gm=C8h(Az)r@Sr8{VNX~+D*bZHSzsfoiFK|Hbh%z7gqC&Gzhf}?%S zTTqz(@@(ZETPTnUKRlXoX|C96+W{(;m-dbmi04%ZQc9YKOECDjFor@AoV_2jpI1Q_;Ri%Zo8(wIg{#dDeUJl;UjD8xZkDtnrIam^dKB0WSm%KN!YJYo~R^>c? zgCr-Md2*tP7K8%X53g&M6~d&aNSJa^Xy$APikL;xWXXYod&M&9KHWeciUJO?$eJm# z5=ixzEObsI(Bb}4JXB?QK`EJC$DMpN*Zl(inBIv}cug%g`9w41l-Alt)az&C3+-V_c-lH%eYJy991%jitF1KF;NkSt_m(~d;iRG!WG+>l<{0| zm%q|UNlZGgI^SP$KDG_8I{tB(uDPssT-V$P9mubrcc?opbyvjPRNef|2quynT%gh{ zvqC;?5SLOidKq1DluEEZuu-u>a4%YW$`6aD5TsA-#OQ(7#Yac$lzo-4d)G|@Ufs({jf zZ3Ji**31ZAUc18E;t3D#63f^iU!^X(c)IA=Z~K?!p>S|L*IWGFr6oW*bS(v*B9u&Q z%i9ZC8VXZi!X#g!!2tzHa}`c=ilH`ZyhZnYkN_g_R=*6}l{VU<-kmd6k8gJarsyfK z;X8waVCJ2LwUeZtDx^(v@+i>ht`UxyKF^**ac;IYVEI)(T#}n(C+m5~D)?^1IuoWV zGyCIm8}sx2@_O455YRGmV6*eJ^84j>J2EhE1N&q3bEgv$0uFBD<9e48@vz|Xc)Mex z7N>pg^YyVy&E|!sI<~jx^5Y^9LQyHE#(k_`DFS~kTKn&Frfd?1zA+k%)0SbB&oEkO+fdxDx#BT%@z&;* zuf?38vb4>cU3lRTv!(^uW`sHmvmoWLJQzU(U6%XW9-OmU5K}csq2S_VlNfx~j|nrY zYdWxoLOvho#Ic(3PnM%0CA@eD7fggpKRo<1uv*R#JHat{eYF#e4UE0|k5N^PDw^r; zl0<#;pERNF94_X+0V$1qPUqZoO~NtYp{dOfsj=v(9I{vG`~DmP%#`zFLux8S$DN@x zVxrbnH+i`*E0qs_oG?)SoG&tQU@~2a8)cCyR%3<&L)Nhw5X~pkj-u0ha5`2KZcg=S445&! zW=R5Lcq9bTv8SaYADSPq^LXh^a?=1O7fA6?oSu9%8Fj^VL$xHci7n-c9h0f+jZTRh4$pUA;s{!4bquD^Sf^=uRhl%j7NfUm1y zg*NMd4gRE+4T0R5EGS^AF|yzm=xc)psSR|{7ZZNb4qZ9*eG-kpoM2=5*piN>{BY?o zoa_ScbgVzc9G%6?m?!;I^IC70L0EIZm`3#Zt~pDY9!t!YgdlDEQ1n`@7G@iK!k9M| zQC~hXR43g;Dmq>hDtJ<3Z1ST~CUnAw1Zpr$*tK)aT+*M({0Jy*YljwHjpj9seT(RFHNc~6NDcO$Zx zOGi`9}YO7jF-y{i>0(CjF5CcuMvMOq^tSBYWFmyBZuwZ%DotM>wpaRx%5d>p%og=_3Bl!o$S>^U22>}ta)?1{C9WVYGq$t|7s>Z5LF6!CN zHku%MPiMp)87(D0Uga+p+6@W`ShS^_<<2Oz&ux&_;U>NVk%}T{U!!~#mM{~*x<#$e zUq&{}2^L3paoUtmI0cVYNlT)pFzv^3j4_|#Xl+AeF)1EW$P&MAUS8l~QsKpkp?z0y-0(*zPqG~rJ|&)6@{zVFUFSvC;5-uSK72FdDxY~?h=|^c^%p2DwFns+e3XL+ z+R3v>RyQ|L$vh&RVKWGY5(v)?Rs=1k+luV^>Se_WSgf`hkxh&E6KAtlXm+hHbcMy6 zGm3~Ehd$(MT;WQB#!5ONn`lOmELfI4M-d3_j>iMrfBiuQ5WM#~v$Y!CR~o(N8{ij+ zF6poPIE)`sysLK8a_J=n)jW%AVm|gGag|uB{%yc-GKVZSo(x&m$so*L^ZTF5FnhLx z_V|a?{DhfApemc=YG%P$_|$!M{N0{Alah$`EF?B8)IYT<0tu_?KqGx zz~w;4*WRC5t+JDW%+cY0%l0`1>p^=fa7_r*z1Hu;T3glV;!{!A9Cb;;@nG5d++eSo zL}fUc+y@}MVIkz<$suh@@jxq!(st$%j@ z4*RfbToRVCl@h3haA7{^^KXZ2qp15yj?9(Wl@J zl@u3~ytvL`j9zV}(&=@XwsVVG0izpar!G)F79f!)_0t$ZSX*E;E_{!))jE>UH7keW7YBEw~%lmA9yRbw%T$wGpZ60+Uwl(7UFKrhX*Ww z_sk$Sj*wNk6B+C1jKvi+-CmpAzKW&^YsLDyU(Tdw_G*Kne1dr3eTlaneUf=lEqs6B zTZJ*V=7G-t*lU9qw(G*3h8C!KJ65GyawFMS5v-&&H3?O#nmf|3K=nfP{<=K8I~du? z4-nb$cHrdpX5{vEwDbG~`F>fz54V$U?Bn+WY>&e|Hllf@`%+I`pJF{#szP-Hn?}Tf zMNP;IO{D*;g+i=}n3nO;$}YVwIGZY*?m$pl9jz1xw!eI@IE_S*4zFL)B0nCVXN#mK z`Ut~J?|Zyg*DWf?4BL?WpO`?z+B-~dO0`_{l4ma?2Dly72Pv0T%B&bEtr@brS!UYKBdUwDYX zv6_aN@{#oS?h%lICsH@eDJ2j2f$h_0Zmj;%Q3X6y{u+$|p{N;@3oDgYb~_cbZQ&;U z{^}S$CbKMzJQ0oeH09L{c$XXQ&0z z7^=hnbJq=vo&!`2F-?z8-OnVt5Wq^Urp0Bv>)+B<;`{%(KTMZdguLnF-xzVVUBGxX zj5F6GlOglpnb|;;qLuO9C*)k$WjEpsO-g)gl!pdu2SQA+6-T@6*qd^#JX6P3&;9A- zYhZY0Rp zomx1AxWPk2Sx%hU_=DN`)*EpaR{#-v$pE8cU`s?w2MA}^?jYIO!PwZ?mqj}q4j61L z9ckm78(ymFylr5H=S}0UQ`?10hDfh#Um+NrSvX8m4E6`6JSzzEFDTx6J&JPz9`Nyq zDmKn;<6cWF?l=BI4|sw>0qmyzJ_!YGp6~ne2AA2i8@R`?K z7R3M2g-p-RVRK!>AASV+-|X+nJ1-rf37xmuf{NC8w6ig?&5W;&Qc54@D4#5!O&EOH zU#vh4Eim_G9u`Q=SrG{|B5an;eSDcf^btuW(hZd3W92^pkcx8hL7Ue{D=K_*{nfY} zus{eoj%wt=7`xp1Cf=KUNL0MAa!BozMdVkVYo~@nZj6@=U^mvakc}V&K2hm94P|iU z@*e<5!WA5(a9Yb(^m@#uH{tmN!u5ThQS`lsM$; z^YK=pF_~h%jR@9PA!6CuG1Tt*FbxoNCZ4)yTGaOAFq+a})B!WIrbELEBs-4fAqvRE zMngdL5Q7K>Uk5U)l$|u8ph3TVd#*3|MY0^M-s^4NmJW6st|%c6FzRyKt{nmbAU6`0 z;@HL@0xp0fA`bKXp`9-DD(0 zO0zW*oM!4(^sL=PB2v|OSTVi9h~y#jQgQzd3)!vxqq(~jYRO}9CR~z9zV9o?Pb8e5 z`|I9MJI?RtoC4At9QPm370>T$WJ4!&g*V04rOOoMfZEM}{!@vxvq5B|5L^RcM1+ro z0bA8!vQNC1?-&JMN=gZB_L0wdQO7UES9wHc9Be8O`G3wQexwWOVtRNR^FdFL0tPw5 zT-^`1LoDTDx~~so0$S3cw*Pki&FI1TU8?BecpWKx`q~>Hti541c7Ji!q+dSV`u(`< zbO`}otGrUAtDZYCkHBckd(J|2Z>nKjS?)IH)y6suE&npT5b2_I52iKfeDond))3`2 zj?4eQ@T6PLM1ClMwcwD16uR11islCZe6vEtBPDT2W>yT}AzS_Fs|<0O_pobm!lNt6 zyIqopTN{yCu4LbhFCi78bd%Z3iPPTrVVAc*(g>z*O!LK;2QZs^X#99Ry87BCCO zs++lN&1s>1qv2(2=M~#qv~<$v*4tCMh{Pxv8Hlu6NvZ<{4M5r09E&h*xE-g+8VwTl zIe;tBaB%6dvoUP%fGcovclX0?s3o`A(=K27YjWwk;Sl;V)+v0}1^kCW4*Ir)=PJjx z>C>U!=ha$%Peh9K!+qui(}oVlqO@JxQG%i8F4~zMQEHsd|0hu@58mym))vH-4s~(Z{QS0)JKU<1s#XDF3*pnyyL-tx$O<;7Rww4 zilKI~jlpVg4F!QMP?!eeYiQ|8Hx_UiAAAT6{!UVG+F3AIJ_!Uc#J#Wc{hSZPTvjic zvBjQh-%R~qdJTRZK`T&OtO#8j!B|}31Rd&J_%YEq6koKh@W?-SunYb8VI5X6b;61k zXUbSEu40ieV&KxftxsB$KJ&vG851<(LCnd-Fjg`+SE+}BQZbBFRz55g&LDOz_dkE5 z#rOUxP68s0^2;v?dS{yMX0!1L6{D^wGoGfE^m-n)`3nrGO7YMBBFI(aJ*$J#SoMg5PA^)Hp~JE-lZz{0;ttGJxv?flvy~oD2AV?1?jy{Dx^ccOYu!m%&GYwAML2uwI}k_bMn{$GaDA6q&5FFu%1=BxyK1@2lw z$CdDF^Ut9uPoAvEJ0u`yJu$Fe%p(%C_aWL3nX0U?Ja+++SvU7C4+nnR(`DeHwCFZp zjx+zg0?Pl!DCfNRWv_m?J{XIREZAbB*wI}Ad=_+Ek;w#Hx(nQ*`9NID8`)4dPCo6F zy9i1rlZ$SAf+>mTF|QpQ2-p85Cmcp6u(!|8m1;cb)8Q4;cWr((x;5ei;7FAX7ad+dCgC#B?I>CAhKc)?sxu-nz#1%BPT z|K=9q^y=$HZUz$Q+`L|=UMtGm_ovOC$Z;^a5B2g=@;}|k#(Io$mbOaUd)PfJ3)CY_ zRkEAKM|c96oJ~TXxYsfCd6)z&ZI&Ec)z=ej+-Ipa)3K|A!Je5V;h+?_ZWQ`3gFge| zQ733-3(HiOi|ASFFm^q3Nt&d^8H|ou+YcjzfaeQV*Y?T?s8|N|;EqOL@2(|Dx+>9mh)W-Fg=BRb0X7PDK!vx4of& zwLXaffxD0!Tj};~{p_CQ3}dZY85nxOgrWlM}*nhE`gkFh3wL5qUgV#h9c&F*W-44_~~jWxMKrani68rX()&O~2# zF?|Q-J^G7I*mX*_6_;Sf{|B8|Oa{l=|4-@(xpCZ`aui-5mioW`se z=H0<i+d zz#7(b?{auXOykpYoU+*xX_e3LLGRW>C)Js=w0#1U=5-b-iYYwUh&9ir(q#yS3Suri zqfU-(azaM6!k*V)2x8b2@Aj^<|=MtZ1Hm z3Bym<53)~CExeBNO#eS#IR~7=t>r|$v@$FF9Y_{VVKDvxiUk2UO zI+zb!HWUXM#U(rjf?>lT(Gha&)MuZLm_UROl_gx7(mq>*E7}1UB1!d|rrM2*SY*r7N(02~W&AH)+2vpM-hf%#M7h;1=K=hkG0vVPBcf@K!=G{cv}{%? zKzf7(4Im8tGZB`1N$$j7N5ngn!Tn|yikS}l_imiHM#8PnoOi=hoY9~b)$(0W42HV% z@RI2SCZv=`kh+wQd>6MoBA&CPvehlA$<$=&@7LlFKy4`#W`0eKshoi{2n@qn^2=Vbf(EIq6Qtt?NDXb0brT8%PN!4Pao8B9E=LV__el54>M+eDtorlc z=jx9OkGa;w=J#r4t)`pv1CI-jkz#x?}`m_eyyMr8Ta5Cas0Sjn@q&jX-Vk zrtk)NNXFM35}hC-n2bBpN@R=uR91`EAr-wF4JI&0A13{N{iX?HR-Gux@C!dv_&p=+&x+CW@P*|_z@VEcBOr$#gerTaouxI?{ z{d~4=w#EN$V~Pd;Nf>G&+cO>OkQTKvjJp2Db^#kQtBQuA`g0;OVt0ibWB;=0ffI8V%LR z51(cb$C4(Wd2x#35o{(OdbMY5WaPMHh50IxquOOyHABGoU-lu;@?Z8*NaJD#1*{Hz zM^oZUu3TK*-1a>=TPbYB|K|RYK``g2SCmdDf0}85&dochWidO#!Q(#|Z5f*9 z5Rn2RTPHUKUjat3>CAp}OGFIW!;SVBPGTq~Z4{W0JQ$)?+znykDvh+>8K9UYZ&%qc z4jF$>Nig?Tv9|W3Y(6(eC)lU@puGpivq~6rkgR$&MU&7v|DO|dEeei0rRoU~0;fk) zPMA|tGXAfCt&s>&n}32fQ7=rAZ_$as1UGw$1!$JQ8_wy6Qu1djnI|)*{D5`-+7~LQf?&rE(TcR14_&U)slAZw0yTd{ZPcY9t}DZ{7Fra z8Zl;9m%8~D^=j$~nJKu!j0#!TQ%#u8C7mxnyW2r;sfSb6a6Qjo1~)xZVT zd2iKn|EsLK3~Pd2;{XoA6lDk#X^>Pv=?0}k5C-B)DKSczzwy|dampK`h5F6|NH->Mr{&>%*;cCl@a5jgab4vC>Op+ zuH-ywkiZ4XXx$BAF(0KkGcRXL*fKA_EVF}nF%3`_#z;bu1F`}^zZhh4n-`fi-s9>g zyq`G)L{YpSr?z$81IzDfSC5)qQcUVK)R3%A*o-eT#luk}b=uQ+3&Pox1Z;i3|FuT* zzg*@Mu{)wTl};$IXLz8&rw^GRP4do$zvi&d1o)G!>%yp4se5b)KFgg^4W=$E>gxmhm%bK=_Zpj4 zYNr4@?yjgQq^Oxu^`)9E*Ah|#XpIM^he}B90}XY|KaDozho;!1 zp?KnGsCt`9>6&hTe}<`NI9Hlw8ib;kXIC$C(6#Zf-q8bg$z*w{V$Ke*R3Q;jSFf(G zRzt};%qXy8$MiCnPrsXFg+kCoCpZQvY#PPUqL9Ui3(Q<^wmnS`FtEy6zJB&f@~+z& z5^Ip384T(g=4{sI|4=R4Da%yK9JaZ_A9q98Ri0>4zI+x$ld^mp_F!x?Q-O|8&cv?6 z-GUK327ZbyORX~Kt+m~J+syyjTX$RxBCj0Ve7d}*2prWxwj4%jyn!lP0Dq^_Bm3KD zwlj#4^iAkvVkAA81}=(S9X7Rf=6Q{hdT__RmrG2=Lw`1W@VKr;a}3ramY^SCDy zXz7iB57Z^jvtH6pxm3vC_aYdoV^Y!A&<4?%Y$0Qx+~|lq36Pi#Mm8uY0XH(+Bzd8B6yt%5^b{A9?7P8te&=l}V7eqw=!~`qYy6qOVz2 z@cffPg2^+VfwUZ*{c zWINdH!zurmtR@8hY{%SP)3}hMbSSO6u&vy#xt2M2DHP;{dL1AXESIhD-y}u)_%D*8 zjr_*Ap~~`&0GqQyyK92zKLb5Sdivj@Zbxh3W* zhvdZ0%K=x9FAYPhsn;%ah$aP7lrMZjE2@1hfOaSgH4#Y}&MmSRtsmEUyoDNedL=a0 zaX=FfGEVq4Xua8vph)9v9b0%*RyB$5xT+VKh-vUo&d9W>Q*a#4CR{(a&qJN*`A_JDPc$BYDK&N^&C6 z=o*c!Up77A{91o&C_gy+YJONrwA`9q>+0#BnzdxkoXRiHKLe`%odG7}QycIE=;i9R z%||;jymuGqvCbMaYiOjGgpbgUgIiY8ivb^(9OZWm3Su7^!X825 z2a#-}bJrbVQMaY&3X|8=W6^@zEKW5~pI%u;7rcmDOa)mWdLx=5Gd|E5q*2s}!PkX; z)RUR%6T7u5!)YYogO7>D(9}un=*3~hJ=81yi(LNds^r}AgP)Zq6+UwUqs$w9EUOMA z5RaVsy1a_uG>YwT8S z!lO*`x!3g2h)(x$_ z^~7fnbm(yOV?$%BFK?x|x^h%PgVgiQq$O7M z4VFN{na8gT#tP>7Inv60HaZ!a7TdQ&f-}r}NPpZXKbG+J!eXfCW|>ydq@lZ45?l=3 zj`?IhdA!>QhnKnfV>Hph4^wzTsmcd|O}x@fbaj47daACI#X3tvVVKtM25-faXmVQ7?3Vc);j`Nw|mV|H`> zG7Z`GNfN)7Y!+8br|*YD=oxCI1!7EG!5Lh58Fa8*y5LHtvC~Za*=kDHLYyKPN2d!N zGBI#Z`cPk4W}50x-qj&zBIEtMTs&gZ-?gXMY(Nfn*m$j#jaid&dHt=(qyqhhDLF1s z-jPA2kurBWWMEST>d9IAu3sn^{_l}bC2`V7GuhoZt4py#fcIlxN2fVB36IBcgL?A2 zB6*5GoA_RFW+nE~5wmKuU;JZZW2G+;ry~oq7n?Xj^U?CV%9!S()$MIU47=~%9`PL5 zW~-e(x+#X8_r%t_IJ(2KyLJF_WAXHT5kB2}R#buAuR4S9H-sZH)_tw|BGi*##+8zB zYu%{TIsDF<;Z+P0%cyLc6^%OhERr%Ot9m7kgVM(ad2%uKqrJyDw=r0Z>#+(`+B!I^ z?_9PA!-0V0&}O!8e(M5u7<~QI6~Fv&>!RTVk#HnDPjNnbUiIu&@kPx=qValB88jxp zhbu^c#EtMn&B7i*&FlUea{!AkTy+(~6K5CA2LPWSz*2~sy`J9E3=b_U`D}0}Is4D~ oz>6knOgt#I3+LOvu{j~%Xn#;Ef5A&aa&hrSMwf-;{3^-60BmvZ-T(jq From 4e20bdd8db84e4e8be20a8f686d8cdaa0730ceb5 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 14:11:51 +1000 Subject: [PATCH 049/148] Add endpointslices --- charts/dns/templates/externaldns.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/dns/templates/externaldns.yaml b/charts/dns/templates/externaldns.yaml index 0b0085d..a3291b0 100644 --- a/charts/dns/templates/externaldns.yaml +++ b/charts/dns/templates/externaldns.yaml @@ -14,6 +14,9 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["list","watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding From 8e62b66b974244c6a0856357ea41f04e71bd98a4 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 16:28:34 +1000 Subject: [PATCH 050/148] Just ignore commits please --- Chart.yaml | 11 -- charts/dns/Chart.yaml | 5 - charts/dns/values.yaml | 2 - charts/nextcloud/Chart.yaml | 5 - charts/nextcloud/values.yaml | 0 charts/subcharts/Chart.lock | 9 -- charts/subcharts/Chart.yaml | 7 -- charts/subcharts/templates/cert-manager.yaml | 40 ------- charts/subcharts/values.yaml | 9 -- templates/ai-openweb.yaml | 76 ++++++++++++ templates/auth-authentik.yaml | 54 +++++++++ .../dns-bind.yaml | 7 +- .../dns-externaldns.yaml | 13 +-- templates/dns-namespace.yaml | 5 + .../files-nextcloud.yaml | 19 +-- templates/files-syncthing.yaml | 109 ++++++++++++++++++ templates/monitoring-grafana.yaml | 37 ++++++ templates/monitoring-loki.yaml | 33 ++++++ templates/monitoring-prometheus.yaml | 40 +++++++ templates/monitoring-provider.yaml | 22 ++++ templates/operators-mariadb.yaml | 60 ++++++++++ templates/operators-replicator.yaml | 98 ++++++++++++++++ templates/remote-access-rustdesk.yaml | 77 +++++++++++++ templates/ssl-certmanager.yaml | 72 ++++++++++++ templates/synctools-vaultwarden.yaml | 79 +++++++++++++ 25 files changed, 781 insertions(+), 108 deletions(-) delete mode 100644 charts/dns/Chart.yaml delete mode 100644 charts/dns/values.yaml delete mode 100644 charts/nextcloud/Chart.yaml delete mode 100644 charts/nextcloud/values.yaml delete mode 100644 charts/subcharts/Chart.lock delete mode 100644 charts/subcharts/Chart.yaml delete mode 100644 charts/subcharts/templates/cert-manager.yaml delete mode 100644 charts/subcharts/values.yaml create mode 100644 templates/ai-openweb.yaml create mode 100644 templates/auth-authentik.yaml rename charts/dns/templates/bind-master.yaml => templates/dns-bind.yaml (96%) rename charts/dns/templates/externaldns.yaml => templates/dns-externaldns.yaml (85%) create mode 100644 templates/dns-namespace.yaml rename charts/nextcloud/templates/nextcloud.yaml => templates/files-nextcloud.yaml (90%) create mode 100644 templates/files-syncthing.yaml create mode 100644 templates/monitoring-grafana.yaml create mode 100644 templates/monitoring-loki.yaml create mode 100644 templates/monitoring-prometheus.yaml create mode 100644 templates/monitoring-provider.yaml create mode 100644 templates/operators-mariadb.yaml create mode 100644 templates/operators-replicator.yaml create mode 100644 templates/remote-access-rustdesk.yaml create mode 100644 templates/ssl-certmanager.yaml create mode 100644 templates/synctools-vaultwarden.yaml diff --git a/Chart.yaml b/Chart.yaml index 7991e33..758bc24 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,14 +4,3 @@ description: A Helm chart for deploying the home-server application type: application version: 0.1.0 appVersion: "1.0.0" - -dependencies: - - name: subcharts - version: 0.1.0 - repository: "file://charts/subcharts" - - name: dns - version: 0.1.0 - repository: "file://charts/dns" - - name: nextcloud - version: 0.1.0 - repository: "file://charts/nextcloud" diff --git a/charts/dns/Chart.yaml b/charts/dns/Chart.yaml deleted file mode 100644 index 79489eb..0000000 --- a/charts/dns/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -name: home-server-dns -description: Deploys the DNS setup -type: application -version: 0.1.0 diff --git a/charts/dns/values.yaml b/charts/dns/values.yaml deleted file mode 100644 index d36eb41..0000000 --- a/charts/dns/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -domain: "auth.dev.hxme.net" -certSecretName: "wildcard-hxme-net" diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml deleted file mode 100644 index e08ae17..0000000 --- a/charts/nextcloud/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -name: home-server-nextcloud -description: Deploys the Nextcloud setup -type: application -version: 0.1.0 diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/charts/subcharts/Chart.lock b/charts/subcharts/Chart.lock deleted file mode 100644 index e6f2224..0000000 --- a/charts/subcharts/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb-operator-crds - repository: https://helm.mariadb.com/mariadb-operator - version: 0.38.1 -- name: mariadb-operator - repository: https://helm.mariadb.com/mariadb-operator - version: 0.38.1 -digest: sha256:488ca12800fb05f4a89dd178558f544c44f0d7af11bb07010031e45e38df3a28 -generated: "2025-07-05T14:11:03.425098652Z" diff --git a/charts/subcharts/Chart.yaml b/charts/subcharts/Chart.yaml deleted file mode 100644 index 5bd7f27..0000000 --- a/charts/subcharts/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: home-server-subcharts -version: 0.1.0 -dependencies: - - name: cert-manager - version: v1.18.2 - repository: https://charts.jetstack.io diff --git a/charts/subcharts/templates/cert-manager.yaml b/charts/subcharts/templates/cert-manager.yaml deleted file mode 100644 index ebe0c26..0000000 --- a/charts/subcharts/templates/cert-manager.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: {{ .Values.global.issuerName }} -spec: - acme: - email: {{ .Values.global.email | quote }} - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: {{ .Values.global.issuerName }} - solvers: - - dns01: - rfc2136: - nameserver: {{ .Values.global.rfc2136.nameserver | quote }} - tsigKeyName: {{ .Values.global.rfc2136.tsigKeyName | quote }} - tsigAlgorithm: {{ .Values.global.rfc2136.tsigAlgorithm | quote }} - tsigSecretSecretRef: - name: {{ .Values.global.rfc2136.tsigSecretName | quote }} - key: {{ .Values.global.rfc2136.tsigSecretKey | quote }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Values.global.ssl_secret_name }} - namespace: {{ .Values.global.namespace }} -spec: - secretName: {{ .Values.global.ssl_secret_name }} - secretTemplate: - annotations: - replicator.v1.mittwald.de/replication-allowed: "true" - replicator.v1.mittwald.de/replicate-to: "{{ .Values.global.replicatorNamespaces }}" - issuerRef: - name: {{ .Values.global.issuerName }} - kind: ClusterIssuer - commonName: {{ .Values.global.domain | quote }} - dnsNames: - - {{ .Values.global.domain | quote }} - - "*.{{ .Values.global.domain }}" - diff --git a/charts/subcharts/values.yaml b/charts/subcharts/values.yaml deleted file mode 100644 index b7386ca..0000000 --- a/charts/subcharts/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -mariadbNamespace: mariadb-system-dev - -mariadb-operator: - fullnameOverride: mariadb-operator - namespaceOverride: mariadb-system - metrics: - enabled: true - -mariadb-operator-crds: {} diff --git a/templates/ai-openweb.yaml b/templates/ai-openweb.yaml new file mode 100644 index 0000000..e2c52ea --- /dev/null +++ b/templates/ai-openweb.yaml @@ -0,0 +1,76 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ai +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: openwebui + namespace: ai +spec: + replicas: 1 + selector: + matchLabels: + app: openwebui + template: + metadata: + labels: + app: openwebui + spec: + containers: + - name: openwebui + image: ghcr.io/open-webui/open-webui:latest + ports: + - containerPort: 8080 + env: + - name: OLLAMA_BASE_URL + value: http://ollama:11434 + volumeMounts: + - name: ai-storage + mountPath: /app/backend/data + volumes: + - name: ai-storage + hostPath: + path: /dpool/files/ai/ + type: Directory +--- +apiVersion: v1 +kind: Service +metadata: + name: openwebui + namespace: ai +spec: + selector: + app: openwebui + ports: + - protocol: TCP + port: 80 + targetPort: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: openwebui + namespace: ai + annotations: + kubernetes.io/ingress.class: "traefik" + external-dns.alpha.kubernetes.io/hostname: nc.hxme.net +spec: + rules: + - host: ai.hxme.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: openwebui + port: + number: 80 + tls: + - hosts: + - ai.hxme.net + secretName: openwebui-tls + diff --git a/templates/auth-authentik.yaml b/templates/auth-authentik.yaml new file mode 100644 index 0000000..ced40ed --- /dev/null +++ b/templates/auth-authentik.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: authentik +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: authentik + namespace: flux-system +spec: + url: https://charts.goauthentik.io/ + interval: 1h +--- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: authentik + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: authentik + namespace: authentik +spec: + interval: 30m + chart: + spec: + chart: authentik + version: 2024.4.2 + sourceRef: + kind: HelmRepository + name: authentik + namespace: flux-system + install: + createNamespace: true + upgrade: + disableWait: false + timeout: 10m + valuesFrom: + - kind: Secret + name: authentik-values + values: + ingress: + annotations: + external-dns.alpha.kubernetes.io/hostname: auth.hxme.net + tls: + - secretName: wildcard-hxme-net + hosts: + - auth.hxme.net diff --git a/charts/dns/templates/bind-master.yaml b/templates/dns-bind.yaml similarity index 96% rename from charts/dns/templates/bind-master.yaml rename to templates/dns-bind.yaml index 3facb5b..23eab06 100644 --- a/charts/dns/templates/bind-master.yaml +++ b/templates/dns-bind.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: bind-master-config - namespace: {{ .Release.Namespace }} + namespace: dns data: named.conf: | include "/etc/bind/externaldns-key.conf"; @@ -52,7 +52,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: bind-master - namespace: {{ .Release.Namespace }} + namespace: dns spec: selector: matchLabels: @@ -122,9 +122,8 @@ apiVersion: v1 kind: Service metadata: name: bind-master - namespace: {{ .Release.Namespace }} + namespace: dns spec: - type: ClusterIP selector: app: bind-master ports: diff --git a/charts/dns/templates/externaldns.yaml b/templates/dns-externaldns.yaml similarity index 85% rename from charts/dns/templates/externaldns.yaml rename to templates/dns-externaldns.yaml index a3291b0..ed64c21 100644 --- a/charts/dns/templates/externaldns.yaml +++ b/templates/dns-externaldns.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: external-dns - namespace: {{ .Release.Namespace }} rules: - apiGroups: [""] resources: ["services","endpoints","pods"] @@ -14,15 +13,12 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["list","watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "watch", "list"] + # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: external-dns-viewer - namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -30,19 +26,19 @@ roleRef: subjects: - kind: ServiceAccount name: external-dns - namespace: {{ .Release.Namespace }} + namespace: dns --- apiVersion: v1 kind: ServiceAccount metadata: name: external-dns - namespace: {{ .Release.Namespace }} + namespace: dns --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns - namespace: {{ .Release.Namespace }} + namespace: dns spec: replicas: 1 selector: @@ -77,4 +73,3 @@ spec: name: dns-secrets key: externaldns-secret - diff --git a/templates/dns-namespace.yaml b/templates/dns-namespace.yaml new file mode 100644 index 0000000..52c7228 --- /dev/null +++ b/templates/dns-namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: dns diff --git a/charts/nextcloud/templates/nextcloud.yaml b/templates/files-nextcloud.yaml similarity index 90% rename from charts/nextcloud/templates/nextcloud.yaml rename to templates/files-nextcloud.yaml index a6ae33e..2ef2de0 100644 --- a/charts/nextcloud/templates/nextcloud.yaml +++ b/templates/files-nextcloud.yaml @@ -1,9 +1,13 @@ --- apiVersion: v1 +kind: Namespace +metadata: + name: nextcloud +--- +apiVersion: v1 kind: PersistentVolume metadata: name: nextcloud-pv - namespace: {{ .Release.Namespace }} spec: capacity: storage: 10Gi @@ -18,7 +22,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-pvc - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: accessModes: - ReadWriteOnce @@ -32,7 +36,7 @@ apiVersion: v1 kind: Service metadata: name: nextcloud - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: ports: - port: 80 @@ -43,7 +47,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: securityContext: runAsUser: 1000 @@ -90,7 +94,7 @@ apiVersion: k8s.mariadb.com/v1alpha1 kind: MariaDB metadata: name: nextcloud-db - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: rootPasswordSecretKeyRef: name: nextcloud-secrets @@ -108,7 +112,7 @@ apiVersion: v1 kind: Secret metadata: name: wildcard-hxme-net - namespace: {{ .Release.Namespace }} + namespace: nextcloud annotations: replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net --- @@ -116,7 +120,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nextcloud - namespace: {{ .Release.Namespace }} + namespace: nextcloud annotations: external-dns.alpha.kubernetes.io/hostname: nc.hxme.net spec: @@ -135,3 +139,4 @@ spec: name: nextcloud port: number: 80 + diff --git a/templates/files-syncthing.yaml b/templates/files-syncthing.yaml new file mode 100644 index 0000000..a7279b2 --- /dev/null +++ b/templates/files-syncthing.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: syncthing +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: syncthing-data + namespace: syncthing +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: syncthing-share-pv +spec: + capacity: + storage: 1000Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /dpool/files +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: syncthing-share + namespace: syncthing +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1000Gi + volumeName: syncthing-share-pv +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: syncthing + namespace: syncthing +spec: + replicas: 1 + selector: + matchLabels: + app: syncthing + template: + metadata: + labels: + app: syncthing + spec: + containers: + - name: syncthing + image: syncthing/syncthing:latest + ports: + - containerPort: 8384 + - containerPort: 22000 + - containerPort: 21027 + protocol: UDP + volumeMounts: + - name: syncthing-data + mountPath: /var/syncthing + - name: syncthing-share + mountPath: /shared + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + volumes: + - name: syncthing-data + persistentVolumeClaim: + claimName: syncthing-data + - name: syncthing-share + persistentVolumeClaim: + claimName: syncthing-share +--- +apiVersion: v1 +kind: Service +metadata: + name: syncthing + namespace: syncthing +spec: + selector: + app: syncthing + ports: + - name: web-ui + port: 8384 + targetPort: 8384 + - name: sync-tcp + port: 22000 + targetPort: 22000 + - name: sync-udp + port: 22000 + protocol: UDP + targetPort: 22000 + - name: discovery + port: 21027 + protocol: UDP + targetPort: 21027 + type: ClusterIP + diff --git a/templates/monitoring-grafana.yaml b/templates/monitoring-grafana.yaml new file mode 100644 index 0000000..47ed5e0 --- /dev/null +++ b/templates/monitoring-grafana.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: grafana + namespace: monitoring +spec: + interval: 30m + chart: + spec: + chart: grafana + version: 7.3.0 + sourceRef: + kind: HelmRepository + name: grafana + namespace: flux-system + install: + createNamespace: true + values: + admin: + existingSecret: grafana-admin-secret + userKey: admin-user + passwordKey: admin-password + service: + type: LoadBalancer + annotations: + external-dns.alpha.kubernetes.io/hostname: "grafana.hxme.net" + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Loki + type: loki + access: proxy + url: http://loki:3100 + isDefault: true + diff --git a/templates/monitoring-loki.yaml b/templates/monitoring-loki.yaml new file mode 100644 index 0000000..b327a8e --- /dev/null +++ b/templates/monitoring-loki.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: loki + namespace: monitoring +spec: + interval: 30m + chart: + spec: + chart: loki + version: 6.6.4 + sourceRef: + kind: HelmRepository + name: grafana + namespace: flux-system + install: + createNamespace: true + values: + loki: + auth_enabled: false + singleBinary: + replicas: 1 + service: + type: LoadBalancer + annotations: + external-dns.alpha.kubernetes.io/hostname: "loki.hxme.net" + write: + replicas: 1 + read: + replicas: 1 + backend: + replicas: 1 diff --git a/templates/monitoring-prometheus.yaml b/templates/monitoring-prometheus.yaml new file mode 100644 index 0000000..dd4d5a6 --- /dev/null +++ b/templates/monitoring-prometheus.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: prometheus-community + namespace: flux-system +spec: + url: https://prometheus-community.github.io/helm-charts + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: prometheus-operator + namespace: monitoring +spec: + interval: 30m + chart: + spec: + chart: kube-prometheus-stack + version: 58.1.2 + sourceRef: + kind: HelmRepository + name: prometheus-community + namespace: flux-system + install: + createNamespace: true + upgrade: + disableWait: true + timeout: 5m + values: + prometheus: + prometheusSpec: + serviceMonitorSelectorNilUsesHelmValues: false + # Optional: expose Prometheus/Grafana via NodePort, Ingress, etc. + grafana: + enabled: false + alertmanager: + enabled: true + diff --git a/templates/monitoring-provider.yaml b/templates/monitoring-provider.yaml new file mode 100644 index 0000000..3af442a --- /dev/null +++ b/templates/monitoring-provider.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: grafana + namespace: flux-system +spec: + url: https://grafana.github.io/helm-charts + interval: 1h +--- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: monitoring + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net diff --git a/templates/operators-mariadb.yaml b/templates/operators-mariadb.yaml new file mode 100644 index 0000000..04febe6 --- /dev/null +++ b/templates/operators-mariadb.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: mariadb-system +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: mariadb-operator + namespace: flux-system +spec: + url: https://helm.mariadb.com/mariadb-operator + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator-crds + namespace: mariadb-system +spec: + interval: 30m + chart: + spec: + chart: mariadb-operator-crds + version: 0.38.1 + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + install: + createNamespace: true + upgrade: + disableWait: true + timeout: 5m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator + namespace: mariadb-system +spec: + interval: 30m + chart: + spec: + chart: mariadb-operator + version: 0.38.1 + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + install: + createNamespace: true + dependsOn: + - name: mariadb-operator-crds + namespace: mariadb-system + values: + metrics: + enabled: true + diff --git a/templates/operators-replicator.yaml b/templates/operators-replicator.yaml new file mode 100644 index 0000000..e8ec276 --- /dev/null +++ b/templates/operators-replicator.yaml @@ -0,0 +1,98 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubernetes-replicator +rules: + - apiGroups: ["", "apps", "extensions"] + resources: + - secrets + - configmaps + - roles + - rolebindings + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + - namespaces + - serviceaccounts + verbs: ["*"] + - apiGroups: ["batch"] + resources: + - configmaps + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + verbs: ["*"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - roles + - rolebindings + - clusterrolebindings + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-replicator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-replicator +subjects: + - kind: ServiceAccount + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: mittwald + namespace: flux-system +spec: + url: https://helm.mittwald.de + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: kubernetes-replicator + namespace: kube-system +spec: + interval: 5m + chart: + spec: + chart: kubernetes-replicator + sourceRef: + kind: HelmRepository + name: mittwald + namespace: flux-system + install: + createNamespace: false + upgrade: + disableWait: false + values: + serviceAccount: + create: false + name: kubernetes-replicator diff --git a/templates/remote-access-rustdesk.yaml b/templates/remote-access-rustdesk.yaml new file mode 100644 index 0000000..47ec81d --- /dev/null +++ b/templates/remote-access-rustdesk.yaml @@ -0,0 +1,77 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: rustdesk +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: rustdesk-charts + namespace: flux-system +spec: + url: https://charts.rustdesk.com + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: rustdesk-server + namespace: rustdesk +spec: + interval: 30m + chart: + spec: + chart: rustdesk-server + version: 0.5.0 + sourceRef: + kind: HelmRepository + name: rustdesk-charts + namespace: flux-system + install: + createNamespace: true + values: + hbbs: + enabled: true + service: + type: ClusterIP + ports: + - name: tcp + port: 21115 + targetPort: 21115 + - name: tcp-hbbs + port: 21116 + targetPort: 21116 + - name: udp + port: 21116 + targetPort: 21116 + protocol: UDP + + hbbr: + enabled: true + service: + type: ClusterIP + ports: + - name: tcp-hbbr + port: 21117 + targetPort: 21117 + + ingress: + enabled: true + className: "traefik" # or nginx or your ingress class + annotations: {} + hosts: + - host: rd.hxme.net + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - rd.hxme.net + secretName: rustdesk-tls + + # Optional admin password – change this in production + env: + ENCRYPTED_ONLY: "false" + ENABLE_LOG: "true" + diff --git a/templates/ssl-certmanager.yaml b/templates/ssl-certmanager.yaml new file mode 100644 index 0000000..f238e14 --- /dev/null +++ b/templates/ssl-certmanager.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: jetstack + namespace: flux-system +spec: + url: https://charts.jetstack.io + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cert-manager + namespace: cert-manager +spec: + interval: 30m + chart: + spec: + chart: cert-manager + version: v1.18.2 + sourceRef: + kind: HelmRepository + name: jetstack + namespace: flux-system + install: + crds: CreateReplace + createNamespace: true + values: + installCRDs: true + extraArgs: + - --dns01-recursive-nameservers-only + - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-rfc2136 +spec: + acme: + email: admin@hxme.net + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-rfc2136 + solvers: + - dns01: + rfc2136: + nameserver: hawke.hxst.com.au:53 + tsigKeyName: "hxme-update-key" + tsigAlgorithm: HMACSHA512 + tsigSecretSecretRef: + name: hxme-update-key + key: hxme-update-key +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-hxme-net + namespace: cert-manager +spec: + secretName: wildcard-hxme-net + secretTemplate: + annotations: + replicator.v1.mittwald.de/replication-allowed: "true" + replicator.v1.mittwald.de/replicate-to: "monitoring,authentik,nextcloud" + issuerRef: + name: letsencrypt-rfc2136 + kind: ClusterIssuer + commonName: "hxme.net" + dnsNames: + - "hxme.net" + - "*.hxme.net" diff --git a/templates/synctools-vaultwarden.yaml b/templates/synctools-vaultwarden.yaml new file mode 100644 index 0000000..93c3475 --- /dev/null +++ b/templates/synctools-vaultwarden.yaml @@ -0,0 +1,79 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: bitwarden +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: bjw-s-charts + namespace: flux-system +spec: + url: https://bjw-s.github.io/helm-charts/ + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vaultwarden + namespace: bitwarden +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 2.4.0 + sourceRef: + kind: HelmRepository + name: bjw-s-charts + namespace: flux-system + install: + createNamespace: true + values: + # Basic container config + image: + repository: vaultwarden/server + tag: 1.30.5 + pullPolicy: IfNotPresent + + env: + WEBSOCKET_ENABLED: "true" + SIGNUPS_ALLOWED: "false" + DOMAIN: "https://vw.hxme.net" + ADMIN_TOKEN: "CHANGEME_SUPER_SECRET" + + service: + main: + ports: + http: + port: 80 + + ingress: + main: + enabled: true + annotations: + kubernetes.io/ingress.class: "traefik" # Or nginx or your ingress class + hosts: + - host: vw.hxme.net + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - vw.hxme.net + secretName: bitwarden-tls + + persistence: + data: + enabled: true + existingClaim: bitwarden-data # You must create a PVC or a StorageClass dynamic claim + + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 250m + memory: 512Mi + From 71971b7e0774c879b70f76d83e2266a5436248e3 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 16:33:48 +1000 Subject: [PATCH 051/148] Replace namespace with chart namespace --- templates/ai-openweb.yaml | 11 +++-------- templates/auth-authentik.yaml | 8 ++++---- templates/dns-bind.yaml | 6 +++--- templates/dns-externaldns.yaml | 6 +++--- templates/files-nextcloud.yaml | 12 ++++++------ templates/files-syncthing.yaml | 8 ++++---- templates/monitoring-grafana.yaml | 4 ++-- templates/monitoring-loki.yaml | 4 ++-- templates/monitoring-prometheus.yaml | 6 +++--- templates/monitoring-provider.yaml | 4 ++-- templates/operators-mariadb.yaml | 12 ++++++------ templates/operators-replicator.yaml | 10 +++++----- templates/remote-access-rustdesk.yaml | 6 +++--- templates/ssl-certmanager.yaml | 8 ++++---- templates/synctools-vaultwarden.yaml | 6 +++--- 15 files changed, 53 insertions(+), 58 deletions(-) diff --git a/templates/ai-openweb.yaml b/templates/ai-openweb.yaml index e2c52ea..7ff23de 100644 --- a/templates/ai-openweb.yaml +++ b/templates/ai-openweb.yaml @@ -1,14 +1,9 @@ --- -apiVersion: v1 -kind: Namespace -metadata: - name: ai ---- apiVersion: apps/v1 kind: Deployment metadata: name: openwebui - namespace: ai + namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: @@ -40,7 +35,7 @@ apiVersion: v1 kind: Service metadata: name: openwebui - namespace: ai + namespace: {{ .Release.Namespace }} spec: selector: app: openwebui @@ -53,7 +48,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: openwebui - namespace: ai + namespace: {{ .Release.Namespace }} annotations: kubernetes.io/ingress.class: "traefik" external-dns.alpha.kubernetes.io/hostname: nc.hxme.net diff --git a/templates/auth-authentik.yaml b/templates/auth-authentik.yaml index ced40ed..c2a6f4e 100644 --- a/templates/auth-authentik.yaml +++ b/templates/auth-authentik.yaml @@ -8,7 +8,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: authentik - namespace: flux-system + namespace: {{ .Release.Namespace }} spec: url: https://charts.goauthentik.io/ interval: 1h @@ -17,7 +17,7 @@ apiVersion: v1 kind: Secret metadata: name: wildcard-hxme-net - namespace: authentik + namespace: {{ .Release.Namespace }} annotations: replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net --- @@ -25,7 +25,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: authentik - namespace: authentik + namespace: {{ .Release.Namespace }} spec: interval: 30m chart: @@ -35,7 +35,7 @@ spec: sourceRef: kind: HelmRepository name: authentik - namespace: flux-system + namespace: {{ .Release.Namespace }} install: createNamespace: true upgrade: diff --git a/templates/dns-bind.yaml b/templates/dns-bind.yaml index 23eab06..08becfa 100644 --- a/templates/dns-bind.yaml +++ b/templates/dns-bind.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: bind-master-config - namespace: dns + namespace: {{ .Release.Namespace }} data: named.conf: | include "/etc/bind/externaldns-key.conf"; @@ -52,7 +52,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: bind-master - namespace: dns + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: @@ -122,7 +122,7 @@ apiVersion: v1 kind: Service metadata: name: bind-master - namespace: dns + namespace: {{ .Release.Namespace }} spec: selector: app: bind-master diff --git a/templates/dns-externaldns.yaml b/templates/dns-externaldns.yaml index ed64c21..f713c50 100644 --- a/templates/dns-externaldns.yaml +++ b/templates/dns-externaldns.yaml @@ -26,19 +26,19 @@ roleRef: subjects: - kind: ServiceAccount name: external-dns - namespace: dns + namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: name: external-dns - namespace: dns + namespace: {{ .Release.Namespace }} --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns - namespace: dns + namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: diff --git a/templates/files-nextcloud.yaml b/templates/files-nextcloud.yaml index 2ef2de0..6c5bc88 100644 --- a/templates/files-nextcloud.yaml +++ b/templates/files-nextcloud.yaml @@ -22,7 +22,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-pvc - namespace: nextcloud + namespace: {{ .Release.Namespace }} spec: accessModes: - ReadWriteOnce @@ -36,7 +36,7 @@ apiVersion: v1 kind: Service metadata: name: nextcloud - namespace: nextcloud + namespace: {{ .Release.Namespace }} spec: ports: - port: 80 @@ -47,7 +47,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud - namespace: nextcloud + namespace: {{ .Release.Namespace }} spec: securityContext: runAsUser: 1000 @@ -94,7 +94,7 @@ apiVersion: k8s.mariadb.com/v1alpha1 kind: MariaDB metadata: name: nextcloud-db - namespace: nextcloud + namespace: {{ .Release.Namespace }} spec: rootPasswordSecretKeyRef: name: nextcloud-secrets @@ -112,7 +112,7 @@ apiVersion: v1 kind: Secret metadata: name: wildcard-hxme-net - namespace: nextcloud + namespace: {{ .Release.Namespace }} annotations: replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net --- @@ -120,7 +120,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nextcloud - namespace: nextcloud + namespace: {{ .Release.Namespace }} annotations: external-dns.alpha.kubernetes.io/hostname: nc.hxme.net spec: diff --git a/templates/files-syncthing.yaml b/templates/files-syncthing.yaml index a7279b2..52830e4 100644 --- a/templates/files-syncthing.yaml +++ b/templates/files-syncthing.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: syncthing-data - namespace: syncthing + namespace: {{ .Release.Namespace }} spec: accessModes: - ReadWriteOnce @@ -33,7 +33,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: syncthing-share - namespace: syncthing + namespace: {{ .Release.Namespace }} spec: accessModes: - ReadWriteOnce @@ -46,7 +46,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: syncthing - namespace: syncthing + namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: @@ -86,7 +86,7 @@ apiVersion: v1 kind: Service metadata: name: syncthing - namespace: syncthing + namespace: {{ .Release.Namespace }} spec: selector: app: syncthing diff --git a/templates/monitoring-grafana.yaml b/templates/monitoring-grafana.yaml index 47ed5e0..cd7576d 100644 --- a/templates/monitoring-grafana.yaml +++ b/templates/monitoring-grafana.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: grafana - namespace: monitoring + namespace: {{ .Release.Namespace }} spec: interval: 30m chart: @@ -13,7 +13,7 @@ spec: sourceRef: kind: HelmRepository name: grafana - namespace: flux-system + namespace: {{ .Release.Namespace }} install: createNamespace: true values: diff --git a/templates/monitoring-loki.yaml b/templates/monitoring-loki.yaml index b327a8e..97480af 100644 --- a/templates/monitoring-loki.yaml +++ b/templates/monitoring-loki.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: loki - namespace: monitoring + namespace: {{ .Release.Namespace }} spec: interval: 30m chart: @@ -13,7 +13,7 @@ spec: sourceRef: kind: HelmRepository name: grafana - namespace: flux-system + namespace: {{ .Release.Namespace }} install: createNamespace: true values: diff --git a/templates/monitoring-prometheus.yaml b/templates/monitoring-prometheus.yaml index dd4d5a6..fb59b87 100644 --- a/templates/monitoring-prometheus.yaml +++ b/templates/monitoring-prometheus.yaml @@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: prometheus-community - namespace: flux-system + namespace: {{ .Release.Namespace }} spec: url: https://prometheus-community.github.io/helm-charts interval: 1h @@ -12,7 +12,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: prometheus-operator - namespace: monitoring + namespace: {{ .Release.Namespace }} spec: interval: 30m chart: @@ -22,7 +22,7 @@ spec: sourceRef: kind: HelmRepository name: prometheus-community - namespace: flux-system + namespace: {{ .Release.Namespace }} install: createNamespace: true upgrade: diff --git a/templates/monitoring-provider.yaml b/templates/monitoring-provider.yaml index 3af442a..7fb6bf2 100644 --- a/templates/monitoring-provider.yaml +++ b/templates/monitoring-provider.yaml @@ -8,7 +8,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: grafana - namespace: flux-system + namespace: {{ .Release.Namespace }} spec: url: https://grafana.github.io/helm-charts interval: 1h @@ -17,6 +17,6 @@ apiVersion: v1 kind: Secret metadata: name: wildcard-hxme-net - namespace: monitoring + namespace: {{ .Release.Namespace }} annotations: replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net diff --git a/templates/operators-mariadb.yaml b/templates/operators-mariadb.yaml index 04febe6..702a210 100644 --- a/templates/operators-mariadb.yaml +++ b/templates/operators-mariadb.yaml @@ -8,7 +8,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: mariadb-operator - namespace: flux-system + namespace: {{ .Release.Namespace }} spec: url: https://helm.mariadb.com/mariadb-operator interval: 1h @@ -17,7 +17,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: mariadb-operator-crds - namespace: mariadb-system + namespace: {{ .Release.Namespace }} spec: interval: 30m chart: @@ -27,7 +27,7 @@ spec: sourceRef: kind: HelmRepository name: mariadb-operator - namespace: flux-system + namespace: {{ .Release.Namespace }} install: createNamespace: true upgrade: @@ -38,7 +38,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: mariadb-operator - namespace: mariadb-system + namespace: {{ .Release.Namespace }} spec: interval: 30m chart: @@ -48,12 +48,12 @@ spec: sourceRef: kind: HelmRepository name: mariadb-operator - namespace: flux-system + namespace: {{ .Release.Namespace }} install: createNamespace: true dependsOn: - name: mariadb-operator-crds - namespace: mariadb-system + namespace: {{ .Release.Namespace }} values: metrics: enabled: true diff --git a/templates/operators-replicator.yaml b/templates/operators-replicator.yaml index e8ec276..52840a1 100644 --- a/templates/operators-replicator.yaml +++ b/templates/operators-replicator.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: kubernetes-replicator - namespace: kube-system + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -63,13 +63,13 @@ roleRef: subjects: - kind: ServiceAccount name: kubernetes-replicator - namespace: kube-system + namespace: {{ .Release.Namespace }} --- apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: name: mittwald - namespace: flux-system + namespace: {{ .Release.Namespace }} spec: url: https://helm.mittwald.de interval: 1h @@ -78,7 +78,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: kubernetes-replicator - namespace: kube-system + namespace: {{ .Release.Namespace }} spec: interval: 5m chart: @@ -87,7 +87,7 @@ spec: sourceRef: kind: HelmRepository name: mittwald - namespace: flux-system + namespace: {{ .Release.Namespace }} install: createNamespace: false upgrade: diff --git a/templates/remote-access-rustdesk.yaml b/templates/remote-access-rustdesk.yaml index 47ec81d..5ac5a21 100644 --- a/templates/remote-access-rustdesk.yaml +++ b/templates/remote-access-rustdesk.yaml @@ -8,7 +8,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: rustdesk-charts - namespace: flux-system + namespace: {{ .Release.Namespace }} spec: url: https://charts.rustdesk.com interval: 1h @@ -17,7 +17,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: rustdesk-server - namespace: rustdesk + namespace: {{ .Release.Namespace }} spec: interval: 30m chart: @@ -27,7 +27,7 @@ spec: sourceRef: kind: HelmRepository name: rustdesk-charts - namespace: flux-system + namespace: {{ .Release.Namespace }} install: createNamespace: true values: diff --git a/templates/ssl-certmanager.yaml b/templates/ssl-certmanager.yaml index f238e14..1bef710 100644 --- a/templates/ssl-certmanager.yaml +++ b/templates/ssl-certmanager.yaml @@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: jetstack - namespace: flux-system + namespace: {{ .Release.Namespace }} spec: url: https://charts.jetstack.io interval: 1h @@ -12,7 +12,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager - namespace: cert-manager + namespace: {{ .Release.Namespace }} spec: interval: 30m chart: @@ -22,7 +22,7 @@ spec: sourceRef: kind: HelmRepository name: jetstack - namespace: flux-system + namespace: {{ .Release.Namespace }} install: crds: CreateReplace createNamespace: true @@ -56,7 +56,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: wildcard-hxme-net - namespace: cert-manager + namespace: {{ .Release.Namespace }} spec: secretName: wildcard-hxme-net secretTemplate: diff --git a/templates/synctools-vaultwarden.yaml b/templates/synctools-vaultwarden.yaml index 93c3475..e0ced35 100644 --- a/templates/synctools-vaultwarden.yaml +++ b/templates/synctools-vaultwarden.yaml @@ -8,7 +8,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: bjw-s-charts - namespace: flux-system + namespace: {{ .Release.Namespace }} spec: url: https://bjw-s.github.io/helm-charts/ interval: 1h @@ -17,7 +17,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: vaultwarden - namespace: bitwarden + namespace: {{ .Release.Namespace }} spec: interval: 30m chart: @@ -27,7 +27,7 @@ spec: sourceRef: kind: HelmRepository name: bjw-s-charts - namespace: flux-system + namespace: {{ .Release.Namespace }} install: createNamespace: true values: From 3bbb8663bca563233b819eaaf2654dd4816901ec Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 16:35:27 +1000 Subject: [PATCH 052/148] Remove namespaces --- templates/auth-authentik.yaml | 5 ----- templates/dns-namespace.yaml | 5 ----- templates/files-nextcloud.yaml | 5 ----- templates/files-syncthing.yaml | 5 ----- templates/monitoring-prometheus.yaml | 2 +- templates/operators-mariadb.yaml | 5 ----- templates/remote-access-rustdesk.yaml | 5 ----- templates/ssl-certmanager.yaml | 2 +- templates/synctools-vaultwarden.yaml | 5 ----- 9 files changed, 2 insertions(+), 37 deletions(-) delete mode 100644 templates/dns-namespace.yaml diff --git a/templates/auth-authentik.yaml b/templates/auth-authentik.yaml index c2a6f4e..2ee840b 100644 --- a/templates/auth-authentik.yaml +++ b/templates/auth-authentik.yaml @@ -1,9 +1,4 @@ --- -apiVersion: v1 -kind: Namespace -metadata: - name: authentik ---- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: diff --git a/templates/dns-namespace.yaml b/templates/dns-namespace.yaml deleted file mode 100644 index 52c7228..0000000 --- a/templates/dns-namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: dns diff --git a/templates/files-nextcloud.yaml b/templates/files-nextcloud.yaml index 6c5bc88..617306e 100644 --- a/templates/files-nextcloud.yaml +++ b/templates/files-nextcloud.yaml @@ -1,10 +1,5 @@ --- apiVersion: v1 -kind: Namespace -metadata: - name: nextcloud ---- -apiVersion: v1 kind: PersistentVolume metadata: name: nextcloud-pv diff --git a/templates/files-syncthing.yaml b/templates/files-syncthing.yaml index 52830e4..0b795c3 100644 --- a/templates/files-syncthing.yaml +++ b/templates/files-syncthing.yaml @@ -1,10 +1,5 @@ --- apiVersion: v1 -kind: Namespace -metadata: - name: syncthing ---- -apiVersion: v1 kind: PersistentVolumeClaim metadata: name: syncthing-data diff --git a/templates/monitoring-prometheus.yaml b/templates/monitoring-prometheus.yaml index fb59b87..1f62914 100644 --- a/templates/monitoring-prometheus.yaml +++ b/templates/monitoring-prometheus.yaml @@ -24,7 +24,7 @@ spec: name: prometheus-community namespace: {{ .Release.Namespace }} install: - createNamespace: true + createNamespace: false upgrade: disableWait: true timeout: 5m diff --git a/templates/operators-mariadb.yaml b/templates/operators-mariadb.yaml index 702a210..3edc1e1 100644 --- a/templates/operators-mariadb.yaml +++ b/templates/operators-mariadb.yaml @@ -1,9 +1,4 @@ --- -apiVersion: v1 -kind: Namespace -metadata: - name: mariadb-system ---- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: diff --git a/templates/remote-access-rustdesk.yaml b/templates/remote-access-rustdesk.yaml index 5ac5a21..110b677 100644 --- a/templates/remote-access-rustdesk.yaml +++ b/templates/remote-access-rustdesk.yaml @@ -1,9 +1,4 @@ --- -apiVersion: v1 -kind: Namespace -metadata: - name: rustdesk ---- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: diff --git a/templates/ssl-certmanager.yaml b/templates/ssl-certmanager.yaml index 1bef710..53fd7d8 100644 --- a/templates/ssl-certmanager.yaml +++ b/templates/ssl-certmanager.yaml @@ -25,7 +25,7 @@ spec: namespace: {{ .Release.Namespace }} install: crds: CreateReplace - createNamespace: true + createNamespace: false values: installCRDs: true extraArgs: diff --git a/templates/synctools-vaultwarden.yaml b/templates/synctools-vaultwarden.yaml index e0ced35..f1384fe 100644 --- a/templates/synctools-vaultwarden.yaml +++ b/templates/synctools-vaultwarden.yaml @@ -1,9 +1,4 @@ --- -apiVersion: v1 -kind: Namespace -metadata: - name: bitwarden ---- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: From c1dae3957d2ae14d42c02c2efcf6a1a6c860bd04 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 16:48:21 +1000 Subject: [PATCH 053/148] Missed a namespace --- templates/monitoring-provider.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/templates/monitoring-provider.yaml b/templates/monitoring-provider.yaml index 7fb6bf2..580c3e6 100644 --- a/templates/monitoring-provider.yaml +++ b/templates/monitoring-provider.yaml @@ -1,9 +1,4 @@ --- -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring ---- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: From 0d3658705b563363c5f6a0968bfc2cb720097598 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 16:49:07 +1000 Subject: [PATCH 054/148] Remove secret replication because we're now in one namespace --- templates/auth-authentik.yaml | 8 -------- templates/files-nextcloud.yaml | 8 -------- templates/monitoring-provider.yaml | 8 -------- 3 files changed, 24 deletions(-) diff --git a/templates/auth-authentik.yaml b/templates/auth-authentik.yaml index 2ee840b..70fb400 100644 --- a/templates/auth-authentik.yaml +++ b/templates/auth-authentik.yaml @@ -8,14 +8,6 @@ spec: url: https://charts.goauthentik.io/ interval: 1h --- -apiVersion: v1 -kind: Secret -metadata: - name: wildcard-hxme-net - namespace: {{ .Release.Namespace }} - annotations: - replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: diff --git a/templates/files-nextcloud.yaml b/templates/files-nextcloud.yaml index 617306e..71dc86a 100644 --- a/templates/files-nextcloud.yaml +++ b/templates/files-nextcloud.yaml @@ -103,14 +103,6 @@ spec: storage: size: 5Gi --- -apiVersion: v1 -kind: Secret -metadata: - name: wildcard-hxme-net - namespace: {{ .Release.Namespace }} - annotations: - replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: diff --git a/templates/monitoring-provider.yaml b/templates/monitoring-provider.yaml index 580c3e6..b3e6600 100644 --- a/templates/monitoring-provider.yaml +++ b/templates/monitoring-provider.yaml @@ -7,11 +7,3 @@ metadata: spec: url: https://grafana.github.io/helm-charts interval: 1h ---- -apiVersion: v1 -kind: Secret -metadata: - name: wildcard-hxme-net - namespace: {{ .Release.Namespace }} - annotations: - replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net From e3c15c839bfa9c4854d06530499a86a745f21f56 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 16:57:13 +1000 Subject: [PATCH 055/148] Update for deprecation warning --- templates/auth-authentik.yaml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/templates/auth-authentik.yaml b/templates/auth-authentik.yaml index 70fb400..097ccfb 100644 --- a/templates/auth-authentik.yaml +++ b/templates/auth-authentik.yaml @@ -32,10 +32,17 @@ spec: - kind: Secret name: authentik-values values: - ingress: - annotations: - external-dns.alpha.kubernetes.io/hostname: auth.hxme.net - tls: - - secretName: wildcard-hxme-net - hosts: - - auth.hxme.net + server: + ingress: + enabled: true + annotations: + external-dns.alpha.kubernetes.io/hostname: auth.hxme.net + hosts: + - host: auth.hxme.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: wildcard-hxme-net + hosts: + - auth.hxme.net From 0431748ef9de4344bf7cf0b63f5ea8d84f710100 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 17:25:39 +1000 Subject: [PATCH 056/148] gpt thorwing me around --- templates/auth-authentik.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/templates/auth-authentik.yaml b/templates/auth-authentik.yaml index 097ccfb..1eb151f 100644 --- a/templates/auth-authentik.yaml +++ b/templates/auth-authentik.yaml @@ -38,10 +38,7 @@ spec: annotations: external-dns.alpha.kubernetes.io/hostname: auth.hxme.net hosts: - - host: auth.hxme.net - paths: - - path: / - pathType: Prefix + - auth.hxme.net tls: - secretName: wildcard-hxme-net hosts: From 500194ed6843150c65f61eed8519de0254941244 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 17:25:58 +1000 Subject: [PATCH 057/148] Update versiont o see if flux just auto updates because im sick of namespace not deleting on manual upate --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 758bc24..9d909e8 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: home-server description: A Helm chart for deploying the home-server application type: application -version: 0.1.0 +version: 0.1.1 appVersion: "1.0.0" From 0d03b2a68a72c25cdb8d7d5b2325358e2cbf457d Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 17:43:06 +1000 Subject: [PATCH 058/148] Remove dupes because its deployed in chart --- deployments/kustomization.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 9b9016c..52b0300 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -4,6 +4,4 @@ kind: Kustomization resources: - manifests/00-namespaces.yaml - manifests/10-repo-prod.yaml - - manifests/20-hrel-mariadb.yaml - - manifests/20-hrel-replicator.yaml - manifests/30-hrel-prod.yaml From 7359fc17f79db1e0032c6a68fe8ca67a24b929e4 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 17:52:30 +1000 Subject: [PATCH 059/148] Add EndpointSlices for external dns --- templates/dns-externaldns.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/dns-externaldns.yaml b/templates/dns-externaldns.yaml index f713c50..51abc9f 100644 --- a/templates/dns-externaldns.yaml +++ b/templates/dns-externaldns.yaml @@ -13,6 +13,9 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["list","watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "watch", "list"] # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) --- apiVersion: rbac.authorization.k8s.io/v1 From d2ad7d8e966e5b3cc871d8be280ca3ffc92aa72e Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 17:54:28 +1000 Subject: [PATCH 060/148] force update --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 9d909e8..27ac246 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: home-server description: A Helm chart for deploying the home-server application type: application -version: 0.1.1 +version: 0.1.2 appVersion: "1.0.0" From f80d240995c30ac1a28f186f11fc5e4696fb1e12 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 17:55:34 +1000 Subject: [PATCH 061/148] Fix rfc2136 host --- templates/dns-externaldns.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/dns-externaldns.yaml b/templates/dns-externaldns.yaml index 51abc9f..fc3de2e 100644 --- a/templates/dns-externaldns.yaml +++ b/templates/dns-externaldns.yaml @@ -60,7 +60,7 @@ spec: - --source=service - --source=ingress - --provider=rfc2136 - - --rfc2136-host=bind-master.dns.svc.cluster.local + - --rfc2136-host=bind-master.{{ .Release.Namespace }}.svc.cluster.local - --rfc2136-port=53 - --rfc2136-zone=hxme.net - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) From 526aaa1dd8c8b27f98b951c6d168011545c57285 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 17:55:47 +1000 Subject: [PATCH 062/148] Update versionf or rfc fix --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 27ac246..3396e5a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: home-server description: A Helm chart for deploying the home-server application type: application -version: 0.1.2 +version: 0.1.3 appVersion: "1.0.0" From 6b56e35f689f1623e48ebaa7245fcff4c5530062 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 18:16:26 +1000 Subject: [PATCH 063/148] Just incase; put chart into chart --- Chart.yaml => chart/Chart.yaml | 0 {templates => chart/templates}/ai-openweb.yaml | 0 {templates => chart/templates}/auth-authentik.yaml | 0 {templates => chart/templates}/dns-bind.yaml | 0 {templates => chart/templates}/dns-externaldns.yaml | 0 {templates => chart/templates}/files-nextcloud.yaml | 0 {templates => chart/templates}/files-syncthing.yaml | 0 {templates => chart/templates}/monitoring-grafana.yaml | 0 {templates => chart/templates}/monitoring-loki.yaml | 0 {templates => chart/templates}/monitoring-prometheus.yaml | 0 {templates => chart/templates}/monitoring-provider.yaml | 0 {templates => chart/templates}/operators-mariadb.yaml | 0 {templates => chart/templates}/operators-replicator.yaml | 0 {templates => chart/templates}/remote-access-rustdesk.yaml | 0 {templates => chart/templates}/ssl-certmanager.yaml | 0 {templates => chart/templates}/synctools-vaultwarden.yaml | 0 values.yaml => chart/values.yaml | 0 deployments/manifests/30-hrel-prod.yaml | 2 +- 18 files changed, 1 insertion(+), 1 deletion(-) rename Chart.yaml => chart/Chart.yaml (100%) rename {templates => chart/templates}/ai-openweb.yaml (100%) rename {templates => chart/templates}/auth-authentik.yaml (100%) rename {templates => chart/templates}/dns-bind.yaml (100%) rename {templates => chart/templates}/dns-externaldns.yaml (100%) rename {templates => chart/templates}/files-nextcloud.yaml (100%) rename {templates => chart/templates}/files-syncthing.yaml (100%) rename {templates => chart/templates}/monitoring-grafana.yaml (100%) rename {templates => chart/templates}/monitoring-loki.yaml (100%) rename {templates => chart/templates}/monitoring-prometheus.yaml (100%) rename {templates => chart/templates}/monitoring-provider.yaml (100%) rename {templates => chart/templates}/operators-mariadb.yaml (100%) rename {templates => chart/templates}/operators-replicator.yaml (100%) rename {templates => chart/templates}/remote-access-rustdesk.yaml (100%) rename {templates => chart/templates}/ssl-certmanager.yaml (100%) rename {templates => chart/templates}/synctools-vaultwarden.yaml (100%) rename values.yaml => chart/values.yaml (100%) diff --git a/Chart.yaml b/chart/Chart.yaml similarity index 100% rename from Chart.yaml rename to chart/Chart.yaml diff --git a/templates/ai-openweb.yaml b/chart/templates/ai-openweb.yaml similarity index 100% rename from templates/ai-openweb.yaml rename to chart/templates/ai-openweb.yaml diff --git a/templates/auth-authentik.yaml b/chart/templates/auth-authentik.yaml similarity index 100% rename from templates/auth-authentik.yaml rename to chart/templates/auth-authentik.yaml diff --git a/templates/dns-bind.yaml b/chart/templates/dns-bind.yaml similarity index 100% rename from templates/dns-bind.yaml rename to chart/templates/dns-bind.yaml diff --git a/templates/dns-externaldns.yaml b/chart/templates/dns-externaldns.yaml similarity index 100% rename from templates/dns-externaldns.yaml rename to chart/templates/dns-externaldns.yaml diff --git a/templates/files-nextcloud.yaml b/chart/templates/files-nextcloud.yaml similarity index 100% rename from templates/files-nextcloud.yaml rename to chart/templates/files-nextcloud.yaml diff --git a/templates/files-syncthing.yaml b/chart/templates/files-syncthing.yaml similarity index 100% rename from templates/files-syncthing.yaml rename to chart/templates/files-syncthing.yaml diff --git a/templates/monitoring-grafana.yaml b/chart/templates/monitoring-grafana.yaml similarity index 100% rename from templates/monitoring-grafana.yaml rename to chart/templates/monitoring-grafana.yaml diff --git a/templates/monitoring-loki.yaml b/chart/templates/monitoring-loki.yaml similarity index 100% rename from templates/monitoring-loki.yaml rename to chart/templates/monitoring-loki.yaml diff --git a/templates/monitoring-prometheus.yaml b/chart/templates/monitoring-prometheus.yaml similarity index 100% rename from templates/monitoring-prometheus.yaml rename to chart/templates/monitoring-prometheus.yaml diff --git a/templates/monitoring-provider.yaml b/chart/templates/monitoring-provider.yaml similarity index 100% rename from templates/monitoring-provider.yaml rename to chart/templates/monitoring-provider.yaml diff --git a/templates/operators-mariadb.yaml b/chart/templates/operators-mariadb.yaml similarity index 100% rename from templates/operators-mariadb.yaml rename to chart/templates/operators-mariadb.yaml diff --git a/templates/operators-replicator.yaml b/chart/templates/operators-replicator.yaml similarity index 100% rename from templates/operators-replicator.yaml rename to chart/templates/operators-replicator.yaml diff --git a/templates/remote-access-rustdesk.yaml b/chart/templates/remote-access-rustdesk.yaml similarity index 100% rename from templates/remote-access-rustdesk.yaml rename to chart/templates/remote-access-rustdesk.yaml diff --git a/templates/ssl-certmanager.yaml b/chart/templates/ssl-certmanager.yaml similarity index 100% rename from templates/ssl-certmanager.yaml rename to chart/templates/ssl-certmanager.yaml diff --git a/templates/synctools-vaultwarden.yaml b/chart/templates/synctools-vaultwarden.yaml similarity index 100% rename from templates/synctools-vaultwarden.yaml rename to chart/templates/synctools-vaultwarden.yaml diff --git a/values.yaml b/chart/values.yaml similarity index 100% rename from values.yaml rename to chart/values.yaml diff --git a/deployments/manifests/30-hrel-prod.yaml b/deployments/manifests/30-hrel-prod.yaml index ee0a4dc..e3095b7 100644 --- a/deployments/manifests/30-hrel-prod.yaml +++ b/deployments/manifests/30-hrel-prod.yaml @@ -8,7 +8,7 @@ spec: interval: 1m chart: spec: - chart: ./ + chart: ./chart sourceRef: kind: GitRepository name: hsp-system From ba63e97b2e3e38a77876a31bd782046cc16dba2d Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 18:19:12 +1000 Subject: [PATCH 064/148] Move core operators to deployments due to chicken egg issues --- chart/templates/operators-mariadb.yaml | 55 ------------- chart/templates/operators-replicator.yaml | 98 ----------------------- deployments/kustomization.yaml | 2 + 3 files changed, 2 insertions(+), 153 deletions(-) delete mode 100644 chart/templates/operators-mariadb.yaml delete mode 100644 chart/templates/operators-replicator.yaml diff --git a/chart/templates/operators-mariadb.yaml b/chart/templates/operators-mariadb.yaml deleted file mode 100644 index 3edc1e1..0000000 --- a/chart/templates/operators-mariadb.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: mariadb-operator - namespace: {{ .Release.Namespace }} -spec: - url: https://helm.mariadb.com/mariadb-operator - interval: 1h ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: mariadb-operator-crds - namespace: {{ .Release.Namespace }} -spec: - interval: 30m - chart: - spec: - chart: mariadb-operator-crds - version: 0.38.1 - sourceRef: - kind: HelmRepository - name: mariadb-operator - namespace: {{ .Release.Namespace }} - install: - createNamespace: true - upgrade: - disableWait: true - timeout: 5m ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: mariadb-operator - namespace: {{ .Release.Namespace }} -spec: - interval: 30m - chart: - spec: - chart: mariadb-operator - version: 0.38.1 - sourceRef: - kind: HelmRepository - name: mariadb-operator - namespace: {{ .Release.Namespace }} - install: - createNamespace: true - dependsOn: - - name: mariadb-operator-crds - namespace: {{ .Release.Namespace }} - values: - metrics: - enabled: true - diff --git a/chart/templates/operators-replicator.yaml b/chart/templates/operators-replicator.yaml deleted file mode 100644 index 52840a1..0000000 --- a/chart/templates/operators-replicator.yaml +++ /dev/null @@ -1,98 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubernetes-replicator - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubernetes-replicator -rules: - - apiGroups: ["", "apps", "extensions"] - resources: - - secrets - - configmaps - - roles - - rolebindings - - cronjobs - - deployments - - events - - ingresses - - jobs - - pods - - pods/attach - - pods/exec - - pods/log - - pods/portforward - - services - - namespaces - - serviceaccounts - verbs: ["*"] - - apiGroups: ["batch"] - resources: - - configmaps - - cronjobs - - deployments - - events - - ingresses - - jobs - - pods - - pods/attach - - pods/exec - - pods/log - - pods/portforward - - services - verbs: ["*"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - roles - - rolebindings - - clusterrolebindings - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-replicator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubernetes-replicator -subjects: - - kind: ServiceAccount - name: kubernetes-replicator - namespace: {{ .Release.Namespace }} ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: mittwald - namespace: {{ .Release.Namespace }} -spec: - url: https://helm.mittwald.de - interval: 1h ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: kubernetes-replicator - namespace: {{ .Release.Namespace }} -spec: - interval: 5m - chart: - spec: - chart: kubernetes-replicator - sourceRef: - kind: HelmRepository - name: mittwald - namespace: {{ .Release.Namespace }} - install: - createNamespace: false - upgrade: - disableWait: false - values: - serviceAccount: - create: false - name: kubernetes-replicator diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 52b0300..9b9016c 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -4,4 +4,6 @@ kind: Kustomization resources: - manifests/00-namespaces.yaml - manifests/10-repo-prod.yaml + - manifests/20-hrel-mariadb.yaml + - manifests/20-hrel-replicator.yaml - manifests/30-hrel-prod.yaml From c8cd4659a3aabae82bb3a5da2e49d8a811cf86f6 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 20:00:02 +1000 Subject: [PATCH 065/148] fuck helm. --- chart/Chart.yaml | 6 --- chart/templates/monitoring-provider.yaml | 9 ----- chart/values.yaml | 16 -------- .../ai/openweb.yaml | 11 ++++-- .../auth/authentik.yaml | 37 ++++++++++++------- .../dns/bind.yaml | 6 +-- .../dns/externaldns.yaml | 11 ++---- deployments/dns/namespace.yaml | 5 +++ .../files/nextcloud.yaml | 23 +++++++++--- .../files/syncthing.yaml | 13 +++++-- deployments/kustomization.yaml | 18 ++++++--- deployments/manifests/00-namespaces.yaml | 10 ----- deployments/manifests/10-repo-dev.yaml | 13 ------- deployments/manifests/10-repo-prod.yaml | 14 ------- deployments/manifests/30-hrel-dev.yaml | 17 --------- deployments/manifests/30-hrel-prod.yaml | 15 -------- .../monitoring/grafana.yaml | 4 +- .../monitoring/loki.yaml | 4 +- .../monitoring/prometheus.yaml | 8 ++-- deployments/monitoring/provider.yaml | 22 +++++++++++ .../mariadb.yaml} | 4 ++ .../replicator.yaml} | 1 - .../remote-access/rustdesk.yaml | 11 ++++-- .../ssl/certmanager.yaml | 10 ++--- .../synctools/vaultwarden.yaml | 11 ++++-- 25 files changed, 138 insertions(+), 161 deletions(-) delete mode 100644 chart/Chart.yaml delete mode 100644 chart/templates/monitoring-provider.yaml delete mode 100644 chart/values.yaml rename chart/templates/ai-openweb.yaml => deployments/ai/openweb.yaml (92%) rename chart/templates/auth-authentik.yaml => deployments/auth/authentik.yaml (51%) rename chart/templates/dns-bind.yaml => deployments/dns/bind.yaml (96%) rename chart/templates/dns-externaldns.yaml => deployments/dns/externaldns.yaml (85%) create mode 100644 deployments/dns/namespace.yaml rename chart/templates/files-nextcloud.yaml => deployments/files/nextcloud.yaml (87%) rename chart/templates/files-syncthing.yaml => deployments/files/syncthing.yaml (92%) delete mode 100644 deployments/manifests/00-namespaces.yaml delete mode 100644 deployments/manifests/10-repo-dev.yaml delete mode 100644 deployments/manifests/10-repo-prod.yaml delete mode 100644 deployments/manifests/30-hrel-dev.yaml delete mode 100644 deployments/manifests/30-hrel-prod.yaml rename chart/templates/monitoring-grafana.yaml => deployments/monitoring/grafana.yaml (90%) rename chart/templates/monitoring-loki.yaml => deployments/monitoring/loki.yaml (87%) rename chart/templates/monitoring-prometheus.yaml => deployments/monitoring/prometheus.yaml (83%) create mode 100644 deployments/monitoring/provider.yaml rename deployments/{manifests/20-hrel-mariadb.yaml => operators/mariadb.yaml} (96%) rename deployments/{manifests/20-hrel-replicator.yaml => operators/replicator.yaml} (99%) rename chart/templates/remote-access-rustdesk.yaml => deployments/remote-access/rustdesk.yaml (90%) rename chart/templates/ssl-certmanager.yaml => deployments/ssl/certmanager.yaml (89%) rename chart/templates/synctools-vaultwarden.yaml => deployments/synctools/vaultwarden.yaml (91%) diff --git a/chart/Chart.yaml b/chart/Chart.yaml deleted file mode 100644 index 3396e5a..0000000 --- a/chart/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: home-server -description: A Helm chart for deploying the home-server application -type: application -version: 0.1.3 -appVersion: "1.0.0" diff --git a/chart/templates/monitoring-provider.yaml b/chart/templates/monitoring-provider.yaml deleted file mode 100644 index b3e6600..0000000 --- a/chart/templates/monitoring-provider.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: grafana - namespace: {{ .Release.Namespace }} -spec: - url: https://grafana.github.io/helm-charts - interval: 1h diff --git a/chart/values.yaml b/chart/values.yaml deleted file mode 100644 index 1f1d786..0000000 --- a/chart/values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -global: - domain: hxme.net - ssl_secret_name: wildcard-hxme-net - namespace: hsp-system - issuerName: letsencrypt-rfc2136 - email: admin@hxme.net - - rfc2136: - nameserver: hawke.hxst.com.au:53 - tsigKeyName: hxme-update-key - tsigAlgorithm: HMACSHA512 - tsigSecretName: hxme-update-key - tsigSecretKey: hxme-update-key - - replicatorNamespaces: "monitoring,authentik,nextcloud" - diff --git a/chart/templates/ai-openweb.yaml b/deployments/ai/openweb.yaml similarity index 92% rename from chart/templates/ai-openweb.yaml rename to deployments/ai/openweb.yaml index 7ff23de..e2c52ea 100644 --- a/chart/templates/ai-openweb.yaml +++ b/deployments/ai/openweb.yaml @@ -1,9 +1,14 @@ --- +apiVersion: v1 +kind: Namespace +metadata: + name: ai +--- apiVersion: apps/v1 kind: Deployment metadata: name: openwebui - namespace: {{ .Release.Namespace }} + namespace: ai spec: replicas: 1 selector: @@ -35,7 +40,7 @@ apiVersion: v1 kind: Service metadata: name: openwebui - namespace: {{ .Release.Namespace }} + namespace: ai spec: selector: app: openwebui @@ -48,7 +53,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: openwebui - namespace: {{ .Release.Namespace }} + namespace: ai annotations: kubernetes.io/ingress.class: "traefik" external-dns.alpha.kubernetes.io/hostname: nc.hxme.net diff --git a/chart/templates/auth-authentik.yaml b/deployments/auth/authentik.yaml similarity index 51% rename from chart/templates/auth-authentik.yaml rename to deployments/auth/authentik.yaml index 1eb151f..ced40ed 100644 --- a/chart/templates/auth-authentik.yaml +++ b/deployments/auth/authentik.yaml @@ -1,18 +1,31 @@ --- +apiVersion: v1 +kind: Namespace +metadata: + name: authentik +--- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: authentik - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://charts.goauthentik.io/ interval: 1h --- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: authentik + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net +--- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: authentik - namespace: {{ .Release.Namespace }} + namespace: authentik spec: interval: 30m chart: @@ -22,7 +35,7 @@ spec: sourceRef: kind: HelmRepository name: authentik - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true upgrade: @@ -32,14 +45,10 @@ spec: - kind: Secret name: authentik-values values: - server: - ingress: - enabled: true - annotations: - external-dns.alpha.kubernetes.io/hostname: auth.hxme.net - hosts: - - auth.hxme.net - tls: - - secretName: wildcard-hxme-net - hosts: - - auth.hxme.net + ingress: + annotations: + external-dns.alpha.kubernetes.io/hostname: auth.hxme.net + tls: + - secretName: wildcard-hxme-net + hosts: + - auth.hxme.net diff --git a/chart/templates/dns-bind.yaml b/deployments/dns/bind.yaml similarity index 96% rename from chart/templates/dns-bind.yaml rename to deployments/dns/bind.yaml index 08becfa..23eab06 100644 --- a/chart/templates/dns-bind.yaml +++ b/deployments/dns/bind.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: bind-master-config - namespace: {{ .Release.Namespace }} + namespace: dns data: named.conf: | include "/etc/bind/externaldns-key.conf"; @@ -52,7 +52,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: bind-master - namespace: {{ .Release.Namespace }} + namespace: dns spec: selector: matchLabels: @@ -122,7 +122,7 @@ apiVersion: v1 kind: Service metadata: name: bind-master - namespace: {{ .Release.Namespace }} + namespace: dns spec: selector: app: bind-master diff --git a/chart/templates/dns-externaldns.yaml b/deployments/dns/externaldns.yaml similarity index 85% rename from chart/templates/dns-externaldns.yaml rename to deployments/dns/externaldns.yaml index fc3de2e..ed64c21 100644 --- a/chart/templates/dns-externaldns.yaml +++ b/deployments/dns/externaldns.yaml @@ -13,9 +13,6 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["list","watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "watch", "list"] # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) --- apiVersion: rbac.authorization.k8s.io/v1 @@ -29,19 +26,19 @@ roleRef: subjects: - kind: ServiceAccount name: external-dns - namespace: {{ .Release.Namespace }} + namespace: dns --- apiVersion: v1 kind: ServiceAccount metadata: name: external-dns - namespace: {{ .Release.Namespace }} + namespace: dns --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns - namespace: {{ .Release.Namespace }} + namespace: dns spec: replicas: 1 selector: @@ -60,7 +57,7 @@ spec: - --source=service - --source=ingress - --provider=rfc2136 - - --rfc2136-host=bind-master.{{ .Release.Namespace }}.svc.cluster.local + - --rfc2136-host=bind-master.dns.svc.cluster.local - --rfc2136-port=53 - --rfc2136-zone=hxme.net - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) diff --git a/deployments/dns/namespace.yaml b/deployments/dns/namespace.yaml new file mode 100644 index 0000000..52c7228 --- /dev/null +++ b/deployments/dns/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: dns diff --git a/chart/templates/files-nextcloud.yaml b/deployments/files/nextcloud.yaml similarity index 87% rename from chart/templates/files-nextcloud.yaml rename to deployments/files/nextcloud.yaml index 71dc86a..2ef2de0 100644 --- a/chart/templates/files-nextcloud.yaml +++ b/deployments/files/nextcloud.yaml @@ -1,5 +1,10 @@ --- apiVersion: v1 +kind: Namespace +metadata: + name: nextcloud +--- +apiVersion: v1 kind: PersistentVolume metadata: name: nextcloud-pv @@ -17,7 +22,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-pvc - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: accessModes: - ReadWriteOnce @@ -31,7 +36,7 @@ apiVersion: v1 kind: Service metadata: name: nextcloud - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: ports: - port: 80 @@ -42,7 +47,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: securityContext: runAsUser: 1000 @@ -89,7 +94,7 @@ apiVersion: k8s.mariadb.com/v1alpha1 kind: MariaDB metadata: name: nextcloud-db - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: rootPasswordSecretKeyRef: name: nextcloud-secrets @@ -103,11 +108,19 @@ spec: storage: size: 5Gi --- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: nextcloud + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net +--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nextcloud - namespace: {{ .Release.Namespace }} + namespace: nextcloud annotations: external-dns.alpha.kubernetes.io/hostname: nc.hxme.net spec: diff --git a/chart/templates/files-syncthing.yaml b/deployments/files/syncthing.yaml similarity index 92% rename from chart/templates/files-syncthing.yaml rename to deployments/files/syncthing.yaml index 0b795c3..a7279b2 100644 --- a/chart/templates/files-syncthing.yaml +++ b/deployments/files/syncthing.yaml @@ -1,9 +1,14 @@ --- apiVersion: v1 +kind: Namespace +metadata: + name: syncthing +--- +apiVersion: v1 kind: PersistentVolumeClaim metadata: name: syncthing-data - namespace: {{ .Release.Namespace }} + namespace: syncthing spec: accessModes: - ReadWriteOnce @@ -28,7 +33,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: syncthing-share - namespace: {{ .Release.Namespace }} + namespace: syncthing spec: accessModes: - ReadWriteOnce @@ -41,7 +46,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: syncthing - namespace: {{ .Release.Namespace }} + namespace: syncthing spec: replicas: 1 selector: @@ -81,7 +86,7 @@ apiVersion: v1 kind: Service metadata: name: syncthing - namespace: {{ .Release.Namespace }} + namespace: syncthing spec: selector: app: syncthing diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 9b9016c..04b8189 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,8 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - manifests/00-namespaces.yaml - - manifests/10-repo-prod.yaml - - manifests/20-hrel-mariadb.yaml - - manifests/20-hrel-replicator.yaml - - manifests/30-hrel-prod.yaml + - monitoring/provider.yaml + - monitoring/grafana.yaml + - monitoring/loki.yaml + - monitoring/prometheus.yaml + - operators/mariadb.yaml + - operators/replicator.yaml + - dns/namespace.yaml + - dns/bind.yaml + - dns/externaldns.yaml + - ssl/certmanager.yaml + - auth/authentik.yaml + - files/nextcloud.yaml + - files/syncthing.yaml diff --git a/deployments/manifests/00-namespaces.yaml b/deployments/manifests/00-namespaces.yaml deleted file mode 100644 index f2b0bba..0000000 --- a/deployments/manifests/00-namespaces.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: hsp-system ---- -apiVersion: v1 -kind: Namespace -metadata: - name: home-server-dev diff --git a/deployments/manifests/10-repo-dev.yaml b/deployments/manifests/10-repo-dev.yaml deleted file mode 100644 index fd83749..0000000 --- a/deployments/manifests/10-repo-dev.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: home-server-dev - namespace: flux-system -spec: - interval: 1m - url: ssh://git@repobase.net/j/home-server.git - secretRef: - name: flux-ssh - ref: - branch: dev diff --git a/deployments/manifests/10-repo-prod.yaml b/deployments/manifests/10-repo-prod.yaml deleted file mode 100644 index 157c0bd..0000000 --- a/deployments/manifests/10-repo-prod.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: hsp-system - namespace: flux-system -spec: - interval: 1m - url: ssh://git@repobase.net/j/home-server.git - secretRef: - name: flux-ssh - ref: - branch: main - diff --git a/deployments/manifests/30-hrel-dev.yaml b/deployments/manifests/30-hrel-dev.yaml deleted file mode 100644 index 3edd87f..0000000 --- a/deployments/manifests/30-hrel-dev.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#--- -#apiVersion: helm.toolkit.fluxcd.io/v2beta1 -#kind: HelmRelease -#metadata: -# name: home-server-dev -# namespace: home-server-dev -#spec: -# interval: 1m -# chart: -# spec: -# chart: ./ -# sourceRef: -# kind: GitRepository -# name: home-server-dev -# namespace: flux-system -# values: -# mariadbNamespace: mariadb-db-dev diff --git a/deployments/manifests/30-hrel-prod.yaml b/deployments/manifests/30-hrel-prod.yaml deleted file mode 100644 index e3095b7..0000000 --- a/deployments/manifests/30-hrel-prod.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: hsp-release - namespace: hsp-system -spec: - interval: 1m - chart: - spec: - chart: ./chart - sourceRef: - kind: GitRepository - name: hsp-system - namespace: flux-system diff --git a/chart/templates/monitoring-grafana.yaml b/deployments/monitoring/grafana.yaml similarity index 90% rename from chart/templates/monitoring-grafana.yaml rename to deployments/monitoring/grafana.yaml index cd7576d..47ed5e0 100644 --- a/chart/templates/monitoring-grafana.yaml +++ b/deployments/monitoring/grafana.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: grafana - namespace: {{ .Release.Namespace }} + namespace: monitoring spec: interval: 30m chart: @@ -13,7 +13,7 @@ spec: sourceRef: kind: HelmRepository name: grafana - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true values: diff --git a/chart/templates/monitoring-loki.yaml b/deployments/monitoring/loki.yaml similarity index 87% rename from chart/templates/monitoring-loki.yaml rename to deployments/monitoring/loki.yaml index 97480af..b327a8e 100644 --- a/chart/templates/monitoring-loki.yaml +++ b/deployments/monitoring/loki.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: loki - namespace: {{ .Release.Namespace }} + namespace: monitoring spec: interval: 30m chart: @@ -13,7 +13,7 @@ spec: sourceRef: kind: HelmRepository name: grafana - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true values: diff --git a/chart/templates/monitoring-prometheus.yaml b/deployments/monitoring/prometheus.yaml similarity index 83% rename from chart/templates/monitoring-prometheus.yaml rename to deployments/monitoring/prometheus.yaml index 1f62914..dd4d5a6 100644 --- a/chart/templates/monitoring-prometheus.yaml +++ b/deployments/monitoring/prometheus.yaml @@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: prometheus-community - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://prometheus-community.github.io/helm-charts interval: 1h @@ -12,7 +12,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: prometheus-operator - namespace: {{ .Release.Namespace }} + namespace: monitoring spec: interval: 30m chart: @@ -22,9 +22,9 @@ spec: sourceRef: kind: HelmRepository name: prometheus-community - namespace: {{ .Release.Namespace }} + namespace: flux-system install: - createNamespace: false + createNamespace: true upgrade: disableWait: true timeout: 5m diff --git a/deployments/monitoring/provider.yaml b/deployments/monitoring/provider.yaml new file mode 100644 index 0000000..3af442a --- /dev/null +++ b/deployments/monitoring/provider.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: grafana + namespace: flux-system +spec: + url: https://grafana.github.io/helm-charts + interval: 1h +--- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: monitoring + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net diff --git a/deployments/manifests/20-hrel-mariadb.yaml b/deployments/operators/mariadb.yaml similarity index 96% rename from deployments/manifests/20-hrel-mariadb.yaml rename to deployments/operators/mariadb.yaml index 26f7f39..04febe6 100644 --- a/deployments/manifests/20-hrel-mariadb.yaml +++ b/deployments/operators/mariadb.yaml @@ -54,3 +54,7 @@ spec: dependsOn: - name: mariadb-operator-crds namespace: mariadb-system + values: + metrics: + enabled: true + diff --git a/deployments/manifests/20-hrel-replicator.yaml b/deployments/operators/replicator.yaml similarity index 99% rename from deployments/manifests/20-hrel-replicator.yaml rename to deployments/operators/replicator.yaml index 13d4606..e8ec276 100644 --- a/deployments/manifests/20-hrel-replicator.yaml +++ b/deployments/operators/replicator.yaml @@ -96,4 +96,3 @@ spec: serviceAccount: create: false name: kubernetes-replicator - diff --git a/chart/templates/remote-access-rustdesk.yaml b/deployments/remote-access/rustdesk.yaml similarity index 90% rename from chart/templates/remote-access-rustdesk.yaml rename to deployments/remote-access/rustdesk.yaml index 110b677..47ec81d 100644 --- a/chart/templates/remote-access-rustdesk.yaml +++ b/deployments/remote-access/rustdesk.yaml @@ -1,9 +1,14 @@ --- +apiVersion: v1 +kind: Namespace +metadata: + name: rustdesk +--- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: rustdesk-charts - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://charts.rustdesk.com interval: 1h @@ -12,7 +17,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: rustdesk-server - namespace: {{ .Release.Namespace }} + namespace: rustdesk spec: interval: 30m chart: @@ -22,7 +27,7 @@ spec: sourceRef: kind: HelmRepository name: rustdesk-charts - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true values: diff --git a/chart/templates/ssl-certmanager.yaml b/deployments/ssl/certmanager.yaml similarity index 89% rename from chart/templates/ssl-certmanager.yaml rename to deployments/ssl/certmanager.yaml index 53fd7d8..f238e14 100644 --- a/chart/templates/ssl-certmanager.yaml +++ b/deployments/ssl/certmanager.yaml @@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: jetstack - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://charts.jetstack.io interval: 1h @@ -12,7 +12,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager - namespace: {{ .Release.Namespace }} + namespace: cert-manager spec: interval: 30m chart: @@ -22,10 +22,10 @@ spec: sourceRef: kind: HelmRepository name: jetstack - namespace: {{ .Release.Namespace }} + namespace: flux-system install: crds: CreateReplace - createNamespace: false + createNamespace: true values: installCRDs: true extraArgs: @@ -56,7 +56,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: wildcard-hxme-net - namespace: {{ .Release.Namespace }} + namespace: cert-manager spec: secretName: wildcard-hxme-net secretTemplate: diff --git a/chart/templates/synctools-vaultwarden.yaml b/deployments/synctools/vaultwarden.yaml similarity index 91% rename from chart/templates/synctools-vaultwarden.yaml rename to deployments/synctools/vaultwarden.yaml index f1384fe..93c3475 100644 --- a/chart/templates/synctools-vaultwarden.yaml +++ b/deployments/synctools/vaultwarden.yaml @@ -1,9 +1,14 @@ --- +apiVersion: v1 +kind: Namespace +metadata: + name: bitwarden +--- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: bjw-s-charts - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://bjw-s.github.io/helm-charts/ interval: 1h @@ -12,7 +17,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: vaultwarden - namespace: {{ .Release.Namespace }} + namespace: bitwarden spec: interval: 30m chart: @@ -22,7 +27,7 @@ spec: sourceRef: kind: HelmRepository name: bjw-s-charts - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true values: From 711ecede2238a659ce2d832b3c767d9835548300 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 20:22:15 +1000 Subject: [PATCH 066/148] Try something new --- .../ai/openweb.yaml | 0 .../auth/authentik.yaml | 0 .../dns/bind.yaml | 0 .../dns/externaldns.yaml | 0 .../dns/namespace.yaml | 0 .../files/nextcloud.yaml | 0 .../files/syncthing.yaml | 0 deployments-old/kustomization.yaml | 17 ++++++ .../monitoring/grafana.yaml | 0 .../monitoring/loki.yaml | 0 .../monitoring/prometheus.yaml | 0 .../monitoring/provider.yaml | 0 .../operators/mariadb.yaml | 0 .../operators/replicator.yaml | 0 .../remote-access/rustdesk.yaml | 0 .../ssl/certmanager.yaml | 0 .../synctools/vaultwarden.yaml | 0 deployments/kustomization.yaml | 17 +----- deployments/mariadb/kustomization.yaml | 6 ++ deployments/mariadb/mariadb.yaml | 60 +++++++++++++++++++ deployments/namespace/namespace.yaml | 5 ++ 21 files changed, 91 insertions(+), 14 deletions(-) rename {deployments => deployments-old}/ai/openweb.yaml (100%) rename {deployments => deployments-old}/auth/authentik.yaml (100%) rename {deployments => deployments-old}/dns/bind.yaml (100%) rename {deployments => deployments-old}/dns/externaldns.yaml (100%) rename {deployments => deployments-old}/dns/namespace.yaml (100%) rename {deployments => deployments-old}/files/nextcloud.yaml (100%) rename {deployments => deployments-old}/files/syncthing.yaml (100%) create mode 100644 deployments-old/kustomization.yaml rename {deployments => deployments-old}/monitoring/grafana.yaml (100%) rename {deployments => deployments-old}/monitoring/loki.yaml (100%) rename {deployments => deployments-old}/monitoring/prometheus.yaml (100%) rename {deployments => deployments-old}/monitoring/provider.yaml (100%) rename {deployments => deployments-old}/operators/mariadb.yaml (100%) rename {deployments => deployments-old}/operators/replicator.yaml (100%) rename {deployments => deployments-old}/remote-access/rustdesk.yaml (100%) rename {deployments => deployments-old}/ssl/certmanager.yaml (100%) rename {deployments => deployments-old}/synctools/vaultwarden.yaml (100%) create mode 100644 deployments/mariadb/kustomization.yaml create mode 100644 deployments/mariadb/mariadb.yaml create mode 100644 deployments/namespace/namespace.yaml diff --git a/deployments/ai/openweb.yaml b/deployments-old/ai/openweb.yaml similarity index 100% rename from deployments/ai/openweb.yaml rename to deployments-old/ai/openweb.yaml diff --git a/deployments/auth/authentik.yaml b/deployments-old/auth/authentik.yaml similarity index 100% rename from deployments/auth/authentik.yaml rename to deployments-old/auth/authentik.yaml diff --git a/deployments/dns/bind.yaml b/deployments-old/dns/bind.yaml similarity index 100% rename from deployments/dns/bind.yaml rename to deployments-old/dns/bind.yaml diff --git a/deployments/dns/externaldns.yaml b/deployments-old/dns/externaldns.yaml similarity index 100% rename from deployments/dns/externaldns.yaml rename to deployments-old/dns/externaldns.yaml diff --git a/deployments/dns/namespace.yaml b/deployments-old/dns/namespace.yaml similarity index 100% rename from deployments/dns/namespace.yaml rename to deployments-old/dns/namespace.yaml diff --git a/deployments/files/nextcloud.yaml b/deployments-old/files/nextcloud.yaml similarity index 100% rename from deployments/files/nextcloud.yaml rename to deployments-old/files/nextcloud.yaml diff --git a/deployments/files/syncthing.yaml b/deployments-old/files/syncthing.yaml similarity index 100% rename from deployments/files/syncthing.yaml rename to deployments-old/files/syncthing.yaml diff --git a/deployments-old/kustomization.yaml b/deployments-old/kustomization.yaml new file mode 100644 index 0000000..04b8189 --- /dev/null +++ b/deployments-old/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - monitoring/provider.yaml + - monitoring/grafana.yaml + - monitoring/loki.yaml + - monitoring/prometheus.yaml + - operators/mariadb.yaml + - operators/replicator.yaml + - dns/namespace.yaml + - dns/bind.yaml + - dns/externaldns.yaml + - ssl/certmanager.yaml + - auth/authentik.yaml + - files/nextcloud.yaml + - files/syncthing.yaml diff --git a/deployments/monitoring/grafana.yaml b/deployments-old/monitoring/grafana.yaml similarity index 100% rename from deployments/monitoring/grafana.yaml rename to deployments-old/monitoring/grafana.yaml diff --git a/deployments/monitoring/loki.yaml b/deployments-old/monitoring/loki.yaml similarity index 100% rename from deployments/monitoring/loki.yaml rename to deployments-old/monitoring/loki.yaml diff --git a/deployments/monitoring/prometheus.yaml b/deployments-old/monitoring/prometheus.yaml similarity index 100% rename from deployments/monitoring/prometheus.yaml rename to deployments-old/monitoring/prometheus.yaml diff --git a/deployments/monitoring/provider.yaml b/deployments-old/monitoring/provider.yaml similarity index 100% rename from deployments/monitoring/provider.yaml rename to deployments-old/monitoring/provider.yaml diff --git a/deployments/operators/mariadb.yaml b/deployments-old/operators/mariadb.yaml similarity index 100% rename from deployments/operators/mariadb.yaml rename to deployments-old/operators/mariadb.yaml diff --git a/deployments/operators/replicator.yaml b/deployments-old/operators/replicator.yaml similarity index 100% rename from deployments/operators/replicator.yaml rename to deployments-old/operators/replicator.yaml diff --git a/deployments/remote-access/rustdesk.yaml b/deployments-old/remote-access/rustdesk.yaml similarity index 100% rename from deployments/remote-access/rustdesk.yaml rename to deployments-old/remote-access/rustdesk.yaml diff --git a/deployments/ssl/certmanager.yaml b/deployments-old/ssl/certmanager.yaml similarity index 100% rename from deployments/ssl/certmanager.yaml rename to deployments-old/ssl/certmanager.yaml diff --git a/deployments/synctools/vaultwarden.yaml b/deployments-old/synctools/vaultwarden.yaml similarity index 100% rename from deployments/synctools/vaultwarden.yaml rename to deployments-old/synctools/vaultwarden.yaml diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 04b8189..2ba0859 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -1,17 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization +kind: Kustomization resources: - - monitoring/provider.yaml - - monitoring/grafana.yaml - - monitoring/loki.yaml - - monitoring/prometheus.yaml - - operators/mariadb.yaml - - operators/replicator.yaml - - dns/namespace.yaml - - dns/bind.yaml - - dns/externaldns.yaml - - ssl/certmanager.yaml - - auth/authentik.yaml - - files/nextcloud.yaml - - files/syncthing.yaml + - namespace/namespace.yaml + - mariadb/ diff --git a/deployments/mariadb/kustomization.yaml b/deployments/mariadb/kustomization.yaml new file mode 100644 index 0000000..da9cfdb --- /dev/null +++ b/deployments/mariadb/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - mariadb.yaml diff --git a/deployments/mariadb/mariadb.yaml b/deployments/mariadb/mariadb.yaml new file mode 100644 index 0000000..04febe6 --- /dev/null +++ b/deployments/mariadb/mariadb.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: mariadb-system +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: mariadb-operator + namespace: flux-system +spec: + url: https://helm.mariadb.com/mariadb-operator + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator-crds + namespace: mariadb-system +spec: + interval: 30m + chart: + spec: + chart: mariadb-operator-crds + version: 0.38.1 + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + install: + createNamespace: true + upgrade: + disableWait: true + timeout: 5m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator + namespace: mariadb-system +spec: + interval: 30m + chart: + spec: + chart: mariadb-operator + version: 0.38.1 + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + install: + createNamespace: true + dependsOn: + - name: mariadb-operator-crds + namespace: mariadb-system + values: + metrics: + enabled: true + diff --git a/deployments/namespace/namespace.yaml b/deployments/namespace/namespace.yaml new file mode 100644 index 0000000..f956aa2 --- /dev/null +++ b/deployments/namespace/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: home-server From eb03c598087e02f551014f753480fb67290cf7db Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 20:28:52 +1000 Subject: [PATCH 067/148] Add replicator. --- deployments/replicator/kustomization.yaml | 6 ++ deployments/replicator/replicator.yaml | 98 +++++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 deployments/replicator/kustomization.yaml create mode 100644 deployments/replicator/replicator.yaml diff --git a/deployments/replicator/kustomization.yaml b/deployments/replicator/kustomization.yaml new file mode 100644 index 0000000..c1aa572 --- /dev/null +++ b/deployments/replicator/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - replicator.yaml diff --git a/deployments/replicator/replicator.yaml b/deployments/replicator/replicator.yaml new file mode 100644 index 0000000..e8ec276 --- /dev/null +++ b/deployments/replicator/replicator.yaml @@ -0,0 +1,98 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubernetes-replicator +rules: + - apiGroups: ["", "apps", "extensions"] + resources: + - secrets + - configmaps + - roles + - rolebindings + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + - namespaces + - serviceaccounts + verbs: ["*"] + - apiGroups: ["batch"] + resources: + - configmaps + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + verbs: ["*"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - roles + - rolebindings + - clusterrolebindings + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-replicator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-replicator +subjects: + - kind: ServiceAccount + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: mittwald + namespace: flux-system +spec: + url: https://helm.mittwald.de + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: kubernetes-replicator + namespace: kube-system +spec: + interval: 5m + chart: + spec: + chart: kubernetes-replicator + sourceRef: + kind: HelmRepository + name: mittwald + namespace: flux-system + install: + createNamespace: false + upgrade: + disableWait: false + values: + serviceAccount: + create: false + name: kubernetes-replicator From e386020f17f42e0bb6f85b006ffebd5255648029 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 20:30:36 +1000 Subject: [PATCH 068/148] Add nextcloud and deploy rep --- deployments/kustomization.yaml | 3 + deployments/nextcloud/kustomization.yaml | 6 + deployments/nextcloud/nextcloud.yaml | 137 +++++++++++++++++++++++ 3 files changed, 146 insertions(+) create mode 100644 deployments/nextcloud/kustomization.yaml create mode 100644 deployments/nextcloud/nextcloud.yaml diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 2ba0859..ea3a20f 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -1,6 +1,9 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace/namespace.yaml - mariadb/ + - replicator/ + - nextcloud/ diff --git a/deployments/nextcloud/kustomization.yaml b/deployments/nextcloud/kustomization.yaml new file mode 100644 index 0000000..777fa28 --- /dev/null +++ b/deployments/nextcloud/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - nextcloud.yaml diff --git a/deployments/nextcloud/nextcloud.yaml b/deployments/nextcloud/nextcloud.yaml new file mode 100644 index 0000000..6b72fda --- /dev/null +++ b/deployments/nextcloud/nextcloud.yaml @@ -0,0 +1,137 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nextcloud-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/temp/Nextcloud +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-pvc + namespace: home-server +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 10Gi + volumeName: nextcloud-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud + namespace: home-server +spec: + ports: + - port: 80 + selector: + app: nextcloud +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: home-server +spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + selector: + matchLabels: + app: nextcloud + template: + metadata: + labels: + app: nextcloud + spec: + containers: + - name: nextcloud + image: nextcloud:29 + env: + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-secrets + key: MYSQL_PASSWORD + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + - name: MYSQL_HOST + value: mariadb + ports: + - containerPort: 80 + volumeMounts: + - name: nextcloud-data + mountPath: /var/www/html + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + volumes: + - name: nextcloud-data + persistentVolumeClaim: + claimName: nextcloud-pvc +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: nextcloud-db + namespace: home-server +spec: + rootPasswordSecretKeyRef: + name: nextcloud-secrets + key: MYSQL_ROOT_PASSWORD + database: nextcloud + username: nextcloud + passwordSecretKeyRef: + name: nextcloud-secrets + key: MYSQL_PASSWORD + image: mariadb:10.11 + storage: + size: 5Gi +--- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: home-server + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + namespace: home-server + annotations: + external-dns.alpha.kubernetes.io/hostname: nc.hxme.net +spec: + tls: + - hosts: + - nc.hxme.net + secretName: wildcard-hxme-net + rules: + - host: nc.hxme.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 + From 04bcac839be24b732318a52940ec11ba3ac5ac5c Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 20:32:26 +1000 Subject: [PATCH 069/148] Port over bind config --- deployments/dns/bind.yaml | 138 +++++++++++++++++++++++++++++ deployments/dns/externaldns.yaml | 75 ++++++++++++++++ deployments/dns/kustomization.yaml | 7 ++ 3 files changed, 220 insertions(+) create mode 100644 deployments/dns/bind.yaml create mode 100644 deployments/dns/externaldns.yaml create mode 100644 deployments/dns/kustomization.yaml diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml new file mode 100644 index 0000000..b77a3ba --- /dev/null +++ b/deployments/dns/bind.yaml @@ -0,0 +1,138 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bind-master-config + namespace: home-server +data: + named.conf: | + include "/etc/bind/externaldns-key.conf"; + + options { + directory "/var/cache/bind"; + + recursion yes; + allow-query { any; }; + + listen-on port 53 { any; }; + listen-on-v6 port 53 { any; }; + + forwarders { + 10.40.0.254; + }; + + dnssec-validation auto; + }; + + zone "." IN { + type hint; + file "/usr/share/dns/root.hints"; + }; + + zone "hxme.net." IN { + type master; + file "/etc/bind/db.hxme.net"; + allow-update { key "externaldns-key"; }; + }; + db.hxme.net: | + $TTL 3600 + @ IN SOA ns1.hxme.net. admin.hxme.net. ( + 1 ; Serial + 7200 ; Refresh + 1800 ; Retry + 1209600 ; Expire + 86400 ) ; Negative Cache TTL + ; + @ IN NS ns1.hxme.net. + ns1 IN A 10.40.0.110 + @ IN A 10.40.0.110 + www IN A 10.40.0.110 +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: bind-master + namespace: home-server +spec: + selector: + matchLabels: + app: bind-master + template: + metadata: + labels: + app: bind-master + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + securityContext: + fsGroup: 999 + initContainers: + - name: fetch-root-hints + image: debian:12 + command: + - sh + - -c + - | + apt update && apt -y install curl + curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints + volumeMounts: + - mountPath: /usr/share/dns + name: root-hints + containers: + - name: bind-master + image: internetsystemsconsortium/bind9:9.18 + command: ["named", "-g", "-c", "/etc/bind/named.conf"] + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + volumeMounts: + - name: config + mountPath: /etc/bind/named.conf + subPath: named.conf + - name: config + mountPath: /etc/bind/db.hxme.net + subPath: db.hxme.net + - name: dns-secrets + mountPath: /etc/bind/externaldns-key.conf + subPath: externaldns-key.conf + - name: bind-cache + mountPath: /var/cache/bind + - name: bind-rundir + mountPath: /var/run/named + - name: root-hints + mountPath: /usr/share/dns + volumes: + - name: dns-secrets + secret: + secretName: dns-secrets + - name: config + configMap: + name: bind-master-config + - name: bind-cache + emptyDir: {} + - name: bind-rundir + emptyDir: {} + - name: root-hints + emptyDir: {} + +--- +apiVersion: v1 +kind: Service +metadata: + name: bind-master + namespace: home-server +spec: + selector: + app: bind-master + ports: + - name: dns-udp + port: 53 + protocol: UDP + targetPort: 53 + - name: dns-tcp + port: 53 + protocol: TCP + targetPort: 53 + diff --git a/deployments/dns/externaldns.yaml b/deployments/dns/externaldns.yaml new file mode 100644 index 0000000..b940155 --- /dev/null +++ b/deployments/dns/externaldns.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: + - apiGroups: [""] + resources: ["services","endpoints","pods"] + verbs: ["get","watch","list"] + - apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list","watch"] + # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: + - kind: ServiceAccount + name: external-dns + namespace: home-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns + namespace: home-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns + namespace: home-server +spec: + replicas: 1 + selector: + matchLabels: + app: external-dns + template: + metadata: + labels: + app: external-dns + spec: + serviceAccountName: external-dns + containers: + - name: external-dns + image: bitnami/external-dns:latest + args: + - --source=service + - --source=ingress + - --provider=rfc2136 + - --rfc2136-host=bind-master.home-server.svc.cluster.local + - --rfc2136-port=53 + - --rfc2136-zone=hxme.net + - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) + - --rfc2136-tsig-secret-alg=hmac-sha256 + - --rfc2136-tsig-keyname=externaldns-key + - --policy=sync + - --registry=txt + - --txt-owner-id=my-cluster + env: + - name: RFC2136_TSIG_SECRET + valueFrom: + secretKeyRef: + name: dns-secrets + key: externaldns-secret + diff --git a/deployments/dns/kustomization.yaml b/deployments/dns/kustomization.yaml new file mode 100644 index 0000000..05ba44c --- /dev/null +++ b/deployments/dns/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - bind.yaml + - externaldns.yaml From 4cecc4ffc3d3ba8c50280eceee56ffb2edeb5909 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 20:32:37 +1000 Subject: [PATCH 070/148] Deploy DNS --- deployments/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index ea3a20f..5ba9d9f 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization resources: - namespace/namespace.yaml + - dns/ - mariadb/ - replicator/ - nextcloud/ From cecabe6f6833f7905a55a0a1e59ed1bd08afc4f6 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 20:34:57 +1000 Subject: [PATCH 071/148] Add authentik --- deployments/auth/authentik.yaml | 49 +++++++++++++++++++++++++++++ deployments/auth/kustomization.yaml | 6 ++++ deployments/kustomization.yaml | 1 + 3 files changed, 56 insertions(+) create mode 100644 deployments/auth/authentik.yaml create mode 100644 deployments/auth/kustomization.yaml diff --git a/deployments/auth/authentik.yaml b/deployments/auth/authentik.yaml new file mode 100644 index 0000000..270c402 --- /dev/null +++ b/deployments/auth/authentik.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: authentik + namespace: flux-system +spec: + url: https://charts.goauthentik.io/ + interval: 1h +--- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: home-server + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: authentik + namespace: home-server +spec: + interval: 30m + chart: + spec: + chart: authentik + version: 2024.4.2 + sourceRef: + kind: HelmRepository + name: authentik + namespace: flux-system + install: + createNamespace: true + upgrade: + disableWait: false + timeout: 10m + valuesFrom: + - kind: Secret + name: authentik-values + values: + ingress: + annotations: + external-dns.alpha.kubernetes.io/hostname: auth.hxme.net + tls: + - secretName: wildcard-hxme-net + hosts: + - auth.hxme.net diff --git a/deployments/auth/kustomization.yaml b/deployments/auth/kustomization.yaml new file mode 100644 index 0000000..fb10ef1 --- /dev/null +++ b/deployments/auth/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - authentik.yaml diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 5ba9d9f..0f0c6ed 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -7,4 +7,5 @@ resources: - dns/ - mariadb/ - replicator/ + - auth/ - nextcloud/ From 9f8826950d935d29af388bbe9003306a66bada13 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 20:36:47 +1000 Subject: [PATCH 072/148] Add cert manager --- deployments/kustomization.yaml | 1 + deployments/ssl/certmanager.yaml | 72 ++++++++++++++++++++++++++++++ deployments/ssl/kustomization.yaml | 6 +++ 3 files changed, 79 insertions(+) create mode 100644 deployments/ssl/certmanager.yaml create mode 100644 deployments/ssl/kustomization.yaml diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 0f0c6ed..6b9d753 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -7,5 +7,6 @@ resources: - dns/ - mariadb/ - replicator/ + - ssl/ - auth/ - nextcloud/ diff --git a/deployments/ssl/certmanager.yaml b/deployments/ssl/certmanager.yaml new file mode 100644 index 0000000..6b9fb0a --- /dev/null +++ b/deployments/ssl/certmanager.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: jetstack + namespace: flux-system +spec: + url: https://charts.jetstack.io + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cert-manager + namespace: home-server +spec: + interval: 30m + chart: + spec: + chart: cert-manager + version: v1.18.2 + sourceRef: + kind: HelmRepository + name: jetstack + namespace: flux-system + install: + crds: CreateReplace + createNamespace: true + values: + installCRDs: true + extraArgs: + - --dns01-recursive-nameservers-only + - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-rfc2136 +spec: + acme: + email: admin@hxme.net + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-rfc2136 + solvers: + - dns01: + rfc2136: + nameserver: hawke.hxst.com.au:53 + tsigKeyName: "hxme-update-key" + tsigAlgorithm: HMACSHA512 + tsigSecretSecretRef: + name: hxme-update-key + key: hxme-update-key +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-hxme-net + namespace: home-server +spec: + secretName: wildcard-hxme-net + secretTemplate: + annotations: + replicator.v1.mittwald.de/replication-allowed: "true" + replicator.v1.mittwald.de/replicate-to: "monitoring,authentik,nextcloud" + issuerRef: + name: letsencrypt-rfc2136 + kind: ClusterIssuer + commonName: "hxme.net" + dnsNames: + - "hxme.net" + - "*.hxme.net" diff --git a/deployments/ssl/kustomization.yaml b/deployments/ssl/kustomization.yaml new file mode 100644 index 0000000..2c0445b --- /dev/null +++ b/deployments/ssl/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - certmanager.yaml From 621d1465a79e0c5316fca3e4cf6e574537c3b932 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 21:15:54 +1000 Subject: [PATCH 073/148] Re-add extra perms I missed --- deployments/dns/externaldns.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployments/dns/externaldns.yaml b/deployments/dns/externaldns.yaml index b940155..c3a9736 100644 --- a/deployments/dns/externaldns.yaml +++ b/deployments/dns/externaldns.yaml @@ -13,6 +13,9 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["list","watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "watch", "list"] # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) --- apiVersion: rbac.authorization.k8s.io/v1 From 5abcac417717cd8a801794c96a2b50a085f913ef Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 21:16:32 +1000 Subject: [PATCH 074/148] Remove certificate that is not needed --- deployments/nextcloud/nextcloud.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/deployments/nextcloud/nextcloud.yaml b/deployments/nextcloud/nextcloud.yaml index 6b72fda..b35716c 100644 --- a/deployments/nextcloud/nextcloud.yaml +++ b/deployments/nextcloud/nextcloud.yaml @@ -103,14 +103,6 @@ spec: storage: size: 5Gi --- -apiVersion: v1 -kind: Secret -metadata: - name: wildcard-hxme-net - namespace: home-server - annotations: - replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: From bc8c2f3179ea2e89d43d3592de11d07b365f529a Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 21:35:39 +1000 Subject: [PATCH 075/148] Add backups --- deployments/mariadb/backups.yaml | 43 ++++++++++++++++++++++++++ deployments/mariadb/kustomization.yaml | 1 + 2 files changed, 44 insertions(+) create mode 100644 deployments/mariadb/backups.yaml diff --git a/deployments/mariadb/backups.yaml b/deployments/mariadb/backups.yaml new file mode 100644 index 0000000..0bdc7ca --- /dev/null +++ b/deployments/mariadb/backups.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mariadb-backup-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + storageClassName: manual + hostPath: + path: /dpool/backups/mariadb +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-backup-pvc + namespace: default +spec: + accessModes: + - ReadWriteOnce + storageClassName: manual + resources: + requests: + storage: 10Gi +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Backup +metadata: + name: backup-scheduled + namespace: home-server +spec: + mariaDbRef: + name: nextcloud + schedule: + cron: "0 1 * * *" + suspend: false + maxRetention: 168h + storage: + persistentVolumeClaim: + claimName: mariadb-backup-pvc + logLevel: info diff --git a/deployments/mariadb/kustomization.yaml b/deployments/mariadb/kustomization.yaml index da9cfdb..69fbba4 100644 --- a/deployments/mariadb/kustomization.yaml +++ b/deployments/mariadb/kustomization.yaml @@ -4,3 +4,4 @@ kind: Kustomization resources: - mariadb.yaml + - backups.yaml From 6909100982bb1160c8342cc4cb29f6d15fda860f Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 21:39:04 +1000 Subject: [PATCH 076/148] Fix db name --- deployments/mariadb/backups.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/mariadb/backups.yaml b/deployments/mariadb/backups.yaml index 0bdc7ca..8b4cb62 100644 --- a/deployments/mariadb/backups.yaml +++ b/deployments/mariadb/backups.yaml @@ -32,7 +32,7 @@ metadata: namespace: home-server spec: mariaDbRef: - name: nextcloud + name: nextcloud-db schedule: cron: "0 1 * * *" suspend: false From 51b7523829a78420992c1fb1a466ffd6e5d6bd41 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 21:41:10 +1000 Subject: [PATCH 077/148] Fix namespace for pvc --- deployments/mariadb/backups.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/mariadb/backups.yaml b/deployments/mariadb/backups.yaml index 8b4cb62..68ef364 100644 --- a/deployments/mariadb/backups.yaml +++ b/deployments/mariadb/backups.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mariadb-backup-pvc - namespace: default + namespace: home-server spec: accessModes: - ReadWriteOnce From 7e53160afec9dcee99e5bc7942de71a9011eeadf Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:09:22 +1000 Subject: [PATCH 078/148] Use host path because im fucking lazy --- deployments/mariadb/backups.yaml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/deployments/mariadb/backups.yaml b/deployments/mariadb/backups.yaml index 68ef364..48fd101 100644 --- a/deployments/mariadb/backups.yaml +++ b/deployments/mariadb/backups.yaml @@ -28,16 +28,19 @@ spec: apiVersion: k8s.mariadb.com/v1alpha1 kind: Backup metadata: - name: backup-scheduled + name: backup-local namespace: home-server spec: mariaDbRef: name: nextcloud-db schedule: cron: "0 1 * * *" - suspend: false maxRetention: 168h - storage: - persistentVolumeClaim: - claimName: mariadb-backup-pvc - logLevel: info + volumeMounts: + - mountPath: /backups + name: backup-volume + volumes: + - name: backup-volume + hostPath: + path: /dpool/backups/mariadb + type: DirectoryOrCreate From a3cbbb9e4dfb0a7755cd3a0937fa06335a825c80 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:24:21 +1000 Subject: [PATCH 079/148] Consolidate to see if flux doesnt one shot --- deployments/mariadb/backups.yaml | 46 -------------------------- deployments/mariadb/kustomization.yaml | 1 - deployments/mariadb/mariadb.yaml | 21 +++++++++++- 3 files changed, 20 insertions(+), 48 deletions(-) delete mode 100644 deployments/mariadb/backups.yaml diff --git a/deployments/mariadb/backups.yaml b/deployments/mariadb/backups.yaml deleted file mode 100644 index 48fd101..0000000 --- a/deployments/mariadb/backups.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: mariadb-backup-pv -spec: - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - storageClassName: manual - hostPath: - path: /dpool/backups/mariadb ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mariadb-backup-pvc - namespace: home-server -spec: - accessModes: - - ReadWriteOnce - storageClassName: manual - resources: - requests: - storage: 10Gi ---- -apiVersion: k8s.mariadb.com/v1alpha1 -kind: Backup -metadata: - name: backup-local - namespace: home-server -spec: - mariaDbRef: - name: nextcloud-db - schedule: - cron: "0 1 * * *" - maxRetention: 168h - volumeMounts: - - mountPath: /backups - name: backup-volume - volumes: - - name: backup-volume - hostPath: - path: /dpool/backups/mariadb - type: DirectoryOrCreate diff --git a/deployments/mariadb/kustomization.yaml b/deployments/mariadb/kustomization.yaml index 69fbba4..da9cfdb 100644 --- a/deployments/mariadb/kustomization.yaml +++ b/deployments/mariadb/kustomization.yaml @@ -4,4 +4,3 @@ kind: Kustomization resources: - mariadb.yaml - - backups.yaml diff --git a/deployments/mariadb/mariadb.yaml b/deployments/mariadb/mariadb.yaml index 04febe6..c43b691 100644 --- a/deployments/mariadb/mariadb.yaml +++ b/deployments/mariadb/mariadb.yaml @@ -57,4 +57,23 @@ spec: values: metrics: enabled: true - +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Backup +metadata: + name: backup-local + namespace: home-server +spec: + mariaDbRef: + name: nextcloud-db + schedule: + cron: "0 1 * * *" + maxRetention: 168h + volumeMounts: + - mountPath: /backups + name: backup-volume + volumes: + - name: backup-volume + hostPath: + path: /dpool/backups/mariadb + type: DirectoryOrCreate From bf0abb8f51146aaa67bf3f62db4126e569f6f388 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:24:40 +1000 Subject: [PATCH 080/148] yeet backup because break --- deployments/mariadb/mariadb.yaml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/deployments/mariadb/mariadb.yaml b/deployments/mariadb/mariadb.yaml index c43b691..54c704b 100644 --- a/deployments/mariadb/mariadb.yaml +++ b/deployments/mariadb/mariadb.yaml @@ -57,23 +57,3 @@ spec: values: metrics: enabled: true ---- -apiVersion: k8s.mariadb.com/v1alpha1 -kind: Backup -metadata: - name: backup-local - namespace: home-server -spec: - mariaDbRef: - name: nextcloud-db - schedule: - cron: "0 1 * * *" - maxRetention: 168h - volumeMounts: - - mountPath: /backups - name: backup-volume - volumes: - - name: backup-volume - hostPath: - path: /dpool/backups/mariadb - type: DirectoryOrCreate From eaff82568233bc9f30cf7e2c2840c188a7e86ec6 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:25:17 +1000 Subject: [PATCH 081/148] Add backup to nextcloud. Tricks load order I hope. --- deployments/nextcloud/nextcloud.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/deployments/nextcloud/nextcloud.yaml b/deployments/nextcloud/nextcloud.yaml index b35716c..e6e415b 100644 --- a/deployments/nextcloud/nextcloud.yaml +++ b/deployments/nextcloud/nextcloud.yaml @@ -103,6 +103,26 @@ spec: storage: size: 5Gi --- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Backup +metadata: + name: backup-local + namespace: home-server +spec: + mariaDbRef: + name: nextcloud-db + schedule: + cron: "0 1 * * *" + maxRetention: 168h + volumeMounts: + - mountPath: /backups + name: backup-volume + volumes: + - name: backup-volume + hostPath: + path: /dpool/backups/mariadb + type: DirectoryOrCreate +--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: From c67bca0573093cd4669a6165ce7369a1a7bf6908 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:27:16 +1000 Subject: [PATCH 082/148] flux kust or am i stoopid? --- deployments/nextcloud/nextcloud.yaml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/deployments/nextcloud/nextcloud.yaml b/deployments/nextcloud/nextcloud.yaml index e6e415b..b35716c 100644 --- a/deployments/nextcloud/nextcloud.yaml +++ b/deployments/nextcloud/nextcloud.yaml @@ -103,26 +103,6 @@ spec: storage: size: 5Gi --- -apiVersion: k8s.mariadb.com/v1alpha1 -kind: Backup -metadata: - name: backup-local - namespace: home-server -spec: - mariaDbRef: - name: nextcloud-db - schedule: - cron: "0 1 * * *" - maxRetention: 168h - volumeMounts: - - mountPath: /backups - name: backup-volume - volumes: - - name: backup-volume - hostPath: - path: /dpool/backups/mariadb - type: DirectoryOrCreate ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: From 12f1964af11a86e1b3cd24b75ce81f6be3c2673a Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:37:51 +1000 Subject: [PATCH 083/148] I really hate flux sometimes --- deployments/kustomization.yaml | 106 ++++++++++++++++++++++++++++--- deployments/mariadb/mariadb.yaml | 3 - 2 files changed, 96 insertions(+), 13 deletions(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 6b9d753..62a202c 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -1,12 +1,98 @@ --- -apiVersion: kustomize.config.k8s.io/v1beta1 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization - -resources: - - namespace/namespace.yaml - - dns/ - - mariadb/ - - replicator/ - - ssl/ - - auth/ - - nextcloud/ +metadata: + name: namespace + namespace: flux-system +spec: + interval: 1m + path: ./namespace + prune: true + sourceRef: + kind: GitRepository + name: home-server-deployment + wait: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: dns + namespace: flux-system +spec: + interval: 1m + path: ./dns + prune: true + sourceRef: + kind: GitRepository + name: home-server-deployment + wait: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: replicator + namespace: flux-system +spec: + interval: 1m + path: ./replicator + prune: true + sourceRef: + kind: GitRepository + name: home-server-deployment + wait: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: ssl + namespace: flux-system +spec: + interval: 1m + path: ./ssl + prune: true + sourceRef: + kind: GitRepository + name: home-server-deployment + wait: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: mariadb + namespace: flux-system +spec: + interval: 1m + path: ./mariadb + prune: true + sourceRef: + kind: GitRepository + name: home-server-deployment + wait: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: auth + namespace: flux-system +spec: + interval: 1m + path: ./auth + prune: true + sourceRef: + kind: GitRepository + name: home-server-deployment + wait: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: nextcloud + namespace: flux-system +spec: + interval: 1m + path: ./mariadb + prune: true + sourceRef: + kind: GitRepository + name: home-server-deployment + wait: true diff --git a/deployments/mariadb/mariadb.yaml b/deployments/mariadb/mariadb.yaml index 54c704b..26f7f39 100644 --- a/deployments/mariadb/mariadb.yaml +++ b/deployments/mariadb/mariadb.yaml @@ -54,6 +54,3 @@ spec: dependsOn: - name: mariadb-operator-crds namespace: mariadb-system - values: - metrics: - enabled: true From de68b89629b2f110a5f7d8e5711d665813f430d3 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:39:43 +1000 Subject: [PATCH 084/148] Eh --- deployments/kustomization.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 62a202c..bdc72e3 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -1,5 +1,5 @@ --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization metadata: name: namespace @@ -13,7 +13,7 @@ spec: name: home-server-deployment wait: true --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization metadata: name: dns @@ -27,7 +27,7 @@ spec: name: home-server-deployment wait: true --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization metadata: name: replicator @@ -41,7 +41,7 @@ spec: name: home-server-deployment wait: true --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization metadata: name: ssl @@ -55,7 +55,7 @@ spec: name: home-server-deployment wait: true --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization metadata: name: mariadb @@ -69,7 +69,7 @@ spec: name: home-server-deployment wait: true --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization metadata: name: auth @@ -83,7 +83,7 @@ spec: name: home-server-deployment wait: true --- -apiVersion: kustomize.toolkit.fluxcd.io/v1 +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization metadata: name: nextcloud From 9be3c258581a5d0e21fcbcb4be11c8ac07d760ba Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:41:41 +1000 Subject: [PATCH 085/148] deps --- deployments/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index bdc72e3..de72ef7 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -95,4 +95,4 @@ spec: sourceRef: kind: GitRepository name: home-server-deployment - wait: true + dependsOn: mariadb From e7168a30396e4685e799742ba7e99805e859de58 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:45:18 +1000 Subject: [PATCH 086/148] Just... trying something --- deployments/kustomization.yaml | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index de72ef7..879c9a8 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -1,98 +1,100 @@ --- -apiVersion: kustomize.config.k8s.io/v1beta1 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: namespace namespace: flux-system spec: interval: 1m - path: ./namespace + path: ./deployments/namespace prune: true sourceRef: kind: GitRepository name: home-server-deployment wait: true --- -apiVersion: kustomize.config.k8s.io/v1beta1 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: dns namespace: flux-system spec: interval: 1m - path: ./dns + path: ./deployments/dns prune: true sourceRef: kind: GitRepository name: home-server-deployment wait: true --- -apiVersion: kustomize.config.k8s.io/v1beta1 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: replicator namespace: flux-system spec: interval: 1m - path: ./replicator + path: ./deployments/replicator prune: true sourceRef: kind: GitRepository name: home-server-deployment wait: true --- -apiVersion: kustomize.config.k8s.io/v1beta1 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: ssl namespace: flux-system spec: interval: 1m - path: ./ssl + path: ./deployments/ssl prune: true sourceRef: kind: GitRepository name: home-server-deployment wait: true --- -apiVersion: kustomize.config.k8s.io/v1beta1 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: mariadb namespace: flux-system spec: interval: 1m - path: ./mariadb + path: ./deployments/mariadb prune: true sourceRef: kind: GitRepository name: home-server-deployment wait: true --- -apiVersion: kustomize.config.k8s.io/v1beta1 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: auth namespace: flux-system spec: interval: 1m - path: ./auth + path: ./deployments/auth prune: true sourceRef: kind: GitRepository name: home-server-deployment wait: true --- -apiVersion: kustomize.config.k8s.io/v1beta1 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: nextcloud namespace: flux-system spec: interval: 1m - path: ./mariadb + path: ./deployments/nextcloud # <— Make sure this points to your nextcloud manifests folder, NOT mariadb prune: true sourceRef: kind: GitRepository name: home-server-deployment - dependsOn: mariadb + dependsOn: + - name: mariadb + From 80344a23ec15f14848d536c237ba065cf2038398 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 22:58:37 +1000 Subject: [PATCH 087/148] x --- deployments/auth/kustomization.yaml | 6 -- .../{auth => home-server}/authentik.yaml | 0 deployments/{dns => home-server}/bind.yaml | 0 .../{ssl => home-server}/certmanager.yaml | 0 .../{dns => home-server}/externaldns.yaml | 0 .../{dns => home-server}/kustomization.yaml | 3 + .../{nextcloud => home-server}/nextcloud.yaml | 0 deployments/kustomization.yaml | 102 +----------------- deployments/kusts/home-server.yaml | 30 ++++++ deployments/kusts/operators.yaml | 30 ++++++ deployments/mariadb/kustomization.yaml | 6 -- deployments/nextcloud/kustomization.yaml | 6 -- .../kustomization.yaml | 2 + .../{mariadb => operators}/mariadb.yaml | 1 + .../{namespace => operators}/namespace.yaml | 0 .../{replicator => operators}/replicator.yaml | 0 deployments/ssl/kustomization.yaml | 6 -- 17 files changed, 70 insertions(+), 122 deletions(-) delete mode 100644 deployments/auth/kustomization.yaml rename deployments/{auth => home-server}/authentik.yaml (100%) rename deployments/{dns => home-server}/bind.yaml (100%) rename deployments/{ssl => home-server}/certmanager.yaml (100%) rename deployments/{dns => home-server}/externaldns.yaml (100%) rename deployments/{dns => home-server}/kustomization.yaml (66%) rename deployments/{nextcloud => home-server}/nextcloud.yaml (100%) create mode 100644 deployments/kusts/home-server.yaml create mode 100644 deployments/kusts/operators.yaml delete mode 100644 deployments/mariadb/kustomization.yaml delete mode 100644 deployments/nextcloud/kustomization.yaml rename deployments/{replicator => operators}/kustomization.yaml (73%) rename deployments/{mariadb => operators}/mariadb.yaml (99%) rename deployments/{namespace => operators}/namespace.yaml (100%) rename deployments/{replicator => operators}/replicator.yaml (100%) delete mode 100644 deployments/ssl/kustomization.yaml diff --git a/deployments/auth/kustomization.yaml b/deployments/auth/kustomization.yaml deleted file mode 100644 index fb10ef1..0000000 --- a/deployments/auth/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - authentik.yaml diff --git a/deployments/auth/authentik.yaml b/deployments/home-server/authentik.yaml similarity index 100% rename from deployments/auth/authentik.yaml rename to deployments/home-server/authentik.yaml diff --git a/deployments/dns/bind.yaml b/deployments/home-server/bind.yaml similarity index 100% rename from deployments/dns/bind.yaml rename to deployments/home-server/bind.yaml diff --git a/deployments/ssl/certmanager.yaml b/deployments/home-server/certmanager.yaml similarity index 100% rename from deployments/ssl/certmanager.yaml rename to deployments/home-server/certmanager.yaml diff --git a/deployments/dns/externaldns.yaml b/deployments/home-server/externaldns.yaml similarity index 100% rename from deployments/dns/externaldns.yaml rename to deployments/home-server/externaldns.yaml diff --git a/deployments/dns/kustomization.yaml b/deployments/home-server/kustomization.yaml similarity index 66% rename from deployments/dns/kustomization.yaml rename to deployments/home-server/kustomization.yaml index 05ba44c..323f746 100644 --- a/deployments/dns/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -3,5 +3,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - authentik.yaml - bind.yaml + - certmanager.yaml - externaldns.yaml + - nextcloud.yaml diff --git a/deployments/nextcloud/nextcloud.yaml b/deployments/home-server/nextcloud.yaml similarity index 100% rename from deployments/nextcloud/nextcloud.yaml rename to deployments/home-server/nextcloud.yaml diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 879c9a8..4e604db 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -1,100 +1,6 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -metadata: - name: namespace - namespace: flux-system -spec: - interval: 1m - path: ./deployments/namespace - prune: true - sourceRef: - kind: GitRepository - name: home-server-deployment - wait: true ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: dns - namespace: flux-system -spec: - interval: 1m - path: ./deployments/dns - prune: true - sourceRef: - kind: GitRepository - name: home-server-deployment - wait: true ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: replicator - namespace: flux-system -spec: - interval: 1m - path: ./deployments/replicator - prune: true - sourceRef: - kind: GitRepository - name: home-server-deployment - wait: true ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: ssl - namespace: flux-system -spec: - interval: 1m - path: ./deployments/ssl - prune: true - sourceRef: - kind: GitRepository - name: home-server-deployment - wait: true ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: mariadb - namespace: flux-system -spec: - interval: 1m - path: ./deployments/mariadb - prune: true - sourceRef: - kind: GitRepository - name: home-server-deployment - wait: true ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: auth - namespace: flux-system -spec: - interval: 1m - path: ./deployments/auth - prune: true - sourceRef: - kind: GitRepository - name: home-server-deployment - wait: true ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: nextcloud - namespace: flux-system -spec: - interval: 1m - path: ./deployments/nextcloud # <— Make sure this points to your nextcloud manifests folder, NOT mariadb - prune: true - sourceRef: - kind: GitRepository - name: home-server-deployment - dependsOn: - - name: mariadb +resources: +- kusts/operators.yaml +- kusts/home-server.yaml diff --git a/deployments/kusts/home-server.yaml b/deployments/kusts/home-server.yaml new file mode 100644 index 0000000..e39af5f --- /dev/null +++ b/deployments/kusts/home-server.yaml @@ -0,0 +1,30 @@ +## I am so fucking mad with Flux right now I can't even begin explaining it. +# I have to do this because it doesn't respect order in kusts... +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: home-server-apps + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: main + url: ssh://git@repobase.net/j/home-server.git + secretRef: + name: ssh-credentials +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: home-server-apps + namespace: flux-system +spec: + interval: 1m0s + path: ./deployments/home-server + prune: true + sourceRef: + kind: GitRepository + name: home-server-apps + targetNamespace: home-server + diff --git a/deployments/kusts/operators.yaml b/deployments/kusts/operators.yaml new file mode 100644 index 0000000..cade079 --- /dev/null +++ b/deployments/kusts/operators.yaml @@ -0,0 +1,30 @@ +## I am so fucking mad with Flux right now I can't even begin explaining it. +# I have to do this because it doesn't respect order in kusts... +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: operators + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: main + url: ssh://git@repobase.net/j/home-server.git + secretRef: + name: ssh-credentials +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: operators + namespace: flux-system +spec: + interval: 1m0s + path: ./deployments/operators + prune: true + sourceRef: + kind: GitRepository + name: operators + targetNamespace: home-server + diff --git a/deployments/mariadb/kustomization.yaml b/deployments/mariadb/kustomization.yaml deleted file mode 100644 index da9cfdb..0000000 --- a/deployments/mariadb/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - mariadb.yaml diff --git a/deployments/nextcloud/kustomization.yaml b/deployments/nextcloud/kustomization.yaml deleted file mode 100644 index 777fa28..0000000 --- a/deployments/nextcloud/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - nextcloud.yaml diff --git a/deployments/replicator/kustomization.yaml b/deployments/operators/kustomization.yaml similarity index 73% rename from deployments/replicator/kustomization.yaml rename to deployments/operators/kustomization.yaml index c1aa572..0bd70c1 100644 --- a/deployments/replicator/kustomization.yaml +++ b/deployments/operators/kustomization.yaml @@ -3,4 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - mariadb.yaml - replicator.yaml + - namespace.yaml diff --git a/deployments/mariadb/mariadb.yaml b/deployments/operators/mariadb.yaml similarity index 99% rename from deployments/mariadb/mariadb.yaml rename to deployments/operators/mariadb.yaml index 26f7f39..576d0ce 100644 --- a/deployments/mariadb/mariadb.yaml +++ b/deployments/operators/mariadb.yaml @@ -54,3 +54,4 @@ spec: dependsOn: - name: mariadb-operator-crds namespace: mariadb-system + diff --git a/deployments/namespace/namespace.yaml b/deployments/operators/namespace.yaml similarity index 100% rename from deployments/namespace/namespace.yaml rename to deployments/operators/namespace.yaml diff --git a/deployments/replicator/replicator.yaml b/deployments/operators/replicator.yaml similarity index 100% rename from deployments/replicator/replicator.yaml rename to deployments/operators/replicator.yaml diff --git a/deployments/ssl/kustomization.yaml b/deployments/ssl/kustomization.yaml deleted file mode 100644 index 2c0445b..0000000 --- a/deployments/ssl/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - certmanager.yaml From 246e23c37b2e1378a744dda7777e327cc0d4f486 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 23:00:57 +1000 Subject: [PATCH 088/148] fix secret key name --- deployments/kusts/home-server.yaml | 2 +- deployments/kusts/operators.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/kusts/home-server.yaml b/deployments/kusts/home-server.yaml index e39af5f..3cf1dc9 100644 --- a/deployments/kusts/home-server.yaml +++ b/deployments/kusts/home-server.yaml @@ -12,7 +12,7 @@ spec: branch: main url: ssh://git@repobase.net/j/home-server.git secretRef: - name: ssh-credentials + name: flux-ssh --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization diff --git a/deployments/kusts/operators.yaml b/deployments/kusts/operators.yaml index cade079..46237b1 100644 --- a/deployments/kusts/operators.yaml +++ b/deployments/kusts/operators.yaml @@ -12,7 +12,7 @@ spec: branch: main url: ssh://git@repobase.net/j/home-server.git secretRef: - name: ssh-credentials + name: flux-ssh --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization From 7dfd7cef831c4ba3d31ab074e7863b3222499c97 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 23:03:02 +1000 Subject: [PATCH 089/148] x --- deployments/operators/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deployments/operators/kustomization.yaml b/deployments/operators/kustomization.yaml index 0bd70c1..c89b854 100644 --- a/deployments/operators/kustomization.yaml +++ b/deployments/operators/kustomization.yaml @@ -5,4 +5,3 @@ kind: Kustomization resources: - mariadb.yaml - replicator.yaml - - namespace.yaml From 882d9ca823927ab90d31acb7c774c2539c2f4e13 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 23:04:21 +1000 Subject: [PATCH 090/148] remove target namespace? --- deployments/kusts/operators.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deployments/kusts/operators.yaml b/deployments/kusts/operators.yaml index 46237b1..07bef45 100644 --- a/deployments/kusts/operators.yaml +++ b/deployments/kusts/operators.yaml @@ -26,5 +26,4 @@ spec: sourceRef: kind: GitRepository name: operators - targetNamespace: home-server From 28f767671ecb11283da4b9a091b5adafc7a4a89c Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 23:18:34 +1000 Subject: [PATCH 091/148] Just add in --- deployments/operators/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deployments/operators/kustomization.yaml b/deployments/operators/kustomization.yaml index c89b854..0bd70c1 100644 --- a/deployments/operators/kustomization.yaml +++ b/deployments/operators/kustomization.yaml @@ -5,3 +5,4 @@ kind: Kustomization resources: - mariadb.yaml - replicator.yaml + - namespace.yaml From 0a9ecb1e08e1397e2078f13b1e22d93a8544d926 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 23:18:56 +1000 Subject: [PATCH 092/148] x --- deployments/kusts/home-server.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deployments/kusts/home-server.yaml b/deployments/kusts/home-server.yaml index 3cf1dc9..963f535 100644 --- a/deployments/kusts/home-server.yaml +++ b/deployments/kusts/home-server.yaml @@ -26,5 +26,3 @@ spec: sourceRef: kind: GitRepository name: home-server-apps - targetNamespace: home-server - From 16acbf5b027e485e6fdcd1e08c13cdad1ce507be Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 23:41:18 +1000 Subject: [PATCH 093/148] Fix mysql host --- deployments/home-server/nextcloud.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/home-server/nextcloud.yaml b/deployments/home-server/nextcloud.yaml index b35716c..dc16d25 100644 --- a/deployments/home-server/nextcloud.yaml +++ b/deployments/home-server/nextcloud.yaml @@ -70,7 +70,7 @@ spec: - name: MYSQL_USER value: nextcloud - name: MYSQL_HOST - value: mariadb + value: nextcloud-db ports: - containerPort: 80 volumeMounts: From e8084bf517afe9e59894514252b5c85a7e97251c Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 23:48:38 +1000 Subject: [PATCH 094/148] cheeky cronjob --- deployments/home-server/nextcloud.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/deployments/home-server/nextcloud.yaml b/deployments/home-server/nextcloud.yaml index dc16d25..0fc113a 100644 --- a/deployments/home-server/nextcloud.yaml +++ b/deployments/home-server/nextcloud.yaml @@ -127,3 +127,26 @@ spec: port: number: 80 + +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: nextcloud-cron + namespace: home-server +spec: + schedule: "*/5 * * * *" # Every 5 minutes + jobTemplate: + spec: + template: + spec: + containers: + - name: curl-cron + image: curlimages/curl:latest + args: + - "--fail" + - "--silent" + - "--show-error" + - "http://nextcloud.home-server.svc.cluster.local/cron.php" + restartPolicy: OnFailure + From 42ba699d8ed0ad1cfbaec5a5c119a90c07287463 Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 23:50:40 +1000 Subject: [PATCH 095/148] didnt work --- deployments/home-server/nextcloud.yaml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/deployments/home-server/nextcloud.yaml b/deployments/home-server/nextcloud.yaml index 0fc113a..77734a9 100644 --- a/deployments/home-server/nextcloud.yaml +++ b/deployments/home-server/nextcloud.yaml @@ -128,25 +128,3 @@ spec: number: 80 ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: nextcloud-cron - namespace: home-server -spec: - schedule: "*/5 * * * *" # Every 5 minutes - jobTemplate: - spec: - template: - spec: - containers: - - name: curl-cron - image: curlimages/curl:latest - args: - - "--fail" - - "--silent" - - "--show-error" - - "http://nextcloud.home-server.svc.cluster.local/cron.php" - restartPolicy: OnFailure - From f37cffaf94dd0bed3f6f3b4fddd2ea53f54be1be Mon Sep 17 00:00:00 2001 From: j Date: Fri, 11 Jul 2025 00:31:13 +1000 Subject: [PATCH 096/148] hsts --- deployments/home-server/nextcloud.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployments/home-server/nextcloud.yaml b/deployments/home-server/nextcloud.yaml index 77734a9..9e99229 100644 --- a/deployments/home-server/nextcloud.yaml +++ b/deployments/home-server/nextcloud.yaml @@ -110,6 +110,8 @@ metadata: namespace: home-server annotations: external-dns.alpha.kubernetes.io/hostname: nc.hxme.net + nginx.ingress.kubernetes.io/server-snippet: | + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; spec: tls: - hosts: From 019cfea0bda8642d798e510d2a3b7f4ce32ff4c5 Mon Sep 17 00:00:00 2001 From: j Date: Fri, 11 Jul 2025 00:41:13 +1000 Subject: [PATCH 097/148] Add redis for caching --- deployments/operators/kustomization.yaml | 1 + deployments/operators/redis.yaml | 33 ++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 deployments/operators/redis.yaml diff --git a/deployments/operators/kustomization.yaml b/deployments/operators/kustomization.yaml index 0bd70c1..9a0fb27 100644 --- a/deployments/operators/kustomization.yaml +++ b/deployments/operators/kustomization.yaml @@ -6,3 +6,4 @@ resources: - mariadb.yaml - replicator.yaml - namespace.yaml + - redis.yaml diff --git a/deployments/operators/redis.yaml b/deployments/operators/redis.yaml new file mode 100644 index 0000000..b21967c --- /dev/null +++ b/deployments/operators/redis.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + namespace: home-server +spec: + replicas: 1 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + containers: + - name: redis + image: redis:7 + ports: + - containerPort: 6379 +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: home-server +spec: + selector: + app: redis + ports: + - port: 6379 + From f93db85e06419c8c87a651ab875762c34b546ee6 Mon Sep 17 00:00:00 2001 From: j Date: Fri, 11 Jul 2025 00:48:42 +1000 Subject: [PATCH 098/148] remove secret replicator --- deployments/home-server/authentik.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/deployments/home-server/authentik.yaml b/deployments/home-server/authentik.yaml index 270c402..d153a5c 100644 --- a/deployments/home-server/authentik.yaml +++ b/deployments/home-server/authentik.yaml @@ -8,14 +8,6 @@ spec: url: https://charts.goauthentik.io/ interval: 1h --- -apiVersion: v1 -kind: Secret -metadata: - name: wildcard-hxme-net - namespace: home-server - annotations: - replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: From 55e80ee0b830e8be0b5c7825c8bd049e904dfa58 Mon Sep 17 00:00:00 2001 From: j Date: Fri, 11 Jul 2025 00:49:23 +1000 Subject: [PATCH 099/148] Update ingress --- deployments/home-server/authentik.yaml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/deployments/home-server/authentik.yaml b/deployments/home-server/authentik.yaml index d153a5c..711680c 100644 --- a/deployments/home-server/authentik.yaml +++ b/deployments/home-server/authentik.yaml @@ -32,10 +32,11 @@ spec: - kind: Secret name: authentik-values values: - ingress: - annotations: - external-dns.alpha.kubernetes.io/hostname: auth.hxme.net - tls: - - secretName: wildcard-hxme-net - hosts: - - auth.hxme.net + server: + ingress: + annotations: + external-dns.alpha.kubernetes.io/hostname: auth.hxme.net + tls: + - secretName: wildcard-hxme-net + hosts: + - auth.hxme.net From d7c5547164ca84c155802beb971531f94a407d9a Mon Sep 17 00:00:00 2001 From: j Date: Fri, 11 Jul 2025 09:19:05 +1000 Subject: [PATCH 100/148] Switch to staging server to give timeouts a chance to timeout --- deployments/home-server/certmanager.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployments/home-server/certmanager.yaml b/deployments/home-server/certmanager.yaml index 6b9fb0a..37a5281 100644 --- a/deployments/home-server/certmanager.yaml +++ b/deployments/home-server/certmanager.yaml @@ -39,7 +39,8 @@ metadata: spec: acme: email: admin@hxme.net - server: https://acme-v02.api.letsencrypt.org/directory + #server: https://acme-v02.api.letsencrypt.org/directory + server: https://acme-staging-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt-rfc2136 solvers: From 0dd05a5c1d97e3bc26f3d92800fd6ea831cf816a Mon Sep 17 00:00:00 2001 From: j Date: Fri, 11 Jul 2025 10:08:12 +1000 Subject: [PATCH 101/148] Allow replication to home-media --- deployments/home-server/certmanager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/home-server/certmanager.yaml b/deployments/home-server/certmanager.yaml index 37a5281..9468a66 100644 --- a/deployments/home-server/certmanager.yaml +++ b/deployments/home-server/certmanager.yaml @@ -63,7 +63,7 @@ spec: secretTemplate: annotations: replicator.v1.mittwald.de/replication-allowed: "true" - replicator.v1.mittwald.de/replicate-to: "monitoring,authentik,nextcloud" + replicator.v1.mittwald.de/replicate-to: "home-media" issuerRef: name: letsencrypt-rfc2136 kind: ClusterIssuer From 939ff4dcdb12b32b822cafcee8080eba1cacf26f Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 12:48:17 +1000 Subject: [PATCH 102/148] Split DNS and SSL off --- .../{home-server => dns-ssl}/bind.yaml | 0 .../{home-server => dns-ssl}/certmanager.yaml | 0 .../{home-server => dns-ssl}/externaldns.yaml | 0 deployments/dns-ssl/kustomization.yaml | 8 +++++ deployments/home-server/kustomization.yaml | 3 -- deployments/kustomization.yaml | 1 + deployments/kusts/dns-ssl.yaml | 29 +++++++++++++++++++ 7 files changed, 38 insertions(+), 3 deletions(-) rename deployments/{home-server => dns-ssl}/bind.yaml (100%) rename deployments/{home-server => dns-ssl}/certmanager.yaml (100%) rename deployments/{home-server => dns-ssl}/externaldns.yaml (100%) create mode 100644 deployments/dns-ssl/kustomization.yaml create mode 100644 deployments/kusts/dns-ssl.yaml diff --git a/deployments/home-server/bind.yaml b/deployments/dns-ssl/bind.yaml similarity index 100% rename from deployments/home-server/bind.yaml rename to deployments/dns-ssl/bind.yaml diff --git a/deployments/home-server/certmanager.yaml b/deployments/dns-ssl/certmanager.yaml similarity index 100% rename from deployments/home-server/certmanager.yaml rename to deployments/dns-ssl/certmanager.yaml diff --git a/deployments/home-server/externaldns.yaml b/deployments/dns-ssl/externaldns.yaml similarity index 100% rename from deployments/home-server/externaldns.yaml rename to deployments/dns-ssl/externaldns.yaml diff --git a/deployments/dns-ssl/kustomization.yaml b/deployments/dns-ssl/kustomization.yaml new file mode 100644 index 0000000..db5244e --- /dev/null +++ b/deployments/dns-ssl/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - bind.yaml + - certmanager.yaml + - externaldns.yaml diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 323f746..0f912e9 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -4,7 +4,4 @@ kind: Kustomization resources: - authentik.yaml - - bind.yaml - - certmanager.yaml - - externaldns.yaml - nextcloud.yaml diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 4e604db..f50412d 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,5 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - kusts/operators.yaml +- kusts/dns-ssl.yaml - kusts/home-server.yaml diff --git a/deployments/kusts/dns-ssl.yaml b/deployments/kusts/dns-ssl.yaml new file mode 100644 index 0000000..df4bdd8 --- /dev/null +++ b/deployments/kusts/dns-ssl.yaml @@ -0,0 +1,29 @@ +## I am so fucking mad with Flux right now I can't even begin explaining it. +# I have to do this because it doesn't respect order in kusts... +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: dns-ssl + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: main + url: ssh://git@repobase.net/j/home-server.git + secretRef: + name: flux-ssh +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: dns-ssl + namespace: flux-system +spec: + interval: 1m0s + path: ./deployments/dns-ssl + prune: true + sourceRef: + kind: GitRepository + name: dns-ssl + From 406d0aa867a3637dc85e2cdd2f31def853e946e6 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 12:53:21 +1000 Subject: [PATCH 103/148] Drop staging server --- deployments/dns-ssl/certmanager.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/dns-ssl/certmanager.yaml b/deployments/dns-ssl/certmanager.yaml index 9468a66..95511fd 100644 --- a/deployments/dns-ssl/certmanager.yaml +++ b/deployments/dns-ssl/certmanager.yaml @@ -39,8 +39,8 @@ metadata: spec: acme: email: admin@hxme.net - #server: https://acme-v02.api.letsencrypt.org/directory - server: https://acme-staging-v02.api.letsencrypt.org/directory + server: https://acme-v02.api.letsencrypt.org/directory + #server: https://acme-staging-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt-rfc2136 solvers: From 039fe8659765fe18ac71bc517b5db2111b1bfad7 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 12:58:38 +1000 Subject: [PATCH 104/148] remove to force full wipe rebuild --- deployments/dns-ssl/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deployments/dns-ssl/kustomization.yaml b/deployments/dns-ssl/kustomization.yaml index db5244e..05ba44c 100644 --- a/deployments/dns-ssl/kustomization.yaml +++ b/deployments/dns-ssl/kustomization.yaml @@ -4,5 +4,4 @@ kind: Kustomization resources: - bind.yaml - - certmanager.yaml - externaldns.yaml From 560507b22d01fdf5ca5e7f705ab896b0e9a75237 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 12:59:05 +1000 Subject: [PATCH 105/148] restore cert manager to build cert --- deployments/dns-ssl/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deployments/dns-ssl/kustomization.yaml b/deployments/dns-ssl/kustomization.yaml index 05ba44c..c9c356f 100644 --- a/deployments/dns-ssl/kustomization.yaml +++ b/deployments/dns-ssl/kustomization.yaml @@ -5,3 +5,4 @@ kind: Kustomization resources: - bind.yaml - externaldns.yaml + - certmanager.yaml From bad83858fdf537ab349154b8ef52bccfba2aef5a Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:09:53 +1000 Subject: [PATCH 106/148] vault warden --- deployments/home-server/vaultwarden.yaml | 105 +++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 deployments/home-server/vaultwarden.yaml diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml new file mode 100644 index 0000000..62a2d0c --- /dev/null +++ b/deployments/home-server/vaultwarden.yaml @@ -0,0 +1,105 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: vaultwarden-pv +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/services/vaultwarden +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vaultwarden-pvc + namespace: home-server +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 5Gi + volumeName: vaultwarden-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden + namespace: home-server +spec: + selector: + app: vaultwarden + ports: + - port: 80 + targetPort: 80 + protocol: TCP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: home-server +spec: + replicas: 1 + selector: + matchLabels: + app: vaultwarden + template: + metadata: + labels: + app: vaultwarden + spec: + containers: + - name: vaultwarden + image: vaultwarden/server:latest + imagePullPolicy: Always + env: + - name: TZ + value: "Australia/Sydney" + - name: WEBSOCKET_ENABLED + value: "true" + - name: SIGNUPS_ALLOWED + value: "false" # Set to "true" if you want open registration + ports: + - containerPort: 80 + volumeMounts: + - name: vaultwarden-data + mountPath: /data + volumes: + - name: vaultwarden-data + persistentVolumeClaim: + claimName: vaultwarden-pvc +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden + namespace: home-server + annotations: + external-dns.alpha.kubernetes.io/hostname: vault.hxme.net + nginx.ingress.kubernetes.io/proxy-body-size: "100m" + nginx.ingress.kubernetes.io/server-snippet: | + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; +spec: + tls: + - hosts: + - vault.hxme.net + secretName: wildcard-hxme-net + rules: + - host: vault.hxme.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vaultwarden + port: + number: 80 + From 800f9216cc7fed0a97c4f8e7c4acd21507ae8cfb Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:10:10 +1000 Subject: [PATCH 107/148] Fix timezone --- deployments/home-server/vaultwarden.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 62a2d0c..1b64c0d 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -61,7 +61,7 @@ spec: imagePullPolicy: Always env: - name: TZ - value: "Australia/Sydney" + value: "Australia/Brisbane" - name: WEBSOCKET_ENABLED value: "true" - name: SIGNUPS_ALLOWED From 4c0bb8f0c78c3e63705233669b23b6d68f2d4516 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:16:25 +1000 Subject: [PATCH 108/148] Add vault warden --- deployments/home-server/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 0f912e9..3436128 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -5,3 +5,4 @@ kind: Kustomization resources: - authentik.yaml - nextcloud.yaml + - vaultwarden.yaml From b26e6a2c95b7ff12a402082227d66c4da9508e5f Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:17:01 +1000 Subject: [PATCH 109/148] linkwarden --- deployments/home-server/kustomization.yaml | 1 + deployments/home-server/linkwarden.yaml | 104 +++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 deployments/home-server/linkwarden.yaml diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 3436128..6b9c8af 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -6,3 +6,4 @@ resources: - authentik.yaml - nextcloud.yaml - vaultwarden.yaml + - linkwarden.yaml diff --git a/deployments/home-server/linkwarden.yaml b/deployments/home-server/linkwarden.yaml new file mode 100644 index 0000000..7ffdaf6 --- /dev/null +++ b/deployments/home-server/linkwarden.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: linkwarden-pv +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/services/linkwarden +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: linkwarden-pvc + namespace: home-server +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 5Gi + volumeName: linkwarden-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: linkwarden + namespace: home-server +spec: + selector: + app: linkwarden + ports: + - port: 3000 + targetPort: 3000 + protocol: TCP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: linkwarden + namespace: home-server +spec: + replicas: 1 + selector: + matchLabels: + app: linkwarden + template: + metadata: + labels: + app: linkwarden + spec: + containers: + - name: linkwarden + image: ghcr.io/linkwarden/linkwarden:latest + imagePullPolicy: Always + ports: + - containerPort: 3000 + env: + - name: NODE_ENV + value: "production" + - name: TZ + value: "Australia/Sydney" + - name: DATABASE_URL + value: "file:/data/data.db" + volumeMounts: + - name: linkwarden-data + mountPath: /data + volumes: + - name: linkwarden-data + persistentVolumeClaim: + claimName: linkwarden-pvc +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: linkwarden + namespace: home-server + annotations: + external-dns.alpha.kubernetes.io/hostname: links.hxme.net + nginx.ingress.kubernetes.io/server-snippet: | + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; +spec: + tls: + - hosts: + - links.hxme.net + secretName: wildcard-hxme-net + rules: + - host: links.hxme.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: linkwarden + port: + number: 3000 + From c291399f8f38bbffb6c19d802d19e07003c3fb85 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:35:34 +1000 Subject: [PATCH 110/148] Init container to prepopulate data directory --- deployments/home-server/linkwarden.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/deployments/home-server/linkwarden.yaml b/deployments/home-server/linkwarden.yaml index 7ffdaf6..e07bee5 100644 --- a/deployments/home-server/linkwarden.yaml +++ b/deployments/home-server/linkwarden.yaml @@ -55,6 +55,15 @@ spec: labels: app: linkwarden spec: + initContainers: + - name: copy-linkwarden + image: ghcr.io/linkwarden/linkwarden:latest + command: ["/bin/sh", "-c"] + args: + - cp -r /app/. /data/ # Copy everything from the internal app dir to the mounted volume + volumeMounts: + - name: linkwarden-data + mountPath: /data containers: - name: linkwarden image: ghcr.io/linkwarden/linkwarden:latest From 5626e4fbb92f6a07fe62c2ee936f8fa20a9d4e70 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:37:14 +1000 Subject: [PATCH 111/148] Better way of checking. See commit desc. This is a better way of checking. Recommended for set and forget but not battle tested. Original way that this replaces risks wiping data. --- deployments/home-server/linkwarden.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/deployments/home-server/linkwarden.yaml b/deployments/home-server/linkwarden.yaml index e07bee5..023eee8 100644 --- a/deployments/home-server/linkwarden.yaml +++ b/deployments/home-server/linkwarden.yaml @@ -60,7 +60,13 @@ spec: image: ghcr.io/linkwarden/linkwarden:latest command: ["/bin/sh", "-c"] args: - - cp -r /app/. /data/ # Copy everything from the internal app dir to the mounted volume + - | + if [ -z "$(ls -A /data)" ]; then + echo "/data is empty, initializing..." + cp -r /app/. /data/ + else + echo "/data already initialized, skipping copy." + fi volumeMounts: - name: linkwarden-data mountPath: /data From 6b62cebfcfdbb7087dce42a8587a5a7d680155a6 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:38:14 +1000 Subject: [PATCH 112/148] More logical way of doing things --- deployments/home-server/linkwarden.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deployments/home-server/linkwarden.yaml b/deployments/home-server/linkwarden.yaml index 023eee8..95492f2 100644 --- a/deployments/home-server/linkwarden.yaml +++ b/deployments/home-server/linkwarden.yaml @@ -61,15 +61,15 @@ spec: command: ["/bin/sh", "-c"] args: - | - if [ -z "$(ls -A /data)" ]; then - echo "/data is empty, initializing..." - cp -r /app/. /data/ + if [ -z "$(ls -A /new_data)" ]; then + echo "/new_data is empty, initializing..." + cp -r /data/. /new_data/ else - echo "/data already initialized, skipping copy." + echo "/new_data already initialized, skipping copy." fi volumeMounts: - name: linkwarden-data - mountPath: /data + mountPath: /new_data containers: - name: linkwarden image: ghcr.io/linkwarden/linkwarden:latest From 0d449eefb153d883cb9cab4f8ae1f5b83ad6ffe5 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:39:53 +1000 Subject: [PATCH 113/148] Admin token enables admin area --- deployments/home-server/vaultwarden.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 1b64c0d..28c9fd8 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -66,6 +66,8 @@ spec: value: "true" - name: SIGNUPS_ALLOWED value: "false" # Set to "true" if you want open registration + - name: ADMIN_TOKEN + value: 0h12893hj0129j30129j3 ports: - containerPort: 80 volumeMounts: From d5019aafa23eccf9a991eec6a9360b3f973049ca Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:43:25 +1000 Subject: [PATCH 114/148] Add postgres --- deployments/kustomization.yaml | 1 - deployments/operators/kustomization.yaml | 1 + deployments/operators/postgres.yaml | 56 ++++++++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 deployments/operators/postgres.yaml diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index f50412d..20cabb2 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -4,4 +4,3 @@ resources: - kusts/operators.yaml - kusts/dns-ssl.yaml - kusts/home-server.yaml - diff --git a/deployments/operators/kustomization.yaml b/deployments/operators/kustomization.yaml index 9a0fb27..3fc92d1 100644 --- a/deployments/operators/kustomization.yaml +++ b/deployments/operators/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization resources: - mariadb.yaml + - postgres.yaml - replicator.yaml - namespace.yaml - redis.yaml diff --git a/deployments/operators/postgres.yaml b/deployments/operators/postgres.yaml new file mode 100644 index 0000000..82bc07d --- /dev/null +++ b/deployments/operators/postgres.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: postgres-operator-system +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: crunchydata-postgres-operator + namespace: flux-system +spec: + url: https://charts.crunchydata.com + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgres-operator-crds + namespace: postgres-operator-system +spec: + interval: 30m + chart: + spec: + chart: pgo-crds + version: 5.3.0 # or latest stable version + sourceRef: + kind: HelmRepository + name: crunchydata-postgres-operator + namespace: flux-system + install: + createNamespace: true + upgrade: + disableWait: true + timeout: 5m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgres-operator + namespace: postgres-operator-system +spec: + interval: 30m + chart: + spec: + chart: postgres-operator + version: 5.3.0 # or latest stable version + sourceRef: + kind: HelmRepository + name: crunchydata-postgres-operator + namespace: flux-system + install: + createNamespace: true + dependsOn: + - name: postgres-operator-crds + namespace: postgres-operator-system From 596d2a3959dd06c72ce21d571e02d9bad38a0901 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:48:58 +1000 Subject: [PATCH 115/148] Update to OCI --- deployments/operators/postgres.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deployments/operators/postgres.yaml b/deployments/operators/postgres.yaml index 82bc07d..e12a3c6 100644 --- a/deployments/operators/postgres.yaml +++ b/deployments/operators/postgres.yaml @@ -10,8 +10,8 @@ metadata: name: crunchydata-postgres-operator namespace: flux-system spec: - url: https://charts.crunchydata.com interval: 1h + url: oci://registry.developers.crunchydata.com/crunchydata/pgo --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease @@ -23,7 +23,7 @@ spec: chart: spec: chart: pgo-crds - version: 5.3.0 # or latest stable version + version: 5.3.0 sourceRef: kind: HelmRepository name: crunchydata-postgres-operator @@ -44,7 +44,7 @@ spec: chart: spec: chart: postgres-operator - version: 5.3.0 # or latest stable version + version: 5.3.0 sourceRef: kind: HelmRepository name: crunchydata-postgres-operator @@ -54,3 +54,4 @@ spec: dependsOn: - name: postgres-operator-crds namespace: postgres-operator-system + From 743dc97e157d44af9be3967a53214c485ac7f1ec Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:51:48 +1000 Subject: [PATCH 116/148] Remove psql because it was a pain --- deployments/operators/kustomization.yaml | 1 - deployments/operators/postgres.yaml | 57 ------------------------ 2 files changed, 58 deletions(-) delete mode 100644 deployments/operators/postgres.yaml diff --git a/deployments/operators/kustomization.yaml b/deployments/operators/kustomization.yaml index 3fc92d1..9a0fb27 100644 --- a/deployments/operators/kustomization.yaml +++ b/deployments/operators/kustomization.yaml @@ -4,7 +4,6 @@ kind: Kustomization resources: - mariadb.yaml - - postgres.yaml - replicator.yaml - namespace.yaml - redis.yaml diff --git a/deployments/operators/postgres.yaml b/deployments/operators/postgres.yaml deleted file mode 100644 index e12a3c6..0000000 --- a/deployments/operators/postgres.yaml +++ /dev/null @@ -1,57 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: postgres-operator-system ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: crunchydata-postgres-operator - namespace: flux-system -spec: - interval: 1h - url: oci://registry.developers.crunchydata.com/crunchydata/pgo ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: postgres-operator-crds - namespace: postgres-operator-system -spec: - interval: 30m - chart: - spec: - chart: pgo-crds - version: 5.3.0 - sourceRef: - kind: HelmRepository - name: crunchydata-postgres-operator - namespace: flux-system - install: - createNamespace: true - upgrade: - disableWait: true - timeout: 5m ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: postgres-operator - namespace: postgres-operator-system -spec: - interval: 30m - chart: - spec: - chart: postgres-operator - version: 5.3.0 - sourceRef: - kind: HelmRepository - name: crunchydata-postgres-operator - namespace: flux-system - install: - createNamespace: true - dependsOn: - - name: postgres-operator-crds - namespace: postgres-operator-system - From 54d85078667409201b62b24eda3a8e98f132ec1b Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:53:27 +1000 Subject: [PATCH 117/148] GPT rework cloned with db --- deployments/home-server/linkwarden.yaml | 117 ++++++++++++++++++------ 1 file changed, 89 insertions(+), 28 deletions(-) diff --git a/deployments/home-server/linkwarden.yaml b/deployments/home-server/linkwarden.yaml index 95492f2..d3aaa9d 100644 --- a/deployments/home-server/linkwarden.yaml +++ b/deployments/home-server/linkwarden.yaml @@ -1,6 +1,92 @@ --- apiVersion: v1 kind: PersistentVolume +metadata: + name: linkwarden-pgdata-pv +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/services/linkwarden/database +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: linkwarden-pgdata-pvc + namespace: home-server +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 5Gi + volumeName: linkwarden-pgdata-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: linkwarden-postgres + namespace: home-server +spec: + ports: + - port: 5432 + selector: + app: linkwarden-postgres +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: linkwarden-postgres + namespace: home-server +spec: + replicas: 1 + selector: + matchLabels: + app: linkwarden-postgres + template: + metadata: + labels: + app: linkwarden-postgres + spec: + containers: + - name: postgres + image: postgres:15 + env: + - name: POSTGRES_DB + value: linkwarden + - name: POSTGRES_USER + value: linkwardenuser + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: linkwarden-postgres-secret + key: postgres-password + ports: + - containerPort: 5432 + volumeMounts: + - name: pgdata + mountPath: /var/lib/postgresql/data + volumes: + - name: pgdata + persistentVolumeClaim: + claimName: linkwarden-pgdata-pvc +--- +apiVersion: v1 +kind: Secret +metadata: + name: linkwarden-postgres-secret + namespace: home-server +type: Opaque +stringData: + postgres-password: "your-strong-password-here" +--- +apiVersion: v1 +kind: PersistentVolume metadata: name: linkwarden-pv spec: @@ -11,7 +97,7 @@ spec: persistentVolumeReclaimPolicy: Retain storageClassName: local-path hostPath: - path: /dpool/services/linkwarden + path: /dpool/services/linkwarden/app --- apiVersion: v1 kind: PersistentVolumeClaim @@ -80,9 +166,9 @@ spec: - name: NODE_ENV value: "production" - name: TZ - value: "Australia/Sydney" + value: "Australia/Brisbane" - name: DATABASE_URL - value: "file:/data/data.db" + value: "postgresql://linkwardenuser:$(POSTGRES_PASSWORD)@linkwarden-postgres.home-server.svc.cluster.local:5432/linkwarden" volumeMounts: - name: linkwarden-data mountPath: /data @@ -91,29 +177,4 @@ spec: persistentVolumeClaim: claimName: linkwarden-pvc --- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: linkwarden - namespace: home-server - annotations: - external-dns.alpha.kubernetes.io/hostname: links.hxme.net - nginx.ingress.kubernetes.io/server-snippet: | - add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; -spec: - tls: - - hosts: - - links.hxme.net - secretName: wildcard-hxme-net - rules: - - host: links.hxme.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: linkwarden - port: - number: 3000 From b3d6a3830946ffacc2ffebc975f7734f903cb249 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 13:56:53 +1000 Subject: [PATCH 118/148] Reorder --- deployments/home-server/linkwarden.yaml | 103 +++++++++++------------- 1 file changed, 46 insertions(+), 57 deletions(-) diff --git a/deployments/home-server/linkwarden.yaml b/deployments/home-server/linkwarden.yaml index d3aaa9d..6b9ff25 100644 --- a/deployments/home-server/linkwarden.yaml +++ b/deployments/home-server/linkwarden.yaml @@ -28,15 +28,32 @@ spec: volumeName: linkwarden-pgdata-pv --- apiVersion: v1 -kind: Service +kind: PersistentVolume metadata: - name: linkwarden-postgres + name: linkwarden-pv +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/services/linkwarden/app +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: linkwarden-pvc namespace: home-server spec: - ports: - - port: 5432 - selector: - app: linkwarden-postgres + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 5Gi + volumeName: linkwarden-pv --- apiVersion: apps/v1 kind: Deployment @@ -76,56 +93,6 @@ spec: persistentVolumeClaim: claimName: linkwarden-pgdata-pvc --- -apiVersion: v1 -kind: Secret -metadata: - name: linkwarden-postgres-secret - namespace: home-server -type: Opaque -stringData: - postgres-password: "your-strong-password-here" ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: linkwarden-pv -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: local-path - hostPath: - path: /dpool/services/linkwarden/app ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: linkwarden-pvc - namespace: home-server -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-path - resources: - requests: - storage: 5Gi - volumeName: linkwarden-pv ---- -apiVersion: v1 -kind: Service -metadata: - name: linkwarden - namespace: home-server -spec: - selector: - app: linkwarden - ports: - - port: 3000 - targetPort: 3000 - protocol: TCP ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -177,4 +144,26 @@ spec: persistentVolumeClaim: claimName: linkwarden-pvc --- - +apiVersion: v1 +kind: Service +metadata: + name: linkwarden + namespace: home-server +spec: + selector: + app: linkwarden + ports: + - port: 3000 + targetPort: 3000 + protocol: TCP +--- +apiVersion: v1 +kind: Service +metadata: + name: linkwarden-postgres + namespace: home-server +spec: + ports: + - port: 5432 + selector: + app: linkwarden-postgres From 47549884388ba4a8862604b226862c2047f8611c Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 14:06:55 +1000 Subject: [PATCH 119/148] Messed with pvs now need to nuke --- deployments/home-server/kustomization.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 6b9c8af..0f912e9 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -5,5 +5,3 @@ kind: Kustomization resources: - authentik.yaml - nextcloud.yaml - - vaultwarden.yaml - - linkwarden.yaml From c582281dc9609e6ceca2539cf00ee5dc57d91ecc Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 18:49:26 +1000 Subject: [PATCH 120/148] Change vw data path --- deployments/home-server/kustomization.yaml | 2 ++ deployments/home-server/vaultwarden.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 0f912e9..6b9c8af 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -5,3 +5,5 @@ kind: Kustomization resources: - authentik.yaml - nextcloud.yaml + - vaultwarden.yaml + - linkwarden.yaml diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 28c9fd8..6dc807a 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -11,7 +11,7 @@ spec: persistentVolumeReclaimPolicy: Retain storageClassName: local-path hostPath: - path: /dpool/services/vaultwarden + path: /dpool/services/vaultwarden/data --- apiVersion: v1 kind: PersistentVolumeClaim From b325f73d63ff5c7906fd565bac574ecc213dcc57 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 18:52:46 +1000 Subject: [PATCH 121/148] remove both sorry i drank --- deployments/home-server/kustomization.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 6b9c8af..0f912e9 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -5,5 +5,3 @@ kind: Kustomization resources: - authentik.yaml - nextcloud.yaml - - vaultwarden.yaml - - linkwarden.yaml From 8b0f9f17f26d1774778417c3f8e157b07d878aa3 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 18:53:13 +1000 Subject: [PATCH 122/148] still drinking yolo vaultwarden --- deployments/home-server/vaultwarden.yaml | 92 ++++++++++-------------- 1 file changed, 36 insertions(+), 56 deletions(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 6dc807a..60c10e6 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: vaultwarden-pv + name: vaultwarden-pgdata-pv spec: capacity: storage: 5Gi @@ -11,12 +11,12 @@ spec: persistentVolumeReclaimPolicy: Retain storageClassName: local-path hostPath: - path: /dpool/services/vaultwarden/data + path: /dpool/services/vaultwarden-pgdata --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: vaultwarden-pvc + name: vaultwarden-pgdata-pvc namespace: home-server spec: accessModes: @@ -25,83 +25,63 @@ spec: resources: requests: storage: 5Gi - volumeName: vaultwarden-pv + volumeName: vaultwarden-pgdata-pv --- apiVersion: v1 kind: Service metadata: - name: vaultwarden + name: vaultwarden-postgres namespace: home-server spec: - selector: - app: vaultwarden ports: - - port: 80 - targetPort: 80 - protocol: TCP + - port: 5432 + selector: + app: vaultwarden-postgres +--- +apiVersion: v1 +kind: Secret +metadata: + name: vaultwarden-postgres-secret + namespace: home-server +type: Opaque +stringData: + postgres-password: "super-strong-password" --- apiVersion: apps/v1 kind: Deployment metadata: - name: vaultwarden + name: vaultwarden-postgres namespace: home-server spec: replicas: 1 selector: matchLabels: - app: vaultwarden + app: vaultwarden-postgres template: metadata: labels: - app: vaultwarden + app: vaultwarden-postgres spec: containers: - - name: vaultwarden - image: vaultwarden/server:latest - imagePullPolicy: Always + - name: postgres + image: postgres:15 env: - - name: TZ - value: "Australia/Brisbane" - - name: WEBSOCKET_ENABLED - value: "true" - - name: SIGNUPS_ALLOWED - value: "false" # Set to "true" if you want open registration - - name: ADMIN_TOKEN - value: 0h12893hj0129j30129j3 + - name: POSTGRES_DB + value: vaultwarden + - name: POSTGRES_USER + value: vaultuser + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: vaultwarden-postgres-secret + key: postgres-password ports: - - containerPort: 80 + - containerPort: 5432 volumeMounts: - - name: vaultwarden-data - mountPath: /data + - name: pgdata + mountPath: /var/lib/postgresql/data volumes: - - name: vaultwarden-data + - name: pgdata persistentVolumeClaim: - claimName: vaultwarden-pvc ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: vaultwarden - namespace: home-server - annotations: - external-dns.alpha.kubernetes.io/hostname: vault.hxme.net - nginx.ingress.kubernetes.io/proxy-body-size: "100m" - nginx.ingress.kubernetes.io/server-snippet: | - add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; -spec: - tls: - - hosts: - - vault.hxme.net - secretName: wildcard-hxme-net - rules: - - host: vault.hxme.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: vaultwarden - port: - number: 80 + claimName: vaultwarden-pgdata-pvc From 43a17c0d7cdc81fceaaeb77a38bbe31c9b815a52 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 19:32:30 +1000 Subject: [PATCH 123/148] readd --- deployments/home-server/kustomization.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 0f912e9..6b9c8af 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -5,3 +5,5 @@ kind: Kustomization resources: - authentik.yaml - nextcloud.yaml + - vaultwarden.yaml + - linkwarden.yaml From c49584e23a6be91914396f722d9373da98d969ff Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 20:00:25 +1000 Subject: [PATCH 124/148] re-add vaultwarden --- deployments/home-server/vaultwarden.yaml | 83 ++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 60c10e6..3733ef5 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -85,3 +85,86 @@ spec: persistentVolumeClaim: claimName: vaultwarden-pgdata-pvc +--- +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: vaultwarden-pv +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/services/vaultwarden/data +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vaultwarden-pvc + namespace: home-server +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 5Gi + volumeName: vaultwarden-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden + namespace: home-server +spec: + selector: + app: vaultwarden + ports: + - port: 80 + targetPort: 80 + protocol: TCP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: home-server +spec: + replicas: 1 + selector: + matchLabels: + app: vaultwarden + template: + metadata: + labels: + app: vaultwarden + spec: + containers: + - name: vaultwarden + image: vaultwarden/server:latest + imagePullPolicy: Always + env: + - name: TZ + value: "Australia/Brisbane" + - name: WEBSOCKET_ENABLED + value: "true" + - name: SIGNUPS_ALLOWED + value: "false" + - name: ADMIN_TOKEN + value: "0h12893hj0129j30129j3" + - name: DATABASE_URL + value: "postgresql://vaultuser:super-strong-password@vaultwarden-postgres.home-server.svc.cluster.local:5432/vaultwarden" + ports: + - containerPort: 80 + volumeMounts: + - name: vaultwarden-data + mountPath: /data + volumes: + - name: vaultwarden-data + persistentVolumeClaim: + claimName: vaultwarden-pvc + From b67ff9e13748ce5e9a7b1e1ca593ba8ab8458694 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:08:02 +1000 Subject: [PATCH 125/148] Test --- deployments/home-server/kustomization.yaml | 1 + deployments/home-server/test/a.yaml | 5 +++++ deployments/home-server/test/b.yaml | 5 +++++ 3 files changed, 11 insertions(+) create mode 100644 deployments/home-server/test/a.yaml create mode 100644 deployments/home-server/test/b.yaml diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 6b9c8af..256ca0e 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -7,3 +7,4 @@ resources: - nextcloud.yaml - vaultwarden.yaml - linkwarden.yaml + - test/ diff --git a/deployments/home-server/test/a.yaml b/deployments/home-server/test/a.yaml new file mode 100644 index 0000000..6a586ea --- /dev/null +++ b/deployments/home-server/test/a.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: a diff --git a/deployments/home-server/test/b.yaml b/deployments/home-server/test/b.yaml new file mode 100644 index 0000000..141a4dc --- /dev/null +++ b/deployments/home-server/test/b.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: b From fee0b443dad8fda1f22d9fc0aeaaa908795ce5ef Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:09:14 +1000 Subject: [PATCH 126/148] test --- deployments/home-server/test/kustomization.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 deployments/home-server/test/kustomization.yaml diff --git a/deployments/home-server/test/kustomization.yaml b/deployments/home-server/test/kustomization.yaml new file mode 100644 index 0000000..1dbc74b --- /dev/null +++ b/deployments/home-server/test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - a.yaml + - b.yaml From e4abfa72f45008123adc2281c9cd0853c29d0aca Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:14:45 +1000 Subject: [PATCH 127/148] try new psql operator --- deployments/home-server/test/a.yaml | 5 -- deployments/home-server/test/b.yaml | 5 -- .../home-server/test/kustomization.yaml | 7 -- deployments/operators/postgresql.yaml | 67 +++++++++++++++++++ 4 files changed, 67 insertions(+), 17 deletions(-) delete mode 100644 deployments/home-server/test/a.yaml delete mode 100644 deployments/home-server/test/b.yaml delete mode 100644 deployments/home-server/test/kustomization.yaml create mode 100644 deployments/operators/postgresql.yaml diff --git a/deployments/home-server/test/a.yaml b/deployments/home-server/test/a.yaml deleted file mode 100644 index 6a586ea..0000000 --- a/deployments/home-server/test/a.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: a diff --git a/deployments/home-server/test/b.yaml b/deployments/home-server/test/b.yaml deleted file mode 100644 index 141a4dc..0000000 --- a/deployments/home-server/test/b.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: b diff --git a/deployments/home-server/test/kustomization.yaml b/deployments/home-server/test/kustomization.yaml deleted file mode 100644 index 1dbc74b..0000000 --- a/deployments/home-server/test/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - a.yaml - - b.yaml diff --git a/deployments/operators/postgresql.yaml b/deployments/operators/postgresql.yaml new file mode 100644 index 0000000..4f0451f --- /dev/null +++ b/deployments/operators/postgresql.yaml @@ -0,0 +1,67 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: zalando-postgres-operator + +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: postgres-operator-charts + namespace: flux-system +spec: + interval: 1h + url: https://opensource.zalando.com/postgres-operator/charts/postgres-operator + +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgres-operator + namespace: zalando-postgres-operator +spec: + interval: 30m + chart: + spec: + chart: postgres-operator + version: 1.10.1 # Optional: adjust if newer versions become available + sourceRef: + kind: HelmRepository + name: postgres-operator-charts + namespace: flux-system + install: + createNamespace: true + values: + configGeneral: + enable_crd_registration: true + +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: postgres-operator-ui-charts + namespace: flux-system +spec: + interval: 1h + url: https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui + +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgres-operator-ui + namespace: zalando-postgres-operator +spec: + interval: 30m + chart: + spec: + chart: postgres-operator-ui + version: 1.10.1 # Optional: update based on available version + sourceRef: + kind: HelmRepository + name: postgres-operator-ui-charts + namespace: flux-system + install: + createNamespace: true + From a499bb5cc5e9f086546f15d2ffda2192ef6ec656 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:16:04 +1000 Subject: [PATCH 128/148] rem test --- deployments/home-server/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 256ca0e..6b9c8af 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -7,4 +7,3 @@ resources: - nextcloud.yaml - vaultwarden.yaml - linkwarden.yaml - - test/ From c14ad440edaac569bac902055ea3471bb7f35b98 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:16:18 +1000 Subject: [PATCH 129/148] pgsql --- deployments/operators/kustomization.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployments/operators/kustomization.yaml b/deployments/operators/kustomization.yaml index 9a0fb27..4745879 100644 --- a/deployments/operators/kustomization.yaml +++ b/deployments/operators/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization resources: - mariadb.yaml + - redis.yaml + - postgresql.yaml - replicator.yaml - namespace.yaml - - redis.yaml From 3a97e86b5e5899a7342eaf67148c7b6095d80792 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:17:49 +1000 Subject: [PATCH 130/148] Samba share for dpool --- deployments/home-server/samba.yaml | 82 ++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 deployments/home-server/samba.yaml diff --git a/deployments/home-server/samba.yaml b/deployments/home-server/samba.yaml new file mode 100644 index 0000000..94f1d1e --- /dev/null +++ b/deployments/home-server/samba.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: smb-share-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteMany + storageClassName: local-path + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /dpool/ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: smb-share-pvc + namespace: home-server +spec: + accessModes: + - ReadWriteMany + storageClassName: local-path + resources: + requests: + storage: 10Gi + volumeName: smb-share-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: smb-server + namespace: home-server +spec: + selector: + app: smb-server + ports: + - name: smb + port: 445 + targetPort: 445 + - name: netbios + port: 139 + targetPort: 139 + type: NodePort # Use ClusterIP or LoadBalancer depending on access requirements +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: smb-server + namespace: home-server +spec: + replicas: 1 + selector: + matchLabels: + app: smb-server + template: + metadata: + labels: + app: smb-server + spec: + containers: + - name: samba + image: dperson/samba + args: + - -u + - "user;password" + - -s + - "share;/mount;yes;no;no;user" + ports: + - containerPort: 139 + - containerPort: 445 + securityContext: + capabilities: + add: ["NET_ADMIN"] + volumeMounts: + - name: share + mountPath: /mount + volumes: + - name: share + persistentVolumeClaim: + claimName: smb-share-pvc From 0a11e30cffe80f4532bea17ea8c3ecfefbd05ff5 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:19:15 +1000 Subject: [PATCH 131/148] yolo smb --- deployments/home-server/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index 6b9c8af..cc087c5 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -7,3 +7,4 @@ resources: - nextcloud.yaml - vaultwarden.yaml - linkwarden.yaml + - samba.yaml From b66a7b3de2a086f7b42526b15d7b7138d46cd3f5 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:28:38 +1000 Subject: [PATCH 132/148] fix up psql --- deployments/home-server/vaultwarden.yaml | 25 ++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 3733ef5..6e8f10c 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -157,7 +157,11 @@ spec: - name: ADMIN_TOKEN value: "0h12893hj0129j30129j3" - name: DATABASE_URL - value: "postgresql://vaultuser:super-strong-password@vaultwarden-postgres.home-server.svc.cluster.local:5432/vaultwarden" + valueFrom: + secretKeyRef: + name: postgres.vwdb.acid.acid + key: uri + ports: - containerPort: 80 volumeMounts: @@ -167,4 +171,21 @@ spec: - name: vaultwarden-data persistentVolumeClaim: claimName: vaultwarden-pvc - +--- +apiVersion: "acid.zalan.do/v1" +kind: postgresql +metadata: + name: vwdb + namespace: home-server +spec: + teamId: "acid" + volume: + size: 2Gi + numberOfInstances: 1 + users: + vaultwarden_user: + - login + databases: + vaultwarden: vaultwarden_user + postgresql: + version: "15" From 4e17b5bb549006659b88b6a794e9036b6f68b5be Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:29:49 +1000 Subject: [PATCH 133/148] x --- deployments/home-server/vaultwarden.yaml | 1 - deployments/operators/postgresql.yaml | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 6e8f10c..b87a1fb 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -161,7 +161,6 @@ spec: secretKeyRef: name: postgres.vwdb.acid.acid key: uri - ports: - containerPort: 80 volumeMounts: diff --git a/deployments/operators/postgresql.yaml b/deployments/operators/postgresql.yaml index 4f0451f..d73afdc 100644 --- a/deployments/operators/postgresql.yaml +++ b/deployments/operators/postgresql.yaml @@ -35,6 +35,7 @@ spec: values: configGeneral: enable_crd_registration: true + watched_namespaces: "*" --- apiVersion: source.toolkit.fluxcd.io/v1 From 6776749e52602ebfaaf6e2e39fff148e3c5a19db Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:34:39 +1000 Subject: [PATCH 134/148] x --- deployments/home-server/vaultwarden.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index b87a1fb..062a4df 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -157,10 +157,17 @@ spec: - name: ADMIN_TOKEN value: "0h12893hj0129j30129j3" - name: DATABASE_URL + value: "postgresql://$(PGUSER):$(PGPASS)@vwdb.home-server.svc.cluster.local:5432/vaultwarden" + - name: PGUSER valueFrom: secretKeyRef: - name: postgres.vwdb.acid.acid - key: uri + name: vaultwarden-user.vwdb.credentials.postgresql.acid.zalan.do + key: username + - name: PGPASS + valueFrom: + secretKeyRef: + name: vaultwarden-user.vwdb.credentials.postgresql.acid.zalan.do + key: password ports: - containerPort: 80 volumeMounts: From d7f2130b2e9bdd6e136cee95c534a7b43735bd3e Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 21:52:16 +1000 Subject: [PATCH 135/148] creds from secret has hack around --- deployments/home-server/vaultwarden.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 062a4df..754cb62 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -178,7 +178,7 @@ spec: persistentVolumeClaim: claimName: vaultwarden-pvc --- -apiVersion: "acid.zalan.do/v1" +apiVersion: acid.zalan.do/v1 kind: postgresql metadata: name: vwdb @@ -195,3 +195,9 @@ spec: vaultwarden: vaultwarden_user postgresql: version: "15" + usersFromSecret: + vaultwarden_user: + secretName: vaultwarden-db-credentials + secretKeyUsername: username + secretKeyPassword: password + From 8c5152541061ece62b6bb44594989243caed17a3 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 22:54:51 +1000 Subject: [PATCH 136/148] Replace operator with deployment --- deployments/home-server/vaultwarden.yaml | 24 ----- deployments/operators/postgresql.yaml | 116 +++++++++++++---------- 2 files changed, 65 insertions(+), 75 deletions(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 754cb62..befe1fa 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -177,27 +177,3 @@ spec: - name: vaultwarden-data persistentVolumeClaim: claimName: vaultwarden-pvc ---- -apiVersion: acid.zalan.do/v1 -kind: postgresql -metadata: - name: vwdb - namespace: home-server -spec: - teamId: "acid" - volume: - size: 2Gi - numberOfInstances: 1 - users: - vaultwarden_user: - - login - databases: - vaultwarden: vaultwarden_user - postgresql: - version: "15" - usersFromSecret: - vaultwarden_user: - secretName: vaultwarden-db-credentials - secretKeyUsername: username - secretKeyPassword: password - diff --git a/deployments/operators/postgresql.yaml b/deployments/operators/postgresql.yaml index d73afdc..fbe30a7 100644 --- a/deployments/operators/postgresql.yaml +++ b/deployments/operators/postgresql.yaml @@ -1,68 +1,82 @@ + --- apiVersion: v1 kind: Namespace metadata: - name: zalando-postgres-operator + name: postgres --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository +apiVersion: v1 +kind: PersistentVolume metadata: - name: postgres-operator-charts - namespace: flux-system + name: postgres-pv + namespace: postgres spec: - interval: 1h - url: https://opensource.zalando.com/postgres-operator/charts/postgres-operator + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/services/postgres/data --- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease +apiVersion: v1 +kind: PersistentVolumeClaim metadata: - name: postgres-operator - namespace: zalando-postgres-operator + name: postgres-pvc + namespace: postgres spec: - interval: 30m - chart: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 5Gi + volumeName: postgres-pv + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres + namespace: postgres +spec: + replicas: 1 + selector: + matchLabels: + app: postgres + template: + metadata: + labels: + app: postgres spec: - chart: postgres-operator - version: 1.10.1 # Optional: adjust if newer versions become available - sourceRef: - kind: HelmRepository - name: postgres-operator-charts - namespace: flux-system - install: - createNamespace: true - values: - configGeneral: - enable_crd_registration: true - watched_namespaces: "*" + containers: + - name: postgres + image: postgres:15 + ports: + - containerPort: 5432 + envFrom: + - secretRef: + name: postgres-secret + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: postgres-pvc --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository +apiVersion: v1 +kind: Service metadata: - name: postgres-operator-ui-charts - namespace: flux-system + name: postgres + namespace: postgres spec: - interval: 1h - url: https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui - ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: postgres-operator-ui - namespace: zalando-postgres-operator -spec: - interval: 30m - chart: - spec: - chart: postgres-operator-ui - version: 1.10.1 # Optional: update based on available version - sourceRef: - kind: HelmRepository - name: postgres-operator-ui-charts - namespace: flux-system - install: - createNamespace: true - + selector: + app: postgres + ports: + - port: 5432 + targetPort: 5432 From 91bf0618f461b4aaa19b5077184a1c0d40c816bf Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 23:07:50 +1000 Subject: [PATCH 137/148] Get dsn from secret --- deployments/home-server/vaultwarden.yaml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index befe1fa..7100b07 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -157,17 +157,10 @@ spec: - name: ADMIN_TOKEN value: "0h12893hj0129j30129j3" - name: DATABASE_URL - value: "postgresql://$(PGUSER):$(PGPASS)@vwdb.home-server.svc.cluster.local:5432/vaultwarden" - - name: PGUSER valueFrom: secretKeyRef: - name: vaultwarden-user.vwdb.credentials.postgresql.acid.zalan.do - key: username - - name: PGPASS - valueFrom: - secretKeyRef: - name: vaultwarden-user.vwdb.credentials.postgresql.acid.zalan.do - key: password + name: vaultwarden-db-secret + key: DATABASE_URL ports: - containerPort: 80 volumeMounts: From 13a7e6a5a60cf9e35adb44db22107ec68e1a885a Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 23:08:34 +1000 Subject: [PATCH 138/148] Remove specific pg --- deployments/home-server/vaultwarden.yaml | 88 ------------------------ 1 file changed, 88 deletions(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 7100b07..3a0fbe7 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -1,94 +1,6 @@ --- apiVersion: v1 kind: PersistentVolume -metadata: - name: vaultwarden-pgdata-pv -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: local-path - hostPath: - path: /dpool/services/vaultwarden-pgdata ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: vaultwarden-pgdata-pvc - namespace: home-server -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-path - resources: - requests: - storage: 5Gi - volumeName: vaultwarden-pgdata-pv ---- -apiVersion: v1 -kind: Service -metadata: - name: vaultwarden-postgres - namespace: home-server -spec: - ports: - - port: 5432 - selector: - app: vaultwarden-postgres ---- -apiVersion: v1 -kind: Secret -metadata: - name: vaultwarden-postgres-secret - namespace: home-server -type: Opaque -stringData: - postgres-password: "super-strong-password" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: vaultwarden-postgres - namespace: home-server -spec: - replicas: 1 - selector: - matchLabels: - app: vaultwarden-postgres - template: - metadata: - labels: - app: vaultwarden-postgres - spec: - containers: - - name: postgres - image: postgres:15 - env: - - name: POSTGRES_DB - value: vaultwarden - - name: POSTGRES_USER - value: vaultuser - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: vaultwarden-postgres-secret - key: postgres-password - ports: - - containerPort: 5432 - volumeMounts: - - name: pgdata - mountPath: /var/lib/postgresql/data - volumes: - - name: pgdata - persistentVolumeClaim: - claimName: vaultwarden-pgdata-pvc - ---- ---- -apiVersion: v1 -kind: PersistentVolume metadata: name: vaultwarden-pv spec: From 0179d6d50f8c161682559526d0401e7e2d32b386 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 23:09:53 +1000 Subject: [PATCH 139/148] fix secret ref --- deployments/home-server/vaultwarden.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 3a0fbe7..98f8da0 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -71,7 +71,7 @@ spec: - name: DATABASE_URL valueFrom: secretKeyRef: - name: vaultwarden-db-secret + name: linkwarden-postgres-secret key: DATABASE_URL ports: - containerPort: 80 From 50a8532d98df9600f47f5c4ff1d316c74ec0f165 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 23:12:51 +1000 Subject: [PATCH 140/148] Add ingress for vaultwarden --- deployments/home-server/vaultwarden.yaml | 27 ++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 98f8da0..8ddd2ee 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -82,3 +82,30 @@ spec: - name: vaultwarden-data persistentVolumeClaim: claimName: vaultwarden-pvc + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden + namespace: home-server + annotations: + external-dns.alpha.kubernetes.io/hostname: vault.hxme.net + nginx.ingress.kubernetes.io/server-snippet: | + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; +spec: + tls: + - hosts: + - vault.hxme.net + secretName: wildcard-hxme-net + rules: + - host: vault.hxme.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vaultwarden + port: + number: 80 From abb58138b68e30f988d559b1c5780fd990480839 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 23:17:01 +1000 Subject: [PATCH 141/148] Remove admin, allow signup --- deployments/home-server/vaultwarden.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 8ddd2ee..946d162 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -65,9 +65,7 @@ spec: - name: WEBSOCKET_ENABLED value: "true" - name: SIGNUPS_ALLOWED - value: "false" - - name: ADMIN_TOKEN - value: "0h12893hj0129j30129j3" + value: "true" - name: DATABASE_URL valueFrom: secretKeyRef: From cfd55c324645a70c0d70ecf90fb366f556b14f68 Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 23:23:18 +1000 Subject: [PATCH 142/148] Add psql backup --- deployments/operators/postgresql.yaml | 66 +++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/deployments/operators/postgresql.yaml b/deployments/operators/postgresql.yaml index fbe30a7..acd9c06 100644 --- a/deployments/operators/postgresql.yaml +++ b/deployments/operators/postgresql.yaml @@ -80,3 +80,69 @@ spec: ports: - port: 5432 targetPort: 5432 + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: postgres-backup-pv +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/postgres/backup + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgres-backup-pvc + namespace: postgres +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 5Gi + + +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: postgres-backup + namespace: postgres +spec: + schedule: "0 2 * * *" # Every day at 2 AM + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: pg-backup + image: postgres:15 + envFrom: + - secretRef: + name: postgres-secret + command: + - /bin/sh + - -c + - | + mkdir -p /backup + PGPASSWORD=$POSTGRES_PASSWORD pg_dump -U $POSTGRES_USER -h localhost $POSTGRES_DB > /backup/backup-$(date +'%Y-%m-%d').sql + volumeMounts: + - name: backup-volume + mountPath: /backup + volumes: + - name: backup-volume + persistentVolumeClaim: + claimName: postgres-backup-pvc + + + From 28693adfe819d427f58b1bf08febcfd87e23a76b Mon Sep 17 00:00:00 2001 From: j Date: Sat, 12 Jul 2025 23:23:35 +1000 Subject: [PATCH 143/148] disable signup --- deployments/home-server/vaultwarden.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index 946d162..a4e4d8b 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -65,7 +65,7 @@ spec: - name: WEBSOCKET_ENABLED value: "true" - name: SIGNUPS_ALLOWED - value: "true" + value: "false" - name: DATABASE_URL valueFrom: secretKeyRef: From c52009020c1e2c23d4b536b0f7a61a6654cfb628 Mon Sep 17 00:00:00 2001 From: j Date: Sun, 13 Jul 2025 09:46:28 +1000 Subject: [PATCH 144/148] remove psql --- deployments/home-server/linkwarden.yaml | 82 ++---------------------- deployments/home-server/vaultwarden.yaml | 2 +- 2 files changed, 5 insertions(+), 79 deletions(-) diff --git a/deployments/home-server/linkwarden.yaml b/deployments/home-server/linkwarden.yaml index 6b9ff25..38f70a5 100644 --- a/deployments/home-server/linkwarden.yaml +++ b/deployments/home-server/linkwarden.yaml @@ -1,34 +1,6 @@ --- apiVersion: v1 kind: PersistentVolume -metadata: - name: linkwarden-pgdata-pv -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: local-path - hostPath: - path: /dpool/services/linkwarden/database ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: linkwarden-pgdata-pvc - namespace: home-server -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-path - resources: - requests: - storage: 5Gi - volumeName: linkwarden-pgdata-pv ---- -apiVersion: v1 -kind: PersistentVolume metadata: name: linkwarden-pv spec: @@ -57,44 +29,6 @@ spec: --- apiVersion: apps/v1 kind: Deployment -metadata: - name: linkwarden-postgres - namespace: home-server -spec: - replicas: 1 - selector: - matchLabels: - app: linkwarden-postgres - template: - metadata: - labels: - app: linkwarden-postgres - spec: - containers: - - name: postgres - image: postgres:15 - env: - - name: POSTGRES_DB - value: linkwarden - - name: POSTGRES_USER - value: linkwardenuser - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: linkwarden-postgres-secret - key: postgres-password - ports: - - containerPort: 5432 - volumeMounts: - - name: pgdata - mountPath: /var/lib/postgresql/data - volumes: - - name: pgdata - persistentVolumeClaim: - claimName: linkwarden-pgdata-pvc ---- -apiVersion: apps/v1 -kind: Deployment metadata: name: linkwarden namespace: home-server @@ -135,7 +69,10 @@ spec: - name: TZ value: "Australia/Brisbane" - name: DATABASE_URL - value: "postgresql://linkwardenuser:$(POSTGRES_PASSWORD)@linkwarden-postgres.home-server.svc.cluster.local:5432/linkwarden" + valueFrom: + secretKeyRef: + name: linkwarden-postgres-secret + key: DATABASE_URL volumeMounts: - name: linkwarden-data mountPath: /data @@ -156,14 +93,3 @@ spec: - port: 3000 targetPort: 3000 protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - name: linkwarden-postgres - namespace: home-server -spec: - ports: - - port: 5432 - selector: - app: linkwarden-postgres diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml index a4e4d8b..d334cf8 100644 --- a/deployments/home-server/vaultwarden.yaml +++ b/deployments/home-server/vaultwarden.yaml @@ -69,7 +69,7 @@ spec: - name: DATABASE_URL valueFrom: secretKeyRef: - name: linkwarden-postgres-secret + name: vaultwarden-postgres-secret key: DATABASE_URL ports: - containerPort: 80 From fea4ae567c2a0e29fa03ef2ce0286464ac7e267f Mon Sep 17 00:00:00 2001 From: j Date: Sun, 13 Jul 2025 10:19:18 +1000 Subject: [PATCH 145/148] try put user pass into secret this prob wont work --- deployments/home-server/samba.yaml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/deployments/home-server/samba.yaml b/deployments/home-server/samba.yaml index 94f1d1e..e409445 100644 --- a/deployments/home-server/samba.yaml +++ b/deployments/home-server/samba.yaml @@ -62,11 +62,22 @@ spec: containers: - name: samba image: dperson/samba + env: + - name: SMB_USER + valueFrom: + secretKeyRef: + name: smb-credentials + key: username + - name: SMB_PASS + valueFrom: + secretKeyRef: + name: smb-credentials + key: password args: - -u - - "user;password" + - "$(SMB_USER);$(SMB_PASS)" - -s - - "share;/mount;yes;no;no;user" + - "share;/mount;yes;no;no;$(SMB_USER)" ports: - containerPort: 139 - containerPort: 445 @@ -80,3 +91,4 @@ spec: - name: share persistentVolumeClaim: claimName: smb-share-pvc + From f68c0eb3579d95a491e56355878246681e8dafd1 Mon Sep 17 00:00:00 2001 From: j Date: Sun, 13 Jul 2025 21:03:57 +1000 Subject: [PATCH 146/148] Add dovecot for testing --- deployments/home-server/dovecot.yaml | 110 +++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 deployments/home-server/dovecot.yaml diff --git a/deployments/home-server/dovecot.yaml b/deployments/home-server/dovecot.yaml new file mode 100644 index 0000000..b8662bf --- /dev/null +++ b/deployments/home-server/dovecot.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: dovecot-config + namespace: home-server +data: + dovecot.conf: | + log_path = /dev/stdout + info_log_path = /dev/stdout + debug_log_path = /dev/stdout + syslog_facility = local0 + protocols = imap + listen = * + disable_plaintext_auth = yes + mail_location = maildir:/data/%u + base_dir = /var/run/dovecot/ + ssl = required + ssl_cert = Date: Sun, 13 Jul 2025 22:41:42 +1000 Subject: [PATCH 147/148] Add dovecot --- deployments/home-server/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml index cc087c5..a9dfcc3 100644 --- a/deployments/home-server/kustomization.yaml +++ b/deployments/home-server/kustomization.yaml @@ -8,3 +8,4 @@ resources: - vaultwarden.yaml - linkwarden.yaml - samba.yaml + - dovecot.yaml From 3d53cf9a2fc2052d905412700e9f82805b7f12fe Mon Sep 17 00:00:00 2001 From: j Date: Sun, 13 Jul 2025 22:56:09 +1000 Subject: [PATCH 148/148] remove certs --- deployments/home-server/dovecot.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/deployments/home-server/dovecot.yaml b/deployments/home-server/dovecot.yaml index b8662bf..facd31c 100644 --- a/deployments/home-server/dovecot.yaml +++ b/deployments/home-server/dovecot.yaml @@ -83,12 +83,6 @@ spec: - name: ldap configMap: name: dovecot-ldap - - name: certs - secret: - secretName: dovecot-cert - items: - - key: tls.crt - path: fullchain.pem - name: tls secret: secretName: wildcard-hxme-net